Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Cnection
X-Server-Id
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-Application-Context
X-Rack-Cache
X-CST
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-Server-ID
X-DataDome
X-Vhost
X-GitHub-Request-Id
X-Server-Name
X-ORACLE-DMS-RID
X-VARITI-CCR
Accept-CH
RTSS
X-ESI
X-Ruxit-JS-Agent
X-Goog-Hash
X-Cached
X-MS-InvokeApp
Charset
Pinterest-Generated-By
X-Mod-Pagespeed
SPRequestGuid
X-Vname
X-TtlSet
X-PC
Verso
X-F-Cache
X-D2id
Public-Key-Pins
X-GoogleNews-Bot
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-Version
X-Dispatcher
X-TTL
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Navigation-Version
X-B
X-Forwarded-Proto
X-Shield-Request-Id
X-Amz-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
X-Recruiting
X-Client-IP
DynaTrace
Realpath
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Upstream
X-Ttl
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Nginx-Cache
Content-MD5
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-ATIME
AR-CACHE
Arr-Disable-Session-Affinity
X-Debug
X-Hits
Edge-Cache-Tag
X-Varnish-Age
X-N
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Goog-Storage-Class
X-B3-TraceId-Primal
MRF-Tech
X-Oracle-Dms-Rid
X-Aspnet-Version
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Via-JSL
Access-Control-Request-Method
X-Id
TCN
S
X-XRDS-Location
X-ATG-Version
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
Service-Worker-Allowed
X-NewRelic-App-Data
X-Logged-In
X-Oneagent-Js-Injection
Alternate-Protocol
X-FastCGI-Cache
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
X-Kinsta-Cache
X-Frontend
Surrogate-Key
Rt-Fastcgi-Cache
Tracecode
X-Cache-Key
X-PressLabs-Stats
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-FTR-Cache-Host
X-Grace
Fastly-Restarts
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
X-CF-Powered-By
Server-Name
X-Amzn-Trace-Id
X-Edge-Location
X-Analytics
Backend-Timing
X-Content-Options
X-Ruxit-Js-Agent
TP-L2-Cache
TP-Cache
FilterID
X-Cache-2
Host
X-Rid
X-User-Agent
X-Magnolia-Registration
Fastcgi-Cache
X-Whom
ServerID
X-Debug-Info
X-B3-Sampled
X-Revision
X-IPLB-Instance
Ar-Sid
Eomportal-Instance
X-Page-Id
X-Hostname
X-Mobile
X-Srv
X-Request-Received
X-Request-Processing-Time
AR-Request-ID
X-NWS-LOG-UUID
X-VCache
X-Akam-SW-Version
Paypal-Debug-Id
Front-End-Https
X-AOL-HN
Retry-After
X-Content-Powered-By
X-Litespeed-Cache
X-GUploader-UploadID
X-B-Cache
X-Signature
X-Handled-By
X-Cluster
X-LB-Cache
X-Cache-Action
Source
X-Request-Guid
Refresh
X-SS-Set-Cookie
X-App-Environment
X-FB-Debug
X-Varnish-Hostname
X-Framework
X-Device-Type
Cleartype
X-Cache-Control
X-Tumblr-Pixel-0
X-BCube-Filmed-By
X-WA-Info
X-Tumblr-Pixel
X-Tumblr-User
X-Instance
X-Akamai-Edgescape
X-Varnish-Grace
X-Cache-Hit
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-HS-Cache-Config
Webserver
X-AppVersion
X-Az
X-Activity-Id
X-Zen-Fury
X-Middleton-Display
Display
X-Sol
X-XRDS-LOCATION
X-Correlation-Id
X-Varnish-Backend
X-Content-Type
X-Esi
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Fastcgi-Cache
X-Cache-Rule
X-Cache-Server
X-TA-CDN-Provider
X-Middleton-Response
Response
X-Varnish-Server
X-Drupal-Cache-Tags
X-URL
X-Daa-Tunnel
X-Seen-By
ViewerVersion
X-Wix-Request-Id
X-TT
Upgrade-Insecure-Requests
X-App-Server
X-Cached-By
X-Drupal-Cache-Contexts
X-Generated-By
X-Origin-Server
X-Geo-Country
Cache-Status
X-Cache-Age
X-CACHE-GROUP
S-Cnection
Accept-Charset
X-DataStream-Cache-Status
X-Amzn-RequestId
X-Amz-Replication-Status
X-Amz-Apigw-Id
Server-Node
X-Accel-Expires
Payment
X-UA-Device-Type
X-Response-Served-From
NGB
Filters
X-Edge-Cache
X-Edge-Cache-Key
X-Contextid
Access-Control-Allow-Method
X-S
X-Adobe-Content
X-Adobe-Loc
X-Servedby
GEO-INFO
X-Status
Actual-Object-TTL
X-UUID
X-RequestSource
X-Jobs
X-Cacheable-TTL
X-Cache-NE
ServedBy
X-Varnish-IP
X-FW-Type
X-FW-Hash
X-TX-ID
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-FW-Server
X-Locale
X-FW-Static
X-Tumblr-Pixel-1
Viewport
X-FW-Serve
Server-Info
AsisCache
X-Storage
X-Varnish-Hits
Cache-Tv-Group
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
X-GeoIP
X-PHP-Backend
MS-CV
X-WPE-Loopback-Upstream-Addr
X-Dns-Prefetch-Control
X-Cache-Remote
HostName
X-Cache-TTL-Remaining
X-Rendered-As
X-Node-Name
Cache
Host-Header
From-Origin
X-Croise-Owner
SRV
X-Region
X-APP-VERSION
X-Cache-Operation
X-Vg-Webcache
X-App-Version
X-Webkit-CSP
X-Hyper-Cache
X-Redis-Cache
Served-By
Liferay-Portal
X-Dynatrace-Js-Agent
Cache-Tag
Public-Key-Pins-Report-Only
DC
X-HS-Combine-CSS
X-Mode
X-BACKEND-TTL
X-Upgrade-Enabled
X-Agile-Age
X-Agile-Id
X-RN-RSRV
X-Akamai-Transformed
X-Timing-Wait
Selected-FE
X-Agile
X-Cache-Var-Map
X-Cache-Var
X-Webstats-RespID
X-IP
Meta-Geo
X-TNCMS
Machine
X-Detected-As
X-Forwarded-Host
X-Human
X-Hosted-By
X-Path-Route
X-Generated
X-NGENIX-Cache
X-Loop
X-Is-Bot
X-Proxy-Build
Origin-Edge-Control
Cache-Name
X-JoinUs
X-BYPASS-REASON
Xserver
X-Original-Request
X-Grey
X-Endurance-Cache-Level
X-L-Path
X-Labrador-Cache-Channel
X-Internal-Host
X-ProxyCache-Status
X-NCache
Origin-Cache-Control
Now
X-Upstream-CT
X-Upstream-HT
Powered-By-ChinaCache
X-Pc-Appver
X-Pc-Key
X-Environment-Context
X-Request-Time
X-ProxyCache-Key
X-CDN-Cache
X-Pc-Hit
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Cache-Category-Id
X-Web-Node
X-ServerID
X-Time-Microsecs
X-Viewer-Country
DB-Nickname
X-Pubstack
X-Proxy
X-Tumblr-Pixel-3
X-FC-Vary-Parameters
X-VG-TLSProxy
X-Origin
X-Akamai-Request-ID
X-Birta-Served
X-Birta-Cache-Post
X-Origin-Response-Time
X-Origin-Host
S-Rt
X-UA
X-B3-Spanid
X-OCL
X-PCL
X-RemovedCookies
X-Rule
X-Ocache
Fastcgi-X-Cache-Version
X-Cache-Config
X-CCM
X-Guploader-Uploadid
X-Backend-Name
X-Site-Version
Azure-SlotName
Azure-Version
Mn-Server-Ip
X-Format
Azure-SiteName
Azure-RegionName
X-Tb
X-Via-CDN
X-Xfnlog-Site
Azure-InstanceId
Fastcgi-X-Cache
X-ProcessESI
Cache-Tags
Fastcgi-Useragent
X-Kong-Upstream-Latency
Webcakes-App-Name
TWC-Locale-Group
Webcakes-App-Version
X-Kong-Proxy-Latency
X-Access
X-Yottaa-Metrics
X-Section
X-Origin-Hint
TWC-GeoIP-LatLong
Webcakes-Region
TWC-Device-Class
X-Proxied
Content-Script-Type
X-Zipkin-Id
X-Parent-Response-Time
X-Routing-Service
Pagespeed
X-Origin-CC
X-Yottaa-Optimizations
Content-Style-Type
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-Privacy
X-App-Name
HitType
X-Newrelic-App-Data
Cache-Key
Datacenter
X-Www-Served-By
User-Cache-Control
X-Edge-IP
X-TIME
X-Protected-By
AR-SID
Vix-Hermes-Req-Id
X-Nginx-Cache
X-Cache-TTL
X-CACHE-KEY
OT-Force-Account-Verify
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-RTag
X-ShopId
Ms-Operation-Id
X-Ezoic-Cdn
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Akamai-Request-ID2
X-Correlation-ID
Time
X-Real-IP
X-OVcl-Cache
X-PERF
X-FB-TRIP-ID
X-Cache-Backend
X-ApacheServer
X-OVcl
X-Pc-Date
NtCoent-Length
X-Pc-Host
X-Cdn-Forward
X-RateLimit-Limit
L5d-Success-Class
Accept-Language
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Webkit-Csp
X-Content-Age
X-Mrs-Cache
X-Mrs-Age
X-Front
X-Unique-Id-Primal
X-Real-Ip
Country
Load-Balancing
LB
X-Proto
X-Ratelimit-Limit
X-Debug-Cache
X-Amz-Meta-Surrogate-Control
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Section-Io-Cache
X-Varnish-Cacheable
X-CDN-Forward
Ohc-File-Size
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
X-Sucuri-ID
WZWS-RAY
X-Unique-ID
X-Hit
X-MP-GENERATED-AT
X-Hl-Ver
X-Nc
We-Hiring
Mail-Subject
X-GRACE
X-Time
Warning
X-CLOUD-TRACE-CONTEXT
X-Trace-Id
X-EdgeConnect-Cache-Status
X-Microcachable
User-Agent
X-Geo
Version
X-C
Rt-Proxy-Cache
X-Developer
X-CF-Lambda-Version
RNT-Time
X-CF-Lambda-Fn
X-Cache-Id
Node
X-Cache-URL
RNT-Machine
PFcat
X-Crawler
Powered-By
X-CUA
Release
Rendered-Blocks
Platform
X-D
Request-Time
X-Destination
X-Date
Resin-Trace
X-Connection-Hash
Thinkindot-CacheControl
Memcached
X-Cache-Bucket
X-BB-ID
X-Cache-Debug
X-Cache-Enabled
X-Cache-FS-Status
X-Cache-Expires
X-A-Dgt
X-B-Cookie
X-Aed
Meta-Geo-Continent
X-Accel-Expires-Debug
X-Application
X-A-Wwc
X-Auto-Login
X-A-Dcw
X-A-Dam
SS
X-Actual-URL
Thinkindot-CacheControl-Type
X-Cache-Host
Is-Eu
Server-Host
Server-ID
Thinkindot-Control
V-Age
X-A
X-A-Ccd
Mobile-Detection-Method
MD5-Digest
Viewtype
VivaBuild
SD-X-WS
X-Passed-To-PostProcessResponse
X-S-Maxage
X-S-Cookie
X-Rojux
X-ScT
X-Server-By
X-SRCache-Key
X-Server-Time
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Request-UUID
X-Release
X-Response-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Store
X-Swa-Ws
X-Via-Edge
X-VG-WebServer
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Variation
X-Var-Ttl
X-Transaction
X-Thinkindot-L3
X-Trv-Group
X-TT-LOGID
X-UE-Client-Country
X-Twitter-Response-Tags
X-Region-Sid
X-Reboot
X-Layer
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-LI-Proto
X-G
X-FW-Version
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-External-Request-Id
X-From
X-Fetched-On
X-Logtrace-Id
X-Matched-Rule
X-PHP-Host
X-PAYTM-SRV-ID
X-Qloud-Router
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
IBM-Web2-Location
X-Passed-To-DLL
X-NU-AKA-ACS-Version
X-Node-Id
X-Org
X-P-T
X-Passed-To-BeforeDispatch
X-Passed-To
X-Device-Os
Www
Ajk
Adler-Geo
Fly-Request-Id
Arc-Country
Frame-Options
X-Ua
Cache-Prefix
BehaviorPad-Version
Fly-Cache
Access-Control-Request-Headers
Fastly-Backend-Name
Fastly-SIE
Ec-Rule-Version
X-Via-NSCOPI
Fastly-SWR
Pagetype
X-Rocket-Nginx-Bypass
X-Origin-Expires
X-Amz-Meta-Cache-Control
X-No-Session
X-Nginx-Cache-Key
Content-Disposition
Decoy-Debug-Key
X-MI-In-Market
Decoy-Debug-Status
Decoy-Debug-TTL
Countrycode
Country-Code
X-Origin-Date
X-Backend-State
X-Clientip
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Hash
X-GeoIP-Country-Code
X-F5-Cache
X-Fstrz
X-Gen-Mode
X-IN-WAF
X-Info
Web-Mar-Node
X-Location
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Key
X-Bip
X-Cache-CFC
Backend
X-Block-Status
Cache-Cookie-Set-Lfrom
Esi-Enabled
Pramga
X-Distributor
X-Thanos
X-Stale
Proxy-Connection
Heartbleed
X-Sf
X-UnsetCookies
Magicmarker
MI-Cache-Age
MI-Cache
MI-API
X-Varnish-Action
X-User
Origin
On-Server
X-Server-IP
X-ServiceProvider
X-Server-Group
X-Proxy-Cache-Status
True-Client-Country-4JS
Server-Int
X-Proxy-Upstream
Fastly-SSL
GMS-Ver
Kp-EeAlive
X-Served-From
GW-Server
X-Phone
X-Dc
X-NODE
X-ElasticPress-Search
X-Epic-Correlation-Id
X-MSEdge-Flight
X-Gannett-Site-Version
X-Fastly-Cache
X-MSEdge-Features
X-Eu-Site
X-Distil-CS
X-SVT-ORM-RULES
X-Micro-Cache
X-Request-URI
X-Request-Start
X-Page-Type
X-Secret
X-SIPLIST1
X-V
X-Irp-Debug
X-Up
X-SVT-ORM-VERSION
Backend-Name
X-Policy
X-CGP
HA-Host
AKAMAI
HA-Ipaddr
X-Core-Mission
HA-Cloudapp
HA-Servedtime
Ha-Gx-Prefs
HA-Georegion
HA-Geocountry
HA-Geocity
HA-Geolat
X-Backend-Host
X-Backend-Url
HA-Geolon
X-Core-Value
HA-Urlpath
IsBot
X-DC
X-Be
Pragrma
X-Debug-Log
X-Wikidot-Static-Cache
X-Debug-Cookies
X-Sn-Servicetimems
REQUESTUUID
X-Origin-TTL
X-CACHE-AGE
X-Refresh
X-Svr
X-Platform
Who
X-Wikidot-Backend
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
CDCHOST
Fastly-Soc-X-Request-Id
X-Debug-Cache-Expiry
Apple-News-Services-Handled
X-Debug-Cache-Fetch
X-NX-Host
X-Cdn-Origin
X-Debug-Cache-Store
X-Developers
PageSpeed
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-COUNTRY
X-Planisys-CDN-Cache
Uber-Trace-Id
X-Urbn-Site-Id
Lfy
X-Generated-On
X-Instart-Info
X-Level-Front-Cache
Locale
UCS
X-Servername
Request-Country
X-Urbn-Context-Path
Request-EU
X-NC
X-Instance-Name
X-Cache-Info
X-Cdn-Srv
X-Server-Cache
Ohc-Response-Time
X-VarnCache
X-NWS-UUID-VERIFY
Host-ID
X-PARISIEN-Cache-Rendered
X-VarnPar1
RequestId
ServerName
V-Cache
Group
X-Req
MIME-Version
X-VCT
X-GeoIP-City
X-ARC
X-Pjax-Url
X-Newrelic-Synthetics
Cteonnt-Length
X-Datadome
HitInfo
Memory
Cache-Provider
Cdn
X-CMS-Context
X-BBXSRF
PICS-Label
X-Powered-By-ANYU
Mime-Version
X-Gdpr
X-Servedbyhost
X-EIG-Tracking-Id
X-Ratelimit-Remaining
X-TWH-CORRELATION-ID
X-LAGOON
Nel
X-WR-MODIFICATION
CF-IPCountry
X-StackifyID
NGX
X-Wa
X-Aicache-OS
X-HTML-Minification-Powered-By
CDN
GeoIP-Country-Code
GeoIP-Latitude
X-B3-Traceid
X-Load-Cache
X-Fastly-Country-Code
X-FireWall-Port
XServer
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-Cluster-Node
Cf-Ipcountry
X-Varnish-Cache-Hits
X-UPSTREAM-Address
X-Generation-Time
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
FSS-Proxy
X-NodeID
X-Sentry-ID
FSS-Cache
X-WA
X-Flog
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
X-VServer
X-ABtesting
Geoip-Latitude
X-Hello
X-Sedo-Request-Id
X-Cache-Miss-From
X-Check-Cacheable
Processtime
X-Csrf-Token
X-Source
X-HOST
X-Unique-Id
SN
X-Cache-Grace
X-Varnish-Beresp-TTL
CACHE
X-Cache-ASPX
Server-Surrogate-Control
X-Varnish-Authentication
WP-Super-Cache
X-ServedByHost
X-Oss-Object-Type
X-APP
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-CDN-Pop-IP
X-CDN-Pop
X-Oss-Storage-Class
X-GZip
Server-Cache-Control
URI
X-Nananana
X-RCS-Backend
TSSecure
X-Dynatrace
X-CSRF-Token
X-IPS-LoggedIn
X-SRV
X-Edge-Server
X-VC-Cache
Cdn-Request-Time
X-Varnish-Url
X-Skip-Cache
Pics-Label
X-DataStream-Origin-MEX-Latency
X-GDPR
X-FORWARDED-FOR
X-Worker
X-MServer
X-DataStream-MidMile-RTT
Cdn-Host
DataCenter
X-ID
X-Instart-Isnd
X-HS-Status
A
X-VG-WebCache
X-ND-Cache
X-BE
X-Fastly-Cache-Hits
X-GoCache-CacheStatus
Get-Access-Time
X-B3-SpanId
X-From-Cache
Is-Session-Tracking
X-Sucuri-Cache
PageType
X-Swift-Error
Dynatrace
HTTPS
X-PJAX-URL
X-Port
X-Pf-Uncompressing
Hostname
Proxy-Firewall
X-SplitTest
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Server-W
Powered
X-Bug-Bounty
Odigeo-Trace-Id
X-Gen-Id
X-GZIP
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Requestid
X-Backend-TTL
FastCGI-Cache
X-SN
X-Owner
X-Cache-Ttl
X-ORIG-AKA-EDGE
X-VarnPar2
X-NGINX-Cache
X-Fe
Serverid
X-Pc-Subdomain
Cache-Hits
X-Amz-Meta-S3b-Last-Modified
X-ServerName
X-RequestId
X-LiteSpeed-Cache-Control
X-Varnish-URL
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-Serial
WebServer
X-VC
X-ORIG-AKA-COUNTRY-CODE
X-HostName
X-GEO
RequestUuid
T-Server
X-RAMCache
X-SB
X-Dw-Trace-Id
X-HTML-Edge-Cache
Xet-Cookie
X-Akamai-ERPolicy
SID
Correlation-Id
X-Ms-Lease-Status
X-PF-Uncompressing
Location
NnCoection
X-Akamai-ERRuleID
X-Ms-Version
X-Ms-Blob-Type
X-CS
X-Developed-By
X-Akamai-SSL-Client-Sid
X-LiteSpeed-Tag
X-Ms-Request-Id