Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Backend
X-Age
X-Cache-Group
X-Request-ID
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Pass-Why
Request-Id
X-DataDome
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
NEL
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cloud-Trace-Context
X-Cnection
X-Px
X-Rack-Cache
X-Url
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-Vname
MS-Author-Via
X-PC
X-TtlSet
Accept-CH
X-Powered-By-Plesk
Verso
X-Ttl
X-DynaTrace
Public-Key-Pins
Accept-CH-Lifetime
X-GitHub-Request-Id
Service-Worker-Allowed
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-B3-TraceId
Response
X-Middleton-Display
Pagespeed
Display
X-Middleton-Response
Arr-Disable-Session-Affinity
X-Sol
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Cached
X-CST
X-Amz-Rid
TCN
Pinterest-Generated-By
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Accept-Ch
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-ESI
X-Version
AR-PoweredBy
AR-Request-ID
X-MSEdge-Ref
AR-ATIME
Access-Control-Request-Method
X-Grace
Nginx-Cache
X-FastCGI-Cache
Accept-Ch-Lifetime
AR-CACHE
Ar-Sid
Charset
S
X-Debug
X-Upstream
SPRequestDuration
X-Powered-CMS
SPIisLatency
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
Content-MD5
X-Pinterest-Rid
Realpath
Pinterest-Version
Nel
X-Trace
MRF-Tech
X-Element-Page-Cache
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-Hp-Webp
X-Jurisdiction
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Kinsta-Cache
X-Content-Digest
X-XRDS-Location
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Request-Received
X-Request-Processing-Time
X-Frontend
Edge-Cache-Tag
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
Server-Node
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-Cache-Hit
X-FTR-Backend-Server
X-Cache-Age
TP-Cache
TP-L2-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Front-End-Https
Server-Name
ServerID
DynaTrace
X-Forwarded-For
X-Hostname
X-Amzn-Trace-Id
X-Cache-Key
Fastly-Restarts
Arc-Version
PB-PID
PB-RID
X-Zen-Fury
X-DIS-Request-ID
Powered
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Revision
X-Mobile-Rewrite
X-User-Agent
X-Akamai-Edgescape
X-Hits
X-LB-Cache
X-Oneagent-Js-Injection
X-Cdn
X-F-Cache
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Page-Id
X-Jobs
Accept-Charset
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-FTR-Cache-Host
Filters
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Via-JSL
MicrosoftSharePointTeamServices
X-Yandex-Sdch-Disable
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Origin-Server
X-TTL
X-Varnish-Age
X-B
X-Ruxit-Js-Agent
Alternate-Protocol
X-N
X-Ser
X-Rid
X-Erf-Bev-Bev-Is-Generated
X-Daa-Tunnel
X-Erf-Bev-Bev
X-Varnish-Backend
X-Correlation-Id
Host-Header
X-Esi
X-AppVersion
X-WebKit-CSP-Report-Only
DC
Cache-Tags
X-Az
X-ATG-Version
X-Activity-Id
X-App-Server
X-Amz-Replication-Status
Paypal-Debug-Id
X-Server-ID
X-FB-Debug
X-Debug-Info
Frame-Options
Actual-Object-TTL
Retry-After
X-Git-Hash
X-Type
X-App-Environment
Section-Io-Cache
X-Whom
X-B-Cache
X-Contextid
X-Signature
X-TT
X-Varnish-Grace
X-Fastcgi-Cache
X-Request-Guid
Surrogate-Key
X-Edge
Fastcgi-Useragent
X-Status
X-Content-Options
X-AOL-HN
Host
Healthy
X-XRDS-LOCATION
X-Seen-By
X-Cache-Action
Source
X-Pinterest-Direct
X-URL
X-RateLimit-Remaining
X-Host-Name
Refresh
X-HTML-Minification-Powered-By
X-B3-Sampled
X-IPLB-Instance
X-Endurance-Cache-Level
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Upgrade-Enabled
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-Accel-Buffering
X-Litespeed-Cache
X-RemovedCookies
X-Response-Served-From
X-Cache-Rule
X-ProcessESI
X-Drupal-Cache-Tags
X-Cache-Operation
WPE-Backend
NR-ENABLED
VIX-Pulpo-Upstream-Status
X-Rule
VIX-Pulpo-Node
X-Region
X-Amz-Apigw-Id
X-Mid
Odigeo-Trace-Id
X-MCACHE
X-Environment-Context
X-Cacheable-TTL
Payment
MS-CV
X-L-Path
Eomportal-Instance
X-Cache-Control
X-UUID
X-Amzn-RequestId
X-FW-Dynamic
Datacenter
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Type
X-Is-Bot
X-APP-VERSION
Cache-Status
X-Rendered-As
X-Cache-Time
X-Varnish-Server
X-Adobe-Loc
X-WA-Info
X-Adobe-Content
X-Protected-By
Srv
Countrycode
Xserver
X-GeoIP
X-VCache
NGB
Content-Disposition
X-Wix-Request-Id
X-RequestSource
X-SERVER-NAME
X-Cluster
X-Correlation-ID
X-PressLabs-Stats
X-Cache-Server
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-Cached-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Akamai-Request-ID2
Uber-Trace-Id
X-UnsetCookies
Version
X-Origin-Response-Time
X-IPS-LoggedIn
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Tumblr-Pixel-2
X-Time
X-Tumblr-Pixel-1
X-Unique-Id
X-Load-Cache
X-Mode
X-Mobile
X-Handled-By
X-Presslabs-Stats
Filterid
X-Proxy
Access-Control-Request-Headers
X-PHP-Backend
X-Cache-Remote
Liferay-Portal
X-FireWall-Port
Cross-Origin-Window-Policy
X-Framework
Meta-Geo
X-No-Session
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-UA-Device-Type
X-Via-Fastly
X-Path-Route
X-Viewer-Country
X-Cache-Var
X-CCM
X-Cache-Status-Check
X-Adobe-Source
X-Backend-Name
X-Time-Microsecs
X-Storage
Fastly-SSL
X-Azure-Ref
Upgrade-Insecure-Requests
X-Www-Served-By
Decoy-Debug-Key
DSUID
Decoy-Debug-TTL
X-Site-Version
Decoy-Debug-Status
X-VWS-Id
X-PCL
X-LJ-Flow-ID
X-Locale
Accept-Language
X-AWS-Id
X-NGENIX-Cache
X-ApacheServer
X-Redis-Cache
X-MP-GENERATED-AT
X-PERF
X-Pubstack
Akamai-GRN
Cache-Hits
X-OCL
ServedBy
Cache-Name
X-Cache-NGX
X-SayCDN-TTL
X-R9-Blue-Green-Version
X-NCache
X-Info
X-Human
X-Real-IP
X-RTag
X-Web-Node
X-TX-ID
X-Say-TTL
X-Say-Cacheable
X-FW-Version
X-Cache-Config
Origin-Edge-Control
Origin-Cache-Control
Now
Mn-Server-Ip
Section-Io-Id
Section-Io-Origin-Status
Webserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Cleartype
Ms-Operation-Id
Cache
TWC-GeoIP-LatLong
X-Origin-Hint
X-Origin
TWC-Locale-Group
TWC-GeoIP-Country
X-Proxied
Webcakes-App-Name
X-ProxyCache-Key
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
S-Rt
X-UPSTREAM-Address
X-Hl-Ver
X-Hyper-Cache
Property-Id
X-Loop
X-Format
X-Cache-Enabled
Webcakes-App-Version
X-ProxyCache-Status
X-BYPASS-REASON
X-Access
X-Device-Type
X-Bc-Bl
X-Xfnlog-Site
X-Zipkin-Id
X-CS
X-TNCMS
X-FC-Vary-Parameters
X-Routing-Service
X-ServerID
X-Section
X-NewRelic-App-Data
Webcakes-Region
X-BCube-Filmed-By
Selected-Fe
X-Amzn-Remapped-Content-Length
X-EIG-Tracking-Id
X-FB-TRIP-ID
X-Alternate-Cache-Key
X-Generated
X-Detected-As
X-From
X-JoinUs
X-ShardId
X-Goog-Meta-Goog-Reserved-File-Mtime
DB-Nickname
X-ShopId
X-Shopify-Stage
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Proxy-Build
X-SaId
X-NYM-Debug-Backend
X-NWS-UUID-VERIFY
Ec-Rule-Version
X-IP
X-Source
X-Hosted-By
Azure-RegionName
Azure-InstanceId
X-Varnish-Cache-Hits
Azure-SlotName
Country
Azure-SiteName
Azure-Version
X-Content-Age
Load-Balancing
X-Cluster-Node
X-Old-Content-Length
X-Qloud-Router
X-Labrador-Cache-Channel
X-PHP-Host
SD-X-WS
X-Cache-NE
X-Air-Hostname
Cache-Tv-Group
User-Agent
X-Geo
X-CSRF-Token
X-Varnish-Hostname
X-Vcache
Time
X-Cache-Host
X-Backend-TTL
X-Pad
X-CDN-Forward
FilterID
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
S-Cnection
X-EC-Lua
X-Parent-Response-Time
X-Cache-2
X-Cache-Backend
X-Release
X-Urbn-Context-Path
X-RCS-CacheZone
Locale
X-Urbn-Site-Id
X-Webkit-CSP
Server-Info
X-Ua
X-RateLimit-Limit
X-Proxy-Cache-Status
X-Akamai-Request-ID
X-Cache-Grace
X-Microcachable
X-Forwarded-Host
X-UA
X-Tumblr-Pixel-3
X-NC
X-Debug-Cache
Tracecode
X-FORWARDED-FOR
NGX
X-SRV
OT-Force-Account-Verify
Proxy-Connection
X-Soup
X-Dc
X-Tb
Sid
X-TIME
X-A-Dam
X-A-Dcw
Rendered-Blocks
X-A-Dgt
Mobile-Detection-Method
M-TraceId
Pagetype
Machine
X-Proto
MD5-Digest
X-A-Ccd
Content-Script-Type
BehaviorPad-Version
AsisCache
True-Client-Country-4JS
Content-Style-Type
UCS
Fastcgi-X-Cache-Version
Meta-Geo-Continent
T-Server
Server-Host
Who
VivaBuild
ServerName
Viewtype
Arc-Country
GEO-REGION-INFO
X-Level-Front-Cache
X-ScT
X-Scheme
X-ServiceProvider
X-Session-Fingerprint
X-SRCache-Key
X-S-Cookie
X-S
X-Region-Sid
X-Reqid
X-Rewrite-Enabled
X-Rojux
X-Swa-Ws
X-Trace-Id
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Processor
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Date
X-CF-Lambda-Fn
X-B-Cookie
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-Destination
X-Developer
X-Instart-Info
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Geo-Header
X-Generated-On
X-DevSite-Last-Modified
X-Dispatch
X-External-Request-Id
X-G
X-A-Wwc
X-A
X-Cluster-Name
Cache-Key
X-Vgn-Hpd-Reason
Apigw-Requestid
X-Srv
X-Uri
GEO-INFO
X-Magnolia-Registration
User-Cache-Control
X-B3-Traceid
X-TT-TIMESTAMP
Web-Mar-Node
X-Thinkindot-L3
X-Agile-Id
X-SN
X-Agile-Age
X-Agile
X-Thanos
We-Hiring
X-User
On-Server
X-Via-PopV
NM-Fastcgi-Cache
N-Cache
X-WADP-Cache
X-VServer
X-Via-PopH
Release
X-Skip-Cache
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
X-VC-Cache
Thinkindot-CacheControl
Viewport
X-Block-Status
X-Owner
X-Hash
X-Generation-Time
X-Generated-In
X-Fmm-Version
X-Gen-Mode
X-Hnp-Log
X-Node-Id
X-Method
X-Micro-Cache
X-Matched-Rule
X-Logging-Id
X-LAGOON
X-Location
X-Reboot
X-Dispatcher-Server
X-Cache-FS-Status
X-Cache-Info
X-Cache-Bucket
X-Branch-Name
X-Bip
Memcached
X-Clara-WADP
X-Cms-Context
X-Device-Os
X-Request-UUID
X-SD-PageType
X-Core-Value
X-TA-CDN-Provider
X-SIPLIST1
Vix-Hermes-Req-Id
AKAMAI
IsBot
X-Wikidot-Backend
FNAC-ModuleRouting
X-Worker
CDCHOST
Kp-EeAlive
X-Wikidot-Static-Cache
Magicmarker
Mail-Subject
X-Envoy-Decorator-Operation
Geo-Info
Cf-Ipcountry
X-Cache-PHP
X-Req
X-Request-Host
X-Auto-Login
X-Slack-Backend
Apple-News-Services-Host
X-Distributor
X-Eu-Site
X-Fastly-Cache
X-TrackingId
X-Epic-Correlation-Id
Fastly-Drupal-HTML
X-Developers
X-Envoy-Upstream-Healthchecked-Cluster
Esi-Enabled
X-Distil-CS
X-Backend-State
X-Cache-URL
X-Cache-Tags
Apple-News-Services-Parsed-Url
X-Clientip
Apple-News-Services-Request-Url
X-Servername
Apple-News-Services-Handled
X-CGP
Node
Adler-Geo
Cache-Cookie-Set-Lfrom
X-BBXSRF
X-Server-W
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Response-By
C-Via
X-Backend-Host
X-RateLimit-Remaining-Second
RNT-Time
RNT-Machine
X-Varnish-Cacheable
Is-Eu
Rt-Fastcgi-Cache
X-JWT-State
X-Is-Gdpr
Server-Hostname
Server-Ext
X-VG-TLSProxy
X-Nginx-Cache-Key
X-Li-Pop
X-LI-UUID
X-Mvc-Supplant-Cachable
X-We-Are-Hiring
X-Webstats-RespID
Platform
X-Li-Fabric
L5d-Success-Class
X-Irp-Debug
X-Origin-Date
X-Platform-Server
Wxu-Next-Region
X-Policy
X-RateLimit-Limit-Second
Wxu-Next-Hostname
Wxu-Next-Commit
X-Has-Esi
X-GoCache-CacheStatus
X-Origin-Expires
Sever-Int
Gh-Request-Id
X-Variation
X-Hit
HA-Ipaddr
Ha-Gx-Prefs
X-Newrelic-Synthetics
X-Rebelmouse-Surrogate-Control
X-Core-Mission
X-Rebelmouse-Cache-Control
X-Cache-ASPX
CacheControlHeader
X-Be
X-Varnish-Authentication
L
Server-ID
Fastly-SIE
Fastly-SWR
W
X-LI-Proto
X-App
X-Var-Ttl
X-Contensis-Viewer-Groups
X-DC
X-App-Name
Ohc-File-Size
X-Compress-Hint
Cache-Host
X-Server-IP
X-CLOUD-TRACE-CONTEXT
X-Nc
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-VCT
X-Varnish-Beresp-Grace
X-Mvc-Supplant-OutputCached
X-Refresh
X-TH-Server
X-Wa
X-Loc
X-Esi-Check
X-Cache-Id
X-Gzip
X-Cdn-Srv
X-Cache-Debug
X-S-Maxage
X-Origin-TTL
X-Origin-CC
X-AIR-PT
Memory
X-Sucuri-ID
Server-Cache-Control
Server-Surrogate-Control
X-Zone
X-Configured-By
X-FPC
X-Generated-By
X-Bc
HostName
LB
X-SVT-ORM-VERSION
X-Storefront-Renderer-Rendered
Ohc-Response-Time
NtCoent-Length
X-SVT-ORM-RULES
X-Key
X-NU-AKA-ACS-Version
X-BC
X-MSEdge-Features
X-Edge-Location
X-Rocket-Nginx-Bypass
X-MSEdge-Flight
X-ZONE
X-Varnish-Ttl
MIME-Version
CACHE
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
Pragrma
Request-Country
Request-EU
X-Varnish-URL
X-Svr
Heartbleed
Locid
X-CF-Powered-By
X-Varnish-Hits
X-Servedbyhost
X-Request-URI
X-COUNTRY
X-GEO
X-Cdn-Forward
X-Shopify-Generated-Cart-Token
Referer-Policy
X-App-Version
X-VCL-Version
Fastly-Backend-Name
X-Batcache
Resin-Trace
X-Pjax-Url
SRV
X-Nginx-Cache
FSS-Cache
WZWS-RAY
X-Gamma-Serve
X-Up
X-BACKEND-TTL
Geoip-Latitude
X-Minions-Version
Hostname
GeoIp-Country-Code
X-Via-CDN
X-Ratelimit-Remaining
X-Amzn-Requestid
X-ND-Cache
Lfy
X-CACHE-KEY
X-WebServer
X-Aicache-OS
HitType
X-ElasticPress-Query
X-Sucuri-Cache
X-BE
Cteonnt-Length
GeoIP-Country-Code
CF-Cached-On
Product
X-Proxy-Upstream
X-CSRF-TOKEN
X-NGINX-Cache
X-Fetched-On
GeoIP-Latitude
X-Edge-Server
My-App
X-PJAX-URL
X-HS-Status
Cdn-Request-Time
X-ECache
X-Cdn-Origin
Mime-Version
X-Sn-Servicetimems
Powered-By-ChinaCache
Cdn-Host
X-Oss-Object-Type
X-Check-Cacheable
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
DCR-Decision-By
X-Vcl-Version
DCR-Processing-Time-Ms
Ohc-Cache-HIT
X-GeoIP-Country-Code
X-Azure-Ref-OriginShield
X-Fastly-Country-Code
SN
Location
X-PF-Uncompressing
X-Fastly-Cache-Status
Pramga
X-ServedByHost
X-Unique-ID
X-Varnish-Url
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Limit
X-Fastly-Backend-Reqs
URI
XServer
X-CACHE-AGE
X-Request-Start
X-Served-From
Group
Dt-Cache-Category
X-LB-ID
X-OVcl
X-Newrelic-App-Data
Cdn
X-B3-Spanid
PFcat
X-OVcl-Cache
X-VarnishDD-TTL
X-Shard
X-Vgn-Hpd-Variations-Key
X-Fpc
X-Via-Ucdn
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Swift-Error
A
X-Instart-Isnd
X-Render-Time
X-Platform
X-B3-SpanId
CloudFront-Viewer-Country
Country-Code
X-Tec-Api-Origin
X-Via-NSCOPI
X-IN-APIGATEWAYSSL
X-Tec-Api-Root
Cf-Alt-Svc
X-Request-Time
X-Tec-Api-Version
X-IN-APIGATEWAY
X-Ratelimit-Reset
X-Varnishpool
Lb
X-DPWN-IS-SECURE
X-Varnish-Beresp-TTL
X-Ocache
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Cache-Expired-At
Origin
WWW-Authenticate
Geoip-City
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Cache-String
X-Debug-Cache-Status
X-Debug-Ysi-Auth
X-Debug-Cache-Bypass
X-Planisys-CDN-Cache
X-Apw-Hits
X-C
X-StackifyID
X-Apw-Access-Token
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-LiteSpeed-Cache-Control
X-Apw-Access-Object
CF-IPCountry
PICS-Label
Cloudfront-Viewer-Country
Server-Ttl
SID
X-Apw-Access-Action
X-WA
X-Ftr-Cache-Host
Cneonction
X-Acquia-Site
X-Rocket-Build-Number
X-CUA
X-Acquia-Purge-Tags
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Epwk-X-Cache
Proxy-Firewall
X-Sigma
X-Cache-Hfrom
X-Nananana
Request-Time
X-Cache-Hm
Region
X-Sigma-Backend
NnCoection
CountryCode
X-Acquia-Application-Trace
Host-ID
X-Acquia-Application-UUID
X-Cache-Tag
X-Country-IP
X-APP
X-Lb-Id
X-Oss-Cdn-Auth
X-Varnish-ID
Pics-Label
Req-ID
X-Akamai-ERRuleID
X-Li-Proto
X-Akamai-ERPolicy
X-Request-URL
X-SB
X-VC
X-RSL
X-Dw-Trace-Id
X-RPS
X-RPM
X-DI
X-DB
X-ElasticPress-Search
X-Action
X-B3-Parentspanid
X-Html-Edge-Cache
X-DSS
X-DW
TTL