Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
Accept-Ranges
X-Content-Type-Options
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Xss-Protection
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
X-Iinfo
Content-Encoding
X-CDN
X-Content-Security-Policy
X-Buckets
X-Turbo-Charged-By
X-Type
Upgrade
WPE-Backend
X-Pass-Why
X-Request-ID
Keep-Alive
X-Cache-Group
CF-Ray
X-AH-Environment
Xkey
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
P3p
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Page-Speed
X-LiteSpeed-Cache
Request-Context
X-Device
X-Ac
Content-Location
X-Kinja-Server-Push
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Amz-Version-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
X-Backend-Server
Surrogate-Control
X-Cnection
X-Rq
X-Readtime
X-Rack-Cache
Server-Timing
X-WebKit-CSP
Report-To
X-Server-Id
X-Node
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
Feature-Policy
X-Instart-Request-ID
X-Iejgwucgyu
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-CST
Pinterest-Generated-By
X-Country
NEL
X-Px
Rating
X-Url
X-TTL
X-Server-Name
X-Country-Code
X-Ruxit-JS-Agent
X-DataDome
X-Origin-Cache
X-Varnish-TTL
X-DynaTrace
X-MS-InvokeApp
Allow
X-Vhost
X-PC
X-TtlSet
X-Vname
X-Cached
X-FTR-Request-ID
RTSS
X-ESI
X-Server-ID
X-Goog-Hash
X-Powered-CMS
Charset
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
X-VARITI-CCR
Accept-CH
X-Dispatcher
X-D2id
Public-Key-Pins
X-GitHub-Request-Id
X-Mod-Pagespeed
X-Oracle-Dms-Rid
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-F-Cache
X-Trace
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
MS-Author-Via
SPRequestGuid
X-Version
Content-MD5
Verso
X-SharePointHealthScore
X-T
X-Recruiting
Nginx-Cache
X-Abt-Application-Version
SPIisLatency
SPRequestDuration
X-Client-IP
X-Shield-Request-Id
X-Forwarded-Proto
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Accept-CH-Lifetime
X-N
X-DIS-Request-ID
X-HW
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
X-Amz-Rid
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Origin-Upstream-Status
X-Upstream
Fastly-Restarts
X-XRDS-Location
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Fastly-Request-ID
Paypal-Debug-Id
X-ORACLE-DMS-RID
X-Hits
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
X-Accel-Buffering
TCN
Realpath
DynaTrace
Arr-Disable-Session-Affinity
X-Content-Options
X-Pad
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Webkit-Csp
X-NF-Request-ID
Service-Worker-Allowed
X-Content-Digest
X-Id
X-Goog-Storage-Class
Tracecode
X-Ser
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-Varnish-Age
S
Front-End-Https
X-Amz-Cf-Pop
X-Debug
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Middleton-Display
X-Sol
Display
X-Vcap-Request-Id
X-FastCGI-Cache
X-MSEdge-Ref
X-Kinsta-Cache
X-PressLabs-Stats
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-Frontend
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend-Server
X-IPLB-Instance
X-RateLimit-Remaining
X-Cache-Hit
X-ATG-Version
Surrogate-Key
Powered-By-ChinaCache
X-Geo-Segment
X-HS-Content-Id
X-HS-Hub-Id
X-Forwarded-For
X-Zen-Fury
X-Grace
Fastcgi-Cache
Response
X-Middleton-Response
X-NewRelic-App-Data
X-CF-Powered-By
Rt-Fastcgi-Cache
Server-Name
X-Logged-In
X-Oneagent-Js-Injection
X-Litespeed-Cache
X-Analytics
X-Mobile
Backend-Timing
X-Debug-Info
X-Akam-SW-Version
X-Revision
TP-Cache
X-SS-Set-Cookie
Host
TP-L2-Cache
X-Rid
FilterID
X-Amzn-Trace-Id
X-FTR-Cache-Host
X-User-Agent
X-Request-Received
X-Edge-Location
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-TA-CDN-Provider
MicrosoftSharePointTeamServices
Cache-Status
Edge-Cache-Tag
X-Cached-By
X-Cache-Key
X-Accel-Expires
X-SERVER
Host-Header
Ar-Sid
Refresh
X-Magnolia-Registration
X-Drupal-Cache-Tags
X-GUploader-UploadID
X-Cache-Rule
Liferay-Portal
X-Varnish-Backend
X-Webkit-CSP
ServerID
X-Node-Name
X-Whom
X-Akamai-Edgescape
X-Framework
X-FB-Debug
X-Newrelic-App-Data
X-Platform-Server
X-AOL-HN
Cache-Tag
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-HS-Cache-Config
DC
X-Varnish-Hostname
X-Cluster
X-B3-Sampled
X-Signature
X-B-Cache
X-Instance
X-Cache-2
X-Cache-Control
X-Content-Security-Policy-Report-Only
Public-Key-Pins-Report-Only
X-Device-Type
X-App-Environment
X-LB-Cache
X-Page-Id
X-Request-Guid
X-BCube-Filmed-By
X-Ttl
Cleartype
X-Handled-By
Accept-Charset
X-Srv
X-AppVersion
X-Activity-Id
X-Az
X-WPE-Loopback-Upstream-Addr
Eomportal-Instance
X-B3-TraceId-Primal
X-Generated-By
X-TT
AR-Request-ID
Upgrade-Insecure-Requests
X-Fastcgi-Cache
X-Use-Magma
X-App-Version
X-Cache-Action
MS-CV
X-Cache-Server
X-Wix-Request-Id
X-Seen-By
X-Drupal-Cache-Contexts
ViewerVersion
X-Via-JSL
X-NWS-LOG-UUID
X-App-Server
X-Correlation-Id
X-Amz-Replication-Status
Source
X-Esi
X-VCache
Retry-After
X-Content-Powered-By
HostName
Alternate-Protocol
X-URL
X-WA-Info
Server-Node
X-Varnish-Server
X-Tumblr-Pixel-1
X-Cache-NE
X-Adobe-Content
X-Adobe-Loc
SRV
X-Tumblr-Pixel-2
X-Response-Served-From
X-FW-Hash
X-FW-Serve
X-Cache-TTL-Remaining
Webserver
X-Hostname
X-UUID
Actual-Object-TTL
X-WebKit-CSP-Report-Only
X-Locale
X-Jobs
X-Status
X-FW-Type
X-FW-Server
X-FW-Static
X-GeoIP
X-Varnish-Grace
X-Amzn-RequestId
Payment
AsisCache
X-Amz-Apigw-Id
CACHE
AR-SID
X-RequestSource
X-Edge-Cache-Key
X-Edge-Cache
X-Servedby
X-HS-Combine-CSS
X-Geo-Country
GEO-INFO
ServedBy
X-Contextid
Viewport
X-S
X-Varnish-Hits
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TX-ID
X-Varnish-IP
X-Dns-Prefetch-Control
X-TT-TIMESTAMP
X-Vg-Webcache
X-Origin-Server
Country
Pagespeed
PageSpeed
X-Cache-Operation
X-Correlation-ID
X-Sucuri-ID
X-Cacheable-TTL
X-RateLimit-Limit
X-Daa-Tunnel
Server-Info
Served-By
X-Region
Datacenter
X-Hyper-Cache
X-Akamai-Request-ID2
From-Origin
X-Cache-Age
X-Real-IP
X-Amz-Server-Side-Encryption
X-Forwarded-Host
X-Mode
Content-Script-Type
Content-Style-Type
X-Ezoic-Cdn
HitInfo
HitType
X-XRDS-LOCATION
Cache
X-DataStream-Cache-Status
Azure-RegionName
Fastcgi-X-Cache-Version
Machine
X-Cache-Var
X-Rule
X-Section
X-ServerID
Fastcgi-X-Cache
X-App-Name
Meta-Geo
X-RN-RSRV
X-Proxy
X-Rocket-Nginx-Bypass
X-Routing-Service
X-Access
X-Amz-Meta-Surrogate-Control
X-Site-Version
X-Tb
Azure-SlotName
X-Hit
X-Format
Azure-SiteName
X-Rendered-As
Access-Control-Allow-Method
Azure-InstanceId
X-Detected-As
X-Cache-Var-Map
X-Upgrade-Enabled
X-Generated
X-Proxied
X-JoinUs
X-Is-Bot
X-Zipkin-Id
X-Akamai-Transformed
Azure-Version
S-Cnection
X-TIME
X-Environment-Context
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
X-Grey
TWC-Connection-Speed
X-L-Path
X-Hosted-By
X-CDN-Cache
X-Cache-Category-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Agile
X-Agile-Age
X-NGENIX-Cache
X-Agile-Id
TWC-Privacy
X-Ocache
LB
X-VG-TLSProxy
Healthy
X-Content-Type
L5d-Success-Class
X-Cache-Config
DB-Nickname
Fastcgi-Useragent
Mn-Server-Ip
Now
X-Origin-Hint
X-Origin
TWC-GeoIP-LatLong
X-Source
Property-Id
X-TWH-CORRELATION-ID
OT-Force-Account-Verify
X-Request-Time
S-Rt
X-FC-Vary-Parameters
X-Via-Fastly
X-Upstream-HT
X-Viewer-Country
X-Birta-Cache-Post
X-Birta-Served
X-Upstream-CT
X-TNCMS
Cache-Name
X-Loop
X-OCL
X-PCL
X-EIG-Tracking-Id
X-Human
X-Distil-CS
Xserver
X-BYPASS-REASON
X-Cluster-Node
X-ProcessESI
X-ProxyCache-Key
X-AWS-Id
X-RemovedCookies
X-Pc-Appver
X-IP
X-Labrador-Cache-Channel
X-Pc-Hit
X-Original-Request
X-OVcl
X-Pc-Key
X-CCM
X-Xfnlog-Site
X-LJ-Flow-ID
X-OVcl-Cache
X-ProxyCache-Status
X-SplitTest
IBM-Web2-Location
X-VWS-Id
X-Pubstack
X-Microcachable
X-Ms-Version
X-Cache-Enabled
X-Www-Served-By
Accept-Language
Selected-FE
X-Proxy-Build
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Timing-Wait
X-ShopId
Access-Control-Request-Headers
X-Shopify-Stage
X-ShardId
X-NodeID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-RTag
X-GRACE
X-Port
X-Path-Route
X-Web-Node
X-Guploader-Uploadid
X-Connection-Hash
X-Transaction
X-Via-CDN
Cache-Hits
X-Twitter-Response-Tags
X-Unique-ID
X-HOST
Ms-Operation-Id
User-Agent
X-MP-GENERATED-AT
X-Cache-Remote
Origin-Edge-Control
Origin-Cache-Control
NtCoent-Length
Time
Backend
X-UA
X-Geo
X-Origin-CC
X-Varnish-Cacheable
X-Debug-Cache
X-Edge-IP
X-Nginx-Cache
X-Varnish-Cache-Hits
X-Cdn-Forward
X-Cache-TTL
X-Sucuri-Cache
We-Hiring
X-NODE
Mail-Subject
X-Real-Ip
X-CACHE-KEY
X-Pc-Host
X-Pc-Date
X-Internal-Host
X-APP-VERSION
X-NCache
X-Ratelimit-Limit
X-Tumblr-Pixel-3
NGB
Fastly-SSL
X-Proto
X-Ruxit-Js-Agent
X-Mrs-Cache
X-Newrelic-Synthetics
Filters
X-CACHE-GROUP
X-Mrs-Age
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-PERF
Warning
X-ApacheServer
X-Csrf-Token
X-Vgn-Hpd-Reason
X-Ua
X-Storage
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Akamai-Request-ID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Time-Microsecs
X-Webstats-RespID
Cache-Key
X-C
X-CDN-Forward
X-Dc
X-ElasticPress-Search
X-Dynatrace-Js-Agent
X-Backend-Name
X-Nc
X-EdgeConnect-Cache-Status
X-Powered-By-ANYU
User-Cache-Control
X-Endurance-Cache-Level
X-CACHE-AGE
WZWS-RAY
Origin
Rendered-Blocks
Resin-Trace
X-CF-Lambda-Fn
NodeID
VivaBuild
Mobile-Detection-Method
Viewtype
Rt-Proxy-Cache
Odigeo-Trace-Id
Section-Io-Cache
TSSecure
UCS
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-CGP
X-CF-Lambda-Version
Server-Host
Server-Int
V-Age
SN
Www
X-A
X-B-Cookie
X-Backend-Host
X-Application
X-Amz-Meta-Cache-Control
HA-Ipaddr
HA-Host
X-Backend-TTL
Ha-Gx-Prefs
X-BBXSRF
X-BB-ID
X-Backend-Url
X-Aed
X-Accel-Expires-Debug
X-Cache-Srv
Meta-Geo-Continent
X-A-Dcw
X-A-Dam
X-A-Ccd
MD5-Digest
X-A-Dgt
HA-Servedtime
X-A-Wwc
IsBot
Magicmarker
X-Cache-Bucket
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rewrite-Enabled
X-Region-Sid
X-Rojux
X-S-Cookie
X-Secret
X-ScT
X-Platform
X-Phone
X-Nginx-Cache-Key
X-MSEdge-Flight
X-NU-AKA-ACS-Version
X-Org
X-PAYTM-SRV-ID
X-Server-By
X-Server-Time
X-Via-Edge
X-VG-WebServer
X-Via-SSL
X-Wikidot-Backend
Xc-Version
X-Wikidot-Static-Cache
X-Up
X-UE-Client-Country
X-SRCache-Key
X-SIPLIST1
X-Store
X-Thinkindot-L3
X-Trv-Group
X-MSEdge-Features
X-Matched-Rule
X-DPWN-IS-SECURE
X-Distributor
X-Epic-Correlation-Id
X-Eu-Site
X-F5-Cache
X-External-Request-Id
X-Died
X-Developers
X-D
X-Croise-Owner
X-Date
X-Destination
X-Developer
X-Fastly-Cache
X-Fetched-On
X-IN-APIGATEWAY
X-Hl-Ver
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Logtrace-Id
X-Irp-Debug
X-Hash
HA-Georegion
X-G
X-From
X-Gannett-Site-Version
X-Generated-In
X-GeoIP-Country-Code
X-Core-Mission
HA-Urlpath
Cache-Tags
Fly-Cache
Ajk
GMS-Ver
FSS-Proxy
FSS-Cache
Fly-Request-Id
Arc-Country
HA-Geolon
Ec-Rule-Version
Cache-Prefix
Content-Disposition
BehaviorPad-Version
HA-Geocity
HA-Geocountry
HA-Geolat
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
HA-Cloudapp
Apple-News-Services-Host
X-Auto-Login
X-Core-Value
X-Debug-Cookies
X-Cache-Backend
X-Debug-Log
X-Clientip
X-Cdn-Origin
X-Cache-Expires
X-Cache-CFC
X-Backend-State
AKAMAI
X-Cache-URL
X-Cache-Host
X-ABtesting
X-Hello
X-Sn-Servicetimems
X-Swa-Ws
X-Server-IP
X-S-Maxage
X-Response-By
X-TT-LOGID
X-UnsetCookies
X-Worker
X-We-Are-Hiring
X-VServer
X-User
X-Request-Start
X-Release
X-Key
X-Layer
X-GeoIP-City
X-FW-Version
X-Flog
X-Location
X-No-Session
X-Redis-Cache
X-Reboot
X-Owner
X-NX-Host
X-Dispatcher-Server
X-Fstrz
Frame-Options
Country-Code
GW-Server
Heartbleed
Countrycode
Server-ID
RNT-Time
Backend-Name
Release
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
RNT-Machine
Memcached
Cache-Cookie-Set-From
Pramga
X-Varnish-Beresp-Ttl
X-B3-Spanid
X-BB-IP
X-Datadome
X-NC
MI-Cache
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
MI-Cache-Age
X-Returned-From
X-Returned-From-PostProcessResponse
X-Device-Os
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Sentry-ID
X-Request-UUID
X-Passed-To-BeforeDispatch
X-LI-UUID
X-MI-In-Market
X-Hnp-Log
X-LI-Proto
X-Instance-Name
X-Li-Fabric
X-Li-Pop
Platform
X-Node-Id
X-Passed-To-PostProcessResponse
X-Policy
Request-EU
X-Gen-Mode
X-Passed-To-DLL
X-Passed-To
Request-Country
X-V
X-Sf
X-Block-Status
X-Bip
X-WebServer
X-Cache-Debug
Fastly-Soc-X-Request-Id
X-Varnish-Action
Fastly-SWR
X-Cache-Id
Decoy-Debug-Key
Decoy-Debug-Status
X-ServiceProvider
X-Actual-URL
Web-Mar-Node
X-Request-URI
CDCHOST
Decoy-Debug-TTL
Adler-Geo
Uber-Trace-Id
Esi-Enabled
X-VCT
X-Crawler
Fastly-SIE
X-Variation
X-CUA
X-Served-From
Pragrma
X-Thanos
X-Stale
Is-Eu
X-Var-Ttl
Kp-EeAlive
Fastly-Backend-Name
X-Trace-Id
Pagetype
X-Ms-Lease-State
X-Qloud-Router
X-DC
X-UA-Device-Type
X-Via-NSCOPI
On-Server
True-Client-Country-4JS
X-PHP-Backend
X-Info
X-P-T
REQUESTUUID
Proxy-Connection
Amp-Access-Control-Allow-Source-Origin
HTTPS
Cteonnt-Length
MI-API
RequestId
Powered-By
X-Pjax-Url
X-Page-Type
ProcessTime
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Be
X-SN
X-Ckpd-Fst-Backend
X-CLOUD-TRACE-CONTEXT
MIME-Version
X-Servername
Cdn
X-Refresh
X-Req
X-Oracle-Dms-Ecid
X-NWS-UUID-VERIFY
X-Oss-Storage-Class
X-GZip
X-SVT-ORM-RULES
X-Oss-Request-Id
X-Origin-Response-Time
Memory
X-MServer
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-SVT-ORM-VERSION
X-Oss-Server-Time
X-Origin-TTL
Version
X-Content-Age
X-Parent-Response-Time
CF-IPCountry
X-Cache-FS-Status
Mime-Version
X-Aicache-OS
X-Unique-Id-Primal
Who
Group
V-Cache
X-Varnish-Url
X-Time
X-ND-Cache
X-Servedbyhost
X-Vcache
X-COUNTRY
Fusion-Source
X-Pf-Uncompressing
X-Generation-Time
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
SS
Fusion-Component-Id
X-Varnish-Beresp-TTL
X-Wa
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
X-FireWall-Port
GeoIP-Country-Code
X-GEO
X-Fastly-Cache-Hits
X-SRV
X-Ratelimit-Remaining
X-Cache-Info
X-Unique-Id
GeoIP-Latitude
Cdn-Request-Time
CDN
X-Edge-Server
Cdn-Host
PageType
Is-Session-Tracking
Get-Access-Time
X-M-Log
XServer
X-M-Reqid
X-Qnm-Cache
X-CS
X-B3-Traceid
X-EC-Security-Audit
GeoIp-Country-Code
X-Protected-By
Geoip-Latitude
X-Server-Group
Load-Balancing
X-Surge-Debug
NGX
X-WA
X-Server-W
X-APP
Serverid
T-Server
ServerName
X-HTML-Minification-Powered-By
SD-X-WS
X-Requestid
X-Check-Cacheable
X-Origin-Date
X-Origin-Expires
Nel
Cf-Ipcountry
X-ID
X-CSRF-Token
A
X-Nananana
X-RequestId
X-StackifyID
X-ServedByHost
X-ARC
X-SERVER-NAME
DataCenter
PICS-Label
X-Skip-Cache
X-Alicdn-Da-Ups-Status
X-HS-Status
X-FORWARDED-FOR
Processtime
Hostname
X-UPSTREAM-Address
URI
X-GZIP
X-Load-Cache
X-NGINX-Cache
X-Fastly-Country-Code
X-Gdpr
X-Feature
X-PF-Uncompressing
X-Proxy-Server
X-ServerName
X-B3-SpanId
WP-Super-Cache
X-Fe
X-BE
Node
X-PHP-Host
Cache-Provider
Powered
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Cdn-Srv
Cneonction
X-VG-WebCache
X-Origin-Host
X-PAGE-TYPE
Lfy
X-Atg-Version
VIX-Pulpo-Upstream-Status
X-PJAX-URL
VIX-Pulpo-Node
X-HTML-Edge-Cache
X-Proxy-Cache-Status
RequestUuid
X-Proxy-Upstream
X-IPS-LoggedIn
Requestid
X-Content-Encoded-By
Https
X-CSRF-TOKEN
X-Distil-Cs
X-SB
X-From-Cache
X-VC
X-Fastly-Backend-Reqs
Vix-Hermes-Req-Id
N-Cache
Sid
X-Cache-Ttl
X-GDPR
X-Akamai-SSL-Client-Sid
X-Serial
Xet-Cookie
X-WR-MODIFICATION
Build-Number
X-Dw-Trace-Id
X-RAMCache
PFcat
Host-ID
SID
Cdn-Src-Port
X-Grace-Duration
X-Gen-Id