Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
X-Request-Id
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Server
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
X-Kinja-Server-Push
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-Device
X-Ac
Content-Location
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Response-Time
Surrogate-Control
X-Host
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Backend-Server
X-Server-Id
X-Readtime
Server-Timing
X-Rack-Cache
X-Node
Report-To
EagleEye-TraceId
X-Application-Context
Request-Id
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-CST
X-Instart-Request-ID
X-Iejgwucgyu
X-Ua-Compatible
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
X-Country
Rating
X-Url
X-Server-Name
X-Px
Pinterest-Generated-By
Allow
X-Country-Code
X-TTL
X-DataDome
X-Varnish-TTL
X-MS-InvokeApp
X-DynaTrace
X-Origin-Cache
X-Vhost
X-Vname
X-PC
X-TtlSet
X-Cached
X-FTR-Request-ID
X-ESI
RTSS
X-Ruxit-JS-Agent
X-Goog-Hash
Charset
X-VARITI-CCR
X-Powered-CMS
SPRequestGuid
X-Trace
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
Accept-CH
X-GitHub-Request-Id
X-Dispatcher
Public-Key-Pins
X-SharePointHealthScore
X-D2id
X-Mod-Pagespeed
X-T
X-Server-ID
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-F-Cache
X-Oracle-Dms-Rid
Content-MD5
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
Verso
MS-Author-Via
X-Version
X-B3-TraceId
X-Recruiting
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Abt-Application-Version
Nginx-Cache
X-Dns-Prefetch-Control
X-TEC-API-ROOT
X-Client-IP
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-DIS-Request-ID
X-Navigation-Version
X-N
AR-PoweredBy
AR-ATIME
AR-CACHE
Pinterest-Version
X-Upstream-Env
X-Amz-Rid
X-Pinterest-Rid
X-B
X-Dw-Request-Base-Id
X-ORACLE-DMS-RID
X-Upstream
X-Origin-Upstream-Status
X-Fastly-Request-ID
DynaTrace
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-XRDS-Location
X-Amz-Meta-S3cmd-Attrs
Fastly-Restarts
X-Ser
X-Hits
Paypal-Debug-Id
TCN
Realpath
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Content-Options
Arr-Disable-Session-Affinity
X-Pad
Service-Worker-Allowed
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
X-Content-Digest
Access-Control-Request-Method
X-Id
S
X-Varnish-Age
Front-End-Https
X-Debug
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-MSEdge-Ref
X-Amz-Cf-Pop
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Frontend
X-IPLB-Instance
X-ATG-Version
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-PressLabs-Stats
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-Kinsta-Cache
X-RateLimit-Remaining
Display
X-Middleton-Display
X-Sol
X-Logged-In
X-Cache-Hit
Edge-Cache-Tag
X-HS-Hub-Id
X-HS-Content-Id
Surrogate-Key
X-FastCGI-Cache
X-Forwarded-For
Fastcgi-Cache
Rt-Fastcgi-Cache
X-Use-Magma
Powered-By-ChinaCache
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
X-Zen-Fury
X-Edge-Location
X-Grace
Server-Name
Backend-Timing
X-Analytics
X-Amzn-Trace-Id
X-Rid
X-Debug-Info
X-Middleton-Response
Response
Host
X-User-Agent
X-Revision
FilterID
X-FTR-Cache-Host
TP-L2-Cache
TP-Cache
X-Akam-SW-Version
X-Litespeed-Cache
X-CF-Powered-By
X-Webkit-Csp
X-NewRelic-App-Data
X-Mobile
X-B3-TraceId-Primal
X-Cache-Key
X-SS-Set-Cookie
Ar-Sid
AMP-Access-Control-Allow-Source-Origin
X-HS-Cache-Config
X-Drupal-Cache-Tags
X-TA-CDN-Provider
X-Magnolia-Registration
X-Accel-Expires
Cache-Status
X-Cached-By
Refresh
Host-Header
AR-Request-ID
X-SERVER
X-Ttl
X-Newrelic-App-Data
X-Fastcgi-Cache
X-B3-Sampled
ServerID
X-Varnish-Backend
X-GUploader-UploadID
X-Node-Name
X-AOL-HN
X-Content-Security-Policy-Report-Only
X-FB-Debug
X-Tumblr-User
X-Cluster
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
X-Platform-Server
X-B-Cache
X-Akamai-Edgescape
X-Signature
X-Cache-2
X-Webkit-CSP
Cache-Tag
X-Framework
X-LB-Cache
X-Device-Type
X-Cache-Control
Eomportal-Instance
X-Whom
X-App-Environment
X-Page-Id
X-BCube-Filmed-By
X-Varnish-Hostname
Cleartype
X-Cache-Rule
X-Generated-By
X-Handled-By
X-Srv
X-Request-Guid
DC
Liferay-Portal
X-NWS-LOG-UUID
X-AppVersion
X-Ruxit-Js-Agent
X-Activity-Id
X-Az
X-Drupal-Cache-Contexts
X-WPE-Loopback-Upstream-Addr
X-Cache-Action
X-Geo-Segment
Public-Key-Pins-Report-Only
X-App-Server
X-VCache
X-Cache-Server
X-Via-JSL
X-Content-Powered-By
Source
X-Correlation-Id
Retry-After
MS-CV
Accept-Charset
X-TT
Alternate-Protocol
X-Wix-Request-Id
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Hostname
X-App-Version
X-Seen-By
HostName
ViewerVersion
X-Varnish-Grace
X-Geo-Country
X-Varnish-Server
X-WA-Info
AR-SID
Server-Node
Webserver
X-Esi
Upgrade-Insecure-Requests
AsisCache
X-WebKit-CSP-Report-Only
X-Cache-NE
X-Tumblr-Pixel-2
X-Response-Served-From
X-Tumblr-Pixel-1
X-Locale
X-Amz-Apigw-Id
X-Amzn-RequestId
X-GeoIP
SRV
Actual-Object-TTL
X-URL
GEO-INFO
X-RequestSource
X-Daa-Tunnel
X-Jobs
X-Varnish-Hits
ServedBy
Payment
X-S
X-FW-Type
X-Servedby
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-FW-Static
X-FW-Server
X-Edge-Cache
X-Contextid
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
Viewport
X-UUID
X-Status
Pagespeed
X-TX-ID
X-Varnish-IP
X-Adobe-Content
Cache
X-Adobe-Loc
X-Cache-TTL-Remaining
X-TT-TIMESTAMP
X-Cacheable-TTL
X-Origin-Server
X-Vg-Webcache
X-Correlation-ID
X-Forwarded-Host
S-Cnection
X-Cache-Operation
X-Cache-Age
X-Hyper-Cache
X-Amz-Server-Side-Encryption
Datacenter
Server-Info
X-RateLimit-Limit
Served-By
X-Sucuri-ID
X-Region
CACHE
X-Mode
X-TIME
X-XRDS-LOCATION
Country
X-Akamai-Request-ID2
X-Real-IP
Access-Control-Allow-Method
From-Origin
X-CLOUD-TRACE-CONTEXT
Healthy
X-Microcachable
X-Ocache
X-Is-Bot
X-Content-Type
X-Cache-Config
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Meta-Geo
Machine
X-Cache-Var
X-Cache-Var-Map
X-Zipkin-Id
X-Path-Route
X-Generated
X-Environment-Context
X-Detected-As
X-L-Path
X-JoinUs
X-Proxied
X-RN-RSRV
X-Rendered-As
X-Proxy
X-Ezoic-Cdn
X-Site-Version
X-Rule
X-DataStream-Cache-Status
X-Routing-Service
X-Upgrade-Enabled
X-Section
X-Cache-Category-Id
X-Grey
X-EIG-Tracking-Id
X-Akamai-Transformed
Xserver
X-CDN-Cache
X-Birta-Served
X-Request-Time
X-Viewer-Country
L5d-Success-Class
X-Amz-Meta-Surrogate-Control
X-Access
X-Agile
X-Agile-Id
X-Birta-Cache-Post
X-Format
X-Agile-Age
X-Hosted-By
DB-Nickname
X-NGENIX-Cache
Fastcgi-Useragent
Now
X-Pc-Hit
X-Via-Fastly
X-FC-Vary-Parameters
X-Tb
Cache-Name
X-TNCMS
OT-Force-Account-Verify
TWC-Connection-Speed
Property-Id
X-CCM
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
S-Rt
HitInfo
X-Origin-Hint
X-Loop
Webcakes-App-Version
X-OCL
Webcakes-Region
HitType
X-PCL
X-Labrador-Cache-Channel
X-ServerID
TWC-Privacy
X-Pc-Appver
X-Hit
X-Human
X-Pc-Key
X-ProxyCache-Status
X-ProxyCache-Key
X-ProcessESI
X-AWS-Id
X-Original-Request
X-Upstream-CT
X-Upstream-HT
X-OVcl-Cache
X-OVcl
X-Origin
Azure-RegionName
X-Cluster-Node
X-VG-TLSProxy
X-LJ-Flow-ID
X-IP
X-Xfnlog-Site
X-VWS-Id
Accept-Language
X-SplitTest
X-RemovedCookies
Azure-SiteName
Azure-SlotName
Azure-Version
X-Via-CDN
X-Web-Node
X-Pubstack
X-BYPASS-REASON
Azure-InstanceId
Selected-FE
X-ShopId
X-Shopify-Stage
X-Www-Served-By
X-ShardId
X-Proxy-Build
Mn-Server-Ip
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
LB
X-Timing-Wait
X-Rocket-Nginx-Bypass
Cache-Hits
PageSpeed
Content-Style-Type
X-Cdn
X-Source
Content-Script-Type
X-Guploader-Uploadid
X-Cache-Enabled
Origin-Edge-Control
Origin-Cache-Control
X-App-Name
X-RTag
X-Transaction
X-TWH-CORRELATION-ID
X-Connection-Hash
X-UA
X-Twitter-Response-Tags
IBM-Web2-Location
Access-Control-Request-Headers
Ms-Operation-Id
X-GRACE
X-NodeID
X-Real-Ip
X-Ms-Request-Id
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Version
NGB
X-Port
X-Origin-CC
X-Unique-ID
X-NODE
X-Geo
Time
X-HOST
NtCoent-Length
X-Cache-Remote
X-Nginx-Cache
Filters
X-MP-GENERATED-AT
X-NCache
X-Distil-CS
X-Pc-Host
X-Pc-Date
X-Internal-Host
X-Cdn-Forward
X-Tumblr-Pixel-3
X-Edge-IP
Backend
We-Hiring
Mail-Subject
X-APP-VERSION
X-Varnish-Cacheable
X-Proto
X-Cache-TTL
X-Debug-Cache
X-Storage
X-CACHE-KEY
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-UA-Device-Type
X-Webstats-RespID
Cache-Tags
X-PHP-Backend
X-Ratelimit-Limit
X-Backend-Name
X-Varnish-Beresp-Status
X-Sucuri-Cache
X-CACHE-GROUP
User-Agent
X-Varnish-Beresp-Grace
X-Akamai-Request-ID
X-Varnish-Cache-Hits
X-EdgeConnect-Cache-Status
X-Urbn-Context-Path
Locale
X-Dc
X-Urbn-Site-Id
X-Mshield-Cache-Status
X-Nc
X-Mrs-Cache-Hits
X-Csrf-Token
X-PERF
X-ApacheServer
X-Mrs-Age
X-Ua
X-Mrs-Cache
X-ElasticPress-Search
Fastly-SSL
Warning
X-Newrelic-Synthetics
X-B3-Spanid
X-C
X-Endurance-Cache-Level
X-Varnish-Beresp-Ttl
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Ccd
FSS-Cache
Fly-Request-Id
X-Amz-Meta-Cache-Control
HA-Host
Ha-Gx-Prefs
GMS-Ver
FSS-Proxy
Fly-Cache
HA-Ipaddr
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
Odigeo-Trace-Id
HA-Urlpath
HA-Servedtime
Rendered-Blocks
HA-Cloudapp
Resin-Trace
Viewtype
V-Age
UCS
VivaBuild
X-A
X-A-Dcw
X-A-Dam
TSSecure
SN
HA-Geocountry
HA-Geocity
HA-Georegion
HA-Geolat
HA-Geolon
Server-Host
Rt-Proxy-Cache
X-A-Dgt
X-Region-Sid
X-Org
X-NX-Host
X-PAYTM-SRV-ID
Ec-Rule-Version
X-Rewrite-Enabled
X-NU-AKA-ACS-Version
X-Logtrace-Id
X-IN-APIGATEWAY
X-Hash
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Irp-Debug
X-Rojux
X-S-Cookie
X-VG-WebServer
X-UE-Client-Country
X-Via-Edge
X-Via-SSL
Xc-Version
X-Trv-Group
X-Store
X-Server-By
X-ScT
X-Server-Time
X-Sn-Servicetimems
X-SRCache-Key
X-GeoIP-Country-Code
X-Generated-In
X-CF-Lambda-Fn
X-Cdn-Origin
X-CF-Lambda-Version
X-CGP
X-D
X-Cache-Host
X-Cache-Bucket
X-Backend-Host
X-B-Cookie
X-Backend-Url
X-BB-ID
X-BBXSRF
X-Date
X-Debug-Cookies
X-F5-Cache
X-External-Request-Id
X-Fetched-On
X-From
X-G
X-Eu-Site
X-DPWN-IS-SECURE
X-Debug-Log
X-Destination
X-Developer
X-Died
X-Application
Cache-Key
X-Cache-Backend
Arc-Country
X-Redis-Cache
Content-Disposition
Ajk
BehaviorPad-Version
Cache-Prefix
X-CACHE-AGE
X-Hello
X-GeoIP-City
X-FW-Version
X-Key
X-Matched-Rule
X-No-Session
Decoy-Debug-Status
X-Layer
X-Flog
X-Hl-Ver
X-Dispatcher-Server
X-ABtesting
X-Auto-Login
Www
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Backend-State
X-Cache-Id
X-Developers
X-CDN-Forward
X-Core-Value
X-Clientip
X-Cache-URL
X-Epic-Correlation-Id
X-Platform
X-User
X-V
X-UnsetCookies
X-Dynatrace-Js-Agent
X-Trace-Id
X-Var-Ttl
X-VServer
X-Worker
Powered-By
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Thinkindot-L3
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Rebelmouse-Cache-Control
X-Qloud-Router
Server-ID
X-Release
X-Request-Start
X-Server-IP
X-ServiceProvider
X-S-Maxage
X-Response-By
X-Request-URI
X-Owner
X-Location
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
GW-Server
Frame-Options
Apple-News-Services-Handled
Origin
Memcached
Pramga
AKAMAI
Release
IsBot
Country-Code
Heartbleed
RNT-Time
Fastly-Soc-X-Request-Id
Decoy-Debug-Key
Countrycode
RNT-Machine
Fastly-SWR
Fastly-SIE
Decoy-Debug-TTL
WZWS-RAY
User-Cache-Control
X-Powered-By-ANYU
X-Node-Id
X-WebServer
Fastly-Backend-Name
X-Nginx-Cache-Key
X-LI-Proto
X-LI-UUID
X-MI-In-Market
X-Li-Pop
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gannett-Site-Version
X-Fastly-Cache
X-Distributor
On-Server
Adler-Geo
MI-Cache-Age
MI-Cache
X-Li-Fabric
X-Instance-Name
X-Info
X-Hnp-Log
Magicmarker
X-Passed-To-BeforeDispatch
Cache-Cookie-Set-Idcheck
X-Secret
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Served-From
Cache-Cookie-Set-Lfrom
X-Thanos
X-Up
X-Swa-Ws
X-Stale
X-Variation
X-Returned-From
Cache-Cookie-Set-From
X-Passed-To-PostProcessResponse
X-Phone
X-Passed-To-DLL
X-Passed-To
X-P-T
Is-Eu
X-Policy
X-Request-UUID
Backend-Name
X-Varnish-Action
X-VCT
Kp-EeAlive
X-RCS-CacheZone
X-Cache-Expires
X-Block-Status
X-Core-Mission
Pragrma
X-Croise-Owner
X-Crawler
X-Bip
X-Actual-URL
X-Origin-Response-Time
Web-Mar-Node
Uber-Trace-Id
True-Client-Country-4JS
Section-Io-Cache
Server-Int
X-CUA
X-Cache-Debug
Platform
X-Device-Os
X-NC
X-Datadome
X-MSEdge-Flight
X-Sentry-ID
Request-Country
Esi-Enabled
Pagetype
REQUESTUUID
X-SVT-ORM-VERSION
X-Via-NSCOPI
X-SVT-ORM-RULES
Proxy-Connection
X-Fstrz
X-SN
X-TT-LOGID
X-Cache-CFC
X-Backend-TTL
CDCHOST
Request-EU
X-MSEdge-Features
X-Sf
X-MServer
Version
HTTPS
X-Cache-Srv
X-Refresh
MI-API
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-DC
RequestId
X-Oss-Storage-Class
Amp-Access-Control-Allow-Source-Origin
X-Page-Type
Cteonnt-Length
X-Pjax-Url
NodeID
X-Kong-Proxy-Latency
X-Be
X-Ms-Lease-State
X-Cache-FS-Status
X-Kong-Upstream-Latency
X-Req
X-Unique-Id-Primal
X-Servername
Group
X-Parent-Response-Time
V-Cache
MIME-Version
ProcessTime
Who
X-Origin-TTL
X-GZip
Cdn
X-Oracle-Dms-Ecid
X-BB-IP
Fusion-Source
Fusion-Content-Id
Memory
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Mime-Version
X-Ckpd-Fst-Backend
SS
CF-IPCountry
Cdn-Host
Cdn-Request-Time
X-Protected-By
X-Time
X-Servedbyhost
X-Aicache-OS
X-ND-Cache
X-Edge-Server
X-COUNTRY
X-Content-Age
X-Server-Group
GeoIP-Country-Code
SD-X-WS
PageType
X-Wa
GeoIP-Latitude
X-Varnish-Url
CDN
X-SRV
X-Varnish-Beresp-TTL
A
X-APP
Get-Access-Time
Is-Session-Tracking
X-Ratelimit-Remaining
XServer
X-Unique-Id
X-Pf-Uncompressing
X-Origin-Date
Geoip-Latitude
GeoIp-Country-Code
X-WA
X-Origin-Expires
X-B3-Traceid
X-Generation-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-StackifyID
Serverid
X-FireWall-Port
PICS-Label
X-Fastly-Cache-Hits
X-CSRF-Token
X-Cache-Info
X-Origin-Host
X-GEO
X-Vcache
X-Gdpr
X-Requestid
X-Nananana
X-Fastly-Country-Code
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-CS
X-EC-Security-Audit
Nel
Processtime
X-ID
Node
X-ServedByHost
X-PHP-Host
X-Load-Cache
Cf-Ipcountry
X-Surge-Debug
X-SERVER-NAME
X-RequestId
NGX
X-Proxy-Cache-Status
X-Server-W
DataCenter
X-Proxy-Upstream
T-Server
X-Qnm-Cache
X-Check-Cacheable
X-M-Reqid
X-M-Log
Vix-Hermes-Req-Id
URI
X-HTML-Minification-Powered-By
Hostname
X-FORWARDED-FOR
Cache-Tv-Group
X-NGINX-Cache
X-Feature
Load-Balancing
X-PF-Uncompressing
X-UPSTREAM-Address
X-HS-Status
X-GZIP
ServerName
WP-Super-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cache-Provider
X-Planisys-CDN-Cache
X-B3-SpanId
X-BACKEND-TTL
X-WR-MODIFICATION
X-ServerName
X-BE
X-Alicdn-Da-Ups-Status
X-Skip-Cache
X-Fastly-Backend-Reqs
Request-Time
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-ARC
X-VG-WebCache
X-Fe
X-Atg-Version
Https
X-HTML-Edge-Cache
X-Proxy-Server
X-PAGE-TYPE
X-IPS-LoggedIn
Requestid
X-Micro-Cache
RequestUuid
Host-ID
X-PJAX-URL
PFcat
X-Akamai-SSL-Client-Sid
X-VC
N-Cache
X-Distil-Cs
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-From-Cache
X-Cache-Ttl
X-SB
X-Amz-Meta-S3b-Last-Modified
X-Debug-Cache-Expiry
X-GDPR
X-SF
Sid
Build-Number
X-CSRF-TOKEN
X-Gen-Id
X-Grace-Duration
X-RAMCache
X-Dw-Trace-Id
Cdn-Src-Port