Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
Status
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Server-Powered-By
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Server
X-Swift-CacheTime
X-Swift-SaveTime
X-Hacker
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-LiteSpeed-Cache
X-Ua-Compatible
Request-Context
X-Kinja-Server-Push
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Amz-Version-Id
X-Response-Time
X-OneAgent-JS-Injection
X-Host
X-Backend-Server
Surrogate-Control
X-Cnection
X-Rq
X-Server-Id
X-Readtime
X-Rack-Cache
Server-Timing
X-Node
Report-To
X-WebKit-CSP
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
Feature-Policy
X-Instart-Request-ID
X-Iejgwucgyu
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
X-CST
Pinterest-Generated-By
NEL
X-Country
X-Px
Rating
X-Server-Name
X-Country-Code
X-Url
X-TTL
X-DataDome
X-Ruxit-JS-Agent
X-Origin-Cache
X-Varnish-TTL
X-DynaTrace
X-MS-InvokeApp
Allow
X-Vhost
X-Vname
X-TtlSet
X-PC
X-Cached
X-FTR-Request-ID
X-ESI
RTSS
X-Powered-CMS
X-Goog-Hash
X-DynaTrace-JS-Agent
Charset
X-VARITI-CCR
X-Powered-By-Plesk
Accept-CH
X-Dispatcher
Public-Key-Pins
X-D2id
X-GitHub-Request-Id
X-Mod-Pagespeed
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Server-ID
X-F-Cache
X-Trace
X-Kinja-Build
X-Kinja
SPRequestGuid
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
Content-MD5
MS-Author-Via
X-Version
X-Oracle-Dms-Rid
Verso
X-SharePointHealthScore
X-T
X-Recruiting
Nginx-Cache
X-Abt-Application-Version
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Client-IP
X-Forwarded-Proto
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-B3-TraceId
X-HW
Accept-CH-Lifetime
X-N
X-Navigation-Version
X-DIS-Request-ID
X-Dw-Request-Base-Id
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Amz-Rid
X-XRDS-Location
X-Origin-Upstream-Status
X-Upstream
X-ORACLE-DMS-RID
Fastly-Restarts
X-B
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
X-Fastly-Request-ID
Paypal-Debug-Id
X-Hits
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
X-Accel-Buffering
TCN
DynaTrace
Realpath
X-Content-Options
Arr-Disable-Session-Affinity
X-Pad
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Service-Worker-Allowed
X-NF-Request-ID
X-Ser
X-Webkit-Csp
X-Content-Digest
X-Id
X-Goog-Storage-Class
Tracecode
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Varnish-Age
S
Front-End-Https
X-Debug
X-Mrf-Item-Lastmod
X-Amz-Cf-Pop
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Sol
Display
X-Middleton-Display
X-FastCGI-Cache
X-Dns-Prefetch-Control
X-Vcap-Request-Id
X-RateLimit-Remaining
X-MSEdge-Ref
X-PressLabs-Stats
X-Kinsta-Cache
X-FTR-Backend
X-Frontend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-IPLB-Instance
X-Cache-Hit
X-ATG-Version
Surrogate-Key
Powered-By-ChinaCache
X-HS-Hub-Id
X-Forwarded-For
X-HS-Content-Id
X-Zen-Fury
X-Geo-Segment
X-Grace
Fastcgi-Cache
Rt-Fastcgi-Cache
X-Webkit-CSP
Response
X-Middleton-Response
X-Logged-In
Server-Name
X-CF-Powered-By
X-Analytics
Backend-Timing
X-Debug-Info
X-Mobile
X-Rid
X-NewRelic-App-Data
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Request-Received
X-SS-Set-Cookie
FilterID
X-Amzn-Trace-Id
X-FTR-Cache-Host
X-Akam-SW-Version
X-Revision
TP-Cache
Host
TP-L2-Cache
X-Edge-Location
X-Oneagent-Js-Injection
X-User-Agent
X-Cache-Key
X-Litespeed-Cache
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Cache-Status
X-Cached-By
Ar-Sid
X-TA-CDN-Provider
X-Accel-Expires
Host-Header
Refresh
X-Drupal-Cache-Tags
X-Magnolia-Registration
X-GUploader-UploadID
X-Ttl
X-SERVER
Liferay-Portal
X-Varnish-Backend
X-Cache-Rule
X-Newrelic-App-Data
ServerID
X-Node-Name
X-HS-Cache-Config
X-Platform-Server
X-FB-Debug
X-Tumblr-User
X-AOL-HN
X-Cluster
X-Tumblr-Pixel-0
X-B3-Sampled
X-Akamai-Edgescape
X-Whom
DC
X-Tumblr-Pixel
X-Cache-2
X-Instance
X-Signature
X-Framework
X-Content-Security-Policy-Report-Only
Cache-Tag
X-B-Cache
X-Varnish-Hostname
X-Cache-Control
X-Device-Type
X-BCube-Filmed-By
X-App-Environment
X-LB-Cache
X-Page-Id
Public-Key-Pins-Report-Only
Cleartype
X-Request-Guid
X-Handled-By
X-Srv
Accept-Charset
X-B3-TraceId-Primal
X-WPE-Loopback-Upstream-Addr
Eomportal-Instance
X-Activity-Id
X-AppVersion
X-Use-Magma
X-Az
X-Generated-By
AR-Request-ID
X-URL
X-TT
X-Cache-Action
X-Cache-Server
X-Seen-By
X-Wix-Request-Id
X-Via-JSL
X-Drupal-Cache-Contexts
ViewerVersion
MS-CV
X-Fastcgi-Cache
X-NWS-LOG-UUID
Upgrade-Insecure-Requests
X-App-Server
X-App-Version
Source
Retry-After
X-Amz-Replication-Status
X-VCache
X-Content-Powered-By
X-Correlation-Id
X-Esi
HostName
Alternate-Protocol
X-Varnish-Server
X-WA-Info
Server-Node
Webserver
CACHE
X-Hostname
X-Response-Served-From
X-Tumblr-Pixel-1
X-Cache-NE
X-Tumblr-Pixel-2
X-Locale
X-GeoIP
SRV
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Varnish-Grace
X-HS-Combine-CSS
X-FW-Hash
X-Jobs
X-FW-Serve
X-FW-Static
X-FW-Type
X-Amz-Apigw-Id
X-RequestSource
X-Amzn-RequestId
X-Geo-Country
AsisCache
X-FW-Server
GEO-INFO
Payment
X-Edge-Cache-Key
X-Cache-TTL-Remaining
X-Edge-Cache
X-Status
X-UUID
X-Adobe-Loc
X-Servedby
X-Adobe-Content
Viewport
X-S
ServedBy
X-Contextid
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Varnish-Hits
X-Varnish-IP
AR-SID
X-TX-ID
X-Correlation-ID
X-TT-TIMESTAMP
Pagespeed
X-Vg-Webcache
X-Origin-Server
X-Cache-Operation
Country
X-Cacheable-TTL
X-Sucuri-ID
PageSpeed
X-RateLimit-Limit
Served-By
X-Daa-Tunnel
Server-Info
X-Real-IP
X-Region
X-Hyper-Cache
X-TIME
Datacenter
From-Origin
X-Forwarded-Host
X-Amz-Server-Side-Encryption
X-Akamai-Request-ID2
X-Mode
X-Cache-Age
Content-Style-Type
S-Cnection
X-Ezoic-Cdn
Content-Script-Type
HitInfo
HitType
X-DataStream-Cache-Status
X-Section
X-Is-Bot
X-Upgrade-Enabled
X-Cache-Var
X-Rendered-As
X-Format
X-Generated
X-Proxy
Meta-Geo
X-JoinUs
Fastcgi-X-Cache
Machine
X-Routing-Service
X-Cache-Var-Map
X-Site-Version
Access-Control-Allow-Method
X-Proxied
Fastcgi-X-Cache-Version
X-Access
X-RN-RSRV
X-Amz-Meta-Surrogate-Control
X-Detected-As
X-Rule
X-Zipkin-Id
Azure-SlotName
LB
Azure-RegionName
L5d-Success-Class
Azure-SiteName
DB-Nickname
Azure-InstanceId
Fastcgi-Useragent
X-Environment-Context
X-L-Path
X-NGENIX-Cache
X-Hosted-By
X-Hit
X-CDN-Cache
X-Grey
X-Ocache
X-Origin-Hint
X-Rocket-Nginx-Bypass
X-Request-Time
X-ServerID
X-Tb
X-Cache-Config
X-Cache-Category-Id
X-Agile-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
OT-Force-Account-Verify
Property-Id
TWC-Locale-Group
TWC-Privacy
X-Agile
X-Agile-Age
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Now
Azure-Version
Healthy
X-Akamai-Transformed
X-Content-Type
X-Via-Fastly
X-Birta-Cache-Post
X-VG-TLSProxy
X-Human
X-Source
X-XRDS-LOCATION
Cache-Name
X-EIG-Tracking-Id
Mn-Server-Ip
X-Viewer-Country
X-Birta-Served
X-OCL
S-Rt
X-Origin
X-TNCMS
Cache
X-PCL
X-Loop
X-Pc-Key
X-Xfnlog-Site
X-ProxyCache-Status
X-Distil-CS
X-ProcessESI
X-BYPASS-REASON
X-SplitTest
X-App-Name
X-AWS-Id
X-ProxyCache-Key
X-CCM
X-VWS-Id
X-Original-Request
X-RemovedCookies
X-OVcl
X-OVcl-Cache
X-Pc-Hit
X-Pc-Appver
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Upstream-CT
X-Cluster-Node
X-IP
X-FC-Vary-Parameters
X-Upstream-HT
X-Www-Served-By
X-Proxy-Build
X-Ms-Request-Id
X-Ms-Lease-Status
X-TWH-CORRELATION-ID
X-Ms-Blob-Type
X-Timing-Wait
X-Ms-Version
X-Cache-Enabled
IBM-Web2-Location
X-Microcachable
Accept-Language
Selected-FE
X-Pubstack
Access-Control-Request-Headers
X-ShardId
Xserver
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-NodeID
X-Cdn
X-Path-Route
X-Port
X-Connection-Hash
X-RTag
X-Transaction
X-Twitter-Response-Tags
X-Via-CDN
Cache-Hits
X-Web-Node
X-Ruxit-Js-Agent
X-UA
X-Cache-Remote
X-GRACE
Ms-Operation-Id
X-MP-GENERATED-AT
Origin-Cache-Control
Origin-Edge-Control
Backend
NtCoent-Length
X-HOST
Time
X-Unique-ID
X-Origin-CC
X-Varnish-Cacheable
User-Agent
X-Geo
X-Debug-Cache
X-Guploader-Uploadid
X-Edge-IP
X-APP-VERSION
X-Nginx-Cache
Mail-Subject
X-Varnish-Cache-Hits
We-Hiring
X-Cache-TTL
X-NCache
X-Sucuri-Cache
X-NODE
X-Internal-Host
NGB
X-Tumblr-Pixel-3
X-Real-Ip
X-Cdn-Forward
Filters
X-Pc-Host
X-Proto
X-Newrelic-Synthetics
X-Pc-Date
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Cache
Fastly-SSL
X-Mrs-Age
X-ApacheServer
X-Vgn-Hpd-Reason
X-Csrf-Token
X-PERF
Warning
X-Storage
X-CACHE-GROUP
X-CDN-Forward
X-Time-Microsecs
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-CACHE-AGE
X-Akamai-Request-ID
X-Webstats-RespID
X-Ua
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-CACHE-KEY
X-Backend-Name
X-C
Cache-Key
X-EdgeConnect-Cache-Status
X-ElasticPress-Search
WZWS-RAY
User-Cache-Control
X-Endurance-Cache-Level
Cache-Tags
X-Powered-By-ANYU
X-Generated-In
Apple-News-Services-Handled
X-Backend-TTL
X-Backend-Url
X-Wikidot-Static-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Wikidot-Backend
X-BB-ID
Xc-Version
X-Fetched-On
X-BBXSRF
X-From
Meta-Geo-Continent
MD5-Digest
X-F5-Cache
Ajk
X-G
Apple-News-Services-Request-Url
X-Epic-Correlation-Id
X-D
FSS-Cache
Fly-Request-Id
Fly-Cache
HA-Georegion
X-Date
FSS-Proxy
HA-Geolon
HA-Geocity
HA-Geocountry
HA-Cloudapp
X-CF-Lambda-Version
X-CF-Lambda-Fn
GMS-Ver
X-Cache-Srv
X-Destination
X-DPWN-IS-SECURE
Cache-Prefix
Mobile-Detection-Method
X-Eu-Site
X-External-Request-Id
BehaviorPad-Version
X-Cache-Bucket
Ha-Gx-Prefs
X-Developer
Ec-Rule-Version
X-Developers
Content-Disposition
X-Died
Arc-Country
X-IN-SSL-APIGATEWAY
X-S-Cookie
Resin-Trace
X-Rojux
X-Rewrite-Enabled
HA-Servedtime
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
X-Server-Time
X-Server-By
X-A-Dcw
X-ScT
Rt-Proxy-Cache
VivaBuild
SN
X-Org
X-NU-AKA-ACS-Version
TSSecure
HA-Urlpath
UCS
X-PAYTM-SRV-ID
Server-Host
X-Region-Sid
Viewtype
X-Platform
V-Age
X-Dc
Rendered-Blocks
X-Irp-Debug
X-IN-WAF
X-Via-Edge
X-VG-WebServer
X-B-Cookie
X-Via-SSL
Odigeo-Trace-Id
X-CGP
X-Hash
X-Backend-Host
X-IN-APIGATEWAY
HA-Geolat
X-GeoIP-Country-Code
HA-Host
X-SRCache-Key
X-Store
X-A-Wwc
X-Logtrace-Id
X-Nc
X-Application
HA-Ipaddr
X-Amz-Meta-Cache-Control
X-Aed
X-UE-Client-Country
X-Accel-Expires-Debug
X-Trv-Group
X-NC
X-Backend-State
Www
Thinkindot-Control
X-ABtesting
X-Auto-Login
X-Cache-URL
X-Cache-Host
X-Cdn-Origin
X-Flog
X-Secret
X-S-Maxage
X-Matched-Rule
Thinkindot-CacheControl-Type
X-Server-IP
X-SIPLIST1
X-Location
X-Thinkindot-L3
X-Sn-Servicetimems
X-Response-By
X-Request-Start
X-Owner
X-NX-Host
X-No-Session
X-Nginx-Cache-Key
X-Phone
X-Reboot
X-Release
X-MSEdge-Features
X-Redis-Cache
X-UnsetCookies
X-Up
X-Distributor
X-Fastly-Cache
X-MSEdge-Flight
X-FW-Version
X-Dispatcher-Server
X-Debug-Log
X-Core-Mission
X-Croise-Owner
X-Debug-Cookies
X-Gannett-Site-Version
X-Worker
X-Key
X-Layer
X-User
X-VServer
X-Hl-Ver
X-GeoIP-City
X-We-Are-Hiring
X-Hello
X-Clientip
Section-Io-Cache
IsBot
Heartbleed
GW-Server
Magicmarker
Memcached
Origin
NodeID
Frame-Options
Countrycode
X-Cache-Backend
Thinkindot-CacheControl
X-B3-Spanid
AKAMAI
Country-Code
Backend-Name
Pramga
X-Varnish-Beresp-Ttl
Server-ID
Release
RNT-Time
Server-Int
RNT-Machine
X-Fstrz
X-Trace-Id
X-Thanos
X-Sf
X-Served-From
X-Gen-Mode
X-Stale
X-Swa-Ws
X-TT-LOGID
Adler-Geo
CDCHOST
X-Varnish-Action
X-Actual-URL
X-Device-Os
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Variation
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Cookie-Set-From
X-Var-Ttl
X-Sentry-ID
X-RCS-CacheZone
X-Rebelmouse-Cache-Control
X-LI-UUID
X-LI-Proto
X-Policy
X-MI-In-Market
X-Passed-To-BeforeDispatch
X-Node-Id
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Li-Pop
X-Li-Fabric
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Hnp-Log
X-Returned-From-PostProcessResponse
Uber-Trace-Id
Pagetype
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Returned-From
X-Instance-Name
Web-Mar-Node
X-VCT
MI-Cache-Age
Kp-EeAlive
MI-Cache
X-ServiceProvider
Is-Eu
Fastly-Soc-X-Request-Id
X-V
Request-Country
X-Cache-Id
Request-EU
X-Bip
X-Cache-CFC
X-Cache-Debug
X-Request-URI
X-Cache-Expires
X-Block-Status
Platform
X-Passed-To
X-CUA
X-WebServer
Fastly-SWR
Fastly-SIE
Esi-Enabled
Fastly-Backend-Name
Pragrma
X-DC
X-Crawler
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Core-Value
X-UA-Device-Type
X-Datadome
X-BB-IP
X-PHP-Backend
Proxy-Connection
X-Ms-Lease-State
X-Qloud-Router
True-Client-Country-4JS
REQUESTUUID
X-Via-NSCOPI
On-Server
X-Info
HTTPS
RequestId
X-P-T
MI-API
Cteonnt-Length
X-Be
X-Servername
Powered-By
MIME-Version
X-Refresh
X-SN
X-Pjax-Url
X-Page-Type
X-Req
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ckpd-Fst-Backend
ProcessTime
X-SVT-ORM-VERSION
X-MServer
X-NWS-UUID-VERIFY
Cdn
X-Origin-Response-Time
X-GZip
X-SVT-ORM-RULES
X-Dynatrace-Js-Agent
X-Origin-TTL
X-Oracle-Dms-Ecid
Version
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Memory
X-Oss-Storage-Class
X-Parent-Response-Time
Amp-Access-Control-Allow-Source-Origin
X-Cache-FS-Status
CF-IPCountry
X-Content-Age
Group
V-Cache
Who
X-Unique-Id-Primal
Mime-Version
X-Servedbyhost
X-Aicache-OS
X-ND-Cache
Fusion-Source
X-Varnish-Url
X-Vcache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Fusion-Content-Source
Fusion-Template-Id
X-Wa
X-Pf-Uncompressing
X-Generation-Time
Fusion-Content-Id
X-COUNTRY
Fusion-Component-Id
SS
X-FireWall-Port
CDN
X-Unique-Id
X-Varnish-Beresp-TTL
X-GEO
XServer
X-Time
Geoip-Latitude
GeoIP-Country-Code
X-Cache-Info
X-SRV
GeoIp-Country-Code
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Fastly-Cache-Hits
PageType
Get-Access-Time
Is-Session-Tracking
X-Protected-By
GeoIP-Latitude
X-M-Reqid
X-M-Log
X-Qnm-Cache
X-EC-Security-Audit
X-CS
X-Server-Group
X-B3-Traceid
T-Server
Serverid
NGX
SD-X-WS
Load-Balancing
X-Server-W
X-WA
X-Surge-Debug
X-APP
X-Check-Cacheable
X-Ratelimit-Remaining
ServerName
X-Requestid
X-HTML-Minification-Powered-By
X-CSRF-Token
DataCenter
X-Origin-Date
A
X-Origin-Expires
Nel
X-ID
X-StackifyID
X-Nananana
X-RequestId
Processtime
X-ServedByHost
PICS-Label
X-Gdpr
X-ARC
Cf-Ipcountry
X-SERVER-NAME
X-NGINX-Cache
X-UPSTREAM-Address
X-HS-Status
X-Alicdn-Da-Ups-Status
X-Skip-Cache
X-Fastly-Country-Code
Hostname
X-FORWARDED-FOR
X-Proxy-Server
X-Load-Cache
X-GZIP
X-PF-Uncompressing
X-Feature
URI
WP-Super-Cache
X-Origin-Host
X-PHP-Host
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Node
X-B3-SpanId
Cache-Provider
X-BE
X-ServerName
X-PAGE-TYPE
Lfy
X-Proxy-Upstream
Powered
X-Fe
Cneonction
X-Proxy-Cache-Status
X-PJAX-URL
X-VG-WebCache
X-Cdn-Srv
X-Atg-Version
RequestUuid
X-IPS-LoggedIn
X-Cache-Ttl
X-HTML-Edge-Cache
Requestid
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Https
X-Content-Encoded-By
Vix-Hermes-Req-Id
X-Fastly-Backend-Reqs
X-From-Cache
Sid
N-Cache
X-Distil-Cs
X-VC
X-SB
Build-Number
Host-ID
X-Serial
X-Akamai-SSL-Client-Sid
SID
PFcat
Xet-Cookie
X-CSRF-TOKEN
X-WR-MODIFICATION
X-Dw-Trace-Id
X-RAMCache
X-Gen-Id
X-Grace-Duration
Cdn-Src-Port