Threat Level: green Handler on Duty: Tom Webb

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Xss-Protection
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-FRAME-OPTIONS
Content-Encoding
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
X-Request-ID
Xkey
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
X-UA-Device
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-Kinja-Server-Push
X-Device
X-Ac
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Amz-Version-Id
X-Host
X-Response-Time
X-OneAgent-JS-Injection
X-Server-Id
Surrogate-Control
X-Backend-Server
X-Rq
X-Cnection
X-Readtime
X-Node
X-Rack-Cache
Server-Timing
X-WebKit-CSP
Report-To
EagleEye-TraceId
X-Application-Context
Request-Id
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-Iejgwucgyu
X-Ua-Compatible
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-CST
X-Clacks-Overhead
Edge-Control
NEL
X-Country
Pinterest-Generated-By
X-Url
Rating
X-Px
X-Country-Code
X-DataDome
X-Ruxit-JS-Agent
X-Server-Name
X-Origin-Cache
X-MS-InvokeApp
X-Varnish-TTL
X-DynaTrace
Allow
X-TTL
X-Vhost
X-PC
X-TtlSet
X-Vname
X-Cached
X-FTR-Request-ID
RTSS
X-ESI
X-Goog-Hash
X-DynaTrace-JS-Agent
X-Powered-CMS
Charset
X-VARITI-CCR
X-Powered-By-Plesk
X-Oracle-Dms-Rid
Accept-CH
X-Dispatcher
Public-Key-Pins
X-D2id
X-GitHub-Request-Id
X-Trace
SPRequestGuid
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-F-Cache
X-Mod-Pagespeed
X-SharePointHealthScore
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
Content-MD5
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
MS-Author-Via
Verso
X-Version
X-T
X-Recruiting
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
Nginx-Cache
X-Abt-Application-Version
X-Client-IP
X-Server-ID
X-Dns-Prefetch-Control
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Forwarded-Proto
X-HW
X-B3-TraceId
Accept-CH-Lifetime
X-N
X-Navigation-Version
X-DIS-Request-ID
X-Dw-Request-Base-Id
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Amz-Rid
X-XRDS-Location
X-Upstream
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Origin-Upstream-Status
X-B
Fastly-Restarts
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastly-Request-ID
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-Wix-Server-Artifact-Id
DynaTrace
X-Accel-Buffering
Realpath
X-ORACLE-DMS-RID
TCN
X-Content-Options
Arr-Disable-Session-Affinity
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Pad
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Ser
Service-Worker-Allowed
X-NF-Request-ID
X-Webkit-Csp
X-Content-Digest
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-Id
Tracecode
Access-Control-Request-Method
X-Varnish-Age
Front-End-Https
S
X-Debug
X-Mrf-Item-Lastmod
X-Amz-Cf-Pop
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-FastCGI-Cache
X-Vcap-Request-Id
X-Middleton-Display
X-Sol
Display
X-MSEdge-Ref
X-PressLabs-Stats
X-Kinsta-Cache
X-FTR-Cache-Status
X-Country-Code-Real
X-Frontend
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
X-IPLB-Instance
X-RateLimit-Remaining
X-Cache-Hit
Surrogate-Key
X-HS-Content-Id
X-ATG-Version
X-HS-Hub-Id
X-Forwarded-For
Powered-By-ChinaCache
Fastcgi-Cache
X-Grace
X-Logged-In
X-Zen-Fury
Rt-Fastcgi-Cache
Server-Name
Response
X-Middleton-Response
X-CF-Powered-By
Backend-Timing
X-Analytics
X-Debug-Info
X-Request-Received
X-Request-Processing-Time
X-Edge-Location
X-Amzn-Trace-Id
X-Rid
FilterID
X-Oneagent-Js-Injection
X-Ttl
X-Mobile
Host
X-FTR-Cache-Host
X-Geo-Segment
X-NewRelic-App-Data
X-Akam-SW-Version
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
X-Revision
X-SS-Set-Cookie
X-User-Agent
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Cache
MicrosoftSharePointTeamServices
Cache-Status
X-Cached-By
X-Accel-Expires
X-Drupal-Cache-Tags
Host-Header
Refresh
X-Magnolia-Registration
X-SERVER
Ar-Sid
X-HS-Cache-Config
X-Newrelic-App-Data
X-Varnish-Backend
ServerID
Liferay-Portal
X-Cache-Rule
X-GUploader-UploadID
X-Use-Magma
X-TA-CDN-Provider
X-B3-Sampled
X-B3-TraceId-Primal
X-Platform-Server
X-FB-Debug
DC
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cluster
X-Tumblr-User
X-Node-Name
X-B-Cache
X-Instance
X-Signature
X-Webkit-CSP
X-AOL-HN
X-Whom
X-Cache-Control
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Cache-2
Cache-Tag
X-LB-Cache
X-Varnish-Hostname
X-Page-Id
X-Device-Type
X-App-Environment
X-BCube-Filmed-By
X-Framework
Cleartype
X-Handled-By
X-Srv
Public-Key-Pins-Report-Only
X-Request-Guid
AR-Request-ID
X-Esi
X-Generated-By
Eomportal-Instance
X-AppVersion
X-Activity-Id
X-WPE-Loopback-Upstream-Addr
X-Az
Accept-Charset
X-Drupal-Cache-Contexts
X-NWS-LOG-UUID
X-Cache-Action
X-Cache-Server
X-TT
X-Via-JSL
X-Seen-By
X-Wix-Request-Id
X-App-Server
ViewerVersion
MS-CV
Retry-After
Source
X-Amz-Replication-Status
X-Fastcgi-Cache
X-Content-Powered-By
X-VCache
Upgrade-Insecure-Requests
Alternate-Protocol
HostName
AR-SID
X-Hostname
X-Correlation-Id
X-App-Version
X-WA-Info
X-Varnish-Server
Webserver
Server-Node
X-Varnish-Grace
AsisCache
X-Response-Served-From
X-Cache-NE
X-Geo-Country
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-HS-Combine-CSS
X-Amz-Apigw-Id
X-Amzn-RequestId
X-WebKit-CSP-Report-Only
Actual-Object-TTL
SRV
X-Locale
X-GeoIP
X-RequestSource
X-URL
GEO-INFO
X-Jobs
X-FW-Type
X-FW-Server
X-FW-Serve
ServedBy
X-FW-Hash
X-FW-Static
Viewport
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Edge-Cache
Payment
X-S
X-Varnish-Hits
X-Edge-Cache-Key
X-Status
X-UUID
X-Contextid
X-Servedby
X-TX-ID
CACHE
X-Cache-TTL-Remaining
X-Varnish-IP
X-Adobe-Loc
X-Adobe-Content
X-Correlation-ID
X-TT-TIMESTAMP
X-Origin-Server
X-Vg-Webcache
X-Daa-Tunnel
X-Cache-Operation
Pagespeed
X-Cacheable-TTL
PageSpeed
Country
X-Sucuri-ID
Datacenter
X-RateLimit-Limit
Served-By
Server-Info
X-Hyper-Cache
X-Amz-Server-Side-Encryption
X-Forwarded-Host
S-Cnection
X-Region
X-Akamai-Request-ID2
From-Origin
X-Real-IP
X-Mode
Cache
X-TIME
X-Cache-Age
X-CLOUD-TRACE-CONTEXT
X-DataStream-Cache-Status
HitType
HitInfo
Xserver
X-Cache-Config
X-Amz-Meta-Surrogate-Control
X-Access
Access-Control-Allow-Method
Fastcgi-X-Cache
Machine
Meta-Geo
X-Ezoic-Cdn
X-Detected-As
X-Routing-Service
X-RN-RSRV
X-Rendered-As
X-Rule
X-Section
X-Upgrade-Enabled
X-Site-Version
X-Proxy
X-Proxied
X-Format
X-Cache-Var-Map
X-Generated
X-Is-Bot
X-Zipkin-Id
X-JoinUs
X-Cache-Var
Fastcgi-X-Cache-Version
Content-Script-Type
Content-Style-Type
X-Environment-Context
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-L-Path
TWC-Device-Class
Now
L5d-Success-Class
Fastcgi-Useragent
LB
X-Ocache
TWC-Privacy
OT-Force-Account-Verify
Webcakes-App-Version
X-Hosted-By
X-Grey
X-NGENIX-Cache
X-Origin-Hint
X-Request-Time
X-CDN-Cache
X-Cache-Category-Id
Webcakes-Region
DB-Nickname
X-Agile
X-Agile-Age
X-Agile-Id
Webcakes-App-Name
TWC-Locale-Group
X-Akamai-Transformed
Healthy
X-Source
X-EIG-Tracking-Id
X-Birta-Cache-Post
S-Rt
Cache-Name
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-CCM
X-Content-Type
X-ServerID
X-Tb
X-TNCMS
X-Via-Fastly
X-Rocket-Nginx-Bypass
X-PCL
X-FC-Vary-Parameters
X-Hit
X-Loop
X-OCL
Azure-InstanceId
X-Birta-Served
X-Viewer-Country
X-SplitTest
X-VG-TLSProxy
Mn-Server-Ip
X-BYPASS-REASON
X-ProxyCache-Key
X-AWS-Id
X-Labrador-Cache-Channel
X-OVcl-Cache
X-VWS-Id
X-Pubstack
X-ProxyCache-Status
X-RemovedCookies
X-Microcachable
X-ProcessESI
X-Ms-Lease-Status
X-OVcl
X-Pc-Key
X-IP
X-Ms-Blob-Type
X-Original-Request
X-LJ-Flow-ID
X-Upstream-HT
X-Xfnlog-Site
X-Ms-Request-Id
X-Human
X-Upstream-CT
X-XRDS-LOCATION
X-Origin
X-Pc-Appver
X-Pc-Hit
X-Ms-Version
X-Path-Route
X-Proxy-Build
Accept-Language
X-Cluster-Node
X-Www-Served-By
X-Cache-Enabled
Selected-FE
X-Ruxit-Js-Agent
X-Timing-Wait
X-Sorting-Hat-PodId
X-Distil-CS
X-Sorting-Hat-ShopId
IBM-Web2-Location
Access-Control-Request-Headers
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShardId
X-ShopId
Cache-Hits
X-Web-Node
X-Cdn
X-App-Name
X-Guploader-Uploadid
X-Via-CDN
X-Twitter-Response-Tags
X-TWH-CORRELATION-ID
X-NodeID
X-Transaction
X-Connection-Hash
X-APP-VERSION
X-Port
NtCoent-Length
Origin-Cache-Control
X-GRACE
Origin-Edge-Control
X-RTag
X-MP-GENERATED-AT
Time
Ms-Operation-Id
X-Unique-ID
X-Cache-Remote
Backend
X-Nginx-Cache
X-Varnish-Cacheable
X-Edge-IP
X-UA
X-Real-Ip
User-Agent
X-Geo
X-Origin-CC
X-Debug-Cache
Mail-Subject
X-Cache-TTL
We-Hiring
NGB
X-Internal-Host
X-NCache
X-Pc-Host
X-Tumblr-Pixel-3
X-Pc-Date
Filters
X-Varnish-Cache-Hits
X-Proto
X-Cdn-Forward
X-Sucuri-Cache
X-Ua
X-Ratelimit-Limit
X-Storage
X-Mrs-Cache
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Age
X-Csrf-Token
X-PERF
X-ApacheServer
X-Newrelic-Synthetics
X-Oracle-Dms-Ecid
X-CACHE-GROUP
X-Webstats-RespID
X-CACHE-AGE
X-Urbn-Context-Path
Warning
Fastly-SSL
Locale
X-Urbn-Site-Id
X-ElasticPress-Search
X-Varnish-Beresp-Grace
Cache-Tags
X-Backend-Name
X-Varnish-Beresp-Status
X-Akamai-Request-ID
X-C
Cache-Key
X-CACHE-KEY
X-CDN-Forward
X-EdgeConnect-Cache-Status
X-From
Ajk
X-G
X-Backend-Url
SN
X-BB-ID
Apple-News-Services-Host
Arc-Country
X-Fetched-On
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Generated-In
Apple-News-Services-Handled
X-GeoIP-Country-Code
MD5-Digest
X-Irp-Debug
X-B-Cookie
X-Logtrace-Id
HA-Urlpath
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Hash
BehaviorPad-Version
HA-Geolon
X-Backend-Host
X-IN-APIGATEWAY
X-Backend-TTL
X-F5-Cache
FSS-Cache
FSS-Proxy
X-CF-Lambda-Version
Fly-Request-Id
X-CGP
Fly-Cache
X-CF-Lambda-Fn
X-Cache-Bucket
HA-Geocity
HA-Geocountry
HA-Cloudapp
X-Cache-Srv
GMS-Ver
X-BBXSRF
Ec-Rule-Version
X-Epic-Correlation-Id
X-DPWN-IS-SECURE
Cache-Prefix
X-Eu-Site
X-External-Request-Id
X-Died
Content-Disposition
X-Date
X-D
X-Destination
X-Developer
X-Developers
Meta-Geo-Continent
X-Application
Viewtype
X-Via-SSL
V-Age
X-UA-Device-Type
X-Wikidot-Backend
X-Via-Edge
X-VG-WebServer
X-UE-Client-Country
X-Trv-Group
Ha-Gx-Prefs
VivaBuild
Rendered-Blocks
X-Wikidot-Static-Cache
UCS
Rt-Proxy-Cache
X-Endurance-Cache-Level
HA-Servedtime
X-Powered-By-ANYU
Server-Host
HA-Ipaddr
HA-Host
TSSecure
Xc-Version
User-Cache-Control
Resin-Trace
WZWS-RAY
X-NU-AKA-ACS-Version
X-A
X-Accel-Expires-Debug
Mobile-Detection-Method
HA-Georegion
Odigeo-Trace-Id
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Aed
HA-Geolat
X-Org
X-PAYTM-SRV-ID
X-Platform
X-Amz-Meta-Cache-Control
X-S-Cookie
X-A-Wwc
X-Nc
X-A-Dam
X-A-Ccd
X-Dc
X-SRCache-Key
X-Store
X-Server-Time
X-ScT
X-A-Dcw
X-A-Dgt
X-Server-By
X-B3-Spanid
X-NC
X-Auto-Login
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
Www
X-ABtesting
X-Backend-State
X-Flog
X-User
X-V
X-VServer
X-UnsetCookies
X-Thinkindot-L3
X-Server-IP
X-ServiceProvider
X-SIPLIST1
X-We-Are-Hiring
X-Worker
X-Debug-Log
X-NX-Host
X-Sn-Servicetimems
X-Debug-Cookies
X-Cdn-Origin
Fastly-Soc-X-Request-Id
X-Cache-Host
X-Secret
X-S-Maxage
X-Hl-Ver
X-Key
X-Location
X-Hello
X-GeoIP-City
X-Clientip
X-FW-Version
X-Gannett-Site-Version
X-Matched-Rule
X-No-Session
X-Request-Start
X-Request-URI
X-Response-By
X-Release
X-Redis-Cache
X-Owner
X-Reboot
X-Cache-URL
X-Dispatcher-Server
IsBot
AKAMAI
X-Varnish-Beresp-Ttl
Decoy-Debug-TTL
Memcached
Origin
Frame-Options
X-PHP-Backend
X-Cache-Backend
Backend-Name
Release
RNT-Time
Countrycode
Country-Code
Heartbleed
Server-ID
Decoy-Debug-Status
Decoy-Debug-Key
RNT-Machine
X-LI-UUID
X-Node-Id
X-MI-In-Market
X-MSEdge-Features
X-LI-Proto
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Ms-Lease-State
X-Info
X-Gen-Mode
Adler-Geo
X-Fastly-Cache
CDCHOST
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Li-Fabric
X-Layer
X-Instance-Name
X-Passed-To
X-Li-Pop
X-Policy
X-VCT
X-WebServer
X-Varnish-Action
X-Variation
X-DC
X-Up
Fastly-SIE
Fastly-SWR
X-Trace-Id
X-Var-Ttl
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Cache-Id
X-Thanos
X-Stale
X-RCS-CacheZone
X-Request-UUID
X-Distributor
X-Phone
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Server-Int
X-Returned-From-BeforeDispatch
X-Served-From
X-Sf
X-Sentry-ID
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
X-Returned-From
Pramga
Pragrma
GW-Server
X-Cache-Expires
Fastly-Backend-Name
Esi-Enabled
Uber-Trace-Id
X-Core-Mission
Request-EU
Request-Country
X-Cache-Debug
Platform
MI-Cache-Age
Kp-EeAlive
MI-Cache
Magicmarker
X-Actual-URL
Is-Eu
X-Block-Status
On-Server
NodeID
X-Bip
X-Core-Value
Web-Mar-Node
Section-Io-Cache
X-Crawler
X-CUA
X-Croise-Owner
True-Client-Country-4JS
X-Device-Os
X-Datadome
X-TT-LOGID
Proxy-Connection
X-Swa-Ws
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Cache-CFC
X-Fstrz
X-Via-NSCOPI
X-Qloud-Router
REQUESTUUID
Pagetype
X-NODE
HTTPS
X-P-T
X-BB-IP
Powered-By
ProcessTime
X-HOST
MI-API
MIME-Version
RequestId
Cteonnt-Length
X-Page-Type
X-Refresh
X-Servername
X-Req
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Pjax-Url
X-MServer
X-NWS-UUID-VERIFY
X-Kong-Proxy-Latency
X-Be
X-Origin-Response-Time
X-SN
X-Kong-Upstream-Latency
Version
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-GZip
X-Dynatrace-Js-Agent
X-Ckpd-Fst-Backend
X-Origin-TTL
X-Parent-Response-Time
Cdn
Memory
X-Cache-FS-Status
Amp-Access-Control-Allow-Source-Origin
V-Cache
X-Unique-Id-Primal
Group
Who
X-Content-Age
CF-IPCountry
Mime-Version
X-Servedbyhost
Fusion-Source
X-Aicache-OS
Fusion-Content-Source
Fusion-Content-Id
X-ND-Cache
Fusion-Template-Id
Fusion-Component-Id
X-Varnish-Url
SS
X-Time
X-Vcache
X-COUNTRY
X-Wa
X-SERVER-NAME
GeoIP-Country-Code
X-Generation-Time
X-B3-Traceid
PageType
X-Varnish-Beresp-TTL
X-Pf-Uncompressing
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
CDN
X-GEO
X-Edge-Server
X-Unique-Id
GeoIP-Latitude
Cdn-Request-Time
X-FireWall-Port
X-Protected-By
Cdn-Host
X-SRV
X-Ratelimit-Remaining
X-Server-Group
X-Fastly-Cache-Hits
GeoIp-Country-Code
Get-Access-Time
Is-Session-Tracking
X-APP
Geoip-Latitude
X-Cache-Info
XServer
SD-X-WS
X-EC-Security-Audit
X-M-Reqid
X-M-Log
X-WA
X-Qnm-Cache
Serverid
X-CS
A
T-Server
NGX
X-Requestid
X-Server-W
X-Surge-Debug
X-CSRF-Token
Load-Balancing
X-HTML-Minification-Powered-By
X-Origin-Expires
X-Origin-Date
ServerName
Nel
X-Check-Cacheable
X-ID
PICS-Label
X-Gdpr
X-Nananana
X-RequestId
DataCenter
X-StackifyID
X-ServedByHost
Cf-Ipcountry
X-ARC
X-Atg-Version
X-Fastly-Country-Code
X-Skip-Cache
X-Origin-Host
URI
X-FORWARDED-FOR
Hostname
Processtime
X-PHP-Host
X-GZIP
Node
VIX-Pulpo-Upstream-Status
X-HS-Status
X-PF-Uncompressing
VIX-Pulpo-Node
X-NGINX-Cache
X-Feature
X-Load-Cache
X-Alicdn-Da-Ups-Status
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Proxy-Server
X-DataStream-MidMile-RTT
X-BE
X-UPSTREAM-Address
X-DataStream-Origin-MEX-Latency
X-B3-SpanId
WP-Super-Cache
Cache-Provider
X-Fe
X-PJAX-URL
X-ServerName
X-VG-WebCache
Vix-Hermes-Req-Id
Requestid
X-HTML-Edge-Cache
Powered
Cneonction
X-IPS-LoggedIn
X-PAGE-TYPE
RequestUuid
Https
X-Cdn-Srv
Lfy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Fastly-Backend-Reqs
X-From-Cache
X-SB
N-Cache
X-Distil-Cs
X-WR-MODIFICATION
X-Content-Encoded-By
X-Cache-Ttl
X-VC
X-Serial
X-CSRF-TOKEN
Sid
X-Gen-Id
Request-Time
SID
Cdn-Src-Port
X-Dw-Trace-Id
X-Grace-Duration
Build-Number
X-Akamai-SSL-Client-Sid
X-RAMCache