Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
X-Powered-By
CF-Cache-Status
Pragma
ETag
CF-RAY
Expect-CT
Via
Age
X-Cache
X-XSS-Protection
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-FRAME-OPTIONS
X-Language
X-Ua-Compatible
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Server
X-Turbo-Charged-By
X-AH-Environment
P3p
X-Backend
X-Age
X-Cache-Group
X-Request-ID
X-Robots-Tag
Xkey
Feature-Policy
X-Proxy-Cache
Request-Context
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
EagleId
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
X-Varnish-Cache
Server-Timing
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Report-To
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Ac
X-Node
X-Origin-Upstream-Status
X-Readtime
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Pass-Why
Request-Id
X-DataDome
Content-Location
X-Mod-Pagespeed
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
NEL
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Rating
X-Country-Code
X-Clacks-Overhead
Edge-Control
X-Cloud-Trace-Context
X-Cnection
X-Px
X-Url
X-Rack-Cache
X-FTR-Request-ID
X-Goog-Hash
RTSS
MS-Author-Via
X-TtlSet
X-PC
X-Vname
Accept-CH
X-Powered-By-Plesk
Verso
X-Ttl
X-DynaTrace
Public-Key-Pins
Accept-CH-Lifetime
X-B3-TraceId
X-GitHub-Request-Id
Service-Worker-Allowed
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Sol
X-Middleton-Response
Arr-Disable-Session-Affinity
X-Middleton-Display
Display
Response
Pagespeed
X-Varnish-TTL
X-Forwarded-Proto
X-Cache-TTL
X-D2id
X-Amz-Rid
Pinterest-Generated-By
X-CST
TCN
X-Abt-Application-Version
X-Cached
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Content-Type
X-Navigation-Version
X-Fastly-Request-ID
Accept-Ch
Cache-Tag
X-Instart-Request-ID
X-Server-Name
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-ESI
X-Version
AR-PoweredBy
AR-ATIME
X-MSEdge-Ref
AR-Request-ID
Access-Control-Request-Method
X-Grace
Nginx-Cache
Accept-Ch-Lifetime
Ar-Sid
AR-CACHE
Charset
S
X-Debug
X-Upstream
X-Powered-CMS
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
X-Client-IP
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
Realpath
X-Ezoic-Cdn
Pinterest-Version
X-Pinterest-Rid
X-Trace
Content-MD5
Nel
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Element-Page-Cache
X-Mrf-Section-Lastmod
X-Dw-Request-Base-Id
X-Jurisdiction
X-Hp-Webp
X-Id
X-Recruiting
X-Shield-Request-Id
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-T
Fastcgi-Cache
X-ASPNET-VERSION
X-Content-Digest
X-Kinsta-Cache
X-XRDS-Location
X-Logged-In
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-Mobile-URL
X-Request-Processing-Time
X-Request-Received
X-Frontend
X-Cache-Hit
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
Server-Node
X-FTR-Backend-Server
Edge-Cache-Tag
X-Cache-Age
TP-L2-Cache
TP-Cache
X-Goog-Generation
X-Goog-Metageneration
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
Front-End-Https
Server-Name
ServerID
DynaTrace
X-Forwarded-For
X-Hostname
X-Amzn-Trace-Id
X-Cache-Key
Fastly-Restarts
PB-PID
PB-RID
Arc-Version
X-Zen-Fury
Powered
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Mobile-Rewrite
X-Hits
X-Akamai-Edgescape
X-Cdn
X-F-Cache
X-HS-Content-Id
X-LB-Cache
X-HS-Cache-Config
X-Page-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Accept-Charset
X-Jobs
Filters
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-FTR-Cache-Host
X-Via-JSL
MicrosoftSharePointTeamServices
X-Yandex-Sdch-Disable
X-Kong-Upstream-Latency
X-Origin-Server
X-Kong-Proxy-Latency
X-Varnish-Age
X-B
X-TTL
X-N
Alternate-Protocol
X-Ruxit-Js-Agent
X-Ser
X-Rid
X-Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Daa-Tunnel
X-Varnish-Backend
Host-Header
X-Esi
X-Correlation-Id
X-Activity-Id
X-AppVersion
X-ATG-Version
X-WebKit-CSP-Report-Only
DC
X-Az
X-App-Server
X-Amz-Replication-Status
Cache-Tags
Paypal-Debug-Id
X-Server-ID
X-Type
X-Git-Hash
X-Debug-Info
Frame-Options
Retry-After
X-FB-Debug
Actual-Object-TTL
X-Signature
X-Varnish-Grace
X-B-Cache
X-App-Environment
Section-Io-Cache
X-Whom
X-TT
X-Contextid
X-Request-Guid
X-Edge
Surrogate-Key
Fastcgi-Useragent
X-Status
X-AOL-HN
X-Content-Options
Host
X-XRDS-LOCATION
Healthy
X-Cache-Action
X-Seen-By
Source
X-Pinterest-Direct
X-Host-Name
X-RateLimit-Remaining
Refresh
X-HTML-Minification-Powered-By
X-B3-Sampled
X-IPLB-Instance
X-Endurance-Cache-Level
X-Tumblr-User
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Upgrade-Enabled
From-Origin
Access-Control-Allow-Method
X-ECACHE
X-Accel-Buffering
X-RemovedCookies
X-Cache-Rule
X-ProcessESI
X-Response-Served-From
NR-ENABLED
WPE-Backend
X-Drupal-Cache-Tags
X-Cache-Operation
X-Region
X-MCACHE
X-Mid
Odigeo-Trace-Id
X-Amz-Apigw-Id
X-Rule
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Eomportal-Instance
X-Environment-Context
X-Cacheable-TTL
X-Cache-Control
MS-CV
X-L-Path
Payment
X-UUID
Cache-Status
X-Rendered-As
X-FW-Server
X-FW-Type
X-Amzn-RequestId
Datacenter
X-Varnish-Server
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-Is-Bot
X-Cache-Time
X-FW-Hash
X-Adobe-Content
X-Adobe-Loc
X-WA-Info
X-URL
Countrycode
Xserver
Srv
X-Protected-By
X-APP-VERSION
X-GeoIP
X-PressLabs-Stats
NGB
X-VCache
Content-Disposition
X-Cluster
X-RequestSource
X-SERVER-NAME
X-Wix-Request-Id
X-Akamai-Transformed
X-Correlation-ID
X-Cached-By
X-Time
X-Cache-Server
X-EdgeConnect-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Akamai-Request-ID2
X-UnsetCookies
Uber-Trace-Id
Version
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tt-Trace-Tag
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Load-Cache
X-Mode
X-Mobile
X-Handled-By
X-Proxy
Filterid
X-Cache-Remote
X-PHP-Backend
Access-Control-Request-Headers
Liferay-Portal
X-Unique-Id
X-FireWall-Port
X-Framework
Cross-Origin-Window-Policy
Meta-Geo
Accept-Language
X-Adobe-Source
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-UA-Device-Type
X-ES-SERVER
X-Viewer-Country
X-Via-Fastly
X-Path-Route
X-Cache-Status-Check
X-RN-RSRV
X-No-Session
X-NGENIX-Cache
X-MP-GENERATED-AT
X-Time-Microsecs
X-OCL
Cache-Hits
Decoy-Debug-Key
DSUID
Decoy-Debug-Status
X-VWS-Id
Upgrade-Insecure-Requests
X-Www-Served-By
X-Locale
Decoy-Debug-TTL
Akamai-GRN
X-LJ-Flow-ID
X-Site-Version
X-Presslabs-Stats
ServedBy
X-Azure-Ref
X-Pubstack
X-PCL
X-PERF
X-AWS-Id
X-ApacheServer
X-Storage
X-Backend-Name
X-Redis-Cache
X-NCache
X-R9-Blue-Green-Version
X-RTag
X-Real-IP
X-Say-Cacheable
X-Cache-NGX
X-Say-TTL
Section-Origin-Responded
Webserver
X-Cache-Config
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Origin-Edge-Control
Now
Section-Io-Id
Mn-Server-Ip
X-TX-ID
X-Human
X-Info
Cleartype
Origin-Cache-Control
X-Web-Node
X-SayCDN-TTL
X-FW-Version
Fastly-SSL
Cache-Name
Ms-Operation-Id
Cache
Webcakes-Region
Webcakes-App-Version
X-Access
X-BYPASS-REASON
X-Cache-Enabled
Webcakes-App-Name
X-Bc-Bl
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
X-CS
TWC-GeoIP-LatLong
TWC-Privacy
X-Device-Type
X-Routing-Service
X-ProxyCache-Status
X-ProxyCache-Key
X-Section
X-ServerID
X-UPSTREAM-Address
X-Xfnlog-Site
X-Proxied
X-NewRelic-App-Data
X-Format
X-FC-Vary-Parameters
X-Hl-Ver
X-Hyper-Cache
X-Origin-Hint
X-Origin
Property-Id
X-Zipkin-Id
X-Alternate-Cache-Key
X-Amzn-Remapped-Content-Length
X-IP
X-JoinUs
X-Loop
DB-Nickname
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated
X-EIG-Tracking-Id
X-Detected-As
X-FB-TRIP-ID
X-BCube-Filmed-By
X-From
X-Proxy-Build
X-NYM-Debug-Backend
Selected-Fe
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-SaId
X-ShardId
X-Timing-Wait
X-TNCMS
X-CSRF-Token
X-Varnish-Cache-Hits
Azure-Version
Azure-SlotName
X-Hosted-By
X-Source
Azure-InstanceId
Country
Azure-RegionName
X-NWS-UUID-VERIFY
Azure-SiteName
X-Geo
X-Content-Age
Load-Balancing
X-Old-Content-Length
X-PHP-Host
X-Cluster-Node
X-Labrador-Cache-Channel
X-Qloud-Router
X-Cache-NE
SD-X-WS
Ec-Rule-Version
Cache-Tv-Group
X-Air-Hostname
User-Agent
X-Varnish-Hostname
X-Cache-Host
X-Litespeed-Cache
X-Vcache
Time
X-Pad
FilterID
X-Cache-TTL-Remaining
X-Ua
X-Drupal-Cache-Contexts
X-Backend-TTL
X-Parent-Response-Time
S-Cnection
X-CDN-Forward
X-Cache-2
X-Cache-Backend
X-Release
X-Urbn-Site-Id
X-RCS-CacheZone
Locale
X-Urbn-Context-Path
X-EC-Lua
X-Webkit-CSP
Server-Info
X-Akamai-Request-ID
X-Cache-Grace
X-RateLimit-Limit
X-Proxy-Cache-Status
X-Microcachable
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Debug-Cache
Tracecode
X-FORWARDED-FOR
NGX
Proxy-Connection
X-Srv
X-UA
OT-Force-Account-Verify
X-Soup
X-Dc
X-NC
Geo-Info
Sid
Cache-Key
X-Developer
X-Destination
X-Processor
X-Connection-Hash
Machine
MD5-Digest
X-CF-Lambda-Version
M-TraceId
X-Reqid
X-Date
X-D
X-Cluster-Name
X-Region-Sid
Fastcgi-X-Cache-Version
X-Generated-On
Arc-Country
AsisCache
BehaviorPad-Version
X-Geo-Header
X-Instart-Info
X-Vtex-Remote-Cache
X-Tb
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-G
Content-Style-Type
X-Rewrite-Enabled
X-Dispatch
GEO-REGION-INFO
X-Uri
Apigw-Requestid
X-External-Request-Id
Content-Script-Type
X-PAYTM-SRV-ID
X-DevSite-Last-Modified
X-Scheme
VivaBuild
X-Aed
Who
Xc-Version
Viewtype
X-Swa-Ws
True-Client-Country-4JS
UCS
X-SRCache-Key
X-Vdms-Version
X-Accel-Expires-Debug
X-Trv-Group
X-Transaction
X-VG-WebCache
X-A-Ccd
X-A-Dam
X-A
X-Trace-Id
X-A-Wwc
X-A-Dgt
X-Vtex-Processado-Em
X-Rojux
T-Server
X-ScT
X-Vgn-Hpd-Reason
Meta-Geo-Continent
X-Vdms-Path
X-Level-Front-Cache
X-S-Cookie
X-S
X-A-Dcw
X-CF-Lambda-Fn
Mobile-Detection-Method
Pagetype
X-VG-WebServer
Server-Host
X-ARC
X-Application
ServerName
X-Session-Fingerprint
X-Twitter-Response-Tags
X-B-Cookie
Rendered-Blocks
X-ServiceProvider
User-Cache-Control
X-Proto
X-SRV
X-Magnolia-Registration
IsBot
X-Cms-Context
X-Agile-Id
Kp-EeAlive
X-TA-CDN-Provider
X-Location
X-Clara-WADP
X-Core-Value
X-Agile-Age
X-Device-Os
X-Wikidot-Backend
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Skip-Cache
FNAC-ModuleRouting
X-Wikidot-Static-Cache
Mail-Subject
X-Cache-FS-Status
X-Via-PopV
Release
X-Cache-Bucket
X-Branch-Name
X-Bip
X-Block-Status
X-Cache-Info
On-Server
X-Worker
X-SIPLIST1
X-Dispatcher-Server
X-SD-PageType
X-Via-PopH
NM-Fastcgi-Cache
N-Cache
Magicmarker
Thinkindot-Control
X-Generated-In
X-LAGOON
We-Hiring
X-User
X-Gen-Mode
X-Node-Id
Web-Mar-Node
X-Generation-Time
X-Thinkindot-L3
X-Hash
X-Thanos
AKAMAI
X-WADP-Cache
X-Hnp-Log
X-TT-TIMESTAMP
V-Age
Viewport
X-SN
X-Logging-Id
X-Agile
X-VC-Cache
X-Matched-Rule
CDCHOST
X-Micro-Cache
X-Fmm-Version
X-Method
X-Owner
Vix-Hermes-Req-Id
X-Cache-PHP
Cf-Ipcountry
X-Newrelic-Synthetics
X-Envoy-Decorator-Operation
X-Slack-Backend
X-RateLimit-Limit-Second
X-BBXSRF
X-VG-TLSProxy
X-Auto-Login
X-RateLimit-Remaining-Second
X-Backend-Host
X-Backend-State
X-TrackingId
X-VServer
X-CGP
X-Fastly-Cache
X-Origin-Date
X-Nginx-Cache-Key
X-Origin-Expires
X-Eu-Site
X-Envoy-Upstream-Healthchecked-Cluster
X-Epic-Correlation-Id
X-Variation
X-Varnish-Cacheable
X-Is-Gdpr
X-JWT-State
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Has-Esi
X-Hit
X-Platform-Server
X-Distributor
X-Response-By
X-Request-UUID
X-We-Are-Hiring
X-Server-W
X-Servername
X-Cache-URL
X-Clientip
X-Request-Host
X-Policy
X-Distil-CS
X-Developers
X-Reboot
X-Req
X-Webstats-RespID
X-Cache-Tags
Wxu-Next-Region
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
C-Via
Apple-News-Services-Request-Url
HA-Ipaddr
X-TIME
Platform
Esi-Enabled
Gh-Request-Id
Ha-Gx-Prefs
Is-Eu
L5d-Success-Class
Fastly-Drupal-HTML
Memcached
RNT-Machine
Apple-News-Services-Parsed-Url
Adler-Geo
Wxu-Next-Commit
Sever-Int
RNT-Time
Wxu-Next-Hostname
Server-Hostname
Rt-Fastcgi-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
Node
Server-Ext
X-Nc
GEO-INFO
Fastly-SWR
X-Li-Pop
X-Rebelmouse-Surrogate-Control
X-Be
X-LI-UUID
X-GoCache-CacheStatus
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Core-Mission
X-Var-Ttl
W
X-Varnish-Authentication
L
X-Cache-ASPX
Server-ID
X-App
X-Li-Fabric
X-Contensis-Viewer-Groups
CacheControlHeader
X-DC
X-Compress-Hint
X-App-Name
X-Refresh
X-Server-IP
Cache-Host
Ohc-File-Size
X-LI-Proto
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-Status
X-TH-Server
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-VCT
X-Gzip
X-Esi-Check
X-Cache-Id
X-Cache-Debug
HostName
X-Cdn-Srv
X-Wa
X-Mvc-Supplant-OutputCached
X-Loc
LB
X-AIR-PT
X-Origin-CC
X-Origin-TTL
X-S-Maxage
X-Sucuri-ID
X-Configured-By
Server-Cache-Control
X-Generated-By
Server-Surrogate-Control
X-ZONE
X-B3-Traceid
X-BC
X-Storefront-Renderer-Rendered
X-FPC
X-NU-AKA-ACS-Version
Memory
Ohc-Response-Time
NtCoent-Length
X-SVT-ORM-VERSION
X-Key
X-SVT-ORM-RULES
X-Bc
X-App-Version
X-Zone
X-Edge-Location
X-MSEdge-Features
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
X-MSEdge-Flight
X-Cdn-Forward
CACHE
MIME-Version
Heartbleed
X-Svr
X-Varnish-URL
Request-Country
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
Pragrma
Locid
Request-EU
X-Varnish-Hits
X-CF-Powered-By
X-Request-URI
X-COUNTRY
X-Servedbyhost
X-Pjax-Url
Referer-Policy
X-Nginx-Cache
X-Shopify-Generated-Cart-Token
X-Batcache
Resin-Trace
X-BACKEND-TTL
Fastly-Backend-Name
SRV
X-VCL-Version
X-GEO
WZWS-RAY
FSS-Cache
X-Up
X-Gamma-Serve
X-Minions-Version
X-Via-CDN
X-Ratelimit-Remaining
X-ND-Cache
X-CACHE-KEY
X-WebServer
Lfy
X-Amzn-Requestid
Geoip-Latitude
X-ElasticPress-Query
GeoIp-Country-Code
X-Aicache-OS
X-Sucuri-Cache
Hostname
X-BE
X-Proxy-Upstream
Product
CF-Cached-On
HitType
GeoIP-Country-Code
Cteonnt-Length
Cdn-Request-Time
X-Vcl-Version
Cdn-Host
X-Fetched-On
Powered-By-ChinaCache
X-Sn-Servicetimems
X-Cdn-Origin
X-Edge-Server
GeoIP-Latitude
My-App
Mime-Version
X-ECache
X-Oss-Request-Id
X-Unique-ID
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Check-Cacheable
X-GeoIP-Country-Code
Ohc-Cache-HIT
DCR-Decision-By
X-NGINX-Cache
DCR-Processing-Time-Ms
X-HS-Status
X-PJAX-URL
X-CSRF-TOKEN
Pramga
X-Azure-Ref-OriginShield
X-ServedByHost
X-PF-Uncompressing
X-Fastly-Country-Code
SN
X-Fastly-Cache-Status
Location
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Url
X-Ratelimit-Limit
X-Served-From
X-CACHE-AGE
X-LB-ID
X-Request-Start
Group
X-Fastly-Backend-Reqs
URI
PFcat
X-B3-Spanid
Cdn
X-Fpc
X-OVcl
Dt-Cache-Category
X-Newrelic-App-Data
X-OVcl-Cache
X-VarnishDD-TTL
X-Shard
X-Via-Ucdn
XServer
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Ftr-Cache-Host
X-Swift-Error
X-Render-Time
X-B3-SpanId
X-Request-Time
Country-Code
X-Platform
CloudFront-Viewer-Country
X-Instart-Isnd
X-IN-APIGATEWAYSSL
A
X-IN-APIGATEWAY
X-Tec-Api-Version
X-Via-NSCOPI
Cf-Alt-Svc
X-Tec-Api-Origin
X-Tec-Api-Root
X-Ratelimit-Reset
X-Varnishpool
X-Ocache
Origin
WWW-Authenticate
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Varnish-Beresp-TTL
X-Cache-Expired-At
Geoip-City
X-Debug-Cache-Fetch
X-Tb-Optimization-Total-Bytes-Saved
Lb
X-WPE-Loopback-Upstream-Addr
X-WR-MODIFICATION
X-Debug-Cache-Status
X-Debug-Cache-Bypass
PICS-Label
X-Debug-Ysi-Auth
X-StackifyID
X-Debug-Cache-String
X-LiteSpeed-Cache-Control
X-Debug-Xas-Auth
Server-Ttl
X-Debug-Do-Not-Cache-Uri
CF-IPCountry
Cloudfront-Viewer-Country
X-Apw-Access-Token
X-Planisys-CDN-TTL
X-Apw-Hits
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
SID
X-WA
X-C
X-Apw-Access-Action
X-Apw-Access-Object
Request-Time
X-Sigma
X-Sigma-Backend
NnCoection
Proxy-Firewall
X-CUA
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Epwk-X-Cache
Region
X-Nananana
X-Acquia-Application-Trace
X-Rocket-Build-Number
Host-ID
X-Cache-Tag
X-Country-IP
Cneonction
X-Cache-Hm
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-APP
X-DW
X-RPM
X-RPS
X-DSS
X-B3-Parentspanid
X-Oss-Cdn-Auth
Pics-Label
X-ElasticPress-Search
X-Varnish-ID
X-Li-Proto
X-DB
TTL
X-Action
X-VC
X-SB
X-Dw-Trace-Id
Req-ID
X-Akamai-ERRuleID
X-DI
X-Html-Edge-Cache
X-RSL
X-Akamai-ERPolicy
X-Request-URL