Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
X-Request-ID
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
CF-Ray
Access-Control-Max-Age
X-Backend
X-AH-Environment
X-Ua-Compatible
X-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Server
X-Via
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-CST
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-Server-Id
X-Ac
X-Node
Server-Timing
X-OneAgent-JS-Injection
Feature-Policy
Allow
X-Iejgwucgyu
X-Response-Time
X-Cnection
X-Rq
Content-Location
X-Backend-Server
X-Cache-Lookup
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
P3p
X-ORACLE-DMS-ECID
X-Url
X-Rack-Cache
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Instart-Request-ID
X-DataDome
X-Px
X-Ruxit-JS-Agent
X-Vhost
X-MS-InvokeApp
Charset
X-Mod-Pagespeed
X-VARITI-CCR
Edge-Control
Accept-CH
X-Goog-Hash
X-GitHub-Request-Id
PB-RID
PB-PID
Verso
Arc-Version
X-Mobile-Rewrite
X-Varnish-TTL
X-Version
X-TtlSet
X-PC
X-Cdn
X-Vname
X-Server-Name
X-DynaTrace
X-B3-TraceId
X-Powered-By-Plesk
X-ESI
X-D2id
Pinterest-Generated-By
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Cached
X-TTL
X-Origin-Upstream-Status
X-Upstream-Env
SPRequestGuid
X-ORACLE-DMS-RID
X-Dispatcher
X-Server-ID
X-Powered-CMS
X-SharePointHealthScore
X-Abt-Application-Version
X-T
MS-Author-Via
X-Recruiting
Accept-CH-Lifetime
RTSS
X-Navigation-Version
Public-Key-Pins
X-Shield-Request-Id
X-Trace
Content-MD5
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
SPRequestDuration
SPIisLatency
X-HW
X-Fastly-Request-ID
X-DIS-Request-ID
Arr-Disable-Session-Affinity
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Forwarded-Proto
Realpath
X-DynaTrace-JS-Agent
X-F-Cache
X-B
X-Oracle-Dms-Rid
X-Upstream
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Amz-Meta-S3cmd-Attrs
X-Ser
Service-Worker-Allowed
X-Via-JSL
Pinterest-Version
X-Pinterest-Rid
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Id
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-Dw-Request-Base-Id
Front-End-Https
X-Dns-Prefetch-Control
Paypal-Debug-Id
X-FTR-Expires
AR-Request-ID
X-Ttl
X-Vcap-Request-Id
X-Varnish-Age
X-Debug
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Nginx-Cache
X-XRDS-Location
X-Hits
X-Kinsta-Cache
X-N
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-NF-Request-ID
X-FTR-Cache-Host
X-Logged-In
Ar-Sid
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
S
X-Akam-SW-Version
X-NewRelic-App-Data
X-Frontend
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
Alternate-Protocol
X-User-Agent
AMP-Access-Control-Allow-Source-Origin
Tracecode
X-DataStream-Cache-Status
X-CACHE-GROUP
X-FastCGI-Cache
X-Amzn-Trace-Id
X-Grace
X-Cache-Key
Server-Name
X-Pad
X-TA-CDN-Provider
X-Content-Digest
DynaTrace
Refresh
X-Content-Options
Backend-Timing
X-Analytics
Powered-By-ChinaCache
MicrosoftSharePointTeamServices
X-Zen-Fury
Accept-Charset
X-Az
X-AppVersion
X-Content-Type
X-LB-Cache
X-Activity-Id
X-Middleton-Display
X-IPLB-Instance
Host
FilterID
X-Rid
X-Sol
Display
X-Page-Id
MS-CV
X-Debug-Info
Access-Control-Request-Method
X-CF-Powered-By
TCN
ServerID
X-Magnolia-Registration
Fastcgi-Cache
TP-Cache
TP-L2-Cache
Response
Cache-Status
X-Middleton-Response
X-Cache-Hit
X-Mobile
X-Content-Powered-By
X-ATG-Version
X-RateLimit-Remaining
X-Seen-By
X-Srv
X-WA-Info
X-VCache
Surrogate-Key
X-Fastcgi-Cache
X-Hostname
X-GUploader-UploadID
X-B3-Sampled
Rt-Fastcgi-Cache
X-Revision
X-Cached-By
X-Request-Received
X-Request-Processing-Time
X-Varnish-Backend
X-SS-Set-Cookie
X-Cache-Action
X-Signature
X-Ruxit-Js-Agent
VIX-Pulpo-Upstream-Status
X-Cluster
X-B-Cache
VIX-Pulpo-Node
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Content-Security-Policy-Report-Only
X-Instance
X-Cache-Age
X-Whom
X-Drupal-Cache-Tags
X-Request-Guid
Source
Cleartype
X-XRDS-LOCATION
X-PHP-Backend
X-Wix-Request-Id
X-Platform-Server
X-Akamai-Edgescape
X-Handled-By
Host-Header
X-Framework
ViewerVersion
X-TT
X-Origin-Server
X-App-Environment
X-Edge-Location
Server-Info
X-Cache-Control
X-BCube-Filmed-By
DC
X-Oneagent-Js-Injection
X-Generated-By
X-NWS-LOG-UUID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Geo-Country
X-Cache-Rule
X-App-Server
X-Varnish-Hostname
X-FW-Type
X-FW-Serve
X-FW-Static
X-FW-Server
X-AOL-HN
X-FW-Hash
X-Real-IP
X-Cache-2
Retry-After
Server-Node
X-Varnish-Server
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Eomportal-Instance
X-Correlation-Id
X-FB-Debug
Payment
Webserver
Cache
X-TT-TIMESTAMP
X-Response-Served-From
Actual-Object-TTL
X-Amz-Server-Side-Encryption
Access-Control-Allow-Method
X-Device-Type
AsisCache
X-Tumblr-Pixel-2
ServedBy
X-Tumblr-Pixel-1
X-Varnish-Hits
X-Cacheable-TTL
X-Jobs
NGB
X-Varnish-Grace
X-UUID
Filters
GEO-INFO
X-WebKit-CSP-Report-Only
X-Region
Ms-Operation-Id
X-RTag
Content-Style-Type
X-TX-ID
Content-Script-Type
Viewport
X-Servedby
Healthy
Upgrade-Insecure-Requests
X-Adobe-Content
X-Contextid
X-Adobe-Loc
X-Varnish-IP
X-RequestSource
X-Rendered-As
X-Locale
X-Amz-Replication-Status
X-Drupal-Cache-Contexts
X-WPE-Loopback-Upstream-Addr
X-Cache-Config
Country
Cache-Tv-Group
X-UA-Device-Type
X-Accel-Expires
X-Esi
Edge-Cache-Tag
From-Origin
X-Cache-TTL-Remaining
HitType
X-Ezoic-Cdn
X-Cache-Server
X-Cache-Remote
X-Cache-TTL
X-BACKEND-TTL
X-VG-WebCache
X-Cache-Operation
Fastcgi-Useragent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Pagespeed
Fastly-Restarts
X-FW-Dynamic
X-Content-Age
X-Hit
Cache-Tags
X-Upgrade-Enabled
X-Storage
X-APP-VERSION
X-Redis-Cache
X-S
X-RateLimit-Limit
X-App-Version
X-Mode
Datacenter
Cache-Tag
X-Source
Served-By
NtCoent-Length
X-Cache-Var
X-Detected-As
X-Is-Bot
X-Akamai-Request-ID
X-Internal-Host
X-Hl-Ver
X-Generated
X-Backend-Name
X-NGENIX-Cache
Origin-Cache-Control
Origin-Edge-Control
Load-Balancing
Machine
X-Cache-Var-Map
X-Rule
X-RN-RSRV
X-JoinUs
X-NCache
X-Origin-Response-Time
X-Path-Route
SRV
Meta-Geo
X-Daa-Tunnel
X-FC-Vary-Parameters
X-Environment-Context
X-Edge-IP
X-Grey
X-Hosted-By
X-Origin-Host
X-Loop
X-L-Path
X-CDN-Cache
X-Cache-Category-Id
X-Agile
X-GeoIP
Selected-FE
Now
X-Agile-Age
X-Agile-Id
X-BYPASS-REASON
X-Birta-Served
X-Birta-Cache-Post
X-Proxy
X-Labrador-Cache-Channel
X-Time-Microsecs
Xserver
X-ServerID
X-Timing-Wait
X-TNCMS
X-Cache-NE
X-Www-Served-By
X-Web-Node
X-ProxyCache-Status
X-Pubstack
X-ProxyCache-Key
X-Tb
Vix-Hermes-Req-Id
X-Proxy-Build
TWC-GeoIP-LatLong
Webcakes-App-Version
Property-Id
X-Varnish-Cacheable
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Webcakes-Region
X-Via-Fastly
X-Pc-Appver
X-Origin-Hint
X-Pc-Hit
X-Pc-Key
X-PERF
Cache-Name
X-IP
X-Viewer-Country
X-ApacheServer
X-ProcessESI
X-Status
X-Human
Cache-Key
X-RemovedCookies
X-Varnish-Cache-Hits
Azure-InstanceId
Azure-RegionName
Azure-SiteName
S-Rt
X-PCL
X-Debug-Cache
X-CCM
X-Format
X-OCL
Azure-SlotName
X-Site-Version
Fastcgi-X-Cache-Version
Azure-Version
DB-Nickname
X-Akamai-Transformed
We-Hiring
X-Section
X-Xfnlog-Site
X-Cache-Enabled
X-MP-GENERATED-AT
X-Zipkin-Id
X-Routing-Service
X-Access
X-Proxied
Public-Key-Pins-Report-Only
Mail-Subject
X-Original-Request
X-VG-TLSProxy
X-GRACE
X-App-Name
X-Origin
X-Microcachable
Access-Control-Request-Headers
X-Sucuri-ID
X-Upstream-Proxy
X-Ocache
User-Cache-Control
X-DataStream-MidMile-RTT
S-Cnection
X-Guploader-Uploadid
X-DataStream-Origin-MEX-Latency
X-Protected-By
X-Cdn-Forward
Liferay-Portal
X-EdgeConnect-Cache-Status
X-Request-Time
X-CACHE-KEY
X-Nginx-Cache
X-GEO
AR-SID
X-FW-Version
X-UA
User-Agent
X-Tumblr-Pixel-3
X-Webstats-RespID
PageSpeed
X-Proto
Cache-Hits
X-FB-TRIP-ID
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Origin-CC
X-Correlation-ID
X-ES-SERVER
Ohc-File-Size
X-Node-Name
X-Ua
LB
X-Trace-Id
Powered
X-Webkit-CSP
X-Upstream-CT
X-Upstream-HT
X-Varnish-Beresp-Ttl
X-Time
X-Endurance-Cache-Level
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Forwarded-Host
X-Unique-ID
Frame-Options
X-Nc
X-Pc-Date
X-Pc-Host
X-Parent-Response-Time
X-Pc-Subdomain
X-Cache-Backend
L5d-Success-Class
X-OVcl
X-OVcl-Cache
X-ElasticPress-Search
X-V
Nel
Section-Io-Cache
X-Rocket-Nginx-Bypass
IBM-Web2-Location
X-Origin-TTL
X-Edge-Cache-Key
X-Server-Cache
OT-Force-Account-Verify
X-Edge-Cache
X-Vgn-Hpd-Reason
Fastcgi-X-Cache
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-R9-Blue-Green-Version
HostName
X-NU-AKA-ACS-Version
Viewtype
X-Rojux
Memcached
VivaBuild
Meta-Geo-Continent
X-ARC
X-S-Cookie
Node
Powered-By
X-Origin-Date
X-Origin-Expires
Rendered-Blocks
X-Server-By
X-PAYTM-SRV-ID
X-S-Maxage
X-Application
X-ScT
X-PHP-Host
Mobile-Detection-Method
X-Rewrite-Enabled
X-Region-Sid
Country-Code
Fastly-SIE
X-Cache-FS-Status
X-BB-ID
Cache-Prefix
X-Request-UUID
X-Aed
X-Cache-Bucket
X-Block-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Ec-Rule-Version
Arc-Country
X-Amz-Meta-Cache-Control
GMS-Ver
X-Rebelmouse-Cache-Control
X-Auto-Login
Decoy-Debug-Status
Www
BehaviorPad-Version
X-Rebelmouse-Surrogate-Control
X-Reboot
Fastly-SWR
X-Accel-Expires-Debug
Fly-Cache
Fly-Request-Id
X-B-Cookie
MD5-Digest
X-CF-Lambda-Fn
X-UE-Client-Country
X-Server-Group
X-Date
X-User
X-Generated-In
X-TT-LOGID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LI-UUID
X-LI-Proto
X-Hnp-Log
X-Transaction
X-Trv-Group
X-Gen-Mode
X-Destination
X-Newrelic-App-Data
X-VG-WebServer
X-Distil-CS
X-We-Are-Hiring
X-Wikidot-Backend
Xc-Version
X-DPWN-IS-SECURE
X-Developer
X-From
X-Fetched-On
X-External-Request-Id
X-Li-Pop
X-Twitter-Response-Tags
X-Wikidot-Static-Cache
X-Li-Fabric
X-CF-Lambda-Version
X-SRCache-Key
X-IN-WAF
X-Info
X-Irp-Debug
X-Cache-URL
X-Cache-Id
X-Cache-Host
X-ServiceProvider
X-Cache-Info
X-Micro-Cache
X-IN-SSL-APIGATEWAY
X-Cdn-Srv
X-Connection-Hash
X-IN-APIGATEWAY
Resin-Trace
X-Sucuri-Cache
X-Core-Mission
X-Distributor
True-Client-Country-4JS
X-Node-Id
X-Fastly-Cache
X-FireWall-Port
X-Died
X-Dispatcher-Server
X-Matched-Rule
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Backend-Url
X-C
Server-Host
X-Passed-To
X-NX-Host
X-Backend-Host
Web-Mar-Node
X-Cache-Grace
Thinkindot-CacheControl
SD-X-WS
Who
X-Generated-On
X-Clientip
X-A-Wwc
X-CUA
X-Actual-URL
X-D
X-Nginx-Cache-Key
X-Cache-Expires
X-Alternate-Cache-Key
X-Location
X-Crawler
X-Debug-Cookies
X-A-Dam
X-A-Ccd
X-A
X-Cache-Debug
X-A-Dcw
X-A-Dgt
X-Debug-Log
X-Hash
X-Bip
X-G
X-Logtrace-Id
X-Sf
X-Cluster-Node
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Server-IP
X-Passed-To-BeforeDispatch
X-ShardId
X-Level-Front-Cache
X-Returned-From-BeforeDispatch
X-Returned-From
X-Request-URI
CDCHOST
Backend
Ajk
X-Response-By
Adler-Geo
X-ShopId
X-Shopify-Stage
X-Variation
X-Var-Ttl
X-Thinkindot-L3
X-Varnish-Action
Mn-Server-Ip
X-TIME
X-Via-NSCOPI
X-Thanos
X-Swa-Ws
X-Sorting-Hat-PodId
X-SIPLIST1
X-Sorting-Hat-ShopId
X-SERVER
X-Svr
X-Stale
Content-Disposition
X-Server-Time
X-Policy
On-Server
X-Proxy-Cache-Status
X-Proxy-Upstream
X-RateLimit-Limit-Second
Lfy
Origin
Platform
X-Passed-To-DLL
Request-Time
Countrycode
X-Passed-To-PostProcessResponse
Proxy-Connection
IsBot
Magicmarker
Is-Eu
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
X-RateLimit-Remaining-Second
X-Via-CDN
Warning
X-HS-Cache-Config
Ha-Gx-Prefs
X-Eu-Site
HA-Ipaddr
X-Instart-Isnd
CACHE
X-Key
RNT-Machine
X-F5-Cache
X-Fstrz
X-CGP
X-Platform
X-LAGOON
X-GeoIP-Country-Code
X-Epic-Correlation-Id
RNT-Time
X-Generation-Time
X-Device-Os
X-Secret
X-Gannett-Site-Version
X-Backend-State
X-UnsetCookies
SS
Pramga
GW-Server
X-Core-Value
X-Developers
Pagetype
X-No-Session
X-Qloud-Router
X-MSEdge-Flight
Heartbleed
X-Croise-Owner
Server-Int
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-MSEdge-Features
AKAMAI
Release
Fastly-SSL
X-Dc
X-TrackingId
X-Up
X-Debug-Cache-Expiry
Apple-News-Services-Handled
X-Page-Type
X-Varnish-Url
X-Varnish-Authentication
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Debug-Cache-Fetch
X-Amz-Meta-Surrogate-Control
Apple-News-Services-Request-Url
X-Debug-Cache-Store
Version
Server-Cache-Control
Kp-EeAlive
X-Cache-ASPX
Server-ID
Server-Surrogate-Control
X-EIG-Tracking-Id
X-Cache-Miss-From
X-Sedo-Request-Id
X-Servername
PFcat
X-Pjax-Url
X-B3-Traceid
REQUESTUUID
NGX
X-Dynatrace-Js-Agent
X-Refresh
X-NC
MIME-Version
RequestId
X-Store
Esi-Enabled
X-Be
SID
X-Cache-CFC
FastCGI-Cache
X-CDN-Forward
X-URL
X-B3-SpanId
X-RCS-CacheZone
X-SN
X-Owner
MI-API
MI-Cache
MI-Cache-Age
X-MI-In-Market
X-Layer
X-Ratelimit-Remaining
X-Oss-Request-Id
X-From-Cache
Odigeo-Trace-Id
X-IPS-LoggedIn
X-Oss-Storage-Class
X-RequestId
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Time
HA-Host
HA-Urlpath
X-Servedbyhost
X-FPC
HA-Servedtime
HA-Georegion
HA-Geocountry
HA-Geolat
HA-Geolon
HA-Cloudapp
HA-Geocity
PICS-Label
Cdn
X-Unique-Id-Primal
Cteonnt-Length
Backend-Name
X-Mrs-Cache
X-Mrs-Age
HTTPS
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
CF-IPCountry
X-Geo
X-Hyper-Cache
X-CMS-Context
Cdn-Host
X-Edge-Server
X-Webkit-Csp
Cdn-Request-Time
X-CSRF-TOKEN
X-Varnish-Ttl
X-Ratelimit-Limit
Mime-Version
X-Real-Ip
X-CLOUD-TRACE-CONTEXT
X-Req
X-Wa
CDN
Processtime
Hostname
X-DC
X-Phone
Memory
X-WebServer
ProcessTime
X-Instart-Info
X-Datadome
Ohc-Response-Time
X-HS-Combine-CSS
X-Load-Cache
Cf-Ipcountry
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Mobile-URL
X-Request-Start
GeoIP-Country-Code
X-B3-Spanid
X-Release
X-WR-MODIFICATION
Cross-Origin-Window-Policy
X-NodeID
X-Pf-Uncompressing
GeoIP-Latitude
X-Aicache-OS
X-VServer
X-Newrelic-Synthetics
XServer
X-PF-Uncompressing
X-HTML-Minification-Powered-By
X-GZip
X-Atg-Version
X-Server-W
X-Lb-Id
X-Skip-Cache
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
X-ND-Cache
URI
T-Server
Rt-Proxy-Cache
X-WA
X-Served-From
X-FORWARDED-FOR
Accept-Ch-Lifetime
Ohc-Cache-HIT
X-GoCache-CacheStatus
X-Oracle-Dms-Ecid
X-VC-Cache
X-Nananana
X-LB-ID
X-Tb-Optimization-Total-Bytes-Saved
X-COUNTRY
X-Cms-Context
X-MServer
X-Unique-Id
Uber-Trace-Id
Pics-Label
X-Gateway-Cache-Key
X-Cdn-Origin
X-Gateway-Cache-Status
X-CSRF-Token
X-Sn-Servicetimems
X-ServedByHost
X-Worker
V-Age
N-Cache
X-UCC
X-Gateway-Skip-Cache
X-SRV
X-APP
A
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-LiteSpeed-Cache-Control
Proxy-Firewall
X-UPSTREAM-Address
X-Fastly-Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-SERVER-NAME
X-Dynatrace
Get-Access-Time
X-HS-Status
Is-Session-Tracking
X-P-T
X-GZIP
DataCenter
X-Processor
X-CACHE-AGE
X-BE
X-Backend-TTL
X-Hp-Webp
X-Check-Cacheable
ServerName
X-BBXSRF
X-Requestid
X-NGINX-Cache
X-ID
X-RCS-Backend
Dnion-Transfer-Encoding
X-Optimization
X-Cache-HT
Cneonction
X-HostName
Requestid
Geoip-Latitude
X-Vg-Webcache
X-Varnish-URL
X-GDPR
X-PAGE-TYPE
Dynatrace
X-Port
X-Fe
X-StackifyID
X-Csrf-Token
GeoIp-Country-Code
X-PJAX-URL
RequestUuid
X-NWS-UUID-VERIFY
Serverid
X-Dw-Trace-Id
Cache-Provider
WZWS-RAY
WP-Super-Cache
X-Git-Hash
X-Org
Host-ID
Server-Id
X-GeoIP-City
X-Amzn-Remapped-Content-Length
X-VCT
X-LiteSpeed-Tag
X-ServerName
X-Geo-Header
Lb
X-Fastly-Backend-Reqs
X-RAMCache
X-Request-Url
Xxline
X-CS
DSUID
178proxuri
188prxHost
219prxHost
225prxHost
286prxHost
189phosttRef
X-Via-SSL
409pxxline
355prline
352pxline
X-Via-Edge