Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
X-Template
Timing-Allow-Origin
X-Language
X-Permitted-Cross-Domain-Policies
Content-Encoding
X-Iinfo
X-FRAME-OPTIONS
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
Keep-Alive
WPE-Backend
X-Pass-Why
X-AH-Environment
X-Cache-Group
Xkey
CF-Ray
X-Backend
Access-Control-Max-Age
P3p
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Pingback
X-Nginx-Cache-Status
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Kinja-Server-Push
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Ac
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-Host
X-Response-Time
Surrogate-Control
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Rq
X-Cnection
X-Node
X-Server-Id
X-Backend-Server
Server-Timing
X-Readtime
Report-To
X-Rack-Cache
Request-Id
EagleEye-TraceId
X-Application-Context
X-Cloud-Trace-Context
Feature-Policy
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
X-Clacks-Overhead
NEL
X-Country
X-Server-Name
Rating
X-Url
X-DynaTrace
X-Varnish-TTL
X-MS-InvokeApp
X-TTL
X-DataDome
Allow
X-Px
X-Country-Code
X-Origin-Cache
Pinterest-Generated-By
X-Vhost
X-Vname
X-PC
X-TtlSet
X-Cached
X-FTR-Request-ID
X-Ruxit-JS-Agent
X-ESI
RTSS
SPRequestGuid
X-Trace
X-Goog-Hash
X-VARITI-CCR
Charset
X-Powered-By-Plesk
X-SharePointHealthScore
X-GitHub-Request-Id
X-DynaTrace-JS-Agent
Accept-CH
X-T
X-Dispatcher
X-Powered-CMS
Public-Key-Pins
X-D2id
X-B3-TraceId
X-Mod-Pagespeed
X-Server-ID
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-F-Cache
Verso
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
Content-MD5
X-Oracle-Dms-Rid
X-Version
SPIisLatency
SPRequestDuration
MS-Author-Via
X-Shield-Request-Id
X-Recruiting
X-Abt-Application-Version
X-Dns-Prefetch-Control
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Forwarded-Proto
X-Client-IP
Accept-CH-Lifetime
X-HW
X-N
X-ORACLE-DMS-RID
X-DIS-Request-ID
X-Navigation-Version
X-Upstream-Env
X-Pinterest-Rid
Pinterest-Version
AR-CACHE
AR-ATIME
AR-PoweredBy
X-B
X-Amz-Rid
X-Fastly-Request-ID
DynaTrace
X-Origin-Upstream-Status
X-Upstream
X-Ser
X-Dw-Request-Base-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Meta-S3cmd-Attrs
X-Hits
TCN
Fastly-Restarts
Realpath
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Wix-Server-Artifact-Id
X-Accel-Buffering
Paypal-Debug-Id
X-Content-Options
Arr-Disable-Session-Affinity
X-XRDS-Location
Service-Worker-Allowed
X-NF-Request-ID
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
S
Access-Control-Request-Method
X-Id
X-Content-Digest
X-Use-Magma
X-Debug
X-Varnish-Age
X-Vcap-Request-Id
Edge-Cache-Tag
MRF-Tech
Mrf-Cache-Status
X-Webkit-Csp
Front-End-Https
X-Mrf-Item-Lastmod
X-MSEdge-Ref
X-Mrf-Section-Lastmod
X-Oneagent-Js-Injection
X-ATG-Version
X-Frontend
X-IPLB-Instance
X-FTR-Backend
X-Country-Code-Real
X-RateLimit-Remaining
X-PressLabs-Stats
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Expires
X-Kinsta-Cache
X-Logged-In
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
Surrogate-Key
Rt-Fastcgi-Cache
X-B3-TraceId-Primal
X-Forwarded-For
X-Cache-Hit
X-Amz-Cf-Pop
X-Request-Processing-Time
X-Request-Received
Fastcgi-Cache
X-Middleton-Display
X-Sol
Display
X-Edge-Location
X-Zen-Fury
X-Analytics
Backend-Timing
X-Fastcgi-Cache
X-Debug-Info
Powered-By-ChinaCache
Server-Name
X-Rid
X-Amzn-Trace-Id
X-Revision
X-User-Agent
Host
TP-L2-Cache
TP-Cache
X-HS-Cache-Config
X-FTR-Cache-Host
FilterID
X-Litespeed-Cache
X-Akam-SW-Version
X-CF-Powered-By
X-FastCGI-Cache
X-Middleton-Response
Response
X-Grace
AR-Request-ID
AMP-Access-Control-Allow-Source-Origin
X-SS-Set-Cookie
X-Drupal-Cache-Tags
X-NewRelic-App-Data
Ar-Sid
X-Mobile
X-Magnolia-Registration
X-TA-CDN-Provider
Refresh
X-Cache-Key
Cache-Status
X-Cached-By
X-Accel-Expires
X-Newrelic-App-Data
X-B3-Sampled
X-SERVER
Host-Header
X-Ttl
X-AOL-HN
ServerID
X-NWS-LOG-UUID
X-Varnish-Backend
X-Node-Name
X-VCache
X-Content-Security-Policy-Report-Only
Eomportal-Instance
X-Whom
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Via-JSL
X-Cluster
X-Tumblr-User
X-FB-Debug
X-Instance
X-Cache-Control
X-Platform-Server
X-Cache-2
X-B-Cache
X-Akamai-Edgescape
X-Webkit-CSP
X-Signature
X-Page-Id
X-Generated-By
X-Framework
X-LB-Cache
X-Varnish-Hostname
X-BCube-Filmed-By
X-Device-Type
X-Srv
X-App-Environment
X-Drupal-Cache-Contexts
X-Handled-By
Cleartype
X-Request-Guid
X-GUploader-UploadID
X-Cache-Rule
X-Cache-Action
X-Az
X-Activity-Id
X-AppVersion
X-Ruxit-Js-Agent
Cache-Tag
X-App-Server
X-URL
Alternate-Protocol
DC
Liferay-Portal
Source
X-Cache-Server
X-Content-Powered-By
Retry-After
X-Hostname
X-App-Version
X-HS-Combine-CSS
X-Correlation-Id
X-WPE-Loopback-Upstream-Addr
MS-CV
X-Varnish-Grace
X-WA-Info
HostName
X-Varnish-Server
X-Geo-Country
X-Daa-Tunnel
X-Amz-Replication-Status
Public-Key-Pins-Report-Only
AR-SID
Pagespeed
Server-Node
X-TT
X-Seen-By
X-Wix-Request-Id
ViewerVersion
X-Esi
Accept-Charset
X-XRDS-LOCATION
Upgrade-Insecure-Requests
X-Cache-NE
X-Tumblr-Pixel-1
AsisCache
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-2
X-Response-Served-From
X-Amzn-RequestId
Webserver
Actual-Object-TTL
SRV
X-GeoIP
X-Amz-Apigw-Id
X-RequestSource
X-Locale
GEO-INFO
X-Jobs
ServedBy
X-Varnish-Hits
X-S
X-Yottaa-Optimizations
X-UUID
X-FW-Static
X-Servedby
X-Yottaa-Metrics
Viewport
Payment
X-FW-Type
X-Edge-Cache
X-Edge-Cache-Key
X-FW-Hash
X-Contextid
X-FW-Serve
X-FW-Server
X-Status
X-Varnish-IP
X-TX-ID
X-Adobe-Loc
X-Adobe-Content
X-Cacheable-TTL
X-TT-TIMESTAMP
X-Origin-Server
Cache
X-Cache-TTL-Remaining
S-Cnection
X-Vg-Webcache
X-Hyper-Cache
X-Cache-Age
X-Correlation-ID
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-Geo-Segment
X-RateLimit-Limit
X-Forwarded-Host
Server-Info
Datacenter
X-Region
Served-By
Access-Control-Allow-Method
X-Akamai-Request-ID2
X-Mode
X-DataStream-Cache-Status
Healthy
X-Real-IP
X-Sucuri-ID
X-Content-Type
X-Akamai-Transformed
X-CLOUD-TRACE-CONTEXT
X-Guploader-Uploadid
Fastcgi-X-Cache
Fastcgi-X-Cache-Version
X-L-Path
Meta-Geo
Machine
Fastcgi-Useragent
X-Cache-Var
X-Environment-Context
X-Generated
X-Detected-As
X-Cache-Var-Map
X-JoinUs
X-Cache-Config
X-Ezoic-Cdn
X-Is-Bot
X-Rule
X-Zipkin-Id
X-Routing-Service
X-Path-Route
Country
X-Proxy
X-Proxied
X-Upgrade-Enabled
X-Site-Version
X-RN-RSRV
X-Ocache
X-Rendered-As
From-Origin
X-CDN-Cache
X-Birta-Served
X-GRACE
X-Birta-Cache-Post
X-Format
Xserver
X-Agile-Id
X-Access
X-NGENIX-Cache
X-Agile
X-Agile-Age
CACHE
X-Viewer-Country
X-Amz-Meta-Surrogate-Control
Now
L5d-Success-Class
X-Human
X-Section
X-Request-Time
X-Hosted-By
DB-Nickname
X-Cache-Category-Id
TWC-GeoIP-Country
Cache-Name
X-TNCMS
X-Origin-Hint
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Privacy
X-Loop
Webcakes-App-Version
X-Via-Fastly
Webcakes-Region
X-Tb
TWC-Device-Class
X-Grey
X-PCL
X-ServerID
TWC-Locale-Group
X-Pc-Key
X-Hit
X-Pc-Hit
X-FC-Vary-Parameters
X-OCL
S-Rt
X-CCM
TWC-Connection-Speed
X-Pc-Appver
X-Labrador-Cache-Channel
OT-Force-Account-Verify
Property-Id
HitType
X-Xfnlog-Site
X-Upstream-HT
X-ProxyCache-Key
X-Original-Request
X-OVcl
X-IP
X-Origin
X-Pubstack
X-ProxyCache-Status
X-RemovedCookies
X-OVcl-Cache
Origin-Edge-Control
Origin-Cache-Control
X-BYPASS-REASON
X-VG-TLSProxy
X-EIG-Tracking-Id
X-ProcessESI
X-Upstream-CT
X-Web-Node
HitInfo
Azure-RegionName
Azure-Version
Azure-SiteName
Azure-SlotName
Azure-InstanceId
X-Alternate-Cache-Key
X-ShardId
Accept-Language
X-Microcachable
X-ShopId
X-Via-CDN
X-Www-Served-By
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
NGB
X-Proxy-Build
Selected-FE
Mn-Server-Ip
LB
X-Cluster-Node
X-Geo
X-App-Name
Filters
X-CACHE-KEY
X-Cdn
X-TWH-CORRELATION-ID
X-RTag
Ms-Operation-Id
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
X-Real-Ip
X-UA
X-Rocket-Nginx-Bypass
X-Cache-Enabled
X-Cache-Remote
X-NCache
X-Internal-Host
X-UA-Device-Type
Time
X-Tumblr-Pixel-3
Access-Control-Request-Headers
X-TIME
X-Unique-ID
X-Pc-Host
IBM-Web2-Location
X-Pc-Date
X-Nginx-Cache
X-SplitTest
X-Origin-CC
X-Cache-TTL
Content-Script-Type
X-LJ-Flow-ID
X-AWS-Id
Content-Style-Type
X-NodeID
X-VWS-Id
X-Proto
X-PHP-Backend
Mail-Subject
We-Hiring
X-Port
Cache-Hits
X-Storage
NtCoent-Length
X-MP-GENERATED-AT
X-Source
X-Vgn-Hpd-Reason
X-Cdn-Forward
X-Time-Microsecs
X-Edge-IP
Backend
X-Varnish-Cacheable
X-Akamai-Request-ID
X-Distil-CS
X-Webstats-RespID
X-Debug-Cache
X-Ms-Lease-Status
X-Ms-Version
X-Ms-Blob-Type
X-Ms-Request-Id
X-Backend-Name
Cache-Tags
X-Csrf-Token
X-APP-VERSION
X-Endurance-Cache-Level
X-Redis-Cache
X-CACHE-GROUP
X-B3-Spanid
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Urbn-Context-Path
X-Origin-Response-Time
Locale
X-Urbn-Site-Id
X-Dc
X-Nc
X-Croise-Owner
X-Ua
User-Agent
Warning
X-EdgeConnect-Cache-Status
X-Varnish-Cache-Hits
X-CDN-Forward
X-Ratelimit-Limit
X-C
X-Varnish-Beresp-Ttl
X-ApacheServer
X-PERF
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
Fastly-SSL
VivaBuild
Viewtype
V-Age
X-Server-By
X-S-Cookie
X-Rojux
UCS
X-ScT
Resin-Trace
HA-Geocountry
HA-Geocity
HA-Geolat
HA-Geolon
HA-Georegion
HA-Cloudapp
GMS-Ver
Content-Disposition
Cache-Prefix
Ec-Rule-Version
Fly-Cache
Fly-Request-Id
Ha-Gx-Prefs
HA-Host
X-A-Wwc
Rendered-Blocks
Rt-Proxy-Cache
Server-Host
TSSecure
Powered-By
Mobile-Detection-Method
HA-Servedtime
HA-Ipaddr
HA-Urlpath
MD5-Digest
Meta-Geo-Continent
X-Server-Time
X-Cache-Bucket
X-Eu-Site
BehaviorPad-Version
X-Org
X-Store
X-NX-Host
X-PAYTM-SRV-ID
X-ElasticPress-Search
X-Destination
X-Debug-Log
X-Developer
X-Died
X-DPWN-IS-SECURE
X-NU-AKA-ACS-Version
X-External-Request-Id
X-IN-WAF
X-Irp-Debug
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
X-GeoIP-Country-Code
X-Logtrace-Id
X-Generated-In
X-F5-Cache
X-Fetched-On
X-From
X-G
X-Debug-Cookies
X-Date
X-BBXSRF
Xc-Version
X-Hash
X-Cache-Host
X-We-Are-Hiring
X-BB-ID
X-B-Cookie
X-Accel-Expires-Debug
X-SRCache-Key
X-Aed
X-Amz-Meta-Cache-Control
X-Application
X-Cache-URL
X-Cdn-Origin
X-Sn-Servicetimems
X-Via-SSL
X-Trv-Group
X-Via-Edge
X-VG-WebServer
X-D
X-CGP
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Region-Sid
X-UE-Client-Country
X-Rewrite-Enabled
X-A-Dgt
X-Cache-Backend
Cache-Key
X-Mshield-Cache-Status
Ajk
Arc-Country
X-Mrs-Cache
X-Mrs-Cache-Hits
X-Mrs-Age
Version
X-NWS-UUID-VERIFY
X-CACHE-AGE
X-Hello
Fastly-SWR
X-Layer
X-Key
X-ABtesting
X-Hl-Ver
Www
X-Rebelmouse-Cache-Control
X-MServer
Server-ID
RNT-Time
RNT-Machine
X-No-Session
SN
X-Location
X-Rebelmouse-Surrogate-Control
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Auto-Login
X-Backend-State
X-V
X-Core-Value
X-Clientip
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Epic-Correlation-Id
X-Var-Ttl
X-Dispatcher-Server
X-Developers
X-Via-NSCOPI
X-VServer
PageSpeed
X-User
Fastly-SIE
X-GeoIP-City
X-Backend-Url
Release
X-Backend-Host
X-Trace-Id
Country-Code
X-UnsetCookies
X-Cache-Id
X-Flog
X-FW-Version
X-Thinkindot-L3
X-Matched-Rule
Frame-Options
FSS-Cache
IsBot
X-Response-By
X-Request-URI
X-Request-Start
X-Reboot
GW-Server
X-Release
Memcached
FSS-Proxy
X-S-Maxage
AKAMAI
WZWS-RAY
X-Powered-By-ANYU
X-Oss-Object-Type
User-Cache-Control
Section-Io-Cache
Heartbleed
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Apple-News-Services-Host
Apple-News-Services-Handled
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Fastly-Soc-X-Request-Id
Origin
X-Oss-Storage-Class
Pramga
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Countrycode
X-Qloud-Router
X-Oss-Server-Time
X-Platform
X-SIPLIST1
X-ServiceProvider
X-Sucuri-Cache
X-Fastly-Cache
X-Secret
X-Sentry-ID
X-Distributor
X-Served-From
X-Varnish-Action
X-Up
X-Gannett-Site-Version
X-Gen-Mode
X-Time
X-TT-LOGID
X-Returned-From-BeforeDispatch
X-SVT-ORM-RULES
X-VCT
X-Passed-To-PostProcessResponse
X-Phone
X-Policy
X-LI-UUID
X-MI-In-Market
X-Passed-To-DLL
X-Node-Id
X-Stale
X-Passed-To
X-Nginx-Cache-Key
X-Passed-To-BeforeDispatch
Cache-Cookie-Set-From
X-LI-Proto
X-Sf
X-Hnp-Log
X-Thanos
X-Returned-From
X-P-T
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Request-UUID
X-Swa-Ws
X-Li-Pop
X-RCS-CacheZone
X-Li-Fabric
X-SVT-ORM-VERSION
X-Instance-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Worker
Web-Mar-Node
MI-Cache
MI-Cache-Age
X-Info
True-Client-Country-4JS
X-Variation
X-Block-Status
X-Bip
X-Cache-FS-Status
Is-Eu
Request-EU
Pragrma
Request-Country
X-Actual-URL
On-Server
Platform
Odigeo-Trace-Id
X-Cache-Debug
Magicmarker
X-Crawler
X-Core-Mission
X-Server-IP
X-WebServer
X-CUA
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Server-Int
X-Dynatrace-Js-Agent
Fastly-Backend-Name
Kp-EeAlive
X-Cache-Expires
Backend-Name
Adler-Geo
X-Device-Os
Esi-Enabled
Uber-Trace-Id
X-Datadome
X-NC
X-Parent-Response-Time
REQUESTUUID
CDCHOST
X-Refresh
X-MSEdge-Features
Proxy-Connection
Group
V-Cache
MI-API
X-Newrelic-Synthetics
X-MSEdge-Flight
Pagetype
X-Unique-Id-Primal
X-Fstrz
X-Cache-CFC
X-Owner
X-Page-Type
X-NODE
Amp-Access-Control-Allow-Source-Origin
HTTPS
X-DC
Who
X-HOST
Cteonnt-Length
RequestId
X-Pjax-Url
X-Be
X-Req
Fusion-Source
X-Kong-Proxy-Latency
Fusion-Template-Id
Fusion-Component-Id
X-Kong-Upstream-Latency
Fusion-Content-Source
Fusion-Content-Id
X-SN
X-Servername
X-Backend-TTL
MIME-Version
X-GZip
X-Cache-Srv
X-Oracle-Dms-Ecid
Cdn
NodeID
Memory
X-Ms-Lease-State
X-Origin-TTL
Mime-Version
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Server-Group
ProcessTime
X-Content-Age
X-Aicache-OS
X-Servedbyhost
SD-X-WS
SS
X-Protected-By
VIX-Pulpo-Upstream-Status
CF-IPCountry
VIX-Pulpo-Node
X-BB-IP
A
X-Wa
X-ND-Cache
GeoIP-Country-Code
X-COUNTRY
X-Ckpd-Fst-Backend
X-Origin-Host
X-Origin-Date
GeoIP-Latitude
PageType
X-Origin-Expires
CDN
X-SRV
X-Varnish-Beresp-TTL
Get-Access-Time
X-StackifyID
Is-Session-Tracking
XServer
X-Pf-Uncompressing
X-B3-Traceid
X-APP
Processtime
GeoIp-Country-Code
X-Unique-Id
X-WA
X-Varnish-Url
Geoip-Latitude
X-PHP-Host
Serverid
X-Fastly-Country-Code
Node
X-Cache-Info
Vix-Hermes-Req-Id
Cache-Tv-Group
X-Load-Cache
X-Requestid
PICS-Label
X-Proxy-Cache-Status
X-Proxy-Upstream
X-Ratelimit-Remaining
X-CSRF-Token
Cf-Ipcountry
X-Generation-Time
X-Fastly-Cache-Hits
X-RateLimit-Limit-Second
X-Gdpr
X-RateLimit-Remaining-Second
X-Nananana
Nel
X-FireWall-Port
X-ID
X-ServedByHost
X-BACKEND-TTL
RATING
X-RequestId
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-SERVER-NAME
Cache-Provider
X-Check-Cacheable
DataCenter
X-Planisys-CDN-Rules
Request-Time
URI
X-HS-Status
WP-Super-Cache
X-CS
X-UPSTREAM-Address
X-EC-Security-Audit
X-Server-W
X-FORWARDED-FOR
Hostname
X-Front
X-Micro-Cache
Host-ID
X-GZIP
PFcat
X-NGINX-Cache
X-GEO
X-Debug-Cache-Expiry
X-Surge-Debug
X-Debug-Cache-Store
X-Fastly-Backend-Reqs
T-Server
X-GDPR
NGX
X-Debug-Cache-Fetch
X-WR-MODIFICATION
WebServer
X-B3-SpanId
X-FB-TRIP-ID
X-BE
X-VarnPar1
X-Svr
X-VarnCache
ServerName
X-VG-WebCache
X-HTML-Edge-Cache
X-ServerName
X-Fe
X-PARISIEN-Cache-Rendered
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
X-HTML-Minification-Powered-By
X-Swift-Error
X-Atg-Version
X-PF-Uncompressing
X-M-Log
X-M-Reqid
Lfy
Https
Requestid
X-Generated-On
X-Instart-Info
X-VarnPar2
X-Level-Front-Cache
X-Cdn-Srv
RequestUuid
X-Qnm-Cache
X-PJAX-URL
X-IPS-LoggedIn
Ohc-File-Size
Pics-Label
Ohc-Response-Time
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-Vcache
X-From-Cache
X-Cache-Ttl
N-Cache
X-Alicdn-Da-Ups-Status
X-SB
X-VC
X-Distil-Cs
X-PAGE-TYPE
Load-Balancing
X-ARC
X-Gen-Id
X-Skip-Cache
X-Serial
SID
Build-Number
Cdn-Src-Port
X-Dw-Trace-Id
X-RAMCache
X-Grace-Duration