Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
Status
X-Buckets
X-Content-Security-Policy
Content-Encoding
X-CDN
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-Server
X-Turbo-Charged-By
X-Backend
X-AH-Environment
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
Xkey
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Page-Speed
X-Hacker
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
X-Dns-Prefetch-Control
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Vhost
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
NEL
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Pass-Why
X-Rack-Cache
X-Px
RTSS
Accept-CH
X-FTR-Request-ID
MS-Author-Via
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Use-Magma
X-Cdn-Fetch
X-Varnish-TTL
X-DynaTrace
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Display
Response
X-Middleton-Response
X-Sol
Pagespeed
X-Middleton-Display
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Amz-Rid
X-Ttl
Pinterest-Generated-By
TCN
X-CST
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-Content-Type
X-Cached
X-VARITI-CCR
Accept-Ch
X-Navigation-Version
Cache-Tag
AR-Request-ID
X-Fastly-Request-ID
AR-ATIME
AR-PoweredBy
X-ESI
Ar-Sid
AR-CACHE
X-Version
X-Instart-Request-ID
X-Server-Name
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upstream
X-Powered-CMS
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
X-Accel-Expires
X-Debug
Nginx-Cache
Charset
SPRequestDuration
SPIisLatency
S
X-Server-ID
X-FastCGI-Cache
X-XRDS-Location
Content-MD5
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Realpath
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
X-Client-IP
X-Element-Page-Cache
X-Cdn
Pinterest-Version
X-Pinterest-Rid
Host-Header
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Trace
X-Recruiting
X-Id
X-Amz-Meta-S3cmd-Attrs
X-T
X-Node-Name
X-Kinsta-Cache
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-TTL
X-ASPNET-VERSION
X-Cache-Key
X-NWS-LOG-UUID
X-Mobile-URL
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
Server-Node
X-Frontend
X-Cache-Age
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
Edge-Cache-Tag
ServerID
Front-End-Https
X-Hostname
X-Amzn-Trace-Id
X-FTR-Expires
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
Server-Name
X-Forwarded-For
Fastly-Restarts
PB-RID
Arc-Version
PB-PID
Powered
DynaTrace
X-Yandex-Sdch-Disable
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
Filters
X-Page-Id
X-F-Cache
X-Ruxit-Js-Agent
X-Akamai-Edgescape
X-Jobs
X-LB-Cache
X-Mobile-Rewrite
X-Hits
Accept-Charset
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-ATS-Timestamp
Backend-Timing
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
X-Origin-Server
X-Varnish-Age
AMP-Access-Control-Allow-Source-Origin
Nel
X-Correlation-Id
Alternate-Protocol
X-B
X-N
X-FTR-Cache-Host
X-Via-JSL
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Varnish-Backend
X-Rid
Cache-Tags
X-Erf-Bev-Bev
X-Az
X-AppVersion
X-Erf-Bev-Bev-Is-Generated
X-Activity-Id
DC
X-Esi
X-WebKit-CSP-Report-Only
X-Type
X-FB-Debug
X-Amz-Replication-Status
X-ATG-Version
X-Whom
X-Debug-Info
Section-Io-Cache
Paypal-Debug-Id
X-B-Cache
Surrogate-Key
X-Signature
X-Git-Hash
X-TT
Retry-After
X-Ser
X-Varnish-Grace
Frame-Options
X-App-Environment
X-Edge
Actual-Object-TTL
X-App-Server
X-Status
X-Content-Options
Host
X-RateLimit-Remaining
Fastcgi-Useragent
X-Request-Guid
X-Fastcgi-Cache
X-Contextid
Healthy
X-AOL-HN
X-IPLB-Instance
X-Cache-Action
X-Amzn-RequestId
X-Seen-By
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
Srv
X-Pinterest-Direct
X-B3-Sampled
X-Host-Name
Refresh
X-Upgrade-Enabled
X-ECACHE
From-Origin
Source
X-Tumblr-Pixel
X-Tumblr-User
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Amz-Apigw-Id
X-Drupal-Cache-Tags
X-Instance
X-Cache-Rule
X-ProcessESI
X-Response-Served-From
X-Accel-Buffering
X-RemovedCookies
X-Cache-Operation
X-PressLabs-Stats
Odigeo-Trace-Id
X-Time
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Region
X-Mid
X-MCACHE
Eomportal-Instance
MS-CV
X-UUID
X-Protected-By
X-Cacheable-TTL
Payment
X-Rule
X-WA-Info
X-Is-Bot
X-Environment-Context
X-Varnish-Server
X-L-Path
X-Rendered-As
X-FW-Serve
Datacenter
X-FW-Dynamic
X-FW-Hash
Countrycode
X-FW-Static
X-Adobe-Content
Cache-Status
X-Adobe-Loc
X-FW-Server
X-Cache-Time
X-FW-Type
X-Litespeed-Cache
Content-Disposition
X-VCache
X-Cache-Control
Xserver
X-GeoIP
X-Cache-Server
X-Cached-By
X-Akamai-Transformed
X-Akamai-Request-ID2
X-UnsetCookies
X-Proxy
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Wix-Request-Id
X-SERVER-NAME
X-Correlation-ID
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Origin-Response-Time
X-Mobile
NGB
Version
X-Cluster
X-PHP-Backend
Access-Control-Request-Headers
X-Mode
X-Handled-By
X-Azure-Ref
X-XRDS-LOCATION
X-Release
Filterid
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-URL
X-Tumblr-Pixel-2
X-NGENIX-Cache
X-Cache-Remote
X-NewRelic-App-Data
X-Backend-Name
X-Cache-NGX
Accept-Language
X-NWS-UUID-VERIFY
X-RequestSource
X-APP-VERSION
Liferay-Portal
X-FireWall-Port
X-Air-Hostname
X-Via-Fastly
X-Cache-Var-Map
X-UA-Device-Type
X-ES-SERVER
Cross-Origin-Window-Policy
X-Adobe-Source
Load-Balancing
Meta-Geo
X-RN-RSRV
X-Cache-Var
X-UPSTREAM-Address
X-Path-Route
X-No-Session
X-CCM
X-Cache-Status-Check
X-R9-Blue-Green-Version
X-ApacheServer
X-Www-Served-By
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-PERF
X-Viewer-Country
X-Storage
X-Framework
ServedBy
X-Locale
X-MP-GENERATED-AT
X-PCL
X-OCL
Cache-Hits
DSUID
X-CSRF-Token
X-Ua
Decoy-Debug-TTL
Ms-Operation-Id
Now
Decoy-Debug-Status
Decoy-Debug-Key
Akamai-GRN
Cache-Name
Cleartype
Section-Io-Id
Section-Io-Origin-Status
X-Site-Version
Mn-Server-Ip
X-TX-ID
X-Real-IP
X-Pubstack
Section-Origin-Responded
X-Bc-Bl
X-Cache-Config
Section-Io-Origin-Time-Seconds
X-RTag
X-NCache
X-Info
X-ProxyCache-Key
X-ProxyCache-Status
X-Say-Cacheable
X-Redis-Cache
X-Human
X-Hl-Ver
X-Alternate-Cache-Key
Webserver
X-BYPASS-REASON
X-Device-Type
X-FW-Version
X-EIG-Tracking-Id
X-Say-TTL
X-SayCDN-TTL
X-Format
X-Access
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Section
X-Web-Node
X-Varnish-Cache-Hits
X-ShardId
X-ServerID
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
Fastly-SSL
X-Sorting-Hat-PodId
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
X-Cache-Enabled
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-BCube-Filmed-By
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Proxy-Build
X-Timing-Wait
X-Time-Microsecs
X-SaId
X-Origin
X-NYM-Debug-Backend
X-From
X-JoinUs
TWC-Connection-Speed
Property-Id
Selected-Fe
X-Detected-As
X-Origin-Hint
X-CS
X-Qloud-Router
Cache
S-Rt
X-IP
DB-Nickname
X-Generated
X-PHP-Host
Cache-Tv-Group
X-TNCMS
X-Labrador-Cache-Channel
X-Content-Age
X-Amzn-Remapped-Content-Length
X-Loop
X-Hosted-By
X-Geo
X-Hyper-Cache
X-Cache-Host
Azure-Version
Azure-InstanceId
Azure-SlotName
X-Xfnlog-Site
Azure-RegionName
Azure-SiteName
Origin-Cache-Control
Origin-Edge-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
WPE-Backend
NR-ENABLED
X-Unique-Id
Country
Ec-Rule-Version
SD-X-WS
X-RateLimit-Limit
X-Drupal-Cache-Contexts
X-Cache-2
X-Pad
User-Agent
X-Source
X-Old-Content-Length
X-Varnish-Hostname
X-Cluster-Node
Time
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Cache-TTL-Remaining
Server-Info
X-Cache-NE
Locale
Geo-Info
Upgrade-Insecure-Requests
X-Parent-Response-Time
FilterID
X-EC-Lua
X-Akamai-Request-ID
Apigw-Requestid
X-Cache-Backend
X-Presslabs-Stats
X-Webkit-CSP
X-Srv
X-RCS-CacheZone
X-Debug-Cache
Proxy-Connection
X-Soup
X-Cache-Grace
X-Proxy-Cache-Status
X-Forwarded-Host
X-Backend-TTL
X-CDN-Forward
X-App-Version
X-TA-CDN-Provider
X-Newrelic-Synthetics
S-Cnection
X-Tb
X-Proto
X-Tumblr-Pixel-3
X-FORWARDED-FOR
NGX
X-Cache-PHP
X-Nc
T-Server
X-Developer
Server-Host
ServerName
Thinkindot-CacheControl
M-TraceId
AsisCache
BehaviorPad-Version
Thinkindot-CacheControl-Type
Rendered-Blocks
Content-Style-Type
X-DevSite-Last-Modified
Meta-Geo-Continent
Machine
GEO-REGION-INFO
Arc-Country
Mobile-Detection-Method
Content-Script-Type
MD5-Digest
Fastcgi-X-Cache-Version
Pagetype
VivaBuild
X-A-Dgt
X-A-Dcw
X-A-Dam
X-CF-Lambda-Fn
X-A-Wwc
X-B-Cookie
X-Application
X-ARC
X-Aed
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-Connection-Hash
X-Destination
Viewtype
UCS
True-Client-Country-4JS
Who
X-Uri
X-D
X-A-Ccd
X-Date
X-A
Thinkindot-Control
X-Vdms-Path
X-Region-Sid
X-Thinkindot-L3
X-Reqid
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-Dispatch
X-Processor
X-VG-WebServer
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-Trv-Group
X-Transaction
X-Rojux
X-Cluster-Name
X-Session-Fingerprint
OT-Force-Account-Verify
X-SRCache-Key
X-Swa-Ws
Xc-Version
X-ServiceProvider
X-Vcache
X-S-Cookie
X-S
X-Scheme
X-ScT
Cf-Ipcountry
X-Twitter-Response-Tags
X-Trace-Id
X-Level-Front-Cache
X-Matched-Rule
X-External-Request-Id
X-G
X-Generated-On
X-Vdms-Version
X-Geo-Header
X-VG-WebCache
X-NodeID
X-DC
X-Microcachable
X-Ah-Environment
X-Worker
X-SD-PageType
X-Generated-In
Release
X-SIPLIST1
X-Nginx-Cache-Key
On-Server
FNAC-ModuleRouting
X-SN
Mail-Subject
X-Device-Os
IsBot
X-Skip-Cache
X-Dispatcher-Server
X-Generation-Time
NM-Fastcgi-Cache
N-Cache
X-Method
X-LAGOON
X-Branch-Name
X-VC-Cache
Kp-EeAlive
X-Cache-FS-Status
X-Node-Id
X-Agile
X-Bip
X-Owner
X-Agile-Id
X-Agile-Age
X-RateLimit-Limit-Second
X-Logging-Id
Vix-Hermes-Req-Id
Viewport
X-User
X-Thanos
We-Hiring
X-Response-By
X-RateLimit-Remaining-Second
X-Cms-Context
X-Location
X-Core-Value
X-Hash
V-Age
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Key
CacheControlHeader
Cache-Cookie-Set-From
AKAMAI
CDCHOST
Sid
X-Envoy-Decorator-Operation
User-Cache-Control
X-Hit
X-AIR-PT
X-Wikidot-Static-Cache
Apple-News-Services-Handled
X-Cache-Tags
X-Cache-Info
X-Wikidot-Backend
X-CGP
Ha-Gx-Prefs
X-WADP-Cache
X-Clientip
X-Clara-WADP
Apple-News-Services-Parsed-Url
X-Cache-Bucket
Magicmarker
X-App
RNT-Machine
RNT-Time
X-Auto-Login
Apple-News-Services-Request-Url
X-Origin-Date
X-Block-Status
X-Backend-State
X-VG-TLSProxy
X-Distil-CS
X-Is-Gdpr
X-Instart-Info
X-Request-UUID
X-Hnp-Log
X-JWT-State
X-Magnolia-Registration
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Micro-Cache
X-Rebelmouse-Surrogate-Control
X-Has-Esi
X-Servername
X-Variation
X-Eu-Site
X-Epic-Correlation-Id
X-Distributor
X-Var-Ttl
X-Fmm-Version
Gh-Request-Id
X-TH-Server
X-Gen-Mode
HA-Ipaddr
Apple-News-Services-Host
X-Developers
X-NC
X-Dc
L5d-Success-Class
C-Via
Adler-Geo
Is-Eu
Server-Ext
Rt-Fastcgi-Cache
Fastly-SIE
Fastly-SWR
Fastly-Drupal-HTML
Platform
X-Req
X-Varnish-Cacheable
X-Compress-Hint
X-Policy
Wxu-Next-Region
Wxu-Next-Hostname
Sever-Int
Server-Hostname
Web-Mar-Node
Wxu-Next-Commit
W
X-Varnish-Beresp-Ttl
X-Be
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Fastly-Cache
X-Server-W
X-Varnish-Authentication
X-Core-Mission
X-Platform-Server
X-Slack-Backend
X-Request-Host
X-Reboot
X-Cache-URL
X-Irp-Debug
X-TrackingId
X-Storefront-Renderer-Rendered
X-Cache-ASPX
X-SRV
X-Mvc-Supplant-Cachable
X-Loc
X-Webstats-RespID
X-Cache-Debug
X-Contensis-Viewer-Groups
X-Via-PopV
X-VServer
X-We-Are-Hiring
X-Via-PopH
X-Backend-Host
X-BBXSRF
X-Origin-TTL
X-Origin-CC
X-Cache-Id
X-Ms-Request-Id
Memcached
X-Esi-Check
X-GoCache-CacheStatus
X-Li-Fabric
X-TT-TIMESTAMP
X-LI-UUID
X-Ms-Version
X-LI-Proto
X-Gzip
X-Li-Pop
X-Envoy-Upstream-Healthchecked-Cluster
LB
X-Cdn-Forward
X-SVT-ORM-VERSION
Node
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
X-Configured-By
Tracecode
X-Wa
X-Vgn-Hpd-Reason
HostName
X-UA
X-Refresh
X-Key
X-Edge-Location
Esi-Enabled
NtCoent-Length
GEO-INFO
X-ZONE
MIME-Version
X-BC
X-Varnish-URL
Pragrma
Ohc-File-Size
L
Referer-Policy
Server-ID
X-Ua-Device
X-Mvc-Supplant-OutputCached
X-Server-IP
X-App-Name
X-Servedbyhost
Cache-Host
CACHE
X-Nginx-Cache
X-BACKEND-TTL
X-B3-Traceid
Fastly-Backend-Name
X-MSEdge-Flight
X-MSEdge-Features
X-Bc
X-Zone
X-Via-CDN
X-Up
Memory
Server-Surrogate-Control
X-Varnish-Ttl
X-Cdn-Srv
Server-Cache-Control
X-S-Maxage
X-TIME
X-VCT
X-Sucuri-ID
X-Batcache
Ohc-Response-Time
X-Debug-Panamera-Sitecode
X-Minions-Version
X-Debug-Panamera-Host
X-Generated-By
X-Svr
X-Pjax-Url
X-VCL-Version
X-FPC
X-ND-Cache
X-ElasticPress-Query
X-COUNTRY
X-Unique-ID
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Rocket-Nginx-Bypass
FSS-Cache
X-Aicache-OS
X-CF-Powered-By
X-Oss-Hash-Crc64ecma
Resin-Trace
Heartbleed
X-GEO
Locid
GeoIP-Country-Code
Request-EU
Request-Country
X-Varnish-Hits
X-BE
GeoIP-Latitude
DCR-Decision-By
X-Request-URI
Hostname
DCR-Processing-Time-Ms
Cteonnt-Length
Powered-By-ChinaCache
X-Azure-Ref-OriginShield
Lfy
Location
X-PF-Uncompressing
Pramga
X-Fastly-Cache-Status
X-Shopify-Generated-Cart-Token
X-Check-Cacheable
HitType
X-Gamma-Serve
X-Sucuri-Cache
Cdn-Host
Amp-Access-Control-Allow-Source-Origin
X-LB-ID
X-Fastly-Country-Code
X-Edge-Server
Cdn-Request-Time
WZWS-RAY
X-Ratelimit-Remaining
X-VHOST
CF-Cached-On
X-VarnishDD-TTL
PFcat
X-PJAX-URL
X-Fpc
X-HS-Status
X-Newrelic-App-Data
Geoip-Latitude
X-WebServer
GeoIp-Country-Code
X-Ratelimit-Reset
X-CSRF-TOKEN
X-Varnishpool
X-Vcl-Version
X-Fastly-Backend-Reqs
X-Proxy-Upstream
X-Vgn-Hpd-Ssi
Product
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-OVcl
X-OVcl-Cache
SRV
X-ECache
X-Sn-Servicetimems
X-Platform
My-App
X-Instart-Isnd
X-Cdn-Origin
Mime-Version
X-Fetched-On
X-Pf-Uncompressing
Ohc-Cache-HIT
X-CLOUD-TRACE-CONTEXT
X-Ftr-Cache-Host
X-Oracle-Dms-Rid
WWW-Authenticate
X-CACHE-AGE
X-Render-Time
SN
X-Cache-Expired-At
X-GeoIP-Country-Code
X-Ratelimit-Limit
X-NGINX-Cache
X-CACHE-KEY
X-ServedByHost
Dt-Cache-Category
X-Varnish-Url
URI
XServer
X-CUA
X-Amzn-Remapped-Connection
X-Original-Request-Id
X-Amzn-Remapped-Date
X-Swift-Error
Pics-Label
X-Oss-Cdn-Auth
Group
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Tec-Api-Version
X-Request-Start
X-B3-Spanid
Cf-Alt-Svc
Epwk-X-Cache
X-B3-SpanId
X-Tec-Api-Root
X-Served-From
A
X-Client-Ip
X-Debug-Cache-Fetch
X-StackifyID
Cdn
X-Debug-Cache-Store
X-Cache-Tag
Lb
X-Amzn-Requestid
X-WR-MODIFICATION
X-RunCloud-Cache
Backend
X-Apw-Access-Action
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Time
X-Via-Ucdn
PICS-Label
X-WA
SID
X-Apw-Access-Object
X-Debug-Cache-Bypass
X-Debug-Do-Not-Cache-Uri
Backend-Name
X-Debug-Xas-Auth
Cloudfront-Viewer-Country
X-Debug-Cache-String
X-Debug-Ysi-Auth
X-Apw-Access-Token
X-Apw-Hits
Server-Ttl
X-Debug-Cache-Status
X-LiteSpeed-Cache-Control
X-Cache-Version
Proxy-Firewall
X-Cache-Hfrom
NnCoection
X-Cache-Hm
Cneonction
Country-Code
Origin
X-IN-APIGATEWAYSSL
X-Via-NSCOPI
X-Varnish-Beresp-TTL
X-Via-Popv
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Via-Poph
X-Acquia-Application-Trace
X-IN-APIGATEWAY
X-Csrf-Jwt
X-Nananana
X-WPE-Loopback-Upstream-Addr
X-Snapshot-Date
Warning
Inserted-Into-Cache-At
Req-ID
X-Varnish-ID
Geoip-City
X-B3-Parentspanid
X-DPWN-IS-SECURE
X-Ocache
X-ElasticPress-Search
X-SB
X-Dw-Trace-Id
X-Html-Edge-Cache
X-Request-URL
X-VC