Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Request-ID
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Age
X-Server
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
Report-To
EagleEye-TraceId
X-Server-Id
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-Rack-Cache
X-Application-Context
X-CST
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
Rating
X-DynaTrace
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-Server-ID
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-Vhost
X-GitHub-Request-Id
X-Server-Name
X-ORACLE-DMS-RID
X-DataDome
X-VARITI-CCR
Accept-CH
RTSS
X-ESI
X-Ruxit-JS-Agent
X-Goog-Hash
X-Cached
X-MS-InvokeApp
Charset
Pinterest-Generated-By
X-Mod-Pagespeed
SPRequestGuid
X-PC
X-Vname
X-TtlSet
X-D2id
Verso
X-F-Cache
Public-Key-Pins
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-Version
X-Dispatcher
X-TTL
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Navigation-Version
X-B
X-Forwarded-Proto
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-Amz-Rid
X-SRCache-Store-Status
MS-Author-Via
X-Recruiting
X-Client-IP
DynaTrace
Realpath
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-Upstream
X-Ttl
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Nginx-Cache
Content-MD5
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
Arr-Disable-Session-Affinity
X-Hits
X-Debug
Edge-Cache-Tag
X-Varnish-Age
X-N
MRF-Tech
X-Oracle-Dms-Rid
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Goog-Storage-Class
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Aspnet-Version
X-MSEdge-Ref
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Acc-Meta-Resource-Type
X-Via-JSL
Access-Control-Request-Method
TCN
X-Id
S
X-ATG-Version
X-XRDS-Location
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
Service-Worker-Allowed
X-FTR-Expires
X-NewRelic-App-Data
X-Logged-In
X-Oneagent-Js-Injection
X-FastCGI-Cache
Alternate-Protocol
X-Forwarded-For
X-HS-Hub-Id
X-HS-Content-Id
Surrogate-Key
X-Kinsta-Cache
X-Frontend
Tracecode
Rt-Fastcgi-Cache
X-PressLabs-Stats
X-Cache-Key
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-FTR-Cache-Host
X-Grace
MicrosoftSharePointTeamServices
Fastly-Restarts
X-RateLimit-Remaining
X-CF-Powered-By
Server-Name
X-Amzn-Trace-Id
X-Edge-Location
Backend-Timing
X-Analytics
X-Ruxit-Js-Agent
X-Content-Options
TP-Cache
TP-L2-Cache
FilterID
Host
X-Cache-2
X-Rid
X-User-Agent
Fastcgi-Cache
X-Magnolia-Registration
X-Whom
X-B3-Sampled
X-Debug-Info
ServerID
X-IPLB-Instance
X-Revision
Ar-Sid
Eomportal-Instance
X-Page-Id
X-Hostname
X-Mobile
X-Srv
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
AR-Request-ID
X-VCache
Paypal-Debug-Id
X-Akam-SW-Version
Front-End-Https
X-AOL-HN
Retry-After
X-Content-Powered-By
X-B-Cache
X-Litespeed-Cache
X-GUploader-UploadID
X-Signature
X-Request-Guid
X-Handled-By
Source
Refresh
X-Cluster
X-Cache-Action
X-LB-Cache
X-FB-Debug
X-SS-Set-Cookie
X-Varnish-Hostname
X-App-Environment
X-Framework
X-Device-Type
X-BCube-Filmed-By
X-WA-Info
X-Tumblr-User
X-Tumblr-Pixel
X-Instance
X-Tumblr-Pixel-0
X-Cache-Control
X-Cache-Hit
X-Varnish-Grace
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
Cleartype
X-Platform-Server
X-HS-Cache-Config
Webserver
X-Activity-Id
X-Az
X-AppVersion
X-Zen-Fury
Display
X-XRDS-LOCATION
X-Sol
X-Middleton-Display
X-Correlation-Id
X-Content-Type
VIX-Pulpo-Upstream-Status
X-Varnish-Backend
VIX-Pulpo-Node
X-Esi
Healthy
X-Fastcgi-Cache
X-Cache-Rule
X-TA-CDN-Provider
X-Middleton-Response
Response
X-Cache-Server
X-URL
X-Varnish-Server
ViewerVersion
X-Seen-By
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Daa-Tunnel
X-TT
Upgrade-Insecure-Requests
X-Generated-By
X-App-Server
X-Cached-By
X-Drupal-Cache-Contexts
X-Geo-Country
Cache-Status
X-Origin-Server
Accept-Charset
S-Cnection
X-CACHE-GROUP
X-Cache-Age
X-Amzn-RequestId
X-Amz-Apigw-Id
Server-Node
X-DataStream-Cache-Status
X-Amz-Replication-Status
X-Accel-Expires
Payment
Filters
NGB
X-UA-Device-Type
X-Response-Served-From
X-Adobe-Loc
X-Adobe-Content
X-S
X-Edge-Cache-Key
X-Edge-Cache
GEO-INFO
Access-Control-Allow-Method
X-Contextid
X-Servedby
X-Status
X-UUID
X-RequestSource
X-Jobs
X-Cache-NE
X-Cacheable-TTL
ServedBy
Actual-Object-TTL
X-TX-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Locale
X-FW-Hash
X-Varnish-IP
X-FW-Type
X-TT-TIMESTAMP
X-FW-Serve
X-FW-Static
X-FW-Server
AsisCache
Cache-Tv-Group
X-Storage
X-Varnish-Hits
Server-Info
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
X-GeoIP
Viewport
X-WPE-Loopback-Upstream-Addr
X-PHP-Backend
MS-CV
X-Dns-Prefetch-Control
X-Cache-Remote
HostName
X-Cache-TTL-Remaining
X-Rendered-As
X-Node-Name
Cache
Host-Header
X-App-Version
X-Croise-Owner
From-Origin
X-Region
SRV
X-Cache-Operation
X-Vg-Webcache
X-Webkit-CSP
X-Hyper-Cache
X-Redis-Cache
X-APP-VERSION
Served-By
Liferay-Portal
X-Dynatrace-Js-Agent
Public-Key-Pins-Report-Only
Cache-Tag
DC
X-Mode
X-HS-Combine-CSS
X-Agile-Id
X-Detected-As
X-Timing-Wait
X-Proxy-Build
X-Agile-Age
X-Cache-Var-Map
X-Cache-Var
X-Agile
X-RN-RSRV
X-Akamai-Transformed
Selected-FE
X-Loop
X-Forwarded-Host
X-TNCMS
X-IP
Meta-Geo
X-Generated
X-Hosted-By
X-Path-Route
X-Is-Bot
X-Webstats-RespID
X-NGENIX-Cache
X-Upgrade-Enabled
Machine
X-Human
X-Upstream-HT
X-BYPASS-REASON
X-Cache-Category-Id
X-NCache
X-L-Path
X-Endurance-Cache-Level
Xserver
X-JoinUs
Cache-Name
X-Vgn-Hpd-Reason
X-Internal-Host
X-Request-Time
Origin-Edge-Control
Origin-Cache-Control
X-ProxyCache-Key
X-Labrador-Cache-Channel
X-Environment-Context
X-CDN-Cache
X-ProxyCache-Status
Powered-By-ChinaCache
X-Web-Node
X-Upstream-CT
X-Grey
Now
DB-Nickname
X-Origin-Response-Time
X-Tumblr-Pixel-3
X-FC-Vary-Parameters
X-Original-Request
X-Pubstack
X-Pc-Appver
X-Viewer-Country
X-Time-Microsecs
X-Origin
X-Akamai-Request-ID
X-Origin-Host
X-VG-TLSProxy
X-Via-Fastly
X-Birta-Served
X-ServerID
X-Pc-Key
X-Proxy
X-Pc-Hit
X-Birta-Cache-Post
S-Rt
X-B3-Spanid
X-UA
Fastcgi-Useragent
Cache-Tags
Azure-RegionName
Azure-InstanceId
Fastcgi-X-Cache
Azure-SiteName
Fastcgi-X-Cache-Version
X-Cache-Config
X-Backend-Name
X-Format
X-CCM
Azure-Version
Mn-Server-Ip
X-Xfnlog-Site
Azure-SlotName
X-PCL
X-Site-Version
X-Guploader-Uploadid
X-Rule
X-Tb
X-BACKEND-TTL
X-OCL
X-Ocache
X-Via-CDN
X-Yottaa-Metrics
TWC-Device-Class
X-Routing-Service
TWC-GeoIP-LatLong
X-App-Name
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Connection-Speed
X-Kong-Proxy-Latency
Pagespeed
X-Origin-CC
TWC-Privacy
X-Proxied
Property-Id
X-Parent-Response-Time
X-Zipkin-Id
X-Kong-Upstream-Latency
X-Yottaa-Optimizations
X-Access
HitType
Content-Style-Type
X-Origin-Hint
Webcakes-App-Name
X-Section
Webcakes-App-Version
Webcakes-Region
Content-Script-Type
Datacenter
Cache-Key
X-Newrelic-App-Data
X-ProcessESI
X-RemovedCookies
X-Edge-IP
X-Www-Served-By
X-Protected-By
User-Cache-Control
X-TIME
AR-SID
Vix-Hermes-Req-Id
X-Nginx-Cache
X-CACHE-KEY
OT-Force-Account-Verify
X-Cache-TTL
X-Sorting-Hat-ShopId
Ms-Operation-Id
X-ShopId
X-RTag
X-Alternate-Cache-Key
X-Ezoic-Cdn
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
X-Akamai-Request-ID2
X-Correlation-ID
Time
X-PERF
X-Cache-Backend
X-OVcl
X-ApacheServer
X-OVcl-Cache
X-FB-TRIP-ID
X-Real-IP
X-Cdn-Forward
X-RateLimit-Limit
NtCoent-Length
X-Pc-Date
X-Pc-Host
Accept-Language
L5d-Success-Class
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Front
X-Mshield-Cache-Status
X-Unique-Id-Primal
X-Webkit-Csp
X-Content-Age
Country
X-Real-Ip
LB
Load-Balancing
X-Proto
X-Debug-Cache
X-Ratelimit-Limit
X-Amz-Meta-Surrogate-Control
Section-Io-Cache
X-Varnish-Cacheable
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Ohc-File-Size
X-CDN-Forward
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Unique-ID
X-Hit
WZWS-RAY
X-Sucuri-ID
X-Nc
X-Hl-Ver
X-MP-GENERATED-AT
Mail-Subject
X-GRACE
We-Hiring
X-Time
Warning
X-Trace-Id
X-EdgeConnect-Cache-Status
X-Microcachable
X-CLOUD-TRACE-CONTEXT
User-Agent
X-Geo
X-C
Version
X-Auto-Login
X-Cache-Expires
X-B-Cookie
X-Cache-Enabled
X-Cache-FS-Status
X-Cache-Bucket
X-BB-ID
X-Connection-Hash
X-CUA
X-Crawler
X-D
X-Date
X-Destination
X-WebServer
X-Application
X-Cache-Id
X-Cache-URL
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Host
X-A-Wwc
Request-Time
Rendered-Blocks
Release
Resin-Trace
RNT-Machine
SD-X-WS
Rt-Proxy-Cache
RNT-Time
Powered-By
Platform
Memcached
MD5-Digest
Is-Eu
Meta-Geo-Continent
Mobile-Detection-Method
PFcat
Node
Server-Host
Server-ID
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Dgt
X-Developer
X-Actual-URL
X-Accel-Expires-Debug
X-A
Xc-Version
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
SS
Thinkindot-Control
V-Age
VivaBuild
Viewtype
X-Aed
X-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-NU-AKA-ACS-Version
X-Org
X-Passed-To
X-P-T
X-Rewrite-Enabled
X-Rojux
X-Server-Time
X-SRCache-Key
X-Server-By
X-ScT
X-S-Cookie
X-S-Maxage
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-Rebelmouse-Cache-Control
X-Response-By
X-Request-UUID
X-Release
X-Reboot
X-Region-Sid
X-RCS-CacheZone
X-Returned-From
IBM-Web2-Location
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-PAYTM-SRV-ID
X-Qloud-Router
X-PHP-Host
X-Store
X-Swa-Ws
X-G
X-FW-Version
X-Generated-In
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Li-Fabric
X-Layer
X-Rebelmouse-Surrogate-Control
X-Fetched-On
X-Died
X-Device-Os
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Via-SSL
X-External-Request-Id
X-Li-Pop
X-LI-Proto
X-Twitter-Response-Tags
X-UE-Client-Country
X-TT-LOGID
X-Trv-Group
X-Thinkindot-L3
X-Transaction
X-Node-Id
X-Var-Ttl
X-VG-WebServer
X-Via-Edge
X-LI-UUID
X-Logtrace-Id
X-Matched-Rule
X-Variation
X-We-Are-Hiring
Www
Fastly-SWR
Fastly-SIE
Fly-Cache
Fly-Request-Id
Frame-Options
Fastly-Backend-Name
Cache-Prefix
Adler-Geo
Access-Control-Request-Headers
Ajk
Arc-Country
BehaviorPad-Version
X-Ua
Ec-Rule-Version
X-Via-NSCOPI
X-Rocket-Nginx-Bypass
Pagetype
X-Nginx-Cache-Key
X-No-Session
Cache-Cookie-Set-Lfrom
X-Amz-Meta-Cache-Control
Cache-Cookie-Set-Idcheck
X-MI-In-Market
Magicmarker
Cache-Cookie-Set-From
X-F5-Cache
Heartbleed
Countrycode
Decoy-Debug-Key
Decoy-Debug-Status
X-User
Content-Disposition
X-Origin-Date
X-Origin-Expires
X-Backend-State
X-Location
X-IN-SSL-APIGATEWAY
X-Fstrz
X-IN-WAF
X-Clientip
X-IN-APIGATEWAY
X-GeoIP-Country-Code
X-Hash
X-Hnp-Log
X-Info
Kp-EeAlive
X-Bip
Decoy-Debug-TTL
Backend
X-Block-Status
X-Cache-CFC
X-Key
X-Cache-Debug
X-Gen-Mode
Country-Code
GW-Server
On-Server
GMS-Ver
X-Stale
MI-Cache
MI-Cache-Age
Proxy-Connection
Origin
X-UnsetCookies
X-Thanos
X-ServiceProvider
X-Server-IP
X-Served-From
X-Server-Group
X-Sf
Server-Int
X-Distributor
Esi-Enabled
X-Proxy-Cache-Status
X-Phone
True-Client-Country-4JS
Fastly-SSL
X-Proxy-Upstream
MI-API
Web-Mar-Node
X-Varnish-Action
Pramga
X-Dc
X-ElasticPress-Search
X-NODE
X-Datadome
X-SVT-ORM-RULES
X-Up
X-Epic-Correlation-Id
X-Eu-Site
X-Fastly-Cache
X-Gannett-Site-Version
X-SVT-ORM-VERSION
X-Secret
X-Request-URI
X-Request-Start
X-Micro-Cache
Backend-Name
X-V
X-Page-Type
X-Irp-Debug
X-MSEdge-Flight
X-MSEdge-Features
X-Distil-CS
X-SIPLIST1
X-Policy
HA-Servedtime
X-Core-Mission
HA-Cloudapp
HA-Ipaddr
AKAMAI
X-Backend-Url
X-Core-Value
X-CGP
HA-Urlpath
HA-Host
IsBot
HA-Geolon
Ha-Gx-Prefs
X-Backend-Host
HA-Georegion
HA-Geocity
HA-Geocountry
HA-Geolat
X-Be
X-DC
X-Debug-Cache-Expiry
X-NX-Host
X-Debug-Cache-Store
X-Wikidot-Static-Cache
X-Developers
X-Wikidot-Backend
X-Debug-Cache-Fetch
Apple-News-Services-Host
X-CACHE-AGE
X-Refresh
REQUESTUUID
X-Sn-Servicetimems
Pragrma
X-Platform
Apple-News-Services-Handled
X-Origin-TTL
Fastly-Soc-X-Request-Id
CDCHOST
Apple-News-Services-Parsed-Url
Who
Apple-News-Services-Request-Url
X-Debug-Log
X-Cdn-Origin
X-Debug-Cookies
X-Svr
PageSpeed
Uber-Trace-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
Lfy
X-COUNTRY
X-Generated-On
UCS
Request-EU
X-NC
X-Level-Front-Cache
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Instart-Info
X-Servername
X-SERVER
Request-Country
X-Instance-Name
Locale
ServerName
X-Server-Cache
X-NWS-UUID-VERIFY
X-VarnPar1
X-Cdn-Srv
X-VarnCache
X-PARISIEN-Cache-Rendered
Ohc-Response-Time
X-Cache-Info
RequestId
Host-ID
V-Cache
Group
MIME-Version
X-Req
X-GeoIP-City
X-ARC
X-Pjax-Url
X-VCT
X-Newrelic-Synthetics
Cteonnt-Length
HitInfo
Cache-Provider
Memory
PICS-Label
X-BBXSRF
Cdn
X-CMS-Context
Mime-Version
X-Powered-By-ANYU
X-Gdpr
X-EIG-Tracking-Id
X-Servedbyhost
X-Ratelimit-Remaining
X-LAGOON
Nel
X-TWH-CORRELATION-ID
X-WR-MODIFICATION
CF-IPCountry
X-StackifyID
NGX
X-Aicache-OS
X-Wa
X-HTML-Minification-Powered-By
CDN
GeoIP-Country-Code
GeoIP-Latitude
X-Load-Cache
X-B3-Traceid
X-Fastly-Country-Code
X-FireWall-Port
X-CSRF-TOKEN
XServer
X-Fastly-Backend-Reqs
X-Cluster-Node
X-Varnish-Cache-Hits
Cf-Ipcountry
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-WA
X-NodeID
X-UPSTREAM-Address
FSS-Cache
X-Generation-Time
FSS-Proxy
X-Sentry-ID
X-VServer
X-Cache-Miss-From
Processtime
X-Hello
X-Flog
GeoIp-Country-Code
X-Check-Cacheable
Geoip-Latitude
X-Sedo-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-ABtesting
X-Csrf-Token
X-Cache-Grace
X-Unique-Id
X-Source
SN
X-HOST
CACHE
X-Varnish-Beresp-TTL
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-APP
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
WP-Super-Cache
X-GZip
X-CDN-Pop
X-CDN-Pop-IP
X-ServedByHost
X-IPS-LoggedIn
URI
X-Varnish-Authentication
X-Nananana
Server-Surrogate-Control
X-Dynatrace
X-RCS-Backend
X-Cache-ASPX
X-CSRF-Token
TSSecure
Server-Cache-Control
X-SRV
Pics-Label
X-DataStream-Origin-MEX-Latency
X-Skip-Cache
X-DataStream-MidMile-RTT
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Worker
X-Varnish-Url
X-FORWARDED-FOR
X-MServer
X-VC-Cache
X-GDPR
DataCenter
X-ID
X-VG-WebCache
X-ND-Cache
X-HS-Status
A
X-Instart-Isnd
X-BE
Is-Session-Tracking
X-GoCache-CacheStatus
Get-Access-Time
X-From-Cache
X-Fastly-Cache-Hits
PageType
X-B3-SpanId
X-Sucuri-Cache
X-Backend-TTL
X-Swift-Error
Hostname
X-Port
Dynatrace
HTTPS
X-PJAX-URL
Proxy-Firewall
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-SplitTest
X-Gen-Id
Requestid
Odigeo-Trace-Id
X-Bug-Bounty
X-Amzn-Remapped-Connection
X-GZIP
Powered
X-Amzn-Remapped-Date
X-Pf-Uncompressing
X-Server-W
FastCGI-Cache
X-SN
X-Cache-Ttl
X-VarnPar2
X-ORIG-AKA-EDGE
X-Owner
X-Fe
X-NGINX-Cache
X-Amz-Meta-S3b-Last-Modified
Serverid
Cache-Hits
X-Alicdn-Da-Ups-Status
X-SB
X-PAGE-TYPE
X-VC
X-ServerName
X-Serial
X-RequestId
X-Pc-Subdomain
X-RAMCache
X-LiteSpeed-Cache-Control
X-Varnish-URL
X-GEO
RequestUuid
T-Server
X-Dw-Trace-Id
WebServer
X-ORIG-AKA-COUNTRY-CODE
X-HostName
X-Akamai-ERRuleID
X-CS
Xet-Cookie
X-Akamai-ERPolicy
X-PF-Uncompressing
Correlation-Id
Location
SID
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
NnCoection
X-Ms-Blob-Type
X-HTML-Edge-Cache
X-LiteSpeed-Tag
X-Akamai-SSL-Client-Sid
X-Developed-By