Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Amz-Cf-Pop
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Server-Powered-By
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Cache-Lookup
X-Server-Id
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Host
X-Cnection
X-Node
X-Readtime
Report-To
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Rq
Server-Timing
X-Response-Time
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
Allow
X-Url
Rating
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Trace
X-DataDome
X-Server-Name
X-Px
X-Vhost
X-B3-TraceId
X-ESI
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
RTSS
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Cached
Accept-CH
X-Goog-Hash
Charset
SPRequestGuid
X-Server-ID
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
X-D2id
X-F-Cache
Pinterest-Generated-By
Public-Key-Pins
Verso
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Dispatcher
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-TTL
X-SharePointHealthScore
X-Version
X-T
X-Cdn
X-Powered-By-Plesk
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-DynaTrace-JS-Agent
X-Ser
X-Fastly-Request-ID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Origin-Upstream-Status
X-Navigation-Version
X-Forwarded-Proto
X-B
X-Shield-Request-Id
X-Recruiting
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
DynaTrace
X-Amz-Rid
Realpath
SPIisLatency
SPRequestDuration
X-HW
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Vcap-Request-Id
Content-MD5
X-Ttl
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
Edge-Cache-Tag
X-N
Arr-Disable-Session-Affinity
X-Oneagent-Js-Injection
X-Hits
X-Varnish-Age
X-Debug
X-Oracle-Dms-Rid
MRF-Tech
X-Mrf-Section-Lastmod
X-Aspnet-Version
TCN
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Goog-Storage-Class
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-NewRelic-App-Data
X-Dw-Request-Base-Id
X-Id
X-XRDS-Location
S
X-ATG-Version
X-Via-JSL
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
Service-Worker-Allowed
X-FTR-Expires
X-Logged-In
X-Dns-Prefetch-Control
Alternate-Protocol
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
Rt-Fastcgi-Cache
X-PressLabs-Stats
Tracecode
X-Frontend
Surrogate-Key
X-Content-Digest
X-Kinsta-Cache
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Pad
Fastly-Restarts
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-Cache-Key
X-FTR-Cache-Host
X-Content-Options
X-Ruxit-Js-Agent
Server-Name
X-Edge-Location
X-Amzn-Trace-Id
Ar-Sid
X-CF-Powered-By
Backend-Timing
X-Analytics
Fastcgi-Cache
X-Grace
Host
FilterID
TP-L2-Cache
TP-Cache
X-Rid
X-Hostname
X-Debug-Info
X-User-Agent
X-Whom
X-Magnolia-Registration
X-IPLB-Instance
X-Cache-2
ServerID
X-B3-Sampled
X-Revision
Eomportal-Instance
X-Request-Processing-Time
X-Request-Received
X-Page-Id
X-Mobile
Paypal-Debug-Id
X-Srv
AR-Request-ID
X-NWS-LOG-UUID
Front-End-Https
X-Akam-SW-Version
X-AOL-HN
X-VCache
X-HS-Cache-Config
Retry-After
X-Content-Powered-By
X-URL
X-Litespeed-Cache
X-Signature
X-B-Cache
X-Handled-By
X-Device-Type
X-SS-Set-Cookie
Refresh
X-FB-Debug
X-Cluster
X-Cache-Action
X-LB-Cache
Source
X-Cache-Hit
X-Varnish-Grace
X-Instance
X-Framework
Cleartype
X-Correlation-Id
X-WA-Info
X-Tumblr-User
X-Request-Guid
X-App-Environment
X-Varnish-Hostname
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-BCube-Filmed-By
X-Platform-Server
X-Cache-Control
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Fastcgi-Cache
X-GUploader-UploadID
Webserver
X-Zen-Fury
X-Middleton-Display
X-Sol
X-Varnish-Backend
Display
X-XRDS-LOCATION
X-Activity-Id
X-AppVersion
X-Az
X-Content-Type
X-Daa-Tunnel
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Server
Healthy
X-Cache-Rule
X-Varnish-Server
Response
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Middleton-Response
ViewerVersion
X-Seen-By
X-Wix-Request-Id
X-Cache-Age
X-Generated-By
X-Geo-Country
S-Cnection
X-App-Server
X-Cached-By
Server-Node
Cache-Status
X-TT
X-Origin-Server
X-Amz-Replication-Status
Upgrade-Insecure-Requests
X-CACHE-GROUP
X-DataStream-Cache-Status
X-Accel-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Esi
Payment
GEO-INFO
X-S
Filters
X-RequestSource
X-TA-CDN-Provider
X-UA-Device-Type
X-Response-Served-From
NGB
X-Cacheable-TTL
X-Node-Name
X-Servedby
X-Status
Accept-Charset
Viewport
ServedBy
X-Locale
X-Edge-Cache-Key
X-Edge-Cache
X-Varnish-IP
X-Cache-NE
X-Contextid
X-Jobs
X-Tumblr-Pixel-2
Access-Control-Allow-Method
X-Varnish-Hits
X-FW-Static
X-TT-TIMESTAMP
X-FW-Type
X-FW-Serve
X-Tumblr-Pixel-1
Actual-Object-TTL
X-FW-Server
X-FW-Hash
X-GeoIP
X-UUID
X-TX-ID
AsisCache
X-Amz-Server-Side-Encryption
X-Adobe-Content
Server-Info
X-WebKit-CSP-Report-Only
X-Adobe-Loc
HostName
X-WPE-Loopback-Upstream-Addr
X-Storage
Host-Header
Cache
X-PHP-Backend
X-Cache-TTL-Remaining
Cache-Tv-Group
SRV
X-Rendered-As
X-Cache-Remote
X-Croise-Owner
MS-CV
X-Vg-Webcache
From-Origin
X-Hyper-Cache
X-App-Version
X-APP-VERSION
X-Cache-Operation
X-Region
X-Webkit-CSP
X-HS-Combine-CSS
Served-By
X-Redis-Cache
Cache-Tag
Public-Key-Pins-Report-Only
DC
Liferay-Portal
X-Forwarded-Host
X-Guploader-Uploadid
X-CACHE-KEY
X-Mode
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Xserver
X-Detected-As
Machine
Fastcgi-Useragent
X-Path-Route
Selected-FE
X-Akamai-Transformed
X-Loop
X-Endurance-Cache-Level
X-NGENIX-Cache
X-Request-Time
X-Yottaa-Optimizations
Pagespeed
Meta-Geo
X-Agile
X-Upgrade-Enabled
X-IP
X-Is-Bot
X-Agile-Id
X-Yottaa-Metrics
X-Timing-Wait
X-Hosted-By
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-Agile-Age
X-TNCMS
X-Webstats-RespID
X-Proxy-Build
TWC-GeoIP-Country
TWC-Device-Class
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
TWC-GeoIP-LatLong
X-Cache-Category-Id
X-Human
TWC-Connection-Speed
X-Environment-Context
X-Generated
X-Format
X-Grey
Now
X-Internal-Host
Property-Id
X-CDN-Cache
X-Site-Version
X-Upstream-HT
X-L-Path
Webcakes-App-Version
X-JoinUs
X-Vgn-Hpd-Reason
X-Via-Fastly
X-ProxyCache-Status
X-Upstream-CT
Cache-Name
X-BYPASS-REASON
TWC-Privacy
X-Labrador-Cache-Channel
Webcakes-App-Name
Webcakes-Region
X-Original-Request
X-ProxyCache-Key
X-Origin-Hint
TWC-Locale-Group
Powered-By-ChinaCache
X-B3-Spanid
X-ProcessESI
S-Rt
X-Viewer-Country
X-Web-Node
X-Access
X-UA
X-Tumblr-Pixel-3
Origin-Cache-Control
Origin-Edge-Control
X-Pubstack
X-Section
DB-Nickname
X-Time-Microsecs
X-Proxy
X-Birta-Cache-Post
Cache-Tags
X-Akamai-Request-ID
X-Origin
X-NCache
X-VG-TLSProxy
X-RemovedCookies
X-Birta-Served
X-Origin-Host
X-Origin-Response-Time
X-Ocache
X-PCL
X-Origin-CC
X-OCL
X-Cache-Config
Azure-SlotName
Azure-SiteName
Azure-Version
Mn-Server-Ip
X-Tb
X-ServerID
Azure-RegionName
Azure-InstanceId
X-CCM
X-FC-Vary-Parameters
X-Backend-Name
X-Www-Served-By
X-Xfnlog-Site
X-Akamai-Request-ID2
X-Rule
HitType
X-Zipkin-Id
X-Routing-Service
Datacenter
X-Proxied
X-CLOUD-TRACE-CONTEXT
X-TIME
Cache-Key
X-Via-CDN
X-Parent-Response-Time
X-App-Name
OT-Force-Account-Verify
X-Sorting-Hat-PodId
X-BACKEND-TTL
X-Sorting-Hat-ShopId
X-Cache-TTL
X-Alternate-Cache-Key
X-Nginx-Cache
X-Shopify-Stage
X-Protected-By
X-ShardId
X-ShopId
X-RateLimit-Limit
Content-Script-Type
Content-Style-Type
Vix-Hermes-Req-Id
X-Kong-Upstream-Latency
X-Dynatrace-Js-Agent
X-Edge-IP
X-Kong-Proxy-Latency
User-Cache-Control
X-Ezoic-Cdn
Accept-Language
L5d-Success-Class
X-OVcl-Cache
X-OVcl
Time
NtCoent-Length
X-Real-IP
X-Pc-Host
X-Pc-Date
Ms-Operation-Id
X-RTag
X-Cache-Backend
X-Newrelic-App-Data
X-PERF
X-ApacheServer
LB
X-Cdn-Forward
X-Real-Ip
X-Front
X-Webkit-Csp
X-Amz-Meta-Surrogate-Control
AR-SID
X-GRACE
X-Unique-Id-Primal
X-Proto
X-FB-TRIP-ID
X-Mrs-Age
X-Mrs-Cache
X-Mshield-Cache-Status
X-Correlation-ID
X-Mrs-Cache-Hits
X-Nc
X-Varnish-Cacheable
X-Content-Age
Section-Io-Cache
X-Hit
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-CDN-Forward
X-Debug-Cache
Country
X-Sucuri-ID
WZWS-RAY
Load-Balancing
X-Unique-ID
X-Ratelimit-Limit
X-Microcachable
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-Trace-Id
Fusion-Component-Id
X-C
X-Time
X-MP-GENERATED-AT
X-Hl-Ver
Version
Access-Control-Request-Headers
X-Dc
Ohc-File-Size
X-Varnish-Beresp-Ttl
X-EdgeConnect-Cache-Status
We-Hiring
Mail-Subject
Warning
X-Transaction
X-Connection-Hash
X-Cache-Enabled
X-Twitter-Response-Tags
X-Generated-In
X-Aed
X-G
Cache-Prefix
X-From
X-FW-Version
X-Fetched-On
Countrycode
Node
Rendered-Blocks
Adler-Geo
Ajk
X-Li-Fabric
X-Li-Pop
X-Backend-State
X-Layer
X-A-Wwc
X-Actual-URL
X-GeoIP-Country-Code
Arc-Country
X-Accel-Expires-Debug
Release
BehaviorPad-Version
Fastly-SIE
X-CF-Lambda-Fn
X-Cache-URL
X-Cache-Id
X-Cache-Host
X-CF-Lambda-Version
X-Application
X-CUA
X-Crawler
X-Clientip
IBM-Web2-Location
Is-Eu
Meta-Geo-Continent
X-Auto-Login
X-Bip
Memcached
MD5-Digest
X-Cache-FS-Status
X-Cache-Expires
X-Cache-Debug
X-D
X-Date
Fastly-SWR
Fly-Cache
Fly-Request-Id
X-UE-Client-Country
X-External-Request-Id
X-F5-Cache
Fastly-Backend-Name
X-BB-ID
Frame-Options
Powered-By
X-Device-Os
X-Developer
X-Destination
X-Died
X-Dispatcher-Server
Platform
Mobile-Detection-Method
X-DPWN-IS-SECURE
Ec-Rule-Version
X-A-Dam
X-User
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Request-UUID
X-WebServer
X-Server-By
X-Var-Ttl
X-Response-By
Thinkindot-Control
Xc-Version
Rt-Proxy-Cache
V-Age
X-Release
X-A
SD-X-WS
X-Server-Time
Server-Host
X-Returned-From
X-Returned-From-BeforeDispatch
X-VG-WebServer
X-Varnish-Action
X-S-Cookie
X-We-Are-Hiring
X-Via-SSL
X-Via-Edge
X-S-Maxage
X-Variation
X-ScT
X-Served-From
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Rewrite-Enabled
Server-ID
X-Rojux
SS
Www
X-SRCache-Key
X-Thinkindot-L3
X-Passed-To
X-Trv-Group
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Org
X-NU-AKA-ACS-Version
X-Logtrace-Id
X-A-Dgt
X-LI-UUID
X-Matched-Rule
X-A-Dcw
X-Node-Id
X-A-Ccd
X-PHP-Host
User-Agent
X-B-Cookie
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
RNT-Machine
X-Reboot
RNT-Time
X-Region-Sid
X-Ua
X-Store
X-Swa-Ws
Resin-Trace
X-Thanos
X-Qloud-Router
X-RCS-CacheZone
VivaBuild
Viewtype
X-LI-Proto
X-Proxy-Cache-Status
X-Via-NSCOPI
X-Secret
X-Rocket-Nginx-Bypass
Request-Time
X-Request-Start
X-Goog-Meta-Goog-Reserved-File-Mtime
X-UnsetCookies
X-Server-Group
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Stale
X-Sf
X-Server-IP
X-ServiceProvider
X-P-T
X-TT-LOGID
X-Hash
X-IN-APIGATEWAY
X-Gannett-Site-Version
X-Eu-Site
X-CGP
X-Epic-Correlation-Id
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-No-Session
X-Proxy-Upstream
X-MI-In-Market
X-Location
X-Info
X-Cache-Bucket
Who
HA-Geolat
HA-Geolon
HA-Geocountry
HA-Geocity
HA-Cloudapp
HA-Georegion
Ha-Gx-Prefs
HA-Urlpath
Heartbleed
HA-Servedtime
HA-Ipaddr
HA-Host
GW-Server
GMS-Ver
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Backend
Backend-Name
Decoy-Debug-TTL
Esi-Enabled
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
Kp-EeAlive
Country-Code
MI-Cache-Age
Proxy-Connection
On-Server
Origin
MI-Cache
Pragrma
True-Client-Country-4JS
MI-API
Pramga
X-NODE
X-Be
X-Geo
X-Nginx-Cache-Key
X-Fstrz
X-MSEdge-Flight
X-MSEdge-Features
X-Origin-Expires
Locale
Uber-Trace-Id
X-Hnp-Log
X-Instance-Name
X-Key
X-Distributor
UCS
X-Origin-Date
Fastly-SSL
X-Policy
X-Platform
X-Planisys-CDN-TTL
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Request-URI
X-SIPLIST1
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Cache-Cookie-Set-Lfrom
X-Phone
Server-Int
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-V
X-Page-Type
X-Cache-CFC
Web-Mar-Node
X-Distil-CS
Request-Country
Request-EU
X-Backend-Url
PFcat
X-Core-Value
Fastly-Soc-X-Request-Id
X-Backend-Host
X-Block-Status
X-Developers
REQUESTUUID
IsBot
CDCHOST
X-Amz-Meta-Cache-Control
X-Up
X-Gen-Mode
Pagetype
X-Debug-Log
X-NWS-UUID-VERIFY
X-Wikidot-Static-Cache
X-Cdn-Origin
X-Servername
X-Refresh
X-Sn-Servicetimems
X-NX-Host
X-Debug-Cookies
X-Wikidot-Backend
X-Origin-TTL
X-Fastly-Cache
X-Core-Mission
Magicmarker
X-ElasticPress-Search
X-Irp-Debug
Group
V-Cache
X-COUNTRY
X-Debug-Cache-Expiry
RequestId
X-Debug-Cache-Store
X-Svr
X-DC
X-GeoIP-City
X-Debug-Cache-Fetch
X-VCT
HitInfo
X-PARISIEN-Cache-Rendered
X-Req
Host-ID
X-Level-Front-Cache
X-Pjax-Url
X-VarnCache
X-Generated-On
X-VarnPar1
X-Micro-Cache
X-Instart-Info
PageSpeed
X-Newrelic-Synthetics
Lfy
ServerName
X-NC
X-CACHE-AGE
X-BBXSRF
X-Server-Cache
X-Cdn-Srv
X-Cache-Info
X-Datadome
Mime-Version
MIME-Version
X-Powered-By-ANYU
Cache-Provider
X-EIG-Tracking-Id
X-B3-Traceid
Ohc-Response-Time
X-ARC
Cdn
Memory
Cteonnt-Length
PICS-Label
X-Gdpr
X-TWH-CORRELATION-ID
X-CMS-Context
X-Servedbyhost
Nel
X-LAGOON
X-Wa
X-Cluster-Node
X-WR-MODIFICATION
CF-IPCountry
X-Fastly-Country-Code
X-StackifyID
NGX
X-Aicache-OS
X-Load-Cache
X-NodeID
CDN
FSS-Proxy
X-Sentry-ID
X-HTML-Minification-Powered-By
GeoIP-Country-Code
GeoIP-Latitude
FSS-Cache
X-Ratelimit-Remaining
X-ABtesting
X-CSRF-TOKEN
X-VServer
GeoIp-Country-Code
X-Hello
XServer
X-Flog
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-Check-Cacheable
Cf-Ipcountry
X-UPSTREAM-Address
SN
X-WA
Processtime
X-APP
Amp-Access-Control-Allow-Source-Origin
X-GZip
X-Source
X-Csrf-Token
X-HOST
X-RateLimit-Limit-Second
X-Unique-Id
TSSecure
X-RateLimit-Remaining-Second
X-Varnish-Cache-Hits
X-FireWall-Port
X-Generation-Time
X-CSRF-Token
CACHE
WP-Super-Cache
X-DataStream-Origin-MEX-Latency
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Cache-Miss-From
X-CDN-Pop-IP
X-ServedByHost
X-DataStream-MidMile-RTT
X-MServer
X-Sedo-Request-Id
X-Oss-Object-Type
X-Oss-Request-Id
X-CDN-Pop
X-Oss-Server-Time
X-Worker
Cdn-Host
Cdn-Request-Time
Pics-Label
PageType
X-Dynatrace
X-GDPR
URI
A
X-Cache-Grace
X-Nananana
X-Edge-Server
X-SRV
X-Cache-ASPX
Server-Cache-Control
X-Skip-Cache
X-VC-Cache
Server-Surrogate-Control
X-FORWARDED-FOR
X-Varnish-Authentication
X-ID
X-AWS-Id
X-SplitTest
X-LJ-Flow-ID
X-VWS-Id
DataCenter
X-HS-Status
HTTPS
X-IPS-LoggedIn
X-Sucuri-Cache
X-Port
X-RCS-Backend
X-Varnish-Url
X-VG-WebCache
X-Backend-TTL
Odigeo-Trace-Id
X-B3-SpanId
X-Fastly-Cache-Hits
X-Swift-Error
X-BE
Cache-Hits
X-PJAX-URL
X-From-Cache
Dynatrace
Hostname
X-Instart-Isnd
X-Owner
X-ND-Cache
X-SN
X-Pf-Uncompressing
Is-Session-Tracking
X-Gen-Id
Get-Access-Time
X-Ms-Blob-Type
X-Bug-Bounty
X-GZIP
X-Ms-Request-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Ms-Version
X-Ms-Lease-Status
Proxy-Firewall
X-GoCache-CacheStatus
X-Server-W
X-ORIG-AKA-EDGE
X-VarnPar2
Requestid
X-Cache-Ttl
X-NGINX-Cache
ProcessTime
X-Akamai-SSL-Client-Sid
Serverid
X-Amz-Meta-S3b-Last-Modified
X-Serial
X-ServerName
X-LiteSpeed-Cache-Control
X-Varnish-URL
X-Ms-Lease-State
WebServer
X-GEO
X-PAGE-TYPE
X-Alicdn-Da-Ups-Status
RequestUuid
T-Server
X-ORIG-AKA-COUNTRY-CODE
X-VC
X-SB
X-RAMCache
X-Fe
Powered
Xet-Cookie
X-PF-Uncompressing
Correlation-Id
X-LiteSpeed-Tag
NodeID
X-HTML-Edge-Cache
X-Dw-Trace-Id
X-Developed-By
Location
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-CS
X-Cache-Srv
NnCoection
SID