Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
X-Request-ID
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Origin-Upstream-Status
X-Readtime
X-Node
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Request-Id
X-DataDome
Content-Location
X-Pass-Why
X-Mod-Pagespeed
X-Application-Context
NEL
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
Edge-Control
X-Cloud-Trace-Context
X-Clacks-Overhead
X-Cnection
X-Url
X-Px
X-Rack-Cache
X-FTR-Request-ID
RTSS
X-Goog-Hash
MS-Author-Via
X-Vname
X-PC
X-TtlSet
X-Powered-By-Plesk
Accept-CH
Verso
X-DynaTrace
X-B3-TraceId
Public-Key-Pins
Service-Worker-Allowed
X-GitHub-Request-Id
X-Ttl
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
Accept-CH-Lifetime
X-MS-InvokeApp
Response
Pagespeed
Display
X-Amz-Server-Side-Encryption
Arr-Disable-Session-Affinity
X-Middleton-Display
X-Varnish-TTL
X-Middleton-Response
X-Sol
X-Forwarded-Proto
X-Cache-TTL
X-D2id
Pinterest-Generated-By
X-Amz-Rid
X-CST
TCN
X-Abt-Application-Version
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
Accept-Ch
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Instart-Request-ID
X-ESI
X-Accel-Expires
Accept-Ch-Lifetime
X-Version
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-MSEdge-Ref
Access-Control-Request-Method
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Grace
Nginx-Cache
Ar-Sid
AR-CACHE
X-Upstream
Charset
X-Debug
X-Powered-CMS
S
SPRequestDuration
X-FastCGI-Cache
SPIisLatency
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace-JS-Agent
Realpath
X-Ezoic-Cdn
Content-MD5
X-Pinterest-Rid
Pinterest-Version
X-Trace
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Element-Page-Cache
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Hp-Webp
X-Jurisdiction
X-Id
Nel
X-Shield-Request-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Mobile-URL
X-XRDS-Location
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
Server-Node
X-Country-Code-Real
X-Oneagent-Js-Injection
X-Cache-Hit
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Cache-Age
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
X-FTR-Expires
X-Goog-Metageneration
Front-End-Https
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
Server-Name
ServerID
X-Forwarded-For
X-Cache-Key
X-Hostname
X-Amzn-Trace-Id
DynaTrace
Arc-Version
PB-PID
PB-RID
Fastly-Restarts
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Akamai-Edgescape
X-Mobile-Rewrite
X-Hits
X-LB-Cache
X-Page-Id
X-F-Cache
X-TTL
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
Accept-Charset
X-Jobs
X-ORACLE-APMCS-REQUEST-ID
Filters
X-ORACLE-APMCS-TAG
X-Cdn
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-Yandex-Sdch-Disable
X-FTR-Cache-Host
X-Geo-Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Origin-Server
X-Via-JSL
X-Varnish-Age
MicrosoftSharePointTeamServices
X-B
Alternate-Protocol
X-N
X-Rid
X-Erf-Bev-Bev-Is-Generated
X-Daa-Tunnel
X-Erf-Bev-Bev
X-Ser
Host-Header
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Fastcgi-Cache
X-Activity-Id
X-Az
X-ATG-Version
X-AppVersion
X-WebKit-CSP-Report-Only
DC
Cache-Tags
Paypal-Debug-Id
X-Correlation-Id
X-Amz-Replication-Status
X-Esi
X-App-Server
X-FB-Debug
Retry-After
X-Type
Actual-Object-TTL
X-Git-Hash
X-Debug-Info
X-TT
X-Varnish-Grace
X-Whom
Section-Io-Cache
X-App-Environment
X-B-Cache
X-Signature
Frame-Options
X-XRDS-LOCATION
X-Contextid
X-Server-ID
Surrogate-Key
X-Request-Guid
X-Edge
X-Status
Fastcgi-Useragent
X-Content-Options
X-AOL-HN
Host
Healthy
X-Cache-Action
X-Seen-By
X-Pinterest-Direct
X-RateLimit-Remaining
Source
Refresh
X-Host-Name
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-B3-Sampled
X-Endurance-Cache-Level
X-Tumblr-Pixel
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-Accel-Buffering
X-ProcessESI
X-Response-Served-From
X-RemovedCookies
X-Cache-Rule
X-Drupal-Cache-Tags
X-Amz-Apigw-Id
X-Cache-Operation
X-Mid
X-Rule
X-Region
VIX-Pulpo-Upstream-Status
X-MCACHE
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Amzn-RequestId
MS-CV
Eomportal-Instance
X-Cacheable-TTL
X-UUID
X-L-Path
Payment
X-Litespeed-Cache
X-Environment-Context
X-Cache-Time
X-FW-Type
X-Varnish-Server
X-FW-Dynamic
X-Rendered-As
Datacenter
X-FW-Static
X-Is-Bot
X-Cache-Control
X-FW-Server
X-FW-Hash
X-FW-Serve
Countrycode
X-WA-Info
NR-ENABLED
WPE-Backend
Cache-Status
X-Adobe-Loc
X-Adobe-Content
Xserver
Srv
X-Protected-By
X-APP-VERSION
X-URL
X-GeoIP
X-Correlation-ID
X-VCache
Content-Disposition
X-PressLabs-Stats
NGB
X-Wix-Request-Id
X-Akamai-Transformed
X-Cluster
X-RequestSource
X-EdgeConnect-Cache-Status
X-Cached-By
X-Cache-Server
X-SERVER-NAME
X-Akamai-Request-ID2
X-Yottaa-Metrics
X-Yottaa-Optimizations
Uber-Trace-Id
X-UnsetCookies
X-Tt-Trace-Tag
X-Time
X-Origin-Response-Time
X-Tt-Trace-Host
Version
X-Mode
X-Load-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Proxy
Filterid
X-Mobile
X-IPS-LoggedIn
X-Handled-By
Access-Control-Request-Headers
X-PHP-Backend
X-Unique-Id
X-Cache-Remote
Liferay-Portal
X-FireWall-Port
Accept-Language
X-Presslabs-Stats
X-RN-RSRV
X-NGENIX-Cache
X-Viewer-Country
X-Cache-Var
Cross-Origin-Window-Policy
X-Path-Route
X-Via-Fastly
Meta-Geo
X-Cache-Var-Map
X-Framework
X-Cache-Status-Check
X-No-Session
X-ES-SERVER
X-CCM
X-Backend-Name
X-UA-Device-Type
X-Azure-Ref
X-Adobe-Source
X-MP-GENERATED-AT
Decoy-Debug-TTL
X-Locale
X-OCL
DSUID
X-Time-Microsecs
Decoy-Debug-Status
Decoy-Debug-Key
X-Site-Version
X-NewRelic-App-Data
X-PCL
ServedBy
Cache-Hits
X-Redis-Cache
X-Pubstack
X-PERF
X-Www-Served-By
X-AWS-Id
X-Storage
X-ApacheServer
X-LJ-Flow-ID
X-Cache-NGX
Cache
X-VWS-Id
Akamai-GRN
Cache-Name
Cleartype
X-Human
X-Real-IP
X-R9-Blue-Green-Version
X-NCache
X-Info
X-RTag
X-Say-Cacheable
X-TX-ID
X-SayCDN-TTL
X-Web-Node
X-Say-TTL
X-FW-Version
X-Cache-Config
Origin-Edge-Control
Origin-Cache-Control
Now
Ms-Operation-Id
Section-Io-Id
Section-Io-Origin-Status
Webserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Fastly-SSL
Mn-Server-Ip
Upgrade-Insecure-Requests
X-Access
Webcakes-App-Version
Webcakes-Region
X-Bc-Bl
X-Cache-Enabled
X-BYPASS-REASON
Webcakes-App-Name
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
X-CS
TWC-GeoIP-LatLong
TWC-Privacy
X-Device-Type
X-ProxyCache-Status
X-ProxyCache-Key
X-Routing-Service
X-Section
X-UPSTREAM-Address
X-ServerID
X-Proxied
X-Origin-Hint
X-Format
X-FC-Vary-Parameters
X-Hl-Ver
X-NWS-UUID-VERIFY
X-Origin
Property-Id
X-Zipkin-Id
X-EIG-Tracking-Id
X-Detected-As
X-FB-TRIP-ID
X-Sorting-Hat-ShopId
X-From
X-TNCMS
X-CSRF-Token
X-Xfnlog-Site
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Sorting-Hat-PodId
X-Generated
X-ShardId
X-NYM-Debug-Backend
X-Proxy-Build
X-SaId
X-ShopId
X-Loop
X-Hyper-Cache
X-Shopify-Stage
X-IP
X-JoinUs
DB-Nickname
X-Timing-Wait
Selected-Fe
Azure-SlotName
Azure-Version
X-Hosted-By
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Varnish-Cache-Hits
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Source
X-Content-Age
Load-Balancing
Country
X-Qloud-Router
X-Labrador-Cache-Channel
Ec-Rule-Version
X-PHP-Host
X-Cluster-Node
X-Air-Hostname
SD-X-WS
X-Geo
X-Old-Content-Length
X-Cache-NE
Cache-Tv-Group
User-Agent
X-Varnish-Hostname
X-Cache-Host
Time
X-Pad
X-Release
X-Vcache
X-CDN-Forward
FilterID
X-Drupal-Cache-Contexts
X-Backend-TTL
X-Cache-TTL-Remaining
X-Parent-Response-Time
X-Cache-2
X-Cache-Backend
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Ua
X-RCS-CacheZone
S-Cnection
Server-Info
X-Akamai-Request-ID
X-EC-Lua
X-Cache-Grace
X-Webkit-CSP
X-Proxy-Cache-Status
X-Forwarded-Host
X-Microcachable
X-Tumblr-Pixel-3
X-RateLimit-Limit
X-Srv
X-Debug-Cache
X-UA
Proxy-Connection
X-Dc
X-NC
X-Soup
NGX
OT-Force-Account-Verify
X-FORWARDED-FOR
Tracecode
X-Tb
Sid
Apigw-Requestid
X-PAYTM-SRV-ID
X-Region-Sid
X-Aed
X-Cluster-Name
X-Processor
X-Uri
X-NodeID
True-Client-Country-4JS
T-Server
X-Generated-On
X-Destination
X-Date
X-D
X-Developer
GEO-REGION-INFO
X-Dispatch
X-DevSite-Last-Modified
X-Connection-Hash
X-CF-Lambda-Version
Meta-Geo-Continent
Mobile-Detection-Method
Pagetype
X-CF-Lambda-Fn
MD5-Digest
M-TraceId
Machine
Fastcgi-X-Cache-Version
X-B-Cookie
X-Geo-Header
X-Reqid
Arc-Country
X-Application
X-Instart-Info
X-Proto
ServerName
AsisCache
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
Server-Host
X-External-Request-Id
X-G
X-ARC
X-Level-Front-Cache
X-S-Cookie
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-A-Dgt
X-SRCache-Key
X-Accel-Expires-Debug
UCS
X-VG-WebCache
X-A-Ccd
X-A-Wwc
X-Trv-Group
X-A-Dcw
X-Trace-Id
X-VG-WebServer
X-A
X-Transaction
X-Swa-Ws
X-Vdms-Version
X-Twitter-Response-Tags
Geo-Info
X-A-Dam
Who
Rendered-Blocks
X-Session-Fingerprint
X-S
X-Rojux
Cache-Key
Xc-Version
X-Rewrite-Enabled
X-ScT
X-Scheme
VivaBuild
X-ServiceProvider
X-Vdms-Path
Viewtype
User-Cache-Control
X-Magnolia-Registration
X-TIME
X-VC-Cache
X-Dispatcher-Server
X-Wikidot-Static-Cache
X-Device-Os
X-Wikidot-Backend
CDCHOST
FNAC-ModuleRouting
X-Block-Status
NM-Fastcgi-Cache
N-Cache
X-Cache-Bucket
GEO-INFO
On-Server
X-Via-PopV
Release
X-Cache-FS-Status
X-Cache-Info
X-Branch-Name
X-Via-PopH
IsBot
X-Bip
X-Cms-Context
Kp-EeAlive
X-Clara-WADP
Mail-Subject
Magicmarker
X-WADP-Cache
X-Core-Value
X-Generation-Time
X-Ms-Version
X-Agile
X-SN
X-Skip-Cache
X-Ms-Request-Id
X-Micro-Cache
X-Location
X-Logging-Id
X-Matched-Rule
X-Method
Vix-Hermes-Req-Id
X-Node-Id
X-Vgn-Hpd-Reason
X-SD-PageType
Viewport
V-Age
Thinkindot-Control
X-Owner
X-SIPLIST1
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Worker
X-Thanos
X-TT-TIMESTAMP
X-Thinkindot-L3
X-Hnp-Log
AKAMAI
X-Generated-In
X-Fmm-Version
X-User
X-Gen-Mode
X-Agile-Id
X-Hash
Web-Mar-Node
We-Hiring
X-LAGOON
X-Agile-Age
X-Cache-PHP
Cf-Ipcountry
X-Envoy-Decorator-Operation
X-Hit
X-SRV
X-Newrelic-Synthetics
X-BBXSRF
X-Backend-State
X-Backend-Host
X-Auto-Login
X-Reboot
X-Server-W
X-Servername
X-RateLimit-Remaining-Second
X-Response-By
X-Request-UUID
X-Policy
X-Req
X-Request-Host
X-Slack-Backend
X-RateLimit-Limit-Second
X-VG-TLSProxy
X-We-Are-Hiring
X-VServer
X-Webstats-RespID
X-Varnish-Cacheable
X-TrackingId
X-Variation
X-Platform-Server
X-Origin-Expires
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-Distil-CS
X-Developers
X-Cache-URL
X-CGP
X-Clientip
X-Eu-Site
X-Fastly-Cache
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Origin-Date
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-Irp-Debug
X-Cache-Tags
Wxu-Next-Region
Gh-Request-Id
Fastly-Drupal-HTML
Cache-Cookie-Set-Lfrom
Ha-Gx-Prefs
HA-Ipaddr
Memcached
L5d-Success-Class
Is-Eu
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Apple-News-Services-Handled
Node
X-TA-CDN-Provider
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
C-Via
Apple-News-Services-Request-Url
Platform
Adler-Geo
Server-Ext
Sever-Int
RNT-Machine
RNT-Time
Server-Hostname
Wxu-Next-Hostname
Rt-Fastcgi-Cache
Wxu-Next-Commit
X-Be
X-Core-Mission
Fastly-SIE
X-Contensis-Viewer-Groups
Esi-Enabled
CacheControlHeader
X-GoCache-CacheStatus
W
X-Li-Fabric
X-App
X-Rebelmouse-Surrogate-Control
X-Varnish-Authentication
X-Cache-ASPX
X-Var-Ttl
X-Li-Pop
X-Rebelmouse-Cache-Control
X-LI-UUID
Fastly-SWR
X-Nc
X-LI-Proto
Server-ID
X-Refresh
X-Compress-Hint
L
X-DC
X-TH-Server
Ohc-File-Size
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Cache-Host
X-App-Name
X-Server-IP
HostName
X-CLOUD-TRACE-CONTEXT
X-Loc
X-Wa
X-Cache-Id
X-Gzip
X-VCT
X-Esi-Check
X-AIR-PT
X-Cache-Debug
X-Origin-TTL
X-Origin-CC
LB
X-Cdn-Srv
X-Mvc-Supplant-OutputCached
X-Sucuri-ID
X-ZONE
X-Configured-By
X-BC
X-S-Maxage
X-Storefront-Renderer-Rendered
Server-Surrogate-Control
X-SVT-ORM-RULES
X-FPC
X-Key
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
X-Generated-By
NtCoent-Length
Server-Cache-Control
X-B3-Traceid
X-MSEdge-Flight
Memory
X-Edge-Location
Ohc-Response-Time
X-MSEdge-Features
X-Zone
X-App-Version
X-Bc
X-Rocket-Nginx-Bypass
X-Varnish-URL
X-Varnish-Ttl
Pragrma
MIME-Version
CACHE
X-CF-Powered-By
X-Cdn-Forward
X-Svr
Locid
X-Debug-Panamera-Host
X-Servedbyhost
Request-Country
Heartbleed
Request-EU
Referer-Policy
X-Debug-Panamera-Sitecode
X-Varnish-Hits
Fastly-Backend-Name
X-COUNTRY
X-Pjax-Url
Resin-Trace
X-GEO
X-Batcache
X-Request-URI
X-Nginx-Cache
X-Shopify-Generated-Cart-Token
X-VCL-Version
X-BACKEND-TTL
X-Up
FSS-Cache
SRV
WZWS-RAY
X-Gamma-Serve
X-Minions-Version
X-Via-CDN
GeoIp-Country-Code
Geoip-Latitude
X-Aicache-OS
X-ElasticPress-Query
X-ND-Cache
X-Sucuri-Cache
X-Ratelimit-Remaining
Lfy
X-CACHE-KEY
X-WebServer
CF-Cached-On
X-Amzn-Requestid
X-BE
Hostname
X-Oss-Object-Type
Product
X-Check-Cacheable
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Mime-Version
GeoIP-Country-Code
X-Proxy-Upstream
X-Oss-Storage-Class
X-Oss-Server-Time
HitType
Cteonnt-Length
X-Cdn-Origin
X-Vcl-Version
My-App
Powered-By-ChinaCache
Cdn-Request-Time
X-Sn-Servicetimems
Cdn-Host
X-Fetched-On
GeoIP-Latitude
X-PJAX-URL
X-ECache
X-NGINX-Cache
DCR-Decision-By
X-Edge-Server
DCR-Processing-Time-Ms
X-Unique-ID
X-NODE
X-Fastly-Cache-Status
X-GeoIP-Country-Code
X-PF-Uncompressing
Ohc-Cache-HIT
X-HS-Status
Pramga
X-Azure-Ref-OriginShield
Location
X-CSRF-TOKEN
X-Ratelimit-Limit
X-ServedByHost
X-Fastly-Country-Code
SN
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Fastly-Backend-Reqs
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
X-LB-ID
X-CACHE-AGE
X-Served-From
X-VarnishDD-TTL
X-OVcl
X-Request-Start
Group
X-OVcl-Cache
URI
PFcat
Dt-Cache-Category
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Fpc
Cdn
X-B3-Spanid
X-Newrelic-App-Data
X-Shard
X-Instart-Isnd
X-B3-SpanId
X-Render-Time
X-Platform
X-Varnishpool
X-Via-Ucdn
XServer
X-Ratelimit-Reset
X-Swift-Error
X-Ftr-Cache-Host
WWW-Authenticate
X-Via-NSCOPI
A
Country-Code
CloudFront-Viewer-Country
Cf-Alt-Svc
X-Request-Time
X-IN-APIGATEWAY
X-Cache-Expired-At
X-IN-APIGATEWAYSSL
X-DPWN-IS-SECURE
Geoip-City
X-Debug-Cache-Fetch
PICS-Label
X-Ocache
X-Varnish-Beresp-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Store
Origin
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
Lb
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-StackifyID
Server-Ttl
X-Debug-Xas-Auth
X-Debug-Cache-Bypass
X-C
X-LiteSpeed-Cache-Control
X-Debug-Cache-String
X-Apw-Access-Object
Epwk-X-Cache
X-Planisys-CDN-Rules
X-WA
X-Planisys-CDN-Cache
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
CF-IPCountry
SID
X-Apw-Access-Action
X-Apw-Access-Token
Cloudfront-Viewer-Country
X-Apw-Hits
X-CUA
X-Planisys-CDN-TTL
Region
X-Sigma
X-Sigma-Backend
Cneonction
X-Oss-Cdn-Auth
X-Rocket-Build-Number
X-Acquia-Application-UUID
X-Cache-Hfrom
X-Cache-Tag
X-Cache-Hm
Proxy-Firewall
X-Country-IP
X-Acquia-Site
Request-Time
Host-ID
X-Acquia-Application-Trace
X-Nananana
NnCoection
X-Acquia-Purge-Tags
X-APP
Pics-Label
Req-ID
X-Li-Proto
X-B3-Parentspanid
X-DW
X-DSS
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-RSL
X-RPS
X-RPM
X-DI
X-DB
X-Action
X-Dw-Trace-Id
X-SB
TTL
X-Html-Edge-Cache
X-Varnish-ID
X-ElasticPress-Search
X-Request-URL
X-VC