Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Template
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Cache-Group
Xkey
X-Robots-Tag
X-Proxy-Cache
Feature-Policy
X-Amz-Id-2
X-Amz-Request-Id
Request-Context
X-Hacker
X-Page-Speed
X-UA-Device
EagleId
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
P3p
X-Varnish-Cache
Server-Timing
X-Request-ID
X-LiteSpeed-Cache
Report-To
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-OneAgent-JS-Injection
X-Host
EagleEye-TraceId
X-Device
X-Dns-Prefetch-Control
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Vhost
X-Cache-Lookup
X-Pass-Why
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
X-DataDome
Request-Id
X-Mod-Pagespeed
X-Application-Context
Content-Location
NEL
X-Akam-SW-Version
X-ORACLE-DMS-ECID
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Url
X-Px
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-TtlSet
X-PC
X-Vname
MS-Author-Via
X-Powered-By-Plesk
Verso
X-Ttl
X-DynaTrace
Public-Key-Pins
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
Accept-CH
X-Varnish-TTL
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Display
Response
Pagespeed
X-Sol
X-Middleton-Response
Display
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Cache-TTL
X-D2id
Accept-Ch
X-Abt-Application-Version
TCN
Accept-CH-Lifetime
X-Amz-Rid
Pinterest-Generated-By
X-Cached
X-CST
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Navigation-Version
X-Content-Type
X-Fastly-Request-ID
Accept-Ch-Lifetime
Cache-Tag
X-Accel-Expires
X-Instart-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Server-Name
X-TEC-API-ORIGIN
X-ESI
X-MSEdge-Ref
X-Version
Nginx-Cache
Access-Control-Request-Method
S
X-Grace
AR-ATIME
AR-Request-ID
AR-PoweredBy
SPIisLatency
Charset
SPRequestDuration
X-Debug
Ar-Sid
AR-CACHE
X-Upstream
X-SharePointHealthScore
SPRequestGuid
X-FastCGI-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
Nel
X-Client-IP
X-Trace
X-DynaTrace-JS-Agent
Pinterest-Version
X-Ezoic-Cdn
X-Pinterest-Rid
Realpath
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Content-MD5
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Id
X-Hp-Webp
X-Jurisdiction
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Shield-Request-Id
X-ASPNET-VERSION
Fastcgi-Cache
X-T
X-XRDS-Location
X-Oneagent-Js-Injection
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-Mobile-URL
X-NWS-LOG-UUID
Edge-Cache-Tag
X-Frontend
Server-Node
X-FTR-Backend-Server
X-Goog-Generation
X-FTR-DC
X-Goog-Stored-Content-Length
X-FTR-Realm
X-Country-Code-Real
X-Request-Received
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-FTR-Backend
X-Goog-Metageneration
X-GUploader-UploadID
X-FTR-Balancer
X-FTR-Cache-Status
X-Request-Processing-Time
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Cache-Age
X-FTR-Expires
Front-End-Https
Server-Name
DynaTrace
Fastly-Restarts
X-Hostname
X-Forwarded-For
ServerID
PB-RID
X-Zen-Fury
X-Amzn-Trace-Id
PB-PID
Arc-Version
X-DIS-Request-ID
X-Cdn
X-Microsite
Powered
X-Request-Handler-Origin-Region
X-Cache-Key
X-Mobile-Rewrite
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-User-Agent
X-HS-Hub-Id
X-Revision
X-Hits
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Akamai-Edgescape
X-F-Cache
Accept-Charset
X-Jobs
X-LB-Cache
X-Page-Id
X-Geo-Country
MicrosoftSharePointTeamServices
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-ORACLE-APMCS-TAG
Filters
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Content-Powered-By
X-Fastcgi-Cache
X-Ruxit-Js-Agent
X-Varnish-Age
X-Ser
X-Origin-Server
X-B
Alternate-Protocol
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Esi
X-Rid
X-N
X-Yandex-Sdch-Disable
X-Varnish-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-ID
X-Daa-Tunnel
X-Debug-Info
Host-Header
X-AppVersion
X-WebKit-CSP-Report-Only
X-TTL
X-ATG-Version
X-Az
X-App-Server
DC
X-Activity-Id
X-Amz-Replication-Status
Paypal-Debug-Id
Frame-Options
X-Type
X-Git-Hash
X-FB-Debug
Retry-After
Actual-Object-TTL
Section-Io-Cache
X-B-Cache
X-Signature
X-Whom
X-App-Environment
Cache-Tags
X-Varnish-Grace
Fastcgi-Useragent
X-TT
X-Contextid
X-RateLimit-Remaining
X-Request-Guid
X-Edge
Surrogate-Key
X-AOL-HN
X-Correlation-Id
X-Status
X-Seen-By
Source
X-Content-Options
Host
X-Cache-Action
Healthy
WPE-Backend
NR-ENABLED
X-Host-Name
X-ECACHE
X-B3-Sampled
Refresh
X-IPLB-Instance
X-XRDS-LOCATION
X-Pinterest-Direct
X-HTML-Minification-Powered-By
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Upgrade-Enabled
X-Endurance-Cache-Level
From-Origin
Access-Control-Allow-Method
X-Cache-Rule
X-ProcessESI
X-Response-Served-From
X-Accel-Buffering
X-RemovedCookies
X-Drupal-Cache-Tags
X-Mid
X-MCACHE
X-Cache-Operation
X-URL
Payment
X-L-Path
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-Environment-Context
X-Cacheable-TTL
X-Rule
X-FW-Dynamic
X-FW-Type
Odigeo-Trace-Id
X-UUID
X-FW-Static
X-FW-Server
X-Region
VIX-Pulpo-Node
X-FW-Hash
X-FW-Serve
X-Varnish-Server
Eomportal-Instance
Cache-Status
X-Amz-Apigw-Id
X-Cache-Time
MS-CV
X-Is-Bot
X-Correlation-ID
Datacenter
Countrycode
X-Rendered-As
X-Adobe-Loc
X-Adobe-Content
Xserver
X-WA-Info
X-APP-VERSION
X-GeoIP
X-Amzn-RequestId
X-Protected-By
NGB
X-Wix-Request-Id
X-Cluster
X-SERVER-NAME
X-PressLabs-Stats
X-RequestSource
Srv
X-Akamai-Transformed
Content-Disposition
X-Cache-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cached-By
X-EdgeConnect-Cache-Status
Version
X-Akamai-Request-ID2
X-Tumblr-Pixel-2
Uber-Trace-Id
X-Tumblr-Pixel-1
X-VCache
X-UnsetCookies
X-IPS-LoggedIn
Upgrade-Insecure-Requests
X-Vcache
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Time
X-Tt-Trace-Host
X-Presslabs-Stats
X-Mobile
X-Load-Cache
Filterid
Liferay-Portal
Access-Control-Request-Headers
X-Handled-By
X-Mode
X-Unique-Id
X-PHP-Backend
X-Cache-Remote
X-Time-Microsecs
Cross-Origin-Window-Policy
X-Framework
X-MP-GENERATED-AT
X-ES-SERVER
X-No-Session
X-OCL
X-PCL
X-Path-Route
Meta-Geo
X-FireWall-Port
X-RN-RSRV
X-Adobe-Source
X-Cache-Status-Check
X-Cache-Var-Map
X-Cache-Var
X-CCM
X-Storage
X-Proxy
X-UA-Device-Type
X-Via-Fastly
X-Viewer-Country
X-Pubstack
X-AWS-Id
X-Www-Served-By
X-SayCDN-TTL
X-Web-Node
X-VWS-Id
X-ApacheServer
X-Say-TTL
Cache-Hits
Webserver
Decoy-Debug-Status
Decoy-Debug-Key
Akamai-GRN
X-Redis-Cache
Decoy-Debug-TTL
DSUID
ServedBy
Accept-Language
X-Xfnlog-Site
X-PERF
X-BCube-Filmed-By
X-Say-Cacheable
X-TX-ID
X-FW-Version
X-Human
X-LJ-Flow-ID
Cache
X-NYM-Debug-Backend
X-NGENIX-Cache
X-Site-Version
X-Cache-Config
Fastly-SSL
Mn-Server-Ip
Ms-Operation-Id
X-Origin
Now
X-ProxyCache-Key
Cleartype
Cache-Name
Origin-Edge-Control
X-NCache
X-Real-IP
X-Locale
Section-Io-Origin-Time-Seconds
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Access
X-Format
X-FC-Vary-Parameters
X-BYPASS-REASON
X-Cache-NGX
X-R9-Blue-Green-Version
X-Hyper-Cache
Section-Io-Origin-Status
Section-Io-Id
X-ProxyCache-Status
Section-Origin-Responded
X-Info
S-Rt
Origin-Cache-Control
X-Backend-Name
X-RTag
X-Section
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Routing-Service
TWC-Device-Class
TWC-GeoIP-Country
X-Amzn-Remapped-Content-Length
TWC-Locale-Group
X-Bc-Bl
X-Hl-Ver
X-TNCMS
X-Loop
X-Origin-Hint
X-Proxied
X-FB-TRIP-ID
X-Cache-Enabled
X-Source
X-CS
X-Device-Type
X-Zipkin-Id
X-ServerID
Property-Id
Country
X-From
X-ShardId
X-Azure-Ref
X-Generated
X-Alternate-Cache-Key
X-ShopId
X-UPSTREAM-Address
X-EIG-Tracking-Id
DB-Nickname
X-Proxy-Build
X-Shopify-Stage
X-SaId
X-Detected-As
X-Hosted-By
Selected-Fe
X-Sorting-Hat-ShopId
X-Cache-NE
X-JoinUs
X-Sorting-Hat-PodId
X-Timing-Wait
X-IP
X-Old-Content-Length
Azure-SlotName
Azure-RegionName
X-Varnish-Cache-Hits
X-Cluster-Node
Azure-InstanceId
Azure-Version
Azure-SiteName
X-Geo
X-Content-Age
X-Backend-TTL
X-PHP-Host
X-CSRF-Token
X-Litespeed-Cache
X-Labrador-Cache-Channel
Ec-Rule-Version
SD-X-WS
X-Varnish-Hostname
FilterID
X-CDN-Forward
X-Qloud-Router
Cache-Tv-Group
X-Pad
Load-Balancing
Time
User-Agent
S-Cnection
X-Cache-Host
X-NWS-UUID-VERIFY
X-Ua
X-Cache-Backend
X-NewRelic-App-Data
X-Air-Hostname
X-RateLimit-Limit
X-EC-Lua
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-Microcachable
X-RCS-CacheZone
X-Cache-2
X-Parent-Response-Time
X-Proxy-Cache-Status
X-Forwarded-Host
Locale
Tracecode
X-Urbn-Site-Id
X-Urbn-Context-Path
X-CLOUD-TRACE-CONTEXT
X-Tumblr-Pixel-3
X-NC
X-Cache-Grace
X-Akamai-Request-ID
Server-Info
OT-Force-Account-Verify
X-FORWARDED-FOR
X-Vgn-Hpd-Reason
NGX
X-SRV
Proxy-Connection
X-Release
Sid
X-TIME
X-Debug-Cache
Geo-Info
X-UA
Cache-Key
X-Soup
AsisCache
BehaviorPad-Version
Arc-Country
X-Date
X-D
X-Connection-Hash
CDCHOST
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
Content-Style-Type
Content-Script-Type
X-Destination
X-DevSite-Last-Modified
X-Instart-Info
Server-Host
X-Level-Front-Cache
X-Uri
X-Ms-Request-Id
X-Generated-On
X-G
X-Dispatch
GEO-REGION-INFO
X-Tb
ServerName
X-External-Request-Id
X-Developer
T-Server
X-A-Ccd
MD5-Digest
X-A-Dam
Machine
M-TraceId
X-A
Who
Pagetype
Viewtype
VivaBuild
Mobile-Detection-Method
Meta-Geo-Continent
X-A-Dcw
X-A-Dgt
X-Ms-Version
X-Application
X-ARC
True-Client-Country-4JS
X-B-Cookie
X-Agile-Id
X-Agile-Age
X-Accel-Expires-Debug
X-A-Wwc
UCS
X-Aed
X-Agile
Rendered-Blocks
X-Geo-Header
X-Skip-Cache
X-Session-Fingerprint
X-Node-Id
X-Swa-Ws
X-Transaction
X-Trace-Id
X-ServiceProvider
X-ScT
X-Rojux
X-Rewrite-Enabled
X-S
X-S-Cookie
X-Scheme
X-Trv-Group
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
X-Magnolia-Registration
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Newrelic-Synthetics
X-User
Node
X-Dc
X-Vdms-Path
X-Cluster-Name
X-SRCache-Key
X-Region-Sid
X-Processor
X-Request-UUID
X-TA-CDN-Provider
X-PAYTM-SRV-ID
X-Reqid
X-NodeID
User-Cache-Control
X-Logging-Id
X-Location
X-Via-PopH
X-VServer
X-VG-TLSProxy
X-Via-PopV
X-JWT-State
X-VC-Cache
X-Varnish-Cacheable
X-Matched-Rule
X-Is-Gdpr
X-LAGOON
X-Variation
X-Owner
Vix-Hermes-Req-Id
Thinkindot-Control
X-Wikidot-Static-Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-ID
X-Micro-Cache
X-Wikidot-Backend
V-Age
X-Hnp-Log
We-Hiring
X-Method
X-WADP-Cache
Viewport
X-We-Are-Hiring
Web-Mar-Node
X-TT-TIMESTAMP
X-Cms-Context
X-SIPLIST1
X-Core-Value
X-Clientip
X-Clara-WADP
X-CGP
X-Generated-In
X-Gen-Mode
X-Reboot
X-Distil-CS
X-Dispatcher-Server
X-Device-Os
X-Eu-Site
X-Servername
X-Fmm-Version
X-SN
X-Generation-Time
X-Block-Status
X-Branch-Name
X-Bip
X-Has-Esi
X-App-Name
X-Hash
X-Platform-Server
X-Cache-Bucket
X-Thinkindot-L3
X-Thanos
X-Cache-Tags
X-Cache-PHP
X-Cache-FS-Status
X-Cache-Info
X-Hit
X-Epic-Correlation-Id
IsBot
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Kp-EeAlive
L
Mail-Subject
Magicmarker
L5d-Success-Class
FNAC-ModuleRouting
Fastly-Drupal-HTML
AKAMAI
Adler-Geo
X-Proto
Apple-News-Services-Handled
Apple-News-Services-Host
Esi-Enabled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Memcached
C-Via
N-Cache
Rt-Fastcgi-Cache
Platform
X-Srv
Release
On-Server
NM-Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Slack-Backend
Server-Hostname
X-Distributor
X-Fastly-Cache
X-Origin-Expires
X-Envoy-Upstream-Healthchecked-Cluster
RNT-Time
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Host
Cache-Cookie-Set-From
X-Core-Mission
X-Server-W
X-TrackingId
Sever-Int
X-Irp-Debug
X-Rebelmouse-Surrogate-Control
Apigw-Requestid
X-LI-UUID
X-Rebelmouse-Cache-Control
X-Policy
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Li-Pop
X-Li-Fabric
X-SD-PageType
Server-Ext
X-GoCache-CacheStatus
X-Origin-Date
X-Req
X-Request-Host
X-Server-IP
X-Developers
X-Backend-Host
Wxu-Next-Hostname
X-Webstats-RespID
Wxu-Next-Commit
Gh-Request-Id
W
X-Auto-Login
X-Backend-State
X-BBXSRF
Fastly-SWR
Wxu-Next-Region
X-Cache-URL
Fastly-SIE
RNT-Machine
X-DC
Cf-Ipcountry
X-VCT
GEO-INFO
X-RateLimit-Remaining-Second
X-App
Ohc-File-Size
X-LI-Proto
X-RateLimit-Limit-Second
X-Response-By
X-Varnish-Authentication
X-Refresh
X-Contensis-Viewer-Groups
X-Var-Ttl
X-Cache-ASPX
X-Be
X-Wa
X-Cdn-Srv
CacheControlHeader
X-Compress-Hint
X-Nc
X-S-Maxage
X-Mvc-Supplant-OutputCached
X-Varnish-Beresp-Ttl
Server-Cache-Control
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Generated-By
Server-Surrogate-Control
X-TH-Server
X-B3-Traceid
X-Sucuri-ID
Memory
X-Loc
NtCoent-Length
X-Gzip
X-Esi-Check
Ohc-Response-Time
X-Cache-Id
X-Cache-Debug
X-FPC
HostName
X-Rocket-Nginx-Bypass
X-Origin-TTL
X-Origin-CC
X-Zone
LB
X-Bc
X-BC
X-Configured-By
X-Webkit-CSP
Request-EU
X-ZONE
Locid
X-NU-AKA-ACS-Version
Request-Country
Heartbleed
CACHE
X-AIR-PT
X-Debug-Panamera-Sitecode
X-Shopify-Generated-Cart-Token
SRV
X-Svr
X-Debug-Panamera-Host
X-Request-URI
X-Key
X-MSEdge-Features
X-MSEdge-Flight
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Hits
X-Servedbyhost
X-COUNTRY
X-Varnish-URL
X-Storefront-Renderer-Rendered
X-Edge-Location
X-CF-Powered-By
X-Nginx-Cache
X-CACHE-KEY
MIME-Version
X-Amzn-Requestid
WZWS-RAY
Pragrma
X-Pjax-Url
X-Gamma-Serve
X-App-Version
X-VCL-Version
X-GEO
Resin-Trace
X-Cdn-Forward
FSS-Cache
X-WebServer
X-Batcache
Referer-Policy
Lfy
X-Up
Fastly-Backend-Name
GeoIP-Country-Code
X-BACKEND-TTL
Product
X-Proxy-Upstream
Hostname
X-BE
My-App
Geoip-Latitude
X-Cdn-Origin
GeoIp-Country-Code
X-Minions-Version
X-Sn-Servicetimems
X-Varnish-Ttl
Mime-Version
GeoIP-Latitude
X-Fetched-On
X-Sucuri-Cache
X-GeoIP-Country-Code
Cdn-Host
X-ND-Cache
X-Via-CDN
X-Edge-Server
Powered-By-ChinaCache
Cdn-Request-Time
X-Aicache-OS
HitType
X-ElasticPress-Query
X-Unique-ID
Cteonnt-Length
X-NGINX-Cache
X-HS-Status
X-PJAX-URL
Ohc-Cache-HIT
X-Vcl-Version
SN
CF-Cached-On
X-Shard
X-CSRF-TOKEN
X-ServedByHost
X-Fastly-Country-Code
X-Pf-Uncompressing
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
DCR-Processing-Time-Ms
X-Oss-Object-Type
X-Oss-Request-Id
DCR-Decision-By
X-Oss-Storage-Class
X-Served-From
Amp-Access-Control-Allow-Source-Origin
X-Request-Start
Group
X-Varnish-Url
X-Check-Cacheable
X-B3-Spanid
URI
Location
Pramga
X-PF-Uncompressing
X-Fastly-Backend-Reqs
Cdn
X-Azure-Ref-OriginShield
X-Fastly-Cache-Status
X-Ratelimit-Remaining
X-CACHE-AGE
X-ECache
X-Newrelic-App-Data
X-Fpc
Dt-Cache-Category
X-Via-Ucdn
X-IN-APIGATEWAY
X-Request-Time
X-IN-APIGATEWAYSSL
XServer
Country-Code
X-Via-NSCOPI
X-LB-ID
X-Swift-Error
X-Tec-Api-Version
X-B3-SpanId
Geoip-City
X-VarnishDD-TTL
Cf-Alt-Svc
A
X-Tec-Api-Root
X-DPWN-IS-SECURE
X-OVcl-Cache
X-OVcl
PFcat
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-Tec-Api-Origin
CF-IPCountry
X-Planisys-CDN-Rules
X-C
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Apw-Access-Token
X-Varnish-Beresp-TTL
Origin
X-Apw-Access-Object
X-Ratelimit-Limit
X-Apw-Access-Action
X-Debug-Cache-Store
X-Apw-Hits
X-Vgn-Hpd-Variations-Key
X-Debug-Cache-Fetch
X-Vgn-Hpd-Cached
X-Ocache
X-Vgn-Hpd-Ssi
X-Tb-Optimization-Total-Bytes-Saved
X-WR-MODIFICATION
Lb
X-WPE-Loopback-Upstream-Addr
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-LiteSpeed-Cache-Control
Host-ID
X-Debug-Do-Not-Cache-Uri
Request-Time
X-Country-IP
X-Sigma-Backend
X-Render-Time
X-Rocket-Build-Number
X-APP
X-Debug-Cache-String
Server-Ttl
SID
X-Platform
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Sigma
X-Instart-Isnd
X-Cache-Expired-At
X-Action
WWW-Authenticate
Cloudfront-Viewer-Country
Proxy-Firewall
X-StackifyID
PICS-Label
TTL
X-DSS
X-RPM
X-Cache-Hfrom
X-Cache-Hm
X-DI
X-RPS
X-RSL
Region
NnCoection
X-WA
X-DB
X-DW
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Cneonction
X-Ratelimit-Reset
X-Varnishpool
Pics-Label
X-B3-Parentspanid
X-Li-Proto
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Nananana
X-Dw-Trace-Id
X-ElasticPress-Search
X-Request-URL
X-Varnish-ID
X-VC
X-Html-Edge-Cache
Req-ID
X-SB
X-Cache-Tag