Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
P3p
Content-Encoding
X-CDN
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-Server
X-AH-Environment
X-Turbo-Charged-By
X-Backend
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
EagleId
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
X-Dns-Prefetch-Control
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Readtime
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
NEL
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
X-Pass-Why
Fusion-Deployment-Id
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Rating
X-Cloud-Trace-Context
X-Country-Code
Edge-Control
X-Cnection
X-Clacks-Overhead
X-Url
X-Rack-Cache
X-Px
X-FTR-Request-ID
Accept-CH
RTSS
MS-Author-Via
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-Powered-By-Plesk
Verso
X-Ttl
Accept-CH-Lifetime
X-B3-TraceId
Service-Worker-Allowed
X-DynaTrace
Public-Key-Pins
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-MS-InvokeApp
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Amz-Rid
Pinterest-Generated-By
TCN
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
X-NF-Request-ID
X-Cached
X-Content-Type
X-VARITI-CCR
X-Navigation-Version
Cache-Tag
X-Fastly-Request-ID
Accept-Ch
X-Server-Name
X-Instart-Request-ID
X-ESI
X-Version
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Accel-Expires
AR-CACHE
Ar-Sid
Access-Control-Request-Method
X-MSEdge-Ref
X-Grace
X-Upstream
Nginx-Cache
X-Powered-CMS
X-Debug
Charset
Accept-Ch-Lifetime
S
SPRequestDuration
SPIisLatency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
Realpath
X-Ezoic-Cdn
Content-MD5
X-Client-IP
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Pinterest-Rid
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Pinterest-Version
MRF-Tech
X-Element-Page-Cache
X-DynaTrace-JS-Agent
X-Trace
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Oneagent-Js-Injection
X-Id
X-Shield-Request-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Node-Name
X-T
Fastcgi-Cache
X-Kinsta-Cache
X-Content-Digest
X-Logged-In
X-ASPNET-VERSION
Nel
X-NWS-LOG-UUID
X-Mobile-URL
X-Request-Processing-Time
X-Request-Received
X-Frontend
X-Cache-Hit
Server-Node
TP-L2-Cache
TP-Cache
X-Cache-Age
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
Edge-Cache-Tag
X-Cache-Key
Front-End-Https
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-FTR-Expires
ServerID
Server-Name
X-Hostname
X-Amzn-Trace-Id
X-Forwarded-For
PB-RID
Arc-Version
PB-PID
Fastly-Restarts
Host-Header
DynaTrace
Powered
X-Zen-Fury
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-ATS-Timestamp
X-Revision
Backend-Timing
X-User-Agent
X-Akamai-Edgescape
X-Page-Id
X-Ruxit-Js-Agent
X-F-Cache
X-Mobile-Rewrite
X-Hits
Accept-Charset
X-LB-Cache
X-Jobs
Filters
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Yandex-Sdch-Disable
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-Geo-Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
MicrosoftSharePointTeamServices
X-Via-JSL
X-Varnish-Age
X-B
X-N
X-FTR-Cache-Host
Alternate-Protocol
X-Erf-Bev-Bev
X-Fastcgi-Cache
X-Correlation-Id
X-Erf-Bev-Bev-Is-Generated
X-TTL
X-Daa-Tunnel
X-Rid
X-Varnish-Backend
X-Ser
X-Activity-Id
X-ATG-Version
X-AppVersion
X-WebKit-CSP-Report-Only
X-Az
Cache-Tags
DC
Paypal-Debug-Id
X-Esi
X-Amz-Replication-Status
X-Debug-Info
X-Type
X-Git-Hash
X-FB-Debug
Retry-After
Section-Io-Cache
X-App-Environment
X-Signature
Actual-Object-TTL
X-B-Cache
X-Whom
X-TT
X-Varnish-Grace
X-App-Server
Frame-Options
X-Server-ID
Surrogate-Key
X-Status
X-Edge
Fastcgi-Useragent
X-Request-Guid
X-Contextid
X-Content-Options
Host
X-AOL-HN
Healthy
X-Pinterest-Direct
X-Seen-By
X-Cache-Action
X-RateLimit-Remaining
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Host-Name
X-Endurance-Cache-Level
Source
Refresh
X-B3-Sampled
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Upgrade-Enabled
From-Origin
X-Instance
Access-Control-Allow-Method
X-Amzn-RequestId
X-ECACHE
X-Drupal-Cache-Tags
X-RemovedCookies
X-Accel-Buffering
X-Cache-Rule
X-Response-Served-From
X-ProcessESI
X-Cache-Operation
X-XRDS-LOCATION
Srv
X-Amz-Apigw-Id
X-Region
X-MCACHE
X-Mid
X-Rule
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Environment-Context
Eomportal-Instance
MS-CV
X-L-Path
X-Cacheable-TTL
X-UUID
X-FW-Dynamic
X-FW-Hash
Datacenter
X-FW-Static
X-FW-Server
Payment
X-FW-Type
X-Cache-Time
X-FW-Serve
X-Is-Bot
X-Varnish-Server
X-Rendered-As
X-Protected-By
X-WA-Info
X-Adobe-Content
X-Cache-Control
X-Adobe-Loc
Cache-Status
Countrycode
Xserver
X-URL
X-PressLabs-Stats
X-Time
Content-Disposition
X-GeoIP
X-VCache
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-Cached-By
X-Cache-Server
NR-ENABLED
WPE-Backend
X-Wix-Request-Id
NGB
X-Cluster
X-Akamai-Request-ID2
X-UnsetCookies
Uber-Trace-Id
X-APP-VERSION
X-Correlation-ID
X-SERVER-NAME
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tt-Trace-Tag
X-RequestSource
X-Load-Cache
Version
X-Proxy
X-Mode
X-Mobile
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Access-Control-Request-Headers
X-Cache-Remote
X-PHP-Backend
X-Handled-By
X-Azure-Ref
X-NWS-UUID-VERIFY
Liferay-Portal
X-NGENIX-Cache
Filterid
X-FireWall-Port
Meta-Geo
X-RN-RSRV
X-Cache-NGX
X-Viewer-Country
X-Backend-Name
Cross-Origin-Window-Policy
X-Path-Route
X-CCM
X-UA-Device-Type
X-Cache-Var-Map
X-Cache-Var
X-Adobe-Source
X-Cache-Status-Check
X-Via-Fastly
X-ES-SERVER
Accept-Language
X-No-Session
X-Site-Version
X-Unique-Id
Cache
X-PERF
X-Storage
X-PCL
X-AWS-Id
Akamai-GRN
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
ServedBy
X-Pubstack
X-LJ-Flow-ID
X-Redis-Cache
X-ApacheServer
X-Locale
X-Www-Served-By
X-Framework
X-MP-GENERATED-AT
X-VWS-Id
X-OCL
Cache-Hits
DSUID
X-UPSTREAM-Address
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-NCache
Section-Io-Id
X-Info
X-Human
Webserver
X-Cache-Config
Section-Origin-Responded
X-FW-Version
Now
X-R9-Blue-Green-Version
X-SayCDN-TTL
X-Web-Node
X-TX-ID
Cleartype
X-Say-TTL
Mn-Server-Ip
X-Real-IP
X-RTag
X-Say-Cacheable
Cache-Name
Ms-Operation-Id
X-NewRelic-App-Data
X-Time-Microsecs
X-CS
X-Device-Type
X-CSRF-Token
S-Rt
Origin-Edge-Control
Fastly-SSL
X-FC-Vary-Parameters
Origin-Cache-Control
X-Cache-Enabled
Property-Id
X-BYPASS-REASON
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Access
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Hl-Ver
X-ProxyCache-Key
X-Proxied
X-ProxyCache-Status
X-Section
Load-Balancing
X-Zipkin-Id
X-Origin-Hint
X-Routing-Service
X-Origin
X-ShopId
X-BCube-Filmed-By
X-ShardId
X-Generated
X-ServerID
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-JoinUs
X-Bc-Bl
X-Varnish-Cache-Hits
X-Timing-Wait
X-NYM-Debug-Backend
X-Sorting-Hat-PodId
Selected-Fe
X-Alternate-Cache-Key
X-SaId
X-Format
X-From
X-Geo
X-FB-TRIP-ID
X-Proxy-Build
X-EIG-Tracking-Id
X-Detected-As
X-IP
DB-Nickname
X-Loop
X-Amzn-Remapped-Content-Length
X-Xfnlog-Site
X-TNCMS
X-Hosted-By
X-Hyper-Cache
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Air-Hostname
Azure-InstanceId
X-Presslabs-Stats
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-PHP-Host
X-Labrador-Cache-Channel
X-Qloud-Router
Cache-Tv-Group
X-Release
Upgrade-Insecure-Requests
X-Source
SD-X-WS
X-Old-Content-Length
Country
X-Ua
X-Cluster-Node
X-Cache-Host
Ec-Rule-Version
FilterID
X-Cache-NE
User-Agent
X-Varnish-Hostname
X-Pad
Time
X-Drupal-Cache-Contexts
X-Litespeed-Cache
X-Cache-2
X-Parent-Response-Time
X-Cache-TTL-Remaining
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-EC-Lua
X-Backend-TTL
Server-Info
X-Cache-Backend
X-CDN-Forward
X-RateLimit-Limit
X-RCS-CacheZone
X-Akamai-Request-ID
S-Cnection
X-Webkit-CSP
X-Vcache
X-Proxy-Cache-Status
X-Cache-Grace
X-TA-CDN-Provider
X-Debug-Cache
X-Forwarded-Host
X-Srv
X-Tumblr-Pixel-3
Proxy-Connection
X-Soup
Geo-Info
Apigw-Requestid
X-Microcachable
NGX
X-FORWARDED-FOR
OT-Force-Account-Verify
X-Tb
Rendered-Blocks
Server-Host
Xc-Version
VivaBuild
Who
UCS
True-Client-Country-4JS
T-Server
ServerName
M-TraceId
Content-Script-Type
Content-Style-Type
X-Scheme
X-S
X-NodeID
BehaviorPad-Version
X-Proto
Arc-Country
AsisCache
X-Rewrite-Enabled
X-Reqid
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Machine
X-A
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-Region-Sid
Pagetype
X-Vtex-Processado-Em
X-Trace-Id
X-Destination
X-Developer
X-DevSite-Last-Modified
X-Date
X-ScT
X-Level-Front-Cache
X-Trv-Group
X-Transaction
X-Dispatch
X-External-Request-Id
X-Generated-On
X-Instart-Info
X-Session-Fingerprint
X-Geo-Header
X-Processor
X-SRCache-Key
X-G
X-ServiceProvider
X-Swa-Ws
X-D
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-Aed
X-VG-WebServer
X-VG-WebCache
X-A-Wwc
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Vtex-Remote-Cache
X-Application
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-Connection-Hash
X-Vdms-Version
X-Vdms-Path
X-CF-Lambda-Fn
X-Rojux
X-S-Cookie
X-ARC
X-B-Cookie
X-A-Ccd
Viewtype
X-Dc
Sid
X-Uri
X-NC
X-Cluster-Name
Cache-Key
Cf-Ipcountry
User-Cache-Control
X-Newrelic-Synthetics
X-Cache-PHP
Release
X-Magnolia-Registration
X-RateLimit-Limit-Second
X-Node-Id
X-Owner
X-Device-Os
X-RateLimit-Remaining-Second
X-SN
X-Skip-Cache
X-SD-PageType
Kp-EeAlive
IsBot
Magicmarker
X-Clara-WADP
X-SIPLIST1
NM-Fastcgi-Cache
N-Cache
On-Server
Viewport
X-Cache-FS-Status
X-Generation-Time
X-Hash
X-Hnp-Log
X-Agile-Id
X-Cache-Bucket
X-Generated-In
X-Gen-Mode
X-Branch-Name
X-Block-Status
X-Bip
X-Agile-Age
X-Agile
X-Logging-Id
Vix-Hermes-Req-Id
X-Method
FNAC-ModuleRouting
V-Age
X-Fmm-Version
We-Hiring
X-LAGOON
X-Cache-Info
X-Location
Web-Mar-Node
X-Micro-Cache
Mail-Subject
AKAMAI
X-User
Thinkindot-CacheControl-Type
Thinkindot-Control
X-VC-Cache
CDCHOST
Thinkindot-CacheControl
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Worker
Tracecode
X-Dispatcher-Server
X-Via-PopH
X-Matched-Rule
X-Thinkindot-L3
X-Core-Value
X-Thanos
X-WADP-Cache
X-Via-PopV
X-Cms-Context
X-Nc
X-Envoy-Decorator-Operation
X-Hit
X-UA
X-SRV
X-Distil-CS
X-VG-TLSProxy
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-Mvc-Supplant-Cachable
X-Ms-Version
X-Ms-Request-Id
Wxu-Next-Commit
X-Varnish-Cacheable
X-Irp-Debug
X-Backend-Host
X-Auto-Login
X-Has-Esi
X-Backend-State
X-BBXSRF
X-Developers
X-Response-By
X-Nginx-Cache-Key
X-App
Sever-Int
X-Cache-Tags
X-Cache-URL
Wxu-Next-Region
X-We-Are-Hiring
X-Webstats-RespID
X-Is-Gdpr
X-JWT-State
Wxu-Next-Hostname
X-Origin-Expires
X-Request-UUID
X-Clientip
L5d-Success-Class
X-Server-W
Cache-Cookie-Set-Lfrom
X-Request-Host
Cache-Cookie-Set-From
X-Req
Cache-Cookie-Set-Idcheck
X-TT-TIMESTAMP
X-Be
Gh-Request-Id
Fastly-Drupal-HTML
X-Slack-Backend
X-Epic-Correlation-Id
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
X-Servername
X-TrackingId
X-Origin-Date
C-Via
RNT-Machine
X-Platform-Server
X-Policy
Apple-News-Services-Handled
RNT-Time
Rt-Fastcgi-Cache
Server-Hostname
Server-Ext
Adler-Geo
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-CGP
Platform
X-Variation
Apple-News-Services-Request-Url
X-Fastly-Cache
X-Eu-Site
X-Vgn-Hpd-Reason
X-DC
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Core-Mission
X-Reboot
Fastly-SIE
Fastly-SWR
Memcached
X-Var-Ttl
X-Varnish-Authentication
X-Compress-Hint
CacheControlHeader
X-VServer
Node
GEO-INFO
W
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-App-Version
X-GoCache-CacheStatus
X-TH-Server
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Refresh
X-LI-UUID
Esi-Enabled
X-AIR-PT
HostName
X-Loc
LB
Ohc-File-Size
L
X-Cache-Id
X-Cache-Debug
Server-ID
X-Esi-Check
X-Gzip
X-Origin-TTL
X-TIME
X-Origin-CC
X-Mvc-Supplant-OutputCached
X-Configured-By
X-Server-IP
X-Storefront-Renderer-Rendered
Cache-Host
X-App-Name
X-Wa
NtCoent-Length
X-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
X-VCT
X-Cdn-Srv
X-Edge-Location
X-Bc
X-B3-Traceid
X-BC
MIME-Version
X-Sucuri-ID
X-Zone
X-ZONE
X-Cdn-Forward
X-S-Maxage
Pragrma
Server-Surrogate-Control
Ohc-Response-Time
X-Generated-By
Server-Cache-Control
X-MSEdge-Flight
X-MSEdge-Features
X-Varnish-URL
Memory
Referer-Policy
X-FPC
X-Varnish-Ttl
X-Servedbyhost
X-Nginx-Cache
CACHE
X-Debug-Panamera-Sitecode
X-Pjax-Url
X-Svr
X-Rocket-Nginx-Bypass
X-Debug-Panamera-Host
Fastly-Backend-Name
X-BACKEND-TTL
X-COUNTRY
Heartbleed
Request-Country
X-Up
Locid
Request-EU
X-Varnish-Hits
X-Via-CDN
X-Minions-Version
X-Request-URI
X-Batcache
FSS-Cache
X-CF-Powered-By
X-VCL-Version
Resin-Trace
X-CLOUD-TRACE-CONTEXT
X-Shopify-Generated-Cart-Token
X-ElasticPress-Query
X-ND-Cache
X-Aicache-OS
X-GEO
X-Gamma-Serve
X-Oss-Storage-Class
X-Oss-Server-Time
WZWS-RAY
X-Oss-Hash-Crc64ecma
X-Ratelimit-Remaining
X-Oss-Request-Id
X-Oss-Object-Type
SRV
GeoIP-Country-Code
Lfy
Hostname
CF-Cached-On
X-Unique-ID
Cteonnt-Length
X-BE
X-Sucuri-Cache
GeoIP-Latitude
DCR-Processing-Time-Ms
X-Check-Cacheable
DCR-Decision-By
X-WebServer
Geoip-Latitude
HitType
GeoIp-Country-Code
X-Vcl-Version
X-Fastly-Cache-Status
Pramga
Cdn-Request-Time
Cdn-Host
X-Azure-Ref-OriginShield
X-ECache
Location
Powered-By-ChinaCache
Product
X-Proxy-Upstream
X-PF-Uncompressing
X-Edge-Server
X-Fastly-Country-Code
Mime-Version
X-Fetched-On
X-HS-Status
My-App
Ohc-Cache-HIT
X-PJAX-URL
X-Cdn-Origin
X-Sn-Servicetimems
X-Amzn-Requestid
X-CSRF-TOKEN
X-CACHE-KEY
X-GeoIP-Country-Code
X-LB-ID
X-NGINX-Cache
PFcat
X-OVcl
X-VarnishDD-TTL
X-Fpc
X-OVcl-Cache
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
X-Pf-Uncompressing
X-Newrelic-App-Data
SN
X-ServedByHost
X-Ratelimit-Limit
X-Vgn-Hpd-Variations-Key
X-CACHE-AGE
X-Vgn-Hpd-Ssi
X-Ftr-Cache-Host
X-Vgn-Hpd-Cached
URI
X-Varnish-Url
X-Varnishpool
X-Ratelimit-Reset
X-Served-From
Group
X-Render-Time
X-Instart-Isnd
X-B3-Spanid
Dt-Cache-Category
X-Request-Start
X-Platform
X-Swift-Error
X-Cache-Expired-At
WWW-Authenticate
Cdn
XServer
CloudFront-Viewer-Country
A
X-Via-Ucdn
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-B3-SpanId
Cf-Alt-Svc
X-Client-Ip
X-Dynatrace-Js-Agent
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Request-Time
X-Debug-Cache-Store
X-Amzn-Remapped-Date
X-CUA
X-Amzn-Remapped-Connection
Epwk-X-Cache
Country-Code
X-Debug-Cache-Fetch
Origin
X-Via-NSCOPI
X-WR-MODIFICATION
Lb
X-Varnish-Beresp-TTL
Cloudfront-Viewer-Country
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-WA
X-StackifyID
Server-Ttl
X-Apw-Access-Action
X-LiteSpeed-Cache-Control
PICS-Label
X-Debug-Ysi-Auth
Geoip-City
SID
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Ocache
X-Oss-Cdn-Auth
X-Cache-Tag
X-DPWN-IS-SECURE
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Cache-String
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-WPE-Loopback-Upstream-Addr
X-Shard
NnCoection
Proxy-Firewall
Backend
X-Cache-Hm
X-Planisys-CDN-Cache
X-C
X-Planisys-CDN-TTL
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Cache-Hfrom
X-Original-Request-Id
X-Planisys-CDN-Rules
X-Acquia-Site
X-Nananana
Region
Cneonction
X-Cache-Version
CF-IPCountry
Req-ID
X-Request-URL
X-B3-Parentspanid
X-ElasticPress-Search
X-VC
X-Sigma-Backend
X-RunCloud-Cache
Backend-Name
X-Sigma
X-Dw-Trace-Id
Request-Time
X-Varnish-ID
X-Akamai-ERRuleID
X-SB
X-Rocket-Build-Number
X-Akamai-ERPolicy
Host-ID
X-Html-Edge-Cache
X-Country-IP