Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Amz-Cf-Pop
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Upgrade
X-Request-ID
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Via
X-Pingback
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
X-Server-Id
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Application-Context
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-Varnish-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Cache
X-FTR-Request-ID
X-Server-ID
X-Country-Code
X-B3-TraceId
X-Px
X-Trace
X-DataDome
X-ESI
X-Vhost
X-GitHub-Request-Id
X-Server-Name
X-VARITI-CCR
X-Ruxit-JS-Agent
Accept-CH
X-ORACLE-DMS-RID
X-Goog-Hash
RTSS
X-Cached
X-MS-InvokeApp
Charset
X-Mod-Pagespeed
SPRequestGuid
Pinterest-Generated-By
X-PC
Verso
X-TtlSet
X-Vname
Public-Key-Pins
X-F-Cache
X-D2id
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-TTL
X-Version
X-Dispatcher
X-T
X-SharePointHealthScore
X-Cdn
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-Origin-Upstream-Status
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Navigation-Version
X-B
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Amz-Rid
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
MS-Author-Via
X-Client-IP
X-Recruiting
DynaTrace
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream
X-Vcap-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
Nginx-Cache
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Content-MD5
X-Ttl
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Oracle-Dms-Rid
Arr-Disable-Session-Affinity
X-Hits
X-Varnish-Age
X-Debug
Edge-Cache-Tag
X-N
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Goog-Storage-Class
X-Mrf-Item-Lastmod
X-Dw-Request-Base-Id
X-Via-JSL
X-NF-Request-ID
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-Id
X-Aspnet-Version
Access-Control-Request-Method
X-NewRelic-App-Data
TCN
S
X-ATG-Version
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
Service-Worker-Allowed
X-XRDS-Location
X-FTR-Expires
X-Logged-In
Alternate-Protocol
X-Forwarded-For
X-Oneagent-Js-Injection
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Frontend
X-PressLabs-Stats
X-Kinsta-Cache
Tracecode
X-FastCGI-Cache
Rt-Fastcgi-Cache
X-Content-Digest
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Grace
X-Pad
X-FTR-Cache-Host
X-Litespeed-Cache
MicrosoftSharePointTeamServices
Fastly-Restarts
Server-Name
Fastcgi-Cache
X-CF-Powered-By
X-Amzn-Trace-Id
X-Edge-Location
X-RateLimit-Remaining
Ar-Sid
X-Analytics
Backend-Timing
X-Content-Options
FilterID
Host
X-Cache-2
X-User-Agent
TP-L2-Cache
TP-Cache
X-Magnolia-Registration
X-Rid
X-Ruxit-Js-Agent
X-Debug-Info
X-B3-Sampled
ServerID
X-Whom
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Mobile
X-Hostname
X-Srv
X-Request-Processing-Time
X-Request-Received
AR-Request-ID
X-NWS-LOG-UUID
X-Akam-SW-Version
Paypal-Debug-Id
X-VCache
Front-End-Https
X-AOL-HN
Refresh
Retry-After
X-Content-Powered-By
X-LB-Cache
X-TA-CDN-Provider
X-B-Cache
X-Signature
X-Request-Guid
X-Device-Type
X-Framework
X-Cluster
Source
X-Cache-Action
X-Correlation-Id
X-Handled-By
X-FB-Debug
Cleartype
X-App-Environment
X-Varnish-Hostname
X-SS-Set-Cookie
X-Cache-Control
X-Tumblr-Pixel-0
X-Tumblr-User
X-Instance
X-WA-Info
X-Tumblr-Pixel
X-Akamai-Edgescape
X-XRDS-LOCATION
X-Cache-Hit
X-GUploader-UploadID
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Varnish-Grace
X-BCube-Filmed-By
X-AppVersion
X-Az
X-Activity-Id
X-Zen-Fury
Webserver
X-Fastcgi-Cache
X-Middleton-Display
Display
X-Content-Type
X-Sol
X-Varnish-Backend
X-HS-Cache-Config
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Cache-Rule
X-Cache-Server
X-Cache-Age
X-Seen-By
X-Middleton-Response
Response
ViewerVersion
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-TT
X-Daa-Tunnel
X-Varnish-Server
Upgrade-Insecure-Requests
X-Generated-By
X-Drupal-Cache-Contexts
X-Cached-By
X-App-Server
X-URL
Cache-Status
X-Origin-Server
X-Geo-Country
Server-Node
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amz-Replication-Status
Accept-Charset
S-Cnection
X-DataStream-Cache-Status
X-Accel-Expires
Payment
X-UA-Device-Type
X-CACHE-GROUP
Filters
NGB
X-S
X-Response-Served-From
X-Contextid
X-Edge-Cache-Key
X-Locale
X-Adobe-Loc
X-Adobe-Content
Access-Control-Allow-Method
GEO-INFO
X-Servedby
X-Edge-Cache
X-Cacheable-TTL
Viewport
ServedBy
Actual-Object-TTL
X-UUID
X-Cache-NE
X-RequestSource
X-Esi
X-Jobs
X-Varnish-Hits
X-FW-Static
X-Varnish-IP
X-FW-Type
X-FW-Hash
X-TX-ID
X-Tumblr-Pixel-1
X-FW-Server
X-TT-TIMESTAMP
X-FW-Serve
X-Tumblr-Pixel-2
X-Status
X-Amz-Server-Side-Encryption
X-Storage
AsisCache
X-PHP-Backend
Server-Info
Cache-Tv-Group
X-WebKit-CSP-Report-Only
MS-CV
X-WPE-Loopback-Upstream-Addr
X-GeoIP
X-Cache-TTL-Remaining
X-Rendered-As
X-Cache-Remote
X-Node-Name
Host-Header
X-Dns-Prefetch-Control
X-Croise-Owner
From-Origin
HostName
X-Region
X-App-Version
Cache
SRV
X-Cache-Operation
X-Dynatrace-Js-Agent
X-Hyper-Cache
X-APP-VERSION
X-Vg-Webcache
X-Redis-Cache
X-Webkit-CSP
Served-By
X-UA
Liferay-Portal
Cache-Tag
Public-Key-Pins-Report-Only
DC
X-BACKEND-TTL
X-Guploader-Uploadid
X-Mode
X-Upgrade-Enabled
X-Is-Bot
X-Forwarded-Host
X-Agile-Id
X-Hosted-By
X-Generated
Powered-By-ChinaCache
X-Cache-Var-Map
Selected-FE
X-Proxy-Build
Meta-Geo
X-Timing-Wait
X-Site-Version
X-TNCMS
X-Agile-Age
X-Agile
X-Webstats-RespID
X-Akamai-Transformed
Machine
X-IP
X-NGENIX-Cache
X-Detected-As
X-Loop
X-Path-Route
X-Cache-Var
X-RN-RSRV
X-Upstream-HT
X-Upstream-CT
X-JoinUs
X-Pc-Key
X-Pc-Appver
X-Via-Fastly
X-Original-Request
X-Internal-Host
Now
Origin-Cache-Control
X-Web-Node
Origin-Edge-Control
X-Cache-Category-Id
Cache-Name
X-CDN-Cache
X-Grey
X-Vgn-Hpd-Reason
X-Pc-Hit
X-NCache
X-Human
X-ProxyCache-Status
X-RemovedCookies
X-Pubstack
X-Request-Time
X-FC-Vary-Parameters
X-Origin-Host
X-Birta-Served
X-Origin
X-Birta-Cache-Post
DB-Nickname
X-BYPASS-REASON
X-Proxy
X-ProcessESI
X-Labrador-Cache-Channel
X-Environment-Context
X-ProxyCache-Key
X-VG-TLSProxy
X-B3-Spanid
X-Endurance-Cache-Level
X-CACHE-KEY
X-Viewer-Country
X-L-Path
X-Origin-Response-Time
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-Format
X-Www-Served-By
X-Xfnlog-Site
X-OCL
X-Origin-CC
X-Rule
Fastcgi-X-Cache-Version
X-Kong-Proxy-Latency
Content-Script-Type
X-Ocache
X-Backend-Name
Azure-SiteName
Azure-Version
Azure-SlotName
Pagespeed
X-ServerID
X-CCM
Azure-InstanceId
Azure-RegionName
X-Cache-Config
Fastcgi-X-Cache
S-Rt
X-PCL
X-Time-Microsecs
X-Tb
Content-Style-Type
Fastcgi-Useragent
X-Kong-Upstream-Latency
Cache-Tags
TWC-Connection-Speed
X-Section
X-Parent-Response-Time
X-App-Name
X-Proxied
X-Routing-Service
X-TIME
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Locale-Group
X-HS-Combine-CSS
TWC-GeoIP-Country
Xserver
Webcakes-App-Version
X-Access
Webcakes-Region
Webcakes-App-Name
Mn-Server-Ip
Property-Id
X-Origin-Hint
X-Zipkin-Id
TWC-Privacy
HitType
X-Yottaa-Optimizations
Cache-Key
X-Yottaa-Metrics
Datacenter
X-Via-CDN
X-Edge-IP
User-Cache-Control
X-Protected-By
Vix-Hermes-Req-Id
Ms-Operation-Id
X-RTag
OT-Force-Account-Verify
X-Cache-TTL
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Nginx-Cache
Time
X-Ezoic-Cdn
X-ApacheServer
X-PERF
X-FB-TRIP-ID
X-Cache-Backend
X-OVcl
X-OVcl-Cache
X-Pc-Host
NtCoent-Length
X-Pc-Date
X-Akamai-Request-ID2
X-Mrs-Cache-Hits
X-Real-IP
X-Mrs-Cache
X-Mshield-Cache-Status
X-Real-Ip
X-Unique-Id-Primal
X-Ratelimit-Limit
X-Cdn-Forward
X-Mrs-Age
L5d-Success-Class
Country
X-Content-Age
X-Newrelic-App-Data
Accept-Language
Load-Balancing
LB
X-Webkit-Csp
AR-SID
X-Front
X-CDN-Forward
X-Debug-Cache
X-RateLimit-Limit
X-Correlation-ID
X-Proto
X-Varnish-Cacheable
X-Amz-Meta-Surrogate-Control
X-Varnish-Beresp-Grace
Fusion-Source
Section-Io-Cache
Fusion-Template-Id
X-Varnish-Beresp-Status
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Ohc-File-Size
X-Sucuri-ID
X-Unique-ID
X-Nc
X-Hit
X-Hl-Ver
X-MP-GENERATED-AT
We-Hiring
Mail-Subject
X-Varnish-Beresp-Ttl
X-Trace-Id
Version
Warning
X-EdgeConnect-Cache-Status
X-Geo
X-Microcachable
X-GRACE
WZWS-RAY
User-Agent
X-C
X-Dc
X-Time
X-Cache-Enabled
Fastly-SIE
Resin-Trace
Fastly-Backend-Name
Is-Eu
X-Goog-Meta-Goog-Reserved-File-Mtime
Rendered-Blocks
Request-Time
Memcached
RNT-Machine
X-P-T
Cache-Prefix
X-Layer
Ec-Rule-Version
RNT-Time
MD5-Digest
Release
Fastly-SWR
X-NU-AKA-ACS-Version
Node
Mobile-Detection-Method
Rt-Proxy-Cache
X-Node-Id
X-Logtrace-Id
PFcat
Frame-Options
Powered-By
Fly-Cache
Meta-Geo-Continent
Fly-Request-Id
Platform
IBM-Web2-Location
X-Matched-Rule
X-A-Dcw
X-Cache-Debug
X-DPWN-IS-SECURE
X-Cache-Expires
X-Cache-Host
X-Cache-Id
X-Cache-Bucket
X-Bip
X-Auto-Login
X-B-Cookie
X-External-Request-Id
X-BB-ID
X-Cache-URL
X-CF-Lambda-Fn
X-D
X-Date
X-Device-Os
X-Developer
X-CUA
X-Crawler
X-CF-Lambda-Version
X-Connection-Hash
X-Dispatcher-Server
X-Died
X-Application
X-Fetched-On
X-G
Thinkindot-Control
V-Age
Viewtype
VivaBuild
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
Server-ID
X-Generated-In
SS
X-FW-Version
Www
X-Accel-Expires-Debug
X-Actual-URL
X-Aed
X-From
X-A-Wwc
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
BehaviorPad-Version
SD-X-WS
Adler-Geo
X-Returned-From-PostProcessResponse
X-Request-UUID
X-Store
X-Rewrite-Enabled
X-SRCache-Key
X-Swa-Ws
X-PAYTM-SRV-ID
X-Transaction
X-Trv-Group
X-Thinkindot-L3
X-Returned-From-DLL
X-Thanos
X-PHP-Host
X-Reboot
X-ScT
X-Served-From
X-S-Maxage
X-CLOUD-TRACE-CONTEXT
X-Qloud-Router
X-Server-By
X-S-Cookie
X-Rebelmouse-Surrogate-Control
X-Server-Time
X-Rojux
X-Rebelmouse-Cache-Control
X-Passed-To-PostProcessResponse
X-Rocket-Nginx-Bypass
X-Varnish-Action
X-Returned-From
X-Variation
X-Var-Ttl
Ajk
X-VG-WebServer
X-Via-NSCOPI
X-WebServer
Xc-Version
X-We-Are-Hiring
Arc-Country
X-Response-By
X-RCS-CacheZone
X-User
X-UE-Client-Country
X-Passed-To-DLL
X-Twitter-Response-Tags
X-Region-Sid
X-TT-LOGID
X-Passed-To-BeforeDispatch
X-Passed-To
Access-Control-Request-Headers
X-Destination
X-Returned-From-BeforeDispatch
X-Release
Pagetype
Server-Int
X-SVT-ORM-VERSION
X-Block-Status
X-Backend-State
X-F5-Cache
X-UnsetCookies
X-Cache-FS-Status
X-Clientip
X-Distributor
X-SVT-ORM-RULES
X-Fstrz
X-Server-Group
Web-Mar-Node
X-Gen-Mode
X-Server-IP
X-ServiceProvider
X-Stale
X-Sf
True-Client-Country-4JS
X-Request-Start
X-No-Session
X-Nginx-Cache-Key
GW-Server
GMS-Ver
X-Org
X-MI-In-Market
X-GeoIP-Country-Code
Heartbleed
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Location
X-Origin-Date
Fastly-SSL
AKAMAI
X-Origin-Expires
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Content-Disposition
Country-Code
Decoy-Debug-TTL
Esi-Enabled
Decoy-Debug-Status
Decoy-Debug-Key
Countrycode
X-Li-Fabric
X-ElasticPress-Search
MI-Cache-Age
X-Phone
X-Hnp-Log
MI-Cache
X-Hash
X-Info
On-Server
Pramga
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
Origin
Proxy-Connection
Backend
X-Proxy-Cache-Status
MI-API
Magicmarker
X-Key
Kp-EeAlive
X-Proxy-Upstream
X-Be
X-MSEdge-Flight
X-MSEdge-Features
X-Distil-CS
X-Request-URI
X-Via-SSL
Backend-Name
Who
X-Via-Edge
X-Up
X-Micro-Cache
X-Fastly-Cache
X-Policy
X-SIPLIST1
X-Irp-Debug
X-Secret
X-Page-Type
X-Epic-Correlation-Id
X-Gannett-Site-Version
X-Eu-Site
X-V
X-CGP
HA-Host
Ha-Gx-Prefs
HA-Servedtime
HA-Urlpath
IsBot
HA-Georegion
HA-Geolon
HA-Cloudapp
HA-Geocity
HA-Geocountry
HA-Geolat
REQUESTUUID
HA-Ipaddr
X-Amz-Meta-Cache-Control
X-Cache-CFC
X-Backend-Url
X-Backend-Host
X-Core-Value
X-Core-Mission
X-NODE
Fastly-Soc-X-Request-Id
X-Generated-On
CDCHOST
X-Platform
X-Level-Front-Cache
X-Refresh
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Debug-Cookies
X-NX-Host
X-Debug-Log
X-Debug-Cache-Expiry
X-Cdn-Origin
X-Sn-Servicetimems
X-Origin-TTL
Apple-News-Services-Request-Url
X-Debug-Cache-Store
X-Developers
X-Debug-Cache-Fetch
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Svr
X-Ua
RequestId
Lfy
Pragrma
ServerName
X-Instart-Info
PageSpeed
X-Urbn-Context-Path
X-DC
X-Servername
X-NC
X-Pjax-Url
X-Planisys-CDN-TTL
X-Cache-Info
X-Cdn-Srv
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Ohc-Response-Time
X-Urbn-Site-Id
X-COUNTRY
UCS
X-Instance-Name
Request-EU
X-Server-Cache
Request-Country
Uber-Trace-Id
Locale
X-NWS-UUID-VERIFY
X-PARISIEN-Cache-Rendered
Host-ID
X-VarnPar1
X-VarnCache
X-ARC
V-Cache
Group
X-Req
X-GeoIP-City
X-CACHE-AGE
X-VCT
MIME-Version
Cteonnt-Length
Memory
X-Newrelic-Synthetics
HitInfo
X-Ratelimit-Remaining
X-Datadome
Cache-Provider
X-CMS-Context
Cdn
Mime-Version
PICS-Label
X-BBXSRF
X-Powered-By-ANYU
X-Gdpr
X-LAGOON
X-Servedbyhost
X-EIG-Tracking-Id
Nel
X-TWH-CORRELATION-ID
NGX
CF-IPCountry
X-WR-MODIFICATION
X-Aicache-OS
X-Wa
XServer
X-StackifyID
X-Fastly-Country-Code
GeoIP-Country-Code
CDN
GeoIP-Latitude
Amp-Access-Control-Allow-Source-Origin
X-Load-Cache
X-B3-Traceid
X-HTML-Minification-Powered-By
X-CSRF-TOKEN
X-UPSTREAM-Address
X-Varnish-Cache-Hits
X-WA
Cf-Ipcountry
X-Cluster-Node
X-Generation-Time
X-RateLimit-Limit-Second
X-Fastly-Backend-Reqs
X-FireWall-Port
X-RateLimit-Remaining-Second
X-Varnish-Beresp-TTL
X-NodeID
FSS-Cache
FSS-Proxy
CACHE
X-Sedo-Request-Id
Geoip-Latitude
X-Cache-Miss-From
GeoIp-Country-Code
X-Sentry-ID
X-ABtesting
X-Flog
X-APP
X-Check-Cacheable
X-Hello
X-VServer
X-Source
Processtime
X-Csrf-Token
X-Cache-Grace
X-HOST
X-Varnish-Authentication
X-Unique-Id
X-ServedByHost
X-Oss-Storage-Class
SN
X-Oss-Server-Time
Server-Surrogate-Control
Server-Cache-Control
X-Oss-Object-Type
X-Oss-Request-Id
X-Cache-ASPX
X-Oss-Hash-Crc64ecma
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
WP-Super-Cache
URI
X-RCS-Backend
X-CDN-Pop
X-IPS-LoggedIn
X-CDN-Pop-IP
X-GZip
X-Nananana
TSSecure
X-GDPR
X-Dynatrace
X-VG-WebCache
X-CSRF-Token
X-SRV
X-VC-Cache
X-Instart-Isnd
X-Edge-Server
X-Fastly-Cache-Hits
X-Skip-Cache
Pics-Label
X-Worker
Cdn-Host
X-MServer
Cdn-Request-Time
X-Sucuri-Cache
X-Varnish-Url
X-ND-Cache
X-FORWARDED-FOR
DataCenter
X-ID
X-HS-Status
A
Get-Access-Time
X-From-Cache
Is-Session-Tracking
Hostname
X-GoCache-CacheStatus
Proxy-Firewall
X-B3-SpanId
PageType
X-BE
X-Swift-Error
X-Pf-Uncompressing
X-Port
X-PJAX-URL
Dynatrace
HTTPS
Powered
X-SplitTest
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Backend-TTL
X-Bug-Bounty
X-Gen-Id
Odigeo-Trace-Id
X-GZIP
X-Fe
X-Server-W
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-NGINX-Cache
X-Pc-Subdomain
X-ORIG-AKA-EDGE
X-SN
X-VarnPar2
X-Cache-Ttl
X-Owner
Requestid
X-ServerName
X-R9-Blue-Green-Version
X-Amz-Meta-S3b-Last-Modified
X-FW-Dynamic
Cache-Hits
Serverid
X-PF-Uncompressing
X-RequestId
X-Varnish-URL
X-PAGE-TYPE
X-LiteSpeed-Cache-Control
X-Alicdn-Da-Ups-Status
WebServer
X-SB
X-VC
X-RAMCache
X-GEO
X-HostName
RequestUuid
X-Serial
X-ORIG-AKA-COUNTRY-CODE
T-Server
Xet-Cookie
X-Ms-Version
X-Ms-Request-Id
X-Ms-Lease-Status
X-Requestid
X-Akamai-SSL-Client-Sid
X-Ms-Blob-Type
Correlation-Id
X-Developed-By
SID
X-Akamai-ERRuleID
X-CS
Location
X-Akamai-ERPolicy
NnCoection
X-HTML-Edge-Cache
X-Dw-Trace-Id
X-LiteSpeed-Tag