Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Ua-Compatible
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
Xkey
X-Proxy-Cache
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Dns-Prefetch-Control
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Cache-Lookup
X-Vhost
X-Ac
X-Node
X-Readtime
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Request-Id
X-Mod-Pagespeed
Content-Location
X-DataDome
X-Application-Context
NEL
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
X-Pass-Why
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-Cloud-Trace-Context
X-Cnection
Edge-Control
X-Clacks-Overhead
X-Url
X-Rack-Cache
X-Px
RTSS
X-FTR-Request-ID
MS-Author-Via
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Powered-By-Plesk
Verso
Accept-CH
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-DynaTrace
X-GitHub-Request-Id
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Ttl
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
Display
Pagespeed
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Cache-TTL
Accept-CH-Lifetime
Accept-Ch
X-D2id
X-Amz-Rid
X-Abt-Application-Version
TCN
Pinterest-Generated-By
X-CST
X-Vcap-Request-Id
X-NF-Request-ID
X-Cached
X-Content-Type
X-VARITI-CCR
Accept-Ch-Lifetime
X-Navigation-Version
Cache-Tag
X-Fastly-Request-ID
X-ESI
X-Server-Name
X-Instart-Request-ID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Version
X-Accel-Expires
Ar-Sid
AR-CACHE
Access-Control-Request-Method
X-MSEdge-Ref
X-Upstream
X-Grace
X-Powered-CMS
X-Debug
Charset
Nginx-Cache
S
SPIisLatency
SPRequestDuration
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
Content-MD5
X-SharePointHealthScore
Realpath
SPRequestGuid
X-Ezoic-Cdn
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Pinterest-Rid
Pinterest-Version
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Element-Page-Cache
X-FastCGI-Cache
X-Trace
X-Jurisdiction
X-Hp-Webp
X-Dw-Request-Base-Id
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Oneagent-Js-Injection
Nel
X-Node-Name
X-T
X-XRDS-Location
Fastcgi-Cache
X-Kinsta-Cache
X-Content-Digest
X-Logged-In
Host-Header
X-Mobile-URL
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Frontend
X-Request-Received
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
Server-Node
X-Cache-Hit
X-Cache-Age
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
Edge-Cache-Tag
X-FTR-Balancer
X-FTR-DC
Front-End-Https
ServerID
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Amzn-Trace-Id
X-Goog-Stored-Content-Encoding
Server-Name
X-Cache-Key
X-Forwarded-For
X-Hostname
Fastly-Restarts
PB-PID
PB-RID
Arc-Version
DynaTrace
X-TTL
Powered
X-Zen-Fury
X-Request-Handler-Origin-Region
X-DIS-Request-ID
X-Microsite
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
X-Akamai-Edgescape
X-Server-ID
X-F-Cache
X-Page-Id
X-Jobs
X-Hits
Accept-Charset
X-Mobile-Rewrite
X-Yandex-Sdch-Disable
Filters
X-ATS-Timestamp
X-HS-Content-Id
X-HS-Hub-Id
X-LB-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
Backend-Timing
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Ruxit-Js-Agent
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cdn
X-Geo-Country
X-Fastcgi-Cache
X-Origin-Server
X-Varnish-Age
X-N
X-B
MicrosoftSharePointTeamServices
Alternate-Protocol
X-Via-JSL
X-FTR-Cache-Host
X-Rid
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Erf-Bev-Bev
X-Ser
DC
X-WebKit-CSP-Report-Only
X-Activity-Id
X-ATG-Version
X-Az
X-AppVersion
Cache-Tags
Paypal-Debug-Id
X-Amz-Replication-Status
X-Type
X-Git-Hash
X-Debug-Info
X-FB-Debug
X-TT
Section-Io-Cache
Retry-After
X-B-Cache
X-Signature
X-Varnish-Grace
Frame-Options
X-App-Environment
Actual-Object-TTL
X-Whom
X-App-Server
Surrogate-Key
X-Esi
X-Correlation-Id
X-Status
X-Edge
X-Request-Guid
X-Content-Options
Host
Fastcgi-Useragent
X-Contextid
X-AOL-HN
Healthy
X-RateLimit-Remaining
X-Pinterest-Direct
X-Seen-By
X-Cache-Action
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-Host-Name
Refresh
Source
X-B3-Sampled
X-XRDS-LOCATION
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
From-Origin
X-Upgrade-Enabled
X-Amzn-RequestId
Access-Control-Allow-Method
X-Amz-Apigw-Id
X-ECACHE
X-Drupal-Cache-Tags
X-Cache-Rule
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-Cache-Operation
X-ProcessESI
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-L-Path
MS-CV
Eomportal-Instance
X-MCACHE
X-Cacheable-TTL
X-Mid
X-Environment-Context
X-Region
X-Rule
X-UUID
X-Is-Bot
X-Varnish-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-FW-Static
X-Cache-Time
Payment
X-Rendered-As
X-Adobe-Content
X-Protected-By
Datacenter
Countrycode
Srv
X-VCache
X-WA-Info
X-Adobe-Loc
X-Correlation-ID
Cache-Status
Xserver
X-Cache-Control
X-PressLabs-Stats
Content-Disposition
X-Litespeed-Cache
X-URL
X-GeoIP
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-Time
X-Cache-Server
X-APP-VERSION
X-Cached-By
X-Akamai-Request-ID2
X-Wix-Request-Id
X-UnsetCookies
X-Cluster
WPE-Backend
NR-ENABLED
Uber-Trace-Id
NGB
X-Proxy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Origin-Response-Time
X-Tt-Trace-Host
X-Load-Cache
X-Tt-Trace-Tag
Version
X-SERVER-NAME
X-Mode
X-Mobile
X-RequestSource
X-PHP-Backend
Access-Control-Request-Headers
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Handled-By
X-Cache-Remote
X-Azure-Ref
X-IPS-LoggedIn
X-NGENIX-Cache
X-FireWall-Port
X-Cache-NGX
X-NWS-UUID-VERIFY
X-NewRelic-App-Data
Liferay-Portal
X-Backend-Name
Accept-Language
Cross-Origin-Window-Policy
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-Cache-Status-Check
X-ES-SERVER
X-No-Session
X-Viewer-Country
X-Via-Fastly
X-Path-Route
X-Adobe-Source
X-CCM
Cache
Meta-Geo
X-OCL
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-PCL
X-PERF
X-VWS-Id
X-Www-Served-By
X-UA-Device-Type
X-Storage
X-Pubstack
Akamai-GRN
X-Locale
X-AWS-Id
ServedBy
Cache-Hits
X-ApacheServer
X-TX-ID
Section-Io-Origin-Time-Seconds
X-Site-Version
X-RTag
Cleartype
Decoy-Debug-TTL
X-UPSTREAM-Address
Mn-Server-Ip
Webserver
Decoy-Debug-Status
X-Redis-Cache
X-Real-IP
Section-Io-Id
Now
Cache-Name
Section-Origin-Responded
Section-Io-Origin-Status
X-Cache-Config
X-R9-Blue-Green-Version
Decoy-Debug-Key
X-Framework
X-FW-Version
Ms-Operation-Id
X-CSRF-Token
Filterid
X-Time-Microsecs
TWC-Device-Class
X-NCache
TWC-Connection-Speed
S-Rt
Property-Id
Fastly-SSL
X-Routing-Service
X-ProxyCache-Status
X-ProxyCache-Key
X-Origin
X-Proxied
TWC-GeoIP-Country
TWC-Locale-Group
X-Bc-Bl
X-Hl-Ver
X-BYPASS-REASON
X-Format
X-CS
X-Device-Type
X-Human
X-Access
TWC-Privacy
X-Say-Cacheable
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
X-Origin-Hint
X-Section
X-ServerID
X-Zipkin-Id
X-SayCDN-TTL
Load-Balancing
X-Say-TTL
X-Timing-Wait
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Air-Hostname
X-Unique-Id
X-Info
X-ShopId
X-Web-Node
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-EIG-Tracking-Id
X-FB-TRIP-ID
X-Cache-Enabled
X-From
X-BCube-Filmed-By
X-FC-Vary-Parameters
X-Amzn-Remapped-Content-Length
X-IP
X-Detected-As
X-Shopify-Stage
X-SaId
DB-Nickname
X-NYM-Debug-Backend
DSUID
X-Proxy-Build
Selected-Fe
X-ShardId
X-JoinUs
X-Release
X-Hosted-By
X-Generated
X-Hyper-Cache
Azure-SlotName
X-Loop
X-Geo
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SiteName
X-TNCMS
X-Labrador-Cache-Channel
X-PHP-Host
X-Content-Age
X-Qloud-Router
X-Xfnlog-Site
Origin-Cache-Control
Origin-Edge-Control
Cache-Tv-Group
FilterID
Country
Upgrade-Insecure-Requests
X-Cache-Host
X-Presslabs-Stats
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Source
SD-X-WS
Ec-Rule-Version
X-Cluster-Node
User-Agent
X-Cache-NE
X-Varnish-Hostname
X-Ua
X-Old-Content-Length
Time
X-Pad
X-Drupal-Cache-Contexts
X-Cache-2
X-Cache-TTL-Remaining
Locale
X-Parent-Response-Time
X-Urbn-Context-Path
X-Urbn-Site-Id
X-EC-Lua
Server-Info
X-Cache-Backend
X-RCS-CacheZone
X-Srv
X-CDN-Forward
X-Akamai-Request-ID
X-RateLimit-Limit
X-TA-CDN-Provider
X-Backend-TTL
X-Proxy-Cache-Status
Geo-Info
X-Debug-Cache
X-Cache-Grace
S-Cnection
X-Webkit-CSP
X-Forwarded-Host
X-Tumblr-Pixel-3
Proxy-Connection
X-Soup
Apigw-Requestid
X-Dc
X-Tb
X-Microcachable
OT-Force-Account-Verify
NGX
X-Proto
X-Vcache
Rendered-Blocks
Server-Host
X-Vtex-Processado-Em
X-VG-WebCache
Viewtype
VivaBuild
True-Client-Country-4JS
X-Vdms-Version
X-VG-WebServer
T-Server
ServerName
MD5-Digest
GEO-REGION-INFO
Xc-Version
M-TraceId
Fastcgi-X-Cache-Version
Who
Content-Script-Type
X-Vtex-Remote-Cache
BehaviorPad-Version
AsisCache
Meta-Geo-Continent
Mobile-Detection-Method
Content-Style-Type
X-Cache-PHP
Arc-Country
Machine
Pagetype
X-Aed
X-Rojux
X-Developer
X-Rewrite-Enabled
X-Reqid
X-Destination
X-Date
X-S-Cookie
X-D
X-S
X-Region-Sid
X-Processor
X-Geo-Header
X-Generated-On
X-External-Request-Id
X-G
X-Dispatch
X-DevSite-Last-Modified
X-PAYTM-SRV-ID
X-NodeID
X-Level-Front-Cache
X-Connection-Hash
X-Scheme
X-A-Dgt
X-Trv-Group
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dcw
X-Twitter-Response-Tags
X-Vdms-Path
X-A-Ccd
X-A-Dam
X-Transaction
X-Trace-Id
X-B-Cookie
X-ScT
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-ARC
X-Application
X-SRCache-Key
X-Session-Fingerprint
X-ServiceProvider
X-A
UCS
X-FORWARDED-FOR
X-Uri
Sid
X-Nc
X-UA
X-Newrelic-Synthetics
Cf-Ipcountry
N-Cache
X-Cluster-Name
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Magnolia-Registration
Mail-Subject
NM-Fastcgi-Cache
Kp-EeAlive
FNAC-ModuleRouting
X-SN
X-Swa-Ws
X-Skip-Cache
X-SIPLIST1
X-Owner
IsBot
X-SD-PageType
Magicmarker
X-Method
X-Bip
X-Generated-In
X-Generation-Time
X-Agile-Id
X-Branch-Name
X-Cache-FS-Status
X-Core-Value
X-Dispatcher-Server
X-Cms-Context
X-Agile-Age
X-Agile
Viewport
V-Age
X-Location
X-Logging-Id
Vix-Hermes-Req-Id
We-Hiring
X-Hash
X-Instart-Info
X-LAGOON
X-Thanos
On-Server
X-User
X-Via-PopH
X-Via-PopV
X-Worker
AKAMAI
X-VC-Cache
CDCHOST
Cache-Key
X-NC
X-Hit
User-Cache-Control
X-Be
X-Envoy-Decorator-Operation
X-Micro-Cache
X-Backend-State
X-Clientip
X-Backend-Host
Fastly-Drupal-HTML
X-VG-TLSProxy
Cache-Cookie-Set-Lfrom
X-Block-Status
RNT-Machine
X-Node-Id
X-Device-Os
RNT-Time
Rt-Fastcgi-Cache
X-Fmm-Version
X-Matched-Rule
X-Varnish-Cacheable
X-WADP-Cache
Thinkindot-CacheControl
X-Is-Gdpr
X-JWT-State
X-Wikidot-Backend
X-Hnp-Log
CacheControlHeader
X-Wikidot-Static-Cache
X-Has-Esi
X-App
Wxu-Next-Region
Thinkindot-Control
X-Origin-Date
X-Thinkindot-L3
X-Gen-Mode
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Commit
Thinkindot-CacheControl-Type
X-Auto-Login
X-Origin-Expires
Is-Eu
Tracecode
X-Distributor
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Request-UUID
L5d-Success-Class
Apple-News-Services-Host
HA-Ipaddr
Ha-Gx-Prefs
Cache-Cookie-Set-From
X-CGP
X-Clara-WADP
X-Distil-CS
C-Via
X-Server-W
Gh-Request-Id
X-Servername
Apple-News-Services-Handled
Cache-Cookie-Set-Idcheck
X-Cache-Info
X-Cache-Tags
X-Platform-Server
X-Cache-Bucket
X-Policy
Platform
X-Variation
X-Developers
X-Eu-Site
Adler-Geo
X-Epic-Correlation-Id
Release
X-Req
X-Cache-ASPX
X-Nginx-Cache-Key
X-Fastly-Cache
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-URL
X-Response-By
X-BBXSRF
X-Compress-Hint
Sever-Int
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Var-Ttl
X-Varnish-Authentication
X-Irp-Debug
X-Reboot
X-Request-Host
Fastly-SIE
Fastly-SWR
X-Slack-Backend
X-TT-TIMESTAMP
Server-Ext
X-Mvc-Supplant-Cachable
X-Core-Mission
X-Contensis-Viewer-Groups
W
X-We-Are-Hiring
X-Webstats-RespID
Server-Hostname
X-Ms-Version
X-Ms-Request-Id
X-TrackingId
X-Vgn-Hpd-Reason
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-TH-Server
X-AIR-PT
X-TIME
X-Refresh
GEO-INFO
X-LI-Proto
X-VServer
X-Li-Fabric
X-Li-Pop
X-GoCache-CacheStatus
X-LI-UUID
Memcached
Node
X-SRV
X-App-Version
HostName
X-Cache-Debug
Esi-Enabled
X-Gzip
X-Esi-Check
LB
X-Cache-Id
X-DC
X-Origin-TTL
X-Origin-CC
X-Storefront-Renderer-Rendered
X-Configured-By
Ohc-File-Size
X-CLOUD-TRACE-CONTEXT
X-Wa
X-Loc
L
Server-ID
NtCoent-Length
Cache-Host
X-App-Name
X-Server-IP
X-Mvc-Supplant-OutputCached
X-NU-AKA-ACS-Version
X-Cdn-Forward
X-BC
X-ZONE
X-SVT-ORM-VERSION
X-Edge-Location
X-SVT-ORM-RULES
X-Key
X-VCT
X-Sucuri-ID
Pragrma
X-Cdn-Srv
X-MSEdge-Features
X-MSEdge-Flight
X-Bc
Referer-Policy
X-Zone
X-S-Maxage
X-B3-Traceid
MIME-Version
Memory
X-Varnish-URL
Server-Cache-Control
Server-Surrogate-Control
Ohc-Response-Time
X-FPC
X-Generated-By
X-BACKEND-TTL
X-Servedbyhost
X-Varnish-Ttl
X-Pjax-Url
Fastly-Backend-Name
X-Nginx-Cache
CACHE
X-Rocket-Nginx-Bypass
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Svr
X-Up
X-Via-CDN
FSS-Cache
X-COUNTRY
Request-Country
Request-EU
X-Minions-Version
Heartbleed
X-CF-Powered-By
X-Batcache
Locid
X-Varnish-Hits
Resin-Trace
X-Request-URI
X-Aicache-OS
X-ND-Cache
X-ElasticPress-Query
X-VCL-Version
SRV
X-Oss-Object-Type
X-Shopify-Generated-Cart-Token
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-GEO
X-Oss-Hash-Crc64ecma
X-Unique-ID
X-Gamma-Serve
X-CACHE-KEY
Cteonnt-Length
X-Ratelimit-Remaining
WZWS-RAY
X-Sucuri-Cache
GeoIp-Country-Code
DCR-Processing-Time-Ms
Lfy
GeoIP-Country-Code
DCR-Decision-By
Geoip-Latitude
X-BE
CF-Cached-On
Hostname
X-Vcl-Version
Location
HitType
X-WebServer
X-Check-Cacheable
X-PF-Uncompressing
Pramga
X-Fastly-Cache-Status
X-Azure-Ref-OriginShield
GeoIP-Latitude
X-Proxy-Upstream
X-ECache
Product
Powered-By-ChinaCache
X-HS-Status
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-VHOST
X-Cdn-Origin
X-Sn-Servicetimems
My-App
Ohc-Cache-HIT
X-Fetched-On
X-Fastly-Country-Code
X-PJAX-URL
X-Ratelimit-Limit
Mime-Version
X-LB-ID
X-CSRF-TOKEN
X-NGINX-Cache
X-Amzn-Requestid
X-VarnishDD-TTL
X-ServedByHost
PFcat
X-GeoIP-Country-Code
X-OVcl
X-OVcl-Cache
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Fpc
X-Pf-Uncompressing
X-Vgn-Hpd-Cached
X-Varnishpool
X-Ratelimit-Reset
X-Newrelic-App-Data
X-Varnish-Url
SN
X-Fastly-Backend-Reqs
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Rid
X-CACHE-AGE
X-Instart-Isnd
X-Platform
X-Render-Time
X-Ftr-Cache-Host
URI
X-Served-From
X-Cache-Expired-At
Dt-Cache-Category
Group
X-B3-Spanid
WWW-Authenticate
X-Request-Start
X-Swift-Error
Cdn
XServer
X-Tec-Api-Origin
A
X-Tec-Api-Root
X-B3-SpanId
X-CUA
X-Amzn-Remapped-Date
X-Tec-Api-Version
Epwk-X-Cache
Cf-Alt-Svc
X-Via-Ucdn
X-Amzn-Remapped-Connection
CloudFront-Viewer-Country
X-Request-Time
Origin
X-Original-Request-Id
PICS-Label
X-Via-NSCOPI
X-Oss-Cdn-Auth
Country-Code
X-Debug-Cache-Store
X-IN-APIGATEWAYSSL
X-Debug-Cache-Fetch
X-IN-APIGATEWAY
X-WR-MODIFICATION
Lb
Backend
X-LiteSpeed-Cache-Control
Pics-Label
Cloudfront-Viewer-Country
X-DPWN-IS-SECURE
Server-Ttl
X-Debug-Ysi-Auth
X-StackifyID
X-Debug-Cache-String
X-Varnish-Beresp-TTL
X-Cache-Tag
X-Apw-Hits
X-Cache-Version
Geoip-City
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Xas-Auth
X-Apw-Access-Token
X-Apw-Access-Object
X-Debug-Cache-Status
SID
X-Debug-Do-Not-Cache-Uri
X-WA
X-Debug-Cache-Bypass
X-Apw-Access-Action
X-Ocache
X-Shard
X-WPE-Loopback-Upstream-Addr
Proxy-Firewall
X-Acquia-Purge-Tags
X-Acquia-Site
X-Cache-Hfrom
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-RunCloud-Cache
Backend-Name
NnCoection
X-Nananana
X-Cache-Hm
Cneonction
Region
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-C
X-Planisys-CDN-TTL
CF-IPCountry
X-Request-URL
X-Akamai-ERPolicy
X-ElasticPress-Search
X-Html-Edge-Cache
X-Akamai-ERRuleID
X-VC
Request-Time
X-SB
X-B3-Parentspanid
Req-ID
X-Rocket-Build-Number
Host-ID
X-Sigma-Backend
X-Sigma
X-Country-IP
X-Varnish-ID
X-Dw-Trace-Id