Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Server-Id
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-OneAgent-JS-Injection
X-Node
X-Host
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-DataDome
X-Vhost
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-Server-Name
X-VARITI-CCR
RTSS
Accept-CH
X-MS-InvokeApp
X-ESI
X-Ruxit-JS-Agent
X-Cached
X-Goog-Hash
Charset
X-Server-ID
SPRequestGuid
X-TTL
X-PC
X-TtlSet
X-Vname
X-Mod-Pagespeed
Verso
X-D2id
Public-Key-Pins
X-F-Cache
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
Pinterest-Generated-By
X-Kinja-Revision
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-Dispatcher
X-Version
X-Cdn
X-SharePointHealthScore
X-T
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Abt-Application-Version
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
Pinterest-Version
X-Upstream-Env
X-Origin-Upstream-Status
X-Pinterest-Rid
X-Navigation-Version
X-Shield-Request-Id
X-Forwarded-Proto
X-B
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
X-Recruiting
DynaTrace
MS-Author-Via
Realpath
X-Client-IP
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Upstream
X-Vcap-Request-Id
Nginx-Cache
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Content-MD5
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Ttl
Edge-Cache-Tag
Arr-Disable-Session-Affinity
X-N
X-Hits
X-Varnish-Age
X-Debug
X-Goog-Storage-Class
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Oracle-Dms-Rid
X-Aspnet-Version
X-NF-Request-ID
X-MSEdge-Ref
TCN
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-Id
X-Via-JSL
S
X-XRDS-Location
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
Service-Worker-Allowed
X-NewRelic-App-Data
X-ATG-Version
X-FTR-Expires
X-Logged-In
X-Oneagent-Js-Injection
Alternate-Protocol
X-FastCGI-Cache
Surrogate-Key
X-HS-Content-Id
Tracecode
X-HS-Hub-Id
X-Frontend
Rt-Fastcgi-Cache
X-Forwarded-For
X-Kinsta-Cache
X-Cache-Key
X-PressLabs-Stats
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-Pad
Fastly-Restarts
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-Grace
X-Content-Options
X-Edge-Location
Server-Name
X-Ruxit-Js-Agent
X-CF-Powered-By
X-Amzn-Trace-Id
Backend-Timing
X-RateLimit-Remaining
X-Analytics
Ar-Sid
Host
FilterID
TP-L2-Cache
TP-Cache
X-Rid
X-User-Agent
X-Cache-2
Fastcgi-Cache
X-Magnolia-Registration
X-Debug-Info
X-Whom
X-B3-Sampled
ServerID
X-Hostname
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Page-Id
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-NWS-LOG-UUID
X-Srv
AR-Request-ID
Paypal-Debug-Id
X-Akam-SW-Version
X-VCache
X-AOL-HN
X-Content-Powered-By
Front-End-Https
Retry-After
X-Litespeed-Cache
X-B-Cache
X-GUploader-UploadID
Refresh
X-Signature
X-Device-Type
X-LB-Cache
X-Cluster
Source
X-Cache-Action
X-Request-Guid
X-Framework
X-Instance
X-Cache-Control
Cleartype
X-App-Environment
X-HS-Cache-Config
X-Handled-By
X-FB-Debug
X-Varnish-Hostname
X-WA-Info
X-SS-Set-Cookie
X-BCube-Filmed-By
X-Varnish-Grace
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Platform-Server
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-TA-CDN-Provider
X-Correlation-Id
Webserver
X-Sol
X-Zen-Fury
X-Esi
Display
X-Middleton-Display
X-Varnish-Backend
X-Activity-Id
X-XRDS-LOCATION
X-AppVersion
X-Az
X-Daa-Tunnel
X-Content-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Healthy
X-Cache-Server
X-Fastcgi-Cache
X-Cache-Rule
Response
X-Middleton-Response
X-Varnish-Server
X-Drupal-Cache-Tags
ViewerVersion
X-Seen-By
X-Wix-Request-Id
X-Drupal-Cache-Contexts
X-URL
X-Cached-By
X-App-Server
X-Generated-By
Upgrade-Insecure-Requests
X-Geo-Country
X-TT
Server-Node
S-Cnection
X-Origin-Server
X-Amz-Replication-Status
X-Cache-Age
X-Accel-Expires
X-DataStream-Cache-Status
X-CACHE-GROUP
Cache-Status
X-Amzn-RequestId
X-Amz-Apigw-Id
Payment
Accept-Charset
X-UA-Device-Type
X-S
GEO-INFO
Filters
X-Response-Served-From
X-Edge-Cache
X-Contextid
X-Servedby
X-Adobe-Content
X-Edge-Cache-Key
X-Adobe-Loc
X-Locale
X-Cacheable-TTL
X-Status
X-UUID
Viewport
Access-Control-Allow-Method
X-RequestSource
Actual-Object-TTL
NGB
X-Jobs
X-Cache-NE
X-Varnish-IP
X-FW-Type
X-FW-Server
X-TX-ID
X-FW-Static
X-Varnish-Hits
ServedBy
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-FW-Serve
X-FW-Hash
X-Tumblr-Pixel-1
AsisCache
Server-Info
X-Node-Name
X-Amz-Server-Side-Encryption
X-WPE-Loopback-Upstream-Addr
X-WebKit-CSP-Report-Only
X-Storage
X-GeoIP
HostName
X-Dns-Prefetch-Control
Cache-Tv-Group
X-PHP-Backend
Cache
X-Cache-TTL-Remaining
Host-Header
X-Croise-Owner
X-Cache-Remote
X-Rendered-As
MS-CV
SRV
From-Origin
X-Region
X-APP-VERSION
X-Cache-Operation
X-Hyper-Cache
X-Vg-Webcache
X-App-Version
X-Webkit-CSP
X-Redis-Cache
Served-By
Cache-Tag
X-Dynatrace-Js-Agent
Liferay-Portal
Public-Key-Pins-Report-Only
DC
X-Forwarded-Host
X-HS-Combine-CSS
X-Mode
X-Cache-Var-Map
X-Timing-Wait
X-Site-Version
X-TNCMS
X-Upgrade-Enabled
X-Loop
X-RN-RSRV
X-NGENIX-Cache
X-Akamai-Transformed
X-Path-Route
X-Proxy-Build
X-Request-Time
X-Webstats-RespID
Machine
X-Endurance-Cache-Level
X-Cache-Var
X-Agile-Id
X-Agile-Age
X-Detected-As
X-Generated
X-Is-Bot
X-IP
Selected-FE
X-Hosted-By
X-Agile
Meta-Geo
X-Origin
X-Labrador-Cache-Channel
X-L-Path
X-JoinUs
X-Pc-Appver
X-Pc-Hit
X-ProxyCache-Status
X-ProxyCache-Key
X-Pc-Key
X-Internal-Host
X-Human
X-BYPASS-REASON
Now
Origin-Cache-Control
Origin-Edge-Control
X-Cache-Category-Id
X-CDN-Cache
X-Grey
X-Environment-Context
Cache-Name
Powered-By-ChinaCache
X-NCache
X-B3-Spanid
Xserver
X-Upstream-CT
X-Upstream-HT
X-Via-Fastly
X-VG-TLSProxy
X-Web-Node
DB-Nickname
X-Origin-Host
X-Viewer-Country
X-OCL
X-Origin-Response-Time
X-FC-Vary-Parameters
X-Vgn-Hpd-Reason
X-Original-Request
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Format
X-Birta-Served
X-Pubstack
X-Tumblr-Pixel-3
X-UA
X-RemovedCookies
S-Rt
X-ServerID
X-Akamai-Request-ID
X-Time-Microsecs
X-Tb
X-Birta-Cache-Post
X-PCL
X-Proxy
X-ProcessESI
Fastcgi-Useragent
X-App-Name
Cache-Tags
X-Xfnlog-Site
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Mn-Server-Ip
X-Backend-Name
X-Cache-Config
X-Guploader-Uploadid
X-CCM
Azure-RegionName
X-Rule
X-BACKEND-TTL
X-Ocache
Azure-Version
X-Section
X-Via-CDN
X-Access
Azure-SiteName
Azure-InstanceId
Azure-SlotName
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-Region
X-Origin-Hint
Datacenter
X-Www-Served-By
HitType
Pagespeed
X-Zipkin-Id
Property-Id
X-Routing-Service
X-Proxied
X-TIME
X-Newrelic-App-Data
Cache-Key
X-Origin-CC
X-Kong-Proxy-Latency
Content-Style-Type
X-Kong-Upstream-Latency
Content-Script-Type
User-Cache-Control
Vix-Hermes-Req-Id
OT-Force-Account-Verify
X-Protected-By
X-Parent-Response-Time
X-Edge-IP
X-Akamai-Request-ID2
X-Nginx-Cache
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-CACHE-KEY
X-Cache-TTL
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Ezoic-Cdn
X-Correlation-ID
NtCoent-Length
X-Real-Ip
X-OVcl-Cache
X-OVcl
Time
Ms-Operation-Id
X-RTag
L5d-Success-Class
Accept-Language
X-Pc-Date
X-ApacheServer
X-PERF
X-Pc-Host
X-Cache-Backend
X-Cdn-Forward
X-FB-TRIP-ID
X-Ratelimit-Limit
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Front
X-Unique-Id-Primal
AR-SID
X-Webkit-Csp
X-Mrs-Age
X-Amz-Meta-Surrogate-Control
X-RateLimit-Limit
LB
X-CDN-Forward
X-Real-IP
X-Proto
X-Content-Age
Country
Section-Io-Cache
X-Varnish-Cacheable
Load-Balancing
X-Debug-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Sucuri-ID
WZWS-RAY
X-Nc
Ohc-File-Size
X-Unique-ID
X-Hit
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Trace-Id
Fusion-Component-Id
Fusion-Template-Id
X-Varnish-Beresp-Ttl
X-Hl-Ver
X-GRACE
X-MP-GENERATED-AT
Version
Mail-Subject
X-Microcachable
Warning
We-Hiring
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
User-Agent
X-Time
Access-Control-Request-Headers
X-C
Node
VivaBuild
Viewtype
Platform
X-A-Wwc
Meta-Geo-Continent
X-A-Dgt
X-Cache-Expires
X-Cache-Host
Is-Eu
X-Cache-URL
X-A-Dam
X-CF-Lambda-Fn
IBM-Web2-Location
X-Cache-Id
X-A-Ccd
X-Cache-FS-Status
Memcached
Rendered-Blocks
X-A
MD5-Digest
Www
V-Age
X-Application
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
SD-X-WS
X-Auto-Login
Server-ID
Thinkindot-CacheControl
X-Backend-State
X-B-Cookie
SS
X-A-Dcw
X-CF-Lambda-Version
X-Cache-Debug
X-Cache-Bucket
X-Cache-Enabled
RNT-Machine
Resin-Trace
X-Bip
X-Accel-Expires-Debug
X-Aed
Rt-Proxy-Cache
RNT-Time
X-BB-ID
Request-Time
X-VG-WebServer
X-NU-AKA-ACS-Version
X-Node-Id
X-Matched-Rule
X-Org
X-P-T
X-SRCache-Key
X-Store
X-Logtrace-Id
X-LI-UUID
X-Transaction
X-Trv-Group
X-LI-Proto
Frame-Options
X-Thanos
X-Thinkindot-L3
X-Server-Time
X-Server-By
X-Rojux
X-S-Cookie
X-S-Maxage
X-Rewrite-Enabled
X-Region-Sid
X-Request-UUID
X-Release
X-ScT
X-Reboot
X-Served-From
X-PAYTM-SRV-ID
X-PHP-Host
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-TT-LOGID
X-Li-Pop
X-WebServer
X-Dispatcher-Server
X-Died
X-DPWN-IS-SECURE
X-We-Are-Hiring
X-Via-Edge
X-Via-SSL
Xc-Version
X-Device-Os
X-CUA
X-Crawler
X-D
X-Date
X-Developer
X-Destination
X-Response-By
X-Varnish-Action
X-Li-Fabric
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Var-Ttl
X-User
X-Twitter-Response-Tags
X-UE-Client-Country
X-Variation
X-GeoIP-Country-Code
X-Fetched-On
X-External-Request-Id
X-From
X-FW-Version
X-Generated-In
X-G
X-Connection-Hash
Mobile-Detection-Method
Fly-Request-Id
X-Via-NSCOPI
BehaviorPad-Version
X-Ua
Arc-Country
Ec-Rule-Version
Fastly-SWR
Ajk
Cache-Prefix
Fastly-SIE
Fastly-Backend-Name
Adler-Geo
Fly-Cache
X-Geo
AKAMAI
X-Actual-URL
X-SVT-ORM-RULES
X-Info
X-Epic-Correlation-Id
Backend
True-Client-Country-4JS
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-UnsetCookies
X-Origin-Expires
X-Swa-Ws
X-F5-Cache
Web-Mar-Node
Cache-Cookie-Set-From
X-SVT-ORM-VERSION
X-Eu-Site
X-Passed-To
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rocket-Nginx-Bypass
X-Request-Start
X-CGP
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Qloud-Router
X-Clientip
X-Secret
X-Server-Group
X-Passed-To-DLL
X-Sf
X-Distributor
X-Passed-To-BeforeDispatch
X-Up
X-Passed-To-PostProcessResponse
X-ServiceProvider
X-Cache-CFC
X-Server-IP
X-Block-Status
X-Phone
X-Amz-Meta-Cache-Control
Server-Int
X-Hash
X-Key
HA-Urlpath
HA-Servedtime
HA-Ipaddr
Kp-EeAlive
X-Layer
MI-API
X-Dc
Fastly-SSL
Magicmarker
HA-Host
Ha-Gx-Prefs
GMS-Ver
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-IN-WAF
HA-Cloudapp
HA-Geocity
HA-Georegion
HA-Geolon
HA-Geolat
HA-Geocountry
MI-Cache
PFcat
X-No-Session
X-Fstrz
Decoy-Debug-TTL
X-Nginx-Cache-Key
MI-Cache-Age
Decoy-Debug-Status
Decoy-Debug-Key
X-Origin-Date
Content-Disposition
Country-Code
Countrycode
X-Gannett-Site-Version
Release
Esi-Enabled
On-Server
X-MI-In-Market
X-Location
Powered-By
Origin
X-Gen-Mode
X-NODE
Pagetype
X-Platform
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Irp-Debug
X-MSEdge-Features
X-Fastly-Cache
X-MSEdge-Flight
X-Distil-CS
X-Page-Type
X-Policy
Apple-News-Services-Handled
GW-Server
REQUESTUUID
X-Core-Value
Backend-Name
Who
Heartbleed
X-V
IsBot
Pragrma
Pramga
Proxy-Connection
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Backend-Host
Apple-News-Services-Host
X-Backend-Url
X-Request-URI
X-Core-Mission
X-SIPLIST1
X-ElasticPress-Search
X-Stale
X-Be
X-DC
X-Debug-Cache-Expiry
X-Micro-Cache
X-Svr
X-Debug-Cache-Fetch
X-Instance-Name
X-Debug-Cache-Store
X-Urbn-Site-Id
X-Sn-Servicetimems
X-Servername
X-Refresh
X-Urbn-Context-Path
X-NX-Host
X-Wikidot-Backend
PageSpeed
X-CACHE-AGE
X-Wikidot-Static-Cache
X-Origin-TTL
Fastly-Soc-X-Request-Id
X-Cdn-Origin
Locale
X-Debug-Log
Request-Country
Request-EU
UCS
Uber-Trace-Id
CDCHOST
X-Developers
X-Debug-Cookies
X-Level-Front-Cache
X-Generated-On
X-Instart-Info
X-COUNTRY
X-NC
X-Newrelic-Synthetics
X-NWS-UUID-VERIFY
V-Cache
Group
X-VarnCache
X-GeoIP-City
X-VCT
RequestId
X-PARISIEN-Cache-Rendered
X-VarnPar1
Lfy
Host-ID
X-Pjax-Url
MIME-Version
X-Req
ServerName
X-Server-Cache
X-Cdn-Srv
HitInfo
Ohc-Response-Time
X-Cache-Info
X-ARC
X-Datadome
Memory
X-Ratelimit-Remaining
Cache-Provider
X-BBXSRF
Cteonnt-Length
X-Powered-By-ANYU
PICS-Label
Mime-Version
X-Gdpr
Cdn
X-EIG-Tracking-Id
X-CMS-Context
X-TWH-CORRELATION-ID
X-Servedbyhost
Nel
X-LAGOON
X-WR-MODIFICATION
CF-IPCountry
NGX
X-Aicache-OS
X-Wa
X-Load-Cache
X-StackifyID
CDN
X-B3-Traceid
X-Cluster-Node
GeoIP-Country-Code
X-Fastly-Country-Code
GeoIP-Latitude
XServer
FSS-Proxy
X-Sentry-ID
X-NodeID
X-Fastly-Backend-Reqs
X-CSRF-TOKEN
FSS-Cache
X-HTML-Minification-Powered-By
X-UPSTREAM-Address
Cf-Ipcountry
X-Check-Cacheable
X-Flog
X-Hello
X-ABtesting
X-VServer
X-WA
X-FireWall-Port
Geoip-Latitude
GeoIp-Country-Code
X-Varnish-Cache-Hits
Processtime
X-Generation-Time
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
SN
X-Varnish-Beresp-TTL
Amp-Access-Control-Allow-Source-Origin
X-Source
X-Csrf-Token
X-Unique-Id
X-GZip
X-Cache-Miss-From
X-Sedo-Request-Id
X-HOST
X-APP
WP-Super-Cache
CACHE
X-CSRF-Token
X-Nananana
X-Oss-Object-Type
X-CDN-Pop-IP
X-Cache-Grace
X-CDN-Pop
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-ServedByHost
TSSecure
Cdn-Host
X-DataStream-MidMile-RTT
X-Edge-Server
X-MServer
Cdn-Request-Time
X-Varnish-Authentication
X-Dynatrace
Server-Surrogate-Control
X-Cache-ASPX
X-Worker
Server-Cache-Control
X-DataStream-Origin-MEX-Latency
X-SRV
X-Skip-Cache
X-GDPR
X-RCS-Backend
X-VC-Cache
URI
X-VG-WebCache
A
Pics-Label
X-IPS-LoggedIn
X-FORWARDED-FOR
DataCenter
X-ID
PageType
X-Varnish-Url
X-HS-Status
X-Sucuri-Cache
X-BE
X-SplitTest
X-PJAX-URL
X-B3-SpanId
X-Fastly-Cache-Hits
X-ND-Cache
X-LJ-Flow-ID
X-Instart-Isnd
X-AWS-Id
HTTPS
X-Port
X-VWS-Id
X-SERVER-NAME
X-Swift-Error
X-Backend-TTL
Is-Session-Tracking
Get-Access-Time
Hostname
X-GoCache-CacheStatus
X-From-Cache
Odigeo-Trace-Id
Dynatrace
X-Pf-Uncompressing
X-SN
X-Bug-Bounty
Cache-Hits
X-Server-W
X-Gen-Id
Proxy-Firewall
X-GZIP
X-Amzn-Remapped-Connection
X-Owner
X-Amzn-Remapped-Date
X-Atg-Version
FastCGI-Cache
X-Cache-Ttl
X-NGINX-Cache
Powered
X-ORIG-AKA-EDGE
Requestid
X-VarnPar2
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-Ms-Lease-Status
X-Ms-Blob-Type
Serverid
X-Ms-Version
X-Ms-Request-Id
X-Varnish-URL
X-RAMCache
X-LiteSpeed-Cache-Control
X-ServerName
X-Fe
X-Alicdn-Da-Ups-Status
T-Server
RequestUuid
X-SB
X-Serial
WebServer
X-GEO
X-VC
X-ORIG-AKA-COUNTRY-CODE
X-PAGE-TYPE
ProcessTime
SID
X-HTML-Edge-Cache
Xet-Cookie
X-Ms-Lease-State
Correlation-Id
NodeID
NnCoection
X-Akamai-ERPolicy
X-CS
X-Developed-By
Location
X-Akamai-ERRuleID
X-LiteSpeed-Tag
X-Dw-Trace-Id