Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
CF-Ray
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Request-ID
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Page-Speed
X-Hacker
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Ac
X-Cache-Lookup
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Rack-Cache
X-Clacks-Overhead
X-Url
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-Goog-Hash
X-Powered-By-Plesk
Accept-CH-Lifetime
Verso
Service-Worker-Allowed
X-Varnish-TTL
X-B3-TraceId
Public-Key-Pins
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Pass-Why
X-Middleton-Display
X-Sol
X-Amz-Server-Side-Encryption
X-Middleton-Response
Response
Pagespeed
Display
X-Forwarded-Proto
X-DynaTrace
X-Cache-TTL
X-D2id
X-Amz-Rid
X-Content-Type
X-NF-Request-ID
X-CST
TCN
X-Cached
X-Abt-Application-Version
X-Vcap-Request-Id
Pinterest-Generated-By
X-VARITI-CCR
Accept-Ch
X-Ttl
Host-Header
AR-Request-ID
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Navigation-Version
X-Version
Cache-Tag
X-Fastly-Request-ID
Accept-Ch-Lifetime
X-Powered-CMS
X-Upstream
X-Server-Name
X-Instart-Request-ID
X-ESI
X-Debug
X-Grace
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Access-Control-Request-Method
X-MSEdge-Ref
X-XRDS-Location
Nginx-Cache
Charset
X-Accel-Expires
Content-MD5
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
SPRequestDuration
SPIisLatency
Realpath
X-Element-Page-Cache
X-SRCache-Store-Status
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
S
X-SharePointHealthScore
SPRequestGuid
Pinterest-Version
X-Pinterest-Rid
X-Shield-Request-Id
X-Client-IP
X-Hp-Webp
X-Jurisdiction
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Trace
X-TTL
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Server-ID
X-Cache-Key
X-Mobile-URL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
TP-Cache
TP-L2-Cache
X-Cache-Hit
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Frontend
X-Hostname
X-Amzn-Trace-Id
ServerID
X-FTR-DC
Front-End-Https
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
Edge-Cache-Tag
Fastly-Restarts
X-Forwarded-For
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
Server-Name
X-Yandex-Sdch-Disable
Arc-Version
PB-PID
PB-RID
Powered
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
X-Revision
Filters
X-Zen-Fury
X-User-Agent
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Hits
X-F-Cache
X-Akamai-Edgescape
X-Jobs
X-LB-Cache
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Accept-Charset
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
X-Cdn
X-Varnish-Age
Alternate-Protocol
X-Esi
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Correlation-Id
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-N
X-Ruxit-Js-Agent
X-B
X-Daa-Tunnel
X-ATS-Timestamp
Backend-Timing
Cache-Tags
X-Varnish-Backend
X-Via-JSL
MicrosoftSharePointTeamServices
X-Rid
X-Varnish-Grace
X-Type
X-Amz-Replication-Status
X-RateLimit-Remaining
X-AppVersion
Retry-After
X-Az
X-Activity-Id
DC
Section-Io-Cache
X-Git-Hash
X-FB-Debug
X-WebKit-CSP-Report-Only
Paypal-Debug-Id
X-Whom
X-Request-Guid
X-Fastcgi-Cache
X-App-Environment
Surrogate-Key
X-Status
X-B-Cache
X-TT
X-Signature
X-Debug-Info
Host
X-Content-Options
X-ATG-Version
X-Edge
Frame-Options
Actual-Object-TTL
Fastcgi-Useragent
X-Ser
X-App-Server
Healthy
X-IPLB-Instance
X-Contextid
Nel
X-Amzn-RequestId
X-AOL-HN
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
Srv
X-Cache-Action
X-Seen-By
X-Pinterest-Direct
X-ECACHE
X-B3-Sampled
X-Host-Name
Refresh
From-Origin
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-Drupal-Cache-Tags
X-Instance
X-Cache-Rule
X-Accel-Buffering
Access-Control-Allow-Method
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Response-Served-From
X-Protected-By
X-Cache-Operation
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cacheable-TTL
X-Rendered-As
X-UUID
X-Is-Bot
X-Rule
X-Region
X-Mid
Eomportal-Instance
X-L-Path
X-Environment-Context
X-MCACHE
Source
X-FW-Hash
X-FW-Dynamic
Datacenter
Payment
X-FW-Server
X-FW-Serve
X-WA-Info
Content-Disposition
X-FW-Type
X-FW-Static
X-Adobe-Content
MS-CV
X-Adobe-Loc
X-Cache-Time
X-Varnish-Server
X-Litespeed-Cache
X-Time
X-PressLabs-Stats
Countrycode
Cache-Status
X-Cache-Control
X-Cached-By
X-URL
X-Cache-Server
Uber-Trace-Id
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Release
Xserver
X-UnsetCookies
X-VCache
X-Proxy
X-Load-Cache
X-Akamai-Transformed
X-GeoIP
X-Correlation-ID
X-Mobile
X-SERVER-NAME
X-Yottaa-Optimizations
X-PHP-Backend
X-Yottaa-Metrics
X-Tt-Trace-Host
X-Tt-Trace-Tag
Access-Control-Request-Headers
X-Wix-Request-Id
X-Origin-Response-Time
X-Azure-Ref
Version
X-Mode
X-Handled-By
X-NewRelic-App-Data
X-Cluster
Filterid
X-NWS-UUID-VERIFY
Accept-Language
X-IPS-LoggedIn
X-Air-Hostname
NGB
X-NGENIX-Cache
Liferay-Portal
X-Cache-NGX
X-Backend-Name
X-Cache-Remote
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-APP-VERSION
X-UA-Device-Type
X-RN-RSRV
X-PERF
X-LJ-Flow-ID
X-Locale
X-Adobe-Source
X-UPSTREAM-Address
X-Routing-Service
X-ApacheServer
X-Zipkin-Id
X-Proxied
X-FireWall-Port
X-AWS-Id
X-CCM
X-Cache-Var-Map
Meta-Geo
X-Path-Route
X-Framework
X-Via-Fastly
Load-Balancing
X-Cache-Status-Check
X-Cache-Var
X-VWS-Id
X-ES-SERVER
ServedBy
X-Detected-As
Decoy-Debug-Status
Decoy-Debug-Key
Mn-Server-Ip
Decoy-Debug-TTL
X-MP-GENERATED-AT
X-Qloud-Router
X-TX-ID
X-PCL
X-Storage
X-Viewer-Country
X-Www-Served-By
X-Site-Version
X-OCL
X-R9-Blue-Green-Version
X-Redis-Cache
X-Ua
Cache
X-No-Session
X-NCache
X-Real-IP
Akamai-GRN
X-Say-TTL
Fastly-SSL
X-Pubstack
X-Format
X-Say-Cacheable
DSUID
Cache-Hits
Cache-Name
X-IP
X-Section
X-Bc-Bl
X-SayCDN-TTL
X-Web-Node
X-Access
X-Info
Section-Io-Id
X-Human
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
TWC-GeoIP-Country
Cross-Origin-Window-Policy
TWC-Device-Class
Now
X-Cache-Config
X-Cache-Enabled
Property-Id
S-Rt
Cache-Tv-Group
X-Alternate-Cache-Key
X-RTag
X-Sorting-Hat-ShopId
TWC-Connection-Speed
Ms-Operation-Id
Cleartype
X-Varnish-Cache-Hits
X-EIG-Tracking-Id
X-ShopId
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-ShardId
X-Labrador-Cache-Channel
X-Sorting-Hat-PodId
X-Origin-Hint
X-Hosted-By
X-Shopify-Stage
X-PHP-Host
X-FW-Version
X-Device-Type
TWC-GeoIP-LatLong
X-FB-TRIP-ID
X-BCube-Filmed-By
X-ServerID
X-Origin
X-CS
X-Time-Microsecs
Webserver
X-NYM-Debug-Backend
X-From
X-ProxyCache-Key
X-FC-Vary-Parameters
X-BYPASS-REASON
X-ProxyCache-Status
X-RequestSource
X-Amzn-Remapped-Content-Length
X-Content-Age
X-Loop
X-CSRF-Token
X-TNCMS
X-RateLimit-Limit
DB-Nickname
X-Cache-Host
X-Hl-Ver
X-Hyper-Cache
X-JoinUs
X-Timing-Wait
X-Generated
X-SaId
X-Proxy-Build
Ec-Rule-Version
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Server-Info
X-XRDS-LOCATION
Selected-Fe
X-Xfnlog-Site
X-Geo
Origin-Edge-Control
Origin-Cache-Control
Geo-Info
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-Goog-Meta-Goog-Reserved-File-Mtime
Time
SD-X-WS
X-Cache-2
Country
X-EC-Lua
X-Unique-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
User-Agent
X-Pad
X-Old-Content-Length
Apigw-Requestid
X-Varnish-Hostname
X-Source
X-Cluster-Node
X-Cache-NE
X-Presslabs-Stats
Upgrade-Insecure-Requests
X-Parent-Response-Time
X-Debug-Cache
X-Akamai-Request-ID
X-RCS-CacheZone
X-Soup
X-Webkit-CSP
X-Cache-Backend
FilterID
Proxy-Connection
X-Vcache
X-Proto
X-Tb
X-Backend-TTL
X-CDN-Forward
X-App-Version
X-Cache-Grace
X-Forwarded-Host
X-AIR-PT
X-DC
WPE-Backend
X-Proxy-Cache-Status
X-FORWARDED-FOR
X-Cache-PHP
NR-ENABLED
X-SRV
X-Tumblr-Pixel-3
X-Nc
X-Srv
X-VG-WebCache
X-ARC
X-Developer
X-Date
Cache-Key
X-DevSite-Last-Modified
X-Application
Xc-Version
X-CF-Lambda-Fn
X-Aed
X-Storefront-Renderer-Rendered
X-Connection-Hash
X-CF-Lambda-Version
X-Dispatch
X-D
X-Destination
X-B-Cookie
AsisCache
T-Server
ServerName
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
GEO-REGION-INFO
Thinkindot-Control
IsBot
Rendered-Blocks
N-Cache
Mobile-Detection-Method
MD5-Digest
Machine
Pagetype
M-TraceId
True-Client-Country-4JS
FNAC-ModuleRouting
Arc-Country
X-G
BehaviorPad-Version
X-A-Dam
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A
Fastcgi-X-Cache-Version
Viewtype
VivaBuild
Content-Style-Type
Who
Content-Script-Type
X-Accel-Expires-Debug
X-External-Request-Id
X-Scheme
X-S-Cookie
X-ScT
X-SD-PageType
X-ServiceProvider
X-S
X-Rojux
X-Processor
X-PAYTM-SRV-ID
X-Reqid
X-Response-By
X-Rewrite-Enabled
X-Session-Fingerprint
X-SIPLIST1
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-VG-WebServer
X-Vdms-Path
X-Vdms-Version
X-Trv-Group
X-Transaction
X-Swa-Ws
X-SRCache-Key
X-Vtex-Remote-Cache
X-Thinkindot-L3
X-Trace-Id
X-NodeID
X-Region-Sid
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Method
X-Matched-Rule
Meta-Geo-Continent
X-Be
X-Uri
X-Geo-Header
X-Generated-On
NGX
OT-Force-Account-Verify
User-Cache-Control
X-Developers
X-Skip-Cache
X-Worker
UCS
Vix-Hermes-Req-Id
X-LAGOON
X-Fmm-Version
V-Age
X-WADP-Cache
X-Dispatcher-Server
RNT-Time
Server-Ext
X-VC-Cache
RNT-Machine
X-User
X-Generation-Time
X-Device-Os
X-Hnp-Log
NM-Fastcgi-Cache
Sever-Int
On-Server
Server-Hostname
X-Varnish-Cacheable
Web-Mar-Node
X-Owner
X-Backend-State
X-Micro-Cache
X-Agile-Id
X-RateLimit-Limit-Second
X-Agile-Age
X-Block-Status
X-Branch-Name
X-Node-Id
X-Wikidot-Backend
X-Cms-Context
X-Cache-URL
X-Cache-FS-Status
X-Cache-Info
X-Agile
X-RateLimit-Remaining-Second
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-Wikidot-Static-Cache
We-Hiring
X-Clara-WADP
X-Core-Value
X-Loc
X-Req
X-Gen-Mode
X-Compress-Hint
X-Logging-Id
X-Location
X-Servername
X-Cache-Bucket
CacheControlHeader
Cache-Cookie-Set-Lfrom
CDCHOST
S-Cnection
X-App
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Kp-EeAlive
X-Newrelic-Synthetics
Mail-Subject
Magicmarker
X-Origin-CC
X-Envoy-Decorator-Operation
Cf-Ipcountry
Sid
X-Origin-TTL
Node
X-Gzip
X-Generated-In
X-BBXSRF
X-Variation
X-Bip
X-Magnolia-Registration
X-Has-Esi
X-JWT-State
X-Is-Gdpr
X-Cache-Debug
X-TA-CDN-Provider
X-Hash
X-VG-TLSProxy
X-NC
X-Rebelmouse-Surrogate-Control
X-Epic-Correlation-Id
X-Distributor
X-Esi-Check
X-Eu-Site
X-Fastly-Cache
X-Request-UUID
X-Server-W
X-Rebelmouse-Cache-Control
X-Cache-Tags
X-Reboot
X-Cache-Id
X-Thanos
X-CGP
X-Slack-Backend
X-SN
X-Policy
X-Var-Ttl
X-VServer
X-Cluster-Name
Fastly-SWR
Fastly-SIE
Viewport
Ha-Gx-Prefs
HA-Ipaddr
Release
Platform
L5d-Success-Class
Is-Eu
X-Webstats-RespID
Fastly-Drupal-HTML
X-We-Are-Hiring
Adler-Geo
W
X-Hit
Rt-Fastcgi-Cache
X-Contensis-Viewer-Groups
X-Mvc-Supplant-Cachable
X-Core-Mission
X-LI-Proto
X-Clientip
X-Li-Fabric
X-Auto-Login
X-LI-UUID
X-Distil-CS
Gh-Request-Id
X-Origin-Date
X-Configured-By
LB
C-Via
X-GoCache-CacheStatus
X-Irp-Debug
X-Li-Pop
X-Cache-ASPX
X-Varnish-Authentication
X-TrackingId
Memcached
X-TH-Server
X-Backend-Host
X-Origin-Expires
X-Request-Host
X-COUNTRY
X-Dc
X-Microcachable
X-Key
X-SVT-ORM-VERSION
X-Edge-Location
X-Wa
X-Instart-Info
X-SVT-ORM-RULES
X-NU-AKA-ACS-Version
Referer-Policy
X-Cdn-Forward
X-Varnish-Beresp-Status
HostName
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Via-PopH
Pragrma
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopV
X-TT-TIMESTAMP
X-Varnish-URL
X-Refresh
MIME-Version
X-Ms-Version
X-Ms-Request-Id
X-ZONE
X-UA
X-BC
X-Servedbyhost
Fastly-Backend-Name
NtCoent-Length
X-Via-CDN
X-Ua-Device
CACHE
X-TIME
X-Up
Esi-Enabled
X-B3-Traceid
X-Vgn-Hpd-Reason
GEO-INFO
X-MSEdge-Features
X-Batcache
Memory
X-MSEdge-Flight
X-Mvc-Supplant-OutputCached
X-Minions-Version
Tracecode
Server-ID
X-App-Name
L
X-Zone
X-BACKEND-TTL
X-Bc
X-Server-IP
Ohc-File-Size
X-ND-Cache
X-VCL-Version
Cache-Host
X-ElasticPress-Query
X-Nginx-Cache
X-Unique-ID
X-Cdn-Srv
X-Svr
X-Sucuri-ID
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
X-Aicache-OS
X-Generated-By
Server-Surrogate-Control
X-FPC
Server-Cache-Control
X-Pjax-Url
X-GEO
X-S-Maxage
GeoIP-Country-Code
FSS-Cache
X-Oss-Object-Type
DCR-Decision-By
X-Oss-Request-Id
DCR-Processing-Time-Ms
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-CF-Powered-By
Ohc-Response-Time
X-VCT
X-Rocket-Nginx-Bypass
Powered-By-ChinaCache
X-Azure-Ref-OriginShield
GeoIP-Latitude
Location
Pramga
X-Fastly-Cache-Status
X-Check-Cacheable
Resin-Trace
X-PF-Uncompressing
Hostname
X-Varnish-Ttl
Request-EU
Request-Country
HitType
Locid
Heartbleed
X-Varnishpool
X-Varnish-Hits
X-BE
Cteonnt-Length
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Reset
X-LB-ID
X-Sucuri-Cache
PFcat
X-VarnishDD-TTL
X-Request-URI
X-CSRF-TOKEN
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-OVcl
X-PJAX-URL
X-OVcl-Cache
Lfy
X-VHOST
X-Vgn-Hpd-Variations-Key
X-Newrelic-App-Data
X-Gamma-Serve
Geoip-Latitude
GeoIp-Country-Code
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Instart-Isnd
X-Fastly-Backend-Reqs
X-Fastly-Country-Code
X-Fpc
X-Shopify-Generated-Cart-Token
CF-Cached-On
X-Platform
X-Original-Request-Id
X-HS-Status
SRV
X-Pf-Uncompressing
X-Cache-Expired-At
X-Vcl-Version
X-Client-Ip
X-Ratelimit-Remaining
WZWS-RAY
X-Render-Time
SN
X-WebServer
X-Proxy-Upstream
Product
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-CUA
XServer
X-CACHE-AGE
Mime-Version
Pics-Label
X-Sn-Servicetimems
X-ECache
My-App
Epwk-X-Cache
WWW-Authenticate
X-NGINX-Cache
X-CACHE-KEY
X-Cdn-Origin
X-Fetched-On
X-ServedByHost
X-Varnish-Url
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Ohc-Cache-HIT
X-Ratelimit-Limit
URI
X-GeoIP-Country-Code
X-Ftr-Cache-Host
X-RunCloud-Cache
X-Tec-Api-Origin
Lb
Backend-Name
A
X-Tec-Api-Version
CloudFront-Viewer-Country
X-Oss-Cdn-Auth
Dt-Cache-Category
X-B3-SpanId
X-Tec-Api-Root
X-StackifyID
X-Csrf-Jwt
Backend
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Request-Start
X-Swift-Error
Server-Ttl
X-Served-From
SID
PICS-Label
Cdn
Cloudfront-Viewer-Country
X-Debug-Cache-Bypass
X-B3-Spanid
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Tag
X-Nananana
X-Debug-Cache-Status
X-LiteSpeed-Cache-Control
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Via-Poph
X-Via-Popv
X-Debug-Ysi-Auth
Group
X-Cache-Version
X-Rocket-Build-Number
X-Sigma
Proxy-Firewall
X-WA
Host-ID
X-Request-Time
X-Sigma-Backend
X-Varnish-Beresp-TTL
X-WR-MODIFICATION
X-Cache-Hm
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Cache-Hfrom
X-Acquia-Application-Trace
Cneonction
X-Acquia-Site
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-APP
Warning
X-Snapshot-Date
Inserted-Into-Cache-At
CountryCode
CF-IPCountry
X-Via-Ucdn
Origin
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-Html-Edge-Cache
X-VC
Req-ID
X-ElasticPress-Search
X-Request-URL
X-Varnish-ID