Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
X-Powered-By
Last-Modified
Accept-Ranges
X-Content-Type-Options
Strict-Transport-Security
X-XSS-Protection
ETag
Link
Expect-CT
CF-RAY
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
P3P
X-UA-Compatible
X-Cache-Hits
CF-Ray
X-Varnish
X-Served-By
X-Request-Id
X-Amz-Cf-Id
Referrer-Policy
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
X-Adblock-Key
X-Check
Status
Timing-Allow-Origin
X-Cache-Status
X-DNS-Prefetch-Control
X-Iinfo
X-Via
X-Template
X-Language
X-Turbo-Charged-By
X-CDN
X-Content-Security-Policy
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Buckets
Keep-Alive
X-Nginx-Cache-Status
X-Type
X-Server-Powered-By
X-Backend
X-AH-Environment
EagleId
X-Cache-Group
X-Server
X-Pingback
WPE-Backend
X-Pass-Why
X-Age
Access-Control-Max-Age
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Grace
X-Varnish-Cache
Xkey
X-Cache-Lookup
Access-Control-Expose-Headers
Upgrade
Cf-Railgun
X-LiteSpeed-Cache
X-UA-Device
X-Hacker
X-Page-Speed
X-Drupal-Dynamic-Cache
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
X-CST
X-Server-Id
Content-Location
X-Envoy-Upstream-Service-Time
X-Node
Request-Context
X-Ac
X-Device
X-Host
X-Cnection
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
X-Rack-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
X-Readtime
Request-Id
Allow
X-Px
X-Instart-Request-ID
EagleEye-TraceId
X-Clacks-Overhead
X-Response-Time
Pinterest-Generated-By
Edge-Control
Server-Timing
X-Application-Context
X-Rq
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Url
X-Cloud-Trace-Context
X-Server-Name
X-TTL
Charset
SPRequestGuid
X-NWS-LOG-UUID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Cached
X-Country
X-SharePointHealthScore
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-SID
Report-To
X-Varnish-TTL
X-Country-Code
X-Powered-CMS
X-DataDome
X-PC
Public-Key-Pins
X-Powered-By-Plesk
X-TtlSet
X-Vname
X-Mod-Pagespeed
SPRequestDuration
SPIisLatency
X-N
X-Recruiting
MS-Author-Via
X-Version
X-VARITI-CCR
Content-MD5
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Server
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-F-Cache
X-Ruxit-JS-Agent
Cartoon
X-Dw-Request-Base-Id
X-Ser
X-T
Nginx-Cache
X-Trace
Arr-Disable-Session-Affinity
X-FTR-Request-ID
X-D2id
X-Pinterest-Rid
X-Esi
Pinterest-Version
X-Upstream-Env
NEL
X-Daa-Tunnel
Feature-Policy
RTSS
X-Via-JSL
X-Cdn
X-Vhost
X-Amz-Rid
X-GitHub-Request-Id
X-Abt-Application-Version
X-Dynatrace
X-Forwarded-Proto
X-IPLB-Instance
X-Goog-Hash
X-Vcap-Request-Id
X-Grace
X-Origin-Cache
X-Client-IP
X-Hits
X-B
Realpath
X-Cache-Key
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Kinsta-Cache
X-Upstream
X-Navigation-Version
X-TEC-API-ROOT
X-DIS-Request-ID
Fastcgi-Cache
X-Varnish-Age
X-XRDS-Location
X-Id
X-Zen-Fury
TCN
X-Dispatcher
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
Verso
X-Content-Digest
X-Logged-In
Liferay-Portal
Alternate-Protocol
Paypal-Debug-Id
X-NF-Request-ID
X-Content-Options
X-Nf-Srv-Version
X-User-Agent
X-Whom
X-Pad
Access-Control-Request-Method
X-Feature
X-Newrelic-App-Data
X-Fastly-Request-ID
X-Mrf-Section-Lastmod
S
Mrf-Cache-Status
MRF-Tech
X-Sol
X-Mrf-Item-Lastmod
PB-PID
X-Oracle-Dms-Ecid
Front-End-Https
X-SS-Set-Cookie
X-Oracle-Dms-Rid
Tracecode
X-Frontend
PB-RID
X-FastCGI-Cache
Server-Name
X-HS-Cache-Config
X-Debug
Edge-Cache-Tag
X-UUID
Rt-Fastcgi-Cache
X-HS-Content-Id
Cache-Status
X-Hyper-Cache
X-Webkit-Csp
Powered-By-ChinaCache
Host
X-Hostname
X-PressLabs-Stats
Eomportal-Instance
Service-Worker-Allowed
X-B3-Traceid
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Response
X-Cache-Rule
Dynatrace
X-Middleton-Response
X-Middleton-Display
X-Goog-Generation
Cache
X-Goog-Metageneration
Pagespeed
X-CF-Powered-By
Display
X-RateLimit-Remaining
X-AOL-HN
X-Mobile-Rewrite
X-MSEdge-Ref
FilterID
HitInfo
Public-Key-Pins-Report-Only
X-APP-VERSION
X-Cache-Bucket
X-Content-Security-Policy-Report-Only
HitType
Server-Info
X-Cache-Hit
S-Cnection
TP-Cache
X-Revision
X-VCache
Fastly-Restarts
X-Wix-Server-Artifact-Id
X-Instance
X-Magnolia-Registration
X-Varnish-Server
X-Contextid
X-Sucuri-ID
TP-L2-Cache
Refresh
X-Request-Processing-Time
X-Rid
X-Request-Received
X-FTR-DC
X-Cache-Action
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Realm
X-Correlation-ID
X-Origin
X-Proxied
X-Mobile
X-TA-CDN-Provider
X-Country-Code-Real
X-ServedBy
X-GUploader-UploadID
X-Activity-Id
X-HS-Combine-CSS
X-URL
ServerID
Source
X-Analytics
Backend-Timing
X-Az
X-AppVersion
X-Amzn-Trace-Id
X-B-Cache
X-Cache-2
X-Geo-Country
Country
X-Real-IP
X-TT-TIMESTAMP
X-FB-Debug
Served-By
X-Signature
X-Framework
Upgrade-Insecure-Requests
X-Content-Powered-By
X-PHP-Backend
X-Akamai-Edgescape
X-CLOUD-TRACE-CONTEXT
X-App-Environment
X-TT
Actual-Object-TTL
X-ESI
X-Cache-Remote
X-Varnish-Hostname
Surrogate-Key
X-Ocache
X-HW
X-Ttl
X-Device-Type
X-WA-Info
X-Debug-Info
X-Cf-Powered-By
Retry-After
X-ADI-VCache
X-Shield-Cache-Expires
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-CDN-Forward
X-Cache-Operation
X-Cache-Config
X-Sucuri-Cache
Arc-Version
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-Varnish-Backend
X-TIME
X-FTR-Cache-Host
X-Hail-Hydra
X-Handled-By
Server-Node
X-PC-Hit
X-Geo
X-NWS-UUID-VERIFY
X-Cache-NE
X-Atg-Version
X-PC-Key
X-Request-Guid
X-Page-Id
X-PC-AppVer
X-WPE-Loopback-Upstream-Addr
X-BCube-Filmed-By
Accept-Charset
Host-Header
DC
X-Cache-Server
MS-CV
X-Accel-Expires
Webserver
X-Adobe-Loc
X-GeoIP
X-Cached-By
X-Adobe-Content
SRV
X-App-Server
X-Jobs
X-Cache-Control
X-Storage
X-Akamai-Transformed
X-S
X-Yottaa-Metrics
X-Varnish-Hits
X-CSRF-Token
X-Accel-Buffering
HostName
ServedBy
AsisCache
X-Cacheable-TTL
X-LB-Cache
X-Yottaa-Optimizations
X-RequestSource
X-PC-Host
X-GZip
X-Generated-By
X-DynaTrace
X-PC-Date
X-Cluster
X-WebKit-CSP-Report-Only
X-Varnish-IP
X-Wix-Request-Id
X-Amz-Server-Side-Encryption
X-Seen-By
X-Origin-Upstream-Status
X-XRDS-LOCATION
X-CACHE-AGE
X-Internal-Host
X-Forwarded-For
X-TX-ID
X-Varnish-Grace
X-Varnish-Cache-Hits
X-Drupal-Cache-Tags
X-Edge-Cache-Key
X-FW-Type
X-Ruxit-Js-Agent
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Edge-Cache
X-Vg-Webcache
NGB
Content-Script-Type
X-FORWARDED-FOR
From-Origin
Content-Style-Type
Filters
X-COUNTRY
X-Platform-Server
X-Locale
X-RTag
X-Cache-TTL-Remaining
X-Microcachable
WP-Super-Cache
X-Region
X-Oss-Storage-Class
X-Oss-Server-Time
X-Tumblr-Pixel-2
X-Amz-Apigw-Id
X-EIG-Tracking-Id
X-Proto
Load-Balancing
Access-Control-Request-Headers
X-Oss-Request-Id
X-DC
X-Port
X-Tumblr-Pixel-1
X-Amzn-RequestId
Viewport
X-Amz-Replication-Status
X-Oss-Object-Type
X-Distil-CS
Ohc-File-Size
X-Oss-Hash-Crc64ecma
X-Origin-Server
X-StackifyID
GEO-INFO
X-Optimization
Mn-Server-Ip
Origin-Cache-Control
X-NGENIX-Cache
Healthy
X-Yottaa-Sig
Datacenter
X-JoinUs
X-ProxyCache-Key
X-ProxyCache-Status
Origin-Edge-Control
Fastly-SSL
X-L-Path
X-Akam-SW-Version
X-Agile-Id
X-Agile-Age
X-Akamai-Request-ID
X-BB-IP
X-Cache-Enabled
X-Cache-HT
X-Agile
X-Distributor
Time
ServerName
X-CCM
X-Hit
X-Grey
X-Environment-Context
X-Generated
X-Labrador-Cache-Channel
Cache-Name
X-BYPASS-REASON
X-Mode
X-Fastcgi-Cache
X-Upstream-CT
X-Upstream-HT
X-Cache-Category-Id
X-Srv
Cache-Tag
X-Web-Node
X-B3-Spanid
X-Skip-Cache
X-Source
COMMERCE-SERVER-SOFTWARE
X-Nginx-Cache
X-Viewer-Country
X-Time-Microsecs
X-Debug-Cache
L5d-Success-Class
Cteonnt-Length
X-Croise-Owner
Access-Control-Allow-Method
Cache-Key
X-UA-Device-Type
X-UA
DynaTrace
X-ServerID
X-PERF
X-ApacheServer
X-Tumblr-Pixel-3
X-Webstats-RespID
X-Cache-Var-Map
X-Generation-Time
X-Cache-Var
X-TNCMS
X-Human
X-Hosted-By
X-TWH-CORRELATION-ID
X-Vgn-Hpd-Reason
X-WR-MODIFICATION
X-CCM-LastModified
X-CDN-Cache
X-DataStream-Cache-Status
X-Www-Served-By
X-Detected-As
X-Drupal-Cache-Contexts
X-IP
X-Cluster-Node
X-Ezoic-Cdn
X-Endurance-Cache-Level
X-Format
X-MP-GENERATED-AT
X-Pubstack
X-RemovedCookies
X-ProcessESI
X-Site-Version
X-OVcl-Cache
X-Path-Route
X-Render-Type
X-Rendered-As
X-Section
X-Upgrade-Enabled
X-Routing-Service
X-RN-RSRV
X-Request-Time
X-OVcl
X-Original-Request
X-Meta-Tbi-Cache-Vertical
X-NCache
X-Loop
X-LJ-Flow-ID
X-VWS-Id
X-Zipkin-Id
X-Surge-Debug
X-Node-Name
X-Origin-CC
X-Origin-Hint
X-SplitTest
X-NU-AKA-ACS-Version
X-NodeID
X-Is-Bot
Azure-RegionName
Now
X-NC
NODE
Cneonction
Meta-Geo
X-ByteArk-Cache
Property-Id
TWC-Device-Class
TWC-Connection-Speed
S-Rt
RequestId
Machine
LB
Azure-SiteName
DB-Nickname
Azure-SlotName
Azure-Version
Fastcgi-Useragent
Azure-InstanceId
Cache-Hits
Selected-FE
X-Proxy-Build
X-Timing-Wait
Backend
TWC-GeoIP-Country
X-App-Name
X-Amz-Meta-Surrogate-Control
X-Access
Webcakes-Region
X-AWS-Id
X-B3-Sampled
X-Birta-Served
X-Birta-Cache-Post
X-Be
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
User-Agent
X-Ratelimit-Limit
X-Correlation-Id
X-SRV
X-Xfnlog-Site
NnCoection
X-Varnish-Cacheable
X-Unique-ID
X-Via-Fastly
X-Status
X-Proxy
ProcessTime
Pagetype
IBM-Web2-Location
X-Instance-Name
X-PCL
X-Backend-Name
X-Edge-Location
X-FC-Vary-Parameters
X-OCL
User-Cache-Control
Countrycode
X-ARC
X-Application
X-A-Dgt
X-B-Cookie
X-A-Wwc
X-WebServer
X-Cache-Id
X-Cache-Host
X-Cache-Expires
X-A-Dcw
X-A-Dam
T-Server
Server-ID
Resin-Trace
Request-Time
V-Age
Warning
Is-Session-Tracking
X-A-Ccd
X-A
X-Var-Ttl
X-CS
X-Hash
X-Dispatcher-Server
X-Logtrace-Id
X-Request-URI
X-S-Maxage
X-DPWN-IS-SECURE
X-Generated-In
X-G
X-From
X-Died
X-Device-Os
X-Debug-Log
X-NX-Host
X-Debug-Cookies
X-D
X-Release
X-UE-Client-Country
X-Developer
X-Destination
X-SRCache-Key
X-S-Cookie
Brightspot-Id
Version
Ajk
Cache-Prefix
X-NewRelic-App-Data
X-ATG-Version
X-Newrelic-Synthetics
X-RateLimit-Limit
X-Ua
Fly-Cache
Magicmarker
Get-Access-Time
Fly-Request-Id
X-Cache-TTL
MIME-Version
X-ElasticPress-Search
FSS-Proxy
UCS
X-Cache-Age
X-Varnish-Beresp-Ttl
FSS-Cache
X-C
X-Layer
X-Location
Server-Int
X-Eu-Site
Sid
Sta2Tusw
X-Developers
X-EC-Security-Audit
X-Edge-IP
X-Fastly-Cache
X-Epic-Correlation-Id
X-EdgeConnect-Cache-Status
X-F5-Cache
X-FireWall-Port
X-GoCache-CacheStatus
X-GeoIP-Country-Code
X-GeoIP-City
X-Haproxy-Hostname
Server-Host
X-Irp-Debug
REQUESTUUID
X-Haproxy-Ip
X-Gannett-Site-Version
X-From-Cache
X-Flog
X-Key
X-Kong-Upstream-Latency
X-Forwarded-Host
Rendered-Blocks
X-Kong-Proxy-Latency
X-DataStream-Origin-MEX-Latency
X-Frame-Option
X-Fetched-On
Thinkindot-Control
X-Amz-Meta-Cache-Control
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-S3cmd-Attrs
X-Actual-URL
X-ABtesting
X-Cache-Srv
Www
X-Cache-FS-Status
X-Cache-Debug
X-Matched-Rule
X-BBXSRF
X-BB-ID
X-Backend-Url
X-Cache-Backend
X-Cache-CFC
X-Backend-Host
X-Backend-State
Ws
X-Cache-URL
X-CF-Lambda-Fn
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-CF-Lambda-Version
X-CGP
X-Core-Value
X-Core-Mission
X-Connection-Hash
X-Backend-TTL
X-Cdn-Srv
VivaBuild
Who
X-Cdn-Origin
Viewtype
X-CDN-Pop
Uber-Trace-Id
X-CDN-Pop-IP
X-DataStream-MidMile-RTT
X-Server-Group
X-Tb
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thinkindot-L3
X-Trace-Id
X-TT-LOGID
X-Trv-Group
X-Transaction
X-Stale
X-Sn-Servicetimems
Release
X-Server-By
X-Secret
X-Server-IP
X-Server-Time
X-SIPLIST1
X-Servername
X-Twitter-Response-Tags
X-UnsetCookies
X-We-Are-Hiring
X-VServer
X-Via-Edge
X-Wikidot-Backend
X-Wikidot-Static-Cache
Xc-Version
X-Wix-Route-ID
X-Via-CDN
X-VG-WebServer
X-Varnish-Action
X-User
X-Up
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Ver
X-Varnish-Id
X-ScT
X-ROOTCache
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-PAYTM-SRV-ID
X-Pf-Uncompressing
X-Planisys-CDN-Cache
X-Phone
X-Passed-To
X-P-T
X-MSEdge-Flight
X-MSEdge-Features
X-Micro-Cache
X-ND-Cache
X-No-Session
X-Owner
X-Origin-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Response-By
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-Req
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Public
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Region-Sid
X-Reboot
X-Mem
Host-ID
Adler-Geo
Accept-Ch
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Via-NSCOPI
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Sorting-Hat-PrivacyLevel
Pramga
X-Sorting-Hat-ShopId
Apple-News-Services-Request-Url
Arc-Country
Ec-Rule-Version
Drupal-Pagecache-Memcache
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastly-Soc-X-Request-Id
Fastly-SIE
Content-Disposition
CF-IPCountry
BehaviorPad-Version
Backend-Name
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Sorting-Hat-FeatureSet
X-Shopify-Stage
Proxy-Connection
NodeID
Request-Country
Request-EU
X-Auto-Login
X-Alternate-Cache-Key
Kp-EeAlive
If-Modified-Since
X-Front
WZWS-RAY
Xserver
Cache-Provider
Country-Code
X-Cache-Time
X-Crawler
X-Page-Type
X-LB-Node
X-Refresh
X-ShardId
X-ShopId
X-LB-CacheStatus
X-IN-WAF
X-Fstrz
X-Fastly-Backend-Reqs
X-Hl-Ver
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
Fastly-SWR
X-Sorting-Hat-Section
HTTPS
Heartbleed
Is-Eu
Payment
Max-Age
HA-Urlpath
HA-Servedtime
HA-Georegion
Ha-Gx-Prefs
HA-Host
HA-Ipaddr
MD5-Digest
Memcached
Powered-By
Odigeo-Trace-Id
Origin
OT-Force-Account-Verify
NGX
PFcat
Platform
Memory
PICS-Label
Meta-Geo-Continent
HA-Geolon
IsBot
Pragrma
HA-Cloudapp
GW-Server
HA-Geocountry
HA-Geocity
HA-Geolat
CACHE
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
X-Rocket-Nginx-Serving-Static
X-Varnish-HitMiss
RATING
X-Origin-Date
Esi-Enabled
MI-Cache-Age
X-Requestid
MI-API
X-TId
X-Info
X-Request-Start
MI-Cache
X-Bug-Bounty
X-Thanos
On-Server
X-V
X-ServiceProvider
Fastly-Backend-Name
X-Svr
GMS-Ver
X-Fastly-Cache-Hits
X-Powered-By-Defense
X-Server-W
X-Servedbyhost
X-Served-From
X-Redis-Cache
Web-Mar-Region
Web-Mar-Node
Ohc-Response-Time
X-Env
Frame-Options
X-RCS-CacheZone
X-Node-Id
X-Cache-Control-Set-By
X-Nananana
X-Varnish-Url
Httpd-Identifier
X-Origin-Expires
CDCHOST
X-Ckpd-Fst-Backend
X-MI-In-Market
X-HCF
X-Hnp-Log
X-LiteSpeed-Cache-Control
X-Zalando-Page-Type
X-Worker
X-Zalando-Child-Request-Id
X-Bip
X-Block-Status
X-Sentry-ID
X-Powered-By-ANYU
X-Platform
Decoy-Debug-Status
Decoy-Debug-TTL
X-Content-Type
X-Content-Age
X-Dc
Decoy-Debug-Key
X-Gen-Mode
X-Clientip
Lfy
CDN
Group
X-Guploader-Uploadid
X-Cache-Ttl
V-Cache
XServer
X-Nc
DataCenter
Rt-Proxy-Cache
X-VC
X-VarnPar2
X-VarnPar1
X-VarnCache
X-Load-Cache
X-HTML-Minification-Powered-By
X-Accel-Expires-Debug
Geoip-Latitude
GeoIP-City
X-PJAX-URL
X-PARISIEN-Cache-Rendered
GeoIP-Country-Code
GeoIP-Latitude
X-Remote-IP
N-Cache
X-Date
Geoip-City
X-HGenerator
GeoIp-Country-Code
URI
X-Safe-Firewall
X-SB
X-Varnish-Beresp-TTL
Cdn
Mime-Version
Processtime
X-Real-Ip
X-Ratelimit-Remaining
X-Trv-Request-Id
X-Tid
X-RequestId
X-PAGE-TYPE
X-Pjax-Url
X-Proxy-Server
WWW-Authenticate
Apicache-Store
X-VG-WebCache
Apicache-Version
X-M-Reqid
X-Check-Cacheable
X-M-Log
X-Unique-Id
X-Servedby
NtCoent-Length
WebServer
X-Fe
X-Alicdn-Da-Ups-Status
X-Qnm-Cache
X-ProxyCache-Args
PageType