Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
Last-Modified
X-Content-Type-Options
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
Link
ETag
X-XSS-Protection
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Id
X-Served-By
Referrer-Policy
X-Varnish
X-Timer
X-Request-Id
CF-Cache-Status
X-AspNet-Version
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Runtime
X-Download-Options
Access-Control-Allow-Credentials
X-Drupal-Cache
X-Cacheable
Alt-Svc
X-Check
X-Generator
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Cache-Status
X-AspNetMvc-Version
Status
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-FRAME-OPTIONS
Content-Encoding
X-Iinfo
X-Content-Security-Policy
X-CDN
X-Buckets
X-Turbo-Charged-By
Upgrade
X-Type
WPE-Backend
Keep-Alive
X-Pass-Why
X-Cache-Group
X-AH-Environment
CF-Ray
Xkey
P3p
X-Backend
Access-Control-Max-Age
X-Age
Access-Control-Expose-Headers
X-Via
X-Drupal-Dynamic-Cache
EagleId
X-Nginx-Cache-Status
X-Pingback
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Server
X-Hacker
Grace
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Kinja-Server-Push
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-Robots-Tag
Cf-Railgun
X-Proxy-Cache
X-Envoy-Upstream-Service-Time
X-LiteSpeed-Cache
X-Page-Speed
X-Ua-Compatible
Request-Context
X-Device
X-Ac
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Content-Location
X-Cache-Lookup
X-Amz-Version-Id
X-WebKit-CSP
X-Response-Time
X-Host
Surrogate-Control
X-Rq
X-OneAgent-JS-Injection
X-Cnection
X-Node
X-Backend-Server
X-Readtime
Server-Timing
X-Rack-Cache
Report-To
X-Server-Id
Request-Id
EagleEye-TraceId
X-Application-Context
Feature-Policy
X-Cloud-Trace-Context
X-ORACLE-DMS-ECID
X-Instart-Request-ID
X-CST
X-Iejgwucgyu
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Edge-Control
NEL
Rating
X-Country
X-Url
X-Server-Name
X-Varnish-TTL
X-MS-InvokeApp
X-Px
X-DataDome
Allow
X-DynaTrace
Pinterest-Generated-By
X-Country-Code
X-TTL
X-Origin-Cache
X-Vhost
X-TtlSet
X-PC
X-Vname
X-Cached
X-FTR-Request-ID
X-Server-ID
RTSS
X-ESI
X-Ruxit-JS-Agent
X-Goog-Hash
SPRequestGuid
X-VARITI-CCR
Charset
X-Trace
X-Powered-By-Plesk
X-Powered-CMS
X-SharePointHealthScore
Accept-CH
X-DynaTrace-JS-Agent
X-GitHub-Request-Id
X-Dispatcher
X-T
Public-Key-Pins
X-D2id
X-Mod-Pagespeed
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-F-Cache
Content-MD5
Verso
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Oracle-Dms-Rid
X-B3-TraceId
X-Version
MS-Author-Via
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-Recruiting
X-Dns-Prefetch-Control
X-Abt-Application-Version
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Client-IP
X-Forwarded-Proto
X-HW
Accept-CH-Lifetime
X-DIS-Request-ID
X-N
X-Navigation-Version
AR-ATIME
AR-CACHE
AR-PoweredBy
Pinterest-Version
X-Upstream-Env
X-Pinterest-Rid
X-Amz-Rid
X-B
X-ORACLE-DMS-RID
X-Upstream
X-Fastly-Request-ID
X-Dw-Request-Base-Id
DynaTrace
X-Origin-Upstream-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ser
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
Fastly-Restarts
X-Hits
TCN
Realpath
Paypal-Debug-Id
X-Wix-Server-Artifact-Id
X-Accel-Buffering
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Content-Options
Arr-Disable-Session-Affinity
Service-Worker-Allowed
X-NF-Request-ID
X-Pad
X-Acc-Meta-Resource-Type
X-Goog-Storage-Class
Tracecode
Access-Control-Request-Method
S
X-Content-Digest
X-Id
X-Debug
X-Varnish-Age
Front-End-Https
X-Oneagent-Js-Injection
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Vcap-Request-Id
X-MSEdge-Ref
X-Use-Magma
X-Frontend
X-IPLB-Instance
X-RateLimit-Remaining
Edge-Cache-Tag
X-ATG-Version
X-FTR-Balancer
X-PressLabs-Stats
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Expires
X-FTR-Backend-Server
X-Kinsta-Cache
X-Amz-Cf-Pop
X-Logged-In
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-Cache-Hit
Surrogate-Key
X-Sol
X-Middleton-Display
Display
X-Forwarded-For
Rt-Fastcgi-Cache
Fastcgi-Cache
X-FastCGI-Cache
X-Request-Received
Powered-By-ChinaCache
X-Request-Processing-Time
X-B3-TraceId-Primal
X-Edge-Location
X-Zen-Fury
X-Analytics
Backend-Timing
X-Litespeed-Cache
X-Webkit-Csp
Ar-Sid
Server-Name
X-Rid
X-Amzn-Trace-Id
X-Debug-Info
X-Revision
Host
X-User-Agent
TP-L2-Cache
X-FTR-Cache-Host
TP-Cache
FilterID
X-Akam-SW-Version
AMP-Access-Control-Allow-Source-Origin
X-CF-Powered-By
X-Middleton-Response
Response
X-HS-Cache-Config
X-TA-CDN-Provider
X-Mobile
X-Grace
X-Cache-Key
X-Drupal-Cache-Tags
AR-Request-ID
X-SS-Set-Cookie
X-NewRelic-App-Data
X-Magnolia-Registration
X-Newrelic-App-Data
X-SERVER
X-Ttl
Cache-Status
X-Accel-Expires
Refresh
X-Fastcgi-Cache
X-Cached-By
Host-Header
X-GUploader-UploadID
X-B3-Sampled
ServerID
X-Varnish-Backend
X-AOL-HN
X-Webkit-CSP
X-Node-Name
X-Content-Security-Policy-Report-Only
X-Cluster
X-FB-Debug
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-NWS-LOG-UUID
X-Akamai-Edgescape
X-Signature
X-Platform-Server
X-Cache-Control
X-Whom
X-Cache-2
X-B-Cache
Eomportal-Instance
X-Varnish-Hostname
X-Page-Id
X-App-Environment
X-Device-Type
X-BCube-Filmed-By
X-VCache
X-Framework
X-Ruxit-Js-Agent
X-LB-Cache
X-Generated-By
X-Handled-By
Cleartype
Cache-Tag
X-Srv
X-Request-Guid
X-Activity-Id
X-Cache-Rule
X-AppVersion
X-Az
X-Drupal-Cache-Contexts
DC
Liferay-Portal
X-Cache-Action
X-Via-JSL
X-App-Server
X-WPE-Loopback-Upstream-Addr
X-Cache-Server
Source
X-Content-Powered-By
Alternate-Protocol
MS-CV
Retry-After
Public-Key-Pins-Report-Only
X-App-Version
X-Hostname
X-HS-Combine-CSS
X-Varnish-Grace
X-Geo-Country
HostName
X-Correlation-Id
X-WA-Info
X-Esi
X-Amz-Replication-Status
X-Varnish-Server
X-Wix-Request-Id
X-TT
X-Seen-By
ViewerVersion
Accept-Charset
Server-Node
Pagespeed
X-Daa-Tunnel
X-URL
Webserver
Upgrade-Insecure-Requests
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Response-Served-From
X-Geo-Segment
AsisCache
X-WebKit-CSP-Report-Only
X-Cache-NE
X-Amzn-RequestId
SRV
Actual-Object-TTL
X-Locale
X-GeoIP
X-Amz-Apigw-Id
AR-SID
GEO-INFO
X-RequestSource
X-Jobs
X-Varnish-Hits
ServedBy
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Edge-Cache
Viewport
X-Contextid
X-FW-Static
X-FW-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UUID
X-Servedby
X-S
Payment
X-Edge-Cache-Key
X-Status
X-Varnish-IP
X-TX-ID
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-Origin-Server
X-TT-TIMESTAMP
X-Cache-TTL-Remaining
X-Vg-Webcache
Cache
X-Correlation-ID
S-Cnection
X-Hyper-Cache
X-Forwarded-Host
X-Amz-Server-Side-Encryption
X-Cache-Operation
X-Cache-Age
X-RateLimit-Limit
Datacenter
Server-Info
X-XRDS-LOCATION
CACHE
X-Real-IP
X-Region
Served-By
X-Akamai-Request-ID2
X-Mode
X-Sucuri-ID
X-CLOUD-TRACE-CONTEXT
Access-Control-Allow-Method
X-GRACE
X-DataStream-Cache-Status
Country
Healthy
From-Origin
X-Content-Type
X-Path-Route
Fastcgi-X-Cache
X-Upgrade-Enabled
X-Rendered-As
X-L-Path
X-Proxy
X-Proxied
X-Is-Bot
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Environment-Context
X-Zipkin-Id
X-JoinUs
X-Routing-Service
X-Generated
Fastcgi-X-Cache-Version
X-RN-RSRV
X-Rule
Meta-Geo
X-Ocache
Machine
X-Site-Version
X-Cache-Config
X-Grey
X-Via-CDN
X-Birta-Cache-Post
X-Hosted-By
X-Amz-Meta-Surrogate-Control
X-NGENIX-Cache
X-Format
X-Section
X-Cache-Category-Id
X-Agile
X-CDN-Cache
X-Birta-Served
X-EIG-Tracking-Id
DB-Nickname
X-Human
X-Viewer-Country
Fastcgi-Useragent
Now
L5d-Success-Class
X-Request-Time
X-Agile-Id
X-Agile-Age
X-Akamai-Transformed
X-Access
X-Ezoic-Cdn
Webcakes-Region
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
S-Rt
Cache-Name
TWC-Privacy
Property-Id
TWC-Connection-Speed
OT-Force-Account-Verify
X-Labrador-Cache-Channel
X-Pc-Appver
X-Origin-Hint
X-CCM
X-OCL
X-Pc-Hit
X-Tb
X-Via-Fastly
X-PCL
X-Pc-Key
X-TNCMS
X-Microcachable
X-ServerID
X-Loop
X-FC-Vary-Parameters
X-Hit
Xserver
X-Cluster-Node
X-Xfnlog-Site
X-ProcessESI
X-Web-Node
X-Upstream-CT
X-VG-TLSProxy
X-IP
X-BYPASS-REASON
X-Upstream-HT
X-Origin
X-Pubstack
X-ProxyCache-Key
X-RemovedCookies
X-Original-Request
X-OVcl-Cache
HitInfo
X-OVcl
X-ProxyCache-Status
HitType
Azure-Version
Azure-RegionName
X-Cdn
Azure-SlotName
Azure-InstanceId
Azure-SiteName
X-Proxy-Build
X-ShopId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Www-Served-By
X-ShardId
X-TIME
Mn-Server-Ip
X-Timing-Wait
LB
Origin-Edge-Control
Accept-Language
Selected-FE
Origin-Cache-Control
X-SplitTest
X-App-Name
X-LJ-Flow-ID
X-RTag
X-Connection-Hash
X-Geo
X-Rocket-Nginx-Bypass
Ms-Operation-Id
X-AWS-Id
X-VWS-Id
X-Transaction
X-Twitter-Response-Tags
NGB
X-Cache-Enabled
X-TWH-CORRELATION-ID
X-Cdn-Forward
Content-Style-Type
Access-Control-Request-Headers
IBM-Web2-Location
Content-Script-Type
X-Source
Filters
X-Unique-ID
Cache-Hits
X-NodeID
Time
X-Cache-Remote
X-Internal-Host
X-Guploader-Uploadid
X-NCache
X-Real-Ip
X-Nginx-Cache
X-Tumblr-Pixel-3
X-Port
X-Pc-Date
X-Origin-CC
X-Pc-Host
X-CACHE-KEY
X-Ms-Blob-Type
X-Ms-Lease-Status
X-Ms-Request-Id
X-Ms-Version
X-MP-GENERATED-AT
Mail-Subject
X-Proto
We-Hiring
X-UA
X-Cache-TTL
NtCoent-Length
X-UA-Device-Type
X-Edge-IP
X-Storage
X-Distil-CS
Backend
X-Debug-Cache
X-Varnish-Cacheable
X-Vgn-Hpd-Reason
X-PHP-Backend
X-Time-Microsecs
X-Ua
X-APP-VERSION
PageSpeed
X-Webstats-RespID
X-Backend-Name
Cache-Tags
X-CACHE-GROUP
X-Akamai-Request-ID
X-Csrf-Token
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Varnish-Cache-Hits
User-Agent
X-Ratelimit-Limit
X-Endurance-Cache-Level
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-EdgeConnect-Cache-Status
X-Dc
Warning
X-B3-Spanid
X-Nc
X-Redis-Cache
X-ApacheServer
X-PERF
X-Sucuri-Cache
X-Mrs-Age
X-ElasticPress-Search
Fastly-SSL
X-C
X-Mshield-Cache-Status
X-Mrs-Cache
X-Origin-Response-Time
X-Mrs-Cache-Hits
X-CACHE-AGE
Cache-Prefix
SN
Powered-By
Content-Disposition
X-CGP
Server-Host
X-Died
X-Developer
X-Destination
Ajk
X-DPWN-IS-SECURE
X-F5-Cache
X-External-Request-Id
X-Eu-Site
Resin-Trace
Rt-Proxy-Cache
X-Debug-Cookies
BehaviorPad-Version
X-Date
Arc-Country
X-Debug-Log
X-CF-Lambda-Version
Rendered-Blocks
X-D
UCS
X-Fetched-On
X-A-Dam
HA-Geolon
HA-Georegion
HA-Geolat
HA-Geocountry
X-Application
Meta-Geo-Continent
HA-Cloudapp
HA-Geocity
Ha-Gx-Prefs
HA-Host
X-Accel-Expires-Debug
X-Aed
X-Amz-Meta-Cache-Control
HA-Servedtime
X-A-Wwc
X-A-Dgt
HA-Ipaddr
X-A-Dcw
MD5-Digest
GMS-Ver
X-B-Cookie
X-BB-ID
X-Backend-Url
Fly-Cache
Fly-Request-Id
X-BBXSRF
X-Cache-Bucket
X-Cdn-Origin
TSSecure
X-Cache-Host
Ec-Rule-Version
HA-Urlpath
V-Age
X-A
FSS-Cache
FSS-Proxy
X-A-Ccd
Mobile-Detection-Method
VivaBuild
X-Backend-Host
Odigeo-Trace-Id
Viewtype
X-CF-Lambda-Fn
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Ttl
X-VG-WebServer
X-Region-Sid
X-UE-Client-Country
X-PAYTM-SRV-ID
X-Org
X-Logtrace-Id
X-Via-Edge
X-NX-Host
X-Trv-Group
X-Rewrite-Enabled
X-SRCache-Key
X-Server-Time
X-Sn-Servicetimems
X-Server-By
X-ScT
X-Rojux
X-S-Cookie
X-Store
X-Croise-Owner
X-Via-SSL
X-IN-WAF
X-Hash
X-IN-SSL-APIGATEWAY
X-IN-APIGATEWAY
Xc-Version
X-GeoIP-Country-Code
X-Irp-Debug
X-Cache-Backend
X-G
X-Generated-In
X-From
Cache-Key
X-Thinkindot-L3
X-Trace-Id
X-ABtesting
X-We-Are-Hiring
X-Cache-URL
RNT-Time
Server-ID
X-User
X-VServer
X-SIPLIST1
X-Wikidot-Backend
Thinkindot-CacheControl-Type
X-Wikidot-Static-Cache
X-Via-NSCOPI
Thinkindot-CacheControl
X-UnsetCookies
Thinkindot-Control
X-V
X-Var-Ttl
X-Worker
X-Request-URI
X-Clientip
X-Key
X-Layer
X-Location
X-MServer
X-Matched-Rule
X-Core-Value
X-Hl-Ver
X-Epic-Correlation-Id
X-FW-Version
X-Dispatcher-Server
X-GeoIP-City
X-Hello
X-Developers
X-Cache-Id
X-No-Session
X-Request-Start
X-Auto-Login
X-Flog
X-Response-By
X-Server-IP
X-S-Maxage
X-Release
X-Reboot
X-Platform
RNT-Machine
X-Backend-State
X-Qloud-Router
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-ServiceProvider
Www
Memcached
Fastly-SIE
Decoy-Debug-Status
Origin
Decoy-Debug-Key
IsBot
Fastly-Soc-X-Request-Id
GW-Server
Heartbleed
Frame-Options
Fastly-SWR
Countrycode
Decoy-Debug-TTL
Apple-News-Services-Request-Url
Release
Apple-News-Services-Parsed-Url
Pramga
X-Dynatrace-Js-Agent
AKAMAI
Apple-News-Services-Handled
Country-Code
Apple-News-Services-Host
X-Datadome
X-NC
Version
X-Oss-Object-Type
Backend-Name
X-Gen-Mode
X-Returned-From
X-Oss-Hash-Crc64ecma
X-Goog-Meta-Goog-Reserved-File-Mtime
Adler-Geo
X-Distributor
X-Fastly-Cache
X-Returned-From-PostProcessResponse
X-Stale
X-Returned-From-BeforeDispatch
X-Returned-From-DLL
X-Gannett-Site-Version
X-Up
X-Passed-To-BeforeDispatch
X-Passed-To-DLL
X-Passed-To
X-P-T
X-WebServer
X-Owner
X-Passed-To-PostProcessResponse
X-Variation
X-Varnish-Action
X-VCT
X-Powered-By-ANYU
X-Policy
X-Phone
X-RCS-CacheZone
X-Node-Id
X-Nginx-Cache-Key
X-Instance-Name
Pagetype
X-Info
X-Oss-Request-Id
X-Hnp-Log
Cache-Cookie-Set-From
X-Li-Fabric
X-Li-Pop
X-MI-In-Market
X-Oss-Storage-Class
X-Oss-Server-Time
X-LI-UUID
X-LI-Proto
X-Request-UUID
X-Device-Os
MI-Cache
X-SVT-ORM-VERSION
WZWS-RAY
MI-Cache-Age
Web-Mar-Node
Magicmarker
Kp-EeAlive
X-Thanos
X-Served-From
X-Swa-Ws
Cache-Cookie-Set-Idcheck
Is-Eu
X-Sf
On-Server
Server-Int
X-Newrelic-Synthetics
Request-Country
Request-EU
Section-Io-Cache
X-SVT-ORM-RULES
Pragrma
User-Cache-Control
Uber-Trace-Id
Platform
True-Client-Country-4JS
X-Sentry-ID
X-Actual-URL
Esi-Enabled
X-Bip
X-Block-Status
X-Cache-Expires
Cache-Cookie-Set-Lfrom
X-Secret
X-Cache-Debug
X-Core-Mission
Fastly-Backend-Name
X-Crawler
X-CUA
X-NWS-UUID-VERIFY
X-CDN-Forward
X-HOST
X-MSEdge-Flight
Proxy-Connection
X-Cache-CFC
MI-API
X-NODE
X-Fstrz
X-Cache-FS-Status
CDCHOST
X-DC
X-TT-LOGID
X-Refresh
REQUESTUUID
X-MSEdge-Features
X-Parent-Response-Time
X-Page-Type
X-SN
V-Cache
HTTPS
RequestId
X-Backend-TTL
Group
Cteonnt-Length
X-Unique-Id-Primal
X-Pjax-Url
Who
X-Servername
X-Cache-Srv
X-Be
X-Kong-Upstream-Latency
X-Req
X-Kong-Proxy-Latency
MIME-Version
Fusion-Source
X-Time
X-Ms-Lease-State
NodeID
X-Oracle-Dms-Ecid
Fusion-Content-Id
X-GZip
Fusion-Content-Source
Amp-Access-Control-Allow-Source-Origin
Fusion-Template-Id
Fusion-Component-Id
ProcessTime
Memory
X-Origin-TTL
Cdn
Mime-Version
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-BB-IP
X-Servedbyhost
SS
X-Ckpd-Fst-Backend
X-Server-Group
X-Aicache-OS
CF-IPCountry
X-Protected-By
X-ND-Cache
X-Content-Age
SD-X-WS
X-Wa
X-COUNTRY
GeoIP-Country-Code
GeoIP-Latitude
X-SRV
CDN
A
X-Varnish-Beresp-TTL
PageType
X-Origin-Expires
X-Origin-Date
Is-Session-Tracking
X-APP
Get-Access-Time
XServer
X-Pf-Uncompressing
X-Varnish-Url
X-B3-Traceid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Origin-Host
GeoIp-Country-Code
Geoip-Latitude
X-Unique-Id
X-Fastly-Country-Code
X-StackifyID
Serverid
PICS-Label
X-RateLimit-Limit-Second
X-Generation-Time
X-Requestid
X-RateLimit-Remaining-Second
X-Cache-Info
X-WA
X-CSRF-Token
Processtime
X-Ratelimit-Remaining
Node
X-Fastly-Cache-Hits
X-PHP-Host
X-Gdpr
X-FireWall-Port
X-Nananana
Nel
X-ID
X-Load-Cache
X-Proxy-Cache-Status
X-Proxy-Upstream
Cf-Ipcountry
Vix-Hermes-Req-Id
X-Check-Cacheable
X-CS
URI
DataCenter
X-EC-Security-Audit
X-SERVER-NAME
X-RequestId
X-GEO
Cache-Tv-Group
X-HS-Status
X-UPSTREAM-Address
X-Server-W
X-ServedByHost
X-FORWARDED-FOR
Hostname
Cache-Provider
T-Server
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
NGX
X-GZIP
X-BACKEND-TTL
X-Surge-Debug
X-NGINX-Cache
X-Vcache
X-HTML-Minification-Powered-By
X-HTML-Edge-Cache
Request-Time
X-WR-MODIFICATION
X-Fastly-Backend-Reqs
WP-Super-Cache
X-Qnm-Cache
X-B3-SpanId
X-M-Reqid
X-M-Log
X-DataStream-Origin-MEX-Latency
X-Micro-Cache
X-VG-WebCache
X-PF-Uncompressing
X-DataStream-MidMile-RTT
X-Fe
X-BE
PFcat
Host-ID
X-Atg-Version
X-Front
X-ServerName
Https
ServerName
X-Debug-Cache-Expiry
Requestid
Load-Balancing
X-Debug-Cache-Store
X-GDPR
X-PJAX-URL
X-IPS-LoggedIn
X-Debug-Cache-Fetch
X-Alicdn-Da-Ups-Status
RequestUuid
X-Amz-Meta-S3b-Last-Modified
X-Akamai-SSL-Client-Sid
X-Skip-Cache
X-Distil-Cs
X-PAGE-TYPE
X-ARC
X-VC
N-Cache
X-PARISIEN-Cache-Rendered
X-Svr
X-SB
X-VarnCache
X-From-Cache
WebServer
X-Cache-Ttl
X-VarnPar1
X-FB-TRIP-ID
X-Generated-On
X-Cdn-Srv
Pics-Label
X-Instart-Info
X-Level-Front-Cache
X-VarnPar2
X-Swift-Error
X-Serial
Lfy
X-Proxy-Server
X-RAMCache
X-Dw-Trace-Id
Cdn-Src-Port
SID
X-Gen-Id
X-Grace-Duration
X-Feature
Build-Number