Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-Cnection
X-OneAgent-JS-Injection
X-Node
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
NEL
Edge-Control
X-Url
X-DynaTrace
Rating
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Varnish-TTL
X-Country
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Cdn
X-Trace
X-DataDome
X-Vhost
X-Px
X-Server-Name
X-GitHub-Request-Id
X-Server-ID
X-VARITI-CCR
X-ESI
X-MS-InvokeApp
RTSS
Accept-CH
X-ORACLE-DMS-RID
X-Goog-Hash
X-Cached
Charset
X-TTL
X-Ruxit-JS-Agent
SPRequestGuid
Pinterest-Generated-By
X-Mod-Pagespeed
X-TtlSet
X-Vname
X-PC
X-F-Cache
Verso
X-Exp-Variant
X-Exp-Id
Public-Key-Pins
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-D2id
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-Dispatcher
X-Version
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Abt-Application-Version
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Navigation-Version
X-B
X-DynaTrace-JS-Agent
X-Forwarded-Proto
X-Shield-Request-Id
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
X-Recruiting
X-Client-IP
DynaTrace
Realpath
SPRequestDuration
SPIisLatency
X-HW
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Upstream
X-Vcap-Request-Id
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Content-MD5
Nginx-Cache
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Oracle-Dms-Rid
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Hits
X-Debug
X-Varnish-Age
X-N
X-Ttl
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Goog-Storage-Class
X-MSEdge-Ref
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
Access-Control-Request-Method
TCN
X-Via-JSL
X-Id
X-Aspnet-Version
X-ATG-Version
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
S
X-FTR-Backend
X-NewRelic-App-Data
X-FTR-Expires
Service-Worker-Allowed
X-XRDS-Location
X-Logged-In
Alternate-Protocol
X-Oneagent-Js-Injection
Surrogate-Key
X-Frontend
X-Cache-Key
X-Kinsta-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
Rt-Fastcgi-Cache
Tracecode
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Forwarded-For
X-Pad
X-Ruxit-Js-Agent
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-Grace
Fastly-Restarts
Server-Name
X-CF-Powered-By
X-Amzn-Trace-Id
X-Content-Options
X-RateLimit-Remaining
X-Edge-Location
X-Analytics
Backend-Timing
TP-Cache
TP-L2-Cache
FilterID
Host
X-User-Agent
Fastcgi-Cache
X-Rid
X-Magnolia-Registration
X-Cache-2
Ar-Sid
ServerID
X-Debug-Info
X-B3-Sampled
X-Whom
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Hostname
X-Mobile
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
AR-Request-ID
Paypal-Debug-Id
X-Srv
Front-End-Https
X-Akam-SW-Version
X-VCache
X-AOL-HN
X-Content-Powered-By
Retry-After
Refresh
X-B-Cache
X-Signature
X-Cache-Action
X-Cluster
X-Handled-By
X-Request-Guid
X-App-Environment
X-Device-Type
X-Framework
X-FB-Debug
X-LB-Cache
X-SS-Set-Cookie
Source
X-Varnish-Hostname
Cleartype
X-URL
X-Instance
X-Cache-Hit
X-Cache-Control
X-BCube-Filmed-By
X-Tumblr-Pixel
X-XRDS-LOCATION
X-Tumblr-User
X-WA-Info
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-GUploader-UploadID
X-Litespeed-Cache
X-Varnish-Grace
X-Platform-Server
X-Content-Security-Policy-Report-Only
X-HS-Cache-Config
X-Correlation-Id
Webserver
X-Zen-Fury
X-Fastcgi-Cache
X-TA-CDN-Provider
X-AppVersion
X-Activity-Id
X-Az
X-Varnish-Backend
X-Sol
X-Middleton-Display
Display
X-Content-Type
VIX-Pulpo-Upstream-Status
X-Esi
VIX-Pulpo-Node
X-Cache-Server
Healthy
X-Cache-Rule
Response
X-Varnish-Server
X-Drupal-Cache-Tags
X-Middleton-Response
X-Daa-Tunnel
X-Wix-Request-Id
ViewerVersion
X-Seen-By
X-TT
X-Cached-By
X-Drupal-Cache-Contexts
X-App-Server
X-Generated-By
X-Geo-Country
Upgrade-Insecure-Requests
Cache-Status
X-Cache-Age
X-Origin-Server
S-Cnection
Server-Node
X-Accel-Expires
X-Amz-Replication-Status
X-DataStream-Cache-Status
X-Amzn-RequestId
X-Amz-Apigw-Id
Accept-Charset
Payment
X-S
X-CACHE-GROUP
X-Response-Served-From
NGB
Filters
X-Adobe-Content
X-Contextid
X-Locale
GEO-INFO
X-Adobe-Loc
X-Servedby
X-Cacheable-TTL
X-Edge-Cache
X-Edge-Cache-Key
X-Cache-NE
ServedBy
X-Varnish-IP
X-Status
Viewport
X-UUID
X-Jobs
X-RequestSource
Actual-Object-TTL
X-Varnish-Hits
X-FW-Static
X-TX-ID
X-FW-Type
X-TT-TIMESTAMP
X-FW-Serve
X-FW-Hash
Access-Control-Allow-Method
X-FW-Server
AsisCache
X-Amz-Server-Side-Encryption
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Server-Info
X-UA-Device-Type
X-Storage
X-WebKit-CSP-Report-Only
X-WPE-Loopback-Upstream-Addr
X-PHP-Backend
X-GeoIP
Cache-Tv-Group
HostName
X-Node-Name
MS-CV
Cache
X-Cache-Remote
Host-Header
X-Cache-TTL-Remaining
X-Rendered-As
X-Dns-Prefetch-Control
X-Croise-Owner
SRV
X-Region
From-Origin
X-App-Version
X-Dynatrace-Js-Agent
X-Cache-Operation
X-Hyper-Cache
X-Vg-Webcache
X-APP-VERSION
X-Redis-Cache
X-Webkit-CSP
Served-By
Cache-Tag
Liferay-Portal
DC
X-UA
Public-Key-Pins-Report-Only
X-Forwarded-Host
X-Mode
X-HS-Combine-CSS
X-Guploader-Uploadid
X-TIME
Selected-FE
X-Akamai-Transformed
X-Cache-Var
X-Detected-As
X-Cache-Var-Map
X-Agile-Id
X-Agile-Age
Meta-Geo
X-TNCMS
X-Agile
Machine
X-Loop
Powered-By-ChinaCache
X-Upgrade-Enabled
X-NGENIX-Cache
X-Webstats-RespID
X-Path-Route
X-Generated
X-Timing-Wait
X-RN-RSRV
X-Site-Version
X-Hosted-By
X-Human
X-Proxy-Build
X-IP
X-Is-Bot
Cache-Name
X-Pc-Appver
X-Cache-Category-Id
X-Web-Node
X-Endurance-Cache-Level
X-Via-Fastly
X-Pc-Key
Origin-Edge-Control
Origin-Cache-Control
X-Request-Time
X-Pc-Hit
X-Original-Request
X-L-Path
X-Upstream-CT
X-Labrador-Cache-Channel
X-Internal-Host
X-NCache
X-Upstream-HT
X-B3-Spanid
X-Grey
X-CDN-Cache
X-JoinUs
X-Environment-Context
X-Pubstack
X-RemovedCookies
X-ProxyCache-Status
DB-Nickname
X-ProxyCache-Key
X-ProcessESI
X-FC-Vary-Parameters
S-Rt
X-Birta-Cache-Post
X-BYPASS-REASON
X-VG-TLSProxy
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Tumblr-Pixel-3
X-Birta-Served
X-Viewer-Country
X-Origin
X-Origin-Response-Time
X-Akamai-Request-ID
Now
X-Xfnlog-Site
X-CCM
Cache-Tags
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Cache-Config
Fastcgi-Useragent
X-Www-Served-By
Mn-Server-Ip
X-Via-CDN
X-Tb
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Yottaa-Optimizations
Azure-Version
X-Ocache
Pagespeed
X-OCL
X-Yottaa-Metrics
X-BACKEND-TTL
X-Origin-CC
X-Origin-Host
X-PCL
X-ServerID
X-Format
X-Rule
X-Proxy
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Locale-Group
X-Backend-Name
Xserver
X-Routing-Service
X-Section
X-Proxied
X-App-Name
X-Access
X-Origin-Hint
Webcakes-App-Version
Webcakes-Region
X-Zipkin-Id
Property-Id
HitType
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Key
X-Protected-By
Content-Style-Type
User-Cache-Control
X-Parent-Response-Time
Datacenter
Content-Script-Type
X-Nginx-Cache
X-Edge-IP
X-Newrelic-App-Data
OT-Force-Account-Verify
Vix-Hermes-Req-Id
X-Real-Ip
X-Sorting-Hat-ShopId
X-Cache-TTL
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Ezoic-Cdn
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Akamai-Request-ID2
X-CACHE-KEY
Time
Ms-Operation-Id
X-RTag
AR-SID
X-OVcl
X-OVcl-Cache
X-ApacheServer
X-Ratelimit-Limit
X-PERF
X-Cdn-Forward
X-Pc-Host
X-Cache-Backend
X-Pc-Date
X-Correlation-ID
NtCoent-Length
X-FB-TRIP-ID
Accept-Language
X-Mrs-Age
X-Unique-Id-Primal
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mshield-Cache-Status
L5d-Success-Class
LB
Country
X-Webkit-Csp
X-Content-Age
X-Front
X-RateLimit-Limit
X-Real-IP
X-Amz-Meta-Surrogate-Control
X-Debug-Cache
Load-Balancing
X-Varnish-Cacheable
X-Proto
X-CDN-Forward
Section-Io-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Sucuri-ID
X-COUNTRY
X-Varnish-Beresp-Ttl
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Nc
Fusion-Template-Id
Fusion-Source
X-Hit
WZWS-RAY
Ohc-File-Size
X-MP-GENERATED-AT
X-Unique-ID
X-Trace-Id
X-Hl-Ver
Warning
Version
X-EdgeConnect-Cache-Status
User-Agent
X-GRACE
We-Hiring
X-Geo
X-C
Access-Control-Request-Headers
Mail-Subject
X-Microcachable
X-G
X-FW-Version
Cache-Prefix
X-Accel-Expires-Debug
BehaviorPad-Version
Arc-Country
X-A-Wwc
X-Generated-In
Node
X-DPWN-IS-SECURE
X-Actual-URL
X-Dispatcher-Server
X-External-Request-Id
Mobile-Detection-Method
X-From
X-Fetched-On
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Thanos
X-Served-From
X-Li-Pop
X-Li-Fabric
X-ScT
X-Server-By
X-A-Ccd
X-S-Maxage
X-Layer
Powered-By
X-A-Dcw
X-A-Dgt
X-A-Dam
Ajk
Platform
Adler-Geo
X-Died
Ec-Rule-Version
X-Cache-Enabled
X-Cache-Debug
X-Cache-Bucket
X-Cache-Expires
X-Cache-FS-Status
X-Cache-Id
X-Cache-Host
Meta-Geo-Continent
X-Bip
X-B-Cookie
X-Auto-Login
MD5-Digest
X-Application
X-BB-ID
IBM-Web2-Location
Is-Eu
X-Cache-URL
X-CF-Lambda-Fn
X-Destination
Fastly-SWR
Fly-Cache
X-Developer
Fastly-SIE
X-Device-Os
Fastly-Backend-Name
Fly-Request-Id
Frame-Options
X-Connection-Hash
X-Aed
X-CF-Lambda-Version
X-Crawler
X-CUA
X-Date
X-D
X-A
X-LI-Proto
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-CLOUD-TRACE-CONTEXT
X-User
SS
X-Reboot
X-Var-Ttl
X-Variation
X-Via-SSL
X-Rewrite-Enabled
X-Qloud-Router
X-Via-Edge
X-Returned-From-PostProcessResponse
X-Varnish-Action
X-VG-WebServer
X-Region-Sid
X-Release
X-Trv-Group
X-Returned-From-DLL
X-TT-LOGID
Thinkindot-CacheControl
X-Swa-Ws
X-Thinkindot-L3
X-Transaction
X-Twitter-Response-Tags
X-Returned-From-BeforeDispatch
X-Request-UUID
Server-ID
X-Response-By
X-Returned-From
X-UE-Client-Country
Thinkindot-CacheControl-Type
Memcached
X-We-Are-Hiring
X-Via-NSCOPI
X-NU-AKA-ACS-Version
X-Node-Id
X-Org
Request-Time
Thinkindot-Control
V-Age
Viewtype
VivaBuild
Www
X-LI-UUID
X-S-Cookie
X-Logtrace-Id
X-Matched-Rule
X-Server-Time
Rendered-Blocks
X-PHP-Host
Resin-Trace
Rt-Proxy-Cache
X-PAYTM-SRV-ID
X-Rojux
SD-X-WS
Xc-Version
Server-Host
X-WebServer
X-Store
RNT-Time
X-SRCache-Key
X-Passed-To-BeforeDispatch
RNT-Machine
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To
X-Dc
X-Amz-Meta-Cache-Control
Web-Mar-Node
X-Hash
X-Origin-Date
X-Origin-Expires
X-P-T
X-ServiceProvider
X-No-Session
X-MI-In-Market
X-Nginx-Cache-Key
X-Sf
X-Stale
X-UnsetCookies
X-SVT-ORM-VERSION
X-Request-Start
X-SVT-ORM-RULES
X-Phone
X-Rocket-Nginx-Bypass
X-Server-IP
X-Location
X-F5-Cache
X-Fstrz
X-Gen-Mode
X-Distributor
X-Clientip
X-Block-Status
X-Cache-CFC
X-GeoIP-Country-Code
X-Hnp-Log
PFcat
X-Server-Group
X-Info
X-IN-WAF
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Backend-State
True-Client-Country-4JS
GW-Server
MI-API
MI-Cache
MI-Cache-Age
Content-Disposition
On-Server
AKAMAI
Backend
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Heartbleed
Cache-Cookie-Set-From
Magicmarker
Countrycode
Origin
Decoy-Debug-TTL
Decoy-Debug-Status
Esi-Enabled
Fastly-SSL
GMS-Ver
Release
Decoy-Debug-Key
Proxy-Connection
Pramga
Server-Int
X-Be
Pagetype
X-ElasticPress-Search
X-Core-Mission
X-Distil-CS
X-Epic-Correlation-Id
Country-Code
X-Core-Value
X-Key
X-Secret
X-Request-URI
X-Time
X-SIPLIST1
X-V
X-Up
X-Proxy-Upstream
X-Proxy-Cache-Status
Backend-Name
X-Gannett-Site-Version
X-MSEdge-Features
X-MSEdge-Flight
X-Policy
X-Fastly-Cache
X-Page-Type
Kp-EeAlive
X-Backend-Host
X-Backend-Url
IsBot
Who
REQUESTUUID
X-NODE
X-Refresh
X-Origin-TTL
X-Svr
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Irp-Debug
X-Sn-Servicetimems
Apple-News-Services-Handled
X-CGP
HA-Urlpath
X-Micro-Cache
Apple-News-Services-Host
Pragrma
CDCHOST
X-Developers
HA-Geolat
HA-Geolon
Fastly-Soc-X-Request-Id
HA-Geocountry
X-Cdn-Origin
HA-Geocity
Ha-Gx-Prefs
HA-Georegion
HA-Host
HA-Servedtime
X-Eu-Site
HA-Ipaddr
HA-Cloudapp
X-DC
X-Ua
X-Instance-Name
X-Urbn-Context-Path
X-CACHE-AGE
UCS
X-Urbn-Site-Id
X-Servername
RequestId
X-Debug-Log
Uber-Trace-Id
Request-EU
X-Planisys-CDN-TTL
Request-Country
X-NX-Host
X-Planisys-CDN-Cache
Locale
X-Planisys-CDN-Rules
X-Generated-On
X-Platform
X-Debug-Cookies
X-Level-Front-Cache
PageSpeed
X-Debug-Cache-Expiry
X-Instart-Info
X-NC
X-Debug-Cache-Fetch
X-Debug-Cache-Store
ServerName
X-NWS-UUID-VERIFY
V-Cache
Group
X-Cache-Info
X-Cdn-Srv
Ohc-Response-Time
X-Pjax-Url
X-VarnPar1
X-VCT
Host-ID
X-PARISIEN-Cache-Rendered
X-VarnCache
Lfy
X-Req
X-GeoIP-City
X-Server-Cache
X-Newrelic-Synthetics
HitInfo
MIME-Version
X-ARC
Memory
X-Datadome
X-Ratelimit-Remaining
Cteonnt-Length
Mime-Version
PICS-Label
X-BBXSRF
Cache-Provider
Cdn
X-Powered-By-ANYU
X-Gdpr
X-CMS-Context
X-EIG-Tracking-Id
X-TWH-CORRELATION-ID
X-Servedbyhost
X-WR-MODIFICATION
X-Aicache-OS
Nel
X-LAGOON
X-StackifyID
CF-IPCountry
NGX
X-Wa
CDN
X-Load-Cache
X-HTML-Minification-Powered-By
XServer
X-Cluster-Node
X-B3-Traceid
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-Country-Code
Cf-Ipcountry
FSS-Proxy
X-NodeID
Geoip-Latitude
FSS-Cache
X-Sentry-ID
X-Fastly-Backend-Reqs
X-WA
X-CSRF-TOKEN
GeoIp-Country-Code
X-FireWall-Port
X-Varnish-Cache-Hits
X-Check-Cacheable
X-Hello
X-Generation-Time
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Flog
X-VServer
X-ABtesting
X-UPSTREAM-Address
X-Unique-Id
X-Cache-Miss-From
SN
X-Varnish-Beresp-TTL
X-FORWARDED-FOR
Processtime
X-Sedo-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Csrf-Token
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-GZip
X-Source
X-HOST
X-ServedByHost
X-Oss-Request-Id
X-Oss-Storage-Class
X-APP
X-SRV
X-Oss-Server-Time
X-Cache-Grace
X-CSRF-Token
CACHE
WP-Super-Cache
X-DataStream-Origin-MEX-Latency
X-CDN-Pop
X-DataStream-MidMile-RTT
TSSecure
X-CDN-Pop-IP
X-Dynatrace
X-Nananana
X-MServer
Cdn-Request-Time
X-IPS-LoggedIn
Server-Surrogate-Control
Cdn-Host
X-Varnish-Authentication
Server-Cache-Control
X-VG-WebCache
X-Edge-Server
X-Cache-ASPX
DataCenter
X-RCS-Backend
X-Worker
X-HS-Status
URI
X-Skip-Cache
X-VC-Cache
X-Varnish-Url
X-GDPR
Pics-Label
A
X-ID
PageType
X-ND-Cache
X-Sucuri-Cache
X-PJAX-URL
Get-Access-Time
X-Fastly-Cache-Hits
X-B3-SpanId
X-AWS-Id
X-LJ-Flow-ID
X-From-Cache
X-VWS-Id
X-SplitTest
X-Port
X-GoCache-CacheStatus
Is-Session-Tracking
HTTPS
X-Instart-Isnd
X-BE
X-Swift-Error
X-Pf-Uncompressing
Proxy-Firewall
Dynatrace
X-Backend-TTL
Odigeo-Trace-Id
Hostname
Cache-Hits
X-GZIP
X-Bug-Bounty
X-Server-W
Powered
X-Gen-Id
X-Owner
X-SN
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
FastCGI-Cache
X-ORIG-AKA-EDGE
X-Cache-Ttl
Requestid
X-VarnPar2
X-NGINX-Cache
X-Ms-Lease-Status
Serverid
X-Ms-Blob-Type
X-Amz-Meta-S3b-Last-Modified
X-Pc-Subdomain
X-Akamai-SSL-Client-Sid
X-Ms-Version
X-Ms-Request-Id
X-Varnish-URL
X-SB
X-LiteSpeed-Cache-Control
X-RAMCache
X-ServerName
X-PAGE-TYPE
RequestUuid
X-Alicdn-Da-Ups-Status
X-Serial
T-Server
X-Fe
X-GEO
WebServer
X-ORIG-AKA-COUNTRY-CODE
X-Dw-Trace-Id
X-VC
X-HostName
ProcessTime
NodeID
Xet-Cookie
X-RequestId
Correlation-Id
X-PF-Uncompressing
X-Requestid
X-Akamai-ERRuleID
X-Developed-By
X-Akamai-ERPolicy
NnCoection
SID
X-CS
X-LiteSpeed-Tag
X-Ms-Lease-State
X-HTML-Edge-Cache
Location