Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-Server
X-Turbo-Charged-By
X-Backend
X-AH-Environment
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
Xkey
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Page-Speed
X-Hacker
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
X-Dns-Prefetch-Control
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Vhost
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
NEL
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
Allow
X-ORACLE-DMS-RID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Pass-Why
X-Rack-Cache
X-Px
RTSS
Accept-CH
X-FTR-Request-ID
MS-Author-Via
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-Kinja-Revision
X-Use-Magma
X-GitHub-Request-Id
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
Pagespeed
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
X-D2id
X-Amz-Rid
X-Ttl
X-CST
TCN
Pinterest-Generated-By
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-Content-Type
X-Cached
X-VARITI-CCR
Accept-Ch
X-Navigation-Version
Cache-Tag
X-Fastly-Request-ID
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-ESI
Ar-Sid
AR-CACHE
X-Version
X-Instart-Request-ID
X-Server-Name
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Accept-Ch-Lifetime
X-Upstream
X-Grace
X-Powered-CMS
Access-Control-Request-Method
X-MSEdge-Ref
X-Accel-Expires
X-Debug
Nginx-Cache
Charset
SPIisLatency
SPRequestDuration
S
X-Server-ID
X-FastCGI-Cache
X-XRDS-Location
Content-MD5
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Realpath
MRF-Tech
X-Mrf-Item-Lastmod
X-SRCache-Fetch-Status
X-B3-TraceId-Primal
X-SRCache-Store-Status
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace-JS-Agent
X-Client-IP
X-Element-Page-Cache
X-Cdn
Pinterest-Version
X-Pinterest-Rid
Host-Header
X-Shield-Request-Id
X-Jurisdiction
X-Hp-Webp
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
X-Trace
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-T
X-Kinsta-Cache
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Cache-Key
X-ASPNET-VERSION
X-TTL
X-Mobile-URL
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
Server-Node
X-Frontend
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
ServerID
Edge-Cache-Tag
X-Hostname
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Expires
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Server-Name
X-Forwarded-For
Fastly-Restarts
PB-RID
PB-PID
Arc-Version
Powered
DynaTrace
X-Yandex-Sdch-Disable
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
Filters
X-User-Agent
X-Revision
X-F-Cache
X-Ruxit-Js-Agent
X-Page-Id
X-Akamai-Edgescape
X-Jobs
X-LB-Cache
X-Mobile-Rewrite
X-Hits
Accept-Charset
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-ATS-Timestamp
Backend-Timing
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
X-Varnish-Age
X-Origin-Server
AMP-Access-Control-Allow-Source-Origin
Nel
Alternate-Protocol
X-Correlation-Id
X-B
X-N
X-FTR-Cache-Host
X-Via-JSL
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Varnish-Backend
X-Rid
Cache-Tags
X-Erf-Bev-Bev-Is-Generated
X-Az
X-Erf-Bev-Bev
X-AppVersion
X-Activity-Id
X-WebKit-CSP-Report-Only
X-Esi
DC
X-Amz-Replication-Status
X-FB-Debug
X-ATG-Version
X-Type
X-Signature
X-TT
X-Git-Hash
X-Whom
X-Debug-Info
Retry-After
Section-Io-Cache
X-B-Cache
Surrogate-Key
Paypal-Debug-Id
X-Ser
X-Varnish-Grace
X-App-Environment
X-Edge
Frame-Options
X-App-Server
Actual-Object-TTL
X-Status
Host
X-Content-Options
X-RateLimit-Remaining
X-Request-Guid
Fastcgi-Useragent
X-Fastcgi-Cache
X-Contextid
Healthy
X-AOL-HN
X-IPLB-Instance
X-Cache-Action
X-Endurance-Cache-Level
X-Amzn-RequestId
X-Seen-By
X-HTML-Minification-Powered-By
Srv
X-Pinterest-Direct
X-B3-Sampled
X-Host-Name
Refresh
X-Upgrade-Enabled
X-ECACHE
From-Origin
Source
Access-Control-Allow-Method
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
X-Drupal-Cache-Tags
X-Amz-Apigw-Id
X-Accel-Buffering
X-ProcessESI
X-RemovedCookies
X-Response-Served-From
X-Cache-Rule
X-Cache-Operation
X-PressLabs-Stats
X-Mid
X-Region
X-Time
VIX-Pulpo-Node
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-MCACHE
X-Protected-By
X-UUID
MS-CV
X-Rule
X-Cacheable-TTL
Payment
Eomportal-Instance
X-WA-Info
X-Varnish-Server
X-Is-Bot
X-L-Path
X-Rendered-As
X-Environment-Context
X-Cache-Time
Cache-Status
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-Adobe-Content
X-Adobe-Loc
Countrycode
X-FW-Type
Datacenter
X-FW-Hash
X-FW-Server
X-Litespeed-Cache
Content-Disposition
X-VCache
X-Cache-Control
Xserver
X-GeoIP
X-Cache-Server
X-Akamai-Request-ID2
X-Cached-By
X-Akamai-Transformed
X-UnsetCookies
Uber-Trace-Id
X-Proxy
X-EdgeConnect-Cache-Status
X-Load-Cache
X-SERVER-NAME
X-Correlation-ID
X-Wix-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Origin-Response-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
NGB
X-Mobile
Version
Access-Control-Request-Headers
X-Cluster
X-PHP-Backend
X-Mode
X-Azure-Ref
X-Handled-By
X-XRDS-LOCATION
Filterid
X-Release
X-IPS-LoggedIn
X-NewRelic-App-Data
X-NGENIX-Cache
X-URL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Remote
Accept-Language
X-NWS-UUID-VERIFY
X-Backend-Name
X-Cache-NGX
X-APP-VERSION
X-Air-Hostname
X-RequestSource
Liferay-Portal
X-FireWall-Port
X-Cache-Var-Map
X-ES-SERVER
X-UPSTREAM-Address
X-Cache-Var
X-Cache-Status-Check
X-No-Session
X-Path-Route
X-Via-Fastly
X-UA-Device-Type
X-RN-RSRV
X-Adobe-Source
X-CCM
Meta-Geo
Cross-Origin-Window-Policy
Load-Balancing
Cache-Hits
X-R9-Blue-Green-Version
X-MP-GENERATED-AT
X-PCL
X-VWS-Id
X-Storage
X-Www-Served-By
X-Viewer-Country
X-ApacheServer
X-AWS-Id
X-Locale
X-LJ-Flow-ID
X-PERF
X-OCL
X-CSRF-Token
ServedBy
X-Framework
DSUID
X-Ua
Section-Io-Id
Cache-Name
X-Site-Version
Section-Io-Origin-Status
Section-Origin-Responded
X-RTag
Mn-Server-Ip
Section-Io-Origin-Time-Seconds
X-TX-ID
Akamai-GRN
Now
Decoy-Debug-Key
Decoy-Debug-Status
Cleartype
X-Pubstack
X-Bc-Bl
X-Cache-Config
X-Real-IP
Ms-Operation-Id
Decoy-Debug-TTL
X-Hl-Ver
X-FW-Version
X-Human
X-Info
X-NCache
X-Routing-Service
X-Section
X-EIG-Tracking-Id
Webserver
X-Web-Node
X-Alternate-Cache-Key
X-Zipkin-Id
X-Device-Type
X-Varnish-Cache-Hits
X-Proxied
X-ProxyCache-Key
X-ShardId
X-ServerID
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-Say-TTL
X-Access
X-ProxyCache-Status
X-Redis-Cache
X-Format
X-Say-Cacheable
Fastly-SSL
X-BYPASS-REASON
X-Cache-Enabled
TWC-Device-Class
X-Detected-As
X-FC-Vary-Parameters
X-Time-Microsecs
X-BCube-Filmed-By
Selected-Fe
TWC-Connection-Speed
Webcakes-Region
X-From
X-JoinUs
X-SaId
X-CS
X-Timing-Wait
X-Origin-Hint
X-Proxy-Build
X-Qloud-Router
X-NYM-Debug-Backend
X-Origin
S-Rt
X-FB-TRIP-ID
Webcakes-App-Name
TWC-GeoIP-Country
Property-Id
TWC-Privacy
TWC-Locale-Group
Cache
Webcakes-App-Version
TWC-GeoIP-LatLong
X-IP
X-Content-Age
X-Generated
X-Loop
X-TNCMS
X-Amzn-Remapped-Content-Length
X-PHP-Host
X-Labrador-Cache-Channel
DB-Nickname
Cache-Tv-Group
X-Hosted-By
X-Geo
X-Hyper-Cache
Origin-Edge-Control
Azure-SiteName
Azure-RegionName
X-Cache-Host
Origin-Cache-Control
Azure-Version
Azure-InstanceId
X-Xfnlog-Site
Azure-SlotName
NR-ENABLED
X-Goog-Meta-Goog-Reserved-File-Mtime
WPE-Backend
Country
X-Unique-Id
Ec-Rule-Version
SD-X-WS
X-RateLimit-Limit
X-Drupal-Cache-Contexts
X-Pad
X-Cache-2
User-Agent
X-Source
Time
X-Cluster-Node
X-Old-Content-Length
X-Varnish-Hostname
X-Cache-NE
X-Urbn-Site-Id
X-Cache-TTL-Remaining
X-Urbn-Context-Path
Server-Info
Locale
Geo-Info
X-Parent-Response-Time
Upgrade-Insecure-Requests
FilterID
X-EC-Lua
X-Presslabs-Stats
X-Akamai-Request-ID
Apigw-Requestid
X-Cache-Backend
X-Srv
X-Debug-Cache
X-RCS-CacheZone
X-Webkit-CSP
Proxy-Connection
X-Soup
X-Cache-Grace
X-Proxy-Cache-Status
X-CDN-Forward
X-Forwarded-Host
X-Backend-TTL
X-App-Version
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Tb
S-Cnection
X-Tumblr-Pixel-3
X-FORWARDED-FOR
X-Proto
X-Cache-PHP
NGX
X-Nc
Thinkindot-Control
Rendered-Blocks
Fastcgi-X-Cache-Version
GEO-REGION-INFO
M-TraceId
Content-Style-Type
Content-Script-Type
Arc-Country
AsisCache
BehaviorPad-Version
Machine
MD5-Digest
ServerName
T-Server
Thinkindot-CacheControl
Server-Host
Pagetype
Meta-Geo-Continent
Mobile-Detection-Method
Thinkindot-CacheControl-Type
X-D
X-S-Cookie
X-S
X-Scheme
X-ScT
X-Session-Fingerprint
X-ServiceProvider
X-Rojux
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-NodeID
X-Processor
X-Region-Sid
X-Reqid
X-SRCache-Key
X-Swa-Ws
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Trace-Id
X-Thinkindot-L3
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Matched-Rule
X-Level-Front-Cache
X-A-Wwc
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-Application
X-A-Dcw
X-A-Dam
Viewtype
UCS
VivaBuild
Who
X-A
X-ARC
X-B-Cookie
X-External-Request-Id
X-Dispatch
X-G
X-Generated-On
X-Geo-Header
X-DevSite-Last-Modified
X-Developer
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-Date
X-Destination
True-Client-Country-4JS
X-A-Ccd
X-Cluster-Name
Cf-Ipcountry
OT-Force-Account-Verify
X-Vcache
X-Uri
X-Ah-Environment
X-DC
X-Microcachable
X-Device-Os
X-Bip
X-Dispatcher-Server
X-Branch-Name
X-Cache-FS-Status
X-Core-Value
X-Cms-Context
X-Agile-Id
We-Hiring
On-Server
NM-Fastcgi-Cache
N-Cache
Mail-Subject
Release
V-Age
X-Agile
Vix-Hermes-Req-Id
Viewport
X-Agile-Age
X-Generation-Time
X-VC-Cache
X-User
X-Thanos
X-SN
X-Worker
FNAC-ModuleRouting
X-SIPLIST1
X-Nginx-Cache-Key
X-Method
IsBot
X-Skip-Cache
X-SD-PageType
X-Location
X-LAGOON
X-Hash
Kp-EeAlive
X-Logging-Id
X-Node-Id
X-Response-By
X-RateLimit-Remaining-Second
Sid
X-Owner
X-Generated-In
X-RateLimit-Limit-Second
CacheControlHeader
CDCHOST
Cache-Key
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
AKAMAI
User-Cache-Control
X-AIR-PT
X-Envoy-Decorator-Operation
X-Hit
X-Servername
X-App
Is-Eu
X-NC
X-Auto-Login
Gh-Request-Id
X-VG-TLSProxy
X-Request-UUID
X-WADP-Cache
X-Gen-Mode
Apple-News-Services-Handled
Web-Mar-Node
X-Wikidot-Static-Cache
X-Wikidot-Backend
Apple-News-Services-Host
X-Backend-State
X-Fmm-Version
HA-Ipaddr
X-Clientip
X-Clara-WADP
X-CGP
Ha-Gx-Prefs
X-TH-Server
C-Via
X-Dc
X-Micro-Cache
X-Distil-CS
X-Distributor
X-Cache-Bucket
X-Eu-Site
W
X-Epic-Correlation-Id
X-Cache-Info
X-Var-Ttl
X-Variation
X-Cache-Tags
X-Block-Status
Apple-News-Services-Parsed-Url
Platform
X-Policy
Fastly-SWR
Fastly-SIE
Fastly-Drupal-HTML
X-Has-Esi
Apple-News-Services-Request-Url
X-Req
X-Hnp-Log
X-Is-Gdpr
X-JWT-State
L5d-Success-Class
X-Instart-Info
X-Origin-Date
X-Varnish-Cacheable
X-Origin-Expires
Rt-Fastcgi-Cache
X-Developers
Magicmarker
X-Compress-Hint
Server-Ext
RNT-Time
RNT-Machine
Adler-Geo
X-Rebelmouse-Surrogate-Control
Server-Hostname
Sever-Int
X-Magnolia-Registration
X-Rebelmouse-Cache-Control
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Be
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Irp-Debug
X-Reboot
X-Request-Host
X-Fastly-Cache
X-Slack-Backend
X-Mvc-Supplant-Cachable
X-SRV
X-Platform-Server
X-BBXSRF
X-Webstats-RespID
X-Loc
X-We-Are-Hiring
X-VServer
X-Via-PopH
X-TrackingId
X-Cache-URL
X-Server-W
X-Storefront-Renderer-Rendered
X-Core-Mission
X-Cache-Debug
X-Backend-Host
X-Via-PopV
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Origin-TTL
X-Origin-CC
X-TT-TIMESTAMP
X-LI-Proto
X-GoCache-CacheStatus
X-LI-UUID
X-Ms-Request-Id
X-Gzip
X-Cache-Id
X-Ms-Version
X-Envoy-Upstream-Healthchecked-Cluster
X-Li-Fabric
X-Esi-Check
X-Li-Pop
Memcached
LB
X-Cdn-Forward
X-Configured-By
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
Tracecode
Node
X-Wa
X-SVT-ORM-RULES
X-Vgn-Hpd-Reason
HostName
X-Key
X-Edge-Location
X-UA
Esi-Enabled
X-Refresh
X-BC
GEO-INFO
NtCoent-Length
MIME-Version
X-ZONE
X-Varnish-URL
Server-ID
Referer-Policy
L
Pragrma
Ohc-File-Size
X-Ua-Device
X-Servedbyhost
Cache-Host
X-Mvc-Supplant-OutputCached
X-App-Name
X-Server-IP
CACHE
X-B3-Traceid
X-Nginx-Cache
X-BACKEND-TTL
X-MSEdge-Features
X-MSEdge-Flight
Fastly-Backend-Name
X-Bc
X-Zone
X-Via-CDN
X-Varnish-Ttl
Memory
X-Cdn-Srv
Server-Surrogate-Control
Server-Cache-Control
X-Up
X-VCT
X-S-Maxage
X-TIME
X-Sucuri-ID
X-Generated-By
X-Pjax-Url
X-Minions-Version
Ohc-Response-Time
X-Batcache
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Svr
X-FPC
X-ElasticPress-Query
X-ND-Cache
X-VCL-Version
X-COUNTRY
X-Unique-ID
X-Oracle-Dms-Rid
X-Oss-Object-Type
X-CF-Powered-By
X-Oss-Request-Id
X-Oss-Server-Time
X-Rocket-Nginx-Bypass
X-Oss-Hash-Crc64ecma
X-Aicache-OS
X-Oss-Storage-Class
FSS-Cache
Heartbleed
X-GEO
GeoIP-Country-Code
Request-EU
Resin-Trace
Locid
Request-Country
X-Varnish-Hits
X-Request-URI
DCR-Decision-By
Hostname
X-BE
GeoIP-Latitude
DCR-Processing-Time-Ms
Cteonnt-Length
Pramga
Lfy
X-Azure-Ref-OriginShield
X-PF-Uncompressing
Location
Powered-By-ChinaCache
X-Fastly-Cache-Status
X-Shopify-Generated-Cart-Token
HitType
X-Gamma-Serve
X-Check-Cacheable
X-Sucuri-Cache
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Country-Code
X-Edge-Server
X-LB-ID
Cdn-Host
Cdn-Request-Time
CF-Cached-On
WZWS-RAY
X-VHOST
X-Ratelimit-Remaining
GeoIp-Country-Code
X-Newrelic-App-Data
X-WebServer
Geoip-Latitude
X-VarnishDD-TTL
PFcat
X-HS-Status
X-Fpc
X-PJAX-URL
X-CSRF-TOKEN
X-Ratelimit-Reset
X-Varnishpool
X-Vgn-Hpd-Ssi
Product
X-Proxy-Upstream
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vcl-Version
X-OVcl
X-OVcl-Cache
X-ECache
SRV
My-App
X-Cdn-Origin
X-Fetched-On
Mime-Version
Ohc-Cache-HIT
X-Pf-Uncompressing
X-Sn-Servicetimems
X-Platform
X-Instart-Isnd
X-Ftr-Cache-Host
X-Render-Time
X-Cache-Expired-At
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-GeoIP-Country-Code
WWW-Authenticate
SN
X-NGINX-Cache
X-ServedByHost
Dt-Cache-Category
X-Ratelimit-Limit
X-CACHE-KEY
X-Varnish-Url
URI
X-Amzn-Remapped-Connection
X-CUA
X-Amzn-Remapped-Date
X-Original-Request-Id
XServer
X-Dynatrace
X-Swift-Error
X-B3-Spanid
X-Request-Start
X-B3-SpanId
X-Served-From
Pics-Label
Epwk-X-Cache
X-Oss-Cdn-Auth
X-Tec-Api-Version
A
X-Tec-Api-Origin
X-Tec-Api-Root
CloudFront-Viewer-Country
Group
Cf-Alt-Svc
X-Client-Ip
X-Debug-Cache-Fetch
X-StackifyID
X-Debug-Cache-Store
Cdn
Lb
X-WR-MODIFICATION
X-Amzn-Requestid
X-Via-Ucdn
Cloudfront-Viewer-Country
X-RunCloud-Cache
PICS-Label
Backend-Name
Backend
Server-Ttl
X-Debug-Cache-String
X-Debug-Cache-Bypass
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Status
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
SID
X-Request-Time
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Cache-Tag
X-LiteSpeed-Cache-Control
X-WA
X-Cache-Version
Country-Code
NnCoection
Proxy-Firewall
X-Cache-Hm
X-IN-APIGATEWAY
X-Nananana
X-Acquia-Site
X-Via-Poph
X-Via-Popv
X-Csrf-Jwt
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Cneonction
X-Cache-Hfrom
X-Via-NSCOPI
Origin
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
X-Varnish-Beresp-TTL
X-WPE-Loopback-Upstream-Addr
X-Html-Edge-Cache
X-VC
X-Snapshot-Date
Warning
Inserted-Into-Cache-At
X-SB
X-B3-Parentspanid
Req-ID
X-Varnish-ID
X-Dw-Trace-Id
X-DPWN-IS-SECURE
X-Ocache
X-ElasticPress-Search
Geoip-City
X-Request-URL