Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
X-Powered-By
Last-Modified
Accept-Ranges
X-Content-Type-Options
Strict-Transport-Security
X-XSS-Protection
ETag
Link
Expect-CT
CF-RAY
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
P3P
X-UA-Compatible
X-Cache-Hits
CF-Ray
X-Varnish
X-Served-By
X-Request-Id
X-Amz-Cf-Id
Referrer-Policy
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
X-AspNetMvc-Version
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Check
Status
Timing-Allow-Origin
X-Cache-Status
X-Iinfo
X-Via
X-Template
X-Language
X-CDN
X-Turbo-Charged-By
Content-Encoding
X-Content-Security-Policy
X-DNS-Prefetch-Control
X-Buckets
X-Permitted-Cross-Domain-Policies
Keep-Alive
X-Type
X-Nginx-Cache-Status
X-AH-Environment
X-Server-Powered-By
EagleId
X-Backend
X-Cache-Group
X-Pingback
X-Pass-Why
WPE-Backend
X-Server
Access-Control-Max-Age
X-Swift-CacheTime
X-Age
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Xkey
Grace
X-Varnish-Cache
X-Cache-Lookup
Access-Control-Expose-Headers
Upgrade
Cf-Railgun
X-UA-Device
X-Hacker
X-Page-Speed
X-LiteSpeed-Cache
X-Drupal-Dynamic-Cache
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
X-Server-Id
Content-Location
X-CST
X-Envoy-Upstream-Service-Time
X-Node
Request-Context
X-Device
X-Ac
X-Host
X-Cnection
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Dns-Prefetch-Control
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
Request-Id
X-HeyJason
X-Readtime
Allow
X-Px
X-Instart-Request-ID
X-Cloud-Trace-Context
EagleEye-TraceId
X-Response-Time
Pinterest-Generated-By
Edge-Control
X-Application-Context
X-Clacks-Overhead
X-TTL
Server-Timing
X-Rq
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Url
X-Server-Name
Charset
SPRequestGuid
X-NWS-LOG-UUID
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-SharePointHealthScore
AR-SID
AR-ATIME
AR-PoweredBy
AR-CACHE
Rating
X-Cached
Report-To
X-Country-Code
X-DataDome
X-Varnish-TTL
X-Powered-CMS
Public-Key-Pins
X-Powered-By-Plesk
X-Mod-Pagespeed
SPRequestDuration
SPIisLatency
X-N
MS-Author-Via
X-TtlSet
X-Vname
X-PC
X-Recruiting
Content-MD5
X-Version
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-VARITI-CCR
X-GoogleNews-Bot
X-Geo-Segment
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Ser
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-Dw-Request-Base-Id
X-T
Cartoon
X-FTR-Request-ID
Nginx-Cache
X-F-Cache
X-XRDS-Location
Arr-Disable-Session-Affinity
X-Trace
Pinterest-Version
X-Esi
X-Pinterest-Rid
X-Upstream-Env
X-Daa-Tunnel
Feature-Policy
X-D2id
NEL
RTSS
X-Amz-Rid
X-Via-JSL
X-Cdn
X-Vhost
X-GitHub-Request-Id
X-Abt-Application-Version
X-IPLB-Instance
X-Dynatrace
X-Client-IP
X-Forwarded-Proto
X-Vcap-Request-Id
X-Origin-Cache
Realpath
X-B
X-Hits
X-FastCGI-Cache
X-Cache-Key
X-Goog-Hash
X-TEC-API-ORIGIN
X-Navigation-Version
X-TEC-API-ROOT
Fastcgi-Cache
X-Zen-Fury
X-Kinsta-Cache
X-TEC-API-VERSION
X-Grace
X-Upstream
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Dispatcher
X-Id
TCN
X-DIS-Request-ID
Verso
Liferay-Portal
X-Varnish-Age
Alternate-Protocol
Paypal-Debug-Id
X-Content-Digest
Front-End-Https
X-Content-Options
X-Logged-In
X-Nf-Srv-Version
X-NF-Request-ID
X-Newrelic-App-Data
X-Whom
Access-Control-Request-Method
X-User-Agent
X-Fastly-Request-ID
X-Feature
X-Pad
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Sol
X-Mrf-Item-Lastmod
MRF-Tech
Tracecode
X-Correlation-ID
PB-RID
PB-PID
X-SS-Set-Cookie
S
X-Oracle-Dms-Ecid
Server-Name
X-Oracle-Dms-Rid
X-Debug
Cache-Status
Rt-Fastcgi-Cache
Edge-Cache-Tag
X-HS-Content-Id
X-HS-Cache-Config
X-Webkit-Csp
X-Hyper-Cache
X-Frontend
X-PressLabs-Stats
Eomportal-Instance
Host
X-B3-Traceid
X-UUID
X-Hostname
Service-Worker-Allowed
X-Cache-Rule
Response
X-Middleton-Display
Powered-By-ChinaCache
X-Middleton-Response
Cache
Dynatrace
Pagespeed
Display
X-MSEdge-Ref
X-RateLimit-Remaining
X-Goog-Storage-Class
Server-Info
S-Cnection
HitInfo
HitType
X-Goog-Stored-Content-Length
X-Mobile-Rewrite
X-Goog-Metageneration
X-AOL-HN
X-Goog-Generation
X-Goog-Stored-Content-Encoding
FilterID
X-Content-Security-Policy-Report-Only
X-APP-VERSION
X-Cache-Bucket
X-CF-Powered-By
Fastly-Restarts
TP-Cache
Public-Key-Pins-Report-Only
TP-L2-Cache
X-Contextid
X-Cache-Hit
X-Magnolia-Registration
X-Revision
X-Sucuri-ID
X-Instance
X-Wix-Server-Artifact-Id
X-FTR-Balancer
X-Varnish-Server
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Country-Code-Real
X-Rid
X-VCache
Refresh
X-FTR-Cache-Status
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-FTR-Realm
X-Proxied
X-Mobile
ServerID
Source
X-Amzn-Trace-Id
X-Cache-Action
X-TA-CDN-Provider
X-URL
Backend-Timing
X-AppVersion
X-Az
X-Analytics
X-Activity-Id
X-ServedBy
X-PHP-Backend
X-TT-TIMESTAMP
X-Geo-Country
X-Cache-2
Served-By
X-Origin
X-Framework
Country
X-GUploader-UploadID
X-Real-IP
Actual-Object-TTL
X-Debug-Info
X-Device-Type
X-Cf-Powered-By
X-Content-Powered-By
X-ESI
Surrogate-Key
X-Akamai-Edgescape
X-App-Environment
X-ADI-VCache
Retry-After
X-Shield-Cache-Expires
X-WA-Info
X-Cache-Remote
X-HW
X-Ocache
X-TT
X-B-Cache
X-Sucuri-Cache
X-Cache-Config
X-Cache-Operation
X-Tumblr-Pixel
X-FTR-Cache-Host
X-Tumblr-Pixel-0
X-Tumblr-User
X-Varnish-Hostname
X-Signature
X-CDN-Forward
X-TIME
Arc-Version
Upgrade-Insecure-Requests
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-Hail-Hydra
X-Cache-NE
X-Handled-By
X-FB-Debug
Accept-Charset
X-PC-Hit
X-Request-Guid
X-Atg-Version
X-PC-Key
Cleartype
X-PC-AppVer
X-Page-Id
X-WPE-Loopback-Upstream-Addr
Host-Header
X-Cache-Control
MS-CV
Server-Node
X-Accel-Expires
DC
X-BCube-Filmed-By
X-Cache-Server
X-Geo
X-Adobe-Loc
X-GeoIP
X-Cached-By
X-NWS-UUID-VERIFY
X-Adobe-Content
X-Yottaa-Optimizations
X-DynaTrace
Webserver
X-DC
X-Generated-By
X-Yottaa-Metrics
X-Cacheable-TTL
X-RequestSource
X-Accel-Buffering
SRV
X-Akamai-Transformed
X-PC-Date
X-GZip
X-PC-Host
X-Varnish-IP
X-Storage
AsisCache
X-S
ServedBy
X-Amz-Server-Side-Encryption
X-TX-ID
X-Forwarded-For
X-Jobs
X-App-Server
HostName
X-LB-Cache
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-Wix-Request-Id
X-Seen-By
X-Varnish-Hits
X-CACHE-AGE
X-FW-Static
X-Varnish-Cache-Hits
X-FW-Server
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
X-Vg-Webcache
X-Varnish-Grace
X-FW-Type
X-Origin-Server
X-NC
X-Locale
X-Platform-Server
X-Internal-Host
X-Microcachable
X-RTag
X-Region
X-Edge-Cache
Content-Style-Type
Ohc-File-Size
WP-Super-Cache
From-Origin
Filters
Content-Script-Type
X-COUNTRY
X-Amz-Replication-Status
NGB
X-Cluster
X-FORWARDED-FOR
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-CSRF-Token
X-StackifyID
X-Distil-CS
X-EIG-Tracking-Id
X-Cache-TTL-Remaining
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Oss-Storage-Class
Load-Balancing
Cache-Tag
X-CCM
X-Yottaa-Sig
X-Oss-Object-Type
Viewport
X-Oss-Hash-Crc64ecma
X-Drupal-Cache-Tags
X-Oss-Server-Time
X-Oss-Request-Id
X-PERF
Fastly-SSL
X-L-Path
Cache-Hits
Access-Control-Request-Headers
X-BYPASS-REASON
Cache-Name
Cache-Key
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-ProxyCache-Status
Origin-Cache-Control
Mn-Server-Ip
L5d-Success-Class
Origin-Edge-Control
X-Optimization
ServerName
X-Proto
GEO-INFO
X-Xfnlog-Site
X-UA
X-Akamai-Request-ID
X-Akam-SW-Version
X-Agile-Id
X-Agile
X-Agile-Age
X-Debug-Cache
X-ApacheServer
X-Cache-HT
X-Cache-Enabled
X-Time-Microsecs
X-B3-Spanid
X-BB-IP
Cteonnt-Length
X-Viewer-Country
Time
DynaTrace
X-Mode
X-Skip-Cache
X-Port
X-Distributor
X-Cache-Category-Id
X-Environment-Context
X-Web-Node
X-Srv
X-Grey
Healthy
Now
X-Hit
COMMERCE-SERVER-SOFTWARE
X-UA-Device-Type
X-Upstream-CT
X-Upstream-HT
X-JoinUs
X-Source
X-Croise-Owner
X-ServerID
X-Edge-Location
X-Drupal-Cache-Contexts
X-VWS-Id
X-Endurance-Cache-Level
X-Ezoic-Cdn
X-Www-Served-By
X-Zipkin-Id
X-Generation-Time
X-Format
X-Detected-As
X-Webstats-RespID
X-Vgn-Hpd-Reason
X-Tumblr-Pixel-3
X-CCM-LastModified
X-Cache-Var-Map
X-Cache-Var
X-Surge-Debug
X-CDN-Cache
X-Cluster-Node
X-Human
X-Upgrade-Enabled
X-TWH-CORRELATION-ID
X-DataStream-Cache-Status
X-Via-Fastly
X-IP
X-RemovedCookies
X-Origin-CC
X-Render-Type
X-Rendered-As
X-NU-AKA-ACS-Version
X-OCL
X-Pubstack
X-Origin-Hint
X-OVcl-Cache
X-Path-Route
X-OVcl
X-ProcessESI
X-Original-Request
X-NodeID
X-Node-Name
X-Site-Version
X-LJ-Flow-ID
X-SplitTest
X-Is-Bot
X-PCL
X-Meta-Tbi-Cache-Vertical
X-MP-GENERATED-AT
X-NCache
X-Request-Time
X-RN-RSRV
X-Routing-Service
X-Section
X-Instance-Name
Azure-Version
NODE
Pagetype
X-Cache-TTL
Cneonction
MIME-Version
X-ByteArk-Cache
Property-Id
TWC-Device-Class
TWC-Connection-Speed
S-Rt
RequestId
Meta-Geo
Machine
Azure-InstanceId
DB-Nickname
Azure-RegionName
Azure-SiteName
Fastcgi-Useragent
Access-Control-Allow-Method
LB
Selected-FE
X-Proxy-Build
X-Timing-Wait
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Access
X-Amz-Meta-Surrogate-Control
X-SRV
Webcakes-Region
Webcakes-App-Version
X-App-Name
X-AWS-Id
X-Birta-Served
X-Birta-Cache-Post
X-Be
X-B3-Sampled
Azure-SlotName
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
User-Agent
User-Cache-Control
X-Ratelimit-Limit
Datacenter
X-NewRelic-App-Data
X-TNCMS
X-Varnish-Cacheable
X-WR-MODIFICATION
X-Varnish-Beresp-Ttl
X-Unique-ID
X-Proxy
X-Loop
X-NGENIX-Cache
X-Hosted-By
X-Generated
X-Backend-Name
IBM-Web2-Location
X-FC-Vary-Parameters
Backend
Countrycode
X-ARC
X-Application
X-A-Wwc
X-B-Cookie
X-Cache-Expires
X-WebServer
X-Cache-Id
X-Cache-Host
X-A-Dgt
X-A-Dcw
Resin-Trace
Request-Time
Proxy-Connection
Kp-EeAlive
T-Server
V-Age
X-A-Dam
X-A-Ccd
X-A
Warning
X-Var-Ttl
X-Cache-Time
X-NX-Host
X-S-Cookie
X-Logtrace-Id
X-Generated-In
X-Request-URI
X-DPWN-IS-SECURE
X-Page-Type
X-G
X-From
X-Dispatcher-Server
X-SRCache-Key
Is-Session-Tracking
X-Debug-Log
X-Debug-Cookies
X-CS
X-Destination
X-Status
X-Died
X-Device-Os
X-Developer
X-Fstrz
X-D
X-Ua
Brightspot-Id
Cache-Prefix
Ajk
X-Cache-Age
NnCoection
Magicmarker
X-RateLimit-Limit
X-Newrelic-Synthetics
WZWS-RAY
Get-Access-Time
Fly-Request-Id
X-Nginx-Cache
Fly-Cache
FSS-Cache
X-ATG-Version
UCS
FSS-Proxy
X-ElasticPress-Search
X-C
CDN
X-Flog
X-FireWall-Port
X-Fastly-Cache
X-F5-Cache
X-Forwarded-Host
X-Gannett-Site-Version
X-From-Cache
X-Frame-Option
Thinkindot-CacheControl
X-Eu-Site
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Thinkindot-CacheControl-Type
X-Developers
X-Edge-IP
X-Epic-Correlation-Id
X-Env
X-Gen-Mode
X-GeoIP-Country-Code
X-Location
X-Layer
X-Kong-Upstream-Latency
Sid
X-Matched-Rule
X-MSEdge-Features
X-MI-In-Market
X-Mem
X-Kong-Proxy-Latency
X-Key
X-Haproxy-Hostname
X-GoCache-CacheStatus
Thinkindot-Control
X-Haproxy-Ip
Sta2Tusw
X-Irp-Debug
X-Hnp-Log
X-GeoIP-City
X-Core-Value
X-Backend-Url
X-Backend-TTL
Web-Mar-Region
Web-Mar-Node
X-BB-ID
X-BBXSRF
Viewtype
VivaBuild
X-Backend-State
X-Backend-Host
X-Actual-URL
X-ABtesting
Www
Who
X-Amz-Meta-Cache-Control
X-Amz-Meta-S3cmd-Attrs
X-Amz-Meta-S3b-Last-Modified
X-Block-Status
X-Cache-Backend
X-CGP
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Ckpd-Fst-Backend
X-Connection-Hash
X-Content-Type
X-Content-Age
X-Cdn-Srv
X-CDN-Pop-IP
X-Cache-Debug
X-Cache-CFC
Uber-Trace-Id
X-Cache-FS-Status
X-Cdn-Origin
X-MSEdge-Flight
X-CDN-Pop
Ws
X-Passed-To-PostProcessResponse
X-VG-WebServer
X-Via-CDN
X-Server-IP
X-Varnish-Id
X-Varnish-Beresp-Status
X-Servername
Server-Int
X-Server-Time
X-Server-Group
X-Via-Edge
X-Servedbyhost
X-Served-From
X-Secret
X-Server-By
X-Wikidot-Backend
X-VServer
X-We-Are-Hiring
X-ServiceProvider
X-Varnish-Beresp-Grace
X-SVT-ORM-RULES
X-Trv-Group
X-Stale
X-Transaction
X-SVT-ORM-VERSION
X-TId
X-Thinkindot-L3
X-Tb
X-TT-LOGID
X-Twitter-Response-Tags
X-SIPLIST1
X-V
X-Varnish-Action
X-User
X-Up
X-UnsetCookies
X-Sn-Servicetimems
X-ScT
X-ROOTCache
X-Pf-Uncompressing
X-PAYTM-SRV-ID
X-Worker
X-Phone
X-Planisys-CDN-Cache
X-Powered-By-ANYU
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Trace-Id
X-Passed-To-DLL
X-Owner
X-Origin-TTL
X-No-Session
X-P-T
X-Passed-To
Xc-Version
X-Passed-To-BeforeDispatch
X-Public
X-RateLimit-Limit-Second
X-Returned-From-BeforeDispatch
X-Returned-From
X-Wikidot-Static-Cache
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Rojux
X-Rewrite-Enabled
X-Requestid
X-Request-UUID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Reboot
X-Wix-Route-ID
X-Req
X-Region-Sid
X-ND-Cache
Httpd-Identifier
AKAMAI
Adler-Geo
Accept-Ch
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Via-NSCOPI
X-UE-Client-Country
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
Server-Host
X-Sorting-Hat-ShopId
Arc-Country
Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
Drupal-Pagecache-Memcache
Ec-Rule-Version
Fastcgi-X-Cache
Esi-Enabled
Decoy-Debug-Key
Content-Disposition
Cache-Cookie-Set-From
BehaviorPad-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
CF-IPCountry
CDCHOST
X-Sorting-Hat-FeatureSet
X-Shopify-Stage
Server-ID
Request-EU
Request-Country
X-Alternate-Cache-Key
X-Auto-Login
X-Hash
X-Crawler
NodeID
If-Modified-Since
ProcessTime
X-Front
DataCenter
Xserver
Cache-Provider
Version
X-Hl-Ver
X-IN-APIGATEWAY
X-Release
X-Refresh
X-S-Maxage
X-Sentry-ID
X-ShopId
X-ShardId
X-RCS-CacheZone
X-Origin-Expires
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Info
X-LB-CacheStatus
X-Origin-Date
X-LB-Node
Fastcgi-X-Cache-Version
X-Sorting-Hat-ShopId-Cached
Memory
Memcached
Meta-Geo-Continent
MI-API
MI-Cache-Age
MI-Cache
Max-Age
IsBot
HA-Urlpath
HA-Servedtime
Heartbleed
Host-ID
Is-Eu
HTTPS
REQUESTUUID
NGX
Platform
PICS-Label
Powered-By
Pragrma
Release
Pramga
Payment
Origin
Rendered-Blocks
Odigeo-Trace-Id
Fastly-Backend-Name
Ohc-Response-Time
On-Server
HA-Ipaddr
MD5-Digest
HA-Geocity
HA-Geolat
HA-Geolon
HA-Georegion
HA-Cloudapp
GW-Server
Fastly-SIE
Fastly-Soc-X-Request-Id
Fastly-SWR
Ha-Gx-Prefs
HA-Geocountry
HA-Host
Dnion-Transfer-Encoding
X-Fastly-Backend-Reqs
X-Server-W
X-EdgeConnect-Cache-Status
X-Ver
OT-Force-Account-Verify
GMS-Ver
X-Rocket-Nginx-Serving-Static
X-Varnish-Url
X-HCF
X-Svr
PFcat
CACHE
RATING
XServer
X-Fetched-On
X-Powered-By-Defense
Country-Code
X-Rocket-Nginx-Bypass
X-Thanos
X-Varnish-HitMiss
X-Bug-Bounty
X-Fastly-Cache-Hits
X-EC-Security-Audit
X-Request-Start
X-Zalando-Page-Type
X-Cache-Control-Set-By
X-Micro-Cache
X-Node-Id
X-Bip
X-Redis-Cache
X-Zalando-Child-Request-Id
Lfy
X-Platform
X-Cache-URL
X-Cache-Srv
X-Core-Mission
X-LiteSpeed-Cache-Control
X-Clientip
X-Response-By
Group
X-Guploader-Uploadid
Processtime
V-Cache
X-VarnCache
X-Remote-IP
Geoip-Latitude
X-Fastcgi-Cache
Rt-Proxy-Cache
X-XRDS-LOCATION
Frame-Options
Geoip-City
X-VC
GeoIp-Country-Code
X-Date
X-Correlation-Id
X-VarnPar1
X-Accel-Expires-Debug
X-VarnPar2
X-HTML-Minification-Powered-By
X-SB
X-Load-Cache
N-Cache
NtCoent-Length
X-PARISIEN-Cache-Rendered
X-Nananana
GeoIP-City
GeoIP-Country-Code
GeoIP-Latitude
X-Safe-Firewall
X-PJAX-URL
URI
X-HGenerator
X-Csrf-Token
X-Real-Ip
X-NGINX-Cache
X-Ratelimit-Remaining
X-Ms-Blob-Type
X-M-Log
PageType
X-Proxy-Server
X-Ms-Request-Id
X-Trv-Request-Id
X-Varnish-URL
X-Pjax-Url
X-Ms-Version
X-M-Reqid
X-Ms-Lease-Status
Apicache-Store
X-ProxyCache-Args
X-Servedby
X-Dc
X-Fe
WWW-Authenticate
X-Qnm-Cache
X-Unique-Id
X-Alicdn-Da-Ups-Status
WebServer
X-Check-Cacheable
X-Cache-Ttl
X-VG-WebCache
Apicache-Version