Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
ETag
Link
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
CF-Ray
X-Request-ID
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
X-Iinfo
Status
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Upgrade
X-CDN
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
P3p
X-Backend
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Age
Access-Control-Max-Age
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Pingback
X-Server
X-Proxy-Cache
X-Via
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
WPE-Backend
X-Nginx-Cache-Status
X-Server-Powered-By
X-Robots-Tag
X-Varnish-Cache
X-Page-Speed
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-OneAgent-JS-Injection
X-WebKit-CSP
Allow
Ali-Swift-Global-Savetime
Server-Timing
X-Type
X-CST
X-Ac
X-Node
X-Rq
X-Host
Feature-Policy
Content-Location
X-Server-Id
X-Response-Time
X-Cnection
Report-To
X-Backend-Server
X-Iejgwucgyu
X-Application-Context
Surrogate-Control
EagleEye-TraceId
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Readtime
X-Url
X-Rack-Cache
X-Origin-Cache
Request-Id
X-Dns-Prefetch-Control
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Upstream-Env
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Vhost
Pinterest-Generated-By
X-DynaTrace
X-Px
X-Origin-Upstream-Status
X-DataDome
Edge-Control
X-Goog-Hash
Verso
X-Server-Name
X-ESI
Accept-CH
X-Dispatcher
X-HW
Charset
X-GitHub-Request-Id
X-VARITI-CCR
X-MS-InvokeApp
MS-Author-Via
PB-PID
X-Mobile-Rewrite
PB-RID
Arc-Version
X-DataStream-Cache-Status
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cached
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Version
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Content-MD5
X-Recruiting
Public-Key-Pins
X-D2id
Service-Worker-Allowed
Accept-CH-Lifetime
X-Vname
X-PC
X-Navigation-Version
X-TtlSet
X-Abt-Application-Version
AR-Request-ID
RTSS
Ar-Sid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Server-ID
X-Ser
X-Trace
X-TTL
SPRequestGuid
X-Forwarded-Proto
X-Client-IP
X-Varnish-TTL
X-Vcap-Request-Id
X-DynaTrace-JS-Agent
X-Amz-Server-Side-Encryption
X-SharePointHealthScore
X-Amz-Rid
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Realm
X-Oracle-Dms-Rid
X-Fastly-Request-ID
X-FTR-Expires
S
Arr-Disable-Session-Affinity
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-VCache
X-XRDS-Location
X-Debug
X-Shield-Request-Id
TCN
X-Ttl
X-Dw-Request-Base-Id
X-Id
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
SPIisLatency
SPRequestDuration
X-Pinterest-Rid
X-Upstream-Proxy
Pinterest-Version
DynaTrace
Front-End-Https
X-SERVER
X-Akam-SW-Version
Access-Control-Request-Method
X-Goog-Storage-Class
X-FTR-Cache-Host
X-T
X-Aspnet-Version
X-Powered-CMS
X-NF-Request-ID
X-B3-TraceId
Realpath
X-Litespeed-Cache
Tracecode
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Paypal-Debug-Id
X-Amzn-Trace-Id
X-Varnish-Age
Fastcgi-Cache
X-Forwarded-For
X-N
X-Content-Type
Alternate-Protocol
X-RateLimit-Remaining
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Upstream
X-Accel-Buffering
X-PressLabs-Stats
X-Logged-In
X-Frontend
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
X-Sol
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-Middleton-Display
Display
X-Middleton-Response
X-Srv
Response
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Kinsta-Cache
X-Cache-Key
Server-Name
X-Pad
X-Accel-Expires
MicrosoftSharePointTeamServices
X-User-Agent
X-B3-Traceid
X-Content-Options
Refresh
X-FastCGI-Cache
X-DIS-Request-ID
X-Analytics
Backend-Timing
Host
X-Fastcgi-Cache
X-Correlation-Id
X-Cdn
X-Grace
X-Revision
X-Activity-Id
X-LB-Cache
X-Az
X-Debug-Info
X-AppVersion
X-Amzn-RequestId
X-IPLB-Instance
X-Rid
FilterID
X-B
X-Amz-Apigw-Id
Accept-Charset
X-CF-Powered-By
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
ServerID
Powered-By-ChinaCache
X-Cache-Hit
X-B3-Sampled
X-Cache-2
Surrogate-Key
X-Page-Id
X-Whom
Server-Info
X-PHP-Backend
X-Webkit-CSP
TP-L2-Cache
TP-Cache
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Request-Received
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-TT
MS-CV
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Source
X-F-Cache
X-Amz-Replication-Status
X-Framework
Host-Header
X-RateLimit-Limit
X-Cache-Action
X-UA-Device-Type
X-Akamai-Edgescape
X-Content-Powered-By
X-Cluster
X-Tumblr-Pixel
X-Request-Guid
X-Kong-Upstream-Latency
X-Tumblr-User
X-Platform-Server
X-Kong-Proxy-Latency
X-Tumblr-Pixel-0
X-FW-Server
X-Drupal-Cache-Tags
X-App-Environment
Cache-Status
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-Mobile
X-Instance
X-Handled-By
X-Varnish-Grace
Access-Control-Allow-Method
X-Cached-By
X-SS-Set-Cookie
X-Zen-Fury
X-Geo-Country
CACHE
X-Magnolia-Registration
X-Wix-Server-Artifact-Id
X-FB-Debug
X-Shard
X-Ezoic-Cdn
Edge-Cache-Tag
X-Cache-TTL
X-Forwarded-Host
X-GUploader-UploadID
X-ATG-Version
From-Origin
X-App-Server
X-Cache-Age
DC
Cleartype
PageSpeed
X-Varnish-Server
X-Node-Name
X-Varnish-Hostname
X-AOL-HN
Cache-Tags
X-BCube-Filmed-By
Payment
X-Cache-Control
X-Generated-By
X-Seen-By
Filters
X-RequestSource
X-Response-Served-From
X-Region
X-WebKit-CSP-Report-Only
X-Signature
X-Adobe-Loc
X-TX-ID
X-Adobe-Content
X-B-Cache
X-GeoIP
Healthy
Upgrade-Insecure-Requests
GEO-INFO
NGB
Ms-Operation-Id
Cache-Tv-Group
X-TT-TIMESTAMP
X-UUID
X-VG-WebCache
Server-Node
X-RTag
Country
Actual-Object-TTL
X-FW-Dynamic
Webserver
X-Jobs
X-Via-JSL
X-Drupal-Cache-Contexts
X-Redis-Cache
ServedBy
Retry-After
Liferay-Portal
X-Content-Age
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Locale
X-Varnish-Hits
X-XRDS-LOCATION
X-Storage
X-Cache-Rule
X-Contextid
X-Rendered-As
X-Oneagent-Js-Injection
Fastly-Restarts
X-Varnish-IP
HitType
X-Cache-TTL-Remaining
Frame-Options
X-Guploader-Uploadid
X-BACKEND-TTL
ViewerVersion
X-Wix-Request-Id
S-Cnection
Powered
X-WA-Info
Viewport
Content-Style-Type
Content-Script-Type
X-Real-IP
X-Cache-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-NewRelic-App-Data
X-Upgrade-Enabled
Datacenter
X-TA-CDN-Provider
X-Esi
NtCoent-Length
X-Cache-Config
Xserver
Eomportal-Instance
X-RemovedCookies
X-ProcessESI
X-Mode
X-Varnish-Cache-Hits
X-Detected-As
X-Time
X-Endurance-Cache-Level
X-Device-Type
X-Akamai-Transformed
X-Hl-Ver
X-ES-SERVER
Cache-Key
X-Cache-Var-Map
X-Is-Bot
X-Cache-Var
Load-Balancing
Machine
X-RN-RSRV
X-Path-Route
X-Proto
Meta-Geo
X-S
X-Backend-Name
X-Origin-Hint
Webcakes-Region
X-Section
X-Access
X-Origin-Host
X-Routing-Service
X-Proxied
X-AWS-Id
Webcakes-App-Version
X-Status
X-Zipkin-Id
X-FC-Vary-Parameters
TWC-Device-Class
Access-Control-Request-Headers
Property-Id
OT-Force-Account-Verify
Mail-Subject
L5d-Success-Class
X-LJ-Flow-ID
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-LatLong
Vix-Hermes-Req-Id
We-Hiring
X-VWS-Id
Webcakes-App-Name
X-VG-TLSProxy
TWC-Locale-Group
Origin-Cache-Control
X-Birta-Cache-Post
X-Akamai-Request-ID
X-Cache-NE
S-Rt
Origin-Edge-Control
Now
X-Origin-Response-Time
X-ServerID
X-GRACE
X-Time-Microsecs
X-Viewer-Country
X-EIG-Tracking-Id
X-Environment-Context
X-Format
X-TNCMS
X-IP
X-Hosted-By
X-FW-Version
X-L-Path
X-Labrador-Cache-Channel
X-Loop
X-Web-Node
X-Birta-Served
Decoy-Debug-Key
X-From
Mn-Server-Ip
X-Debug-Cache
X-Cache-Enabled
Decoy-Debug-TTL
Decoy-Debug-Status
X-Timing-Wait
X-ProxyCache-Status
X-JoinUs
X-Proxy-Build
X-Human
X-CCM
X-BYPASS-REASON
Selected-FE
X-Via-Fastly
X-ProxyCache-Key
X-Xfnlog-Site
X-OCL
X-Varnish-Cacheable
X-Tb
X-Trace-Id
X-Via-CDN
X-PCL
DB-Nickname
Azure-SlotName
Served-By
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Azure-Version
Cache-Tag
Cache-Hits
X-Cache-Category-Id
X-Generated
X-Internal-Host
X-NCache
X-Www-Served-By
X-Site-Version
X-Proxy
User-Agent
X-MP-GENERATED-AT
X-Grey
X-Cache-Operation
NGX
X-FB-TRIP-ID
Uber-Trace-Id
X-CDN-Cache
X-Dynatrace-Js-Agent
AsisCache
X-Vgn-Hpd-Reason
X-Rocket-Nginx-Bypass
X-Tumblr-Pixel-3
LB
X-Newrelic-App-Data
X-VC-Cache
X-EdgeConnect-Cache-Status
X-R9-Blue-Green-Version
X-NWS-LOG-UUID
X-Rule
Rt-Fastcgi-Cache
X-UA
X-Sucuri-ID
X-Cluster-Node
X-App-Name
X-RCS-CacheZone
Hostname
X-Cache-Remote
Nel
Release
X-UnsetCookies
X-ApacheServer
Pagespeed
X-PERF
X-Agile-Id
X-B3-Spanid
X-Agile
X-Agile-Age
X-TIME
X-Varnish-Ttl
X-Source
X-Ua
X-Datadome
Cache-Name
X-Nginx-Cache
X-Edge-Location
X-App-Version
X-APP-VERSION
X-Edge-IP
X-CACHE-KEY
X-Pubstack
X-Request-Time
X-Protected-By
Fastcgi-Useragent
X-Cdn-Forward
Warning
X-Ocache
Section-Io-Cache
X-Varnish-Beresp-Grace
X-OVcl
X-Varnish-Beresp-Status
X-OVcl-Cache
On-Server
Arc-Country
X-Cache-Expires
X-A-Dgt
Origin
Magicmarker
X-A-Wwc
X-Accel-Expires-Debug
Ec-Rule-Version
Meta-Geo-Continent
X-B-Cookie
Node
X-ARC
Cross-Origin-Window-Policy
X-Aed
X-Application
X-BB-ID
BehaviorPad-Version
Fly-Request-Id
MD5-Digest
Thinkindot-Control
Thinkindot-CacheControl-Type
Cache-Prefix
Request-Time
Server-Surrogate-Control
Thinkindot-CacheControl
UCS
Www
Fly-Cache
X-A-Dam
X-A-Dcw
Request-Country
Request-EU
X-A
X-A-Ccd
Server-Cache-Control
Rendered-Blocks
X-Gannett-Site-Version
X-Request-UUID
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S-Cookie
X-Processor
X-Platform
X-NX-Host
X-NU-AKA-ACS-Version
X-Origin-CC
X-Origin-TTL
X-PAYTM-SRV-ID
X-ScT
X-Secret
X-Varnish-Authentication
X-Var-Ttl
X-VCT
X-VG-WebServer
Xc-Version
X-Up
X-Twitter-Response-Tags
X-SRCache-Key
X-Server-Group
X-Thinkindot-L3
X-Transaction
X-Trv-Group
X-NodeID
X-Mobile-URL
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Destination
X-Debug-Cache-Expiry
X-Date
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-Core-Value
X-D
X-Developer
X-Developers
X-IN-WAF
X-IN-APIGATEWAY
X-Irp-Debug
X-Logtrace-Id
X-Matched-Rule
X-Hp-Webp
X-Generated-In
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
Ajk
X-Cache-Grace
X-Cache-ASPX
X-ElasticPress-Search
X-Origin
SRV
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Real-Ip
X-Cache-Backend
X-GZip
X-Hit
X-Eu-Site
X-Policy
X-Proxy-Cache-Status
RNT-Machine
RNT-Time
Server-Host
X-Gen-Mode
X-CGP
X-Qloud-Router
X-Reboot
X-Rebelmouse-Surrogate-Control
Pagetype
X-Refresh
X-Request-URI
Powered-By
X-Rebelmouse-Cache-Control
X-Geo-Header
X-RateLimit-Limit-Second
Proxy-Connection
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-PHP-Host
X-LI-Proto
X-LI-UUID
Web-Mar-Node
X-Location
X-Li-Pop
X-Li-Fabric
X-Instart-Isnd
X-Key
X-LAGOON
X-Info
X-Hnp-Log
User-Cache-Control
X-Origin-Date
X-Origin-Expires
X-Page-Type
X-Epic-Correlation-Id
X-Node-Id
X-No-Session
X-Hash
X-Amz-Meta-Cache-Control
True-Client-Country-4JS
X-Nginx-Cache-Key
Server-Int
X-ServiceProvider
Content-Disposition
X-Wikidot-Backend
X-Wikidot-Static-Cache
CDCHOST
Country-Code
X-Cache-Host
Fastly-Soc-X-Request-Id
Fastly-SIE
Fastly-Backend-Name
X-Varnish-Url
X-Cache-Id
Cache-Cookie-Set-Lfrom
Apple-News-Services-Handled
AKAMAI
X-Sucuri-Cache
X-Cache-Miss-From
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Cms-Context
Apple-News-Services-Request-Url
X-Crawler
Fastly-SWR
X-Dispatcher-Server
X-SIPLIST1
X-Block-Status
Kp-EeAlive
X-BBXSRF
X-Distil-CS
X-Distributor
N-Cache
X-Ah-Environment
X-Sf
IsBot
X-SN
Ha-Gx-Prefs
X-Cache-Debug
X-TT-LOGID
X-CUA
HA-Ipaddr
Heartbleed
X-C
X-Device-Os
X-Swa-Ws
X-Sedo-Request-Id
X-FireWall-Port
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Thanos
X-Skip-Cache
X-Shopify-Stage
X-ShardId
X-ShopId
X-TrackingId
X-User
X-Via-Edge
X-Via-SSL
X-Servername
X-Webstats-RespID
X-Variation
X-Core-Mission
X-Server-IP
X-S-Maxage
X-GeoIP-City
X-Planisys-CDN-Cache
X-MSEdge-Flight
X-GeoIP-Country-Code
X-Micro-Cache
X-MSEdge-Features
X-Generated-On
X-Planisys-CDN-Rules
X-F5-Cache
X-Planisys-CDN-TTL
X-Fastly-Cache
X-Fetched-On
X-Gateway-Cache-Status
X-Gateway-Cache-Key
X-Level-Front-Cache
X-Gateway-Skip-Cache
X-Backend-Url
X-Backend-Host
X-Auto-Login
X-Bip
Memcached
Is-Eu
Lfy
Platform
Pragrma
X-Amzn-Remapped-Connection
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Date
Pramga
SD-X-WS
HTTPS
X-Backend-State
Adler-Geo
X-Cache-Info
X-Cache-FS-Status
Backend
Fastly-SSL
X-Cdn-Srv
X-Stale
X-Dc
X-Nc
X-Passed-To-PostProcessResponse
X-Owner
X-Original-Request
X-Passed-To
X-Passed-To-BeforeDispatch
X-Actual-URL
X-Passed-To-DLL
X-Returned-From-BeforeDispatch
X-Returned-From
X-WPE-Loopback-Upstream-Addr
X-Returned-From-DLL
X-Server-Time
X-Varnish-Beresp-Ttl
X-Cache-Bucket
X-RateLimit-Reset
X-Server-By
X-Returned-From-PostProcessResponse
X-Svr
X-Unique-ID
X-HS-Cache-Config
Host-ID
X-VServer
Server-ID
X-Croise-Owner
X-Microcachable
Cdn-Request-Time
X-Edge-Server
Cdn-Host
Cteonnt-Length
VivaBuild
Viewtype
X-CDN-Forward
FNAC-ModuleRouting
ServerName
X-Org
X-Pjax-Url
REQUESTUUID
X-Aicache-OS
X-Parent-Response-Time
DSUID
X-Load-Cache
X-Oss-Hash-Crc64ecma
Mime-Version
X-Oss-Object-Type
X-NC
Gh-Request-Id
X-V
SID
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-CSRF-TOKEN
X-FPC
X-Ua-Device
X-Apm-App-Name
X-Apm-Svc-Key
X-Apm-Inst-Hash
Memory
X-Cdn-Origin
X-Sn-Servicetimems
V-Age
X-From-Cache
X-Req
X-Gdpr
ProcessTime
Time
MIME-Version
PICS-Label
Rt-Proxy-Cache
X-Servedbyhost
Odigeo-Trace-Id
X-Exp-Se
X-ND-Cache
X-HTML-Minification-Powered-By
X-Wa
X-Served-From
X-Geo
X-Tb-Optimization-Total-Bytes-Saved
Public-Key-Pins-Report-Only
X-Fstrz
X-Optimization
Cf-Ipcountry
X-GEO
X-Cache-HT
AR-SID
CF-IPCountry
Resin-Trace
X-Newrelic-Synthetics
X-Lb-Id
X-Response-By
X-B3-Parentspanid
Cdn
Cache
Wxu-Next-Hostname
HostName
Wxu-Next-Commit
GMS-Ver
X-Varnish-Beresp-TTL
X-DC
X-Webkit-Csp
X-Git-Hash
Wxu-Next-Region
Fastcgi-X-Cache-Version
X-Atg-Version
X-WR-MODIFICATION
XServer
Proxy-Firewall
Processtime
X-Release
X-Amz-Meta-Surrogate-Control
WZWS-RAY
X-Fastly-Backend-Reqs
X-Ratelimit-Remaining
X-Daa-Tunnel
X-UE-Client-Country
X-Clientip
GW-Server
X-Ratelimit-Limit
X-APP
X-WebServer
Countrycode
X-LB-ID
X-We-Are-Hiring
X-TH-Server
Mobile-Detection-Method
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
SS
X-Phone
CF-Cached-On
X-Hyper-Cache
X-Vcl-Version
Ohc-File-Size
X-URL
X-WA
X-HS-Status
X-NGINX-Cache
X-Instart-Info
X-Fastly-Country-Code
X-Nananana
X-Vcache
X-Check-Cacheable
X-HS-Combine-CSS
X-PF-Uncompressing
FSS-Proxy
X-Ratelimit-Reset
Backend-Name
Pics-Label
FSS-Cache
Lb
286prxHost
X-CSRF-Token
X-ServedByHost
Xxline
188prxHost
189phosttRef
X-Backend-TTL
409pxxline
352pxline
355prline
X-Worker
219prxHost
178proxuri
X-Host-Name
225prxHost
X-Upstream-CT
DataCenter
X-Be
Amp-Access-Control-Allow-Source-Origin
X-Zone
X-Upstream-HT
SN
X-VHOST
GeoIp-Country-Code
URI
Geoip-Latitude
X-IPS-LoggedIn
X-Server-W
X-SERVER-NAME
Ohc-Cache-HIT
X-GZIP
X-Dynatrace
X-Render-Time
X-BE
X-Fpc
X-Request-Start
X-Gen-Id
X-UCC
Geoip-City
X-B3-SpanId
Who
X-CS
X-Varnish-Action
X-UPSTREAM-Address
X-NGENIX-Cache
X-ID
Version
X-Unique-Id
X-Cache-URL
CDN
X-PJAX-URL
X-LiteSpeed-Cache-Control
WP-Super-Cache
X-Html-Edge-Cache
X-VCL-Version
Esi-Enabled
Dynatrace
X-HostName
X-FORWARDED-FOR
GeoIP-City
GeoIP-Country-Code
X-Pf-Uncompressing
X-SRV
Cneonction
RequestUuid
GeoIP-Latitude
X-Fastly-Cache-Hits
X-Contensis-Viewer-Groups
X-GDPR
X-AssetVersion
Serverid
X-Cache-Ttl
X-Cdn-Cache
X-Via-Ucdn
X-Request-Url
X-Via-NSCOPI
X-Store
X-NWS-UUID-VERIFY
RequestId
X-ServerName
Accept-Ch
Server-Id
A
X-Servedby
X-Pc-Key
X-Pc-Appver
X-Akamai-SSL-Client-Sid
X-Pc-Hit
X-EC-Lua
X-Dw-Trace-Id
X-Reqid
X-RequestId
X-Akamai-Request-ID2
Accept-Language
Frontcache
X-LiteSpeed-Tag
X-ZONE
X-Generation-Time
Is-Session-Tracking
X-Cdn-Request-ID
X-Port
Ohc-Response-Time
IBM-Web2-Location
NnCoection
Get-Access-Time
X-Serial
X-HTML-Edge-Cache