Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-Timer
CF-Cache-Status
X-Request-Id
X-FRAME-OPTIONS
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Template
Content-Encoding
X-Language
X-DNS-Prefetch-Control
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
Xkey
X-Buckets
X-Backend
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
X-Cache-Group
X-Server
CF-Ray
Upgrade
X-POWERED-BY
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Ua-Compatible
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
P3p
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Server-Id
X-Cache-Lookup
Surrogate-Control
X-Amz-Version-Id
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Backend-Server
X-Rack-Cache
X-Response-Time
X-Rq
X-Application-Context
X-CST
X-Readtime
EagleEye-TraceId
Server-Timing
Pinterest-Generated-By
X-Cloud-Trace-Context
X-TTL
X-Url
X-Instart-Request-ID
X-Px
Request-Id
Report-To
X-Country
X-OneAgent-JS-Injection
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Feature-Policy
Edge-Control
Rating
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Recruiting
X-Goog-Hash
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Cached
X-VARITI-CCR
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-Version
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-F-Cache
X-Exp-Variant
X-Geo-Segment
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Powered-By-Plesk
X-CF-Powered-By
Public-Key-Pins
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Mod-Pagespeed
Verso
X-Client-IP
X-D2id
SPRequestGuid
X-Abt-Application-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-CH
X-N
MS-Author-Via
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
AR-ATIME
AR-PoweredBy
X-Dispatcher
X-SharePointHealthScore
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-T
DynaTrace
Nginx-Cache
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Upstream
X-Trace
X-Fastly-Request-ID
X-Grace
Accept-CH-Lifetime
Arr-Disable-Session-Affinity
X-FastCGI-Cache
X-Varnish-Age
TCN
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Id
X-Forwarded-Proto
X-Pad
X-DIS-Request-ID
X-Origin-Upstream-Status
X-XRDS-Location
SPIisLatency
SPRequestDuration
X-Cache-Hit
X-Content-Options
X-Logged-In
X-Content-Digest
X-Ruxit-JS-Agent
X-IPLB-Instance
Realpath
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-Kinsta-Cache
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-B
X-NF-Request-ID
AR-SID
X-Goog-Generation
X-Goog-Storage-Class
X-SS-Set-Cookie
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Vcap-Request-Id
X-HW
X-Oneagent-Js-Injection
S
X-MSEdge-Ref
X-Debug
Service-Worker-Allowed
Server-Name
X-Ser
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-PressLabs-Stats
X-FTR-Backend
X-Frontend
Tracecode
X-FTR-Expires
Fastcgi-Cache
X-Cache-Key
Eomportal-Instance
X-Server-ID
X-Wix-Server-Artifact-Id
X-NewRelic-App-Data
Rt-Fastcgi-Cache
X-Webkit-CSP
X-Forwarded-For
Surrogate-Key
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-GUploader-UploadID
Cleartype
X-Cache-Rule
X-Srv
X-NWS-LOG-UUID
Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
X-Analytics
Backend-Timing
Host
X-VCache
X-Revision
X-User-Agent
FilterID
X-Rid
X-Whom
X-FTR-Cache-Host
TP-Cache
TP-L2-Cache
X-Debug-Info
Fastly-Restarts
X-Via-JSL
X-AOL-HN
Public-Key-Pins-Report-Only
X-Akam-SW-Version
X-Cache-2
ServerID
X-Varnish-Backend
X-Oracle-Dms-Rid
X-Content-Powered-By
X-RateLimit-Remaining
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
Viewport
Accept-Charset
X-Cdn
X-Mobile
X-Kinja-Server-Push
X-Accel-Buffering
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Ttl
Liferay-Portal
X-Node-Name
X-B3-Traceid
X-Cached-By
X-App-Environment
X-Hostname
X-Content-Security-Policy-Report-Only
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Control
X-Page-Id
X-LB-Cache
X-Magnolia-Registration
Host-Header
X-Handled-By
X-B3-Sampled
Cache-Tag
X-Akamai-Edgescape
X-Framework
X-Device-Type
X-Request-Guid
X-Varnish-Hostname
X-TT
X-Cluster
X-Instance
X-BCube-Filmed-By
X-Platform-Server
Upgrade-Insecure-Requests
X-Cache-Server
DC
X-Origin-Server
X-B-Cache
X-Signature
X-FB-Debug
Server-Node
X-TT-TIMESTAMP
X-TA-CDN-Provider
Source
X-XRDS-LOCATION
Retry-After
MicrosoftSharePointTeamServices
X-Contextid
X-WA-Info
X-Servedby
X-Accel-Expires
HitInfo
HitType
Server-Info
X-Cache-Action
X-Amzn-Trace-Id
X-Middleton-Display
X-Cache-Operation
X-Varnish-Server
Display
X-Correlation-Id
X-APP-VERSION
X-Sol
X-Distil-CS
X-Port
X-Daa-Tunnel
X-URL
X-Edge-Location
X-Generated-By
X-Geo-Country
AsisCache
X-Amz-Replication-Status
Content-Script-Type
X-GeoIP
X-Hyper-Cache
Content-Style-Type
Webserver
X-Tumblr-Pixel-2
X-WebKit-CSP-Report-Only
GEO-INFO
X-Tumblr-Pixel-1
X-RequestSource
X-S
X-Locale
ServedBy
X-TX-ID
X-Wix-Request-Id
Actual-Object-TTL
X-Edge-Cache
X-FW-Type
X-Region
X-Seen-By
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-Edge-Cache-Key
X-Status
X-Varnish-Hits
X-UUID
X-Varnish-Grace
User-Agent
Healthy
X-Adobe-Content
X-Jobs
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Response-Served-From
X-DataStream-Cache-Status
Filters
SRV
Refresh
X-Amz-Server-Side-Encryption
X-Proxied
NGB
S-Cnection
Response
X-Middleton-Response
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Newrelic-App-Data
X-CDN-Forward
AR-Request-ID
X-Fastcgi-Cache
IBM-Web2-Location
X-Correlation-ID
X-Cache-TTL-Remaining
X-AppVersion
X-Activity-Id
X-Az
X-Cache-Age
X-Esi
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-App-Server
X-Cache-Remote
X-Content-Type
Cache
Payment
X-Cacheable-TTL
X-UA
X-Unique-ID
X-Cache-NE
X-Kong-Upstream-Latency
X-Ruxit-Js-Agent
X-Kong-Proxy-Latency
X-Cache-TTL
X-Vg-Webcache
Country
X-Akamai-Transformed
Served-By
Datacenter
X-Mode
X-Real-IP
Meta-Geo
Load-Balancing
X-HS-Cache-Config
Edge-Cache-Tag
Machine
HostName
X-ProcessESI
X-RemovedCookies
X-Source
X-Detected-As
X-Sucuri-ID
X-RN-RSRV
X-Is-Bot
X-Rendered-As
X-BYPASS-REASON
X-FC-Vary-Parameters
X-ProxyCache-Status
X-ProxyCache-Key
X-OCL
User-Cache-Control
X-PCL
X-Proxy
Cache-Key
Cache-Name
L5d-Success-Class
Property-Id
X-Backend-Name
X-Tb
X-BB-IP
X-Varnish-Cacheable
X-Cache-Config
Webcakes-App-Version
X-Rocket-Nginx-Bypass
X-Pubstack
X-Amz-Meta-Surrogate-Control
X-Origin-Hint
X-PERF
X-Origin
X-ApacheServer
X-Debug-Cache
X-Varnish-IP
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Webcakes-Region
Now
TWC-GeoIP-LatLong
X-Human
X-EIG-Tracking-Id
X-Viewer-Country
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Mn-Server-Ip
DB-Nickname
X-ATG-Version
ServerName
S-Rt
X-Access
X-Cache-Category-Id
Backend
Azure-Version
Azure-InstanceId
Access-Control-Request-Headers
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-CCM
X-Format
X-Site-Version
X-ServerID
X-Varnish-Cache-Hits
X-Via-Fastly
X-Zipkin-Id
X-Section
X-Routing-Service
X-Grey
X-Hosted-By
X-Original-Request
X-OVcl-Cache
Access-Control-Allow-Method
X-OVcl
X-CDN-Cache
X-Upgrade-Enabled
X-Environment-Context
X-AWS-Id
X-App-Name
X-VWS-Id
X-Www-Served-By
X-Hit
X-IP
X-NodeID
X-Ocache
X-Xfnlog-Site
X-Loop
X-L-Path
X-LJ-Flow-ID
Selected-FE
X-Proxy-Build
X-SplitTest
X-Timing-Wait
X-TNCMS
X-TWH-CORRELATION-ID
X-Drupal-Cache-Contexts
X-Origin-CC
X-Rule
X-Pc-Date
X-Pc-Host
X-Storage
X-Akamai-Request-ID
X-Generated
X-JoinUs
X-Agile-Id
X-NGENIX-Cache
X-HS-Combine-CSS
X-Agile
X-Agile-Age
XServer
X-Cache-Var
X-Cache-Var-Map
X-Vgn-Hpd-Reason
X-NC
X-Upstream-HT
X-Time-Microsecs
X-Upstream-CT
X-PHP-Backend
X-UA-Device-Type
From-Origin
X-NCache
X-RateLimit-Limit
X-Internal-Host
X-Litespeed-Cache
OT-Force-Account-Verify
X-Microcachable
X-Mrs-Cache
Ar-Sid
X-Forwarded-Host
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
Fastcgi-Useragent
X-Nginx-Cache
Fastly-SSL
X-Distributor
LB
X-Feature
X-M-Log
X-Release
X-M-Reqid
X-Qnm-Cache
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Amz-Apigw-Id
X-Amzn-RequestId
Pagetype
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
X-Cache-Backend
Powered-By-ChinaCache
X-Birta-Cache-Post
X-Birta-Served
NtCoent-Length
X-Connection-Hash
X-Twitter-Response-Tags
X-Transaction
MIME-Version
X-Labrador-Cache-Channel
Pagespeed
X-V
X-Instance-Name
X-B3-Spanid
X-Webkit-Csp
X-VG-TLSProxy
X-Web-Node
X-EdgeConnect-Cache-Status
X-GZip
X-Ah-Environment
Frame-Options
X-Varnish-Beresp-Ttl
PageSpeed
X-C
Time
Web-Mar-Node
X-Dispatcher-Server
Xc-Version
Www
X-BB-ID
X-B-Cookie
X-Block-Status
X-Cache-Bucket
Arc-Country
X-ARC
X-Application
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
AKAMAI
Ajk
X-A-Dam
X-CF-Lambda-Fn
X-Date
X-D
X-A
X-Destination
X-Developer
X-CUA
X-CS
X-CF-Lambda-Version
BehaviorPad-Version
Cache-Prefix
X-A-Ccd
X-Died
Ec-Rule-Version
MD5-Digest
X-Via-Edge
X-Redis-Cache
X-Region-Sid
X-Request-URI
X-Via-SSL
Meta-Geo-Continent
Fly-Request-Id
Fly-Cache
VivaBuild
NGX
X-PAYTM-SRV-ID
X-Request-UUID
X-Rewrite-Enabled
X-Server-Time
Host-ID
X-UE-Client-Country
X-Trv-Group
X-SIPLIST1
IsBot
X-VG-WebServer
X-S-Cookie
X-Rojux
X-ScT
X-Server-By
X-Via-CDN
X-NU-AKA-ACS-Version
X-Org
X-G
X-From
X-Gen-Mode
X-Generated-In
X-Hnp-Log
X-Generation-Time
Server-Int
T-Server
X-DPWN-IS-SECURE
X-WebServer
Viewtype
V-Age
X-SRCache-Key
Rendered-Blocks
X-A-Dcw
X-IN-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Logtrace-Id
X-No-Session
X-IN-SSL-APIGATEWAY
X-FireWall-Port
X-SERVER-NAME
HA-Urlpath
Proxy-Connection
On-Server
Pragrma
Magicmarker
HA-Servedtime
Request-Time
NodeID
Server-Host
MI-API
MI-Cache-Age
Release
Kp-EeAlive
MI-Cache
X-External-Request-Id
X-VServer
X-Owner
X-Phone
X-Origin-TTL
X-We-Are-Hiring
X-MI-In-Market
X-Node-Id
X-NX-Host
X-Platform
X-RateLimit-Limit-Second
X-UnsetCookies
X-ServiceProvider
X-Sf
X-Var-Ttl
X-Varnish-Action
X-RateLimit-Remaining-Second
X-RCS-CacheZone
X-Layer
X-Key
X-Debug-Cookies
X-Debug-Log
X-Wikidot-Static-Cache
X-Crawler
X-Core-Value
X-Cache-Enabled
X-CGP
X-Wikidot-Backend
X-ElasticPress-Search
X-GeoIP-City
X-Hl-Ver
X-HTML-Minification-Powered-By
HA-Ipaddr
X-Fastly-Cache
X-Eu-Site
X-F5-Cache
X-Cache-CFC
True-Client-Country-4JS
Cache-Tags
GMS-Ver
HA-Cloudapp
HA-Geocity
CDCHOST
Esi-Enabled
X-Sucuri-Cache
X-Powered-By-ANYU
Decoy-Debug-Key
X-CACHE-GROUP
HA-Geocountry
X-Csrf-Token
HA-Georegion
Decoy-Debug-Status
Ha-Gx-Prefs
HA-Geolat
WZWS-RAY
Decoy-Debug-TTL
HA-Geolon
Backend-Name
HA-Host
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
Cneonction
X-HOST
X-Oss-Object-Type
X-App-Version
X-Atg-Version
Cteonnt-Length
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-TT-LOGID
X-Trace-Id
X-Matched-Rule
X-Amz-Meta-Cache-Control
X-Location
X-Up
X-Backend-TTL
Adler-Geo
X-Backend-Host
X-Backend-State
X-Tumblr-Pixel-3
X-Backend-Url
X-Clientip
X-S-Maxage
X-Returned-From-PostProcessResponse
X-Secret
X-Reboot
X-Server-IP
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Gannett-Site-Version
X-Returned-From
X-FW-Version
X-Fstrz
X-Device-Os
X-Developers
X-Cdn-Origin
X-Cdn-Srv
X-Stale
X-Swa-Ws
X-Cache-Expires
X-Ckpd-Fst-Backend
X-Actual-URL
X-Skip-Cache
X-Sn-Servicetimems
X-Croise-Owner
X-Content-Age
X-Thinkindot-L3
Apple-News-Services-Handled
X-Worker
X-MSEdge-Features
Platform
Request-Country
Request-EU
RNT-Time
RNT-Machine
X-Passed-To-BeforeDispatch
Mobile-Detection-Method
Origin-Edge-Control
X-Passed-To
Is-Eu
Heartbleed
X-Nginx-Cache-Key
X-MSEdge-Flight
Origin-Cache-Control
Origin
Section-Io-Cache
Fastly-Backend-Name
Country-Code
Apple-News-Services-Request-Url
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Uber-Trace-Id
X-Passed-To-DLL
X-Variation
Apple-News-Services-Parsed-Url
SN
Apple-News-Services-Host
Countrycode
X-Passed-To-PostProcessResponse
X-Webstats-RespID
PFcat
X-Servername
Fastly-SWR
Odigeo-Trace-Id
X-GeoIP-Country-Code
HTTPS
X-CACHE-AGE
X-Response-By
X-Alternate-Cache-Key
X-Fetched-On
X-VCT
X-Hash
Content-Disposition
X-Epic-Correlation-Id
X-ShopId
X-Sorting-Hat-PodId
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Request-Time
X-Cache-URL
X-Sorting-Hat-ShopId
X-Cache-Srv
X-Cache-Host
Server-ID
X-Rebelmouse-Cache-Control
X-ShardId
Sid
X-Shopify-Stage
Resin-Trace
X-Alicdn-Da-Ups-Status
X-Planisys-CDN-Cache
X-Core-Mission
CDN
X-Planisys-CDN-TTL
X-Store
X-Planisys-CDN-Rules
X-Ezoic-Cdn
X-Pf-Uncompressing
X-Cache-ASPX
X-Policy
WP-Super-Cache
X-Servedbyhost
RequestId
Warning
X-TIME
X-GEO
Powered
ProcessTime
CF-IPCountry
X-Ua
X-Proto
REQUESTUUID
X-Cluster-Node
Dnion-Transfer-Encoding
Mail-Subject
NODE
We-Hiring
X-Refresh
X-GoCache-CacheStatus
X-Real-Ip
Xserver
X-DC
X-Iejgwucgyu
X-Pjax-Url
X-Req
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Dc
X-B3-TraceId
ViewerVersion
NnCoection
X-Origin-Date
X-Origin-Expires
X-Page-Type
X-Varnish-Ttl
X-Endurance-Cache-Level
X-Server-W
X-Varnish-HitMiss
GeoIp-Country-Code
Geoip-Latitude
X-Newrelic-Synthetics
X-HCF
X-Cache-Control-Set-By
X-Edge-IP
X-CLOUD-TRACE-CONTEXT
X-COUNTRY
X-Surge-Debug
X-Time
Hostname
Processtime
X-Guploader-Uploadid
X-Nc
X-Server-Group
WWW-Authenticate
X-Aed
X-Oracle-Dms-Ecid
SD-X-WS
X-Ms-Lease-State
Geoip-City
Pramga
CACHE
MS-CV
X-CSRF-Token
PICS-Label
X-Wix-Route-ID
X-Varnish-URL
TSSecure
A
X-Varnish-Beresp-TTL
X-Wa
X-Aicache-OS
X-Datadome
X-Varnish-Url
Dont-Set-Cookie
X-GRACE
X-Cdn-Forward
X-Hello
X-ABtesting
X-Flog
Cdn-Host
X-DataStream-MidMile-RTT
X-From-Cache
X-DataStream-Origin-MEX-Latency
X-Edge-Server
X-Gdpr
X-Akamai-Request-ID2
Cdn-Request-Time
X-Ratelimit-Limit
X-Geo
DataCenter
Node
X-WA
Cdn
X-Nananana
Lfy
Ms-Operation-Id
X-RTag
X-UPSTREAM-Address
X-Auto-Login
Lb
X-Use-Magma
Mime-Version
COMMERCE-SERVER-SOFTWARE
X-Env
X-Optimization
FSS-Cache
FSS-Proxy
Is-Session-Tracking
Get-Access-Time
X-Cache-HT
X-Load-Cache
X-Sentry-ID
X-EC-Security-Audit
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-Fastly-Backend-Reqs
PageType
X-Wix-Petri-Ex
X-APP
X-SRV
Who
X-WR-MODIFICATION
X-Gen-Id
X-PAGE-TYPE
X-CACHE-KEY
X-Cache-FS-Status
Rt-Proxy-Cache
X-Via-NSCOPI
X-Unique-Id
X-Served-From
X-Ibm-Trace
X-NGINX-Cache
X-Ver
X-Cache-Id
X-Meta-Tbi-Cache-Vertical
X-Check-Cacheable
X-GDPR
Ws
X-Dynatrace-Js-Agent
X-Cache-Info
Httpd-Identifier
X-FORWARDED-FOR
X-Thanos
X-Bip
Memcached
X-Cookie
X-MP-GENERATED-AT
Ohc-File-Size
X-Swift-Error
X-SVT-ORM-VERSION
X-Proxy-Server
X-SVT-ORM-RULES
X-PJAX-URL
Powered-By
Pics-Label
X-Be
X-Path-Route
URI
Memory
X-HS-Status
Version
X-B3-SpanId
X-Cache-Ttl
X-RateLimit-Reset
V-Cache
Group
X-Fe
X-Fastly-Cache-Hits
X-Request-Start
X-Dw-Trace-Id
X-LiteSpeed-Cache-Control
X-P-T
X-CDN-Pop-IP
X-Shard
X-CDN-Pop
X-ServedByHost
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
X-ID
Apicache-Store
Apicache-Version
Xet-Cookie
AGE-Hash
Ohc-Response-Time
Requestid
UCS
Fastly-Soc-X-Request-Id
X-SB
X-GZIP
GW-Server
X-PF-Uncompressing
X-VC
NX-Cache
X-Bug-Bounty
Serverid
CDN-Node
X-Varnish-Info
N-Cache
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-StackifyID
If-Modified-Since
X-Ratelimit-Remaining
CDN-Cache
X-CacheKey
CDN-Cache-Hit
X-Info
X-User
X-Micro-Cache
X-Flags
X-RAMCache
X-Is-Crawler
X-Litespeed-Cache-Control
X-RequestId
X-Cache-Handler
X-Providence-Cookie
X-Route-Name
X-SD-PageType
X-Grace-Duration
Https
X-ServerName
X-BBXSRF