Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-FRAME-OPTIONS
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-Request-ID
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Server-Id
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-Application-Context
X-Rack-Cache
X-CST
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Country
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Cdn
X-B3-TraceId
X-Trace
X-Px
X-Server-ID
X-DataDome
X-Vhost
X-Server-Name
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Ruxit-JS-Agent
Accept-CH
RTSS
X-ESI
X-Cached
X-Goog-Hash
X-MS-InvokeApp
Charset
Pinterest-Generated-By
X-TTL
SPRequestGuid
X-Mod-Pagespeed
X-PC
X-TtlSet
X-Vname
X-F-Cache
Verso
Public-Key-Pins
X-D2id
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-Version
X-Dispatcher
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Ser
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Navigation-Version
X-B
X-Forwarded-Proto
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
MS-Author-Via
Realpath
X-Recruiting
X-Client-IP
DynaTrace
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Upstream
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
Nginx-Cache
Content-MD5
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Ttl
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Debug
X-Hits
X-Varnish-Age
X-N
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Aspnet-Version
X-MSEdge-Ref
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Acc-Meta-Resource-Type
X-Via-JSL
Access-Control-Request-Method
X-Id
TCN
X-XRDS-Location
S
X-ATG-Version
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
Service-Worker-Allowed
X-FTR-Expires
X-NewRelic-App-Data
X-Logged-In
X-Oneagent-Js-Injection
X-FastCGI-Cache
Alternate-Protocol
X-HS-Content-Id
X-HS-Hub-Id
X-Kinsta-Cache
Surrogate-Key
X-Frontend
X-PressLabs-Stats
X-Cache-Key
Tracecode
Rt-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Content-Digest
X-Forwarded-For
X-Pad
X-FTR-Cache-Host
X-Grace
Fastly-Restarts
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
Server-Name
X-CF-Powered-By
X-Edge-Location
X-Amzn-Trace-Id
Backend-Timing
X-Content-Options
X-Analytics
X-Ruxit-Js-Agent
TP-L2-Cache
Host
FilterID
TP-Cache
Ar-Sid
X-Cache-2
X-User-Agent
X-Rid
Fastcgi-Cache
X-Magnolia-Registration
X-Whom
X-Debug-Info
X-B3-Sampled
ServerID
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Page-Id
X-Mobile
X-Hostname
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
AR-Request-ID
X-Srv
X-Akam-SW-Version
X-VCache
Paypal-Debug-Id
Front-End-Https
X-AOL-HN
Retry-After
X-Content-Powered-By
Refresh
X-B-Cache
X-GUploader-UploadID
X-Signature
X-Litespeed-Cache
X-Framework
X-Request-Guid
X-Cache-Action
X-Handled-By
X-Cluster
X-Device-Type
X-LB-Cache
Source
X-SS-Set-Cookie
X-App-Environment
Cleartype
X-Varnish-Hostname
X-FB-Debug
X-WA-Info
X-BCube-Filmed-By
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Instance
X-Cache-Control
X-Akamai-Edgescape
X-Varnish-Grace
X-Cache-Hit
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-HS-Cache-Config
Webserver
X-Activity-Id
X-Az
X-AppVersion
X-Esi
X-Zen-Fury
X-XRDS-LOCATION
X-Middleton-Display
Display
X-Correlation-Id
X-Sol
X-Content-Type
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Fastcgi-Cache
X-Cache-Rule
X-Cache-Server
X-TA-CDN-Provider
Response
X-Middleton-Response
X-Seen-By
X-Drupal-Cache-Tags
X-Wix-Request-Id
ViewerVersion
X-Varnish-Server
X-Daa-Tunnel
X-URL
X-TT
Upgrade-Insecure-Requests
X-Drupal-Cache-Contexts
X-Generated-By
X-App-Server
X-Cached-By
X-Origin-Server
X-Geo-Country
Cache-Status
X-CACHE-GROUP
X-Cache-Age
Accept-Charset
S-Cnection
Server-Node
X-DataStream-Cache-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amz-Replication-Status
X-Accel-Expires
Payment
X-S
X-Response-Served-From
Filters
NGB
X-UA-Device-Type
GEO-INFO
Access-Control-Allow-Method
X-Servedby
X-Locale
X-Adobe-Loc
X-Adobe-Content
X-Contextid
X-Edge-Cache-Key
X-Cacheable-TTL
X-Edge-Cache
X-Varnish-IP
X-UUID
X-RequestSource
X-Status
X-Jobs
X-Cache-NE
Viewport
ServedBy
Actual-Object-TTL
X-FW-Hash
X-FW-Serve
X-Tumblr-Pixel-1
X-FW-Server
X-Varnish-Hits
X-TX-ID
X-Tumblr-Pixel-2
X-TT-TIMESTAMP
X-FW-Static
X-FW-Type
X-Storage
X-Amz-Server-Side-Encryption
Server-Info
AsisCache
Cache-Tv-Group
X-WebKit-CSP-Report-Only
X-PHP-Backend
X-GeoIP
MS-CV
X-WPE-Loopback-Upstream-Addr
X-Dns-Prefetch-Control
X-Node-Name
HostName
X-Cache-Remote
X-Cache-TTL-Remaining
X-Rendered-As
Cache
X-Croise-Owner
Host-Header
From-Origin
X-Region
SRV
X-APP-VERSION
X-Cache-Operation
X-Vg-Webcache
X-App-Version
X-Hyper-Cache
X-Webkit-CSP
X-Redis-Cache
Served-By
Liferay-Portal
X-Dynatrace-Js-Agent
Public-Key-Pins-Report-Only
X-UA
Cache-Tag
DC
X-BACKEND-TTL
X-HS-Combine-CSS
X-Mode
Meta-Geo
X-Cache-Var-Map
X-Agile-Id
X-Agile-Age
X-Generated
X-Detected-As
X-Upgrade-Enabled
Selected-FE
X-Hosted-By
X-Agile
X-Akamai-Transformed
X-Cache-Var
Machine
X-IP
X-Forwarded-Host
X-Human
X-RN-RSRV
X-NGENIX-Cache
X-Timing-Wait
X-Webstats-RespID
X-Path-Route
X-Proxy-Build
X-Loop
X-Is-Bot
X-Site-Version
X-TNCMS
X-Cache-Category-Id
X-TIME
X-Endurance-Cache-Level
X-CDN-Cache
X-Pc-Appver
X-Pc-Key
X-Web-Node
X-ProxyCache-Status
Origin-Cache-Control
Origin-Edge-Control
Powered-By-ChinaCache
Now
X-ProxyCache-Key
X-Pc-Hit
Cache-Name
X-BYPASS-REASON
X-Via-Fastly
X-Upstream-CT
X-Labrador-Cache-Channel
X-Request-Time
X-L-Path
X-Grey
X-Environment-Context
X-NCache
X-Vgn-Hpd-Reason
X-Internal-Host
X-JoinUs
X-Upstream-HT
X-Original-Request
X-ServerID
X-Tumblr-Pixel-3
X-ProcessESI
DB-Nickname
X-Proxy
X-Time-Microsecs
X-Origin-Host
X-FC-Vary-Parameters
X-Akamai-Request-ID
X-VG-TLSProxy
X-Pubstack
X-Origin-Response-Time
X-RemovedCookies
X-Birta-Cache-Post
X-Viewer-Country
X-Birta-Served
X-Origin
S-Rt
X-B3-Spanid
Azure-InstanceId
X-Format
X-Www-Served-By
Fastcgi-X-Cache-Version
Fastcgi-Useragent
Fastcgi-X-Cache
X-Via-CDN
Azure-RegionName
Azure-Version
X-CCM
Mn-Server-Ip
Azure-SlotName
X-Cache-Config
X-Backend-Name
Azure-SiteName
Cache-Tags
X-Xfnlog-Site
X-Ocache
X-Tb
X-Origin-CC
X-PCL
X-Guploader-Uploadid
X-OCL
X-Rule
TWC-Privacy
Property-Id
X-App-Name
Webcakes-App-Name
X-Yottaa-Metrics
TWC-Locale-Group
Pagespeed
TWC-GeoIP-LatLong
X-Parent-Response-Time
TWC-Device-Class
TWC-Connection-Speed
Webcakes-App-Version
TWC-GeoIP-Country
X-Proxied
X-Routing-Service
Webcakes-Region
X-Zipkin-Id
X-Yottaa-Optimizations
Content-Script-Type
X-Section
HitType
X-Origin-Hint
X-Access
Content-Style-Type
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Key
Xserver
X-Protected-By
Datacenter
X-Newrelic-App-Data
X-Edge-IP
User-Cache-Control
Vix-Hermes-Req-Id
X-Nginx-Cache
X-CACHE-KEY
X-Cache-TTL
OT-Force-Account-Verify
X-ShardId
Ms-Operation-Id
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-RTag
X-Alternate-Cache-Key
X-Ezoic-Cdn
X-Akamai-Request-ID2
X-Correlation-ID
Time
X-Real-Ip
X-OVcl
X-ApacheServer
X-Cache-Backend
X-PERF
X-OVcl-Cache
X-FB-TRIP-ID
X-Pc-Host
X-Pc-Date
NtCoent-Length
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Ratelimit-Limit
X-Mrs-Cache
Accept-Language
X-Mrs-Age
L5d-Success-Class
X-Mshield-Cache-Status
X-Cdn-Forward
X-Content-Age
X-Front
AR-SID
X-Webkit-Csp
Country
X-RateLimit-Limit
X-Real-IP
Load-Balancing
X-CDN-Forward
LB
X-Proto
X-Varnish-Cacheable
X-Debug-Cache
X-COUNTRY
X-Amz-Meta-Surrogate-Control
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Ohc-File-Size
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-Sucuri-ID
WZWS-RAY
X-Hit
X-Unique-ID
X-Nc
X-Hl-Ver
X-MP-GENERATED-AT
X-GRACE
Mail-Subject
X-Trace-Id
We-Hiring
Warning
Version
X-EdgeConnect-Cache-Status
X-Microcachable
X-CLOUD-TRACE-CONTEXT
User-Agent
X-Geo
X-C
X-Cache-Enabled
X-Cache-Debug
X-Cache-URL
X-Cache-Id
X-Cache-Expires
X-Cache-Host
X-Cache-FS-Status
X-CF-Lambda-Fn
X-D
X-Destination
X-Developer
X-Device-Os
X-Died
Xc-Version
X-Date
X-Connection-Hash
X-Crawler
X-CUA
X-Cache-Bucket
X-CF-Lambda-Version
X-Application
RNT-Machine
Resin-Trace
Request-Time
RNT-Time
Rt-Proxy-Cache
Server-ID
Server-Host
SD-X-WS
Rendered-Blocks
Release
Mobile-Detection-Method
Meta-Geo-Continent
Memcached
Node
PFcat
Powered-By
Platform
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Actual-URL
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
X-Dispatcher-Server
X-BB-ID
X-B-Cookie
X-Auto-Login
X-A-Dgt
X-A-Dcw
Viewtype
V-Age
Thinkindot-Control
VivaBuild
Www
X-A-Dam
X-A
X-Bip
X-Generated-In
X-S-Cookie
X-S-Maxage
X-ScT
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
MD5-Digest
X-Passed-To-PostProcessResponse
X-Served-From
X-Server-By
X-Thanos
X-Thinkindot-L3
X-Swa-Ws
X-Store
X-Server-Time
X-SRCache-Key
X-PAYTM-SRV-ID
X-PHP-Host
X-Returned-From-BeforeDispatch
X-Reboot
X-Returned-From
X-Response-By
X-Release
X-Request-UUID
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rojux
X-Qloud-Router
X-RCS-CacheZone
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Rewrite-Enabled
X-Transaction
X-Trv-Group
X-Li-Fabric
X-Layer
X-Li-Pop
X-LI-Proto
X-Logtrace-Id
X-LI-UUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Region-Sid
X-External-Request-Id
X-We-Are-Hiring
X-Fetched-On
X-From
X-G
X-FW-Version
X-Matched-Rule
X-Via-SSL
X-User
X-Var-Ttl
X-Passed-To
X-UE-Client-Country
X-TT-LOGID
X-Twitter-Response-Tags
X-Variation
X-P-T
X-Via-Edge
X-Node-Id
X-VG-WebServer
X-NU-AKA-ACS-Version
X-Varnish-Action
X-Org
X-DPWN-IS-SECURE
X-A-Ccd
Fastly-SWR
BehaviorPad-Version
Arc-Country
Ajk
Ec-Rule-Version
Frame-Options
Fly-Cache
Fly-Request-Id
Fastly-SIE
Fastly-Backend-Name
Adler-Geo
Cache-Prefix
X-Via-NSCOPI
Is-Eu
Access-Control-Request-Headers
IBM-Web2-Location
X-Rocket-Nginx-Bypass
Pagetype
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
Decoy-Debug-Key
Country-Code
Decoy-Debug-Status
Countrycode
Esi-Enabled
X-IN-WAF
X-Distributor
Fastly-SSL
X-WebServer
X-Hnp-Log
Decoy-Debug-TTL
X-SVT-ORM-VERSION
Cache-Cookie-Set-From
X-Cache-CFC
Cache-Cookie-Set-Idcheck
X-Proxy-Upstream
Backend
X-UnsetCookies
AKAMAI
X-Clientip
X-Block-Status
Cache-Cookie-Set-Lfrom
X-Hash
Content-Disposition
X-Fstrz
X-GeoIP-Country-Code
X-Backend-State
X-F5-Cache
X-Gen-Mode
X-Amz-Meta-Cache-Control
Web-Mar-Node
X-Time
Origin
On-Server
Pramga
X-Origin-Expires
X-Server-IP
X-Server-Group
X-Origin-Date
X-Request-Start
Heartbleed
Magicmarker
X-Proxy-Cache-Status
Kp-EeAlive
MI-API
MI-Cache
X-Phone
MI-Cache-Age
X-No-Session
Proxy-Connection
SS
X-Location
GMS-Ver
GW-Server
X-Stale
X-SVT-ORM-RULES
X-Info
X-Key
True-Client-Country-4JS
X-MI-In-Market
Server-Int
X-ServiceProvider
X-Sf
X-Nginx-Cache-Key
X-ElasticPress-Search
X-Be
X-Dc
X-NODE
IsBot
X-V
X-Epic-Correlation-Id
X-Eu-Site
X-Irp-Debug
X-Policy
X-SIPLIST1
X-Micro-Cache
X-Secret
X-Page-Type
X-Svr
X-Gannett-Site-Version
X-Request-URI
X-Up
X-Fastly-Cache
X-Core-Mission
HA-Geocountry
HA-Geolat
HA-Geolon
HA-Geocity
HA-Cloudapp
X-Backend-Host
Backend-Name
Who
REQUESTUUID
HA-Georegion
HA-Servedtime
X-MSEdge-Flight
HA-Urlpath
HA-Ipaddr
X-MSEdge-Features
Ha-Gx-Prefs
HA-Host
X-Backend-Url
X-Distil-CS
X-Core-Value
X-CGP
X-DC
X-Ua
X-CACHE-AGE
X-Level-Front-Cache
X-Developers
X-Generated-On
X-NX-Host
X-Sn-Servicetimems
Apple-News-Services-Handled
X-Debug-Log
Pragrma
X-Debug-Cache-Store
X-Debug-Cookies
X-Origin-TTL
X-Wikidot-Backend
X-Debug-Cache-Fetch
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Platform
X-Wikidot-Static-Cache
Fastly-Soc-X-Request-Id
X-Cdn-Origin
Apple-News-Services-Host
X-Debug-Cache-Expiry
X-Refresh
PageSpeed
Request-Country
Locale
X-Urbn-Site-Id
X-Planisys-CDN-Rules
Lfy
ServerName
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
RequestId
X-Instance-Name
X-Instart-Info
Uber-Trace-Id
Request-EU
X-NC
UCS
X-Servername
X-Urbn-Context-Path
Host-ID
Ohc-Response-Time
X-VarnCache
X-Cdn-Srv
X-PARISIEN-Cache-Rendered
X-Cache-Info
X-VarnPar1
X-Server-Cache
X-NWS-UUID-VERIFY
Group
V-Cache
X-GeoIP-City
X-ARC
MIME-Version
X-VCT
X-Req
X-Pjax-Url
X-Newrelic-Synthetics
HitInfo
Cteonnt-Length
X-Datadome
Memory
Cache-Provider
X-BBXSRF
X-CMS-Context
PICS-Label
Cdn
Mime-Version
X-Powered-By-ANYU
X-Gdpr
X-EIG-Tracking-Id
X-Ratelimit-Remaining
X-Servedbyhost
X-TWH-CORRELATION-ID
Nel
X-LAGOON
CF-IPCountry
X-WR-MODIFICATION
NGX
X-Wa
X-StackifyID
X-Aicache-OS
CDN
XServer
GeoIP-Country-Code
X-HTML-Minification-Powered-By
X-Load-Cache
X-B3-Traceid
GeoIP-Latitude
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-FireWall-Port
X-Fastly-Country-Code
X-Cluster-Node
X-Varnish-Cache-Hits
Cf-Ipcountry
X-WA
X-UPSTREAM-Address
FSS-Proxy
X-RateLimit-Remaining-Second
Geoip-Latitude
X-Sentry-ID
FSS-Cache
X-Generation-Time
X-RateLimit-Limit-Second
X-NodeID
X-Flog
Processtime
GeoIp-Country-Code
X-Sedo-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Hello
X-FORWARDED-FOR
X-Cache-Miss-From
X-Check-Cacheable
X-ABtesting
X-VServer
X-Csrf-Token
X-SRV
X-Unique-Id
X-HOST
X-Cache-Grace
X-Source
SN
CACHE
X-Varnish-Beresp-TTL
X-APP
WP-Super-Cache
X-GZip
X-Oss-Request-Id
X-Oss-Object-Type
X-ServedByHost
X-Oss-Server-Time
X-Oss-Storage-Class
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-CDN-Pop
X-Oss-Hash-Crc64ecma
X-Varnish-Authentication
X-CDN-Pop-IP
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-RCS-Backend
X-CSRF-Token
X-IPS-LoggedIn
X-Dynatrace
TSSecure
X-Nananana
X-Skip-Cache
X-VC-Cache
URI
Pics-Label
X-MServer
Cdn-Request-Time
X-Edge-Server
X-Varnish-Url
X-Worker
Cdn-Host
X-GDPR
X-ID
DataCenter
X-ND-Cache
X-Instart-Isnd
A
X-VG-WebCache
X-HS-Status
Is-Session-Tracking
Get-Access-Time
X-From-Cache
X-Sucuri-Cache
X-B3-SpanId
PageType
X-Fastly-Cache-Hits
X-GoCache-CacheStatus
X-PJAX-URL
X-Swift-Error
X-BE
Proxy-Firewall
X-Pf-Uncompressing
X-Port
Dynatrace
Hostname
HTTPS
X-AWS-Id
X-VWS-Id
X-SplitTest
X-LJ-Flow-ID
X-Server-W
X-Bug-Bounty
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Gen-Id
X-Backend-TTL
Odigeo-Trace-Id
Powered
X-GZIP
FastCGI-Cache
X-Owner
X-VarnPar2
X-ORIG-AKA-EDGE
X-SN
X-NGINX-Cache
X-Cache-Ttl
Requestid
Serverid
X-Pc-Subdomain
Cache-Hits
X-Amz-Meta-S3b-Last-Modified
X-RAMCache
X-LiteSpeed-Cache-Control
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-SB
X-Varnish-URL
X-Dw-Trace-Id
X-HostName
X-VC
X-Serial
X-ServerName
RequestUuid
T-Server
X-GEO
X-ORIG-AKA-COUNTRY-CODE
WebServer
X-Fe
X-Akamai-SSL-Client-Sid
X-Requestid
NnCoection
X-PF-Uncompressing
X-RequestId
Correlation-Id
Xet-Cookie
X-HTML-Edge-Cache
X-Ms-Request-Id
X-Ms-Version
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Ms-Lease-Status
X-Ms-Blob-Type
Location
X-Developed-By
SID
X-CS
X-LiteSpeed-Tag