Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Amz-Cf-Pop
X-Download-Options
X-Runtime
P3p
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Via
X-Pingback
X-Nginx-Cache-Status
Grace
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Cnection
X-Node
Content-Location
Surrogate-Control
X-Readtime
EagleEye-TraceId
X-Server-Id
Report-To
X-Host
X-CST
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Rack-Cache
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Url
X-Clacks-Overhead
Allow
NEL
Rating
X-DynaTrace
Edge-Control
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Origin-Cache
X-Server-ID
X-Varnish-TTL
X-FTR-Request-ID
X-Country-Code
X-Cdn
X-B3-TraceId
X-Px
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-DataDome
X-GitHub-Request-Id
X-Vhost
X-ESI
X-Trace
X-VARITI-CCR
Accept-CH
X-Goog-Hash
X-Server-Name
Charset
X-Cached
RTSS
X-MS-InvokeApp
Pinterest-Generated-By
X-Mod-Pagespeed
Verso
X-TTL
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
Public-Key-Pins
X-D2id
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Version
X-F-Cache
SPRequestGuid
X-Vname
X-TtlSet
X-PC
X-Dispatcher
X-T
X-DIS-Request-ID
X-DynaTrace-JS-Agent
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Abt-Application-Version
X-SharePointHealthScore
X-Powered-CMS
X-Fastly-Request-ID
X-Origin-Upstream-Status
X-Ser
X-Navigation-Version
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-B
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Client-IP
X-Amz-Rid
Realpath
X-Shield-Request-Id
X-Forwarded-Proto
MS-Author-Via
X-Recruiting
X-HW
X-Upstream
SPRequestDuration
SPIisLatency
DynaTrace
X-Vcap-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-XRDS-Location
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Varnish-Age
Content-MD5
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Ttl
X-Debug
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Via-JSL
X-Hits
X-Dw-Request-Base-Id
X-Goog-Storage-Class
X-Aspnet-Version
X-MSEdge-Ref
X-Id
X-Acc-Meta-Resource-Type
X-NewRelic-App-Data
X-N
X-NF-Request-ID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
Service-Worker-Allowed
Access-Control-Request-Method
S
X-FTR-Expires
Edge-Cache-Tag
X-ATG-Version
X-Oracle-Dms-Rid
TCN
Alternate-Protocol
X-FastCGI-Cache
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-PressLabs-Stats
X-Kinsta-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
Surrogate-Key
Rt-Fastcgi-Cache
X-Forwarded-For
X-RateLimit-Remaining
X-FTR-Cache-Host
X-Content-Digest
Tracecode
X-Pad
X-CF-Powered-By
Fastcgi-Cache
X-Cache-Key
X-Amzn-Trace-Id
Server-Name
Fastly-Restarts
X-Oneagent-Js-Injection
MicrosoftSharePointTeamServices
X-TA-CDN-Provider
Backend-Timing
Ar-Sid
X-Analytics
X-Cache-2
X-User-Agent
Host
TP-Cache
X-Edge-Location
TP-L2-Cache
FilterID
X-Magnolia-Registration
X-Rid
X-Debug-Info
ServerID
X-B3-Sampled
X-Whom
X-Page-Id
X-Mobile
X-Content-Options
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Grace
X-Hostname
X-Srv
X-Akam-SW-Version
X-NWS-LOG-UUID
Paypal-Debug-Id
Front-End-Https
AR-Request-ID
Refresh
X-LB-Cache
X-Request-Received
X-Request-Processing-Time
X-VCache
Retry-After
X-Litespeed-Cache
X-Signature
X-B-Cache
X-Content-Powered-By
X-GUploader-UploadID
X-Framework
X-Cache-Action
X-SS-Set-Cookie
X-Activity-Id
X-AppVersion
X-Az
Cleartype
X-Cluster
X-Varnish-Hostname
Source
X-Tumblr-Pixel-0
X-Handled-By
X-Tumblr-User
X-Platform-Server
X-FB-Debug
X-Request-Guid
X-Device-Type
X-Cache-Control
X-Tumblr-Pixel
X-App-Environment
X-WA-Info
X-Instance
X-AOL-HN
X-BCube-Filmed-By
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
Webserver
X-Content-Type
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Hit
X-Ruxit-Js-Agent
X-Varnish-Grace
X-Zen-Fury
X-Correlation-Id
X-Varnish-Backend
X-Cache-Rule
X-Middleton-Display
X-Sol
Healthy
Display
Accept-Charset
X-Seen-By
ViewerVersion
X-Wix-Request-Id
X-TT
X-Fastcgi-Cache
X-URL
X-Daa-Tunnel
X-Cache-Server
X-Origin-Server
X-Drupal-Cache-Tags
X-Cache-Age
Upgrade-Insecure-Requests
X-Middleton-Response
Response
X-DataStream-Cache-Status
Cache-Status
MS-CV
X-Cached-By
X-Varnish-Server
X-CACHE-GROUP
X-Amzn-RequestId
X-Amz-Apigw-Id
X-App-Server
X-Generated-By
X-Drupal-Cache-Contexts
X-Geo-Country
X-Esi
X-PHP-Backend
X-Amz-Replication-Status
X-Storage
X-HS-Cache-Config
Payment
Server-Node
X-Response-Served-From
X-UA-Device-Type
Filters
X-S
NGB
Access-Control-Allow-Method
GEO-INFO
X-Cacheable-TTL
X-Adobe-Content
X-Adobe-Loc
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
Actual-Object-TTL
X-TT-TIMESTAMP
X-Cache-NE
X-Edge-Cache
X-Servedby
X-UUID
X-FW-Server
Viewport
X-RequestSource
ServedBy
X-Jobs
X-FW-Type
X-Varnish-IP
X-FW-Static
X-Locale
X-Contextid
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Accel-Expires
X-Tumblr-Pixel-2
X-TX-ID
X-Amz-Server-Side-Encryption
Server-Info
Cache-Tv-Group
S-Cnection
X-WebKit-CSP-Report-Only
AsisCache
X-Cache-Remote
X-Cache-TTL-Remaining
X-Status
X-WPE-Loopback-Upstream-Addr
X-Dns-Prefetch-Control
From-Origin
X-GeoIP
X-Rendered-As
X-App-Version
Host-Header
X-Cache-Operation
Cache
X-Croise-Owner
X-Region
HostName
X-XRDS-LOCATION
SRV
X-CACHE-KEY
X-Webkit-CSP
X-Node-Name
X-Redis-Cache
Served-By
X-APP-VERSION
X-Hyper-Cache
X-BACKEND-TTL
X-Vg-Webcache
Content-Script-Type
Content-Style-Type
Liferay-Portal
X-Kong-Upstream-Latency
DC
X-Kong-Proxy-Latency
Public-Key-Pins-Report-Only
X-GRACE
X-Upgrade-Enabled
X-Detected-As
X-Cache-Config
Machine
X-Path-Route
X-Webstats-RespID
X-Mode
X-Site-Version
X-NGENIX-Cache
X-Cache-Var-Map
X-Proxy-Build
X-Timing-Wait
Cache-Tag
Selected-FE
X-RN-RSRV
X-Generated
X-Grey
X-Akamai-Transformed
X-Parent-Response-Time
X-Cache-Category-Id
Meta-Geo
Xserver
X-Is-Bot
X-Cache-Var
X-TNCMS
X-L-Path
X-IP
X-Internal-Host
X-Human
X-Hosted-By
X-JoinUs
X-Agile
X-Loop
X-Labrador-Cache-Channel
X-Akamai-Request-ID
X-NCache
X-Environment-Context
X-BYPASS-REASON
X-Web-Node
X-Agile-Id
X-Agile-Age
X-Origin-Response-Time
X-ProxyCache-Key
X-Request-Time
X-Original-Request
X-ProxyCache-Status
Cache-Name
Ms-Operation-Id
X-CDN-Cache
Origin-Edge-Control
X-RTag
X-Upstream-HT
X-Upstream-CT
Now
Origin-Cache-Control
X-Via-Fastly
X-Edge-IP
X-Birta-Served
X-Format
X-Birta-Cache-Post
X-Pc-Appver
X-Time-Microsecs
Cache-Key
Azure-Version
Azure-SlotName
X-Proxy
X-Origin-Host
X-RemovedCookies
User-Cache-Control
X-ServerID
X-Protected-By
X-Origin-CC
X-Tumblr-Pixel-3
X-Pc-Hit
X-Pc-Key
X-Origin
DB-Nickname
Azure-SiteName
X-ProcessESI
Azure-RegionName
Azure-InstanceId
Fastcgi-X-Cache
Fastcgi-Useragent
X-Access
S-Rt
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
Property-Id
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
Fastcgi-X-Cache-Version
X-Guploader-Uploadid
X-Origin-Hint
X-Xfnlog-Site
X-Www-Served-By
Cache-Tags
X-Section
X-Rule
X-PCL
X-Pubstack
Pagespeed
X-OCL
X-Viewer-Country
X-FC-Vary-Parameters
X-CCM
X-Backend-Name
X-Vgn-Hpd-Reason
X-Ocache
X-Tb
X-VG-TLSProxy
TWC-Locale-Group
X-Proxied
X-App-Name
X-Routing-Service
Vix-Hermes-Req-Id
X-Forwarded-Host
X-Zipkin-Id
HitType
X-B3-Spanid
X-FB-TRIP-ID
Powered-By-ChinaCache
X-Endurance-Cache-Level
Load-Balancing
Mn-Server-Ip
X-RateLimit-Limit
X-PERF
X-Cache-TTL
X-Nginx-Cache
X-ApacheServer
X-Via-CDN
Country
X-Content-Age
Datacenter
X-Cache-Backend
Time
X-Mshield-Cache-Status
X-Unique-Id-Primal
OT-Force-Account-Verify
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mrs-Cache
X-TIME
X-Cdn-Forward
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Real-IP
X-ShardId
X-Alternate-Cache-Key
X-Ezoic-Cdn
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Ohc-File-Size
Fusion-Content-Id
Fusion-Component-Id
X-Ua
X-Debug-Cache
X-UA
X-OVcl
X-OVcl-Cache
X-Varnish-Cacheable
X-Correlation-ID
X-Varnish-Beresp-Ttl
X-Pc-Date
X-Pc-Host
L5d-Success-Class
LB
NtCoent-Length
X-Sucuri-ID
X-HS-Combine-CSS
X-Varnish-Beresp-Grace
X-Hl-Ver
X-Nc
X-Unique-ID
X-Varnish-Beresp-Status
Section-Io-Cache
X-CDN-Forward
X-Time
X-Front
X-Real-Ip
X-Akamai-Request-ID2
X-MP-GENERATED-AT
We-Hiring
Mail-Subject
AR-SID
Pagetype
X-Amz-Meta-Surrogate-Control
X-Proto
User-Agent
X-Hit
X-Trace-Id
X-Cache-Enabled
X-Newrelic-App-Data
Accept-Language
X-Ratelimit-Limit
X-Dynatrace-Js-Agent
Version
X-Rocket-Nginx-Bypass
X-C
Access-Control-Request-Headers
X-CLOUD-TRACE-CONTEXT
Warning
X-EdgeConnect-Cache-Status
X-Microcachable
X-Cache-Debug
X-Cache-FS-Status
X-Cache-Expires
Memcached
X-Cache-Host
MD5-Digest
X-Cache-Id
X-Destination
X-Developer
X-Cache-Bucket
X-Device-Os
X-Died
X-Dispatcher-Server
X-Date
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-Crawler
X-CUA
X-Cache-URL
X-A-Ccd
Server-ID
Node
Server-Host
SS
Thinkindot-CacheControl
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
Rt-Proxy-Cache
RNT-Time
Request-Time
Rendered-Blocks
Powered-By
Platform
PFcat
RNT-Machine
Resin-Trace
X-DPWN-IS-SECURE
Mobile-Detection-Method
X-Actual-URL
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
X-Application
X-B-Cookie
X-Auto-Login
X-A-Dgt
X-A-Dcw
VivaBuild
Viewtype
Meta-Geo-Continent
Www
X-A
X-A-Dam
Release
X-Bip
X-Rebelmouse-Cache-Control
X-Server-IP
X-Server-By
X-Server-Time
X-SRCache-Key
X-Svr
X-Store
X-Served-From
X-ScT
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Rewrite-Enabled
X-Rojux
X-S-Maxage
X-S-Cookie
X-Swa-Ws
X-Thanos
X-Varnish-Action
X-Variation
X-VG-WebServer
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Var-Ttl
X-User
X-Transaction
X-Thinkindot-L3
X-Trv-Group
X-TT-LOGID
X-UE-Client-Country
X-Twitter-Response-Tags
X-Returned-From-BeforeDispatch
X-Returned-From
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-LI-UUID
X-Matched-Rule
X-Logtrace-Id
X-Level-Front-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-From
X-Fetched-On
X-FW-Version
X-G
X-Generated-On
X-Generated-In
X-NU-AKA-ACS-Version
X-P-T
Is-Eu
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Request-UUID
X-Region-Sid
X-Qloud-Router
X-PHP-Host
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-PAYTM-SRV-ID
X-External-Request-Id
X-BB-ID
Fastly-SWR
Arc-Country
BehaviorPad-Version
Fastly-SIE
Ajk
Adler-Geo
Frame-Options
Fly-Request-Id
Fly-Cache
Fastly-Backend-Name
IBM-Web2-Location
X-Via-NSCOPI
Cache-Prefix
Ec-Rule-Version
X-Epic-Correlation-Id
X-Distributor
X-ElasticPress-Search
X-Backend-Host
X-Fstrz
X-GeoIP-Country-Code
X-Gen-Mode
X-Gannett-Site-Version
X-Backend-Url
X-Distil-CS
X-Cache-CFC
X-Hash
Backend
Backend-Name
X-Clientip
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Block-Status
AKAMAI
Cache-Cookie-Set-Idcheck
X-IN-APIGATEWAY
X-Request-Start
X-Response-By
X-Release
X-Proxy-Upstream
X-Phone
X-Proxy-Cache-Status
X-Secret
X-Server-Group
X-SVT-ORM-VERSION
X-UnsetCookies
X-SVT-ORM-RULES
X-Stale
X-ServiceProvider
X-Sf
X-Origin-Expires
X-Origin-Date
X-Instart-Info
X-Key
X-Info
X-IN-WAF
X-Amz-Meta-Cache-Control
X-IN-SSL-APIGATEWAY
X-Layer
X-Location
X-No-Session
X-Node-Id
X-Nginx-Cache-Key
X-MSEdge-Flight
X-Server-Cache
X-MSEdge-Features
X-Hnp-Log
X-MI-In-Market
Web-Mar-Node
Lfy
Who
Kp-EeAlive
Esi-Enabled
Magicmarker
Pramga
MI-Cache
MI-Cache-Age
Origin
MI-API
Heartbleed
GMS-Ver
Decoy-Debug-TTL
Content-Disposition
ServerName
GW-Server
SD-X-WS
Server-Int
Country-Code
True-Client-Country-4JS
Countrycode
Decoy-Debug-Status
Decoy-Debug-Key
Proxy-Connection
Ohc-Response-Time
X-Be
X-NODE
HA-Geolat
REQUESTUUID
X-Irp-Debug
IsBot
X-V
HA-Geolon
HA-Geocountry
WZWS-RAY
X-Wikidot-Static-Cache
X-ARC
X-Wikidot-Backend
HA-Cloudapp
HA-Geocity
HA-Georegion
X-Up
X-Request-URI
X-Page-Type
On-Server
X-Policy
HA-Servedtime
X-Origin-TTL
HA-Ipaddr
X-Micro-Cache
X-Geo
X-SIPLIST1
Ha-Gx-Prefs
HA-Host
HA-Urlpath
X-Platform
Fastly-SSL
Apple-News-Services-Host
X-CGP
Apple-News-Services-Request-Url
X-Eu-Site
X-Core-Mission
X-Core-Value
X-Developers
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
Apple-News-Services-Handled
X-Cdn-Srv
Apple-News-Services-Parsed-Url
X-Fastly-Cache
X-F5-Cache
X-Cache-Info
CDCHOST
X-Backend-State
Fastly-Soc-X-Request-Id
X-DC
X-Cdn-Origin
X-Debug-Cookies
X-NX-Host
X-Sn-Servicetimems
X-Debug-Log
X-Servername
X-Dc
X-COUNTRY
X-Org
X-Refresh
RequestId
X-Pjax-Url
X-Via-Edge
X-Via-SSL
X-CMS-Context
PageSpeed
X-NC
X-CACHE-AGE
Cteonnt-Length
X-VarnPar1
Pragrma
Memory
X-VarnCache
X-PARISIEN-Cache-Rendered
X-Newrelic-Synthetics
MIME-Version
X-Datadome
Cdn
X-Servedbyhost
X-Planisys-CDN-TTL
UCS
Request-EU
X-Planisys-CDN-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
Uber-Trace-Id
Request-Country
X-Planisys-CDN-Rules
X-LAGOON
Locale
X-Instance-Name
Mime-Version
X-NWS-UUID-VERIFY
Host-ID
X-Req
Group
V-Cache
X-GeoIP-City
Cache-Provider
X-VCT
NGX
X-Wa
Nel
X-Gdpr
X-Webkit-Csp
X-FireWall-Port
PICS-Label
X-CSRF-TOKEN
GeoIP-Latitude
X-BBXSRF
X-WR-MODIFICATION
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
GeoIP-Country-Code
X-HTML-Minification-Powered-By
X-Generation-Time
X-Varnish-Cache-Hits
CF-IPCountry
HitInfo
X-Powered-By-ANYU
X-Aicache-OS
X-B3-Traceid
X-Ratelimit-Remaining
X-Load-Cache
X-StackifyID
X-Cache-Miss-From
CDN
X-Sedo-Request-Id
Cf-Ipcountry
XServer
X-Cache-Grace
X-Varnish-Authentication
X-DataStream-Origin-MEX-Latency
X-UPSTREAM-Address
X-DataStream-MidMile-RTT
X-Fastly-Country-Code
X-Cache-ASPX
Server-Surrogate-Control
Server-Cache-Control
X-EIG-Tracking-Id
X-IPS-LoggedIn
X-TWH-CORRELATION-ID
X-Varnish-Url
Geoip-Latitude
GeoIp-Country-Code
X-Check-Cacheable
X-ND-Cache
X-Source
X-FORWARDED-FOR
X-HOST
X-Fastly-Backend-Reqs
URI
Pics-Label
X-RCS-Backend
X-VG-WebCache
CACHE
Get-Access-Time
X-CDN-Pop
X-CDN-Pop-IP
X-Sucuri-Cache
Is-Session-Tracking
X-From-Cache
X-WA
X-APP
X-Instart-Isnd
X-Unique-Id
FSS-Proxy
FSS-Cache
X-GoCache-CacheStatus
X-Sentry-ID
X-Varnish-Beresp-TTL
Proxy-Firewall
X-Dynatrace
X-NodeID
X-Csrf-Token
X-SRV
X-VServer
X-Skip-Cache
X-GDPR
X-Hello
Powered
Processtime
X-Fastly-Cache-Hits
X-VC-Cache
X-Cluster-Node
WP-Super-Cache
X-Flog
X-ABtesting
DataCenter
X-ID
X-GEO
X-Oss-Request-Id
X-Oss-Storage-Class
X-Server-W
X-Oss-Server-Time
X-R9-Blue-Green-Version
X-Oss-Hash-Crc64ecma
SN
X-FW-Dynamic
X-ServedByHost
X-Oss-Object-Type
X-Nananana
Amp-Access-Control-Allow-Source-Origin
X-PF-Uncompressing
X-Pc-Subdomain
X-GZip
X-RequestId
X-B3-SpanId
X-CSRF-Token
X-HS-Status
X-BE
Hostname
X-Fe
Dynatrace
TSSecure
X-PJAX-URL
X-Worker
X-Swift-Error
X-Pf-Uncompressing
X-TrackingId
X-Bug-Bounty
X-Backend-TTL
Cdn-Host
X-Edge-Server
X-Amzn-Remapped-Date
Cdn-Request-Time
X-Amzn-Remapped-Connection
X-MServer
X-Gen-Id
X-GZIP
X-LiteSpeed-Cache-Control
X-Cache-Ttl
X-NGINX-Cache
ProcessTime
A
X-ORIG-AKA-EDGE
Requestid
Serverid
X-HostName
X-Alicdn-Da-Ups-Status
X-LiteSpeed-Tag
X-Port
X-ORIG-AKA-COUNTRY-CODE
X-ServerName
X-VarnPar2
X-SB
X-VC
T-Server
X-Varnish-URL
RequestUuid
X-PAGE-TYPE
X-RAMCache
X-CS
HTTPS
Cache-Hits
DSUID
X-Tb-Optimization-Total-Bytes-Saved
Cneonction
X-Developed-By
Location
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Serial
Xet-Cookie
Correlation-Id
NnCoection
X-Dw-Trace-Id