Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
Content-Encoding
Upgrade
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Xkey
X-Proxy-Cache
Feature-Policy
X-Request-ID
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Request-Id
X-DataDome
X-Pass-Why
X-Mod-Pagespeed
Content-Location
X-Application-Context
NEL
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
Edge-Control
X-Cloud-Trace-Context
X-Clacks-Overhead
X-Cnection
X-Url
X-Rack-Cache
X-Px
X-FTR-Request-ID
Accept-CH
X-Goog-Hash
RTSS
MS-Author-Via
X-TtlSet
X-PC
X-Vname
X-Powered-By-Plesk
Verso
X-Ttl
Accept-CH-Lifetime
X-B3-TraceId
X-DynaTrace
Public-Key-Pins
X-GitHub-Request-Id
Service-Worker-Allowed
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Varnish-TTL
Display
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
X-Sol
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Amz-Rid
X-CST
TCN
X-Abt-Application-Version
Pinterest-Generated-By
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Instart-Request-ID
Accept-Ch
X-ESI
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Accel-Expires
X-Version
AR-Request-ID
AR-ATIME
AR-PoweredBy
Access-Control-Request-Method
X-MSEdge-Ref
X-Grace
Nginx-Cache
Ar-Sid
AR-CACHE
X-Upstream
Charset
X-Debug
S
X-Powered-CMS
SPRequestDuration
SPIisLatency
Accept-Ch-Lifetime
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestGuid
X-SharePointHealthScore
X-FastCGI-Cache
X-Cdn
Content-MD5
X-Client-IP
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
Pinterest-Version
X-Pinterest-Rid
Realpath
X-Trace
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Element-Page-Cache
X-Mrf-Item-Lastmod
X-Dw-Request-Base-Id
X-Hp-Webp
X-Jurisdiction
Nel
X-Id
X-Shield-Request-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-XRDS-Location
X-Kinsta-Cache
X-Content-Digest
X-Logged-In
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Mobile-URL
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Oneagent-Js-Injection
Server-Node
X-FTR-Backend-Server
X-FTR-Balancer
X-Cache-Hit
Edge-Cache-Tag
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
TP-L2-Cache
TP-Cache
X-Cache-Age
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Front-End-Https
X-GUploader-UploadID
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Generation
Server-Name
ServerID
X-Hostname
X-Forwarded-For
X-Cache-Key
X-Amzn-Trace-Id
DynaTrace
Fastly-Restarts
PB-RID
PB-PID
Arc-Version
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Server-ID
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Mobile-Rewrite
X-Hits
X-Akamai-Edgescape
X-Page-Id
X-F-Cache
X-LB-Cache
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Accept-Charset
X-Jobs
X-HS-Content-Id
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Filters
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-Yandex-Sdch-Disable
X-Geo-Country
X-FTR-Cache-Host
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Via-JSL
MicrosoftSharePointTeamServices
X-Origin-Server
X-Fastcgi-Cache
X-Varnish-Age
X-B
Alternate-Protocol
X-N
X-Correlation-Id
X-Rid
X-TTL
Host-Header
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Ser
X-Daa-Tunnel
X-Varnish-Backend
X-Ruxit-Js-Agent
X-ATG-Version
DC
X-WebKit-CSP-Report-Only
X-Esi
Paypal-Debug-Id
Cache-Tags
Actual-Object-TTL
Retry-After
X-Debug-Info
X-FB-Debug
X-Amz-Replication-Status
X-Git-Hash
X-Varnish-Grace
X-Signature
X-Whom
X-Type
X-TT
X-App-Environment
Frame-Options
X-Activity-Id
X-AppVersion
X-Az
Section-Io-Cache
X-B-Cache
X-Contextid
X-App-Server
Surrogate-Key
X-Request-Guid
X-Edge
X-Status
Fastcgi-Useragent
X-Content-Options
Host
X-AOL-HN
Healthy
X-Seen-By
X-Cache-Action
X-Pinterest-Direct
Source
X-RateLimit-Remaining
X-XRDS-LOCATION
X-IPLB-Instance
Refresh
X-Host-Name
X-HTML-Minification-Powered-By
X-B3-Sampled
X-Endurance-Cache-Level
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Upgrade-Enabled
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-ProcessESI
X-Accel-Buffering
X-Cache-Rule
X-Response-Served-From
X-RemovedCookies
X-Amz-Apigw-Id
X-Cache-Operation
X-Drupal-Cache-Tags
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-MCACHE
X-Mid
VIX-Pulpo-Node
X-Environment-Context
X-Amzn-RequestId
X-Cacheable-TTL
X-L-Path
Payment
X-UUID
X-Region
Eomportal-Instance
MS-CV
X-FW-Serve
X-FW-Static
X-FW-Type
X-Cache-Time
X-FW-Hash
Datacenter
X-Cache-Control
X-FW-Server
X-FW-Dynamic
X-Is-Bot
X-Rendered-As
X-Rule
X-Varnish-Server
Cache-Status
X-WA-Info
X-Adobe-Content
Countrycode
WPE-Backend
NR-ENABLED
X-Adobe-Loc
Srv
Xserver
X-Protected-By
X-URL
X-GeoIP
X-APP-VERSION
Content-Disposition
X-PressLabs-Stats
X-Time
X-Wix-Request-Id
NGB
X-Cluster
X-Akamai-Transformed
X-Cached-By
X-RequestSource
X-VCache
X-EdgeConnect-Cache-Status
X-Cache-Server
X-SERVER-NAME
X-Yottaa-Optimizations
X-Yottaa-Metrics
Uber-Trace-Id
X-Correlation-ID
X-Akamai-Request-ID2
X-UnsetCookies
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Origin-Response-Time
Version
X-Tumblr-Pixel-1
X-Load-Cache
X-Tumblr-Pixel-2
X-Mode
X-IPS-LoggedIn
X-Mobile
X-Proxy
X-Handled-By
X-PHP-Backend
Access-Control-Request-Headers
X-Unique-Id
X-Cache-Remote
Liferay-Portal
Filterid
X-Presslabs-Stats
X-FireWall-Port
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Azure-Ref
X-Backend-Name
X-Framework
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-Adobe-Source
X-CCM
X-RN-RSRV
X-Path-Route
X-NewRelic-App-Data
X-Viewer-Country
X-Cache-Var
X-UA-Device-Type
X-Via-Fastly
X-Redis-Cache
X-LJ-Flow-ID
X-Time-Microsecs
Cache
X-No-Session
Akamai-GRN
X-Pubstack
X-PERF
X-Storage
X-Locale
X-Www-Served-By
X-AWS-Id
Accept-Language
X-ApacheServer
X-VWS-Id
X-Cache-Status-Check
X-Site-Version
ServedBy
Cache-Hits
DSUID
X-Cache-NGX
X-TX-ID
X-Real-IP
X-Say-Cacheable
X-Say-TTL
X-Web-Node
X-R9-Blue-Green-Version
X-SayCDN-TTL
X-NCache
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Webserver
X-Cache-Config
Section-Io-Origin-Status
Section-Io-Id
Fastly-SSL
Origin-Cache-Control
Origin-Edge-Control
Decoy-Debug-TTL
X-FW-Version
X-OCL
X-PCL
Cleartype
Now
Decoy-Debug-Key
X-Human
X-Info
Decoy-Debug-Status
Cache-Name
Mn-Server-Ip
Upgrade-Insecure-Requests
S-Rt
X-BYPASS-REASON
X-Bc-Bl
X-Origin-Hint
X-Proxied
TWC-Privacy
X-Origin
X-Hl-Ver
X-FC-Vary-Parameters
Ms-Operation-Id
X-CS
X-Format
X-Cache-Enabled
Property-Id
X-NWS-UUID-VERIFY
X-ProxyCache-Status
X-ProxyCache-Key
TWC-Device-Class
TWC-Connection-Speed
Webcakes-App-Name
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-UPSTREAM-Address
X-Zipkin-Id
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-RTag
X-ServerID
X-Routing-Service
X-Alternate-Cache-Key
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Access
X-Detected-As
X-Hyper-Cache
X-Shopify-Stage
X-ShopId
X-ShardId
X-Section
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Xfnlog-Site
X-TNCMS
X-Timing-Wait
X-SaId
X-Proxy-Build
X-Generated
X-From
X-FB-TRIP-ID
X-IP
X-JoinUs
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-Loop
X-EIG-Tracking-Id
X-Device-Type
DB-Nickname
Selected-Fe
X-Geo
Azure-Version
X-Hosted-By
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Varnish-Cache-Hits
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Source
Country
Load-Balancing
X-Content-Age
X-Labrador-Cache-Channel
X-PHP-Host
Ec-Rule-Version
X-Vcache
X-Qloud-Router
SD-X-WS
X-Cache-NE
X-Cluster-Node
X-Old-Content-Length
Cache-Tv-Group
FilterID
X-Air-Hostname
X-Cache-Host
User-Agent
X-Varnish-Hostname
Time
X-Pad
X-Ua
X-Release
X-Litespeed-Cache
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Backend-TTL
X-Cache-TTL-Remaining
X-Parent-Response-Time
X-EC-Lua
X-Cache-2
X-Cache-Backend
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
S-Cnection
X-RCS-CacheZone
X-RateLimit-Limit
X-Akamai-Request-ID
Server-Info
X-Proxy-Cache-Status
X-Webkit-CSP
X-Cache-Grace
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Microcachable
X-Debug-Cache
Proxy-Connection
X-NC
NGX
X-Soup
OT-Force-Account-Verify
X-FORWARDED-FOR
Tracecode
X-Srv
Sid
X-Tb
X-SRV
Apigw-Requestid
X-UA
X-PAYTM-SRV-ID
X-Uri
UCS
X-A
X-Level-Front-Cache
Viewtype
X-NodeID
Who
X-Proto
X-A-Ccd
VivaBuild
ServerName
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
Server-Host
X-Accel-Expires-Debug
GEO-REGION-INFO
X-Processor
M-TraceId
Machine
X-B-Cookie
Pagetype
Rendered-Blocks
X-ARC
Mobile-Detection-Method
X-Application
MD5-Digest
Meta-Geo-Continent
X-A-Wwc
X-D
True-Client-Country-4JS
T-Server
X-A-Dam
AsisCache
Arc-Country
X-Generated-On
X-G
X-External-Request-Id
BehaviorPad-Version
X-Dispatch
X-Destination
X-A-Dgt
X-Date
X-Developer
Fastcgi-X-Cache-Version
X-A-Dcw
X-DevSite-Last-Modified
X-Instart-Info
X-S
X-Trace-Id
X-Rojux
X-Transaction
X-Rewrite-Enabled
X-Trv-Group
X-Swa-Ws
X-SRCache-Key
X-ServiceProvider
X-Session-Fingerprint
X-Scheme
X-S-Cookie
X-Twitter-Response-Tags
X-Vdms-Path
X-Cluster-Name
X-Vtex-Remote-Cache
X-Region-Sid
Cache-Key
Xc-Version
X-ScT
X-Vtex-Processado-Em
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Dc
Geo-Info
User-Cache-Control
X-Magnolia-Registration
X-Reqid
X-Clara-WADP
X-WADP-Cache
X-User
X-Matched-Rule
X-Cache-Info
Kp-EeAlive
IsBot
X-Core-Value
X-TT-TIMESTAMP
X-Device-Os
X-Thinkindot-L3
Content-Style-Type
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
FNAC-ModuleRouting
X-Node-Id
X-Cache-FS-Status
X-Cache-Bucket
NM-Fastcgi-Cache
N-Cache
X-Bip
On-Server
X-Agile-Age
X-Via-PopH
Release
X-Agile-Id
X-Agile
GEO-INFO
Magicmarker
X-VC-Cache
X-Via-PopV
Mail-Subject
X-Owner
X-Block-Status
X-Branch-Name
Content-Script-Type
Thinkindot-Control
X-Gen-Mode
X-Thanos
X-Generated-In
X-Skip-Cache
X-SD-PageType
X-Micro-Cache
X-Fmm-Version
X-SIPLIST1
We-Hiring
X-Ms-Version
Web-Mar-Node
X-Cache-PHP
X-Hnp-Log
X-Geo-Header
X-Hash
X-LAGOON
Vix-Hermes-Req-Id
X-Wikidot-Static-Cache
V-Age
X-Wikidot-Backend
X-Logging-Id
CDCHOST
X-Ms-Request-Id
Viewport
X-Location
X-Method
X-SN
X-Vgn-Hpd-Reason
X-Worker
X-Dispatcher-Server
X-Newrelic-Synthetics
Cf-Ipcountry
X-Hit
X-Envoy-Decorator-Operation
X-We-Are-Hiring
X-Request-Host
X-Webstats-RespID
X-Auto-Login
X-Req
X-Policy
Wxu-Next-Region
X-Platform-Server
X-VServer
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cache-URL
X-Epic-Correlation-Id
X-Mvc-Supplant-Cachable
X-Envoy-Upstream-Healthchecked-Cluster
X-Distributor
X-Nginx-Cache-Key
X-Distil-CS
Wxu-Next-Hostname
X-Eu-Site
X-Servername
X-Server-W
X-Irp-Debug
X-Generation-Time
X-Slack-Backend
X-Fastly-Cache
X-TrackingId
X-Reboot
X-Response-By
X-Varnish-Cacheable
X-VG-TLSProxy
X-Request-UUID
X-Backend-State
X-BBXSRF
X-Cache-Tags
X-Variation
X-Origin-Expires
X-Origin-Date
X-Cms-Context
X-Clientip
X-CGP
X-Backend-Host
Wxu-Next-Commit
C-Via
Platform
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
L5d-Success-Class
Apple-News-Services-Handled
AKAMAI
Adler-Geo
Memcached
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
RNT-Machine
Is-Eu
Server-Hostname
Node
X-TA-CDN-Provider
Server-Ext
Fastly-Drupal-HTML
Cache-Cookie-Set-Lfrom
RNT-Time
Rt-Fastcgi-Cache
Sever-Int
X-DC
Fastly-SIE
Esi-Enabled
X-Developers
X-JWT-State
CacheControlHeader
X-Rebelmouse-Surrogate-Control
X-App
X-TIME
X-Var-Ttl
X-Varnish-Authentication
X-Rebelmouse-Cache-Control
X-Be
Fastly-SWR
X-Has-Esi
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-GoCache-CacheStatus
X-Is-Gdpr
X-Contensis-Viewer-Groups
X-Core-Mission
W
X-Cache-ASPX
X-Nc
Server-ID
X-Compress-Hint
X-LI-Proto
L
X-Refresh
X-Server-IP
X-Varnish-Beresp-Ttl
X-TH-Server
X-App-Name
X-Varnish-Beresp-Status
Ohc-File-Size
X-Varnish-Beresp-Grace
Cache-Host
X-CLOUD-TRACE-CONTEXT
X-Loc
HostName
X-Esi-Check
X-Cache-Debug
X-VCT
X-Cache-Id
X-AIR-PT
X-Wa
X-Mvc-Supplant-OutputCached
X-Gzip
LB
X-Origin-CC
X-Origin-TTL
X-App-Version
X-Sucuri-ID
X-Cdn-Srv
X-Configured-By
X-S-Maxage
X-Storefront-Renderer-Rendered
X-Generated-By
Server-Surrogate-Control
X-Key
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Zone
X-NU-AKA-ACS-Version
X-Bc
Server-Cache-Control
NtCoent-Length
X-ZONE
X-BC
X-B3-Traceid
X-MSEdge-Features
X-MSEdge-Flight
Ohc-Response-Time
Memory
X-Edge-Location
X-FPC
MIME-Version
X-Varnish-Ttl
Pragrma
X-Varnish-URL
X-Rocket-Nginx-Bypass
CACHE
X-CF-Powered-By
X-Cdn-Forward
X-Debug-Panamera-Host
X-Svr
Locid
Heartbleed
Request-EU
Request-Country
Referer-Policy
X-Pjax-Url
X-Servedbyhost
X-Debug-Panamera-Sitecode
X-Varnish-Hits
X-Nginx-Cache
X-Batcache
X-COUNTRY
Resin-Trace
X-Request-URI
X-Shopify-Generated-Cart-Token
Fastly-Backend-Name
X-Up
FSS-Cache
X-VCL-Version
X-BACKEND-TTL
SRV
X-Gamma-Serve
WZWS-RAY
X-Via-CDN
X-Minions-Version
X-GEO
X-ND-Cache
X-Aicache-OS
X-ElasticPress-Query
X-Ratelimit-Remaining
X-Sucuri-Cache
GeoIp-Country-Code
X-Amzn-Requestid
X-CACHE-KEY
Lfy
CF-Cached-On
Geoip-Latitude
GeoIP-Country-Code
X-WebServer
X-BE
Cteonnt-Length
Hostname
X-Oss-Request-Id
X-Proxy-Upstream
X-Check-Cacheable
GeoIP-Latitude
Product
X-Oss-Server-Time
HitType
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Powered-By-ChinaCache
DCR-Processing-Time-Ms
DCR-Decision-By
Cdn-Host
Cdn-Request-Time
X-ECache
X-Vcl-Version
X-Edge-Server
X-Sn-Servicetimems
X-Cdn-Origin
My-App
X-Fetched-On
Mime-Version
X-Unique-ID
Ohc-Cache-HIT
X-Azure-Ref-OriginShield
X-HS-Status
Pramga
X-Fastly-Cache-Status
X-PJAX-URL
X-Fastly-Country-Code
X-NGINX-Cache
X-PF-Uncompressing
X-GeoIP-Country-Code
X-CSRF-TOKEN
Location
X-ServedByHost
SN
X-LB-ID
X-Pf-Uncompressing
X-Varnish-Url
X-Fastly-Backend-Reqs
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Limit
X-Request-Start
X-Fpc
Group
URI
X-VarnishDD-TTL
X-CACHE-AGE
X-OVcl-Cache
X-OVcl
X-Served-From
PFcat
X-Newrelic-App-Data
Cdn
X-Vgn-Hpd-Variations-Key
Dt-Cache-Category
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-B3-Spanid
X-Swift-Error
X-Shard
X-Ratelimit-Reset
XServer
X-Platform
X-Via-Ucdn
X-Render-Time
X-B3-SpanId
X-Instart-Isnd
X-Varnishpool
X-Ftr-Cache-Host
Country-Code
CloudFront-Viewer-Country
X-Cache-Expired-At
WWW-Authenticate
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
A
X-Tec-Api-Origin
X-Via-NSCOPI
X-Request-Time
Cf-Alt-Svc
X-Tec-Api-Version
X-Tec-Api-Root
X-Client-Ip
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Beresp-TTL
Geoip-City
X-Debug-Cache-Store
Origin
X-Ocache
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
X-WR-MODIFICATION
X-WPE-Loopback-Upstream-Addr
Lb
Server-Ttl
CF-IPCountry
X-StackifyID
X-Debug-Cache-Bypass
X-Debug-Cache-String
PICS-Label
X-LiteSpeed-Cache-Control
X-Debug-Xas-Auth
X-C
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-Planisys-CDN-Cache
X-Apw-Access-Token
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Cache-Tag
X-Apw-Access-Action
Cloudfront-Viewer-Country
X-CUA
Epwk-X-Cache
X-Planisys-CDN-TTL
X-Apw-Access-Object
SID
X-Apw-Hits
X-WA
X-Planisys-CDN-Rules
X-Sigma-Backend
Pics-Label
X-Oss-Cdn-Auth
X-Cache-Hfrom
X-Cache-Hm
X-Sigma
Region
X-Acquia-Application-UUID
Host-ID
X-Country-IP
NnCoection
Proxy-Firewall
X-Rocket-Build-Number
Request-Time
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Nananana
Cneonction
X-APP
X-RPM
X-DSS
X-DI
X-DB
X-ElasticPress-Search
X-Varnish-ID
X-DW
Req-ID
X-Li-Proto
X-B3-Parentspanid
X-Request-URL
X-Html-Edge-Cache
X-SB
X-VC
X-RPS
X-Akamai-ERPolicy
X-Dw-Trace-Id
X-Action
X-Akamai-ERRuleID
TTL
X-RSL