Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Xss-Protection
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
Timing-Allow-Origin
X-Language
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
WPE-Backend
Keep-Alive
X-Pass-Why
X-AH-Environment
Xkey
CF-Ray
X-Cache-Group
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Kinja-Server-Push
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Host
X-Response-Time
Surrogate-Control
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Node
X-Server-Id
X-Backend-Server
Server-Timing
X-Readtime
Report-To
X-Rack-Cache
Request-Id
EagleEye-TraceId
X-Application-Context
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Clacks-Overhead
Edge-Control
NEL
Rating
X-Country
X-TTL
X-Server-Name
X-Url
X-DynaTrace
X-Varnish-TTL
X-MS-InvokeApp
X-DataDome
Allow
X-Px
X-Country-Code
X-Origin-Cache
Pinterest-Generated-By
X-Vhost
X-Vname
X-TtlSet
X-PC
X-Cached
X-FTR-Request-ID
X-Ruxit-JS-Agent
X-ESI
RTSS
SPRequestGuid
X-Trace
X-Goog-Hash
X-VARITI-CCR
Charset
X-Powered-By-Plesk
X-SharePointHealthScore
X-GitHub-Request-Id
Accept-CH
X-DynaTrace-JS-Agent
X-T
X-Dispatcher
X-Powered-CMS
Public-Key-Pins
X-D2id
X-Mod-Pagespeed
X-B3-TraceId
X-Server-ID
PB-RID
Arc-Version
X-Mobile-Rewrite
PB-PID
X-F-Cache
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
Content-MD5
X-Oracle-Dms-Rid
X-Version
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
MS-Author-Via
X-Recruiting
X-Abt-Application-Version
X-Dns-Prefetch-Control
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Nginx-Cache
X-Forwarded-Proto
X-Client-IP
Accept-CH-Lifetime
X-HW
X-ORACLE-DMS-RID
X-DIS-Request-ID
X-N
X-Navigation-Version
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
AR-PoweredBy
AR-CACHE
AR-ATIME
X-B
X-Amz-Rid
X-Fastly-Request-ID
X-Origin-Upstream-Status
DynaTrace
X-Upstream
X-Ser
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Meta-S3cmd-Attrs
X-Hits
Fastly-Restarts
TCN
Realpath
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Paypal-Debug-Id
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
S
Access-Control-Request-Method
X-Content-Digest
X-Id
X-Use-Magma
X-Varnish-Age
X-Debug
X-Vcap-Request-Id
Edge-Cache-Tag
MRF-Tech
Mrf-Cache-Status
X-MSEdge-Ref
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Front-End-Https
X-Oneagent-Js-Injection
X-ATG-Version
X-Frontend
X-IPLB-Instance
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-RateLimit-Remaining
X-PressLabs-Stats
X-FTR-Realm
X-Kinsta-Cache
X-FTR-Expires
X-Logged-In
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
Surrogate-Key
Rt-Fastcgi-Cache
X-Cache-Hit
X-Forwarded-For
X-B3-TraceId-Primal
X-Amz-Cf-Pop
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Sol
X-Middleton-Display
Display
X-FastCGI-Cache
X-Edge-Location
X-Zen-Fury
Backend-Timing
X-Analytics
X-Rid
Server-Name
Powered-By-ChinaCache
X-Amzn-Trace-Id
X-Debug-Info
X-User-Agent
Host
X-Webkit-Csp
X-Revision
TP-L2-Cache
TP-Cache
X-HS-Cache-Config
X-FTR-Cache-Host
FilterID
AMP-Access-Control-Allow-Source-Origin
Ar-Sid
X-Litespeed-Cache
X-Akam-SW-Version
X-CF-Powered-By
X-Grace
X-Middleton-Response
Response
X-Cache-Key
X-Fastcgi-Cache
AR-Request-ID
X-NewRelic-App-Data
X-SS-Set-Cookie
X-Drupal-Cache-Tags
X-Magnolia-Registration
X-Mobile
X-TA-CDN-Provider
Refresh
Cache-Status
X-Accel-Expires
X-Cached-By
X-B3-Sampled
X-SERVER
X-Newrelic-App-Data
Host-Header
ServerID
X-AOL-HN
X-NWS-LOG-UUID
X-Varnish-Backend
X-GUploader-UploadID
X-VCache
X-Node-Name
X-Whom
X-Content-Security-Policy-Report-Only
Eomportal-Instance
X-Tumblr-Pixel
X-Instance
X-Cluster
X-Tumblr-Pixel-0
X-FB-Debug
X-Tumblr-User
X-Signature
X-B-Cache
X-Cache-2
X-Cache-Control
X-Akamai-Edgescape
X-Via-JSL
X-Platform-Server
X-Webkit-CSP
X-Framework
X-Device-Type
X-Varnish-Hostname
X-BCube-Filmed-By
X-Generated-By
X-Page-Id
X-LB-Cache
X-App-Environment
X-Drupal-Cache-Contexts
Cleartype
X-Srv
X-Handled-By
X-Request-Guid
X-Cache-Rule
X-Cache-Action
X-AppVersion
X-Activity-Id
X-Az
X-Ruxit-Js-Agent
X-App-Server
Cache-Tag
Alternate-Protocol
X-URL
Liferay-Portal
DC
X-Cache-Server
Source
X-Content-Powered-By
X-Hostname
Retry-After
X-HS-Combine-CSS
X-Ttl
MS-CV
X-WPE-Loopback-Upstream-Addr
X-WA-Info
X-Varnish-Grace
X-Daa-Tunnel
X-Geo-Country
X-Varnish-Server
X-App-Version
Pagespeed
Public-Key-Pins-Report-Only
X-CACHE-GROUP
X-Amz-Replication-Status
Server-Node
X-Wix-Request-Id
X-Seen-By
X-TT
ViewerVersion
HostName
X-Correlation-Id
X-Esi
Webserver
Accept-Charset
AR-SID
X-Cache-NE
X-Tumblr-Pixel-1
AsisCache
X-WebKit-CSP-Report-Only
X-Response-Served-From
Upgrade-Insecure-Requests
X-Tumblr-Pixel-2
Actual-Object-TTL
X-Amz-Apigw-Id
SRV
X-GeoIP
X-Amzn-RequestId
X-Locale
GEO-INFO
X-RequestSource
X-Jobs
ServedBy
X-Varnish-Hits
X-FW-Type
Payment
X-FW-Hash
X-FW-Serve
X-Servedby
X-S
X-FW-Server
X-Contextid
Viewport
X-FW-Static
X-Edge-Cache-Key
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Edge-Cache
X-Status
X-TX-ID
X-Varnish-IP
X-Adobe-Content
X-Correlation-ID
X-Adobe-Loc
X-TT-TIMESTAMP
X-Cacheable-TTL
X-Origin-Server
S-Cnection
X-Cache-TTL-Remaining
X-Vg-Webcache
X-XRDS-LOCATION
X-Hyper-Cache
Cache
X-Cache-Age
X-Geo-Segment
X-Amz-Server-Side-Encryption
X-Cache-Operation
Server-Info
X-Forwarded-Host
X-Real-IP
X-Region
Datacenter
X-RateLimit-Limit
Served-By
Access-Control-Allow-Method
X-Akamai-Request-ID2
X-Mode
X-DataStream-Cache-Status
Healthy
CACHE
X-Content-Type
X-Sucuri-ID
X-CLOUD-TRACE-CONTEXT
X-Akamai-Transformed
Fastcgi-X-Cache-Version
X-Is-Bot
X-JoinUs
X-Rendered-As
X-Detected-As
From-Origin
X-Environment-Context
X-Ezoic-Cdn
X-Generated
Meta-Geo
Country
X-Zipkin-Id
Machine
X-RN-RSRV
X-L-Path
X-Proxy
Fastcgi-X-Cache
X-Upgrade-Enabled
X-Rule
X-Site-Version
Fastcgi-Useragent
X-Proxied
X-Routing-Service
X-Cache-Var-Map
X-Ocache
X-Cache-Var
X-Path-Route
X-Cache-Config
X-Agile-Id
X-NGENIX-Cache
X-Viewer-Country
X-Section
X-CDN-Cache
X-Human
X-Format
X-Hosted-By
X-Request-Time
X-Birta-Served
X-Access
Now
X-Agile
X-Agile-Age
X-Birta-Cache-Post
X-Amz-Meta-Surrogate-Control
DB-Nickname
L5d-Success-Class
X-GRACE
X-CCM
X-Cache-Category-Id
Webcakes-Region
Webcakes-App-Version
X-FC-Vary-Parameters
Webcakes-App-Name
X-Labrador-Cache-Channel
X-Hit
X-Grey
X-OCL
TWC-Privacy
TWC-Connection-Speed
S-Rt
Property-Id
OT-Force-Account-Verify
Cache-Name
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Pc-Appver
X-Origin-Hint
X-Tb
X-Loop
X-Via-Fastly
X-ServerID
X-TNCMS
X-PCL
X-Pc-Key
X-Pc-Hit
X-Upstream-HT
HitType
X-VG-TLSProxy
X-Upstream-CT
X-Web-Node
Origin-Cache-Control
X-Xfnlog-Site
Origin-Edge-Control
X-BYPASS-REASON
X-IP
X-Origin
HitInfo
X-OVcl
X-ProcessESI
X-ProxyCache-Key
X-OVcl-Cache
X-Pubstack
X-ProxyCache-Status
X-EIG-Tracking-Id
X-RemovedCookies
X-Original-Request
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-ShardId
Selected-FE
X-Proxy-Build
X-Alternate-Cache-Key
X-Shopify-Stage
X-Microcachable
NGB
X-ShopId
X-Via-CDN
X-Www-Served-By
Accept-Language
LB
Mn-Server-Ip
X-Sorting-Hat-PodId
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Cluster-Node
X-Geo
Xserver
Filters
X-App-Name
X-TIME
X-Cdn
X-Guploader-Uploadid
X-TWH-CORRELATION-ID
Ms-Operation-Id
X-RTag
X-Twitter-Response-Tags
X-Transaction
X-Connection-Hash
X-Rocket-Nginx-Bypass
X-Cache-Remote
X-UA
X-Cache-Enabled
X-UA-Device-Type
Time
X-NCache
X-Internal-Host
Access-Control-Request-Headers
X-Unique-ID
IBM-Web2-Location
X-Pc-Date
X-Tumblr-Pixel-3
X-Pc-Host
X-NodeID
X-LJ-Flow-ID
X-Origin-CC
X-SplitTest
X-Cache-TTL
Content-Style-Type
Content-Script-Type
X-VWS-Id
X-AWS-Id
X-Proto
X-Real-Ip
X-PHP-Backend
Mail-Subject
X-CACHE-KEY
We-Hiring
X-APP-VERSION
X-Nginx-Cache
NtCoent-Length
X-Port
X-Vgn-Hpd-Reason
X-Storage
Cache-Hits
X-Source
X-MP-GENERATED-AT
X-Edge-IP
X-Time-Microsecs
X-Cdn-Forward
Backend
X-Ms-Blob-Type
X-Distil-CS
X-Debug-Cache
X-Ms-Request-Id
X-Webstats-RespID
X-Ms-Version
X-Akamai-Request-ID
X-Ms-Lease-Status
X-Varnish-Cacheable
Cache-Tags
X-Backend-Name
X-Csrf-Token
X-Endurance-Cache-Level
X-Ratelimit-Limit
X-Redis-Cache
Locale
X-Urbn-Context-Path
X-Origin-Response-Time
X-Urbn-Site-Id
X-Varnish-Beresp-Status
X-B3-Spanid
X-Dc
X-Varnish-Beresp-Grace
Warning
X-Croise-Owner
X-Ua
X-CDN-Forward
X-EdgeConnect-Cache-Status
User-Agent
X-Varnish-Cache-Hits
X-PERF
X-C
X-ApacheServer
X-Varnish-Beresp-Ttl
X-B-Cookie
X-CF-Lambda-Fn
X-Cache-URL
Ec-Rule-Version
X-IN-WAF
Content-Disposition
X-IN-APIGATEWAY
X-CGP
X-BB-ID
HA-Cloudapp
X-Cache-Bucket
X-CF-Lambda-Version
X-IN-SSL-APIGATEWAY
X-BBXSRF
HA-Geolat
Arc-Country
X-Eu-Site
Ha-Gx-Prefs
X-Cdn-Origin
BehaviorPad-Version
X-Date
X-Debug-Cookies
HA-Geocity
X-ElasticPress-Search
HA-Georegion
Ajk
X-Died
X-Developer
X-Destination
X-Debug-Log
X-DPWN-IS-SECURE
X-D
X-External-Request-Id
HA-Geolon
X-GeoIP-Country-Code
HA-Servedtime
Fly-Cache
X-Hash
HA-Geocountry
Fly-Request-Id
X-Generated-In
X-G
Cache-Prefix
X-Cache-Host
X-F5-Cache
X-Fetched-On
HA-Host
HA-Ipaddr
X-From
HA-Urlpath
X-PAYTM-SRV-ID
X-S-Cookie
TSSecure
X-Rojux
X-A-Dam
X-Nc
X-Server-By
X-ScT
X-Rewrite-Enabled
X-Mrs-Age
GMS-Ver
X-Irp-Debug
X-Via-SSL
X-Mshield-Cache-Status
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Via-Edge
X-Server-Time
VivaBuild
V-Age
X-Trv-Group
X-UE-Client-Country
Viewtype
Powered-By
UCS
Cache-Key
X-A-Ccd
X-VG-WebServer
X-A
X-Sn-Servicetimems
X-Store
X-SRCache-Key
Rendered-Blocks
Mobile-Detection-Method
Resin-Trace
X-A-Dcw
X-NU-AKA-ACS-Version
X-Logtrace-Id
X-Accel-Expires-Debug
X-Application
Server-Host
X-Amz-Meta-Cache-Control
X-Aed
MD5-Digest
X-Org
X-NX-Host
X-Region-Sid
Xc-Version
X-A-Wwc
Rt-Proxy-Cache
Meta-Geo-Continent
Fastly-SSL
X-A-Dgt
X-We-Are-Hiring
X-Cache-Backend
Version
X-CACHE-AGE
X-NWS-UUID-VERIFY
X-NC
X-Backend-Host
X-Auto-Login
SN
Thinkindot-CacheControl-Type
Thinkindot-Control
X-ABtesting
Thinkindot-CacheControl
Server-ID
Www
X-Reboot
X-Thinkindot-L3
X-Trace-Id
X-UnsetCookies
X-User
X-SIPLIST1
X-ServiceProvider
X-Request-URI
X-Response-By
X-S-Maxage
X-V
X-Var-Ttl
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Country-Code
X-Wikidot-Static-Cache
X-Via-NSCOPI
X-VServer
X-Wikidot-Backend
X-Request-Start
X-Release
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Flog
X-FW-Version
X-Developers
X-Core-Value
X-Backend-Url
X-Cache-Id
X-Clientip
X-GeoIP-City
X-Hello
X-MServer
X-No-Session
X-Platform
X-Qloud-Router
X-Matched-Rule
X-Location
X-Hl-Ver
X-Key
X-Layer
X-Backend-State
RNT-Machine
X-Oss-Hash-Crc64ecma
PageSpeed
FSS-Proxy
Memcached
X-Oss-Storage-Class
X-Oss-Server-Time
FSS-Cache
Countrycode
RNT-Time
GW-Server
Decoy-Debug-TTL
Heartbleed
Decoy-Debug-Status
IsBot
Decoy-Debug-Key
Section-Io-Cache
Fastly-Soc-X-Request-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Powered-By-ANYU
Apple-News-Services-Host
Apple-News-Services-Handled
X-Oss-Object-Type
AKAMAI
X-Oss-Request-Id
User-Cache-Control
Release
Origin
Frame-Options
WZWS-RAY
Pramga
X-Sucuri-Cache
Pagetype
X-Variation
X-Sf
X-Gannett-Site-Version
X-Gen-Mode
X-Info
X-SVT-ORM-VERSION
X-Swa-Ws
X-Distributor
X-SVT-ORM-RULES
X-Fastly-Cache
X-Parent-Response-Time
X-Server-IP
X-Stale
X-Returned-From-DLL
X-RCS-CacheZone
X-Nginx-Cache-Key
X-Dynatrace-Js-Agent
X-MI-In-Market
X-LI-UUID
X-Node-Id
X-Policy
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Passed-To
X-P-T
X-LI-Proto
X-Li-Pop
X-Returned-From-PostProcessResponse
X-Hnp-Log
X-Secret
X-Sentry-ID
X-Served-From
X-Thanos
X-Returned-From-BeforeDispatch
X-Li-Fabric
X-Request-UUID
X-Instance-Name
X-Returned-From
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Device-Os
X-WebServer
X-Phone
Magicmarker
X-Actual-URL
MI-Cache
Kp-EeAlive
Platform
X-Bip
X-Varnish-Action
Uber-Trace-Id
X-VCT
MI-Cache-Age
X-Worker
Request-EU
Adler-Geo
Backend-Name
Server-Int
Request-Country
True-Client-Country-4JS
Odigeo-Trace-Id
On-Server
Web-Mar-Node
Pragrma
X-Block-Status
Is-Eu
Cache-Cookie-Set-Lfrom
Esi-Enabled
Cache-Cookie-Set-From
X-TT-LOGID
X-Core-Mission
Cache-Cookie-Set-Idcheck
X-CUA
X-Crawler
X-Cache-FS-Status
X-Up
X-Cache-Expires
X-Cache-Debug
Fastly-Backend-Name
X-Datadome
MI-API
X-MSEdge-Features
X-Refresh
CDCHOST
Group
Proxy-Connection
X-Cache-CFC
X-MSEdge-Flight
X-Fstrz
REQUESTUUID
X-Unique-Id-Primal
X-Newrelic-Synthetics
V-Cache
X-Owner
RequestId
X-Page-Type
X-NODE
X-HOST
Who
Cteonnt-Length
X-DC
HTTPS
X-Time
Fusion-Source
X-Req
X-Servername
X-Pjax-Url
MIME-Version
X-Be
X-SN
X-Kong-Proxy-Latency
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
X-Backend-TTL
X-Kong-Upstream-Latency
Fusion-Template-Id
X-GZip
X-Cache-Srv
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Ecid
NodeID
X-Ms-Lease-State
X-Origin-TTL
Memory
Cdn-Request-Time
X-Edge-Server
Cdn-Host
Cdn
X-Servedbyhost
ProcessTime
X-Server-Group
Mime-Version
X-Content-Age
SS
SD-X-WS
X-Protected-By
CF-IPCountry
X-Aicache-OS
VIX-Pulpo-Node
X-Wa
VIX-Pulpo-Upstream-Status
X-BB-IP
X-COUNTRY
A
X-ND-Cache
X-Ckpd-Fst-Backend
CDN
X-Origin-Host
GeoIP-Country-Code
X-Origin-Date
X-Origin-Expires
XServer
X-SRV
GeoIP-Latitude
PageType
X-Varnish-Beresp-TTL
X-StackifyID
Get-Access-Time
Is-Session-Tracking
X-Pf-Uncompressing
X-APP
X-B3-Traceid
Geoip-Latitude
GeoIp-Country-Code
Processtime
Serverid
X-Varnish-Url
PICS-Label
X-Cache-Info
X-PHP-Host
X-Fastly-Country-Code
Node
X-Unique-Id
Cache-Tv-Group
X-Load-Cache
Vix-Hermes-Req-Id
X-Proxy-Cache-Status
X-WA
X-Proxy-Upstream
X-Requestid
X-Gdpr
X-CSRF-Token
X-Ratelimit-Remaining
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generation-Time
X-Fastly-Cache-Hits
DataCenter
Nel
X-Nananana
X-ID
Hostname
X-BACKEND-TTL
Cf-Ipcountry
X-FireWall-Port
Cache-Provider
X-Planisys-CDN-Cache
X-SERVER-NAME
X-ServedByHost
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Check-Cacheable
X-RequestId
X-NGINX-Cache
X-HS-Status
X-EC-Security-Audit
URI
Request-Time
X-CS
WP-Super-Cache
X-Server-W
X-UPSTREAM-Address
X-FORWARDED-FOR
X-GZIP
X-Fastly-Backend-Reqs
X-Front
X-Micro-Cache
PFcat
Host-ID
X-GEO
X-Surge-Debug
NGX
T-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-WR-MODIFICATION
X-Debug-Cache-Store
X-B3-SpanId
X-FB-TRIP-ID
X-VarnCache
X-VarnPar1
X-VG-WebCache
X-DataStream-Origin-MEX-Latency
ServerName
X-GDPR
X-DataStream-MidMile-RTT
X-PARISIEN-Cache-Rendered
X-Svr
X-Fe
X-HTML-Minification-Powered-By
X-HTML-Edge-Cache
X-BE
X-Swift-Error
X-Atg-Version
X-IPS-LoggedIn
X-Generated-On
Https
Ohc-Response-Time
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-PF-Uncompressing
X-ServerName
Requestid
X-PJAX-URL
Ohc-File-Size
Lfy
RequestUuid
X-Cdn-Srv
X-Level-Front-Cache
X-Instart-Info
X-Akamai-SSL-Client-Sid
X-Vcache
X-Amz-Meta-S3b-Last-Modified
WebServer
X-VC
Pics-Label
N-Cache
X-VarnPar2
X-Cache-Ttl
X-From-Cache
X-Alicdn-Da-Ups-Status
X-SB
X-Distil-Cs
X-PAGE-TYPE
X-RAMCache
Load-Balancing
X-Serial
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Cdn-Src-Port
X-Gen-Id
X-Skip-Cache
X-Grace-Duration
X-Dw-Trace-Id
X-ARC
Build-Number
SID