Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
CF-RAY
ETag
Link
Expect-CT
X-XSS-Protection
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
X-Request-Id
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
X-Runtime
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Adblock-Key
X-Check
Alt-Svc
X-Cacheable
X-Generator
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Cache-Status
X-AspNetMvc-Version
X-Permitted-Cross-Domain-Policies
X-Iinfo
X-Template
Status
X-Language
Timing-Allow-Origin
X-Content-Security-Policy
X-Buckets
Content-Encoding
X-CDN
X-Kinja-Server-Push
Xkey
X-Turbo-Charged-By
X-Ua-Compatible
Upgrade
X-Type
Access-Control-Expose-Headers
Keep-Alive
WPE-Backend
X-Pass-Why
Access-Control-Max-Age
X-Backend
X-AH-Environment
CF-Ray
X-Cache-Group
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Via
X-Request-ID
X-Proxy-Cache
Grace
X-Pingback
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Hacker
X-UA-Device
X-Varnish-Cache
EagleId
X-Page-Speed
Request-Context
X-LiteSpeed-Cache
Cf-Railgun
X-Envoy-Upstream-Service-Time
X-Swift-SaveTime
X-Swift-CacheTime
X-CST
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Amz-Version-Id
X-Ac
X-OneAgent-JS-Injection
X-Node
Server-Timing
Feature-Policy
X-Cnection
X-Iejgwucgyu
X-Response-Time
X-Rq
Allow
X-Cache-Lookup
Content-Location
X-Backend-Server
Report-To
EagleEye-TraceId
X-Readtime
Surrogate-Control
X-Host
X-Application-Context
Request-Id
X-Url
X-ORACLE-DMS-ECID
X-Rack-Cache
P3p
X-Origin-Cache
X-Clacks-Overhead
X-Country
NEL
Rating
X-FTR-Request-ID
X-Cloud-Trace-Context
X-Country-Code
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-DataDome
X-Instart-Request-ID
X-Px
X-Vhost
X-MS-InvokeApp
X-Ruxit-JS-Agent
Charset
X-Mod-Pagespeed
X-VARITI-CCR
Edge-Control
Accept-CH
X-Varnish-TTL
X-Goog-Hash
X-GitHub-Request-Id
Verso
X-DynaTrace
PB-PID
X-Mobile-Rewrite
Arc-Version
PB-RID
X-Version
X-Server-Name
X-ESI
X-TtlSet
X-PC
X-Vname
Pinterest-Generated-By
X-TTL
X-Cdn
X-D2id
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-B3-TraceId
X-Cached
X-Origin-Upstream-Status
SPRequestGuid
X-Dispatcher
X-Upstream-Env
X-Powered-CMS
X-ORACLE-DMS-RID
X-Abt-Application-Version
X-T
X-SharePointHealthScore
RTSS
Accept-CH-Lifetime
MS-Author-Via
X-Recruiting
X-Trace
Public-Key-Pins
X-Navigation-Version
X-Shield-Request-Id
Content-MD5
AR-ATIME
X-SRCache-Store-Status
X-DIS-Request-ID
AR-CACHE
X-SRCache-Fetch-Status
AR-PoweredBy
X-Amz-Rid
SPIisLatency
X-HW
SPRequestDuration
X-Fastly-Request-ID
Realpath
X-Client-IP
Arr-Disable-Session-Affinity
X-Oracle-Dms-Rid
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Forwarded-Proto
X-F-Cache
X-B
X-DynaTrace-JS-Agent
X-Upstream
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Ser
X-Goog-Metageneration
X-Goog-Generation
X-Amz-Meta-S3cmd-Attrs
X-Via-JSL
X-Pinterest-Rid
Pinterest-Version
Service-Worker-Allowed
X-Dw-Request-Base-Id
X-Id
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-Vcap-Request-Id
X-FTR-Expires
X-Varnish-Age
Front-End-Https
Paypal-Debug-Id
AR-Request-ID
X-Dns-Prefetch-Control
X-Server-ID
Nginx-Cache
X-Goog-Storage-Class
X-Debug
X-Ttl
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Acc-Meta-Resource-Type
X-Aspnet-Version
X-MSEdge-Ref
X-Hits
X-Kinsta-Cache
X-XRDS-Location
X-NF-Request-ID
X-N
X-FTR-Cache-Host
X-Logged-In
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-NewRelic-App-Data
S
Ar-Sid
X-Frontend
X-Akam-SW-Version
X-HS-Hub-Id
X-HS-Content-Id
X-Grace
AMP-Access-Control-Allow-Source-Origin
X-PressLabs-Stats
Alternate-Protocol
X-User-Agent
X-Forwarded-For
DynaTrace
Tracecode
X-Cache-Key
X-DataStream-Cache-Status
X-TA-CDN-Provider
X-CACHE-GROUP
X-Amzn-Trace-Id
X-Pad
X-FastCGI-Cache
Server-Name
X-Content-Digest
Refresh
X-Analytics
Backend-Timing
Accept-Charset
X-Content-Options
X-AppVersion
Access-Control-Request-Method
MicrosoftSharePointTeamServices
X-Sol
X-Activity-Id
X-Middleton-Display
Display
X-Az
X-Debug-Info
X-Page-Id
FilterID
Powered-By-ChinaCache
X-CF-Powered-By
X-Rid
Host
X-LB-Cache
X-Zen-Fury
MS-CV
X-Content-Type
X-IPLB-Instance
X-Magnolia-Registration
ServerID
Fastcgi-Cache
TP-Cache
TP-L2-Cache
X-Middleton-Response
Response
TCN
Cache-Status
X-Mobile
X-Cache-Hit
X-Content-Powered-By
Surrogate-Key
X-Hostname
X-VCache
X-Fastcgi-Cache
X-ATG-Version
X-Ruxit-Js-Agent
X-WA-Info
Rt-Fastcgi-Cache
X-Seen-By
X-RateLimit-Remaining
X-XRDS-LOCATION
X-Srv
X-B3-Sampled
X-Cached-By
X-Varnish-Backend
X-Revision
X-Request-Received
X-Request-Processing-Time
X-GUploader-UploadID
X-Cache-Age
X-Cache-Action
X-Cluster
VIX-Pulpo-Upstream-Status
X-SS-Set-Cookie
VIX-Pulpo-Node
X-Whom
X-Instance
X-Signature
X-Content-Security-Policy-Report-Only
X-B-Cache
X-Edge-Location
X-Platform-Server
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-PHP-Backend
Cleartype
X-Tumblr-User
X-Request-Guid
X-Handled-By
X-Akamai-Edgescape
Source
X-Framework
X-Drupal-Cache-Tags
X-TT
X-Wix-Request-Id
X-Cache-Control
X-Origin-Server
ViewerVersion
X-App-Environment
Server-Info
X-NWS-LOG-UUID
X-BCube-Filmed-By
X-Cache-Rule
Host-Header
X-Cache-2
X-AOL-HN
X-Generated-By
DC
X-Varnish-Hostname
X-App-Server
Retry-After
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Geo-Country
Eomportal-Instance
Server-Node
X-FW-Hash
X-Varnish-Server
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-Correlation-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-FB-Debug
Webserver
Payment
X-Device-Type
X-Amz-Server-Side-Encryption
X-Response-Served-From
Actual-Object-TTL
Access-Control-Allow-Method
Edge-Cache-Tag
ServedBy
X-TT-TIMESTAMP
AsisCache
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hits
X-WebKit-CSP-Report-Only
Ms-Operation-Id
NGB
Content-Style-Type
X-Cacheable-TTL
X-Region
X-Varnish-Grace
Content-Script-Type
X-RTag
GEO-INFO
X-Real-IP
Healthy
X-Drupal-Cache-Contexts
X-TX-ID
Viewport
X-Servedby
X-Varnish-IP
X-UUID
X-Adobe-Content
X-Contextid
X-Adobe-Loc
X-Amz-Replication-Status
Upgrade-Insecure-Requests
X-Jobs
Cache
From-Origin
Filters
X-Locale
X-Rendered-As
Country
X-Accel-Expires
X-UA-Device-Type
Cache-Tv-Group
X-WPE-Loopback-Upstream-Addr
X-Cache-Config
X-RequestSource
X-Cache-Server
X-Cache-TTL-Remaining
X-BACKEND-TTL
X-Esi
X-Cache-Operation
HitType
X-VG-WebCache
X-Ezoic-Cdn
Pagespeed
X-Cache-Remote
X-APP-VERSION
Fastly-Restarts
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Storage
X-Cache-TTL
X-Oneagent-Js-Injection
Fastcgi-Useragent
X-S
X-Content-Age
X-Upgrade-Enabled
Cache-Tags
X-Hit
X-Daa-Tunnel
X-Redis-Cache
X-FW-Dynamic
X-Cache-NE
Served-By
X-RateLimit-Limit
Datacenter
Cache-Tag
X-Cache-Var-Map
X-Is-Bot
Load-Balancing
X-Cache-Var
X-Backend-Name
X-Rule
X-Path-Route
X-RN-RSRV
X-Status
X-Mode
X-Generated
Machine
X-Detected-As
X-Hl-Ver
X-JoinUs
X-Internal-Host
Meta-Geo
Origin-Edge-Control
SRV
Origin-Cache-Control
X-NCache
X-NGENIX-Cache
X-Source
X-ProxyCache-Status
X-Birta-Served
X-ProxyCache-Key
X-Birta-Cache-Post
Cache-Key
X-Agile
X-Tb
X-Proxy
Now
Vix-Hermes-Req-Id
X-Agile-Age
X-Akamai-Request-ID
X-Agile-Id
X-Pubstack
X-Origin-Response-Time
X-Labrador-Cache-Channel
X-L-Path
X-Loop
X-CDN-Cache
X-Origin-Host
X-Edge-IP
X-Grey
X-Www-Served-By
X-Web-Node
X-Hosted-By
X-FC-Vary-Parameters
X-Environment-Context
X-Cache-Category-Id
X-TNCMS
X-Time-Microsecs
X-BYPASS-REASON
X-PERF
X-ServerID
X-PCL
X-Timing-Wait
Cache-Name
X-Varnish-Cacheable
X-Viewer-Country
X-Proxy-Build
X-Human
X-IP
X-Via-Fastly
X-ProcessESI
X-OCL
X-Origin
X-ApacheServer
X-Original-Request
X-Pc-Hit
X-Pc-Appver
X-RemovedCookies
X-Pc-Key
Selected-FE
Xserver
X-CCM
X-Akamai-Transformed
Public-Key-Pins-Report-Only
X-Varnish-Cache-Hits
X-Debug-Cache
X-Format
X-VG-TLSProxy
X-Site-Version
X-Guploader-Uploadid
X-GeoIP
DB-Nickname
NtCoent-Length
Azure-SlotName
S-Rt
Azure-RegionName
X-Access
We-Hiring
Azure-SiteName
X-MP-GENERATED-AT
X-Xfnlog-Site
Mail-Subject
Azure-Version
X-App-Version
X-Section
Azure-InstanceId
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
TWC-GeoIP-LatLong
S-Cnection
Liferay-Portal
Webcakes-App-Version
User-Cache-Control
X-Ocache
X-Origin-Hint
TWC-GeoIP-Country
Fastcgi-X-Cache-Version
Property-Id
TWC-Device-Class
TWC-Connection-Speed
AR-SID
X-Sucuri-ID
X-App-Name
X-Zipkin-Id
X-Cache-Enabled
X-Request-Time
X-Routing-Service
X-Proxied
X-Protected-By
X-Microcachable
X-Nginx-Cache
X-Cdn-Forward
X-EdgeConnect-Cache-Status
Access-Control-Request-Headers
X-UA
X-Tumblr-Pixel-3
X-CACHE-KEY
X-FW-Version
X-Webstats-RespID
X-GEO
X-DataStream-MidMile-RTT
X-FB-TRIP-ID
X-Origin-CC
User-Agent
X-DataStream-Origin-MEX-Latency
X-Upstream-HT
X-Upstream-CT
X-GRACE
X-Upstream-Proxy
PageSpeed
X-Proto
X-Trace-Id
LB
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-TIME
X-Correlation-ID
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Powered
X-Forwarded-Host
X-Ua
X-Node-Name
Cache-Hits
Ohc-File-Size
X-Nc
X-Pc-Host
X-Cache-Backend
X-Endurance-Cache-Level
X-Edge-Cache
X-Pc-Date
X-Edge-Cache-Key
X-ES-SERVER
X-Varnish-Beresp-Ttl
X-ElasticPress-Search
X-OVcl-Cache
HostName
X-Unique-ID
X-B3-Traceid
X-OVcl
X-Origin-TTL
X-Dynatrace-Js-Agent
Frame-Options
X-Server-Cache
L5d-Success-Class
Section-Io-Cache
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Reason
Fastcgi-X-Cache
IBM-Web2-Location
Nel
X-V
X-Parent-Response-Time
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Cache-Host
X-Cache-FS-Status
X-Micro-Cache
X-NU-AKA-ACS-Version
X-Cdn-Srv
X-From
Fastly-SWR
Fly-Cache
Fly-Request-Id
Fastly-SIE
MD5-Digest
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Ec-Rule-Version
X-Fetched-On
X-CF-Lambda-Version
X-Died
X-Developer
X-Destination
X-Date
X-Distil-CS
X-DPWN-IS-SECURE
GMS-Ver
X-External-Request-Id
X-Connection-Hash
Memcached
Country-Code
X-IN-APIGATEWAY
X-Cache-Id
Mobile-Detection-Method
X-Hnp-Log
X-IN-SSL-APIGATEWAY
X-IN-WAF
Node
X-Irp-Debug
X-Info
X-Cache-Info
X-Goog-Meta-Goog-Reserved-File-Mtime
BehaviorPad-Version
Cache-Prefix
X-Gen-Mode
X-CF-Lambda-Fn
X-Generated-In
Meta-Geo-Continent
X-Cache-URL
Powered-By
Arc-Country
OT-Force-Account-Verify
X-Rebelmouse-Cache-Control
X-Twitter-Response-Tags
X-UE-Client-Country
X-Origin-Date
X-User
X-TT-LOGID
X-Trv-Group
CACHE
Viewtype
VivaBuild
X-Transaction
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
X-B-Cookie
X-Request-UUID
X-Accel-Expires-Debug
X-ARC
X-Aed
Www
X-Reboot
X-Region-Sid
X-VG-WebServer
X-We-Are-Hiring
X-Amz-Meta-Cache-Control
X-Rewrite-Enabled
X-Cache-Bucket
X-Auto-Login
X-ScT
Rendered-Blocks
X-PHP-Host
X-Server-By
X-PAYTM-SRV-ID
X-Pc-Subdomain
X-Application
X-SRCache-Key
X-Origin-Expires
Resin-Trace
X-S-Cookie
X-S-Maxage
X-BB-ID
X-Server-Group
X-Rojux
X-Block-Status
Xc-Version
X-Via-CDN
X-Backend-Host
Lfy
Server-Host
Magicmarker
Is-Eu
SD-X-WS
X-D
X-Alternate-Cache-Key
Thinkindot-CacheControl-Type
X-A-Wwc
True-Client-Country-4JS
Thinkindot-Control
X-Bip
X-Cache-Grace
Platform
X-Cache-Debug
Proxy-Connection
On-Server
X-Backend-Url
Request-Time
X-A-Ccd
Thinkindot-CacheControl
X-A-Dam
Web-Mar-Node
X-A-Dgt
X-Debug-Cookies
X-A-Dcw
X-Actual-URL
X-Shopify-Stage
X-Server-IP
X-Secret
X-Via-NSCOPI
X-Server-Time
X-Sf
X-Croise-Owner
X-Returned-From-PostProcessResponse
X-Returned-From-DLL
X-Request-URI
X-Proxy-Upstream
X-Response-By
X-Returned-From
X-Returned-From-BeforeDispatch
X-ShardId
X-ShopId
X-Thinkindot-L3
X-Thanos
X-Variation
X-Varnish-Action
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Swa-Ws
X-Svr
X-A
X-Time
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Stale
X-Proxy-Cache-Status
X-Policy
Content-Disposition
X-Gannett-Site-Version
Backend
X-Generated-On
X-Hash
X-GeoIP-Country-Code
X-G
Fastly-Backend-Name
X-Distributor
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Fastly-Cache
X-FireWall-Port
Ajk
Adler-Geo
X-Passed-To-BeforeDispatch
X-Passed-To
X-Passed-To-DLL
X-Passed-To-PostProcessResponse
X-Platform
X-NX-Host
X-Node-Id
X-Level-Front-Cache
X-LAGOON
X-Location
X-Logtrace-Id
X-Matched-Rule
X-Debug-Log
Mn-Server-Ip
X-R9-Blue-Green-Version
X-HS-Cache-Config
Warning
X-Sucuri-Cache
X-Key
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Heartbleed
X-Debug-Cache-Expiry
X-Crawler
Fastly-Soc-X-Request-Id
X-VWS-Id
Kp-EeAlive
X-CGP
X-Clientip
X-CUA
HA-Ipaddr
X-Generation-Time
GW-Server
CDCHOST
X-Nginx-Cache-Key
X-Fstrz
Countrycode
X-Eu-Site
AKAMAI
Ha-Gx-Prefs
X-Instart-Isnd
IsBot
Origin
X-Core-Mission
X-No-Session
X-SERVER
RNT-Time
X-Amz-Meta-Surrogate-Control
RNT-Machine
X-Backend-State
X-Varnish-Authentication
X-Var-Ttl
Server-Cache-Control
X-Qloud-Router
Version
Who
X-Dc
X-RateLimit-Remaining-Second
Server-Surrogate-Control
X-RateLimit-Limit-Second
Release
X-Up
Pramga
X-SIPLIST1
X-Cache-Expires
X-Cache-ASPX
X-AWS-Id
X-LJ-Flow-ID
X-C
X-Newrelic-App-Data
X-Varnish-Url
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-MSEdge-Features
X-Servername
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-MSEdge-Flight
Fastly-SSL
X-UnsetCookies
Server-Int
Apple-News-Services-Handled
X-Page-Type
Apple-News-Services-Host
X-Core-Value
Pagetype
X-F5-Cache
X-Developers
PFcat
REQUESTUUID
X-Device-Os
Server-ID
SS
X-Cluster-Node
X-Real-Ip
NGX
X-Ratelimit-Remaining
X-Sedo-Request-Id
X-Pjax-Url
RequestId
X-TrackingId
Esi-Enabled
X-Store
X-Cache-Miss-From
X-Refresh
Time
X-CDN-Forward
X-Cache-CFC
X-RCS-CacheZone
X-Layer
X-MI-In-Market
MI-Cache
MI-Cache-Age
MI-API
MIME-Version
X-EIG-Tracking-Id
X-Be
X-NC
FastCGI-Cache
X-B3-SpanId
X-URL
SID
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
HA-Geocity
HA-Host
HA-Servedtime
X-Oss-Request-Id
X-Oss-Server-Time
X-Unique-Id-Primal
X-SN
X-IPS-LoggedIn
X-Mshield-Cache-Status
HA-Georegion
HA-Geolon
X-Oss-Object-Type
X-Mrs-Age
X-Mrs-Cache
HA-Geolat
X-Mrs-Cache-Hits
HA-Geocountry
HA-Cloudapp
HA-Urlpath
X-Geo
X-Ratelimit-Limit
X-Owner
PICS-Label
X-From-Cache
Cteonnt-Length
X-Hyper-Cache
X-CMS-Context
Mime-Version
X-RequestId
Backend-Name
Odigeo-Trace-Id
Cdn
X-Servedbyhost
Memory
CF-IPCountry
X-FPC
X-Webkit-CSP
X-Webkit-Csp
X-WebServer
HTTPS
X-CSRF-TOKEN
X-Req
X-Instart-Info
X-B3-Spanid
X-CLOUD-TRACE-CONTEXT
Cdn-Request-Time
X-Edge-Server
CDN
X-Wa
Cdn-Host
X-Request-Start
X-Phone
Processtime
X-DC
X-Atg-Version
X-Pf-Uncompressing
X-Aicache-OS
Cf-Ipcountry
X-Release
X-WR-MODIFICATION
X-FORWARDED-FOR
Ohc-Response-Time
GeoIP-Country-Code
X-Newrelic-Synthetics
ProcessTime
Hostname
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Mobile-URL
X-Load-Cache
X-HS-Combine-CSS
GeoIP-Latitude
X-Varnish-Beresp-TTL
XServer
Rt-Proxy-Cache
X-Fastly-Country-Code
X-Served-From
X-ND-Cache
X-VServer
Cross-Origin-Window-Policy
URI
X-GZip
X-NodeID
X-Server-W
X-HTML-Minification-Powered-By
X-WA
X-Varnish-Ttl
X-Lb-Id
X-Skip-Cache
X-PF-Uncompressing
X-Unique-Id
X-SRV
X-GoCache-CacheStatus
T-Server
Accept-Ch-Lifetime
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-Token
X-Oracle-Dms-Ecid
X-LB-ID
X-Cdn-Origin
X-Sn-Servicetimems
X-Nananana
V-Age
X-ServedByHost
X-VC-Cache
X-MServer
X-SVT-ORM-VERSION
Proxy-Firewall
X-SVT-ORM-RULES
X-COUNTRY
Ohc-Cache-HIT
X-Worker
Get-Access-Time
Pics-Label
X-Cms-Context
X-APP
Is-Session-Tracking
X-UPSTREAM-Address
X-P-T
X-Datadome
X-Fastly-Cache-Hits
X-Gateway-Cache-Status
X-Gateway-Cache-Key
N-Cache
X-UCC
X-LiteSpeed-Cache-Control
X-Gateway-Skip-Cache
Uber-Trace-Id
X-Check-Cacheable
A
X-HS-Status
ServerName
Amp-Access-Control-Allow-Source-Origin
X-SERVER-NAME
X-CACHE-AGE
X-RCS-Backend
DataCenter
X-Requestid
X-BE
X-Processor
Geoip-Latitude
X-GZIP
X-NGINX-Cache
X-ID
X-PJAX-URL
X-StackifyID
X-Optimization
GeoIp-Country-Code
WZWS-RAY
X-Hp-Webp
X-BBXSRF
X-Org
Dnion-Transfer-Encoding
X-Cache-HT
X-Backend-TTL
X-Vg-Webcache
Cache-Provider
X-Port
WP-Super-Cache
X-PAGE-TYPE
X-Varnish-URL
Requestid
X-Via-SSL
X-Csrf-Token
X-Via-Edge
Cneonction
X-GDPR
X-Fe
Serverid
X-NWS-UUID-VERIFY
X-ServerName
Server-Id
X-LiteSpeed-Tag
X-Instance-Name
X-HostName
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Gdpr
X-Dw-Trace-Id
RequestUuid
X-Planisys-CDN-Rules
Pragrma
X-Git-Hash
X-Front
X-Cache-Ttl
X-VCT
X-GeoIP-City
Correlation-Id
Request-Country
Accept-Language
X-RAMCache
DSUID
X-Akamai-Request-ID2
409pxxline
355prline
X-VarnPar1
Xxline
X-VarnCache
X-PARISIEN-Cache-Rendered
352pxline
286prxHost
178proxuri
X-Request-Url
X-CS
188prxHost
189phosttRef
225prxHost
219prxHost
Request-EU