Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Request-ID
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Backend
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-Pass-Why
Request-Id
X-DataDome
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
NEL
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Px
X-Url
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
Accept-CH
X-TtlSet
X-PC
X-Vname
MS-Author-Via
X-Powered-By-Plesk
Verso
X-Ttl
X-DynaTrace
Public-Key-Pins
Accept-CH-Lifetime
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Response
Display
X-Sol
X-Middleton-Display
Pagespeed
Arr-Disable-Session-Affinity
Response
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Cached
X-CST
X-Amz-Rid
TCN
X-Abt-Application-Version
Pinterest-Generated-By
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Accept-Ch
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-ESI
X-Version
AR-ATIME
AR-Request-ID
X-MSEdge-Ref
AR-PoweredBy
Access-Control-Request-Method
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Grace
Nginx-Cache
X-FastCGI-Cache
Ar-Sid
AR-CACHE
Accept-Ch-Lifetime
Charset
S
X-Upstream
X-Debug
X-Powered-CMS
SPIisLatency
SPRequestDuration
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
Realpath
X-Ezoic-Cdn
Pinterest-Version
Content-MD5
X-Pinterest-Rid
Nel
X-Trace
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Element-Page-Cache
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-XRDS-Location
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Frontend
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Cache-Hit
Edge-Cache-Tag
X-Cache-Age
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
TP-Cache
TP-L2-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
Front-End-Https
Server-Name
ServerID
DynaTrace
X-Forwarded-For
X-Hostname
Fastly-Restarts
X-Amzn-Trace-Id
X-Cache-Key
PB-PID
Arc-Version
PB-RID
X-Server-ID
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Mobile-Rewrite
X-Akamai-Edgescape
X-Cdn
X-LB-Cache
X-Hits
X-Oneagent-Js-Injection
X-HS-Cache-Config
X-F-Cache
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Accept-Charset
X-Jobs
X-Page-Id
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Filters
X-FTR-Cache-Host
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Via-JSL
X-Yandex-Sdch-Disable
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Varnish-Age
X-TTL
X-Correlation-Id
X-B
X-Ruxit-Js-Agent
Alternate-Protocol
X-Ser
X-Rid
X-N
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Varnish-Backend
X-Esi
Host-Header
X-ATG-Version
DC
X-Activity-Id
X-Az
X-WebKit-CSP-Report-Only
X-AppVersion
Paypal-Debug-Id
X-Amz-Replication-Status
X-App-Server
Cache-Tags
X-FB-Debug
Frame-Options
Retry-After
X-Debug-Info
X-Git-Hash
X-Type
Actual-Object-TTL
X-B-Cache
X-Contextid
X-Signature
X-Varnish-Grace
Section-Io-Cache
X-App-Environment
X-Whom
X-TT
X-Fastcgi-Cache
X-Request-Guid
X-Edge
Surrogate-Key
X-Status
Fastcgi-Useragent
X-Content-Options
X-AOL-HN
Host
Healthy
X-XRDS-LOCATION
X-Cache-Action
X-Seen-By
X-Pinterest-Direct
Source
X-Host-Name
X-HTML-Minification-Powered-By
Refresh
X-IPLB-Instance
X-B3-Sampled
X-Instance
X-Endurance-Cache-Level
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Upgrade-Enabled
X-RateLimit-Remaining
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-Cache-Rule
X-Response-Served-From
X-Accel-Buffering
X-Drupal-Cache-Tags
X-Litespeed-Cache
X-RemovedCookies
X-ProcessESI
X-Cache-Operation
NR-ENABLED
WPE-Backend
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
VIX-Pulpo-Node
X-Amz-Apigw-Id
X-Region
X-Rule
X-Mid
X-MCACHE
Eomportal-Instance
X-L-Path
X-Environment-Context
Payment
X-UUID
X-Cache-Control
MS-CV
X-Cacheable-TTL
X-FW-Type
Cache-Status
X-FW-Hash
X-Varnish-Server
Datacenter
X-FW-Dynamic
X-Amzn-RequestId
X-FW-Serve
X-FW-Static
X-FW-Server
Countrycode
X-Adobe-Content
X-Cache-Time
X-URL
X-APP-VERSION
X-Is-Bot
X-Rendered-As
X-WA-Info
X-Adobe-Loc
X-Protected-By
Srv
X-GeoIP
Xserver
X-VCache
NGB
Content-Disposition
X-RequestSource
X-Cluster
X-SERVER-NAME
X-Wix-Request-Id
X-PressLabs-Stats
X-Cache-Server
X-Cached-By
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-Yottaa-Optimizations
X-Akamai-Request-ID2
X-Yottaa-Metrics
Uber-Trace-Id
X-UnsetCookies
X-IPS-LoggedIn
X-Tt-Trace-Tag
Version
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Time
X-Unique-Id
X-Load-Cache
X-Mobile
X-Mode
X-Presslabs-Stats
X-Correlation-ID
X-Proxy
X-Handled-By
Filterid
X-Cache-Remote
Access-Control-Request-Headers
X-PHP-Backend
Liferay-Portal
X-FireWall-Port
X-Cache-Status-Check
X-Backend-Name
X-Cache-Var
X-No-Session
X-Framework
X-Adobe-Source
X-CCM
Meta-Geo
X-RN-RSRV
X-Via-Fastly
X-ES-SERVER
X-Path-Route
X-UA-Device-Type
X-Cache-Var-Map
X-Azure-Ref
Fastly-SSL
DSUID
X-PERF
Akamai-GRN
Accept-Language
X-NGENIX-Cache
Cache-Hits
Cross-Origin-Window-Policy
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Pubstack
Upgrade-Insecure-Requests
X-LJ-Flow-ID
X-Locale
X-Viewer-Country
X-Storage
X-Redis-Cache
X-VWS-Id
X-Site-Version
X-OCL
X-MP-GENERATED-AT
X-Www-Served-By
X-AWS-Id
X-PCL
X-ApacheServer
ServedBy
X-Cache-Config
X-Cache-NGX
Section-Io-Origin-Status
X-Human
Section-Io-Origin-Time-Seconds
X-FW-Version
Webserver
Section-Origin-Responded
X-TX-ID
Origin-Edge-Control
X-Real-IP
X-R9-Blue-Green-Version
X-Say-TTL
Mn-Server-Ip
X-RTag
X-Say-Cacheable
X-NCache
X-SayCDN-TTL
X-Web-Node
X-Info
Origin-Cache-Control
Cache-Name
Cleartype
Section-Io-Id
Ms-Operation-Id
X-Time-Microsecs
X-NewRelic-App-Data
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-Bc-Bl
X-Access
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-Country
S-Rt
Property-Id
Cache
TWC-Connection-Speed
X-Cache-Enabled
TWC-Device-Class
TWC-GeoIP-LatLong
X-CS
X-Section
X-Routing-Service
X-ServerID
X-TNCMS
X-UPSTREAM-Address
X-Xfnlog-Site
X-Proxied
X-Origin-Hint
X-FC-Vary-Parameters
X-Device-Type
X-Format
X-Hl-Ver
X-Loop
X-Hyper-Cache
Now
X-Zipkin-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-IP
X-JoinUs
X-NYM-Debug-Backend
Ec-Rule-Version
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-BYPASS-REASON
X-Detected-As
X-BCube-Filmed-By
X-EIG-Tracking-Id
X-From
X-FB-TRIP-ID
X-Origin
X-NWS-UUID-VERIFY
X-ShopId
X-ShardId
X-SaId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Proxy-Build
X-ProxyCache-Status
X-ProxyCache-Key
Selected-Fe
Azure-Version
Azure-InstanceId
Azure-SiteName
X-Varnish-Cache-Hits
Azure-RegionName
Azure-SlotName
Country
X-Source
DB-Nickname
X-Hosted-By
Load-Balancing
X-Content-Age
X-Qloud-Router
SD-X-WS
X-Cache-NE
X-Labrador-Cache-Channel
X-Air-Hostname
User-Agent
X-PHP-Host
X-Varnish-Hostname
Cache-Tv-Group
X-Cluster-Node
X-Old-Content-Length
X-Geo
X-CSRF-Token
X-Vcache
X-Cache-Host
Time
X-Pad
X-Backend-TTL
FilterID
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-EC-Lua
S-Cnection
X-Parent-Response-Time
X-Cache-2
X-Cache-Backend
X-Release
X-Urbn-Site-Id
X-Urbn-Context-Path
X-RCS-CacheZone
Locale
X-Ua
Server-Info
X-Webkit-CSP
X-Cache-Grace
X-Proxy-Cache-Status
X-Microcachable
X-Akamai-Request-ID
X-Forwarded-Host
X-Tumblr-Pixel-3
X-UA
X-NC
X-RateLimit-Limit
X-Srv
Tracecode
X-FORWARDED-FOR
NGX
X-Debug-Cache
X-Soup
Proxy-Connection
OT-Force-Account-Verify
X-Dc
X-Tb
Sid
X-TIME
Fastcgi-X-Cache-Version
X-External-Request-Id
Content-Style-Type
X-NodeID
Apigw-Requestid
X-Uri
GEO-REGION-INFO
X-Vdms-Path
X-PAYTM-SRV-ID
Content-Script-Type
X-Ms-Request-Id
Arc-Country
X-Geo-Header
X-Instart-Info
AsisCache
BehaviorPad-Version
X-Level-Front-Cache
X-G
X-Generated-On
X-Ms-Version
X-Developer
UCS
Viewtype
VivaBuild
T-Server
X-Application
ServerName
X-ARC
Who
X-Aed
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
X-Accel-Expires-Debug
X-A-Wwc
X-B-Cookie
Server-Host
X-D
X-Connection-Hash
M-TraceId
X-Date
X-Destination
X-DevSite-Last-Modified
Cache-Key
Machine
MD5-Digest
X-CF-Lambda-Fn
Rendered-Blocks
Pagetype
X-CF-Lambda-Version
Meta-Geo-Continent
Mobile-Detection-Method
X-Dispatch
X-Proto
X-A-Dgt
X-Scheme
X-ScT
X-S
X-Rojux
X-Trace-Id
X-Vdms-Version
X-Rewrite-Enabled
X-Vgn-Hpd-Reason
Xc-Version
X-SRCache-Key
X-Swa-Ws
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
GEO-INFO
X-ServiceProvider
X-Session-Fingerprint
X-Reqid
X-S-Cookie
X-Vtex-Processado-Em
X-Processor
X-Cluster-Name
X-Transaction
X-Trv-Group
X-Region-Sid
X-Vtex-Remote-Cache
X-SRV
X-Magnolia-Registration
User-Cache-Control
X-Owner
X-Wikidot-Static-Cache
X-Reboot
X-Device-Os
X-SIPLIST1
X-Cache-Info
X-User
FNAC-ModuleRouting
X-Thinkindot-L3
Thinkindot-CacheControl
X-Thanos
X-Via-PopH
On-Server
Release
X-Via-PopV
IsBot
Memcached
X-Block-Status
X-Branch-Name
X-Cache-Bucket
X-Cache-FS-Status
X-SN
X-Bip
Magicmarker
X-Core-Value
Kp-EeAlive
X-Skip-Cache
X-TA-CDN-Provider
X-Micro-Cache
N-Cache
Thinkindot-CacheControl-Type
X-TT-TIMESTAMP
X-LAGOON
X-VC-Cache
Viewport
X-Hnp-Log
AKAMAI
X-SD-PageType
Vix-Hermes-Req-Id
X-Agile-Age
X-Logging-Id
X-Matched-Rule
X-Method
X-Location
Web-Mar-Node
X-Request-UUID
X-Agile
X-Hash
V-Age
True-Client-Country-4JS
X-Node-Id
X-Gen-Mode
X-Generation-Time
X-Generated-In
Thinkindot-Control
CDCHOST
X-Worker
X-Agile-Id
X-VServer
X-Wikidot-Backend
Cf-Ipcountry
X-Envoy-Decorator-Operation
X-Cache-PHP
Geo-Info
X-Auto-Login
X-Cache-Tags
X-We-Are-Hiring
X-BBXSRF
X-TrackingId
X-WADP-Cache
X-Backend-State
X-Backend-Host
X-Dispatcher-Server
X-JWT-State
X-Li-Fabric
X-Response-By
X-Is-Gdpr
X-Irp-Debug
X-GoCache-CacheStatus
X-Has-Esi
X-Hit
X-Li-Pop
X-LI-UUID
X-Origin-Expires
X-Policy
X-Platform-Server
X-Origin-Date
X-Nginx-Cache-Key
X-Request-Host
X-Mvc-Supplant-Cachable
X-Varnish-Cacheable
X-RateLimit-Remaining-Second
X-Fmm-Version
X-Cms-Context
X-RateLimit-Limit-Second
X-Developers
X-Clientip
X-Slack-Backend
X-CGP
X-Webstats-RespID
X-Clara-WADP
X-Distil-CS
X-VG-TLSProxy
X-Servername
X-Server-W
X-Fastly-Cache
X-Eu-Site
X-Epic-Correlation-Id
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-URL
Wxu-Next-Hostname
Rt-Fastcgi-Cache
Mail-Subject
Cache-Cookie-Set-Lfrom
Server-Ext
HA-Ipaddr
Esi-Enabled
Fastly-Drupal-HTML
Ha-Gx-Prefs
Gh-Request-Id
Wxu-Next-Region
NM-Fastcgi-Cache
Apple-News-Services-Handled
Server-Hostname
We-Hiring
L5d-Success-Class
Wxu-Next-Commit
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
Apple-News-Services-Request-Url
Sever-Int
Cache-Cookie-Set-From
Node
C-Via
X-Newrelic-Synthetics
Is-Eu
L
X-Rebelmouse-Surrogate-Control
Adler-Geo
X-Req
X-Contensis-Viewer-Groups
X-Rebelmouse-Cache-Control
Fastly-SWR
Fastly-SIE
X-Be
X-Core-Mission
X-App
X-Cache-ASPX
RNT-Time
W
CacheControlHeader
RNT-Machine
X-Variation
X-Varnish-Authentication
Platform
Server-ID
X-Var-Ttl
X-LI-Proto
X-DC
X-App-Name
X-Compress-Hint
Ohc-File-Size
X-Server-IP
Cache-Host
X-Nc
X-CLOUD-TRACE-CONTEXT
X-Refresh
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-TH-Server
X-VCT
X-Mvc-Supplant-OutputCached
X-Cdn-Srv
X-Loc
X-Wa
X-S-Maxage
LB
X-AIR-PT
X-Origin-TTL
X-Origin-CC
X-Gzip
X-Configured-By
X-Esi-Check
X-Cache-Debug
Server-Surrogate-Control
X-Generated-By
Server-Cache-Control
X-Zone
X-Bc
X-Cache-Id
Memory
X-FPC
X-Sucuri-ID
HostName
X-B3-Traceid
Ohc-Response-Time
X-Storefront-Renderer-Rendered
X-NU-AKA-ACS-Version
X-Key
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
NtCoent-Length
X-BC
X-ZONE
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
X-MSEdge-Features
X-Edge-Location
X-MSEdge-Flight
CACHE
Request-Country
Locid
Request-EU
Pragrma
X-Debug-Panamera-Host
X-Varnish-URL
X-Debug-Panamera-Sitecode
X-Svr
Heartbleed
X-CF-Powered-By
MIME-Version
X-Varnish-Hits
X-Servedbyhost
X-GEO
X-COUNTRY
X-Request-URI
X-Shopify-Generated-Cart-Token
X-App-Version
Referer-Policy
X-Ratelimit-Remaining
X-Cdn-Forward
X-Pjax-Url
Resin-Trace
X-VCL-Version
Fastly-Backend-Name
X-Batcache
X-Nginx-Cache
SRV
FSS-Cache
WZWS-RAY
X-Up
X-Gamma-Serve
X-BACKEND-TTL
GeoIp-Country-Code
Geoip-Latitude
X-Minions-Version
X-Via-CDN
Hostname
HitType
X-CACHE-KEY
X-ElasticPress-Query
X-ND-Cache
Lfy
X-Amzn-Requestid
X-Aicache-OS
X-WebServer
X-Sucuri-Cache
X-BE
Cteonnt-Length
X-Proxy-Upstream
GeoIP-Country-Code
Product
CF-Cached-On
Mime-Version
X-NGINX-Cache
X-Cdn-Origin
My-App
X-ECache
X-Edge-Server
X-HS-Status
X-Fetched-On
Cdn-Host
Powered-By-ChinaCache
X-Sn-Servicetimems
GeoIP-Latitude
X-CSRF-TOKEN
X-PJAX-URL
Cdn-Request-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
DCR-Processing-Time-Ms
Ohc-Cache-HIT
X-Check-Cacheable
X-Ratelimit-Limit
X-GeoIP-Country-Code
DCR-Decision-By
X-Vcl-Version
Location
Pramga
X-Azure-Ref-OriginShield
X-Fastly-Cache-Status
X-ServedByHost
SN
X-PF-Uncompressing
X-Fastly-Country-Code
X-Unique-ID
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
X-CACHE-AGE
X-Fastly-Backend-Reqs
X-Served-From
Group
X-Request-Start
URI
XServer
Dt-Cache-Category
Cdn
X-VarnishDD-TTL
X-B3-Spanid
X-Newrelic-App-Data
PFcat
X-OVcl
X-OVcl-Cache
X-LB-ID
X-Shard
X-Fpc
X-Vgn-Hpd-Cached
X-Via-Ucdn
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Swift-Error
X-IN-APIGATEWAYSSL
X-Render-Time
Country-Code
X-Via-NSCOPI
X-Platform
CloudFront-Viewer-Country
X-B3-SpanId
X-IN-APIGATEWAY
Cf-Alt-Svc
A
X-Request-Time
X-Varnishpool
X-Ratelimit-Reset
X-Instart-Isnd
X-Debug-Cache-Fetch
X-Debug-Cache-Store
PICS-Label
Geoip-City
X-DPWN-IS-SECURE
X-Ocache
WWW-Authenticate
X-Cache-Expired-At
X-Tb-Optimization-Total-Bytes-Saved
Origin
X-Varnish-Beresp-TTL
X-WPE-Loopback-Upstream-Addr
Lb
X-WR-MODIFICATION
X-Planisys-CDN-Rules
X-LiteSpeed-Cache-Control
X-Debug-Cache-String
X-Debug-Cache-Status
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Apw-Access-Action
X-C
Server-Ttl
X-WA
X-Debug-Cache-Bypass
X-Apw-Access-Object
X-Apw-Access-Token
X-Debug-Ysi-Auth
X-Planisys-CDN-TTL
Cloudfront-Viewer-Country
SID
X-Apw-Hits
CF-IPCountry
X-StackifyID
X-Planisys-CDN-Cache
X-Ftr-Cache-Host
Region
Cneonction
X-Sigma
X-Sigma-Backend
X-Acquia-Site
NnCoection
X-CUA
Proxy-Firewall
X-Acquia-Application-UUID
Epwk-X-Cache
X-Rocket-Build-Number
X-Amzn-Remapped-Connection
X-Cache-Tag
X-Amzn-Remapped-Date
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-Nananana
X-Acquia-Application-Trace
X-Cache-Hm
X-Country-IP
Host-ID
Request-Time
X-APP
X-Oss-Cdn-Auth
X-DW
X-RPM
Req-ID
X-Varnish-ID
X-Li-Proto
X-RPS
X-RSL
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-B3-Parentspanid
X-DSS
X-ElasticPress-Search
TTL
X-SB
X-VC
X-Dw-Trace-Id
X-DB
X-Request-URL
X-DI
X-Html-Edge-Cache
X-Action