Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Generator
X-Permitted-Cross-Domain-Policies
CF-Ray
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Cache-Group
X-Request-ID
Xkey
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
X-Hacker
X-Page-Speed
X-UA-Device
EagleId
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
P3p
X-LiteSpeed-Cache
Report-To
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
X-Host
EagleEye-TraceId
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Pass-Why
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
NEL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Url
X-Rack-Cache
X-Px
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-TtlSet
X-PC
X-Vname
MS-Author-Via
X-Ttl
X-Powered-By-Plesk
Verso
X-DynaTrace
Accept-CH
Public-Key-Pins
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
Response
X-Sol
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
Accept-CH-Lifetime
X-D2id
X-Abt-Application-Version
TCN
X-CST
Pinterest-Generated-By
X-Amz-Rid
X-Cached
Accept-Ch
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
Nel
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-ESI
Accept-Ch-Lifetime
X-MSEdge-Ref
X-Version
Nginx-Cache
Access-Control-Request-Method
AR-Request-ID
X-Grace
AR-ATIME
AR-PoweredBy
S
Charset
SPIisLatency
SPRequestDuration
X-Debug
X-Upstream
AR-CACHE
Ar-Sid
X-Powered-CMS
SPRequestGuid
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-Client-IP
X-SRCache-Store-Status
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-DynaTrace-JS-Agent
X-FastCGI-Cache
Realpath
X-Ezoic-Cdn
Content-MD5
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Hp-Webp
X-Jurisdiction
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-Mobile-URL
X-NWS-LOG-UUID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
Edge-Cache-Tag
Server-Node
X-Frontend
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-Goog-Metageneration
X-Request-Received
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Request-Processing-Time
X-XRDS-Location
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Cache-Age
X-FTR-Expires
Front-End-Https
Server-Name
DynaTrace
Fastly-Restarts
X-Forwarded-For
X-Hostname
ServerID
Arc-Version
X-Amzn-Trace-Id
PB-RID
PB-PID
X-Zen-Fury
X-DIS-Request-ID
Powered
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Mobile-Rewrite
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Hits
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Cdn
X-LB-Cache
X-F-Cache
X-Akamai-Edgescape
Accept-Charset
X-Oneagent-Js-Injection
X-Jobs
X-Page-Id
X-Cache-Key
X-FTR-Cache-Host
X-Fastcgi-Cache
X-Geo-Country
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Filters
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
MicrosoftSharePointTeamServices
X-Via-JSL
X-Kong-Upstream-Latency
X-Varnish-Age
X-Kong-Proxy-Latency
X-Origin-Server
X-B
X-Ser
Alternate-Protocol
X-Rid
X-N
X-Yandex-Sdch-Disable
X-Correlation-Id
X-Daa-Tunnel
X-Varnish-Backend
Host-Header
X-Esi
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Debug-Info
X-XRDS-LOCATION
X-WebKit-CSP-Report-Only
X-Activity-Id
X-Git-Hash
DC
X-AppVersion
X-Az
X-Server-ID
Retry-After
X-App-Server
Frame-Options
Paypal-Debug-Id
X-Amz-Replication-Status
X-ATG-Version
X-FB-Debug
X-Type
X-Signature
Section-Io-Cache
X-B-Cache
X-Varnish-Grace
X-Contextid
Actual-Object-TTL
Cache-Tags
X-Whom
Fastcgi-Useragent
X-App-Environment
X-TT
X-TTL
X-Request-Guid
X-Edge
Surrogate-Key
X-Content-Options
X-Status
X-AOL-HN
X-RateLimit-Remaining
Host
Healthy
Source
X-Seen-By
X-Cache-Action
X-Ruxit-Js-Agent
X-Host-Name
Refresh
X-Pinterest-Direct
WPE-Backend
NR-ENABLED
X-Instance
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-B3-Sampled
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Upgrade-Enabled
X-ECACHE
X-Endurance-Cache-Level
From-Origin
Access-Control-Allow-Method
X-APP-VERSION
X-Drupal-Cache-Tags
X-Cache-Rule
X-Accel-Buffering
X-RemovedCookies
X-Response-Served-From
X-ProcessESI
X-Cache-Operation
X-Mid
X-MCACHE
Payment
VIX-Pulpo-Node
X-Cache-Control
X-UUID
X-Cacheable-TTL
Odigeo-Trace-Id
X-Region
VIX-Pulpo-Upstream-Status
X-Rule
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-L-Path
X-Amz-Apigw-Id
MS-CV
X-Varnish-Server
X-FW-Type
X-Cache-Time
X-Environment-Context
X-FW-Static
X-FW-Server
Countrycode
Datacenter
Eomportal-Instance
X-Is-Bot
Cache-Status
X-Rendered-As
X-Adobe-Loc
X-URL
X-WA-Info
X-Adobe-Content
Xserver
X-Protected-By
X-GeoIP
X-Amzn-RequestId
NGB
X-Cluster
X-Wix-Request-Id
X-RequestSource
X-SERVER-NAME
Content-Disposition
X-Akamai-Transformed
X-Cache-Server
X-Correlation-ID
Srv
X-Cached-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-VCache
Filterid
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
Uber-Trace-Id
X-PressLabs-Stats
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Version
X-UnsetCookies
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Unique-Id
X-IPS-LoggedIn
Upgrade-Insecure-Requests
X-Load-Cache
X-Mobile
X-Vcache
X-Mode
Access-Control-Request-Headers
X-Handled-By
X-PHP-Backend
X-Time
Liferay-Portal
X-Proxy
X-Cache-Remote
X-Framework
Cross-Origin-Window-Policy
X-Time-Microsecs
X-FireWall-Port
X-No-Session
X-MP-GENERATED-AT
X-Path-Route
X-PCL
X-ES-SERVER
X-OCL
X-Cache-Var
Meta-Geo
X-RN-RSRV
X-Adobe-Source
X-Cache-Status-Check
X-Cache-Var-Map
X-CCM
X-Storage
X-Via-Fastly
X-UA-Device-Type
Cache
X-Viewer-Country
X-Backend-Name
X-Say-Cacheable
Fastly-SSL
Webserver
X-FW-Version
X-Say-TTL
X-SayCDN-TTL
X-Web-Node
X-BCube-Filmed-By
X-Xfnlog-Site
X-Cache-Config
X-Www-Served-By
Accept-Language
X-ApacheServer
X-AWS-Id
X-Pubstack
X-Human
X-Site-Version
X-Redis-Cache
X-PERF
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Hits
ServedBy
X-NGENIX-Cache
X-TX-ID
Decoy-Debug-TTL
X-LJ-Flow-ID
Akamai-GRN
X-NYM-Debug-Backend
X-VWS-Id
X-Locale
DSUID
X-Real-IP
X-Access
X-BYPASS-REASON
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-R9-Blue-Green-Version
Mn-Server-Ip
X-FC-Vary-Parameters
X-NCache
X-ProxyCache-Status
X-Loop
X-Info
X-TNCMS
X-ProxyCache-Key
Section-Io-Id
Origin-Edge-Control
X-Origin
X-Hyper-Cache
Origin-Cache-Control
Section-Io-Origin-Status
Ms-Operation-Id
X-RTag
X-Cache-NGX
S-Rt
Now
X-Goog-Meta-Goog-Reserved-File-Mtime
Cleartype
X-Section
X-Format
TWC-Connection-Speed
X-Cache-Enabled
X-Device-Type
X-CS
X-Bc-Bl
X-FB-TRIP-ID
X-Hl-Ver
X-Proxied
X-Origin-Hint
X-Amzn-Remapped-Content-Length
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
Property-Id
X-ServerID
X-Zipkin-Id
Cache-Name
X-Routing-Service
X-Azure-Ref
X-Shopify-Stage
X-Source
X-IP
X-EIG-Tracking-Id
X-Timing-Wait
X-JoinUs
X-ShopId
X-From
X-Detected-As
X-SaId
X-UPSTREAM-Address
X-Generated
X-Hosted-By
X-ShardId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Selected-Fe
Ec-Rule-Version
X-Sorting-Hat-PodId
X-Proxy-Build
DB-Nickname
Country
Azure-InstanceId
X-Cache-NE
X-Geo
Azure-Version
X-Varnish-Cache-Hits
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-Old-Content-Length
X-Content-Age
X-CSRF-Token
SD-X-WS
X-Cluster-Node
X-NewRelic-App-Data
X-NWS-UUID-VERIFY
X-CDN-Forward
X-PHP-Host
X-Backend-TTL
X-Labrador-Cache-Channel
Cache-Tv-Group
X-Qloud-Router
X-Varnish-Hostname
Load-Balancing
Time
User-Agent
X-Pad
X-Litespeed-Cache
X-Cache-Host
X-Air-Hostname
X-EC-Lua
S-Cnection
X-Cache-Backend
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-Cache-2
FilterID
X-Parent-Response-Time
X-RCS-CacheZone
X-Microcachable
X-Proxy-Cache-Status
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Ua
X-UA
X-Forwarded-Host
Server-Info
X-RateLimit-Limit
X-Release
X-Tumblr-Pixel-3
X-Akamai-Request-ID
X-Cache-Grace
Tracecode
X-CLOUD-TRACE-CONTEXT
OT-Force-Account-Verify
X-NC
X-TIME
NGX
Proxy-Connection
Sid
X-FORWARDED-FOR
X-Debug-Cache
X-SRV
X-Soup
Cache-Key
X-Vgn-Hpd-Reason
X-Dc
X-Newrelic-Synthetics
AsisCache
Arc-Country
X-Connection-Hash
X-Date
X-D
BehaviorPad-Version
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
Content-Style-Type
Content-Script-Type
X-CF-Lambda-Fn
CDCHOST
X-Destination
X-Geo-Header
X-G
X-Instart-Info
X-Level-Front-Cache
X-Uri
X-External-Request-Id
X-Dispatch
X-DevSite-Last-Modified
X-Developer
X-Tb
ServerName
Server-Host
GEO-REGION-INFO
X-ARC
X-A
Who
Machine
M-TraceId
X-A-Ccd
MD5-Digest
Meta-Geo-Continent
Pagetype
UCS
Viewtype
VivaBuild
Mobile-Detection-Method
X-A-Dam
X-A-Dcw
X-Agile-Age
T-Server
X-Agile-Id
X-Application
True-Client-Country-4JS
X-Agile
X-Aed
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
Rendered-Blocks
X-B-Cookie
X-Generated-On
X-Session-Fingerprint
X-ScT
X-Skip-Cache
X-SRCache-Key
X-Trace-Id
X-Swa-Ws
X-Scheme
X-S-Cookie
X-Reqid
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-S
X-Rojux
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
X-Magnolia-Registration
Xc-Version
X-VG-WebCache
X-Srv
X-User
X-Twitter-Response-Tags
GEO-INFO
X-Vdms-Path
X-Vdms-Version
X-Cluster-Name
X-ServiceProvider
X-Ms-Version
X-Ms-Request-Id
X-Node-Id
X-PAYTM-SRV-ID
X-NodeID
X-Processor
User-Cache-Control
X-Proto
X-TT-TIMESTAMP
X-LAGOON
X-Via-PopH
We-Hiring
Web-Mar-Node
X-JWT-State
X-Is-Gdpr
X-Hnp-Log
X-Hit
X-Variation
X-Via-PopV
X-Varnish-Cacheable
X-Hash
X-Location
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Logging-Id
X-Method
X-Matched-Rule
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Has-Esi
Vix-Hermes-Req-Id
Viewport
X-WADP-Cache
X-We-Are-Hiring
V-Age
X-VServer
X-Thinkindot-L3
X-Clara-WADP
X-Clientip
X-CGP
X-SD-PageType
X-Micro-Cache
X-Servername
X-Cms-Context
X-Fmm-Version
X-Platform-Server
X-Device-Os
X-Dispatcher-Server
X-Core-Value
X-Eu-Site
X-Distil-CS
X-Owner
X-Gen-Mode
X-Bip
X-Generated-In
X-Backend-State
Rt-Fastcgi-Cache
X-Reboot
X-Thanos
X-Block-Status
X-Branch-Name
X-Cache-PHP
X-Cache-Tags
X-SN
X-Cache-Info
X-Cache-Bucket
X-Cache-FS-Status
X-Generation-Time
X-Epic-Correlation-Id
Mail-Subject
Magicmarker
C-Via
N-Cache
On-Server
NM-Fastcgi-Cache
L5d-Success-Class
Kp-EeAlive
Ha-Gx-Prefs
FNAC-ModuleRouting
HA-Ipaddr
Fastly-Drupal-HTML
Is-Eu
Esi-Enabled
Platform
Memcached
AKAMAI
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Release
X-TA-CDN-Provider
Apple-News-Services-Request-Url
Geo-Info
Apigw-Requestid
X-Envoy-Decorator-Operation
X-Developers
Fastly-SWR
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Req
X-Fastly-Cache
X-TrackingId
Fastly-SIE
Node
X-Distributor
X-BBXSRF
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Response-By
X-Cache-URL
X-Envoy-Upstream-Healthchecked-Cluster
X-Server-W
X-Request-Host
X-Li-Fabric
X-Policy
X-LI-UUID
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-GoCache-CacheStatus
W
Sever-Int
RNT-Machine
RNT-Time
Server-Ext
Server-Hostname
Server-ID
X-Li-Pop
X-VC-Cache
Wxu-Next-Commit
X-Slack-Backend
X-Origin-Expires
Gh-Request-Id
X-Auto-Login
X-VG-TLSProxy
X-Rebelmouse-Cache-Control
X-Origin-Date
L
Wxu-Next-Region
IsBot
X-Backend-Host
Wxu-Next-Hostname
X-Webstats-RespID
Cf-Ipcountry
X-Refresh
X-Server-IP
X-Be
X-LI-Proto
X-Varnish-Authentication
Cache-Host
X-Var-Ttl
X-App
X-Cache-ASPX
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-App-Name
X-Core-Mission
X-Contensis-Viewer-Groups
X-VCT
X-DC
X-Nc
Ohc-File-Size
X-Compress-Hint
CacheControlHeader
X-Mvc-Supplant-OutputCached
X-Wa
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cdn-Srv
X-S-Maxage
X-FPC
Server-Cache-Control
Server-Surrogate-Control
X-TH-Server
X-Generated-By
HostName
X-Sucuri-ID
X-Gzip
X-Loc
X-Esi-Check
X-Bc
X-Zone
X-Cache-Debug
X-Cache-Id
NtCoent-Length
Memory
X-CACHE-KEY
X-Origin-TTL
SRV
X-B3-Traceid
X-Origin-CC
LB
X-NU-AKA-ACS-Version
X-Rocket-Nginx-Bypass
X-Configured-By
X-AIR-PT
Ohc-Response-Time
Heartbleed
X-Webkit-CSP
X-BC
Locid
Request-EU
X-MSEdge-Features
X-ZONE
Request-Country
X-Key
X-MSEdge-Flight
X-SVT-ORM-VERSION
X-Varnish-Ttl
X-SVT-ORM-RULES
X-Storefront-Renderer-Rendered
CACHE
X-Request-URI
X-Shopify-Generated-Cart-Token
X-Debug-Panamera-Sitecode
X-Edge-Location
X-Svr
X-Debug-Panamera-Host
X-CF-Powered-By
MIME-Version
X-Varnish-Hits
X-Pjax-Url
Pragrma
X-COUNTRY
X-Amzn-Requestid
X-Varnish-URL
WZWS-RAY
X-Servedbyhost
X-Gamma-Serve
X-Nginx-Cache
X-VCL-Version
Fastly-Backend-Name
Referer-Policy
X-Batcache
FSS-Cache
X-GEO
Resin-Trace
X-Cdn-Forward
X-WebServer
X-Up
GeoIp-Country-Code
Geoip-Latitude
X-App-Version
X-Minions-Version
X-Proxy-Upstream
X-BACKEND-TTL
Lfy
Product
Hostname
X-Sucuri-Cache
X-NGINX-Cache
X-BE
X-Cdn-Origin
HitType
Cteonnt-Length
X-ND-Cache
X-Fetched-On
My-App
X-ElasticPress-Query
X-Aicache-OS
GeoIP-Country-Code
Mime-Version
X-Sn-Servicetimems
X-Via-CDN
X-GeoIP-Country-Code
X-ServedByHost
X-Vcl-Version
Cdn-Host
CF-Cached-On
Powered-By-ChinaCache
X-Edge-Server
GeoIP-Latitude
Cdn-Request-Time
X-Ratelimit-Remaining
X-Varnish-Url
Ohc-Cache-HIT
SN
X-PJAX-URL
X-HS-Status
X-Shard
X-CSRF-TOKEN
DCR-Decision-By
X-Fastly-Country-Code
DCR-Processing-Time-Ms
X-Oss-Object-Type
X-Oss-Server-Time
X-ECache
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Unique-ID
X-Check-Cacheable
Group
X-Fastly-Backend-Reqs
X-PF-Uncompressing
X-Request-Start
Location
X-Served-From
X-Azure-Ref-OriginShield
Pramga
X-Fastly-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Pf-Uncompressing
X-Ratelimit-Limit
URI
Cdn
X-B3-Spanid
X-CACHE-AGE
X-Via-Ucdn
X-Newrelic-App-Data
X-LB-ID
Dt-Cache-Category
X-OVcl-Cache
X-Fpc
X-OVcl
X-IN-APIGATEWAY
Country-Code
X-Request-Time
CloudFront-Viewer-Country
PFcat
X-IN-APIGATEWAYSSL
X-VarnishDD-TTL
XServer
X-Via-NSCOPI
X-Swift-Error
X-B3-SpanId
X-Tec-Api-Root
A
X-Vgn-Hpd-Variations-Key
X-DPWN-IS-SECURE
X-Tec-Api-Origin
Cf-Alt-Svc
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Geoip-City
X-Vgn-Hpd-Cached
X-Tec-Api-Version
X-Vgn-Hpd-Ssi
CF-IPCountry
X-Render-Time
PICS-Label
X-Platform
X-Instart-Isnd
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Origin
X-Varnish-Beresp-TTL
X-Ocache
X-C
X-WR-MODIFICATION
Lb
X-WPE-Loopback-Upstream-Addr
X-Varnishpool
X-Rocket-Build-Number
X-LiteSpeed-Cache-Control
Server-Ttl
X-Country-IP
Host-ID
Request-Time
X-APP
X-StackifyID
X-Ratelimit-Reset
X-Sigma-Backend
X-Sigma
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-Apw-Access-Object
X-Apw-Access-Token
WWW-Authenticate
SID
X-Apw-Hits
Proxy-Firewall
X-Cache-Expired-At
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Bypass
X-WA
X-Cache-Tag
X-Apw-Access-Action
X-Ftr-Cache-Host
X-DI
X-DW
X-RPM
X-RPS
X-RSL
X-DSS
Cloudfront-Viewer-Country
X-Acquia-Site
X-Cache-Hfrom
X-Acquia-Application-Trace
Region
TTL
NnCoection
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-DB
X-Cache-Hm
X-Action
Cneonction
X-Varnish-ID
Req-ID
X-ElasticPress-Search
X-B3-Parentspanid
X-Html-Edge-Cache
X-Li-Proto
X-Dw-Trace-Id
X-SB
X-Nananana
X-VC
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Request-URL