Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Amz-Cf-Pop
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
Grace
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-Server-Id
X-Host
X-Readtime
Report-To
X-Node
X-Rq
EagleEye-TraceId
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
X-CST
Feature-Policy
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Application-Context
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
Edge-Control
NEL
X-DynaTrace
Allow
Rating
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Cdn
X-Server-Name
X-Trace
X-Px
X-Vhost
X-DataDome
X-Ruxit-JS-Agent
X-ESI
X-Server-ID
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-MS-InvokeApp
RTSS
X-Cached
X-VARITI-CCR
Accept-CH
SPRequestGuid
X-Goog-Hash
Charset
X-PC
X-TtlSet
X-Vname
X-TTL
Pinterest-Generated-By
X-Mod-Pagespeed
X-F-Cache
X-D2id
Public-Key-Pins
X-Dispatcher
X-Exp-Id
X-Use-Magma
X-Exp-Variant
Verso
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-SharePointHealthScore
Arc-Version
PB-RID
PB-PID
X-Mobile-Rewrite
X-T
X-DynaTrace-JS-Agent
X-Version
X-Powered-By-Plesk
X-Abt-Application-Version
Accept-CH-Lifetime
X-Powered-CMS
X-DIS-Request-ID
X-Dns-Prefetch-Control
X-Ser
X-Fastly-Request-ID
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-Navigation-Version
X-Origin-Upstream-Status
X-Forwarded-Proto
X-Recruiting
X-Shield-Request-Id
X-B
DynaTrace
X-Client-IP
MS-Author-Via
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HW
SPIisLatency
Realpath
SPRequestDuration
Content-MD5
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Oneagent-Js-Injection
X-Upstream
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Vcap-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
Edge-Cache-Tag
X-Amz-Meta-S3cmd-Attrs
X-Wix-Server-Artifact-Id
X-Accel-Buffering
AR-CACHE
AR-ATIME
AR-PoweredBy
X-N
X-Ttl
X-Hits
TCN
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Debug
X-Oracle-Dms-Rid
X-NF-Request-ID
Access-Control-Request-Method
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Goog-Storage-Class
X-B3-TraceId-Primal
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NewRelic-App-Data
X-Dw-Request-Base-Id
X-XRDS-Location
S
X-ATG-Version
X-Id
Service-Worker-Allowed
X-FTR-Backend
X-Via-JSL
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Realm
X-Logged-In
X-FTR-Expires
Tracecode
X-FastCGI-Cache
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-Forwarded-For
Rt-Fastcgi-Cache
X-Content-Digest
X-Pad
X-Frontend
Alternate-Protocol
Surrogate-Key
X-Kinsta-Cache
Fastly-Restarts
X-RateLimit-Remaining
AMP-Access-Control-Allow-Source-Origin
MicrosoftSharePointTeamServices
X-Content-Options
Ar-Sid
X-FTR-Cache-Host
X-Cache-Key
X-Edge-Location
Server-Name
X-Amzn-Trace-Id
Fastcgi-Cache
Backend-Timing
X-Analytics
FilterID
Host
X-CF-Powered-By
X-Grace
X-IPLB-Instance
TP-Cache
TP-L2-Cache
X-Rid
X-User-Agent
X-Debug-Info
X-Hostname
X-Revision
ServerID
X-Magnolia-Registration
X-B3-Sampled
X-Whom
Eomportal-Instance
X-Request-Processing-Time
Paypal-Debug-Id
X-Request-Received
X-Cache-2
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-Page-Id
X-HS-Cache-Config
X-Mobile
AR-Request-ID
X-Srv
X-Akam-SW-Version
Front-End-Https
X-AOL-HN
X-URL
X-Content-Powered-By
Retry-After
X-Cache-Hit
X-VCache
X-B-Cache
X-GUploader-UploadID
X-Varnish-Grace
X-Litespeed-Cache
X-Signature
X-Cluster
Source
X-FB-Debug
X-Handled-By
X-LB-Cache
X-Device-Type
X-SS-Set-Cookie
X-Instance
X-Request-Guid
Refresh
Cleartype
X-Cache-Action
X-Correlation-Id
X-App-Environment
X-WA-Info
X-Cache-Control
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Platform-Server
X-BCube-Filmed-By
X-Tumblr-User
X-Framework
X-Zen-Fury
X-Content-Security-Policy-Report-Only
X-TA-CDN-Provider
X-Akamai-Edgescape
Webserver
X-Varnish-Backend
X-Webkit-CSP
X-Daa-Tunnel
X-Middleton-Display
X-Sol
Display
X-Cache-Server
X-Fastcgi-Cache
X-XRDS-LOCATION
X-Varnish-Server
X-Drupal-Cache-Tags
X-Az
X-AppVersion
X-Drupal-Cache-Contexts
X-Activity-Id
Healthy
X-Cache-Rule
X-Content-Type
X-Geo-Country
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Generated-By
ViewerVersion
X-Wix-Request-Id
Response
X-Seen-By
X-Middleton-Response
X-Cached-By
X-App-Server
S-Cnection
Server-Node
X-Cache-Age
Cache-Status
X-Accel-Expires
X-Node-Name
X-DataStream-Cache-Status
X-CACHE-GROUP
X-Amz-Apigw-Id
X-Origin-Server
X-Amz-Replication-Status
X-Amzn-RequestId
X-Esi
X-WPE-Loopback-Upstream-Addr
X-TT
Upgrade-Insecure-Requests
Payment
Host-Header
X-RequestSource
GEO-INFO
X-Response-Served-From
NGB
Filters
X-S
X-Locale
X-UA-Device-Type
X-Cacheable-TTL
HostName
Actual-Object-TTL
X-Edge-Cache
X-Cache-NE
X-Edge-Cache-Key
X-GeoIP
X-Varnish-IP
Viewport
X-FW-Type
X-Contextid
X-Servedby
X-Tumblr-Pixel-2
X-Jobs
X-FW-Hash
ServedBy
X-FW-Serve
X-FW-Static
X-FW-Server
X-Tumblr-Pixel-1
X-UUID
X-Status
X-Varnish-Hits
AsisCache
X-TX-ID
Access-Control-Allow-Method
X-TT-TIMESTAMP
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
Server-Info
Accept-Charset
X-Adobe-Loc
X-Adobe-Content
X-Storage
X-Vg-Webcache
X-HS-Combine-CSS
X-Hyper-Cache
SRV
Cache
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-Rendered-As
X-PHP-Backend
X-Cache-Remote
MS-CV
From-Origin
X-Croise-Owner
X-APP-VERSION
X-App-Version
X-Cache-Operation
Cache-Tag
Cache-Tv-Group
DC
X-Region
X-Forwarded-Host
Public-Key-Pins-Report-Only
Liferay-Portal
Served-By
X-Redis-Cache
X-Mode
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CACHE-KEY
X-Proxy-Build
X-Request-Time
X-RN-RSRV
X-Endurance-Cache-Level
X-Path-Route
Selected-FE
X-Upgrade-Enabled
X-Webstats-RespID
X-Agile-Id
X-Agile-Age
X-Cache-Var
X-Akamai-Request-ID2
X-Site-Version
X-Detected-As
X-Agile
X-TNCMS
X-Human
Fastcgi-X-Cache-Version
X-IP
Fastcgi-X-Cache
Fastcgi-Useragent
X-Generated
X-Hosted-By
X-Is-Bot
Machine
X-Timing-Wait
X-NGENIX-Cache
X-Cache-Var-Map
X-Loop
Meta-Geo
X-Akamai-Transformed
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
Origin-Edge-Control
Origin-Cache-Control
Now
Property-Id
S-Rt
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Connection-Speed
X-Routing-Service
X-Vgn-Hpd-Reason
X-BYPASS-REASON
X-NCache
X-Origin-Hint
X-Original-Request
X-Pc-Appver
X-Labrador-Cache-Channel
X-L-Path
X-Cache-Category-Id
X-Format
X-Internal-Host
X-JoinUs
X-Pc-Hit
X-Pc-Key
X-Grey
X-ProxyCache-Status
Webcakes-Region
X-CDN-Cache
X-Via-Fastly
X-Environment-Context
X-Proxied
X-ProxyCache-Key
Cache-Name
X-Zipkin-Id
Webcakes-App-Version
TWC-GeoIP-LatLong
Xserver
X-Pubstack
X-Proxy
X-RemovedCookies
X-FC-Vary-Parameters
X-Upstream-HT
X-Upstream-CT
X-Tumblr-Pixel-3
X-ProcessESI
X-Access
X-OCL
Powered-By-ChinaCache
X-UA
X-Birta-Served
X-Birta-Cache-Post
X-VG-TLSProxy
Datacenter
X-PCL
X-Section
Cache-Tags
DB-Nickname
X-Web-Node
X-Viewer-Country
X-Rule
X-Www-Served-By
X-Xfnlog-Site
X-Akamai-Request-ID
X-Origin-Response-Time
X-ServerID
X-Origin-CC
X-Backend-Name
Pagespeed
X-RateLimit-Limit
X-Time-Microsecs
X-Via-CDN
X-Origin-Host
X-Ocache
X-Cache-Config
X-Origin
Azure-RegionName
X-CCM
Azure-InstanceId
Azure-SiteName
Azure-Version
OT-Force-Account-Verify
Azure-SlotName
X-Tb
Mn-Server-Ip
X-Shopify-Stage
X-ShopId
X-TIME
X-Sorting-Hat-PodId
X-B3-Spanid
X-Sorting-Hat-ShopId
HitType
X-Alternate-Cache-Key
X-ShardId
X-Parent-Response-Time
X-Real-IP
X-App-Name
X-NODE
X-Guploader-Uploadid
X-Nginx-Cache
X-Cache-TTL
Accept-Language
X-OVcl-Cache
X-OVcl
X-Ezoic-Cdn
L5d-Success-Class
User-Cache-Control
Cache-Key
Vix-Hermes-Req-Id
X-Protected-By
NtCoent-Length
X-Edge-IP
LB
Content-Script-Type
Content-Style-Type
Time
X-Amz-Meta-Surrogate-Control
X-Newrelic-App-Data
X-Kong-Upstream-Latency
X-Proto
X-BACKEND-TTL
X-Kong-Proxy-Latency
X-Pc-Host
X-Pc-Date
X-Cache-Backend
X-Webkit-Csp
Ms-Operation-Id
X-RTag
X-Correlation-ID
X-GRACE
X-ApacheServer
X-PERF
X-Front
X-Nc
X-Real-Ip
X-Cdn-Forward
X-Mrs-Age
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-CDN-Forward
X-Hit
X-Unique-Id-Primal
X-Mrs-Cache
Section-Io-Cache
X-Sucuri-ID
X-Varnish-Beresp-Status
AR-SID
X-FB-TRIP-ID
X-Varnish-Cacheable
X-Varnish-Beresp-Grace
WZWS-RAY
X-Microcachable
X-Unique-ID
X-Debug-Cache
X-Dc
X-Content-Age
Access-Control-Request-Headers
X-C
X-Connection-Hash
Version
X-Twitter-Response-Tags
X-Cache-Enabled
X-Time
X-Transaction
X-Trace-Id
X-Varnish-Beresp-Ttl
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-EdgeConnect-Cache-Status
X-MP-GENERATED-AT
Warning
Country
X-CF-Lambda-Fn
X-Destination
X-Crawler
X-Clientip
X-Cache-Host
X-Cache-Id
X-CF-Lambda-Version
X-Cache-URL
X-D
X-CUA
X-Cache-FS-Status
X-Date
X-BB-ID
X-A-Dam
RNT-Machine
RNT-Time
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
Resin-Trace
X-A-Wwc
X-A
Rt-Proxy-Cache
V-Age
UCS
SS
Server-ID
Server-Host
VivaBuild
Viewtype
SD-X-WS
Rendered-Blocks
X-Actual-URL
Memcached
Uber-Trace-Id
X-Backend-State
X-Bip
X-Cache-Bucket
Locale
MD5-Digest
X-Cache-Debug
X-B-Cookie
X-Auto-Login
X-Aed
Powered-By
Release
X-Application
Platform
Meta-Geo-Continent
Mobile-Detection-Method
Node
Is-Eu
X-Qloud-Router
X-S-Maxage
X-S-Cookie
X-Rojux
X-ScT
X-Served-From
X-Server-Time
X-Server-By
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Request-UUID
X-Release
X-Response-By
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-SRCache-Key
X-Store
X-Via-Edge
X-VG-WebServer
X-Varnish-Action
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Variation
X-Var-Ttl
X-Trv-Group
X-Thanos
X-UE-Client-Country
X-Urbn-Context-Path
X-User
X-Urbn-Site-Id
X-Region-Sid
X-Reboot
X-Generated-In
X-G
X-FW-Version
X-GeoIP-Country-Code
X-Layer
X-Li-Pop
X-Li-Fabric
X-From
X-Fetched-On
X-Died
X-Device-Os
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-F5-Cache
X-External-Request-Id
X-LI-Proto
X-LI-UUID
X-PHP-Host
X-PAYTM-SRV-ID
IBM-Web2-Location
X-RCS-CacheZone
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Node-Id
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-Org
X-Passed-To-BeforeDispatch
X-Passed-To
X-Developer
X-A-Ccd
Adler-Geo
Fly-Cache
Fastly-SWR
Fly-Request-Id
Frame-Options
X-Ratelimit-Limit
X-Ua
Mail-Subject
Ajk
Fastly-SIE
Arc-Country
Cache-Prefix
BehaviorPad-Version
Countrycode
Ohc-File-Size
Fastly-Backend-Name
Ec-Rule-Version
X-Rocket-Nginx-Bypass
We-Hiring
Load-Balancing
X-NWS-UUID-VERIFY
X-Hl-Ver
Apple-News-Services-Host
X-Amz-Meta-Cache-Control
X-SVT-ORM-RULES
X-IN-WAF
X-IN-SSL-APIGATEWAY
AKAMAI
Apple-News-Services-Handled
X-Stale
X-IN-APIGATEWAY
Backend
X-Gen-Mode
X-Swa-Ws
X-Hash
X-SVT-ORM-VERSION
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Hnp-Log
X-Info
X-Eu-Site
X-Proxy-Cache-Status
X-Server-Group
X-Thinkindot-L3
X-Cache-Expires
X-Core-Value
X-Request-Start
X-Proxy-Upstream
X-No-Session
X-Matched-Rule
X-Key
X-Epic-Correlation-Id
X-CGP
X-Location
X-Sf
X-Block-Status
X-Server-IP
HA-Geolon
Backend-Name
HA-Servedtime
HA-Urlpath
Heartbleed
Pragrma
Request-Country
HA-Ipaddr
Request-EU
Origin
HA-Geolat
Kp-EeAlive
HA-Geocity
HA-Cloudapp
GW-Server
HA-Geocountry
GMS-Ver
HA-Host
Pramga
Country-Code
Thinkindot-Control
HA-Georegion
Ha-Gx-Prefs
X-UnsetCookies
Web-Mar-Node
Who
Thinkindot-CacheControl-Type
X-Via-NSCOPI
Esi-Enabled
Content-Disposition
Www
Thinkindot-CacheControl
V-Cache
Group
X-Be
User-Agent
X-GeoIP-City
X-MI-In-Market
X-Nginx-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-V
X-Instance-Name
X-ServiceProvider
X-Geo
X-Irp-Debug
On-Server
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Secret
X-Wikidot-Static-Cache
X-SIPLIST1
X-Gannett-Site-Version
X-Up
X-VCT
X-Wikidot-Backend
MI-API
X-Request-URI
X-Policy
X-Platform
X-Phone
X-P-T
True-Client-Country-4JS
Proxy-Connection
MI-Cache
MI-Cache-Age
X-TT-LOGID
HitInfo
X-Dynatrace-Js-Agent
X-Backend-Host
Cache-Cookie-Set-From
X-Backend-Url
X-Cache-CFC
X-Distil-CS
X-Developers
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
REQUESTUUID
IsBot
Fastly-SSL
Server-Int
CDCHOST
X-Distributor
Fastly-Soc-X-Request-Id
X-Fstrz
X-NX-Host
X-Debug-Log
X-Refresh
X-Cdn-Origin
X-Origin-Date
X-Origin-Expires
X-Debug-Cookies
Request-Time
X-Core-Mission
X-Origin-TTL
X-MSEdge-Flight
Magicmarker
X-MSEdge-Features
X-Sn-Servicetimems
X-ElasticPress-Search
X-Servername
X-Fastly-Cache
Pagetype
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-COUNTRY
X-DC
PFcat
X-Page-Type
RequestId
X-Planisys-CDN-Cache
X-Pjax-Url
X-Req
X-BBXSRF
X-EIG-Tracking-Id
Host-ID
PageSpeed
X-Powered-By-ANYU
X-VarnCache
X-Svr
X-VarnPar1
X-CACHE-AGE
X-Debug-Cache-Store
X-PARISIEN-Cache-Rendered
X-Debug-Cache-Fetch
X-Micro-Cache
X-NC
X-Debug-Cache-Expiry
X-HOST
X-Level-Front-Cache
X-Generated-On
X-Instart-Info
X-Newrelic-Synthetics
Mime-Version
MIME-Version
X-Datadome
ServerName
Lfy
Cache-Provider
Cdn
X-Cdn-Srv
Ohc-Response-Time
X-Server-Cache
X-Cache-Info
X-TWH-CORRELATION-ID
Cteonnt-Length
Memory
X-ARC
X-Cluster-Node
X-Gdpr
PICS-Label
X-Servedbyhost
Nel
CF-IPCountry
X-CMS-Context
FSS-Cache
X-Wa
X-StackifyID
FSS-Proxy
X-Sentry-ID
X-NodeID
X-Fastly-Country-Code
X-Flog
X-VServer
X-ABtesting
X-Aicache-OS
X-Hello
X-Load-Cache
GeoIP-Country-Code
X-WR-MODIFICATION
CDN
SN
GeoIP-Latitude
X-LAGOON
X-Fastly-Backend-Reqs
X-CSRF-TOKEN
XServer
NGX
X-HTML-Minification-Powered-By
GeoIp-Country-Code
Geoip-Latitude
X-GZip
CACHE
X-Varnish-Beresp-TTL
X-WA
X-UPSTREAM-Address
TSSecure
X-Check-Cacheable
X-Worker
X-Source
Amp-Access-Control-Allow-Source-Origin
X-MServer
X-CSRF-Token
Processtime
X-Csrf-Token
X-APP
Cf-Ipcountry
A
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Unique-Id
PageType
X-VWS-Id
X-SplitTest
X-Ratelimit-Remaining
X-LJ-Flow-ID
X-AWS-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
WP-Super-Cache
X-FireWall-Port
X-Varnish-Cache-Hits
X-Oss-Request-Id
X-CDN-Pop
X-Oss-Server-Time
X-Port
X-ServedByHost
X-Oss-Storage-Class
X-CDN-Pop-IP
X-Sedo-Request-Id
X-Dynatrace
X-Edge-Server
Pics-Label
X-GDPR
Cdn-Request-Time
X-Generation-Time
X-Cache-Miss-From
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
HTTPS
Cdn-Host
X-Nananana
Cache-Hits
X-SRV
X-VC-Cache
X-Skip-Cache
X-Sucuri-Cache
Odigeo-Trace-Id
X-Backend-TTL
URI
X-FORWARDED-FOR
DataCenter
X-ID
X-Cache-Grace
X-Owner
X-Ms-Lease-Status
X-Ms-Request-Id
X-B3-Traceid
X-Ms-Blob-Type
X-Ms-Version
Server-Cache-Control
X-IPS-LoggedIn
Server-Surrogate-Control
X-Fastly-Cache-Hits
X-Cache-ASPX
X-B3-SpanId
X-Varnish-Authentication
X-HS-Status
ProcessTime
X-Swift-Error
X-BE
X-RCS-Backend
Dynatrace
X-Gen-Id
Hostname
X-SN
X-PJAX-URL
X-GoCache-CacheStatus
X-Bug-Bounty
X-Varnish-Url
X-From-Cache
X-VG-WebCache
X-GZIP
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Alicdn-Da-Ups-Status
X-ND-Cache
X-ORIG-AKA-EDGE
X-PAGE-TYPE
X-NGINX-Cache
X-VarnPar2
X-Instart-Isnd
X-Cache-Srv
X-Ms-Lease-State
X-Fe
X-Cache-Ttl
Requestid
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
Serverid
X-Server-W
X-Varnish-URL
X-LiteSpeed-Cache-Control
WebServer
NodeID
X-ServerName
X-SB
X-RAMCache
X-VC
X-Pf-Uncompressing
T-Server
RequestUuid
X-ORIG-AKA-COUNTRY-CODE
Is-Session-Tracking
Xet-Cookie
X-Serial
Get-Access-Time
X-App
Proxy-Firewall
X-PF-Uncompressing
X-LiteSpeed-Tag
SID
NnCoection
X-HTML-Edge-Cache
X-RequestId
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Developed-By
X-CS
Location
X-Dw-Trace-Id