Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
Cf-Railgun
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Backend-Server
X-Ac
X-Cache-Lookup
X-Readtime
X-Node
NEL
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
X-Clacks-Overhead
X-Px
RTSS
Accept-CH
MS-Author-Via
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
Verso
Accept-CH-Lifetime
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
Public-Key-Pins
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-GitHub-Request-Id
X-B3-TraceId
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Pagespeed
Display
Response
X-Middleton-Response
X-Middleton-Display
X-Sol
X-Pass-Why
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
X-D2id
X-Amz-Rid
X-Cached
X-Content-Type
TCN
X-Vcap-Request-Id
X-NF-Request-ID
X-CST
Pinterest-Generated-By
X-Abt-Application-Version
X-VARITI-CCR
Accept-Ch
Host-Header
X-Ttl
AR-Request-ID
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-CACHE
X-Navigation-Version
X-ESI
X-Version
Cache-Tag
Accept-Ch-Lifetime
X-Powered-CMS
X-Server-Name
X-Upstream
X-Fastly-Request-ID
X-Instart-Request-ID
X-Debug
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
X-XRDS-Location
Nginx-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Charset
X-Accel-Expires
Content-MD5
SPRequestDuration
SPIisLatency
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Realpath
X-Element-Page-Cache
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
S
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Client-IP
X-Hp-Webp
X-Jurisdiction
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Trace
X-TTL
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Server-ID
X-Cache-Key
X-Mobile-URL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
TP-Cache
TP-L2-Cache
X-Cache-Hit
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Cache-Age
X-Frontend
X-Hostname
ServerID
X-Amzn-Trace-Id
Front-End-Https
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
Edge-Cache-Tag
Fastly-Restarts
X-Forwarded-For
X-FTR-Expires
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Server-Name
X-Yandex-Sdch-Disable
PB-PID
Arc-Version
PB-RID
Powered
X-Microsite
X-Request-Handler-Origin-Region
DynaTrace
Filters
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Page-Id
X-Zen-Fury
X-DIS-Request-ID
X-LB-Cache
X-Hits
X-Akamai-Edgescape
X-F-Cache
X-Jobs
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
Accept-Charset
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
X-Cdn
Alternate-Protocol
X-Varnish-Age
X-Erf-Bev-Bev-Is-Generated
X-FTR-Cache-Host
X-Erf-Bev-Bev
X-Correlation-Id
X-N
AMP-Access-Control-Allow-Source-Origin
X-Ruxit-Js-Agent
X-B
Backend-Timing
X-ATS-Timestamp
X-Daa-Tunnel
X-Varnish-Backend
Cache-Tags
X-Rid
MicrosoftSharePointTeamServices
X-Via-JSL
X-AppVersion
X-Activity-Id
X-Az
DC
Retry-After
X-Amz-Replication-Status
X-Type
X-Varnish-Grace
X-Esi
X-WebKit-CSP-Report-Only
Surrogate-Key
X-FB-Debug
Section-Io-Cache
X-Whom
X-Git-Hash
X-Fastcgi-Cache
Paypal-Debug-Id
X-TT
X-App-Environment
X-Request-Guid
X-B-Cache
X-Status
Host
X-Content-Options
X-Signature
X-Edge
X-Debug-Info
Frame-Options
X-ATG-Version
X-RateLimit-Remaining
Actual-Object-TTL
X-Ser
Fastcgi-Useragent
X-App-Server
Healthy
X-IPLB-Instance
Nel
X-Contextid
X-AOL-HN
X-Endurance-Cache-Level
X-Amzn-RequestId
X-HTML-Minification-Powered-By
X-Cache-Action
Srv
X-Seen-By
X-ECACHE
X-Pinterest-Direct
X-B3-Sampled
X-Host-Name
From-Origin
Refresh
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Drupal-Cache-Tags
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Rule
X-Instance
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
X-Protected-By
X-Cache-Operation
Odigeo-Trace-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Rule
X-Mid
X-Cacheable-TTL
X-Is-Bot
X-Rendered-As
X-MCACHE
X-UUID
Content-Disposition
MS-CV
Eomportal-Instance
X-Environment-Context
Payment
X-Region
Source
X-L-Path
X-WA-Info
X-FW-Serve
X-FW-Type
X-FW-Dynamic
X-FW-Hash
X-Varnish-Server
X-FW-Server
X-FW-Static
Countrycode
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
X-Litespeed-Cache
Datacenter
X-PressLabs-Stats
X-Time
Cache-Status
X-Cache-Control
X-Cached-By
X-Cache-Server
Uber-Trace-Id
X-Release
X-EdgeConnect-Cache-Status
X-Proxy
Xserver
X-Akamai-Request-ID2
X-Load-Cache
X-UnsetCookies
X-VCache
X-GeoIP
X-Akamai-Transformed
X-Correlation-ID
X-Mobile
X-SERVER-NAME
X-Yottaa-Optimizations
X-Azure-Ref
X-Yottaa-Metrics
X-PHP-Backend
X-NewRelic-App-Data
X-Tt-Trace-Host
X-Wix-Request-Id
X-Origin-Response-Time
X-Tt-Trace-Tag
Access-Control-Request-Headers
Version
X-Mode
X-Handled-By
X-Cluster
X-NWS-UUID-VERIFY
X-IPS-LoggedIn
Accept-Language
X-NGENIX-Cache
X-Air-Hostname
X-Cache-NGX
X-Backend-Name
Liferay-Portal
NGB
X-URL
Filterid
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-APP-VERSION
X-Framework
X-Cache-Remote
X-FireWall-Port
X-Cache-Var-Map
X-LJ-Flow-ID
X-Locale
X-ES-SERVER
X-RN-RSRV
X-CCM
X-Path-Route
X-Via-Fastly
X-VWS-Id
X-Proxied
X-Zipkin-Id
X-PERF
X-Cache-Var
X-Routing-Service
X-UA-Device-Type
Meta-Geo
Load-Balancing
X-Adobe-Source
X-UPSTREAM-Address
X-AWS-Id
X-Cache-Status-Check
X-ApacheServer
X-Storage
X-Site-Version
X-Qloud-Router
X-R9-Blue-Green-Version
X-Real-IP
X-Viewer-Country
X-TX-ID
X-MP-GENERATED-AT
Mn-Server-Ip
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
ServedBy
X-Detected-As
X-PCL
X-OCL
Cache-Hits
X-Www-Served-By
DSUID
X-Bc-Bl
Now
X-Format
Fastly-SSL
X-Redis-Cache
X-Pubstack
X-Access
Ms-Operation-Id
X-IP
X-Info
Akamai-GRN
X-NCache
Cache
X-No-Session
X-RTag
X-Say-Cacheable
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Ua
X-Web-Node
Cleartype
X-Cache-Config
X-Section
X-Human
Cache-Name
X-Say-TTL
X-SayCDN-TTL
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Cache-Enabled
Webcakes-App-Name
Property-Id
S-Rt
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
Cross-Origin-Window-Policy
TWC-Privacy
Webserver
X-FW-Version
X-ShardId
X-ServerID
X-ProxyCache-Status
X-ProxyCache-Key
X-ShopId
X-Shopify-Stage
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-PHP-Host
X-Origin-Hint
X-Hl-Ver
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Device-Type
X-Hosted-By
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-Timing-Wait
X-CS
X-Content-Age
X-Time-Microsecs
X-FB-TRIP-ID
X-Origin
X-Proxy-Build
X-BCube-Filmed-By
X-NYM-Debug-Backend
X-From
Selected-Fe
X-Cache-Host
X-Loop
X-SaId
DB-Nickname
X-RequestSource
X-TNCMS
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-JoinUs
Server-Info
X-Hyper-Cache
Azure-SlotName
Azure-SiteName
X-Generated
Azure-InstanceId
Azure-Version
X-XRDS-LOCATION
Ec-Rule-Version
Azure-RegionName
X-Geo
X-Xfnlog-Site
Origin-Edge-Control
Origin-Cache-Control
X-RateLimit-Limit
X-Drupal-Cache-Contexts
Geo-Info
X-Cache-TTL-Remaining
Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-2
SD-X-WS
Country
X-EC-Lua
X-Unique-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
User-Agent
Locale
X-Pad
Apigw-Requestid
X-Old-Content-Length
X-Varnish-Hostname
X-Source
X-Cluster-Node
X-Cache-NE
X-Presslabs-Stats
Upgrade-Insecure-Requests
X-Parent-Response-Time
FilterID
X-Debug-Cache
X-Akamai-Request-ID
X-RCS-CacheZone
X-Soup
X-Webkit-CSP
X-Cache-Backend
Proxy-Connection
X-Proto
X-Vcache
X-Srv
X-Backend-TTL
X-Cache-Grace
X-App-Version
X-Tb
X-CDN-Forward
X-Proxy-Cache-Status
X-DC
X-Cache-PHP
X-AIR-PT
X-Forwarded-Host
NR-ENABLED
WPE-Backend
X-FORWARDED-FOR
X-Tumblr-Pixel-3
X-Nc
Content-Script-Type
MD5-Digest
Machine
Who
Content-Style-Type
M-TraceId
Meta-Geo-Continent
Mobile-Detection-Method
X-A
X-A-Ccd
X-A-Dam
X-Vtex-Remote-Cache
Arc-Country
VivaBuild
BehaviorPad-Version
N-Cache
Xc-Version
Fastcgi-X-Cache-Version
Thinkindot-CacheControl
GEO-REGION-INFO
Thinkindot-CacheControl-Type
Thinkindot-Control
FNAC-ModuleRouting
UCS
T-Server
Viewtype
IsBot
Pagetype
X-A-Dcw
Rendered-Blocks
AsisCache
Server-Host
True-Client-Country-4JS
X-B-Cookie
X-Level-Front-Cache
X-Geo-Header
X-Matched-Rule
X-SD-PageType
X-ScT
X-Generated-On
X-ServiceProvider
X-Dispatch
X-SIPLIST1
X-External-Request-Id
X-Session-Fingerprint
X-G
X-Scheme
X-S-Cookie
X-Reqid
X-Response-By
X-Region-Sid
X-Processor
X-PAYTM-SRV-ID
X-Rewrite-Enabled
X-NodeID
X-Method
X-S
X-Nginx-Cache-Key
X-Rojux
Cache-Key
X-SRCache-Key
X-Vdms-Version
X-VG-WebCache
X-Vdms-Path
X-Twitter-Response-Tags
X-ARC
X-Application
X-VG-WebServer
X-Vtex-Processado-Em
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Thinkindot-L3
X-Destination
X-Developer
X-DevSite-Last-Modified
X-Swa-Ws
X-Trace-Id
X-Date
X-Trv-Group
X-Transaction
X-Connection-Hash
X-D
X-A-Dgt
ServerName
X-Storefront-Renderer-Rendered
X-Uri
X-Newrelic-Synthetics
X-Be
OT-Force-Account-Verify
NGX
User-Cache-Control
Viewport
Server-Hostname
X-SRV
V-Age
X-Servername
X-Core-Value
Sever-Int
X-Req
Server-Ext
On-Server
X-Device-Os
NM-Fastcgi-Cache
X-User
Mail-Subject
X-Developers
X-Clara-WADP
X-Skip-Cache
RNT-Machine
X-SN
X-LAGOON
X-Thanos
RNT-Time
We-Hiring
X-Cache-Bucket
X-Cache-FS-Status
X-Compress-Hint
X-Branch-Name
X-Bip
X-Block-Status
X-Micro-Cache
X-Logging-Id
X-Loc
X-Cms-Context
X-Location
X-Cache-URL
X-Cache-Info
X-Backend-State
X-Node-Id
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Node
Magicmarker
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Agile-Id
X-Owner
X-Agile-Age
X-Agile
X-Policy
Vix-Hermes-Req-Id
Release
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Apple-News-Services-Request-Url
X-Worker
X-Varnish-Cacheable
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Gen-Mode
X-Generated-In
X-Cluster-Name
X-Generation-Time
X-App
X-Hnp-Log
Apple-News-Services-Handled
AKAMAI
X-Fmm-Version
S-Cnection
CacheControlHeader
Kp-EeAlive
X-Dispatcher-Server
X-VC-Cache
X-B3-Traceid
Node
Cf-Ipcountry
X-Envoy-Decorator-Operation
X-Origin-CC
X-Origin-TTL
X-Magnolia-Registration
X-Hit
Sid
X-Auto-Login
X-Origin-Date
X-Distil-CS
Platform
X-VG-TLSProxy
L5d-Success-Class
X-Mvc-Supplant-Cachable
X-Origin-Expires
X-BBXSRF
X-Cache-Id
X-Has-Esi
X-JWT-State
X-Cache-Tags
X-Is-Gdpr
X-Hash
X-Cache-Debug
X-TA-CDN-Provider
Adler-Geo
X-Var-Ttl
X-Variation
X-Gzip
X-Fastly-Cache
X-Clientip
Fastly-SIE
X-Request-UUID
X-Request-Host
X-We-Are-Hiring
Fastly-Drupal-HTML
Fastly-SWR
X-VServer
X-CGP
Gh-Request-Id
X-Esi-Check
X-Server-W
X-Eu-Site
X-Webstats-RespID
Ha-Gx-Prefs
X-TrackingId
X-Distributor
X-Rebelmouse-Cache-Control
C-Via
X-NC
X-Rebelmouse-Surrogate-Control
Is-Eu
X-Reboot
HA-Ipaddr
X-Slack-Backend
W
X-Epic-Correlation-Id
X-Irp-Debug
X-Core-Mission
X-Li-Fabric
X-Li-Pop
X-Contensis-Viewer-Groups
LB
X-TH-Server
Rt-Fastcgi-Cache
X-NU-AKA-ACS-Version
X-Configured-By
X-Varnish-Authentication
X-GoCache-CacheStatus
X-SVT-ORM-VERSION
X-Backend-Host
X-Cache-ASPX
Memcached
X-SVT-ORM-RULES
X-LI-Proto
X-LI-UUID
X-Dc
X-Microcachable
X-Wa
X-Key
X-Edge-Location
Referer-Policy
X-Instart-Info
HostName
X-Varnish-Beresp-Grace
X-Cdn-Forward
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Pragrma
X-Via-PopH
X-Via-PopV
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
MIME-Version
X-Ms-Version
X-TT-TIMESTAMP
X-Varnish-URL
X-Refresh
X-Ms-Request-Id
X-UA
X-BC
X-ZONE
Fastly-Backend-Name
X-Servedbyhost
X-Ua-Device
X-Via-CDN
NtCoent-Length
X-TIME
X-Up
CACHE
Esi-Enabled
GEO-INFO
X-Vgn-Hpd-Reason
X-Batcache
Tracecode
X-MSEdge-Flight
X-MSEdge-Features
L
Server-ID
Memory
X-Mvc-Supplant-OutputCached
X-App-Name
X-Minions-Version
X-Zone
X-Bc
X-BACKEND-TTL
X-ND-Cache
Ohc-File-Size
X-Server-IP
Cache-Host
X-VCL-Version
X-Nginx-Cache
X-ElasticPress-Query
X-Unique-ID
X-Debug-Panamera-Host
X-Sucuri-ID
X-Aicache-OS
X-Svr
X-Debug-Panamera-Sitecode
X-Cdn-Srv
X-Pjax-Url
X-FPC
X-GEO
X-COUNTRY
Server-Surrogate-Control
X-Generated-By
Server-Cache-Control
X-S-Maxage
Ohc-Response-Time
X-CF-Powered-By
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
DCR-Decision-By
GeoIP-Country-Code
X-Oss-Request-Id
DCR-Processing-Time-Ms
X-Oss-Server-Time
FSS-Cache
X-VCT
Location
Pramga
X-Fastly-Cache-Status
X-PF-Uncompressing
X-Azure-Ref-OriginShield
Powered-By-ChinaCache
GeoIP-Latitude
X-Rocket-Nginx-Bypass
HitType
Resin-Trace
X-Check-Cacheable
Hostname
Heartbleed
Request-Country
Locid
X-Varnish-Ttl
Request-EU
X-Varnish-Hits
Cteonnt-Length
X-Varnishpool
X-Ratelimit-Reset
X-BE
X-LB-ID
X-Sucuri-Cache
X-Request-URI
X-VarnishDD-TTL
Amp-Access-Control-Allow-Source-Origin
PFcat
X-CSRF-TOKEN
X-Ratelimit-Remaining
X-PJAX-URL
Cdn-Request-Time
Cdn-Host
X-Edge-Server
Lfy
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-OVcl-Cache
X-OVcl
X-Vgn-Hpd-Variations-Key
X-VHOST
X-Fpc
X-Gamma-Serve
X-Newrelic-App-Data
X-Platform
GeoIp-Country-Code
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Fastly-Country-Code
X-Instart-Isnd
X-Shopify-Generated-Cart-Token
CF-Cached-On
X-HS-Status
X-Render-Time
X-Original-Request-Id
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
SRV
X-Client-Ip
X-Cache-Expired-At
WZWS-RAY
SN
X-Vcl-Version
X-WebServer
X-Pf-Uncompressing
X-Ratelimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Proxy-Upstream
X-CUA
X-NGINX-Cache
X-CACHE-AGE
X-Oracle-Dms-Rid
XServer
Product
Mime-Version
X-Fetched-On
WWW-Authenticate
X-ECache
Pics-Label
Epwk-X-Cache
X-Cdn-Origin
X-CACHE-KEY
My-App
X-Sn-Servicetimems
X-GeoIP-Country-Code
X-Amzn-Remapped-Date
X-ServedByHost
Ohc-Cache-HIT
URI
X-Varnish-Url
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
X-StackifyID
CloudFront-Viewer-Country
A
Dt-Cache-Category
X-RunCloud-Cache
Backend-Name
X-Oss-Cdn-Auth
Lb
X-Fastly-Request-Id
X-B3-SpanId
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Request-Start
Backend
X-Csrf-Jwt
X-Swift-Error
X-Served-From
SID
X-Via-Popv
X-B3-Spanid
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
Server-Ttl
X-Cache-Tag
PICS-Label
X-Debug-Cache-String
X-Nananana
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Via-Poph
Cloudfront-Viewer-Country
Cdn
Group
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Version
Proxy-Firewall
X-Request-Time
X-Sigma
X-WA
Host-ID
X-Rocket-Build-Number
X-Sigma-Backend
X-WR-MODIFICATION
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Cache-Hfrom
X-Varnish-Beresp-TTL
DataCenter
X-Cache-Hm
X-Acquia-Site
X-Apw-Access-Token
Cneonction
X-Apw-Access-Object
X-Apw-Hits
X-Apw-Access-Action
X-APP
X-Snapshot-Date
Warning
X-Lb-Id
Req-ID
Inserted-Into-Cache-At
CF-IPCountry
X-Request-URL
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-Html-Edge-Cache
X-VC
X-Via-Ucdn
X-Varnish-ID
X-ElasticPress-Search
Origin