Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-Request-ID
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Server-Id
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-Application-Context
X-CST
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
X-Url
Rating
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Country
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Cdn
X-B3-TraceId
X-Trace
X-Px
X-Server-ID
X-DataDome
X-Vhost
X-Server-Name
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Ruxit-JS-Agent
RTSS
Accept-CH
X-ESI
X-Goog-Hash
X-Cached
X-MS-InvokeApp
Charset
Pinterest-Generated-By
X-Mod-Pagespeed
X-TTL
SPRequestGuid
X-TtlSet
X-PC
X-Vname
X-F-Cache
Verso
Public-Key-Pins
X-D2id
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-Version
X-Dispatcher
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Navigation-Version
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Rid
MS-Author-Via
X-Recruiting
Realpath
X-Client-IP
DynaTrace
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Vcap-Request-Id
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Nginx-Cache
Content-MD5
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Ttl
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Hits
X-Debug
X-Varnish-Age
X-N
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Oracle-Dms-Rid
X-Goog-Storage-Class
X-Aspnet-Version
X-MSEdge-Ref
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Via-JSL
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Id
TCN
X-XRDS-Location
S
X-ATG-Version
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
Service-Worker-Allowed
X-NewRelic-App-Data
X-Logged-In
X-Oneagent-Js-Injection
Alternate-Protocol
X-FastCGI-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Kinsta-Cache
X-Frontend
Surrogate-Key
Tracecode
Rt-Fastcgi-Cache
X-PressLabs-Stats
X-Cache-Key
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-Forwarded-For
X-Pad
X-FTR-Cache-Host
X-Grace
MicrosoftSharePointTeamServices
Fastly-Restarts
X-RateLimit-Remaining
X-CF-Powered-By
Server-Name
X-Amzn-Trace-Id
X-Edge-Location
Backend-Timing
X-Content-Options
X-Analytics
X-Ruxit-Js-Agent
Host
TP-L2-Cache
TP-Cache
FilterID
X-Cache-2
X-User-Agent
X-Rid
X-Magnolia-Registration
Fastcgi-Cache
X-Whom
X-B3-Sampled
X-Debug-Info
ServerID
X-IPLB-Instance
X-Revision
Ar-Sid
Eomportal-Instance
X-Page-Id
X-Mobile
X-Hostname
X-Request-Received
X-Request-Processing-Time
AR-Request-ID
X-NWS-LOG-UUID
X-Srv
Paypal-Debug-Id
X-Akam-SW-Version
X-VCache
X-URL
X-AOL-HN
Front-End-Https
Retry-After
Refresh
X-Content-Powered-By
X-Signature
X-GUploader-UploadID
X-Litespeed-Cache
X-B-Cache
X-LB-Cache
X-Request-Guid
X-Handled-By
X-Framework
X-Cluster
X-Cache-Action
Source
X-Device-Type
X-SS-Set-Cookie
X-App-Environment
Cleartype
X-Varnish-Hostname
X-FB-Debug
X-Tumblr-User
X-WA-Info
X-Cache-Control
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-BCube-Filmed-By
X-Varnish-Grace
X-Cache-Hit
X-Akamai-Edgescape
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-HS-Cache-Config
Webserver
X-Activity-Id
X-AppVersion
X-Az
X-Esi
X-Zen-Fury
X-Middleton-Display
X-Correlation-Id
X-Sol
Display
X-XRDS-LOCATION
X-Content-Type
X-Varnish-Backend
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Healthy
X-Fastcgi-Cache
X-Cache-Rule
X-Cache-Server
X-TA-CDN-Provider
X-Middleton-Response
Response
X-Seen-By
X-Drupal-Cache-Tags
X-Varnish-Server
X-Wix-Request-Id
X-Daa-Tunnel
ViewerVersion
X-TT
Upgrade-Insecure-Requests
X-Drupal-Cache-Contexts
X-App-Server
X-Generated-By
X-Cached-By
X-Origin-Server
X-Geo-Country
Cache-Status
S-Cnection
X-DataStream-Cache-Status
X-CACHE-GROUP
Accept-Charset
X-Cache-Age
Server-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amz-Replication-Status
X-Accel-Expires
Payment
NGB
X-UA-Device-Type
X-S
X-Response-Served-From
Filters
Access-Control-Allow-Method
GEO-INFO
X-Cacheable-TTL
X-Edge-Cache
X-Edge-Cache-Key
X-Adobe-Content
X-Contextid
X-Servedby
X-Adobe-Loc
X-Locale
X-Status
X-Varnish-IP
ServedBy
X-Cache-NE
X-Jobs
X-RequestSource
Viewport
X-UUID
Actual-Object-TTL
X-FW-Type
X-Tumblr-Pixel-1
X-FW-Static
X-FW-Hash
X-TT-TIMESTAMP
X-TX-ID
X-Varnish-Hits
X-Tumblr-Pixel-2
X-FW-Server
X-FW-Serve
AsisCache
Server-Info
X-Amz-Server-Side-Encryption
X-Storage
Cache-Tv-Group
X-WebKit-CSP-Report-Only
X-GeoIP
X-PHP-Backend
MS-CV
X-Dns-Prefetch-Control
X-WPE-Loopback-Upstream-Addr
X-Cache-Remote
HostName
X-Node-Name
X-Cache-TTL-Remaining
X-Rendered-As
X-Croise-Owner
Cache
Host-Header
From-Origin
X-Region
SRV
X-APP-VERSION
X-Cache-Operation
X-Vg-Webcache
X-App-Version
X-Webkit-CSP
X-Hyper-Cache
X-Redis-Cache
Served-By
X-Dynatrace-Js-Agent
Liferay-Portal
Public-Key-Pins-Report-Only
X-UA
Cache-Tag
DC
X-Mode
X-HS-Combine-CSS
X-BACKEND-TTL
X-Site-Version
X-Upgrade-Enabled
X-Agile-Age
Meta-Geo
X-Cache-Var
X-Agile
X-Is-Bot
X-Cache-Var-Map
X-IP
X-Akamai-Transformed
X-Human
X-Proxy-Build
X-Path-Route
X-Webstats-RespID
X-RN-RSRV
X-TNCMS
X-NGENIX-Cache
X-Detected-As
X-Timing-Wait
Machine
X-Generated
X-Loop
X-Agile-Id
X-Hosted-By
Selected-FE
X-Forwarded-Host
X-NCache
X-Labrador-Cache-Channel
X-L-Path
X-JoinUs
X-Original-Request
X-Pc-Appver
X-TIME
Powered-By-ChinaCache
X-Internal-Host
X-Grey
Origin-Cache-Control
Now
Cache-Name
Origin-Edge-Control
X-BYPASS-REASON
X-Environment-Context
X-CDN-Cache
X-Cache-Category-Id
X-Pc-Hit
X-Endurance-Cache-Level
X-Upstream-HT
X-Pc-Key
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Web-Node
X-Request-Time
X-Upstream-CT
X-ProxyCache-Status
X-ProxyCache-Key
X-Viewer-Country
S-Rt
X-Birta-Cache-Post
X-ProcessESI
X-Akamai-Request-ID
X-Origin-Response-Time
DB-Nickname
X-Birta-Served
X-Proxy
X-Origin
X-Tumblr-Pixel-3
X-Time-Microsecs
X-FC-Vary-Parameters
X-Origin-Host
X-Pubstack
X-VG-TLSProxy
X-RemovedCookies
X-ServerID
X-B3-Spanid
X-Xfnlog-Site
X-Www-Served-By
X-Via-CDN
Azure-InstanceId
Azure-RegionName
X-Backend-Name
Azure-SiteName
X-Tb
Fastcgi-X-Cache
X-Rule
X-Guploader-Uploadid
X-CCM
X-Cache-Config
X-Ocache
X-OCL
X-PCL
X-Origin-CC
Fastcgi-Useragent
Fastcgi-X-Cache-Version
Azure-SlotName
Mn-Server-Ip
X-Format
Azure-Version
Cache-Tags
X-Proxied
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-Access
X-Section
X-Origin-Hint
X-Routing-Service
Pagespeed
X-Yottaa-Optimizations
TWC-Device-Class
X-Zipkin-Id
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
X-Kong-Proxy-Latency
TWC-Locale-Group
X-Yottaa-Metrics
TWC-GeoIP-LatLong
TWC-Privacy
X-Kong-Upstream-Latency
X-App-Name
Content-Style-Type
Content-Script-Type
X-Parent-Response-Time
HitType
Cache-Key
X-Newrelic-App-Data
Xserver
X-Protected-By
User-Cache-Control
X-Edge-IP
AR-SID
Vix-Hermes-Req-Id
Datacenter
OT-Force-Account-Verify
X-Cache-TTL
X-CACHE-KEY
X-Nginx-Cache
Ms-Operation-Id
X-Ezoic-Cdn
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-RTag
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Akamai-Request-ID2
X-Correlation-ID
Time
X-PERF
X-OVcl
X-OVcl-Cache
X-Cache-Backend
X-Real-Ip
X-FB-TRIP-ID
X-ApacheServer
X-Pc-Date
NtCoent-Length
X-Pc-Host
X-Unique-Id-Primal
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Ratelimit-Limit
L5d-Success-Class
X-Mrs-Age
Accept-Language
X-Mrs-Cache
X-Webkit-Csp
X-Cdn-Forward
X-Content-Age
X-Front
X-Real-IP
X-RateLimit-Limit
Country
X-CDN-Forward
LB
Load-Balancing
X-Proto
X-Amz-Meta-Surrogate-Control
X-Debug-Cache
X-Varnish-Cacheable
X-COUNTRY
Section-Io-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Ohc-File-Size
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
WZWS-RAY
X-Unique-ID
X-Sucuri-ID
X-Hit
X-Hl-Ver
X-Nc
X-MP-GENERATED-AT
X-GRACE
X-Trace-Id
We-Hiring
Mail-Subject
Version
Warning
X-Microcachable
User-Agent
X-EdgeConnect-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Geo
X-C
X-Connection-Hash
X-Returned-From-BeforeDispatch
X-Developer
X-Device-Os
X-Cache-Debug
X-BB-ID
X-Bip
X-Cache-Bucket
X-Returned-From-DLL
X-Cache-Enabled
X-Cache-Expires
X-Cache-URL
X-D
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Date
X-Cache-Id
X-Crawler
X-Destination
X-Cache-FS-Status
X-Cache-Host
X-CUA
X-Accel-Expires-Debug
RNT-Time
Resin-Trace
Request-Time
Rt-Proxy-Cache
SD-X-WS
SS
Server-ID
Server-Host
Rendered-Blocks
Release
Mobile-Detection-Method
Meta-Geo-Continent
Memcached
Node
PFcat
Powered-By
Platform
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Died
X-A-Wwc
X-A-Dgt
X-Actual-URL
X-Aed
X-Auto-Login
X-Application
X-A-Dcw
X-A-Dam
Viewtype
V-Age
Thinkindot-Control
VivaBuild
Www
X-A-Ccd
X-A
X-B-Cookie
X-Returned-From
X-Rebelmouse-Cache-Control
X-Rojux
X-Rewrite-Enabled
X-ScT
X-S-Maxage
X-Passed-To-BeforeDispatch
X-Var-Ttl
X-Served-From
X-Thinkindot-L3
X-Server-Time
X-SRCache-Key
X-Reboot
X-Server-By
X-Thanos
X-Rebelmouse-Surrogate-Control
X-Swa-Ws
X-Variation
MD5-Digest
X-Passed-To-PostProcessResponse
X-PAYTM-SRV-ID
X-PHP-Host
X-Qloud-Router
X-S-Cookie
X-Passed-To-DLL
X-RCS-CacheZone
X-WebServer
X-Varnish-Action
X-We-Are-Hiring
X-VG-WebServer
X-Via-SSL
X-Via-Edge
X-Returned-From-PostProcessResponse
X-Store
X-Layer
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Response-By
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Request-UUID
X-Generated-In
X-G
X-External-Request-Id
X-DPWN-IS-SECURE
X-Transaction
X-Fetched-On
X-FW-Version
X-From
X-LI-UUID
X-Logtrace-Id
X-Passed-To
X-Twitter-Response-Tags
X-UE-Client-Country
Xc-Version
X-Region-Sid
X-User
X-P-T
X-Org
X-Matched-Rule
X-Trv-Group
X-Node-Id
X-TT-LOGID
X-Release
X-NU-AKA-ACS-Version
X-Dispatcher-Server
RNT-Machine
Fastly-SWR
Adler-Geo
Fastly-SIE
Ajk
Fly-Cache
Arc-Country
Frame-Options
Fly-Request-Id
BehaviorPad-Version
Fastly-Backend-Name
IBM-Web2-Location
Access-Control-Request-Headers
Ec-Rule-Version
Is-Eu
X-Via-NSCOPI
Cache-Prefix
X-Rocket-Nginx-Bypass
Pagetype
Backend
AKAMAI
X-Clientip
X-Distributor
X-Cache-CFC
Content-Disposition
Country-Code
X-Amz-Meta-Cache-Control
X-Backend-State
X-Block-Status
Cache-Cookie-Set-Idcheck
X-F5-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-GeoIP-Country-Code
X-Server-Group
X-Server-IP
X-Request-Start
X-Proxy-Cache-Status
X-Origin-Expires
X-Phone
X-ServiceProvider
X-Sf
X-UnsetCookies
X-Time
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Stale
X-Origin-Date
X-No-Session
X-Hnp-Log
X-IN-APIGATEWAY
X-Hash
Countrycode
X-Gen-Mode
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-MI-In-Market
X-Nginx-Cache-Key
X-Location
X-Key
X-Info
X-Fstrz
X-Proxy-Upstream
True-Client-Country-4JS
MI-Cache-Age
On-Server
Web-Mar-Node
Origin
GW-Server
MI-Cache
Magicmarker
Kp-EeAlive
MI-API
Server-Int
Fastly-SSL
GMS-Ver
Esi-Enabled
Decoy-Debug-Status
Pramga
Decoy-Debug-TTL
Heartbleed
Proxy-Connection
Decoy-Debug-Key
X-ElasticPress-Search
X-Dc
X-Be
X-NODE
HA-Geolon
HA-Geolat
X-Fastly-Cache
HA-Urlpath
X-V
HA-Georegion
X-Gannett-Site-Version
X-Up
X-Page-Type
X-Micro-Cache
X-Policy
X-Secret
X-Request-URI
HA-Servedtime
HA-Ipaddr
X-Eu-Site
REQUESTUUID
IsBot
HA-Host
X-SIPLIST1
X-Irp-Debug
Ha-Gx-Prefs
HA-Geocountry
X-Backend-Url
X-Backend-Host
X-Core-Value
X-MSEdge-Flight
X-Svr
HA-Cloudapp
Who
X-Core-Mission
Backend-Name
X-Epic-Correlation-Id
X-Distil-CS
X-CGP
X-MSEdge-Features
HA-Geocity
X-Ua
X-DC
X-Wikidot-Backend
X-Developers
X-Refresh
X-Level-Front-Cache
X-Origin-TTL
X-NX-Host
Pragrma
X-Generated-On
X-Cdn-Origin
X-Platform
X-Wikidot-Static-Cache
X-Sn-Servicetimems
X-Debug-Cache-Store
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Debug-Log
CDCHOST
X-Debug-Cookies
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-CACHE-AGE
Apple-News-Services-Handled
PageSpeed
ServerName
X-Instart-Info
X-Urbn-Site-Id
X-Planisys-CDN-Rules
Locale
Lfy
X-NC
X-Urbn-Context-Path
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Servername
X-Instance-Name
RequestId
Request-Country
Uber-Trace-Id
UCS
Request-EU
X-Server-Cache
X-PARISIEN-Cache-Rendered
Host-ID
X-VarnPar1
X-VarnCache
X-Cdn-Srv
X-NWS-UUID-VERIFY
Ohc-Response-Time
X-Cache-Info
V-Cache
Group
X-ARC
X-VCT
X-GeoIP-City
X-Req
MIME-Version
X-Pjax-Url
X-Newrelic-Synthetics
Cteonnt-Length
X-Datadome
HitInfo
Memory
Cache-Provider
X-CMS-Context
PICS-Label
X-BBXSRF
Cdn
Mime-Version
X-Powered-By-ANYU
X-Gdpr
X-Ratelimit-Remaining
X-Servedbyhost
X-EIG-Tracking-Id
Nel
X-LAGOON
X-TWH-CORRELATION-ID
X-WR-MODIFICATION
CF-IPCountry
NGX
X-Wa
X-StackifyID
X-Aicache-OS
CDN
X-HTML-Minification-Powered-By
XServer
X-B3-Traceid
X-Load-Cache
GeoIP-Latitude
GeoIP-Country-Code
X-FireWall-Port
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-Cluster-Node
X-Fastly-Country-Code
Cf-Ipcountry
X-Varnish-Cache-Hits
X-RateLimit-Limit-Second
X-Generation-Time
X-UPSTREAM-Address
Geoip-Latitude
GeoIp-Country-Code
X-RateLimit-Remaining-Second
X-WA
FSS-Cache
X-NodeID
FSS-Proxy
X-Sentry-ID
X-Flog
X-ABtesting
X-VServer
X-Check-Cacheable
Processtime
X-Sedo-Request-Id
X-FORWARDED-FOR
Amp-Access-Control-Allow-Source-Origin
X-Hello
X-Cache-Miss-From
X-SRV
X-Csrf-Token
SN
X-HOST
X-Source
X-Cache-Grace
X-Unique-Id
CACHE
X-Varnish-Beresp-TTL
X-Varnish-Authentication
X-Oss-Server-Time
X-Cache-ASPX
X-Oss-Request-Id
X-Oss-Storage-Class
X-APP
X-Oss-Object-Type
X-CDN-Pop
X-GZip
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-CDN-Pop-IP
Server-Surrogate-Control
Server-Cache-Control
WP-Super-Cache
X-RCS-Backend
TSSecure
X-Nananana
X-IPS-LoggedIn
DataCenter
X-Dynatrace
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-CSRF-Token
Cdn-Host
Pics-Label
X-Varnish-Url
URI
X-VC-Cache
X-Skip-Cache
X-MServer
Cdn-Request-Time
X-GDPR
X-Worker
X-Edge-Server
X-ID
X-HS-Status
A
X-Instart-Isnd
X-ND-Cache
X-VG-WebCache
Is-Session-Tracking
X-PJAX-URL
Get-Access-Time
X-B3-SpanId
X-Fastly-Cache-Hits
X-GoCache-CacheStatus
PageType
X-From-Cache
X-Sucuri-Cache
X-BE
X-Swift-Error
Dynatrace
X-Port
Hostname
Proxy-Firewall
HTTPS
X-Pf-Uncompressing
X-AWS-Id
X-LJ-Flow-ID
X-SplitTest
X-VWS-Id
X-Gen-Id
X-Backend-TTL
X-Bug-Bounty
X-Amzn-Remapped-Date
Powered
X-Server-W
Odigeo-Trace-Id
X-GZIP
X-Amzn-Remapped-Connection
FastCGI-Cache
Requestid
X-Owner
X-Cache-Ttl
X-ORIG-AKA-EDGE
X-VarnPar2
X-SN
X-NGINX-Cache
X-Amz-Meta-S3b-Last-Modified
X-Pc-Subdomain
Serverid
Cache-Hits
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-HostName
X-LiteSpeed-Cache-Control
X-Dw-Trace-Id
X-Varnish-URL
T-Server
X-Fe
X-ORIG-AKA-COUNTRY-CODE
X-Serial
X-GEO
X-SB
X-RAMCache
X-VC
X-ServerName
WebServer
RequestUuid
X-FE
X-Requestid
X-RequestId
Correlation-Id
X-LiteSpeed-Tag
Xet-Cookie
X-PF-Uncompressing
X-CS
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Version
SID
X-HTML-Edge-Cache
X-Akamai-SSL-Client-Sid
NnCoection
Location
X-Ms-Blob-Type
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Developed-By