Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Request-Context
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Cache-Lookup
X-Readtime
X-Backend-Server
X-Node
X-Dispatcher
X-Origin-Upstream-Status
NEL
X-HW
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Rack-Cache
X-Clacks-Overhead
Accept-CH
RTSS
X-Px
MS-Author-Via
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
Accept-CH-Lifetime
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Id
Public-Key-Pins
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Middleton-Display
X-Sol
X-Middleton-Response
Pagespeed
Display
Response
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
Host-Header
X-Pass-Why
X-D2id
X-Content-Type
Pinterest-Generated-By
TCN
X-Amz-Rid
X-CST
X-Abt-Application-Version
X-Cached
X-NF-Request-ID
X-Vcap-Request-Id
X-VARITI-CCR
AR-Request-ID
AR-ATIME
AR-PoweredBy
Accept-Ch
AR-CACHE
Ar-Sid
X-ESI
X-Navigation-Version
X-Ttl
X-Version
X-Fastly-Request-ID
Cache-Tag
X-Powered-CMS
X-Upstream
X-Server-Name
X-Instart-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Accept-Ch-Lifetime
X-Debug
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
Charset
Nginx-Cache
X-Accel-Expires
X-XRDS-Location
X-Element-Page-Cache
Content-MD5
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Realpath
SPRequestDuration
SPIisLatency
X-Ezoic-Cdn
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
S
SPRequestGuid
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
X-Shield-Request-Id
X-Jurisdiction
X-Hp-Webp
X-TTL
X-Cdn
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Client-IP
X-Id
X-Trace
X-Kinsta-Cache
X-T
X-Content-Digest
Fastcgi-Cache
X-Node-Name
X-FastCGI-Cache
X-Logged-In
X-Server-ID
X-Mobile-URL
X-Cache-Key
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Frontend
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Hostname
X-Cache-Age
X-Oneagent-Js-Injection
ServerID
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
Fastly-Restarts
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Yandex-Sdch-Disable
Server-Name
Powered
PB-PID
PB-RID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
X-Content-Security-Policy-Report-Only
Filters
X-Revision
X-Page-Id
X-User-Agent
X-DIS-Request-ID
X-Jobs
X-Hits
X-F-Cache
X-Zen-Fury
X-LB-Cache
X-Akamai-Edgescape
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Powered-By
X-Geo-Country
Accept-Charset
Alternate-Protocol
X-Origin-Server
X-Correlation-Id
X-Fastcgi-Cache
X-Varnish-Age
X-FTR-Cache-Host
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-N
X-B
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
X-Varnish-Backend
Nel
Cache-Tags
X-Rid
X-Ruxit-Js-Agent
Backend-Timing
X-ATS-Timestamp
X-RateLimit-Remaining
X-AppVersion
X-Az
X-Activity-Id
X-WebKit-CSP-Report-Only
X-Varnish-Grace
X-Type
DC
X-Git-Hash
X-Amz-Replication-Status
Retry-After
X-FB-Debug
MicrosoftSharePointTeamServices
Surrogate-Key
Paypal-Debug-Id
X-Via-JSL
X-Whom
X-App-Environment
X-Status
Host
X-Content-Options
Section-Io-Cache
X-B-Cache
X-Signature
X-Request-Guid
X-TT
X-Edge
X-Esi
X-Debug-Info
Frame-Options
X-Ser
Fastcgi-Useragent
Actual-Object-TTL
X-ATG-Version
X-IPLB-Instance
X-App-Server
Healthy
X-Endurance-Cache-Level
X-Amzn-RequestId
X-HTML-Minification-Powered-By
X-Contextid
X-AOL-HN
X-Cache-Action
X-Seen-By
Srv
X-ECACHE
Refresh
X-Pinterest-Direct
From-Origin
X-Host-Name
X-B3-Sampled
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Response-Served-From
X-Instance
X-Cache-Rule
X-Accel-Buffering
X-Cache-Operation
X-RemovedCookies
X-Drupal-Cache-Tags
X-Protected-By
X-ProcessESI
Content-Disposition
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Rule
X-Rendered-As
Odigeo-Trace-Id
X-Is-Bot
X-Cacheable-TTL
X-MCACHE
Datacenter
X-Mid
X-UUID
X-Region
MS-CV
Source
X-Environment-Context
Payment
Eomportal-Instance
X-WA-Info
X-L-Path
X-Varnish-Server
Countrycode
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-Cache-Time
X-FW-Static
X-FW-Serve
X-Time
X-Adobe-Loc
X-Adobe-Content
Xserver
X-Litespeed-Cache
X-Cache-Control
Uber-Trace-Id
X-PressLabs-Stats
X-Cached-By
X-Release
Cache-Status
X-Proxy
X-Akamai-Request-ID2
X-Cache-Server
X-UnsetCookies
X-EdgeConnect-Cache-Status
X-Load-Cache
X-VCache
X-Mobile
X-GeoIP
X-PHP-Backend
X-Webkit-CSP
X-Yottaa-Optimizations
X-Akamai-Transformed
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Azure-Ref
Version
X-Wix-Request-Id
X-SERVER-NAME
X-Correlation-ID
X-NewRelic-App-Data
X-Handled-By
X-Cluster
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Air-Hostname
X-NGENIX-Cache
X-Tt-Trace-Host
X-Cache-NGX
X-Backend-Name
X-Mode
Accept-Language
Cache
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
NGB
Liferay-Portal
X-Tumblr-Pixel-2
X-XRDS-LOCATION
X-Tumblr-Pixel-1
X-Framework
X-FireWall-Port
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-Locale
Meta-Geo
Load-Balancing
Cross-Origin-Window-Policy
X-Cache-Status-Check
X-CSRF-Token
X-ES-SERVER
X-Path-Route
X-URL
X-RN-RSRV
X-Via-Fastly
X-ApacheServer
X-Adobe-Source
X-UPSTREAM-Address
Filterid
X-PERF
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
Decoy-Debug-TTL
X-MP-GENERATED-AT
X-Ua
X-Site-Version
Cache-Hits
X-Storage
Decoy-Debug-Key
Decoy-Debug-Status
X-Www-Served-By
X-Viewer-Country
X-PCL
X-UA-Device-Type
X-Detected-As
X-OCL
X-Real-IP
Cleartype
X-TX-ID
X-IP
X-Redis-Cache
X-Human
X-RTag
ServedBy
X-Format
X-APP-VERSION
X-Access
Now
X-Say-Cacheable
X-Cache-Config
X-Section
X-Say-TTL
X-Qloud-Router
Akamai-GRN
X-R9-Blue-Green-Version
Fastly-SSL
X-Cache-Remote
Ms-Operation-Id
Mn-Server-Ip
X-NCache
X-Pubstack
X-SayCDN-TTL
Webcakes-App-Version
X-FC-Vary-Parameters
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
S-Rt
X-ServerID
X-Device-Type
X-CS
Cache-Name
Cache-Tv-Group
TWC-GeoIP-LatLong
X-ProxyCache-Status
X-No-Session
X-Routing-Service
X-Labrador-Cache-Channel
TWC-GeoIP-Country
X-ProxyCache-Key
Webcakes-App-Name
X-PHP-Host
X-Geo
X-Proxied
TWC-Locale-Group
TWC-Privacy
X-Web-Node
TWC-Device-Class
X-BYPASS-REASON
X-Hosted-By
Webserver
X-Hl-Ver
Webcakes-Region
X-FW-Version
X-Bc-Bl
Property-Id
TWC-Connection-Speed
X-Origin-Hint
X-Zipkin-Id
X-Alternate-Cache-Key
X-BCube-Filmed-By
X-Cache-Enabled
Selected-Fe
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-SaId
X-Proxy-Build
X-Origin
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Varnish-Cache-Hits
X-TNCMS
X-Timing-Wait
X-Time-Microsecs
X-Loop
X-NYM-Debug-Backend
X-Generated
X-EIG-Tracking-Id
DSUID
X-JoinUs
X-FB-TRIP-ID
DB-Nickname
X-Amzn-Remapped-Content-Length
X-Info
X-Hyper-Cache
X-Cache-Host
Origin-Cache-Control
Server-Info
X-RateLimit-Limit
X-Content-Age
X-From
Ec-Rule-Version
X-RequestSource
Azure-InstanceId
Azure-RegionName
Azure-Version
Azure-SiteName
Azure-SlotName
X-Xfnlog-Site
Origin-Edge-Control
X-Cache-2
Time
SD-X-WS
X-Cache-TTL-Remaining
Locale
X-Unique-Id
X-Drupal-Cache-Contexts
Country
X-EC-Lua
Geo-Info
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
User-Agent
Apigw-Requestid
X-Pad
X-Old-Content-Length
X-Presslabs-Stats
X-Source
X-Cluster-Node
X-Varnish-Hostname
X-Cache-NE
FilterID
Upgrade-Insecure-Requests
X-Debug-Cache
X-Parent-Response-Time
X-Vcache
X-Soup
X-Akamai-Request-ID
X-RCS-CacheZone
X-App-Version
X-Cache-Backend
X-Proto
Proxy-Connection
X-Tb
X-DC
X-CDN-Forward
X-Backend-TTL
X-Cache-PHP
X-Proxy-Cache-Status
X-Cache-Grace
X-Srv
X-Forwarded-Host
X-Tumblr-Pixel-3
T-Server
X-DevSite-Last-Modified
X-Processor
UCS
X-Rewrite-Enabled
Who
X-Rojux
X-S
X-Uri
X-Reqid
X-PAYTM-SRV-ID
X-Region-Sid
Viewtype
VivaBuild
True-Client-Country-4JS
Rendered-Blocks
AsisCache
BehaviorPad-Version
Arc-Country
X-Generated-On
Machine
M-TraceId
IsBot
X-Geo-Header
Content-Script-Type
Content-Style-Type
FNAC-ModuleRouting
GEO-REGION-INFO
X-Level-Front-Cache
MD5-Digest
X-G
Server-Host
X-S-Cookie
X-NodeID
X-Dispatch
ServerName
X-Method
X-External-Request-Id
Cache-Key
Meta-Geo-Continent
Mobile-Detection-Method
N-Cache
Pagetype
X-Storefront-Renderer-Rendered
X-ServiceProvider
X-Aed
X-Connection-Hash
X-D
X-Application
X-SRV
X-Twitter-Response-Tags
X-A-Wwc
X-Trace-Id
X-Accel-Expires-Debug
X-Trv-Group
X-Scheme
X-Vdms-Path
X-Vtex-Processado-Em
X-Destination
X-Vtex-Remote-Cache
X-Date
X-B-Cookie
X-Developer
X-Vdms-Version
X-ARC
X-VG-WebCache
X-VG-WebServer
X-A-Dgt
X-Transaction
X-CF-Lambda-Fn
WPE-Backend
X-A-Dcw
X-SIPLIST1
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
X-ScT
X-SD-PageType
NR-ENABLED
X-FORWARDED-FOR
X-Session-Fingerprint
X-SRCache-Key
Xc-Version
X-A-Ccd
X-A
X-A-Dam
User-Cache-Control
X-Nc
X-App
OT-Force-Account-Verify
X-Compress-Hint
Mail-Subject
X-Cache-FS-Status
X-Hnp-Log
Kp-EeAlive
X-Generation-Time
X-Cache-Bucket
Magicmarker
X-Cms-Context
X-Block-Status
X-Cache-Info
X-Hash
X-Bip
X-Backend-State
X-Generated-In
X-Dispatcher-Server
Wxu-Next-Region
Viewport
V-Age
Thinkindot-Control
Vix-Hermes-Req-Id
We-Hiring
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Node
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
RNT-Machine
On-Server
NM-Fastcgi-Cache
X-Fmm-Version
RNT-Time
X-Developers
X-Agile
X-Agile-Age
X-Agile-Id
X-Gen-Mode
X-Matched-Rule
X-Req
LB
X-Response-By
X-Be
X-RateLimit-Remaining-Second
X-AIR-PT
X-Clara-WADP
X-Micro-Cache
X-Nginx-Cache-Key
X-Owner
X-Servername
X-Skip-Cache
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Worker
X-User
X-Thinkindot-L3
X-SN
X-Swa-Ws
X-Thanos
X-Location
X-RateLimit-Limit-Second
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
CDCHOST
CacheControlHeader
AKAMAI
Apple-News-Services-Parsed-Url
Sid
X-Origin-TTL
X-Origin-CC
Node
X-NC
X-Hit
NGX
X-Clientip
X-Variation
X-TrackingId
X-CGP
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
Cache-Cookie-Set-Lfrom
X-Slack-Backend
X-Gzip
X-TH-Server
X-Varnish-Cacheable
X-Has-Esi
X-Auto-Login
X-Cache-URL
X-Irp-Debug
X-JWT-State
X-Core-Value
Fastly-Drupal-HTML
X-Cache-Tags
X-Cache-Id
X-Webstats-RespID
X-BBXSRF
X-Cluster-Name
X-VC-Cache
S-Cnection
X-LAGOON
X-We-Are-Hiring
Is-Eu
X-Newrelic-Synthetics
X-Request-UUID
Rt-Fastcgi-Cache
X-Mvc-Supplant-Cachable
X-Distil-CS
Adler-Geo
Server-Hostname
X-Node-Id
X-Epic-Correlation-Id
X-Esi-Check
X-Logging-Id
X-Loc
Platform
Release
X-Eu-Site
Sever-Int
Server-Ext
X-Reboot
C-Via
Cache-Cookie-Set-From
X-Request-Host
X-Device-Os
L5d-Success-Class
Cache-Cookie-Set-Idcheck
X-Is-Gdpr
X-Policy
X-Envoy-Decorator-Operation
X-Magnolia-Registration
Cf-Ipcountry
X-Configured-By
X-VServer
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-NU-AKA-ACS-Version
X-Origin-Date
X-Server-W
X-Distributor
X-Origin-Expires
X-VG-TLSProxy
X-Core-Mission
X-Rebelmouse-Cache-Control
X-Fastly-Cache
X-Var-Ttl
X-Rebelmouse-Surrogate-Control
X-Cache-Debug
X-Backend-Host
Fastly-SWR
X-TA-CDN-Provider
Memcached
X-Branch-Name
W
Fastly-SIE
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Cache-ASPX
X-GoCache-CacheStatus
X-Varnish-Authentication
Referer-Policy
X-Contensis-Viewer-Groups
X-Edge-Location
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Key
HostName
X-Microcachable
X-Instart-Info
Pragrma
X-Dc
X-Wa
X-Cdn-Forward
X-Via-PopV
X-Envoy-Upstream-Healthchecked-Cluster
X-Refresh
X-Platform-Server
X-Via-PopH
MIME-Version
Fastly-Backend-Name
X-Ms-Request-Id
X-Varnish-URL
X-TT-TIMESTAMP
X-Ms-Version
X-ZONE
X-BC
GEO-INFO
X-Servedbyhost
X-UA
X-Mvc-Supplant-OutputCached
NtCoent-Length
X-Via-CDN
X-Ua-Device
Esi-Enabled
X-Batcache
Memory
X-Up
X-Minions-Version
X-Zone
X-Vgn-Hpd-Reason
X-B3-Traceid
X-Bc
X-TIME
X-MSEdge-Features
X-Nginx-Cache
X-MSEdge-Flight
Tracecode
X-ElasticPress-Query
X-App-Name
L
Server-ID
X-BACKEND-TTL
X-Pjax-Url
X-Aicache-OS
X-ND-Cache
X-Server-IP
X-Sucuri-ID
Cache-Host
X-VCL-Version
Ohc-File-Size
CACHE
X-Unique-ID
X-Cdn-Srv
X-Debug-Panamera-Sitecode
X-Svr
X-Debug-Panamera-Host
X-CF-Powered-By
DCR-Decision-By
X-Generated-By
Server-Surrogate-Control
GeoIP-Country-Code
DCR-Processing-Time-Ms
X-FPC
X-COUNTRY
Server-Cache-Control
FSS-Cache
X-S-Maxage
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
Powered-By-ChinaCache
GeoIP-Latitude
Location
X-PF-Uncompressing
X-Oss-Hash-Crc64ecma
Ohc-Response-Time
X-VCT
X-Fastly-Cache-Status
X-GEO
HitType
X-Check-Cacheable
X-Azure-Ref-OriginShield
Pramga
X-Rocket-Nginx-Bypass
X-CLOUD-TRACE-CONTEXT
X-Varnishpool
X-BE
X-LB-ID
Resin-Trace
Hostname
X-Ratelimit-Reset
Request-Country
X-VarnishDD-TTL
X-Varnish-Ttl
Request-EU
X-Sucuri-Cache
Heartbleed
Locid
PFcat
Cteonnt-Length
X-Client-Ip
X-Varnish-Hits
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-OVcl
X-OVcl-Cache
X-Vgn-Hpd-Ssi
X-Request-URI
Amp-Access-Control-Allow-Source-Origin
X-Edge-Server
X-Fpc
X-Fastly-Backend-Reqs
Cdn-Request-Time
Cdn-Host
X-Instart-Isnd
X-Original-Request-Id
X-Platform
Lfy
X-VHOST
X-Newrelic-App-Data
X-Fastly-Country-Code
GeoIp-Country-Code
Geoip-Latitude
X-HS-Status
X-PJAX-URL
X-CACHE-KEY
X-Render-Time
X-Gamma-Serve
SRV
CF-Cached-On
X-CSRF-TOKEN
X-Shopify-Generated-Cart-Token
X-Cache-Expired-At
SN
X-Vcl-Version
X-WebServer
X-CUA
X-Pf-Uncompressing
X-Ratelimit-Remaining
WZWS-RAY
X-NGINX-Cache
Product
X-Proxy-Upstream
X-Ratelimit-Limit
X-CACHE-AGE
Epwk-X-Cache
X-Oracle-Dms-Rid
Mime-Version
X-Cdn-Origin
X-Sn-Servicetimems
X-Fetched-On
X-ECache
My-App
WWW-Authenticate
Pics-Label
X-ServedByHost
X-Varnish-Url
Backend-Name
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Backend
Ohc-Cache-HIT
XServer
X-RunCloud-Cache
X-GeoIP-Country-Code
URI
X-Ftr-Cache-Host
X-Csrf-Jwt
X-Oss-Cdn-Auth
X-StackifyID
X-Via-Poph
X-Via-Popv
CloudFront-Viewer-Country
A
X-Tec-Api-Root
X-Tec-Api-Version
X-B3-SpanId
X-Tec-Api-Origin
Dt-Cache-Category
X-Debug-Cache-Fetch
PICS-Label
X-Request-Start
X-Debug-Cache-Store
X-Swift-Error
Lb
X-Cache-Tag
X-Served-From
Cloudfront-Viewer-Country
X-Nananana
Server-Ttl
X-Sigma-Backend
SID
Host-ID
X-Rocket-Build-Number
Group
Cdn
X-Tb-Optimization-Total-Bytes-Saved
X-Sigma
X-Request-Time
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-LiteSpeed-Cache-Control
X-B3-Spanid
X-Cache-Version
Dnion-Transfer-Encoding
X-WA
X-Acquia-Application-UUID
X-Apw-Hits
X-Acquia-Application-Trace
Cneonction
X-Cache-Hm
X-Acquia-Purge-Tags
X-Acquia-Site
X-Apw-Access-Action
X-Apw-Access-Object
X-Cache-Hfrom
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
Proxy-Firewall
X-Apw-Access-Token
X-APP
X-Dw-Trace-Id
X-Html-Edge-Cache
X-SB
CF-IPCountry
X-DPWN-IS-SECURE
FSS-Proxy
X-Snapshot-Date
Inserted-Into-Cache-At
X-ElasticPress-Search
Req-ID
X-Via-Ucdn
X-Varnish-ID
Origin
X-Request-URL
X-VC
Cf-Alt-Svc
Warning