Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Vhost
X-Response-Time
X-Device
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
Content-Location
X-Origin-Upstream-Status
X-HW
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Mod-Pagespeed
X-DataDome
Request-Id
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
Accept-CH
X-Rack-Cache
RTSS
Edge-Control
X-Url
Accept-CH-Lifetime
MS-Author-Via
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
Verso
X-Goog-Hash
Service-Worker-Allowed
X-Varnish-TTL
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Use-Magma
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-B3-TraceId
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Display
Pagespeed
X-Sol
X-Middleton-Display
Response
Public-Key-Pins
X-Middleton-Response
X-MS-InvokeApp
X-Content-Type
X-Cache-TTL
X-DynaTrace
X-Cdn
X-D2id
X-NF-Request-ID
X-Amz-Rid
X-CST
X-Vcap-Request-Id
X-Ttl
TCN
X-Cached
X-VARITI-CCR
X-Abt-Application-Version
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
Pinterest-Generated-By
X-ESI
X-Powered-CMS
X-Upstream
X-Version
X-Navigation-Version
Cache-Tag
X-Debug
X-Grace
X-Fastly-Request-ID
X-Server-Name
Accept-Ch
Access-Control-Request-Method
X-Instart-Request-ID
X-XRDS-Location
Charset
X-Element-Page-Cache
X-MSEdge-Ref
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Realpath
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
Accept-Ch-Lifetime
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Hp-Webp
X-Jurisdiction
SPIisLatency
SPRequestDuration
X-Pinterest-Rid
X-Amz-Meta-S3cmd-Attrs
Pinterest-Version
X-Recruiting
X-Id
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
S
X-Kinsta-Cache
X-T
X-Content-Digest
X-Cache-Key
Fastcgi-Cache
X-Logged-In
X-Trace
X-TTL
X-Node-Name
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Hostname
Fastly-Restarts
ServerID
TP-Cache
TP-L2-Cache
X-Oneagent-Js-Injection
X-Request-Processing-Time
X-Amzn-Trace-Id
X-Mobile-URL
X-Request-Received
X-Cache-Hit
X-Frontend
Server-Node
Front-End-Https
X-Cache-Age
X-Server-ID
X-Client-IP
X-Yandex-Sdch-Disable
X-Forwarded-For
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
Edge-Cache-Tag
Powered
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Server-Name
Arc-Version
PB-PID
PB-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-User-Agent
X-Ah-Environment
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Akamai-Edgescape
X-Page-Id
X-Hits
X-Revision
X-LB-Cache
X-F-Cache
Filters
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Jobs
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
DynaTrace
X-Mobile-Rewrite
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Content-Powered-By
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Geo-Country
X-Varnish-Age
X-Correlation-Id
X-N
X-Daa-Tunnel
AMP-Access-Control-Allow-Source-Origin
Accept-Charset
X-Ruxit-Js-Agent
X-FTR-Cache-Host
Cache-Tags
X-Varnish-Backend
X-B
X-Type
X-Ser
X-Varnish-Grace
X-Fastcgi-Cache
Paypal-Debug-Id
DC
X-Rid
Retry-After
X-RateLimit-Remaining
X-Esi
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Content-Options
X-App-Environment
X-Signature
Surrogate-Key
X-B-Cache
Section-Io-Cache
Host
X-TT
X-Request-Guid
X-Whom
X-FB-Debug
X-AppVersion
X-Activity-Id
X-Az
X-Edge
Fastcgi-Useragent
X-IPLB-Instance
X-Debug-Info
X-Endurance-Cache-Level
X-Status
Actual-Object-TTL
Frame-Options
Healthy
X-Via-JSL
Nel
X-HTML-Minification-Powered-By
X-ATG-Version
MicrosoftSharePointTeamServices
X-Release
Srv
Content-Disposition
X-Contextid
X-AOL-HN
Refresh
X-Amzn-RequestId
X-ATS-Timestamp
Backend-Timing
X-Amz-Apigw-Id
X-Seen-By
X-Cache-Action
From-Origin
X-App-Server
X-ECACHE
Access-Control-Allow-Method
X-B3-Sampled
X-Pinterest-Direct
X-Protected-By
X-Accel-Buffering
X-Cache-Rule
X-Response-Served-From
X-ProcessESI
X-Cache-Operation
X-Region
X-Mid
X-MCACHE
X-RemovedCookies
X-Tumblr-User
X-Tumblr-Pixel
Odigeo-Trace-Id
X-Tumblr-Pixel-0
X-Cacheable-TTL
Uber-Trace-Id
X-FW-Dynamic
X-FW-Static
X-WA-Info
X-Rendered-As
X-UUID
X-Is-Bot
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Hash
X-Instance
VIX-Pulpo-Node
Payment
VIX-Pulpo-Upstream-Status
X-Environment-Context
X-Upgrade-Enabled
X-Rule
X-Drupal-Cache-Tags
X-L-Path
Countrycode
Eomportal-Instance
X-Cache-Time
X-Varnish-Server
MS-CV
X-Litespeed-Cache
X-Adobe-Loc
X-Host-Name
X-Proxy
X-Adobe-Content
Datacenter
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Cached-By
X-Time
X-Mobile
Source
X-NewRelic-App-Data
X-Cache-Server
X-Cache-Control
X-PHP-Backend
X-Load-Cache
X-UnsetCookies
Server-Info
X-Air-Hostname
Access-Control-Request-Headers
X-Azure-Ref
Xserver
Accept-Language
X-Correlation-ID
X-SERVER-NAME
X-Yottaa-Metrics
X-GeoIP
X-Backend-Name
X-NGENIX-Cache
X-Yottaa-Optimizations
X-Origin-Response-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-NGX
X-Akamai-Transformed
X-Handled-By
X-Presslabs-Stats
Liferay-Portal
X-Framework
X-Webkit-CSP
X-NWS-UUID-VERIFY
X-Mode
X-Pass-Why
X-Unique-Id
X-Wix-Request-Id
Version
X-URL
Filterid
X-FireWall-Port
X-RateLimit-Limit
X-CSRF-Token
X-APP-VERSION
X-VWS-Id
X-Path-Route
X-UA-Device-Type
X-RN-RSRV
X-Proxied
Cache-Status
X-UPSTREAM-Address
X-Via-Fastly
X-ES-SERVER
X-PERF
X-Routing-Service
Cross-Origin-Window-Policy
X-LJ-Flow-ID
Meta-Geo
X-Vcache
X-AWS-Id
X-Locale
X-Cache-Var
X-Zipkin-Id
X-Cache-Var-Map
X-ApacheServer
X-CCM
X-Adobe-Source
Load-Balancing
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Access
Akamai-GRN
X-Cache-Status-Check
X-Site-Version
Cache
X-NCache
X-MP-GENERATED-AT
DSUID
X-IP
X-TX-ID
Mn-Server-Ip
X-Pubstack
X-Section
ServedBy
Now
X-Www-Served-By
X-Real-IP
Cache-Hits
X-Viewer-Country
X-Format
X-Qloud-Router
TWC-Locale-Group
Decoy-Debug-Key
TWC-Connection-Speed
Cache-Name
Section-Origin-Responded
Property-Id
TWC-Privacy
Section-Io-Id
Section-Io-Origin-Time-Seconds
S-Rt
TWC-Device-Class
Cache-Tv-Group
Webcakes-App-Version
Webcakes-App-Name
Decoy-Debug-TTL
Webcakes-Region
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Hyper-Cache
DB-Nickname
Cleartype
Decoy-Debug-Status
X-Varnish-Cache-Hits
X-FW-Version
X-Origin-Hint
X-Web-Node
X-PCL
X-Human
X-Info
X-OCL
Section-Io-Origin-Status
X-R9-Blue-Green-Version
X-Storage
X-Redis-Cache
X-Device-Type
X-Say-TTL
X-SayCDN-TTL
X-CS
X-Detected-As
X-Amzn-Remapped-Content-Length
X-Say-Cacheable
X-Cache-Config
X-NYM-Debug-Backend
X-ProxyCache-Status
X-ShopId
X-ProxyCache-Key
X-ServerID
X-ShardId
X-Hosted-By
Webserver
X-Cache-Enabled
X-BYPASS-REASON
X-Bc-Bl
X-Time-Microsecs
X-Sorting-Hat-ShopId
X-Cache-2
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-FC-Vary-Parameters
X-Shopify-Stage
Fastly-SSL
X-Cluster
X-IPS-LoggedIn
Apigw-Requestid
Azure-InstanceId
Azure-SiteName
X-FB-TRIP-ID
X-TNCMS
X-PHP-Host
X-Cache-Host
X-Content-Age
X-EIG-Tracking-Id
X-Timing-Wait
X-From
Azure-RegionName
X-Hl-Ver
X-Origin
Selected-Fe
X-Proxy-Build
X-Labrador-Cache-Channel
X-Loop
Azure-Version
Azure-SlotName
X-Urbn-Context-Path
X-Urbn-Site-Id
X-RTag
Locale
X-SaId
X-JoinUs
Ms-Operation-Id
X-BCube-Filmed-By
NGB
X-VCache
Ec-Rule-Version
Origin-Cache-Control
X-XRDS-LOCATION
X-Ua
X-No-Session
X-Generated
X-Geo
X-Cache-Remote
X-Drupal-Cache-Contexts
X-CDN-Forward
X-PressLabs-Stats
X-Cache-TTL-Remaining
X-Xfnlog-Site
Time
X-EC-Lua
X-Backend-TTL
X-Debug-Cache
Origin-Edge-Control
Country
X-Storefront-Renderer-Rendered
SD-X-WS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Pad
X-Source
X-Soup
X-SRV
X-NC
X-Proto
Upgrade-Insecure-Requests
X-Varnish-Hostname
X-Cluster-Node
X-Tb
X-Akamai-Request-ID
X-Old-Content-Length
X-TA-CDN-Provider
GEO-INFO
X-Cache-PHP
Referer-Policy
X-App-Version
Proxy-Connection
User-Agent
X-Parent-Response-Time
X-RequestSource
X-RCS-CacheZone
Cache-Key
X-Cache-NE
X-DC
X-Cache-Backend
X-Client-Ip
LB
X-App
X-Magnolia-Registration
X-FORWARDED-FOR
X-Origin-TTL
Geo-Info
X-Origin-CC
NGX
AsisCache
Viewtype
CacheControlHeader
BehaviorPad-Version
Who
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
AKAMAI
VivaBuild
Arc-Country
Fastcgi-X-Cache-Version
MD5-Digest
Machine
M-TraceId
Meta-Geo-Continent
Mobile-Detection-Method
On-Server
N-Cache
Rendered-Blocks
IsBot
UCS
Pragrma
Content-Style-Type
True-Client-Country-4JS
T-Server
GEO-REGION-INFO
FNAC-ModuleRouting
Content-Script-Type
X-Geo-Header
X-SD-PageType
X-ScT
X-SIPLIST1
X-SRCache-Key
X-SVT-ORM-RULES
X-Scheme
X-S-Cookie
X-Response-By
X-Rewrite-Enabled
X-Rojux
X-S
X-SVT-ORM-VERSION
X-Swa-Ws
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Trace-Id
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Region-Sid
X-Processor
X-Connection-Hash
X-Cms-Context
X-D
X-Date
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-Developer
X-Developers
X-Method
X-Nginx-Cache-Key
X-NodeID
X-PAYTM-SRV-ID
X-Generation-Time
X-G
X-DevSite-Last-Modified
X-Dispatch
X-Edge-Location
X-External-Request-Id
X-A-Wwc
X-B-Cookie
X-AIR-PT
X-Cache-Grace
FilterID
X-Tumblr-Pixel-3
User-Cache-Control
Node
X-Proxy-Cache-Status
We-Hiring
X-User
X-Gen-Mode
Viewport
Wxu-Next-Commit
X-Hash
X-Has-Esi
Wxu-Next-Region
Wxu-Next-Hostname
X-Hnp-Log
Thinkindot-CacheControl-Type
Web-Mar-Node
X-Varnish-Cacheable
X-JWT-State
Release
Pagetype
X-Key
X-LAGOON
X-Is-Gdpr
X-VC-Cache
X-Thinkindot-L3
Sever-Int
Server-Hostname
Server-Host
Server-Ext
Thinkindot-CacheControl
X-Agile-Id
X-Forwarded-Host
X-Generated-On
X-Policy
X-Compress-Hint
X-Clara-WADP
X-Server-W
X-Device-Os
X-Reqid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Fmm-Version
X-Generated-In
X-Req
X-Servername
X-ServiceProvider
X-Auto-Login
X-SN
X-Level-Front-Cache
X-Agile-Age
X-Agile
X-Backend-State
X-Bip
X-Cache-URL
X-Skip-Cache
X-Cache-Info
X-Cache-Bucket
X-Block-Status
X-Thanos
Thinkindot-Control
X-Loc
X-Matched-Rule
X-Cluster-Name
X-Worker
Gh-Request-Id
Kp-EeAlive
X-Wikidot-Backend
Apple-News-Services-Handled
X-Micro-Cache
Apple-News-Services-Parsed-Url
X-Logging-Id
Apple-News-Services-Request-Url
CDCHOST
Apple-News-Services-Host
X-Location
OT-Force-Account-Verify
X-WADP-Cache
X-Wikidot-Static-Cache
X-Node-Id
Mail-Subject
MIME-Version
X-Distributor
Magicmarker
X-Hit
Platform
Adler-Geo
X-Backend-Host
X-VServer
X-NU-AKA-ACS-Version
X-B3-Traceid
ServerName
X-TH-Server
X-Varnish-Authentication
X-VG-TLSProxy
X-Mvc-Supplant-Cachable
X-Dispatcher-Server
X-BBXSRF
X-CGP
X-Cache-FS-Status
X-Owner
X-Cache-Tags
C-Via
L5d-Success-Class
X-Request-UUID
NM-Fastcgi-Cache
X-Request-Host
X-Clientip
X-Cache-ASPX
X-Variation
X-Origin-Expires
HA-Ipaddr
V-Age
Ha-Gx-Prefs
X-Irp-Debug
Vix-Hermes-Req-Id
X-Uri
X-Core-Value
X-Webstats-RespID
Is-Eu
X-Var-Ttl
X-Fastly-Cache
X-Contensis-Viewer-Groups
W
X-We-Are-Hiring
Rt-Fastcgi-Cache
X-TrackingId
X-Eu-Site
X-Envoy-Decorator-Operation
Fastly-SIE
X-Origin-Date
Fastly-SWR
X-Core-Mission
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Newrelic-Synthetics
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Fastly-Drupal-HTML
X-Epic-Correlation-Id
Fastly-Backend-Name
X-Esi-Check
X-Reboot
Memcached
X-Up
X-Via-CDN
X-GoCache-CacheStatus
X-Cache-Id
X-Gzip
X-Slack-Backend
X-Distil-CS
X-Session-Fingerprint
X-Dc
X-ZONE
X-BC
X-LI-Proto
X-Wa
RNT-Time
X-Li-Pop
X-Li-Fabric
RNT-Machine
X-LI-UUID
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Minions-Version
Sid
X-Be
X-ElasticPress-Query
X-Srv
X-Configured-By
X-Batcache
X-Refresh
X-Varnish-URL
X-Aicache-OS
X-UA
X-Nc
X-Branch-Name
X-Cache-Debug
Cf-Ipcountry
X-Servedbyhost
X-Ua-Device
Hostname
X-Mvc-Supplant-OutputCached
X-TIME
X-Nginx-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
CACHE
S-Cnection
Memory
X-Varnishpool
Pramga
X-Fastly-Cache-Status
X-Via-PopV
X-Instart-Info
X-Via-PopH
HostName
X-Ratelimit-Reset
X-Platform-Server
X-PF-Uncompressing
X-Envoy-Upstream-Healthchecked-Cluster
Location
X-VCL-Version
X-ND-Cache
X-Original-Request-Id
X-MSEdge-Flight
HitType
X-MSEdge-Features
X-Sucuri-ID
X-BE
X-Microcachable
X-TT-TIMESTAMP
X-Ms-Request-Id
X-Ms-Version
X-Sucuri-Cache
X-FPC
X-CF-Powered-By
Esi-Enabled
Powered-By-ChinaCache
X-Cdn-Forward
X-Debug-Panamera-Host
X-LB-ID
X-GEO
X-COUNTRY
NtCoent-Length
X-Pjax-Url
X-Debug-Panamera-Sitecode
X-Zone
X-Bc
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
PFcat
X-OVcl
X-OVcl-Cache
X-VarnishDD-TTL
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
GeoIP-Country-Code
X-Check-Cacheable
Resin-Trace
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
L
X-Vgn-Hpd-Variations-Key
Server-ID
GeoIP-Latitude
X-Azure-Ref-OriginShield
X-App-Name
FSS-Cache
Ohc-File-Size
X-Server-IP
X-Fastly-Backend-Reqs
X-Render-Time
X-Instart-Isnd
X-Cdn-Srv
Cache-Host
X-Platform
X-Vgn-Hpd-Reason
X-Generated-By
Server-Surrogate-Control
Server-Cache-Control
X-Varnish-Ttl
X-Svr
X-BACKEND-TTL
X-HS-Status
X-CUA
X-S-Maxage
X-Unique-ID
X-PJAX-URL
X-CSRF-TOKEN
Cteonnt-Length
Ohc-Response-Time
X-Ratelimit-Remaining
X-VHOST
Pics-Label
Geoip-Latitude
X-Fpc
Epwk-X-Cache
X-Fastly-Country-Code
GeoIp-Country-Code
Tracecode
X-Cache-Expired-At
X-Rocket-Nginx-Bypass
Backend-Name
Backend
X-RunCloud-Cache
CF-Cached-On
X-Varnish-Hits
X-Newrelic-App-Data
SRV
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
Cdn-Host
Cdn-Request-Time
X-Pf-Uncompressing
SN
X-Csrf-Jwt
X-VCT
Request-Country
Locid
Request-EU
X-Edge-Server
Heartbleed
X-NGINX-Cache
X-CACHE-AGE
X-Ratelimit-Limit
X-Request-URI
XServer
X-Via-Poph
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-Via-Popv
X-Sigma
X-Request-Time
X-ECache
X-Rocket-Build-Number
X-CACHE-KEY
Lfy
X-Sigma-Backend
X-Gamma-Serve
X-StackifyID
WWW-Authenticate
CF-IPCountry
X-Nananana
Host-ID
X-Amzn-Remapped-Date
X-ServedByHost
X-Amzn-Remapped-Connection
X-Varnish-Url
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-DPWN-IS-SECURE
X-Oss-Cdn-Auth
NR-ENABLED
WPE-Backend
Country-Code
URI
X-Debug-Cache-Store
X-Fastly-Request-Id
X-WebServer
X-Apw-Hits
X-Debug-Cache-Fetch
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
Lb
PICS-Label
X-Cache-Tag
Cloudfront-Viewer-Country
Server-Ttl
X-Via-Ucdn
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Cache-Bypass
Product
X-Proxy-Upstream
X-Shopify-Generated-Cart-Token
X-B3-Spanid
X-LiteSpeed-Cache-Control
SID
X-Cache-Version
My-App
CDN-RequestCountryCode
CDN-RequestId
WZWS-RAY
CDN-Uid
X-Fetched-On
CDN-EdgeStorageId
X-Cdn-Origin
CDN-CachedAt
X-Sn-Servicetimems
X-Acquia-Application-Trace
Ohc-Cache-HIT
CDN-PullZone
X-Tb-Optimization-Total-Bytes-Saved
X-Acquia-Application-UUID
X-WA
CDN-Cache
Proxy-Firewall
Dnion-Transfer-Encoding
X-Acquia-Purge-Tags
X-Acquia-Site
Cneonction
X-Amz-Meta-Cb-Modifiedtime
Surrogated-Key
X-APP
DataCenter
X-IN-APIGATEWAYSSL
X-GeoIP-Country-Code
X-Lb-Id
X-Fastly-Cache-Hits
X-IN-APIGATEWAY
X-Snapshot-Date
X-Request-URL
X-Swift-Error
X-WR-MODIFICATION
Cf-Alt-Svc
A
X-Html-Edge-Cache
X-ElasticPress-Search
X-Varnish-Beresp-TTL
X-SB
X-VC
Warning
Inserted-Into-Cache-At
X-Dw-Trace-Id
FSS-Proxy