Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Request-Id
X-DataDome
X-Pass-Why
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
NEL
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
Edge-Control
X-Clacks-Overhead
X-Cnection
X-Cloud-Trace-Context
X-Url
X-Rack-Cache
X-Px
X-FTR-Request-ID
RTSS
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
MS-Author-Via
X-Powered-By-Plesk
Accept-CH
Verso
X-DynaTrace
X-B3-TraceId
Public-Key-Pins
Service-Worker-Allowed
X-GitHub-Request-Id
X-Ttl
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Id
Accept-CH-Lifetime
Pagespeed
Display
X-MS-InvokeApp
Response
X-Varnish-TTL
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Sol
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-Forwarded-Proto
X-Cache-TTL
X-D2id
Pinterest-Generated-By
X-CST
X-Amz-Rid
TCN
X-Abt-Application-Version
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
Accept-Ch
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Instart-Request-ID
X-ESI
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Accel-Expires
X-TEC-API-ROOT
Accept-Ch-Lifetime
X-Version
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-MSEdge-Ref
Access-Control-Request-Method
Nginx-Cache
X-Grace
AR-CACHE
Ar-Sid
Charset
X-Debug
X-Upstream
S
X-Powered-CMS
Nel
SPRequestDuration
SPIisLatency
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
SPRequestGuid
X-FastCGI-Cache
X-DynaTrace-JS-Agent
Content-MD5
Realpath
X-Ezoic-Cdn
Pinterest-Version
X-Pinterest-Rid
X-Trace
X-Element-Page-Cache
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Node-Name
X-T
Fastcgi-Cache
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Mobile-URL
X-XRDS-Location
X-Request-Processing-Time
X-Frontend
X-Request-Received
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Cache-Hit
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-Oneagent-Js-Injection
Server-Node
X-Cache-Age
Edge-Cache-Tag
TP-Cache
TP-L2-Cache
X-FTR-Expires
Front-End-Https
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
Server-Name
ServerID
X-Forwarded-For
X-Hostname
X-Amzn-Trace-Id
DynaTrace
Arc-Version
PB-PID
PB-RID
Fastly-Restarts
X-Cache-Key
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Hits
X-Mobile-Rewrite
X-Akamai-Edgescape
X-F-Cache
X-Page-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-Jobs
X-TTL
X-LB-Cache
Accept-Charset
X-HS-Hub-Id
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Filters
X-Cdn
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-Yandex-Sdch-Disable
X-FTR-Cache-Host
X-Geo-Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Origin-Server
X-Fastcgi-Cache
X-Via-JSL
X-B
X-Varnish-Age
Alternate-Protocol
MicrosoftSharePointTeamServices
X-N
X-Rid
X-Daa-Tunnel
Host-Header
X-Ser
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Ruxit-Js-Agent
X-Erf-Bev-Bev
X-ATG-Version
X-Az
X-AppVersion
X-Activity-Id
X-WebKit-CSP-Report-Only
DC
Cache-Tags
X-Esi
Paypal-Debug-Id
X-Amz-Replication-Status
X-Correlation-Id
Retry-After
X-FB-Debug
X-Git-Hash
Actual-Object-TTL
X-Type
X-Debug-Info
X-App-Server
X-Varnish-Grace
Section-Io-Cache
X-TT
X-Signature
X-App-Environment
X-B-Cache
Frame-Options
X-Whom
X-XRDS-LOCATION
X-Contextid
X-Server-ID
X-Request-Guid
Surrogate-Key
X-Status
Fastcgi-Useragent
X-Edge
X-Content-Options
Host
X-AOL-HN
Healthy
X-Seen-By
X-Cache-Action
X-Pinterest-Direct
X-RateLimit-Remaining
Source
Refresh
X-Host-Name
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-B3-Sampled
X-Endurance-Cache-Level
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Instance
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-Response-Served-From
X-Cache-Rule
X-Accel-Buffering
X-Cache-Operation
X-Drupal-Cache-Tags
X-RemovedCookies
X-Amz-Apigw-Id
X-ProcessESI
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Rule
X-Amzn-RequestId
X-Cacheable-TTL
X-MCACHE
X-Environment-Context
X-L-Path
X-Mid
MS-CV
X-UUID
Payment
X-Region
Eomportal-Instance
X-FW-Dynamic
X-Cache-Time
Datacenter
X-FW-Hash
X-Cache-Control
X-FW-Server
X-Is-Bot
X-Varnish-Server
X-Rendered-As
X-FW-Serve
X-FW-Type
X-FW-Static
Cache-Status
X-Adobe-Loc
X-Adobe-Content
WPE-Backend
Countrycode
NR-ENABLED
X-WA-Info
X-Litespeed-Cache
Xserver
X-Protected-By
X-APP-VERSION
X-URL
X-GeoIP
X-Correlation-ID
Srv
X-VCache
Content-Disposition
X-PressLabs-Stats
X-Wix-Request-Id
X-Akamai-Transformed
X-Cluster
NGB
X-Cached-By
X-EdgeConnect-Cache-Status
X-RequestSource
X-Cache-Server
X-SERVER-NAME
X-Akamai-Request-ID2
X-Yottaa-Metrics
Uber-Trace-Id
X-UnsetCookies
X-Yottaa-Optimizations
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Time
X-Tt-Trace-Host
Version
X-Mode
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Proxy
X-Mobile
X-Load-Cache
X-IPS-LoggedIn
X-Handled-By
Access-Control-Request-Headers
X-PHP-Backend
X-Cache-Remote
X-Unique-Id
Liferay-Portal
Accept-Language
X-Presslabs-Stats
Filterid
X-FireWall-Port
X-Path-Route
X-No-Session
X-Backend-Name
X-Viewer-Country
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-ES-SERVER
X-Via-Fastly
X-Azure-Ref
Meta-Geo
X-CCM
X-Cache-Var
X-RN-RSRV
X-Adobe-Source
X-Cache-Var-Map
X-Cache-Status-Check
X-AWS-Id
X-ApacheServer
X-Cache-NGX
X-Time-Microsecs
Decoy-Debug-TTL
X-Site-Version
X-Locale
Decoy-Debug-Key
Cache-Hits
Decoy-Debug-Status
X-UA-Device-Type
X-Storage
X-OCL
Akamai-GRN
ServedBy
Cache
X-PCL
X-Www-Served-By
X-Framework
X-Pubstack
X-LJ-Flow-ID
X-MP-GENERATED-AT
X-NewRelic-App-Data
X-PERF
X-Redis-Cache
X-VWS-Id
Cache-Name
X-FW-Version
X-Real-IP
X-R9-Blue-Green-Version
X-NCache
X-Human
X-RTag
X-Say-Cacheable
X-TX-ID
X-SayCDN-TTL
X-Say-TTL
X-Cache-Config
Webserver
Origin-Cache-Control
Now
Mn-Server-Ip
Fastly-SSL
Origin-Edge-Control
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Cleartype
Ms-Operation-Id
Upgrade-Insecure-Requests
X-Access
Webcakes-App-Version
Webcakes-Region
X-Bc-Bl
X-CS
X-Cache-Enabled
X-BYPASS-REASON
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Device-Type
X-FC-Vary-Parameters
X-Routing-Service
X-ProxyCache-Status
X-Section
X-ServerID
X-UPSTREAM-Address
X-Zipkin-Id
X-ProxyCache-Key
X-Proxied
X-Hl-Ver
X-Format
X-Info
X-NWS-UUID-VERIFY
X-Origin-Hint
X-Origin
Property-Id
X-Web-Node
X-Proxy-Build
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-CSRF-Token
X-EIG-Tracking-Id
DB-Nickname
X-Shopify-Stage
X-ShopId
X-ShardId
X-NYM-Debug-Backend
X-Loop
X-From
X-FB-TRIP-ID
X-Detected-As
X-Generated
X-Hyper-Cache
X-BCube-Filmed-By
X-JoinUs
X-IP
DSUID
X-SaId
X-TNCMS
X-Xfnlog-Site
X-Geo
X-Timing-Wait
Selected-Fe
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Azure-SlotName
Azure-RegionName
X-Varnish-Cache-Hits
X-Hosted-By
Azure-InstanceId
Azure-Version
Azure-SiteName
Country
Load-Balancing
X-Content-Age
X-Source
X-PHP-Host
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Qloud-Router
X-Labrador-Cache-Channel
Ec-Rule-Version
X-Cluster-Node
X-Air-Hostname
X-Cache-NE
Cache-Tv-Group
SD-X-WS
X-Old-Content-Length
FilterID
X-Cache-Host
User-Agent
X-Varnish-Hostname
Time
X-Pad
X-Vcache
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-CDN-Forward
X-Backend-TTL
X-Release
X-Parent-Response-Time
X-Cache-2
Locale
X-Urbn-Site-Id
X-Ua
X-Cache-Backend
X-Urbn-Context-Path
X-RCS-CacheZone
S-Cnection
Server-Info
X-EC-Lua
X-Akamai-Request-ID
X-Proxy-Cache-Status
X-Webkit-CSP
X-Cache-Grace
X-Forwarded-Host
X-RateLimit-Limit
X-Microcachable
X-Tumblr-Pixel-3
X-CLOUD-TRACE-CONTEXT
X-Debug-Cache
X-Srv
Proxy-Connection
X-UA
X-Dc
X-Soup
OT-Force-Account-Verify
X-NC
X-FORWARDED-FOR
NGX
Tracecode
Apigw-Requestid
Sid
X-Tb
Content-Script-Type
X-External-Request-Id
BehaviorPad-Version
X-Proto
X-Ms-Version
X-NodeID
X-PAYTM-SRV-ID
X-Uri
X-Level-Front-Cache
X-Instart-Info
Arc-Country
X-G
X-Generated-On
X-Geo-Header
AsisCache
X-Date
T-Server
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-Application
Server-Host
ServerName
X-A-Dcw
True-Client-Country-4JS
X-A-Ccd
Who
X-A
VivaBuild
Viewtype
X-A-Dam
UCS
X-ARC
X-B-Cookie
X-Destination
X-D
X-Connection-Hash
X-Developer
GEO-REGION-INFO
Fastcgi-X-Cache-Version
X-Dispatch
X-DevSite-Last-Modified
X-CF-Lambda-Version
X-CF-Lambda-Fn
Mobile-Detection-Method
Pagetype
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
M-TraceId
Machine
Content-Style-Type
X-Ms-Request-Id
X-Rojux
X-S
X-VG-WebServer
X-Vdms-Version
Geo-Info
X-Vdms-Path
X-Rewrite-Enabled
X-Trace-Id
Xc-Version
X-Scheme
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Session-Fingerprint
X-ServiceProvider
X-VG-WebCache
X-ScT
X-SRCache-Key
X-Transaction
X-S-Cookie
X-Reqid
X-Region-Sid
X-Trv-Group
X-Processor
X-Twitter-Response-Tags
User-Cache-Control
X-TIME
X-Magnolia-Registration
X-SN
X-Swa-Ws
Kp-EeAlive
X-Wikidot-Static-Cache
Magicmarker
X-Thanos
IsBot
X-Cms-Context
Web-Mar-Node
X-Wikidot-Backend
X-User
X-SIPLIST1
X-Skip-Cache
X-Clara-WADP
Vix-Hermes-Req-Id
X-Core-Value
We-Hiring
N-Cache
X-TT-TIMESTAMP
V-Age
X-Dispatcher-Server
X-VC-Cache
X-WADP-Cache
X-Agile
X-Agile-Age
X-Agile-Id
X-Bip
X-Block-Status
On-Server
NM-Fastcgi-Cache
X-Cache-Info
X-Worker
Viewport
X-Branch-Name
X-Cache-Bucket
X-Cache-FS-Status
Mail-Subject
FNAC-ModuleRouting
X-Hash
X-Hnp-Log
X-Via-PopV
X-Generation-Time
AKAMAI
X-Vgn-Hpd-Reason
X-Gen-Mode
X-Generated-In
X-LAGOON
X-Location
X-Cluster-Name
X-Owner
X-Via-PopH
GEO-INFO
Cache-Key
X-Logging-Id
X-Method
X-Micro-Cache
X-SD-PageType
X-Cache-PHP
CDCHOST
X-Fmm-Version
Cf-Ipcountry
X-Hit
X-Newrelic-Synthetics
X-Envoy-Decorator-Operation
X-SRV
X-We-Are-Hiring
X-Request-Host
X-Envoy-Upstream-Healthchecked-Cluster
X-Request-UUID
X-Distributor
X-Webstats-RespID
X-Servername
X-Developers
X-Varnish-Cacheable
X-Reboot
X-Req
X-Distil-CS
X-Platform-Server
X-Policy
X-Variation
X-Origin-Expires
X-Node-Id
X-Matched-Rule
X-Device-Os
X-Origin-Date
X-Mvc-Supplant-Cachable
X-RateLimit-Limit-Second
X-Thinkindot-L3
Wxu-Next-Region
X-Has-Esi
X-Clientip
X-VG-TLSProxy
X-Cache-Tags
X-CGP
X-Fastly-Cache
X-Eu-Site
X-Cache-URL
X-Epic-Correlation-Id
X-Irp-Debug
X-Backend-State
X-Backend-Host
X-Auto-Login
X-Server-W
X-BBXSRF
X-RateLimit-Remaining-Second
X-Slack-Backend
X-Is-Gdpr
X-JWT-State
X-TrackingId
Wxu-Next-Hostname
C-Via
Ha-Gx-Prefs
Release
Apple-News-Services-Request-Url
RNT-Machine
RNT-Time
Is-Eu
HA-Ipaddr
Platform
L5d-Success-Class
Apple-News-Services-Host
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Memcached
Rt-Fastcgi-Cache
Adler-Geo
X-TA-CDN-Provider
Node
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastly-Drupal-HTML
Wxu-Next-Commit
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Gh-Request-Id
X-Be
X-Nginx-Cache-Key
X-LI-UUID
X-Li-Pop
X-Contensis-Viewer-Groups
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Core-Mission
Esi-Enabled
X-Rebelmouse-Surrogate-Control
X-Varnish-Authentication
X-VServer
Server-Hostname
Sever-Int
X-Var-Ttl
W
Server-Ext
X-GoCache-CacheStatus
X-Response-By
CacheControlHeader
X-Cache-ASPX
Fastly-SWR
X-Li-Fabric
X-App
X-Nc
L
X-Refresh
X-Compress-Hint
Server-ID
X-LI-Proto
X-DC
Ohc-File-Size
X-App-Name
X-Server-IP
X-Varnish-Beresp-Grace
Cache-Host
X-Varnish-Beresp-Ttl
X-TH-Server
X-Varnish-Beresp-Status
HostName
X-Wa
X-Cache-Debug
X-Cache-Id
X-Esi-Check
X-AIR-PT
X-VCT
X-Gzip
LB
X-Origin-TTL
X-Origin-CC
X-Configured-By
X-ZONE
X-Mvc-Supplant-OutputCached
X-Loc
X-BC
X-Cdn-Srv
X-Sucuri-ID
X-S-Maxage
X-Storefront-Renderer-Rendered
X-Key
Server-Cache-Control
X-FPC
X-NU-AKA-ACS-Version
Server-Surrogate-Control
X-Generated-By
X-B3-Traceid
X-MSEdge-Flight
NtCoent-Length
X-Edge-Location
X-SVT-ORM-VERSION
Ohc-Response-Time
Memory
X-SVT-ORM-RULES
X-MSEdge-Features
X-Zone
X-Bc
X-App-Version
Pragrma
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
X-CF-Powered-By
X-Cdn-Forward
MIME-Version
CACHE
Locid
X-Debug-Panamera-Sitecode
Heartbleed
X-Svr
X-Pjax-Url
Request-Country
Referer-Policy
X-Debug-Panamera-Host
X-Varnish-URL
Request-EU
SRV
X-Varnish-Hits
X-Request-URI
Resin-Trace
X-COUNTRY
X-CACHE-KEY
Fastly-Backend-Name
X-Batcache
X-Servedbyhost
X-Shopify-Generated-Cart-Token
X-Nginx-Cache
X-BACKEND-TTL
X-Up
FSS-Cache
WZWS-RAY
X-GEO
X-Minions-Version
X-Gamma-Serve
X-VCL-Version
X-Via-CDN
X-ElasticPress-Query
GeoIp-Country-Code
Geoip-Latitude
X-Aicache-OS
X-ND-Cache
X-Ratelimit-Remaining
X-Sucuri-Cache
X-Amzn-Requestid
X-WebServer
Lfy
CF-Cached-On
X-BE
Hostname
X-Check-Cacheable
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Vcl-Version
GeoIP-Country-Code
X-Proxy-Upstream
HitType
Product
X-Oss-Object-Type
X-Oss-Storage-Class
Cteonnt-Length
Cdn-Request-Time
DCR-Processing-Time-Ms
GeoIP-Latitude
Cdn-Host
DCR-Decision-By
X-ECache
X-Edge-Server
Powered-By-ChinaCache
X-Sn-Servicetimems
X-Cdn-Origin
My-App
Mime-Version
X-Fetched-On
X-NGINX-Cache
X-Unique-ID
X-GeoIP-Country-Code
Pramga
X-Azure-Ref-OriginShield
Ohc-Cache-HIT
Location
X-HS-Status
X-Fastly-Cache-Status
X-ServedByHost
X-PJAX-URL
X-PF-Uncompressing
X-Ratelimit-Limit
X-CSRF-TOKEN
X-Varnish-Url
SN
X-Fastly-Country-Code
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-LB-ID
X-VarnishDD-TTL
URI
PFcat
X-Fastly-Backend-Reqs
X-OVcl-Cache
Group
X-CACHE-AGE
X-Request-Start
X-Served-From
X-OVcl
X-B3-Spanid
Dt-Cache-Category
X-Vgn-Hpd-Ssi
Cdn
X-Vgn-Hpd-Variations-Key
X-Fpc
X-Vgn-Hpd-Cached
X-Newrelic-App-Data
X-Shard
X-Ratelimit-Reset
XServer
X-Render-Time
X-B3-SpanId
X-Varnishpool
X-Via-Ucdn
X-Platform
X-Instart-Isnd
X-Swift-Error
X-Ftr-Cache-Host
X-Cache-Expired-At
X-Tec-Api-Origin
WWW-Authenticate
X-Tec-Api-Root
A
X-IN-APIGATEWAYSSL
X-Request-Time
X-Via-NSCOPI
X-IN-APIGATEWAY
CloudFront-Viewer-Country
X-Tec-Api-Version
Country-Code
Cf-Alt-Svc
Geoip-City
X-DPWN-IS-SECURE
X-Varnish-Beresp-TTL
Origin
PICS-Label
X-Debug-Cache-Store
X-Ocache
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Fetch
X-WPE-Loopback-Upstream-Addr
Lb
X-WR-MODIFICATION
X-LiteSpeed-Cache-Control
X-C
X-StackifyID
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Debug-Cache-String
Server-Ttl
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
CF-IPCountry
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-Planisys-CDN-TTL
X-WA
Cloudfront-Viewer-Country
Epwk-X-Cache
X-Amzn-Remapped-Date
X-CUA
X-Planisys-CDN-Rules
SID
X-Planisys-CDN-Cache
X-Amzn-Remapped-Connection
X-Acquia-Site
Cneonction
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-Rocket-Build-Number
NnCoection
Region
X-Oss-Cdn-Auth
X-Sigma-Backend
X-Sigma
X-Acquia-Application-UUID
X-Cache-Tag
Request-Time
X-Nananana
X-Acquia-Application-Trace
X-Cache-Hm
Host-ID
Proxy-Firewall
X-Country-IP
X-APP
Pics-Label
X-Varnish-ID
X-B3-Parentspanid
Req-ID
X-Li-Proto
X-DW
X-RPM
X-Akamai-ERRuleID
X-RSL
X-RPS
X-Akamai-ERPolicy
X-DSS
X-DI
TTL
X-Dw-Trace-Id
X-SB
X-Action
X-Html-Edge-Cache
X-DB
X-ElasticPress-Search
X-Request-URL
X-VC