Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-Backend
X-AH-Environment
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-SaveTime
X-Proxy-Cache
X-Swift-CacheTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Cache-Lookup
X-Server-Id
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-OneAgent-JS-Injection
X-Host
X-Node
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
Rating
X-Url
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-Vhost
X-Server-Name
X-ESI
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-DataDome
X-VARITI-CCR
RTSS
X-Ruxit-JS-Agent
X-Cached
X-MS-InvokeApp
X-Goog-Hash
Accept-CH
Charset
X-Server-ID
SPRequestGuid
X-TTL
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
Verso
X-F-Cache
Public-Key-Pins
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
Pinterest-Generated-By
PB-RID
PB-PID
X-Dispatcher
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Version
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
X-Abt-Application-Version
X-DIS-Request-ID
X-Powered-CMS
Accept-CH-Lifetime
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Origin-Upstream-Status
X-B
X-Shield-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Amz-Rid
X-Recruiting
X-Navigation-Version
MS-Author-Via
DynaTrace
Realpath
X-Client-IP
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream
X-Vcap-Request-Id
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Content-MD5
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Ttl
Edge-Cache-Tag
Arr-Disable-Session-Affinity
X-Hits
X-Varnish-Age
X-Debug
X-N
X-Oracle-Dms-Rid
X-Goog-Storage-Class
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-NF-Request-ID
X-Aspnet-Version
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
TCN
Access-Control-Request-Method
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-Id
X-Via-JSL
S
X-XRDS-Location
X-ATG-Version
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-NewRelic-App-Data
Service-Worker-Allowed
X-FTR-Expires
X-Logged-In
X-Oneagent-Js-Injection
Alternate-Protocol
Surrogate-Key
X-HS-Content-Id
X-HS-Hub-Id
Tracecode
X-Forwarded-For
X-Frontend
X-Cache-Key
X-PressLabs-Stats
X-Kinsta-Cache
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Content-Digest
X-FastCGI-Cache
X-Pad
Fastly-Restarts
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Content-Options
X-Ruxit-Js-Agent
X-CF-Powered-By
Server-Name
X-Edge-Location
X-Amzn-Trace-Id
Backend-Timing
X-Analytics
FilterID
X-Grace
TP-L2-Cache
TP-Cache
Host
Ar-Sid
X-User-Agent
X-Rid
X-Debug-Info
X-Cache-2
Fastcgi-Cache
X-Whom
X-Magnolia-Registration
ServerID
X-Hostname
X-Revision
X-B3-Sampled
X-IPLB-Instance
Eomportal-Instance
X-Page-Id
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-NWS-LOG-UUID
X-Srv
Paypal-Debug-Id
AR-Request-ID
X-Akam-SW-Version
X-AOL-HN
X-VCache
Front-End-Https
X-Content-Powered-By
X-URL
Refresh
X-B-Cache
Retry-After
X-GUploader-UploadID
X-Litespeed-Cache
X-Signature
X-Request-Guid
Source
X-Cluster
X-Handled-By
X-LB-Cache
X-Cache-Action
X-Framework
X-Device-Type
X-Instance
X-Cache-Control
X-Varnish-Hostname
X-HS-Cache-Config
Cleartype
X-SS-Set-Cookie
X-WA-Info
X-App-Environment
X-FB-Debug
X-Varnish-Grace
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-User
X-Platform-Server
X-Tumblr-Pixel-0
X-BCube-Filmed-By
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Fastcgi-Cache
X-TA-CDN-Provider
Webserver
X-Correlation-Id
X-Zen-Fury
X-Middleton-Display
X-Sol
Display
X-Varnish-Backend
X-XRDS-LOCATION
X-Az
X-AppVersion
X-Activity-Id
X-Daa-Tunnel
X-Content-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Healthy
X-Webkit-CSP
X-Cache-Rule
X-Cache-Server
Response
X-Middleton-Response
X-Varnish-Server
X-Drupal-Cache-Tags
ViewerVersion
X-Seen-By
X-Wix-Request-Id
X-Drupal-Cache-Contexts
X-Cached-By
X-TT
X-Generated-By
Upgrade-Insecure-Requests
X-App-Server
X-Geo-Country
Server-Node
S-Cnection
Cache-Status
X-Origin-Server
X-Accel-Expires
X-CACHE-GROUP
X-DataStream-Cache-Status
X-Cache-Age
X-Amz-Replication-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
Payment
X-Esi
Accept-Charset
X-Response-Served-From
GEO-INFO
X-S
X-UA-Device-Type
X-Contextid
X-Adobe-Loc
X-Cacheable-TTL
X-Status
X-Locale
X-Adobe-Content
X-Servedby
X-UUID
Access-Control-Allow-Method
X-Varnish-IP
X-Jobs
Actual-Object-TTL
Filters
NGB
X-Cache-NE
Viewport
ServedBy
X-Edge-Cache
X-Edge-Cache-Key
X-RequestSource
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-TX-ID
X-Tumblr-Pixel-2
X-Varnish-Hits
Server-Info
X-FW-Hash
X-Amz-Server-Side-Encryption
X-FW-Server
X-FW-Static
AsisCache
X-FW-Serve
X-Node-Name
X-FW-Type
X-GeoIP
X-WPE-Loopback-Upstream-Addr
X-WebKit-CSP-Report-Only
X-Storage
HostName
X-Dns-Prefetch-Control
X-PHP-Backend
Cache
X-Cache-TTL-Remaining
Host-Header
Cache-Tv-Group
X-Rendered-As
X-App-Version
X-Cache-Remote
X-Croise-Owner
MS-CV
SRV
From-Origin
X-Region
X-Cache-Operation
X-Vg-Webcache
X-Hyper-Cache
X-Redis-Cache
X-APP-VERSION
Served-By
Cache-Tag
X-Dynatrace-Js-Agent
Public-Key-Pins-Report-Only
Liferay-Portal
DC
X-HS-Combine-CSS
X-Mode
X-Forwarded-Host
X-Agile-Id
X-Path-Route
X-Is-Bot
X-Loop
Machine
X-Detected-As
X-Generated
X-Cache-Var
X-Agile-Age
X-Endurance-Cache-Level
X-Cache-Var-Map
X-IP
X-Hosted-By
X-Human
X-Webstats-RespID
Selected-FE
X-Timing-Wait
X-Site-Version
X-TNCMS
X-Proxy-Build
X-Request-Time
X-RN-RSRV
X-Agile
Meta-Geo
Origin-Edge-Control
Origin-Cache-Control
Now
X-Pc-Hit
X-Via-Fastly
X-Web-Node
X-Pc-Appver
X-Pc-Key
Powered-By-ChinaCache
X-ProxyCache-Key
X-ProxyCache-Status
X-Upgrade-Enabled
Cache-Name
X-VG-TLSProxy
X-L-Path
Xserver
X-Original-Request
X-CDN-Cache
X-Internal-Host
X-Origin
X-NGENIX-Cache
X-Environment-Context
X-Grey
X-Cache-Category-Id
X-JoinUs
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-PCL
X-Pubstack
X-NCache
X-Proxy
X-OCL
X-ServerID
X-Origin-Response-Time
X-Birta-Cache-Post
X-Akamai-Request-ID
X-Origin-Host
X-FC-Vary-Parameters
X-Birta-Served
S-Rt
X-Format
DB-Nickname
X-Akamai-Transformed
X-Viewer-Country
X-Tb
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
X-Upstream-HT
X-Upstream-CT
X-UA
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ProcessESI
X-CCM
Fastcgi-X-Cache-Version
Fastcgi-Useragent
Fastcgi-X-Cache
X-Guploader-Uploadid
X-Origin-CC
X-Ocache
X-Www-Served-By
X-Backend-Name
X-App-Name
X-Access
X-Xfnlog-Site
X-Cache-Config
Mn-Server-Ip
X-Via-CDN
Azure-InstanceId
Azure-RegionName
X-Time-Microsecs
X-RemovedCookies
Cache-Tags
Azure-SiteName
X-Rule
Azure-Version
Azure-SlotName
X-Section
TWC-Locale-Group
X-Origin-Hint
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Device-Class
Webcakes-Region
X-Zipkin-Id
TWC-Connection-Speed
X-Routing-Service
X-B3-Spanid
Webcakes-App-Version
TWC-Privacy
Datacenter
Pagespeed
Property-Id
X-Proxied
HitType
X-Newrelic-App-Data
X-TIME
Cache-Key
X-Protected-By
X-Nginx-Cache
X-BACKEND-TTL
User-Cache-Control
X-Akamai-Request-ID2
X-Kong-Proxy-Latency
X-Parent-Response-Time
X-Kong-Upstream-Latency
OT-Force-Account-Verify
Vix-Hermes-Req-Id
X-ShardId
Content-Style-Type
X-ShopId
Content-Script-Type
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Cache-TTL
X-CACHE-KEY
X-Shopify-Stage
X-Edge-IP
X-Ezoic-Cdn
X-Correlation-ID
X-Cdn-Forward
Time
NtCoent-Length
X-Real-IP
X-RTag
Ms-Operation-Id
L5d-Success-Class
X-RateLimit-Limit
X-Cache-Backend
X-Pc-Date
X-ApacheServer
X-PERF
X-OVcl
X-OVcl-Cache
X-Pc-Host
Accept-Language
X-FB-TRIP-ID
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Real-Ip
X-Front
X-Unique-Id-Primal
X-Mrs-Cache
AR-SID
X-Mrs-Age
X-Webkit-Csp
LB
X-Amz-Meta-Surrogate-Control
X-GRACE
X-Proto
Section-Io-Cache
Country
X-Content-Age
X-Ratelimit-Limit
X-Varnish-Cacheable
X-Varnish-Beresp-Grace
Load-Balancing
X-Varnish-Beresp-Status
X-Debug-Cache
X-CDN-Forward
X-Sucuri-ID
X-Nc
WZWS-RAY
X-Hit
X-Unique-ID
X-Varnish-Beresp-Ttl
Ohc-File-Size
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-MP-GENERATED-AT
X-Hl-Ver
X-Trace-Id
Warning
We-Hiring
Version
X-Time
Mail-Subject
User-Agent
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
Access-Control-Request-Headers
X-Microcachable
X-Actual-URL
X-Accel-Expires-Debug
Cache-Prefix
X-A-Wwc
X-NU-AKA-ACS-Version
Adler-Geo
Ajk
X-P-T
X-B-Cookie
X-Passed-To-BeforeDispatch
X-Passed-To
X-Auto-Login
X-Application
BehaviorPad-Version
X-Server-By
X-Node-Id
Arc-Country
X-External-Request-Id
X-Org
X-Aed
X-Logtrace-Id
MD5-Digest
Memcached
RNT-Machine
Meta-Geo-Continent
RNT-Time
Rt-Proxy-Cache
X-Layer
IBM-Web2-Location
Is-Eu
SD-X-WS
Resin-Trace
Mobile-Detection-Method
Platform
Powered-By
X-Goog-Meta-Goog-Reserved-File-Mtime
Release
Rendered-Blocks
X-GeoIP-Country-Code
Node
Request-Time
X-Generated-In
X-Li-Fabric
Server-ID
Fastly-Backend-Name
Fastly-SIE
Fastly-SWR
Fly-Cache
Ec-Rule-Version
Www
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
Fly-Request-Id
Frame-Options
V-Age
X-From
SS
X-G
Viewtype
X-Li-Pop
VivaBuild
X-LI-UUID
X-LI-Proto
X-A-Dgt
X-Bip
X-Twitter-Response-Tags
X-Rewrite-Enabled
X-UE-Client-Country
X-Via-NSCOPI
X-TT-LOGID
X-Thanos
X-Transaction
X-Trv-Group
X-CF-Lambda-Version
X-Returned-From-PostProcessResponse
X-Cache-URL
X-Var-Ttl
X-Response-By
X-Returned-From
X-Passed-To-DLL
X-Returned-From-DLL
X-CF-Lambda-Fn
X-User
X-Swa-Ws
X-Connection-Hash
X-S-Cookie
X-Device-Os
X-Died
X-S-Maxage
X-ScT
X-Served-From
X-Datadome
X-Destination
X-Server-Time
X-Date
X-Store
X-Rojux
X-Dispatcher-Server
X-Crawler
X-SRCache-Key
X-D
X-CUA
X-Variation
X-Returned-From-BeforeDispatch
X-Qloud-Router
X-DPWN-IS-SECURE
X-BB-ID
X-Cache-Debug
X-Release
X-Backend-State
X-Cache-Expires
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Cache-Enabled
X-Region-Sid
X-WebServer
X-Rebelmouse-Cache-Control
X-Varnish-Action
X-Cache-Bucket
X-We-Are-Hiring
X-PAYTM-SRV-ID
X-Cache-Id
X-Request-UUID
X-Via-Edge
X-Passed-To-PostProcessResponse
X-VG-WebServer
Xc-Version
X-Via-SSL
X-PHP-Host
X-Ua
X-Cache-FS-Status
X-Developer
X-Cache-Host
X-C
X-Geo
X-Epic-Correlation-Id
X-Cache-CFC
X-Eu-Site
X-Gen-Mode
Proxy-Connection
X-Block-Status
X-Gannett-Site-Version
X-Amz-Meta-Cache-Control
X-Fstrz
X-FW-Version
X-F5-Cache
X-Distributor
X-Fetched-On
Web-Mar-Node
True-Client-Country-4JS
Thinkindot-Control
Server-Int
X-Clientip
X-CGP
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-Host
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Pramga
Cache-Cookie-Set-Idcheck
Backend
X-Origin-Expires
X-Origin-Date
X-Nginx-Cache-Key
X-Sf
X-Up
X-Server-Group
Countrycode
Country-Code
Content-Disposition
AKAMAI
X-Phone
X-Reboot
X-Proxy-Upstream
X-Request-Start
X-Rocket-Nginx-Bypass
X-UnsetCookies
X-Proxy-Cache-Status
PFcat
X-Dc
X-Stale
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Thinkindot-L3
X-Matched-Rule
X-Server-IP
X-Hash
Magicmarker
X-Secret
Kp-EeAlive
HA-Urlpath
X-Key
X-Info
X-IN-WAF
On-Server
Origin
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
Esi-Enabled
HA-Servedtime
GW-Server
HA-Cloudapp
GMS-Ver
X-Location
Fastly-SSL
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Geolat
HA-Geolon
X-NODE
Pagetype
X-Ah-Environment
X-SIPLIST1
X-ServiceProvider
X-Distil-CS
X-No-Session
X-MSEdge-Flight
X-Fastly-Cache
X-MSEdge-Features
X-MI-In-Market
X-Irp-Debug
X-Page-Type
X-Planisys-CDN-Cache
X-Policy
X-Request-URI
X-Platform
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-V
MI-Cache-Age
X-ElasticPress-Search
Apple-News-Services-Handled
Heartbleed
IsBot
MI-Cache
MI-API
Apple-News-Services-Host
Decoy-Debug-TTL
Apple-News-Services-Request-Url
Backend-Name
Decoy-Debug-Key
Apple-News-Services-Parsed-Url
Decoy-Debug-Status
Who
Pragrma
X-Backend-Host
X-Backend-Url
X-Core-Value
X-Core-Mission
X-DC
X-Be
X-Debug-Cache-Fetch
X-Refresh
X-Debug-Cache-Expiry
X-Instance-Name
Locale
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-NX-Host
X-Svr
X-Micro-Cache
Fastly-Soc-X-Request-Id
X-Origin-TTL
X-Wikidot-Static-Cache
REQUESTUUID
Request-EU
X-CACHE-AGE
PageSpeed
UCS
Uber-Trace-Id
X-Wikidot-Backend
Request-Country
CDCHOST
X-Urbn-Context-Path
X-Servername
X-Urbn-Site-Id
X-Developers
X-COUNTRY
X-Instart-Info
X-Newrelic-Synthetics
X-NC
X-NWS-UUID-VERIFY
X-Sn-Servicetimems
X-Cdn-Origin
V-Cache
Group
X-Generated-On
X-PARISIEN-Cache-Rendered
X-VarnPar1
X-VarnCache
X-Pjax-Url
X-GeoIP-City
RequestId
X-Level-Front-Cache
Lfy
ServerName
X-VCT
Host-ID
Ohc-Response-Time
X-Req
MIME-Version
X-Server-Cache
X-Cache-Info
X-Cdn-Srv
HitInfo
X-ARC
Cache-Provider
Memory
X-BBXSRF
Cteonnt-Length
X-Powered-By-ANYU
Mime-Version
X-Gdpr
X-EIG-Tracking-Id
Cdn
PICS-Label
X-CMS-Context
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Ratelimit-Remaining
X-LAGOON
Nel
CF-IPCountry
X-WR-MODIFICATION
X-Aicache-OS
NGX
X-Wa
CDN
X-Load-Cache
X-StackifyID
X-B3-Traceid
X-Cluster-Node
GeoIP-Country-Code
X-Fastly-Country-Code
GeoIP-Latitude
XServer
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
X-Sentry-ID
FSS-Proxy
FSS-Cache
X-HTML-Minification-Powered-By
X-CSRF-TOKEN
X-NodeID
Cf-Ipcountry
X-Check-Cacheable
Geoip-Latitude
X-Flog
X-FireWall-Port
X-WA
X-Hello
X-ABtesting
GeoIp-Country-Code
X-VServer
X-Varnish-Cache-Hits
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
SN
X-Source
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Beresp-TTL
Processtime
X-Generation-Time
X-Unique-Id
X-Csrf-Token
X-APP
X-Sedo-Request-Id
X-Cache-Miss-From
WP-Super-Cache
X-HOST
X-GZip
X-CSRF-Token
CACHE
TSSecure
X-Nananana
X-ServedByHost
X-CDN-Pop
X-CDN-Pop-IP
X-Cache-Grace
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
Cdn-Request-Time
X-Dynatrace
X-MServer
X-Varnish-Authentication
X-DataStream-Origin-MEX-Latency
X-Cache-ASPX
Cdn-Host
Server-Surrogate-Control
Server-Cache-Control
X-DataStream-MidMile-RTT
X-Edge-Server
X-Worker
X-SRV
Pics-Label
X-Skip-Cache
A
X-VC-Cache
X-RCS-Backend
URI
X-FORWARDED-FOR
X-GDPR
X-IPS-LoggedIn
X-VG-WebCache
X-ID
DataCenter
PageType
X-HS-Status
X-Varnish-Url
X-B3-SpanId
X-Sucuri-Cache
X-Backend-TTL
X-BE
X-LJ-Flow-ID
X-ND-Cache
X-Instart-Isnd
X-Port
HTTPS
X-AWS-Id
X-SplitTest
X-Fastly-Cache-Hits
X-VWS-Id
X-Swift-Error
X-PJAX-URL
Odigeo-Trace-Id
Dynatrace
Is-Session-Tracking
Hostname
X-GoCache-CacheStatus
Get-Access-Time
X-From-Cache
Requestid
X-Gen-Id
Proxy-Firewall
X-Owner
X-Bug-Bounty
X-Amzn-Remapped-Date
Cache-Hits
X-Pf-Uncompressing
X-Amzn-Remapped-Connection
X-SN
X-GZIP
FastCGI-Cache
X-NGINX-Cache
X-VarnPar2
X-Server-W
X-Cache-Ttl
X-ORIG-AKA-EDGE
Powered
Serverid
X-Ms-Version
X-Akamai-SSL-Client-Sid
X-Ms-Request-Id
X-Ms-Blob-Type
X-Amz-Meta-S3b-Last-Modified
X-Ms-Lease-Status
X-Varnish-URL
WebServer
X-GEO
X-LiteSpeed-Cache-Control
X-ServerName
X-Fe
T-Server
RequestUuid
X-VC
X-Alicdn-Da-Ups-Status
X-SB
X-PAGE-TYPE
X-RAMCache
X-ORIG-AKA-COUNTRY-CODE
X-Serial
ProcessTime
X-Ms-Lease-State
Xet-Cookie
SID
NodeID
Correlation-Id
X-RequestId
X-PF-Uncompressing
X-HTML-Edge-Cache
NnCoection
X-CS
X-Developed-By
Location
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-LiteSpeed-Tag
X-Dw-Trace-Id