Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Backend
X-Age
X-Cache-Group
X-Request-ID
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Hacker
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Pass-Why
Request-Id
X-DataDome
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
NEL
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cloud-Trace-Context
X-Cnection
X-Px
X-Url
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
MS-Author-Via
Accept-CH
X-TtlSet
X-PC
X-Vname
X-Powered-By-Plesk
Verso
X-DynaTrace
Public-Key-Pins
Accept-CH-Lifetime
Service-Worker-Allowed
X-B3-TraceId
X-GitHub-Request-Id
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Ttl
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Amz-Server-Side-Encryption
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
Pinterest-Generated-By
X-CST
X-Amz-Rid
TCN
X-Abt-Application-Version
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Accept-Ch
Cache-Tag
X-Instart-Request-ID
X-Accel-Expires
X-Server-Name
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-ESI
X-Version
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-MSEdge-Ref
Access-Control-Request-Method
X-Grace
Nginx-Cache
Accept-Ch-Lifetime
AR-CACHE
Ar-Sid
S
Charset
X-Debug
X-Upstream
SPRequestDuration
SPIisLatency
X-Powered-CMS
X-FastCGI-Cache
X-Client-IP
X-SRCache-Fetch-Status
SPRequestGuid
X-SRCache-Store-Status
X-SharePointHealthScore
X-DynaTrace-JS-Agent
Pinterest-Version
X-Pinterest-Rid
Realpath
Content-MD5
X-Ezoic-Cdn
Nel
X-Trace
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Shield-Request-Id
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Kinsta-Cache
X-Content-Digest
X-XRDS-Location
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Request-Received
X-Frontend
X-Request-Processing-Time
Edge-Cache-Tag
Server-Node
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Realm
X-Cache-Age
X-Cache-Hit
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
TP-L2-Cache
TP-Cache
X-GUploader-UploadID
X-Goog-Storage-Class
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Front-End-Https
Server-Name
ServerID
DynaTrace
X-Forwarded-For
X-Hostname
X-Cache-Key
X-Amzn-Trace-Id
PB-RID
Fastly-Restarts
PB-PID
Arc-Version
X-Zen-Fury
X-DIS-Request-ID
X-TTL
X-Request-Handler-Origin-Region
Powered
X-Microsite
Backend-Timing
X-Content-Security-Policy-Report-Only
X-ATS-Timestamp
X-Revision
X-User-Agent
X-Mobile-Rewrite
X-Cdn
X-Akamai-Edgescape
X-Oneagent-Js-Injection
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-F-Cache
X-LB-Cache
X-Hits
Accept-Charset
X-Jobs
X-Page-Id
Filters
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Via-JSL
MicrosoftSharePointTeamServices
X-Geo-Country
X-Yandex-Sdch-Disable
X-Origin-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-B
X-Varnish-Age
X-N
Alternate-Protocol
X-Ser
X-Rid
X-Erf-Bev-Bev-Is-Generated
X-Ruxit-Js-Agent
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Fastcgi-Cache
X-Varnish-Backend
X-Correlation-Id
X-Esi
Host-Header
X-ATG-Version
X-Activity-Id
DC
X-Az
X-AppVersion
X-WebKit-CSP-Report-Only
X-Server-ID
X-App-Server
Cache-Tags
Paypal-Debug-Id
Frame-Options
X-Amz-Replication-Status
X-FB-Debug
X-Type
X-Debug-Info
Actual-Object-TTL
Section-Io-Cache
X-Git-Hash
X-Signature
X-B-Cache
X-TT
Retry-After
X-Whom
X-Contextid
X-App-Environment
X-Varnish-Grace
X-Edge
Surrogate-Key
X-Status
Fastcgi-Useragent
X-AOL-HN
X-Request-Guid
Host
X-Content-Options
Healthy
X-XRDS-LOCATION
X-Seen-By
X-Cache-Action
Source
X-Pinterest-Direct
X-RateLimit-Remaining
X-Host-Name
X-IPLB-Instance
Refresh
X-B3-Sampled
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Upgrade-Enabled
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-Accel-Buffering
X-RemovedCookies
X-Cache-Rule
X-ProcessESI
X-Response-Served-From
NR-ENABLED
WPE-Backend
X-Drupal-Cache-Tags
X-Cache-Operation
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-Region
X-MCACHE
X-Mid
VIX-Pulpo-Node
X-Environment-Context
X-Rule
X-Amz-Apigw-Id
X-L-Path
Eomportal-Instance
MS-CV
Payment
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
Cache-Status
X-FW-Type
X-Cache-Time
X-UUID
X-Cache-Control
X-Cacheable-TTL
X-Varnish-Server
X-FW-Dynamic
X-Amzn-RequestId
X-Adobe-Content
X-URL
X-Adobe-Loc
Datacenter
Countrycode
X-Rendered-As
X-Is-Bot
X-WA-Info
Xserver
X-Protected-By
Srv
X-APP-VERSION
X-GeoIP
X-PressLabs-Stats
X-VCache
NGB
Content-Disposition
X-RequestSource
X-Wix-Request-Id
X-Cluster
X-SERVER-NAME
X-Akamai-Transformed
X-Correlation-ID
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Time
X-Cached-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UnsetCookies
X-Akamai-Request-ID2
X-Tt-Trace-Tag
Version
X-Tt-Trace-Host
X-Origin-Response-Time
Uber-Trace-Id
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Load-Cache
X-Mode
X-Mobile
X-IPS-LoggedIn
X-Proxy
Filterid
X-Handled-By
Access-Control-Request-Headers
X-Cache-Remote
Liferay-Portal
X-Unique-Id
X-PHP-Backend
X-Viewer-Country
X-Cache-Var
X-Framework
X-CCM
X-Cache-Status-Check
X-Cache-Var-Map
X-ES-SERVER
Cross-Origin-Window-Policy
X-Path-Route
X-No-Session
X-Backend-Name
X-Adobe-Source
X-RN-RSRV
X-FireWall-Port
X-Via-Fastly
X-UA-Device-Type
Meta-Geo
X-NGENIX-Cache
X-Time-Microsecs
X-Storage
X-MP-GENERATED-AT
X-Www-Served-By
Cache-Hits
X-PCL
X-PERF
X-OCL
X-Presslabs-Stats
Fastly-SSL
DSUID
X-ApacheServer
X-Pubstack
X-VWS-Id
ServedBy
X-LJ-Flow-ID
X-Azure-Ref
Accept-Language
X-AWS-Id
Akamai-GRN
Section-Io-Origin-Time-Seconds
X-FW-Version
X-Cache-Config
Webserver
Section-Origin-Responded
X-TX-ID
X-Site-Version
X-R9-Blue-Green-Version
X-Redis-Cache
X-RTag
X-Locale
Section-Io-Origin-Status
Decoy-Debug-Key
Cleartype
Cache-Name
Decoy-Debug-Status
Decoy-Debug-TTL
Section-Io-Id
Now
Mn-Server-Ip
X-Cache-NGX
Ms-Operation-Id
Cache
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-Region
X-Access
X-Say-Cacheable
TWC-GeoIP-Country
Webcakes-App-Version
TWC-Device-Class
Property-Id
Origin-Edge-Control
Origin-Cache-Control
X-ServerID
X-Section
TWC-Connection-Speed
X-SayCDN-TTL
X-Routing-Service
X-Real-IP
X-Human
X-Hl-Ver
X-Origin
X-Hyper-Cache
X-Info
X-NCache
X-Loop
X-NewRelic-App-Data
X-Format
X-Origin-Hint
X-BYPASS-REASON
X-Bc-Bl
Upgrade-Insecure-Requests
X-ProxyCache-Status
X-ProxyCache-Key
X-Device-Type
X-CS
X-Proxied
X-TNCMS
X-Say-TTL
X-Xfnlog-Site
X-Zipkin-Id
X-Web-Node
X-UPSTREAM-Address
X-Sorting-Hat-ShopId
X-NWS-UUID-VERIFY
X-Cache-Enabled
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
Ec-Rule-Version
X-SaId
X-Proxy-Build
X-EIG-Tracking-Id
X-JoinUs
X-NYM-Debug-Backend
X-Goog-Meta-Goog-Reserved-File-Mtime
X-From
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Timing-Wait
X-BCube-Filmed-By
X-Shopify-Stage
Selected-Fe
X-ShardId
DB-Nickname
S-Rt
X-Sorting-Hat-PodId
X-ShopId
X-Hosted-By
X-CSRF-Token
Azure-InstanceId
X-Generated
Azure-RegionName
Azure-Version
X-Varnish-Cache-Hits
Country
Azure-SlotName
Azure-SiteName
X-Source
X-Content-Age
Load-Balancing
X-Cache-NE
X-Labrador-Cache-Channel
X-Cluster-Node
X-Qloud-Router
X-IP
X-PHP-Host
X-Geo
X-Detected-As
X-Air-Hostname
Cache-Tv-Group
X-Old-Content-Length
SD-X-WS
X-Varnish-Hostname
User-Agent
X-Vcache
X-Litespeed-Cache
X-Cache-Host
X-Pad
Time
FilterID
X-Cache-TTL-Remaining
X-Backend-TTL
X-Ua
X-Drupal-Cache-Contexts
X-Parent-Response-Time
S-Cnection
X-CDN-Forward
X-Cache-2
X-Release
X-Cache-Backend
X-RCS-CacheZone
X-EC-Lua
Locale
X-Urbn-Site-Id
X-Webkit-CSP
X-Urbn-Context-Path
Server-Info
X-Akamai-Request-ID
X-Proxy-Cache-Status
X-RateLimit-Limit
X-Microcachable
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Cache-Grace
X-Debug-Cache
X-FORWARDED-FOR
NGX
Proxy-Connection
Tracecode
X-Srv
X-UA
X-Soup
OT-Force-Account-Verify
X-NC
Geo-Info
X-Dc
X-Tb
Sid
X-B-Cookie
X-CF-Lambda-Fn
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-DevSite-Last-Modified
X-ARC
GEO-REGION-INFO
X-Proto
Meta-Geo-Continent
X-Application
X-CF-Lambda-Version
X-Connection-Hash
MD5-Digest
X-Uri
X-Developer
X-VG-WebServer
Apigw-Requestid
X-Destination
X-D
X-Date
X-Vdms-Version
M-TraceId
Machine
Mobile-Detection-Method
Arc-Country
AsisCache
Viewtype
VivaBuild
Xc-Version
Server-Host
BehaviorPad-Version
Content-Style-Type
ServerName
T-Server
True-Client-Country-4JS
UCS
Who
Rendered-Blocks
Pagetype
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-Dispatch
X-A
X-A-Ccd
Fastcgi-X-Cache-Version
X-A-Dam
Content-Script-Type
X-VG-WebCache
X-Swa-Ws
X-SRCache-Key
X-NodeID
X-Session-Fingerprint
X-Ms-Version
X-Trace-Id
X-Vgn-Hpd-Reason
X-Trv-Group
X-Transaction
X-Vdms-Path
X-PAYTM-SRV-ID
X-ServiceProvider
X-S
X-Reqid
X-Rojux
X-Rewrite-Enabled
X-Region-Sid
X-Processor
X-ScT
X-Scheme
X-S-Cookie
X-Twitter-Response-Tags
X-Ms-Request-Id
X-Generated-On
X-Cluster-Name
X-Geo-Header
X-Level-Front-Cache
X-External-Request-Id
X-G
X-Instart-Info
Cache-Key
X-Magnolia-Registration
X-SRV
X-SIPLIST1
IsBot
X-Via-PopH
Thinkindot-CacheControl
X-Hash
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Generation-Time
X-Reboot
Mail-Subject
Magicmarker
X-Dispatcher-Server
Kp-EeAlive
X-Request-UUID
NM-Fastcgi-Cache
X-Owner
Release
X-Generated-In
On-Server
X-Device-Os
V-Age
X-Agile
X-Agile-Age
X-User
X-Matched-Rule
X-Method
X-Agile-Id
X-Logging-Id
X-Bip
X-Branch-Name
X-TT-TIMESTAMP
X-Location
X-Worker
X-VC-Cache
X-VServer
Vix-Hermes-Req-Id
X-Core-Value
X-SN
Viewport
X-Cache-FS-Status
X-LAGOON
X-Thanos
X-Via-PopV
X-Cms-Context
X-Node-Id
X-Thinkindot-L3
X-Skip-Cache
We-Hiring
AKAMAI
CDCHOST
FNAC-ModuleRouting
X-TA-CDN-Provider
X-Envoy-Decorator-Operation
X-Newrelic-Synthetics
User-Cache-Control
X-Cache-PHP
Cf-Ipcountry
X-Developers
X-Distil-CS
X-Eu-Site
X-Has-Esi
X-GoCache-CacheStatus
X-Fmm-Version
X-Epic-Correlation-Id
X-Distributor
X-Clara-WADP
X-Backend-Host
X-Auto-Login
Wxu-Next-Region
Wxu-Next-Hostname
X-Block-Status
X-Cache-Bucket
X-Hit
X-CGP
X-Cache-Tags
X-Cache-Info
X-Clientip
X-JWT-State
Node
X-Variation
X-TIME
X-Servername
X-Server-W
X-RateLimit-Remaining-Second
X-Varnish-Cacheable
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WADP-Cache
X-RateLimit-Limit-Second
X-VG-TLSProxy
X-SD-PageType
X-Req
X-Li-Pop
X-LI-UUID
X-Li-Fabric
Wxu-Next-Commit
X-Is-Gdpr
X-Micro-Cache
X-Nginx-Cache-Key
X-Policy
X-Platform-Server
X-Origin-Expires
X-Origin-Date
X-Hnp-Log
X-Gen-Mode
Sever-Int
Server-Hostname
Server-Ext
Rt-Fastcgi-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Apple-News-Services-Request-Url
C-Via
Cache-Cookie-Set-From
RNT-Time
RNT-Machine
Ha-Gx-Prefs
L5d-Success-Class
HA-Ipaddr
Is-Eu
Gh-Request-Id
Memcached
Esi-Enabled
Platform
N-Cache
Apple-News-Services-Parsed-Url
Fastly-Drupal-HTML
Apple-News-Services-Host
Apple-News-Services-Handled
Web-Mar-Node
Adler-Geo
GEO-INFO
X-Nc
X-Envoy-Upstream-Healthchecked-Cluster
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Backend-State
Server-ID
X-Rebelmouse-Surrogate-Control
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Fastly-Cache
X-TrackingId
L
X-LI-Proto
X-We-Are-Hiring
X-Webstats-RespID
X-Varnish-Authentication
X-Var-Ttl
X-Response-By
X-Slack-Backend
X-Be
CacheControlHeader
X-Request-Host
W
X-Contensis-Viewer-Groups
X-Core-Mission
X-Cache-ASPX
X-Cache-URL
X-BBXSRF
X-DC
X-App
Cache-Host
X-Server-IP
Ohc-File-Size
X-Compress-Hint
X-Refresh
X-App-Name
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-VCT
X-TH-Server
X-Cdn-Srv
HostName
X-Cache-Id
X-Esi-Check
X-Loc
X-Gzip
X-Cache-Debug
X-Wa
X-Mvc-Supplant-OutputCached
LB
X-Origin-TTL
X-AIR-PT
X-Origin-CC
X-S-Maxage
X-Configured-By
X-Generated-By
X-Sucuri-ID
Server-Cache-Control
Server-Surrogate-Control
X-ZONE
X-BC
X-B3-Traceid
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
Memory
X-FPC
Ohc-Response-Time
X-SVT-ORM-VERSION
X-Storefront-Renderer-Rendered
NtCoent-Length
X-Zone
X-Bc
X-Rocket-Nginx-Bypass
X-App-Version
X-MSEdge-Flight
X-MSEdge-Features
X-Key
X-Edge-Location
X-Varnish-Ttl
X-Cdn-Forward
CACHE
MIME-Version
Heartbleed
Locid
Pragrma
X-Varnish-URL
X-Debug-Panamera-Host
X-Svr
Request-Country
Request-EU
X-Debug-Panamera-Sitecode
X-Varnish-Hits
X-Pjax-Url
X-Servedbyhost
X-COUNTRY
X-Request-URI
Referer-Policy
X-Nginx-Cache
X-Shopify-Generated-Cart-Token
X-CF-Powered-By
Resin-Trace
X-BACKEND-TTL
SRV
X-Gamma-Serve
X-Batcache
X-GEO
WZWS-RAY
X-VCL-Version
Fastly-Backend-Name
X-Up
FSS-Cache
X-Minions-Version
X-Via-CDN
X-Ratelimit-Remaining
X-WebServer
Geoip-Latitude
X-Aicache-OS
Lfy
GeoIp-Country-Code
GeoIP-Country-Code
X-Amzn-Requestid
X-ND-Cache
X-CACHE-KEY
X-ElasticPress-Query
Hostname
X-BE
X-Sucuri-Cache
Product
HitType
X-Proxy-Upstream
GeoIP-Latitude
Cteonnt-Length
Cdn-Request-Time
CF-Cached-On
X-Edge-Server
Mime-Version
X-Cdn-Origin
Cdn-Host
X-ECache
X-Sn-Servicetimems
X-Fetched-On
Powered-By-ChinaCache
My-App
X-Oss-Server-Time
X-Check-Cacheable
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Unique-ID
X-Oss-Request-Id
Ohc-Cache-HIT
X-PJAX-URL
X-HS-Status
X-GeoIP-Country-Code
DCR-Decision-By
X-NGINX-Cache
DCR-Processing-Time-Ms
X-Vcl-Version
X-CSRF-TOKEN
X-ServedByHost
X-PF-Uncompressing
X-Fastly-Country-Code
X-Azure-Ref-OriginShield
Location
SN
X-Fastly-Cache-Status
Pramga
X-Pf-Uncompressing
X-Varnish-Url
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Limit
X-LB-ID
X-Fastly-Backend-Reqs
URI
X-Request-Start
X-Served-From
Group
X-CACHE-AGE
Dt-Cache-Category
X-OVcl
X-B3-Spanid
X-Fpc
Cdn
X-Newrelic-App-Data
PFcat
X-VarnishDD-TTL
X-OVcl-Cache
X-Shard
X-Via-Ucdn
XServer
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Swift-Error
X-Request-Time
X-Platform
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
A
X-Render-Time
X-B3-SpanId
Country-Code
X-Ftr-Cache-Host
X-Instart-Isnd
X-Via-NSCOPI
Cf-Alt-Svc
CloudFront-Viewer-Country
X-Ratelimit-Reset
X-Varnishpool
X-Tb-Optimization-Total-Bytes-Saved
Origin
X-Debug-Cache-Fetch
X-Ocache
X-Varnish-Beresp-TTL
X-DPWN-IS-SECURE
Geoip-City
X-Debug-Cache-Store
X-Cache-Expired-At
Lb
X-WR-MODIFICATION
X-WPE-Loopback-Upstream-Addr
X-Debug-Cache-String
X-Debug-Cache-Status
X-LiteSpeed-Cache-Control
PICS-Label
X-C
X-Debug-Cache-Bypass
X-Debug-Ysi-Auth
X-Debug-Do-Not-Cache-Uri
SID
X-Debug-Xas-Auth
X-Planisys-CDN-TTL
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-WA
X-StackifyID
CF-IPCountry
X-Apw-Hits
Server-Ttl
WWW-Authenticate
Cloudfront-Viewer-Country
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Acquia-Application-UUID
X-Acquia-Site
Cneonction
Request-Time
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
Proxy-Firewall
X-CUA
X-Nananana
NnCoection
X-Sigma
X-Sigma-Backend
Epwk-X-Cache
X-Cache-Tag
X-Rocket-Build-Number
Region
X-Country-IP
X-Cache-Hfrom
X-Cache-Hm
Host-ID
X-APP
X-Oss-Cdn-Auth
Pics-Label
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-DB
X-RPM
Req-ID
X-Varnish-ID
X-Li-Proto
X-RPS
X-B3-Parentspanid
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-RSL
X-DW
X-DSS
TTL
X-Dw-Trace-Id
X-SB
X-Action
X-Html-Edge-Cache
X-DI
X-ElasticPress-Search
X-Request-URL
X-VC