Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Pragma
X-Powered-By
Last-Modified
Accept-Ranges
X-Content-Type-Options
Strict-Transport-Security
X-XSS-Protection
ETag
Link
Expect-CT
CF-RAY
Via
X-Cache
Age
Access-Control-Allow-Origin
Content-Language
Content-Security-Policy
P3P
X-UA-Compatible
X-Cache-Hits
CF-Ray
X-Varnish
X-Served-By
X-Request-Id
X-Amz-Cf-Id
Referrer-Policy
X-AspNet-Version
X-Timer
CF-Cache-Status
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Runtime
Access-Control-Allow-Credentials
X-Download-Options
X-Drupal-Cache
X-Cacheable
X-Generator
Alt-Svc
X-AspNetMvc-Version
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Check
Status
Timing-Allow-Origin
X-Cache-Status
X-DNS-Prefetch-Control
X-Iinfo
X-Via
X-Template
X-Language
X-Turbo-Charged-By
Content-Encoding
X-Content-Security-Policy
X-Permitted-Cross-Domain-Policies
X-Buckets
Keep-Alive
X-CDN
X-Nginx-Cache-Status
X-Type
X-Server-Powered-By
X-Backend
X-AH-Environment
EagleId
X-Server
X-Pingback
X-Cache-Group
WPE-Backend
X-Pass-Why
X-Age
X-Swift-SaveTime
X-Swift-CacheTime
Access-Control-Max-Age
Ali-Swift-Global-Savetime
Xkey
Grace
X-Varnish-Cache
X-Cache-Lookup
Access-Control-Expose-Headers
Upgrade
Cf-Railgun
X-Hacker
X-UA-Device
X-LiteSpeed-Cache
X-Page-Speed
X-Drupal-Dynamic-Cache
X-Amz-Request-Id
X-Proxy-Cache
X-Amz-Id-2
X-Robots-Tag
X-CST
X-Server-Id
Content-Location
X-Envoy-Upstream-Service-Time
X-Node
X-Cdn
Request-Context
X-Ac
X-Device
X-Host
X-Cnection
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Backend-Server
Surrogate-Control
X-Rack-Cache
X-Do-Not-Hack
X-HeyJason
Permitted-Cross-Domain-Policies
Request-Id
X-Readtime
Allow
X-Px
X-Instart-Request-ID
X-Cloud-Trace-Context
EagleEye-TraceId
Edge-Control
X-TTL
X-Response-Time
Pinterest-Generated-By
X-Clacks-Overhead
X-Application-Context
X-Rq
Server-Timing
X-MS-InvokeApp
X-DynaTrace-JS-Agent
X-Url
X-Server-Name
Charset
SPRequestGuid
X-NWS-LOG-UUID
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-SharePointHealthScore
X-Cached
AR-CACHE
AR-PoweredBy
AR-SID
AR-ATIME
X-Varnish-TTL
X-DataDome
X-Country-Code
Report-To
X-Powered-CMS
Public-Key-Pins
X-Powered-By-Plesk
X-TtlSet
X-Vname
X-PC
X-Mod-Pagespeed
SPIisLatency
SPRequestDuration
X-N
X-Recruiting
MS-Author-Via
Content-MD5
X-Version
MicrosoftSharePointTeamServices
X-VARITI-CCR
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-SRCache-Store-Status
X-Geo-Segment
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-F-Cache
X-Ser
X-Dw-Request-Base-Id
Cartoon
X-T
Rating
X-Trace
Arr-Disable-Session-Affinity
X-FTR-Request-ID
X-Daa-Tunnel
Nginx-Cache
X-Via-JSL
X-Esi
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Env
Feature-Policy
NEL
X-D2id
X-Amz-Rid
RTSS
X-Vhost
X-Newrelic-App-Data
X-GitHub-Request-Id
X-Forwarded-Proto
X-Abt-Application-Version
X-Dynatrace
X-IPLB-Instance
X-Vcap-Request-Id
X-Client-IP
X-Goog-Hash
X-Hits
Realpath
X-B
X-Origin-Cache
X-Kinsta-Cache
X-Grace
X-Cache-Key
X-Upstream
X-TEC-API-ORIGIN
X-Navigation-Version
X-TEC-API-ROOT
X-Zen-Fury
Fastcgi-Cache
X-TEC-API-VERSION
X-ORACLE-DMS-RID
X-DIS-Request-ID
X-Varnish-Age
X-ORACLE-DMS-ECID
TCN
X-Id
X-XRDS-Location
X-Dispatcher
Verso
Cache
Liferay-Portal
Alternate-Protocol
X-Logged-In
Access-Control-Request-Method
Paypal-Debug-Id
X-Content-Options
X-Content-Digest
Front-End-Https
X-NF-Request-ID
X-Nf-Srv-Version
X-Pad
X-Fastly-Request-ID
X-User-Agent
X-Whom
X-Feature
Mrf-Cache-Status
MRF-Tech
X-Frontend
X-Sol
S
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Edge-Cache-Tag
Server-Name
X-Hyper-Cache
X-SS-Set-Cookie
X-Oracle-Dms-Rid
X-Debug
Tracecode
X-FastCGI-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-Oracle-Dms-Ecid
PB-RID
PB-PID
Rt-Fastcgi-Cache
Cache-Status
X-Webkit-Csp
X-UUID
X-B3-Traceid
Eomportal-Instance
Service-Worker-Allowed
Host
Powered-By-ChinaCache
X-Cache-Rule
X-Hostname
X-PressLabs-Stats
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-CF-Powered-By
Dynatrace
Response
X-Middleton-Display
X-Middleton-Response
Pagespeed
X-Goog-Storage-Class
X-Goog-Metageneration
Display
X-Goog-Stored-Content-Length
Server-Info
X-Wix-Server-Artifact-Id
S-Cnection
X-AOL-HN
HitType
X-Mobile-Rewrite
HitInfo
X-MSEdge-Ref
FilterID
X-Cache-Hit
Public-Key-Pins-Report-Only
X-Content-Security-Policy-Report-Only
X-Cache-Bucket
X-VCache
X-APP-VERSION
Fastly-Restarts
TP-Cache
TP-L2-Cache
X-Revision
X-Instance
X-Sucuri-ID
X-Contextid
X-Magnolia-Registration
X-Varnish-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Request-Received
Refresh
X-FTR-Realm
X-HS-Combine-CSS
X-FTR-Backend
X-Country-Code-Real
X-Request-Processing-Time
X-Rid
X-FTR-Expires
X-Origin
X-Proxied
X-Mobile
X-TA-CDN-Provider
X-Amzn-Trace-Id
X-Cache-Action
Source
Backend-Timing
X-URL
ServerID
X-Correlation-ID
X-AppVersion
X-Az
X-Analytics
X-Activity-Id
X-PHP-Backend
X-Signature
X-TT-TIMESTAMP
X-Geo-Country
RATING
Country
X-FB-Debug
X-Cache-2
X-B-Cache
X-Framework
Served-By
X-ADI-VCache
X-Akamai-Edgescape
X-Varnish-Hostname
Upgrade-Insecure-Requests
Retry-After
Surrogate-Key
X-Cf-Powered-By
X-App-Environment
X-Device-Type
X-Shield-Cache-Expires
X-Debug-Info
X-TT
X-Cache-Operation
X-Content-Powered-By
Actual-Object-TTL
X-WA-Info
X-Ocache
X-HW
X-ESI
X-Cache-Config
X-Tumblr-Pixel-0
X-Sucuri-Cache
X-Varnish-Backend
AMP-Access-Control-Allow-Source-Origin
X-CDN-Forward
X-FTR-Cache-Host
X-RateLimit-Remaining
X-NWS-UUID-VERIFY
X-Tumblr-Pixel
Arc-Version
X-Tumblr-User
Cleartype
X-Cache-Remote
Accept-Charset
X-Accel-Buffering
SRV
DC
X-Request-Guid
X-Page-Id
X-PC-AppVer
X-PC-Key
X-Handled-By
X-Hail-Hydra
X-Geo
X-Cache-Server
X-Atg-Version
X-WPE-Loopback-Upstream-Addr
X-Accel-Expires
Server-Node
X-PC-Hit
Host-Header
X-BCube-Filmed-By
MS-CV
X-Cache-NE
X-Cache-Control
X-Adobe-Content
X-GeoIP
X-Generated-By
X-App-Server
X-Jobs
X-Adobe-Loc
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cached-By
X-Storage
AsisCache
X-Seen-By
X-S
X-RequestSource
X-PC-Date
X-GZip
HostName
X-Amz-Server-Side-Encryption
X-ServedBy
X-Cacheable-TTL
X-GUploader-UploadID
X-Varnish-Hits
X-LB-Cache
ServedBy
X-TX-ID
X-DynaTrace
X-Wix-Request-Id
X-CSRF-Token
X-Akamai-Transformed
X-Varnish-IP
X-PC-Host
X-CACHE-AGE
X-Forwarded-For
X-Ratelimit-Limit
X-Real-IP
X-WebKit-CSP-Report-Only
X-Cluster
X-XRDS-LOCATION
X-Origin-Upstream-Status
X-Drupal-Cache-Tags
X-FW-Hash
X-Edge-Cache
X-Edge-Cache-Key
X-Cache-TTL-Remaining
X-Varnish-Grace
X-FW-Static
X-Region
X-RTag
X-Internal-Host
X-Locale
X-Origin-Server
X-Varnish-Cache-Hits
X-FW-Server
X-Platform-Server
X-Microcachable
X-FW-Type
X-FW-Serve
WP-Super-Cache
Filters
From-Origin
Content-Script-Type
X-FORWARDED-FOR
X-TIME
X-COUNTRY
NGB
Content-Style-Type
Ohc-File-Size
X-Amz-Replication-Status
X-Srv
Cache-Tag
Cache-Hits
X-Tumblr-Pixel-1
Access-Control-Request-Headers
X-Yottaa-Sig
X-Proto
X-Tumblr-Pixel-2
X-EIG-Tracking-Id
X-Amz-Apigw-Id
X-Port
X-DC
Cteonnt-Length
X-CCM
X-Amzn-RequestId
Load-Balancing
Webserver
Viewport
X-Oss-Hash-Crc64ecma
Datacenter
X-Oss-Storage-Class
X-StackifyID
X-Oss-Request-Id
X-Oss-Object-Type
X-Distil-CS
X-B3-Spanid
X-Oss-Server-Time
Cache-Name
Fastly-SSL
X-BYPASS-REASON
Cache-Key
X-Labrador-Cache-Channel
Healthy
GEO-INFO
Time
ServerName
X-NGENIX-Cache
Origin-Edge-Control
Origin-Cache-Control
X-ProxyCache-Status
Mn-Server-Ip
L5d-Success-Class
X-Optimization
X-ProxyCache-Key
X-JoinUs
X-Agile-Id
X-BB-IP
X-Distributor
X-Viewer-Country
X-Environment-Context
X-Web-Node
X-Debug-Cache
X-Upstream-HT
X-Cache-Enabled
X-Cache-HT
X-Cache-Category-Id
X-Upstream-CT
X-UA
X-L-Path
X-ApacheServer
X-Mode
X-Agile
X-Generated
X-Grey
X-Skip-Cache
X-Hit
X-Xfnlog-Site
X-Agile-Age
X-Fastcgi-Cache
X-Akam-SW-Version
X-Akamai-Request-ID
X-Time-Microsecs
X-PERF
Now
X-Nginx-Cache
Access-Control-Allow-Method
COMMERCE-SERVER-SOFTWARE
X-UA-Device-Type
Cneonction
DynaTrace
X-ServerID
X-Source
X-Croise-Owner
X-Www-Served-By
X-WR-MODIFICATION
X-Surge-Debug
X-SplitTest
X-Human
X-Instance-Name
X-Hosted-By
X-Zipkin-Id
X-Webstats-RespID
X-Generation-Time
X-Ezoic-Cdn
X-TNCMS
X-Detected-As
X-Upgrade-Enabled
X-TWH-CORRELATION-ID
X-Cluster-Node
X-DataStream-Cache-Status
X-Vgn-Hpd-Reason
X-Drupal-Cache-Contexts
X-VWS-Id
X-IP
X-Endurance-Cache-Level
X-Edge-Location
X-Via-Fastly
X-Format
X-Site-Version
X-Origin-CC
X-Origin-Hint
X-Render-Type
X-OCL
X-NU-AKA-ACS-Version
X-Rendered-As
X-RemovedCookies
X-Original-Request
X-Path-Route
X-ProcessESI
X-OVcl-Cache
X-Pubstack
X-OVcl
X-Request-Time
X-CDN-Cache
X-Meta-Tbi-Cache-Vertical
X-MP-GENERATED-AT
X-Loop
X-LJ-Flow-ID
X-PCL
X-Section
X-Routing-Service
X-NodeID
X-RN-RSRV
X-Node-Name
X-Tumblr-Pixel-3
X-NCache
X-Is-Bot
Azure-RegionName
Machine
Meta-Geo
LB
Fastcgi-Useragent
DB-Nickname
NODE
Property-Id
TWC-Device-Class
TWC-Connection-Speed
S-Rt
RequestId
Backend
Azure-Version
X-NC
X-Vg-Webcache
X-ByteArk-Cache
X-SRV
X-Correlation-Id
X-Newrelic-Synthetics
Selected-FE
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-Timing-Wait
TWC-GeoIP-Country
X-Proxy-Build
X-AWS-Id
X-Be
X-App-Name
X-Amz-Meta-Surrogate-Control
X-Access
X-Birta-Cache-Post
X-Birta-Served
X-Cache-Var-Map
X-Cache-Var
TWC-GeoIP-LatLong
X-CCM-LastModified
Webcakes-Region
X-B3-Sampled
User-Cache-Control
Webcakes-App-Name
User-Agent
Webcakes-App-Version
TWC-Locale-Group
TWC-Privacy
IBM-Web2-Location
X-Backend-Name
Xserver
X-Varnish-Cacheable
X-Status
X-Guploader-Uploadid
NnCoection
ProcessTime
X-Proxy
Countrycode
X-FC-Vary-Parameters
X-Debug-Cookies
X-Destination
X-D
X-CS
X-Dispatcher-Server
X-A
X-A-Dcw
X-Device-Os
X-Died
X-A-Dam
X-A-Dgt
X-Developer
X-A-Ccd
Server-ID
X-ARC
X-B-Cookie
X-Application
Warning
X-Alternate-Cache-Key
T-Server
X-A-Wwc
X-Cache-Time
X-Cache-Id
X-Cache-Host
X-Cache-Expires
V-Age
X-Release
X-Sorting-Hat-PodId
X-Var-Ttl
X-WebServer
Resin-Trace
X-Sorting-Hat-FeatureSet
X-Sorting-Hat-PodId-Cached
X-Sorting-Hat-PrivacyLevel
X-Sorting-Hat-ShopId-Cached
X-SRCache-Key
X-UE-Client-Country
X-Sorting-Hat-ShopId
X-Sorting-Hat-Section
X-Shopify-Stage
X-ShopId
X-Generated-In
X-Hash
X-G
X-Fstrz
X-From
X-Logtrace-Id
X-NX-Host
X-S-Maxage
X-ShardId
X-S-Cookie
X-Request-URI
X-Page-Type
X-DPWN-IS-SECURE
X-Debug-Log
Magicmarker
Request-Time
Ajk
Brightspot-Id
X-ATG-Version
X-Ratelimit-Remaining
X-Ua
WZWS-RAY
X-Cache-Age
Cache-Prefix
Version
Is-Session-Tracking
Kp-EeAlive
Request-Country
Proxy-Connection
Get-Access-Time
Request-EU
Fly-Request-Id
Fly-Cache
Pagetype
X-Real-Ip
UCS
X-ElasticPress-Search
X-Cache-TTL
MIME-Version
X-Varnish-Beresp-Ttl
Dnion-Transfer-Encoding
FSS-Cache
FSS-Proxy
X-C
X-Content-Type
X-Content-Age
X-Ckpd-Fst-Backend
X-Connection-Hash
X-Core-Mission
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-CGP
X-From-Cache
X-Eu-Site
X-Epic-Correlation-Id
X-Env
X-F5-Cache
X-Fastly-Cache
X-Flog
X-FireWall-Port
X-Fetched-On
X-EdgeConnect-Cache-Status
X-Edge-IP
X-DataStream-Origin-MEX-Latency
X-Forwarded-Host
X-DataStream-MidMile-RTT
X-Developers
X-CF-Lambda-Version
X-EC-Security-Audit
X-Frame-Option
X-Core-Value
X-Cache-Debug
X-ABtesting
Www
Ws
X-Actual-URL
X-Thinkindot-L3
X-Amz-Meta-S3cmd-Attrs
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Cache-Control
Who
Web-Mar-Region
Uber-Trace-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Trace-Id
Viewtype
Web-Mar-Node
VivaBuild
X-Backend-Host
X-Backend-State
X-Cache-URL
X-Cache-Srv
X-Cache-FS-Status
X-Cdn-Origin
X-CDN-Pop
X-Cdn-Srv
X-CDN-Pop-IP
X-Gannett-Site-Version
X-Tb
X-BB-ID
X-Backend-Url
X-Backend-TTL
X-BBXSRF
X-Block-Status
X-Cache-CFC
X-Cache-Backend
X-CF-Lambda-Fn
X-Sn-Servicetimems
X-PAYTM-SRV-ID
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Pf-Uncompressing
X-Phone
X-Server-Time
X-Request-UUID
X-Passed-To-BeforeDispatch
X-Passed-To
X-Servername
X-No-Session
X-Origin-TTL
X-Served-From
X-P-T
X-Owner
X-Planisys-CDN-Cache
X-Req
X-Planisys-CDN-TTL
X-RateLimit-Limit-Second
X-Server-Group
X-Public
X-Server-IP
X-Powered-By-ANYU
X-RateLimit-Remaining-Second
X-Planisys-CDN-Rules
X-Server-By
X-Region-Sid
Thinkindot-CacheControl
X-Reboot
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-ND-Cache
X-ServiceProvider
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Layer
X-Stale
X-SIPLIST1
X-Location
X-Key
X-Irp-Debug
X-GeoIP-Country-Code
X-GeoIP-City
X-GoCache-CacheStatus
X-Haproxy-Hostname
X-Hnp-Log
X-Haproxy-Ip
X-Matched-Rule
X-Mem
X-MSEdge-Flight
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Returned-From-BeforeDispatch
X-Response-By
X-Returned-From
X-Rewrite-Enabled
X-Secret
X-ROOTCache
X-MI-In-Market
X-Micro-Cache
X-MSEdge-Features
X-Rocket-Nginx-Serving-Static
X-Rojux
X-Gen-Mode
CDCHOST
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
AKAMAI
Adler-Geo
X-RCS-CacheZone
X-Varnish-Id
X-Sentry-ID
X-Varnish-Url
Accept-Ch
X-Via-NSCOPI
Arc-Country
Backend-Name
Decoy-Debug-Key
Sta2Tusw
Decoy-Debug-Status
Decoy-Debug-TTL
Ec-Rule-Version
Drupal-Pagecache-Memcache
X-V
X-Varnish-Action
Cache-Cookie-Set-From
BehaviorPad-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-ScT
X-Origin-Expires
X-Origin-Date
X-We-Are-Hiring
X-Wikidot-Backend
X-VServer
X-Via-Edge
Country-Code
Cache-Provider
X-Wikidot-Static-Cache
X-Wix-Route-ID
X-Unique-ID
X-Front
Xc-Version
X-Servedby
X-Worker
If-Modified-Since
NodeID
X-IN-WAF
X-IN-SSL-APIGATEWAY
X-Info
X-LB-CacheStatus
X-Ver
X-LB-Node
X-IN-APIGATEWAY
X-Hl-Ver
X-Crawler
X-Auto-Login
X-Fastly-Backend-Reqs
X-Via-CDN
X-VG-WebServer
Esi-Enabled
Content-Disposition
NGX
X-Twitter-Response-Tags
X-TT-LOGID
Odigeo-Trace-Id
On-Server
Ohc-Response-Time
MI-Cache-Age
MI-Cache
Memory
MD5-Digest
Meta-Geo-Continent
MI-API
Fastcgi-X-Cache
Origin
OT-Force-Account-Verify
Rendered-Blocks
Release
REQUESTUUID
X-Transaction
Server-Host
Server-Int
Pramga
Pragrma
PFcat
Payment
X-Trv-Group
Platform
Powered-By
Max-Age
Memcached
GW-Server
X-UnsetCookies
HA-Cloudapp
Sid
HA-Geocountry
HA-Geocity
X-Up
X-User
Fastly-Backend-Name
Fastcgi-X-Cache-Version
Fastly-SIE
Fastly-Soc-X-Request-Id
Fastly-SWR
HA-Geolon
HA-Geolat
Host-ID
HA-Georegion
Httpd-Identifier
HTTPS
IsBot
Is-Eu
HA-Urlpath
Heartbleed
HA-Host
Ha-Gx-Prefs
HA-Ipaddr
HA-Servedtime
X-Dc
WebServer
X-Powered-By-Defense
GMS-Ver
X-Bug-Bounty
X-Fastly-Cache-Hits
Frame-Options
X-Server-W
X-Varnish-HitMiss
X-Svr
X-Thanos
X-TId
X-Servedbyhost
X-Zalando-Child-Request-Id
X-Zalando-Page-Type
Lfy
X-Cache-Control-Set-By
X-Clientip
X-HCF
X-LiteSpeed-Cache-Control
X-Bip
PICS-Label
X-VG-WebCache
X-Time
X-Refresh
CDN
X-Nananana
CF-IPCountry
X-Rocket-Nginx-Bypass
X-Request-Start
X-Requestid
X-Platform
X-Redis-Cache
X-Node-Id
PageType
X-Cache-Ttl
Group
X-Unique-Id
V-Cache
X-RateLimit-Limit
X-HGenerator
X-Load-Cache
X-VarnPar2
X-Accel-Expires-Debug
X-VC
X-HTML-Minification-Powered-By
Geoip-Latitude
X-Safe-Firewall
GeoIp-Country-Code
X-Nc
DataCenter
X-VarnPar1
Geoip-City
X-SB
GeoIP-Latitude
GeoIP-Country-Code
URI
Rt-Proxy-Cache
N-Cache
GeoIP-City
X-PJAX-URL
X-PARISIEN-Cache-Rendered
X-Remote-IP
X-VarnCache
X-Date
Processtime
XServer
X-Varnish-Beresp-TTL
Mime-Version
Cdn
X-ServedByHost
X-Proxy-Server
X-RequestId
X-Pjax-Url
Cf-Ipcountry
Pics-Label
X-Tid
X-Trv-Request-Id
X-ProxyCache-Args
X-Check-Cacheable
X-M-Log
X-M-Reqid
X-Qnm-Cache
X-Alicdn-Da-Ups-Status
WWW-Authenticate
Apicache-Store
Apicache-Version
NtCoent-Length
X-Fe