Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-FRAME-OPTIONS
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Cnection
X-Node
X-Host
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-DataDome
X-Vhost
X-ESI
X-Server-Name
X-GitHub-Request-Id
X-Server-ID
X-VARITI-CCR
X-MS-InvokeApp
Accept-CH
RTSS
X-ORACLE-DMS-RID
X-Cached
X-Goog-Hash
X-Ruxit-JS-Agent
Charset
SPRequestGuid
Pinterest-Generated-By
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
Public-Key-Pins
Verso
X-F-Cache
X-D2id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-TTL
X-Dispatcher
X-Version
X-T
X-SharePointHealthScore
X-Cdn
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Abt-Application-Version
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-Origin-Upstream-Status
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Navigation-Version
X-DynaTrace-JS-Agent
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
MS-Author-Via
X-Recruiting
DynaTrace
Realpath
X-Client-IP
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream
X-Vcap-Request-Id
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Content-MD5
Nginx-Cache
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Ttl
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Oracle-Dms-Rid
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Hits
X-Debug
X-N
X-Varnish-Age
X-Mrf-Item-Lastmod
X-Goog-Storage-Class
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-MSEdge-Ref
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Acc-Meta-Resource-Type
TCN
Access-Control-Request-Method
X-Via-JSL
X-Id
X-Aspnet-Version
X-NewRelic-App-Data
S
X-ATG-Version
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-XRDS-Location
Service-Worker-Allowed
X-FTR-Expires
X-Logged-In
Alternate-Protocol
X-Forwarded-For
X-Cache-Key
X-HS-Hub-Id
X-HS-Content-Id
X-Oneagent-Js-Injection
Tracecode
X-Kinsta-Cache
X-Frontend
Rt-Fastcgi-Cache
Surrogate-Key
X-PressLabs-Stats
X-Content-Digest
X-FastCGI-Cache
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Grace
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
Fastly-Restarts
X-Litespeed-Cache
X-CF-Powered-By
Server-Name
Fastcgi-Cache
Ar-Sid
X-Amzn-Trace-Id
X-Edge-Location
X-RateLimit-Remaining
X-Content-Options
Backend-Timing
X-Analytics
TP-Cache
Host
TP-L2-Cache
FilterID
X-User-Agent
X-Cache-2
X-Rid
X-Magnolia-Registration
ServerID
X-Whom
X-B3-Sampled
X-Debug-Info
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Hostname
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Srv
AR-Request-ID
X-NWS-LOG-UUID
Paypal-Debug-Id
X-Akam-SW-Version
Front-End-Https
X-VCache
X-AOL-HN
X-Content-Powered-By
Retry-After
Refresh
X-B-Cache
X-Signature
X-Cache-Action
Source
X-Cluster
X-Framework
X-LB-Cache
X-Handled-By
X-Device-Type
X-Request-Guid
X-App-Environment
Cleartype
X-FB-Debug
X-SS-Set-Cookie
X-Varnish-Hostname
X-BCube-Filmed-By
X-WA-Info
X-Cache-Control
X-Tumblr-Pixel-0
X-Cache-Hit
X-Instance
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Grace
X-XRDS-LOCATION
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
X-HS-Cache-Config
X-Platform-Server
X-Correlation-Id
Webserver
X-Activity-Id
X-Fastcgi-Cache
X-AppVersion
X-Az
X-Zen-Fury
X-TA-CDN-Provider
X-Varnish-Backend
X-Sol
Display
X-Middleton-Display
X-Content-Type
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Cache-Server
X-Cache-Rule
X-Cache-Age
X-Varnish-Server
X-Middleton-Response
X-Drupal-Cache-Tags
Response
X-Daa-Tunnel
X-Seen-By
X-Wix-Request-Id
ViewerVersion
X-TT
X-Cached-By
X-Generated-By
Upgrade-Insecure-Requests
X-App-Server
X-Drupal-Cache-Contexts
X-Geo-Country
X-URL
X-Origin-Server
Cache-Status
Server-Node
S-Cnection
X-Amz-Replication-Status
X-DataStream-Cache-Status
X-Accel-Expires
X-Amzn-RequestId
Accept-Charset
X-Amz-Apigw-Id
Payment
Filters
NGB
X-UA-Device-Type
X-CACHE-GROUP
X-Response-Served-From
X-S
X-Servedby
X-Contextid
X-Locale
X-Edge-Cache-Key
X-Edge-Cache
X-Cacheable-TTL
GEO-INFO
Actual-Object-TTL
ServedBy
Viewport
X-Esi
X-Jobs
X-UUID
X-RequestSource
X-Adobe-Content
X-Status
Access-Control-Allow-Method
X-Cache-NE
X-Adobe-Loc
X-Varnish-IP
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Type
X-Tumblr-Pixel-2
X-TT-TIMESTAMP
X-TX-ID
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Amz-Server-Side-Encryption
AsisCache
Server-Info
X-Storage
X-WebKit-CSP-Report-Only
X-GeoIP
X-WPE-Loopback-Upstream-Addr
X-PHP-Backend
MS-CV
Cache-Tv-Group
X-Node-Name
X-Rendered-As
HostName
X-Cache-Remote
Host-Header
X-Cache-TTL-Remaining
X-Dns-Prefetch-Control
X-Croise-Owner
SRV
From-Origin
Cache
X-Region
X-App-Version
X-Dynatrace-Js-Agent
X-Cache-Operation
X-Hyper-Cache
X-APP-VERSION
X-Vg-Webcache
X-Redis-Cache
X-Webkit-CSP
Cache-Tag
Served-By
X-UA
Liferay-Portal
DC
X-HS-Combine-CSS
Public-Key-Pins-Report-Only
X-Guploader-Uploadid
X-Mode
X-Forwarded-Host
X-TIME
X-Site-Version
X-Agile-Age
X-Generated
X-Path-Route
Powered-By-ChinaCache
Machine
X-Webstats-RespID
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-Timing-Wait
X-Akamai-Transformed
X-Agile-Id
Selected-FE
X-Detected-As
Meta-Geo
X-Hosted-By
X-Is-Bot
X-Agile
X-NGENIX-Cache
X-Loop
X-IP
X-Proxy-Build
X-Human
X-TNCMS
X-CDN-Cache
Cache-Name
X-Endurance-Cache-Level
X-Labrador-Cache-Channel
X-NCache
X-BYPASS-REASON
X-Cache-Category-Id
X-Grey
Origin-Edge-Control
Origin-Cache-Control
X-Environment-Context
X-Internal-Host
X-L-Path
X-JoinUs
Now
X-Pc-Key
X-Upstream-CT
X-ProxyCache-Status
X-ProxyCache-Key
X-Pc-Hit
X-Upstream-HT
X-Request-Time
X-Web-Node
X-Upgrade-Enabled
X-Vgn-Hpd-Reason
X-Pc-Appver
X-Via-Fastly
X-Original-Request
X-B3-Spanid
X-Origin
X-BACKEND-TTL
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-Birta-Served
DB-Nickname
X-Birta-Cache-Post
X-VG-TLSProxy
X-Viewer-Country
X-FC-Vary-Parameters
X-Proxy
X-Origin-Host
S-Rt
X-ProcessESI
X-ServerID
X-Pubstack
X-Origin-Response-Time
X-RemovedCookies
X-Time-Microsecs
X-Tb
X-Rule
Cache-Tags
X-Backend-Name
X-Xfnlog-Site
Azure-Version
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
Fastcgi-Useragent
X-Www-Served-By
Mn-Server-Ip
Azure-RegionName
X-Format
X-OCL
X-CCM
Azure-SlotName
X-Yottaa-Metrics
X-PCL
X-Ocache
X-Via-CDN
X-Yottaa-Optimizations
X-Origin-CC
Azure-SiteName
X-Cache-Config
Azure-InstanceId
Pagespeed
X-Proxied
TWC-Locale-Group
X-Routing-Service
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
X-Section
TWC-GeoIP-LatLong
X-App-Name
X-Zipkin-Id
X-Origin-Hint
X-Access
Webcakes-Region
Property-Id
TWC-GeoIP-Country
Datacenter
Xserver
TWC-Connection-Speed
TWC-Device-Class
HitType
Content-Style-Type
Content-Script-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Key
X-Protected-By
X-Parent-Response-Time
X-Edge-IP
User-Cache-Control
OT-Force-Account-Verify
Vix-Hermes-Req-Id
X-Sorting-Hat-ShopId
X-Cache-TTL
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Ezoic-Cdn
X-ShopId
X-Akamai-Request-ID2
Ms-Operation-Id
X-RTag
NtCoent-Length
X-CACHE-KEY
X-Nginx-Cache
Time
X-OVcl
X-OVcl-Cache
X-Ratelimit-Limit
X-Cache-Backend
X-Pc-Host
X-Pc-Date
X-Cdn-Forward
X-PERF
X-ApacheServer
X-Correlation-ID
X-Real-Ip
X-FB-TRIP-ID
L5d-Success-Class
X-Real-IP
Accept-Language
X-Unique-Id-Primal
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-Newrelic-App-Data
Country
LB
AR-SID
X-Proto
X-Webkit-Csp
X-Front
X-Content-Age
X-RateLimit-Limit
X-Amz-Meta-Surrogate-Control
X-CDN-Forward
X-Varnish-Cacheable
X-Debug-Cache
Load-Balancing
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Section-Io-Cache
X-Sucuri-ID
X-Nc
Fusion-Source
Fusion-Template-Id
Ohc-File-Size
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
WZWS-RAY
X-Hl-Ver
X-MP-GENERATED-AT
X-Varnish-Beresp-Ttl
X-Trace-Id
Mail-Subject
We-Hiring
X-Unique-ID
X-Hit
Version
X-Microcachable
Warning
X-GRACE
User-Agent
X-Dc
X-Via-NSCOPI
X-EdgeConnect-Cache-Status
X-Geo
X-C
Access-Control-Request-Headers
Cache-Prefix
X-FW-Version
X-A-Wwc
X-G
X-A-Dgt
BehaviorPad-Version
X-Generated-In
X-From
X-Fetched-On
X-Dispatcher-Server
Ec-Rule-Version
X-Died
X-Actual-URL
X-DPWN-IS-SECURE
X-Accel-Expires-Debug
X-External-Request-Id
X-A-Dcw
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Li-Fabric
X-Layer
Release
X-Li-Pop
Xc-Version
X-We-Are-Hiring
X-WebServer
X-A
Adler-Geo
Powered-By
Platform
Arc-Country
X-Rojux
X-A-Dam
Ajk
X-A-Ccd
Fastly-Backend-Name
Fastly-SIE
Mobile-Detection-Method
X-Cache-Bucket
X-Aed
X-Cache-Debug
X-Cache-Enabled
X-Cache-FS-Status
X-Cache-Expires
IBM-Web2-Location
Is-Eu
Memcached
X-Auto-Login
Meta-Geo-Continent
MD5-Digest
X-B-Cookie
X-Bip
X-BB-ID
X-Cache-Host
X-Cache-Id
Fly-Request-Id
Frame-Options
X-Destination
Fly-Cache
Fastly-SWR
X-Device-Os
X-Developer
X-Date
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-URL
Node
X-Connection-Hash
X-CUA
X-Crawler
X-Served-From
X-Via-SSL
X-SRCache-Key
Server-Host
SD-X-WS
Server-ID
X-ScT
X-Returned-From-PostProcessResponse
V-Age
X-Store
X-PHP-Host
RNT-Machine
X-PAYTM-SRV-ID
X-Thinkindot-L3
X-Thanos
X-Swa-Ws
Rt-Proxy-Cache
RNT-Time
X-Qloud-Router
X-CLOUD-TRACE-CONTEXT
X-Response-By
Thinkindot-CacheControl-Type
X-Request-UUID
X-Returned-From
X-Server-By
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
Thinkindot-CacheControl
SS
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Reboot
X-Region-Sid
X-Server-Time
X-Release
X-Via-Edge
X-Transaction
X-Logtrace-Id
Rendered-Blocks
X-LI-UUID
X-Matched-Rule
X-User
X-Rewrite-Enabled
Www
X-Var-Ttl
X-LI-Proto
X-Application
X-VG-WebServer
X-Varnish-Action
X-S-Cookie
X-S-Maxage
X-Variation
X-Trv-Group
Request-Time
X-TT-LOGID
X-Passed-To
X-P-T
X-Passed-To-BeforeDispatch
Thinkindot-Control
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
Viewtype
Resin-Trace
VivaBuild
X-UE-Client-Country
X-Node-Id
X-Org
X-Twitter-Response-Tags
X-NU-AKA-ACS-Version
X-Rocket-Nginx-Bypass
Web-Mar-Node
PFcat
True-Client-Country-4JS
X-IN-APIGATEWAY
X-Phone
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Origin-Expires
X-Origin-Date
X-Nginx-Cache-Key
X-No-Session
X-Proxy-Cache-Status
X-Stale
X-Server-IP
X-Server-Group
X-Request-Start
X-Proxy-Upstream
X-Sf
X-ServiceProvider
X-UnsetCookies
X-MI-In-Market
X-F5-Cache
X-Fstrz
X-Gen-Mode
X-Distributor
X-Clientip
X-Block-Status
X-Cache-CFC
X-GeoIP-Country-Code
X-Hash
X-Key
X-Location
X-Info
X-IN-WAF
X-Hnp-Log
X-IN-SSL-APIGATEWAY
X-Backend-State
X-Amz-Meta-Cache-Control
GMS-Ver
Esi-Enabled
Decoy-Debug-TTL
GW-Server
Heartbleed
MI-API
Magicmarker
Kp-EeAlive
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Cookie-Set-From
Backend
AKAMAI
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Countrycode
Country-Code
Content-Disposition
MI-Cache
Fastly-SSL
Proxy-Connection
Pramga
Origin
Server-Int
On-Server
MI-Cache-Age
Pagetype
X-ElasticPress-Search
X-Be
X-Epic-Correlation-Id
X-Fastly-Cache
Who
X-Up
X-V
REQUESTUUID
X-Page-Type
X-Distil-CS
X-SIPLIST1
X-Time
X-Irp-Debug
X-Request-URI
X-Policy
X-Secret
X-Core-Value
X-MSEdge-Features
X-MSEdge-Flight
Backend-Name
X-Gannett-Site-Version
X-Eu-Site
IsBot
Ha-Gx-Prefs
HA-Geocountry
HA-Geocity
HA-Geolat
HA-Geolon
X-Backend-Url
HA-Georegion
X-Backend-Host
HA-Ipaddr
HA-Host
HA-Urlpath
HA-Cloudapp
X-CGP
HA-Servedtime
X-Core-Mission
X-NODE
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Platform
CDCHOST
Apple-News-Services-Host
X-Sn-Servicetimems
X-Wikidot-Static-Cache
X-Debug-Log
X-NX-Host
X-Debug-Cookies
X-Wikidot-Backend
X-Svr
X-Origin-TTL
X-Developers
Fastly-Soc-X-Request-Id
X-Refresh
X-Micro-Cache
X-Cdn-Origin
Apple-News-Services-Handled
Pragrma
X-Ua
X-Planisys-CDN-Cache
X-Debug-Cache-Expiry
X-Generated-On
X-Debug-Cache-Fetch
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Locale
UCS
X-Urbn-Context-Path
Request-Country
RequestId
Request-EU
X-Servername
Uber-Trace-Id
X-Instance-Name
X-Debug-Cache-Store
X-Level-Front-Cache
X-Urbn-Site-Id
PageSpeed
X-Pjax-Url
ServerName
X-NC
Lfy
X-COUNTRY
X-DC
X-NWS-UUID-VERIFY
X-Instart-Info
Group
V-Cache
X-GeoIP-City
X-VarnPar1
Ohc-Response-Time
X-VarnCache
X-PARISIEN-Cache-Rendered
X-Req
X-VCT
X-Server-Cache
X-Cache-Info
X-Cdn-Srv
Host-ID
X-Newrelic-Synthetics
X-CACHE-AGE
HitInfo
MIME-Version
X-ARC
Memory
Cteonnt-Length
X-Datadome
X-Ratelimit-Remaining
X-BBXSRF
Cache-Provider
Mime-Version
PICS-Label
Cdn
X-Powered-By-ANYU
X-CMS-Context
X-Gdpr
X-EIG-Tracking-Id
X-TWH-CORRELATION-ID
X-WR-MODIFICATION
X-Servedbyhost
X-LAGOON
Nel
X-Aicache-OS
X-StackifyID
CF-IPCountry
NGX
CDN
X-Load-Cache
X-HTML-Minification-Powered-By
X-Wa
XServer
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Cluster-Node
GeoIP-Latitude
X-WA
X-Fastly-Country-Code
GeoIP-Country-Code
Cf-Ipcountry
FSS-Cache
X-NodeID
X-Fastly-Backend-Reqs
GeoIp-Country-Code
FSS-Proxy
Geoip-Latitude
X-CSRF-TOKEN
X-Sentry-ID
X-FireWall-Port
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Varnish-Cache-Hits
CACHE
X-UPSTREAM-Address
X-ABtesting
X-Flog
X-Generation-Time
X-Hello
X-VServer
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Unique-Id
X-Cache-Miss-From
Processtime
X-Sedo-Request-Id
SN
X-Source
X-Csrf-Token
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-HOST
X-Cache-Grace
X-APP
X-ServedByHost
X-Oss-Storage-Class
X-GZip
X-CSRF-Token
TSSecure
WP-Super-Cache
X-Varnish-Authentication
X-CDN-Pop
Server-Surrogate-Control
X-DataStream-Origin-MEX-Latency
X-Cache-ASPX
X-CDN-Pop-IP
X-DataStream-MidMile-RTT
Server-Cache-Control
X-RCS-Backend
X-Nananana
X-VG-WebCache
X-HS-Status
X-Dynatrace
X-MServer
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-Worker
X-IPS-LoggedIn
X-SRV
X-FORWARDED-FOR
X-Varnish-Url
X-GDPR
X-Skip-Cache
X-VC-Cache
Pics-Label
URI
A
X-ID
PageType
DataCenter
X-Sucuri-Cache
X-ND-Cache
X-Instart-Isnd
Hostname
HTTPS
X-Fastly-Cache-Hits
Is-Session-Tracking
X-B3-SpanId
X-GoCache-CacheStatus
X-LJ-Flow-ID
X-SplitTest
X-VWS-Id
X-Port
X-From-Cache
X-AWS-Id
Get-Access-Time
X-BE
X-Swift-Error
X-Pf-Uncompressing
X-Backend-TTL
X-Server-W
X-PJAX-URL
Proxy-Firewall
Odigeo-Trace-Id
Dynatrace
X-NGINX-Cache
X-Bug-Bounty
X-Gen-Id
X-Owner
X-Amzn-Remapped-Date
Powered
X-GZIP
X-Amzn-Remapped-Connection
Cache-Hits
X-SN
X-Cache-Ttl
X-VarnPar2
Requestid
X-ORIG-AKA-EDGE
X-Ms-Version
X-Akamai-SSL-Client-Sid
X-Pc-Subdomain
Serverid
X-Amz-Meta-S3b-Last-Modified
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Alicdn-Da-Ups-Status
X-Varnish-URL
X-PAGE-TYPE
X-LiteSpeed-Cache-Control
T-Server
X-Fe
X-Serial
X-HostName
X-GEO
X-SB
X-RAMCache
X-ServerName
X-ORIG-AKA-COUNTRY-CODE
X-VC
RequestUuid
WebServer
ProcessTime
X-RequestId
X-Requestid
X-PF-Uncompressing
Xet-Cookie
Correlation-Id
X-CS
X-Akamai-ERPolicy
NnCoection
SID
X-HTML-Edge-Cache
X-Akamai-ERRuleID
Location
NodeID
X-Dw-Trace-Id
X-Developed-By
X-Ms-Lease-State
X-LiteSpeed-Tag