Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Xss-Protection
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-CDN
X-Kinja-Server-Push
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Cache-Lookup
X-Server-Id
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-OneAgent-JS-Injection
X-Node
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-DataDome
X-Server-Name
X-Vhost
X-ESI
X-GitHub-Request-Id
X-VARITI-CCR
RTSS
X-MS-InvokeApp
X-Ruxit-JS-Agent
Accept-CH
X-Cached
X-Goog-Hash
X-ORACLE-DMS-RID
Charset
X-Server-ID
SPRequestGuid
X-Vname
X-PC
X-TtlSet
X-Mod-Pagespeed
Pinterest-Generated-By
Public-Key-Pins
Verso
X-D2id
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-F-Cache
X-Dispatcher
X-Version
X-TTL
X-Cdn
X-SharePointHealthScore
X-T
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Navigation-Version
X-B
X-Shield-Request-Id
X-Forwarded-Proto
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Rid
X-Recruiting
MS-Author-Via
DynaTrace
Realpath
X-Client-IP
SPIisLatency
X-HW
SPRequestDuration
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upstream
X-Vcap-Request-Id
Nginx-Cache
X-Goog-Generation
X-Ttl
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Content-MD5
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Oracle-Dms-Rid
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-ATIME
AR-CACHE
Edge-Cache-Tag
Arr-Disable-Session-Affinity
X-Hits
X-N
X-Varnish-Age
X-Debug
X-Goog-Storage-Class
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Aspnet-Version
X-NF-Request-ID
X-MSEdge-Ref
TCN
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-Id
X-Via-JSL
X-NewRelic-App-Data
S
X-XRDS-Location
X-ATG-Version
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
Service-Worker-Allowed
X-Logged-In
X-FTR-Expires
X-Oneagent-Js-Injection
Alternate-Protocol
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
Tracecode
X-Forwarded-For
X-Frontend
X-PressLabs-Stats
X-Kinsta-Cache
Rt-Fastcgi-Cache
X-Content-Digest
X-FastCGI-Cache
X-Pad
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
MicrosoftSharePointTeamServices
Fastly-Restarts
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Grace
X-Content-Options
X-Ruxit-Js-Agent
X-CF-Powered-By
X-Edge-Location
Server-Name
Fastcgi-Cache
X-Amzn-Trace-Id
Ar-Sid
Backend-Timing
X-Analytics
FilterID
TP-L2-Cache
TP-Cache
Host
X-Rid
X-User-Agent
X-Cache-2
X-Magnolia-Registration
X-Debug-Info
X-Whom
X-B3-Sampled
ServerID
X-Hostname
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Page-Id
X-Mobile
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
X-Srv
AR-Request-ID
Paypal-Debug-Id
X-Akam-SW-Version
X-AOL-HN
Front-End-Https
X-Content-Powered-By
Retry-After
X-Litespeed-Cache
Source
X-Request-Guid
X-Signature
X-LB-Cache
X-VCache
Refresh
X-Framework
X-B-Cache
X-Cache-Action
X-Cluster
X-Instance
X-Varnish-Hostname
X-HS-Cache-Config
Cleartype
X-FB-Debug
X-Handled-By
X-Correlation-Id
X-Cache-Control
X-SS-Set-Cookie
X-App-Environment
X-WA-Info
X-Tumblr-User
X-Tumblr-Pixel-0
X-Device-Type
X-Platform-Server
X-Tumblr-Pixel
X-Akamai-Edgescape
X-Cache-Hit
X-Varnish-Grace
X-BCube-Filmed-By
X-Fastcgi-Cache
X-Content-Security-Policy-Report-Only
X-TA-CDN-Provider
Webserver
X-GUploader-UploadID
X-Middleton-Display
X-Sol
Display
X-Activity-Id
X-Varnish-Backend
X-AppVersion
X-Az
X-Zen-Fury
X-XRDS-LOCATION
VIX-Pulpo-Upstream-Status
X-Content-Type
VIX-Pulpo-Node
Healthy
X-Daa-Tunnel
X-Cache-Server
X-Cache-Rule
Response
X-Middleton-Response
X-Drupal-Cache-Tags
X-Varnish-Server
X-Drupal-Cache-Contexts
X-Seen-By
X-Wix-Request-Id
X-URL
ViewerVersion
X-Cached-By
X-Cache-Age
X-Generated-By
X-App-Server
X-TT
Upgrade-Insecure-Requests
X-Geo-Country
Server-Node
S-Cnection
X-Origin-Server
Cache-Status
X-DataStream-Cache-Status
X-Accel-Expires
X-Amz-Replication-Status
X-CACHE-GROUP
X-Amz-Apigw-Id
X-Esi
X-Amzn-RequestId
Payment
Accept-Charset
X-S
X-UA-Device-Type
NGB
X-Response-Served-From
GEO-INFO
Filters
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
X-Locale
X-Status
X-Contextid
X-Servedby
ServedBy
Actual-Object-TTL
X-UUID
Access-Control-Allow-Method
X-Jobs
X-RequestSource
X-Varnish-IP
X-Edge-Cache-Key
X-Cache-NE
X-Edge-Cache
Viewport
X-FW-Serve
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hits
X-TT-TIMESTAMP
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Static
Server-Info
X-TX-ID
AsisCache
X-Amz-Server-Side-Encryption
X-Node-Name
X-WebKit-CSP-Report-Only
X-Storage
X-WPE-Loopback-Upstream-Addr
X-GeoIP
HostName
Cache-Tv-Group
X-Dns-Prefetch-Control
X-PHP-Backend
Cache
X-Cache-TTL-Remaining
MS-CV
Host-Header
X-Rendered-As
X-App-Version
X-Cache-Remote
X-Croise-Owner
X-Webkit-Csp
SRV
From-Origin
X-Region
X-Cache-Operation
X-Hyper-Cache
X-Vg-Webcache
X-Webkit-CSP
X-Redis-Cache
Served-By
X-APP-VERSION
Public-Key-Pins-Report-Only
X-Dynatrace-Js-Agent
Liferay-Portal
X-Guploader-Uploadid
Cache-Tag
X-Forwarded-Host
X-HS-Combine-CSS
DC
X-Mode
Pagespeed
X-CACHE-KEY
X-Webstats-RespID
X-Site-Version
X-Endurance-Cache-Level
X-Akamai-Transformed
X-NGENIX-Cache
X-Hosted-By
Machine
Meta-Geo
X-Upgrade-Enabled
X-Cache-Var
X-Detected-As
X-Agile-Id
X-Request-Time
Selected-FE
X-Proxy-Build
X-Agile
X-Agile-Age
X-RN-RSRV
X-Cache-Var-Map
X-Generated
X-IP
X-Is-Bot
X-Path-Route
X-Human
X-Timing-Wait
X-Origin
Origin-Cache-Control
Origin-Edge-Control
X-Loop
X-JoinUs
X-Labrador-Cache-Channel
X-NCache
Now
X-L-Path
X-BYPASS-REASON
Cache-Name
X-Grey
X-CDN-Cache
X-Environment-Context
X-Cache-Category-Id
Powered-By-ChinaCache
X-Upstream-CT
X-TNCMS
X-Pc-Appver
X-Original-Request
X-Web-Node
X-Via-Fastly
X-B3-Spanid
X-Upstream-HT
X-ProxyCache-Status
Xserver
X-Pc-Key
X-Pc-Hit
X-ProxyCache-Key
X-Vgn-Hpd-Reason
X-VG-TLSProxy
DB-Nickname
X-PCL
X-Format
S-Rt
X-Akamai-Request-ID
X-Tumblr-Pixel-3
X-ProcessESI
X-Internal-Host
X-Proxy
X-ServerID
X-UA
X-OCL
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tb
X-Origin-Host
X-Time-Microsecs
X-RemovedCookies
X-Viewer-Country
X-Origin-Response-Time
Fastcgi-Useragent
X-Access
Fastcgi-X-Cache
Cache-Tags
X-Birta-Cache-Post
X-Backend-Name
X-App-Name
Mn-Server-Ip
Fastcgi-X-Cache-Version
X-CCM
X-Section
X-Via-CDN
X-Birta-Served
X-Www-Served-By
X-Origin-CC
X-Rule
X-Xfnlog-Site
X-FC-Vary-Parameters
X-BACKEND-TTL
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
X-Pubstack
Azure-InstanceId
X-Ocache
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
X-Cache-Config
X-Zipkin-Id
X-Routing-Service
X-Origin-Hint
X-Proxied
TWC-Locale-Group
Property-Id
TWC-GeoIP-LatLong
Datacenter
HitType
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-TIME
Cache-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Protected-By
Content-Script-Type
Content-Style-Type
X-Nginx-Cache
User-Cache-Control
X-Edge-IP
Vix-Hermes-Req-Id
OT-Force-Account-Verify
X-Akamai-Request-ID2
X-Parent-Response-Time
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Cache-TTL
X-ShopId
X-ShardId
X-Ezoic-Cdn
X-Alternate-Cache-Key
X-Cdn-Forward
X-OVcl-Cache
Time
X-OVcl
NtCoent-Length
Ms-Operation-Id
X-RTag
X-RateLimit-Limit
L5d-Success-Class
X-Real-Ip
X-ApacheServer
Accept-Language
X-Cache-Backend
X-PERF
X-Pc-Host
X-Pc-Date
X-Newrelic-App-Data
X-FB-TRIP-ID
AR-SID
X-Front
X-Unique-Id-Primal
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
X-Mrs-Age
X-Real-IP
X-Amz-Meta-Surrogate-Control
LB
X-Correlation-ID
X-Proto
Section-Io-Cache
Country
X-Content-Age
X-Ratelimit-Limit
X-Varnish-Cacheable
X-Nc
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Load-Balancing
X-Debug-Cache
X-CDN-Forward
X-Sucuri-ID
X-Hit
Ohc-File-Size
X-Unique-ID
X-Varnish-Beresp-Ttl
WZWS-RAY
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-MP-GENERATED-AT
X-GRACE
X-Trace-Id
X-Hl-Ver
Version
X-Microcachable
Warning
Mail-Subject
X-Time
We-Hiring
User-Agent
X-CLOUD-TRACE-CONTEXT
X-EdgeConnect-Cache-Status
X-C
X-Dc
Access-Control-Request-Headers
X-Cache-URL
X-CUA
X-Cache-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Crawler
X-Connection-Hash
X-D
X-Cache-Host
X-Accel-Expires-Debug
Server-Host
SD-X-WS
Rt-Proxy-Cache
RNT-Time
Server-ID
SS
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
RNT-Machine
Resin-Trace
Mobile-Detection-Method
Meta-Geo-Continent
Memcached
MD5-Digest
Node
Powered-By
Request-Time
Rendered-Blocks
Release
V-Age
Viewtype
X-BB-ID
X-Backend-State
X-B-Cookie
X-Auto-Login
X-Bip
X-Cache-Bucket
X-Cache-Expires
X-Cache-Enabled
X-Cache-Debug
X-Aed
X-Actual-URL
X-A-Ccd
X-A
Www
VivaBuild
X-A-Dam
X-A-Dcw
X-Date
X-A-Wwc
X-A-Dgt
X-Cache-FS-Status
X-Org
X-Served-From
X-ScT
X-S-Maxage
X-Server-By
X-Server-Time
X-Store
X-SRCache-Key
X-S-Cookie
X-Rojux
X-Returned-From
X-Response-By
X-Request-UUID
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Swa-Ws
X-Thanos
X-Via-Edge
X-VG-WebServer
X-Varnish-Action
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Var-Ttl
X-User
X-Transaction
X-Thinkindot-L3
X-Trv-Group
X-TT-LOGID
X-UE-Client-Country
X-Twitter-Response-Tags
X-Release
X-Region-Sid
X-Generated-In
X-G
X-FW-Version
X-GeoIP-Country-Code
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Li-Fabric
X-Layer
X-From
X-Fetched-On
X-Device-Os
X-Developer
X-Died
X-Dispatcher-Server
X-External-Request-Id
X-DPWN-IS-SECURE
X-Li-Pop
X-LI-Proto
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-PHP-Host
X-Qloud-Router
X-Reboot
X-RCS-CacheZone
X-Passed-To-BeforeDispatch
X-Passed-To
X-Logtrace-Id
X-LI-UUID
X-Matched-Rule
X-NU-AKA-ACS-Version
X-P-T
IBM-Web2-Location
X-Destination
X-Application
Fastly-Backend-Name
Ec-Rule-Version
X-Ua
Fly-Cache
Frame-Options
Fly-Request-Id
Arc-Country
Ajk
Cache-Prefix
BehaviorPad-Version
X-Via-NSCOPI
X-Geo
X-Eu-Site
Cache-Cookie-Set-Lfrom
X-F5-Cache
X-Gannett-Site-Version
X-Hnp-Log
X-Hash
X-Gen-Mode
X-Epic-Correlation-Id
X-Fstrz
X-Clientip
AKAMAI
X-Cache-CFC
X-Block-Status
Backend
Cache-Cookie-Set-From
X-IN-APIGATEWAY
X-Amz-Meta-Cache-Control
X-CGP
Adler-Geo
Cache-Cookie-Set-Idcheck
X-Distributor
X-IN-WAF
X-ServiceProvider
X-Sf
X-Server-IP
X-Server-Group
X-Rocket-Nginx-Bypass
X-Secret
X-Stale
X-SVT-ORM-RULES
X-Variation
PFcat
X-Up
X-UnsetCookies
X-SVT-ORM-VERSION
X-Request-Start
X-Rebelmouse-Surrogate-Control
X-Nginx-Cache-Key
X-No-Session
X-MI-In-Market
X-Location
Country-Code
X-Key
X-Node-Id
X-Origin-Date
X-Proxy-Upstream
X-Rebelmouse-Cache-Control
X-Proxy-Cache-Status
HA-Geolon
X-Origin-Expires
X-IN-SSL-APIGATEWAY
X-Phone
Fastly-SWR
HA-Geocity
Ha-Gx-Prefs
GW-Server
HA-Host
Fastly-SSL
HA-Georegion
Server-Int
MI-API
GMS-Ver
Fastly-SIE
HA-Ipaddr
HA-Servedtime
Kp-EeAlive
Pramga
Magicmarker
HA-Geocountry
Platform
Proxy-Connection
Is-Eu
HA-Urlpath
Origin
Heartbleed
HA-Geolat
MI-Cache
HA-Cloudapp
Decoy-Debug-Key
True-Client-Country-4JS
Countrycode
MI-Cache-Age
Decoy-Debug-Status
Esi-Enabled
Web-Mar-Node
Decoy-Debug-TTL
Pagetype
X-Be
X-NODE
X-V
X-Platform
X-Page-Type
X-Fastly-Cache
Content-Disposition
Apple-News-Services-Request-Url
REQUESTUUID
X-Backend-Host
X-Request-URI
Pragrma
On-Server
X-Irp-Debug
IsBot
X-SIPLIST1
X-MSEdge-Features
X-MSEdge-Flight
Who
X-Info
X-Policy
X-Core-Mission
X-ElasticPress-Search
Apple-News-Services-Host
X-Core-Value
X-Backend-Url
Apple-News-Services-Parsed-Url
X-Distil-CS
Apple-News-Services-Handled
Fastly-Soc-X-Request-Id
X-Debug-Cache-Fetch
X-Instance-Name
X-Planisys-CDN-Rules
X-Svr
X-Origin-TTL
X-Planisys-CDN-Cache
CDCHOST
Locale
X-Cdn-Origin
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Urbn-Site-Id
X-Urbn-Context-Path
Backend-Name
X-Wikidot-Backend
Uber-Trace-Id
X-Refresh
X-NX-Host
X-Developers
UCS
X-Debug-Log
X-Micro-Cache
X-Wikidot-Static-Cache
Request-Country
X-Planisys-CDN-TTL
X-Sn-Servicetimems
Request-EU
X-DC
RequestId
X-Instart-Info
X-Generated-On
X-COUNTRY
X-NWS-UUID-VERIFY
X-Level-Front-Cache
X-Servername
X-Newrelic-Synthetics
V-Cache
Group
X-VarnPar1
X-Pjax-Url
X-VarnCache
ServerName
Lfy
Host-ID
X-PARISIEN-Cache-Rendered
X-VCT
X-GeoIP-City
PageSpeed
X-Req
X-Cdn-Srv
X-CACHE-AGE
Ohc-Response-Time
X-Cache-Info
HitInfo
X-NC
X-Server-Cache
X-ARC
X-Datadome
Mime-Version
MIME-Version
Cache-Provider
Cdn
Memory
X-BBXSRF
Cteonnt-Length
X-Powered-By-ANYU
X-EIG-Tracking-Id
X-Gdpr
X-CMS-Context
PICS-Label
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Ratelimit-Remaining
X-LAGOON
Nel
X-WR-MODIFICATION
NGX
X-StackifyID
X-Aicache-OS
CF-IPCountry
X-Load-Cache
X-Wa
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Cluster-Node
X-Fastly-Country-Code
GeoIP-Latitude
CDN
GeoIP-Country-Code
Cf-Ipcountry
X-CSRF-TOKEN
FSS-Proxy
X-NodeID
X-Fastly-Backend-Reqs
XServer
FSS-Cache
X-Sentry-ID
X-HTML-Minification-Powered-By
X-Check-Cacheable
X-Hello
X-FireWall-Port
Geoip-Latitude
X-WA
X-UPSTREAM-Address
X-VServer
X-Flog
GeoIp-Country-Code
X-ABtesting
X-Varnish-Cache-Hits
X-Varnish-Beresp-TTL
X-Source
X-Generation-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Processtime
SN
X-Csrf-Token
X-Unique-Id
X-HOST
X-Sedo-Request-Id
X-APP
X-GZip
X-Cache-Miss-From
X-CSRF-Token
CACHE
X-Oss-Request-Id
X-Nananana
X-Oss-Object-Type
X-Cache-Grace
X-Oss-Hash-Crc64ecma
WP-Super-Cache
X-ServedByHost
X-Oss-Server-Time
TSSecure
X-CDN-Pop-IP
X-CDN-Pop
X-Oss-Storage-Class
X-Cache-ASPX
Cdn-Request-Time
X-Varnish-Authentication
X-DataStream-Origin-MEX-Latency
Server-Cache-Control
Cdn-Host
Server-Surrogate-Control
X-GDPR
X-DataStream-MidMile-RTT
Pics-Label
X-Worker
X-MServer
X-Dynatrace
X-Edge-Server
X-SRV
X-VC-Cache
URI
X-RCS-Backend
X-Skip-Cache
X-VG-WebCache
X-FORWARDED-FOR
A
DataCenter
PageType
X-ID
X-HS-Status
X-Sucuri-Cache
X-Varnish-Url
X-IPS-LoggedIn
X-SplitTest
X-Fastly-Cache-Hits
X-LJ-Flow-ID
X-Instart-Isnd
X-B3-SpanId
X-ND-Cache
X-AWS-Id
HTTPS
X-VWS-Id
X-Port
X-Swift-Error
X-BE
X-PJAX-URL
X-GoCache-CacheStatus
Hostname
X-From-Cache
Get-Access-Time
Is-Session-Tracking
Odigeo-Trace-Id
X-Backend-TTL
Dynatrace
X-Gen-Id
X-Server-W
X-GZIP
Cache-Hits
Proxy-Firewall
X-SN
X-Pf-Uncompressing
X-Amzn-Remapped-Date
X-Bug-Bounty
X-Owner
X-Amzn-Remapped-Connection
X-ORIG-AKA-EDGE
X-VarnPar2
Powered
X-Cache-Ttl
X-NGINX-Cache
Requestid
X-ServerName
X-Ms-Version
X-Ms-Lease-Status
X-Amz-Meta-S3b-Last-Modified
X-Ms-Blob-Type
X-Ms-Request-Id
X-Vcache
X-Akamai-SSL-Client-Sid
Serverid
X-Varnish-URL
X-LiteSpeed-Cache-Control
WebServer
X-Alicdn-Da-Ups-Status
X-GEO
X-Serial
X-Fe
X-PAGE-TYPE
X-RAMCache
X-SB
T-Server
RequestUuid
X-ORIG-AKA-COUNTRY-CODE
X-VC
ProcessTime
SID
X-PF-Uncompressing
X-RequestId
NodeID
X-HTML-Edge-Cache
Correlation-Id
Xet-Cookie
X-Pc-Subdomain
X-Akamai-ERPolicy
X-Developed-By
Location
X-CS
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-Ms-Lease-State
NnCoection
X-LiteSpeed-Tag