Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Turbo-Charged-By
X-Server
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
X-Request-ID
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
X-Dns-Prefetch-Control
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Readtime
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
NEL
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Pass-Why
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Rating
X-Cloud-Trace-Context
X-Country-Code
Edge-Control
X-Cnection
X-Clacks-Overhead
X-Url
X-Rack-Cache
X-Px
X-FTR-Request-ID
Accept-CH
RTSS
X-Goog-Hash
MS-Author-Via
X-PC
X-Vname
X-TtlSet
X-Powered-By-Plesk
Verso
X-Ttl
Accept-CH-Lifetime
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-DynaTrace
X-GitHub-Request-Id
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
Arr-Disable-Session-Affinity
X-Varnish-TTL
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Amz-Rid
Pinterest-Generated-By
TCN
X-Abt-Application-Version
X-CST
X-Vcap-Request-Id
X-Cached
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
Cache-Tag
X-Fastly-Request-ID
Accept-Ch
X-Instart-Request-ID
X-Server-Name
X-ESI
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Accel-Expires
Ar-Sid
AR-CACHE
Access-Control-Request-Method
X-MSEdge-Ref
X-Grace
X-Upstream
X-Powered-CMS
Nginx-Cache
X-Debug
Charset
Accept-Ch-Lifetime
S
SPRequestDuration
SPIisLatency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
Content-MD5
X-Ezoic-Cdn
Realpath
X-Client-IP
Pinterest-Version
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Pinterest-Rid
Mrf-Cache-Status
X-Element-Page-Cache
X-Trace
X-Dw-Request-Base-Id
X-Hp-Webp
X-Jurisdiction
X-Oneagent-Js-Injection
X-Id
X-Shield-Request-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Node-Name
X-T
Fastcgi-Cache
X-Kinsta-Cache
X-Content-Digest
X-Logged-In
X-ASPNET-VERSION
Nel
X-NWS-LOG-UUID
X-Mobile-URL
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
Server-Node
TP-Cache
TP-L2-Cache
X-Cache-Age
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
Edge-Cache-Tag
X-FTR-Backend-Server
X-FTR-Backend
X-Cache-Key
Front-End-Https
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-FTR-Expires
X-Goog-Stored-Content-Encoding
ServerID
Server-Name
X-Amzn-Trace-Id
X-Hostname
X-Forwarded-For
PB-RID
Arc-Version
PB-PID
Host-Header
Fastly-Restarts
DynaTrace
Powered
X-Zen-Fury
X-Request-Handler-Origin-Region
X-DIS-Request-ID
X-Microsite
X-Content-Security-Policy-Report-Only
Backend-Timing
X-Revision
X-ATS-Timestamp
X-User-Agent
X-Akamai-Edgescape
X-Page-Id
X-Hits
X-F-Cache
X-Mobile-Rewrite
X-Ruxit-Js-Agent
X-LB-Cache
Accept-Charset
X-Jobs
X-HS-Hub-Id
X-HS-Combine-CSS
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Filters
X-HS-Cache-Config
X-HS-Content-Id
X-Yandex-Sdch-Disable
X-Cdn
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Via-JSL
X-Varnish-Age
MicrosoftSharePointTeamServices
X-B
X-N
Alternate-Protocol
X-FTR-Cache-Host
X-Erf-Bev-Bev-Is-Generated
X-Fastcgi-Cache
X-Erf-Bev-Bev
X-Correlation-Id
X-Daa-Tunnel
X-TTL
X-Rid
X-Varnish-Backend
X-Ser
X-WebKit-CSP-Report-Only
X-Az
X-ATG-Version
X-Activity-Id
Cache-Tags
X-AppVersion
DC
X-Esi
X-Amz-Replication-Status
Paypal-Debug-Id
X-Type
Retry-After
X-Debug-Info
X-FB-Debug
X-Git-Hash
X-Whom
Section-Io-Cache
X-App-Environment
X-TT
X-Signature
X-Varnish-Grace
X-B-Cache
Actual-Object-TTL
X-App-Server
Frame-Options
X-Server-ID
Surrogate-Key
X-Edge
X-Status
X-Request-Guid
X-Content-Options
Fastcgi-Useragent
X-Contextid
Host
X-AOL-HN
Healthy
X-Cache-Action
X-Pinterest-Direct
X-Seen-By
X-RateLimit-Remaining
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Host-Name
X-Endurance-Cache-Level
Source
Refresh
X-B3-Sampled
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Instance
X-Upgrade-Enabled
From-Origin
X-Amzn-RequestId
Access-Control-Allow-Method
X-ECACHE
X-RemovedCookies
X-Amz-Apigw-Id
X-Accel-Buffering
X-Drupal-Cache-Tags
X-ProcessESI
X-Cache-Rule
X-Response-Served-From
X-XRDS-LOCATION
Srv
X-Cache-Operation
X-Region
X-Rule
VIX-Pulpo-Upstream-Status
X-MCACHE
Odigeo-Trace-Id
VIX-Pulpo-Node
X-Mid
Eomportal-Instance
MS-CV
X-Cacheable-TTL
X-UUID
X-Environment-Context
X-L-Path
Payment
Datacenter
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Type
X-Is-Bot
X-Varnish-Server
X-Rendered-As
X-FW-Hash
X-FW-Static
X-Cache-Time
X-Cache-Control
X-Adobe-Loc
X-WA-Info
X-Protected-By
X-Adobe-Content
Countrycode
Cache-Status
Xserver
X-URL
X-PressLabs-Stats
X-Time
Content-Disposition
X-GeoIP
X-VCache
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
WPE-Backend
X-Cache-Server
NR-ENABLED
X-Cached-By
X-Wix-Request-Id
X-Webkit-CSP
X-Akamai-Request-ID2
X-Cluster
NGB
X-UnsetCookies
Uber-Trace-Id
X-APP-VERSION
X-Correlation-ID
X-SERVER-NAME
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Tt-Trace-Host
X-Load-Cache
X-RequestSource
X-Proxy
Version
X-Mode
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Mobile
X-PHP-Backend
X-Handled-By
X-Cache-Remote
Access-Control-Request-Headers
X-Azure-Ref
X-NGENIX-Cache
X-FireWall-Port
Filterid
Liferay-Portal
X-NWS-UUID-VERIFY
X-Cache-NGX
X-RN-RSRV
X-Cache-Status-Check
Meta-Geo
X-Viewer-Country
Cross-Origin-Window-Policy
X-Adobe-Source
X-Cache-Var
X-ES-SERVER
Accept-Language
X-Path-Route
X-Backend-Name
X-UA-Device-Type
X-CCM
X-Via-Fastly
X-No-Session
X-Cache-Var-Map
X-Storage
Decoy-Debug-Status
Decoy-Debug-TTL
X-Site-Version
DSUID
X-Unique-Id
X-VWS-Id
Decoy-Debug-Key
X-PCL
X-Framework
X-LJ-Flow-ID
Cache
ServedBy
X-AWS-Id
X-ApacheServer
X-Locale
X-MP-GENERATED-AT
X-Redis-Cache
Akamai-GRN
X-Pubstack
X-PERF
X-OCL
Cache-Hits
X-Www-Served-By
X-Say-TTL
Section-Io-Origin-Time-Seconds
X-NCache
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-Info
X-Cache-Config
Webserver
X-FW-Version
X-Human
X-R9-Blue-Green-Version
X-Real-IP
X-Web-Node
Mn-Server-Ip
X-TX-ID
Cleartype
X-SayCDN-TTL
X-UPSTREAM-Address
Now
X-RTag
X-Say-Cacheable
Cache-Name
Ms-Operation-Id
X-NewRelic-App-Data
X-Time-Microsecs
TWC-Connection-Speed
S-Rt
X-Device-Type
X-Proxied
Property-Id
X-CS
Origin-Edge-Control
X-Zipkin-Id
X-FC-Vary-Parameters
X-Cache-Enabled
Origin-Cache-Control
TWC-Device-Class
X-ProxyCache-Key
TWC-GeoIP-LatLong
Load-Balancing
X-Access
X-Origin-Hint
X-Bc-Bl
X-Origin
X-BYPASS-REASON
X-CSRF-Token
Webcakes-Region
TWC-Locale-Group
X-Format
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
X-ProxyCache-Status
X-Routing-Service
X-ServerID
X-Section
Fastly-SSL
X-Hl-Ver
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-NYM-Debug-Backend
X-BCube-Filmed-By
X-Timing-Wait
X-Amzn-Remapped-Content-Length
X-Generated
X-Varnish-Cache-Hits
X-ShopId
DB-Nickname
X-From
X-SaId
X-IP
X-Geo
X-FB-TRIP-ID
X-JoinUs
X-Proxy-Build
X-EIG-Tracking-Id
X-Detected-As
Selected-Fe
X-Xfnlog-Site
X-Air-Hostname
X-TNCMS
Azure-InstanceId
Azure-Version
X-Hosted-By
Azure-RegionName
X-Loop
X-Hyper-Cache
Azure-SlotName
Azure-SiteName
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-PHP-Host
X-Labrador-Cache-Channel
X-Presslabs-Stats
X-Qloud-Router
Cache-Tv-Group
X-Release
Upgrade-Insecure-Requests
Country
X-Source
SD-X-WS
X-Old-Content-Length
X-Cluster-Node
X-Ua
X-Cache-Host
Ec-Rule-Version
User-Agent
X-Cache-NE
FilterID
X-Varnish-Hostname
X-Pad
Time
X-Litespeed-Cache
X-Drupal-Cache-Contexts
X-Cache-2
X-Parent-Response-Time
X-Cache-TTL-Remaining
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-EC-Lua
X-CDN-Forward
X-Backend-TTL
X-RateLimit-Limit
X-Cache-Backend
Server-Info
X-RCS-CacheZone
X-Akamai-Request-ID
S-Cnection
X-Vcache
X-Proxy-Cache-Status
X-Cache-Grace
X-Debug-Cache
X-TA-CDN-Provider
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Srv
X-Soup
Geo-Info
Proxy-Connection
X-Microcachable
Apigw-Requestid
NGX
OT-Force-Account-Verify
X-FORWARDED-FOR
X-Tb
X-A
Who
X-Proto
X-A-Ccd
Arc-Country
X-A-Dcw
X-A-Dam
Content-Style-Type
Rendered-Blocks
Server-Host
ServerName
M-TraceId
Machine
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
T-Server
True-Client-Country-4JS
Content-Script-Type
BehaviorPad-Version
VivaBuild
Pagetype
UCS
GEO-REGION-INFO
Fastcgi-X-Cache-Version
AsisCache
X-Generated-On
X-ScT
X-ServiceProvider
X-Session-Fingerprint
X-SRCache-Key
X-Scheme
X-S-Cookie
X-Reqid
X-Rewrite-Enabled
X-Rojux
X-S
X-Swa-Ws
X-Trace-Id
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Region-Sid
X-Processor
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-B-Cookie
X-ARC
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Application
X-Date
X-Destination
X-Instart-Info
X-Level-Front-Cache
X-NodeID
X-PAYTM-SRV-ID
X-Geo-Header
X-G
X-Developer
X-DevSite-Last-Modified
X-Dispatch
X-External-Request-Id
X-A-Dgt
Viewtype
X-NC
X-Dc
Sid
X-Uri
X-Cluster-Name
Cache-Key
X-Newrelic-Synthetics
User-Cache-Control
Cf-Ipcountry
X-Cache-PHP
Release
X-Fmm-Version
X-Device-Os
X-Matched-Rule
X-RateLimit-Limit-Second
X-Micro-Cache
X-Node-Id
X-Owner
X-RateLimit-Remaining-Second
On-Server
Kp-EeAlive
X-SD-PageType
IsBot
X-SIPLIST1
X-Skip-Cache
X-Thinkindot-L3
X-Cms-Context
NM-Fastcgi-Cache
N-Cache
Mail-Subject
Magicmarker
V-Age
X-Method
X-Generation-Time
X-Cache-FS-Status
X-Hash
X-Hnp-Log
X-Cache-Bucket
X-Generated-In
X-Gen-Mode
X-Branch-Name
X-Block-Status
X-Bip
X-Agile-Id
X-Agile-Age
X-Magnolia-Registration
Vix-Hermes-Req-Id
X-Logging-Id
X-SN
We-Hiring
Web-Mar-Node
X-Agile
X-LAGOON
X-Cache-Info
X-Location
Viewport
X-Clara-WADP
X-Dispatcher-Server
X-Via-PopV
X-WADP-Cache
X-Thanos
X-Wikidot-Backend
Tracecode
X-User
X-VC-Cache
X-Via-PopH
X-Core-Value
CDCHOST
X-Wikidot-Static-Cache
AKAMAI
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
FNAC-ModuleRouting
X-Worker
X-SRV
X-Hit
X-Envoy-Decorator-Operation
X-UA
X-Nc
Apple-News-Services-Handled
X-Ms-Version
Wxu-Next-Commit
Wxu-Next-Hostname
X-VG-TLSProxy
X-Distributor
X-Ms-Request-Id
X-Varnish-Cacheable
X-Distil-CS
Apple-News-Services-Host
Adler-Geo
X-Is-Gdpr
CacheControlHeader
X-Auto-Login
X-Has-Esi
X-Backend-Host
X-Backend-State
X-Developers
X-BBXSRF
X-App
X-Webstats-RespID
X-Cache-Tags
X-Cache-URL
X-JWT-State
X-Mvc-Supplant-Cachable
X-We-Are-Hiring
X-Irp-Debug
Wxu-Next-Region
Server-Hostname
X-TT-TIMESTAMP
X-Clientip
X-TrackingId
L5d-Success-Class
X-Request-UUID
X-Request-Host
X-Eu-Site
X-CGP
X-Req
Fastly-Drupal-HTML
Is-Eu
Gh-Request-Id
X-Epic-Correlation-Id
X-Slack-Backend
X-Response-By
Ha-Gx-Prefs
X-Server-W
X-Servername
HA-Ipaddr
Sever-Int
X-Fastly-Cache
Rt-Fastcgi-Cache
RNT-Time
RNT-Machine
X-Platform-Server
Apple-News-Services-Request-Url
Server-Ext
Apple-News-Services-Parsed-Url
X-Origin-Date
X-Origin-Expires
X-Policy
X-Envoy-Upstream-Healthchecked-Cluster
Cache-Cookie-Set-Idcheck
Platform
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
C-Via
X-Variation
X-Nginx-Cache-Key
X-Vgn-Hpd-Reason
X-DC
X-Core-Mission
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Rebelmouse-Surrogate-Control
Memcached
X-Varnish-Authentication
GEO-INFO
Fastly-SWR
X-Var-Ttl
Fastly-SIE
X-Reboot
Node
X-Rebelmouse-Cache-Control
X-VServer
W
X-Compress-Hint
X-Be
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-App-Version
X-Varnish-Beresp-Grace
X-TH-Server
X-GoCache-CacheStatus
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Refresh
X-LI-UUID
X-SERVER
Esi-Enabled
X-AIR-PT
X-Loc
X-Cache-Debug
LB
Ohc-File-Size
X-Gzip
L
X-Esi-Check
X-Cache-Id
Server-ID
X-Origin-CC
X-Origin-TTL
X-TIME
Cache-Host
X-Server-IP
X-Wa
X-App-Name
X-Storefront-Renderer-Rendered
X-Mvc-Supplant-OutputCached
X-Configured-By
HostName
NtCoent-Length
X-NU-AKA-ACS-Version
X-Key
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-ZONE
X-BC
X-VCT
X-Edge-Location
X-Cdn-Srv
X-Sucuri-ID
X-Cdn-Forward
X-B3-Traceid
X-S-Maxage
MIME-Version
X-MSEdge-Features
Pragrma
X-Varnish-URL
Server-Cache-Control
Memory
X-Generated-By
Ohc-Response-Time
X-MSEdge-Flight
Server-Surrogate-Control
Referer-Policy
X-Bc
X-Zone
X-Varnish-Ttl
X-FPC
X-Servedbyhost
X-Nginx-Cache
CACHE
Fastly-Backend-Name
X-Rocket-Nginx-Bypass
X-Debug-Panamera-Sitecode
X-Svr
X-Pjax-Url
X-Debug-Panamera-Host
X-BACKEND-TTL
X-Up
Request-Country
Request-EU
Locid
X-COUNTRY
Heartbleed
X-Varnish-Hits
X-Via-CDN
X-Batcache
FSS-Cache
X-Minions-Version
X-Request-URI
X-CF-Powered-By
Resin-Trace
X-VCL-Version
X-CLOUD-TRACE-CONTEXT
X-ND-Cache
X-Aicache-OS
X-GEO
X-Shopify-Generated-Cart-Token
X-ElasticPress-Query
X-BE
X-Gamma-Serve
Hostname
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Ratelimit-Remaining
X-Oss-Object-Type
X-Oss-Storage-Class
WZWS-RAY
Lfy
GeoIP-Country-Code
SRV
CF-Cached-On
Cteonnt-Length
X-Unique-ID
X-Sucuri-Cache
X-Check-Cacheable
GeoIP-Latitude
GeoIp-Country-Code
DCR-Decision-By
DCR-Processing-Time-Ms
Geoip-Latitude
HitType
X-WebServer
Cdn-Request-Time
X-Edge-Server
X-Vcl-Version
X-Azure-Ref-OriginShield
X-ECache
Cdn-Host
Powered-By-ChinaCache
X-Proxy-Upstream
Product
X-Fastly-Cache-Status
X-PF-Uncompressing
Pramga
Location
X-Fastly-Country-Code
Mime-Version
X-PJAX-URL
X-HS-Status
My-App
Ohc-Cache-HIT
X-Fetched-On
X-Cdn-Origin
X-Sn-Servicetimems
X-Amzn-Requestid
X-CSRF-TOKEN
X-CACHE-KEY
X-GeoIP-Country-Code
X-LB-ID
X-NGINX-Cache
X-Fastly-Backend-Reqs
Amp-Access-Control-Allow-Source-Origin
X-VarnishDD-TTL
X-Fpc
SN
X-OVcl-Cache
X-OVcl
PFcat
X-Newrelic-App-Data
X-ServedByHost
X-Pf-Uncompressing
X-Ratelimit-Limit
X-Vgn-Hpd-Variations-Key
URI
X-Vgn-Hpd-Ssi
X-CACHE-AGE
X-Ftr-Cache-Host
X-Vgn-Hpd-Cached
X-Varnish-Url
X-Ratelimit-Reset
X-Varnishpool
X-Served-From
Group
X-B3-Spanid
X-Render-Time
X-Platform
X-Request-Start
Dt-Cache-Category
X-Instart-Isnd
X-Swift-Error
WWW-Authenticate
Cdn
X-Cache-Expired-At
XServer
CloudFront-Viewer-Country
A
X-Via-Ucdn
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Cf-Alt-Svc
X-B3-SpanId
X-Client-Ip
Epwk-X-Cache
X-Via-NSCOPI
X-Debug-Cache-Fetch
Country-Code
X-Amzn-Remapped-Connection
X-Debug-Cache-Store
X-Request-Time
X-IN-APIGATEWAYSSL
Origin
X-CUA
X-IN-APIGATEWAY
X-Amzn-Remapped-Date
X-WR-MODIFICATION
Lb
X-LiteSpeed-Cache-Control
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
PICS-Label
X-Debug-Cache-String
Server-Ttl
X-StackifyID
X-Ocache
Geoip-City
X-Apw-Access-Object
X-Apw-Access-Action
X-WA
X-Debug-Cache-Status
X-Apw-Access-Token
X-Apw-Hits
X-Oss-Cdn-Auth
X-Cache-Tag
Pics-Label
X-Varnish-Beresp-TTL
SID
X-Debug-Cache-Bypass
Cloudfront-Viewer-Country
X-Tb-Optimization-Total-Bytes-Saved
X-DPWN-IS-SECURE
X-WPE-Loopback-Upstream-Addr
X-Shard
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Backend
X-C
Proxy-Firewall
X-Planisys-CDN-TTL
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Original-Request-Id
X-Cache-Hm
X-Nananana
NnCoection
X-Acquia-Site
X-Cache-Hfrom
Cneonction
Region
CF-IPCountry
X-Cache-Version
X-Country-IP
Req-ID
X-RunCloud-Cache
Backend-Name
X-ElasticPress-Search
X-B3-Parentspanid
X-Varnish-ID
X-Html-Edge-Cache
X-Akamai-ERPolicy
X-Dw-Trace-Id
Request-Time
X-SB
X-Akamai-ERRuleID
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
X-VC
Host-ID
X-Request-URL