Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Vhost
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
X-Rack-Cache
RTSS
Accept-CH
Edge-Control
X-Url
MS-Author-Via
X-Clacks-Overhead
Accept-CH-Lifetime
X-Px
X-FTR-Request-ID
Verso
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-B3-TraceId
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
X-Amz-Server-Side-Encryption
Display
X-Sol
X-Middleton-Response
Response
Pagespeed
X-Middleton-Display
X-MS-InvokeApp
X-Cache-TTL
X-Content-Type
X-DynaTrace
X-Cdn
X-D2id
X-NF-Request-ID
X-CST
X-Ttl
X-Amz-Rid
X-Vcap-Request-Id
TCN
X-Cached
X-Abt-Application-Version
X-VARITI-CCR
AR-CACHE
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
Pinterest-Generated-By
X-ESI
X-Powered-CMS
X-Upstream
Accept-Ch
X-Version
X-Navigation-Version
X-Fastly-Request-ID
X-Debug
Cache-Tag
X-Server-Name
X-Grace
Accept-Ch-Lifetime
X-Instart-Request-ID
Access-Control-Request-Method
X-XRDS-Location
Charset
X-Element-Page-Cache
X-MSEdge-Ref
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-TEC-API-ORIGIN
Realpath
X-TEC-API-ROOT
X-TEC-API-VERSION
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Hp-Webp
X-Jurisdiction
SPRequestDuration
SPIisLatency
Pinterest-Version
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
X-Recruiting
X-Id
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
S
X-T
X-Kinsta-Cache
X-Content-Digest
X-Cache-Key
Fastcgi-Cache
X-Logged-In
X-Trace
X-TTL
X-Node-Name
X-NWS-LOG-UUID
X-FastCGI-Cache
TP-Cache
TP-L2-Cache
X-Hostname
Fastly-Restarts
ServerID
X-Oneagent-Js-Injection
X-Request-Received
X-Amzn-Trace-Id
X-Mobile-URL
X-Request-Processing-Time
X-Cache-Hit
Front-End-Https
Server-Node
X-Frontend
X-Cache-Age
X-Server-ID
X-Client-IP
X-Yandex-Sdch-Disable
X-Forwarded-For
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
Edge-Cache-Tag
Powered
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
Server-Name
PB-PID
PB-RID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Security-Policy-Report-Only
X-Ah-Environment
X-User-Agent
X-Hits
X-Page-Id
X-Akamai-Edgescape
X-DIS-Request-ID
X-LB-Cache
X-Revision
X-F-Cache
Filters
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Jobs
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Content-Powered-By
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Correlation-Id
X-Daa-Tunnel
X-N
Accept-Charset
X-Ruxit-Js-Agent
X-FTR-Cache-Host
Cache-Tags
X-Ser
X-B
X-Varnish-Backend
X-Type
X-Varnish-Grace
Paypal-Debug-Id
DC
X-Fastcgi-Cache
X-Rid
Retry-After
X-Esi
X-RateLimit-Remaining
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Git-Hash
Host
Surrogate-Key
X-App-Environment
X-Content-Options
Section-Io-Cache
X-B-Cache
X-Whom
X-FB-Debug
X-TT
X-Signature
X-Request-Guid
X-Edge
X-Activity-Id
X-AppVersion
X-Az
Fastcgi-Useragent
X-IPLB-Instance
X-Endurance-Cache-Level
X-Debug-Info
X-Status
Actual-Object-TTL
Frame-Options
Healthy
X-Via-JSL
Nel
X-HTML-Minification-Powered-By
X-ATG-Version
Srv
X-Release
MicrosoftSharePointTeamServices
X-AOL-HN
Content-Disposition
X-Contextid
X-Cache-Action
Refresh
X-App-Server
X-ATS-Timestamp
X-Seen-By
Backend-Timing
X-Amz-Apigw-Id
X-Amzn-RequestId
From-Origin
X-ECACHE
X-B3-Sampled
X-Pinterest-Direct
X-Protected-By
Access-Control-Allow-Method
X-Response-Served-From
X-Accel-Buffering
X-Cache-Rule
X-Mid
X-MCACHE
X-Cache-Operation
X-ProcessESI
X-RemovedCookies
X-Region
X-Is-Bot
X-Rendered-As
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-Tumblr-Pixel
Odigeo-Trace-Id
X-Tumblr-User
X-L-Path
X-Instance
X-FW-Type
X-FW-Server
X-FW-Dynamic
X-Environment-Context
X-Upgrade-Enabled
X-UUID
X-FW-Static
X-FW-Hash
Uber-Trace-Id
X-FW-Serve
X-WA-Info
X-Varnish-Server
X-Rule
Eomportal-Instance
Payment
X-Cache-Time
X-Drupal-Cache-Tags
X-Adobe-Loc
X-Adobe-Content
MS-CV
Countrycode
X-Proxy
X-Litespeed-Cache
X-Host-Name
Datacenter
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Cached-By
X-Time
X-Mobile
X-NewRelic-App-Data
X-Cache-Server
Source
X-PHP-Backend
X-Cache-Control
X-Load-Cache
X-UnsetCookies
Server-Info
X-Azure-Ref
X-Air-Hostname
Access-Control-Request-Headers
Xserver
X-Correlation-ID
Accept-Language
X-SERVER-NAME
X-Yottaa-Optimizations
X-NGENIX-Cache
X-GeoIP
X-Yottaa-Metrics
X-Backend-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Cache-NGX
X-Presslabs-Stats
X-Akamai-Transformed
X-Handled-By
Version
X-Webkit-CSP
X-NWS-UUID-VERIFY
Liferay-Portal
X-Mode
X-Pass-Why
X-Framework
X-Unique-Id
X-Wix-Request-Id
Filterid
X-URL
X-RateLimit-Limit
X-FireWall-Port
X-APP-VERSION
X-CSRF-Token
X-Adobe-Source
Meta-Geo
X-Vcache
X-ApacheServer
Load-Balancing
X-RN-RSRV
X-Routing-Service
X-Locale
X-UPSTREAM-Address
X-Cache-Var-Map
X-Via-Fastly
X-LJ-Flow-ID
X-UA-Device-Type
X-CCM
X-PERF
X-Path-Route
X-Proxied
Cache-Status
X-VWS-Id
X-Cache-Var
X-ES-SERVER
X-Zipkin-Id
X-AWS-Id
Cache-Hits
ServedBy
Akamai-GRN
X-Access
X-Detected-As
Mn-Server-Ip
X-Format
X-Cache-Status-Check
X-TX-ID
DSUID
Now
X-NCache
X-Pubstack
X-Site-Version
X-Real-IP
X-Tumblr-Pixel-2
X-Www-Served-By
Cache
X-MP-GENERATED-AT
X-Cluster
X-Qloud-Router
X-Section
X-IP
X-Tumblr-Pixel-1
X-Viewer-Country
TWC-Connection-Speed
X-Say-Cacheable
Apigw-Requestid
X-ServerID
X-Cache-Config
Webcakes-App-Name
Webcakes-App-Version
Decoy-Debug-TTL
Webcakes-Region
DB-Nickname
Decoy-Debug-Key
Cleartype
Cache-Tv-Group
X-Redis-Cache
X-Say-TTL
X-R9-Blue-Green-Version
Cache-Name
X-Amzn-Remapped-Content-Length
X-Varnish-Cache-Hits
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Device-Type
X-OCL
X-SayCDN-TTL
Section-Origin-Responded
X-Human
X-FW-Version
X-Info
TWC-Device-Class
Section-Io-Id
X-Origin-Hint
TWC-Locale-Group
X-Storage
Decoy-Debug-Status
TWC-Privacy
TWC-GeoIP-LatLong
Property-Id
X-PCL
X-Web-Node
TWC-GeoIP-Country
S-Rt
X-ShardId
X-Bc-Bl
X-Origin
X-CS
X-PHP-Host
X-ProxyCache-Key
X-NYM-Debug-Backend
X-EIG-Tracking-Id
X-Hosted-By
X-FC-Vary-Parameters
X-Labrador-Cache-Channel
X-ProxyCache-Status
X-Time-Microsecs
X-Cache-2
X-Alternate-Cache-Key
X-Shopify-Stage
X-ShopId
X-BYPASS-REASON
X-Cache-Enabled
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Host
Webserver
Fastly-SSL
X-Hyper-Cache
X-IPS-LoggedIn
Cross-Origin-Window-Policy
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-BCube-Filmed-By
X-FB-TRIP-ID
Azure-Version
X-From
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-Hl-Ver
Locale
X-Urbn-Site-Id
X-RTag
X-Loop
X-SaId
X-JoinUs
X-Content-Age
X-TNCMS
X-Urbn-Context-Path
Origin-Cache-Control
Ms-Operation-Id
X-Cache-Remote
NGB
X-Ua
X-No-Session
Ec-Rule-Version
X-XRDS-LOCATION
X-Geo
X-VCache
X-Generated
X-Drupal-Cache-Contexts
X-CDN-Forward
X-Cache-TTL-Remaining
X-PressLabs-Stats
Time
Origin-Edge-Control
X-Xfnlog-Site
X-EC-Lua
X-Backend-TTL
X-Debug-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
X-Storefront-Renderer-Rendered
SD-X-WS
X-Soup
X-Pad
X-Source
X-SRV
X-NC
X-Old-Content-Length
X-Varnish-Hostname
Upgrade-Insecure-Requests
X-Proto
X-Akamai-Request-ID
X-Tb
X-Cluster-Node
X-Cache-PHP
GEO-INFO
X-TA-CDN-Provider
Referer-Policy
X-App-Version
User-Agent
Proxy-Connection
X-RCS-CacheZone
X-RequestSource
Cache-Key
X-Parent-Response-Time
X-Cache-NE
X-DC
LB
X-Client-Ip
X-Cache-Backend
X-App
X-FORWARDED-FOR
X-Magnolia-Registration
X-Origin-TTL
X-Origin-CC
NGX
Geo-Info
BehaviorPad-Version
AsisCache
Arc-Country
X-Processor
X-A-Dgt
X-PAYTM-SRV-ID
CacheControlHeader
FNAC-ModuleRouting
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Content-Style-Type
Content-Script-Type
X-G
X-CF-Lambda-Fn
X-Rojux
X-Rewrite-Enabled
X-Destination
X-Developer
X-S
X-Cache-Grace
X-Date
X-Response-By
X-Cms-Context
X-CF-Lambda-Version
X-Region-Sid
X-Connection-Hash
X-D
X-NodeID
IsBot
UCS
Viewtype
True-Client-Country-4JS
T-Server
X-Aed
X-Accel-Expires-Debug
VivaBuild
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Who
X-Application
X-ARC
Machine
MD5-Digest
M-TraceId
X-Method
Xc-Version
X-B-Cookie
Meta-Geo-Continent
Pragrma
Rendered-Blocks
On-Server
N-Cache
Mobile-Detection-Method
X-Nginx-Cache-Key
AKAMAI
X-VG-WebServer
X-Vtex-Remote-Cache
X-Transaction
X-VG-WebCache
X-Generation-Time
X-Dispatch
X-Vdms-Path
X-Edge-Location
X-SIPLIST1
X-External-Request-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-SRCache-Key
X-Vtex-Processado-Em
X-Geo-Header
X-Trace-Id
X-Trv-Group
X-AIR-PT
FilterID
X-Scheme
X-ScT
X-Developers
X-SD-PageType
X-Twitter-Response-Tags
X-S-Cookie
X-Vdms-Version
X-DevSite-Last-Modified
Node
X-Tumblr-Pixel-3
User-Cache-Control
X-Proxy-Cache-Status
OT-Force-Account-Verify
X-Distributor
X-Matched-Rule
X-User
MIME-Version
X-Thinkindot-L3
X-Uri
Magicmarker
X-Micro-Cache
Kp-EeAlive
Vix-Hermes-Req-Id
X-Generated-On
X-Generated-In
X-Is-Gdpr
X-Thanos
X-LAGOON
Mail-Subject
X-Level-Front-Cache
X-Agile-Age
X-Agile-Id
X-JWT-State
Viewport
Server-Ext
Server-Host
Sever-Int
X-Agile
Server-Hostname
X-Varnish-Cacheable
X-Loc
Pagetype
Thinkindot-Control
NM-Fastcgi-Cache
X-Auto-Login
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Release
X-Location
X-Logging-Id
X-Forwarded-Host
X-Has-Esi
X-WADP-Cache
X-Dispatcher-Server
X-Key
Wxu-Next-Region
X-Cluster-Name
X-Cache-URL
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Clara-WADP
X-Compress-Hint
X-Server-W
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Worker
X-Servername
X-Gen-Mode
X-VC-Cache
X-Device-Os
X-Req
X-Reqid
X-ServiceProvider
Apple-News-Services-Handled
V-Age
We-Hiring
X-SN
Web-Mar-Node
X-Fmm-Version
X-Block-Status
X-Backend-State
Gh-Request-Id
X-Node-Id
X-Bip
X-Cache-Bucket
X-Hnp-Log
Wxu-Next-Hostname
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Wxu-Next-Commit
X-Cache-Info
X-Owner
CDCHOST
X-Skip-Cache
X-Cache-FS-Status
X-B3-Traceid
X-BBXSRF
X-CGP
X-Hash
X-Envoy-Decorator-Operation
X-Clientip
X-Gzip
X-Core-Value
X-Contensis-Viewer-Groups
X-Cache-Tags
X-Cache-Id
X-Esi-Check
X-Eu-Site
X-Backend-Host
X-Irp-Debug
X-Epic-Correlation-Id
X-Cache-ASPX
X-Fastly-Cache
Is-Eu
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Varnish-Authentication
Adler-Geo
X-VServer
X-NU-AKA-ACS-Version
X-TrackingId
W
X-Varnish-Beresp-Ttl
X-Slack-Backend
X-Webstats-RespID
X-We-Are-Hiring
X-Request-UUID
X-Request-Host
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Fastly-Drupal-HTML
C-Via
Platform
X-Mvc-Supplant-Cachable
Fastly-SIE
X-Var-Ttl
X-Variation
HA-Ipaddr
L5d-Success-Class
Fastly-SWR
ServerName
Ha-Gx-Prefs
X-VG-TLSProxy
X-Hit
X-Newrelic-Synthetics
Rt-Fastcgi-Cache
X-Distil-CS
Fastly-Backend-Name
X-Core-Mission
X-Li-Fabric
X-Li-Pop
X-Session-Fingerprint
X-LI-Proto
X-LI-UUID
X-Reboot
X-GoCache-CacheStatus
X-Origin-Expires
X-Origin-Date
X-Via-CDN
X-TH-Server
Memcached
X-Up
X-Dc
X-BC
X-ZONE
X-Minions-Version
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
RNT-Machine
RNT-Time
X-Wa
Cache-Cookie-Set-From
X-Srv
X-Be
X-ElasticPress-Query
Sid
X-Varnish-URL
X-Aicache-OS
X-Refresh
X-Batcache
X-Configured-By
X-UA
X-Cache-Debug
X-Branch-Name
Cf-Ipcountry
X-Servedbyhost
X-Nc
X-Ua-Device
X-Mvc-Supplant-OutputCached
X-Nginx-Cache
X-TIME
DCR-Decision-By
DCR-Processing-Time-Ms
Hostname
CACHE
S-Cnection
Pramga
Memory
X-Instart-Info
X-Fastly-Cache-Status
X-Ratelimit-Reset
X-Varnishpool
HostName
X-Envoy-Upstream-Healthchecked-Cluster
X-PF-Uncompressing
Location
X-Platform-Server
X-ND-Cache
X-VCL-Version
X-Via-PopH
X-MSEdge-Features
X-MSEdge-Flight
X-Original-Request-Id
HitType
X-Via-PopV
X-BE
X-Sucuri-ID
X-TT-TIMESTAMP
X-Ms-Request-Id
X-Microcachable
X-Ms-Version
X-Sucuri-Cache
X-Check-Cacheable
Powered-By-ChinaCache
NtCoent-Length
X-LB-ID
X-Pjax-Url
X-CF-Powered-By
X-GEO
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-COUNTRY
X-Cdn-Forward
X-FPC
Esi-Enabled
X-Zone
X-Bc
X-OVcl-Cache
GeoIP-Country-Code
X-VarnishDD-TTL
PFcat
X-OVcl
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
GeoIP-Latitude
X-Vgn-Hpd-Variations-Key
L
X-Instart-Isnd
X-Azure-Ref-OriginShield
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-App-Name
Resin-Trace
Server-ID
Ohc-File-Size
FSS-Cache
X-Server-IP
X-Cdn-Srv
X-Render-Time
X-Platform
X-Vgn-Hpd-Reason
X-Fastly-Backend-Reqs
Cache-Host
X-Svr
Server-Cache-Control
X-Varnish-Ttl
Server-Surrogate-Control
X-Generated-By
X-BACKEND-TTL
X-HS-Status
X-CUA
X-Ratelimit-Remaining
X-S-Maxage
X-Unique-ID
X-PJAX-URL
Pics-Label
X-CSRF-TOKEN
Cteonnt-Length
Ohc-Response-Time
X-VHOST
GeoIp-Country-Code
X-Fpc
Epwk-X-Cache
X-Cache-Expired-At
Tracecode
Geoip-Latitude
X-Fastly-Country-Code
X-Rocket-Nginx-Bypass
CF-Cached-On
Backend-Name
X-RunCloud-Cache
SRV
X-Tec-Api-Origin
X-Tec-Api-Version
X-Newrelic-App-Data
X-Varnish-Hits
X-Tec-Api-Root
Locid
X-Edge-Server
Backend
X-Csrf-Jwt
Cdn-Request-Time
Cdn-Host
X-Vcl-Version
Request-EU
Amp-Access-Control-Allow-Source-Origin
Request-Country
X-VCT
Heartbleed
X-Pf-Uncompressing
SN
X-NGINX-Cache
X-Ratelimit-Limit
X-Oracle-Dms-Rid
X-Request-URI
X-CLOUD-TRACE-CONTEXT
X-Via-Popv
X-CACHE-AGE
XServer
X-Via-Poph
WWW-Authenticate
X-Request-Time
X-StackifyID
X-Rocket-Build-Number
X-Sigma-Backend
Lfy
X-Gamma-Serve
X-ECache
X-CACHE-KEY
X-Sigma
CF-IPCountry
X-ServedByHost
X-Nananana
X-Varnish-Url
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Host-ID
X-Ftr-Cache-Host
X-DPWN-IS-SECURE
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
WPE-Backend
NR-ENABLED
X-Debug-Cache-Store
X-WebServer
X-Apw-Access-Token
X-Apw-Access-Object
URI
X-Apw-Hits
X-Apw-Access-Action
X-Debug-Cache-Fetch
Lb
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
X-Via-Ucdn
Country-Code
X-Cache-Tag
CDN-EdgeStorageId
PICS-Label
CDN-Cache
CDN-RequestId
Cloudfront-Viewer-Country
CDN-Uid
SID
X-Debug-Cache-String
X-Debug-Cache-Status
Server-Ttl
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-B3-Spanid
X-Debug-Ysi-Auth
X-Proxy-Upstream
X-Debug-Cache-Bypass
X-LiteSpeed-Cache-Control
X-Shopify-Generated-Cart-Token
Product
X-Cache-Version
My-App
Dnion-Transfer-Encoding
WZWS-RAY
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
DataCenter
Proxy-Firewall
Cneonction
Surrogated-Key
X-Amz-Meta-Cb-Modifiedtime
X-Fetched-On
X-WA
Ohc-Cache-HIT
X-Acquia-Site
X-Cdn-Origin
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-APP
X-Lb-Id
X-Fastly-Cache-Hits
Group
A
X-IN-APIGATEWAYSSL
Inserted-Into-Cache-At
X-Dw-Trace-Id
Cf-Alt-Svc
X-GeoIP-Country-Code
X-SB
X-Varnish-Beresp-TTL
X-VC
X-Html-Edge-Cache
X-Swift-Error
X-ElasticPress-Search
FSS-Proxy
X-Request-URL
X-WR-MODIFICATION
Warning
X-Snapshot-Date
X-IN-APIGATEWAY