Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
CF-Ray
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Cache-Group
X-Via
X-Request-ID
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
EagleId
X-Page-Speed
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-Swift-CacheTime
X-Swift-SaveTime
X-CST
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-Ac
X-OneAgent-JS-Injection
X-Node
Server-Timing
Feature-Policy
X-Cnection
X-Iejgwucgyu
X-Response-Time
X-Rq
Allow
X-Cache-Lookup
Content-Location
Report-To
X-Backend-Server
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
P3p
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
Rating
X-FTR-Request-ID
X-Cloud-Trace-Context
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Px
X-MS-InvokeApp
X-Vhost
Charset
X-Ruxit-JS-Agent
X-VARITI-CCR
X-Mod-Pagespeed
Edge-Control
Accept-CH
X-Varnish-TTL
X-Goog-Hash
X-GitHub-Request-Id
Verso
X-DynaTrace
X-ESI
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Version
X-Server-Name
X-Vname
X-PC
X-TtlSet
Pinterest-Generated-By
X-Dns-Prefetch-Control
X-TTL
X-Cdn
X-D2id
X-Powered-By-Plesk
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Cached
SPRequestGuid
X-Origin-Upstream-Status
X-B3-TraceId
X-Dispatcher
X-Upstream-Env
X-Powered-CMS
X-Abt-Application-Version
X-SharePointHealthScore
X-T
RTSS
Accept-CH-Lifetime
MS-Author-Via
X-Trace
X-Recruiting
Public-Key-Pins
X-Navigation-Version
X-Oracle-Dms-Rid
X-Shield-Request-Id
X-ORACLE-DMS-RID
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestDuration
AR-ATIME
AR-PoweredBy
X-Amz-Rid
AR-CACHE
SPIisLatency
X-DIS-Request-ID
X-HW
X-Fastly-Request-ID
X-Client-IP
Realpath
Arr-Disable-Session-Affinity
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-F-Cache
X-Forwarded-Proto
X-B
X-DynaTrace-JS-Agent
X-Upstream
X-Ser
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
X-Pinterest-Rid
Service-Worker-Allowed
Pinterest-Version
X-Dw-Request-Base-Id
X-CACHE-GROUP
X-Id
X-FTR-Realm
X-Vcap-Request-Id
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Varnish-Age
Front-End-Https
AR-Request-ID
Paypal-Debug-Id
X-Server-ID
Nginx-Cache
X-Debug
X-Goog-Storage-Class
X-Acc-Meta-Resource-Type
X-Ttl
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Aspnet-Version
X-MSEdge-Ref
X-Hits
X-Kinsta-Cache
X-XRDS-Location
X-NF-Request-ID
Ar-Sid
X-N
X-NewRelic-App-Data
X-Logged-In
X-FTR-Cache-Host
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
S
X-Frontend
X-Akam-SW-Version
X-HS-Hub-Id
X-Grace
X-HS-Content-Id
X-Forwarded-For
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-User-Agent
DynaTrace
X-Cache-Key
Tracecode
X-DataStream-Cache-Status
X-TA-CDN-Provider
X-Pad
X-Amzn-Trace-Id
X-FastCGI-Cache
Server-Name
X-Content-Digest
Refresh
Backend-Timing
X-Analytics
MicrosoftSharePointTeamServices
Fastcgi-Cache
X-Content-Options
Accept-Charset
Display
X-Middleton-Display
X-CF-Powered-By
X-Sol
X-Debug-Info
X-AppVersion
X-Az
X-Activity-Id
Powered-By-ChinaCache
X-Rid
FilterID
Access-Control-Request-Method
X-Page-Id
X-LB-Cache
Host
X-IPLB-Instance
X-Zen-Fury
MS-CV
X-Content-Type
X-Magnolia-Registration
ServerID
TP-Cache
TP-L2-Cache
X-Middleton-Response
Response
TCN
Cache-Status
X-Mobile
X-Cache-Hit
X-Content-Powered-By
Surrogate-Key
X-Hostname
X-Srv
X-VCache
X-Fastcgi-Cache
X-ATG-Version
X-Ruxit-Js-Agent
X-WA-Info
X-Seen-By
Rt-Fastcgi-Cache
X-RateLimit-Remaining
X-XRDS-LOCATION
X-B3-Sampled
X-Cached-By
X-Varnish-Backend
X-Revision
X-Request-Received
X-Request-Processing-Time
X-GUploader-UploadID
X-Cache-Age
X-B-Cache
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Action
X-Cluster
X-Signature
X-SS-Set-Cookie
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Edge-Location
X-Whom
X-Tumblr-Pixel
Source
Cleartype
X-PHP-Backend
X-TT
X-Framework
X-Akamai-Edgescape
X-Handled-By
X-Request-Guid
X-App-Environment
ViewerVersion
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Cache-Control
X-Origin-Server
Server-Info
Host-Header
X-NWS-LOG-UUID
X-BCube-Filmed-By
X-Cache-Rule
X-Cache-2
X-AOL-HN
X-Generated-By
X-Varnish-Hostname
DC
Retry-After
X-Amzn-RequestId
Eomportal-Instance
X-Amz-Apigw-Id
X-App-Server
X-Geo-Country
X-Varnish-Server
X-FW-Server
X-FW-Hash
Server-Node
X-FW-Serve
X-FW-Static
X-FW-Type
X-Correlation-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-FB-Debug
X-Device-Type
X-Real-IP
Webserver
Payment
X-Response-Served-From
X-Amz-Server-Side-Encryption
Edge-Cache-Tag
Actual-Object-TTL
Access-Control-Allow-Method
X-Tumblr-Pixel-1
X-TT-TIMESTAMP
X-Varnish-Hits
X-Tumblr-Pixel-2
AsisCache
ServedBy
X-Varnish-Grace
Ms-Operation-Id
X-RTag
Content-Style-Type
X-WebKit-CSP-Report-Only
Filters
NGB
GEO-INFO
X-Cacheable-TTL
X-Region
Content-Script-Type
X-Varnish-IP
X-Contextid
X-Drupal-Cache-Contexts
X-TX-ID
X-Servedby
Viewport
X-Jobs
X-Amz-Replication-Status
X-UUID
X-Adobe-Content
Healthy
X-Adobe-Loc
Upgrade-Insecure-Requests
X-Locale
Cache
X-Rendered-As
Country
From-Origin
X-Accel-Expires
Cache-Tv-Group
X-UA-Device-Type
X-Cache-Config
X-RequestSource
X-WPE-Loopback-Upstream-Addr
X-Cache-Server
X-Cache-TTL-Remaining
X-BACKEND-TTL
X-Cache-Operation
HitType
X-VG-WebCache
X-Ezoic-Cdn
X-APP-VERSION
Pagespeed
X-Cache-Remote
Fastly-Restarts
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-TTL
X-Storage
X-Oneagent-Js-Injection
X-Content-Age
Fastcgi-Useragent
X-S
X-Upgrade-Enabled
X-Hit
Cache-Tags
X-Redis-Cache
X-Daa-Tunnel
X-Esi
X-FW-Dynamic
Served-By
X-Cache-NE
Cache-Tag
X-RateLimit-Limit
X-Is-Bot
Origin-Edge-Control
X-Internal-Host
SRV
X-NCache
X-Status
X-Backend-Name
X-NGENIX-Cache
X-Hl-Ver
X-Generated
X-Cache-Var-Map
X-Cache-Var
Load-Balancing
X-Detected-As
Meta-Geo
Origin-Cache-Control
X-Path-Route
Machine
X-JoinUs
X-Rule
X-RN-RSRV
X-Mode
X-Tb
X-Agile-Age
X-Agile-Id
X-Time-Microsecs
X-ProxyCache-Status
X-Loop
X-Agile
X-BYPASS-REASON
X-Pubstack
X-L-Path
X-Grey
X-Source
X-Environment-Context
X-Edge-IP
X-CDN-Cache
X-FC-Vary-Parameters
X-Akamai-Request-ID
X-Birta-Served
X-Cache-Category-Id
Cache-Key
X-Hosted-By
X-Labrador-Cache-Channel
X-Birta-Cache-Post
Selected-FE
X-Origin-Response-Time
Now
X-Www-Served-By
X-Web-Node
X-Proxy
X-Origin-Host
X-Proxy-Build
X-TNCMS
X-ProxyCache-Key
Vix-Hermes-Req-Id
X-Timing-Wait
X-Pc-Appver
X-IP
Cache-Name
X-ServerID
X-GeoIP
X-ApacheServer
X-Pc-Key
X-Pc-Hit
X-Viewer-Country
Datacenter
X-Varnish-Cacheable
X-Via-Fastly
X-PERF
X-Origin
X-Human
X-OCL
X-Original-Request
X-RemovedCookies
X-ProcessESI
X-PCL
DB-Nickname
X-Site-Version
X-CCM
Public-Key-Pins-Report-Only
X-Varnish-Cache-Hits
X-Debug-Cache
X-Akamai-Transformed
X-VG-TLSProxy
X-Format
X-Guploader-Uploadid
X-Xfnlog-Site
Mail-Subject
X-MP-GENERATED-AT
X-Section
S-Rt
X-Access
Azure-InstanceId
X-App-Version
NtCoent-Length
Azure-RegionName
Azure-SiteName
We-Hiring
Azure-SlotName
Azure-Version
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
Xserver
TWC-Connection-Speed
X-Origin-Hint
Property-Id
Liferay-Portal
X-Cache-Enabled
X-UA
S-Cnection
Fastcgi-X-Cache-Version
X-Ocache
User-Cache-Control
X-Sucuri-ID
X-Zipkin-Id
X-Proxied
X-App-Name
X-Request-Time
X-Routing-Service
Access-Control-Request-Headers
X-Microcachable
X-Protected-By
X-Cdn-Forward
X-B3-Traceid
X-EdgeConnect-Cache-Status
X-Webstats-RespID
X-Nginx-Cache
X-Tumblr-Pixel-3
X-CACHE-KEY
X-FW-Version
X-GEO
User-Agent
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FB-TRIP-ID
X-Origin-CC
X-GRACE
X-Upstream-Proxy
X-Upstream-CT
X-Upstream-HT
AR-SID
X-Proto
X-Trace-Id
PageSpeed
LB
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Correlation-ID
X-Node-Name
X-TIME
Ohc-File-Size
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Forwarded-Host
Powered
X-Nc
Cache-Hits
X-Endurance-Cache-Level
X-Pc-Host
X-Edge-Cache
X-Cache-Backend
X-Edge-Cache-Key
X-Pc-Date
X-ElasticPress-Search
X-ES-SERVER
X-Varnish-Beresp-Ttl
Frame-Options
X-OVcl
X-Unique-ID
X-OVcl-Cache
HostName
X-Ua
X-Rocket-Nginx-Bypass
X-Server-Cache
X-Vgn-Hpd-Reason
X-Origin-TTL
Section-Io-Cache
X-Dynatrace-Js-Agent
L5d-Success-Class
Fastcgi-X-Cache
IBM-Web2-Location
Nel
OT-Force-Account-Verify
X-Parent-Response-Time
X-V
Arc-Country
X-External-Request-Id
X-User
X-Trv-Group
X-DPWN-IS-SECURE
X-Developer
Resin-Trace
X-Died
X-Distil-CS
X-Twitter-Response-Tags
X-SRCache-Key
X-TT-LOGID
X-Date
X-Destination
X-UE-Client-Country
X-Server-By
Decoy-Debug-TTL
X-ARC
X-Application
X-Amz-Meta-Cache-Control
MD5-Digest
X-Auto-Login
X-B-Cookie
X-Cache-Bucket
X-Block-Status
X-BB-ID
Memcached
X-ServiceProvider
Powered-By
Www
VivaBuild
Viewtype
Node
Mobile-Detection-Method
Meta-Geo-Continent
X-Aed
X-Accel-Expires-Debug
X-Cache-FS-Status
X-Cache-Host
Decoy-Debug-Status
Rendered-Blocks
Ec-Rule-Version
X-CF-Lambda-Fn
Decoy-Debug-Key
X-CF-Lambda-Version
Cache-Prefix
X-Connection-Hash
X-Server-Group
X-Cdn-Srv
Fastly-SIE
X-Cache-Info
GMS-Ver
X-Cache-Id
X-Cache-URL
X-Transaction
Fastly-SWR
Fly-Cache
Fly-Request-Id
BehaviorPad-Version
X-From
CACHE
X-Irp-Debug
X-Li-Fabric
X-Reboot
X-Rewrite-Enabled
Xc-Version
X-IN-SSL-APIGATEWAY
X-IN-WAF
X-Info
X-Rojux
X-Li-Pop
X-LI-Proto
X-Request-UUID
X-Region-Sid
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-PHP-Host
X-PAYTM-SRV-ID
X-LI-UUID
X-NU-AKA-ACS-Version
X-Origin-Date
X-Origin-Expires
X-IN-APIGATEWAY
X-Micro-Cache
X-Fetched-On
X-VG-WebServer
X-We-Are-Hiring
X-ScT
X-Generated-In
X-S-Maxage
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Pc-Subdomain
X-Hnp-Log
X-S-Cookie
X-Via-CDN
Mn-Server-Ip
X-Passed-To-PostProcessResponse
X-A-Wwc
X-Policy
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Alternate-Cache-Key
X-Distributor
X-A-Ccd
X-FireWall-Port
X-Request-URI
X-Actual-URL
X-Response-By
X-Platform
X-RateLimit-Limit-Second
True-Client-Country-4JS
X-ShopId
X-ShardId
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Shopify-Stage
Thinkindot-CacheControl
X-Secret
X-Epic-Correlation-Id
X-Sf
X-Proxy-Cache-Status
X-Proxy-Upstream
Web-Mar-Node
X-RateLimit-Remaining-Second
X-Passed-To-DLL
X-A
X-Returned-From-BeforeDispatch
X-Dispatcher-Server
X-Generated-On
X-Level-Front-Cache
X-Server-Time
X-Location
X-Matched-Rule
X-Logtrace-Id
X-LAGOON
X-GeoIP-Country-Code
X-D
X-Debug-Log
X-CUA
X-Crawler
X-Server-IP
X-Hash
X-Fastly-Cache
X-Returned-From-PostProcessResponse
X-Debug-Cookies
X-Bip
Server-Host
X-Backend-Url
X-Backend-Host
X-Passed-To
X-Returned-From
X-G
X-Cache-Debug
X-Gannett-Site-Version
X-Node-Id
X-NX-Host
X-Cache-Grace
X-Cache-Expires
X-Returned-From-DLL
X-Passed-To-BeforeDispatch
Lfy
X-Time
X-Svr
Ajk
On-Server
Platform
X-Wikidot-Backend
Country-Code
Magicmarker
X-Variation
X-Var-Ttl
Is-Eu
X-Swa-Ws
Adler-Geo
X-Varnish-Action
X-Croise-Owner
X-Wikidot-Static-Cache
Backend
X-Via-NSCOPI
Proxy-Connection
Fastly-Backend-Name
X-Sorting-Hat-PodId
SD-X-WS
Content-Disposition
Request-Time
X-Thinkindot-L3
X-Stale
X-Thanos
X-Sorting-Hat-ShopId
X-HS-Cache-Config
Warning
X-Sucuri-Cache
X-R9-Blue-Green-Version
X-Debug-Cache-Fetch
X-Clientip
Server-Cache-Control
CDCHOST
X-Debug-Cache-Expiry
AKAMAI
X-Up
X-Device-Os
X-Debug-Cache-Store
X-Varnish-Authentication
Origin
X-Core-Mission
X-No-Session
IsBot
X-Qloud-Router
X-SERVER
X-Dc
X-SIPLIST1
X-Key
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Fstrz
X-Generation-Time
X-Instart-Isnd
X-Nginx-Cache-Key
X-Eu-Site
X-UnsetCookies
HA-Ipaddr
X-Backend-State
RNT-Time
SS
Ha-Gx-Prefs
X-C
Version
Kp-EeAlive
X-Amz-Meta-Surrogate-Control
X-CGP
Pramga
Who
Pagetype
RNT-Machine
Release
X-Cache-ASPX
Heartbleed
Fastly-Soc-X-Request-Id
GW-Server
Server-Surrogate-Control
Countrycode
X-MSEdge-Features
Apple-News-Services-Host
Cache-Cookie-Set-Lfrom
X-Varnish-Url
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
REQUESTUUID
X-Core-Value
PFcat
X-Servername
Server-Int
Apple-News-Services-Parsed-Url
X-MSEdge-Flight
Cache-Cookie-Set-Idcheck
X-F5-Cache
Fastly-SSL
Server-ID
X-Developers
X-Page-Type
Apple-News-Services-Handled
X-Cluster-Node
X-Pjax-Url
NGX
X-Ratelimit-Remaining
X-Cache-Miss-From
X-Refresh
X-Be
X-Store
RequestId
X-Sedo-Request-Id
Esi-Enabled
X-TrackingId
X-CDN-Forward
Time
X-MI-In-Market
X-Newrelic-App-Data
MI-API
MI-Cache
X-EIG-Tracking-Id
X-RCS-CacheZone
X-Layer
MI-Cache-Age
X-Cache-CFC
MIME-Version
X-NC
X-Real-Ip
X-B3-SpanId
X-URL
X-Mrs-Cache-Hits
X-Mrs-Cache
X-Mrs-Age
X-SN
X-Mshield-Cache-Status
X-Oss-Object-Type
HA-Georegion
HA-Host
HA-Servedtime
HA-Urlpath
HA-Geolon
HA-Geolat
HA-Cloudapp
HA-Geocity
HA-Geocountry
X-IPS-LoggedIn
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
SID
X-Oss-Server-Time
X-Oss-Request-Id
X-Unique-Id-Primal
X-Geo
X-Owner
Cteonnt-Length
X-From-Cache
X-Ratelimit-Limit
PICS-Label
X-Hyper-Cache
X-Servedbyhost
X-RequestId
Odigeo-Trace-Id
Mime-Version
Backend-Name
X-CMS-Context
Cdn
FastCGI-Cache
CF-IPCountry
X-FPC
Memory
X-Instart-Info
X-CSRF-TOKEN
HTTPS
X-Webkit-Csp
X-Req
Processtime
X-Webkit-CSP
X-WebServer
X-CLOUD-TRACE-CONTEXT
X-B3-Spanid
CDN
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-Phone
X-Wa
X-Request-Start
X-DC
Cf-Ipcountry
X-Pf-Uncompressing
X-Aicache-OS
X-Release
X-Atg-Version
Ohc-Response-Time
X-WR-MODIFICATION
XServer
GeoIP-Country-Code
X-Newrelic-Synthetics
Hostname
X-Load-Cache
GeoIP-Latitude
X-Amzn-Remapped-Connection
X-HS-Combine-CSS
X-Amzn-Remapped-Date
X-Mobile-URL
X-Varnish-Beresp-TTL
ProcessTime
X-GZip
X-VServer
X-NodeID
Cross-Origin-Window-Policy
X-Fastly-Country-Code
X-Served-From
Rt-Proxy-Cache
X-ND-Cache
URI
X-Server-W
X-WA
X-Lb-Id
X-Varnish-Ttl
X-HTML-Minification-Powered-By
X-Unique-Id
X-GoCache-CacheStatus
T-Server
X-FORWARDED-FOR
X-Skip-Cache
X-Nananana
Accept-Ch-Lifetime
X-PF-Uncompressing
X-Oracle-Dms-Ecid
X-Cdn-Origin
V-Age
X-CSRF-Token
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
X-COUNTRY
X-MServer
X-LB-ID
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-ServedByHost
Proxy-Firewall
X-VC-Cache
Ohc-Cache-HIT
X-APP
X-P-T
X-Worker
X-UPSTREAM-Address
Is-Session-Tracking
DataCenter
Pics-Label
X-SRV
X-Datadome
X-Cms-Context
X-Fastly-Cache-Hits
Get-Access-Time
A
N-Cache
X-Gateway-Skip-Cache
ServerName
X-Check-Cacheable
X-UCC
X-LiteSpeed-Cache-Control
X-Gateway-Cache-Status
Uber-Trace-Id
X-HS-Status
X-Gateway-Cache-Key
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
X-Requestid
X-RCS-Backend
X-CACHE-AGE
X-NGINX-Cache
Geoip-Latitude
X-Processor
X-GZIP
X-BBXSRF
X-Optimization
Dnion-Transfer-Encoding
X-BE
X-Hp-Webp
X-Cache-HT
X-ID
X-StackifyID
WZWS-RAY
GeoIp-Country-Code
X-Org
X-Backend-TTL
X-Vg-Webcache
X-PJAX-URL
WP-Super-Cache
X-Fe
X-Port
X-Via-Edge
X-Varnish-URL
X-PAGE-TYPE
Cache-Provider
X-GDPR
X-Csrf-Token
X-Via-SSL
Cneonction
Requestid
X-NWS-UUID-VERIFY
Serverid
X-Planisys-CDN-Cache
X-ServerName
X-Git-Hash
X-Instance-Name
X-Gdpr
Server-Id
X-Planisys-CDN-Rules
Pragrma
X-Planisys-CDN-TTL
X-HostName
RequestUuid
X-LiteSpeed-Tag
X-Dw-Trace-Id
X-Front
X-Akamai-Request-ID2
286prxHost
X-VCT
409pxxline
X-RAMCache
355prline
X-GeoIP-City
X-PARISIEN-Cache-Rendered
Request-EU
189phosttRef
178proxuri
X-VarnPar1
352pxline
Correlation-Id
X-Request-Url
DSUID
X-VarnCache
188prxHost
Request-Country
219prxHost
Xxline
X-CS
Accept-Language
225prxHost