Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Request-ID
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Backend-Server
X-Ac
X-Readtime
X-Cache-Lookup
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
X-Clacks-Overhead
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Goog-Hash
Verso
X-Powered-By-Plesk
Accept-CH-Lifetime
Service-Worker-Allowed
X-Varnish-TTL
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
Public-Key-Pins
X-B3-TraceId
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Middleton-Display
Pagespeed
Display
Response
X-Sol
X-Middleton-Response
X-Pass-Why
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-DynaTrace
X-Cache-TTL
X-D2id
X-Cached
X-Amz-Rid
X-Vcap-Request-Id
X-NF-Request-ID
X-Content-Type
TCN
X-CST
Pinterest-Generated-By
X-Abt-Application-Version
X-VARITI-CCR
Accept-Ch
Host-Header
X-Ttl
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
Ar-Sid
X-Navigation-Version
X-ESI
Cache-Tag
X-Version
X-Powered-CMS
Accept-Ch-Lifetime
X-Upstream
X-Server-Name
X-Fastly-Request-ID
X-Instart-Request-ID
X-Grace
X-Debug
Access-Control-Request-Method
X-MSEdge-Ref
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Nginx-Cache
Charset
X-TEC-API-VERSION
X-Accel-Expires
Content-MD5
SPIisLatency
SPRequestDuration
X-Server-ID
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
Realpath
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Element-Page-Cache
X-DynaTrace-JS-Agent
S
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
SPRequestGuid
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-Client-IP
X-Hp-Webp
X-Jurisdiction
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-TTL
X-Trace
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Cache-Key
X-Mobile-URL
X-Oneagent-Js-Injection
X-NWS-LOG-UUID
X-Cache-Hit
X-Frontend
Server-Node
X-Request-Received
X-Request-Processing-Time
TP-L2-Cache
TP-Cache
X-Cache-Age
X-Hostname
ServerID
X-Amzn-Trace-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
Front-End-Https
Edge-Cache-Tag
Fastly-Restarts
X-FTR-Expires
X-Forwarded-For
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Server-Name
X-Yandex-Sdch-Disable
Arc-Version
PB-PID
PB-RID
Powered
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
Filters
X-Revision
X-Content-Security-Policy-Report-Only
X-User-Agent
X-DIS-Request-ID
X-Page-Id
X-Zen-Fury
X-LB-Cache
X-F-Cache
X-Hits
X-Jobs
X-Akamai-Edgescape
X-Mobile-Rewrite
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Accept-Charset
X-Kong-Upstream-Latency
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Geo-Country
X-Origin-Server
X-Cdn
Alternate-Protocol
X-Varnish-Age
X-Erf-Bev-Bev-Is-Generated
X-FTR-Cache-Host
X-Erf-Bev-Bev
X-Correlation-Id
X-N
AMP-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-ATS-Timestamp
Backend-Timing
X-Daa-Tunnel
X-B
X-Varnish-Backend
Cache-Tags
MicrosoftSharePointTeamServices
X-Rid
X-Via-JSL
X-Az
X-Activity-Id
X-AppVersion
X-Amz-Replication-Status
X-Esi
X-Type
DC
Retry-After
X-WebKit-CSP-Report-Only
X-Varnish-Grace
X-FB-Debug
Section-Io-Cache
X-Git-Hash
Surrogate-Key
X-App-Environment
X-Request-Guid
X-Signature
X-Whom
X-Fastcgi-Cache
Paypal-Debug-Id
X-B-Cache
X-TT
X-Content-Options
X-Status
X-Debug-Info
Host
X-Edge
X-ATG-Version
X-RateLimit-Remaining
Frame-Options
Actual-Object-TTL
Fastcgi-Useragent
X-Ser
X-App-Server
X-IPLB-Instance
Healthy
Nel
X-Contextid
X-Endurance-Cache-Level
X-Amzn-RequestId
X-HTML-Minification-Powered-By
X-AOL-HN
Srv
X-Cache-Action
X-Seen-By
X-Pinterest-Direct
X-ECACHE
X-B3-Sampled
X-Host-Name
Refresh
From-Origin
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Drupal-Cache-Tags
X-Upgrade-Enabled
X-Tumblr-User
X-Cache-Rule
X-Accel-Buffering
X-RemovedCookies
X-Instance
X-ProcessESI
X-Response-Served-From
X-Cache-Operation
X-Rule
X-Is-Bot
Odigeo-Trace-Id
X-Protected-By
X-Mid
X-MCACHE
X-UUID
X-Rendered-As
X-Region
Content-Disposition
MS-CV
X-WA-Info
X-Cacheable-TTL
Payment
Source
X-FW-Type
X-L-Path
Eomportal-Instance
X-Environment-Context
X-Varnish-Server
VIX-Pulpo-Node
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
VIX-Pulpo-Upstream-Status
Countrycode
X-Litespeed-Cache
X-Cache-Time
X-Adobe-Content
X-Adobe-Loc
Datacenter
X-PressLabs-Stats
X-Time
Cache-Status
X-Cache-Control
X-Cache-Server
Uber-Trace-Id
X-Release
X-VCache
X-Akamai-Request-ID2
X-Proxy
Xserver
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Cached-By
X-UnsetCookies
X-GeoIP
X-Akamai-Transformed
X-Mobile
X-Correlation-ID
X-SERVER-NAME
X-PHP-Backend
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tt-Trace-Host
X-Tt-Trace-Tag
Access-Control-Request-Headers
X-NewRelic-App-Data
X-Origin-Response-Time
X-Azure-Ref
X-Wix-Request-Id
X-Handled-By
X-Mode
X-Cluster
Accept-Language
X-IPS-LoggedIn
Version
X-Air-Hostname
X-NWS-UUID-VERIFY
X-NGENIX-Cache
X-Backend-Name
Liferay-Portal
NGB
X-Cache-NGX
Filterid
X-URL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Framework
X-FireWall-Port
X-Locale
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-Cache-Status-Check
X-UA-Device-Type
X-UPSTREAM-Address
X-LJ-Flow-ID
X-RN-RSRV
X-APP-VERSION
X-Routing-Service
X-ES-SERVER
X-CCM
X-Via-Fastly
Cross-Origin-Window-Policy
Load-Balancing
X-Zipkin-Id
X-Proxied
X-ApacheServer
X-PERF
X-Adobe-Source
X-AWS-Id
X-VWS-Id
X-Path-Route
Decoy-Debug-Status
X-Cache-Remote
Decoy-Debug-TTL
Decoy-Debug-Key
X-Site-Version
X-Viewer-Country
X-OCL
X-Detected-As
Cache-Hits
X-Real-IP
DSUID
X-R9-Blue-Green-Version
X-Qloud-Router
X-Storage
X-TX-ID
X-MP-GENERATED-AT
X-Www-Served-By
Mn-Server-Ip
X-PCL
ServedBy
X-Cache-Config
X-Format
X-RTag
X-Ua
X-Say-Cacheable
Akamai-GRN
X-Bc-Bl
Cache-Name
Ms-Operation-Id
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
Now
Section-Io-Origin-Status
Fastly-SSL
Cleartype
X-Access
X-Say-TTL
X-Human
X-NCache
X-SayCDN-TTL
X-Info
X-IP
X-Redis-Cache
X-Pubstack
X-No-Session
Cache
X-Web-Node
X-Section
X-Sorting-Hat-PodId
X-BYPASS-REASON
Property-Id
Webserver
X-Origin-Hint
X-Shopify-Stage
X-Sorting-Hat-ShopId
S-Rt
X-Cache-Enabled
Webcakes-Region
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
X-Varnish-Cache-Hits
Webcakes-App-Version
X-Alternate-Cache-Key
TWC-Locale-Group
X-ProxyCache-Key
X-FC-Vary-Parameters
X-Device-Type
X-Hosted-By
X-ShopId
X-CS
X-ShardId
X-Hl-Ver
X-FW-Version
X-ProxyCache-Status
X-EIG-Tracking-Id
Selected-Fe
X-NYM-Debug-Backend
X-ServerID
X-From
X-FB-TRIP-ID
X-Generated
X-PHP-Host
X-Labrador-Cache-Channel
X-Loop
X-Timing-Wait
X-TNCMS
X-Content-Age
Cache-Tv-Group
X-Proxy-Build
X-SaId
X-CSRF-Token
X-RequestSource
X-Origin
X-JoinUs
X-Amzn-Remapped-Content-Length
X-Hyper-Cache
X-Time-Microsecs
X-BCube-Filmed-By
DB-Nickname
Server-Info
X-Cache-Host
Ec-Rule-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-XRDS-LOCATION
Azure-Version
Azure-SlotName
X-Geo
X-Xfnlog-Site
X-Drupal-Cache-Contexts
Geo-Info
X-RateLimit-Limit
Origin-Edge-Control
Time
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
Origin-Cache-Control
X-Cache-2
X-Unique-Id
X-EC-Lua
X-Cache-TTL-Remaining
Country
User-Agent
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Pad
Apigw-Requestid
X-Varnish-Hostname
X-Source
X-Cache-NE
X-Old-Content-Length
X-Presslabs-Stats
X-Cluster-Node
Upgrade-Insecure-Requests
X-Debug-Cache
X-Parent-Response-Time
FilterID
X-Akamai-Request-ID
X-RCS-CacheZone
X-Soup
X-Webkit-CSP
X-Cache-Backend
X-Vcache
X-Proto
Proxy-Connection
X-CDN-Forward
X-Cache-Grace
X-Backend-TTL
X-App-Version
X-Tb
X-Proxy-Cache-Status
X-Srv
X-Cache-PHP
X-Forwarded-Host
X-AIR-PT
X-DC
X-FORWARDED-FOR
NR-ENABLED
WPE-Backend
X-Tumblr-Pixel-3
X-Nc
X-Accel-Expires-Debug
X-A-Wwc
X-Aed
Cache-Key
X-Application
X-DevSite-Last-Modified
X-Dispatch
X-A-Dam
X-A-Dcw
X-External-Request-Id
X-A-Dgt
X-ARC
X-B-Cookie
X-Storefront-Renderer-Rendered
X-D
X-Destination
X-Developer
X-Connection-Hash
X-Trace-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Thinkindot-L3
Xc-Version
X-Swa-Ws
X-A-Ccd
Server-Host
Rendered-Blocks
ServerName
GEO-REGION-INFO
FNAC-ModuleRouting
T-Server
IsBot
Pagetype
Machine
Meta-Geo-Continent
M-TraceId
Mobile-Detection-Method
N-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Who
VivaBuild
BehaviorPad-Version
AsisCache
X-A
Arc-Country
Viewtype
Content-Script-Type
Fastcgi-X-Cache-Version
Thinkindot-Control
True-Client-Country-4JS
UCS
Content-Style-Type
X-G
X-Date
X-Vdms-Path
X-Region-Sid
X-Transaction
X-Reqid
X-Response-By
X-Processor
X-Vdms-Version
X-Method
X-Matched-Rule
X-SRCache-Key
X-NodeID
X-PAYTM-SRV-ID
X-Rewrite-Enabled
X-Rojux
X-Session-Fingerprint
X-ServiceProvider
X-Newrelic-Synthetics
X-Twitter-Response-Tags
X-SIPLIST1
X-SD-PageType
X-ScT
X-S
X-S-Cookie
X-Trv-Group
X-Scheme
X-VG-WebCache
X-Nginx-Cache-Key
X-VG-WebServer
MD5-Digest
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Generated-On
X-Geo-Header
X-Level-Front-Cache
X-Be
NGX
User-Cache-Control
X-Cms-Context
X-Wikidot-Backend
Sever-Int
X-Generation-Time
Server-Hostname
X-VC-Cache
X-Hash
X-Loc
X-User
X-SN
X-Hnp-Log
X-Developers
X-Varnish-Cacheable
Server-Ext
X-Thanos
On-Server
X-Generated-In
X-Fmm-Version
X-Skip-Cache
X-Device-Os
Release
RNT-Time
RNT-Machine
X-WADP-Cache
X-Servername
X-Cache-URL
Viewport
X-Micro-Cache
X-Agile
X-Gen-Mode
X-Cache-Bucket
X-Node-Id
X-LAGOON
X-Agile-Age
X-Location
X-Backend-State
X-Logging-Id
X-Block-Status
X-Agile-Id
X-Worker
X-Policy
Web-Mar-Node
X-Clara-WADP
X-Req
X-Wikidot-Static-Cache
X-Bip
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cache-Info
X-Compress-Hint
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Wxu-Next-Region
X-Core-Value
X-Branch-Name
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Kp-EeAlive
Apple-News-Services-Request-Url
Cache-Cookie-Set-Lfrom
CacheControlHeader
X-Uri
X-Cluster-Name
CDCHOST
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Magicmarker
S-Cnection
AKAMAI
X-App
Apple-News-Services-Handled
X-SRV
Node
X-Hit
X-Origin-CC
OT-Force-Account-Verify
X-Origin-TTL
X-Magnolia-Registration
Sid
X-Envoy-Decorator-Operation
Cf-Ipcountry
X-VG-TLSProxy
X-Server-W
X-Request-UUID
X-Clientip
X-Request-Host
X-Slack-Backend
Mail-Subject
X-CGP
X-Cache-Debug
X-TrackingId
X-BBXSRF
X-NC
X-TH-Server
X-Var-Ttl
X-Cache-Tags
X-Cache-FS-Status
X-Core-Mission
X-Reboot
X-B3-Traceid
X-Auto-Login
X-JWT-State
X-Mvc-Supplant-Cachable
X-TA-CDN-Provider
X-Owner
X-Origin-Expires
X-Origin-Date
X-Is-Gdpr
X-Irp-Debug
X-Rebelmouse-Cache-Control
X-Dispatcher-Server
X-Rebelmouse-Surrogate-Control
X-VServer
X-Eu-Site
X-Has-Esi
X-We-Are-Hiring
X-Fastly-Cache
X-Webstats-RespID
X-Distil-CS
Vix-Hermes-Req-Id
V-Age
Gh-Request-Id
Rt-Fastcgi-Cache
C-Via
Fastly-SWR
W
We-Hiring
Fastly-SIE
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
NM-Fastcgi-Cache
X-Variation
Fastly-Drupal-HTML
X-Backend-Host
X-Contensis-Viewer-Groups
X-SVT-ORM-VERSION
LB
Memcached
X-GoCache-CacheStatus
X-Gzip
X-NU-AKA-ACS-Version
X-Configured-By
Adler-Geo
X-Cache-ASPX
X-Cache-Id
Platform
X-Epic-Correlation-Id
Is-Eu
X-Distributor
X-Esi-Check
X-SVT-ORM-RULES
X-Varnish-Authentication
X-Dc
X-Microcachable
X-Edge-Location
X-Li-Fabric
X-Via-PopV
X-Via-PopH
X-Wa
X-LI-UUID
X-Instart-Info
X-LI-Proto
X-Key
X-Li-Pop
Referer-Policy
HostName
X-Varnish-Beresp-Status
X-Cdn-Forward
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Pragrma
X-Envoy-Upstream-Healthchecked-Cluster
X-Platform-Server
MIME-Version
X-TT-TIMESTAMP
X-Varnish-URL
X-Ms-Request-Id
X-Refresh
X-Ms-Version
X-UA
X-BC
X-ZONE
Fastly-Backend-Name
X-Servedbyhost
NtCoent-Length
X-Ua-Device
X-Via-CDN
X-Up
X-TIME
Esi-Enabled
X-Vgn-Hpd-Reason
CACHE
GEO-INFO
X-MSEdge-Features
X-MSEdge-Flight
X-Minions-Version
X-Mvc-Supplant-OutputCached
Server-ID
Memory
X-App-Name
L
Tracecode
X-Batcache
X-Zone
X-BACKEND-TTL
X-Bc
X-Server-IP
X-ND-Cache
Cache-Host
X-ElasticPress-Query
Ohc-File-Size
X-Nginx-Cache
X-VCL-Version
X-Unique-ID
X-Svr
X-Sucuri-ID
X-Aicache-OS
X-Cdn-Srv
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
X-Pjax-Url
Server-Surrogate-Control
X-COUNTRY
X-FPC
Server-Cache-Control
X-Generated-By
X-GEO
X-S-Maxage
GeoIP-Country-Code
X-CF-Powered-By
X-Oss-Hash-Crc64ecma
Ohc-Response-Time
DCR-Processing-Time-Ms
X-Oss-Object-Type
FSS-Cache
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
DCR-Decision-By
X-VCT
X-Rocket-Nginx-Bypass
Pramga
Powered-By-ChinaCache
X-Azure-Ref-OriginShield
X-Fastly-Cache-Status
X-PF-Uncompressing
GeoIP-Latitude
Location
HitType
Hostname
Resin-Trace
Request-Country
X-Check-Cacheable
X-Varnish-Ttl
Heartbleed
Request-EU
Locid
X-BE
X-Varnish-Hits
X-Varnishpool
Cteonnt-Length
PFcat
X-LB-ID
X-Sucuri-Cache
X-VarnishDD-TTL
X-Request-URI
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Reset
X-Edge-Server
X-CSRF-TOKEN
X-OVcl
Cdn-Host
X-OVcl-Cache
X-PJAX-URL
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
Lfy
Cdn-Request-Time
X-VHOST
X-Ratelimit-Remaining
X-Gamma-Serve
GeoIp-Country-Code
X-Fastly-Backend-Reqs
Geoip-Latitude
X-Fastly-Country-Code
X-Fpc
X-Platform
X-Newrelic-App-Data
CF-Cached-On
X-Shopify-Generated-Cart-Token
X-Cache-Expired-At
X-HS-Status
X-Render-Time
X-Original-Request-Id
X-Instart-Isnd
X-Tec-Api-Origin
SRV
X-Tec-Api-Root
X-Tec-Api-Version
X-WebServer
X-Pf-Uncompressing
X-Vcl-Version
X-Client-Ip
SN
WZWS-RAY
X-Oracle-Dms-Rid
XServer
X-Proxy-Upstream
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-NGINX-Cache
X-CUA
X-Ratelimit-Limit
Product
Mime-Version
Epwk-X-Cache
X-CACHE-KEY
WWW-Authenticate
X-Fetched-On
X-ECache
X-Sn-Servicetimems
My-App
X-Cdn-Origin
X-GeoIP-Country-Code
URI
X-Varnish-Url
X-Amzn-Remapped-Connection
X-ServedByHost
X-Amzn-Remapped-Date
Pics-Label
Ohc-Cache-HIT
X-Ftr-Cache-Host
Dt-Cache-Category
X-StackifyID
Backend
Backend-Name
A
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
X-B3-SpanId
X-Fastly-Request-Id
X-Request-Start
X-Csrf-Jwt
X-Debug-Cache-Fetch
X-RunCloud-Cache
X-Debug-Cache-Store
X-Swift-Error
Lb
X-Via-Popv
Group
Cloudfront-Viewer-Country
X-Via-Poph
PICS-Label
X-Cache-Tag
Server-Ttl
X-Nananana
X-Debug-Cache-Bypass
X-B3-Spanid
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-Debug-Cache-String
X-LiteSpeed-Cache-Control
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
Cdn
X-Tb-Optimization-Total-Bytes-Saved
X-Served-From
SID
X-Cache-Version
X-Sigma
X-Sigma-Backend
X-Request-Time
X-Rocket-Build-Number
X-WA
X-Varnish-Beresp-TTL
X-Cache-Hm
X-WR-MODIFICATION
Host-ID
Proxy-Firewall
Cneonction
X-Acquia-Site
X-Cache-Hfrom
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Token
X-Acquia-Purge-Tags
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Acquia-Application-UUID
DataCenter
X-APP
X-Lb-Id
X-Html-Edge-Cache
X-Snapshot-Date
CF-IPCountry
X-Dw-Trace-Id
Warning
X-SB
Req-ID
X-Via-Ucdn
X-ElasticPress-Search
X-Request-URL
Cf-Alt-Svc
Origin
X-VC
X-Varnish-ID
Inserted-Into-Cache-At