Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
CF-Ray
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Backend
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-Mod-Pagespeed
Content-Location
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
Allow
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Rack-Cache
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-Pass-Why
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
X-B3-TraceId
Service-Worker-Allowed
X-Varnish-TTL
Public-Key-Pins
X-GitHub-Request-Id
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Display
X-Middleton-Response
Response
Pagespeed
X-Middleton-Display
X-Sol
X-Forwarded-Proto
X-DynaTrace
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Ttl
X-Amz-Rid
TCN
X-CST
X-Abt-Application-Version
X-NF-Request-ID
X-Content-Type
X-Vcap-Request-Id
X-Cached
X-VARITI-CCR
Pinterest-Generated-By
Accept-Ch
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Navigation-Version
Cache-Tag
AR-CACHE
Ar-Sid
X-Fastly-Request-ID
X-ESI
X-Version
X-Server-Name
X-Instart-Request-ID
Accept-Ch-Lifetime
X-Powered-CMS
X-Upstream
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Grace
Access-Control-Request-Method
Host-Header
X-Debug
X-MSEdge-Ref
X-Accel-Expires
Charset
X-XRDS-Location
Nginx-Cache
SPRequestDuration
SPIisLatency
Content-MD5
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
S
Mrf-Cache-Status
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Element-Page-Cache
SPRequestGuid
X-SharePointHealthScore
Realpath
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
X-FastCGI-Cache
X-Client-IP
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
Pinterest-Version
X-Pinterest-Rid
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Trace
X-Kinsta-Cache
X-Node-Name
X-T
Fastcgi-Cache
X-Content-Digest
X-Server-ID
X-Logged-In
X-TTL
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Cache-Key
X-Cache-Age
X-Frontend
X-Cache-Hit
ServerID
X-Hostname
X-Amzn-Trace-Id
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
Front-End-Https
Edge-Cache-Tag
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
Server-Name
X-Forwarded-For
Fastly-Restarts
Arc-Version
PB-RID
PB-PID
X-Yandex-Sdch-Disable
Powered
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
X-DIS-Request-ID
X-User-Agent
X-Content-Security-Policy-Report-Only
Filters
X-Zen-Fury
X-Revision
X-Jobs
X-Ruxit-Js-Agent
X-Page-Id
X-F-Cache
X-Akamai-Edgescape
X-Hits
X-LB-Cache
X-Mobile-Rewrite
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Accept-Charset
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
X-Cdn
X-Origin-Server
X-Varnish-Age
Backend-Timing
X-ATS-Timestamp
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-N
X-B
X-FTR-Cache-Host
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
X-Daa-Tunnel
MicrosoftSharePointTeamServices
X-Varnish-Backend
Cache-Tags
X-Rid
X-Fastcgi-Cache
X-Activity-Id
X-AppVersion
X-Az
X-WebKit-CSP-Report-Only
X-Type
X-RateLimit-Remaining
X-Esi
X-FB-Debug
Surrogate-Key
X-Amz-Replication-Status
X-TT
X-Signature
DC
Retry-After
X-B-Cache
X-Whom
Section-Io-Cache
X-Debug-Info
X-Varnish-Grace
X-Git-Hash
X-ATG-Version
X-App-Environment
Paypal-Debug-Id
X-Status
Host
X-Edge
X-Content-Options
X-Ser
Frame-Options
Actual-Object-TTL
X-App-Server
X-Request-Guid
Fastcgi-Useragent
X-Amzn-RequestId
X-IPLB-Instance
Healthy
X-Contextid
X-AOL-HN
Nel
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Cache-Action
X-Seen-By
Srv
X-ECACHE
X-B3-Sampled
X-Pinterest-Direct
X-Host-Name
X-PressLabs-Stats
Refresh
From-Origin
X-Upgrade-Enabled
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Drupal-Cache-Tags
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Instance
X-Cache-Rule
X-ProcessESI
X-RemovedCookies
X-Accel-Buffering
X-Response-Served-From
X-Cache-Operation
Source
X-Mid
VIX-Pulpo-Node
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-MCACHE
X-Region
X-Environment-Context
MS-CV
X-Rule
Payment
X-UUID
X-L-Path
X-Protected-By
Eomportal-Instance
X-Time
X-FW-Hash
X-Varnish-Server
X-Cacheable-TTL
X-Rendered-As
X-WA-Info
X-FW-Serve
X-Is-Bot
Datacenter
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-FW-Server
Countrycode
Content-Disposition
X-Cache-Time
X-Adobe-Content
X-Adobe-Loc
Cache-Status
X-Litespeed-Cache
Xserver
X-Cache-Control
X-Cache-Server
X-VCache
X-GeoIP
X-Akamai-Request-ID2
Uber-Trace-Id
X-Proxy
X-UnsetCookies
X-Cached-By
X-EdgeConnect-Cache-Status
X-Akamai-Transformed
X-Load-Cache
X-SERVER-NAME
X-Release
X-Correlation-ID
X-Yottaa-Optimizations
X-Wix-Request-Id
X-Yottaa-Metrics
X-Mobile
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Origin-Response-Time
Version
X-Azure-Ref
X-Mode
Access-Control-Request-Headers
X-PHP-Backend
X-Cluster
NGB
X-Handled-By
X-NWS-UUID-VERIFY
X-NGENIX-Cache
Accept-Language
X-IPS-LoggedIn
X-NewRelic-App-Data
X-URL
X-Cache-NGX
X-Backend-Name
X-Air-Hostname
X-Ua
Liferay-Portal
Filterid
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-APP-VERSION
X-Cache-Remote
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-AWS-Id
Cross-Origin-Window-Policy
X-FireWall-Port
Load-Balancing
Meta-Geo
X-Adobe-Source
X-ApacheServer
X-Cache-Status-Check
X-PERF
X-UA-Device-Type
X-UPSTREAM-Address
X-VWS-Id
X-Proxied
X-ES-SERVER
X-CSRF-Token
X-Routing-Service
X-RN-RSRV
X-Zipkin-Id
X-Via-Fastly
X-No-Session
X-Path-Route
X-LJ-Flow-ID
X-RequestSource
X-MP-GENERATED-AT
DSUID
Cache-Hits
X-Framework
X-Storage
Mn-Server-Ip
X-Viewer-Country
X-OCL
X-TX-ID
X-PCL
X-Www-Served-By
Akamai-GRN
Decoy-Debug-TTL
Cache-Name
Decoy-Debug-Key
Decoy-Debug-Status
X-Qloud-Router
ServedBy
Section-Origin-Responded
X-Access
X-Bc-Bl
X-Format
X-Cache-Config
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-RTag
X-Section
X-R9-Blue-Green-Version
Now
Section-Io-Id
X-Real-IP
Cleartype
Ms-Operation-Id
Webserver
Webcakes-Region
Webcakes-App-Version
X-Alternate-Cache-Key
X-BYPASS-REASON
X-CS
X-NCache
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Device-Type
X-FW-Version
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Varnish-Cache-Hits
Cache
Fastly-SSL
X-Info
X-ShopId
X-ShardId
X-Origin-Hint
X-Hl-Ver
X-ProxyCache-Key
X-ProxyCache-Status
X-ServerID
X-Pubstack
X-Redis-Cache
X-EIG-Tracking-Id
X-SayCDN-TTL
X-Web-Node
X-Say-TTL
X-Say-Cacheable
X-Proxy-Build
X-SaId
X-NYM-Debug-Backend
X-JoinUs
X-Content-Age
X-FB-TRIP-ID
X-From
X-Locale
X-Time-Microsecs
S-Rt
X-Cache-Enabled
X-Detected-As
X-Human
X-Labrador-Cache-Channel
X-Timing-Wait
Cache-Tv-Group
X-BCube-Filmed-By
X-Origin
X-FC-Vary-Parameters
X-PHP-Host
Selected-Fe
X-TNCMS
X-IP
X-Amzn-Remapped-Content-Length
X-Loop
DB-Nickname
X-Generated
X-Site-Version
X-Cache-Host
X-RateLimit-Limit
X-Hosted-By
X-Hyper-Cache
Azure-RegionName
X-Xfnlog-Site
X-XRDS-LOCATION
Azure-SiteName
Azure-InstanceId
X-Geo
Azure-Version
Azure-SlotName
Origin-Edge-Control
Origin-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
Geo-Info
Ec-Rule-Version
X-Drupal-Cache-Contexts
X-Unique-Id
Server-Info
X-Cache-2
User-Agent
SD-X-WS
X-Pad
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Source
Time
X-Cache-TTL-Remaining
X-Cache-NE
X-Varnish-Hostname
X-Old-Content-Length
X-Cluster-Node
X-EC-Lua
Apigw-Requestid
FilterID
Upgrade-Insecure-Requests
X-Parent-Response-Time
WPE-Backend
X-RCS-CacheZone
NR-ENABLED
X-Debug-Cache
X-Akamai-Request-ID
X-Webkit-CSP
Proxy-Connection
X-Cache-Backend
X-Soup
X-Vcache
X-CDN-Forward
X-Cache-Grace
X-Srv
X-Backend-TTL
X-Proxy-Cache-Status
X-Tb
X-Forwarded-Host
X-App-Version
X-Proto
X-DC
X-Presslabs-Stats
X-FORWARDED-FOR
X-Cache-PHP
X-Tumblr-Pixel-3
X-Nc
S-Cnection
X-Newrelic-Synthetics
T-Server
M-TraceId
IsBot
GEO-REGION-INFO
Machine
MD5-Digest
Mobile-Detection-Method
Pagetype
Meta-Geo-Continent
ServerName
FNAC-ModuleRouting
Rendered-Blocks
Thinkindot-CacheControl
AsisCache
BehaviorPad-Version
Server-Host
Fastcgi-X-Cache-Version
Content-Style-Type
Content-Script-Type
Arc-Country
X-A-Dgt
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Scheme
X-Vdms-Version
X-ScT
X-Trv-Group
X-Transaction
X-Twitter-Response-Tags
X-Vdms-Path
X-Developer
X-S-Cookie
X-DevSite-Last-Modified
X-Processor
X-G
X-PAYTM-SRV-ID
X-Geo-Header
X-Nginx-Cache-Key
X-External-Request-Id
X-Region-Sid
X-Rojux
X-S
X-Dispatch
X-Rewrite-Enabled
X-Reqid
X-Destination
X-Thinkindot-L3
X-A-Dam
X-A-Ccd
X-A-Dcw
X-Matched-Rule
X-A-Wwc
X-A
Who
True-Client-Country-4JS
Thinkindot-Control
UCS
Viewtype
VivaBuild
X-Accel-Expires-Debug
X-Aed
X-SIPLIST1
X-Connection-Hash
X-D
X-Date
X-SRCache-Key
X-CF-Lambda-Version
X-Session-Fingerprint
X-Application
X-ServiceProvider
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
Thinkindot-CacheControl-Type
NGX
X-AIR-PT
X-Uri
OT-Force-Account-Verify
Cache-Key
X-Cluster-Name
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
CacheControlHeader
X-Worker
X-Response-By
X-Varnish-Cacheable
X-User
X-VC-Cache
X-SD-PageType
N-Cache
CDCHOST
Vix-Hermes-Req-Id
RNT-Machine
RNT-Time
Magicmarker
Mail-Subject
On-Server
Release
Server-Ext
Server-Hostname
Viewport
X-Trace-Id
V-Age
X-Node-Id
Sever-Int
Kp-EeAlive
We-Hiring
Cache-Cookie-Set-Lfrom
X-Generation-Time
X-Hash
X-Generated-On
X-Generated-In
X-Req
X-SRV
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Method
X-NodeID
X-Location
X-Level-Front-Cache
X-Policy
X-LAGOON
NM-Fastcgi-Cache
X-Dispatcher-Server
X-Swa-Ws
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Cms-Context
X-Cache-FS-Status
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Branch-Name
Apple-News-Services-Host
Apple-News-Services-Handled
X-Skip-Cache
X-Developers
X-Device-Os
X-SN
X-Core-Value
X-Envoy-Decorator-Operation
Cf-Ipcountry
User-Cache-Control
Sid
X-Hit
X-Storefront-Renderer-Rendered
Node
X-VG-TLSProxy
X-Agile
X-Server-W
X-Agile-Id
X-Agile-Age
X-Distil-CS
X-Servername
Fastly-SWR
X-Epic-Correlation-Id
X-CGP
Fastly-SIE
Fastly-Drupal-HTML
X-Microcachable
X-Distributor
X-NC
X-Variation
X-TA-CDN-Provider
X-WADP-Cache
X-Cache-Debug
X-Cache-Tags
X-Thanos
X-Clientip
X-TH-Server
C-Via
X-Bip
Adler-Geo
X-Var-Ttl
X-Auto-Login
AKAMAI
X-Compress-Hint
X-Core-Mission
W
X-Eu-Site
X-JWT-State
X-Cache-URL
X-Clara-WADP
X-Is-Gdpr
Rt-Fastcgi-Cache
Gh-Request-Id
X-Cache-Info
X-Logging-Id
X-Hnp-Log
X-Origin-Expires
X-Gen-Mode
X-Origin-Date
X-Fmm-Version
X-Owner
X-Magnolia-Registration
Platform
L5d-Success-Class
X-Has-Esi
HA-Ipaddr
X-Wikidot-Backend
Is-Eu
Ha-Gx-Prefs
X-Request-UUID
Web-Mar-Node
X-Backend-State
X-Loc
X-Be
X-Rebelmouse-Surrogate-Control
X-Cache-Bucket
X-Block-Status
X-Rebelmouse-Cache-Control
X-Wikidot-Static-Cache
X-Origin-CC
X-Origin-TTL
X-App
X-We-Are-Hiring
X-Webstats-RespID
X-Instart-Info
X-Contensis-Viewer-Groups
X-VServer
X-Cache-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Reboot
X-Irp-Debug
X-Esi-Check
LB
X-Gzip
X-Fastly-Cache
X-Request-Host
X-BBXSRF
X-TrackingId
X-Slack-Backend
X-Varnish-Authentication
X-Backend-Host
X-Cache-ASPX
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-NU-AKA-ACS-Version
X-Via-PopH
X-SVT-ORM-RULES
X-Li-Pop
X-Platform-Server
X-GoCache-CacheStatus
X-Li-Fabric
X-SVT-ORM-VERSION
X-LI-Proto
X-Wa
Memcached
X-Dc
X-Via-PopV
X-Configured-By
X-LI-UUID
X-Cdn-Forward
HostName
X-Ms-Version
X-Ms-Request-Id
X-Edge-Location
X-Key
X-Envoy-Upstream-Healthchecked-Cluster
X-TT-TIMESTAMP
Referer-Policy
X-Varnish-URL
Pragrma
NtCoent-Length
X-ZONE
X-BC
MIME-Version
Tracecode
X-Servedbyhost
X-Refresh
Esi-Enabled
X-Vgn-Hpd-Reason
X-Ua-Device
L
Fastly-Backend-Name
X-Via-CDN
CACHE
X-App-Name
Server-ID
GEO-INFO
Ohc-File-Size
X-B3-Traceid
X-UA
Cache-Host
X-Nginx-Cache
X-BACKEND-TTL
X-Server-IP
X-Mvc-Supplant-OutputCached
X-Up
X-MSEdge-Flight
X-MSEdge-Features
X-Bc
X-Zone
X-Batcache
Memory
X-Unique-ID
X-TIME
X-VCL-Version
X-Cdn-Srv
Server-Cache-Control
Server-Surrogate-Control
X-ND-Cache
X-Minions-Version
X-ElasticPress-Query
X-Svr
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-S-Maxage
Ohc-Response-Time
X-VCT
X-Generated-By
X-COUNTRY
X-Aicache-OS
X-Sucuri-ID
X-FPC
X-Pjax-Url
X-CF-Powered-By
X-Oss-Request-Id
X-Oracle-Dms-Rid
FSS-Cache
X-Oss-Object-Type
GeoIP-Country-Code
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
DCR-Decision-By
DCR-Processing-Time-Ms
Resin-Trace
GeoIP-Latitude
X-GEO
X-Rocket-Nginx-Bypass
X-Azure-Ref-OriginShield
Locid
Request-Country
Request-EU
Location
X-Fastly-Cache-Status
Powered-By-ChinaCache
X-BE
Heartbleed
Hostname
X-Varnish-Hits
Pramga
X-Varnish-Ttl
X-PF-Uncompressing
X-Check-Cacheable
X-Request-URI
X-Newrelic-App-Data
Cteonnt-Length
HitType
Lfy
X-LB-ID
Amp-Access-Control-Allow-Source-Origin
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-Shopify-Generated-Cart-Token
PFcat
X-Gamma-Serve
X-Ratelimit-Reset
X-VarnishDD-TTL
X-Varnishpool
X-VHOST
X-Fastly-Country-Code
X-OVcl
X-PJAX-URL
X-OVcl-Cache
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-CACHE-KEY
X-Vgn-Hpd-Cached
X-Fpc
X-Sucuri-Cache
WZWS-RAY
CF-Cached-On
X-CSRF-TOKEN
X-Platform
Geoip-Latitude
X-Instart-Isnd
GeoIp-Country-Code
X-Fastly-Backend-Reqs
X-WebServer
X-HS-Status
X-Pf-Uncompressing
SRV
X-Vcl-Version
X-Cache-Expired-At
X-Ratelimit-Remaining
X-Render-Time
Product
Mime-Version
X-Client-Ip
X-Proxy-Upstream
X-Fetched-On
X-Sn-Servicetimems
X-CACHE-AGE
X-Ftr-Cache-Host
X-Cdn-Origin
X-Original-Request-Id
X-CLOUD-TRACE-CONTEXT
My-App
SN
Ohc-Cache-HIT
X-NGINX-Cache
X-GeoIP-Country-Code
X-CUA
X-ECache
WWW-Authenticate
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
URI
Pics-Label
XServer
X-Ratelimit-Limit
X-Varnish-Url
Dt-Cache-Category
Epwk-X-Cache
X-ServedByHost
CloudFront-Viewer-Country
X-B3-SpanId
X-Tec-Api-Version
X-Cache-Tag
X-Request-Start
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oss-Cdn-Auth
X-StackifyID
A
X-Swift-Error
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Backend
Group
X-Served-From
X-B3-Spanid
Cdn
X-WR-MODIFICATION
Lb
Cf-Alt-Svc
PICS-Label
Server-Ttl
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Apw-Access-Action
X-Apw-Access-Object
X-Csrf-Jwt
X-Apw-Hits
Cloudfront-Viewer-Country
X-Apw-Access-Token
X-Via-Popv
X-Nananana
X-RunCloud-Cache
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
Backend-Name
X-Via-Poph
X-Debug-Cache-Bypass
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Debug-Cache-Status
X-Cache-Version
X-Request-Time
X-Via-Ucdn
Proxy-Firewall
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-WA
X-Varnish-Beresp-TTL
X-Acquia-Site
X-Acquia-Application-UUID
X-Cache-Hm
Cneonction
Origin
X-Cache-Hfrom
X-APP
X-Sigma
X-Sigma-Backend
Warning
Inserted-Into-Cache-At
X-Snapshot-Date
CF-IPCountry
X-Rocket-Build-Number
Country-Code
X-Via-NSCOPI
Req-ID
X-B3-Parentspanid
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
NnCoection
X-Varnish-ID
X-Dw-Trace-Id
X-SB
X-Html-Edge-Cache
X-Request-URL
X-ElasticPress-Search
X-VC