Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-Request-ID
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Via
X-Pingback
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Request-Context
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Amz-Version-Id
Content-Location
Surrogate-Control
X-Server-Id
X-Cnection
X-Node
X-OneAgent-JS-Injection
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-Application-Context
X-Rack-Cache
X-CST
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Trace
X-Px
X-Server-ID
X-DataDome
X-Vhost
X-ESI
X-Server-Name
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Ruxit-JS-Agent
Accept-CH
RTSS
X-Goog-Hash
X-MS-InvokeApp
X-Cached
Charset
Pinterest-Generated-By
SPRequestGuid
X-Mod-Pagespeed
X-TTL
X-TtlSet
X-PC
X-Vname
Public-Key-Pins
Verso
X-F-Cache
X-D2id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Version
X-Dispatcher
X-Cdn
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-DIS-Request-ID
X-Abt-Application-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
X-Origin-Upstream-Status
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Navigation-Version
X-B
X-Forwarded-Proto
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-Amz-Rid
MS-Author-Via
X-Recruiting
Realpath
X-Client-IP
DynaTrace
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-Upstream
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Nginx-Cache
Content-MD5
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Ttl
Arr-Disable-Session-Affinity
Edge-Cache-Tag
X-Hits
X-Debug
X-Varnish-Age
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-N
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Goog-Storage-Class
X-Oracle-Dms-Rid
X-Aspnet-Version
X-MSEdge-Ref
X-NF-Request-ID
X-Via-JSL
X-Dw-Request-Base-Id
X-Acc-Meta-Resource-Type
Access-Control-Request-Method
TCN
X-XRDS-Location
S
X-NewRelic-App-Data
X-ATG-Version
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-Id
Service-Worker-Allowed
X-FTR-Expires
X-Logged-In
X-Oneagent-Js-Injection
Alternate-Protocol
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
X-Kinsta-Cache
X-Frontend
X-PressLabs-Stats
Rt-Fastcgi-Cache
Surrogate-Key
Tracecode
AMP-Access-Control-Allow-Source-Origin
X-Content-Digest
X-FastCGI-Cache
X-Cache-Key
X-Pad
X-FTR-Cache-Host
X-Grace
MicrosoftSharePointTeamServices
Fastly-Restarts
X-RateLimit-Remaining
X-CF-Powered-By
Server-Name
X-Amzn-Trace-Id
Fastcgi-Cache
X-Edge-Location
X-Analytics
Backend-Timing
X-Content-Options
X-Ruxit-Js-Agent
Ar-Sid
TP-Cache
TP-L2-Cache
Host
FilterID
X-User-Agent
X-Rid
X-Cache-2
X-Magnolia-Registration
X-Whom
X-Debug-Info
X-B3-Sampled
X-Revision
X-IPLB-Instance
Eomportal-Instance
X-Page-Id
ServerID
X-Mobile
X-Hostname
X-Request-Processing-Time
X-Request-Received
X-NWS-LOG-UUID
AR-Request-ID
X-Srv
X-Akam-SW-Version
Paypal-Debug-Id
X-VCache
X-AOL-HN
Front-End-Https
Retry-After
Refresh
X-Content-Powered-By
X-Signature
X-B-Cache
X-Litespeed-Cache
X-GUploader-UploadID
X-Device-Type
X-Cluster
X-Cache-Action
X-Framework
X-Handled-By
Source
X-Request-Guid
X-LB-Cache
Cleartype
X-Varnish-Hostname
X-FB-Debug
X-SS-Set-Cookie
X-App-Environment
X-WA-Info
X-Cache-Control
X-BCube-Filmed-By
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Instance
X-Correlation-Id
X-Varnish-Grace
X-Cache-Hit
X-Fastcgi-Cache
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-HS-Cache-Config
Webserver
X-AppVersion
X-Activity-Id
X-Az
X-Zen-Fury
Display
X-Sol
X-Middleton-Display
X-XRDS-LOCATION
X-Content-Type
X-Varnish-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Healthy
X-Cache-Rule
X-Cache-Server
X-TA-CDN-Provider
Response
X-Middleton-Response
ViewerVersion
X-Varnish-Server
X-Cache-Age
X-Seen-By
X-Daa-Tunnel
X-Wix-Request-Id
X-URL
X-Drupal-Cache-Tags
X-TT
Upgrade-Insecure-Requests
X-App-Server
X-Generated-By
X-Cached-By
X-Drupal-Cache-Contexts
X-Origin-Server
X-Geo-Country
Cache-Status
X-DataStream-Cache-Status
X-CACHE-GROUP
Server-Node
S-Cnection
Accept-Charset
X-Amz-Replication-Status
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Accel-Expires
X-Esi
Payment
X-S
X-Response-Served-From
Filters
X-UA-Device-Type
NGB
X-Adobe-Content
GEO-INFO
Access-Control-Allow-Method
X-Adobe-Loc
X-Cacheable-TTL
X-Edge-Cache-Key
X-Contextid
X-Servedby
X-Edge-Cache
X-Locale
ServedBy
X-Cache-NE
X-RequestSource
X-UUID
Viewport
Actual-Object-TTL
X-Varnish-IP
X-Status
X-Jobs
X-TT-TIMESTAMP
X-Tumblr-Pixel-2
X-FW-Server
X-Varnish-Hits
X-FW-Hash
X-TX-ID
X-FW-Serve
X-FW-Static
X-Tumblr-Pixel-1
X-FW-Type
X-Storage
X-Amz-Server-Side-Encryption
AsisCache
Server-Info
Cache-Tv-Group
X-WebKit-CSP-Report-Only
X-GeoIP
X-PHP-Backend
MS-CV
X-WPE-Loopback-Upstream-Addr
X-Dns-Prefetch-Control
X-Cache-Remote
HostName
X-Node-Name
X-Rendered-As
X-Cache-TTL-Remaining
X-Croise-Owner
X-App-Version
Cache
Host-Header
From-Origin
SRV
X-Region
X-Vg-Webcache
X-Cache-Operation
X-Hyper-Cache
X-Webkit-CSP
X-Redis-Cache
X-APP-VERSION
Served-By
Liferay-Portal
X-Dynatrace-Js-Agent
Public-Key-Pins-Report-Only
Cache-Tag
DC
X-HS-Combine-CSS
X-Mode
X-CACHE-KEY
X-Agile-Age
X-Path-Route
X-Proxy-Build
X-NGENIX-Cache
X-Generated
X-Detected-As
X-BACKEND-TTL
Machine
Meta-Geo
X-Cache-Var-Map
X-Loop
X-RN-RSRV
X-Agile-Id
X-Human
X-Hosted-By
X-IP
X-Webstats-RespID
X-Akamai-Transformed
X-Cache-Var
X-Agile
X-Timing-Wait
X-Upgrade-Enabled
X-Is-Bot
X-TNCMS
X-Site-Version
Selected-FE
X-Forwarded-Host
Pagespeed
X-Labrador-Cache-Channel
X-L-Path
X-Original-Request
Cache-Name
X-Pc-Hit
X-Endurance-Cache-Level
X-JoinUs
X-Environment-Context
Origin-Edge-Control
Origin-Cache-Control
Powered-By-ChinaCache
X-BYPASS-REASON
X-Cache-Category-Id
X-Pc-Key
X-CDN-Cache
X-Grey
X-Pc-Appver
X-Upstream-HT
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Web-Node
X-Request-Time
X-Upstream-CT
X-ProxyCache-Status
X-ProxyCache-Key
Xserver
X-Birta-Served
X-Origin-Response-Time
X-Proxy
X-Birta-Cache-Post
S-Rt
Now
DB-Nickname
X-Viewer-Country
X-Akamai-Request-ID
X-VG-TLSProxy
X-Pubstack
X-NCache
X-RemovedCookies
X-Origin
X-Time-Microsecs
X-Tumblr-Pixel-3
X-FC-Vary-Parameters
X-ProcessESI
X-Internal-Host
X-Origin-Host
X-ServerID
X-UA
X-Www-Served-By
X-Via-CDN
X-Xfnlog-Site
Azure-InstanceId
Fastcgi-X-Cache-Version
Azure-SiteName
Azure-RegionName
X-Tb
X-PCL
X-Guploader-Uploadid
X-CCM
X-Cache-Config
X-Ocache
X-OCL
Fastcgi-X-Cache
X-Origin-CC
X-Rule
Azure-SlotName
Mn-Server-Ip
Fastcgi-Useragent
Cache-Tags
X-Format
Azure-Version
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
X-Proxied
Webcakes-Region
X-Origin-Hint
X-Routing-Service
X-Access
X-Section
X-Yottaa-Optimizations
TWC-Connection-Speed
X-Zipkin-Id
Property-Id
X-Backend-Name
TWC-Device-Class
X-Kong-Proxy-Latency
TWC-GeoIP-LatLong
X-Yottaa-Metrics
TWC-GeoIP-Country
TWC-Locale-Group
X-Kong-Upstream-Latency
X-App-Name
Content-Script-Type
X-Parent-Response-Time
HitType
Content-Style-Type
Cache-Key
X-B3-Spanid
X-Protected-By
Datacenter
User-Cache-Control
X-TIME
Vix-Hermes-Req-Id
X-Edge-IP
X-Cache-TTL
X-Nginx-Cache
OT-Force-Account-Verify
X-Alternate-Cache-Key
X-ShardId
X-Ezoic-Cdn
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Ms-Operation-Id
X-Shopify-Stage
X-RTag
X-ShopId
X-Akamai-Request-ID2
Time
X-FB-TRIP-ID
X-Real-IP
X-OVcl-Cache
X-OVcl
X-RateLimit-Limit
X-PERF
X-Cache-Backend
X-ApacheServer
X-Cdn-Forward
NtCoent-Length
X-Pc-Date
X-Pc-Host
X-Newrelic-App-Data
X-Mrs-Age
X-Unique-Id-Primal
L5d-Success-Class
X-Mrs-Cache
X-Mrs-Cache-Hits
Accept-Language
X-Mshield-Cache-Status
X-Front
AR-SID
X-Webkit-Csp
X-Content-Age
X-Correlation-ID
Country
X-Real-Ip
Load-Balancing
LB
X-Proto
X-Ratelimit-Limit
X-Varnish-Cacheable
X-Amz-Meta-Surrogate-Control
X-Debug-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Nc
Section-Io-Cache
X-Varnish-Beresp-Status
Ohc-File-Size
X-CDN-Forward
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Unique-ID
X-Sucuri-ID
WZWS-RAY
X-Hit
X-Hl-Ver
X-MP-GENERATED-AT
We-Hiring
Mail-Subject
X-GRACE
X-Trace-Id
Warning
Version
X-Time
X-CLOUD-TRACE-CONTEXT
User-Agent
X-EdgeConnect-Cache-Status
X-Microcachable
X-Geo
X-C
X-Date
X-Developer
X-Destination
X-Cache-URL
X-Device-Os
X-CF-Lambda-Version
X-Crawler
X-Connection-Hash
X-CUA
X-CF-Lambda-Fn
X-D
X-Died
X-Dispatcher-Server
X-Cache-Id
X-A-Wwc
Server-ID
Server-Host
SD-X-WS
Rt-Proxy-Cache
SS
Thinkindot-CacheControl
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
RNT-Machine
Resin-Trace
Node
Mobile-Detection-Method
Meta-Geo-Continent
Memcached
Platform
Powered-By
Request-Time
Rendered-Blocks
Release
Viewtype
VivaBuild
X-Bip
X-BB-ID
X-B-Cookie
X-Application
X-Cache-Bucket
X-Cache-Debug
X-Cache-FS-Status
X-Cache-Expires
X-Cache-Enabled
X-Aed
X-Actual-URL
X-A-Ccd
X-A
Www
X-A-Dam
X-A-Dcw
X-Accel-Expires-Debug
X-DPWN-IS-SECURE
X-A-Dgt
X-Cache-Host
X-Thanos
X-Rebelmouse-Surrogate-Control
X-VG-WebServer
X-Via-Edge
X-Varnish-Action
X-S-Maxage
X-S-Cookie
X-Reboot
X-Rebelmouse-Cache-Control
MD5-Digest
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-PHP-Host
X-Qloud-Router
X-RCS-CacheZone
X-Via-SSL
X-Region-Sid
X-Variation
X-Returned-From-BeforeDispatch
X-TT-LOGID
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rojux
X-Rewrite-Enabled
X-Twitter-Response-Tags
X-Returned-From
X-Request-UUID
X-Release
X-Var-Ttl
X-User
X-UE-Client-Country
X-Response-By
X-ScT
X-We-Are-Hiring
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Logtrace-Id
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Node-Id
X-Li-Fabric
X-Layer
X-From
X-Fetched-On
X-FW-Version
X-G
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-In
X-Org
X-P-T
X-Transaction
X-Server-By
X-Served-From
X-Trv-Group
X-WebServer
X-Passed-To-DLL
X-Server-Time
X-SRCache-Key
X-Passed-To-BeforeDispatch
X-Passed-To
Xc-Version
X-Thinkindot-L3
X-Store
X-Swa-Ws
X-External-Request-Id
RNT-Time
Fly-Cache
Fastly-SWR
Ajk
Arc-Country
Fly-Request-Id
BehaviorPad-Version
Cache-Prefix
Frame-Options
Fastly-Backend-Name
Fastly-SIE
Access-Control-Request-Headers
X-Via-NSCOPI
X-Ua
IBM-Web2-Location
Is-Eu
Adler-Geo
Ec-Rule-Version
X-Rocket-Nginx-Bypass
Pagetype
Cache-Cookie-Set-From
Backend
X-Clientip
AKAMAI
X-Cache-CFC
Country-Code
X-Auto-Login
Countrycode
X-Backend-State
Content-Disposition
Cache-Cookie-Set-Lfrom
X-Distributor
X-Block-Status
Cache-Cookie-Set-Idcheck
X-Gen-Mode
X-Proxy-Cache-Status
X-Request-Start
X-Phone
X-Origin-Expires
X-Origin-Date
X-Server-IP
X-ServiceProvider
X-SVT-ORM-VERSION
X-UnsetCookies
X-SVT-ORM-RULES
X-Stale
X-Sf
X-No-Session
X-Nginx-Cache-Key
X-Hash
X-Hnp-Log
X-GeoIP-Country-Code
X-Amz-Meta-Cache-Control
X-Fstrz
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Location
X-MI-In-Market
X-Key
X-Info
X-IN-WAF
X-F5-Cache
X-Proxy-Upstream
True-Client-Country-4JS
GW-Server
On-Server
Web-Mar-Node
Proxy-Connection
MI-Cache-Age
Server-Int
Magicmarker
Kp-EeAlive
MI-API
MI-Cache
Origin
GMS-Ver
Esi-Enabled
Decoy-Debug-Status
Decoy-Debug-TTL
Pramga
Heartbleed
Decoy-Debug-Key
Fastly-SSL
PFcat
X-Be
X-NODE
X-Dc
X-ElasticPress-Search
X-Up
X-V
X-Page-Type
X-Fastly-Cache
HA-Georegion
HA-Host
X-Gannett-Site-Version
Ha-Gx-Prefs
HA-Ipaddr
HA-Urlpath
X-Irp-Debug
X-Secret
X-Request-URI
X-Micro-Cache
X-Eu-Site
X-Server-Group
REQUESTUUID
X-Policy
X-SIPLIST1
HA-Servedtime
IsBot
HA-Geolon
X-Core-Mission
HA-Cloudapp
X-Core-Value
HA-Geocity
HA-Geocountry
X-Distil-CS
X-MSEdge-Features
X-Backend-Host
X-Backend-Url
X-Svr
X-MSEdge-Flight
Who
X-CGP
Backend-Name
HA-Geolat
X-Epic-Correlation-Id
X-DC
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Wikidot-Static-Cache
X-Refresh
X-Generated-On
X-Level-Front-Cache
X-NX-Host
Pragrma
X-Origin-TTL
Apple-News-Services-Host
X-Platform
X-Wikidot-Backend
CDCHOST
X-Sn-Servicetimems
X-Developers
X-Debug-Cache-Expiry
Fastly-Soc-X-Request-Id
X-Debug-Cache-Fetch
X-Debug-Cookies
Apple-News-Services-Parsed-Url
X-Debug-Cache-Store
X-Cdn-Origin
X-Debug-Log
ServerName
X-Instart-Info
X-Urbn-Site-Id
X-COUNTRY
X-Urbn-Context-Path
Locale
Lfy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Servername
Uber-Trace-Id
UCS
Request-EU
RequestId
Request-Country
X-Instance-Name
X-Cache-Info
X-VarnCache
X-PARISIEN-Cache-Rendered
X-Cdn-Srv
X-VarnPar1
Ohc-Response-Time
X-Server-Cache
X-NWS-UUID-VERIFY
Host-ID
X-Pjax-Url
V-Cache
Group
PageSpeed
MIME-Version
X-VCT
X-GeoIP-City
X-NC
X-ARC
X-CACHE-AGE
X-Req
X-Newrelic-Synthetics
Cteonnt-Length
X-Datadome
HitInfo
Cdn
Cache-Provider
Memory
X-CMS-Context
X-BBXSRF
Mime-Version
X-Powered-By-ANYU
PICS-Label
X-Gdpr
X-Servedbyhost
X-Ratelimit-Remaining
X-EIG-Tracking-Id
X-LAGOON
Nel
X-TWH-CORRELATION-ID
X-WR-MODIFICATION
X-Aicache-OS
X-StackifyID
X-Wa
NGX
CF-IPCountry
GeoIP-Latitude
X-HTML-Minification-Powered-By
GeoIP-Country-Code
X-B3-Traceid
X-Load-Cache
X-Fastly-Country-Code
CDN
X-UPSTREAM-Address
XServer
X-Fastly-Backend-Reqs
X-FireWall-Port
X-Cluster-Node
X-CSRF-TOKEN
Cf-Ipcountry
FSS-Cache
X-Varnish-Cache-Hits
X-Sentry-ID
X-Generation-Time
FSS-Proxy
X-RateLimit-Remaining-Second
X-NodeID
X-WA
X-RateLimit-Limit-Second
X-Cache-Miss-From
X-VServer
X-Flog
X-ID
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
X-Check-Cacheable
X-Sedo-Request-Id
Processtime
X-Hello
X-ABtesting
Geoip-Latitude
X-Csrf-Token
X-SRV
SN
X-Cache-Grace
X-HOST
X-Unique-Id
X-Source
CACHE
X-Varnish-Beresp-TTL
Server-Surrogate-Control
X-Oss-Request-Id
Server-Cache-Control
X-ServedByHost
X-Oss-Storage-Class
X-GZip
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
WP-Super-Cache
X-CDN-Pop
X-CDN-Pop-IP
X-Cache-ASPX
X-Varnish-Authentication
X-APP
URI
X-GDPR
X-Nananana
Pics-Label
X-DataStream-MidMile-RTT
X-Dynatrace
X-RCS-Backend
X-CSRF-Token
X-DataStream-Origin-MEX-Latency
X-IPS-LoggedIn
TSSecure
X-Skip-Cache
Cdn-Request-Time
Cdn-Host
X-VC-Cache
X-FORWARDED-FOR
X-MServer
X-Varnish-Url
X-Worker
X-Edge-Server
DataCenter
X-B3-SpanId
A
X-ND-Cache
X-Instart-Isnd
X-HS-Status
X-VG-WebCache
PageType
Get-Access-Time
Is-Session-Tracking
X-GoCache-CacheStatus
X-Sucuri-Cache
X-Fastly-Cache-Hits
X-Swift-Error
X-BE
Serverid
Proxy-Firewall
Hostname
X-Port
Dynatrace
X-From-Cache
X-PJAX-URL
HTTPS
X-VWS-Id
X-AWS-Id
X-SplitTest
X-LJ-Flow-ID
X-Gen-Id
X-Amzn-Remapped-Connection
Odigeo-Trace-Id
X-Amzn-Remapped-Date
Powered
X-Bug-Bounty
X-Server-W
X-Pf-Uncompressing
X-Backend-TTL
X-GZIP
X-SN
X-Owner
X-VarnPar2
X-NGINX-Cache
X-Fe
Requestid
X-Cache-Ttl
X-ORIG-AKA-EDGE
X-Pc-Subdomain
Cache-Hits
X-Amz-Meta-S3b-Last-Modified
T-Server
WebServer
X-PAGE-TYPE
RequestUuid
X-LiteSpeed-Cache-Control
X-HostName
X-Varnish-URL
X-RAMCache
X-RequestId
X-PF-Uncompressing
X-ORIG-AKA-COUNTRY-CODE
X-GEO
X-ServerName
X-Serial
X-Alicdn-Da-Ups-Status
X-SB
X-Dw-Trace-Id
X-VC
X-R9-Blue-Green-Version
Correlation-Id
X-LiteSpeed-Tag
Xet-Cookie
X-Developed-By
NnCoection
X-CS
X-Akamai-ERPolicy
X-Akamai-ERRuleID
Location
X-Akamai-SSL-Client-Sid
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
SID
X-HTML-Edge-Cache
X-Ms-Blob-Type