Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-UA-Compatible
P3P
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Xss-Protection
X-Timer
X-Request-Id
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
P3p
X-Type
Upgrade
WPE-Backend
X-Pass-Why
Keep-Alive
X-AH-Environment
Xkey
X-Cache-Group
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
EagleId
X-Drupal-Dynamic-Cache
X-Nginx-Cache-Status
X-Pingback
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Server
X-Hacker
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-UA-Device
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Robots-Tag
X-Kinja-Server-Push
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
Request-Context
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Host
X-Response-Time
Surrogate-Control
X-OneAgent-JS-Injection
X-Rq
X-Cnection
X-Backend-Server
X-Server-Id
X-Node
X-Readtime
Server-Timing
X-Rack-Cache
Report-To
EagleEye-TraceId
X-Application-Context
Request-Id
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-CST
X-Instart-Request-ID
X-Iejgwucgyu
X-Ua-Compatible
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
X-Country
X-Url
Rating
X-Server-Name
X-Px
Pinterest-Generated-By
Allow
X-Country-Code
X-TTL
X-DataDome
X-Varnish-TTL
X-MS-InvokeApp
X-DynaTrace
X-Origin-Cache
X-Vhost
X-PC
X-TtlSet
X-Vname
X-Cached
X-FTR-Request-ID
X-ESI
RTSS
X-Ruxit-JS-Agent
X-Goog-Hash
Charset
X-VARITI-CCR
X-Powered-CMS
X-Trace
SPRequestGuid
X-Oracle-Dms-Rid
X-Powered-By-Plesk
X-DynaTrace-JS-Agent
Accept-CH
X-GitHub-Request-Id
X-Dispatcher
X-SharePointHealthScore
X-D2id
Public-Key-Pins
X-T
X-Mod-Pagespeed
X-Server-ID
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-F-Cache
Content-MD5
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
Verso
MS-Author-Via
X-Version
X-B3-TraceId
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Recruiting
X-Abt-Application-Version
Nginx-Cache
X-Dns-Prefetch-Control
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Client-IP
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-DIS-Request-ID
X-Navigation-Version
X-N
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Amz-Rid
X-Pinterest-Rid
X-Upstream-Env
Pinterest-Version
X-B
X-Dw-Request-Base-Id
X-XRDS-Location
X-Upstream
X-Origin-Upstream-Status
X-Fastly-Request-ID
DynaTrace
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Fastly-Restarts
X-Amz-Meta-S3cmd-Attrs
X-Ser
Paypal-Debug-Id
TCN
X-Hits
Realpath
X-ORACLE-DMS-RID
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Content-Options
Arr-Disable-Session-Affinity
X-Pad
Service-Worker-Allowed
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
Access-Control-Request-Method
X-Content-Digest
X-Id
S
Front-End-Https
X-Varnish-Age
X-Debug
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-MSEdge-Ref
X-Amz-Cf-Pop
X-Vcap-Request-Id
X-Oneagent-Js-Injection
X-Frontend
X-IPLB-Instance
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend
X-PressLabs-Stats
X-Kinsta-Cache
X-ATG-Version
X-Sol
X-Middleton-Display
Display
X-RateLimit-Remaining
X-Logged-In
X-Cache-Hit
Edge-Cache-Tag
X-HS-Content-Id
X-HS-Hub-Id
Surrogate-Key
X-FastCGI-Cache
X-Forwarded-For
Fastcgi-Cache
X-Use-Magma
Rt-Fastcgi-Cache
Powered-By-ChinaCache
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Zen-Fury
X-Request-Received
X-Edge-Location
X-Grace
Server-Name
Backend-Timing
X-Analytics
Ar-Sid
X-Debug-Info
X-Amzn-Trace-Id
X-Rid
X-Middleton-Response
Response
X-User-Agent
Host
FilterID
X-Revision
TP-Cache
TP-L2-Cache
X-FTR-Cache-Host
X-Akam-SW-Version
X-CF-Powered-By
X-Litespeed-Cache
X-NewRelic-App-Data
X-Webkit-Csp
X-Mobile
X-B3-TraceId-Primal
X-Cache-Key
X-SS-Set-Cookie
AMP-Access-Control-Allow-Source-Origin
X-HS-Cache-Config
X-Drupal-Cache-Tags
X-Magnolia-Registration
X-Accel-Expires
X-TA-CDN-Provider
Cache-Status
Refresh
X-Cached-By
Host-Header
AR-Request-ID
X-SERVER
X-Ttl
X-Newrelic-App-Data
X-Fastcgi-Cache
X-B3-Sampled
ServerID
X-Varnish-Backend
X-GUploader-UploadID
X-Node-Name
X-Content-Security-Policy-Report-Only
X-AOL-HN
X-Tumblr-User
X-Tumblr-Pixel-0
X-Instance
X-Tumblr-Pixel
X-B-Cache
X-Signature
X-Platform-Server
X-Cache-2
X-FB-Debug
X-Cache-Control
X-Akamai-Edgescape
X-Webkit-CSP
X-Device-Type
X-Whom
Eomportal-Instance
X-App-Environment
X-Cluster
X-Page-Id
Cache-Tag
X-Framework
X-BCube-Filmed-By
X-Handled-By
X-Generated-By
X-Srv
X-Cache-Rule
Cleartype
X-LB-Cache
X-Varnish-Hostname
DC
Liferay-Portal
X-Request-Guid
X-NWS-LOG-UUID
X-AppVersion
X-Ruxit-Js-Agent
X-Activity-Id
X-Az
X-WPE-Loopback-Upstream-Addr
X-Drupal-Cache-Contexts
X-Geo-Segment
X-Cache-Action
Public-Key-Pins-Report-Only
X-App-Server
X-VCache
X-Cache-Server
X-Content-Powered-By
Source
X-Via-JSL
Retry-After
MS-CV
Alternate-Protocol
X-TT
X-Wix-Request-Id
Accept-Charset
X-Seen-By
X-HS-Combine-CSS
ViewerVersion
X-App-Version
X-Hostname
X-Amz-Replication-Status
X-CACHE-GROUP
X-Varnish-Grace
X-WA-Info
X-Geo-Country
Server-Node
Webserver
X-Correlation-Id
X-Varnish-Server
X-Esi
HostName
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
AsisCache
X-Response-Served-From
X-Cache-NE
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
SRV
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Locale
X-GeoIP
GEO-INFO
X-URL
X-RequestSource
Actual-Object-TTL
X-Daa-Tunnel
X-Jobs
ServedBy
Viewport
X-S
X-Yottaa-Metrics
X-FW-Hash
X-Varnish-Hits
X-Servedby
X-FW-Serve
X-Yottaa-Optimizations
X-FW-Static
X-FW-Server
X-Contextid
X-FW-Type
X-Edge-Cache-Key
Payment
X-Edge-Cache
X-UUID
X-TX-ID
X-Varnish-IP
AR-SID
X-Status
Pagespeed
X-Adobe-Content
X-Correlation-ID
X-Adobe-Loc
Cache
X-TT-TIMESTAMP
X-Origin-Server
X-Vg-Webcache
X-Cacheable-TTL
X-Cache-TTL-Remaining
X-Forwarded-Host
X-Cache-Age
X-Hyper-Cache
X-Cache-Operation
S-Cnection
X-Amz-Server-Side-Encryption
Server-Info
X-Sucuri-ID
Served-By
X-Region
Datacenter
Country
CACHE
X-Mode
X-TIME
X-Akamai-Request-ID2
X-RateLimit-Limit
X-Real-IP
Access-Control-Allow-Method
From-Origin
X-CLOUD-TRACE-CONTEXT
Healthy
X-Cache-Config
X-Path-Route
Meta-Geo
Machine
X-Zipkin-Id
X-Ocache
X-Routing-Service
X-Rendered-As
X-Proxy
X-Proxied
X-RN-RSRV
X-Rule
X-L-Path
X-Environment-Context
X-Ezoic-Cdn
X-Content-Type
X-DataStream-Cache-Status
X-Generated
X-Site-Version
X-Cache-Var
X-Detected-As
X-Cache-Var-Map
X-Is-Bot
X-Section
DB-Nickname
X-Upgrade-Enabled
X-Akamai-Transformed
Now
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Access
X-Viewer-Country
L5d-Success-Class
Fastcgi-Useragent
X-Request-Time
X-Birta-Cache-Post
X-Grey
X-Cache-Category-Id
X-JoinUs
X-Microcachable
X-Format
X-Birta-Served
X-EIG-Tracking-Id
X-Amz-Meta-Surrogate-Control
X-CDN-Cache
Property-Id
X-ServerID
TWC-Device-Class
X-Tb
TWC-Connection-Speed
X-OCL
X-Loop
X-Hit
X-Labrador-Cache-Channel
TWC-GeoIP-Country
X-FC-Vary-Parameters
X-Hosted-By
TWC-Privacy
X-Human
S-Rt
X-Via-Fastly
X-Agile
X-Agile-Id
X-Agile-Age
X-PCL
X-Pc-Key
X-Pc-Hit
X-Pc-Appver
Webcakes-App-Name
X-CCM
TWC-Locale-Group
Webcakes-App-Version
X-Origin-Hint
X-TNCMS
Webcakes-Region
TWC-GeoIP-LatLong
Cache-Name
HitInfo
HitType
X-Origin
X-Upstream-CT
X-Upstream-HT
X-Web-Node
X-VWS-Id
X-VG-TLSProxy
X-Pubstack
X-SplitTest
X-IP
OT-Force-Account-Verify
X-Original-Request
Accept-Language
X-ProxyCache-Status
X-AWS-Id
X-RemovedCookies
X-ProxyCache-Key
X-LJ-Flow-ID
X-OVcl
X-Cluster-Node
X-Via-CDN
X-OVcl-Cache
X-ProcessESI
Azure-InstanceId
Azure-RegionName
X-BYPASS-REASON
X-Xfnlog-Site
Azure-Version
Azure-SlotName
Azure-SiteName
Selected-FE
X-Proxy-Build
X-ShardId
LB
X-Timing-Wait
X-ShopId
X-Www-Served-By
X-NGENIX-Cache
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
Mn-Server-Ip
X-Sorting-Hat-PodId
Cache-Hits
X-Rocket-Nginx-Bypass
PageSpeed
Xserver
Content-Script-Type
X-App-Name
X-Cache-Enabled
Content-Style-Type
X-XRDS-LOCATION
X-Cdn
X-Guploader-Uploadid
X-Source
X-UA
Origin-Edge-Control
X-Twitter-Response-Tags
X-Connection-Hash
Origin-Cache-Control
X-TWH-CORRELATION-ID
X-Transaction
X-RTag
IBM-Web2-Location
X-Unique-ID
Access-Control-Request-Headers
X-GRACE
Ms-Operation-Id
X-Ms-Version
X-NodeID
X-Real-Ip
X-Ms-Request-Id
X-Ms-Blob-Type
X-Ms-Lease-Status
NGB
X-Origin-CC
X-Geo
Time
NtCoent-Length
X-Port
X-Cache-Remote
Filters
X-MP-GENERATED-AT
X-Distil-CS
X-Internal-Host
X-Pc-Host
X-NCache
X-Pc-Date
X-Edge-IP
X-Cdn-Forward
X-Tumblr-Pixel-3
X-APP-VERSION
X-Nginx-Cache
Mail-Subject
We-Hiring
Backend
X-Cache-TTL
X-Proto
X-Varnish-Cacheable
X-Debug-Cache
X-Ratelimit-Limit
X-CACHE-KEY
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-Storage
X-UA-Device-Type
Cache-Tags
X-PHP-Backend
X-Csrf-Token
X-Backend-Name
X-Webstats-RespID
X-Varnish-Cache-Hits
X-Akamai-Request-ID
X-Sucuri-Cache
User-Agent
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Dc
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Locale
X-Mrs-Cache
X-Ua
X-PERF
X-ApacheServer
X-Mrs-Cache-Hits
X-Mrs-Age
X-Mshield-Cache-Status
X-EdgeConnect-Cache-Status
X-ElasticPress-Search
Fastly-SSL
Warning
X-B3-Spanid
X-Newrelic-Synthetics
X-C
X-Endurance-Cache-Level
HA-Urlpath
V-Age
Viewtype
X-Region-Sid
HA-Geolon
HA-Georegion
X-Hash
TSSecure
HA-Ipaddr
HA-Servedtime
Ha-Gx-Prefs
HA-Host
UCS
X-Irp-Debug
Rt-Proxy-Cache
X-Org
Ajk
X-Logtrace-Id
Server-Host
X-IN-WAF
Mobile-Detection-Method
X-IN-SSL-APIGATEWAY
Resin-Trace
X-IN-APIGATEWAY
X-NX-Host
BehaviorPad-Version
X-NU-AKA-ACS-Version
Odigeo-Trace-Id
Arc-Country
Ec-Rule-Version
X-Generated-In
X-Redis-Cache
Fly-Cache
HA-Cloudapp
MD5-Digest
GMS-Ver
X-PAYTM-SRV-ID
HA-Geocity
HA-Geolat
HA-Geocountry
X-G
FSS-Proxy
Fly-Request-Id
Rendered-Blocks
SN
Cache-Prefix
Meta-Geo-Continent
FSS-Cache
Content-Disposition
X-From
X-Amz-Meta-Cache-Control
X-Via-SSL
X-Backend-Host
X-Store
VivaBuild
X-Backend-Url
X-SRCache-Key
X-CF-Lambda-Version
X-Debug-Cookies
X-Developer
X-B-Cookie
X-Sn-Servicetimems
X-CGP
X-Via-Edge
X-BB-ID
X-Cache-Bucket
X-Destination
X-Nc
X-Died
X-Cache-Host
X-Debug-Log
X-Cdn-Origin
X-VG-WebServer
X-BBXSRF
X-DPWN-IS-SECURE
X-Trv-Group
X-CF-Lambda-Fn
X-Application
X-Eu-Site
X-Rewrite-Enabled
X-A-Wwc
X-Rojux
X-Server-Time
Xc-Version
X-A-Dgt
X-A-Dcw
X-Cache-Backend
X-A
X-A-Ccd
X-A-Dam
X-ScT
X-S-Cookie
X-F5-Cache
X-Varnish-Beresp-Ttl
X-Server-By
X-External-Request-Id
X-D
X-Date
X-Accel-Expires-Debug
Cache-Key
X-Aed
X-NC
X-CACHE-AGE
X-Layer
X-Core-Value
X-Clientip
Memcached
X-Key
X-Backend-State
Thinkindot-CacheControl
X-FW-Version
IsBot
X-Auto-Login
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Fetched-On
Www
X-Flog
X-ABtesting
RNT-Time
RNT-Machine
X-Hl-Ver
Origin
X-Dispatcher-Server
X-Developers
X-Hello
Pramga
X-GeoIP-City
X-GeoIP-Country-Code
Release
X-Cache-Id
X-Request-URI
X-User
X-V
X-UnsetCookies
X-Platform
X-UE-Client-Country
X-Var-Ttl
X-Server-IP
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
X-Qloud-Router
X-Rebelmouse-Cache-Control
X-Response-By
X-SIPLIST1
X-ServiceProvider
X-Dynatrace-Js-Agent
X-CDN-Forward
X-Thinkindot-L3
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Trace-Id
X-Request-Start
Apple-News-Services-Request-Url
X-Owner
Fastly-SIE
GW-Server
X-Matched-Rule
Decoy-Debug-TTL
Fastly-Soc-X-Request-Id
Fastly-SWR
X-Worker
X-Wikidot-Static-Cache
X-Location
X-Wikidot-Backend
X-We-Are-Hiring
Decoy-Debug-Status
Decoy-Debug-Key
Countrycode
X-VServer
Heartbleed
Powered-By
X-No-Session
Country-Code
X-Croise-Owner
X-Powered-By-ANYU
WZWS-RAY
User-Cache-Control
X-Swa-Ws
X-Epic-Correlation-Id
X-Sf
X-Stale
X-Distributor
X-VCT
X-Varnish-Action
X-Up
X-Device-Os
X-WebServer
X-Variation
X-Thanos
X-Release
X-Gen-Mode
X-Node-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-P-T
X-Gannett-Site-Version
X-Passed-To-BeforeDispatch
X-Passed-To
X-Nginx-Cache-Key
X-MI-In-Market
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Instance-Name
X-Hnp-Log
X-Info
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-S-Maxage
X-Secret
X-Sentry-ID
X-Fastly-Cache
X-Returned-From-BeforeDispatch
X-Returned-From
X-Policy
X-Phone
X-RCS-CacheZone
X-Li-Fabric
X-Request-UUID
X-CUA
X-Served-From
Server-ID
On-Server
X-Origin-Response-Time
MI-Cache-Age
MI-Cache
Platform
Pragrma
True-Client-Country-4JS
Section-Io-Cache
Request-EU
Request-Country
Adler-Geo
Backend-Name
Cache-Cookie-Set-Lfrom
Frame-Options
Fastly-Backend-Name
Esi-Enabled
Is-Eu
Kp-EeAlive
Magicmarker
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Uber-Trace-Id
Server-Int
X-Bip
X-Cache-URL
X-Crawler
X-Core-Mission
X-Block-Status
X-Actual-URL
Web-Mar-Node
X-Cache-Debug
X-Cache-Expires
X-Datadome
X-Backend-TTL
X-SN
X-MServer
X-Cache-CFC
X-SVT-ORM-VERSION
X-MSEdge-Flight
X-MSEdge-Features
X-Via-NSCOPI
X-Fstrz
X-TT-LOGID
REQUESTUUID
Pagetype
CDCHOST
X-SVT-ORM-RULES
Proxy-Connection
Version
X-Oss-Request-Id
X-DC
X-Refresh
X-NODE
X-Oss-Hash-Crc64ecma
X-NWS-UUID-VERIFY
X-Page-Type
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-HOST
X-Cache-Srv
MI-API
RequestId
HTTPS
Amp-Access-Control-Allow-Source-Origin
X-Kong-Upstream-Latency
X-Ms-Lease-State
Cteonnt-Length
MIME-Version
X-Cache-FS-Status
X-Pjax-Url
X-Kong-Proxy-Latency
X-Be
NodeID
X-Req
X-Servername
X-Parent-Response-Time
Group
V-Cache
X-Unique-Id-Primal
Who
X-Origin-TTL
X-GZip
ProcessTime
X-Oracle-Dms-Ecid
Fusion-Source
X-BB-IP
Cdn
Fusion-Content-Source
Memory
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Ckpd-Fst-Backend
Mime-Version
SS
CF-IPCountry
X-Aicache-OS
X-Servedbyhost
Cdn-Request-Time
X-Time
X-Edge-Server
Cdn-Host
X-ND-Cache
X-Protected-By
X-Server-Group
X-Wa
X-Content-Age
X-COUNTRY
PageType
GeoIP-Country-Code
CDN
SD-X-WS
XServer
X-SRV
GeoIP-Latitude
X-Varnish-Url
X-Varnish-Beresp-TTL
Get-Access-Time
X-APP
Is-Session-Tracking
X-Ratelimit-Remaining
A
X-Pf-Uncompressing
X-RateLimit-Remaining-Second
X-Generation-Time
Geoip-Latitude
X-B3-Traceid
X-Origin-Date
X-Origin-Expires
GeoIp-Country-Code
X-RateLimit-Limit-Second
X-Unique-Id
PICS-Label
X-StackifyID
X-Cache-Info
X-WA
X-Fastly-Cache-Hits
Serverid
X-FireWall-Port
X-Origin-Host
X-GEO
X-Vcache
X-Requestid
X-Gdpr
VIX-Pulpo-Node
X-Nananana
X-CSRF-Token
VIX-Pulpo-Upstream-Status
X-CS
X-Fastly-Country-Code
X-EC-Security-Audit
Nel
DataCenter
Processtime
X-Load-Cache
X-PHP-Host
Cf-Ipcountry
X-ID
Node
Hostname
X-ServedByHost
X-SERVER-NAME
X-RequestId
X-Server-W
X-Surge-Debug
NGX
X-Proxy-Upstream
T-Server
X-Proxy-Cache-Status
X-NGINX-Cache
X-Qnm-Cache
X-Check-Cacheable
X-M-Reqid
X-M-Log
X-HTML-Minification-Powered-By
URI
Vix-Hermes-Req-Id
X-FORWARDED-FOR
X-PF-Uncompressing
X-UPSTREAM-Address
Load-Balancing
Cache-Tv-Group
X-GZIP
X-Feature
X-HS-Status
WP-Super-Cache
ServerName
X-Planisys-CDN-TTL
Cache-Provider
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-B3-SpanId
X-WR-MODIFICATION
X-BACKEND-TTL
X-Fe
X-ARC
X-VG-WebCache
X-ServerName
X-DataStream-MidMile-RTT
X-Fastly-Backend-Reqs
X-DataStream-Origin-MEX-Latency
Request-Time
X-BE
X-Skip-Cache
X-Alicdn-Da-Ups-Status
X-Atg-Version
X-HTML-Edge-Cache
X-Proxy-Server
RequestUuid
Requestid
X-PJAX-URL
Host-ID
X-Micro-Cache
PFcat
X-IPS-LoggedIn
Https
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-Debug-Cache-Fetch
X-Distil-Cs
X-PAGE-TYPE
N-Cache
X-SB
X-From-Cache
X-Debug-Cache-Store
X-Cache-Ttl
X-VC
X-Debug-Cache-Expiry
X-Swift-Error
X-Front
Sid
X-GDPR
X-Grace-Duration
Cdn-Src-Port
Build-Number
X-Dw-Trace-Id
X-RAMCache
X-Gen-Id
X-CSRF-TOKEN