Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Generator
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
X-Age
X-Cache-Group
X-Request-ID
Xkey
X-Robots-Tag
X-Proxy-Cache
Feature-Policy
X-Amz-Id-2
X-Amz-Request-Id
Request-Context
X-Hacker
X-Page-Speed
X-UA-Device
EagleId
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
P3p
X-LiteSpeed-Cache
Report-To
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
X-Host
EagleEye-TraceId
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Vhost
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Pass-Why
X-Origin-Upstream-Status
X-Node
X-Readtime
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Request-Id
X-DataDome
X-Mod-Pagespeed
Content-Location
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
NEL
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cnection
X-Url
X-Cloud-Trace-Context
X-Px
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
X-TtlSet
X-Vname
X-PC
MS-Author-Via
X-Powered-By-Plesk
Verso
X-DynaTrace
Accept-CH
X-Ttl
Public-Key-Pins
X-GitHub-Request-Id
X-B3-TraceId
Service-Worker-Allowed
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-MS-InvokeApp
Pagespeed
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Cache-TTL
Accept-CH-Lifetime
X-D2id
X-Abt-Application-Version
TCN
X-CST
Pinterest-Generated-By
X-Amz-Rid
X-Cached
Accept-Ch
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
Cache-Tag
Accept-Ch-Lifetime
X-ESI
X-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
X-MSEdge-Ref
AR-PoweredBy
AR-Request-ID
Nel
AR-ATIME
Access-Control-Request-Method
X-Grace
S
SPIisLatency
SPRequestDuration
X-Debug
AR-CACHE
Ar-Sid
X-Upstream
Charset
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
X-Powered-CMS
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-DynaTrace-JS-Agent
Pinterest-Version
X-Pinterest-Rid
Realpath
X-Ezoic-Cdn
X-Element-Page-Cache
Content-MD5
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Dw-Request-Base-Id
X-Id
X-Hp-Webp
X-Jurisdiction
X-Shield-Request-Id
X-Recruiting
X-Node-Name
X-Amz-Meta-S3cmd-Attrs
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Server-Node
X-Goog-Generation
X-Goog-Metageneration
X-Request-Received
X-Request-Processing-Time
TP-Cache
X-Frontend
TP-L2-Cache
Edge-Cache-Tag
X-Cache-Hit
X-FTR-Expires
X-Cache-Age
Front-End-Https
Server-Name
DynaTrace
Fastly-Restarts
X-Forwarded-For
X-Hostname
ServerID
X-Amzn-Trace-Id
PB-PID
PB-RID
Arc-Version
X-Zen-Fury
X-DIS-Request-ID
X-Cache-Key
Powered
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Mobile-Rewrite
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-LB-Cache
X-Akamai-Edgescape
Accept-Charset
X-Hits
X-Oneagent-Js-Injection
X-Cdn
X-HS-Hub-Id
X-HS-Combine-CSS
X-F-Cache
X-Jobs
X-HS-Cache-Config
X-HS-Content-Id
X-Page-Id
X-FTR-Cache-Host
X-Geo-Country
Filters
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
MicrosoftSharePointTeamServices
X-Via-JSL
X-Kong-Upstream-Latency
X-Varnish-Age
X-Kong-Proxy-Latency
X-B
X-Origin-Server
X-Ser
X-TTL
X-Fastcgi-Cache
Alternate-Protocol
X-Rid
X-N
X-Yandex-Sdch-Disable
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Varnish-Backend
Host-Header
X-Esi
X-Daa-Tunnel
X-XRDS-LOCATION
X-Debug-Info
DC
X-AppVersion
X-Activity-Id
X-Az
X-Git-Hash
X-WebKit-CSP-Report-Only
X-Server-ID
Paypal-Debug-Id
X-App-Server
Retry-After
X-FB-Debug
X-Type
X-ATG-Version
X-Amz-Replication-Status
X-Varnish-Grace
Actual-Object-TTL
X-TT
X-Signature
X-Correlation-Id
Cache-Tags
Frame-Options
X-Contextid
X-B-Cache
Section-Io-Cache
X-Whom
Fastcgi-Useragent
X-App-Environment
X-Request-Guid
X-Edge
Surrogate-Key
X-AOL-HN
X-Content-Options
X-Status
X-Seen-By
Host
X-RateLimit-Remaining
Healthy
X-Cache-Action
X-Ruxit-Js-Agent
X-Host-Name
Source
X-B3-Sampled
WPE-Backend
Refresh
NR-ENABLED
X-Pinterest-Direct
X-Instance
X-HTML-Minification-Powered-By
X-IPLB-Instance
X-Endurance-Cache-Level
X-ECACHE
X-Upgrade-Enabled
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
From-Origin
Access-Control-Allow-Method
X-APP-VERSION
X-Accel-Buffering
X-ProcessESI
X-Cache-Rule
X-RemovedCookies
X-Response-Served-From
X-MCACHE
Payment
X-Drupal-Cache-Tags
X-Cache-Operation
X-Mid
X-UUID
Odigeo-Trace-Id
X-Cache-Control
X-Cacheable-TTL
X-Rule
X-Region
MS-CV
X-FW-Server
Eomportal-Instance
X-FW-Static
X-Cache-Time
X-FW-Type
X-FW-Serve
X-Amz-Apigw-Id
X-Varnish-Server
X-FW-Hash
X-FW-Dynamic
Cache-Status
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Is-Bot
Countrycode
X-Rendered-As
X-L-Path
X-Environment-Context
Datacenter
X-Adobe-Loc
X-URL
X-Adobe-Content
Xserver
X-WA-Info
X-Protected-By
X-Correlation-ID
X-Amzn-RequestId
X-GeoIP
X-Wix-Request-Id
NGB
X-Cluster
X-RequestSource
Srv
X-SERVER-NAME
Content-Disposition
X-Akamai-Transformed
X-Cache-Server
X-VCache
X-Presslabs-Stats
X-Cached-By
X-EdgeConnect-Cache-Status
Filterid
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-PressLabs-Stats
X-Akamai-Request-ID2
Uber-Trace-Id
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Unique-Id
X-IPS-LoggedIn
Version
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Origin-Response-Time
Upgrade-Insecure-Requests
X-UnsetCookies
X-Load-Cache
Access-Control-Request-Headers
X-Mode
X-Vcache
X-Mobile
X-PHP-Backend
X-Handled-By
Liferay-Portal
X-Time
X-Proxy
X-Cache-Remote
X-Time-Microsecs
X-FireWall-Port
X-Framework
Cross-Origin-Window-Policy
X-ES-SERVER
X-CCM
X-Adobe-Source
X-Path-Route
X-MP-GENERATED-AT
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
X-Cache-Status-Check
Meta-Geo
X-UA-Device-Type
X-NGENIX-Cache
X-Site-Version
X-Web-Node
X-Www-Served-By
DSUID
X-No-Session
X-Viewer-Country
X-Via-Fastly
X-Locale
X-Human
X-Backend-Name
X-FW-Version
X-Redis-Cache
X-Storage
X-PCL
X-OCL
X-NYM-Debug-Backend
X-BCube-Filmed-By
Webserver
Cache
Mn-Server-Ip
X-Real-IP
Now
Origin-Cache-Control
X-ProxyCache-Status
X-Origin
Decoy-Debug-Key
Cleartype
Cache-Name
Decoy-Debug-Status
X-PERF
Fastly-SSL
X-Pubstack
Decoy-Debug-TTL
X-ProxyCache-Key
X-R9-Blue-Green-Version
X-SayCDN-TTL
X-Cache-NGX
X-LJ-Flow-ID
X-TNCMS
X-Loop
X-NCache
X-Info
X-Hyper-Cache
X-FC-Vary-Parameters
X-Format
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TX-ID
X-Cache-Config
X-VWS-Id
X-Access
X-ApacheServer
ServedBy
S-Rt
Origin-Edge-Control
X-AWS-Id
X-BYPASS-REASON
X-Section
Cache-Hits
X-Say-TTL
X-Say-Cacheable
X-RTag
Ms-Operation-Id
Accept-Language
Akamai-GRN
X-Origin-Hint
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Hl-Ver
TWC-Device-Class
TWC-Connection-Speed
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
TWC-Privacy
Section-Io-Id
Webcakes-App-Name
X-CS
X-Device-Type
X-FB-TRIP-ID
X-Routing-Service
X-ServerID
X-Cache-Enabled
Webcakes-App-Version
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-Bc-Bl
Property-Id
TWC-Locale-Group
X-Zipkin-Id
X-Proxied
X-Azure-Ref
X-Alternate-Cache-Key
X-EIG-Tracking-Id
X-Shopify-Stage
Country
X-ShopId
X-Sorting-Hat-PodId
X-JoinUs
X-Source
X-SaId
X-Detected-As
X-Sorting-Hat-ShopId
X-Proxy-Build
DB-Nickname
X-From
X-Timing-Wait
Selected-Fe
X-Generated
X-IP
X-Xfnlog-Site
X-ShardId
Ec-Rule-Version
X-Hosted-By
X-UPSTREAM-Address
X-Cache-NE
Azure-InstanceId
X-Varnish-Cache-Hits
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-SiteName
X-Cluster-Node
X-Old-Content-Length
X-CSRF-Token
X-Content-Age
X-CDN-Forward
X-Backend-TTL
X-PHP-Host
X-NewRelic-App-Data
X-NWS-UUID-VERIFY
X-Labrador-Cache-Channel
SD-X-WS
Cache-Tv-Group
X-Varnish-Hostname
X-Qloud-Router
X-Geo
Load-Balancing
Time
User-Agent
X-Litespeed-Cache
X-Cache-Host
X-Pad
S-Cnection
X-EC-Lua
X-Air-Hostname
X-Cache-Backend
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
FilterID
X-RCS-CacheZone
X-Cache-2
X-Parent-Response-Time
X-Microcachable
X-Proxy-Cache-Status
X-Ua
X-Forwarded-Host
X-Cache-Grace
Locale
X-Urbn-Context-Path
X-NC
X-Urbn-Site-Id
X-UA
Server-Info
X-Release
Tracecode
X-Tumblr-Pixel-3
X-RateLimit-Limit
X-Akamai-Request-ID
X-CLOUD-TRACE-CONTEXT
X-TIME
OT-Force-Account-Verify
NGX
X-Debug-Cache
Sid
X-FORWARDED-FOR
Proxy-Connection
X-Vgn-Hpd-Reason
Cache-Key
X-SRV
X-Dc
X-Soup
X-Tb
X-Newrelic-Synthetics
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dcw
X-A-Dam
MD5-Digest
GEO-REGION-INFO
M-TraceId
Machine
X-Agile
Fastcgi-X-Cache-Version
Content-Style-Type
Arc-Country
AsisCache
BehaviorPad-Version
Content-Script-Type
Meta-Geo-Continent
Mobile-Detection-Method
UCS
Viewtype
VivaBuild
Who
T-Server
ServerName
Pagetype
Rendered-Blocks
Server-Host
X-A
X-PAYTM-SRV-ID
X-ScT
X-Session-Fingerprint
X-Skip-Cache
X-SRCache-Key
X-Scheme
X-S-Cookie
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-S
X-Swa-Ws
X-Transaction
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Worker
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Vdms-Version
X-Reqid
X-Region-Sid
X-Connection-Hash
X-D
X-Date
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Agile-Id
X-Application
X-ARC
X-B-Cookie
X-Developer
X-DevSite-Last-Modified
X-Instart-Info
X-Level-Front-Cache
X-Node-Id
X-Processor
X-Geo-Header
X-Generated-On
X-Dispatch
X-External-Request-Id
X-G
X-Agile-Age
X-Aed
GEO-INFO
X-Uri
X-Cluster-Name
X-Srv
X-Magnolia-Registration
X-Proto
X-TA-CDN-Provider
X-NodeID
N-Cache
Platform
NM-Fastcgi-Cache
Release
X-Method
X-Micro-Cache
X-Ms-Request-Id
X-Core-Value
X-Ms-Version
X-Cms-Context
Magicmarker
X-Clientip
X-Clara-WADP
X-We-Are-Hiring
Mail-Subject
X-Platform-Server
X-Wikidot-Backend
X-Owner
Memcached
X-Matched-Rule
X-Logging-Id
X-Epic-Correlation-Id
X-Has-Esi
True-Client-Country-4JS
Thinkindot-Control
X-Generation-Time
Viewport
X-Fmm-Version
X-Eu-Site
X-Wikidot-Static-Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Dispatcher-Server
X-Device-Os
Rt-Fastcgi-Cache
X-Location
X-Distil-CS
X-JWT-State
X-Hash
X-Hit
X-Is-Gdpr
L5d-Success-Class
X-CGP
X-User
X-Variation
X-Varnish-Cacheable
C-Via
X-TT-TIMESTAMP
CDCHOST
X-Thinkindot-L3
X-Reboot
X-Branch-Name
X-VC-Cache
X-VG-TLSProxy
Adler-Geo
X-Bip
X-VServer
X-WADP-Cache
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Thanos
X-Trace-Id
X-Backend-State
Node
Esi-Enabled
X-Cache-PHP
Ha-Gx-Prefs
Is-Eu
X-Cache-Tags
HA-Ipaddr
IsBot
X-Cache-FS-Status
We-Hiring
X-SN
Fastly-Drupal-HTML
X-Cache-Bucket
X-SIPLIST1
X-ServiceProvider
X-Servername
Geo-Info
User-Cache-Control
X-Envoy-Decorator-Operation
X-Fastly-Cache
X-Block-Status
X-Cache-Info
X-Developers
X-Distributor
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-URL
X-Origin-Date
X-Response-By
X-SD-PageType
X-Request-Host
X-Req
X-Rebelmouse-Surrogate-Control
X-Server-W
X-Slack-Backend
X-Webstats-RespID
X-Via-PopV
X-Via-PopH
X-TrackingId
X-Rebelmouse-Cache-Control
X-Policy
X-Irp-Debug
X-LAGOON
X-Hnp-Log
X-GoCache-CacheStatus
X-Generated-In
X-Li-Fabric
X-Li-Pop
X-Origin-Expires
X-BBXSRF
X-Mvc-Supplant-Cachable
X-LI-UUID
X-Gen-Mode
X-Nginx-Cache-Key
Wxu-Next-Commit
Cache-Cookie-Set-From
W
L
Wxu-Next-Hostname
Kp-EeAlive
Fastly-SIE
X-Backend-Host
Cache-Cookie-Set-Lfrom
Wxu-Next-Region
Vix-Hermes-Req-Id
V-Age
Server-Ext
RNT-Time
RNT-Machine
On-Server
Apigw-Requestid
Server-Hostname
Gh-Request-Id
Sever-Int
Cache-Cookie-Set-Idcheck
Server-ID
Fastly-SWR
Web-Mar-Node
FNAC-ModuleRouting
X-Auto-Login
Cf-Ipcountry
Cache-Host
X-Varnish-Authentication
X-App-Name
X-App
X-Refresh
X-Cache-ASPX
X-Server-IP
X-Contensis-Viewer-Groups
X-Be
X-Core-Mission
X-LI-Proto
X-Var-Ttl
X-VCT
X-DC
CacheControlHeader
Ohc-File-Size
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Compress-Hint
X-Mvc-Supplant-OutputCached
X-Cdn-Srv
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Wa
X-Nc
X-S-Maxage
Server-Cache-Control
X-TH-Server
X-FPC
Server-Surrogate-Control
X-Generated-By
X-Sucuri-ID
HostName
X-Zone
X-Gzip
X-Esi-Check
X-Cache-Id
X-Bc
X-Cache-Debug
Memory
X-Loc
X-B3-Traceid
LB
X-Origin-CC
X-Origin-TTL
Ohc-Response-Time
X-Rocket-Nginx-Bypass
X-AIR-PT
NtCoent-Length
X-Configured-By
X-NU-AKA-ACS-Version
X-MSEdge-Features
X-MSEdge-Flight
X-BC
X-SVT-ORM-VERSION
X-Key
X-Varnish-Ttl
X-SVT-ORM-RULES
Locid
X-Webkit-CSP
Request-EU
Heartbleed
X-ZONE
Request-Country
X-Storefront-Renderer-Rendered
CACHE
X-Shopify-Generated-Cart-Token
X-Debug-Panamera-Host
X-Request-URI
X-Svr
X-Debug-Panamera-Sitecode
X-Edge-Location
SRV
X-CF-Powered-By
X-Varnish-Hits
X-COUNTRY
MIME-Version
X-Amzn-Requestid
X-CACHE-KEY
X-GEO
WZWS-RAY
Pragrma
X-Varnish-URL
Resin-Trace
X-Pjax-Url
X-Gamma-Serve
X-Servedbyhost
X-Nginx-Cache
Fastly-Backend-Name
Referer-Policy
X-Batcache
X-VCL-Version
FSS-Cache
X-Cdn-Forward
X-Up
GeoIp-Country-Code
X-WebServer
Geoip-Latitude
X-App-Version
X-BACKEND-TTL
X-Proxy-Upstream
Lfy
Mime-Version
X-Minions-Version
Product
X-BE
X-NGINX-Cache
Hostname
X-Sucuri-Cache
X-ND-Cache
Cteonnt-Length
GeoIP-Country-Code
X-ElasticPress-Query
X-Cdn-Origin
X-Aicache-OS
HitType
My-App
X-Via-CDN
X-Fetched-On
X-Sn-Servicetimems
X-Edge-Server
Powered-By-ChinaCache
Cdn-Host
Cdn-Request-Time
GeoIP-Latitude
X-GeoIP-Country-Code
X-Ratelimit-Remaining
X-ServedByHost
SN
X-NODE
Ohc-Cache-HIT
CF-Cached-On
X-HS-Status
X-PJAX-URL
X-Vcl-Version
X-Shard
X-CSRF-TOKEN
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Varnish-Url
DCR-Processing-Time-Ms
X-ECache
DCR-Decision-By
X-Fastly-Country-Code
X-Check-Cacheable
X-Unique-ID
X-Tec-Api-Root
X-Azure-Ref-OriginShield
X-Fastly-Backend-Reqs
Amp-Access-Control-Allow-Source-Origin
X-Request-Start
Pramga
X-Tec-Api-Version
Location
Group
X-Pf-Uncompressing
X-PF-Uncompressing
X-Ratelimit-Limit
X-Tec-Api-Origin
X-Served-From
X-B3-Spanid
X-Fastly-Cache-Status
Cdn
X-CACHE-AGE
URI
Dt-Cache-Category
X-Newrelic-App-Data
X-Via-Ucdn
X-LB-ID
X-VarnishDD-TTL
CloudFront-Viewer-Country
PFcat
X-OVcl
X-OVcl-Cache
X-Fpc
XServer
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Request-Time
X-Via-NSCOPI
Country-Code
X-Swift-Error
X-DPWN-IS-SECURE
X-Vgn-Hpd-Cached
Cf-Alt-Svc
Geoip-City
A
X-Vgn-Hpd-Ssi
X-B3-SpanId
X-Debug-Cache-Store
X-Vgn-Hpd-Variations-Key
X-Debug-Cache-Fetch
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-Cache
X-Ocache
X-Planisys-CDN-Rules
X-Varnish-Beresp-TTL
X-Planisys-CDN-TTL
X-C
Origin
X-Platform
X-Render-Time
X-Instart-Isnd
PICS-Label
Lb
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
Proxy-Firewall
X-APP
WWW-Authenticate
X-Cache-Expired-At
X-Varnishpool
SID
Request-Time
Host-ID
X-StackifyID
X-Sigma
Server-Ttl
X-Ratelimit-Reset
X-Rocket-Build-Number
X-Sigma-Backend
X-LiteSpeed-Cache-Control
X-Country-IP
X-Apw-Access-Action
X-WA
X-Debug-Cache-Status
X-Cache-Tag
X-Debug-Cache-Bypass
X-Apw-Access-Object
X-Apw-Hits
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Apw-Access-Token
X-Ftr-Cache-Host
X-RPM
X-DB
NnCoection
X-Cache-Hfrom
TTL
X-Cache-Hm
X-RSL
Region
X-DI
X-RPS
X-DW
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
Cneonction
X-Action
X-DSS
Cloudfront-Viewer-Country
X-B3-Parentspanid
Req-ID
X-VC
X-Request-URL
X-Dw-Trace-Id
X-Nananana
X-Html-Edge-Cache
X-ElasticPress-Search
X-Li-Proto
X-Akamai-ERPolicy
X-SB
X-Varnish-ID
X-Akamai-ERRuleID