Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Server-Id
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-OneAgent-JS-Injection
X-Node
X-Host
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
Rating
X-Url
Allow
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-DataDome
X-Vhost
X-Server-Name
X-ESI
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
RTSS
X-Ruxit-JS-Agent
X-MS-InvokeApp
X-Cached
Accept-CH
X-Goog-Hash
Charset
X-Server-ID
SPRequestGuid
X-TTL
X-PC
X-Mod-Pagespeed
X-Vname
X-TtlSet
Pinterest-Generated-By
Verso
Public-Key-Pins
X-F-Cache
X-D2id
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Kinja
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-Dispatcher
X-Version
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Navigation-Version
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
X-Recruiting
MS-Author-Via
DynaTrace
Realpath
X-Client-IP
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Vcap-Request-Id
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
Content-MD5
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Ttl
Edge-Cache-Tag
Arr-Disable-Session-Affinity
X-Hits
X-N
X-Varnish-Age
X-Debug
X-Oracle-Dms-Rid
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Goog-Storage-Class
MRF-Tech
X-Aspnet-Version
X-NF-Request-ID
TCN
X-MSEdge-Ref
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-Id
X-Via-JSL
X-NewRelic-App-Data
X-XRDS-Location
S
X-ATG-Version
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
Service-Worker-Allowed
X-Logged-In
X-FTR-Expires
X-Oneagent-Js-Injection
Alternate-Protocol
X-Forwarded-For
Surrogate-Key
X-HS-Content-Id
X-HS-Hub-Id
Tracecode
X-Kinsta-Cache
Rt-Fastcgi-Cache
X-PressLabs-Stats
X-Frontend
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Pad
X-Cache-Key
Fastly-Restarts
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Content-Options
Server-Name
X-CF-Powered-By
X-Edge-Location
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
Fastcgi-Cache
Ar-Sid
Backend-Timing
X-Analytics
X-Grace
FilterID
Host
TP-L2-Cache
TP-Cache
X-User-Agent
X-Rid
X-Cache-2
X-Magnolia-Registration
X-Debug-Info
X-Whom
ServerID
X-B3-Sampled
X-Revision
X-IPLB-Instance
X-Hostname
Eomportal-Instance
X-Page-Id
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Srv
X-NWS-LOG-UUID
AR-Request-ID
Paypal-Debug-Id
X-AOL-HN
X-Akam-SW-Version
X-VCache
Front-End-Https
X-URL
X-Content-Powered-By
Retry-After
X-B-Cache
X-Signature
Refresh
X-Litespeed-Cache
X-Handled-By
X-Framework
X-LB-Cache
Source
X-Cache-Action
X-Cluster
X-Device-Type
X-Request-Guid
X-Correlation-Id
X-SS-Set-Cookie
X-Varnish-Hostname
X-FB-Debug
X-Cache-Control
Cleartype
X-App-Environment
X-WA-Info
X-Instance
X-HS-Cache-Config
X-Tumblr-Pixel-0
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Grace
X-Platform-Server
X-BCube-Filmed-By
X-Akamai-Edgescape
X-Fastcgi-Cache
X-Content-Security-Policy-Report-Only
X-TA-CDN-Provider
Webserver
X-GUploader-UploadID
X-Sol
X-Zen-Fury
Display
X-Middleton-Display
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Backend
X-XRDS-LOCATION
VIX-Pulpo-Upstream-Status
X-Content-Type
VIX-Pulpo-Node
Healthy
X-Daa-Tunnel
X-Cache-Server
X-Cache-Rule
X-Middleton-Response
Response
X-Varnish-Server
X-Drupal-Cache-Tags
X-Seen-By
ViewerVersion
X-Wix-Request-Id
X-Drupal-Cache-Contexts
X-Cache-Age
X-Cached-By
Upgrade-Insecure-Requests
X-App-Server
X-TT
X-Generated-By
X-Geo-Country
S-Cnection
Server-Node
X-Origin-Server
Cache-Status
X-CACHE-GROUP
X-DataStream-Cache-Status
X-Accel-Expires
X-Amz-Replication-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Esi
Payment
Accept-Charset
X-Response-Served-From
NGB
GEO-INFO
X-S
X-UA-Device-Type
Filters
X-Status
X-Edge-Cache
X-Locale
X-Contextid
X-Adobe-Loc
X-Edge-Cache-Key
X-Cacheable-TTL
X-Adobe-Content
X-Servedby
Access-Control-Allow-Method
X-Jobs
X-RequestSource
X-UUID
Actual-Object-TTL
Viewport
X-Varnish-IP
ServedBy
X-Cache-NE
X-FW-Serve
X-FW-Server
X-FW-Static
X-Varnish-Hits
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-TX-ID
X-FW-Hash
X-FW-Type
X-TT-TIMESTAMP
AsisCache
Server-Info
X-Amz-Server-Side-Encryption
X-Node-Name
X-GeoIP
X-Storage
X-WPE-Loopback-Upstream-Addr
X-WebKit-CSP-Report-Only
HostName
Cache-Tv-Group
X-PHP-Backend
X-Dns-Prefetch-Control
Cache
MS-CV
Host-Header
X-Cache-TTL-Remaining
X-Rendered-As
X-App-Version
X-Cache-Remote
X-Croise-Owner
From-Origin
SRV
X-Region
X-Cache-Operation
X-Hyper-Cache
X-Vg-Webcache
X-Webkit-CSP
X-Redis-Cache
Served-By
X-APP-VERSION
Cache-Tag
X-Guploader-Uploadid
X-Dynatrace-Js-Agent
Liferay-Portal
Public-Key-Pins-Report-Only
DC
X-HS-Combine-CSS
X-Forwarded-Host
X-CACHE-KEY
X-Mode
Pagespeed
X-NGENIX-Cache
X-Endurance-Cache-Level
X-Akamai-Transformed
X-Hosted-By
X-Detected-As
X-Path-Route
X-Generated
X-RN-RSRV
X-Upgrade-Enabled
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
Machine
X-Webstats-RespID
X-Agile-Id
X-Request-Time
X-Agile-Age
X-Timing-Wait
Selected-FE
X-Loop
X-Site-Version
X-Human
X-TNCMS
X-Proxy-Build
X-IP
X-Is-Bot
X-Agile
X-Origin
Now
Origin-Cache-Control
Origin-Edge-Control
X-CDN-Cache
X-JoinUs
X-L-Path
X-Labrador-Cache-Channel
X-NCache
X-Internal-Host
X-Grey
X-BYPASS-REASON
X-Cache-Category-Id
X-Environment-Context
Cache-Name
X-Pc-Key
X-ProxyCache-Status
X-ProxyCache-Key
X-Web-Node
X-Pc-Hit
X-Via-Fastly
X-Upstream-CT
X-VG-TLSProxy
X-Upstream-HT
X-Vgn-Hpd-Reason
X-B3-Spanid
X-Pc-Appver
Xserver
Powered-By-ChinaCache
X-Original-Request
X-Time-Microsecs
S-Rt
X-Tumblr-Pixel-3
X-Tb
X-ServerID
DB-Nickname
X-Akamai-Request-ID
X-Birta-Served
X-FC-Vary-Parameters
X-Birta-Cache-Post
X-Viewer-Country
X-Format
X-ProcessESI
X-PCL
X-Origin-Response-Time
X-Proxy
X-Origin-Host
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UA
X-RemovedCookies
X-OCL
X-Pubstack
Fastcgi-X-Cache-Version
X-Backend-Name
X-App-Name
Mn-Server-Ip
X-Access
X-Section
X-Xfnlog-Site
X-Www-Served-By
X-Ocache
Fastcgi-X-Cache
Fastcgi-Useragent
X-Origin-CC
X-Cache-Config
X-CCM
X-BACKEND-TTL
X-Via-CDN
Azure-InstanceId
X-Rule
Cache-Tags
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Locale-Group
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Origin-Hint
Property-Id
HitType
Datacenter
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
Cache-Key
X-TIME
X-Kong-Upstream-Latency
X-Protected-By
Content-Script-Type
Content-Style-Type
X-Kong-Proxy-Latency
Vix-Hermes-Req-Id
User-Cache-Control
X-Akamai-Request-ID2
OT-Force-Account-Verify
X-Parent-Response-Time
X-Nginx-Cache
X-Edge-IP
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Cache-TTL
X-Ezoic-Cdn
X-ShardId
X-Shopify-Stage
X-Cdn-Forward
X-OVcl-Cache
X-OVcl
NtCoent-Length
Ms-Operation-Id
Time
X-RTag
L5d-Success-Class
X-Real-IP
X-RateLimit-Limit
X-Cache-Backend
X-PERF
Accept-Language
X-ApacheServer
X-Pc-Host
X-Pc-Date
X-Newrelic-App-Data
X-FB-TRIP-ID
X-Front
X-Real-Ip
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
AR-SID
X-Webkit-Csp
X-Mrs-Cache
X-Unique-Id-Primal
X-Correlation-ID
X-GRACE
LB
X-Amz-Meta-Surrogate-Control
X-Proto
Section-Io-Cache
Country
X-Content-Age
X-Varnish-Cacheable
X-Nc
X-Ratelimit-Limit
X-Varnish-Beresp-Grace
X-Debug-Cache
X-Varnish-Beresp-Status
Load-Balancing
X-CDN-Forward
X-Sucuri-ID
X-Unique-ID
Ohc-File-Size
X-Hit
X-Varnish-Beresp-Ttl
WZWS-RAY
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-Hl-Ver
X-MP-GENERATED-AT
X-Trace-Id
Warning
We-Hiring
Mail-Subject
X-Microcachable
Version
X-Time
X-CLOUD-TRACE-CONTEXT
User-Agent
X-EdgeConnect-Cache-Status
X-C
Access-Control-Request-Headers
X-Dc
X-CF-Lambda-Fn
X-Cache-URL
X-Cache-Id
X-Crawler
X-Destination
X-CUA
X-D
X-Connection-Hash
X-CF-Lambda-Version
X-Cache-Host
X-Date
X-Accel-Expires-Debug
Rt-Proxy-Cache
RNT-Time
RNT-Machine
Resin-Trace
SD-X-WS
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
SS
Server-ID
Request-Time
Rendered-Blocks
Meta-Geo-Continent
Memcached
MD5-Digest
Is-Eu
Mobile-Detection-Method
Node
Release
Powered-By
Platform
Thinkindot-Control
V-Age
X-Backend-State
X-B-Cookie
X-Auto-Login
X-Aed
X-BB-ID
X-Bip
X-Cache-Expires
X-Cache-Enabled
X-Cache-Debug
X-Cache-Bucket
X-Actual-URL
X-Developer
X-A
Www
VivaBuild
Viewtype
X-A-Ccd
X-A-Dam
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Cache-FS-Status
X-NU-AKA-ACS-Version
X-Served-From
X-ScT
X-S-Maxage
X-Server-By
X-Server-Time
X-Store
X-SRCache-Key
X-S-Cookie
X-Rojux
X-Returned-From
X-Response-By
X-Request-UUID
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Swa-Ws
X-Thanos
X-Via-Edge
X-VG-WebServer
X-Varnish-Action
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Variation
X-Var-Ttl
X-Trv-Group
X-Transaction
X-Thinkindot-L3
X-TT-LOGID
X-Twitter-Response-Tags
X-User
X-UE-Client-Country
X-Release
X-Region-Sid
X-Layer
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GeoIP-Country-Code
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-LI-Proto
X-Generated-In
X-G
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Died
X-External-Request-Id
X-Fetched-On
X-FW-Version
X-From
X-Logtrace-Id
X-Matched-Rule
X-Qloud-Router
X-PHP-Host
X-PAYTM-SRV-ID
X-RCS-CacheZone
X-Rebelmouse-Cache-Control
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
IBM-Web2-Location
X-Node-Id
X-Org
X-P-T
X-Passed-To-BeforeDispatch
X-Passed-To
X-Device-Os
X-Application
Frame-Options
Fly-Request-Id
Arc-Country
X-Via-NSCOPI
Ajk
BehaviorPad-Version
Fly-Cache
Fastly-Backend-Name
Ec-Rule-Version
Fastly-SIE
Cache-Prefix
Fastly-SWR
X-Ua
Adler-Geo
X-Geo
X-Hash
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Key
X-Location
X-Block-Status
X-Gen-Mode
X-MI-In-Market
X-Server-Group
X-Hnp-Log
X-Info
Content-Disposition
X-IN-WAF
Country-Code
Countrycode
X-Sf
X-ServiceProvider
X-Amz-Meta-Cache-Control
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
Backend
X-Origin-Date
Heartbleed
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Request-Start
X-Distributor
X-Phone
X-F5-Cache
X-Eu-Site
X-Epic-Correlation-Id
X-No-Session
X-Clientip
X-Nginx-Cache-Key
AKAMAI
X-Gannett-Site-Version
X-Cache-CFC
X-Fstrz
X-Secret
X-CGP
X-Rocket-Nginx-Bypass
Decoy-Debug-Key
X-Origin-Expires
X-Server-IP
GW-Server
MI-Cache-Age
HA-Georegion
MI-Cache
MI-API
HA-Host
PFcat
Ha-Gx-Prefs
HA-Cloudapp
HA-Geocity
Origin
HA-Geocountry
HA-Geolat
Decoy-Debug-Status
On-Server
Proxy-Connection
Pramga
HA-Geolon
HA-Ipaddr
GMS-Ver
X-Stale
X-SVT-ORM-VERSION
True-Client-Country-4JS
Esi-Enabled
Web-Mar-Node
Decoy-Debug-TTL
HA-Urlpath
HA-Servedtime
X-UnsetCookies
X-SVT-ORM-RULES
Kp-EeAlive
Magicmarker
Server-Int
Fastly-SSL
X-Up
X-Be
X-NODE
Pagetype
X-MSEdge-Features
X-Distil-CS
X-Page-Type
X-Irp-Debug
X-Fastly-Cache
X-MSEdge-Flight
IsBot
Pragrma
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
REQUESTUUID
X-V
Backend-Name
Who
X-SIPLIST1
X-Backend-Host
X-Backend-Url
X-Core-Mission
Apple-News-Services-Handled
X-Request-URI
X-Platform
X-ElasticPress-Search
X-Core-Value
X-Policy
X-Refresh
X-Debug-Cache-Store
X-Instance-Name
X-Svr
X-Planisys-CDN-Rules
X-Sn-Servicetimems
X-Servername
X-Urbn-Site-Id
X-Planisys-CDN-TTL
X-NX-Host
X-Wikidot-Backend
X-Origin-TTL
X-Debug-Cache-Expiry
X-Wikidot-Static-Cache
X-Micro-Cache
X-Debug-Cache-Fetch
X-Urbn-Context-Path
X-Planisys-CDN-Cache
Uber-Trace-Id
UCS
Locale
Request-Country
Request-EU
Fastly-Soc-X-Request-Id
CDCHOST
X-Developers
X-Debug-Log
X-Debug-Cookies
X-Cdn-Origin
X-DC
X-NWS-UUID-VERIFY
RequestId
X-Generated-On
X-Level-Front-Cache
X-Instart-Info
X-COUNTRY
Group
X-Newrelic-Synthetics
V-Cache
X-Pjax-Url
ServerName
X-VarnCache
Host-ID
X-PARISIEN-Cache-Rendered
X-VarnPar1
Lfy
X-VCT
X-GeoIP-City
PageSpeed
X-Req
X-CACHE-AGE
X-Cdn-Srv
X-Cache-Info
X-NC
HitInfo
X-Server-Cache
Ohc-Response-Time
X-ARC
X-Datadome
Mime-Version
MIME-Version
Cache-Provider
Memory
X-BBXSRF
Cdn
X-Powered-By-ANYU
Cteonnt-Length
X-EIG-Tracking-Id
X-CMS-Context
X-Gdpr
PICS-Label
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Ratelimit-Remaining
Nel
X-LAGOON
X-WR-MODIFICATION
X-StackifyID
X-Aicache-OS
NGX
X-Wa
CF-IPCountry
X-Load-Cache
X-B3-Traceid
X-Cluster-Node
GeoIP-Country-Code
X-Fastly-Country-Code
CDN
GeoIP-Latitude
Cf-Ipcountry
X-HTML-Minification-Powered-By
X-Sentry-ID
XServer
X-CSRF-TOKEN
FSS-Proxy
X-NodeID
FSS-Cache
X-Fastly-Backend-Reqs
X-Check-Cacheable
X-UPSTREAM-Address
X-ABtesting
X-Flog
Geoip-Latitude
GeoIp-Country-Code
X-VServer
X-FireWall-Port
X-Hello
X-WA
X-Varnish-Cache-Hits
X-Generation-Time
Amp-Access-Control-Allow-Source-Origin
SN
Processtime
X-RateLimit-Remaining-Second
X-Source
X-Varnish-Beresp-TTL
X-RateLimit-Limit-Second
X-Unique-Id
X-Csrf-Token
X-APP
X-GZip
X-Cache-Miss-From
X-HOST
X-Sedo-Request-Id
X-CSRF-Token
CACHE
X-CDN-Pop
X-Nananana
X-Oss-Server-Time
X-Cache-Grace
X-CDN-Pop-IP
WP-Super-Cache
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
TSSecure
X-ServedByHost
X-Dynatrace
Pics-Label
X-Edge-Server
X-Varnish-Authentication
Cdn-Request-Time
Cdn-Host
X-GDPR
Server-Cache-Control
X-Worker
X-MServer
X-DataStream-Origin-MEX-Latency
X-Cache-ASPX
Server-Surrogate-Control
X-DataStream-MidMile-RTT
X-SRV
X-IPS-LoggedIn
URI
X-VC-Cache
X-VG-WebCache
A
X-FORWARDED-FOR
X-Skip-Cache
X-RCS-Backend
DataCenter
PageType
X-ID
X-Sucuri-Cache
X-Varnish-Url
X-HS-Status
X-Fastly-Cache-Hits
X-SplitTest
X-AWS-Id
X-B3-SpanId
X-Instart-Isnd
X-Port
HTTPS
X-LJ-Flow-ID
X-VWS-Id
X-ND-Cache
X-BE
X-Swift-Error
Odigeo-Trace-Id
X-Backend-TTL
X-PJAX-URL
Hostname
X-GoCache-CacheStatus
Get-Access-Time
Is-Session-Tracking
Dynatrace
X-From-Cache
X-Owner
X-Server-W
X-Gen-Id
X-Pf-Uncompressing
Proxy-Firewall
X-Bug-Bounty
X-Amzn-Remapped-Connection
X-SN
X-GZIP
Cache-Hits
X-Amzn-Remapped-Date
Powered
X-Cache-Ttl
X-VarnPar2
Requestid
X-ORIG-AKA-EDGE
X-NGINX-Cache
Serverid
X-Ms-Blob-Type
X-Akamai-SSL-Client-Sid
X-Ms-Request-Id
X-Ms-Lease-Status
X-Amz-Meta-S3b-Last-Modified
X-Ms-Version
X-Varnish-URL
X-Fe
X-LiteSpeed-Cache-Control
X-GEO
X-PAGE-TYPE
X-VC
X-Alicdn-Da-Ups-Status
X-SB
X-ORIG-AKA-COUNTRY-CODE
T-Server
WebServer
RequestUuid
X-Serial
X-RAMCache
X-ServerName
ProcessTime
X-RequestId
X-Ms-Lease-State
Location
Xet-Cookie
Correlation-Id
X-PF-Uncompressing
X-CS
X-Dw-Trace-Id
X-Developed-By
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-HTML-Edge-Cache
NodeID
NnCoection
SID
X-LiteSpeed-Tag