Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
X-Xss-Protection
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Amz-Cf-Pop
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-Turbo-Charged-By
Upgrade
X-CDN
X-Kinja-Server-Push
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Ua-Compatible
X-Via
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Node
X-Host
X-Cnection
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-OneAgent-JS-Injection
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Trace
X-DataDome
X-Server-Name
X-Px
X-Vhost
X-GitHub-Request-Id
X-VARITI-CCR
X-B3-TraceId
X-ESI
X-MS-InvokeApp
RTSS
X-Cached
Accept-CH
X-Goog-Hash
Charset
X-Ruxit-JS-Agent
SPRequestGuid
X-ORACLE-DMS-RID
X-TtlSet
X-PC
X-Vname
X-Mod-Pagespeed
X-F-Cache
X-Server-ID
X-D2id
X-TTL
Public-Key-Pins
X-Exp-Variant
X-Cdn-Fetch
Verso
X-Kinja
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
Pinterest-Generated-By
X-Kinja-Build
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
X-Dispatcher
X-Version
X-SharePointHealthScore
X-T
X-Powered-By-Plesk
X-Cdn
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-Ser
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Navigation-Version
X-Origin-Upstream-Status
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-Recruiting
X-SRCache-Store-Status
X-SRCache-Fetch-Status
DynaTrace
X-Amz-Rid
MS-Author-Via
X-Client-IP
Realpath
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Oracle-Dms-Rid
Content-MD5
X-Vcap-Request-Id
Nginx-Cache
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Oneagent-Js-Injection
X-Goog-Stored-Content-Encoding
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
X-Ttl
AR-ATIME
AR-PoweredBy
AR-CACHE
Edge-Cache-Tag
X-N
Arr-Disable-Session-Affinity
X-Hits
X-Varnish-Age
X-Debug
X-Goog-Storage-Class
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-NF-Request-ID
X-B3-TraceId-Primal
X-MSEdge-Ref
TCN
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-NewRelic-App-Data
X-Dw-Request-Base-Id
X-Aspnet-Version
X-Id
X-ATG-Version
S
X-Via-JSL
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
Service-Worker-Allowed
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-XRDS-Location
X-Logged-In
X-FTR-Expires
X-Dns-Prefetch-Control
Alternate-Protocol
X-HS-Hub-Id
X-HS-Content-Id
X-PressLabs-Stats
Tracecode
X-Frontend
Rt-Fastcgi-Cache
X-Cache-Key
Surrogate-Key
X-Kinsta-Cache
X-Content-Digest
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
X-Ruxit-Js-Agent
X-Pad
MicrosoftSharePointTeamServices
Fastly-Restarts
X-Grace
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Content-Options
Ar-Sid
X-Edge-Location
Server-Name
Fastcgi-Cache
X-CF-Powered-By
X-Amzn-Trace-Id
Backend-Timing
X-Analytics
Host
FilterID
TP-Cache
TP-L2-Cache
X-Rid
X-User-Agent
X-Debug-Info
X-Cache-2
X-Magnolia-Registration
X-Whom
X-Hostname
X-B3-Sampled
X-IPLB-Instance
ServerID
X-Revision
Eomportal-Instance
X-Page-Id
X-Request-Received
X-Request-Processing-Time
X-Mobile
Paypal-Debug-Id
AR-Request-ID
X-NWS-LOG-UUID
X-Srv
Front-End-Https
X-Akam-SW-Version
X-VCache
X-AOL-HN
X-Content-Powered-By
Retry-After
Refresh
X-HS-Cache-Config
X-B-Cache
X-Signature
X-Handled-By
X-Cache-Action
X-Device-Type
Source
X-Cluster
X-App-Environment
X-Cache-Control
X-FB-Debug
X-Framework
X-Cache-Hit
X-LB-Cache
X-Instance
X-Request-Guid
X-SS-Set-Cookie
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Platform-Server
X-Varnish-Grace
X-WA-Info
Cleartype
X-Varnish-Hostname
X-BCube-Filmed-By
X-GUploader-UploadID
X-XRDS-LOCATION
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Correlation-Id
Webserver
X-Fastcgi-Cache
Display
X-Zen-Fury
X-Sol
X-Middleton-Display
X-Varnish-Backend
X-TA-CDN-Provider
X-Az
X-Activity-Id
X-AppVersion
X-Daa-Tunnel
X-Content-Type
X-Cache-Server
Healthy
X-Cache-Rule
VIX-Pulpo-Node
X-Esi
VIX-Pulpo-Upstream-Status
X-Varnish-Server
Response
X-Middleton-Response
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Wix-Request-Id
ViewerVersion
X-Cached-By
X-Seen-By
X-Generated-By
S-Cnection
X-Geo-Country
X-App-Server
X-TT
Server-Node
X-URL
Cache-Status
X-Origin-Server
X-Cache-Age
X-Amz-Replication-Status
Upgrade-Insecure-Requests
X-Accel-Expires
X-Amzn-RequestId
X-Amz-Apigw-Id
X-DataStream-Cache-Status
X-UA-Device-Type
X-CACHE-GROUP
X-S
X-Response-Served-From
NGB
Payment
Filters
GEO-INFO
Accept-Charset
X-Locale
X-Cacheable-TTL
X-RequestSource
ServedBy
Actual-Object-TTL
X-Varnish-IP
X-Edge-Cache-Key
X-Edge-Cache
X-Contextid
X-Servedby
Access-Control-Allow-Method
X-Status
X-Jobs
Viewport
X-Node-Name
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Type
AsisCache
X-TT-TIMESTAMP
X-UUID
X-TX-ID
X-Cache-NE
X-FW-Server
X-FW-Serve
X-Amz-Server-Side-Encryption
X-FW-Static
X-WPE-Loopback-Upstream-Addr
X-FW-Hash
Server-Info
X-Adobe-Content
X-GeoIP
X-WebKit-CSP-Report-Only
X-Adobe-Loc
X-Storage
HostName
Host-Header
Cache
X-PHP-Backend
Cache-Tv-Group
X-Rendered-As
X-Cache-TTL-Remaining
MS-CV
X-Cache-Remote
SRV
From-Origin
X-Croise-Owner
X-App-Version
X-Hyper-Cache
X-Region
X-Cache-Operation
X-Vg-Webcache
X-APP-VERSION
X-Webkit-CSP
X-Redis-Cache
Cache-Tag
Served-By
DC
Public-Key-Pins-Report-Only
Liferay-Portal
X-Forwarded-Host
X-HS-Combine-CSS
X-UA
X-Dynatrace-Js-Agent
X-TIME
X-Mode
X-Guploader-Uploadid
X-Webstats-RespID
X-Agile-Age
X-Hosted-By
X-Is-Bot
X-Site-Version
X-Human
X-Request-Time
X-Cache-Var-Map
X-Upgrade-Enabled
X-NGENIX-Cache
X-RN-RSRV
X-Path-Route
X-Generated
X-TNCMS
X-IP
X-Detected-As
Meta-Geo
X-Loop
Machine
X-Cache-Var
X-Agile
X-Agile-Id
X-L-Path
Origin-Edge-Control
X-BYPASS-REASON
X-Pc-Hit
X-Pc-Appver
X-Akamai-Transformed
X-Endurance-Cache-Level
X-Cache-Category-Id
X-Labrador-Cache-Channel
X-Pc-Key
X-Original-Request
X-Yottaa-Metrics
X-ProxyCache-Key
X-Environment-Context
X-CDN-Cache
X-ProxyCache-Status
X-NCache
X-Grey
X-Internal-Host
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Upstream-CT
Now
Cache-Name
X-B3-Spanid
X-Upstream-HT
X-Web-Node
X-Yottaa-Optimizations
Origin-Cache-Control
X-JoinUs
S-Rt
X-Birta-Cache-Post
X-OCL
X-Format
DB-Nickname
X-Birta-Served
X-Pubstack
X-RemovedCookies
X-Viewer-Country
X-Time-Microsecs
X-VG-TLSProxy
X-Origin
X-Tumblr-Pixel-3
X-Proxy
Powered-By-ChinaCache
X-PCL
X-Origin-Host
X-ProcessESI
X-Access
Pagespeed
X-Origin-Response-Time
X-Cache-Config
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-ServerID
X-Tb
X-Backend-Name
X-Www-Served-By
Fastcgi-Useragent
X-Xfnlog-Site
X-Via-CDN
Selected-FE
X-Akamai-Request-ID
X-Ocache
X-Timing-Wait
X-Rule
X-Proxy-Build
X-Origin-CC
X-FC-Vary-Parameters
X-Section
Cache-Tags
X-CCM
X-Origin-Hint
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Proxied
Azure-RegionName
X-Routing-Service
Azure-SlotName
Azure-InstanceId
Azure-Version
X-Zipkin-Id
Azure-SiteName
TWC-Privacy
Mn-Server-Ip
TWC-GeoIP-Country
HitType
TWC-Locale-Group
Xserver
Property-Id
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Datacenter
X-BACKEND-TTL
Cache-Key
X-App-Name
Content-Script-Type
X-Kong-Upstream-Latency
Content-Style-Type
X-Protected-By
X-Kong-Proxy-Latency
OT-Force-Account-Verify
X-Akamai-Request-ID2
User-Cache-Control
X-Edge-IP
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Parent-Response-Time
X-Nginx-Cache
X-CLOUD-TRACE-CONTEXT
X-ShopId
X-ShardId
Vix-Hermes-Req-Id
X-Real-Ip
X-Ezoic-Cdn
X-Cache-TTL
X-OVcl
X-CACHE-KEY
X-OVcl-Cache
NtCoent-Length
Time
Ms-Operation-Id
L5d-Success-Class
X-RTag
X-Correlation-ID
X-Pc-Date
Accept-Language
X-Pc-Host
X-Cache-Backend
X-ApacheServer
X-PERF
X-RateLimit-Limit
X-Newrelic-App-Data
X-Mshield-Cache-Status
X-Amz-Meta-Surrogate-Control
LB
X-Unique-Id-Primal
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mrs-Age
X-FB-TRIP-ID
X-Proto
X-Ratelimit-Limit
X-Cdn-Forward
X-Front
X-Webkit-Csp
AR-SID
X-CDN-Forward
X-Real-IP
X-Varnish-Cacheable
X-Varnish-Beresp-Status
X-Content-Age
X-Varnish-Beresp-Grace
Section-Io-Cache
Country
X-Debug-Cache
X-Nc
Load-Balancing
X-Sucuri-ID
X-Hit
WZWS-RAY
X-Trace-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Ohc-File-Size
X-MP-GENERATED-AT
X-Microcachable
X-Varnish-Beresp-Ttl
X-Unique-ID
Version
We-Hiring
Mail-Subject
X-Hl-Ver
Access-Control-Request-Headers
X-EdgeConnect-Cache-Status
X-GRACE
X-Cache-Enabled
X-Twitter-Response-Tags
Warning
X-Connection-Hash
X-Transaction
X-C
Release
X-LI-UUID
X-Logtrace-Id
Rendered-Blocks
Platform
Powered-By
Fly-Request-Id
Ec-Rule-Version
Fastly-Backend-Name
Fastly-SIE
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Arc-Country
X-PAYTM-SRV-ID
BehaviorPad-Version
Cache-Prefix
Fastly-SWR
Fly-Cache
Memcached
Meta-Geo-Continent
Mobile-Detection-Method
Node
MD5-Digest
Is-Eu
X-Passed-To
X-Org
X-NU-AKA-ACS-Version
IBM-Web2-Location
X-Matched-Rule
X-A-Ccd
X-Cache-Id
X-Cache-Host
X-Generated-In
X-Cache-URL
X-CF-Lambda-Fn
X-Cache-FS-Status
X-Cache-Expires
X-Backend-State
X-B-Cookie
X-BB-ID
X-GeoIP-Country-Code
X-Cache-Bucket
X-CF-Lambda-Version
X-G
X-Device-Os
X-Fetched-On
X-Died
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-D
X-CUA
X-Date
X-FW-Version
X-From
X-Application
X-Aed
Server-ID
Server-Host
X-Layer
SS
Thinkindot-CacheControl
SD-X-WS
Rt-Proxy-Cache
X-Li-Fabric
X-Li-Pop
Resin-Trace
RNT-Machine
RNT-Time
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
X-Actual-URL
X-A-Dam
X-PHP-Host
Viewtype
V-Age
VivaBuild
Www
X-A
X-LI-Proto
X-Qloud-Router
X-Thinkindot-L3
X-Trv-Group
X-Request-UUID
X-Swa-Ws
X-Response-By
X-UE-Client-Country
X-Release
X-Variation
X-VG-WebServer
X-Server-Time
X-User
X-Region-Sid
X-Returned-From
X-Returned-From-BeforeDispatch
X-ScT
X-S-Maxage
X-SRCache-Key
X-Served-From
X-Server-By
X-S-Cookie
X-Rojux
User-Agent
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Store
X-Rewrite-Enabled
X-Dc
X-Var-Ttl
Ajk
X-WebServer
X-Rebelmouse-Surrogate-Control
Xc-Version
X-Via-NSCOPI
Adler-Geo
X-External-Request-Id
X-Reboot
X-Rebelmouse-Cache-Control
X-Via-Edge
X-Via-SSL
X-We-Are-Hiring
X-Geo
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gannett-Site-Version
True-Client-Country-4JS
X-Key
X-ServiceProvider
X-Crawler
X-Stale
X-IN-WAF
X-Epic-Correlation-Id
X-Eu-Site
X-P-T
X-F5-Cache
X-Sf
X-TT-LOGID
X-SVT-ORM-VERSION
X-IN-APIGATEWAY
X-UnsetCookies
X-Bip
X-Varnish-Action
X-Amz-Meta-Cache-Control
X-Auto-Login
X-Hnp-Log
X-Block-Status
X-Thanos
Request-Time
X-Gen-Mode
X-CGP
X-Hash
X-Cache-Debug
X-IN-SSL-APIGATEWAY
Web-Mar-Node
X-SVT-ORM-RULES
X-Server-Group
HA-Geolat
HA-Geocountry
HA-Geocity
HA-Cloudapp
HA-Geolon
HA-Georegion
HA-Servedtime
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
X-Server-IP
GMS-Ver
Country-Code
Content-Disposition
AKAMAI
Backend
Decoy-Debug-Key
Decoy-Debug-Status
Frame-Options
X-RCS-CacheZone
Esi-Enabled
Decoy-Debug-TTL
HA-Urlpath
GW-Server
X-Secret
On-Server
MI-Cache-Age
X-Rocket-Nginx-Bypass
Proxy-Connection
X-Location
Pramga
MI-Cache
Origin
X-No-Session
MI-API
X-MI-In-Market
X-Node-Id
Heartbleed
Kp-EeAlive
X-Be
X-Fstrz
X-Origin-Expires
X-Nginx-Cache-Key
X-Origin-Date
X-Phone
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
PFcat
X-Distributor
X-Up
X-Planisys-CDN-TTL
X-SIPLIST1
X-Proxy-Cache-Status
X-Proxy-Upstream
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Info
X-Page-Type
X-Request-Start
X-Request-URI
Cache-Cookie-Set-Lfrom
Fastly-SSL
X-Cache-CFC
X-Irp-Debug
Server-Int
X-Policy
Magicmarker
X-V
X-Platform
X-Backend-Url
X-Time
X-B3-Traceid
IsBot
Pragrma
Who
REQUESTUUID
Countrycode
Backend-Name
Apple-News-Services-Handled
X-ElasticPress-Search
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Backend-Host
X-Distil-CS
X-Clientip
X-Core-Value
Pagetype
X-NODE
X-Wikidot-Backend
X-Wikidot-Static-Cache
Locale
X-Servername
X-Cdn-Origin
X-Urbn-Context-Path
X-Urbn-Site-Id
X-NX-Host
X-Refresh
Fastly-Soc-X-Request-Id
X-Origin-TTL
CDCHOST
UCS
X-Instance-Name
X-Fastly-Cache
X-Developers
X-MSEdge-Flight
X-MSEdge-Features
X-Sn-Servicetimems
Uber-Trace-Id
X-Debug-Cookies
Request-Country
X-Debug-Log
X-Core-Mission
Request-EU
X-DC
X-Ua
PageSpeed
RequestId
X-Debug-Cache-Fetch
X-NWS-UUID-VERIFY
X-Debug-Cache-Expiry
X-Svr
X-Debug-Cache-Store
X-Micro-Cache
X-CACHE-AGE
Group
V-Cache
X-COUNTRY
X-Level-Front-Cache
X-Instart-Info
X-Generated-On
X-Newrelic-Synthetics
X-VCT
X-NC
X-GeoIP-City
HitInfo
X-Pjax-Url
X-VarnCache
X-Req
Lfy
X-VarnPar1
Host-ID
ServerName
X-PARISIEN-Cache-Rendered
X-Cache-Info
X-Cdn-Srv
Ohc-Response-Time
MIME-Version
X-Server-Cache
X-ARC
X-BBXSRF
Mime-Version
X-Datadome
X-Powered-By-ANYU
X-Gdpr
Cache-Provider
X-EIG-Tracking-Id
PICS-Label
Memory
Cteonnt-Length
Cdn
X-CMS-Context
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Ratelimit-Remaining
Nel
X-LAGOON
CF-IPCountry
X-Aicache-OS
X-Wa
X-Cluster-Node
NGX
X-Fastly-Country-Code
X-WR-MODIFICATION
X-Load-Cache
X-StackifyID
XServer
CDN
Geoip-Latitude
FSS-Cache
GeoIp-Country-Code
X-NodeID
X-Sentry-ID
FSS-Proxy
GeoIP-Latitude
X-VServer
X-ABtesting
X-Flog
X-HTML-Minification-Powered-By
GeoIP-Country-Code
X-WA
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
X-Hello
Cf-Ipcountry
X-Check-Cacheable
X-Varnish-Beresp-TTL
SN
X-Source
X-FireWall-Port
X-Unique-Id
X-GZip
X-CSRF-Token
Processtime
X-APP
X-Varnish-Cache-Hits
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Amp-Access-Control-Allow-Source-Origin
X-Generation-Time
X-Csrf-Token
X-FORWARDED-FOR
X-Oss-Storage-Class
X-Cache-Miss-From
X-ServedByHost
X-HOST
X-Nananana
X-Oss-Request-Id
X-Sedo-Request-Id
X-Oss-Hash-Crc64ecma
WP-Super-Cache
X-Oss-Server-Time
TSSecure
X-Oss-Object-Type
CACHE
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-MServer
X-CDN-Pop
URI
X-CDN-Pop-IP
X-Worker
X-Cache-Grace
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-Varnish-Authentication
PageType
A
X-Dynatrace
DataCenter
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-SRV
Pics-Label
X-VC-Cache
X-Skip-Cache
X-IPS-LoggedIn
X-GDPR
X-VG-WebCache
X-AWS-Id
X-SplitTest
X-LJ-Flow-ID
X-VWS-Id
X-ID
X-Varnish-Url
X-RCS-Backend
X-Sucuri-Cache
HTTPS
X-Port
X-HS-Status
X-Backend-TTL
X-B3-SpanId
X-Fastly-Cache-Hits
X-Instart-Isnd
Odigeo-Trace-Id
X-ND-Cache
X-BE
Cache-Hits
X-Swift-Error
Dynatrace
X-Owner
X-PJAX-URL
X-From-Cache
Get-Access-Time
Hostname
X-Pf-Uncompressing
X-GoCache-CacheStatus
Is-Session-Tracking
X-SN
Proxy-Firewall
X-Gen-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-GZIP
X-Bug-Bounty
X-Ms-Version
X-Ms-Request-Id
Powered
X-Cache-Ttl
X-Server-W
Requestid
ProcessTime
X-ORIG-AKA-EDGE
X-NGINX-Cache
X-VarnPar2
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
Serverid
X-Varnish-URL
X-LiteSpeed-Cache-Control
WebServer
X-Ms-Lease-State
X-PAGE-TYPE
X-ServerName
X-Alicdn-Da-Ups-Status
X-Serial
X-SB
RequestUuid
T-Server
X-ORIG-AKA-COUNTRY-CODE
Correlation-Id
X-GEO
X-VC
X-Fe
X-RAMCache
X-HTML-Edge-Cache
X-Cache-Srv
SID
Xet-Cookie
NnCoection
X-Developed-By
Location
X-CS
X-Dw-Trace-Id
X-Akamai-ERRuleID
NodeID
X-Akamai-ERPolicy
X-LiteSpeed-Tag