Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Template
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Request-ID
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
P3p
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Cache-Group
Xkey
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Report-To
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
X-Host
EagleEye-TraceId
X-Device
Surrogate-Control
X-Dns-Prefetch-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-Pass-Why
X-HW
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
NEL
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Rack-Cache
X-Url
X-Px
X-FTR-Request-ID
X-Goog-Hash
Accept-CH
RTSS
X-Vname
X-TtlSet
X-PC
MS-Author-Via
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
Public-Key-Pins
X-Ttl
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-DynaTrace
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Display
Response
X-Sol
X-Middleton-Response
Display
Pagespeed
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Abt-Application-Version
TCN
X-Cached
X-CST
X-Amz-Rid
X-Vcap-Request-Id
Pinterest-Generated-By
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Instart-Request-ID
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Server-Name
X-Version
Accept-Ch
X-ESI
X-MSEdge-Ref
Nginx-Cache
Access-Control-Request-Method
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Grace
S
X-FastCGI-Cache
Charset
X-Debug
Ar-Sid
AR-CACHE
SPRequestDuration
SPIisLatency
X-Upstream
X-Powered-CMS
X-SRCache-Store-Status
X-SharePointHealthScore
X-SRCache-Fetch-Status
SPRequestGuid
Accept-Ch-Lifetime
Nel
X-DynaTrace-JS-Agent
X-Trace
X-Ezoic-Cdn
X-Client-IP
Mrf-Cache-Status
Content-MD5
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Element-Page-Cache
X-Dw-Request-Base-Id
Pinterest-Version
Realpath
X-Pinterest-Rid
X-Id
X-Jurisdiction
X-Hp-Webp
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Shield-Request-Id
X-ASPNET-VERSION
Fastcgi-Cache
X-XRDS-Location
X-T
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Realm
Edge-Cache-Tag
X-FTR-DC
X-FTR-Cache-Status
X-Frontend
X-Request-Processing-Time
Server-Node
X-Request-Received
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
TP-L2-Cache
X-GUploader-UploadID
TP-Cache
X-Goog-Stored-Content-Length
X-Cache-Age
X-Cache-Hit
X-FTR-Expires
Front-End-Https
Server-Name
DynaTrace
X-Hostname
ServerID
Fastly-Restarts
X-Forwarded-For
X-Amzn-Trace-Id
Arc-Version
PB-RID
PB-PID
X-Zen-Fury
X-DIS-Request-ID
X-Oneagent-Js-Injection
X-Cdn
X-Cache-Key
X-Microsite
Powered
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Mobile-Rewrite
X-Revision
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Akamai-Edgescape
Accept-Charset
X-F-Cache
X-LB-Cache
X-Hits
X-Page-Id
X-Jobs
X-FTR-Cache-Host
X-Geo-Country
Filters
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-TTL
X-Via-JSL
X-Content-Powered-By
MicrosoftSharePointTeamServices
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Yandex-Sdch-Disable
X-Origin-Server
X-Correlation-Id
X-B
Alternate-Protocol
X-Esi
X-Ser
X-N
X-Rid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Varnish-Backend
X-Server-ID
Host-Header
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
X-App-Server
X-Activity-Id
X-AppVersion
X-Az
X-Amz-Replication-Status
X-Git-Hash
Frame-Options
Cache-Tags
X-Type
X-FB-Debug
X-ATG-Version
Section-Io-Cache
X-Signature
X-Varnish-Grace
Retry-After
X-B-Cache
X-Contextid
DC
X-Whom
Fastcgi-Useragent
X-App-Environment
Paypal-Debug-Id
X-TT
Actual-Object-TTL
X-Request-Guid
Surrogate-Key
X-Edge
X-Content-Options
X-Ruxit-Js-Agent
X-Status
X-AOL-HN
Host
X-Seen-By
X-RateLimit-Remaining
Healthy
X-Cache-Action
Source
X-Host-Name
X-HTML-Minification-Powered-By
X-Pinterest-Direct
X-IPLB-Instance
X-Instance
Refresh
X-B3-Sampled
X-XRDS-LOCATION
X-Endurance-Cache-Level
X-Tumblr-Pixel-0
X-Tumblr-User
X-ECACHE
X-Tumblr-Pixel
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
NR-ENABLED
WPE-Backend
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-Cache-Rule
X-ProcessESI
X-APP-VERSION
Payment
X-MCACHE
X-Cache-Operation
X-Mid
X-URL
VIX-Pulpo-Node
X-Region
X-Rule
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-UUID
Odigeo-Trace-Id
X-Cacheable-TTL
X-Cache-Time
X-Environment-Context
Eomportal-Instance
MS-CV
X-FW-Dynamic
X-Varnish-Server
X-L-Path
Cache-Status
X-Amz-Apigw-Id
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Serve
Countrycode
X-Rendered-As
Datacenter
X-Is-Bot
X-Amzn-RequestId
X-Adobe-Content
X-WA-Info
X-Adobe-Loc
Xserver
X-Protected-By
Srv
X-GeoIP
X-SERVER-NAME
X-Wix-Request-Id
NGB
X-RequestSource
X-Cluster
Content-Disposition
X-Cache-Server
X-PressLabs-Stats
X-Akamai-Transformed
X-Cached-By
X-Yottaa-Optimizations
X-Time
X-EdgeConnect-Cache-Status
X-Yottaa-Metrics
Uber-Trace-Id
X-Akamai-Request-ID2
Version
X-UnsetCookies
X-VCache
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Correlation-ID
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Unique-Id
X-Load-Cache
X-Presslabs-Stats
Access-Control-Request-Headers
X-Mode
Filterid
X-Cache-Remote
X-Mobile
X-Proxy
X-PHP-Backend
Liferay-Portal
Upgrade-Insecure-Requests
X-Handled-By
X-Time-Microsecs
X-Cache-Var
X-MP-GENERATED-AT
X-No-Session
X-FireWall-Port
X-CCM
X-Cache-Var-Map
X-OCL
X-Path-Route
X-RN-RSRV
X-Storage
X-UA-Device-Type
X-Viewer-Country
X-PCL
X-Cache-Status-Check
X-ES-SERVER
Meta-Geo
Cross-Origin-Window-Policy
X-Adobe-Source
X-NGENIX-Cache
Cache-Hits
X-Redis-Cache
X-VWS-Id
X-SayCDN-TTL
X-Via-Fastly
Akamai-GRN
X-Backend-Name
X-Say-Cacheable
X-Web-Node
X-TX-ID
X-Say-TTL
Decoy-Debug-Key
DSUID
Webserver
X-Cache-Config
X-BCube-Filmed-By
X-FW-Version
X-LJ-Flow-ID
Decoy-Debug-Status
X-NYM-Debug-Backend
Accept-Language
Decoy-Debug-TTL
X-AWS-Id
Fastly-SSL
X-Framework
X-Vcache
Cache
X-Info
X-RTag
X-Azure-Ref
X-Pubstack
X-ProxyCache-Status
Section-Io-Origin-Status
X-Real-IP
X-ProxyCache-Key
X-Loop
Cache-Name
X-NCache
X-FC-Vary-Parameters
Cleartype
X-Origin
Section-Io-Origin-Time-Seconds
X-PERF
Section-Origin-Responded
X-Hyper-Cache
X-Human
X-ApacheServer
Now
X-Xfnlog-Site
S-Rt
X-BYPASS-REASON
X-Cache-NGX
X-Section
X-TNCMS
Mn-Server-Ip
Section-Io-Id
X-Format
ServedBy
X-Access
Ms-Operation-Id
Property-Id
X-Hl-Ver
X-Cache-Enabled
X-Goog-Meta-Goog-Reserved-File-Mtime
Origin-Cache-Control
Origin-Edge-Control
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
X-FB-TRIP-ID
X-Device-Type
X-Amzn-Remapped-Content-Length
X-UPSTREAM-Address
X-Bc-Bl
X-CS
Webcakes-App-Name
X-ServerID
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
X-Origin-Hint
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
X-From
X-NWS-UUID-VERIFY
Selected-Fe
X-Detected-As
X-EIG-Tracking-Id
X-Alternate-Cache-Key
X-JoinUs
X-Shopify-Stage
X-Site-Version
X-ShopId
X-ShardId
X-Generated
X-SaId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Zipkin-Id
X-Varnish-Cache-Hits
X-Www-Served-By
X-Source
X-Timing-Wait
X-Proxy-Build
X-Routing-Service
DB-Nickname
X-Proxied
X-IP
Ec-Rule-Version
X-Hosted-By
X-Locale
Country
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-PHP-Host
X-Labrador-Cache-Channel
X-Cluster-Node
X-Old-Content-Length
Load-Balancing
X-Content-Age
X-CSRF-Token
SD-X-WS
X-Cache-NE
X-Geo
Cache-Tv-Group
X-Litespeed-Cache
X-Qloud-Router
X-Varnish-Hostname
User-Agent
X-Backend-TTL
X-CDN-Forward
X-Air-Hostname
FilterID
X-Cache-Host
X-Pad
Time
X-Ua
S-Cnection
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-EC-Lua
X-Cache-Backend
X-Parent-Response-Time
X-RateLimit-Limit
X-RCS-CacheZone
X-Cache-2
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Proxy-Cache-Status
X-Microcachable
X-Forwarded-Host
X-Release
X-Cache-Grace
Server-Info
X-NC
X-Akamai-Request-ID
X-Tumblr-Pixel-3
Tracecode
X-FORWARDED-FOR
OT-Force-Account-Verify
X-SRV
X-Debug-Cache
NGX
Geo-Info
X-UA
Proxy-Connection
Sid
X-Soup
Cache-Key
X-Vgn-Hpd-Reason
X-Tb
Server-Host
UCS
T-Server
X-Vdms-Version
X-VG-WebServer
True-Client-Country-4JS
X-VG-WebCache
ServerName
Fastcgi-X-Cache-Version
CDCHOST
Content-Script-Type
Content-Style-Type
X-Worker
Xc-Version
Arc-Country
AsisCache
BehaviorPad-Version
VivaBuild
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Mobile-Detection-Method
Pagetype
Meta-Geo-Continent
MD5-Digest
GEO-REGION-INFO
M-TraceId
Machine
Rendered-Blocks
X-Transaction
X-Rewrite-Enabled
X-D
X-Request-UUID
X-Reqid
X-Rojux
X-Connection-Hash
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Region-Sid
X-Processor
X-Destination
X-Developer
X-DevSite-Last-Modified
X-G
X-Geo-Header
X-Instart-Info
X-PAYTM-SRV-ID
X-Date
X-Node-Id
X-ARC
X-Application
X-Trv-Group
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-Twitter-Response-Tags
X-A
X-Vdms-Path
X-User
X-External-Request-Id
X-SRCache-Key
X-Aed
X-S-Cookie
X-S
X-Accel-Expires-Debug
X-ScT
X-A-Wwc
X-Session-Fingerprint
X-ServiceProvider
Who
Viewtype
X-Cluster-Name
X-Newrelic-Synthetics
X-Uri
X-TA-CDN-Provider
X-Envoy-Decorator-Operation
X-Proto
Apigw-Requestid
X-Magnolia-Registration
User-Cache-Control
X-DC
X-Agile
X-Agile-Age
X-Swa-Ws
X-Agile-Id
X-SN
X-Cache-Info
X-Cache-PHP
X-Cache-Tags
X-Cache-Bucket
X-Branch-Name
X-Backend-State
X-Block-Status
X-Thinkindot-L3
We-Hiring
X-VC-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-VG-TLSProxy
Rt-Fastcgi-Cache
X-VServer
X-Via-PopV
X-Via-PopH
Thinkindot-Control
X-Varnish-Cacheable
X-Skip-Cache
X-NodeID
X-TT-TIMESTAMP
Vix-Hermes-Req-Id
Viewport
X-Variation
V-Age
X-Trace-Id
X-Cms-Context
X-Hash
X-Hit
X-Hnp-Log
X-Has-Esi
X-Generation-Time
X-Generated-In
X-Generated-On
X-Platform-Server
X-Is-Gdpr
X-Matched-Rule
X-Ms-Request-Id
X-Ms-Version
X-Location
X-Level-Front-Cache
X-JWT-State
X-LAGOON
X-Gen-Mode
X-Reboot
X-Core-Value
X-Servername
X-SD-PageType
Release
X-Clientip
X-CGP
X-Clara-WADP
X-Scheme
X-Device-Os
X-Epic-Correlation-Id
X-Eu-Site
X-Fmm-Version
X-TIME
X-Distil-CS
X-Dispatch
X-Dispatcher-Server
X-SIPLIST1
Web-Mar-Node
IsBot
Is-Eu
X-Wikidot-Static-Cache
X-Srv
Kp-EeAlive
L5d-Success-Class
Mail-Subject
Magicmarker
X-Wikidot-Backend
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Host
Apple-News-Services-Handled
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
FNAC-ModuleRouting
Esi-Enabled
C-Via
Memcached
Fastly-Drupal-HTML
Platform
On-Server
NM-Fastcgi-Cache
X-We-Are-Hiring
N-Cache
X-WADP-Cache
Cf-Ipcountry
X-Distributor
X-Req
X-Envoy-Upstream-Healthchecked-Cluster
X-Response-By
X-Request-Host
Cache-Cookie-Set-From
Fastly-SIE
X-Cache-URL
Fastly-SWR
RNT-Time
Cache-Cookie-Set-Lfrom
X-Developers
Cache-Cookie-Set-Idcheck
RNT-Machine
AKAMAI
X-Logging-Id
X-LI-UUID
X-Origin-Expires
X-Method
X-Micro-Cache
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Origin-Date
X-Li-Pop
X-Li-Fabric
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cache-FS-Status
X-GoCache-CacheStatus
X-Policy
X-Irp-Debug
X-Owner
X-Fastly-Cache
X-Server-W
Server-Ext
Server-Hostname
X-Thanos
X-App
X-Auto-Login
Gh-Request-Id
Node
Server-ID
X-Dc
Sever-Int
W
X-Webstats-RespID
L
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-Backend-Host
X-TrackingId
X-RateLimit-Remaining-Second
X-Slack-Backend
X-Bip
X-RateLimit-Limit-Second
X-BBXSRF
GEO-INFO
X-Var-Ttl
X-Cache-ASPX
X-Refresh
X-App-Name
X-LI-Proto
X-Core-Mission
X-Varnish-Authentication
Ohc-File-Size
X-Server-IP
Cache-Host
CacheControlHeader
X-Contensis-Viewer-Groups
X-CLOUD-TRACE-CONTEXT
X-VCT
X-Nc
X-Be
X-Compress-Hint
X-Mvc-Supplant-OutputCached
X-Cdn-Srv
X-Wa
X-TH-Server
X-S-Maxage
X-Cache-Debug
X-Gzip
X-Loc
X-Varnish-Beresp-Grace
X-Zone
X-Bc
Server-Surrogate-Control
X-Generated-By
X-Cache-Id
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Esi-Check
Server-Cache-Control
X-Origin-CC
X-Origin-TTL
LB
X-B3-Traceid
NtCoent-Length
X-FPC
Memory
Ohc-Response-Time
X-NU-AKA-ACS-Version
X-AIR-PT
X-Configured-By
X-SVT-ORM-VERSION
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
X-Webkit-CSP
HostName
X-SVT-ORM-RULES
X-Key
X-Sucuri-ID
CACHE
X-Storefront-Renderer-Rendered
X-Svr
X-Edge-Location
X-MSEdge-Flight
Request-EU
X-Debug-Panamera-Host
Locid
X-Debug-Panamera-Sitecode
Heartbleed
X-MSEdge-Features
Request-Country
X-CF-Powered-By
MIME-Version
X-BC
X-Varnish-Hits
X-ZONE
X-Varnish-URL
Pragrma
X-COUNTRY
X-Servedbyhost
X-Request-URI
X-CACHE-KEY
X-Shopify-Generated-Cart-Token
X-Nginx-Cache
X-VCL-Version
SRV
Resin-Trace
Fastly-Backend-Name
WZWS-RAY
X-GEO
X-Batcache
X-Pjax-Url
Referer-Policy
X-Gamma-Serve
X-Cdn-Forward
X-Up
X-BE
FSS-Cache
Hostname
X-App-Version
X-Amzn-Requestid
GeoIP-Country-Code
Lfy
X-BACKEND-TTL
X-WebServer
X-ND-Cache
X-Via-CDN
Product
Cteonnt-Length
X-Proxy-Upstream
Geoip-Latitude
GeoIP-Latitude
X-ElasticPress-Query
X-Aicache-OS
HitType
GeoIp-Country-Code
X-Minions-Version
My-App
Cdn-Host
X-Fetched-On
Mime-Version
X-Cdn-Origin
X-Edge-Server
Cdn-Request-Time
CF-Cached-On
Powered-By-ChinaCache
X-Sn-Servicetimems
X-HS-Status
X-Ratelimit-Remaining
X-Sucuri-Cache
X-PJAX-URL
X-NGINX-Cache
X-GeoIP-Country-Code
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Check-Cacheable
DCR-Decision-By
X-Fastly-Country-Code
X-Pf-Uncompressing
DCR-Processing-Time-Ms
SN
X-ServedByHost
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-ECache
X-Newrelic-App-Data
X-Oss-Server-Time
X-Oss-Request-Id
X-Vcl-Version
X-Unique-ID
Location
X-Azure-Ref-OriginShield
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Rid
X-Varnish-Url
X-Fastly-Cache-Status
X-CACHE-AGE
Group
X-Served-From
Pramga
URI
X-Request-Start
X-Fastly-Backend-Reqs
X-PF-Uncompressing
X-LB-ID
Dt-Cache-Category
X-B3-Spanid
Cdn
X-Shard
X-Ratelimit-Limit
X-Via-Ucdn
X-Fpc
X-VarnishDD-TTL
X-OVcl-Cache
X-OVcl
PFcat
XServer
X-Swift-Error
Cf-Alt-Svc
X-IN-APIGATEWAY
X-Request-Time
X-B3-SpanId
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
A
X-Tec-Api-Version
X-Via-NSCOPI
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Tec-Api-Root
Country-Code
X-Vgn-Hpd-Cached
X-IN-APIGATEWAYSSL
X-Dynatrace
X-Client-Ip
X-Ocache
X-Render-Time
X-Instart-Isnd
X-Platform
X-DPWN-IS-SECURE
X-Tb-Optimization-Total-Bytes-Saved
Geoip-City
Origin
X-Varnish-Beresp-TTL
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-WPE-Loopback-Upstream-Addr
Lb
X-WR-MODIFICATION
X-LiteSpeed-Cache-Control
X-Apw-Access-Action
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
X-WA
X-Planisys-CDN-Rules
CF-IPCountry
X-StackifyID
Server-Ttl
X-Planisys-CDN-TTL
X-Debug-Cache-Status
X-C
X-Debug-Cache-String
SID
X-Debug-Cache-Bypass
WWW-Authenticate
X-Cache-Expired-At
X-Ratelimit-Reset
X-Varnishpool
X-Cache-Tag
Proxy-Firewall
PICS-Label
X-Planisys-CDN-Cache
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Ftr-Cache-Host
X-Sigma-Backend
Request-Time
X-Sigma
X-Country-IP
Cloudfront-Viewer-Country
X-Rocket-Build-Number
Region
X-Cache-Hfrom
X-Acquia-Application-UUID
X-Acquia-Application-Trace
NnCoection
X-Acquia-Site
X-Acquia-Purge-Tags
Cneonction
Host-ID
X-Cache-Hm
X-APP
X-Request-URL
X-Html-Edge-Cache
Pics-Label
X-Akamai-ERRuleID
X-Li-Proto
Req-ID
X-DW
X-B3-Parentspanid
Epwk-X-Cache
X-ElasticPress-Search
X-Akamai-ERPolicy
X-SB
X-VC
X-Varnish-ID
X-Action
TTL
X-DB
X-RSL
X-Nananana
X-DI
X-Dw-Trace-Id
X-RPM
X-RPS
X-DSS