Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
P3P
X-Xss-Protection
Referrer-Policy
X-Varnish
X-Timer
CF-Cache-Status
X-Request-Id
Access-Control-Allow-Headers
X-AspNet-Version
Access-Control-Allow-Methods
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Amz-Cf-Pop
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
X-Language
X-Request-ID
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
Upgrade
X-Kinja-Server-Push
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
WPE-Backend
X-Pass-Why
X-AH-Environment
Access-Control-Max-Age
X-Backend
X-Server
X-Age
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Hacker
EagleId
X-UA-Device
X-LiteSpeed-Cache
X-Robots-Tag
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
Request-Context
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
X-Device
X-WebKit-CSP
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
Surrogate-Control
X-Server-Id
X-Cnection
X-Host
X-Readtime
Report-To
X-Node
EagleEye-TraceId
X-Rq
Server-Timing
X-Response-Time
X-OneAgent-JS-Injection
X-CST
Feature-Policy
X-Rack-Cache
X-Backend-Server
X-ORACLE-DMS-ECID
X-Application-Context
X-Iejgwucgyu
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
X-Url
Edge-Control
X-DynaTrace
NEL
Allow
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country
X-Varnish-TTL
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-Server-Name
X-Trace
X-B3-TraceId
X-DataDome
X-Cdn
X-Vhost
X-Px
X-ESI
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Ruxit-JS-Agent
X-VARITI-CCR
X-Cached
X-Server-ID
Accept-CH
SPRequestGuid
X-Goog-Hash
Charset
X-PC
X-TtlSet
X-Vname
X-ORACLE-DMS-RID
Pinterest-Generated-By
X-Mod-Pagespeed
X-D2id
X-F-Cache
Public-Key-Pins
Verso
X-Dispatcher
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-Kinja
X-TTL
Arc-Version
PB-PID
X-Mobile-Rewrite
X-SharePointHealthScore
PB-RID
X-T
X-Version
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
X-Abt-Application-Version
Accept-CH-Lifetime
X-Powered-CMS
X-DIS-Request-ID
X-Ser
X-Fastly-Request-ID
X-Dns-Prefetch-Control
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Navigation-Version
X-Origin-Upstream-Status
X-Shield-Request-Id
X-Recruiting
X-B
X-Forwarded-Proto
X-Oneagent-Js-Injection
X-Client-IP
MS-Author-Via
DynaTrace
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
SPRequestDuration
SPIisLatency
X-HW
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Content-MD5
X-Oracle-Dms-Rid
X-Upstream
Nginx-Cache
X-Vcap-Request-Id
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Amz-Meta-S3cmd-Attrs
AR-CACHE
X-Accel-Buffering
Edge-Cache-Tag
AR-ATIME
AR-PoweredBy
X-Wix-Server-Artifact-Id
X-Ttl
X-N
X-Hits
Arr-Disable-Session-Affinity
TCN
X-Debug
X-Varnish-Age
X-NF-Request-ID
Access-Control-Request-Method
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-NewRelic-App-Data
X-MSEdge-Ref
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
S
X-Id
X-ATG-Version
X-FTR-Backend
Service-Worker-Allowed
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-Via-JSL
X-XRDS-Location
X-Logged-In
X-FTR-Expires
X-FastCGI-Cache
Tracecode
X-PressLabs-Stats
X-Forwarded-For
Rt-Fastcgi-Cache
X-HS-Hub-Id
X-Content-Digest
X-HS-Content-Id
Alternate-Protocol
X-Kinsta-Cache
X-Frontend
Surrogate-Key
X-Cache-Key
X-Pad
Fastly-Restarts
AMP-Access-Control-Allow-Source-Origin
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-Content-Options
X-FTR-Cache-Host
X-Grace
Ar-Sid
Server-Name
X-Edge-Location
Fastcgi-Cache
X-Amzn-Trace-Id
Backend-Timing
X-Analytics
X-CACHE-GROUP
Host
FilterID
X-CF-Powered-By
X-Ruxit-Js-Agent
X-Rid
X-IPLB-Instance
X-User-Agent
TP-L2-Cache
X-Debug-Info
TP-Cache
X-Hostname
ServerID
X-B3-Sampled
X-Magnolia-Registration
X-Whom
X-Revision
X-Cache-2
Eomportal-Instance
X-Request-Received
Paypal-Debug-Id
X-Request-Processing-Time
X-NWS-LOG-UUID
X-Page-Id
X-Mobile
AR-Request-ID
X-Srv
X-HS-Cache-Config
Front-End-Https
X-Akam-SW-Version
X-Content-Powered-By
X-AOL-HN
Retry-After
X-Cache-Hit
X-VCache
X-GUploader-UploadID
X-Signature
X-Varnish-Grace
X-B-Cache
X-SS-Set-Cookie
X-Handled-By
X-Device-Type
Source
Refresh
X-Cache-Control
X-Request-Guid
X-Instance
X-Cache-Action
X-LB-Cache
X-App-Environment
X-WA-Info
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cluster
Cleartype
X-Varnish-Hostname
X-Platform-Server
X-Framework
X-FB-Debug
X-BCube-Filmed-By
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Zen-Fury
X-Akamai-Edgescape
X-Correlation-Id
X-XRDS-LOCATION
Webserver
X-TA-CDN-Provider
X-Varnish-Backend
X-Middleton-Display
Display
X-Sol
X-Daa-Tunnel
X-Cache-Server
X-Az
X-AppVersion
X-Activity-Id
X-Webkit-CSP
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Varnish-Server
X-Content-Type
X-Fastcgi-Cache
X-Cache-Rule
VIX-Pulpo-Node
X-Geo-Country
Healthy
VIX-Pulpo-Upstream-Status
Response
X-Generated-By
X-Middleton-Response
X-Cache-Age
X-Wix-Request-Id
X-Seen-By
ViewerVersion
S-Cnection
Server-Node
X-Cached-By
X-App-Server
Cache-Status
X-URL
X-Accel-Expires
X-Origin-Server
X-Amz-Replication-Status
X-Node-Name
X-DataStream-Cache-Status
X-Amzn-RequestId
X-TT
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Response-Served-From
X-S
GEO-INFO
X-WPE-Loopback-Upstream-Addr
X-RequestSource
NGB
Payment
Filters
X-UA-Device-Type
Host-Header
X-Locale
X-Cache-NE
X-Esi
X-Varnish-IP
X-Cacheable-TTL
Viewport
X-Edge-Cache
X-Edge-Cache-Key
HostName
X-Contextid
Actual-Object-TTL
X-GeoIP
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-Servedby
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
ServedBy
X-FW-Hash
AsisCache
X-TX-ID
Access-Control-Allow-Method
X-Jobs
X-TT-TIMESTAMP
X-Varnish-Hits
X-Status
X-Amz-Server-Side-Encryption
X-WebKit-CSP-Report-Only
X-UUID
Accept-Charset
X-APP-VERSION
Server-Info
X-Adobe-Loc
X-Adobe-Content
X-Storage
X-Vg-Webcache
X-Hyper-Cache
SRV
X-PHP-Backend
X-Rendered-As
X-Cache-TTL-Remaining
X-Cache-Remote
X-HS-Combine-CSS
MS-CV
Cache
From-Origin
X-Croise-Owner
X-CLOUD-TRACE-CONTEXT
Cache-Tv-Group
X-Cache-Operation
DC
Cache-Tag
X-Region
Public-Key-Pins-Report-Only
X-Forwarded-Host
Served-By
Liferay-Portal
X-Mode
X-Redis-Cache
X-UA
X-Yottaa-Metrics
X-App-Version
X-Yottaa-Optimizations
X-TIME
Pagespeed
X-Path-Route
X-RN-RSRV
X-Human
X-Proxy-Build
Selected-FE
Meta-Geo
X-Detected-As
Fastcgi-Useragent
X-Cache-Var-Map
X-Cache-Var
X-IP
X-Akamai-Request-ID2
X-Site-Version
X-Request-Time
Machine
X-Is-Bot
X-Timing-Wait
TWC-GeoIP-LatLong
Property-Id
Now
X-Internal-Host
X-Loop
TWC-Connection-Speed
S-Rt
Fastcgi-X-Cache
TWC-Device-Class
Fastcgi-X-Cache-Version
TWC-Locale-Group
X-Upgrade-Enabled
X-TNCMS
X-Vgn-Hpd-Reason
TWC-Privacy
X-ProxyCache-Status
X-Routing-Service
X-Format
X-Labrador-Cache-Channel
X-BYPASS-REASON
Webcakes-App-Version
Webcakes-App-Name
X-ProxyCache-Key
X-Hosted-By
X-Pc-Hit
X-Pc-Key
X-Pc-Appver
X-Original-Request
X-Origin-Hint
X-Proxied
Webcakes-Region
X-Via-Fastly
Cache-Name
X-Webstats-RespID
X-Zipkin-Id
X-NCache
TWC-GeoIP-Country
X-Akamai-Transformed
Powered-By-ChinaCache
X-Endurance-Cache-Level
Origin-Cache-Control
X-Access
X-OCL
Origin-Edge-Control
X-PCL
X-Cache-Category-Id
X-L-Path
DB-Nickname
X-CDN-Cache
X-FC-Vary-Parameters
X-Grey
X-JoinUs
X-Environment-Context
Cache-Tags
X-ProcessESI
X-Proxy
X-Upstream-HT
X-Viewer-Country
X-Web-Node
X-Tumblr-Pixel-3
X-Upstream-CT
X-Pubstack
X-RemovedCookies
X-Birta-Served
X-Birta-Cache-Post
X-Section
X-Agile-Age
X-Agile
X-Agile-Id
X-Akamai-Request-ID
X-Backend-Name
X-Cache-Config
X-Ocache
X-Via-CDN
X-VG-TLSProxy
X-Xfnlog-Site
X-Origin-Host
X-Time-Microsecs
X-ServerID
X-Rule
X-NGENIX-Cache
X-Origin
X-Origin-CC
X-Origin-Response-Time
X-Generated
X-Www-Served-By
Azure-RegionName
X-B3-Spanid
Azure-SiteName
Azure-Version
Xserver
X-CCM
X-Tb
Mn-Server-Ip
Azure-SlotName
Azure-InstanceId
Datacenter
HitType
X-App-Name
X-RateLimit-Limit
Accept-Language
OT-Force-Account-Verify
X-Cache-TTL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Ezoic-Cdn
X-ShopId
X-ShardId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Protected-By
X-Real-IP
X-OVcl-Cache
X-OVcl
X-Parent-Response-Time
L5d-Success-Class
X-Nginx-Cache
User-Cache-Control
X-Guploader-Uploadid
Vix-Hermes-Req-Id
Cache-Key
X-NODE
X-Edge-IP
X-CACHE-KEY
Content-Style-Type
Content-Script-Type
NtCoent-Length
Time
LB
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Correlation-ID
X-BACKEND-TTL
X-Amz-Meta-Surrogate-Control
X-Proto
X-CDN-Forward
X-Real-Ip
AR-SID
X-Newrelic-App-Data
X-RTag
X-Cache-Backend
Ms-Operation-Id
X-PERF
X-ApacheServer
X-Pc-Date
X-Pc-Host
X-Webkit-Csp
X-Front
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Mrs-Cache
X-Mshield-Cache-Status
X-Mrs-Age
X-Nc
X-Hit
X-FB-TRIP-ID
X-Sucuri-ID
X-Varnish-Cacheable
Section-Io-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Debug-Cache
X-Dynatrace-Js-Agent
WZWS-RAY
X-Microcachable
X-Content-Age
X-Unique-ID
Access-Control-Request-Headers
X-Connection-Hash
X-Twitter-Response-Tags
X-Transaction
X-Cache-Enabled
Fusion-Content-Source
X-Ratelimit-Limit
X-C
Fusion-Template-Id
X-Cdn-Forward
Fusion-Source
Country
Fusion-Content-Id
Fusion-Component-Id
Version
X-Trace-Id
X-MP-GENERATED-AT
X-GRACE
X-Dc
Load-Balancing
Mail-Subject
We-Hiring
Warning
Fly-Cache
Fly-Request-Id
Fastly-Backend-Name
Fastly-SWR
X-D
Fastly-SIE
X-Destination
X-Date
X-Developer
X-F5-Cache
X-FW-Version
Arc-Country
X-From
X-G
X-Generated-In
Adler-Geo
Ajk
BehaviorPad-Version
X-External-Request-Id
Countrycode
Ec-Rule-Version
X-Died
X-Dispatcher-Server
Cache-Prefix
X-DPWN-IS-SECURE
X-Device-Os
X-Cache-Bucket
X-A-Dam
Release
Rendered-Blocks
X-A-Ccd
X-A-Dcw
Powered-By
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
Platform
X-A
Resin-Trace
V-Age
SS
Ohc-File-Size
UCS
Viewtype
VivaBuild
RNT-Machine
RNT-Time
Rt-Proxy-Cache
Server-Host
X-Actual-URL
Node
X-Cache-Debug
X-Bip
X-BB-ID
X-Backend-State
X-Cache-FS-Status
X-Cache-Id
X-Crawler
X-Clientip
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-B-Cookie
IBM-Web2-Location
Memcached
X-Aed
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
Locale
Is-Eu
X-Auto-Login
X-Application
X-CUA
X-Layer
Uber-Trace-Id
X-Thanos
X-Region-Sid
X-Request-UUID
X-Returned-From
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Trv-Group
X-Reboot
X-Var-Ttl
X-User
Xc-Version
X-WebServer
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Returned-From-PostProcessResponse
X-Rewrite-Enabled
X-SRCache-Key
X-Via-Edge
X-VG-WebServer
X-ScT
X-Server-Time
X-Server-By
X-Served-From
X-Rocket-Nginx-Bypass
X-Via-SSL
X-Variation
X-Rojux
X-S-Cookie
X-Store
X-We-Are-Hiring
X-Varnish-Action
X-Qloud-Router
X-RCS-CacheZone
X-Org
X-NU-AKA-ACS-Version
X-Passed-To
X-LI-UUID
X-Passed-To-DLL
X-Hl-Ver
X-Node-Id
X-LI-Proto
X-Logtrace-Id
X-Urbn-Context-Path
X-Li-Pop
X-Li-Fabric
X-Urbn-Site-Id
X-Passed-To-BeforeDispatch
X-Passed-To-PostProcessResponse
X-PHP-Host
X-EdgeConnect-Cache-Status
X-PAYTM-SRV-ID
X-UE-Client-Country
X-Varnish-Beresp-Ttl
X-Sf
X-Gen-Mode
X-Stale
X-IN-WAF
X-S-Maxage
X-Info
Web-Mar-Node
Www
X-Key
X-Via-NSCOPI
X-Server-Group
X-Server-IP
X-IN-APIGATEWAY
Who
X-GeoIP-Country-Code
X-Hnp-Log
X-No-Session
X-IN-SSL-APIGATEWAY
X-Cache-Expires
X-Block-Status
X-Release
X-Cache-Host
X-Cache-URL
X-Proxy-Upstream
X-CGP
X-UnsetCookies
X-Thinkindot-L3
X-Request-Start
X-Eu-Site
X-Matched-Rule
X-SVT-ORM-RULES
X-Fetched-On
X-SVT-ORM-VERSION
X-Proxy-Cache-Status
X-Amz-Meta-Cache-Control
X-Response-By
X-Swa-Ws
X-Location
HA-Ipaddr
HA-Host
Apple-News-Services-Request-Url
Ha-Gx-Prefs
HA-Georegion
Apple-News-Services-Parsed-Url
HA-Servedtime
Apple-News-Services-Handled
Apple-News-Services-Host
Heartbleed
Esi-Enabled
HA-Geolon
HA-Geolat
Backend-Name
Frame-Options
Content-Disposition
Country-Code
GMS-Ver
GW-Server
HA-Geocountry
Backend
HA-Geocity
HA-Cloudapp
AKAMAI
HA-Urlpath
Origin
X-Geo
Request-EU
Pragrma
Pramga
Kp-EeAlive
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-ID
SD-X-WS
Request-Country
X-Be
X-NWS-UUID-VERIFY
User-Agent
MI-Cache
X-Distil-CS
CDCHOST
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Epic-Correlation-Id
X-Instance-Name
X-Hash
X-V
Decoy-Debug-TTL
X-Nginx-Cache-Key
X-Gannett-Site-Version
Decoy-Debug-Status
MI-API
X-Wikidot-Static-Cache
Decoy-Debug-Key
X-Irp-Debug
Proxy-Connection
X-Policy
X-Developers
X-Cache-CFC
X-SIPLIST1
X-Platform
X-Backend-Url
X-Backend-Host
X-TT-LOGID
X-Time
X-Request-URI
X-MI-In-Market
IsBot
X-Secret
X-Phone
True-Client-Country-4JS
X-ServiceProvider
Fastly-SSL
Fastly-Soc-X-Request-Id
MI-Cache-Age
X-P-T
X-Core-Value
REQUESTUUID
On-Server
Server-Int
X-Wikidot-Backend
V-Cache
Group
X-MSEdge-Flight
X-MSEdge-Features
X-Sn-Servicetimems
X-Refresh
X-Origin-TTL
X-VCT
Request-Time
X-Origin-Expires
X-Origin-Date
X-Up
X-NX-Host
HitInfo
X-GeoIP-City
X-Fstrz
X-Cdn-Origin
X-Debug-Cookies
X-Debug-Log
X-ElasticPress-Search
X-Servername
X-Goog-Meta-Goog-Reserved-File-Mtime
Magicmarker
Nel
Pagetype
X-Ua
X-Distributor
X-Planisys-CDN-TTL
RequestId
X-Core-Mission
X-DC
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Page-Type
X-Fastly-Cache
X-Pjax-Url
X-Req
X-NC
PFcat
X-COUNTRY
X-PARISIEN-Cache-Rendered
X-VarnPar1
Host-ID
X-Micro-Cache
X-Debug-Cache-Expiry
X-Newrelic-Synthetics
X-BBXSRF
X-VarnCache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Svr
X-EIG-Tracking-Id
PageSpeed
X-Powered-By-ANYU
MIME-Version
X-Instart-Info
X-Level-Front-Cache
X-Generated-On
X-CACHE-AGE
X-HOST
Lfy
ServerName
Mime-Version
X-Datadome
X-Gdpr
Cache-Provider
X-Cache-Info
PICS-Label
X-Cdn-Srv
Ohc-Response-Time
Cdn
Cteonnt-Length
X-ARC
Memory
X-Server-Cache
X-TWH-CORRELATION-ID
X-Cluster-Node
X-Servedbyhost
CF-IPCountry
X-CMS-Context
X-StackifyID
X-NodeID
X-Aicache-OS
FSS-Cache
X-Sentry-ID
FSS-Proxy
CDN
X-WR-MODIFICATION
X-Flog
X-Wa
X-VServer
XServer
X-Hello
X-Fastly-Country-Code
GeoIp-Country-Code
Geoip-Latitude
X-LAGOON
X-ABtesting
CACHE
X-Load-Cache
SN
X-HTML-Minification-Powered-By
NGX
X-Varnish-Beresp-TTL
X-B3-Traceid
X-Fastly-Backend-Reqs
X-UPSTREAM-Address
GeoIP-Latitude
X-CSRF-TOKEN
X-GZip
X-WA
GeoIP-Country-Code
X-Check-Cacheable
X-APP
X-CSRF-Token
TSSecure
X-Source
X-Worker
X-MServer
Processtime
Amp-Access-Control-Allow-Source-Origin
X-Unique-Id
X-Csrf-Token
Cf-Ipcountry
X-ServedByHost
A
X-DataStream-MidMile-RTT
X-Varnish-Cache-Hits
X-FireWall-Port
X-DataStream-Origin-MEX-Latency
X-LJ-Flow-ID
X-Ratelimit-Remaining
X-AWS-Id
PageType
X-VWS-Id
X-SplitTest
WP-Super-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Port
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-CDN-Pop
X-CDN-Pop-IP
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generation-Time
X-Cache-Miss-From
X-Sedo-Request-Id
URI
X-Nananana
HTTPS
X-Dynatrace
Cdn-Host
Cdn-Request-Time
X-Edge-Server
DataCenter
X-SRV
Cache-Hits
X-Cache-Grace
Pics-Label
X-Backend-TTL
Odigeo-Trace-Id
X-Skip-Cache
X-FORWARDED-FOR
X-VC-Cache
X-GDPR
X-Sucuri-Cache
X-ID
Server-Surrogate-Control
X-Varnish-Authentication
Server-Cache-Control
X-Owner
X-IPS-LoggedIn
X-Cache-ASPX
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-RCS-Backend
ProcessTime
X-HS-Status
X-B3-SpanId
X-Fastly-Cache-Hits
X-Swift-Error
X-BE
X-Varnish-Url
Dynatrace
X-PJAX-URL
X-SN
Hostname
X-NGINX-Cache
X-From-Cache
X-Pf-Uncompressing
X-Bug-Bounty
X-Instart-Isnd
X-ND-Cache
X-VG-WebCache
X-Gen-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-GZIP
X-VarnPar2
X-Ms-Lease-State
Requestid
X-Cache-Srv
Get-Access-Time
X-ORIG-AKA-EDGE
X-GoCache-CacheStatus
X-Fe
Is-Session-Tracking
X-Server-W
X-Cache-Ttl
X-PAGE-TYPE
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
Serverid
X-Varnish-URL
X-LiteSpeed-Cache-Control
X-Serial
NodeID
X-RAMCache
Proxy-Firewall
T-Server
RequestUuid
X-ServerName
X-VC
X-Alicdn-Da-Ups-Status
WebServer
X-ORIG-AKA-COUNTRY-CODE
X-SB
Xet-Cookie
X-HTML-Edge-Cache
X-LiteSpeed-Tag
X-Dw-Trace-Id
X-CS
X-RequestId
Location
X-Akamai-ERRuleID
X-Developed-By
NnCoection
X-Akamai-ERPolicy
SID