Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Request-Id
X-DataDome
X-Pass-Why
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
NEL
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
Edge-Control
X-Clacks-Overhead
X-Cloud-Trace-Context
X-Cnection
X-Url
X-Px
X-Rack-Cache
X-FTR-Request-ID
RTSS
X-Goog-Hash
MS-Author-Via
X-Vname
X-TtlSet
X-PC
X-Powered-By-Plesk
Accept-CH
Verso
X-Ttl
X-B3-TraceId
X-DynaTrace
Public-Key-Pins
Service-Worker-Allowed
X-GitHub-Request-Id
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
Accept-CH-Lifetime
X-MS-InvokeApp
Response
X-Middleton-Display
Pagespeed
Display
X-Middleton-Response
X-Sol
X-Varnish-TTL
X-Amz-Server-Side-Encryption
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Cache-TTL
X-D2id
Pinterest-Generated-By
X-CST
X-Amz-Rid
TCN
X-Abt-Application-Version
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
Accept-Ch
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Instart-Request-ID
X-ESI
X-TEC-API-ORIGIN
X-Accel-Expires
X-TEC-API-ROOT
X-TEC-API-VERSION
Accept-Ch-Lifetime
X-Version
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
X-Grace
Nginx-Cache
Ar-Sid
AR-CACHE
Charset
X-Debug
X-Upstream
S
X-Powered-CMS
SPRequestDuration
SPIisLatency
Nel
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
SPRequestGuid
X-FastCGI-Cache
X-DynaTrace-JS-Agent
Content-MD5
X-Ezoic-Cdn
Realpath
X-Pinterest-Rid
Pinterest-Version
X-Trace
MRF-Tech
X-Element-Page-Cache
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-Hp-Webp
X-Jurisdiction
X-Id
X-Shield-Request-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Mobile-URL
X-XRDS-Location
X-Request-Received
X-Frontend
X-Request-Processing-Time
X-FTR-Realm
Server-Node
X-FTR-Cache-Status
X-Oneagent-Js-Injection
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Cache-Hit
X-FTR-Backend
Edge-Cache-Tag
X-Cache-Age
TP-L2-Cache
TP-Cache
X-FTR-Expires
Front-End-Https
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Server-Name
ServerID
X-Forwarded-For
X-Amzn-Trace-Id
X-Hostname
DynaTrace
Fastly-Restarts
PB-RID
Arc-Version
PB-PID
X-Cache-Key
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Mobile-Rewrite
X-Hits
X-Akamai-Edgescape
X-F-Cache
X-Page-Id
X-LB-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
Accept-Charset
X-HS-Content-Id
X-Jobs
X-HS-Hub-Id
X-ORACLE-APMCS-REQUEST-ID
Filters
X-ORACLE-APMCS-TAG
X-Cdn
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-Geo-Country
X-FTR-Cache-Host
X-Yandex-Sdch-Disable
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Via-JSL
X-Fastcgi-Cache
X-B
X-Varnish-Age
MicrosoftSharePointTeamServices
Alternate-Protocol
X-N
X-TTL
X-Rid
Host-Header
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ser
X-Varnish-Backend
X-Ruxit-Js-Agent
DC
X-Az
X-AppVersion
X-Activity-Id
X-WebKit-CSP-Report-Only
X-ATG-Version
Paypal-Debug-Id
X-Correlation-Id
X-Esi
Cache-Tags
X-Amz-Replication-Status
X-Git-Hash
X-Type
Retry-After
Actual-Object-TTL
X-FB-Debug
X-App-Server
X-Debug-Info
Frame-Options
X-Whom
X-App-Environment
X-TT
X-B-Cache
Section-Io-Cache
X-Varnish-Grace
X-Signature
X-XRDS-LOCATION
X-Server-ID
X-Contextid
X-Request-Guid
Surrogate-Key
X-Edge
X-Status
Fastcgi-Useragent
X-Content-Options
X-AOL-HN
Host
Healthy
X-Seen-By
X-Cache-Action
X-Pinterest-Direct
X-RateLimit-Remaining
Source
X-Host-Name
Refresh
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Endurance-Cache-Level
X-B3-Sampled
X-Tumblr-Pixel
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-RemovedCookies
X-Accel-Buffering
X-Response-Served-From
X-ProcessESI
X-Cache-Rule
X-Drupal-Cache-Tags
X-Cache-Operation
X-Amz-Apigw-Id
X-Mid
X-Rule
X-Region
X-MCACHE
VIX-Pulpo-Node
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
X-Amzn-RequestId
X-L-Path
X-Environment-Context
Eomportal-Instance
MS-CV
Payment
X-UUID
X-Rendered-As
X-FW-Static
Datacenter
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-Cache-Time
X-Varnish-Server
X-Cache-Control
X-Is-Bot
X-FW-Type
Cache-Status
X-WA-Info
Countrycode
WPE-Backend
X-Adobe-Content
X-Adobe-Loc
NR-ENABLED
Xserver
X-Protected-By
X-APP-VERSION
X-URL
X-GeoIP
Srv
X-Correlation-ID
X-VCache
Content-Disposition
X-PressLabs-Stats
X-Akamai-Transformed
NGB
X-EdgeConnect-Cache-Status
X-Wix-Request-Id
X-Cluster
X-Cached-By
X-RequestSource
X-Cache-Server
X-SERVER-NAME
X-Akamai-Request-ID2
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UnsetCookies
Uber-Trace-Id
X-Origin-Response-Time
X-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
Version
X-Mode
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Load-Cache
X-Proxy
X-IPS-LoggedIn
X-Mobile
X-Handled-By
X-PHP-Backend
Access-Control-Request-Headers
X-Cache-Remote
X-Unique-Id
Liferay-Portal
Accept-Language
X-Presslabs-Stats
X-FireWall-Port
Filterid
Meta-Geo
Cross-Origin-Window-Policy
X-Backend-Name
X-CCM
X-NGENIX-Cache
X-Via-Fastly
X-RN-RSRV
X-UA-Device-Type
X-Viewer-Country
X-ES-SERVER
X-Azure-Ref
X-Path-Route
X-Cache-Var
X-Framework
X-Cache-Status-Check
X-Adobe-Source
X-Cache-Var-Map
X-No-Session
Decoy-Debug-Key
X-Storage
X-Site-Version
X-Time-Microsecs
DSUID
Decoy-Debug-TTL
Decoy-Debug-Status
X-NewRelic-App-Data
X-AWS-Id
Cache-Hits
X-LJ-Flow-ID
X-ApacheServer
Cache
X-Cache-NGX
ServedBy
Akamai-GRN
X-Locale
X-MP-GENERATED-AT
X-Pubstack
X-Redis-Cache
X-VWS-Id
X-PERF
X-OCL
X-PCL
X-Www-Served-By
Cache-Name
Cleartype
X-Say-TTL
X-R9-Blue-Green-Version
X-NCache
X-Info
X-Human
X-Real-IP
X-RTag
X-Web-Node
X-TX-ID
X-SayCDN-TTL
X-Say-Cacheable
X-FW-Version
X-Cache-Config
Origin-Edge-Control
Origin-Cache-Control
Now
Mn-Server-Ip
Section-Io-Id
Section-Io-Origin-Status
Webserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Fastly-SSL
Ms-Operation-Id
Upgrade-Insecure-Requests
Webcakes-Region
Webcakes-App-Version
X-Access
X-Bc-Bl
X-Cache-Enabled
X-BYPASS-REASON
Webcakes-App-Name
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
X-CS
TWC-GeoIP-LatLong
TWC-Privacy
X-Device-Type
X-Routing-Service
X-ProxyCache-Status
X-Section
X-ServerID
X-UPSTREAM-Address
X-Zipkin-Id
X-ProxyCache-Key
X-Proxied
X-Hl-Ver
X-Format
X-NWS-UUID-VERIFY
X-Origin
X-Origin-Hint
Property-Id
X-FC-Vary-Parameters
X-From
X-FB-TRIP-ID
X-Generated
X-Hyper-Cache
X-IP
X-EIG-Tracking-Id
X-Detected-As
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-CSRF-Token
X-JoinUs
X-NYM-Debug-Backend
X-Sorting-Hat-ShopId
X-Timing-Wait
X-TNCMS
X-Xfnlog-Site
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Proxy-Build
X-SaId
X-ShardId
X-ShopId
DB-Nickname
X-Loop
Selected-Fe
X-Geo
Azure-Version
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Varnish-Cache-Hits
X-Hosted-By
Load-Balancing
Country
X-Content-Age
X-Source
X-Qloud-Router
X-Labrador-Cache-Channel
Ec-Rule-Version
X-PHP-Host
X-Cache-NE
X-Air-Hostname
Cache-Tv-Group
X-Cluster-Node
SD-X-WS
X-Old-Content-Length
FilterID
X-Varnish-Hostname
X-Cache-Host
User-Agent
Time
X-Pad
X-Vcache
X-Release
X-Litespeed-Cache
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-Backend-TTL
X-CDN-Forward
X-Cache-2
X-Parent-Response-Time
X-Urbn-Site-Id
X-Cache-Backend
X-Ua
Locale
X-Urbn-Context-Path
S-Cnection
X-RCS-CacheZone
Server-Info
X-Akamai-Request-ID
X-EC-Lua
X-Webkit-CSP
X-Proxy-Cache-Status
X-Cache-Grace
X-Forwarded-Host
X-Microcachable
X-Tumblr-Pixel-3
X-RateLimit-Limit
X-Debug-Cache
X-Srv
X-UA
Proxy-Connection
X-Dc
NGX
X-Soup
OT-Force-Account-Verify
Tracecode
X-FORWARDED-FOR
Sid
X-Tb
Apigw-Requestid
X-Proto
X-Uri
X-PAYTM-SRV-ID
X-Geo-Header
X-Application
X-NodeID
X-Ms-Request-Id
X-A-Dcw
X-Ms-Version
X-Level-Front-Cache
X-Processor
X-Instart-Info
Content-Style-Type
Machine
MD5-Digest
X-Accel-Expires-Debug
True-Client-Country-4JS
M-TraceId
X-Connection-Hash
T-Server
X-A
X-A-Wwc
X-Aed
Who
X-CF-Lambda-Fn
Pagetype
Rendered-Blocks
Viewtype
UCS
X-CF-Lambda-Version
Meta-Geo-Continent
Mobile-Detection-Method
X-A-Ccd
X-D
X-External-Request-Id
Content-Script-Type
ServerName
VivaBuild
X-G
BehaviorPad-Version
Arc-Country
X-A-Dam
AsisCache
Fastcgi-X-Cache-Version
X-ARC
X-Destination
Server-Host
X-Date
X-B-Cookie
X-Developer
GEO-REGION-INFO
X-Dispatch
X-DevSite-Last-Modified
X-Generated-On
X-Scheme
X-VG-WebServer
X-A-Dgt
X-Vtex-Remote-Cache
X-Vdms-Version
X-S
X-S-Cookie
X-ScT
X-SRCache-Key
Geo-Info
X-ServiceProvider
X-Session-Fingerprint
X-NC
X-Vdms-Path
X-Vtex-Processado-Em
X-Swa-Ws
X-Rojux
X-Trace-Id
Cache-Key
X-Twitter-Response-Tags
X-Cluster-Name
X-Trv-Group
X-Reqid
X-Transaction
X-Rewrite-Enabled
X-VG-WebCache
X-Region-Sid
Xc-Version
User-Cache-Control
X-Magnolia-Registration
X-TIME
Mail-Subject
N-Cache
NM-Fastcgi-Cache
On-Server
Kp-EeAlive
X-Core-Value
X-User
X-Device-Os
X-VC-Cache
IsBot
X-Clara-WADP
X-Cms-Context
Magicmarker
X-Via-PopV
X-WADP-Cache
Vix-Hermes-Req-Id
Viewport
V-Age
X-Agile-Age
X-Agile
We-Hiring
X-Worker
X-Wikidot-Static-Cache
X-Wikidot-Backend
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Cache-Bucket
X-Branch-Name
X-Cache-FS-Status
X-Cache-Info
X-Via-PopH
X-Block-Status
X-Bip
Thinkindot-CacheControl
X-Agile-Id
GEO-INFO
X-Dispatcher-Server
Release
X-TT-TIMESTAMP
X-Gen-Mode
X-Generated-In
X-Thanos
X-Fmm-Version
X-Owner
X-SN
X-SIPLIST1
X-Hash
X-Skip-Cache
X-Generation-Time
X-Node-Id
X-Hnp-Log
AKAMAI
FNAC-ModuleRouting
X-Location
X-Method
X-Matched-Rule
X-Logging-Id
X-Vgn-Hpd-Reason
CDCHOST
X-SD-PageType
X-Thinkindot-L3
X-LAGOON
X-Cache-PHP
X-Micro-Cache
X-Hit
X-Nc
X-Newrelic-Synthetics
Cf-Ipcountry
X-Envoy-Decorator-Operation
X-SRV
X-Request-Host
X-Request-UUID
X-Reboot
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-Req
X-Platform-Server
X-Origin-Date
X-Nginx-Cache-Key
X-Server-W
X-We-Are-Hiring
X-Origin-Expires
X-Response-By
X-Mvc-Supplant-Cachable
X-Webstats-RespID
X-Is-Gdpr
X-Eu-Site
X-Varnish-Cacheable
X-TrackingId
X-Fastly-Cache
X-Clientip
X-Variation
X-Epic-Correlation-Id
X-Distil-CS
X-Distributor
X-Developers
X-Envoy-Upstream-Healthchecked-Cluster
X-Slack-Backend
X-CGP
X-Backend-State
X-BBXSRF
X-Backend-Host
X-Servername
X-Auto-Login
X-JWT-State
X-Irp-Debug
X-VG-TLSProxy
X-Has-Esi
X-Cache-URL
X-Cache-Tags
X-VServer
Wxu-Next-Region
C-Via
Is-Eu
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
RNT-Time
RNT-Machine
Platform
Adler-Geo
Memcached
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
L5d-Success-Class
Rt-Fastcgi-Cache
Sever-Int
X-TA-CDN-Provider
Ha-Gx-Prefs
Gh-Request-Id
Fastly-Drupal-HTML
Wxu-Next-Hostname
Node
Server-Ext
Wxu-Next-Commit
Server-Hostname
Cache-Cookie-Set-Lfrom
HA-Ipaddr
X-Be
Fastly-SIE
X-Contensis-Viewer-Groups
X-Core-Mission
Esi-Enabled
X-Li-Pop
X-Varnish-Authentication
X-Var-Ttl
X-App
CacheControlHeader
W
X-GoCache-CacheStatus
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Li-Fabric
X-Cache-ASPX
X-LI-UUID
X-Rebelmouse-Cache-Control
X-Compress-Hint
X-LI-Proto
X-Refresh
Server-ID
L
X-DC
Ohc-File-Size
X-App-Name
X-Varnish-Beresp-Grace
X-TH-Server
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Cache-Host
X-Server-IP
X-CLOUD-TRACE-CONTEXT
HostName
X-Cache-Id
X-Wa
X-AIR-PT
X-Esi-Check
X-Cache-Debug
X-Loc
X-VCT
X-Gzip
X-Origin-CC
X-Origin-TTL
LB
X-Mvc-Supplant-OutputCached
X-ZONE
X-BC
X-Sucuri-ID
X-Configured-By
X-Cdn-Srv
X-Storefront-Renderer-Rendered
X-S-Maxage
Server-Surrogate-Control
X-NU-AKA-ACS-Version
X-SVT-ORM-RULES
X-Generated-By
Server-Cache-Control
X-Key
X-FPC
X-SVT-ORM-VERSION
X-B3-Traceid
X-MSEdge-Flight
Memory
Ohc-Response-Time
NtCoent-Length
X-MSEdge-Features
X-Edge-Location
X-Bc
X-Zone
MIME-Version
X-App-Version
Pragrma
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
CACHE
X-CF-Powered-By
X-Cdn-Forward
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
X-Svr
SRV
X-Pjax-Url
X-Varnish-URL
Request-EU
Referer-Policy
Locid
Request-Country
Heartbleed
X-Varnish-Hits
X-Request-URI
Fastly-Backend-Name
X-Batcache
X-CACHE-KEY
Resin-Trace
X-Servedbyhost
X-COUNTRY
X-Shopify-Generated-Cart-Token
X-Nginx-Cache
FSS-Cache
X-BACKEND-TTL
X-Up
X-VCL-Version
X-Via-CDN
X-GEO
X-Minions-Version
WZWS-RAY
X-Gamma-Serve
GeoIp-Country-Code
Geoip-Latitude
X-Aicache-OS
X-ND-Cache
X-ElasticPress-Query
X-Sucuri-Cache
X-Ratelimit-Remaining
X-Amzn-Requestid
Lfy
X-WebServer
CF-Cached-On
Hostname
X-BE
Product
X-Vcl-Version
HitType
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Proxy-Upstream
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
GeoIP-Country-Code
X-Check-Cacheable
Cteonnt-Length
My-App
X-ECache
GeoIP-Latitude
DCR-Decision-By
X-Fetched-On
X-Cdn-Origin
Powered-By-ChinaCache
X-Edge-Server
DCR-Processing-Time-Ms
Cdn-Host
X-Sn-Servicetimems
X-NGINX-Cache
Cdn-Request-Time
Mime-Version
X-Unique-ID
X-HS-Status
X-Fastly-Cache-Status
X-PF-Uncompressing
X-GeoIP-Country-Code
Ohc-Cache-HIT
Pramga
X-PJAX-URL
Location
X-ServedByHost
X-Azure-Ref-OriginShield
X-Ratelimit-Limit
X-CSRF-TOKEN
X-Fastly-Country-Code
X-Varnish-Url
SN
X-Pf-Uncompressing
X-LB-ID
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
X-OVcl-Cache
URI
X-OVcl
X-Request-Start
X-CACHE-AGE
X-Served-From
Group
PFcat
X-VarnishDD-TTL
X-Fpc
Dt-Cache-Category
X-B3-Spanid
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Newrelic-App-Data
Cdn
X-Vgn-Hpd-Variations-Key
X-Shard
X-Ratelimit-Reset
X-Instart-Isnd
X-Render-Time
X-B3-SpanId
XServer
X-Via-Ucdn
X-Varnishpool
X-Platform
X-Swift-Error
X-Ftr-Cache-Host
X-Via-NSCOPI
WWW-Authenticate
Country-Code
Cf-Alt-Svc
X-Tec-Api-Origin
A
CloudFront-Viewer-Country
X-Cache-Expired-At
X-Tec-Api-Version
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Request-Time
X-Tec-Api-Root
X-Debug-Cache-Fetch
PICS-Label
X-Debug-Cache-Store
X-Tb-Optimization-Total-Bytes-Saved
X-DPWN-IS-SECURE
Origin
X-Ocache
Geoip-City
X-Varnish-Beresp-TTL
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
Lb
X-Debug-Xas-Auth
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-StackifyID
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
SID
X-Debug-Cache-Bypass
X-LiteSpeed-Cache-Control
Server-Ttl
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
Epwk-X-Cache
X-Amzn-Remapped-Connection
X-CUA
X-Amzn-Remapped-Date
X-Apw-Access-Action
X-WA
CF-IPCountry
X-C
Cloudfront-Viewer-Country
X-Oss-Cdn-Auth
X-Country-IP
Host-ID
Request-Time
Proxy-Firewall
X-Rocket-Build-Number
X-Acquia-Purge-Tags
Cneonction
X-Sigma
Region
NnCoection
X-Cache-Hfrom
X-Cache-Tag
X-Nananana
X-Sigma-Backend
X-Acquia-Application-UUID
X-Cache-Hm
X-Acquia-Site
X-Acquia-Application-Trace
X-APP
TTL
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Action
X-Varnish-ID
Pics-Label
Req-ID
X-Dw-Trace-Id
X-SB
X-B3-Parentspanid
X-Request-URL
X-DW
X-Li-Proto
X-RSL
X-RPS
X-DSS
X-Html-Edge-Cache
X-RPM
X-DB
X-DI
X-VC
X-ElasticPress-Search