Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Template
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-Backend
X-AH-Environment
X-Age
X-Request-ID
X-Cache-Group
Xkey
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Request-Context
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
P3p
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Report-To
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Dns-Prefetch-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-Pass-Why
X-HW
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
NEL
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Rack-Cache
X-Px
X-Url
X-FTR-Request-ID
X-Goog-Hash
Accept-CH
RTSS
X-Vname
X-PC
X-TtlSet
MS-Author-Via
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
X-DynaTrace
Public-Key-Pins
X-Ttl
X-B3-TraceId
Service-Worker-Allowed
X-GitHub-Request-Id
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-MS-InvokeApp
Response
X-Sol
Display
X-Amz-Server-Side-Encryption
Pagespeed
X-Middleton-Display
X-Middleton-Response
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Cache-TTL
X-Varnish-TTL
X-D2id
X-Abt-Application-Version
TCN
Pinterest-Generated-By
X-Amz-Rid
X-Cached
X-CST
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Instart-Request-ID
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Server-Name
X-Version
Accept-Ch
X-ESI
X-MSEdge-Ref
Nginx-Cache
Access-Control-Request-Method
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Grace
S
X-FastCGI-Cache
Charset
Ar-Sid
AR-CACHE
X-Debug
SPIisLatency
SPRequestDuration
X-Upstream
X-Powered-CMS
SPRequestGuid
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-Ch-Lifetime
Nel
X-DynaTrace-JS-Agent
X-Trace
Pinterest-Version
X-Pinterest-Rid
X-Ezoic-Cdn
X-Client-IP
Realpath
Content-MD5
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Jurisdiction
X-Id
X-Hp-Webp
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Shield-Request-Id
X-ASPNET-VERSION
X-XRDS-Location
Fastcgi-Cache
X-T
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
Edge-Cache-Tag
X-FTR-Backend
X-Frontend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
TP-Cache
TP-L2-Cache
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Cache-Age
X-FTR-Expires
Front-End-Https
Server-Name
X-Server-ID
DynaTrace
X-Hostname
ServerID
Fastly-Restarts
X-Forwarded-For
Arc-Version
PB-PID
X-Amzn-Trace-Id
PB-RID
X-Cache-Key
X-Zen-Fury
X-DIS-Request-ID
Powered
X-Cdn
X-Oneagent-Js-Injection
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Mobile-Rewrite
X-Revision
X-User-Agent
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-LB-Cache
X-F-Cache
X-Akamai-Edgescape
Accept-Charset
X-Hits
X-Page-Id
X-Jobs
X-FTR-Cache-Host
Filters
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Geo-Country
X-TTL
X-Content-Powered-By
X-Via-JSL
MicrosoftSharePointTeamServices
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Kong-Upstream-Latency
X-Origin-Server
X-Kong-Proxy-Latency
X-B
X-Yandex-Sdch-Disable
X-Correlation-Id
Alternate-Protocol
X-Esi
X-Rid
X-Ser
X-N
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Varnish-Backend
Host-Header
X-Debug-Info
X-App-Server
X-Fastcgi-Cache
X-Activity-Id
DC
X-AppVersion
X-Az
X-ATG-Version
X-WebKit-CSP-Report-Only
X-Git-Hash
Frame-Options
Paypal-Debug-Id
Cache-Tags
X-Type
X-Amz-Replication-Status
X-FB-Debug
Retry-After
X-Signature
X-Varnish-Grace
Actual-Object-TTL
X-B-Cache
Section-Io-Cache
X-Contextid
X-Whom
Fastcgi-Useragent
X-App-Environment
X-TT
X-Request-Guid
X-Edge
Surrogate-Key
X-Content-Options
X-Status
X-AOL-HN
X-Ruxit-Js-Agent
Host
X-Seen-By
Healthy
X-RateLimit-Remaining
Source
X-Cache-Action
X-Host-Name
X-Pinterest-Direct
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-B3-Sampled
Refresh
X-XRDS-LOCATION
X-Instance
X-Endurance-Cache-Level
X-Tumblr-User
X-ECACHE
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Upgrade-Enabled
From-Origin
NR-ENABLED
WPE-Backend
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
X-Accel-Buffering
X-Cache-Rule
X-Mid
X-MCACHE
Payment
X-URL
X-Cache-Operation
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-Region
X-Cache-Control
X-Cacheable-TTL
X-Rule
X-UUID
X-Amz-Apigw-Id
Eomportal-Instance
MS-CV
X-Varnish-Server
X-Cache-Time
X-FW-Serve
X-FW-Type
X-L-Path
X-FW-Dynamic
X-FW-Static
X-FW-Hash
Cache-Status
X-Environment-Context
X-FW-Server
Datacenter
X-Is-Bot
X-Rendered-As
Countrycode
X-Adobe-Loc
X-WA-Info
X-Adobe-Content
X-Amzn-RequestId
Xserver
X-APP-VERSION
X-Protected-By
Srv
X-GeoIP
X-SERVER-NAME
X-Wix-Request-Id
NGB
X-RequestSource
X-Cluster
Content-Disposition
X-Akamai-Transformed
X-Cache-Server
X-PressLabs-Stats
X-Time
X-Cached-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-EdgeConnect-Cache-Status
Uber-Trace-Id
X-Akamai-Request-ID2
X-VCache
X-UnsetCookies
X-IPS-LoggedIn
Version
X-Tt-Trace-Tag
X-Presslabs-Stats
X-Tumblr-Pixel-2
X-Correlation-ID
X-Origin-Response-Time
X-Tt-Trace-Host
X-Tumblr-Pixel-1
X-Load-Cache
X-Unique-Id
X-Mode
Access-Control-Request-Headers
X-Mobile
X-Handled-By
X-PHP-Backend
Filterid
X-Cache-Remote
Upgrade-Insecure-Requests
X-Proxy
Liferay-Portal
X-FireWall-Port
X-Cache-Var-Map
X-UA-Device-Type
X-Via-Fastly
X-Viewer-Country
X-Storage
X-RN-RSRV
X-OCL
X-Path-Route
X-PCL
Cross-Origin-Window-Policy
X-No-Session
X-Cache-Var
X-Cache-Status-Check
X-Adobe-Source
X-NGENIX-Cache
X-CCM
X-MP-GENERATED-AT
X-ES-SERVER
X-Time-Microsecs
Meta-Geo
X-Framework
X-Pubstack
Akamai-GRN
X-PERF
X-ApacheServer
X-AWS-Id
X-Say-TTL
X-Say-Cacheable
X-Vcache
X-Redis-Cache
X-Backend-Name
X-Locale
X-LJ-Flow-ID
X-Human
X-FW-Version
Accept-Language
DSUID
X-NYM-Debug-Backend
X-SayCDN-TTL
Webserver
X-Www-Served-By
X-Cache-Config
X-BCube-Filmed-By
Cache-Hits
X-Web-Node
Cache
X-TX-ID
X-VWS-Id
X-Site-Version
Fastly-SSL
ServedBy
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
Origin-Edge-Control
Origin-Cache-Control
X-Azure-Ref
Now
Mn-Server-Ip
Cache-Name
X-Hyper-Cache
X-Cache-NGX
Ms-Operation-Id
X-Format
X-FC-Vary-Parameters
Cleartype
X-BYPASS-REASON
X-Origin
X-Info
X-R9-Blue-Green-Version
X-ProxyCache-Status
Section-Origin-Responded
X-RTag
X-Xfnlog-Site
X-TNCMS
X-Section
X-ProxyCache-Key
X-Real-IP
S-Rt
Section-Io-Origin-Time-Seconds
X-Loop
X-Access
Section-Io-Origin-Status
X-NCache
Section-Io-Id
Property-Id
TWC-GeoIP-LatLong
TWC-Privacy
X-Amzn-Remapped-Content-Length
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
TWC-Connection-Speed
X-Bc-Bl
TWC-Device-Class
TWC-GeoIP-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Enabled
X-Hl-Ver
X-Origin-Hint
X-Proxied
X-Routing-Service
X-ServerID
Webcakes-App-Name
X-UPSTREAM-Address
X-CS
X-FB-TRIP-ID
X-Device-Type
X-Zipkin-Id
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Timing-Wait
X-Varnish-Cache-Hits
X-JoinUs
X-From
X-EIG-Tracking-Id
X-Detected-As
X-Generated
X-Hosted-By
X-Proxy-Build
X-IP
X-Alternate-Cache-Key
X-SaId
X-Sorting-Hat-PodId
DB-Nickname
Country
X-Source
X-NWS-UUID-VERIFY
Ec-Rule-Version
Selected-Fe
Azure-SiteName
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Load-Balancing
X-CSRF-Token
X-Geo
SD-X-WS
X-Old-Content-Length
X-Cluster-Node
X-PHP-Host
X-Content-Age
X-Labrador-Cache-Channel
X-Cache-NE
X-Litespeed-Cache
X-Qloud-Router
Cache-Tv-Group
X-Varnish-Hostname
FilterID
X-Backend-TTL
User-Agent
X-CDN-Forward
X-Cache-Host
X-Air-Hostname
Time
X-Pad
X-Ua
S-Cnection
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-Cache-Backend
X-EC-Lua
X-Cache-2
X-Parent-Response-Time
X-RateLimit-Limit
X-RCS-CacheZone
X-Urbn-Site-Id
X-Microcachable
X-Proxy-Cache-Status
X-Urbn-Context-Path
Locale
X-Forwarded-Host
X-Release
Server-Info
X-Cache-Grace
X-NC
X-Akamai-Request-ID
X-Tumblr-Pixel-3
Tracecode
X-FORWARDED-FOR
OT-Force-Account-Verify
X-SRV
X-Debug-Cache
NGX
X-Soup
Sid
X-Ah-Environment
Proxy-Connection
Geo-Info
X-UA
Cache-Key
X-Vgn-Hpd-Reason
X-Tb
X-Node-Id
X-Generated-On
X-NodeID
MD5-Digest
Meta-Geo-Continent
X-Geo-Header
GEO-REGION-INFO
X-Trace-Id
Mobile-Detection-Method
UCS
Viewtype
X-PAYTM-SRV-ID
X-Swa-Ws
X-G
X-Trv-Group
Who
M-TraceId
X-D
VivaBuild
X-Uri
Machine
X-Processor
X-Date
Pagetype
Server-Host
X-Developer
ServerName
CDCHOST
X-DevSite-Last-Modified
X-Vdms-Version
BehaviorPad-Version
X-Level-Front-Cache
Arc-Country
X-Dispatch
Content-Script-Type
X-Connection-Hash
X-Ms-Request-Id
X-Ms-Version
X-Instart-Info
True-Client-Country-4JS
X-External-Request-Id
Fastcgi-X-Cache-Version
Content-Style-Type
Rendered-Blocks
X-Destination
T-Server
AsisCache
X-Transaction
X-Agile
X-Newrelic-Synthetics
X-Twitter-Response-Tags
X-Region-Sid
X-Agile-Id
X-ScT
X-Skip-Cache
Xc-Version
X-Scheme
X-Worker
X-Aed
X-Application
X-ARC
X-VG-WebCache
X-VG-WebServer
X-ServiceProvider
X-Session-Fingerprint
X-Vdms-Path
X-CF-Lambda-Fn
X-User
X-B-Cookie
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-S-Cookie
X-Agile-Age
X-TA-CDN-Provider
X-A-Dcw
X-Rewrite-Enabled
X-A-Dam
X-A
X-A-Ccd
X-Request-UUID
X-Cluster-Name
X-Reqid
X-Rojux
X-A-Wwc
X-A-Dgt
X-SRCache-Key
X-Accel-Expires-Debug
X-S
X-DC
X-Magnolia-Registration
User-Cache-Control
X-Envoy-Decorator-Operation
X-Proto
Apigw-Requestid
Web-Mar-Node
NM-Fastcgi-Cache
X-Cache-Tags
N-Cache
X-Branch-Name
Platform
On-Server
Memcached
Mail-Subject
Magicmarker
X-Cache-FS-Status
X-Core-Value
X-Cache-Bucket
X-Cms-Context
X-Fmm-Version
X-Cache-PHP
We-Hiring
X-Clara-WADP
X-Device-Os
X-CGP
Viewport
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Vix-Hermes-Req-Id
Rt-Fastcgi-Cache
X-Backend-State
X-Bip
Release
X-Eu-Site
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Clientip
X-Distil-CS
X-Block-Status
Apple-News-Services-Parsed-Url
X-Variation
X-Micro-Cache
L5d-Success-Class
X-Thinkindot-L3
X-VServer
X-Method
X-Matched-Rule
Adler-Geo
X-Via-PopH
X-Via-PopV
X-Location
X-Logging-Id
X-SD-PageType
X-Owner
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-TT-TIMESTAMP
X-Cache-Info
X-SN
X-TIME
X-Reboot
X-WADP-Cache
X-Platform-Server
X-Thanos
X-We-Are-Hiring
X-Srv
Apple-News-Services-Handled
AKAMAI
X-VG-TLSProxy
X-Generation-Time
X-SIPLIST1
X-Has-Esi
X-Hit
X-Hash
Ha-Gx-Prefs
HA-Ipaddr
Kp-EeAlive
X-Gen-Mode
IsBot
Is-Eu
X-Generated-In
Apple-News-Services-Host
FNAC-ModuleRouting
X-Hnp-Log
X-LAGOON
C-Via
Apple-News-Services-Request-Url
X-VC-Cache
X-Varnish-Cacheable
X-JWT-State
Esi-Enabled
Fastly-Drupal-HTML
X-Servername
X-Is-Gdpr
Cf-Ipcountry
X-Slack-Backend
X-App
X-Cache-URL
X-Webstats-RespID
X-Server-W
X-Nginx-Cache-Key
X-Li-Fabric
X-Developers
X-Li-Pop
X-LI-UUID
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-GoCache-CacheStatus
X-Fastly-Cache
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Origin-Date
X-RateLimit-Remaining-Second
X-Req
X-Request-Host
X-Response-By
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Policy
X-TrackingId
X-RateLimit-Limit-Second
Sever-Int
Cache-Cookie-Set-Lfrom
Server-ID
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
W
Server-Hostname
Server-Ext
Fastly-SWR
Gh-Request-Id
RNT-Machine
RNT-Time
Fastly-SIE
L
Wxu-Next-Commit
Node
X-Backend-Host
X-Auto-Login
Wxu-Next-Region
Wxu-Next-Hostname
X-BBXSRF
X-Dc
CacheControlHeader
Cache-Host
GEO-INFO
X-Var-Ttl
Ohc-File-Size
X-Refresh
X-Cache-ASPX
X-Server-IP
X-LI-Proto
X-Varnish-Authentication
X-App-Name
X-Contensis-Viewer-Groups
X-Core-Mission
X-CLOUD-TRACE-CONTEXT
X-Compress-Hint
X-VCT
X-Nc
X-Be
X-Mvc-Supplant-OutputCached
X-Wa
X-Varnish-Beresp-Grace
X-Cdn-Srv
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-TH-Server
X-S-Maxage
X-Bc
X-Zone
Server-Cache-Control
Server-Surrogate-Control
X-Loc
X-Gzip
X-Cache-Debug
X-Generated-By
X-Cache-Id
X-Esi-Check
X-Origin-CC
X-Origin-TTL
LB
X-B3-Traceid
X-Sucuri-ID
X-NU-AKA-ACS-Version
X-AIR-PT
Ohc-Response-Time
NtCoent-Length
X-Configured-By
Memory
X-FPC
X-Varnish-Ttl
X-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
HostName
X-Webkit-CSP
X-Rocket-Nginx-Bypass
CACHE
X-Storefront-Renderer-Rendered
Request-EU
Heartbleed
X-Svr
Locid
Request-Country
X-MSEdge-Flight
X-MSEdge-Features
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Edge-Location
X-ZONE
X-BC
MIME-Version
X-CF-Powered-By
X-Varnish-Hits
X-Request-URI
X-Varnish-URL
X-Servedbyhost
Pragrma
X-COUNTRY
X-App-Version
X-Shopify-Generated-Cart-Token
X-Nginx-Cache
X-Pjax-Url
X-VCL-Version
SRV
X-Gamma-Serve
Fastly-Backend-Name
X-GEO
Referer-Policy
WZWS-RAY
X-Batcache
Resin-Trace
X-Cdn-Forward
FSS-Cache
X-Up
X-BE
Hostname
X-CACHE-KEY
X-BACKEND-TTL
Lfy
X-Amzn-Requestid
X-Minions-Version
X-WebServer
GeoIP-Country-Code
X-ElasticPress-Query
Cteonnt-Length
HitType
X-Aicache-OS
Geoip-Latitude
GeoIp-Country-Code
X-Proxy-Upstream
GeoIP-Latitude
Product
X-ND-Cache
X-Via-CDN
X-Sucuri-Cache
Cdn-Request-Time
X-Fetched-On
Mime-Version
X-Cdn-Origin
CF-Cached-On
Cdn-Host
My-App
Powered-By-ChinaCache
X-Sn-Servicetimems
X-Edge-Server
X-HS-Status
X-Ratelimit-Remaining
Ohc-Cache-HIT
X-NGINX-Cache
X-GeoIP-Country-Code
X-PJAX-URL
X-Newrelic-App-Data
X-CSRF-TOKEN
X-ECache
X-Oss-Storage-Class
X-Check-Cacheable
X-Fastly-Country-Code
X-Oss-Hash-Crc64ecma
DCR-Processing-Time-Ms
DCR-Decision-By
X-ServedByHost
X-Oss-Object-Type
SN
X-Oss-Server-Time
X-Oss-Request-Id
X-Vcl-Version
X-Unique-ID
X-Fastly-Cache-Status
X-Varnish-Url
Pramga
Amp-Access-Control-Allow-Source-Origin
X-Azure-Ref-OriginShield
Location
X-PF-Uncompressing
X-Pf-Uncompressing
X-Fastly-Backend-Reqs
X-Request-Start
Group
X-Served-From
URI
X-CACHE-AGE
Cdn
Dt-Cache-Category
X-Fpc
X-B3-Spanid
X-LB-ID
X-Shard
X-Ratelimit-Limit
X-OVcl-Cache
X-Via-Ucdn
PFcat
X-OVcl
X-VarnishDD-TTL
XServer
X-Swift-Error
X-Tec-Api-Origin
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Vgn-Hpd-Cached
Country-Code
X-B3-SpanId
X-Via-NSCOPI
X-Vgn-Hpd-Variations-Key
X-Tec-Api-Root
A
X-Request-Time
X-Vgn-Hpd-Ssi
X-Tec-Api-Version
Cf-Alt-Svc
CloudFront-Viewer-Country
X-Client-Ip
X-Render-Time
X-Instart-Isnd
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
X-Debug-Cache-Store
Geoip-City
X-Platform
X-Ocache
X-Varnish-Beresp-TTL
Origin
X-Tb-Optimization-Total-Bytes-Saved
Lb
X-WR-MODIFICATION
X-WPE-Loopback-Upstream-Addr
X-Debug-Do-Not-Cache-Uri
X-Varnishpool
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
CF-IPCountry
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-WA
X-StackifyID
X-Debug-Cache-String
X-C
X-Debug-Cache-Bypass
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Cloudfront-Viewer-Country
Proxy-Firewall
X-Cache-Expired-At
WWW-Authenticate
X-Debug-Cache-Status
X-Planisys-CDN-Cache
Server-Ttl
X-Cache-Tag
SID
X-Ratelimit-Reset
PICS-Label
X-Ftr-Cache-Host
NnCoection
Request-Time
Region
Host-ID
X-Acquia-Site
X-Sigma
X-Acquia-Application-UUID
X-Cache-Hfrom
X-Sigma-Backend
X-Cache-Hm
X-Country-IP
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Rocket-Build-Number
Cneonction
X-APP
X-RSL
Pics-Label
X-ElasticPress-Search
X-Akamai-ERPolicy
Epwk-X-Cache
X-RPS
X-RPM
X-DW
TTL
X-Request-URL
X-Varnish-ID
X-Html-Edge-Cache
X-SB
X-VC
X-DSS
X-B3-Parentspanid
X-Dw-Trace-Id
X-Nananana
Req-ID
X-Li-Proto
X-Action
X-DB
X-DI
X-Akamai-ERRuleID