Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Backend-Server
X-Cache-Lookup
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
X-Clacks-Overhead
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
Verso
Accept-CH-Lifetime
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
Public-Key-Pins
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-GitHub-Request-Id
X-B3-TraceId
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Pagespeed
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
X-Pass-Why
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
X-D2id
X-Content-Type
X-Amz-Rid
X-Cached
X-NF-Request-ID
X-Vcap-Request-Id
TCN
X-CST
X-Abt-Application-Version
Pinterest-Generated-By
X-VARITI-CCR
Accept-Ch
Host-Header
X-Ttl
AR-PoweredBy
AR-Request-ID
AR-ATIME
Ar-Sid
AR-CACHE
X-Navigation-Version
X-ESI
Cache-Tag
X-Version
Accept-Ch-Lifetime
X-Powered-CMS
X-Upstream
X-Server-Name
X-Fastly-Request-ID
X-Instart-Request-ID
X-Debug
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
X-XRDS-Location
Nginx-Cache
Charset
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Accel-Expires
Content-MD5
SPRequestDuration
SPIisLatency
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Realpath
X-Element-Page-Cache
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
S
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Client-IP
X-Hp-Webp
X-Jurisdiction
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Trace
X-TTL
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Server-ID
X-Cache-Key
X-NWS-LOG-UUID
X-Mobile-URL
X-Oneagent-Js-Injection
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
Server-Node
X-Frontend
X-Cache-Age
X-Hostname
ServerID
X-Amzn-Trace-Id
Front-End-Https
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
Edge-Cache-Tag
Fastly-Restarts
X-Forwarded-For
X-FTR-Expires
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Server-Name
X-Yandex-Sdch-Disable
PB-PID
Arc-Version
PB-RID
Powered
X-Microsite
X-Request-Handler-Origin-Region
DynaTrace
Filters
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Zen-Fury
X-DIS-Request-ID
X-Page-Id
X-LB-Cache
X-Hits
X-F-Cache
X-Jobs
X-Akamai-Edgescape
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
Accept-Charset
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
X-Cdn
Alternate-Protocol
X-Varnish-Age
X-Erf-Bev-Bev-Is-Generated
X-FTR-Cache-Host
X-Erf-Bev-Bev
X-Correlation-Id
X-N
AMP-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-B
Backend-Timing
X-ATS-Timestamp
X-Daa-Tunnel
X-Varnish-Backend
Cache-Tags
X-Rid
MicrosoftSharePointTeamServices
X-Via-JSL
X-AppVersion
X-Activity-Id
X-Az
DC
Retry-After
X-Amz-Replication-Status
X-Type
X-Varnish-Grace
X-Esi
X-WebKit-CSP-Report-Only
Surrogate-Key
X-FB-Debug
X-Whom
Section-Io-Cache
X-Git-Hash
X-Fastcgi-Cache
X-Signature
X-TT
X-App-Environment
X-Request-Guid
X-B-Cache
Paypal-Debug-Id
X-Status
Host
X-Content-Options
X-Edge
X-Debug-Info
Frame-Options
X-ATG-Version
X-RateLimit-Remaining
Actual-Object-TTL
X-Ser
Fastcgi-Useragent
X-App-Server
Healthy
X-IPLB-Instance
Nel
X-Contextid
X-AOL-HN
X-Endurance-Cache-Level
X-Amzn-RequestId
X-HTML-Minification-Powered-By
X-Cache-Action
Srv
X-Seen-By
X-ECACHE
X-Pinterest-Direct
X-B3-Sampled
X-Host-Name
From-Origin
Refresh
X-Upgrade-Enabled
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Response-Served-From
X-Instance
X-ProcessESI
X-Accel-Buffering
X-Cache-Rule
X-RemovedCookies
X-Cache-Operation
X-Mid
VIX-Pulpo-Upstream-Status
X-MCACHE
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Protected-By
X-Cacheable-TTL
X-UUID
X-Rule
X-Region
Content-Disposition
X-Environment-Context
X-L-Path
X-Is-Bot
MS-CV
Eomportal-Instance
Payment
X-Rendered-As
X-WA-Info
Source
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
X-FW-Static
Countrycode
X-Adobe-Loc
X-Cache-Time
X-Varnish-Server
X-Adobe-Content
X-Litespeed-Cache
Datacenter
X-Time
X-PressLabs-Stats
Cache-Status
X-Cache-Control
X-Cached-By
X-Cache-Server
X-Release
Uber-Trace-Id
X-VCache
X-Proxy
X-Load-Cache
Xserver
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-GeoIP
X-Akamai-Transformed
X-UnsetCookies
X-Correlation-ID
X-Mobile
X-SERVER-NAME
X-Yottaa-Metrics
X-Azure-Ref
X-Yottaa-Optimizations
X-PHP-Backend
X-Origin-Response-Time
X-NewRelic-App-Data
Access-Control-Request-Headers
X-Tt-Trace-Tag
X-Wix-Request-Id
X-Tt-Trace-Host
Version
X-Handled-By
X-Mode
X-Cluster
X-IPS-LoggedIn
Accept-Language
X-NWS-UUID-VERIFY
X-Air-Hostname
X-NGENIX-Cache
X-Backend-Name
Liferay-Portal
NGB
X-Cache-NGX
Filterid
X-URL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Framework
X-Cache-Remote
X-APP-VERSION
X-FireWall-Port
X-Cache-Var
X-Locale
X-RN-RSRV
X-LJ-Flow-ID
X-ES-SERVER
X-CCM
X-Path-Route
X-PERF
X-VWS-Id
X-Proxied
X-Via-Fastly
X-Zipkin-Id
X-Cache-Var-Map
X-Routing-Service
Cross-Origin-Window-Policy
Meta-Geo
Load-Balancing
X-UA-Device-Type
X-UPSTREAM-Address
X-Cache-Status-Check
X-AWS-Id
X-ApacheServer
X-Adobe-Source
X-Site-Version
X-Storage
X-Real-IP
X-Qloud-Router
X-R9-Blue-Green-Version
X-TX-ID
X-MP-GENERATED-AT
Mn-Server-Ip
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
ServedBy
Cache-Hits
X-Www-Served-By
X-PCL
X-OCL
X-Viewer-Country
DSUID
X-Human
X-Info
X-Access
X-Cache-Config
X-Pubstack
X-RTag
X-Redis-Cache
X-IP
Cache
X-Ua
Ms-Operation-Id
X-NCache
X-No-Session
X-Bc-Bl
Now
Akamai-GRN
X-Say-Cacheable
Cleartype
Fastly-SSL
X-Format
X-Detected-As
X-Web-Node
Cache-Name
Section-Origin-Responded
X-Section
X-SayCDN-TTL
X-Say-TTL
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Device-Type
X-CS
X-Cache-Enabled
Webserver
TWC-Locale-Group
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
X-EIG-Tracking-Id
X-Alternate-Cache-Key
Property-Id
S-Rt
Webcakes-Region
X-BYPASS-REASON
X-Hosted-By
X-ShardId
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-ShopId
X-Shopify-Stage
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Origin-Hint
X-PHP-Host
X-Hl-Ver
TWC-GeoIP-LatLong
X-FW-Version
X-Labrador-Cache-Channel
X-FC-Vary-Parameters
X-Content-Age
X-Timing-Wait
X-TNCMS
X-Time-Microsecs
X-Generated
X-JoinUs
X-FB-TRIP-ID
X-BCube-Filmed-By
X-Proxy-Build
X-NYM-Debug-Backend
X-SaId
X-Loop
X-Origin
X-From
Selected-Fe
DB-Nickname
X-RequestSource
X-Cache-Host
X-Hyper-Cache
X-Amzn-Remapped-Content-Length
X-CSRF-Token
Server-Info
X-XRDS-LOCATION
Azure-RegionName
Ec-Rule-Version
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Origin-Edge-Control
X-Xfnlog-Site
Origin-Cache-Control
X-Geo
Geo-Info
X-Drupal-Cache-Contexts
X-RateLimit-Limit
X-Cache-2
X-Cache-TTL-Remaining
SD-X-WS
Time
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
X-EC-Lua
X-Unique-Id
Locale
X-Urbn-Context-Path
User-Agent
X-Urbn-Site-Id
X-Pad
X-Old-Content-Length
Apigw-Requestid
X-Cluster-Node
X-Source
X-Varnish-Hostname
X-Cache-NE
X-Presslabs-Stats
Upgrade-Insecure-Requests
FilterID
X-Debug-Cache
X-Parent-Response-Time
X-RCS-CacheZone
X-Akamai-Request-ID
X-Webkit-CSP
X-Soup
X-Cache-Backend
X-Proto
Proxy-Connection
X-Vcache
X-Backend-TTL
X-App-Version
X-Tb
X-Srv
X-Cache-Grace
X-CDN-Forward
X-Proxy-Cache-Status
X-AIR-PT
X-DC
X-Forwarded-Host
X-Cache-PHP
WPE-Backend
X-FORWARDED-FOR
NR-ENABLED
X-Tumblr-Pixel-3
X-Nc
BehaviorPad-Version
X-A-Dam
Arc-Country
AsisCache
X-A-Ccd
VivaBuild
X-Vtex-Remote-Cache
Who
X-A
Xc-Version
UCS
X-A-Dcw
M-TraceId
Server-Host
IsBot
Rendered-Blocks
Pagetype
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Machine
T-Server
Thinkindot-CacheControl
True-Client-Country-4JS
Content-Style-Type
N-Cache
Viewtype
Fastcgi-X-Cache-Version
Thinkindot-Control
GEO-REGION-INFO
FNAC-ModuleRouting
Thinkindot-CacheControl-Type
Content-Script-Type
X-ARC
X-S-Cookie
X-Scheme
X-S
X-G
X-Generated-On
X-ScT
X-External-Request-Id
Cache-Key
X-Session-Fingerprint
X-ServiceProvider
X-SD-PageType
X-Dispatch
X-Geo-Header
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Method
X-Processor
X-PAYTM-SRV-ID
X-NodeID
X-Matched-Rule
X-Region-Sid
X-Rojux
X-Rewrite-Enabled
X-Response-By
X-Reqid
X-SIPLIST1
X-SRCache-Key
X-Vdms-Version
X-Application
X-Vdms-Path
X-Twitter-Response-Tags
X-Trv-Group
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-B-Cookie
X-CF-Lambda-Fn
X-Thinkindot-L3
X-Destination
X-Swa-Ws
X-Developer
X-DevSite-Last-Modified
X-Date
X-D
X-CF-Lambda-Version
X-Transaction
X-Trace-Id
X-Connection-Hash
X-A-Dgt
ServerName
X-Be
X-Uri
X-Storefront-Renderer-Rendered
X-Newrelic-Synthetics
NGX
OT-Force-Account-Verify
User-Cache-Control
Sever-Int
X-SRV
Vix-Hermes-Req-Id
Viewport
X-Req
V-Age
Server-Hostname
X-Servername
X-Device-Os
X-Developers
On-Server
NM-Fastcgi-Cache
Mail-Subject
X-User
Release
X-SN
RNT-Time
Server-Ext
RNT-Machine
X-Skip-Cache
X-LAGOON
We-Hiring
Wxu-Next-Commit
X-Micro-Cache
X-Logging-Id
X-Cache-FS-Status
X-Cache-Bucket
X-Block-Status
X-Branch-Name
X-Cache-Info
X-Cache-URL
X-Cms-Context
X-Clara-WADP
X-Compress-Hint
X-Loc
X-Location
X-Bip
X-Backend-State
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Wxu-Next-Region
Wxu-Next-Hostname
Magicmarker
X-Policy
X-Core-Value
X-Agile-Id
X-Node-Id
X-Agile-Age
X-Agile
X-Owner
Web-Mar-Node
X-Thanos
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
X-Worker
CacheControlHeader
X-WADP-Cache
X-Wikidot-Backend
X-Varnish-Cacheable
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Gen-Mode
X-Hash
X-Generated-In
X-Generation-Time
X-Hnp-Log
X-App
Apple-News-Services-Handled
AKAMAI
X-Fmm-Version
X-Cluster-Name
S-Cnection
X-Wikidot-Static-Cache
X-Dispatcher-Server
Kp-EeAlive
X-VC-Cache
Sid
X-Magnolia-Registration
Node
X-Origin-TTL
X-Hit
X-Origin-CC
X-Envoy-Decorator-Operation
X-B3-Traceid
Cf-Ipcountry
Adler-Geo
Fastly-SWR
Rt-Fastcgi-Cache
X-Eu-Site
X-TA-CDN-Provider
X-BBXSRF
X-Distil-CS
X-Auto-Login
L5d-Success-Class
X-Mvc-Supplant-Cachable
X-Core-Mission
X-Cache-Debug
X-Esi-Check
X-Has-Esi
X-Is-Gdpr
Gh-Request-Id
X-CGP
X-Gzip
X-JWT-State
X-Cache-Tags
Fastly-SIE
X-Variation
X-Cache-Id
X-Server-W
X-Var-Ttl
X-Origin-Date
X-Epic-Correlation-Id
HA-Ipaddr
X-Rebelmouse-Surrogate-Control
Is-Eu
X-Distributor
W
Ha-Gx-Prefs
X-Request-Host
Fastly-Drupal-HTML
X-We-Are-Hiring
X-Webstats-RespID
X-Reboot
X-TH-Server
X-Rebelmouse-Cache-Control
X-Irp-Debug
X-TrackingId
Platform
X-VG-TLSProxy
X-Origin-Expires
X-VServer
X-Request-UUID
X-Clientip
X-Fastly-Cache
C-Via
X-NC
X-Li-Fabric
X-Contensis-Viewer-Groups
X-Li-Pop
LB
X-Slack-Backend
X-GoCache-CacheStatus
X-LI-Proto
X-NU-AKA-ACS-Version
X-Varnish-Authentication
Memcached
X-SVT-ORM-RULES
X-LI-UUID
X-Cache-ASPX
X-Backend-Host
X-Configured-By
X-SVT-ORM-VERSION
X-Dc
X-Microcachable
Referer-Policy
X-Edge-Location
X-Wa
X-Instart-Info
X-Key
X-Via-PopH
X-Via-PopV
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cdn-Forward
HostName
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
Pragrma
MIME-Version
X-Ms-Version
X-Refresh
X-Varnish-URL
X-TT-TIMESTAMP
X-Ms-Request-Id
X-UA
X-BC
X-ZONE
Fastly-Backend-Name
X-Servedbyhost
X-Ua-Device
X-Via-CDN
NtCoent-Length
X-TIME
CACHE
Esi-Enabled
X-Up
GEO-INFO
X-Vgn-Hpd-Reason
X-Batcache
X-Minions-Version
X-MSEdge-Features
X-MSEdge-Flight
X-Mvc-Supplant-OutputCached
L
Memory
X-App-Name
Server-ID
Tracecode
X-Zone
X-Bc
X-BACKEND-TTL
Ohc-File-Size
X-ND-Cache
X-Server-IP
Cache-Host
X-VCL-Version
X-Nginx-Cache
X-ElasticPress-Query
X-Unique-ID
X-Svr
X-Sucuri-ID
X-Debug-Panamera-Host
X-Aicache-OS
X-Debug-Panamera-Sitecode
X-Cdn-Srv
X-Pjax-Url
X-FPC
X-GEO
X-COUNTRY
Server-Surrogate-Control
X-Generated-By
Server-Cache-Control
X-S-Maxage
X-Oss-Object-Type
X-CF-Powered-By
Ohc-Response-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
DCR-Processing-Time-Ms
DCR-Decision-By
X-Oss-Request-Id
GeoIP-Country-Code
X-Oss-Server-Time
FSS-Cache
X-VCT
Location
Pramga
X-Fastly-Cache-Status
X-PF-Uncompressing
X-Azure-Ref-OriginShield
Powered-By-ChinaCache
GeoIP-Latitude
X-Rocket-Nginx-Bypass
HitType
Hostname
Resin-Trace
X-Check-Cacheable
Heartbleed
Request-Country
Locid
X-Varnish-Ttl
Request-EU
X-Varnish-Hits
Cteonnt-Length
X-Varnishpool
X-Ratelimit-Reset
X-BE
X-LB-ID
X-Sucuri-Cache
X-Request-URI
X-VarnishDD-TTL
Amp-Access-Control-Allow-Source-Origin
PFcat
X-CSRF-TOKEN
X-Ratelimit-Remaining
X-PJAX-URL
Cdn-Request-Time
Cdn-Host
X-Edge-Server
Lfy
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-OVcl-Cache
X-OVcl
X-Vgn-Hpd-Variations-Key
X-VHOST
X-Fpc
X-Gamma-Serve
X-Newrelic-App-Data
X-Platform
GeoIp-Country-Code
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Fastly-Country-Code
X-Instart-Isnd
X-Shopify-Generated-Cart-Token
CF-Cached-On
X-Render-Time
X-Cache-Expired-At
X-Original-Request-Id
X-HS-Status
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
SRV
X-Client-Ip
SN
X-Pf-Uncompressing
X-WebServer
WZWS-RAY
X-Vcl-Version
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Proxy-Upstream
XServer
X-CUA
X-NGINX-Cache
X-Oracle-Dms-Rid
X-CACHE-AGE
Product
Mime-Version
Pics-Label
X-Fetched-On
X-Cdn-Origin
Epwk-X-Cache
My-App
WWW-Authenticate
X-ECache
X-CACHE-KEY
X-Sn-Servicetimems
Ohc-Cache-HIT
URI
X-Amzn-Remapped-Date
X-GeoIP-Country-Code
X-ServedByHost
X-Varnish-Url
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-StackifyID
A
Dt-Cache-Category
X-RunCloud-Cache
Backend-Name
X-Oss-Cdn-Auth
Lb
X-Fastly-Request-Id
Backend
X-B3-SpanId
X-Debug-Cache-Store
X-Request-Start
X-Debug-Cache-Fetch
X-Csrf-Jwt
X-Swift-Error
X-Served-From
SID
X-Via-Popv
X-B3-Spanid
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
Server-Ttl
X-Cache-Tag
PICS-Label
X-Debug-Cache-String
X-Nananana
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Via-Poph
Cloudfront-Viewer-Country
Cdn
Group
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Version
Proxy-Firewall
X-Request-Time
X-Sigma
X-WA
Host-ID
X-Rocket-Build-Number
X-Sigma-Backend
X-WR-MODIFICATION
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Cache-Hfrom
X-Varnish-Beresp-TTL
DataCenter
X-Cache-Hm
X-Acquia-Site
X-Apw-Access-Token
Cneonction
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Action
X-APP
X-Snapshot-Date
Warning
X-Lb-Id
Req-ID
Inserted-Into-Cache-At
CF-IPCountry
X-Request-URL
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-Html-Edge-Cache
X-VC
X-Via-Ucdn
X-Varnish-ID
X-ElasticPress-Search
Origin