Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Origin-Cache
X-Host
Surrogate-Control
X-Vhost
X-Device
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Node
X-Backend-Server
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
X-Rack-Cache
RTSS
Accept-CH
Edge-Control
X-Url
MS-Author-Via
X-Clacks-Overhead
Accept-CH-Lifetime
X-Px
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-Use-Magma
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-B3-TraceId
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
Pagespeed
Display
X-Amz-Server-Side-Encryption
X-Middleton-Display
Response
X-Sol
X-Middleton-Response
X-MS-InvokeApp
X-Content-Type
X-Cache-TTL
X-DynaTrace
X-Cdn
X-D2id
X-CST
X-Ttl
X-NF-Request-ID
X-Amz-Rid
X-Vcap-Request-Id
X-VARITI-CCR
TCN
X-Abt-Application-Version
X-Cached
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-CACHE
AR-ATIME
Pinterest-Generated-By
X-ESI
X-Powered-CMS
X-Upstream
X-Version
X-Navigation-Version
Accept-Ch
X-Debug
Cache-Tag
X-Fastly-Request-ID
X-Server-Name
X-Grace
X-Instart-Request-ID
Accept-Ch-Lifetime
Access-Control-Request-Method
X-XRDS-Location
Charset
X-Element-Page-Cache
X-MSEdge-Ref
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-TEC-API-ROOT
X-TEC-API-VERSION
Realpath
X-TEC-API-ORIGIN
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Jurisdiction
X-Hp-Webp
SPRequestDuration
SPIisLatency
X-Pinterest-Rid
X-Amz-Meta-S3cmd-Attrs
Pinterest-Version
X-Recruiting
X-Id
X-SharePointHealthScore
SPRequestGuid
X-Dw-Request-Base-Id
S
X-Kinsta-Cache
X-T
X-Content-Digest
X-Cache-Key
X-Logged-In
Fastcgi-Cache
X-Trace
X-TTL
X-Node-Name
X-NWS-LOG-UUID
X-FastCGI-Cache
TP-L2-Cache
TP-Cache
X-Hostname
ServerID
Fastly-Restarts
X-Oneagent-Js-Injection
X-Mobile-URL
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
X-Cache-Hit
Front-End-Https
Server-Node
X-Frontend
X-Cache-Age
X-Server-ID
X-Client-IP
X-Forwarded-For
X-Yandex-Sdch-Disable
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
Edge-Cache-Tag
Powered
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Server-Name
PB-RID
PB-PID
Arc-Version
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Ah-Environment
X-Hits
X-DIS-Request-ID
X-Akamai-Edgescape
X-Page-Id
X-F-Cache
X-LB-Cache
X-Revision
Filters
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Jobs
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-Content-Powered-By
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Geo-Country
X-Varnish-Age
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
X-N
Accept-Charset
X-Ruxit-Js-Agent
X-FTR-Cache-Host
Cache-Tags
X-Ser
X-B
X-Varnish-Backend
X-Type
X-Fastcgi-Cache
X-Varnish-Grace
Paypal-Debug-Id
DC
X-Rid
X-Amz-Replication-Status
X-Git-Hash
Surrogate-Key
X-Esi
Retry-After
X-RateLimit-Remaining
X-WebKit-CSP-Report-Only
X-B-Cache
Host
Section-Io-Cache
X-Whom
X-App-Environment
X-Content-Options
X-Signature
X-FB-Debug
X-Request-Guid
X-TT
X-Activity-Id
X-Edge
X-Az
X-AppVersion
X-IPLB-Instance
Fastcgi-Useragent
X-Debug-Info
X-Endurance-Cache-Level
X-Status
Frame-Options
Actual-Object-TTL
X-Via-JSL
Healthy
Nel
X-HTML-Minification-Powered-By
X-ATG-Version
Srv
MicrosoftSharePointTeamServices
X-Release
Content-Disposition
X-AOL-HN
X-Contextid
Refresh
X-Cache-Action
X-App-Server
X-Amz-Apigw-Id
X-ATS-Timestamp
Backend-Timing
X-Amzn-RequestId
X-Seen-By
X-ECACHE
From-Origin
Access-Control-Allow-Method
X-B3-Sampled
X-Protected-By
X-Pinterest-Direct
X-Response-Served-From
X-Accel-Buffering
X-Cache-Rule
X-Cache-Operation
X-RemovedCookies
X-Region
X-MCACHE
X-Mid
X-ProcessESI
Odigeo-Trace-Id
X-Is-Bot
VIX-Pulpo-Node
X-Tumblr-User
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Rendered-As
X-Cacheable-TTL
X-FW-Type
X-Instance
X-FW-Static
X-WA-Info
X-FW-Serve
X-L-Path
X-Upgrade-Enabled
X-FW-Dynamic
Uber-Trace-Id
X-UUID
X-FW-Server
X-FW-Hash
X-Environment-Context
Eomportal-Instance
X-Cache-Time
X-Rule
X-Varnish-Server
Payment
X-Drupal-Cache-Tags
X-Adobe-Loc
Countrycode
MS-CV
X-Adobe-Content
X-Host-Name
X-Litespeed-Cache
X-Proxy
Datacenter
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Cached-By
X-Time
X-Mobile
X-Cache-Server
X-NewRelic-App-Data
Source
X-PHP-Backend
X-Cache-Control
X-Load-Cache
X-UnsetCookies
Access-Control-Request-Headers
X-Azure-Ref
Server-Info
X-Air-Hostname
X-Correlation-ID
Accept-Language
Xserver
X-SERVER-NAME
X-NGENIX-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Backend-Name
X-GeoIP
X-Cache-NGX
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Handled-By
X-Presslabs-Stats
X-Akamai-Transformed
Liferay-Portal
X-Pass-Why
X-NWS-UUID-VERIFY
X-Webkit-CSP
X-Framework
X-Mode
Version
X-Unique-Id
X-Wix-Request-Id
Filterid
X-URL
X-RateLimit-Limit
X-FireWall-Port
X-CSRF-Token
X-APP-VERSION
Load-Balancing
X-Zipkin-Id
Meta-Geo
X-UPSTREAM-Address
X-UA-Device-Type
X-ES-SERVER
X-Via-Fastly
X-RN-RSRV
X-Locale
X-VWS-Id
X-LJ-Flow-ID
Cache-Status
X-AWS-Id
Cross-Origin-Window-Policy
X-Path-Route
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-Proxied
X-PERF
X-ApacheServer
X-Routing-Service
X-Adobe-Source
X-Vcache
X-Section
X-Format
X-NCache
X-Pubstack
Cache-Hits
Mn-Server-Ip
X-Real-IP
DSUID
X-IP
X-MP-GENERATED-AT
X-Qloud-Router
Now
X-Tumblr-Pixel-1
X-Viewer-Country
X-Cluster
ServedBy
X-Site-Version
Cache
X-Www-Served-By
X-Access
Akamai-GRN
X-Detected-As
X-Tumblr-Pixel-2
X-TX-ID
X-Cache-Status-Check
Decoy-Debug-Status
Webcakes-Region
Decoy-Debug-TTL
X-Amzn-Remapped-Content-Length
Apigw-Requestid
DB-Nickname
Cleartype
Cache-Tv-Group
Cache-Name
X-Cache-Config
Decoy-Debug-Key
X-CS
Property-Id
X-Device-Type
S-Rt
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
TWC-Connection-Speed
TWC-Device-Class
Section-Io-Origin-Status
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Say-Cacheable
X-SayCDN-TTL
X-PCL
X-R9-Blue-Green-Version
X-Say-TTL
X-Storage
X-Web-Node
X-Varnish-Cache-Hits
X-OCL
X-Origin-Hint
X-ServerID
X-Info
X-Redis-Cache
X-FW-Version
X-Hyper-Cache
X-Human
X-ShopId
X-BYPASS-REASON
X-EIG-Tracking-Id
X-NYM-Debug-Backend
X-ProxyCache-Key
X-Shopify-Stage
X-Cache-Host
X-IPS-LoggedIn
X-Origin
X-Sorting-Hat-ShopId
X-Bc-Bl
X-Cache-Enabled
X-Cache-2
X-Time-Microsecs
Fastly-SSL
X-Labrador-Cache-Channel
X-Alternate-Cache-Key
X-Hosted-By
X-ProxyCache-Status
X-ShardId
X-FC-Vary-Parameters
X-PHP-Host
Webserver
X-Sorting-Hat-PodId
X-Proxy-Build
X-BCube-Filmed-By
X-Content-Age
X-Timing-Wait
Selected-Fe
X-JoinUs
X-SaId
X-Hl-Ver
Azure-SlotName
Azure-Version
Azure-SiteName
X-Loop
X-FB-TRIP-ID
Azure-InstanceId
Azure-RegionName
X-TNCMS
X-From
X-Urbn-Site-Id
Origin-Cache-Control
X-RTag
Ms-Operation-Id
Locale
X-Urbn-Context-Path
X-Cache-Remote
NGB
X-VCache
X-No-Session
Ec-Rule-Version
X-Ua
X-XRDS-LOCATION
X-Generated
X-Geo
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-PressLabs-Stats
Origin-Edge-Control
X-EC-Lua
Time
X-Xfnlog-Site
X-Backend-TTL
X-Debug-Cache
X-Storefront-Renderer-Rendered
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
Country
X-Soup
X-SRV
X-Pad
X-Source
X-NC
X-Varnish-Hostname
X-Proto
X-Old-Content-Length
Upgrade-Insecure-Requests
X-Cluster-Node
X-Tb
X-Akamai-Request-ID
X-Cache-PHP
GEO-INFO
X-TA-CDN-Provider
Referer-Policy
X-App-Version
Proxy-Connection
Cache-Key
User-Agent
X-Parent-Response-Time
X-RCS-CacheZone
X-RequestSource
X-Cache-NE
X-App
X-Client-Ip
LB
X-DC
X-Cache-Backend
X-FORWARDED-FOR
X-Magnolia-Registration
X-Origin-CC
NGX
X-Origin-TTL
Geo-Info
M-TraceId
X-Vdms-Path
Machine
X-Vdms-Version
Arc-Country
AKAMAI
X-VG-WebServer
T-Server
GEO-REGION-INFO
Who
IsBot
VivaBuild
Viewtype
True-Client-Country-4JS
UCS
AsisCache
Rendered-Blocks
CacheControlHeader
Mobile-Detection-Method
X-VG-WebCache
X-Vtex-Processado-Em
X-SRCache-Key
Content-Style-Type
Content-Script-Type
X-Vtex-Remote-Cache
N-Cache
Pragrma
MD5-Digest
On-Server
FNAC-ModuleRouting
BehaviorPad-Version
X-A
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
X-PAYTM-SRV-ID
X-NodeID
X-Trace-Id
X-Processor
X-Region-Sid
X-Nginx-Cache-Key
X-Method
X-Trv-Group
X-Transaction
X-Generation-Time
X-Geo-Header
X-Response-By
X-Rewrite-Enabled
X-SD-PageType
X-SVT-ORM-VERSION
X-SIPLIST1
X-SVT-ORM-RULES
X-ScT
X-Scheme
X-Swa-Ws
X-Rojux
X-S
X-S-Cookie
X-G
X-Twitter-Response-Tags
X-Application
X-ARC
X-B-Cookie
X-Cache-Grace
X-Aed
X-Accel-Expires-Debug
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-CF-Lambda-Fn
X-Cms-Context
X-DevSite-Last-Modified
X-Dispatch
X-Edge-Location
X-External-Request-Id
X-Developers
X-Developer
X-Connection-Hash
X-D
X-Date
X-Destination
X-A-Ccd
Meta-Geo-Continent
Xc-Version
X-AIR-PT
FilterID
OT-Force-Account-Verify
Node
User-Cache-Control
X-Proxy-Cache-Status
X-Tumblr-Pixel-3
X-Distributor
X-Agile-Age
X-Auto-Login
X-Agile-Id
X-Cache-Bucket
X-Clara-WADP
X-Compress-Hint
X-Cache-URL
X-Cache-Info
X-Block-Status
X-Cache-FS-Status
X-Backend-State
Wxu-Next-Hostname
Sever-Int
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-VC-Cache
Server-Hostname
Server-Ext
Server-Host
Thinkindot-Control
X-Varnish-Cacheable
Web-Mar-Node
Wxu-Next-Commit
Wxu-Next-Region
We-Hiring
Vix-Hermes-Req-Id
V-Age
Viewport
X-Agile
X-Dispatcher-Server
X-Policy
X-Thanos
X-RateLimit-Limit-Second
X-Thinkindot-L3
X-Owner
X-Micro-Cache
X-Node-Id
X-RateLimit-Remaining-Second
X-Req
X-ServiceProvider
X-Skip-Cache
X-SN
X-Servername
X-Server-W
X-Reqid
X-Forwarded-Host
X-Matched-Rule
X-Logging-Id
X-Generated-In
X-Generated-On
X-Has-Esi
X-Gen-Mode
X-Fmm-Version
X-User
X-Uri
X-Hnp-Log
X-Is-Gdpr
X-Loc
X-Location
X-Level-Front-Cache
X-LAGOON
X-JWT-State
X-Key
X-Device-Os
X-Bip
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
MIME-Version
NM-Fastcgi-Cache
Apple-News-Services-Handled
X-Wikidot-Backend
Mail-Subject
X-Wikidot-Static-Cache
Gh-Request-Id
Kp-EeAlive
CDCHOST
Magicmarker
X-WADP-Cache
X-Worker
Release
Pagetype
X-Cluster-Name
X-Hit
X-B3-Traceid
Fastly-SIE
Fastly-SWR
Ha-Gx-Prefs
Fastly-Drupal-HTML
X-Epic-Correlation-Id
X-Esi-Check
X-Fastly-Cache
X-Eu-Site
X-Core-Value
X-CGP
X-Var-Ttl
X-Cache-Tags
X-Cache-Id
X-Slack-Backend
X-Clientip
X-Varnish-Beresp-Status
X-VServer
X-Contensis-Viewer-Groups
X-Varnish-Beresp-Ttl
X-Request-UUID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Mvc-Supplant-Cachable
X-NU-AKA-ACS-Version
X-Origin-Date
Adler-Geo
X-Varnish-Beresp-Grace
X-Origin-Expires
X-Webstats-RespID
X-Request-Host
X-Hash
X-We-Are-Hiring
X-Gzip
X-Irp-Debug
C-Via
X-Cache-ASPX
X-TH-Server
X-TrackingId
X-Envoy-Decorator-Operation
X-Varnish-Authentication
Is-Eu
Platform
X-Variation
ServerName
W
L5d-Success-Class
X-VG-TLSProxy
X-Backend-Host
HA-Ipaddr
Rt-Fastcgi-Cache
X-BBXSRF
X-Newrelic-Synthetics
X-LI-UUID
X-Via-CDN
X-LI-Proto
X-Li-Pop
X-Li-Fabric
Memcached
X-Core-Mission
X-Distil-CS
Fastly-Backend-Name
X-Up
X-Reboot
X-GoCache-CacheStatus
X-Session-Fingerprint
X-ZONE
X-BC
X-Dc
RNT-Machine
X-Minions-Version
X-Wa
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
RNT-Time
Cache-Cookie-Set-Lfrom
X-Be
Sid
X-Srv
X-ElasticPress-Query
X-Varnish-URL
X-Aicache-OS
X-Configured-By
X-Refresh
X-Batcache
X-UA
X-Branch-Name
X-Cache-Debug
Cf-Ipcountry
X-Nc
X-Servedbyhost
Hostname
X-Ua-Device
X-TIME
DCR-Decision-By
DCR-Processing-Time-Ms
CACHE
X-Nginx-Cache
X-Mvc-Supplant-OutputCached
S-Cnection
Pramga
X-Via-PopV
Memory
X-Ratelimit-Reset
X-Fastly-Cache-Status
X-Instart-Info
X-Varnishpool
X-Via-PopH
HostName
X-VCL-Version
Location
HitType
X-MSEdge-Flight
X-Original-Request-Id
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-ND-Cache
X-PF-Uncompressing
X-MSEdge-Features
X-BE
X-Sucuri-ID
X-Ms-Request-Id
X-TT-TIMESTAMP
X-Microcachable
X-Ms-Version
X-Sucuri-Cache
X-LB-ID
Esi-Enabled
X-FPC
X-Pjax-Url
X-COUNTRY
X-Debug-Panamera-Sitecode
Powered-By-ChinaCache
X-GEO
X-Check-Cacheable
X-Cdn-Forward
NtCoent-Length
X-Debug-Panamera-Host
X-CF-Powered-By
X-Zone
X-Bc
X-OVcl
GeoIP-Country-Code
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
PFcat
X-Oss-Request-Id
X-VarnishDD-TTL
X-Oss-Hash-Crc64ecma
X-OVcl-Cache
GeoIP-Latitude
X-Vgn-Hpd-Cached
L
Server-ID
X-Vgn-Hpd-Ssi
X-Webkit-Csp
X-Vgn-Hpd-Variations-Key
X-Azure-Ref-OriginShield
X-App-Name
X-Instart-Isnd
Resin-Trace
FSS-Cache
Ohc-File-Size
X-Render-Time
X-Platform
X-Cdn-Srv
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
X-Server-IP
Cache-Host
X-Generated-By
Server-Cache-Control
X-Varnish-Ttl
X-Svr
Server-Surrogate-Control
X-BACKEND-TTL
X-HS-Status
X-CUA
X-S-Maxage
X-Ratelimit-Remaining
X-Unique-ID
Pics-Label
Cteonnt-Length
X-CSRF-TOKEN
X-PJAX-URL
X-VHOST
Ohc-Response-Time
GeoIp-Country-Code
Geoip-Latitude
X-Rocket-Nginx-Bypass
X-Fpc
X-Fastly-Country-Code
X-Cache-Expired-At
Epwk-X-Cache
Tracecode
CF-Cached-On
X-RunCloud-Cache
Backend-Name
Backend
X-Newrelic-App-Data
SRV
X-Tec-Api-Root
X-Varnish-Hits
X-Tec-Api-Version
X-Tec-Api-Origin
X-VCT
X-Edge-Server
Heartbleed
Request-EU
Amp-Access-Control-Allow-Source-Origin
SN
X-Pf-Uncompressing
Cdn-Host
Locid
X-Vcl-Version
Request-Country
Cdn-Request-Time
X-Csrf-Jwt
X-NGINX-Cache
X-Ratelimit-Limit
X-Via-Poph
X-Oracle-Dms-Rid
X-CACHE-AGE
XServer
X-CLOUD-TRACE-CONTEXT
X-Request-URI
X-Via-Popv
X-StackifyID
X-Rocket-Build-Number
X-ECache
X-Sigma
X-Gamma-Serve
X-Sigma-Backend
X-CACHE-KEY
Lfy
WWW-Authenticate
X-Request-Time
CF-IPCountry
X-ServedByHost
X-Varnish-Url
X-Amzn-Remapped-Date
X-Nananana
Host-ID
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
X-DPWN-IS-SECURE
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
X-Fastly-Request-Id
NR-ENABLED
WPE-Backend
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Country-Code
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-WebServer
URI
X-Apw-Hits
Lb
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
PICS-Label
SID
Product
X-Debug-Cache-Bypass
X-Cache-Tag
X-Debug-Cache-Status
X-Debug-Ysi-Auth
Cloudfront-Viewer-Country
X-Debug-Cache-String
X-B3-Spanid
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
X-Via-Ucdn
X-Shopify-Generated-Cart-Token
CDN-PullZone
CDN-EdgeStorageId
X-LiteSpeed-Cache-Control
X-Proxy-Upstream
CDN-Cache
CDN-CachedAt
Server-Ttl
X-Cache-Version
X-Fetched-On
X-Cdn-Origin
Cneonction
X-Acquia-Application-UUID
X-Tb-Optimization-Total-Bytes-Saved
Dnion-Transfer-Encoding
X-Acquia-Purge-Tags
X-Acquia-Site
X-Sn-Servicetimems
X-Acquia-Application-Trace
DataCenter
WZWS-RAY
Proxy-Firewall
X-WA
X-Amz-Meta-Cb-Modifiedtime
Ohc-Cache-HIT
Surrogated-Key
My-App
X-APP
X-Lb-Id
X-Fastly-Cache-Hits
Cf-Alt-Svc
X-SB
X-Varnish-Beresp-TTL
X-Dw-Trace-Id
Group
X-GeoIP-Country-Code
X-VC
X-Swift-Error
X-WR-MODIFICATION
X-ElasticPress-Search
X-Request-URL
A
Inserted-Into-Cache-At
FSS-Proxy
X-IN-APIGATEWAY
X-Html-Edge-Cache
X-Snapshot-Date
Warning
X-IN-APIGATEWAYSSL