Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Amz-Cf-Pop
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
Grace
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-Server-Id
X-Host
X-Readtime
Report-To
X-Node
X-Rq
EagleEye-TraceId
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
X-CST
Feature-Policy
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Application-Context
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
Edge-Control
NEL
X-DynaTrace
Allow
Rating
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Cdn
X-Trace
X-Server-Name
X-Px
X-Vhost
X-DataDome
X-Ruxit-JS-Agent
X-ESI
X-Server-ID
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-Cached
RTSS
X-VARITI-CCR
Accept-CH
SPRequestGuid
X-Goog-Hash
Charset
X-PC
X-TtlSet
X-Vname
X-TTL
Pinterest-Generated-By
X-Mod-Pagespeed
X-F-Cache
X-D2id
Public-Key-Pins
X-Dispatcher
X-Exp-Id
X-Use-Magma
X-Exp-Variant
Verso
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-SharePointHealthScore
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-T
X-DynaTrace-JS-Agent
X-Version
X-Powered-By-Plesk
X-Abt-Application-Version
Accept-CH-Lifetime
X-Powered-CMS
X-DIS-Request-ID
X-Dns-Prefetch-Control
X-Ser
X-Fastly-Request-ID
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Navigation-Version
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Forwarded-Proto
X-Recruiting
X-B
DynaTrace
MS-Author-Via
X-Client-IP
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HW
Realpath
SPRequestDuration
SPIisLatency
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Content-MD5
X-TEC-API-VERSION
X-Oneagent-Js-Injection
X-Upstream
Nginx-Cache
X-Vcap-Request-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Edge-Cache-Tag
X-Amz-Meta-S3cmd-Attrs
X-Accel-Buffering
X-Wix-Server-Artifact-Id
AR-PoweredBy
AR-CACHE
AR-ATIME
X-N
X-Ttl
X-Hits
TCN
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Debug
X-Oracle-Dms-Rid
X-NF-Request-ID
Access-Control-Request-Method
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Goog-Storage-Class
X-B3-TraceId-Primal
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NewRelic-App-Data
X-Dw-Request-Base-Id
X-XRDS-Location
S
X-ATG-Version
X-Id
Service-Worker-Allowed
X-FTR-Backend
X-Via-JSL
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-Logged-In
X-FTR-Expires
Tracecode
X-FastCGI-Cache
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-Forwarded-For
X-Content-Digest
Rt-Fastcgi-Cache
X-Frontend
X-Pad
Surrogate-Key
Alternate-Protocol
X-Kinsta-Cache
Fastly-Restarts
X-RateLimit-Remaining
AMP-Access-Control-Allow-Source-Origin
MicrosoftSharePointTeamServices
X-Content-Options
Ar-Sid
X-FTR-Cache-Host
X-Cache-Key
X-Edge-Location
Server-Name
X-Amzn-Trace-Id
Fastcgi-Cache
Backend-Timing
X-Analytics
FilterID
Host
X-CF-Powered-By
X-Grace
X-IPLB-Instance
TP-Cache
TP-L2-Cache
X-Rid
X-User-Agent
X-Debug-Info
X-Hostname
X-Revision
ServerID
X-Magnolia-Registration
X-B3-Sampled
X-Whom
Eomportal-Instance
X-Request-Processing-Time
Paypal-Debug-Id
X-Request-Received
X-Cache-2
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-HS-Cache-Config
X-Mobile
X-Page-Id
AR-Request-ID
X-Srv
Front-End-Https
X-Akam-SW-Version
X-AOL-HN
X-Content-Powered-By
X-URL
Retry-After
X-VCache
X-Cache-Hit
X-Varnish-Grace
X-GUploader-UploadID
X-Litespeed-Cache
X-Signature
X-B-Cache
Source
X-Cluster
X-FB-Debug
X-Handled-By
X-LB-Cache
X-Device-Type
X-SS-Set-Cookie
X-Instance
X-Request-Guid
Refresh
Cleartype
X-Cache-Action
X-Correlation-Id
X-App-Environment
X-WA-Info
X-Cache-Control
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Platform-Server
X-BCube-Filmed-By
X-Tumblr-User
X-Framework
X-Zen-Fury
X-Content-Security-Policy-Report-Only
X-TA-CDN-Provider
X-Akamai-Edgescape
Webserver
X-Varnish-Backend
X-Webkit-CSP
X-Daa-Tunnel
X-Middleton-Display
X-Sol
Display
X-Cache-Server
X-Fastcgi-Cache
X-XRDS-LOCATION
X-Varnish-Server
X-Drupal-Cache-Tags
X-Az
X-AppVersion
X-Drupal-Cache-Contexts
X-Activity-Id
Healthy
X-Cache-Rule
X-Content-Type
X-Geo-Country
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Generated-By
ViewerVersion
X-Wix-Request-Id
Response
X-Seen-By
X-Middleton-Response
X-Cached-By
X-App-Server
S-Cnection
Server-Node
X-Cache-Age
Cache-Status
X-Accel-Expires
X-Node-Name
X-DataStream-Cache-Status
X-CACHE-GROUP
X-Amz-Apigw-Id
X-Origin-Server
X-Amz-Replication-Status
X-Amzn-RequestId
X-Esi
X-WPE-Loopback-Upstream-Addr
X-TT
Upgrade-Insecure-Requests
Payment
X-Response-Served-From
Host-Header
GEO-INFO
X-RequestSource
NGB
Filters
X-Locale
X-UA-Device-Type
X-Cacheable-TTL
HostName
X-S
X-Cache-NE
X-Edge-Cache
X-Edge-Cache-Key
Actual-Object-TTL
X-GeoIP
Viewport
X-Varnish-IP
X-Contextid
X-FW-Type
X-Tumblr-Pixel-1
X-Servedby
X-FW-Hash
X-FW-Server
X-Jobs
X-FW-Serve
X-Tumblr-Pixel-2
ServedBy
X-FW-Static
X-UUID
X-Status
X-Varnish-Hits
AsisCache
X-TX-ID
Access-Control-Allow-Method
X-TT-TIMESTAMP
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
Server-Info
Accept-Charset
X-Adobe-Loc
X-Adobe-Content
X-Storage
X-Vg-Webcache
SRV
X-Hyper-Cache
X-HS-Combine-CSS
Cache
X-Cache-TTL-Remaining
X-CLOUD-TRACE-CONTEXT
X-PHP-Backend
X-Cache-Remote
From-Origin
MS-CV
X-Croise-Owner
X-APP-VERSION
X-App-Version
X-Rendered-As
Cache-Tag
X-Cache-Operation
Cache-Tv-Group
DC
X-Region
X-Forwarded-Host
Public-Key-Pins-Report-Only
Liferay-Portal
Served-By
X-Redis-Cache
X-Mode
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CACHE-KEY
X-Cache-Var
X-Detected-As
X-Akamai-Request-ID2
X-Webstats-RespID
X-Site-Version
X-Request-Time
X-Proxy-Build
X-Akamai-Transformed
X-Agile-Age
X-Timing-Wait
X-TNCMS
X-Cache-Var-Map
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Path-Route
X-Agile
X-Agile-Id
X-RN-RSRV
Fastcgi-X-Cache-Version
X-Human
X-Loop
Machine
Meta-Geo
X-NGENIX-Cache
Fastcgi-X-Cache
X-Generated
X-Is-Bot
Selected-FE
X-Hosted-By
Fastcgi-Useragent
TWC-Privacy
TWC-Locale-Group
Origin-Cache-Control
S-Rt
Webcakes-App-Name
TWC-Device-Class
TWC-GeoIP-Country
X-Routing-Service
TWC-Connection-Speed
Origin-Edge-Control
Property-Id
Now
X-Vgn-Hpd-Reason
X-NCache
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-Origin-Hint
X-Original-Request
X-L-Path
X-JoinUs
X-Cache-Category-Id
X-Format
X-Internal-Host
X-IP
X-Pc-Appver
X-Pc-Hit
X-Grey
X-Via-Fastly
X-ProxyCache-Status
Webcakes-Region
X-CDN-Cache
X-Environment-Context
X-Zipkin-Id
X-Pc-Key
X-Proxied
X-ProxyCache-Key
Cache-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
Xserver
X-Pubstack
X-Proxy
X-RemovedCookies
X-FC-Vary-Parameters
X-Upstream-HT
X-Upstream-CT
X-Tumblr-Pixel-3
X-ProcessESI
X-Access
X-OCL
Powered-By-ChinaCache
X-UA
X-Birta-Served
X-Birta-Cache-Post
X-VG-TLSProxy
Datacenter
X-PCL
X-Section
Cache-Tags
DB-Nickname
X-Web-Node
X-Viewer-Country
X-Rule
X-Www-Served-By
X-Xfnlog-Site
X-Akamai-Request-ID
X-Origin-Response-Time
X-ServerID
X-Origin-CC
X-Backend-Name
Pagespeed
X-RateLimit-Limit
X-Time-Microsecs
X-Via-CDN
X-Origin-Host
X-Ocache
X-Cache-Config
X-Origin
Azure-RegionName
X-CCM
Azure-InstanceId
Azure-SiteName
Azure-Version
OT-Force-Account-Verify
Azure-SlotName
X-Tb
Mn-Server-Ip
X-Shopify-Stage
X-ShopId
X-TIME
X-Sorting-Hat-PodId
X-B3-Spanid
X-Sorting-Hat-ShopId
HitType
X-Alternate-Cache-Key
X-ShardId
X-Parent-Response-Time
X-Real-IP
X-App-Name
X-NODE
X-Guploader-Uploadid
X-Nginx-Cache
X-Cache-TTL
Accept-Language
X-OVcl-Cache
X-OVcl
X-Ezoic-Cdn
L5d-Success-Class
User-Cache-Control
NtCoent-Length
X-Edge-IP
X-Protected-By
Vix-Hermes-Req-Id
Cache-Key
LB
Content-Style-Type
Content-Script-Type
Time
X-Amz-Meta-Surrogate-Control
X-Newrelic-App-Data
X-Kong-Upstream-Latency
X-Proto
X-BACKEND-TTL
X-Kong-Proxy-Latency
X-Pc-Date
X-Cache-Backend
X-Pc-Host
X-Webkit-Csp
X-RTag
X-Correlation-ID
X-GRACE
Ms-Operation-Id
X-ApacheServer
X-PERF
X-Front
X-Nc
X-Real-Ip
X-Cdn-Forward
X-Mrs-Age
X-Mrs-Cache-Hits
X-CDN-Forward
X-Mshield-Cache-Status
X-Hit
X-Unique-Id-Primal
X-Mrs-Cache
Section-Io-Cache
X-Sucuri-ID
X-FB-TRIP-ID
X-Varnish-Beresp-Status
AR-SID
X-Varnish-Cacheable
X-Varnish-Beresp-Grace
WZWS-RAY
X-Microcachable
X-Debug-Cache
X-Unique-ID
Access-Control-Request-Headers
X-Dc
X-Content-Age
X-Connection-Hash
Version
X-Twitter-Response-Tags
X-Transaction
X-Time
X-Cache-Enabled
X-C
X-Varnish-Beresp-Ttl
X-EdgeConnect-Cache-Status
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-Trace-Id
Fusion-Content-Id
Fusion-Source
X-MP-GENERATED-AT
Warning
Country
X-Cache-URL
X-CUA
X-D
X-Date
X-Destination
X-Crawler
X-Clientip
X-Cache-Host
X-Cache-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-FS-Status
X-BB-ID
X-A-Dcw
RNT-Machine
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Actual-URL
Resin-Trace
X-Accel-Expires-Debug
RNT-Time
Rt-Proxy-Cache
Viewtype
V-Age
Uber-Trace-Id
Server-ID
Server-Host
X-A
VivaBuild
SD-X-WS
Rendered-Blocks
X-Aed
X-Bip
UCS
X-Backend-State
Memcached
X-Cache-Bucket
Locale
MD5-Digest
X-Cache-Debug
X-B-Cookie
Meta-Geo-Continent
X-Application
Powered-By
Release
X-Auto-Login
Platform
Mobile-Detection-Method
Node
Is-Eu
X-RCS-CacheZone
X-S-Maxage
X-S-Cookie
X-Rojux
X-ScT
X-Served-From
X-Server-Time
X-Server-By
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Request-UUID
X-Release
X-Response-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-SRCache-Key
X-Store
X-Via-Edge
X-VG-WebServer
X-Varnish-Action
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Variation
X-Var-Ttl
X-Trv-Group
X-Thanos
X-UE-Client-Country
X-Urbn-Context-Path
X-User
X-Urbn-Site-Id
X-Region-Sid
X-Reboot
X-Generated-In
X-G
X-FW-Version
X-GeoIP-Country-Code
X-Layer
X-Li-Pop
X-Li-Fabric
X-From
X-Fetched-On
X-Died
X-Device-Os
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-F5-Cache
X-External-Request-Id
X-LI-Proto
X-LI-UUID
X-PHP-Host
X-PAYTM-SRV-ID
X-Qloud-Router
IBM-Web2-Location
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Node-Id
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Org
X-Passed-To-BeforeDispatch
X-Passed-To
X-Developer
X-A-Ccd
We-Hiring
Fastly-SIE
Mail-Subject
Fly-Cache
X-Ua
Adler-Geo
Ajk
Frame-Options
Fly-Request-Id
Arc-Country
Fastly-SWR
Ohc-File-Size
X-Ratelimit-Limit
Fastly-Backend-Name
Cache-Prefix
X-Rocket-Nginx-Bypass
Load-Balancing
Countrycode
BehaviorPad-Version
Ec-Rule-Version
X-Hl-Ver
X-NWS-UUID-VERIFY
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Content-Disposition
Web-Mar-Node
Www
Backend-Name
Who
Backend
X-Server-IP
Apple-News-Services-Handled
X-Proxy-Cache-Status
X-Core-Value
X-UnsetCookies
X-Request-Start
X-Proxy-Upstream
HA-Geolat
X-Epic-Correlation-Id
X-Eu-Site
X-Thinkindot-L3
X-CGP
X-Hnp-Log
Apple-News-Services-Host
X-Amz-Meta-Cache-Control
AKAMAI
X-Gen-Mode
X-Cache-Expires
X-Block-Status
X-Swa-Ws
X-Server-Group
X-Hash
X-Stale
HA-Cloudapp
Kp-EeAlive
X-Location
GW-Server
GMS-Ver
X-SVT-ORM-VERSION
X-No-Session
Country-Code
HA-Geocity
HA-Geocountry
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Ipaddr
HA-Servedtime
X-Matched-Rule
Heartbleed
HA-Urlpath
Origin
X-SVT-ORM-RULES
X-IN-APIGATEWAY
Esi-Enabled
X-IN-SSL-APIGATEWAY
X-IN-WAF
SS
Thinkindot-CacheControl
X-Sf
Thinkindot-Control
Thinkindot-CacheControl-Type
Request-EU
X-Info
Pragrma
Request-Country
X-Key
Pramga
V-Cache
X-Be
User-Agent
Group
X-Goog-Meta-Goog-Reserved-File-Mtime
On-Server
X-Nginx-Cache-Key
HitInfo
X-Irp-Debug
X-Policy
X-Phone
X-Instance-Name
X-Up
X-Fstrz
Proxy-Connection
Decoy-Debug-Status
X-Gannett-Site-Version
X-P-T
X-GeoIP-City
X-Geo
X-Platform
X-Backend-Url
Server-Int
Fastly-Soc-X-Request-Id
Fastly-SSL
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Distributor
REQUESTUUID
X-SIPLIST1
Decoy-Debug-TTL
IsBot
Decoy-Debug-Key
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-V
MI-API
X-Backend-Host
Cache-Cookie-Set-Idcheck
X-TT-LOGID
MI-Cache-Age
X-Secret
X-Request-URI
X-Developers
X-Distil-CS
X-Dynatrace-Js-Agent
True-Client-Country-4JS
X-VCT
X-MI-In-Market
X-ServiceProvider
MI-Cache
X-Cache-CFC
X-Via-NSCOPI
X-Origin-TTL
X-MSEdge-Flight
X-Refresh
X-Origin-Expires
X-Origin-Date
X-MSEdge-Features
Request-Time
X-Sn-Servicetimems
X-Servername
X-NX-Host
X-ElasticPress-Search
X-Debug-Cookies
X-Debug-Log
X-Cdn-Origin
Magicmarker
X-Core-Mission
X-Fastly-Cache
X-Page-Type
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
PFcat
X-Planisys-CDN-Cache
RequestId
X-COUNTRY
X-DC
Pagetype
X-BBXSRF
X-Req
X-Pjax-Url
X-EIG-Tracking-Id
Host-ID
X-Powered-By-ANYU
PageSpeed
X-VarnCache
X-CACHE-AGE
X-PARISIEN-Cache-Rendered
X-Svr
X-VarnPar1
X-NC
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Micro-Cache
X-Debug-Cache-Expiry
X-HOST
X-Generated-On
X-Newrelic-Synthetics
X-Instart-Info
X-Level-Front-Cache
Mime-Version
MIME-Version
X-Datadome
Cache-Provider
Lfy
ServerName
Cdn
X-Cache-Info
X-TWH-CORRELATION-ID
X-Cdn-Srv
X-Server-Cache
Ohc-Response-Time
Cteonnt-Length
Memory
PICS-Label
X-ARC
X-Gdpr
X-Cluster-Node
X-Servedbyhost
Nel
CF-IPCountry
X-Wa
FSS-Proxy
FSS-Cache
X-StackifyID
X-CMS-Context
X-NodeID
X-Sentry-ID
X-Flog
X-Aicache-OS
X-Hello
X-ABtesting
X-Fastly-Country-Code
X-VServer
X-Load-Cache
X-WR-MODIFICATION
CDN
GeoIP-Country-Code
GeoIP-Latitude
X-LAGOON
SN
Geoip-Latitude
X-HTML-Minification-Powered-By
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
GeoIp-Country-Code
NGX
X-GZip
XServer
X-Varnish-Beresp-TTL
CACHE
X-WA
TSSecure
X-UPSTREAM-Address
X-Check-Cacheable
X-Worker
X-Source
X-CSRF-Token
Processtime
Amp-Access-Control-Allow-Source-Origin
X-MServer
X-Csrf-Token
A
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-APP
X-Unique-Id
Cf-Ipcountry
X-SplitTest
X-AWS-Id
X-LJ-Flow-ID
X-Ratelimit-Remaining
X-VWS-Id
PageType
X-Oss-Storage-Class
X-FireWall-Port
X-Port
X-ServedByHost
WP-Super-Cache
X-Oss-Server-Time
X-CDN-Pop
X-Oss-Hash-Crc64ecma
X-Varnish-Cache-Hits
X-CDN-Pop-IP
X-Oss-Request-Id
X-Oss-Object-Type
X-Generation-Time
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Dynatrace
Pics-Label
X-Cache-Miss-From
X-GDPR
Cdn-Request-Time
HTTPS
X-Sedo-Request-Id
X-Nananana
Cdn-Host
X-Edge-Server
X-SRV
Cache-Hits
URI
Odigeo-Trace-Id
X-VC-Cache
X-Sucuri-Cache
X-Backend-TTL
X-FORWARDED-FOR
X-Skip-Cache
X-ID
DataCenter
X-Cache-Grace
X-Owner
X-B3-Traceid
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Fastly-Cache-Hits
X-Cache-ASPX
X-Varnish-Authentication
X-B3-SpanId
Server-Surrogate-Control
Server-Cache-Control
X-HS-Status
X-IPS-LoggedIn
ProcessTime
X-BE
X-Swift-Error
Hostname
X-RCS-Backend
X-PJAX-URL
X-SN
X-Gen-Id
Dynatrace
X-GoCache-CacheStatus
X-Bug-Bounty
X-GZIP
X-From-Cache
X-Varnish-Url
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-VG-WebCache
X-ORIG-AKA-EDGE
X-Instart-Isnd
X-ND-Cache
X-VarnPar2
X-Fe
X-Cache-Srv
X-PAGE-TYPE
X-Cache-Ttl
X-NGINX-Cache
X-Alicdn-Da-Ups-Status
X-Ms-Lease-State
Requestid
X-Akamai-SSL-Client-Sid
Serverid
X-Amz-Meta-S3b-Last-Modified
X-ServerName
X-LiteSpeed-Cache-Control
X-Server-W
WebServer
X-Varnish-URL
Xet-Cookie
X-Serial
T-Server
X-ORIG-AKA-COUNTRY-CODE
X-SB
X-VC
X-RAMCache
X-Pf-Uncompressing
NodeID
Is-Session-Tracking
Get-Access-Time
RequestUuid
X-PF-Uncompressing
Proxy-Firewall
X-LiteSpeed-Tag
X-Akamai-ERPolicy
X-HTML-Edge-Cache
SID
X-RequestId
NnCoection
X-Akamai-ERRuleID
X-Developed-By
X-CS
Location
X-Dw-Trace-Id