Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
X-Request-ID
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
X-Ua-Compatible
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Via
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Server-Id
X-Amz-Version-Id
X-Ac
Server-Timing
X-Node
X-OneAgent-JS-Injection
Allow
Feature-Policy
X-Cnection
X-Iejgwucgyu
X-Response-Time
X-Rq
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
P3p
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Px
X-Vhost
X-Mod-Pagespeed
X-MS-InvokeApp
Charset
X-VARITI-CCR
Accept-CH
Edge-Control
X-Goog-Hash
Verso
X-GitHub-Request-Id
Pinterest-Generated-By
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-ESI
X-Vname
X-PC
X-TtlSet
X-Version
X-Server-Name
X-DynaTrace
X-Cdn
X-Varnish-TTL
X-Powered-By-Plesk
X-B3-TraceId
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Cached
X-Use-Magma
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-TTL
X-Upstream-Env
X-Origin-Upstream-Status
X-Dispatcher
SPRequestGuid
X-ORACLE-DMS-RID
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
MS-Author-Via
X-Recruiting
X-T
RTSS
Accept-CH-Lifetime
X-Navigation-Version
Public-Key-Pins
X-Shield-Request-Id
X-Trace
Content-MD5
AR-CACHE
AR-PoweredBy
AR-ATIME
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
X-Client-IP
X-HW
X-Fastly-Request-ID
SPIisLatency
SPRequestDuration
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-DIS-Request-ID
Realpath
X-DynaTrace-JS-Agent
X-Server-ID
X-Oracle-Dms-Rid
X-B
X-F-Cache
X-Upstream
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Amz-Meta-S3cmd-Attrs
Service-Worker-Allowed
X-Via-JSL
X-Ser
X-Pinterest-Rid
Pinterest-Version
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
Front-End-Https
X-Id
Paypal-Debug-Id
AR-Request-ID
X-FTR-Expires
X-Dw-Request-Base-Id
X-Dns-Prefetch-Control
X-Ttl
X-Vcap-Request-Id
X-Varnish-Age
X-Debug
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
Ar-Sid
X-MSEdge-Ref
Nginx-Cache
X-XRDS-Location
X-Kinsta-Cache
X-Hits
X-N
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-NF-Request-ID
X-FTR-Cache-Host
X-NewRelic-App-Data
X-Logged-In
S
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Akam-SW-Version
X-DataStream-Cache-Status
X-Forwarded-For
X-Frontend
X-PressLabs-Stats
X-HS-Content-Id
X-User-Agent
Alternate-Protocol
X-HS-Hub-Id
Tracecode
X-CACHE-GROUP
X-Amzn-Trace-Id
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Grace
Server-Name
DynaTrace
X-Content-Digest
X-Pad
Refresh
X-Content-Options
Powered-By-ChinaCache
X-Content-Type
MicrosoftSharePointTeamServices
X-Analytics
Backend-Timing
Accept-Charset
X-LB-Cache
X-Zen-Fury
TCN
X-Debug-Info
X-Sol
X-Middleton-Display
Display
X-Az
X-AppVersion
X-Activity-Id
Fastcgi-Cache
FilterID
Access-Control-Request-Method
X-IPLB-Instance
X-Rid
Host
X-Page-Id
X-CF-Powered-By
MS-CV
X-TA-CDN-Provider
ServerID
X-Cache-Key
X-Magnolia-Registration
Cache-Status
X-Middleton-Response
Response
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Content-Powered-By
X-Hostname
X-ATG-Version
X-Mobile
X-Seen-By
X-RateLimit-Remaining
X-Srv
X-WA-Info
X-Fastcgi-Cache
Surrogate-Key
X-GUploader-UploadID
X-B3-Sampled
X-Revision
X-Cached-By
X-Request-Processing-Time
X-Varnish-Backend
X-Request-Received
Rt-Fastcgi-Cache
X-SS-Set-Cookie
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cluster
X-Signature
X-Instance
X-Cache-Action
X-B-Cache
X-Drupal-Cache-Tags
X-Content-Security-Policy-Report-Only
Host-Header
X-Platform-Server
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Source
X-Request-Guid
X-PHP-Backend
X-Cache-Age
X-Wix-Request-Id
Cleartype
X-VCache
X-Whom
X-XRDS-LOCATION
ViewerVersion
X-Handled-By
X-Framework
X-TT
X-Akamai-Edgescape
X-Origin-Server
X-App-Environment
Server-Info
X-Edge-Location
X-Cache-Control
DC
X-Real-IP
X-Generated-By
X-Oneagent-Js-Injection
X-BCube-Filmed-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
X-Geo-Country
X-Cache-Rule
X-FW-Server
X-FW-Hash
X-FW-Static
X-NWS-LOG-UUID
X-FW-Type
X-FW-Serve
X-AOL-HN
Server-Node
Fusion-Content-Source
X-Varnish-Hostname
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-Varnish-Server
X-Ruxit-Js-Agent
Fusion-Template-Id
Retry-After
X-Cache-2
Eomportal-Instance
X-Correlation-Id
Payment
X-FB-Debug
X-Amz-Server-Side-Encryption
X-Response-Served-From
Webserver
Actual-Object-TTL
Access-Control-Allow-Method
X-Varnish-Grace
X-TT-TIMESTAMP
GEO-INFO
X-Varnish-Hits
X-Tumblr-Pixel-2
AsisCache
X-Tumblr-Pixel-1
ServedBy
X-Drupal-Cache-Contexts
X-Cacheable-TTL
X-Jobs
Ms-Operation-Id
X-WebKit-CSP-Report-Only
Content-Style-Type
Healthy
X-Amz-Replication-Status
X-RTag
X-UUID
X-TX-ID
X-Region
Content-Script-Type
Filters
NGB
X-Device-Type
X-Adobe-Content
Viewport
X-Contextid
Upgrade-Insecure-Requests
X-Servedby
X-Cache-Config
X-Varnish-IP
Cache
X-Adobe-Loc
X-RequestSource
X-WPE-Loopback-Upstream-Addr
X-Locale
Country
X-Rendered-As
Cache-Tv-Group
X-Accel-Expires
X-UA-Device-Type
From-Origin
X-Ezoic-Cdn
HitType
X-Cache-TTL-Remaining
Edge-Cache-Tag
X-BACKEND-TTL
Pagespeed
X-Cache-TTL
X-Cache-Server
X-VG-WebCache
X-Cache-Remote
X-FW-Dynamic
X-Cache-Operation
Fastcgi-Useragent
Fastly-Restarts
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Age
X-Hit
Cache-Tags
X-Upgrade-Enabled
X-CACHE-KEY
X-Redis-Cache
X-Esi
X-Storage
X-APP-VERSION
X-Source
X-S
X-RateLimit-Limit
Datacenter
X-App-Version
X-Upstream-Proxy
X-Mode
Served-By
Cache-Tag
X-NGENIX-Cache
Load-Balancing
X-NCache
Machine
Meta-Geo
X-Tb
X-Akamai-Transformed
X-Origin-Response-Time
Vix-Hermes-Req-Id
X-GeoIP
SRV
X-Path-Route
X-Backend-Name
X-Akamai-Request-ID
Origin-Cache-Control
Origin-Edge-Control
X-Daa-Tunnel
X-Cache-Var
X-RN-RSRV
X-Hl-Ver
X-Generated
X-Internal-Host
X-Detected-As
X-Cache-Var-Map
X-JoinUs
X-Rule
X-Is-Bot
Selected-FE
X-Agile
X-Labrador-Cache-Channel
Now
Cache-Key
X-Edge-IP
X-Proxy
X-Proxy-Build
X-Origin-Host
X-Loop
X-L-Path
X-ProxyCache-Key
X-ProxyCache-Status
X-Timing-Wait
X-ServerID
X-Pubstack
X-TNCMS
X-Hosted-By
X-Grey
X-Www-Served-By
X-BYPASS-REASON
X-Birta-Served
X-Birta-Cache-Post
X-Agile-Id
X-Cache-Category-Id
X-CDN-Cache
X-FC-Vary-Parameters
X-Varnish-Cacheable
X-Web-Node
X-Environment-Context
X-Agile-Age
X-Time-Microsecs
Xserver
X-Varnish-Cache-Hits
NtCoent-Length
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Pc-Appver
X-PCL
X-Pc-Key
X-Pc-Hit
X-DataStream-MidMile-RTT
Property-Id
TWC-Privacy
X-ApacheServer
X-OCL
X-Status
X-Format
X-IP
X-Origin-Hint
Webcakes-Region
X-PERF
X-Viewer-Country
Webcakes-App-Name
Webcakes-App-Version
TWC-Locale-Group
X-Via-Fastly
X-DataStream-Origin-MEX-Latency
X-ProcessESI
X-RemovedCookies
Cache-Name
X-VG-TLSProxy
Azure-InstanceId
X-Section
Fastcgi-X-Cache-Version
X-CCM
X-Cache-NE
X-Cache-Enabled
S-Rt
X-Debug-Cache
X-Human
X-Site-Version
X-Access
Azure-SiteName
Azure-RegionName
Azure-Version
DB-Nickname
Public-Key-Pins-Report-Only
Azure-SlotName
X-Routing-Service
X-Zipkin-Id
Mail-Subject
X-Xfnlog-Site
X-Proxied
X-MP-GENERATED-AT
X-App-Name
We-Hiring
X-Original-Request
Access-Control-Request-Headers
X-GRACE
X-Microcachable
X-Origin
X-Guploader-Uploadid
X-EdgeConnect-Cache-Status
X-GEO
User-Cache-Control
X-Ocache
X-Sucuri-ID
S-Cnection
Liferay-Portal
X-Protected-By
X-Nginx-Cache
X-Request-Time
X-Cdn-Forward
X-FW-Version
User-Agent
Cache-Hits
X-UA
X-Node-Name
LB
X-Tumblr-Pixel-3
X-Proto
X-ES-SERVER
X-Webstats-RespID
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Correlation-ID
X-Trace-Id
X-Time
X-FB-TRIP-ID
Ohc-File-Size
X-Nc
X-Ua
Powered
X-Origin-CC
X-Unique-ID
PageSpeed
X-Forwarded-Host
X-Endurance-Cache-Level
L5d-Success-Class
X-Varnish-Beresp-Grace
Frame-Options
X-Varnish-Beresp-Status
Section-Io-Cache
X-Parent-Response-Time
X-Upstream-CT
AR-SID
X-Upstream-HT
X-Pc-Subdomain
X-OVcl
X-OVcl-Cache
X-Pc-Host
X-V
IBM-Web2-Location
X-Pc-Date
Nel
X-AWS-Id
X-Rocket-Nginx-Bypass
X-Cache-Backend
X-VWS-Id
X-LJ-Flow-ID
X-ElasticPress-Search
X-Origin-TTL
X-Varnish-Beresp-Ttl
X-R9-Blue-Green-Version
OT-Force-Account-Verify
CACHE
X-Vgn-Hpd-Reason
X-Cluster-Node
BehaviorPad-Version
X-Rewrite-Enabled
X-S-Maxage
X-ScT
X-Gen-Mode
X-S-Cookie
X-Rojux
X-UE-Client-Country
X-From
Arc-Country
Fly-Request-Id
X-Connection-Hash
X-Amz-Meta-Cache-Control
X-PAYTM-SRV-ID
X-Application
X-ARC
X-Aed
X-Accel-Expires-Debug
X-Date
Resin-Trace
Viewtype
VivaBuild
Www
X-Auto-Login
X-B-Cookie
X-CF-Lambda-Version
X-Cache-Info
X-Cache-URL
X-PHP-Host
X-Cdn-Srv
X-Cache-Id
X-Cache-Host
X-BB-ID
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
Rendered-Blocks
X-Destination
Fly-Cache
Fastly-SWR
GMS-Ver
X-External-Request-Id
X-Request-UUID
Fastly-SIE
Ec-Rule-Version
Country-Code
Cache-Prefix
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Region-Sid
X-Reboot
Mobile-Detection-Method
X-Distil-CS
Node
X-Developer
Powered-By
Meta-Geo-Continent
Memcached
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-DPWN-IS-SECURE
MD5-Digest
X-Fetched-On
X-ServiceProvider
X-VG-WebServer
X-Micro-Cache
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-User
X-Transaction
X-LI-UUID
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Wikidot-Static-Cache
X-IN-WAF
X-Wikidot-Backend
Xc-Version
X-SRCache-Key
X-We-Are-Hiring
X-Info
X-LI-Proto
X-Irp-Debug
X-Origin-Date
X-Server-Cache
X-CF-Lambda-Fn
X-TT-LOGID
X-Twitter-Response-Tags
X-Origin-Expires
X-Generated-In
X-Server-By
X-Server-Group
X-NU-AKA-ACS-Version
X-Trv-Group
X-Li-Pop
X-Li-Fabric
X-Sucuri-Cache
Fastcgi-X-Cache
X-Debug-Cookies
Proxy-Connection
True-Client-Country-4JS
X-Location
X-Policy
X-RateLimit-Limit-Second
X-Core-Mission
Request-Time
Thinkindot-Control
X-Proxy-Cache-Status
Thinkindot-CacheControl-Type
X-Crawler
X-CUA
Server-Host
X-D
X-Debug-Log
X-Proxy-Upstream
Thinkindot-CacheControl
X-Thanos
Platform
SD-X-WS
X-A-Wwc
X-Bip
X-C
X-Thinkindot-L3
X-Backend-Url
X-Backend-Host
X-Backend-State
X-Clientip
X-CGP
X-Cache-Grace
X-NX-Host
X-Node-Id
X-Cache-Expires
X-Cache-Debug
X-Nginx-Cache-Key
X-SERVER
X-A-Ccd
X-A-Dam
X-A
X-Matched-Rule
Web-Mar-Node
Who
X-A-Dcw
X-A-Dgt
X-Platform
X-Alternate-Cache-Key
X-Actual-URL
X-Var-Ttl
X-Level-Front-Cache
X-Logtrace-Id
X-Dc
X-Hash
CDCHOST
Content-Disposition
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Sorting-Hat-ShopId
Countrycode
X-Varnish-Action
X-Stale
X-Returned-From-DLL
X-Fastly-Cache
Fastly-Soc-X-Request-Id
X-Passed-To-PostProcessResponse
Fastly-Backend-Name
Backend
X-Sorting-Hat-PodId
X-ShardId
X-Gannett-Site-Version
X-Sf
X-Generated-On
X-Passed-To
X-Server-IP
X-GeoIP-Country-Code
X-ShopId
X-FireWall-Port
X-SIPLIST1
X-Shopify-Stage
X-G
Adler-Geo
Ajk
X-Returned-From-BeforeDispatch
X-Variation
X-RateLimit-Remaining-Second
X-LAGOON
Magicmarker
Lfy
X-Returned-From
X-Edge-Cache
X-Dispatcher-Server
Origin
On-Server
X-Edge-Cache-Key
X-Secret
IsBot
X-Distributor
HA-Ipaddr
X-Swa-Ws
X-Svr
X-Request-URI
Ha-Gx-Prefs
X-Eu-Site
X-Epic-Correlation-Id
Is-Eu
X-Response-By
Mn-Server-Ip
Warning
X-Developers
X-F5-Cache
X-Died
X-Device-Os
X-Generation-Time
X-Debug-Cache-Fetch
X-Croise-Owner
X-MSEdge-Features
X-Instart-Isnd
X-Core-Value
X-Key
X-Debug-Cache-Expiry
X-No-Session
X-MSEdge-Flight
X-Fstrz
X-Debug-Cache-Store
Apple-News-Services-Request-Url
AKAMAI
Apple-News-Services-Handled
Pagetype
X-EIG-Tracking-Id
Release
Pramga
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Lfrom
Fastly-SSL
Heartbleed
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Varnish-Authentication
X-Via-CDN
X-TrackingId
SS
X-Amz-Meta-Surrogate-Control
X-Up
X-UnsetCookies
X-Cache-ASPX
Server-Surrogate-Control
Server-Int
RNT-Time
RNT-Machine
X-Qloud-Router
Server-Cache-Control
X-Via-NSCOPI
GW-Server
X-HS-Cache-Config
X-Varnish-Url
X-Server-Time
Server-ID
X-Page-Type
HostName
NGX
REQUESTUUID
X-TIME
Kp-EeAlive
X-Servername
Version
X-Sedo-Request-Id
X-B3-Traceid
X-Pjax-Url
X-Cache-Miss-From
X-Be
X-Varnish-Ttl
X-Newrelic-App-Data
SID
RequestId
PFcat
X-Dynatrace-Js-Agent
X-Owner
X-Refresh
X-SN
X-CDN-Forward
X-URL
Odigeo-Trace-Id
X-Store
X-Cache-CFC
MIME-Version
X-From-Cache
Esi-Enabled
X-NC
X-B3-SpanId
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
Time
X-Oss-Storage-Class
MI-API
MI-Cache
MI-Cache-Age
X-Oss-Object-Type
X-MI-In-Market
X-Layer
X-RCS-CacheZone
Cteonnt-Length
Hostname
X-RequestId
X-FPC
HTTPS
X-Servedbyhost
Mime-Version
HA-Cloudapp
HA-Host
HA-Geocity
HA-Servedtime
HA-Urlpath
HA-Georegion
HA-Geolon
X-IPS-LoggedIn
HA-Geolat
X-Ratelimit-Remaining
Cdn
HA-Geocountry
FastCGI-Cache
Cdn-Request-Time
Cdn-Host
X-CSRF-TOKEN
X-Edge-Server
PICS-Label
X-Hyper-Cache
Backend-Name
X-Req
X-Webkit-Csp
X-Webkit-CSP
X-CLOUD-TRACE-CONTEXT
ProcessTime
CF-IPCountry
X-Unique-Id-Primal
X-Mrs-Age
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Cache-Hits
Memory
X-CMS-Context
X-Wa
X-Ratelimit-Limit
Processtime
X-Geo
X-Mobile-URL
X-Load-Cache
Cf-Ipcountry
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Instart-Info
X-B3-Spanid
X-Real-Ip
CDN
X-GZip
Ohc-Response-Time
Cross-Origin-Window-Policy
X-NodeID
X-VServer
X-DC
X-Phone
X-WebServer
X-WR-MODIFICATION
X-Aicache-OS
GeoIP-Country-Code
X-Newrelic-Synthetics
X-HS-Combine-CSS
X-Request-Start
X-Pf-Uncompressing
XServer
X-Varnish-Beresp-TTL
X-Atg-Version
X-PF-Uncompressing
X-Release
GeoIP-Latitude
X-HTML-Minification-Powered-By
X-Lb-Id
X-Fastly-Country-Code
X-Skip-Cache
URI
Ohc-Cache-HIT
Accept-Ch-Lifetime
X-WA
X-FORWARDED-FOR
X-VC-Cache
T-Server
X-Server-W
Amp-Access-Control-Allow-Source-Origin
Rt-Proxy-Cache
X-Served-From
Uber-Trace-Id
X-ND-Cache
X-LB-ID
X-Cms-Context
X-Tb-Optimization-Total-Bytes-Saved
X-Nananana
X-Oracle-Dms-Ecid
N-Cache
X-MServer
X-Gateway-Skip-Cache
X-Gateway-Cache-Key
X-UCC
X-Gateway-Cache-Status
X-COUNTRY
Pics-Label
X-APP
X-GoCache-CacheStatus
X-Vcache
X-CSRF-Token
X-Datadome
X-Unique-Id
X-ServedByHost
X-SRV
X-Worker
V-Age
X-Cdn-Origin
A
X-LiteSpeed-Cache-Control
X-Fastly-Cache-Hits
X-UPSTREAM-Address
X-Sn-Servicetimems
X-Processor
X-SERVER-NAME
DataCenter
X-BBXSRF
X-SVT-ORM-VERSION
X-CACHE-AGE
X-SVT-ORM-RULES
Proxy-Firewall
X-Hp-Webp
Is-Session-Tracking
X-Check-Cacheable
X-Optimization
X-Cache-HT
X-GZIP
X-P-T
X-Requestid
X-HS-Status
Get-Access-Time
X-NGINX-Cache
X-ID
X-BE
Dnion-Transfer-Encoding
Geoip-Latitude
ServerName
Cneonction
X-VCT
X-Shard
X-Vg-Webcache
X-Backend-TTL
X-GDPR
X-Fe
X-Geo-Header
X-RCS-Backend
X-Amzn-Remapped-Content-Length
GeoIp-Country-Code
X-Port
X-Csrf-Token
X-PJAX-URL
X-PAGE-TYPE
X-GeoIP-City
X-Varnish-URL
Host-ID
Requestid
X-ServerName
Serverid
X-NWS-UUID-VERIFY
UCS
X-Git-Hash
Cache-Provider
WP-Super-Cache
X-LiteSpeed-Tag
X-StackifyID
X-HostName
Server-Id
X-Dw-Trace-Id
RequestUuid
178proxuri
DSUID
Inserted-Into-Cache-At
X-Fastly-Backend-Reqs
X-Fpc
Request-EU
Request-Country
188prxHost
X-Org
219prxHost
409pxxline
Xxline
X-Request-Url
X-CS
355prline
352pxline
189phosttRef
225prxHost
WZWS-RAY
286prxHost
X-RAMCache