Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Amz-Cf-Pop
X-Download-Options
P3p
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Via
X-Pingback
Grace
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Server-Powered-By
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
X-Cnection
X-OneAgent-JS-Injection
X-Node
Content-Location
Surrogate-Control
X-Readtime
X-CST
EagleEye-TraceId
Report-To
X-Host
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Rack-Cache
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
Allow
X-Url
X-Clacks-Overhead
NEL
Rating
X-DynaTrace
X-Country
Edge-Control
X-Origin-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-Cdn
X-B3-TraceId
X-Px
X-ORACLE-DMS-RID
X-Server-ID
X-DataDome
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-Vhost
X-Trace
X-VARITI-CCR
Accept-CH
X-Goog-Hash
Charset
X-TTL
X-ESI
RTSS
X-Cached
Pinterest-Generated-By
X-Mod-Pagespeed
X-MS-InvokeApp
X-Server-Name
Verso
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
Public-Key-Pins
X-D2id
X-Version
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-F-Cache
X-PC
X-Vname
X-TtlSet
SPRequestGuid
X-Dispatcher
X-DynaTrace-JS-Agent
X-DIS-Request-ID
Accept-CH-Lifetime
X-Powered-By-Plesk
X-Abt-Application-Version
X-T
X-Powered-CMS
X-SharePointHealthScore
X-Origin-Upstream-Status
X-Fastly-Request-ID
X-Ser
X-Navigation-Version
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B
X-Amz-Rid
X-Client-IP
Realpath
X-Shield-Request-Id
X-Forwarded-Proto
X-Recruiting
MS-Author-Via
X-HW
X-Upstream
X-Vcap-Request-Id
SPIisLatency
DynaTrace
SPRequestDuration
X-TEC-API-VERSION
X-Accel-Buffering
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Wix-Server-Artifact-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
Nginx-Cache
Arr-Disable-Session-Affinity
X-Varnish-Age
AR-PoweredBy
AR-CACHE
AR-ATIME
Content-MD5
X-Debug
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Via-JSL
X-Dw-Request-Base-Id
X-Hits
X-Goog-Storage-Class
X-Aspnet-Version
X-MSEdge-Ref
X-Id
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Ttl
X-N
Service-Worker-Allowed
X-FTR-Expires
X-NewRelic-App-Data
Access-Control-Request-Method
S
X-Oracle-Dms-Rid
Edge-Cache-Tag
X-ATG-Version
X-FastCGI-Cache
Alternate-Protocol
X-Logged-In
X-Kinsta-Cache
TCN
AMP-Access-Control-Allow-Source-Origin
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
Surrogate-Key
Rt-Fastcgi-Cache
X-Forwarded-For
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Content-Digest
X-Cache-Key
Tracecode
X-TA-CDN-Provider
X-CF-Powered-By
X-Pad
Server-Name
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Fastcgi-Cache
X-User-Agent
Backend-Timing
X-Analytics
Fastly-Restarts
TP-Cache
X-Cache-2
TP-L2-Cache
Host
MicrosoftSharePointTeamServices
X-Edge-Location
FilterID
X-Magnolia-Registration
X-Rid
X-Debug-Info
X-Grace
X-B3-Sampled
ServerID
Ar-Sid
X-Whom
X-Page-Id
X-Mobile
X-IPLB-Instance
X-Revision
X-Content-Options
Eomportal-Instance
Front-End-Https
Paypal-Debug-Id
X-Hostname
X-Srv
X-Akam-SW-Version
AR-Request-ID
Refresh
X-NWS-LOG-UUID
X-LB-Cache
X-VCache
Retry-After
X-AppVersion
X-Content-Powered-By
X-Request-Received
X-Activity-Id
X-Az
X-Signature
X-Request-Processing-Time
X-Litespeed-Cache
X-GUploader-UploadID
X-B-Cache
X-SS-Set-Cookie
X-Framework
X-Cache-Action
X-Cluster
Cleartype
X-Varnish-Hostname
Source
X-App-Environment
X-Handled-By
X-Platform-Server
X-Tumblr-User
X-Cache-Control
X-Tumblr-Pixel-0
X-Request-Guid
X-Tumblr-Pixel
X-FB-Debug
X-Device-Type
X-Instance
X-WA-Info
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
X-AOL-HN
X-Content-Type
Webserver
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Zen-Fury
X-Ruxit-Js-Agent
X-Cache-Hit
X-Varnish-Grace
Accept-Charset
X-Sol
X-Esi
Display
X-Middleton-Display
X-Cache-Rule
X-Varnish-Backend
Healthy
X-Seen-By
ViewerVersion
X-Wix-Request-Id
X-TT
X-Correlation-Id
X-URL
X-Fastcgi-Cache
X-Origin-Server
X-Drupal-Cache-Tags
Response
X-Middleton-Response
X-Cache-Server
Upgrade-Insecure-Requests
Cache-Status
X-DataStream-Cache-Status
MS-CV
X-Daa-Tunnel
X-CACHE-GROUP
X-Varnish-Server
X-Cached-By
X-Cache-Age
X-Amz-Replication-Status
X-App-Server
X-Drupal-Cache-Contexts
X-PHP-Backend
X-Geo-Country
X-Generated-By
X-Storage
X-Amzn-RequestId
X-Amz-Apigw-Id
Payment
X-UA-Device-Type
Filters
X-Response-Served-From
Server-Node
X-Adobe-Content
X-Adobe-Loc
X-Amz-Server-Side-Encryption
Access-Control-Allow-Method
X-S
GEO-INFO
X-Edge-Cache
X-Cacheable-TTL
X-Contextid
Viewport
NGB
X-Edge-Cache-Key
X-Cache-NE
X-FW-Server
X-Servedby
X-TT-TIMESTAMP
X-Varnish-IP
Actual-Object-TTL
X-RequestSource
X-Locale
X-FW-Serve
X-FW-Static
X-FW-Type
X-Jobs
X-FW-Hash
X-UUID
X-Tumblr-Pixel-2
X-Accel-Expires
X-WPE-Loopback-Upstream-Addr
ServedBy
X-TX-ID
X-Tumblr-Pixel-1
X-Varnish-Hits
X-HS-Cache-Config
Server-Info
Cache-Tv-Group
AsisCache
X-Cache-Remote
X-WebKit-CSP-Report-Only
S-Cnection
X-Cache-TTL-Remaining
X-Status
X-Dns-Prefetch-Control
X-Rendered-As
From-Origin
Host-Header
X-GeoIP
X-Cache-Operation
Cache
X-Region
X-APP-VERSION
X-Croise-Owner
X-XRDS-LOCATION
X-App-Version
SRV
X-Webkit-CSP
HostName
X-Redis-Cache
Served-By
Content-Style-Type
X-Node-Name
Content-Script-Type
X-BACKEND-TTL
X-Hyper-Cache
DC
Liferay-Portal
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-CACHE-KEY
Public-Key-Pins-Report-Only
X-Cache-Config
X-Upgrade-Enabled
Cache-Tag
X-Site-Version
X-Proxy-Build
X-Vg-Webcache
Xserver
X-Timing-Wait
Ms-Operation-Id
X-Path-Route
X-NGENIX-Cache
X-Grey
X-Generated
Selected-FE
X-Detected-As
Meta-Geo
Machine
X-RTag
X-Is-Bot
X-Hosted-By
X-Mode
X-Webstats-RespID
X-Cache-Var
X-Parent-Response-Time
X-Cache-Var-Map
X-Cache-Category-Id
X-RN-RSRV
X-Edge-IP
Origin-Edge-Control
X-NCache
X-Origin-Response-Time
X-CDN-Cache
X-Agile-Age
X-Loop
X-Agile-Id
X-Akamai-Transformed
X-JoinUs
X-Via-Fastly
Now
Origin-Cache-Control
X-Internal-Host
Cache-Name
X-L-Path
X-Environment-Context
X-Request-Time
X-Labrador-Cache-Channel
X-Agile
X-Upstream-CT
X-Upstream-HT
X-Akamai-Request-ID
X-ProxyCache-Key
X-Web-Node
X-TNCMS
X-BYPASS-REASON
X-ProxyCache-Status
X-IP
User-Cache-Control
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-Tumblr-Pixel-3
DB-Nickname
Azure-Version
X-Origin-Host
X-ServerID
X-Origin
X-Human
Cache-Key
X-Viewer-Country
X-Pc-Appver
X-Time-Microsecs
X-Original-Request
X-RemovedCookies
X-Pc-Hit
X-Proxy
X-ProcessESI
X-Pc-Key
X-Protected-By
X-Format
Cache-Tags
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Fastcgi-Useragent
Fastcgi-X-Cache-Version
S-Rt
TWC-Privacy
X-VG-TLSProxy
Powered-By-ChinaCache
TWC-Connection-Speed
TWC-Device-Class
Property-Id
Webcakes-Region
Fastcgi-X-Cache
X-PCL
Load-Balancing
X-Pubstack
TWC-Locale-Group
X-Www-Served-By
X-Tb
Webcakes-App-Name
X-CCM
X-Birta-Cache-Post
X-B3-Spanid
X-Birta-Served
X-Backend-Name
X-Guploader-Uploadid
X-Origin-Hint
X-Xfnlog-Site
X-Ocache
X-OCL
X-Access
X-Rule
Webcakes-App-Version
X-FC-Vary-Parameters
X-Section
X-Routing-Service
Vix-Hermes-Req-Id
X-Proxied
HitType
X-Zipkin-Id
X-Forwarded-Host
X-App-Name
X-Origin-CC
X-Vgn-Hpd-Reason
X-FB-TRIP-ID
X-ApacheServer
Pagespeed
X-GRACE
Country
Mn-Server-Ip
X-PERF
X-Nginx-Cache
X-RateLimit-Limit
X-Cache-TTL
X-Endurance-Cache-Level
X-Cache-Backend
X-Content-Age
X-Mrs-Cache
Datacenter
X-Via-CDN
X-Unique-Id-Primal
X-Correlation-ID
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-TIME
X-Cdn-Forward
OT-Force-Account-Verify
Time
Fusion-Template-Id
X-Ezoic-Cdn
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
AR-SID
X-Real-IP
Fusion-Source
Ohc-File-Size
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Varnish-Cacheable
X-Ua
X-Debug-Cache
X-UA
X-OVcl
X-OVcl-Cache
NtCoent-Length
X-Newrelic-App-Data
X-Sucuri-ID
X-Varnish-Beresp-Ttl
X-Pc-Date
X-Pc-Host
X-Hl-Ver
L5d-Success-Class
LB
X-Unique-ID
We-Hiring
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Mail-Subject
X-MP-GENERATED-AT
Section-Io-Cache
X-Real-Ip
X-CDN-Forward
X-Time
X-HS-Combine-CSS
X-Proto
X-Amz-Meta-Surrogate-Control
X-Hit
X-Akamai-Request-ID2
X-Nc
X-Cache-Enabled
X-Front
X-Dynatrace-Js-Agent
Access-Control-Request-Headers
Pagetype
User-Agent
X-Ratelimit-Limit
X-C
Version
X-Trace-Id
X-Rocket-Nginx-Bypass
Warning
X-CLOUD-TRACE-CONTEXT
X-Microcachable
X-EdgeConnect-Cache-Status
Accept-Language
X-External-Request-Id
Memcached
Arc-Country
MD5-Digest
X-Aed
Www
BehaviorPad-Version
X-Generated-On
X-A-Dgt
X-A-Wwc
VivaBuild
X-PHP-Host
X-Accel-Expires-Debug
X-PAYTM-SRV-ID
Adler-Geo
X-A-Ccd
X-A-Dam
X-A-Dcw
Ajk
X-A
Fastly-Backend-Name
Rendered-Blocks
Rt-Proxy-Cache
RNT-Time
Server-Host
Frame-Options
Fly-Cache
Fly-Request-Id
X-Li-Fabric
RNT-Machine
Resin-Trace
Request-Time
X-Li-Pop
X-LI-UUID
X-Logtrace-Id
X-Matched-Rule
X-G
X-Generated-In
X-Level-Front-Cache
X-DPWN-IS-SECURE
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-From
X-Fetched-On
Cache-Prefix
V-Age
Is-Eu
X-FW-Version
Server-ID
X-NU-AKA-ACS-Version
Fastly-SWR
Fastly-SIE
X-LI-Proto
Ec-Rule-Version
IBM-Web2-Location
Viewtype
X-S-Maxage
X-Died
X-Dispatcher-Server
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Transaction
X-Thinkindot-L3
X-Cache-URL
X-Crawler
X-Application
X-Cache-Id
X-SRCache-Key
PFcat
X-Store
X-Trv-Group
X-TT-LOGID
X-VG-WebServer
X-Varnish-Action
X-We-Are-Hiring
X-WebServer
X-Connection-Hash
Xc-Version
X-Variation
X-Var-Ttl
X-UE-Client-Country
X-Twitter-Response-Tags
Node
X-User
X-Device-Os
X-Cache-Host
X-Cache-FS-Status
X-Request-UUID
X-Goog-Meta-Goog-Reserved-File-Mtime
Meta-Geo-Continent
X-Destination
Platform
X-BB-ID
X-B-Cookie
X-Auto-Login
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Region-Sid
X-Server-Cache
X-Date
X-Cache-Debug
X-CUA
X-Server-By
X-Cache-Expires
X-Server-Time
X-Server-IP
Mobile-Detection-Method
X-ScT
X-Cache-Bucket
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-D
X-Developer
Proxy-Connection
Powered-By
X-Hash
X-Gen-Mode
X-GeoIP-Country-Code
Release
X-Backend-Url
Origin
X-Distributor
X-Backend-Host
X-Bip
X-Block-Status
X-Clientip
X-Distil-CS
X-Cache-CFC
X-Epic-Correlation-Id
X-Actual-URL
X-Fstrz
Server-Int
SD-X-WS
SS
True-Client-Country-4JS
X-F5-Cache
Web-Mar-Node
X-Gannett-Site-Version
Backend-Name
X-Qloud-Router
X-Proxy-Upstream
X-Proxy-Cache-Status
X-ElasticPress-Search
X-Release
X-Returned-From
X-Response-By
Ohc-Response-Time
X-Phone
X-Passed-To
Backend
Cache-Cookie-Set-From
X-Passed-To-BeforeDispatch
X-Hnp-Log
AKAMAI
X-Passed-To-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-UnsetCookies
X-Thanos
X-Swa-Ws
Magicmarker
X-Via-NSCOPI
X-ARC
X-Amz-Meta-Cache-Control
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Served-From
X-Secret
X-Returned-From-PostProcessResponse
X-Server-Group
X-ServiceProvider
X-Svr
X-Sf
Cache-Cookie-Set-Idcheck
X-Passed-To-DLL
X-Location
X-Layer
X-Instart-Info
X-MI-In-Market
X-MSEdge-Features
X-Nginx-Cache-Key
X-MSEdge-Flight
Cache-Cookie-Set-Lfrom
X-Info
Kp-EeAlive
MI-Cache
MI-Cache-Age
X-IN-APIGATEWAY
MI-API
X-IN-SSL-APIGATEWAY
Lfy
X-IN-WAF
X-Node-Id
GMS-Ver
Country-Code
Countrycode
Content-Disposition
X-Origin-Expires
X-P-T
Decoy-Debug-Status
Decoy-Debug-Key
Esi-Enabled
Decoy-Debug-TTL
X-Origin-Date
X-NODE
X-Developers
X-Request-URI
X-V
X-Fastly-Cache
X-Debug-Cache-Store
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Irp-Debug
X-Page-Type
X-Up
X-Origin-TTL
X-SIPLIST1
X-Key
X-Eu-Site
X-Stale
X-Request-Start
X-No-Session
X-Micro-Cache
X-Policy
X-Platform
X-CGP
HA-Ipaddr
HA-Servedtime
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Urlpath
Heartbleed
REQUESTUUID
Pramga
On-Server
IsBot
HA-Geolat
HA-Geocountry
Apple-News-Services-Request-Url
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Debug-Cache-Fetch
Fastly-Soc-X-Request-Id
HA-Geocity
HA-Cloudapp
GW-Server
Fastly-SSL
ServerName
HA-Host
X-Core-Mission
X-Cache-Info
X-Backend-State
Who
X-Core-Value
X-Cdn-Srv
X-Debug-Cache-Expiry
X-DC
X-Be
PageSpeed
X-Debug-Cookies
X-NX-Host
X-Cdn-Origin
X-Servername
X-Geo
X-Sn-Servicetimems
X-Debug-Log
X-CACHE-AGE
WZWS-RAY
X-CMS-Context
X-NC
X-Refresh
X-COUNTRY
X-Dc
X-Org
RequestId
X-Via-SSL
X-Via-Edge
X-Pjax-Url
MIME-Version
Cteonnt-Length
X-LAGOON
X-Datadome
X-Newrelic-Synthetics
X-VarnCache
X-PARISIEN-Cache-Rendered
X-Servedbyhost
X-VarnPar1
Pragrma
X-Planisys-CDN-Cache
Memory
Request-EU
Request-Country
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Req
NGX
UCS
Uber-Trace-Id
X-Instance-Name
X-Urbn-Site-Id
X-Urbn-Context-Path
Cdn
Locale
Mime-Version
X-NWS-UUID-VERIFY
Host-ID
V-Cache
Group
Cache-Provider
PICS-Label
X-CSRF-TOKEN
X-GeoIP-City
X-Wa
X-VCT
X-RateLimit-Remaining-Second
X-Webkit-Csp
X-RateLimit-Limit-Second
X-Generation-Time
X-Gdpr
Nel
X-FireWall-Port
CF-IPCountry
X-HTML-Minification-Powered-By
X-Varnish-Cache-Hits
GeoIP-Latitude
X-WR-MODIFICATION
GeoIP-Country-Code
CDN
X-BBXSRF
X-Ratelimit-Remaining
X-B3-Traceid
X-DataStream-MidMile-RTT
X-Varnish-Authentication
X-UPSTREAM-Address
X-Sedo-Request-Id
X-Cache-Miss-From
X-Cache-Grace
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
HitInfo
X-Cache-ASPX
Server-Cache-Control
Server-Surrogate-Control
X-Powered-By-ANYU
X-Load-Cache
XServer
X-Fastly-Country-Code
X-IPS-LoggedIn
X-StackifyID
Cf-Ipcountry
X-VG-WebCache
X-Varnish-Url
X-Instart-Isnd
X-Source
Geoip-Latitude
X-EIG-Tracking-Id
X-ND-Cache
GeoIp-Country-Code
X-Sucuri-Cache
X-Check-Cacheable
X-RCS-Backend
X-HOST
X-From-Cache
X-FORWARDED-FOR
URI
X-Fastly-Backend-Reqs
CACHE
X-TWH-CORRELATION-ID
Proxy-Firewall
Is-Session-Tracking
X-Fastly-Cache-Hits
X-APP
Pics-Label
X-GEO
Get-Access-Time
X-CDN-Pop
X-CDN-Pop-IP
X-WA
X-Unique-Id
X-Dynatrace
FSS-Proxy
X-GoCache-CacheStatus
X-Varnish-Beresp-TTL
FSS-Cache
X-SRV
X-FW-Dynamic
X-Sentry-ID
X-Skip-Cache
Powered
X-VC-Cache
X-R9-Blue-Green-Version
X-NodeID
X-Server-W
X-ID
DataCenter
X-VServer
X-Pc-Subdomain
SN
X-Cluster-Node
X-HS-Status
X-RequestId
X-Csrf-Token
X-Flog
Processtime
X-ServedByHost
X-GDPR
X-Nananana
X-ABtesting
WP-Super-Cache
X-Hello
Amp-Access-Control-Allow-Source-Origin
X-BE
X-Oss-Storage-Class
X-B3-SpanId
X-Oss-Request-Id
X-Oss-Object-Type
X-PF-Uncompressing
X-Oss-Hash-Crc64ecma
X-CSRF-Token
X-PJAX-URL
X-Oss-Server-Time
X-SERVER-NAME
Dynatrace
Hostname
X-Fe
X-Pf-Uncompressing
X-GZip
X-TrackingId
X-Bug-Bounty
X-Backend-TTL
Cache-Hits
X-Amzn-Remapped-Connection
ProcessTime
TSSecure
X-GZIP
X-Amzn-Remapped-Date
X-Gen-Id
FastCGI-Cache
X-Worker
X-Atg-Version
X-LiteSpeed-Cache-Control
X-Edge-Server
Cdn-Host
Cdn-Request-Time
Requestid
X-ORIG-AKA-EDGE
X-MServer
X-NGINX-Cache
X-Cache-Ttl
X-Swift-Error
Serverid
X-SB
X-Alicdn-Da-Ups-Status
X-HostName
X-LiteSpeed-Tag
X-ServerName
X-VC
X-ORIG-AKA-COUNTRY-CODE
X-PAGE-TYPE
X-RAMCache
RequestUuid
A
T-Server
X-Varnish-URL
X-Tb-Optimization-Total-Bytes-Saved
X-ES-SERVER
286prxHost
219prxHost
189phosttRef
225prxHost
X-LJ-Flow-ID
X-SN
X-VWS-Id
Xxline
188prxHost
X-AWS-Id
355prline
409pxxline
SID
352pxline
X-VarnPar2
X-CS
NnCoection
Location
X-Port
X-Developed-By
X-Dw-Trace-Id
X-Serial
Xet-Cookie
Cneonction
DSUID
X-Akamai-ERRuleID
Correlation-Id
X-Akamai-ERPolicy
178proxuri