Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Amz-Cf-Pop
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Server-Powered-By
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-Host
X-Node
X-Cnection
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
X-CST
Feature-Policy
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Application-Context
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
Allow
Rating
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Cdn
X-B3-TraceId
X-Trace
X-Server-Name
X-Px
X-DataDome
X-Vhost
X-ESI
X-GitHub-Request-Id
X-ORACLE-DMS-RID
RTSS
X-MS-InvokeApp
X-VARITI-CCR
X-Cached
X-Ruxit-JS-Agent
Accept-CH
X-Goog-Hash
SPRequestGuid
Charset
X-Server-ID
X-PC
X-TtlSet
X-Vname
Pinterest-Generated-By
X-Mod-Pagespeed
X-D2id
X-F-Cache
Public-Key-Pins
Verso
X-Dispatcher
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-SharePointHealthScore
X-TTL
X-T
X-Version
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-Dns-Prefetch-Control
X-Ser
X-Fastly-Request-ID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Origin-Upstream-Status
X-Navigation-Version
X-Forwarded-Proto
X-Shield-Request-Id
X-B
X-Recruiting
X-Client-IP
MS-Author-Via
DynaTrace
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Oneagent-Js-Injection
Content-MD5
X-Upstream
X-Ttl
X-Vcap-Request-Id
Nginx-Cache
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-PoweredBy
AR-ATIME
Edge-Cache-Tag
X-N
X-Hits
Arr-Disable-Session-Affinity
X-Varnish-Age
TCN
X-Debug
X-Oracle-Dms-Rid
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-NF-Request-ID
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Access-Control-Request-Method
X-Goog-Storage-Class
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-NewRelic-App-Data
X-XRDS-Location
X-ATG-Version
X-Id
S
X-Via-JSL
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
Service-Worker-Allowed
X-FTR-Balancer
X-FTR-Backend
X-Logged-In
X-FTR-Expires
Tracecode
Alternate-Protocol
Rt-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-Forwarded-For
X-PressLabs-Stats
X-Frontend
X-Content-Digest
X-Kinsta-Cache
Surrogate-Key
X-RateLimit-Remaining
X-Pad
Fastly-Restarts
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
MicrosoftSharePointTeamServices
X-Cache-Key
X-Content-Options
Ar-Sid
X-FTR-Cache-Host
Server-Name
X-Edge-Location
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
Fastcgi-Cache
Backend-Timing
X-Analytics
FilterID
X-CF-Powered-By
X-Grace
Host
X-Rid
TP-Cache
TP-L2-Cache
X-User-Agent
X-Hostname
X-Debug-Info
X-IPLB-Instance
X-B3-Sampled
ServerID
X-Magnolia-Registration
X-Whom
X-Cache-2
X-Revision
Eomportal-Instance
X-Request-Processing-Time
X-Request-Received
Paypal-Debug-Id
X-Page-Id
X-NWS-LOG-UUID
X-Mobile
AR-Request-ID
X-Srv
X-HS-Cache-Config
Front-End-Https
X-Akam-SW-Version
X-AOL-HN
X-Content-Powered-By
X-VCache
X-URL
Retry-After
X-B-Cache
X-Signature
X-Cache-Hit
X-Litespeed-Cache
X-LB-Cache
X-Cluster
X-Device-Type
X-SS-Set-Cookie
X-Handled-By
X-FB-Debug
X-Varnish-Grace
Source
X-Request-Guid
X-Cache-Action
X-Instance
X-Cache-Control
X-App-Environment
Refresh
X-WA-Info
Cleartype
X-Varnish-Hostname
X-BCube-Filmed-By
X-Correlation-Id
X-Platform-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Framework
X-Content-Security-Policy-Report-Only
X-Fastcgi-Cache
X-Akamai-Edgescape
X-GUploader-UploadID
X-Zen-Fury
Webserver
X-Varnish-Backend
X-Middleton-Display
X-Sol
Display
X-Daa-Tunnel
X-Cache-Server
X-XRDS-LOCATION
X-Az
X-Activity-Id
X-AppVersion
X-Varnish-Server
Healthy
X-Content-Type
X-Cache-Rule
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
VIX-Pulpo-Node
X-Drupal-Cache-Tags
X-Seen-By
X-Generated-By
X-Wix-Request-Id
X-Geo-Country
X-Middleton-Response
ViewerVersion
Response
S-Cnection
X-Cached-By
X-Cache-Age
X-App-Server
Server-Node
Cache-Status
X-Origin-Server
X-DataStream-Cache-Status
X-Amz-Replication-Status
X-CACHE-GROUP
X-Accel-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
X-TT
X-Node-Name
X-Esi
Upgrade-Insecure-Requests
X-RequestSource
NGB
GEO-INFO
Filters
X-S
Payment
X-Response-Served-From
X-Locale
X-UA-Device-Type
X-Cacheable-TTL
Actual-Object-TTL
X-Varnish-IP
X-Cache-NE
X-WPE-Loopback-Upstream-Addr
X-Edge-Cache
Viewport
X-Edge-Cache-Key
X-FW-Serve
ServedBy
X-FW-Server
X-Tumblr-Pixel-2
X-Servedby
X-GeoIP
X-Jobs
X-FW-Type
X-Tumblr-Pixel-1
Host-Header
X-FW-Static
X-Contextid
X-FW-Hash
HostName
X-Varnish-Hits
X-Status
Access-Control-Allow-Method
X-Amz-Server-Side-Encryption
AsisCache
X-TX-ID
X-TT-TIMESTAMP
Accept-Charset
X-UUID
X-WebKit-CSP-Report-Only
Server-Info
X-Storage
Cache
X-Adobe-Loc
X-Adobe-Content
X-Vg-Webcache
SRV
X-PHP-Backend
X-Rendered-As
X-Hyper-Cache
X-Cache-TTL-Remaining
X-CLOUD-TRACE-CONTEXT
X-Cache-Remote
X-Croise-Owner
MS-CV
From-Origin
X-HS-Combine-CSS
Cache-Tv-Group
X-APP-VERSION
X-App-Version
X-Cache-Operation
X-Region
X-Webkit-CSP
Cache-Tag
DC
Served-By
X-Redis-Cache
X-Forwarded-Host
Public-Key-Pins-Report-Only
X-Mode
Liferay-Portal
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CACHE-KEY
X-Guploader-Uploadid
X-Webstats-RespID
X-NGENIX-Cache
Selected-FE
X-Agile-Id
X-Path-Route
X-Agile-Age
X-Site-Version
X-Agile
X-RN-RSRV
X-Timing-Wait
X-TNCMS
X-Request-Time
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Proxy-Build
X-Loop
Machine
Fastcgi-X-Cache-Version
X-Detected-As
Meta-Geo
X-Human
X-Hosted-By
X-Generated
Fastcgi-X-Cache
Xserver
X-Cache-Var
X-Akamai-Request-ID2
X-Is-Bot
X-IP
Fastcgi-Useragent
X-Cache-Var-Map
Webcakes-App-Name
Now
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Origin-Edge-Control
S-Rt
TWC-GeoIP-Country
Cache-Name
Property-Id
X-ProxyCache-Status
Origin-Cache-Control
TWC-Locale-Group
X-Pc-Key
X-Internal-Host
X-JoinUs
X-L-Path
X-Labrador-Cache-Channel
X-Grey
X-Format
X-Cache-Category-Id
X-CDN-Cache
X-BYPASS-REASON
X-Environment-Context
X-NCache
X-Origin-Hint
X-Vgn-Hpd-Reason
X-Routing-Service
Webcakes-Region
Webcakes-App-Version
X-Proxied
X-Pc-Hit
X-Original-Request
X-Pc-Appver
X-Zipkin-Id
X-Via-Fastly
X-ProxyCache-Key
TWC-Privacy
X-Akamai-Transformed
Powered-By-ChinaCache
Pagespeed
X-FC-Vary-Parameters
X-Upstream-CT
X-Viewer-Country
X-RemovedCookies
X-Pubstack
X-Upstream-HT
X-Web-Node
X-Access
X-Birta-Cache-Post
X-Birta-Served
Datacenter
X-Tumblr-Pixel-3
X-UA
X-Time-Microsecs
DB-Nickname
X-Origin-Host
X-PCL
X-ProcessESI
X-OCL
Cache-Tags
X-Proxy
X-Section
X-Akamai-Request-ID
X-Backend-Name
X-B3-Spanid
X-Rule
X-Via-CDN
X-Www-Served-By
X-Ocache
X-Origin-CC
X-CCM
X-Xfnlog-Site
X-Cache-Config
X-ServerID
X-Origin
X-VG-TLSProxy
X-Origin-Response-Time
Azure-SlotName
X-Tb
Azure-RegionName
HitType
Azure-InstanceId
Azure-SiteName
X-RateLimit-Limit
Azure-Version
Mn-Server-Ip
OT-Force-Account-Verify
X-TIME
X-ShardId
X-ShopId
X-App-Name
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Accept-Language
X-Cache-TTL
Cache-Key
X-Nginx-Cache
X-Ezoic-Cdn
X-Parent-Response-Time
X-Protected-By
Vix-Hermes-Req-Id
X-OVcl-Cache
X-OVcl
X-Edge-IP
User-Cache-Control
Content-Script-Type
L5d-Success-Class
Content-Style-Type
X-BACKEND-TTL
X-Real-IP
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
LB
Time
NtCoent-Length
X-Newrelic-App-Data
X-Real-Ip
X-Amz-Meta-Surrogate-Control
X-PERF
X-Cache-Backend
X-ApacheServer
Ms-Operation-Id
X-RTag
X-Webkit-Csp
X-Proto
X-Front
X-GRACE
X-Pc-Host
X-Pc-Date
X-Correlation-ID
X-Mshield-Cache-Status
X-Mrs-Age
X-Unique-Id-Primal
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Nc
X-FB-TRIP-ID
X-Cdn-Forward
X-Varnish-Cacheable
X-Dynatrace-Js-Agent
X-Hit
X-CDN-Forward
Section-Io-Cache
X-Content-Age
X-Varnish-Beresp-Status
X-Sucuri-ID
X-Varnish-Beresp-Grace
X-Debug-Cache
X-Unique-ID
WZWS-RAY
AR-SID
X-Microcachable
X-C
Load-Balancing
X-Dc
X-Trace-Id
Version
X-Time
Access-Control-Request-Headers
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Country
Fusion-Component-Id
Fusion-Source
X-MP-GENERATED-AT
X-EdgeConnect-Cache-Status
X-Varnish-Beresp-Ttl
X-Connection-Hash
Ohc-File-Size
X-Cache-Enabled
X-Transaction
X-Twitter-Response-Tags
Warning
Mail-Subject
We-Hiring
BehaviorPad-Version
Cache-Prefix
X-GeoIP-Country-Code
X-LI-Proto
X-Generated-In
X-Li-Pop
Release
Ajk
X-Application
Adler-Geo
X-Layer
X-Li-Fabric
Platform
Rendered-Blocks
X-Backend-State
Arc-Country
X-B-Cookie
X-Auto-Login
Powered-By
Ec-Rule-Version
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-URL
X-Cache-Id
X-Clientip
X-Crawler
X-Date
X-D
X-CUA
IBM-Web2-Location
Is-Eu
X-Cache-FS-Status
X-Cache-Debug
X-Cache-Bucket
Mobile-Detection-Method
Meta-Geo-Continent
Memcached
X-Cache-Host
Locale
MD5-Digest
X-Destination
X-Developer
Fastly-Backend-Name
Fastly-SIE
X-F5-Cache
Fastly-SWR
X-Fetched-On
X-LI-UUID
X-G
X-FW-Version
X-From
Fly-Cache
Fly-Request-Id
X-Dispatcher-Server
X-Died
X-Device-Os
X-DPWN-IS-SECURE
X-Bip
Frame-Options
X-External-Request-Id
X-BB-ID
Countrycode
Resin-Trace
X-Response-By
X-Request-UUID
X-Ua
X-Returned-From
X-Ratelimit-Limit
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Thanos
X-Trv-Group
X-User
SS
X-Var-Ttl
X-Urbn-Site-Id
X-Urbn-Context-Path
X-UE-Client-Country
X-A-Wwc
X-Returned-From-PostProcessResponse
X-A-Dgt
X-A-Dam
X-Server-Time
VivaBuild
X-A-Ccd
X-ScT
X-Served-From
X-Server-By
Viewtype
X-SRCache-Key
X-A-Dcw
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-Store
V-Age
X-S-Maxage
X-Accel-Expires-Debug
X-Variation
X-Passed-To-BeforeDispatch
X-Passed-To
RNT-Machine
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-PHP-Host
X-PAYTM-SRV-ID
Node
Xc-Version
X-Aed
X-Hl-Ver
X-Logtrace-Id
X-Actual-URL
X-Node-Id
X-Org
X-NU-AKA-ACS-Version
RNT-Time
Rt-Proxy-Cache
X-Region-Sid
X-Reboot
Server-ID
X-Via-Edge
X-VG-WebServer
X-Release
X-A
X-Varnish-Action
X-Rebelmouse-Surrogate-Control
X-Via-SSL
X-Qloud-Router
X-WebServer
X-RCS-CacheZone
X-We-Are-Hiring
X-Rebelmouse-Cache-Control
Server-Host
SD-X-WS
X-Rocket-Nginx-Bypass
X-Block-Status
X-Amz-Meta-Cache-Control
Origin
X-Request-Start
X-V
X-Cache-Expires
X-Via-NSCOPI
Www
X-Proxy-Upstream
Thinkindot-Control
X-UnsetCookies
X-SVT-ORM-VERSION
X-Server-IP
X-Server-Group
X-ServiceProvider
X-Sf
X-SVT-ORM-RULES
X-Stale
X-Proxy-Cache-Status
Thinkindot-CacheControl-Type
X-Hnp-Log
X-IN-APIGATEWAY
X-Hash
X-Gen-Mode
X-Epic-Correlation-Id
X-Eu-Site
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-No-Session
X-Matched-Rule
X-MI-In-Market
X-Location
X-Info
X-Key
X-CGP
Esi-Enabled
HA-Geocountry
AKAMAI
HA-Geocity
HA-Cloudapp
GW-Server
HA-Geolat
HA-Geolon
HA-Ipaddr
HA-Urlpath
HA-Host
Ha-Gx-Prefs
HA-Georegion
GMS-Ver
Apple-News-Services-Handled
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Country-Code
Content-Disposition
Thinkindot-CacheControl
Backend-Name
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Backend
Heartbleed
HA-Servedtime
Pramga
Pragrma
True-Client-Country-4JS
X-Swa-Ws
X-Thinkindot-L3
Proxy-Connection
User-Agent
Request-EU
Request-Country
Who
Uber-Trace-Id
MI-Cache
MI-API
Kp-EeAlive
Web-Mar-Node
MI-Cache-Age
On-Server
UCS
X-NODE
X-Be
X-Phone
X-P-T
CDCHOST
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-CFC
X-TT-LOGID
Server-Int
X-Request-URI
X-Nginx-Cache-Key
X-Irp-Debug
X-Policy
X-Instance-Name
Request-Time
X-Platform
Cache-Cookie-Set-Lfrom
X-Wikidot-Backend
X-NWS-UUID-VERIFY
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Backend-Url
X-Backend-Host
REQUESTUUID
IsBot
X-Wikidot-Static-Cache
X-Core-Value
X-SIPLIST1
X-Gannett-Site-Version
X-Developers
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Distil-CS
X-Secret
X-Geo
Group
V-Cache
X-MSEdge-Features
X-MSEdge-Flight
PFcat
X-Origin-Date
HitInfo
X-VCT
X-Up
X-Sn-Servicetimems
X-Refresh
X-Origin-Expires
X-Servername
X-Distributor
X-ElasticPress-Search
X-Debug-Log
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Magicmarker
X-GeoIP-City
X-NX-Host
X-Debug-Cookies
X-Cdn-Origin
X-Core-Mission
X-Fstrz
X-Planisys-CDN-Rules
X-Origin-TTL
X-Page-Type
Pagetype
RequestId
X-DC
X-Fastly-Cache
X-COUNTRY
X-Debug-Cache-Expiry
X-Micro-Cache
X-Debug-Cache-Fetch
X-Svr
X-Newrelic-Synthetics
X-VarnPar1
X-VarnCache
Host-ID
X-PARISIEN-Cache-Rendered
X-Debug-Cache-Store
X-Req
X-Pjax-Url
PageSpeed
X-Generated-On
X-Instart-Info
X-CACHE-AGE
X-BBXSRF
X-NC
X-Level-Front-Cache
X-Powered-By-ANYU
X-EIG-Tracking-Id
Lfy
ServerName
X-Datadome
Mime-Version
MIME-Version
X-Cache-Info
Cache-Provider
X-Cdn-Srv
Ohc-Response-Time
X-Server-Cache
Cdn
X-ARC
Cteonnt-Length
Memory
PICS-Label
X-Gdpr
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Cluster-Node
X-CMS-Context
Nel
X-Wa
X-StackifyID
CF-IPCountry
FSS-Proxy
X-Aicache-OS
X-LAGOON
X-Fastly-Country-Code
X-Sentry-ID
FSS-Cache
X-NodeID
X-Load-Cache
X-HTML-Minification-Powered-By
GeoIP-Latitude
GeoIP-Country-Code
NGX
X-ABtesting
X-Flog
X-Hello
X-VServer
CDN
X-WR-MODIFICATION
X-B3-Traceid
SN
XServer
X-CSRF-TOKEN
GeoIp-Country-Code
X-Fastly-Backend-Reqs
Geoip-Latitude
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-WA
X-GZip
X-UPSTREAM-Address
Cf-Ipcountry
Amp-Access-Control-Allow-Source-Origin
Processtime
X-APP
X-Source
TSSecure
X-Csrf-Token
X-CSRF-Token
X-DataStream-Origin-MEX-Latency
X-Worker
X-MServer
X-FireWall-Port
X-DataStream-MidMile-RTT
X-HOST
X-Ratelimit-Remaining
CACHE
X-Unique-Id
PageType
X-ServedByHost
WP-Super-Cache
X-CDN-Pop
X-Cache-Miss-From
X-Sedo-Request-Id
X-Generation-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Varnish-Cache-Hits
X-CDN-Pop-IP
A
X-SplitTest
Pics-Label
X-AWS-Id
X-Dynatrace
X-GDPR
X-LJ-Flow-ID
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Cdn-Host
Cdn-Request-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-VWS-Id
X-Nananana
X-Edge-Server
X-Port
X-SRV
X-VC-Cache
X-Skip-Cache
X-Cache-Grace
URI
HTTPS
X-FORWARDED-FOR
DataCenter
X-ID
Odigeo-Trace-Id
X-IPS-LoggedIn
Server-Cache-Control
Cache-Hits
X-Backend-TTL
Server-Surrogate-Control
X-Varnish-Authentication
X-Sucuri-Cache
X-Cache-ASPX
X-RCS-Backend
X-Fastly-Cache-Hits
X-Owner
X-B3-SpanId
X-HS-Status
X-Ms-Lease-Status
X-Ms-Version
X-Swift-Error
X-Ms-Blob-Type
X-BE
X-Ms-Request-Id
Dynatrace
X-PJAX-URL
X-Varnish-Url
Hostname
ProcessTime
X-Gen-Id
X-Instart-Isnd
X-Bug-Bounty
X-VG-WebCache
X-GZIP
X-From-Cache
X-ND-Cache
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-SN
X-Cache-Ttl
X-VarnPar2
X-ORIG-AKA-EDGE
Is-Session-Tracking
X-Pf-Uncompressing
X-NGINX-Cache
X-GoCache-CacheStatus
Get-Access-Time
X-Server-W
X-Ms-Lease-State
Requestid
Serverid
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-Alicdn-Da-Ups-Status
Proxy-Firewall
X-PAGE-TYPE
X-Varnish-URL
X-LiteSpeed-Cache-Control
X-VC
X-Cache-Srv
X-Serial
X-Fe
X-RAMCache
WebServer
X-ServerName
RequestUuid
X-SB
T-Server
X-ORIG-AKA-COUNTRY-CODE
X-GEO
NodeID
X-PF-Uncompressing
Xet-Cookie
SID
Powered
X-HTML-Edge-Cache
X-Akamai-ERRuleID
X-CS
X-Developed-By
Location
X-Dw-Trace-Id
NnCoection
X-Akamai-ERPolicy
X-LiteSpeed-Tag