Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Request-ID
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Server
X-Backend
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Pass-Why
Request-Id
X-DataDome
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
NEL
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Px
X-Url
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-TtlSet
MS-Author-Via
X-PC
X-Vname
Accept-CH
Accept-CH-Lifetime
X-Powered-By-Plesk
Verso
X-DynaTrace
Public-Key-Pins
X-B3-TraceId
Service-Worker-Allowed
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-Ttl
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
Pagespeed
Arr-Disable-Session-Affinity
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
Pinterest-Generated-By
X-Amz-Rid
X-CST
X-Cached
TCN
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Accept-Ch
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-ESI
X-Version
AR-PoweredBy
X-MSEdge-Ref
AR-ATIME
AR-Request-ID
Access-Control-Request-Method
X-Grace
Nginx-Cache
X-FastCGI-Cache
Ar-Sid
AR-CACHE
Charset
S
X-Debug
X-Upstream
X-Powered-CMS
SPIisLatency
SPRequestDuration
X-SRCache-Fetch-Status
X-SRCache-Store-Status
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Content-MD5
X-Client-IP
Pinterest-Version
X-Ezoic-Cdn
Realpath
Accept-Ch-Lifetime
Nel
X-Trace
X-Element-Page-Cache
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-XRDS-Location
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Request-Received
X-Request-Processing-Time
X-Frontend
Server-Node
X-FTR-DC
X-Cache-Hit
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
Edge-Cache-Tag
X-Cache-Age
TP-Cache
TP-L2-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
X-Goog-Stored-Content-Length
Front-End-Https
Server-Name
ServerID
X-Forwarded-For
DynaTrace
X-Hostname
X-Cache-Key
X-Amzn-Trace-Id
Fastly-Restarts
PB-PID
PB-RID
Arc-Version
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Microsite
X-TTL
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Revision
X-Mobile-Rewrite
X-User-Agent
X-Hits
X-LB-Cache
X-Oneagent-Js-Injection
X-Cdn
X-Akamai-Edgescape
X-HS-Hub-Id
X-Page-Id
X-HS-Combine-CSS
X-F-Cache
X-HS-Content-Id
X-HS-Cache-Config
Accept-Charset
X-Jobs
X-ORACLE-APMCS-REQUEST-ID
X-FTR-Cache-Host
Filters
X-ORACLE-APMCS-TAG
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Via-JSL
MicrosoftSharePointTeamServices
X-Yandex-Sdch-Disable
X-Origin-Server
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-B
X-Varnish-Age
X-N
Alternate-Protocol
X-Ser
X-Rid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Daa-Tunnel
X-Varnish-Backend
Host-Header
X-Esi
X-ATG-Version
X-Activity-Id
X-WebKit-CSP-Report-Only
DC
X-AppVersion
X-Az
X-App-Server
Paypal-Debug-Id
Cache-Tags
X-Server-ID
X-Amz-Replication-Status
Retry-After
Actual-Object-TTL
Frame-Options
X-Debug-Info
X-Type
X-FB-Debug
X-Git-Hash
X-Signature
X-TT
X-Varnish-Grace
X-Whom
X-B-Cache
Section-Io-Cache
X-Contextid
X-App-Environment
X-Fastcgi-Cache
X-Request-Guid
X-Edge
Surrogate-Key
X-Status
Fastcgi-Useragent
X-Content-Options
X-AOL-HN
Host
Healthy
X-XRDS-LOCATION
X-Seen-By
X-Cache-Action
X-Ruxit-Js-Agent
Source
X-Pinterest-Direct
X-Host-Name
X-HTML-Minification-Powered-By
Refresh
X-RateLimit-Remaining
X-IPLB-Instance
X-B3-Sampled
X-Endurance-Cache-Level
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-ProcessESI
X-RemovedCookies
X-Response-Served-From
X-Accel-Buffering
X-Cache-Rule
NR-ENABLED
X-Drupal-Cache-Tags
X-Cache-Operation
WPE-Backend
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Mid
X-Amz-Apigw-Id
X-Rule
X-Region
X-MCACHE
Odigeo-Trace-Id
X-Environment-Context
X-Cacheable-TTL
X-Cache-Control
MS-CV
X-UUID
Eomportal-Instance
Payment
X-L-Path
Datacenter
X-Amzn-RequestId
X-FW-Hash
X-Is-Bot
X-FW-Static
X-Cache-Time
X-Rendered-As
Cache-Status
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-FW-Serve
X-Varnish-Server
X-Adobe-Loc
Countrycode
X-Adobe-Content
X-WA-Info
X-URL
Xserver
Srv
X-Protected-By
X-APP-VERSION
X-GeoIP
Content-Disposition
NGB
X-Wix-Request-Id
X-Cluster
X-Webkit-CSP
X-SERVER-NAME
X-RequestSource
X-Akamai-Transformed
X-PressLabs-Stats
X-Cached-By
X-Cache-Server
X-Time
X-EdgeConnect-Cache-Status
X-Yottaa-Optimizations
X-Akamai-Request-ID2
X-VCache
X-Yottaa-Metrics
X-UnsetCookies
Uber-Trace-Id
Version
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tt-Trace-Tag
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Mode
X-Load-Cache
X-Unique-Id
X-Mobile
X-Correlation-ID
Filterid
X-Handled-By
X-Presslabs-Stats
X-Proxy
X-Cache-Remote
Access-Control-Request-Headers
X-PHP-Backend
Liferay-Portal
X-FireWall-Port
Accept-Language
X-Backend-Name
X-RN-RSRV
X-Viewer-Country
Cross-Origin-Window-Policy
X-No-Session
Meta-Geo
X-Adobe-Source
X-UA-Device-Type
X-Via-Fastly
X-Framework
X-Cache-Var
X-CCM
X-Cache-Var-Map
X-Cache-Status-Check
X-Path-Route
X-ES-SERVER
X-Locale
X-MP-GENERATED-AT
X-OCL
Decoy-Debug-Key
X-Time-Microsecs
DSUID
Decoy-Debug-Status
Decoy-Debug-TTL
Fastly-SSL
X-LJ-Flow-ID
Akamai-GRN
X-NGENIX-Cache
Upgrade-Insecure-Requests
X-AWS-Id
X-ApacheServer
X-Redis-Cache
ServedBy
X-Storage
X-Pubstack
X-VWS-Id
X-Site-Version
X-PERF
Cache-Hits
X-Www-Served-By
X-PCL
X-Azure-Ref
X-Cache-NGX
Cache-Name
X-Human
X-Real-IP
X-R9-Blue-Green-Version
X-NCache
X-Info
X-RTag
X-Say-Cacheable
X-TX-ID
X-SayCDN-TTL
X-Web-Node
X-Say-TTL
X-FW-Version
X-Cache-Config
Origin-Edge-Control
Origin-Cache-Control
Now
Ms-Operation-Id
Section-Io-Id
Section-Io-Origin-Status
Webserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Cleartype
Mn-Server-Ip
Cache
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Routing-Service
TWC-Locale-Group
X-Access
TWC-GeoIP-Country
S-Rt
Property-Id
X-ServerID
X-Section
X-ProxyCache-Status
TWC-Device-Class
TWC-GeoIP-LatLong
X-ProxyCache-Key
X-FC-Vary-Parameters
X-Device-Type
X-Format
X-Loop
X-Hyper-Cache
X-Hl-Ver
X-CS
X-Origin
X-BYPASS-REASON
X-Bc-Bl
X-Cache-Enabled
X-Proxied
X-Origin-Hint
X-NewRelic-App-Data
X-TNCMS
TWC-Connection-Speed
X-Xfnlog-Site
X-Zipkin-Id
X-UPSTREAM-Address
X-Amzn-Remapped-Content-Length
X-Proxy-Build
X-JoinUs
X-FB-TRIP-ID
DB-Nickname
X-EIG-Tracking-Id
X-BCube-Filmed-By
X-SaId
X-From
X-Detected-As
X-Alternate-Cache-Key
X-NYM-Debug-Backend
Selected-Fe
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-NWS-UUID-VERIFY
X-Timing-Wait
X-IP
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Vcache
Ec-Rule-Version
X-Generated
X-ShopId
X-ShardId
X-Shopify-Stage
X-Geo
Azure-SlotName
X-CSRF-Token
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Hosted-By
Azure-Version
X-Source
X-Varnish-Cache-Hits
Country
X-Content-Age
Load-Balancing
X-Cluster-Node
X-Labrador-Cache-Channel
SD-X-WS
X-Qloud-Router
X-PHP-Host
X-Old-Content-Length
X-Cache-NE
X-Air-Hostname
Cache-Tv-Group
X-Varnish-Hostname
User-Agent
Time
X-Litespeed-Cache
X-Cache-Host
X-CDN-Forward
X-Pad
FilterID
X-Backend-TTL
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-Ua
X-Parent-Response-Time
X-Cache-2
S-Cnection
X-Cache-Backend
X-Release
Locale
X-Urbn-Context-Path
X-RCS-CacheZone
X-Urbn-Site-Id
X-EC-Lua
Server-Info
X-Cache-Grace
X-RateLimit-Limit
X-Proxy-Cache-Status
X-Microcachable
X-Akamai-Request-ID
X-Forwarded-Host
X-Tumblr-Pixel-3
X-NC
X-Debug-Cache
X-FORWARDED-FOR
Proxy-Connection
NGX
Tracecode
X-SRV
OT-Force-Account-Verify
X-Soup
X-UA
X-Tb
Sid
X-Ms-Request-Id
X-Ms-Version
T-Server
X-Proto
True-Client-Country-4JS
X-B-Cookie
Who
X-A-Dam
X-Uri
Apigw-Requestid
X-A-Dcw
X-A-Dgt
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-PAYTM-SRV-ID
VivaBuild
Viewtype
X-ARC
X-Application
X-NodeID
X-A
UCS
Server-Host
M-TraceId
X-Connection-Hash
Fastcgi-X-Cache-Version
Machine
Meta-Geo-Continent
MD5-Digest
X-D
X-Processor
X-Developer
X-Date
X-DevSite-Last-Modified
X-Dispatch
X-External-Request-Id
GEO-REGION-INFO
Mobile-Detection-Method
Content-Style-Type
X-CF-Lambda-Version
Arc-Country
X-CF-Lambda-Fn
X-Destination
ServerName
X-Instart-Info
AsisCache
BehaviorPad-Version
Pagetype
Content-Script-Type
X-G
X-Generated-On
Rendered-Blocks
X-Geo-Header
X-Level-Front-Cache
X-Rojux
X-ScT
X-Transaction
X-Vtex-Processado-Em
X-Scheme
X-Srv
X-Aed
X-S
X-VG-WebCache
X-Trv-Group
X-Twitter-Response-Tags
X-Session-Fingerprint
X-ServiceProvider
X-Vdms-Path
X-Vdms-Version
X-Vgn-Hpd-Reason
X-Rewrite-Enabled
X-S-Cookie
X-Vtex-Remote-Cache
Xc-Version
X-Trace-Id
X-Cluster-Name
X-Region-Sid
X-Swa-Ws
GEO-INFO
X-Reqid
Cache-Key
X-VG-WebServer
X-SRCache-Key
User-Cache-Control
X-Magnolia-Registration
X-Dc
FNAC-ModuleRouting
X-Fmm-Version
X-User
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Dispatcher-Server
X-TT-TIMESTAMP
Thinkindot-Control
X-Device-Os
IsBot
Mail-Subject
X-Via-PopH
Release
X-Bip
X-Clara-WADP
X-Via-PopV
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Info
On-Server
NM-Fastcgi-Cache
X-VC-Cache
X-VServer
X-Core-Value
Magicmarker
X-Thinkindot-L3
N-Cache
X-Cms-Context
Memcached
Kp-EeAlive
X-Generation-Time
X-Location
X-Logging-Id
X-SD-PageType
X-Agile-Id
X-Wikidot-Static-Cache
We-Hiring
X-Thanos
X-Wikidot-Backend
X-Matched-Rule
X-Method
X-Request-UUID
X-Agile
X-Reboot
X-Owner
X-Worker
X-Micro-Cache
X-Agile-Age
X-Node-Id
X-LAGOON
Web-Mar-Node
X-SN
X-Skip-Cache
Viewport
X-TA-CDN-Provider
X-Branch-Name
CDCHOST
X-Gen-Mode
X-Generated-In
X-Hash
V-Age
X-Hnp-Log
X-WADP-Cache
Vix-Hermes-Req-Id
AKAMAI
X-SIPLIST1
Cf-Ipcountry
X-Cache-PHP
X-Envoy-Decorator-Operation
X-DC
Geo-Info
X-Newrelic-Synthetics
X-RateLimit-Remaining-Second
X-Backend-Host
X-Auto-Login
X-RateLimit-Limit-Second
X-BBXSRF
X-Backend-State
X-We-Are-Hiring
X-Webstats-RespID
X-Distil-CS
X-Servername
X-Server-W
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Is-Gdpr
X-JWT-State
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Platform-Server
X-Policy
X-Req
X-Request-Host
X-Origin-Expires
X-Response-By
X-Origin-Date
X-Irp-Debug
X-Hit
X-Varnish-Cacheable
X-Variation
X-Developers
X-VG-TLSProxy
X-Clientip
X-Cache-URL
X-CGP
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-Slack-Backend
X-GoCache-CacheStatus
X-Has-Esi
X-Fastly-Cache
X-TrackingId
X-Epic-Correlation-Id
X-Eu-Site
X-Cache-Tags
Wxu-Next-Region
C-Via
Platform
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
X-SERVER
RNT-Machine
X-TIME
Cache-Cookie-Set-Idcheck
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Drupal-HTML
Esi-Enabled
Cache-Cookie-Set-Lfrom
Is-Eu
RNT-Time
Apple-News-Services-Parsed-Url
Wxu-Next-Commit
Server-Hostname
Adler-Geo
Sever-Int
Rt-Fastcgi-Cache
Node
Wxu-Next-Hostname
Apple-News-Services-Handled
Apple-News-Services-Host
Server-Ext
W
L
X-Rebelmouse-Cache-Control
Fastly-SWR
X-Rebelmouse-Surrogate-Control
Fastly-SIE
X-Contensis-Viewer-Groups
X-Var-Ttl
X-Varnish-Authentication
X-LI-Proto
X-Cache-ASPX
Server-ID
CacheControlHeader
X-App
X-Core-Mission
Ohc-File-Size
Cache-Host
X-Server-IP
X-Compress-Hint
X-App-Name
X-Nc
X-Be
X-CLOUD-TRACE-CONTEXT
X-VCT
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Refresh
X-Varnish-Beresp-Ttl
X-TH-Server
X-Mvc-Supplant-OutputCached
X-Gzip
X-Cdn-Srv
X-Esi-Check
X-Wa
X-Cache-Id
X-Cache-Debug
X-Loc
X-Origin-CC
X-S-Maxage
X-AIR-PT
LB
X-Origin-TTL
Server-Surrogate-Control
X-Configured-By
X-Sucuri-ID
X-Zone
Server-Cache-Control
X-Bc
Memory
X-Generated-By
HostName
X-B3-Traceid
NtCoent-Length
X-Storefront-Renderer-Rendered
Ohc-Response-Time
X-NU-AKA-ACS-Version
X-Key
X-SVT-ORM-VERSION
X-FPC
X-SVT-ORM-RULES
X-App-Version
X-Rocket-Nginx-Bypass
X-ZONE
X-BC
X-Varnish-Ttl
X-MSEdge-Features
X-Edge-Location
X-MSEdge-Flight
MIME-Version
CACHE
Request-EU
X-Debug-Panamera-Sitecode
Request-Country
X-Varnish-URL
X-Debug-Panamera-Host
X-Svr
Pragrma
Locid
Heartbleed
X-Varnish-Hits
X-CF-Powered-By
X-Servedbyhost
X-Request-URI
X-COUNTRY
X-Pjax-Url
X-Shopify-Generated-Cart-Token
X-Nginx-Cache
Referer-Policy
X-Cdn-Forward
X-VCL-Version
Resin-Trace
X-Batcache
Fastly-Backend-Name
SRV
X-Gamma-Serve
FSS-Cache
X-GEO
WZWS-RAY
X-Up
X-BACKEND-TTL
Hostname
X-Minions-Version
X-BE
X-Via-CDN
X-Ratelimit-Remaining
X-Aicache-OS
X-WebServer
X-CACHE-KEY
X-Amzn-Requestid
X-ElasticPress-Query
X-ND-Cache
Lfy
GeoIp-Country-Code
Geoip-Latitude
GeoIP-Country-Code
X-Sucuri-Cache
Cteonnt-Length
GeoIP-Latitude
X-Proxy-Upstream
HitType
Product
CF-Cached-On
X-Cdn-Origin
Mime-Version
X-ECache
Powered-By-ChinaCache
My-App
X-Fetched-On
Cdn-Request-Time
X-Sn-Servicetimems
X-Edge-Server
Cdn-Host
X-Oss-Hash-Crc64ecma
X-Check-Cacheable
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
DCR-Processing-Time-Ms
X-HS-Status
X-PJAX-URL
X-Vcl-Version
X-GeoIP-Country-Code
X-NGINX-Cache
DCR-Decision-By
Ohc-Cache-HIT
X-CSRF-TOKEN
Location
Pramga
X-ServedByHost
SN
X-Fastly-Cache-Status
X-Fastly-Country-Code
X-PF-Uncompressing
X-Azure-Ref-OriginShield
X-Unique-ID
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
X-Ratelimit-Limit
X-LB-ID
X-Served-From
X-Fastly-Backend-Reqs
Group
URI
X-Request-Start
X-CACHE-AGE
Cdn
Dt-Cache-Category
X-B3-Spanid
X-Newrelic-App-Data
PFcat
X-Fpc
X-OVcl
X-OVcl-Cache
X-VarnishDD-TTL
X-Shard
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
XServer
X-Via-Ucdn
X-Vgn-Hpd-Variations-Key
X-Swift-Error
X-Render-Time
X-B3-SpanId
A
X-Request-Time
CloudFront-Viewer-Country
X-Instart-Isnd
X-Platform
Country-Code
Cf-Alt-Svc
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Via-NSCOPI
X-Varnishpool
X-Client-Ip
X-Ratelimit-Reset
X-Debug-Cache-Store
X-Ocache
X-DPWN-IS-SECURE
Geoip-City
X-Debug-Cache-Fetch
X-Varnish-Beresp-TTL
Origin
X-Cache-Expired-At
X-Tb-Optimization-Total-Bytes-Saved
WWW-Authenticate
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
Lb
Server-Ttl
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-StackifyID
X-C
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Cache-Bypass
X-Apw-Access-Action
X-Planisys-CDN-TTL
X-Apw-Access-Object
X-Apw-Access-Token
PICS-Label
Cloudfront-Viewer-Country
X-Planisys-CDN-Rules
X-Apw-Hits
X-Planisys-CDN-Cache
SID
CF-IPCountry
X-WA
X-Ftr-Cache-Host
X-Sigma-Backend
X-CUA
Request-Time
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Cneonction
Proxy-Firewall
Epwk-X-Cache
Region
NnCoection
X-Sigma
X-Nananana
X-Acquia-Site
Host-ID
X-Rocket-Build-Number
X-Cache-Tag
X-Cache-Hm
X-Country-IP
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-Acquia-Application-Trace
X-APP
X-B3-Parentspanid
X-Varnish-ID
X-Li-Proto
X-RPM
X-Oss-Cdn-Auth
Pics-Label
X-RSL
X-RPS
Req-ID
X-Akamai-ERPolicy
TTL
X-DB
X-VC
X-SB
X-Dw-Trace-Id
X-Action
X-Html-Edge-Cache
X-ElasticPress-Search
X-DSS
X-Request-URL
X-DI
X-Akamai-ERRuleID
X-DW