Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Backend
X-Age
X-Cache-Group
X-Request-ID
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Pass-Why
Request-Id
X-DataDome
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
NEL
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cloud-Trace-Context
X-Cnection
X-Px
X-Url
X-Rack-Cache
Accept-CH
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-TtlSet
MS-Author-Via
X-PC
X-Vname
Accept-CH-Lifetime
X-Powered-By-Plesk
Verso
X-DynaTrace
Public-Key-Pins
X-B3-TraceId
Service-Worker-Allowed
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Ttl
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Display
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-CST
X-Amz-Rid
Pinterest-Generated-By
TCN
X-Cached
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-ESI
X-Version
X-MSEdge-Ref
AR-ATIME
Access-Control-Request-Method
AR-PoweredBy
AR-Request-ID
X-Grace
Nginx-Cache
Accept-Ch
AR-CACHE
Ar-Sid
S
Charset
X-Debug
X-Upstream
X-Powered-CMS
SPRequestDuration
SPIisLatency
X-FastCGI-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace-JS-Agent
X-Pinterest-Rid
Realpath
Content-MD5
X-Client-IP
X-Ezoic-Cdn
Pinterest-Version
Accept-Ch-Lifetime
X-Trace
Nel
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Element-Page-Cache
MRF-Tech
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Kinsta-Cache
X-Content-Digest
X-XRDS-Location
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-Frontend
X-Request-Processing-Time
X-Request-Received
X-Cache-Hit
Edge-Cache-Tag
Server-Node
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-Cache-Age
TP-L2-Cache
TP-Cache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
Front-End-Https
Server-Name
ServerID
X-Forwarded-For
DynaTrace
X-Hostname
X-Amzn-Trace-Id
X-Cache-Key
Fastly-Restarts
PB-RID
PB-PID
Arc-Version
X-Zen-Fury
X-DIS-Request-ID
X-TTL
Powered
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Mobile-Rewrite
X-Revision
X-User-Agent
X-Hits
X-LB-Cache
X-Akamai-Edgescape
X-Cdn
X-Oneagent-Js-Injection
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Page-Id
X-HS-Cache-Config
X-F-Cache
Accept-Charset
X-Jobs
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-FTR-Cache-Host
Filters
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Via-JSL
MicrosoftSharePointTeamServices
X-Yandex-Sdch-Disable
X-Kong-Proxy-Latency
X-Origin-Server
X-Kong-Upstream-Latency
X-Correlation-Id
X-Varnish-Age
X-B
Alternate-Protocol
X-N
X-Ser
X-Rid
X-Fastcgi-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Daa-Tunnel
X-Varnish-Backend
Host-Header
X-Esi
X-Az
X-AppVersion
DC
X-WebKit-CSP-Report-Only
X-Activity-Id
X-ATG-Version
X-Server-ID
X-App-Server
Cache-Tags
Paypal-Debug-Id
X-Amz-Replication-Status
X-Git-Hash
X-Type
X-FB-Debug
Frame-Options
X-Debug-Info
Retry-After
Actual-Object-TTL
X-Signature
X-Varnish-Grace
X-B-Cache
X-App-Environment
Section-Io-Cache
X-Whom
X-TT
X-Contextid
X-Request-Guid
Surrogate-Key
X-Edge
X-Status
Fastcgi-Useragent
X-Content-Options
X-AOL-HN
Host
Healthy
X-XRDS-LOCATION
X-Seen-By
X-Cache-Action
X-Ruxit-Js-Agent
Source
X-Pinterest-Direct
X-Host-Name
X-RateLimit-Remaining
X-HTML-Minification-Powered-By
X-B3-Sampled
Refresh
X-IPLB-Instance
X-Endurance-Cache-Level
X-Instance
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-Accel-Buffering
X-RemovedCookies
X-ProcessESI
X-Cache-Rule
X-Response-Served-From
X-Drupal-Cache-Tags
WPE-Backend
NR-ENABLED
X-Cache-Operation
X-Region
X-MCACHE
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-Amz-Apigw-Id
X-Mid
X-Rule
VIX-Pulpo-Node
X-Cache-Control
Payment
Eomportal-Instance
X-Environment-Context
X-Cacheable-TTL
MS-CV
X-L-Path
X-UUID
X-Is-Bot
X-Amzn-RequestId
X-Varnish-Server
X-Rendered-As
X-FW-Static
Datacenter
X-FW-Serve
X-FW-Hash
X-Cache-Time
X-FW-Server
X-FW-Dynamic
Cache-Status
X-FW-Type
X-Adobe-Loc
X-URL
X-Adobe-Content
Countrycode
X-WA-Info
Xserver
X-Protected-By
Srv
X-APP-VERSION
X-GeoIP
Content-Disposition
NGB
X-Wix-Request-Id
X-SERVER-NAME
X-Cluster
X-RequestSource
X-Akamai-Transformed
X-PressLabs-Stats
X-Cached-By
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Time
X-Akamai-Request-ID2
X-VCache
X-Yottaa-Metrics
X-Yottaa-Optimizations
Uber-Trace-Id
X-UnsetCookies
X-Tt-Trace-Host
Version
X-Tt-Trace-Tag
X-Origin-Response-Time
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Load-Cache
X-Mode
X-Mobile
X-Correlation-ID
X-Handled-By
Filterid
X-Proxy
X-Presslabs-Stats
X-Cache-Remote
X-PHP-Backend
Access-Control-Request-Headers
X-Unique-Id
Liferay-Portal
X-FireWall-Port
Accept-Language
X-No-Session
X-Framework
X-Path-Route
X-RN-RSRV
Cross-Origin-Window-Policy
X-Backend-Name
Meta-Geo
X-CCM
X-Cache-Var-Map
X-UA-Device-Type
X-Viewer-Country
X-Via-Fastly
X-Cache-Var
X-ES-SERVER
X-Cache-Status-Check
X-Adobe-Source
X-PERF
X-PCL
X-Pubstack
X-Locale
X-Time-Microsecs
X-ApacheServer
X-Storage
Decoy-Debug-Key
X-Azure-Ref
X-AWS-Id
X-NGENIX-Cache
ServedBy
Decoy-Debug-TTL
Cache-Hits
Akamai-GRN
Decoy-Debug-Status
X-Site-Version
Fastly-SSL
X-VWS-Id
X-OCL
Upgrade-Insecure-Requests
DSUID
X-Redis-Cache
X-Www-Served-By
X-MP-GENERATED-AT
X-LJ-Flow-ID
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Cache-NGX
X-TX-ID
X-Say-Cacheable
X-NCache
Webserver
X-Cache-Config
X-Say-TTL
Ms-Operation-Id
X-Human
X-Real-IP
X-Web-Node
X-FW-Version
X-R9-Blue-Green-Version
X-SayCDN-TTL
Origin-Edge-Control
Section-Io-Id
Cleartype
X-RTag
Section-Io-Origin-Status
Now
Origin-Cache-Control
Cache-Name
X-Info
Mn-Server-Ip
Cache
X-CS
X-Cache-Enabled
Property-Id
X-BYPASS-REASON
X-Device-Type
X-FC-Vary-Parameters
TWC-Privacy
X-Hl-Ver
X-Format
S-Rt
X-Bc-Bl
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-Loop
X-Access
Webcakes-Region
TWC-Locale-Group
X-Hyper-Cache
X-Proxied
X-TNCMS
X-ProxyCache-Status
X-ServerID
X-ProxyCache-Key
X-Routing-Service
X-Xfnlog-Site
X-UPSTREAM-Address
X-Origin
X-Zipkin-Id
X-Origin-Hint
X-NewRelic-App-Data
X-Section
X-Amzn-Remapped-Content-Length
X-Shopify-Stage
X-Alternate-Cache-Key
X-Timing-Wait
X-Vcache
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-SaId
X-Generated
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NWS-UUID-VERIFY
X-JoinUs
X-From
X-Proxy-Build
X-BCube-Filmed-By
X-NYM-Debug-Backend
X-Detected-As
X-EIG-Tracking-Id
X-ShardId
X-FB-TRIP-ID
DB-Nickname
Selected-Fe
Ec-Rule-Version
X-Varnish-Cache-Hits
X-Hosted-By
X-Geo
Azure-InstanceId
X-IP
Country
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-CSRF-Token
X-Source
X-Content-Age
Load-Balancing
X-Old-Content-Length
X-Labrador-Cache-Channel
X-Cluster-Node
X-Cache-NE
X-PHP-Host
SD-X-WS
X-Qloud-Router
Cache-Tv-Group
X-Air-Hostname
X-Varnish-Hostname
User-Agent
X-Cache-Host
Time
X-Litespeed-Cache
FilterID
X-Pad
X-Cache-TTL-Remaining
X-Ua
X-Backend-TTL
X-Drupal-Cache-Contexts
X-Cache-2
S-Cnection
X-Parent-Response-Time
X-CDN-Forward
X-Release
X-Cache-Backend
X-EC-Lua
X-RCS-CacheZone
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Webkit-CSP
Server-Info
X-Akamai-Request-ID
X-RateLimit-Limit
X-Cache-Grace
X-Proxy-Cache-Status
X-Microcachable
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Debug-Cache
X-FORWARDED-FOR
Tracecode
NGX
Proxy-Connection
X-SRV
X-UA
OT-Force-Account-Verify
X-Soup
Geo-Info
X-NC
Sid
X-Tb
X-Uri
X-A-Dcw
X-Instart-Info
Apigw-Requestid
Arc-Country
X-Level-Front-Cache
X-NodeID
X-Proto
X-PAYTM-SRV-ID
X-Accel-Expires-Debug
X-A-Wwc
X-Ms-Version
X-Ms-Request-Id
X-A-Dgt
VivaBuild
X-B-Cookie
X-Connection-Hash
M-TraceId
T-Server
X-D
X-ARC
True-Client-Country-4JS
X-Date
Machine
MD5-Digest
Server-Host
X-CF-Lambda-Version
X-CF-Lambda-Fn
Rendered-Blocks
Pagetype
ServerName
Meta-Geo-Continent
Mobile-Detection-Method
UCS
X-Destination
Content-Style-Type
Fastcgi-X-Cache-Version
X-A-Dam
Content-Script-Type
X-G
BehaviorPad-Version
X-Geo-Header
X-Generated-On
X-A-Ccd
X-A
X-Dispatch
X-DevSite-Last-Modified
X-Developer
GEO-REGION-INFO
Viewtype
Who
X-Application
X-External-Request-Id
AsisCache
X-S
X-Rojux
X-Aed
X-Rewrite-Enabled
X-ServiceProvider
X-Transaction
X-Trv-Group
X-S-Cookie
X-Twitter-Response-Tags
X-Vgn-Hpd-Reason
X-ScT
X-Scheme
X-Vdms-Path
X-Vdms-Version
X-Vtex-Processado-Em
X-Srv
X-Vtex-Remote-Cache
Xc-Version
X-SRCache-Key
X-Region-Sid
X-Processor
X-Swa-Ws
X-Cluster-Name
X-Reqid
X-VG-WebCache
Cache-Key
X-VG-WebServer
X-Trace-Id
X-Session-Fingerprint
X-Magnolia-Registration
User-Cache-Control
X-Dc
X-Block-Status
X-Branch-Name
Release
X-Via-PopH
X-Clara-WADP
X-Dispatcher-Server
Thinkindot-CacheControl
FNAC-ModuleRouting
X-Cache-Info
X-Cache-FS-Status
X-Thanos
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Device-Os
X-VServer
X-Via-PopV
X-User
Magicmarker
Mail-Subject
Memcached
X-Cms-Context
X-Core-Value
N-Cache
On-Server
X-Bip
NM-Fastcgi-Cache
X-TT-TIMESTAMP
Kp-EeAlive
IsBot
X-VC-Cache
X-Generation-Time
X-Location
X-Logging-Id
X-Matched-Rule
X-Agile-Id
X-SD-PageType
We-Hiring
X-Fmm-Version
X-Wikidot-Backend
X-Method
X-Micro-Cache
X-Worker
X-Owner
X-Reboot
X-Request-UUID
X-Node-Id
X-Agile-Age
X-Agile
X-Wikidot-Static-Cache
X-LAGOON
Web-Mar-Node
V-Age
X-Gen-Mode
X-Hash
X-Generated-In
X-SIPLIST1
X-Cache-Bucket
X-Skip-Cache
X-TA-CDN-Provider
Viewport
CDCHOST
X-SN
AKAMAI
X-WADP-Cache
X-Hnp-Log
Vix-Hermes-Req-Id
X-Newrelic-Synthetics
X-DC
X-Envoy-Decorator-Operation
Cf-Ipcountry
X-Cache-PHP
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-We-Are-Hiring
X-Backend-State
X-Webstats-RespID
X-BBXSRF
X-Auto-Login
X-Distil-CS
X-Li-Pop
X-Server-W
X-LI-UUID
X-Li-Fabric
X-Servername
X-Is-Gdpr
X-JWT-State
X-Mvc-Supplant-Cachable
X-Response-By
X-Req
X-Platform-Server
X-Policy
X-Request-Host
X-Origin-Expires
X-Nginx-Cache-Key
X-Origin-Date
X-Irp-Debug
X-Hit
X-Varnish-Cacheable
X-Variation
X-Developers
X-Clientip
X-VG-TLSProxy
X-Cache-URL
X-CGP
X-TrackingId
X-Distributor
X-Slack-Backend
X-GoCache-CacheStatus
X-Has-Esi
X-Fastly-Cache
X-Eu-Site
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-Cache-Tags
Wxu-Next-Region
Fastly-Drupal-HTML
Esi-Enabled
Apple-News-Services-Handled
RNT-Machine
RNT-Time
HA-Ipaddr
Rt-Fastcgi-Cache
C-Via
Cache-Cookie-Set-From
Is-Eu
Apple-News-Services-Host
Adler-Geo
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Platform
L5d-Success-Class
X-TIME
Apple-News-Services-Request-Url
Node
Wxu-Next-Commit
Wxu-Next-Hostname
Apple-News-Services-Parsed-Url
Ha-Gx-Prefs
Sever-Int
Server-Hostname
Server-Ext
Gh-Request-Id
GEO-INFO
X-Nc
L
X-Rebelmouse-Cache-Control
X-Be
Fastly-SIE
Fastly-SWR
CacheControlHeader
Server-ID
X-LI-Proto
X-App
X-Backend-Host
W
X-Cache-ASPX
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Core-Mission
X-Rebelmouse-Surrogate-Control
X-Var-Ttl
Cache-Host
X-Server-IP
X-Compress-Hint
X-Refresh
Ohc-File-Size
X-App-Name
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Ttl
X-TH-Server
X-Varnish-Beresp-Grace
X-VCT
X-Varnish-Beresp-Status
X-Cache-Debug
HostName
X-Gzip
X-Cache-Id
X-Esi-Check
X-Loc
X-Mvc-Supplant-OutputCached
X-Wa
X-Cdn-Srv
X-Origin-CC
LB
X-AIR-PT
X-S-Maxage
X-Origin-TTL
Memory
X-Configured-By
Server-Cache-Control
X-Sucuri-ID
X-Generated-By
Server-Surrogate-Control
X-B3-Traceid
X-BC
X-ZONE
X-Storefront-Renderer-Rendered
X-NU-AKA-ACS-Version
Ohc-Response-Time
NtCoent-Length
X-FPC
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Key
X-Zone
X-Bc
X-App-Version
X-MSEdge-Flight
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
X-MSEdge-Features
X-Edge-Location
MIME-Version
CACHE
X-Cdn-Forward
Heartbleed
X-Debug-Panamera-Host
Request-Country
Locid
X-Svr
X-Varnish-URL
Request-EU
X-Debug-Panamera-Sitecode
Pragrma
X-CF-Powered-By
X-Varnish-Hits
X-COUNTRY
X-Request-URI
X-Servedbyhost
X-Pjax-Url
X-Shopify-Generated-Cart-Token
Referer-Policy
X-Nginx-Cache
X-VCL-Version
X-Batcache
Resin-Trace
X-BACKEND-TTL
Fastly-Backend-Name
SRV
WZWS-RAY
X-Gamma-Serve
X-GEO
X-Up
FSS-Cache
X-Minions-Version
X-Ratelimit-Remaining
X-Via-CDN
X-ElasticPress-Query
X-Amzn-Requestid
Lfy
X-WebServer
X-CACHE-KEY
X-ND-Cache
Geoip-Latitude
GeoIp-Country-Code
X-Aicache-OS
GeoIP-Country-Code
Cteonnt-Length
X-Sucuri-Cache
X-BE
Hostname
Product
HitType
CF-Cached-On
GeoIP-Latitude
X-Proxy-Upstream
X-ECache
Mime-Version
X-Cdn-Origin
X-Edge-Server
Powered-By-ChinaCache
X-Fetched-On
Cdn-Host
My-App
Cdn-Request-Time
X-Sn-Servicetimems
X-Oss-Storage-Class
X-Unique-ID
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Check-Cacheable
X-Oss-Hash-Crc64ecma
X-HS-Status
DCR-Decision-By
Ohc-Cache-HIT
X-NGINX-Cache
DCR-Processing-Time-Ms
X-PJAX-URL
X-GeoIP-Country-Code
X-Vcl-Version
X-CSRF-TOKEN
X-ServedByHost
Pramga
SN
Location
X-Azure-Ref-OriginShield
X-PF-Uncompressing
X-Fastly-Country-Code
X-Fastly-Cache-Status
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
X-Ratelimit-Limit
X-LB-ID
X-Served-From
X-Fastly-Backend-Reqs
Group
URI
X-Request-Start
X-CACHE-AGE
X-Fpc
Dt-Cache-Category
X-B3-Spanid
Cdn
PFcat
X-Newrelic-App-Data
X-VarnishDD-TTL
X-OVcl
X-OVcl-Cache
X-Shard
X-Vgn-Hpd-Cached
X-Via-Ucdn
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
XServer
X-Swift-Error
X-Render-Time
X-Request-Time
A
X-B3-SpanId
CloudFront-Viewer-Country
X-Instart-Isnd
X-Platform
Country-Code
Cf-Alt-Svc
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Via-NSCOPI
X-Varnishpool
X-Client-Ip
X-Ratelimit-Reset
X-Debug-Cache-Store
X-Ocache
X-DPWN-IS-SECURE
Geoip-City
X-Debug-Cache-Fetch
X-Varnish-Beresp-TTL
Origin
X-Cache-Expired-At
X-Tb-Optimization-Total-Bytes-Saved
WWW-Authenticate
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
Lb
Server-Ttl
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-StackifyID
X-C
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Cache-Bypass
X-Apw-Access-Action
X-Planisys-CDN-TTL
X-Apw-Access-Object
X-Apw-Access-Token
PICS-Label
Cloudfront-Viewer-Country
X-Planisys-CDN-Rules
X-Apw-Hits
X-Planisys-CDN-Cache
SID
CF-IPCountry
X-WA
X-Ftr-Cache-Host
X-Sigma-Backend
X-CUA
Request-Time
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Cneonction
Proxy-Firewall
Epwk-X-Cache
Region
NnCoection
X-Sigma
X-Nananana
X-Acquia-Site
Host-ID
X-Rocket-Build-Number
X-Cache-Tag
X-Cache-Hm
X-Country-IP
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-Acquia-Application-Trace
X-APP
X-B3-Parentspanid
X-Varnish-ID
X-Li-Proto
X-RPM
X-Oss-Cdn-Auth
Pics-Label
X-RSL
X-RPS
Req-ID
X-Akamai-ERPolicy
TTL
X-DB
X-VC
X-SB
X-Dw-Trace-Id
X-Action
X-Html-Edge-Cache
X-ElasticPress-Search
X-DSS
X-Request-URL
X-DI
X-Akamai-ERRuleID
X-DW