Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Server
X-Cache-Group
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-OneAgent-JS-Injection
X-Cnection
X-Node
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-DataDome
X-Vhost
X-Server-Name
X-ESI
X-GitHub-Request-Id
X-Server-ID
X-VARITI-CCR
X-MS-InvokeApp
RTSS
Accept-CH
X-Cached
X-Goog-Hash
Charset
X-Ruxit-JS-Agent
SPRequestGuid
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
X-D2id
X-F-Cache
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
Public-Key-Pins
X-Use-Magma
Verso
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-TTL
X-Version
X-Dispatcher
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
X-Cdn
Accept-CH-Lifetime
X-Abt-Application-Version
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-Origin-Upstream-Status
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-Navigation-Version
X-DynaTrace-JS-Agent
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-Amz-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Recruiting
MS-Author-Via
Realpath
X-Client-IP
DynaTrace
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upstream
X-Oracle-Dms-Rid
X-Vcap-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Content-MD5
Nginx-Cache
X-Ttl
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Hits
X-Debug
X-Varnish-Age
X-N
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Goog-Storage-Class
MRF-Tech
X-B3-TraceId-Primal
X-MSEdge-Ref
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
TCN
X-Via-JSL
X-Id
X-Aspnet-Version
X-NewRelic-App-Data
S
X-ATG-Version
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-XRDS-Location
X-FTR-Expires
Service-Worker-Allowed
X-Logged-In
Alternate-Protocol
X-Forwarded-For
X-Cache-Key
X-HS-Content-Id
X-Oneagent-Js-Injection
X-HS-Hub-Id
X-Kinsta-Cache
Surrogate-Key
Tracecode
X-Frontend
X-PressLabs-Stats
Rt-Fastcgi-Cache
X-FastCGI-Cache
X-Content-Digest
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Grace
X-FTR-Cache-Host
X-Ruxit-Js-Agent
MicrosoftSharePointTeamServices
Fastly-Restarts
X-CF-Powered-By
Ar-Sid
Server-Name
Fastcgi-Cache
X-Edge-Location
X-Content-Options
X-Amzn-Trace-Id
X-RateLimit-Remaining
X-Analytics
X-CACHE-GROUP
Backend-Timing
TP-L2-Cache
Host
TP-Cache
FilterID
X-User-Agent
X-Cache-2
X-Rid
X-Magnolia-Registration
ServerID
X-Whom
X-Debug-Info
X-B3-Sampled
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Hostname
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Srv
AR-Request-ID
X-NWS-LOG-UUID
Paypal-Debug-Id
Front-End-Https
X-Akam-SW-Version
X-VCache
X-AOL-HN
X-Content-Powered-By
Retry-After
Refresh
X-Signature
X-B-Cache
X-Cluster
X-Framework
X-Device-Type
X-Cache-Action
X-Handled-By
X-Request-Guid
Source
X-LB-Cache
Cleartype
X-SS-Set-Cookie
X-Varnish-Hostname
X-App-Environment
X-FB-Debug
X-BCube-Filmed-By
X-Cache-Control
X-WA-Info
X-Tumblr-User
X-Cache-Hit
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-XRDS-LOCATION
X-Varnish-Grace
X-Litespeed-Cache
X-GUploader-UploadID
X-Platform-Server
X-HS-Cache-Config
X-Content-Security-Policy-Report-Only
X-Correlation-Id
Webserver
X-Az
X-Fastcgi-Cache
X-AppVersion
X-Activity-Id
X-Zen-Fury
X-TA-CDN-Provider
X-Varnish-Backend
X-Middleton-Display
X-Sol
Display
X-Content-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Healthy
X-Cache-Server
X-Cache-Rule
X-Cache-Age
Response
X-Varnish-Server
X-Drupal-Cache-Tags
X-Daa-Tunnel
X-Middleton-Response
ViewerVersion
X-Wix-Request-Id
X-Seen-By
X-TT
X-App-Server
X-Drupal-Cache-Contexts
Upgrade-Insecure-Requests
X-Generated-By
X-Geo-Country
X-Cached-By
X-URL
X-Origin-Server
Cache-Status
Server-Node
S-Cnection
X-DataStream-Cache-Status
X-Accel-Expires
X-Amz-Replication-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
Accept-Charset
Payment
X-UA-Device-Type
NGB
X-Response-Served-From
Filters
X-S
X-Edge-Cache
X-Locale
X-Servedby
X-Edge-Cache-Key
X-Contextid
X-Adobe-Loc
X-Adobe-Content
GEO-INFO
X-Cacheable-TTL
Viewport
ServedBy
Actual-Object-TTL
X-Jobs
X-RequestSource
Access-Control-Allow-Method
X-Varnish-IP
X-Status
X-Esi
X-Cache-NE
X-TT-TIMESTAMP
X-FW-Type
X-FW-Static
X-FW-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hits
X-UUID
X-TX-ID
X-FW-Serve
X-FW-Hash
AsisCache
Server-Info
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
X-WPE-Loopback-Upstream-Addr
X-Storage
X-GeoIP
X-PHP-Backend
Cache-Tv-Group
MS-CV
X-Node-Name
X-Rendered-As
X-Cache-Remote
X-Cache-TTL-Remaining
Host-Header
HostName
X-Dns-Prefetch-Control
X-Croise-Owner
SRV
Cache
From-Origin
X-Region
X-App-Version
X-Dynatrace-Js-Agent
X-Cache-Operation
X-Hyper-Cache
X-APP-VERSION
X-Vg-Webcache
X-Redis-Cache
X-Webkit-CSP
Served-By
Cache-Tag
X-UA
Liferay-Portal
DC
X-HS-Combine-CSS
Public-Key-Pins-Report-Only
X-Mode
X-Forwarded-Host
X-Guploader-Uploadid
X-TIME
Meta-Geo
X-Site-Version
X-Generated
Selected-FE
X-TNCMS
X-Timing-Wait
X-Path-Route
X-Loop
X-Detected-As
Machine
X-Proxy-Build
X-Hosted-By
X-Cache-Var
X-Is-Bot
X-Cache-Var-Map
X-Human
X-IP
Powered-By-ChinaCache
X-Akamai-Transformed
X-RN-RSRV
X-NGENIX-Cache
Now
X-Grey
Origin-Cache-Control
X-Agile-Age
X-Agile-Id
X-BYPASS-REASON
X-Cache-Category-Id
X-CDN-Cache
X-Endurance-Cache-Level
X-Environment-Context
X-Agile
Origin-Edge-Control
X-Pc-Hit
X-Pc-Appver
X-ProxyCache-Key
X-NCache
X-Vgn-Hpd-Reason
Cache-Name
X-Original-Request
X-B3-Spanid
X-Webstats-RespID
X-Internal-Host
X-Pc-Key
X-Upstream-HT
X-L-Path
X-Via-Fastly
X-Upstream-CT
X-Labrador-Cache-Channel
X-ProxyCache-Status
X-Web-Node
X-Request-Time
X-Origin
DB-Nickname
X-Time-Microsecs
X-ServerID
X-Akamai-Request-ID
X-Tumblr-Pixel-3
X-Viewer-Country
X-FC-Vary-Parameters
X-ProcessESI
X-Upgrade-Enabled
X-VG-TLSProxy
X-Pubstack
X-RemovedCookies
X-Proxy
X-Birta-Served
X-Origin-Host
X-JoinUs
X-Origin-Response-Time
X-Birta-Cache-Post
S-Rt
X-BACKEND-TTL
X-CCM
X-Yottaa-Metrics
Mn-Server-Ip
Fastcgi-X-Cache-Version
Fastcgi-Useragent
Fastcgi-X-Cache
X-Yottaa-Optimizations
X-Format
X-Cache-Config
X-Tb
X-Via-CDN
X-Www-Served-By
X-Backend-Name
X-Xfnlog-Site
X-Rule
Azure-SiteName
X-PCL
Azure-RegionName
Azure-InstanceId
Cache-Tags
Pagespeed
Azure-SlotName
Azure-Version
X-OCL
X-Origin-CC
X-Ocache
X-Origin-Hint
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
Xserver
X-Zipkin-Id
TWC-Device-Class
X-Access
X-App-Name
Webcakes-Region
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Connection-Speed
HitType
X-Proxied
X-Routing-Service
X-Section
Property-Id
Content-Style-Type
X-Kong-Proxy-Latency
Content-Script-Type
X-Kong-Upstream-Latency
X-Protected-By
Cache-Key
X-Parent-Response-Time
X-Edge-IP
Datacenter
User-Cache-Control
OT-Force-Account-Verify
Vix-Hermes-Req-Id
X-Ezoic-Cdn
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Cache-TTL
X-Sorting-Hat-PodId
X-Akamai-Request-ID2
X-RTag
Ms-Operation-Id
X-CACHE-KEY
Time
X-Nginx-Cache
X-OVcl
X-OVcl-Cache
NtCoent-Length
X-Correlation-ID
X-Pc-Host
X-PERF
X-Cache-Backend
X-ApacheServer
X-Cdn-Forward
X-Pc-Date
X-Ratelimit-Limit
X-Real-Ip
L5d-Success-Class
X-FB-TRIP-ID
X-Real-IP
X-Mrs-Cache
X-Mrs-Age
X-Mrs-Cache-Hits
Accept-Language
X-Mshield-Cache-Status
X-Unique-Id-Primal
X-Newrelic-App-Data
Country
LB
X-Proto
AR-SID
X-Front
X-Webkit-Csp
X-Content-Age
X-RateLimit-Limit
X-Amz-Meta-Surrogate-Control
X-Debug-Cache
X-Varnish-Cacheable
Load-Balancing
X-CDN-Forward
X-Varnish-Beresp-Grace
Section-Io-Cache
X-Varnish-Beresp-Status
X-Nc
X-Sucuri-ID
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Ohc-File-Size
Fusion-Component-Id
WZWS-RAY
X-MP-GENERATED-AT
X-Hl-Ver
Mail-Subject
X-Varnish-Beresp-Ttl
X-Trace-Id
X-Hit
We-Hiring
X-Unique-ID
X-Microcachable
Warning
Version
User-Agent
X-Via-NSCOPI
X-GRACE
X-Dc
X-EdgeConnect-Cache-Status
Access-Control-Request-Headers
X-C
X-Geo
Ec-Rule-Version
X-Li-Pop
X-LI-Proto
Node
Mobile-Detection-Method
X-Fetched-On
Meta-Geo-Continent
X-LI-UUID
BehaviorPad-Version
X-Logtrace-Id
Release
Powered-By
Arc-Country
X-External-Request-Id
Platform
Memcached
MD5-Digest
Fastly-SIE
Fly-Cache
X-Generated-In
X-Goog-Meta-Goog-Reserved-File-Mtime
Fly-Request-Id
Frame-Options
X-Layer
X-G
X-FW-Version
X-From
X-Li-Fabric
Fastly-SWR
Fastly-Backend-Name
IBM-Web2-Location
Is-Eu
Rendered-Blocks
Rt-Proxy-Cache
X-Application
X-CUA
X-Auto-Login
X-B-Cookie
X-Crawler
X-D
X-Aed
X-A-Wwc
X-Date
X-Accel-Expires-Debug
X-Actual-URL
X-BB-ID
X-Bip
X-Cache-URL
X-Cache-Id
X-Connection-Hash
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Host
X-Cache-FS-Status
X-Cache-Bucket
X-Cache-Debug
X-Cache-Enabled
X-Cache-Expires
X-A-Dgt
X-A-Dcw
Server-Host
SD-X-WS
Server-ID
X-Died
SS
X-Matched-Rule
RNT-Time
Request-Time
X-Dispatcher-Server
Resin-Trace
RNT-Machine
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Www
X-Destination
X-A
X-A-Ccd
X-A-Dam
VivaBuild
Viewtype
Thinkindot-Control
X-Device-Os
X-Developer
V-Age
X-DPWN-IS-SECURE
Cache-Prefix
X-Release
X-Request-UUID
X-Response-By
X-Passed-To
X-Passed-To-BeforeDispatch
X-CLOUD-TRACE-CONTEXT
X-We-Are-Hiring
X-P-T
X-Returned-From
X-Qloud-Router
X-Trv-Group
X-TT-LOGID
X-Twitter-Response-Tags
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Passed-To-DLL
X-Region-Sid
X-Variation
X-RCS-CacheZone
X-Var-Ttl
X-Varnish-Action
X-VG-WebServer
X-Via-Edge
X-Via-SSL
X-Rebelmouse-Cache-Control
X-User
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Reboot
X-PHP-Host
X-UE-Client-Country
X-Rebelmouse-Surrogate-Control
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
Ajk
X-ScT
X-S-Maxage
X-S-Cookie
X-Transaction
X-Store
Adler-Geo
Xc-Version
X-SRCache-Key
X-Served-From
X-Node-Id
X-Server-Time
X-Org
X-Thanos
X-Swa-Ws
X-Server-By
X-NU-AKA-ACS-Version
X-Thinkindot-L3
X-WebServer
X-Rojux
X-Rocket-Nginx-Bypass
X-Server-Group
X-Distributor
Server-Int
X-Server-IP
X-ServiceProvider
X-Sf
X-Backend-State
X-Request-Start
Web-Mar-Node
X-Amz-Meta-Cache-Control
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
True-Client-Country-4JS
X-Cache-CFC
X-Block-Status
X-Stale
X-UnsetCookies
X-Proxy-Upstream
X-Origin-Expires
X-Key
X-Origin-Date
Fastly-SSL
Esi-Enabled
X-Info
GMS-Ver
X-Hnp-Log
X-Hash
X-IN-APIGATEWAY
X-IN-WAF
GW-Server
X-No-Session
Decoy-Debug-TTL
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Location
Backend
AKAMAI
Cache-Cookie-Set-Lfrom
X-Nginx-Cache-Key
Decoy-Debug-Key
Decoy-Debug-Status
Countrycode
Country-Code
Content-Disposition
PFcat
X-IN-SSL-APIGATEWAY
On-Server
X-Phone
Magicmarker
MI-API
MI-Cache
MI-Cache-Age
X-MI-In-Market
X-Proxy-Cache-Status
Kp-EeAlive
Proxy-Connection
X-F5-Cache
X-Gen-Mode
Origin
Pramga
X-Fstrz
Heartbleed
X-Clientip
X-Be
X-ElasticPress-Search
Pagetype
X-MSEdge-Features
X-MSEdge-Flight
X-Eu-Site
X-Distil-CS
X-SIPLIST1
X-Up
X-Irp-Debug
X-Page-Type
X-Request-URI
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-Policy
X-Fastly-Cache
X-Core-Mission
X-V
X-Core-Value
X-Secret
HA-Georegion
HA-Geocountry
HA-Geolat
HA-Geocity
HA-Cloudapp
Backend-Name
HA-Geolon
Ha-Gx-Prefs
HA-Urlpath
HA-Ipaddr
IsBot
HA-Host
HA-Servedtime
REQUESTUUID
Who
X-CGP
X-Backend-Host
X-Time
X-Backend-Url
X-NODE
X-Refresh
X-Wikidot-Backend
X-Platform
X-Origin-TTL
X-Svr
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
CDCHOST
X-Sn-Servicetimems
Apple-News-Services-Host
X-NX-Host
X-Wikidot-Static-Cache
Fastly-Soc-X-Request-Id
X-Micro-Cache
X-Epic-Correlation-Id
X-Developers
X-Debug-Cookies
X-Cdn-Origin
Pragrma
X-Debug-Log
X-Ua
Uber-Trace-Id
X-Planisys-CDN-TTL
Request-EU
X-Debug-Cache-Fetch
Request-Country
X-Planisys-CDN-Rules
X-Debug-Cache-Store
X-Urbn-Context-Path
Locale
X-Planisys-CDN-Cache
UCS
X-Debug-Cache-Expiry
RequestId
X-Instance-Name
X-Urbn-Site-Id
X-Level-Front-Cache
X-Generated-On
X-Servername
PageSpeed
X-Pjax-Url
Lfy
X-NWS-UUID-VERIFY
X-COUNTRY
ServerName
X-NC
X-DC
X-Instart-Info
Group
V-Cache
X-Server-Cache
X-Cdn-Srv
X-Cache-Info
Host-ID
Ohc-Response-Time
X-VarnPar1
X-GeoIP-City
X-PARISIEN-Cache-Rendered
X-VCT
X-VarnCache
X-Req
X-Newrelic-Synthetics
X-CACHE-AGE
X-ARC
MIME-Version
HitInfo
Memory
X-Ratelimit-Remaining
Cteonnt-Length
X-Datadome
X-BBXSRF
PICS-Label
Cdn
Cache-Provider
Mime-Version
X-Powered-By-ANYU
X-CMS-Context
X-Gdpr
X-EIG-Tracking-Id
X-TWH-CORRELATION-ID
X-WR-MODIFICATION
X-Servedbyhost
X-LAGOON
X-Aicache-OS
X-StackifyID
Nel
CF-IPCountry
X-Wa
NGX
CDN
X-Load-Cache
XServer
X-HTML-Minification-Powered-By
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Cluster-Node
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-Country-Code
Cf-Ipcountry
X-WA
FSS-Proxy
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
FSS-Cache
X-FireWall-Port
GeoIp-Country-Code
Geoip-Latitude
X-Sentry-ID
X-NodeID
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Varnish-Cache-Hits
X-Generation-Time
X-UPSTREAM-Address
X-Hello
X-ABtesting
X-RateLimit-Limit-Second
X-VServer
X-Flog
CACHE
X-RateLimit-Remaining-Second
X-Unique-Id
X-Cache-Miss-From
SN
X-Source
X-Sedo-Request-Id
Processtime
X-Csrf-Token
X-Oss-Storage-Class
X-APP
X-GZip
X-Oss-Server-Time
X-HOST
X-ServedByHost
X-Oss-Hash-Crc64ecma
X-Cache-Grace
X-Oss-Request-Id
X-Oss-Object-Type
X-CSRF-Token
X-Varnish-Authentication
X-Cache-ASPX
X-CDN-Pop
X-CDN-Pop-IP
WP-Super-Cache
Server-Cache-Control
Server-Surrogate-Control
TSSecure
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Cdn-Request-Time
X-Nananana
X-RCS-Backend
X-Edge-Server
X-Dynatrace
Cdn-Host
X-IPS-LoggedIn
X-MServer
X-HS-Status
X-VG-WebCache
X-Worker
DataCenter
X-SRV
X-FORWARDED-FOR
X-Varnish-Url
X-Skip-Cache
URI
X-GDPR
X-VC-Cache
Pics-Label
A
PageType
X-ID
X-Sucuri-Cache
X-ND-Cache
X-Instart-Isnd
Hostname
X-LJ-Flow-ID
X-GoCache-CacheStatus
X-From-Cache
X-Fastly-Cache-Hits
Is-Session-Tracking
HTTPS
Get-Access-Time
X-SplitTest
X-VWS-Id
X-AWS-Id
X-B3-SpanId
X-Port
X-Swift-Error
X-BE
Proxy-Firewall
X-PJAX-URL
X-Backend-TTL
Odigeo-Trace-Id
X-Server-W
X-Pf-Uncompressing
Dynatrace
X-NGINX-Cache
X-Bug-Bounty
X-Gen-Id
X-Owner
X-SN
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Powered
Cache-Hits
X-GZIP
X-ORIG-AKA-EDGE
X-VarnPar2
X-Cache-Ttl
Requestid
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
X-Ms-Request-Id
Serverid
X-Pc-Subdomain
X-PAGE-TYPE
X-Varnish-URL
X-LiteSpeed-Cache-Control
X-Alicdn-Da-Ups-Status
X-GEO
X-HostName
X-VC
X-Fe
X-SB
X-RAMCache
X-Serial
X-ServerName
T-Server
RequestUuid
WebServer
X-ORIG-AKA-COUNTRY-CODE
ProcessTime
Xet-Cookie
X-Requestid
NodeID
Correlation-Id
SID
X-RequestId
X-PF-Uncompressing
X-Ms-Lease-State
X-Akamai-ERPolicy
Location
X-CS
X-Developed-By
X-Akamai-ERRuleID
X-Dw-Trace-Id
X-LiteSpeed-Tag
NnCoection
X-HTML-Edge-Cache