Threat Level: green Handler on Duty: Tom Webb

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-FRAME-OPTIONS
Content-Encoding
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
X-Request-ID
Xkey
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
X-UA-Device
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-Kinja-Server-Push
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-Host
X-OneAgent-JS-Injection
X-Response-Time
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Rq
X-Cnection
X-Readtime
X-Node
X-Rack-Cache
X-WebKit-CSP
Server-Timing
Report-To
EagleEye-TraceId
X-Application-Context
Request-Id
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-Iejgwucgyu
X-Ua-Compatible
X-EdgeConnect-Origin-MEX-Latency
X-CST
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
X-Country
Pinterest-Generated-By
X-Url
Rating
X-Px
X-Country-Code
X-DataDome
X-Server-Name
X-Ruxit-JS-Agent
X-Origin-Cache
X-Varnish-TTL
Allow
X-MS-InvokeApp
X-DynaTrace
X-TTL
X-Vhost
X-PC
X-TtlSet
X-Vname
X-Cached
X-FTR-Request-ID
RTSS
X-ESI
X-Goog-Hash
X-DynaTrace-JS-Agent
X-Powered-CMS
Charset
X-Powered-By-Plesk
X-VARITI-CCR
X-Oracle-Dms-Rid
Accept-CH
Public-Key-Pins
X-Dispatcher
X-D2id
X-Trace
X-GitHub-Request-Id
SPRequestGuid
X-Mod-Pagespeed
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-F-Cache
X-SharePointHealthScore
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
Content-MD5
MS-Author-Via
Verso
X-T
X-Version
X-Recruiting
SPIisLatency
SPRequestDuration
Nginx-Cache
X-Shield-Request-Id
X-Abt-Application-Version
X-Client-IP
X-Server-ID
X-Dns-Prefetch-Control
X-Forwarded-Proto
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-TraceId
X-HW
X-N
Accept-CH-Lifetime
X-Navigation-Version
X-DIS-Request-ID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Dw-Request-Base-Id
X-Amz-Rid
X-XRDS-Location
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Upstream
X-B
X-Origin-Upstream-Status
Fastly-Restarts
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-Hits
DynaTrace
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-ORACLE-DMS-RID
Realpath
TCN
X-Content-Options
Arr-Disable-Session-Affinity
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Ser
X-Goog-Stored-Content-Length
X-Pad
Service-Worker-Allowed
X-NF-Request-ID
X-Webkit-Csp
X-Content-Digest
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
X-Id
Tracecode
Access-Control-Request-Method
X-Varnish-Age
Front-End-Https
S
X-Debug
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Amz-Cf-Pop
X-FastCGI-Cache
X-Vcap-Request-Id
X-Middleton-Display
X-Sol
Display
X-MSEdge-Ref
X-RateLimit-Remaining
X-PressLabs-Stats
X-FTR-Balancer
X-FTR-Backend-Server
X-Kinsta-Cache
X-FTR-Expires
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-IPLB-Instance
X-Frontend
X-Cache-Hit
Surrogate-Key
X-ATG-Version
X-HS-Hub-Id
X-HS-Content-Id
Powered-By-ChinaCache
Fastcgi-Cache
X-Grace
X-Zen-Fury
Rt-Fastcgi-Cache
X-Forwarded-For
X-Logged-In
Server-Name
X-Middleton-Response
Response
X-Debug-Info
Backend-Timing
X-Analytics
X-CF-Powered-By
X-Request-Received
X-Request-Processing-Time
X-Oneagent-Js-Injection
X-Edge-Location
X-Amzn-Trace-Id
FilterID
X-Rid
X-FTR-Cache-Host
X-Mobile
X-Ttl
Host
X-Revision
X-Akam-SW-Version
X-Geo-Segment
TP-L2-Cache
X-NewRelic-App-Data
TP-Cache
AMP-Access-Control-Allow-Source-Origin
X-SS-Set-Cookie
X-User-Agent
Edge-Cache-Tag
X-Litespeed-Cache
X-Cache-Key
MicrosoftSharePointTeamServices
Ar-Sid
Cache-Status
X-Cached-By
Host-Header
X-Accel-Expires
X-Drupal-Cache-Tags
Refresh
X-Magnolia-Registration
X-SERVER
X-HS-Cache-Config
X-Newrelic-App-Data
X-Varnish-Backend
ServerID
Liferay-Portal
X-GUploader-UploadID
X-Node-Name
X-Cache-Rule
X-TA-CDN-Provider
X-Use-Magma
X-B3-TraceId-Primal
X-FB-Debug
X-Platform-Server
X-B3-Sampled
X-Cluster
DC
X-Cache-Control
X-Content-Security-Policy-Report-Only
X-Instance
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-Cache-2
X-Webkit-CSP
X-AOL-HN
X-Tumblr-User
X-Tumblr-Pixel
Cache-Tag
X-B-Cache
X-Page-Id
X-Varnish-Hostname
X-Device-Type
X-App-Environment
X-Whom
X-BCube-Filmed-By
X-Signature
X-LB-Cache
Cleartype
X-Framework
X-Handled-By
X-Srv
X-Request-Guid
Public-Key-Pins-Report-Only
AR-Request-ID
X-Activity-Id
X-Az
X-Esi
X-Generated-By
X-AppVersion
X-WPE-Loopback-Upstream-Addr
Eomportal-Instance
Accept-Charset
X-NWS-LOG-UUID
X-Drupal-Cache-Contexts
X-Cache-Action
X-Cache-Server
X-Via-JSL
X-TT
X-App-Server
MS-CV
X-Seen-By
X-Wix-Request-Id
ViewerVersion
Retry-After
X-Amz-Replication-Status
X-Fastcgi-Cache
Source
X-Content-Powered-By
X-VCache
Alternate-Protocol
Upgrade-Insecure-Requests
X-Hostname
HostName
X-Correlation-Id
X-App-Version
X-WA-Info
X-Varnish-Server
Webserver
Server-Node
X-Varnish-Grace
X-Response-Served-From
X-Cache-NE
AsisCache
X-HS-Combine-CSS
X-Geo-Country
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Amz-Apigw-Id
X-Amzn-RequestId
X-WebKit-CSP-Report-Only
SRV
X-Locale
Actual-Object-TTL
X-RequestSource
X-URL
X-GeoIP
X-FW-Hash
X-FW-Server
ServedBy
X-FW-Type
X-Jobs
X-FW-Static
GEO-INFO
X-FW-Serve
X-S
Payment
X-Varnish-Hits
Viewport
X-Edge-Cache
X-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Contextid
X-Servedby
X-Edge-Cache-Key
X-UUID
X-Varnish-IP
AR-SID
X-Cache-TTL-Remaining
CACHE
X-TX-ID
X-Adobe-Content
X-Adobe-Loc
X-Correlation-ID
X-TT-TIMESTAMP
X-Origin-Server
X-Vg-Webcache
X-Daa-Tunnel
X-Cacheable-TTL
Pagespeed
X-Cache-Operation
PageSpeed
Country
Datacenter
X-Sucuri-ID
X-RateLimit-Limit
Server-Info
X-Hyper-Cache
Served-By
X-Amz-Server-Side-Encryption
X-Forwarded-Host
X-Region
X-Akamai-Request-ID2
S-Cnection
From-Origin
Cache
X-Mode
X-TIME
X-Cache-Age
X-CLOUD-TRACE-CONTEXT
X-DataStream-Cache-Status
HitInfo
HitType
Fastcgi-X-Cache-Version
Machine
X-Generated
X-Cache-Config
X-Cache-Var
X-Is-Bot
X-Amz-Meta-Surrogate-Control
X-Cache-Var-Map
X-Upgrade-Enabled
X-Detected-As
Access-Control-Allow-Method
X-Format
Fastcgi-X-Cache
X-JoinUs
X-Rule
X-Rendered-As
X-Routing-Service
Content-Script-Type
Content-Style-Type
X-RN-RSRV
X-Proxy
X-Proxied
X-Zipkin-Id
X-Ezoic-Cdn
X-Site-Version
Meta-Geo
X-Section
X-Access
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-LatLong
X-Environment-Context
TWC-Device-Class
TWC-Connection-Speed
X-Akamai-Transformed
Property-Id
TWC-GeoIP-Country
OT-Force-Account-Verify
TWC-Locale-Group
X-L-Path
Now
X-Grey
X-NGENIX-Cache
X-Hosted-By
X-Agile
Fastcgi-Useragent
X-Origin-Hint
X-Real-IP
X-Request-Time
DB-Nickname
X-Ocache
L5d-Success-Class
Xserver
X-Agile-Id
X-Agile-Age
X-Birta-Cache-Post
X-Birta-Served
X-CDN-Cache
LB
X-Cache-Category-Id
Azure-InstanceId
Azure-RegionName
Healthy
Azure-Version
Azure-SiteName
X-Content-Type
X-ServerID
X-Rocket-Nginx-Bypass
X-Tb
X-TNCMS
X-Via-Fastly
X-PCL
X-OCL
X-FC-Vary-Parameters
X-CCM
X-Hit
X-Human
X-Loop
S-Rt
Azure-SlotName
X-Viewer-Country
X-Ms-Version
X-Ms-Request-Id
X-Origin
X-Ms-Lease-Status
Mn-Server-Ip
X-Microcachable
X-Labrador-Cache-Channel
X-Ms-Blob-Type
X-Xfnlog-Site
X-BYPASS-REASON
X-XRDS-LOCATION
X-AWS-Id
X-EIG-Tracking-Id
X-IP
X-VG-TLSProxy
X-LJ-Flow-ID
X-OVcl
X-Original-Request
X-RemovedCookies
X-VWS-Id
X-OVcl-Cache
X-Pc-Hit
X-SplitTest
X-Pc-Appver
X-Upstream-HT
X-Upstream-CT
X-ProxyCache-Status
X-Pubstack
X-ProcessESI
Cache-Name
X-Pc-Key
X-ProxyCache-Key
X-Path-Route
Accept-Language
X-Cluster-Node
X-Ruxit-Js-Agent
X-Source
X-Www-Served-By
X-Proxy-Build
X-Distil-CS
X-Timing-Wait
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
Selected-FE
IBM-Web2-Location
X-ShardId
X-Shopify-Stage
X-Guploader-Uploadid
X-Cache-Enabled
Cache-Hits
X-Cdn
X-Web-Node
X-Via-CDN
X-App-Name
X-RTag
X-Transaction
X-NodeID
X-Twitter-Response-Tags
X-Connection-Hash
X-Real-Ip
X-APP-VERSION
Access-Control-Request-Headers
X-Port
X-TWH-CORRELATION-ID
Ms-Operation-Id
Origin-Cache-Control
NtCoent-Length
X-GRACE
Origin-Edge-Control
X-MP-GENERATED-AT
Time
X-Origin-CC
X-Unique-ID
X-Cache-Remote
X-Nginx-Cache
Backend
X-Edge-IP
X-Varnish-Cacheable
X-UA
X-Geo
X-Debug-Cache
User-Agent
X-Cache-TTL
We-Hiring
Mail-Subject
X-Internal-Host
X-NCache
X-Pc-Date
X-Tumblr-Pixel-3
X-Pc-Host
X-Varnish-Cache-Hits
NGB
X-Proto
Filters
X-Cdn-Forward
X-Sucuri-Cache
X-Ratelimit-Limit
X-Storage
X-Ua
X-Time-Microsecs
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-ApacheServer
X-PERF
X-Vgn-Hpd-Reason
X-Csrf-Token
X-Newrelic-Synthetics
X-CACHE-GROUP
X-Oracle-Dms-Ecid
X-Urbn-Context-Path
Warning
Locale
Fastly-SSL
X-CACHE-AGE
X-Urbn-Site-Id
X-ElasticPress-Search
X-Webstats-RespID
X-Akamai-Request-ID
X-Varnish-Beresp-Status
Cache-Tags
X-Varnish-Beresp-Grace
X-Backend-Name
X-C
Cache-Key
X-CDN-Forward
X-CACHE-KEY
X-EdgeConnect-Cache-Status
X-CGP
X-CF-Lambda-Version
Fly-Cache
Ec-Rule-Version
X-Destination
X-Date
X-D
Fly-Request-Id
FSS-Cache
HA-Cloudapp
HA-Geocity
X-Cache-Bucket
GMS-Ver
FSS-Proxy
X-Cache-Srv
X-CF-Lambda-Fn
Content-Disposition
Apple-News-Services-Request-Url
Arc-Country
X-F5-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-From
Ajk
Apple-News-Services-Handled
BehaviorPad-Version
X-External-Request-Id
X-Died
X-Developers
HA-Geocountry
X-DPWN-IS-SECURE
Cache-Prefix
X-Eu-Site
X-Epic-Correlation-Id
X-Developer
HA-Geolat
X-A-Dam
X-A-Ccd
X-A
X-A-Dcw
X-A-Dgt
Mobile-Detection-Method
X-A-Wwc
Odigeo-Trace-Id
VivaBuild
Viewtype
Rt-Proxy-Cache
SN
Server-Host
Resin-Trace
TSSecure
Rendered-Blocks
V-Age
X-Accel-Expires-Debug
X-Aed
HA-Ipaddr
HA-Servedtime
HA-Urlpath
HA-Host
Ha-Gx-Prefs
HA-Geolon
HA-Georegion
X-BB-ID
X-Backend-Url
X-Application
Meta-Geo-Continent
X-Amz-Meta-Cache-Control
MD5-Digest
X-B-Cookie
X-Backend-TTL
X-Backend-Host
X-G
X-Fetched-On
X-S-Cookie
X-Wikidot-Backend
X-ScT
X-Server-By
X-Rojux
X-Wikidot-Static-Cache
X-Platform
X-Region-Sid
Xc-Version
X-Rewrite-Enabled
X-Nc
X-Server-Time
X-UE-Client-Country
X-Via-SSL
X-Via-Edge
X-VG-WebServer
X-Trv-Group
X-Store
X-Dc
X-UA-Device-Type
X-SRCache-Key
X-PAYTM-SRV-ID
User-Cache-Control
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Logtrace-Id
X-IN-WAF
WZWS-RAY
X-Endurance-Cache-Level
X-Hash
X-GeoIP-Country-Code
X-Org
X-Generated-In
X-Irp-Debug
X-NU-AKA-ACS-Version
X-Powered-By-ANYU
X-NC
X-B3-Spanid
X-NX-Host
Thinkindot-CacheControl
X-VServer
X-Auto-Login
Www
X-Sn-Servicetimems
X-Cache-Host
X-We-Are-Hiring
Fastly-Soc-X-Request-Id
X-Worker
X-Debug-Cookies
UCS
X-ABtesting
X-Debug-Log
X-Cdn-Origin
Thinkindot-CacheControl-Type
Thinkindot-Control
X-ServiceProvider
X-Location
X-Layer
X-Matched-Rule
X-No-Session
X-Clientip
X-Owner
X-Key
X-Hl-Ver
X-Flog
X-Gannett-Site-Version
Server-ID
X-GeoIP-City
X-Hello
X-Reboot
X-Redis-Cache
X-Thinkindot-L3
X-SIPLIST1
X-BBXSRF
X-Backend-State
X-User
X-UnsetCookies
X-FW-Version
X-Secret
X-Request-URI
X-Request-Start
X-Response-By
X-Cache-URL
X-S-Maxage
X-V
X-Dispatcher-Server
Heartbleed
GW-Server
X-Cache-Backend
Memcached
Origin
X-PHP-Backend
Frame-Options
Decoy-Debug-TTL
AKAMAI
Backend-Name
Country-Code
Countrycode
Decoy-Debug-Status
Decoy-Debug-Key
Pramga
IsBot
X-Varnish-Beresp-Ttl
RNT-Time
RNT-Machine
X-Qloud-Router
X-MI-In-Market
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Ms-Lease-State
X-MSEdge-Features
X-MSEdge-Flight
X-Cache-Id
X-Node-Id
X-Passed-To
X-Nginx-Cache-Key
X-Instance-Name
Adler-Geo
X-Rebelmouse-Surrogate-Control
X-Trace-Id
X-Fastly-Cache
X-Var-Ttl
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Passed-To-BeforeDispatch
X-Info
X-Hnp-Log
X-Rebelmouse-Cache-Control
X-Li-Fabric
X-Passed-To-DLL
X-Served-From
X-Server-IP
X-Sentry-ID
X-VCT
X-Returned-From-PostProcessResponse
X-Sf
X-Stale
X-DC
X-Up
X-Varnish-Action
X-Thanos
X-Swa-Ws
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Policy
Fastly-SIE
X-Phone
X-Passed-To-PostProcessResponse
Fastly-SWR
X-RCS-CacheZone
X-WebServer
Server-Int
X-Request-UUID
X-Release
CDCHOST
X-Variation
X-Returned-From
Is-Eu
X-Bip
Kp-EeAlive
Magicmarker
MI-Cache
X-Block-Status
X-Cache-Debug
X-Core-Value
X-Crawler
X-Core-Mission
Esi-Enabled
Fastly-Backend-Name
X-Actual-URL
MI-Cache-Age
Request-EU
Request-Country
Uber-Trace-Id
True-Client-Country-4JS
Section-Io-Cache
Release
Web-Mar-Node
NodeID
On-Server
Platform
X-Distributor
X-Croise-Owner
Pragrma
X-CUA
X-Datadome
X-TT-LOGID
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fstrz
X-Device-Os
X-Cache-Expires
REQUESTUUID
X-Cache-CFC
X-Via-NSCOPI
Cache-Cookie-Set-Lfrom
Pagetype
MI-API
Powered-By
X-P-T
X-BB-IP
X-HOST
Proxy-Connection
X-NODE
HTTPS
ProcessTime
X-Page-Type
X-Refresh
X-Servername
MIME-Version
RequestId
Cteonnt-Length
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Be
X-SN
X-Pjax-Url
X-NWS-UUID-VERIFY
X-Kong-Proxy-Latency
X-Req
X-MServer
X-Origin-Response-Time
X-Kong-Upstream-Latency
Version
X-Ckpd-Fst-Backend
X-Origin-TTL
X-GZip
X-Dynatrace-Js-Agent
X-Parent-Response-Time
Cdn
X-Cache-FS-Status
Memory
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Amp-Access-Control-Allow-Source-Origin
Who
X-Unique-Id-Primal
Group
V-Cache
CF-IPCountry
X-Content-Age
Mime-Version
X-Aicache-OS
X-Servedbyhost
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
SS
X-ND-Cache
X-Varnish-Url
X-Vcache
X-Time
X-COUNTRY
X-Wa
PageType
X-SERVER-NAME
X-B3-Traceid
GeoIP-Country-Code
X-Varnish-Beresp-TTL
CDN
X-Generation-Time
X-RateLimit-Remaining-Second
X-Pf-Uncompressing
X-RateLimit-Limit-Second
X-GEO
X-FireWall-Port
X-Edge-Server
X-SRV
Cdn-Host
X-Protected-By
X-Unique-Id
Cdn-Request-Time
GeoIP-Latitude
Geoip-Latitude
X-Cache-Info
Is-Session-Tracking
X-Server-Group
X-APP
GeoIp-Country-Code
X-Fastly-Cache-Hits
Get-Access-Time
XServer
SD-X-WS
X-EC-Security-Audit
X-CS
Serverid
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-WA
X-Ratelimit-Remaining
NGX
X-Surge-Debug
X-Server-W
X-Requestid
A
T-Server
Load-Balancing
X-CSRF-Token
ServerName
X-HTML-Minification-Powered-By
X-FORWARDED-FOR
X-Origin-Expires
X-Origin-Date
Nel
X-Check-Cacheable
X-Gdpr
PICS-Label
X-ID
X-Nananana
DataCenter
X-RequestId
X-ServedByHost
X-Fastly-Country-Code
Cf-Ipcountry
X-StackifyID
X-Origin-Host
X-Skip-Cache
URI
X-ARC
X-Atg-Version
Hostname
Processtime
Node
X-GZIP
X-Alicdn-Da-Ups-Status
X-Load-Cache
X-PF-Uncompressing
X-Feature
X-HS-Status
X-NGINX-Cache
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-PHP-Host
X-DataStream-MidMile-RTT
X-BE
X-Proxy-Cache-Status
X-Proxy-Upstream
X-DataStream-Origin-MEX-Latency
X-Proxy-Server
X-UPSTREAM-Address
X-B3-SpanId
WP-Super-Cache
Vix-Hermes-Req-Id
X-PJAX-URL
X-ServerName
X-Fe
X-VG-WebCache
Cache-Provider
X-IPS-LoggedIn
RequestUuid
Lfy
Requestid
Powered
Cneonction
X-HTML-Edge-Cache
X-PAGE-TYPE
X-Cdn-Srv
Https
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-From-Cache
X-Planisys-CDN-Rules
X-Distil-Cs
X-VC
X-Content-Encoded-By
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-SB
N-Cache
Request-Time
X-Gen-Id
X-Akamai-SSL-Client-Sid
Sid
X-Serial
SID
X-CSRF-TOKEN
X-WR-MODIFICATION
Cdn-Src-Port
X-Dw-Trace-Id
X-RAMCache
X-Grace-Duration
Build-Number