Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
X-Request-Id
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
Upgrade
X-Type
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
Xkey
CF-Ray
X-Backend
P3p
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Nginx-Cache-Status
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Kinja-Server-Push
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
X-Ac
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-Host
X-Response-Time
Surrogate-Control
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Rq
X-Cnection
X-Node
X-Backend-Server
X-Server-Id
X-Readtime
Server-Timing
X-Rack-Cache
Report-To
Request-Id
EagleEye-TraceId
X-Application-Context
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
X-Url
Rating
X-Country
X-Server-Name
X-Px
X-Varnish-TTL
X-TTL
X-DataDome
X-MS-InvokeApp
Pinterest-Generated-By
Allow
X-Country-Code
X-DynaTrace
X-Origin-Cache
X-Vhost
X-Vname
X-TtlSet
X-PC
X-Cached
X-FTR-Request-ID
X-ESI
RTSS
X-Goog-Hash
X-Ruxit-JS-Agent
Charset
SPRequestGuid
X-VARITI-CCR
X-Trace
X-Oracle-Dms-Rid
X-Powered-By-Plesk
X-Powered-CMS
Accept-CH
X-GitHub-Request-Id
X-SharePointHealthScore
X-Dispatcher
Public-Key-Pins
X-D2id
X-T
X-Mod-Pagespeed
X-Server-ID
X-DynaTrace-JS-Agent
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-F-Cache
Content-MD5
X-Cdn-Fetch
Verso
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-B3-TraceId
MS-Author-Via
X-Version
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-Recruiting
X-Abt-Application-Version
X-Dns-Prefetch-Control
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-Client-IP
X-N
X-DIS-Request-ID
X-Navigation-Version
AR-ATIME
AR-CACHE
AR-PoweredBy
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-Amz-Rid
X-B
X-Upstream
X-Dw-Request-Base-Id
X-Fastly-Request-ID
DynaTrace
X-Origin-Upstream-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Amz-Meta-S3cmd-Attrs
Fastly-Restarts
X-Hits
TCN
X-ORACLE-DMS-RID
Realpath
X-XRDS-Location
Paypal-Debug-Id
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Content-Options
Arr-Disable-Session-Affinity
X-NF-Request-ID
Service-Worker-Allowed
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
Access-Control-Request-Method
S
X-Content-Digest
X-Id
X-Varnish-Age
X-Debug
Front-End-Https
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-Vcap-Request-Id
X-MSEdge-Ref
X-Webkit-Csp
X-Oneagent-Js-Injection
X-Frontend
X-ATG-Version
X-IPLB-Instance
X-FTR-Backend
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Kinsta-Cache
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
Edge-Cache-Tag
X-PressLabs-Stats
X-Use-Magma
X-RateLimit-Remaining
X-Logged-In
X-HS-Hub-Id
X-HS-Content-Id
X-Middleton-Display
Display
X-Sol
X-Cache-Hit
Surrogate-Key
X-Amz-Cf-Pop
MicrosoftSharePointTeamServices
X-Forwarded-For
Rt-Fastcgi-Cache
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
Powered-By-ChinaCache
X-Zen-Fury
X-Edge-Location
Ar-Sid
Server-Name
Backend-Timing
X-Grace
X-Analytics
X-Fastcgi-Cache
X-Debug-Info
X-Amzn-Trace-Id
X-Rid
X-B3-TraceId-Primal
X-User-Agent
X-Revision
Host
FilterID
TP-L2-Cache
TP-Cache
X-FTR-Cache-Host
Response
X-Middleton-Response
X-Litespeed-Cache
X-CF-Powered-By
X-Akam-SW-Version
X-NewRelic-App-Data
X-FastCGI-Cache
X-HS-Cache-Config
X-Cache-Key
X-Mobile
AMP-Access-Control-Allow-Source-Origin
X-SS-Set-Cookie
X-Drupal-Cache-Tags
X-Magnolia-Registration
AR-Request-ID
X-TA-CDN-Provider
X-Accel-Expires
Refresh
Cache-Status
X-Ruxit-Js-Agent
X-Cached-By
Host-Header
X-Ttl
X-SERVER
X-Newrelic-App-Data
X-B3-Sampled
ServerID
X-AOL-HN
X-Varnish-Backend
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Instance
X-Platform-Server
X-FB-Debug
X-Cache-Control
Eomportal-Instance
X-Akamai-Edgescape
X-B-Cache
X-Signature
X-Cache-2
X-Webkit-CSP
X-Varnish-Hostname
X-Device-Type
X-Framework
X-Whom
X-BCube-Filmed-By
X-LB-Cache
X-App-Environment
X-Page-Id
X-Generated-By
X-Srv
X-NWS-LOG-UUID
Cleartype
X-Handled-By
Cache-Tag
X-Request-Guid
X-GUploader-UploadID
X-Cache-Rule
DC
X-Drupal-Cache-Contexts
X-Az
X-Activity-Id
X-AppVersion
X-VCache
Liferay-Portal
X-Cache-Action
X-App-Server
X-Via-JSL
X-WPE-Loopback-Upstream-Addr
X-Cache-Server
Source
Public-Key-Pins-Report-Only
X-Content-Powered-By
X-App-Version
Alternate-Protocol
Retry-After
X-Correlation-Id
MS-CV
X-HS-Combine-CSS
X-Hostname
X-Varnish-Grace
X-Seen-By
HostName
X-Amz-Replication-Status
X-TT
X-Wix-Request-Id
ViewerVersion
Accept-Charset
X-WA-Info
X-Geo-Segment
X-Geo-Country
X-Varnish-Server
Server-Node
X-Esi
Upgrade-Insecure-Requests
Webserver
X-Daa-Tunnel
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Cache-NE
X-Response-Served-From
X-Tumblr-Pixel-1
AsisCache
X-Amzn-RequestId
Pagespeed
X-Amz-Apigw-Id
SRV
Actual-Object-TTL
X-Locale
X-GeoIP
GEO-INFO
X-URL
X-RequestSource
X-Varnish-Hits
Cache
X-Jobs
ServedBy
X-UUID
X-Yottaa-Metrics
X-Contextid
X-S
X-Servedby
X-Edge-Cache-Key
X-Edge-Cache
X-Yottaa-Optimizations
Payment
Viewport
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Status
X-FW-Hash
X-Varnish-IP
X-TX-ID
AR-SID
X-Adobe-Loc
X-Adobe-Content
X-Cacheable-TTL
X-TT-TIMESTAMP
X-Origin-Server
X-XRDS-LOCATION
X-Cache-TTL-Remaining
S-Cnection
X-Vg-Webcache
X-Correlation-ID
X-Cache-Age
X-Hyper-Cache
X-Forwarded-Host
X-Amz-Server-Side-Encryption
Datacenter
X-Cache-Operation
Server-Info
X-RateLimit-Limit
Served-By
X-Region
X-Sucuri-ID
X-Akamai-Request-ID2
X-Mode
Country
Access-Control-Allow-Method
Healthy
X-Ezoic-Cdn
X-CLOUD-TRACE-CONTEXT
From-Origin
X-Guploader-Uploadid
X-TIME
X-DataStream-Cache-Status
X-Content-Type
Machine
X-Upgrade-Enabled
X-Detected-As
Meta-Geo
X-Zipkin-Id
Fastcgi-X-Cache-Version
X-RN-RSRV
X-L-Path
X-Cache-Var-Map
X-Ocache
X-JoinUs
X-Is-Bot
X-Generated
X-Environment-Context
X-Path-Route
X-Proxied
X-Site-Version
X-Cache-Var
X-Rule
X-Routing-Service
X-Proxy
X-Rendered-As
X-Cache-Config
Fastcgi-X-Cache
X-Cache-Category-Id
X-Birta-Served
X-Birta-Cache-Post
X-CDN-Cache
X-EIG-Tracking-Id
X-Human
X-Hosted-By
X-Grey
X-Amz-Meta-Surrogate-Control
X-Agile-Id
DB-Nickname
Fastcgi-Useragent
L5d-Success-Class
Now
X-Viewer-Country
X-Agile-Age
X-Agile
X-Real-IP
X-Request-Time
CACHE
X-NGENIX-Cache
X-Akamai-Transformed
X-Via-CDN
OT-Force-Account-Verify
X-Pc-Appver
Cache-Name
X-CCM
X-Tb
X-OCL
X-Access
X-Loop
S-Rt
Xserver
X-Via-Fastly
X-TNCMS
X-Pc-Hit
X-PCL
X-Section
X-Labrador-Cache-Channel
X-Hit
X-Microcachable
X-FC-Vary-Parameters
X-Format
X-Pc-Key
X-ServerID
TWC-Locale-Group
X-OVcl-Cache
HitType
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
X-ProcessESI
X-Upstream-CT
TWC-GeoIP-Country
X-Original-Request
HitInfo
X-ProxyCache-Status
X-BYPASS-REASON
X-Cluster-Node
X-Pubstack
X-LJ-Flow-ID
X-IP
X-RemovedCookies
X-ProxyCache-Key
X-AWS-Id
X-OVcl
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-SplitTest
X-Origin
X-Origin-Hint
TWC-Privacy
Property-Id
X-Web-Node
X-VG-TLSProxy
X-Xfnlog-Site
X-Upstream-HT
X-VWS-Id
Accept-Language
X-Real-Ip
Azure-InstanceId
X-Www-Served-By
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Proxy-Build
X-ShardId
X-Shopify-Stage
Azure-RegionName
X-Sorting-Hat-ShopId
X-ShopId
X-Timing-Wait
Selected-FE
Azure-Version
Azure-SlotName
Azure-SiteName
Origin-Edge-Control
Origin-Cache-Control
Mn-Server-Ip
X-App-Name
X-Cdn
X-Rocket-Nginx-Bypass
X-UA
LB
X-Cache-Enabled
X-Transaction
X-Connection-Hash
X-RTag
X-Twitter-Response-Tags
X-TWH-CORRELATION-ID
Ms-Operation-Id
X-Cdn-Forward
Content-Script-Type
Content-Style-Type
NGB
X-Source
X-GRACE
IBM-Web2-Location
X-Geo
Access-Control-Request-Headers
Time
Filters
X-NodeID
Cache-Hits
X-Cache-Remote
X-Origin-CC
X-Unique-ID
X-Port
X-Pc-Date
X-Pc-Host
X-NCache
X-Nginx-Cache
X-Internal-Host
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
NtCoent-Length
X-Cache-TTL
X-Tumblr-Pixel-3
X-Ms-Version
PageSpeed
X-MP-GENERATED-AT
X-Proto
We-Hiring
Mail-Subject
X-Edge-IP
X-UA-Device-Type
Backend
X-Varnish-Cacheable
X-CACHE-KEY
X-Distil-CS
X-Debug-Cache
X-Storage
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Dynatrace-Js-Agent
X-PHP-Backend
X-Webstats-RespID
X-Backend-Name
Cache-Tags
X-APP-VERSION
X-Ratelimit-Limit
X-Csrf-Token
X-CACHE-GROUP
X-Akamai-Request-ID
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Dc
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Nc
X-Ua
User-Agent
Warning
X-Sucuri-Cache
X-ApacheServer
X-PERF
X-EdgeConnect-Cache-Status
X-Endurance-Cache-Level
X-Mrs-Cache-Hits
Fastly-SSL
X-ElasticPress-Search
X-Mshield-Cache-Status
X-Mrs-Age
X-B3-Spanid
X-Mrs-Cache
X-Redis-Cache
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
Rendered-Blocks
Server-Host
SN
TSSecure
UCS
Rt-Proxy-Cache
Resin-Trace
Powered-By
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-IN-APIGATEWAY
Odigeo-Trace-Id
Ha-Gx-Prefs
Fly-Cache
Fly-Request-Id
FSS-Cache
FSS-Proxy
Ec-Rule-Version
Content-Disposition
Arc-Country
BehaviorPad-Version
Cache-Prefix
GMS-Ver
HA-Cloudapp
HA-Host
HA-Ipaddr
HA-Servedtime
V-Age
HA-Georegion
HA-Geocity
HA-Geocountry
HA-Geolat
HA-Urlpath
X-A-Dgt
X-Debug-Cookies
X-Debug-Log
X-Destination
X-Developer
X-Date
X-D
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CGP
X-Died
X-DPWN-IS-SECURE
X-GeoIP-Country-Code
X-G
X-Generated-In
X-From
X-Fetched-On
X-Eu-Site
X-External-Request-Id
X-F5-Cache
X-Cdn-Origin
X-Region-Sid
Ajk
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-A-Dam
VivaBuild
X-A
X-A-Ccd
X-Amz-Meta-Cache-Control
X-Application
X-Hash
X-Cache-Bucket
X-Cache-Host
X-BBXSRF
X-BB-ID
X-B-Cookie
X-Backend-Host
X-Backend-Url
Viewtype
HA-Geolon
X-NU-AKA-ACS-Version
X-Server-Time
Xc-Version
X-Croise-Owner
X-Via-SSL
X-VG-WebServer
X-Via-Edge
X-Store
X-SRCache-Key
X-Cache-Backend
X-Sn-Servicetimems
X-Irp-Debug
X-NX-Host
X-PAYTM-SRV-ID
X-Org
X-ScT
X-Server-By
X-Logtrace-Id
X-Trv-Group
X-S-Cookie
X-UE-Client-Country
X-Rojux
X-Rewrite-Enabled
Cache-Key
X-C
X-CACHE-AGE
X-Request-URI
X-Request-Start
Thinkindot-Control
X-GeoIP-City
Www
X-Qloud-Router
Thinkindot-CacheControl-Type
X-No-Session
RNT-Machine
X-Trace-Id
X-Key
Release
RNT-Time
X-Thinkindot-L3
X-Matched-Rule
Server-ID
X-Layer
X-FW-Version
X-Flog
X-Worker
X-Var-Ttl
X-Cache-URL
X-Cache-Id
X-UnsetCookies
X-Reboot
X-Clientip
X-Rebelmouse-Cache-Control
X-Core-Value
X-Rebelmouse-Surrogate-Control
X-User
X-Platform
X-Dispatcher-Server
X-Release
X-Hl-Ver
X-V
X-Location
X-Auto-Login
X-We-Are-Hiring
X-VServer
X-Epic-Correlation-Id
X-Hello
X-Backend-State
X-ABtesting
Thinkindot-CacheControl
X-ServiceProvider
Decoy-Debug-Status
Decoy-Debug-TTL
X-Server-IP
GW-Server
Heartbleed
IsBot
X-Origin-Response-Time
X-S-Maxage
Country-Code
Countrycode
X-Owner
Decoy-Debug-Key
Fastly-SIE
Memcached
Frame-Options
Fastly-SWR
AKAMAI
X-SIPLIST1
Origin
X-Response-By
Pramga
X-Newrelic-Synthetics
X-CUA
Fastly-Backend-Name
X-Secret
X-Li-Pop
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Core-Mission
Esi-Enabled
X-VCT
X-Variation
Fastly-Soc-X-Request-Id
X-Crawler
X-Varnish-Action
X-Returned-From-PostProcessResponse
Apple-News-Services-Request-Url
X-Thanos
X-Powered-By-ANYU
X-Swa-Ws
X-Instance-Name
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Policy
X-Gen-Mode
X-Gannett-Site-Version
Apple-News-Services-Handled
X-Fastly-Cache
Cache-Cookie-Set-From
X-LI-Proto
X-Info
X-Device-Os
X-Developers
X-Passed-To-DLL
X-Distributor
X-SVT-ORM-VERSION
X-LI-UUID
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-RCS-CacheZone
X-Up
X-Served-From
Kp-EeAlive
Magicmarker
Adler-Geo
X-Returned-From
True-Client-Country-4JS
X-Nginx-Cache-Key
X-Phone
X-Li-Fabric
User-Cache-Control
Uber-Trace-Id
MI-Cache
X-Request-UUID
X-Node-Id
Request-EU
Request-Country
Pragrma
X-Hnp-Log
Platform
Server-Int
MI-Cache-Age
Section-Io-Cache
On-Server
X-MServer
Web-Mar-Node
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-WebServer
X-Passed-To
X-Returned-From-DLL
X-Sentry-ID
X-Cache-Debug
X-SVT-ORM-RULES
X-Block-Status
X-Bip
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-MI-In-Market
X-Stale
WZWS-RAY
Is-Eu
X-Passed-To-PostProcessResponse
X-Sf
X-P-T
X-Actual-URL
X-Via-NSCOPI
X-Cache-Expires
Version
X-Datadome
X-NC
X-Varnish-Beresp-Ttl
X-SN
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-Oss-Storage-Class
X-TT-LOGID
X-Fstrz
Backend-Name
X-Oss-Server-Time
X-Oss-Object-Type
X-Cache-CFC
REQUESTUUID
Proxy-Connection
X-Oss-Hash-Crc64ecma
X-CDN-Forward
X-Cache-FS-Status
X-Page-Type
X-MSEdge-Flight
X-Refresh
MI-API
X-MSEdge-Features
X-DC
X-NODE
HTTPS
Amp-Access-Control-Allow-Source-Origin
X-Backend-TTL
CDCHOST
RequestId
X-HOST
Pagetype
X-Be
X-Cache-Srv
Group
V-Cache
X-Req
X-Unique-Id-Primal
X-Kong-Proxy-Latency
X-Pjax-Url
X-Kong-Upstream-Latency
X-Servername
NodeID
X-Parent-Response-Time
X-Ms-Lease-State
Cteonnt-Length
MIME-Version
X-Origin-TTL
Fusion-Source
Who
X-GZip
X-Oracle-Dms-Ecid
ProcessTime
Fusion-Content-Source
Fusion-Component-Id
Memory
Fusion-Content-Id
Fusion-Template-Id
Cdn
Mime-Version
X-BB-IP
X-Time
Cdn-Host
X-Aicache-OS
Cdn-Request-Time
X-Ckpd-Fst-Backend
X-Edge-Server
SS
X-Protected-By
X-Servedbyhost
X-ND-Cache
X-Server-Group
CF-IPCountry
PageType
X-Varnish-Beresp-TTL
X-Content-Age
X-COUNTRY
SD-X-WS
GeoIP-Country-Code
X-Wa
X-APP
CDN
X-SRV
GeoIP-Latitude
A
Is-Session-Tracking
X-Origin-Date
X-Ratelimit-Remaining
X-Varnish-Url
X-Origin-Expires
Get-Access-Time
X-Unique-Id
XServer
X-Pf-Uncompressing
X-B3-Traceid
X-WA
X-Origin-Host
X-RateLimit-Remaining-Second
Geoip-Latitude
X-RateLimit-Limit-Second
X-Generation-Time
Serverid
GeoIp-Country-Code
PICS-Label
X-CSRF-Token
VIX-Pulpo-Upstream-Status
X-Fastly-Country-Code
VIX-Pulpo-Node
X-Fastly-Cache-Hits
X-Cache-Info
X-Requestid
X-Gdpr
X-FireWall-Port
X-StackifyID
Processtime
Node
Cf-Ipcountry
X-PHP-Host
X-Nananana
X-GEO
Nel
X-Load-Cache
X-CS
X-ServedByHost
X-Proxy-Cache-Status
X-ID
X-Proxy-Upstream
X-EC-Security-Audit
X-Vcache
X-Check-Cacheable
Vix-Hermes-Req-Id
X-RequestId
X-HS-Status
X-SERVER-NAME
DataCenter
Cache-Tv-Group
WP-Super-Cache
T-Server
X-Surge-Debug
NGX
URI
X-Server-W
X-FORWARDED-FOR
Hostname
X-NGINX-Cache
X-M-Reqid
X-Qnm-Cache
X-Planisys-CDN-TTL
X-M-Log
X-WR-MODIFICATION
X-BACKEND-TTL
X-Feature
X-GZIP
X-UPSTREAM-Address
X-HTML-Minification-Powered-By
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-VG-WebCache
Request-Time
X-HTML-Edge-Cache
Cache-Provider
X-PF-Uncompressing
X-B3-SpanId
Load-Balancing
Host-ID
X-Amz-Meta-S3b-Last-Modified
ServerName
X-ServerName
X-Fastly-Backend-Reqs
X-DataStream-MidMile-RTT
X-Alicdn-Da-Ups-Status
X-DataStream-Origin-MEX-Latency
X-BE
X-Fe
PFcat
X-Micro-Cache
X-Atg-Version
Https
X-ARC
X-Debug-Cache-Store
X-IPS-LoggedIn
X-Debug-Cache-Fetch
Requestid
RequestUuid
X-PJAX-URL
X-Debug-Cache-Expiry
X-Front
X-Skip-Cache
X-Akamai-SSL-Client-Sid
X-GDPR
X-VarnPar1
X-VarnCache
X-Svr
X-PARISIEN-Cache-Rendered
X-Distil-Cs
X-VC
X-PAGE-TYPE
X-SB
WebServer
X-Proxy-Server
X-Cache-Ttl
N-Cache
X-From-Cache
Build-Number
X-Instart-Info
X-Swift-Error
X-Grace-Duration
Cdn-Src-Port
X-RAMCache
X-Dw-Trace-Id
SID
X-Gen-Id