Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
Timing-Allow-Origin
X-Language
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
WPE-Backend
Keep-Alive
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
CF-Ray
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Server
X-Kinja-Server-Push
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-Response-Time
X-Host
Surrogate-Control
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Rq
X-Cnection
X-Node
X-Server-Id
X-Backend-Server
Server-Timing
X-Readtime
Report-To
X-Rack-Cache
Request-Id
EagleEye-TraceId
X-Application-Context
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Clacks-Overhead
Edge-Control
NEL
Rating
X-Country
X-TTL
X-Server-Name
X-DynaTrace
X-Varnish-TTL
X-MS-InvokeApp
Allow
X-DataDome
X-Px
X-Country-Code
X-Origin-Cache
Pinterest-Generated-By
X-Url
X-Vhost
X-Vname
X-PC
X-TtlSet
X-Cached
X-FTR-Request-ID
X-Ruxit-JS-Agent
X-ESI
RTSS
SPRequestGuid
X-Trace
X-Goog-Hash
X-VARITI-CCR
Charset
X-SharePointHealthScore
X-Powered-By-Plesk
Accept-CH
X-DynaTrace-JS-Agent
X-GitHub-Request-Id
X-T
X-Dispatcher
X-Powered-CMS
X-D2id
Public-Key-Pins
X-Mod-Pagespeed
X-B3-TraceId
X-Server-ID
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-F-Cache
Verso
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
Content-MD5
X-Oracle-Dms-Rid
X-Version
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
MS-Author-Via
X-Recruiting
X-Abt-Application-Version
X-Dns-Prefetch-Control
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Nginx-Cache
X-Forwarded-Proto
X-Client-IP
Accept-CH-Lifetime
X-HW
X-ORACLE-DMS-RID
X-N
X-DIS-Request-ID
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
AR-CACHE
AR-ATIME
AR-PoweredBy
X-B
X-Amz-Rid
X-Origin-Upstream-Status
DynaTrace
X-Fastly-Request-ID
X-Upstream
X-Ser
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Meta-S3cmd-Attrs
X-Hits
Realpath
TCN
Fastly-Restarts
X-XRDS-Location
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Paypal-Debug-Id
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
S
Tracecode
Access-Control-Request-Method
X-Id
X-Content-Digest
X-Use-Magma
X-Debug
X-Varnish-Age
Edge-Cache-Tag
X-Vcap-Request-Id
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
Front-End-Https
X-Mrf-Section-Lastmod
X-MSEdge-Ref
X-Oneagent-Js-Injection
X-ATG-Version
X-Frontend
X-IPLB-Instance
X-RateLimit-Remaining
X-PressLabs-Stats
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
X-Kinsta-Cache
X-Logged-In
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-Cache-Hit
X-Forwarded-For
Rt-Fastcgi-Cache
X-B3-TraceId-Primal
X-Amz-Cf-Pop
Fastcgi-Cache
X-Request-Received
X-Request-Processing-Time
X-Middleton-Display
Display
X-Sol
X-Webkit-CSP
X-Edge-Location
X-Zen-Fury
X-FastCGI-Cache
X-Analytics
Backend-Timing
Server-Name
Powered-By-ChinaCache
X-Rid
X-Amzn-Trace-Id
X-Debug-Info
X-User-Agent
X-Webkit-Csp
Host
X-Revision
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-FTR-Cache-Host
Ar-Sid
X-Litespeed-Cache
AMP-Access-Control-Allow-Source-Origin
FilterID
X-Akam-SW-Version
X-CF-Powered-By
X-Middleton-Response
Response
X-Grace
X-Newrelic-App-Data
X-Cache-Key
AR-Request-ID
X-Fastcgi-Cache
X-Drupal-Cache-Tags
X-SS-Set-Cookie
X-Magnolia-Registration
X-Mobile
X-TA-CDN-Provider
X-URL
Refresh
Cache-Status
X-Cached-By
X-Accel-Expires
X-SERVER
X-B3-Sampled
Host-Header
X-NewRelic-App-Data
X-AOL-HN
X-Varnish-Backend
X-GUploader-UploadID
ServerID
X-Node-Name
X-VCache
X-NWS-LOG-UUID
X-Content-Security-Policy-Report-Only
X-Whom
X-Instance
X-Tumblr-Pixel-0
X-FB-Debug
X-Cluster
Eomportal-Instance
X-Tumblr-User
X-Tumblr-Pixel
X-Cache-2
X-B-Cache
X-Platform-Server
X-Signature
X-Cache-Control
X-Akamai-Edgescape
X-Varnish-Hostname
X-Device-Type
X-Generated-By
X-Via-JSL
X-Framework
X-BCube-Filmed-By
X-Page-Id
X-Handled-By
X-Drupal-Cache-Contexts
X-App-Environment
X-LB-Cache
X-Request-Guid
X-Srv
Cleartype
X-Cache-Rule
X-AppVersion
X-Cache-Action
X-Az
X-Activity-Id
X-Ruxit-Js-Agent
X-App-Server
Cache-Tag
Alternate-Protocol
Liferay-Portal
DC
X-Cache-Server
Source
X-Content-Powered-By
Retry-After
X-Hostname
X-App-Version
X-HS-Combine-CSS
X-Ttl
X-WPE-Loopback-Upstream-Addr
MS-CV
X-Varnish-Grace
X-WA-Info
HostName
X-Geo-Country
X-Varnish-Server
Public-Key-Pins-Report-Only
Pagespeed
X-Daa-Tunnel
X-Amz-Replication-Status
X-Seen-By
Server-Node
X-TT
X-Wix-Request-Id
ViewerVersion
X-Correlation-Id
Webserver
X-Esi
Accept-Charset
AR-SID
X-Cache-NE
X-Response-Served-From
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
AsisCache
Actual-Object-TTL
SRV
X-Amz-Apigw-Id
X-Amzn-RequestId
X-GeoIP
GEO-INFO
X-RequestSource
X-Locale
X-Jobs
X-Varnish-Hits
ServedBy
X-UUID
X-Servedby
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Edge-Cache
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Contextid
X-Edge-Cache-Key
X-S
X-FW-Server
Payment
Viewport
X-TX-ID
X-Varnish-IP
X-Status
X-Correlation-ID
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-TT-TIMESTAMP
X-Origin-Server
S-Cnection
X-Vg-Webcache
X-Cache-TTL-Remaining
X-XRDS-LOCATION
X-Hyper-Cache
Cache
X-Geo-Segment
X-Cache-Operation
X-Amz-Server-Side-Encryption
X-Forwarded-Host
Server-Info
X-Cache-Age
X-Real-IP
Served-By
X-RateLimit-Limit
X-Region
Datacenter
X-Akamai-Request-ID2
Access-Control-Allow-Method
X-Mode
X-DataStream-Cache-Status
Healthy
X-Sucuri-ID
X-Content-Type
CACHE
X-CLOUD-TRACE-CONTEXT
X-Akamai-Transformed
X-Rendered-As
X-Cache-Config
X-Zipkin-Id
X-Generated
X-L-Path
X-JoinUs
X-Is-Bot
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
Country
X-Environment-Context
X-Proxied
Machine
Meta-Geo
From-Origin
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-Rule
Fastcgi-Useragent
X-Path-Route
X-Routing-Service
X-Site-Version
X-Ocache
X-Upgrade-Enabled
X-Proxy
X-RN-RSRV
X-Ezoic-Cdn
X-Amz-Meta-Surrogate-Control
X-Agile-Id
DB-Nickname
X-CDN-Cache
X-Birta-Served
X-Format
X-Agile-Age
Now
X-Agile
X-Birta-Cache-Post
L5d-Success-Class
X-Access
X-Hosted-By
X-GRACE
X-Human
X-Viewer-Country
X-Request-Time
X-NGENIX-Cache
X-Section
X-OCL
TWC-Privacy
Webcakes-Region
X-Pc-Hit
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
X-Tb
X-Origin-Hint
Cache-Name
X-Pc-Appver
OT-Force-Account-Verify
Property-Id
X-Labrador-Cache-Channel
TWC-Device-Class
TWC-Connection-Speed
S-Rt
TWC-GeoIP-LatLong
X-TNCMS
X-Via-Fastly
X-Pc-Key
X-Loop
X-PCL
X-ServerID
X-CCM
X-Grey
X-Hit
X-Cache-Category-Id
X-OVcl-Cache
X-VG-TLSProxy
X-ProcessESI
X-Upstream-HT
Origin-Edge-Control
X-OVcl
X-Original-Request
HitInfo
X-Pubstack
X-BYPASS-REASON
X-Web-Node
X-Upstream-CT
X-Xfnlog-Site
X-ProxyCache-Key
X-RemovedCookies
X-IP
X-ProxyCache-Status
X-EIG-Tracking-Id
Origin-Cache-Control
X-Origin
X-FC-Vary-Parameters
HitType
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
NGB
Accept-Language
X-Microcachable
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Mn-Server-Ip
X-Www-Served-By
LB
X-Via-CDN
X-Cluster-Node
X-Geo
Xserver
Filters
X-Cdn
X-App-Name
X-TIME
X-Guploader-Uploadid
X-RTag
X-TWH-CORRELATION-ID
Ms-Operation-Id
X-Timing-Wait
X-Proxy-Build
Selected-FE
X-Connection-Hash
X-UA
X-Transaction
X-Twitter-Response-Tags
X-Cache-Remote
X-Rocket-Nginx-Bypass
X-Cache-Enabled
X-Internal-Host
X-NCache
X-UA-Device-Type
Time
X-Pc-Date
Access-Control-Request-Headers
X-Tumblr-Pixel-3
IBM-Web2-Location
X-Unique-ID
X-Pc-Host
X-VWS-Id
Content-Style-Type
X-LJ-Flow-ID
Content-Script-Type
X-Origin-CC
X-Cache-TTL
X-NodeID
X-SplitTest
X-AWS-Id
X-Real-Ip
X-Proto
X-PHP-Backend
X-CACHE-KEY
X-Nginx-Cache
Mail-Subject
We-Hiring
X-Port
X-MP-GENERATED-AT
X-Vgn-Hpd-Reason
Cache-Hits
NtCoent-Length
X-Storage
X-Source
X-Edge-IP
X-Cdn-Forward
X-Time-Microsecs
Backend
X-Webstats-RespID
X-Akamai-Request-ID
X-Ms-Version
X-Ms-Request-Id
X-Distil-CS
X-Ms-Blob-Type
X-Varnish-Cacheable
X-Debug-Cache
X-Ms-Lease-Status
X-Csrf-Token
Cache-Tags
X-Backend-Name
X-Endurance-Cache-Level
X-APP-VERSION
X-Ratelimit-Limit
X-CACHE-GROUP
X-Redis-Cache
X-Varnish-Beresp-Grace
X-B3-Spanid
Locale
X-Urbn-Context-Path
X-Origin-Response-Time
X-Varnish-Beresp-Status
X-CACHE-AGE
X-Urbn-Site-Id
X-Croise-Owner
X-Ua
Warning
X-CDN-Forward
X-EdgeConnect-Cache-Status
User-Agent
X-Varnish-Cache-Hits
X-ApacheServer
X-Varnish-Beresp-Ttl
X-PERF
X-Dc
X-C
HA-Geolat
HA-Host
X-A-Ccd
HA-Geolon
X-A
HA-Georegion
HA-Geocountry
Ha-Gx-Prefs
X-A-Dam
X-A-Wwc
X-Accel-Expires-Debug
Fly-Request-Id
GMS-Ver
HA-Cloudapp
HA-Ipaddr
X-A-Dcw
Xc-Version
HA-Geocity
VivaBuild
Rendered-Blocks
V-Age
Powered-By
UCS
Resin-Trace
Server-Host
Fly-Cache
Rt-Proxy-Cache
Ec-Rule-Version
Content-Disposition
Viewtype
HA-Urlpath
TSSecure
X-Sn-Servicetimems
Cache-Prefix
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
HA-Servedtime
X-D
X-Hash
X-GeoIP-Country-Code
X-UE-Client-Country
X-IN-APIGATEWAY
X-IN-SSL-APIGATEWAY
X-Generated-In
X-G
X-External-Request-Id
X-Eu-Site
X-F5-Cache
X-Fetched-On
X-From
X-IN-WAF
X-Irp-Debug
X-Region-Sid
X-Server-By
X-Rewrite-Enabled
X-Rojux
X-ScT
X-PAYTM-SRV-ID
X-Store
X-Trv-Group
X-Logtrace-Id
X-NU-AKA-ACS-Version
X-NX-Host
X-Org
X-ElasticPress-Search
BehaviorPad-Version
X-Cache-URL
X-Cache-Host
X-Cdn-Origin
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Bucket
X-We-Are-Hiring
X-Application
X-Amz-Meta-Cache-Control
X-B-Cookie
X-BB-ID
X-BBXSRF
X-CGP
X-Via-SSL
X-Destination
X-Debug-Log
X-Developer
X-Died
X-DPWN-IS-SECURE
X-Debug-Cookies
X-Date
X-Via-Edge
X-SRCache-Key
X-S-Cookie
X-VG-WebServer
X-Server-Time
X-Aed
X-A-Dgt
X-Mshield-Cache-Status
Cache-Key
X-Cache-Backend
X-Mrs-Cache-Hits
X-Mrs-Cache
Arc-Country
X-Nc
X-Mrs-Age
Ajk
Fastly-SSL
Version
X-NC
Apple-News-Services-Parsed-Url
X-VServer
X-Core-Value
Decoy-Debug-Status
PageSpeed
X-Wikidot-Static-Cache
X-Via-NSCOPI
X-Developers
X-Epic-Correlation-Id
X-User
X-V
X-Var-Ttl
X-Dispatcher-Server
X-Cache-Id
Country-Code
X-NWS-UUID-VERIFY
Www
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Thinkindot-CacheControl-Type
Thinkindot-Control
X-ABtesting
Fastly-SWR
X-Backend-Url
X-UnsetCookies
X-Backend-State
X-Backend-Host
Fastly-SIE
Thinkindot-CacheControl
X-Flog
X-Release
X-Request-Start
X-Oss-Hash-Crc64ecma
X-Reboot
X-Qloud-Router
X-ServiceProvider
X-Request-URI
X-Response-By
X-S-Maxage
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Platform
X-SIPLIST1
Apple-News-Services-Request-Url
X-Hello
X-GeoIP-City
X-Thinkindot-L3
X-Trace-Id
X-FW-Version
X-Hl-Ver
X-Key
X-MServer
X-No-Session
X-Matched-Rule
X-Location
X-Layer
SN
X-Wikidot-Backend
Memcached
WZWS-RAY
X-Powered-By-ANYU
Heartbleed
User-Cache-Control
Fastly-Soc-X-Request-Id
IsBot
Apple-News-Services-Handled
Pramga
FSS-Proxy
FSS-Cache
AKAMAI
Decoy-Debug-Key
Release
Section-Io-Cache
GW-Server
Decoy-Debug-TTL
RNT-Time
Server-ID
Origin
RNT-Machine
Apple-News-Services-Host
Pagetype
X-Sucuri-Cache
X-Passed-To-BeforeDispatch
X-Passed-To
X-Nginx-Cache-Key
X-DC
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-P-T
X-Fastly-Cache
MI-Cache
MI-Cache-Age
X-VCT
X-Parent-Response-Time
X-Distributor
X-Device-Os
Kp-EeAlive
X-SVT-ORM-VERSION
X-Swa-Ws
X-Hnp-Log
X-LI-UUID
X-SVT-ORM-RULES
X-Stale
X-Li-Pop
X-LI-Proto
X-Instance-Name
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Magicmarker
X-TT-LOGID
Cache-Cookie-Set-From
X-Variation
X-Gannett-Site-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
X-MI-In-Market
X-Gen-Mode
X-Up
On-Server
X-Actual-URL
X-Returned-From-PostProcessResponse
Fastly-Backend-Name
Esi-Enabled
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
Request-Country
Request-EU
X-Returned-From
Is-Eu
Countrycode
Platform
X-Secret
X-Sentry-ID
Server-Int
X-Served-From
True-Client-Country-4JS
X-Server-IP
Uber-Trace-Id
Web-Mar-Node
X-Cache-FS-Status
X-CUA
X-Auto-Login
X-Clientip
X-Request-UUID
Pragrma
Adler-Geo
X-Policy
X-Phone
X-Worker
X-Dynatrace-Js-Agent
Backend-Name
X-Cache-Expires
X-WebServer
Frame-Options
X-Block-Status
X-Sf
X-Core-Mission
Odigeo-Trace-Id
X-Li-Fabric
X-Datadome
X-Node-Id
X-Refresh
X-RCS-CacheZone
X-MSEdge-Flight
X-MSEdge-Features
X-Newrelic-Synthetics
X-Fstrz
Group
X-Cache-Debug
V-Cache
X-Varnish-Action
MI-API
X-Cache-CFC
X-Bip
X-Info
REQUESTUUID
X-Unique-Id-Primal
Proxy-Connection
CDCHOST
X-Crawler
X-Thanos
X-Page-Type
RequestId
X-NODE
Cteonnt-Length
Who
X-Owner
HTTPS
X-HOST
X-Time
MIME-Version
X-Servername
X-Req
Fusion-Source
X-Be
X-Kong-Proxy-Latency
X-SN
Fusion-Content-Id
Fusion-Component-Id
X-Backend-TTL
X-Kong-Upstream-Latency
Fusion-Template-Id
Fusion-Content-Source
X-Pjax-Url
X-GZip
X-Cache-Srv
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
X-Ms-Lease-State
NodeID
Memory
X-Origin-TTL
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Cdn
X-Server-Group
X-Servedbyhost
ProcessTime
Mime-Version
X-Content-Age
CF-IPCountry
X-Protected-By
SD-X-WS
SS
X-Aicache-OS
X-Wa
X-BB-IP
A
X-ND-Cache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-COUNTRY
X-Ckpd-Fst-Backend
CDN
X-Origin-Date
X-Origin-Host
X-Origin-Expires
GeoIP-Country-Code
XServer
X-SRV
GeoIP-Latitude
X-Varnish-Beresp-TTL
PageType
Get-Access-Time
X-StackifyID
Is-Session-Tracking
X-APP
X-Pf-Uncompressing
Geoip-Latitude
GeoIp-Country-Code
X-B3-Traceid
Processtime
Serverid
X-Cache-Info
X-Varnish-Url
X-Fastly-Country-Code
X-PHP-Host
Node
X-Unique-Id
PICS-Label
X-Load-Cache
Cache-Tv-Group
X-Requestid
X-Gdpr
Vix-Hermes-Req-Id
X-WA
X-CSRF-Token
X-Ratelimit-Remaining
X-Fastly-Cache-Hits
X-Proxy-Upstream
X-RateLimit-Limit-Second
DataCenter
X-Proxy-Cache-Status
X-RateLimit-Remaining-Second
X-Generation-Time
X-Nananana
Nel
X-ID
Cf-Ipcountry
X-FireWall-Port
X-BACKEND-TTL
X-Check-Cacheable
X-RequestId
X-Planisys-CDN-TTL
X-ServedByHost
X-Planisys-CDN-Rules
X-SERVER-NAME
X-Planisys-CDN-Cache
Cache-Provider
X-NGINX-Cache
Request-Time
X-HS-Status
URI
WP-Super-Cache
X-Server-W
X-EC-Security-Audit
X-CS
X-UPSTREAM-Address
Hostname
X-FORWARDED-FOR
X-Front
PFcat
Host-ID
X-GZIP
X-Micro-Cache
X-Fastly-Backend-Reqs
X-GEO
X-Surge-Debug
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
T-Server
NGX
X-WR-MODIFICATION
X-FB-TRIP-ID
X-B3-SpanId
X-VarnCache
X-VG-WebCache
X-GDPR
ServerName
X-VarnPar1
X-Svr
X-PARISIEN-Cache-Rendered
X-HTML-Edge-Cache
X-HTML-Minification-Powered-By
X-DataStream-Origin-MEX-Latency
X-BE
X-DataStream-MidMile-RTT
X-Fe
X-Swift-Error
Ohc-File-Size
X-Atg-Version
X-M-Reqid
X-M-Log
X-ServerName
X-PF-Uncompressing
Lfy
Https
Requestid
X-Generated-On
X-Instart-Info
X-Level-Front-Cache
RequestUuid
X-Cdn-Srv
X-PJAX-URL
X-IPS-LoggedIn
Ohc-Response-Time
X-Qnm-Cache
X-Vcache
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
X-VarnPar2
Pics-Label
WebServer
X-SB
X-VC
X-RAMCache
X-Cache-Ttl
X-Alicdn-Da-Ups-Status
X-From-Cache
N-Cache
X-PAGE-TYPE
X-Distil-Cs
Load-Balancing
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Serial
NnCoection
X-Gen-Id
X-Dw-Trace-Id
X-Grace-Duration
X-Skip-Cache
SID
Build-Number
Cdn-Src-Port
X-ARC