Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Dns-Prefetch-Control
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
NEL
Request-Id
X-Mod-Pagespeed
Content-Location
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Rack-Cache
X-Pass-Why
X-Px
RTSS
MS-Author-Via
X-FTR-Request-ID
Accept-CH
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
X-Powered-By-Plesk
Verso
X-B3-TraceId
Service-Worker-Allowed
Accept-CH-Lifetime
Public-Key-Pins
X-GoogleNews-Bot
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Varnish-TTL
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-DynaTrace
X-Middleton-Response
Display
Response
Pagespeed
X-Forwarded-Proto
X-Middleton-Display
X-Sol
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Amz-Rid
X-CST
TCN
Accept-Ch
X-Abt-Application-Version
X-NF-Request-ID
X-Vcap-Request-Id
Pinterest-Generated-By
X-Content-Type
X-VARITI-CCR
X-Cached
X-Ttl
X-Navigation-Version
Cache-Tag
X-ESI
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Fastly-Request-ID
Accept-Ch-Lifetime
AR-CACHE
Ar-Sid
X-Version
X-Server-Name
X-Instart-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Upstream
X-TEC-API-VERSION
X-Powered-CMS
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
X-Debug
X-Accel-Expires
Host-Header
Charset
Nginx-Cache
SPRequestDuration
SPIisLatency
S
Content-MD5
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
Realpath
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-DynaTrace-JS-Agent
X-Client-IP
X-XRDS-Location
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-Jurisdiction
X-Hp-Webp
X-Cdn
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Trace
X-Recruiting
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Oneagent-Js-Injection
X-T
X-Kinsta-Cache
X-TTL
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Server-ID
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-Cache-Key
X-Request-Received
X-ASPNET-VERSION
X-Cache-Hit
X-Request-Processing-Time
X-Cache-Age
Server-Node
X-Frontend
ServerID
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-Hostname
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Amzn-Trace-Id
Edge-Cache-Tag
Front-End-Https
X-FTR-Expires
X-Goog-Storage-Class
X-GUploader-UploadID
X-Forwarded-For
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Server-Name
Fastly-Restarts
PB-RID
PB-PID
Arc-Version
Powered
X-Yandex-Sdch-Disable
DynaTrace
X-Request-Handler-Origin-Region
X-Microsite
X-DIS-Request-ID
X-Zen-Fury
Nel
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
Filters
X-F-Cache
X-Page-Id
X-Akamai-Edgescape
X-Jobs
X-LB-Cache
X-Hits
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Accept-Charset
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Ruxit-Js-Agent
X-HS-Content-Id
X-Kong-Upstream-Latency
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Geo-Country
X-Origin-Server
X-Varnish-Age
X-ATS-Timestamp
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-N
Alternate-Protocol
X-B
X-FTR-Cache-Host
X-Fastcgi-Cache
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Correlation-Id
MicrosoftSharePointTeamServices
X-Via-JSL
X-Daa-Tunnel
X-Erf-Bev-Bev
X-Rid
Cache-Tags
X-Az
X-AppVersion
X-Activity-Id
X-Litespeed-Cache
X-WebKit-CSP-Report-Only
DC
X-FB-Debug
X-Amz-Replication-Status
X-Type
X-TT
X-Signature
X-Git-Hash
X-B-Cache
Surrogate-Key
Paypal-Debug-Id
Retry-After
Section-Io-Cache
X-Whom
X-ATG-Version
X-Ser
X-Debug-Info
X-Varnish-Grace
X-Edge
X-App-Environment
Frame-Options
X-RateLimit-Remaining
X-Esi
X-Status
Host
X-Content-Options
Actual-Object-TTL
X-App-Server
X-Request-Guid
Fastcgi-Useragent
Healthy
X-AOL-HN
X-IPLB-Instance
X-Contextid
X-Endurance-Cache-Level
X-Cache-Action
X-Amzn-RequestId
X-Seen-By
X-HTML-Minification-Powered-By
X-Pinterest-Direct
X-B3-Sampled
X-Host-Name
Srv
Refresh
X-ECACHE
From-Origin
X-Upgrade-Enabled
X-Tumblr-Pixel
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-User
Source
X-Instance
X-Drupal-Cache-Tags
X-ProcessESI
X-Cache-Rule
X-RemovedCookies
X-Response-Served-From
X-Accel-Buffering
X-Cache-Operation
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Region
X-MCACHE
X-Mid
Eomportal-Instance
X-Protected-By
X-UUID
X-Rule
MS-CV
Payment
X-Cacheable-TTL
X-Rendered-As
X-Varnish-Server
X-Is-Bot
X-L-Path
X-WA-Info
X-Environment-Context
X-PressLabs-Stats
X-FW-Serve
X-FW-Hash
Datacenter
X-FW-Dynamic
Countrycode
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
X-FW-Static
X-FW-Server
X-FW-Type
Content-Disposition
Cache-Status
X-Time
X-VCache
Xserver
X-Cache-Control
X-Correlation-ID
X-Cache-Server
X-GeoIP
X-Akamai-Request-ID2
X-Cached-By
X-Proxy
X-XRDS-LOCATION
Uber-Trace-Id
X-UnsetCookies
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-Mobile
X-Load-Cache
X-Wix-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Origin-Response-Time
X-PHP-Backend
Version
X-SERVER-NAME
X-Release
Access-Control-Request-Headers
X-Cluster
NGB
X-Azure-Ref
X-Mode
X-Handled-By
Filterid
X-NewRelic-App-Data
X-NGENIX-Cache
X-APP-VERSION
Accept-Language
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Backend-Name
X-Cache-NGX
X-Tumblr-Pixel-1
Cache
X-Cache-Remote
X-NWS-UUID-VERIFY
X-Air-Hostname
Liferay-Portal
Meta-Geo
X-UPSTREAM-Address
X-Path-Route
Cross-Origin-Window-Policy
Load-Balancing
X-No-Session
X-Framework
X-CCM
X-CSRF-Token
X-Cache-Var-Map
X-FireWall-Port
X-Cache-Var
X-URL
X-RN-RSRV
X-ES-SERVER
X-Cache-Status-Check
X-UA-Device-Type
X-Via-Fastly
X-Adobe-Source
X-R9-Blue-Green-Version
X-ApacheServer
X-Www-Served-By
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-PERF
X-Viewer-Country
X-Storage
X-Locale
ServedBy
X-MP-GENERATED-AT
X-OCL
X-PCL
Cache-Hits
DSUID
Cleartype
Decoy-Debug-Key
Decoy-Debug-Status
Cache-Name
X-Pubstack
X-Site-Version
X-Real-IP
Akamai-GRN
Decoy-Debug-TTL
Ms-Operation-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Bc-Bl
Now
X-Cache-Config
Mn-Server-Ip
X-RTag
X-TX-ID
X-RequestSource
X-Proxied
X-Device-Type
X-ProxyCache-Key
X-BYPASS-REASON
X-Redis-Cache
X-NCache
X-ProxyCache-Status
X-Info
X-Format
X-FW-Version
X-Access
X-Hl-Ver
Fastly-SSL
X-Human
X-EIG-Tracking-Id
Webserver
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Routing-Service
X-Alternate-Cache-Key
X-Section
X-Zipkin-Id
X-Web-Node
X-Varnish-Cache-Hits
X-ShopId
X-Shopify-Stage
X-ServerID
X-Say-TTL
X-SayCDN-TTL
X-ShardId
X-Say-Cacheable
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Cache-Enabled
X-Origin-Hint
X-Detected-As
X-BCube-Filmed-By
X-Qloud-Router
X-NYM-Debug-Backend
X-Time-Microsecs
TWC-GeoIP-LatLong
X-SaId
X-Timing-Wait
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-CS
TWC-Device-Class
X-Origin
Webcakes-App-Name
X-Proxy-Build
X-From
X-JoinUs
Selected-Fe
X-Ua
S-Rt
DB-Nickname
X-Generated
X-Geo
X-IP
X-Loop
X-Content-Age
X-TNCMS
X-Labrador-Cache-Channel
X-PHP-Host
X-Amzn-Remapped-Content-Length
Cache-Tv-Group
X-Hosted-By
X-Hyper-Cache
X-Cache-Host
Azure-RegionName
Azure-InstanceId
Azure-Version
Azure-SiteName
Azure-SlotName
Origin-Edge-Control
X-Xfnlog-Site
Origin-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
Country
WPE-Backend
NR-ENABLED
X-Drupal-Cache-Contexts
X-Unique-Id
X-Cache-2
SD-X-WS
X-Source
User-Agent
Geo-Info
Time
X-Pad
X-Old-Content-Length
X-Cache-TTL-Remaining
X-Urbn-Context-Path
X-Urbn-Site-Id
X-RateLimit-Limit
X-Varnish-Hostname
X-Cluster-Node
Locale
Server-Info
X-Cache-NE
X-Parent-Response-Time
Upgrade-Insecure-Requests
X-Presslabs-Stats
X-EC-Lua
X-Srv
Apigw-Requestid
X-Cache-Backend
X-Akamai-Request-ID
X-Debug-Cache
FilterID
X-RCS-CacheZone
X-Soup
X-Webkit-CSP
Proxy-Connection
X-Proxy-Cache-Status
X-Cache-Grace
X-Forwarded-Host
X-Tb
X-Nc
X-Backend-TTL
X-CDN-Forward
X-Newrelic-Synthetics
X-Proto
X-Tumblr-Pixel-3
X-TA-CDN-Provider
X-App-Version
X-Cache-PHP
NGX
S-Cnection
T-Server
BehaviorPad-Version
Content-Script-Type
AsisCache
Thinkindot-CacheControl
X-VG-WebServer
Arc-Country
X-Vtex-Processado-Em
Thinkindot-CacheControl-Type
Thinkindot-Control
ServerName
Mobile-Detection-Method
Meta-Geo-Continent
Pagetype
Xc-Version
Server-Host
Rendered-Blocks
X-VG-WebCache
MD5-Digest
Fastcgi-X-Cache-Version
Content-Style-Type
GEO-REGION-INFO
M-TraceId
Machine
X-Vtex-Remote-Cache
X-A-Dcw
X-Reqid
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Date
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Rojux
X-Application
X-ARC
X-B-Cookie
X-Region-Sid
X-Processor
X-Level-Front-Cache
X-Matched-Rule
X-External-Request-Id
X-G
X-Generated-On
X-Dispatch
X-DevSite-Last-Modified
X-PAYTM-SRV-ID
X-NodeID
X-Destination
X-Developer
X-Aed
X-S
X-Trace-Id
VivaBuild
Who
X-A
X-A-Ccd
Viewtype
True-Client-Country-4JS
X-Vdms-Path
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-A-Dam
X-Thinkindot-L3
X-ServiceProvider
X-Accel-Expires-Debug
X-ScT
X-Scheme
X-S-Cookie
X-Session-Fingerprint
X-SRCache-Key
X-Geo-Header
X-A-Dgt
X-A-Wwc
X-Swa-Ws
X-Vdms-Version
UCS
X-Cluster-Name
X-FORWARDED-FOR
X-Uri
OT-Force-Account-Verify
X-Be
Cache-Key
X-Cache-FS-Status
X-Bip
X-Cms-Context
X-Branch-Name
X-Device-Os
X-Vcache
X-Dispatcher-Server
X-Core-Value
X-Agile-Age
On-Server
Release
NM-Fastcgi-Cache
N-Cache
Mail-Subject
V-Age
Viewport
X-Generated-In
X-Agile
We-Hiring
Vix-Hermes-Req-Id
X-Agile-Id
Sid
X-VC-Cache
X-Dc
X-User
X-Thanos
X-SN
X-Worker
FNAC-ModuleRouting
X-SIPLIST1
X-Nginx-Cache-Key
X-Method
IsBot
X-Skip-Cache
X-SD-PageType
X-Location
X-LAGOON
X-Hash
X-Generation-Time
X-Logging-Id
X-Node-Id
X-Response-By
Cf-Ipcountry
X-RateLimit-Remaining-Second
X-Owner
Kp-EeAlive
X-RateLimit-Limit-Second
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
CacheControlHeader
CDCHOST
X-AIR-PT
AKAMAI
X-Microcachable
X-DC
User-Cache-Control
X-Envoy-Decorator-Operation
X-Hit
X-Origin-Date
X-Block-Status
X-Origin-Expires
X-Cache-Bucket
RNT-Machine
X-WADP-Cache
X-Cache-Tags
X-Backend-State
X-Request-UUID
X-Wikidot-Backend
X-Rebelmouse-Cache-Control
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Handled
X-Auto-Login
X-CGP
X-Wikidot-Static-Cache
Magicmarker
X-Clientip
X-Micro-Cache
X-TH-Server
X-Gen-Mode
Adler-Geo
X-Has-Esi
X-Hnp-Log
X-JWT-State
X-Is-Gdpr
X-Servername
X-Fmm-Version
X-Var-Ttl
RNT-Time
X-VG-TLSProxy
C-Via
X-Magnolia-Registration
X-Distil-CS
X-Distributor
X-Eu-Site
X-Epic-Correlation-Id
X-Variation
X-Clara-WADP
X-Cache-Info
X-Req
X-Varnish-Cacheable
X-Compress-Hint
Rt-Fastcgi-Cache
Platform
X-Developers
Fastly-Drupal-HTML
HA-Ipaddr
X-Policy
Fastly-SWR
Fastly-SIE
Is-Eu
Ha-Gx-Prefs
Sever-Int
Web-Mar-Node
Server-Hostname
Server-Ext
W
Wxu-Next-Commit
Gh-Request-Id
L5d-Success-Class
Wxu-Next-Region
Wxu-Next-Hostname
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Storefront-Renderer-Rendered
X-App
X-Cache-URL
X-Instart-Info
X-TrackingId
X-Slack-Backend
X-Loc
X-Varnish-Authentication
X-Fastly-Cache
X-Irp-Debug
X-Server-W
X-Cache-ASPX
X-Reboot
X-Request-Host
X-Core-Mission
X-BBXSRF
X-Cache-Debug
X-Webstats-RespID
X-Backend-Host
X-NC
X-We-Are-Hiring
X-Contensis-Viewer-Groups
X-VServer
X-Mvc-Supplant-Cachable
Node
X-Origin-TTL
X-Cdn-Forward
HostName
X-Origin-CC
X-Platform-Server
X-GoCache-CacheStatus
LB
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-SRV
X-LI-UUID
X-Esi-Check
X-Gzip
X-Via-PopH
X-Via-PopV
X-Cache-Id
Memcached
X-Envoy-Upstream-Healthchecked-Cluster
X-Wa
X-Configured-By
X-Ms-Version
X-Ms-Request-Id
X-SVT-ORM-VERSION
X-UA
X-SVT-ORM-RULES
X-TT-TIMESTAMP
X-NU-AKA-ACS-Version
X-BC
X-Edge-Location
X-ZONE
X-Key
Tracecode
X-Vgn-Hpd-Reason
NtCoent-Length
Referer-Policy
Esi-Enabled
X-Refresh
Pragrma
MIME-Version
GEO-INFO
X-Varnish-URL
X-BACKEND-TTL
Server-ID
L
Ohc-File-Size
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-App-Name
Fastly-Backend-Name
X-Servedbyhost
X-Server-IP
X-TIME
X-Via-CDN
X-MSEdge-Features
Cache-Host
X-MSEdge-Flight
X-Nginx-Cache
X-B3-Traceid
X-Up
Memory
X-Zone
X-Bc
X-Sucuri-ID
Server-Cache-Control
X-Batcache
Server-Surrogate-Control
X-Minions-Version
X-Cdn-Srv
X-Varnish-Ttl
X-Pjax-Url
CACHE
X-S-Maxage
X-VCT
X-Unique-ID
X-Debug-Panamera-Host
X-FPC
X-Generated-By
Ohc-Response-Time
X-Svr
X-ElasticPress-Query
X-Debug-Panamera-Sitecode
X-ND-Cache
X-COUNTRY
X-Oss-Object-Type
FSS-Cache
X-Oss-Request-Id
X-Oss-Server-Time
X-VCL-Version
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-CF-Powered-By
X-CLOUD-TRACE-CONTEXT
X-Rocket-Nginx-Bypass
X-Aicache-OS
Request-EU
GeoIP-Country-Code
Locid
DCR-Processing-Time-Ms
DCR-Decision-By
Resin-Trace
Heartbleed
Request-Country
X-GEO
X-Varnish-Hits
Cteonnt-Length
X-Request-URI
X-Fastly-Cache-Status
X-PF-Uncompressing
Powered-By-ChinaCache
GeoIP-Latitude
Location
Pramga
X-Azure-Ref-OriginShield
Lfy
X-Shopify-Generated-Cart-Token
Hostname
X-BE
X-Sucuri-Cache
X-Gamma-Serve
X-Fastly-Country-Code
X-Check-Cacheable
X-LB-ID
HitType
GeoIp-Country-Code
X-Edge-Server
Amp-Access-Control-Allow-Source-Origin
Cdn-Host
Geoip-Latitude
Cdn-Request-Time
SRV
X-VarnishDD-TTL
X-Varnishpool
X-Ratelimit-Reset
PFcat
X-VHOST
X-CACHE-KEY
X-Ratelimit-Remaining
WZWS-RAY
CF-Cached-On
X-Vgn-Hpd-Variations-Key
X-PJAX-URL
X-WebServer
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Ssi
X-Vcl-Version
X-Vgn-Hpd-Cached
X-OVcl-Cache
X-OVcl
X-Newrelic-App-Data
X-HS-Status
X-Fpc
X-CSRF-TOKEN
Product
X-Proxy-Upstream
Mime-Version
X-Instart-Isnd
X-Platform
X-ECache
X-Ratelimit-Limit
My-App
X-Pf-Uncompressing
X-Cdn-Origin
X-Sn-Servicetimems
X-Cache-Expired-At
Ohc-Cache-HIT
X-Fetched-On
X-Render-Time
X-Oracle-Dms-Rid
X-ServedByHost
SN
X-Ftr-Cache-Host
X-CACHE-AGE
X-NGINX-Cache
X-Original-Request-Id
X-GeoIP-Country-Code
X-Amzn-Remapped-Date
X-CUA
WWW-Authenticate
Dt-Cache-Category
X-Varnish-Url
X-Amzn-Remapped-Connection
Epwk-X-Cache
X-Oss-Cdn-Auth
URI
XServer
X-Swift-Error
Group
X-Tec-Api-Version
X-Request-Start
Pics-Label
X-Tec-Api-Root
X-Cache-Tag
X-B3-SpanId
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Served-From
X-StackifyID
Cf-Alt-Svc
X-B3-Spanid
A
X-Client-Ip
Backend-Name
Cdn
PICS-Label
X-Debug-Cache-Store
Backend
X-Debug-Cache-Fetch
X-RunCloud-Cache
Lb
X-WR-MODIFICATION
X-Amzn-Requestid
X-Apw-Access-Token
X-Apw-Hits
X-Debug-Cache-Bypass
X-Apw-Access-Object
Cloudfront-Viewer-Country
X-Apw-Access-Action
X-Via-Ucdn
X-WA
X-Tb-Optimization-Total-Bytes-Saved
X-Csrf-Jwt
X-Debug-Cache-Status
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
X-Request-Time
X-Nananana
X-Via-Popv
SID
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
Server-Ttl
X-Debug-Cache-String
X-Via-Poph
X-Cache-Version
Origin
Proxy-Firewall
X-Via-NSCOPI
Cneonction
X-Cache-Hfrom
Country-Code
X-Cache-Hm
NnCoection
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-APP
X-WPE-Loopback-Upstream-Addr
CF-IPCountry
Warning
X-Snapshot-Date
X-VC
Req-ID
X-Request-URL
X-ElasticPress-Search
Geoip-City
X-Html-Edge-Cache
X-Ocache
X-B3-Parentspanid
X-Varnish-ID
X-SB
X-Dw-Trace-Id
X-DPWN-IS-SECURE