Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Backend
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
Cf-Railgun
X-WebKit-CSP
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Rack-Cache
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Pass-Why
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
Service-Worker-Allowed
X-B3-TraceId
X-Varnish-TTL
Public-Key-Pins
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Display
X-Middleton-Display
X-Middleton-Response
Pagespeed
Response
X-Sol
X-Forwarded-Proto
X-DynaTrace
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Ttl
X-Amz-Rid
X-CST
Pinterest-Generated-By
TCN
X-NF-Request-ID
X-Vcap-Request-Id
X-Abt-Application-Version
X-Content-Type
X-Cached
X-VARITI-CCR
Accept-Ch
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Navigation-Version
Ar-Sid
AR-CACHE
Cache-Tag
X-Fastly-Request-ID
X-ESI
X-Version
X-Server-Name
X-Instart-Request-ID
X-Powered-CMS
X-Upstream
Accept-Ch-Lifetime
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Grace
Host-Header
Access-Control-Request-Method
X-Debug
X-MSEdge-Ref
X-Accel-Expires
X-XRDS-Location
Charset
Nginx-Cache
SPRequestDuration
SPIisLatency
Content-MD5
X-Mrf-Section-Lastmod
S
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Realpath
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Element-Page-Cache
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
X-Cdn
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
X-Client-IP
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Id
X-Recruiting
X-Amz-Meta-S3cmd-Attrs
X-Trace
X-FastCGI-Cache
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Server-ID
X-Logged-In
X-Cache-Key
X-TTL
X-NWS-LOG-UUID
X-Mobile-URL
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-Cache-Hit
Server-Node
X-Frontend
X-Cache-Age
ServerID
X-Hostname
X-Amzn-Trace-Id
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
Front-End-Https
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
Edge-Cache-Tag
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Forwarded-For
Fastly-Restarts
Server-Name
PB-RID
Arc-Version
PB-PID
X-Yandex-Sdch-Disable
Powered
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
Filters
X-DIS-Request-ID
X-User-Agent
X-Zen-Fury
X-Content-Security-Policy-Report-Only
X-Revision
X-Ruxit-Js-Agent
X-Jobs
X-F-Cache
X-Page-Id
X-Akamai-Edgescape
X-LB-Cache
X-Hits
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Accept-Charset
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Geo-Country
X-Fastcgi-Cache
X-Varnish-Age
X-ATS-Timestamp
Backend-Timing
X-N
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
X-B
X-FTR-Cache-Host
X-Via-JSL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-Daa-Tunnel
Cache-Tags
X-Rid
X-Activity-Id
X-Az
X-AppVersion
DC
X-Type
X-Esi
X-RateLimit-Remaining
X-WebKit-CSP-Report-Only
X-FB-Debug
Surrogate-Key
X-Amz-Replication-Status
X-TT
X-Whom
Paypal-Debug-Id
X-Git-Hash
Retry-After
X-Signature
X-B-Cache
Section-Io-Cache
X-Varnish-Grace
X-ATG-Version
X-Debug-Info
Host
X-Status
X-Edge
X-App-Environment
Frame-Options
X-Ser
X-Content-Options
Actual-Object-TTL
X-Request-Guid
X-App-Server
Fastcgi-Useragent
X-Amzn-RequestId
X-IPLB-Instance
X-Contextid
Healthy
X-AOL-HN
Nel
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Cache-Action
Srv
X-Seen-By
X-ECACHE
X-B3-Sampled
X-Pinterest-Direct
X-Host-Name
From-Origin
Refresh
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Amz-Apigw-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Drupal-Cache-Tags
X-Tumblr-Pixel
X-RemovedCookies
X-Cache-Rule
X-Response-Served-From
X-ProcessESI
X-Instance
X-Accel-Buffering
Source
X-Cache-Operation
X-PressLabs-Stats
X-MCACHE
X-Protected-By
X-Mid
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Region
Odigeo-Trace-Id
X-Environment-Context
Eomportal-Instance
X-Rule
X-UUID
X-L-Path
MS-CV
X-Cacheable-TTL
Payment
X-Time
X-FW-Server
X-FW-Hash
X-FW-Serve
X-WA-Info
X-Rendered-As
X-FW-Dynamic
X-Is-Bot
X-FW-Static
X-Varnish-Server
Datacenter
X-FW-Type
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
Countrycode
Content-Disposition
Cache-Status
X-Litespeed-Cache
Xserver
X-Cache-Control
X-Cache-Server
X-VCache
X-Akamai-Transformed
X-Akamai-Request-ID2
X-GeoIP
X-UnsetCookies
X-Proxy
Uber-Trace-Id
X-Cached-By
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Webkit-CSP
X-Mobile
X-Release
X-Correlation-ID
X-SERVER-NAME
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Wix-Request-Id
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-PHP-Backend
X-Azure-Ref
X-NewRelic-App-Data
Version
Access-Control-Request-Headers
X-Mode
X-Handled-By
X-Cluster
NGB
X-NWS-UUID-VERIFY
X-IPS-LoggedIn
Accept-Language
X-NGENIX-Cache
Liferay-Portal
X-Ua
X-URL
X-Cache-NGX
Filterid
X-Air-Hostname
X-Backend-Name
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache
X-Cache-Remote
Cross-Origin-Window-Policy
Load-Balancing
Meta-Geo
X-ES-SERVER
X-FireWall-Port
X-Cache-Status-Check
X-Cache-Var
X-UPSTREAM-Address
X-Framework
X-Cache-Var-Map
X-AWS-Id
X-ApacheServer
X-Zipkin-Id
X-VWS-Id
X-CCM
X-Adobe-Source
X-Via-Fastly
X-No-Session
X-UA-Device-Type
X-LJ-Flow-ID
X-Routing-Service
X-CSRF-Token
X-Path-Route
X-Proxied
X-RN-RSRV
X-PERF
X-Www-Served-By
X-OCL
Cache-Hits
X-Qloud-Router
X-R9-Blue-Green-Version
X-Viewer-Country
X-TX-ID
ServedBy
X-RequestSource
Mn-Server-Ip
X-PCL
X-Locale
X-MP-GENERATED-AT
X-Storage
DSUID
X-Format
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Bc-Bl
X-Pubstack
X-Access
Decoy-Debug-TTL
Now
X-Real-IP
X-Cache-Config
X-Site-Version
Decoy-Debug-Status
Decoy-Debug-Key
Cache-Name
Akamai-GRN
Cleartype
X-RTag
X-Section
Section-Io-Id
Ms-Operation-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Webserver
X-Alternate-Cache-Key
X-BYPASS-REASON
X-NCache
TWC-Privacy
TWC-Locale-Group
X-Redis-Cache
X-Say-Cacheable
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Info
X-CS
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Fastly-SSL
X-Varnish-Cache-Hits
X-ServerID
X-ProxyCache-Status
X-EIG-Tracking-Id
X-Device-Type
X-FW-Version
X-Hl-Ver
X-ProxyCache-Key
X-Origin-Hint
Property-Id
X-Human
X-Say-TTL
X-Web-Node
X-SayCDN-TTL
X-JoinUs
X-APP-VERSION
X-From
X-Content-Age
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-FB-TRIP-ID
Cache-Tv-Group
S-Rt
X-Time-Microsecs
X-Timing-Wait
X-SaId
X-Cache-Enabled
X-BCube-Filmed-By
X-Detected-As
X-Proxy-Build
X-Origin
X-FC-Vary-Parameters
Selected-Fe
X-PHP-Host
X-IP
DB-Nickname
X-Generated
X-TNCMS
X-Loop
X-Amzn-Remapped-Content-Length
X-Hosted-By
X-Geo
X-Hyper-Cache
X-RateLimit-Limit
X-Cache-Host
Azure-RegionName
X-XRDS-LOCATION
Azure-SiteName
Azure-InstanceId
X-Xfnlog-Site
Azure-SlotName
Azure-Version
Origin-Edge-Control
Origin-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
Server-Info
X-Drupal-Cache-Contexts
Geo-Info
Ec-Rule-Version
X-Unique-Id
X-Cache-2
User-Agent
X-Pad
SD-X-WS
X-Urbn-Context-Path
X-Cache-TTL-Remaining
Time
Locale
X-Source
X-Urbn-Site-Id
X-Cluster-Node
X-Cache-NE
X-Old-Content-Length
X-Varnish-Hostname
X-EC-Lua
Apigw-Requestid
Upgrade-Insecure-Requests
X-Parent-Response-Time
FilterID
X-RCS-CacheZone
NR-ENABLED
WPE-Backend
X-Akamai-Request-ID
X-Debug-Cache
X-Cache-Backend
X-App-Version
X-Soup
X-Presslabs-Stats
Proxy-Connection
X-Vcache
X-Cache-Grace
X-Backend-TTL
X-CDN-Forward
X-Srv
X-Proxy-Cache-Status
X-Forwarded-Host
X-Tb
X-Proto
X-DC
X-FORWARDED-FOR
X-Cache-PHP
S-Cnection
X-Tumblr-Pixel-3
X-Newrelic-Synthetics
X-Nc
X-Developer
X-Destination
X-Uri
X-Date
X-External-Request-Id
X-Dispatch
X-DevSite-Last-Modified
X-A-Dam
Content-Script-Type
Content-Style-Type
ServerName
Fastcgi-X-Cache-Version
T-Server
Thinkindot-CacheControl
True-Client-Country-4JS
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Host
FNAC-ModuleRouting
Meta-Geo-Continent
MD5-Digest
Machine
IsBot
Mobile-Detection-Method
GEO-REGION-INFO
Rendered-Blocks
Pagetype
UCS
BehaviorPad-Version
X-ARC
X-Application
X-Aed
X-Accel-Expires-Debug
X-B-Cookie
X-CF-Lambda-Fn
X-D
X-Connection-Hash
X-CF-Lambda-Version
X-A-Wwc
X-A-Dgt
Viewtype
Arc-Country
AsisCache
VivaBuild
Who
X-A-Dcw
X-A-Ccd
X-A
X-AIR-PT
X-Method
X-ServiceProvider
X-ScT
X-G
X-SIPLIST1
X-SRCache-Key
X-Scheme
X-S-Cookie
X-Reqid
X-Region-Sid
X-Rewrite-Enabled
X-Rojux
X-S
X-Swa-Ws
X-Thinkindot-L3
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
NGX
X-Vdms-Version
X-Transaction
X-Trace-Id
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Processor
X-Session-Fingerprint
X-NodeID
X-Generated-On
X-Geo-Header
M-TraceId
X-Level-Front-Cache
X-Matched-Rule
X-PAYTM-SRV-ID
X-Nginx-Cache-Key
OT-Force-Account-Verify
Cache-Key
X-Cluster-Name
Magicmarker
X-Hash
Mail-Subject
Server-Hostname
X-Developers
Sever-Int
X-VC-Cache
X-SD-PageType
On-Server
X-User
X-Varnish-Cacheable
X-Device-Os
Server-Ext
X-Generation-Time
X-Dispatcher-Server
Release
N-Cache
RNT-Machine
X-LAGOON
NM-Fastcgi-Cache
RNT-Time
X-Worker
X-Response-By
X-Generated-In
V-Age
X-Agile-Age
X-Agile-Id
X-Agile
X-Owner
X-Cms-Context
X-Cache-FS-Status
X-Branch-Name
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Bip
X-Req
X-Compress-Hint
X-Node-Id
X-Thanos
X-SN
Viewport
X-Policy
X-Logging-Id
X-Skip-Cache
Vix-Hermes-Req-Id
X-Core-Value
Wxu-Next-Region
Wxu-Next-Commit
We-Hiring
X-Location
Wxu-Next-Hostname
X-App
Cache-Cookie-Set-From
Apple-News-Services-Parsed-Url
AKAMAI
X-SRV
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
CDCHOST
CacheControlHeader
Kp-EeAlive
X-Envoy-Decorator-Operation
Cf-Ipcountry
X-Storefront-Renderer-Rendered
X-Hit
User-Cache-Control
Sid
X-Cache-Tags
X-Backend-State
X-Cache-Bucket
X-Clara-WADP
X-Magnolia-Registration
X-Gen-Mode
X-Auto-Login
X-Cache-URL
X-Cache-Debug
X-Cache-Info
X-Block-Status
X-NC
X-Be
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-UUID
X-Server-W
X-TA-CDN-Provider
X-Has-Esi
X-JWT-State
X-Is-Gdpr
X-Origin-Date
X-Origin-Expires
X-Microcachable
X-TH-Server
X-Core-Mission
X-VG-TLSProxy
X-Hnp-Log
X-Clientip
X-CGP
X-Variation
X-Var-Ttl
X-Eu-Site
X-Epic-Correlation-Id
X-Distributor
X-Distil-CS
Web-Mar-Node
X-Fmm-Version
Node
Fastly-Drupal-HTML
Fastly-SIE
Rt-Fastcgi-Cache
X-Servername
Adler-Geo
C-Via
X-Micro-Cache
W
X-Loc
Fastly-SWR
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Platform
X-WADP-Cache
Gh-Request-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
L5d-Success-Class
X-Origin-TTL
X-Origin-CC
X-Varnish-Authentication
X-Slack-Backend
X-We-Are-Hiring
X-Webstats-RespID
X-Backend-Host
LB
X-VServer
X-TrackingId
X-Cache-Id
X-BBXSRF
X-Irp-Debug
X-Gzip
X-Request-Host
X-Reboot
X-Mvc-Supplant-Cachable
X-Instart-Info
X-Fastly-Cache
X-Contensis-Viewer-Groups
X-Esi-Check
X-Cache-ASPX
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-NU-AKA-ACS-Version
X-Li-Fabric
X-Wa
X-SVT-ORM-RULES
Memcached
X-SVT-ORM-VERSION
X-GoCache-CacheStatus
X-Configured-By
X-Platform-Server
X-Li-Pop
X-Via-PopH
X-LI-Proto
X-Via-PopV
X-Dc
X-LI-UUID
X-Cdn-Forward
X-Edge-Location
X-Ms-Request-Id
X-Key
X-Ms-Version
X-Envoy-Upstream-Healthchecked-Cluster
X-TT-TIMESTAMP
HostName
Referer-Policy
X-Varnish-URL
Pragrma
NtCoent-Length
X-Vgn-Hpd-Reason
X-Servedbyhost
Tracecode
X-Refresh
Esi-Enabled
MIME-Version
X-Ua-Device
X-App-Name
Server-ID
Fastly-Backend-Name
X-BC
X-ZONE
L
X-Bc
X-Via-CDN
X-Zone
GEO-INFO
X-B3-Traceid
X-UA
Ohc-File-Size
Cache-Host
X-Nginx-Cache
X-Mvc-Supplant-OutputCached
X-Server-IP
X-MSEdge-Flight
X-MSEdge-Features
X-Up
X-BACKEND-TTL
X-Batcache
Memory
X-Minions-Version
X-Unique-ID
CACHE
X-TIME
X-Cdn-Srv
X-Sucuri-ID
Server-Surrogate-Control
X-Pjax-Url
X-VCL-Version
X-ElasticPress-Query
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-ND-Cache
Server-Cache-Control
X-Svr
X-S-Maxage
X-COUNTRY
X-VCT
X-Generated-By
Ohc-Response-Time
X-Aicache-OS
GeoIP-Country-Code
X-FPC
X-CF-Powered-By
FSS-Cache
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
Resin-Trace
DCR-Processing-Time-Ms
GeoIP-Latitude
DCR-Decision-By
X-GEO
X-Rocket-Nginx-Bypass
X-Azure-Ref-OriginShield
Locid
X-Fastly-Cache-Status
Location
Pramga
X-BE
X-PF-Uncompressing
Heartbleed
Powered-By-ChinaCache
Request-Country
Hostname
Request-EU
X-Varnish-Hits
X-Request-URI
HitType
X-Varnish-Ttl
X-Check-Cacheable
Cteonnt-Length
X-LB-ID
Lfy
Amp-Access-Control-Allow-Source-Origin
X-Varnishpool
X-Shopify-Generated-Cart-Token
X-Gamma-Serve
Cdn-Host
X-Ratelimit-Reset
PFcat
X-Sucuri-Cache
X-Fpc
Cdn-Request-Time
X-Edge-Server
X-VarnishDD-TTL
X-VHOST
X-OVcl
X-Vgn-Hpd-Variations-Key
X-Newrelic-App-Data
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Fastly-Country-Code
X-OVcl-Cache
X-PJAX-URL
WZWS-RAY
CF-Cached-On
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
Geoip-Latitude
X-Instart-Isnd
X-Platform
X-WebServer
GeoIp-Country-Code
X-HS-Status
SRV
X-Pf-Uncompressing
X-Render-Time
Product
X-Client-Ip
X-Cache-Expired-At
X-Ratelimit-Remaining
X-Vcl-Version
Mime-Version
X-Proxy-Upstream
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
My-App
X-Cdn-Origin
X-Oracle-Dms-Rid
X-Ftr-Cache-Host
X-Fetched-On
X-Original-Request-Id
SN
X-Sn-Servicetimems
Ohc-Cache-HIT
WWW-Authenticate
X-NGINX-Cache
X-Amzn-Remapped-Connection
X-ECache
X-Amzn-Remapped-Date
X-CACHE-KEY
X-CUA
X-GeoIP-Country-Code
XServer
Pics-Label
Epwk-X-Cache
URI
Dt-Cache-Category
X-ServedByHost
X-Varnish-Url
X-Ratelimit-Limit
X-Tec-Api-Root
X-StackifyID
X-B3-SpanId
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Tec-Api-Version
A
X-Oss-Cdn-Auth
X-Request-Start
X-Swift-Error
X-Served-From
X-Cache-Tag
Cdn
X-RunCloud-Cache
X-B3-Spanid
Backend-Name
Group
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Backend
Lb
X-WR-MODIFICATION
Server-Ttl
SID
X-Apw-Hits
X-Via-Popv
PICS-Label
X-Tb-Optimization-Total-Bytes-Saved
X-Apw-Access-Token
X-Debug-Cache-String
X-Nananana
X-Debug-Do-Not-Cache-Uri
X-Via-Poph
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Debug-Xas-Auth
X-Debug-Cache-Status
X-Apw-Access-Action
X-Apw-Access-Object
X-Csrf-Jwt
X-Debug-Cache-Bypass
Cf-Alt-Svc
Cloudfront-Viewer-Country
X-Cache-Version
X-Request-Time
X-Via-Ucdn
X-WA
Proxy-Firewall
Cneonction
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Varnish-Beresp-TTL
Origin
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-Cache-Hm
Warning
X-Snapshot-Date
X-Sigma
Inserted-Into-Cache-At
Host-ID
X-Rocket-Build-Number
CF-IPCountry
X-Sigma-Backend
Country-Code
Req-ID
X-B3-Parentspanid
X-Via-NSCOPI
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
NnCoection
X-Varnish-ID
X-Dw-Trace-Id
X-SB
X-Html-Edge-Cache
X-Request-URL
X-ElasticPress-Search
X-VC