Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
X-Xss-Protection
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Template
X-Iinfo
X-Language
Status
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Content-Encoding
X-Kinja-Server-Push
Xkey
X-CDN
X-Turbo-Charged-By
Upgrade
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Age
X-Drupal-Dynamic-Cache
X-Cache-Group
X-Server
X-Proxy-Cache
X-Via
Grace
X-Pingback
X-Nginx-Cache-Status
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Hacker
X-Varnish-Cache
X-UA-Device
X-Page-Speed
EagleId
Request-Context
X-LiteSpeed-Cache
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Ua-Compatible
X-CST
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-Amz-Version-Id
X-WebKit-CSP
Server-Timing
X-Ac
X-Node
Allow
X-Response-Time
Feature-Policy
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Iejgwucgyu
Content-Location
X-Cache-Lookup
X-Backend-Server
Report-To
EagleEye-TraceId
Surrogate-Control
X-Readtime
X-Host
X-Application-Context
Request-Id
X-ORACLE-DMS-ECID
P3p
X-Rack-Cache
X-Url
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Country-Code
X-Cloud-Trace-Context
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Cdn
X-Px
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Mod-Pagespeed
Charset
X-Vhost
X-VARITI-CCR
X-MS-InvokeApp
Accept-CH
Edge-Control
X-Goog-Hash
Verso
X-GitHub-Request-Id
X-Vname
X-PC
X-TtlSet
X-TTL
X-Mobile-Rewrite
Arc-Version
PB-RID
PB-PID
X-ESI
X-Server-Name
X-Upstream-Env
X-Version
Pinterest-Generated-By
X-DynaTrace
X-B3-TraceId
X-Powered-By-Plesk
X-D2id
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Origin-Upstream-Status
X-Cached
X-Dispatcher
SPRequestGuid
X-Recruiting
X-SharePointHealthScore
X-Abt-Application-Version
X-ORACLE-DMS-RID
MS-Author-Via
X-Varnish-TTL
X-Powered-CMS
RTSS
Accept-CH-Lifetime
X-Navigation-Version
X-T
Content-MD5
X-Shield-Request-Id
AR-PoweredBy
AR-ATIME
AR-CACHE
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Client-IP
X-Forwarded-Proto
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Fastly-Request-ID
X-HW
X-Accel-Buffering
X-Wix-Server-Artifact-Id
Realpath
SPIisLatency
X-DynaTrace-JS-Agent
SPRequestDuration
X-Oracle-Dms-Rid
X-DIS-Request-ID
Service-Worker-Allowed
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Amz-Meta-S3cmd-Attrs
X-Upstream
X-F-Cache
X-B
Paypal-Debug-Id
AR-Request-ID
Front-End-Https
X-Ser
Pinterest-Version
X-Pinterest-Rid
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Via-JSL
X-FTR-Expires
X-Id
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-Debug
X-Dns-Prefetch-Control
Ar-Sid
X-Varnish-Age
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-XRDS-Location
X-MSEdge-Ref
X-Kinsta-Cache
X-Server-ID
X-N
X-Hits
Nginx-Cache
X-NF-Request-ID
X-FTR-Cache-Host
S
X-NewRelic-App-Data
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-DataStream-Cache-Status
X-Logged-In
X-Akam-SW-Version
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Ttl
X-Forwarded-For
Alternate-Protocol
Tracecode
X-Frontend
X-Grace
X-User-Agent
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
X-Amzn-Trace-Id
Server-Name
X-CACHE-GROUP
X-Content-Digest
X-Content-Options
TCN
Refresh
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Pad
X-Content-Type
X-Fastcgi-Cache
DynaTrace
Access-Control-Request-Method
X-Analytics
Backend-Timing
MicrosoftSharePointTeamServices
Fastcgi-Cache
X-LB-Cache
X-Middleton-Display
Accept-Charset
Display
X-Sol
X-IPLB-Instance
X-Rid
FilterID
X-Zen-Fury
X-Activity-Id
X-AppVersion
X-Debug-Info
X-Az
Host
X-Page-Id
X-CF-Powered-By
X-FastCGI-Cache
ServerID
MS-CV
Response
X-Middleton-Response
X-Cache-Hit
Cache-Status
TP-L2-Cache
TP-Cache
X-Magnolia-Registration
X-Hostname
X-Cache-Key
X-Oneagent-Js-Injection
X-Srv
X-Content-Powered-By
X-Seen-By
X-RateLimit-Remaining
X-ATG-Version
X-Mobile
X-VCache
X-Revision
X-WA-Info
X-Cached-By
X-Varnish-Backend
Surrogate-Key
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Whom
Host-Header
Server-Info
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-SS-Set-Cookie
X-Instance
X-B-Cache
X-Cluster
X-Signature
X-Cache-Action
X-Drupal-Cache-Tags
X-Content-Security-Policy-Report-Only
X-Handled-By
X-Platform-Server
X-Tumblr-User
X-Tumblr-Pixel-0
X-Ruxit-Js-Agent
X-Tumblr-Pixel
X-Wix-Request-Id
Source
ViewerVersion
Cleartype
X-TT
X-Request-Guid
X-Framework
X-Akamai-Edgescape
X-Cache-Age
X-Origin-Server
DC
X-PHP-Backend
X-TA-CDN-Provider
X-App-Environment
Rt-Fastcgi-Cache
X-XRDS-LOCATION
X-Amzn-RequestId
X-Amz-Apigw-Id
X-GUploader-UploadID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-Real-IP
X-Geo-Country
X-Generated-By
X-BCube-Filmed-By
X-App-Server
X-FW-Type
X-FW-Static
X-Cache-Control
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Varnish-Server
X-AOL-HN
X-Edge-Location
Server-Node
X-Cache-Rule
X-Varnish-Hostname
X-NWS-LOG-UUID
Retry-After
X-Correlation-Id
Payment
X-Cache-2
X-Amz-Server-Side-Encryption
X-Varnish-Grace
Eomportal-Instance
X-FB-Debug
Access-Control-Allow-Method
X-Amz-Replication-Status
X-TT-TIMESTAMP
Webserver
X-Response-Served-From
X-Cache-Config
X-Varnish-Hits
ServedBy
GEO-INFO
Actual-Object-TTL
AsisCache
X-Cacheable-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Content-Script-Type
X-WebKit-CSP-Report-Only
NGB
Filters
X-UA-Device-Type
Healthy
X-UUID
X-Jobs
Content-Style-Type
Ms-Operation-Id
X-Upstream-Proxy
X-RTag
X-TX-ID
X-Region
Upgrade-Insecure-Requests
X-Varnish-IP
Viewport
X-Drupal-Cache-Contexts
X-Adobe-Loc
X-Contextid
X-Adobe-Content
X-VG-WebCache
Cache-Tv-Group
Country
X-Rendered-As
From-Origin
X-RequestSource
HitType
X-Locale
X-Accel-Expires
X-Device-Type
X-Ezoic-Cdn
X-Cache-TTL
Pagespeed
X-BACKEND-TTL
Fastcgi-Useragent
X-Cache-TTL-Remaining
X-FW-Dynamic
X-Servedby
X-Cache-Server
Cache
X-WPE-Loopback-Upstream-Addr
Edge-Cache-Tag
X-Content-Age
X-CACHE-KEY
X-Cache-Remote
X-Kong-Upstream-Latency
Cache-Tags
X-Kong-Proxy-Latency
X-Upgrade-Enabled
X-Redis-Cache
X-Cache-Operation
X-Hit
X-Source
Datacenter
X-Webkit-Csp
Fastly-Restarts
X-Guploader-Uploadid
X-Esi
X-Storage
X-RateLimit-Limit
X-APP-VERSION
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-GeoIP
X-Mode
X-S
X-App-Version
Served-By
Cache-Tag
SRV
X-Backend-Name
X-Akamai-Request-ID
Vix-Hermes-Req-Id
X-Cache-Var-Map
Load-Balancing
X-Tb
X-Is-Bot
X-Time-Microsecs
X-Path-Route
X-Hl-Ver
X-NCache
Machine
X-NGENIX-Cache
Xserver
X-Internal-Host
X-RN-RSRV
X-JoinUs
Meta-Geo
X-Cache-Var
X-Detected-As
X-Pubstack
X-Labrador-Cache-Channel
X-Origin-Response-Time
Now
Origin-Edge-Control
X-Status
X-Hosted-By
X-Agile
X-Www-Served-By
X-Agile-Age
X-Agile-Id
X-Loop
X-Varnish-Cacheable
X-Timing-Wait
X-ProxyCache-Status
X-ProxyCache-Key
X-Rule
X-ServerID
X-Proxy-Build
X-TNCMS
X-Proxy
X-Cache-Category-Id
X-CDN-Cache
X-BYPASS-REASON
X-Birta-Served
X-Birta-Cache-Post
X-Edge-IP
X-Environment-Context
X-L-Path
X-Origin-Host
X-Grey
X-Generated
X-FC-Vary-Parameters
Selected-FE
Origin-Cache-Control
X-Varnish-Cache-Hits
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Connection-Speed
S-Rt
Cache-Name
X-VG-TLSProxy
Property-Id
Webcakes-App-Name
Webcakes-App-Version
X-Format
X-PERF
X-IP
X-Origin-Hint
X-ProcessESI
X-Cache-Enabled
Webcakes-Region
X-ApacheServer
X-RemovedCookies
Cache-Key
TWC-Locale-Group
X-Viewer-Country
X-Web-Node
X-Via-Fastly
Public-Key-Pins-Report-Only
Access-Control-Request-Headers
X-Access
Azure-Version
X-Human
X-PCL
X-MP-GENERATED-AT
NtCoent-Length
X-CCM
X-Section
X-Microcachable
Fastcgi-X-Cache-Version
DB-Nickname
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-OCL
Azure-RegionName
X-Xfnlog-Site
X-App-Name
We-Hiring
X-Zipkin-Id
X-Daa-Tunnel
X-Proxied
X-Site-Version
Mail-Subject
X-Debug-Cache
X-Akamai-Transformed
X-Routing-Service
User-Agent
Liferay-Portal
X-Varnish-Ttl
Cache-Hits
X-GEO
X-Pc-Key
X-EdgeConnect-Cache-Status
X-Pc-Hit
X-Original-Request
X-Pc-Appver
X-Protected-By
X-Cache-NE
S-Cnection
X-ES-SERVER
X-Cdn-Forward
X-Node-Name
X-FW-Version
X-Origin
X-Sucuri-ID
LB
X-Ocache
X-Nginx-Cache
User-Cache-Control
X-Proto
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Trace-Id
X-Request-Time
X-Ua
X-UA
Powered
X-GRACE
X-Forwarded-Host
X-Nc
CACHE
X-Endurance-Cache-Level
X-Tumblr-Pixel-3
X-Webstats-RespID
Ohc-File-Size
X-Time
X-Unique-ID
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
L5d-Success-Class
X-FB-TRIP-ID
Frame-Options
Section-Io-Cache
X-Correlation-ID
X-Origin-CC
X-Cluster-Node
X-V
PageSpeed
X-URL
X-Varnish-Beresp-Grace
OT-Force-Account-Verify
X-Varnish-Beresp-Status
X-OVcl-Cache
X-OVcl
AR-SID
X-Origin-TTL
X-EIG-Tracking-Id
X-ElasticPress-Search
X-Rocket-Nginx-Bypass
X-Cache-Backend
Nel
X-R9-Blue-Green-Version
Decoy-Debug-TTL
Decoy-Debug-Status
IBM-Web2-Location
Decoy-Debug-Key
Fastly-SWR
GMS-Ver
Fly-Cache
Fastly-SIE
Fly-Request-Id
BehaviorPad-Version
X-Cache-Grace
Country-Code
Rendered-Blocks
Cache-Prefix
X-Cache-FS-Status
Ec-Rule-Version
Viewtype
Meta-Geo-Continent
Memcached
Www
On-Server
VivaBuild
Mobile-Detection-Method
X-Cache-Host
Powered-By
X-Aed
Node
X-Auto-Login
X-B-Cookie
MD5-Digest
X-ARC
X-Amz-Meta-Cache-Control
X-Application
X-BB-ID
X-IN-WAF
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
X-S-Maxage
X-Server-By
X-ScT
X-Request-UUID
X-Region-Sid
X-PHP-Host
X-PAYTM-SRV-ID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Server-Group
X-ServiceProvider
X-We-Are-Hiring
X-VG-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
Xc-Version
X-User
X-UE-Client-Country
X-Transaction
X-SRCache-Key
X-Trv-Group
X-TT-LOGID
X-Twitter-Response-Tags
X-Origin-Expires
X-Origin-Date
X-Developer
X-Destination
X-Distil-CS
X-DPWN-IS-SECURE
X-Fetched-On
X-External-Request-Id
X-Date
X-Connection-Hash
X-Cache-URL
X-Cache-Info
X-Cdn-Srv
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-From
X-Generated-In
X-LI-UUID
X-LI-Proto
X-Micro-Cache
X-Node-Id
X-NU-AKA-ACS-Version
X-Li-Pop
X-Li-Fabric
X-IN-APIGATEWAY
X-Goog-Meta-Goog-Reserved-File-Mtime
Arc-Country
X-Info
X-Irp-Debug
X-Cache-Id
X-Accel-Expires-Debug
X-Parent-Response-Time
X-Dc
X-Varnish-Beresp-Ttl
X-Vgn-Hpd-Reason
X-Crawler
X-Level-Front-Cache
X-LAGOON
X-Hnp-Log
X-Hash
X-Gen-Mode
X-Gannett-Site-Version
X-Generated-On
X-GeoIP-Country-Code
Server-Host
X-Location
X-Matched-Rule
X-NX-Host
Platform
X-Passed-To
X-Passed-To-BeforeDispatch
Origin
X-Nginx-Cache-Key
Proxy-Connection
Request-Time
X-G
X-Cache-Debug
X-Cache-Expires
X-Logtrace-Id
Thinkindot-CacheControl
X-Block-Status
X-Bip
X-Actual-URL
X-Dispatcher-Server
X-A-Dgt
X-A-Wwc
X-Alternate-Cache-Key
X-Debug-Log
X-Backend-Host
X-Backend-Url
X-D
X-Upstream-CT
X-Debug-Cookies
X-A-Dcw
X-A-Dam
X-Cache-Bucket
X-Fastly-Cache
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
X-C
X-Eu-Site
X-A
X-A-Ccd
X-Distributor
Who
X-Epic-Correlation-Id
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Fastly-Backend-Name
X-Thinkindot-L3
X-Core-Mission
X-Upstream-HT
Countrycode
Fastly-Soc-X-Request-Id
X-Thanos
X-CUA
X-Sorting-Hat-PodId
X-Stale
X-Svr
X-Swa-Ws
Content-Disposition
CDCHOST
X-CGP
Backend
SD-X-WS
X-Backend-State
X-Response-By
X-Clientip
Ajk
Adler-Geo
X-Var-Ttl
X-Variation
X-Varnish-Action
X-SIPLIST1
X-Sorting-Hat-ShopId
Lfy
Magicmarker
X-Request-URI
IsBot
X-Shopify-Stage
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform
X-Policy
X-Proxy-Cache-Status
X-Proxy-Upstream
Is-Eu
X-Returned-From
X-Returned-From-BeforeDispatch
X-Sf
X-ShardId
X-ShopId
X-Secret
X-Server-IP
Ha-Gx-Prefs
X-Returned-From-DLL
HA-Ipaddr
X-Returned-From-PostProcessResponse
X-Pc-Host
X-Pc-Date
X-Via-CDN
X-HS-Cache-Config
Warning
X-Pc-Subdomain
X-Croise-Owner
X-Core-Value
X-No-Session
X-TrackingId
X-Qloud-Router
X-UnsetCookies
X-Varnish-Authentication
Fastly-SSL
Apple-News-Services-Handled
X-MSEdge-Features
X-F5-Cache
X-Device-Os
X-FireWall-Port
X-Fstrz
X-Instart-Isnd
X-Developers
X-MSEdge-Flight
X-Amz-Meta-Surrogate-Control
Cache-Cookie-Set-Idcheck
Heartbleed
Cache-Cookie-Set-From
Resin-Trace
Cache-Cookie-Set-Lfrom
Release
Web-Mar-Node
SS
GW-Server
Server-Cache-Control
Pramga
X-Cache-ASPX
RNT-Machine
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Mn-Server-Ip
Server-Int
RNT-Time
Server-Surrogate-Control
Apple-News-Services-Request-Url
AKAMAI
X-SERVER
X-Sucuri-Cache
NGX
REQUESTUUID
Kp-EeAlive
X-Server-Time
X-Server-Cache
X-Page-Type
X-Debug-Cache-Store
SID
Server-ID
X-Key
X-Varnish-Url
X-Debug-Cache-Expiry
X-Up
Pagetype
X-Debug-Cache-Fetch
X-IN-SSL-APIGATEWAY
Hostname
X-Be
X-Owner
X-Cache-Miss-From
X-TIME
X-Generation-Time
X-Sedo-Request-Id
X-Pjax-Url
Fastcgi-X-Cache
X-B3-Traceid
X-SN
Odigeo-Trace-Id
X-Via-NSCOPI
X-Died
RequestId
X-Servername
X-Edge-Cache
X-Edge-Cache-Key
X-Newrelic-App-Data
X-Refresh
HostName
Version
HTTPS
X-From-Cache
X-CDN-Forward
Cteonnt-Length
X-Dynatrace-Js-Agent
PFcat
ProcessTime
X-Edge-Server
Cdn-Request-Time
Cdn-Host
Cdn
MIME-Version
X-NC
X-B3-SpanId
Mime-Version
X-Oss-Request-Id
X-Oss-Storage-Class
Time
X-Oss-Hash-Crc64ecma
X-FPC
X-Servedbyhost
X-Oss-Object-Type
X-Oss-Server-Time
X-Cache-CFC
X-Store
Esi-Enabled
X-Ratelimit-Remaining
PICS-Label
X-Req
FastCGI-Cache
X-Mobile-URL
MI-Cache-Age
MI-API
X-CSRF-TOKEN
X-RCS-CacheZone
X-MI-In-Market
X-Layer
MI-Cache
X-Hyper-Cache
X-GZip
HA-Host
HA-Servedtime
X-RequestId
HA-Cloudapp
HA-Urlpath
X-IPS-LoggedIn
X-VServer
HA-Geolon
Cross-Origin-Window-Policy
X-NodeID
HA-Geocountry
HA-Geocity
X-Amzn-Remapped-Date
HA-Georegion
X-Webkit-CSP
Memory
X-Amzn-Remapped-Connection
HA-Geolat
CF-IPCountry
X-CLOUD-TRACE-CONTEXT
X-HS-Combine-CSS
X-Ratelimit-Limit
Cf-Ipcountry
X-Load-Cache
X-Wa
X-Geo
X-Varnish-Beresp-TTL
Processtime
X-Real-Ip
X-Skip-Cache
X-Lb-Id
Backend-Name
X-HTML-Minification-Powered-By
X-Newrelic-Synthetics
X-Aicache-OS
CDN
X-B3-Spanid
Amp-Access-Control-Allow-Source-Origin
X-CMS-Context
X-DC
X-Unique-Id-Primal
Uber-Trace-Id
X-Mrs-Cache
Ohc-Cache-HIT
X-WR-MODIFICATION
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Age
X-VC-Cache
X-PF-Uncompressing
X-Pf-Uncompressing
X-Instart-Info
XServer
X-Phone
X-WA
X-WebServer
X-Cms-Context
X-Atg-Version
Ohc-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Release
X-Fastly-Country-Code
X-Gateway-Skip-Cache
X-Gateway-Cache-Status
X-Gateway-Cache-Key
N-Cache
URI
X-Request-Start
X-UCC
GeoIP-Country-Code
X-Nananana
T-Server
X-FORWARDED-FOR
GeoIP-Latitude
Accept-Ch-Lifetime
Pics-Label
X-Oracle-Dms-Ecid
X-LB-ID
X-Processor
X-Server-W
X-Hp-Webp
X-BBXSRF
X-APP
X-MServer
X-COUNTRY
X-Worker
X-SRV
X-Unique-Id
X-ServedByHost
X-Served-From
X-CSRF-Token
Rt-Proxy-Cache
X-GoCache-CacheStatus
X-Shard
X-Datadome
X-ND-Cache
X-Vcache
A
X-LiteSpeed-Cache-Control
X-VHOST
X-VCT
X-SERVER-NAME
X-CACHE-AGE
X-Amzn-Remapped-Content-Length
X-Geo-Header
X-GeoIP-City
X-Fastly-Cache-Hits
DataCenter
Host-ID
X-UPSTREAM-Address
X-HS-Status
X-Sn-Servicetimems
X-GZIP
V-Age
X-Requestid
UCS
X-Optimization
X-Cache-HT
X-Cdn-Origin
X-Check-Cacheable
X-NGINX-Cache
X-SVT-ORM-RULES
Request-Country
Dnion-Transfer-Encoding
X-SVT-ORM-VERSION
Proxy-Firewall
Geoip-Latitude
X-ServerName
Cneonction
X-ID
Request-EU
X-BE
X-Backend-TTL
X-Fpc
X-Git-Hash
X-Fastly-Backend-Reqs
FSS-Cache
X-Gen-Id
X-PAGE-TYPE
X-Planisys-CDN-Rules
WZWS-RAY
FSS-Proxy
Pragrma
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Varnish-URL
Get-Access-Time
Is-Session-Tracking
Requestid
X-P-T
X-Csrf-Token
X-Port
GeoIp-Country-Code
WP-Super-Cache
X-PJAX-URL
X-NWS-UUID-VERIFY
Serverid
Cache-Provider
X-StackifyID
X-LiteSpeed-Tag
Server-Id
X-Fe
RequestUuid
X-Dw-Trace-Id
X-HostName
X-Org
ServerName
X-Html-Edge-Cache
X-Via-SSL
X-RCS-Backend
X-Via-Edge
X-GDPR
189phosttRef
355prline
352pxline
409pxxline
Xxline
X-CS
X-Request-Url
286prxHost
225prxHost
178proxuri
Inserted-Into-Cache-At
188prxHost
219prxHost
X-RAMCache
DSUID