Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
X-Amz-Cf-Pop
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
P3p
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Upgrade
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Server
X-Cache-Group
CF-Ray
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
Grace
X-Nginx-Cache-Status
X-Server-Powered-By
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-UA-Device
X-Robots-Tag
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
X-Device
X-Cache-Lookup
X-CST
X-Server-Id
X-Amz-Version-Id
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Readtime
Surrogate-Control
EagleEye-TraceId
Content-Location
Report-To
X-Response-Time
X-Host
Feature-Policy
X-Rq
Server-Timing
X-Iejgwucgyu
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Rack-Cache
Allow
X-Url
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
NEL
Rating
X-Country
X-Origin-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-DynaTrace
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-Cdn
X-Server-ID
X-B3-TraceId
X-Px
X-ORACLE-DMS-RID
X-DataDome
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-Vhost
X-VARITI-CCR
X-Goog-Hash
Accept-CH
Charset
X-Trace
X-Server-Name
X-ESI
RTSS
Pinterest-Generated-By
X-Cached
Verso
X-Mod-Pagespeed
Arc-Version
X-Mobile-Rewrite
X-MS-InvokeApp
PB-RID
PB-PID
X-Version
X-TTL
X-D2id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
Public-Key-Pins
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Kinja-Build
X-F-Cache
X-PC
X-Vname
SPRequestGuid
X-TtlSet
X-Dispatcher
Accept-CH-Lifetime
X-Powered-By-Plesk
X-Abt-Application-Version
X-DIS-Request-ID
X-T
X-DynaTrace-JS-Agent
X-Powered-CMS
X-SharePointHealthScore
X-Fastly-Request-ID
X-Origin-Upstream-Status
X-Ser
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-B
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
Realpath
X-Client-IP
X-Amz-Rid
X-Recruiting
X-Shield-Request-Id
X-Forwarded-Proto
MS-Author-Via
X-HW
X-Upstream
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Vcap-Request-Id
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-XRDS-Location
Arr-Disable-Session-Affinity
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
DynaTrace
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Varnish-Age
Content-MD5
X-Via-JSL
X-Debug
X-Dw-Request-Base-Id
X-Ttl
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Goog-Storage-Class
X-Id
X-Aspnet-Version
X-Hits
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-NF-Request-ID
Service-Worker-Allowed
X-FTR-Expires
X-N
S
Access-Control-Request-Method
X-Oracle-Dms-Rid
X-NewRelic-App-Data
X-ATG-Version
X-Logged-In
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-Kinsta-Cache
X-FastCGI-Cache
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Forwarded-For
Edge-Cache-Tag
TCN
X-FTR-Cache-Host
Surrogate-Key
X-RateLimit-Remaining
Rt-Fastcgi-Cache
X-Cache-Key
X-Content-Digest
X-Pad
X-TA-CDN-Provider
X-CF-Powered-By
Tracecode
Fastcgi-Cache
Server-Name
X-User-Agent
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
X-Analytics
Backend-Timing
Host
TP-Cache
TP-L2-Cache
X-Rid
FilterID
Ar-Sid
X-Magnolia-Registration
MicrosoftSharePointTeamServices
X-Debug-Info
X-Cache-2
X-Edge-Location
X-Grace
ServerID
X-Page-Id
X-B3-Sampled
X-Mobile
Fastly-Restarts
Paypal-Debug-Id
X-Whom
Front-End-Https
AR-Request-ID
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Content-Options
X-Akam-SW-Version
X-Srv
X-Hostname
Refresh
X-GUploader-UploadID
X-LB-Cache
X-Az
X-NWS-LOG-UUID
X-AppVersion
X-Activity-Id
X-VCache
X-Content-Powered-By
Retry-After
X-Signature
X-Litespeed-Cache
X-B-Cache
X-Framework
X-Cache-Action
X-SS-Set-Cookie
X-Tumblr-Pixel
X-Cluster
Source
X-Platform-Server
X-Varnish-Hostname
X-Cache-Control
X-Tumblr-User
X-Tumblr-Pixel-0
X-App-Environment
X-Request-Guid
X-Request-Processing-Time
X-Handled-By
Cleartype
X-Request-Received
X-BCube-Filmed-By
X-WA-Info
X-Instance
X-Akamai-Edgescape
X-Content-Type
Accept-Charset
X-FB-Debug
X-Zen-Fury
X-Content-Security-Policy-Report-Only
X-Device-Type
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Ruxit-Js-Agent
X-Middleton-Display
Webserver
X-Cache-Hit
Display
X-Sol
X-AOL-HN
X-Varnish-Grace
X-Varnish-Backend
X-Seen-By
X-Esi
ViewerVersion
X-Wix-Request-Id
X-TT
X-Cache-Rule
Healthy
MS-CV
Cache-Status
X-DataStream-Cache-Status
X-Origin-Server
X-Correlation-Id
X-Fastcgi-Cache
X-Cache-Server
X-Drupal-Cache-Tags
X-Middleton-Response
Response
Upgrade-Insecure-Requests
X-PHP-Backend
X-CACHE-GROUP
X-Cached-By
X-Daa-Tunnel
X-Storage
X-Cache-Age
X-Amzn-RequestId
X-Amz-Apigw-Id
Payment
X-WPE-Loopback-Upstream-Addr
X-Varnish-Server
X-Response-Served-From
X-Generated-By
X-Drupal-Cache-Contexts
X-Geo-Country
Filters
X-UA-Device-Type
NGB
X-Amz-Replication-Status
X-App-Server
X-Cacheable-TTL
Access-Control-Allow-Method
GEO-INFO
X-Adobe-Loc
X-Adobe-Content
Actual-Object-TTL
X-Edge-Cache-Key
ServedBy
X-Tumblr-Pixel-1
X-FW-Server
X-Contextid
X-FW-Hash
X-FW-Serve
X-Tumblr-Pixel-2
X-FW-Static
X-Edge-Cache
X-FW-Type
X-Cache-NE
X-Servedby
Server-Node
X-S
X-RequestSource
X-Locale
X-TT-TIMESTAMP
X-UUID
X-Varnish-IP
X-Jobs
X-TX-ID
X-Cache-Remote
X-Amz-Server-Side-Encryption
X-Varnish-Hits
Viewport
X-Accel-Expires
Server-Info
Cache-Tv-Group
AsisCache
X-Cache-TTL-Remaining
X-WebKit-CSP-Report-Only
X-Rendered-As
From-Origin
X-Dns-Prefetch-Control
Host-Header
X-Status
Cache
X-URL
S-Cnection
X-GeoIP
X-Region
X-Cache-Operation
X-HS-Cache-Config
X-APP-VERSION
X-XRDS-LOCATION
X-Webkit-CSP
X-App-Version
Content-Style-Type
Content-Script-Type
SRV
DC
X-Croise-Owner
X-BACKEND-TTL
HostName
Served-By
X-Redis-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RTag
Powered-By-ChinaCache
Ms-Operation-Id
X-CACHE-KEY
Liferay-Portal
X-Cache-Config
X-Upgrade-Enabled
Cache-Tag
Public-Key-Pins-Report-Only
X-Protected-By
X-Edge-IP
X-Detected-As
X-Path-Route
X-NGENIX-Cache
X-NCache
X-Is-Bot
X-Proxy-Build
X-RN-RSRV
X-Webstats-RespID
X-Timing-Wait
X-Site-Version
X-Grey
X-Generated
Origin-Cache-Control
Machine
Load-Balancing
X-Akamai-Transformed
Origin-Edge-Control
Selected-FE
X-Cache-Var-Map
X-Cache-Var
X-Cache-Category-Id
Xserver
Meta-Geo
X-Node-Name
X-Hyper-Cache
X-Parent-Response-Time
X-Web-Node
X-Via-Fastly
X-Agile
X-Agile-Id
X-Akamai-Request-ID
User-Cache-Control
X-Agile-Age
X-ProxyCache-Key
Now
Cache-Name
X-Request-Time
X-ProxyCache-Status
X-TNCMS
X-BYPASS-REASON
X-Upstream-CT
X-Tumblr-Pixel-3
X-Upstream-HT
X-Proxy
X-Loop
X-Labrador-Cache-Channel
X-Mode
X-JoinUs
X-Hosted-By
X-Human
X-CDN-Cache
X-Internal-Host
X-Origin-Response-Time
Cache-Key
X-Origin
X-OCL
X-RemovedCookies
Azure-SiteName
Azure-RegionName
X-Tb
Azure-InstanceId
X-Time-Microsecs
X-Original-Request
Azure-SlotName
X-IP
Azure-Version
X-Rule
X-Birta-Cache-Post
X-ProcessESI
X-Pc-Key
X-Birta-Served
X-Environment-Context
X-PCL
X-L-Path
DB-Nickname
X-FC-Vary-Parameters
X-Origin-Host
X-ServerID
X-Format
X-Pc-Appver
X-Pc-Hit
X-Ocache
X-Origin-Hint
X-Section
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Backend-Name
X-Access
TWC-Locale-Group
TWC-GeoIP-LatLong
S-Rt
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-CCM
X-Pubstack
Fastcgi-X-Cache-Version
Country
X-Viewer-Country
X-Www-Served-By
X-Xfnlog-Site
X-VG-TLSProxy
Cache-Tags
Fastcgi-X-Cache
Fastcgi-Useragent
X-Origin-CC
X-GRACE
HitType
X-App-Name
X-Forwarded-Host
Vix-Hermes-Req-Id
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-PERF
X-Vgn-Hpd-Reason
Pagespeed
X-ApacheServer
X-Cdn-Forward
X-RateLimit-Limit
X-B3-Spanid
X-Vg-Webcache
X-FB-TRIP-ID
X-Nginx-Cache
X-Cache-TTL
X-Mrs-Cache-Hits
X-Mrs-Age
Mn-Server-Ip
X-Mshield-Cache-Status
X-Mrs-Cache
X-Unique-Id-Primal
Fusion-Content-Source
Fusion-Content-Id
X-Cache-Backend
X-Content-Age
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
X-Real-IP
X-Guploader-Uploadid
X-Via-CDN
X-Correlation-ID
Datacenter
X-TIME
X-Endurance-Cache-Level
X-Varnish-Cacheable
X-Sucuri-ID
AR-SID
X-Debug-Cache
OT-Force-Account-Verify
Ohc-File-Size
X-Ua
X-Ezoic-Cdn
X-UA
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-ShardId
Time
X-Varnish-Beresp-Ttl
X-Newrelic-App-Data
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Pc-Date
X-Pc-Host
X-OVcl
X-Hl-Ver
X-OVcl-Cache
Mail-Subject
LB
X-MP-GENERATED-AT
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
We-Hiring
X-Unique-ID
X-Time
X-Real-Ip
L5d-Success-Class
NtCoent-Length
X-Cache-Enabled
X-Trace-Id
Section-Io-Cache
Access-Control-Request-Headers
X-Hit
X-Nc
User-Agent
X-Dynatrace-Js-Agent
X-Server-Cache
X-Ratelimit-Limit
X-Microcachable
X-Proto
X-CDN-Forward
X-C
Version
X-EdgeConnect-Cache-Status
X-Rocket-Nginx-Bypass
X-Amz-Meta-Surrogate-Control
Pagetype
X-CLOUD-TRACE-CONTEXT
Ohc-Response-Time
X-DC
Warning
X-Bip
X-BB-ID
X-Cache-FS-Status
X-Cache-Bucket
X-Cache-Debug
X-Cache-Expires
X-CUA
X-Date
X-D
X-Destination
X-Developer
X-Device-Os
X-B-Cookie
X-Crawler
X-Cache-URL
X-Cache-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-Cache-Host
X-Accel-Expires-Debug
Release
Powered-By
Platform
Rendered-Blocks
Request-Time
Rt-Proxy-Cache
RNT-Machine
Resin-Trace
PFcat
Node
Magicmarker
Lfy
Is-Eu
MD5-Digest
Memcached
Mobile-Detection-Method
Meta-Geo-Continent
Server-Host
Server-ID
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Actual-URL
X-Aed
X-ARC
X-Application
X-Amz-Meta-Cache-Control
X-A-Dam
X-A-Ccd
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Viewtype
VivaBuild
X-A
Www
X-Auto-Login
X-Generated-In
X-SRCache-Key
X-PHP-Host
X-Store
X-Qloud-Router
X-Server-Time
X-Server-By
X-Server-IP
X-Svr
X-PAYTM-SRV-ID
X-Trv-Group
X-TT-LOGID
X-Transaction
X-Thinkindot-L3
X-Swa-Ws
X-Thanos
X-Served-From
X-ScT
X-Returned-From
X-Returned-From-BeforeDispatch
X-Rebelmouse-Surrogate-Control
IBM-Web2-Location
X-Region-Sid
X-Request-UUID
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-S-Cookie
X-S-Maxage
X-RCS-CacheZone
X-Rojux
X-Rebelmouse-Cache-Control
X-Rewrite-Enabled
X-Twitter-Response-Tags
X-UE-Client-Country
X-Generated-On
X-Reboot
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Level-Front-Cache
X-WebServer
X-Li-Fabric
Xc-Version
X-G
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-External-Request-Id
X-Fetched-On
X-FW-Version
X-From
X-Li-Pop
X-LI-Proto
X-Passed-To-BeforeDispatch
X-Variation
X-Passed-To-DLL
X-Var-Ttl
X-Passed-To-PostProcessResponse
X-User
X-Varnish-Action
X-VG-WebServer
X-Logtrace-Id
X-LI-UUID
X-Matched-Rule
X-NU-AKA-ACS-Version
X-We-Are-Hiring
X-Passed-To
X-Died
RNT-Time
Adler-Geo
Fastly-Backend-Name
BehaviorPad-Version
Ajk
Arc-Country
Frame-Options
Cache-Prefix
Fastly-SWR
Fastly-SIE
Fly-Cache
Fly-Request-Id
Ec-Rule-Version
X-Akamai-Request-ID2
X-HS-Combine-CSS
X-Front
X-Fstrz
X-Fastly-Cache
X-Epic-Correlation-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Micro-Cache
X-Gen-Mode
X-Gannett-Site-Version
X-MI-In-Market
Content-Disposition
Country-Code
X-Distributor
Esi-Enabled
X-Distil-CS
Decoy-Debug-TTL
Decoy-Debug-Status
Countrycode
X-Nginx-Cache-Key
Decoy-Debug-Key
X-Backend-Host
X-Location
X-Instart-Info
X-Irp-Debug
X-Clientip
Backend-Name
X-Info
X-IN-WAF
AKAMAI
X-IN-SSL-APIGATEWAY
X-Cdn-Srv
X-Hnp-Log
X-Hash
X-Layer
Cache-Cookie-Set-Lfrom
X-Backend-Url
Cache-Cookie-Set-Idcheck
X-Block-Status
X-GeoIP-Country-Code
X-Cache-CFC
Cache-Cookie-Set-From
X-IN-APIGATEWAY
Who
X-ServiceProvider
X-Sf
X-Stale
Proxy-Connection
X-No-Session
X-Response-By
GW-Server
X-Secret
X-Via-NSCOPI
Origin
X-Wikidot-Static-Cache
Heartbleed
Kp-EeAlive
X-Wikidot-Backend
MI-API
X-UnsetCookies
MI-Cache-Age
MI-Cache
GMS-Ver
X-Server-Group
V-Age
X-Origin-Expires
True-Client-Country-4JS
X-Origin-Date
X-Node-Id
X-ElasticPress-Search
Web-Mar-Node
SS
X-Phone
X-Release
SD-X-WS
Server-Int
X-Request-Start
X-Proxy-Cache-Status
X-Proxy-Upstream
X-NODE
Pramga
X-Eu-Site
X-Origin-TTL
Backend
X-F5-Cache
X-CMS-Context
X-V
X-Platform
PageSpeed
X-Request-URI
X-Up
X-Key
X-Page-Type
X-SIPLIST1
X-Policy
X-Backend-State
Apple-News-Services-Request-Url
CDCHOST
Fastly-Soc-X-Request-Id
Fastly-SSL
Apple-News-Services-Parsed-Url
X-Cache-Info
X-Core-Mission
X-CGP
Apple-News-Services-Handled
Apple-News-Services-Host
HA-Cloudapp
HA-Geocity
HA-Ipaddr
HA-Servedtime
HA-Urlpath
IsBot
HA-Host
HA-Georegion
HA-Geocountry
HA-Geolat
HA-Geolon
On-Server
X-Core-Value
Ha-Gx-Prefs
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Developers
X-Debug-Cache-Fetch
Accept-Language
X-Be
X-P-T
X-Debug-Cookies
X-Sn-Servicetimems
X-NX-Host
REQUESTUUID
X-SVT-ORM-RULES
X-Servername
X-Geo
X-Debug-Log
X-CACHE-AGE
X-Cdn-Origin
X-SVT-ORM-VERSION
Cteonnt-Length
X-COUNTRY
X-Refresh
X-NC
ServerName
MIME-Version
X-LAGOON
X-Pjax-Url
RequestId
WZWS-RAY
X-Org
NGX
X-Datadome
X-Servedbyhost
X-Via-SSL
X-Dc
X-Via-Edge
X-Newrelic-Synthetics
Cdn
X-Req
X-CSRF-TOKEN
X-Varnish-Cache-Hits
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Generation-Time
Memory
Pragrma
X-VarnCache
X-VarnPar1
X-FireWall-Port
X-PARISIEN-Cache-Rendered
Uber-Trace-Id
X-Instance-Name
PICS-Label
Request-EU
X-Urbn-Context-Path
UCS
Locale
X-Wa
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Urbn-Site-Id
X-Planisys-CDN-TTL
Request-Country
Mime-Version
X-NWS-UUID-VERIFY
X-Webkit-Csp
X-Gdpr
Nel
Host-ID
X-HTML-Minification-Powered-By
V-Cache
X-DataStream-MidMile-RTT
CF-IPCountry
Group
X-DataStream-Origin-MEX-Latency
X-Cache-Grace
X-Cache-Miss-From
X-WR-MODIFICATION
X-GeoIP-City
X-VG-WebCache
X-Sedo-Request-Id
Server-Surrogate-Control
GeoIP-Latitude
GeoIP-Country-Code
Cache-Provider
X-Cache-ASPX
Server-Cache-Control
X-VCT
X-Varnish-Authentication
CDN
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-B3-Traceid
X-BBXSRF
X-Aicache-OS
X-Varnish-Url
X-Source
X-Sucuri-Cache
X-Dynatrace
X-ND-Cache
Cf-Ipcountry
X-StackifyID
XServer
X-Instart-Isnd
X-Fastly-Country-Code
X-Load-Cache
X-Powered-By-ANYU
URI
HitInfo
X-EIG-Tracking-Id
Geoip-Latitude
X-UPSTREAM-Address
GeoIp-Country-Code
X-GEO
X-FW-Dynamic
X-HOST
X-RCS-Backend
Powered
X-APP
X-FORWARDED-FOR
X-From-Cache
X-Pc-Subdomain
X-R9-Blue-Green-Version
X-Check-Cacheable
CACHE
X-CDN-Pop
X-WA
X-CDN-Pop-IP
Get-Access-Time
Is-Session-Tracking
Proxy-Firewall
X-Fastly-Backend-Reqs
Pics-Label
X-Fastly-Cache-Hits
X-Unique-Id
X-RequestId
X-Server-W
X-Varnish-Beresp-TTL
X-GoCache-CacheStatus
X-SRV
X-PF-Uncompressing
X-B3-SpanId
X-VC-Cache
X-Skip-Cache
X-HS-Status
X-ID
X-TWH-CORRELATION-ID
DataCenter
Dynatrace
FSS-Proxy
X-ServedByHost
X-TrackingId
X-Nananana
FSS-Cache
X-Cluster-Node
X-BE
Amp-Access-Control-Allow-Source-Origin
X-Sentry-ID
X-CSRF-Token
WP-Super-Cache
ProcessTime
X-NodeID
Cache-Hits
X-Flog
X-VServer
SN
Hostname
X-LiteSpeed-Cache-Control
X-ABtesting
X-Hello
X-GDPR
X-PJAX-URL
X-Fe
Processtime
X-ES-SERVER
X-GZIP
X-Oss-Storage-Class
X-Amzn-Remapped-Connection
X-Bug-Bounty
X-Oss-Server-Time
X-Oss-Request-Id
X-Amzn-Remapped-Date
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Pf-Uncompressing
X-Backend-TTL
Requestid
FastCGI-Cache
X-GZip
X-Gen-Id
RequestUuid
X-NGINX-Cache
SID
X-ORIG-AKA-EDGE
X-LJ-Flow-ID
X-Cache-Ttl
X-VWS-Id
X-SN
X-Owner
X-Csrf-Token
X-AWS-Id
Serverid
T-Server
X-Tb-Optimization-Total-Bytes-Saved
X-SB
X-Worker
X-VC
X-ServerName
X-HostName
Odigeo-Trace-Id
X-PAGE-TYPE
TSSecure
X-Varnish-URL
X-LiteSpeed-Tag
X-Alicdn-Da-Ups-Status
X-ORIG-AKA-COUNTRY-CODE
X-LB-ID
286prxHost
225prxHost
219prxHost
189phosttRef
352pxline
Xxline
409pxxline
HTTPS
355prline
Cdn-Request-Time
X-Developed-By
X-Dw-Trace-Id
X-Swift-Error
X-CS
Location
X-Edge-Server
X-VarnPar2
Cdn-Host
X-MServer
DSUID
178proxuri
Cneonction
Correlation-Id
X-Serial
Xet-Cookie
188prxHost