Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Request-Id
X-Timer
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
X-Request-ID
Upgrade
X-Type
WPE-Backend
X-Pass-Why
Keep-Alive
X-Cache-Group
X-AH-Environment
CF-Ray
Xkey
P3p
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Nginx-Cache-Status
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Kinja-Server-Push
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Ua-Compatible
X-Page-Speed
Request-Context
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Response-Time
X-Host
Surrogate-Control
X-Rq
X-OneAgent-JS-Injection
X-Cnection
X-Node
X-Backend-Server
X-Readtime
Server-Timing
X-Rack-Cache
Report-To
X-Server-Id
Request-Id
EagleEye-TraceId
X-Application-Context
Feature-Policy
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Clacks-Overhead
Edge-Control
NEL
Rating
X-Country
X-Url
X-Server-Name
X-Varnish-TTL
X-MS-InvokeApp
X-Px
X-DataDome
Allow
X-DynaTrace
Pinterest-Generated-By
X-Country-Code
X-TTL
X-Dns-Prefetch-Control
X-Origin-Cache
X-Vhost
X-Vname
X-TtlSet
X-PC
X-Cached
X-FTR-Request-ID
X-Server-ID
RTSS
X-ESI
X-Ruxit-JS-Agent
X-Goog-Hash
SPRequestGuid
Charset
X-VARITI-CCR
X-Trace
X-Powered-By-Plesk
X-Powered-CMS
X-SharePointHealthScore
Accept-CH
X-DynaTrace-JS-Agent
X-GitHub-Request-Id
X-Dispatcher
X-T
Public-Key-Pins
X-D2id
X-Mod-Pagespeed
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-F-Cache
Verso
Content-MD5
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Oracle-Dms-Rid
X-B3-TraceId
MS-Author-Via
X-Version
SPIisLatency
SPRequestDuration
X-Shield-Request-Id
X-Recruiting
X-Abt-Application-Version
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Client-IP
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-DIS-Request-ID
X-N
X-Navigation-Version
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Pinterest-Rid
Pinterest-Version
X-Upstream-Env
X-ORACLE-DMS-RID
X-Amz-Rid
X-B
X-Upstream
X-Fastly-Request-ID
X-Dw-Request-Base-Id
DynaTrace
X-Origin-Upstream-Status
X-SRCache-Store-Status
X-Ser
X-SRCache-Fetch-Status
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
Fastly-Restarts
X-Hits
TCN
Realpath
Paypal-Debug-Id
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
Access-Control-Request-Method
S
X-Content-Digest
X-Id
X-Debug
X-Varnish-Age
Front-End-Https
X-Oneagent-Js-Injection
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Vcap-Request-Id
X-MSEdge-Ref
X-Use-Magma
X-Frontend
X-IPLB-Instance
X-RateLimit-Remaining
Edge-Cache-Tag
X-ATG-Version
X-FTR-Balancer
X-PressLabs-Stats
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Expires
X-FTR-Backend-Server
X-Kinsta-Cache
X-Amz-Cf-Pop
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-Cache-Hit
Surrogate-Key
X-Sol
X-Middleton-Display
Display
X-Forwarded-For
Rt-Fastcgi-Cache
Fastcgi-Cache
X-FastCGI-Cache
X-Request-Received
Powered-By-ChinaCache
X-Request-Processing-Time
X-B3-TraceId-Primal
X-Edge-Location
X-Zen-Fury
X-Analytics
Backend-Timing
X-Litespeed-Cache
X-Webkit-Csp
Ar-Sid
Server-Name
X-Rid
X-Amzn-Trace-Id
X-Debug-Info
X-Revision
Host
X-User-Agent
TP-L2-Cache
X-FTR-Cache-Host
TP-Cache
FilterID
X-Akam-SW-Version
AMP-Access-Control-Allow-Source-Origin
X-CF-Powered-By
X-Middleton-Response
Response
X-HS-Cache-Config
X-TA-CDN-Provider
X-Mobile
X-Grace
X-Cache-Key
X-Drupal-Cache-Tags
AR-Request-ID
X-SS-Set-Cookie
X-NewRelic-App-Data
X-Magnolia-Registration
X-Newrelic-App-Data
X-SERVER
X-Ttl
Cache-Status
X-Accel-Expires
Refresh
X-Fastcgi-Cache
X-Cached-By
Host-Header
X-GUploader-UploadID
X-B3-Sampled
ServerID
X-Varnish-Backend
X-AOL-HN
X-Webkit-CSP
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Cluster
X-FB-Debug
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-NWS-LOG-UUID
X-Akamai-Edgescape
X-Signature
X-Platform-Server
X-Cache-Control
X-Whom
X-Cache-2
X-B-Cache
Eomportal-Instance
X-Varnish-Hostname
X-Page-Id
X-App-Environment
X-Device-Type
X-BCube-Filmed-By
X-VCache
X-Framework
X-Ruxit-Js-Agent
X-LB-Cache
X-Generated-By
X-Handled-By
Cleartype
X-Request-Guid
X-Srv
Cache-Tag
X-AppVersion
X-Az
X-Cache-Rule
X-Drupal-Cache-Contexts
X-Activity-Id
Liferay-Portal
DC
X-Cache-Action
X-Via-JSL
X-WPE-Loopback-Upstream-Addr
X-App-Server
X-Cache-Server
Source
X-Content-Powered-By
Alternate-Protocol
MS-CV
Retry-After
Public-Key-Pins-Report-Only
X-App-Version
X-Hostname
X-HS-Combine-CSS
X-Varnish-Grace
HostName
X-Geo-Country
X-WA-Info
X-Correlation-Id
X-Amz-Replication-Status
X-Wix-Request-Id
X-Seen-By
X-Varnish-Server
X-Esi
X-TT
ViewerVersion
Server-Node
Accept-Charset
Pagespeed
X-URL
X-Daa-Tunnel
Webserver
Upgrade-Insecure-Requests
X-Response-Served-From
X-Tumblr-Pixel-1
AsisCache
X-Cache-NE
X-Tumblr-Pixel-2
X-Geo-Segment
X-WebKit-CSP-Report-Only
X-GeoIP
X-Amzn-RequestId
X-Locale
Actual-Object-TTL
X-Amz-Apigw-Id
SRV
AR-SID
GEO-INFO
X-RequestSource
X-Varnish-Hits
ServedBy
X-Jobs
X-FW-Server
X-UUID
X-FW-Static
X-Yottaa-Metrics
X-FW-Type
X-Yottaa-Optimizations
X-FW-Serve
X-FW-Hash
Viewport
X-S
X-Contextid
X-Edge-Cache
X-Edge-Cache-Key
X-Servedby
Payment
X-Status
X-TX-ID
X-Varnish-IP
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-Origin-Server
X-TT-TIMESTAMP
X-Cache-TTL-Remaining
X-Vg-Webcache
Cache
X-Correlation-ID
S-Cnection
X-Hyper-Cache
X-Forwarded-Host
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-Cache-Age
X-RateLimit-Limit
Datacenter
Server-Info
X-XRDS-LOCATION
CACHE
X-Real-IP
Served-By
X-Region
X-Sucuri-ID
X-Akamai-Request-ID2
X-Mode
X-CLOUD-TRACE-CONTEXT
Access-Control-Allow-Method
X-DataStream-Cache-Status
X-GRACE
Country
Healthy
From-Origin
X-Content-Type
Meta-Geo
X-Cache-Config
X-L-Path
Machine
Fastcgi-X-Cache-Version
Fastcgi-X-Cache
X-Cache-Var
X-Rule
X-Environment-Context
X-Generated
X-Is-Bot
X-Detected-As
X-Rendered-As
X-Routing-Service
X-Cache-Var-Map
X-RN-RSRV
X-JoinUs
X-Proxied
X-Upgrade-Enabled
X-Zipkin-Id
X-Path-Route
X-Site-Version
X-Ocache
X-Proxy
X-Access
X-Akamai-Transformed
X-Format
X-Via-CDN
X-Birta-Served
X-EIG-Tracking-Id
X-Viewer-Country
X-Request-Time
X-Hosted-By
X-Grey
X-Human
X-NGENIX-Cache
L5d-Success-Class
X-Amz-Meta-Surrogate-Control
DB-Nickname
X-Cache-Category-Id
X-Birta-Cache-Post
X-Section
X-CDN-Cache
X-Ezoic-Cdn
Fastcgi-Useragent
X-Agile
X-Agile-Id
X-Agile-Age
Now
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-Country
X-Pc-Appver
OT-Force-Account-Verify
Cache-Name
X-Pc-Hit
X-PCL
Property-Id
S-Rt
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Webcakes-App-Name
X-Origin-Hint
X-Microcachable
X-ServerID
X-Pc-Key
X-OCL
X-Hit
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-Loop
Xserver
X-TNCMS
X-Via-Fastly
X-CCM
X-Tb
X-RemovedCookies
X-Web-Node
HitType
X-ProxyCache-Key
X-ProxyCache-Status
X-Pubstack
X-ProcessESI
X-Xfnlog-Site
X-Original-Request
X-OVcl
X-Upstream-HT
X-BYPASS-REASON
X-Cluster-Node
X-OVcl-Cache
X-Upstream-CT
X-VG-TLSProxy
X-Origin
X-IP
HitInfo
Azure-SlotName
Azure-Version
Azure-SiteName
X-Cdn
Azure-RegionName
Azure-InstanceId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Www-Served-By
Accept-Language
X-Proxy-Build
X-Timing-Wait
Origin-Edge-Control
Origin-Cache-Control
X-ShardId
X-TIME
Mn-Server-Ip
LB
Selected-FE
X-LJ-Flow-ID
X-App-Name
X-AWS-Id
Ms-Operation-Id
X-SplitTest
X-Connection-Hash
X-Twitter-Response-Tags
X-Rocket-Nginx-Bypass
X-Transaction
X-VWS-Id
X-RTag
X-Geo
X-Cache-Enabled
NGB
X-TWH-CORRELATION-ID
Content-Script-Type
X-Source
IBM-Web2-Location
X-Cdn-Forward
Content-Style-Type
Filters
Access-Control-Request-Headers
Time
X-Unique-ID
Cache-Hits
X-NodeID
X-Guploader-Uploadid
X-Cache-Remote
X-Internal-Host
X-Real-Ip
X-NCache
X-Nginx-Cache
X-Origin-CC
X-Pc-Date
X-Port
X-Pc-Host
X-Tumblr-Pixel-3
X-Ms-Request-Id
X-CACHE-KEY
X-Ms-Version
X-Ms-Lease-Status
NtCoent-Length
X-Ms-Blob-Type
X-Cache-TTL
X-UA
X-Proto
X-MP-GENERATED-AT
We-Hiring
Mail-Subject
X-UA-Device-Type
X-Edge-IP
Backend
X-Distil-CS
X-Storage
X-Vgn-Hpd-Reason
X-PHP-Backend
X-Varnish-Cacheable
X-Debug-Cache
X-Ua
X-Time-Microsecs
X-APP-VERSION
X-Webstats-RespID
PageSpeed
X-Backend-Name
X-CACHE-GROUP
Cache-Tags
X-Csrf-Token
X-Akamai-Request-ID
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Ratelimit-Limit
X-Varnish-Beresp-Status
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Endurance-Cache-Level
User-Agent
Warning
X-EdgeConnect-Cache-Status
X-Dc
X-B3-Spanid
X-PERF
X-Redis-Cache
X-Sucuri-Cache
X-Nc
X-ApacheServer
X-Mshield-Cache-Status
X-Mrs-Age
X-Mrs-Cache
X-Mrs-Cache-Hits
X-ElasticPress-Search
Fastly-SSL
X-CACHE-AGE
X-Origin-Response-Time
X-C
BehaviorPad-Version
X-B-Cookie
X-F5-Cache
Ajk
X-A-Dgt
Odigeo-Trace-Id
X-Irp-Debug
Arc-Country
X-Backend-Host
X-Application
X-Backend-Url
Rendered-Blocks
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
Xc-Version
X-A-Dam
X-BB-ID
X-IN-WAF
X-A-Dcw
Powered-By
X-External-Request-Id
X-Amz-Meta-Cache-Control
X-PAYTM-SRV-ID
X-Fetched-On
HA-Geocity
HA-Geocountry
HA-Cloudapp
GMS-Ver
X-Logtrace-Id
X-Aed
HA-Geolat
HA-Geolon
HA-Servedtime
HA-Urlpath
HA-Ipaddr
HA-Host
HA-Georegion
Ha-Gx-Prefs
FSS-Proxy
FSS-Cache
Content-Disposition
Mobile-Detection-Method
X-Store
X-NU-AKA-ACS-Version
X-NX-Host
Cache-Prefix
X-A-Wwc
Meta-Geo-Continent
Fly-Cache
Fly-Request-Id
X-From
MD5-Digest
Ec-Rule-Version
X-Accel-Expires-Debug
X-Org
X-Croise-Owner
X-Died
X-Destination
X-Cache-Host
X-A
X-Server-By
TSSecure
X-ScT
X-Generated-In
X-Rojux
X-Rewrite-Enabled
X-GeoIP-Country-Code
SN
X-Region-Sid
X-UE-Client-Country
X-Trv-Group
X-Sn-Servicetimems
X-CGP
X-SRCache-Key
X-Cdn-Origin
X-CF-Lambda-Fn
X-CF-Lambda-Version
VivaBuild
Viewtype
X-G
UCS
V-Age
X-Server-Time
X-Developer
X-Cache-Bucket
X-S-Cookie
Rt-Proxy-Cache
X-Hash
X-Eu-Site
X-Debug-Log
X-Cache-Backend
X-BBXSRF
X-D
Resin-Trace
X-Date
X-Via-SSL
Server-Host
X-Varnish-Beresp-Ttl
X-A-Ccd
X-VG-WebServer
X-Debug-Cookies
X-DPWN-IS-SECURE
X-Via-Edge
Cache-Key
RNT-Machine
Release
Thinkindot-CacheControl
RNT-Time
Server-ID
X-Key
Heartbleed
X-Hl-Ver
X-Hello
Pramga
X-Matched-Rule
IsBot
X-FW-Version
X-Layer
X-Location
Thinkindot-Control
Memcached
Thinkindot-CacheControl-Type
X-GeoIP-City
X-ABtesting
Origin
AKAMAI
Www
X-Via-NSCOPI
X-Core-Value
X-Var-Ttl
X-Dispatcher-Server
X-Epic-Correlation-Id
X-VServer
X-Request-Start
X-Release
X-Wikidot-Backend
X-Request-URI
X-Response-By
X-S-Maxage
X-Dynatrace-Js-Agent
X-Thinkindot-L3
X-Server-IP
X-ServiceProvider
X-Developers
X-SIPLIST1
X-Trace-Id
X-UnsetCookies
X-Cache-Id
X-V
X-User
X-Clientip
X-Wikidot-Static-Cache
X-Worker
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Countrycode
Country-Code
X-No-Session
X-Flog
Frame-Options
X-MServer
Fastly-SWR
Fastly-Soc-X-Request-Id
Fastly-SIE
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Cache-URL
X-We-Are-Hiring
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Qloud-Router
X-Platform
Apple-News-Services-Host
Apple-News-Services-Handled
X-Auto-Login
X-Backend-State
GW-Server
Version
X-Datadome
X-NC
X-Secret
X-Sentry-ID
X-Served-From
X-Device-Os
X-Returned-From
X-Distributor
X-Returned-From-DLL
X-Returned-From-PostProcessResponse
X-Sf
X-Returned-From-BeforeDispatch
X-Stale
X-Variation
X-Varnish-Action
X-VCT
X-WebServer
X-Up
X-Thanos
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-Request-UUID
X-RCS-CacheZone
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-MI-In-Market
X-Li-Fabric
X-Instance-Name
X-Gen-Mode
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hnp-Log
X-Info
X-Nginx-Cache-Key
X-Node-Id
X-Passed-To-PostProcessResponse
X-Phone
X-Policy
X-Powered-By-ANYU
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Owner
X-Fastly-Cache
X-P-T
X-Passed-To
X-Gannett-Site-Version
Web-Mar-Node
Magicmarker
MI-Cache
Kp-EeAlive
Fastly-Backend-Name
Esi-Enabled
MI-Cache-Age
On-Server
Request-EU
Section-Io-Cache
Request-Country
Pragrma
Platform
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Newrelic-Synthetics
X-CUA
Pagetype
X-Oss-Request-Id
X-Oss-Server-Time
Cache-Cookie-Set-From
Backend-Name
Adler-Geo
X-Oss-Storage-Class
Server-Int
Is-Eu
X-Block-Status
X-Actual-URL
WZWS-RAY
X-Cache-Debug
X-Cache-Expires
X-Crawler
X-Core-Mission
User-Cache-Control
X-Bip
True-Client-Country-4JS
Uber-Trace-Id
X-NWS-UUID-VERIFY
X-CDN-Forward
X-TT-LOGID
X-Cache-FS-Status
X-MSEdge-Flight
CDCHOST
X-Refresh
X-NODE
X-HOST
X-MSEdge-Features
X-DC
X-Cache-CFC
Proxy-Connection
X-Fstrz
REQUESTUUID
MI-API
X-Page-Type
Group
RequestId
X-Backend-TTL
X-Parent-Response-Time
X-Unique-Id-Primal
X-SN
HTTPS
V-Cache
Who
X-Servername
X-Kong-Upstream-Latency
Cteonnt-Length
X-Req
X-Cache-Srv
X-Kong-Proxy-Latency
X-Pjax-Url
X-Be
MIME-Version
Fusion-Source
NodeID
X-Ms-Lease-State
X-Time
X-Oracle-Dms-Ecid
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Amp-Access-Control-Allow-Source-Origin
X-Origin-TTL
ProcessTime
X-GZip
Memory
Cdn
Mime-Version
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-Servedbyhost
X-BB-IP
CF-IPCountry
X-Ckpd-Fst-Backend
X-Protected-By
SS
X-Aicache-OS
X-ND-Cache
X-Server-Group
X-Content-Age
SD-X-WS
X-Wa
X-COUNTRY
GeoIP-Country-Code
A
X-SRV
CDN
GeoIP-Latitude
X-Varnish-Beresp-TTL
PageType
Is-Session-Tracking
Get-Access-Time
X-Origin-Expires
X-Origin-Date
X-APP
XServer
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Origin-Host
X-Varnish-Url
X-Pf-Uncompressing
X-B3-Traceid
Serverid
X-Fastly-Country-Code
X-Unique-Id
GeoIp-Country-Code
X-StackifyID
Geoip-Latitude
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-Info
X-Generation-Time
PICS-Label
X-Requestid
X-WA
X-Ratelimit-Remaining
Processtime
X-CSRF-Token
X-FireWall-Port
Node
X-Fastly-Cache-Hits
X-PHP-Host
X-Gdpr
X-Nananana
Nel
X-ID
X-Load-Cache
X-Proxy-Cache-Status
Cf-Ipcountry
X-Proxy-Upstream
Vix-Hermes-Req-Id
X-SERVER-NAME
X-CS
X-Check-Cacheable
URI
X-RequestId
X-EC-Security-Audit
DataCenter
Cache-Tv-Group
X-GEO
X-HS-Status
X-GZIP
X-UPSTREAM-Address
X-Server-W
X-ServedByHost
X-FORWARDED-FOR
Hostname
Cache-Provider
X-NGINX-Cache
T-Server
X-BACKEND-TTL
X-Surge-Debug
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
NGX
X-Planisys-CDN-Rules
X-Vcache
X-Fastly-Backend-Reqs
X-WR-MODIFICATION
X-HTML-Minification-Powered-By
X-HTML-Edge-Cache
WP-Super-Cache
Request-Time
X-M-Log
X-M-Reqid
X-B3-SpanId
X-Qnm-Cache
X-VG-WebCache
X-Fe
X-BE
X-Micro-Cache
X-PF-Uncompressing
X-DataStream-MidMile-RTT
Host-ID
PFcat
X-DataStream-Origin-MEX-Latency
X-Atg-Version
X-PJAX-URL
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-GDPR
X-Alicdn-Da-Ups-Status
ServerName
RequestUuid
Requestid
X-ServerName
X-Front
X-IPS-LoggedIn
Load-Balancing
Https
X-Akamai-SSL-Client-Sid
X-Amz-Meta-S3b-Last-Modified
X-SB
X-VarnCache
X-Distil-Cs
X-Skip-Cache
X-From-Cache
X-ARC
WebServer
X-VC
N-Cache
X-PARISIEN-Cache-Rendered
X-Svr
X-Cache-Ttl
X-PAGE-TYPE
X-VarnPar1
X-FB-TRIP-ID
Pics-Label
X-Instart-Info
X-VarnPar2
X-Swift-Error
X-Serial
X-Level-Front-Cache
X-Generated-On
X-Proxy-Server
X-RAMCache
X-Gen-Id
X-Feature
X-Dw-Trace-Id
Build-Number
Cdn-Src-Port
X-Grace-Duration
SID