Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Amz-Cf-Pop
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
Grace
X-Server-Powered-By
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-Host
X-Node
X-Cnection
Report-To
X-Readtime
X-Rq
EagleEye-TraceId
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
X-CST
Feature-Policy
X-Rack-Cache
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
NEL
X-Url
Edge-Control
X-DynaTrace
Rating
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Cdn
X-Trace
X-B3-TraceId
X-Server-Name
X-Vhost
X-DataDome
X-Px
X-ESI
X-GitHub-Request-Id
RTSS
X-MS-InvokeApp
X-VARITI-CCR
X-Cached
X-Ruxit-JS-Agent
Accept-CH
X-Goog-Hash
X-ORACLE-DMS-RID
SPRequestGuid
Charset
X-Server-ID
X-TtlSet
X-PC
X-Vname
Pinterest-Generated-By
X-Mod-Pagespeed
Public-Key-Pins
X-D2id
X-F-Cache
Verso
X-Dispatcher
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-SharePointHealthScore
X-T
X-Version
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
X-TTL
X-Abt-Application-Version
Accept-CH-Lifetime
X-Powered-CMS
X-DIS-Request-ID
X-Dns-Prefetch-Control
X-Ser
X-Fastly-Request-ID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Navigation-Version
X-Origin-Upstream-Status
X-Forwarded-Proto
X-B
X-Shield-Request-Id
X-Recruiting
X-Client-IP
DynaTrace
MS-Author-Via
X-Amz-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ttl
X-HW
SPRequestDuration
SPIisLatency
Realpath
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Oneagent-Js-Injection
Content-MD5
X-Upstream
Nginx-Cache
X-Vcap-Request-Id
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
X-Oracle-Dms-Rid
Edge-Cache-Tag
AR-PoweredBy
AR-CACHE
AR-ATIME
X-N
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Debug
X-Varnish-Age
X-NF-Request-ID
Access-Control-Request-Method
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Goog-Storage-Class
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-XRDS-Location
X-Id
S
X-Via-JSL
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
Service-Worker-Allowed
X-NewRelic-App-Data
X-ATG-Version
X-FTR-Expires
X-Logged-In
X-FastCGI-Cache
Tracecode
Alternate-Protocol
X-HS-Hub-Id
X-Forwarded-For
X-HS-Content-Id
Rt-Fastcgi-Cache
X-Content-Digest
X-Frontend
X-PressLabs-Stats
X-Kinsta-Cache
Surrogate-Key
Fastly-Restarts
X-RateLimit-Remaining
X-Cache-Key
X-Pad
AMP-Access-Control-Allow-Source-Origin
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-Content-Options
X-Grace
X-Ruxit-Js-Agent
X-Edge-Location
Server-Name
X-Amzn-Trace-Id
Ar-Sid
X-Analytics
Fastcgi-Cache
Backend-Timing
FilterID
X-CF-Powered-By
Host
X-Rid
TP-Cache
TP-L2-Cache
X-Debug-Info
X-User-Agent
X-Hostname
X-IPLB-Instance
X-Whom
ServerID
X-B3-Sampled
X-Magnolia-Registration
X-Cache-2
X-Revision
Eomportal-Instance
X-Request-Processing-Time
X-Request-Received
Paypal-Debug-Id
X-Page-Id
X-NWS-LOG-UUID
X-Srv
X-Mobile
AR-Request-ID
X-HS-Cache-Config
Front-End-Https
X-Akam-SW-Version
X-AOL-HN
X-VCache
X-Content-Powered-By
Retry-After
X-Varnish-Grace
X-Litespeed-Cache
X-GUploader-UploadID
X-Cache-Hit
X-B-Cache
X-Signature
X-SS-Set-Cookie
X-Cluster
Source
X-LB-Cache
X-Handled-By
X-FB-Debug
X-App-Environment
X-Cache-Control
X-Instance
X-Device-Type
X-WA-Info
X-Request-Guid
X-Cache-Action
Refresh
X-BCube-Filmed-By
X-Tumblr-Pixel
X-Varnish-Hostname
X-Tumblr-Pixel-0
Cleartype
X-Platform-Server
X-Tumblr-User
X-Content-Security-Policy-Report-Only
X-Framework
X-Akamai-Edgescape
X-Zen-Fury
Webserver
X-Correlation-Id
X-Varnish-Backend
X-Sol
X-Middleton-Display
Display
X-Daa-Tunnel
X-XRDS-LOCATION
X-Cache-Server
X-AppVersion
X-Az
X-Fastcgi-Cache
X-Activity-Id
X-Varnish-Server
Healthy
X-Content-Type
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
X-Cache-Rule
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Tags
ViewerVersion
X-Seen-By
X-Generated-By
X-Wix-Request-Id
X-Geo-Country
X-URL
Response
X-Middleton-Response
S-Cnection
X-Cached-By
X-App-Server
Server-Node
Cache-Status
X-Origin-Server
X-CACHE-GROUP
X-DataStream-Cache-Status
X-Amz-Replication-Status
X-Accel-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-TT
X-Esi
X-Cache-Age
X-Response-Served-From
GEO-INFO
X-Node-Name
X-RequestSource
Payment
Filters
NGB
X-UA-Device-Type
X-S
X-Cacheable-TTL
X-Varnish-IP
Actual-Object-TTL
X-Cache-NE
X-WPE-Loopback-Upstream-Addr
X-Edge-Cache-Key
X-Edge-Cache
HostName
X-FW-Type
X-GeoIP
X-Jobs
X-FW-Static
Viewport
X-Locale
X-Tumblr-Pixel-1
X-Contextid
X-Servedby
Host-Header
X-FW-Serve
X-FW-Hash
X-FW-Server
ServedBy
X-Tumblr-Pixel-2
X-TX-ID
AsisCache
X-Status
Access-Control-Allow-Method
X-TT-TIMESTAMP
X-Amz-Server-Side-Encryption
X-Varnish-Hits
X-UUID
Accept-Charset
X-WebKit-CSP-Report-Only
Server-Info
X-Storage
Cache
X-Adobe-Loc
X-Adobe-Content
X-APP-VERSION
X-Vg-Webcache
SRV
X-Rendered-As
X-Cache-TTL-Remaining
X-Hyper-Cache
X-PHP-Backend
X-CLOUD-TRACE-CONTEXT
X-Cache-Remote
MS-CV
X-Croise-Owner
From-Origin
Cache-Tv-Group
X-HS-Combine-CSS
X-Cache-Operation
X-Region
X-Webkit-CSP
DC
Cache-Tag
X-Forwarded-Host
Public-Key-Pins-Report-Only
X-Redis-Cache
Served-By
Liferay-Portal
X-App-Version
X-Mode
X-Yottaa-Optimizations
X-Yottaa-Metrics
Fastcgi-X-Cache-Version
X-Human
X-Upgrade-Enabled
Xserver
X-Path-Route
X-Endurance-Cache-Level
X-Hosted-By
X-RN-RSRV
X-TNCMS
X-NGENIX-Cache
Meta-Geo
X-Request-Time
X-Akamai-Request-ID2
X-Agile-Id
X-Proxy-Build
X-Detected-As
X-Cache-Var-Map
Fastcgi-Useragent
X-Timing-Wait
X-Webstats-RespID
X-Agile-Age
X-Agile
Selected-FE
X-IP
X-Is-Bot
X-Cache-Var
Fastcgi-X-Cache
Machine
X-Generated
X-Loop
TWC-Connection-Speed
Origin-Edge-Control
Origin-Cache-Control
Now
Property-Id
S-Rt
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
X-Internal-Host
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Original-Request
X-Origin-Hint
X-Proxied
Cache-Name
X-Vgn-Hpd-Reason
X-Routing-Service
X-Via-Fastly
X-ProxyCache-Key
X-Zipkin-Id
X-NCache
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-Cache-Category-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-CDN-Cache
X-Environment-Context
X-JoinUs
X-L-Path
X-ProxyCache-Status
X-Grey
X-Format
TWC-Privacy
TWC-Locale-Group
Powered-By-ChinaCache
X-Akamai-Transformed
X-PCL
X-Origin-Host
X-Tumblr-Pixel-3
X-Upstream-HT
X-Viewer-Country
X-Time-Microsecs
X-ProcessESI
X-RemovedCookies
X-Pubstack
Datacenter
X-Section
X-Proxy
X-Access
X-Web-Node
X-Upstream-CT
X-OCL
X-FC-Vary-Parameters
X-UA
Cache-Tags
DB-Nickname
X-Origin-Response-Time
X-Ocache
X-CCM
X-Site-Version
X-ServerID
X-Birta-Served
X-Backend-Name
X-Rule
X-VG-TLSProxy
X-Cache-Config
X-B3-Spanid
X-Origin
X-Birta-Cache-Post
X-Xfnlog-Site
X-Www-Served-By
X-Akamai-Request-ID
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-InstanceId
HitType
X-Newrelic-App-Data
X-Origin-CC
X-Via-CDN
Mn-Server-Ip
Azure-Version
X-Tb
OT-Force-Account-Verify
X-RateLimit-Limit
X-TIME
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-App-Name
Accept-Language
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
Cache-Key
X-Nginx-Cache
Pagespeed
X-Guploader-Uploadid
X-Ezoic-Cdn
X-Cache-TTL
X-Parent-Response-Time
X-CACHE-KEY
User-Cache-Control
X-OVcl-Cache
X-Edge-IP
Vix-Hermes-Req-Id
X-OVcl
X-Protected-By
Content-Script-Type
X-Correlation-ID
Content-Style-Type
L5d-Success-Class
X-BACKEND-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Time
X-Real-IP
NtCoent-Length
X-Real-Ip
X-PERF
X-Cache-Backend
LB
X-ApacheServer
X-Amz-Meta-Surrogate-Control
Ms-Operation-Id
X-RTag
X-Proto
X-Front
X-Webkit-Csp
AR-SID
X-Pc-Host
X-Pc-Date
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Mrs-Age
X-FB-TRIP-ID
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-Hit
X-CDN-Forward
X-Varnish-Cacheable
Section-Io-Cache
X-Nc
X-Varnish-Beresp-Status
X-Debug-Cache
X-Content-Age
X-Sucuri-ID
X-Varnish-Beresp-Grace
WZWS-RAY
X-Unique-ID
X-Microcachable
X-GRACE
Access-Control-Request-Headers
Country
Version
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-C
Load-Balancing
Fusion-Component-Id
Fusion-Source
X-Time
Ohc-File-Size
X-Connection-Hash
X-Cache-Enabled
X-EdgeConnect-Cache-Status
X-MP-GENERATED-AT
X-Transaction
X-Varnish-Beresp-Ttl
X-Twitter-Response-Tags
Warning
We-Hiring
Mail-Subject
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Clientip
X-CUA
X-Crawler
Locale
X-Cache-URL
X-Cache-Id
X-Cache-Host
Is-Eu
MD5-Digest
X-Cache-FS-Status
X-B-Cookie
X-Auto-Login
V-Age
Viewtype
X-D
UCS
Server-ID
SS
Uber-Trace-Id
X-Application
VivaBuild
X-A-Dgt
X-A
X-A-Ccd
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Actual-URL
Server-Host
SD-X-WS
X-Cache-Bucket
Platform
X-BB-ID
X-Cache-Debug
Node
Meta-Geo-Continent
Mobile-Detection-Method
Powered-By
X-Backend-State
RNT-Machine
RNT-Time
Rt-Proxy-Cache
Resin-Trace
Rendered-Blocks
X-A-Dam
Release
Memcached
X-Logtrace-Id
X-Rojux
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-S-Cookie
X-S-Maxage
X-Server-By
X-ScT
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Region-Sid
X-Reboot
X-Release
X-Request-UUID
X-Returned-From
X-Response-By
X-Server-Time
X-SRCache-Key
X-Via-Edge
X-VG-WebServer
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Variation
X-Var-Ttl
X-Trv-Group
X-Store
X-UE-Client-Country
X-Urbn-Context-Path
X-User
X-Urbn-Site-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-FW-Version
X-From
X-Fetched-On
X-G
X-Generated-In
X-Layer
X-GeoIP-Country-Code
X-F5-Cache
X-External-Request-Id
X-Developer
X-Destination
X-Device-Os
X-Died
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Li-Fabric
X-Li-Pop
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-PAYTM-SRV-ID
X-PHP-Host
X-RCS-CacheZone
X-Qloud-Router
X-Passed-To-BeforeDispatch
X-Passed-To
X-LI-UUID
X-LI-Proto
IBM-Web2-Location
X-Node-Id
X-Org
X-NU-AKA-ACS-Version
X-Date
X-A-Dcw
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
Fly-Cache
X-Ua
Frame-Options
Fly-Request-Id
Ec-Rule-Version
Countrycode
Arc-Country
Adler-Geo
Ajk
X-Trace-Id
BehaviorPad-Version
X-Hl-Ver
Cache-Prefix
X-Dc
X-Ratelimit-Limit
X-Rocket-Nginx-Bypass
X-Eu-Site
X-Epic-Correlation-Id
X-CGP
X-Gen-Mode
Thinkindot-CacheControl
Origin
X-IN-APIGATEWAY
X-Hnp-Log
X-Hash
Thinkindot-CacheControl-Type
X-Block-Status
X-Amz-Meta-Cache-Control
X-Matched-Rule
X-Swa-Ws
X-Thinkindot-L3
X-Geo
X-Cache-Expires
Thinkindot-Control
Www
X-Bip
X-IN-SSL-APIGATEWAY
X-Via-NSCOPI
X-SVT-ORM-VERSION
X-Server-Group
X-Served-From
X-Thanos
X-SVT-ORM-RULES
X-Server-IP
X-Sf
X-ServiceProvider
HA-Cloudapp
X-UnsetCookies
X-V
X-Key
X-Info
X-IN-WAF
X-MI-In-Market
X-Varnish-Action
Apple-News-Services-Handled
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Stale
X-Location
Ha-Gx-Prefs
HA-Georegion
HA-Geolon
HA-Host
HA-Ipaddr
HA-Servedtime
Content-Disposition
Request-Country
Request-EU
Esi-Enabled
HA-Geocountry
HA-Geocity
Country-Code
HA-Geolat
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
HA-Urlpath
Heartbleed
Pragrma
Backend
MI-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
On-Server
MI-Cache-Age
MI-API
Apple-News-Services-Host
Pramga
Backend-Name
Proxy-Connection
GW-Server
GMS-Ver
Kp-EeAlive
Web-Mar-Node
True-Client-Country-4JS
X-NODE
X-Developers
X-Cache-CFC
X-P-T
IsBot
X-No-Session
Who
Request-Time
X-Core-Value
X-Instance-Name
X-Irp-Debug
X-Phone
X-NWS-UUID-VERIFY
X-Wikidot-Static-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Request-Start
X-Backend-Url
X-Backend-Host
CDCHOST
X-Policy
X-Wikidot-Backend
Fastly-Soc-X-Request-Id
X-Request-URI
X-Platform
Fastly-SSL
Server-Int
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Nginx-Cache-Key
Cache-Cookie-Set-Lfrom
X-SIPLIST1
X-Secret
AKAMAI
X-Distil-CS
X-Gannett-Site-Version
X-TT-LOGID
PageSpeed
User-Agent
V-Cache
X-DC
X-Be
Group
X-CACHE-AGE
X-VCT
X-MSEdge-Features
X-Sn-Servicetimems
X-Fstrz
X-Refresh
X-ElasticPress-Search
X-Up
X-Servername
X-Origin-Expires
X-NX-Host
X-Cdn-Origin
X-Core-Mission
X-Origin-Date
PFcat
X-GeoIP-City
REQUESTUUID
X-MSEdge-Flight
X-Page-Type
X-Debug-Log
X-Debug-Cookies
X-Origin-TTL
HitInfo
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Distributor
X-Planisys-CDN-Cache
Magicmarker
Pagetype
X-COUNTRY
X-NC
X-Fastly-Cache
X-Micro-Cache
Host-ID
X-PARISIEN-Cache-Rendered
X-Debug-Cache-Expiry
X-Newrelic-Synthetics
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-VarnPar1
X-VarnCache
RequestId
X-Req
X-BBXSRF
MIME-Version
X-Svr
X-Instart-Info
X-Pjax-Url
X-EIG-Tracking-Id
X-Powered-By-ANYU
X-Level-Front-Cache
X-Generated-On
Lfy
X-Datadome
Ohc-Response-Time
X-Cache-Info
X-Server-Cache
Cache-Provider
ServerName
X-Cdn-Srv
X-Gdpr
PICS-Label
Mime-Version
X-ARC
Cdn
Cteonnt-Length
Memory
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Cluster-Node
Nel
X-CMS-Context
CF-IPCountry
X-Wa
X-NodeID
X-Fastly-Country-Code
X-WR-MODIFICATION
FSS-Cache
FSS-Proxy
X-LAGOON
X-Aicache-OS
CDN
X-StackifyID
X-Sentry-ID
X-Load-Cache
GeoIP-Country-Code
X-Flog
NGX
X-HTML-Minification-Powered-By
X-ABtesting
GeoIP-Latitude
X-VServer
X-Hello
X-B3-Traceid
SN
X-Fastly-Backend-Reqs
Geoip-Latitude
X-UPSTREAM-Address
GeoIp-Country-Code
XServer
X-CSRF-TOKEN
X-Varnish-Beresp-TTL
X-WA
X-GZip
X-APP
X-Check-Cacheable
TSSecure
X-Source
Amp-Access-Control-Allow-Source-Origin
Processtime
X-Csrf-Token
X-CSRF-Token
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-FireWall-Port
Cf-Ipcountry
X-HOST
X-MServer
X-Worker
CACHE
X-Unique-Id
PageType
X-Ratelimit-Remaining
X-Oracle-Dms-Ecid
A
X-ServedByHost
X-RateLimit-Limit-Second
X-Varnish-Cache-Hits
X-RateLimit-Remaining-Second
X-CDN-Pop
WP-Super-Cache
X-Sedo-Request-Id
X-CDN-Pop-IP
X-Cache-Miss-From
X-Generation-Time
X-AWS-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Nananana
X-Dynatrace
X-SplitTest
X-Oss-Storage-Class
X-Oss-Request-Id
X-LJ-Flow-ID
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-VWS-Id
X-Port
X-SRV
X-Skip-Cache
X-Cache-Grace
HTTPS
Pics-Label
URI
X-VC-Cache
X-FORWARDED-FOR
X-GDPR
DataCenter
X-ID
Server-Cache-Control
X-Backend-TTL
Server-Surrogate-Control
Odigeo-Trace-Id
Cache-Hits
X-Cache-ASPX
X-Varnish-Authentication
X-IPS-LoggedIn
X-Sucuri-Cache
X-BE
X-Owner
X-RCS-Backend
X-B3-SpanId
X-HS-Status
X-Fastly-Cache-Hits
X-Swift-Error
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Ms-Lease-Status
X-PJAX-URL
X-Varnish-Url
Hostname
Dynatrace
ProcessTime
X-Gen-Id
X-Pf-Uncompressing
X-ND-Cache
X-From-Cache
Requestid
X-Bug-Bounty
X-Instart-Isnd
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-SN
X-VG-WebCache
X-GZIP
X-Atg-Version
Is-Session-Tracking
Get-Access-Time
X-VarnPar2
X-Server-W
X-GoCache-CacheStatus
X-Ms-Lease-State
X-NGINX-Cache
X-Cache-Ttl
X-ORIG-AKA-EDGE
X-Amz-Meta-S3b-Last-Modified
Serverid
X-Akamai-SSL-Client-Sid
Proxy-Firewall
X-ServerName
X-LiteSpeed-Cache-Control
X-Varnish-URL
RequestUuid
T-Server
WebServer
X-PAGE-TYPE
X-VC
X-Fe
X-Alicdn-Da-Ups-Status
X-Serial
X-Cache-Srv
X-ORIG-AKA-COUNTRY-CODE
X-SB
X-RAMCache
X-LiteSpeed-Tag
NodeID
Xet-Cookie
NnCoection
X-Akamai-ERRuleID
X-CS
Location
X-Akamai-ERPolicy
X-Developed-By
X-HTML-Edge-Cache
X-Dw-Trace-Id
SID