Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
X-Amz-Cf-Pop
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Server-Powered-By
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-Cnection
X-Host
X-Readtime
Report-To
X-Node
X-Rq
EagleEye-TraceId
Server-Timing
X-Response-Time
X-CST
Feature-Policy
X-OneAgent-JS-Injection
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Application-Context
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
Edge-Control
X-DynaTrace
NEL
Allow
Rating
X-Url
X-Cdn
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Country
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Trace
X-Server-Name
X-B3-TraceId
X-DataDome
X-Px
X-Vhost
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-VARITI-CCR
X-Ruxit-JS-Agent
X-Cached
X-ESI
X-Server-ID
X-ORACLE-DMS-RID
Accept-CH
SPRequestGuid
X-Goog-Hash
Charset
X-TtlSet
X-PC
X-Vname
Pinterest-Generated-By
X-Mod-Pagespeed
X-D2id
X-F-Cache
Public-Key-Pins
X-TTL
X-Dispatcher
Verso
X-Cdn-Fetch
X-Kinja
X-Use-Magma
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
Arc-Version
PB-PID
X-Mobile-Rewrite
X-SharePointHealthScore
PB-RID
X-T
X-Version
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
X-Abt-Application-Version
Accept-CH-Lifetime
X-Powered-CMS
X-DIS-Request-ID
X-Ser
X-Fastly-Request-ID
X-Dns-Prefetch-Control
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Origin-Upstream-Status
X-Navigation-Version
X-B
X-Shield-Request-Id
X-Recruiting
X-Forwarded-Proto
X-Oneagent-Js-Injection
X-Client-IP
MS-Author-Via
DynaTrace
X-Amz-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HW
Realpath
SPRequestDuration
SPIisLatency
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Content-MD5
X-Upstream
Nginx-Cache
X-Vcap-Request-Id
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
X-Ttl
AR-ATIME
AR-CACHE
Edge-Cache-Tag
AR-PoweredBy
X-N
X-Oracle-Dms-Rid
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Varnish-Age
X-Debug
X-NF-Request-ID
Access-Control-Request-Method
X-Goog-Storage-Class
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-ATG-Version
X-Id
S
X-NewRelic-App-Data
Service-Worker-Allowed
X-FTR-Realm
X-Via-JSL
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-XRDS-Location
X-FTR-Expires
X-Logged-In
X-FastCGI-Cache
Tracecode
X-HS-Content-Id
Rt-Fastcgi-Cache
X-PressLabs-Stats
X-HS-Hub-Id
X-Content-Digest
X-Frontend
Alternate-Protocol
X-Kinsta-Cache
X-Cache-Key
Surrogate-Key
X-Pad
X-RateLimit-Remaining
Fastly-Restarts
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
MicrosoftSharePointTeamServices
X-Content-Options
X-FTR-Cache-Host
X-Grace
Ar-Sid
X-Edge-Location
Server-Name
X-Amzn-Trace-Id
Fastcgi-Cache
Backend-Timing
X-Analytics
Host
FilterID
X-Ruxit-Js-Agent
X-CF-Powered-By
TP-L2-Cache
X-Rid
TP-Cache
X-Debug-Info
X-User-Agent
X-IPLB-Instance
ServerID
X-Magnolia-Registration
X-Hostname
X-Whom
X-Revision
X-B3-Sampled
X-Cache-2
Eomportal-Instance
X-Request-Received
X-Request-Processing-Time
Paypal-Debug-Id
X-NWS-LOG-UUID
X-Page-Id
X-Mobile
AR-Request-ID
X-HS-Cache-Config
Front-End-Https
X-Akam-SW-Version
X-Srv
X-AOL-HN
X-GUploader-UploadID
X-Content-Powered-By
X-VCache
X-Cache-Hit
Retry-After
X-B-Cache
X-Signature
X-Varnish-Grace
X-Cluster
Source
X-Device-Type
X-FB-Debug
X-LB-Cache
X-SS-Set-Cookie
X-Handled-By
X-Request-Guid
Refresh
X-App-Environment
X-Cache-Action
X-Instance
X-Cache-Control
X-WA-Info
Cleartype
X-URL
X-Tumblr-User
X-Tumblr-Pixel-0
X-BCube-Filmed-By
X-Varnish-Hostname
X-Platform-Server
X-Tumblr-Pixel
X-Framework
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Zen-Fury
X-Akamai-Edgescape
X-XRDS-LOCATION
X-Correlation-Id
Webserver
X-TA-CDN-Provider
X-Varnish-Backend
X-Daa-Tunnel
X-Middleton-Display
Display
X-Sol
X-Esi
X-Cache-Server
X-Activity-Id
X-AppVersion
X-Az
X-Webkit-CSP
X-Drupal-Cache-Tags
X-Varnish-Server
X-Drupal-Cache-Contexts
X-Cache-Rule
X-Content-Type
Healthy
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Geo-Country
X-Fastcgi-Cache
X-Wix-Request-Id
ViewerVersion
X-Middleton-Response
Response
X-Seen-By
X-Generated-By
X-Cached-By
Server-Node
S-Cnection
X-App-Server
Cache-Status
X-Accel-Expires
X-Cache-Age
X-DataStream-Cache-Status
X-Origin-Server
X-Amzn-RequestId
X-Amz-Replication-Status
X-Node-Name
X-Amz-Apigw-Id
X-TT
Upgrade-Insecure-Requests
X-Response-Served-From
X-S
Payment
X-WPE-Loopback-Upstream-Addr
X-CACHE-GROUP
X-RequestSource
NGB
GEO-INFO
Filters
X-Cacheable-TTL
Host-Header
X-Locale
X-UA-Device-Type
X-Varnish-IP
Viewport
HostName
X-Edge-Cache-Key
X-Edge-Cache
X-Cache-NE
Actual-Object-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Servedby
X-GeoIP
ServedBy
X-FW-Hash
X-FW-Static
X-FW-Type
X-Jobs
X-FW-Serve
X-Contextid
X-FW-Server
X-Status
AsisCache
X-Varnish-Hits
X-WebKit-CSP-Report-Only
X-TX-ID
Access-Control-Allow-Method
X-UUID
X-TT-TIMESTAMP
X-Amz-Server-Side-Encryption
Accept-Charset
Server-Info
X-APP-VERSION
X-Storage
X-Adobe-Loc
X-Adobe-Content
X-Vg-Webcache
Cache
SRV
X-Hyper-Cache
X-Cache-TTL-Remaining
X-PHP-Backend
X-Rendered-As
MS-CV
X-Cache-Remote
X-HS-Combine-CSS
From-Origin
X-Croise-Owner
X-CLOUD-TRACE-CONTEXT
X-Cache-Operation
Cache-Tv-Group
Cache-Tag
X-Region
DC
Public-Key-Pins-Report-Only
X-Forwarded-Host
Liferay-Portal
Served-By
X-Redis-Cache
X-Mode
X-UA
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-App-Version
X-TIME
X-Agile
X-Agile-Age
X-Agile-Id
X-Akamai-Request-ID2
X-Cache-Var
X-Webstats-RespID
X-Cache-Var-Map
X-Upgrade-Enabled
Powered-By-ChinaCache
X-Human
X-Path-Route
Machine
X-RN-RSRV
X-Site-Version
X-Request-Time
Meta-Geo
X-Timing-Wait
X-Loop
X-Proxy-Build
X-Hosted-By
Fastcgi-Useragent
X-NGENIX-Cache
Selected-FE
X-Detected-As
Fastcgi-X-Cache-Version
X-TNCMS
X-Generated
X-Is-Bot
Fastcgi-X-Cache
X-IP
S-Rt
TWC-GeoIP-LatLong
Property-Id
Webcakes-App-Version
TWC-Locale-Group
TWC-Device-Class
TWC-Privacy
TWC-Connection-Speed
Webcakes-App-Name
Origin-Cache-Control
Now
Origin-Edge-Control
X-Format
X-Labrador-Cache-Channel
X-Proxied
Cache-Name
X-L-Path
X-JoinUs
X-Pc-Key
X-Pc-Hit
X-Origin-Hint
X-Original-Request
X-NCache
X-Pc-Appver
X-Zipkin-Id
X-Via-Fastly
X-Environment-Context
X-CDN-Cache
X-Cache-Category-Id
X-BYPASS-REASON
X-Grey
X-Internal-Host
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-ProxyCache-Status
X-Routing-Service
Webcakes-Region
TWC-GeoIP-Country
X-Endurance-Cache-Level
X-Akamai-Transformed
X-OCL
X-PCL
X-FC-Vary-Parameters
X-Birta-Served
X-Access
X-Birta-Cache-Post
X-ProcessESI
X-Proxy
X-Viewer-Country
X-Web-Node
X-Upstream-HT
X-Upstream-CT
X-Section
X-Tumblr-Pixel-3
X-RemovedCookies
X-Pubstack
DB-Nickname
Cache-Tags
X-Origin
X-Ocache
X-Origin-CC
X-ServerID
X-Origin-Response-Time
X-Akamai-Request-ID
X-Rule
X-VG-TLSProxy
X-Backend-Name
X-Origin-Host
X-Time-Microsecs
X-Www-Served-By
X-Xfnlog-Site
X-Cache-Config
X-Via-CDN
Azure-Version
Xserver
X-B3-Spanid
Azure-SlotName
Azure-InstanceId
Mn-Server-Ip
X-CCM
Azure-SiteName
X-Tb
Azure-RegionName
HitType
Datacenter
OT-Force-Account-Verify
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
Pagespeed
X-Sorting-Hat-PodId
X-ShardId
X-App-Name
X-Alternate-Cache-Key
X-Newrelic-App-Data
X-Cache-TTL
X-RateLimit-Limit
Accept-Language
X-Nginx-Cache
X-Ezoic-Cdn
X-OVcl-Cache
X-OVcl
X-Parent-Response-Time
X-Protected-By
X-NODE
User-Cache-Control
Vix-Hermes-Req-Id
Cache-Key
L5d-Success-Class
X-Guploader-Uploadid
X-Edge-IP
Content-Style-Type
X-CACHE-KEY
Content-Script-Type
X-Real-Ip
LB
X-Kong-Proxy-Latency
Time
X-Correlation-ID
X-Kong-Upstream-Latency
NtCoent-Length
X-BACKEND-TTL
X-Real-IP
X-Amz-Meta-Surrogate-Control
Ms-Operation-Id
X-Cache-Backend
X-Proto
X-RTag
X-CDN-Forward
AR-SID
X-ApacheServer
X-Pc-Host
X-Pc-Date
X-PERF
X-Front
X-Webkit-Csp
X-Mrs-Cache
X-Unique-Id-Primal
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-Hit
X-Nc
X-FB-TRIP-ID
X-Sucuri-ID
X-Varnish-Cacheable
X-COUNTRY
Section-Io-Cache
X-Varnish-Beresp-Status
X-Debug-Cache
X-Varnish-Beresp-Grace
X-Microcachable
WZWS-RAY
X-Dynatrace-Js-Agent
X-Content-Age
X-Unique-ID
Access-Control-Request-Headers
Fusion-Source
Country
Fusion-Template-Id
X-Twitter-Response-Tags
Fusion-Content-Source
Fusion-Component-Id
X-C
X-Cache-Enabled
Version
X-Ratelimit-Limit
Fusion-Content-Id
X-Cdn-Forward
X-Transaction
X-Connection-Hash
X-Dc
X-MP-GENERATED-AT
X-EdgeConnect-Cache-Status
X-Trace-Id
X-GRACE
Load-Balancing
We-Hiring
Warning
Mail-Subject
Fastly-Backend-Name
X-External-Request-Id
X-Accel-Expires-Debug
Countrycode
SD-X-WS
Ec-Rule-Version
X-DPWN-IS-SECURE
X-Died
Frame-Options
Server-Host
X-Actual-URL
Fly-Request-Id
Fly-Cache
X-Dispatcher-Server
Cache-Prefix
Fastly-SWR
Fastly-SIE
X-Fetched-On
Mobile-Detection-Method
Ajk
Node
X-B-Cookie
X-A-Dgt
X-GeoIP-Country-Code
X-Generated-In
X-A-Dcw
X-Auto-Login
Arc-Country
Server-ID
X-F5-Cache
X-A-Dam
X-From
BehaviorPad-Version
X-G
X-FW-Version
Memcached
X-Developer
Viewtype
Release
Resin-Trace
Uber-Trace-Id
RNT-Time
X-Cache-Host
X-Cache-URL
X-Cache-Id
VivaBuild
X-Cache-FS-Status
Rendered-Blocks
RNT-Machine
Locale
Is-Eu
IBM-Web2-Location
X-Application
X-Cache-Debug
Rt-Proxy-Cache
X-Cache-Bucket
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Destination
Powered-By
X-Date
X-A
MD5-Digest
UCS
X-Bip
X-BB-ID
X-A-Ccd
X-D
SS
X-A-Wwc
X-Aed
X-Clientip
Platform
Meta-Geo-Continent
X-Backend-State
X-CUA
X-Crawler
X-Device-Os
X-Reboot
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-S-Maxage
X-Rocket-Nginx-Bypass
X-Server-By
X-Served-From
X-ScT
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Release
X-Region-Sid
V-Age
X-Request-UUID
Adler-Geo
X-Returned-From-BeforeDispatch
X-Returned-From
X-Server-Time
X-SRCache-Key
X-VG-WebServer
Ohc-File-Size
X-Varnish-Action
X-Via-Edge
X-Via-SSL
Xc-Version
X-WebServer
X-We-Are-Hiring
X-Variation
X-Var-Ttl
X-Trv-Group
X-Thanos
X-Store
X-UE-Client-Country
X-Urbn-Context-Path
X-User
X-Urbn-Site-Id
X-Rebelmouse-Surrogate-Control
X-Response-By
X-NU-AKA-ACS-Version
X-Node-Id
X-Org
X-Passed-To
X-Passed-To-BeforeDispatch
X-LI-UUID
X-LI-Proto
X-Layer
X-Li-Fabric
X-Hl-Ver
X-Li-Pop
X-Passed-To-DLL
X-Logtrace-Id
X-Varnish-Beresp-Ttl
X-Qloud-Router
X-Passed-To-PostProcessResponse
X-RCS-CacheZone
X-PAYTM-SRV-ID
X-PHP-Host
X-Rebelmouse-Cache-Control
X-Key
X-Cache-Expires
X-UnsetCookies
X-Info
X-Request-Start
X-Gen-Mode
X-IN-APIGATEWAY
X-Hash
X-Hnp-Log
X-IN-SSL-APIGATEWAY
Web-Mar-Node
X-Via-NSCOPI
Who
X-IN-WAF
X-Thinkindot-L3
X-Server-Group
X-Server-IP
X-Matched-Rule
X-No-Session
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Block-Status
X-Amz-Meta-Cache-Control
X-Sf
X-SVT-ORM-VERSION
X-Swa-Ws
X-Epic-Correlation-Id
X-SVT-ORM-RULES
X-Location
X-CGP
X-Stale
X-Eu-Site
Www
HA-Urlpath
HA-Servedtime
HA-Ipaddr
Backend
Heartbleed
Apple-News-Services-Parsed-Url
Kp-EeAlive
Apple-News-Services-Request-Url
HA-Host
Ha-Gx-Prefs
HA-Geocountry
HA-Geocity
GW-Server
HA-Geolat
HA-Geolon
Backend-Name
HA-Georegion
GMS-Ver
HA-Cloudapp
Apple-News-Services-Host
Request-EU
Request-Country
Content-Disposition
Country-Code
Esi-Enabled
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Pragrma
Pramga
Apple-News-Services-Handled
Origin
AKAMAI
X-Geo
X-NWS-UUID-VERIFY
User-Agent
X-Be
X-Secret
Cache-Cookie-Set-Idcheck
CDCHOST
X-Request-URI
Cache-Cookie-Set-Lfrom
X-Gannett-Site-Version
X-Instance-Name
X-Irp-Debug
X-Nginx-Cache-Key
X-Wikidot-Static-Cache
X-P-T
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Cookie-Set-From
X-Platform
X-Distil-CS
X-Phone
X-Policy
X-MI-In-Market
X-Backend-Host
MI-Cache-Age
X-Backend-Url
Fastly-Soc-X-Request-Id
On-Server
IsBot
MI-Cache
MI-API
Server-Int
X-Wikidot-Backend
REQUESTUUID
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-Cache-CFC
X-TT-LOGID
Proxy-Connection
X-Developers
X-V
Fastly-SSL
X-ServiceProvider
X-SIPLIST1
X-Core-Value
True-Client-Country-4JS
X-Time
Group
V-Cache
X-VCT
X-NX-Host
Request-Time
X-Origin-Date
X-Sn-Servicetimems
X-Up
HitInfo
X-Origin-TTL
X-MSEdge-Features
X-Servername
X-Origin-Expires
X-Refresh
X-MSEdge-Flight
X-ElasticPress-Search
X-Core-Mission
X-Distributor
X-Cdn-Origin
Magicmarker
X-Debug-Cookies
X-Fstrz
X-GeoIP-City
X-Debug-Log
PageSpeed
X-Ua
Pagetype
Nel
X-DC
X-Planisys-CDN-TTL
PFcat
X-Fastly-Cache
X-Page-Type
X-Planisys-CDN-Rules
RequestId
X-CACHE-AGE
X-Planisys-CDN-Cache
X-NC
X-Req
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-EIG-Tracking-Id
X-Debug-Cache-Expiry
X-Newrelic-Synthetics
X-Micro-Cache
X-BBXSRF
Host-ID
X-Pjax-Url
X-VarnCache
X-VarnPar1
X-Svr
X-PARISIEN-Cache-Rendered
X-Powered-By-ANYU
X-Instart-Info
X-Level-Front-Cache
X-Generated-On
MIME-Version
X-HOST
Lfy
ServerName
X-Datadome
Mime-Version
X-Server-Cache
X-Cdn-Srv
PICS-Label
Ohc-Response-Time
X-Cache-Info
Cache-Provider
X-Gdpr
Cdn
Cteonnt-Length
Memory
X-ARC
X-TWH-CORRELATION-ID
X-Cluster-Node
X-Servedbyhost
CF-IPCountry
X-CMS-Context
X-Wa
X-NodeID
X-Aicache-OS
X-StackifyID
FSS-Proxy
X-Sentry-ID
FSS-Cache
CDN
X-Flog
X-ABtesting
X-WR-MODIFICATION
X-LAGOON
Geoip-Latitude
XServer
X-Hello
GeoIp-Country-Code
X-Fastly-Country-Code
X-VServer
X-Load-Cache
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
NGX
SN
X-B3-Traceid
X-WA
X-GZip
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
X-CSRF-TOKEN
GeoIP-Country-Code
GeoIP-Latitude
CACHE
X-Check-Cacheable
TSSecure
X-APP
X-Source
X-CSRF-Token
X-Worker
Amp-Access-Control-Allow-Source-Origin
X-MServer
X-Unique-Id
Processtime
X-FORWARDED-FOR
X-SRV
X-Csrf-Token
X-DataStream-Origin-MEX-Latency
Cf-Ipcountry
X-FireWall-Port
A
X-ServedByHost
X-DataStream-MidMile-RTT
X-Varnish-Cache-Hits
X-VWS-Id
X-Ratelimit-Remaining
X-LJ-Flow-ID
PageType
X-SplitTest
X-AWS-Id
X-Generation-Time
X-RateLimit-Remaining-Second
WP-Super-Cache
X-Port
X-RateLimit-Limit-Second
X-Cache-Miss-From
X-Oss-Hash-Crc64ecma
X-CDN-Pop-IP
X-CDN-Pop
X-Sedo-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
DataCenter
X-Dynatrace
Cdn-Host
URI
X-Edge-Server
HTTPS
X-Nananana
Cdn-Request-Time
Cache-Hits
X-Backend-TTL
X-VC-Cache
X-Skip-Cache
Odigeo-Trace-Id
X-Sucuri-Cache
X-Cache-Grace
X-GDPR
Pics-Label
X-ID
Server-Cache-Control
X-Cache-ASPX
Server-Surrogate-Control
X-IPS-LoggedIn
X-Owner
X-Varnish-Authentication
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
X-Fastly-Cache-Hits
X-RCS-Backend
X-HS-Status
X-B3-SpanId
ProcessTime
X-PJAX-URL
X-Swift-Error
X-BE
Dynatrace
X-SN
Hostname
X-Varnish-Url
X-Gen-Id
X-Pf-Uncompressing
X-VG-WebCache
X-Instart-Isnd
X-From-Cache
X-GZIP
X-ND-Cache
X-Amzn-Remapped-Connection
X-Bug-Bounty
X-Amzn-Remapped-Date
X-ORIG-AKA-EDGE
X-GoCache-CacheStatus
X-Server-W
Get-Access-Time
Is-Session-Tracking
X-NGINX-Cache
X-Fe
X-Cache-Srv
X-Cache-Ttl
X-PAGE-TYPE
X-Ms-Lease-State
Requestid
X-VarnPar2
X-Amz-Meta-S3b-Last-Modified
Serverid
X-Akamai-SSL-Client-Sid
X-Varnish-URL
RequestUuid
X-ServerName
Proxy-Firewall
X-Alicdn-Da-Ups-Status
NodeID
T-Server
WebServer
X-LiteSpeed-Cache-Control
X-RAMCache
X-Serial
X-SB
X-ORIG-AKA-COUNTRY-CODE
X-VC
X-LiteSpeed-Tag
X-RequestId
Xet-Cookie
X-Developed-By
X-Dw-Trace-Id
NnCoection
X-CS
Location
X-Akamai-ERPolicy
SID
X-HTML-Edge-Cache
X-Akamai-ERRuleID