Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
P3p
CF-Ray
X-Amz-Cf-Pop
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Server-Id
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Application-Context
X-Backend-Server
X-Rack-Cache
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
Rating
X-DynaTrace
Allow
X-EdgeConnect-MidMile-RTT
X-Country
X-Varnish-TTL
X-EdgeConnect-Origin-MEX-Latency
X-Origin-Cache
X-Server-ID
X-FTR-Request-ID
X-Country-Code
X-Cdn
X-B3-TraceId
X-Px
X-Trace
X-DataDome
X-Vhost
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-Server-Name
X-VARITI-CCR
X-ESI
Accept-CH
RTSS
X-Goog-Hash
X-Cached
X-MS-InvokeApp
Charset
X-Mod-Pagespeed
X-TTL
Pinterest-Generated-By
SPRequestGuid
Verso
X-D2id
X-F-Cache
Public-Key-Pins
X-PC
X-TtlSet
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Vname
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-Version
X-Dispatcher
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Ser
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-Navigation-Version
X-Upstream-Env
X-B
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-Forwarded-Proto
X-Amz-Rid
X-Client-IP
Realpath
MS-Author-Via
X-Recruiting
DynaTrace
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Upstream
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Nginx-Cache
Content-MD5
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Ttl
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Debug
X-Hits
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
Edge-Cache-Tag
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Aspnet-Version
X-Via-JSL
X-N
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Id
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
X-XRDS-Location
X-NewRelic-App-Data
TCN
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-ATG-Version
S
X-FTR-Expires
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Logged-In
Alternate-Protocol
X-FastCGI-Cache
X-PressLabs-Stats
Surrogate-Key
X-Kinsta-Cache
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
Rt-Fastcgi-Cache
Tracecode
X-Content-Digest
X-Forwarded-For
X-Cache-Key
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Pad
X-Grace
Fastly-Restarts
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-CF-Powered-By
Server-Name
X-Amzn-Trace-Id
X-Edge-Location
Backend-Timing
X-Analytics
FilterID
X-Cache-2
Host
X-Content-Options
X-User-Agent
TP-L2-Cache
Ar-Sid
TP-Cache
X-Magnolia-Registration
Fastcgi-Cache
X-Rid
X-Whom
X-B3-Sampled
X-Debug-Info
ServerID
X-IPLB-Instance
X-Page-Id
X-Revision
Eomportal-Instance
X-Mobile
X-Hostname
X-Srv
X-Request-Processing-Time
X-Ruxit-Js-Agent
X-Request-Received
X-NWS-LOG-UUID
AR-Request-ID
X-Akam-SW-Version
X-VCache
Front-End-Https
Refresh
Retry-After
X-AOL-HN
X-Signature
X-LB-Cache
X-Content-Powered-By
Paypal-Debug-Id
X-B-Cache
X-Litespeed-Cache
X-GUploader-UploadID
X-Cache-Action
X-FB-Debug
X-Cluster
X-Request-Guid
X-SS-Set-Cookie
X-Varnish-Hostname
X-Framework
Source
X-App-Environment
X-Handled-By
Cleartype
X-Device-Type
X-Cache-Control
X-Instance
X-Tumblr-Pixel
X-WA-Info
X-Akamai-Edgescape
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Hit
X-Platform-Server
X-BCube-Filmed-By
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-TA-CDN-Provider
X-AppVersion
X-Az
X-Activity-Id
X-Content-Type
X-Zen-Fury
X-Esi
VIX-Pulpo-Node
Webserver
VIX-Pulpo-Upstream-Status
X-XRDS-LOCATION
X-Middleton-Display
X-Sol
Display
X-Varnish-Backend
X-Correlation-Id
X-HS-Cache-Config
Healthy
X-Cache-Rule
X-Fastcgi-Cache
X-Cache-Server
ViewerVersion
X-Seen-By
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Middleton-Response
X-TT
Response
X-URL
X-Daa-Tunnel
X-Varnish-Server
Upgrade-Insecure-Requests
Accept-Charset
X-Cached-By
X-Origin-Server
X-Drupal-Cache-Contexts
X-Generated-By
X-App-Server
Cache-Status
X-DataStream-Cache-Status
X-Cache-Age
X-Geo-Country
X-CACHE-GROUP
X-Amz-Apigw-Id
Server-Node
X-Amz-Replication-Status
X-Amzn-RequestId
S-Cnection
Payment
X-Accel-Expires
Filters
X-Response-Served-From
X-S
X-UA-Device-Type
NGB
X-Edge-Cache-Key
X-Servedby
X-Edge-Cache
X-Adobe-Content
X-Adobe-Loc
X-Contextid
GEO-INFO
X-Locale
X-FW-Server
X-FW-Serve
X-FW-Hash
X-TT-TIMESTAMP
X-FW-Static
X-RequestSource
X-FW-Type
X-UUID
X-Cacheable-TTL
ServedBy
Access-Control-Allow-Method
Actual-Object-TTL
Viewport
X-Cache-NE
X-Varnish-IP
X-Jobs
X-Status
X-TX-ID
X-Varnish-Hits
X-Storage
X-Amz-Server-Side-Encryption
Server-Info
AsisCache
MS-CV
X-Tumblr-Pixel-1
X-PHP-Backend
X-Tumblr-Pixel-2
Cache-Tv-Group
X-WebKit-CSP-Report-Only
X-WPE-Loopback-Upstream-Addr
X-GeoIP
X-Dns-Prefetch-Control
X-Rendered-As
X-Cache-Remote
X-Cache-TTL-Remaining
X-App-Version
X-Croise-Owner
HostName
X-Node-Name
Cache
From-Origin
Host-Header
X-Region
SRV
X-Cache-Operation
X-Vg-Webcache
X-Webkit-CSP
X-Redis-Cache
X-Hyper-Cache
X-APP-VERSION
Served-By
Liferay-Portal
X-UA
X-BACKEND-TTL
Public-Key-Pins-Report-Only
Cache-Tag
X-Dynatrace-Js-Agent
X-CACHE-KEY
X-Upgrade-Enabled
X-Is-Bot
X-Proxy-Build
X-Webstats-RespID
X-Akamai-Transformed
X-Detected-As
X-RN-RSRV
X-Path-Route
X-NGENIX-Cache
X-Loop
X-IP
Meta-Geo
Machine
X-Agile
X-Agile-Id
X-Generated
X-Agile-Age
Selected-FE
X-Cache-Var-Map
X-Cache-Var
X-Site-Version
X-TNCMS
X-Timing-Wait
X-Hosted-By
DC
X-Endurance-Cache-Level
X-CDN-Cache
X-Environment-Context
X-Cache-Category-Id
X-Akamai-Request-ID
Origin-Edge-Control
X-L-Path
X-NCache
X-Human
X-JoinUs
Cache-Name
X-Grey
Origin-Cache-Control
X-Pc-Appver
X-Internal-Host
X-Original-Request
X-Origin-Response-Time
X-Pc-Key
X-Pc-Hit
X-Request-Time
X-Via-Fastly
X-Upstream-HT
X-Upstream-CT
X-Web-Node
X-Mode
Powered-By-ChinaCache
X-Viewer-Country
DB-Nickname
Azure-RegionName
X-Labrador-Cache-Channel
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Now
X-Kong-Proxy-Latency
X-Birta-Cache-Post
X-Birta-Served
X-BYPASS-REASON
X-FC-Vary-Parameters
X-Format
X-Origin
X-VG-TLSProxy
X-Kong-Upstream-Latency
X-Vgn-Hpd-Reason
Azure-Version
X-Tumblr-Pixel-3
X-RemovedCookies
X-Origin-Host
X-Pubstack
X-Forwarded-Host
X-ProxyCache-Key
X-ProxyCache-Status
Content-Script-Type
X-ProcessESI
Content-Style-Type
S-Rt
TWC-Connection-Speed
TWC-Device-Class
Property-Id
X-Time-Microsecs
X-Guploader-Uploadid
X-PCL
X-Origin-Hint
X-Cache-Config
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Access
X-Proxy
X-B3-Spanid
X-Tb
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Fastcgi-X-Cache-Version
Mn-Server-Ip
X-Section
X-ServerID
X-CCM
X-Rule
X-Www-Served-By
X-Xfnlog-Site
X-Ocache
X-OCL
Cache-Tags
X-Origin-CC
Fastcgi-X-Cache
Fastcgi-Useragent
X-App-Name
X-Proxied
HitType
X-Routing-Service
Xserver
X-Backend-Name
Cache-Key
X-Parent-Response-Time
X-Zipkin-Id
X-Protected-By
User-Cache-Control
Pagespeed
X-Edge-IP
X-Via-CDN
X-Yottaa-Metrics
X-Yottaa-Optimizations
Vix-Hermes-Req-Id
X-TIME
X-RTag
Ms-Operation-Id
X-HS-Combine-CSS
X-Nginx-Cache
Datacenter
X-Cache-TTL
OT-Force-Account-Verify
X-FB-TRIP-ID
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Correlation-ID
X-Ezoic-Cdn
X-ApacheServer
Time
X-Cache-Backend
X-PERF
NtCoent-Length
X-OVcl
X-OVcl-Cache
X-Pc-Host
X-Real-Ip
X-Content-Age
X-Pc-Date
X-Akamai-Request-ID2
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Unique-Id-Primal
X-Mshield-Cache-Status
X-Newrelic-App-Data
X-Mrs-Age
Load-Balancing
Country
X-Webkit-Csp
X-Ratelimit-Limit
AR-SID
X-Front
LB
X-Cdn-Forward
X-Real-IP
X-CDN-Forward
X-RateLimit-Limit
Accept-Language
L5d-Success-Class
X-Varnish-Cacheable
X-Debug-Cache
Ohc-File-Size
X-COUNTRY
Fusion-Template-Id
Fusion-Source
X-Varnish-Beresp-Status
Section-Io-Cache
Fusion-Content-Source
X-Amz-Meta-Surrogate-Control
X-Unique-ID
X-Varnish-Beresp-Grace
Fusion-Content-Id
Fusion-Component-Id
X-Proto
X-Sucuri-ID
X-Hit
X-Varnish-Beresp-Ttl
X-MP-GENERATED-AT
X-Nc
X-Hl-Ver
X-Trace-Id
We-Hiring
X-GRACE
Mail-Subject
Version
X-C
X-Time
Warning
WZWS-RAY
User-Agent
X-EdgeConnect-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Geo
Pagetype
X-Microcachable
X-Cache-Enabled
X-A-Ccd
X-A
Www
X-Device-Os
X-Aed
VivaBuild
X-A-Dam
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dgt
Fly-Request-Id
X-A-Wwc
X-Returned-From-PostProcessResponse
X-Actual-URL
Frame-Options
X-Server-Time
X-Served-From
Release
X-S-Cookie
Rendered-Blocks
Resin-Trace
RNT-Time
RNT-Machine
Powered-By
Platform
Memcached
Mobile-Detection-Method
Node
X-ScT
X-S-Maxage
PFcat
MD5-Digest
Rt-Proxy-Cache
X-Rewrite-Enabled
Thinkindot-Control
V-Age
IBM-Web2-Location
X-Server-By
Meta-Geo-Continent
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Is-Eu
SD-X-WS
Server-Host
Server-ID
SS
X-Rojux
Viewtype
X-Cache-Id
X-Returned-From-BeforeDispatch
X-D
X-Node-Id
X-Region-Sid
X-Logtrace-Id
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Reboot
X-RCS-CacheZone
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-CUA
X-Rebelmouse-Surrogate-Control
X-LI-UUID
X-LI-Proto
X-Date
X-From
X-External-Request-Id
X-Returned-From
X-Request-UUID
X-Response-By
X-FW-Version
X-G
X-Li-Fabric
X-Li-Pop
X-Layer
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-Qloud-Router
X-P-T
X-Cache-Debug
X-Cache-Bucket
X-Cache-Expires
Fly-Cache
X-Cache-Host
X-Cache-FS-Status
X-Bip
X-Died
X-B-Cookie
X-Auto-Login
X-BB-ID
X-Destination
X-Returned-From-DLL
X-Fetched-On
X-Dispatcher-Server
X-Passed-To-DLL
X-Connection-Hash
X-Crawler
X-Passed-To-BeforeDispatch
X-Passed-To
X-Developer
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-URL
X-PHP-Host
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Application
X-Var-Ttl
X-Swa-Ws
X-Store
X-Thanos
X-Thinkindot-L3
X-Transaction
X-SRCache-Key
Access-Control-Request-Headers
BehaviorPad-Version
Arc-Country
Ajk
Adler-Geo
X-Trv-Group
X-TT-LOGID
X-We-Are-Hiring
X-WebServer
Xc-Version
X-Via-NSCOPI
X-VG-WebServer
X-Varnish-Action
X-UE-Client-Country
Fastly-SWR
X-User
X-Variation
Cache-Prefix
X-Twitter-Response-Tags
Fastly-Backend-Name
Ec-Rule-Version
Fastly-SIE
X-Rocket-Nginx-Bypass
X-Org
X-F5-Cache
X-ElasticPress-Search
X-Origin-Date
X-Amz-Meta-Cache-Control
X-Backend-State
X-Info
X-SVT-ORM-RULES
True-Client-Country-4JS
X-Location
X-Stale
Web-Mar-Node
Who
X-MI-In-Market
X-UnsetCookies
X-Phone
X-Hnp-Log
X-Svr
X-Server-Group
X-Gen-Mode
X-Fstrz
X-Server-IP
Fastly-SSL
X-Distributor
X-Distil-CS
X-Clientip
GMS-Ver
X-Origin-Expires
X-Cache-CFC
Heartbleed
X-Hash
X-Request-Start
X-GeoIP-Country-Code
GW-Server
X-Block-Status
X-SVT-ORM-VERSION
Cache-Cookie-Set-Lfrom
MI-API
Pramga
Countrycode
Proxy-Connection
X-Release
Cache-Cookie-Set-Idcheck
Decoy-Debug-Key
X-Nginx-Cache-Key
Decoy-Debug-TTL
On-Server
X-ServiceProvider
Content-Disposition
MI-Cache-Age
Origin
MI-Cache
X-Sf
Decoy-Debug-Status
Cache-Cookie-Set-From
Backend-Name
X-MSEdge-Features
Backend
Server-Int
Esi-Enabled
Magicmarker
Kp-EeAlive
X-MSEdge-Flight
AKAMAI
X-No-Session
Request-Time
X-NODE
X-Be
X-Proxy-Upstream
X-Epic-Correlation-Id
X-Core-Value
X-Core-Mission
X-Fastly-Cache
X-Request-URI
X-Gannett-Site-Version
X-Wikidot-Backend
Country-Code
X-Generated-On
X-Wikidot-Static-Cache
X-Via-SSL
Fastly-Soc-X-Request-Id
X-Developers
X-Via-Edge
X-SIPLIST1
Apple-News-Services-Request-Url
REQUESTUUID
X-Proxy-Cache-Status
X-Secret
Apple-News-Services-Parsed-Url
X-Dc
X-Micro-Cache
Apple-News-Services-Handled
X-Level-Front-Cache
Apple-News-Services-Host
X-Key
X-IN-WAF
IsBot
CDCHOST
X-Page-Type
X-V
X-Policy
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Backend-Host
X-Backend-Url
X-Up
X-DC
X-Ua
HA-Geolat
HA-Geolon
HA-Georegion
X-Irp-Debug
HA-Geocountry
X-CACHE-AGE
ServerName
Ha-Gx-Prefs
HA-Host
HA-Urlpath
X-Refresh
X-Sn-Servicetimems
Lfy
HA-Ipaddr
HA-Servedtime
HA-Cloudapp
HA-Geocity
X-Debug-Cache-Expiry
X-CGP
X-Debug-Cache-Store
X-Instart-Info
X-Eu-Site
X-Origin-TTL
X-Debug-Cache-Fetch
X-Cdn-Origin
PageSpeed
X-Debug-Cookies
X-Debug-Log
RequestId
Pragrma
X-Cdn-Srv
Ohc-Response-Time
X-Cache-Info
X-Platform
X-NC
X-Server-Cache
X-NX-Host
X-Planisys-CDN-TTL
X-VarnPar1
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-VarnCache
X-Urbn-Context-Path
Request-EU
Uber-Trace-Id
UCS
X-Urbn-Site-Id
Request-Country
X-PARISIEN-Cache-Rendered
X-Servername
Locale
X-Instance-Name
X-ARC
MIME-Version
Host-ID
X-NWS-UUID-VERIFY
X-Pjax-Url
Cteonnt-Length
Group
V-Cache
X-VCT
X-GeoIP-City
X-Req
X-Datadome
X-CMS-Context
Memory
Cache-Provider
X-Newrelic-Synthetics
HitInfo
Cdn
Mime-Version
X-BBXSRF
PICS-Label
X-Powered-By-ANYU
X-Servedbyhost
X-Gdpr
X-Ratelimit-Remaining
X-LAGOON
Nel
NGX
X-WR-MODIFICATION
X-EIG-Tracking-Id
CF-IPCountry
X-Wa
X-TWH-CORRELATION-ID
GeoIP-Country-Code
X-Aicache-OS
GeoIP-Latitude
XServer
CDN
X-B3-Traceid
X-Load-Cache
Amp-Access-Control-Allow-Source-Origin
X-CSRF-TOKEN
X-HTML-Minification-Powered-By
X-Fastly-Country-Code
X-StackifyID
X-Varnish-Cache-Hits
X-FireWall-Port
X-Generation-Time
X-UPSTREAM-Address
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Cf-Ipcountry
GeoIp-Country-Code
X-Sedo-Request-Id
X-Cache-Miss-From
X-WA
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Cluster-Node
FSS-Cache
FSS-Proxy
X-Check-Cacheable
X-Sentry-ID
X-Varnish-Beresp-TTL
X-NodeID
X-FORWARDED-FOR
X-Csrf-Token
X-Cache-Grace
X-Flog
X-Source
X-VServer
X-Varnish-Authentication
X-HOST
X-APP
Processtime
Server-Surrogate-Control
X-ABtesting
X-Hello
Server-Cache-Control
X-Cache-ASPX
CACHE
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Oss-Object-Type
SN
X-CDN-Pop-IP
X-IPS-LoggedIn
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-CDN-Pop
X-RCS-Backend
X-Nananana
X-Oss-Hash-Crc64ecma
X-ServedByHost
URI
X-Unique-Id
X-Varnish-Url
X-Dynatrace
X-GZip
WP-Super-Cache
DataCenter
X-GDPR
X-SRV
Pics-Label
X-Fastly-Cache-Hits
X-VC-Cache
X-Skip-Cache
TSSecure
X-Instart-Isnd
X-ND-Cache
X-ID
X-CSRF-Token
X-Edge-Server
X-MServer
Cdn-Host
Cdn-Request-Time
X-Worker
Is-Session-Tracking
X-VG-WebCache
X-Sucuri-Cache
X-HS-Status
Get-Access-Time
X-From-Cache
Proxy-Firewall
A
X-B3-SpanId
X-PJAX-URL
X-GoCache-CacheStatus
X-Swift-Error
X-BE
Hostname
Dynatrace
X-Pf-Uncompressing
Powered
PageType
X-Pc-Subdomain
X-Server-W
X-Bug-Bounty
HTTPS
X-GZIP
X-Port
X-Amzn-Remapped-Connection
X-Backend-TTL
X-Amzn-Remapped-Date
X-Gen-Id
X-ORIG-AKA-EDGE
X-AWS-Id
X-VWS-Id
X-Cache-Ttl
X-NGINX-Cache
Odigeo-Trace-Id
X-SplitTest
X-LJ-Flow-ID
X-Fe
X-VarnPar2
FastCGI-Cache
X-ServerName
Requestid
Serverid
X-FW-Dynamic
X-R9-Blue-Green-Version
X-Amz-Meta-S3b-Last-Modified
WebServer
X-LiteSpeed-Cache-Control
X-Serial
X-Varnish-URL
X-ORIG-AKA-COUNTRY-CODE
X-PAGE-TYPE
X-SN
X-HostName
X-Owner
X-PF-Uncompressing
T-Server
X-RequestId
RequestUuid
X-VC
X-Alicdn-Da-Ups-Status
X-RAMCache
X-SB
X-GEO
Xet-Cookie
X-Requestid
Correlation-Id
Cache-Hits
X-HTML-Edge-Cache
X-Developed-By
Location
X-CS
X-Dw-Trace-Id
X-Akamai-ERRuleID
SID
NnCoection
X-Akamai-ERPolicy
X-LiteSpeed-Tag