Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Backend
X-Age
X-Cache-Group
X-Request-ID
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Origin-Upstream-Status
X-Readtime
X-Node
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
X-Pass-Why
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-ORACLE-DMS-ECID
NEL
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cloud-Trace-Context
X-Cnection
X-Px
X-Url
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
MS-Author-Via
X-Vname
X-TtlSet
X-PC
Accept-CH
X-Powered-By-Plesk
Verso
X-DynaTrace
Public-Key-Pins
Accept-CH-Lifetime
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Ttl
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
Arr-Disable-Session-Affinity
Pagespeed
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
Response
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Cached
X-Amz-Rid
X-CST
TCN
X-Abt-Application-Version
Pinterest-Generated-By
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Accept-Ch
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-ESI
X-Version
AR-Request-ID
AR-PoweredBy
X-MSEdge-Ref
AR-ATIME
Access-Control-Request-Method
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-FastCGI-Cache
AR-CACHE
Accept-Ch-Lifetime
Ar-Sid
S
Charset
X-Debug
X-Upstream
SPIisLatency
SPRequestDuration
X-Powered-CMS
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
Content-MD5
Pinterest-Version
X-Ezoic-Cdn
X-Pinterest-Rid
Realpath
Nel
X-Trace
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Element-Page-Cache
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Kinsta-Cache
X-Content-Digest
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Frontend
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
Server-Node
Edge-Cache-Tag
X-Cache-Hit
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-Cache-Age
TP-L2-Cache
TP-Cache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
Front-End-Https
Server-Name
ServerID
X-Forwarded-For
DynaTrace
X-Hostname
X-Cache-Key
X-Amzn-Trace-Id
Fastly-Restarts
Arc-Version
PB-RID
PB-PID
X-Zen-Fury
X-DIS-Request-ID
Powered
X-Microsite
X-Request-Handler-Origin-Region
X-TTL
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Revision
X-Mobile-Rewrite
X-User-Agent
X-Akamai-Edgescape
X-Oneagent-Js-Injection
X-LB-Cache
X-Cdn
X-Hits
X-F-Cache
X-Page-Id
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Jobs
Accept-Charset
Filters
X-ORACLE-APMCS-REQUEST-ID
X-FTR-Cache-Host
X-ORACLE-APMCS-TAG
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Via-JSL
X-Geo-Country
MicrosoftSharePointTeamServices
X-Yandex-Sdch-Disable
X-Kong-Upstream-Latency
X-Origin-Server
X-Kong-Proxy-Latency
X-B
X-Varnish-Age
Alternate-Protocol
X-N
X-Ser
X-Rid
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Correlation-Id
Host-Header
X-Esi
X-AppVersion
DC
Cache-Tags
X-XRDS-LOCATION
X-Activity-Id
X-WebKit-CSP-Report-Only
X-ATG-Version
X-Az
X-App-Server
X-Server-ID
Paypal-Debug-Id
X-Amz-Replication-Status
X-Debug-Info
Frame-Options
Retry-After
X-FB-Debug
X-Git-Hash
X-Type
Actual-Object-TTL
X-Contextid
X-B-Cache
X-App-Environment
Section-Io-Cache
X-TT
X-Signature
X-Varnish-Grace
X-Whom
X-Fastcgi-Cache
X-Request-Guid
Surrogate-Key
X-Edge
X-Status
Fastcgi-Useragent
X-Content-Options
X-AOL-HN
Host
Healthy
X-Seen-By
X-Cache-Action
X-Ruxit-Js-Agent
X-Pinterest-Direct
Source
X-Host-Name
X-RateLimit-Remaining
Refresh
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-B3-Sampled
X-Endurance-Cache-Level
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Upgrade-Enabled
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-Cache-Rule
X-Drupal-Cache-Tags
X-Response-Served-From
X-Accel-Buffering
X-RemovedCookies
X-ProcessESI
X-Litespeed-Cache
WPE-Backend
X-Cache-Operation
NR-ENABLED
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Mid
X-MCACHE
X-Rule
X-Amz-Apigw-Id
X-Region
Payment
X-L-Path
X-Cacheable-TTL
X-UUID
X-Cache-Control
MS-CV
Eomportal-Instance
X-Environment-Context
Datacenter
X-Amzn-RequestId
Cache-Status
X-Varnish-Server
X-FW-Type
X-Cache-Time
X-FW-Hash
X-FW-Dynamic
X-APP-VERSION
X-Is-Bot
X-FW-Serve
X-FW-Server
X-Rendered-As
X-FW-Static
X-WA-Info
Countrycode
X-Adobe-Content
X-URL
X-Adobe-Loc
Xserver
X-Protected-By
Srv
X-GeoIP
X-VCache
NGB
Content-Disposition
X-Cluster
X-RequestSource
X-Wix-Request-Id
X-SERVER-NAME
X-Correlation-ID
X-Cache-Server
X-PressLabs-Stats
X-Cached-By
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Akamai-Request-ID2
X-UnsetCookies
Uber-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-IPS-LoggedIn
X-Origin-Response-Time
Version
X-Time
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Load-Cache
X-Unique-Id
X-Mode
X-Mobile
X-Presslabs-Stats
X-Handled-By
Filterid
X-Proxy
Access-Control-Request-Headers
X-Cache-Remote
X-PHP-Backend
Liferay-Portal
X-FireWall-Port
X-CCM
X-RN-RSRV
X-Via-Fastly
X-Path-Route
X-UA-Device-Type
X-ES-SERVER
X-Cache-Var-Map
X-Backend-Name
X-Adobe-Source
X-Cache-Status-Check
X-Cache-Var
X-No-Session
Cross-Origin-Window-Policy
Meta-Geo
X-Framework
X-Viewer-Country
X-VWS-Id
Cache-Hits
Decoy-Debug-Key
Decoy-Debug-TTL
X-PERF
X-PCL
X-OCL
Decoy-Debug-Status
X-NGENIX-Cache
X-ApacheServer
X-Site-Version
X-Storage
X-AWS-Id
X-Azure-Ref
X-Pubstack
Accept-Language
ServedBy
Akamai-GRN
DSUID
X-LJ-Flow-ID
Upgrade-Insecure-Requests
X-Redis-Cache
X-Locale
Fastly-SSL
X-MP-GENERATED-AT
X-Www-Served-By
X-Time-Microsecs
X-Say-TTL
X-Cache-NGX
Section-Origin-Responded
Mn-Server-Ip
Webserver
X-NCache
X-Cache-Config
X-SayCDN-TTL
X-Say-Cacheable
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Real-IP
X-Info
X-FW-Version
Now
X-R9-Blue-Green-Version
Origin-Cache-Control
Cleartype
Cache-Name
X-TX-ID
Origin-Edge-Control
X-Human
X-Web-Node
Section-Io-Origin-Status
X-RTag
Ms-Operation-Id
X-NewRelic-App-Data
Cache
X-Device-Type
Property-Id
X-CS
S-Rt
X-FC-Vary-Parameters
Webcakes-App-Name
X-Hyper-Cache
Webcakes-App-Version
X-Format
X-Cache-Enabled
X-BYPASS-REASON
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
Webcakes-Region
X-Loop
X-Bc-Bl
X-Access
TWC-Privacy
X-Hl-Ver
X-ServerID
X-Section
X-ProxyCache-Status
X-TNCMS
X-Xfnlog-Site
X-UPSTREAM-Address
X-Zipkin-Id
X-ProxyCache-Key
X-Routing-Service
X-Proxied
X-Origin
X-Origin-Hint
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Sorting-Hat-ShopId
X-Timing-Wait
X-JoinUs
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NYM-Debug-Backend
X-ShardId
X-NWS-UUID-VERIFY
X-Detected-As
X-Proxy-Build
X-EIG-Tracking-Id
X-SaId
X-From
X-FB-TRIP-ID
X-Generated
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
X-IP
Selected-Fe
Ec-Rule-Version
DB-Nickname
X-Hosted-By
Country
X-Source
Azure-Version
X-Varnish-Cache-Hits
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-CSRF-Token
Azure-SlotName
Load-Balancing
X-Content-Age
X-Cache-NE
X-Qloud-Router
X-Cluster-Node
X-Old-Content-Length
X-Labrador-Cache-Channel
SD-X-WS
X-PHP-Host
X-Air-Hostname
Cache-Tv-Group
User-Agent
X-Geo
X-Varnish-Hostname
X-Cache-Host
X-Vcache
Time
X-Backend-TTL
FilterID
X-Pad
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
S-Cnection
X-Parent-Response-Time
X-Cache-2
X-EC-Lua
X-Release
X-Cache-Backend
Locale
X-Urbn-Context-Path
X-RCS-CacheZone
X-Urbn-Site-Id
X-Ua
Server-Info
X-Webkit-CSP
X-Proxy-Cache-Status
X-Microcachable
X-Akamai-Request-ID
X-Cache-Grace
X-Forwarded-Host
X-Tumblr-Pixel-3
X-UA
X-NC
X-Debug-Cache
X-RateLimit-Limit
NGX
X-Srv
X-FORWARDED-FOR
Tracecode
OT-Force-Account-Verify
Proxy-Connection
X-Soup
X-Dc
X-TIME
Sid
X-Tb
X-A-Dam
X-A-Ccd
Who
VivaBuild
X-Proto
X-A-Dcw
Xc-Version
Mobile-Detection-Method
Machine
X-A-Dgt
AsisCache
MD5-Digest
M-TraceId
GEO-REGION-INFO
Content-Style-Type
Fastcgi-X-Cache-Version
BehaviorPad-Version
Meta-Geo-Continent
Arc-Country
T-Server
True-Client-Country-4JS
UCS
ServerName
Server-Host
Content-Script-Type
Pagetype
Rendered-Blocks
Viewtype
X-Developer
X-SRCache-Key
X-Ms-Request-Id
X-Session-Fingerprint
X-Ms-Version
X-Level-Front-Cache
X-Swa-Ws
X-Generated-On
X-Geo-Header
X-Instart-Info
X-Trace-Id
X-NodeID
X-PAYTM-SRV-ID
X-Scheme
X-Rojux
X-S
X-S-Cookie
X-Rewrite-Enabled
X-Reqid
X-Processor
X-ServiceProvider
X-ScT
X-Region-Sid
X-G
X-External-Request-Id
X-Vtex-Processado-Em
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-B-Cookie
X-Vtex-Remote-Cache
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-D
X-VG-WebServer
X-Twitter-Response-Tags
X-Trv-Group
X-Dispatch
X-Transaction
X-Vdms-Path
X-Vdms-Version
X-Date
X-Destination
X-DevSite-Last-Modified
X-VG-WebCache
X-A-Wwc
X-A
Apigw-Requestid
Cache-Key
X-Cluster-Name
X-Uri
X-Vgn-Hpd-Reason
GEO-INFO
X-SRV
X-Magnolia-Registration
User-Cache-Control
X-Agile-Id
X-Thanos
X-SN
X-User
Web-Mar-Node
X-Agile-Age
We-Hiring
X-Agile
X-TT-TIMESTAMP
X-Thinkindot-L3
Thinkindot-Control
X-VServer
X-Via-PopV
On-Server
NM-Fastcgi-Cache
X-WADP-Cache
N-Cache
Release
X-Via-PopH
X-Bip
V-Age
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-VC-Cache
Viewport
X-Skip-Cache
X-Owner
X-Hash
X-Generation-Time
X-Generated-In
X-Fmm-Version
X-Gen-Mode
X-Hnp-Log
X-LAGOON
X-Method
X-Micro-Cache
X-Matched-Rule
X-Logging-Id
X-Node-Id
X-Location
X-Reboot
X-Dispatcher-Server
X-Cache-Info
X-SIPLIST1
X-Cache-FS-Status
X-Cache-Bucket
X-Branch-Name
Memcached
X-Clara-WADP
X-Cms-Context
X-Device-Os
X-Request-UUID
X-SD-PageType
X-TA-CDN-Provider
X-Core-Value
X-Block-Status
Vix-Hermes-Req-Id
IsBot
Kp-EeAlive
X-Wikidot-Static-Cache
AKAMAI
FNAC-ModuleRouting
CDCHOST
X-Wikidot-Backend
X-Worker
Magicmarker
Mail-Subject
X-Envoy-Decorator-Operation
Cf-Ipcountry
Geo-Info
X-Cache-PHP
X-Distil-CS
X-Auto-Login
X-Slack-Backend
Adler-Geo
X-Response-By
X-Request-Host
Fastly-Drupal-HTML
X-Epic-Correlation-Id
X-Eu-Site
X-TrackingId
X-Envoy-Upstream-Healthchecked-Cluster
X-Req
Esi-Enabled
X-Backend-Host
X-Distributor
X-BBXSRF
Apple-News-Services-Handled
X-Cache-URL
X-Cache-Tags
X-Clientip
Apple-News-Services-Parsed-Url
X-Servername
Node
Apple-News-Services-Host
C-Via
Cache-Cookie-Set-From
X-Server-W
X-Developers
X-CGP
Apple-News-Services-Request-Url
X-Fastly-Cache
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Backend-State
X-RateLimit-Remaining-Second
Rt-Fastcgi-Cache
RNT-Time
RNT-Machine
X-VG-TLSProxy
X-Is-Gdpr
Server-Ext
X-Origin-Date
X-Irp-Debug
Server-Hostname
Is-Eu
X-JWT-State
X-Nginx-Cache-Key
X-We-Are-Hiring
X-LI-UUID
X-Li-Pop
X-Webstats-RespID
X-Li-Fabric
Platform
L5d-Success-Class
X-Origin-Expires
Sever-Int
X-Policy
Wxu-Next-Region
X-Mvc-Supplant-Cachable
X-RateLimit-Limit-Second
Wxu-Next-Hostname
Wxu-Next-Commit
Gh-Request-Id
X-Platform-Server
X-GoCache-CacheStatus
HA-Ipaddr
Ha-Gx-Prefs
X-Hit
X-Variation
X-Has-Esi
X-Varnish-Cacheable
X-Newrelic-Synthetics
X-Rebelmouse-Cache-Control
X-Core-Mission
X-Rebelmouse-Surrogate-Control
X-Cache-ASPX
X-Be
Fastly-SWR
Server-ID
L
Fastly-SIE
X-Contensis-Viewer-Groups
CacheControlHeader
X-LI-Proto
W
X-Var-Ttl
X-App
X-Varnish-Authentication
X-DC
Ohc-File-Size
X-Compress-Hint
X-App-Name
Cache-Host
X-Server-IP
X-CLOUD-TRACE-CONTEXT
X-Nc
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-Ttl
X-TH-Server
X-Refresh
X-Varnish-Beresp-Grace
X-VCT
X-Varnish-Beresp-Status
X-Wa
HostName
X-Loc
X-Esi-Check
X-Cache-Id
X-Cache-Debug
X-Gzip
X-Cdn-Srv
X-AIR-PT
X-Origin-TTL
X-S-Maxage
LB
X-Origin-CC
Memory
X-Bc
X-Sucuri-ID
X-Configured-By
Server-Cache-Control
X-Generated-By
Server-Surrogate-Control
X-FPC
X-Zone
X-B3-Traceid
X-SVT-ORM-VERSION
Ohc-Response-Time
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
NtCoent-Length
X-Key
X-BC
X-Rocket-Nginx-Bypass
X-Edge-Location
X-MSEdge-Flight
X-Varnish-Ttl
X-ZONE
X-MSEdge-Features
CACHE
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
Heartbleed
Request-EU
Request-Country
Locid
Pragrma
X-Svr
X-Varnish-URL
X-Varnish-Hits
X-CF-Powered-By
MIME-Version
X-COUNTRY
X-Request-URI
X-GEO
X-Servedbyhost
X-App-Version
Referer-Policy
X-Shopify-Generated-Cart-Token
X-Cdn-Forward
X-Pjax-Url
X-VCL-Version
Resin-Trace
Fastly-Backend-Name
X-Batcache
SRV
X-Nginx-Cache
FSS-Cache
WZWS-RAY
X-Gamma-Serve
X-Up
X-BACKEND-TTL
GeoIp-Country-Code
X-Minions-Version
Geoip-Latitude
X-Ratelimit-Remaining
X-ND-Cache
X-WebServer
Lfy
Cteonnt-Length
X-Via-CDN
X-Aicache-OS
HitType
X-ElasticPress-Query
X-Amzn-Requestid
X-CACHE-KEY
X-BE
X-Sucuri-Cache
Hostname
Product
Mime-Version
X-Proxy-Upstream
GeoIP-Country-Code
CF-Cached-On
Powered-By-ChinaCache
My-App
X-Cdn-Origin
X-Edge-Server
X-Sn-Servicetimems
Cdn-Request-Time
Cdn-Host
X-Fetched-On
X-ECache
X-HS-Status
X-PJAX-URL
GeoIP-Latitude
X-NGINX-Cache
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Check-Cacheable
X-NODE
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Ratelimit-Limit
DCR-Processing-Time-Ms
Ohc-Cache-HIT
DCR-Decision-By
X-GeoIP-Country-Code
X-Vcl-Version
X-CSRF-TOKEN
Pramga
X-ServedByHost
X-Azure-Ref-OriginShield
SN
X-PF-Uncompressing
Location
X-Fastly-Cache-Status
X-Fastly-Country-Code
X-Unique-ID
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
Group
X-CACHE-AGE
X-LB-ID
URI
X-Served-From
X-Request-Start
X-Fastly-Backend-Reqs
Dt-Cache-Category
Cdn
X-VarnishDD-TTL
PFcat
X-Newrelic-App-Data
X-B3-Spanid
X-OVcl
X-OVcl-Cache
X-Shard
X-Vgn-Hpd-Variations-Key
XServer
X-Vgn-Hpd-Ssi
X-Via-Ucdn
X-Vgn-Hpd-Cached
X-Fpc
X-Swift-Error
Cf-Alt-Svc
X-Render-Time
A
X-Request-Time
X-Via-NSCOPI
X-B3-SpanId
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Instart-Isnd
X-Platform
Country-Code
CloudFront-Viewer-Country
X-Ratelimit-Reset
X-Varnishpool
X-Cache-Expired-At
X-Debug-Cache-Store
PICS-Label
X-Debug-Cache-Fetch
WWW-Authenticate
Geoip-City
Origin
X-Varnish-Beresp-TTL
X-Ocache
X-DPWN-IS-SECURE
X-Tb-Optimization-Total-Bytes-Saved
X-WR-MODIFICATION
Lb
X-WPE-Loopback-Upstream-Addr
X-Planisys-CDN-TTL
Server-Ttl
X-Debug-Cache-String
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Cache-Bypass
Cloudfront-Viewer-Country
X-Apw-Hits
X-StackifyID
CF-IPCountry
X-C
X-Apw-Access-Token
X-Apw-Access-Object
X-Planisys-CDN-Cache
SID
X-WA
X-Apw-Access-Action
X-Planisys-CDN-Rules
X-Ftr-Cache-Host
X-Sigma
X-Sigma-Backend
X-Amzn-Remapped-Date
X-CUA
X-Amzn-Remapped-Connection
X-Country-IP
X-Rocket-Build-Number
Proxy-Firewall
Epwk-X-Cache
Cneonction
X-Acquia-Application-UUID
X-Cache-Tag
X-Nananana
Host-ID
NnCoection
Request-Time
X-Cache-Hm
X-Acquia-Application-Trace
X-Acquia-Site
X-Cache-Hfrom
X-Acquia-Purge-Tags
Region
X-APP
X-ElasticPress-Search
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-B3-Parentspanid
X-Oss-Cdn-Auth
Req-ID
X-Request-URL
X-Li-Proto
X-Varnish-ID
X-DI
X-DB
X-RSL
X-VC
X-SB
X-Dw-Trace-Id
X-RPS
X-RPM
X-DSS
X-Html-Edge-Cache
X-Action
TTL
X-DW