Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Date
Content-Type
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
Last-Modified
X-Powered-By
Accept-Ranges
X-Content-Type-Options
Strict-Transport-Security
ETag
X-XSS-Protection
Link
Expect-CT
Via
X-Cache
CF-RAY
Age
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
CF-Ray
P3P
X-UA-Compatible
X-Cache-Hits
X-Varnish
X-Served-By
X-Request-Id
X-Amz-Cf-Id
Referrer-Policy
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Generator
Content-Security-Policy-Report-Only
X-AspNetMvc-Version
X-Adblock-Key
X-Check
Status
X-Cache-Status
Timing-Allow-Origin
X-Iinfo
X-Via
X-Template
X-CDN
X-Language
X-Turbo-Charged-By
X-DNS-Prefetch-Control
X-Content-Security-Policy
Content-Encoding
X-Buckets
X-Permitted-Cross-Domain-Policies
Keep-Alive
X-Type
X-Nginx-Cache-Status
X-AH-Environment
X-Backend
X-Cache-Group
WPE-Backend
X-Server-Powered-By
X-Pass-Why
X-Pingback
EagleId
X-Server
X-Age
Access-Control-Max-Age
X-Swift-SaveTime
X-Swift-CacheTime
Xkey
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
Access-Control-Expose-Headers
X-Cache-Lookup
Upgrade
X-Page-Speed
X-Hacker
X-LiteSpeed-Cache
X-UA-Device
Cf-Railgun
X-Drupal-Dynamic-Cache
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
X-Server-Id
Content-Location
X-CST
X-Node
X-Envoy-Upstream-Service-Time
X-Device
Request-Context
X-Ac
X-Host
X-Cnection
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Surrogate-Control
X-Backend-Server
X-Rack-Cache
X-Readtime
Permitted-Cross-Domain-Policies
X-HeyJason
X-Do-Not-Hack
Request-Id
X-Instart-Request-ID
X-Cloud-Trace-Context
Allow
X-TTL
EagleEye-TraceId
Pinterest-Generated-By
X-Px
X-Clacks-Overhead
X-Response-Time
X-Rq
Server-Timing
Edge-Control
X-Application-Context
X-MS-InvokeApp
X-Dns-Prefetch-Control
X-DynaTrace-JS-Agent
X-Webkit-Csp
X-Server-Name
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Charset
X-Ruxit-JS-Agent
SPRequestGuid
Rating
X-WebKit-CSP
X-Cached
X-NWS-LOG-UUID
X-Url
X-SharePointHealthScore
X-DataDome
X-Varnish-TTL
X-Country-Code
AR-CACHE
AR-PoweredBy
Report-To
AR-SID
AR-ATIME
X-Powered-CMS
X-Esi
X-PC
X-TtlSet
X-Mod-Pagespeed
X-Vname
X-N
X-Powered-By-Plesk
Public-Key-Pins
SPRequestDuration
SPIisLatency
X-Recruiting
X-Dynatrace
X-Version
MS-Author-Via
Content-MD5
X-VARITI-CCR
X-F-Cache
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-XRDS-Location
X-T
X-Exp-Variant
X-Dw-Request-Base-Id
X-FTR-Request-ID
X-Exp-Id
X-Geo-Segment
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
Nginx-Cache
X-Cdn-Fetch
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
X-Ser
NEL
X-Upstream-Env
X-D2id
Cartoon
X-Trace
Feature-Policy
RTSS
X-Daa-Tunnel
X-Vhost
X-Newrelic-App-Data
X-Via-JSL
X-Abt-Application-Version
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Amz-Rid
X-IPLB-Instance
X-Client-IP
X-Hits
X-Forwarded-Proto
Realpath
X-Origin-Cache
X-Country
X-Goog-Hash
X-FastCGI-Cache
X-Kinsta-Cache
X-B
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Navigation-Version
X-Grace
X-Upstream
X-Zen-Fury
Fastcgi-Cache
X-DIS-Request-ID
X-URL
X-Varnish-Age
X-COUNTRY
X-Cache-Key
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Cdn
X-Dispatcher
Alternate-Protocol
X-Content-Options
X-Id
X-Content-Digest
Paypal-Debug-Id
TCN
Cache
Dynatrace
Front-End-Https
X-Logged-In
X-Pad
X-NF-Request-ID
X-CF-Powered-By
X-Nf-Srv-Version
Liferay-Portal
Access-Control-Request-Method
X-Whom
X-Fastly-Request-ID
X-Correlation-ID
X-SS-Set-Cookie
X-Frontend
PB-RID
PB-PID
Verso
X-Mrf-Section-Lastmod
X-Sol
X-User-Agent
X-Mrf-Item-Lastmod
Server-Name
Mrf-Cache-Status
MRF-Tech
Cache-Status
Rt-Fastcgi-Cache
X-Debug
X-Hostname
Edge-Cache-Tag
X-HS-Content-Id
X-HS-Cache-Config
Powered-By-ChinaCache
X-Cache-Rule
Service-Worker-Allowed
X-UUID
Tracecode
X-PressLabs-Stats
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Mobile-Rewrite
X-MSEdge-Ref
Eomportal-Instance
Host
S
Display
S-Cnection
X-Atg-Version
X-Feature
X-Middleton-Response
X-AOL-HN
X-RateLimit-Remaining
X-Wix-Server-Artifact-Id
X-Middleton-Display
X-Hyper-Cache
Pagespeed
Response
HitType
Public-Key-Pins-Report-Only
HitInfo
X-B3-Traceid
Server-Info
X-VCache
X-Sucuri-ID
X-Varnish-Server
TP-Cache
X-Cache-Bucket
X-Instance
TP-L2-Cache
X-Contextid
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
X-APP-VERSION
X-Cache-Hit
FilterID
Fastly-Restarts
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Expires
X-Request-Received
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-Request-Processing-Time
Refresh
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
X-Analytics
X-ServedBy
X-Proxied
Backend-Timing
X-Magnolia-Registration
X-Activity-Id
X-Az
X-AppVersion
X-Revision
X-Rid
X-Amzn-Trace-Id
X-HS-Combine-CSS
X-CACHE-AGE
X-Cache-Action
X-Mobile
X-Geo-Country
X-Signature
X-Origin
X-Varnish-Backend
X-PHP-Backend
Served-By
X-B-Cache
X-FB-Debug
Country
X-TT-TIMESTAMP
ServerID
Source
X-App-Environment
Surrogate-Key
Retry-After
Upgrade-Insecure-Requests
X-Cache-Operation
X-Debug-Info
X-ADI-VCache
X-Content-Powered-By
X-Cache-2
X-Varnish-Hostname
X-Shield-Cache-Expires
X-HW
Arc-Version
Actual-Object-TTL
X-Real-IP
X-Ocache
X-Cache-Remote
X-Framework
X-Device-Type
X-CDN-Forward
X-Sucuri-Cache
X-Akamai-Edgescape
AMP-Access-Control-Allow-Source-Origin
X-WPE-Loopback-Upstream-Addr
X-FTR-Cache-Host
X-TIME
X-Handled-By
X-PC-AppVer
X-PC-Hit
X-Request-Guid
X-DC
X-PC-Key
X-TT
X-Hail-Hydra
Server-Node
DC
MS-CV
Host-Header
X-Accel-Expires
Webserver
X-Cache-Server
X-BCube-Filmed-By
X-Cache-Control
Cleartype
X-Tumblr-Pixel
X-Accel-Buffering
X-Tumblr-User
X-Tumblr-Pixel-0
X-Geo
X-Cache-NE
X-Cache-Config
X-TA-CDN-Provider
X-App-Server
X-WA-Info
X-Cached-By
X-Yottaa-Optimizations
SRV
X-Adobe-Content
X-PC-Date
X-Jobs
X-Generated-By
X-Adobe-Loc
X-PC-Host
X-Yottaa-Metrics
X-GZip
X-RequestSource
ServedBy
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
AsisCache
X-Amz-Server-Side-Encryption
HostName
X-Cf-Powered-By
X-Akamai-Transformed
X-Wix-Request-Id
X-Varnish-IP
X-Varnish-Hits
X-Seen-By
X-TX-ID
X-S
X-Cacheable-TTL
X-Page-Id
X-Origin-Upstream-Status
X-GeoIP
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Cache-TTL-Remaining
X-Varnish-Grace
X-RTag
X-Storage
X-Vg-Webcache
X-Drupal-Cache-Tags
X-Varnish-Cache-Hits
X-Region
X-Platform-Server
X-Locale
X-LB-Cache
X-Microcachable
X-NC
X-Origin-Server
X-Internal-Host
Content-Style-Type
NGB
From-Origin
Content-Script-Type
X-Amz-Replication-Status
Filters
Ohc-File-Size
X-WebKit-CSP-Report-Only
WP-Super-Cache
X-Cluster
X-Amzn-RequestId
X-Mode
X-Yottaa-Sig
X-CCM
X-Amz-Apigw-Id
Cache-Hits
Access-Control-Request-Headers
X-UA
Load-Balancing
Cache-Tag
X-Environment-Context
X-Distil-CS
X-PERF
X-EIG-Tracking-Id
X-Distributor
X-Port
X-Proto
X-Grey
Fastly-SSL
Origin-Cache-Control
GEO-INFO
Mn-Server-Ip
X-L-Path
X-Labrador-Cache-Channel
Origin-Edge-Control
X-NGENIX-Cache
X-Optimization
ServerName
X-Generated
Cache-Key
X-Hit
Cache-Name
Time
Cteonnt-Length
X-Upstream-HT
X-Upstream-CT
X-Agile-Id
X-Agile-Age
X-StackifyID
X-Tumblr-Pixel-1
X-Cache-HT
X-Akam-SW-Version
X-Akamai-Request-ID
X-B3-Spanid
X-Time-Microsecs
Viewport
X-Cache-Category-Id
X-Cache-Enabled
X-ApacheServer
X-Tumblr-Pixel-2
X-Agile
X-Web-Node
X-Xfnlog-Site
X-Viewer-Country
COMMERCE-SERVER-SOFTWARE
X-Debug-Cache
X-BB-IP
Healthy
X-Skip-Cache
X-SRV
X-Forwarded-For
X-Ratelimit-Limit
Cneonction
X-Source
L5d-Success-Class
X-IP
X-Hosted-By
X-Birta-Cache-Post
X-Be
X-Instance-Name
X-Cluster-Node
X-Birta-Served
X-CDN-Cache
X-Human
X-CCM-LastModified
X-Ezoic-Cdn
X-Detected-As
X-Endurance-Cache-Level
X-Edge-Location
X-Cache-Var
X-Format
X-Drupal-Cache-Contexts
X-Generation-Time
X-Cache-Var-Map
X-DataStream-Cache-Status
X-OVcl-Cache
X-VWS-Id
X-Via-Fastly
X-Vgn-Hpd-Reason
X-Webstats-RespID
X-Www-Served-By
X-Request-Time
X-RN-RSRV
X-Zipkin-Id
X-Varnish-Beresp-Ttl
X-Routing-Service
X-Tumblr-Pixel-3
X-TNCMS
X-Surge-Debug
X-TWH-CORRELATION-ID
X-Upgrade-Enabled
X-Section
X-Site-Version
X-SplitTest
X-Rendered-As
X-Render-Type
X-Node-Name
X-NodeID
X-NU-AKA-ACS-Version
X-NCache
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-Loop
X-Meta-Tbi-Cache-Vertical
X-OCL
X-Origin-CC
X-ProcessESI
X-Pubstack
X-RemovedCookies
X-PCL
X-Path-Route
X-Origin-Hint
X-Original-Request
X-OVcl
X-Is-Bot
Azure-SlotName
Machine
LB
X-Croise-Owner
Fastcgi-Useragent
Meta-Geo
MIME-Version
Property-Id
X-Cache-TTL
Pagetype
X-CSRF-Token
DB-Nickname
Backend
X-ProxyCache-Key
Accept-Charset
X-JoinUs
X-BYPASS-REASON
X-ProxyCache-Status
X-UA-Device-Type
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
RequestId
NODE
User-Agent
X-Amz-Meta-Surrogate-Control
Webcakes-App-Version
User-Cache-Control
X-Access
Webcakes-App-Name
Webcakes-Region
TWC-Privacy
X-App-Name
X-AWS-Id
TWC-Connection-Speed
X-B3-Sampled
S-Rt
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Access-Control-Allow-Method
X-Srv
X-Oss-Storage-Class
X-Oss-Server-Time
X-Nginx-Cache
X-Status
Now
Datacenter
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-ServerID
X-Oss-Request-Id
IBM-Web2-Location
X-WR-MODIFICATION
X-Cache-Expires
X-A-Dgt
X-Cache-Host
X-Alternate-Cache-Key
X-A-Wwc
T-Server
Request-Country
Request-EU
Proxy-Connection
Is-Session-Tracking
Fly-Request-Id
Get-Access-Time
Resin-Trace
Server-ID
X-A-Ccd
X-A-Dam
X-A
Warning
X-Cache-Id
V-Age
X-A-Dcw
X-Request-URI
X-Sorting-Hat-PodId
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-FeatureSet
X-ShopId
X-ShardId
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-Section
X-UE-Client-Country
X-Var-Ttl
X-SRCache-Key
X-Sorting-Hat-ShopId-Cached
X-Sorting-Hat-ShopId
X-S-Maxage
Fly-Cache
X-Died
X-DPWN-IS-SECURE
X-Device-Os
X-Developer
X-D
X-From
X-Fstrz
X-Release
X-Page-Type
X-Logtrace-Id
X-G
X-Cache-Time
X-Shopify-Stage
X-FC-Vary-Parameters
CDN
Version
X-Proxy
Magicmarker
WZWS-RAY
X-Varnish-Cacheable
Cache-Prefix
Ajk
X-ByteArk-Cache
X-Unique-ID
X-ElasticPress-Search
X-C
FSS-Proxy
UCS
FSS-Cache
Uber-Trace-Id
X-Planisys-CDN-Cache
Viewtype
Thinkindot-CacheControl-Type
Sid
Server-Int
Sta2Tusw
Thinkindot-CacheControl
VivaBuild
Thinkindot-Control
X-Phone
X-Amz-Meta-Cache-Control
X-Pf-Uncompressing
X-Amz-Meta-S3b-Last-Modified
X-PAYTM-SRV-ID
X-Backend-Host
X-Actual-URL
X-ABtesting
Who
Web-Mar-Region
Ws
Www
X-Planisys-CDN-Rules
Web-Mar-Node
Pramga
Meta-Geo-Continent
Memory
Memcached
MI-API
MI-Cache
X-RateLimit-Limit-Second
MI-Cache-Age
MD5-Digest
Max-Age
Httpd-Identifier
Host-ID
HTTPS
Is-Eu
X-RateLimit-Remaining-Second
IsBot
NGX
X-Public
Pragrma
Powered-By
Platform
X-Backend-State
X-Powered-By-ANYU
REQUESTUUID
Rendered-Blocks
PICS-Label
PFcat
Ohc-Response-Time
Odigeo-Trace-Id
On-Server
Origin
Payment
OT-Force-Account-Verify
X-Planisys-CDN-TTL
X-Block-Status
X-Frame-Option
X-Forwarded-Host
X-Flog
X-From-Cache
X-Gannett-Site-Version
X-GeoIP-Country-Code
X-Gen-Mode
X-FireWall-Port
X-Fetched-On
X-Env
X-EdgeConnect-Cache-Status
X-Epic-Correlation-Id
X-Origin-TTL
X-Fastly-Cache
X-F5-Cache
X-GoCache-CacheStatus
X-Haproxy-Hostname
X-Location
X-ND-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-Mem
X-Matched-Rule
X-Layer
X-Kong-Upstream-Latency
X-No-Session
X-Haproxy-Ip
X-Hnp-Log
X-Irp-Debug
X-Kong-Proxy-Latency
X-Key
X-Edge-IP
X-Owner
X-Cache-FS-Status
X-Cache-Debug
X-Cache-Srv
X-Cache-URL
X-CDN-Pop
X-Cdn-Origin
X-Passed-To-DLL
X-Cache-CFC
X-BB-ID
X-Backend-Url
X-BBXSRF
X-Passed-To-PostProcessResponse
X-Cache-Backend
Heartbleed
X-CDN-Pop-IP
X-Cdn-Srv
X-Core-Mission
X-Content-Type
X-Core-Value
X-DataStream-MidMile-RTT
X-Developers
X-DataStream-Origin-MEX-Latency
X-Content-Age
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Passed-To-BeforeDispatch
X-Passed-To
X-P-T
X-Ckpd-Fst-Backend
X-Backend-TTL
X-Response-By
X-Wikidot-Backend
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Generated-In
X-Stale
X-Hash
X-SVT-ORM-VERSION
X-Newrelic-Synthetics
X-Debug-Log
X-Debug-Cookies
X-Destination
X-We-Are-Hiring
X-Dispatcher-Server
X-Sn-Servicetimems
X-SIPLIST1
X-Server-IP
X-Origin-Expires
X-RCS-CacheZone
X-Refresh
X-Rebelmouse-Cache-Control
X-Wix-Route-ID
X-Origin-Date
X-NX-Host
X-Servername
X-ServiceProvider
X-LB-CacheStatus
X-LB-Node
X-Server-Time
X-Tb
X-VServer
X-V
Request-Time
NnCoection
X-Transaction
X-Varnish-Beresp-Grace
X-Varnish-Action
X-User
X-Trv-Group
Brightspot-Id
X-Up
X-Twitter-Response-Tags
Kp-EeAlive
X-TT-LOGID
X-Varnish-Beresp-Status
X-Varnish-Id
X-Via-CDN
X-VG-WebServer
X-Via-Edge
X-TId
X-CS
X-Thinkindot-L3
X-B-Cookie
X-Trace-Id
X-RateLimit-Limit
X-Ua
X-Ver
X-Application
X-ARC
X-S-Cookie
X-Worker
Esi-Enabled
Ec-Rule-Version
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
Fastly-SIE
Fastly-Backend-Name
Drupal-Pagecache-Memcache
Decoy-Debug-TTL
CDCHOST
Cache-Cookie-Set-Lfrom
CF-IPCountry
Content-Disposition
Decoy-Debug-Status
Decoy-Debug-Key
Fastly-Soc-X-Request-Id
Fastly-SWR
X-Request-UUID
X-Requestid
X-Req
X-Region-Sid
X-Rebelmouse-Surrogate-Control
X-Reboot
X-UnsetCookies
X-Returned-From
X-Returned-From-PostProcessResponse
X-Rewrite-Enabled
X-Returned-From-DLL
GW-Server
X-Returned-From-BeforeDispatch
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Served-From
X-Secret
X-WebServer
Accept-Ch
X-Servedbyhost
ProcessTime
X-Server-Group
X-Server-By
Xc-Version
X-MI-In-Market
Adler-Geo
X-ScT
AKAMAI
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Arc-Country
Apple-News-Services-Request-Url
Backend-Name
Apple-News-Services-Handled
X-ROOTCache
X-Rojux
BehaviorPad-Version
XServer
X-Timing-Wait
Selected-FE
X-Proxy-Build
X-Redis-Cache
Frame-Options
X-Fastly-Cache-Hits
X-Node-Id
X-Server-W
X-Powered-By-Defense
X-Bug-Bounty
HA-Urlpath
X-Backend-Name
HA-Servedtime
HA-Ipaddr
If-Modified-Since
Cache-Provider
Xserver
Server-Host
HA-Host
Ha-Gx-Prefs
HA-Geocity
HA-Cloudapp
HA-Geocountry
HA-Geolat
HA-Georegion
HA-Geolon
DataCenter
Release
Countrycode
X-Front
X-GeoIP-City
X-CGP
X-Eu-Site
X-Amz-Meta-S3cmd-Attrs
Dnion-Transfer-Encoding
X-Hl-Ver
X-Fastly-Backend-Reqs
X-HTML-Minification-Powered-By
X-Accel-Expires-Debug
X-Date
X-IN-APIGATEWAY
X-Sentry-ID
X-Varnish-Url
X-Info
X-IN-WAF
X-Micro-Cache
Geoip-Latitude
X-Crawler
NodeID
X-Csrf-Token
Country-Code
X-Via-NSCOPI
X-Auto-Login
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
RATING
Processtime
GMS-Ver
Geoip-City
X-IN-SSL-APIGATEWAY
X-EC-Security-Audit
NtCoent-Length
X-Rocket-Nginx-Serving-Static
Group
V-Cache
X-ESI
X-Guploader-Uploadid
X-XRDS-LOCATION
X-Fastcgi-Cache
X-DynaTrace
X-Cache-Age
X-VarnPar1
X-SB
X-VarnPar2
X-VC
X-Bip
DynaTrace
X-Correlation-Id
X-Clientip
X-Ms-Lease-Status
X-Ms-Blob-Type
X-Ms-Request-Id
X-Ms-Version
X-Trv-Request-Id
X-Remote-IP
X-Nananana
X-PARISIEN-Cache-Rendered
X-HCF
GeoIp-Country-Code
X-LiteSpeed-Cache-Control
X-Cache-Control-Set-By
X-Varnish-HitMiss
X-Request-Start
GeoIP-City
X-Svr
X-Load-Cache
X-Thanos
GeoIP-Latitude
X-HGenerator
GeoIP-Country-Code
X-Rocket-Nginx-Bypass
Lfy
X-Safe-Firewall
URI
X-VarnCache
X-Platform
N-Cache
X-PJAX-URL
Rt-Proxy-Cache
X-Ratelimit-Remaining
X-Real-Ip
X-ATG-Version
X-M-Log
Apicache-Store
X-Unique-Id
X-VG-WebCache
X-Servedby
X-ProxyCache-Args
X-Proxy-Server
X-M-Reqid
X-Dc
WebServer
PageType
X-Qnm-Cache
X-Cache-Ttl
X-Alicdn-Da-Ups-Status
X-Fe
X-Check-Cacheable
WWW-Authenticate
Apicache-Version