Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Request-ID
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Backend
X-Age
X-Cache-Group
Xkey
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
X-Amz-Id-2
X-Amz-Request-Id
Request-Context
X-Hacker
X-Page-Speed
X-UA-Device
EagleId
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
Report-To
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
X-Host
EagleEye-TraceId
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Pass-Why
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-Akam-SW-Version
X-ORACLE-DMS-ECID
X-Ruxit-JS-Agent
Fusion-Deployment-Id
NEL
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Url
X-Rack-Cache
X-Px
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-Vname
X-PC
X-TtlSet
Accept-CH
MS-Author-Via
X-Powered-By-Plesk
Verso
X-Ttl
Public-Key-Pins
X-B3-TraceId
Accept-CH-Lifetime
X-GitHub-Request-Id
Service-Worker-Allowed
X-DynaTrace
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Pagespeed
Display
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Abt-Application-Version
TCN
X-CST
X-Cached
X-Amz-Rid
X-Vcap-Request-Id
Pinterest-Generated-By
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
Accept-Ch
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-ESI
X-MSEdge-Ref
X-Version
Access-Control-Request-Method
Nginx-Cache
X-Grace
Nel
AR-PoweredBy
AR-Request-ID
AR-ATIME
S
Charset
SPIisLatency
SPRequestDuration
X-Debug
X-Upstream
Accept-Ch-Lifetime
AR-CACHE
Ar-Sid
X-FastCGI-Cache
SPRequestGuid
X-SharePointHealthScore
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
X-Client-IP
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Pinterest-Version
X-Pinterest-Rid
X-Element-Page-Cache
Realpath
X-Dw-Request-Base-Id
X-Id
X-Hp-Webp
X-Jurisdiction
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-XRDS-Location
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Frontend
X-FTR-Balancer
X-FTR-DC
Edge-Cache-Tag
X-FTR-Cache-Status
X-FTR-Realm
X-Request-Processing-Time
Server-Node
X-Request-Received
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
TP-L2-Cache
X-Goog-Generation
X-Goog-Metageneration
TP-Cache
X-Cache-Age
X-FTR-Expires
X-Cache-Hit
Front-End-Https
Server-Name
DynaTrace
Fastly-Restarts
X-Hostname
X-Forwarded-For
ServerID
X-Amzn-Trace-Id
PB-PID
Arc-Version
PB-RID
X-Zen-Fury
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
Powered
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Mobile-Rewrite
X-User-Agent
X-HS-Content-Id
X-Hits
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Revision
X-F-Cache
Accept-Charset
X-LB-Cache
X-Cdn
X-Akamai-Edgescape
X-Oneagent-Js-Injection
X-Jobs
X-Cache-Key
X-Page-Id
X-FTR-Cache-Host
X-Geo-Country
Filters
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Content-Powered-By
MicrosoftSharePointTeamServices
AMP-Access-Control-Allow-Source-Origin
X-Via-JSL
X-Kong-Upstream-Latency
X-Varnish-Age
X-Kong-Proxy-Latency
X-TTL
X-Ser
X-Origin-Server
X-B
Alternate-Protocol
X-Fastcgi-Cache
X-Rid
X-N
X-Yandex-Sdch-Disable
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Correlation-Id
X-Varnish-Backend
X-Esi
X-Daa-Tunnel
Host-Header
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Az
X-Activity-Id
X-AppVersion
X-Amz-Replication-Status
X-App-Server
X-ATG-Version
X-Git-Hash
X-FB-Debug
X-Type
Frame-Options
X-Server-ID
Section-Io-Cache
Retry-After
X-B-Cache
X-Contextid
Cache-Tags
DC
X-Varnish-Grace
X-Signature
Actual-Object-TTL
X-App-Environment
X-Whom
Paypal-Debug-Id
Fastcgi-Useragent
X-TT
X-Request-Guid
Surrogate-Key
X-Edge
X-AOL-HN
X-Status
X-Content-Options
X-RateLimit-Remaining
Host
X-Seen-By
Healthy
X-XRDS-LOCATION
X-Cache-Action
Source
X-Ruxit-Js-Agent
X-Host-Name
NR-ENABLED
WPE-Backend
X-B3-Sampled
Refresh
X-Pinterest-Direct
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Instance
X-Tumblr-User
X-Endurance-Cache-Level
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-ECACHE
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-APP-VERSION
X-ProcessESI
X-Cache-Rule
X-RemovedCookies
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Response-Served-From
X-Mid
X-Cache-Operation
Payment
X-MCACHE
X-Cache-Control
X-Rule
X-UUID
X-Region
Odigeo-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-FW-Hash
MS-CV
X-FW-Static
X-L-Path
X-Varnish-Server
X-Environment-Context
X-Amz-Apigw-Id
X-FW-Type
X-Cache-Time
X-Cacheable-TTL
Eomportal-Instance
X-FW-Dynamic
X-FW-Serve
X-FW-Server
Datacenter
X-Rendered-As
X-Is-Bot
Countrycode
Cache-Status
X-WA-Info
X-Adobe-Loc
Xserver
X-Adobe-Content
X-URL
X-Protected-By
X-GeoIP
X-Amzn-RequestId
X-Wix-Request-Id
NGB
X-Cluster
Srv
X-RequestSource
X-SERVER-NAME
Content-Disposition
X-Cache-Server
X-Akamai-Transformed
X-Correlation-ID
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Yottaa-Metrics
X-Cached-By
X-Vcache
X-Presslabs-Stats
X-Akamai-Request-ID2
Uber-Trace-Id
X-PressLabs-Stats
X-UnsetCookies
Version
X-Tumblr-Pixel-2
X-Time
X-Tumblr-Pixel-1
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Unique-Id
X-Origin-Response-Time
X-IPS-LoggedIn
Filterid
Upgrade-Insecure-Requests
X-VCache
X-Load-Cache
Access-Control-Request-Headers
X-Mode
Liferay-Portal
X-Mobile
X-Handled-By
X-Cache-Remote
X-Proxy
X-PHP-Backend
X-Time-Microsecs
Cross-Origin-Window-Policy
X-Adobe-Source
X-RN-RSRV
X-PCL
X-MP-GENERATED-AT
X-No-Session
X-Viewer-Country
X-Storage
X-UA-Device-Type
X-Path-Route
X-FireWall-Port
X-Cache-Var
X-Cache-Status-Check
X-NGENIX-Cache
X-Cache-Var-Map
X-ES-SERVER
X-CCM
X-OCL
Meta-Geo
X-Framework
Cache
X-FW-Version
X-Backend-Name
Akamai-GRN
X-LJ-Flow-ID
Webserver
X-Say-Cacheable
X-Redis-Cache
X-NYM-Debug-Backend
Cache-Hits
X-Cache-Config
Decoy-Debug-TTL
DSUID
X-AWS-Id
Decoy-Debug-Status
Decoy-Debug-Key
X-Say-TTL
X-BCube-Filmed-By
Fastly-SSL
Accept-Language
X-Web-Node
X-SayCDN-TTL
X-VWS-Id
X-TX-ID
X-Via-Fastly
X-Info
X-Hyper-Cache
X-Access
S-Rt
X-Cache-NGX
X-Human
Now
X-TNCMS
X-FC-Vary-Parameters
Cache-Name
Cleartype
ServedBy
X-Xfnlog-Site
X-Format
X-Loop
X-Real-IP
Ms-Operation-Id
X-Pubstack
Section-Io-Origin-Time-Seconds
X-RTag
X-Section
Section-Origin-Responded
X-ProxyCache-Status
X-ProxyCache-Key
Mn-Server-Ip
X-Origin
X-ApacheServer
X-BYPASS-REASON
X-PERF
Section-Io-Origin-Status
Section-Io-Id
X-NCache
X-Cache-Enabled
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Bc-Bl
TWC-Privacy
Property-Id
X-Hl-Ver
X-Goog-Meta-Goog-Reserved-File-Mtime
Webcakes-App-Version
Webcakes-Region
X-ServerID
X-R9-Blue-Green-Version
X-Origin-Hint
Webcakes-App-Name
X-Azure-Ref
TWC-Device-Class
X-Device-Type
Origin-Cache-Control
Origin-Edge-Control
X-FB-TRIP-ID
X-CS
TWC-Connection-Speed
X-Alternate-Cache-Key
X-Generated
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Timing-Wait
X-UPSTREAM-Address
X-Zipkin-Id
X-Www-Served-By
X-SaId
X-Routing-Service
X-Hosted-By
X-From
X-EIG-Tracking-Id
X-IP
X-JoinUs
X-Proxy-Build
X-Proxied
X-Locale
X-Detected-As
X-Site-Version
DB-Nickname
Country
Ec-Rule-Version
X-Source
Selected-Fe
Azure-Version
Azure-SlotName
Azure-RegionName
X-Cache-NE
Azure-InstanceId
X-Varnish-Cache-Hits
Azure-SiteName
X-Content-Age
X-Old-Content-Length
X-Geo
X-CSRF-Token
X-Cluster-Node
SD-X-WS
X-CDN-Forward
X-NWS-UUID-VERIFY
X-PHP-Host
X-Backend-TTL
X-Labrador-Cache-Channel
Cache-Tv-Group
X-Varnish-Hostname
Time
X-Qloud-Router
User-Agent
X-Pad
Load-Balancing
X-Litespeed-Cache
X-Cache-Host
X-Air-Hostname
FilterID
S-Cnection
X-NewRelic-App-Data
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-EC-Lua
X-Ua
X-Cache-Backend
X-RCS-CacheZone
X-Parent-Response-Time
X-RateLimit-Limit
X-Cache-2
X-Microcachable
X-Proxy-Cache-Status
X-Urbn-Site-Id
X-Forwarded-Host
X-Urbn-Context-Path
Locale
X-NC
X-Cache-Grace
Server-Info
X-Release
X-Akamai-Request-ID
X-Tumblr-Pixel-3
Tracecode
X-SRV
X-CLOUD-TRACE-CONTEXT
OT-Force-Account-Verify
NGX
X-UA
X-Debug-Cache
Proxy-Connection
X-FORWARDED-FOR
Sid
Cache-Key
X-Vgn-Hpd-Reason
X-Soup
X-Tb
X-TIME
X-Newrelic-Synthetics
Geo-Info
Viewtype
Machine
UCS
X-Node-Id
X-Aed
MD5-Digest
X-Processor
X-Cluster-Name
Who
X-Application
Server-Host
Meta-Geo-Continent
X-Uri
True-Client-Country-4JS
X-SRCache-Key
X-PAYTM-SRV-ID
VivaBuild
X-A-Wwc
CDCHOST
X-Instart-Info
X-A
X-G
Content-Script-Type
Content-Style-Type
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
GEO-REGION-INFO
BehaviorPad-Version
AsisCache
X-A-Dcw
X-A-Dgt
X-Region-Sid
X-Accel-Expires-Debug
X-A-Dam
X-A-Ccd
Arc-Country
X-CF-Lambda-Version
X-External-Request-Id
M-TraceId
Mobile-Detection-Method
X-ARC
Rendered-Blocks
X-Vdms-Path
X-Vtex-Remote-Cache
X-ScT
ServerName
X-User
X-Geo-Header
X-Worker
Pagetype
X-Vtex-Processado-Em
X-DevSite-Last-Modified
X-Date
X-Session-Fingerprint
X-ServiceProvider
X-Vdms-Version
X-Destination
X-VG-WebCache
X-Magnolia-Registration
X-Developer
X-VG-WebServer
X-D
X-Twitter-Response-Tags
X-Connection-Hash
X-Trv-Group
X-Reqid
X-B-Cookie
X-Transaction
X-Rojux
X-Rewrite-Enabled
T-Server
X-Request-UUID
X-S-Cookie
Xc-Version
X-S
X-Proto
User-Cache-Control
Thinkindot-CacheControl-Type
X-CGP
Web-Mar-Node
X-Fmm-Version
N-Cache
Ha-Gx-Prefs
FNAC-ModuleRouting
NM-Fastcgi-Cache
X-Gen-Mode
X-Generated-In
Thinkindot-CacheControl
X-Generation-Time
X-Generated-On
Rt-Fastcgi-Cache
HA-Ipaddr
Kp-EeAlive
On-Server
Release
X-Epic-Correlation-Id
L5d-Success-Class
X-Distil-CS
V-Age
X-Clientip
Platform
Mail-Subject
Thinkindot-Control
X-Dispatcher-Server
Magicmarker
IsBot
Is-Eu
Memcached
X-Cms-Context
X-Core-Value
X-Eu-Site
X-Dispatch
X-Device-Os
X-Platform-Server
X-Via-PopV
X-VServer
X-Via-PopH
Vix-Hermes-Req-Id
X-Clara-WADP
X-VG-TLSProxy
X-SD-PageType
X-WADP-Cache
X-Wikidot-Static-Cache
X-Scheme
X-Block-Status
X-Wikidot-Backend
X-We-Are-Hiring
X-Cache-Info
X-Servername
X-SIPLIST1
X-Trace-Id
X-SN
X-Swa-Ws
X-Branch-Name
X-TA-CDN-Provider
X-Thinkindot-L3
X-Cache-Bucket
X-Backend-State
X-Varnish-Cacheable
X-VC-Cache
X-Variation
X-TT-TIMESTAMP
X-Skip-Cache
Node
X-Cache-PHP
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Is-Gdpr
X-JWT-State
Adler-Geo
Apple-News-Services-Request-Url
C-Via
X-Has-Esi
Esi-Enabled
X-Hash
X-Hit
X-Hnp-Log
X-LAGOON
X-Level-Front-Cache
Viewport
We-Hiring
X-Agile-Id
X-Dc
X-Reboot
X-Cache-Tags
X-Agile-Age
X-Agile
X-Matched-Rule
X-Location
X-Ms-Request-Id
X-Ms-Version
X-NodeID
Fastly-Drupal-HTML
X-Envoy-Decorator-Operation
X-DC
Apigw-Requestid
X-Cache-FS-Status
X-Cache-URL
X-Mvc-Supplant-Cachable
X-Rebelmouse-Surrogate-Control
X-Req
X-Rebelmouse-Cache-Control
X-Policy
X-Owner
X-Request-Host
X-Response-By
X-Slack-Backend
X-Thanos
X-TrackingId
X-Server-W
X-Webstats-RespID
X-Origin-Expires
X-Origin-Date
X-GoCache-CacheStatus
X-Irp-Debug
X-Fastly-Cache
X-Envoy-Upstream-Healthchecked-Cluster
X-Distributor
X-Li-Fabric
X-Li-Pop
X-Micro-Cache
X-Nginx-Cache-Key
X-Method
X-Logging-Id
X-LI-UUID
X-Developers
Sever-Int
RNT-Time
L
W
Wxu-Next-Commit
AKAMAI
Cache-Cookie-Set-From
Server-Ext
Server-Hostname
Cache-Cookie-Set-Idcheck
Server-ID
Cache-Cookie-Set-Lfrom
Wxu-Next-Hostname
Fastly-SIE
X-Auto-Login
X-Backend-Host
X-BBXSRF
Fastly-SWR
Wxu-Next-Region
GEO-INFO
X-Bip
RNT-Machine
X-Srv
Gh-Request-Id
Cf-Ipcountry
Cache-Host
X-Server-IP
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-App
X-Varnish-Authentication
X-Refresh
X-LI-Proto
X-Var-Ttl
X-App-Name
X-Cache-ASPX
X-Core-Mission
X-Contensis-Viewer-Groups
X-VCT
CacheControlHeader
Ohc-File-Size
X-Be
X-Cdn-Srv
X-Wa
X-Mvc-Supplant-OutputCached
X-Compress-Hint
X-Nc
X-S-Maxage
X-Varnish-Beresp-Grace
X-TH-Server
Server-Cache-Control
X-Varnish-Beresp-Ttl
X-Generated-By
X-Varnish-Beresp-Status
Server-Surrogate-Control
X-Cache-Id
X-Cache-Debug
X-Esi-Check
X-Loc
X-Gzip
X-Zone
Memory
X-Bc
X-FPC
X-Origin-CC
X-B3-Traceid
X-Origin-TTL
LB
X-Sucuri-ID
Ohc-Response-Time
NtCoent-Length
X-Rocket-Nginx-Bypass
X-CACHE-KEY
X-AIR-PT
X-NU-AKA-ACS-Version
HostName
X-Configured-By
Heartbleed
X-Key
X-ZONE
X-SVT-ORM-RULES
Request-EU
X-SVT-ORM-VERSION
Locid
X-Webkit-CSP
Request-Country
X-MSEdge-Features
X-MSEdge-Flight
X-Varnish-Ttl
X-BC
CACHE
X-Storefront-Renderer-Rendered
SRV
X-Debug-Panamera-Sitecode
X-Request-URI
X-Debug-Panamera-Host
X-Shopify-Generated-Cart-Token
X-Edge-Location
X-Svr
X-CF-Powered-By
MIME-Version
X-Varnish-Hits
X-COUNTRY
X-Servedbyhost
X-Varnish-URL
Pragrma
X-Amzn-Requestid
X-Nginx-Cache
WZWS-RAY
X-Pjax-Url
Resin-Trace
X-Gamma-Serve
X-VCL-Version
Fastly-Backend-Name
X-GEO
X-Batcache
FSS-Cache
Referer-Policy
X-Cdn-Forward
Hostname
X-BE
X-Up
X-WebServer
X-App-Version
Lfy
GeoIP-Country-Code
X-BACKEND-TTL
Product
GeoIp-Country-Code
Geoip-Latitude
X-Proxy-Upstream
X-Fetched-On
X-Sn-Servicetimems
Cteonnt-Length
X-ND-Cache
My-App
Mime-Version
HitType
X-Via-CDN
GeoIP-Latitude
X-Aicache-OS
X-Minions-Version
X-Cdn-Origin
X-ElasticPress-Query
X-Sucuri-Cache
X-NGINX-Cache
X-GeoIP-Country-Code
Powered-By-ChinaCache
CF-Cached-On
X-Edge-Server
Cdn-Host
Cdn-Request-Time
X-HS-Status
X-Ratelimit-Remaining
X-ServedByHost
X-Vcl-Version
X-PJAX-URL
SN
Ohc-Cache-HIT
X-Shard
X-CSRF-TOKEN
X-Varnish-Url
X-ECache
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Check-Cacheable
X-Oss-Server-Time
X-Fastly-Country-Code
X-Pf-Uncompressing
DCR-Processing-Time-Ms
DCR-Decision-By
X-Newrelic-App-Data
X-Unique-ID
X-Served-From
X-Azure-Ref-OriginShield
X-Fastly-Cache-Status
Group
Location
X-Oracle-Dms-Rid
Amp-Access-Control-Allow-Source-Origin
X-Request-Start
X-Fastly-Backend-Reqs
X-B3-Spanid
Cdn
URI
Pramga
X-PF-Uncompressing
X-CACHE-AGE
Dt-Cache-Category
X-LB-ID
X-Via-Ucdn
X-Ratelimit-Limit
X-VarnishDD-TTL
X-Fpc
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-OVcl
X-Via-NSCOPI
X-Request-Time
XServer
PFcat
Country-Code
X-OVcl-Cache
X-Swift-Error
X-Vgn-Hpd-Cached
A
X-Vgn-Hpd-Variations-Key
X-Tec-Api-Root
X-B3-SpanId
X-DPWN-IS-SECURE
Cf-Alt-Svc
X-Tec-Api-Origin
Geoip-City
X-Tec-Api-Version
CloudFront-Viewer-Country
X-Vgn-Hpd-Ssi
X-Dynatrace
X-Client-Ip
CF-IPCountry
Origin
X-Ocache
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Beresp-TTL
X-Render-Time
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Platform
X-Instart-Isnd
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-C
X-WPE-Loopback-Upstream-Addr
Lb
X-WR-MODIFICATION
X-Debug-Xas-Auth
X-Debug-Cache-String
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Ratelimit-Reset
Proxy-Firewall
X-Rocket-Build-Number
SID
PICS-Label
WWW-Authenticate
X-Cache-Expired-At
X-Sigma
X-Sigma-Backend
X-APP
Host-ID
X-Varnishpool
X-Cache-Tag
X-Country-IP
Server-Ttl
Request-Time
X-StackifyID
X-Apw-Hits
X-Apw-Access-Token
X-WA
X-Apw-Access-Action
X-Apw-Access-Object
X-Ftr-Cache-Host
Cloudfront-Viewer-Country
X-DB
TTL
X-Cache-Hfrom
X-Cache-Hm
X-DW
NnCoection
Region
X-RSL
X-RPS
X-RPM
X-Action
X-DSS
X-DI
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Site
Cneonction
X-SB
X-Li-Proto
Epwk-X-Cache
X-Akamai-ERPolicy
Pics-Label
X-VC
X-Dw-Trace-Id
X-Varnish-ID
X-Request-URL
X-Html-Edge-Cache
X-Nananana
X-ElasticPress-Search
X-B3-Parentspanid
Req-ID
X-Akamai-ERRuleID