Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Amz-Cf-Pop
X-Download-Options
P3p
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
X-Request-ID
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Via
X-Pingback
X-Nginx-Cache-Status
Grace
EagleId
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-UA-Device
X-Robots-Tag
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
X-Cnection
X-OneAgent-JS-Injection
X-Node
Content-Location
X-Readtime
Surrogate-Control
X-CST
EagleEye-TraceId
Report-To
X-Host
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Rack-Cache
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
Allow
X-Url
X-Clacks-Overhead
NEL
Rating
X-DynaTrace
X-Country
Edge-Control
X-Origin-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-Cdn
X-B3-TraceId
X-Px
X-Server-ID
X-DataDome
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-Vhost
X-ESI
X-Trace
X-VARITI-CCR
Accept-CH
X-Goog-Hash
Charset
X-Server-Name
X-Cached
RTSS
Pinterest-Generated-By
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-D2id
Public-Key-Pins
X-TTL
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Version
X-F-Cache
SPRequestGuid
X-PC
X-TtlSet
X-Vname
X-Dispatcher
X-DynaTrace-JS-Agent
X-DIS-Request-ID
X-Powered-By-Plesk
Accept-CH-Lifetime
X-T
X-Abt-Application-Version
X-Powered-CMS
X-SharePointHealthScore
X-Fastly-Request-ID
X-Origin-Upstream-Status
X-Ser
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B
Realpath
X-Client-IP
X-Amz-Rid
X-Shield-Request-Id
MS-Author-Via
X-Recruiting
X-Forwarded-Proto
X-HW
X-Upstream
SPRequestDuration
X-Vcap-Request-Id
SPIisLatency
DynaTrace
X-TEC-API-ORIGIN
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-XRDS-Location
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Varnish-Age
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Ttl
Content-MD5
X-Debug
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Via-JSL
X-Dw-Request-Base-Id
X-Hits
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Aspnet-Version
X-Id
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-NewRelic-App-Data
X-NF-Request-ID
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-N
X-Country-Code-Real
X-FTR-DC
Service-Worker-Allowed
X-FTR-Expires
Access-Control-Request-Method
S
X-ATG-Version
Edge-Cache-Tag
Alternate-Protocol
X-FastCGI-Cache
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
TCN
X-Kinsta-Cache
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
Surrogate-Key
X-Forwarded-For
X-RateLimit-Remaining
Rt-Fastcgi-Cache
X-FTR-Cache-Host
X-Cache-Key
X-Content-Digest
Tracecode
X-Litespeed-Cache
X-TA-CDN-Provider
X-CF-Powered-By
Fastcgi-Cache
X-Pad
Server-Name
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Ar-Sid
X-Analytics
X-User-Agent
Fastly-Restarts
Backend-Timing
MicrosoftSharePointTeamServices
TP-Cache
TP-L2-Cache
X-Cache-2
Host
X-Edge-Location
FilterID
X-Magnolia-Registration
X-Rid
X-Debug-Info
X-Grace
ServerID
X-B3-Sampled
X-Whom
X-Page-Id
X-Mobile
X-Revision
X-Content-Options
X-IPLB-Instance
Eomportal-Instance
Front-End-Https
Paypal-Debug-Id
X-Hostname
X-Srv
X-Akam-SW-Version
AR-Request-ID
X-NWS-LOG-UUID
Refresh
X-LB-Cache
X-VCache
X-Content-Powered-By
X-AppVersion
X-Activity-Id
X-Az
Retry-After
X-Signature
X-Request-Processing-Time
X-Request-Received
X-B-Cache
X-GUploader-UploadID
X-Cluster
X-SS-Set-Cookie
X-Framework
X-Cache-Action
Source
X-App-Environment
X-Varnish-Hostname
X-Handled-By
Cleartype
X-Tumblr-User
X-Tumblr-Pixel-0
X-Platform-Server
X-Request-Guid
X-Tumblr-Pixel
X-Cache-Control
X-BCube-Filmed-By
X-Instance
X-FB-Debug
X-WA-Info
X-Akamai-Edgescape
X-Device-Type
X-Content-Security-Policy-Report-Only
X-Content-Type
X-AOL-HN
Webserver
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Ruxit-Js-Agent
X-Cache-Hit
X-Zen-Fury
X-Varnish-Grace
Accept-Charset
Display
X-Sol
X-Middleton-Display
X-Cache-Rule
X-Varnish-Backend
Healthy
X-Seen-By
X-Wix-Request-Id
ViewerVersion
X-TT
X-Correlation-Id
X-URL
X-Origin-Server
X-Fastcgi-Cache
X-Drupal-Cache-Tags
X-Middleton-Response
Response
X-Cache-Server
X-Cache-Age
Cache-Status
Upgrade-Insecure-Requests
X-DataStream-Cache-Status
MS-CV
X-Daa-Tunnel
X-Varnish-Server
X-CACHE-GROUP
X-Cached-By
X-Drupal-Cache-Contexts
X-Storage
X-Generated-By
X-PHP-Backend
X-Amzn-RequestId
X-Amz-Apigw-Id
Payment
X-Amz-Replication-Status
X-Esi
X-Geo-Country
X-App-Server
X-Response-Served-From
Filters
NGB
Server-Node
X-UA-Device-Type
X-Adobe-Loc
X-Amz-Server-Side-Encryption
Access-Control-Allow-Method
GEO-INFO
X-S
X-Cacheable-TTL
X-Adobe-Content
X-FW-Type
Actual-Object-TTL
X-Varnish-IP
X-FW-Static
X-Jobs
X-Servedby
X-WPE-Loopback-Upstream-Addr
X-RequestSource
X-Locale
X-UUID
X-TT-TIMESTAMP
X-FW-Hash
X-Contextid
X-FW-Server
ServedBy
X-Edge-Cache
Viewport
X-FW-Serve
X-Cache-NE
X-Edge-Cache-Key
X-Tumblr-Pixel-2
X-TX-ID
X-Varnish-Hits
X-Tumblr-Pixel-1
X-Cache-Remote
Cache-Tv-Group
X-Accel-Expires
X-HS-Cache-Config
AsisCache
Server-Info
X-WebKit-CSP-Report-Only
S-Cnection
X-Cache-TTL-Remaining
X-Status
From-Origin
X-Dns-Prefetch-Control
X-Rendered-As
Host-Header
X-GeoIP
X-Cache-Operation
X-Region
X-APP-VERSION
X-Croise-Owner
X-XRDS-LOCATION
X-App-Version
Cache
SRV
X-Webkit-CSP
X-Redis-Cache
HostName
Served-By
X-BACKEND-TTL
X-Node-Name
Content-Style-Type
Content-Script-Type
DC
X-Hyper-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Liferay-Portal
X-CACHE-KEY
Public-Key-Pins-Report-Only
X-Upgrade-Enabled
X-RTag
Ms-Operation-Id
X-Cache-Config
Cache-Tag
X-Mode
X-Is-Bot
X-Cache-Var-Map
Machine
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-Parent-Response-Time
X-NGENIX-Cache
X-Cache-Category-Id
X-Timing-Wait
X-Vg-Webcache
X-Grey
X-Generated
X-Webstats-RespID
X-Site-Version
X-Hosted-By
X-Detected-As
X-Path-Route
Selected-FE
X-Proxy-Build
X-Protected-By
Cache-Name
X-Edge-IP
X-Labrador-Cache-Channel
Origin-Edge-Control
X-Human
Origin-Cache-Control
X-Request-Time
X-Web-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-NCache
X-Internal-Host
X-Origin-Response-Time
X-Original-Request
X-Environment-Context
X-Via-Fastly
X-L-Path
X-Akamai-Request-ID
X-Loop
X-Agile-Id
X-Agile-Age
X-BYPASS-REASON
X-CDN-Cache
X-Upstream-HT
X-Upstream-CT
X-TNCMS
X-JoinUs
X-Agile
Now
X-Akamai-Transformed
X-Format
X-Birta-Served
X-IP
X-Origin-CC
X-Pc-Hit
X-Pc-Appver
X-Origin-Host
X-Birta-Cache-Post
Azure-InstanceId
Cache-Key
DB-Nickname
User-Cache-Control
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Pc-Key
X-Origin
X-Tumblr-Pixel-3
X-ServerID
X-Time-Microsecs
X-Viewer-Country
X-Proxy
X-RemovedCookies
X-ProcessESI
X-Rule
Webcakes-App-Version
X-PCL
Webcakes-Region
Webcakes-App-Name
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
X-Access
TWC-GeoIP-LatLong
TWC-Privacy
X-Xfnlog-Site
Property-Id
X-Ocache
X-Origin-Hint
X-Section
X-Guploader-Uploadid
X-Tb
X-CCM
X-FC-Vary-Parameters
X-OCL
Load-Balancing
X-Www-Served-By
X-VG-TLSProxy
X-Backend-Name
X-Pubstack
Fastcgi-X-Cache
Fastcgi-Useragent
Cache-Tags
X-B3-Spanid
Fastcgi-X-Cache-Version
X-Zipkin-Id
HitType
X-Forwarded-Host
X-Proxied
X-App-Name
Xserver
X-Routing-Service
Powered-By-ChinaCache
X-Vgn-Hpd-Reason
Vix-Hermes-Req-Id
X-TIME
X-FB-TRIP-ID
X-GRACE
Country
X-ApacheServer
X-PERF
Pagespeed
Mn-Server-Ip
X-Cache-Backend
X-Cache-TTL
X-Endurance-Cache-Level
X-Via-CDN
X-Content-Age
Datacenter
X-Mrs-Cache
X-Mshield-Cache-Status
X-Unique-Id-Primal
X-Mrs-Cache-Hits
X-Mrs-Age
X-Correlation-ID
X-Nginx-Cache
X-Cdn-Forward
X-UA
X-RateLimit-Limit
OT-Force-Account-Verify
X-Real-IP
Time
X-Ezoic-Cdn
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Yottaa-Optimizations
X-Sorting-Hat-ShopId
Ohc-File-Size
X-ShardId
X-Sorting-Hat-PodId
X-Yottaa-Metrics
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-Varnish-Cacheable
X-Debug-Cache
X-OVcl
X-OVcl-Cache
X-Sucuri-ID
NtCoent-Length
X-Pc-Date
LB
X-Pc-Host
L5d-Success-Class
X-Ua
X-Hl-Ver
X-Varnish-Beresp-Ttl
We-Hiring
X-Varnish-Beresp-Grace
Mail-Subject
X-Unique-ID
X-Varnish-Beresp-Status
X-Ratelimit-Limit
X-MP-GENERATED-AT
X-CDN-Forward
Section-Io-Cache
X-Real-Ip
AR-SID
X-HS-Combine-CSS
X-Hit
X-Trace-Id
X-Proto
X-Amz-Meta-Surrogate-Control
User-Agent
X-Front
X-Akamai-Request-ID2
X-Cache-Enabled
X-Nc
X-Newrelic-App-Data
Pagetype
Access-Control-Request-Headers
X-Dynatrace-Js-Agent
X-C
Version
X-Time
X-Microcachable
X-Rocket-Nginx-Bypass
X-EdgeConnect-Cache-Status
X-CLOUD-TRACE-CONTEXT
Warning
Accept-Language
X-Cache-Expires
X-Cache-FS-Status
X-Cache-Id
X-Cache-URL
X-Cache-Debug
X-Cache-Host
X-Bip
X-Application
X-Aed
X-Auto-Login
X-B-Cookie
X-CF-Lambda-Fn
X-BB-ID
X-Cache-Bucket
X-CF-Lambda-Version
X-Thinkindot-L3
X-Device-Os
X-Died
X-Dispatcher-Server
X-Transaction
X-DPWN-IS-SECURE
X-Developer
X-Destination
X-Crawler
X-Connection-Hash
X-CUA
X-D
X-Date
X-Actual-URL
X-A-Wwc
Release
Powered-By
Rendered-Blocks
Request-Time
RNT-Machine
Resin-Trace
Platform
PFcat
MD5-Digest
Is-Eu
Memcached
Meta-Geo-Continent
Node
Mobile-Detection-Method
RNT-Time
Rt-Proxy-Cache
X-A
Www
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
VivaBuild
Viewtype
Server-ID
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
V-Age
X-Accel-Expires-Debug
X-Fetched-On
X-User
X-Rojux
X-Var-Ttl
X-Qloud-Router
Xc-Version
X-RCS-CacheZone
X-UE-Client-Country
X-PHP-Host
X-Passed-To-DLL
X-TT-LOGID
X-Passed-To-PostProcessResponse
X-PAYTM-SRV-ID
X-S-Cookie
X-Twitter-Response-Tags
X-Rebelmouse-Cache-Control
X-Rewrite-Enabled
X-WebServer
X-Returned-From-DLL
X-Region-Sid
X-Request-UUID
X-Returned-From
X-Returned-From-BeforeDispatch
X-VG-WebServer
X-Reboot
X-Variation
IBM-Web2-Location
X-Rebelmouse-Surrogate-Control
X-Returned-From-PostProcessResponse
X-Varnish-Action
X-Passed-To-BeforeDispatch
X-S-Maxage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Svr
X-Layer
X-Trv-Group
X-SRCache-Key
X-Store
X-Generated-On
X-Generated-In
X-Thanos
X-We-Are-Hiring
X-From
X-Swa-Ws
X-G
X-FW-Version
X-Server-Time
X-Level-Front-Cache
X-ScT
X-Served-From
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Passed-To
X-P-T
X-Logtrace-Id
X-Server-By
X-Li-Fabric
X-Server-IP
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-External-Request-Id
Thinkindot-Control
Fly-Cache
Arc-Country
BehaviorPad-Version
Fastly-SIE
Fly-Request-Id
X-Server-Cache
Frame-Options
Adler-Geo
Ajk
Fastly-Backend-Name
Fastly-SWR
Cache-Prefix
Ec-Rule-Version
X-Epic-Correlation-Id
X-Distributor
Content-Disposition
Ohc-Response-Time
X-Distil-CS
X-F5-Cache
X-Gen-Mode
X-Gannett-Site-Version
X-ElasticPress-Search
X-Fstrz
X-Backend-Host
AKAMAI
Cache-Cookie-Set-Lfrom
Backend
Backend-Name
Cache-Cookie-Set-From
X-GeoIP-Country-Code
X-Cache-CFC
Cache-Cookie-Set-Idcheck
X-Clientip
X-Block-Status
X-Backend-Url
X-Hash
X-Server-Group
X-ServiceProvider
X-Sf
X-Secret
X-Response-By
X-Release
X-Request-Start
X-Stale
X-SVT-ORM-RULES
X-Amz-Meta-Cache-Control
X-ARC
Magicmarker
X-UnsetCookies
X-SVT-ORM-VERSION
X-Via-NSCOPI
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Info
X-Instart-Info
X-Location
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Hnp-Log
X-IN-APIGATEWAY
X-MI-In-Market
X-MSEdge-Features
X-Origin-Date
X-Origin-Expires
X-Node-Id
X-No-Session
X-MSEdge-Flight
X-Nginx-Cache-Key
Country-Code
X-Phone
Web-Mar-Node
Who
MI-API
Heartbleed
MI-Cache
MI-Cache-Age
Pramga
Proxy-Connection
True-Client-Country-4JS
Origin
Esi-Enabled
SS
Decoy-Debug-TTL
GMS-Ver
Countrycode
Kp-EeAlive
Server-Int
SD-X-WS
Decoy-Debug-Key
Lfy
GW-Server
Decoy-Debug-Status
X-NODE
X-Be
HA-Geolon
HA-Geocity
HA-Cloudapp
REQUESTUUID
HA-Geolat
X-Key
HA-Geocountry
X-Micro-Cache
HA-Georegion
HA-Host
X-V
X-Up
HA-Urlpath
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Irp-Debug
IsBot
HA-Servedtime
X-SIPLIST1
Ha-Gx-Prefs
X-Policy
X-Platform
On-Server
X-Fastly-Cache
HA-Ipaddr
X-Request-URI
X-Page-Type
X-Origin-TTL
X-CGP
Apple-News-Services-Request-Url
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Eu-Site
X-Cache-Info
X-Core-Mission
X-Developers
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Debug-Cache-Store
X-Core-Value
Fastly-SSL
X-Cdn-Srv
X-Backend-State
CDCHOST
ServerName
Fastly-Soc-X-Request-Id
PageSpeed
X-Dc
X-Debug-Cookies
X-Debug-Log
X-Cdn-Origin
X-NX-Host
X-Servername
X-Sn-Servicetimems
X-Geo
WZWS-RAY
X-DC
X-NC
X-CMS-Context
X-COUNTRY
RequestId
X-Refresh
X-Pjax-Url
X-Org
X-Via-Edge
X-Via-SSL
MIME-Version
X-CACHE-AGE
Cteonnt-Length
X-LAGOON
X-Newrelic-Synthetics
X-Datadome
X-VarnCache
X-Servedbyhost
X-PARISIEN-Cache-Rendered
X-VarnPar1
Pragrma
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
UCS
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
Memory
Cdn
X-Req
Uber-Trace-Id
NGX
Request-EU
X-Instance-Name
Request-Country
Mime-Version
Host-ID
X-NWS-UUID-VERIFY
V-Cache
Group
X-VCT
X-GeoIP-City
X-Wa
Cache-Provider
X-CSRF-TOKEN
PICS-Label
X-RateLimit-Limit-Second
X-Gdpr
Nel
X-RateLimit-Remaining-Second
X-Webkit-Csp
X-Generation-Time
X-FireWall-Port
CF-IPCountry
X-Varnish-Cache-Hits
X-HTML-Minification-Powered-By
X-BBXSRF
GeoIP-Latitude
GeoIP-Country-Code
X-WR-MODIFICATION
XServer
CDN
X-Ratelimit-Remaining
X-B3-Traceid
X-Cache-ASPX
X-UPSTREAM-Address
Server-Surrogate-Control
Server-Cache-Control
X-Sedo-Request-Id
X-Cache-Grace
X-Fastly-Country-Code
X-Aicache-OS
X-Varnish-Authentication
X-DataStream-Origin-MEX-Latency
X-Cache-Miss-From
HitInfo
X-DataStream-MidMile-RTT
X-Powered-By-ANYU
X-Load-Cache
X-IPS-LoggedIn
X-StackifyID
Cf-Ipcountry
Geoip-Latitude
X-Varnish-Url
CACHE
X-VG-WebCache
GeoIp-Country-Code
X-Check-Cacheable
X-Source
X-EIG-Tracking-Id
X-Instart-Isnd
X-ND-Cache
X-Sucuri-Cache
X-FORWARDED-FOR
X-RCS-Backend
X-Fastly-Backend-Reqs
X-HOST
URI
X-From-Cache
X-Varnish-Beresp-TTL
X-TWH-CORRELATION-ID
Pics-Label
X-WA
X-Fastly-Cache-Hits
X-CDN-Pop-IP
X-CDN-Pop
X-APP
Is-Session-Tracking
Get-Access-Time
X-GEO
Proxy-Firewall
X-Unique-Id
X-Dynatrace
FSS-Cache
Powered
FSS-Proxy
X-GoCache-CacheStatus
X-SRV
X-FW-Dynamic
X-R9-Blue-Green-Version
X-Nananana
X-Server-W
X-Skip-Cache
X-VC-Cache
X-Sentry-ID
Processtime
X-NodeID
DataCenter
X-ID
X-GDPR
X-Pc-Subdomain
X-Flog
X-ServedByHost
X-ABtesting
WP-Super-Cache
X-Cluster-Node
SN
X-Csrf-Token
X-Hello
X-VServer
Hostname
Amp-Access-Control-Allow-Source-Origin
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-HS-Status
X-CSRF-Token
X-B3-SpanId
X-Fe
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-RequestId
X-PF-Uncompressing
X-BE
X-TrackingId
Dynatrace
X-Pf-Uncompressing
X-PJAX-URL
X-GZip
X-NGINX-Cache
X-Amzn-Remapped-Connection
X-GZIP
X-Amzn-Remapped-Date
X-Bug-Bounty
X-Worker
Cache-Hits
X-Gen-Id
TSSecure
X-Backend-TTL
X-LiteSpeed-Cache-Control
Requestid
X-Edge-Server
X-ORIG-AKA-EDGE
X-Cache-Ttl
Cdn-Host
Cdn-Request-Time
X-MServer
X-Swift-Error
ProcessTime
Serverid
DSUID
X-Alicdn-Da-Ups-Status
X-Tb-Optimization-Total-Bytes-Saved
X-ServerName
X-LiteSpeed-Tag
X-Varnish-URL
X-RAMCache
T-Server
A
X-SB
X-ORIG-AKA-COUNTRY-CODE
RequestUuid
X-HostName
X-VC
X-PAGE-TYPE
225prxHost
286prxHost
219prxHost
189phosttRef
188prxHost
352pxline
355prline
X-SN
Xxline
X-Requestid
SID
409pxxline
178proxuri
X-Akamai-ERRuleID
Correlation-Id
Location
X-Dw-Trace-Id
X-Akamai-ERPolicy
Xet-Cookie
X-VarnPar2
X-Port
X-Developed-By
Cneonction
NnCoection
X-CS
X-Serial