Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Upgrade
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Age
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
P3p
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Cache-Lookup
X-Ac
X-Readtime
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Content-Location
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Accept-CH
X-Url
Edge-Control
X-Rack-Cache
RTSS
X-Clacks-Overhead
X-Px
MS-Author-Via
Accept-CH-Lifetime
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
X-FTR-Request-ID
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
Host-Header
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
Public-Key-Pins
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Response
Pagespeed
X-Middleton-Response
X-Middleton-Display
Display
X-Sol
X-Cache-TTL
X-DynaTrace
X-Ttl
X-Content-Type
X-D2id
X-Amz-Rid
X-NF-Request-ID
TCN
X-CST
X-Vcap-Request-Id
X-Cached
X-VARITI-CCR
X-Abt-Application-Version
X-Cdn
Pinterest-Generated-By
AR-PoweredBy
AR-Request-ID
AR-ATIME
Ar-Sid
AR-CACHE
X-ESI
X-Navigation-Version
X-Version
X-Fastly-Request-ID
X-Powered-CMS
X-Upstream
Cache-Tag
X-Server-Name
X-Pass-Why
Accept-Ch
X-Grace
X-Debug
X-Instart-Request-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Access-Control-Request-Method
Charset
X-MSEdge-Ref
Nginx-Cache
X-XRDS-Location
Content-MD5
X-Accel-Expires
X-Element-Page-Cache
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
Accept-Ch-Lifetime
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Realpath
SPIisLatency
SPRequestDuration
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
SPRequestGuid
X-SharePointHealthScore
X-Shield-Request-Id
S
Pinterest-Version
X-Pinterest-Rid
X-Jurisdiction
X-Hp-Webp
X-Oneagent-Js-Injection
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Trace
X-Kinsta-Cache
X-T
X-Client-IP
Fastcgi-Cache
X-Node-Name
X-Content-Digest
X-Logged-In
X-Cache-Key
X-NWS-LOG-UUID
X-Mobile-URL
TP-Cache
TP-L2-Cache
X-TTL
X-Cache-Hit
X-FastCGI-Cache
X-Hostname
Server-Node
X-Frontend
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
ServerID
Front-End-Https
Fastly-Restarts
X-Amzn-Trace-Id
X-Country-Code-Real
X-FTR-Cache-Status
X-Forwarded-For
Edge-Cache-Tag
X-FTR-Expires
X-FTR-Realm
X-Goog-Generation
X-Goog-Metageneration
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Yandex-Sdch-Disable
Server-Name
Powered
PB-RID
PB-PID
Arc-Version
X-Microsite
X-Request-Handler-Origin-Region
X-Revision
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Server-ID
X-Hits
X-User-Agent
X-DIS-Request-ID
X-F-Cache
X-Jobs
Filters
X-LB-Cache
X-Akamai-Edgescape
DynaTrace
X-Zen-Fury
X-Ruxit-Js-Agent
X-Correlation-Id
X-Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev
X-Mobile-Rewrite
X-Erf-Bev-Bev-Is-Generated
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Content-Powered-By
Alternate-Protocol
X-Geo-Country
X-Origin-Server
Accept-Charset
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-Daa-Tunnel
X-B
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Varnish-Backend
Cache-Tags
X-Rid
X-Amz-Replication-Status
X-Type
Retry-After
X-WebKit-CSP-Report-Only
X-Varnish-Grace
DC
Surrogate-Key
X-Whom
Section-Io-Cache
X-TT
Paypal-Debug-Id
Host
X-Signature
X-Request-Guid
X-Content-Options
X-App-Environment
X-Git-Hash
X-B-Cache
MicrosoftSharePointTeamServices
X-Via-JSL
X-FB-Debug
X-Activity-Id
Backend-Timing
X-Az
X-AppVersion
X-ATS-Timestamp
X-Edge
X-Status
X-Esi
X-Debug-Info
X-Ser
Frame-Options
Fastcgi-Useragent
Actual-Object-TTL
X-IPLB-Instance
X-ATG-Version
Healthy
X-Endurance-Cache-Level
X-App-Server
X-HTML-Minification-Powered-By
X-Webkit-CSP
X-AOL-HN
Srv
X-Contextid
Nel
X-Amzn-RequestId
X-Cache-Action
X-Seen-By
X-ECACHE
X-B3-Sampled
Refresh
X-Pinterest-Direct
From-Origin
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Accel-Buffering
X-Cache-Rule
X-Host-Name
X-Response-Served-From
X-Tumblr-User
X-Protected-By
X-Instance
X-Cache-Operation
X-RemovedCookies
X-Drupal-Cache-Tags
X-ProcessESI
X-Is-Bot
X-MCACHE
X-Rendered-As
X-Cacheable-TTL
X-Mid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Region
Odigeo-Trace-Id
X-Time
X-UUID
Datacenter
X-WA-Info
Content-Disposition
Payment
X-L-Path
X-Environment-Context
Eomportal-Instance
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Varnish-Server
X-FW-Static
X-Rule
X-FW-Type
X-FW-Server
Countrycode
X-Release
X-Adobe-Content
X-Adobe-Loc
X-Cache-Time
MS-CV
Source
X-Litespeed-Cache
Uber-Trace-Id
X-Proxy
Xserver
X-Cached-By
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Cache-Control
X-Cache-Server
X-PressLabs-Stats
X-UnsetCookies
X-Mobile
X-GeoIP
Cache-Status
X-Akamai-Transformed
X-Azure-Ref
X-PHP-Backend
X-NewRelic-App-Data
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Origin-Response-Time
Accept-Language
X-SERVER-NAME
X-Air-Hostname
X-Wix-Request-Id
Version
X-VCache
X-NGENIX-Cache
X-Handled-By
X-Mode
X-Cluster
Liferay-Portal
X-Cache-NGX
X-NWS-UUID-VERIFY
X-Backend-Name
Cache
X-IPS-LoggedIn
X-Framework
X-XRDS-LOCATION
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Correlation-ID
NGB
X-CSRF-Token
X-ApacheServer
X-UPSTREAM-Address
X-LJ-Flow-ID
X-Adobe-Source
X-Via-Fastly
X-UA-Device-Type
X-AWS-Id
Load-Balancing
Cross-Origin-Window-Policy
X-Cache-Var
Meta-Geo
X-FireWall-Port
X-ES-SERVER
X-CCM
X-Cache-Var-Map
X-Cache-Remote
X-RN-RSRV
X-Locale
X-Proxied
X-Zipkin-Id
X-PERF
X-URL
Filterid
X-VWS-Id
X-RateLimit-Limit
X-Routing-Service
X-Path-Route
X-Detected-As
X-MP-GENERATED-AT
X-Cache-Status-Check
Cache-Hits
X-Qloud-Router
DSUID
X-Real-IP
ServedBy
X-Viewer-Country
X-Site-Version
X-Www-Served-By
X-TX-ID
Server-Info
Mn-Server-Ip
X-OCL
Akamai-GRN
X-R9-Blue-Green-Version
X-PCL
Decoy-Debug-Key
Section-Io-Id
X-Access
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Ua
Now
Cleartype
Cache-Tv-Group
Decoy-Debug-Status
Decoy-Debug-TTL
X-Pubstack
Cache-Name
X-Redis-Cache
X-Storage
X-Info
X-NCache
X-Web-Node
X-IP
X-Section
X-Human
X-Format
Webcakes-App-Version
X-ShopId
X-Shopify-Stage
TWC-Privacy
Webcakes-App-Name
X-Cache-Enabled
TWC-Locale-Group
X-Cache-Config
X-FC-Vary-Parameters
X-BYPASS-REASON
X-Bc-Bl
X-Sorting-Hat-PodId
X-ProxyCache-Status
X-ProxyCache-Key
X-Sorting-Hat-ShopId
X-Labrador-Cache-Channel
Fastly-SSL
X-Varnish-Cache-Hits
Property-Id
TWC-GeoIP-LatLong
X-ShardId
X-SayCDN-TTL
Webcakes-Region
X-EIG-Tracking-Id
X-FW-Version
X-Say-TTL
TWC-Connection-Speed
X-Say-Cacheable
X-Origin-Hint
X-Device-Type
Webserver
X-PHP-Host
S-Rt
TWC-GeoIP-Country
X-Alternate-Cache-Key
X-Hosted-By
X-CS
X-ServerID
X-Geo
TWC-Device-Class
Selected-Fe
X-Loop
X-TNCMS
X-Cache-Host
X-From
X-Origin
X-NYM-Debug-Backend
X-SaId
X-No-Session
X-BCube-Filmed-By
X-Hl-Ver
X-Proxy-Build
X-JoinUs
X-Content-Age
X-Timing-Wait
X-Time-Microsecs
X-FB-TRIP-ID
X-Generated
X-RTag
X-Hyper-Cache
DB-Nickname
Ms-Operation-Id
Origin-Cache-Control
X-Amzn-Remapped-Content-Length
Azure-Version
Azure-SlotName
Azure-SiteName
X-APP-VERSION
Azure-InstanceId
Ec-Rule-Version
Azure-RegionName
X-Cache-TTL-Remaining
X-Cache-2
X-Drupal-Cache-Contexts
X-Xfnlog-Site
Origin-Edge-Control
X-Unique-Id
Time
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
Apigw-Requestid
Geo-Info
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RequestSource
SD-X-WS
Country
X-Presslabs-Stats
X-Pad
X-Vcache
X-Source
X-Old-Content-Length
User-Agent
X-Varnish-Hostname
X-Cluster-Node
X-App-Version
X-EC-Lua
X-Debug-Cache
X-Cache-NE
Upgrade-Insecure-Requests
X-Soup
FilterID
X-Akamai-Request-ID
X-RCS-CacheZone
X-Proto
X-Cache-Backend
X-Parent-Response-Time
X-CDN-Forward
X-Tb
Proxy-Connection
X-Backend-TTL
X-Cache-PHP
X-DC
X-Storefront-Renderer-Rendered
X-SRV
X-Cache-Grace
X-Proxy-Cache-Status
X-App
X-Forwarded-Host
Cache-Key
LB
X-A
X-Method
MD5-Digest
X-FORWARDED-FOR
T-Server
ServerName
X-Tumblr-Pixel-3
Fastcgi-X-Cache-Version
X-Application
Content-Style-Type
Content-Script-Type
X-Geo-Header
X-ARC
X-Date
X-Connection-Hash
X-D
X-Destination
BehaviorPad-Version
AsisCache
Arc-Country
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Developer
VivaBuild
X-B-Cookie
X-G
UCS
X-External-Request-Id
X-Dispatch
Viewtype
X-DevSite-Last-Modified
X-Uri
True-Client-Country-4JS
X-Response-By
X-Trv-Group
X-Twitter-Response-Tags
X-A-Dgt
X-A-Dcw
X-Transaction
X-Trace-Id
X-SIPLIST1
X-Nginx-Cache-Key
X-Swa-Ws
IsBot
N-Cache
X-Vdms-Path
M-TraceId
Machine
Meta-Geo-Continent
Xc-Version
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-Session-Fingerprint
X-SRCache-Key
X-A-Ccd
X-Newrelic-Synthetics
Who
X-Rewrite-Enabled
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dam
X-Aed
X-Region-Sid
X-Rojux
X-S
X-NodeID
FNAC-ModuleRouting
X-SD-PageType
Rendered-Blocks
X-Processor
GEO-REGION-INFO
X-S-Cookie
X-ScT
X-Scheme
X-PAYTM-SRV-ID
User-Cache-Control
X-Origin-CC
X-Nc
X-Srv
X-Magnolia-Registration
X-Origin-TTL
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Server-Host
RNT-Machine
RNT-Time
Server-Ext
Release
Pagetype
NGX
NM-Fastcgi-Cache
On-Server
Server-Hostname
Sever-Int
Viewport
Vix-Hermes-Req-Id
We-Hiring
V-Age
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Web-Mar-Node
X-Generation-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
X-Reqid
X-Policy
X-Owner
X-Logging-Id
X-Matched-Rule
X-Micro-Cache
X-Node-Id
X-ServiceProvider
X-Skip-Cache
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Worker
X-VC-Cache
X-Varnish-Cacheable
X-SN
X-Thanos
X-Thinkindot-L3
X-User
X-Loc
X-Level-Front-Cache
X-Cache-Info
X-Cache-URL
X-Clara-WADP
X-Cms-Context
X-Cache-FS-Status
X-Cache-Bucket
X-Agile-Age
X-Agile-Id
X-Backend-State
X-Block-Status
X-Compress-Hint
X-Developers
X-Generated-On
X-Hash
X-Hnp-Log
X-LAGOON
X-Generated-In
X-Gen-Mode
X-Device-Os
X-Dispatcher-Server
X-Fmm-Version
X-Agile
X-Bip
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
CacheControlHeader
CDCHOST
X-AIR-PT
Cache-Cookie-Set-From
X-NC
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
OT-Force-Account-Verify
Mail-Subject
Kp-EeAlive
Magicmarker
X-Cluster-Name
X-Hit
X-TH-Server
X-Location
X-Mvc-Supplant-Cachable
X-Fastly-Cache
X-Slack-Backend
X-Gzip
X-Origin-Date
X-Has-Esi
X-JWT-State
X-Auto-Login
X-BBXSRF
X-Is-Gdpr
X-Eu-Site
X-Irp-Debug
X-Var-Ttl
X-Cache-Id
X-Core-Value
X-Core-Mission
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Distributor
X-Distil-CS
X-Origin-Expires
X-Epic-Correlation-Id
X-Esi-Check
Referer-Policy
X-Server-W
X-Servername
X-CGP
X-Request-UUID
Node
X-Clientip
X-Envoy-Decorator-Operation
X-TrackingId
Rt-Fastcgi-Cache
X-Be
Ha-Gx-Prefs
X-SVT-ORM-RULES
C-Via
X-SVT-ORM-VERSION
Gh-Request-Id
Sid
Fastly-SWR
Fastly-Drupal-HTML
X-VServer
X-We-Are-Hiring
X-Webstats-RespID
Fastly-SIE
W
L5d-Success-Class
HA-Ipaddr
X-VG-TLSProxy
X-Li-Pop
X-LI-Proto
X-GoCache-CacheStatus
X-Li-Fabric
Memcached
X-LI-UUID
X-Edge-Location
X-Key
X-NU-AKA-ACS-Version
X-TA-CDN-Provider
Platform
X-Reboot
Is-Eu
X-Contensis-Viewer-Groups
Adler-Geo
X-Backend-Host
X-Variation
X-Varnish-Authentication
X-Cache-ASPX
Cf-Ipcountry
X-Cache-Tags
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
S-Cnection
X-Varnish-Beresp-Ttl
X-Branch-Name
X-Configured-By
X-Cache-Debug
Pragrma
X-Dc
X-Wa
HostName
MIME-Version
X-Cdn-Forward
WPE-Backend
NR-ENABLED
X-Varnish-URL
X-Microcachable
X-Refresh
X-Instart-Info
X-ZONE
X-Via-CDN
X-BC
Fastly-Backend-Name
X-Servedbyhost
X-Up
X-Via-PopH
GEO-INFO
X-Envoy-Upstream-Healthchecked-Cluster
X-Platform-Server
X-Via-PopV
X-UA
X-Minions-Version
X-TT-TIMESTAMP
X-Mvc-Supplant-OutputCached
X-Batcache
X-Nginx-Cache
X-Ms-Version
X-Ms-Request-Id
X-Ua-Device
X-MSEdge-Features
X-ElasticPress-Query
X-MSEdge-Flight
X-Vgn-Hpd-Reason
Memory
X-B3-Traceid
X-Aicache-OS
NtCoent-Length
Esi-Enabled
X-Bc
X-Zone
X-Sucuri-ID
X-Pjax-Url
X-ND-Cache
Server-ID
X-App-Name
L
X-BACKEND-TTL
X-VCL-Version
X-TIME
CACHE
X-Unique-ID
Cache-Host
DCR-Processing-Time-Ms
X-Debug-Panamera-Sitecode
X-Server-IP
DCR-Decision-By
X-Debug-Panamera-Host
Ohc-File-Size
X-Fastly-Cache-Status
X-CF-Powered-By
X-PF-Uncompressing
X-Cdn-Srv
X-Svr
Pramga
X-COUNTRY
Powered-By-ChinaCache
Tracecode
X-Client-Ip
GeoIP-Country-Code
FSS-Cache
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
HitType
Server-Cache-Control
Location
X-FPC
X-Oss-Hash-Crc64ecma
X-Generated-By
Server-Surrogate-Control
X-Webkit-Csp
GeoIP-Latitude
X-Oss-Server-Time
X-Ratelimit-Reset
X-BE
X-Varnishpool
Hostname
X-S-Maxage
Ohc-Response-Time
X-GEO
Resin-Trace
X-LB-ID
X-Azure-Ref-OriginShield
X-Sucuri-Cache
X-Rocket-Nginx-Bypass
X-VCT
X-Check-Cacheable
X-Original-Request-Id
X-VarnishDD-TTL
X-OVcl-Cache
PFcat
X-Varnish-Ttl
X-OVcl
Cteonnt-Length
X-Fastly-Country-Code
X-Instart-Isnd
Request-EU
Heartbleed
X-Fpc
Locid
Request-Country
X-Fastly-Backend-Reqs
X-Varnish-Hits
Cdn-Host
X-Vgn-Hpd-Variations-Key
X-Edge-Server
Cdn-Request-Time
X-HS-Status
X-Platform
X-Request-URI
X-Cache-Expired-At
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Render-Time
X-VHOST
X-Newrelic-App-Data
X-PJAX-URL
Lfy
GeoIp-Country-Code
Geoip-Latitude
CF-Cached-On
X-CSRF-TOKEN
X-CUA
X-Vcl-Version
X-Gamma-Serve
SRV
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Remaining
X-Pf-Uncompressing
Pics-Label
SN
Epwk-X-Cache
X-Shopify-Generated-Cart-Token
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-WebServer
X-Ftr-Cache-Host
X-CACHE-AGE
WZWS-RAY
X-StackifyID
Backend-Name
X-ECache
X-RunCloud-Cache
Backend
Product
WWW-Authenticate
X-CACHE-KEY
X-Proxy-Upstream
X-NGINX-Cache
X-Varnish-Url
My-App
X-ServedByHost
X-Amzn-Remapped-Date
X-Via-Popv
X-Sn-Servicetimems
X-Ftr-Request-Id
X-Ratelimit-Limit
X-Cdn-Origin
X-Csrf-Jwt
X-Fetched-On
X-Via-Poph
Mime-Version
XServer
URI
X-Amzn-Remapped-Connection
X-Tec-Api-Version
X-Oss-Cdn-Auth
A
X-GeoIP-Country-Code
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Tec-Api-Root
Ohc-Cache-HIT
X-Sigma-Backend
X-Request-Time
X-Debug-Cache-Store
Dt-Cache-Category
X-Rocket-Build-Number
X-Sigma
X-B3-SpanId
X-Debug-Cache-Fetch
Lb
Server-Ttl
X-WA
Host-ID
X-Cache-Tag
PICS-Label
Cloudfront-Viewer-Country
X-Request-Start
X-Debug-Cache-Bypass
X-B3-Spanid
X-Debug-Cache-Status
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-Tb-Optimization-Total-Bytes-Saved
X-Ftr-Realm
X-Ftr-Backend
SID
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-LiteSpeed-Cache-Control
X-Debug-Cache-String
X-Nananana
X-Cache-Version
X-Swift-Error
X-Served-From
X-Apw-Access-Action
X-Varnish-Beresp-TTL
X-Apw-Access-Token
X-Apw-Hits
Cdn
X-Apw-Access-Object
Cneonction
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Proxy-Firewall
X-Acquia-Purge-Tags
CF-IPCountry
Group
X-Cache-Hfrom
X-Snapshot-Date
X-ServerName
FSS-Proxy
X-DPWN-IS-SECURE
Warning
Dnion-Transfer-Encoding
X-ElasticPress-Search
X-Html-Edge-Cache
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-WR-MODIFICATION
X-Request-URL
X-Cache-Hm
X-Varnish-ID
X-VC
Inserted-Into-Cache-At