Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Iinfo
X-Permitted-Cross-Domain-Policies
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Request-ID
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Server-Id
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-Application-Context
X-Rack-Cache
X-CST
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
X-Url
Rating
Allow
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-Server-ID
X-DataDome
X-Vhost
X-ESI
X-GitHub-Request-Id
X-Server-Name
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Ruxit-JS-Agent
Accept-CH
RTSS
X-MS-InvokeApp
X-Goog-Hash
X-Cached
Charset
SPRequestGuid
X-Mod-Pagespeed
X-TTL
Pinterest-Generated-By
X-TtlSet
X-PC
X-Vname
X-D2id
X-F-Cache
Verso
Public-Key-Pins
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-Version
X-Dispatcher
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Navigation-Version
X-B
X-Forwarded-Proto
X-Shield-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
MS-Author-Via
Realpath
X-Recruiting
X-Client-IP
DynaTrace
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Upstream
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Content-MD5
Nginx-Cache
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Ttl
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Hits
X-Debug
X-Varnish-Age
X-N
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Oracle-Dms-Rid
X-Goog-Storage-Class
X-Aspnet-Version
X-MSEdge-Ref
X-NF-Request-ID
X-Via-JSL
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
Access-Control-Request-Method
TCN
X-Id
S
X-XRDS-Location
X-NewRelic-App-Data
X-ATG-Version
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
Service-Worker-Allowed
X-Logged-In
X-Oneagent-Js-Injection
Alternate-Protocol
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Frontend
X-Kinsta-Cache
Tracecode
X-PressLabs-Stats
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Content-Digest
X-FastCGI-Cache
X-Cache-Key
X-Pad
X-FTR-Cache-Host
X-Grace
MicrosoftSharePointTeamServices
Fastly-Restarts
X-RateLimit-Remaining
Server-Name
X-CF-Powered-By
X-Edge-Location
Fastcgi-Cache
X-Amzn-Trace-Id
X-Analytics
X-Content-Options
Backend-Timing
X-Ruxit-Js-Agent
TP-Cache
TP-L2-Cache
Ar-Sid
FilterID
Host
X-Cache-2
X-Rid
X-User-Agent
X-Magnolia-Registration
X-Whom
ServerID
X-B3-Sampled
X-Debug-Info
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Mobile
X-Hostname
X-Request-Processing-Time
X-Request-Received
X-Srv
X-NWS-LOG-UUID
AR-Request-ID
X-Akam-SW-Version
X-VCache
Paypal-Debug-Id
Front-End-Https
X-URL
X-AOL-HN
Retry-After
Refresh
X-Content-Powered-By
X-Litespeed-Cache
X-B-Cache
X-Signature
X-LB-Cache
X-Handled-By
X-Device-Type
X-Framework
X-Request-Guid
Source
X-Cache-Action
X-Cluster
Cleartype
X-FB-Debug
X-Varnish-Hostname
X-SS-Set-Cookie
X-Tumblr-User
X-WA-Info
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
X-App-Environment
X-BCube-Filmed-By
X-Cache-Control
X-Akamai-Edgescape
X-Cache-Hit
X-Varnish-Grace
X-Correlation-Id
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-Fastcgi-Cache
X-HS-Cache-Config
X-GUploader-UploadID
Webserver
X-AppVersion
X-Az
X-Activity-Id
X-Zen-Fury
Display
X-Sol
X-XRDS-LOCATION
X-Middleton-Display
X-Content-Type
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Cache-Server
X-Cache-Rule
X-TA-CDN-Provider
X-Middleton-Response
Response
X-Cache-Age
ViewerVersion
X-Varnish-Server
X-Wix-Request-Id
X-Seen-By
X-Drupal-Cache-Tags
X-Daa-Tunnel
X-TT
Upgrade-Insecure-Requests
X-Generated-By
X-Cached-By
X-Drupal-Cache-Contexts
X-App-Server
X-Origin-Server
X-Geo-Country
Cache-Status
Accept-Charset
X-CACHE-GROUP
Server-Node
X-DataStream-Cache-Status
S-Cnection
X-Amz-Replication-Status
X-Amzn-RequestId
X-Accel-Expires
X-Esi
X-Amz-Apigw-Id
Payment
NGB
X-UA-Device-Type
X-S
Filters
X-Response-Served-From
X-Contextid
X-Edge-Cache
X-Edge-Cache-Key
X-Cacheable-TTL
X-Adobe-Loc
GEO-INFO
X-Adobe-Content
Access-Control-Allow-Method
X-Servedby
X-Cache-NE
X-Jobs
Viewport
ServedBy
Actual-Object-TTL
X-Locale
X-Varnish-IP
X-Status
X-RequestSource
X-UUID
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-Varnish-Hits
X-FW-Type
X-FW-Serve
X-TX-ID
X-FW-Static
X-FW-Hash
X-FW-Server
X-Amz-Server-Side-Encryption
X-Storage
Cache-Tv-Group
AsisCache
Server-Info
X-WebKit-CSP-Report-Only
X-GeoIP
X-WPE-Loopback-Upstream-Addr
MS-CV
X-PHP-Backend
X-Dns-Prefetch-Control
X-Cache-Remote
X-Node-Name
HostName
X-Rendered-As
X-Cache-TTL-Remaining
Cache
X-App-Version
X-Croise-Owner
Host-Header
From-Origin
X-Region
SRV
X-Vg-Webcache
X-Cache-Operation
X-Webkit-CSP
X-Hyper-Cache
X-Redis-Cache
X-APP-VERSION
Served-By
X-Guploader-Uploadid
Liferay-Portal
X-Dynatrace-Js-Agent
Cache-Tag
Public-Key-Pins-Report-Only
DC
X-Mode
X-BACKEND-TTL
X-CACHE-KEY
X-HS-Combine-CSS
X-IP
X-Cache-Var
X-TNCMS
X-Akamai-Transformed
X-Hosted-By
X-Forwarded-Host
X-Loop
X-Webstats-RespID
X-Upgrade-Enabled
X-Agile
Selected-FE
X-Agile-Age
X-Agile-Id
X-Cache-Var-Map
Meta-Geo
Machine
X-Detected-As
X-RN-RSRV
X-Proxy-Build
X-Path-Route
X-NGENIX-Cache
X-Timing-Wait
X-Is-Bot
Pagespeed
X-Pc-Key
X-JoinUs
X-Pc-Hit
Cache-Name
X-Pc-Appver
X-Upstream-CT
X-Endurance-Cache-Level
X-ProxyCache-Key
X-ProxyCache-Status
X-Environment-Context
X-Request-Time
X-L-Path
X-Generated
X-Site-Version
X-NCache
X-Grey
Xserver
X-Human
X-Original-Request
X-Upstream-HT
Powered-By-ChinaCache
X-Labrador-Cache-Channel
X-Via-Fastly
X-Vgn-Hpd-Reason
X-CDN-Cache
Origin-Cache-Control
X-Cache-Category-Id
Now
X-BYPASS-REASON
X-Internal-Host
Origin-Edge-Control
X-Origin
X-RemovedCookies
X-Birta-Cache-Post
X-Pubstack
X-Birta-Served
X-Proxy
DB-Nickname
X-Viewer-Country
X-Origin-Host
X-ProcessESI
X-Akamai-Request-ID
S-Rt
X-B3-Spanid
X-ServerID
X-Tumblr-Pixel-3
X-FC-Vary-Parameters
X-Time-Microsecs
X-UA
X-VG-TLSProxy
X-Origin-Response-Time
X-Web-Node
Fastcgi-Useragent
Cache-Tags
X-Origin-CC
Fastcgi-X-Cache-Version
X-Xfnlog-Site
Azure-RegionName
X-Rule
Azure-InstanceId
X-CCM
Fastcgi-X-Cache
X-Format
X-Ocache
Mn-Server-Ip
Azure-Version
Azure-SiteName
X-Cache-Config
X-Backend-Name
X-Tb
Azure-SlotName
X-PCL
X-OCL
X-Www-Served-By
X-Parent-Response-Time
X-Kong-Upstream-Latency
X-App-Name
X-Yottaa-Metrics
Property-Id
TWC-Locale-Group
HitType
X-Kong-Proxy-Latency
Webcakes-App-Name
X-Zipkin-Id
Webcakes-App-Version
X-Section
X-Routing-Service
Content-Style-Type
Content-Script-Type
X-Proxied
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
X-Access
X-Origin-Hint
TWC-Privacy
Webcakes-Region
X-Yottaa-Optimizations
X-Protected-By
Cache-Key
Datacenter
X-TIME
X-Via-CDN
User-Cache-Control
X-Edge-IP
Vix-Hermes-Req-Id
X-Cache-TTL
OT-Force-Account-Verify
X-Nginx-Cache
X-Sorting-Hat-ShopId
X-Shopify-Stage
Ms-Operation-Id
X-RTag
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Akamai-Request-ID2
X-Ezoic-Cdn
Time
X-PERF
X-Cache-Backend
X-OVcl-Cache
X-OVcl
X-ApacheServer
X-FB-TRIP-ID
X-Real-IP
X-Cdn-Forward
X-RateLimit-Limit
X-Pc-Date
X-Pc-Host
NtCoent-Length
X-Newrelic-App-Data
X-Mshield-Cache-Status
X-Unique-Id-Primal
X-Mrs-Cache
X-Mrs-Age
Accept-Language
L5d-Success-Class
X-Mrs-Cache-Hits
X-Webkit-Csp
X-Content-Age
X-Front
AR-SID
Country
X-Correlation-ID
X-Real-Ip
Load-Balancing
LB
X-Proto
X-Amz-Meta-Surrogate-Control
X-Varnish-Cacheable
X-Ratelimit-Limit
Section-Io-Cache
X-Varnish-Beresp-Grace
X-Nc
X-Varnish-Beresp-Status
X-Debug-Cache
X-Varnish-Beresp-Ttl
X-CDN-Forward
Ohc-File-Size
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
WZWS-RAY
X-Hit
X-Sucuri-ID
X-Unique-ID
X-MP-GENERATED-AT
X-Hl-Ver
X-GRACE
X-Trace-Id
We-Hiring
Mail-Subject
X-Time
Version
Warning
X-Microcachable
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
User-Agent
X-Geo
X-C
BehaviorPad-Version
X-Passed-To
X-Actual-URL
X-Aed
X-BB-ID
X-Passed-To-BeforeDispatch
Frame-Options
X-Passed-To-DLL
Ajk
X-Accel-Expires-Debug
X-Auto-Login
X-DPWN-IS-SECURE
X-B-Cookie
X-FW-Version
Cache-Prefix
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Application
X-G
X-Bip
Fastly-SWR
Fly-Cache
Arc-Country
Fastly-SIE
Ec-Rule-Version
Fastly-Backend-Name
X-From
Fly-Request-Id
Www
X-Li-Fabric
X-Layer
Release
Rendered-Blocks
Powered-By
Platform
Node
X-LI-Proto
PFcat
X-Li-Pop
Thinkindot-Control
Thinkindot-CacheControl-Type
Rt-Proxy-Cache
SD-X-WS
Server-Host
Server-ID
RNT-Time
RNT-Machine
Request-Time
Thinkindot-CacheControl
SS
Resin-Trace
Mobile-Detection-Method
V-Age
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
X-A-Dgt
X-Node-Id
X-Generated-In
X-A-Wwc
X-Org
X-NU-AKA-ACS-Version
X-Matched-Rule
IBM-Web2-Location
X-LI-UUID
Meta-Geo-Continent
VivaBuild
Viewtype
Memcached
MD5-Digest
Is-Eu
X-Logtrace-Id
Adler-Geo
X-Goog-Meta-Goog-Reserved-File-Mtime
X-P-T
X-Cache-Host
X-Transaction
X-Thinkindot-L3
X-Thanos
X-Trv-Group
X-Dc
X-UE-Client-Country
X-Twitter-Response-Tags
X-TT-LOGID
X-Swa-Ws
X-Ua
Access-Control-Request-Headers
X-Server-Time
X-CF-Lambda-Fn
X-Connection-Hash
X-SRCache-Key
X-Crawler
X-External-Request-Id
X-Store
X-CUA
X-D
Xc-Version
X-WebServer
X-We-Are-Hiring
X-Destination
X-Developer
X-Dispatcher-Server
X-Died
X-Device-Os
X-Via-NSCOPI
X-Via-SSL
X-Var-Ttl
X-Date
X-User
X-Variation
X-Varnish-Action
X-Via-Edge
X-VG-WebServer
X-Fetched-On
X-CF-Lambda-Version
X-Cache-FS-Status
X-Cache-Debug
X-Server-By
X-Request-UUID
X-RCS-CacheZone
X-Response-By
X-Release
X-Region-Sid
X-Cache-Expires
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Cache-Enabled
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Returned-From-BeforeDispatch
X-Returned-From
X-Cache-Id
X-S-Cookie
X-S-Maxage
X-ScT
X-Served-From
X-Cache-URL
X-Returned-From-DLL
X-PHP-Host
X-Rojux
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Rocket-Nginx-Bypass
Pagetype
X-Distributor
X-Fstrz
X-Cache-CFC
X-Block-Status
X-Cache-Bucket
X-Hnp-Log
X-Gen-Mode
X-GeoIP-Country-Code
X-F5-Cache
X-Clientip
X-IN-SSL-APIGATEWAY
X-Hash
True-Client-Country-4JS
X-IN-APIGATEWAY
X-Amz-Meta-Cache-Control
X-Backend-State
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Server-Int
Cache-Cookie-Set-Idcheck
Backend
AKAMAI
Country-Code
Countrycode
Esi-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Phone
X-Proxy-Cache-Status
X-Stale
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-UnsetCookies
X-Sf
X-ServiceProvider
X-Proxy-Upstream
X-Request-Start
X-Server-Group
X-Server-IP
Fastly-SSL
Content-Disposition
Pramga
Magicmarker
X-Location
Kp-EeAlive
Origin
MI-API
MI-Cache-Age
On-Server
MI-Cache
X-MI-In-Market
Heartbleed
X-Info
GW-Server
X-IN-WAF
X-Origin-Expires
X-Origin-Date
Proxy-Connection
X-Nginx-Cache-Key
X-No-Session
GMS-Ver
X-NODE
X-Be
X-ElasticPress-Search
Backend-Name
X-Epic-Correlation-Id
X-Eu-Site
Who
X-V
X-MSEdge-Features
X-Svr
X-MSEdge-Flight
X-Up
X-Distil-CS
X-Page-Type
X-Fastly-Cache
X-Policy
X-Secret
X-Micro-Cache
X-SIPLIST1
X-Request-URI
X-Irp-Debug
X-Key
X-Gannett-Site-Version
X-Core-Mission
HA-Servedtime
HA-Host
HA-Urlpath
IsBot
REQUESTUUID
Ha-Gx-Prefs
HA-Georegion
HA-Geocity
HA-Cloudapp
HA-Geocountry
HA-Geolat
HA-Geolon
Web-Mar-Node
HA-Ipaddr
X-CGP
X-Backend-Url
X-Backend-Host
X-Core-Value
X-Origin-TTL
X-Debug-Cache-Expiry
X-Level-Front-Cache
X-NX-Host
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Developers
X-Debug-Cache-Store
X-Cdn-Origin
CDCHOST
Apple-News-Services-Handled
X-Platform
X-Sn-Servicetimems
X-Refresh
Apple-News-Services-Host
X-Debug-Log
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Debug-Cookies
Fastly-Soc-X-Request-Id
X-Debug-Cache-Fetch
X-Generated-On
Pragrma
Request-Country
X-Planisys-CDN-Cache
Request-EU
X-Instance-Name
Uber-Trace-Id
ServerName
Lfy
RequestId
UCS
X-Planisys-CDN-Rules
Locale
X-Instart-Info
X-COUNTRY
X-Servername
X-Planisys-CDN-TTL
X-Urbn-Context-Path
X-DC
X-Urbn-Site-Id
X-Cache-Info
X-Pjax-Url
X-NWS-UUID-VERIFY
X-Cdn-Srv
Ohc-Response-Time
X-Server-Cache
X-VarnCache
X-PARISIEN-Cache-Rendered
X-VarnPar1
Host-ID
Group
PageSpeed
V-Cache
X-CACHE-AGE
X-NC
X-Req
X-GeoIP-City
X-ARC
X-VCT
X-Newrelic-Synthetics
X-Datadome
HitInfo
MIME-Version
Cteonnt-Length
Mime-Version
Memory
Cdn
Cache-Provider
X-CMS-Context
X-BBXSRF
X-Powered-By-ANYU
PICS-Label
X-Gdpr
X-Ratelimit-Remaining
X-Servedbyhost
X-EIG-Tracking-Id
X-LAGOON
Nel
X-TWH-CORRELATION-ID
X-WR-MODIFICATION
X-Aicache-OS
X-Wa
NGX
CF-IPCountry
X-HTML-Minification-Powered-By
GeoIP-Latitude
GeoIP-Country-Code
X-StackifyID
X-Load-Cache
X-B3-Traceid
X-Fastly-Country-Code
CDN
Cf-Ipcountry
X-Fastly-Backend-Reqs
X-Cluster-Node
XServer
X-UPSTREAM-Address
X-CSRF-TOKEN
X-Varnish-Cache-Hits
FSS-Proxy
FSS-Cache
X-Sentry-ID
X-RateLimit-Limit-Second
X-Generation-Time
X-RateLimit-Remaining-Second
X-WA
X-NodeID
X-FireWall-Port
X-Check-Cacheable
X-VServer
X-Sedo-Request-Id
Processtime
X-Flog
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
X-Cache-Miss-From
X-Hello
X-ABtesting
X-Csrf-Token
X-Cache-Grace
SN
X-Source
X-HOST
X-Unique-Id
X-Varnish-Beresp-TTL
CACHE
X-Oss-Server-Time
X-Oss-Storage-Class
X-GZip
X-Oss-Object-Type
X-APP
X-Oss-Hash-Crc64ecma
X-CDN-Pop
WP-Super-Cache
X-Oss-Request-Id
Server-Cache-Control
X-CDN-Pop-IP
X-Varnish-Authentication
X-Cache-ASPX
Server-Surrogate-Control
X-ServedByHost
X-CSRF-Token
X-IPS-LoggedIn
X-DataStream-Origin-MEX-Latency
Pics-Label
X-RCS-Backend
X-GDPR
X-Nananana
X-DataStream-MidMile-RTT
X-Dynatrace
URI
TSSecure
X-SRV
X-VC-Cache
X-FORWARDED-FOR
X-Varnish-Url
X-Skip-Cache
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-Worker
X-MServer
X-ID
DataCenter
X-VG-WebCache
X-Fastly-Cache-Hits
X-ND-Cache
A
X-Instart-Isnd
X-HS-Status
X-Sucuri-Cache
Is-Session-Tracking
X-GoCache-CacheStatus
PageType
Get-Access-Time
X-B3-SpanId
X-From-Cache
X-BE
X-Swift-Error
Proxy-Firewall
Dynatrace
Hostname
X-PJAX-URL
HTTPS
X-Port
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-SplitTest
X-Gen-Id
X-Backend-TTL
X-Pf-Uncompressing
X-Amzn-Remapped-Connection
X-Server-W
X-GZIP
Powered
Odigeo-Trace-Id
X-Bug-Bounty
X-Amzn-Remapped-Date
X-VarnPar2
X-NGINX-Cache
Requestid
X-Cache-Ttl
X-SN
X-ORIG-AKA-EDGE
X-Fe
X-Owner
Cache-Hits
X-Amz-Meta-S3b-Last-Modified
Serverid
X-Pc-Subdomain
X-Dw-Trace-Id
X-HostName
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-Varnish-URL
X-LiteSpeed-Cache-Control
RequestUuid
X-ServerName
X-Serial
X-PF-Uncompressing
X-RequestId
X-GEO
X-RAMCache
X-ORIG-AKA-COUNTRY-CODE
T-Server
WebServer
X-SB
X-VC
X-R9-Blue-Green-Version
X-FW-Dynamic
Xet-Cookie
Correlation-Id
X-App
X-CS
X-Ms-Request-Id
X-Akamai-SSL-Client-Sid
X-Ms-Lease-Status
X-Ms-Blob-Type
SID
X-Ms-Version
NnCoection
X-HTML-Edge-Cache
X-Developed-By
Location
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-LiteSpeed-Tag