Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
P3p
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Amz-Cf-Pop
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Server-Powered-By
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Host
X-Cnection
X-Server-Id
X-Node
X-Readtime
Report-To
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Rq
Server-Timing
X-Response-Time
Feature-Policy
X-CST
X-Rack-Cache
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Clacks-Overhead
NEL
X-Url
Edge-Control
X-DynaTrace
Allow
Rating
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Trace
X-DataDome
X-Server-Name
X-Px
X-Vhost
X-Server-ID
X-B3-TraceId
X-ESI
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
RTSS
X-MS-InvokeApp
X-Ruxit-JS-Agent
X-Cached
Accept-CH
X-Goog-Hash
SPRequestGuid
Charset
X-Vname
X-TtlSet
X-PC
Verso
X-F-Cache
X-Mod-Pagespeed
X-D2id
Public-Key-Pins
Pinterest-Generated-By
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Dispatcher
PB-RID
Arc-Version
PB-PID
X-Mobile-Rewrite
X-Version
X-SharePointHealthScore
X-T
X-Cdn
X-Powered-By-Plesk
X-TTL
X-Dns-Prefetch-Control
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-DynaTrace-JS-Agent
X-Ser
X-Fastly-Request-ID
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Origin-Upstream-Status
X-Navigation-Version
X-Shield-Request-Id
X-B
X-Forwarded-Proto
X-Client-IP
X-Recruiting
MS-Author-Via
X-Amz-Rid
DynaTrace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ttl
Realpath
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
Content-MD5
X-Vcap-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Nginx-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-ATIME
AR-CACHE
Edge-Cache-Tag
X-Oneagent-Js-Injection
Arr-Disable-Session-Affinity
X-Hits
X-N
X-Varnish-Age
X-Debug
X-Oracle-Dms-Rid
X-Goog-Storage-Class
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Aspnet-Version
Mrf-Cache-Status
TCN
MRF-Tech
X-B3-TraceId-Primal
X-NF-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
X-NewRelic-App-Data
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-Id
X-XRDS-Location
S
X-ATG-Version
X-Via-JSL
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
Service-Worker-Allowed
X-Logged-In
X-FTR-Expires
X-FastCGI-Cache
Alternate-Protocol
X-PressLabs-Stats
X-Forwarded-For
Tracecode
X-HS-Content-Id
Rt-Fastcgi-Cache
X-HS-Hub-Id
X-Content-Digest
X-Frontend
Surrogate-Key
X-Kinsta-Cache
AMP-Access-Control-Allow-Source-Origin
X-Pad
Fastly-Restarts
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
X-Cache-Key
X-FTR-Cache-Host
X-Content-Options
X-Ruxit-Js-Agent
X-Edge-Location
X-Amzn-Trace-Id
Fastcgi-Cache
Server-Name
Ar-Sid
Backend-Timing
X-Analytics
X-CF-Powered-By
X-Grace
Host
FilterID
TP-L2-Cache
TP-Cache
X-Hostname
X-Rid
X-Whom
X-User-Agent
X-Debug-Info
X-IPLB-Instance
X-Cache-2
X-Magnolia-Registration
ServerID
X-Revision
X-B3-Sampled
Eomportal-Instance
X-Request-Processing-Time
X-Request-Received
X-Page-Id
X-Mobile
Paypal-Debug-Id
X-NWS-LOG-UUID
X-Srv
AR-Request-ID
X-Akam-SW-Version
Front-End-Https
X-AOL-HN
X-VCache
X-HS-Cache-Config
X-Content-Powered-By
Retry-After
X-B-Cache
X-Signature
X-Litespeed-Cache
X-GUploader-UploadID
X-LB-Cache
X-FB-Debug
X-Device-Type
X-Cache-Action
Source
X-SS-Set-Cookie
X-Handled-By
X-Varnish-Grace
Refresh
X-Framework
Cleartype
X-Cluster
X-Cache-Control
X-Instance
X-Request-Guid
X-WA-Info
X-BCube-Filmed-By
X-Correlation-Id
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Hostname
X-Platform-Server
X-Cache-Hit
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
Webserver
X-Zen-Fury
Display
X-Varnish-Backend
X-Sol
X-Middleton-Display
X-AppVersion
X-Activity-Id
X-Az
X-XRDS-LOCATION
X-Daa-Tunnel
X-Cache-Server
X-Content-Type
Healthy
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Fastcgi-Cache
X-Cache-Rule
X-Drupal-Cache-Tags
X-Seen-By
ViewerVersion
X-Varnish-Server
X-Wix-Request-Id
X-Drupal-Cache-Contexts
X-URL
Response
X-Middleton-Response
X-Cache-Age
X-Geo-Country
X-Generated-By
X-Cached-By
X-App-Server
S-Cnection
Server-Node
Cache-Status
X-TT
X-Origin-Server
Upgrade-Insecure-Requests
X-Accel-Expires
X-DataStream-Cache-Status
X-CACHE-GROUP
X-Amz-Replication-Status
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Esi
Payment
GEO-INFO
X-TA-CDN-Provider
NGB
Filters
X-UA-Device-Type
X-RequestSource
X-Response-Served-From
X-S
X-Locale
X-Node-Name
X-Cacheable-TTL
X-Edge-Cache-Key
Viewport
X-Contextid
Actual-Object-TTL
X-Cache-NE
ServedBy
X-Varnish-IP
X-Edge-Cache
X-Servedby
Accept-Charset
X-Status
X-TT-TIMESTAMP
Access-Control-Allow-Method
X-FW-Hash
X-FW-Serve
X-Jobs
X-Varnish-Hits
X-FW-Static
X-FW-Server
X-FW-Type
X-UUID
X-Tumblr-Pixel-2
X-GeoIP
X-TX-ID
X-Tumblr-Pixel-1
X-Adobe-Content
Server-Info
X-Adobe-Loc
X-Amz-Server-Side-Encryption
HostName
X-WPE-Loopback-Upstream-Addr
X-Storage
AsisCache
X-WebKit-CSP-Report-Only
Host-Header
Cache
X-PHP-Backend
X-Cache-TTL-Remaining
SRV
Cache-Tv-Group
X-Cache-Remote
X-Rendered-As
MS-CV
X-Croise-Owner
X-Vg-Webcache
From-Origin
X-Hyper-Cache
X-APP-VERSION
X-Cache-Operation
X-Region
X-App-Version
X-Webkit-CSP
X-HS-Combine-CSS
Served-By
Cache-Tag
X-Redis-Cache
DC
Public-Key-Pins-Report-Only
X-Forwarded-Host
Liferay-Portal
X-CACHE-KEY
X-Mode
Meta-Geo
Xserver
Selected-FE
X-Akamai-Transformed
X-Endurance-Cache-Level
Machine
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Yottaa-Optimizations
Fastcgi-X-Cache
X-Yottaa-Metrics
X-Is-Bot
X-Loop
X-NGENIX-Cache
X-RN-RSRV
X-IP
X-Human
X-Proxy-Build
X-Request-Time
X-Site-Version
X-Timing-Wait
X-TNCMS
X-Upgrade-Enabled
X-Generated
X-Path-Route
X-Detected-As
X-Cache-Var
X-Cache-Var-Map
X-Agile-Id
X-Agile
X-Agile-Age
X-Web-Node
TWC-Connection-Speed
X-Cache-Category-Id
TWC-Device-Class
Cache-Name
X-Via-Fastly
X-Webstats-RespID
Origin-Edge-Control
Now
X-Upstream-CT
X-BYPASS-REASON
Origin-Cache-Control
X-ProxyCache-Status
X-Upstream-HT
Property-Id
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-JoinUs
X-Labrador-Cache-Channel
X-NCache
X-CDN-Cache
X-Internal-Host
X-Grey
X-Hosted-By
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
TWC-Locale-Group
X-Format
TWC-GeoIP-LatLong
X-Pc-Key
X-Pc-Hit
X-Original-Request
Webcakes-Region
X-Pc-Appver
TWC-GeoIP-Country
TWC-Privacy
Pagespeed
Powered-By-ChinaCache
X-UA
X-Access
X-L-Path
X-Birta-Cache-Post
X-FC-Vary-Parameters
S-Rt
X-Akamai-Request-ID
X-VG-TLSProxy
X-Birta-Served
X-Environment-Context
DB-Nickname
Cache-Tags
X-ProcessESI
X-PCL
X-B3-Spanid
X-Pubstack
X-RemovedCookies
X-Section
X-Origin-Host
X-Time-Microsecs
X-OCL
X-Origin-Response-Time
X-Origin
Mn-Server-Ip
Datacenter
X-Backend-Name
Azure-Version
X-Viewer-Country
X-Tumblr-Pixel-3
X-Via-CDN
X-Ocache
X-Origin-CC
X-Proxy
X-Www-Served-By
X-Xfnlog-Site
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-CCM
X-Cache-Config
X-ServerID
X-Guploader-Uploadid
X-Tb
X-Akamai-Request-ID2
HitType
X-Rule
X-CLOUD-TRACE-CONTEXT
X-Zipkin-Id
X-Proxied
X-TIME
X-Routing-Service
X-Parent-Response-Time
Cache-Key
OT-Force-Account-Verify
X-App-Name
X-Protected-By
X-ShardId
X-Nginx-Cache
X-Shopify-Stage
X-Cache-TTL
X-Sorting-Hat-PodId
X-ShopId
X-BACKEND-TTL
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-RateLimit-Limit
X-Kong-Upstream-Latency
X-Dynatrace-Js-Agent
Content-Script-Type
X-Edge-IP
Content-Style-Type
Vix-Hermes-Req-Id
X-Kong-Proxy-Latency
User-Cache-Control
X-Ezoic-Cdn
Accept-Language
X-OVcl
X-OVcl-Cache
L5d-Success-Class
X-Real-IP
NtCoent-Length
X-Pc-Host
X-RTag
X-Pc-Date
Time
Ms-Operation-Id
X-Newrelic-App-Data
X-Cache-Backend
LB
X-Cdn-Forward
X-PERF
X-ApacheServer
X-Real-Ip
X-Webkit-Csp
X-Front
AR-SID
X-Proto
X-GRACE
X-Mshield-Cache-Status
X-Correlation-ID
X-FB-TRIP-ID
X-Mrs-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Amz-Meta-Surrogate-Control
X-Nc
X-Content-Age
Section-Io-Cache
X-Varnish-Cacheable
X-Varnish-Beresp-Grace
X-Debug-Cache
X-Varnish-Beresp-Status
X-Hit
X-CDN-Forward
Country
X-Sucuri-ID
WZWS-RAY
X-Unique-ID
Load-Balancing
X-Ratelimit-Limit
X-Trace-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-Microcachable
X-C
X-MP-GENERATED-AT
Version
X-Hl-Ver
Ohc-File-Size
X-Time
We-Hiring
Access-Control-Request-Headers
X-Varnish-Beresp-Ttl
Mail-Subject
X-Dc
X-Transaction
X-Twitter-Response-Tags
X-Connection-Hash
Warning
X-Device-Os
X-Died
X-Destination
X-Developer
X-CUA
X-CF-Lambda-Fn
X-Cache-URL
IBM-Web2-Location
Is-Eu
X-CF-Lambda-Version
X-Clientip
X-D
X-Dispatcher-Server
X-Crawler
X-Date
Fly-Request-Id
Countrycode
X-G
X-FW-Version
X-Generated-In
X-GeoIP-Country-Code
Arc-Country
BehaviorPad-Version
Cache-Prefix
Ec-Rule-Version
X-From
X-Cache-Id
Frame-Options
X-External-Request-Id
Fly-Cache
Fastly-SWR
Fastly-Backend-Name
Fastly-SIE
X-Fetched-On
X-DPWN-IS-SECURE
Meta-Geo-Continent
Server-Host
Server-ID
X-A-Dgt
SS
SD-X-WS
Rt-Proxy-Cache
Resin-Trace
RNT-Machine
RNT-Time
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Www
V-Age
Viewtype
VivaBuild
X-A
X-A-Ccd
Thinkindot-Control
X-A-Dcw
X-A-Dam
X-A-Wwc
X-Accel-Expires-Debug
Mobile-Detection-Method
Node
X-Bip
X-BB-ID
X-Cache-Debug
Ajk
X-Cache-FS-Status
MD5-Digest
X-Cache-Expires
X-Backend-State
X-B-Cookie
Rendered-Blocks
X-Aed
X-Actual-URL
Release
X-Application
Platform
Powered-By
X-Auto-Login
X-Cache-Host
Adler-Geo
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-S-Maxage
X-PAYTM-SRV-ID
X-Passed-To
X-Org
X-Reboot
X-Trv-Group
X-Node-Id
X-NU-AKA-ACS-Version
X-UE-Client-Country
X-Rebelmouse-Surrogate-Control
X-PHP-Host
X-We-Are-Hiring
X-WebServer
X-Via-SSL
X-Rebelmouse-Cache-Control
X-Var-Ttl
X-RCS-CacheZone
X-Qloud-Router
X-User
X-Release
X-EdgeConnect-Cache-Status
X-Region-Sid
Xc-Version
X-Thinkindot-L3
X-Thanos
X-Store
X-Li-Fabric
X-ScT
X-Served-From
X-Rojux
X-Varnish-Action
X-Returned-From
X-Rewrite-Enabled
X-SRCache-Key
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Server-By
X-Response-By
X-Logtrace-Id
X-Via-Edge
X-Matched-Rule
X-Server-Time
X-Swa-Ws
X-LI-UUID
X-LI-Proto
X-S-Cookie
X-Request-UUID
X-VG-WebServer
X-Li-Pop
X-Ua
X-Variation
X-Cache-Enabled
X-SVT-ORM-RULES
X-Stale
X-SVT-ORM-VERSION
X-Request-Start
X-UnsetCookies
X-Amz-Meta-Cache-Control
Request-Time
X-Gannett-Site-Version
X-Gen-Mode
X-Server-Group
X-TT-LOGID
X-Server-IP
X-P-T
X-Secret
X-Hash
X-IN-WAF
X-Info
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Hnp-Log
X-Layer
X-Location
X-F5-Cache
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Sf
X-Key
X-Block-Status
X-Cache-Bucket
X-CGP
X-ServiceProvider
X-Eu-Site
X-MI-In-Market
X-Epic-Correlation-Id
X-No-Session
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Via-NSCOPI
Who
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
HA-Cloudapp
HA-Geocity
Ha-Gx-Prefs
HA-Host
HA-Urlpath
Heartbleed
Apple-News-Services-Request-Url
HA-Ipaddr
Web-Mar-Node
GW-Server
GMS-Ver
Apple-News-Services-Handled
Content-Disposition
Apple-News-Services-Host
Backend-Name
Apple-News-Services-Parsed-Url
Country-Code
Decoy-Debug-Key
AKAMAI
User-Agent
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
Kp-EeAlive
HA-Servedtime
True-Client-Country-4JS
MI-Cache-Age
On-Server
Pragrma
Origin
MI-API
MI-Cache
Proxy-Connection
Memcached
X-NODE
X-Geo
X-Be
X-Fstrz
X-Distributor
X-MSEdge-Features
X-Page-Type
X-Nginx-Cache-Key
X-Origin-Expires
X-Up
PFcat
X-Origin-Date
X-Instance-Name
X-Irp-Debug
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-Request-URI
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Wikidot-Static-Cache
X-Urbn-Context-Path
X-V
X-Urbn-Site-Id
X-SIPLIST1
X-Rocket-Nginx-Bypass
X-Cache-CFC
X-Policy
X-Platform
X-Wikidot-Backend
Server-Int
Fastly-SSL
Magicmarker
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Pramga
X-Backend-Host
Request-Country
Request-EU
REQUESTUUID
X-Backend-Url
IsBot
X-Distil-CS
X-Developers
Backend
X-Core-Value
Fastly-Soc-X-Request-Id
Locale
CDCHOST
UCS
Uber-Trace-Id
Pagetype
X-Origin-TTL
X-Refresh
X-Cdn-Origin
X-NX-Host
X-Sn-Servicetimems
X-Debug-Cookies
X-Debug-Log
X-ElasticPress-Search
X-Phone
X-Core-Mission
X-Servername
X-NWS-UUID-VERIFY
Group
V-Cache
X-Micro-Cache
X-GeoIP-City
X-VCT
X-Debug-Cache-Fetch
X-Fastly-Cache
X-Debug-Cache-Store
RequestId
X-Svr
X-Debug-Cache-Expiry
X-COUNTRY
X-DC
HitInfo
Host-ID
X-Req
X-VarnCache
X-PARISIEN-Cache-Rendered
X-VarnPar1
X-Generated-On
X-Level-Front-Cache
X-Instart-Info
X-Pjax-Url
X-Newrelic-Synthetics
PageSpeed
X-CACHE-AGE
ServerName
X-NC
Lfy
X-BBXSRF
X-Server-Cache
X-Datadome
X-Powered-By-ANYU
MIME-Version
X-Cdn-Srv
X-Cache-Info
X-EIG-Tracking-Id
Mime-Version
Cache-Provider
Ohc-Response-Time
X-B3-Traceid
X-ARC
Cdn
Memory
PICS-Label
X-Gdpr
Cteonnt-Length
X-TWH-CORRELATION-ID
X-Servedbyhost
X-CMS-Context
Nel
X-LAGOON
X-StackifyID
X-Wa
X-Cluster-Node
CF-IPCountry
X-WR-MODIFICATION
X-Aicache-OS
NGX
X-Fastly-Country-Code
X-Load-Cache
X-HTML-Minification-Powered-By
X-NodeID
X-Sentry-ID
GeoIP-Latitude
FSS-Proxy
FSS-Cache
GeoIP-Country-Code
CDN
X-Ratelimit-Remaining
XServer
X-CSRF-TOKEN
X-Flog
X-VServer
X-Fastly-Backend-Reqs
Geoip-Latitude
GeoIp-Country-Code
X-ABtesting
X-Hello
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-Check-Cacheable
X-WA
X-UPSTREAM-Address
SN
X-FireWall-Port
X-Source
Processtime
Amp-Access-Control-Allow-Source-Origin
X-GZip
X-APP
X-Csrf-Token
X-Varnish-Cache-Hits
TSSecure
X-Generation-Time
X-HOST
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Unique-Id
X-CSRF-Token
CACHE
X-Cache-Miss-From
X-DataStream-Origin-MEX-Latency
WP-Super-Cache
X-DataStream-MidMile-RTT
X-Oss-Request-Id
X-Worker
X-Sedo-Request-Id
X-Oss-Object-Type
X-CDN-Pop
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-MServer
X-CDN-Pop-IP
X-ServedByHost
X-Dynatrace
Pics-Label
URI
A
X-Edge-Server
X-Cache-Grace
X-Nananana
Cdn-Request-Time
X-GDPR
Cdn-Host
PageType
X-SRV
X-Varnish-Authentication
X-Cache-ASPX
X-Skip-Cache
X-VC-Cache
Server-Surrogate-Control
Server-Cache-Control
X-FORWARDED-FOR
X-LJ-Flow-ID
X-AWS-Id
X-ID
DataCenter
X-VWS-Id
X-SplitTest
X-RCS-Backend
X-IPS-LoggedIn
X-Sucuri-Cache
X-HS-Status
X-Port
HTTPS
Odigeo-Trace-Id
X-Backend-TTL
X-Varnish-Url
X-Fastly-Cache-Hits
X-VG-WebCache
X-B3-SpanId
Cache-Hits
X-BE
X-Swift-Error
X-PJAX-URL
Dynatrace
Hostname
X-Owner
X-ND-Cache
X-From-Cache
Get-Access-Time
X-Ms-Lease-Status
X-Bug-Bounty
X-GZIP
X-Instart-Isnd
X-SN
X-Ms-Version
X-Ms-Request-Id
Is-Session-Tracking
X-Pf-Uncompressing
X-Gen-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Ms-Blob-Type
X-Server-W
X-NGINX-Cache
Proxy-Firewall
ProcessTime
X-Cache-Ttl
Requestid
X-ORIG-AKA-EDGE
X-GoCache-CacheStatus
X-VarnPar2
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
Serverid
X-Alicdn-Da-Ups-Status
X-LiteSpeed-Cache-Control
X-PAGE-TYPE
X-Varnish-URL
T-Server
X-SB
WebServer
X-Fe
X-RAMCache
X-ServerName
X-Serial
RequestUuid
X-VC
X-Ms-Lease-State
X-ORIG-AKA-COUNTRY-CODE
X-GEO
X-PF-Uncompressing
X-HTML-Edge-Cache
Xet-Cookie
Powered
NodeID
SID
X-Akamai-ERRuleID
X-CS
X-Cache-Srv
X-Developed-By
Location
X-Dw-Trace-Id
NnCoection
X-Akamai-ERPolicy
X-LiteSpeed-Tag