Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
Server-Timing
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Accept-CH
X-Rack-Cache
Host-Header
Edge-Control
X-Url
RTSS
Accept-CH-Lifetime
MS-Author-Via
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
Verso
X-Goog-Hash
X-Varnish-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-B3-TraceId
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
X-Amz-Server-Side-Encryption
Display
X-Middleton-Response
X-Sol
Pagespeed
X-Middleton-Display
Response
X-MS-InvokeApp
X-Cache-TTL
X-DynaTrace
X-Content-Type
X-Cdn
X-D2id
X-NF-Request-ID
X-Ttl
X-Amz-Rid
TCN
X-Vcap-Request-Id
X-CST
X-Cached
X-VARITI-CCR
X-Abt-Application-Version
Pinterest-Generated-By
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-Request-ID
X-ESI
X-Powered-CMS
X-Version
X-Navigation-Version
X-Upstream
X-Fastly-Request-ID
Cache-Tag
X-Debug
X-Server-Name
X-Grace
X-Instart-Request-ID
Access-Control-Request-Method
Accept-Ch
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Charset
X-MSEdge-Ref
X-Element-Page-Cache
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Nginx-Cache
Realpath
Content-MD5
X-Ezoic-Cdn
X-Accel-Expires
X-DynaTrace-JS-Agent
Accept-Ch-Lifetime
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
SPRequestDuration
SPIisLatency
X-Hp-Webp
X-Jurisdiction
X-Pinterest-Rid
X-Amz-Meta-S3cmd-Attrs
Pinterest-Version
SPRequestGuid
X-SharePointHealthScore
X-Recruiting
S
X-Id
X-Dw-Request-Base-Id
X-Kinsta-Cache
X-T
X-Content-Digest
X-Cache-Key
X-Trace
Fastcgi-Cache
X-Logged-In
X-TTL
X-Node-Name
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Hostname
X-Mobile-URL
X-Oneagent-Js-Injection
ServerID
X-Request-Processing-Time
X-Request-Received
Fastly-Restarts
X-Amzn-Trace-Id
X-Cache-Hit
X-Frontend
Server-Node
Front-End-Https
X-Cache-Age
X-FastCGI-Cache
X-Server-ID
X-Client-IP
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-Forwarded-For
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
Edge-Cache-Tag
X-Yandex-Sdch-Disable
Powered
X-GUploader-UploadID
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
Server-Name
Arc-Version
PB-PID
PB-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Ah-Environment
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Page-Id
X-Hits
X-Akamai-Edgescape
X-DIS-Request-ID
X-Revision
X-Kong-Proxy-Latency
X-F-Cache
X-Kong-Upstream-Latency
Filters
X-Jobs
X-LB-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Zen-Fury
X-Correlation-Id
X-Origin-Server
Alternate-Protocol
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Fastcgi-Cache
X-Mobile-Rewrite
X-Content-Powered-By
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
Accept-Charset
X-Daa-Tunnel
X-N
X-FTR-Cache-Host
X-Ruxit-Js-Agent
Cache-Tags
X-RateLimit-Remaining
X-B
X-Varnish-Backend
X-Type
X-Pass-Why
X-Rid
DC
Paypal-Debug-Id
X-Varnish-Grace
X-Ser
X-WebKit-CSP-Report-Only
Surrogate-Key
X-Esi
X-Git-Hash
Section-Io-Cache
X-Content-Options
X-Signature
X-Whom
X-App-Environment
X-B-Cache
Retry-After
X-Amz-Replication-Status
Host
X-Request-Guid
X-TT
X-FB-Debug
X-Edge
X-AppVersion
X-Activity-Id
X-Az
X-IPLB-Instance
Fastcgi-Useragent
X-Status
X-Debug-Info
X-Via-JSL
Frame-Options
Actual-Object-TTL
X-Endurance-Cache-Level
X-Webkit-CSP
Healthy
Nel
MicrosoftSharePointTeamServices
X-ATG-Version
X-HTML-Minification-Powered-By
Backend-Timing
Srv
X-ATS-Timestamp
X-AOL-HN
X-Contextid
X-App-Server
X-Cache-Action
X-Release
Content-Disposition
X-Seen-By
Refresh
X-Amzn-RequestId
X-Amz-Apigw-Id
X-ECACHE
From-Origin
X-B3-Sampled
Access-Control-Allow-Method
X-Protected-By
X-Cache-Rule
X-Accel-Buffering
X-Pinterest-Direct
X-Response-Served-From
X-ProcessESI
X-RemovedCookies
X-Region
X-Cache-Operation
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-Rendered-As
VIX-Pulpo-Node
X-Upgrade-Enabled
X-Instance
X-Cacheable-TTL
X-Is-Bot
X-Mid
X-MCACHE
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-UUID
X-FW-Server
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Type
Datacenter
X-Environment-Context
X-L-Path
X-WA-Info
X-Host-Name
X-Rule
X-Cache-Time
Eomportal-Instance
Payment
X-Varnish-Server
Countrycode
Uber-Trace-Id
X-Adobe-Content
X-Adobe-Loc
MS-CV
X-Time
X-Litespeed-Cache
X-Proxy
X-EdgeConnect-Cache-Status
X-Cached-By
X-Akamai-Request-ID2
Xserver
Source
X-Cache-Server
X-Mobile
X-Cache-Control
X-Load-Cache
X-NewRelic-App-Data
X-UnsetCookies
X-PHP-Backend
Access-Control-Request-Headers
X-Air-Hostname
X-Azure-Ref
Accept-Language
X-SERVER-NAME
X-GeoIP
X-Akamai-Transformed
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Backend-Name
X-NWS-UUID-VERIFY
X-NGENIX-Cache
Server-Info
X-Cache-NGX
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Handled-By
Version
Liferay-Portal
X-Mode
X-Vcache
X-Wix-Request-Id
X-Unique-Id
X-Framework
Cache-Status
X-RateLimit-Limit
X-CSRF-Token
X-Correlation-ID
Filterid
X-URL
X-Presslabs-Stats
X-Cluster
X-FireWall-Port
X-ES-SERVER
X-Locale
X-CCM
X-Cache-Var-Map
X-Cache-Var
X-LJ-Flow-ID
X-UPSTREAM-Address
X-Zipkin-Id
X-Tumblr-Pixel-2
X-Adobe-Source
X-ApacheServer
X-Tumblr-Pixel-1
Meta-Geo
X-UA-Device-Type
Load-Balancing
X-Path-Route
X-Proxied
X-PERF
X-VWS-Id
Cross-Origin-Window-Policy
X-Routing-Service
X-AWS-Id
X-RN-RSRV
X-Via-Fastly
Mn-Server-Ip
X-Cache-Status-Check
X-MP-GENERATED-AT
X-Viewer-Country
X-Section
X-Detected-As
X-TX-ID
X-IP
X-Format
X-Www-Served-By
X-NCache
Now
X-Site-Version
Cache-Hits
ServedBy
X-Access
X-Real-IP
X-Qloud-Router
X-Pubstack
Akamai-GRN
DSUID
Cache
X-IPS-LoggedIn
X-Device-Type
X-CS
S-Rt
X-Cache-Config
X-FW-Version
Property-Id
Decoy-Debug-TTL
Cleartype
Cache-Tv-Group
Cache-Name
X-Human
DB-Nickname
Decoy-Debug-Status
Decoy-Debug-Key
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Ua
TWC-Privacy
X-Amzn-Remapped-Content-Length
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Bc-Bl
Section-Origin-Responded
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Section-Io-Origin-Status
X-Info
X-Say-Cacheable
X-Say-TTL
X-PCL
X-Web-Node
X-Storage
X-R9-Blue-Green-Version
X-Redis-Cache
X-Varnish-Cache-Hits
X-SayCDN-TTL
X-Origin-Hint
Apigw-Requestid
X-OCL
X-ServerID
X-Cache-Enabled
X-Cache-Host
X-Shopify-Stage
X-Time-Microsecs
X-ShardId
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-BYPASS-REASON
X-ShopId
X-FC-Vary-Parameters
X-Origin
X-Hyper-Cache
X-Alternate-Cache-Key
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
Webserver
X-ProxyCache-Key
X-PHP-Host
X-Sorting-Hat-PodId
X-Hosted-By
X-EIG-Tracking-Id
Fastly-SSL
X-Timing-Wait
X-Cache-2
X-TNCMS
X-APP-VERSION
X-Hl-Ver
X-JoinUs
X-PressLabs-Stats
X-Proxy-Build
X-From
X-SaId
X-Loop
X-FB-TRIP-ID
X-BCube-Filmed-By
X-Content-Age
Azure-RegionName
Selected-Fe
Azure-InstanceId
X-Geo
Azure-SlotName
Azure-Version
X-Cache-Remote
Origin-Cache-Control
Azure-SiteName
NGB
X-RTag
Ms-Operation-Id
X-Urbn-Site-Id
X-No-Session
Locale
X-Urbn-Context-Path
Ec-Rule-Version
X-Generated
X-XRDS-LOCATION
X-CDN-Forward
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
Time
X-VCache
Origin-Edge-Control
X-SRV
X-EC-Lua
X-Xfnlog-Site
X-Backend-TTL
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
Country
X-Debug-Cache
X-Pad
X-Source
X-Soup
X-Varnish-Hostname
X-Old-Content-Length
X-Storefront-Renderer-Rendered
X-NC
X-App-Version
X-Cluster-Node
Upgrade-Insecure-Requests
X-Proto
X-Tb
X-RequestSource
X-TA-CDN-Provider
User-Agent
X-Akamai-Request-ID
X-Cache-PHP
X-DC
X-RCS-CacheZone
LB
X-Parent-Response-Time
X-Cache-NE
Geo-Info
Proxy-Connection
X-App
Cache-Key
X-Cache-Backend
Referer-Policy
GEO-INFO
X-Client-Ip
FilterID
X-FORWARDED-FOR
X-Origin-TTL
X-Origin-CC
X-Cache-Grace
X-Magnolia-Registration
Content-Script-Type
X-B-Cookie
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-NodeID
Content-Style-Type
X-Application
X-Method
AsisCache
Arc-Country
AKAMAI
X-ARC
NGX
BehaviorPad-Version
X-Generation-Time
X-Aed
X-Geo-Header
CacheControlHeader
X-Nginx-Cache-Key
X-A-Ccd
Viewtype
UCS
True-Client-Country-4JS
VivaBuild
X-Developers
X-CF-Lambda-Version
Who
Mobile-Detection-Method
T-Server
N-Cache
X-D
X-Destination
Rendered-Blocks
X-Connection-Hash
On-Server
X-Developer
X-Cms-Context
Meta-Geo-Continent
MD5-Digest
GEO-REGION-INFO
X-External-Request-Id
X-Edge-Location
X-A-Dgt
FNAC-ModuleRouting
Fastcgi-X-Cache-Version
X-G
X-A-Wwc
X-A-Dcw
X-A-Dam
X-DevSite-Last-Modified
M-TraceId
Machine
X-Dispatch
X-A
X-Date
IsBot
X-Accel-Expires-Debug
X-ScT
X-SIPLIST1
X-Tumblr-Pixel-3
X-Proxy-Cache-Status
X-Processor
X-SVT-ORM-RULES
X-SD-PageType
X-Scheme
X-Rewrite-Enabled
X-Rojux
X-S
X-S-Cookie
X-SVT-ORM-VERSION
X-Swa-Ws
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Trace-Id
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Response-By
X-SRCache-Key
X-AIR-PT
X-Region-Sid
User-Cache-Control
X-Uri
X-Forwarded-Host
X-Req
Pagetype
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Node-Id
X-Dispatcher-Server
X-User
Release
X-Agile
NM-Fastcgi-Cache
X-Agile-Id
Mail-Subject
Magicmarker
X-Device-Os
X-Thanos
X-Agile-Age
X-Thinkindot-L3
X-WADP-Cache
X-Worker
OT-Force-Account-Verify
Viewport
V-Age
X-Clara-WADP
Wxu-Next-Region
X-Owner
Wxu-Next-Hostname
Web-Mar-Node
We-Hiring
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-VC-Cache
Thinkindot-Control
Server-Host
Server-Ext
X-Compress-Hint
X-RateLimit-Remaining-Second
Server-Hostname
ServerName
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Varnish-Cacheable
Sever-Int
X-RateLimit-Limit-Second
X-Policy
X-Hash
X-Hnp-Log
X-Block-Status
X-Location
X-Has-Esi
X-Bip
X-Key
CDCHOST
Kp-EeAlive
X-Cache-Bucket
X-Cache-FS-Status
X-Logging-Id
X-Is-Gdpr
X-JWT-State
Apple-News-Services-Handled
Apple-News-Services-Host
X-Matched-Rule
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-LAGOON
X-Server-W
Gh-Request-Id
X-Cache-URL
X-Loc
X-Skip-Cache
Pragrma
X-Auto-Login
X-Reqid
X-SN
Node
X-Backend-State
X-Cache-Info
X-Micro-Cache
X-Servername
X-Generated-On
X-Generated-In
X-Gen-Mode
X-Fmm-Version
X-Level-Front-Cache
X-ServiceProvider
X-Distributor
X-Hit
X-Cluster-Name
X-Cache-Tags
MIME-Version
X-Cache-Id
X-Webstats-RespID
X-VServer
X-We-Are-Hiring
X-TrackingId
X-Esi-Check
X-Eu-Site
X-Epic-Correlation-Id
X-Envoy-Decorator-Operation
X-NU-AKA-ACS-Version
X-Distil-CS
X-Slack-Backend
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Request-Host
X-Gzip
X-Session-Fingerprint
X-Fastly-Cache
X-TH-Server
X-Origin-Date
X-Varnish-Authentication
X-Variation
X-Clientip
X-Rebelmouse-Cache-Control
X-VG-TLSProxy
X-Contensis-Viewer-Groups
X-Core-Mission
X-Origin-Expires
X-Request-UUID
X-Rebelmouse-Surrogate-Control
X-Var-Ttl
X-Core-Value
X-CGP
L5d-Success-Class
Fastly-Drupal-HTML
W
Fastly-SWR
Platform
X-Varnish-Beresp-Grace
HA-Ipaddr
X-Cache-ASPX
Rt-Fastcgi-Cache
Ha-Gx-Prefs
Is-Eu
X-Varnish-Beresp-Ttl
X-BBXSRF
X-Varnish-Beresp-Status
C-Via
X-Backend-Host
Fastly-SIE
Adler-Geo
X-Newrelic-Synthetics
Memcached
X-LI-UUID
X-Li-Pop
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-GoCache-CacheStatus
X-Li-Fabric
RNT-Time
X-LI-Proto
X-Reboot
RNT-Machine
Sid
Fastly-Backend-Name
X-Wa
X-Up
X-Via-CDN
X-Configured-By
X-Minions-Version
X-BC
X-ZONE
X-Dc
Cf-Ipcountry
X-ElasticPress-Query
X-Batcache
X-Cache-Debug
X-Varnish-URL
X-Branch-Name
X-Refresh
X-Be
S-Cnection
X-Nc
X-Srv
X-Aicache-OS
X-Nginx-Cache
X-Servedbyhost
X-Ua-Device
CACHE
X-Instart-Info
X-UA
X-B3-Traceid
HostName
DCR-Processing-Time-Ms
X-Via-PopH
X-BE
X-Mvc-Supplant-OutputCached
X-Platform-Server
X-Via-PopV
DCR-Decision-By
X-Envoy-Upstream-Healthchecked-Cluster
Hostname
X-Microcachable
X-Ms-Version
X-Fastly-Cache-Status
X-MSEdge-Flight
X-MSEdge-Features
X-Ms-Request-Id
X-ND-Cache
X-VCL-Version
Memory
X-PF-Uncompressing
X-TT-TIMESTAMP
Pramga
X-Ratelimit-Reset
X-TIME
X-Sucuri-ID
X-Zone
X-Pjax-Url
X-Debug-Panamera-Sitecode
Location
Esi-Enabled
X-Varnishpool
X-Bc
X-Debug-Panamera-Host
X-Original-Request-Id
NtCoent-Length
HitType
Powered-By-ChinaCache
X-Cdn-Forward
X-COUNTRY
X-LB-ID
GeoIP-Country-Code
X-Sucuri-Cache
X-Oss-Object-Type
X-Check-Cacheable
X-Oss-Request-Id
GeoIP-Latitude
X-App-Name
Server-ID
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-FPC
L
X-CF-Powered-By
FSS-Cache
X-Vgn-Hpd-Reason
X-Cdn-Srv
X-OVcl-Cache
PFcat
Ohc-File-Size
X-OVcl
Cache-Host
X-Server-IP
X-GEO
X-VarnishDD-TTL
Server-Cache-Control
X-Generated-By
Server-Surrogate-Control
X-Vgn-Hpd-Ssi
Resin-Trace
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Instart-Isnd
X-Azure-Ref-OriginShield
X-Svr
X-Render-Time
X-Varnish-Ttl
X-Platform
X-Fastly-Backend-Reqs
Cteonnt-Length
X-BACKEND-TTL
X-S-Maxage
Ohc-Response-Time
X-Fastly-Country-Code
X-Unique-ID
X-CUA
Tracecode
X-Rocket-Nginx-Bypass
X-Fpc
X-HS-Status
X-VHOST
X-Cache-Expired-At
Pics-Label
X-PJAX-URL
Epwk-X-Cache
X-Varnish-Hits
X-VCT
X-CSRF-TOKEN
WPE-Backend
Locid
NR-ENABLED
X-Edge-Server
Heartbleed
Cdn-Host
Cdn-Request-Time
Geoip-Latitude
GeoIp-Country-Code
Request-Country
Request-EU
X-Newrelic-App-Data
CF-Cached-On
SRV
X-Ratelimit-Remaining
Backend-Name
Backend
X-RunCloud-Cache
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Pf-Uncompressing
X-Request-URI
X-Via-Poph
X-Gamma-Serve
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
Lfy
X-Csrf-Jwt
X-Oracle-Dms-Rid
X-Via-Popv
SN
X-NGINX-Cache
X-CACHE-KEY
X-ECache
WWW-Authenticate
X-StackifyID
X-Amzn-Remapped-Connection
X-Request-Time
X-Amzn-Remapped-Date
X-ServedByHost
X-Rocket-Build-Number
XServer
X-Sigma-Backend
X-Varnish-Url
X-Sigma
X-Ratelimit-Limit
X-Ftr-Cache-Host
CloudFront-Viewer-Country
CF-IPCountry
X-Oss-Cdn-Auth
URI
X-Tec-Api-Root
X-Tec-Api-Origin
X-WebServer
X-Tec-Api-Version
X-Nananana
X-Shopify-Generated-Cart-Token
X-Proxy-Upstream
X-Debug-Cache-Fetch
Product
X-Apw-Access-Action
X-Debug-Cache-Store
Host-ID
X-DPWN-IS-SECURE
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
Lb
X-Sn-Servicetimems
PICS-Label
X-Tb-Optimization-Total-Bytes-Saved
My-App
Country-Code
SID
WZWS-RAY
X-Cdn-Origin
X-Cache-Tag
Cloudfront-Viewer-Country
X-Fetched-On
X-Debug-Cache-String
X-LiteSpeed-Cache-Control
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-Debug-Cache-Bypass
Server-Ttl
X-B3-Spanid
X-Cache-Version
X-Acquia-Application-UUID
Dnion-Transfer-Encoding
X-Acquia-Purge-Tags
X-Acquia-Site
CDN-EdgeStorageId
CDN-Uid
X-Via-Ucdn
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
CDN-Cache
X-Acquia-Application-Trace
Cneonction
Ohc-Cache-HIT
X-WA
X-GeoIP-Country-Code
Proxy-Firewall
A
Mime-Version
X-Amz-Meta-Cb-Modifiedtime
X-B3-SpanId
X-IN-APIGATEWAYSSL
Surrogated-Key
X-WR-MODIFICATION
X-IN-APIGATEWAY
X-ElasticPress-Search
X-Request-URL
X-Dw-Trace-Id
X-Snapshot-Date
Warning
Inserted-Into-Cache-At
X-Swift-Error
Dt-Cache-Category
X-Varnish-Beresp-TTL
X-Html-Edge-Cache
Cf-Alt-Svc
X-SB
X-VC
FSS-Proxy