Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
P3p
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
Server-Timing
X-Pingback
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Accept-CH
Rating
X-Country-Code
X-Cnection
Accept-CH-Lifetime
X-Rack-Cache
Host-Header
Edge-Control
X-Url
RTSS
MS-Author-Via
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-Middleton-Display
X-Sol
Display
Response
Pagespeed
X-MS-InvokeApp
X-Cache-TTL
X-Content-Type
X-DynaTrace
X-Cdn
X-D2id
X-Ttl
X-Amz-Rid
X-NF-Request-ID
X-CST
X-Vcap-Request-Id
TCN
X-Cached
X-Abt-Application-Version
X-VARITI-CCR
AR-ATIME
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-CACHE
Pinterest-Generated-By
X-ESI
X-Version
X-Powered-CMS
X-Navigation-Version
X-Upstream
X-Fastly-Request-ID
Cache-Tag
X-Debug
X-Grace
X-Server-Name
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-XRDS-Location
Charset
X-MSEdge-Ref
X-Element-Page-Cache
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
Realpath
Nginx-Cache
Content-MD5
X-Ezoic-Cdn
X-Accel-Expires
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
Accept-Ch
SPIisLatency
SPRequestDuration
X-Jurisdiction
X-Hp-Webp
X-Amz-Meta-S3cmd-Attrs
Pinterest-Version
X-Pinterest-Rid
SPRequestGuid
X-SharePointHealthScore
X-Recruiting
S
X-Id
X-Dw-Request-Base-Id
X-Kinsta-Cache
Accept-Ch-Lifetime
X-T
X-Content-Digest
X-Trace
Fastcgi-Cache
X-Logged-In
X-Cache-Key
X-Node-Name
X-NWS-LOG-UUID
X-TTL
TP-Cache
TP-L2-Cache
X-Hostname
X-Oneagent-Js-Injection
X-Mobile-URL
ServerID
X-Amzn-Trace-Id
Fastly-Restarts
X-Request-Received
X-Request-Processing-Time
X-Frontend
X-Cache-Hit
Front-End-Https
X-Cache-Age
Server-Node
X-FastCGI-Cache
X-Server-ID
X-Client-IP
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-Yandex-Sdch-Disable
Edge-Cache-Tag
X-Forwarded-For
Powered
X-Goog-Stored-Content-Length
X-FTR-Expires
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
Server-Name
PB-PID
PB-RID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Page-Id
X-Akamai-Edgescape
X-Hits
X-DIS-Request-ID
X-F-Cache
X-Revision
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Filters
X-LB-Cache
X-Jobs
X-Ah-Environment
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Zen-Fury
X-Origin-Server
X-Correlation-Id
Alternate-Protocol
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
DynaTrace
X-Fastcgi-Cache
X-Content-Powered-By
X-Mobile-Rewrite
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Geo-Country
X-Varnish-Age
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
Accept-Charset
X-N
X-FTR-Cache-Host
X-Ruxit-Js-Agent
X-B
X-RateLimit-Remaining
Cache-Tags
X-Varnish-Backend
X-Type
Paypal-Debug-Id
X-Varnish-Grace
X-Pass-Why
DC
X-Ser
X-Rid
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
Surrogate-Key
X-Esi
X-Git-Hash
X-Whom
X-Content-Options
X-B-Cache
X-Signature
Host
X-App-Environment
Section-Io-Cache
X-FB-Debug
Retry-After
X-TT
X-Request-Guid
X-Az
X-Activity-Id
X-Edge
X-AppVersion
X-IPLB-Instance
X-Status
Fastcgi-Useragent
X-Via-JSL
X-Debug-Info
Actual-Object-TTL
Frame-Options
X-Endurance-Cache-Level
X-Webkit-CSP
Healthy
Nel
MicrosoftSharePointTeamServices
X-ATG-Version
X-HTML-Minification-Powered-By
X-ATS-Timestamp
Srv
Backend-Timing
X-AOL-HN
X-Contextid
X-App-Server
X-Cache-Action
X-Seen-By
Content-Disposition
X-Release
X-Amzn-RequestId
X-Amz-Apigw-Id
X-ECACHE
From-Origin
Access-Control-Allow-Method
Refresh
X-Protected-By
X-B3-Sampled
X-Response-Served-From
X-Pinterest-Direct
X-Cache-Rule
X-Accel-Buffering
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Operation
X-Tumblr-User
X-Region
X-Mid
X-Is-Bot
X-Rendered-As
X-MCACHE
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Instance
X-Cacheable-TTL
X-UUID
X-Upgrade-Enabled
X-ProcessESI
X-FW-Server
X-WA-Info
X-L-Path
Datacenter
X-RemovedCookies
X-FW-Dynamic
X-Drupal-Cache-Tags
X-FW-Static
X-Environment-Context
X-FW-Serve
X-FW-Type
X-FW-Hash
X-Varnish-Server
Eomportal-Instance
X-Host-Name
X-Cache-Time
Payment
X-Rule
X-Adobe-Loc
X-Time
Uber-Trace-Id
Countrycode
X-Adobe-Content
MS-CV
X-Litespeed-Cache
X-EdgeConnect-Cache-Status
X-Cached-By
X-Akamai-Request-ID2
X-Proxy
Source
Xserver
X-Load-Cache
X-Cache-Control
X-Cache-Server
X-Mobile
X-NewRelic-App-Data
X-UnsetCookies
Access-Control-Request-Headers
X-PHP-Backend
X-Azure-Ref
X-Air-Hostname
Accept-Language
X-GeoIP
X-SERVER-NAME
Server-Info
X-Akamai-Transformed
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-NGX
X-NGENIX-Cache
X-Origin-Response-Time
X-Backend-Name
X-Tt-Trace-Host
X-NWS-UUID-VERIFY
X-Tt-Trace-Tag
X-Handled-By
Version
Liferay-Portal
X-Vcache
X-Mode
X-Framework
X-Wix-Request-Id
X-Unique-Id
X-RateLimit-Limit
X-Correlation-ID
X-CSRF-Token
Cache-Status
Filterid
X-URL
X-Presslabs-Stats
X-Cluster
X-FireWall-Port
X-Cache-Var-Map
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-VWS-Id
X-Path-Route
X-UPSTREAM-Address
X-RN-RSRV
X-UA-Device-Type
X-LJ-Flow-ID
X-ES-SERVER
Meta-Geo
Load-Balancing
X-Adobe-Source
X-AWS-Id
X-CCM
X-Cache-Var
Cross-Origin-Window-Policy
X-Access
X-Section
X-TX-ID
X-PERF
X-NCache
X-Routing-Service
X-Real-IP
X-Proxied
X-Pubstack
X-Qloud-Router
X-Viewer-Country
X-Zipkin-Id
ServedBy
Now
Mn-Server-Ip
X-ApacheServer
X-Detected-As
X-MP-GENERATED-AT
X-IP
X-Format
Akamai-GRN
DSUID
Cache
X-IPS-LoggedIn
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Section-Origin-Responded
Webcakes-App-Version
Section-Io-Origin-Status
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
X-Ua
Property-Id
Webcakes-Region
Section-Io-Id
S-Rt
Section-Io-Origin-Time-Seconds
X-Amzn-Remapped-Content-Length
X-Say-TTL
X-Say-Cacheable
X-PCL
X-SayCDN-TTL
X-ServerID
X-Web-Node
X-Varnish-Cache-Hits
X-Storage
X-Origin-Hint
X-OCL
X-Cache-Status-Check
X-Cache-Config
X-Bc-Bl
X-CS
X-Device-Type
X-Info
X-Human
X-FW-Version
Cache-Tv-Group
X-R9-Blue-Green-Version
Cache-Hits
Apigw-Requestid
X-FC-Vary-Parameters
X-Locale
X-Hosted-By
X-EIG-Tracking-Id
X-Labrador-Cache-Channel
X-Cache-Enabled
Webserver
X-Alternate-Cache-Key
X-BYPASS-REASON
X-NYM-Debug-Backend
X-Cache-Host
X-PHP-Host
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
Cache-Name
X-Via-Fastly
X-ShopId
X-ShardId
X-Hyper-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-Redis-Cache
X-Origin
X-Time-Microsecs
Cleartype
Fastly-SSL
Azure-Version
X-FB-TRIP-ID
Azure-RegionName
X-Geo
Origin-Cache-Control
Azure-InstanceId
NGB
X-Www-Served-By
X-From
X-Content-Age
X-Hl-Ver
X-TNCMS
X-Timing-Wait
X-Proxy-Build
X-Site-Version
X-Loop
X-SaId
X-Cache-Remote
X-PressLabs-Stats
X-JoinUs
X-BCube-Filmed-By
Azure-SlotName
Selected-Fe
X-APP-VERSION
Azure-SiteName
X-Cache-2
Ms-Operation-Id
X-RTag
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-No-Session
X-Generated
Ec-Rule-Version
X-XRDS-LOCATION
X-CDN-Forward
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
Time
Origin-Edge-Control
X-Xfnlog-Site
X-SRV
X-EC-Lua
X-VCache
X-Backend-TTL
SD-X-WS
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
X-Pad
X-Debug-Cache
X-Source
X-Soup
X-Storefront-Renderer-Rendered
X-Old-Content-Length
X-Varnish-Hostname
X-NC
Upgrade-Insecure-Requests
X-Cluster-Node
X-Proto
X-Akamai-Request-ID
X-App-Version
X-Tb
X-RequestSource
X-TA-CDN-Provider
User-Agent
X-Cache-PHP
X-DC
X-Parent-Response-Time
X-RCS-CacheZone
X-Cache-NE
LB
Geo-Info
Proxy-Connection
Referer-Policy
Cache-Key
X-App
X-Cache-Backend
GEO-INFO
FilterID
X-Client-Ip
X-FORWARDED-FOR
X-Magnolia-Registration
X-Cache-Grace
X-Origin-CC
X-Origin-TTL
X-Date
X-Edge-Location
X-G
X-Generation-Time
X-External-Request-Id
X-DevSite-Last-Modified
X-Developer
X-Developers
X-Destination
X-Aed
IsBot
VivaBuild
Viewtype
Who
X-A
FNAC-ModuleRouting
GEO-REGION-INFO
X-A-Ccd
M-TraceId
Machine
N-Cache
T-Server
On-Server
Mobile-Detection-Method
Meta-Geo-Continent
UCS
True-Client-Country-4JS
MD5-Digest
X-A-Dam
X-A-Dcw
Arc-Country
AsisCache
BehaviorPad-Version
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
NGX
X-Cms-Context
X-B-Cookie
X-ARC
X-A-Wwc
Fastcgi-X-Cache-Version
X-A-Dgt
X-Accel-Expires-Debug
Content-Style-Type
X-Application
CacheControlHeader
Content-Script-Type
X-D
X-Nginx-Cache-Key
X-Vtex-Remote-Cache
X-SD-PageType
X-Region-Sid
X-ScT
X-Transaction
X-Trv-Group
Xc-Version
X-PAYTM-SRV-ID
X-Processor
X-Tumblr-Pixel-3
X-Trace-Id
X-SVT-ORM-VERSION
X-S
X-Proxy-Cache-Status
X-Rojux
X-Rewrite-Enabled
X-Response-By
X-AIR-PT
X-S-Cookie
X-Swa-Ws
Rendered-Blocks
X-NodeID
X-SVT-ORM-RULES
X-VG-WebServer
X-Twitter-Response-Tags
X-VG-WebCache
X-Vdms-Path
X-SRCache-Key
X-SIPLIST1
X-Vdms-Version
X-Vtex-Processado-Em
User-Cache-Control
X-Uri
X-Forwarded-Host
We-Hiring
X-SN
Sever-Int
Thinkindot-CacheControl
ServerName
X-Thanos
X-Agile
Server-Ext
Server-Host
X-Scheme
Server-Hostname
X-User
X-WADP-Cache
Web-Mar-Node
Wxu-Next-Hostname
X-Agile-Age
V-Age
Wxu-Next-Commit
Wxu-Next-Region
X-Servername
X-ServiceProvider
Thinkindot-CacheControl-Type
Vix-Hermes-Req-Id
X-Server-W
X-Varnish-Cacheable
X-Reqid
X-Micro-Cache
X-Method
X-Matched-Rule
X-Logging-Id
Pragrma
X-Generated-On
X-Gen-Mode
X-Node-Id
X-Generated-In
X-Geo-Header
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Key
X-LAGOON
X-Hnp-Log
X-Level-Front-Cache
X-Hash
X-Location
X-Loc
X-Fmm-Version
X-Owner
X-Block-Status
X-Cache-Bucket
X-Cache-Info
X-Cache-URL
X-Bip
X-Backend-State
X-Thinkindot-L3
X-Wikidot-Backend
X-Auto-Login
X-Req
X-Clara-WADP
X-Policy
X-Device-Os
X-Dispatch
X-Dispatcher-Server
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Wikidot-Static-Cache
X-Compress-Hint
X-Worker
X-Agile-Id
Thinkindot-Control
Gh-Request-Id
CDCHOST
Kp-EeAlive
Magicmarker
Mail-Subject
OT-Force-Account-Verify
Apple-News-Services-Parsed-Url
X-Distributor
Node
AKAMAI
Apple-News-Services-Handled
Apple-News-Services-Host
NM-Fastcgi-Cache
Apple-News-Services-Request-Url
Release
Pagetype
X-Hit
X-Cluster-Name
X-Request-UUID
X-Clientip
X-Request-Host
X-Contensis-Viewer-Groups
X-CGP
X-Core-Mission
Adler-Geo
Rt-Fastcgi-Cache
X-Cache-FS-Status
X-Cache-ASPX
X-Cache-Tags
X-Slack-Backend
X-Core-Value
X-Skip-Cache
X-Session-Fingerprint
X-Varnish-Beresp-Status
X-NU-AKA-ACS-Version
X-Eu-Site
X-Esi-Check
X-Fastly-Cache
X-Mvc-Supplant-Cachable
X-Gzip
X-Irp-Debug
X-Epic-Correlation-Id
X-Origin-Date
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Grace
X-BBXSRF
X-Distil-CS
X-Rebelmouse-Cache-Control
X-Envoy-Decorator-Operation
X-Origin-Expires
X-Varnish-Beresp-Ttl
X-Cache-Id
X-Varnish-Authentication
Is-Eu
W
X-Variation
X-Var-Ttl
L5d-Success-Class
Fastly-Drupal-HTML
Fastly-SIE
Ha-Gx-Prefs
X-VG-TLSProxy
HA-Ipaddr
X-VServer
Fastly-SWR
Platform
X-TrackingId
X-VC-Cache
X-Backend-Host
X-Webstats-RespID
C-Via
MIME-Version
X-TH-Server
Viewport
X-We-Are-Hiring
X-Newrelic-Synthetics
X-GoCache-CacheStatus
Memcached
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Reboot
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
RNT-Machine
RNT-Time
Sid
X-Up
X-Wa
Fastly-Backend-Name
X-Via-CDN
X-Configured-By
X-ZONE
X-BC
X-Dc
X-Minions-Version
X-Branch-Name
X-Cache-Debug
X-Batcache
Cf-Ipcountry
X-Varnish-URL
X-ElasticPress-Query
X-Refresh
X-Be
X-Aicache-OS
X-Srv
X-Nc
X-Servedbyhost
X-Nginx-Cache
S-Cnection
X-Ua-Device
X-Instart-Info
CACHE
X-UA
X-B3-Traceid
HostName
X-BE
X-Via-PopV
X-Mvc-Supplant-OutputCached
X-Platform-Server
X-Via-PopH
DCR-Processing-Time-Ms
DCR-Decision-By
Hostname
X-Envoy-Upstream-Healthchecked-Cluster
X-Microcachable
Pramga
X-Ms-Request-Id
X-TT-TIMESTAMP
X-VCL-Version
X-Ms-Version
X-MSEdge-Features
X-MSEdge-Flight
X-ND-Cache
Memory
X-Fastly-Cache-Status
X-Varnishpool
X-Sucuri-ID
X-Ratelimit-Reset
X-TIME
Location
X-Bc
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
X-PF-Uncompressing
HitType
X-Zone
Esi-Enabled
X-Pjax-Url
X-LB-ID
X-Cdn-Forward
GeoIP-Country-Code
NtCoent-Length
X-Original-Request-Id
Powered-By-ChinaCache
X-COUNTRY
X-Sucuri-Cache
X-Oss-Object-Type
X-Oss-Server-Time
X-App-Name
X-Oss-Hash-Crc64ecma
Server-ID
X-CF-Powered-By
GeoIP-Latitude
X-Oss-Storage-Class
X-Oss-Request-Id
X-Check-Cacheable
X-FPC
L
FSS-Cache
X-Vgn-Hpd-Reason
PFcat
X-GEO
Cache-Host
X-Cdn-Srv
X-OVcl
X-VarnishDD-TTL
X-OVcl-Cache
X-Server-IP
Ohc-File-Size
Resin-Trace
Server-Surrogate-Control
X-Instart-Isnd
Server-Cache-Control
X-Vgn-Hpd-Cached
X-Generated-By
X-Vgn-Hpd-Variations-Key
X-Svr
X-Azure-Ref-OriginShield
X-Vgn-Hpd-Ssi
X-Fastly-Backend-Reqs
X-Varnish-Ttl
X-Render-Time
X-Platform
X-BACKEND-TTL
Cteonnt-Length
X-S-Maxage
Ohc-Response-Time
X-Fastly-Country-Code
X-CUA
Tracecode
X-Rocket-Nginx-Bypass
X-Unique-ID
X-HS-Status
X-VHOST
X-Cache-Expired-At
Pics-Label
Epwk-X-Cache
X-PJAX-URL
X-Fpc
X-VCT
X-CSRF-TOKEN
X-Varnish-Hits
GeoIp-Country-Code
Geoip-Latitude
Request-EU
WPE-Backend
Locid
Request-Country
X-Edge-Server
Cdn-Request-Time
Heartbleed
Cdn-Host
NR-ENABLED
CF-Cached-On
X-Newrelic-App-Data
SRV
Amp-Access-Control-Allow-Source-Origin
X-Pf-Uncompressing
X-RunCloud-Cache
X-Request-URI
X-Vcl-Version
Backend
X-Ratelimit-Remaining
Backend-Name
X-Oracle-Dms-Rid
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Via-Popv
X-Via-Poph
Lfy
SN
X-Csrf-Jwt
X-Gamma-Serve
WWW-Authenticate
X-StackifyID
X-NGINX-Cache
X-CACHE-KEY
X-ECache
X-ServedByHost
X-Ratelimit-Limit
X-Varnish-Url
X-Amzn-Remapped-Date
X-Sigma-Backend
X-Amzn-Remapped-Connection
XServer
X-Sigma
X-Rocket-Build-Number
X-Request-Time
X-Ftr-Cache-Host
URI
X-WebServer
X-Oss-Cdn-Auth
X-Tec-Api-Root
X-Tec-Api-Origin
CloudFront-Viewer-Country
CF-IPCountry
X-Tec-Api-Version
Host-ID
X-Nananana
X-Shopify-Generated-Cart-Token
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
Product
X-Apw-Access-Object
X-Apw-Access-Action
X-Proxy-Upstream
X-Apw-Access-Token
X-Apw-Hits
Lb
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Bypass
Cloudfront-Viewer-Country
X-Debug-Cache-String
X-Debug-Cache-Status
X-Cdn-Origin
X-B3-Spanid
My-App
X-Fetched-On
WZWS-RAY
X-Debug-Xas-Auth
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Tag
X-Debug-Ysi-Auth
PICS-Label
Server-Ttl
Country-Code
SID
X-LiteSpeed-Cache-Control
X-Cache-Version
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
X-Via-Ucdn
CDN-PullZone
CDN-CachedAt
Dnion-Transfer-Encoding
A
CDN-Cache
CDN-EdgeStorageId
X-GeoIP-Country-Code
X-Acquia-Application-UUID
Proxy-Firewall
X-Acquia-Purge-Tags
X-Acquia-Site
Cneonction
X-WA
X-Acquia-Application-Trace
Ohc-Cache-HIT
Mime-Version
Cf-Alt-Svc
Dt-Cache-Category
X-Varnish-Beresp-TTL
X-Dw-Trace-Id
X-Amz-Meta-Cb-Modifiedtime
Surrogated-Key
X-VC
X-SB
X-ElasticPress-Search
X-IN-APIGATEWAY
X-WR-MODIFICATION
Warning
X-B3-SpanId
X-Request-URL
Inserted-Into-Cache-At
X-Html-Edge-Cache
X-Snapshot-Date
FSS-Proxy
X-Swift-Error
X-IN-APIGATEWAYSSL