Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Date
Content-Type
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
X-Powered-By
Last-Modified
Accept-Ranges
X-Content-Type-Options
Strict-Transport-Security
X-XSS-Protection
ETag
Link
Expect-CT
Via
X-Cache
Age
CF-RAY
CF-Ray
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
P3P
X-UA-Compatible
X-Cache-Hits
X-Varnish
X-Served-By
X-Request-Id
X-Amz-Cf-Id
Referrer-Policy
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
X-AspNetMvc-Version
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Check
Status
Timing-Allow-Origin
X-Cache-Status
X-DNS-Prefetch-Control
X-Iinfo
X-Via
X-Template
X-Language
X-CDN
X-Turbo-Charged-By
X-Content-Security-Policy
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Buckets
Keep-Alive
X-Nginx-Cache-Status
X-Type
X-Server-Powered-By
X-Backend
X-AH-Environment
EagleId
X-Cache-Group
X-Pingback
X-Server
WPE-Backend
X-Pass-Why
X-Age
Access-Control-Max-Age
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Xkey
Grace
X-Varnish-Cache
X-Cache-Lookup
Access-Control-Expose-Headers
Upgrade
X-Hacker
Cf-Railgun
X-UA-Device
X-Page-Speed
X-LiteSpeed-Cache
X-Drupal-Dynamic-Cache
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
X-Server-Id
X-CST
Content-Location
X-Node
X-Envoy-Upstream-Service-Time
X-Ac
Request-Context
X-Device
X-Host
X-Cnection
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Surrogate-Control
X-Rack-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
Request-Id
X-Readtime
Allow
X-Instart-Request-ID
X-Px
EagleEye-TraceId
X-Response-Time
Edge-Control
Pinterest-Generated-By
X-Application-Context
X-Rq
X-Clacks-Overhead
Server-Timing
X-MS-InvokeApp
X-Url
X-DynaTrace-JS-Agent
X-Cloud-Trace-Context
X-Server-Name
X-TTL
Charset
SPRequestGuid
X-NWS-LOG-UUID
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Cached
AR-CACHE
AR-SID
AR-ATIME
AR-PoweredBy
X-Varnish-TTL
X-DataDome
Report-To
X-Country-Code
X-Powered-CMS
X-Powered-By-Plesk
X-Mod-Pagespeed
Public-Key-Pins
X-TtlSet
X-PC
X-Vname
SPRequestDuration
SPIisLatency
X-N
X-Recruiting
MS-Author-Via
Content-MD5
X-Version
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Geo-Segment
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-VARITI-CCR
X-F-Cache
X-Ser
X-Dw-Request-Base-Id
X-T
Cartoon
X-FTR-Request-ID
X-XRDS-Location
X-Trace
Arr-Disable-Session-Affinity
X-Daa-Tunnel
Nginx-Cache
X-Upstream-Env
Feature-Policy
X-Esi
Pinterest-Version
X-Pinterest-Rid
NEL
X-Via-JSL
X-D2id
X-Amz-Rid
RTSS
X-Cdn
X-GitHub-Request-Id
X-Vhost
X-Forwarded-Proto
X-Abt-Application-Version
X-Dynatrace
X-IPLB-Instance
X-Client-IP
X-Vcap-Request-Id
X-Hits
X-Goog-Hash
X-Kinsta-Cache
X-Origin-Cache
Realpath
X-Grace
X-Cache-Key
X-FastCGI-Cache
X-Zen-Fury
Fastcgi-Cache
X-TEC-API-VERSION
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-B
X-Upstream
X-ORACLE-DMS-ECID
X-DIS-Request-ID
X-ORACLE-DMS-RID
TCN
X-Varnish-Age
X-Id
X-Dispatcher
Verso
Cache
Alternate-Protocol
Liferay-Portal
Paypal-Debug-Id
X-Content-Digest
Front-End-Https
Access-Control-Request-Method
X-Content-Options
X-Nf-Srv-Version
X-Logged-In
X-NF-Request-ID
X-Fastly-Request-ID
X-User-Agent
X-Newrelic-App-Data
X-Feature
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Frontend
S
X-Whom
X-Pad
X-Sol
X-HS-Content-Id
X-Oracle-Dms-Ecid
X-HS-Cache-Config
X-Debug
Edge-Cache-Tag
Tracecode
X-SS-Set-Cookie
X-Oracle-Dms-Rid
PB-PID
PB-RID
Cache-Status
Server-Name
X-UUID
X-Webkit-Csp
X-Hyper-Cache
Powered-By-ChinaCache
Host
X-PressLabs-Stats
X-B3-Traceid
Rt-Fastcgi-Cache
X-Cache-Rule
X-Hostname
Service-Worker-Allowed
Eomportal-Instance
Response
Pagespeed
Display
X-Goog-Stored-Content-Encoding
X-Middleton-Response
X-Goog-Stored-Content-Length
Dynatrace
X-CF-Powered-By
X-Middleton-Display
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-RateLimit-Remaining
HitInfo
HitType
X-Wix-Server-Artifact-Id
S-Cnection
Server-Info
X-AOL-HN
X-MSEdge-Ref
X-Mobile-Rewrite
FilterID
X-Content-Security-Policy-Report-Only
X-Cache-Bucket
X-VCache
X-APP-VERSION
Public-Key-Pins-Report-Only
X-Revision
TP-Cache
X-Magnolia-Registration
X-Contextid
X-Varnish-Server
X-Instance
Fastly-Restarts
TP-L2-Cache
X-Cache-Hit
X-FTR-Cache-Status
X-HS-Combine-CSS
X-FTR-DC
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-FTR-Backend-Server
X-Request-Received
X-FTR-Realm
X-Sucuri-ID
X-Country-Code-Real
X-Request-Processing-Time
X-Rid
X-ServedBy
Source
X-TA-CDN-Provider
X-URL
Refresh
ServerID
X-Proxied
X-Mobile
X-Cache-Action
X-Correlation-ID
X-GUploader-UploadID
X-Activity-Id
Backend-Timing
X-Az
X-AppVersion
X-Analytics
X-Amzn-Trace-Id
X-Framework
Country
X-B-Cache
X-FB-Debug
X-Cache-2
X-Ttl
X-PHP-Backend
X-Signature
X-Real-IP
X-TT-TIMESTAMP
Surrogate-Key
X-Ocache
X-Debug-Info
X-Device-Type
X-Cache-Operation
Actual-Object-TTL
X-WA-Info
Served-By
X-Akamai-Edgescape
X-HW
X-Cf-Powered-By
X-Shield-Cache-Expires
X-ESI
X-CLOUD-TRACE-CONTEXT
X-ADI-VCache
X-Geo-Country
Upgrade-Insecure-Requests
X-Origin
X-TT
X-App-Environment
X-Cache-Remote
X-Content-Powered-By
X-CDN-Forward
X-FTR-Cache-Host
X-Tumblr-Pixel
X-Cache-Config
X-Tumblr-User
X-Tumblr-Pixel-0
X-Varnish-Hostname
Arc-Version
X-Varnish-Backend
AMP-Access-Control-Allow-Source-Origin
Cleartype
X-TIME
Retry-After
X-Accel-Expires
X-Page-Id
X-Handled-By
MS-CV
X-Hail-Hydra
X-PC-AppVer
X-PC-Hit
X-Request-Guid
X-Sucuri-Cache
X-NWS-UUID-VERIFY
X-PC-Key
Server-Node
X-Atg-Version
Webserver
X-Cache-Control
X-Cache-Server
DC
X-BCube-Filmed-By
Host-Header
Accept-Charset
X-Cache-NE
X-Accel-Buffering
X-WPE-Loopback-Upstream-Addr
X-Geo
X-Jobs
X-Yottaa-Metrics
X-Generated-By
X-DynaTrace
X-Cached-By
X-GeoIP
X-Yottaa-Optimizations
SRV
X-TX-ID
X-Wix-Request-Id
X-Adobe-Loc
X-Amz-Server-Side-Encryption
X-App-Server
X-Cacheable-TTL
ServedBy
AsisCache
X-Seen-By
X-RequestSource
X-LB-Cache
X-Storage
X-Adobe-Content
X-PC-Host
X-PC-Date
X-Cluster
X-Origin-Upstream-Status
X-GZip
X-Varnish-Hits
X-Forwarded-For
X-WebKit-CSP-Report-Only
X-Varnish-IP
X-CACHE-AGE
X-Akamai-Transformed
X-Varnish-Cache-Hits
X-Internal-Host
X-Varnish-Grace
X-COUNTRY
X-Cache-TTL-Remaining
X-Drupal-Cache-Tags
X-Vg-Webcache
X-Edge-Cache-Key
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-S
X-FW-Hash
X-Edge-Cache
X-Locale
NGB
Ohc-File-Size
X-Region
From-Origin
X-Platform-Server
Filters
Content-Script-Type
X-RTag
X-NC
X-Microcachable
X-Amz-Replication-Status
X-Origin-Server
WP-Super-Cache
Content-Style-Type
X-FORWARDED-FOR
X-Tumblr-Pixel-2
X-Proto
Load-Balancing
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CCM
Cache-Tag
Cache-Hits
X-Oss-Storage-Class
X-StackifyID
X-Yottaa-Sig
Access-Control-Request-Headers
X-Tumblr-Pixel-1
X-Oss-Hash-Crc64ecma
X-Distil-CS
X-Oss-Server-Time
X-DC
X-CSRF-Token
X-Srv
Viewport
Datacenter
X-Oss-Request-Id
X-EIG-Tracking-Id
X-Oss-Object-Type
X-Agile-Age
X-Agile-Id
Fastly-SSL
Cache-Key
X-PERF
X-ApacheServer
X-JoinUs
X-Akamai-Request-ID
GEO-INFO
X-Distributor
X-Akam-SW-Version
Mn-Server-Ip
Origin-Edge-Control
X-Grey
X-Hit
X-NGENIX-Cache
Time
ServerName
X-BB-IP
X-Debug-Cache
X-Cache-Enabled
L5d-Success-Class
Origin-Cache-Control
X-Agile
X-Cache-Category-Id
X-Generated
Healthy
X-Skip-Cache
X-Web-Node
X-Mode
X-Port
DynaTrace
X-Time-Microsecs
X-Xfnlog-Site
X-B3-Spanid
Cteonnt-Length
X-Upstream-HT
HostName
X-UA
X-Viewer-Country
X-Upstream-CT
X-Optimization
Cneonction
X-Croise-Owner
X-Environment-Context
X-Cache-HT
X-L-Path
X-Labrador-Cache-Channel
X-BYPASS-REASON
Now
X-Source
Access-Control-Allow-Method
Cache-Name
X-UA-Device-Type
X-ProxyCache-Status
COMMERCE-SERVER-SOFTWARE
X-ProxyCache-Key
X-VWS-Id
X-Tumblr-Pixel-3
X-TWH-CORRELATION-ID
X-Routing-Service
X-Hosted-By
X-Webstats-RespID
X-Generation-Time
X-SplitTest
X-Section
X-Format
X-Ezoic-Cdn
X-Edge-Location
X-Cluster-Node
X-DataStream-Cache-Status
X-CDN-Cache
X-Site-Version
X-CCM-LastModified
X-Vgn-Hpd-Reason
X-Via-Fastly
X-Human
X-ServerID
X-Drupal-Cache-Contexts
X-Upgrade-Enabled
X-Detected-As
X-Endurance-Cache-Level
X-IP
X-OCL
X-Origin-CC
X-NU-AKA-ACS-Version
X-Pubstack
X-RemovedCookies
X-Node-Name
X-Origin-Hint
X-ProcessESI
X-OVcl-Cache
X-PCL
X-OVcl
X-TNCMS
X-Original-Request
X-Www-Served-By
X-WR-MODIFICATION
X-Rendered-As
X-LJ-Flow-ID
X-RN-RSRV
X-Is-Bot
X-Path-Route
X-Zipkin-Id
X-Render-Type
X-NCache
X-Cache-Var-Map
X-MP-GENERATED-AT
X-Meta-Tbi-Cache-Vertical
X-Loop
X-Instance-Name
Azure-SlotName
Machine
Meta-Geo
LB
Fastcgi-Useragent
DB-Nickname
MIME-Version
NODE
S-Rt
RequestId
Property-Id
Pagetype
Backend
Azure-Version
X-Ratelimit-Limit
X-ByteArk-Cache
X-SRV
X-Correlation-Id
X-NewRelic-App-Data
X-Cache-TTL
Selected-FE
Azure-SiteName
Azure-RegionName
X-Timing-Wait
X-Proxy-Build
TWC-Connection-Speed
Azure-InstanceId
X-Access
Webcakes-Region
Webcakes-App-Version
X-Birta-Cache-Post
X-Amz-Meta-Surrogate-Control
X-App-Name
X-B3-Sampled
TWC-Device-Class
X-AWS-Id
Webcakes-App-Name
X-Be
TWC-GeoIP-Country
X-Birta-Served
TWC-GeoIP-LatLong
TWC-Privacy
User-Agent
User-Cache-Control
TWC-Locale-Group
X-Cache-Var
X-Request-Time
X-Status
ProcessTime
NnCoection
X-Varnish-Cacheable
X-Proxy
X-NodeID
X-Backend-Name
IBM-Web2-Location
X-Unique-ID
Countrycode
X-FC-Vary-Parameters
X-Surge-Debug
X-Cache-Host
X-Debug-Log
X-Device-Os
X-Developer
X-Destination
X-Debug-Cookies
X-CS
X-A-Wwc
X-A
X-A-Ccd
Warning
V-Age
Server-ID
T-Server
X-A-Dam
X-A-Dcw
X-ARC
X-B-Cookie
X-Application
X-Alternate-Cache-Key
X-A-Dgt
X-Died
X-Cache-Expires
X-S-Cookie
X-Var-Ttl
X-Sorting-Hat-PodId-Cached
X-WebServer
Resin-Trace
X-Sorting-Hat-PodId
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-Sorting-Hat-ShopId-Cached
X-SRCache-Key
X-UE-Client-Country
X-Sorting-Hat-ShopId
X-Sorting-Hat-FeatureSet
X-Shopify-Stage
X-Generated-In
X-Hash
X-G
X-Fstrz
X-From
X-Logtrace-Id
X-NX-Host
X-ShopId
X-ShardId
X-Request-URI
X-Release
X-DPWN-IS-SECURE
X-D
Ajk
Brightspot-Id
Cache-Prefix
X-Ua
X-Cache-Age
X-Nginx-Cache
Version
Magicmarker
WZWS-RAY
X-ATG-Version
Request-Time
Fly-Cache
X-RateLimit-Limit
X-Newrelic-Synthetics
Proxy-Connection
Request-Country
Request-EU
Fly-Request-Id
Kp-EeAlive
Get-Access-Time
Is-Session-Tracking
FSS-Cache
FSS-Proxy
UCS
X-C
X-Varnish-Beresp-Ttl
X-ElasticPress-Search
CDN
X-CDN-Pop-IP
X-Epic-Correlation-Id
X-Cdn-Srv
X-CF-Lambda-Version
X-Env
X-Eu-Site
X-CF-Lambda-Fn
X-F5-Cache
X-Cache-Srv
X-Cache-FS-Status
X-Cache-URL
X-Cdn-Origin
X-CDN-Pop
X-CGP
X-EdgeConnect-Cache-Status
X-Connection-Hash
X-Ckpd-Fst-Backend
X-Content-Age
X-Core-Mission
X-Content-Type
X-Core-Value
X-DataStream-MidMile-RTT
X-EC-Security-Audit
X-Edge-IP
X-Servername
X-Developers
X-DataStream-Origin-MEX-Latency
X-Cache-Debug
X-Backend-State
Viewtype
X-SVT-ORM-VERSION
Uber-Trace-Id
VivaBuild
Web-Mar-Node
Who
Web-Mar-Region
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Host
X-Tb
REQUESTUUID
Server-Int
Sid
Thinkindot-CacheControl
Sta2Tusw
Ws
Www
X-BBXSRF
X-BB-ID
X-Backend-Url
X-Sn-Servicetimems
X-Block-Status
X-SIPLIST1
X-Cache-Backend
X-Backend-TTL
X-Fastly-Cache
X-Actual-URL
X-ABtesting
X-SVT-ORM-RULES
X-Stale
X-Amz-Meta-S3b-Last-Modified
X-Backend-Host
X-Amz-Meta-S3cmd-Attrs
X-ServiceProvider
X-Haproxy-Ip
X-Rewrite-Enabled
X-No-Session
X-ND-Cache
X-Public
X-Secret
X-Powered-By-ANYU
X-Origin-TTL
X-Served-From
X-MSEdge-Flight
X-Matched-Rule
X-Servedbyhost
X-Mem
X-MI-In-Market
X-MSEdge-Features
X-Micro-Cache
X-Owner
X-Rojux
X-ROOTCache
X-Planisys-CDN-Cache
X-Phone
X-Pf-Uncompressing
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
Rendered-Blocks
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-P-T
X-Passed-To
X-ScT
X-Server-By
X-Location
X-GoCache-CacheStatus
X-GeoIP-Country-Code
X-Haproxy-Hostname
X-Server-IP
X-Hnp-Log
X-Returned-From
X-GeoIP-City
X-Gen-Mode
X-Flog
X-Server-Time
X-Forwarded-Host
X-Frame-Option
X-Gannett-Site-Version
X-From-Cache
X-Response-By
X-Requestid
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Rebelmouse-Cache-Control
X-Kong-Upstream-Latency
X-Server-Group
X-Layer
X-Kong-Proxy-Latency
X-Key
X-Returned-From-DLL
X-Request-UUID
X-Req
X-Region-Sid
X-Irp-Debug
X-Returned-From-PostProcessResponse
X-Fetched-On
Arc-Country
X-Varnish-Action
X-Varnish-Beresp-Grace
X-V
X-User
Accept-Ch
X-Via-NSCOPI
X-Sentry-ID
X-S-Maxage
X-Origin-Expires
X-Origin-Date
X-Page-Type
X-Varnish-Beresp-Status
X-Refresh
X-RCS-CacheZone
X-Up
AKAMAI
Release
Backend-Name
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
CDCHOST
Cache-Cookie-Set-Lfrom
X-Returned-From-BeforeDispatch
Apple-News-Services-Request-Url
X-Twitter-Response-Tags
X-UnsetCookies
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-LB-Node
X-LB-CacheStatus
Cache-Provider
X-We-Are-Hiring
Country-Code
If-Modified-Since
X-VServer
NodeID
X-Wikidot-Backend
X-Wikidot-Static-Cache
Xc-Version
X-Front
X-Worker
X-Wix-Route-ID
Xserver
X-Via-Edge
X-Auto-Login
X-Hl-Ver
X-Varnish-Id
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Info
X-IN-WAF
X-Ver
X-VG-WebServer
X-Cache-Time
X-Cache-Id
X-Via-CDN
X-Crawler
X-Dispatcher-Server
CF-IPCountry
BehaviorPad-Version
Memcached
MD5-Digest
Memory
Meta-Geo-Continent
MI-Cache
MI-API
Max-Age
Content-Disposition
Host-ID
Heartbleed
Httpd-Identifier
HTTPS
X-Trace-Id
MI-Cache-Age
NGX
PICS-Label
PFcat
Powered-By
Pragrma
Pramga
Payment
OT-Force-Account-Verify
Odigeo-Trace-Id
X-Thinkindot-L3
Ohc-Response-Time
On-Server
Origin
HA-Urlpath
IsBot
Fastly-SWR
Fastly-Soc-X-Request-Id
Decoy-Debug-Status
X-TT-LOGID
Decoy-Debug-TTL
Fastly-SIE
Fastly-Backend-Name
Ec-Rule-Version
Drupal-Pagecache-Memcache
Esi-Enabled
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Transaction
X-Trv-Group
Ha-Gx-Prefs
HA-Georegion
HA-Host
HA-Ipaddr
HA-Servedtime
GW-Server
HA-Geolon
HA-Cloudapp
Decoy-Debug-Key
HA-Geocity
HA-Geocountry
HA-Geolat
X-Dc
Dnion-Transfer-Encoding
Frame-Options
X-Powered-By-Defense
X-Fastly-Cache-Hits
X-Bug-Bounty
GMS-Ver
X-Server-W
X-Varnish-HitMiss
X-TId
X-Svr
X-Thanos
X-Rocket-Nginx-Serving-Static
X-Zalando-Child-Request-Id
X-Rocket-Nginx-Bypass
X-Zalando-Page-Type
Lfy
X-Bip
X-Amz-Meta-Cache-Control
X-Cache-CFC
RATING
X-FireWall-Port
X-Clientip
XServer
Platform
X-Request-Start
X-Varnish-Url
Adler-Geo
Is-Eu
X-Fastly-Backend-Reqs
X-HCF
X-Cache-Control-Set-By
X-Node-Id
X-Platform
X-LiteSpeed-Cache-Control
X-RateLimit-Limit-Second
X-Redis-Cache
X-RateLimit-Remaining-Second
Group
X-Guploader-Uploadid
V-Cache
X-VC
X-HGenerator
X-Load-Cache
Geoip-City
X-VarnPar1
X-VarnPar2
X-Date
X-Remote-IP
X-XRDS-LOCATION
X-Fastcgi-Cache
DataCenter
Hostname
X-Accel-Expires-Debug
Geoip-Latitude
X-HTML-Minification-Powered-By
GeoIP-City
Rt-Proxy-Cache
NtCoent-Length
URI
X-SB
X-PARISIEN-Cache-Rendered
X-VarnCache
N-Cache
GeoIP-Latitude
X-PJAX-URL
X-Nananana
GeoIp-Country-Code
GeoIP-Country-Code
X-Safe-Firewall
X-Ratelimit-Remaining
X-Real-Ip
X-Varnish-Beresp-TTL
Processtime
X-Proxy-Server
X-Ms-Blob-Type
X-Csrf-Token
X-Varnish-URL
X-Ms-Lease-Status
X-Ms-Request-Id
X-Pjax-Url
X-Trv-Request-Id
X-Ms-Version
X-NGINX-Cache
X-Servedby
X-Alicdn-Da-Ups-Status
WWW-Authenticate
X-Check-Cacheable
X-M-Log
X-Qnm-Cache
X-M-Reqid
Apicache-Version
Apicache-Store
X-Cache-Ttl
WebServer
X-Fe
X-ProxyCache-Args
X-VG-WebCache
X-Unique-Id
PageType