Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Ua-Compatible
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
Xkey
X-Proxy-Cache
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Dns-Prefetch-Control
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Cache-Lookup
X-Vhost
X-Ac
X-Node
X-Readtime
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Request-Id
X-Mod-Pagespeed
Content-Location
X-DataDome
X-Application-Context
NEL
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
X-Pass-Why
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-Cloud-Trace-Context
X-Cnection
Edge-Control
X-Clacks-Overhead
X-Url
X-Rack-Cache
X-Px
RTSS
X-FTR-Request-ID
MS-Author-Via
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Powered-By-Plesk
Verso
Accept-CH
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-GitHub-Request-Id
X-DynaTrace
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Varnish-TTL
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Ttl
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Display
Pagespeed
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Cache-TTL
Accept-CH-Lifetime
Accept-Ch
X-D2id
X-Amz-Rid
TCN
X-Abt-Application-Version
Pinterest-Generated-By
X-CST
X-Vcap-Request-Id
X-NF-Request-ID
X-Cached
X-Content-Type
X-VARITI-CCR
Accept-Ch-Lifetime
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-ESI
X-Server-Name
X-Instart-Request-ID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Accel-Expires
Ar-Sid
AR-CACHE
Access-Control-Request-Method
X-MSEdge-Ref
X-Upstream
X-Grace
X-Powered-CMS
X-Debug
Charset
Nginx-Cache
S
SPIisLatency
SPRequestDuration
X-Client-IP
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
SPRequestGuid
X-SharePointHealthScore
Realpath
X-Ezoic-Cdn
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Pinterest-Rid
Pinterest-Version
X-Element-Page-Cache
X-FastCGI-Cache
X-Trace
X-Jurisdiction
X-Dw-Request-Base-Id
X-Hp-Webp
X-Shield-Request-Id
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Oneagent-Js-Injection
Nel
X-Node-Name
X-T
X-XRDS-Location
X-Kinsta-Cache
Fastcgi-Cache
X-Content-Digest
X-Logged-In
Host-Header
X-NWS-LOG-UUID
X-Mobile-URL
X-ASPNET-VERSION
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
TP-Cache
Server-Node
TP-L2-Cache
X-Cache-Age
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
Edge-Cache-Tag
X-FTR-Cache-Status
Front-End-Https
ServerID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Amzn-Trace-Id
X-Forwarded-For
X-Hostname
Server-Name
X-Cache-Key
Arc-Version
PB-RID
Fastly-Restarts
PB-PID
DynaTrace
X-TTL
Powered
X-DIS-Request-ID
X-Zen-Fury
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
X-Akamai-Edgescape
X-Server-ID
X-F-Cache
X-Page-Id
Accept-Charset
X-Jobs
X-Hits
X-Mobile-Rewrite
Filters
X-LB-Cache
X-Yandex-Sdch-Disable
X-ATS-Timestamp
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Backend-Timing
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Ruxit-Js-Agent
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Cdn
X-Kong-Proxy-Latency
X-Geo-Country
X-Fastcgi-Cache
X-Origin-Server
X-Varnish-Age
X-N
X-B
MicrosoftSharePointTeamServices
X-FTR-Cache-Host
Alternate-Protocol
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Rid
X-Daa-Tunnel
X-Varnish-Backend
X-Ser
X-WebKit-CSP-Report-Only
DC
X-Activity-Id
X-ATG-Version
X-Az
X-AppVersion
Cache-Tags
Paypal-Debug-Id
X-Amz-Replication-Status
X-Type
X-Debug-Info
X-Git-Hash
X-FB-Debug
Section-Io-Cache
Retry-After
X-B-Cache
X-Signature
X-TT
X-Varnish-Grace
Frame-Options
X-Whom
X-App-Environment
Actual-Object-TTL
X-Correlation-Id
Surrogate-Key
X-Esi
X-App-Server
X-Edge
X-Status
X-Content-Options
X-Request-Guid
Host
Fastcgi-Useragent
X-Contextid
X-AOL-HN
Healthy
X-RateLimit-Remaining
X-Pinterest-Direct
X-Cache-Action
X-Seen-By
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-Host-Name
Refresh
Source
X-B3-Sampled
X-XRDS-LOCATION
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
From-Origin
X-Upgrade-Enabled
X-Instance
X-Amzn-RequestId
Access-Control-Allow-Method
X-Amz-Apigw-Id
X-ECACHE
X-ProcessESI
X-Cache-Rule
X-Drupal-Cache-Tags
X-Response-Served-From
X-Accel-Buffering
X-RemovedCookies
X-Cache-Operation
Odigeo-Trace-Id
VIX-Pulpo-Node
X-MCACHE
VIX-Pulpo-Upstream-Status
X-Region
X-Mid
X-Cacheable-TTL
X-UUID
X-L-Path
X-Rule
X-Environment-Context
Eomportal-Instance
MS-CV
X-FW-Type
X-Rendered-As
X-Cache-Time
X-Varnish-Server
Payment
X-FW-Dynamic
X-Is-Bot
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
X-Protected-By
Srv
Datacenter
X-Adobe-Loc
X-VCache
X-WA-Info
Countrycode
X-Adobe-Content
Cache-Status
X-Correlation-ID
Xserver
X-Cache-Control
X-Litespeed-Cache
X-PressLabs-Stats
Content-Disposition
X-URL
X-GeoIP
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-Cache-Server
X-Time
X-APP-VERSION
X-Cached-By
X-Akamai-Request-ID2
X-Wix-Request-Id
X-UnsetCookies
X-Cluster
WPE-Backend
NR-ENABLED
Uber-Trace-Id
NGB
X-Proxy
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Load-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Origin-Response-Time
Version
X-SERVER-NAME
X-Mobile
X-Mode
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-PHP-Backend
Access-Control-Request-Headers
X-Handled-By
X-Cache-Remote
X-IPS-LoggedIn
X-Azure-Ref
X-FireWall-Port
X-NGENIX-Cache
X-NWS-UUID-VERIFY
Liferay-Portal
X-NewRelic-App-Data
X-Backend-Name
X-Cache-NGX
Cross-Origin-Window-Policy
Accept-Language
X-RN-RSRV
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-Cache-Status-Check
X-No-Session
X-Path-Route
X-Viewer-Country
X-Via-Fastly
X-UA-Device-Type
X-Adobe-Source
X-ES-SERVER
Meta-Geo
Cache
X-OCL
X-MP-GENERATED-AT
X-Framework
X-LJ-Flow-ID
X-PCL
X-Pubstack
X-VWS-Id
X-Www-Served-By
DSUID
X-Storage
Akamai-GRN
X-PERF
X-Locale
X-ApacheServer
X-AWS-Id
Cache-Hits
ServedBy
X-Redis-Cache
X-Site-Version
X-RTag
X-TX-ID
Section-Io-Origin-Time-Seconds
X-UPSTREAM-Address
Webserver
Decoy-Debug-TTL
X-Real-IP
X-R9-Blue-Green-Version
Cache-Name
Section-Origin-Responded
X-FW-Version
Now
Mn-Server-Ip
Cleartype
X-Cache-Config
Section-Io-Origin-Status
Section-Io-Id
Decoy-Debug-Key
Decoy-Debug-Status
Ms-Operation-Id
X-Time-Microsecs
X-CSRF-Token
Filterid
X-Access
X-Bc-Bl
X-BYPASS-REASON
X-Device-Type
X-CS
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
TWC-Connection-Speed
S-Rt
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Format
X-Human
X-Section
X-SayCDN-TTL
X-Say-TTL
X-ServerID
X-Web-Node
Load-Balancing
X-Zipkin-Id
X-Say-Cacheable
X-Routing-Service
X-Origin
X-NCache
X-Info
X-Origin-Hint
X-Proxied
X-ProxyCache-Status
X-ProxyCache-Key
Property-Id
X-Hl-Ver
Fastly-SSL
X-ShardId
X-JoinUs
X-SaId
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Air-Hostname
X-Proxy-Build
X-NYM-Debug-Backend
X-From
X-Unique-Id
X-IP
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Varnish-Cache-Hits
X-Release
X-Detected-As
X-EIG-Tracking-Id
X-Cache-Enabled
X-ShopId
Selected-Fe
DB-Nickname
X-Generated
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
X-Loop
X-TNCMS
X-Hyper-Cache
X-Geo
X-Hosted-By
Origin-Edge-Control
X-Content-Age
X-PHP-Host
Origin-Cache-Control
X-Qloud-Router
X-Labrador-Cache-Channel
X-Xfnlog-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Tv-Group
Country
Upgrade-Insecure-Requests
FilterID
X-Cache-Host
X-Presslabs-Stats
X-Source
Ec-Rule-Version
SD-X-WS
X-Cluster-Node
User-Agent
X-Cache-NE
X-Varnish-Hostname
X-Ua
X-Old-Content-Length
X-Drupal-Cache-Contexts
X-Pad
Time
X-Cache-2
X-Cache-TTL-Remaining
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Parent-Response-Time
Locale
X-EC-Lua
Server-Info
X-Srv
X-Cache-Backend
X-RCS-CacheZone
X-Akamai-Request-ID
X-TA-CDN-Provider
X-CDN-Forward
X-Backend-TTL
X-RateLimit-Limit
X-Cache-Grace
X-Proxy-Cache-Status
X-Debug-Cache
Geo-Info
S-Cnection
X-Webkit-CSP
X-Forwarded-Host
Proxy-Connection
X-Tumblr-Pixel-3
X-Soup
Apigw-Requestid
X-Dc
NGX
OT-Force-Account-Verify
X-Microcachable
X-Tb
X-Vcache
X-Proto
Mobile-Detection-Method
X-Reqid
Viewtype
Meta-Geo-Continent
MD5-Digest
Pagetype
Rendered-Blocks
Xc-Version
True-Client-Country-4JS
T-Server
X-Vtex-Remote-Cache
Server-Host
ServerName
X-Rojux
X-Scheme
BehaviorPad-Version
Content-Script-Type
AsisCache
Arc-Country
X-ScT
X-Cache-PHP
X-S-Cookie
X-S
GEO-REGION-INFO
M-TraceId
X-Rewrite-Enabled
Fastcgi-X-Cache-Version
VivaBuild
Content-Style-Type
Machine
X-Session-Fingerprint
X-Twitter-Response-Tags
X-Generated-On
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Vdms-Path
X-Geo-Header
X-Application
X-ARC
X-B-Cookie
X-G
X-External-Request-Id
X-Transaction
X-Date
X-Destination
X-Trace-Id
X-D
X-DevSite-Last-Modified
X-Trv-Group
X-Connection-Hash
X-Dispatch
X-Level-Front-Cache
X-Vdms-Version
X-SRCache-Key
X-A-Dcw
X-A-Dgt
X-Region-Sid
X-Developer
X-A-Dam
X-A
X-ServiceProvider
X-A-Ccd
X-Swa-Ws
X-A-Wwc
X-Vtex-Processado-Em
X-VG-WebServer
X-VG-WebCache
X-Aed
X-NodeID
X-Processor
X-Accel-Expires-Debug
X-PAYTM-SRV-ID
Who
UCS
Sid
X-Cluster-Name
X-FORWARDED-FOR
X-Uri
Cache-Key
X-UA
X-Nc
X-Newrelic-Synthetics
Cf-Ipcountry
Mail-Subject
Magicmarker
X-Cms-Context
X-Dispatcher-Server
X-Cache-FS-Status
N-Cache
X-Magnolia-Registration
X-RateLimit-Remaining-Second
NM-Fastcgi-Cache
X-Core-Value
Kp-EeAlive
X-Skip-Cache
FNAC-ModuleRouting
X-SN
X-SIPLIST1
X-Device-Os
IsBot
X-SD-PageType
X-NC
X-RateLimit-Limit-Second
X-Branch-Name
X-Instart-Info
X-LAGOON
We-Hiring
X-Hash
X-Agile
X-Generation-Time
X-Agile-Id
X-Agile-Age
Vix-Hermes-Req-Id
Viewport
X-Node-Id
X-Owner
Release
X-Bip
X-Method
V-Age
X-Location
X-Logging-Id
X-Generated-In
On-Server
X-Thanos
CDCHOST
X-Via-PopH
X-Via-PopV
X-Matched-Rule
Thinkindot-Control
X-VC-Cache
X-User
Thinkindot-CacheControl
AKAMAI
X-Thinkindot-L3
X-Worker
Thinkindot-CacheControl-Type
User-Cache-Control
X-Hit
X-Be
X-Envoy-Decorator-Operation
X-Has-Esi
X-Varnish-Cacheable
X-Wikidot-Static-Cache
Sever-Int
X-Micro-Cache
X-Wikidot-Backend
X-Hnp-Log
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Region
X-JWT-State
X-WADP-Cache
X-Is-Gdpr
Wxu-Next-Commit
X-Auto-Login
X-CGP
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-Clara-WADP
X-Clientip
Tracecode
X-Developers
X-Response-By
X-Nginx-Cache-Key
X-Cache-Tags
X-Cache-Info
X-Fmm-Version
Server-Hostname
X-Gen-Mode
X-App
X-Backend-Host
X-Backend-State
X-Cache-Bucket
X-Eu-Site
X-Block-Status
CacheControlHeader
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Request-UUID
L5d-Success-Class
X-Req
Apple-News-Services-Handled
Platform
X-Policy
Adler-Geo
C-Via
Cache-Cookie-Set-From
Gh-Request-Id
X-Servername
Cache-Cookie-Set-Lfrom
Fastly-Drupal-HTML
X-Server-W
Ha-Gx-Prefs
Is-Eu
Cache-Cookie-Set-Idcheck
HA-Ipaddr
X-Platform-Server
Apple-News-Services-Host
RNT-Time
Rt-Fastcgi-Cache
X-Origin-Date
RNT-Machine
X-Variation
X-Origin-Expires
Server-Ext
X-Cache-URL
Fastly-SWR
Fastly-SIE
X-Ms-Version
X-Compress-Hint
X-Cache-ASPX
X-Envoy-Upstream-Healthchecked-Cluster
X-Core-Mission
X-Varnish-Authentication
X-TrackingId
X-We-Are-Hiring
X-Mvc-Supplant-Cachable
X-Contensis-Viewer-Groups
X-Slack-Backend
X-TT-TIMESTAMP
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Var-Ttl
X-Webstats-RespID
X-Irp-Debug
X-Ms-Request-Id
X-Reboot
W
X-Fastly-Cache
X-Request-Host
X-VServer
X-BBXSRF
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Vgn-Hpd-Reason
X-Varnish-Beresp-Ttl
X-Li-Pop
X-TH-Server
X-GoCache-CacheStatus
X-TIME
X-LI-Proto
X-AIR-PT
X-Refresh
X-Li-Fabric
GEO-INFO
X-LI-UUID
Node
Memcached
X-App-Version
X-SRV
HostName
Esi-Enabled
X-Cache-Debug
X-Loc
X-Gzip
X-Esi-Check
X-Cache-Id
LB
X-CLOUD-TRACE-CONTEXT
X-Storefront-Renderer-Rendered
X-DC
X-Origin-CC
X-Origin-TTL
Server-ID
L
Ohc-File-Size
X-Wa
X-Configured-By
NtCoent-Length
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
X-Server-IP
X-Mvc-Supplant-OutputCached
Cache-Host
X-SVT-ORM-VERSION
X-App-Name
X-Cdn-Forward
X-Key
X-BC
X-ZONE
X-Edge-Location
X-Sucuri-ID
X-VCT
X-MSEdge-Flight
X-MSEdge-Features
X-Zone
Pragrma
X-Cdn-Srv
Referer-Policy
X-Bc
X-B3-Traceid
X-S-Maxage
MIME-Version
X-FPC
Memory
Server-Cache-Control
Server-Surrogate-Control
X-Varnish-URL
X-Generated-By
Ohc-Response-Time
X-BACKEND-TTL
X-Servedbyhost
Fastly-Backend-Name
X-Pjax-Url
X-Varnish-Ttl
X-Nginx-Cache
CACHE
X-Rocket-Nginx-Bypass
X-Via-CDN
X-Debug-Panamera-Sitecode
X-Up
X-Debug-Panamera-Host
X-Svr
Heartbleed
X-Batcache
FSS-Cache
X-CF-Powered-By
Locid
Request-Country
X-Minions-Version
X-COUNTRY
Request-EU
X-Varnish-Hits
Resin-Trace
X-Aicache-OS
X-ElasticPress-Query
X-ND-Cache
X-Request-URI
SRV
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-GEO
X-Shopify-Generated-Cart-Token
X-Oss-Object-Type
X-VCL-Version
X-Oss-Hash-Crc64ecma
X-Unique-ID
X-CACHE-KEY
X-Gamma-Serve
Cteonnt-Length
X-Ratelimit-Remaining
WZWS-RAY
X-Sucuri-Cache
GeoIP-Country-Code
DCR-Processing-Time-Ms
Geoip-Latitude
Lfy
GeoIp-Country-Code
DCR-Decision-By
Hostname
CF-Cached-On
X-BE
X-Check-Cacheable
X-WebServer
GeoIP-Latitude
X-Vcl-Version
X-Azure-Ref-OriginShield
X-PF-Uncompressing
HitType
Location
X-Fastly-Cache-Status
Pramga
Product
Cdn-Host
Cdn-Request-Time
X-Edge-Server
Mime-Version
Powered-By-ChinaCache
X-ECache
X-HS-Status
X-Proxy-Upstream
X-VHOST
X-Ratelimit-Limit
X-Fastly-Country-Code
X-Fetched-On
Ohc-Cache-HIT
X-Cdn-Origin
X-Sn-Servicetimems
X-LB-ID
My-App
X-PJAX-URL
X-Amzn-Requestid
X-NGINX-Cache
X-CSRF-TOKEN
X-OVcl-Cache
X-ServedByHost
X-GeoIP-Country-Code
PFcat
X-OVcl
X-VarnishDD-TTL
X-Vgn-Hpd-Variations-Key
Amp-Access-Control-Allow-Source-Origin
X-Fpc
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Pf-Uncompressing
X-Ratelimit-Reset
X-Varnish-Url
X-Varnishpool
X-Newrelic-App-Data
SN
X-Fastly-Backend-Reqs
X-Platform
X-Instart-Isnd
X-Ftr-Cache-Host
X-CACHE-AGE
X-Render-Time
URI
X-Oracle-Dms-Rid
X-Request-Start
X-Cache-Expired-At
X-B3-Spanid
X-Served-From
Group
WWW-Authenticate
Dt-Cache-Category
X-Swift-Error
Cdn
XServer
X-Tec-Api-Version
X-Tec-Api-Root
Epwk-X-Cache
A
CloudFront-Viewer-Country
X-Amzn-Remapped-Date
X-Tec-Api-Origin
X-Via-Ucdn
X-CUA
Cf-Alt-Svc
X-Amzn-Remapped-Connection
X-B3-SpanId
X-Request-Time
Origin
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Debug-Cache-Store
X-Original-Request-Id
X-Via-NSCOPI
X-Oss-Cdn-Auth
Country-Code
PICS-Label
X-Debug-Cache-Fetch
Lb
X-WR-MODIFICATION
X-Ocache
X-LiteSpeed-Cache-Control
Backend
Pics-Label
X-StackifyID
Cloudfront-Viewer-Country
X-Debug-Ysi-Auth
Server-Ttl
X-Debug-Do-Not-Cache-Uri
X-Apw-Access-Token
X-DPWN-IS-SECURE
X-Tb-Optimization-Total-Bytes-Saved
X-Apw-Access-Object
X-Apw-Access-Action
X-Debug-Xas-Auth
X-Apw-Hits
X-Cache-Version
Geoip-City
X-Varnish-Beresp-TTL
X-Cache-Tag
SID
X-WA
X-Debug-Cache-Bypass
X-Debug-Cache-Status
X-Debug-Cache-String
X-WPE-Loopback-Upstream-Addr
X-Shard
X-Planisys-CDN-Cache
Proxy-Firewall
X-C
X-Planisys-CDN-Rules
Cneonction
X-Cache-Hfrom
X-Cache-Hm
X-RunCloud-Cache
Region
NnCoection
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Nananana
Backend-Name
X-Acquia-Site
X-Planisys-CDN-TTL
CF-IPCountry
X-B3-Parentspanid
Req-ID
X-Akamai-ERPolicy
X-ElasticPress-Search
X-SB
X-Dw-Trace-Id
X-Request-URL
X-Html-Edge-Cache
Request-Time
X-VC
X-Rocket-Build-Number
X-Varnish-ID
X-Sigma-Backend
X-Sigma
Host-ID
X-Akamai-ERRuleID
X-Country-IP