Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Request-ID
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Ac
X-Backend-Server
X-Cache-Lookup
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-Akam-SW-Version
X-ORACLE-DMS-ECID
Fusion-Deployment-Id
X-Country
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
Accept-CH
X-Clacks-Overhead
X-Px
RTSS
MS-Author-Via
Accept-CH-Lifetime
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
X-Varnish-TTL
X-B3-TraceId
Public-Key-Pins
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Pass-Why
Response
Display
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-Sol
X-DynaTrace
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Content-Type
X-Amz-Rid
X-NF-Request-ID
X-CST
TCN
X-Vcap-Request-Id
Pinterest-Generated-By
X-Cached
X-Abt-Application-Version
X-VARITI-CCR
Host-Header
X-Ttl
AR-Request-ID
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-CACHE
X-Navigation-Version
X-Version
Cache-Tag
X-Fastly-Request-ID
Accept-Ch
X-Powered-CMS
X-Upstream
X-Instart-Request-ID
X-ESI
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Debug
X-Grace
Access-Control-Request-Method
X-Server-Name
X-MSEdge-Ref
X-XRDS-Location
Nginx-Cache
Charset
X-Accel-Expires
Accept-Ch-Lifetime
Content-MD5
X-Mrf-Section-Lastmod
SPIisLatency
Mrf-Cache-Status
MRF-Tech
SPRequestDuration
X-B3-TraceId-Primal
X-Element-Page-Cache
X-Mrf-Item-Lastmod
Realpath
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
S
X-SharePointHealthScore
SPRequestGuid
X-Pinterest-Rid
Pinterest-Version
X-Shield-Request-Id
X-Jurisdiction
X-FastCGI-Cache
X-Hp-Webp
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Dw-Request-Base-Id
X-Id
X-Client-IP
X-TTL
X-Trace
X-Kinsta-Cache
X-Node-Name
X-T
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Server-ID
X-Cache-Key
X-Mobile-URL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
TP-Cache
TP-L2-Cache
X-Cache-Hit
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Frontend
X-Hostname
X-Cache-Age
ServerID
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
Edge-Cache-Tag
Fastly-Restarts
X-FTR-Expires
X-Forwarded-For
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Server-Name
X-Yandex-Sdch-Disable
Powered
Arc-Version
PB-RID
PB-PID
X-Request-Handler-Origin-Region
X-Microsite
DynaTrace
X-Content-Security-Policy-Report-Only
X-Zen-Fury
X-DIS-Request-ID
X-Revision
X-Page-Id
X-User-Agent
X-F-Cache
X-Hits
Filters
X-Jobs
X-LB-Cache
X-Akamai-Edgescape
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-HS-Combine-CSS
Accept-Charset
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Correlation-Id
X-Content-Powered-By
X-Geo-Country
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Esi
X-Cdn
X-Origin-Server
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-FTR-Cache-Host
X-Varnish-Age
Alternate-Protocol
X-N
AMP-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-B
Backend-Timing
X-ATS-Timestamp
X-Daa-Tunnel
X-Varnish-Backend
Cache-Tags
X-Via-JSL
X-Rid
X-AppVersion
MicrosoftSharePointTeamServices
X-Az
X-Activity-Id
X-RateLimit-Remaining
DC
X-Varnish-Grace
X-WebKit-CSP-Report-Only
Retry-After
X-Amz-Replication-Status
Surrogate-Key
X-FB-Debug
X-Type
X-Git-Hash
X-Whom
Paypal-Debug-Id
Section-Io-Cache
X-B-Cache
X-Request-Guid
X-Fastcgi-Cache
X-Signature
X-TT
X-Status
X-Debug-Info
Host
X-App-Environment
X-ATG-Version
Frame-Options
X-Content-Options
X-Edge
Actual-Object-TTL
Fastcgi-Useragent
X-Ser
X-App-Server
Healthy
X-IPLB-Instance
X-Contextid
Nel
X-Endurance-Cache-Level
X-Amzn-RequestId
X-AOL-HN
X-HTML-Minification-Powered-By
Srv
X-Cache-Action
X-Seen-By
X-Pinterest-Direct
X-ECACHE
X-B3-Sampled
X-Host-Name
From-Origin
Refresh
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Tumblr-Pixel-0
X-RemovedCookies
X-Response-Served-From
X-Tumblr-User
X-ProcessESI
X-Instance
X-Cache-Rule
X-Tumblr-Pixel
X-Cache-Operation
X-Protected-By
VIX-Pulpo-Node
X-Rule
X-UUID
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-Is-Bot
X-Rendered-As
X-Region
X-Mid
X-Environment-Context
MS-CV
Datacenter
Payment
X-MCACHE
Source
X-WA-Info
X-L-Path
X-FW-Hash
X-PressLabs-Stats
X-FW-Dynamic
X-FW-Type
Eomportal-Instance
X-FW-Server
X-Time
Content-Disposition
X-FW-Serve
X-FW-Static
X-Adobe-Content
X-Varnish-Server
Countrycode
X-Adobe-Loc
X-Litespeed-Cache
X-Cache-Time
Cache-Status
X-SERVER-NAME
X-Cache-Control
Xserver
Uber-Trace-Id
X-Cache-Server
X-Cached-By
X-Release
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Load-Cache
X-Proxy
X-Akamai-Transformed
X-UnsetCookies
X-Mobile
X-GeoIP
X-VCache
X-PHP-Backend
X-Azure-Ref
X-Tt-Trace-Host
X-Origin-Response-Time
X-Yottaa-Metrics
X-Tt-Trace-Tag
X-Wix-Request-Id
X-Yottaa-Optimizations
X-NewRelic-App-Data
X-Mode
Version
Access-Control-Request-Headers
X-Handled-By
Filterid
X-Cluster
X-NWS-UUID-VERIFY
X-IPS-LoggedIn
X-Air-Hostname
Accept-Language
Liferay-Portal
X-Correlation-ID
X-NGENIX-Cache
NGB
X-Cache-NGX
X-Backend-Name
X-URL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Ua
X-APP-VERSION
X-Cache-Remote
X-Framework
X-FireWall-Port
X-Cache-Var
X-Zipkin-Id
X-Via-Fastly
X-Path-Route
X-ES-SERVER
X-CCM
X-UPSTREAM-Address
X-PERF
X-RN-RSRV
X-Routing-Service
X-UA-Device-Type
X-Proxied
X-Cache-Var-Map
X-Locale
Meta-Geo
X-Adobe-Source
X-ApacheServer
Load-Balancing
X-Cache-Status-Check
Cross-Origin-Window-Policy
X-Qloud-Router
Decoy-Debug-TTL
X-TX-ID
Decoy-Debug-Key
X-Site-Version
X-Storage
Decoy-Debug-Status
X-VWS-Id
Cache-Hits
X-LJ-Flow-ID
X-AWS-Id
X-Detected-As
X-MP-GENERATED-AT
X-OCL
X-Viewer-Country
X-R9-Blue-Green-Version
X-PCL
ServedBy
DSUID
X-Cache-Config
X-Www-Served-By
X-Say-Cacheable
X-RTag
X-Redis-Cache
X-Bc-Bl
X-Say-TTL
X-Access
Akamai-GRN
X-Section
Cache
X-SayCDN-TTL
Now
X-Real-IP
X-Pubstack
X-Format
X-Web-Node
Cleartype
X-No-Session
X-NCache
X-Info
X-IP
X-Human
Ms-Operation-Id
Mn-Server-Ip
Fastly-SSL
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
S-Rt
X-Varnish-Cache-Hits
Section-Io-Id
X-BYPASS-REASON
X-Hosted-By
X-Labrador-Cache-Channel
X-ProxyCache-Status
X-ProxyCache-Key
X-Hl-Ver
X-FW-Version
Webserver
X-ServerID
X-CS
X-FC-Vary-Parameters
X-PHP-Host
Section-Origin-Responded
X-CSRF-Token
Cache-Tv-Group
Cache-Name
TWC-Privacy
Webcakes-App-Name
X-Alternate-Cache-Key
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
X-ShardId
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-RateLimit-Limit
X-Cache-Enabled
X-Device-Type
X-EIG-Tracking-Id
X-From
X-Generated
X-Content-Age
X-SaId
X-NYM-Debug-Backend
X-Origin
X-Loop
X-JoinUs
X-BCube-Filmed-By
Webcakes-App-Version
X-ShopId
X-Shopify-Stage
X-TNCMS
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Time-Microsecs
X-Origin-Hint
Property-Id
X-Amzn-Remapped-Content-Length
Selected-Fe
X-Timing-Wait
X-RequestSource
X-Proxy-Build
DB-Nickname
X-Cache-Host
X-Hyper-Cache
Server-Info
X-FB-TRIP-ID
Azure-SlotName
Ec-Rule-Version
Azure-Version
X-XRDS-LOCATION
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Origin-Cache-Control
X-Geo
Origin-Edge-Control
X-Xfnlog-Site
X-Drupal-Cache-Contexts
Geo-Info
SD-X-WS
Time
X-Cache-TTL-Remaining
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Unique-Id
X-Cache-2
Country
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-EC-Lua
X-Old-Content-Length
User-Agent
X-Cluster-Node
Apigw-Requestid
X-Pad
X-Cache-NE
X-Source
X-Varnish-Hostname
Upgrade-Insecure-Requests
X-Vcache
X-Parent-Response-Time
X-RCS-CacheZone
X-Debug-Cache
X-Akamai-Request-ID
X-Webkit-CSP
X-Soup
X-Presslabs-Stats
X-Cache-Backend
FilterID
X-Proto
X-DC
X-App-Version
X-Cache-Grace
X-Tb
X-CDN-Forward
Proxy-Connection
X-Backend-TTL
X-Proxy-Cache-Status
X-AIR-PT
X-Forwarded-Host
X-Cache-PHP
NR-ENABLED
WPE-Backend
X-SRV
X-FORWARDED-FOR
X-Tumblr-Pixel-3
X-Srv
X-Nc
T-Server
Thinkindot-CacheControl
Meta-Geo-Continent
Pagetype
Rendered-Blocks
X-Transaction
Mobile-Detection-Method
Thinkindot-Control
X-Swa-Ws
Viewtype
X-SRCache-Key
X-SIPLIST1
X-Thinkindot-L3
UCS
MD5-Digest
X-Trace-Id
True-Client-Country-4JS
Thinkindot-CacheControl-Type
X-Vdms-Path
X-VG-WebServer
AsisCache
BehaviorPad-Version
Content-Script-Type
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Cache-Key
Arc-Country
Xc-Version
Content-Style-Type
X-VG-WebCache
Machine
X-Vdms-Version
VivaBuild
X-Twitter-Response-Tags
M-TraceId
IsBot
Fastcgi-X-Cache-Version
FNAC-ModuleRouting
GEO-REGION-INFO
X-Trv-Group
X-SD-PageType
X-Matched-Rule
X-Level-Front-Cache
X-Geo-Header
X-Generated-On
X-Method
X-Nginx-Cache-Key
X-Processor
X-PAYTM-SRV-ID
X-NodeID
X-G
X-External-Request-Id
X-D
X-Connection-Hash
X-CF-Lambda-Fn
X-Date
X-Destination
X-DevSite-Last-Modified
X-B-Cookie
X-Developer
X-ARC
X-Region-Sid
X-A-Ccd
X-A-Dam
X-A-Dcw
X-S-Cookie
X-A
X-ScT
X-Session-Fingerprint
X-ServiceProvider
X-CF-Lambda-Version
X-A-Dgt
X-A-Wwc
X-Response-By
X-Reqid
X-Application
X-Rewrite-Enabled
X-Aed
X-Accel-Expires-Debug
X-S
X-Rojux
Who
ServerName
X-Uri
User-Cache-Control
NGX
X-Storefront-Renderer-Rendered
OT-Force-Account-Verify
X-Block-Status
X-Backend-State
X-Agile-Id
X-Bip
X-Cache-Bucket
X-Cms-Context
X-Compress-Hint
X-Clara-WADP
X-Cache-URL
X-Cache-FS-Status
X-Cache-Info
X-Agile-Age
Web-Mar-Node
Server-Ext
Server-Host
RNT-Time
RNT-Machine
On-Server
Release
Server-Hostname
Sever-Int
We-Hiring
X-Core-Value
Vix-Hermes-Req-Id
Viewport
V-Age
X-Agile
X-Fmm-Version
X-Thanos
X-User
X-Skip-Cache
X-Newrelic-Synthetics
X-Scheme
X-Servername
X-Varnish-Cacheable
X-VC-Cache
X-Wikidot-Static-Cache
X-Worker
X-Wikidot-Backend
X-WADP-Cache
S-Cnection
X-Req
X-Policy
X-Generated-In
X-Generation-Time
X-Gen-Mode
X-Cluster-Name
X-Dispatch
N-Cache
X-Hnp-Log
X-LAGOON
X-Node-Id
X-Owner
X-Logging-Id
X-Location
X-Loc
X-Developers
X-Micro-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Magicmarker
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-App
Apple-News-Services-Parsed-Url
Mail-Subject
X-Hit
X-Origin-TTL
Sid
X-Origin-CC
X-Envoy-Decorator-Operation
X-Be
Cf-Ipcountry
X-Magnolia-Registration
Node
X-Esi-Check
X-Epic-Correlation-Id
X-Distil-CS
X-TH-Server
X-Eu-Site
X-NC
CacheControlHeader
X-Fastly-Cache
X-Dispatcher-Server
X-TrackingId
X-Cache-Debug
X-Clientip
X-CGP
Fastly-Drupal-HTML
X-Cache-Tags
X-TA-CDN-Provider
X-Core-Mission
X-Device-Os
Fastly-SWR
X-Cache-Id
Fastly-SIE
X-Variation
C-Via
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-RateLimit-Limit-Second
Adler-Geo
X-Origin-Expires
X-Rebelmouse-Surrogate-Control
X-Reboot
X-VG-TLSProxy
X-VServer
X-Request-UUID
X-Request-Host
X-Origin-Date
X-Slack-Backend
X-Server-W
X-Hash
X-Has-Esi
X-Gzip
X-Irp-Debug
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-Branch-Name
X-SN
X-JWT-State
X-We-Are-Hiring
X-Distributor
X-Auto-Login
Wxu-Next-Hostname
Wxu-Next-Commit
LB
NM-Fastcgi-Cache
L5d-Success-Class
Gh-Request-Id
Is-Eu
W
Wxu-Next-Region
HA-Ipaddr
Rt-Fastcgi-Cache
Platform
Ha-Gx-Prefs
Kp-EeAlive
Memcached
X-NU-AKA-ACS-Version
X-Webstats-RespID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Var-Ttl
X-Contensis-Viewer-Groups
X-SVT-ORM-VERSION
X-Varnish-Authentication
X-SVT-ORM-RULES
X-GoCache-CacheStatus
X-BBXSRF
X-Cache-ASPX
X-Microcachable
X-Wa
X-Instart-Info
Referer-Policy
X-Key
X-Backend-Host
X-Configured-By
X-Cdn-Forward
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
HostName
X-Varnish-Beresp-Grace
X-Platform-Server
X-Via-PopH
X-Via-PopV
X-Edge-Location
X-Envoy-Upstream-Healthchecked-Cluster
X-Dc
X-Refresh
Pragrma
X-TT-TIMESTAMP
MIME-Version
X-Varnish-URL
X-Ms-Request-Id
X-Ms-Version
X-ZONE
X-BC
X-Servedbyhost
Fastly-Backend-Name
X-Ua-Device
NtCoent-Length
X-Via-CDN
Esi-Enabled
X-Mvc-Supplant-OutputCached
CACHE
X-Vgn-Hpd-Reason
X-UA
X-B3-Traceid
X-Batcache
Tracecode
L
Server-ID
X-MSEdge-Flight
X-Nginx-Cache
X-MSEdge-Features
X-App-Name
GEO-INFO
X-Up
Memory
X-BACKEND-TTL
X-Zone
X-Bc
X-Server-IP
X-ElasticPress-Query
Ohc-File-Size
X-VCL-Version
X-Minions-Version
X-ND-Cache
Cache-Host
X-TIME
X-Unique-ID
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Aicache-OS
X-Cdn-Srv
X-Sucuri-ID
X-Svr
X-Generated-By
Server-Surrogate-Control
X-GEO
X-COUNTRY
X-Pjax-Url
Server-Cache-Control
X-FPC
X-S-Maxage
DCR-Processing-Time-Ms
Ohc-Response-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
FSS-Cache
X-CF-Powered-By
DCR-Decision-By
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
GeoIP-Country-Code
X-Oracle-Dms-Rid
X-VCT
Pramga
Location
GeoIP-Latitude
X-Rocket-Nginx-Bypass
X-Azure-Ref-OriginShield
X-Fastly-Cache-Status
Powered-By-ChinaCache
X-PF-Uncompressing
X-Check-Cacheable
X-BE
Resin-Trace
HitType
Hostname
Heartbleed
Locid
Request-EU
Request-Country
X-Varnish-Ttl
X-LB-ID
Cteonnt-Length
X-Ratelimit-Reset
X-Varnish-Hits
PFcat
X-VarnishDD-TTL
X-Sucuri-Cache
X-Request-URI
Amp-Access-Control-Allow-Source-Origin
X-Client-Ip
Cdn-Host
Lfy
Cdn-Request-Time
X-Edge-Server
X-Varnishpool
X-PJAX-URL
X-VHOST
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Variations-Key
X-Fpc
X-Fastly-Country-Code
X-Vgn-Hpd-Ssi
X-Platform
X-OVcl
X-OVcl-Cache
X-Gamma-Serve
X-Vgn-Hpd-Cached
X-Newrelic-App-Data
CF-Cached-On
X-CSRF-TOKEN
X-Shopify-Generated-Cart-Token
X-Pf-Uncompressing
X-Original-Request-Id
X-Cache-Expired-At
Geoip-Latitude
X-Instart-Isnd
X-Render-Time
GeoIp-Country-Code
X-HS-Status
SRV
WZWS-RAY
X-Oracle-DMS-ECID
X-Vcl-Version
X-Ratelimit-Remaining
SN
X-WebServer
Product
X-Proxy-Upstream
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
Mime-Version
Pics-Label
X-CUA
My-App
X-CACHE-KEY
X-ECache
WWW-Authenticate
X-Sn-Servicetimems
Epwk-X-Cache
X-Fetched-On
X-Cdn-Origin
X-NGINX-Cache
Ohc-Cache-HIT
X-Varnish-Url
X-Ratelimit-Limit
URI
X-Amzn-Remapped-Connection
X-GeoIP-Country-Code
XServer
X-ServedByHost
X-Amzn-Remapped-Date
X-Ftr-Cache-Host
Backend
A
X-Tec-Api-Root
X-Tec-Api-Version
Dt-Cache-Category
X-RunCloud-Cache
CloudFront-Viewer-Country
X-B3-SpanId
X-Tec-Api-Origin
X-StackifyID
X-Oss-Cdn-Auth
Backend-Name
X-Debug-Cache-Store
X-Via-Popv
X-Request-Start
X-Via-Poph
X-Csrf-Jwt
X-Debug-Cache-Fetch
Lb
X-Swift-Error
SID
PICS-Label
Server-Ttl
X-Debug-Xas-Auth
X-Debug-Cache-Bypass
X-Debug-Cache-Status
Cloudfront-Viewer-Country
X-B3-Spanid
X-Tb-Optimization-Total-Bytes-Saved
Cdn
X-Served-From
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Ysi-Auth
X-Nananana
Group
X-LiteSpeed-Cache-Control
X-Cache-Tag
X-Cache-Version
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-WA
Proxy-Firewall
Host-ID
X-Request-Time
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Cneonction
X-Cache-Hfrom
X-Cache-Hm
X-WR-MODIFICATION
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-APP
CF-IPCountry
Warning
X-Snapshot-Date
X-Varnish-ID
Inserted-Into-Cache-At
Req-ID
X-Via-Ucdn
X-SB
Origin
Cf-Alt-Svc
X-Html-Edge-Cache
X-Request-URL
X-Dw-Trace-Id
X-ElasticPress-Search
X-VC