Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Drupal-Dynamic-Cache
X-Via
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Backend
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Request-ID
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-Akam-SW-Version
X-ORACLE-DMS-ECID
Fusion-Deployment-Id
X-Country
Allow
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Clacks-Overhead
X-Rack-Cache
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-Pass-Why
X-PC
X-Vname
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
Service-Worker-Allowed
X-B3-TraceId
X-Varnish-TTL
Public-Key-Pins
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-MS-InvokeApp
Pagespeed
Display
X-Middleton-Display
X-Forwarded-Proto
Response
X-DynaTrace
X-Middleton-Response
X-Sol
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Ttl
X-CST
X-Amz-Rid
TCN
X-NF-Request-ID
X-Abt-Application-Version
Pinterest-Generated-By
X-Content-Type
X-Vcap-Request-Id
X-Cached
X-VARITI-CCR
Accept-Ch
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Navigation-Version
Cache-Tag
AR-CACHE
Ar-Sid
X-Version
X-Fastly-Request-ID
X-Powered-CMS
X-Instart-Request-ID
Accept-Ch-Lifetime
X-Upstream
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Grace
X-ESI
Access-Control-Request-Method
X-Debug
Host-Header
X-MSEdge-Ref
X-Server-Name
X-Accel-Expires
Charset
Nginx-Cache
X-XRDS-Location
Content-MD5
S
SPRequestDuration
SPIisLatency
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
Realpath
X-Ezoic-Cdn
X-Element-Page-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
X-SharePointHealthScore
SPRequestGuid
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-Jurisdiction
X-Hp-Webp
X-Client-IP
X-Oneagent-Js-Injection
X-FastCGI-Cache
X-Recruiting
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Trace
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Server-ID
X-Logged-In
X-Cache-Key
X-TTL
X-NWS-LOG-UUID
X-Mobile-URL
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
Server-Node
X-Frontend
ServerID
X-Hostname
X-Amzn-Trace-Id
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
Front-End-Https
X-FTR-DC
X-FTR-Backend-Server
Edge-Cache-Tag
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Forwarded-For
Fastly-Restarts
Server-Name
X-Yandex-Sdch-Disable
PB-RID
PB-PID
Arc-Version
Powered
X-ASPNET-VERSION
X-Microsite
X-Request-Handler-Origin-Region
DynaTrace
X-Zen-Fury
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-User-Agent
X-Revision
X-Page-Id
X-F-Cache
Filters
X-Ruxit-Js-Agent
X-Jobs
X-Akamai-Edgescape
X-Hits
X-LB-Cache
X-Mobile-Rewrite
X-ORACLE-APMCS-REQUEST-ID
Accept-Charset
X-ORACLE-APMCS-TAG
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Content-Powered-By
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Esi
X-Cdn
X-Origin-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Varnish-Age
X-ATS-Timestamp
Backend-Timing
X-N
X-B
Alternate-Protocol
X-FTR-Cache-Host
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Daa-Tunnel
Cache-Tags
X-Varnish-Backend
X-Correlation-Id
X-Fastcgi-Cache
X-Rid
X-AppVersion
X-Activity-Id
X-Az
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
X-Type
DC
X-WebKit-CSP-Report-Only
Surrogate-Key
X-FB-Debug
X-Git-Hash
X-Amz-Replication-Status
X-Signature
X-B-Cache
Retry-After
Paypal-Debug-Id
X-Debug-Info
X-TT
Section-Io-Cache
X-Whom
X-Varnish-Grace
X-ATG-Version
X-Status
Frame-Options
X-Edge
Host
Actual-Object-TTL
X-App-Environment
X-Ser
X-Content-Options
X-App-Server
X-Request-Guid
Fastcgi-Useragent
X-Amzn-RequestId
Healthy
X-Contextid
Nel
X-AOL-HN
X-IPLB-Instance
X-Endurance-Cache-Level
X-Cache-Action
Srv
X-HTML-Minification-Powered-By
X-Seen-By
X-ECACHE
X-B3-Sampled
X-Pinterest-Direct
X-Host-Name
From-Origin
Refresh
X-PressLabs-Stats
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Amz-Apigw-Id
X-Drupal-Cache-Tags
Source
X-RemovedCookies
X-Instance
X-Tumblr-User
X-Cache-Rule
X-Accel-Buffering
X-Response-Served-From
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-ProcessESI
X-Cache-Operation
X-Protected-By
X-MCACHE
Odigeo-Trace-Id
X-Mid
X-Region
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Environment-Context
X-Rule
X-L-Path
X-Cacheable-TTL
MS-CV
Payment
X-UUID
X-Rendered-As
Datacenter
X-Time
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-WA-Info
X-Is-Bot
Eomportal-Instance
X-Adobe-Content
Content-Disposition
Cache-Status
X-Varnish-Server
X-Adobe-Loc
X-Litespeed-Cache
X-Cache-Time
Countrycode
X-SERVER-NAME
X-Cache-Control
Xserver
X-Correlation-ID
X-VCache
X-Cache-Server
X-Cached-By
Uber-Trace-Id
X-Akamai-Transformed
X-Akamai-Request-ID2
X-UnsetCookies
X-EdgeConnect-Cache-Status
X-Proxy
X-GeoIP
X-Load-Cache
X-Release
X-Mobile
X-Wix-Request-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Origin-Response-Time
X-PHP-Backend
X-Mode
Version
X-Azure-Ref
X-Handled-By
X-Cluster
Access-Control-Request-Headers
NGB
X-NWS-UUID-VERIFY
X-IPS-LoggedIn
X-Cache-NGX
X-Backend-Name
X-Air-Hostname
Accept-Language
X-URL
X-NewRelic-App-Data
X-NGENIX-Cache
X-APP-VERSION
X-Ua
X-Cache-Remote
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Liferay-Portal
Cross-Origin-Window-Policy
X-CCM
X-FireWall-Port
X-Zipkin-Id
X-PERF
X-Proxied
X-UPSTREAM-Address
X-RN-RSRV
X-Routing-Service
X-Path-Route
X-Via-Fastly
X-Adobe-Source
X-Framework
Meta-Geo
X-ApacheServer
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
Load-Balancing
Cache-Hits
X-MP-GENERATED-AT
X-Qloud-Router
X-R9-Blue-Green-Version
X-PCL
X-OCL
X-No-Session
X-Storage
X-TX-ID
X-Viewer-Country
X-VWS-Id
X-Locale
X-UA-Device-Type
X-LJ-Flow-ID
Filterid
DSUID
X-RequestSource
X-AWS-Id
ServedBy
X-Cache-Status-Check
Decoy-Debug-TTL
Akamai-GRN
Ms-Operation-Id
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Config
X-Www-Served-By
Now
X-Real-IP
X-Access
X-Bc-Bl
X-Pubstack
X-RTag
X-Section
X-Site-Version
X-Format
Cleartype
Mn-Server-Ip
X-Hl-Ver
X-FW-Version
X-ProxyCache-Key
Cache-Name
X-Varnish-Cache-Hits
X-ServerID
X-CS
X-BYPASS-REASON
Section-Origin-Responded
Cache
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Fastly-SSL
X-ProxyCache-Status
X-Say-TTL
X-SayCDN-TTL
X-Human
X-Info
X-Redis-Cache
X-Web-Node
X-Say-Cacheable
TWC-Privacy
X-BCube-Filmed-By
X-CSRF-Token
X-Content-Age
X-PHP-Host
X-Alternate-Cache-Key
Webcakes-App-Name
Cache-Tv-Group
X-EIG-Tracking-Id
Webserver
Webcakes-App-Version
Webcakes-Region
X-NCache
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Detected-As
X-Time-Microsecs
X-FC-Vary-Parameters
X-SaId
X-Labrador-Cache-Channel
S-Rt
X-NYM-Debug-Backend
X-Origin
TWC-Locale-Group
X-Origin-Hint
X-From
X-JoinUs
Property-Id
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
DB-Nickname
X-Timing-Wait
X-IP
X-Loop
X-TNCMS
X-Proxy-Build
Selected-Fe
X-Generated
X-Cache-Enabled
X-Amzn-Remapped-Content-Length
X-Hosted-By
X-Hyper-Cache
X-Device-Type
X-RateLimit-Limit
X-Cache-Host
Azure-InstanceId
Azure-RegionName
Azure-SlotName
X-FB-TRIP-ID
Azure-SiteName
X-XRDS-LOCATION
Azure-Version
X-Xfnlog-Site
Origin-Cache-Control
Origin-Edge-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
X-Drupal-Cache-Contexts
Country
X-Geo
Geo-Info
Server-Info
X-Cache-2
X-Unique-Id
SD-X-WS
User-Agent
X-Urbn-Site-Id
Locale
Time
X-Cache-TTL-Remaining
X-Urbn-Context-Path
X-Cluster-Node
X-Old-Content-Length
FilterID
X-Cache-NE
X-Pad
X-Source
X-Varnish-Hostname
X-EC-Lua
Apigw-Requestid
Upgrade-Insecure-Requests
X-Parent-Response-Time
NR-ENABLED
X-RCS-CacheZone
WPE-Backend
X-Akamai-Request-ID
X-Debug-Cache
X-Webkit-CSP
X-Cache-Backend
X-Soup
X-Cache-Grace
Proxy-Connection
X-Backend-TTL
X-Vcache
X-CDN-Forward
X-Srv
X-Forwarded-Host
X-App-Version
X-Tb
X-Presslabs-Stats
X-Proxy-Cache-Status
X-Cache-PHP
X-Proto
X-FORWARDED-FOR
X-DC
X-Newrelic-Synthetics
X-Tumblr-Pixel-3
X-Nc
S-Cnection
Meta-Geo-Continent
X-Uri
IsBot
FNAC-ModuleRouting
X-DevSite-Last-Modified
M-TraceId
MD5-Digest
Fastcgi-X-Cache-Version
X-Developer
Machine
X-Application
X-A-Ccd
ServerName
X-A
Arc-Country
AsisCache
X-A-Dam
BehaviorPad-Version
Who
T-Server
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
True-Client-Country-4JS
VivaBuild
Viewtype
X-A-Dcw
Rendered-Blocks
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-AIR-PT
X-Connection-Hash
X-D
X-Destination
X-Date
Content-Script-Type
X-B-Cookie
X-A-Wwc
X-A-Dgt
Mobile-Detection-Method
X-Accel-Expires-Debug
X-ARC
X-Aed
Content-Style-Type
X-Nginx-Cache-Key
X-ServiceProvider
X-ScT
X-SIPLIST1
X-SRCache-Key
X-Swa-Ws
X-Scheme
X-S-Cookie
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S
X-Thinkindot-L3
X-Trace-Id
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
NGX
X-Processor
X-Session-Fingerprint
X-Matched-Rule
X-Method
GEO-REGION-INFO
X-Geo-Header
X-Generated-On
X-External-Request-Id
X-G
X-NodeID
X-Level-Front-Cache
X-PAYTM-SRV-ID
Cache-Key
X-Cluster-Name
OT-Force-Account-Verify
X-Generation-Time
X-SD-PageType
Release
Pagetype
RNT-Machine
RNT-Time
X-Varnish-Cacheable
X-VC-Cache
Server-Ext
On-Server
X-Agile
X-Worker
X-Response-By
X-Policy
Magicmarker
X-Developers
X-User
X-Generated-In
X-Agile-Age
N-Cache
Server-Hostname
X-Skip-Cache
X-Logging-Id
X-Location
X-Thanos
X-Req
X-Dispatch
X-Node-Id
X-Owner
X-Reqid
Viewport
V-Age
X-LAGOON
Sever-Int
X-Cache-FS-Status
X-Bip
X-Core-Value
X-Agile-Id
UCS
X-Cms-Context
X-Compress-Hint
Server-Host
Vix-Hermes-Req-Id
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
AKAMAI
Apple-News-Services-Handled
Cache-Cookie-Set-Lfrom
CDCHOST
X-SRV
X-Envoy-Decorator-Operation
User-Cache-Control
Cf-Ipcountry
Sid
X-Hit
Wxu-Next-Commit
X-Gen-Mode
X-Cache-Debug
X-Dispatcher-Server
Wxu-Next-Region
Wxu-Next-Hostname
X-Fmm-Version
X-Be
X-Is-Gdpr
X-Device-Os
W
Web-Mar-Node
X-Core-Mission
X-VG-TLSProxy
We-Hiring
X-Hash
X-Block-Status
X-Cache-Bucket
X-NC
X-Auto-Login
X-Epic-Correlation-Id
X-Distributor
X-Backend-State
X-Servername
X-Storefront-Renderer-Rendered
X-Has-Esi
X-Clara-WADP
X-Distil-CS
X-Cache-URL
Node
X-WADP-Cache
X-Cache-Info
X-Branch-Name
X-JWT-State
Mail-Subject
X-SN
Fastly-Drupal-HTML
X-Variation
X-Micro-Cache
NM-Fastcgi-Cache
X-TH-Server
X-Loc
X-Wikidot-Static-Cache
Fastly-SIE
Kp-EeAlive
Fastly-SWR
Is-Eu
X-Server-W
X-Microcachable
X-Request-UUID
X-Wikidot-Backend
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin-Date
X-Origin-Expires
C-Via
X-Magnolia-Registration
X-Clientip
Adler-Geo
X-Hnp-Log
Rt-Fastcgi-Cache
Platform
CacheControlHeader
Gh-Request-Id
X-RateLimit-Remaining-Second
X-TA-CDN-Provider
X-RateLimit-Limit-Second
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-App
X-Origin-TTL
X-Origin-CC
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-We-Are-Hiring
X-Instart-Info
X-VServer
X-Var-Ttl
X-Eu-Site
X-TrackingId
X-Reboot
X-Cache-Tags
X-Cache-Id
X-Irp-Debug
X-Cache-ASPX
X-Slack-Backend
X-Mvc-Supplant-Cachable
X-Request-Host
L5d-Success-Class
Ha-Gx-Prefs
X-CGP
HA-Ipaddr
X-Fastly-Cache
X-Esi-Check
X-Gzip
X-GoCache-CacheStatus
X-Via-PopV
X-Li-Fabric
X-Via-PopH
X-SVT-ORM-RULES
X-Platform-Server
X-SVT-ORM-VERSION
X-BBXSRF
Memcached
X-Li-Pop
X-NU-AKA-ACS-Version
X-Configured-By
X-Dc
X-Webstats-RespID
X-Wa
X-LI-UUID
X-LI-Proto
X-Backend-Host
LB
X-Cdn-Forward
X-Ms-Request-Id
X-Edge-Location
X-TT-TIMESTAMP
X-Key
X-Ms-Version
HostName
X-Envoy-Upstream-Healthchecked-Cluster
Referer-Policy
Pragrma
X-Varnish-URL
X-BC
NtCoent-Length
X-ZONE
Esi-Enabled
X-Servedbyhost
Tracecode
X-Refresh
X-Vgn-Hpd-Reason
MIME-Version
X-Ua-Device
CACHE
X-App-Name
Fastly-Backend-Name
L
X-Via-CDN
Server-ID
X-UA
Ohc-File-Size
X-B3-Traceid
X-Server-IP
GEO-INFO
X-Mvc-Supplant-OutputCached
X-MSEdge-Flight
X-MSEdge-Features
X-BACKEND-TTL
X-Nginx-Cache
Cache-Host
X-Up
X-Bc
X-Zone
Memory
X-Batcache
X-Unique-ID
X-TIME
Server-Cache-Control
X-Svr
X-Sucuri-ID
X-Minions-Version
Server-Surrogate-Control
X-VCL-Version
X-ND-Cache
X-ElasticPress-Query
X-Debug-Panamera-Host
X-Cdn-Srv
X-Debug-Panamera-Sitecode
X-S-Maxage
X-Generated-By
X-GEO
X-FPC
X-COUNTRY
X-Pjax-Url
Ohc-Response-Time
X-VCT
X-Aicache-OS
X-Oss-Object-Type
FSS-Cache
X-CF-Powered-By
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
DCR-Decision-By
Resin-Trace
X-Rocket-Nginx-Bypass
DCR-Processing-Time-Ms
GeoIP-Country-Code
Locid
Heartbleed
GeoIP-Latitude
Request-Country
X-Azure-Ref-OriginShield
Location
Pramga
X-Fastly-Cache-Status
Request-EU
Hostname
X-Oracle-Dms-Rid
Powered-By-ChinaCache
X-Varnish-Hits
X-BE
X-Newrelic-App-Data
X-Varnish-Ttl
X-Check-Cacheable
X-Request-URI
X-PF-Uncompressing
Cteonnt-Length
Lfy
X-LB-ID
HitType
X-Fastly-Country-Code
X-Shopify-Generated-Cart-Token
X-Sucuri-Cache
Cdn-Request-Time
X-Edge-Server
PFcat
Cdn-Host
X-CSRF-TOKEN
X-Gamma-Serve
X-PJAX-URL
X-VarnishDD-TTL
X-Ratelimit-Reset
X-VHOST
X-Varnishpool
X-OVcl
X-OVcl-Cache
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Fpc
WZWS-RAY
CF-Cached-On
X-Platform
X-WebServer
GeoIp-Country-Code
Geoip-Latitude
X-HS-Status
Amp-Access-Control-Allow-Source-Origin
X-Fastly-Backend-Reqs
SRV
Product
X-Instart-Isnd
X-Proxy-Upstream
X-Vcl-Version
X-Pf-Uncompressing
X-Render-Time
Mime-Version
X-Ratelimit-Remaining
X-Cache-Expired-At
X-Client-Ip
X-Fetched-On
X-Original-Request-Id
SN
X-Ftr-Cache-Host
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Cdn-Origin
My-App
X-Sn-Servicetimems
Ohc-Cache-HIT
X-GeoIP-Country-Code
WWW-Authenticate
X-NGINX-Cache
X-Amzn-Remapped-Date
X-CACHE-KEY
X-ECache
X-Amzn-Remapped-Connection
X-CUA
Dt-Cache-Category
Pics-Label
X-Varnish-Url
URI
Epwk-X-Cache
X-Ratelimit-Limit
XServer
X-ServedByHost
X-Cache-Tag
Lb
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Request-Start
X-B3-SpanId
A
X-Tec-Api-Version
X-Oss-Cdn-Auth
X-StackifyID
X-Tec-Api-Root
X-Swift-Error
X-RunCloud-Cache
X-Debug-Cache-Fetch
X-B3-Spanid
Cdn
X-Served-From
X-Debug-Cache-Store
Group
Backend
Backend-Name
X-WR-MODIFICATION
X-Apw-Access-Action
X-Apw-Access-Object
PICS-Label
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Cache-String
Server-Ttl
X-Debug-Cache-Bypass
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popv
X-Via-Poph
Cf-Alt-Svc
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Apw-Hits
Cloudfront-Viewer-Country
X-Apw-Access-Token
X-Nananana
X-LiteSpeed-Cache-Control
SID
X-Cache-Version
X-Csrf-Jwt
X-WA
X-Request-Time
Proxy-Firewall
Cneonction
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Cache-Hm
X-Cache-Hfrom
X-Via-Ucdn
X-Varnish-Beresp-TTL
X-Acquia-Site
X-Acquia-Purge-Tags
Origin
X-APP
Req-ID
X-Sigma
X-Sigma-Backend
Inserted-Into-Cache-At
X-Via-NSCOPI
CF-IPCountry
X-Rocket-Build-Number
Warning
X-Snapshot-Date
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-SB
X-VC
NnCoection
X-B3-Parentspanid
X-Html-Edge-Cache
X-IN-APIGATEWAYSSL
Country-Code
X-ElasticPress-Search
X-Request-URL
X-Varnish-ID