Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Request-ID
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Backend-Server
X-Cache-Lookup
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
X-Clacks-Overhead
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
Verso
X-Powered-By-Plesk
Accept-CH-Lifetime
Service-Worker-Allowed
X-Varnish-TTL
Public-Key-Pins
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-GitHub-Request-Id
X-B3-TraceId
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Middleton-Response
X-Sol
Display
Pagespeed
Response
X-Middleton-Display
X-Forwarded-Proto
X-Pass-Why
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
X-D2id
X-Amz-Rid
X-Content-Type
X-Cached
TCN
X-Vcap-Request-Id
X-NF-Request-ID
X-CST
X-Abt-Application-Version
Pinterest-Generated-By
X-VARITI-CCR
Accept-Ch
Host-Header
X-Ttl
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-Navigation-Version
X-ESI
X-Version
Cache-Tag
Accept-Ch-Lifetime
X-Powered-CMS
X-Upstream
X-Server-Name
X-Fastly-Request-ID
X-Instart-Request-ID
X-Debug
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
X-XRDS-Location
Nginx-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Charset
X-Accel-Expires
Content-MD5
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
SPIisLatency
SPRequestDuration
Realpath
X-Element-Page-Cache
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-SharePointHealthScore
SPRequestGuid
X-Pinterest-Rid
X-Shield-Request-Id
Pinterest-Version
X-Client-IP
X-Hp-Webp
X-FastCGI-Cache
X-Jurisdiction
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Trace
X-TTL
X-Kinsta-Cache
X-T
Fastcgi-Cache
X-Node-Name
X-Content-Digest
X-Logged-In
X-Server-ID
X-Cache-Key
X-Mobile-URL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
TP-L2-Cache
TP-Cache
X-Cache-Hit
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Frontend
X-Cache-Age
X-Hostname
ServerID
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
Edge-Cache-Tag
Fastly-Restarts
X-FTR-Expires
X-Forwarded-For
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
Server-Name
X-Yandex-Sdch-Disable
Arc-Version
PB-PID
PB-RID
Powered
X-Microsite
X-Request-Handler-Origin-Region
DynaTrace
X-User-Agent
X-Revision
Filters
X-Content-Security-Policy-Report-Only
X-Zen-Fury
X-Page-Id
X-DIS-Request-ID
X-Hits
X-Jobs
X-LB-Cache
X-F-Cache
X-Akamai-Edgescape
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Accept-Charset
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
X-Cdn
Alternate-Protocol
X-Varnish-Age
X-FTR-Cache-Host
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Correlation-Id
X-N
AMP-Access-Control-Allow-Source-Origin
X-B
X-Ruxit-Js-Agent
X-ATS-Timestamp
Backend-Timing
X-Daa-Tunnel
X-Varnish-Backend
Cache-Tags
X-Rid
MicrosoftSharePointTeamServices
X-Via-JSL
X-AppVersion
X-Activity-Id
X-Az
X-WebKit-CSP-Report-Only
Retry-After
X-Varnish-Grace
X-Type
X-Amz-Replication-Status
X-Esi
DC
Surrogate-Key
X-FB-Debug
X-Git-Hash
X-Whom
Section-Io-Cache
X-App-Environment
X-TT
X-Signature
X-Request-Guid
Paypal-Debug-Id
X-B-Cache
X-Fastcgi-Cache
Host
X-Content-Options
X-Status
X-Debug-Info
X-Edge
X-ATG-Version
Frame-Options
X-RateLimit-Remaining
Actual-Object-TTL
Fastcgi-Useragent
X-Ser
X-App-Server
X-IPLB-Instance
Healthy
Nel
X-Contextid
X-Endurance-Cache-Level
X-AOL-HN
X-Amzn-RequestId
X-HTML-Minification-Powered-By
X-Cache-Action
Srv
X-Seen-By
X-ECACHE
X-Pinterest-Direct
X-B3-Sampled
X-Host-Name
Refresh
From-Origin
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Drupal-Cache-Tags
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-ProcessESI
X-Cache-Rule
X-RemovedCookies
X-Response-Served-From
X-Accel-Buffering
X-Instance
X-Cache-Operation
X-Mid
X-MCACHE
X-UUID
X-Rule
X-Is-Bot
X-Cacheable-TTL
X-Region
X-Protected-By
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Rendered-As
Eomportal-Instance
X-WA-Info
Payment
Content-Disposition
MS-CV
X-Environment-Context
Source
X-L-Path
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Server
Countrycode
X-Cache-Time
X-Litespeed-Cache
Datacenter
X-Time
X-PressLabs-Stats
Cache-Status
X-Cache-Control
X-Cached-By
X-Cache-Server
X-Release
X-VCache
Uber-Trace-Id
Xserver
X-Proxy
X-Load-Cache
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-UnsetCookies
X-Akamai-Transformed
X-GeoIP
X-Mobile
X-Correlation-ID
X-SERVER-NAME
X-Yottaa-Metrics
X-Azure-Ref
X-PHP-Backend
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-NewRelic-App-Data
X-Origin-Response-Time
X-Tt-Trace-Host
X-Wix-Request-Id
X-Tt-Trace-Tag
Version
X-Handled-By
X-Mode
X-Cluster
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
Accept-Language
X-Air-Hostname
X-NGENIX-Cache
NGB
Liferay-Portal
X-Backend-Name
X-Cache-NGX
X-URL
Filterid
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Framework
X-Cache-Remote
X-APP-VERSION
X-Proxied
X-Locale
X-FireWall-Port
X-LJ-Flow-ID
X-ES-SERVER
X-Path-Route
X-Routing-Service
X-PERF
X-Zipkin-Id
X-VWS-Id
X-Via-Fastly
Load-Balancing
Meta-Geo
X-Cache-Var
X-AWS-Id
X-Cache-Status-Check
Cross-Origin-Window-Policy
X-UA-Device-Type
X-UPSTREAM-Address
X-Adobe-Source
X-Cache-Var-Map
X-RN-RSRV
X-ApacheServer
X-CCM
X-Detected-As
X-Qloud-Router
X-Site-Version
Mn-Server-Ip
X-Storage
Decoy-Debug-TTL
Decoy-Debug-Status
Cache-Hits
Decoy-Debug-Key
X-TX-ID
X-Viewer-Country
X-PCL
X-OCL
X-Www-Served-By
X-R9-Blue-Green-Version
ServedBy
X-Real-IP
X-MP-GENERATED-AT
DSUID
X-NCache
X-IP
X-No-Session
Cleartype
Cache-Name
X-Cache-Config
X-Info
X-Human
X-Format
Akamai-GRN
X-Access
Fastly-SSL
Cache
X-Redis-Cache
X-Pubstack
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Now
Section-Io-Origin-Status
Section-Io-Id
X-Bc-Bl
X-Web-Node
X-RTag
X-Ua
X-Say-Cacheable
Ms-Operation-Id
X-Say-TTL
X-Section
X-SayCDN-TTL
Webcakes-Region
Webcakes-App-Version
X-Alternate-Cache-Key
Webserver
TWC-GeoIP-LatLong
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
X-FC-Vary-Parameters
X-ShopId
X-ShardId
X-ServerID
X-ProxyCache-Status
X-Shopify-Stage
X-Sorting-Hat-PodId
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-ProxyCache-Key
X-PHP-Host
X-EIG-Tracking-Id
X-Device-Type
X-CS
X-Cache-Enabled
Property-Id
X-FW-Version
X-Origin-Hint
X-Hosted-By
X-Hl-Ver
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-Generated
X-Loop
X-From
X-FB-TRIP-ID
X-Content-Age
X-NYM-Debug-Backend
X-Origin
X-Timing-Wait
X-TNCMS
X-Time-Microsecs
X-SaId
X-Proxy-Build
X-BCube-Filmed-By
X-JoinUs
Selected-Fe
X-CSRF-Token
X-Amzn-Remapped-Content-Length
DB-Nickname
X-Cache-Host
X-RequestSource
X-Hyper-Cache
Server-Info
Azure-SlotName
Azure-InstanceId
Ec-Rule-Version
Azure-RegionName
Azure-SiteName
Azure-Version
X-XRDS-LOCATION
X-Xfnlog-Site
Origin-Edge-Control
X-Geo
Origin-Cache-Control
X-RateLimit-Limit
Geo-Info
X-Drupal-Cache-Contexts
Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-2
SD-X-WS
X-Cache-TTL-Remaining
X-Unique-Id
Country
X-EC-Lua
User-Agent
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Pad
X-Old-Content-Length
Apigw-Requestid
X-Varnish-Hostname
X-Source
X-Cluster-Node
X-Cache-NE
X-Presslabs-Stats
Upgrade-Insecure-Requests
X-Parent-Response-Time
FilterID
X-Debug-Cache
X-RCS-CacheZone
X-Akamai-Request-ID
X-Soup
X-Webkit-CSP
X-Cache-Backend
X-Proto
Proxy-Connection
X-Vcache
X-Tb
X-Backend-TTL
X-App-Version
X-Srv
X-Cache-Grace
X-Proxy-Cache-Status
X-CDN-Forward
X-AIR-PT
X-Cache-PHP
X-DC
X-Forwarded-Host
NR-ENABLED
WPE-Backend
X-FORWARDED-FOR
X-Nc
X-Tumblr-Pixel-3
X-B-Cookie
X-Generated-On
X-ARC
Xc-Version
UCS
Cache-Key
GEO-REGION-INFO
X-Be
X-A-Dcw
Content-Script-Type
X-Uri
X-A-Ccd
X-A-Dam
X-Geo-Header
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A
Content-Style-Type
X-Destination
X-Developer
X-Aed
X-DevSite-Last-Modified
AsisCache
X-Date
Fastcgi-X-Cache-Version
BehaviorPad-Version
X-Storefront-Renderer-Rendered
True-Client-Country-4JS
X-A-Dgt
X-Application
X-A-Wwc
X-External-Request-Id
FNAC-ModuleRouting
X-G
VivaBuild
X-D
X-Connection-Hash
X-Accel-Expires-Debug
X-Dispatch
Who
Viewtype
X-VG-WebServer
X-S
X-Rojux
X-S-Cookie
X-Scheme
X-ScT
X-Rewrite-Enabled
X-Response-By
Arc-Country
X-Reqid
N-Cache
Rendered-Blocks
MD5-Digest
X-Twitter-Response-Tags
X-SD-PageType
X-SRCache-Key
X-Swa-Ws
X-Session-Fingerprint
Machine
X-SIPLIST1
X-Thinkindot-L3
X-Trace-Id
X-Trv-Group
M-TraceId
X-ServiceProvider
X-Transaction
X-Newrelic-Synthetics
X-Vdms-Version
X-Vdms-Path
X-Nginx-Cache-Key
T-Server
Mobile-Detection-Method
Meta-Geo-Continent
X-Vtex-Remote-Cache
X-Method
Pagetype
Thinkindot-Control
X-Level-Front-Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Matched-Rule
X-Vtex-Processado-Em
IsBot
X-VG-WebCache
Server-Host
X-Region-Sid
ServerName
X-Processor
X-NodeID
X-PAYTM-SRV-ID
User-Cache-Control
NGX
OT-Force-Account-Verify
Server-Ext
RNT-Time
Web-Mar-Node
Release
Vix-Hermes-Req-Id
Server-Hostname
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
Viewport
V-Age
We-Hiring
RNT-Machine
X-Policy
X-Owner
On-Server
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Node-Id
X-Micro-Cache
X-LAGOON
X-Loc
X-Location
X-Logging-Id
X-Req
X-Servername
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Worker
X-VC-Cache
X-Varnish-Cacheable
X-Skip-Cache
X-SN
X-Thanos
X-User
X-Hnp-Log
X-Hash
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Info
X-Cache-URL
X-Branch-Name
X-Block-Status
X-Agile-Age
X-Agile-Id
X-Backend-State
X-Bip
X-Clara-WADP
X-Cms-Context
X-Fmm-Version
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-Dispatcher-Server
X-Device-Os
X-Compress-Hint
X-Core-Value
X-Developers
X-Agile
Sever-Int
S-Cnection
Magicmarker
Mail-Subject
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
Kp-EeAlive
X-App
Cache-Cookie-Set-From
CacheControlHeader
X-Cluster-Name
Cache-Cookie-Set-Lfrom
CDCHOST
Cache-Cookie-Set-Idcheck
X-SRV
NM-Fastcgi-Cache
X-Origin-CC
X-Origin-TTL
X-B3-Traceid
Cf-Ipcountry
X-Envoy-Decorator-Operation
Sid
X-Hit
X-Magnolia-Registration
Node
X-Cache-Id
X-We-Are-Hiring
X-Distil-CS
X-CGP
X-NC
X-Distributor
X-Core-Mission
X-Clientip
X-Cache-Tags
X-VServer
X-TrackingId
X-Rebelmouse-Cache-Control
X-TA-CDN-Provider
X-Var-Ttl
X-Origin-Expires
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Slack-Backend
X-Server-W
X-Request-UUID
X-Request-Host
X-TH-Server
X-Origin-Date
X-Variation
X-Cache-Debug
X-VG-TLSProxy
X-Fastly-Cache
X-Eu-Site
X-Esi-Check
X-Gzip
X-Has-Esi
X-Mvc-Supplant-Cachable
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-Epic-Correlation-Id
X-Webstats-RespID
Adler-Geo
X-Auto-Login
Gh-Request-Id
Fastly-Drupal-HTML
C-Via
Fastly-SWR
W
Fastly-SIE
Platform
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
L5d-Success-Class
Rt-Fastcgi-Cache
X-BBXSRF
LB
Memcached
X-Varnish-Authentication
X-Cache-ASPX
X-Configured-By
X-NU-AKA-ACS-Version
X-GoCache-CacheStatus
X-SVT-ORM-RULES
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-Backend-Host
X-SVT-ORM-VERSION
X-LI-UUID
X-Contensis-Viewer-Groups
X-Microcachable
X-Dc
X-Instart-Info
X-Via-PopH
X-Via-PopV
X-Edge-Location
Referer-Policy
X-Wa
X-Key
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cdn-Forward
HostName
X-Envoy-Upstream-Healthchecked-Cluster
X-Platform-Server
Pragrma
X-Refresh
X-Ms-Version
MIME-Version
X-Ms-Request-Id
X-Varnish-URL
X-TT-TIMESTAMP
X-UA
X-BC
X-ZONE
X-Servedbyhost
Fastly-Backend-Name
NtCoent-Length
X-Ua-Device
X-Via-CDN
X-Up
Esi-Enabled
X-TIME
CACHE
GEO-INFO
X-Vgn-Hpd-Reason
X-App-Name
Memory
X-MSEdge-Flight
X-MSEdge-Features
Tracecode
X-Minions-Version
L
X-Mvc-Supplant-OutputCached
X-Batcache
Server-ID
X-Zone
X-BACKEND-TTL
X-Bc
X-ElasticPress-Query
Ohc-File-Size
Cache-Host
X-Nginx-Cache
X-Server-IP
X-VCL-Version
X-ND-Cache
X-Unique-ID
X-Aicache-OS
X-Svr
X-Cdn-Srv
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
X-Sucuri-ID
Server-Cache-Control
X-FPC
X-Pjax-Url
X-Generated-By
X-GEO
X-COUNTRY
Server-Surrogate-Control
X-S-Maxage
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
FSS-Cache
DCR-Decision-By
GeoIP-Country-Code
Ohc-Response-Time
DCR-Processing-Time-Ms
X-CF-Powered-By
X-Oss-Request-Id
X-VCT
Pramga
X-Fastly-Cache-Status
X-PF-Uncompressing
Location
Powered-By-ChinaCache
X-Rocket-Nginx-Bypass
GeoIP-Latitude
X-Azure-Ref-OriginShield
HitType
Resin-Trace
X-Check-Cacheable
Hostname
X-Varnish-Ttl
Request-EU
Heartbleed
Locid
Request-Country
X-BE
X-Varnishpool
X-Ratelimit-Reset
X-Varnish-Hits
Cteonnt-Length
X-LB-ID
PFcat
X-Request-URI
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-Cache
X-VarnishDD-TTL
X-Ratelimit-Remaining
X-CSRF-TOKEN
X-Vgn-Hpd-Ssi
X-OVcl-Cache
Cdn-Host
X-Vgn-Hpd-Cached
X-PJAX-URL
X-Edge-Server
Lfy
X-OVcl
X-Vgn-Hpd-Variations-Key
Cdn-Request-Time
X-VHOST
X-Fastly-Country-Code
X-Platform
X-Gamma-Serve
X-Fastly-Backend-Reqs
X-Newrelic-App-Data
X-Instart-Isnd
GeoIp-Country-Code
X-Fpc
Geoip-Latitude
CF-Cached-On
X-Shopify-Generated-Cart-Token
X-Cache-Expired-At
X-Original-Request-Id
X-Render-Time
X-HS-Status
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
SRV
SN
WZWS-RAY
X-Vcl-Version
X-Client-Ip
X-Pf-Uncompressing
X-WebServer
X-Ratelimit-Limit
Product
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Proxy-Upstream
X-Oracle-Dms-Rid
XServer
X-NGINX-Cache
X-CUA
Mime-Version
X-ECache
Pics-Label
X-CACHE-KEY
X-Cdn-Origin
X-Sn-Servicetimems
X-Fetched-On
My-App
Epwk-X-Cache
WWW-Authenticate
X-Amzn-Remapped-Date
URI
X-GeoIP-Country-Code
X-Amzn-Remapped-Connection
X-Varnish-Url
Ohc-Cache-HIT
X-ServedByHost
X-Ftr-Cache-Host
X-RunCloud-Cache
X-StackifyID
Lb
X-Oss-Cdn-Auth
Backend
CloudFront-Viewer-Country
Dt-Cache-Category
X-B3-SpanId
X-Fastly-Request-Id
A
Backend-Name
X-Csrf-Jwt
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Request-Start
X-Swift-Error
Server-Ttl
X-Cache-Tag
X-Via-Poph
Cloudfront-Viewer-Country
PICS-Label
X-Via-Popv
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
Group
X-B3-Spanid
X-Served-From
SID
Cdn
X-Tb-Optimization-Total-Bytes-Saved
X-Nananana
X-Debug-Cache-String
X-Cache-Version
X-Apw-Hits
X-WA
X-Apw-Access-Token
X-Apw-Access-Object
X-Sigma-Backend
X-Acquia-Application-UUID
X-Cache-Hm
X-Varnish-Beresp-TTL
X-Cache-Hfrom
X-WR-MODIFICATION
Proxy-Firewall
Cneonction
X-Acquia-Purge-Tags
X-Rocket-Build-Number
X-Acquia-Site
DataCenter
X-Sigma
X-Request-Time
X-Acquia-Application-Trace
X-Apw-Access-Action
Host-ID
X-APP
X-Lb-Id
CF-IPCountry
X-Snapshot-Date
Warning
Inserted-Into-Cache-At
X-ElasticPress-Search
Req-ID
X-Dw-Trace-Id
Origin
X-SB
Cf-Alt-Svc
X-Html-Edge-Cache
X-Varnish-ID
X-VC
X-Request-URL
X-Via-Ucdn