Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Ua-Compatible
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
Xkey
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Dns-Prefetch-Control
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Cache-Lookup
X-Vhost
X-Ac
X-Node
X-Readtime
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
X-Application-Context
NEL
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
X-Pass-Why
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Clacks-Overhead
X-Url
X-Rack-Cache
X-Px
RTSS
X-FTR-Request-ID
MS-Author-Via
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-Powered-By-Plesk
Verso
Accept-CH
X-B3-TraceId
X-Ttl
Service-Worker-Allowed
Public-Key-Pins
X-GitHub-Request-Id
X-DynaTrace
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-MS-InvokeApp
Display
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
Pagespeed
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Cache-TTL
Accept-CH-Lifetime
Accept-Ch
X-D2id
X-Amz-Rid
TCN
X-Abt-Application-Version
Pinterest-Generated-By
X-CST
X-Vcap-Request-Id
X-NF-Request-ID
X-Cached
X-Content-Type
X-VARITI-CCR
Accept-Ch-Lifetime
X-Navigation-Version
X-Fastly-Request-ID
Cache-Tag
X-ESI
X-Server-Name
X-Instart-Request-ID
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Version
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Accel-Expires
AR-CACHE
Ar-Sid
Access-Control-Request-Method
X-Upstream
X-MSEdge-Ref
X-Grace
X-Powered-CMS
X-Debug
Charset
Nginx-Cache
S
SPRequestDuration
SPIisLatency
X-Client-IP
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
Content-MD5
SPRequestGuid
Realpath
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Pinterest-Rid
Pinterest-Version
X-Element-Page-Cache
X-FastCGI-Cache
X-Trace
X-Hp-Webp
X-Jurisdiction
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Oneagent-Js-Injection
Nel
X-Node-Name
X-T
X-XRDS-Location
X-Kinsta-Cache
Fastcgi-Cache
X-Content-Digest
X-Logged-In
Host-Header
X-NWS-LOG-UUID
X-Mobile-URL
X-ASPNET-VERSION
X-Frontend
X-Request-Received
X-Request-Processing-Time
TP-Cache
X-Cache-Hit
TP-L2-Cache
Server-Node
X-Cache-Age
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
Edge-Cache-Tag
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
Front-End-Https
ServerID
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Amzn-Trace-Id
X-Forwarded-For
Server-Name
X-Hostname
X-Cache-Key
Arc-Version
PB-RID
PB-PID
Fastly-Restarts
DynaTrace
Powered
X-Microsite
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Zen-Fury
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Akamai-Edgescape
X-Server-ID
X-F-Cache
X-Page-Id
X-Jobs
Accept-Charset
X-Mobile-Rewrite
X-Hits
X-Yandex-Sdch-Disable
X-LB-Cache
Filters
Backend-Timing
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-ATS-Timestamp
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Ruxit-Js-Agent
X-TTL
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cdn
X-Geo-Country
X-Fastcgi-Cache
X-Origin-Server
X-Varnish-Age
X-N
X-B
MicrosoftSharePointTeamServices
Alternate-Protocol
X-Erf-Bev-Bev
X-Via-JSL
X-FTR-Cache-Host
X-Erf-Bev-Bev-Is-Generated
X-Rid
X-Varnish-Backend
X-Daa-Tunnel
X-Ser
X-ATG-Version
X-Az
X-Activity-Id
X-WebKit-CSP-Report-Only
X-AppVersion
Cache-Tags
DC
Paypal-Debug-Id
X-Type
X-Amz-Replication-Status
X-Debug-Info
X-Git-Hash
X-FB-Debug
Retry-After
Section-Io-Cache
X-B-Cache
X-TT
X-Signature
X-Whom
Frame-Options
X-Varnish-Grace
X-App-Environment
Actual-Object-TTL
X-Esi
X-Correlation-Id
Surrogate-Key
X-App-Server
X-Edge
X-Status
Host
X-Content-Options
X-Request-Guid
Fastcgi-Useragent
X-Contextid
X-AOL-HN
Healthy
X-Pinterest-Direct
X-RateLimit-Remaining
X-Cache-Action
X-Seen-By
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-Host-Name
Refresh
X-B3-Sampled
Source
X-XRDS-LOCATION
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
From-Origin
X-Instance
X-Upgrade-Enabled
X-Amzn-RequestId
Access-Control-Allow-Method
X-ECACHE
X-Amz-Apigw-Id
X-Drupal-Cache-Tags
X-Cache-Rule
X-RemovedCookies
X-Response-Served-From
X-ProcessESI
X-Accel-Buffering
X-Cache-Operation
VIX-Pulpo-Node
X-Region
X-Mid
X-MCACHE
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-UUID
X-Cacheable-TTL
X-Rule
MS-CV
Eomportal-Instance
X-L-Path
X-Environment-Context
X-Varnish-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
Payment
X-FW-Type
X-Is-Bot
X-FW-Server
X-FW-Dynamic
X-Rendered-As
X-Cache-Time
Srv
X-Adobe-Loc
Datacenter
X-Adobe-Content
X-VCache
X-WA-Info
Countrycode
X-Protected-By
Cache-Status
X-Correlation-ID
Xserver
X-Cache-Control
X-PressLabs-Stats
Content-Disposition
X-URL
X-GeoIP
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-Time
X-Cache-Server
X-Cached-By
X-APP-VERSION
X-Akamai-Request-ID2
X-Wix-Request-Id
X-UnsetCookies
X-Cluster
WPE-Backend
NGB
Uber-Trace-Id
NR-ENABLED
X-Proxy
X-Yottaa-Metrics
X-Load-Cache
X-Yottaa-Optimizations
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
Version
X-SERVER-NAME
X-Mode
X-Mobile
X-Tumblr-Pixel-2
X-PHP-Backend
X-Tumblr-Pixel-1
X-RequestSource
Access-Control-Request-Headers
X-Handled-By
X-Cache-Remote
X-Azure-Ref
X-IPS-LoggedIn
X-NGENIX-Cache
X-FireWall-Port
Liferay-Portal
X-NWS-UUID-VERIFY
X-Cache-NGX
X-NewRelic-App-Data
X-Backend-Name
X-Path-Route
X-Viewer-Country
X-RN-RSRV
X-No-Session
X-UA-Device-Type
X-Via-Fastly
Cross-Origin-Window-Policy
Accept-Language
X-CCM
X-Adobe-Source
Cache
Meta-Geo
X-Cache-Var
X-Cache-Status-Check
X-ES-SERVER
X-Cache-Var-Map
Akamai-GRN
X-VWS-Id
X-Www-Served-By
Cache-Hits
X-Locale
DSUID
X-Framework
X-AWS-Id
X-ApacheServer
ServedBy
X-LJ-Flow-ID
X-MP-GENERATED-AT
X-Pubstack
X-PERF
X-PCL
X-OCL
X-Storage
X-Redis-Cache
X-R9-Blue-Green-Version
X-FW-Version
X-Cache-Config
Webserver
X-Real-IP
X-RTag
X-UPSTREAM-Address
X-TX-ID
X-Site-Version
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Decoy-Debug-Status
Decoy-Debug-Key
Cleartype
Decoy-Debug-TTL
Mn-Server-Ip
Section-Io-Origin-Status
Section-Io-Id
Now
Cache-Name
Ms-Operation-Id
X-CSRF-Token
Filterid
X-Time-Microsecs
X-Access
Webcakes-Region
X-Bc-Bl
X-CS
X-Device-Type
Webcakes-App-Version
X-BYPASS-REASON
TWC-Privacy
TWC-Connection-Speed
S-Rt
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
X-Format
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Human
X-Section
X-SayCDN-TTL
X-Say-TTL
X-ServerID
X-Web-Node
Load-Balancing
X-Zipkin-Id
X-Say-Cacheable
X-Routing-Service
X-Origin
X-NCache
X-Info
X-Origin-Hint
X-Proxied
X-ProxyCache-Status
X-ProxyCache-Key
Fastly-SSL
X-Hl-Ver
X-JoinUs
X-ShardId
X-SaId
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
X-Alternate-Cache-Key
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Air-Hostname
X-Proxy-Build
X-NYM-Debug-Backend
X-From
X-Unique-Id
X-IP
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-Cache-Enabled
X-Release
X-Detected-As
X-EIG-Tracking-Id
X-Varnish-Cache-Hits
X-ShopId
DB-Nickname
Selected-Fe
Azure-RegionName
X-Generated
X-Geo
Azure-SiteName
Azure-Version
Azure-SlotName
X-Hosted-By
X-TNCMS
X-Loop
X-Hyper-Cache
Azure-InstanceId
X-PHP-Host
Origin-Cache-Control
Origin-Edge-Control
X-Qloud-Router
X-Labrador-Cache-Channel
X-Content-Age
X-Xfnlog-Site
Cache-Tv-Group
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
FilterID
Upgrade-Insecure-Requests
X-Source
X-Presslabs-Stats
X-Cache-Host
Ec-Rule-Version
SD-X-WS
X-Cluster-Node
X-Cache-NE
User-Agent
X-Ua
X-Old-Content-Length
X-Varnish-Hostname
Time
X-Pad
X-Drupal-Cache-Contexts
X-Cache-2
X-Cache-TTL-Remaining
X-Litespeed-Cache
Locale
X-Urbn-Site-Id
X-Parent-Response-Time
X-Urbn-Context-Path
X-EC-Lua
Server-Info
X-Srv
X-Cache-Backend
X-RCS-CacheZone
X-CDN-Forward
X-RateLimit-Limit
X-TA-CDN-Provider
X-Backend-TTL
X-Akamai-Request-ID
Geo-Info
X-Debug-Cache
X-Cache-Grace
X-Proxy-Cache-Status
X-Webkit-CSP
S-Cnection
X-Forwarded-Host
X-Soup
Proxy-Connection
X-Tumblr-Pixel-3
X-Dc
Apigw-Requestid
X-Nc
NGX
X-Tb
OT-Force-Account-Verify
X-Microcachable
X-Proto
X-Vcache
M-TraceId
Meta-Geo-Continent
Machine
MD5-Digest
Mobile-Detection-Method
X-Destination
ServerName
True-Client-Country-4JS
Xc-Version
X-Date
T-Server
X-Rojux
Rendered-Blocks
Server-Host
Pagetype
X-Scheme
X-Cache-PHP
Arc-Country
AsisCache
X-Developer
X-Trv-Group
X-DevSite-Last-Modified
X-ServiceProvider
BehaviorPad-Version
X-ScT
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-S-Cookie
X-Dispatch
Content-Script-Type
Content-Style-Type
X-S
Viewtype
X-VG-WebCache
X-NodeID
X-ARC
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Application
X-Vtex-Remote-Cache
X-G
X-B-Cookie
X-CF-Lambda-Fn
X-D
X-Level-Front-Cache
X-Twitter-Response-Tags
X-Vdms-Path
X-Geo-Header
X-Session-Fingerprint
X-Generated-On
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Processor
X-Swa-Ws
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
X-Connection-Hash
VivaBuild
Who
X-External-Request-Id
X-Trace-Id
X-Accel-Expires-Debug
X-Region-Sid
X-Aed
X-Transaction
X-Reqid
X-Rewrite-Enabled
X-A-Dgt
X-A-Wwc
X-SRCache-Key
UCS
X-Uri
X-FORWARDED-FOR
X-Cluster-Name
Sid
Cf-Ipcountry
X-Newrelic-Synthetics
X-UA
Cache-Key
X-Bip
X-Agile-Id
X-Cache-FS-Status
X-Device-Os
X-Magnolia-Registration
X-Core-Value
X-Cms-Context
X-Branch-Name
We-Hiring
N-Cache
NM-Fastcgi-Cache
Mail-Subject
Magicmarker
Kp-EeAlive
On-Server
Release
X-Dispatcher-Server
X-Agile
Vix-Hermes-Req-Id
Viewport
V-Age
X-Agile-Age
X-Hash
X-VC-Cache
X-Via-PopH
X-User
X-Thanos
X-SN
X-Via-PopV
X-Worker
X-Matched-Rule
X-Thinkindot-L3
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Skip-Cache
X-SIPLIST1
X-LAGOON
X-Logging-Id
X-Instart-Info
IsBot
X-Generation-Time
X-Method
X-Node-Id
X-SD-PageType
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Owner
X-Generated-In
X-Location
CDCHOST
FNAC-ModuleRouting
AKAMAI
User-Cache-Control
X-Envoy-Decorator-Operation
X-Hit
X-Be
X-JWT-State
X-Hnp-Log
X-App
X-Is-Gdpr
X-Micro-Cache
X-Origin-Expires
Rt-Fastcgi-Cache
RNT-Time
Server-Ext
X-Origin-Date
Sever-Int
X-Cache-Info
Server-Hostname
X-Has-Esi
X-Gen-Mode
X-Distil-CS
X-Distributor
Apple-News-Services-Host
Tracecode
Apple-News-Services-Handled
Cache-Cookie-Set-Lfrom
X-Developers
X-Epic-Correlation-Id
X-Eu-Site
Web-Mar-Node
X-Fmm-Version
RNT-Machine
Apple-News-Services-Parsed-Url
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
Adler-Geo
X-Platform-Server
L5d-Success-Class
X-Cache-Tags
X-Wikidot-Backend
X-WADP-Cache
C-Via
X-Block-Status
X-Varnish-Cacheable
X-VG-TLSProxy
X-Wikidot-Static-Cache
Is-Eu
X-Nginx-Cache-Key
Gh-Request-Id
X-Response-By
Ha-Gx-Prefs
HA-Ipaddr
CacheControlHeader
X-Cache-Bucket
Cache-Cookie-Set-Idcheck
X-Variation
X-Clientip
X-Request-UUID
X-Server-W
X-Req
X-Auto-Login
X-Policy
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Platform
X-Servername
X-Backend-Host
X-Backend-State
X-Clara-WADP
X-CGP
Fastly-Drupal-HTML
X-Cache-URL
X-Core-Mission
X-Contensis-Viewer-Groups
X-Ms-Version
X-Var-Ttl
X-TT-TIMESTAMP
X-TrackingId
X-Varnish-Authentication
X-VServer
X-Compress-Hint
X-Webstats-RespID
X-We-Are-Hiring
X-NC
X-Slack-Backend
X-Ms-Request-Id
X-Irp-Debug
X-Fastly-Cache
X-Mvc-Supplant-Cachable
X-Rebelmouse-Cache-Control
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Envoy-Upstream-Healthchecked-Cluster
X-Reboot
Fastly-SIE
Fastly-SWR
X-BBXSRF
W
X-Cache-ASPX
X-Vgn-Hpd-Reason
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-GoCache-CacheStatus
X-AIR-PT
GEO-INFO
X-Li-Fabric
Node
X-Li-Pop
Memcached
X-LI-Proto
X-LI-UUID
X-TH-Server
X-Refresh
X-TIME
HostName
X-App-Version
X-SRV
Esi-Enabled
X-Esi-Check
X-Cache-Debug
X-Loc
X-Cache-Id
X-Gzip
LB
X-Origin-CC
X-Storefront-Renderer-Rendered
X-DC
X-Origin-TTL
X-Configured-By
Server-ID
Ohc-File-Size
X-Wa
L
NtCoent-Length
X-Server-IP
X-NU-AKA-ACS-Version
X-Mvc-Supplant-OutputCached
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-App-Name
Cache-Host
X-Cdn-Forward
X-Key
X-Edge-Location
X-BC
X-ZONE
X-VCT
MIME-Version
X-Sucuri-ID
Referer-Policy
Pragrma
X-MSEdge-Features
X-Bc
X-MSEdge-Flight
X-Cdn-Srv
X-Zone
X-B3-Traceid
X-S-Maxage
X-FPC
Server-Surrogate-Control
Ohc-Response-Time
X-Varnish-URL
Memory
X-Generated-By
Server-Cache-Control
X-Servedbyhost
X-BACKEND-TTL
X-Pjax-Url
X-Varnish-Ttl
Fastly-Backend-Name
CACHE
X-Nginx-Cache
X-Svr
X-Debug-Panamera-Sitecode
X-Rocket-Nginx-Bypass
X-Via-CDN
X-Debug-Panamera-Host
X-Up
FSS-Cache
X-Batcache
Locid
X-Minions-Version
X-COUNTRY
Heartbleed
X-CF-Powered-By
Request-Country
Request-EU
X-Varnish-Hits
X-Request-URI
X-ElasticPress-Query
X-ND-Cache
X-Aicache-OS
Resin-Trace
X-CLOUD-TRACE-CONTEXT
SRV
X-Oss-Storage-Class
X-Shopify-Generated-Cart-Token
X-GEO
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-VCL-Version
X-Oss-Server-Time
X-Oss-Object-Type
X-Unique-ID
X-CACHE-KEY
X-Gamma-Serve
WZWS-RAY
X-Ratelimit-Remaining
Cteonnt-Length
X-Sucuri-Cache
DCR-Processing-Time-Ms
GeoIP-Country-Code
DCR-Decision-By
GeoIp-Country-Code
Lfy
Geoip-Latitude
X-BE
CF-Cached-On
Hostname
X-PF-Uncompressing
X-Check-Cacheable
X-WebServer
GeoIP-Latitude
HitType
X-Vcl-Version
X-Azure-Ref-OriginShield
Location
X-Fastly-Cache-Status
Pramga
Product
X-HS-Status
X-Edge-Server
X-Proxy-Upstream
Cdn-Request-Time
X-ECache
Cdn-Host
Powered-By-ChinaCache
X-VHOST
X-Fastly-Country-Code
X-Cdn-Origin
X-Ratelimit-Limit
Mime-Version
X-PJAX-URL
X-Sn-Servicetimems
X-LB-ID
X-Fetched-On
Ohc-Cache-HIT
My-App
X-Amzn-Requestid
X-NGINX-Cache
X-CSRF-TOKEN
X-OVcl
PFcat
X-ServedByHost
X-VarnishDD-TTL
X-GeoIP-Country-Code
X-OVcl-Cache
X-Fpc
X-Vgn-Hpd-Cached
X-Pf-Uncompressing
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Varnish-Url
X-Ratelimit-Reset
Amp-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
SN
X-Varnishpool
X-Fastly-Backend-Reqs
X-CACHE-AGE
X-Ftr-Cache-Host
X-Platform
X-Instart-Isnd
X-Oracle-Dms-Rid
URI
X-Render-Time
Dt-Cache-Category
X-Request-Start
X-B3-Spanid
WWW-Authenticate
X-Cache-Expired-At
Group
X-Served-From
X-Swift-Error
Cdn
XServer
A
X-Tec-Api-Root
X-Tec-Api-Version
CloudFront-Viewer-Country
X-Amzn-Remapped-Connection
Epwk-X-Cache
X-Via-Ucdn
X-Amzn-Remapped-Date
Cf-Alt-Svc
X-B3-SpanId
X-Tec-Api-Origin
X-CUA
Country-Code
X-Request-Time
PICS-Label
X-IN-APIGATEWAYSSL
X-Via-NSCOPI
X-Oss-Cdn-Auth
X-IN-APIGATEWAY
X-Original-Request-Id
Origin
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-WR-MODIFICATION
Lb
X-Cache-Version
X-LiteSpeed-Cache-Control
Server-Ttl
Pics-Label
Backend
Cloudfront-Viewer-Country
X-Debug-Ysi-Auth
X-StackifyID
X-DPWN-IS-SECURE
X-Debug-Cache-String
X-Apw-Hits
X-Apw-Access-Token
X-Cache-Tag
X-Varnish-Beresp-TTL
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Ocache
X-Apw-Access-Object
X-Debug-Cache-Status
X-Debug-Do-Not-Cache-Uri
Geoip-City
X-Debug-Cache-Bypass
X-Apw-Access-Action
X-WA
X-Debug-Xas-Auth
X-WPE-Loopback-Upstream-Addr
X-Shard
X-Acquia-Site
X-Acquia-Purge-Tags
Cneonction
X-Cache-Hfrom
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Proxy-Firewall
X-Acquia-Application-UUID
Backend-Name
X-RunCloud-Cache
NnCoection
X-Nananana
X-Acquia-Application-Trace
X-C
X-Cache-Hm
Region
X-Planisys-CDN-TTL
CF-IPCountry
X-Request-URL
X-ElasticPress-Search
X-Akamai-ERPolicy
X-Html-Edge-Cache
X-SB
Host-ID
Request-Time
X-VC
X-B3-Parentspanid
Req-ID
X-Varnish-ID
X-Sigma
X-Rocket-Build-Number
X-Dw-Trace-Id
X-Sigma-Backend
X-Akamai-ERRuleID
X-Country-IP