Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-CDN
X-Buckets
P3p
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
Keep-Alive
WPE-Backend
X-Pass-Why
CF-Ray
X-Cache-Group
X-AH-Environment
Xkey
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Kinja-Server-Push
X-Server-Powered-By
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Response-Time
Surrogate-Control
X-Host
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Node
Server-Timing
X-Backend-Server
X-Readtime
Report-To
X-Rack-Cache
X-Server-Id
Request-Id
EagleEye-TraceId
X-Application-Context
Feature-Policy
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Clacks-Overhead
Edge-Control
NEL
Rating
X-Country
X-TTL
X-Server-Name
X-DynaTrace
X-Varnish-TTL
X-MS-InvokeApp
X-Url
X-DataDome
Allow
X-Px
X-Country-Code
X-Origin-Cache
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-Vhost
X-Vname
X-PC
X-TtlSet
X-Cached
X-FTR-Request-ID
X-Server-ID
X-ESI
RTSS
X-Ruxit-JS-Agent
SPRequestGuid
X-Trace
X-Goog-Hash
X-VARITI-CCR
Charset
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH
X-T
X-DynaTrace-JS-Agent
X-GitHub-Request-Id
X-Dispatcher
X-B3-TraceId
Public-Key-Pins
X-Powered-CMS
X-D2id
X-Mod-Pagespeed
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-F-Cache
X-Exp-Variant
X-GoogleNews-Bot
Verso
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
Content-MD5
X-ORACLE-DMS-RID
X-Version
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
MS-Author-Via
X-Recruiting
X-Abt-Application-Version
X-Forwarded-Proto
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-Client-IP
X-HW
X-Oracle-Dms-Rid
X-DIS-Request-ID
X-N
X-Navigation-Version
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
AR-PoweredBy
AR-CACHE
AR-ATIME
X-B
X-Amz-Rid
DynaTrace
X-Origin-Upstream-Status
X-Upstream
X-Fastly-Request-ID
X-Ser
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Meta-S3cmd-Attrs
X-Hits
Realpath
TCN
Fastly-Restarts
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-XRDS-Location
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Paypal-Debug-Id
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Pad
X-Goog-Storage-Class
S
Tracecode
Access-Control-Request-Method
X-Use-Magma
X-Content-Digest
X-Id
X-Debug
X-Varnish-Age
X-Vcap-Request-Id
Edge-Cache-Tag
X-Oneagent-Js-Injection
Front-End-Https
X-MSEdge-Ref
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-ATG-Version
X-Frontend
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-IPLB-Instance
X-FTR-Backend-Server
X-PressLabs-Stats
X-FTR-Expires
X-RateLimit-Remaining
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-Logged-In
X-B3-TraceId-Primal
X-HS-Hub-Id
X-HS-Content-Id
Rt-Fastcgi-Cache
Surrogate-Key
X-Forwarded-For
X-Request-Received
X-Cache-Hit
X-Request-Processing-Time
Fastcgi-Cache
X-Amz-Cf-Pop
X-FastCGI-Cache
X-Middleton-Display
X-Sol
X-Zen-Fury
Display
X-Edge-Location
X-Analytics
Backend-Timing
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Rid
X-Debug-Info
X-Amzn-Trace-Id
Host
X-User-Agent
X-HS-Cache-Config
Server-Name
X-FTR-Cache-Host
X-Revision
TP-Cache
FilterID
TP-L2-Cache
X-Akam-SW-Version
Ar-Sid
X-CF-Powered-By
AR-Request-ID
Response
X-Middleton-Response
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-Cache-Key
X-SS-Set-Cookie
X-Magnolia-Registration
X-Mobile
X-SERVER
X-Newrelic-App-Data
X-Fastcgi-Cache
Refresh
X-NewRelic-App-Data
Cache-Status
X-Cached-By
X-VCache
X-Accel-Expires
X-GUploader-UploadID
X-Grace
X-B3-Sampled
Host-Header
X-NWS-LOG-UUID
X-AOL-HN
ServerID
X-Webkit-CSP
X-Node-Name
X-Varnish-Backend
Eomportal-Instance
X-Whom
X-Tumblr-User
X-Tumblr-Pixel-0
X-FB-Debug
X-Content-Security-Policy-Report-Only
X-B-Cache
X-Device-Type
X-Instance
X-Signature
X-Tumblr-Pixel
X-Cache-2
X-Via-JSL
X-Webkit-Csp
X-Platform-Server
X-Cache-Control
X-Cluster
X-Drupal-Cache-Contexts
X-Page-Id
X-Generated-By
X-Ruxit-Js-Agent
X-LB-Cache
X-Framework
Cleartype
X-Varnish-Hostname
X-Akamai-Edgescape
X-BCube-Filmed-By
X-URL
X-Request-Guid
X-Srv
X-Handled-By
X-App-Environment
X-Cache-Action
X-Cache-Rule
X-App-Server
X-Activity-Id
X-AppVersion
Cache-Tag
X-Az
DC
Alternate-Protocol
X-Ttl
Source
Liferay-Portal
X-Content-Powered-By
X-Cache-Server
X-Hostname
Retry-After
X-HS-Combine-CSS
X-WPE-Loopback-Upstream-Addr
X-WA-Info
X-Varnish-Grace
X-App-Version
X-Daa-Tunnel
MS-CV
X-Geo-Country
HostName
X-Varnish-Server
X-Correlation-Id
X-Esi
Public-Key-Pins-Report-Only
Server-Node
X-Amz-Replication-Status
X-Wix-Request-Id
X-Seen-By
X-TT
ViewerVersion
AR-SID
Pagespeed
Webserver
X-Tumblr-Pixel-1
X-Cache-NE
X-Response-Served-From
X-Tumblr-Pixel-2
Accept-Charset
X-Amzn-RequestId
X-GeoIP
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
SRV
Actual-Object-TTL
X-WebKit-CSP-Report-Only
X-RequestSource
GEO-INFO
X-Locale
AsisCache
ServedBy
X-Varnish-Hits
X-Jobs
X-FW-Serve
X-FW-Hash
X-Contextid
X-Servedby
X-FW-Server
X-FW-Static
X-FW-Type
X-S
Payment
X-UUID
X-Edge-Cache
Viewport
X-Edge-Cache-Key
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-TX-ID
X-Status
X-Varnish-IP
X-Adobe-Content
X-Adobe-Loc
X-XRDS-LOCATION
X-Cacheable-TTL
X-TT-TIMESTAMP
X-Origin-Server
S-Cnection
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Hyper-Cache
X-Correlation-ID
Cache
X-Cache-Age
X-Cache-Operation
X-Amz-Server-Side-Encryption
Server-Info
X-Forwarded-Host
X-Real-IP
Datacenter
X-RateLimit-Limit
X-GRACE
Served-By
X-Geo-Segment
X-Akamai-Request-ID2
X-Region
Access-Control-Allow-Method
X-DataStream-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Mode
Healthy
X-Content-Type
X-Sucuri-ID
CACHE
X-Akamai-Transformed
Fastcgi-X-Cache
X-Path-Route
X-RN-RSRV
X-JoinUs
X-Ezoic-Cdn
Fastcgi-Useragent
Machine
X-Upgrade-Enabled
X-Is-Bot
X-Detected-As
Fastcgi-X-Cache-Version
X-Proxy
X-Site-Version
Meta-Geo
X-Cache-Var-Map
X-Cache-Config
X-Generated
X-Rendered-As
X-Cache-Var
X-Ocache
X-Zipkin-Id
X-Proxied
From-Origin
X-NGENIX-Cache
X-Birta-Cache-Post
X-Agile-Age
X-Human
Now
X-Birta-Served
X-Request-Time
X-Agile-Id
X-TNCMS
X-Access
Country
X-Routing-Service
X-Rule
L5d-Success-Class
X-Section
X-Format
X-L-Path
X-Agile
X-CDN-Cache
X-Loop
X-Environment-Context
X-PCL
Property-Id
X-Cache-Category-Id
X-Pc-Appver
X-Pc-Key
X-Pc-Hit
X-Origin-Hint
DB-Nickname
OT-Force-Account-Verify
Cache-Name
X-OCL
S-Rt
X-Amz-Meta-Surrogate-Control
Webcakes-Region
X-Tb
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
X-Grey
X-Labrador-Cache-Channel
X-Via-Fastly
X-Viewer-Country
X-FC-Vary-Parameters
X-Hit
X-Hosted-By
X-ServerID
TWC-Privacy
Origin-Cache-Control
X-CCM
TWC-Connection-Speed
TWC-Device-Class
Xserver
Origin-Edge-Control
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Xfnlog-Site
X-Origin
HitType
X-Original-Request
X-Web-Node
X-Pubstack
X-Cdn
X-VG-TLSProxy
HitInfo
X-BYPASS-REASON
Accept-Language
NGB
X-RemovedCookies
X-ProcessESI
X-ProxyCache-Status
X-EIG-Tracking-Id
X-ProxyCache-Key
X-Upstream-HT
X-IP
X-Upstream-CT
X-OVcl
X-OVcl-Cache
Selected-FE
Mn-Server-Ip
X-ShopId
X-Shopify-Stage
X-Microcachable
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Www-Served-By
X-Via-CDN
X-Timing-Wait
LB
X-Geo
X-Proxy-Build
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Filters
X-App-Name
X-Cluster-Node
X-UA-Device-Type
X-TWH-CORRELATION-ID
X-Cache-Remote
X-Connection-Hash
X-RTag
Ms-Operation-Id
X-Transaction
X-Twitter-Response-Tags
X-NCache
X-Internal-Host
X-UA
X-Tumblr-Pixel-3
X-Rocket-Nginx-Bypass
Time
X-PHP-Backend
X-Guploader-Uploadid
X-CACHE-KEY
X-Cache-TTL
Access-Control-Request-Headers
X-Pc-Date
X-Pc-Host
X-Cache-Enabled
IBM-Web2-Location
X-Nginx-Cache
X-TIME
X-SplitTest
X-AWS-Id
X-LJ-Flow-ID
X-Unique-ID
X-NodeID
X-VWS-Id
X-Origin-CC
X-Proto
Content-Style-Type
Cache-Hits
Content-Script-Type
We-Hiring
Mail-Subject
X-Cdn-Forward
NtCoent-Length
X-Vgn-Hpd-Reason
X-Storage
X-Real-Ip
X-Time-Microsecs
X-MP-GENERATED-AT
X-Port
X-Source
X-Akamai-Request-ID
Cache-Tags
X-Varnish-Cacheable
X-APP-VERSION
X-Backend-Name
X-Webstats-RespID
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Debug-Cache
X-Ms-Request-Id
X-Edge-IP
X-Ms-Version
X-Csrf-Token
Backend
X-Distil-CS
X-CACHE-GROUP
Locale
X-Urbn-Context-Path
X-Endurance-Cache-Level
X-Origin-Response-Time
X-Urbn-Site-Id
X-Ua
X-Redis-Cache
Warning
X-Varnish-Beresp-Grace
X-B3-Spanid
X-Varnish-Beresp-Status
X-Croise-Owner
X-Ratelimit-Limit
User-Agent
X-Nc
X-Dc
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
X-CACHE-AGE
HA-Geolat
HA-Geolon
X-Application
Arc-Country
HA-Geocountry
Country-Code
HA-Georegion
Content-Disposition
Fastly-SWR
Fastly-SIE
X-B-Cookie
Fly-Cache
Fly-Request-Id
HA-Geocity
HA-Cloudapp
GMS-Ver
Cache-Prefix
BehaviorPad-Version
Rendered-Blocks
X-A-Ccd
X-BB-ID
X-A
VivaBuild
Viewtype
X-A-Dam
X-A-Dcw
X-Amz-Meta-Cache-Control
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
V-Age
TSSecure
HA-Servedtime
HA-Urlpath
HA-Ipaddr
Ajk
HA-Host
MD5-Digest
Meta-Geo-Continent
Rt-Proxy-Cache
Server-Host
Resin-Trace
Powered-By
Mobile-Detection-Method
Ha-Gx-Prefs
X-External-Request-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Region-Sid
X-CDN-Forward
X-We-Are-Hiring
Xc-Version
X-PAYTM-SRV-ID
X-Org
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Irp-Debug
X-Logtrace-Id
X-NX-Host
X-NU-AKA-ACS-Version
X-Via-SSL
X-Via-Edge
X-Sn-Servicetimems
PageSpeed
X-Server-Time
X-Server-By
X-S-Cookie
X-ScT
X-Rojux
X-Rewrite-Enabled
X-UE-Client-Country
X-VG-WebServer
X-Trv-Group
Ec-Rule-Version
X-SRCache-Key
X-Store
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Date
X-D
X-Debug-Cookies
X-Debug-Log
X-Developer
X-Destination
X-CGP
X-CF-Lambda-Version
X-Cache-Host
X-BBXSRF
X-Cache-URL
X-Varnish-Cache-Hits
X-CF-Lambda-Fn
X-Cdn-Origin
X-C
X-Died
X-Varnish-Beresp-Ttl
X-Hash
X-IN-APIGATEWAY
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-GeoIP-Country-Code
X-Generated-In
X-ElasticPress-Search
X-DPWN-IS-SECURE
X-Eu-Site
X-Fetched-On
X-G
X-From
X-Cache-Backend
Fastly-SSL
Pagetype
X-Mrs-Age
Version
X-Mrs-Cache
X-Mrs-Cache-Hits
Cache-Key
X-Mshield-Cache-Status
X-Dynatrace-Js-Agent
X-SIPLIST1
Thinkindot-CacheControl-Type
UCS
X-Flog
Thinkindot-Control
Uber-Trace-Id
X-Thinkindot-L3
RNT-Machine
RNT-Time
X-User
X-V
X-Var-Ttl
Server-ID
X-UnsetCookies
X-ServiceProvider
X-Trace-Id
SN
X-Clientip
Thinkindot-CacheControl
X-PERF
X-Matched-Rule
X-Platform
X-Qloud-Router
X-Backend-Url
X-Backend-State
X-Cache-Id
X-Cache-Bucket
X-Cache-FS-Status
X-MServer
Decoy-Debug-TTL
X-No-Session
X-Backend-Host
X-Auto-Login
X-Response-By
X-S-Maxage
X-Location
X-Core-Value
X-ABtesting
X-Request-URI
X-Parent-Response-Time
X-Reboot
X-Release
X-Request-Start
Www
X-Variation
X-FW-Version
X-Dispatcher-Server
Adler-Geo
AKAMAI
X-Hello
Heartbleed
IsBot
Is-Eu
X-Hl-Ver
Apple-News-Services-Handled
Apple-News-Services-Host
GW-Server
X-GeoIP-City
FSS-Cache
FSS-Proxy
X-ApacheServer
Frame-Options
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Backend-Name
X-Epic-Correlation-Id
X-Developers
Section-Io-Cache
Platform
Origin
X-Key
X-F5-Cache
X-VServer
Decoy-Debug-Status
Release
X-Via-NSCOPI
Countrycode
X-Wikidot-Backend
X-Wikidot-Static-Cache
Fastly-Soc-X-Request-Id
X-Powered-By-ANYU
WZWS-RAY
X-Info
User-Cache-Control
Decoy-Debug-Key
X-Datadome
X-Time
X-NC
X-Gannett-Site-Version
X-LI-Proto
X-Li-Pop
X-Instance-Name
X-Li-Fabric
X-Layer
X-Hnp-Log
X-MI-In-Market
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-LI-UUID
X-Newrelic-Synthetics
X-Thanos
X-Passed-To-PostProcessResponse
X-Returned-From
X-Returned-From-BeforeDispatch
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Node-Id
X-Passed-To
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
V-Cache
X-Request-UUID
Group
X-SVT-ORM-VERSION
X-Stale
X-SVT-ORM-RULES
X-Actual-URL
On-Server
X-Served-From
X-Server-IP
X-Sf
X-Sentry-ID
X-Secret
X-Policy
X-RCS-CacheZone
X-Swa-Ws
X-TT-LOGID
X-Worker
Fastly-Backend-Name
X-WebServer
X-VCT
X-Up
X-Varnish-Action
X-P-T
X-Nginx-Cache-Key
Web-Mar-Node
X-Bip
True-Client-Country-4JS
Server-Int
Request-EU
X-Block-Status
X-Cache-Debug
X-Core-Mission
X-Sucuri-Cache
X-Unique-Id-Primal
X-Cache-Expires
Request-Country
Pramga
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Esi-Enabled
Kp-EeAlive
Magicmarker
Odigeo-Trace-Id
MI-Cache-Age
MI-Cache
Memcached
X-Crawler
Pragrma
X-Fastly-Cache
X-Device-Os
X-CUA
X-Distributor
X-MSEdge-Flight
X-MSEdge-Features
X-HOST
CDCHOST
X-Phone
X-NODE
X-Cache-CFC
Proxy-Connection
X-Refresh
X-DC
X-Fstrz
REQUESTUUID
Who
MI-API
X-Page-Type
RequestId
X-Owner
X-Servername
Fusion-Source
Cteonnt-Length
X-Pjax-Url
X-Be
Fusion-Content-Source
Fusion-Content-Id
HTTPS
X-Req
Fusion-Template-Id
Fusion-Component-Id
MIME-Version
X-SN
X-Backend-TTL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Oracle-Dms-Ecid
X-Cache-Srv
NodeID
X-Ms-Lease-State
X-GZip
X-Origin-TTL
Cdn-Host
X-Edge-Server
Cdn-Request-Time
Cdn
Memory
X-Server-Group
ProcessTime
Mime-Version
Amp-Access-Control-Allow-Source-Origin
X-Servedbyhost
SD-X-WS
X-Content-Age
X-Protected-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Wa
SS
CF-IPCountry
A
X-COUNTRY
X-Aicache-OS
X-Ckpd-Fst-Backend
X-Origin-Date
X-Origin-Host
X-Origin-Expires
GeoIP-Country-Code
X-BB-IP
X-ND-Cache
CDN
X-SRV
GeoIP-Latitude
X-Varnish-Beresp-TTL
Get-Access-Time
Is-Session-Tracking
X-StackifyID
XServer
X-Fastly-Country-Code
X-B3-Traceid
X-Pf-Uncompressing
X-APP
PageType
Processtime
Node
Serverid
X-PHP-Host
X-Unique-Id
Geoip-Latitude
GeoIp-Country-Code
Cache-Tv-Group
Vix-Hermes-Req-Id
X-Proxy-Cache-Status
X-Varnish-Url
X-Requestid
X-Proxy-Upstream
PICS-Label
X-Ratelimit-Remaining
X-CSRF-Token
X-Gdpr
X-WA
X-Cache-Info
X-Nananana
Nel
X-BACKEND-TTL
X-ID
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Cf-Ipcountry
X-Fastly-Cache-Hits
X-Generation-Time
Cache-Provider
X-RequestId
X-Planisys-CDN-Rules
X-ServedByHost
X-SERVER-NAME
X-Load-Cache
X-Planisys-CDN-TTL
DataCenter
X-Planisys-CDN-Cache
X-FireWall-Port
X-UPSTREAM-Address
Request-Time
X-Check-Cacheable
URI
X-HS-Status
X-GZIP
WP-Super-Cache
Hostname
X-FORWARDED-FOR
X-EC-Security-Audit
X-CS
PFcat
X-Front
X-Fastly-Backend-Reqs
Host-ID
X-NGINX-Cache
X-Server-W
X-Micro-Cache
X-Debug-Cache-Fetch
X-WR-MODIFICATION
X-GDPR
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-FB-TRIP-ID
X-B3-SpanId
X-PARISIEN-Cache-Rendered
X-HTML-Edge-Cache
X-VarnPar1
X-Svr
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-VarnCache
X-Fe
X-BE
X-VG-WebCache
T-Server
NGX
X-Surge-Debug
X-Swift-Error
Ohc-File-Size
X-Atg-Version
X-GEO
Ohc-Response-Time
Lfy
X-PJAX-URL
X-HTML-Minification-Powered-By
Pics-Label
X-Cdn-Srv
X-Level-Front-Cache
X-Instart-Info
X-Generated-On
ServerName
X-IPS-LoggedIn
RequestUuid
Requestid
Https
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
X-PAGE-TYPE
N-Cache
X-VarnPar2
X-RAMCache
X-Cache-Ttl
X-Distil-Cs
X-ServerName
WebServer
X-PF-Uncompressing
X-From-Cache
X-M-Reqid
X-Qnm-Cache
X-M-Log
X-Gen-Id
X-Serial
NnCoection
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-SB
X-Alicdn-Da-Ups-Status
Build-Number
SID
X-VC
Cdn-Src-Port
X-Dw-Trace-Id