Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
X-Request-Id
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-Check
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-FRAME-OPTIONS
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
P3p
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Server
X-Hacker
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Kinja-Server-Push
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-Host
X-Response-Time
X-OneAgent-JS-Injection
X-WebKit-CSP
Surrogate-Control
X-Rq
X-Cnection
X-Backend-Server
X-Node
X-Server-Id
X-Readtime
Server-Timing
X-Rack-Cache
Report-To
EagleEye-TraceId
X-Application-Context
Request-Id
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Ua-Compatible
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
X-Country
Rating
X-Url
X-Server-Name
Pinterest-Generated-By
X-Px
X-Country-Code
X-DataDome
Allow
X-Varnish-TTL
X-MS-InvokeApp
X-Dns-Prefetch-Control
X-DynaTrace
X-Origin-Cache
X-TTL
X-Vhost
X-Vname
X-PC
X-TtlSet
X-Cached
X-Ruxit-JS-Agent
X-FTR-Request-ID
RTSS
X-ESI
X-Goog-Hash
Charset
X-DynaTrace-JS-Agent
X-Powered-CMS
X-VARITI-CCR
X-Powered-By-Plesk
SPRequestGuid
X-Trace
X-Server-ID
Accept-CH
X-Dispatcher
X-GitHub-Request-Id
Public-Key-Pins
X-D2id
X-SharePointHealthScore
X-Mod-Pagespeed
X-T
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-F-Cache
Content-MD5
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
Verso
MS-Author-Via
X-Oracle-Dms-Rid
X-Version
X-Recruiting
SPIisLatency
SPRequestDuration
X-B3-TraceId
X-Shield-Request-Id
X-Abt-Application-Version
Nginx-Cache
X-Client-IP
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-Navigation-Version
X-N
X-DIS-Request-ID
X-XRDS-Location
Pinterest-Version
AR-PoweredBy
X-Upstream-Env
AR-CACHE
X-Amz-Rid
X-Pinterest-Rid
AR-ATIME
X-ORACLE-DMS-RID
X-B
X-Dw-Request-Base-Id
X-Upstream
X-Origin-Upstream-Status
X-Fastly-Request-ID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Fastly-Restarts
DynaTrace
X-Amz-Meta-S3cmd-Attrs
Paypal-Debug-Id
X-Hits
X-Ser
TCN
X-Wix-Server-Artifact-Id
Realpath
X-Accel-Buffering
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Content-Options
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Arr-Disable-Session-Affinity
X-Pad
Service-Worker-Allowed
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
X-Content-Digest
Access-Control-Request-Method
S
X-Id
Front-End-Https
X-Varnish-Age
X-Amz-Cf-Pop
X-Debug
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-MSEdge-Ref
X-Vcap-Request-Id
X-RateLimit-Remaining
X-Frontend
X-IPLB-Instance
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-ATG-Version
X-Kinsta-Cache
Display
X-Middleton-Display
X-Sol
X-FastCGI-Cache
X-Cache-Hit
X-HS-Hub-Id
X-HS-Content-Id
X-Logged-In
Surrogate-Key
Edge-Cache-Tag
X-Forwarded-For
Fastcgi-Cache
Rt-Fastcgi-Cache
X-Zen-Fury
Powered-By-ChinaCache
X-Request-Processing-Time
X-Request-Received
MicrosoftSharePointTeamServices
X-Oneagent-Js-Injection
X-Ttl
X-Edge-Location
X-Use-Magma
Server-Name
X-Analytics
X-Debug-Info
X-Litespeed-Cache
Backend-Timing
Response
X-Middleton-Response
X-Rid
X-Webkit-Csp
X-Amzn-Trace-Id
Host
FilterID
X-Revision
X-User-Agent
TP-Cache
TP-L2-Cache
X-FTR-Cache-Host
X-Akam-SW-Version
Ar-Sid
AMP-Access-Control-Allow-Source-Origin
X-CF-Powered-By
X-Mobile
X-Grace
X-B3-TraceId-Primal
X-TA-CDN-Provider
X-SS-Set-Cookie
X-NewRelic-App-Data
X-Cache-Key
X-Drupal-Cache-Tags
X-HS-Cache-Config
X-Accel-Expires
Cache-Status
X-SERVER
X-Newrelic-App-Data
X-Magnolia-Registration
X-Cached-By
Refresh
Host-Header
X-GUploader-UploadID
AR-Request-ID
X-B3-Sampled
X-Varnish-Backend
ServerID
X-Webkit-CSP
X-Node-Name
X-AOL-HN
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Instance
X-Cluster
X-FB-Debug
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Fastcgi-Cache
X-Cache-2
X-Signature
X-B-Cache
Liferay-Portal
Cache-Tag
X-Akamai-Edgescape
X-Cache-Control
DC
X-Cache-Rule
X-Page-Id
X-LB-Cache
X-BCube-Filmed-By
X-Device-Type
X-Varnish-Hostname
X-Framework
X-App-Environment
Cleartype
X-Handled-By
X-Whom
Eomportal-Instance
X-Generated-By
X-Geo-Segment
X-Srv
X-Request-Guid
X-NWS-LOG-UUID
X-Az
X-Activity-Id
X-AppVersion
X-WPE-Loopback-Upstream-Addr
X-Drupal-Cache-Contexts
Public-Key-Pins-Report-Only
X-Cache-Action
X-App-Server
X-VCache
X-Cache-Server
Source
X-App-Version
X-Content-Powered-By
MS-CV
Retry-After
Accept-Charset
X-Via-JSL
X-Seen-By
X-Wix-Request-Id
X-TT
X-HS-Combine-CSS
X-Amz-Replication-Status
ViewerVersion
X-Correlation-Id
Alternate-Protocol
X-Hostname
X-Ruxit-Js-Agent
X-Esi
HostName
X-Varnish-Grace
X-Varnish-Server
X-WA-Info
X-Geo-Country
Webserver
Server-Node
Upgrade-Insecure-Requests
X-URL
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Cache-NE
X-Tumblr-Pixel-2
AsisCache
X-Response-Served-From
SRV
X-Amzn-RequestId
X-Amz-Apigw-Id
Actual-Object-TTL
X-Locale
X-GeoIP
AR-SID
X-RequestSource
GEO-INFO
ServedBy
X-Daa-Tunnel
X-Varnish-Hits
X-Jobs
X-FW-Hash
X-Servedby
X-S
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-FW-Type
X-FW-Static
X-Edge-Cache
Viewport
X-Edge-Cache-Key
X-FW-Serve
X-FW-Server
Payment
X-Contextid
Cache
X-Status
X-Varnish-IP
X-TX-ID
Pagespeed
X-Adobe-Loc
X-Adobe-Content
X-Cache-TTL-Remaining
X-TT-TIMESTAMP
X-Origin-Server
X-Cacheable-TTL
X-Vg-Webcache
X-Correlation-ID
X-RateLimit-Limit
X-Cache-Operation
X-Forwarded-Host
X-Hyper-Cache
S-Cnection
Datacenter
X-Amz-Server-Side-Encryption
X-Sucuri-ID
X-Cache-Age
Served-By
Server-Info
X-Real-IP
Country
X-Region
X-Mode
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
X-TIME
From-Origin
X-GRACE
CACHE
Access-Control-Allow-Method
X-DataStream-Cache-Status
Fastcgi-X-Cache-Version
X-Routing-Service
Meta-Geo
X-Ocache
X-Microcachable
X-Rule
Fastcgi-X-Cache
Machine
X-JoinUs
X-Cache-Var-Map
X-Rendered-As
X-Is-Bot
X-Generated
X-Detected-As
X-Site-Version
X-Cache-Var
X-RN-RSRV
X-Amz-Meta-Surrogate-Control
X-Cache-Config
X-Environment-Context
Healthy
X-L-Path
X-Path-Route
X-Proxy
X-Ezoic-Cdn
X-Upgrade-Enabled
X-Zipkin-Id
X-Proxied
X-Hosted-By
X-Cache-Category-Id
X-CDN-Cache
X-Grey
X-Format
X-Birta-Served
X-Birta-Cache-Post
Fastcgi-Useragent
L5d-Success-Class
OT-Force-Account-Verify
X-Viewer-Country
DB-Nickname
X-Access
X-Agile-Id
X-Agile-Age
X-Agile
X-Content-Type
X-Akamai-Transformed
X-EIG-Tracking-Id
X-Request-Time
Now
X-NGENIX-Cache
X-Section
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
TWC-Locale-Group
Webcakes-Region
X-Pc-Hit
X-Tb
X-TNCMS
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
X-OCL
X-Via-Fastly
X-Pc-Key
X-Loop
X-PCL
Cache-Name
TWC-Device-Class
TWC-GeoIP-LatLong
X-Labrador-Cache-Channel
S-Rt
X-FC-Vary-Parameters
X-Human
X-CCM
HitType
X-Hit
Xserver
PageSpeed
HitInfo
X-Pc-Appver
X-ServerID
X-Origin-Hint
X-VG-TLSProxy
X-Upstream-HT
X-SplitTest
X-OVcl
X-IP
X-Original-Request
X-RemovedCookies
X-BYPASS-REASON
X-Upstream-CT
X-AWS-Id
X-OVcl-Cache
X-ProxyCache-Status
X-Cluster-Node
X-LJ-Flow-ID
X-Pubstack
X-Origin
X-Xfnlog-Site
X-Web-Node
X-Via-CDN
X-ProcessESI
X-ProxyCache-Key
X-VWS-Id
Cache-Hits
X-Cdn
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-Version
Azure-SlotName
Accept-Language
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Www-Served-By
Mn-Server-Ip
X-Timing-Wait
X-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Rocket-Nginx-Bypass
Selected-FE
X-Proxy-Build
LB
X-ShardId
X-Cache-Enabled
X-Source
Content-Style-Type
Content-Script-Type
X-App-Name
X-Twitter-Response-Tags
X-Transaction
Origin-Edge-Control
Origin-Cache-Control
X-Connection-Hash
X-RTag
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-TWH-CORRELATION-ID
IBM-Web2-Location
Access-Control-Request-Headers
X-Unique-ID
Ms-Operation-Id
X-NodeID
X-Port
X-Cache-Remote
X-Geo
NtCoent-Length
Time
X-Guploader-Uploadid
NGB
X-Origin-CC
X-Cdn-Forward
X-Nginx-Cache
X-MP-GENERATED-AT
X-Distil-CS
X-Real-Ip
X-Edge-IP
X-Pc-Host
Filters
X-NCache
X-Pc-Date
X-Internal-Host
Mail-Subject
We-Hiring
Backend
X-UA
X-Tumblr-Pixel-3
X-Varnish-Cacheable
X-XRDS-LOCATION
X-CACHE-KEY
X-Proto
X-Debug-Cache
X-Cache-TTL
X-Ua
X-Storage
X-APP-VERSION
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Csrf-Token
User-Agent
X-CACHE-GROUP
X-Sucuri-Cache
X-UA-Device-Type
X-Webstats-RespID
X-Newrelic-Synthetics
Cache-Tags
X-Backend-Name
X-Varnish-Cache-Hits
X-PHP-Backend
Locale
X-Varnish-Beresp-Grace
X-Urbn-Site-Id
X-Akamai-Request-ID
X-Urbn-Context-Path
X-Varnish-Beresp-Status
X-Mrs-Age
X-PERF
X-Mrs-Cache
X-Mrs-Cache-Hits
X-ApacheServer
X-Mshield-Cache-Status
X-Ratelimit-Limit
X-ElasticPress-Search
Warning
Fastly-SSL
X-Dc
X-Nc
X-EdgeConnect-Cache-Status
X-C
X-B3-Spanid
X-CACHE-AGE
X-Endurance-Cache-Level
X-Eu-Site
X-Application
Ajk
Arc-Country
X-NU-AKA-ACS-Version
X-NX-Host
BehaviorPad-Version
X-Org
X-IN-APIGATEWAY
X-Hash
X-BBXSRF
Rendered-Blocks
X-From
X-PAYTM-SRV-ID
X-Platform
X-Died
X-Cache-Bucket
X-DPWN-IS-SECURE
Xc-Version
X-Accel-Expires-Debug
X-Aed
X-Epic-Correlation-Id
X-F5-Cache
HA-Geocountry
HA-Geolat
HA-Geolon
HA-Geocity
HA-Cloudapp
GMS-Ver
X-B-Cookie
HA-Georegion
Ha-Gx-Prefs
X-Backend-Host
X-External-Request-Id
HA-Urlpath
HA-Servedtime
HA-Host
HA-Ipaddr
MD5-Digest
X-Logtrace-Id
X-IN-WAF
X-Cache-Host
Mobile-Detection-Method
Odigeo-Trace-Id
Content-Disposition
X-IN-SSL-APIGATEWAY
X-BB-ID
Ec-Rule-Version
X-Backend-Url
FSS-Cache
FSS-Proxy
Fly-Request-Id
Fly-Cache
X-Irp-Debug
Meta-Geo-Continent
Cache-Prefix
X-GeoIP-Country-Code
SN
X-A
UCS
X-Cdn-Origin
X-Rewrite-Enabled
X-A-Ccd
X-Debug-Cookies
X-Varnish-Beresp-Ttl
X-VG-WebServer
X-Generated-In
X-Date
X-Rojux
X-Amz-Meta-Cache-Control
X-CF-Lambda-Fn
X-UE-Client-Country
X-Debug-Log
X-Server-By
X-CF-Lambda-Version
X-Trv-Group
X-ScT
VivaBuild
V-Age
X-S-Cookie
X-Server-Time
Viewtype
X-Destination
X-Developer
Resin-Trace
X-Region-Sid
X-SRCache-Key
X-Cache-Backend
TSSecure
X-D
X-Fetched-On
Cache-Key
X-A-Wwc
X-A-Dgt
X-Via-Edge
X-Sn-Servicetimems
X-Via-SSL
X-G
X-CGP
X-A-Dcw
Server-Host
Rt-Proxy-Cache
X-Store
X-A-Dam
X-Redis-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
X-FW-Version
Www
Release
Server-ID
X-Hl-Ver
X-GeoIP-City
RNT-Time
X-Hello
RNT-Machine
Pramga
Origin
Thinkindot-CacheControl
X-Layer
Memcached
X-Key
X-Gannett-Site-Version
X-ABtesting
X-Auto-Login
IsBot
X-Request-URI
X-Server-IP
X-Secret
X-ServiceProvider
X-SIPLIST1
X-Clientip
X-S-Maxage
X-Cache-URL
X-Backend-State
X-Request-Start
X-Cache-Id
X-Response-By
X-Developers
X-Thinkindot-L3
X-Trace-Id
X-Wikidot-Backend
X-We-Are-Hiring
X-Wikidot-Static-Cache
X-Worker
Powered-By
X-VServer
X-Core-Value
X-UnsetCookies
X-User
X-V
X-Var-Ttl
X-Release
X-Flog
Decoy-Debug-TTL
X-Matched-Rule
Decoy-Debug-Status
Decoy-Debug-Key
Country-Code
Countrycode
Fastly-SIE
Fastly-Soc-X-Request-Id
GW-Server
Heartbleed
X-Location
Frame-Options
Fastly-SWR
X-Reboot
X-No-Session
X-Dispatcher-Server
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
AKAMAI
X-Owner
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
User-Cache-Control
WZWS-RAY
X-NC
X-Datadome
X-Powered-By-ANYU
X-Distributor
X-Device-Os
X-RCS-CacheZone
X-Returned-From-PostProcessResponse
X-Sentry-ID
X-Served-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-CUA
X-Request-UUID
X-Returned-From
X-Sf
X-Stale
X-Varnish-Action
X-VCT
X-WebServer
X-Variation
X-Up
X-Swa-Ws
X-Thanos
X-Policy
X-Phone
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Instance-Name
X-Info
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-LI-UUID
X-MI-In-Market
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To
X-P-T
X-Nginx-Cache-Key
X-Node-Id
X-Gen-Mode
Web-Mar-Node
Pragrma
Platform
MI-Cache-Age
MI-Cache
Request-Country
Request-EU
Uber-Trace-Id
True-Client-Country-4JS
Server-Int
Section-Io-Cache
Magicmarker
Kp-EeAlive
Cache-Cookie-Set-From
Backend-Name
Adler-Geo
Pagetype
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Is-Eu
Fastly-Backend-Name
Esi-Enabled
X-Actual-URL
On-Server
X-Block-Status
X-Bip
X-Cache-Debug
X-Core-Mission
X-Croise-Owner
X-Crawler
X-Backend-TTL
X-Cache-Expires
X-Origin-Response-Time
X-CDN-Forward
X-SVT-ORM-RULES
X-Cache-CFC
X-DC
X-SN
X-SVT-ORM-VERSION
CDCHOST
X-Cache-Srv
X-Fastly-Cache
X-MSEdge-Flight
X-NODE
X-MSEdge-Features
X-TT-LOGID
X-Fstrz
X-MServer
Proxy-Connection
X-Via-NSCOPI
REQUESTUUID
X-HOST
Version
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Page-Type
X-Refresh
X-Oss-Server-Time
X-Ms-Lease-State
MI-API
NodeID
HTTPS
RequestId
X-Oss-Storage-Class
X-Cache-FS-Status
X-Be
X-Pjax-Url
X-Req
X-Parent-Response-Time
X-Kong-Upstream-Latency
X-Servername
X-Kong-Proxy-Latency
MIME-Version
Group
Cteonnt-Length
ProcessTime
X-Unique-Id-Primal
V-Cache
X-Oracle-Dms-Ecid
X-BB-IP
X-Dynatrace-Js-Agent
Who
X-Origin-TTL
Cdn
Amp-Access-Control-Allow-Source-Origin
X-GZip
Memory
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Ckpd-Fst-Backend
Fusion-Content-Source
Mime-Version
X-Servedbyhost
CF-IPCountry
X-Aicache-OS
X-Time
SS
X-ND-Cache
X-Edge-Server
X-Protected-By
X-Content-Age
Cdn-Request-Time
Cdn-Host
X-Wa
X-COUNTRY
GeoIP-Country-Code
X-Server-Group
SD-X-WS
GeoIP-Latitude
X-SRV
CDN
X-Varnish-Url
X-Varnish-Beresp-TTL
PageType
Get-Access-Time
Is-Session-Tracking
X-APP
XServer
X-RateLimit-Limit-Second
X-Pf-Uncompressing
A
X-B3-Traceid
X-Generation-Time
X-RateLimit-Remaining-Second
X-Cache-Info
X-Origin-Expires
Geoip-Latitude
Serverid
GeoIp-Country-Code
X-FireWall-Port
X-Unique-Id
X-Fastly-Cache-Hits
X-Origin-Date
X-Vcache
X-GEO
X-Requestid
X-StackifyID
X-WA
X-Ratelimit-Remaining
PICS-Label
X-Origin-Host
X-EC-Security-Audit
X-Gdpr
X-Fastly-Country-Code
X-CS
X-Nananana
Nel
X-ID
X-CSRF-Token
Cf-Ipcountry
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Load-Cache
Processtime
X-RequestId
X-SERVER-NAME
NGX
X-Surge-Debug
T-Server
DataCenter
X-Server-W
X-PHP-Host
Node
X-Qnm-Cache
X-Check-Cacheable
X-M-Reqid
X-M-Log
X-Proxy-Upstream
X-GZIP
X-HTML-Minification-Powered-By
X-Proxy-Cache-Status
URI
X-ServedByHost
Hostname
X-FORWARDED-FOR
X-NGINX-Cache
X-PF-Uncompressing
Vix-Hermes-Req-Id
X-Feature
X-UPSTREAM-Address
X-HS-Status
Load-Balancing
WP-Super-Cache
ServerName
X-B3-SpanId
X-Skip-Cache
X-Alicdn-Da-Ups-Status
X-Fe
X-ServerName
X-ARC
X-Fastly-Backend-Reqs
X-DataStream-MidMile-RTT
X-Planisys-CDN-Rules
X-DataStream-Origin-MEX-Latency
X-Planisys-CDN-Cache
X-VG-WebCache
X-Planisys-CDN-TTL
Cache-Provider
Cache-Tv-Group
X-BE
X-Atg-Version
X-HTML-Edge-Cache
Https
X-BACKEND-TTL
X-PJAX-URL
Request-Time
X-Proxy-Server
X-IPS-LoggedIn
RequestUuid
Requestid
X-WR-MODIFICATION
X-Akamai-SSL-Client-Sid
X-PAGE-TYPE
X-Micro-Cache
Host-ID
X-Cache-Ttl
X-Distil-Cs
N-Cache
PFcat
X-From-Cache
X-SB
X-VC
Pics-Label
X-GDPR
X-Amz-Meta-S3b-Last-Modified
Cdn-Src-Port
X-RAMCache
X-Gen-Id
X-Dw-Trace-Id
X-CSRF-TOKEN
Build-Number
X-Grace-Duration