Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Amz-Cf-Pop
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
Grace
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
X-WebKit-CSP
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Cnection
X-Server-Id
X-Host
X-Readtime
Report-To
X-Node
X-Rq
EagleEye-TraceId
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
Feature-Policy
X-CST
X-Rack-Cache
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Iejgwucgyu
Request-Id
X-Cloud-Trace-Context
X-Instart-Request-ID
X-Clacks-Overhead
Edge-Control
NEL
X-Url
X-DynaTrace
Allow
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Cdn
X-Server-Name
X-Trace
X-Px
X-Vhost
X-DataDome
X-Ruxit-JS-Agent
X-Server-ID
X-ESI
X-GitHub-Request-Id
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Cached
RTSS
X-VARITI-CCR
Accept-CH
SPRequestGuid
X-Goog-Hash
Charset
X-PC
Pinterest-Generated-By
X-Vname
X-TtlSet
X-Mod-Pagespeed
X-D2id
X-F-Cache
X-Dispatcher
Public-Key-Pins
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
Verso
X-SharePointHealthScore
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-TTL
X-DynaTrace-JS-Agent
X-T
X-Version
X-Powered-By-Plesk
X-Abt-Application-Version
Accept-CH-Lifetime
X-Powered-CMS
X-DIS-Request-ID
X-Dns-Prefetch-Control
X-Ser
X-Fastly-Request-ID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Navigation-Version
X-Forwarded-Proto
X-Shield-Request-Id
X-Origin-Upstream-Status
X-B
X-Recruiting
DynaTrace
MS-Author-Via
X-Client-IP
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
SPRequestDuration
SPIisLatency
X-HW
Content-MD5
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Oneagent-Js-Injection
X-Upstream
X-Ttl
Nginx-Cache
X-Vcap-Request-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Edge-Cache-Tag
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
X-N
X-Hits
TCN
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Debug
X-NF-Request-ID
X-Oracle-Dms-Rid
Access-Control-Request-Method
X-MSEdge-Ref
X-Goog-Storage-Class
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Acc-Meta-Resource-Type
X-Mrf-Item-Lastmod
X-NewRelic-App-Data
X-XRDS-Location
X-Dw-Request-Base-Id
X-ATG-Version
S
Service-Worker-Allowed
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-Via-JSL
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-Logged-In
X-FTR-Expires
X-Id
Tracecode
X-FastCGI-Cache
X-Forwarded-For
Rt-Fastcgi-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-PressLabs-Stats
X-Pad
X-Frontend
X-Content-Digest
Alternate-Protocol
X-Kinsta-Cache
Surrogate-Key
Fastly-Restarts
X-RateLimit-Remaining
AMP-Access-Control-Allow-Source-Origin
MicrosoftSharePointTeamServices
X-Content-Options
X-Litespeed-Cache
Ar-Sid
X-Cache-Key
X-FTR-Cache-Host
Server-Name
X-Amzn-Trace-Id
X-Edge-Location
Fastcgi-Cache
X-Analytics
Backend-Timing
Host
FilterID
X-CF-Powered-By
X-Grace
TP-Cache
TP-L2-Cache
X-Debug-Info
X-Rid
X-User-Agent
X-Hostname
X-IPLB-Instance
X-Revision
X-Magnolia-Registration
X-Whom
ServerID
X-B3-Sampled
Eomportal-Instance
Paypal-Debug-Id
X-Cache-2
X-NWS-LOG-UUID
X-Request-Processing-Time
X-Request-Received
X-Page-Id
X-Ruxit-Js-Agent
X-HS-Cache-Config
X-Mobile
AR-Request-ID
X-Srv
X-Akam-SW-Version
Front-End-Https
X-GUploader-UploadID
X-AOL-HN
X-Content-Powered-By
X-VCache
X-Cache-Hit
Retry-After
X-Varnish-Grace
X-Signature
X-LB-Cache
Source
X-SS-Set-Cookie
X-FB-Debug
X-Cluster
X-B-Cache
X-Device-Type
X-Handled-By
X-WA-Info
Cleartype
X-Request-Guid
X-Cache-Action
Refresh
X-App-Environment
X-Cache-Control
X-Varnish-Hostname
X-Correlation-Id
X-BCube-Filmed-By
X-Platform-Server
X-Framework
X-Tumblr-Pixel
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Zen-Fury
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-TA-CDN-Provider
Webserver
X-Daa-Tunnel
X-Varnish-Backend
X-Webkit-CSP
Display
X-Sol
X-Middleton-Display
X-Fastcgi-Cache
X-Cache-Server
X-XRDS-LOCATION
X-Drupal-Cache-Tags
X-Varnish-Server
X-Activity-Id
X-AppVersion
X-Az
X-Drupal-Cache-Contexts
Healthy
X-Content-Type
X-Geo-Country
X-Cache-Rule
X-URL
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Generated-By
ViewerVersion
X-Wix-Request-Id
Response
X-Seen-By
X-Middleton-Response
Server-Node
S-Cnection
X-App-Server
X-Cached-By
X-Cache-Age
Cache-Status
X-Node-Name
X-Accel-Expires
X-DataStream-Cache-Status
X-CACHE-GROUP
X-Amz-Replication-Status
X-Amz-Apigw-Id
X-Origin-Server
X-Amzn-RequestId
X-Esi
X-TT
Upgrade-Insecure-Requests
X-RequestSource
Filters
X-S
X-WPE-Loopback-Upstream-Addr
Payment
Host-Header
GEO-INFO
X-Response-Served-From
NGB
X-Cacheable-TTL
HostName
X-Locale
X-UA-Device-Type
X-GeoIP
Viewport
X-Varnish-IP
X-Edge-Cache
X-Edge-Cache-Key
X-Cache-NE
Actual-Object-TTL
X-Contextid
X-Servedby
X-Jobs
ServedBy
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
AsisCache
X-Status
X-Amz-Server-Side-Encryption
X-TX-ID
X-TT-TIMESTAMP
X-Varnish-Hits
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
Server-Info
X-Adobe-Loc
X-Adobe-Content
Accept-Charset
X-Storage
X-Vg-Webcache
X-Hyper-Cache
X-HS-Combine-CSS
SRV
X-CLOUD-TRACE-CONTEXT
X-Cache-TTL-Remaining
Cache
X-PHP-Backend
X-Cache-Remote
X-Rendered-As
X-Croise-Owner
From-Origin
MS-CV
X-App-Version
X-APP-VERSION
Cache-Tag
X-Cache-Operation
Cache-Tv-Group
X-Region
Public-Key-Pins-Report-Only
X-Forwarded-Host
DC
Liferay-Portal
X-Redis-Cache
Served-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Mode
X-CACHE-KEY
X-Webstats-RespID
X-Detected-As
X-Proxy-Build
X-Akamai-Transformed
Fastcgi-Useragent
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Site-Version
X-Hosted-By
X-RN-RSRV
X-Timing-Wait
X-TNCMS
X-Human
Fastcgi-X-Cache-Version
X-Cache-Var
Selected-FE
Meta-Geo
X-Agile-Id
X-Cache-Var-Map
X-Is-Bot
X-IP
X-Request-Time
Fastcgi-X-Cache
X-Loop
X-Agile-Age
X-Generated
X-NGENIX-Cache
X-Akamai-Request-ID2
X-Path-Route
X-Agile
Machine
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
Property-Id
S-Rt
Origin-Edge-Control
Origin-Cache-Control
TWC-GeoIP-Country
X-Proxied
X-Labrador-Cache-Channel
X-Origin-Hint
X-Original-Request
X-Pc-Appver
X-L-Path
X-JoinUs
X-BYPASS-REASON
X-CDN-Cache
X-Environment-Context
X-Grey
X-Pc-Hit
X-Pc-Key
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-ProxyCache-Status
Webcakes-Region
X-ProxyCache-Key
X-Cache-Category-Id
Cache-Name
X-Zipkin-Id
X-Vgn-Hpd-Reason
X-Routing-Service
TWC-Locale-Group
Xserver
X-Format
X-UA
X-OCL
X-FC-Vary-Parameters
X-NCache
X-Birta-Served
Datacenter
X-Access
X-Birta-Cache-Post
X-PCL
X-ProcessESI
X-VG-TLSProxy
X-Via-Fastly
X-Viewer-Country
X-Web-Node
X-Upstream-HT
X-Upstream-CT
X-Pubstack
X-RemovedCookies
X-Section
Now
Powered-By-ChinaCache
DB-Nickname
Cache-Tags
X-Origin
X-Origin-Response-Time
Pagespeed
X-Cache-Config
X-Proxy
X-RateLimit-Limit
X-Rule
X-Xfnlog-Site
X-Origin-Host
X-Time-Microsecs
X-Www-Served-By
X-Via-CDN
X-ServerID
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-Origin-CC
X-Internal-Host
Azure-RegionName
X-Tb
OT-Force-Account-Verify
Azure-Version
Azure-InstanceId
Azure-SiteName
X-Backend-Name
Mn-Server-Ip
Azure-SlotName
X-CCM
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-TIME
HitType
X-ShopId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Parent-Response-Time
X-Ocache
X-Real-IP
X-App-Name
Accept-Language
X-Nginx-Cache
X-NODE
X-Cache-TTL
X-OVcl-Cache
X-OVcl
X-B3-Spanid
X-Ezoic-Cdn
L5d-Success-Class
User-Cache-Control
Cache-Key
NtCoent-Length
X-Protected-By
Vix-Hermes-Req-Id
X-Edge-IP
LB
Content-Script-Type
Content-Style-Type
X-Amz-Meta-Surrogate-Control
Time
X-Newrelic-App-Data
X-Proto
X-Guploader-Uploadid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-BACKEND-TTL
X-Pc-Host
X-Pc-Date
X-Webkit-Csp
X-Cache-Backend
Ms-Operation-Id
X-GRACE
X-RTag
X-Correlation-ID
X-ApacheServer
X-PERF
X-Front
X-Real-Ip
X-Cdn-Forward
X-Nc
Section-Io-Cache
X-CDN-Forward
X-Hit
X-Mrs-Cache-Hits
X-Sucuri-ID
X-Mrs-Age
X-Mshield-Cache-Status
X-Unique-Id-Primal
X-Mrs-Cache
X-Varnish-Beresp-Status
X-FB-TRIP-ID
X-Varnish-Beresp-Grace
X-Varnish-Cacheable
AR-SID
X-Microcachable
X-Unique-ID
X-Debug-Cache
WZWS-RAY
Access-Control-Request-Headers
X-Content-Age
X-Twitter-Response-Tags
X-Transaction
X-Cache-Enabled
X-Time
X-Connection-Hash
X-C
Version
X-Trace-Id
X-Varnish-Beresp-Ttl
X-EdgeConnect-Cache-Status
Warning
X-MP-GENERATED-AT
X-NWS-UUID-VERIFY
X-Dc
Fastly-Backend-Name
X-G
X-GeoIP-Country-Code
Fastly-SIE
X-DPWN-IS-SECURE
X-Destination
Ajk
Countrycode
X-Date
Ec-Rule-Version
Cache-Prefix
Frame-Options
X-Fetched-On
X-Generated-In
Adler-Geo
We-Hiring
X-Developer
BehaviorPad-Version
X-Died
Fly-Request-Id
Fly-Cache
X-Device-Os
X-Dispatcher-Server
Fastly-SWR
X-External-Request-Id
X-F5-Cache
X-From
Arc-Country
X-Backend-State
RNT-Machine
Resin-Trace
RNT-Time
Rt-Proxy-Cache
SD-X-WS
X-A-Wwc
X-Accel-Expires-Debug
Release
Rendered-Blocks
X-Aed
X-Actual-URL
Server-Host
Server-ID
UCS
Uber-Trace-Id
V-Age
Viewtype
VivaBuild
X-A
X-A-Ccd
X-A-Dgt
X-A-Dcw
SS
X-A-Dam
X-Application
Powered-By
X-Cache-Host
X-Cache-Id
IBM-Web2-Location
Is-Eu
X-Cache-Debug
X-Cache-URL
X-CF-Lambda-Fn
X-CUA
X-Crawler
X-Clientip
X-CF-Lambda-Version
X-Cache-Bucket
Locale
X-BB-ID
Mail-Subject
X-B-Cookie
Platform
Node
Mobile-Detection-Method
MD5-Digest
Memcached
X-Bip
Meta-Geo-Continent
X-D
X-Release
X-S-Maxage
X-S-Cookie
X-Rojux
X-ScT
X-Served-From
X-Server-Time
X-Server-By
X-Rocket-Nginx-Bypass
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Region-Sid
X-Response-By
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-SRCache-Key
X-Store
X-Via-Edge
X-VG-WebServer
X-Varnish-Action
Ohc-File-Size
X-Via-SSL
Xc-Version
X-WebServer
X-We-Are-Hiring
X-Variation
X-Var-Ttl
X-Trv-Group
X-Thanos
X-Ratelimit-Limit
X-Ua
X-UE-Client-Country
X-User
X-Urbn-Site-Id
X-Urbn-Context-Path
X-RCS-CacheZone
X-Request-UUID
X-NU-AKA-ACS-Version
X-Node-Id
X-Passed-To
Load-Balancing
X-Passed-To-BeforeDispatch
X-Logtrace-Id
X-Layer
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Li-Fabric
X-Qloud-Router
Country
X-Org
X-PHP-Host
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
X-Hl-Ver
Fusion-Component-Id
Fusion-Source
X-UnsetCookies
X-Gen-Mode
X-Thinkindot-L3
X-Via-NSCOPI
X-IN-SSL-APIGATEWAY
X-FW-Version
X-Info
X-IN-APIGATEWAY
X-IN-WAF
Www
X-Hash
X-Hnp-Log
X-Key
X-Auto-Login
X-Cache-FS-Status
X-Cache-Expires
X-Epic-Correlation-Id
X-Block-Status
X-Request-Start
Web-Mar-Node
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Core-Value
X-CGP
X-Eu-Site
X-No-Session
X-Stale
X-Amz-Meta-Cache-Control
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sf
X-Location
X-Matched-Rule
X-Server-Group
X-Server-IP
X-Swa-Ws
Who
Backend-Name
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Servedtime
HA-Urlpath
Apple-News-Services-Request-Url
Kp-EeAlive
Heartbleed
HA-Georegion
HA-Geolon
GMS-Ver
Content-Disposition
Country-Code
GW-Server
HA-Cloudapp
HA-Geolat
HA-Geocountry
HA-Geocity
Apple-News-Services-Parsed-Url
Backend
Pragrma
AKAMAI
Request-Country
Request-EU
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Origin
Pramga
Apple-News-Services-Handled
Thinkindot-Control
Apple-News-Services-Host
X-Be
V-Cache
Group
User-Agent
Esi-Enabled
X-Fstrz
CDCHOST
X-Request-URI
X-Secret
HitInfo
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Gannett-Site-Version
X-Geo
X-GeoIP-City
X-Phone
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Soc-X-Request-Id
X-Policy
X-Irp-Debug
X-Instance-Name
X-Platform
X-P-T
Cache-Cookie-Set-From
X-Up
MI-Cache-Age
X-Backend-Url
On-Server
MI-Cache
X-Dynatrace-Js-Agent
X-Cache-CFC
Decoy-Debug-TTL
X-Backend-Host
Proxy-Connection
Server-Int
X-V
REQUESTUUID
X-ServiceProvider
True-Client-Country-4JS
X-MI-In-Market
IsBot
MI-API
X-SIPLIST1
Decoy-Debug-Status
X-Distil-CS
Fastly-SSL
X-Distributor
X-TT-LOGID
X-Developers
X-Wikidot-Static-Cache
Decoy-Debug-Key
X-Wikidot-Backend
X-VCT
X-DC
X-Nginx-Cache-Key
X-MSEdge-Flight
Request-Time
X-NX-Host
X-Sn-Servicetimems
X-MSEdge-Features
X-Refresh
X-Origin-TTL
X-Origin-Expires
X-Origin-Date
X-Servername
X-Debug-Cookies
X-Core-Mission
X-Cdn-Origin
X-Debug-Log
Magicmarker
X-Fastly-Cache
X-ElasticPress-Search
Pagetype
X-COUNTRY
X-Page-Type
RequestId
PFcat
X-Req
Host-ID
X-Pjax-Url
X-Planisys-CDN-Rules
X-BBXSRF
X-Planisys-CDN-Cache
X-EIG-Tracking-Id
X-Planisys-CDN-TTL
X-Powered-By-ANYU
PageSpeed
X-CACHE-AGE
X-VarnCache
MIME-Version
X-NC
X-Svr
X-VarnPar1
X-PARISIEN-Cache-Rendered
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-HOST
X-Instart-Info
X-Level-Front-Cache
X-Micro-Cache
X-Generated-On
X-Newrelic-Synthetics
X-Datadome
ServerName
Lfy
Cache-Provider
Cdn
X-TWH-CORRELATION-ID
Ohc-Response-Time
X-Cache-Info
Mime-Version
X-Server-Cache
Cteonnt-Length
X-Cdn-Srv
X-Cluster-Node
X-ARC
PICS-Label
X-Gdpr
Memory
X-Servedbyhost
Nel
CF-IPCountry
X-StackifyID
FSS-Cache
X-CMS-Context
X-NodeID
X-Wa
FSS-Proxy
X-Sentry-ID
X-ABtesting
X-VServer
X-Flog
X-Aicache-OS
X-Fastly-Country-Code
X-Hello
X-Load-Cache
X-LAGOON
CDN
GeoIP-Latitude
GeoIP-Country-Code
SN
X-WR-MODIFICATION
NGX
X-CSRF-TOKEN
XServer
X-GZip
Geoip-Latitude
X-Fastly-Backend-Reqs
GeoIp-Country-Code
X-HTML-Minification-Powered-By
X-Varnish-Beresp-TTL
CACHE
X-WA
X-Check-Cacheable
TSSecure
X-UPSTREAM-Address
Amp-Access-Control-Allow-Source-Origin
X-APP
X-Source
X-CSRF-Token
Processtime
X-Worker
X-MServer
X-ID
X-Csrf-Token
X-Unique-Id
A
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
PageType
X-VWS-Id
X-SplitTest
X-AWS-Id
X-Ratelimit-Remaining
X-LJ-Flow-ID
X-Port
X-CDN-Pop-IP
Cf-Ipcountry
WP-Super-Cache
X-FireWall-Port
X-ServedByHost
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-CDN-Pop
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-RateLimit-Limit-Second
X-GDPR
X-Sedo-Request-Id
Pics-Label
X-RateLimit-Remaining-Second
X-Cache-Miss-From
X-Nananana
HTTPS
X-Edge-Server
X-Dynatrace
X-Varnish-Cache-Hits
Cdn-Host
Cdn-Request-Time
Cache-Hits
X-SRV
Odigeo-Trace-Id
X-B3-SpanId
X-Sucuri-Cache
X-Skip-Cache
X-VC-Cache
X-Backend-TTL
X-Generation-Time
X-FORWARDED-FOR
URI
DataCenter
X-Owner
X-Cache-Grace
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-B3-Traceid
X-Ms-Version
X-Fastly-Cache-Hits
X-HS-Status
X-Cache-ASPX
X-Varnish-Authentication
X-IPS-LoggedIn
Server-Surrogate-Control
ProcessTime
Server-Cache-Control
X-BE
X-Swift-Error
X-RCS-Backend
Dynatrace
X-SN
X-Gen-Id
X-PJAX-URL
Hostname
X-VG-WebCache
X-GZIP
X-Bug-Bounty
X-Varnish-Url
X-Amzn-Remapped-Date
X-GoCache-CacheStatus
X-Amzn-Remapped-Connection
X-ND-Cache
X-From-Cache
X-Instart-Isnd
X-ORIG-AKA-EDGE
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-Serial
X-VarnPar2
X-Cache-Ttl
X-Ms-Lease-State
X-Cache-Srv
Requestid
X-Fe
X-NGINX-Cache
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
Serverid
X-LiteSpeed-Cache-Control
WebServer
X-Server-W
X-Varnish-URL
X-ServerName
NodeID
Get-Access-Time
X-SB
X-VC
RequestUuid
T-Server
X-ORIG-AKA-COUNTRY-CODE
X-RAMCache
X-Pf-Uncompressing
Xet-Cookie
Is-Session-Tracking
X-LiteSpeed-Tag
Proxy-Firewall
X-PF-Uncompressing
X-RequestId
SID
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-CS
NnCoection
X-Developed-By
X-HTML-Edge-Cache
X-Dw-Trace-Id
Location