Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Upgrade
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Server
X-Cache-Group
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Cnection
X-Node
X-Host
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-DataDome
X-Vhost
X-ESI
X-Server-Name
X-GitHub-Request-Id
X-Server-ID
X-VARITI-CCR
X-MS-InvokeApp
RTSS
Accept-CH
X-Cached
X-Goog-Hash
X-Ruxit-JS-Agent
Charset
X-TTL
SPRequestGuid
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
X-F-Cache
Public-Key-Pins
X-D2id
Verso
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-GoogleNews-Bot
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-Dispatcher
X-Version
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
X-Cdn
Accept-CH-Lifetime
X-Abt-Application-Version
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-Origin-Upstream-Status
X-Pinterest-Rid
X-Navigation-Version
Pinterest-Version
X-Upstream-Env
X-DynaTrace-JS-Agent
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
X-Recruiting
MS-Author-Via
X-Client-IP
Realpath
DynaTrace
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Upstream
X-Oracle-Dms-Rid
X-Vcap-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Content-MD5
Nginx-Cache
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Hits
X-Debug
X-N
X-Varnish-Age
X-Ttl
Mrf-Cache-Status
MRF-Tech
X-Goog-Storage-Class
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-MSEdge-Ref
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Acc-Meta-Resource-Type
TCN
Access-Control-Request-Method
X-Via-JSL
X-Id
X-Aspnet-Version
X-NewRelic-App-Data
S
X-ATG-Version
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
Service-Worker-Allowed
X-XRDS-Location
X-Dns-Prefetch-Control
X-FTR-Expires
X-Logged-In
Alternate-Protocol
X-Cache-Key
X-Forwarded-For
X-HS-Hub-Id
X-HS-Content-Id
X-Oneagent-Js-Injection
Tracecode
X-Frontend
Surrogate-Key
X-Kinsta-Cache
X-PressLabs-Stats
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Content-Digest
X-Pad
X-Grace
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-Ruxit-Js-Agent
Fastly-Restarts
X-CF-Powered-By
Server-Name
Fastcgi-Cache
Ar-Sid
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-Edge-Location
X-Content-Options
X-CACHE-GROUP
Backend-Timing
X-Analytics
Host
TP-L2-Cache
TP-Cache
FilterID
X-Rid
X-User-Agent
X-Cache-2
X-Magnolia-Registration
X-Debug-Info
ServerID
X-Whom
X-B3-Sampled
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Hostname
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Srv
AR-Request-ID
X-NWS-LOG-UUID
Paypal-Debug-Id
Front-End-Https
X-Akam-SW-Version
X-VCache
X-AOL-HN
Retry-After
X-Content-Powered-By
Refresh
X-B-Cache
X-Signature
X-Device-Type
X-Framework
X-LB-Cache
X-Request-Guid
X-Handled-By
X-Cluster
X-Cache-Action
Source
X-SS-Set-Cookie
X-App-Environment
Cleartype
X-FB-Debug
X-Varnish-Hostname
X-Cache-Hit
X-WA-Info
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Instance
X-Cache-Control
X-BCube-Filmed-By
X-Akamai-Edgescape
X-Varnish-Grace
X-XRDS-LOCATION
X-GUploader-UploadID
X-HS-Cache-Config
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Litespeed-Cache
X-Correlation-Id
Webserver
X-Activity-Id
X-Fastcgi-Cache
X-AppVersion
X-Az
X-Zen-Fury
X-TA-CDN-Provider
X-Varnish-Backend
X-Middleton-Display
X-Sol
Display
X-Content-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Healthy
X-Cache-Server
X-Cache-Rule
X-Varnish-Server
X-Drupal-Cache-Tags
X-Middleton-Response
Response
X-Daa-Tunnel
X-Wix-Request-Id
ViewerVersion
X-Seen-By
X-TT
X-Cached-By
X-Drupal-Cache-Contexts
X-App-Server
X-Generated-By
Upgrade-Insecure-Requests
X-Geo-Country
X-Cache-Age
X-Origin-Server
Cache-Status
X-URL
S-Cnection
Server-Node
X-DataStream-Cache-Status
X-Accel-Expires
X-Amz-Replication-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Payment
X-S
Filters
X-UA-Device-Type
X-Response-Served-From
NGB
X-Contextid
X-Servedby
X-Locale
X-Edge-Cache
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-Edge-Cache-Key
GEO-INFO
X-Status
Access-Control-Allow-Method
X-Jobs
Actual-Object-TTL
X-Varnish-IP
X-RequestSource
X-UUID
X-Esi
Viewport
ServedBy
X-Cache-NE
X-Tumblr-Pixel-1
X-TX-ID
X-FW-Type
X-Tumblr-Pixel-2
X-Varnish-Hits
X-FW-Hash
X-FW-Server
X-TT-TIMESTAMP
X-FW-Static
X-FW-Serve
AsisCache
Server-Info
X-Amz-Server-Side-Encryption
X-Storage
X-WebKit-CSP-Report-Only
X-GeoIP
X-WPE-Loopback-Upstream-Addr
X-PHP-Backend
X-Node-Name
Cache-Tv-Group
HostName
MS-CV
X-Cache-TTL-Remaining
X-Cache-Remote
Host-Header
X-Rendered-As
X-Croise-Owner
SRV
Cache
From-Origin
X-App-Version
X-Region
X-Dynatrace-Js-Agent
X-Cache-Operation
X-Hyper-Cache
X-APP-VERSION
X-Vg-Webcache
X-Redis-Cache
X-Webkit-CSP
Served-By
Cache-Tag
X-UA
Liferay-Portal
DC
X-HS-Combine-CSS
Public-Key-Pins-Report-Only
X-Guploader-Uploadid
X-Mode
X-Forwarded-Host
X-TIME
X-Hosted-By
X-Human
X-Loop
X-Akamai-Transformed
X-Generated
X-Is-Bot
X-IP
X-Upgrade-Enabled
X-NGENIX-Cache
Machine
Meta-Geo
Selected-FE
X-Agile
X-Agile-Age
X-Cache-Var-Map
X-Cache-Var
X-Agile-Id
X-Detected-As
X-Proxy-Build
X-Site-Version
X-RN-RSRV
X-Timing-Wait
X-Webstats-RespID
X-Path-Route
X-TNCMS
Powered-By-ChinaCache
X-L-Path
X-Labrador-Cache-Channel
X-Upstream-CT
X-Cache-Category-Id
X-JoinUs
X-NCache
X-Internal-Host
X-BYPASS-REASON
X-Upstream-HT
Cache-Name
X-CDN-Cache
X-Environment-Context
X-Via-Fastly
X-Grey
X-Vgn-Hpd-Reason
X-Web-Node
X-Endurance-Cache-Level
X-Pc-Key
X-ProxyCache-Key
Origin-Cache-Control
X-Pc-Hit
X-Pc-Appver
X-B3-Spanid
X-Original-Request
Now
Origin-Edge-Control
X-ProxyCache-Status
X-Request-Time
X-ServerID
X-Tumblr-Pixel-3
X-FC-Vary-Parameters
X-Origin-Host
X-Time-Microsecs
X-BACKEND-TTL
X-Origin-Response-Time
X-VG-TLSProxy
X-RemovedCookies
X-Origin
X-ProcessESI
X-Akamai-Request-ID
X-Pubstack
X-Birta-Served
X-Birta-Cache-Post
X-Viewer-Country
DB-Nickname
S-Rt
X-Proxy
Azure-SlotName
Azure-Version
Fastcgi-X-Cache-Version
X-Tb
Mn-Server-Ip
Azure-SiteName
Fastcgi-X-Cache
Fastcgi-Useragent
Cache-Tags
X-Format
Pagespeed
Azure-RegionName
X-Ocache
X-Origin-CC
X-Yottaa-Optimizations
X-PCL
X-Yottaa-Metrics
X-Rule
X-OCL
X-CCM
X-Cache-Config
Azure-InstanceId
X-Via-CDN
X-Backend-Name
X-Xfnlog-Site
X-Www-Served-By
X-Proxied
TWC-GeoIP-Country
X-Section
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Webcakes-Region
X-Access
X-Routing-Service
X-App-Name
X-Zipkin-Id
X-Origin-Hint
Webcakes-App-Version
Property-Id
Xserver
HitType
TWC-Device-Class
TWC-Connection-Speed
X-Kong-Upstream-Latency
Content-Script-Type
Content-Style-Type
X-Kong-Proxy-Latency
X-Protected-By
Cache-Key
Datacenter
X-Edge-IP
User-Cache-Control
X-Parent-Response-Time
Vix-Hermes-Req-Id
OT-Force-Account-Verify
X-ShardId
X-Cache-TTL
X-Ezoic-Cdn
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShopId
Ms-Operation-Id
X-Akamai-Request-ID2
X-RTag
Time
X-Nginx-Cache
X-CACHE-KEY
X-OVcl-Cache
NtCoent-Length
X-OVcl
X-ApacheServer
X-Pc-Date
X-Ratelimit-Limit
X-Correlation-ID
X-Cache-Backend
X-Pc-Host
X-PERF
X-Cdn-Forward
X-Real-Ip
L5d-Success-Class
X-FB-TRIP-ID
X-Real-IP
Accept-Language
X-Unique-Id-Primal
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
X-Newrelic-App-Data
Country
LB
X-Content-Age
X-Proto
AR-SID
X-Webkit-Csp
X-Front
X-Amz-Meta-Surrogate-Control
X-RateLimit-Limit
X-Varnish-Cacheable
Load-Balancing
X-CDN-Forward
X-Debug-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Nc
X-Sucuri-ID
X-Varnish-Beresp-Ttl
Ohc-File-Size
X-Hit
Fusion-Source
WZWS-RAY
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-MP-GENERATED-AT
X-Hl-Ver
We-Hiring
X-Unique-ID
Mail-Subject
X-Trace-Id
Version
Warning
X-Microcachable
X-GRACE
User-Agent
X-EdgeConnect-Cache-Status
X-C
X-Geo
Access-Control-Request-Headers
Fly-Request-Id
Frame-Options
Fly-Cache
X-Crawler
X-CUA
Fastly-SWR
X-D
X-Connection-Hash
X-Cache-Expires
X-Cache-Enabled
X-Cache-Debug
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Host
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-URL
X-Cache-Id
Fastly-SIE
X-Date
BehaviorPad-Version
X-From
X-Fetched-On
Cache-Prefix
X-FW-Version
Arc-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rebelmouse-Surrogate-Control
X-G
X-External-Request-Id
X-We-Are-Hiring
X-Destination
Ec-Rule-Version
X-Bip
X-Developer
X-Device-Os
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Died
Fastly-Backend-Name
X-BB-ID
VivaBuild
Viewtype
Request-Time
V-Age
Rendered-Blocks
Release
Powered-By
X-A
Www
X-WebServer
Resin-Trace
Server-ID
Thinkindot-Control
SS
Thinkindot-CacheControl
Server-Host
SD-X-WS
RNT-Machine
RNT-Time
Rt-Proxy-Cache
Platform
X-A-Ccd
X-Application
X-UE-Client-Country
MD5-Digest
Memcached
X-Auto-Login
X-B-Cookie
Xc-Version
IBM-Web2-Location
Is-Eu
Meta-Geo-Continent
X-Aed
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Wwc
Node
X-Actual-URL
X-Accel-Expires-Debug
Mobile-Detection-Method
Ajk
X-Generated-In
X-Node-Id
X-Passed-To-BeforeDispatch
Thinkindot-CacheControl-Type
X-Passed-To
Adler-Geo
X-NU-AKA-ACS-Version
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-SRCache-Key
X-Matched-Rule
X-Returned-From-BeforeDispatch
X-PAYTM-SRV-ID
X-Via-Edge
X-Via-SSL
X-Org
X-Server-Time
X-Returned-From-DLL
X-VG-WebServer
X-S-Cookie
X-Varnish-Action
X-Rewrite-Enabled
X-Rojux
X-S-Maxage
X-ScT
X-CLOUD-TRACE-CONTEXT
X-P-T
X-Var-Ttl
X-Variation
X-Served-From
X-Server-By
X-Returned-From-PostProcessResponse
X-Logtrace-Id
X-Trv-Group
X-TT-LOGID
X-Transaction
X-Thinkindot-L3
X-Request-UUID
X-Twitter-Response-Tags
X-Qloud-Router
X-Reboot
X-Rebelmouse-Cache-Control
X-Region-Sid
X-RCS-CacheZone
X-Release
X-Swa-Ws
X-Thanos
X-Li-Pop
X-Via-NSCOPI
X-Store
X-LI-Proto
X-LI-UUID
X-Returned-From
X-Layer
X-Li-Fabric
X-Response-By
X-PHP-Host
X-User
X-Dc
X-Rocket-Nginx-Bypass
X-Phone
X-Proxy-Upstream
X-Proxy-Cache-Status
True-Client-Country-4JS
X-Request-Start
Web-Mar-Node
X-Block-Status
X-F5-Cache
X-IN-WAF
X-Distributor
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Info
X-Fstrz
X-IN-SSL-APIGATEWAY
X-GeoIP-Country-Code
X-Hash
X-Hnp-Log
X-Gen-Mode
X-IN-APIGATEWAY
X-Key
X-Stale
X-Backend-State
X-Cache-CFC
X-Server-IP
X-Server-Group
X-Origin-Expires
X-Origin-Date
X-ServiceProvider
X-No-Session
X-Clientip
X-Location
X-MI-In-Market
X-Sf
X-Nginx-Cache-Key
X-Amz-Meta-Cache-Control
Magicmarker
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
PFcat
Cache-Cookie-Set-From
Heartbleed
AKAMAI
Kp-EeAlive
Backend
Content-Disposition
Country-Code
Esi-Enabled
GMS-Ver
Fastly-SSL
GW-Server
Decoy-Debug-TTL
Countrycode
Decoy-Debug-Key
Decoy-Debug-Status
MI-API
X-UnsetCookies
MI-Cache
On-Server
Origin
Pramga
Proxy-Connection
Server-Int
MI-Cache-Age
Pagetype
X-ElasticPress-Search
X-Be
X-MSEdge-Flight
X-V
X-Core-Value
X-Secret
X-Policy
X-Page-Type
X-MSEdge-Features
X-Epic-Correlation-Id
X-Gannett-Site-Version
X-Core-Mission
X-Request-URI
X-SIPLIST1
Backend-Name
X-Time
X-Eu-Site
X-Irp-Debug
X-Distil-CS
X-Fastly-Cache
Ha-Gx-Prefs
HA-Host
HA-Georegion
HA-Geolon
HA-Geolat
HA-Servedtime
Who
IsBot
X-Backend-Host
X-Backend-Url
HA-Urlpath
HA-Geocountry
HA-Ipaddr
X-CGP
REQUESTUUID
X-Up
HA-Geocity
HA-Cloudapp
X-NODE
X-Wikidot-Static-Cache
X-NX-Host
Apple-News-Services-Request-Url
X-Svr
X-Origin-TTL
X-Sn-Servicetimems
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Micro-Cache
X-Cdn-Origin
X-Debug-Cookies
X-Platform
X-Debug-Log
X-Developers
CDCHOST
Pragrma
X-Wikidot-Backend
Fastly-Soc-X-Request-Id
X-Refresh
X-Ua
X-DC
X-Debug-Cache-Store
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Uber-Trace-Id
X-Debug-Cache-Fetch
X-Planisys-CDN-Cache
Request-Country
X-Urbn-Site-Id
RequestId
UCS
X-CACHE-AGE
X-Generated-On
Request-EU
X-Instance-Name
X-Servername
X-Level-Front-Cache
Locale
X-Urbn-Context-Path
X-Debug-Cache-Expiry
PageSpeed
Lfy
X-NWS-UUID-VERIFY
ServerName
X-COUNTRY
X-Pjax-Url
X-NC
X-Instart-Info
Group
V-Cache
X-VarnCache
Ohc-Response-Time
Host-ID
X-VarnPar1
X-GeoIP-City
X-Cache-Info
X-Cdn-Srv
X-PARISIEN-Cache-Rendered
X-Req
X-VCT
X-Server-Cache
X-Newrelic-Synthetics
MIME-Version
HitInfo
X-ARC
Memory
Cteonnt-Length
X-Datadome
X-Ratelimit-Remaining
X-BBXSRF
Cdn
Mime-Version
Cache-Provider
PICS-Label
X-Powered-By-ANYU
X-CMS-Context
X-Gdpr
X-EIG-Tracking-Id
X-TWH-CORRELATION-ID
X-Servedbyhost
X-WR-MODIFICATION
X-LAGOON
X-Aicache-OS
Nel
X-StackifyID
CF-IPCountry
NGX
X-Wa
CDN
X-Load-Cache
XServer
X-HTML-Minification-Powered-By
X-B3-Traceid
X-Cluster-Node
GeoIP-Country-Code
X-Fastly-Country-Code
GeoIP-Latitude
Cf-Ipcountry
FSS-Proxy
X-Fastly-Backend-Reqs
FSS-Cache
X-WA
X-FireWall-Port
Geoip-Latitude
X-CSRF-TOKEN
X-Sentry-ID
GeoIp-Country-Code
X-NodeID
X-Varnish-Cache-Hits
X-Check-Cacheable
X-RateLimit-Limit-Second
X-Flog
X-Generation-Time
X-VServer
X-ABtesting
X-RateLimit-Remaining-Second
CACHE
X-UPSTREAM-Address
X-Hello
X-Unique-Id
X-Sedo-Request-Id
X-Cache-Miss-From
Processtime
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Beresp-TTL
SN
X-Source
X-Csrf-Token
X-Cache-Grace
X-APP
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-HOST
X-GZip
X-Oss-Request-Id
X-Oss-Server-Time
X-ServedByHost
X-Oss-Storage-Class
X-CSRF-Token
WP-Super-Cache
X-CDN-Pop
X-Varnish-Authentication
X-DataStream-MidMile-RTT
TSSecure
X-CDN-Pop-IP
X-Cache-ASPX
Server-Surrogate-Control
X-DataStream-Origin-MEX-Latency
Server-Cache-Control
DataCenter
X-RCS-Backend
X-Nananana
X-Dynatrace
X-VG-WebCache
X-Worker
X-HS-Status
X-MServer
X-Edge-Server
X-IPS-LoggedIn
Cdn-Host
Cdn-Request-Time
X-SRV
X-VC-Cache
Pics-Label
X-Varnish-Url
URI
X-Skip-Cache
X-FORWARDED-FOR
X-GDPR
A
X-ID
PageType
X-ND-Cache
X-Instart-Isnd
X-Sucuri-Cache
X-LJ-Flow-ID
X-B3-SpanId
X-AWS-Id
HTTPS
X-GoCache-CacheStatus
X-From-Cache
X-Fastly-Cache-Hits
X-Port
Is-Session-Tracking
X-VWS-Id
Get-Access-Time
X-SplitTest
X-BE
X-Swift-Error
X-PJAX-URL
Proxy-Firewall
Hostname
X-Backend-TTL
Dynatrace
X-Pf-Uncompressing
Odigeo-Trace-Id
X-Server-W
X-NGINX-Cache
Powered
X-SN
X-Bug-Bounty
X-Gen-Id
X-Owner
Cache-Hits
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-GZIP
Requestid
X-Cache-Ttl
X-VarnPar2
X-ORIG-AKA-EDGE
X-Ms-Version
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
Serverid
X-Ms-Request-Id
X-Ms-Blob-Type
X-Pc-Subdomain
X-Ms-Lease-Status
X-Varnish-URL
X-LiteSpeed-Cache-Control
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-Fe
X-SB
X-VC
X-RAMCache
WebServer
X-ServerName
X-Serial
T-Server
RequestUuid
X-GEO
X-HostName
X-ORIG-AKA-COUNTRY-CODE
ProcessTime
X-Requestid
Xet-Cookie
NodeID
Correlation-Id
SID
X-RequestId
X-PF-Uncompressing
X-Ms-Lease-State
X-Akamai-ERPolicy
Location
X-CS
X-Developed-By
X-Akamai-ERRuleID
X-Dw-Trace-Id
X-LiteSpeed-Tag
NnCoection
X-HTML-Edge-Cache