Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Xss-Protection
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-FRAME-OPTIONS
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
P3p
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Server
X-Hacker
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Kinja-Server-Push
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-Host
X-Response-Time
X-OneAgent-JS-Injection
Surrogate-Control
X-Rq
X-Cnection
X-Backend-Server
X-WebKit-CSP
X-Node
X-Server-Id
X-Readtime
Server-Timing
X-Rack-Cache
Report-To
EagleEye-TraceId
X-Application-Context
Request-Id
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Ua-Compatible
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
X-Country
Rating
X-Url
X-Server-Name
Pinterest-Generated-By
X-Px
X-Country-Code
Allow
X-DataDome
X-TTL
X-Varnish-TTL
X-MS-InvokeApp
X-DynaTrace
X-Origin-Cache
X-Vhost
X-PC
X-Vname
X-TtlSet
X-Cached
X-FTR-Request-ID
X-Ruxit-JS-Agent
RTSS
X-ESI
X-Goog-Hash
Charset
X-DynaTrace-JS-Agent
X-Powered-CMS
X-VARITI-CCR
X-Powered-By-Plesk
SPRequestGuid
X-Trace
X-Server-ID
Accept-CH
X-Dispatcher
X-GitHub-Request-Id
Public-Key-Pins
X-D2id
X-SharePointHealthScore
X-Mod-Pagespeed
X-F-Cache
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
Content-MD5
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-T
Verso
X-Oracle-Dms-Rid
MS-Author-Via
X-Version
X-Recruiting
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-B3-TraceId
X-Dns-Prefetch-Control
X-Abt-Application-Version
Nginx-Cache
X-TEC-API-ORIGIN
X-Client-IP
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-N
X-DIS-Request-ID
X-Navigation-Version
X-XRDS-Location
X-Amz-Rid
AR-PoweredBy
AR-ATIME
AR-CACHE
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
X-B
X-Upstream
X-Origin-Upstream-Status
X-Fastly-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Paypal-Debug-Id
Fastly-Restarts
DynaTrace
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-Ser
TCN
X-Wix-Server-Artifact-Id
Realpath
X-Accel-Buffering
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-Pad
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Access-Control-Request-Method
Tracecode
X-Content-Digest
S
Front-End-Https
X-Varnish-Age
X-Id
X-Amz-Cf-Pop
X-Debug
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-MSEdge-Ref
X-Vcap-Request-Id
X-Frontend
X-RateLimit-Remaining
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-Balancer
X-IPLB-Instance
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-ATG-Version
X-Kinsta-Cache
Display
X-Middleton-Display
X-Sol
X-Cache-Hit
X-Logged-In
X-HS-Content-Id
Surrogate-Key
X-HS-Hub-Id
X-Forwarded-For
Edge-Cache-Tag
Fastcgi-Cache
Rt-Fastcgi-Cache
X-FastCGI-Cache
X-Zen-Fury
Powered-By-ChinaCache
X-Oneagent-Js-Injection
MicrosoftSharePointTeamServices
X-Webkit-CSP
X-Use-Magma
X-Edge-Location
Backend-Timing
X-Analytics
X-Litespeed-Cache
Server-Name
X-Debug-Info
X-Request-Received
X-Request-Processing-Time
X-Webkit-Csp
Response
X-Middleton-Response
FilterID
X-User-Agent
X-Amzn-Trace-Id
X-Rid
Host
X-Revision
X-FTR-Cache-Host
TP-Cache
TP-L2-Cache
X-Akam-SW-Version
Ar-Sid
AMP-Access-Control-Allow-Source-Origin
X-CF-Powered-By
X-Mobile
X-Grace
X-B3-TraceId-Primal
X-TA-CDN-Provider
X-SS-Set-Cookie
X-NewRelic-App-Data
X-Cache-Key
X-Drupal-Cache-Tags
X-HS-Cache-Config
X-SERVER
X-Ttl
X-Accel-Expires
Cache-Status
X-Magnolia-Registration
X-Newrelic-App-Data
Refresh
Host-Header
X-Cached-By
X-Fastcgi-Cache
X-GUploader-UploadID
AR-Request-ID
X-B3-Sampled
X-Varnish-Backend
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Platform-Server
DC
X-FB-Debug
X-Cluster
X-AOL-HN
Liferay-Portal
X-Cache-2
X-Tumblr-User
Cache-Tag
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Control
X-B-Cache
X-Instance
X-Signature
X-App-Environment
X-LB-Cache
X-Cache-Rule
X-Page-Id
X-BCube-Filmed-By
X-Akamai-Edgescape
ServerID
X-Framework
X-Device-Type
X-Varnish-Hostname
X-Handled-By
X-Generated-By
X-Whom
Eomportal-Instance
Cleartype
X-Request-Guid
X-Geo-Segment
X-NWS-LOG-UUID
X-Az
X-AppVersion
X-Activity-Id
X-WPE-Loopback-Upstream-Addr
X-Drupal-Cache-Contexts
Public-Key-Pins-Report-Only
X-Cache-Action
X-Srv
X-VCache
X-App-Server
X-Cache-Server
Source
MS-CV
X-Content-Powered-By
X-App-Version
Accept-Charset
Retry-After
X-Via-JSL
X-TT
X-Seen-By
X-Wix-Request-Id
X-HS-Combine-CSS
ViewerVersion
X-Amz-Replication-Status
X-Correlation-Id
X-Hostname
X-Esi
X-Ruxit-Js-Agent
HostName
X-Varnish-Grace
Alternate-Protocol
X-Varnish-Server
X-Geo-Country
X-WA-Info
Server-Node
Webserver
Upgrade-Insecure-Requests
X-URL
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-Cache-NE
AsisCache
X-Locale
X-Amz-Apigw-Id
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Amzn-RequestId
AR-SID
GEO-INFO
Actual-Object-TTL
SRV
X-RequestSource
X-GeoIP
X-Jobs
X-Daa-Tunnel
ServedBy
Viewport
Payment
X-Edge-Cache
X-Servedby
X-Yottaa-Optimizations
X-UUID
X-Varnish-Hits
X-Yottaa-Metrics
X-FW-Type
X-S
X-FW-Static
X-Edge-Cache-Key
X-Contextid
X-FW-Serve
X-FW-Server
X-FW-Hash
Cache
X-Status
X-Varnish-IP
X-TX-ID
X-Cache-TTL-Remaining
X-Adobe-Content
X-Adobe-Loc
X-TT-TIMESTAMP
X-Origin-Server
X-Vg-Webcache
X-Cacheable-TTL
Pagespeed
X-Correlation-ID
X-Forwarded-Host
X-Cache-Operation
X-RateLimit-Limit
X-Hyper-Cache
X-Amz-Server-Side-Encryption
S-Cnection
Datacenter
Server-Info
X-Sucuri-ID
Served-By
X-Cache-Age
X-Real-IP
Country
X-Mode
X-Akamai-Request-ID2
X-Region
X-CLOUD-TRACE-CONTEXT
X-TIME
From-Origin
PageSpeed
Access-Control-Allow-Method
X-GRACE
CACHE
X-DataStream-Cache-Status
X-RN-RSRV
X-Proxy
X-Cache-Config
X-Zipkin-Id
X-Proxied
X-Is-Bot
Meta-Geo
Machine
X-Environment-Context
X-Detected-As
X-Amz-Meta-Surrogate-Control
X-Generated
Fastcgi-X-Cache-Version
X-L-Path
X-JoinUs
Healthy
Fastcgi-X-Cache
X-Microcachable
X-Path-Route
X-Cache-Var
X-Rule
X-Rendered-As
X-Site-Version
X-Routing-Service
X-Upgrade-Enabled
X-Cache-Var-Map
X-Ezoic-Cdn
X-Agile
X-Agile-Age
X-Format
X-Birta-Cache-Post
X-Agile-Id
X-NGENIX-Cache
X-Birta-Served
X-Grey
OT-Force-Account-Verify
X-EIG-Tracking-Id
L5d-Success-Class
X-Hosted-By
X-Akamai-Transformed
Fastcgi-Useragent
X-Cache-Category-Id
X-Viewer-Country
X-Request-Time
X-Origin-Hint
X-Access
HitType
X-OCL
DB-Nickname
X-CCM
Webcakes-App-Name
X-ServerID
X-Section
Webcakes-App-Version
X-Loop
X-Hit
Webcakes-Region
TWC-GeoIP-Country
X-PCL
X-Via-Fastly
Now
TWC-Privacy
X-CDN-Cache
X-FC-Vary-Parameters
Property-Id
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
S-Rt
X-TNCMS
X-Content-Type
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
X-Tb
HitInfo
X-Labrador-Cache-Channel
X-Human
Xserver
Azure-Version
Cache-Hits
Cache-Name
Azure-SlotName
X-Cdn
X-Ocache
X-Xfnlog-Site
X-Web-Node
X-SplitTest
X-Via-CDN
X-ProcessESI
X-VWS-Id
X-VG-TLSProxy
X-RemovedCookies
X-Upstream-HT
X-Pubstack
X-ProxyCache-Status
X-ProxyCache-Key
Azure-SiteName
X-BYPASS-REASON
X-LJ-Flow-ID
X-Upstream-CT
X-IP
Azure-InstanceId
Azure-RegionName
X-AWS-Id
X-Origin
X-OVcl
Accept-Language
X-Cluster-Node
X-Original-Request
X-OVcl-Cache
X-Rocket-Nginx-Bypass
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Timing-Wait
X-Www-Served-By
X-Proxy-Build
X-ShopId
Selected-FE
X-ShardId
LB
Mn-Server-Ip
X-Source
Content-Script-Type
Content-Style-Type
X-Cache-Enabled
X-App-Name
Origin-Cache-Control
Origin-Edge-Control
X-RTag
X-Transaction
X-Connection-Hash
X-Twitter-Response-Tags
X-TWH-CORRELATION-ID
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
IBM-Web2-Location
Access-Control-Request-Headers
X-Unique-ID
Ms-Operation-Id
X-NodeID
Time
NtCoent-Length
X-Geo
X-Cache-Remote
NGB
X-Origin-CC
X-Guploader-Uploadid
X-Cdn-Forward
X-Nginx-Cache
X-MP-GENERATED-AT
X-Distil-CS
X-Port
Filters
X-Pc-Date
X-NCache
X-Edge-IP
X-Pc-Host
X-Real-Ip
Backend
X-Internal-Host
We-Hiring
Mail-Subject
X-UA
X-Tumblr-Pixel-3
X-XRDS-LOCATION
X-Varnish-Cacheable
X-Debug-Cache
X-Proto
X-Cache-TTL
X-Storage
X-CACHE-KEY
X-Ua
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-APP-VERSION
X-Csrf-Token
User-Agent
X-Sucuri-Cache
X-CACHE-GROUP
X-UA-Device-Type
X-Webstats-RespID
Cache-Tags
X-PHP-Backend
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
X-Backend-Name
X-Urbn-Site-Id
X-Akamai-Request-ID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Locale
X-Urbn-Context-Path
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Age
X-ApacheServer
X-Mrs-Cache
X-PERF
X-Ratelimit-Limit
Warning
Fastly-SSL
X-EdgeConnect-Cache-Status
X-Nc
X-ElasticPress-Search
X-C
X-CACHE-AGE
X-A-Dgt
X-A-Dcw
X-ScT
Viewtype
X-A-Wwc
X-A-Ccd
VivaBuild
X-CF-Lambda-Version
X-A
V-Age
X-CF-Lambda-Fn
X-A-Dam
SN
HA-Geolat
HA-Geocountry
HA-Geolon
HA-Georegion
Ha-Gx-Prefs
HA-Geocity
HA-Cloudapp
Fly-Request-Id
Fly-Cache
FSS-Cache
FSS-Proxy
GMS-Ver
HA-Host
HA-Ipaddr
Rt-Proxy-Cache
Resin-Trace
Server-Host
X-Accel-Expires-Debug
TSSecure
Rendered-Blocks
Mobile-Detection-Method
HA-Servedtime
HA-Urlpath
MD5-Digest
Meta-Geo-Continent
UCS
X-Debug-Cookies
X-Irp-Debug
X-Cache-Host
X-BB-ID
X-Cache-Bucket
X-DPWN-IS-SECURE
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Developer
X-Destination
X-Died
X-Org
X-NX-Host
X-BBXSRF
X-IN-WAF
X-External-Request-Id
X-Generated-In
X-G
X-From
X-Fetched-On
X-Eu-Site
X-GeoIP-Country-Code
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Epic-Correlation-Id
X-Hash
X-PAYTM-SRV-ID
Ec-Rule-Version
X-F5-Cache
X-Date
X-Sn-Servicetimems
X-B-Cookie
X-Rojux
X-D
X-Application
X-Amz-Meta-Cache-Control
X-Aed
X-Server-By
X-Server-Time
X-S-Cookie
X-Rewrite-Enabled
X-SRCache-Key
X-Region-Sid
X-Via-SSL
Xc-Version
X-Debug-Log
X-Platform
X-Cdn-Origin
X-Via-Edge
X-Store
X-Trv-Group
X-UE-Client-Country
X-VG-WebServer
X-CGP
Cache-Key
X-Endurance-Cache-Level
BehaviorPad-Version
Arc-Country
X-Cache-Backend
Ajk
Cache-Prefix
X-Varnish-Beresp-Ttl
X-Dc
X-Redis-Cache
X-Qloud-Router
X-S-Maxage
Thinkindot-Control
Pramga
X-Secret
X-Owner
Thinkindot-CacheControl-Type
Www
X-Rebelmouse-Cache-Control
X-Release
X-Request-Start
X-Request-URI
RNT-Machine
Server-ID
X-Reboot
X-Response-By
X-Rebelmouse-Surrogate-Control
Release
Thinkindot-CacheControl
X-Matched-Rule
X-Cache-Id
X-FW-Version
X-Gannett-Site-Version
X-GeoIP-City
X-Flog
X-Cache-URL
X-Core-Value
X-B3-Spanid
X-Clientip
X-Dispatcher-Server
X-Hello
X-Hl-Ver
X-Key
X-Layer
Origin
X-ABtesting
X-Auto-Login
X-Backend-Host
X-Backend-Url
X-DC
X-Backend-State
X-No-Session
RNT-Time
X-Wikidot-Backend
Fastly-SWR
X-V
Fastly-SIE
X-Wikidot-Static-Cache
IsBot
X-Worker
Heartbleed
X-Var-Ttl
AKAMAI
Frame-Options
X-We-Are-Hiring
X-VServer
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
Powered-By
X-User
Countrycode
Content-Disposition
X-Server-IP
X-SIPLIST1
Odigeo-Trace-Id
Country-Code
Decoy-Debug-Status
Memcached
X-Trace-Id
X-Thinkindot-L3
X-ServiceProvider
Decoy-Debug-Key
Decoy-Debug-TTL
X-Powered-By-ANYU
User-Cache-Control
WZWS-RAY
X-Datadome
X-NC
X-Info
X-Developers
X-Distributor
X-Gen-Mode
X-VCT
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fastly-Cache
X-Hnp-Log
X-WebServer
X-Device-Os
X-MI-In-Market
X-Swa-Ws
X-Stale
X-Thanos
X-UnsetCookies
X-Up
X-RCS-CacheZone
X-CUA
X-Request-UUID
X-Returned-From-PostProcessResponse
X-Served-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Sf
X-Returned-From
X-Policy
X-Phone
X-Location
X-Sentry-ID
X-LI-UUID
X-LI-Proto
X-Variation
X-Li-Pop
X-Nginx-Cache-Key
X-Node-Id
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-P-T
X-Varnish-Action
X-Li-Fabric
X-Bip
MI-Cache
MI-Cache-Age
X-Backend-TTL
Magicmarker
Web-Mar-Node
X-Cache-Expires
X-Cache-Debug
Kp-EeAlive
On-Server
Platform
Server-Int
Pagetype
True-Client-Country-4JS
Uber-Trace-Id
X-Actual-URL
Section-Io-Cache
Pragrma
Request-Country
Request-EU
Is-Eu
X-Block-Status
Cache-Cookie-Set-Idcheck
X-Crawler
Backend-Name
Fastly-Backend-Name
Cache-Cookie-Set-From
GW-Server
Esi-Enabled
Cache-Cookie-Set-Lfrom
Fastly-Soc-X-Request-Id
X-Croise-Owner
X-Core-Mission
Adler-Geo
X-Origin-Response-Time
X-CDN-Forward
Proxy-Connection
CDCHOST
X-MSEdge-Flight
X-MServer
X-MSEdge-Features
X-SVT-ORM-VERSION
REQUESTUUID
X-SVT-ORM-RULES
X-HOST
X-Instance-Name
X-Fstrz
X-NODE
X-Cache-CFC
X-SN
X-Cache-Srv
X-TT-LOGID
Version
X-Oss-Object-Type
X-Via-NSCOPI
X-Oss-Request-Id
X-Page-Type
X-NWS-UUID-VERIFY
X-Ms-Lease-State
X-Oss-Storage-Class
MIME-Version
MI-API
NodeID
X-Refresh
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Cache-FS-Status
X-Servername
RequestId
X-Req
HTTPS
X-Pjax-Url
X-Parent-Response-Time
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cteonnt-Length
X-Be
X-Unique-Id-Primal
ProcessTime
X-Oracle-Dms-Ecid
Group
X-Origin-TTL
X-Dynatrace-Js-Agent
X-BB-IP
V-Cache
Who
Memory
Amp-Access-Control-Allow-Source-Origin
Fusion-Source
X-GZip
Cdn
X-Ckpd-Fst-Backend
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Servedbyhost
CF-IPCountry
X-Aicache-OS
Mime-Version
SS
X-ND-Cache
X-SRV
Cdn-Request-Time
X-COUNTRY
X-Wa
X-Time
X-Content-Age
X-Edge-Server
Cdn-Host
X-Protected-By
GeoIP-Country-Code
SD-X-WS
X-Server-Group
X-Varnish-Url
CDN
GeoIP-Latitude
X-APP
Serverid
PageType
X-Varnish-Beresp-TTL
Get-Access-Time
Is-Session-Tracking
XServer
X-B3-Traceid
A
X-Generation-Time
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Pf-Uncompressing
X-ID
X-FireWall-Port
X-Fastly-Cache-Hits
X-Origin-Expires
X-Cache-Info
X-Origin-Date
GeoIp-Country-Code
X-Unique-Id
Geoip-Latitude
X-Vcache
X-GEO
X-Requestid
X-WA
X-StackifyID
X-Ratelimit-Remaining
PICS-Label
X-Gdpr
X-CS
X-Fastly-Country-Code
X-Origin-Host
X-EC-Security-Audit
X-Nananana
Nel
X-Load-Cache
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-CSRF-Token
Processtime
Node
X-RequestId
X-PHP-Host
NGX
Cf-Ipcountry
X-Server-W
X-Surge-Debug
X-SERVER-NAME
T-Server
DataCenter
X-Check-Cacheable
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-ServedByHost
X-HTML-Minification-Powered-By
URI
X-GZIP
X-Proxy-Upstream
X-Proxy-Cache-Status
Hostname
X-FORWARDED-FOR
X-NGINX-Cache
X-B3-SpanId
X-PF-Uncompressing
Vix-Hermes-Req-Id
X-UPSTREAM-Address
Load-Balancing
X-HS-Status
X-Feature
ServerName
WP-Super-Cache
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fe
X-Fastly-Backend-Reqs
X-VG-WebCache
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-ARC
X-BE
X-ServerName
X-Skip-Cache
Cache-Provider
X-Alicdn-Da-Ups-Status
X-Atg-Version
Cache-Tv-Group
X-WR-MODIFICATION
X-Proxy-Server
Request-Time
X-IPS-LoggedIn
Https
X-HTML-Edge-Cache
Requestid
X-PJAX-URL
RequestUuid
X-Akamai-SSL-Client-Sid
X-BACKEND-TTL
X-PAGE-TYPE
N-Cache
Host-ID
X-SB
X-VC
X-Cache-Ttl
PFcat
X-From-Cache
X-Distil-Cs
X-Amz-Meta-S3b-Last-Modified
Pics-Label
X-Micro-Cache
X-Dw-Trace-Id
X-Gen-Id
Build-Number
X-CSRF-TOKEN
Cdn-Src-Port
X-RAMCache
X-Grace-Duration