Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-AH-Environment
X-Age
X-Server
X-Turbo-Charged-By
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Page-Speed
X-Hacker
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Dns-Prefetch-Control
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Accept-CH
X-Rack-Cache
Edge-Control
RTSS
X-Url
X-Clacks-Overhead
MS-Author-Via
X-Px
Accept-CH-Lifetime
X-FTR-Request-ID
Host-Header
X-TtlSet
X-Vname
X-PC
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
Public-Key-Pins
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Display
Pagespeed
X-Cache-TTL
X-DynaTrace
X-Content-Type
X-D2id
X-NF-Request-ID
TCN
X-Vcap-Request-Id
X-Amz-Rid
X-Abt-Application-Version
X-CST
Pinterest-Generated-By
X-VARITI-CCR
X-Cdn
X-Cached
AR-Request-ID
AR-PoweredBy
X-Ttl
AR-ATIME
AR-CACHE
Ar-Sid
X-ESI
X-Version
X-Navigation-Version
X-Powered-CMS
X-Upstream
X-Fastly-Request-ID
Cache-Tag
Accept-Ch
X-Server-Name
X-Grace
X-Debug
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-XRDS-Location
Charset
X-MSEdge-Ref
Nginx-Cache
Accept-Ch-Lifetime
Content-MD5
X-Element-Page-Cache
MRF-Tech
Realpath
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
SPRequestGuid
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
S
X-Hp-Webp
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Pass-Why
X-Dw-Request-Base-Id
X-Id
X-Kinsta-Cache
X-TTL
X-Trace
X-T
X-Cache-Key
X-Content-Digest
Fastcgi-Cache
X-Node-Name
X-Logged-In
X-Server-ID
X-Client-IP
TP-L2-Cache
X-NWS-LOG-UUID
TP-Cache
X-Mobile-URL
X-Hostname
X-Request-Received
X-Cache-Hit
Server-Node
X-Request-Processing-Time
X-Frontend
ServerID
X-Cache-Age
Fastly-Restarts
Front-End-Https
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
X-FastCGI-Cache
X-Country-Code-Real
X-Forwarded-For
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
Edge-Cache-Tag
X-FTR-Expires
X-Yandex-Sdch-Disable
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Server-Name
Powered
PB-PID
PB-RID
Arc-Version
X-Microsite
X-Request-Handler-Origin-Region
X-User-Agent
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Page-Id
X-Hits
X-F-Cache
Filters
X-Revision
X-Jobs
X-LB-Cache
X-Akamai-Edgescape
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
DynaTrace
X-Zen-Fury
X-Fastcgi-Cache
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
X-Origin-Server
Alternate-Protocol
X-HS-Combine-CSS
X-HS-Hub-Id
X-Content-Powered-By
X-HS-Content-Id
X-HS-Cache-Config
X-Correlation-Id
X-Geo-Country
Accept-Charset
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-FTR-Cache-Host
X-Daa-Tunnel
X-B
X-RateLimit-Remaining
Cache-Tags
X-Varnish-Backend
X-Ruxit-Js-Agent
X-Rid
X-WebKit-CSP-Report-Only
X-Type
Retry-After
DC
X-Git-Hash
X-Amz-Replication-Status
Host
X-Varnish-Grace
Surrogate-Key
Section-Io-Cache
Paypal-Debug-Id
X-Signature
X-TT
X-Whom
X-FB-Debug
X-Content-Options
X-B-Cache
X-Request-Guid
X-Edge
X-AppVersion
X-App-Environment
X-Activity-Id
X-Via-JSL
X-Az
X-Esi
X-Ser
MicrosoftSharePointTeamServices
X-Status
X-Debug-Info
Frame-Options
Fastcgi-Useragent
X-IPLB-Instance
Actual-Object-TTL
X-ATS-Timestamp
Backend-Timing
X-ATG-Version
Healthy
X-Endurance-Cache-Level
X-Webkit-CSP
X-App-Server
X-HTML-Minification-Powered-By
Srv
Nel
X-AOL-HN
X-Contextid
X-Cache-Action
X-Seen-By
X-Amzn-RequestId
X-ECACHE
Refresh
X-Pinterest-Direct
X-B3-Sampled
From-Origin
Access-Control-Allow-Method
Content-Disposition
X-Amz-Apigw-Id
X-Cache-Rule
X-Accel-Buffering
X-Upgrade-Enabled
X-Response-Served-From
X-Protected-By
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Release
X-Cache-Operation
X-RemovedCookies
X-ProcessESI
X-Host-Name
X-Drupal-Cache-Tags
X-Instance
Odigeo-Trace-Id
X-Is-Bot
X-Rendered-As
X-MCACHE
X-Mid
X-Region
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
VIX-Pulpo-Node
X-WA-Info
X-L-Path
X-Environment-Context
Payment
X-FW-Server
X-FW-Type
Datacenter
Eomportal-Instance
X-FW-Static
X-FW-Hash
X-Varnish-Server
X-FW-Serve
X-UUID
X-FW-Dynamic
X-Adobe-Content
X-Rule
MS-CV
X-Cache-Time
X-Adobe-Loc
Countrycode
X-Time
Uber-Trace-Id
X-Proxy
Source
X-Litespeed-Cache
X-Cached-By
X-Load-Cache
Xserver
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Cache-Control
X-Mobile
X-UnsetCookies
X-NewRelic-App-Data
X-URL
X-Azure-Ref
X-GeoIP
Access-Control-Request-Headers
X-PHP-Backend
X-Akamai-Transformed
X-Yottaa-Optimizations
X-PressLabs-Stats
X-Yottaa-Metrics
X-Correlation-ID
X-Tt-Trace-Host
Accept-Language
X-Origin-Response-Time
Cache-Status
X-Air-Hostname
X-Tt-Trace-Tag
X-NGENIX-Cache
Filterid
X-SERVER-NAME
Version
X-Wix-Request-Id
Liferay-Portal
X-Cache-NGX
X-Handled-By
X-Mode
X-Backend-Name
X-NWS-UUID-VERIFY
X-CSRF-Token
X-Cluster
X-Framework
Server-Info
X-VCache
X-RateLimit-Limit
X-Ua
X-Tumblr-Pixel-1
Meta-Geo
X-IPS-LoggedIn
X-Tumblr-Pixel-2
Load-Balancing
X-Zipkin-Id
X-Cache-Var-Map
X-ApacheServer
X-AWS-Id
X-Cache-Var
X-Adobe-Source
Cross-Origin-Window-Policy
X-CCM
X-Routing-Service
X-ES-SERVER
X-Locale
X-LJ-Flow-ID
X-Via-Fastly
X-Path-Route
X-PERF
X-UA-Device-Type
X-UPSTREAM-Address
X-Proxied
X-VWS-Id
Cache
X-RN-RSRV
NGB
X-Cache-Status-Check
X-Qloud-Router
X-Detected-As
X-Cache-Remote
DSUID
X-TX-ID
ServedBy
X-Www-Served-By
X-Real-IP
Cache-Hits
X-MP-GENERATED-AT
X-Viewer-Country
Mn-Server-Ip
X-FireWall-Port
Cleartype
X-Cache-Config
Cache-Tv-Group
X-Site-Version
X-Format
Cache-Name
X-Storage
X-Section
X-OCL
Section-Io-Origin-Status
X-PCL
Section-Io-Id
X-R9-Blue-Green-Version
X-Access
Now
X-Pubstack
Section-Io-Origin-Time-Seconds
Akamai-GRN
Section-Origin-Responded
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
Webcakes-App-Name
X-PHP-Host
TWC-Connection-Speed
X-ShopId
S-Rt
TWC-Device-Class
Webserver
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-NCache
X-Info
X-CS
X-IP
X-ProxyCache-Status
X-Web-Node
X-ProxyCache-Key
X-Shopify-Stage
X-Human
X-EIG-Tracking-Id
X-Say-TTL
X-Hosted-By
X-Device-Type
X-Say-Cacheable
X-Redis-Cache
X-Cache-Host
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Origin-Hint
Property-Id
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-Bc-Bl
X-ServerID
X-FW-Version
X-ShardId
Decoy-Debug-Status
Decoy-Debug-TTL
Decoy-Debug-Key
Fastly-SSL
X-Hl-Ver
X-JoinUs
X-Cache-Enabled
X-From
X-Content-Age
X-FC-Vary-Parameters
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-Time-Microsecs
X-Timing-Wait
X-SaId
X-Proxy-Build
X-BCube-Filmed-By
X-Origin
X-Loop
X-TNCMS
Selected-Fe
DB-Nickname
X-No-Session
X-RTag
X-Amzn-Remapped-Content-Length
X-Hyper-Cache
Origin-Cache-Control
Ms-Operation-Id
X-Geo
X-Unique-Id
X-Generated
Ec-Rule-Version
Azure-Version
Azure-SlotName
X-APP-VERSION
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Apigw-Requestid
X-Cache-2
X-Vcache
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-XRDS-LOCATION
X-Presslabs-Stats
Locale
X-Xfnlog-Site
X-Urbn-Site-Id
X-Urbn-Context-Path
Time
X-EC-Lua
SD-X-WS
Origin-Edge-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
Geo-Info
X-Pad
X-App-Version
X-RequestSource
X-Debug-Cache
X-Source
X-Cluster-Node
X-Varnish-Hostname
X-Soup
Upgrade-Insecure-Requests
X-Old-Content-Length
X-CDN-Forward
User-Agent
X-Akamai-Request-ID
X-TA-CDN-Provider
X-Cache-NE
X-Backend-TTL
X-Proto
X-Parent-Response-Time
X-Tb
X-RCS-CacheZone
X-SRV
X-Storefront-Renderer-Rendered
X-Cache-PHP
X-Cache-Backend
Proxy-Connection
X-DC
LB
X-App
Cache-Key
X-Cache-Grace
X-Proxy-Cache-Status
X-NC
X-Origin-TTL
FilterID
X-Forwarded-Host
X-Origin-CC
Content-Script-Type
X-Method
X-Geo-Header
BehaviorPad-Version
Content-Style-Type
X-B-Cookie
X-Application
AsisCache
X-Accel-Expires-Debug
X-Connection-Hash
Fastcgi-X-Cache-Version
ServerName
VivaBuild
X-Destination
X-DevSite-Last-Modified
X-Date
True-Client-Country-4JS
UCS
X-Developer
X-Nginx-Cache-Key
X-D
X-Dispatch
X-CF-Lambda-Version
X-Aed
Viewtype
X-G
X-CF-Lambda-Fn
Arc-Country
X-External-Request-Id
T-Server
X-Rojux
Mobile-Detection-Method
Meta-Geo-Continent
Xc-Version
X-Trace-Id
X-Swa-Ws
X-SRCache-Key
X-A-Wwc
X-SIPLIST1
X-A
IsBot
X-Transaction
X-Trv-Group
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Machine
X-VG-WebCache
X-Vdms-Version
X-Twitter-Response-Tags
MD5-Digest
M-TraceId
X-Vdms-Path
X-A-Dam
X-A-Ccd
GEO-REGION-INFO
X-FORWARDED-FOR
X-Region-Sid
Who
X-Processor
FNAC-ModuleRouting
X-Uri
X-NodeID
X-A-Dgt
X-PAYTM-SRV-ID
X-A-Dcw
Rendered-Blocks
X-S-Cookie
X-Scheme
X-ScT
X-SD-PageType
X-Response-By
X-S
X-ARC
X-Rewrite-Enabled
X-Magnolia-Registration
Referer-Policy
X-Tumblr-Pixel-3
We-Hiring
Vix-Hermes-Req-Id
RNT-Machine
On-Server
Pagetype
Release
NM-Fastcgi-Cache
NGX
Mail-Subject
N-Cache
RNT-Time
Server-Ext
Thinkindot-CacheControl-Type
Thinkindot-Control
V-Age
Thinkindot-CacheControl
Sever-Int
Server-Host
Server-Hostname
Viewport
X-Logging-Id
X-Req
X-Reqid
X-SVT-ORM-VERSION
X-Servername
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Owner
Magicmarker
X-Policy
X-ServiceProvider
X-Session-Fingerprint
X-User
X-Varnish-Cacheable
X-VC-Cache
X-Worker
X-Thinkindot-L3
X-Thanos
X-SVT-ORM-RULES
X-Skip-Cache
X-SN
X-Node-Id
X-Matched-Rule
X-Bip
X-Cache-FS-Status
X-Cms-Context
X-Compress-Hint
X-Backend-State
X-Agile-Age
Wxu-Next-Hostname
Wxu-Next-Region
X-Agile
X-Developers
X-Device-Os
X-LAGOON
X-Level-Front-Cache
X-Loc
X-Hash
X-Generation-Time
X-Dispatcher-Server
X-Generated-In
X-Generated-On
Wxu-Next-Commit
X-Agile-Id
X-AIR-PT
CDCHOST
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Parsed-Url
CacheControlHeader
Kp-EeAlive
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
Apple-News-Services-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Ah-Environment
OT-Force-Account-Verify
Node
X-Hit
User-Cache-Control
Web-Mar-Node
W
X-Cluster-Name
Adler-Geo
X-Core-Mission
X-NU-AKA-ACS-Version
X-Eu-Site
X-Clara-WADP
X-Cache-Tags
X-TH-Server
X-Cache-URL
X-Cache-Info
X-Block-Status
X-Cache-Id
X-Micro-Cache
X-Location
X-Server-W
X-Fmm-Version
X-Variation
X-Clientip
X-Var-Ttl
X-JWT-State
X-Auto-Login
X-CGP
X-Epic-Correlation-Id
X-VG-TLSProxy
Ha-Gx-Prefs
HA-Ipaddr
X-Distil-CS
Platform
X-Edge-Location
Gh-Request-Id
X-Origin-Expires
X-Distributor
Is-Eu
X-Is-Gdpr
X-Hnp-Log
X-Envoy-Decorator-Operation
L5d-Success-Class
X-Origin-Date
X-Gen-Mode
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-VServer
X-Request-UUID
X-Has-Esi
X-Gzip
X-Cache-Bucket
X-Core-Value
X-WADP-Cache
X-Esi-Check
Rt-Fastcgi-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
Fastly-SWR
Fastly-Drupal-HTML
Fastly-SIE
C-Via
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Srv
X-Nc
X-Varnish-Beresp-Status
Sid
X-Fastly-Cache
X-Contensis-Viewer-Groups
X-Request-Host
X-We-Are-Hiring
X-Webstats-RespID
X-Li-Pop
X-Li-Fabric
Pragrma
X-Key
X-Reboot
X-LI-UUID
X-LI-Proto
X-Backend-Host
X-Mvc-Supplant-Cachable
X-BBXSRF
X-Cache-ASPX
X-Irp-Debug
X-TrackingId
X-Slack-Backend
X-Varnish-Authentication
X-GoCache-CacheStatus
X-Be
X-Newrelic-Synthetics
X-BC
X-ZONE
X-Wa
MIME-Version
Memcached
GEO-INFO
Cf-Ipcountry
S-Cnection
X-Dc
X-Cache-Debug
X-Branch-Name
X-Configured-By
HostName
Fastly-Backend-Name
X-Varnish-URL
X-Refresh
X-Via-CDN
X-Up
X-Minions-Version
X-Instart-Info
X-Servedbyhost
X-Cdn-Forward
X-Microcachable
X-Nginx-Cache
X-Batcache
X-ElasticPress-Query
X-Via-PopV
X-Via-PopH
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-Ua-Device
X-Client-Ip
X-Ms-Version
X-TT-TIMESTAMP
X-Aicache-OS
X-Ms-Request-Id
CACHE
X-B3-Traceid
X-UA
X-Sucuri-ID
X-MSEdge-Flight
X-MSEdge-Features
Memory
X-Mvc-Supplant-OutputCached
X-Pjax-Url
Esi-Enabled
WPE-Backend
X-VCL-Version
NR-ENABLED
DCR-Decision-By
X-ND-Cache
DCR-Processing-Time-Ms
X-TIME
NtCoent-Length
X-Vgn-Hpd-Reason
X-Fastly-Cache-Status
Server-ID
X-App-Name
L
GeoIP-Country-Code
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-PF-Uncompressing
Pramga
Hostname
X-Varnishpool
X-Server-IP
Powered-By-ChinaCache
Cache-Host
X-BACKEND-TTL
X-COUNTRY
X-BE
GeoIP-Latitude
HitType
X-Ratelimit-Reset
Location
FSS-Cache
X-Unique-ID
X-Zone
X-Bc
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Svr
X-Oss-Hash-Crc64ecma
X-Sucuri-Cache
X-Cdn-Srv
X-Oss-Storage-Class
X-LB-ID
X-CF-Powered-By
Ohc-File-Size
X-FPC
X-Azure-Ref-OriginShield
Server-Cache-Control
Server-Surrogate-Control
X-GEO
X-Generated-By
X-Original-Request-Id
X-S-Maxage
Ohc-Response-Time
Resin-Trace
X-Check-Cacheable
Tracecode
X-OVcl-Cache
PFcat
X-VarnishDD-TTL
X-OVcl
X-Vgn-Hpd-Cached
X-Rocket-Nginx-Bypass
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Ssi
X-Varnish-Ttl
X-Instart-Isnd
X-Vgn-Hpd-Variations-Key
Cteonnt-Length
X-VCT
X-Platform
X-Fpc
X-Render-Time
Cdn-Host
Locid
Cdn-Request-Time
Request-EU
X-Edge-Server
X-Fastly-Country-Code
Heartbleed
Request-Country
X-VHOST
X-Varnish-Hits
X-HS-Status
X-CUA
X-PJAX-URL
X-Newrelic-App-Data
X-Cache-Expired-At
X-Request-URI
CF-Cached-On
X-CSRF-TOKEN
Geoip-Latitude
GeoIp-Country-Code
Pics-Label
Lfy
Epwk-X-Cache
SRV
Amp-Access-Control-Allow-Source-Origin
X-Pf-Uncompressing
X-Ratelimit-Remaining
SN
X-Gamma-Serve
X-Vcl-Version
Backend-Name
Backend
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-CACHE-AGE
X-RunCloud-Cache
X-Shopify-Generated-Cart-Token
X-NGINX-Cache
WWW-Authenticate
X-Csrf-Jwt
X-Via-Poph
X-Via-Popv
X-WebServer
X-CACHE-KEY
X-ECache
URI
XServer
X-ServedByHost
WZWS-RAY
X-StackifyID
X-Ratelimit-Limit
X-Amzn-Remapped-Connection
X-Proxy-Upstream
Product
X-Amzn-Remapped-Date
X-Varnish-Url
X-Ftr-Cache-Host
X-Rocket-Build-Number
X-Sigma
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
X-Nananana
My-App
X-Sn-Servicetimems
X-Tec-Api-Version
X-Sigma-Backend
X-Request-Time
X-Fetched-On
X-Tec-Api-Root
X-Cdn-Origin
X-Tec-Api-Origin
Mime-Version
X-GeoIP-Country-Code
Host-ID
A
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Lb
PICS-Label
X-Debug-Cache-Bypass
X-B3-SpanId
X-Cache-Tag
Server-Ttl
X-Debug-Cache-Status
X-LiteSpeed-Cache-Control
Cloudfront-Viewer-Country
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
X-Tb-Optimization-Total-Bytes-Saved
Ohc-Cache-HIT
X-B3-Spanid
SID
X-Debug-Ysi-Auth
Dnion-Transfer-Encoding
X-DPWN-IS-SECURE
Dt-Cache-Category
X-Debug-Cache-String
CF-IPCountry
X-Cache-Version
X-WA
X-Request-Start
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-Apw-Access-Object
Cneonction
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-IN-APIGATEWAYSSL
X-Apw-Access-Token
Country-Code
X-Apw-Hits
Proxy-Firewall
X-IN-APIGATEWAY
X-Acquia-Application-Trace
X-Snapshot-Date
Warning
FSS-Proxy
Cdn
X-Request-URL
X-WR-MODIFICATION
X-ElasticPress-Search
Group
X-Served-From
X-Html-Edge-Cache
Cf-Alt-Svc
X-Swift-Error
X-VC
X-SB
X-Dw-Trace-Id
Inserted-Into-Cache-At