Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Generator
X-Permitted-Cross-Domain-Policies
CF-Ray
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Cache-Group
X-Request-ID
Xkey
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
X-Hacker
X-Page-Speed
X-UA-Device
EagleId
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
P3p
X-LiteSpeed-Cache
Report-To
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
X-Host
EagleEye-TraceId
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Pass-Why
X-Origin-Upstream-Status
X-Node
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-Akam-SW-Version
X-ORACLE-DMS-ECID
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
NEL
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Cloud-Trace-Context
X-Url
X-Rack-Cache
X-Px
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-TtlSet
X-PC
X-Vname
MS-Author-Via
X-Powered-By-Plesk
Verso
X-DynaTrace
X-Ttl
Accept-CH
Public-Key-Pins
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Use-Magma
X-MS-InvokeApp
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Amz-Server-Side-Encryption
Display
Pagespeed
Response
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Varnish-TTL
X-Cache-TTL
Accept-CH-Lifetime
X-D2id
X-Abt-Application-Version
TCN
X-CST
Pinterest-Generated-By
X-Amz-Rid
X-Cached
Accept-Ch
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Instart-Request-ID
X-Accel-Expires
Accept-Ch-Lifetime
X-ESI
X-Version
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
Access-Control-Request-Method
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Grace
Nel
S
Charset
SPIisLatency
SPRequestDuration
X-Debug
X-Upstream
Ar-Sid
AR-CACHE
X-FastCGI-Cache
X-Powered-CMS
X-SharePointHealthScore
SPRequestGuid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Client-IP
X-Trace
X-DynaTrace-JS-Agent
Pinterest-Version
X-Pinterest-Rid
X-Ezoic-Cdn
Realpath
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Id
X-Hp-Webp
X-Jurisdiction
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Shield-Request-Id
Fastcgi-Cache
X-T
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-Mobile-URL
X-NWS-LOG-UUID
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Frontend
Edge-Cache-Tag
Server-Node
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Goog-Metageneration
X-Goog-Generation
X-XRDS-Location
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Request-Received
X-Request-Processing-Time
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Cache-Hit
TP-L2-Cache
TP-Cache
X-Cache-Age
X-FTR-Expires
Front-End-Https
Server-Name
DynaTrace
Fastly-Restarts
X-Forwarded-For
X-Hostname
ServerID
PB-RID
PB-PID
X-Amzn-Trace-Id
Arc-Version
X-Zen-Fury
X-DIS-Request-ID
X-Cache-Key
Powered
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-Mobile-Rewrite
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-HS-Combine-CSS
X-HS-Hub-Id
X-Hits
X-HS-Cache-Config
X-HS-Content-Id
Accept-Charset
X-LB-Cache
X-F-Cache
X-Cdn
X-Oneagent-Js-Injection
X-Akamai-Edgescape
X-Page-Id
X-Jobs
X-FTR-Cache-Host
X-Geo-Country
Filters
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
MicrosoftSharePointTeamServices
X-Via-JSL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-Age
X-TTL
X-Origin-Server
X-B
X-Ser
Alternate-Protocol
X-Fastcgi-Cache
X-Rid
X-N
X-Yandex-Sdch-Disable
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
X-Daa-Tunnel
Host-Header
X-Esi
X-XRDS-LOCATION
X-Debug-Info
X-Az
X-WebKit-CSP-Report-Only
DC
X-Git-Hash
X-Activity-Id
X-ATG-Version
X-AppVersion
X-FB-Debug
X-Server-ID
X-Amz-Replication-Status
X-Type
Frame-Options
Paypal-Debug-Id
Retry-After
X-App-Server
Actual-Object-TTL
X-B-Cache
X-Signature
Cache-Tags
Section-Io-Cache
X-Varnish-Grace
X-Contextid
Fastcgi-Useragent
X-TT
X-Whom
X-Correlation-Id
X-App-Environment
X-Request-Guid
Surrogate-Key
X-Edge
X-AOL-HN
X-Status
X-Content-Options
X-Seen-By
Host
X-RateLimit-Remaining
Healthy
Source
X-Cache-Action
X-Ruxit-Js-Agent
X-Host-Name
X-B3-Sampled
Refresh
WPE-Backend
NR-ENABLED
X-Pinterest-Direct
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Instance
X-Endurance-Cache-Level
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-ECACHE
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-APP-VERSION
X-Response-Served-From
X-ProcessESI
X-RemovedCookies
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Cache-Rule
X-MCACHE
X-Cache-Operation
Payment
X-Mid
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
VIX-Pulpo-Node
X-Cache-Control
X-Region
Odigeo-Trace-Id
X-UUID
X-Rule
X-FW-Server
MS-CV
X-Varnish-Server
Eomportal-Instance
X-Cache-Time
X-FW-Static
X-FW-Type
X-L-Path
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Environment-Context
X-Amz-Apigw-Id
X-Is-Bot
Countrycode
Cache-Status
X-Rendered-As
Datacenter
X-WA-Info
X-Adobe-Loc
X-Adobe-Content
X-URL
Xserver
X-Protected-By
X-Correlation-ID
X-Amzn-RequestId
X-GeoIP
X-Wix-Request-Id
NGB
Srv
X-Cluster
X-RequestSource
X-SERVER-NAME
Content-Disposition
X-Akamai-Transformed
X-Cache-Server
X-Cached-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Presslabs-Stats
Filterid
X-EdgeConnect-Cache-Status
X-VCache
Uber-Trace-Id
X-PressLabs-Stats
X-Akamai-Request-ID2
X-Tumblr-Pixel-2
X-UnsetCookies
X-Tumblr-Pixel-1
Version
X-IPS-LoggedIn
X-Unique-Id
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tt-Trace-Tag
Upgrade-Insecure-Requests
X-Load-Cache
X-Mobile
X-Vcache
Access-Control-Request-Headers
X-Mode
X-PHP-Backend
Liferay-Portal
X-Handled-By
X-Time
X-Proxy
X-Cache-Remote
X-Time-Microsecs
Cross-Origin-Window-Policy
X-FireWall-Port
X-Framework
X-Cache-Status-Check
X-Cache-Var
X-RN-RSRV
X-Adobe-Source
X-CCM
X-PCL
X-Path-Route
Meta-Geo
X-Via-Fastly
X-UA-Device-Type
X-ES-SERVER
X-Viewer-Country
X-Cache-Var-Map
X-MP-GENERATED-AT
X-No-Session
X-OCL
X-Storage
Cache
Accept-Language
X-SayCDN-TTL
X-Say-TTL
X-TX-ID
ServedBy
X-AWS-Id
Akamai-GRN
X-Say-Cacheable
X-Www-Served-By
X-ApacheServer
X-Redis-Cache
X-BCube-Filmed-By
X-Web-Node
X-NGENIX-Cache
X-Pubstack
X-VWS-Id
Webserver
Fastly-SSL
Decoy-Debug-Status
X-FW-Version
Decoy-Debug-TTL
DSUID
X-Human
X-Locale
X-NYM-Debug-Backend
Decoy-Debug-Key
X-LJ-Flow-ID
X-Site-Version
Cache-Hits
X-Backend-Name
X-Cache-Config
X-PERF
X-TNCMS
Origin-Cache-Control
Cleartype
X-Cache-NGX
Origin-Edge-Control
X-Real-IP
Cache-Name
Ms-Operation-Id
X-BYPASS-REASON
X-Hyper-Cache
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Info
X-Loop
X-NCache
X-Xfnlog-Site
X-ProxyCache-Key
X-Access
Mn-Server-Ip
X-Format
Section-Io-Origin-Status
X-RTag
Section-Io-Id
X-ProxyCache-Status
Section-Io-Origin-Time-Seconds
X-Section
X-FC-Vary-Parameters
Now
X-R9-Blue-Green-Version
Section-Origin-Responded
S-Rt
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Amzn-Remapped-Content-Length
TWC-Privacy
TWC-Locale-Group
X-Bc-Bl
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Property-Id
X-Routing-Service
X-Zipkin-Id
X-Origin-Hint
X-ServerID
X-Hl-Ver
X-FB-TRIP-ID
X-Proxied
X-Device-Type
X-CS
X-Cache-Enabled
X-Azure-Ref
X-Hosted-By
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-UPSTREAM-Address
X-Proxy-Build
X-Alternate-Cache-Key
X-JoinUs
X-Generated
X-IP
X-ShopId
X-Detected-As
X-EIG-Tracking-Id
X-Timing-Wait
Country
DB-Nickname
X-SaId
Selected-Fe
X-Source
X-Shopify-Stage
Ec-Rule-Version
X-ShardId
X-From
Azure-SiteName
X-Cache-NE
Azure-SlotName
Azure-RegionName
X-Varnish-Cache-Hits
Azure-Version
Azure-InstanceId
X-Content-Age
SD-X-WS
X-CSRF-Token
X-Cluster-Node
X-Old-Content-Length
X-NWS-UUID-VERIFY
X-Labrador-Cache-Channel
X-Backend-TTL
X-PHP-Host
X-CDN-Forward
X-NewRelic-App-Data
X-Qloud-Router
Cache-Tv-Group
X-Varnish-Hostname
User-Agent
Time
X-Geo
X-Pad
Load-Balancing
X-Cache-Host
X-Litespeed-Cache
S-Cnection
X-EC-Lua
X-Air-Hostname
X-Cache-Backend
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
FilterID
X-Cache-2
X-Parent-Response-Time
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Microcachable
X-Urbn-Context-Path
X-Forwarded-Host
X-Ua
Locale
X-Urbn-Site-Id
X-NC
X-Cache-Grace
X-UA
Server-Info
X-Tumblr-Pixel-3
X-RateLimit-Limit
X-Akamai-Request-ID
Tracecode
X-Release
X-CLOUD-TRACE-CONTEXT
OT-Force-Account-Verify
X-TIME
NGX
Proxy-Connection
Sid
X-Debug-Cache
X-FORWARDED-FOR
X-SRV
X-Soup
Cache-Key
X-Vgn-Hpd-Reason
X-Dc
X-Newrelic-Synthetics
X-Tb
X-Destination
Arc-Country
X-D
AsisCache
X-Date
BehaviorPad-Version
Content-Style-Type
X-CF-Lambda-Version
Content-Script-Type
CDCHOST
X-Connection-Hash
X-Developer
X-CF-Lambda-Fn
X-Instart-Info
Server-Host
X-Level-Front-Cache
X-Uri
ServerName
X-Generated-On
X-G
X-Dispatch
X-Ms-Request-Id
True-Client-Country-4JS
T-Server
X-External-Request-Id
X-DevSite-Last-Modified
GEO-REGION-INFO
X-A-Ccd
MD5-Digest
X-A-Dam
Machine
M-TraceId
X-A
Who
Pagetype
Viewtype
VivaBuild
Mobile-Detection-Method
Meta-Geo-Continent
X-A-Dcw
X-A-Dgt
X-Application
X-Ms-Version
X-ARC
X-B-Cookie
Rendered-Blocks
X-Agile-Id
X-Agile-Age
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
UCS
X-Agile
Fastcgi-X-Cache-Version
X-Geo-Header
X-Session-Fingerprint
X-ServiceProvider
X-Node-Id
X-SRCache-Key
X-Trace-Id
X-Swa-Ws
X-ScT
X-Scheme
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-S-Cookie
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-VG-WebServer
X-Vtex-Remote-Cache
X-Worker
X-Magnolia-Registration
Xc-Version
X-VG-WebCache
X-Srv
X-User
X-Twitter-Response-Tags
GEO-INFO
X-Vdms-Path
X-Vdms-Version
X-Cluster-Name
X-Skip-Cache
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-NodeID
X-Reqid
X-Proto
User-Cache-Control
X-Location
X-Owner
X-Via-PopH
X-LAGOON
X-VServer
X-Via-PopV
X-Is-Gdpr
X-Hnp-Log
X-Varnish-Cacheable
X-VC-Cache
X-Variation
X-JWT-State
X-VG-TLSProxy
We-Hiring
Thinkindot-Control
X-Wikidot-Static-Cache
X-Wikidot-Backend
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Micro-Cache
X-Method
V-Age
Viewport
X-Hit
Web-Mar-Node
Vix-Hermes-Req-Id
X-Matched-Rule
X-We-Are-Hiring
X-WADP-Cache
X-Logging-Id
X-Platform-Server
X-Cms-Context
X-Gen-Mode
X-Core-Value
X-Clientip
X-Clara-WADP
X-CGP
X-SIPLIST1
X-Reboot
X-Servername
X-Device-Os
X-Dispatcher-Server
X-Distil-CS
X-Eu-Site
X-SD-PageType
X-Fmm-Version
X-Generated-In
X-SN
X-Block-Status
X-Branch-Name
X-Bip
X-Backend-State
X-Hash
X-Has-Esi
X-Thinkindot-L3
X-Cache-Bucket
X-Thanos
X-Generation-Time
X-Cache-Tags
X-Cache-PHP
X-Cache-FS-Status
X-Cache-Info
X-TT-TIMESTAMP
X-Epic-Correlation-Id
IsBot
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Kp-EeAlive
L5d-Success-Class
Memcached
Mail-Subject
Magicmarker
Node
FNAC-ModuleRouting
Apple-News-Services-Handled
AKAMAI
Adler-Geo
X-TA-CDN-Provider
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Fastly-Drupal-HTML
Esi-Enabled
C-Via
N-Cache
Apple-News-Services-Request-Url
On-Server
Platform
Release
NM-Fastcgi-Cache
Rt-Fastcgi-Cache
Apigw-Requestid
Geo-Info
X-Envoy-Decorator-Operation
X-Webstats-RespID
X-Policy
X-Envoy-Upstream-Healthchecked-Cluster
X-Slack-Backend
Server-Hostname
X-Distributor
X-Developers
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Sever-Int
X-Rebelmouse-Cache-Control
Cache-Cookie-Set-Lfrom
Server-ID
X-GoCache-CacheStatus
X-Mvc-Supplant-Cachable
X-Req
X-Nginx-Cache-Key
X-Origin-Date
X-Request-Host
X-Origin-Expires
X-Response-By
X-LI-UUID
Server-Ext
X-Server-W
RNT-Time
X-Irp-Debug
X-Li-Pop
X-Li-Fabric
X-Fastly-Cache
X-TrackingId
W
X-Rebelmouse-Surrogate-Control
Wxu-Next-Hostname
Wxu-Next-Commit
X-BBXSRF
L
X-Auto-Login
X-Backend-Host
Gh-Request-Id
Fastly-SWR
Wxu-Next-Region
X-Cache-URL
Fastly-SIE
RNT-Machine
Cf-Ipcountry
Cache-Host
X-RateLimit-Limit-Second
X-Var-Ttl
X-Varnish-Authentication
X-LI-Proto
X-Refresh
X-Be
X-RateLimit-Remaining-Second
X-Server-IP
X-Core-Mission
X-App-Name
X-Contensis-Viewer-Groups
X-App
X-Cache-ASPX
X-DC
X-VCT
X-Compress-Hint
Ohc-File-Size
CacheControlHeader
X-Varnish-Beresp-Grace
X-Cdn-Srv
X-Mvc-Supplant-OutputCached
X-Wa
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-S-Maxage
X-Nc
X-TH-Server
X-Generated-By
Server-Surrogate-Control
X-FPC
Server-Cache-Control
X-Sucuri-ID
HostName
NtCoent-Length
X-Cache-Debug
X-Bc
X-Cache-Id
Memory
X-Esi-Check
X-Loc
X-Zone
X-Gzip
LB
X-B3-Traceid
X-Origin-TTL
X-Origin-CC
X-NU-AKA-ACS-Version
X-Configured-By
X-Rocket-Nginx-Bypass
X-AIR-PT
Ohc-Response-Time
Locid
X-MSEdge-Flight
X-Key
X-SVT-ORM-RULES
Request-Country
X-Webkit-CSP
Heartbleed
Request-EU
X-MSEdge-Features
X-SVT-ORM-VERSION
X-ZONE
X-BC
X-Varnish-Ttl
X-Storefront-Renderer-Rendered
CACHE
X-Debug-Panamera-Sitecode
X-Shopify-Generated-Cart-Token
SRV
X-Debug-Panamera-Host
X-Svr
X-Request-URI
X-Edge-Location
X-CF-Powered-By
X-Varnish-Hits
X-Servedbyhost
X-Varnish-URL
Pragrma
X-GEO
X-COUNTRY
MIME-Version
X-CACHE-KEY
X-Amzn-Requestid
X-Pjax-Url
X-Gamma-Serve
Resin-Trace
X-VCL-Version
WZWS-RAY
X-Nginx-Cache
Fastly-Backend-Name
Referer-Policy
FSS-Cache
X-Batcache
X-Cdn-Forward
X-Up
GeoIp-Country-Code
Geoip-Latitude
X-WebServer
X-App-Version
X-BACKEND-TTL
Mime-Version
Product
X-Proxy-Upstream
X-Minions-Version
Lfy
X-NGINX-Cache
Hostname
X-Sucuri-Cache
X-BE
My-App
HitType
X-ElasticPress-Query
X-Via-CDN
GeoIP-Country-Code
X-Cdn-Origin
X-ND-Cache
X-Aicache-OS
X-Fetched-On
Cteonnt-Length
X-Sn-Servicetimems
X-Edge-Server
X-GeoIP-Country-Code
Cdn-Host
Powered-By-ChinaCache
Cdn-Request-Time
CF-Cached-On
X-PJAX-URL
GeoIP-Latitude
X-Ratelimit-Remaining
X-NODE
X-HS-Status
X-ServedByHost
SN
Ohc-Cache-HIT
X-Vcl-Version
X-Shard
X-CSRF-TOKEN
X-Fastly-Country-Code
DCR-Processing-Time-Ms
X-ECache
DCR-Decision-By
X-Oss-Server-Time
X-Oss-Storage-Class
X-Varnish-Url
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Unique-ID
X-Check-Cacheable
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Pramga
X-PF-Uncompressing
X-Fastly-Cache-Status
X-Pf-Uncompressing
X-Azure-Ref-OriginShield
Location
X-Served-From
X-Ratelimit-Limit
X-Request-Start
Group
Amp-Access-Control-Allow-Source-Origin
Cdn
URI
X-B3-Spanid
X-Fastly-Backend-Reqs
X-CACHE-AGE
X-LB-ID
X-Newrelic-App-Data
X-Via-Ucdn
Dt-Cache-Category
X-Request-Time
X-Via-NSCOPI
X-Fpc
Country-Code
X-OVcl
X-OVcl-Cache
X-VarnishDD-TTL
PFcat
CloudFront-Viewer-Country
X-IN-APIGATEWAY
XServer
X-IN-APIGATEWAYSSL
X-Swift-Error
X-Vgn-Hpd-Variations-Key
A
X-Debug-Cache-Store
X-DPWN-IS-SECURE
Cf-Alt-Svc
X-Debug-Cache-Fetch
Geoip-City
X-B3-SpanId
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
CF-IPCountry
X-C
X-Planisys-CDN-Rules
X-Varnish-Beresp-TTL
PICS-Label
X-Instart-Isnd
X-Platform
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Origin
X-Ocache
X-Render-Time
X-Tb-Optimization-Total-Bytes-Saved
X-WPE-Loopback-Upstream-Addr
Lb
X-WR-MODIFICATION
X-APP
X-Ratelimit-Reset
Request-Time
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Varnishpool
Server-Ttl
X-StackifyID
Host-ID
X-Cache-Expired-At
X-Country-IP
WWW-Authenticate
X-Debug-Xas-Auth
X-Apw-Access-Token
X-Apw-Access-Object
X-Debug-Do-Not-Cache-Uri
X-Apw-Access-Action
X-Apw-Hits
X-Rocket-Build-Number
X-Cache-Tag
X-Sigma-Backend
X-Sigma
Proxy-Firewall
X-WA
SID
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Cache-Bypass
X-Ftr-Cache-Host
X-DSS
X-RSL
TTL
X-Cache-Hfrom
Cloudfront-Viewer-Country
X-RPS
X-Cache-Hm
X-RPM
X-Acquia-Application-UUID
NnCoection
X-Acquia-Purge-Tags
Cneonction
X-Acquia-Application-Trace
X-DW
X-Action
X-DI
X-DB
Region
X-Acquia-Site
Epwk-X-Cache
X-ElasticPress-Search
X-B3-Parentspanid
Req-ID
X-Li-Proto
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Varnish-ID
X-Request-URL
X-SB
X-Dw-Trace-Id
X-Nananana
X-Html-Edge-Cache
X-VC