Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
CF-Ray
Xkey
P3p
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Nginx-Cache-Status
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Kinja-Server-Push
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-Response-Time
X-Host
Surrogate-Control
X-Rq
X-OneAgent-JS-Injection
X-Cnection
X-WebKit-CSP
X-Node
X-Backend-Server
X-Server-Id
Server-Timing
X-Readtime
X-Rack-Cache
Report-To
Request-Id
EagleEye-TraceId
X-Application-Context
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Edge-Control
NEL
Rating
X-Country
X-Url
X-Server-Name
X-Varnish-TTL
X-MS-InvokeApp
X-DataDome
X-Px
X-DynaTrace
Pinterest-Generated-By
X-Country-Code
Allow
X-TTL
X-Origin-Cache
X-Vhost
X-TtlSet
X-PC
X-Vname
X-Cached
X-FTR-Request-ID
X-ESI
RTSS
X-Ruxit-JS-Agent
X-Goog-Hash
SPRequestGuid
Charset
X-VARITI-CCR
X-Trace
X-Powered-By-Plesk
X-Powered-CMS
X-SharePointHealthScore
X-DynaTrace-JS-Agent
Accept-CH
X-GitHub-Request-Id
X-Server-ID
X-Dispatcher
X-T
Public-Key-Pins
X-D2id
X-Mod-Pagespeed
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-F-Cache
Verso
Content-MD5
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Oracle-Dms-Rid
X-B3-TraceId
X-Version
MS-Author-Via
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-Recruiting
X-Dns-Prefetch-Control
X-Abt-Application-Version
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Client-IP
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-DIS-Request-ID
X-N
X-Navigation-Version
AR-ATIME
AR-CACHE
AR-PoweredBy
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
X-Amz-Rid
X-ORACLE-DMS-RID
X-B
X-Upstream
X-Fastly-Request-ID
X-Dw-Request-Base-Id
X-Origin-Upstream-Status
DynaTrace
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Meta-S3cmd-Attrs
Fastly-Restarts
X-Hits
TCN
Realpath
Paypal-Debug-Id
X-Wix-Server-Artifact-Id
X-XRDS-Location
X-Accel-Buffering
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
S
Access-Control-Request-Method
X-Content-Digest
X-Id
X-Debug
X-Varnish-Age
Front-End-Https
X-Webkit-Csp
X-Oneagent-Js-Injection
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Vcap-Request-Id
X-MSEdge-Ref
X-Use-Magma
X-Frontend
X-RateLimit-Remaining
Edge-Cache-Tag
X-IPLB-Instance
X-ATG-Version
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-PressLabs-Stats
X-Kinsta-Cache
X-Amz-Cf-Pop
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
Surrogate-Key
MicrosoftSharePointTeamServices
X-Cache-Hit
X-Sol
Display
X-Middleton-Display
X-Forwarded-For
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Request-Processing-Time
X-Request-Received
Powered-By-ChinaCache
X-Zen-Fury
X-Edge-Location
X-B3-TraceId-Primal
X-Litespeed-Cache
Backend-Timing
X-Analytics
Server-Name
X-Debug-Info
X-Amzn-Trace-Id
X-Rid
X-User-Agent
X-FastCGI-Cache
X-Revision
X-Grace
Host
TP-L2-Cache
X-FTR-Cache-Host
TP-Cache
FilterID
X-CF-Powered-By
X-Akam-SW-Version
Response
X-Middleton-Response
X-Fastcgi-Cache
X-HS-Cache-Config
Ar-Sid
X-TA-CDN-Provider
X-Mobile
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Drupal-Cache-Tags
AR-Request-ID
X-SS-Set-Cookie
X-Magnolia-Registration
X-Newrelic-App-Data
X-SERVER
X-NewRelic-App-Data
X-Ttl
Cache-Status
Refresh
X-Accel-Expires
X-Cached-By
Host-Header
X-B3-Sampled
ServerID
X-Webkit-CSP
X-Varnish-Backend
X-Node-Name
X-AOL-HN
X-Content-Security-Policy-Report-Only
X-Instance
X-NWS-LOG-UUID
X-GUploader-UploadID
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cluster
X-FB-Debug
X-Akamai-Edgescape
X-Cache-Control
X-Signature
X-B-Cache
X-Whom
X-Cache-2
Eomportal-Instance
X-Platform-Server
X-Varnish-Hostname
X-VCache
X-Device-Type
X-Framework
X-BCube-Filmed-By
X-LB-Cache
X-Page-Id
X-App-Environment
X-Ruxit-Js-Agent
X-Handled-By
Cleartype
X-Generated-By
X-Srv
X-Request-Guid
Cache-Tag
X-Activity-Id
X-AppVersion
X-Cache-Rule
X-Az
X-Drupal-Cache-Contexts
DC
Liferay-Portal
X-Via-JSL
X-Cache-Action
X-App-Server
X-WPE-Loopback-Upstream-Addr
X-Cache-Server
Source
X-Content-Powered-By
MS-CV
Retry-After
Alternate-Protocol
Public-Key-Pins-Report-Only
X-App-Version
X-Hostname
X-HS-Combine-CSS
X-Varnish-Grace
X-Correlation-Id
HostName
X-WA-Info
X-Geo-Country
X-Amz-Replication-Status
X-Varnish-Server
X-Seen-By
X-TT
X-Wix-Request-Id
X-Esi
ViewerVersion
Accept-Charset
AR-SID
Server-Node
Pagespeed
X-Daa-Tunnel
Webserver
X-URL
Upgrade-Insecure-Requests
X-Geo-Segment
X-Response-Served-From
X-Cache-NE
X-Tumblr-Pixel-1
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
AsisCache
X-Amzn-RequestId
X-Amz-Apigw-Id
SRV
X-Locale
X-GeoIP
Actual-Object-TTL
GEO-INFO
X-RequestSource
X-Jobs
X-Varnish-Hits
ServedBy
X-FW-Serve
X-Contextid
X-Yottaa-Metrics
X-FW-Server
Viewport
X-FW-Static
X-Servedby
X-Yottaa-Optimizations
X-FW-Type
X-Edge-Cache
X-S
Payment
X-Edge-Cache-Key
X-FW-Hash
X-UUID
X-Status
X-Varnish-IP
X-TX-ID
Cache
X-Adobe-Content
X-Adobe-Loc
X-XRDS-LOCATION
X-Cacheable-TTL
X-TT-TIMESTAMP
X-Origin-Server
X-Vg-Webcache
X-Cache-TTL-Remaining
X-Correlation-ID
S-Cnection
X-Hyper-Cache
X-Forwarded-Host
X-RateLimit-Limit
X-Cache-Operation
X-Amz-Server-Side-Encryption
X-Cache-Age
Server-Info
Datacenter
X-Region
Served-By
X-Mode
X-Sucuri-ID
X-Akamai-Request-ID2
X-CLOUD-TRACE-CONTEXT
Access-Control-Allow-Method
X-DataStream-Cache-Status
Country
CACHE
Healthy
X-Real-IP
From-Origin
X-Content-Type
X-Akamai-Transformed
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Cache-Config
X-Site-Version
X-Detected-As
X-Upgrade-Enabled
X-Rendered-As
X-Proxied
X-Proxy
X-Rule
X-Environment-Context
X-Is-Bot
X-RN-RSRV
X-Generated
X-JoinUs
X-Routing-Service
X-L-Path
X-Path-Route
X-Zipkin-Id
Meta-Geo
X-Cache-Var
X-Cache-Var-Map
Machine
X-Ocache
X-Agile
X-Agile-Age
X-Format
X-Access
X-Hosted-By
X-Request-Time
X-Human
X-Agile-Id
Now
X-EIG-Tracking-Id
X-Viewer-Country
Fastcgi-Useragent
DB-Nickname
X-NGENIX-Cache
X-Via-CDN
X-CDN-Cache
X-Birta-Cache-Post
X-Section
X-Birta-Served
X-Amz-Meta-Surrogate-Control
L5d-Success-Class
X-Ezoic-Cdn
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
X-TNCMS
X-Origin-Hint
OT-Force-Account-Verify
X-Via-Fastly
Property-Id
S-Rt
TWC-Connection-Speed
Webcakes-Region
X-Tb
X-Pc-Key
X-Loop
X-Pc-Hit
X-Microcachable
X-OCL
X-Pc-Appver
X-Labrador-Cache-Channel
X-PCL
X-ServerID
X-Cache-Category-Id
X-CCM
X-FC-Vary-Parameters
X-Hit
X-Grey
Cache-Name
TWC-Device-Class
Xserver
X-Upstream-HT
X-ProcessESI
X-Cluster-Node
X-Cdn
X-VG-TLSProxy
HitInfo
X-IP
X-Pubstack
X-ProxyCache-Key
X-RemovedCookies
X-Upstream-CT
X-Web-Node
HitType
X-BYPASS-REASON
X-Original-Request
Azure-InstanceId
X-Xfnlog-Site
X-Guploader-Uploadid
X-Origin
X-ProxyCache-Status
Azure-RegionName
X-OVcl
Azure-Version
Azure-SiteName
Azure-SlotName
X-OVcl-Cache
X-ShardId
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
Origin-Edge-Control
X-ShopId
Origin-Cache-Control
X-TIME
X-Proxy-Build
LB
Accept-Language
X-Www-Served-By
Mn-Server-Ip
X-Sorting-Hat-PodId
Selected-FE
X-Real-Ip
X-Geo
X-GRACE
X-Rocket-Nginx-Bypass
X-RTag
X-Connection-Hash
X-AWS-Id
X-LJ-Flow-ID
X-App-Name
X-Twitter-Response-Tags
X-Transaction
Ms-Operation-Id
X-SplitTest
X-VWS-Id
X-TWH-CORRELATION-ID
NGB
X-Cache-Enabled
Content-Style-Type
X-Cdn-Forward
X-Source
Content-Script-Type
Access-Control-Request-Headers
IBM-Web2-Location
Filters
X-Unique-ID
X-NodeID
Cache-Hits
X-Cache-Remote
X-UA
Time
X-Internal-Host
X-NCache
X-Nginx-Cache
X-Pc-Date
X-Origin-CC
X-Pc-Host
X-Tumblr-Pixel-3
X-Ms-Version
X-CACHE-KEY
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-MP-GENERATED-AT
X-Port
We-Hiring
Mail-Subject
X-Proto
NtCoent-Length
X-Cache-TTL
X-UA-Device-Type
X-Edge-IP
Backend
X-Distil-CS
X-PHP-Backend
X-Debug-Cache
X-Vgn-Hpd-Reason
X-Storage
X-Varnish-Cacheable
X-Time-Microsecs
X-APP-VERSION
X-Webstats-RespID
PageSpeed
Cache-Tags
X-CACHE-GROUP
X-Backend-Name
X-Akamai-Request-ID
X-Csrf-Token
X-Ua
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Ratelimit-Limit
User-Agent
X-Endurance-Cache-Level
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Dc
Warning
X-EdgeConnect-Cache-Status
X-Nc
X-B3-Spanid
X-PERF
X-Sucuri-Cache
X-ApacheServer
X-Redis-Cache
Fastly-SSL
X-CACHE-AGE
X-Mrs-Age
X-C
X-ElasticPress-Search
X-Mrs-Cache
X-Mshield-Cache-Status
X-Origin-Response-Time
X-Mrs-Cache-Hits
Ha-Gx-Prefs
X-Developer
Meta-Geo-Continent
HA-Ipaddr
HA-Servedtime
X-Died
MD5-Digest
HA-Urlpath
HA-Host
HA-Geocity
X-Eu-Site
Cache-Prefix
Content-Disposition
Ec-Rule-Version
X-F5-Cache
BehaviorPad-Version
X-From
X-Fetched-On
Ajk
Arc-Country
X-DPWN-IS-SECURE
Fly-Cache
X-Destination
HA-Geocountry
HA-Geolat
HA-Geolon
HA-Cloudapp
GMS-Ver
Fly-Request-Id
FSS-Cache
FSS-Proxy
HA-Georegion
Powered-By
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
VivaBuild
X-Cdn-Origin
X-A
X-Accel-Expires-Debug
X-PAYTM-SRV-ID
X-BB-ID
X-BBXSRF
X-Cache-Bucket
X-B-Cookie
X-Application
X-Aed
X-Amz-Meta-Cache-Control
X-Cache-Host
Viewtype
V-Age
X-Rewrite-Enabled
X-D
Rendered-Blocks
X-Date
X-Debug-Cookies
X-Region-Sid
X-Debug-Log
Odigeo-Trace-Id
Resin-Trace
Rt-Proxy-Cache
X-CF-Lambda-Version
UCS
X-CF-Lambda-Fn
TSSecure
X-CGP
Server-Host
SN
Mobile-Detection-Method
X-External-Request-Id
X-IN-SSL-APIGATEWAY
X-Cache-Backend
X-IN-WAF
X-Sn-Servicetimems
X-Server-Time
X-IN-APIGATEWAY
X-GeoIP-Country-Code
X-Org
X-Hash
X-NX-Host
X-Rojux
X-Irp-Debug
X-VG-WebServer
X-Logtrace-Id
X-UE-Client-Country
X-Trv-Group
X-Via-Edge
X-Via-SSL
X-SRCache-Key
X-Croise-Owner
X-NU-AKA-ACS-Version
X-Store
X-Server-By
Xc-Version
X-Generated-In
X-ScT
X-S-Cookie
X-G
Cache-Key
X-Wikidot-Backend
X-Qloud-Router
X-Core-Value
RNT-Machine
X-Cache-Id
X-Layer
X-Clientip
X-V
RNT-Time
Apple-News-Services-Handled
X-Key
Origin
Apple-News-Services-Host
X-Wikidot-Static-Cache
Pramga
Server-ID
Release
X-User
Decoy-Debug-Key
X-Var-Ttl
X-Thinkindot-L3
X-No-Session
X-S-Maxage
X-ABtesting
Www
X-Location
X-Matched-Rule
X-Dynatrace-Js-Agent
X-Via-NSCOPI
Decoy-Debug-Status
X-Rebelmouse-Surrogate-Control
AKAMAI
X-Reboot
X-Rebelmouse-Cache-Control
Thinkindot-CacheControl
X-VServer
Thinkindot-Control
Thinkindot-CacheControl-Type
X-FW-Version
Apple-News-Services-Parsed-Url
X-Hl-Ver
X-Hello
GW-Server
X-UnsetCookies
X-Epic-Correlation-Id
Apple-News-Services-Request-Url
Decoy-Debug-TTL
X-Backend-Url
X-Request-URI
Countrycode
Fastly-Soc-X-Request-Id
Fastly-SIE
X-GeoIP-City
Fastly-SWR
Country-Code
X-Response-By
Frame-Options
X-Platform
X-ServiceProvider
X-Auto-Login
X-Release
X-Backend-State
X-Developers
X-Trace-Id
X-Flog
X-Cache-URL
X-SIPLIST1
Memcached
X-Request-Start
X-Backend-Host
Heartbleed
X-Dispatcher-Server
X-MServer
X-We-Are-Hiring
IsBot
X-Varnish-Beresp-Ttl
X-Datadome
X-NC
Version
X-Cache-Debug
X-MI-In-Market
X-Cache-Expires
X-Passed-To-BeforeDispatch
X-Gen-Mode
X-Gannett-Site-Version
X-Device-Os
X-Info
X-Block-Status
X-Owner
X-Passed-To
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Distributor
X-Hnp-Log
X-Instance-Name
X-Fastly-Cache
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Passed-To-PostProcessResponse
X-P-T
X-Passed-To-DLL
X-CUA
X-Crawler
X-Core-Mission
X-Node-Id
X-LI-UUID
Kp-EeAlive
X-Sentry-ID
X-Newrelic-Synthetics
X-Secret
X-Served-From
X-Nginx-Cache-Key
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Backend-Name
Adler-Geo
X-Returned-From-BeforeDispatch
X-Bip
X-Server-IP
X-Oss-Request-Id
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Swa-Ws
X-Thanos
X-Up
X-Variation
X-Varnish-Action
X-VCT
X-Oss-Storage-Class
X-Oss-Server-Time
X-Sf
X-Worker
X-WebServer
X-Stale
Cache-Cookie-Set-Lfrom
X-Returned-From
True-Client-Country-4JS
Uber-Trace-Id
Server-Int
Request-EU
Pragrma
Request-Country
User-Cache-Control
Web-Mar-Node
X-Policy
X-Phone
X-Powered-By-ANYU
X-RCS-CacheZone
WZWS-RAY
X-Actual-URL
Platform
Section-Io-Cache
X-Request-UUID
Is-Eu
Magicmarker
MI-Cache
Esi-Enabled
Fastly-Backend-Name
On-Server
MI-Cache-Age
X-CDN-Forward
X-NWS-UUID-VERIFY
X-Cache-CFC
MI-API
X-MSEdge-Flight
X-Fstrz
X-MSEdge-Features
Amp-Access-Control-Allow-Source-Origin
X-HOST
X-DC
X-Cache-FS-Status
CDCHOST
X-NODE
X-Refresh
Proxy-Connection
X-TT-LOGID
REQUESTUUID
X-Parent-Response-Time
Pagetype
V-Cache
Group
X-SN
X-Page-Type
RequestId
X-Backend-TTL
Cteonnt-Length
X-Unique-Id-Primal
HTTPS
X-Be
X-Pjax-Url
X-Req
X-Cache-Srv
Who
MIME-Version
X-Ms-Lease-State
X-Kong-Proxy-Latency
X-Time
X-Kong-Upstream-Latency
Fusion-Source
X-Servername
NodeID
X-Oracle-Dms-Ecid
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-GZip
Memory
X-Origin-TTL
ProcessTime
Cdn
Mime-Version
X-BB-IP
Cdn-Host
Cdn-Request-Time
X-Edge-Server
SS
X-Servedbyhost
X-Protected-By
X-ND-Cache
X-Aicache-OS
X-Ckpd-Fst-Backend
CF-IPCountry
X-Server-Group
X-Content-Age
SD-X-WS
X-COUNTRY
PageType
X-Wa
X-Varnish-Beresp-TTL
GeoIP-Country-Code
A
X-SRV
CDN
GeoIP-Latitude
Is-Session-Tracking
X-APP
X-Origin-Date
Get-Access-Time
X-Origin-Expires
XServer
X-B3-Traceid
VIX-Pulpo-Node
X-Pf-Uncompressing
X-Origin-Host
X-Varnish-Url
VIX-Pulpo-Upstream-Status
X-StackifyID
X-WA
Serverid
Geoip-Latitude
GeoIp-Country-Code
X-Unique-Id
X-Fastly-Country-Code
PICS-Label
X-Requestid
X-RateLimit-Remaining-Second
X-Generation-Time
X-RateLimit-Limit-Second
X-Cache-Info
Processtime
X-CSRF-Token
X-Ratelimit-Remaining
X-FireWall-Port
X-PHP-Host
X-Gdpr
Node
X-Fastly-Cache-Hits
X-Nananana
Nel
X-Proxy-Upstream
Cf-Ipcountry
X-Proxy-Cache-Status
X-ID
X-Load-Cache
Vix-Hermes-Req-Id
X-ServedByHost
X-RequestId
X-CS
X-EC-Security-Audit
DataCenter
X-Check-Cacheable
X-SERVER-NAME
X-GEO
Cache-Tv-Group
URI
X-UPSTREAM-Address
X-Server-W
X-HS-Status
X-FORWARDED-FOR
Hostname
X-GZIP
Cache-Provider
X-BACKEND-TTL
X-Surge-Debug
X-NGINX-Cache
NGX
T-Server
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Vcache
X-Fastly-Backend-Reqs
X-HTML-Minification-Powered-By
WP-Super-Cache
X-WR-MODIFICATION
Request-Time
X-B3-SpanId
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-ServerName
X-DataStream-Origin-MEX-Latency
X-Micro-Cache
PFcat
Host-ID
X-Fe
X-DataStream-MidMile-RTT
X-HTML-Edge-Cache
X-PF-Uncompressing
X-VG-WebCache
X-BE
X-Atg-Version
X-Debug-Cache-Fetch
Https
X-Alicdn-Da-Ups-Status
ServerName
Load-Balancing
X-GDPR
X-Debug-Cache-Expiry
X-Front
RequestUuid
X-IPS-LoggedIn
Requestid
X-PJAX-URL
X-Debug-Cache-Store
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
WebServer
N-Cache
X-SB
X-Svr
X-PARISIEN-Cache-Rendered
X-VC
X-Skip-Cache
X-PAGE-TYPE
X-Cache-Ttl
X-ARC
X-Distil-Cs
X-VarnCache
X-From-Cache
X-VarnPar1
X-FB-TRIP-ID
Ohc-Response-Time
Pics-Label
X-Instart-Info
X-Serial
Ohc-File-Size
X-VarnPar2
X-Level-Front-Cache
X-Cdn-Srv
X-Generated-On
X-Swift-Error
X-Grace-Duration
X-Gen-Id
X-Proxy-Server
X-Feature
X-RAMCache
X-Dw-Trace-Id
SID
Build-Number
Cdn-Src-Port
Lfy