Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
Status
X-Ua-Compatible
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Request-Context
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-Server-Id
X-WebKit-CSP
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Cache-Lookup
X-Readtime
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Rack-Cache
X-Clacks-Overhead
Accept-CH
X-Px
RTSS
MS-Author-Via
X-Vname
X-TtlSet
X-PC
Accept-CH-Lifetime
X-Goog-Hash
X-FTR-Request-ID
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-Cdn-Fetch
Public-Key-Pins
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Middleton-Display
X-Middleton-Response
Display
X-Forwarded-Proto
Pagespeed
Response
X-Sol
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
Host-Header
X-Pass-Why
X-D2id
X-Content-Type
X-Amz-Rid
Pinterest-Generated-By
X-CST
TCN
X-NF-Request-ID
X-Abt-Application-Version
X-Vcap-Request-Id
X-Cached
X-Ttl
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-Request-ID
Accept-Ch
AR-CACHE
Ar-Sid
X-ESI
X-Navigation-Version
X-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Powered-CMS
X-Upstream
X-Instart-Request-ID
X-Grace
Accept-Ch-Lifetime
X-Debug
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Access-Control-Request-Method
X-MSEdge-Ref
Charset
Nginx-Cache
X-Accel-Expires
X-XRDS-Location
Content-MD5
X-Mrf-Item-Lastmod
X-Element-Page-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
SPIisLatency
Realpath
SPRequestDuration
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
S
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Oneagent-Js-Injection
X-Jurisdiction
X-Hp-Webp
X-Cdn
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Client-IP
X-Trace
X-Kinsta-Cache
X-T
X-TTL
X-Node-Name
X-Content-Digest
Fastcgi-Cache
X-FastCGI-Cache
X-Logged-In
X-Cache-Key
X-Server-ID
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Frontend
X-Cache-Age
X-Hostname
ServerID
X-Amzn-Trace-Id
Front-End-Https
Fastly-Restarts
X-FTR-Cache-Status
X-Country-Code-Real
X-Forwarded-For
Edge-Cache-Tag
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-FTR-Backend
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
Server-Name
X-Yandex-Sdch-Disable
Powered
PB-PID
PB-RID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
X-Content-Security-Policy-Report-Only
Filters
X-Ruxit-Js-Agent
X-Revision
X-User-Agent
X-DIS-Request-ID
X-Page-Id
X-Zen-Fury
X-LB-Cache
X-Hits
X-Jobs
X-F-Cache
X-Akamai-Edgescape
X-Correlation-Id
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Content-Powered-By
Accept-Charset
X-Geo-Country
X-Origin-Server
Alternate-Protocol
X-Erf-Bev-Bev-Is-Generated
X-Fastcgi-Cache
X-Erf-Bev-Bev
X-Varnish-Age
X-N
AMP-Access-Control-Allow-Source-Origin
X-B
X-Daa-Tunnel
X-FTR-Cache-Host
X-Varnish-Backend
Cache-Tags
X-Rid
X-RateLimit-Remaining
Backend-Timing
X-ATS-Timestamp
X-Activity-Id
X-Az
X-AppVersion
Retry-After
X-Via-JSL
X-Varnish-Grace
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
MicrosoftSharePointTeamServices
DC
X-Type
Surrogate-Key
X-Whom
X-Git-Hash
Section-Io-Cache
X-FB-Debug
X-App-Environment
X-B-Cache
X-Request-Guid
Paypal-Debug-Id
X-TT
X-Signature
X-Status
X-Content-Options
Host
X-Edge
X-Esi
X-Debug-Info
Frame-Options
Actual-Object-TTL
X-ATG-Version
Fastcgi-Useragent
X-Ser
Healthy
X-App-Server
X-IPLB-Instance
X-Endurance-Cache-Level
X-AOL-HN
X-Contextid
X-Amzn-RequestId
X-HTML-Minification-Powered-By
Srv
X-Cache-Action
Nel
X-Seen-By
X-ECACHE
X-B3-Sampled
From-Origin
Refresh
X-Pinterest-Direct
X-Host-Name
X-Amz-Apigw-Id
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-RemovedCookies
X-Accel-Buffering
X-ProcessESI
X-Response-Served-From
X-Instance
X-Cache-Rule
X-Cache-Operation
X-Protected-By
X-Cacheable-TTL
Content-Disposition
X-Rendered-As
X-Time
X-Rule
X-Region
X-UUID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-MCACHE
X-Is-Bot
X-Mid
X-Environment-Context
X-WA-Info
MS-CV
Eomportal-Instance
Datacenter
Payment
X-L-Path
Source
X-FW-Static
X-FW-Type
X-FW-Serve
X-Varnish-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Adobe-Loc
Countrycode
X-Adobe-Content
X-Cache-Time
X-PressLabs-Stats
X-Litespeed-Cache
Xserver
X-Cache-Control
X-Release
X-Cached-By
Uber-Trace-Id
X-EdgeConnect-Cache-Status
Cache-Status
X-Proxy
X-Cache-Server
X-Akamai-Request-ID2
X-Load-Cache
X-UnsetCookies
X-Mobile
X-GeoIP
X-VCache
X-Akamai-Transformed
X-PHP-Backend
X-Webkit-CSP
X-NewRelic-App-Data
X-Azure-Ref
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Wix-Request-Id
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Tt-Trace-Host
Version
X-Mode
X-SERVER-NAME
X-Cluster
X-Handled-By
X-NWS-UUID-VERIFY
X-Air-Hostname
X-NGENIX-Cache
Cache
Liferay-Portal
X-Backend-Name
X-IPS-LoggedIn
Accept-Language
X-Cache-NGX
NGB
X-XRDS-LOCATION
X-Framework
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FireWall-Port
X-Correlation-ID
X-CSRF-Token
X-Cache-Remote
X-CCM
X-PERF
X-Proxied
X-Path-Route
X-LJ-Flow-ID
Filterid
X-ES-SERVER
X-Zipkin-Id
X-VWS-Id
X-UPSTREAM-Address
X-UA-Device-Type
X-Via-Fastly
X-RN-RSRV
X-URL
X-Routing-Service
X-Locale
Load-Balancing
X-Adobe-Source
X-Cache-Var-Map
Meta-Geo
Cross-Origin-Window-Policy
X-ApacheServer
X-Cache-Status-Check
X-Cache-Var
X-AWS-Id
X-Real-IP
X-R9-Blue-Green-Version
X-Site-Version
Decoy-Debug-TTL
X-Storage
Decoy-Debug-Status
X-TX-ID
DSUID
X-Qloud-Router
X-MP-GENERATED-AT
Cache-Hits
X-Detected-As
X-OCL
X-PCL
X-Www-Served-By
Mn-Server-Ip
ServedBy
X-Viewer-Country
Decoy-Debug-Key
X-Ua
Cache-Name
Cleartype
X-Format
X-Info
X-IP
X-RateLimit-Limit
X-NCache
Akamai-GRN
Fastly-SSL
X-Cache-Config
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Access
Ms-Operation-Id
X-Bc-Bl
Now
X-Pubstack
X-Human
X-Say-TTL
X-SayCDN-TTL
X-Section
X-Redis-Cache
X-Web-Node
X-Say-Cacheable
X-RTag
X-BYPASS-REASON
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
TWC-Device-Class
X-CS
X-ShopId
X-Cache-Enabled
Webserver
Webcakes-Region
X-Varnish-Cache-Hits
TWC-Locale-Group
Cache-Tv-Group
Webcakes-App-Name
Webcakes-App-Version
S-Rt
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-ShardId
Property-Id
TWC-Privacy
X-Device-Type
X-Labrador-Cache-Channel
X-EIG-Tracking-Id
X-Hosted-By
X-No-Session
X-Origin-Hint
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Host
X-Hl-Ver
TWC-GeoIP-Country
X-FW-Version
X-ServerID
X-Geo
X-FC-Vary-Parameters
X-NYM-Debug-Backend
X-Origin
X-Proxy-Build
X-Content-Age
X-From
X-SaId
X-Generated
X-Timing-Wait
X-JoinUs
X-BCube-Filmed-By
X-TNCMS
X-Loop
X-Time-Microsecs
X-FB-TRIP-ID
Selected-Fe
X-Amzn-Remapped-Content-Length
X-Hyper-Cache
X-Cache-Host
Server-Info
DB-Nickname
Origin-Cache-Control
Azure-Version
Azure-SlotName
Azure-InstanceId
Geo-Info
Ec-Rule-Version
Azure-SiteName
Azure-RegionName
X-APP-VERSION
X-RequestSource
Origin-Edge-Control
X-Drupal-Cache-Contexts
X-Xfnlog-Site
Time
X-Cache-2
X-Cache-TTL-Remaining
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-EC-Lua
Locale
Country
X-Urbn-Site-Id
X-Urbn-Context-Path
User-Agent
X-Unique-Id
X-Pad
Apigw-Requestid
X-Old-Content-Length
X-Source
X-Varnish-Hostname
X-Cluster-Node
X-Cache-NE
Upgrade-Insecure-Requests
FilterID
X-App-Version
X-Debug-Cache
X-Presslabs-Stats
X-Parent-Response-Time
X-Soup
X-Akamai-Request-ID
X-Vcache
X-RCS-CacheZone
X-Cache-Backend
X-Proto
Proxy-Connection
X-Tb
X-Cache-Grace
X-DC
X-Cache-PHP
X-Proxy-Cache-Status
X-Forwarded-Host
X-Srv
X-CDN-Forward
X-Backend-TTL
X-Nc
X-App
Cache-Key
X-Storefront-Renderer-Rendered
X-Tumblr-Pixel-3
Viewtype
True-Client-Country-4JS
UCS
X-A-Ccd
Content-Style-Type
Thinkindot-Control
Xc-Version
Who
X-A
VivaBuild
Fastcgi-X-Cache-Version
Arc-Country
Thinkindot-CacheControl
Pagetype
Rendered-Blocks
Content-Script-Type
N-Cache
Mobile-Detection-Method
Meta-Geo-Continent
X-Vtex-Remote-Cache
Machine
Server-Host
M-TraceId
BehaviorPad-Version
FNAC-ModuleRouting
Thinkindot-CacheControl-Type
GEO-REGION-INFO
MD5-Digest
IsBot
T-Server
AsisCache
X-Application
X-Dispatch
X-S
X-External-Request-Id
X-G
X-Generated-On
X-S-Cookie
X-Scheme
X-SD-PageType
X-ServiceProvider
X-ScT
X-Developer
X-DevSite-Last-Modified
X-Rojux
X-Rewrite-Enabled
X-Matched-Rule
X-PAYTM-SRV-ID
X-NodeID
X-Nginx-Cache-Key
X-Method
X-Level-Front-Cache
X-Processor
X-Response-By
X-Reqid
X-Region-Sid
X-Geo-Header
X-Session-Fingerprint
X-Destination
X-A-Wwc
X-Twitter-Response-Tags
X-Accel-Expires-Debug
X-Trv-Group
X-Aed
X-Vdms-Path
X-Vdms-Version
X-VG-WebServer
X-A-Dam
X-A-Dcw
X-A-Dgt
X-VG-WebCache
X-ARC
X-Transaction
X-SRCache-Key
X-Swa-Ws
X-SIPLIST1
X-D
X-Date
X-Thinkindot-L3
X-Connection-Hash
X-B-Cookie
X-Trace-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Vtex-Processado-Em
ServerName
NR-ENABLED
X-Uri
X-SRV
WPE-Backend
X-FORWARDED-FOR
User-Cache-Control
OT-Force-Account-Verify
NGX
Release
X-Hash
X-Generation-Time
X-Generated-In
X-Be
Server-Ext
RNT-Time
RNT-Machine
X-Fmm-Version
X-Gen-Mode
X-Hnp-Log
X-Loc
X-Location
X-Logging-Id
X-Micro-Cache
X-Backend-State
Mail-Subject
NM-Fastcgi-Cache
Server-Hostname
X-LAGOON
LB
On-Server
Sever-Int
Wxu-Next-Region
X-Cache-Info
Wxu-Next-Hostname
Wxu-Next-Commit
X-Cache-URL
X-Cache-FS-Status
X-Cache-Bucket
X-Block-Status
X-Bip
X-Agile-Id
X-Agile-Age
X-Agile
Web-Mar-Node
We-Hiring
X-Developers
X-Core-Value
X-Device-Os
X-Cluster-Name
Kp-EeAlive
X-Compress-Hint
V-Age
X-Clara-WADP
Vix-Hermes-Req-Id
X-Cms-Context
Viewport
X-Dispatcher-Server
Magicmarker
Cache-Cookie-Set-From
X-User
Node
X-Varnish-Cacheable
Cache-Cookie-Set-Idcheck
X-VC-Cache
CacheControlHeader
Cache-Cookie-Set-Lfrom
X-Skip-Cache
Apple-News-Services-Request-Url
AKAMAI
X-SN
X-Magnolia-Registration
X-Thanos
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-AIR-PT
CDCHOST
X-Policy
X-Req
X-WADP-Cache
X-RateLimit-Limit-Second
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-Wikidot-Static-Cache
X-Owner
X-Worker
X-Node-Id
X-Origin-CC
X-Origin-TTL
X-Envoy-Decorator-Operation
Cf-Ipcountry
X-Hit
Sid
X-BBXSRF
X-TrackingId
X-Var-Ttl
X-Cache-Id
X-Cache-Debug
X-Clientip
X-VServer
X-Cache-Tags
S-Cnection
X-VG-TLSProxy
X-We-Are-Hiring
X-Variation
X-Webstats-RespID
X-Distil-CS
X-Reboot
X-Irp-Debug
X-Request-Host
X-Request-UUID
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Origin-Date
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Gzip
X-Server-W
X-Mvc-Supplant-Cachable
X-Slack-Backend
X-Core-Mission
X-Newrelic-Synthetics
X-Distributor
X-Servername
X-Fastly-Cache
X-Eu-Site
X-Esi-Check
X-Epic-Correlation-Id
X-TH-Server
X-CGP
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
Platform
Rt-Fastcgi-Cache
Gh-Request-Id
Fastly-SWR
Adler-Geo
C-Via
Fastly-Drupal-HTML
Fastly-SIE
W
Is-Eu
X-Auto-Login
X-NC
X-Cache-ASPX
X-TA-CDN-Provider
X-Backend-Host
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-LI-UUID
X-Branch-Name
X-Configured-By
X-NU-AKA-ACS-Version
Memcached
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-GoCache-CacheStatus
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cdn-Forward
Referer-Policy
HostName
X-Edge-Location
X-Key
X-Microcachable
X-Dc
X-Instart-Info
X-Wa
Pragrma
X-ZONE
X-BC
X-Via-PopH
MIME-Version
X-Varnish-URL
X-Refresh
X-Via-PopV
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-Ms-Version
Fastly-Backend-Name
X-TT-TIMESTAMP
X-Via-CDN
X-Servedbyhost
X-Ms-Request-Id
X-UA
X-Mvc-Supplant-OutputCached
X-Up
X-Nginx-Cache
NtCoent-Length
X-Ua-Device
X-Batcache
X-MSEdge-Flight
Memory
X-BACKEND-TTL
X-MSEdge-Features
X-Minions-Version
Esi-Enabled
X-Unique-ID
X-B3-Traceid
GEO-INFO
X-Vgn-Hpd-Reason
X-App-Name
Tracecode
L
Server-ID
X-ElasticPress-Query
X-Bc
X-Zone
X-ND-Cache
Ohc-File-Size
X-Sucuri-ID
X-Pjax-Url
X-Aicache-OS
X-Server-IP
X-VCL-Version
Cache-Host
X-TIME
CACHE
X-Svr
X-Debug-Panamera-Host
X-Cdn-Srv
X-Debug-Panamera-Sitecode
X-CF-Powered-By
X-Generated-By
GeoIP-Country-Code
X-COUNTRY
DCR-Processing-Time-Ms
Server-Surrogate-Control
Server-Cache-Control
DCR-Decision-By
X-Webkit-Csp
FSS-Cache
X-S-Maxage
X-Fastly-Cache-Status
X-PF-Uncompressing
X-Oss-Storage-Class
Ohc-Response-Time
Powered-By-ChinaCache
X-FPC
X-Oss-Request-Id
Location
Pramga
GeoIP-Latitude
X-Azure-Ref-OriginShield
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-VCT
X-Check-Cacheable
X-GEO
X-Rocket-Nginx-Bypass
HitType
X-Varnishpool
X-LB-ID
X-Ratelimit-Reset
Hostname
Resin-Trace
X-BE
X-Varnish-Ttl
PFcat
Request-Country
Locid
X-VarnishDD-TTL
Request-EU
Heartbleed
X-Sucuri-Cache
X-Varnish-Hits
Cteonnt-Length
X-Client-Ip
X-Vgn-Hpd-Variations-Key
X-Fpc
X-OVcl
X-Request-URI
X-OVcl-Cache
Amp-Access-Control-Allow-Source-Origin
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
Cdn-Request-Time
X-Fastly-Backend-Reqs
X-Edge-Server
Lfy
X-Instart-Isnd
Cdn-Host
X-Platform
X-Original-Request-Id
X-VHOST
X-Cache-Expired-At
X-Gamma-Serve
X-HS-Status
Geoip-Latitude
X-Newrelic-App-Data
X-Render-Time
X-Fastly-Country-Code
X-PJAX-URL
GeoIp-Country-Code
CF-Cached-On
X-CSRF-TOKEN
X-Shopify-Generated-Cart-Token
SN
X-Vcl-Version
SRV
X-CUA
X-Pf-Uncompressing
WZWS-RAY
X-WebServer
X-Ratelimit-Remaining
X-Oracle-Dms-Rid
X-Ftr-Cache-Host
X-Proxy-Upstream
Epwk-X-Cache
Pics-Label
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
Product
Mime-Version
X-NGINX-Cache
X-CACHE-KEY
X-Fetched-On
X-Sn-Servicetimems
My-App
WWW-Authenticate
X-ECache
X-Cdn-Origin
Ohc-Cache-HIT
X-Amzn-Remapped-Connection
Backend
X-GeoIP-Country-Code
X-ServedByHost
XServer
X-Amzn-Remapped-Date
URI
X-Ratelimit-Limit
X-Ftr-Request-Id
X-RunCloud-Cache
X-Varnish-Url
Backend-Name
X-Tec-Api-Root
X-StackifyID
Dt-Cache-Category
X-Tec-Api-Origin
X-Tec-Api-Version
CloudFront-Viewer-Country
X-B3-SpanId
X-Oss-Cdn-Auth
X-Via-Poph
X-Via-Popv
X-Csrf-Jwt
A
X-Request-Start
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Swift-Error
Lb
X-Tb-Optimization-Total-Bytes-Saved
X-Ftr-Realm
X-Ftr-Dc
X-Ftr-Balancer
Group
X-Served-From
Cloudfront-Viewer-Country
X-B3-Spanid
SID
Server-Ttl
PICS-Label
X-Request-Time
X-Ftr-Backend-Server
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-Cache-Tag
X-LiteSpeed-Cache-Control
X-Ftr-Backend
X-Nananana
X-Sigma-Backend
X-WA
X-Debug-Do-Not-Cache-Uri
Host-ID
X-Debug-Cache-Status
X-Debug-Cache-Bypass
Cdn
X-Rocket-Build-Number
X-Debug-Cache-String
X-Sigma
X-Cache-Version
Proxy-Firewall
X-Apw-Access-Action
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Dnion-Transfer-Encoding
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
Cneonction
X-Acquia-Site
X-Apw-Access-Object
X-Apw-Hits
X-Cache-Hfrom
X-Apw-Access-Token
X-Cache-Hm
X-ServerName
X-Snapshot-Date
CF-IPCountry
Warning
Inserted-Into-Cache-At
FSS-Proxy
X-SB
X-Html-Edge-Cache
X-Request-URL
X-ElasticPress-Search
X-Via-Ucdn
Cf-Alt-Svc
X-Dw-Trace-Id
Req-ID
X-VC
X-Varnish-ID
Origin