Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
X-Request-ID
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Request-Id
X-DataDome
X-Pass-Why
Content-Location
X-Mod-Pagespeed
X-Application-Context
NEL
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
Edge-Control
X-Cloud-Trace-Context
X-Clacks-Overhead
X-Cnection
X-Url
X-Px
X-Rack-Cache
X-FTR-Request-ID
RTSS
X-Goog-Hash
MS-Author-Via
X-Vname
X-PC
X-TtlSet
X-Powered-By-Plesk
Accept-CH
Verso
X-Ttl
X-DynaTrace
Public-Key-Pins
Service-Worker-Allowed
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-B3-TraceId
Accept-CH-Lifetime
X-MS-InvokeApp
X-Sol
X-Amz-Server-Side-Encryption
Arr-Disable-Session-Affinity
X-Middleton-Response
X-Middleton-Display
Pagespeed
Response
Display
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
Pinterest-Generated-By
X-Amz-Rid
X-CST
TCN
X-Abt-Application-Version
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
Accept-Ch
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
Cache-Tag
X-Server-Name
X-Instart-Request-ID
X-ESI
X-Fastly-Request-ID
X-Accel-Expires
Accept-Ch-Lifetime
X-Version
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Grace
Nginx-Cache
Ar-Sid
AR-CACHE
Charset
X-Debug
X-Upstream
S
X-Powered-CMS
SPIisLatency
X-FastCGI-Cache
SPRequestDuration
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace-JS-Agent
Realpath
X-Ezoic-Cdn
Content-MD5
Pinterest-Version
X-Pinterest-Rid
X-Trace
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Element-Page-Cache
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
Nel
X-Shield-Request-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-XRDS-Location
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Mobile-URL
X-Request-Received
X-Request-Processing-Time
X-Frontend
X-Oneagent-Js-Injection
X-Cache-Hit
Server-Node
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-Cache-Age
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Front-End-Https
Server-Name
ServerID
X-Forwarded-For
X-Hostname
X-Cache-Key
X-Amzn-Trace-Id
DynaTrace
Arc-Version
PB-RID
PB-PID
Fastly-Restarts
X-Zen-Fury
X-Server-ID
Powered
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Hits
X-Mobile-Rewrite
X-Akamai-Edgescape
X-F-Cache
X-Page-Id
X-LB-Cache
X-HS-Hub-Id
X-Jobs
X-HS-Content-Id
X-HS-Combine-CSS
Accept-Charset
X-HS-Cache-Config
X-ORACLE-APMCS-REQUEST-ID
Filters
X-ORACLE-APMCS-TAG
X-Cdn
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-FTR-Cache-Host
X-Yandex-Sdch-Disable
X-Geo-Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Via-JSL
X-Origin-Server
MicrosoftSharePointTeamServices
X-Varnish-Age
X-B
X-N
Alternate-Protocol
X-TTL
X-Rid
X-Daa-Tunnel
X-Ser
Host-Header
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Fastcgi-Cache
X-Az
X-Activity-Id
DC
X-ATG-Version
X-WebKit-CSP-Report-Only
X-AppVersion
Paypal-Debug-Id
X-Correlation-Id
X-Esi
Cache-Tags
X-Amz-Replication-Status
Actual-Object-TTL
X-App-Server
Retry-After
X-Debug-Info
X-Git-Hash
X-Type
X-FB-Debug
Section-Io-Cache
X-Varnish-Grace
Frame-Options
X-Whom
X-Signature
X-TT
X-B-Cache
X-App-Environment
X-Contextid
X-Edge
Surrogate-Key
X-Request-Guid
Fastcgi-Useragent
X-Status
X-Content-Options
Host
X-AOL-HN
Healthy
X-Seen-By
X-Cache-Action
X-Pinterest-Direct
Source
Refresh
X-Host-Name
X-XRDS-LOCATION
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Endurance-Cache-Level
X-B3-Sampled
X-Instance
X-Tumblr-User
X-RateLimit-Remaining
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-Response-Served-From
X-RemovedCookies
X-Cache-Rule
X-Accel-Buffering
X-ProcessESI
X-Drupal-Cache-Tags
X-Amz-Apigw-Id
X-Cache-Operation
X-MCACHE
VIX-Pulpo-Node
X-Mid
X-Region
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-Rule
Eomportal-Instance
X-Amzn-RequestId
MS-CV
X-Cacheable-TTL
X-L-Path
X-Environment-Context
X-UUID
Payment
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-Varnish-Server
X-Rendered-As
X-Cache-Control
X-Cache-Time
X-FW-Type
X-FW-Hash
X-Is-Bot
X-Adobe-Loc
NR-ENABLED
Countrycode
WPE-Backend
X-Adobe-Content
Cache-Status
X-WA-Info
Srv
X-Protected-By
Datacenter
X-APP-VERSION
X-URL
Xserver
X-GeoIP
X-Correlation-ID
X-VCache
Content-Disposition
X-PressLabs-Stats
X-Wix-Request-Id
X-Akamai-Transformed
X-Cluster
NGB
X-RequestSource
X-Cached-By
X-EdgeConnect-Cache-Status
X-Cache-Server
X-SERVER-NAME
X-Akamai-Request-ID2
X-Yottaa-Optimizations
Uber-Trace-Id
X-Yottaa-Metrics
X-UnsetCookies
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Time
Version
X-Mode
X-Load-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-Mobile
Filterid
X-Proxy
X-Handled-By
Access-Control-Request-Headers
X-PHP-Backend
X-Unique-Id
X-Cache-Remote
Liferay-Portal
Accept-Language
X-Presslabs-Stats
X-FireWall-Port
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-CCM
X-Azure-Ref
X-No-Session
X-Path-Route
X-Framework
X-Cache-Var-Map
X-Cache-Status-Check
X-Viewer-Country
Meta-Geo
X-Adobe-Source
X-UA-Device-Type
X-Via-Fastly
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Backend-Name
Decoy-Debug-TTL
Decoy-Debug-Status
X-Time-Microsecs
DSUID
Decoy-Debug-Key
X-Cache-NGX
X-Site-Version
X-VWS-Id
X-Www-Served-By
X-Pubstack
X-Storage
X-OCL
X-MP-GENERATED-AT
X-Locale
X-LJ-Flow-ID
X-NewRelic-App-Data
X-PCL
ServedBy
Akamai-GRN
Cache
X-ApacheServer
X-AWS-Id
Cache-Hits
X-PERF
X-Redis-Cache
Cache-Name
Cleartype
X-FW-Version
X-Real-IP
X-R9-Blue-Green-Version
X-NCache
X-Info
X-RTag
X-Say-Cacheable
X-TX-ID
X-SayCDN-TTL
X-Say-TTL
X-Web-Node
X-Human
X-Cache-Config
Origin-Edge-Control
Origin-Cache-Control
Now
Ms-Operation-Id
Section-Io-Id
Section-Io-Origin-Status
Webserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Fastly-SSL
Mn-Server-Ip
Upgrade-Insecure-Requests
S-Rt
X-NWS-UUID-VERIFY
X-Bc-Bl
X-Origin-Hint
X-Proxied
TWC-GeoIP-LatLong
X-Origin
X-Hl-Ver
X-Cache-Enabled
X-Device-Type
X-BYPASS-REASON
X-FC-Vary-Parameters
Property-Id
X-Format
X-CS
X-Access
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
TWC-GeoIP-Country
X-UPSTREAM-Address
X-Zipkin-Id
Webcakes-App-Name
Webcakes-App-Version
X-ProxyCache-Key
X-Routing-Service
X-Section
X-ProxyCache-Status
X-ServerID
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Alternate-Cache-Key
X-Hyper-Cache
X-ShopId
X-ShardId
X-SaId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-TNCMS
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Proxy-Build
X-NYM-Debug-Backend
X-From
X-FB-TRIP-ID
X-EIG-Tracking-Id
X-Generated
X-IP
X-Loop
X-JoinUs
X-Detected-As
X-Xfnlog-Site
DB-Nickname
Selected-Fe
Azure-SiteName
Azure-RegionName
Azure-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-InstanceId
X-Hosted-By
Azure-SlotName
X-Varnish-Cache-Hits
X-Source
Load-Balancing
Country
X-Content-Age
Ec-Rule-Version
X-Labrador-Cache-Channel
X-PHP-Host
X-Qloud-Router
X-Geo
X-Cache-NE
Cache-Tv-Group
X-Cluster-Node
X-Air-Hostname
X-Old-Content-Length
SD-X-WS
X-CSRF-Token
User-Agent
X-Cache-Host
X-Varnish-Hostname
Time
X-Pad
X-Litespeed-Cache
X-Release
X-Vcache
X-Drupal-Cache-Contexts
X-CDN-Forward
FilterID
X-Cache-TTL-Remaining
X-Backend-TTL
X-Parent-Response-Time
X-Cache-2
X-Ua
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Cache-Backend
S-Cnection
X-RCS-CacheZone
Server-Info
X-EC-Lua
X-Akamai-Request-ID
X-Proxy-Cache-Status
X-Cache-Grace
X-Webkit-CSP
X-Forwarded-Host
X-Tumblr-Pixel-3
X-RateLimit-Limit
X-Microcachable
X-Srv
X-Debug-Cache
Proxy-Connection
X-UA
NGX
X-Dc
X-NC
X-Soup
OT-Force-Account-Verify
X-FORWARDED-FOR
Tracecode
X-Tb
Apigw-Requestid
Sid
X-Processor
X-Instart-Info
X-Geo-Header
X-Generated-On
X-A
Arc-Country
X-PAYTM-SRV-ID
X-NodeID
X-A-Dgt
X-A-Dcw
X-Proto
X-A-Wwc
X-Level-Front-Cache
X-A-Ccd
Fastcgi-X-Cache-Version
Meta-Geo-Continent
UCS
Mobile-Detection-Method
X-CF-Lambda-Fn
MD5-Digest
X-CF-Lambda-Version
M-TraceId
Machine
Pagetype
Rendered-Blocks
X-Application
ServerName
T-Server
X-Aed
X-ARC
X-B-Cookie
Server-Host
X-Connection-Hash
X-D
X-Accel-Expires-Debug
VivaBuild
Content-Script-Type
X-External-Request-Id
Who
BehaviorPad-Version
X-G
Content-Style-Type
True-Client-Country-4JS
X-Developer
X-Destination
X-Date
GEO-REGION-INFO
X-DevSite-Last-Modified
X-Dispatch
Viewtype
AsisCache
X-Uri
X-Twitter-Response-Tags
X-Swa-Ws
X-Vtex-Processado-Em
X-Scheme
X-S-Cookie
X-S
X-A-Dam
X-Vtex-Remote-Cache
X-Trv-Group
X-Session-Fingerprint
Cache-Key
X-SRCache-Key
X-Trace-Id
Xc-Version
X-Transaction
X-ServiceProvider
X-Vdms-Path
X-ScT
X-Cluster-Name
X-Reqid
Geo-Info
X-Rojux
X-VG-WebServer
X-Rewrite-Enabled
X-Vdms-Version
X-VG-WebCache
X-Region-Sid
User-Cache-Control
X-TIME
X-Magnolia-Registration
Web-Mar-Node
Mail-Subject
GEO-INFO
X-Wikidot-Static-Cache
Magicmarker
X-Clara-WADP
X-Core-Value
X-Thinkindot-L3
X-Thanos
X-Wikidot-Backend
X-Cms-Context
IsBot
X-Device-Os
Kp-EeAlive
We-Hiring
X-WADP-Cache
X-Via-PopH
X-Agile
X-Agile-Age
X-Agile-Id
X-User
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-VC-Cache
V-Age
Viewport
Thinkindot-Control
X-Via-PopV
Vix-Hermes-Req-Id
X-Cache-FS-Status
X-Cache-Info
On-Server
NM-Fastcgi-Cache
Release
X-TT-TIMESTAMP
X-Bip
X-Block-Status
X-Branch-Name
X-Cache-Bucket
N-Cache
FNAC-ModuleRouting
X-Hash
X-Hnp-Log
X-Ms-Request-Id
X-Ms-Version
X-Node-Id
X-Vgn-Hpd-Reason
X-Generation-Time
AKAMAI
X-Micro-Cache
X-Cache-PHP
X-B3-Traceid
X-Logging-Id
X-Location
X-SD-PageType
X-Matched-Rule
X-Dispatcher-Server
X-LAGOON
X-Method
X-Gen-Mode
X-Generated-In
X-SN
CDCHOST
X-Skip-Cache
X-Owner
X-Fmm-Version
X-Worker
X-SIPLIST1
X-Envoy-Decorator-Operation
X-SRV
X-Newrelic-Synthetics
Cf-Ipcountry
X-Hit
X-VG-TLSProxy
X-Request-Host
X-Variation
X-Nginx-Cache-Key
X-Origin-Expires
X-Req
X-Policy
X-Mvc-Supplant-Cachable
X-Origin-Date
X-Varnish-Cacheable
X-Request-UUID
X-Platform-Server
X-Response-By
X-JWT-State
X-We-Are-Hiring
X-Webstats-RespID
X-Eu-Site
X-Clientip
X-CGP
X-Fastly-Cache
X-Epic-Correlation-Id
X-Slack-Backend
X-Distil-CS
X-Reboot
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-Developers
X-TrackingId
X-Cache-URL
X-BBXSRF
X-RateLimit-Remaining-Second
X-Backend-State
X-Backend-Host
X-VServer
X-Server-W
X-Is-Gdpr
X-Cache-Tags
X-Servername
X-Has-Esi
X-RateLimit-Limit-Second
X-Irp-Debug
X-Auto-Login
Wxu-Next-Hostname
Adler-Geo
Apple-News-Services-Handled
L5d-Success-Class
Ha-Gx-Prefs
RNT-Time
RNT-Machine
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cache-Cookie-Set-Idcheck
Memcached
Cache-Cookie-Set-From
C-Via
Platform
Apple-News-Services-Request-Url
Cache-Cookie-Set-Lfrom
Rt-Fastcgi-Cache
Sever-Int
Gh-Request-Id
Node
X-TA-CDN-Provider
Is-Eu
Wxu-Next-Commit
HA-Ipaddr
Fastly-Drupal-HTML
Server-Ext
Server-Hostname
Wxu-Next-Region
X-Be
Fastly-SWR
Esi-Enabled
Fastly-SIE
X-Var-Ttl
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Varnish-Authentication
X-App
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-GoCache-CacheStatus
CacheControlHeader
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Core-Mission
W
X-Nc
X-Refresh
L
Server-ID
X-LI-Proto
X-Compress-Hint
X-DC
Ohc-File-Size
X-Varnish-Beresp-Status
X-App-Name
X-Varnish-Beresp-Grace
Cache-Host
X-Varnish-Beresp-Ttl
X-TH-Server
X-Server-IP
X-CLOUD-TRACE-CONTEXT
X-Cache-Id
X-AIR-PT
X-Gzip
X-Esi-Check
X-VCT
X-Cache-Debug
X-Wa
X-Loc
X-Origin-CC
X-Origin-TTL
X-Sucuri-ID
HostName
X-ZONE
X-Mvc-Supplant-OutputCached
X-Configured-By
X-BC
X-Cdn-Srv
X-S-Maxage
X-Storefront-Renderer-Rendered
LB
NtCoent-Length
Server-Cache-Control
Server-Surrogate-Control
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
X-Key
X-Generated-By
X-SVT-ORM-RULES
X-FPC
X-MSEdge-Flight
Memory
X-Edge-Location
Ohc-Response-Time
X-MSEdge-Features
MIME-Version
X-App-Version
X-Zone
X-Bc
X-Rocket-Nginx-Bypass
X-Varnish-URL
X-Varnish-Ttl
Pragrma
X-CF-Powered-By
CACHE
X-Cdn-Forward
Heartbleed
X-Servedbyhost
X-Debug-Panamera-Host
X-Svr
X-Debug-Panamera-Sitecode
Locid
Request-EU
Referer-Policy
Request-Country
X-Varnish-Hits
X-COUNTRY
X-Request-URI
Resin-Trace
X-Batcache
X-Pjax-Url
X-GEO
Fastly-Backend-Name
X-Shopify-Generated-Cart-Token
X-Ratelimit-Remaining
X-Nginx-Cache
X-Up
FSS-Cache
X-BACKEND-TTL
X-VCL-Version
SRV
WZWS-RAY
X-Minions-Version
X-Gamma-Serve
X-Via-CDN
X-Aicache-OS
GeoIp-Country-Code
X-ElasticPress-Query
Hostname
X-ND-Cache
Geoip-Latitude
X-Sucuri-Cache
X-CACHE-KEY
Lfy
X-Amzn-Requestid
X-WebServer
CF-Cached-On
X-BE
Cteonnt-Length
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Check-Cacheable
GeoIP-Country-Code
Product
X-Oss-Request-Id
HitType
X-Proxy-Upstream
X-CSRF-TOKEN
X-PJAX-URL
X-Edge-Server
X-Vcl-Version
X-ECache
GeoIP-Latitude
Cdn-Request-Time
Powered-By-ChinaCache
Cdn-Host
Mime-Version
X-Fetched-On
DCR-Decision-By
DCR-Processing-Time-Ms
X-Cdn-Origin
My-App
X-NGINX-Cache
X-Sn-Servicetimems
X-Unique-ID
X-Fastly-Cache-Status
Ohc-Cache-HIT
X-GeoIP-Country-Code
X-Azure-Ref-OriginShield
Pramga
X-PF-Uncompressing
Location
X-HS-Status
X-Ratelimit-Limit
X-Fastly-Country-Code
SN
X-ServedByHost
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Pf-Uncompressing
X-Varnish-Url
X-Fastly-Backend-Reqs
Amp-Access-Control-Allow-Source-Origin
X-OVcl
Group
PFcat
X-OVcl-Cache
X-Served-From
X-VarnishDD-TTL
X-LB-ID
X-Request-Start
XServer
X-CACHE-AGE
URI
Dt-Cache-Category
Cdn
X-Vgn-Hpd-Ssi
X-B3-Spanid
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Fpc
X-Newrelic-App-Data
X-Shard
X-Instart-Isnd
X-Render-Time
X-Platform
X-Ratelimit-Reset
X-Via-Ucdn
X-Varnishpool
X-B3-SpanId
X-Swift-Error
X-Ftr-Cache-Host
A
X-Cache-Expired-At
WWW-Authenticate
X-Fastly-Request-Id
CloudFront-Viewer-Country
X-Via-NSCOPI
X-Request-Time
Cf-Alt-Svc
Lb
X-IN-APIGATEWAYSSL
Country-Code
X-IN-APIGATEWAY
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Tb-Optimization-Total-Bytes-Saved
Geoip-City
X-Varnish-Beresp-TTL
Origin
X-Ocache
X-DPWN-IS-SECURE
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
X-Debug-Xas-Auth
X-Planisys-CDN-Rules
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Cache-Status
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Debug-Cache-Bypass
X-StackifyID
X-Planisys-CDN-TTL
Server-Ttl
X-Planisys-CDN-Cache
SID
PICS-Label
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
X-Amzn-Remapped-Connection
X-CUA
X-Amzn-Remapped-Date
Epwk-X-Cache
X-WA
CF-IPCountry
Cloudfront-Viewer-Country
X-C
Pics-Label
X-Oss-Cdn-Auth
X-Rocket-Build-Number
Host-ID
X-Country-IP
Proxy-Firewall
Request-Time
X-Acquia-Purge-Tags
DataCenter
X-Nananana
NnCoection
X-Sigma-Backend
X-Sigma
Cneonction
X-Cache-Tag
X-Acquia-Application-Trace
X-Cache-Hfrom
X-Acquia-Site
Region
X-Acquia-Application-UUID
X-Cache-Hm
X-APP
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-B3-Parentspanid
X-Lb-Id
Req-ID
X-Varnish-ID
X-Action
TTL
X-Html-Edge-Cache
X-RPM
X-RPS
X-VC
X-SB
X-Dw-Trace-Id
X-Li-Proto
X-DW
X-DB
X-Request-URL
X-DI
X-DSS
X-RSL
X-ElasticPress-Search