Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Request-Id
X-DataDome
X-Pass-Why
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
NEL
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
Edge-Control
X-Clacks-Overhead
X-Cnection
X-Cloud-Trace-Context
X-Url
X-Px
X-Rack-Cache
X-FTR-Request-ID
RTSS
X-Goog-Hash
MS-Author-Via
X-Vname
X-PC
X-TtlSet
X-Powered-By-Plesk
Accept-CH
Verso
X-DynaTrace
X-B3-TraceId
Public-Key-Pins
Service-Worker-Allowed
X-GitHub-Request-Id
X-Ttl
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
Accept-CH-Lifetime
X-MS-InvokeApp
X-Varnish-TTL
Display
X-Amz-Server-Side-Encryption
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Amz-Rid
Pinterest-Generated-By
X-CST
TCN
X-Abt-Application-Version
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
Accept-Ch
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Instart-Request-ID
X-ESI
X-TEC-API-ROOT
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
X-Version
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-MSEdge-Ref
Access-Control-Request-Method
X-Grace
Nginx-Cache
Ar-Sid
AR-CACHE
Charset
X-Upstream
X-Debug
S
X-Powered-CMS
SPRequestDuration
SPIisLatency
Nel
X-Client-IP
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestGuid
X-SharePointHealthScore
X-FastCGI-Cache
X-DynaTrace-JS-Agent
Content-MD5
X-Ezoic-Cdn
Realpath
Pinterest-Version
X-Pinterest-Rid
X-Trace
X-Mrf-Section-Lastmod
X-Element-Page-Cache
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Dw-Request-Base-Id
X-Hp-Webp
X-Jurisdiction
X-Id
X-Recruiting
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Mobile-URL
X-XRDS-Location
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
Server-Node
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Oneagent-Js-Injection
X-Cache-Age
Edge-Cache-Tag
TP-L2-Cache
TP-Cache
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Front-End-Https
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Server-Name
ServerID
X-Forwarded-For
X-Amzn-Trace-Id
X-Hostname
DynaTrace
PB-RID
Fastly-Restarts
PB-PID
Arc-Version
X-Cache-Key
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Hits
X-Akamai-Edgescape
X-Mobile-Rewrite
X-LB-Cache
X-Page-Id
X-F-Cache
X-TTL
X-HS-Combine-CSS
X-HS-Cache-Config
Accept-Charset
X-HS-Hub-Id
X-HS-Content-Id
X-Jobs
Filters
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cdn
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Yandex-Sdch-Disable
X-FTR-Cache-Host
X-Geo-Country
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Fastcgi-Cache
X-Origin-Server
X-Via-JSL
MicrosoftSharePointTeamServices
X-Varnish-Age
X-B
Alternate-Protocol
X-N
X-Rid
X-Ser
X-Daa-Tunnel
Host-Header
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Ruxit-Js-Agent
X-ATG-Version
X-Az
X-AppVersion
X-WebKit-CSP-Report-Only
DC
X-Activity-Id
X-Correlation-Id
Cache-Tags
Paypal-Debug-Id
X-Esi
X-Amz-Replication-Status
Actual-Object-TTL
X-Debug-Info
X-FB-Debug
X-Git-Hash
X-Type
X-App-Server
Retry-After
Frame-Options
Section-Io-Cache
X-TT
X-Whom
X-Varnish-Grace
X-App-Environment
X-Signature
X-B-Cache
X-XRDS-LOCATION
X-Contextid
X-Server-ID
X-Request-Guid
Surrogate-Key
X-Edge
Fastcgi-Useragent
X-Status
X-Content-Options
Host
X-AOL-HN
Healthy
X-Seen-By
X-Cache-Action
X-Pinterest-Direct
X-RateLimit-Remaining
Source
X-Host-Name
Refresh
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Endurance-Cache-Level
X-B3-Sampled
X-Tumblr-User
X-Tumblr-Pixel
X-Instance
X-Tumblr-Pixel-0
X-Upgrade-Enabled
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-Response-Served-From
X-Cache-Rule
X-RemovedCookies
X-Accel-Buffering
X-ProcessESI
X-Amz-Apigw-Id
X-Cache-Operation
X-Drupal-Cache-Tags
VIX-Pulpo-Upstream-Status
X-Rule
Odigeo-Trace-Id
VIX-Pulpo-Node
X-MCACHE
X-Region
X-Mid
X-L-Path
MS-CV
X-Cacheable-TTL
X-Amzn-RequestId
X-Litespeed-Cache
Eomportal-Instance
X-UUID
Payment
X-Environment-Context
Datacenter
X-Cache-Control
X-FW-Server
X-FW-Static
X-FW-Type
X-Varnish-Server
X-Rendered-As
X-Cache-Time
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Is-Bot
Countrycode
X-WA-Info
X-Adobe-Loc
Cache-Status
NR-ENABLED
X-Adobe-Content
WPE-Backend
Xserver
X-Protected-By
X-APP-VERSION
X-URL
Srv
X-Correlation-ID
X-GeoIP
X-VCache
Content-Disposition
X-PressLabs-Stats
X-Akamai-Transformed
X-Wix-Request-Id
NGB
X-Cluster
X-RequestSource
X-Cached-By
X-EdgeConnect-Cache-Status
X-Cache-Server
X-SERVER-NAME
X-Akamai-Request-ID2
X-Yottaa-Optimizations
Uber-Trace-Id
X-UnsetCookies
X-Yottaa-Metrics
X-Time
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
Version
X-Mode
X-Load-Cache
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Proxy
X-IPS-LoggedIn
X-Mobile
X-Handled-By
Access-Control-Request-Headers
X-PHP-Backend
X-Unique-Id
X-Cache-Remote
Liferay-Portal
Accept-Language
X-Presslabs-Stats
X-FireWall-Port
Filterid
X-Viewer-Country
Meta-Geo
X-Cache-Status-Check
X-Via-Fastly
X-UA-Device-Type
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Adobe-Source
X-Path-Route
X-Azure-Ref
X-ES-SERVER
X-Backend-Name
X-No-Session
X-CCM
X-RN-RSRV
X-Framework
X-Cache-Var-Map
X-Cache-Var
X-Time-Microsecs
Decoy-Debug-Status
DSUID
Decoy-Debug-TTL
Decoy-Debug-Key
X-MP-GENERATED-AT
X-Pubstack
X-NewRelic-App-Data
X-PERF
X-Redis-Cache
X-Www-Served-By
X-Storage
X-Site-Version
X-VWS-Id
X-PCL
X-OCL
Cache
Akamai-GRN
Cache-Hits
ServedBy
X-ApacheServer
X-Locale
X-LJ-Flow-ID
X-Cache-NGX
X-AWS-Id
Cache-Name
Cleartype
X-SayCDN-TTL
X-R9-Blue-Green-Version
X-NCache
X-Info
X-Human
X-Real-IP
X-RTag
X-Web-Node
X-TX-ID
X-Say-TTL
X-Say-Cacheable
X-FW-Version
X-Cache-Config
Origin-Edge-Control
Origin-Cache-Control
Now
Mn-Server-Ip
Section-Io-Id
Section-Io-Origin-Status
Webserver
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Fastly-SSL
Ms-Operation-Id
Upgrade-Insecure-Requests
Webcakes-Region
Webcakes-App-Version
X-ServerID
X-Access
X-Section
Webcakes-App-Name
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Routing-Service
X-Bc-Bl
X-Hl-Ver
X-Format
X-Proxied
X-Origin-Hint
X-NWS-UUID-VERIFY
X-Origin
X-FC-Vary-Parameters
X-Device-Type
X-Cache-Enabled
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-CS
Property-Id
TWC-Privacy
X-Zipkin-Id
X-UPSTREAM-Address
X-CSRF-Token
X-ShardId
X-Detected-As
X-Xfnlog-Site
X-SaId
X-Amzn-Remapped-Content-Length
X-EIG-Tracking-Id
X-Alternate-Cache-Key
X-FB-TRIP-ID
X-JoinUs
X-Loop
X-NYM-Debug-Backend
X-IP
X-Hyper-Cache
DB-Nickname
X-From
X-Generated
X-Proxy-Build
X-BCube-Filmed-By
Selected-Fe
X-Sorting-Hat-PodId
X-ShopId
X-Shopify-Stage
X-Timing-Wait
X-Sorting-Hat-ShopId
X-TNCMS
X-Geo
Azure-Version
X-Hosted-By
Azure-SlotName
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-RegionName
X-Varnish-Cache-Hits
Azure-InstanceId
Azure-SiteName
Country
X-Content-Age
X-Source
Load-Balancing
Ec-Rule-Version
X-PHP-Host
X-Labrador-Cache-Channel
X-Qloud-Router
X-Old-Content-Length
X-Cluster-Node
Cache-Tv-Group
SD-X-WS
X-Cache-NE
X-Air-Hostname
FilterID
User-Agent
X-Varnish-Hostname
X-Cache-Host
Time
X-Pad
X-Release
X-Vcache
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-Backend-TTL
X-Parent-Response-Time
X-Cache-2
X-Cache-Backend
X-Ua
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-RCS-CacheZone
S-Cnection
Server-Info
X-EC-Lua
X-Akamai-Request-ID
X-Webkit-CSP
X-Proxy-Cache-Status
X-Cache-Grace
X-Forwarded-Host
X-RateLimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Microcachable
X-Tumblr-Pixel-3
X-Debug-Cache
X-Srv
Proxy-Connection
X-UA
NGX
X-NC
X-Soup
X-Dc
OT-Force-Account-Verify
X-FORWARDED-FOR
Tracecode
Apigw-Requestid
Sid
X-Tb
True-Client-Country-4JS
X-Level-Front-Cache
T-Server
X-Proto
X-Ms-Request-Id
Viewtype
X-A
X-Uri
X-A-Wwc
X-A-Ccd
X-Processor
X-A-Dcw
X-A-Dam
X-PAYTM-SRV-ID
X-NodeID
X-Instart-Info
UCS
VivaBuild
X-Aed
X-Accel-Expires-Debug
Who
X-Ms-Version
ServerName
Machine
M-TraceId
MD5-Digest
X-CF-Lambda-Version
X-CF-Lambda-Fn
Content-Style-Type
X-Connection-Hash
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-DevSite-Last-Modified
X-Destination
X-Date
X-Dispatch
X-D
Content-Script-Type
X-External-Request-Id
Arc-Country
Server-Host
X-ARC
X-Generated-On
X-Developer
X-Application
X-B-Cookie
Rendered-Blocks
Meta-Geo-Continent
X-G
BehaviorPad-Version
Mobile-Detection-Method
AsisCache
Pagetype
X-Geo-Header
X-S
X-Trace-Id
X-VG-WebServer
X-VG-WebCache
X-ScT
X-Scheme
X-A-Dgt
X-S-Cookie
X-ServiceProvider
X-Session-Fingerprint
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-Swa-Ws
X-SRCache-Key
X-Vdms-Version
X-Vdms-Path
X-Rojux
Geo-Info
X-Region-Sid
X-Cluster-Name
X-Vtex-Remote-Cache
Cache-Key
X-Reqid
X-Rewrite-Enabled
X-Vtex-Processado-Em
Xc-Version
X-TIME
User-Cache-Control
X-Magnolia-Registration
Mail-Subject
X-VC-Cache
N-Cache
X-Wikidot-Backend
Magicmarker
X-Wikidot-Static-Cache
X-Cms-Context
X-User
X-Core-Value
X-TT-TIMESTAMP
NM-Fastcgi-Cache
X-Worker
Kp-EeAlive
IsBot
X-Clara-WADP
X-Cache-Info
Viewport
X-Agile-Id
X-Via-PopH
GEO-INFO
X-Agile-Age
X-Via-PopV
Thinkindot-Control
Thinkindot-CacheControl-Type
V-Age
Thinkindot-CacheControl
X-WADP-Cache
Vix-Hermes-Req-Id
X-Cache-FS-Status
Release
X-Agile
On-Server
X-Cache-Bucket
X-Branch-Name
We-Hiring
X-Bip
X-Block-Status
Web-Mar-Node
X-Device-Os
AKAMAI
X-Node-Id
X-Hash
X-Generation-Time
X-Generated-In
X-Gen-Mode
X-SD-PageType
X-SIPLIST1
X-Hnp-Log
X-Micro-Cache
X-Location
X-LAGOON
X-Vgn-Hpd-Reason
X-Cache-PHP
X-Logging-Id
X-Method
X-Matched-Rule
X-SN
X-Skip-Cache
X-Fmm-Version
X-Owner
CDCHOST
X-Thanos
X-Thinkindot-L3
FNAC-ModuleRouting
X-Dispatcher-Server
Cf-Ipcountry
X-Envoy-Decorator-Operation
X-SRV
X-Hit
X-Newrelic-Synthetics
X-RateLimit-Limit-Second
X-Origin-Date
X-Reboot
X-RateLimit-Remaining-Second
X-We-Are-Hiring
X-Request-Host
X-Policy
X-VServer
X-Request-UUID
X-Webstats-RespID
X-Response-By
X-Origin-Expires
X-Req
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Platform-Server
X-Servername
X-Fastly-Cache
X-Clientip
X-CGP
X-Variation
X-Varnish-Cacheable
X-Eu-Site
X-Epic-Correlation-Id
X-Developers
X-Distil-CS
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-Slack-Backend
X-Cache-URL
X-Backend-State
X-BBXSRF
X-Backend-Host
X-JWT-State
X-Auto-Login
X-Is-Gdpr
X-Irp-Debug
X-Cache-Tags
X-Has-Esi
X-VG-TLSProxy
X-TrackingId
X-Server-W
Wxu-Next-Region
C-Via
Apple-News-Services-Request-Url
HA-Ipaddr
X-TA-CDN-Provider
RNT-Machine
Wxu-Next-Hostname
Platform
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
L5d-Success-Class
Memcached
Is-Eu
Adler-Geo
Apple-News-Services-Host
RNT-Time
Gh-Request-Id
Rt-Fastcgi-Cache
Wxu-Next-Commit
Sever-Int
Cache-Cookie-Set-Lfrom
Fastly-Drupal-HTML
Cache-Cookie-Set-Idcheck
Ha-Gx-Prefs
Cache-Cookie-Set-From
Server-Ext
Node
Server-Hostname
X-Be
Fastly-SIE
X-Core-Mission
X-Contensis-Viewer-Groups
Esi-Enabled
X-LI-UUID
X-Varnish-Authentication
X-GoCache-CacheStatus
X-App
CacheControlHeader
W
X-Rebelmouse-Surrogate-Control
X-Var-Ttl
X-Li-Pop
X-Li-Fabric
X-Cache-ASPX
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Nc
X-Compress-Hint
X-LI-Proto
X-Refresh
L
Server-ID
X-DC
Ohc-File-Size
Cache-Host
X-App-Name
X-TH-Server
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Server-IP
X-Varnish-Beresp-Grace
HostName
X-AIR-PT
X-VCT
X-Wa
X-Esi-Check
X-Gzip
X-Loc
X-Cache-Debug
X-Cache-Id
LB
X-Origin-TTL
X-Origin-CC
X-BC
X-Sucuri-ID
X-Mvc-Supplant-OutputCached
X-Configured-By
X-ZONE
X-Cdn-Srv
X-Storefront-Renderer-Rendered
X-S-Maxage
X-Key
X-Generated-By
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
Server-Cache-Control
X-FPC
Server-Surrogate-Control
X-B3-Traceid
Ohc-Response-Time
NtCoent-Length
X-Edge-Location
X-MSEdge-Features
Memory
X-MSEdge-Flight
X-Zone
X-App-Version
X-Bc
Pragrma
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
X-CF-Powered-By
X-Cdn-Forward
CACHE
MIME-Version
Request-EU
Request-Country
X-Svr
Referer-Policy
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
SRV
Heartbleed
X-Pjax-Url
Locid
X-Varnish-URL
X-Varnish-Hits
X-CACHE-KEY
X-Servedbyhost
X-Request-URI
X-Batcache
Fastly-Backend-Name
Resin-Trace
X-COUNTRY
X-Shopify-Generated-Cart-Token
X-Nginx-Cache
X-BACKEND-TTL
FSS-Cache
X-Up
X-Minions-Version
X-Via-CDN
X-Gamma-Serve
X-GEO
X-VCL-Version
WZWS-RAY
Geoip-Latitude
X-Aicache-OS
GeoIp-Country-Code
X-ND-Cache
X-ElasticPress-Query
X-Sucuri-Cache
X-Ratelimit-Remaining
X-WebServer
X-Amzn-Requestid
CF-Cached-On
Lfy
X-BE
Hostname
Mime-Version
GeoIP-Country-Code
X-Oss-Object-Type
X-Oss-Request-Id
X-Vcl-Version
X-Oss-Server-Time
X-Proxy-Upstream
X-Oss-Storage-Class
X-Check-Cacheable
X-Oss-Hash-Crc64ecma
Product
HitType
Cteonnt-Length
X-ECache
DCR-Decision-By
Powered-By-ChinaCache
X-Cdn-Origin
DCR-Processing-Time-Ms
X-Fetched-On
X-NGINX-Cache
My-App
X-Sn-Servicetimems
Cdn-Host
GeoIP-Latitude
X-Edge-Server
Cdn-Request-Time
X-Unique-ID
Location
X-Azure-Ref-OriginShield
X-ServedByHost
X-PJAX-URL
X-HS-Status
X-PF-Uncompressing
X-GeoIP-Country-Code
Pramga
X-Fastly-Cache-Status
Ohc-Cache-HIT
X-CSRF-TOKEN
X-Ratelimit-Limit
X-Fastly-Country-Code
SN
X-Varnish-Url
X-LB-ID
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-OVcl
X-Request-Start
X-VarnishDD-TTL
X-CACHE-AGE
X-Fastly-Backend-Reqs
PFcat
X-Served-From
Group
X-OVcl-Cache
URI
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
Dt-Cache-Category
Cdn
X-Vgn-Hpd-Cached
X-B3-Spanid
X-Newrelic-App-Data
X-Fpc
X-Shard
X-B3-SpanId
X-Render-Time
X-Platform
X-Ratelimit-Reset
X-Instart-Isnd
X-Via-Ucdn
X-Varnishpool
XServer
X-Swift-Error
X-Ftr-Cache-Host
X-Via-NSCOPI
X-Tec-Api-Origin
A
X-IN-APIGATEWAY
CloudFront-Viewer-Country
X-IN-APIGATEWAYSSL
Cf-Alt-Svc
X-Tec-Api-Version
WWW-Authenticate
X-Request-Time
X-Cache-Expired-At
X-Tec-Api-Root
Country-Code
X-Debug-Cache-Fetch
X-Debug-Cache-Store
PICS-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Beresp-TTL
X-DPWN-IS-SECURE
X-Ocache
Origin
Geoip-City
X-WR-MODIFICATION
Lb
X-WPE-Loopback-Upstream-Addr
X-Amzn-Remapped-Date
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
Server-Ttl
X-StackifyID
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
SID
X-Debug-Cache-String
X-CUA
X-Debug-Cache-Status
X-C
Epwk-X-Cache
Cloudfront-Viewer-Country
X-Apw-Access-Action
X-Amzn-Remapped-Connection
CF-IPCountry
X-Debug-Cache-Bypass
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-WA
Request-Time
X-Rocket-Build-Number
X-Country-IP
Host-ID
X-Oss-Cdn-Auth
Proxy-Firewall
X-Acquia-Purge-Tags
X-Nananana
X-Cache-Tag
X-Sigma-Backend
Cneonction
X-Sigma
NnCoection
X-Acquia-Application-Trace
X-Cache-Hm
X-Acquia-Application-UUID
Region
X-Acquia-Site
X-Cache-Hfrom
X-APP
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Varnish-ID
Req-ID
Pics-Label
X-ElasticPress-Search
X-B3-Parentspanid
X-Action
TTL
X-DI
X-RPM
X-RPS
X-VC
X-SB
X-Dw-Trace-Id
X-RSL
X-Li-Proto
X-DB
X-Html-Edge-Cache
X-DSS
X-DW
X-Request-URL