Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Iinfo
Content-Encoding
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
P3p
X-Request-ID
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Pingback
X-Server
X-Swift-SaveTime
X-Swift-CacheTime
X-Hacker
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-LiteSpeed-Cache
Request-Context
X-Kinja-Server-Push
X-Device
X-Ac
Content-Location
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Amz-Version-Id
X-Response-Time
X-Host
X-Backend-Server
Surrogate-Control
X-Cnection
X-Rq
X-OneAgent-JS-Injection
X-Readtime
X-Rack-Cache
X-WebKit-CSP
Server-Timing
X-Server-Id
X-Node
Report-To
EagleEye-TraceId
X-Cloud-Trace-Context
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
Feature-Policy
X-Instart-Request-ID
X-Iejgwucgyu
X-Ua-Compatible
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
X-CST
Pinterest-Generated-By
NEL
Rating
X-Px
X-Country
X-Server-Name
X-Country-Code
X-Url
X-TTL
X-DataDome
X-Ruxit-JS-Agent
X-Origin-Cache
X-Varnish-TTL
X-MS-InvokeApp
X-DynaTrace
Allow
X-Vhost
X-PC
X-TtlSet
X-Vname
X-Cached
X-FTR-Request-ID
RTSS
X-ESI
X-Server-ID
X-Powered-CMS
X-Goog-Hash
X-DynaTrace-JS-Agent
Charset
X-Powered-By-Plesk
X-VARITI-CCR
Accept-CH
X-Dispatcher
Public-Key-Pins
X-GitHub-Request-Id
X-D2id
X-Mod-Pagespeed
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-F-Cache
SPRequestGuid
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Trace
Content-MD5
MS-Author-Via
X-Oracle-Dms-Rid
X-Version
Verso
X-SharePointHealthScore
X-T
X-Recruiting
Nginx-Cache
X-Abt-Application-Version
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Client-IP
X-Forwarded-Proto
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-B3-TraceId
X-HW
X-N
Accept-CH-Lifetime
X-Navigation-Version
X-DIS-Request-ID
X-Dw-Request-Base-Id
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Amz-Rid
X-XRDS-Location
X-Origin-Upstream-Status
X-Upstream
X-ORACLE-DMS-RID
Fastly-Restarts
X-B
AR-CACHE
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-ATIME
AR-PoweredBy
X-Fastly-Request-ID
Paypal-Debug-Id
X-Hits
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
TCN
Realpath
DynaTrace
X-Content-Options
Arr-Disable-Session-Affinity
X-Pad
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Service-Worker-Allowed
X-NF-Request-ID
X-Content-Digest
X-Webkit-Csp
X-Ser
X-Id
Tracecode
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Varnish-Age
Front-End-Https
S
X-Debug
X-Amz-Cf-Pop
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-FastCGI-Cache
Display
X-Sol
X-Middleton-Display
X-Dns-Prefetch-Control
X-Vcap-Request-Id
X-RateLimit-Remaining
X-MSEdge-Ref
X-PressLabs-Stats
X-Kinsta-Cache
X-FTR-Backend
X-Country-Code-Real
X-Frontend
X-FTR-Expires
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-IPLB-Instance
X-Oneagent-Js-Injection
X-Cache-Hit
X-ATG-Version
Surrogate-Key
X-Forwarded-For
Powered-By-ChinaCache
X-HS-Content-Id
X-HS-Hub-Id
X-Zen-Fury
X-Geo-Segment
X-Grace
Fastcgi-Cache
Rt-Fastcgi-Cache
Server-Name
X-Middleton-Response
Response
X-Logged-In
X-CF-Powered-By
X-Analytics
Backend-Timing
X-Debug-Info
X-NewRelic-App-Data
X-Mobile
AMP-Access-Control-Allow-Source-Origin
X-Amzn-Trace-Id
X-Rid
X-Request-Received
FilterID
X-SS-Set-Cookie
X-Request-Processing-Time
Host
X-FTR-Cache-Host
TP-Cache
X-Revision
TP-L2-Cache
X-Akam-SW-Version
X-Edge-Location
X-User-Agent
X-Litespeed-Cache
X-Cache-Key
X-Cdn
MicrosoftSharePointTeamServices
Edge-Cache-Tag
Cache-Status
Ar-Sid
X-Cached-By
X-TA-CDN-Provider
X-Accel-Expires
Host-Header
Refresh
X-Magnolia-Registration
X-Drupal-Cache-Tags
X-Ttl
X-GUploader-UploadID
X-SERVER
X-Cache-Rule
Liferay-Portal
ServerID
X-Newrelic-App-Data
X-Varnish-Backend
X-Node-Name
X-FB-Debug
X-Platform-Server
X-AOL-HN
X-Cluster
X-Whom
X-HS-Cache-Config
X-B3-Sampled
X-Akamai-Edgescape
DC
Cache-Tag
X-B-Cache
X-Tumblr-Pixel
X-Signature
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Hostname
X-Cache-2
X-Instance
X-Webkit-CSP
X-Cache-Control
X-Content-Security-Policy-Report-Only
X-Framework
X-App-Environment
X-Page-Id
X-LB-Cache
X-BCube-Filmed-By
Public-Key-Pins-Report-Only
X-Request-Guid
Cleartype
X-Handled-By
X-Device-Type
X-Srv
X-B3-TraceId-Primal
Accept-Charset
X-AppVersion
X-WPE-Loopback-Upstream-Addr
X-Activity-Id
X-Use-Magma
X-Az
X-Esi
Eomportal-Instance
X-Generated-By
AR-Request-ID
X-URL
X-TT
X-Cache-Server
X-Cache-Action
X-Wix-Request-Id
X-Seen-By
X-Via-JSL
X-Drupal-Cache-Contexts
ViewerVersion
MS-CV
Upgrade-Insecure-Requests
X-Fastcgi-Cache
X-NWS-LOG-UUID
X-App-Server
X-Amz-Replication-Status
Source
X-VCache
Retry-After
X-Content-Powered-By
X-Correlation-Id
HostName
X-App-Version
Alternate-Protocol
X-Varnish-Server
X-WA-Info
Server-Node
X-Cache-NE
X-Response-Served-From
Webserver
X-Hostname
CACHE
Actual-Object-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
X-Locale
X-GeoIP
SRV
X-Varnish-Grace
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Geo-Country
X-FW-Static
X-FW-Server
X-RequestSource
X-Jobs
X-FW-Type
X-FW-Serve
AsisCache
X-FW-Hash
Payment
X-UUID
GEO-INFO
X-Cache-TTL-Remaining
X-Status
X-HS-Combine-CSS
X-Edge-Cache-Key
X-Edge-Cache
X-S
X-Servedby
X-Adobe-Content
Viewport
X-Contextid
X-Yottaa-Metrics
X-Yottaa-Optimizations
ServedBy
X-Adobe-Loc
X-Varnish-Hits
AR-SID
X-Varnish-IP
X-TX-ID
X-Correlation-ID
X-TT-TIMESTAMP
Pagespeed
X-Origin-Server
X-Vg-Webcache
X-Cache-Operation
Country
X-Cacheable-TTL
X-Sucuri-ID
PageSpeed
X-RateLimit-Limit
Served-By
Server-Info
X-Daa-Tunnel
X-Region
X-Hyper-Cache
X-TIME
Datacenter
X-Amz-Server-Side-Encryption
From-Origin
X-Forwarded-Host
X-Akamai-Request-ID2
X-Real-IP
X-Mode
X-Ezoic-Cdn
S-Cnection
X-Cache-Age
Content-Script-Type
Content-Style-Type
HitInfo
HitType
X-DataStream-Cache-Status
X-Cache-Var
X-Detected-As
X-Upgrade-Enabled
X-Zipkin-Id
X-Cache-Var-Map
Fastcgi-X-Cache-Version
X-Generated
X-Rule
Fastcgi-X-Cache
X-Site-Version
X-Rendered-As
X-Amz-Meta-Surrogate-Control
Meta-Geo
Machine
X-Access
X-Is-Bot
X-JoinUs
X-Format
X-Section
X-Routing-Service
X-RN-RSRV
X-Proxied
Azure-InstanceId
Fastcgi-Useragent
LB
Azure-SlotName
Azure-SiteName
DB-Nickname
Azure-RegionName
Access-Control-Allow-Method
X-Environment-Context
X-L-Path
X-NGENIX-Cache
X-Hosted-By
X-Hit
X-CDN-Cache
X-Grey
X-Ocache
X-Origin-Hint
X-Request-Time
X-Proxy
X-Rocket-Nginx-Bypass
X-Tb
X-Cache-Config
X-Cache-Category-Id
X-Agile-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
OT-Force-Account-Verify
Property-Id
TWC-Locale-Group
TWC-Privacy
X-Agile
X-Agile-Age
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Now
Azure-Version
X-Akamai-Transformed
X-Content-Type
Healthy
X-FC-Vary-Parameters
X-Human
X-Loop
S-Rt
Cache-Name
L5d-Success-Class
Mn-Server-Ip
Cache
X-OCL
X-Via-Fastly
X-Viewer-Country
X-Birta-Cache-Post
X-Birta-Served
X-TNCMS
X-ServerID
X-Origin
X-PCL
X-XRDS-LOCATION
X-Source
X-VG-TLSProxy
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-VWS-Id
X-App-Name
X-Upstream-CT
X-Xfnlog-Site
X-IP
X-Cluster-Node
X-AWS-Id
X-EIG-Tracking-Id
X-CCM
X-Distil-CS
X-Original-Request
X-Upstream-HT
X-RemovedCookies
X-ProcessESI
X-OVcl
X-Pc-Key
X-SplitTest
X-OVcl-Cache
X-Pc-Appver
X-Pc-Hit
X-Ms-Version
X-Pubstack
X-Cache-Enabled
X-ProxyCache-Status
X-BYPASS-REASON
X-Proxy-Build
X-TWH-CORRELATION-ID
X-Www-Served-By
X-Timing-Wait
X-ProxyCache-Key
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
Selected-FE
IBM-Web2-Location
X-ShardId
X-Sorting-Hat-ShopId
Accept-Language
X-Microcachable
Access-Control-Request-Headers
X-Sorting-Hat-PodId
Xserver
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-NodeID
X-Path-Route
X-Port
X-Web-Node
Cache-Hits
X-Via-CDN
X-Transaction
X-Connection-Hash
X-RTag
X-Twitter-Response-Tags
X-UA
X-Ruxit-Js-Agent
X-APP-VERSION
X-GRACE
X-Cache-Remote
Ms-Operation-Id
Origin-Edge-Control
X-MP-GENERATED-AT
Origin-Cache-Control
Backend
Time
X-Unique-ID
X-Origin-CC
X-HOST
NtCoent-Length
X-Geo
X-Nginx-Cache
User-Agent
X-Varnish-Cacheable
X-Debug-Cache
X-Real-Ip
X-Guploader-Uploadid
X-Varnish-Cache-Hits
We-Hiring
X-Edge-IP
Mail-Subject
X-Sucuri-Cache
X-Internal-Host
X-NODE
X-Cache-TTL
X-NCache
NGB
X-Tumblr-Pixel-3
Filters
X-Pc-Host
X-Newrelic-Synthetics
X-Pc-Date
X-Cdn-Forward
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Proto
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Age
Fastly-SSL
X-Mrs-Cache-Hits
Warning
X-PERF
X-ApacheServer
X-Vgn-Hpd-Reason
X-Csrf-Token
X-Storage
X-CACHE-GROUP
X-CDN-Forward
X-CACHE-AGE
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Time-Microsecs
Locale
X-Varnish-Beresp-Grace
X-Ua
X-Varnish-Beresp-Status
X-Akamai-Request-ID
X-Webstats-RespID
X-C
Cache-Key
X-CACHE-KEY
X-Backend-Name
X-ElasticPress-Search
X-EdgeConnect-Cache-Status
Cache-Tags
WZWS-RAY
User-Cache-Control
X-Endurance-Cache-Level
X-Powered-By-ANYU
X-Fetched-On
FSS-Proxy
X-From
FSS-Cache
X-UE-Client-Country
X-CF-Lambda-Version
Fly-Cache
X-F5-Cache
Fly-Request-Id
X-Application
X-CF-Lambda-Fn
GMS-Ver
X-Accel-Expires-Debug
X-Generated-In
X-Cache-Bucket
X-Cache-Srv
X-SRCache-Key
X-Store
X-Trv-Group
X-Amz-Meta-Cache-Control
X-G
X-Aed
X-BBXSRF
X-BB-ID
BehaviorPad-Version
X-DPWN-IS-SECURE
Arc-Country
Content-Disposition
X-B-Cookie
X-Backend-Host
Cache-Prefix
X-Developer
X-Destination
X-Died
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Ec-Rule-Version
X-External-Request-Id
X-Backend-TTL
X-Backend-Url
Ajk
X-D
X-Date
Apple-News-Services-Host
Apple-News-Services-Handled
X-Epic-Correlation-Id
X-Developers
X-Nc
X-Via-Edge
V-Age
UCS
X-Region-Sid
X-Via-SSL
Xc-Version
Odigeo-Trace-Id
X-Rojux
X-Rewrite-Enabled
X-A-Wwc
Viewtype
TSSecure
SN
X-NU-AKA-ACS-Version
X-Wikidot-Static-Cache
Server-Host
Rt-Proxy-Cache
Resin-Trace
X-Org
X-PAYTM-SRV-ID
X-Logtrace-Id
X-Platform
X-Wikidot-Backend
Rendered-Blocks
X-S-Cookie
X-VG-WebServer
X-A-Dam
X-Dc
X-IN-SSL-APIGATEWAY
VivaBuild
X-IN-APIGATEWAY
MD5-Digest
X-GeoIP-Country-Code
X-Hash
X-A-Dgt
X-A-Dcw
Meta-Geo-Continent
X-IN-WAF
X-Irp-Debug
X-Server-By
Mobile-Detection-Method
X-ScT
X-Server-Time
X-A
X-A-Ccd
X-NC
X-ABtesting
X-Auto-Login
RNT-Time
Thinkindot-CacheControl-Type
Server-ID
X-Cache-Host
Server-Int
Thinkindot-Control
Www
X-Backend-State
Thinkindot-CacheControl
X-Flog
X-Release
X-Location
X-Redis-Cache
X-Worker
X-Request-Start
X-Response-By
X-Layer
X-Secret
X-S-Maxage
X-Reboot
RNT-Machine
X-Matched-Rule
X-MSEdge-Flight
X-MSEdge-Features
X-Nginx-Cache-Key
X-No-Session
X-VServer
X-We-Are-Hiring
X-Phone
X-Server-IP
X-User
X-Dispatcher-Server
X-Distributor
X-Eu-Site
X-Fastly-Cache
X-Croise-Owner
X-Core-Mission
X-Cdn-Origin
X-CGP
X-Clientip
X-FW-Version
X-Thinkindot-L3
X-Hl-Ver
X-SIPLIST1
X-Up
X-UnsetCookies
X-Hello
X-Sn-Servicetimems
X-Gannett-Site-Version
X-GeoIP-City
X-Cache-URL
Section-Io-Cache
HA-Servedtime
HA-Ipaddr
Ha-Gx-Prefs
HA-Georegion
HA-Urlpath
Heartbleed
Magicmarker
IsBot
X-B3-Spanid
HA-Geolon
HA-Geolat
X-Cache-Backend
Countrycode
AKAMAI
Backend-Name
Frame-Options
GW-Server
HA-Geocountry
HA-Geocity
HA-Cloudapp
Memcached
HA-Host
NodeID
Release
Pramga
X-Varnish-Beresp-Ttl
Origin
X-LI-UUID
Cache-Cookie-Set-Idcheck
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Cache-Cookie-Set-Lfrom
X-MI-In-Market
Decoy-Debug-Status
Decoy-Debug-TTL
X-NX-Host
X-Node-Id
X-Key
X-Instance-Name
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ServiceProvider
X-Fstrz
Adler-Geo
Fastly-Soc-X-Request-Id
X-Request-URI
X-Hnp-Log
Pagetype
X-Owner
Cache-Cookie-Set-From
X-V
X-Passed-To-BeforeDispatch
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Returned-From
X-Request-UUID
X-TT-LOGID
X-Served-From
X-Thanos
X-Stale
X-Sf
X-Trace-Id
X-Var-Ttl
X-Device-Os
X-Passed-To-PostProcessResponse
X-Policy
X-Passed-To-DLL
X-Swa-Ws
Decoy-Debug-Key
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Variation
X-Varnish-Action
X-VCT
X-WebServer
X-Passed-To
X-Rebelmouse-Cache-Control
X-Cache-Debug
X-Cache-Expires
X-Cache-CFC
X-Block-Status
X-Bip
X-Cache-Id
Fastly-SWR
X-Crawler
X-Core-Value
Fastly-Backend-Name
Fastly-SIE
X-Actual-URL
Is-Eu
Pragrma
Request-Country
Request-EU
X-DC
Platform
Uber-Trace-Id
Kp-EeAlive
MI-Cache
MI-Cache-Age
CDCHOST
Esi-Enabled
Web-Mar-Node
Country-Code
X-CUA
X-Debug-Log
X-Debug-Cookies
X-PHP-Backend
X-BB-IP
X-Datadome
REQUESTUUID
X-Sentry-ID
Proxy-Connection
X-Qloud-Router
X-Ms-Lease-State
X-Info
True-Client-Country-4JS
On-Server
X-Via-NSCOPI
RequestId
Cteonnt-Length
HTTPS
X-UA-Device-Type
MI-API
X-COUNTRY
ProcessTime
X-P-T
MIME-Version
X-Servername
Powered-By
X-Be
X-SN
X-Pjax-Url
X-Kong-Upstream-Latency
X-Refresh
X-Req
X-Page-Type
X-Ckpd-Fst-Backend
X-Kong-Proxy-Latency
X-Origin-TTL
X-SVT-ORM-RULES
X-Origin-Response-Time
X-Dynatrace-Js-Agent
X-SVT-ORM-VERSION
X-NWS-UUID-VERIFY
Cdn
X-MServer
X-GZip
Version
X-Oracle-Dms-Ecid
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
Memory
X-Oss-Hash-Crc64ecma
X-Parent-Response-Time
Amp-Access-Control-Allow-Source-Origin
X-Cache-FS-Status
CF-IPCountry
X-Content-Age
Who
X-Unique-Id-Primal
Mime-Version
Group
X-Servedbyhost
X-Aicache-OS
V-Cache
Fusion-Source
X-Varnish-Url
X-ND-Cache
X-Vcache
X-Generation-Time
Fusion-Content-Source
Fusion-Template-Id
SS
X-Pf-Uncompressing
X-Wa
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Fusion-Content-Id
Fusion-Component-Id
X-Varnish-Beresp-TTL
X-FireWall-Port
X-Unique-Id
CDN
XServer
X-GEO
X-Time
X-SRV
Geoip-Latitude
GeoIP-Country-Code
X-Cache-Info
Cdn-Host
Cdn-Request-Time
X-Edge-Server
GeoIp-Country-Code
X-Fastly-Cache-Hits
PageType
Is-Session-Tracking
Get-Access-Time
GeoIP-Latitude
X-Protected-By
X-Qnm-Cache
X-M-Log
X-M-Reqid
X-CS
X-B3-Traceid
X-EC-Security-Audit
X-Server-Group
X-Server-W
NGX
X-WA
X-APP
Serverid
X-Surge-Debug
T-Server
Load-Balancing
SD-X-WS
ServerName
X-Check-Cacheable
X-Ratelimit-Remaining
X-Requestid
X-HTML-Minification-Powered-By
X-CSRF-Token
X-Origin-Date
X-Origin-Expires
A
DataCenter
Nel
X-StackifyID
X-ID
X-Nananana
X-Gdpr
X-SERVER-NAME
PICS-Label
X-ServedByHost
Cf-Ipcountry
X-RequestId
X-ARC
X-Alicdn-Da-Ups-Status
X-HS-Status
X-UPSTREAM-Address
X-Fastly-Country-Code
X-Skip-Cache
Processtime
X-FORWARDED-FOR
Hostname
X-Proxy-Server
URI
X-NGINX-Cache
X-Load-Cache
X-GZIP
X-Feature
X-PF-Uncompressing
WP-Super-Cache
Node
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-PHP-Host
X-Origin-Host
VIX-Pulpo-Upstream-Status
X-B3-SpanId
VIX-Pulpo-Node
X-Fe
X-VG-WebCache
X-BE
X-ServerName
Cache-Provider
Lfy
X-PAGE-TYPE
Powered
X-PJAX-URL
X-Cdn-Srv
Cneonction
X-Atg-Version
X-Cache-Ttl
X-IPS-LoggedIn
RequestUuid
Https
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Content-Encoded-By
X-HTML-Edge-Cache
Requestid
Vix-Hermes-Req-Id
X-From-Cache
X-Fastly-Backend-Reqs
X-SB
Sid
N-Cache
X-Distil-Cs
X-VC
X-Akamai-SSL-Client-Sid
X-Serial
Host-ID
Xet-Cookie
X-CSRF-TOKEN
SID
X-Grace-Duration
Cdn-Src-Port
X-RAMCache
X-Gen-Id
PFcat
X-Dw-Trace-Id
Build-Number
X-WR-MODIFICATION