Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Date
Content-Type
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
X-Powered-By
Last-Modified
Accept-Ranges
X-Content-Type-Options
Strict-Transport-Security
X-XSS-Protection
ETag
Link
Expect-CT
CF-RAY
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
P3P
X-UA-Compatible
X-Cache-Hits
CF-Ray
X-Varnish
X-Served-By
X-Request-Id
X-Amz-Cf-Id
Referrer-Policy
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
X-AspNetMvc-Version
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Check
Status
Timing-Allow-Origin
X-Cache-Status
X-DNS-Prefetch-Control
X-Iinfo
X-Via
X-Template
X-Language
X-CDN
X-Turbo-Charged-By
X-Content-Security-Policy
Content-Encoding
X-Permitted-Cross-Domain-Policies
X-Buckets
Keep-Alive
X-Nginx-Cache-Status
X-Type
X-Server-Powered-By
X-Backend
X-AH-Environment
EagleId
X-Cache-Group
X-Pingback
X-Server
WPE-Backend
X-Pass-Why
X-Age
X-Swift-CacheTime
X-Swift-SaveTime
Access-Control-Max-Age
Ali-Swift-Global-Savetime
Xkey
Grace
X-Varnish-Cache
X-Cache-Lookup
Access-Control-Expose-Headers
Upgrade
X-Hacker
Cf-Railgun
X-UA-Device
X-Page-Speed
X-LiteSpeed-Cache
X-Drupal-Dynamic-Cache
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
X-CST
X-Server-Id
Content-Location
X-Envoy-Upstream-Service-Time
X-Node
Request-Context
X-Ac
X-Device
X-Host
X-Cnection
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
X-Rack-Cache
Permitted-Cross-Domain-Policies
X-Do-Not-Hack
X-HeyJason
Request-Id
X-Readtime
Allow
X-Instart-Request-ID
X-Px
EagleEye-TraceId
X-Response-Time
Edge-Control
Pinterest-Generated-By
X-Application-Context
X-Rq
X-Clacks-Overhead
Server-Timing
X-MS-InvokeApp
X-Url
X-DynaTrace-JS-Agent
X-Cloud-Trace-Context
X-Server-Name
X-TTL
Charset
SPRequestGuid
X-NWS-LOG-UUID
X-Country
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-SharePointHealthScore
X-Ruxit-JS-Agent
Rating
X-Cached
AR-CACHE
AR-PoweredBy
AR-ATIME
AR-SID
X-Country-Code
X-DataDome
Report-To
X-Varnish-TTL
Public-Key-Pins
X-Powered-By-Plesk
X-Powered-CMS
X-Mod-Pagespeed
X-TtlSet
X-PC
X-Vname
SPIisLatency
X-N
SPRequestDuration
MS-Author-Via
X-Recruiting
Content-MD5
X-Version
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Shield-Request-Id
X-Exp-Id
X-F-Cache
X-GoogleNews-Bot
X-Geo-Segment
X-Kinja-Build
X-Kinja-Server
X-Ser
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Dw-Request-Base-Id
Cartoon
X-T
X-Trace
Nginx-Cache
X-FTR-Request-ID
Arr-Disable-Session-Affinity
X-XRDS-Location
X-Daa-Tunnel
Pinterest-Version
X-D2id
X-Pinterest-Rid
X-Esi
X-Upstream-Env
NEL
Feature-Policy
X-Via-JSL
X-Amz-Rid
RTSS
X-GitHub-Request-Id
X-Cdn
X-Vhost
X-Forwarded-Proto
X-Abt-Application-Version
X-Dynatrace
X-IPLB-Instance
X-Vcap-Request-Id
X-Hits
X-Client-IP
X-Goog-Hash
Realpath
X-Kinsta-Cache
X-Origin-Cache
X-Grace
X-Cache-Key
X-B
X-Zen-Fury
X-TEC-API-ORIGIN
Fastcgi-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Navigation-Version
X-Upstream
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-DIS-Request-ID
X-Id
X-Dispatcher
TCN
X-Varnish-Age
Liferay-Portal
Verso
Alternate-Protocol
Cache
X-Content-Digest
X-Content-Options
Access-Control-Request-Method
Paypal-Debug-Id
Front-End-Https
X-Nf-Srv-Version
X-Logged-In
X-NF-Request-ID
X-User-Agent
X-Fastly-Request-ID
X-Newrelic-App-Data
X-Feature
X-Pad
S
X-Whom
X-Mrf-Item-Lastmod
X-Sol
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Frontend
Tracecode
X-HS-Content-Id
X-Oracle-Dms-Ecid
X-HS-Cache-Config
X-FastCGI-Cache
PB-PID
PB-RID
X-Oracle-Dms-Rid
X-Debug
X-SS-Set-Cookie
Edge-Cache-Tag
X-Hyper-Cache
Server-Name
X-Webkit-Csp
Cache-Status
Rt-Fastcgi-Cache
X-UUID
X-PressLabs-Stats
Eomportal-Instance
Powered-By-ChinaCache
X-B3-Traceid
X-Cache-Rule
X-Hostname
Host
Service-Worker-Allowed
Pagespeed
X-Middleton-Response
Response
X-Middleton-Display
X-Goog-Stored-Content-Length
X-Goog-Generation
X-CF-Powered-By
Dynatrace
X-Goog-Metageneration
X-Goog-Storage-Class
Display
X-Goog-Stored-Content-Encoding
Server-Info
HitInfo
S-Cnection
X-AOL-HN
X-RateLimit-Remaining
HitType
X-Wix-Server-Artifact-Id
X-MSEdge-Ref
X-Mobile-Rewrite
FilterID
X-Cache-Bucket
X-Content-Security-Policy-Report-Only
X-VCache
X-APP-VERSION
TP-Cache
Fastly-Restarts
TP-L2-Cache
X-Revision
X-Contextid
X-Varnish-Server
Public-Key-Pins-Report-Only
X-Magnolia-Registration
X-Cache-Hit
X-Instance
X-FTR-Cache-Status
X-FTR-DC
X-Request-Received
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-HS-Combine-CSS
X-Request-Processing-Time
X-Rid
X-Country-Code-Real
X-FTR-Realm
X-FTR-Expires
X-Sucuri-ID
X-Mobile
X-Proxied
X-GUploader-UploadID
X-TA-CDN-Provider
X-ServedBy
Source
X-URL
X-Cache-Action
X-Correlation-ID
Backend-Timing
Refresh
X-Amzn-Trace-Id
X-AppVersion
X-Az
ServerID
X-Analytics
X-Activity-Id
X-PHP-Backend
X-Signature
X-TT-TIMESTAMP
X-Cache-2
X-B-Cache
Country
X-FB-Debug
X-Framework
X-Ttl
X-Real-IP
X-Akamai-Edgescape
X-Cf-Powered-By
Upgrade-Insecure-Requests
Served-By
Surrogate-Key
X-App-Environment
X-Cache-Operation
X-Geo-Country
X-Shield-Cache-Expires
X-Device-Type
X-Debug-Info
X-WA-Info
Actual-Object-TTL
X-ADI-VCache
X-HW
X-Origin
X-CLOUD-TRACE-CONTEXT
X-ESI
X-TT
X-Ocache
X-TIME
X-FTR-Cache-Host
X-Varnish-Hostname
X-Content-Powered-By
X-Cache-Config
X-CDN-Forward
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Backend
X-Tumblr-User
X-Tumblr-Pixel
Cleartype
X-Cache-Remote
Retry-After
X-Tumblr-Pixel-0
Arc-Version
X-PC-Key
X-Request-Guid
X-Page-Id
X-Handled-By
X-Hail-Hydra
X-Cache-NE
X-PC-Hit
X-PC-AppVer
X-Cache-Control
Server-Node
X-Cache-Server
Webserver
MS-CV
Host-Header
X-Sucuri-Cache
DC
X-Accel-Expires
X-Accel-Buffering
X-BCube-Filmed-By
X-WPE-Loopback-Upstream-Addr
Accept-Charset
X-Atg-Version
X-Geo
X-NWS-UUID-VERIFY
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Jobs
X-Adobe-Content
X-Cached-By
X-Generated-By
X-GeoIP
SRV
X-Adobe-Loc
X-DynaTrace
X-LB-Cache
X-Wix-Request-Id
ServedBy
X-Amz-Server-Side-Encryption
X-Cacheable-TTL
X-App-Server
X-RequestSource
AsisCache
X-PC-Date
X-TX-ID
X-PC-Host
X-Storage
X-Seen-By
X-Varnish-Hits
X-Origin-Upstream-Status
X-WebKit-CSP-Report-Only
X-Varnish-IP
X-Forwarded-For
X-Cluster
X-GZip
X-Akamai-Transformed
X-CACHE-AGE
X-NC
X-Edge-Cache
X-Edge-Cache-Key
X-RTag
X-Origin-Server
X-Platform-Server
X-Drupal-Cache-Tags
X-FW-Hash
X-Region
X-FW-Serve
X-Internal-Host
X-FORWARDED-FOR
X-Microcachable
X-S
X-FW-Type
X-FW-Server
X-Varnish-Grace
X-FW-Static
X-Locale
X-Vg-Webcache
Content-Style-Type
Ohc-File-Size
NGB
X-COUNTRY
WP-Super-Cache
From-Origin
Content-Script-Type
X-Cache-TTL-Remaining
X-Amz-Replication-Status
Filters
X-Varnish-Cache-Hits
X-StackifyID
X-Oss-Storage-Class
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CCM
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-DC
X-CSRF-Token
X-Oss-Server-Time
X-EIG-Tracking-Id
X-Yottaa-Sig
Load-Balancing
Viewport
Cache-Hits
Access-Control-Request-Headers
X-Distil-CS
X-Proto
Cache-Tag
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Srv
X-Oss-Request-Id
Datacenter
Origin-Cache-Control
Healthy
Cache-Key
X-Skip-Cache
X-PERF
Fastly-SSL
L5d-Success-Class
GEO-INFO
Mn-Server-Ip
Time
X-Environment-Context
X-ApacheServer
X-Generated
X-BB-IP
X-Distributor
X-Debug-Cache
X-Cache-Enabled
X-Cache-Category-Id
X-Akamai-Request-ID
X-Akam-SW-Version
X-L-Path
ServerName
X-NGENIX-Cache
X-Hit
X-Grey
X-Agile-Id
X-Agile-Age
X-Agile
Origin-Edge-Control
X-Time-Microsecs
X-Upstream-CT
HostName
X-Port
X-Upstream-HT
X-Viewer-Country
DynaTrace
X-B3-Spanid
X-Fastcgi-Cache
X-JoinUs
X-Xfnlog-Site
X-Mode
X-UA
Cteonnt-Length
X-Web-Node
Cneonction
Now
X-Optimization
X-BYPASS-REASON
X-ServerID
X-ProxyCache-Status
X-Croise-Owner
X-ProxyCache-Key
X-Source
X-Nginx-Cache
Access-Control-Allow-Method
X-UA-Device-Type
X-Cache-HT
Cache-Name
COMMERCE-SERVER-SOFTWARE
X-Labrador-Cache-Channel
X-Edge-Location
X-Drupal-Cache-Contexts
X-Hosted-By
X-Human
X-Vgn-Hpd-Reason
X-Is-Bot
X-IP
X-Instance-Name
X-TWH-CORRELATION-ID
X-Cluster-Node
X-Detected-As
X-Zipkin-Id
X-Format
X-Via-Fastly
X-DataStream-Cache-Status
X-Ezoic-Cdn
X-Webstats-RespID
X-Endurance-Cache-Level
X-VWS-Id
X-Upgrade-Enabled
X-Generation-Time
X-Node-Name
X-RemovedCookies
X-SplitTest
X-Pubstack
X-ProcessESI
X-PCL
X-TNCMS
X-Render-Type
X-Rendered-As
X-Section
X-Site-Version
X-Routing-Service
X-RN-RSRV
X-CDN-Cache
X-Request-Time
X-Path-Route
X-OVcl-Cache
X-WR-MODIFICATION
X-Www-Served-By
X-NCache
X-MP-GENERATED-AT
X-Loop
X-Meta-Tbi-Cache-Vertical
X-NodeID
X-NU-AKA-ACS-Version
X-Tumblr-Pixel-3
X-OVcl
X-Original-Request
X-Origin-Hint
X-OCL
X-Origin-CC
X-LJ-Flow-ID
Azure-SlotName
Machine
Meta-Geo
LB
Fastcgi-Useragent
DB-Nickname
MIME-Version
NODE
S-Rt
TWC-Connection-Speed
RequestId
Property-Id
Pagetype
Backend
Azure-Version
X-Ratelimit-Limit
X-ByteArk-Cache
X-SRV
X-Correlation-Id
X-NewRelic-App-Data
X-Cache-TTL
Selected-FE
Azure-SiteName
Azure-RegionName
X-Timing-Wait
X-Proxy-Build
TWC-Device-Class
Azure-InstanceId
X-Be
X-B3-Sampled
X-App-Name
X-Amz-Meta-Surrogate-Control
X-Birta-Cache-Post
TWC-GeoIP-Country
X-Cache-Var-Map
X-Cache-Var
X-CCM-LastModified
X-Birta-Served
X-Access
X-AWS-Id
Webcakes-App-Version
Webcakes-App-Name
User-Cache-Control
User-Agent
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
IBM-Web2-Location
X-Surge-Debug
X-Backend-Name
X-Unique-ID
ProcessTime
X-Varnish-Cacheable
X-Proxy
X-Status
X-FC-Vary-Parameters
NnCoection
Countrycode
X-Destination
X-Died
X-Developer
X-Device-Os
X-Debug-Cookies
T-Server
X-CS
X-Debug-Log
X-D
X-ARC
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Warning
X-A-Dgt
X-A-Wwc
X-B-Cookie
X-Cache-Expires
V-Age
X-Application
X-Alternate-Cache-Key
X-Cache-Host
X-S-Cookie
X-WebServer
X-Sorting-Hat-PrivacyLevel
Server-ID
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PodId
X-Var-Ttl
X-Sorting-Hat-Section
X-SRCache-Key
X-UE-Client-Country
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-Sorting-Hat-FeatureSet
X-Shopify-Stage
X-Hash
X-Generated-In
X-G
X-Fstrz
X-Logtrace-Id
X-NX-Host
X-ShopId
X-ShardId
X-Request-URI
X-Release
X-From
X-DPWN-IS-SECURE
Version
Magicmarker
Ajk
Brightspot-Id
Cache-Prefix
X-ATG-Version
X-Cache-Age
Resin-Trace
WZWS-RAY
X-Newrelic-Synthetics
X-RateLimit-Limit
Fly-Cache
X-Ua
Request-EU
Request-Time
Is-Session-Tracking
Fly-Request-Id
Request-Country
Kp-EeAlive
Proxy-Connection
Get-Access-Time
X-ElasticPress-Search
FSS-Proxy
FSS-Cache
UCS
X-C
X-Varnish-Beresp-Ttl
CDN
X-From-Cache
X-Frame-Option
X-Forwarded-Host
X-Fetched-On
X-Epic-Correlation-Id
X-Env
X-EdgeConnect-Cache-Status
X-Eu-Site
X-F5-Cache
X-Gannett-Site-Version
X-Fastly-Cache
X-Flog
X-GoCache-CacheStatus
X-Mem
X-Matched-Rule
X-Location
X-MI-In-Market
X-Micro-Cache
X-ND-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-Layer
X-Kong-Upstream-Latency
X-Haproxy-Hostname
X-GeoIP-Country-Code
X-GeoIP-City
X-Haproxy-Ip
X-Hnp-Log
X-Kong-Proxy-Latency
X-Key
X-Irp-Debug
X-Gen-Mode
X-Developers
X-Cache-Backend
X-Block-Status
X-BBXSRF
X-Cache-Debug
X-Cache-FS-Status
Ws
X-Cache-Srv
Www
X-BB-ID
X-Backend-Url
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Cache-Control
X-Actual-URL
X-Amz-Meta-S3cmd-Attrs
X-Backend-Host
X-ABtesting
X-Backend-TTL
X-Backend-State
X-Cache-URL
X-Cdn-Origin
X-Core-Mission
X-Content-Type
X-No-Session
X-Core-Value
X-DataStream-MidMile-RTT
X-EC-Security-Audit
Who
X-DataStream-Origin-MEX-Latency
X-Content-Age
X-Connection-Hash
X-Cdn-Srv
X-CDN-Pop-IP
X-CDN-Pop
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Ckpd-Fst-Backend
X-CGP
X-Edge-IP
X-Powered-By-ANYU
X-Servername
X-Server-Time
X-Server-IP
X-ServiceProvider
X-SIPLIST1
X-Varnish-Beresp-Status
X-Varnish-Id
X-Server-Group
X-Server-By
X-ScT
X-ROOTCache
X-Rojux
X-Secret
X-Ver
X-Servedbyhost
X-Served-From
X-Sn-Servicetimems
X-Stale
X-Transaction
X-Up
X-User
X-UnsetCookies
X-Twitter-Response-Tags
X-Trv-Group
X-TT-LOGID
X-Trace-Id
X-Thinkindot-L3
X-Varnish-Beresp-Grace
X-SVT-ORM-RULES
Web-Mar-Region
X-Varnish-Action
X-V
X-Tb
X-SVT-ORM-VERSION
X-Rewrite-Enabled
X-Returned-From-PostProcessResponse
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Public
X-Rebelmouse-Cache-Control
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Phone
X-Pf-Uncompressing
X-Passed-To
X-P-T
X-Owner
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Region-Sid
Xc-Version
X-Via-CDN
X-Via-Edge
X-VServer
X-Returned-From
X-Returned-From-BeforeDispatch
X-VG-WebServer
X-Returned-From-DLL
X-We-Are-Hiring
X-Wikidot-Backend
X-Requestid
X-Request-UUID
X-Req
X-Response-By
X-Worker
X-Wikidot-Static-Cache
X-Wix-Route-ID
X-Origin-TTL
Max-Age
Ec-Rule-Version
Drupal-Pagecache-Memcache
Esi-Enabled
Fastcgi-X-Cache
Fastly-Backend-Name
Fastcgi-X-Cache-Version
Decoy-Debug-TTL
Decoy-Debug-Status
CF-IPCountry
X-Dispatcher-Server
Content-Disposition
Decoy-Debug-Key
X-Crawler
X-Cache-Time
Fastly-SIE
HA-Cloudapp
Country-Code
HA-Geocity
HA-Geocountry
HA-Geolon
GW-Server
If-Modified-Since
Fastly-Soc-X-Request-Id
X-Cache-Id
Fastly-SWR
X-Auto-Login
NodeID
CDCHOST
Cache-Cookie-Set-Lfrom
X-LB-CacheStatus
X-LB-Node
X-Via-NSCOPI
Accept-Ch
X-IN-WAF
X-Info
X-Origin-Date
X-Origin-Expires
X-Refresh
X-RCS-CacheZone
X-S-Maxage
X-Sentry-ID
X-Page-Type
AKAMAI
X-IN-SSL-APIGATEWAY
Backend-Name
Arc-Country
BehaviorPad-Version
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Hl-Ver
X-IN-APIGATEWAY
Apple-News-Services-Handled
Web-Mar-Node
Apple-News-Services-Host
HA-Georegion
HA-Geolat
Powered-By
PICS-Label
Pragrma
Pramga
X-Front
PFcat
Payment
Ohc-Response-Time
On-Server
Ha-Gx-Prefs
OT-Force-Account-Verify
Release
Rendered-Blocks
Thinkindot-Control
Thinkindot-CacheControl-Type
Uber-Trace-Id
Viewtype
VivaBuild
Thinkindot-CacheControl
Sta2Tusw
REQUESTUUID
Server-Host
Server-Int
Sid
Odigeo-Trace-Id
Origin
Xserver
MD5-Digest
HA-Servedtime
Memcached
IsBot
HA-Urlpath
HTTPS
Host-ID
Heartbleed
Cache-Provider
Httpd-Identifier
HA-Ipaddr
MI-Cache
Memory
MI-Cache-Age
MI-API
Meta-Geo-Continent
NGX
HA-Host
Dnion-Transfer-Encoding
X-Dc
X-Fastly-Cache-Hits
X-Bug-Bounty
X-Powered-By-Defense
X-Rocket-Nginx-Serving-Static
X-Fastly-Backend-Reqs
X-Zalando-Child-Request-Id
X-Varnish-HitMiss
X-Thanos
RATING
X-Svr
X-TId
XServer
X-Server-W
Frame-Options
X-Zalando-Page-Type
GMS-Ver
X-Platform
Lfy
Platform
X-Cache-CFC
X-Bip
X-RateLimit-Limit-Second
X-Node-Id
X-LiteSpeed-Cache-Control
X-Rocket-Nginx-Bypass
Is-Eu
X-FireWall-Port
X-HCF
X-Clientip
X-RateLimit-Remaining-Second
X-Cache-Control-Set-By
X-Varnish-Url
X-Redis-Cache
X-Request-Start
Adler-Geo
X-Guploader-Uploadid
Group
V-Cache
X-VarnPar1
X-Accel-Expires-Debug
X-VarnPar2
NtCoent-Length
X-Remote-IP
X-HTML-Minification-Powered-By
X-VC
X-Date
X-XRDS-LOCATION
Geoip-City
Rt-Proxy-Cache
GeoIp-Country-Code
Hostname
URI
DataCenter
Geoip-Latitude
N-Cache
X-HGenerator
X-PJAX-URL
X-Nananana
X-SB
X-PARISIEN-Cache-Rendered
X-Load-Cache
GeoIP-City
X-Safe-Firewall
GeoIP-Latitude
GeoIP-Country-Code
X-VarnCache
X-Varnish-Beresp-TTL
X-Ratelimit-Remaining
X-Real-Ip
Processtime
X-Csrf-Token
X-Proxy-Server
X-Servedby
X-ProxyCache-Args
X-Ms-Version
X-Trv-Request-Id
X-Varnish-URL
X-Tid
X-Pjax-Url
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Blob-Type
X-Qnm-Cache
X-M-Reqid
X-Check-Cacheable
X-M-Log
WebServer
PageType
X-Cache-Ttl
Apicache-Version
WWW-Authenticate
X-VG-WebCache
Apicache-Store
X-Alicdn-Da-Ups-Status
X-Fe
X-Unique-Id