Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
X-Xss-Protection
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Amz-Cf-Pop
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-Turbo-Charged-By
Upgrade
X-CDN
X-Kinja-Server-Push
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Backend
X-Server
X-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Server-Id
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Host
X-Node
X-Cnection
X-Readtime
Report-To
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Trace
X-DataDome
X-Server-Name
X-Px
X-Vhost
X-ESI
X-B3-TraceId
X-GitHub-Request-Id
X-VARITI-CCR
X-MS-InvokeApp
RTSS
X-Cached
Accept-CH
X-Goog-Hash
Charset
X-Ruxit-JS-Agent
SPRequestGuid
X-ORACLE-DMS-RID
X-TtlSet
X-Vname
X-PC
X-Mod-Pagespeed
X-Server-ID
Public-Key-Pins
X-D2id
Verso
X-F-Cache
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-TTL
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
Pinterest-Generated-By
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-Dispatcher
X-Version
X-SharePointHealthScore
X-T
X-Powered-By-Plesk
X-Cdn
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-Dns-Prefetch-Control
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Navigation-Version
X-Origin-Upstream-Status
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-Recruiting
X-SRCache-Store-Status
MS-Author-Via
X-Amz-Rid
X-SRCache-Fetch-Status
DynaTrace
X-Client-IP
Realpath
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Upstream
X-Oracle-Dms-Rid
X-Vcap-Request-Id
Content-MD5
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
X-Ttl
AR-CACHE
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
Arr-Disable-Session-Affinity
X-N
X-Hits
X-Varnish-Age
X-Debug
X-Oneagent-Js-Injection
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Goog-Storage-Class
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-NF-Request-ID
TCN
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-NewRelic-App-Data
X-Aspnet-Version
X-Id
X-Via-JSL
S
X-ATG-Version
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
Service-Worker-Allowed
X-XRDS-Location
X-Logged-In
X-FTR-Expires
Alternate-Protocol
X-HS-Hub-Id
X-Cache-Key
X-Forwarded-For
X-HS-Content-Id
X-PressLabs-Stats
X-Frontend
Tracecode
Rt-Fastcgi-Cache
X-Kinsta-Cache
Surrogate-Key
X-Content-Digest
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Ruxit-Js-Agent
MicrosoftSharePointTeamServices
Fastly-Restarts
X-Grace
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Content-Options
Ar-Sid
Server-Name
Fastcgi-Cache
X-Edge-Location
X-CF-Powered-By
X-Amzn-Trace-Id
X-CACHE-GROUP
X-Analytics
Backend-Timing
FilterID
Host
TP-L2-Cache
TP-Cache
X-Rid
X-User-Agent
X-Debug-Info
X-Magnolia-Registration
X-Cache-2
X-Hostname
X-Whom
ServerID
X-B3-Sampled
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Request-Received
X-Request-Processing-Time
X-Mobile
X-NWS-LOG-UUID
X-Srv
AR-Request-ID
Paypal-Debug-Id
Front-End-Https
X-VCache
X-AOL-HN
X-Akam-SW-Version
X-Content-Powered-By
Retry-After
X-B-Cache
Refresh
X-HS-Cache-Config
X-Signature
X-Cache-Action
Source
X-Cluster
X-LB-Cache
X-Device-Type
X-Handled-By
X-WA-Info
X-Request-Guid
X-Framework
X-Cache-Hit
Cleartype
X-App-Environment
X-Cache-Control
X-Instance
X-FB-Debug
X-SS-Set-Cookie
X-Tumblr-Pixel
X-Platform-Server
X-BCube-Filmed-By
X-Tumblr-User
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Varnish-Hostname
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-GUploader-UploadID
X-XRDS-LOCATION
X-Correlation-Id
Webserver
X-Fastcgi-Cache
X-Sol
X-Middleton-Display
Display
X-TA-CDN-Provider
X-Zen-Fury
X-Varnish-Backend
X-AppVersion
X-Az
X-Activity-Id
X-Daa-Tunnel
VIX-Pulpo-Upstream-Status
X-Content-Type
X-Cache-Server
VIX-Pulpo-Node
Healthy
X-Cache-Rule
X-Middleton-Response
Response
X-Varnish-Server
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
ViewerVersion
X-Seen-By
X-Wix-Request-Id
X-Cached-By
X-Generated-By
X-App-Server
S-Cnection
X-Geo-Country
Server-Node
Cache-Status
X-URL
X-TT
X-Cache-Age
X-Origin-Server
Upgrade-Insecure-Requests
X-Amz-Replication-Status
X-Accel-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
X-DataStream-Cache-Status
Payment
X-S
GEO-INFO
Accept-Charset
X-UA-Device-Type
Filters
X-Response-Served-From
NGB
X-Locale
X-Cacheable-TTL
X-Varnish-IP
X-Status
X-Servedby
X-Contextid
Actual-Object-TTL
ServedBy
Viewport
X-Cache-NE
X-Edge-Cache-Key
X-Esi
X-Edge-Cache
X-RequestSource
Access-Control-Allow-Method
X-Jobs
X-Node-Name
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Amz-Server-Side-Encryption
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Type
X-TX-ID
X-UUID
X-TT-TIMESTAMP
X-FW-Serve
AsisCache
X-WPE-Loopback-Upstream-Addr
X-WebKit-CSP-Report-Only
X-Adobe-Content
X-Adobe-Loc
Server-Info
X-GeoIP
X-Storage
HostName
Host-Header
X-PHP-Backend
X-Rendered-As
MS-CV
Cache-Tv-Group
X-Cache-TTL-Remaining
Cache
SRV
X-Cache-Remote
X-APP-VERSION
From-Origin
X-Croise-Owner
X-Hyper-Cache
X-Cache-Operation
X-Region
X-Vg-Webcache
X-App-Version
X-Webkit-CSP
X-Redis-Cache
Cache-Tag
Served-By
Public-Key-Pins-Report-Only
Liferay-Portal
DC
X-UA
X-HS-Combine-CSS
X-Forwarded-Host
X-Dynatrace-Js-Agent
X-Mode
X-TIME
X-Guploader-Uploadid
X-Is-Bot
X-Loop
X-Path-Route
X-Timing-Wait
X-IP
X-Webstats-RespID
Powered-By-ChinaCache
X-NGENIX-Cache
X-Hosted-By
X-Cache-Var-Map
X-TNCMS
X-Detected-As
X-Cache-Var
X-Upgrade-Enabled
X-Request-Time
Meta-Geo
Machine
X-RN-RSRV
X-Agile-Id
X-Generated
Selected-FE
X-Site-Version
X-Proxy-Build
X-Agile-Age
X-Agile
X-Human
X-Endurance-Cache-Level
X-Akamai-Transformed
Origin-Edge-Control
X-Pc-Appver
Origin-Cache-Control
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-NCache
X-L-Path
X-Internal-Host
X-JoinUs
X-Grey
X-Environment-Context
X-Original-Request
X-Cache-Category-Id
Cache-Name
X-CDN-Cache
Now
X-Vgn-Hpd-Reason
X-Web-Node
X-Upstream-HT
X-Pc-Hit
X-Upstream-CT
X-ProxyCache-Status
X-Via-Fastly
X-Pc-Key
X-ProxyCache-Key
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-B3-Spanid
X-Format
X-FC-Vary-Parameters
X-Birta-Served
S-Rt
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Birta-Cache-Post
X-Pubstack
X-RemovedCookies
DB-Nickname
X-Origin
X-OCL
X-Proxy
X-Origin-Host
X-Viewer-Country
X-VG-TLSProxy
X-ProcessESI
X-PCL
X-Www-Served-By
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Rule
X-Access
X-Section
Fastcgi-Useragent
X-Backend-Name
X-Via-CDN
X-Cache-Config
X-Origin-Response-Time
X-Origin-CC
X-ServerID
X-Tb
X-Xfnlog-Site
Pagespeed
X-CCM
X-Ocache
Cache-Tags
X-Akamai-Request-ID
Webcakes-App-Name
Mn-Server-Ip
Webcakes-Region
Azure-InstanceId
TWC-Privacy
Webcakes-App-Version
X-Proxied
Azure-RegionName
X-Zipkin-Id
Azure-SiteName
X-Origin-Hint
Azure-SlotName
X-Routing-Service
Azure-Version
TWC-GeoIP-Country
TWC-Locale-Group
HitType
Property-Id
Xserver
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
Cache-Key
X-BACKEND-TTL
Datacenter
X-App-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Akamai-Request-ID2
Content-Script-Type
OT-Force-Account-Verify
Content-Style-Type
X-Protected-By
X-Alternate-Cache-Key
X-CLOUD-TRACE-CONTEXT
X-Sorting-Hat-PodId
User-Cache-Control
X-Parent-Response-Time
Vix-Hermes-Req-Id
X-Sorting-Hat-ShopId
X-ShardId
X-Shopify-Stage
X-Edge-IP
X-ShopId
X-Cache-TTL
X-Ezoic-Cdn
X-Nginx-Cache
X-OVcl
X-OVcl-Cache
X-CACHE-KEY
NtCoent-Length
L5d-Success-Class
Time
X-RTag
Ms-Operation-Id
X-Pc-Host
X-Pc-Date
X-Real-Ip
X-Correlation-ID
Accept-Language
X-PERF
X-ApacheServer
X-Cache-Backend
X-Real-IP
X-RateLimit-Limit
X-Newrelic-App-Data
X-Mshield-Cache-Status
X-Amz-Meta-Surrogate-Control
X-Unique-Id-Primal
X-Mrs-Cache-Hits
LB
X-Mrs-Cache
X-Mrs-Age
X-Ratelimit-Limit
X-Proto
X-Cdn-Forward
X-FB-TRIP-ID
AR-SID
X-Front
X-Webkit-Csp
X-CDN-Forward
X-Varnish-Cacheable
X-Debug-Cache
Section-Io-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Country
X-Content-Age
X-Nc
X-Sucuri-ID
Load-Balancing
WZWS-RAY
X-Hit
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Trace-Id
X-Unique-ID
X-Hl-Ver
X-MP-GENERATED-AT
X-Microcachable
X-Varnish-Beresp-Ttl
Ohc-File-Size
We-Hiring
Version
Mail-Subject
Access-Control-Request-Headers
X-EdgeConnect-Cache-Status
X-GRACE
X-Connection-Hash
X-Cache-Enabled
X-C
X-Transaction
Warning
X-Twitter-Response-Tags
X-Logtrace-Id
Server-ID
Release
Rt-Proxy-Cache
Platform
Powered-By
X-Li-Fabric
RNT-Machine
Rendered-Blocks
X-LI-Proto
SD-X-WS
X-LI-UUID
RNT-Time
Server-Host
X-Li-Pop
Resin-Trace
MD5-Digest
X-Passed-To-DLL
Fastly-SWR
Fly-Cache
Frame-Options
Fastly-SIE
Fastly-Backend-Name
BehaviorPad-Version
Cache-Prefix
X-Passed-To-PostProcessResponse
Ec-Rule-Version
X-Passed-To-BeforeDispatch
X-Passed-To
Memcached
Meta-Geo-Continent
Mobile-Detection-Method
Node
SS
X-Node-Id
X-Org
X-NU-AKA-ACS-Version
IBM-Web2-Location
Is-Eu
X-Matched-Rule
X-Layer
X-CF-Lambda-Fn
X-Generated-In
X-CF-Lambda-Version
X-Crawler
X-CUA
X-Cache-URL
X-GeoIP-Country-Code
X-Cache-Expires
X-Cache-FS-Status
X-Cache-Host
X-Cache-Id
X-D
X-Date
X-Dispatcher-Server
X-From
X-DPWN-IS-SECURE
X-External-Request-Id
X-Died
X-Device-Os
X-G
X-Destination
X-Developer
X-FW-Version
X-Cache-Debug
X-Cache-Bucket
Www
X-A
X-A-Ccd
X-A-Dam
VivaBuild
Viewtype
Thinkindot-CacheControl-Type
Thinkindot-Control
X-PAYTM-SRV-ID
V-Age
X-A-Dcw
X-A-Dgt
X-B-Cookie
X-Backend-State
X-BB-ID
X-Bip
X-Auto-Login
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-Actual-URL
X-Aed
Thinkindot-CacheControl
Fly-Request-Id
X-Returned-From-PostProcessResponse
User-Agent
X-Returned-From-BeforeDispatch
X-Returned-From
X-Rewrite-Enabled
X-Rojux
X-ScT
X-S-Maxage
X-S-Cookie
X-Response-By
X-Request-UUID
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Via-NSCOPI
X-Release
X-Region-Sid
X-Reboot
X-Served-From
X-Server-By
X-Trv-Group
X-VG-WebServer
X-Thinkindot-L3
X-Dc
X-UE-Client-Country
X-Varnish-Action
X-User
X-Var-Ttl
X-Variation
X-Via-Edge
X-Thanos
X-SRCache-Key
Xc-Version
X-Server-Time
X-WebServer
X-We-Are-Hiring
X-Swa-Ws
X-Store
X-Via-SSL
X-Fetched-On
X-Returned-From-DLL
Adler-Geo
X-PHP-Host
Ajk
Arc-Country
X-Geo
X-Proxy-Upstream
Decoy-Debug-Status
X-Secret
Decoy-Debug-TTL
X-IN-SSL-APIGATEWAY
GMS-Ver
HA-Cloudapp
Web-Mar-Node
Countrycode
Country-Code
X-IN-WAF
Decoy-Debug-Key
GW-Server
X-Amz-Meta-Cache-Control
Request-Time
Esi-Enabled
X-Gen-Mode
X-Sf
X-SVT-ORM-VERSION
X-Clientip
X-CGP
AKAMAI
X-Stale
X-ServiceProvider
X-Block-Status
X-Server-Group
X-Info
X-Gannett-Site-Version
X-Hnp-Log
X-Server-IP
X-Proxy-Cache-Status
X-Hash
X-IN-APIGATEWAY
X-UnsetCookies
Heartbleed
X-TT-LOGID
X-P-T
Pramga
Proxy-Connection
X-SVT-ORM-RULES
HA-Servedtime
HA-Urlpath
Origin
On-Server
MI-API
Kp-EeAlive
X-No-Session
MI-Cache
MI-Cache-Age
X-MI-In-Market
X-F5-Cache
X-Request-Start
X-Location
X-Goog-Meta-Goog-Reserved-File-Mtime
HA-Geocountry
HA-Geolat
Content-Disposition
X-Rocket-Nginx-Bypass
X-Key
HA-Geocity
True-Client-Country-4JS
HA-Geolon
Backend
HA-Ipaddr
X-Epic-Correlation-Id
X-Eu-Site
HA-Host
Ha-Gx-Prefs
HA-Georegion
X-Be
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Magicmarker
X-Fstrz
X-Irp-Debug
X-Distributor
X-Cache-CFC
X-Nginx-Cache-Key
X-Request-URI
X-Origin-Expires
X-Phone
X-Origin-Date
Server-Int
Fastly-SSL
PFcat
X-Policy
X-SIPLIST1
X-Platform
Cache-Cookie-Set-From
X-Page-Type
X-Up
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-V
X-Backend-Url
X-Time
Apple-News-Services-Handled
REQUESTUUID
X-Backend-Host
IsBot
Who
X-Core-Value
X-ElasticPress-Search
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Distil-CS
Apple-News-Services-Parsed-Url
Pragrma
Backend-Name
Pagetype
X-NODE
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Servername
Fastly-Soc-X-Request-Id
CDCHOST
X-Refresh
Request-Country
X-Sn-Servicetimems
X-Origin-TTL
X-NX-Host
Request-EU
X-MSEdge-Flight
X-MSEdge-Features
X-Core-Mission
X-Cdn-Origin
X-Debug-Cookies
X-Developers
X-Debug-Log
X-Instance-Name
X-Fastly-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
Uber-Trace-Id
UCS
X-DC
X-Ua
PageSpeed
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Svr
X-NWS-UUID-VERIFY
RequestId
X-Micro-Cache
X-CACHE-AGE
X-Debug-Cache-Expiry
V-Cache
Group
X-Newrelic-Synthetics
X-Generated-On
X-Instart-Info
X-VCT
X-NC
X-Pjax-Url
X-GeoIP-City
X-COUNTRY
X-Level-Front-Cache
HitInfo
X-VarnCache
X-Req
ServerName
Lfy
Host-ID
X-PARISIEN-Cache-Rendered
X-VarnPar1
X-Cdn-Srv
MIME-Version
X-Cache-Info
Ohc-Response-Time
X-Server-Cache
X-BBXSRF
X-ARC
X-Datadome
Mime-Version
X-Powered-By-ANYU
X-Gdpr
Cache-Provider
X-B3-Traceid
PICS-Label
Memory
X-EIG-Tracking-Id
Cdn
Cteonnt-Length
X-CMS-Context
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Ratelimit-Remaining
X-LAGOON
Nel
CF-IPCountry
X-Wa
X-Aicache-OS
NGX
X-Fastly-Country-Code
X-Cluster-Node
X-Load-Cache
X-WR-MODIFICATION
X-StackifyID
XServer
CDN
FSS-Cache
X-Sentry-ID
FSS-Proxy
X-NodeID
GeoIp-Country-Code
Geoip-Latitude
X-VServer
X-HTML-Minification-Powered-By
X-Hello
X-Fastly-Backend-Reqs
X-Flog
X-WA
X-ABtesting
X-UPSTREAM-Address
GeoIP-Latitude
X-CSRF-TOKEN
GeoIP-Country-Code
X-Varnish-Beresp-TTL
X-Check-Cacheable
Cf-Ipcountry
SN
X-Source
CACHE
X-FireWall-Port
X-Unique-Id
X-CSRF-Token
X-APP
X-GZip
X-Varnish-Cache-Hits
X-Generation-Time
Processtime
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Amp-Access-Control-Allow-Source-Origin
X-Csrf-Token
X-Oss-Server-Time
X-Nananana
WP-Super-Cache
TSSecure
X-Oss-Storage-Class
X-Cache-Miss-From
X-HOST
X-Sedo-Request-Id
X-ServedByHost
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-MServer
X-CDN-Pop-IP
X-CDN-Pop
X-DataStream-MidMile-RTT
X-Cache-Grace
X-DataStream-Origin-MEX-Latency
URI
X-Worker
Server-Surrogate-Control
Server-Cache-Control
Cdn-Host
A
X-Edge-Server
Cdn-Request-Time
X-Dynatrace
DataCenter
X-Cache-ASPX
X-Varnish-Authentication
PageType
X-SRV
X-Skip-Cache
X-VG-WebCache
Pics-Label
X-FORWARDED-FOR
X-RCS-Backend
X-GDPR
X-IPS-LoggedIn
X-VC-Cache
X-ID
X-SplitTest
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
HTTPS
X-Port
X-Sucuri-Cache
X-Varnish-Url
X-HS-Status
X-Backend-TTL
X-B3-SpanId
Odigeo-Trace-Id
X-Instart-Isnd
X-Fastly-Cache-Hits
X-ND-Cache
Cache-Hits
X-Swift-Error
X-BE
X-Owner
X-PJAX-URL
X-Pf-Uncompressing
Hostname
X-GoCache-CacheStatus
X-From-Cache
Dynatrace
Get-Access-Time
Is-Session-Tracking
X-NGINX-Cache
X-Bug-Bounty
Proxy-Firewall
X-Gen-Id
X-SN
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-GZIP
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Server-W
Requestid
ProcessTime
X-Cache-Ttl
X-VarnPar2
Powered
X-ORIG-AKA-EDGE
Serverid
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-LiteSpeed-Cache-Control
X-SB
WebServer
X-VC
T-Server
Correlation-Id
X-Varnish-URL
X-GEO
X-ORIG-AKA-COUNTRY-CODE
X-Serial
X-Alicdn-Da-Ups-Status
RequestUuid
X-ServerName
X-Ms-Lease-State
X-Fe
X-PAGE-TYPE
X-RAMCache
X-LiteSpeed-Tag
Xet-Cookie
SID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-CS
Location
NnCoection
X-Developed-By
X-Cache-Srv
X-HTML-Edge-Cache
X-Dw-Trace-Id
NodeID