Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
X-Xss-Protection
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Amz-Cf-Pop
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
CF-Ray
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-FRAME-OPTIONS
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
Access-Control-Max-Age
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Server-Id
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Host
X-Node
X-Cnection
X-Readtime
Report-To
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Trace
X-DataDome
X-Server-Name
X-Px
X-Vhost
X-ESI
X-B3-TraceId
X-GitHub-Request-Id
X-VARITI-CCR
X-MS-InvokeApp
RTSS
X-Cached
X-ORACLE-DMS-RID
Accept-CH
X-Goog-Hash
X-Ruxit-JS-Agent
Charset
SPRequestGuid
X-Vname
X-TtlSet
X-PC
X-Mod-Pagespeed
Public-Key-Pins
X-F-Cache
Verso
X-D2id
X-Server-ID
X-Kinja
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
Pinterest-Generated-By
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Dispatcher
X-Version
X-SharePointHealthScore
X-T
X-TTL
X-Powered-By-Plesk
X-Cdn
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Navigation-Version
X-Origin-Upstream-Status
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
X-Amz-Rid
X-Recruiting
DynaTrace
X-Client-IP
Realpath
X-HW
SPIisLatency
SPRequestDuration
X-Ttl
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Upstream
X-Vcap-Request-Id
Content-MD5
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
Edge-Cache-Tag
X-Oracle-Dms-Rid
X-N
Arr-Disable-Session-Affinity
X-Hits
X-Varnish-Age
X-Debug
X-Oneagent-Js-Injection
MRF-Tech
X-Goog-Storage-Class
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-NF-Request-ID
X-MSEdge-Ref
TCN
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-NewRelic-App-Data
X-Aspnet-Version
X-Id
X-Via-JSL
S
X-ATG-Version
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
Service-Worker-Allowed
X-XRDS-Location
X-Logged-In
X-FTR-Expires
X-Dns-Prefetch-Control
Alternate-Protocol
X-HS-Hub-Id
X-Cache-Key
X-Forwarded-For
X-HS-Content-Id
Rt-Fastcgi-Cache
X-PressLabs-Stats
Tracecode
X-Frontend
Surrogate-Key
X-Kinsta-Cache
X-Content-Digest
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-Pad
MicrosoftSharePointTeamServices
Fastly-Restarts
X-FTR-Cache-Host
X-Litespeed-Cache
X-Grace
X-RateLimit-Remaining
X-Content-Options
Ar-Sid
X-Edge-Location
Server-Name
Fastcgi-Cache
X-CF-Powered-By
X-Amzn-Trace-Id
X-Analytics
Backend-Timing
FilterID
Host
TP-Cache
TP-L2-Cache
X-Rid
X-User-Agent
X-Cache-2
X-Debug-Info
X-Magnolia-Registration
X-Hostname
X-Whom
ServerID
X-B3-Sampled
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Request-Received
X-Request-Processing-Time
X-Mobile
AR-Request-ID
X-Srv
X-NWS-LOG-UUID
Paypal-Debug-Id
Front-End-Https
X-Akam-SW-Version
X-AOL-HN
X-VCache
X-Content-Powered-By
Retry-After
X-HS-Cache-Config
X-B-Cache
X-Signature
Refresh
Source
X-Cache-Action
X-Cluster
X-Device-Type
X-LB-Cache
X-Handled-By
X-Cache-Hit
Cleartype
X-WA-Info
X-Framework
X-Request-Guid
X-FB-Debug
X-Instance
X-App-Environment
X-Cache-Control
X-SS-Set-Cookie
X-Tumblr-Pixel
X-BCube-Filmed-By
X-Tumblr-User
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Varnish-Hostname
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-XRDS-LOCATION
X-GUploader-UploadID
X-Akamai-Edgescape
X-Correlation-Id
Webserver
X-Fastcgi-Cache
X-Middleton-Display
Display
X-Zen-Fury
X-Sol
X-Varnish-Backend
X-TA-CDN-Provider
X-Activity-Id
X-Az
X-AppVersion
X-Daa-Tunnel
X-Content-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Server
Healthy
X-Cache-Rule
X-Varnish-Server
Response
X-Middleton-Response
X-Cache-Age
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Wix-Request-Id
X-Seen-By
ViewerVersion
X-Cached-By
X-Generated-By
X-App-Server
S-Cnection
X-Geo-Country
Server-Node
X-URL
X-TT
Cache-Status
X-Origin-Server
X-Amz-Replication-Status
Upgrade-Insecure-Requests
X-Accel-Expires
X-DataStream-Cache-Status
X-Amzn-RequestId
X-Amz-Apigw-Id
Payment
X-Response-Served-From
X-CACHE-GROUP
Accept-Charset
NGB
X-UA-Device-Type
GEO-INFO
Filters
X-S
X-Locale
X-Cacheable-TTL
X-Status
X-Contextid
X-RequestSource
X-Varnish-IP
X-Servedby
X-Edge-Cache
X-Cache-NE
Viewport
Actual-Object-TTL
ServedBy
X-Edge-Cache-Key
X-Esi
Access-Control-Allow-Method
X-Tumblr-Pixel-2
X-Varnish-Hits
X-Tumblr-Pixel-1
X-Jobs
X-Node-Name
X-TX-ID
X-TT-TIMESTAMP
X-FW-Serve
X-FW-Server
X-UUID
X-FW-Hash
X-Amz-Server-Side-Encryption
X-FW-Type
X-FW-Static
AsisCache
X-WPE-Loopback-Upstream-Addr
X-GeoIP
X-WebKit-CSP-Report-Only
Server-Info
X-Adobe-Loc
X-Adobe-Content
X-Storage
Host-Header
X-PHP-Backend
HostName
MS-CV
X-Rendered-As
Cache-Tv-Group
Cache
X-Cache-TTL-Remaining
SRV
X-Cache-Remote
From-Origin
X-APP-VERSION
X-Croise-Owner
X-Hyper-Cache
X-Region
X-Cache-Operation
X-Vg-Webcache
X-App-Version
X-Redis-Cache
X-Webkit-CSP
Served-By
Cache-Tag
Public-Key-Pins-Report-Only
Liferay-Portal
DC
X-Forwarded-Host
X-UA
X-HS-Combine-CSS
X-Dynatrace-Js-Agent
X-Mode
X-TIME
X-Guploader-Uploadid
X-Timing-Wait
X-Webstats-RespID
X-NGENIX-Cache
X-Proxy-Build
Powered-By-ChinaCache
X-Path-Route
X-Loop
X-Human
X-TNCMS
X-Detected-As
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-Request-Time
Meta-Geo
Machine
X-Agile-Id
X-Generated
X-Hosted-By
X-Is-Bot
X-Upgrade-Enabled
X-IP
X-Site-Version
X-Agile-Age
X-Agile
Selected-FE
X-Akamai-Transformed
Origin-Edge-Control
X-Endurance-Cache-Level
X-Pc-Hit
Origin-Cache-Control
X-Cache-Category-Id
X-Pc-Key
X-Original-Request
X-Internal-Host
X-NCache
X-Labrador-Cache-Channel
X-Grey
X-CDN-Cache
X-Pc-Appver
X-BYPASS-REASON
X-JoinUs
Cache-Name
Now
X-Vgn-Hpd-Reason
X-Upstream-HT
X-Yottaa-Optimizations
X-B3-Spanid
X-ProxyCache-Key
X-Yottaa-Metrics
X-Web-Node
X-ProxyCache-Status
X-Upstream-CT
X-Via-Fastly
X-PCL
X-FC-Vary-Parameters
X-Format
X-Origin
X-Birta-Served
S-Rt
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Birta-Cache-Post
X-Pubstack
X-RemovedCookies
DB-Nickname
X-Environment-Context
X-OCL
X-Proxy
X-L-Path
X-ProcessESI
X-Viewer-Country
X-VG-TLSProxy
X-Origin-Host
X-Xfnlog-Site
Fastcgi-X-Cache
X-Www-Served-By
X-Cache-Config
X-Via-CDN
X-Access
X-Section
X-Rule
X-Backend-Name
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Origin-Response-Time
X-Origin-CC
X-ServerID
X-Tb
Pagespeed
X-CCM
X-Ocache
Datacenter
Cache-Tags
X-Akamai-Request-ID
Azure-RegionName
X-Proxied
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
Mn-Server-Ip
Azure-Version
Azure-SiteName
Azure-SlotName
X-Origin-Hint
Azure-InstanceId
X-Routing-Service
TWC-Privacy
X-Zipkin-Id
TWC-Connection-Speed
Xserver
HitType
TWC-Locale-Group
Property-Id
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-App-Name
X-BACKEND-TTL
Cache-Key
Content-Style-Type
X-Protected-By
Content-Script-Type
OT-Force-Account-Verify
X-Kong-Proxy-Latency
X-Akamai-Request-ID2
X-Kong-Upstream-Latency
X-Cache-TTL
X-Parent-Response-Time
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-Edge-IP
Vix-Hermes-Req-Id
X-CLOUD-TRACE-CONTEXT
User-Cache-Control
X-Alternate-Cache-Key
X-Ezoic-Cdn
X-Nginx-Cache
X-OVcl-Cache
X-OVcl
X-CACHE-KEY
NtCoent-Length
Time
L5d-Success-Class
X-RTag
Ms-Operation-Id
X-Pc-Date
X-Real-Ip
X-Pc-Host
Accept-Language
X-ApacheServer
X-Cache-Backend
X-Correlation-ID
X-PERF
X-Real-IP
X-RateLimit-Limit
X-Amz-Meta-Surrogate-Control
X-Mrs-Age
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Mrs-Cache
LB
X-Newrelic-App-Data
X-Mshield-Cache-Status
X-Proto
X-Ratelimit-Limit
X-Cdn-Forward
X-FB-TRIP-ID
X-Front
X-Webkit-Csp
AR-SID
X-CDN-Forward
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Cacheable
X-Content-Age
X-Debug-Cache
Country
Section-Io-Cache
X-Nc
X-Hit
Load-Balancing
X-Sucuri-ID
WZWS-RAY
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-Trace-Id
Fusion-Component-Id
Fusion-Content-Source
X-Varnish-Beresp-Ttl
X-Unique-ID
X-Microcachable
Ohc-File-Size
X-Hl-Ver
X-MP-GENERATED-AT
Mail-Subject
Version
We-Hiring
X-Dc
X-GRACE
Access-Control-Request-Headers
X-EdgeConnect-Cache-Status
X-Connection-Hash
X-Transaction
X-Cache-Enabled
X-C
X-Twitter-Response-Tags
Warning
X-Auto-Login
X-Application
X-B-Cookie
X-Returned-From
X-BB-ID
X-Backend-State
X-Aed
X-SRCache-Key
X-A-Wwc
X-Accel-Expires-Debug
X-Actual-URL
X-A-Dgt
X-Returned-From-BeforeDispatch
X-A-Dam
Powered-By
Platform
X-Swa-Ws
Release
Rendered-Blocks
RNT-Machine
Resin-Trace
Node
Mobile-Detection-Method
IBM-Web2-Location
X-Thanos
Is-Eu
MD5-Digest
Meta-Geo-Continent
Memcached
RNT-Time
Rt-Proxy-Cache
VivaBuild
Viewtype
V-Age
Www
X-A
X-Response-By
X-A-Ccd
X-Store
Thinkindot-Control
Server-Host
SD-X-WS
Server-ID
SS
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-A-Dcw
X-Cache-URL
X-Li-Pop
X-Li-Fabric
X-PHP-Host
X-LI-Proto
X-LI-UUID
X-PAYTM-SRV-ID
X-Returned-From-PostProcessResponse
X-Layer
X-RCS-CacheZone
X-G
X-Generated-In
X-GeoIP-Country-Code
X-Qloud-Router
X-Server-Time
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Rojux
X-Node-Id
X-S-Cookie
X-S-Maxage
X-ScT
X-NU-AKA-ACS-Version
X-Served-From
X-Server-By
X-Passed-To
X-Passed-To-BeforeDispatch
X-Rewrite-Enabled
X-Logtrace-Id
X-Matched-Rule
X-FW-Version
X-Thinkindot-L3
X-Org
X-Release
X-CF-Lambda-Fn
X-Region-Sid
X-Crawler
X-CF-Lambda-Version
X-Cache-Id
X-Cache-Host
X-Cache-Bucket
X-Bip
X-Cache-Debug
X-Cache-Expires
X-Cache-FS-Status
X-Reboot
X-CUA
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-External-Request-Id
X-Fetched-On
X-From
X-Rebelmouse-Cache-Control
X-Died
X-Rebelmouse-Surrogate-Control
X-Date
X-D
X-Destination
X-Developer
X-Device-Os
X-Request-UUID
Fly-Cache
BehaviorPad-Version
Arc-Country
Ajk
Adler-Geo
Cache-Prefix
Ec-Rule-Version
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
X-User
X-Var-Ttl
X-We-Are-Hiring
User-Agent
X-WebServer
X-Trv-Group
X-Via-SSL
X-Via-Edge
X-Variation
X-Varnish-Action
X-VG-WebServer
X-Returned-From-DLL
Xc-Version
Frame-Options
Fly-Request-Id
X-UE-Client-Country
X-Geo
HA-Geolat
HA-Geolon
X-IN-WAF
X-Key
X-Via-NSCOPI
HA-Geocountry
X-P-T
X-Block-Status
X-Info
X-Amz-Meta-Cache-Control
X-MI-In-Market
HA-Servedtime
HA-Urlpath
HA-Ipaddr
X-Location
HA-Georegion
Ha-Gx-Prefs
HA-Host
HA-Geocity
GW-Server
X-ServiceProvider
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gannett-Site-Version
X-Sf
X-F5-Cache
X-Epic-Correlation-Id
X-Eu-Site
Request-Time
X-Gen-Mode
X-Clientip
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-TT-LOGID
X-Hnp-Log
X-Server-IP
X-CGP
GMS-Ver
X-Hash
HA-Cloudapp
X-Server-Group
Decoy-Debug-Status
Decoy-Debug-TTL
Proxy-Connection
Pramga
X-Proxy-Cache-Status
Decoy-Debug-Key
Content-Disposition
Web-Mar-Node
Countrycode
X-Proxy-Upstream
Esi-Enabled
MI-Cache-Age
MI-Cache
MI-API
X-Request-Start
Kp-EeAlive
X-SVT-ORM-VERSION
Origin
On-Server
X-UnsetCookies
Country-Code
X-Secret
X-Rocket-Nginx-Bypass
X-Stale
X-No-Session
AKAMAI
Heartbleed
True-Client-Country-4JS
X-SVT-ORM-RULES
Backend
X-Be
X-Up
X-Distributor
X-Planisys-CDN-Cache
X-Phone
X-Policy
X-Request-URI
X-Planisys-CDN-Rules
X-Cache-CFC
X-Fstrz
X-Planisys-CDN-TTL
X-Irp-Debug
X-Page-Type
X-Time
X-Origin-Date
X-Nginx-Cache-Key
X-Platform
PFcat
X-Origin-Expires
Magicmarker
X-ElasticPress-Search
Who
X-V
X-Backend-Host
X-SIPLIST1
X-Backend-Url
Apple-News-Services-Handled
X-Distil-CS
Pragrma
IsBot
REQUESTUUID
Backend-Name
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Core-Value
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Fastly-SSL
Server-Int
Cache-Cookie-Set-From
X-NODE
Pagetype
Uber-Trace-Id
X-Origin-TTL
X-NX-Host
X-Refresh
X-Debug-Cookies
X-Wikidot-Backend
X-MSEdge-Flight
X-Debug-Log
CDCHOST
X-Core-Mission
X-Developers
Request-EU
X-Wikidot-Static-Cache
Request-Country
X-Fastly-Cache
UCS
Fastly-Soc-X-Request-Id
X-Servername
X-MSEdge-Features
X-Instance-Name
X-Sn-Servicetimems
Locale
X-Urbn-Site-Id
X-Cdn-Origin
X-Urbn-Context-Path
X-Ua
X-Debug-Cache-Store
X-Svr
PageSpeed
X-NWS-UUID-VERIFY
X-Debug-Cache-Fetch
X-Micro-Cache
RequestId
X-Debug-Cache-Expiry
V-Cache
X-Newrelic-Synthetics
Group
X-Instart-Info
X-COUNTRY
X-Level-Front-Cache
X-Generated-On
X-NC
X-DC
X-Pjax-Url
X-GeoIP-City
X-VCT
HitInfo
X-Req
ServerName
Host-ID
X-PARISIEN-Cache-Rendered
Lfy
X-VarnCache
X-VarnPar1
MIME-Version
X-CACHE-AGE
X-Server-Cache
X-Cache-Info
Ohc-Response-Time
X-Cdn-Srv
X-ARC
X-BBXSRF
Mime-Version
X-Powered-By-ANYU
X-Datadome
PICS-Label
Cache-Provider
Memory
X-B3-Traceid
X-Gdpr
X-EIG-Tracking-Id
Cteonnt-Length
Cdn
X-CMS-Context
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Ratelimit-Remaining
Nel
CF-IPCountry
X-LAGOON
X-Cluster-Node
NGX
X-Fastly-Country-Code
X-Aicache-OS
X-WR-MODIFICATION
X-Load-Cache
CDN
X-StackifyID
X-Wa
XServer
X-NodeID
X-WA
Geoip-Latitude
X-Sentry-ID
GeoIp-Country-Code
FSS-Proxy
FSS-Cache
X-HTML-Minification-Powered-By
X-CSRF-TOKEN
X-VServer
X-UPSTREAM-Address
X-Fastly-Backend-Reqs
GeoIP-Latitude
GeoIP-Country-Code
X-Flog
X-Hello
X-ABtesting
Cf-Ipcountry
X-Check-Cacheable
X-Varnish-Beresp-TTL
SN
X-Source
CACHE
X-FireWall-Port
X-Unique-Id
X-GZip
X-RateLimit-Limit-Second
X-APP
X-Varnish-Cache-Hits
X-RateLimit-Remaining-Second
X-CSRF-Token
X-Generation-Time
Amp-Access-Control-Allow-Source-Origin
Processtime
X-Csrf-Token
WP-Super-Cache
X-Nananana
X-Cache-Miss-From
X-Sedo-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-ServedByHost
TSSecure
X-HOST
URI
X-DataStream-Origin-MEX-Latency
X-Worker
X-MServer
X-Cache-Grace
X-CDN-Pop
X-CDN-Pop-IP
X-DataStream-MidMile-RTT
A
X-Varnish-Authentication
Cdn-Host
PageType
X-Cache-ASPX
Server-Cache-Control
X-Edge-Server
X-Dynatrace
Server-Surrogate-Control
Cdn-Request-Time
X-SRV
X-RCS-Backend
X-VC-Cache
Pics-Label
X-IPS-LoggedIn
X-FORWARDED-FOR
X-Skip-Cache
X-GDPR
X-VG-WebCache
X-AWS-Id
X-VWS-Id
DataCenter
X-ID
X-SplitTest
X-LJ-Flow-ID
X-HS-Status
X-Varnish-Url
X-Sucuri-Cache
X-Port
HTTPS
Hostname
X-ND-Cache
X-Fastly-Cache-Hits
X-Backend-TTL
X-B3-SpanId
X-Instart-Isnd
Odigeo-Trace-Id
Cache-Hits
X-BE
X-Swift-Error
X-Owner
Is-Session-Tracking
Get-Access-Time
X-From-Cache
X-Pf-Uncompressing
X-GoCache-CacheStatus
X-PJAX-URL
Dynatrace
X-NGINX-Cache
X-Bug-Bounty
X-SN
Proxy-Firewall
X-Gen-Id
X-Ms-Blob-Type
X-Amzn-Remapped-Date
X-Ms-Version
X-Ms-Request-Id
X-Amzn-Remapped-Connection
X-GZIP
X-Ms-Lease-Status
X-VarnPar2
X-Server-W
X-ORIG-AKA-EDGE
Powered
Requestid
ProcessTime
X-Cache-Ttl
X-Akamai-SSL-Client-Sid
Serverid
X-Amz-Meta-S3b-Last-Modified
X-LiteSpeed-Cache-Control
X-Varnish-URL
X-PAGE-TYPE
X-ServerName
Correlation-Id
X-GEO
X-Ms-Lease-State
X-Alicdn-Da-Ups-Status
X-Serial
X-RAMCache
WebServer
X-ORIG-AKA-COUNTRY-CODE
X-VC
T-Server
RequestUuid
X-Fe
X-SB
Xet-Cookie
X-HTML-Edge-Cache
Location
X-Akamai-ERPolicy
NnCoection
X-Cache-Srv
X-Akamai-ERRuleID
NodeID
X-Dw-Trace-Id
SID
X-LiteSpeed-Tag
X-CS
X-Developed-By