Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
Via
X-XSS-Protection
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
Referrer-Policy
X-Served-By
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
CF-Ray
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Cache-Group
X-Via
X-Request-ID
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
EagleId
X-Page-Speed
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-Swift-CacheTime
X-Swift-SaveTime
X-CST
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
X-Ac
X-OneAgent-JS-Injection
X-Node
Server-Timing
Feature-Policy
X-Cnection
X-Iejgwucgyu
X-Response-Time
X-Rq
Allow
X-Cache-Lookup
Content-Location
Report-To
X-Backend-Server
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
P3p
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
X-FTR-Request-ID
Rating
X-Cloud-Trace-Context
X-Country-Code
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DataDome
X-Instart-Request-ID
X-Px
X-MS-InvokeApp
X-Vhost
Charset
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-VARITI-CCR
Edge-Control
Accept-CH
X-Varnish-TTL
X-Goog-Hash
X-GitHub-Request-Id
X-DynaTrace
X-ESI
Verso
X-Mobile-Rewrite
PB-PID
Arc-Version
PB-RID
X-Version
X-Server-Name
Pinterest-Generated-By
X-PC
X-TtlSet
X-Vname
X-TTL
X-Cdn
X-Powered-By-Plesk
X-D2id
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Cached
SPRequestGuid
X-Origin-Upstream-Status
X-B3-TraceId
X-Dispatcher
X-Upstream-Env
X-Powered-CMS
X-Abt-Application-Version
X-SharePointHealthScore
X-T
RTSS
MS-Author-Via
Accept-CH-Lifetime
X-Recruiting
X-Trace
Public-Key-Pins
X-Navigation-Version
X-Oracle-Dms-Rid
X-Shield-Request-Id
X-ORACLE-DMS-RID
Content-MD5
X-SRCache-Fetch-Status
X-SRCache-Store-Status
SPRequestDuration
SPIisLatency
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Amz-Rid
X-DIS-Request-ID
X-Fastly-Request-ID
X-HW
X-Client-IP
Realpath
Arr-Disable-Session-Affinity
X-Wix-Server-Artifact-Id
X-Forwarded-Proto
X-F-Cache
X-Accel-Buffering
X-B
X-DynaTrace-JS-Agent
X-Upstream
X-Ser
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
Pinterest-Version
X-Via-JSL
Service-Worker-Allowed
X-Id
X-Dw-Request-Base-Id
X-CACHE-GROUP
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-Vcap-Request-Id
X-FTR-Expires
X-Varnish-Age
Front-End-Https
Paypal-Debug-Id
X-Dns-Prefetch-Control
AR-Request-ID
X-Server-ID
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ttl
X-Debug
X-Aspnet-Version
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
X-MSEdge-Ref
X-Hits
X-Kinsta-Cache
X-NF-Request-ID
Ar-Sid
X-XRDS-Location
X-N
X-Logged-In
X-NewRelic-App-Data
X-FTR-Cache-Host
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
S
X-Akam-SW-Version
X-Frontend
X-Grace
X-Forwarded-For
X-HS-Hub-Id
X-HS-Content-Id
X-PressLabs-Stats
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-User-Agent
DynaTrace
X-Cache-Key
Tracecode
X-TA-CDN-Provider
X-DataStream-Cache-Status
X-Pad
X-Amzn-Trace-Id
X-FastCGI-Cache
Server-Name
X-Content-Digest
Refresh
Backend-Timing
X-Analytics
Fastcgi-Cache
Accept-Charset
MicrosoftSharePointTeamServices
X-Content-Options
X-Debug-Info
Access-Control-Request-Method
X-Middleton-Display
X-Sol
Display
X-CF-Powered-By
Powered-By-ChinaCache
X-AppVersion
FilterID
X-Rid
X-Az
X-Activity-Id
Host
X-Page-Id
X-Zen-Fury
X-IPLB-Instance
X-LB-Cache
MS-CV
X-Content-Type
X-Magnolia-Registration
ServerID
TP-L2-Cache
TP-Cache
X-Middleton-Response
TCN
Response
Cache-Status
X-Mobile
X-Cache-Hit
X-Content-Powered-By
Surrogate-Key
X-Hostname
X-Srv
X-ATG-Version
X-Fastcgi-Cache
X-VCache
X-Ruxit-Js-Agent
X-WA-Info
Rt-Fastcgi-Cache
X-Seen-By
X-RateLimit-Remaining
X-B3-Sampled
X-XRDS-LOCATION
X-Cached-By
X-Revision
X-Request-Received
X-Request-Processing-Time
X-Varnish-Backend
X-Cache-Age
X-GUploader-UploadID
X-SS-Set-Cookie
X-Cache-Action
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Instance
X-Content-Security-Policy-Report-Only
X-Platform-Server
X-B-Cache
X-Tumblr-Pixel-0
X-Whom
X-Tumblr-Pixel
X-Tumblr-User
X-Edge-Location
X-Signature
Source
X-Cluster
X-PHP-Backend
X-TT
X-Akamai-Edgescape
X-Request-Guid
Cleartype
X-Handled-By
X-Framework
X-Drupal-Cache-Tags
X-App-Environment
X-Cache-Control
X-Origin-Server
X-Wix-Request-Id
ViewerVersion
Server-Info
X-NWS-LOG-UUID
Host-Header
X-BCube-Filmed-By
X-Cache-Rule
X-Cache-2
X-AOL-HN
X-Generated-By
X-Varnish-Hostname
DC
Retry-After
X-App-Server
Eomportal-Instance
X-Geo-Country
X-Amzn-RequestId
X-Amz-Apigw-Id
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
Server-Node
X-Correlation-Id
X-Varnish-Server
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Device-Type
X-Real-IP
Webserver
Payment
X-FB-Debug
X-Response-Served-From
X-Amz-Server-Side-Encryption
Actual-Object-TTL
Edge-Cache-Tag
X-Tumblr-Pixel-2
X-TT-TIMESTAMP
X-Tumblr-Pixel-1
X-Varnish-Hits
Access-Control-Allow-Method
ServedBy
AsisCache
X-Varnish-Grace
X-WebKit-CSP-Report-Only
Filters
Content-Style-Type
X-Cacheable-TTL
Content-Script-Type
GEO-INFO
X-Region
NGB
X-Drupal-Cache-Contexts
X-TX-ID
X-Contextid
X-Varnish-IP
X-Amz-Replication-Status
X-Servedby
X-RTag
X-Adobe-Content
X-UUID
Ms-Operation-Id
Viewport
X-Adobe-Loc
X-Locale
Country
From-Origin
Upgrade-Insecure-Requests
Healthy
X-Accel-Expires
Cache
X-Jobs
Cache-Tv-Group
X-Rendered-As
X-UA-Device-Type
X-WPE-Loopback-Upstream-Addr
X-RequestSource
X-Cache-Config
X-Cache-TTL-Remaining
X-Cache-Server
X-BACKEND-TTL
X-Cache-Operation
HitType
X-VG-WebCache
X-Ezoic-Cdn
Pagespeed
X-APP-VERSION
X-Cache-Remote
Fastly-Restarts
X-Cache-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Storage
X-Oneagent-Js-Injection
X-Upgrade-Enabled
Fastcgi-Useragent
X-S
X-Content-Age
X-Hit
X-Daa-Tunnel
X-Redis-Cache
Cache-Tags
X-Esi
X-FW-Dynamic
Served-By
X-Cache-NE
X-RateLimit-Limit
Cache-Tag
Meta-Geo
X-Cache-Var
Origin-Cache-Control
X-Backend-Name
X-Status
Origin-Edge-Control
X-JoinUs
X-NCache
X-Mode
X-Path-Route
X-RN-RSRV
X-Rule
X-Cache-Var-Map
X-Is-Bot
X-Internal-Host
Machine
X-Hl-Ver
X-Detected-As
Load-Balancing
X-Source
Selected-FE
Now
Cache-Key
X-CDN-Cache
X-Proxy
X-Proxy-Build
X-Origin-Response-Time
X-Origin-Host
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-ProxyCache-Status
X-Web-Node
X-Www-Served-By
X-Timing-Wait
X-Tb
X-Pubstack
X-L-Path
X-Grey
X-Agile-Id
X-Akamai-Request-ID
X-Agile-Age
X-Agile
Vix-Hermes-Req-Id
X-Birta-Cache-Post
X-Birta-Served
X-Environment-Context
X-FC-Vary-Parameters
X-Edge-IP
X-Cache-Category-Id
X-BYPASS-REASON
SRV
X-Time-Microsecs
X-OCL
X-Origin
X-Original-Request
X-Pc-Appver
X-Loop
X-IP
X-ApacheServer
X-Hosted-By
X-Human
X-Pc-Hit
X-Pc-Key
X-Via-Fastly
X-Viewer-Country
X-ServerID
X-Varnish-Cacheable
X-TNCMS
X-PCL
X-PERF
X-ProcessESI
Cache-Name
X-RemovedCookies
Datacenter
X-Guploader-Uploadid
X-Varnish-Cache-Hits
X-Site-Version
X-VG-TLSProxy
DB-Nickname
X-Akamai-Transformed
X-NGENIX-Cache
X-CCM
X-Debug-Cache
X-GeoIP
X-Format
Public-Key-Pins-Report-Only
X-Generated
NtCoent-Length
X-Section
X-Access
We-Hiring
Mail-Subject
X-Xfnlog-Site
X-App-Version
Azure-RegionName
Azure-InstanceId
X-MP-GENERATED-AT
Azure-SiteName
S-Rt
Azure-SlotName
Azure-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
TWC-Device-Class
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
TWC-GeoIP-Country
Property-Id
Xserver
TWC-Connection-Speed
X-UA
X-Ocache
Liferay-Portal
X-Cache-Enabled
User-Cache-Control
Fastcgi-X-Cache-Version
X-Proxied
X-App-Name
X-Sucuri-ID
X-Routing-Service
X-Zipkin-Id
S-Cnection
X-Request-Time
X-Protected-By
X-Microcachable
Access-Control-Request-Headers
X-Cdn-Forward
X-B3-Traceid
X-EdgeConnect-Cache-Status
X-Nginx-Cache
X-CACHE-KEY
X-Webstats-RespID
X-Tumblr-Pixel-3
X-GEO
X-FW-Version
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-FB-TRIP-ID
X-Origin-CC
User-Agent
X-Upstream-Proxy
X-GRACE
X-Upstream-HT
X-Upstream-CT
X-Proto
PageSpeed
X-Trace-Id
AR-SID
X-Yottaa-Metrics
LB
X-Yottaa-Optimizations
X-Correlation-ID
X-Node-Name
X-TIME
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Ohc-File-Size
X-Forwarded-Host
Powered
X-Nc
Cache-Hits
X-Endurance-Cache-Level
X-Edge-Cache-Key
X-Pc-Host
X-Cache-Backend
X-Edge-Cache
X-Pc-Date
X-ElasticPress-Search
X-Varnish-Beresp-Ttl
X-ES-SERVER
X-OVcl-Cache
Frame-Options
X-Unique-ID
X-OVcl
X-Dynatrace-Js-Agent
X-Origin-TTL
Section-Io-Cache
X-Server-Cache
X-Rocket-Nginx-Bypass
X-Ua
HostName
X-Vgn-Hpd-Reason
L5d-Success-Class
IBM-Web2-Location
Fastcgi-X-Cache
Nel
OT-Force-Account-Verify
X-Parent-Response-Time
X-V
X-Amz-Meta-Cache-Control
X-ServiceProvider
X-IN-APIGATEWAY
X-ScT
X-Application
X-Died
X-Aed
Rendered-Blocks
X-User
X-Hnp-Log
X-Fetched-On
X-SRCache-Key
X-S-Cookie
X-Accel-Expires-Debug
X-Destination
CACHE
GMS-Ver
Fly-Request-Id
Fly-Cache
Cache-Prefix
BehaviorPad-Version
X-Trv-Group
Country-Code
Fastly-SWR
Ec-Rule-Version
X-IN-SSL-APIGATEWAY
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Transaction
Arc-Country
Resin-Trace
Www
X-Twitter-Response-Tags
X-ARC
X-Cache-Host
X-TT-LOGID
VivaBuild
X-Info
X-IN-WAF
X-Rojux
X-Rewrite-Enabled
Viewtype
X-Irp-Debug
X-Cache-Id
X-CF-Lambda-Version
X-Rebelmouse-Cache-Control
MD5-Digest
X-CF-Lambda-Fn
Memcached
X-Region-Sid
X-PAYTM-SRV-ID
X-Origin-Date
X-Server-Group
X-Li-Pop
X-External-Request-Id
X-Micro-Cache
Mobile-Detection-Method
X-Block-Status
X-PHP-Host
X-Request-UUID
X-Gen-Mode
X-NU-AKA-ACS-Version
X-S-Maxage
X-DPWN-IS-SECURE
X-Reboot
X-Origin-Expires
X-Cache-Bucket
X-Cdn-Srv
X-Distil-CS
Meta-Geo-Continent
X-Li-Fabric
Xc-Version
X-Date
X-We-Are-Hiring
X-Generated-In
X-Cache-FS-Status
X-LI-UUID
X-Cache-Info
X-VG-WebServer
Fastly-SIE
X-Auto-Login
X-B-Cookie
X-Pc-Subdomain
X-Developer
Powered-By
X-BB-ID
X-From
X-Server-By
Node
X-LI-Proto
X-Connection-Hash
X-Rebelmouse-Surrogate-Control
X-Via-CDN
Mn-Server-Ip
Server-Host
Proxy-Connection
X-Stale
X-FireWall-Port
Platform
Request-Time
On-Server
SD-X-WS
X-G
X-Dispatcher-Server
X-Backend-Host
X-Backend-Url
X-CUA
X-D
X-Cache-URL
X-Debug-Cookies
X-Epic-Correlation-Id
X-Crawler
X-Server-IP
X-Cache-Debug
X-Cache-Expires
X-Distributor
X-Server-Time
X-Gannett-Site-Version
X-Bip
X-Fastly-Cache
X-Actual-URL
Web-Mar-Node
X-Sf
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-A
X-A-Ccd
X-Debug-Log
X-Cache-Grace
X-A-Wwc
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Secret
X-Variation
X-Wikidot-Static-Cache
X-Time
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Location
X-Proxy-Upstream
X-Level-Front-Cache
X-LAGOON
Adler-Geo
Ajk
X-UE-Client-Country
X-Var-Ttl
X-Svr
X-Via-NSCOPI
X-Proxy-Cache-Status
X-Logtrace-Id
X-Returned-From-PostProcessResponse
X-Returned-From
X-Passed-To
X-Returned-From-BeforeDispatch
X-Node-Id
X-Returned-From-DLL
X-NX-Host
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Policy
X-Matched-Rule
X-Platform
X-Request-URI
X-Passed-To-PostProcessResponse
X-Croise-Owner
Backend
X-Varnish-Action
Is-Eu
X-Swa-Ws
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Backend-Name
X-Generated-On
X-Thinkindot-L3
X-Thanos
Magicmarker
Lfy
X-GeoIP-Country-Code
Content-Disposition
X-R9-Blue-Green-Version
X-Sucuri-Cache
Warning
X-HS-Cache-Config
X-Sorting-Hat-ShopId
X-CGP
X-SIPLIST1
X-Dc
X-Generation-Time
X-Response-By
Release
HA-Ipaddr
Ha-Gx-Prefs
Heartbleed
Origin
X-Device-Os
Pagetype
X-No-Session
X-Eu-Site
Kp-EeAlive
IsBot
X-Fstrz
X-SERVER
Pramga
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Clientip
X-Nginx-Cache-Key
X-Up
X-UnsetCookies
X-Shopify-Stage
X-Key
X-Hash
X-VWS-Id
SS
X-Instart-Isnd
X-ShardId
X-ShopId
Version
AKAMAI
Who
Countrycode
Server-Surrogate-Control
X-LJ-Flow-ID
RNT-Machine
RNT-Time
X-Sorting-Hat-PodId
X-C
X-Cache-ASPX
GW-Server
CDCHOST
X-Qloud-Router
X-AWS-Id
X-Backend-State
Fastly-Soc-X-Request-Id
X-Alternate-Cache-Key
X-Amz-Meta-Surrogate-Control
X-Varnish-Authentication
Server-Cache-Control
X-Page-Type
X-MSEdge-Features
X-F5-Cache
X-MSEdge-Flight
X-Varnish-Url
X-Developers
X-Core-Value
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Core-Mission
Server-Int
Fastly-SSL
Cache-Cookie-Set-Lfrom
Apple-News-Services-Request-Url
Apple-News-Services-Handled
PFcat
REQUESTUUID
Server-ID
X-Servername
X-Cluster-Node
NGX
X-Pjax-Url
X-Ratelimit-Remaining
X-Sedo-Request-Id
X-Be
X-Refresh
X-Store
RequestId
X-Cache-Miss-From
Esi-Enabled
X-TrackingId
Time
X-CDN-Forward
X-Cache-CFC
X-MI-In-Market
X-RCS-CacheZone
MI-Cache
MI-API
X-Newrelic-App-Data
X-EIG-Tracking-Id
MI-Cache-Age
X-Layer
MIME-Version
X-NC
X-Real-Ip
X-B3-SpanId
X-URL
X-IPS-LoggedIn
SID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Mrs-Cache
HA-Cloudapp
X-SN
HA-Geocity
HA-Geocountry
HA-Geolon
HA-Geolat
X-Unique-Id-Primal
X-Mshield-Cache-Status
X-Mrs-Age
HA-Urlpath
HA-Georegion
HA-Servedtime
X-Mrs-Cache-Hits
HA-Host
PICS-Label
Cteonnt-Length
X-Owner
X-From-Cache
X-Ratelimit-Limit
X-Geo
X-Hyper-Cache
Odigeo-Trace-Id
X-Servedbyhost
X-RequestId
Mime-Version
Backend-Name
Cdn
X-CMS-Context
FastCGI-Cache
X-FPC
Memory
CF-IPCountry
X-Instart-Info
X-CSRF-TOKEN
X-Webkit-CSP
X-Webkit-Csp
X-Req
X-WebServer
Processtime
HTTPS
X-B3-Spanid
X-CLOUD-TRACE-CONTEXT
CDN
X-Wa
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Request-Start
X-Phone
X-Release
X-Pf-Uncompressing
Cf-Ipcountry
Ohc-Response-Time
X-Aicache-OS
X-DC
X-WR-MODIFICATION
XServer
X-Atg-Version
GeoIP-Country-Code
X-Newrelic-Synthetics
Hostname
X-Mobile-URL
X-HS-Combine-CSS
GeoIP-Latitude
X-Load-Cache
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Varnish-Beresp-TTL
ProcessTime
X-Server-W
X-Served-From
X-GZip
X-ND-Cache
X-Fastly-Country-Code
Cross-Origin-Window-Policy
URI
X-VServer
X-NodeID
Rt-Proxy-Cache
X-Lb-Id
X-WA
X-Varnish-Ttl
X-HTML-Minification-Powered-By
X-Nananana
X-GoCache-CacheStatus
Accept-Ch-Lifetime
X-Unique-Id
X-FORWARDED-FOR
X-PF-Uncompressing
T-Server
X-Skip-Cache
V-Age
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-Token
X-Cdn-Origin
X-Oracle-Dms-Ecid
X-Sn-Servicetimems
X-ServedByHost
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Proxy-Firewall
X-VC-Cache
X-MServer
Ohc-Cache-HIT
X-LB-ID
X-COUNTRY
X-Datadome
X-Cms-Context
X-UPSTREAM-Address
X-Worker
X-P-T
Pics-Label
X-APP
X-SRV
Get-Access-Time
Is-Session-Tracking
DataCenter
X-Fastly-Cache-Hits
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-LiteSpeed-Cache-Control
X-Gateway-Cache-Key
X-UCC
ServerName
X-Check-Cacheable
A
X-HS-Status
N-Cache
Uber-Trace-Id
X-SERVER-NAME
Amp-Access-Control-Allow-Source-Origin
X-RCS-Backend
X-Requestid
X-CACHE-AGE
X-NGINX-Cache
Geoip-Latitude
X-GZIP
X-Processor
X-Cache-HT
X-BBXSRF
GeoIp-Country-Code
X-Org
X-Optimization
X-ID
Dnion-Transfer-Encoding
X-BE
X-StackifyID
WZWS-RAY
X-Hp-Webp
X-Backend-TTL
X-Vg-Webcache
WP-Super-Cache
X-GDPR
Cneonction
X-Port
X-Via-SSL
Requestid
X-Varnish-URL
Cache-Provider
X-Fe
X-Csrf-Token
X-PAGE-TYPE
X-PJAX-URL
X-Via-Edge
Serverid
X-NWS-UUID-VERIFY
Pragrma
X-Git-Hash
X-LiteSpeed-Tag
Server-Id
X-ServerName
X-Instance-Name
X-Gdpr
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Dw-Trace-Id
X-HostName
RequestUuid
X-Front
X-VCT
X-Akamai-Request-ID2
X-RAMCache
X-Request-Url
219prxHost
225prxHost
286prxHost
189phosttRef
188prxHost
Correlation-Id
DSUID
178proxuri
352pxline
355prline
Accept-Language
Request-Country
Request-EU
X-PARISIEN-Cache-Rendered
Xxline
409pxxline
X-VarnPar1
X-VarnCache
X-CS