Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-Request-ID
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Amz-Cf-Pop
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-Host
X-Server-Id
X-Readtime
Report-To
X-Node
X-Rq
EagleEye-TraceId
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
X-CST
Feature-Policy
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Application-Context
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
NEL
Edge-Control
X-DynaTrace
Allow
Rating
X-Url
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Cdn
X-Trace
X-Server-Name
X-Px
X-Vhost
X-DataDome
X-Ruxit-JS-Agent
X-Server-ID
X-ESI
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-MS-InvokeApp
X-VARITI-CCR
RTSS
X-Cached
Accept-CH
SPRequestGuid
X-Goog-Hash
Charset
X-PC
X-Vname
X-TtlSet
Pinterest-Generated-By
X-Mod-Pagespeed
X-D2id
X-F-Cache
Public-Key-Pins
X-Dispatcher
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
Verso
X-SharePointHealthScore
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-TTL
X-T
X-DynaTrace-JS-Agent
X-Version
X-Powered-By-Plesk
X-Abt-Application-Version
Accept-CH-Lifetime
X-Powered-CMS
X-DIS-Request-ID
X-Dns-Prefetch-Control
X-Ser
X-Fastly-Request-ID
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
X-Navigation-Version
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Recruiting
X-Forwarded-Proto
X-B
DynaTrace
MS-Author-Via
X-Client-IP
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
SPIisLatency
SPRequestDuration
X-HW
Content-MD5
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Oneagent-Js-Injection
X-Upstream
X-Ttl
X-Vcap-Request-Id
Nginx-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Edge-Cache-Tag
X-Amz-Meta-S3cmd-Attrs
X-Accel-Buffering
X-Wix-Server-Artifact-Id
AR-CACHE
AR-ATIME
AR-PoweredBy
X-N
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Debug
X-Varnish-Age
X-NF-Request-ID
X-Oracle-Dms-Rid
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-NewRelic-App-Data
X-Dw-Request-Base-Id
X-XRDS-Location
X-ATG-Version
S
X-Id
Service-Worker-Allowed
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FastCGI-Cache
X-Via-JSL
X-Logged-In
X-FTR-Expires
Tracecode
X-PressLabs-Stats
X-HS-Hub-Id
X-Forwarded-For
X-HS-Content-Id
X-Content-Digest
Rt-Fastcgi-Cache
Alternate-Protocol
X-Pad
X-Frontend
X-Kinsta-Cache
Surrogate-Key
Fastly-Restarts
X-RateLimit-Remaining
AMP-Access-Control-Allow-Source-Origin
MicrosoftSharePointTeamServices
X-Content-Options
Ar-Sid
X-FTR-Cache-Host
X-Cache-Key
Server-Name
X-Edge-Location
X-Amzn-Trace-Id
X-Analytics
Backend-Timing
Fastcgi-Cache
Host
FilterID
X-CF-Powered-By
X-Grace
X-IPLB-Instance
TP-Cache
TP-L2-Cache
X-User-Agent
X-Rid
X-Debug-Info
X-Hostname
ServerID
X-Magnolia-Registration
X-B3-Sampled
X-Revision
X-Whom
Eomportal-Instance
X-Request-Processing-Time
X-Cache-2
Paypal-Debug-Id
X-Request-Received
X-NWS-LOG-UUID
X-Ruxit-Js-Agent
X-Page-Id
X-HS-Cache-Config
X-Mobile
AR-Request-ID
X-Srv
X-Akam-SW-Version
Front-End-Https
X-AOL-HN
Retry-After
X-Content-Powered-By
X-VCache
X-Cache-Hit
X-B-Cache
X-Signature
X-URL
X-GUploader-UploadID
X-Varnish-Grace
X-Litespeed-Cache
X-Handled-By
X-SS-Set-Cookie
X-Device-Type
Source
X-Cluster
X-LB-Cache
X-FB-Debug
X-WA-Info
X-Instance
X-Cache-Action
X-App-Environment
Cleartype
X-Varnish-Hostname
Refresh
X-Request-Guid
X-Correlation-Id
X-BCube-Filmed-By
X-Tumblr-Pixel-0
X-Platform-Server
X-Tumblr-Pixel
X-Framework
X-Tumblr-User
X-Cache-Control
X-Content-Security-Policy-Report-Only
X-TA-CDN-Provider
X-Zen-Fury
X-Akamai-Edgescape
Webserver
X-Varnish-Backend
X-Webkit-CSP
X-Daa-Tunnel
X-Middleton-Display
Display
X-Sol
X-XRDS-LOCATION
X-Drupal-Cache-Tags
X-Cache-Server
X-Varnish-Server
X-Activity-Id
X-Drupal-Cache-Contexts
X-AppVersion
X-Az
Healthy
X-Geo-Country
X-Content-Type
VIX-Pulpo-Node
X-Generated-By
X-Cache-Rule
VIX-Pulpo-Upstream-Status
Response
ViewerVersion
X-Middleton-Response
X-Seen-By
X-Wix-Request-Id
S-Cnection
Server-Node
X-Cache-Age
X-App-Server
X-Cached-By
Cache-Status
X-Accel-Expires
X-Node-Name
X-Fastcgi-Cache
X-DataStream-Cache-Status
X-CACHE-GROUP
X-Origin-Server
X-Amz-Apigw-Id
X-Amz-Replication-Status
X-Amzn-RequestId
X-Esi
Upgrade-Insecure-Requests
X-TT
X-Response-Served-From
X-S
X-RequestSource
Payment
NGB
Filters
GEO-INFO
X-WPE-Loopback-Upstream-Addr
X-Locale
X-Cacheable-TTL
X-UA-Device-Type
HostName
Host-Header
Viewport
X-GeoIP
X-Varnish-IP
X-Edge-Cache-Key
X-Edge-Cache
X-Cache-NE
ServedBy
Actual-Object-TTL
X-Servedby
X-Contextid
X-FW-Serve
X-FW-Hash
X-Jobs
X-FW-Type
X-FW-Server
X-FW-Static
X-Tumblr-Pixel-2
X-UUID
X-Tumblr-Pixel-1
X-Status
X-Varnish-Hits
X-TT-TIMESTAMP
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
AsisCache
X-TX-ID
Access-Control-Allow-Method
Server-Info
Accept-Charset
X-Adobe-Content
X-Adobe-Loc
X-Storage
X-Vg-Webcache
SRV
X-Hyper-Cache
X-HS-Combine-CSS
Cache
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
X-Cache-Remote
X-Rendered-As
X-PHP-Backend
From-Origin
MS-CV
X-Croise-Owner
X-App-Version
X-APP-VERSION
Cache-Tag
X-Cache-Operation
DC
Cache-Tv-Group
X-Region
X-Forwarded-Host
Public-Key-Pins-Report-Only
X-Redis-Cache
Served-By
Liferay-Portal
X-Yottaa-Optimizations
X-Mode
X-Yottaa-Metrics
X-CACHE-KEY
Machine
X-IP
Fastcgi-X-Cache
Meta-Geo
Fastcgi-X-Cache-Version
Fastcgi-Useragent
X-Akamai-Transformed
X-Agile-Age
X-Agile-Id
X-Agile
X-Endurance-Cache-Level
X-RN-RSRV
Selected-FE
X-Human
X-Cache-Var
X-Akamai-Request-ID2
X-Site-Version
X-Timing-Wait
X-Cache-Var-Map
X-Loop
X-Request-Time
X-Is-Bot
X-Hosted-By
X-TNCMS
X-Proxy-Build
X-Path-Route
X-NGENIX-Cache
X-Upgrade-Enabled
X-Detected-As
X-Generated
TWC-Device-Class
X-Vgn-Hpd-Reason
TWC-GeoIP-Country
X-ProxyCache-Status
X-Webstats-RespID
X-Zipkin-Id
Cache-Name
X-ProxyCache-Key
Now
Property-Id
X-Format
TWC-Connection-Speed
X-Via-Fastly
S-Rt
X-Grey
X-CDN-Cache
X-Original-Request
X-Internal-Host
X-JoinUs
X-Pc-Hit
X-Origin-Hint
X-Proxied
X-BYPASS-REASON
X-Pc-Appver
X-Cache-Category-Id
X-L-Path
X-Environment-Context
Webcakes-App-Name
TWC-Privacy
X-Pc-Key
Webcakes-App-Version
X-Labrador-Cache-Channel
X-Routing-Service
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
Xserver
X-Upstream-CT
X-RemovedCookies
Cache-Tags
X-Upstream-HT
X-Access
X-Section
X-Web-Node
Origin-Edge-Control
Origin-Cache-Control
X-UA
Powered-By-ChinaCache
DB-Nickname
X-Pubstack
X-Viewer-Country
X-NCache
X-ProcessESI
X-VG-TLSProxy
X-Birta-Cache-Post
X-Birta-Served
X-Via-CDN
X-FC-Vary-Parameters
X-Backend-Name
X-Origin-Response-Time
X-Time-Microsecs
X-Origin-Host
X-Www-Served-By
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-ServerID
Datacenter
X-Origin
X-Cache-Config
X-Origin-CC
X-Xfnlog-Site
X-OCL
Pagespeed
X-Ocache
X-Proxy
X-RateLimit-Limit
X-PCL
Azure-RegionName
OT-Force-Account-Verify
Azure-SiteName
Azure-SlotName
X-CCM
Mn-Server-Ip
Azure-InstanceId
Azure-Version
X-ShardId
X-Tb
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
HitType
X-B3-Spanid
X-TIME
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Real-IP
X-Rule
X-Parent-Response-Time
X-App-Name
X-Nginx-Cache
Accept-Language
X-NODE
X-Cache-TTL
X-Ezoic-Cdn
X-Guploader-Uploadid
L5d-Success-Class
Vix-Hermes-Req-Id
X-Edge-IP
X-Protected-By
Cache-Key
X-OVcl-Cache
X-OVcl
NtCoent-Length
LB
Content-Style-Type
Content-Script-Type
User-Cache-Control
X-Amz-Meta-Surrogate-Control
X-Newrelic-App-Data
Time
X-Kong-Proxy-Latency
X-Proto
X-Kong-Upstream-Latency
X-BACKEND-TTL
X-Webkit-Csp
X-Pc-Host
X-Cache-Backend
X-Pc-Date
X-RTag
Ms-Operation-Id
X-Correlation-ID
X-GRACE
X-ApacheServer
X-PERF
X-Real-Ip
X-Front
X-Nc
X-Cdn-Forward
X-Unique-Id-Primal
Section-Io-Cache
X-CDN-Forward
X-Hit
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Sucuri-ID
X-Varnish-Beresp-Grace
AR-SID
X-Varnish-Beresp-Status
X-FB-TRIP-ID
X-Varnish-Cacheable
X-Debug-Cache
X-Unique-ID
WZWS-RAY
X-Microcachable
Access-Control-Request-Headers
X-Content-Age
X-Connection-Hash
X-C
Version
X-Transaction
X-Dc
X-Twitter-Response-Tags
X-Varnish-Beresp-Ttl
Fusion-Component-Id
X-EdgeConnect-Cache-Status
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Trace-Id
X-Time
X-MP-GENERATED-AT
X-Cache-Enabled
Warning
Country
X-CUA
X-Cache-Bucket
X-Cache-Debug
X-D
X-Destination
X-Date
X-Crawler
X-Clientip
X-Cache-Id
X-Cache-Host
X-Bip
X-Cache-URL
X-CF-Lambda-Fn
X-Cache-FS-Status
X-CF-Lambda-Version
X-WebServer
X-Application
RNT-Machine
Resin-Trace
Rendered-Blocks
RNT-Time
Rt-Proxy-Cache
Server-Host
SD-X-WS
Release
Powered-By
MD5-Digest
Locale
Is-Eu
Meta-Geo-Continent
Mobile-Detection-Method
Platform
Node
Server-ID
SS
X-Actual-URL
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
X-Auto-Login
X-Backend-State
X-B-Cookie
X-A-Dgt
X-A-Dcw
Viewtype
V-Age
Uber-Trace-Id
VivaBuild
Xc-Version
X-A-Dam
X-A-Ccd
X-BB-ID
X-From
X-Passed-To-PostProcessResponse
X-Served-From
X-Server-By
X-PAYTM-SRV-ID
X-PHP-Host
X-Qloud-Router
X-ScT
X-Passed-To-DLL
X-Server-Time
X-Store
X-Thanos
X-Org
X-SRCache-Key
X-Passed-To-BeforeDispatch
X-Passed-To
X-RCS-CacheZone
IBM-Web2-Location
X-Reboot
X-Returned-From-BeforeDispatch
X-Region-Sid
X-Returned-From
X-Request-UUID
X-Response-By
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-S-Maxage
X-Rebelmouse-Cache-Control
X-S-Cookie
X-Rebelmouse-Surrogate-Control
X-Rewrite-Enabled
X-Rojux
X-Trv-Group
X-UE-Client-Country
X-Via-SSL
X-We-Are-Hiring
X-FW-Version
X-G
X-VG-WebServer
X-Via-Edge
X-Release
X-Fetched-On
X-Died
X-Device-Os
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-F5-Cache
X-External-Request-Id
X-Generated-In
X-Varnish-Action
X-LI-UUID
X-LI-Proto
X-Logtrace-Id
X-Urbn-Context-Path
X-NU-AKA-ACS-Version
X-Node-Id
X-Li-Pop
X-Urbn-Site-Id
X-Layer
X-GeoIP-Country-Code
X-Li-Fabric
X-Variation
X-User
X-Var-Ttl
X-Developer
X-A
Mail-Subject
Fastly-SIE
Fastly-Backend-Name
Fastly-SWR
Fly-Cache
Load-Balancing
Fly-Request-Id
We-Hiring
Ec-Rule-Version
BehaviorPad-Version
Cache-Prefix
Arc-Country
Countrycode
Adler-Geo
Ajk
Ohc-File-Size
Frame-Options
X-Ratelimit-Limit
X-Ua
X-NWS-UUID-VERIFY
X-Hl-Ver
X-Sf
X-Stale
X-Thinkindot-L3
X-Server-IP
X-UnsetCookies
X-Server-Group
AKAMAI
Apple-News-Services-Host
X-SVT-ORM-VERSION
X-Swa-Ws
Www
Backend-Name
Backend
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-SVT-ORM-RULES
Apple-News-Services-Handled
X-Request-Start
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Info
X-Key
X-No-Session
X-Matched-Rule
X-Location
X-Hash
Who
X-CGP
X-Via-NSCOPI
X-Proxy-Cache-Status
X-Core-Value
X-Rocket-Nginx-Bypass
X-Epic-Correlation-Id
X-Proxy-Upstream
HA-Geocountry
X-Cache-Expires
X-Eu-Site
Esi-Enabled
HA-Cloudapp
HA-Geocity
Heartbleed
HA-Servedtime
HA-Urlpath
GW-Server
Request-EU
Pramga
Pragrma
Origin
Memcached
GMS-Ver
Request-Country
Thinkindot-CacheControl
Kp-EeAlive
Thinkindot-CacheControl-Type
HA-Host
UCS
Ha-Gx-Prefs
HA-Georegion
HA-Geolat
HA-Geolon
Country-Code
Content-Disposition
Thinkindot-Control
HA-Ipaddr
X-Be
User-Agent
Group
V-Cache
X-Hnp-Log
X-Instance-Name
Web-Mar-Node
On-Server
X-Secret
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Gannett-Site-Version
MI-API
X-Geo
X-VCT
X-GeoIP-City
X-ServiceProvider
Proxy-Connection
X-Fstrz
X-SIPLIST1
X-Policy
X-Dynatrace-Js-Agent
IsBot
X-Request-URI
X-MI-In-Market
X-Platform
X-TT-LOGID
Decoy-Debug-TTL
X-Nginx-Cache-Key
True-Client-Country-4JS
HitInfo
X-P-T
X-Phone
X-Up
Decoy-Debug-Status
Decoy-Debug-Key
X-Distil-CS
Cache-Cookie-Set-From
X-Distributor
X-Backend-Url
REQUESTUUID
X-Backend-Host
MI-Cache
X-Developers
X-Amz-Meta-Cache-Control
X-V
CDCHOST
X-Cache-CFC
Cache-Cookie-Set-Idcheck
MI-Cache-Age
Server-Int
Fastly-Soc-X-Request-Id
X-Block-Status
Fastly-SSL
Cache-Cookie-Set-Lfrom
X-Sn-Servicetimems
X-NX-Host
X-Refresh
X-MSEdge-Flight
X-Debug-Cookies
X-Origin-Date
X-Wikidot-Backend
X-MSEdge-Features
X-Cdn-Origin
X-Core-Mission
X-Servername
Request-Time
X-Origin-Expires
X-Origin-TTL
X-ElasticPress-Search
X-Debug-Log
X-Wikidot-Static-Cache
X-Irp-Debug
Pagetype
X-Planisys-CDN-Cache
X-COUNTRY
Magicmarker
RequestId
X-DC
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fastly-Cache
PFcat
X-Page-Type
X-BBXSRF
X-Req
Host-ID
X-Pjax-Url
X-EIG-Tracking-Id
PageSpeed
X-Powered-By-ANYU
X-PARISIEN-Cache-Rendered
X-NC
X-VarnCache
X-CACHE-AGE
X-VarnPar1
X-Debug-Cache-Store
X-Svr
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-HOST
X-Level-Front-Cache
X-Generated-On
X-Newrelic-Synthetics
X-Micro-Cache
X-Instart-Info
MIME-Version
Mime-Version
X-Datadome
ServerName
Cache-Provider
Cdn
Lfy
X-Server-Cache
Ohc-Response-Time
X-TWH-CORRELATION-ID
X-Cluster-Node
X-Cdn-Srv
PICS-Label
X-Cache-Info
X-ARC
X-Gdpr
Cteonnt-Length
Memory
X-Servedbyhost
Nel
CF-IPCountry
FSS-Proxy
X-NodeID
FSS-Cache
X-CMS-Context
X-Wa
X-Sentry-ID
X-StackifyID
X-ABtesting
X-Aicache-OS
X-VServer
X-Hello
X-Flog
X-Fastly-Country-Code
X-Load-Cache
CDN
X-LAGOON
SN
GeoIP-Country-Code
GeoIP-Latitude
X-WR-MODIFICATION
X-CSRF-TOKEN
X-GZip
NGX
X-HTML-Minification-Powered-By
Geoip-Latitude
GeoIp-Country-Code
X-Fastly-Backend-Reqs
XServer
CACHE
X-Varnish-Beresp-TTL
X-UPSTREAM-Address
X-WA
TSSecure
X-Check-Cacheable
Amp-Access-Control-Allow-Source-Origin
X-Worker
X-Source
Processtime
X-MServer
X-CSRF-Token
X-Csrf-Token
X-CDN-Pop-IP
X-CDN-Pop
X-DataStream-Origin-MEX-Latency
X-Unique-Id
X-APP
Cf-Ipcountry
X-DataStream-MidMile-RTT
A
X-SplitTest
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
PageType
X-Ratelimit-Remaining
X-Oss-Storage-Class
X-FireWall-Port
X-Oss-Server-Time
X-ServedByHost
WP-Super-Cache
X-Oss-Request-Id
X-Varnish-Cache-Hits
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Port
X-GDPR
Pics-Label
X-Edge-Server
X-Dynatrace
HTTPS
X-Generation-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Sedo-Request-Id
X-Cache-Miss-From
X-Nananana
Cdn-Request-Time
Cdn-Host
X-SRV
Cache-Hits
X-Backend-TTL
X-VC-Cache
URI
Odigeo-Trace-Id
X-Skip-Cache
X-Sucuri-Cache
X-FORWARDED-FOR
DataCenter
X-ID
X-Cache-Grace
X-Owner
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-B3-Traceid
X-Cache-ASPX
X-IPS-LoggedIn
X-HS-Status
Server-Surrogate-Control
Server-Cache-Control
ProcessTime
X-B3-SpanId
X-Varnish-Authentication
X-BE
X-Swift-Error
X-Fastly-Cache-Hits
X-PJAX-URL
Hostname
Dynatrace
X-SN
X-RCS-Backend
X-Gen-Id
X-Bug-Bounty
X-Amzn-Remapped-Connection
X-Varnish-Url
X-GZIP
X-Amzn-Remapped-Date
X-VG-WebCache
X-GoCache-CacheStatus
X-From-Cache
X-ORIG-AKA-EDGE
X-Alicdn-Da-Ups-Status
Requestid
X-VarnPar2
X-ND-Cache
X-PAGE-TYPE
X-Instart-Isnd
X-Cache-Srv
X-Fe
X-Ms-Lease-State
X-Cache-Ttl
X-NGINX-Cache
Serverid
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
Is-Session-Tracking
X-LiteSpeed-Cache-Control
X-Server-W
X-Pf-Uncompressing
X-Varnish-URL
Get-Access-Time
X-RAMCache
X-SB
X-VC
WebServer
X-Serial
X-ServerName
T-Server
RequestUuid
X-ORIG-AKA-COUNTRY-CODE
NodeID
X-PF-Uncompressing
SID
Proxy-Firewall
X-RequestId
Xet-Cookie
X-HTML-Edge-Cache
X-App
X-Akamai-ERPolicy
X-CS
X-Developed-By
Location
X-Akamai-ERRuleID
NnCoection
X-Dw-Trace-Id
X-LiteSpeed-Tag