Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
Keep-Alive
WPE-Backend
X-Pass-Why
CF-Ray
X-Cache-Group
X-AH-Environment
Xkey
P3p
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Kinja-Server-Push
X-Server-Powered-By
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Varnish-Cache
X-Robots-Tag
Ali-Swift-Global-Savetime
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-Page-Speed
X-Ua-Compatible
X-LiteSpeed-Cache
Request-Context
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Ac
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Response-Time
Surrogate-Control
X-Host
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Node
Server-Timing
X-Backend-Server
X-Readtime
Report-To
X-Rack-Cache
X-Server-Id
Request-Id
EagleEye-TraceId
X-Application-Context
Feature-Policy
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
Edge-Control
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
NEL
Rating
X-Country
X-Server-Name
X-TTL
X-DynaTrace
X-Varnish-TTL
X-MS-InvokeApp
X-Url
X-DataDome
Allow
X-Px
X-Country-Code
X-Origin-Cache
Pinterest-Generated-By
X-Vhost
X-PC
X-Vname
X-TtlSet
X-Cached
X-FTR-Request-ID
X-Ruxit-JS-Agent
X-Server-ID
X-ESI
RTSS
SPRequestGuid
X-Trace
X-Goog-Hash
X-VARITI-CCR
Charset
X-SharePointHealthScore
X-Powered-By-Plesk
X-GitHub-Request-Id
Accept-CH
X-DynaTrace-JS-Agent
X-T
X-Dispatcher
X-Powered-CMS
X-B3-TraceId
Public-Key-Pins
X-Mod-Pagespeed
X-D2id
PB-PID
Arc-Version
X-Mobile-Rewrite
PB-RID
X-F-Cache
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
Verso
Content-MD5
X-ORACLE-DMS-RID
SPIisLatency
SPRequestDuration
X-Version
X-Shield-Request-Id
MS-Author-Via
X-Dns-Prefetch-Control
X-Abt-Application-Version
X-Recruiting
Nginx-Cache
X-Forwarded-Proto
Accept-CH-Lifetime
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Client-IP
X-HW
X-Oracle-Dms-Rid
X-DIS-Request-ID
X-N
X-Navigation-Version
AR-CACHE
AR-PoweredBy
AR-ATIME
X-B
X-Amz-Rid
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Fastly-Request-ID
DynaTrace
X-Upstream
X-Origin-Upstream-Status
X-Ser
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Meta-S3cmd-Attrs
X-Hits
TCN
Fastly-Restarts
Realpath
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-XRDS-Location
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Paypal-Debug-Id
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Pad
S
X-Goog-Storage-Class
Tracecode
Access-Control-Request-Method
X-Use-Magma
X-Content-Digest
X-Litespeed-Cache
X-Varnish-Age
X-Debug
X-Id
Edge-Cache-Tag
X-Vcap-Request-Id
X-Oneagent-Js-Injection
Front-End-Https
X-MSEdge-Ref
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-ATG-Version
X-Frontend
X-IPLB-Instance
X-PressLabs-Stats
X-FTR-Realm
X-FTR-Cache-Status
X-Kinsta-Cache
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-RateLimit-Remaining
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
MicrosoftSharePointTeamServices
X-Logged-In
X-B3-TraceId-Primal
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
Rt-Fastcgi-Cache
X-Cache-Hit
X-Request-Received
X-Forwarded-For
X-Request-Processing-Time
Fastcgi-Cache
X-Amz-Cf-Pop
Display
X-Middleton-Display
X-Sol
X-Zen-Fury
X-Edge-Location
X-Analytics
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
Powered-By-ChinaCache
X-Debug-Info
X-HS-Cache-Config
X-Amzn-Trace-Id
Server-Name
X-User-Agent
X-Revision
X-Rid
Host
X-FastCGI-Cache
TP-Cache
TP-L2-Cache
FilterID
X-FTR-Cache-Host
X-Fastcgi-Cache
Ar-Sid
X-Akam-SW-Version
X-CF-Powered-By
Response
X-Middleton-Response
AR-Request-ID
X-TA-CDN-Provider
X-Drupal-Cache-Tags
X-Cache-Key
X-Magnolia-Registration
X-SS-Set-Cookie
X-Mobile
X-Newrelic-App-Data
X-SERVER
X-NewRelic-App-Data
Refresh
Cache-Status
X-VCache
X-B3-Sampled
X-Grace
X-Cached-By
X-Accel-Expires
X-GUploader-UploadID
Host-Header
X-NWS-LOG-UUID
X-AOL-HN
X-Webkit-CSP
X-Varnish-Backend
X-Node-Name
ServerID
Eomportal-Instance
X-Whom
X-Content-Security-Policy-Report-Only
X-Cluster
X-Cache-2
X-FB-Debug
X-Device-Type
X-B-Cache
X-Via-JSL
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Signature
X-Webkit-Csp
X-Platform-Server
X-Akamai-Edgescape
X-Drupal-Cache-Contexts
X-Framework
X-Cache-Control
X-Generated-By
X-Page-Id
X-BCube-Filmed-By
X-Varnish-Hostname
X-LB-Cache
X-Ruxit-Js-Agent
X-Handled-By
X-App-Environment
Cleartype
X-Request-Guid
X-URL
X-Cache-Action
X-Cache-Rule
X-Srv
X-App-Server
X-AppVersion
Cache-Tag
X-Activity-Id
X-Az
Alternate-Protocol
X-Ttl
Liferay-Portal
Source
X-Content-Powered-By
Retry-After
DC
X-Cache-Server
X-Hostname
X-HS-Combine-CSS
X-WPE-Loopback-Upstream-Addr
X-WA-Info
X-Varnish-Grace
X-App-Version
MS-CV
X-Daa-Tunnel
HostName
X-Geo-Country
X-Varnish-Server
X-Correlation-Id
X-Esi
X-Amz-Replication-Status
Server-Node
Public-Key-Pins-Report-Only
X-TT
X-Wix-Request-Id
X-Seen-By
ViewerVersion
AR-SID
Webserver
Accept-Charset
X-Cache-NE
Pagespeed
X-Response-Served-From
AsisCache
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Amzn-RequestId
SRV
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-GeoIP
X-Locale
GEO-INFO
X-RequestSource
X-Varnish-Hits
X-Jobs
ServedBy
Payment
X-Edge-Cache-Key
X-Edge-Cache
X-S
Viewport
X-Servedby
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Contextid
X-Status
X-TX-ID
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Serve
X-Varnish-IP
X-Adobe-Loc
X-Cacheable-TTL
X-XRDS-LOCATION
X-Adobe-Content
X-TT-TIMESTAMP
X-Origin-Server
S-Cnection
X-Cache-TTL-Remaining
X-Vg-Webcache
X-Hyper-Cache
X-Correlation-ID
Cache
X-Cache-Age
X-Cache-Operation
X-Amz-Server-Side-Encryption
X-Forwarded-Host
Server-Info
X-Real-IP
Datacenter
X-GRACE
X-RateLimit-Limit
Served-By
X-Geo-Segment
X-Akamai-Request-ID2
X-Region
Access-Control-Allow-Method
X-DataStream-Cache-Status
X-Mode
X-CLOUD-TRACE-CONTEXT
Healthy
X-Content-Type
X-Sucuri-ID
CACHE
X-Ezoic-Cdn
X-Akamai-Transformed
X-Rendered-As
X-Ocache
X-Generated
Meta-Geo
X-Proxied
X-Site-Version
X-Path-Route
X-JoinUs
X-L-Path
X-Is-Bot
X-Routing-Service
X-Cache-Config
X-Rule
X-Zipkin-Id
Machine
X-Cache-Var
Fastcgi-Useragent
X-Cache-Var-Map
X-Detected-As
X-RN-RSRV
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Upgrade-Enabled
X-Environment-Context
Country
X-Loop
X-Section
DB-Nickname
X-Viewer-Country
Now
X-NGENIX-Cache
L5d-Success-Class
X-TNCMS
X-Request-Time
From-Origin
X-Amz-Meta-Surrogate-Control
X-CDN-Cache
X-Agile
X-Hosted-By
X-Birta-Served
X-Human
X-Proxy
X-Agile-Age
X-Birta-Cache-Post
X-Agile-Id
X-Access
X-Format
Cache-Name
X-Origin-Hint
X-Cache-Category-Id
X-OCL
X-Pc-Hit
X-CCM
X-Pc-Appver
X-Grey
X-ServerID
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
Webcakes-App-Name
S-Rt
Webcakes-Region
X-Hit
OT-Force-Account-Verify
Webcakes-App-Version
Property-Id
X-Tb
TWC-GeoIP-Country
X-Pc-Key
X-FC-Vary-Parameters
Origin-Cache-Control
X-PCL
Xserver
X-Geo
Origin-Edge-Control
HitInfo
X-Pubstack
X-Cdn
X-Via-Fastly
X-VG-TLSProxy
HitType
X-IP
X-ProcessESI
X-ProxyCache-Key
Accept-Language
X-Original-Request
X-Upstream-HT
X-Web-Node
X-Xfnlog-Site
X-EIG-Tracking-Id
X-Upstream-CT
X-RemovedCookies
X-Origin
X-OVcl
X-BYPASS-REASON
NGB
Azure-RegionName
Azure-InstanceId
X-OVcl-Cache
X-ProxyCache-Status
Azure-SlotName
Azure-Version
Azure-SiteName
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
Selected-FE
X-Proxy-Build
X-Timing-Wait
X-ShopId
X-Microcachable
X-ShardId
LB
X-Via-CDN
X-Www-Served-By
X-Shopify-Stage
Mn-Server-Ip
Filters
X-Cluster-Node
X-App-Name
X-TWH-CORRELATION-ID
X-UA-Device-Type
X-Cache-Remote
X-Twitter-Response-Tags
X-Connection-Hash
Ms-Operation-Id
X-Rocket-Nginx-Bypass
X-RTag
X-Transaction
X-Internal-Host
X-Cache-Enabled
X-NCache
X-UA
Time
X-PHP-Backend
X-Tumblr-Pixel-3
IBM-Web2-Location
Access-Control-Request-Headers
X-Pc-Date
X-Cache-TTL
X-Pc-Host
X-Guploader-Uploadid
X-CACHE-KEY
X-TIME
X-LJ-Flow-ID
X-SplitTest
X-AWS-Id
X-Nginx-Cache
X-Origin-CC
X-NodeID
X-Unique-ID
X-VWS-Id
X-Proto
Content-Style-Type
Content-Script-Type
Cache-Hits
X-Cdn-Forward
We-Hiring
Mail-Subject
X-Storage
X-Vgn-Hpd-Reason
NtCoent-Length
X-Time-Microsecs
X-MP-GENERATED-AT
X-Real-Ip
X-Port
X-Edge-IP
X-Source
Backend
X-Webstats-RespID
X-Akamai-Request-ID
Cache-Tags
X-Backend-Name
X-APP-VERSION
X-Ms-Blob-Type
X-Varnish-Cacheable
X-Debug-Cache
X-Ms-Version
X-Ms-Lease-Status
X-Ms-Request-Id
X-Distil-CS
X-Csrf-Token
X-Endurance-Cache-Level
X-CACHE-GROUP
X-Urbn-Site-Id
X-Origin-Response-Time
X-Urbn-Context-Path
Locale
X-Redis-Cache
X-Ua
PageSpeed
X-Ratelimit-Limit
Warning
X-Varnish-Beresp-Status
X-Croise-Owner
X-Varnish-Beresp-Grace
X-EdgeConnect-Cache-Status
User-Agent
X-B3-Spanid
X-Nc
X-NWS-UUID-VERIFY
X-CACHE-AGE
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
Xc-Version
X-A
VivaBuild
TSSecure
Server-Host
UCS
V-Age
Viewtype
X-We-Are-Hiring
X-Accel-Expires-Debug
X-Store
X-Trv-Group
X-B-Cookie
X-SRCache-Key
X-Sn-Servicetimems
X-UE-Client-Country
X-VG-WebServer
X-Via-SSL
X-Aed
X-Amz-Meta-Cache-Control
X-Via-Edge
X-Application
Rt-Proxy-Cache
Resin-Trace
HA-Geocity
Content-Disposition
HA-Geocountry
Cache-Prefix
HA-Geolon
HA-Geolat
Country-Code
HA-Cloudapp
Ec-Rule-Version
Fastly-SWR
Fly-Cache
Fly-Request-Id
GMS-Ver
HA-Georegion
BehaviorPad-Version
Meta-Geo-Continent
Ajk
Mobile-Detection-Method
Powered-By
Rendered-Blocks
MD5-Digest
HA-Urlpath
Arc-Country
Ha-Gx-Prefs
HA-Host
HA-Ipaddr
HA-Servedtime
X-BB-ID
X-Server-Time
X-G
X-Generated-In
X-From
X-Fetched-On
X-External-Request-Id
X-F5-Cache
X-GeoIP-Country-Code
X-Varnish-Cache-Hits
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Hash
X-Varnish-Beresp-Ttl
X-Eu-Site
X-ElasticPress-Search
X-Debug-Cookies
X-Debug-Log
X-Date
X-D
X-PERF
X-Destination
X-Developer
X-ApacheServer
X-CF-Lambda-Version
X-DPWN-IS-SECURE
X-C
X-Died
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-CDN-Forward
X-Cache-Bucket
X-Cache-Host
X-Region-Sid
X-Cache-Backend
Fastly-SIE
X-Rewrite-Enabled
X-ScT
X-Server-By
X-S-Cookie
X-Rojux
X-BBXSRF
X-Cache-URL
X-Rebelmouse-Surrogate-Control
X-Irp-Debug
X-Logtrace-Id
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-NU-AKA-ACS-Version
X-NX-Host
X-Cdn-Origin
X-Rebelmouse-Cache-Control
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-Org
X-CGP
Fastly-SSL
X-Dc
X-Mrs-Cache-Hits
Version
Pagetype
Cache-Key
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache
X-Developers
X-Dispatcher-Server
X-Flog
X-Info
X-Key
X-Hl-Ver
X-Hello
X-GeoIP-City
X-Epic-Correlation-Id
X-Clientip
Www
X-ABtesting
Uber-Trace-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Auto-Login
X-Backend-Host
X-Layer
X-Cache-Id
X-Backend-Url
X-Backend-State
X-Core-Value
X-Matched-Rule
X-UnsetCookies
X-User
X-Trace-Id
X-Thinkindot-L3
X-SIPLIST1
X-Dynatrace-Js-Agent
X-V
X-Var-Ttl
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Via-NSCOPI
X-Variation
X-ServiceProvider
X-S-Maxage
X-Platform
X-Qloud-Router
Fastly-Soc-X-Request-Id
X-No-Session
Thinkindot-CacheControl
X-MServer
X-Time
X-Parent-Response-Time
X-Request-URI
X-Response-By
X-Request-Start
X-Release
X-Reboot
X-Location
X-DC
Decoy-Debug-TTL
Origin
RNT-Time
Memcached
Countrycode
GW-Server
Decoy-Debug-Status
Frame-Options
WZWS-RAY
FSS-Cache
Decoy-Debug-Key
RNT-Machine
Apple-News-Services-Parsed-Url
AKAMAI
IsBot
Platform
Apple-News-Services-Host
X-Powered-By-ANYU
Release
Backend-Name
Apple-News-Services-Request-Url
SN
Server-ID
Apple-News-Services-Handled
User-Cache-Control
Adler-Geo
Is-Eu
Pramga
Heartbleed
Section-Io-Cache
FSS-Proxy
X-Datadome
X-NC
MI-Cache
X-RCS-CacheZone
X-Policy
X-Hnp-Log
MI-Cache-Age
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Request-UUID
X-Instance-Name
X-Newrelic-Synthetics
X-LI-UUID
X-MI-In-Market
Magicmarker
X-LI-Proto
X-Li-Pop
X-Phone
X-SVT-ORM-VERSION
X-P-T
Kp-EeAlive
X-Served-From
X-Node-Id
X-Passed-To
X-Passed-To-BeforeDispatch
X-Actual-URL
On-Server
X-Worker
Fastly-Backend-Name
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Stale
X-SVT-ORM-RULES
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From
X-Returned-From-BeforeDispatch
X-WebServer
X-VCT
X-Sentry-ID
X-Gannett-Site-Version
X-Secret
Group
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Server-IP
Cache-Cookie-Set-Lfrom
X-Up
X-Varnish-Action
X-TT-LOGID
X-Thanos
X-Sf
X-Swa-Ws
V-Cache
X-Li-Fabric
Pragrma
X-Fastly-Cache
True-Client-Country-4JS
X-Distributor
X-Device-Os
Request-EU
X-Block-Status
X-Bip
Odigeo-Trace-Id
Request-Country
X-Cache-Debug
X-CUA
X-Unique-Id-Primal
X-Cache-Expires
X-Sucuri-Cache
X-Cache-FS-Status
Web-Mar-Node
X-FW-Version
X-Crawler
Server-Int
X-Core-Mission
X-MSEdge-Features
X-Nginx-Cache-Key
X-HOST
Proxy-Connection
Who
X-Cache-CFC
CDCHOST
X-Refresh
X-MSEdge-Flight
MI-API
REQUESTUUID
X-Fstrz
Esi-Enabled
X-NODE
X-Page-Type
MIME-Version
X-Servername
X-Owner
RequestId
Cteonnt-Length
Fusion-Source
X-Req
HTTPS
X-Pjax-Url
X-Be
X-Kong-Upstream-Latency
Fusion-Component-Id
X-Kong-Proxy-Latency
Fusion-Template-Id
X-SN
Fusion-Content-Source
X-Backend-TTL
Fusion-Content-Id
X-Oracle-Dms-Ecid
X-Cache-Srv
Memory
NodeID
Cdn-Request-Time
X-Edge-Server
X-Ms-Lease-State
X-GZip
X-Origin-TTL
Cdn-Host
Cdn
X-Server-Group
ProcessTime
Amp-Access-Control-Allow-Source-Origin
X-Servedbyhost
SD-X-WS
X-Content-Age
VIX-Pulpo-Node
SS
X-Wa
VIX-Pulpo-Upstream-Status
CF-IPCountry
Mime-Version
X-Protected-By
A
X-COUNTRY
X-Aicache-OS
X-Origin-Host
GeoIP-Country-Code
X-BB-IP
X-Origin-Date
X-Origin-Expires
X-ND-Cache
X-Ckpd-Fst-Backend
GeoIP-Latitude
CDN
X-SRV
X-Varnish-Beresp-TTL
Get-Access-Time
Is-Session-Tracking
X-StackifyID
XServer
X-ID
X-Fastly-Country-Code
X-Pf-Uncompressing
PageType
X-APP
X-B3-Traceid
Processtime
GeoIp-Country-Code
Geoip-Latitude
Serverid
Node
X-PHP-Host
X-Unique-Id
Vix-Hermes-Req-Id
Cache-Tv-Group
X-Proxy-Upstream
X-Requestid
X-Proxy-Cache-Status
X-Cache-Info
PICS-Label
X-Varnish-Url
X-Ratelimit-Remaining
X-CSRF-Token
X-Gdpr
X-WA
X-Nananana
Nel
X-Load-Cache
Cf-Ipcountry
X-Generation-Time
X-BACKEND-TTL
X-Fastly-Cache-Hits
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-UPSTREAM-Address
Cache-Provider
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-RequestId
X-FireWall-Port
X-Planisys-CDN-Cache
X-SERVER-NAME
DataCenter
X-ServedByHost
X-Check-Cacheable
URI
Request-Time
WP-Super-Cache
X-HS-Status
X-GZIP
Hostname
X-FORWARDED-FOR
X-NGINX-Cache
PFcat
X-Micro-Cache
X-EC-Security-Audit
Host-ID
X-Server-W
X-CS
X-B3-SpanId
X-Front
X-Fastly-Backend-Reqs
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-WR-MODIFICATION
X-GDPR
X-Debug-Cache-Store
X-FB-TRIP-ID
T-Server
X-PARISIEN-Cache-Rendered
X-HTML-Edge-Cache
X-VG-WebCache
X-VarnCache
X-VarnPar1
X-Surge-Debug
NGX
X-Svr
X-BE
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
X-Fe
X-GEO
X-Swift-Error
X-Atg-Version
Ohc-File-Size
X-Generated-On
X-HTML-Minification-Powered-By
Ohc-Response-Time
ServerName
Lfy
Https
Pics-Label
X-Cdn-Srv
X-IPS-LoggedIn
X-PJAX-URL
X-Level-Front-Cache
X-Instart-Info
RequestUuid
Requestid
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-ServerName
N-Cache
X-VarnPar2
WebServer
X-RAMCache
X-Cache-Ttl
X-PF-Uncompressing
X-Distil-Cs
X-PAGE-TYPE
X-From-Cache
X-M-Reqid
X-Qnm-Cache
X-M-Log
Build-Number
X-Serial
NnCoection
X-Akamai-ERPolicy
Cdn-Src-Port
X-Akamai-ERRuleID
X-Gen-Id
X-Alicdn-Da-Ups-Status
X-SB
X-VC
SID
X-Dw-Trace-Id