Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
Pragma
X-Content-Type-Options
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Security-Policy
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Served-By
X-Amz-Cf-Id
X-Varnish
Referrer-Policy
X-FRAME-OPTIONS
X-Timer
X-Xss-Protection
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Check
X-AspNetMvc-Version
Status
X-Cache-Status
X-Adblock-Key
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
Content-Encoding
X-Language
X-Content-Security-Policy
X-Turbo-Charged-By
X-CDN
X-Type
Keep-Alive
X-Buckets
Xkey
X-Backend
X-Cache-Group
X-AH-Environment
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-Age
CF-Ray
X-Server
X-POWERED-BY
Upgrade
EagleId
Access-Control-Expose-Headers
X-Via
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Drupal-Dynamic-Cache
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Hacker
X-Amz-Request-Id
X-Amz-Id-2
X-UA-Device
Ali-Swift-Global-Savetime
X-Robots-Tag
P3p
Cf-Railgun
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
X-Proxy-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
Content-Location
X-Device
X-Ac
X-Node
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cnection
X-Host
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Surrogate-Control
X-WebKit-CSP
X-Backend-Server
X-Rack-Cache
X-Rq
X-Response-Time
X-Application-Context
X-Readtime
X-CST
X-Dns-Prefetch-Control
EagleEye-TraceId
Pinterest-Generated-By
Server-Timing
X-Url
X-Cloud-Trace-Context
X-TTL
X-Instart-Request-ID
Request-Id
X-OneAgent-JS-Injection
X-Px
Report-To
X-Country
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Feature-Policy
Edge-Control
Rating
Allow
X-Country-Code
X-DynaTrace-JS-Agent
Charset
X-DataDome
X-ESI
X-Server-Name
X-Powered-CMS
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Origin-Cache
X-DynaTrace
NEL
X-MS-InvokeApp
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Cached
X-VARITI-CCR
X-ORACLE-DMS-RID
X-Vhost
Content-MD5
X-GitHub-Request-Id
RTSS
X-F-Cache
X-Version
X-GoogleNews-Bot
X-Kinja
X-Geo-Segment
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Powered-By-Plesk
Public-Key-Pins
X-CF-Powered-By
PB-RID
Pinterest-Version
PB-PID
X-Upstream-Env
X-Pinterest-Rid
X-Mod-Pagespeed
X-Mobile-Rewrite
Arc-Version
Verso
X-Client-IP
Accept-CH
SPRequestGuid
X-D2id
X-Abt-Application-Version
MS-Author-Via
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-N
AR-ATIME
AR-PoweredBy
X-Dispatcher
X-SharePointHealthScore
X-HeyJason
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
AR-CACHE
X-Amz-Rid
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-T
Nginx-Cache
DynaTrace
Accept-CH-Lifetime
Paypal-Debug-Id
X-Dw-Request-Base-Id
X-Trace
X-Fastly-Request-ID
X-Upstream
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Hits
TCN
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Forwarded-Proto
X-Origin-Upstream-Status
X-Id
X-Shield-Request-Id
X-DIS-Request-ID
X-Pad
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-XRDS-Location
X-Content-Options
X-Cache-Hit
X-Logged-In
X-Content-Digest
X-IPLB-Instance
Realpath
X-Kinsta-Cache
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-NF-Request-ID
Mrf-Cache-Status
X-B
AR-SID
X-Ruxit-JS-Agent
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-SS-Set-Cookie
X-Vcap-Request-Id
X-HW
S
X-MSEdge-Ref
X-Debug
X-Ser
Service-Worker-Allowed
Server-Name
X-FTR-DC
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-Frontend
X-NewRelic-App-Data
X-Server-ID
X-Oneagent-Js-Injection
X-Wix-Server-Artifact-Id
X-FTR-Expires
Tracecode
Rt-Fastcgi-Cache
Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
Eomportal-Instance
Alternate-Protocol
Surrogate-Key
X-Forwarded-For
Cleartype
X-Cache-Key
X-Cache-Rule
Cache-Status
X-NWS-LOG-UUID
X-Srv
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-Analytics
Backend-Timing
X-VCache
Host
X-Revision
X-User-Agent
TP-L2-Cache
TP-Cache
X-Rid
X-Oracle-Dms-Rid
FilterID
X-Debug-Info
X-FTR-Cache-Host
Fastly-Restarts
X-Whom
Public-Key-Pins-Report-Only
X-AOL-HN
X-Akam-SW-Version
X-Via-JSL
X-Cache-2
ServerID
X-Varnish-Backend
X-Content-Powered-By
X-RateLimit-Remaining
X-Webkit-CSP
X-Cdn
X-Request-Processing-Time
X-Request-Received
X-Kinja-Server-Push
Accept-Charset
X-Zen-Fury
Viewport
X-Accel-Buffering
X-Ttl
X-Mobile
Front-End-Https
X-WPE-Loopback-Upstream-Addr
X-Cached-By
X-Node-Name
Liferay-Portal
X-App-Environment
X-LB-Cache
X-Cache-Control
X-Magnolia-Registration
X-Hostname
X-Page-Id
X-Tumblr-User
X-Varnish-Hostname
Host-Header
X-Content-Security-Policy-Report-Only
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-TT
X-Device-Type
X-Akamai-Edgescape
Cache-Tag
X-Framework
X-B3-Sampled
X-Cluster
X-Request-Guid
X-FB-Debug
X-Instance
Upgrade-Insecure-Requests
X-Signature
X-BCube-Filmed-By
X-B-Cache
X-Handled-By
X-Platform-Server
DC
X-TA-CDN-Provider
X-Cache-Server
Server-Node
X-Origin-Server
X-B3-Traceid
X-XRDS-LOCATION
X-TT-TIMESTAMP
X-Correlation-Id
Source
Retry-After
MicrosoftSharePointTeamServices
X-Servedby
X-Accel-Expires
X-WA-Info
X-Contextid
HitInfo
HitType
Server-Info
X-Amzn-Trace-Id
X-Cache-Action
X-Varnish-Server
X-Cache-Operation
X-Distil-CS
X-Port
X-Middleton-Display
Display
X-Daa-Tunnel
X-Sol
X-Fastcgi-Cache
X-Geo-Country
X-Edge-Location
X-Generated-By
Content-Script-Type
Content-Style-Type
AsisCache
X-Amz-Replication-Status
Webserver
X-Hyper-Cache
X-GeoIP
X-TX-ID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
X-APP-VERSION
GEO-INFO
X-S
X-WebKit-CSP-Report-Only
X-Status
X-Seen-By
X-Locale
X-Wix-Request-Id
X-Region
X-Edge-Cache-Key
X-FW-Type
X-Edge-Cache
X-Jobs
ServedBy
Healthy
X-Response-Served-From
X-Varnish-Hits
X-UUID
X-FW-Serve
X-FW-Server
Actual-Object-TTL
X-FW-Static
X-FW-Hash
X-Drupal-Cache-Tags
User-Agent
X-Adobe-Content
X-DataStream-Cache-Status
X-Adobe-Loc
SRV
X-Varnish-Grace
Filters
S-Cnection
X-Amz-Server-Side-Encryption
Refresh
NGB
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Age
X-Cache-TTL-Remaining
X-Esi
X-Proxied
IBM-Web2-Location
X-Middleton-Response
Response
AR-Request-ID
X-Az
X-AppVersion
X-App-Server
X-Activity-Id
X-Pc-Hit
X-Pc-Appver
X-Pc-Key
X-Newrelic-App-Data
X-Cache-NE
X-CDN-Forward
X-Cache-Remote
X-Content-Type
X-Ruxit-Js-Agent
Payment
Cache
X-Webkit-Csp
X-Cacheable-TTL
X-Kong-Proxy-Latency
X-Unique-ID
X-Kong-Upstream-Latency
X-Cache-TTL
X-ATG-Version
Datacenter
X-Correlation-ID
X-Vg-Webcache
Country
X-UA
Served-By
X-Mode
Edge-Cache-Tag
X-HS-Cache-Config
X-Akamai-Transformed
X-Is-Bot
Meta-Geo
X-ProcessESI
Load-Balancing
X-RN-RSRV
X-Sucuri-ID
X-RemovedCookies
X-Rendered-As
Machine
X-Detected-As
X-Rocket-Nginx-Bypass
X-Proxy
X-PCL
User-Cache-Control
X-BYPASS-REASON
X-ProxyCache-Key
X-FC-Vary-Parameters
X-Source
X-OCL
X-ProxyCache-Status
HostName
X-PERF
Cache-Key
L5d-Success-Class
Cache-Name
X-Pubstack
Backend
Access-Control-Allow-Method
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Cache-Category-Id
Webcakes-App-Name
X-BB-IP
X-Amz-Meta-Surrogate-Control
X-ApacheServer
Webcakes-Region
Webcakes-App-Version
X-Backend-Name
TWC-Connection-Speed
Property-Id
Mn-Server-Ip
Now
X-Varnish-IP
X-Varnish-Cacheable
X-Tb
X-Viewer-Country
X-Origin
X-Debug-Cache
X-Cache-Config
X-EIG-Tracking-Id
X-Grey
X-Human
X-ServerID
DB-Nickname
X-Upgrade-Enabled
X-Varnish-Cache-Hits
X-Access
X-CCM
X-CDN-Cache
ServerName
S-Rt
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-Via-Fastly
X-Site-Version
X-Section
X-Loop
X-L-Path
X-NodeID
X-OVcl
X-OVcl-Cache
X-JoinUs
X-Hosted-By
X-Routing-Service
X-Environment-Context
X-Format
X-Generated
X-Hit
Azure-InstanceId
X-TNCMS
Access-Control-Request-Headers
X-Zipkin-Id
X-App-Name
X-AWS-Id
X-SplitTest
X-Agile-Id
X-Agile
Selected-FE
X-TWH-CORRELATION-ID
X-Timing-Wait
X-Rule
X-Agile-Age
X-IP
X-Xfnlog-Site
X-Original-Request
X-Proxy-Build
X-Storage
X-Www-Served-By
X-Ocache
X-NGENIX-Cache
X-VWS-Id
X-LJ-Flow-ID
X-Drupal-Cache-Contexts
X-Origin-CC
X-HS-Combine-CSS
X-URL
X-Real-IP
X-Pc-Host
X-Akamai-Request-ID
X-Pc-Date
X-Cache-Var
X-Cache-Var-Map
X-RateLimit-Limit
X-Upstream-CT
X-Upstream-HT
X-Vgn-Hpd-Reason
X-Time-Microsecs
OT-Force-Account-Verify
X-Litespeed-Cache
X-Nginx-Cache
X-UA-Device-Type
From-Origin
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mrs-Cache
X-PHP-Backend
X-Mshield-Cache-Status
X-NCache
X-NC
X-Microcachable
X-Internal-Host
XServer
Fastcgi-Useragent
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Feature
X-Release
X-Forwarded-Host
X-Distributor
Fastly-SSL
X-Qnm-Cache
X-Amzn-RequestId
X-M-Reqid
X-Amz-Apigw-Id
X-M-Log
LB
Ar-Sid
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-Varnish-Beresp-Status
X-Cache-Backend
Pagespeed
X-Birta-Served
X-Birta-Cache-Post
X-Varnish-Beresp-Grace
Powered-By-ChinaCache
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
Pagetype
X-App-Version
NtCoent-Length
X-Labrador-Cache-Channel
X-EdgeConnect-Cache-Status
X-Ah-Environment
X-VG-TLSProxy
X-V
X-B3-Spanid
X-Instance-Name
Frame-Options
X-Web-Node
MIME-Version
X-GZip
Time
X-SERVER-NAME
X-C
X-Irp-Debug
X-Logtrace-Id
X-Gen-Mode
V-Age
X-CF-Lambda-Fn
Viewtype
VivaBuild
Web-Mar-Node
X-CF-Lambda-Version
T-Server
X-CUA
X-D
Rendered-Blocks
X-CS
Server-Int
Www
X-A
X-BB-ID
X-Block-Status
X-Application
X-ARC
X-B-Cookie
X-Cache-Bucket
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Date
X-Destination
X-Generation-Time
Cache-Prefix
X-Generated-In
X-No-Session
X-G
BehaviorPad-Version
Arc-Country
Ajk
X-IN-SSL-APIGATEWAY
AKAMAI
X-IN-APIGATEWAY
X-Hnp-Log
Ec-Rule-Version
X-From
MD5-Digest
IsBot
Meta-Geo-Continent
NGX
X-Developer
X-Died
X-Dispatcher-Server
Fly-Cache
Fly-Request-Id
Host-ID
X-DPWN-IS-SECURE
X-IN-WAF
X-Org
X-S-Cookie
X-ScT
X-WebServer
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Request-URI
X-Request-UUID
X-Server-By
X-Via-SSL
X-SRCache-Key
X-Trv-Group
X-UE-Client-Country
X-SIPLIST1
X-VG-WebServer
X-Via-Edge
X-Via-CDN
X-Redis-Cache
X-Server-Time
X-NU-AKA-ACS-Version
Xc-Version
X-PAYTM-SRV-ID
X-FireWall-Port
Cneonction
X-NWS-UUID-VERIFY
X-Varnish-Beresp-Ttl
X-HOST
X-MI-In-Market
Kp-EeAlive
MI-Cache
MI-API
Magicmarker
X-ElasticPress-Search
X-Node-Id
HA-Georegion
HA-Geolon
X-Key
HA-Geocountry
Ha-Gx-Prefs
HA-Host
MI-Cache-Age
HA-Urlpath
HA-Servedtime
HA-Ipaddr
X-Sf
Cteonnt-Length
True-Client-Country-4JS
Request-Time
Request-EU
Request-Country
X-Crawler
X-Core-Value
X-CGP
Server-Host
X-UnsetCookies
Release
Proxy-Connection
X-Debug-Log
On-Server
HA-Geocity
NodeID
Origin-Cache-Control
Origin-Edge-Control
Pragrma
X-Var-Ttl
X-Debug-Cookies
X-Varnish-Action
HA-Geolat
X-Owner
Backend-Name
X-Cache-Enabled
X-Hl-Ver
X-Origin-TTL
Cache-Tags
X-Amz-Meta-Cache-Control
X-S-Maxage
HA-Cloudapp
CDCHOST
X-Cache-CFC
X-HTML-Minification-Powered-By
X-Platform
X-RCS-CacheZone
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
WZWS-RAY
X-Powered-By-ANYU
X-Layer
X-Wikidot-Static-Cache
X-Phone
X-Sucuri-Cache
X-Wikidot-Backend
X-GeoIP-City
SN
X-NX-Host
X-VServer
X-We-Are-Hiring
X-ServiceProvider
X-Fastly-Cache
GMS-Ver
X-Eu-Site
X-External-Request-Id
X-F5-Cache
Decoy-Debug-TTL
Esi-Enabled
Mobile-Detection-Method
Decoy-Debug-Key
Decoy-Debug-Status
Country-Code
X-Webstats-RespID
X-Csrf-Token
X-Cache-URL
X-Worker
X-Tumblr-Pixel-3
X-Backend-Url
X-VCT
X-Cdn-Origin
X-Cache-Host
X-Cache-Expires
X-Up
X-Cdn-Srv
X-Cache-Srv
X-Variation
X-Epic-Correlation-Id
X-Secret
X-GeoIP-Country-Code
X-Hash
X-Gannett-Site-Version
X-Server-IP
X-Fstrz
X-FW-Version
X-Response-By
X-Request-Time
X-MSEdge-Features
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Backend-TTL
X-Matched-Rule
X-Reboot
X-Location
X-Fetched-On
X-ShardId
X-Trace-Id
X-Thinkindot-L3
X-Swa-Ws
X-Croise-Owner
X-Content-Age
X-TT-LOGID
X-Clientip
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Device-Os
X-Developers
X-Sn-Servicetimems
X-Skip-Cache
X-Ckpd-Fst-Backend
Uber-Trace-Id
Apple-News-Services-Request-Url
X-Backend-State
X-Oss-Object-Type
RNT-Machine
RNT-Time
Heartbleed
Section-Io-Cache
Apple-News-Services-Parsed-Url
Platform
X-Oss-Request-Id
X-Oss-Storage-Class
Is-Eu
Countrycode
PageSpeed
Odigeo-Trace-Id
PFcat
Origin
X-Oss-Server-Time
Apple-News-Services-Host
Server-ID
Thinkindot-CacheControl
X-Alternate-Cache-Key
X-Backend-Host
Apple-News-Services-Handled
Adler-Geo
Thinkindot-CacheControl-Type
X-Oss-Hash-Crc64ecma
Thinkindot-Control
X-Ua
X-Passed-To-PostProcessResponse
Content-Disposition
Fastly-SWR
X-Stale
X-Passed-To-DLL
Fastly-Backend-Name
X-Rebelmouse-Cache-Control
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From
X-Rebelmouse-Surrogate-Control
X-Passed-To
X-Iejgwucgyu
X-Passed-To-BeforeDispatch
Fastly-SIE
X-Actual-URL
X-Store
Sid
HTTPS
X-Core-Mission
Resin-Trace
X-GEO
X-Policy
X-Servername
X-CACHE-AGE
ProcessTime
X-Planisys-CDN-Cache
X-Alicdn-Da-Ups-Status
X-Real-Ip
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Ezoic-Cdn
X-B3-TraceId
X-Servedbyhost
CDN
Xserver
Powered
REQUESTUUID
WP-Super-Cache
RequestId
X-Cluster-Node
Warning
X-Atg-Version
X-Refresh
X-Pf-Uncompressing
X-Cache-ASPX
X-Proto
X-TIME
X-Dc
X-GoCache-CacheStatus
Dnion-Transfer-Encoding
We-Hiring
Mail-Subject
CF-IPCountry
NODE
X-Guploader-Uploadid
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Pjax-Url
Cache-Cookie-Set-From
ViewerVersion
X-Req
X-DC
NnCoection
X-Nc
X-Endurance-Cache-Level
X-Varnish-Ttl
X-Surge-Debug
X-Newrelic-Synthetics
X-Origin-Expires
X-Page-Type
X-Origin-Date
X-GRACE
X-CLOUD-TRACE-CONTEXT
X-Varnish-HitMiss
X-Server-W
X-Time
X-Cache-Control-Set-By
X-Edge-IP
X-HCF
X-COUNTRY
Hostname
X-Aed
Geoip-Latitude
GeoIp-Country-Code
X-Oracle-Dms-Ecid
WWW-Authenticate
SD-X-WS
X-Server-Group
Pramga
X-Ms-Lease-State
X-Cdn-Forward
CACHE
TSSecure
X-Varnish-Url
A
Geoip-City
X-Varnish-Beresp-TTL
Processtime
X-CSRF-Token
MS-CV
X-Datadome
X-Wix-Route-ID
X-Wa
PICS-Label
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-ABtesting
X-Varnish-URL
X-Flog
X-Hello
Cdn
Dont-Set-Cookie
Mime-Version
X-WA
X-Akamai-Request-ID2
Cdn-Host
X-Edge-Server
X-From-Cache
Cdn-Request-Time
X-CACHE-KEY
X-Gdpr
Node
Lfy
X-Auto-Login
Lb
PageType
X-Use-Magma
X-Nananana
DataCenter
FSS-Cache
GeoIP-Country-Code
GeoIP-Latitude
X-Geo
X-UPSTREAM-Address
COMMERCE-SERVER-SOFTWARE
FSS-Proxy
X-Ratelimit-Limit
Ms-Operation-Id
X-RTag
X-EC-Security-Audit
X-Fastly-Backend-Reqs
Is-Session-Tracking
X-Sentry-ID
X-Cache-HT
X-SRV
Get-Access-Time
X-APP
GeoIP-City
X-Env
X-Optimization
X-WR-MODIFICATION
X-Load-Cache
X-Via-NSCOPI
X-Gen-Id
Rt-Proxy-Cache
Who
X-PAGE-TYPE
X-Unique-Id
X-Cache-FS-Status
X-Check-Cacheable
X-Wix-Petri-Ex
X-Served-From
X-Cookie
X-Cache-Id
X-GDPR
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
X-Ibm-Trace
Memcached
X-Ver
X-Meta-Tbi-Cache-Vertical
X-Thanos
Ws
X-Cache-Info
X-Bip
X-Swift-Error
Httpd-Identifier
X-Be
X-Proxy-Server
X-MP-GENERATED-AT
X-PJAX-URL
Pics-Label
X-NGINX-Cache
X-B3-SpanId
X-SVT-ORM-VERSION
Powered-By
X-SVT-ORM-RULES
X-Fastly-Cache-Hits
Cf-Ipcountry
X-Fe
V-Cache
X-Request-Start
Group
X-Cache-Ttl
X-RateLimit-Reset
X-HS-Status
Memory
Ohc-File-Size
X-Path-Route
X-Dw-Trace-Id
X-CDN-Pop-IP
URI
X-ServedByHost
X-PF-Uncompressing
Version
X-Shard
X-CDN-Pop
Amp-Access-Control-Allow-Source-Origin
X-ID
X-GZIP
X-LiteSpeed-Cache-Control
UCS
GW-Server
X-Bug-Bounty
X-P-T
Xet-Cookie
NX-Cache
AGE-Hash
X-SB
Requestid
X-VC
Serverid
X-User
X-Varnish-Info
Fastly-Soc-X-Request-Id
X-CacheKey
CDN-Cache
CDN-Cache-Hit
X-Ratelimit-Remaining
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-StackifyID
Ohc-Response-Time
N-Cache
Apicache-Version
CDN-Node
X-ServerName
Apicache-Store
X-Cache-Handler
If-Modified-Since
X-Info
X-SD-PageType
X-Grace-Duration
X-Route-Name
X-Providence-Cookie
X-Flags
Https
X-Is-Crawler
X-Litespeed-Cache-Control
X-Micro-Cache
X-RequestId