Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Amz-Cf-Pop
X-Download-Options
P3p
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
EagleId
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-WebKit-CSP
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
X-Cnection
X-Node
X-OneAgent-JS-Injection
Content-Location
X-Readtime
Surrogate-Control
X-CST
EagleEye-TraceId
Report-To
X-Host
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Rack-Cache
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
Allow
X-Url
X-Clacks-Overhead
NEL
Rating
X-DynaTrace
Edge-Control
X-Country
X-Origin-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-Cdn
X-B3-TraceId
X-Px
X-ORACLE-DMS-RID
X-Server-ID
X-DataDome
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-Vhost
X-Trace
X-VARITI-CCR
Accept-CH
X-Goog-Hash
Charset
X-TTL
X-Server-Name
X-ESI
X-Cached
RTSS
X-MS-InvokeApp
X-Mod-Pagespeed
Pinterest-Generated-By
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
Verso
X-D2id
Public-Key-Pins
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Version
X-F-Cache
SPRequestGuid
X-PC
X-TtlSet
X-Vname
X-Dispatcher
X-DIS-Request-ID
X-DynaTrace-JS-Agent
Accept-CH-Lifetime
X-T
X-Powered-By-Plesk
X-Abt-Application-Version
X-Powered-CMS
X-SharePointHealthScore
X-Fastly-Request-ID
X-Origin-Upstream-Status
X-Ser
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Store-Status
X-Upstream-Env
X-SRCache-Fetch-Status
X-B
Realpath
X-Client-IP
X-Amz-Rid
X-Shield-Request-Id
MS-Author-Via
X-Recruiting
X-Forwarded-Proto
X-HW
X-Upstream
SPIisLatency
SPRequestDuration
X-Vcap-Request-Id
DynaTrace
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-XRDS-Location
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Varnish-Age
AR-ATIME
AR-CACHE
AR-PoweredBy
Content-MD5
X-Debug
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Via-JSL
X-Dw-Request-Base-Id
X-Hits
X-Goog-Storage-Class
X-Aspnet-Version
X-MSEdge-Ref
X-Id
X-Acc-Meta-Resource-Type
X-NF-Request-ID
X-FTR-Realm
X-N
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Ttl
Service-Worker-Allowed
X-FTR-Expires
X-NewRelic-App-Data
S
Access-Control-Request-Method
X-ATG-Version
X-Oracle-Dms-Rid
Edge-Cache-Tag
Alternate-Protocol
X-Logged-In
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
X-Kinsta-Cache
TCN
X-PressLabs-Stats
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
Surrogate-Key
Rt-Fastcgi-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Content-Digest
X-Cache-Key
Tracecode
X-Forwarded-For
X-TA-CDN-Provider
X-CF-Powered-By
X-Pad
Fastcgi-Cache
Server-Name
X-Oneagent-Js-Injection
Ar-Sid
X-Amzn-Trace-Id
X-Analytics
Backend-Timing
X-User-Agent
Fastly-Restarts
MicrosoftSharePointTeamServices
TP-Cache
TP-L2-Cache
Host
X-Cache-2
FilterID
X-Edge-Location
X-Rid
X-Debug-Info
X-Magnolia-Registration
X-Grace
X-B3-Sampled
ServerID
X-Whom
X-Mobile
X-Page-Id
X-Revision
X-IPLB-Instance
X-Content-Options
Eomportal-Instance
Front-End-Https
Paypal-Debug-Id
X-Hostname
X-Srv
X-Akam-SW-Version
AR-Request-ID
Refresh
X-NWS-LOG-UUID
X-LB-Cache
X-VCache
X-Content-Powered-By
Retry-After
X-Activity-Id
X-AppVersion
X-Az
X-GUploader-UploadID
X-Request-Received
X-B-Cache
X-Signature
X-Litespeed-Cache
X-Request-Processing-Time
X-Framework
X-SS-Set-Cookie
X-Cache-Action
X-Handled-By
Cleartype
X-Varnish-Hostname
X-Cluster
Source
X-App-Environment
X-Request-Guid
X-Platform-Server
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Control
X-Akamai-Edgescape
X-BCube-Filmed-By
X-Device-Type
X-Instance
X-FB-Debug
X-WA-Info
X-Content-Type
X-Content-Security-Policy-Report-Only
X-AOL-HN
Webserver
X-Ruxit-Js-Agent
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Zen-Fury
X-Cache-Hit
X-Varnish-Grace
Accept-Charset
Display
X-Sol
X-Middleton-Display
X-Cache-Rule
X-Varnish-Backend
X-Esi
Healthy
X-Wix-Request-Id
ViewerVersion
X-Seen-By
X-TT
X-Correlation-Id
X-Origin-Server
X-URL
X-Fastcgi-Cache
X-Drupal-Cache-Tags
Response
X-Middleton-Response
X-Cache-Server
Cache-Status
X-DataStream-Cache-Status
Upgrade-Insecure-Requests
MS-CV
X-Daa-Tunnel
X-Cached-By
X-CACHE-GROUP
X-Varnish-Server
X-Cache-Age
X-Amz-Replication-Status
X-Geo-Country
X-Drupal-Cache-Contexts
X-Generated-By
X-App-Server
X-Amzn-RequestId
X-PHP-Backend
X-Storage
X-Amz-Apigw-Id
Payment
Filters
X-UA-Device-Type
X-Response-Served-From
Server-Node
NGB
X-Adobe-Content
Access-Control-Allow-Method
GEO-INFO
X-S
X-Amz-Server-Side-Encryption
X-Adobe-Loc
X-Cacheable-TTL
ServedBy
X-TT-TIMESTAMP
X-Contextid
Viewport
X-FW-Hash
X-FW-Type
X-Varnish-IP
X-FW-Server
X-Servedby
X-FW-Static
X-Edge-Cache
X-WPE-Loopback-Upstream-Addr
X-RequestSource
X-UUID
X-Jobs
X-Edge-Cache-Key
Actual-Object-TTL
X-Locale
X-FW-Serve
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-TX-ID
X-Varnish-Hits
X-Cache-Remote
X-Accel-Expires
Cache-Tv-Group
X-Cache-NE
Server-Info
X-HS-Cache-Config
AsisCache
S-Cnection
X-WebKit-CSP-Report-Only
X-Cache-TTL-Remaining
X-Status
From-Origin
X-Dns-Prefetch-Control
X-Rendered-As
X-GeoIP
Host-Header
X-App-Version
X-Cache-Operation
Cache
X-Region
X-Croise-Owner
X-XRDS-LOCATION
SRV
X-Webkit-CSP
HostName
X-Redis-Cache
Served-By
X-APP-VERSION
Content-Script-Type
X-Node-Name
Content-Style-Type
X-BACKEND-TTL
DC
X-Hyper-Cache
Liferay-Portal
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-CACHE-KEY
Public-Key-Pins-Report-Only
X-RTag
X-Upgrade-Enabled
Ms-Operation-Id
Cache-Tag
X-Cache-Var-Map
X-Cache-Var
X-Cache-Category-Id
X-Detected-As
X-Generated
X-Parent-Response-Time
X-Hosted-By
X-Grey
X-Vg-Webcache
X-Timing-Wait
X-Mode
X-RN-RSRV
X-Cache-Config
X-Proxy-Build
Machine
X-Site-Version
Selected-FE
Meta-Geo
X-Webstats-RespID
X-Path-Route
X-NGENIX-Cache
X-Is-Bot
X-NCache
X-TNCMS
Now
X-Web-Node
X-Akamai-Transformed
X-Agile
Origin-Edge-Control
X-Request-Time
X-Protected-By
X-ProxyCache-Key
X-ProxyCache-Status
X-Upstream-HT
X-Edge-IP
Origin-Cache-Control
X-Agile-Age
Cache-Name
X-Upstream-CT
X-Loop
X-L-Path
X-Labrador-Cache-Channel
X-Environment-Context
X-Agile-Id
X-CDN-Cache
X-Via-Fastly
X-BYPASS-REASON
X-Human
X-Internal-Host
X-Akamai-Request-ID
X-Original-Request
X-Origin-Response-Time
Azure-RegionName
X-Format
Azure-SiteName
X-RemovedCookies
X-IP
Azure-SlotName
X-Origin-Host
X-Tumblr-Pixel-3
DB-Nickname
X-Birta-Cache-Post
X-Birta-Served
X-Pc-Appver
User-Cache-Control
X-Pc-Hit
X-Pc-Key
X-ProcessESI
X-JoinUs
Cache-Key
X-Origin-CC
X-Proxy
X-Origin
Azure-Version
Azure-InstanceId
X-Viewer-Country
X-Time-Microsecs
X-ServerID
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
TWC-GeoIP-Country
Webcakes-App-Version
TWC-Connection-Speed
Property-Id
S-Rt
X-B3-Spanid
Webcakes-Region
TWC-Device-Class
X-OCL
X-Tb
X-Ocache
X-Origin-Hint
X-VG-TLSProxy
X-Www-Served-By
X-Guploader-Uploadid
Load-Balancing
X-PCL
X-Xfnlog-Site
X-CCM
X-Access
Webcakes-App-Name
X-Section
Fastcgi-Useragent
Cache-Tags
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Pubstack
X-FC-Vary-Parameters
X-App-Name
X-Rule
X-Vgn-Hpd-Reason
X-Forwarded-Host
X-Routing-Service
X-Zipkin-Id
Xserver
X-Backend-Name
HitType
X-Proxied
Vix-Hermes-Req-Id
X-FB-TRIP-ID
Powered-By-ChinaCache
X-TIME
Pagespeed
X-PERF
Mn-Server-Ip
Country
X-GRACE
X-ApacheServer
X-Endurance-Cache-Level
X-Cache-TTL
X-Via-CDN
X-Cache-Backend
X-Content-Age
X-Nginx-Cache
X-Mrs-Cache
X-Correlation-ID
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Cdn-Forward
X-UA
X-RateLimit-Limit
OT-Force-Account-Verify
Time
Fusion-Content-Id
Fusion-Component-Id
X-Ezoic-Cdn
Fusion-Template-Id
Fusion-Content-Source
Datacenter
Fusion-Source
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
Ohc-File-Size
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Shopify-Stage
X-Varnish-Cacheable
X-Debug-Cache
X-Varnish-Beresp-Ttl
X-Newrelic-App-Data
X-OVcl-Cache
X-Sucuri-ID
X-OVcl
X-Real-IP
NtCoent-Length
X-Real-Ip
X-Pc-Date
X-Pc-Host
LB
X-Varnish-Beresp-Status
L5d-Success-Class
X-Ua
X-Varnish-Beresp-Grace
X-Ratelimit-Limit
We-Hiring
X-Unique-ID
Mail-Subject
X-MP-GENERATED-AT
X-Hl-Ver
X-CDN-Forward
Section-Io-Cache
X-HS-Combine-CSS
AR-SID
X-Amz-Meta-Surrogate-Control
X-Hit
X-Proto
X-Trace-Id
User-Agent
X-Cache-Enabled
X-Front
X-Akamai-Request-ID2
X-Nc
Access-Control-Request-Headers
X-Dynatrace-Js-Agent
Pagetype
Version
X-C
X-Time
X-EdgeConnect-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Rocket-Nginx-Bypass
X-Microcachable
Warning
Accept-Language
Request-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
Rendered-Blocks
Fastly-SWR
Release
Fly-Cache
Resin-Trace
Powered-By
X-P-T
Rt-Proxy-Cache
Server-Host
Ec-Rule-Version
Fastly-Backend-Name
RNT-Time
RNT-Machine
X-Developer
Platform
Fly-Request-Id
X-Li-Pop
Memcached
X-Layer
IBM-Web2-Location
MD5-Digest
X-Li-Fabric
Server-ID
Is-Eu
X-LI-Proto
X-LI-UUID
X-NU-AKA-ACS-Version
Frame-Options
PFcat
Node
X-Matched-Rule
X-Logtrace-Id
Meta-Geo-Continent
Mobile-Detection-Method
X-Level-Front-Cache
X-A
X-Cache-Host
X-Cache-Id
X-Cache-URL
X-External-Request-Id
X-Cache-FS-Status
X-Cache-Expires
X-BB-ID
X-Bip
X-Cache-Bucket
X-Cache-Debug
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Dispatcher-Server
X-Died
X-Device-Os
X-Destination
X-Date
X-D
X-Connection-Hash
X-DPWN-IS-SECURE
X-Crawler
X-CUA
X-Fetched-On
X-B-Cookie
VivaBuild
X-G
Www
X-Passed-To
Viewtype
V-Age
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Generated-In
X-A-Ccd
X-A-Dam
X-Aed
X-From
X-Application
X-Auto-Login
X-Actual-URL
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-FW-Version
X-Generated-On
Fastly-SIE
X-S-Maxage
X-S-Cookie
X-Rojux
X-Rewrite-Enabled
X-Server-Cache
X-ScT
X-Server-IP
X-Server-By
X-Served-From
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RCS-CacheZone
X-Reboot
X-Region-Sid
X-Passed-To-BeforeDispatch
X-Returned-From
X-Request-UUID
X-Server-Time
X-SRCache-Key
X-Variation
X-Var-Ttl
X-User
X-Varnish-Action
X-VG-WebServer
Xc-Version
X-WebServer
X-We-Are-Hiring
X-UE-Client-Country
X-Twitter-Response-Tags
X-Swa-Ws
X-Svr
X-Store
X-Thanos
X-Thinkindot-L3
X-TT-LOGID
X-Trv-Group
X-Transaction
X-Qloud-Router
X-Returned-From-BeforeDispatch
X-PAYTM-SRV-ID
Ajk
X-PHP-Host
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
Cache-Prefix
Arc-Country
Adler-Geo
BehaviorPad-Version
Cache-Cookie-Set-From
X-Backend-Host
Backend-Name
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Fstrz
X-Stale
X-Server-Group
GMS-Ver
Lfy
Web-Mar-Node
X-Node-Id
X-ServiceProvider
X-Origin-Expires
X-Origin-Date
X-Sf
Backend
Cache-Cookie-Set-Lfrom
Content-Disposition
Country-Code
X-Epic-Correlation-Id
X-Clientip
X-Distributor
Magicmarker
X-ARC
X-Amz-Meta-Cache-Control
X-Via-NSCOPI
Countrycode
Decoy-Debug-Key
X-Cache-CFC
X-Block-Status
GW-Server
Cache-Cookie-Set-Idcheck
Esi-Enabled
X-UnsetCookies
Decoy-Debug-Status
X-F5-Cache
Decoy-Debug-TTL
X-Backend-Url
Who
X-IN-WAF
X-Release
X-ElasticPress-Search
Heartbleed
Pramga
X-Secret
X-Hnp-Log
X-IN-APIGATEWAY
Proxy-Connection
Origin
X-Instart-Info
Kp-EeAlive
Ohc-Response-Time
X-Proxy-Upstream
X-Proxy-Cache-Status
MI-API
AKAMAI
MI-Cache-Age
MI-Cache
X-Hash
X-IN-SSL-APIGATEWAY
X-MSEdge-Flight
X-MSEdge-Features
X-MI-In-Market
X-GeoIP-Country-Code
True-Client-Country-4JS
X-Nginx-Cache-Key
X-No-Session
X-Gannett-Site-Version
X-Gen-Mode
Server-Int
SS
X-Phone
X-Response-By
SD-X-WS
X-Location
X-Be
X-NODE
X-Distil-CS
X-Up
X-Fastly-Cache
X-Irp-Debug
X-Wikidot-Static-Cache
X-Developers
X-Wikidot-Backend
X-Request-URI
X-Page-Type
X-Eu-Site
X-SIPLIST1
X-Origin-TTL
X-Micro-Cache
X-Key
X-V
X-Info
X-Request-Start
X-Debug-Cache-Fetch
HA-Ipaddr
HA-Host
Ha-Gx-Prefs
HA-Georegion
HA-Servedtime
HA-Urlpath
REQUESTUUID
On-Server
IsBot
HA-Geolon
HA-Geolat
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
CDCHOST
Fastly-Soc-X-Request-Id
HA-Geocountry
HA-Geocity
HA-Cloudapp
ServerName
Fastly-SSL
X-Backend-State
X-Debug-Cache-Expiry
X-Cache-Info
X-Cdn-Srv
X-Core-Mission
X-CGP
X-Debug-Cache-Store
X-Core-Value
PageSpeed
X-DC
X-Sn-Servicetimems
X-CACHE-AGE
X-Cdn-Origin
X-Debug-Log
X-Geo
X-Policy
X-Debug-Cookies
X-NX-Host
X-Servername
X-Platform
WZWS-RAY
X-Dc
X-CMS-Context
X-Refresh
X-COUNTRY
RequestId
X-NC
X-Org
X-Via-SSL
MIME-Version
X-Via-Edge
X-Pjax-Url
Cteonnt-Length
X-LAGOON
X-Newrelic-Synthetics
X-Datadome
X-VarnCache
X-VarnPar1
X-PARISIEN-Cache-Rendered
Pragrma
X-Servedbyhost
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
UCS
NGX
Request-Country
X-Instance-Name
Request-EU
Uber-Trace-Id
Cdn
Locale
Memory
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Req
Mime-Version
X-NWS-UUID-VERIFY
Host-ID
Group
V-Cache
X-VCT
X-Wa
Cache-Provider
PICS-Label
X-CSRF-TOKEN
X-GeoIP-City
Nel
X-Gdpr
X-RateLimit-Remaining-Second
X-Webkit-Csp
X-RateLimit-Limit-Second
X-FireWall-Port
X-Generation-Time
CF-IPCountry
X-HTML-Minification-Powered-By
X-Varnish-Cache-Hits
X-WR-MODIFICATION
CDN
GeoIP-Country-Code
XServer
X-BBXSRF
GeoIP-Latitude
X-B3-Traceid
X-Ratelimit-Remaining
X-Fastly-Country-Code
X-Varnish-Authentication
X-Sedo-Request-Id
X-Cache-Miss-From
X-Cache-Grace
Server-Cache-Control
Server-Surrogate-Control
X-Powered-By-ANYU
HitInfo
X-Aicache-OS
X-DataStream-Origin-MEX-Latency
X-Cache-ASPX
X-DataStream-MidMile-RTT
X-UPSTREAM-Address
X-Load-Cache
X-FORWARDED-FOR
X-IPS-LoggedIn
X-StackifyID
Cf-Ipcountry
X-Varnish-Url
X-VG-WebCache
Geoip-Latitude
GeoIp-Country-Code
X-Check-Cacheable
X-ND-Cache
X-Source
X-Instart-Isnd
X-EIG-Tracking-Id
X-Sucuri-Cache
X-RCS-Backend
X-From-Cache
X-Fastly-Backend-Reqs
X-HOST
URI
CACHE
X-TWH-CORRELATION-ID
Proxy-Firewall
X-CDN-Pop-IP
X-Fastly-Cache-Hits
X-CDN-Pop
Get-Access-Time
Is-Session-Tracking
X-APP
Pics-Label
X-GEO
X-WA
X-Unique-Id
FSS-Cache
X-Varnish-Beresp-TTL
Powered
DataCenter
X-Dynatrace
FSS-Proxy
X-GoCache-CacheStatus
X-SRV
X-R9-Blue-Green-Version
X-FW-Dynamic
X-Skip-Cache
X-NodeID
X-Nananana
X-Server-W
X-VC-Cache
X-Sentry-ID
Processtime
X-ID
X-ABtesting
X-Hello
X-GDPR
X-Csrf-Token
X-ServedByHost
X-Pc-Subdomain
X-Cluster-Node
SN
WP-Super-Cache
X-VServer
X-Flog
Amp-Access-Control-Allow-Source-Origin
X-RequestId
X-PJAX-URL
X-PF-Uncompressing
X-B3-SpanId
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-HS-Status
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-CSRF-Token
X-Fe
X-BE
X-TrackingId
X-Pf-Uncompressing
Dynatrace
X-GZip
Hostname
Cache-Hits
X-Amzn-Remapped-Date
X-GZIP
X-Worker
X-Backend-TTL
X-Bug-Bounty
X-Amzn-Remapped-Connection
X-Gen-Id
TSSecure
Requestid
X-LiteSpeed-Cache-Control
X-Swift-Error
X-NGINX-Cache
ProcessTime
X-ORIG-AKA-EDGE
Cdn-Host
X-Cache-Ttl
X-MServer
X-Edge-Server
Cdn-Request-Time
Serverid
X-Alicdn-Da-Ups-Status
X-Tb-Optimization-Total-Bytes-Saved
X-ServerName
X-LiteSpeed-Tag
A
DSUID
X-RAMCache
X-VC
T-Server
X-ORIG-AKA-COUNTRY-CODE
X-SB
RequestUuid
X-HostName
X-PAGE-TYPE
X-Varnish-URL
X-ES-SERVER
Cneonction
Location
X-CS
X-SN
X-Requestid
X-Owner
SID
X-VarnPar2
X-Akamai-ERRuleID
NnCoection
X-Port
X-Developed-By
X-Serial
Xet-Cookie
X-Akamai-ERPolicy
Correlation-Id
X-Dw-Trace-Id