Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
CF-Ray
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-Request-ID
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
X-Cache-Group
Feature-Policy
Request-Context
X-Proxy-Cache
EagleId
Xkey
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Vhost
X-Device
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
Content-Location
X-Origin-Upstream-Status
X-HW
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
X-Rack-Cache
Accept-CH
RTSS
X-Url
Edge-Control
MS-Author-Via
X-Clacks-Overhead
Accept-CH-Lifetime
X-Px
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
Verso
X-Goog-Hash
X-Varnish-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-B3-TraceId
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Exp-Variant
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
Pagespeed
Response
Display
X-Middleton-Display
X-Sol
X-Middleton-Response
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
X-Content-Type
X-Cdn
X-D2id
X-CST
X-Vcap-Request-Id
X-NF-Request-ID
TCN
X-VARITI-CCR
X-Amz-Rid
X-Ttl
X-Abt-Application-Version
X-Cached
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
Pinterest-Generated-By
X-ESI
X-Navigation-Version
X-Powered-CMS
Accept-Ch
X-Upstream
X-Version
X-Fastly-Request-ID
X-Debug
Cache-Tag
X-Grace
X-Server-Name
Accept-Ch-Lifetime
X-Instart-Request-ID
Access-Control-Request-Method
X-Element-Page-Cache
X-MSEdge-Ref
Charset
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Realpath
X-XRDS-Location
X-TEC-API-ROOT
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Jurisdiction
X-Hp-Webp
SPRequestDuration
SPIisLatency
X-Pinterest-Rid
Pinterest-Version
X-Id
X-Amz-Meta-S3cmd-Attrs
X-SharePointHealthScore
SPRequestGuid
X-Recruiting
X-Dw-Request-Base-Id
S
X-T
X-Content-Digest
X-Kinsta-Cache
X-Cache-Key
X-Trace
Fastcgi-Cache
X-Logged-In
X-TTL
X-NWS-LOG-UUID
X-Node-Name
TP-Cache
X-FastCGI-Cache
TP-L2-Cache
X-Hostname
ServerID
X-Oneagent-Js-Injection
X-Mobile-URL
X-Request-Processing-Time
Fastly-Restarts
X-Request-Received
X-Amzn-Trace-Id
X-Cache-Hit
X-Frontend
Server-Node
Front-End-Https
X-Cache-Age
X-Server-ID
X-Client-IP
X-Yandex-Sdch-Disable
X-Forwarded-For
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
Powered
Edge-Cache-Tag
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
Server-Name
PB-RID
Arc-Version
PB-PID
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ah-Environment
X-Akamai-Edgescape
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Hits
X-Page-Id
X-LB-Cache
X-Jobs
Filters
X-F-Cache
X-Erf-Bev-Bev
X-Revision
X-Erf-Bev-Bev-Is-Generated
Alternate-Protocol
X-Origin-Server
X-Correlation-Id
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Content-Powered-By
X-Geo-Country
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
X-Varnish-Age
Accept-Charset
X-N
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-Varnish-Backend
X-Ser
Cache-Tags
X-Type
X-B
X-Varnish-Grace
DC
Paypal-Debug-Id
X-Fastcgi-Cache
X-Amz-Replication-Status
X-Git-Hash
X-Esi
X-Rid
Surrogate-Key
X-RateLimit-Remaining
X-App-Environment
Host
Retry-After
X-Content-Options
X-Whom
X-WebKit-CSP-Report-Only
X-Signature
X-Request-Guid
X-B-Cache
Section-Io-Cache
X-FB-Debug
X-TT
X-Edge
X-Az
X-Activity-Id
X-AppVersion
Fastcgi-Useragent
X-IPLB-Instance
X-Status
X-Endurance-Cache-Level
Actual-Object-TTL
X-Debug-Info
X-Via-JSL
Frame-Options
Healthy
Nel
X-HTML-Minification-Powered-By
X-Release
MicrosoftSharePointTeamServices
X-ATG-Version
Srv
X-AOL-HN
Content-Disposition
Refresh
X-Amz-Apigw-Id
X-Cache-Action
X-Contextid
X-Amzn-RequestId
Backend-Timing
X-ATS-Timestamp
X-App-Server
X-Seen-By
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-Protected-By
X-B3-Sampled
X-Pinterest-Direct
X-Response-Served-From
X-Accel-Buffering
X-Cache-Rule
X-ProcessESI
X-Cache-Operation
X-RemovedCookies
X-Region
X-MCACHE
X-Mid
Odigeo-Trace-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-Upgrade-Enabled
X-FW-Type
X-FW-Hash
Datacenter
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-Is-Bot
X-Instance
X-FW-Static
X-Rendered-As
X-UUID
Eomportal-Instance
X-Varnish-Server
Uber-Trace-Id
X-Rule
X-Cache-Time
X-L-Path
Payment
X-Environment-Context
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-WA-Info
MS-CV
X-Adobe-Loc
X-Adobe-Content
Countrycode
X-Drupal-Cache-Tags
X-Proxy
X-Host-Name
X-EdgeConnect-Cache-Status
X-Cached-By
X-Akamai-Request-ID2
X-Time
X-Cache-Server
X-Mobile
X-NewRelic-App-Data
X-Load-Cache
X-PHP-Backend
X-Cache-Control
X-Azure-Ref
X-Air-Hostname
Access-Control-Request-Headers
Server-Info
Source
Xserver
X-UnsetCookies
Accept-Language
X-SERVER-NAME
X-Backend-Name
X-GeoIP
X-NGENIX-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Tt-Trace-Host
X-Cache-NGX
X-Akamai-Transformed
X-Presslabs-Stats
X-Handled-By
Liferay-Portal
X-Framework
X-NWS-UUID-VERIFY
X-Webkit-CSP
X-Mode
X-Unique-Id
X-CSRF-Token
Version
X-XRDS-LOCATION
X-Correlation-ID
X-Pass-Why
X-Wix-Request-Id
X-URL
Filterid
X-FireWall-Port
X-RateLimit-Limit
X-APP-VERSION
X-Locale
X-Path-Route
Meta-Geo
X-UPSTREAM-Address
Cache-Status
X-Cache-Var-Map
X-CCM
X-Adobe-Source
X-RN-RSRV
X-Zipkin-Id
X-Routing-Service
X-ES-SERVER
Load-Balancing
X-Vcache
X-Cache-Var
X-Proxied
X-Www-Served-By
Cross-Origin-Window-Policy
X-VWS-Id
X-ApacheServer
X-Via-Fastly
X-NCache
X-Site-Version
X-IP
X-LJ-Flow-ID
X-Section
X-MP-GENERATED-AT
X-Detected-As
X-Access
X-AWS-Id
X-Qloud-Router
X-PERF
X-Cache-Status-Check
X-Format
X-Real-IP
DSUID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-UA-Device-Type
Mn-Server-Ip
X-Cluster
TWC-Connection-Speed
X-Device-Type
TWC-GeoIP-LatLong
TWC-Privacy
X-FW-Version
TWC-Locale-Group
X-Info
TWC-GeoIP-Country
TWC-Device-Class
Now
X-Amzn-Remapped-Content-Length
Property-Id
S-Rt
Cache-Hits
ServedBy
X-CS
Akamai-GRN
X-Hyper-Cache
Cleartype
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
Cache-Name
X-Human
X-Pubstack
X-Redis-Cache
X-Origin-Hint
X-TX-ID
X-Web-Node
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
X-ServerID
Cache
X-Storage
X-Cache-2
Webserver
X-FC-Vary-Parameters
X-Alternate-Cache-Key
Section-Io-Id
X-EIG-Tracking-Id
X-SayCDN-TTL
X-Shopify-Stage
X-ShardId
X-Say-TTL
X-Say-Cacheable
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Bc-Bl
X-Cache-Host
X-ShopId
X-Hosted-By
X-Cache-Config
X-Cache-Enabled
X-OCL
X-Origin
Apigw-Requestid
X-IPS-LoggedIn
Cache-Tv-Group
Decoy-Debug-Status
X-Labrador-Cache-Channel
Decoy-Debug-TTL
Decoy-Debug-Key
DB-Nickname
X-PHP-Host
X-NYM-Debug-Backend
X-PCL
X-Timing-Wait
X-BYPASS-REASON
X-Viewer-Country
X-BCube-Filmed-By
X-Content-Age
X-Time-Microsecs
X-TNCMS
X-SaId
Azure-SlotName
Azure-Version
X-Proxy-Build
Fastly-SSL
Azure-SiteName
Azure-RegionName
X-Loop
X-Hl-Ver
Azure-InstanceId
X-ProxyCache-Status
X-ProxyCache-Key
X-From
X-JoinUs
Selected-Fe
X-FB-TRIP-ID
Origin-Cache-Control
X-RTag
Ms-Operation-Id
X-Urbn-Site-Id
NGB
X-Cache-Remote
Locale
X-Urbn-Context-Path
X-VCache
Ec-Rule-Version
X-Ua
X-Generated
X-Geo
X-No-Session
X-Drupal-Cache-Contexts
X-CDN-Forward
X-Cache-TTL-Remaining
X-PressLabs-Stats
X-EC-Lua
Origin-Edge-Control
Time
X-Backend-TTL
X-Debug-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
X-Storefront-Renderer-Rendered
X-Xfnlog-Site
X-Source
X-SRV
SD-X-WS
X-Soup
X-Pad
X-NC
X-Proto
X-Varnish-Hostname
X-Old-Content-Length
X-Akamai-Request-ID
X-Tb
Upgrade-Insecure-Requests
GEO-INFO
X-Cluster-Node
X-Cache-PHP
X-TA-CDN-Provider
Referer-Policy
X-App-Version
Cache-Key
X-RequestSource
User-Agent
X-RCS-CacheZone
LB
X-Parent-Response-Time
X-Cache-NE
X-App
X-Client-Ip
X-DC
X-Cache-Backend
Proxy-Connection
X-Magnolia-Registration
X-FORWARDED-FOR
X-Origin-CC
NGX
X-Origin-TTL
Geo-Info
X-Vdms-Version
AKAMAI
AsisCache
X-VG-WebCache
Arc-Country
X-Vdms-Path
UCS
X-Vtex-Processado-Em
True-Client-Country-4JS
T-Server
Viewtype
Rendered-Blocks
VivaBuild
X-VG-WebServer
MD5-Digest
Meta-Geo-Continent
Machine
GEO-REGION-INFO
IsBot
M-TraceId
Fastcgi-X-Cache-Version
Content-Style-Type
CacheControlHeader
Who
X-Vtex-Remote-Cache
Content-Script-Type
X-SVT-ORM-RULES
N-Cache
BehaviorPad-Version
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-Transaction
X-Processor
X-Region-Sid
X-Nginx-Cache-Key
X-Method
X-Twitter-Response-Tags
X-Generation-Time
X-Geo-Header
X-Trv-Group
X-Response-By
X-Rewrite-Enabled
X-SIPLIST1
X-Swa-Ws
X-SRCache-Key
X-SVT-ORM-VERSION
X-ScT
X-Scheme
X-Rojux
X-S
X-S-Cookie
X-G
X-External-Request-Id
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-B-Cookie
X-CF-Lambda-Fn
X-Developers
X-DevSite-Last-Modified
X-Dispatch
X-Edge-Location
X-Developer
X-Destination
X-Connection-Hash
X-D
X-Date
X-A
Mobile-Detection-Method
X-Cache-Grace
Xc-Version
X-AIR-PT
FilterID
X-Tumblr-Pixel-3
OT-Force-Account-Verify
X-Proxy-Cache-Status
X-Distributor
Node
Pragrma
X-Cache-URL
Pagetype
X-JWT-State
Release
X-Varnish-Cacheable
X-Backend-State
X-Worker
On-Server
X-Cache-FS-Status
X-Key
X-Policy
X-Trace-Id
X-Level-Front-Cache
Magicmarker
X-Cache-Bucket
NM-Fastcgi-Cache
X-Bip
MIME-Version
Server-Host
Viewport
X-Location
X-VC-Cache
X-NodeID
X-Logging-Id
X-Node-Id
Wxu-Next-Hostname
Wxu-Next-Region
X-Micro-Cache
X-Matched-Rule
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Hostname
Wxu-Next-Commit
Server-Ext
X-Owner
X-Agile-Id
X-Uri
Thinkindot-CacheControl
X-Agile
Sever-Int
X-Agile-Age
X-Auto-Login
X-Is-Gdpr
X-Server-W
X-Servername
Apple-News-Services-Request-Url
X-Device-Os
X-Generated-On
X-Forwarded-Host
X-SD-PageType
X-Hash
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Cluster-Name
X-Skip-Cache
X-SN
X-Wikidot-Static-Cache
X-Wikidot-Backend
Apple-News-Services-Handled
X-Dispatcher-Server
X-Thanos
X-Has-Esi
FNAC-ModuleRouting
X-Thinkindot-L3
X-Cms-Context
X-Reqid
X-Compress-Hint
Gh-Request-Id
User-Cache-Control
X-Hit
X-Loc
X-Epic-Correlation-Id
X-Varnish-Authentication
X-Cache-Tags
X-Clientip
X-Esi-Check
X-Eu-Site
X-Fastly-Cache
X-User
X-Var-Ttl
X-Fmm-Version
X-Envoy-Decorator-Operation
X-CGP
X-Clara-WADP
X-Gen-Mode
X-Block-Status
X-LAGOON
X-Gzip
X-Backend-Host
X-Core-Mission
X-Irp-Debug
X-Generated-In
X-Cache-ASPX
X-Cache-Id
X-Cache-Info
X-Contensis-Viewer-Groups
X-Hnp-Log
X-BBXSRF
X-Core-Value
X-Origin-Date
Ha-Gx-Prefs
HA-Ipaddr
X-Request-Host
Fastly-SWR
Fastly-SIE
X-Req
Kp-EeAlive
X-Rebelmouse-Cache-Control
Mail-Subject
X-Rebelmouse-Surrogate-Control
X-VServer
X-Mvc-Supplant-Cachable
Fastly-Drupal-HTML
X-Request-UUID
X-Slack-Backend
X-Webstats-RespID
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-We-Are-Hiring
X-ServiceProvider
CDCHOST
X-WADP-Cache
C-Via
X-TH-Server
X-RateLimit-Remaining-Second
L5d-Success-Class
Vix-Hermes-Req-Id
X-Origin-Expires
X-NU-AKA-ACS-Version
Rt-Fastcgi-Cache
ServerName
X-RateLimit-Limit-Second
W
X-VG-TLSProxy
We-Hiring
Web-Mar-Node
X-TrackingId
V-Age
X-Newrelic-Synthetics
X-Up
X-GoCache-CacheStatus
X-Variation
X-LI-UUID
Adler-Geo
X-Li-Fabric
X-Reboot
Fastly-Backend-Name
Platform
Memcached
X-LI-Proto
X-Session-Fingerprint
X-Li-Pop
Is-Eu
X-Distil-CS
X-Dc
X-BC
X-ZONE
X-Wa
RNT-Machine
Sid
RNT-Time
X-Minions-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Via-CDN
X-Srv
X-ElasticPress-Query
X-Be
X-Refresh
X-Batcache
X-Aicache-OS
X-Configured-By
X-UA
X-Nc
X-Varnish-URL
Cf-Ipcountry
X-CACHE-GROUP
X-Branch-Name
X-Cache-Debug
X-Ua-Device
CACHE
Hostname
X-Servedbyhost
X-TIME
DCR-Decision-By
DCR-Processing-Time-Ms
X-Mvc-Supplant-OutputCached
X-Nginx-Cache
X-B3-Traceid
S-Cnection
X-Ratelimit-Reset
Pramga
X-Instart-Info
Memory
X-Varnishpool
HostName
X-Original-Request-Id
X-MSEdge-Features
X-Via-PopV
X-Via-PopH
X-Platform-Server
X-MSEdge-Flight
HitType
Location
X-Envoy-Upstream-Healthchecked-Cluster
X-Fastly-Cache-Status
X-PF-Uncompressing
X-ND-Cache
X-Sucuri-ID
X-BE
X-TT-TIMESTAMP
X-Microcachable
X-Ms-Version
X-Ms-Request-Id
X-VCL-Version
X-Sucuri-Cache
X-Cdn-Forward
NtCoent-Length
Powered-By-ChinaCache
X-FPC
Esi-Enabled
X-CF-Powered-By
X-Debug-Panamera-Host
X-COUNTRY
X-LB-ID
X-Pjax-Url
X-Debug-Panamera-Sitecode
X-GEO
X-Bc
X-Zone
PFcat
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-OVcl-Cache
GeoIP-Country-Code
X-OVcl
X-Check-Cacheable
X-VarnishDD-TTL
Server-ID
X-Vgn-Hpd-Cached
X-App-Name
X-Azure-Ref-OriginShield
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
Resin-Trace
X-Instart-Isnd
GeoIP-Latitude
L
Ohc-File-Size
FSS-Cache
X-Platform
X-Render-Time
X-Cdn-Srv
Cache-Host
X-Vgn-Hpd-Reason
X-Server-IP
X-Fastly-Backend-Reqs
Server-Surrogate-Control
X-Generated-By
X-Varnish-Ttl
Server-Cache-Control
X-Svr
X-BACKEND-TTL
X-CUA
X-HS-Status
X-S-Maxage
X-Unique-ID
X-Ratelimit-Remaining
Cteonnt-Length
X-VHOST
Ohc-Response-Time
Epwk-X-Cache
Pics-Label
X-Fpc
X-PJAX-URL
Geoip-Latitude
X-Rocket-Nginx-Bypass
X-Fastly-Country-Code
GeoIp-Country-Code
X-Cache-Expired-At
Tracecode
X-CSRF-TOKEN
Backend-Name
Backend
SRV
X-Varnish-Hits
X-Newrelic-App-Data
Locid
X-Edge-Server
Request-EU
X-Tec-Api-Origin
X-Vcl-Version
Amp-Access-Control-Allow-Source-Origin
X-Pf-Uncompressing
X-Tec-Api-Version
X-Tec-Api-Root
X-VCT
X-RunCloud-Cache
Cdn-Host
Cdn-Request-Time
Heartbleed
SN
X-Csrf-Jwt
Request-Country
X-NGINX-Cache
X-Ratelimit-Limit
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
X-Request-URI
X-Oracle-Dms-Rid
X-CACHE-AGE
X-Via-Popv
X-Via-Poph
Lfy
X-ECache
X-StackifyID
X-Gamma-Serve
XServer
X-Request-Time
X-CACHE-KEY
WWW-Authenticate
CF-IPCountry
X-Amzn-Remapped-Date
X-Varnish-Url
Host-ID
X-Amzn-Remapped-Connection
X-ServedByHost
X-Rocket-Build-Number
X-Sigma
X-Nananana
X-Sigma-Backend
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-Oss-Cdn-Auth
WPE-Backend
NR-ENABLED
X-Debug-Cache-Store
X-DPWN-IS-SECURE
PICS-Label
X-Debug-Cache-Fetch
Country-Code
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
X-WebServer
URI
X-LiteSpeed-Cache-Control
X-Apw-Access-Token
Lb
SID
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Cache-Status
X-Cache-Tag
X-Shopify-Generated-Cart-Token
X-Debug-Cache-Bypass
X-Debug-Xas-Auth
Product
Cloudfront-Viewer-Country
Server-Ttl
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
X-Via-Ucdn
CDN-PullZone
CDN-EdgeStorageId
X-B3-Spanid
X-Proxy-Upstream
CDN-Cache
CDN-CachedAt
X-Debug-Ysi-Auth
X-Cache-Version
X-Fetched-On
X-Cdn-Origin
X-Acquia-Application-Trace
Cneonction
Dnion-Transfer-Encoding
X-Acquia-Site
X-Sn-Servicetimems
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
WZWS-RAY
Surrogated-Key
X-WA
X-Amz-Meta-Cb-Modifiedtime
X-Tb-Optimization-Total-Bytes-Saved
My-App
Ohc-Cache-HIT
Proxy-Firewall
X-APP
Cf-Alt-Svc
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Varnish-Beresp-TTL
X-VC
X-SB
X-GeoIP-Country-Code
A
X-Html-Edge-Cache
X-Swift-Error
X-WR-MODIFICATION
X-ElasticPress-Search
Inserted-Into-Cache-At
Warning
X-IN-APIGATEWAY
FSS-Proxy
X-Request-URL
X-Snapshot-Date
X-IN-APIGATEWAYSSL