Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
P3p
Timing-Allow-Origin
X-Template
X-Language
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Vhost
X-Device
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
Accept-CH
X-Rack-Cache
RTSS
Edge-Control
X-Url
Accept-CH-Lifetime
MS-Author-Via
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-B3-TraceId
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
Response
Pagespeed
Display
X-Middleton-Display
X-Amz-Server-Side-Encryption
X-Sol
X-Middleton-Response
X-MS-InvokeApp
X-Cache-TTL
X-Content-Type
X-DynaTrace
X-Cdn
X-D2id
X-CST
X-Ttl
X-NF-Request-ID
X-Amz-Rid
X-Vcap-Request-Id
X-VARITI-CCR
TCN
X-Abt-Application-Version
X-Cached
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-CACHE
AR-ATIME
Pinterest-Generated-By
X-ESI
X-Powered-CMS
X-Navigation-Version
X-Upstream
X-Version
Cache-Tag
X-Debug
X-Fastly-Request-ID
X-Grace
X-Server-Name
Accept-Ch
X-Instart-Request-ID
Access-Control-Request-Method
X-XRDS-Location
Charset
X-Element-Page-Cache
X-MSEdge-Ref
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Realpath
X-TEC-API-VERSION
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
Accept-Ch-Lifetime
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Hp-Webp
X-Jurisdiction
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
X-Id
X-Recruiting
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
S
X-Kinsta-Cache
X-T
X-Content-Digest
X-Cache-Key
X-Trace
Fastcgi-Cache
X-Logged-In
X-TTL
X-Node-Name
X-NWS-LOG-UUID
X-FastCGI-Cache
TP-L2-Cache
TP-Cache
X-Hostname
Fastly-Restarts
ServerID
X-Oneagent-Js-Injection
X-Mobile-URL
X-Amzn-Trace-Id
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
X-Frontend
Front-End-Https
Server-Node
X-Cache-Age
X-Server-ID
X-Client-IP
X-Forwarded-For
X-Yandex-Sdch-Disable
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
Edge-Cache-Tag
Powered
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Server-Name
PB-PID
Arc-Version
PB-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Ah-Environment
X-DIS-Request-ID
X-Akamai-Edgescape
X-Page-Id
X-Hits
X-F-Cache
Filters
X-LB-Cache
X-Jobs
X-Revision
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Content-Powered-By
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Geo-Country
X-Varnish-Age
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
X-Correlation-Id
X-N
Accept-Charset
X-Ruxit-Js-Agent
X-FTR-Cache-Host
Cache-Tags
X-B
X-Varnish-Backend
X-Ser
X-Type
Paypal-Debug-Id
X-Fastcgi-Cache
DC
X-Varnish-Grace
Surrogate-Key
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Esi
X-RateLimit-Remaining
X-Rid
Retry-After
Host
X-Content-Options
X-Signature
Section-Io-Cache
X-B-Cache
X-App-Environment
X-Whom
X-TT
X-Request-Guid
X-FB-Debug
X-Az
X-Activity-Id
X-AppVersion
X-Edge
X-IPLB-Instance
Fastcgi-Useragent
X-Status
X-Debug-Info
X-Endurance-Cache-Level
Actual-Object-TTL
Frame-Options
Healthy
X-Via-JSL
Nel
X-HTML-Minification-Powered-By
X-ATG-Version
Srv
MicrosoftSharePointTeamServices
X-Release
Content-Disposition
X-AOL-HN
X-Contextid
X-Cache-Action
Refresh
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Seen-By
X-App-Server
X-ATS-Timestamp
Backend-Timing
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-B3-Sampled
X-Protected-By
X-Pinterest-Direct
X-Accel-Buffering
X-Cache-Rule
X-Response-Served-From
X-Region
X-ProcessESI
X-MCACHE
X-RemovedCookies
X-Mid
X-Cache-Operation
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Rendered-As
X-Tumblr-User
X-Is-Bot
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-Cacheable-TTL
X-Upgrade-Enabled
X-Instance
X-WA-Info
X-Environment-Context
X-FW-Dynamic
X-FW-Hash
X-UUID
X-FW-Serve
Uber-Trace-Id
X-FW-Type
X-FW-Server
X-L-Path
X-FW-Static
Eomportal-Instance
X-Cache-Time
X-Rule
X-Varnish-Server
X-Drupal-Cache-Tags
Payment
X-Adobe-Loc
Countrycode
MS-CV
X-Adobe-Content
X-Host-Name
X-Proxy
X-Litespeed-Cache
Datacenter
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Cached-By
X-Time
X-Mobile
X-Cache-Server
X-NewRelic-App-Data
Source
X-Cache-Control
X-UnsetCookies
X-PHP-Backend
X-Load-Cache
Server-Info
Access-Control-Request-Headers
X-Azure-Ref
X-Air-Hostname
Accept-Language
X-Correlation-ID
Xserver
X-SERVER-NAME
X-NGENIX-Cache
X-Yottaa-Metrics
X-Backend-Name
X-Yottaa-Optimizations
X-GeoIP
X-Tt-Trace-Host
X-Cache-NGX
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Presslabs-Stats
X-Handled-By
X-Akamai-Transformed
Liferay-Portal
Version
X-Pass-Why
X-Framework
X-Mode
X-NWS-UUID-VERIFY
X-Webkit-CSP
X-Unique-Id
X-Wix-Request-Id
Filterid
X-URL
X-RateLimit-Limit
X-FireWall-Port
X-APP-VERSION
X-CSRF-Token
X-Path-Route
Load-Balancing
Meta-Geo
X-ApacheServer
X-ES-SERVER
X-Locale
X-AWS-Id
X-LJ-Flow-ID
X-Vcache
Cross-Origin-Window-Policy
X-Adobe-Source
X-Zipkin-Id
X-VWS-Id
X-Via-Fastly
X-Cache-Var-Map
X-Cache-Var
X-Proxied
X-UPSTREAM-Address
X-UA-Device-Type
X-Routing-Service
Cache-Status
X-RN-RSRV
X-PERF
X-CCM
X-NCache
Cache
X-Www-Served-By
X-MP-GENERATED-AT
Now
X-Qloud-Router
ServedBy
X-IP
X-Real-IP
X-Cache-Status-Check
Akamai-GRN
X-Pubstack
X-Viewer-Country
Cache-Hits
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
DSUID
X-Section
X-Access
X-Detected-As
X-Site-Version
X-TX-ID
Mn-Server-Ip
X-Cluster
X-Format
Decoy-Debug-TTL
X-Hyper-Cache
Section-Origin-Responded
X-FW-Version
X-Human
X-Storage
Decoy-Debug-Key
Section-Io-Id
Section-Io-Origin-Status
Cache-Tv-Group
S-Rt
X-Info
Cleartype
Section-Io-Origin-Time-Seconds
Cache-Name
DB-Nickname
Apigw-Requestid
Property-Id
Decoy-Debug-Status
X-Varnish-Cache-Hits
X-Amzn-Remapped-Content-Length
X-CS
X-Cache-Config
X-Device-Type
Webcakes-App-Version
TWC-Locale-Group
X-ServerID
X-SayCDN-TTL
X-Say-TTL
X-PCL
TWC-Privacy
X-Origin-Hint
X-OCL
Webcakes-App-Name
X-Say-Cacheable
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-Connection-Speed
X-Redis-Cache
TWC-Device-Class
X-Web-Node
TWC-GeoIP-Country
Webcakes-Region
X-EIG-Tracking-Id
X-Cache-Enabled
Webserver
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Cache-Host
X-Bc-Bl
X-FC-Vary-Parameters
X-ProxyCache-Status
X-IPS-LoggedIn
X-PHP-Host
X-Cache-2
X-NYM-Debug-Backend
X-Time-Microsecs
X-ProxyCache-Key
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Labrador-Cache-Channel
X-Origin
Fastly-SSL
X-Hosted-By
X-TNCMS
X-JoinUs
Azure-SlotName
X-SaId
X-From
X-FB-TRIP-ID
X-Content-Age
Azure-SiteName
Azure-Version
X-Proxy-Build
Selected-Fe
X-Hl-Ver
X-Loop
X-BCube-Filmed-By
Azure-InstanceId
X-Timing-Wait
Azure-RegionName
X-Urbn-Context-Path
Locale
X-RTag
Origin-Cache-Control
Ms-Operation-Id
X-Urbn-Site-Id
X-Cache-Remote
X-VCache
NGB
X-No-Session
Ec-Rule-Version
X-XRDS-LOCATION
X-Ua
X-Geo
X-Generated
X-Drupal-Cache-Contexts
X-CDN-Forward
X-Cache-TTL-Remaining
X-PressLabs-Stats
X-Xfnlog-Site
Origin-Edge-Control
Time
X-EC-Lua
X-Backend-TTL
X-Debug-Cache
Country
X-Storefront-Renderer-Rendered
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-SRV
X-Pad
X-Source
X-Soup
X-NC
Upgrade-Insecure-Requests
X-Old-Content-Length
X-Varnish-Hostname
X-Proto
X-Tb
X-Akamai-Request-ID
X-Cluster-Node
GEO-INFO
X-Cache-PHP
X-TA-CDN-Provider
Referer-Policy
X-App-Version
X-RequestSource
Proxy-Connection
Cache-Key
X-Parent-Response-Time
User-Agent
X-RCS-CacheZone
X-Cache-NE
X-App
X-DC
LB
X-Cache-Backend
X-Client-Ip
X-Magnolia-Registration
X-FORWARDED-FOR
X-Origin-TTL
NGX
X-Origin-CC
Geo-Info
GEO-REGION-INFO
M-TraceId
X-Vdms-Path
X-Vdms-Version
AKAMAI
Machine
IsBot
T-Server
X-VG-WebServer
Who
VivaBuild
Viewtype
True-Client-Country-4JS
UCS
Arc-Country
AsisCache
CacheControlHeader
X-VG-WebCache
N-Cache
X-Vtex-Processado-Em
Mobile-Detection-Method
Content-Script-Type
X-SRCache-Key
X-Vtex-Remote-Cache
Fastcgi-X-Cache-Version
MD5-Digest
Rendered-Blocks
Pragrma
On-Server
BehaviorPad-Version
FNAC-ModuleRouting
Content-Style-Type
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-NodeID
X-Trace-Id
X-Processor
X-Region-Sid
X-Nginx-Cache-Key
X-Method
X-Trv-Group
X-Transaction
X-Generation-Time
X-Geo-Header
X-Response-By
X-Rewrite-Enabled
X-SD-PageType
X-SVT-ORM-VERSION
X-SIPLIST1
X-SVT-ORM-RULES
X-ScT
X-Scheme
X-Swa-Ws
X-Rojux
X-S
X-S-Cookie
X-G
X-Twitter-Response-Tags
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-CF-Lambda-Fn
X-Cms-Context
X-DevSite-Last-Modified
X-Dispatch
X-Edge-Location
X-External-Request-Id
X-Developers
X-Developer
X-Connection-Hash
X-D
X-Date
X-Destination
X-A
Meta-Geo-Continent
Xc-Version
X-AIR-PT
FilterID
X-Cache-Grace
X-Proxy-Cache-Status
Node
X-Distributor
X-Tumblr-Pixel-3
User-Cache-Control
OT-Force-Account-Verify
X-Agile-Id
X-Backend-State
X-Auto-Login
X-Cache-FS-Status
X-Clara-WADP
X-Compress-Hint
X-Cache-URL
X-Cache-Info
X-Cache-Bucket
X-Agile-Age
X-Block-Status
Wxu-Next-Hostname
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Sever-Int
X-VC-Cache
Server-Host
Server-Hostname
X-Varnish-Cacheable
V-Age
Wxu-Next-Commit
X-Device-Os
Wxu-Next-Region
Web-Mar-Node
We-Hiring
Viewport
Vix-Hermes-Req-Id
X-Agile
X-User
X-Policy
X-Thanos
X-RateLimit-Limit-Second
X-Thinkindot-L3
X-Owner
X-Micro-Cache
X-Node-Id
X-RateLimit-Remaining-Second
X-Req
X-ServiceProvider
X-Skip-Cache
X-SN
X-Servername
X-Server-W
X-Reqid
X-Forwarded-Host
X-Matched-Rule
X-Logging-Id
X-Generated-In
X-Generated-On
X-Has-Esi
X-Gen-Mode
X-Fmm-Version
Server-Ext
X-Uri
X-Hash
X-Hnp-Log
X-Level-Front-Cache
X-Loc
X-Location
X-LAGOON
X-Key
X-Is-Gdpr
X-JWT-State
X-Dispatcher-Server
X-Bip
X-Cluster-Name
Kp-EeAlive
NM-Fastcgi-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
X-Worker
Mail-Subject
Gh-Request-Id
Magicmarker
X-WADP-Cache
X-Wikidot-Static-Cache
Pagetype
MIME-Version
Apple-News-Services-Request-Url
CDCHOST
Apple-News-Services-Parsed-Url
X-Wikidot-Backend
Release
X-Hit
X-B3-Traceid
X-Clientip
X-Rebelmouse-Surrogate-Control
X-CGP
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Contensis-Viewer-Groups
X-TrackingId
X-Origin-Date
C-Via
X-Cache-ASPX
Is-Eu
HA-Ipaddr
X-Cache-Id
X-Cache-Tags
Ha-Gx-Prefs
X-Core-Mission
X-Core-Value
X-Mvc-Supplant-Cachable
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-VServer
X-Eu-Site
X-Esi-Check
Fastly-SIE
Fastly-SWR
Adler-Geo
X-Irp-Debug
X-NU-AKA-ACS-Version
X-Varnish-Beresp-Grace
X-Fastly-Cache
X-Gzip
Fastly-Drupal-HTML
X-Var-Ttl
X-TH-Server
X-Request-Host
Platform
X-Varnish-Beresp-Ttl
X-VG-TLSProxy
ServerName
X-Request-UUID
X-Varnish-Authentication
W
X-BBXSRF
X-Slack-Backend
X-We-Are-Hiring
Rt-Fastcgi-Cache
X-Varnish-Beresp-Status
L5d-Success-Class
X-Backend-Host
X-Webstats-RespID
X-Variation
X-Newrelic-Synthetics
Memcached
X-Up
X-GoCache-CacheStatus
X-Distil-CS
Fastly-Backend-Name
X-Li-Fabric
X-Li-Pop
X-Reboot
X-LI-Proto
X-Via-CDN
X-Session-Fingerprint
X-LI-UUID
X-Dc
X-BC
X-ZONE
Cache-Cookie-Set-From
X-Minions-Version
X-Wa
Cache-Cookie-Set-Lfrom
RNT-Time
Sid
RNT-Machine
Cache-Cookie-Set-Idcheck
X-Srv
X-Be
X-ElasticPress-Query
X-Varnish-URL
X-Batcache
X-Refresh
X-Aicache-OS
X-Configured-By
X-UA
X-Cache-Debug
X-Branch-Name
X-Nc
Cf-Ipcountry
X-Servedbyhost
X-Ua-Device
Hostname
X-Nginx-Cache
DCR-Processing-Time-Ms
X-TIME
X-Mvc-Supplant-OutputCached
CACHE
DCR-Decision-By
S-Cnection
Memory
Pramga
X-Via-PopH
X-Instart-Info
X-Ratelimit-Reset
X-Via-PopV
X-Fastly-Cache-Status
X-Varnishpool
HostName
X-Original-Request-Id
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
HitType
X-ND-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-VCL-Version
Location
X-PF-Uncompressing
X-BE
X-Sucuri-ID
X-Ms-Version
X-Microcachable
X-TT-TIMESTAMP
X-Ms-Request-Id
X-Sucuri-Cache
X-Check-Cacheable
X-Debug-Panamera-Host
X-Cdn-Forward
X-CF-Powered-By
X-COUNTRY
X-LB-ID
NtCoent-Length
X-GEO
X-FPC
X-Pjax-Url
Esi-Enabled
Powered-By-ChinaCache
X-Debug-Panamera-Sitecode
X-Bc
X-Zone
X-OVcl-Cache
X-Oss-Server-Time
X-OVcl
X-VarnishDD-TTL
GeoIP-Country-Code
X-Oss-Hash-Crc64ecma
PFcat
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Vgn-Hpd-Cached
Resin-Trace
Server-ID
X-Vgn-Hpd-Ssi
X-App-Name
L
GeoIP-Latitude
X-Azure-Ref-OriginShield
X-Vgn-Hpd-Variations-Key
X-Instart-Isnd
Ohc-File-Size
FSS-Cache
X-Platform
X-Render-Time
X-Cdn-Srv
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
X-Server-IP
Cache-Host
X-Generated-By
Server-Cache-Control
X-Varnish-Ttl
X-Svr
Server-Surrogate-Control
X-BACKEND-TTL
X-HS-Status
X-CUA
X-CSRF-TOKEN
X-S-Maxage
X-Ratelimit-Remaining
X-Unique-ID
Pics-Label
Cteonnt-Length
X-PJAX-URL
X-VHOST
Ohc-Response-Time
GeoIp-Country-Code
Geoip-Latitude
X-Rocket-Nginx-Bypass
X-Fpc
X-Fastly-Country-Code
X-Cache-Expired-At
Epwk-X-Cache
Tracecode
CF-Cached-On
X-RunCloud-Cache
Backend-Name
Backend
X-Tec-Api-Origin
X-Tec-Api-Root
X-Varnish-Hits
X-Newrelic-App-Data
SRV
X-Tec-Api-Version
Heartbleed
X-VCT
X-Edge-Server
Request-EU
SN
X-Pf-Uncompressing
Cdn-Host
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
Locid
X-Csrf-Jwt
Request-Country
Cdn-Request-Time
X-Ratelimit-Limit
X-NGINX-Cache
X-CACHE-AGE
X-Oracle-Dms-Rid
X-Via-Poph
X-CLOUD-TRACE-CONTEXT
XServer
X-Request-URI
X-Via-Popv
X-StackifyID
X-Rocket-Build-Number
X-ECache
X-Sigma
X-Gamma-Serve
X-Sigma-Backend
X-CACHE-KEY
Lfy
WWW-Authenticate
X-Request-Time
CF-IPCountry
X-ServedByHost
X-Varnish-Url
X-Amzn-Remapped-Date
X-Nananana
Host-ID
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
X-DPWN-IS-SECURE
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
X-Fastly-Request-Id
NR-ENABLED
WPE-Backend
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Country-Code
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-WebServer
URI
X-Apw-Hits
Lb
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
X-Via-Ucdn
X-Cache-Tag
Cloudfront-Viewer-Country
X-Debug-Cache-Status
CDN-PullZone
CDN-EdgeStorageId
X-Proxy-Upstream
X-B3-Spanid
X-Shopify-Generated-Cart-Token
Product
CDN-CachedAt
CDN-Cache
X-Debug-Cache-String
X-Debug-Cache-Bypass
X-Debug-Ysi-Auth
PICS-Label
Server-Ttl
X-LiteSpeed-Cache-Control
X-Debug-Do-Not-Cache-Uri
SID
X-Debug-Xas-Auth
X-Cache-Version
WZWS-RAY
Surrogated-Key
X-Acquia-Site
X-Sn-Servicetimems
Cneonction
X-Cdn-Origin
X-Amz-Meta-Cb-Modifiedtime
Dnion-Transfer-Encoding
My-App
X-Acquia-Purge-Tags
DataCenter
X-Fetched-On
X-WA
Proxy-Firewall
Ohc-Cache-HIT
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Tb-Optimization-Total-Bytes-Saved
X-APP
X-WR-MODIFICATION
X-Request-URL
X-ElasticPress-Search
X-VC
X-Html-Edge-Cache
Cf-Alt-Svc
X-Lb-Id
X-Fastly-Cache-Hits
X-Dw-Trace-Id
X-SB
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
Warning
X-Snapshot-Date
FSS-Proxy
X-IN-APIGATEWAY
X-Swift-Error
A
X-IN-APIGATEWAYSSL
X-GeoIP-Country-Code