Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Id
X-Served-By
P3P
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
P3p
CF-Ray
X-Drupal-Cache
X-Amz-Cf-Pop
X-Check
X-Adblock-Key
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Buckets
X-Content-Security-Policy
X-Request-ID
X-Turbo-Charged-By
X-Kinja-Server-Push
Upgrade
X-CDN
X-Type
Xkey
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
X-Age
X-Drupal-Dynamic-Cache
X-Pingback
X-Via
X-Nginx-Cache-Status
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
EagleId
X-Hacker
X-UA-Device
X-Robots-Tag
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Proxy-Cache
Cf-Railgun
Request-Context
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-Ua-Compatible
X-Pantheon-Styx-Hostname
X-Ac
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Cache-Lookup
Content-Location
X-Amz-Version-Id
X-Server-Id
Surrogate-Control
X-Cnection
X-OneAgent-JS-Injection
X-Node
X-Host
X-Readtime
EagleEye-TraceId
Report-To
X-Rq
X-Response-Time
Server-Timing
Feature-Policy
X-CST
X-Rack-Cache
X-Application-Context
X-Backend-Server
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Cloud-Trace-Context
Request-Id
X-Instart-Request-ID
X-Clacks-Overhead
X-Url
NEL
Edge-Control
X-DynaTrace
Rating
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
X-Country
X-Origin-Cache
X-FTR-Request-ID
X-Country-Code
X-B3-TraceId
X-Cdn
X-Trace
X-DataDome
X-Px
X-Vhost
X-Server-Name
X-GitHub-Request-Id
X-Server-ID
X-VARITI-CCR
X-ESI
RTSS
Accept-CH
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Cached
X-Goog-Hash
Charset
X-TTL
X-Ruxit-JS-Agent
SPRequestGuid
Pinterest-Generated-By
X-Mod-Pagespeed
X-PC
X-TtlSet
X-Vname
X-F-Cache
Verso
X-D2id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
Public-Key-Pins
X-Kinja-Server
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-Dispatcher
X-Version
X-T
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Abt-Application-Version
X-DIS-Request-ID
X-Powered-CMS
X-Fastly-Request-ID
X-Ser
X-Origin-Upstream-Status
X-Pinterest-Rid
X-Navigation-Version
Pinterest-Version
X-Upstream-Env
X-B
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-Forwarded-Proto
X-Amz-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Recruiting
MS-Author-Via
X-Client-IP
Realpath
DynaTrace
X-HW
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Upstream
X-Vcap-Request-Id
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
Content-MD5
Nginx-Cache
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Amz-Meta-S3cmd-Attrs
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Oracle-Dms-Rid
Arr-Disable-Session-Affinity
X-Hits
Edge-Cache-Tag
X-Debug
X-N
X-Varnish-Age
X-Ttl
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Goog-Storage-Class
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-MSEdge-Ref
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Dw-Request-Base-Id
TCN
Access-Control-Request-Method
X-Id
X-Via-JSL
X-Aspnet-Version
X-ATG-Version
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
S
X-FTR-Backend-Server
X-Country-Code-Real
X-NewRelic-App-Data
X-XRDS-Location
X-FTR-Expires
Service-Worker-Allowed
X-Logged-In
Alternate-Protocol
X-Oneagent-Js-Injection
X-Cache-Key
Surrogate-Key
X-Frontend
Tracecode
X-Kinsta-Cache
X-HS-Hub-Id
Rt-Fastcgi-Cache
X-HS-Content-Id
X-PressLabs-Stats
X-Content-Digest
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Forwarded-For
X-Pad
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-Grace
Fastly-Restarts
Ar-Sid
X-CF-Powered-By
Server-Name
X-Edge-Location
X-RateLimit-Remaining
X-Amzn-Trace-Id
X-Content-Options
Backend-Timing
X-Analytics
TP-L2-Cache
TP-Cache
FilterID
Host
Fastcgi-Cache
X-User-Agent
X-Magnolia-Registration
X-Rid
X-Cache-2
X-B3-Sampled
X-Debug-Info
X-Whom
ServerID
X-IPLB-Instance
X-Revision
Eomportal-Instance
X-Page-Id
X-Hostname
X-Mobile
X-Request-Received
X-Request-Processing-Time
X-Srv
AR-Request-ID
X-NWS-LOG-UUID
Paypal-Debug-Id
Front-End-Https
X-Akam-SW-Version
X-VCache
X-AOL-HN
Retry-After
X-Content-Powered-By
Refresh
X-Signature
X-B-Cache
X-Cluster
X-Cache-Action
X-Request-Guid
X-Handled-By
X-FB-Debug
Source
X-SS-Set-Cookie
X-Device-Type
X-Varnish-Hostname
X-App-Environment
Cleartype
X-Framework
X-LB-Cache
X-BCube-Filmed-By
X-Instance
X-Cache-Hit
X-Cache-Control
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-WA-Info
X-Tumblr-Pixel
X-Tumblr-User
X-XRDS-LOCATION
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-Platform-Server
X-Litespeed-Cache
X-GUploader-UploadID
X-HS-Cache-Config
X-Correlation-Id
Webserver
X-Fastcgi-Cache
X-Activity-Id
X-AppVersion
X-Az
X-Zen-Fury
X-TA-CDN-Provider
Display
X-Sol
X-Varnish-Backend
X-Middleton-Display
X-Content-Type
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Esi
Healthy
X-Cache-Server
X-Cache-Rule
X-Middleton-Response
X-Drupal-Cache-Tags
Response
X-Varnish-Server
X-Daa-Tunnel
ViewerVersion
X-Seen-By
X-Wix-Request-Id
X-TT
X-Drupal-Cache-Contexts
Upgrade-Insecure-Requests
X-App-Server
X-Generated-By
X-Cached-By
X-Geo-Country
X-URL
X-Cache-Age
Cache-Status
X-Origin-Server
Server-Node
S-Cnection
X-Accel-Expires
X-DataStream-Cache-Status
X-Amz-Replication-Status
X-Amz-Apigw-Id
Accept-Charset
X-Amzn-RequestId
Payment
X-S
X-Response-Served-From
Filters
NGB
X-CACHE-GROUP
X-Adobe-Content
X-Adobe-Loc
GEO-INFO
X-Locale
X-Cacheable-TTL
X-Edge-Cache-Key
X-Edge-Cache
X-Servedby
X-Contextid
X-Jobs
X-Status
X-RequestSource
X-Varnish-IP
X-UUID
X-UA-Device-Type
ServedBy
Actual-Object-TTL
Viewport
X-Cache-NE
X-Varnish-Hits
X-FW-Serve
X-FW-Type
X-TX-ID
X-TT-TIMESTAMP
X-FW-Server
Access-Control-Allow-Method
X-FW-Static
X-FW-Hash
AsisCache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Server-Info
X-Amz-Server-Side-Encryption
X-Storage
X-WebKit-CSP-Report-Only
X-WPE-Loopback-Upstream-Addr
X-GeoIP
X-PHP-Backend
Cache-Tv-Group
MS-CV
HostName
X-Node-Name
X-App-Version
Cache
Host-Header
X-Rendered-As
X-Cache-TTL-Remaining
X-Cache-Remote
X-Dns-Prefetch-Control
X-Croise-Owner
SRV
X-Region
From-Origin
X-Dynatrace-Js-Agent
X-Cache-Operation
X-Hyper-Cache
X-Vg-Webcache
X-Redis-Cache
X-Webkit-CSP
Served-By
Cache-Tag
X-UA
Liferay-Portal
X-APP-VERSION
Public-Key-Pins-Report-Only
DC
X-Guploader-Uploadid
X-Forwarded-Host
X-Mode
X-HS-Combine-CSS
X-TIME
X-Detected-As
Selected-FE
Meta-Geo
Machine
X-Upgrade-Enabled
X-Agile
X-Agile-Age
X-Cache-Var
X-Akamai-Transformed
X-Agile-Id
X-Cache-Var-Map
X-Hosted-By
X-RN-RSRV
X-Generated
X-TNCMS
Powered-By-ChinaCache
X-Loop
X-NGENIX-Cache
X-Webstats-RespID
X-Proxy-Build
X-Timing-Wait
X-Is-Bot
X-Human
X-IP
X-Path-Route
X-Site-Version
X-Endurance-Cache-Level
X-Cache-Category-Id
X-Request-Time
X-Original-Request
X-Web-Node
Cache-Name
X-Pc-Appver
X-Pc-Key
Origin-Cache-Control
X-Pc-Hit
Origin-Edge-Control
X-Via-Fastly
X-Upstream-CT
X-NCache
X-L-Path
X-JoinUs
X-Environment-Context
X-Labrador-Cache-Channel
X-Upstream-HT
X-CDN-Cache
X-B3-Spanid
X-Internal-Host
X-Grey
X-ProcessESI
S-Rt
X-FC-Vary-Parameters
DB-Nickname
X-BACKEND-TTL
X-Time-Microsecs
X-Akamai-Request-ID
X-Pubstack
X-BYPASS-REASON
X-RemovedCookies
X-Origin
X-Vgn-Hpd-Reason
X-ProxyCache-Status
X-Birta-Served
X-VG-TLSProxy
X-Tumblr-Pixel-3
X-Birta-Cache-Post
X-Origin-Response-Time
X-Viewer-Country
X-ProxyCache-Key
Now
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Format
X-Ocache
X-CCM
X-Cache-Config
Fastcgi-Useragent
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Mn-Server-Ip
X-OCL
X-Origin-Host
X-Tb
X-Via-CDN
X-Www-Served-By
X-Xfnlog-Site
X-ServerID
X-Rule
Pagespeed
X-PCL
X-Proxy
Cache-Tags
X-Origin-CC
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
Webcakes-App-Name
Webcakes-Region
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
X-Routing-Service
X-Proxied
Xserver
X-Origin-Hint
X-Backend-Name
X-App-Name
X-Section
TWC-Connection-Speed
X-Access
Webcakes-App-Version
Property-Id
HitType
X-Zipkin-Id
Content-Script-Type
Content-Style-Type
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Protected-By
Cache-Key
Datacenter
X-Parent-Response-Time
User-Cache-Control
X-Edge-IP
OT-Force-Account-Verify
X-Newrelic-App-Data
X-Nginx-Cache
Vix-Hermes-Req-Id
X-Cache-TTL
X-Shopify-Stage
X-Real-Ip
X-Sorting-Hat-ShopId
X-Ezoic-Cdn
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-RTag
X-Akamai-Request-ID2
Ms-Operation-Id
X-CACHE-KEY
Time
X-OVcl-Cache
X-OVcl
NtCoent-Length
X-ApacheServer
X-PERF
X-Correlation-ID
X-Cache-Backend
X-Cdn-Forward
X-Ratelimit-Limit
X-Pc-Date
X-Pc-Host
X-FB-TRIP-ID
X-Unique-Id-Primal
X-Mrs-Cache
Accept-Language
X-Mshield-Cache-Status
X-Mrs-Cache-Hits
X-Mrs-Age
L5d-Success-Class
Country
LB
AR-SID
X-Content-Age
X-Front
X-Webkit-Csp
X-RateLimit-Limit
X-Amz-Meta-Surrogate-Control
X-Real-IP
Load-Balancing
X-Varnish-Cacheable
X-Debug-Cache
X-Proto
X-CDN-Forward
X-Varnish-Beresp-Status
Section-Io-Cache
X-Varnish-Beresp-Grace
X-Sucuri-ID
Fusion-Component-Id
X-COUNTRY
X-Varnish-Beresp-Ttl
Fusion-Content-Source
Fusion-Source
X-Nc
Fusion-Content-Id
Fusion-Template-Id
X-Hit
Ohc-File-Size
WZWS-RAY
X-MP-GENERATED-AT
X-Hl-Ver
X-Trace-Id
X-Unique-ID
X-Microcachable
Warning
We-Hiring
Mail-Subject
Version
User-Agent
X-GRACE
X-EdgeConnect-Cache-Status
X-C
X-Geo
Access-Control-Request-Headers
Rt-Proxy-Cache
Fly-Request-Id
SD-X-WS
RNT-Time
Frame-Options
Arc-Country
X-Fetched-On
Ajk
X-External-Request-Id
X-DPWN-IS-SECURE
X-Died
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Dispatcher-Server
X-Generated-In
Fastly-Backend-Name
X-G
Cache-Prefix
X-Date
X-FW-Version
X-Destination
X-Developer
Ec-Rule-Version
Fly-Cache
Fastly-SIE
Fastly-SWR
X-Device-Os
BehaviorPad-Version
X-From
X-Cache-Host
X-Auto-Login
Platform
Server-ID
X-A-Ccd
Adler-Geo
Powered-By
X-B-Cookie
Thinkindot-Control
Server-Host
Is-Eu
X-A
X-Application
X-A-Dam
Node
Mobile-Detection-Method
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Accel-Expires-Debug
X-Actual-URL
MD5-Digest
Memcached
Meta-Geo-Continent
X-Aed
Www
Release
X-Cache-Id
X-Cache-URL
X-Cache-FS-Status
X-Cache-Expires
RNT-Machine
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-D
X-CUA
X-Crawler
X-Connection-Hash
Resin-Trace
X-Cache-Enabled
X-Bip
X-Cache-Bucket
Rendered-Blocks
X-BB-ID
IBM-Web2-Location
Thinkindot-CacheControl-Type
VivaBuild
X-Cache-Debug
V-Age
Request-Time
Viewtype
SS
X-Rebelmouse-Surrogate-Control
X-ScT
X-S-Maxage
X-S-Cookie
X-Served-From
X-Server-By
X-Store
X-SRCache-Key
X-Server-Time
X-Rojux
X-Rewrite-Enabled
X-Release
X-Region-Sid
X-Reboot
X-Request-UUID
X-Response-By
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Swa-Ws
X-Thanos
X-Via-Edge
X-VG-WebServer
X-Varnish-Action
X-Via-SSL
X-We-Are-Hiring
Xc-Version
X-Via-NSCOPI
X-WebServer
X-Variation
X-Var-Ttl
X-Trv-Group
X-Transaction
X-Thinkindot-L3
X-TT-LOGID
X-Twitter-Response-Tags
X-User
X-UE-Client-Country
Thinkindot-CacheControl
X-Returned-From
X-Li-Fabric
X-Org
X-P-T
X-Passed-To
X-Passed-To-BeforeDispatch
X-NU-AKA-ACS-Version
X-Li-Pop
X-Logtrace-Id
X-Matched-Rule
X-LI-UUID
X-Node-Id
X-LI-Proto
X-Passed-To-DLL
X-Layer
X-PHP-Host
X-RCS-CacheZone
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-CLOUD-TRACE-CONTEXT
X-Passed-To-PostProcessResponse
X-Dc
X-MI-In-Market
X-Location
X-Fstrz
X-UnsetCookies
Web-Mar-Node
X-Gen-Mode
X-IN-APIGATEWAY
X-F5-Cache
X-Hash
X-GeoIP-Country-Code
X-Info
X-Hnp-Log
X-IN-WAF
PFcat
X-Sf
X-Rocket-Nginx-Bypass
X-Backend-State
X-Origin-Expires
X-Origin-Date
X-Block-Status
X-Cache-CFC
X-Request-Start
X-Phone
X-IN-SSL-APIGATEWAY
X-Amz-Meta-Cache-Control
X-Server-Group
X-No-Session
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Stale
X-Distributor
X-Server-IP
X-ServiceProvider
X-Clientip
X-Nginx-Cache-Key
True-Client-Country-4JS
GW-Server
GMS-Ver
Fastly-SSL
Heartbleed
Kp-EeAlive
MI-Cache
MI-API
Magicmarker
Esi-Enabled
Decoy-Debug-TTL
Cache-Cookie-Set-From
Backend
AKAMAI
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Decoy-Debug-Status
Decoy-Debug-Key
Content-Disposition
MI-Cache-Age
Countrycode
Origin
Pramga
Proxy-Connection
On-Server
Server-Int
X-ElasticPress-Search
Pagetype
X-Be
Backend-Name
X-V
X-Core-Mission
X-Up
REQUESTUUID
X-Gannett-Site-Version
X-Core-Value
X-Fastly-Cache
X-Distil-CS
Country-Code
X-Epic-Correlation-Id
X-Page-Type
Who
X-Time
X-Secret
X-Request-URI
X-Policy
X-Backend-Url
X-Key
X-Proxy-Upstream
X-Proxy-Cache-Status
IsBot
X-MSEdge-Flight
X-SIPLIST1
X-Backend-Host
X-MSEdge-Features
X-NODE
X-Eu-Site
X-Origin-TTL
X-Svr
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Refresh
Apple-News-Services-Request-Url
X-Micro-Cache
Apple-News-Services-Handled
X-Wikidot-Static-Cache
X-Irp-Debug
CDCHOST
X-Wikidot-Backend
HA-Geocountry
HA-Geolat
HA-Geocity
X-Cdn-Origin
X-CGP
HA-Cloudapp
HA-Geolon
HA-Georegion
HA-Urlpath
X-Sn-Servicetimems
HA-Servedtime
HA-Ipaddr
Ha-Gx-Prefs
Pragrma
HA-Host
Fastly-Soc-X-Request-Id
X-Developers
X-DC
X-Ua
Locale
X-Platform
X-Servername
X-Level-Front-Cache
RequestId
X-Planisys-CDN-TTL
X-NX-Host
X-Planisys-CDN-Cache
Request-Country
X-Urbn-Site-Id
X-Planisys-CDN-Rules
Request-EU
X-Generated-On
X-Urbn-Context-Path
UCS
Uber-Trace-Id
X-Debug-Cookies
X-Instance-Name
X-Debug-Log
X-CACHE-AGE
PageSpeed
X-Instart-Info
X-Debug-Cache-Store
X-NC
ServerName
Lfy
X-Debug-Cache-Expiry
X-NWS-UUID-VERIFY
X-Debug-Cache-Fetch
Group
V-Cache
X-Pjax-Url
X-GeoIP-City
X-PARISIEN-Cache-Rendered
Host-ID
X-VarnCache
X-Cdn-Srv
Ohc-Response-Time
X-Cache-Info
X-Server-Cache
X-Req
X-VCT
X-VarnPar1
X-Newrelic-Synthetics
HitInfo
X-ARC
MIME-Version
Memory
X-Ratelimit-Remaining
Cteonnt-Length
X-Datadome
Mime-Version
PICS-Label
Cache-Provider
Cdn
X-BBXSRF
X-Powered-By-ANYU
X-Gdpr
X-CMS-Context
X-EIG-Tracking-Id
X-TWH-CORRELATION-ID
X-Servedbyhost
X-WR-MODIFICATION
X-Aicache-OS
X-StackifyID
X-LAGOON
Nel
CF-IPCountry
X-Wa
NGX
CDN
X-Load-Cache
X-HTML-Minification-Powered-By
XServer
X-Cluster-Node
X-B3-Traceid
X-Fastly-Country-Code
GeoIP-Latitude
GeoIP-Country-Code
Cf-Ipcountry
FSS-Cache
FSS-Proxy
Geoip-Latitude
GeoIp-Country-Code
X-WA
X-Sentry-ID
X-CSRF-TOKEN
X-NodeID
X-Fastly-Backend-Reqs
X-FireWall-Port
X-Check-Cacheable
X-Varnish-Cache-Hits
X-ABtesting
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-VServer
X-Hello
X-Generation-Time
X-UPSTREAM-Address
X-Flog
X-Unique-Id
X-Cache-Miss-From
X-Sedo-Request-Id
Processtime
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
X-Source
X-Varnish-Beresp-TTL
SN
X-Csrf-Token
X-Oss-Object-Type
X-Oss-Storage-Class
X-APP
X-Oss-Hash-Crc64ecma
X-ServedByHost
X-Oss-Server-Time
X-Cache-Grace
X-HOST
X-GZip
X-Oss-Request-Id
X-CSRF-Token
CACHE
WP-Super-Cache
Server-Surrogate-Control
TSSecure
Server-Cache-Control
X-Varnish-Authentication
X-Cache-ASPX
X-CDN-Pop-IP
X-CDN-Pop
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Dynatrace
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-MServer
DataCenter
X-Nananana
X-RCS-Backend
X-IPS-LoggedIn
X-Worker
X-VG-WebCache
X-SRV
Pics-Label
X-HS-Status
X-Skip-Cache
X-Varnish-Url
X-GDPR
X-VC-Cache
A
URI
PageType
X-ID
X-Sucuri-Cache
X-ND-Cache
X-Instart-Isnd
X-LJ-Flow-ID
X-B3-SpanId
X-AWS-Id
X-PJAX-URL
X-Fastly-Cache-Hits
HTTPS
X-From-Cache
X-Port
X-VWS-Id
X-SplitTest
X-GoCache-CacheStatus
Get-Access-Time
Is-Session-Tracking
X-BE
X-Swift-Error
Dynatrace
Hostname
Odigeo-Trace-Id
X-Pf-Uncompressing
X-Backend-TTL
Proxy-Firewall
X-Server-W
X-Gen-Id
X-Amzn-Remapped-Connection
X-Bug-Bounty
X-SN
Cache-Hits
X-GZIP
X-Owner
X-Amzn-Remapped-Date
Powered
X-ORIG-AKA-EDGE
X-VarnPar2
X-NGINX-Cache
X-Cache-Ttl
FastCGI-Cache
Requestid
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Request-Id
X-Amz-Meta-S3b-Last-Modified
X-Ms-Blob-Type
Serverid
X-Akamai-SSL-Client-Sid
X-Pc-Subdomain
X-GEO
X-HostName
X-Varnish-URL
WebServer
X-Alicdn-Da-Ups-Status
X-PAGE-TYPE
X-LiteSpeed-Cache-Control
X-Dw-Trace-Id
X-Fe
X-SB
X-VC
RequestUuid
X-ORIG-AKA-COUNTRY-CODE
X-RAMCache
X-ServerName
T-Server
X-Serial
ProcessTime
Xet-Cookie
X-RequestId
X-PF-Uncompressing
X-Requestid
Correlation-Id
X-Akamai-ERRuleID
NnCoection
X-Ms-Lease-State
X-HTML-Edge-Cache
SID
X-Akamai-ERPolicy
Location
X-Developed-By
NodeID
X-CS
X-LiteSpeed-Tag