Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
P3p
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Cache-Group
X-Request-ID
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Pass-Why
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-ORACLE-DMS-ECID
NEL
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Px
X-Url
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
MS-Author-Via
X-Vname
X-TtlSet
X-PC
Accept-CH
X-Powered-By-Plesk
Verso
X-DynaTrace
Public-Key-Pins
Accept-CH-Lifetime
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Ttl
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
Display
Pagespeed
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Cached
X-CST
X-Amz-Rid
TCN
Pinterest-Generated-By
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Accept-Ch
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-ESI
X-Version
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
X-Grace
Nginx-Cache
X-FastCGI-Cache
Ar-Sid
AR-CACHE
Accept-Ch-Lifetime
S
X-Debug
X-Upstream
Charset
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-Client-IP
X-SharePointHealthScore
X-SRCache-Fetch-Status
SPRequestGuid
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Realpath
Pinterest-Version
Content-MD5
X-Ezoic-Cdn
Nel
X-Trace
X-Element-Page-Cache
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-XRDS-Location
X-Frontend
X-Request-Processing-Time
X-Request-Received
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Cache-Hit
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
Server-Node
X-Cache-Age
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
Front-End-Https
Server-Name
ServerID
X-Forwarded-For
DynaTrace
X-Hostname
X-Amzn-Trace-Id
X-Cache-Key
Fastly-Restarts
Arc-Version
PB-PID
PB-RID
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-TTL
X-Content-Security-Policy-Report-Only
X-Revision
X-Mobile-Rewrite
X-User-Agent
X-Cdn
X-Akamai-Edgescape
X-LB-Cache
X-Oneagent-Js-Injection
X-Hits
X-Page-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-F-Cache
X-Jobs
Accept-Charset
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-FTR-Cache-Host
Filters
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Via-JSL
X-Yandex-Sdch-Disable
MicrosoftSharePointTeamServices
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-B
X-Varnish-Age
Alternate-Protocol
X-N
X-Rid
X-Ser
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Varnish-Backend
X-Correlation-Id
X-Esi
Host-Header
X-AppVersion
X-WebKit-CSP-Report-Only
X-Activity-Id
X-Az
X-XRDS-LOCATION
DC
Cache-Tags
X-App-Server
X-ATG-Version
X-Server-ID
Paypal-Debug-Id
X-Amz-Replication-Status
Retry-After
Actual-Object-TTL
X-Type
X-FB-Debug
X-Git-Hash
X-Debug-Info
Frame-Options
X-Varnish-Grace
X-Whom
X-Signature
X-B-Cache
X-App-Environment
X-TT
X-Contextid
Section-Io-Cache
X-Fastcgi-Cache
X-Request-Guid
Surrogate-Key
X-Edge
Fastcgi-Useragent
X-Status
X-Content-Options
X-AOL-HN
Host
Healthy
X-Seen-By
X-Cache-Action
X-Ruxit-Js-Agent
X-Pinterest-Direct
Source
X-RateLimit-Remaining
X-Host-Name
Refresh
X-HTML-Minification-Powered-By
X-B3-Sampled
X-IPLB-Instance
X-Endurance-Cache-Level
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-Drupal-Cache-Tags
X-RemovedCookies
X-Accel-Buffering
X-Response-Served-From
X-ProcessESI
X-Litespeed-Cache
X-Cache-Rule
NR-ENABLED
WPE-Backend
X-Cache-Operation
X-Amz-Apigw-Id
X-Rule
X-MCACHE
VIX-Pulpo-Node
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-Region
X-Mid
X-Cacheable-TTL
X-UUID
X-Cache-Control
Payment
X-L-Path
Eomportal-Instance
X-Environment-Context
MS-CV
X-FW-Server
X-Amzn-RequestId
X-FW-Hash
Cache-Status
Datacenter
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-FW-Type
X-APP-VERSION
X-Is-Bot
X-Cache-Time
X-Varnish-Server
X-Rendered-As
Countrycode
X-Adobe-Content
X-Adobe-Loc
X-WA-Info
X-URL
X-Protected-By
Xserver
X-GeoIP
Srv
X-VCache
NGB
Content-Disposition
X-Cluster
X-Wix-Request-Id
X-RequestSource
X-SERVER-NAME
X-Cache-Server
X-Correlation-ID
X-PressLabs-Stats
X-Cached-By
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-Yottaa-Optimizations
X-Akamai-Request-ID2
X-Yottaa-Metrics
Filterid
X-UnsetCookies
Uber-Trace-Id
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Origin-Response-Time
Version
X-Tt-Trace-Tag
X-Tumblr-Pixel-1
X-Time
X-Tumblr-Pixel-2
X-Unique-Id
X-Load-Cache
X-Mobile
X-Handled-By
X-Presslabs-Stats
X-Mode
X-Proxy
X-Cache-Remote
Access-Control-Request-Headers
X-PHP-Backend
Liferay-Portal
X-FireWall-Port
Cross-Origin-Window-Policy
X-Framework
X-Cache-Var-Map
X-ES-SERVER
X-CCM
X-Cache-Var
X-Backend-Name
X-UA-Device-Type
X-Path-Route
X-RN-RSRV
X-Via-Fastly
X-Cache-Status-Check
X-No-Session
Meta-Geo
X-Adobe-Source
X-NGENIX-Cache
DSUID
Upgrade-Insecure-Requests
Decoy-Debug-TTL
X-OCL
X-Time-Microsecs
X-Redis-Cache
Accept-Language
X-PERF
Cache-Hits
X-Pubstack
X-PCL
X-Www-Served-By
Akamai-GRN
X-Viewer-Country
X-LJ-Flow-ID
X-Locale
X-ApacheServer
X-AWS-Id
Decoy-Debug-Status
X-MP-GENERATED-AT
Decoy-Debug-Key
X-Site-Version
X-Azure-Ref
X-Storage
ServedBy
Fastly-SSL
X-VWS-Id
X-Human
X-R9-Blue-Green-Version
X-NCache
X-Info
X-Real-IP
X-RTag
X-TX-ID
X-Web-Node
X-FW-Version
X-Cache-Config
Mn-Server-Ip
Cleartype
Cache-Name
Now
Origin-Cache-Control
Webserver
Origin-Edge-Control
X-Cache-NGX
Ms-Operation-Id
X-NewRelic-App-Data
Cache
Webcakes-App-Name
X-Cache-Enabled
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Bc-Bl
X-Access
TWC-Locale-Group
X-BYPASS-REASON
TWC-GeoIP-LatLong
Section-Io-Origin-Status
Section-Io-Id
S-Rt
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-CS
X-FC-Vary-Parameters
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Routing-Service
X-Section
X-ServerID
X-UPSTREAM-Address
X-Xfnlog-Site
X-TNCMS
X-ProxyCache-Status
X-ProxyCache-Key
X-Hl-Ver
X-Format
Property-Id
X-Hyper-Cache
X-Loop
X-Proxied
X-Origin-Hint
X-Origin
X-Device-Type
X-Zipkin-Id
X-Amzn-Remapped-Content-Length
X-NYM-Debug-Backend
X-JoinUs
X-Alternate-Cache-Key
X-Detected-As
DB-Nickname
X-SaId
X-BCube-Filmed-By
X-IP
X-FB-TRIP-ID
X-EIG-Tracking-Id
X-From
X-Generated
X-NWS-UUID-VERIFY
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShardId
X-Proxy-Build
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Selected-Fe
X-Shopify-Stage
X-Timing-Wait
X-ShopId
Ec-Rule-Version
Azure-Version
X-Geo
Azure-SiteName
X-Hosted-By
Azure-RegionName
Azure-SlotName
X-Varnish-Cache-Hits
Azure-InstanceId
X-CSRF-Token
Country
X-Source
Load-Balancing
X-Content-Age
X-Cluster-Node
X-PHP-Host
SD-X-WS
X-Qloud-Router
X-Cache-NE
X-Labrador-Cache-Channel
X-Old-Content-Length
X-Air-Hostname
User-Agent
Cache-Tv-Group
X-Varnish-Hostname
X-Vcache
Time
X-Cache-Host
X-Pad
X-Backend-TTL
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-Cache-2
X-Parent-Response-Time
S-Cnection
X-EC-Lua
X-Cache-Backend
FilterID
X-Release
X-Urbn-Site-Id
X-Urbn-Context-Path
X-RCS-CacheZone
Locale
X-Webkit-CSP
Server-Info
X-Ua
X-Proxy-Cache-Status
X-Akamai-Request-ID
X-CLOUD-TRACE-CONTEXT
X-Cache-Grace
X-Microcachable
X-Forwarded-Host
X-UA
X-Tumblr-Pixel-3
X-NC
X-Debug-Cache
X-RateLimit-Limit
X-FORWARDED-FOR
X-Srv
Tracecode
NGX
Proxy-Connection
X-Soup
OT-Force-Account-Verify
X-Dc
X-TIME
X-Tb
Sid
Content-Style-Type
Rendered-Blocks
X-Generated-On
Content-Script-Type
X-PAYTM-SRV-ID
Apigw-Requestid
X-Uri
X-CF-Lambda-Version
GEO-INFO
Server-Host
X-Reqid
X-G
X-Region-Sid
Fastcgi-X-Cache-Version
X-External-Request-Id
X-Connection-Hash
X-VG-WebServer
X-CF-Lambda-Fn
X-Processor
X-NodeID
X-Cluster-Name
X-Date
Mobile-Detection-Method
X-Destination
Meta-Geo-Continent
M-TraceId
X-D
X-Level-Front-Cache
Machine
X-Proto
X-Ms-Request-Id
X-Ms-Version
X-DevSite-Last-Modified
X-Dispatch
MD5-Digest
X-Geo-Header
BehaviorPad-Version
AsisCache
X-Developer
Pagetype
X-Instart-Info
Arc-Country
GEO-REGION-INFO
X-S
VivaBuild
X-Transaction
X-A-Dgt
X-Trace-Id
X-A-Wwc
Viewtype
X-A-Dam
X-Trv-Group
Xc-Version
X-SRCache-Key
X-Swa-Ws
X-A
X-A-Dcw
X-Vdms-Version
X-A-Ccd
X-Vdms-Path
X-ARC
Who
X-VG-WebCache
X-B-Cookie
X-Session-Fingerprint
UCS
X-S-Cookie
X-Scheme
T-Server
X-Aed
X-Twitter-Response-Tags
X-Rojux
Cache-Key
X-Rewrite-Enabled
ServerName
X-Vtex-Remote-Cache
X-ScT
True-Client-Country-4JS
X-Vtex-Processado-Em
X-Vgn-Hpd-Reason
X-ServiceProvider
X-Accel-Expires-Debug
X-Application
User-Cache-Control
X-SRV
X-Magnolia-Registration
X-Device-Os
X-Agile-Age
X-Dispatcher-Server
Kp-EeAlive
IsBot
X-Agile
FNAC-ModuleRouting
Web-Mar-Node
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Clara-WADP
Release
Thinkindot-CacheControl
X-Fmm-Version
X-Cache-Bucket
X-Block-Status
X-Bip
X-Cache-FS-Status
X-Cms-Context
V-Age
X-Core-Value
X-Branch-Name
Memcached
Mail-Subject
We-Hiring
N-Cache
Viewport
On-Server
NM-Fastcgi-Cache
Vix-Hermes-Req-Id
Magicmarker
X-Micro-Cache
X-Request-UUID
X-Reboot
X-Via-PopV
X-Agile-Id
X-SD-PageType
X-Owner
X-Node-Id
X-Logging-Id
X-Matched-Rule
X-Method
X-WADP-Cache
X-SIPLIST1
X-Skip-Cache
X-VC-Cache
X-Thinkindot-L3
X-VServer
X-TT-TIMESTAMP
X-User
X-Thanos
X-Wikidot-Backend
X-Worker
X-Wikidot-Static-Cache
X-TA-CDN-Provider
X-SN
X-Location
X-Via-PopH
AKAMAI
CDCHOST
X-Hnp-Log
X-Generation-Time
X-Hash
X-LAGOON
X-Generated-In
X-Gen-Mode
Cf-Ipcountry
X-Envoy-Decorator-Operation
X-Cache-PHP
Geo-Info
X-Backend-Host
X-RateLimit-Limit-Second
X-Developers
X-Has-Esi
X-GoCache-CacheStatus
X-Slack-Backend
X-Auto-Login
X-TrackingId
X-Epic-Correlation-Id
X-Eu-Site
X-Varnish-Cacheable
X-Variation
X-VG-TLSProxy
X-We-Are-Hiring
X-Distributor
X-Backend-State
X-Envoy-Upstream-Healthchecked-Cluster
X-Webstats-RespID
X-Distil-CS
X-RateLimit-Remaining-Second
X-Platform-Server
X-JWT-State
X-Clientip
X-Policy
X-CGP
X-Origin-Expires
X-Origin-Date
X-Li-Pop
X-Li-Fabric
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Is-Gdpr
X-Fastly-Cache
X-BBXSRF
X-Irp-Debug
X-LI-UUID
X-Hit
X-Server-W
X-Response-By
X-Request-Host
X-Cache-URL
X-Cache-Tags
X-Cache-Info
X-Req
X-Servername
Wxu-Next-Commit
RNT-Machine
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
L5d-Success-Class
RNT-Time
Esi-Enabled
Fastly-Drupal-HTML
HA-Ipaddr
Is-Eu
Ha-Gx-Prefs
Gh-Request-Id
Platform
Node
C-Via
Rt-Fastcgi-Cache
Adler-Geo
Server-Ext
Wxu-Next-Region
Wxu-Next-Hostname
Apple-News-Services-Handled
Sever-Int
Server-Hostname
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Newrelic-Synthetics
X-Rebelmouse-Surrogate-Control
L
X-Rebelmouse-Cache-Control
CacheControlHeader
Fastly-SWR
X-App
X-LI-Proto
X-Be
Fastly-SIE
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Var-Ttl
X-Cache-ASPX
W
X-Core-Mission
Server-ID
X-DC
X-Compress-Hint
Ohc-File-Size
X-Server-IP
Cache-Host
X-App-Name
X-Nc
X-Refresh
X-Varnish-Beresp-Grace
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-VCT
X-TH-Server
X-Cdn-Srv
X-Cache-Debug
X-Cache-Id
X-Wa
HostName
X-Esi-Check
X-Gzip
X-Loc
X-S-Maxage
X-AIR-PT
LB
X-Origin-CC
X-Origin-TTL
X-Bc
X-Zone
Memory
X-Configured-By
X-FPC
X-Generated-By
Server-Cache-Control
Server-Surrogate-Control
X-Sucuri-ID
X-B3-Traceid
Ohc-Response-Time
X-Storefront-Renderer-Rendered
NtCoent-Length
X-SVT-ORM-VERSION
X-Key
X-NU-AKA-ACS-Version
X-SVT-ORM-RULES
X-Rocket-Nginx-Bypass
X-ZONE
X-Varnish-Ttl
X-MSEdge-Flight
X-BC
X-Edge-Location
X-MSEdge-Features
CACHE
Locid
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
Pragrma
Heartbleed
SRV
Request-EU
X-Svr
Request-Country
MIME-Version
X-Varnish-Hits
X-CF-Powered-By
X-COUNTRY
X-Request-URI
X-Varnish-URL
X-Pjax-Url
X-Cdn-Forward
Referer-Policy
X-Shopify-Generated-Cart-Token
X-App-Version
Fastly-Backend-Name
X-Servedbyhost
X-Batcache
Resin-Trace
X-Nginx-Cache
X-Up
WZWS-RAY
X-Gamma-Serve
X-VCL-Version
FSS-Cache
X-GEO
X-BACKEND-TTL
X-Minions-Version
GeoIp-Country-Code
Geoip-Latitude
X-Ratelimit-Remaining
Lfy
X-Aicache-OS
X-CACHE-KEY
X-Amzn-Requestid
Cteonnt-Length
HitType
X-ElasticPress-Query
X-WebServer
X-Via-CDN
X-ND-Cache
X-Sucuri-Cache
X-BE
Hostname
CF-Cached-On
GeoIP-Country-Code
Product
X-Proxy-Upstream
Mime-Version
X-HS-Status
X-Edge-Server
Cdn-Host
GeoIP-Latitude
Cdn-Request-Time
X-Vcl-Version
Powered-By-ChinaCache
X-ECache
X-NGINX-Cache
X-Fetched-On
My-App
X-Sn-Servicetimems
X-Cdn-Origin
X-Oss-Storage-Class
X-Oss-Server-Time
X-Check-Cacheable
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-ServedByHost
Ohc-Cache-HIT
X-GeoIP-Country-Code
X-Ratelimit-Limit
X-PJAX-URL
DCR-Decision-By
DCR-Processing-Time-Ms
X-CSRF-TOKEN
X-Fastly-Cache-Status
SN
Location
X-PF-Uncompressing
X-Varnish-Url
X-Fastly-Country-Code
Pramga
X-Azure-Ref-OriginShield
X-Unique-ID
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-CACHE-AGE
X-Served-From
URI
X-Fastly-Backend-Reqs
Group
X-LB-ID
X-Request-Start
X-VarnishDD-TTL
Dt-Cache-Category
X-B3-Spanid
PFcat
X-OVcl
X-OVcl-Cache
Cdn
X-Newrelic-App-Data
X-Shard
X-Vgn-Hpd-Variations-Key
X-Via-Ucdn
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Fpc
XServer
X-Swift-Error
X-Tec-Api-Version
X-IN-APIGATEWAYSSL
Country-Code
X-Tec-Api-Origin
Cf-Alt-Svc
X-Via-NSCOPI
X-Tec-Api-Root
A
X-Request-Time
CloudFront-Viewer-Country
X-IN-APIGATEWAY
X-B3-SpanId
X-Render-Time
X-Platform
X-Instart-Isnd
X-Ratelimit-Reset
X-Varnishpool
X-Tb-Optimization-Total-Bytes-Saved
WWW-Authenticate
X-Ocache
X-Cache-Expired-At
X-DPWN-IS-SECURE
Geoip-City
X-Varnish-Beresp-TTL
Origin
X-Debug-Cache-Fetch
PICS-Label
X-Debug-Cache-Store
X-WR-MODIFICATION
X-WPE-Loopback-Upstream-Addr
Lb
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Cache-Status
SID
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
Cloudfront-Viewer-Country
X-StackifyID
X-C
X-LiteSpeed-Cache-Control
Server-Ttl
X-Debug-Cache-Bypass
X-Apw-Access-Action
X-WA
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
CF-IPCountry
X-Ftr-Cache-Host
X-Cache-Hfrom
Region
X-Cache-Hm
X-Sigma-Backend
X-Sigma
X-Cache-Tag
X-CUA
Epwk-X-Cache
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Proxy-Firewall
NnCoection
X-Rocket-Build-Number
X-Acquia-Application-UUID
X-Acquia-Site
X-Country-IP
X-Acquia-Application-Trace
X-Nananana
Host-ID
Cneonction
X-Acquia-Purge-Tags
Request-Time
X-APP
X-Html-Edge-Cache
TTL
X-Oss-Cdn-Auth
X-ElasticPress-Search
X-DB
X-DI
X-RPM
X-RPS
X-RSL
X-Li-Proto
X-Request-URL
X-Varnish-ID
X-VC
X-SB
X-DW
Req-ID
X-Akamai-ERPolicy
X-Action
X-B3-Parentspanid
X-Dw-Trace-Id
X-Akamai-ERRuleID
X-DSS