Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Dns-Prefetch-Control
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
NEL
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Rack-Cache
X-Pass-Why
X-Px
RTSS
X-FTR-Request-ID
MS-Author-Via
Accept-CH
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-Powered-By-Plesk
Verso
X-B3-TraceId
Service-Worker-Allowed
Accept-CH-Lifetime
Public-Key-Pins
X-Cdn-Fetch
X-GitHub-Request-Id
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-DynaTrace
Response
Display
X-Middleton-Display
X-Middleton-Response
X-Forwarded-Proto
X-Sol
Pagespeed
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Ttl
X-Amz-Rid
X-CST
TCN
Accept-Ch
X-Abt-Application-Version
X-NF-Request-ID
X-Vcap-Request-Id
Pinterest-Generated-By
X-Content-Type
X-Cached
X-VARITI-CCR
X-Navigation-Version
X-ESI
Cache-Tag
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Fastly-Request-ID
Accept-Ch-Lifetime
AR-CACHE
Ar-Sid
X-Version
X-Server-Name
X-Instart-Request-ID
X-Upstream
X-Powered-CMS
X-Grace
Access-Control-Request-Method
X-Debug
X-MSEdge-Ref
X-Accel-Expires
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Host-Header
Charset
Nginx-Cache
SPRequestDuration
SPIisLatency
S
Content-MD5
Realpath
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-DynaTrace-JS-Agent
X-Element-Page-Cache
X-FastCGI-Cache
X-Client-IP
X-XRDS-Location
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
X-Cdn
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Trace
X-Amz-Meta-S3cmd-Attrs
X-Oneagent-Js-Injection
X-T
X-Kinsta-Cache
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Cache-Key
X-Server-ID
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-ASPNET-VERSION
X-Request-Received
X-TTL
X-Request-Processing-Time
X-Cache-Hit
X-Cache-Age
X-Frontend
Server-Node
ServerID
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Hostname
Edge-Cache-Tag
X-Amzn-Trace-Id
Front-End-Https
X-FTR-Expires
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Forwarded-For
Fastly-Restarts
Server-Name
PB-PID
PB-RID
Arc-Version
Powered
X-Yandex-Sdch-Disable
DynaTrace
X-Request-Handler-Origin-Region
X-Microsite
X-DIS-Request-ID
X-Zen-Fury
X-Content-Security-Policy-Report-Only
Filters
X-Revision
X-User-Agent
X-Page-Id
X-F-Cache
X-Akamai-Edgescape
X-Jobs
X-LB-Cache
X-Hits
X-Mobile-Rewrite
Accept-Charset
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Ruxit-Js-Agent
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Content-Powered-By
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
X-Origin-Server
X-Correlation-Id
X-Varnish-Age
Backend-Timing
X-ATS-Timestamp
X-N
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-B
X-FTR-Cache-Host
Nel
X-Varnish-Backend
X-Via-JSL
MicrosoftSharePointTeamServices
X-Erf-Bev-Bev-Is-Generated
X-Daa-Tunnel
X-Erf-Bev-Bev
X-Rid
Cache-Tags
X-AppVersion
X-Az
X-Activity-Id
X-Litespeed-Cache
X-WebKit-CSP-Report-Only
DC
X-FB-Debug
X-Amz-Replication-Status
X-Type
X-Git-Hash
X-Signature
X-B-Cache
Paypal-Debug-Id
Surrogate-Key
Retry-After
Section-Io-Cache
X-ATG-Version
X-Whom
X-TT
X-Fastcgi-Cache
X-Debug-Info
X-Varnish-Grace
X-Ser
X-Edge
X-App-Environment
X-Esi
Frame-Options
Host
X-Content-Options
Actual-Object-TTL
X-Status
X-App-Server
Fastcgi-Useragent
X-Request-Guid
X-RateLimit-Remaining
Healthy
X-Contextid
X-AOL-HN
X-IPLB-Instance
X-Amzn-RequestId
X-Endurance-Cache-Level
X-Cache-Action
X-HTML-Minification-Powered-By
X-Seen-By
Srv
X-Pinterest-Direct
X-B3-Sampled
X-Host-Name
Refresh
From-Origin
X-Upgrade-Enabled
X-ECACHE
X-Amz-Apigw-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
Access-Control-Allow-Method
Source
X-Instance
X-Drupal-Cache-Tags
X-ProcessESI
X-RemovedCookies
X-Cache-Rule
X-Accel-Buffering
X-Response-Served-From
X-Cache-Operation
Odigeo-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Mid
X-Region
X-MCACHE
X-Protected-By
Eomportal-Instance
Payment
MS-CV
X-UUID
X-Rule
X-Cacheable-TTL
X-L-Path
X-Varnish-Server
X-Is-Bot
X-Rendered-As
X-WA-Info
X-Environment-Context
X-Adobe-Content
X-Adobe-Loc
X-FW-Static
Countrycode
Datacenter
X-FW-Type
X-FW-Server
X-PressLabs-Stats
X-FW-Hash
X-FW-Dynamic
X-Cache-Time
X-FW-Serve
X-VCache
X-Time
Content-Disposition
Cache-Status
X-Cache-Control
Xserver
X-Cache-Server
X-GeoIP
X-Cached-By
X-Akamai-Request-ID2
X-UnsetCookies
Uber-Trace-Id
X-XRDS-LOCATION
X-Proxy
X-Akamai-Transformed
X-EdgeConnect-Cache-Status
X-Wix-Request-Id
X-Mobile
X-Load-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
Access-Control-Request-Headers
X-PHP-Backend
Version
X-SERVER-NAME
X-Release
X-Correlation-ID
X-Cluster
NGB
X-Mode
X-Handled-By
X-Azure-Ref
Filterid
X-NewRelic-App-Data
X-APP-VERSION
X-NGENIX-Cache
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-IPS-LoggedIn
Accept-Language
X-Cache-NGX
Cache
X-Backend-Name
X-NWS-UUID-VERIFY
X-Cache-Remote
X-Air-Hostname
Liferay-Portal
X-Cache-Var
X-CCM
X-ES-SERVER
Load-Balancing
X-Cache-Status-Check
X-RN-RSRV
X-Cache-Var-Map
X-FireWall-Port
X-Adobe-Source
X-URL
X-No-Session
X-UPSTREAM-Address
Cross-Origin-Window-Policy
X-CSRF-Token
X-UA-Device-Type
X-Path-Route
X-Via-Fastly
Meta-Geo
X-Framework
X-PERF
X-Locale
X-MP-GENERATED-AT
X-R9-Blue-Green-Version
ServedBy
X-PCL
X-OCL
X-AWS-Id
X-Storage
X-Viewer-Country
X-ApacheServer
DSUID
X-VWS-Id
X-LJ-Flow-ID
X-Www-Served-By
Cache-Hits
Cache-Name
X-Site-Version
Mn-Server-Ip
Section-Io-Origin-Status
X-TX-ID
Cleartype
Section-Origin-Responded
Section-Io-Id
X-Pubstack
X-RTag
X-Bc-Bl
Now
Decoy-Debug-Status
Akamai-GRN
X-Real-IP
Decoy-Debug-TTL
Ms-Operation-Id
Section-Io-Origin-Time-Seconds
X-RequestSource
X-Cache-Config
Decoy-Debug-Key
X-Format
X-Info
X-Routing-Service
X-Proxied
X-Section
X-Zipkin-Id
X-Redis-Cache
X-Web-Node
X-Access
X-Shopify-Stage
X-SayCDN-TTL
X-Say-TTL
X-ServerID
X-ShardId
X-ShopId
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-EIG-Tracking-Id
X-FW-Version
X-Device-Type
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Hl-Ver
X-Human
X-Sorting-Hat-PodId
X-ProxyCache-Key
X-Sorting-Hat-ShopId
X-NCache
X-Say-Cacheable
Webserver
Fastly-SSL
X-Proxy-Build
Selected-Fe
X-Ua
X-SaId
X-Cache-Enabled
S-Rt
X-Origin
X-NYM-Debug-Backend
X-Detected-As
X-BCube-Filmed-By
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-JoinUs
X-From
X-Timing-Wait
X-Time-Microsecs
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-CS
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
X-Qloud-Router
X-Origin-Hint
Property-Id
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-Content-Age
X-Generated
Cache-Tv-Group
X-IP
X-TNCMS
X-PHP-Host
X-Loop
DB-Nickname
X-Amzn-Remapped-Content-Length
X-Hosted-By
X-Hyper-Cache
Azure-InstanceId
Azure-RegionName
X-Cache-Host
Azure-SlotName
Azure-SiteName
Azure-Version
Origin-Edge-Control
Origin-Cache-Control
X-Xfnlog-Site
X-Geo
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
Country
WPE-Backend
X-Drupal-Cache-Contexts
NR-ENABLED
X-Unique-Id
SD-X-WS
X-Cache-2
X-Source
Time
Geo-Info
X-Pad
User-Agent
X-RateLimit-Limit
X-Old-Content-Length
X-Cache-TTL-Remaining
Server-Info
X-Varnish-Hostname
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Cluster-Node
Locale
X-Cache-NE
Upgrade-Insecure-Requests
X-Parent-Response-Time
X-Presslabs-Stats
Apigw-Requestid
X-Srv
X-EC-Lua
X-Debug-Cache
X-Cache-Backend
X-Akamai-Request-ID
FilterID
X-RCS-CacheZone
X-Soup
X-Webkit-CSP
Proxy-Connection
X-Cache-Grace
X-Proxy-Cache-Status
X-Forwarded-Host
X-Tb
X-Proto
X-Backend-TTL
X-CDN-Forward
X-Nc
X-Newrelic-Synthetics
X-Cache-PHP
X-App-Version
X-TA-CDN-Provider
X-Tumblr-Pixel-3
NGX
S-Cnection
ServerName
X-Twitter-Response-Tags
X-Generated-On
X-ScT
X-S
T-Server
X-S-Cookie
X-Scheme
X-Region-Sid
Machine
X-Rewrite-Enabled
Mobile-Detection-Method
M-TraceId
X-Session-Fingerprint
X-Rojux
Pagetype
X-Uri
X-Swa-Ws
Rendered-Blocks
MD5-Digest
X-Geo-Header
Server-Host
X-Trace-Id
X-SRCache-Key
X-Transaction
X-ServiceProvider
Meta-Geo-Continent
X-Level-Front-Cache
X-Thinkindot-L3
X-Trv-Group
X-A
Content-Style-Type
X-NodeID
Arc-Country
X-G
X-Cluster-Name
X-B-Cookie
X-ARC
X-Aed
Thinkindot-CacheControl
Fastcgi-X-Cache-Version
X-PAYTM-SRV-ID
X-Application
AsisCache
X-CF-Lambda-Fn
X-Destination
OT-Force-Account-Verify
X-Developer
X-DevSite-Last-Modified
X-Dispatch
X-Date
X-D
BehaviorPad-Version
X-CF-Lambda-Version
X-Connection-Hash
X-External-Request-Id
Content-Script-Type
X-A-Wwc
X-Accel-Expires-Debug
UCS
True-Client-Country-4JS
X-Matched-Rule
X-Vtex-Processado-Em
GEO-REGION-INFO
X-Vtex-Remote-Cache
X-VG-WebServer
X-FORWARDED-FOR
X-Vdms-Path
Thinkindot-CacheControl-Type
X-Vdms-Version
Thinkindot-Control
X-VG-WebCache
X-A-Dgt
Viewtype
Xc-Version
VivaBuild
X-A-Dam
X-A-Dcw
X-Reqid
X-A-Ccd
X-Processor
Who
Cache-Key
X-Be
CacheControlHeader
X-Node-Id
Kp-EeAlive
X-Location
X-Logging-Id
X-LAGOON
CDCHOST
Viewport
X-Bip
X-Generated-In
X-Agile-Id
X-Agile-Age
X-Branch-Name
X-Cache-FS-Status
X-Dispatcher-Server
X-Device-Os
X-Core-Value
X-Cms-Context
X-Agile
We-Hiring
Release
On-Server
NM-Fastcgi-Cache
N-Cache
X-Hash
X-Generation-Time
Vix-Hermes-Req-Id
X-Owner
V-Age
Mail-Subject
X-Skip-Cache
X-SN
X-User
X-SIPLIST1
X-AIR-PT
X-SD-PageType
X-RateLimit-Remaining-Second
X-Response-By
Cf-Ipcountry
X-VC-Cache
Cache-Cookie-Set-Lfrom
X-Nginx-Cache-Key
X-Dc
X-Method
IsBot
FNAC-ModuleRouting
Sid
X-Worker
X-Vcache
X-RateLimit-Limit-Second
X-Thanos
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
AKAMAI
X-Envoy-Decorator-Operation
X-Microcachable
User-Cache-Control
X-Hit
X-DC
W
X-Wikidot-Backend
Magicmarker
Server-Ext
RNT-Time
RNT-Machine
X-Origin-Expires
Apple-News-Services-Parsed-Url
X-Origin-Date
Adler-Geo
Web-Mar-Node
Apple-News-Services-Handled
Server-Hostname
X-Wikidot-Static-Cache
Apple-News-Services-Host
Apple-News-Services-Request-Url
Wxu-Next-Hostname
X-Cache-Tags
X-Cache-Info
X-Compress-Hint
X-Fmm-Version
X-Developers
X-Clara-WADP
X-CGP
X-Cache-Bucket
C-Via
X-Policy
Wxu-Next-Commit
X-Auto-Login
X-Gen-Mode
X-Backend-State
X-Block-Status
Wxu-Next-Region
Sever-Int
X-Req
Gh-Request-Id
X-Is-Gdpr
X-JWT-State
X-Micro-Cache
X-Eu-Site
X-Epic-Correlation-Id
X-Servername
X-Request-UUID
X-Distil-CS
X-Magnolia-Registration
Is-Eu
Ha-Gx-Prefs
L5d-Success-Class
X-Rebelmouse-Cache-Control
X-Distributor
X-Rebelmouse-Surrogate-Control
X-Hnp-Log
Platform
Fastly-SWR
X-Variation
X-Var-Ttl
Fastly-SIE
X-VG-TLSProxy
X-WADP-Cache
HA-Ipaddr
Fastly-Drupal-HTML
X-Clientip
X-Varnish-Cacheable
X-TH-Server
Rt-Fastcgi-Cache
X-Has-Esi
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-App
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Status
X-Loc
X-Cache-URL
X-Server-W
X-Via-PopH
X-Instart-Info
X-Slack-Backend
X-Irp-Debug
X-Request-Host
X-Mvc-Supplant-Cachable
X-Reboot
X-TrackingId
X-Varnish-Authentication
X-Cache-Debug
X-Fastly-Cache
X-Webstats-RespID
X-We-Are-Hiring
X-Via-PopV
X-VServer
X-Core-Mission
X-BBXSRF
X-Cache-ASPX
X-Backend-Host
X-NC
Node
X-Contensis-Viewer-Groups
X-Origin-CC
X-Cdn-Forward
X-Origin-TTL
X-Li-Pop
X-Cache-Id
X-Li-Fabric
LB
Memcached
X-Platform-Server
X-GoCache-CacheStatus
X-LI-Proto
X-Esi-Check
X-SRV
X-LI-UUID
X-Gzip
X-TT-TIMESTAMP
X-Ms-Version
X-Envoy-Upstream-Healthchecked-Cluster
X-UA
X-Ms-Request-Id
HostName
X-Configured-By
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Wa
X-NU-AKA-ACS-Version
X-Edge-Location
Tracecode
X-ZONE
X-BC
X-Key
X-Vgn-Hpd-Reason
Referer-Policy
MIME-Version
Esi-Enabled
Pragrma
X-Refresh
X-Varnish-URL
NtCoent-Length
GEO-INFO
X-BACKEND-TTL
Server-ID
X-Servedbyhost
X-Mvc-Supplant-OutputCached
L
Ohc-File-Size
X-Ua-Device
Fastly-Backend-Name
X-Via-CDN
X-Server-IP
X-App-Name
X-TIME
Cache-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Nginx-Cache
X-B3-Traceid
Memory
X-Up
X-Bc
X-Zone
X-Sucuri-ID
X-Varnish-Ttl
Server-Cache-Control
Server-Surrogate-Control
X-Batcache
X-Minions-Version
X-Cdn-Srv
CACHE
X-Unique-ID
X-VCT
X-S-Maxage
Ohc-Response-Time
X-FPC
X-Svr
X-Pjax-Url
X-VCL-Version
X-ND-Cache
X-Generated-By
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-ElasticPress-Query
X-Aicache-OS
X-COUNTRY
X-Oss-Request-Id
X-GEO
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
FSS-Cache
X-CF-Powered-By
X-Rocket-Nginx-Bypass
Request-EU
DCR-Decision-By
Resin-Trace
GeoIP-Country-Code
Request-Country
Heartbleed
Locid
DCR-Processing-Time-Ms
X-Varnish-Hits
X-PF-Uncompressing
X-Ratelimit-Remaining
Pramga
X-Request-URI
Hostname
X-Azure-Ref-OriginShield
GeoIP-Latitude
Powered-By-ChinaCache
X-Fastly-Cache-Status
Location
Cteonnt-Length
Lfy
X-Check-Cacheable
X-BE
X-Sucuri-Cache
X-Shopify-Generated-Cart-Token
HitType
X-Fastly-Country-Code
X-Gamma-Serve
X-Edge-Server
X-PJAX-URL
Cdn-Host
Cdn-Request-Time
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
GeoIp-Country-Code
PFcat
X-LB-ID
X-Ratelimit-Reset
X-VarnishDD-TTL
X-Varnishpool
X-VHOST
CF-Cached-On
WZWS-RAY
X-WebServer
X-Fpc
X-OVcl
X-HS-Status
X-OVcl-Cache
X-Newrelic-App-Data
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Ssi
X-CSRF-TOKEN
X-Platform
X-Vcl-Version
X-Instart-Isnd
Product
X-Proxy-Upstream
X-Tec-Api-Root
X-Ratelimit-Limit
SRV
X-ECache
X-Tec-Api-Version
X-Tec-Api-Origin
X-Render-Time
X-Pf-Uncompressing
X-Cache-Expired-At
My-App
Mime-Version
X-Fetched-On
Ohc-Cache-HIT
X-Sn-Servicetimems
X-Cdn-Origin
X-GeoIP-Country-Code
X-NGINX-Cache
X-Original-Request-Id
SN
X-Ftr-Cache-Host
X-Oracle-Dms-Rid
X-CLOUD-TRACE-CONTEXT
XServer
X-CACHE-AGE
X-Amzn-Remapped-Date
X-ServedByHost
Dt-Cache-Category
X-CUA
WWW-Authenticate
X-CACHE-KEY
X-Amzn-Remapped-Connection
X-Varnish-Url
URI
Epwk-X-Cache
X-Oss-Cdn-Auth
X-Swift-Error
Group
X-B3-Spanid
X-Request-Start
CloudFront-Viewer-Country
Pics-Label
X-Served-From
X-Cache-Tag
X-B3-SpanId
X-StackifyID
A
Cf-Alt-Svc
X-Client-Ip
Cdn
X-RunCloud-Cache
PICS-Label
Backend-Name
X-Debug-Cache-Fetch
Backend
X-Debug-Cache-Store
X-WR-MODIFICATION
X-Amzn-Requestid
Lb
X-Request-Time
Cloudfront-Viewer-Country
SID
Server-Ttl
X-LiteSpeed-Cache-Control
X-Apw-Access-Action
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-Bypass
X-Apw-Access-Object
X-Apw-Access-Token
X-Csrf-Jwt
X-Apw-Hits
X-Via-Ucdn
X-Debug-Cache-Status
X-Debug-Cache-String
X-Nananana
X-Debug-Ysi-Auth
X-WA
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Cache-Version
X-Via-Popv
Proxy-Firewall
Country-Code
X-Via-Poph
X-Via-NSCOPI
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-IN-APIGATEWAYSSL
Origin
X-IN-APIGATEWAY
NnCoection
X-Varnish-Beresp-TTL
X-Acquia-Site
X-Acquia-Purge-Tags
X-Cache-Hfrom
X-Cache-Hm
Cneonction
X-WPE-Loopback-Upstream-Addr
X-APP
X-Sigma-Backend
X-Sigma
X-Varnish-ID
X-Snapshot-Date
X-Lb-Id
X-Rocket-Build-Number
CF-IPCountry
Warning
Inserted-Into-Cache-At
X-Request-URL
X-Dw-Trace-Id
X-SB
X-VC
Geoip-City
X-Html-Edge-Cache
X-DPWN-IS-SECURE
Req-ID
X-ElasticPress-Search
X-Ocache
X-B3-Parentspanid