Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Upgrade
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Age
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
P3p
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Cache-Lookup
X-Readtime
X-Ac
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Content-Location
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Accept-CH
Edge-Control
X-Url
X-Rack-Cache
RTSS
X-Clacks-Overhead
X-Px
MS-Author-Via
Accept-CH-Lifetime
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-Goog-Hash
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
X-Varnish-TTL
X-B3-TraceId
Host-Header
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
Public-Key-Pins
X-Kinja
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
Display
X-Middleton-Display
Response
X-Sol
Pagespeed
X-Middleton-Response
X-Cache-TTL
X-DynaTrace
X-Ttl
X-D2id
X-Content-Type
X-NF-Request-ID
X-Amz-Rid
TCN
X-CST
X-Vcap-Request-Id
X-Cdn
X-Abt-Application-Version
X-Cached
X-VARITI-CCR
Pinterest-Generated-By
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-ESI
X-Navigation-Version
X-Version
X-Powered-CMS
X-Fastly-Request-ID
Cache-Tag
X-Upstream
X-Pass-Why
X-Server-Name
Accept-Ch
X-Grace
X-Debug
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Charset
X-MSEdge-Ref
Nginx-Cache
X-XRDS-Location
Content-MD5
X-Accel-Expires
Accept-Ch-Lifetime
X-Element-Page-Cache
Realpath
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
SPIisLatency
SPRequestDuration
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
SPRequestGuid
X-SharePointHealthScore
X-Shield-Request-Id
S
X-Pinterest-Rid
Pinterest-Version
X-Hp-Webp
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
X-Kinsta-Cache
X-Trace
X-T
X-Client-IP
Fastcgi-Cache
X-Node-Name
X-Content-Digest
X-Cache-Key
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
TP-Cache
TP-L2-Cache
X-TTL
X-Frontend
X-FastCGI-Cache
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Hostname
X-Cache-Hit
X-Cache-Age
ServerID
Front-End-Https
X-Amzn-Trace-Id
Fastly-Restarts
Edge-Cache-Tag
X-Country-Code-Real
X-FTR-Cache-Status
X-Forwarded-For
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Yandex-Sdch-Disable
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
Server-Name
Powered
Arc-Version
PB-RID
PB-PID
X-Microsite
X-Request-Handler-Origin-Region
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Revision
X-Server-ID
X-DIS-Request-ID
Filters
X-Jobs
X-Page-Id
X-Hits
X-LB-Cache
X-F-Cache
X-Zen-Fury
X-Akamai-Edgescape
DynaTrace
X-Correlation-Id
X-Ruxit-Js-Agent
X-Fastcgi-Cache
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Erf-Bev-Bev
X-Kong-Upstream-Latency
X-Mobile-Rewrite
X-Kong-Proxy-Latency
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Origin-Server
X-Geo-Country
X-Content-Powered-By
Accept-Charset
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-Daa-Tunnel
X-B
X-FTR-Cache-Host
X-Varnish-Backend
Cache-Tags
X-RateLimit-Remaining
X-Rid
X-Type
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
DC
Surrogate-Key
X-TT
Paypal-Debug-Id
Retry-After
X-Git-Hash
Section-Io-Cache
X-Whom
X-FB-Debug
X-B-Cache
X-Via-JSL
MicrosoftSharePointTeamServices
Host
X-Signature
X-Varnish-Grace
X-App-Environment
X-Content-Options
X-Activity-Id
X-ATS-Timestamp
Backend-Timing
X-Az
X-AppVersion
X-Edge
X-Status
X-Esi
X-Debug-Info
Frame-Options
X-Request-Guid
X-Ser
Actual-Object-TTL
X-ATG-Version
X-IPLB-Instance
Fastcgi-Useragent
Healthy
X-App-Server
X-Endurance-Cache-Level
X-Webkit-CSP
X-AOL-HN
X-HTML-Minification-Powered-By
Srv
X-Contextid
Nel
X-Cache-Action
X-Amzn-RequestId
X-Seen-By
X-ECACHE
X-B3-Sampled
Refresh
X-Pinterest-Direct
From-Origin
Access-Control-Allow-Method
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-Protected-By
X-Response-Served-From
X-Accel-Buffering
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cache-Rule
X-Tumblr-Pixel
X-RemovedCookies
X-Drupal-Cache-Tags
X-Host-Name
X-ProcessESI
X-Cache-Operation
X-MCACHE
X-Mid
Content-Disposition
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
VIX-Pulpo-Node
X-Instance
X-Region
X-L-Path
X-Environment-Context
X-Cacheable-TTL
X-Time
X-Rendered-As
Datacenter
X-Rule
X-WA-Info
X-Is-Bot
X-Varnish-Server
Eomportal-Instance
Payment
X-UUID
X-FW-Hash
X-Release
X-Cache-Time
X-FW-Dynamic
X-Adobe-Content
X-FW-Type
MS-CV
X-FW-Serve
X-FW-Server
X-FW-Static
X-Adobe-Loc
Countrycode
Source
X-Litespeed-Cache
Uber-Trace-Id
X-Proxy
Xserver
X-Load-Cache
X-Cache-Server
X-Cached-By
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-PressLabs-Stats
X-Cache-Control
X-UnsetCookies
X-Mobile
X-GeoIP
Cache-Status
X-Akamai-Transformed
X-Azure-Ref
X-NewRelic-App-Data
Access-Control-Request-Headers
X-PHP-Backend
X-Yottaa-Metrics
X-Origin-Response-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Yottaa-Optimizations
X-SERVER-NAME
Version
X-Handled-By
X-NGENIX-Cache
Accept-Language
X-Air-Hostname
X-Mode
Liferay-Portal
X-NWS-UUID-VERIFY
X-Cache-NGX
X-VCache
X-Backend-Name
X-Wix-Request-Id
X-Cluster
Cache
X-Framework
X-IPS-LoggedIn
X-Correlation-ID
X-CSRF-Token
X-Tumblr-Pixel-2
NGB
X-Tumblr-Pixel-1
X-ApacheServer
X-Adobe-Source
X-RN-RSRV
X-Proxied
X-Path-Route
Load-Balancing
X-VWS-Id
X-PERF
X-LJ-Flow-ID
X-AWS-Id
X-ES-SERVER
X-Cache-Remote
X-Via-Fastly
X-UPSTREAM-Address
X-Cache-Var
Meta-Geo
X-UA-Device-Type
X-Cache-Var-Map
X-Zipkin-Id
X-CCM
X-Routing-Service
Cross-Origin-Window-Policy
X-RateLimit-Limit
Filterid
X-URL
Server-Info
X-Cache-Status-Check
ServedBy
X-MP-GENERATED-AT
X-Locale
Mn-Server-Ip
X-Qloud-Router
X-FireWall-Port
Cache-Hits
DSUID
X-Www-Served-By
X-Viewer-Country
X-OCL
X-Storage
Decoy-Debug-Key
X-PCL
X-Ua
X-TX-ID
X-Info
Akamai-GRN
Now
X-Format
Decoy-Debug-TTL
X-Access
X-Cache-Config
X-XRDS-LOCATION
Decoy-Debug-Status
Cache-Tv-Group
Cache-Name
Cleartype
X-Section
Section-Io-Id
Section-Io-Origin-Status
X-Real-IP
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-R9-Blue-Green-Version
X-Site-Version
X-Pubstack
TWC-Privacy
Webcakes-App-Version
Property-Id
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Webcakes-Region
TWC-Locale-Group
X-Human
X-ServerID
X-ShardId
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-ShopId
X-Shopify-Stage
X-Web-Node
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Redis-Cache
X-ProxyCache-Status
X-Cache-Enabled
X-CS
X-BYPASS-REASON
X-Bc-Bl
X-Alternate-Cache-Key
X-Device-Type
X-EIG-Tracking-Id
X-ProxyCache-Key
X-PHP-Host
X-Origin-Hint
X-NCache
Webserver
X-Labrador-Cache-Channel
X-No-Session
X-Hosted-By
X-From
X-FW-Version
Selected-Fe
X-FB-TRIP-ID
X-Cache-Host
X-Proxy-Build
X-SaId
X-Hl-Ver
S-Rt
X-Geo
X-Detected-As
X-Content-Age
X-Origin
X-Timing-Wait
X-Time-Microsecs
Fastly-SSL
X-JoinUs
X-BCube-Filmed-By
X-Generated
X-NYM-Debug-Backend
X-Amzn-Remapped-Content-Length
DB-Nickname
X-IP
Ms-Operation-Id
X-RTag
Origin-Cache-Control
X-Hyper-Cache
X-FC-Vary-Parameters
Azure-RegionName
Azure-SiteName
X-APP-VERSION
Azure-SlotName
Azure-Version
X-TNCMS
Azure-InstanceId
X-Loop
X-Cache-2
X-Cache-TTL-Remaining
Ec-Rule-Version
X-Unique-Id
X-Drupal-Cache-Contexts
X-Xfnlog-Site
Geo-Info
Apigw-Requestid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RequestSource
X-Urbn-Site-Id
Locale
Origin-Edge-Control
X-Urbn-Context-Path
Time
Country
SD-X-WS
X-Vcache
X-Presslabs-Stats
X-Pad
X-Source
User-Agent
X-Cluster-Node
X-Varnish-Hostname
X-EC-Lua
X-Old-Content-Length
X-Debug-Cache
X-Cache-NE
X-App-Version
FilterID
X-Soup
Upgrade-Insecure-Requests
X-Akamai-Request-ID
X-RCS-CacheZone
X-Proto
X-Cache-Backend
X-CDN-Forward
X-Parent-Response-Time
X-Tb
X-Backend-TTL
Proxy-Connection
X-DC
X-Cache-PHP
X-Storefront-Renderer-Rendered
X-SRV
X-Proxy-Cache-Status
X-Forwarded-Host
X-App
Cache-Key
X-Cache-Grace
LB
Content-Script-Type
X-Destination
Content-Style-Type
Rendered-Blocks
X-Uri
X-Date
BehaviorPad-Version
T-Server
ServerName
X-Developer
Fastcgi-X-Cache-Version
Machine
Xc-Version
X-Dispatch
IsBot
MD5-Digest
Meta-Geo-Continent
FNAC-ModuleRouting
GEO-REGION-INFO
Mobile-Detection-Method
X-D
AsisCache
X-A
Who
X-A-Dgt
X-A-Wwc
X-B-Cookie
X-A-Ccd
X-A-Dcw
X-ARC
X-A-Dam
X-Accel-Expires-Debug
VivaBuild
X-Connection-Hash
X-Aed
Arc-Country
True-Client-Country-4JS
X-CF-Lambda-Version
Viewtype
X-CF-Lambda-Fn
UCS
X-Application
X-G
X-Transaction
X-Trace-Id
X-Scheme
M-TraceId
X-Geo-Header
X-Trv-Group
X-Rojux
X-Twitter-Response-Tags
X-S
X-ScT
X-PAYTM-SRV-ID
X-FORWARDED-FOR
X-SIPLIST1
X-Session-Fingerprint
X-Nginx-Cache-Key
X-NodeID
X-Method
X-Swa-Ws
X-SRCache-Key
X-External-Request-Id
X-Vdms-Path
X-S-Cookie
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Tumblr-Pixel-3
X-Newrelic-Synthetics
X-Rewrite-Enabled
X-Processor
X-VG-WebServer
X-Vtex-Remote-Cache
X-Region-Sid
X-Srv
X-Origin-TTL
X-Magnolia-Registration
X-Origin-CC
Thinkindot-CacheControl-Type
X-SD-PageType
Thinkindot-CacheControl
X-RateLimit-Remaining-Second
Viewport
X-Req
Magicmarker
V-Age
X-Owner
Mail-Subject
Thinkindot-Control
Sever-Int
X-Response-By
X-ServiceProvider
NM-Fastcgi-Cache
X-Nc
Pagetype
X-Policy
RNT-Machine
RNT-Time
On-Server
N-Cache
Server-Hostname
Server-Host
NGX
Server-Ext
X-RateLimit-Limit-Second
X-Loc
X-Clara-WADP
X-Cms-Context
X-Compress-Hint
X-VC-Cache
X-Varnish-Cacheable
X-Generation-Time
X-User
X-Cache-URL
X-Generated-On
X-Generated-In
X-DevSite-Last-Modified
X-Worker
X-Dispatcher-Server
X-Device-Os
X-Fmm-Version
X-Reqid
X-Developers
X-WADP-Cache
X-Cache-Info
X-Cache-FS-Status
X-Matched-Rule
X-Logging-Id
X-Skip-Cache
Wxu-Next-Region
Wxu-Next-Hostname
We-Hiring
X-Micro-Cache
Wxu-Next-Commit
X-SN
X-Level-Front-Cache
X-Agile-Id
X-Thinkindot-L3
X-Bip
X-Thanos
X-Hash
X-Agile
X-Agile-Age
X-LAGOON
Vix-Hermes-Req-Id
Release
AKAMAI
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-AIR-PT
X-NC
CacheControlHeader
Kp-EeAlive
CDCHOST
Cache-Cookie-Set-Idcheck
X-Cluster-Name
User-Cache-Control
X-Hit
X-Distributor
X-Distil-CS
X-Epic-Correlation-Id
X-Envoy-Decorator-Operation
X-Core-Value
X-Backend-State
Referer-Policy
X-Auto-Login
X-Block-Status
X-Cache-Bucket
X-CGP
X-Cache-Tags
X-Cache-Id
X-Core-Mission
X-Fastly-Cache
X-Variation
X-VG-TLSProxy
X-Var-Ttl
X-TH-Server
X-Servername
X-We-Are-Hiring
X-Webstats-RespID
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Server-W
X-Request-UUID
X-Location
X-Gzip
X-Gen-Mode
X-Eu-Site
X-Mvc-Supplant-Cachable
X-Node-Id
OT-Force-Account-Verify
X-Origin-Expires
X-Origin-Date
X-NU-AKA-ACS-Version
X-Esi-Check
X-Hnp-Log
Web-Mar-Node
C-Via
Fastly-Drupal-HTML
Node
Platform
W
Gh-Request-Id
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
L5d-Success-Class
Adler-Geo
X-Be
X-Contensis-Viewer-Groups
X-Is-Gdpr
X-TA-CDN-Provider
Rt-Fastcgi-Cache
X-Has-Esi
X-Irp-Debug
X-JWT-State
Fastly-SWR
X-TrackingId
X-Varnish-Authentication
X-VServer
X-Edge-Location
X-Slack-Backend
Cf-Ipcountry
X-Clientip
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-Host
Sid
Fastly-SIE
X-BBXSRF
X-Backend-Host
X-Cache-ASPX
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
S-Cnection
X-Li-Fabric
X-Cache-Debug
X-Li-Pop
X-Branch-Name
X-LI-Proto
X-LI-UUID
X-Reboot
X-Key
Pragrma
X-GoCache-CacheStatus
Memcached
X-Configured-By
X-Dc
X-Wa
MIME-Version
HostName
NR-ENABLED
WPE-Backend
X-Cdn-Forward
X-Refresh
X-Microcachable
X-Varnish-URL
X-Instart-Info
X-Via-CDN
X-ZONE
X-BC
GEO-INFO
X-Platform-Server
X-Up
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopV
X-Via-PopH
X-Servedbyhost
X-Nginx-Cache
X-Ms-Version
Fastly-Backend-Name
X-TT-TIMESTAMP
X-UA
X-Ms-Request-Id
X-Minions-Version
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-Batcache
X-MSEdge-Features
X-Vgn-Hpd-Reason
X-MSEdge-Flight
X-ElasticPress-Query
X-B3-Traceid
X-Aicache-OS
NtCoent-Length
Memory
Esi-Enabled
X-Sucuri-ID
X-Bc
X-Zone
X-VCL-Version
Server-ID
X-BACKEND-TTL
X-App-Name
L
X-Pjax-Url
X-ND-Cache
CACHE
X-TIME
X-Unique-ID
Cache-Host
DCR-Decision-By
X-Debug-Panamera-Sitecode
DCR-Processing-Time-Ms
X-Debug-Panamera-Host
X-Server-IP
Ohc-File-Size
X-Fastly-Cache-Status
GeoIP-Country-Code
X-Cdn-Srv
Pramga
Powered-By-ChinaCache
Tracecode
X-Svr
X-COUNTRY
X-CF-Powered-By
X-PF-Uncompressing
X-Client-Ip
FSS-Cache
GeoIP-Latitude
Server-Surrogate-Control
X-FPC
HitType
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Location
X-Oss-Request-Id
Server-Cache-Control
X-Generated-By
Hostname
X-BE
X-Varnishpool
X-S-Maxage
X-Ratelimit-Reset
Resin-Trace
X-LB-ID
Ohc-Response-Time
X-GEO
X-Azure-Ref-OriginShield
X-Sucuri-Cache
X-VCT
X-Check-Cacheable
X-Rocket-Nginx-Bypass
X-Webkit-Csp
X-OVcl-Cache
PFcat
X-OVcl
X-VarnishDD-TTL
X-Varnish-Ttl
X-Original-Request-Id
Cteonnt-Length
Request-Country
Request-EU
Locid
Heartbleed
X-Fastly-Country-Code
X-Fastly-Backend-Reqs
X-Instart-Isnd
X-Fpc
X-Varnish-Hits
X-Vgn-Hpd-Ssi
Cdn-Request-Time
X-Render-Time
X-Edge-Server
Cdn-Host
X-Platform
X-Vgn-Hpd-Variations-Key
X-HS-Status
X-Request-URI
X-Vgn-Hpd-Cached
X-Cache-Expired-At
X-VHOST
X-PJAX-URL
Lfy
X-Newrelic-App-Data
CF-Cached-On
X-CSRF-TOKEN
X-Gamma-Serve
GeoIp-Country-Code
X-Vcl-Version
X-CUA
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
SRV
X-Shopify-Generated-Cart-Token
Pics-Label
X-Pf-Uncompressing
Epwk-X-Cache
X-Ratelimit-Remaining
SN
X-CLOUD-TRACE-CONTEXT
X-WebServer
X-CACHE-AGE
X-Oracle-Dms-Rid
WZWS-RAY
X-Ftr-Cache-Host
Backend
Product
X-StackifyID
WWW-Authenticate
X-NGINX-Cache
X-ECache
X-Proxy-Upstream
X-RunCloud-Cache
X-CACHE-KEY
X-Varnish-Url
X-Csrf-Jwt
X-Amzn-Remapped-Date
Backend-Name
X-Amzn-Remapped-Connection
X-Via-Poph
X-ServedByHost
X-Via-Popv
Mime-Version
X-Cdn-Origin
URI
X-Fetched-On
XServer
My-App
X-Ratelimit-Limit
X-Sn-Servicetimems
A
CloudFront-Viewer-Country
X-GeoIP-Country-Code
X-Tec-Api-Origin
X-Tec-Api-Root
X-Oss-Cdn-Auth
X-Tec-Api-Version
Ohc-Cache-HIT
X-Debug-Cache-Store
X-Ftr-Request-Id
X-Debug-Cache-Fetch
X-Sigma-Backend
X-B3-SpanId
X-Rocket-Build-Number
X-Sigma
X-Request-Time
Dt-Cache-Category
Lb
X-Debug-Xas-Auth
Cloudfront-Viewer-Country
Host-ID
X-Cache-Tag
SID
PICS-Label
Server-Ttl
X-Request-Start
X-B3-Spanid
X-Debug-Cache-Bypass
X-Nananana
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Ysi-Auth
X-Debug-Do-Not-Cache-Uri
X-LiteSpeed-Cache-Control
X-Swift-Error
X-Cache-Version
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Cdn
X-DPWN-IS-SECURE
CF-IPCountry
Group
Proxy-Firewall
X-Acquia-Application-Trace
X-WA
X-Ftr-Balancer
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Backend-Server
Cneonction
X-Varnish-Beresp-TTL
X-Served-From
X-Apw-Access-Action
Warning
X-Snapshot-Date
FSS-Proxy
Inserted-Into-Cache-At
Dnion-Transfer-Encoding
X-Dw-Trace-Id
X-Cache-Hfrom
X-Cache-Hm
X-Varnish-ID
X-ElasticPress-Search
X-Request-URL
X-WR-MODIFICATION
X-Html-Edge-Cache
X-SB
Cf-Alt-Svc
X-VC