Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-CDN
X-Kinja-Server-Push
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Server-Id
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-Application-Context
X-CST
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-Server-ID
X-DataDome
X-Vhost
X-GitHub-Request-Id
X-Server-Name
X-ESI
X-VARITI-CCR
X-Ruxit-JS-Agent
RTSS
Accept-CH
X-Cached
X-MS-InvokeApp
X-Goog-Hash
X-ORACLE-DMS-RID
Charset
SPRequestGuid
X-Mod-Pagespeed
Pinterest-Generated-By
X-PC
X-Vname
X-TtlSet
X-D2id
Public-Key-Pins
Verso
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
PB-RID
X-Exp-Variant
X-F-Cache
X-Version
X-Dispatcher
X-TTL
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-Abt-Application-Version
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Navigation-Version
X-B
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-SRCache-Store-Status
X-Amz-Rid
MS-Author-Via
X-Recruiting
Realpath
X-Client-IP
DynaTrace
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Upstream
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Ttl
X-Goog-Metageneration
X-Goog-Generation
Nginx-Cache
Content-MD5
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Oracle-Dms-Rid
X-Amz-Meta-S3cmd-Attrs
AR-ATIME
AR-PoweredBy
AR-CACHE
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Debug
X-Hits
X-Varnish-Age
X-N
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Goog-Storage-Class
X-Aspnet-Version
X-MSEdge-Ref
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Via-JSL
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Id
TCN
X-NewRelic-App-Data
S
X-XRDS-Location
X-ATG-Version
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
Service-Worker-Allowed
X-FTR-Expires
X-Dns-Prefetch-Control
X-Logged-In
X-Oneagent-Js-Injection
Alternate-Protocol
X-Forwarded-For
X-HS-Hub-Id
X-HS-Content-Id
X-Kinsta-Cache
Surrogate-Key
X-Frontend
X-PressLabs-Stats
Tracecode
Rt-Fastcgi-Cache
X-Content-Digest
X-FastCGI-Cache
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-Grace
X-RateLimit-Remaining
Fastly-Restarts
Server-Name
X-CF-Powered-By
X-Edge-Location
X-Amzn-Trace-Id
Fastcgi-Cache
X-Content-Options
Backend-Timing
X-Analytics
X-Ruxit-Js-Agent
TP-L2-Cache
TP-Cache
FilterID
Ar-Sid
X-Cache-2
Host
X-Rid
X-Magnolia-Registration
X-User-Agent
X-Whom
X-B3-Sampled
ServerID
X-Debug-Info
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Page-Id
X-Mobile
X-Hostname
X-Request-Processing-Time
X-Request-Received
X-Srv
AR-Request-ID
X-NWS-LOG-UUID
X-Akam-SW-Version
Paypal-Debug-Id
X-VCache
X-AOL-HN
Retry-After
Front-End-Https
X-Content-Powered-By
X-LB-Cache
X-Litespeed-Cache
Refresh
X-Framework
X-Signature
X-B-Cache
X-Request-Guid
Source
X-Cluster
X-Cache-Action
X-Handled-By
X-App-Environment
Cleartype
X-FB-Debug
X-Varnish-Hostname
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Device-Type
X-Cache-Control
X-WA-Info
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Fastcgi-Cache
X-Varnish-Grace
X-Cache-Hit
X-Content-Security-Policy-Report-Only
X-Correlation-Id
X-SS-Set-Cookie
X-Platform-Server
X-HS-Cache-Config
X-GUploader-UploadID
Webserver
X-Az
X-Activity-Id
X-AppVersion
Display
X-Middleton-Display
X-Sol
X-XRDS-LOCATION
X-Zen-Fury
X-Content-Type
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Cache-Rule
X-Cache-Server
X-TA-CDN-Provider
X-Middleton-Response
Response
X-Varnish-Server
X-Drupal-Cache-Tags
ViewerVersion
X-Wix-Request-Id
X-Seen-By
X-URL
X-Cache-Age
X-TT
X-Daa-Tunnel
Upgrade-Insecure-Requests
X-Cached-By
X-Generated-By
X-App-Server
X-Drupal-Cache-Contexts
X-Geo-Country
X-Origin-Server
Cache-Status
X-CACHE-GROUP
Server-Node
X-DataStream-Cache-Status
Accept-Charset
S-Cnection
X-Amz-Replication-Status
X-Accel-Expires
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Esi
X-UA-Device-Type
Payment
Filters
NGB
X-S
X-Response-Served-From
GEO-INFO
X-Adobe-Content
X-Servedby
Access-Control-Allow-Method
X-Locale
X-Adobe-Loc
X-Cacheable-TTL
X-Contextid
X-Edge-Cache-Key
X-Varnish-IP
Actual-Object-TTL
X-Status
X-Jobs
X-Edge-Cache
Viewport
ServedBy
X-UUID
X-RequestSource
X-Cache-NE
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-FW-Type
X-FW-Static
X-TT-TIMESTAMP
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Varnish-Hits
X-Storage
Cache-Tv-Group
X-Amz-Server-Side-Encryption
Server-Info
X-TX-ID
AsisCache
X-WebKit-CSP-Report-Only
X-GeoIP
X-WPE-Loopback-Upstream-Addr
MS-CV
X-PHP-Backend
X-Cache-Remote
HostName
X-Node-Name
X-Cache-TTL-Remaining
X-Webkit-Csp
X-Rendered-As
Cache
X-App-Version
X-Croise-Owner
Host-Header
SRV
From-Origin
X-Region
X-Cache-Operation
X-Vg-Webcache
X-Hyper-Cache
X-Webkit-CSP
X-Redis-Cache
X-APP-VERSION
Served-By
X-Guploader-Uploadid
X-Dynatrace-Js-Agent
Liferay-Portal
Public-Key-Pins-Report-Only
Cache-Tag
DC
X-BACKEND-TTL
X-HS-Combine-CSS
X-Mode
Machine
X-Site-Version
X-Timing-Wait
X-Akamai-Transformed
Selected-FE
X-Path-Route
Meta-Geo
X-Upgrade-Enabled
X-Proxy-Build
X-RN-RSRV
X-Agile
X-Forwarded-Host
X-Cache-Var
X-Human
X-Detected-As
X-Generated
X-Cache-Var-Map
X-IP
Pagespeed
X-Is-Bot
X-NGENIX-Cache
X-Hosted-By
X-Agile-Id
X-CACHE-KEY
X-Webstats-RespID
X-Agile-Age
X-Endurance-Cache-Level
X-Via-Fastly
X-Upstream-CT
X-Grey
X-TNCMS
Origin-Edge-Control
Origin-Cache-Control
X-JoinUs
X-Request-Time
X-ProxyCache-Status
X-ProxyCache-Key
X-NCache
X-Labrador-Cache-Channel
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-L-Path
Cache-Name
Now
X-Original-Request
X-Vgn-Hpd-Reason
X-Cache-Category-Id
X-CDN-Cache
X-BYPASS-REASON
Powered-By-ChinaCache
X-Loop
X-Environment-Context
X-Upstream-HT
Xserver
X-UA
X-ServerID
DB-Nickname
X-Web-Node
X-B3-Spanid
X-Proxy
X-Viewer-Country
X-RemovedCookies
X-Origin
X-Akamai-Request-ID
X-Internal-Host
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Origin-Host
X-ProcessESI
X-Origin-Response-Time
S-Rt
X-PCL
X-Origin-CC
X-FC-Vary-Parameters
X-Ocache
X-OCL
X-Birta-Cache-Post
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-CCM
Cache-Tags
X-Birta-Served
X-Backend-Name
Azure-InstanceId
X-VG-TLSProxy
Azure-SlotName
Azure-Version
Mn-Server-Ip
X-Tb
Azure-SiteName
X-Rule
X-Xfnlog-Site
X-Format
X-Pubstack
X-Www-Served-By
Azure-RegionName
Property-Id
X-Zipkin-Id
X-Cache-Config
TWC-Connection-Speed
TWC-Device-Class
X-Origin-Hint
Webcakes-App-Name
X-Access
Webcakes-App-Version
Webcakes-Region
X-Section
TWC-Privacy
X-App-Name
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Parent-Response-Time
X-Kong-Proxy-Latency
HitType
Content-Style-Type
Content-Script-Type
Fastcgi-Useragent
X-Proxied
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Routing-Service
X-Kong-Upstream-Latency
X-Via-CDN
X-Protected-By
Datacenter
Cache-Key
X-TIME
X-Edge-IP
User-Cache-Control
Vix-Hermes-Req-Id
X-Cache-TTL
OT-Force-Account-Verify
X-Nginx-Cache
X-RTag
Ms-Operation-Id
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Ezoic-Cdn
X-Akamai-Request-ID2
Time
X-OVcl
X-OVcl-Cache
X-RateLimit-Limit
X-FB-TRIP-ID
X-Cdn-Forward
X-ApacheServer
X-PERF
X-Cache-Backend
X-Pc-Host
NtCoent-Length
X-Pc-Date
X-Real-Ip
X-Newrelic-App-Data
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
Accept-Language
X-Unique-Id-Primal
L5d-Success-Class
X-Mshield-Cache-Status
X-Content-Age
AR-SID
X-Front
X-Real-IP
Country
X-Correlation-ID
LB
Load-Balancing
X-Proto
X-Debug-Cache
X-Amz-Meta-Surrogate-Control
X-Ratelimit-Limit
X-Varnish-Cacheable
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Nc
X-CDN-Forward
Ohc-File-Size
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Unique-ID
X-Varnish-Beresp-Ttl
X-Sucuri-ID
X-Hit
X-Hl-Ver
X-MP-GENERATED-AT
X-GRACE
WZWS-RAY
We-Hiring
X-Trace-Id
Mail-Subject
Version
X-Time
Warning
X-Microcachable
User-Agent
X-EdgeConnect-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-C
X-Geo
X-Layer
PFcat
Node
X-Passed-To-DLL
SD-X-WS
Powered-By
RNT-Time
Release
X-Device-Os
Request-Time
Resin-Trace
Rendered-Blocks
RNT-Machine
Rt-Proxy-Cache
MD5-Digest
X-Matched-Rule
Fastly-Backend-Name
Ec-Rule-Version
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Org
Fly-Request-Id
Frame-Options
X-P-T
X-Passed-To
X-LI-UUID
Memcached
X-Li-Fabric
Meta-Geo-Continent
Mobile-Detection-Method
Fly-Cache
X-Li-Pop
IBM-Web2-Location
X-LI-Proto
X-Passed-To-BeforeDispatch
X-Died
X-Generated-In
X-Application
X-From
X-Auto-Login
X-B-Cookie
X-Fetched-On
X-FW-Version
X-Aed
X-D
X-CUA
X-Crawler
X-Actual-URL
X-BB-ID
X-Bip
X-Cache-Id
X-External-Request-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Host
X-Cache-FS-Status
X-Cache-Bucket
X-Cache-Debug
X-Cache-Enabled
X-Cache-Expires
X-Accel-Expires-Debug
X-G
Thinkindot-CacheControl-Type
Thinkindot-Control
X-DPWN-IS-SECURE
X-Connection-Hash
Thinkindot-CacheControl
SS
Server-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Developer
X-Destination
V-Age
Viewtype
Cache-Prefix
X-A-Dgt
X-A-Wwc
X-Date
X-A-Dcw
X-A-Dam
VivaBuild
Www
X-A
X-A-Ccd
Server-Host
BehaviorPad-Version
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-S-Maxage
X-ScT
X-Server-Time
X-Server-By
X-Served-From
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Region-Sid
X-Reboot
X-RCS-CacheZone
X-Release
X-Request-UUID
X-Returned-From-BeforeDispatch
X-Response-By
X-SRCache-Key
X-Store
X-Varnish-Action
X-Var-Ttl
X-User
X-VG-WebServer
X-Via-NSCOPI
Xc-Version
X-WebServer
X-We-Are-Hiring
X-UE-Client-Country
X-Twitter-Response-Tags
X-Thanos
X-Swa-Ws
X-Ua
X-Thinkindot-L3
X-Dc
X-Trv-Group
X-Transaction
X-Qloud-Router
X-Returned-From
X-Passed-To-PostProcessResponse
X-PAYTM-SRV-ID
Ajk
Arc-Country
X-Dispatcher-Server
X-PHP-Host
Access-Control-Request-Headers
X-Rocket-Nginx-Bypass
Pagetype
X-SVT-ORM-RULES
Cache-Cookie-Set-From
X-SVT-ORM-VERSION
X-Amz-Meta-Cache-Control
AKAMAI
X-Proxy-Cache-Status
Adler-Geo
X-Fstrz
X-Stale
X-Server-IP
X-Server-Group
Kp-EeAlive
Web-Mar-Node
GW-Server
X-ServiceProvider
GMS-Ver
Cache-Cookie-Set-Idcheck
X-Sf
Magicmarker
Fastly-SWR
X-Cache-URL
Decoy-Debug-TTL
X-Via-SSL
X-UnsetCookies
X-Variation
Decoy-Debug-Status
X-Clientip
X-Via-Edge
Decoy-Debug-Key
Esi-Enabled
X-Cache-CFC
Country-Code
X-Backend-State
Fastly-SSL
Fastly-SIE
X-F5-Cache
Backend
X-Block-Status
X-TT-LOGID
X-Origin-Expires
X-Origin-Date
Proxy-Connection
X-IN-WAF
Pramga
X-Location
X-Request-Start
MI-API
X-IN-SSL-APIGATEWAY
X-Phone
Platform
Is-Eu
MI-Cache-Age
MI-Cache
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Origin
X-Key
X-Hnp-Log
X-IN-APIGATEWAY
X-Proxy-Upstream
X-Node-Id
X-Hash
True-Client-Country-4JS
X-GeoIP-Country-Code
X-Gen-Mode
Countrycode
X-Nginx-Cache-Key
X-No-Session
Cache-Cookie-Set-Lfrom
Heartbleed
Server-Int
X-Distributor
X-MI-In-Market
X-Be
X-NODE
X-ElasticPress-Search
Who
X-Distil-CS
X-Epic-Correlation-Id
X-MSEdge-Flight
X-Svr
X-MSEdge-Features
X-Gannett-Site-Version
X-Request-URI
X-Micro-Cache
X-Info
X-Irp-Debug
X-Policy
X-Secret
X-SIPLIST1
X-V
X-Up
X-Fastly-Cache
X-Page-Type
X-Eu-Site
X-Core-Mission
HA-Geolon
Content-Disposition
HA-Georegion
Ha-Gx-Prefs
HA-Geolat
IsBot
HA-Cloudapp
HA-Geocountry
REQUESTUUID
HA-Geocity
X-Backend-Host
X-Core-Value
HA-Servedtime
HA-Urlpath
X-CGP
HA-Ipaddr
X-Backend-Url
HA-Host
On-Server
X-Wikidot-Static-Cache
X-NX-Host
X-Wikidot-Backend
X-Debug-Cache-Store
X-Platform
Apple-News-Services-Host
Apple-News-Services-Handled
X-Refresh
X-Sn-Servicetimems
X-Debug-Log
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Debug-Cache-Expiry
X-Developers
Fastly-Soc-X-Request-Id
CDCHOST
Backend-Name
X-Origin-TTL
X-Debug-Cache-Fetch
Pragrma
X-Debug-Cookies
X-Generated-On
X-Level-Front-Cache
X-Cdn-Origin
X-Planisys-CDN-Cache
X-Instart-Info
Uber-Trace-Id
UCS
X-Planisys-CDN-TTL
X-COUNTRY
X-DC
X-Urbn-Context-Path
X-Urbn-Site-Id
Lfy
ServerName
X-Planisys-CDN-Rules
Locale
X-Instance-Name
Request-Country
RequestId
Request-EU
Ohc-Response-Time
X-VarnPar1
X-NWS-UUID-VERIFY
Host-ID
X-Pjax-Url
X-Server-Cache
X-PARISIEN-Cache-Rendered
X-Cache-Info
X-VarnCache
X-Servername
X-Cdn-Srv
V-Cache
Group
PageSpeed
X-Req
X-NC
X-ARC
X-VCT
X-GeoIP-City
X-CACHE-AGE
X-Newrelic-Synthetics
MIME-Version
Cteonnt-Length
X-Datadome
HitInfo
Cache-Provider
Memory
Cdn
Mime-Version
X-BBXSRF
X-CMS-Context
X-Powered-By-ANYU
PICS-Label
X-Gdpr
X-EIG-Tracking-Id
X-Ratelimit-Remaining
X-TWH-CORRELATION-ID
Nel
X-Servedbyhost
X-LAGOON
X-WR-MODIFICATION
NGX
X-Aicache-OS
CF-IPCountry
GeoIP-Latitude
X-StackifyID
GeoIP-Country-Code
X-Wa
X-Load-Cache
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
CDN
X-Fastly-Country-Code
X-HTML-Minification-Powered-By
Cf-Ipcountry
X-FireWall-Port
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-Cluster-Node
X-UPSTREAM-Address
XServer
X-Varnish-Cache-Hits
X-WA
X-RateLimit-Remaining-Second
FSS-Cache
X-Sentry-ID
X-Generation-Time
FSS-Proxy
X-RateLimit-Limit-Second
X-NodeID
X-Varnish-Beresp-TTL
Geoip-Latitude
GeoIp-Country-Code
X-ABtesting
Processtime
X-Hello
X-Sedo-Request-Id
X-Check-Cacheable
X-VServer
X-Flog
X-Cache-Miss-From
X-Csrf-Token
X-Cache-Grace
SN
X-Unique-Id
X-Source
X-APP
X-HOST
CACHE
X-Cache-ASPX
X-CDN-Pop-IP
Server-Surrogate-Control
X-GZip
WP-Super-Cache
X-Oss-Request-Id
X-CDN-Pop
X-ServedByHost
Server-Cache-Control
X-Varnish-Authentication
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-CSRF-Token
URI
X-Nananana
X-GDPR
Pics-Label
X-RCS-Backend
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Dynatrace
TSSecure
X-SRV
X-Edge-Server
X-Skip-Cache
Cdn-Request-Time
X-IPS-LoggedIn
X-Worker
X-Varnish-Url
X-FORWARDED-FOR
X-VC-Cache
Cdn-Host
X-MServer
X-ID
DataCenter
X-VG-WebCache
X-HS-Status
X-ND-Cache
X-Instart-Isnd
X-Fastly-Cache-Hits
A
Is-Session-Tracking
X-GoCache-CacheStatus
X-From-Cache
Get-Access-Time
X-B3-SpanId
PageType
X-Sucuri-Cache
X-BE
X-Swift-Error
HTTPS
X-PJAX-URL
Proxy-Firewall
Hostname
X-Port
Dynatrace
X-SplitTest
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Backend-TTL
X-Amzn-Remapped-Date
X-Pf-Uncompressing
Odigeo-Trace-Id
Powered
X-GZIP
X-Server-W
X-Gen-Id
X-Amzn-Remapped-Connection
X-Bug-Bounty
X-NGINX-Cache
X-Owner
X-Cache-Ttl
X-VarnPar2
X-SN
X-ServerName
X-ORIG-AKA-EDGE
Requestid
X-Fe
X-Amz-Meta-S3b-Last-Modified
X-Pc-Subdomain
Cache-Hits
Serverid
X-SB
X-Varnish-URL
X-Alicdn-Da-Ups-Status
X-PF-Uncompressing
X-RequestId
X-RAMCache
X-Serial
X-VC
X-PAGE-TYPE
X-LiteSpeed-Cache-Control
WebServer
RequestUuid
T-Server
X-HostName
X-ORIG-AKA-COUNTRY-CODE
X-GEO
Xet-Cookie
X-Akamai-SSL-Client-Sid
Correlation-Id
X-R9-Blue-Green-Version
X-FW-Dynamic
X-CS
X-Akamai-ERRuleID
X-LiteSpeed-Tag
X-Ms-Version
X-Developed-By
SID
X-Dw-Trace-Id
X-Ms-Request-Id
X-Ms-Lease-Status
NnCoection
X-Ms-Blob-Type
Location
X-HTML-Edge-Cache
X-Akamai-ERPolicy