Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Accept-Ranges
Pragma
X-Powered-By
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
X-XSS-Protection
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
P3P
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Amz-Cf-Pop
X-AspNet-Version
X-Download-Options
P3p
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Check
X-Adblock-Key
X-Cacheable
Alt-Svc
Content-Security-Policy-Report-Only
X-Generator
X-Cache-Status
X-DNS-Prefetch-Control
X-AspNetMvc-Version
Status
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Buckets
X-Content-Security-Policy
X-Turbo-Charged-By
X-Kinja-Server-Push
X-Request-ID
Upgrade
X-CDN
Xkey
X-Type
Keep-Alive
Access-Control-Expose-Headers
Access-Control-Max-Age
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Backend
X-Cache-Group
X-Server
CF-Ray
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Via
X-Pingback
Grace
X-Nginx-Cache-Status
X-Server-Powered-By
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-UA-Device
X-Robots-Tag
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Proxy-Cache
Request-Context
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Envoy-Upstream-Service-Time
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
X-Device
X-Cache-Lookup
X-Server-Id
X-Amz-Version-Id
X-CST
X-Cnection
X-Node
X-OneAgent-JS-Injection
Surrogate-Control
X-Readtime
Content-Location
EagleEye-TraceId
Report-To
X-Host
X-Response-Time
X-Rq
Feature-Policy
Server-Timing
X-Iejgwucgyu
X-Backend-Server
X-Application-Context
X-ORACLE-DMS-ECID
X-Rack-Cache
X-Url
Allow
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
X-Clacks-Overhead
NEL
Rating
X-DynaTrace
Edge-Control
X-Origin-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country
X-FTR-Request-ID
X-Varnish-TTL
X-Country-Code
X-Cdn
X-Px
X-B3-TraceId
X-ORACLE-DMS-RID
X-Server-ID
X-DataDome
X-Ruxit-JS-Agent
X-GitHub-Request-Id
X-Vhost
X-VARITI-CCR
X-Goog-Hash
Accept-CH
X-Trace
Charset
X-TTL
X-ESI
X-Server-Name
X-Cached
RTSS
Pinterest-Generated-By
X-Mod-Pagespeed
Verso
X-MS-InvokeApp
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-D2id
X-Version
Public-Key-Pins
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-F-Cache
SPRequestGuid
X-Vname
X-PC
X-TtlSet
X-Dispatcher
X-DIS-Request-ID
X-Powered-By-Plesk
Accept-CH-Lifetime
X-Abt-Application-Version
X-T
X-DynaTrace-JS-Agent
X-Powered-CMS
X-SharePointHealthScore
X-Origin-Upstream-Status
X-Fastly-Request-ID
X-Ser
X-Navigation-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream-Env
Pinterest-Version
X-Pinterest-Rid
X-B
X-Client-IP
Realpath
X-Amz-Rid
X-Shield-Request-Id
X-Recruiting
MS-Author-Via
X-Forwarded-Proto
X-HW
X-Upstream
X-Vcap-Request-Id
X-Accel-Buffering
X-Wix-Server-Artifact-Id
SPIisLatency
SPRequestDuration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
DynaTrace
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-XRDS-Location
Arr-Disable-Session-Affinity
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Age
AR-PoweredBy
AR-CACHE
AR-ATIME
Content-MD5
X-Via-JSL
X-Debug
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Hits
X-Goog-Storage-Class
X-Aspnet-Version
X-Id
X-MSEdge-Ref
X-Acc-Meta-Resource-Type
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-NF-Request-ID
X-Ttl
X-FTR-Expires
X-N
Service-Worker-Allowed
S
Access-Control-Request-Method
X-ATG-Version
X-NewRelic-App-Data
X-Oracle-Dms-Rid
X-Logged-In
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-FastCGI-Cache
X-Kinsta-Cache
X-PressLabs-Stats
Edge-Cache-Tag
X-HS-Hub-Id
X-HS-Content-Id
TCN
X-Frontend
Surrogate-Key
X-FTR-Cache-Host
X-RateLimit-Remaining
Rt-Fastcgi-Cache
X-Cache-Key
X-Content-Digest
X-Forwarded-For
X-TA-CDN-Provider
Tracecode
X-Pad
Fastcgi-Cache
X-CF-Powered-By
Ar-Sid
X-Oneagent-Js-Injection
Server-Name
X-Amzn-Trace-Id
X-User-Agent
X-Analytics
Backend-Timing
TP-L2-Cache
Host
TP-Cache
MicrosoftSharePointTeamServices
FilterID
X-Magnolia-Registration
X-Edge-Location
X-Cache-2
X-Debug-Info
Fastly-Restarts
X-Rid
X-Grace
X-B3-Sampled
ServerID
X-Mobile
X-Page-Id
X-Whom
Front-End-Https
Paypal-Debug-Id
X-Revision
X-IPLB-Instance
X-Content-Options
Eomportal-Instance
X-Srv
AR-Request-ID
X-Akam-SW-Version
X-Hostname
X-GUploader-UploadID
Refresh
X-NWS-LOG-UUID
X-LB-Cache
X-VCache
X-Az
X-AppVersion
X-Activity-Id
X-Content-Powered-By
Retry-After
X-Litespeed-Cache
X-B-Cache
X-Signature
X-Cache-Action
X-SS-Set-Cookie
X-Framework
Source
X-Request-Processing-Time
Cleartype
X-Cluster
X-Request-Received
X-Cache-Control
X-Varnish-Hostname
X-Handled-By
X-App-Environment
X-Platform-Server
X-Request-Guid
X-BCube-Filmed-By
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Akamai-Edgescape
X-WA-Info
X-Instance
X-FB-Debug
X-Content-Security-Policy-Report-Only
X-Device-Type
X-Content-Type
X-Zen-Fury
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Accept-Charset
X-AOL-HN
X-Ruxit-Js-Agent
Webserver
X-Cache-Hit
X-Varnish-Grace
Display
X-Esi
X-Sol
X-Varnish-Backend
X-Middleton-Display
X-Cache-Rule
X-Seen-By
ViewerVersion
X-Wix-Request-Id
Healthy
X-TT
X-Correlation-Id
X-Origin-Server
X-Cache-Server
MS-CV
X-Fastcgi-Cache
Cache-Status
X-Drupal-Cache-Tags
X-Middleton-Response
X-DataStream-Cache-Status
Response
Upgrade-Insecure-Requests
X-Cached-By
X-Daa-Tunnel
X-CACHE-GROUP
X-PHP-Backend
X-Cache-Age
X-Storage
X-Varnish-Server
X-Amz-Apigw-Id
Payment
X-Amzn-RequestId
X-Drupal-Cache-Contexts
X-Generated-By
X-App-Server
X-Amz-Replication-Status
X-Geo-Country
Filters
X-UA-Device-Type
X-Response-Served-From
NGB
Server-Node
X-Adobe-Loc
X-Adobe-Content
GEO-INFO
X-S
Access-Control-Allow-Method
X-Cacheable-TTL
Actual-Object-TTL
X-WPE-Loopback-Upstream-Addr
X-Locale
X-Jobs
X-Cache-NE
X-FW-Static
X-Edge-Cache
X-RequestSource
X-Edge-Cache-Key
X-FW-Server
X-FW-Hash
X-UUID
X-Servedby
X-Varnish-IP
X-TT-TIMESTAMP
Viewport
ServedBy
X-Contextid
X-FW-Type
X-FW-Serve
X-Accel-Expires
X-Amz-Server-Side-Encryption
X-Varnish-Hits
X-TX-ID
X-Cache-Remote
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Server-Info
Cache-Tv-Group
X-WebKit-CSP-Report-Only
AsisCache
X-Cache-TTL-Remaining
From-Origin
X-Dns-Prefetch-Control
X-Rendered-As
X-Status
S-Cnection
X-HS-Cache-Config
X-URL
Host-Header
X-App-Version
X-GeoIP
Cache
X-Cache-Operation
X-Region
X-XRDS-LOCATION
X-Webkit-CSP
X-Croise-Owner
SRV
HostName
Content-Style-Type
Content-Script-Type
X-Redis-Cache
DC
Served-By
X-APP-VERSION
X-BACKEND-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Liferay-Portal
X-CACHE-KEY
Ms-Operation-Id
X-RTag
X-Node-Name
X-Cache-Config
Cache-Tag
X-Upgrade-Enabled
X-Hyper-Cache
Public-Key-Pins-Report-Only
Load-Balancing
X-Webstats-RespID
X-Cache-Var-Map
Machine
X-Proxy-Build
X-Is-Bot
X-RN-RSRV
Origin-Edge-Control
Origin-Cache-Control
X-Detected-As
X-Generated
X-Parent-Response-Time
X-Grey
Meta-Geo
Selected-FE
X-Protected-By
X-Path-Route
X-Site-Version
X-Edge-IP
X-NGENIX-Cache
X-Mode
X-Timing-Wait
X-Cache-Var
X-Cache-Category-Id
X-Akamai-Request-ID
X-Agile-Id
X-Agile
X-BYPASS-REASON
Now
X-Agile-Age
Cache-Name
X-Akamai-Transformed
X-CDN-Cache
X-Environment-Context
X-L-Path
X-TNCMS
X-ProxyCache-Key
X-ProxyCache-Status
X-Upstream-CT
X-Web-Node
X-Upstream-HT
X-Original-Request
X-Origin-Response-Time
X-Via-Fastly
X-Loop
X-Human
X-Hosted-By
Powered-By-ChinaCache
X-Internal-Host
X-NCache
X-Labrador-Cache-Channel
X-Request-Time
X-JoinUs
X-Time-Microsecs
Azure-Version
User-Cache-Control
Azure-RegionName
X-Proxy
Azure-SiteName
Azure-SlotName
Cache-Key
X-ServerID
DB-Nickname
X-ProcessESI
X-Origin
X-Origin-CC
X-Birta-Served
X-OCL
Azure-InstanceId
X-Format
X-IP
X-Birta-Cache-Post
X-Origin-Host
X-FC-Vary-Parameters
X-RemovedCookies
X-PCL
X-Pc-Key
X-Pc-Appver
X-Pc-Hit
X-Rule
X-Tumblr-Pixel-3
X-CCM
X-B3-Spanid
Property-Id
TWC-Connection-Speed
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Backend-Name
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Access
Fastcgi-Useragent
S-Rt
X-Www-Served-By
X-Viewer-Country
X-Xfnlog-Site
TWC-Device-Class
X-Tb
X-VG-TLSProxy
X-Section
Cache-Tags
X-Ocache
X-Origin-Hint
TWC-GeoIP-Country
X-Pubstack
TWC-Privacy
X-Forwarded-Host
X-Proxied
X-Zipkin-Id
X-Vg-Webcache
Xserver
X-App-Name
Vix-Hermes-Req-Id
X-Routing-Service
HitType
X-GRACE
Country
X-Vgn-Hpd-Reason
X-TIME
X-ApacheServer
X-PERF
X-FB-TRIP-ID
Pagespeed
Mn-Server-Ip
X-Nginx-Cache
X-Content-Age
X-Cache-Backend
X-Mrs-Age
X-Mrs-Cache-Hits
X-Unique-Id-Primal
X-Mrs-Cache
X-Mshield-Cache-Status
X-Via-CDN
X-Cache-TTL
X-Guploader-Uploadid
X-Correlation-ID
X-Endurance-Cache-Level
Fusion-Source
X-Cdn-Forward
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
X-UA
Fusion-Component-Id
X-RateLimit-Limit
Time
Datacenter
OT-Force-Account-Verify
X-Varnish-Cacheable
Ohc-File-Size
X-Ezoic-Cdn
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Yottaa-Optimizations
X-Sucuri-ID
X-Alternate-Cache-Key
X-Debug-Cache
X-Yottaa-Metrics
X-Varnish-Beresp-Ttl
X-Newrelic-App-Data
X-Real-Ip
X-Real-IP
X-OVcl-Cache
X-OVcl
X-Pc-Host
X-Pc-Date
X-Hl-Ver
LB
NtCoent-Length
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
We-Hiring
X-MP-GENERATED-AT
Mail-Subject
X-COUNTRY
X-Ua
L5d-Success-Class
X-Ratelimit-Limit
X-Unique-ID
X-CDN-Forward
X-Trace-Id
Section-Io-Cache
AR-SID
X-Cache-Enabled
X-Hit
X-Nc
X-Amz-Meta-Surrogate-Control
Access-Control-Request-Headers
X-Proto
User-Agent
X-Dynatrace-Js-Agent
X-Time
X-Microcachable
X-C
Pagetype
Version
X-CLOUD-TRACE-CONTEXT
X-Akamai-Request-ID2
X-Front
X-Server-Cache
X-Rocket-Nginx-Bypass
X-EdgeConnect-Cache-Status
X-HS-Combine-CSS
Warning
X-A
Is-Eu
Magicmarker
X-Rojux
Www
V-Age
Viewtype
VivaBuild
MD5-Digest
IBM-Web2-Location
X-S-Cookie
X-A-Dgt
X-A-Wwc
X-Li-Pop
Frame-Options
X-Served-From
X-A-Dcw
Memcached
X-S-Maxage
X-A-Dam
X-ScT
X-A-Ccd
X-Request-UUID
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
Resin-Trace
PFcat
RNT-Machine
X-Li-Fabric
Rendered-Blocks
Powered-By
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
Release
RNT-Time
X-Accel-Expires-Debug
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Meta-Geo-Continent
Mobile-Detection-Method
X-Returned-From
Rt-Proxy-Cache
Node
Server-Host
Server-ID
Platform
X-ARC
X-Fetched-On
X-CF-Lambda-Version
X-Region-Sid
X-External-Request-Id
X-Reboot
X-Rebelmouse-Surrogate-Control
X-From
X-Passed-To
X-CF-Lambda-Fn
X-Passed-To-BeforeDispatch
X-G
X-FW-Version
X-NU-AKA-ACS-Version
X-DPWN-IS-SECURE
X-Device-Os
X-D
X-Date
X-Developer
X-Destination
X-CUA
Fly-Request-Id
X-Dispatcher-Server
X-Connection-Hash
X-Died
X-Crawler
X-Matched-Rule
X-PHP-Host
X-B-Cookie
X-Auto-Login
X-BB-ID
X-Bip
X-Cache-Bucket
X-Application
X-Amz-Meta-Cache-Control
X-LI-Proto
X-Aed
X-Level-Front-Cache
X-LI-UUID
X-Cache-Debug
X-Logtrace-Id
X-Generated-On
X-RCS-CacheZone
X-Generated-In
X-Rebelmouse-Cache-Control
X-Cache-URL
X-Cache-Id
X-Cache-Host
X-Cache-Expires
X-Qloud-Router
X-Cache-FS-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Actual-URL
X-Server-By
X-Twitter-Response-Tags
X-UE-Client-Country
Arc-Country
Fly-Cache
X-TT-LOGID
Adler-Geo
Ec-Rule-Version
X-Trv-Group
X-WebServer
X-Passed-To-DLL
X-User
BehaviorPad-Version
Xc-Version
X-We-Are-Hiring
Cache-Prefix
X-Passed-To-PostProcessResponse
X-SRCache-Key
X-PAYTM-SRV-ID
Fastly-Backend-Name
Ajk
Ohc-Response-Time
X-Thinkindot-L3
Fastly-SIE
X-Thanos
X-Store
X-Svr
X-Swa-Ws
X-Server-Time
X-Transaction
X-Server-IP
X-Varnish-Action
Fastly-SWR
X-Variation
X-VG-WebServer
X-Var-Ttl
X-ElasticPress-Search
X-Stale
X-Wikidot-Backend
X-Request-Start
X-UnsetCookies
X-Backend-Url
X-Wikidot-Static-Cache
X-Release
X-Backend-Host
X-Cache-CFC
X-Clientip
X-Epic-Correlation-Id
X-MSEdge-Features
X-MSEdge-Flight
X-MI-In-Market
X-Location
X-Layer
X-Proxy-Cache-Status
X-Nginx-Cache-Key
X-No-Session
Accept-Language
X-Phone
X-Origin-Expires
X-Origin-Date
X-Node-Id
X-Via-NSCOPI
X-Irp-Debug
X-Instart-Info
X-Gen-Mode
X-DC
X-Gannett-Site-Version
X-Fstrz
X-Distil-CS
X-Distributor
X-GeoIP-Country-Code
X-Hash
X-Info
X-Proxy-Upstream
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Hnp-Log
X-IN-APIGATEWAY
Lfy
X-Block-Status
Proxy-Connection
MI-API
Countrycode
Cache-Cookie-Set-Lfrom
MI-Cache
Country-Code
SD-X-WS
MI-Cache-Age
Decoy-Debug-Key
Backend
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Backend-Name
Request-Time
Esi-Enabled
Decoy-Debug-Status
Decoy-Debug-TTL
Heartbleed
Kp-EeAlive
Pramga
X-Secret
X-ServiceProvider
X-Server-Group
Web-Mar-Node
Who
Origin
X-Sf
Server-Int
GMS-Ver
AKAMAI
GW-Server
Content-Disposition
True-Client-Country-4JS
X-Response-By
SS
X-NODE
X-Be
On-Server
X-V
HA-Ipaddr
HA-Geocity
HA-Geocountry
HA-Geolat
HA-Cloudapp
X-Origin-TTL
X-P-T
Fastly-SSL
Fastly-Soc-X-Request-Id
X-Platform
X-Policy
HA-Servedtime
HA-Urlpath
X-Key
X-F5-Cache
HA-Host
HA-Geolon
HA-Georegion
Ha-Gx-Prefs
IsBot
CDCHOST
X-CGP
Apple-News-Services-Parsed-Url
X-Developers
REQUESTUUID
X-Cdn-Srv
Apple-News-Services-Host
Apple-News-Services-Handled
X-Core-Value
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Mission
X-Backend-State
X-SVT-ORM-RULES
X-SIPLIST1
X-Page-Type
X-Eu-Site
X-Cache-Info
X-Micro-Cache
X-Fastly-Cache
X-Request-URI
Apple-News-Services-Request-Url
X-SVT-ORM-VERSION
X-Up
PageSpeed
X-Cdn-Origin
X-Debug-Cookies
X-NX-Host
X-Servername
X-Sn-Servicetimems
X-CMS-Context
X-CACHE-AGE
ServerName
X-Debug-Log
RequestId
X-NC
X-Refresh
X-Geo
Cteonnt-Length
WZWS-RAY
X-Dc
X-Pjax-Url
X-LAGOON
MIME-Version
X-Org
X-Via-Edge
X-Via-SSL
X-Newrelic-Synthetics
X-Datadome
X-Servedbyhost
NGX
Cdn
X-VarnCache
X-VarnPar1
X-Req
Memory
Pragrma
X-PARISIEN-Cache-Rendered
X-Urbn-Context-Path
X-CSRF-TOKEN
X-Urbn-Site-Id
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Mime-Version
X-Instance-Name
UCS
Locale
Request-Country
Request-EU
Uber-Trace-Id
X-Wa
Host-ID
X-Generation-Time
X-RateLimit-Limit-Second
PICS-Label
X-FireWall-Port
X-RateLimit-Remaining-Second
Group
X-NWS-UUID-VERIFY
V-Cache
X-Varnish-Cache-Hits
X-VCT
Nel
Cache-Provider
CF-IPCountry
X-Gdpr
X-HTML-Minification-Powered-By
X-Webkit-Csp
X-GeoIP-City
X-WR-MODIFICATION
CDN
X-Varnish-Authentication
XServer
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-Cache-Grace
GeoIP-Latitude
X-BBXSRF
GeoIP-Country-Code
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-B3-Traceid
X-Ratelimit-Remaining
X-Sedo-Request-Id
X-IPS-LoggedIn
X-Aicache-OS
X-FORWARDED-FOR
X-Cache-Miss-From
X-VG-WebCache
X-StackifyID
X-Varnish-Url
Cf-Ipcountry
X-Powered-By-ANYU
HitInfo
X-UPSTREAM-Address
GeoIp-Country-Code
X-Load-Cache
X-Source
X-ND-Cache
Geoip-Latitude
X-Fastly-Country-Code
X-Sucuri-Cache
X-EIG-Tracking-Id
X-Instart-Isnd
X-Check-Cacheable
X-GEO
X-From-Cache
URI
X-RCS-Backend
X-HOST
X-APP
CACHE
X-Fastly-Cache-Hits
Get-Access-Time
Is-Session-Tracking
X-CDN-Pop
Pics-Label
X-FW-Dynamic
Powered
Proxy-Firewall
X-Fastly-Backend-Reqs
X-CDN-Pop-IP
X-WA
X-R9-Blue-Green-Version
X-Unique-Id
X-Dynatrace
X-GoCache-CacheStatus
X-TWH-CORRELATION-ID
DataCenter
X-Varnish-Beresp-TTL
X-Server-W
X-Pc-Subdomain
X-SRV
X-VC-Cache
FSS-Proxy
X-HS-Status
FSS-Cache
X-Skip-Cache
X-ID
X-Sentry-ID
X-PF-Uncompressing
X-RequestId
X-NodeID
X-Nananana
X-ServedByHost
Processtime
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
X-Cluster-Node
X-Flog
X-GDPR
X-B3-SpanId
X-Hello
X-TrackingId
SN
X-ABtesting
WP-Super-Cache
X-VServer
X-CSRF-Token
X-BE
Cache-Hits
X-Oss-Request-Id
X-Pf-Uncompressing
X-Oss-Storage-Class
Dynatrace
X-Oss-Object-Type
X-Fe
Hostname
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Csrf-Token
X-Bug-Bounty
X-LiteSpeed-Cache-Control
ProcessTime
X-Amzn-Remapped-Connection
X-GZip
X-Amzn-Remapped-Date
X-GZIP
X-Gen-Id
X-Backend-TTL
X-Worker
X-ORIG-AKA-EDGE
X-NGINX-Cache
X-ES-SERVER
TSSecure
Requestid
X-Cache-Ttl
Serverid
Cdn-Request-Time
X-AWS-Id
Cdn-Host
X-LJ-Flow-ID
X-VC
X-ORIG-AKA-COUNTRY-CODE
X-VWS-Id
X-MServer
X-Tb-Optimization-Total-Bytes-Saved
SID
X-ServerName
X-Edge-Server
X-SN
X-Owner
X-PAGE-TYPE
RequestUuid
X-SB
X-Varnish-URL
X-HostName
T-Server
X-Alicdn-Da-Ups-Status
X-Swift-Error
X-LiteSpeed-Tag
355prline
225prxHost
352pxline
286prxHost
Xxline
219prxHost
X-LB-ID
X-Requestid
409pxxline
X-Serial
X-VarnPar2
A
Location
X-CS
X-Developed-By
X-Dw-Trace-Id
Xet-Cookie
Correlation-Id
178proxuri
188prxHost
DSUID
Cneonction
X-RAMCache
189phosttRef