Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Cnection
X-OneAgent-JS-Injection
X-Host
X-Node
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
Rating
X-Url
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-DataDome
X-Vhost
X-Server-Name
X-ESI
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
RTSS
X-Ruxit-JS-Agent
X-MS-InvokeApp
Accept-CH
X-Cached
X-Goog-Hash
Charset
SPRequestGuid
X-Server-ID
X-TTL
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
Pinterest-Generated-By
Verso
X-D2id
X-F-Cache
X-Kinja-Build
X-GoogleNews-Bot
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
Public-Key-Pins
X-Kinja-Server
X-Exp-Variant
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-Dispatcher
X-Version
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
X-Abt-Application-Version
Accept-CH-Lifetime
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Navigation-Version
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
X-Recruiting
MS-Author-Via
DynaTrace
X-Client-IP
Realpath
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upstream
X-Vcap-Request-Id
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Content-MD5
Nginx-Cache
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
X-Ttl
Arr-Disable-Session-Affinity
X-Hits
X-N
X-Varnish-Age
X-Debug
X-Oracle-Dms-Rid
X-Mrf-Section-Lastmod
X-Goog-Storage-Class
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Aspnet-Version
X-NF-Request-ID
TCN
X-MSEdge-Ref
Access-Control-Request-Method
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-Id
X-Via-JSL
X-NewRelic-App-Data
S
X-ATG-Version
X-XRDS-Location
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
Service-Worker-Allowed
X-Logged-In
X-FTR-Expires
X-Oneagent-Js-Injection
Alternate-Protocol
X-HS-Hub-Id
Tracecode
X-Forwarded-For
X-HS-Content-Id
Surrogate-Key
X-PressLabs-Stats
X-Frontend
X-Kinsta-Cache
Rt-Fastcgi-Cache
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Pad
X-Cache-Key
MicrosoftSharePointTeamServices
Fastly-Restarts
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Content-Options
X-Ruxit-Js-Agent
Server-Name
X-CF-Powered-By
X-Edge-Location
X-Amzn-Trace-Id
Fastcgi-Cache
Backend-Timing
X-Analytics
Ar-Sid
FilterID
X-Grace
TP-L2-Cache
Host
TP-Cache
X-Rid
X-User-Agent
X-Cache-2
X-Debug-Info
X-Magnolia-Registration
X-Whom
X-B3-Sampled
ServerID
X-Hostname
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Page-Id
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Srv
X-NWS-LOG-UUID
AR-Request-ID
Paypal-Debug-Id
X-VCache
X-AOL-HN
X-Akam-SW-Version
Front-End-Https
X-Content-Powered-By
X-URL
Retry-After
X-B-Cache
X-Litespeed-Cache
Refresh
X-Signature
X-Cache-Action
X-Cluster
Source
X-Device-Type
X-Framework
X-Handled-By
X-LB-Cache
X-Request-Guid
X-Correlation-Id
Cleartype
X-SS-Set-Cookie
X-WA-Info
X-Varnish-Hostname
X-FB-Debug
X-Instance
X-HS-Cache-Config
X-Cache-Control
X-Varnish-Grace
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-0
X-BCube-Filmed-By
X-Tumblr-Pixel
X-Cache-Hit
X-Platform-Server
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-Fastcgi-Cache
X-TA-CDN-Provider
Webserver
X-GUploader-UploadID
X-Sol
Display
X-Zen-Fury
X-Middleton-Display
X-Activity-Id
X-AppVersion
X-Az
X-Varnish-Backend
X-XRDS-LOCATION
VIX-Pulpo-Upstream-Status
X-Content-Type
VIX-Pulpo-Node
X-Daa-Tunnel
Healthy
X-Cache-Rule
X-Cache-Server
Response
X-Middleton-Response
X-Drupal-Cache-Tags
X-Varnish-Server
X-Seen-By
X-Wix-Request-Id
ViewerVersion
X-Drupal-Cache-Contexts
X-Cache-Age
X-Cached-By
X-TT
X-Generated-By
Upgrade-Insecure-Requests
X-App-Server
X-Geo-Country
Server-Node
S-Cnection
Cache-Status
X-Origin-Server
X-DataStream-Cache-Status
X-CACHE-GROUP
X-Amz-Replication-Status
X-Accel-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Esi
Payment
Accept-Charset
GEO-INFO
Filters
NGB
X-UA-Device-Type
X-S
X-Response-Served-From
X-Edge-Cache-Key
X-Servedby
X-Edge-Cache
X-Contextid
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
X-Status
X-UUID
Actual-Object-TTL
Access-Control-Allow-Method
Viewport
X-Varnish-IP
X-Jobs
X-Cache-NE
ServedBy
X-Locale
X-RequestSource
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Hash
X-Tumblr-Pixel-2
X-TT-TIMESTAMP
X-Varnish-Hits
X-Tumblr-Pixel-1
X-TX-ID
X-Node-Name
AsisCache
X-Amz-Server-Side-Encryption
Server-Info
X-WebKit-CSP-Report-Only
X-WPE-Loopback-Upstream-Addr
X-GeoIP
X-Storage
HostName
Cache-Tv-Group
X-Dns-Prefetch-Control
Cache
X-PHP-Backend
MS-CV
X-Cache-TTL-Remaining
Host-Header
X-Croise-Owner
X-App-Version
X-Rendered-As
X-Cache-Remote
SRV
From-Origin
X-Region
X-Cache-Operation
X-Vg-Webcache
X-Hyper-Cache
X-Webkit-CSP
X-Redis-Cache
X-APP-VERSION
Served-By
Cache-Tag
Public-Key-Pins-Report-Only
X-Guploader-Uploadid
X-Dynatrace-Js-Agent
Liferay-Portal
DC
X-HS-Combine-CSS
X-Forwarded-Host
X-CACHE-KEY
X-Mode
Pagespeed
X-Endurance-Cache-Level
X-Akamai-Transformed
X-Hosted-By
X-Agile-Age
X-Request-Time
Meta-Geo
X-Agile-Id
X-Detected-As
X-Upgrade-Enabled
X-RN-RSRV
X-Cache-Var-Map
X-NGENIX-Cache
Machine
X-Webstats-RespID
X-Agile
X-Loop
X-Path-Route
Selected-FE
X-Timing-Wait
X-TNCMS
X-IP
X-Proxy-Build
X-Is-Bot
X-Cache-Var
Origin-Cache-Control
Origin-Edge-Control
X-Origin
Now
X-CDN-Cache
X-JoinUs
X-Internal-Host
X-L-Path
X-Labrador-Cache-Channel
X-NCache
X-Human
X-Grey
X-BYPASS-REASON
X-Cache-Category-Id
X-Environment-Context
X-Generated
Cache-Name
X-Pc-Hit
X-Upstream-CT
X-ProxyCache-Status
X-ProxyCache-Key
X-Pc-Key
X-Upstream-HT
X-VG-TLSProxy
X-Site-Version
Powered-By-ChinaCache
X-Vgn-Hpd-Reason
X-Pc-Appver
X-Via-Fastly
X-Original-Request
X-B3-Spanid
Xserver
X-Yottaa-Optimizations
X-Web-Node
X-Viewer-Country
S-Rt
X-Birta-Served
X-Tumblr-Pixel-3
DB-Nickname
X-OCL
X-Birta-Cache-Post
X-Akamai-Request-ID
X-Yottaa-Metrics
X-Time-Microsecs
X-Proxy
X-Origin-Response-Time
X-Tb
X-ProcessESI
X-ServerID
X-PCL
X-Pubstack
X-Origin-Host
X-RemovedCookies
X-Format
X-UA
X-FC-Vary-Parameters
Fastcgi-X-Cache-Version
X-App-Name
X-Backend-Name
X-Www-Served-By
Mn-Server-Ip
X-Access
X-Xfnlog-Site
X-Rule
X-Section
Azure-InstanceId
X-Cache-Config
Fastcgi-X-Cache
X-CCM
X-BACKEND-TTL
X-Ocache
Azure-RegionName
X-Origin-CC
Cache-Tags
Fastcgi-Useragent
Azure-SiteName
Azure-Version
Azure-SlotName
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
X-Routing-Service
X-Origin-Hint
X-Proxied
TWC-GeoIP-LatLong
X-Zipkin-Id
Webcakes-Region
Property-Id
TWC-GeoIP-Country
HitType
TWC-Connection-Speed
TWC-Device-Class
Datacenter
Cache-Key
X-TIME
X-Protected-By
X-Kong-Upstream-Latency
Content-Style-Type
X-Kong-Proxy-Latency
X-Via-CDN
Content-Script-Type
X-Edge-IP
X-Parent-Response-Time
X-Akamai-Request-ID2
User-Cache-Control
X-Nginx-Cache
Vix-Hermes-Req-Id
OT-Force-Account-Verify
X-Ezoic-Cdn
X-Cache-TTL
X-ShardId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-Cdn-Forward
Time
Ms-Operation-Id
X-RTag
X-OVcl-Cache
X-OVcl
NtCoent-Length
X-RateLimit-Limit
X-Real-IP
L5d-Success-Class
X-Pc-Date
X-PERF
X-ApacheServer
X-Pc-Host
X-Cache-Backend
Accept-Language
X-Newrelic-App-Data
X-FB-TRIP-ID
X-Mrs-Cache
X-Front
X-Unique-Id-Primal
X-Real-Ip
X-Mrs-Age
X-Mshield-Cache-Status
AR-SID
X-Mrs-Cache-Hits
X-Webkit-Csp
X-Amz-Meta-Surrogate-Control
LB
X-Correlation-ID
X-GRACE
X-Proto
Section-Io-Cache
Country
X-Content-Age
X-Nc
X-Ratelimit-Limit
X-Varnish-Cacheable
X-Varnish-Beresp-Status
Load-Balancing
X-Varnish-Beresp-Grace
X-Debug-Cache
X-CDN-Forward
X-Sucuri-ID
X-Varnish-Beresp-Ttl
WZWS-RAY
X-Hit
Ohc-File-Size
X-Unique-ID
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-MP-GENERATED-AT
X-Hl-Ver
X-Trace-Id
Warning
X-Microcachable
Version
We-Hiring
X-Time
Mail-Subject
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
User-Agent
Access-Control-Request-Headers
X-Dc
X-C
X-Developer
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Crawler
X-Destination
Memcached
X-D
MD5-Digest
X-Date
X-Cache-URL
X-CUA
Is-Eu
X-B-Cookie
RNT-Time
X-A-Ccd
X-A
Rt-Proxy-Cache
RNT-Machine
Resin-Trace
X-A-Dam
Rendered-Blocks
Request-Time
SD-X-WS
Www
Thinkindot-CacheControl
SS
Server-ID
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
VivaBuild
Viewtype
V-Age
X-A-Dcw
X-A-Dgt
X-Bip
X-BB-ID
X-Backend-State
X-Auto-Login
X-Cache-Debug
X-Cache-Enabled
X-Cache-Host
X-Cache-FS-Status
X-Cache-Expires
Meta-Geo-Continent
Mobile-Detection-Method
Release
X-Device-Os
X-Accel-Expires-Debug
X-A-Wwc
X-Actual-URL
X-Aed
Node
Platform
Powered-By
X-Cache-Id
X-Org
X-Server-By
X-Served-From
X-ScT
X-Server-Time
X-SRCache-Key
X-Swa-Ws
X-Store
X-S-Maxage
X-S-Cookie
X-Returned-From-BeforeDispatch
X-Returned-From
X-Response-By
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rojux
X-Rewrite-Enabled
X-Thanos
X-Thinkindot-L3
X-Via-Edge
X-VG-WebServer
X-Varnish-Action
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Variation
X-Var-Ttl
X-Trv-Group
X-Transaction
X-TT-LOGID
X-Twitter-Response-Tags
X-User
X-UE-Client-Country
X-Request-UUID
X-Release
X-Li-Fabric
X-Layer
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Li-Pop
X-LI-Proto
X-Logtrace-Id
X-LI-UUID
X-GeoIP-Country-Code
X-Generated-In
X-External-Request-Id
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Fetched-On
X-From
X-G
X-FW-Version
X-Matched-Rule
X-Node-Id
X-RCS-CacheZone
X-Qloud-Router
X-PHP-Host
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Reboot
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
IBM-Web2-Location
X-NU-AKA-ACS-Version
X-P-T
X-Passed-To
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Died
X-Application
Fly-Request-Id
Fly-Cache
Ajk
Adler-Geo
Frame-Options
Arc-Country
BehaviorPad-Version
Cache-Prefix
X-Ua
X-Via-NSCOPI
Fastly-SWR
Fastly-Backend-Name
Fastly-SIE
Ec-Rule-Version
X-Geo
Decoy-Debug-TTL
X-Hnp-Log
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Rocket-Nginx-Bypass
X-Amz-Meta-Cache-Control
Decoy-Debug-Key
Country-Code
Cache-Cookie-Set-From
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
PFcat
Content-Disposition
Countrycode
Decoy-Debug-Status
X-Server-Group
X-Stale
X-F5-Cache
X-Clientip
X-CGP
X-Sf
X-SVT-ORM-RULES
X-Eu-Site
X-Up
X-Distributor
X-SVT-ORM-VERSION
X-Epic-Correlation-Id
AKAMAI
X-Fstrz
Backend
X-Server-IP
X-IN-WAF
X-Secret
X-Block-Status
X-Cache-Bucket
X-Gannett-Site-Version
X-ServiceProvider
X-Gen-Mode
X-Cache-CFC
X-Hash
Esi-Enabled
HA-Geolat
HA-Geolon
MI-Cache-Age
MI-Cache
HA-Urlpath
X-No-Session
X-Info
X-Nginx-Cache-Key
Origin
On-Server
MI-API
HA-Georegion
X-Phone
HA-Ipaddr
HA-Servedtime
Heartbleed
Kp-EeAlive
X-Origin-Expires
X-Origin-Date
Ha-Gx-Prefs
HA-Host
Magicmarker
HA-Geocity
HA-Geocountry
Server-Int
X-Proxy-Upstream
X-Proxy-Cache-Status
Fastly-SSL
X-Request-Start
X-UnsetCookies
True-Client-Country-4JS
X-MI-In-Market
X-Location
Proxy-Connection
Pramga
HA-Cloudapp
GW-Server
GMS-Ver
X-Be
Pagetype
X-NODE
X-Irp-Debug
X-Page-Type
X-Distil-CS
X-Key
X-Platform
X-Fastly-Cache
X-MSEdge-Flight
X-Policy
X-SIPLIST1
X-MSEdge-Features
X-Request-URI
Apple-News-Services-Request-Url
Who
Apple-News-Services-Handled
Pragrma
REQUESTUUID
Apple-News-Services-Host
Backend-Name
X-Backend-Url
Apple-News-Services-Parsed-Url
X-Backend-Host
X-Core-Mission
Web-Mar-Node
X-V
IsBot
X-Core-Value
X-ElasticPress-Search
X-Instance-Name
UCS
X-Debug-Cache-Fetch
Fastly-Soc-X-Request-Id
X-Debug-Cache-Store
Uber-Trace-Id
Request-EU
X-NX-Host
Locale
X-Origin-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Svr
Request-Country
X-Planisys-CDN-TTL
X-Refresh
X-Debug-Cache-Expiry
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Debug-Cookies
X-Debug-Log
X-Cdn-Origin
X-Servername
X-Wikidot-Backend
X-Developers
X-Micro-Cache
X-Wikidot-Static-Cache
X-Sn-Servicetimems
CDCHOST
X-Generated-On
X-NWS-UUID-VERIFY
X-COUNTRY
X-DC
RequestId
X-Level-Front-Cache
X-Instart-Info
X-Newrelic-Synthetics
V-Cache
Group
Host-ID
ServerName
X-PARISIEN-Cache-Rendered
X-VarnPar1
X-VCT
Lfy
X-VarnCache
X-Pjax-Url
X-GeoIP-City
PageSpeed
X-Req
X-Cache-Info
Ohc-Response-Time
X-NC
X-CACHE-AGE
X-Server-Cache
X-Cdn-Srv
HitInfo
X-ARC
MIME-Version
X-Datadome
Mime-Version
Cache-Provider
Cdn
Memory
X-BBXSRF
Cteonnt-Length
X-Powered-By-ANYU
X-EIG-Tracking-Id
X-Gdpr
X-CMS-Context
PICS-Label
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Ratelimit-Remaining
X-LAGOON
Nel
X-WR-MODIFICATION
X-StackifyID
X-Wa
X-Aicache-OS
NGX
X-Load-Cache
CF-IPCountry
X-Cluster-Node
X-B3-Traceid
CDN
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-Country-Code
Cf-Ipcountry
FSS-Proxy
FSS-Cache
XServer
X-CSRF-TOKEN
X-HTML-Minification-Powered-By
X-NodeID
X-Sentry-ID
X-Fastly-Backend-Reqs
X-Check-Cacheable
X-Hello
X-WA
X-VServer
Geoip-Latitude
X-ABtesting
X-UPSTREAM-Address
GeoIp-Country-Code
X-Flog
X-Varnish-Cache-Hits
Processtime
X-Generation-Time
Amp-Access-Control-Allow-Source-Origin
X-FireWall-Port
X-Varnish-Beresp-TTL
X-RateLimit-Remaining-Second
X-Source
SN
X-RateLimit-Limit-Second
X-Csrf-Token
X-Unique-Id
X-APP
X-GZip
X-HOST
X-Cache-Miss-From
X-Sedo-Request-Id
CACHE
X-CSRF-Token
X-Cache-Grace
X-CDN-Pop-IP
X-CDN-Pop
X-Oss-Server-Time
TSSecure
X-Nananana
WP-Super-Cache
X-Oss-Request-Id
X-ServedByHost
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Varnish-Authentication
X-GDPR
Cdn-Request-Time
X-MServer
Server-Surrogate-Control
X-Dynatrace
X-Edge-Server
Server-Cache-Control
Pics-Label
X-Cache-ASPX
Cdn-Host
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Worker
X-SRV
URI
X-IPS-LoggedIn
X-Skip-Cache
X-VG-WebCache
A
X-RCS-Backend
X-VC-Cache
X-FORWARDED-FOR
X-ID
DataCenter
PageType
X-HS-Status
X-Varnish-Url
X-Sucuri-Cache
X-Fastly-Cache-Hits
HTTPS
X-Port
X-ND-Cache
X-LJ-Flow-ID
X-Instart-Isnd
X-B3-SpanId
X-SplitTest
X-VWS-Id
X-AWS-Id
X-Swift-Error
X-BE
X-From-Cache
X-Backend-TTL
X-PJAX-URL
X-GoCache-CacheStatus
Odigeo-Trace-Id
Get-Access-Time
Hostname
Dynatrace
Is-Session-Tracking
X-Pf-Uncompressing
X-Bug-Bounty
X-Gen-Id
X-Server-W
Proxy-Firewall
X-Owner
X-Amzn-Remapped-Date
X-GZIP
X-SN
Cache-Hits
X-Amzn-Remapped-Connection
X-VarnPar2
X-ORIG-AKA-EDGE
X-Cache-Ttl
Powered
X-NGINX-Cache
Requestid
X-Amz-Meta-S3b-Last-Modified
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
Serverid
X-Akamai-SSL-Client-Sid
X-LiteSpeed-Cache-Control
X-ServerName
X-Varnish-URL
X-GEO
X-Alicdn-Da-Ups-Status
X-SB
X-PAGE-TYPE
X-VC
X-ORIG-AKA-COUNTRY-CODE
WebServer
X-RAMCache
X-Serial
RequestUuid
T-Server
X-Fe
ProcessTime
X-PF-Uncompressing
X-RequestId
Location
Correlation-Id
Xet-Cookie
X-HTML-Edge-Cache
X-Dw-Trace-Id
X-Developed-By
NnCoection
X-Akamai-ERPolicy
NodeID
X-CS
X-Ms-Lease-State
SID
X-Akamai-ERRuleID
X-LiteSpeed-Tag