Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Amz-Cf-Pop
X-Download-Options
P3p
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
CF-Ray
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
X-Request-ID
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Server
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Age
X-Via
X-Pingback
Grace
X-Nginx-Cache-Status
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
X-WebKit-CSP
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
X-Cnection
X-OneAgent-JS-Injection
X-Node
X-Readtime
Content-Location
Surrogate-Control
EagleEye-TraceId
X-CST
Report-To
X-Host
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Rack-Cache
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
Allow
X-Url
X-Clacks-Overhead
NEL
Rating
X-DynaTrace
Edge-Control
X-Country
X-Origin-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-Cdn
X-B3-TraceId
X-Px
X-Server-ID
X-DataDome
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Vhost
X-GitHub-Request-Id
X-ESI
X-Trace
X-VARITI-CCR
Accept-CH
X-Goog-Hash
Charset
X-TTL
X-Server-Name
RTSS
X-Cached
Pinterest-Generated-By
X-MS-InvokeApp
X-Mod-Pagespeed
X-Mobile-Rewrite
PB-RID
PB-PID
Verso
Arc-Version
X-D2id
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
Public-Key-Pins
X-Kinja
X-Version
X-F-Cache
SPRequestGuid
X-PC
X-TtlSet
X-Vname
X-Dispatcher
X-DynaTrace-JS-Agent
X-DIS-Request-ID
X-Powered-By-Plesk
Accept-CH-Lifetime
X-T
X-Abt-Application-Version
X-Powered-CMS
X-SharePointHealthScore
X-Origin-Upstream-Status
X-Fastly-Request-ID
X-Ser
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-B
X-Client-IP
X-Amz-Rid
Realpath
X-Shield-Request-Id
X-Recruiting
X-Forwarded-Proto
MS-Author-Via
X-HW
X-Upstream
SPIisLatency
SPRequestDuration
DynaTrace
X-Vcap-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-XRDS-Location
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
Arr-Disable-Session-Affinity
X-Varnish-Age
AR-PoweredBy
AR-ATIME
AR-CACHE
Content-MD5
X-Debug
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-Via-JSL
X-Oracle-Dms-Rid
X-Aspnet-Version
X-Hits
X-MSEdge-Ref
X-Id
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-N
X-Ttl
X-NF-Request-ID
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
Service-Worker-Allowed
X-FTR-Expires
X-NewRelic-App-Data
S
Access-Control-Request-Method
X-ATG-Version
Edge-Cache-Tag
Alternate-Protocol
X-Logged-In
X-FastCGI-Cache
AMP-Access-Control-Allow-Source-Origin
TCN
X-PressLabs-Stats
X-Kinsta-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
Surrogate-Key
X-Forwarded-For
Rt-Fastcgi-Cache
X-RateLimit-Remaining
X-FTR-Cache-Host
X-Cache-Key
X-Content-Digest
Tracecode
X-TA-CDN-Provider
X-CF-Powered-By
X-Pad
Fastcgi-Cache
X-CACHE-GROUP
Server-Name
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Ar-Sid
X-Analytics
Backend-Timing
X-User-Agent
MicrosoftSharePointTeamServices
Fastly-Restarts
Host
TP-L2-Cache
X-Cache-2
TP-Cache
X-Edge-Location
X-Rid
X-Magnolia-Registration
FilterID
X-Debug-Info
X-B3-Sampled
ServerID
X-Grace
X-Whom
X-Mobile
X-Page-Id
X-Revision
X-IPLB-Instance
X-Content-Options
Eomportal-Instance
Front-End-Https
Paypal-Debug-Id
X-Hostname
X-Akam-SW-Version
X-Srv
AR-Request-ID
Refresh
X-NWS-LOG-UUID
X-LB-Cache
X-VCache
X-Content-Powered-By
X-Request-Processing-Time
Retry-After
X-Litespeed-Cache
X-AppVersion
X-Az
X-Request-Received
X-Activity-Id
X-Framework
X-Cache-Action
X-SS-Set-Cookie
X-App-Environment
X-B-Cache
X-Handled-By
X-Signature
Source
X-GUploader-UploadID
X-Request-Guid
X-Tumblr-Pixel
X-Cluster
X-Platform-Server
X-Cache-Control
X-Tumblr-User
X-Varnish-Hostname
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Device-Type
X-Instance
X-BCube-Filmed-By
Cleartype
X-WA-Info
X-Content-Security-Policy-Report-Only
X-Content-Type
VIX-Pulpo-Node
X-AOL-HN
VIX-Pulpo-Upstream-Status
X-FB-Debug
X-Ruxit-Js-Agent
Webserver
X-Zen-Fury
X-Cache-Hit
X-Varnish-Grace
X-Middleton-Display
Display
X-Sol
Accept-Charset
X-Cache-Rule
X-Varnish-Backend
Healthy
X-Seen-By
ViewerVersion
X-TT
X-Wix-Request-Id
X-Webkit-CSP
X-Correlation-Id
X-Fastcgi-Cache
X-Origin-Server
X-URL
Response
X-Cache-Server
X-Drupal-Cache-Tags
X-Middleton-Response
Upgrade-Insecure-Requests
Cache-Status
MS-CV
X-Daa-Tunnel
X-DataStream-Cache-Status
X-Varnish-Server
X-Cache-Age
X-PHP-Backend
X-Generated-By
X-Geo-Country
X-Esi
X-Amz-Replication-Status
X-Cached-By
X-Drupal-Cache-Contexts
X-Amzn-RequestId
X-Amz-Apigw-Id
Payment
X-Storage
X-App-Server
NGB
X-UA-Device-Type
Filters
Server-Node
X-Response-Served-From
X-S
GEO-INFO
X-Amz-Server-Side-Encryption
X-Adobe-Content
X-Adobe-Loc
X-RequestSource
X-Locale
X-Varnish-IP
X-Servedby
X-TT-TIMESTAMP
Actual-Object-TTL
X-FW-Hash
X-Cacheable-TTL
X-Contextid
ServedBy
X-FW-Type
X-WPE-Loopback-Upstream-Addr
Access-Control-Allow-Method
X-Edge-Cache
X-FW-Static
X-Edge-Cache-Key
X-FW-Server
X-FW-Serve
X-UUID
Viewport
X-TX-ID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
AsisCache
X-Varnish-Hits
X-Accel-Expires
X-Cache-NE
Server-Info
X-Jobs
X-Cache-Remote
X-HS-Cache-Config
X-WebKit-CSP-Report-Only
S-Cnection
X-Cache-TTL-Remaining
X-Status
X-Dns-Prefetch-Control
From-Origin
X-Rendered-As
Host-Header
X-GeoIP
X-Cache-Operation
X-Region
X-APP-VERSION
X-Croise-Owner
X-XRDS-LOCATION
Cache
X-App-Version
HostName
SRV
X-Redis-Cache
Served-By
Content-Script-Type
Content-Style-Type
X-Node-Name
X-BACKEND-TTL
X-Hyper-Cache
DC
X-Kong-Upstream-Latency
Liferay-Portal
X-Kong-Proxy-Latency
X-CACHE-KEY
Public-Key-Pins-Report-Only
X-Cache-Config
Cache-Tag
X-Vg-Webcache
Meta-Geo
Machine
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-Parent-Response-Time
Ms-Operation-Id
X-Path-Route
X-Cache-Category-Id
X-RTag
X-Detected-As
X-Site-Version
X-Upgrade-Enabled
X-Grey
X-Is-Bot
X-Mode
X-Original-Request
X-NCache
Cache-Name
X-Origin-Response-Time
Now
X-Request-Time
X-ProxyCache-Key
X-L-Path
X-Labrador-Cache-Channel
X-Akamai-Transformed
X-BYPASS-REASON
X-Protected-By
X-ProxyCache-Status
X-Edge-IP
Origin-Cache-Control
X-Human
X-Internal-Host
X-CDN-Cache
X-Web-Node
X-Via-Fastly
X-Upstream-HT
X-Akamai-Request-ID
X-Environment-Context
X-Upstream-CT
X-Webstats-RespID
X-Hosted-By
Origin-Edge-Control
X-Tumblr-Pixel-3
X-Origin-Host
DB-Nickname
X-Origin-CC
X-ServerID
X-Origin
X-Agile-Age
X-Pc-Hit
X-Pc-Appver
X-RemovedCookies
X-TNCMS
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Cache-Key
X-Birta-Cache-Post
X-Agile-Id
X-Time-Microsecs
X-Agile
X-IP
X-Loop
X-Pc-Key
X-Proxy
User-Cache-Control
X-Format
X-Birta-Served
X-Viewer-Country
X-ProcessESI
X-Generated
TWC-Connection-Speed
TWC-Device-Class
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
S-Rt
Fastcgi-Useragent
Webcakes-App-Name
Selected-FE
Webcakes-App-Version
X-Backend-Name
Property-Id
X-Access
Cache-Tags
Webcakes-Region
X-B3-Spanid
X-NGENIX-Cache
X-Rule
X-Www-Served-By
X-OCL
X-FC-Vary-Parameters
X-CCM
X-Guploader-Uploadid
X-Tb
X-Timing-Wait
X-VG-TLSProxy
X-Section
Load-Balancing
X-PCL
X-Pubstack
X-Proxy-Build
X-Origin-Hint
X-Xfnlog-Site
X-Ocache
Fastcgi-X-Cache-Version
X-Forwarded-Host
Vix-Hermes-Req-Id
Fastcgi-X-Cache
Powered-By-ChinaCache
X-Vgn-Hpd-Reason
X-Proxied
X-App-Name
X-Zipkin-Id
Xserver
HitType
X-JoinUs
X-Routing-Service
X-FB-TRIP-ID
X-TIME
Pagespeed
X-PERF
X-GRACE
X-ApacheServer
Mn-Server-Ip
Country
X-Endurance-Cache-Level
X-Via-CDN
X-Cache-Backend
X-Cache-TTL
X-Content-Age
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Correlation-ID
X-Mshield-Cache-Status
X-Mrs-Age
X-Unique-Id-Primal
X-UA
X-Cdn-Forward
X-Nginx-Cache
X-RateLimit-Limit
X-Real-IP
Time
Datacenter
X-Ezoic-Cdn
OT-Force-Account-Verify
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Ohc-File-Size
Fusion-Content-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
Fusion-Content-Source
X-Varnish-Cacheable
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Debug-Cache
X-Sorting-Hat-PodId
X-OVcl
X-OVcl-Cache
X-Varnish-Beresp-Ttl
X-Sucuri-ID
NtCoent-Length
X-Pc-Date
X-Pc-Host
X-Newrelic-App-Data
LB
X-Hl-Ver
X-Ua
L5d-Success-Class
We-Hiring
Mail-Subject
X-Varnish-Beresp-Grace
X-Unique-ID
X-Ratelimit-Limit
X-MP-GENERATED-AT
X-Varnish-Beresp-Status
X-Real-Ip
X-CDN-Forward
Section-Io-Cache
AR-SID
X-HS-Combine-CSS
X-Amz-Meta-Surrogate-Control
X-Proto
User-Agent
X-Trace-Id
X-Akamai-Request-ID2
X-Cache-Enabled
X-Front
X-Hit
X-Nc
Access-Control-Request-Headers
X-Dynatrace-Js-Agent
Pagetype
X-C
X-Time
Version
X-Microcachable
Warning
X-Rocket-Nginx-Bypass
X-CLOUD-TRACE-CONTEXT
Accept-Language
Platform
X-D
Thinkindot-CacheControl
Node
X-Date
X-CUA
Powered-By
X-Cache-Id
Thinkindot-CacheControl-Type
X-CF-Lambda-Fn
X-CF-Lambda-Version
Mobile-Detection-Method
X-Destination
X-Died
X-Dispatcher-Server
MD5-Digest
Is-Eu
Server-Host
X-Device-Os
RNT-Time
X-Developer
Meta-Geo-Continent
Memcached
X-Cache-Host
X-Cache-FS-Status
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
Resin-Trace
X-A
RNT-Machine
V-Age
Viewtype
VivaBuild
Www
X-A-Wwc
Request-Time
Rt-Proxy-Cache
X-BB-ID
X-Cache-Bucket
Release
X-Cache-Expires
X-B-Cookie
X-Application
X-Accel-Expires-Debug
Rendered-Blocks
X-Actual-URL
X-Aed
Thinkindot-Control
X-G
X-ScT
X-WebServer
X-We-Are-Hiring
X-Served-From
X-Variation
X-VG-WebServer
X-S-Cookie
X-Rojux
X-Returned-From-BeforeDispatch
X-Returned-From
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rewrite-Enabled
X-Var-Ttl
X-User
X-Store
X-Transaction
X-Thinkindot-L3
X-Svr
X-Swa-Ws
X-SRCache-Key
X-Server-Time
X-Server-By
X-Twitter-Response-Tags
X-Server-IP
X-TT-LOGID
X-Trv-Group
X-Request-UUID
X-Region-Sid
X-Li-Fabric
X-Level-Front-Cache
X-Li-Pop
X-LI-Proto
X-Logtrace-Id
X-LI-UUID
X-Layer
X-Generated-On
X-From
X-External-Request-Id
Xc-Version
X-FW-Version
X-Generated-In
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Qloud-Router
X-PHP-Host
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Passed-To
X-P-T
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
IBM-Web2-Location
X-DPWN-IS-SECURE
X-Connection-Hash
Fastly-SIE
X-EdgeConnect-Cache-Status
Fastly-SWR
Fly-Request-Id
Frame-Options
Fastly-Backend-Name
Ec-Rule-Version
BehaviorPad-Version
Cache-Prefix
Arc-Country
Ajk
Adler-Geo
X-Server-Cache
Fly-Cache
X-Cache-URL
Ohc-Response-Time
X-ServiceProvider
X-Sf
AKAMAI
X-Server-Group
X-Crawler
X-S-Maxage
X-Distributor
X-ElasticPress-Search
X-Via-NSCOPI
X-Secret
X-Cache-Debug
X-Cache-CFC
Cache-Cookie-Set-From
X-SVT-ORM-RULES
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-SVT-ORM-VERSION
Backend-Name
X-Stale
X-Bip
X-Block-Status
X-Backend-Url
X-Backend-Host
X-Auto-Login
X-UnsetCookies
X-F5-Cache
X-Location
X-MI-In-Market
X-Phone
X-Thanos
X-Instart-Info
X-MSEdge-Features
X-MSEdge-Flight
X-Amz-Meta-Cache-Control
Magicmarker
X-ARC
X-No-Session
X-Nginx-Cache-Key
X-RCS-CacheZone
X-Info
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gannett-Site-Version
X-Fstrz
X-Fetched-On
X-Varnish-Action
Who
X-IN-WAF
X-Request-Start
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-Hnp-Log
GW-Server
X-Distil-CS
Decoy-Debug-TTL
Esi-Enabled
Proxy-Connection
SD-X-WS
Decoy-Debug-Status
SS
Server-Int
Server-ID
Pramga
PFcat
Kp-EeAlive
GMS-Ver
Heartbleed
Lfy
X-UE-Client-Country
Origin
MI-Cache
MI-API
Decoy-Debug-Key
MI-Cache-Age
Content-Disposition
Web-Mar-Node
True-Client-Country-4JS
X-Be
X-NODE
Countrycode
X-Node-Id
X-Irp-Debug
ServerName
X-Origin-Date
X-Origin-Expires
X-Page-Type
IsBot
X-Origin-TTL
Apple-News-Services-Host
X-Wikidot-Backend
X-Hash
X-GeoIP-Country-Code
Apple-News-Services-Handled
Backend
X-Up
On-Server
X-Backend-State
X-Wikidot-Static-Cache
X-Key
X-Platform
X-Policy
HA-Geolon
HA-Georegion
X-V
Ha-Gx-Prefs
HA-Geolat
X-SIPLIST1
HA-Cloudapp
HA-Geocity
HA-Geocountry
HA-Host
HA-Ipaddr
CDCHOST
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Release
HA-Urlpath
HA-Servedtime
X-Response-By
X-Request-URI
Fastly-SSL
X-Micro-Cache
X-CGP
X-Cdn-Srv
X-Epic-Correlation-Id
X-Eu-Site
X-Developers
X-Core-Value
X-Debug-Cache-Expiry
REQUESTUUID
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Apple-News-Services-Request-Url
X-Clientip
Apple-News-Services-Parsed-Url
Fastly-Soc-X-Request-Id
X-Cache-Info
Country-Code
X-Fastly-Cache
PageSpeed
X-NX-Host
X-Core-Mission
X-DC
X-Cdn-Origin
X-Sn-Servicetimems
X-Debug-Log
X-Servername
X-Debug-Cookies
X-Geo
X-CACHE-AGE
WZWS-RAY
X-Refresh
X-NC
X-COUNTRY
RequestId
X-CMS-Context
X-Dc
X-Org
MIME-Version
X-Via-Edge
X-Pjax-Url
X-Via-SSL
Cteonnt-Length
X-LAGOON
X-Datadome
X-Newrelic-Synthetics
Pragrma
X-VarnPar1
X-PARISIEN-Cache-Rendered
X-VarnCache
X-Servedbyhost
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Urbn-Context-Path
NGX
Uber-Trace-Id
X-Req
Locale
X-Urbn-Site-Id
Request-EU
X-Instance-Name
UCS
Cdn
Memory
X-Planisys-CDN-Rules
Request-Country
Mime-Version
X-NWS-UUID-VERIFY
Host-ID
V-Cache
Group
Cache-Provider
X-GeoIP-City
X-VCT
PICS-Label
X-CSRF-TOKEN
X-Wa
X-Generation-Time
X-Webkit-Csp
X-RateLimit-Remaining-Second
Nel
X-FireWall-Port
X-Gdpr
X-RateLimit-Limit-Second
CF-IPCountry
X-Varnish-Cache-Hits
X-HTML-Minification-Powered-By
X-WR-MODIFICATION
GeoIP-Latitude
XServer
CDN
GeoIP-Country-Code
X-BBXSRF
X-B3-Traceid
X-Ratelimit-Remaining
Server-Cache-Control
HitInfo
X-Cache-ASPX
X-DataStream-MidMile-RTT
Server-Surrogate-Control
X-DataStream-Origin-MEX-Latency
X-Aicache-OS
X-Cache-Grace
X-Powered-By-ANYU
X-UPSTREAM-Address
X-Sedo-Request-Id
X-Cache-Miss-From
X-Varnish-Authentication
X-Load-Cache
X-StackifyID
X-IPS-LoggedIn
X-Fastly-Country-Code
Cf-Ipcountry
GeoIp-Country-Code
X-VG-WebCache
X-Varnish-Url
Geoip-Latitude
CACHE
X-Check-Cacheable
X-EIG-Tracking-Id
X-ND-Cache
X-Source
X-Instart-Isnd
X-Sucuri-Cache
X-RCS-Backend
X-From-Cache
URI
X-HOST
X-Fastly-Backend-Reqs
X-FORWARDED-FOR
X-TWH-CORRELATION-ID
X-CDN-Pop-IP
X-APP
X-Fastly-Cache-Hits
X-WA
Proxy-Firewall
Is-Session-Tracking
Get-Access-Time
Pics-Label
X-CDN-Pop
X-GEO
X-Unique-Id
FSS-Cache
X-Dynatrace
X-GoCache-CacheStatus
X-Varnish-Beresp-TTL
Powered
FSS-Proxy
DataCenter
X-SRV
X-FW-Dynamic
X-R9-Blue-Green-Version
Processtime
X-VC-Cache
X-Sentry-ID
X-Skip-Cache
X-NodeID
X-Server-W
X-Nananana
X-ID
X-Cluster-Node
X-ABtesting
X-Pc-Subdomain
X-Csrf-Token
SN
X-GDPR
X-Flog
WP-Super-Cache
X-Hello
X-ServedByHost
X-VServer
Amp-Access-Control-Allow-Source-Origin
X-Oss-Request-Id
X-Oss-Object-Type
X-PF-Uncompressing
X-RequestId
X-Oss-Storage-Class
X-CSRF-Token
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-HS-Status
X-Fe
X-B3-SpanId
X-BE
Hostname
Dynatrace
X-GZip
X-TrackingId
X-Pf-Uncompressing
X-PJAX-URL
X-NGINX-Cache
TSSecure
X-Bug-Bounty
Cache-Hits
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Backend-TTL
X-Worker
X-Gen-Id
X-GZIP
X-Cache-Ttl
Requestid
X-Swift-Error
X-ORIG-AKA-EDGE
ProcessTime
X-LiteSpeed-Cache-Control
X-MServer
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Serverid
X-ORIG-AKA-COUNTRY-CODE
X-LiteSpeed-Tag
X-Tb-Optimization-Total-Bytes-Saved
X-Alicdn-Da-Ups-Status
X-RAMCache
X-ServerName
A
X-HostName
RequestUuid
X-Varnish-URL
X-VC
T-Server
X-SB
X-PAGE-TYPE
286prxHost
352pxline
225prxHost
189phosttRef
188prxHost
219prxHost
355prline
X-Requestid
Xxline
X-Owner
SID
409pxxline
178proxuri
Location
X-Akamai-ERRuleID
X-VarnPar2
Xet-Cookie
X-Serial
X-Dw-Trace-Id
Correlation-Id
X-Port
Cneonction
X-Developed-By
X-CS
NnCoection
X-Akamai-ERPolicy
DSUID