Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Upgrade
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Age
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
P3p
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Cache-Lookup
X-Readtime
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Content-Location
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
Accept-CH
X-Url
X-Rack-Cache
RTSS
X-Clacks-Overhead
X-Px
MS-Author-Via
Accept-CH-Lifetime
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
X-FTR-Request-ID
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
Host-Header
X-Cdn-Fetch
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
Public-Key-Pins
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Pagespeed
X-Sol
X-Middleton-Display
Response
Display
X-Middleton-Response
X-Cache-TTL
X-DynaTrace
X-Ttl
X-Content-Type
X-D2id
X-Amz-Rid
TCN
X-NF-Request-ID
X-Abt-Application-Version
X-Vcap-Request-Id
X-CST
X-Cached
X-VARITI-CCR
X-Cdn
Pinterest-Generated-By
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-CACHE
X-ESI
X-Version
X-Navigation-Version
X-Fastly-Request-ID
X-Powered-CMS
X-Upstream
Cache-Tag
X-Server-Name
X-Pass-Why
Accept-Ch
X-Grace
X-Debug
X-Instart-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Access-Control-Request-Method
Charset
X-MSEdge-Ref
Nginx-Cache
X-XRDS-Location
X-Accel-Expires
Content-MD5
X-Element-Page-Cache
X-Mrf-Section-Lastmod
Accept-Ch-Lifetime
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Realpath
SPIisLatency
SPRequestDuration
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
S
Pinterest-Version
X-Pinterest-Rid
X-Jurisdiction
X-Hp-Webp
X-Oneagent-Js-Injection
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Trace
X-Kinsta-Cache
X-T
X-Client-IP
Fastcgi-Cache
X-Node-Name
X-Content-Digest
X-Logged-In
X-Cache-Key
X-NWS-LOG-UUID
TP-Cache
X-Mobile-URL
TP-L2-Cache
X-TTL
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
X-Frontend
Server-Node
X-Hostname
X-FastCGI-Cache
X-Cache-Age
ServerID
Front-End-Https
X-Amzn-Trace-Id
Fastly-Restarts
X-FTR-Cache-Status
X-Country-Code-Real
X-Forwarded-For
Edge-Cache-Tag
X-FTR-Expires
X-FTR-Realm
X-Goog-Metageneration
X-Goog-Generation
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Yandex-Sdch-Disable
Server-Name
Powered
PB-RID
Arc-Version
PB-PID
X-Request-Handler-Origin-Region
X-Microsite
X-Revision
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Hits
X-DIS-Request-ID
X-Server-ID
X-Page-Id
X-F-Cache
Filters
X-LB-Cache
X-Jobs
X-Akamai-Edgescape
X-Zen-Fury
DynaTrace
X-Ruxit-Js-Agent
X-Fastcgi-Cache
X-Correlation-Id
X-ORACLE-APMCS-REQUEST-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev
X-Mobile-Rewrite
X-Erf-Bev-Bev-Is-Generated
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Geo-Country
X-Origin-Server
Alternate-Protocol
X-Content-Powered-By
Accept-Charset
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-Daa-Tunnel
X-B
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Varnish-Backend
Cache-Tags
X-Rid
Retry-After
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Varnish-Grace
X-Type
X-Whom
DC
X-Git-Hash
Section-Io-Cache
Surrogate-Key
X-TT
X-Content-Options
Paypal-Debug-Id
X-App-Environment
X-Signature
X-Request-Guid
Host
X-FB-Debug
X-B-Cache
MicrosoftSharePointTeamServices
X-Via-JSL
X-Activity-Id
X-AppVersion
X-Az
Backend-Timing
X-ATS-Timestamp
X-Esi
X-Edge
X-Status
X-Debug-Info
Frame-Options
X-Ser
Fastcgi-Useragent
Actual-Object-TTL
X-ATG-Version
X-IPLB-Instance
Healthy
X-Endurance-Cache-Level
X-App-Server
X-Webkit-CSP
X-HTML-Minification-Powered-By
Srv
X-AOL-HN
X-Contextid
X-Amzn-RequestId
Nel
X-Cache-Action
X-Seen-By
X-ECACHE
X-B3-Sampled
Refresh
X-Pinterest-Direct
From-Origin
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Tumblr-Pixel
X-Tumblr-User
X-Accel-Buffering
X-Host-Name
X-Response-Served-From
X-Tumblr-Pixel-0
X-Cache-Rule
X-Protected-By
X-ProcessESI
X-RemovedCookies
X-Instance
X-Drupal-Cache-Tags
X-Cache-Operation
VIX-Pulpo-Node
X-MCACHE
X-Mid
X-Rendered-As
Content-Disposition
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Cacheable-TTL
X-Region
Datacenter
X-Time
X-WA-Info
X-Environment-Context
X-UUID
X-L-Path
Payment
X-FW-Hash
X-FW-Type
Eomportal-Instance
X-Rule
X-FW-Serve
X-FW-Server
X-Varnish-Server
X-FW-Static
X-FW-Dynamic
Countrycode
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
MS-CV
X-Release
Source
Uber-Trace-Id
X-Litespeed-Cache
X-Proxy
Xserver
X-Cached-By
X-Akamai-Request-ID2
X-Cache-Control
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Cache-Server
X-PressLabs-Stats
X-UnsetCookies
X-Mobile
X-GeoIP
X-PHP-Backend
Cache-Status
X-Akamai-Transformed
X-Azure-Ref
Access-Control-Request-Headers
X-NewRelic-App-Data
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Origin-Response-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-VCache
X-Air-Hostname
X-Wix-Request-Id
Accept-Language
X-SERVER-NAME
Version
X-NGENIX-Cache
X-Handled-By
X-Mode
X-Cache-NGX
X-Backend-Name
Liferay-Portal
X-Cluster
X-NWS-UUID-VERIFY
Cache
X-IPS-LoggedIn
X-Framework
X-XRDS-LOCATION
X-Correlation-ID
X-Tumblr-Pixel-1
X-CSRF-Token
X-Tumblr-Pixel-2
NGB
X-CCM
X-Cache-Var-Map
X-UA-Device-Type
X-UPSTREAM-Address
X-ApacheServer
X-Cache-Var
X-Adobe-Source
X-FireWall-Port
X-Proxied
X-PERF
X-Path-Route
Filterid
X-Cache-Remote
X-ES-SERVER
X-RateLimit-Limit
X-Via-Fastly
X-LJ-Flow-ID
Load-Balancing
Cross-Origin-Window-Policy
X-RN-RSRV
X-Locale
X-Zipkin-Id
X-VWS-Id
X-URL
X-AWS-Id
Meta-Geo
X-Routing-Service
Server-Info
X-Detected-As
X-Qloud-Router
DSUID
ServedBy
Mn-Server-Ip
X-Viewer-Country
X-MP-GENERATED-AT
X-Real-IP
X-Www-Served-By
Cache-Hits
X-Cache-Status-Check
X-TX-ID
X-Site-Version
Cleartype
X-Access
Section-Io-Origin-Time-Seconds
X-Cache-Config
Now
X-Format
X-Pubstack
Cache-Tv-Group
Section-Io-Origin-Status
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Section-Origin-Responded
Akamai-GRN
Cache-Name
Section-Io-Id
X-PCL
X-Storage
X-Say-Cacheable
X-Redis-Cache
X-Ua
X-Info
X-Say-TTL
X-Web-Node
X-SayCDN-TTL
X-Section
X-NCache
X-OCL
X-Human
X-IP
X-R9-Blue-Green-Version
X-PHP-Host
X-Origin-Hint
X-Shopify-Stage
Webcakes-Region
Property-Id
X-Geo
Webcakes-App-Name
X-BYPASS-REASON
Webcakes-App-Version
X-Bc-Bl
X-ServerID
X-FC-Vary-Parameters
X-ShardId
X-Alternate-Cache-Key
X-Varnish-Cache-Hits
X-ShopId
Fastly-SSL
X-Cache-Enabled
TWC-GeoIP-LatLong
TWC-Locale-Group
X-CS
X-Device-Type
X-EIG-Tracking-Id
TWC-GeoIP-Country
X-ProxyCache-Status
X-Hosted-By
TWC-Device-Class
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-Sorting-Hat-PodId
S-Rt
X-Sorting-Hat-ShopId
TWC-Privacy
X-FW-Version
Webserver
X-ProxyCache-Key
X-NYM-Debug-Backend
X-SaId
Selected-Fe
X-No-Session
X-Cache-Host
X-Time-Microsecs
X-Content-Age
X-Hl-Ver
X-Proxy-Build
X-FB-TRIP-ID
X-Origin
X-JoinUs
X-BCube-Filmed-By
X-Timing-Wait
X-Loop
X-TNCMS
X-From
X-RTag
X-Amzn-Remapped-Content-Length
X-Generated
X-Hyper-Cache
DB-Nickname
Ms-Operation-Id
Origin-Cache-Control
Ec-Rule-Version
Azure-Version
Azure-SlotName
Azure-RegionName
X-APP-VERSION
Azure-InstanceId
Azure-SiteName
X-Cache-2
X-Cache-TTL-Remaining
Origin-Edge-Control
X-Drupal-Cache-Contexts
Time
X-Xfnlog-Site
X-Unique-Id
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
Geo-Info
Apigw-Requestid
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-RequestSource
Country
X-Vcache
X-Pad
X-Presslabs-Stats
X-Source
X-Old-Content-Length
X-Varnish-Hostname
X-Cluster-Node
User-Agent
X-EC-Lua
X-Debug-Cache
X-App-Version
Upgrade-Insecure-Requests
X-Cache-NE
FilterID
X-Soup
X-Akamai-Request-ID
X-RCS-CacheZone
X-Proto
X-Tb
X-Parent-Response-Time
X-Cache-Backend
X-CDN-Forward
Proxy-Connection
X-Backend-TTL
X-DC
X-Cache-PHP
X-Cache-Grace
X-SRV
X-Storefront-Renderer-Rendered
X-App
X-Proxy-Cache-Status
X-Forwarded-Host
Cache-Key
LB
X-G
X-DevSite-Last-Modified
X-VG-WebCache
X-B-Cookie
X-External-Request-Id
X-Uri
X-Dispatch
Content-Script-Type
X-Application
Fastcgi-X-Cache-Version
X-Tumblr-Pixel-3
Content-Style-Type
X-Geo-Header
True-Client-Country-4JS
MD5-Digest
X-ARC
UCS
X-Connection-Hash
X-CF-Lambda-Version
AsisCache
BehaviorPad-Version
M-TraceId
X-CF-Lambda-Fn
Machine
Xc-Version
Meta-Geo-Continent
Arc-Country
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-Destination
X-Developer
VivaBuild
X-Date
X-D
X-Vtex-Processado-Em
X-VG-WebServer
T-Server
Viewtype
ServerName
X-S-Cookie
X-Scheme
X-ScT
X-SD-PageType
X-S
X-Rojux
Who
X-A
X-Rewrite-Enabled
Rendered-Blocks
X-Newrelic-Synthetics
X-SRCache-Key
X-Swa-Ws
X-Trace-Id
IsBot
X-Transaction
X-Trv-Group
X-Session-Fingerprint
X-SIPLIST1
X-Twitter-Response-Tags
X-A-Wwc
X-Response-By
GEO-REGION-INFO
X-PAYTM-SRV-ID
X-A-Dgt
X-NodeID
FNAC-ModuleRouting
X-Method
X-FORWARDED-FOR
X-Nginx-Cache-Key
X-A-Ccd
X-Vdms-Version
X-Region-Sid
X-Processor
N-Cache
X-A-Dcw
X-Aed
X-Accel-Expires-Debug
X-Vdms-Path
X-A-Dam
X-Nc
X-Srv
X-Origin-CC
X-Magnolia-Registration
User-Cache-Control
X-Origin-TTL
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
Server-Host
RNT-Machine
RNT-Time
Server-Ext
Release
Pagetype
NGX
NM-Fastcgi-Cache
On-Server
Server-Hostname
Sever-Int
Viewport
Vix-Hermes-Req-Id
We-Hiring
V-Age
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Web-Mar-Node
X-Generated-On
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Req
X-Reqid
X-Policy
X-Owner
X-Logging-Id
X-Matched-Rule
X-Micro-Cache
X-Node-Id
X-ServiceProvider
X-Skip-Cache
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Worker
X-VC-Cache
X-Varnish-Cacheable
X-SN
X-Thanos
X-Thinkindot-L3
X-User
X-Loc
X-Level-Front-Cache
X-Cache-Info
X-Cache-URL
X-Clara-WADP
X-Cms-Context
X-Cache-FS-Status
X-Cache-Bucket
X-Agile-Age
X-Agile-Id
X-Backend-State
X-Block-Status
X-Compress-Hint
X-Developers
X-Generation-Time
X-Hash
X-Hnp-Log
X-LAGOON
X-Generated-In
X-Gen-Mode
X-Device-Os
X-Dispatcher-Server
X-Fmm-Version
X-Agile
X-Bip
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
CacheControlHeader
CDCHOST
X-AIR-PT
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
AKAMAI
X-NC
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
OT-Force-Account-Verify
Mail-Subject
Magicmarker
Kp-EeAlive
X-Hit
X-Cluster-Name
X-Mvc-Supplant-Cachable
X-NU-AKA-ACS-Version
X-Gzip
X-Location
X-Has-Esi
X-Slack-Backend
X-Cache-Id
X-Irp-Debug
X-Auto-Login
X-Var-Ttl
X-Variation
X-JWT-State
X-BBXSRF
X-TH-Server
X-Is-Gdpr
X-Servername
X-Origin-Date
X-Rebelmouse-Surrogate-Control
X-Core-Value
X-Core-Mission
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Envoy-Decorator-Operation
X-Distributor
X-Distil-CS
X-Esi-Check
X-Request-Host
X-Server-W
X-Cache-Tags
X-Epic-Correlation-Id
Referer-Policy
X-CGP
X-Eu-Site
X-Clientip
X-Request-UUID
X-Fastly-Cache
X-TrackingId
Fastly-SWR
X-We-Are-Hiring
X-Webstats-RespID
Fastly-SIE
Fastly-Drupal-HTML
C-Via
X-Be
X-VServer
Gh-Request-Id
Rt-Fastcgi-Cache
Platform
Is-Eu
L5d-Success-Class
HA-Ipaddr
X-SVT-ORM-VERSION
Ha-Gx-Prefs
X-SVT-ORM-RULES
W
Sid
Node
Adler-Geo
X-VG-TLSProxy
X-Li-Pop
X-Reboot
X-Backend-Host
X-LI-Proto
X-LI-UUID
X-Edge-Location
X-TA-CDN-Provider
X-Varnish-Authentication
X-Key
Cf-Ipcountry
X-Contensis-Viewer-Groups
X-GoCache-CacheStatus
X-Cache-ASPX
Memcached
X-Li-Fabric
X-Varnish-Beresp-Status
S-Cnection
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Pragrma
X-Branch-Name
X-Configured-By
X-Cache-Debug
X-Dc
MIME-Version
HostName
X-Wa
NR-ENABLED
X-Cdn-Forward
WPE-Backend
X-Refresh
X-Varnish-URL
X-Instart-Info
X-Microcachable
X-BC
X-Via-CDN
X-ZONE
X-Up
X-Servedbyhost
X-Via-PopV
GEO-INFO
X-Via-PopH
Fastly-Backend-Name
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-UA
X-Mvc-Supplant-OutputCached
X-Nginx-Cache
X-Minions-Version
X-Ms-Request-Id
X-Ms-Version
X-TT-TIMESTAMP
X-Batcache
X-Ua-Device
X-MSEdge-Features
X-ElasticPress-Query
X-MSEdge-Flight
X-Vgn-Hpd-Reason
Memory
X-B3-Traceid
X-Aicache-OS
NtCoent-Length
Esi-Enabled
X-Bc
X-Zone
X-Sucuri-ID
X-Pjax-Url
X-ND-Cache
Server-ID
X-App-Name
L
X-BACKEND-TTL
X-VCL-Version
X-TIME
CACHE
X-Unique-ID
Cache-Host
DCR-Processing-Time-Ms
X-Debug-Panamera-Sitecode
X-Server-IP
DCR-Decision-By
X-Debug-Panamera-Host
Ohc-File-Size
X-Fastly-Cache-Status
X-CF-Powered-By
X-PF-Uncompressing
X-Cdn-Srv
X-Svr
Pramga
X-COUNTRY
Powered-By-ChinaCache
Tracecode
X-Client-Ip
GeoIP-Country-Code
FSS-Cache
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
HitType
Server-Cache-Control
Location
X-FPC
X-Oss-Hash-Crc64ecma
X-Generated-By
Server-Surrogate-Control
X-Webkit-Csp
GeoIP-Latitude
X-Oss-Server-Time
X-Ratelimit-Reset
X-BE
X-Varnishpool
Hostname
X-S-Maxage
Ohc-Response-Time
X-GEO
Resin-Trace
X-LB-ID
X-Azure-Ref-OriginShield
X-Sucuri-Cache
X-Rocket-Nginx-Bypass
X-VCT
X-Check-Cacheable
X-Original-Request-Id
X-VarnishDD-TTL
X-OVcl-Cache
PFcat
X-Varnish-Ttl
X-OVcl
Cteonnt-Length
X-Fastly-Country-Code
X-Instart-Isnd
Request-EU
Heartbleed
X-Fpc
Request-Country
X-Fastly-Backend-Reqs
Locid
X-Varnish-Hits
Cdn-Host
X-Vgn-Hpd-Variations-Key
X-Edge-Server
Cdn-Request-Time
X-HS-Status
X-Platform
X-Request-URI
X-Cache-Expired-At
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Render-Time
X-VHOST
X-Newrelic-App-Data
X-PJAX-URL
Lfy
GeoIp-Country-Code
Geoip-Latitude
CF-Cached-On
X-CSRF-TOKEN
X-CUA
X-Vcl-Version
X-Gamma-Serve
SRV
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Remaining
X-Pf-Uncompressing
Pics-Label
SN
Epwk-X-Cache
X-Shopify-Generated-Cart-Token
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-WebServer
X-Ftr-Cache-Host
X-CACHE-AGE
WZWS-RAY
X-StackifyID
Backend-Name
X-ECache
X-RunCloud-Cache
Backend
Product
WWW-Authenticate
X-CACHE-KEY
X-Proxy-Upstream
X-NGINX-Cache
X-Varnish-Url
My-App
X-ServedByHost
X-Amzn-Remapped-Date
X-Via-Popv
X-Sn-Servicetimems
X-Ftr-Request-Id
X-Ratelimit-Limit
X-Cdn-Origin
X-Csrf-Jwt
X-Fetched-On
X-Via-Poph
Mime-Version
XServer
URI
X-Amzn-Remapped-Connection
X-Tec-Api-Version
X-Oss-Cdn-Auth
A
X-GeoIP-Country-Code
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Tec-Api-Root
Ohc-Cache-HIT
X-Sigma-Backend
X-Request-Time
X-Debug-Cache-Store
Dt-Cache-Category
X-Rocket-Build-Number
X-Sigma
X-B3-SpanId
X-Debug-Cache-Fetch
Lb
Server-Ttl
X-WA
Host-ID
X-Cache-Tag
PICS-Label
Cloudfront-Viewer-Country
X-Request-Start
X-Debug-Cache-Bypass
X-B3-Spanid
X-Debug-Cache-Status
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-Tb-Optimization-Total-Bytes-Saved
X-Ftr-Realm
X-Ftr-Backend
SID
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
X-LiteSpeed-Cache-Control
X-Debug-Cache-String
X-Nananana
X-Cache-Version
X-Swift-Error
X-Served-From
X-Apw-Access-Action
X-Varnish-Beresp-TTL
X-Apw-Access-Token
X-Apw-Hits
X-DPWN-IS-SECURE
X-Apw-Access-Object
Cneonction
Cdn
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
Group
CF-IPCountry
Proxy-Firewall
X-Cache-Hfrom
X-Snapshot-Date
X-ServerName
FSS-Proxy
Warning
Dnion-Transfer-Encoding
X-ElasticPress-Search
X-Html-Edge-Cache
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-WR-MODIFICATION
X-Request-URL
X-Cache-Hm
X-Varnish-ID
X-VC
Inserted-Into-Cache-At