Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Amz-Cf-Pop
X-Download-Options
P3p
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
X-Request-ID
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Via
X-Pingback
X-Nginx-Cache-Status
Grace
EagleId
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-UA-Device
X-Robots-Tag
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
X-Cnection
X-OneAgent-JS-Injection
X-Node
Content-Location
X-Readtime
Surrogate-Control
X-CST
EagleEye-TraceId
Report-To
X-Host
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Rack-Cache
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
Allow
X-Url
X-Clacks-Overhead
NEL
Rating
X-DynaTrace
X-Country
Edge-Control
X-Origin-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-Cdn
X-B3-TraceId
X-Px
X-Server-ID
X-DataDome
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-Vhost
X-ESI
X-Trace
X-VARITI-CCR
Accept-CH
X-Goog-Hash
Charset
X-Server-Name
X-Cached
RTSS
Pinterest-Generated-By
X-MS-InvokeApp
X-Mod-Pagespeed
Verso
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-D2id
Public-Key-Pins
X-TTL
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Version
X-F-Cache
SPRequestGuid
X-PC
X-TtlSet
X-Vname
X-Dispatcher
X-DynaTrace-JS-Agent
X-DIS-Request-ID
X-Powered-By-Plesk
Accept-CH-Lifetime
X-T
X-Abt-Application-Version
X-Powered-CMS
X-SharePointHealthScore
X-Fastly-Request-ID
X-Origin-Upstream-Status
X-Ser
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B
Realpath
X-Client-IP
X-Amz-Rid
X-Shield-Request-Id
MS-Author-Via
X-Recruiting
X-Forwarded-Proto
X-HW
X-Upstream
SPRequestDuration
X-Vcap-Request-Id
SPIisLatency
DynaTrace
X-TEC-API-ORIGIN
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-XRDS-Location
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Varnish-Age
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Ttl
Content-MD5
X-Debug
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Via-JSL
X-Dw-Request-Base-Id
X-Hits
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Aspnet-Version
X-Id
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-NewRelic-App-Data
X-NF-Request-ID
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-N
X-Country-Code-Real
X-FTR-DC
Service-Worker-Allowed
X-FTR-Expires
Access-Control-Request-Method
S
X-ATG-Version
Edge-Cache-Tag
Alternate-Protocol
X-FastCGI-Cache
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
TCN
X-Kinsta-Cache
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
Surrogate-Key
X-Forwarded-For
X-RateLimit-Remaining
Rt-Fastcgi-Cache
X-FTR-Cache-Host
X-Cache-Key
X-Content-Digest
Tracecode
X-Litespeed-Cache
X-TA-CDN-Provider
X-CF-Powered-By
Fastcgi-Cache
X-Pad
Server-Name
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Ar-Sid
X-Analytics
X-User-Agent
Fastly-Restarts
Backend-Timing
MicrosoftSharePointTeamServices
TP-Cache
TP-L2-Cache
X-Cache-2
Host
X-Edge-Location
FilterID
X-Magnolia-Registration
X-Rid
X-Debug-Info
X-Grace
ServerID
X-B3-Sampled
X-Whom
X-Page-Id
X-Mobile
X-Revision
X-Content-Options
X-IPLB-Instance
Eomportal-Instance
Front-End-Https
Paypal-Debug-Id
X-Hostname
X-Srv
X-Akam-SW-Version
AR-Request-ID
X-NWS-LOG-UUID
Refresh
X-LB-Cache
X-VCache
X-Content-Powered-By
X-AppVersion
X-Activity-Id
X-Az
Retry-After
X-Signature
X-Request-Processing-Time
X-Request-Received
X-B-Cache
X-GUploader-UploadID
X-Cluster
X-SS-Set-Cookie
X-Framework
X-Cache-Action
Source
X-App-Environment
X-Varnish-Hostname
X-Handled-By
Cleartype
X-Tumblr-User
X-Tumblr-Pixel-0
X-Platform-Server
X-Request-Guid
X-Tumblr-Pixel
X-Cache-Control
X-BCube-Filmed-By
X-Instance
X-FB-Debug
X-WA-Info
X-Akamai-Edgescape
X-Device-Type
X-Content-Security-Policy-Report-Only
X-Content-Type
X-AOL-HN
Webserver
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Ruxit-Js-Agent
X-Cache-Hit
X-Zen-Fury
X-Varnish-Grace
Accept-Charset
Display
X-Sol
X-Middleton-Display
X-Cache-Rule
X-Varnish-Backend
Healthy
X-Seen-By
X-Wix-Request-Id
ViewerVersion
X-TT
X-Correlation-Id
X-URL
X-Origin-Server
X-Fastcgi-Cache
X-Drupal-Cache-Tags
X-Middleton-Response
Response
X-Cache-Server
X-Cache-Age
Cache-Status
Upgrade-Insecure-Requests
X-DataStream-Cache-Status
MS-CV
X-Daa-Tunnel
X-Varnish-Server
X-CACHE-GROUP
X-Cached-By
X-Drupal-Cache-Contexts
X-Storage
X-Generated-By
X-PHP-Backend
X-Amzn-RequestId
X-Amz-Apigw-Id
Payment
X-Amz-Replication-Status
X-Esi
X-Geo-Country
X-App-Server
X-Response-Served-From
Filters
NGB
Server-Node
X-UA-Device-Type
X-Adobe-Loc
X-Amz-Server-Side-Encryption
Access-Control-Allow-Method
GEO-INFO
X-S
X-Cacheable-TTL
X-Adobe-Content
X-FW-Type
Actual-Object-TTL
X-Varnish-IP
X-FW-Static
X-Jobs
X-Servedby
X-WPE-Loopback-Upstream-Addr
X-RequestSource
X-Locale
X-UUID
X-TT-TIMESTAMP
X-FW-Hash
X-Contextid
X-FW-Server
ServedBy
X-Edge-Cache
Viewport
X-FW-Serve
X-Cache-NE
X-Edge-Cache-Key
X-Tumblr-Pixel-2
X-TX-ID
X-Varnish-Hits
X-Tumblr-Pixel-1
X-Cache-Remote
Cache-Tv-Group
X-Accel-Expires
X-HS-Cache-Config
AsisCache
Server-Info
X-WebKit-CSP-Report-Only
S-Cnection
X-Cache-TTL-Remaining
X-Status
From-Origin
X-Dns-Prefetch-Control
X-Rendered-As
Host-Header
X-GeoIP
X-Cache-Operation
X-Region
X-APP-VERSION
X-Croise-Owner
X-XRDS-LOCATION
X-App-Version
Cache
SRV
X-Webkit-CSP
X-Redis-Cache
HostName
Served-By
X-BACKEND-TTL
X-Node-Name
Content-Style-Type
Content-Script-Type
DC
X-Hyper-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Liferay-Portal
X-CACHE-KEY
Public-Key-Pins-Report-Only
X-Upgrade-Enabled
X-RTag
Ms-Operation-Id
X-Cache-Config
Cache-Tag
X-Mode
X-Is-Bot
X-Cache-Var-Map
Machine
X-RN-RSRV
X-Cache-Var
Meta-Geo
X-Parent-Response-Time
X-NGENIX-Cache
X-Cache-Category-Id
X-Timing-Wait
X-Vg-Webcache
X-Grey
X-Generated
X-Webstats-RespID
X-Site-Version
X-Hosted-By
X-Detected-As
X-Path-Route
Selected-FE
X-Proxy-Build
X-Protected-By
Cache-Name
X-Edge-IP
X-Labrador-Cache-Channel
Origin-Edge-Control
X-Human
Origin-Cache-Control
X-Request-Time
X-Web-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-NCache
X-Internal-Host
X-Origin-Response-Time
X-Original-Request
X-Environment-Context
X-Via-Fastly
X-L-Path
X-Akamai-Request-ID
X-Loop
X-Agile-Id
X-Agile-Age
X-BYPASS-REASON
X-CDN-Cache
X-Upstream-HT
X-Upstream-CT
X-TNCMS
X-JoinUs
X-Agile
Now
X-Akamai-Transformed
X-Format
X-Birta-Served
X-IP
X-Origin-CC
X-Pc-Hit
X-Pc-Appver
X-Origin-Host
X-Birta-Cache-Post
Azure-InstanceId
Cache-Key
DB-Nickname
User-Cache-Control
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Pc-Key
X-Origin
X-Tumblr-Pixel-3
X-Viewer-Country
X-ProcessESI
X-Time-Microsecs
X-ServerID
X-Proxy
X-RemovedCookies
TWC-GeoIP-Country
S-Rt
Webcakes-App-Version
Webcakes-Region
X-PCL
Webcakes-App-Name
TWC-Connection-Speed
X-Access
TWC-Locale-Group
TWC-Privacy
X-Rule
TWC-Device-Class
TWC-GeoIP-LatLong
X-Www-Served-By
X-Section
Property-Id
X-Origin-Hint
X-Guploader-Uploadid
X-Pubstack
X-Ocache
X-Tb
X-FC-Vary-Parameters
X-OCL
Load-Balancing
X-VG-TLSProxy
X-CCM
X-Backend-Name
X-Xfnlog-Site
Fastcgi-Useragent
Cache-Tags
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-B3-Spanid
X-Zipkin-Id
X-App-Name
Powered-By-ChinaCache
X-Forwarded-Host
X-Proxied
X-Routing-Service
Vix-Hermes-Req-Id
X-Vgn-Hpd-Reason
Xserver
HitType
X-TIME
X-FB-TRIP-ID
Country
Pagespeed
X-GRACE
X-PERF
Mn-Server-Ip
X-ApacheServer
X-Cache-TTL
X-Endurance-Cache-Level
X-Via-CDN
X-Cache-Backend
X-Content-Age
X-Mrs-Cache-Hits
X-Correlation-ID
Datacenter
X-Mrs-Cache
X-Mshield-Cache-Status
X-Unique-Id-Primal
X-Mrs-Age
X-Cdn-Forward
X-Nginx-Cache
X-UA
Time
OT-Force-Account-Verify
X-Real-IP
X-RateLimit-Limit
Fusion-Content-Source
X-Ezoic-Cdn
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Shopify-Stage
Ohc-File-Size
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Yottaa-Metrics
X-Alternate-Cache-Key
X-Yottaa-Optimizations
X-Varnish-Cacheable
X-Debug-Cache
X-OVcl
X-Sucuri-ID
X-OVcl-Cache
NtCoent-Length
X-Pc-Host
X-Pc-Date
LB
X-Varnish-Beresp-Ttl
L5d-Success-Class
X-Hl-Ver
X-Ua
X-Ratelimit-Limit
X-Varnish-Beresp-Grace
We-Hiring
Mail-Subject
X-MP-GENERATED-AT
X-Unique-ID
X-Varnish-Beresp-Status
X-CDN-Forward
Section-Io-Cache
X-Real-Ip
AR-SID
X-HS-Combine-CSS
X-Amz-Meta-Surrogate-Control
X-Trace-Id
User-Agent
X-Hit
X-Proto
X-Cache-Enabled
X-Nc
X-Akamai-Request-ID2
X-Front
Pagetype
X-Newrelic-App-Data
X-Dynatrace-Js-Agent
Access-Control-Request-Headers
Version
X-C
X-Time
X-Microcachable
X-Rocket-Nginx-Bypass
X-CLOUD-TRACE-CONTEXT
Warning
X-EdgeConnect-Cache-Status
Accept-Language
Is-Eu
X-D
X-Device-Os
X-Destination
X-Developer
IBM-Web2-Location
X-Date
X-FW-Version
Fastly-Backend-Name
Ec-Rule-Version
Fastly-SIE
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-SWR
X-Layer
X-Level-Front-Cache
Cache-Prefix
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Fly-Cache
Fly-Request-Id
X-Fetched-On
X-External-Request-Id
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-From
MD5-Digest
Frame-Options
X-Generated-On
X-Generated-In
X-G
X-Died
X-Cache-URL
Rt-Proxy-Cache
RNT-Time
X-BB-ID
VivaBuild
Server-Host
RNT-Machine
Resin-Trace
Request-Time
X-Bip
X-A-Wwc
X-LI-UUID
Server-ID
X-B-Cookie
X-Application
X-Aed
X-Actual-URL
X-Accel-Expires-Debug
Thinkindot-Control
V-Age
X-Auto-Login
Viewtype
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Cache-Bucket
Rendered-Blocks
X-CF-Lambda-Version
Node
X-A
X-CF-Lambda-Fn
Mobile-Detection-Method
X-Connection-Hash
X-CUA
Meta-Geo-Continent
X-A-Ccd
X-Crawler
PFcat
X-Cache-Id
X-Cache-FS-Status
X-Cache-Expires
X-Cache-Debug
Release
X-A-Dgt
X-Cache-Host
Platform
Www
Powered-By
X-A-Dcw
Memcached
X-Reboot
X-A-Dam
X-S-Cookie
X-Rojux
X-S-Maxage
X-ScT
X-Server-IP
X-Server-By
X-Served-From
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Region-Sid
X-Server-Cache
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
Xc-Version
X-WebServer
X-Thinkindot-L3
X-Thanos
X-Swa-Ws
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-UE-Client-Country
X-TT-LOGID
X-Svr
X-Store
X-VG-WebServer
X-We-Are-Hiring
X-Server-Time
X-Varnish-Action
X-Variation
X-User
X-Var-Ttl
X-SRCache-Key
X-Qloud-Router
X-Request-UUID
X-P-T
X-NU-AKA-ACS-Version
X-Passed-To-PostProcessResponse
X-Passed-To
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-PAYTM-SRV-ID
Adler-Geo
BehaviorPad-Version
X-PHP-Host
X-Logtrace-Id
X-Matched-Rule
Ajk
Arc-Country
X-MSEdge-Flight
X-Nginx-Cache-Key
X-Backend-Host
X-No-Session
X-ServiceProvider
X-Hnp-Log
X-Hash
X-Sf
X-Backend-Url
X-IN-SSL-APIGATEWAY
X-Info
X-Instart-Info
X-UnsetCookies
X-MI-In-Market
X-IN-WAF
X-SVT-ORM-VERSION
X-Stale
X-IN-APIGATEWAY
X-Node-Id
X-SVT-ORM-RULES
X-MSEdge-Features
X-GeoIP-Country-Code
X-Response-By
X-Location
X-Epic-Correlation-Id
X-Clientip
X-F5-Cache
X-Request-Start
X-Release
X-Proxy-Cache-Status
X-Phone
X-Distil-CS
X-Distributor
X-Fstrz
X-ARC
X-Server-Group
X-Cache-CFC
X-Proxy-Upstream
Magicmarker
X-Amz-Meta-Cache-Control
X-Origin-Date
X-Gannett-Site-Version
X-Gen-Mode
X-Secret
X-Origin-Expires
X-Block-Status
True-Client-Country-4JS
Pramga
Decoy-Debug-TTL
Esi-Enabled
Decoy-Debug-Status
Proxy-Connection
Countrycode
Decoy-Debug-Key
GMS-Ver
Origin
MI-API
MI-Cache-Age
Lfy
Kp-EeAlive
GW-Server
Heartbleed
Country-Code
Content-Disposition
Ohc-Response-Time
AKAMAI
X-ElasticPress-Search
X-Via-NSCOPI
Who
Web-Mar-Node
Backend
Backend-Name
Server-Int
SD-X-WS
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
SS
Cache-Cookie-Set-From
MI-Cache
X-Be
X-NODE
REQUESTUUID
X-Key
CDCHOST
X-Backend-State
X-Micro-Cache
ServerName
Fastly-Soc-X-Request-Id
Fastly-SSL
HA-Geocountry
HA-Geolat
HA-Geocity
HA-Cloudapp
X-Cache-Info
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Irp-Debug
X-Request-URI
X-SIPLIST1
X-Policy
X-Platform
X-Up
Apple-News-Services-Host
X-Origin-TTL
X-Page-Type
X-V
X-Fastly-Cache
Apple-News-Services-Handled
IsBot
On-Server
X-Debug-Cache-Store
X-Developers
X-Cdn-Srv
HA-Ipaddr
HA-Servedtime
HA-Urlpath
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
HA-Geolon
X-Core-Value
X-Core-Mission
HA-Georegion
X-Eu-Site
Ha-Gx-Prefs
X-CGP
HA-Host
PageSpeed
X-Dc
X-NX-Host
X-Debug-Cookies
X-Geo
X-Debug-Log
X-Sn-Servicetimems
X-Servername
X-Cdn-Origin
WZWS-RAY
X-CMS-Context
X-DC
X-COUNTRY
X-Refresh
RequestId
X-NC
X-Org
X-Pjax-Url
X-CACHE-AGE
MIME-Version
X-Via-Edge
X-Via-SSL
Cteonnt-Length
X-LAGOON
X-Newrelic-Synthetics
X-Datadome
X-Servedbyhost
X-PARISIEN-Cache-Rendered
X-VarnCache
Pragrma
X-VarnPar1
X-Planisys-CDN-Cache
X-Req
Locale
X-Instance-Name
Uber-Trace-Id
Memory
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Request-EU
UCS
Request-Country
NGX
Cdn
X-Urbn-Context-Path
X-Urbn-Site-Id
Mime-Version
X-NWS-UUID-VERIFY
Host-ID
Group
V-Cache
Cache-Provider
X-VCT
X-GeoIP-City
X-Wa
PICS-Label
X-CSRF-TOKEN
X-RateLimit-Remaining-Second
Nel
X-FireWall-Port
X-Generation-Time
X-Webkit-Csp
X-RateLimit-Limit-Second
X-Gdpr
CF-IPCountry
X-Varnish-Cache-Hits
X-HTML-Minification-Powered-By
X-WR-MODIFICATION
GeoIP-Country-Code
CDN
XServer
GeoIP-Latitude
X-BBXSRF
X-B3-Traceid
X-Ratelimit-Remaining
X-Cache-Grace
X-Cache-ASPX
X-Fastly-Country-Code
X-Varnish-Authentication
X-UPSTREAM-Address
X-DataStream-MidMile-RTT
X-Aicache-OS
X-Sedo-Request-Id
X-DataStream-Origin-MEX-Latency
Server-Surrogate-Control
X-Powered-By-ANYU
Server-Cache-Control
HitInfo
X-Cache-Miss-From
X-Load-Cache
X-IPS-LoggedIn
X-StackifyID
Cf-Ipcountry
CACHE
GeoIp-Country-Code
X-VG-WebCache
Geoip-Latitude
X-Varnish-Url
X-Check-Cacheable
X-Source
X-ND-Cache
X-Instart-Isnd
X-EIG-Tracking-Id
X-Sucuri-Cache
X-RCS-Backend
URI
X-From-Cache
X-FORWARDED-FOR
X-Varnish-Beresp-TTL
X-HOST
X-Fastly-Backend-Reqs
X-TWH-CORRELATION-ID
X-CDN-Pop
X-APP
X-Fastly-Cache-Hits
X-WA
Proxy-Firewall
Is-Session-Tracking
Get-Access-Time
Pics-Label
X-CDN-Pop-IP
X-GEO
X-Unique-Id
FSS-Proxy
FSS-Cache
X-GoCache-CacheStatus
Powered
X-Dynatrace
X-R9-Blue-Green-Version
X-FW-Dynamic
X-SRV
X-NodeID
X-Skip-Cache
X-Nananana
X-Server-W
X-VC-Cache
X-Sentry-ID
Processtime
X-ID
DataCenter
X-Flog
X-ABtesting
X-ServedByHost
X-GDPR
X-Csrf-Token
X-Hello
SN
X-VServer
X-Pc-Subdomain
X-Cluster-Node
WP-Super-Cache
Amp-Access-Control-Allow-Source-Origin
Hostname
X-HS-Status
X-Oss-Storage-Class
X-RequestId
X-Fe
X-B3-SpanId
X-CSRF-Token
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-PF-Uncompressing
X-BE
X-TrackingId
Dynatrace
X-PJAX-URL
X-Pf-Uncompressing
X-GZip
X-NGINX-Cache
X-Bug-Bounty
TSSecure
Cache-Hits
X-Backend-TTL
X-Amzn-Remapped-Date
X-Worker
X-GZIP
X-Gen-Id
X-Amzn-Remapped-Connection
X-MServer
X-Edge-Server
Requestid
X-LiteSpeed-Cache-Control
X-Swift-Error
X-Cache-Ttl
X-ORIG-AKA-EDGE
Cdn-Request-Time
ProcessTime
Cdn-Host
Serverid
X-LiteSpeed-Tag
X-Alicdn-Da-Ups-Status
DSUID
A
RequestUuid
X-ORIG-AKA-COUNTRY-CODE
T-Server
X-Varnish-URL
X-SB
X-ServerName
X-RAMCache
X-VC
X-PAGE-TYPE
X-Tb-Optimization-Total-Bytes-Saved
X-HostName
189phosttRef
219prxHost
352pxline
X-Owner
X-Requestid
X-SN
Xxline
SID
409pxxline
286prxHost
188prxHost
355prline
225prxHost
NnCoection
X-Dw-Trace-Id
X-CS
X-Developed-By
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Port
Location
Correlation-Id
Cneonction
Xet-Cookie
X-Serial
X-VarnPar2
178proxuri