Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
P3p
CF-Ray
X-Amz-Cf-Pop
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
X-Iinfo
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Upgrade
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
X-Server-Id
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Application-Context
X-Backend-Server
X-Rack-Cache
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Server-ID
X-Country-Code
X-B3-TraceId
X-Px
X-Trace
X-DataDome
X-ESI
X-Vhost
X-GitHub-Request-Id
X-Server-Name
X-VARITI-CCR
X-Ruxit-JS-Agent
Accept-CH
X-Goog-Hash
RTSS
X-MS-InvokeApp
X-Cached
Charset
X-ORACLE-DMS-RID
X-Mod-Pagespeed
SPRequestGuid
Pinterest-Generated-By
X-PC
Verso
X-TtlSet
X-Vname
Public-Key-Pins
X-F-Cache
X-D2id
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-TTL
X-Version
X-Dispatcher
X-T
X-SharePointHealthScore
X-Cdn
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-Origin-Upstream-Status
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Navigation-Version
X-DynaTrace-JS-Agent
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
MS-Author-Via
Realpath
X-Recruiting
X-Client-IP
DynaTrace
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Upstream
X-Vcap-Request-Id
X-Oracle-Dms-Rid
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Nginx-Cache
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Content-MD5
X-Ttl
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
Arr-Disable-Session-Affinity
X-Debug
X-Hits
X-Varnish-Age
Edge-Cache-Tag
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-N
X-Goog-Storage-Class
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-Via-JSL
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Id
X-Aspnet-Version
Access-Control-Request-Method
X-NewRelic-App-Data
TCN
S
X-ATG-Version
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
Service-Worker-Allowed
X-FTR-Expires
X-XRDS-Location
X-Logged-In
Alternate-Protocol
X-Forwarded-For
X-Oneagent-Js-Injection
X-Kinsta-Cache
Surrogate-Key
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
X-PressLabs-Stats
Rt-Fastcgi-Cache
Tracecode
X-Content-Digest
X-FastCGI-Cache
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-Pad
X-Grace
X-FTR-Cache-Host
X-Litespeed-Cache
MicrosoftSharePointTeamServices
Fastly-Restarts
X-CF-Powered-By
Server-Name
Fastcgi-Cache
X-RateLimit-Remaining
X-Edge-Location
X-Amzn-Trace-Id
Ar-Sid
Backend-Timing
X-Analytics
X-Content-Options
Host
FilterID
X-Cache-2
X-User-Agent
X-Magnolia-Registration
X-Rid
TP-Cache
TP-L2-Cache
X-B3-Sampled
ServerID
X-Ruxit-Js-Agent
X-Whom
X-Debug-Info
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Mobile
X-Hostname
X-Request-Processing-Time
X-Request-Received
X-Srv
AR-Request-ID
X-NWS-LOG-UUID
X-Akam-SW-Version
X-VCache
Paypal-Debug-Id
Front-End-Https
X-AOL-HN
Retry-After
X-TA-CDN-Provider
X-Content-Powered-By
X-LB-Cache
Refresh
X-Signature
X-B-Cache
X-Framework
X-Cluster
X-Device-Type
X-Cache-Action
Source
X-Request-Guid
X-App-Environment
Cleartype
X-Handled-By
X-Varnish-Hostname
X-SS-Set-Cookie
X-FB-Debug
X-Instance
X-Cache-Control
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-WA-Info
X-Tumblr-User
X-Akamai-Edgescape
X-XRDS-LOCATION
X-Cache-Hit
X-GUploader-UploadID
X-Varnish-Grace
X-Content-Security-Policy-Report-Only
X-BCube-Filmed-By
X-Platform-Server
X-Az
X-Activity-Id
X-AppVersion
X-Correlation-Id
X-Zen-Fury
Webserver
X-Fastcgi-Cache
X-Sol
X-Middleton-Display
X-Content-Type
X-HS-Cache-Config
X-Varnish-Backend
Display
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Cache-Rule
X-Cache-Server
X-Cache-Age
X-Seen-By
X-Middleton-Response
X-Wix-Request-Id
ViewerVersion
Response
X-Drupal-Cache-Tags
X-TT
X-Daa-Tunnel
X-Varnish-Server
Upgrade-Insecure-Requests
X-Cached-By
X-App-Server
X-Generated-By
X-Drupal-Cache-Contexts
Accept-Charset
X-Origin-Server
Cache-Status
X-URL
X-Geo-Country
Server-Node
X-Amz-Replication-Status
X-DataStream-Cache-Status
S-Cnection
X-Amz-Apigw-Id
X-Amzn-RequestId
Payment
X-Accel-Expires
Filters
X-Response-Served-From
X-S
X-CACHE-GROUP
X-UA-Device-Type
NGB
Access-Control-Allow-Method
GEO-INFO
X-Edge-Cache
X-Locale
X-Contextid
X-Edge-Cache-Key
X-Servedby
ServedBy
X-Cacheable-TTL
X-Jobs
X-RequestSource
X-UUID
X-Esi
X-Cache-NE
X-Adobe-Content
X-Adobe-Loc
Viewport
X-Varnish-IP
X-TX-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Status
X-Varnish-Hits
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
Actual-Object-TTL
X-TT-TIMESTAMP
AsisCache
X-Storage
Server-Info
X-Amz-Server-Side-Encryption
X-PHP-Backend
X-WPE-Loopback-Upstream-Addr
MS-CV
Cache-Tv-Group
X-WebKit-CSP-Report-Only
X-GeoIP
X-Cache-Remote
X-Rendered-As
X-Node-Name
X-Cache-TTL-Remaining
X-Dns-Prefetch-Control
Host-Header
From-Origin
HostName
X-Croise-Owner
X-Region
Cache
SRV
X-App-Version
X-Cache-Operation
X-Dynatrace-Js-Agent
X-Hyper-Cache
X-APP-VERSION
X-Redis-Cache
X-Vg-Webcache
X-Webkit-CSP
Served-By
X-UA
Liferay-Portal
Cache-Tag
Public-Key-Pins-Report-Only
X-BACKEND-TTL
X-Guploader-Uploadid
DC
X-Mode
X-Upgrade-Enabled
X-Path-Route
Meta-Geo
Machine
X-IP
X-RN-RSRV
X-Akamai-Transformed
X-Timing-Wait
X-TNCMS
X-Generated
X-Is-Bot
X-Proxy-Build
X-Site-Version
Powered-By-ChinaCache
Selected-FE
X-Hosted-By
X-NGENIX-Cache
X-Cache-Var-Map
X-Cache-Var
X-Detected-As
X-Webstats-RespID
X-Forwarded-Host
X-Loop
X-BYPASS-REASON
X-Request-Time
X-Upstream-CT
X-Via-Fastly
X-Human
X-L-Path
X-Environment-Context
X-NCache
X-ProxyCache-Status
X-Web-Node
X-JoinUs
X-Internal-Host
X-ProxyCache-Key
X-Pc-Hit
Cache-Name
X-Agile-Id
X-Pc-Key
X-Original-Request
X-Vgn-Hpd-Reason
X-Pc-Appver
Now
X-Upstream-HT
X-Agile
X-Agile-Age
Origin-Edge-Control
X-Origin-Host
X-FC-Vary-Parameters
Origin-Cache-Control
X-Origin
DB-Nickname
X-Cache-Category-Id
X-Birta-Cache-Post
X-ProcessESI
X-ServerID
X-Grey
X-Birta-Served
X-Pubstack
X-Proxy
X-RemovedCookies
X-Labrador-Cache-Channel
X-CDN-Cache
X-Endurance-Cache-Level
X-Akamai-Request-ID
X-Viewer-Country
X-Origin-Response-Time
X-CACHE-KEY
X-B3-Spanid
X-Tumblr-Pixel-3
X-VG-TLSProxy
Pagespeed
Content-Script-Type
Azure-Version
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Azure-InstanceId
Fastcgi-Useragent
Azure-SlotName
X-Ocache
S-Rt
X-Kong-Upstream-Latency
Azure-SiteName
X-Origin-CC
X-Kong-Proxy-Latency
X-OCL
X-Rule
X-Time-Microsecs
Cache-Tags
X-Format
X-Www-Served-By
X-Cache-Config
Azure-RegionName
X-PCL
X-Xfnlog-Site
X-Backend-Name
X-CCM
Content-Style-Type
X-Tb
TWC-Privacy
X-Zipkin-Id
X-TIME
X-App-Name
Webcakes-App-Name
Webcakes-Region
X-Access
X-Origin-Hint
Webcakes-App-Version
Mn-Server-Ip
TWC-Device-Class
X-Section
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Proxied
HitType
Xserver
X-Parent-Response-Time
TWC-Connection-Speed
X-HS-Combine-CSS
Property-Id
X-Routing-Service
TWC-Locale-Group
X-Yottaa-Optimizations
Datacenter
Cache-Key
X-Yottaa-Metrics
X-Via-CDN
X-Edge-IP
X-Protected-By
User-Cache-Control
Vix-Hermes-Req-Id
X-RTag
Ms-Operation-Id
X-Cache-TTL
OT-Force-Account-Verify
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Nginx-Cache
Time
X-Ezoic-Cdn
X-PERF
X-ApacheServer
X-Cache-Backend
X-FB-TRIP-ID
X-Pc-Date
X-Pc-Host
NtCoent-Length
X-OVcl
X-OVcl-Cache
X-Akamai-Request-ID2
X-Ratelimit-Limit
X-Correlation-ID
X-Mrs-Cache
X-Cdn-Forward
X-Mrs-Age
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Real-IP
X-Unique-Id-Primal
X-Real-Ip
L5d-Success-Class
X-Content-Age
Country
X-Newrelic-App-Data
Accept-Language
Load-Balancing
LB
AR-SID
X-Front
X-Webkit-Csp
X-RateLimit-Limit
X-CDN-Forward
X-Debug-Cache
X-Varnish-Cacheable
X-Proto
X-Amz-Meta-Surrogate-Control
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Section-Io-Cache
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Sucuri-ID
Ohc-File-Size
X-Nc
X-Unique-ID
X-Hit
X-Hl-Ver
We-Hiring
Mail-Subject
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-Trace-Id
Version
Warning
X-Geo
X-GRACE
X-Microcachable
User-Agent
X-EdgeConnect-Cache-Status
WZWS-RAY
X-C
X-Time
X-Dc
X-Cache-Enabled
X-LI-Proto
Request-Time
Rendered-Blocks
Fastly-SWR
Release
Fastly-SIE
Powered-By
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
X-Matched-Rule
X-P-T
RNT-Machine
Resin-Trace
Platform
X-LI-UUID
Fastly-Backend-Name
X-Li-Pop
X-Node-Id
X-NU-AKA-ACS-Version
Frame-Options
Memcached
X-Li-Fabric
X-Logtrace-Id
X-Layer
Is-Eu
Meta-Geo-Continent
PFcat
IBM-Web2-Location
Fly-Cache
Node
Fly-Request-Id
Mobile-Detection-Method
MD5-Digest
X-A-Dcw
X-Cache-Debug
X-Cache-Bucket
X-Cache-Expires
X-Cache-FS-Status
X-Cache-Id
X-Bip
X-External-Request-Id
X-Application
X-Auto-Login
X-B-Cookie
X-BB-ID
X-Cache-URL
X-CF-Lambda-Fn
X-Dispatcher-Server
X-Date
X-Destination
X-Developer
X-Device-Os
X-D
X-CUA
X-CF-Lambda-Version
X-Connection-Hash
X-DPWN-IS-SECURE
X-Crawler
X-Fetched-On
X-From
X-Generated-In
Thinkindot-Control
V-Age
Viewtype
VivaBuild
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Rt-Proxy-Cache
Server-Host
Server-ID
SS
X-G
Www
X-FW-Version
X-Accel-Expires-Debug
X-Actual-URL
X-Aed
X-A-Wwc
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
Cache-Prefix
RNT-Time
Ajk
X-Rojux
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-S-Cookie
X-S-Maxage
X-Served-From
X-CLOUD-TRACE-CONTEXT
X-ScT
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Reboot
X-Region-Sid
X-Response-By
X-Request-UUID
X-Release
X-Server-By
X-Server-Time
X-Varnish-Action
X-Variation
X-Var-Ttl
X-VG-WebServer
X-Via-NSCOPI
Xc-Version
X-WebServer
X-We-Are-Hiring
X-User
X-Twitter-Response-Tags
X-Swa-Ws
X-Store
X-SRCache-Key
X-Thanos
X-Thinkindot-L3
X-TT-LOGID
X-Trv-Group
X-Transaction
X-Qloud-Router
X-Returned-From
X-Passed-To-PostProcessResponse
X-Rocket-Nginx-Bypass
X-Died
Adler-Geo
Access-Control-Request-Headers
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-PAYTM-SRV-ID
Arc-Country
BehaviorPad-Version
X-PHP-Host
Pagetype
X-Stale
Content-Disposition
X-SVT-ORM-VERSION
Country-Code
X-SVT-ORM-RULES
X-Sf
X-Clientip
X-Proxy-Cache-Status
X-Origin-Expires
X-Origin-Date
X-Server-Group
Cache-Cookie-Set-Lfrom
X-Server-IP
Cache-Cookie-Set-From
X-ServiceProvider
Countrycode
X-UE-Client-Country
Decoy-Debug-TTL
X-F5-Cache
X-UnsetCookies
X-Block-Status
Decoy-Debug-Status
X-Cache-CFC
X-Cache-Host
X-Backend-State
X-Amz-Meta-Cache-Control
Fastly-SSL
X-Fstrz
AKAMAI
X-Gen-Mode
Backend
Esi-Enabled
Decoy-Debug-Key
Web-Mar-Node
X-Info
Origin
On-Server
X-Location
X-IN-WAF
Proxy-Connection
X-IN-SSL-APIGATEWAY
Pramga
X-ElasticPress-Search
X-Phone
X-Proxy-Upstream
Magicmarker
Kp-EeAlive
X-Key
MI-API
MI-Cache-Age
MI-Cache
X-Request-Start
Heartbleed
Server-Int
X-No-Session
X-Nginx-Cache-Key
X-GeoIP-Country-Code
GW-Server
GMS-Ver
True-Client-Country-4JS
SD-X-WS
X-Org
X-Hash
Cache-Cookie-Set-Idcheck
X-Hnp-Log
X-IN-APIGATEWAY
X-MI-In-Market
X-Be
X-Page-Type
Backend-Name
X-Secret
Who
X-MSEdge-Flight
X-Svr
X-MSEdge-Features
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-Via-Edge
X-Micro-Cache
X-Up
X-Irp-Debug
X-SIPLIST1
X-V
X-Fastly-Cache
X-Gannett-Site-Version
X-Policy
X-Eu-Site
X-Request-URI
X-Via-SSL
X-CGP
Ha-Gx-Prefs
HA-Georegion
REQUESTUUID
HA-Host
HA-Ipaddr
IsBot
HA-Urlpath
HA-Servedtime
HA-Geolon
HA-Geolat
X-Core-Value
X-Core-Mission
HA-Geocity
X-Backend-Url
X-Backend-Host
HA-Geocountry
HA-Cloudapp
X-NODE
X-Origin-TTL
X-Wikidot-Static-Cache
X-Refresh
X-Generated-On
X-Level-Front-Cache
X-NX-Host
X-Developers
X-Platform
X-Wikidot-Backend
Apple-News-Services-Parsed-Url
X-Debug-Cache-Store
CDCHOST
Apple-News-Services-Host
X-Debug-Log
X-Debug-Cookies
X-Cdn-Origin
Apple-News-Services-Handled
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Sn-Servicetimems
X-Ua
X-Instart-Info
RequestId
Pragrma
ServerName
Lfy
PageSpeed
X-Urbn-Site-Id
X-COUNTRY
X-Urbn-Context-Path
X-NC
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Ohc-Response-Time
X-Planisys-CDN-Rules
X-Cache-Info
X-Servername
X-Pjax-Url
X-DC
X-Cdn-Srv
Request-Country
Uber-Trace-Id
Request-EU
X-Instance-Name
Locale
UCS
X-NWS-UUID-VERIFY
X-Server-Cache
X-VarnPar1
Host-ID
X-ARC
X-VarnCache
X-PARISIEN-Cache-Rendered
Group
V-Cache
MIME-Version
X-CACHE-AGE
X-GeoIP-City
X-Req
X-VCT
Cteonnt-Length
Memory
X-Newrelic-Synthetics
HitInfo
X-Ratelimit-Remaining
X-Datadome
Mime-Version
X-CMS-Context
Cdn
Cache-Provider
X-BBXSRF
PICS-Label
X-Powered-By-ANYU
X-Gdpr
X-EIG-Tracking-Id
X-LAGOON
X-Servedbyhost
Nel
X-TWH-CORRELATION-ID
NGX
X-WR-MODIFICATION
CF-IPCountry
X-Aicache-OS
X-Load-Cache
X-StackifyID
GeoIP-Country-Code
CDN
GeoIP-Latitude
X-Wa
XServer
X-Fastly-Country-Code
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Varnish-Cache-Hits
X-CSRF-TOKEN
X-UPSTREAM-Address
X-HTML-Minification-Powered-By
X-FireWall-Port
Cf-Ipcountry
X-WA
X-RateLimit-Limit-Second
X-Fastly-Backend-Reqs
X-Cluster-Node
X-RateLimit-Remaining-Second
X-Generation-Time
X-Varnish-Beresp-TTL
GeoIp-Country-Code
Geoip-Latitude
X-NodeID
FSS-Proxy
FSS-Cache
X-Cache-Miss-From
X-Sentry-ID
CACHE
X-Sedo-Request-Id
X-ABtesting
X-Hello
X-VServer
X-Check-Cacheable
Processtime
X-APP
X-Source
X-Flog
X-Csrf-Token
Server-Surrogate-Control
Server-Cache-Control
X-Varnish-Authentication
X-Cache-ASPX
X-Cache-Grace
X-Unique-Id
X-HOST
X-ServedByHost
X-Oss-Request-Id
X-Oss-Storage-Class
SN
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-GZip
X-IPS-LoggedIn
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
URI
X-Nananana
WP-Super-Cache
X-RCS-Backend
X-CDN-Pop
X-CDN-Pop-IP
X-CSRF-Token
TSSecure
X-GDPR
X-Varnish-Url
X-Dynatrace
X-VG-WebCache
X-SRV
Pics-Label
Cdn-Host
X-Skip-Cache
X-Fastly-Cache-Hits
X-MServer
Cdn-Request-Time
X-Edge-Server
X-ND-Cache
X-FORWARDED-FOR
X-VC-Cache
X-Sucuri-Cache
X-Instart-Isnd
X-Worker
DataCenter
X-ID
A
X-HS-Status
Is-Session-Tracking
X-From-Cache
Get-Access-Time
Hostname
PageType
X-B3-SpanId
Proxy-Firewall
X-GoCache-CacheStatus
X-Swift-Error
X-BE
HTTPS
Dynatrace
X-Port
X-PJAX-URL
Powered
X-Pf-Uncompressing
X-LJ-Flow-ID
X-VWS-Id
X-NGINX-Cache
X-SplitTest
X-AWS-Id
X-Server-W
X-Bug-Bounty
Odigeo-Trace-Id
X-Gen-Id
X-Amzn-Remapped-Connection
X-GZIP
X-Backend-TTL
X-Pc-Subdomain
X-Amzn-Remapped-Date
X-Fe
X-ServerName
X-Owner
X-Cache-Ttl
X-SN
Requestid
X-VarnPar2
X-ORIG-AKA-EDGE
X-FW-Dynamic
Serverid
Cache-Hits
X-R9-Blue-Green-Version
X-Amz-Meta-S3b-Last-Modified
X-LiteSpeed-Cache-Control
X-RequestId
X-PF-Uncompressing
X-HostName
WebServer
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-Varnish-URL
X-Serial
X-ORIG-AKA-COUNTRY-CODE
X-RAMCache
X-GEO
RequestUuid
X-VC
X-SB
T-Server
X-Ms-Version
X-Requestid
X-CS
Location
Xet-Cookie
Correlation-Id
X-Ms-Request-Id
X-Developed-By
X-Dw-Trace-Id
NnCoection
X-Akamai-SSL-Client-Sid
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
SID
X-Ms-Blob-Type
X-HTML-Edge-Cache
X-LiteSpeed-Tag