Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
P3p
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Backend
X-Turbo-Charged-By
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
X-Dns-Prefetch-Control
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-Mod-Pagespeed
Content-Location
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Rack-Cache
X-Px
RTSS
MS-Author-Via
X-FTR-Request-ID
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
Accept-CH
X-Pass-Why
X-Powered-By-Plesk
Verso
Service-Worker-Allowed
X-Varnish-TTL
Public-Key-Pins
Accept-CH-Lifetime
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-GitHub-Request-Id
X-B3-TraceId
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Pagespeed
Response
X-Middleton-Display
Display
X-Sol
X-Middleton-Response
X-DynaTrace
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Cache-TTL
Accept-Ch
X-D2id
X-Ttl
X-Amz-Rid
X-CST
X-NF-Request-ID
TCN
X-Abt-Application-Version
X-Vcap-Request-Id
X-Content-Type
Pinterest-Generated-By
X-Cached
X-VARITI-CCR
Accept-Ch-Lifetime
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Navigation-Version
Cache-Tag
AR-CACHE
Ar-Sid
X-ESI
X-Version
X-Server-Name
X-Instart-Request-ID
X-Fastly-Request-ID
X-Powered-CMS
X-Upstream
X-Grace
Host-Header
Access-Control-Request-Method
X-Debug
X-MSEdge-Ref
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Charset
X-XRDS-Location
Nginx-Cache
Content-MD5
SPRequestDuration
SPIisLatency
Mrf-Cache-Status
S
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Realpath
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Element-Page-Cache
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
X-Shield-Request-Id
X-Jurisdiction
X-FastCGI-Cache
X-Hp-Webp
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Trace
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Server-ID
X-Logged-In
X-Cache-Key
X-TTL
X-Mobile-URL
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
Server-Node
X-Request-Received
X-Cache-Hit
X-Cache-Age
X-Frontend
ServerID
X-Hostname
X-Ruxit-Js-Agent
Front-End-Https
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-Amzn-Trace-Id
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
Edge-Cache-Tag
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Forwarded-For
Server-Name
Fastly-Restarts
X-Yandex-Sdch-Disable
Arc-Version
PB-PID
PB-RID
Powered
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
X-User-Agent
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
Filters
X-Zen-Fury
X-Revision
X-F-Cache
X-Jobs
X-Page-Id
X-Akamai-Edgescape
X-Hits
X-LB-Cache
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Accept-Charset
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cdn
X-Origin-Server
X-Geo-Country
X-Varnish-Age
X-ATS-Timestamp
Backend-Timing
Alternate-Protocol
X-N
X-B
X-FTR-Cache-Host
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Varnish-Backend
X-Daa-Tunnel
MicrosoftSharePointTeamServices
Cache-Tags
X-Rid
X-Correlation-Id
X-Fastcgi-Cache
X-Az
X-AppVersion
X-Activity-Id
X-WebKit-CSP-Report-Only
X-Type
X-Esi
DC
X-Amz-Replication-Status
X-FB-Debug
Surrogate-Key
X-Signature
X-B-Cache
Section-Io-Cache
Retry-After
X-TT
X-Whom
X-Git-Hash
Paypal-Debug-Id
X-ATG-Version
X-Varnish-Grace
X-Debug-Info
X-Status
X-App-Environment
X-Edge
Host
Frame-Options
X-Ser
X-Content-Options
Actual-Object-TTL
X-RateLimit-Remaining
X-Request-Guid
X-App-Server
Fastcgi-Useragent
X-Amzn-RequestId
X-IPLB-Instance
Healthy
X-Contextid
Nel
X-AOL-HN
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Cache-Action
Srv
X-Seen-By
X-ECACHE
X-B3-Sampled
X-Pinterest-Direct
X-Host-Name
From-Origin
Refresh
X-Upgrade-Enabled
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Tumblr-User
X-Drupal-Cache-Tags
X-Tumblr-Pixel-0
X-Cache-Rule
X-Response-Served-From
X-Accel-Buffering
Source
X-Instance
X-RemovedCookies
X-ProcessESI
X-Cache-Operation
X-PressLabs-Stats
X-Mid
X-Protected-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Region
X-MCACHE
X-Rule
MS-CV
Eomportal-Instance
X-Cacheable-TTL
X-Environment-Context
Payment
X-UUID
X-L-Path
X-FW-Type
X-FW-Static
X-FW-Serve
X-Is-Bot
X-FW-Hash
X-FW-Dynamic
X-Rendered-As
X-Varnish-Server
X-WA-Info
X-FW-Server
X-Adobe-Loc
Content-Disposition
Countrycode
X-Adobe-Content
X-Cache-Time
Cache-Status
X-Litespeed-Cache
X-VCache
X-Time
Datacenter
X-Correlation-ID
X-Cache-Control
X-Cache-Server
Xserver
X-GeoIP
X-Akamai-Request-ID2
X-UnsetCookies
X-Cached-By
X-Akamai-Transformed
Uber-Trace-Id
X-Proxy
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Release
X-Mobile
X-SERVER-NAME
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Wix-Request-Id
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tt-Trace-Tag
Access-Control-Request-Headers
X-Azure-Ref
Version
X-Mode
X-PHP-Backend
X-NewRelic-App-Data
X-Handled-By
X-Cluster
NGB
X-NWS-UUID-VERIFY
X-NGENIX-Cache
Accept-Language
X-IPS-LoggedIn
X-Backend-Name
Filterid
X-URL
X-Cache-NGX
X-Air-Hostname
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Remote
Liferay-Portal
X-APP-VERSION
X-FireWall-Port
X-No-Session
X-LJ-Flow-ID
X-ES-SERVER
X-CCM
X-Routing-Service
X-Zipkin-Id
X-Path-Route
X-UA-Device-Type
X-Via-Fastly
X-PERF
X-VWS-Id
X-UPSTREAM-Address
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-Framework
Load-Balancing
X-RN-RSRV
X-Proxied
X-Cache-Status-Check
X-AWS-Id
X-ApacheServer
Cross-Origin-Window-Policy
X-Adobe-Source
X-Qloud-Router
X-Storage
X-TX-ID
X-R9-Blue-Green-Version
X-MP-GENERATED-AT
ServedBy
DSUID
Cache-Hits
X-Locale
X-OCL
X-Viewer-Country
X-Www-Served-By
X-PCL
Mn-Server-Ip
X-Ua
X-RequestSource
X-Cache-Config
Ms-Operation-Id
Now
Decoy-Debug-Key
Section-Io-Id
Decoy-Debug-Status
X-Format
Cache-Name
X-Access
Akamai-GRN
X-Pubstack
X-RTag
X-Section
Cleartype
Section-Io-Origin-Status
Decoy-Debug-TTL
Section-Io-Origin-Time-Seconds
X-Real-IP
X-Bc-Bl
X-Site-Version
Section-Origin-Responded
TWC-Locale-Group
X-FW-Version
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
TWC-GeoIP-LatLong
Webcakes-App-Version
Webserver
X-Device-Type
Property-Id
X-Alternate-Cache-Key
X-Hl-Ver
X-BYPASS-REASON
TWC-Connection-Speed
X-CS
TWC-GeoIP-Country
TWC-Device-Class
X-EIG-Tracking-Id
X-ProxyCache-Key
Cache
X-Sorting-Hat-ShopId
X-Redis-Cache
X-Sorting-Hat-PodId
X-NCache
X-Varnish-Cache-Hits
X-Human
X-Info
Fastly-SSL
X-ShopId
X-Shopify-Stage
X-SayCDN-TTL
X-Origin-Hint
X-ProxyCache-Status
X-Web-Node
X-Say-TTL
X-ShardId
X-Say-Cacheable
X-ServerID
Cache-Tv-Group
X-PHP-Host
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-Timing-Wait
X-From
X-FB-TRIP-ID
X-SaId
X-Proxy-Build
X-JoinUs
X-Content-Age
X-Time-Microsecs
X-Cache-Enabled
S-Rt
X-BCube-Filmed-By
X-NYM-Debug-Backend
X-Detected-As
X-Origin
Selected-Fe
X-CSRF-Token
X-IP
X-TNCMS
X-Generated
X-Loop
X-Amzn-Remapped-Content-Length
DB-Nickname
X-Hyper-Cache
X-Hosted-By
X-Cache-Host
Azure-Version
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-XRDS-LOCATION
Azure-SiteName
X-Xfnlog-Site
Origin-Cache-Control
Origin-Edge-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
Ec-Rule-Version
Geo-Info
X-Drupal-Cache-Contexts
X-Geo
X-RateLimit-Limit
X-Cache-2
X-Unique-Id
Server-Info
User-Agent
SD-X-WS
X-Pad
X-Urbn-Site-Id
Locale
Time
X-Cache-TTL-Remaining
X-Urbn-Context-Path
X-Source
X-Varnish-Hostname
X-Old-Content-Length
X-Cluster-Node
X-Cache-NE
X-EC-Lua
Apigw-Requestid
Upgrade-Insecure-Requests
X-Parent-Response-Time
FilterID
NR-ENABLED
WPE-Backend
X-RCS-CacheZone
X-Akamai-Request-ID
X-Debug-Cache
X-Srv
X-Cache-Backend
X-Webkit-CSP
X-Presslabs-Stats
X-Soup
Proxy-Connection
X-Cache-Grace
X-CDN-Forward
X-Proxy-Cache-Status
X-Backend-TTL
X-Forwarded-Host
X-Tb
X-App-Version
X-Proto
X-Newrelic-Synthetics
X-FORWARDED-FOR
X-Cache-PHP
X-Nc
S-Cnection
X-Tumblr-Pixel-3
X-VG-WebServer
Thinkindot-Control
X-VG-WebCache
Rendered-Blocks
FNAC-ModuleRouting
GEO-REGION-INFO
IsBot
M-TraceId
Fastcgi-X-Cache-Version
Content-Style-Type
Arc-Country
AsisCache
BehaviorPad-Version
Content-Script-Type
Machine
MD5-Digest
T-Server
Thinkindot-CacheControl-Type
Xc-Version
X-Vtex-Remote-Cache
ServerName
Server-Host
Meta-Geo-Continent
Mobile-Detection-Method
Pagetype
X-Vtex-Processado-Em
X-A
X-Developer
X-Destination
X-DevSite-Last-Modified
X-S
X-Rojux
X-Date
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Scheme
X-S-Cookie
X-Connection-Hash
X-Dispatch
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Processor
X-Matched-Rule
X-Method
X-Nginx-Cache-Key
X-Region-Sid
X-Level-Front-Cache
X-External-Request-Id
X-Reqid
X-G
X-Generated-On
X-Geo-Header
X-B-Cookie
X-ScT
Who
VivaBuild
X-NodeID
X-A-Ccd
X-A-Dam
X-Transaction
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
UCS
X-Twitter-Response-Tags
Viewtype
X-A-Dcw
X-A-Dgt
X-SRCache-Key
X-ARC
X-SIPLIST1
X-Session-Fingerprint
X-ServiceProvider
X-Swa-Ws
X-Thinkindot-L3
X-Accel-Expires-Debug
X-A-Wwc
X-Trace-Id
X-Aed
X-Application
True-Client-Country-4JS
Thinkindot-CacheControl
X-Uri
X-Vcache
X-AIR-PT
NGX
X-DC
X-Be
X-Cluster-Name
Cache-Key
OT-Force-Account-Verify
X-Agile-Age
X-Owner
X-Policy
X-Core-Value
Magicmarker
X-Node-Id
Mail-Subject
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SN
X-Response-By
X-Thanos
X-Skip-Cache
V-Age
Kp-EeAlive
X-Req
X-Logging-Id
X-Location
RNT-Machine
X-Agile-Id
X-Generated-In
RNT-Time
X-Dispatcher-Server
Server-Ext
Server-Hostname
X-Generation-Time
Release
On-Server
X-LAGOON
NM-Fastcgi-Cache
X-Developers
Sever-Int
X-Device-Os
X-Hash
X-User
Viewport
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Wxu-Next-Hostname
X-Cms-Context
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Apple-News-Services-Host
Apple-News-Services-Handled
X-Branch-Name
X-Bip
X-Cache-FS-Status
X-SD-PageType
AKAMAI
Wxu-Next-Region
Cache-Cookie-Set-Lfrom
Wxu-Next-Commit
X-VC-Cache
X-Varnish-Cacheable
Vix-Hermes-Req-Id
We-Hiring
N-Cache
X-Compress-Hint
X-Worker
CDCHOST
CacheControlHeader
X-Agile
X-B3-Traceid
X-Hit
Cf-Ipcountry
Sid
X-Storefront-Renderer-Rendered
User-Cache-Control
X-Envoy-Decorator-Operation
X-Distil-CS
X-Core-Mission
X-TA-CDN-Provider
X-Microcachable
X-CGP
X-Cache-Tags
X-Clientip
X-Cache-Debug
X-Origin-Date
X-Cache-Bucket
X-Cache-Info
X-Cache-URL
X-Block-Status
X-Backend-State
X-NC
Web-Mar-Node
X-Clara-WADP
X-Fmm-Version
X-Servername
X-WADP-Cache
X-Wikidot-Backend
X-Micro-Cache
X-Loc
X-Gen-Mode
X-Hnp-Log
X-VG-TLSProxy
X-Dc
X-JWT-State
X-Magnolia-Registration
X-Auto-Login
X-Is-Gdpr
X-Has-Esi
X-Epic-Correlation-Id
X-Eu-Site
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Var-Ttl
X-Variation
X-TH-Server
X-Server-W
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Wikidot-Static-Cache
X-Distributor
Fastly-Drupal-HTML
Fastly-SIE
W
C-Via
Adler-Geo
Rt-Fastcgi-Cache
Fastly-SWR
Platform
Ha-Gx-Prefs
Is-Eu
HA-Ipaddr
Node
Gh-Request-Id
L5d-Success-Class
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Origin-TTL
X-Origin-CC
X-App
X-Varnish-Beresp-Ttl
X-Cache-Id
X-Varnish-Authentication
X-SRV
X-Instart-Info
X-Esi-Check
X-Via-PopH
X-Via-PopV
X-BBXSRF
X-Request-Host
X-Reboot
X-Mvc-Supplant-Cachable
X-Cache-ASPX
X-Slack-Backend
X-TrackingId
X-Webstats-RespID
X-We-Are-Hiring
X-VServer
X-Irp-Debug
X-Backend-Host
X-Gzip
X-Fastly-Cache
X-Contensis-Viewer-Groups
X-Platform-Server
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-GoCache-CacheStatus
X-LI-UUID
X-Configured-By
X-NU-AKA-ACS-Version
X-Li-Pop
Memcached
X-Li-Fabric
X-LI-Proto
X-Wa
LB
X-Cdn-Forward
X-Ms-Version
X-Envoy-Upstream-Healthchecked-Cluster
X-Ms-Request-Id
HostName
X-Edge-Location
X-TT-TIMESTAMP
X-Key
Referer-Policy
X-Varnish-URL
Pragrma
NtCoent-Length
X-BC
X-UA
X-ZONE
X-Refresh
MIME-Version
X-Vgn-Hpd-Reason
Tracecode
Esi-Enabled
X-Servedbyhost
X-Ua-Device
X-Via-CDN
L
X-Mvc-Supplant-OutputCached
X-TIME
CACHE
Fastly-Backend-Name
Server-ID
X-App-Name
Ohc-File-Size
GEO-INFO
X-Server-IP
X-MSEdge-Flight
X-BACKEND-TTL
X-MSEdge-Features
X-Up
Cache-Host
X-Bc
X-Zone
Memory
X-Minions-Version
X-Batcache
X-Nginx-Cache
X-Unique-ID
X-ND-Cache
X-Cdn-Srv
X-ElasticPress-Query
X-Debug-Panamera-Host
Server-Surrogate-Control
X-Svr
X-Debug-Panamera-Sitecode
X-Sucuri-ID
Server-Cache-Control
X-VCL-Version
X-S-Maxage
X-FPC
X-COUNTRY
X-Aicache-OS
X-Generated-By
X-Pjax-Url
Ohc-Response-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-GEO
X-Oss-Storage-Class
X-VCT
X-CF-Powered-By
FSS-Cache
GeoIP-Country-Code
Resin-Trace
DCR-Decision-By
X-Rocket-Nginx-Bypass
DCR-Processing-Time-Ms
Heartbleed
X-PF-Uncompressing
GeoIP-Latitude
Request-EU
Locid
Pramga
X-Fastly-Cache-Status
Location
X-Azure-Ref-OriginShield
Hostname
Request-Country
Powered-By-ChinaCache
X-Varnish-Hits
X-Request-URI
X-Check-Cacheable
X-Varnish-Ttl
X-BE
Cteonnt-Length
HitType
Lfy
X-CSRF-TOKEN
X-Ratelimit-Remaining
X-Fastly-Country-Code
X-VarnishDD-TTL
X-Gamma-Serve
X-Sucuri-Cache
X-Varnishpool
X-LB-ID
X-PJAX-URL
PFcat
Cdn-Host
X-Shopify-Generated-Cart-Token
Cdn-Request-Time
X-Edge-Server
X-Ratelimit-Reset
X-VHOST
X-Fpc
X-OVcl
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-OVcl-Cache
GeoIp-Country-Code
Geoip-Latitude
X-Newrelic-App-Data
X-Vgn-Hpd-Variations-Key
WZWS-RAY
CF-Cached-On
X-WebServer
Amp-Access-Control-Allow-Source-Origin
X-HS-Status
X-Platform
X-Instart-Isnd
X-Fastly-Backend-Reqs
SRV
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Render-Time
X-Vcl-Version
X-Pf-Uncompressing
Product
X-Proxy-Upstream
Mime-Version
X-Cache-Expired-At
X-Ratelimit-Limit
X-NGINX-Cache
X-Ftr-Cache-Host
X-CACHE-AGE
X-Original-Request-Id
X-Sn-Servicetimems
My-App
X-Cdn-Origin
X-Oracle-Dms-Rid
X-CLOUD-TRACE-CONTEXT
SN
XServer
X-Fetched-On
Ohc-Cache-HIT
X-GeoIP-Country-Code
X-CACHE-KEY
X-Amzn-Remapped-Connection
WWW-Authenticate
X-Amzn-Remapped-Date
X-ECache
X-CUA
URI
X-ServedByHost
X-Varnish-Url
Dt-Cache-Category
Epwk-X-Cache
Pics-Label
X-Oss-Cdn-Auth
X-StackifyID
X-B3-SpanId
Lb
X-Request-Start
X-Cache-Tag
X-Fastly-Request-Id
A
CloudFront-Viewer-Country
X-Swift-Error
X-Client-Ip
X-Debug-Cache-Store
Backend
X-B3-Spanid
X-RunCloud-Cache
Cdn
Backend-Name
X-Debug-Cache-Fetch
X-Served-From
Group
X-WR-MODIFICATION
X-Apw-Access-Action
Cloudfront-Viewer-Country
X-Csrf-Jwt
SID
PICS-Label
Server-Ttl
X-Apw-Access-Object
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Cache-Status
X-Nananana
X-LiteSpeed-Cache-Control
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Debug-Cache-Bypass
Cf-Alt-Svc
X-Apw-Access-Token
X-Tb-Optimization-Total-Bytes-Saved
X-Apw-Hits
X-Cache-Version
Proxy-Firewall
X-WA
DataCenter
X-Request-Time
X-Varnish-Beresp-TTL
X-Via-Ucdn
Cneonction
X-Cache-Hm
X-Via-Poph
X-Via-Popv
X-Acquia-Site
X-Acquia-Purge-Tags
Origin
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Cache-Hfrom
X-APP
Warning
Inserted-Into-Cache-At
X-VC
X-Dw-Trace-Id
X-Snapshot-Date
CF-IPCountry
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-Lb-Id
X-B3-Parentspanid
NnCoection
X-Request-URL
X-ElasticPress-Search
X-SB
X-IN-APIGATEWAY
Country-Code
X-Via-NSCOPI
X-Varnish-ID
Req-ID
X-Html-Edge-Cache
X-IN-APIGATEWAYSSL