Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
Status
X-Ua-Compatible
X-Content-Security-Policy
Content-Encoding
X-CDN
Upgrade
Access-Control-Expose-Headers
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Request-Context
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Amz-Version-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Cache-Lookup
X-Backend-Server
X-Readtime
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Rack-Cache
X-Clacks-Overhead
Accept-CH
X-Px
RTSS
MS-Author-Via
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
Accept-CH-Lifetime
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
Public-Key-Pins
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Sol
X-Middleton-Response
X-Forwarded-Proto
Pagespeed
Display
X-Middleton-Display
Response
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
Host-Header
X-Pass-Why
X-D2id
X-Content-Type
Pinterest-Generated-By
X-Amz-Rid
X-CST
X-NF-Request-ID
TCN
X-Cdn
X-Cached
X-Abt-Application-Version
X-Vcap-Request-Id
X-VARITI-CCR
AR-Request-ID
AR-PoweredBy
AR-ATIME
Accept-Ch
AR-CACHE
Ar-Sid
X-ESI
X-Navigation-Version
X-Ttl
X-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Powered-CMS
X-Upstream
X-Instart-Request-ID
X-Debug
Accept-Ch-Lifetime
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Access-Control-Request-Method
X-XRDS-Location
X-MSEdge-Ref
Charset
Nginx-Cache
X-Accel-Expires
Content-MD5
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Element-Page-Cache
MRF-Tech
SPRequestDuration
SPIisLatency
Realpath
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Server-ID
S
SPRequestGuid
X-SharePointHealthScore
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-TTL
X-Hp-Webp
X-Jurisdiction
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Client-IP
X-FastCGI-Cache
X-Trace
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Cache-Key
X-Mobile-URL
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Frontend
X-Request-Processing-Time
Server-Node
X-Request-Received
X-Hostname
X-Cache-Age
X-Oneagent-Js-Injection
ServerID
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
Fastly-Restarts
X-FTR-Backend-Server
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Server-Name
X-Yandex-Sdch-Disable
Powered
PB-RID
Arc-Version
PB-PID
X-Microsite
X-Request-Handler-Origin-Region
DynaTrace
X-Revision
Filters
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Page-Id
X-DIS-Request-ID
X-Zen-Fury
X-Jobs
X-F-Cache
X-LB-Cache
X-Hits
X-Akamai-Edgescape
X-Correlation-Id
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Accept-Charset
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Alternate-Protocol
X-Varnish-Age
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-N
X-Daa-Tunnel
X-B
X-Varnish-Backend
X-Litespeed-Cache
X-Fastcgi-Cache
Cache-Tags
X-Ruxit-Js-Agent
X-RateLimit-Remaining
X-Rid
Backend-Timing
X-ATS-Timestamp
X-Az
X-AppVersion
X-Via-JSL
X-Activity-Id
X-Type
Retry-After
DC
X-Varnish-Grace
MicrosoftSharePointTeamServices
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
Surrogate-Key
X-FB-Debug
X-Whom
Section-Io-Cache
X-Git-Hash
X-App-Environment
X-B-Cache
Paypal-Debug-Id
X-Request-Guid
X-Signature
X-TT
X-Content-Options
X-Status
Host
X-Edge
X-Debug-Info
X-Esi
Frame-Options
Actual-Object-TTL
Fastcgi-Useragent
X-ATG-Version
X-Ser
X-IPLB-Instance
X-App-Server
Healthy
X-Endurance-Cache-Level
X-Amzn-RequestId
X-Contextid
X-AOL-HN
X-HTML-Minification-Powered-By
Srv
Nel
X-Cache-Action
X-Seen-By
X-ECACHE
X-B3-Sampled
X-Pinterest-Direct
From-Origin
Refresh
X-Host-Name
X-Amz-Apigw-Id
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Drupal-Cache-Tags
X-Tumblr-User
X-Cache-Rule
X-RemovedCookies
X-Response-Served-From
X-Accel-Buffering
X-ProcessESI
X-Instance
X-Cache-Operation
X-Protected-By
X-MCACHE
VIX-Pulpo-Node
X-Mid
VIX-Pulpo-Upstream-Status
X-Region
X-Is-Bot
Odigeo-Trace-Id
X-UUID
X-Cacheable-TTL
Content-Disposition
X-Rendered-As
X-Time
X-Rule
X-Environment-Context
MS-CV
Eomportal-Instance
Datacenter
X-L-Path
Payment
X-WA-Info
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Dynamic
Source
X-Varnish-Server
X-Cache-Time
Countrycode
X-Adobe-Content
X-Adobe-Loc
X-PressLabs-Stats
Xserver
X-Release
X-Cache-Control
Uber-Trace-Id
X-Cached-By
Cache-Status
X-EdgeConnect-Cache-Status
X-Proxy
X-Akamai-Request-ID2
X-Cache-Server
X-UnsetCookies
X-Load-Cache
X-GeoIP
X-VCache
X-Mobile
X-Akamai-Transformed
X-Webkit-CSP
X-NewRelic-App-Data
X-PHP-Backend
X-Azure-Ref
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Tt-Trace-Host
X-Origin-Response-Time
X-Wix-Request-Id
X-Tt-Trace-Tag
X-SERVER-NAME
Version
X-Mode
X-Handled-By
X-Cluster
X-Air-Hostname
X-NWS-UUID-VERIFY
X-NGENIX-Cache
Liferay-Portal
X-Backend-Name
X-IPS-LoggedIn
X-Cache-NGX
Accept-Language
Cache
X-Ua
NGB
X-Tumblr-Pixel-2
X-Framework
X-Tumblr-Pixel-1
X-FireWall-Port
X-Correlation-ID
X-Ua-Device
X-UPSTREAM-Address
X-Routing-Service
X-CSRF-Token
X-RN-RSRV
X-Via-Fastly
X-UA-Device-Type
X-URL
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-Cache-Status-Check
X-ES-SERVER
X-LJ-Flow-ID
X-Cache-Remote
X-Zipkin-Id
Filterid
X-VWS-Id
X-Locale
X-PERF
Load-Balancing
X-Path-Route
X-Adobe-Source
X-Proxied
Meta-Geo
Cross-Origin-Window-Policy
X-AWS-Id
X-ApacheServer
X-Www-Served-By
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Hits
Decoy-Debug-Key
X-Detected-As
X-PCL
X-Viewer-Country
X-Site-Version
X-Qloud-Router
X-R9-Blue-Green-Version
X-MP-GENERATED-AT
X-Storage
X-TX-ID
Mn-Server-Ip
ServedBy
X-OCL
X-Real-IP
DSUID
X-Cache-Config
X-Access
Ms-Operation-Id
Cache-Name
X-Redis-Cache
X-Pubstack
X-NCache
X-IP
Fastly-SSL
Section-Io-Id
Akamai-GRN
X-Human
X-Info
X-Format
X-RTag
Section-Origin-Responded
X-RateLimit-Limit
Section-Io-Origin-Time-Seconds
X-Web-Node
Section-Io-Origin-Status
X-Say-Cacheable
Cleartype
Now
X-Bc-Bl
X-SayCDN-TTL
X-Say-TTL
X-Section
X-Alternate-Cache-Key
Webserver
X-BYPASS-REASON
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
Webcakes-Region
X-FW-Version
X-ShopId
X-ShardId
X-ServerID
X-ProxyCache-Status
X-Shopify-Stage
X-Sorting-Hat-PodId
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-ProxyCache-Key
X-PHP-Host
X-EIG-Tracking-Id
X-Device-Type
X-CS
X-FC-Vary-Parameters
X-Hosted-By
X-Origin-Hint
X-No-Session
X-Labrador-Cache-Channel
X-Cache-Enabled
X-Hl-Ver
Property-Id
X-Geo
S-Rt
X-Origin
X-JoinUs
X-BCube-Filmed-By
X-Content-Age
X-FB-TRIP-ID
X-Generated
X-From
X-Loop
X-SaId
X-NYM-Debug-Backend
X-Proxy-Build
X-Timing-Wait
X-TNCMS
Selected-Fe
X-Time-Microsecs
Server-Info
DB-Nickname
X-Amzn-Remapped-Content-Length
X-Hyper-Cache
X-Cache-Host
Origin-Cache-Control
X-APP-VERSION
Azure-SiteName
Ec-Rule-Version
Azure-RegionName
Geo-Info
Azure-Version
Azure-SlotName
Azure-InstanceId
X-RequestSource
Origin-Edge-Control
X-Xfnlog-Site
X-Drupal-Cache-Contexts
X-XRDS-LOCATION
X-Cache-TTL-Remaining
X-Cache-2
Time
SD-X-WS
X-Goog-Meta-Goog-Reserved-File-Mtime
Locale
Country
X-EC-Lua
X-Urbn-Site-Id
X-Urbn-Context-Path
User-Agent
X-Pad
Apigw-Requestid
X-Unique-Id
X-Old-Content-Length
X-Varnish-Hostname
X-Source
X-Cluster-Node
X-Cache-NE
FilterID
Upgrade-Insecure-Requests
X-App-Version
X-Debug-Cache
X-Parent-Response-Time
X-Presslabs-Stats
X-Akamai-Request-ID
X-Soup
X-RCS-CacheZone
X-Vcache
X-DC
X-Cache-Backend
X-Proto
Proxy-Connection
X-Tb
X-Cache-Grace
X-Cache-PHP
X-Proxy-Cache-Status
X-Srv
X-Nc
X-CDN-Forward
X-Backend-TTL
X-Forwarded-Host
X-App
X-Storefront-Renderer-Rendered
X-Tumblr-Pixel-3
Cache-Key
X-A-Dcw
Content-Script-Type
Content-Style-Type
Xc-Version
Who
AsisCache
BehaviorPad-Version
Arc-Country
X-A-Ccd
VivaBuild
X-A
X-A-Dam
True-Client-Country-4JS
Server-Host
Meta-Geo-Continent
ServerName
MD5-Digest
Rendered-Blocks
Pagetype
X-A-Dgt
Mobile-Detection-Method
N-Cache
Machine
M-TraceId
Thinkindot-Control
UCS
Fastcgi-X-Cache-Version
FNAC-ModuleRouting
GEO-REGION-INFO
T-Server
Thinkindot-CacheControl-Type
IsBot
Viewtype
X-Destination
X-NodeID
X-Nginx-Cache-Key
X-PAYTM-SRV-ID
X-Processor
X-SRCache-Key
X-Method
X-Swa-Ws
X-Geo-Header
X-Level-Front-Cache
X-Thinkindot-L3
X-Matched-Rule
X-Region-Sid
X-SIPLIST1
X-S
X-S-Cookie
X-Rojux
X-Response-By
X-Rewrite-Enabled
X-Scheme
X-ScT
X-Reqid
X-Session-Fingerprint
X-ServiceProvider
X-SD-PageType
X-Trace-Id
X-Generated-On
X-B-Cookie
X-VG-WebServer
X-CF-Lambda-Fn
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-ARC
X-Accel-Expires-Debug
X-Vtex-Remote-Cache
X-Aed
X-Application
X-Vdms-Path
X-CF-Lambda-Version
X-Trv-Group
X-Dispatch
X-Transaction
X-External-Request-Id
X-G
X-DevSite-Last-Modified
X-Developer
X-Connection-Hash
X-D
X-Date
X-Twitter-Response-Tags
X-A-Wwc
Thinkindot-CacheControl
NR-ENABLED
WPE-Backend
X-FORWARDED-FOR
X-SRV
X-Uri
User-Cache-Control
OT-Force-Account-Verify
NGX
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Node
We-Hiring
Vix-Hermes-Req-Id
Wxu-Next-Region
X-Req
X-Agile
X-Agile-Age
X-RateLimit-Limit-Second
On-Server
X-RateLimit-Remaining-Second
X-Be
Viewport
RNT-Time
Server-Ext
RNT-Machine
X-SN
X-Thanos
X-Skip-Cache
Server-Hostname
X-Agile-Id
X-User
LB
Sever-Int
X-Servername
Release
X-Owner
X-Loc
X-Dispatcher-Server
X-Device-Os
X-Developers
X-Logging-Id
X-Location
X-Fmm-Version
X-Gen-Mode
X-Hash
X-Hnp-Log
X-Generation-Time
X-Generated-In
X-LAGOON
X-Core-Value
X-Cluster-Name
X-Cache-Bucket
X-Cache-FS-Status
X-Block-Status
X-Bip
NM-Fastcgi-Cache
X-Backend-State
X-Cache-Info
X-Cache-URL
X-Cms-Context
X-Compress-Hint
X-Clara-WADP
X-Micro-Cache
X-Node-Id
X-Policy
V-Age
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Kp-EeAlive
Apple-News-Services-Handled
X-VC-Cache
AKAMAI
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WADP-Cache
CDCHOST
X-Worker
CacheControlHeader
Magicmarker
Apple-News-Services-Host
Mail-Subject
X-Magnolia-Registration
X-Varnish-Cacheable
Node
X-AIR-PT
Cf-Ipcountry
X-Origin-TTL
X-Origin-CC
Sid
X-Envoy-Decorator-Operation
X-Hit
X-BBXSRF
X-Var-Ttl
X-We-Are-Hiring
X-Origin-Date
X-Cache-Id
X-Origin-Expires
X-Irp-Debug
X-Cache-Tags
X-Cache-Debug
X-Gzip
X-Has-Esi
X-Is-Gdpr
X-CGP
X-Distil-CS
Adler-Geo
X-Distributor
X-Eu-Site
X-Esi-Check
X-Epic-Correlation-Id
X-Fastly-Cache
X-Auto-Login
C-Via
X-Mvc-Supplant-Cachable
X-Clientip
S-Cnection
X-Core-Mission
X-JWT-State
X-Webstats-RespID
HA-Ipaddr
W
Ha-Gx-Prefs
X-TH-Server
X-VServer
Gh-Request-Id
Is-Eu
Rt-Fastcgi-Cache
X-Newrelic-Synthetics
X-Server-W
L5d-Success-Class
X-VG-TLSProxy
X-Slack-Backend
X-Request-Host
X-Request-UUID
Fastly-Drupal-HTML
Fastly-SWR
Fastly-SIE
X-Variation
Platform
X-Reboot
X-TrackingId
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-LI-UUID
X-Li-Pop
X-TA-CDN-Provider
X-LI-Proto
X-GoCache-CacheStatus
X-Varnish-Authentication
X-Backend-Host
X-Configured-By
Memcached
X-Cache-ASPX
X-NC
X-Branch-Name
X-Li-Fabric
X-SVT-ORM-VERSION
X-Contensis-Viewer-Groups
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
X-Cdn-Forward
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Referer-Policy
X-Varnish-Beresp-Status
X-Wa
X-Edge-Location
HostName
X-Key
X-Microcachable
Pragrma
X-Instart-Info
X-Platform-Server
MIME-Version
X-Refresh
X-Via-PopH
X-Varnish-URL
X-Envoy-Upstream-Healthchecked-Cluster
X-ZONE
X-BC
X-Via-PopV
X-Dc
Fastly-Backend-Name
X-Ms-Request-Id
X-Servedbyhost
X-TT-TIMESTAMP
X-Ms-Version
X-Via-CDN
X-Mvc-Supplant-OutputCached
X-Up
X-Nginx-Cache
NtCoent-Length
Memory
X-MSEdge-Features
X-MSEdge-Flight
X-Minions-Version
Esi-Enabled
X-BACKEND-TTL
X-Batcache
X-Unique-ID
X-UA
X-B3-Traceid
GEO-INFO
X-Vgn-Hpd-Reason
X-App-Name
Tracecode
X-VCL-Version
X-ElasticPress-Query
Server-ID
L
X-Zone
X-Bc
X-Sucuri-ID
Ohc-File-Size
Cache-Host
X-Server-IP
X-Pjax-Url
X-Aicache-OS
X-ND-Cache
X-TIME
CACHE
X-Cdn-Srv
X-Svr
X-Debug-Panamera-Host
GeoIP-Country-Code
X-Debug-Panamera-Sitecode
Server-Surrogate-Control
DCR-Decision-By
DCR-Processing-Time-Ms
X-Generated-By
Server-Cache-Control
GeoIP-Latitude
X-COUNTRY
X-S-Maxage
FSS-Cache
Pramga
X-Oss-Request-Id
X-Oss-Object-Type
Location
X-PF-Uncompressing
X-Oss-Storage-Class
X-FPC
Powered-By-ChinaCache
X-Fastly-Cache-Status
X-CF-Powered-By
X-Oss-Hash-Crc64ecma
Ohc-Response-Time
X-Azure-Ref-OriginShield
X-Oss-Server-Time
X-VCT
HitType
X-Check-Cacheable
X-GEO
X-Rocket-Nginx-Bypass
Resin-Trace
Hostname
X-BE
X-LB-ID
X-Ratelimit-Reset
X-Varnishpool
X-VarnishDD-TTL
X-Varnish-Ttl
Request-EU
PFcat
X-Sucuri-Cache
Request-Country
Locid
Heartbleed
X-Client-Ip
Cteonnt-Length
X-Varnish-Hits
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-OVcl-Cache
X-Vgn-Hpd-Variations-Key
X-OVcl
X-Request-URI
Amp-Access-Control-Allow-Source-Origin
X-Fpc
X-Platform
X-Instart-Isnd
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-Fastly-Backend-Reqs
Lfy
X-Original-Request-Id
X-VHOST
X-PJAX-URL
X-Fastly-Country-Code
X-HS-Status
X-Cache-Expired-At
X-Gamma-Serve
X-Render-Time
X-Newrelic-App-Data
CF-Cached-On
X-Shopify-Generated-Cart-Token
X-CSRF-TOKEN
GeoIp-Country-Code
Geoip-Latitude
SN
SRV
X-Ratelimit-Remaining
X-Pf-Uncompressing
X-Vcl-Version
X-CUA
X-WebServer
WZWS-RAY
Product
Epwk-X-Cache
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
Pics-Label
X-Proxy-Upstream
X-Oracle-Dms-Rid
Mime-Version
X-ECache
X-Cdn-Origin
My-App
X-NGINX-Cache
X-CACHE-KEY
WWW-Authenticate
X-Fetched-On
X-Sn-Servicetimems
Ohc-Cache-HIT
X-Ratelimit-Limit
URI
X-Varnish-Url
Backend-Name
XServer
X-Amzn-Remapped-Connection
X-RunCloud-Cache
X-GeoIP-Country-Code
X-ServedByHost
X-Amzn-Remapped-Date
Backend
X-Ftr-Cache-Host
X-B3-SpanId
X-Tec-Api-Origin
X-Via-Popv
X-Oss-Cdn-Auth
X-StackifyID
X-Tec-Api-Version
X-Tec-Api-Root
Dt-Cache-Category
X-Via-Poph
A
X-Csrf-Jwt
CloudFront-Viewer-Country
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Request-Start
X-Swift-Error
Lb
X-Request-Time
Cloudfront-Viewer-Country
X-Cache-Tag
Host-ID
PICS-Label
X-Rocket-Build-Number
Server-Ttl
X-Sigma-Backend
X-Sigma
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-LiteSpeed-Cache-Control
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
X-Nananana
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-Served-From
X-Debug-Cache-String
X-Debug-Cache-Bypass
SID
Cdn
Group
X-Cache-Version
X-Cache-Hm
Dnion-Transfer-Encoding
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
X-Cache-Hfrom
X-WA
Cneonction
X-Acquia-Site
Proxy-Firewall
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Acquia-Purge-Tags
X-Apw-Access-Action
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Html-Edge-Cache
Origin
Req-ID
CF-IPCountry
FSS-Proxy
X-SB
X-Snapshot-Date
X-Dw-Trace-Id
Inserted-Into-Cache-At
X-Varnish-ID
Cf-Alt-Svc
X-ElasticPress-Search
X-Request-URL
X-VC
X-Via-Ucdn
Warning