Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
CF-Ray
X-Check
X-Adblock-Key
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-AH-Environment
X-Age
X-Server
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
P3p
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Accept-CH
Rating
X-Country-Code
X-Cnection
Accept-CH-Lifetime
X-Rack-Cache
Edge-Control
X-Url
RTSS
X-Clacks-Overhead
MS-Author-Via
X-Px
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Goog-Hash
Verso
X-Powered-By-Plesk
Host-Header
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Kinja-Revision
Public-Key-Pins
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Pagespeed
Display
X-Sol
Response
X-Middleton-Display
X-Middleton-Response
X-Cache-TTL
X-DynaTrace
X-Cdn
X-Content-Type
X-D2id
X-Ttl
X-Amz-Rid
X-NF-Request-ID
X-Vcap-Request-Id
X-CST
TCN
X-Abt-Application-Version
X-Cached
Pinterest-Generated-By
X-VARITI-CCR
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-CACHE
X-ESI
X-Version
X-Navigation-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Upstream
Cache-Tag
X-Server-Name
X-Grace
X-Debug
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-XRDS-Location
Charset
X-MSEdge-Ref
Nginx-Cache
Content-MD5
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Element-Page-Cache
Mrf-Cache-Status
Realpath
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
SPRequestDuration
SPIisLatency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
S
SPRequestGuid
X-SharePointHealthScore
X-Hp-Webp
X-Pass-Why
X-Pinterest-Rid
Accept-Ch
X-Jurisdiction
Pinterest-Version
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Kinsta-Cache
X-Trace
Fastcgi-Cache
X-T
X-Content-Digest
X-Logged-In
X-Node-Name
Accept-Ch-Lifetime
X-Cache-Key
X-TTL
X-Client-IP
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Mobile-URL
X-Oneagent-Js-Injection
X-FastCGI-Cache
X-Hostname
X-Frontend
X-Cache-Hit
ServerID
Server-Node
X-Request-Received
X-Cache-Age
X-Request-Processing-Time
X-Amzn-Trace-Id
Fastly-Restarts
Front-End-Https
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-GUploader-UploadID
X-Yandex-Sdch-Disable
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
Powered
Server-Name
X-Server-ID
PB-RID
Arc-Version
PB-PID
X-Microsite
X-Request-Handler-Origin-Region
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Revision
X-DIS-Request-ID
X-Hits
X-F-Cache
Filters
X-Jobs
X-LB-Cache
X-Akamai-Edgescape
X-Zen-Fury
X-Kong-Upstream-Latency
X-Correlation-Id
DynaTrace
X-Kong-Proxy-Latency
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Fastcgi-Cache
X-HS-Combine-CSS
X-Content-Powered-By
X-Origin-Server
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Alternate-Protocol
X-Geo-Country
Accept-Charset
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-FTR-Cache-Host
X-Daa-Tunnel
X-Ruxit-Js-Agent
X-B
Cache-Tags
X-Varnish-Backend
X-RateLimit-Remaining
X-Rid
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
X-Type
X-Varnish-Grace
X-Esi
X-Content-Options
Section-Io-Cache
Surrogate-Key
X-Git-Hash
Retry-After
DC
Host
X-Whom
X-App-Environment
X-B-Cache
X-Signature
X-FB-Debug
X-TT
Paypal-Debug-Id
X-Request-Guid
X-Edge
X-Via-JSL
X-Activity-Id
X-Az
X-AppVersion
X-ATS-Timestamp
X-Status
Backend-Timing
MicrosoftSharePointTeamServices
X-Debug-Info
X-Ser
Frame-Options
Fastcgi-Useragent
Actual-Object-TTL
X-IPLB-Instance
X-ATG-Version
X-Webkit-CSP
Healthy
Nel
X-Endurance-Cache-Level
X-App-Server
X-HTML-Minification-Powered-By
X-AOL-HN
X-Contextid
Srv
X-Cache-Action
X-Seen-By
X-Amzn-RequestId
X-ECACHE
From-Origin
X-B3-Sampled
X-Pinterest-Direct
Access-Control-Allow-Method
X-Amz-Apigw-Id
Refresh
X-Cache-Rule
Content-Disposition
X-Response-Served-From
X-Accel-Buffering
X-Protected-By
X-Host-Name
X-Tumblr-Pixel-0
X-Drupal-Cache-Tags
X-Cache-Operation
X-Tumblr-User
X-Upgrade-Enabled
X-Tumblr-Pixel
X-Rendered-As
X-Is-Bot
VIX-Pulpo-Node
X-Instance
Odigeo-Trace-Id
X-MCACHE
X-Cacheable-TTL
X-Region
VIX-Pulpo-Upstream-Status
X-Mid
X-ProcessESI
X-L-Path
X-WA-Info
X-RemovedCookies
Datacenter
X-UUID
X-Environment-Context
X-Release
Payment
X-Rule
Eomportal-Instance
X-FW-Dynamic
X-FW-Type
X-Varnish-Server
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
MS-CV
Countrycode
X-Time
X-Adobe-Content
X-Adobe-Loc
X-Cache-Time
X-Litespeed-Cache
Source
Uber-Trace-Id
X-Cached-By
X-Load-Cache
X-Proxy
X-Akamai-Request-ID2
Xserver
X-EdgeConnect-Cache-Status
X-Cache-Control
X-Cache-Server
X-UnsetCookies
X-Mobile
Cache-Status
X-GeoIP
X-Azure-Ref
Access-Control-Request-Headers
X-PHP-Backend
X-SERVER-NAME
X-NewRelic-App-Data
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Akamai-Transformed
X-Origin-Response-Time
Accept-Language
X-Tt-Trace-Tag
X-Tt-Trace-Host
Version
X-Air-Hostname
X-PressLabs-Stats
X-Wix-Request-Id
X-Handled-By
X-NGENIX-Cache
Filterid
X-Backend-Name
Liferay-Portal
X-Cache-NGX
X-NWS-UUID-VERIFY
X-Mode
X-Cluster
X-Correlation-ID
X-IPS-LoggedIn
X-URL
X-Framework
Server-Info
X-CSRF-Token
X-FireWall-Port
X-UA-Device-Type
X-Tumblr-Pixel-2
Cross-Origin-Window-Policy
X-Tumblr-Pixel-1
Load-Balancing
X-UPSTREAM-Address
Meta-Geo
X-VWS-Id
X-Cache-Remote
X-Cache-Var
X-Cache-Var-Map
NGB
X-AWS-Id
X-RateLimit-Limit
X-Adobe-Source
X-Path-Route
X-CCM
X-ES-SERVER
X-LJ-Flow-ID
X-RN-RSRV
X-Ua
X-Qloud-Router
X-Zipkin-Id
X-MP-GENERATED-AT
X-PERF
DSUID
X-VCache
X-Detected-As
X-Proxied
X-ApacheServer
X-TX-ID
Mn-Server-Ip
X-Viewer-Country
X-Real-IP
X-Routing-Service
ServedBy
Cache
X-OCL
Section-Io-Origin-Time-Seconds
Now
Section-Io-Origin-Status
X-Web-Node
X-Format
X-Info
Section-Io-Id
Section-Origin-Responded
X-NCache
X-Human
X-IP
X-Cache-Status-Check
X-Say-Cacheable
X-Pubstack
X-SayCDN-TTL
X-Storage
X-Section
X-Say-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Akamai-GRN
X-Access
Cache-Hits
X-Cache-Config
Cache-Tv-Group
X-R9-Blue-Green-Version
X-PCL
Decoy-Debug-TTL
X-EIG-Tracking-Id
S-Rt
X-Device-Type
X-CS
X-Cache-Host
Property-Id
X-FC-Vary-Parameters
Webserver
X-Labrador-Cache-Channel
X-Hosted-By
X-FW-Version
X-Cache-Enabled
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Bc-Bl
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Locale
Fastly-SSL
X-ShardId
X-ServerID
X-ProxyCache-Status
Cache-Name
X-ShopId
X-Shopify-Stage
X-Via-Fastly
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Unique-Id
X-Redis-Cache
X-Origin-Hint
X-ProxyCache-Key
X-PHP-Host
Cleartype
X-Time-Microsecs
X-Origin
X-Timing-Wait
X-TNCMS
X-Www-Served-By
X-Loop
X-NYM-Debug-Backend
X-FB-TRIP-ID
X-JoinUs
X-SaId
X-Content-Age
X-No-Session
X-Proxy-Build
X-Hl-Ver
X-From
X-BCube-Filmed-By
X-Site-Version
X-APP-VERSION
X-Geo
Selected-Fe
Ms-Operation-Id
Origin-Cache-Control
X-Generated
X-RTag
X-Hyper-Cache
X-Amzn-Remapped-Content-Length
DB-Nickname
X-Vcache
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-Version
X-XRDS-LOCATION
Ec-Rule-Version
Azure-SiteName
X-Presslabs-Stats
Apigw-Requestid
X-Cache-2
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
Origin-Edge-Control
X-Urbn-Site-Id
Time
X-Urbn-Context-Path
Locale
X-Xfnlog-Site
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-EC-Lua
X-RequestSource
Country
X-Pad
X-Source
X-Old-Content-Length
Geo-Info
User-Agent
X-Cluster-Node
X-Varnish-Hostname
X-CDN-Forward
X-Debug-Cache
X-Soup
X-Backend-TTL
Upgrade-Insecure-Requests
X-Akamai-Request-ID
X-SRV
X-Cache-NE
X-App-Version
X-Parent-Response-Time
X-RCS-CacheZone
X-Proto
X-Tb
X-DC
X-Storefront-Renderer-Rendered
X-Cache-Backend
X-Cache-PHP
Proxy-Connection
X-NC
X-TA-CDN-Provider
FilterID
LB
X-Cache-Grace
Cache-Key
X-FORWARDED-FOR
X-Proxy-Cache-Status
X-Origin-CC
X-Forwarded-Host
X-Origin-TTL
MD5-Digest
Meta-Geo-Continent
Machine
M-TraceId
IsBot
X-Session-Fingerprint
True-Client-Country-4JS
T-Server
GEO-REGION-INFO
N-Cache
X-NodeID
Mobile-Detection-Method
X-Nginx-Cache-Key
ServerName
Rendered-Blocks
X-PAYTM-SRV-ID
X-App
X-ScT
X-Region-Sid
X-Response-By
X-Rewrite-Enabled
X-S
X-Rojux
Arc-Country
AsisCache
X-SIPLIST1
Content-Style-Type
Fastcgi-X-Cache-Version
Content-Script-Type
X-Processor
BehaviorPad-Version
X-SD-PageType
FNAC-ModuleRouting
Xc-Version
X-ARC
X-B-Cookie
X-Destination
X-Developer
X-Transaction
X-Accel-Expires-Debug
X-Aed
X-Application
X-Trv-Group
X-S-Cookie
X-Date
X-Connection-Hash
X-D
X-Twitter-Response-Tags
X-Vdms-Path
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-DevSite-Last-Modified
X-Trace-Id
X-A-Dcw
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-A-Dam
X-A-Ccd
VivaBuild
Who
X-A
X-VG-WebServer
X-A-Dgt
X-A-Wwc
X-Swa-Ws
X-External-Request-Id
X-Vdms-Version
X-VG-WebCache
X-SRCache-Key
X-G
UCS
Viewtype
X-AIR-PT
X-Uri
X-Magnolia-Registration
X-Tumblr-Pixel-3
User-Cache-Control
Sever-Int
Server-Host
Server-Ext
Server-Hostname
X-Level-Front-Cache
X-LAGOON
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Loc
RNT-Time
X-Owner
X-Node-Id
X-Micro-Cache
Mail-Subject
Magicmarker
X-RateLimit-Limit-Second
X-Policy
NGX
NM-Fastcgi-Cache
X-Logging-Id
RNT-Machine
Release
X-Matched-Rule
X-Method
Pagetype
X-Hnp-Log
We-Hiring
X-Cache-Info
X-Cache-URL
X-Cache-Bucket
X-Block-Status
X-Backend-State
X-Bip
X-Dispatcher-Server
X-Dispatch
X-Cms-Context
X-Compress-Hint
X-Clara-WADP
X-Developers
X-Device-Os
X-Fmm-Version
X-Gen-Mode
Wxu-Next-Region
X-Hash
Wxu-Next-Hostname
Wxu-Next-Commit
X-RateLimit-Remaining-Second
Web-Mar-Node
X-Geo-Header
X-Generation-Time
X-Agile-Id
X-Generated-In
X-Agile-Age
X-Agile
X-Generated-On
Vix-Hermes-Req-Id
On-Server
X-Scheme
X-Varnish-Cacheable
X-User
X-Thanos
X-Reqid
Referer-Policy
X-WADP-Cache
CacheControlHeader
CDCHOST
X-SN
X-ServiceProvider
X-Servername
X-Wikidot-Static-Cache
X-Wikidot-Backend
Kp-EeAlive
Apple-News-Services-Request-Url
X-Worker
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Req
X-SVT-ORM-RULES
X-Hit
OT-Force-Account-Verify
X-Has-Esi
X-VServer
X-VC-Cache
X-Var-Ttl
X-Auto-Login
X-Variation
X-Gzip
Node
X-VG-TLSProxy
X-BBXSRF
X-CGP
X-Key
X-Cache-Tags
X-Cache-Id
X-Edge-Location
X-Clientip
X-Core-Mission
X-Core-Value
X-Cluster-Name
X-Cache-FS-Status
X-Distil-CS
X-Epic-Correlation-Id
X-Esi-Check
X-Eu-Site
X-TrackingId
X-We-Are-Hiring
X-Webstats-RespID
X-Distributor
X-Envoy-Decorator-Operation
X-Fastly-Cache
W
Fastly-Drupal-HTML
X-Ah-Environment
Fastly-SIE
X-Location
Adler-Geo
Rt-Fastcgi-Cache
X-Server-W
Fastly-SWR
Platform
X-Mvc-Supplant-Cachable
X-NU-AKA-ACS-Version
X-Origin-Date
Gh-Request-Id
X-Request-Host
Ha-Gx-Prefs
X-Request-UUID
X-Skip-Cache
X-Slack-Backend
Viewport
X-TH-Server
X-Rebelmouse-Cache-Control
L5d-Success-Class
X-Irp-Debug
AKAMAI
X-Rebelmouse-Surrogate-Control
X-Is-Gdpr
X-JWT-State
Is-Eu
HA-Ipaddr
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
C-Via
Cache-Cookie-Set-From
X-Origin-Expires
X-Newrelic-Synthetics
Sid
X-Reboot
X-Varnish-Authentication
X-GoCache-CacheStatus
Pragrma
X-Li-Pop
X-LI-UUID
X-LI-Proto
X-Contensis-Viewer-Groups
X-Li-Fabric
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cache-ASPX
X-Backend-Host
Memcached
X-Varnish-Beresp-Ttl
X-Srv
X-Nc
GEO-INFO
X-BC
X-Be
X-Wa
X-Branch-Name
X-ZONE
S-Cnection
MIME-Version
X-Cache-Debug
X-Configured-By
Cf-Ipcountry
X-Dc
X-Varnish-URL
X-Up
X-Instart-Info
Fastly-Backend-Name
X-Refresh
HostName
X-Microcachable
X-Via-CDN
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopV
X-Via-PopH
X-Servedbyhost
X-Batcache
X-Ua-Device
X-Client-Ip
CACHE
X-Ms-Version
X-Ms-Request-Id
X-ElasticPress-Query
X-Minions-Version
X-TT-TIMESTAMP
X-Nginx-Cache
X-Cdn-Forward
X-UA
X-B3-Traceid
X-MSEdge-Features
X-MSEdge-Flight
Memory
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-ND-Cache
Esi-Enabled
X-VCL-Version
NR-ENABLED
WPE-Backend
NtCoent-Length
X-Sucuri-ID
X-TIME
X-Vgn-Hpd-Reason
X-App-Name
DCR-Processing-Time-Ms
L
DCR-Decision-By
X-Pjax-Url
Server-ID
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
Hostname
X-BE
X-Server-IP
GeoIP-Country-Code
Powered-By-ChinaCache
Cache-Host
Pramga
X-COUNTRY
X-Fastly-Cache-Status
X-Zone
X-Bc
X-Svr
Location
X-Oss-Server-Time
X-FPC
X-Cdn-Srv
HitType
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-CF-Powered-By
X-Oss-Storage-Class
X-PF-Uncompressing
Ohc-File-Size
GeoIP-Latitude
FSS-Cache
X-BACKEND-TTL
X-Ratelimit-Reset
X-Varnishpool
X-Generated-By
Server-Cache-Control
X-LB-ID
X-GEO
Server-Surrogate-Control
X-Unique-ID
X-S-Maxage
X-Sucuri-Cache
Ohc-Response-Time
X-Check-Cacheable
X-Azure-Ref-OriginShield
Resin-Trace
Tracecode
X-VarnishDD-TTL
X-Original-Request-Id
X-Varnish-Ttl
PFcat
X-OVcl-Cache
X-Rocket-Nginx-Bypass
X-OVcl
Cteonnt-Length
X-VCT
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-Instart-Isnd
Request-EU
X-Fastly-Country-Code
Locid
X-Edge-Server
X-Platform
Request-Country
X-Render-Time
Cdn-Request-Time
Heartbleed
Cdn-Host
X-Varnish-Hits
X-VHOST
X-PJAX-URL
X-Request-URI
X-HS-Status
X-Cache-Expired-At
X-Newrelic-App-Data
X-Fpc
X-CSRF-TOKEN
CF-Cached-On
X-CUA
Geoip-Latitude
GeoIp-Country-Code
Lfy
Amp-Access-Control-Allow-Source-Origin
SRV
Epwk-X-Cache
X-Pf-Uncompressing
X-Gamma-Serve
Pics-Label
X-Ratelimit-Remaining
X-Vcl-Version
SN
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-Shopify-Generated-Cart-Token
X-CACHE-KEY
WWW-Authenticate
X-WebServer
X-ECache
X-NGINX-Cache
X-RunCloud-Cache
Backend-Name
Backend
XServer
X-Varnish-Url
WZWS-RAY
X-ServedByHost
X-Via-Poph
X-StackifyID
X-Via-Popv
Product
X-Ratelimit-Limit
URI
X-Proxy-Upstream
X-Csrf-Jwt
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
X-Tec-Api-Root
X-Cdn-Origin
CloudFront-Viewer-Country
My-App
X-Sn-Servicetimems
X-Oss-Cdn-Auth
X-Tec-Api-Version
X-Fetched-On
X-Tec-Api-Origin
Mime-Version
X-GeoIP-Country-Code
X-Nananana
X-Sigma-Backend
A
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Request-Time
X-Rocket-Build-Number
X-Sigma
Lb
Cloudfront-Viewer-Country
Server-Ttl
CF-IPCountry
X-Cache-Tag
Host-ID
PICS-Label
X-Debug-Ysi-Auth
X-Debug-Cache-Bypass
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Xas-Auth
X-B3-Spanid
X-Tb-Optimization-Total-Bytes-Saved
X-B3-SpanId
SID
Dt-Cache-Category
Ohc-Cache-HIT
X-LiteSpeed-Cache-Control
X-Debug-Do-Not-Cache-Uri
X-Cache-Version
X-Apw-Access-Object
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Apw-Access-Token
X-Apw-Hits
X-Request-Start
X-Varnish-Beresp-TTL
X-DPWN-IS-SECURE
Dnion-Transfer-Encoding
Cneonction
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
Proxy-Firewall
X-WA
X-APP
Country-Code
Group
FSS-Proxy
X-Served-From
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-Request-URL
X-Html-Edge-Cache
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-WR-MODIFICATION
X-VC
Inserted-Into-Cache-At
Cdn
X-Swift-Error
X-ElasticPress-Search
Warning