Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
Timing-Allow-Origin
X-Language
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
WPE-Backend
Keep-Alive
X-Pass-Why
X-AH-Environment
Xkey
CF-Ray
X-Cache-Group
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Kinja-Server-Push
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Host
X-Response-Time
Surrogate-Control
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Node
X-Server-Id
X-Backend-Server
Server-Timing
X-Readtime
Report-To
X-Rack-Cache
Request-Id
EagleEye-TraceId
X-Application-Context
Feature-Policy
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Clacks-Overhead
Edge-Control
NEL
Rating
X-Country
X-TTL
X-Server-Name
X-Url
X-DynaTrace
X-Varnish-TTL
X-MS-InvokeApp
X-DataDome
Allow
X-Country-Code
X-Px
X-Origin-Cache
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-Vhost
X-Vname
X-TtlSet
X-PC
X-Cached
X-FTR-Request-ID
X-Ruxit-JS-Agent
X-ESI
RTSS
SPRequestGuid
X-Trace
X-Goog-Hash
X-VARITI-CCR
Charset
X-Powered-By-Plesk
X-SharePointHealthScore
X-GitHub-Request-Id
X-DynaTrace-JS-Agent
Accept-CH
X-Dispatcher
X-Powered-CMS
X-T
Public-Key-Pins
X-D2id
X-Mod-Pagespeed
X-B3-TraceId
X-Server-ID
X-Mobile-Rewrite
Arc-Version
PB-PID
PB-RID
X-F-Cache
Verso
X-Exp-Variant
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Exp-Id
Content-MD5
X-Oracle-Dms-Rid
X-Version
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
MS-Author-Via
X-Recruiting
X-Abt-Application-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-Forwarded-Proto
X-Client-IP
Accept-CH-Lifetime
X-HW
X-ORACLE-DMS-RID
X-N
X-DIS-Request-ID
X-Navigation-Version
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-B
X-Amz-Rid
X-Fastly-Request-ID
X-Origin-Upstream-Status
DynaTrace
X-Upstream
X-Ser
X-Dw-Request-Base-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Meta-S3cmd-Attrs
X-Hits
Fastly-Restarts
TCN
Realpath
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Paypal-Debug-Id
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
S
Access-Control-Request-Method
X-Content-Digest
X-Id
X-Use-Magma
X-Debug
X-Varnish-Age
X-Vcap-Request-Id
X-Mrf-Section-Lastmod
Edge-Cache-Tag
MRF-Tech
X-Mrf-Item-Lastmod
Front-End-Https
Mrf-Cache-Status
X-MSEdge-Ref
X-Oneagent-Js-Injection
X-ATG-Version
X-IPLB-Instance
X-Country-Code-Real
X-FTR-Balancer
X-Frontend
X-RateLimit-Remaining
X-PressLabs-Stats
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Expires
X-Kinsta-Cache
X-Logged-In
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Cache-Hit
Rt-Fastcgi-Cache
X-B3-TraceId-Primal
X-Forwarded-For
X-Amz-Cf-Pop
X-Request-Received
X-Request-Processing-Time
Fastcgi-Cache
X-Middleton-Display
X-Sol
Display
X-Edge-Location
X-Zen-Fury
X-FastCGI-Cache
X-Analytics
Backend-Timing
X-Rid
X-Debug-Info
Powered-By-ChinaCache
X-Amzn-Trace-Id
Server-Name
Host
X-Revision
X-User-Agent
X-Webkit-Csp
TP-L2-Cache
X-FTR-Cache-Host
TP-Cache
FilterID
X-HS-Cache-Config
Ar-Sid
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
X-Akam-SW-Version
X-CF-Powered-By
Response
X-Middleton-Response
X-Cache-Key
X-Grace
AR-Request-ID
X-Fastcgi-Cache
X-NewRelic-App-Data
X-SS-Set-Cookie
X-Drupal-Cache-Tags
X-Mobile
X-Magnolia-Registration
X-TA-CDN-Provider
Refresh
Cache-Status
X-Accel-Expires
X-Cached-By
X-SERVER
X-B3-Sampled
X-Newrelic-App-Data
Host-Header
ServerID
X-AOL-HN
X-NWS-LOG-UUID
X-Node-Name
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
Eomportal-Instance
X-GUploader-UploadID
X-VCache
X-Whom
X-Cluster
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
X-Tumblr-User
X-Platform-Server
X-Via-JSL
X-Cache-Control
X-Cache-2
X-Webkit-CSP
X-Akamai-Edgescape
X-Framework
X-FB-Debug
X-Device-Type
X-BCube-Filmed-By
X-Generated-By
X-Varnish-Hostname
X-Page-Id
X-LB-Cache
X-B-Cache
X-Signature
X-Srv
X-Handled-By
X-Drupal-Cache-Contexts
X-App-Environment
Cleartype
X-Request-Guid
X-Cache-Rule
X-Cache-Action
X-AppVersion
X-Activity-Id
X-Az
X-Ruxit-Js-Agent
Cache-Tag
X-App-Server
X-URL
Alternate-Protocol
DC
Liferay-Portal
Source
X-Cache-Server
X-Content-Powered-By
X-Hostname
Retry-After
X-Ttl
X-WPE-Loopback-Upstream-Addr
MS-CV
X-HS-Combine-CSS
X-Varnish-Grace
X-WA-Info
X-Daa-Tunnel
HostName
X-Geo-Country
X-Varnish-Server
Public-Key-Pins-Report-Only
X-App-Version
Pagespeed
X-CACHE-GROUP
X-Amz-Replication-Status
X-TT
Server-Node
X-Wix-Request-Id
X-Seen-By
ViewerVersion
X-Correlation-Id
X-Esi
Webserver
Accept-Charset
AR-SID
X-Response-Served-From
X-Tumblr-Pixel-2
AsisCache
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
Upgrade-Insecure-Requests
Actual-Object-TTL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-GeoIP
X-RequestSource
X-Cache-NE
GEO-INFO
X-Locale
SRV
X-Varnish-Hits
ServedBy
X-Servedby
X-FW-Static
X-Yottaa-Metrics
X-UUID
X-S
Viewport
Payment
X-Yottaa-Optimizations
X-FW-Type
X-FW-Serve
X-FW-Server
X-Contextid
X-FW-Hash
X-Edge-Cache-Key
X-Edge-Cache
X-Jobs
X-Status
X-TX-ID
X-Varnish-IP
X-Correlation-ID
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-TT-TIMESTAMP
X-Origin-Server
S-Cnection
X-Cache-TTL-Remaining
X-Vg-Webcache
X-XRDS-LOCATION
X-Hyper-Cache
Cache
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-Geo-Segment
Server-Info
X-Forwarded-Host
X-Cache-Age
X-Real-IP
X-Region
Datacenter
Served-By
X-RateLimit-Limit
X-Mode
X-Akamai-Request-ID2
Access-Control-Allow-Method
Healthy
X-DataStream-Cache-Status
X-Content-Type
CACHE
X-Sucuri-ID
X-Akamai-Transformed
X-CLOUD-TRACE-CONTEXT
X-Cache-Var-Map
X-Site-Version
X-Rendered-As
X-Detected-As
X-Cache-Var
X-Ezoic-Cdn
X-Is-Bot
X-RN-RSRV
X-Routing-Service
X-Rule
X-Upgrade-Enabled
From-Origin
Fastcgi-X-Cache
X-Proxy
Fastcgi-X-Cache-Version
X-Zipkin-Id
Meta-Geo
Machine
X-Environment-Context
Country
X-Ocache
X-Cache-Config
Fastcgi-Useragent
X-Proxied
X-Path-Route
X-L-Path
X-CDN-Cache
X-Section
X-Access
X-Agile
X-Viewer-Country
DB-Nickname
X-Format
Now
X-Agile-Age
X-Human
X-Birta-Cache-Post
X-NGENIX-Cache
X-Amz-Meta-Surrogate-Control
X-Agile-Id
X-Birta-Served
X-Hosted-By
X-Request-Time
X-JoinUs
L5d-Success-Class
X-GRACE
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
X-ServerID
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
Property-Id
X-Tb
X-PCL
Cache-Name
X-Pc-Key
OT-Force-Account-Verify
X-Via-Fastly
X-Pc-Hit
S-Rt
TWC-Privacy
X-Labrador-Cache-Channel
X-Cache-Category-Id
Webcakes-Region
X-Grey
X-FC-Vary-Parameters
X-OCL
X-CCM
X-Pc-Appver
X-Origin-Hint
HitInfo
HitType
X-EIG-Tracking-Id
X-Pubstack
X-RemovedCookies
X-Generated
X-ProxyCache-Status
X-ProcessESI
X-Original-Request
X-BYPASS-REASON
X-OVcl
X-IP
X-OVcl-Cache
X-Hit
X-Origin
X-ProxyCache-Key
X-Loop
X-TNCMS
X-Xfnlog-Site
X-Web-Node
X-Upstream-HT
X-VG-TLSProxy
X-Upstream-CT
Origin-Cache-Control
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Origin-Edge-Control
Selected-FE
NGB
X-Www-Served-By
X-Microcachable
Accept-Language
X-Via-CDN
X-Timing-Wait
X-Proxy-Build
Mn-Server-Ip
LB
X-ShardId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Cluster-Node
X-Geo
Xserver
X-TIME
X-Cdn
X-Guploader-Uploadid
X-App-Name
Filters
Ms-Operation-Id
X-TWH-CORRELATION-ID
X-RTag
X-Connection-Hash
X-UA
X-Transaction
X-Rocket-Nginx-Bypass
X-Cache-Remote
X-Twitter-Response-Tags
X-Cache-Enabled
X-NCache
X-UA-Device-Type
Time
X-Internal-Host
X-Pc-Host
X-Tumblr-Pixel-3
X-Unique-ID
X-Pc-Date
IBM-Web2-Location
Access-Control-Request-Headers
X-NodeID
X-SplitTest
X-VWS-Id
X-LJ-Flow-ID
X-Origin-CC
Content-Script-Type
Content-Style-Type
X-AWS-Id
X-Cache-TTL
X-Real-Ip
X-Proto
X-PHP-Backend
X-CACHE-KEY
X-Nginx-Cache
X-APP-VERSION
We-Hiring
Mail-Subject
X-Storage
X-Source
NtCoent-Length
X-MP-GENERATED-AT
Cache-Hits
X-Port
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Cdn-Forward
X-Edge-IP
X-Varnish-Cacheable
X-Akamai-Request-ID
X-Debug-Cache
X-Webstats-RespID
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Distil-CS
X-Ms-Version
Cache-Tags
X-Backend-Name
Backend
X-Csrf-Token
X-Endurance-Cache-Level
X-Ratelimit-Limit
X-Redis-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-B3-Spanid
X-Urbn-Context-Path
Locale
X-Origin-Response-Time
X-Urbn-Site-Id
X-CACHE-AGE
X-Ua
X-Croise-Owner
Warning
User-Agent
X-CDN-Forward
X-EdgeConnect-Cache-Status
X-Varnish-Cache-Hits
X-Varnish-Beresp-Ttl
X-C
X-Dc
X-ApacheServer
X-PERF
X-Fetched-On
X-From
Ha-Gx-Prefs
HA-Georegion
X-External-Request-Id
X-DPWN-IS-SECURE
HA-Geolat
X-ElasticPress-Search
HA-Geolon
X-G
X-Eu-Site
X-F5-Cache
X-Generated-In
X-Rojux
HA-Servedtime
X-Rewrite-Enabled
X-A-Ccd
HA-Urlpath
X-Mrs-Age
X-S-Cookie
HA-Ipaddr
X-ScT
X-Died
HA-Host
X-GeoIP-Country-Code
Mobile-Detection-Method
X-Server-Time
Ajk
Ec-Rule-Version
X-Cache-Host
X-Cache-URL
X-Cdn-Origin
Content-Disposition
X-CF-Lambda-Fn
X-Cache-Bucket
X-BBXSRF
GMS-Ver
X-B-Cookie
X-BB-ID
Fly-Request-Id
Fly-Cache
X-CF-Lambda-Version
X-CGP
X-Debug-Log
X-Debug-Cookies
X-Destination
X-Developer
Resin-Trace
X-Date
Arc-Country
HA-Cloudapp
Cache-Prefix
HA-Geocity
X-D
BehaviorPad-Version
HA-Geocountry
X-Mrs-Cache-Hits
X-Via-Edge
X-Nc
X-VG-WebServer
TSSecure
X-UE-Client-Country
X-Trv-Group
Viewtype
X-SRCache-Key
X-Mrs-Cache
X-Via-SSL
X-Store
VivaBuild
MD5-Digest
UCS
X-PAYTM-SRV-ID
X-Org
Powered-By
X-A-Wwc
X-A-Dgt
X-NX-Host
Cache-Key
V-Age
X-A-Dcw
X-NU-AKA-ACS-Version
Fastly-SSL
X-Region-Sid
X-Server-By
X-Accel-Expires-Debug
X-Cache-Backend
X-IN-WAF
X-Irp-Debug
Server-Host
X-A-Dam
X-A
X-IN-SSL-APIGATEWAY
Meta-Geo-Continent
Rt-Proxy-Cache
X-IN-APIGATEWAY
X-Mshield-Cache-Status
X-Amz-Meta-Cache-Control
X-Application
X-Sn-Servicetimems
Rendered-Blocks
X-We-Are-Hiring
X-Logtrace-Id
X-Aed
Xc-Version
X-NWS-UUID-VERIFY
Version
X-NC
Server-ID
Thinkindot-CacheControl-Type
Www
X-Auto-Login
X-Backend-Host
Thinkindot-Control
Thinkindot-CacheControl
X-ABtesting
X-Reboot
X-SIPLIST1
X-Thinkindot-L3
X-Trace-Id
X-UnsetCookies
X-ServiceProvider
X-S-Maxage
X-Release
X-Request-Start
X-Request-URI
X-User
X-V
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Var-Ttl
X-Via-NSCOPI
X-VServer
RNT-Time
X-Qloud-Router
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Flog
X-FW-Version
X-Developers
X-Core-Value
X-Backend-Url
X-Cache-Id
X-Clientip
X-GeoIP-City
X-Hash
X-Matched-Rule
X-MServer
X-No-Session
X-Platform
X-Location
X-Layer
X-Hello
X-Hl-Ver
X-Key
X-Backend-State
RNT-Machine
Fastly-Soc-X-Request-Id
PageSpeed
Decoy-Debug-TTL
Decoy-Debug-Status
FSS-Cache
FSS-Proxy
IsBot
Heartbleed
GW-Server
Decoy-Debug-Key
Countrycode
X-Powered-By-ANYU
WZWS-RAY
User-Cache-Control
Section-Io-Cache
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Memcached
Frame-Options
X-Oss-Hash-Crc64ecma
Release
X-Oss-Object-Type
Origin
Pramga
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Sucuri-Cache
Pagetype
X-Node-Id
X-Nginx-Cache-Key
X-MI-In-Market
X-Gen-Mode
X-P-T
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Passed-To-BeforeDispatch
X-Gannett-Site-Version
X-Passed-To
X-LI-UUID
X-Hnp-Log
X-LI-Proto
X-Li-Pop
Uber-Trace-Id
X-Cache-FS-Status
X-Info
Platform
Country-Code
X-Instance-Name
X-Variation
Is-Eu
X-Li-Fabric
X-Policy
X-Parent-Response-Time
X-Stale
X-Sf
X-WebServer
X-Served-From
X-Server-IP
X-VCT
X-SVT-ORM-RULES
X-Thanos
X-TT-LOGID
X-Varnish-Action
X-Swa-Ws
X-SVT-ORM-VERSION
X-Sentry-ID
X-Secret
X-Dynatrace-Js-Agent
X-RCS-CacheZone
X-Up
X-Phone
Adler-Geo
X-Response-By
X-Returned-From
X-Fastly-Cache
X-Worker
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
Backend-Name
X-Request-UUID
X-Cache-Expires
Esi-Enabled
X-Cache-Debug
Fastly-Backend-Name
X-Block-Status
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Device-Os
Cache-Cookie-Set-From
X-CUA
X-Crawler
X-Bip
X-Actual-URL
Pragrma
True-Client-Country-4JS
SN
Server-Int
On-Server
Odigeo-Trace-Id
Magicmarker
MI-Cache
MI-Cache-Age
Web-Mar-Node
X-Distributor
Kp-EeAlive
X-Datadome
X-DC
REQUESTUUID
X-Newrelic-Synthetics
CDCHOST
X-Core-Mission
X-MSEdge-Flight
X-Refresh
Request-EU
X-Fstrz
MI-API
Proxy-Connection
Request-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-MSEdge-Features
X-Cache-CFC
Group
V-Cache
X-Unique-Id-Primal
X-Page-Type
X-HOST
RequestId
X-Owner
HTTPS
Who
X-NODE
Cteonnt-Length
X-Time
X-Pjax-Url
X-Req
MIME-Version
X-Servername
Fusion-Source
X-Be
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Kong-Upstream-Latency
Fusion-Content-Source
X-Kong-Proxy-Latency
X-SN
X-Backend-TTL
X-Cache-Srv
X-GZip
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
NodeID
Memory
X-Ms-Lease-State
X-Origin-TTL
Cdn-Request-Time
Cdn-Host
X-Edge-Server
Cdn
X-Servedbyhost
ProcessTime
X-Server-Group
Mime-Version
X-Content-Age
SD-X-WS
SS
CF-IPCountry
X-Protected-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Aicache-OS
X-Wa
X-BB-IP
X-ND-Cache
X-Ckpd-Fst-Backend
X-COUNTRY
A
CDN
X-Origin-Host
GeoIP-Country-Code
XServer
X-Origin-Expires
X-Origin-Date
X-SRV
GeoIP-Latitude
X-Varnish-Beresp-TTL
PageType
Is-Session-Tracking
X-StackifyID
Get-Access-Time
Geoip-Latitude
X-APP
X-B3-Traceid
GeoIp-Country-Code
X-Pf-Uncompressing
Processtime
X-Varnish-Url
X-Fastly-Country-Code
Serverid
X-Cache-Info
Node
X-PHP-Host
PICS-Label
X-Unique-Id
Cache-Tv-Group
X-Load-Cache
Vix-Hermes-Req-Id
X-WA
X-Gdpr
X-Proxy-Upstream
X-Requestid
X-Proxy-Cache-Status
X-CSRF-Token
X-Ratelimit-Remaining
X-Fastly-Cache-Hits
DataCenter
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generation-Time
X-Nananana
Nel
X-FireWall-Port
X-BACKEND-TTL
Cf-Ipcountry
X-ID
X-RequestId
X-SERVER-NAME
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Cache-Provider
X-Planisys-CDN-Cache
X-ServedByHost
X-Check-Cacheable
X-NGINX-Cache
WP-Super-Cache
URI
X-EC-Security-Audit
X-HS-Status
Request-Time
X-Server-W
X-UPSTREAM-Address
X-CS
X-FORWARDED-FOR
Hostname
X-Micro-Cache
X-Fastly-Backend-Reqs
Host-ID
X-GZIP
PFcat
X-GEO
X-Front
X-WR-MODIFICATION
X-Debug-Cache-Fetch
X-Surge-Debug
NGX
X-Debug-Cache-Expiry
X-Debug-Cache-Store
T-Server
X-FB-TRIP-ID
X-B3-SpanId
X-GDPR
X-HTML-Minification-Powered-By
X-VarnPar1
X-DataStream-Origin-MEX-Latency
ServerName
X-DataStream-MidMile-RTT
X-PARISIEN-Cache-Rendered
X-VG-WebCache
X-BE
X-HTML-Edge-Cache
X-Svr
X-VarnCache
X-Fe
X-Swift-Error
X-Atg-Version
X-Level-Front-Cache
X-Qnm-Cache
X-PF-Uncompressing
X-Instart-Info
X-M-Reqid
X-M-Log
Lfy
Ohc-File-Size
Ohc-Response-Time
X-IPS-LoggedIn
RequestUuid
Requestid
X-ServerName
X-PJAX-URL
X-Generated-On
Https
X-Cdn-Srv
X-Vcache
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-VarnPar2
Pics-Label
WebServer
X-PAGE-TYPE
X-Distil-Cs
X-VC
X-Alicdn-Da-Ups-Status
X-SB
X-Cache-Ttl
N-Cache
X-RAMCache
X-From-Cache
Load-Balancing
X-Serial
X-Grace-Duration
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-ARC
Build-Number
X-Gen-Id
X-Dw-Trace-Id
SID
Cdn-Src-Port
X-Skip-Cache