Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
P3p
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
Expect-Ct
X-Cache-Group
X-Robots-Tag
Feature-Policy
Xkey
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
X-Dns-Prefetch-Control
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Vhost
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
NEL
X-Dispatcher
X-HW
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
X-Application-Context
X-Akam-SW-Version
X-ORACLE-DMS-ECID
Fusion-Deployment-Id
X-Country
Allow
X-ORACLE-DMS-RID
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Pass-Why
X-Rack-Cache
X-Px
RTSS
Accept-CH
X-FTR-Request-ID
MS-Author-Via
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Varnish-TTL
X-DynaTrace
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Response
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
Pinterest-Generated-By
X-Amz-Rid
X-Ttl
TCN
X-CST
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-Content-Type
X-Cached
X-VARITI-CCR
Accept-Ch
X-Navigation-Version
Cache-Tag
AR-PoweredBy
X-Fastly-Request-ID
AR-Request-ID
AR-ATIME
X-ESI
Ar-Sid
AR-CACHE
X-Version
X-Instart-Request-ID
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Grace
X-Powered-CMS
X-Upstream
Access-Control-Request-Method
X-MSEdge-Ref
X-Debug
X-Accel-Expires
X-Server-Name
Nginx-Cache
Charset
SPIisLatency
SPRequestDuration
S
X-FastCGI-Cache
X-XRDS-Location
Content-MD5
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
X-Client-IP
X-Element-Page-Cache
Realpath
X-Cdn
Pinterest-Version
X-Pinterest-Rid
Host-Header
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
X-Trace
X-Recruiting
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Node-Name
X-Kinsta-Cache
X-T
Fastcgi-Cache
X-Content-Digest
X-Server-ID
X-Logged-In
X-ASPNET-VERSION
X-TTL
X-NWS-LOG-UUID
X-Mobile-URL
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
X-Cache-Age
X-Frontend
Server-Node
X-Cache-Key
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
Edge-Cache-Tag
ServerID
X-Hostname
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
Server-Name
X-Forwarded-For
PB-RID
PB-PID
Arc-Version
Fastly-Restarts
Powered
DynaTrace
X-Yandex-Sdch-Disable
X-Request-Handler-Origin-Region
X-Microsite
X-Zen-Fury
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
Filters
X-User-Agent
X-Revision
X-Page-Id
X-Ruxit-Js-Agent
X-F-Cache
X-Akamai-Edgescape
X-Jobs
X-LB-Cache
X-Mobile-Rewrite
Accept-Charset
X-Hits
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Content-Powered-By
Backend-Timing
X-ATS-Timestamp
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
X-Varnish-Age
X-Origin-Server
AMP-Access-Control-Allow-Source-Origin
Nel
X-Correlation-Id
Alternate-Protocol
X-N
X-B
X-FTR-Cache-Host
X-Via-JSL
MicrosoftSharePointTeamServices
X-Daa-Tunnel
X-Varnish-Backend
X-Rid
Cache-Tags
X-Erf-Bev-Bev-Is-Generated
X-Activity-Id
X-AppVersion
X-Az
X-Erf-Bev-Bev
X-WebKit-CSP-Report-Only
DC
X-Esi
X-ATG-Version
X-Amz-Replication-Status
X-FB-Debug
X-Type
X-Debug-Info
X-B-Cache
Paypal-Debug-Id
Section-Io-Cache
Retry-After
X-TT
X-Signature
Surrogate-Key
X-Whom
X-Ser
X-Varnish-Grace
X-Git-Hash
X-App-Environment
Frame-Options
X-Edge
X-App-Server
Actual-Object-TTL
Host
X-Status
X-Content-Options
X-RateLimit-Remaining
X-Request-Guid
Fastcgi-Useragent
X-Fastcgi-Cache
X-Contextid
Healthy
X-AOL-HN
X-IPLB-Instance
X-Cache-Action
X-Seen-By
X-HTML-Minification-Powered-By
X-Amzn-RequestId
X-Endurance-Cache-Level
Srv
X-Host-Name
X-B3-Sampled
X-Pinterest-Direct
Refresh
X-Upgrade-Enabled
X-PressLabs-Stats
X-ECACHE
From-Origin
Access-Control-Allow-Method
X-Tumblr-User
X-Tumblr-Pixel-0
Source
X-Tumblr-Pixel
X-Drupal-Cache-Tags
X-Instance
X-Amz-Apigw-Id
X-RemovedCookies
X-Accel-Buffering
X-ProcessESI
X-Response-Served-From
X-Cache-Rule
X-Cache-Operation
X-MCACHE
X-Region
X-Mid
VIX-Pulpo-Upstream-Status
X-Time
Odigeo-Trace-Id
VIX-Pulpo-Node
X-Rule
Payment
MS-CV
X-UUID
X-Protected-By
Eomportal-Instance
X-Varnish-Server
X-L-Path
X-Rendered-As
X-WA-Info
X-Is-Bot
X-Environment-Context
X-Cacheable-TTL
X-FW-Server
X-Adobe-Loc
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Adobe-Content
X-FW-Static
Countrycode
Cache-Status
X-Cache-Time
X-FW-Type
Datacenter
X-Litespeed-Cache
Content-Disposition
X-SERVER-NAME
X-VCache
X-Cache-Control
Xserver
X-Cache-Server
X-GeoIP
X-Akamai-Transformed
X-Cached-By
X-Akamai-Request-ID2
X-UnsetCookies
X-Proxy
Uber-Trace-Id
X-Wix-Request-Id
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Correlation-ID
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Origin-Response-Time
NGB
Version
X-Cluster
X-APP-VERSION
X-Mode
Access-Control-Request-Headers
X-Mobile
X-PHP-Backend
X-Azure-Ref
X-Release
X-XRDS-LOCATION
X-Handled-By
Filterid
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-NGENIX-Cache
X-NewRelic-App-Data
X-Tumblr-Pixel-2
X-URL
X-Cache-Remote
X-Cache-NGX
X-NWS-UUID-VERIFY
X-FireWall-Port
Accept-Language
X-Backend-Name
X-Air-Hostname
Liferay-Portal
X-RequestSource
X-CCM
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-Cache-Status-Check
X-No-Session
X-Path-Route
X-Via-Fastly
X-UA-Device-Type
X-RN-RSRV
X-Adobe-Source
X-UPSTREAM-Address
Meta-Geo
Load-Balancing
Cross-Origin-Window-Policy
Cache-Hits
X-VWS-Id
X-PCL
X-Storage
X-MP-GENERATED-AT
X-PERF
X-Www-Served-By
X-Viewer-Country
X-ApacheServer
X-AWS-Id
X-LJ-Flow-ID
X-Locale
X-OCL
X-Ua
DSUID
X-CSRF-Token
ServedBy
Ms-Operation-Id
X-Site-Version
Cache-Name
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Mn-Server-Ip
X-TX-ID
X-Bc-Bl
Decoy-Debug-Key
Now
Decoy-Debug-Status
Cleartype
Akamai-GRN
X-Pubstack
X-RTag
X-Cache-Config
X-Real-IP
X-R9-Blue-Green-Version
X-Framework
Decoy-Debug-TTL
X-Format
X-ShopId
X-Shopify-Stage
X-ShardId
X-Proxied
X-SayCDN-TTL
X-EIG-Tracking-Id
X-ServerID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Webserver
X-Varnish-Cache-Hits
X-Web-Node
X-Alternate-Cache-Key
Fastly-SSL
X-Access
X-BYPASS-REASON
X-Routing-Service
X-Device-Type
X-Section
X-Info
X-ProxyCache-Key
X-Redis-Cache
X-NCache
X-ProxyCache-Status
X-Hl-Ver
X-FW-Version
X-Say-TTL
X-Zipkin-Id
X-Say-Cacheable
S-Rt
X-Timing-Wait
TWC-Device-Class
X-NYM-Debug-Backend
X-BCube-Filmed-By
X-Proxy-Build
X-Origin
Selected-Fe
Property-Id
X-Cache-Enabled
TWC-GeoIP-Country
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Detected-As
X-From
X-SaId
X-JoinUs
X-Human
X-Time-Microsecs
TWC-Connection-Speed
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
Cache
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
X-CS
X-Origin-Hint
X-Qloud-Router
X-Labrador-Cache-Channel
X-Content-Age
DB-Nickname
X-Generated
X-Amzn-Remapped-Content-Length
X-IP
X-Loop
X-TNCMS
Cache-Tv-Group
X-PHP-Host
X-Hyper-Cache
X-Hosted-By
Azure-RegionName
X-Cache-Host
Azure-SiteName
Azure-SlotName
X-Xfnlog-Site
Azure-InstanceId
Azure-Version
X-Geo
Origin-Cache-Control
Origin-Edge-Control
WPE-Backend
NR-ENABLED
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Unique-Id
Country
Ec-Rule-Version
SD-X-WS
X-Drupal-Cache-Contexts
X-RateLimit-Limit
X-Pad
User-Agent
X-Source
X-Varnish-Hostname
X-Old-Content-Length
X-Cache-2
Time
X-Cluster-Node
Server-Info
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Cache-NE
X-Cache-TTL-Remaining
Geo-Info
X-Parent-Response-Time
Upgrade-Insecure-Requests
FilterID
X-EC-Lua
Apigw-Requestid
X-Akamai-Request-ID
X-Cache-Backend
X-Webkit-CSP
X-RCS-CacheZone
X-Debug-Cache
X-Srv
Proxy-Connection
X-Cache-Grace
X-Soup
X-Proxy-Cache-Status
X-Forwarded-Host
X-CDN-Forward
X-Backend-TTL
X-Presslabs-Stats
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Tb
S-Cnection
X-Proto
X-Tumblr-Pixel-3
X-FORWARDED-FOR
NGX
X-Cache-PHP
X-Nc
Meta-Geo-Continent
X-Trv-Group
X-Session-Fingerprint
Rendered-Blocks
Xc-Version
Server-Host
Pagetype
X-Twitter-Response-Tags
Mobile-Detection-Method
X-Thinkindot-L3
X-SRCache-Key
X-Transaction
GEO-REGION-INFO
Content-Script-Type
X-Vtex-Processado-Em
Content-Style-Type
X-Vtex-Remote-Cache
BehaviorPad-Version
Arc-Country
AsisCache
X-VG-WebServer
Fastcgi-X-Cache-Version
X-Vdms-Path
Machine
M-TraceId
X-Vdms-Version
X-VG-WebCache
X-ServiceProvider
MD5-Digest
X-S-Cookie
X-A-Wwc
X-Dispatch
X-DevSite-Last-Modified
X-Developer
X-External-Request-Id
X-A-Dgt
X-A-Ccd
X-A-Dcw
X-G
X-Destination
X-Date
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-B-Cookie
X-ARC
X-Application
X-Aed
X-D
X-Connection-Hash
X-Accel-Expires-Debug
X-A
X-Geo-Header
X-Reqid
X-Region-Sid
T-Server
Thinkindot-CacheControl
X-Rewrite-Enabled
X-Rojux
X-ScT
X-Scheme
X-S
Thinkindot-CacheControl-Type
Thinkindot-Control
X-PAYTM-SRV-ID
X-NodeID
Who
X-Matched-Rule
VivaBuild
Viewtype
True-Client-Country-4JS
X-Processor
UCS
ServerName
X-A-Dam
X-Vcache
X-Uri
Cf-Ipcountry
X-Cluster-Name
OT-Force-Account-Verify
X-Microcachable
X-DC
NM-Fastcgi-Cache
Vix-Hermes-Req-Id
N-Cache
On-Server
X-Branch-Name
X-Worker
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Key
CacheControlHeader
X-Trace-Id
CDCHOST
X-Swa-Ws
X-Agile-Id
X-Node-Id
We-Hiring
X-VC-Cache
X-User
Mail-Subject
Kp-EeAlive
X-Logging-Id
X-Agile-Age
Cache-Cookie-Set-From
X-Agile
X-Level-Front-Cache
X-Location
X-LAGOON
Sid
X-Cms-Context
X-SD-PageType
X-RateLimit-Limit-Second
X-Hash
V-Age
X-Core-Value
X-Method
X-Response-By
X-SIPLIST1
X-App-Version
X-Device-Os
X-Nginx-Cache-Key
X-Dispatcher-Server
X-Skip-Cache
Release
Viewport
AKAMAI
X-SN
X-Cache-FS-Status
X-Generated-In
FNAC-ModuleRouting
IsBot
X-RateLimit-Remaining-Second
X-Generated-On
X-Generation-Time
X-AIR-PT
X-Envoy-Decorator-Operation
X-Hit
User-Cache-Control
X-Rebelmouse-Cache-Control
W
Web-Mar-Node
X-Owner
X-Hnp-Log
X-CGP
X-Clara-WADP
X-Has-Esi
X-Cache-Tags
X-Cache-Info
X-Clientip
X-Gen-Mode
X-Distributor
X-Distil-CS
X-Eu-Site
X-Fmm-Version
X-Cache-Bucket
X-Block-Status
X-JWT-State
X-App
X-Magnolia-Registration
X-Origin-Date
X-Auto-Login
X-Is-Gdpr
X-Bip
X-Rebelmouse-Surrogate-Control
X-Backend-State
X-Instart-Info
X-Origin-Expires
X-TH-Server
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Request-Url
Magicmarker
Apple-News-Services-Handled
C-Via
Fastly-SWR
Fastly-SIE
X-Wikidot-Backend
X-Wikidot-Static-Cache
RNT-Machine
RNT-Time
X-Developers
X-Policy
X-Req
X-Varnish-Cacheable
Wxu-Next-Region
Wxu-Next-Hostname
Server-Ext
Server-Hostname
Sever-Int
Wxu-Next-Commit
X-WADP-Cache
Fastly-Drupal-HTML
X-Dc
X-Var-Ttl
L5d-Success-Class
X-VG-TLSProxy
X-Thanos
X-Epic-Correlation-Id
X-Request-UUID
Rt-Fastcgi-Cache
X-Servername
Platform
Is-Eu
X-Variation
Gh-Request-Id
HA-Ipaddr
X-NC
Ha-Gx-Prefs
X-Be
X-Via-PopH
X-Platform-Server
X-Fastly-Cache
X-Core-Mission
X-VServer
X-Server-W
X-Loc
X-Cache-URL
X-Request-Host
X-Compress-Hint
X-Mvc-Supplant-Cachable
X-TrackingId
X-We-Are-Hiring
X-Via-PopV
X-Varnish-Authentication
X-Reboot
X-Irp-Debug
X-Webstats-RespID
X-Slack-Backend
X-Micro-Cache
X-Cache-Debug
X-SRV
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Storefront-Renderer-Rendered
X-BBXSRF
X-Backend-Host
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Origin-CC
X-Varnish-Beresp-Status
X-Origin-TTL
X-Ms-Version
Memcached
X-Ms-Request-Id
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-TT-TIMESTAMP
X-GoCache-CacheStatus
X-Li-Fabric
X-Gzip
X-Esi-Check
X-Envoy-Upstream-Healthchecked-Cluster
X-Cache-Id
X-Cdn-Forward
LB
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Wa
X-Configured-By
X-NU-AKA-ACS-Version
Node
Tracecode
HostName
X-Vgn-Hpd-Reason
X-Key
X-Edge-Location
X-Refresh
Esi-Enabled
X-UA
X-ZONE
MIME-Version
GEO-INFO
NtCoent-Length
X-BC
Referer-Policy
X-Varnish-URL
L
Server-ID
Ohc-File-Size
Pragrma
X-Ua-Device
X-Servedbyhost
X-App-Name
X-Mvc-Supplant-OutputCached
Cache-Host
X-Server-IP
CACHE
X-B3-Traceid
X-BACKEND-TTL
X-Nginx-Cache
Fastly-Backend-Name
X-MSEdge-Features
X-MSEdge-Flight
X-Zone
X-Bc
X-Via-CDN
Memory
X-Up
Server-Cache-Control
X-Varnish-Ttl
X-Cdn-Srv
Server-Surrogate-Control
X-TIME
X-VCT
X-S-Maxage
X-Generated-By
X-Svr
X-FPC
X-Minions-Version
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
Ohc-Response-Time
X-Batcache
X-Sucuri-ID
X-ElasticPress-Query
X-Pjax-Url
X-COUNTRY
X-VCL-Version
X-ND-Cache
X-Unique-ID
X-Aicache-OS
FSS-Cache
X-Rocket-Nginx-Bypass
X-Oss-Storage-Class
X-CF-Powered-By
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Oracle-Dms-Rid
Resin-Trace
Locid
Heartbleed
X-GEO
Request-EU
Request-Country
GeoIP-Country-Code
X-Varnish-Hits
DCR-Processing-Time-Ms
DCR-Decision-By
Hostname
X-BE
X-Request-URI
GeoIP-Latitude
Cteonnt-Length
X-Fastly-Cache-Status
X-Azure-Ref-OriginShield
Location
Lfy
Powered-By-ChinaCache
X-Shopify-Generated-Cart-Token
HitType
X-Check-Cacheable
X-Gamma-Serve
Pramga
X-PF-Uncompressing
X-LB-ID
X-Edge-Server
Cdn-Request-Time
Cdn-Host
CF-Cached-On
X-Sucuri-Cache
X-Ratelimit-Remaining
WZWS-RAY
Amp-Access-Control-Allow-Source-Origin
X-VHOST
X-VarnishDD-TTL
X-WebServer
PFcat
X-Fastly-Country-Code
X-HS-Status
X-Newrelic-App-Data
X-CACHE-KEY
Geoip-Latitude
X-PJAX-URL
GeoIp-Country-Code
X-Ratelimit-Reset
X-Varnishpool
X-CSRF-TOKEN
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Fpc
X-Vgn-Hpd-Ssi
X-Fastly-Backend-Reqs
X-OVcl
X-Proxy-Upstream
X-Pf-Uncompressing
Product
X-OVcl-Cache
X-Vcl-Version
SRV
X-Oracle-DMS-ECID
X-ECache
X-Fetched-On
Mime-Version
X-Sn-Servicetimems
X-Cdn-Origin
X-Platform
X-Instart-Isnd
Ohc-Cache-HIT
My-App
X-Render-Time
X-GeoIP-Country-Code
X-CACHE-AGE
WWW-Authenticate
X-Cache-Expired-At
X-Ftr-Cache-Host
SN
X-CLOUD-TRACE-CONTEXT
Dt-Cache-Category
X-Ratelimit-Limit
X-NGINX-Cache
X-ServedByHost
URI
X-CUA
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Varnish-Url
X-Original-Request-Id
XServer
X-Swift-Error
X-Served-From
Pics-Label
X-Oss-Cdn-Auth
X-Tec-Api-Origin
X-B3-SpanId
X-Tec-Api-Root
CloudFront-Viewer-Country
X-Tec-Api-Version
X-B3-Spanid
Group
Cf-Alt-Svc
A
X-Request-Start
Epwk-X-Cache
X-Client-Ip
X-Debug-Cache-Fetch
Cdn
X-StackifyID
X-Debug-Cache-Store
X-WR-MODIFICATION
Lb
X-Amzn-Requestid
Backend
Server-Ttl
Cloudfront-Viewer-Country
PICS-Label
X-Apw-Hits
X-Cache-Tag
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Bypass
X-Debug-Cache-Status
X-Apw-Access-Token
X-Apw-Access-Object
X-Request-Time
X-Via-Ucdn
X-WA
X-Apw-Access-Action
X-Debug-Cache-String
SID
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Debug-Do-Not-Cache-Uri
X-LiteSpeed-Cache-Control
X-Cache-Version
NnCoection
X-Via-NSCOPI
X-Acquia-Application-Trace
Country-Code
X-Nananana
Proxy-Firewall
X-IN-APIGATEWAYSSL
X-Via-Poph
X-Via-Popv
X-Csrf-Jwt
X-RunCloud-Cache
X-Acquia-Application-UUID
Backend-Name
X-IN-APIGATEWAY
Origin
Cneonction
X-Cache-Hm
X-Varnish-Beresp-TTL
X-Acquia-Site
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-WPE-Loopback-Upstream-Addr
X-Dw-Trace-Id
X-Request-URL
X-VC
Inserted-Into-Cache-At
X-Snapshot-Date
Warning
X-ElasticPress-Search
X-DPWN-IS-SECURE
Geoip-City
X-Html-Edge-Cache
X-SB
X-Ocache
X-B3-Parentspanid
X-Varnish-ID
Req-ID