Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Template
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Request-ID
X-Cache-Group
Xkey
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
P3p
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Report-To
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
X-Host
EagleEye-TraceId
X-Device
X-Dns-Prefetch-Control
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Vhost
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-Pass-Why
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-Akam-SW-Version
NEL
X-ORACLE-DMS-ECID
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Rack-Cache
X-Url
X-Px
X-FTR-Request-ID
X-Goog-Hash
Accept-CH
RTSS
X-Vname
X-TtlSet
X-PC
MS-Author-Via
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
Public-Key-Pins
X-DynaTrace
X-Ttl
X-B3-TraceId
Service-Worker-Allowed
X-GitHub-Request-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Sol
X-Middleton-Response
Response
Display
Pagespeed
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Abt-Application-Version
TCN
X-Cached
X-Amz-Rid
X-CST
X-Vcap-Request-Id
Pinterest-Generated-By
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Instart-Request-ID
X-Accel-Expires
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Server-Name
X-Version
Accept-Ch
X-MSEdge-Ref
X-ESI
Nginx-Cache
Access-Control-Request-Method
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Grace
S
X-FastCGI-Cache
Charset
SPIisLatency
Ar-Sid
AR-CACHE
SPRequestDuration
X-Debug
X-Upstream
X-Powered-CMS
X-SRCache-Fetch-Status
SPRequestGuid
X-SharePointHealthScore
X-SRCache-Store-Status
Accept-Ch-Lifetime
Nel
X-DynaTrace-JS-Agent
X-Trace
X-Ezoic-Cdn
X-Client-IP
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Content-MD5
X-Element-Page-Cache
Realpath
X-Dw-Request-Base-Id
X-Pinterest-Rid
Pinterest-Version
X-Id
X-Hp-Webp
X-Jurisdiction
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Shield-Request-Id
X-ASPNET-VERSION
Fastcgi-Cache
X-XRDS-Location
X-T
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Frontend
X-Country-Code-Real
Edge-Cache-Tag
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
Server-Node
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
TP-Cache
X-GUploader-UploadID
X-Goog-Metageneration
TP-L2-Cache
X-Request-Received
X-Cache-Age
X-Request-Processing-Time
X-Cache-Hit
X-FTR-Expires
Front-End-Https
Server-Name
X-Hostname
ServerID
DynaTrace
Fastly-Restarts
X-Forwarded-For
X-Amzn-Trace-Id
X-Server-ID
PB-PID
PB-RID
Arc-Version
X-Zen-Fury
X-Cache-Key
X-DIS-Request-ID
X-Cdn
X-Oneagent-Js-Injection
X-Microsite
X-Request-Handler-Origin-Region
Powered
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Mobile-Rewrite
X-User-Agent
X-Revision
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-F-Cache
Accept-Charset
X-LB-Cache
X-Hits
X-Akamai-Edgescape
X-Page-Id
X-Jobs
X-FTR-Cache-Host
Filters
X-Geo-Country
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Content-Powered-By
X-TTL
X-Via-JSL
MicrosoftSharePointTeamServices
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Yandex-Sdch-Disable
X-Correlation-Id
X-B
Alternate-Protocol
X-Esi
X-Rid
X-Ser
X-N
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Daa-Tunnel
X-Varnish-Backend
Host-Header
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Az
X-AppVersion
X-Fastcgi-Cache
X-App-Server
X-Activity-Id
Cache-Tags
X-Git-Hash
X-ATG-Version
X-Amz-Replication-Status
Frame-Options
X-Type
X-FB-Debug
X-B-Cache
Section-Io-Cache
Retry-After
DC
X-Contextid
X-Signature
X-Varnish-Grace
X-Whom
X-TT
X-App-Environment
Actual-Object-TTL
Paypal-Debug-Id
Fastcgi-Useragent
X-Request-Guid
X-Edge
Surrogate-Key
X-Content-Options
X-Ruxit-Js-Agent
X-Status
X-AOL-HN
Host
X-Seen-By
X-RateLimit-Remaining
Healthy
X-Cache-Action
Source
X-Host-Name
X-Pinterest-Direct
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Instance
X-B3-Sampled
X-XRDS-LOCATION
X-Endurance-Cache-Level
Refresh
X-ECACHE
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
From-Origin
X-Upgrade-Enabled
NR-ENABLED
WPE-Backend
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Response-Served-From
X-Cache-Rule
X-Accel-Buffering
Payment
X-Cache-Operation
X-Mid
X-URL
X-MCACHE
X-RemovedCookies
X-Rule
X-UUID
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-Region
VIX-Pulpo-Node
X-Cache-Control
X-ProcessESI
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
X-Environment-Context
X-Cacheable-TTL
X-Amz-Apigw-Id
MS-CV
Eomportal-Instance
X-Cache-Time
X-FW-Type
X-L-Path
X-Varnish-Server
Cache-Status
X-Rendered-As
Datacenter
X-Is-Bot
Countrycode
X-WA-Info
X-Adobe-Content
X-Adobe-Loc
X-Amzn-RequestId
X-APP-VERSION
Xserver
Srv
X-Protected-By
X-GeoIP
X-SERVER-NAME
X-Wix-Request-Id
NGB
X-RequestSource
X-Cluster
Content-Disposition
X-PressLabs-Stats
X-Yottaa-Optimizations
X-Cached-By
X-Yottaa-Metrics
X-Time
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Akamai-Request-ID2
Uber-Trace-Id
Version
X-UnsetCookies
X-VCache
X-Tt-Trace-Host
X-Tumblr-Pixel-1
X-Tt-Trace-Tag
X-Tumblr-Pixel-2
X-IPS-LoggedIn
X-Correlation-ID
X-Origin-Response-Time
X-Load-Cache
X-Unique-Id
X-Presslabs-Stats
Access-Control-Request-Headers
X-Mode
X-Cache-Remote
Filterid
X-Handled-By
Upgrade-Insecure-Requests
X-Mobile
Liferay-Portal
X-PHP-Backend
X-ES-SERVER
X-Storage
X-Adobe-Source
Cross-Origin-Window-Policy
X-No-Session
X-UA-Device-Type
X-Cache-Var
X-OCL
X-Time-Microsecs
X-Viewer-Country
X-MP-GENERATED-AT
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-PCL
X-CCM
X-FireWall-Port
X-NGENIX-Cache
Meta-Geo
X-Proxy
X-Cache-Config
X-BCube-Filmed-By
Decoy-Debug-Status
Decoy-Debug-TTL
X-TX-ID
X-Web-Node
X-VWS-Id
DSUID
Decoy-Debug-Key
X-AWS-Id
X-NYM-Debug-Backend
Webserver
X-Backend-Name
Akamai-GRN
X-Say-Cacheable
X-Say-TTL
X-Vcache
Accept-Language
X-SayCDN-TTL
X-Cache-Status-Check
X-LJ-Flow-ID
X-FW-Version
X-Framework
Fastly-SSL
Cache
X-NCache
X-RTag
X-Access
Section-Io-Origin-Time-Seconds
Now
X-FC-Vary-Parameters
X-Format
X-Redis-Cache
Section-Io-Id
Section-Io-Origin-Status
X-Cache-NGX
X-ProxyCache-Key
X-Real-IP
ServedBy
X-Azure-Ref
X-Xfnlog-Site
X-ProxyCache-Status
X-PERF
Cache-Hits
X-BYPASS-REASON
X-Info
X-Origin
X-Human
X-TNCMS
X-Hyper-Cache
Mn-Server-Ip
X-Pubstack
X-Section
X-ApacheServer
X-Loop
S-Rt
Section-Origin-Responded
Ms-Operation-Id
Cache-Name
X-Goog-Meta-Goog-Reserved-File-Mtime
TWC-GeoIP-Country
X-Origin-Hint
TWC-Connection-Speed
Cleartype
TWC-Device-Class
X-Amzn-Remapped-Content-Length
Property-Id
X-Via-Fastly
X-Cache-Enabled
X-CS
X-Device-Type
X-Hl-Ver
X-FB-TRIP-ID
X-UPSTREAM-Address
X-Bc-Bl
Origin-Edge-Control
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Version
X-R9-Blue-Green-Version
X-ServerID
Origin-Cache-Control
Webcakes-Region
TWC-GeoIP-LatLong
Selected-Fe
X-Alternate-Cache-Key
X-Hosted-By
X-From
X-Generated
X-EIG-Tracking-Id
X-Detected-As
X-JoinUs
X-IP
X-Locale
X-Proxied
X-NWS-UUID-VERIFY
X-Shopify-Stage
X-ShopId
X-ShardId
X-SaId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Cache-Hits
X-Source
X-Zipkin-Id
X-Www-Served-By
X-Timing-Wait
X-Routing-Service
X-Site-Version
Ec-Rule-Version
X-Proxy-Build
DB-Nickname
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-SiteName
X-Cache-NE
X-Content-Age
X-Cluster-Node
X-Old-Content-Length
Load-Balancing
Country
X-PHP-Host
X-Labrador-Cache-Channel
X-CSRF-Token
SD-X-WS
Cache-Tv-Group
X-Geo
X-Litespeed-Cache
X-Qloud-Router
User-Agent
X-Backend-TTL
X-CDN-Forward
X-Varnish-Hostname
X-Pad
X-Cache-Host
FilterID
Time
X-Air-Hostname
X-Ua
X-NewRelic-App-Data
S-Cnection
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-EC-Lua
X-Parent-Response-Time
X-Cache-Backend
X-RateLimit-Limit
X-Cache-2
X-RCS-CacheZone
X-Urbn-Site-Id
X-Microcachable
X-Proxy-Cache-Status
X-Urbn-Context-Path
Locale
X-Release
X-Forwarded-Host
Server-Info
X-Cache-Grace
X-NC
X-Akamai-Request-ID
X-Tumblr-Pixel-3
Tracecode
X-FORWARDED-FOR
OT-Force-Account-Verify
X-SRV
NGX
X-UA
X-Debug-Cache
Proxy-Connection
Geo-Info
Sid
X-Vgn-Hpd-Reason
Cache-Key
X-Soup
X-Tb
Server-Host
X-Vdms-Path
X-Vdms-Version
BehaviorPad-Version
AsisCache
Rendered-Blocks
X-User
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
Arc-Country
X-VG-WebCache
Xc-Version
Pagetype
CDCHOST
GEO-REGION-INFO
Content-Script-Type
Fastcgi-X-Cache-Version
T-Server
Content-Style-Type
M-TraceId
X-Vtex-Remote-Cache
Mobile-Detection-Method
X-Worker
X-VG-WebServer
Meta-Geo-Continent
Machine
MD5-Digest
X-Vtex-Processado-Em
X-S-Cookie
Who
X-A
X-CF-Lambda-Version
X-A-Ccd
X-Connection-Hash
X-D
X-Developer
X-Destination
X-Date
X-A-Dam
X-CF-Lambda-Fn
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-Application
X-ARC
X-A-Dcw
X-A-Dgt
X-B-Cookie
X-DevSite-Last-Modified
X-External-Request-Id
X-S
X-Rojux
X-Rewrite-Enabled
X-ScT
X-ServiceProvider
True-Client-Country-4JS
UCS
X-Session-Fingerprint
Viewtype
X-Request-UUID
X-Instart-Info
VivaBuild
X-G
X-Node-Id
X-PAYTM-SRV-ID
X-Reqid
X-Region-Sid
X-Processor
X-SRCache-Key
ServerName
X-Uri
X-TA-CDN-Provider
X-Cluster-Name
X-Newrelic-Synthetics
Apigw-Requestid
X-Ah-Environment
X-Envoy-Decorator-Operation
User-Cache-Control
X-Proto
X-DC
X-Magnolia-Registration
X-Cache-Bucket
X-Cache-Info
X-WADP-Cache
Release
X-Cache-Tags
X-VServer
X-Wikidot-Static-Cache
X-Geo-Header
Rt-Fastcgi-Cache
X-Via-PopV
Magicmarker
Mail-Subject
N-Cache
X-We-Are-Hiring
X-Cache-PHP
X-Hash
NM-Fastcgi-Cache
X-Eu-Site
Platform
X-Has-Esi
X-Wikidot-Backend
On-Server
Memcached
X-VG-TLSProxy
X-Trace-Id
X-Reboot
Web-Mar-Node
We-Hiring
X-Thinkindot-L3
X-Agile-Id
X-Agile-Age
X-TT-TIMESTAMP
X-TIME
X-Agile
X-Variation
Vix-Hermes-Req-Id
X-Varnish-Cacheable
X-Fmm-Version
Thinkindot-CacheControl
X-Via-PopH
X-Generated-On
X-Block-Status
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Backend-State
V-Age
X-Gen-Mode
X-Generated-In
X-Generation-Time
L5d-Success-Class
X-Ms-Request-Id
X-Dispatcher-Server
X-Device-Os
C-Via
X-Ms-Version
X-Servername
X-Distil-CS
X-Location
X-SIPLIST1
X-Is-Gdpr
X-Platform-Server
X-JWT-State
X-SD-PageType
Adler-Geo
X-Level-Front-Cache
X-Scheme
Apple-News-Services-Handled
Apple-News-Services-Host
X-LAGOON
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Skip-Cache
X-Matched-Rule
HA-Ipaddr
Ha-Gx-Prefs
X-Srv
X-SN
X-Epic-Correlation-Id
X-Swa-Ws
Kp-EeAlive
IsBot
Is-Eu
X-CGP
X-Clara-WADP
Fastly-Drupal-HTML
X-Hnp-Log
X-NodeID
Esi-Enabled
X-Core-Value
FNAC-ModuleRouting
X-Clientip
X-Dispatch
X-Cms-Context
X-Hit
Cf-Ipcountry
X-Request-Host
X-Response-By
X-Envoy-Upstream-Healthchecked-Cluster
X-Auto-Login
X-Distributor
X-Req
X-TrackingId
X-Bip
X-Thanos
X-Slack-Backend
X-Cache-FS-Status
X-Fastly-Cache
X-Branch-Name
X-Server-W
X-BBXSRF
X-Cache-URL
X-Developers
X-Backend-Host
Server-Ext
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Policy
X-Irp-Debug
Fastly-SWR
X-RateLimit-Remaining-Second
Node
X-Dc
X-App
X-RateLimit-Limit-Second
AKAMAI
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Owner
X-Origin-Expires
X-Micro-Cache
X-Method
X-Li-Pop
X-LI-UUID
X-Logging-Id
L
Gh-Request-Id
Server-Hostname
RNT-Time
RNT-Machine
Server-ID
W
Sever-Int
Viewport
X-VC-Cache
X-Origin-Date
Wxu-Next-Commit
X-Webstats-RespID
X-GoCache-CacheStatus
X-Rebelmouse-Surrogate-Control
Wxu-Next-Region
Wxu-Next-Hostname
X-Varnish-Authentication
X-Refresh
Cache-Cookie-Set-From
X-App-Name
Cache-Host
CacheControlHeader
GEO-INFO
X-LI-Proto
X-Var-Ttl
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Server-IP
Cache-Cookie-Set-Lfrom
Ohc-File-Size
X-Core-Mission
Cache-Cookie-Set-Idcheck
X-CLOUD-TRACE-CONTEXT
X-VCT
X-Be
X-Nc
X-Wa
X-Compress-Hint
X-Mvc-Supplant-OutputCached
X-TH-Server
X-Cdn-Srv
X-S-Maxage
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Cache-Debug
X-Gzip
X-Loc
X-Varnish-Beresp-Grace
X-Cache-Id
X-Esi-Check
X-Bc
X-Generated-By
X-Zone
Server-Cache-Control
Server-Surrogate-Control
LB
X-B3-Traceid
X-Origin-TTL
X-Origin-CC
Memory
Ohc-Response-Time
X-Configured-By
X-NU-AKA-ACS-Version
X-FPC
X-AIR-PT
NtCoent-Length
X-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
HostName
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
X-Webkit-CSP
X-Sucuri-ID
CACHE
X-Storefront-Renderer-Rendered
X-Edge-Location
X-Debug-Panamera-Sitecode
X-Svr
X-MSEdge-Flight
Request-Country
X-Debug-Panamera-Host
Request-EU
Locid
Heartbleed
X-MSEdge-Features
MIME-Version
X-ZONE
X-CF-Powered-By
X-BC
X-Varnish-Hits
Pragrma
X-Request-URI
X-COUNTRY
X-Servedbyhost
X-Varnish-URL
X-Nginx-Cache
X-Shopify-Generated-Cart-Token
X-VCL-Version
X-App-Version
SRV
Referer-Policy
X-Pjax-Url
X-GEO
X-Batcache
WZWS-RAY
X-Gamma-Serve
Resin-Trace
Fastly-Backend-Name
X-Cdn-Forward
Hostname
X-BE
FSS-Cache
X-Up
X-BACKEND-TTL
Lfy
GeoIP-Country-Code
X-Amzn-Requestid
X-CACHE-KEY
X-WebServer
X-Minions-Version
X-ElasticPress-Query
X-Via-CDN
X-ND-Cache
GeoIp-Country-Code
Product
X-Proxy-Upstream
HitType
X-Aicache-OS
Cteonnt-Length
GeoIP-Latitude
Geoip-Latitude
CF-Cached-On
Cdn-Host
X-HS-Status
Powered-By-ChinaCache
X-Fetched-On
Cdn-Request-Time
X-Edge-Server
My-App
X-Cdn-Origin
Mime-Version
X-Sn-Servicetimems
X-Sucuri-Cache
X-Ratelimit-Remaining
Ohc-Cache-HIT
X-PJAX-URL
X-NGINX-Cache
X-GeoIP-Country-Code
X-CSRF-TOKEN
DCR-Decision-By
X-Oss-Object-Type
X-Oss-Storage-Class
X-ServedByHost
X-Oss-Hash-Crc64ecma
X-Newrelic-App-Data
DCR-Processing-Time-Ms
X-Check-Cacheable
X-Fastly-Country-Code
X-Vcl-Version
X-Oss-Request-Id
SN
X-ECache
X-Oss-Server-Time
X-Unique-ID
Amp-Access-Control-Allow-Source-Origin
X-Azure-Ref-OriginShield
X-Varnish-Url
Location
X-Fastly-Cache-Status
X-Pf-Uncompressing
X-Request-Start
X-CACHE-AGE
X-Served-From
Group
X-PF-Uncompressing
X-Fastly-Backend-Reqs
Pramga
URI
Cdn
X-B3-Spanid
Dt-Cache-Category
X-LB-ID
X-Shard
X-Ratelimit-Limit
PFcat
X-Fpc
XServer
X-OVcl-Cache
X-OVcl
X-Via-Ucdn
X-VarnishDD-TTL
X-Swift-Error
X-Vgn-Hpd-Variations-Key
A
X-B3-SpanId
CloudFront-Viewer-Country
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
Country-Code
X-Tec-Api-Root
X-Tec-Api-Origin
X-Request-Time
Cf-Alt-Svc
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Via-NSCOPI
X-Tec-Api-Version
X-Client-Ip
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Varnish-Beresp-TTL
X-Instart-Isnd
X-Platform
X-Render-Time
X-DPWN-IS-SECURE
Origin
Geoip-City
X-Ocache
X-WR-MODIFICATION
X-WPE-Loopback-Upstream-Addr
Lb
X-Planisys-CDN-TTL
X-Debug-Ysi-Auth
X-StackifyID
X-LiteSpeed-Cache-Control
X-Apw-Hits
X-Debug-Xas-Auth
X-C
X-Debug-Cache-String
X-Apw-Access-Token
CF-IPCountry
PICS-Label
X-Planisys-CDN-Cache
Server-Ttl
X-Planisys-CDN-Rules
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
SID
Proxy-Firewall
X-Varnishpool
WWW-Authenticate
X-Ratelimit-Reset
X-Debug-Cache-Bypass
X-Apw-Access-Object
X-Apw-Access-Action
X-Cache-Expired-At
X-WA
X-Ftr-Cache-Host
Region
Host-ID
NnCoection
X-Rocket-Build-Number
X-Cache-Hfrom
X-Cache-Hm
X-Sigma
X-Acquia-Site
X-Sigma-Backend
Cloudfront-Viewer-Country
X-Cache-Tag
Request-Time
X-Country-IP
Cneonction
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-APP
Pics-Label
X-Li-Proto
Epwk-X-Cache
X-Html-Edge-Cache
TTL
X-Action
X-ElasticPress-Search
X-Request-URL
X-Varnish-ID
X-Akamai-ERPolicy
X-B3-Parentspanid
Req-ID
X-Akamai-ERRuleID
X-Nananana
X-Dw-Trace-Id
X-VC
X-RPM
X-DSS
X-SB
X-RPS
X-DB
X-DI
X-RSL
X-DW