Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
P3p
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Request-ID
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Pass-Why
Request-Id
X-DataDome
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
NEL
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cloud-Trace-Context
X-Cnection
X-Px
X-Rack-Cache
X-Url
X-FTR-Request-ID
RTSS
X-Goog-Hash
MS-Author-Via
Accept-CH
X-TtlSet
X-PC
X-Vname
X-Powered-By-Plesk
Verso
X-Ttl
X-DynaTrace
Public-Key-Pins
Accept-CH-Lifetime
X-GitHub-Request-Id
Service-Worker-Allowed
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Use-Magma
X-Exp-Variant
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-Middleton-Display
X-B3-TraceId
Arr-Disable-Session-Affinity
Response
X-Sol
Display
Pagespeed
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Cached
X-Amz-Rid
X-CST
TCN
Pinterest-Generated-By
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
Accept-Ch
X-Fastly-Request-ID
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-ESI
X-Version
AR-ATIME
X-MSEdge-Ref
AR-PoweredBy
AR-Request-ID
Access-Control-Request-Method
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Nginx-Cache
X-Grace
X-FastCGI-Cache
Accept-Ch-Lifetime
Ar-Sid
AR-CACHE
Charset
X-Debug
S
X-Upstream
SPIisLatency
SPRequestDuration
X-Powered-CMS
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
X-Pinterest-Rid
Realpath
Pinterest-Version
Content-MD5
Nel
X-Trace
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-XRDS-Location
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Request-Processing-Time
X-Request-Received
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
Server-Node
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
Edge-Cache-Tag
X-Frontend
X-Cache-Hit
X-Cache-Age
TP-L2-Cache
TP-Cache
X-FTR-Expires
Front-End-Https
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Server-Name
ServerID
DynaTrace
X-Forwarded-For
X-Hostname
X-Amzn-Trace-Id
X-Cache-Key
Fastly-Restarts
PB-RID
Arc-Version
PB-PID
X-Zen-Fury
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
Powered
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Revision
X-Mobile-Rewrite
X-User-Agent
X-Hits
X-Oneagent-Js-Injection
X-Akamai-Edgescape
X-Cdn
X-LB-Cache
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Page-Id
X-F-Cache
Accept-Charset
X-Jobs
X-ORACLE-APMCS-TAG
Filters
X-FTR-Cache-Host
X-ORACLE-APMCS-REQUEST-ID
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Via-JSL
X-Geo-Country
X-Yandex-Sdch-Disable
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Varnish-Age
X-TTL
X-B
X-Ruxit-Js-Agent
Alternate-Protocol
X-N
X-Ser
X-Rid
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-Esi
Host-Header
X-Correlation-Id
X-Varnish-Backend
X-WebKit-CSP-Report-Only
X-Activity-Id
X-Az
DC
X-AppVersion
Cache-Tags
X-ATG-Version
X-App-Server
Paypal-Debug-Id
X-Amz-Replication-Status
X-Server-ID
Retry-After
X-Debug-Info
X-Type
Actual-Object-TTL
X-Git-Hash
Frame-Options
X-Contextid
Section-Io-Cache
X-TT
X-Varnish-Grace
X-App-Environment
X-Signature
X-Whom
X-B-Cache
X-FB-Debug
X-Fastcgi-Cache
X-Request-Guid
X-Edge
Fastcgi-Useragent
Surrogate-Key
X-Status
X-AOL-HN
X-Content-Options
Host
Healthy
X-XRDS-LOCATION
X-Cache-Action
X-Seen-By
X-Pinterest-Direct
Source
X-Host-Name
X-URL
X-HTML-Minification-Powered-By
Refresh
X-B3-Sampled
X-IPLB-Instance
X-Endurance-Cache-Level
X-Instance
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Upgrade-Enabled
From-Origin
X-RateLimit-Remaining
X-ECACHE
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Cache-Rule
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
WPE-Backend
X-Cache-Operation
NR-ENABLED
Odigeo-Trace-Id
X-Amz-Apigw-Id
X-Rule
VIX-Pulpo-Upstream-Status
X-Mid
X-MCACHE
VIX-Pulpo-Node
X-Region
X-L-Path
X-Cacheable-TTL
Payment
MS-CV
X-UUID
X-Cache-Control
Eomportal-Instance
X-Environment-Context
X-Cache-Time
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Amzn-RequestId
X-FW-Dynamic
X-FW-Static
X-FW-Type
Cache-Status
X-APP-VERSION
X-Is-Bot
Datacenter
X-Rendered-As
Countrycode
X-Adobe-Content
X-WA-Info
X-Adobe-Loc
X-Varnish-Server
X-Protected-By
Srv
Xserver
X-GeoIP
NGB
Content-Disposition
X-RequestSource
X-Cluster
X-Wix-Request-Id
X-VCache
X-SERVER-NAME
X-PressLabs-Stats
X-Cache-Server
X-Correlation-ID
X-Akamai-Transformed
X-Cached-By
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Yottaa-Metrics
X-Yottaa-Optimizations
Uber-Trace-Id
X-IPS-LoggedIn
X-Origin-Response-Time
Version
X-Tt-Trace-Tag
X-UnsetCookies
X-Tt-Trace-Host
X-Tumblr-Pixel-2
X-Time
X-Tumblr-Pixel-1
X-Unique-Id
X-Load-Cache
X-Mode
X-Mobile
X-Handled-By
X-Presslabs-Stats
X-Proxy
Filterid
Access-Control-Request-Headers
X-Cache-Remote
X-PHP-Backend
X-FireWall-Port
Liferay-Portal
Meta-Geo
X-ES-SERVER
X-Path-Route
X-CCM
X-Viewer-Country
X-Cache-Var
X-Adobe-Source
X-Via-Fastly
X-Cache-Status-Check
X-RN-RSRV
X-Backend-Name
X-Cache-Var-Map
X-No-Session
X-Framework
X-UA-Device-Type
X-Redis-Cache
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Upgrade-Insecure-Requests
X-Time-Microsecs
DSUID
X-PCL
X-Site-Version
Cache-Hits
Accept-Language
X-OCL
Fastly-SSL
X-Pubstack
X-MP-GENERATED-AT
X-Azure-Ref
Akamai-GRN
X-LJ-Flow-ID
X-Locale
X-PERF
X-VWS-Id
X-NGENIX-Cache
X-Www-Served-By
X-Storage
X-AWS-Id
X-ApacheServer
ServedBy
Mn-Server-Ip
X-Real-IP
Ms-Operation-Id
X-RTag
Cache-Name
X-Cache-NGX
Webserver
X-Cache-Config
Cache
X-Say-Cacheable
X-Human
X-FW-Version
Section-Io-Origin-Status
Section-Origin-Responded
X-NewRelic-App-Data
X-Web-Node
X-NCache
X-Info
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-SayCDN-TTL
Origin-Edge-Control
Origin-Cache-Control
Now
X-R9-Blue-Green-Version
X-Say-TTL
X-TX-ID
Webcakes-Region
TWC-Connection-Speed
TWC-Device-Class
S-Rt
TWC-GeoIP-Country
TWC-Locale-Group
X-ProxyCache-Status
TWC-Privacy
Webcakes-App-Version
Cleartype
Property-Id
Cross-Origin-Window-Policy
Webcakes-App-Name
X-Bc-Bl
X-Routing-Service
TWC-GeoIP-LatLong
X-UPSTREAM-Address
X-Hl-Ver
X-Proxied
X-ProxyCache-Key
X-ServerID
X-Section
X-Format
X-Device-Type
X-FC-Vary-Parameters
X-Cache-Enabled
X-Origin
X-Origin-Hint
X-Access
X-Zipkin-Id
X-Xfnlog-Site
X-BYPASS-REASON
Selected-Fe
X-Loop
X-NWS-UUID-VERIFY
X-IP
X-From
X-Hyper-Cache
X-CS
DB-Nickname
X-Timing-Wait
X-Proxy-Build
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
X-BCube-Filmed-By
X-TNCMS
X-EIG-Tracking-Id
X-NYM-Debug-Backend
Ec-Rule-Version
X-Alternate-Cache-Key
X-Detected-As
X-JoinUs
Country
X-Source
Azure-InstanceId
Azure-RegionName
X-Shopify-Stage
X-ShopId
X-SaId
X-ShardId
Azure-SiteName
X-Varnish-Cache-Hits
Azure-SlotName
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Azure-Version
Load-Balancing
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-NE
X-PHP-Host
SD-X-WS
X-Cluster-Node
X-Qloud-Router
X-Labrador-Cache-Channel
X-Content-Age
X-Old-Content-Length
X-Generated
X-Air-Hostname
Cache-Tv-Group
X-CSRF-Token
X-Geo
User-Agent
X-Varnish-Hostname
X-Litespeed-Cache
X-Vcache
X-Cache-Host
Time
X-Pad
X-Backend-TTL
FilterID
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-EC-Lua
X-Parent-Response-Time
X-Cache-2
S-Cnection
X-Release
X-Cache-Backend
X-Urbn-Site-Id
Locale
X-RCS-CacheZone
X-Urbn-Context-Path
X-Webkit-CSP
X-Ua
Server-Info
X-Cache-Grace
X-Microcachable
X-Akamai-Request-ID
X-Proxy-Cache-Status
X-Forwarded-Host
X-UA
X-Tumblr-Pixel-3
X-NC
X-Debug-Cache
X-RateLimit-Limit
NGX
Tracecode
X-FORWARDED-FOR
X-Srv
Proxy-Connection
OT-Force-Account-Verify
X-Soup
X-Tb
X-Dc
X-TIME
X-A
X-A-Ccd
X-A-Dam
X-CF-Lambda-Version
Who
Viewtype
VivaBuild
X-A-Dcw
X-A-Dgt
X-Application
X-ARC
X-Aed
X-CF-Lambda-Fn
X-A-Wwc
X-Accel-Expires-Debug
X-B-Cookie
T-Server
GEO-REGION-INFO
M-TraceId
Machine
Fastcgi-X-Cache-Version
Content-Style-Type
AsisCache
BehaviorPad-Version
Content-Script-Type
MD5-Digest
Meta-Geo-Continent
X-Connection-Hash
Arc-Country
True-Client-Country-4JS
ServerName
Server-Host
Mobile-Detection-Method
Pagetype
Rendered-Blocks
UCS
X-Destination
X-SRCache-Key
X-Swa-Ws
X-Trace-Id
X-Session-Fingerprint
X-ServiceProvider
X-S-Cookie
X-Scheme
X-ScT
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Vdms-Path
X-Vdms-Version
X-S
X-Rojux
X-G
X-Generated-On
X-Geo-Header
X-External-Request-Id
X-Dispatch
X-Date
X-Proto
X-DevSite-Last-Modified
X-Instart-Info
X-Level-Front-Cache
X-Region-Sid
X-Reqid
X-Rewrite-Enabled
X-Processor
X-PAYTM-SRV-ID
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-D
X-Developer
X-Vgn-Hpd-Reason
GEO-INFO
Cache-Key
X-Uri
Apigw-Requestid
X-Cluster-Name
User-Cache-Control
Sid
X-Magnolia-Registration
X-SRV
X-B3-Traceid
NM-Fastcgi-Cache
N-Cache
X-Generated-In
X-Gen-Mode
Release
X-Generation-Time
On-Server
Mail-Subject
IsBot
X-Location
X-Logging-Id
X-Matched-Rule
Kp-EeAlive
X-Agile
X-Fmm-Version
Magicmarker
X-Hnp-Log
Memcached
X-Core-Value
X-Branch-Name
Vix-Hermes-Req-Id
X-Cache-Bucket
Viewport
We-Hiring
Web-Mar-Node
X-Agile-Age
X-Agile-Id
X-Bip
X-Block-Status
V-Age
X-Cache-FS-Status
X-Clara-WADP
X-Cms-Context
X-Method
X-Device-Os
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Cache-Info
X-TA-CDN-Provider
Thinkindot-Control
X-Dispatcher-Server
X-LAGOON
X-Skip-Cache
X-VC-Cache
X-SIPLIST1
X-SD-PageType
X-VServer
CDCHOST
X-User
X-Micro-Cache
X-Thinkindot-L3
AKAMAI
X-TT-TIMESTAMP
X-Thanos
X-SN
X-WADP-Cache
X-Request-UUID
X-Node-Id
X-Owner
FNAC-ModuleRouting
X-Worker
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Reboot
X-Cache-PHP
Geo-Info
Cf-Ipcountry
X-Envoy-Decorator-Operation
X-RateLimit-Remaining-Second
X-Cache-URL
X-Variation
X-RateLimit-Limit-Second
X-Cache-Tags
X-Backend-Host
X-BBXSRF
X-CGP
X-Via-PopV
X-We-Are-Hiring
X-Via-PopH
X-Backend-State
X-Auto-Login
X-VG-TLSProxy
X-Webstats-RespID
X-Varnish-Cacheable
X-Distil-CS
X-Policy
X-Platform-Server
X-Hash
Node
X-Has-Esi
X-Irp-Debug
X-Is-Gdpr
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-LI-UUID
X-Li-Fabric
X-JWT-State
X-GoCache-CacheStatus
X-Req
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-Distributor
X-Developers
X-TrackingId
X-Eu-Site
X-Fastly-Cache
X-Request-Host
X-Response-By
X-Server-W
X-Servername
X-Clientip
X-Li-Pop
Apple-News-Services-Handled
Adler-Geo
Platform
Is-Eu
Wxu-Next-Commit
Cache-Cookie-Set-Lfrom
L5d-Success-Class
Sever-Int
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Server-Hostname
Wxu-Next-Hostname
Cache-Cookie-Set-From
Wxu-Next-Region
Apple-News-Services-Request-Url
Server-Ext
Fastly-Drupal-HTML
Cache-Cookie-Set-Idcheck
RNT-Machine
Apple-News-Services-Parsed-Url
Esi-Enabled
Apple-News-Services-Host
C-Via
RNT-Time
X-Newrelic-Synthetics
X-Contensis-Viewer-Groups
L
X-Hit
X-LI-Proto
X-App
CacheControlHeader
X-Varnish-Authentication
Fastly-SWR
X-Origin-Expires
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Slack-Backend
X-Rebelmouse-Surrogate-Control
Server-ID
W
X-Be
X-Origin-Date
Rt-Fastcgi-Cache
X-Cache-ASPX
X-Var-Ttl
X-DC
X-Server-IP
X-Compress-Hint
X-App-Name
X-Core-Mission
Ohc-File-Size
Cache-Host
X-Nc
X-CLOUD-TRACE-CONTEXT
X-Refresh
X-VCT
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-TH-Server
X-Cache-Id
X-Wa
X-Esi-Check
X-Cdn-Srv
X-Loc
X-Cache-Debug
X-Gzip
X-S-Maxage
X-Origin-CC
X-Origin-TTL
X-AIR-PT
X-Zone
X-Configured-By
Server-Cache-Control
X-Bc
Server-Surrogate-Control
X-FPC
Memory
X-Sucuri-ID
X-Generated-By
LB
HostName
X-NU-AKA-ACS-Version
X-Key
NtCoent-Length
X-SVT-ORM-RULES
Ohc-Response-Time
X-SVT-ORM-VERSION
X-Storefront-Renderer-Rendered
X-Varnish-Ttl
X-Edge-Location
X-MSEdge-Flight
X-Rocket-Nginx-Bypass
X-MSEdge-Features
X-ZONE
X-BC
MIME-Version
CACHE
X-Debug-Panamera-Host
Pragrma
Request-EU
Locid
Request-Country
X-Debug-Panamera-Sitecode
X-Svr
Heartbleed
X-Varnish-URL
X-Varnish-Hits
X-CF-Powered-By
X-Ratelimit-Remaining
X-Servedbyhost
X-Request-URI
X-COUNTRY
X-GEO
X-Shopify-Generated-Cart-Token
Referer-Policy
X-Cdn-Forward
X-App-Version
X-VCL-Version
X-Batcache
Fastly-Backend-Name
X-Pjax-Url
Resin-Trace
X-Nginx-Cache
SRV
X-Up
WZWS-RAY
X-Gamma-Serve
FSS-Cache
X-BACKEND-TTL
GeoIp-Country-Code
X-Minions-Version
Geoip-Latitude
X-Via-CDN
Hostname
X-ND-Cache
Lfy
X-Amzn-Requestid
X-WebServer
X-ElasticPress-Query
HitType
X-Aicache-OS
X-CACHE-KEY
X-BE
X-Sucuri-Cache
Cteonnt-Length
X-Proxy-Upstream
CF-Cached-On
Product
GeoIP-Country-Code
X-HS-Status
X-ECache
GeoIP-Latitude
X-Edge-Server
Mime-Version
X-PJAX-URL
Cdn-Request-Time
Cdn-Host
X-NGINX-Cache
X-Cdn-Origin
X-Fetched-On
My-App
X-CSRF-TOKEN
X-Sn-Servicetimems
Powered-By-ChinaCache
X-Oss-Request-Id
X-Oss-Object-Type
X-Check-Cacheable
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
DCR-Processing-Time-Ms
X-Ratelimit-Limit
X-GeoIP-Country-Code
Ohc-Cache-HIT
X-Vcl-Version
DCR-Decision-By
Location
Pramga
X-Fastly-Cache-Status
X-Azure-Ref-OriginShield
X-PF-Uncompressing
X-Fastly-Country-Code
SN
X-ServedByHost
X-Tec-Api-Version
X-Tec-Api-Root
X-Unique-ID
X-Tec-Api-Origin
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
URI
XServer
X-Served-From
X-Request-Start
X-CACHE-AGE
X-Fastly-Backend-Reqs
Group
Dt-Cache-Category
X-OVcl-Cache
X-VarnishDD-TTL
X-B3-Spanid
PFcat
Cdn
X-OVcl
X-Newrelic-App-Data
X-LB-ID
X-Shard
X-Via-Ucdn
X-Fpc
X-Swift-Error
CloudFront-Viewer-Country
X-IN-APIGATEWAYSSL
X-Platform
X-IN-APIGATEWAY
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
Cf-Alt-Svc
X-Instart-Isnd
X-Via-NSCOPI
Country-Code
A
X-Request-Time
X-B3-SpanId
X-Render-Time
X-Vgn-Hpd-Cached
X-Ratelimit-Reset
X-Varnishpool
Lb
Geoip-City
X-DPWN-IS-SECURE
X-Ocache
X-Debug-Cache-Store
X-Varnish-Beresp-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Fetch
Origin
WWW-Authenticate
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-LiteSpeed-Cache-Control
X-Debug-Cache-Bypass
X-Debug-Cache-Status
PICS-Label
X-Debug-Ysi-Auth
X-Apw-Access-Object
X-Planisys-CDN-TTL
X-C
X-Cache-Expired-At
Cloudfront-Viewer-Country
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-WA
X-Apw-Access-Action
SID
X-StackifyID
Server-Ttl
CF-IPCountry
X-Apw-Access-Token
X-Apw-Hits
X-Ftr-Cache-Host
X-Acquia-Application-Trace
Cneonction
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Sigma
Host-ID
X-Rocket-Build-Number
Epwk-X-Cache
X-Amzn-Remapped-Connection
Request-Time
X-CUA
X-Amzn-Remapped-Date
X-Nananana
X-Sigma-Backend
X-Cache-Tag
X-Cache-Hfrom
X-Cache-Hm
X-Country-IP
NnCoection
Proxy-Firewall
Region
X-APP
X-Oss-Cdn-Auth
X-Lb-Id
Pics-Label
X-DW
X-Li-Proto
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
TTL
X-Action
X-DB
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Html-Edge-Cache
X-Dw-Trace-Id
X-SB
X-Request-URL
X-ElasticPress-Search
X-B3-Parentspanid
Req-ID
X-Varnish-ID
X-VC