Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Amz-Cf-Pop
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Request-ID
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
Grace
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Server-Powered-By
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Cnection
X-Node
Content-Location
Surrogate-Control
X-Readtime
EagleEye-TraceId
X-CST
Report-To
X-Host
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Rack-Cache
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
Allow
X-Clacks-Overhead
NEL
Rating
X-DynaTrace
X-Url
Edge-Control
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Cache
X-Varnish-TTL
X-FTR-Request-ID
X-Country-Code
X-ORACLE-DMS-RID
X-B3-TraceId
X-Px
X-Cdn
X-Ruxit-JS-Agent
X-DataDome
X-Server-ID
X-GitHub-Request-Id
X-ESI
X-Vhost
X-Trace
X-VARITI-CCR
Accept-CH
X-TTL
X-Goog-Hash
Charset
X-Server-Name
X-Cached
RTSS
X-MS-InvokeApp
Pinterest-Generated-By
X-Mod-Pagespeed
Verso
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
Public-Key-Pins
X-D2id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Version
X-F-Cache
SPRequestGuid
X-TtlSet
X-PC
X-Vname
X-Dispatcher
X-DynaTrace-JS-Agent
X-T
X-Powered-By-Plesk
X-DIS-Request-ID
Accept-CH-Lifetime
X-Abt-Application-Version
X-SharePointHealthScore
X-Powered-CMS
X-Fastly-Request-ID
X-Origin-Upstream-Status
X-Ser
X-Pinterest-Rid
X-Navigation-Version
Pinterest-Version
X-Upstream-Env
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B
X-Amz-Rid
X-Client-IP
Realpath
X-Shield-Request-Id
X-Forwarded-Proto
MS-Author-Via
X-Recruiting
X-HW
SPIisLatency
X-Upstream
SPRequestDuration
X-Vcap-Request-Id
DynaTrace
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
Nginx-Cache
Arr-Disable-Session-Affinity
X-Varnish-Age
Content-MD5
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Debug
Mrf-Cache-Status
X-Via-JSL
X-Hits
X-Dw-Request-Base-Id
X-Goog-Storage-Class
X-MSEdge-Ref
X-Id
X-NewRelic-App-Data
X-Acc-Meta-Resource-Type
X-N
X-Aspnet-Version
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
Service-Worker-Allowed
S
Access-Control-Request-Method
X-Ttl
X-ATG-Version
Edge-Cache-Tag
TCN
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Oracle-Dms-Rid
X-Kinsta-Cache
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
Surrogate-Key
X-Forwarded-For
Rt-Fastcgi-Cache
X-RateLimit-Remaining
X-FTR-Cache-Host
X-Content-Digest
Tracecode
X-FastCGI-Cache
X-CF-Powered-By
X-Pad
Fastcgi-Cache
X-TA-CDN-Provider
Server-Name
Ar-Sid
MicrosoftSharePointTeamServices
Fastly-Restarts
X-Analytics
X-Cache-Key
X-Amzn-Trace-Id
Backend-Timing
X-User-Agent
TP-Cache
TP-L2-Cache
Host
X-Edge-Location
X-Cache-2
FilterID
X-Rid
X-Oneagent-Js-Injection
X-Magnolia-Registration
X-Debug-Info
ServerID
X-B3-Sampled
X-Whom
X-URL
X-Page-Id
X-Mobile
X-Content-Options
X-Revision
X-IPLB-Instance
Eomportal-Instance
Front-End-Https
X-Hostname
Paypal-Debug-Id
X-Srv
X-Grace
X-Akam-SW-Version
AR-Request-ID
X-NWS-LOG-UUID
Refresh
X-LB-Cache
X-VCache
X-Request-Processing-Time
X-Request-Received
X-Content-Powered-By
Retry-After
X-Activity-Id
X-Signature
X-AppVersion
X-B-Cache
X-Fastcgi-Cache
X-Az
X-SS-Set-Cookie
X-Cache-Action
X-Cluster
X-Framework
Cleartype
X-Varnish-Hostname
X-Handled-By
Source
X-Tumblr-Pixel
X-Tumblr-User
X-Platform-Server
X-Tumblr-Pixel-0
X-Request-Guid
X-Cache-Control
X-Instance
X-WA-Info
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Device-Type
X-FB-Debug
X-App-Environment
X-Content-Security-Policy-Report-Only
X-AOL-HN
X-Litespeed-Cache
VIX-Pulpo-Node
Webserver
X-Content-Type
VIX-Pulpo-Upstream-Status
X-Correlation-Id
X-Cache-Hit
X-Zen-Fury
X-Varnish-Grace
Accept-Charset
X-Cache-Rule
X-Varnish-Backend
Display
X-Middleton-Display
X-GUploader-UploadID
X-Sol
X-Ruxit-Js-Agent
Healthy
X-Seen-By
ViewerVersion
X-Wix-Request-Id
X-TT
X-Cache-Age
X-Drupal-Cache-Tags
X-Origin-Server
X-Cache-Server
X-Middleton-Response
Response
X-Daa-Tunnel
X-DataStream-Cache-Status
Cache-Status
Upgrade-Insecure-Requests
MS-CV
X-Varnish-Server
X-Cached-By
X-App-Server
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-Generated-By
Payment
X-Geo-Country
X-Storage
Server-Node
X-Amzn-RequestId
X-Amz-Apigw-Id
X-UA-Device-Type
X-CACHE-GROUP
NGB
Filters
X-Response-Served-From
GEO-INFO
X-Adobe-Loc
X-Amz-Server-Side-Encryption
X-Cacheable-TTL
Access-Control-Allow-Method
X-HS-Cache-Config
X-PHP-Backend
X-Adobe-Content
Actual-Object-TTL
X-Edge-Cache
X-RequestSource
X-FW-Type
X-FW-Static
X-FW-Server
X-S
X-Varnish-IP
X-TT-TIMESTAMP
X-Servedby
X-Esi
X-UUID
X-FW-Serve
X-Jobs
X-FW-Hash
ServedBy
X-Cache-NE
Viewport
X-Contextid
X-Edge-Cache-Key
X-TX-ID
X-Varnish-Hits
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
Server-Info
AsisCache
X-WPE-Loopback-Upstream-Addr
X-Accel-Expires
X-Locale
X-Cache-Remote
S-Cnection
X-WebKit-CSP-Report-Only
X-Cache-TTL-Remaining
X-Status
X-App-Version
From-Origin
X-Rendered-As
Host-Header
X-GeoIP
X-Dns-Prefetch-Control
X-CACHE-KEY
Cache
X-Cache-Operation
X-Region
X-Croise-Owner
HostName
SRV
X-Guploader-Uploadid
X-Redis-Cache
X-XRDS-LOCATION
X-Node-Name
Served-By
X-Webkit-CSP
X-Hyper-Cache
X-GRACE
X-BACKEND-TTL
DC
Content-Script-Type
Content-Style-Type
Liferay-Portal
X-APP-VERSION
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Public-Key-Pins-Report-Only
X-Upgrade-Enabled
Xserver
X-Vg-Webcache
X-Cache-Config
Cache-Tag
Meta-Geo
Machine
Selected-FE
X-NGENIX-Cache
X-Cache-Var
X-Webstats-RespID
X-Cache-Category-Id
X-Is-Bot
X-Generated
Ms-Operation-Id
X-RTag
X-Mode
X-Detected-As
X-Cache-Var-Map
X-RN-RSRV
X-Hosted-By
X-Grey
X-Path-Route
X-Proxy-Build
X-Parent-Response-Time
Pagespeed
X-Timing-Wait
X-Site-Version
X-Akamai-Transformed
X-Original-Request
X-Upstream-CT
X-Akamai-Request-ID
X-BYPASS-REASON
X-Request-Time
X-Agile-Age
X-Origin-Response-Time
X-TNCMS
X-ProxyCache-Key
X-ProxyCache-Status
X-CDN-Cache
X-Agile
X-Agile-Id
X-Upstream-HT
X-L-Path
X-JoinUs
Origin-Cache-Control
X-Human
X-Labrador-Cache-Channel
X-Loop
Now
X-Via-Fastly
X-NCache
Origin-Edge-Control
X-Internal-Host
Cache-Name
X-Environment-Context
X-Proxy
Azure-SlotName
Azure-Version
X-Pc-Appver
User-Cache-Control
X-ProcessESI
Azure-SiteName
Cache-Key
Azure-InstanceId
DB-Nickname
Azure-RegionName
X-Pc-Hit
X-Time-Microsecs
X-Pc-Key
X-Tumblr-Pixel-3
X-Protected-By
X-ServerID
X-Origin-Host
X-Birta-Served
X-Birta-Cache-Post
X-RemovedCookies
X-Origin-CC
X-Format
X-Viewer-Country
X-Edge-IP
X-Origin
X-Ocache
S-Rt
X-FC-Vary-Parameters
X-IP
Property-Id
X-CCM
X-Origin-Hint
TWC-Privacy
TWC-Locale-Group
X-Tb
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-Region
X-Access
TWC-Connection-Speed
TWC-Device-Class
X-Backend-Name
Fastcgi-X-Cache
X-OCL
X-B3-Spanid
X-PCL
Cache-Tags
X-Rule
X-VG-TLSProxy
X-Www-Served-By
X-Xfnlog-Site
X-Web-Node
Fastcgi-Useragent
X-Pubstack
X-Section
Fastcgi-X-Cache-Version
X-App-Name
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Vgn-Hpd-Reason
X-Forwarded-Host
Vix-Hermes-Req-Id
HitType
Powered-By-ChinaCache
X-RateLimit-Limit
X-FB-TRIP-ID
Load-Balancing
X-Cache-TTL
Mn-Server-Ip
X-Endurance-Cache-Level
X-ApacheServer
X-Nginx-Cache
X-PERF
Country
X-Content-Age
X-Cdn-Forward
Datacenter
X-Cache-Backend
X-Real-IP
X-Mrs-Cache-Hits
X-Mrs-Age
X-Unique-Id-Primal
X-Mrs-Cache
X-Mshield-Cache-Status
Time
X-Ezoic-Cdn
OT-Force-Account-Verify
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Ua
X-Via-CDN
X-ShardId
Fusion-Content-Id
X-TIME
X-ShopId
Fusion-Content-Source
X-Sorting-Hat-ShopId
Fusion-Template-Id
X-Shopify-Stage
Fusion-Source
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
Fusion-Component-Id
Ohc-File-Size
X-Varnish-Cacheable
X-Varnish-Beresp-Ttl
X-OVcl
X-OVcl-Cache
X-Debug-Cache
X-Sucuri-ID
X-UA
L5d-Success-Class
X-Correlation-ID
X-Time
LB
X-Nc
X-Unique-ID
X-Pc-Date
X-Hl-Ver
X-Pc-Host
X-HS-Combine-CSS
X-Varnish-Beresp-Status
We-Hiring
Mail-Subject
X-MP-GENERATED-AT
NtCoent-Length
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Amz-Meta-Surrogate-Control
X-Hit
X-Proto
User-Agent
X-Real-Ip
X-CDN-Forward
X-Trace-Id
X-Front
X-Akamai-Request-ID2
AR-SID
X-Cache-Enabled
Access-Control-Request-Headers
Version
X-C
X-EdgeConnect-Cache-Status
Pagetype
X-Rocket-Nginx-Bypass
Warning
X-Microcachable
X-Dynatrace-Js-Agent
X-Newrelic-App-Data
Accept-Language
X-Ratelimit-Limit
X-Crawler
Is-Eu
Server-Host
X-D
Node
X-Connection-Hash
Server-ID
X-Cache-Host
X-Cache-FS-Status
X-Cache-Id
X-Cache-URL
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Date
Rendered-Blocks
X-Device-Os
Release
Powered-By
Platform
X-Died
Request-Time
X-Developer
X-Destination
Rt-Proxy-Cache
RNT-Time
RNT-Machine
Resin-Trace
X-Cache-Expires
X-Cache-Bucket
X-A-Dcw
X-A-Dam
X-Dispatcher-Server
V-Age
X-A-Dgt
MD5-Digest
X-A-Ccd
Viewtype
Meta-Geo-Continent
Www
Memcached
X-A
Thinkindot-Control
X-A-Wwc
X-B-Cookie
X-Auto-Login
X-BB-ID
X-Bip
VivaBuild
X-Application
X-Aed
PFcat
X-Accel-Expires-Debug
Thinkindot-CacheControl-Type
X-Actual-URL
Thinkindot-CacheControl
X-Cache-Debug
X-Li-Pop
X-Served-From
X-ScT
X-Server-IP
X-Server-Time
X-Svr
X-SRCache-Key
X-S-Maxage
X-S-Cookie
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rojux
X-Rewrite-Enabled
X-Swa-Ws
X-Thanos
X-Varnish-Action
X-Variation
X-VG-WebServer
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Var-Ttl
X-User
X-Transaction
X-Thinkindot-L3
X-Trv-Group
X-TT-LOGID
X-UE-Client-Country
X-Twitter-Response-Tags
X-Request-UUID
X-Region-Sid
X-Level-Front-Cache
X-Layer
X-Li-Fabric
IBM-Web2-Location
X-LI-UUID
X-LI-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-On
X-Fetched-On
X-External-Request-Id
X-From
X-FW-Version
X-Generated-In
X-G
X-Logtrace-Id
X-Matched-Rule
X-Qloud-Router
X-PHP-Host
X-RCS-CacheZone
X-Rebelmouse-Cache-Control
X-Reboot
X-Rebelmouse-Surrogate-Control
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-P-T
X-NU-AKA-ACS-Version
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-DPWN-IS-SECURE
X-CUA
X-CLOUD-TRACE-CONTEXT
Fastly-SWR
Ajk
Arc-Country
Fly-Cache
Frame-Options
Fly-Request-Id
Adler-Geo
Cache-Prefix
Fastly-SIE
Fastly-Backend-Name
BehaviorPad-Version
Ec-Rule-Version
X-Location
X-MI-In-Market
X-Amz-Meta-Cache-Control
X-Server-Cache
Cache-Cookie-Set-Lfrom
X-Backend-Host
X-MSEdge-Features
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-TTL
X-No-Session
Decoy-Debug-Key
Countrycode
X-Nginx-Cache-Key
X-Backend-Url
Country-Code
X-MSEdge-Flight
X-Block-Status
X-Gannett-Site-Version
X-Fstrz
X-Gen-Mode
X-GeoIP-Country-Code
X-Clientip
Ohc-Response-Time
X-F5-Cache
X-Distil-CS
X-Distributor
X-ElasticPress-Search
X-Epic-Correlation-Id
X-Hash
AKAMAI
Backend-Name
Backend
X-Cache-CFC
Who
Cache-Cookie-Set-From
X-Instart-Info
X-Info
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
Cache-Cookie-Set-Idcheck
Esi-Enabled
X-ServiceProvider
X-Sf
Origin
X-Stale
X-Server-Group
Web-Mar-Node
Proxy-Connection
X-Secret
Pramga
Mobile-Detection-Method
MI-Cache-Age
X-UnsetCookies
Magicmarker
Lfy
Kp-EeAlive
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
MI-Cache
MI-API
X-Store
X-Response-By
X-Server-By
Heartbleed
X-Phone
True-Client-Country-4JS
X-Origin-Expires
X-Node-Id
X-Origin-Date
SD-X-WS
Server-Int
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Release
X-Request-Start
GMS-Ver
GW-Server
X-Dc
X-Be
X-V
X-Eu-Site
X-Fastly-Cache
X-Via-NSCOPI
X-Wikidot-Static-Cache
X-ARC
X-Developers
X-Wikidot-Backend
X-Up
X-Origin-TTL
X-Micro-Cache
X-Irp-Debug
X-Policy
X-Platform
X-SIPLIST1
X-Request-URI
X-Page-Type
Fastly-Soc-X-Request-Id
CDCHOST
Fastly-SSL
SS
ServerName
X-Backend-State
Apple-News-Services-Request-Url
X-Cdn-Srv
Apple-News-Services-Handled
Apple-News-Services-Host
X-Cache-Info
Apple-News-Services-Parsed-Url
REQUESTUUID
HA-Cloudapp
HA-Ipaddr
HA-Host
IsBot
HA-Servedtime
HA-Urlpath
HA-Georegion
On-Server
HA-Geocity
HA-Geocountry
HA-Geolat
HA-Geolon
X-CGP
Ha-Gx-Prefs
X-Core-Mission
X-Debug-Cache-Fetch
X-Core-Value
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-NODE
X-Geo
X-NX-Host
X-Debug-Log
X-Servername
X-Sn-Servicetimems
X-Key
X-Debug-Cookies
X-Cdn-Origin
WZWS-RAY
RequestId
X-Refresh
X-Pjax-Url
X-DC
X-Org
X-COUNTRY
X-CMS-Context
X-Via-SSL
X-Via-Edge
PageSpeed
Cteonnt-Length
X-CACHE-AGE
X-NC
Cdn
Mime-Version
X-LAGOON
X-PARISIEN-Cache-Rendered
X-Servedbyhost
X-VarnPar1
X-VarnCache
Pragrma
MIME-Version
X-Datadome
X-Newrelic-Synthetics
X-Urbn-Site-Id
X-Planisys-CDN-Cache
Request-Country
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Request-EU
X-Urbn-Context-Path
Memory
Locale
UCS
X-Instance-Name
Uber-Trace-Id
X-NWS-UUID-VERIFY
X-Req
Host-ID
NGX
V-Cache
Group
Cache-Provider
X-Wa
X-GeoIP-City
X-VCT
X-CSRF-TOKEN
X-Webkit-Csp
X-RateLimit-Remaining-Second
X-Gdpr
X-Varnish-Cache-Hits
PICS-Label
X-Generation-Time
X-RateLimit-Limit-Second
GeoIP-Latitude
GeoIP-Country-Code
Nel
X-FireWall-Port
X-BBXSRF
X-HTML-Minification-Powered-By
HitInfo
X-Powered-By-ANYU
CF-IPCountry
X-WR-MODIFICATION
X-Aicache-OS
X-Load-Cache
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Cf-Ipcountry
X-B3-Traceid
X-Ratelimit-Remaining
X-Varnish-Authentication
X-StackifyID
CDN
X-Cache-Miss-From
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-UPSTREAM-Address
X-Sedo-Request-Id
X-Fastly-Country-Code
X-Cache-Grace
XServer
X-IPS-LoggedIn
X-VG-WebCache
X-EIG-Tracking-Id
X-Varnish-Url
X-Check-Cacheable
Geoip-Latitude
X-Source
X-ND-Cache
Pics-Label
X-TWH-CORRELATION-ID
GeoIp-Country-Code
X-Instart-Isnd
X-Sucuri-Cache
X-RCS-Backend
X-From-Cache
Is-Session-Tracking
Get-Access-Time
X-HOST
X-Fastly-Backend-Reqs
X-FORWARDED-FOR
URI
CACHE
X-CDN-Pop-IP
X-WA
Proxy-Firewall
X-GoCache-CacheStatus
X-GEO
X-Fastly-Cache-Hits
X-APP
X-CDN-Pop
X-Unique-Id
Powered
FSS-Cache
FSS-Proxy
X-Sentry-ID
X-NodeID
X-Varnish-Beresp-TTL
X-Dynatrace
X-SRV
X-R9-Blue-Green-Version
X-Csrf-Token
X-FW-Dynamic
X-ABtesting
X-Skip-Cache
X-Server-W
X-Flog
X-Hello
X-Cluster-Node
WP-Super-Cache
X-VServer
X-GDPR
Processtime
X-VC-Cache
DataCenter
X-ID
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-ServedByHost
SN
X-RequestId
X-PF-Uncompressing
X-Nananana
Amp-Access-Control-Allow-Source-Origin
X-Fe
X-Pc-Subdomain
X-B3-SpanId
X-HS-Status
X-GZip
X-CSRF-Token
X-BE
X-TrackingId
TSSecure
Hostname
Dynatrace
X-PJAX-URL
X-Worker
X-Swift-Error
X-Bug-Bounty
ProcessTime
X-GZIP
Cdn-Host
X-Backend-TTL
X-Pf-Uncompressing
X-Edge-Server
X-Gen-Id
Cdn-Request-Time
X-Amzn-Remapped-Date
Cache-Hits
X-Amzn-Remapped-Connection
X-MServer
Requestid
A
X-LiteSpeed-Cache-Control
X-ORIG-AKA-EDGE
X-Cache-Ttl
X-NGINX-Cache
Serverid
X-Port
DSUID
X-LiteSpeed-Tag
X-ServerName
X-Alicdn-Da-Ups-Status
X-ORIG-AKA-COUNTRY-CODE
X-HostName
T-Server
RequestUuid
X-PAGE-TYPE
X-VC
X-Varnish-URL
X-RAMCache
X-SB
X-VarnPar2
X-Akamai-ERRuleID
NnCoection
X-Tb-Optimization-Total-Bytes-Saved
Cneonction
X-Akamai-ERPolicy
Xet-Cookie
X-Developed-By
X-Dw-Trace-Id
HTTPS
X-CS
X-Serial
Location
Correlation-Id