Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
CF-Ray
X-Backend
X-AH-Environment
X-Ua-Compatible
X-Drupal-Dynamic-Cache
X-Age
X-Cache-Group
X-Server
X-Request-ID
X-Via
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
EagleId
X-Page-Speed
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-Ac
X-OneAgent-JS-Injection
X-Node
Server-Timing
Feature-Policy
X-Iejgwucgyu
X-Cnection
X-Response-Time
Allow
X-Rq
X-Cache-Lookup
Content-Location
X-Backend-Server
Report-To
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
X-Url
P3p
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Px
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Vhost
Charset
X-Mod-Pagespeed
X-VARITI-CCR
Accept-CH
Edge-Control
X-Goog-Hash
X-GitHub-Request-Id
PB-RID
Verso
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Varnish-TTL
X-DynaTrace
X-ESI
X-Version
X-TTL
X-Cdn
X-Server-Name
X-TtlSet
X-Vname
X-PC
X-B3-TraceId
Pinterest-Generated-By
X-Powered-By-Plesk
X-D2id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Cached
SPRequestGuid
X-Dispatcher
X-Origin-Upstream-Status
X-Upstream-Env
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
X-T
RTSS
MS-Author-Via
X-Recruiting
Accept-CH-Lifetime
X-ORACLE-DMS-RID
X-Trace
X-Navigation-Version
Public-Key-Pins
X-Shield-Request-Id
Content-MD5
AR-ATIME
AR-CACHE
AR-PoweredBy
SPRequestDuration
SPIisLatency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Oracle-Dms-Rid
X-Amz-Rid
X-DIS-Request-ID
X-Fastly-Request-ID
X-HW
X-Client-IP
Arr-Disable-Session-Affinity
Realpath
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Forwarded-Proto
X-F-Cache
X-B
X-Upstream
X-DynaTrace-JS-Agent
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Ser
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
Service-Worker-Allowed
X-Pinterest-Rid
Pinterest-Version
X-Dw-Request-Base-Id
X-Id
X-FTR-DC
X-Dns-Prefetch-Control
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-Server-ID
X-FTR-Expires
X-Vcap-Request-Id
Front-End-Https
X-Varnish-Age
AR-Request-ID
Paypal-Debug-Id
X-Debug
X-Goog-Storage-Class
Nginx-Cache
X-Acc-Meta-Resource-Type
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-MSEdge-Ref
X-Hits
Ar-Sid
X-Kinsta-Cache
X-N
X-Ttl
X-NF-Request-ID
X-NewRelic-App-Data
X-Logged-In
X-FTR-Cache-Host
X-XRDS-Location
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
S
X-Akam-SW-Version
X-Frontend
X-Forwarded-For
X-HS-Hub-Id
X-PressLabs-Stats
X-HS-Content-Id
Alternate-Protocol
X-User-Agent
X-Grace
X-TA-CDN-Provider
Tracecode
X-CACHE-GROUP
X-DataStream-Cache-Status
DynaTrace
AMP-Access-Control-Allow-Source-Origin
X-Amzn-Trace-Id
X-Pad
Server-Name
X-Content-Digest
X-Cache-Key
Refresh
X-FastCGI-Cache
X-Analytics
X-Content-Options
Backend-Timing
Accept-Charset
MicrosoftSharePointTeamServices
X-Activity-Id
X-Sol
X-Middleton-Display
Display
Fastcgi-Cache
X-AppVersion
X-Debug-Info
X-Az
X-Zen-Fury
X-LB-Cache
X-Page-Id
Access-Control-Request-Method
FilterID
X-IPLB-Instance
X-Rid
MS-CV
Host
X-CF-Powered-By
Powered-By-ChinaCache
X-Content-Type
X-Magnolia-Registration
ServerID
Response
X-Middleton-Response
TP-L2-Cache
TP-Cache
X-Fastcgi-Cache
TCN
Cache-Status
X-ATG-Version
X-Mobile
X-Cache-Hit
X-Content-Powered-By
X-Hostname
Surrogate-Key
X-Srv
X-XRDS-LOCATION
X-VCache
X-WA-Info
X-Seen-By
Rt-Fastcgi-Cache
X-B3-Sampled
X-RateLimit-Remaining
X-Cached-By
X-Varnish-Backend
X-Request-Processing-Time
X-Request-Received
X-Revision
X-SS-Set-Cookie
X-Signature
X-Cache-Age
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-B-Cache
X-Cluster
X-Cache-Action
X-Instance
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-User
X-GUploader-UploadID
X-Tumblr-Pixel-0
Source
Cleartype
X-PHP-Backend
X-Request-Guid
X-Edge-Location
X-Whom
X-Framework
X-Ruxit-Js-Agent
X-TT
X-Akamai-Edgescape
X-Drupal-Cache-Tags
X-App-Environment
X-Handled-By
X-Origin-Server
X-Cache-Control
ViewerVersion
X-Wix-Request-Id
Host-Header
Server-Info
X-NWS-LOG-UUID
X-BCube-Filmed-By
X-Cache-Rule
X-Generated-By
DC
X-AOL-HN
X-Varnish-Hostname
X-Cache-2
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
Retry-After
X-FW-Server
X-Varnish-Server
X-FW-Static
X-FW-Type
X-Geo-Country
X-FW-Hash
X-FW-Serve
Server-Node
Eomportal-Instance
Fusion-Source
Fusion-Template-Id
X-Correlation-Id
X-Real-IP
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-FB-Debug
Payment
X-Device-Type
Webserver
Actual-Object-TTL
Cache
X-Response-Served-From
X-Tumblr-Pixel-1
AsisCache
X-Tumblr-Pixel-2
ServedBy
Access-Control-Allow-Method
X-Amz-Server-Side-Encryption
X-Varnish-Hits
X-TT-TIMESTAMP
Content-Style-Type
Content-Script-Type
X-Varnish-Grace
NGB
X-WebKit-CSP-Report-Only
X-Jobs
Filters
X-TX-ID
X-Region
Ms-Operation-Id
X-RTag
GEO-INFO
X-Cacheable-TTL
X-Drupal-Cache-Contexts
X-Servedby
X-Contextid
X-Adobe-Loc
Upgrade-Insecure-Requests
Edge-Cache-Tag
Healthy
Viewport
X-Adobe-Content
X-UUID
X-Varnish-IP
X-Amz-Replication-Status
From-Origin
X-Rendered-As
X-Locale
Country
X-Accel-Expires
X-UA-Device-Type
X-WPE-Loopback-Upstream-Addr
X-Cache-Config
Cache-Tv-Group
X-RequestSource
X-Cache-TTL-Remaining
HitType
X-BACKEND-TTL
X-Cache-Server
X-Ezoic-Cdn
X-Cache-Operation
X-VG-WebCache
Pagespeed
X-Cache-Remote
X-Cache-TTL
X-Kong-Upstream-Latency
Fastly-Restarts
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
X-Content-Age
X-Upgrade-Enabled
X-Storage
X-Hit
Fastcgi-Useragent
X-Esi
X-APP-VERSION
Cache-Tags
X-FW-Dynamic
X-S
X-Redis-Cache
X-Daa-Tunnel
X-App-Version
X-Mode
Datacenter
Cache-Tag
Served-By
X-Cache-NE
X-RateLimit-Limit
NtCoent-Length
X-Generated
X-Rule
X-Guploader-Uploadid
Machine
X-RN-RSRV
X-Detected-As
X-NCache
X-Backend-Name
Meta-Geo
Origin-Cache-Control
Load-Balancing
X-Path-Route
SRV
X-Cache-Var
X-Cache-Var-Map
X-NGENIX-Cache
Origin-Edge-Control
X-Internal-Host
X-Is-Bot
X-JoinUs
X-Hl-Ver
X-Source
Cache-Key
X-Birta-Cache-Post
X-ServerID
X-Tb
X-L-Path
X-Loop
X-Pubstack
X-Environment-Context
X-Timing-Wait
X-Hosted-By
X-Akamai-Request-ID
X-FC-Vary-Parameters
X-Www-Served-By
X-Web-Node
X-TNCMS
X-Edge-IP
X-ProxyCache-Status
X-Agile-Age
X-Agile-Id
X-Agile
Vix-Hermes-Req-Id
X-Origin-Response-Time
X-Birta-Served
X-BYPASS-REASON
X-Proxy-Build
X-ProxyCache-Key
X-Proxy
X-CDN-Cache
X-Origin-Host
Now
Selected-FE
X-CACHE-KEY
X-Status
X-Origin
Cache-Name
X-Time-Microsecs
Xserver
X-OCL
X-Labrador-Cache-Channel
X-GeoIP
X-Grey
X-RemovedCookies
X-Via-Fastly
X-Pc-Appver
X-Cache-Category-Id
X-ProcessESI
X-Varnish-Cacheable
X-Varnish-Cache-Hits
X-PERF
X-PCL
X-Viewer-Country
X-ApacheServer
X-Pc-Key
X-Pc-Hit
X-Site-Version
X-CCM
Public-Key-Pins-Report-Only
X-Debug-Cache
DB-Nickname
X-Human
X-IP
X-Original-Request
X-Akamai-Transformed
X-VG-TLSProxy
X-Format
Azure-RegionName
X-App-Name
X-Proxied
Azure-SlotName
X-Access
X-Section
We-Hiring
Azure-Version
X-Routing-Service
Azure-SiteName
Azure-InstanceId
X-Zipkin-Id
X-Xfnlog-Site
S-Rt
Mail-Subject
Webcakes-App-Version
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
X-Origin-Hint
TWC-Locale-Group
X-MP-GENERATED-AT
X-Cache-Enabled
Property-Id
X-Ocache
Fastcgi-X-Cache-Version
User-Cache-Control
X-Sucuri-ID
Access-Control-Request-Headers
Liferay-Portal
X-Microcachable
S-Cnection
X-Request-Time
X-Cdn-Forward
X-Protected-By
X-UA
X-Nginx-Cache
X-EdgeConnect-Cache-Status
X-GEO
X-Tumblr-Pixel-3
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Webstats-RespID
X-GRACE
X-Upstream-Proxy
X-FW-Version
X-Origin-CC
X-FB-TRIP-ID
User-Agent
X-Upstream-HT
X-Upstream-CT
X-Proto
X-Correlation-ID
LB
X-Trace-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
Cache-Hits
X-Node-Name
X-Nc
Powered
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
PageSpeed
Ohc-File-Size
X-Varnish-Beresp-Ttl
X-Forwarded-Host
X-ES-SERVER
X-Endurance-Cache-Level
X-Unique-ID
X-ElasticPress-Search
X-Ua
AR-SID
X-Edge-Cache-Key
X-Cache-Backend
X-Edge-Cache
X-Pc-Host
X-Pc-Date
X-OVcl
X-OVcl-Cache
Frame-Options
X-Origin-TTL
L5d-Success-Class
X-Server-Cache
Section-Io-Cache
Nel
X-Time
X-Rocket-Nginx-Bypass
IBM-Web2-Location
X-Vgn-Hpd-Reason
X-V
X-Parent-Response-Time
X-TIME
X-Pc-Subdomain
Fastcgi-X-Cache
X-Dynatrace-Js-Agent
OT-Force-Account-Verify
X-SRCache-Key
X-ServiceProvider
Www
X-Server-Group
VivaBuild
Rendered-Blocks
Resin-Trace
X-Transaction
Viewtype
X-Server-By
X-ScT
X-Rojux
X-Auto-Login
X-B-Cookie
X-Rewrite-Enabled
X-S-Cookie
X-ARC
X-Aed
X-S-Maxage
X-Amz-Meta-Cache-Control
X-Application
X-Trv-Group
Powered-By
Fastly-SWR
Fly-Cache
Fly-Request-Id
GMS-Ver
Fastly-SIE
Ec-Rule-Version
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
MD5-Digest
Memcached
X-UE-Client-Country
Node
X-Twitter-Response-Tags
X-TT-LOGID
X-VG-WebServer
X-We-Are-Hiring
Meta-Geo-Continent
Mobile-Detection-Method
Xc-Version
X-BB-ID
X-Block-Status
X-Cdn-Srv
X-Generated-In
X-Gen-Mode
X-CF-Lambda-Fn
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Info
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
Country-Code
X-From
X-CF-Lambda-Version
X-Connection-Hash
X-Developer
X-Date
X-Died
X-Distil-CS
X-Fetched-On
X-External-Request-Id
X-DPWN-IS-SECURE
X-Irp-Debug
X-Li-Fabric
X-Cache-Host
X-Rebelmouse-Surrogate-Control
X-Cache-Id
X-Rebelmouse-Cache-Control
X-Reboot
X-Cache-FS-Status
X-Request-UUID
X-Cache-Bucket
X-Region-Sid
X-PHP-Host
X-PAYTM-SRV-ID
X-LI-UUID
X-Cache-URL
X-LI-Proto
X-Li-Pop
X-Micro-Cache
X-Cache-Info
X-Origin-Expires
X-Origin-Date
X-NU-AKA-ACS-Version
X-Destination
X-Accel-Expires-Debug
Arc-Country
BehaviorPad-Version
HostName
Cache-Prefix
X-R9-Blue-Green-Version
X-Sucuri-Cache
X-SERVER
X-SIPLIST1
X-Sorting-Hat-PodId
X-Cache-Debug
X-Shopify-Stage
X-Cache-Grace
X-Cache-Expires
X-ShopId
X-Crawler
X-CUA
X-D
X-Core-Mission
X-Server-Time
X-Sorting-Hat-ShopId
X-ShardId
X-Sf
Mn-Server-Ip
X-Stale
X-A-Dgt
X-A-Wwc
X-Actual-URL
X-A-Dcw
X-A-Dam
X-Via-NSCOPI
X-A
X-A-Ccd
X-VWS-Id
X-Thinkindot-L3
X-Swa-Ws
Content-Disposition
X-Bip
X-AWS-Id
X-Thanos
X-Alternate-Cache-Key
X-LJ-Flow-ID
X-Debug-Cookies
X-Via-CDN
X-Policy
X-LAGOON
X-Level-Front-Cache
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Hash
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-Nginx-Cache-Key
X-Passed-To-DLL
X-Matched-Rule
X-Location
X-NX-Host
X-Logtrace-Id
X-Dc
X-GeoIP-Country-Code
X-Returned-From-PostProcessResponse
X-Epic-Correlation-Id
X-Returned-From-DLL
X-Distributor
X-Secret
X-Node-Id
Web-Mar-Node
X-Dispatcher-Server
X-Fastly-Cache
X-Returned-From-BeforeDispatch
X-Gannett-Site-Version
X-Request-URI
X-Generated-On
X-G
X-Response-By
X-Returned-From
X-FireWall-Port
X-Debug-Log
X-Svr
Lfy
Ajk
IsBot
SD-X-WS
Server-Host
X-Wikidot-Static-Cache
Adler-Geo
Fastly-Backend-Name
On-Server
Origin
Backend
Platform
Request-Time
Proxy-Connection
Is-Eu
Magicmarker
True-Client-Country-4JS
Thinkindot-CacheControl-Type
X-Variation
X-Var-Ttl
X-User
Thinkindot-CacheControl
Thinkindot-Control
X-Varnish-Action
X-Wikidot-Backend
Warning
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Heartbleed
X-Generation-Time
Cache-Cookie-Set-From
X-Croise-Owner
X-Server-IP
X-Fstrz
X-C
X-Up
X-Qloud-Router
X-No-Session
X-Clientip
X-Eu-Site
Cache-Cookie-Set-Idcheck
Kp-EeAlive
X-Core-Value
X-Device-Os
Ha-Gx-Prefs
Cache-Cookie-Set-Lfrom
X-Key
X-Backend-State
X-Backend-Host
X-Backend-Url
AKAMAI
RNT-Time
X-Varnish-Authentication
Server-Cache-Control
Fastly-SSL
Version
X-UnsetCookies
SS
Server-Surrogate-Control
X-Amz-Meta-Surrogate-Control
Server-Int
Pagetype
X-Cache-ASPX
Fastly-Soc-X-Request-Id
Pramga
HA-Ipaddr
X-CGP
Who
RNT-Machine
GW-Server
CACHE
X-Instart-Isnd
CDCHOST
Countrycode
Release
X-Cluster-Node
X-HS-Cache-Config
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Page-Type
X-MSEdge-Flight
REQUESTUUID
X-Varnish-Url
Server-ID
X-Developers
PFcat
X-MSEdge-Features
X-F5-Cache
X-TrackingId
X-Cache-Miss-From
X-B3-Traceid
X-Pjax-Url
X-Servername
NGX
X-Sedo-Request-Id
X-Ratelimit-Remaining
X-Cache-CFC
X-Refresh
X-Store
X-EIG-Tracking-Id
Esi-Enabled
X-Newrelic-App-Data
X-Be
RequestId
X-MI-In-Market
MI-Cache
MI-Cache-Age
X-RCS-CacheZone
MI-API
X-Layer
X-CDN-Forward
X-URL
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-SN
Time
SID
X-Oss-Object-Type
MIME-Version
X-IPS-LoggedIn
X-Oss-Hash-Crc64ecma
X-B3-SpanId
X-NC
HA-Georegion
HA-Geocity
HA-Geocountry
HA-Geolat
HA-Servedtime
HA-Geolon
HA-Urlpath
X-From-Cache
X-Owner
X-RequestId
HA-Cloudapp
HA-Host
X-Mrs-Cache
X-Mshield-Cache-Status
Cdn
X-Unique-Id-Primal
X-Mrs-Cache-Hits
X-Real-Ip
X-Mrs-Age
Odigeo-Trace-Id
Cteonnt-Length
X-Ratelimit-Limit
Mime-Version
FastCGI-Cache
X-FPC
X-Geo
PICS-Label
X-Servedbyhost
X-Hyper-Cache
X-CMS-Context
Backend-Name
X-Webkit-Csp
X-Webkit-CSP
X-CSRF-TOKEN
HTTPS
X-Varnish-Ttl
X-CLOUD-TRACE-CONTEXT
CF-IPCountry
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-WebServer
Memory
X-Instart-Info
X-Req
X-Phone
X-B3-Spanid
Processtime
Cf-Ipcountry
Hostname
X-Request-Start
X-Wa
CDN
X-WR-MODIFICATION
Ohc-Response-Time
X-Aicache-OS
X-Release
GeoIP-Country-Code
X-DC
ProcessTime
X-Pf-Uncompressing
GeoIP-Latitude
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Load-Cache
X-Newrelic-Synthetics
X-Mobile-URL
XServer
X-HS-Combine-CSS
X-GZip
X-Atg-Version
X-VServer
Cross-Origin-Window-Policy
X-NodeID
X-Varnish-Beresp-TTL
X-Lb-Id
X-WA
Rt-Proxy-Cache
X-Fastly-Country-Code
X-PF-Uncompressing
X-Server-W
X-ND-Cache
X-HTML-Minification-Powered-By
X-Served-From
T-Server
X-GoCache-CacheStatus
Accept-Ch-Lifetime
X-FORWARDED-FOR
URI
Amp-Access-Control-Allow-Source-Origin
X-Nananana
X-Oracle-Dms-Ecid
X-Tb-Optimization-Total-Bytes-Saved
X-Skip-Cache
X-Unique-Id
X-COUNTRY
X-Cdn-Origin
X-VC-Cache
X-CSRF-Token
X-MServer
X-ServedByHost
X-Sn-Servicetimems
X-LB-ID
Ohc-Cache-HIT
V-Age
X-SRV
X-Worker
X-APP
X-Cms-Context
Proxy-Firewall
Pics-Label
X-SVT-ORM-VERSION
X-UPSTREAM-Address
X-Datadome
X-SVT-ORM-RULES
N-Cache
X-LiteSpeed-Cache-Control
X-UCC
Uber-Trace-Id
X-Fastly-Cache-Hits
A
X-P-T
Get-Access-Time
Is-Session-Tracking
X-SERVER-NAME
X-Gateway-Cache-Key
X-CACHE-AGE
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
DataCenter
ServerName
X-Check-Cacheable
X-HS-Status
X-Processor
X-GZIP
X-RCS-Backend
X-Requestid
X-NGINX-Cache
X-ID
X-BE
X-Cache-HT
X-Hp-Webp
X-BBXSRF
Geoip-Latitude
X-Optimization
Dnion-Transfer-Encoding
X-Vg-Webcache
X-Backend-TTL
GeoIp-Country-Code
X-Csrf-Token
X-Port
X-PJAX-URL
X-Varnish-URL
X-Org
X-StackifyID
Cneonction
X-ServerName
X-PAGE-TYPE
X-Fe
Requestid
X-GDPR
WZWS-RAY
X-NWS-UUID-VERIFY
Serverid
Cache-Provider
X-Via-SSL
X-Via-Edge
Server-Id
X-Git-Hash
X-Dw-Trace-Id
RequestUuid
WP-Super-Cache
X-LiteSpeed-Tag
X-HostName
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
DSUID
X-RAMCache
X-Amzn-Remapped-Content-Length
X-GeoIP-City
X-VCT
X-Geo-Header
178proxuri
Host-ID
X-Instance-Name
219prxHost
Xxline
Correlation-Id
X-Request-Url
X-CS
X-Gdpr
409pxxline
355prline
Pragrma
189phosttRef
225prxHost
286prxHost
352pxline
188prxHost