Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
CF-Ray
Content-Security-Policy-Report-Only
X-Amz-Cf-Pop
X-Cache-Status
Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-AH-Environment
X-Backend
X-Cache-Group
X-Age
X-Drupal-Dynamic-Cache
X-Server
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Server-Powered-By
X-Hacker
EagleId
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-Host
X-Node
X-Cnection
X-Readtime
Report-To
EagleEye-TraceId
X-Rq
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
X-CST
Feature-Policy
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Application-Context
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
NEL
X-Url
Edge-Control
X-DynaTrace
Allow
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Cdn
X-Trace
X-Server-Name
X-Px
X-Vhost
X-B3-TraceId
X-GitHub-Request-Id
X-DataDome
X-ORACLE-DMS-RID
RTSS
X-VARITI-CCR
X-MS-InvokeApp
X-Cached
X-Ruxit-JS-Agent
X-ESI
X-Goog-Hash
SPRequestGuid
Charset
Accept-CH
X-Server-ID
X-PC
X-TtlSet
X-Vname
Pinterest-Generated-By
X-Mod-Pagespeed
X-F-Cache
Public-Key-Pins
Verso
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Dispatcher
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-D2id
X-SharePointHealthScore
X-TTL
X-T
X-Version
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
X-Abt-Application-Version
X-Powered-CMS
X-DIS-Request-ID
X-Dns-Prefetch-Control
Accept-CH-Lifetime
X-Ser
X-Fastly-Request-ID
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Origin-Upstream-Status
X-Forwarded-Proto
X-B
X-Shield-Request-Id
X-Recruiting
X-Client-IP
MS-Author-Via
X-Navigation-Version
DynaTrace
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
X-HW
SPRequestDuration
SPIisLatency
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Oneagent-Js-Injection
Content-MD5
X-Upstream
X-Ttl
Nginx-Cache
X-Vcap-Request-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Accel-Buffering
X-Wix-Server-Artifact-Id
X-Amz-Meta-S3cmd-Attrs
Edge-Cache-Tag
AR-PoweredBy
AR-ATIME
AR-CACHE
X-N
X-Hits
Arr-Disable-Session-Affinity
X-Varnish-Age
X-Debug
TCN
X-Oracle-Dms-Rid
X-NF-Request-ID
Access-Control-Request-Method
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Goog-Storage-Class
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
X-XRDS-Location
X-ATG-Version
S
X-Id
X-Via-JSL
Service-Worker-Allowed
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-NewRelic-App-Data
X-FTR-Expires
X-Logged-In
Tracecode
X-FastCGI-Cache
Alternate-Protocol
X-PressLabs-Stats
Rt-Fastcgi-Cache
X-HS-Hub-Id
X-Forwarded-For
X-HS-Content-Id
X-Frontend
X-Kinsta-Cache
X-Content-Digest
Surrogate-Key
X-Cache-Key
X-RateLimit-Remaining
Fastly-Restarts
X-Pad
AMP-Access-Control-Allow-Source-Origin
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
X-Content-Options
Ar-Sid
Server-Name
X-Ruxit-Js-Agent
X-Edge-Location
X-Amzn-Trace-Id
Fastcgi-Cache
X-Analytics
Backend-Timing
FilterID
Host
X-CF-Powered-By
X-Grace
TP-Cache
TP-L2-Cache
X-Rid
X-User-Agent
X-Debug-Info
X-Hostname
ServerID
X-Magnolia-Registration
X-IPLB-Instance
X-B3-Sampled
X-Whom
X-Revision
X-Cache-2
Eomportal-Instance
X-Request-Processing-Time
X-Request-Received
Paypal-Debug-Id
X-Page-Id
X-NWS-LOG-UUID
X-Mobile
AR-Request-ID
X-Srv
X-HS-Cache-Config
Front-End-Https
X-Akam-SW-Version
X-AOL-HN
X-VCache
X-Content-Powered-By
Retry-After
X-Varnish-Grace
X-GUploader-UploadID
X-Litespeed-Cache
X-Cache-Hit
X-Signature
X-B-Cache
X-SS-Set-Cookie
X-Device-Type
X-LB-Cache
X-Cluster
X-Handled-By
Source
X-Cache-Control
X-WA-Info
X-Cache-Action
X-FB-Debug
X-Request-Guid
X-Instance
Cleartype
X-App-Environment
Refresh
X-Varnish-Hostname
X-Tumblr-Pixel
X-Platform-Server
X-BCube-Filmed-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-Framework
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
Webserver
X-Zen-Fury
X-Correlation-Id
X-Esi
X-Varnish-Backend
X-Sol
X-Middleton-Display
Display
X-Daa-Tunnel
X-XRDS-LOCATION
X-Cache-Server
X-Fastcgi-Cache
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Server
Healthy
X-Content-Type
X-Drupal-Cache-Contexts
X-TA-CDN-Provider
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Tags
X-Cache-Rule
X-Geo-Country
X-Generated-By
X-URL
X-Middleton-Response
X-Wix-Request-Id
ViewerVersion
Response
X-Seen-By
S-Cnection
X-Cached-By
X-App-Server
Server-Node
Cache-Status
X-DataStream-Cache-Status
X-Origin-Server
X-Accel-Expires
X-CACHE-GROUP
X-Amz-Apigw-Id
X-Amz-Replication-Status
X-Amzn-RequestId
X-TT
X-Node-Name
X-Cache-Age
Upgrade-Insecure-Requests
Payment
X-Response-Served-From
Filters
X-S
X-RequestSource
GEO-INFO
X-Locale
X-Cacheable-TTL
X-UA-Device-Type
X-Edge-Cache
X-Cache-NE
Actual-Object-TTL
NGB
Viewport
X-Edge-Cache-Key
X-WPE-Loopback-Upstream-Addr
X-Jobs
X-Tumblr-Pixel-2
X-Servedby
X-Tumblr-Pixel-1
ServedBy
Host-Header
X-Varnish-IP
X-GeoIP
X-Contextid
HostName
X-FW-Serve
X-Amz-Server-Side-Encryption
X-Varnish-Hits
AsisCache
X-FW-Hash
X-Status
X-TT-TIMESTAMP
Access-Control-Allow-Method
X-TX-ID
X-FW-Type
X-FW-Server
X-FW-Static
X-WebKit-CSP-Report-Only
X-UUID
Accept-Charset
Server-Info
Cache
X-Storage
X-Adobe-Loc
X-Adobe-Content
X-Aspnetmvc-Version
X-Vg-Webcache
SRV
X-Cache-TTL-Remaining
X-Rendered-As
X-PHP-Backend
X-CLOUD-TRACE-CONTEXT
X-Hyper-Cache
X-Cache-Remote
From-Origin
X-Croise-Owner
Cache-Tv-Group
X-HS-Combine-CSS
MS-CV
X-APP-VERSION
X-App-Version
X-Cache-Operation
X-Webkit-CSP
X-Region
DC
Cache-Tag
Public-Key-Pins-Report-Only
X-Redis-Cache
X-Forwarded-Host
Served-By
Liferay-Portal
X-Mode
X-Yottaa-Metrics
X-Yottaa-Optimizations
Fastcgi-X-Cache
Fastcgi-Useragent
Fastcgi-X-Cache-Version
X-Endurance-Cache-Level
Xserver
Selected-FE
Meta-Geo
Machine
X-Agile-Id
X-Generated
X-Timing-Wait
X-Site-Version
X-RN-RSRV
X-Is-Bot
X-Request-Time
X-Upgrade-Enabled
X-Proxy-Build
X-Hosted-By
X-Path-Route
X-Loop
X-Webstats-RespID
X-Human
X-Detected-As
X-TNCMS
X-Cache-Var
X-Akamai-Request-ID2
X-Agile-Age
X-Agile
X-Cache-Var-Map
X-IP
S-Rt
Property-Id
X-Proxied
X-Zipkin-Id
Cache-Name
TWC-Connection-Speed
X-Environment-Context
X-Pc-Key
Origin-Edge-Control
Webcakes-Region
X-Origin-Hint
X-NGENIX-Cache
X-Pc-Appver
X-Pc-Hit
Origin-Cache-Control
Now
TWC-Privacy
X-Labrador-Cache-Channel
X-Cache-Category-Id
Webcakes-App-Version
X-BYPASS-REASON
Webcakes-App-Name
X-Format
X-Routing-Service
X-L-Path
X-Grey
X-ProxyCache-Status
X-Internal-Host
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-JoinUs
X-CDN-Cache
TWC-Locale-Group
Powered-By-ChinaCache
X-UA
X-NCache
X-OCL
X-FC-Vary-Parameters
X-Birta-Served
X-Access
Datacenter
X-Birta-Cache-Post
X-Original-Request
X-PCL
X-Viewer-Country
X-Upstream-CT
X-Upstream-HT
X-Web-Node
X-Via-Fastly
X-Tumblr-Pixel-3
X-Proxy
X-Pubstack
X-Section
X-Akamai-Transformed
X-Origin-Host
Cache-Tags
DB-Nickname
X-Xfnlog-Site
X-Backend-Name
X-Akamai-Request-ID
X-Origin
X-B3-Spanid
X-Www-Served-By
X-Via-CDN
X-Ocache
X-Origin-CC
X-Rule
X-Time-Microsecs
X-Origin-Response-Time
X-CCM
X-Cache-Config
X-ServerID
X-VG-TLSProxy
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-Version
Mn-Server-Ip
HitType
X-Tb
X-RateLimit-Limit
X-Newrelic-App-Data
X-RemovedCookies
X-TIME
X-ProcessESI
OT-Force-Account-Verify
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Shopify-Stage
X-App-Name
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
Accept-Language
X-Cache-TTL
X-Nginx-Cache
Pagespeed
X-Guploader-Uploadid
X-Ezoic-Cdn
Cache-Key
X-Protected-By
X-CACHE-KEY
X-Parent-Response-Time
User-Cache-Control
Vix-Hermes-Req-Id
X-Edge-IP
L5d-Success-Class
Content-Style-Type
X-Correlation-ID
Content-Script-Type
X-OVcl-Cache
X-OVcl
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Real-IP
Time
LB
NtCoent-Length
X-Real-Ip
X-ApacheServer
X-BACKEND-TTL
X-PERF
X-Cache-Backend
X-Amz-Meta-Surrogate-Control
X-Webkit-Csp
Ms-Operation-Id
X-RTag
X-Front
X-Proto
X-Pc-Host
X-Pc-Date
X-GRACE
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Mrs-Cache
X-Mrs-Age
X-Mshield-Cache-Status
X-FB-TRIP-ID
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-Varnish-Cacheable
X-CDN-Forward
X-Hit
X-Nc
X-Sucuri-ID
Section-Io-Cache
X-Varnish-Beresp-Status
X-Content-Age
X-Varnish-Beresp-Grace
X-Debug-Cache
WZWS-RAY
X-Unique-ID
AR-SID
X-Microcachable
Load-Balancing
Version
X-C
X-Trace-Id
Access-Control-Request-Headers
Fusion-Source
Country
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Time
X-EdgeConnect-Cache-Status
Ohc-File-Size
X-Varnish-Beresp-Ttl
X-Connection-Hash
X-Cache-Enabled
X-MP-GENERATED-AT
X-Transaction
X-Twitter-Response-Tags
Warning
Mail-Subject
We-Hiring
X-Aed
X-CUA
Mobile-Detection-Method
X-Crawler
X-Backend-State
X-Cache-Id
X-Cache-URL
Rendered-Blocks
X-D
X-Clientip
Memcached
Platform
X-Auto-Login
Resin-Trace
X-CF-Lambda-Fn
MD5-Digest
X-Application
Release
Powered-By
Node
X-CF-Lambda-Version
X-Cache-Host
X-A-Dgt
X-Bip
V-Age
X-Cache-Bucket
X-Date
Locale
Viewtype
X-A-Ccd
X-A
VivaBuild
X-BB-ID
X-A-Dcw
X-B-Cookie
Is-Eu
Rt-Proxy-Cache
X-Cache-FS-Status
X-Accel-Expires-Debug
RNT-Time
RNT-Machine
SD-X-WS
Meta-Geo-Continent
Uber-Trace-Id
UCS
X-A-Wwc
SS
Server-ID
X-Actual-URL
X-Org
X-ScT
X-S-Maxage
X-S-Cookie
X-Served-From
X-Server-By
X-SRCache-Key
X-Server-Time
X-Rojux
X-Rewrite-Enabled
X-Response-By
X-Request-UUID
X-Returned-From
X-Returned-From-BeforeDispatch
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Store
X-Thanos
X-Via-Edge
X-VG-WebServer
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-WebServer
X-Varnish-Action
X-Variation
X-UE-Client-Country
X-Trv-Group
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Var-Ttl
X-User
X-Release
X-Region-Sid
X-GeoIP-Country-Code
X-Generated-In
X-G
X-Layer
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-From
X-F5-Cache
X-Device-Os
X-Developer
X-Died
X-Dispatcher-Server
X-External-Request-Id
X-DPWN-IS-SECURE
X-LI-UUID
X-Logtrace-Id
X-Qloud-Router
X-PHP-Host
X-RCS-CacheZone
X-Rebelmouse-Cache-Control
X-Reboot
X-Rebelmouse-Surrogate-Control
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-NU-AKA-ACS-Version
X-Node-Id
IBM-Web2-Location
X-Passed-To
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Destination
X-A-Dam
Frame-Options
X-Hl-Ver
X-Dc
Adler-Geo
Ec-Rule-Version
Fly-Request-Id
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
Fly-Cache
Ajk
Countrycode
X-Datadome
BehaviorPad-Version
X-Ratelimit-Limit
Arc-Country
Cache-Prefix
X-Ua
X-Rocket-Nginx-Bypass
X-Epic-Correlation-Id
Apple-News-Services-Parsed-Url
X-Fetched-On
X-Eu-Site
Apple-News-Services-Host
X-Cache-Expires
Origin
Apple-News-Services-Handled
AKAMAI
X-Geo
X-Block-Status
X-Amz-Meta-Cache-Control
X-CGP
X-Swa-Ws
Www
X-V
X-Sf
X-ServiceProvider
X-No-Session
X-Stale
X-SVT-ORM-RULES
HA-Geocity
X-Server-IP
X-Proxy-Upstream
X-Proxy-Cache-Status
X-Request-Start
X-Server-Group
X-Location
X-SVT-ORM-VERSION
Apple-News-Services-Request-Url
X-Hnp-Log
X-Hash
X-Via-NSCOPI
X-Gen-Mode
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-UnsetCookies
X-Key
X-Info
X-IN-WAF
X-FW-Version
X-Cache-Debug
Decoy-Debug-Key
GW-Server
HA-Cloudapp
Heartbleed
HA-Servedtime
Pramga
Kp-EeAlive
GMS-Ver
Proxy-Connection
On-Server
Server-Host
Decoy-Debug-TTL
Decoy-Debug-Status
Esi-Enabled
True-Client-Country-4JS
HA-Urlpath
HA-Ipaddr
HA-Geocountry
Request-EU
HA-Geolat
Who
Web-Mar-Node
Backend-Name
Content-Disposition
HA-Host
HA-Georegion
Country-Code
Request-Country
Backend
HA-Geolon
Ha-Gx-Prefs
X-NODE
User-Agent
X-Wikidot-Static-Cache
X-NWS-UUID-VERIFY
Fastly-Soc-X-Request-Id
X-Wikidot-Backend
X-MI-In-Market
IsBot
X-TT-LOGID
X-Request-URI
X-Platform
X-Policy
X-Phone
MI-API
MI-Cache-Age
X-P-T
X-Instance-Name
X-Irp-Debug
MI-Cache
Pragrma
X-Nginx-Cache-Key
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Backend-Url
Server-Int
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Cookie-Set-From
X-Cache-CFC
Thinkindot-CacheControl
X-SIPLIST1
X-Secret
X-Thinkindot-L3
X-Backend-Host
X-Matched-Rule
X-Distil-CS
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Core-Value
Request-Time
Fastly-SSL
X-Developers
X-Gannett-Site-Version
CDCHOST
PageSpeed
X-Be
Group
X-SERVER
V-Cache
X-DC
X-Fstrz
X-Distributor
Magicmarker
X-CACHE-AGE
X-Core-Mission
X-MSEdge-Features
X-Origin-Date
X-Origin-Expires
X-VCT
HitInfo
X-MSEdge-Flight
X-Page-Type
X-Planisys-CDN-Cache
X-Sn-Servicetimems
PFcat
X-Up
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Refresh
X-Servername
X-GeoIP-City
X-Debug-Cookies
X-Debug-Log
X-NX-Host
X-Origin-TTL
X-ElasticPress-Search
REQUESTUUID
X-Cdn-Origin
Pagetype
X-COUNTRY
X-Fastly-Cache
X-NC
X-Svr
X-PARISIEN-Cache-Rendered
X-VarnCache
Host-ID
X-Newrelic-Synthetics
RequestId
X-VarnPar1
X-Micro-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Pjax-Url
X-Req
X-BBXSRF
MIME-Version
X-Instart-Info
X-Powered-By-ANYU
X-EIG-Tracking-Id
ServerName
X-Level-Front-Cache
X-Generated-On
Lfy
X-B3-Traceid
X-Server-Cache
X-Cdn-Srv
X-Cache-Info
Cache-Provider
Ohc-Response-Time
X-Gdpr
X-ARC
Mime-Version
Cteonnt-Length
Cdn
Memory
PICS-Label
X-TWH-CORRELATION-ID
X-Servedbyhost
X-Cluster-Node
Nel
X-CMS-Context
CF-IPCountry
X-Wa
X-LAGOON
X-Sentry-ID
X-Fastly-Country-Code
X-WR-MODIFICATION
X-NodeID
FSS-Proxy
CDN
FSS-Cache
X-StackifyID
X-Aicache-OS
X-Load-Cache
NGX
X-ABtesting
X-HTML-Minification-Powered-By
X-Hello
GeoIP-Latitude
GeoIP-Country-Code
X-VServer
X-Flog
X-UPSTREAM-Address
GeoIp-Country-Code
XServer
Geoip-Latitude
SN
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-Varnish-Beresp-TTL
X-GZip
X-WA
X-APP
X-Check-Cacheable
Amp-Access-Control-Allow-Source-Origin
Processtime
TSSecure
X-Source
X-CSRF-Token
X-Csrf-Token
X-MServer
X-DataStream-MidMile-RTT
Cf-Ipcountry
X-FireWall-Port
X-HOST
X-DataStream-Origin-MEX-Latency
X-Worker
X-Unique-Id
CACHE
PageType
X-Ratelimit-Remaining
X-Cache-Miss-From
X-Varnish-Cache-Hits
X-CDN-Pop-IP
X-Generation-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
WP-Super-Cache
X-Sedo-Request-Id
X-CDN-Pop
A
X-ServedByHost
X-LJ-Flow-ID
Cdn-Host
X-SplitTest
X-Oss-Storage-Class
Cdn-Request-Time
X-Dynatrace
X-AWS-Id
X-VWS-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Nananana
X-Oss-Server-Time
X-Oss-Request-Id
X-Edge-Server
X-SRV
X-Port
X-Backend-TTL
X-Skip-Cache
X-VC-Cache
X-Cache-Grace
Pics-Label
X-FORWARDED-FOR
URI
X-GDPR
HTTPS
DataCenter
X-ID
X-Sucuri-Cache
Odigeo-Trace-Id
X-IPS-LoggedIn
Cache-Hits
X-BE
Server-Cache-Control
X-B3-SpanId
Server-Surrogate-Control
X-Owner
X-HS-Status
X-Varnish-Authentication
X-Fastly-Cache-Hits
X-RCS-Backend
X-Cache-ASPX
X-Ms-Request-Id
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Swift-Error
X-Varnish-Url
Hostname
X-PJAX-URL
Dynatrace
ProcessTime
Requestid
X-ND-Cache
X-VG-WebCache
X-Bug-Bounty
X-From-Cache
X-Gen-Id
X-Amzn-Remapped-Date
X-SN
X-GZIP
X-Instart-Isnd
X-Amzn-Remapped-Connection
Is-Session-Tracking
X-Pf-Uncompressing
X-Server-W
X-ORIG-AKA-EDGE
Get-Access-Time
X-GoCache-CacheStatus
X-Ms-Lease-State
X-Cache-Ttl
X-NGINX-Cache
RequestUuid
X-VarnPar2
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
Serverid
X-PAGE-TYPE
X-VC
X-Varnish-URL
X-ORIG-AKA-COUNTRY-CODE
X-SB
X-Fe
Proxy-Firewall
X-RAMCache
X-Cache-Srv
X-Alicdn-Da-Ups-Status
X-LiteSpeed-Cache-Control
X-Serial
WebServer
T-Server
Accept-Ch
X-ServerName
X-PF-Uncompressing
X-Akamai-ERPolicy
X-CS
X-Akamai-ERRuleID
Xet-Cookie
X-Developed-By
X-Dw-Trace-Id
X-HTML-Edge-Cache
SID
Location
NodeID
NnCoection
X-LiteSpeed-Tag