Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-AH-Environment
X-Server
P3p
X-Turbo-Charged-By
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Request-ID
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Backend-Server
X-Cache-Lookup
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
Accept-CH
X-Clacks-Overhead
X-Px
RTSS
MS-Author-Via
Accept-CH-Lifetime
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Goog-Hash
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
X-Varnish-TTL
X-B3-TraceId
Public-Key-Pins
X-GitHub-Request-Id
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Sol
X-Middleton-Display
Pagespeed
X-Pass-Why
X-Middleton-Response
Display
Response
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-DynaTrace
X-D2id
X-Amz-Rid
X-Content-Type
X-Vcap-Request-Id
X-CST
TCN
X-Cached
Pinterest-Generated-By
X-NF-Request-ID
X-Abt-Application-Version
X-VARITI-CCR
Host-Header
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-Navigation-Version
X-ESI
X-Version
X-Fastly-Request-ID
Cache-Tag
X-Ttl
Accept-Ch
X-Powered-CMS
X-Upstream
X-Server-Name
X-Instart-Request-ID
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Debug
Access-Control-Request-Method
X-MSEdge-Ref
X-XRDS-Location
Charset
Nginx-Cache
X-Accel-Expires
Accept-Ch-Lifetime
Content-MD5
MRF-Tech
Mrf-Cache-Status
SPRequestDuration
X-B3-TraceId-Primal
SPIisLatency
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Ezoic-Cdn
X-Element-Page-Cache
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Server-ID
S
Realpath
X-TTL
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Jurisdiction
X-Hp-Webp
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Client-IP
X-Trace
X-Kinsta-Cache
Fastcgi-Cache
X-Content-Digest
X-Node-Name
X-T
X-Logged-In
X-Cache-Key
X-Mobile-URL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
TP-Cache
TP-L2-Cache
X-Frontend
Server-Node
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Hostname
ServerID
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Realm
Edge-Cache-Tag
X-FTR-Expires
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Forwarded-For
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Fastly-Restarts
X-Goog-Metageneration
Server-Name
X-Yandex-Sdch-Disable
PB-RID
Arc-Version
PB-PID
Powered
X-Microsite
X-Request-Handler-Origin-Region
DynaTrace
X-User-Agent
X-Content-Security-Policy-Report-Only
Filters
X-Zen-Fury
X-Revision
X-Page-Id
X-DIS-Request-ID
X-F-Cache
X-Hits
X-Jobs
X-LB-Cache
X-Akamai-Edgescape
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
Accept-Charset
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Correlation-Id
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Geo-Country
X-Origin-Server
X-Cdn
X-Varnish-Age
Alternate-Protocol
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-FTR-Cache-Host
X-N
AMP-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-ATS-Timestamp
X-Daa-Tunnel
Backend-Timing
X-B
X-Varnish-Backend
Cache-Tags
X-Rid
X-Via-JSL
MicrosoftSharePointTeamServices
X-AppVersion
X-Activity-Id
X-Az
X-RateLimit-Remaining
X-Amz-Replication-Status
X-Type
X-WebKit-CSP-Report-Only
X-Esi
X-Varnish-Grace
Section-Io-Cache
X-FB-Debug
Retry-After
X-Whom
Surrogate-Key
DC
X-Request-Guid
X-Signature
X-TT
X-Git-Hash
X-B-Cache
X-App-Environment
X-Fastcgi-Cache
X-Content-Options
Host
X-Status
Paypal-Debug-Id
X-Debug-Info
X-Edge
Frame-Options
X-ATG-Version
Actual-Object-TTL
X-Ser
Fastcgi-Useragent
X-App-Server
Healthy
X-IPLB-Instance
Nel
X-Contextid
X-AOL-HN
X-Amzn-RequestId
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Cache-Action
Srv
X-Seen-By
X-Pinterest-Direct
X-ECACHE
X-B3-Sampled
X-Host-Name
From-Origin
Access-Control-Allow-Method
Refresh
X-Amz-Apigw-Id
X-Tumblr-User
X-Drupal-Cache-Tags
X-Upgrade-Enabled
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Accel-Buffering
X-Instance
X-Cache-Rule
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
X-Cache-Operation
X-UUID
VIX-Pulpo-Upstream-Status
X-MCACHE
VIX-Pulpo-Node
X-Region
X-Rendered-As
X-Rule
X-Mid
X-Is-Bot
Odigeo-Trace-Id
X-Protected-By
Eomportal-Instance
Content-Disposition
Payment
X-Cacheable-TTL
MS-CV
Datacenter
X-Environment-Context
X-L-Path
X-WA-Info
X-Time
X-Varnish-Server
X-FW-Server
X-FW-Type
Source
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Serve
X-Adobe-Loc
Countrycode
X-Adobe-Content
X-Cache-Time
X-Litespeed-Cache
X-PressLabs-Stats
Cache-Status
Xserver
X-Cache-Control
X-Cached-By
Uber-Trace-Id
X-Release
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Cache-Server
X-Akamai-Request-ID2
X-UnsetCookies
X-Proxy
X-GeoIP
X-Mobile
X-VCache
X-Akamai-Transformed
X-SERVER-NAME
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Azure-Ref
X-Tt-Trace-Tag
Access-Control-Request-Headers
X-Wix-Request-Id
X-Tt-Trace-Host
X-Origin-Response-Time
X-NewRelic-App-Data
Version
X-PHP-Backend
X-Cluster
X-Mode
X-IPS-LoggedIn
X-Handled-By
X-NWS-UUID-VERIFY
Accept-Language
X-NGENIX-Cache
X-Air-Hostname
Liferay-Portal
X-Correlation-ID
X-Cache-NGX
NGB
X-Backend-Name
Filterid
X-URL
X-Tumblr-Pixel-1
X-Ua
X-Tumblr-Pixel-2
X-Cache-Remote
X-Cache-Var
X-UPSTREAM-Address
X-Cache-Status-Check
X-UA-Device-Type
X-Adobe-Source
Meta-Geo
Load-Balancing
X-FireWall-Port
Cross-Origin-Window-Policy
X-AWS-Id
X-Cache-Var-Map
X-LJ-Flow-ID
X-RN-RSRV
X-CCM
X-Framework
X-Path-Route
X-ES-SERVER
X-VWS-Id
X-PCL
X-Routing-Service
X-ApacheServer
X-Real-IP
DSUID
Mn-Server-Ip
X-Viewer-Country
Cache-Hits
X-Storage
X-Detected-As
X-MP-GENERATED-AT
X-Zipkin-Id
X-OCL
X-CSRF-Token
X-TX-ID
Decoy-Debug-Status
Decoy-Debug-Key
X-PERF
X-Proxied
Decoy-Debug-TTL
Section-Origin-Responded
Section-Io-Origin-Status
ServedBy
X-Access
X-Section
Section-Io-Id
Now
Akamai-GRN
Cache-Name
Fastly-SSL
Ms-Operation-Id
X-SayCDN-TTL
X-Say-TTL
X-IP
X-Info
X-Qloud-Router
X-NCache
X-No-Session
X-Format
X-R9-Blue-Green-Version
X-Say-Cacheable
X-Bc-Bl
X-Cache-Config
X-RTag
X-Web-Node
Section-Io-Origin-Time-Seconds
Cache
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
X-ServerID
Webserver
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
X-ShopId
X-Shopify-Stage
S-Rt
X-PHP-Host
TWC-Connection-Speed
X-ShardId
X-Alternate-Cache-Key
X-Cache-Enabled
X-Locale
X-Labrador-Cache-Channel
X-Human
X-Pubstack
X-ProxyCache-Status
X-Origin-Hint
X-ProxyCache-Key
X-Hosted-By
X-Hl-Ver
X-CS
X-Redis-Cache
X-Sorting-Hat-PodId
X-Device-Type
X-EIG-Tracking-Id
X-FW-Version
X-FC-Vary-Parameters
X-BYPASS-REASON
Webcakes-App-Version
X-Via-Fastly
Cache-Tv-Group
X-Sorting-Hat-ShopId
X-Varnish-Cache-Hits
Cleartype
X-APP-VERSION
X-TNCMS
X-BCube-Filmed-By
X-Loop
X-NYM-Debug-Backend
X-SaId
X-From
X-Generated
X-Www-Served-By
X-FB-TRIP-ID
X-JoinUs
X-Content-Age
X-Timing-Wait
X-RateLimit-Limit
X-Origin
X-Time-Microsecs
X-Proxy-Build
X-Site-Version
Selected-Fe
X-Amzn-Remapped-Content-Length
X-Cache-Host
X-Hyper-Cache
X-Geo
DB-Nickname
X-RequestSource
Server-Info
Azure-SlotName
Azure-RegionName
Origin-Cache-Control
Azure-InstanceId
X-XRDS-LOCATION
Azure-SiteName
Azure-Version
Ec-Rule-Version
Origin-Edge-Control
X-Xfnlog-Site
X-Drupal-Cache-Contexts
Geo-Info
X-Cache-TTL-Remaining
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
Time
X-Unique-Id
X-Cache-2
X-Urbn-Context-Path
X-EC-Lua
X-Urbn-Site-Id
User-Agent
Locale
X-Pad
Country
X-Old-Content-Length
Apigw-Requestid
X-Cluster-Node
X-Varnish-Hostname
X-Source
X-Cache-NE
X-Presslabs-Stats
Upgrade-Insecure-Requests
X-Vcache
X-Parent-Response-Time
X-Akamai-Request-ID
X-RCS-CacheZone
X-Debug-Cache
FilterID
X-App-Version
X-Webkit-CSP
X-Soup
X-DC
X-Cache-Backend
Proxy-Connection
X-Proto
X-Tb
X-Backend-TTL
X-CDN-Forward
X-Cache-Grace
X-Proxy-Cache-Status
X-Forwarded-Host
X-AIR-PT
X-Cache-PHP
NR-ENABLED
WPE-Backend
X-FORWARDED-FOR
X-SRV
X-Nc
X-Tumblr-Pixel-3
X-Srv
UCS
X-Destination
X-Developer
X-VG-WebServer
X-Date
Viewtype
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebCache
True-Client-Country-4JS
X-Vdms-Path
X-G
Content-Script-Type
X-A
X-Uri
Thinkindot-CacheControl-Type
X-D
Thinkindot-Control
X-External-Request-Id
X-Vdms-Version
X-DevSite-Last-Modified
X-Connection-Hash
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-A-Wwc
X-A-Dgt
X-A-Ccd
Cache-Key
X-A-Dam
X-A-Dcw
X-B-Cookie
Who
X-Storefront-Renderer-Rendered
BehaviorPad-Version
VivaBuild
Thinkindot-CacheControl
X-CF-Lambda-Version
X-CF-Lambda-Fn
Xc-Version
Arc-Country
AsisCache
Machine
Content-Style-Type
X-Matched-Rule
X-ScT
N-Cache
T-Server
X-SD-PageType
X-Session-Fingerprint
X-ServiceProvider
X-Region-Sid
X-S-Cookie
X-S
X-Response-By
X-Reqid
IsBot
X-Nginx-Cache-Key
Mobile-Detection-Method
X-Rojux
X-Rewrite-Enabled
X-SIPLIST1
Meta-Geo-Continent
X-Transaction
Server-Host
FNAC-ModuleRouting
X-Thinkindot-L3
X-Trv-Group
ServerName
Fastcgi-X-Cache-Version
X-Twitter-Response-Tags
M-TraceId
Pagetype
GEO-REGION-INFO
MD5-Digest
X-SRCache-Key
Rendered-Blocks
X-Processor
X-PAYTM-SRV-ID
User-Cache-Control
OT-Force-Account-Verify
NGX
Wxu-Next-Region
Magicmarker
Mail-Subject
Vix-Hermes-Req-Id
V-Age
RNT-Machine
RNT-Time
Server-Ext
Sever-Int
Release
On-Server
Wxu-Next-Commit
Web-Mar-Node
We-Hiring
NM-Fastcgi-Cache
Wxu-Next-Hostname
X-Core-Value
X-Swa-Ws
X-LAGOON
X-Level-Front-Cache
X-Loc
X-Hnp-Log
X-Hash
X-Generation-Time
X-Trace-Id
X-Geo-Header
X-SN
X-Location
X-RateLimit-Limit-Second
X-Policy
X-NodeID
X-Node-Id
X-RateLimit-Remaining-Second
X-Req
X-Servername
X-Scheme
X-Method
X-Generated-On
X-User
X-Worker
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Clara-WADP
X-Cache-URL
X-Cache-Info
X-Block-Status
X-Branch-Name
X-Cache-Bucket
X-Cms-Context
X-WADP-Cache
X-Gen-Mode
X-VC-Cache
X-Varnish-Cacheable
X-Generated-In
X-Fmm-Version
X-Dispatcher-Server
X-Developers
X-Device-Os
X-Dispatch
X-Backend-State
Server-Hostname
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Cluster-Name
CacheControlHeader
X-Newrelic-Synthetics
CDCHOST
S-Cnection
Apple-News-Services-Host
Apple-News-Services-Handled
X-App
Kp-EeAlive
X-Origin-TTL
X-Origin-CC
X-Hit
Node
Sid
X-Magnolia-Registration
Cf-Ipcountry
X-Envoy-Decorator-Operation
LB
X-Be
X-Esi-Check
X-Fastly-Cache
X-JWT-State
X-Eu-Site
X-Bip
X-Request-Host
X-Request-UUID
X-Epic-Correlation-Id
X-BBXSRF
X-Server-W
X-Auto-Login
X-TH-Server
X-Gzip
X-Has-Esi
X-Slack-Backend
X-Is-Gdpr
X-Skip-Cache
X-Irp-Debug
X-Cache-Debug
X-Cache-FS-Status
X-Compress-Hint
X-Clientip
X-CGP
X-Core-Mission
X-Owner
X-Origin-Expires
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-TA-CDN-Provider
X-Agile-Id
X-Cache-Id
X-Distil-CS
X-Distributor
X-Reboot
X-Logging-Id
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cache-Tags
X-Origin-Date
X-Thanos
Fastly-SWR
X-Agile-Age
Rt-Fastcgi-Cache
X-VG-TLSProxy
Fastly-SIE
X-Variation
Fastly-Drupal-HTML
X-We-Are-Hiring
X-Webstats-RespID
HA-Ipaddr
Is-Eu
L5d-Success-Class
Ha-Gx-Prefs
Platform
X-NC
Gh-Request-Id
X-Var-Ttl
X-VServer
AKAMAI
W
X-Agile
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Adler-Geo
X-TrackingId
C-Via
Viewport
X-Ah-Environment
X-Backend-Host
X-NU-AKA-ACS-Version
X-SVT-ORM-RULES
X-LI-UUID
X-Configured-By
X-GoCache-CacheStatus
X-Li-Pop
X-Li-Fabric
X-SVT-ORM-VERSION
X-LI-Proto
X-Cache-ASPX
Memcached
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Microcachable
X-Edge-Location
Referer-Policy
X-Wa
X-Instart-Info
X-Key
X-Cdn-Forward
HostName
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Via-PopH
X-Via-PopV
X-Envoy-Upstream-Healthchecked-Cluster
Pragrma
X-Platform-Server
X-Dc
X-TT-TIMESTAMP
X-Refresh
X-Varnish-URL
X-Ms-Version
MIME-Version
X-Ms-Request-Id
X-BC
X-ZONE
Fastly-Backend-Name
X-Servedbyhost
NtCoent-Length
X-Ua-Device
X-Via-CDN
Esi-Enabled
X-Up
CACHE
X-Mvc-Supplant-OutputCached
X-B3-Traceid
X-UA
GEO-INFO
X-Vgn-Hpd-Reason
X-MSEdge-Features
X-Nginx-Cache
X-App-Name
Memory
Tracecode
X-MSEdge-Flight
X-Batcache
Server-ID
L
X-Zone
X-BACKEND-TTL
X-Bc
Ohc-File-Size
X-Server-IP
X-VCL-Version
X-Minions-Version
X-ND-Cache
X-ElasticPress-Query
Cache-Host
X-Unique-ID
X-TIME
X-Aicache-OS
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Cdn-Srv
X-Svr
X-Pjax-Url
X-Generated-By
GeoIP-Country-Code
X-Sucuri-ID
X-COUNTRY
Server-Cache-Control
Server-Surrogate-Control
X-S-Maxage
Ohc-Response-Time
X-Oss-Storage-Class
DCR-Processing-Time-Ms
X-Oss-Request-Id
X-CF-Powered-By
DCR-Decision-By
X-Oss-Hash-Crc64ecma
X-Oracle-Dms-Rid
X-FPC
FSS-Cache
X-Oss-Server-Time
X-Oss-Object-Type
GeoIP-Latitude
X-VCT
X-GEO
X-Fastly-Cache-Status
X-Azure-Ref-OriginShield
Powered-By-ChinaCache
X-Rocket-Nginx-Bypass
Location
Hostname
X-PF-Uncompressing
Pramga
Resin-Trace
X-BE
HitType
X-Check-Cacheable
Request-EU
X-LB-ID
Heartbleed
Locid
X-Varnish-Ttl
Request-Country
X-Ratelimit-Reset
X-Varnishpool
Cteonnt-Length
X-Varnish-Hits
X-Client-Ip
Amp-Access-Control-Allow-Source-Origin
X-VarnishDD-TTL
PFcat
X-Request-URI
Cdn-Host
X-Edge-Server
Cdn-Request-Time
X-Vgn-Hpd-Ssi
X-Sucuri-Cache
X-Vgn-Hpd-Variations-Key
X-OVcl
X-Vgn-Hpd-Cached
Lfy
X-OVcl-Cache
X-VHOST
X-Instart-Isnd
X-Fpc
X-Fastly-Backend-Reqs
X-Newrelic-App-Data
X-Gamma-Serve
X-Fastly-Country-Code
X-Platform
X-PJAX-URL
CF-Cached-On
X-CSRF-TOKEN
X-Shopify-Generated-Cart-Token
GeoIp-Country-Code
X-HS-Status
Geoip-Latitude
X-Render-Time
X-Cache-Expired-At
X-Original-Request-Id
SRV
X-Vcl-Version
SN
X-Pf-Uncompressing
X-WebServer
X-Ratelimit-Remaining
WZWS-RAY
Product
X-Proxy-Upstream
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-CUA
Mime-Version
X-Sn-Servicetimems
Epwk-X-Cache
X-CACHE-KEY
X-NGINX-Cache
X-Cdn-Origin
X-Fetched-On
WWW-Authenticate
X-ECache
My-App
Pics-Label
X-Amzn-Remapped-Connection
XServer
X-Amzn-Remapped-Date
X-Ratelimit-Limit
URI
X-ServedByHost
Ohc-Cache-HIT
X-Varnish-Url
X-GeoIP-Country-Code
X-Ftr-Cache-Host
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
X-Tec-Api-Version
Backend
X-RunCloud-Cache
Dt-Cache-Category
A
X-B3-SpanId
Backend-Name
X-StackifyID
X-Tec-Api-Root
X-Tec-Api-Origin
X-Dynatrace
X-Via-Poph
X-Csrf-Jwt
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Via-Popv
X-Request-Start
X-Swift-Error
Lb
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-Debug-Cache-Bypass
PICS-Label
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
Server-Ttl
X-Cache-Tag
X-LiteSpeed-Cache-Control
X-Served-From
Cloudfront-Viewer-Country
Cdn
Group
X-Nananana
SID
X-Cache-Version
X-Sigma-Backend
X-WR-MODIFICATION
Proxy-Firewall
X-Sigma
Host-ID
X-Cache-Hfrom
X-Cache-Hm
X-WA
X-Rocket-Build-Number
X-Varnish-Beresp-TTL
X-Acquia-Site
X-Acquia-Purge-Tags
X-Request-Time
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Object
X-Acquia-Application-UUID
Cneonction
X-Acquia-Application-Trace
X-Apw-Access-Token
X-APP
CF-IPCountry
Warning
X-Snapshot-Date
X-SB
Inserted-Into-Cache-At
X-Varnish-ID
X-Dw-Trace-Id
X-VC
X-Request-URL
X-Html-Edge-Cache
Cf-Alt-Svc
X-ElasticPress-Search
Req-ID
X-Via-Ucdn
Origin