Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Request-ID
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Vhost
X-Device
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Node
X-Dns-Prefetch-Control
X-Backend-Server
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Cnection
X-Country-Code
Host-Header
Accept-CH
X-Rack-Cache
X-Url
Edge-Control
RTSS
MS-Author-Via
X-Clacks-Overhead
Accept-CH-Lifetime
X-Px
X-Cdn
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Public-Key-Pins
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Pagespeed
X-Middleton-Display
X-Middleton-Response
Display
X-Sol
Response
X-MS-InvokeApp
X-Cache-TTL
X-Content-Type
X-DynaTrace
X-D2id
X-NF-Request-ID
X-Amz-Rid
X-Vcap-Request-Id
X-VARITI-CCR
X-CST
X-Cached
X-Abt-Application-Version
X-Ttl
TCN
Pinterest-Generated-By
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
AR-Request-ID
X-ESI
X-Powered-CMS
X-Navigation-Version
X-Version
X-Upstream
X-Fastly-Request-ID
Accept-Ch
X-Server-Name
X-Debug
Cache-Tag
X-Grace
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Charset
X-Element-Page-Cache
Accept-Ch-Lifetime
X-MSEdge-Ref
X-XRDS-Location
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Nginx-Cache
Realpath
Content-MD5
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
X-Jurisdiction
X-Hp-Webp
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
SPRequestGuid
X-SharePointHealthScore
Pinterest-Version
X-Recruiting
X-Id
X-Dw-Request-Base-Id
S
X-TTL
X-T
X-Kinsta-Cache
X-Content-Digest
X-Cache-Key
X-Logged-In
X-Trace
Fastcgi-Cache
X-NWS-LOG-UUID
X-Node-Name
Fastly-Restarts
TP-L2-Cache
TP-Cache
ServerID
X-Request-Processing-Time
X-Request-Received
X-Mobile-URL
X-Amzn-Trace-Id
X-Cache-Hit
Front-End-Https
X-Frontend
Server-Node
X-Cache-Age
X-Hostname
X-Client-IP
X-Forwarded-For
X-FastCGI-Cache
X-Yandex-Sdch-Disable
X-FTR-Realm
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
Edge-Cache-Tag
Powered
X-Server-ID
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-FTR-Expires
Server-Name
PB-PID
PB-RID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Upstream-Latency
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-User-Agent
X-Page-Id
X-Akamai-Edgescape
X-Hits
X-Ruxit-Js-Agent
Filters
X-DIS-Request-ID
X-Jobs
X-F-Cache
X-LB-Cache
X-Revision
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Correlation-Id
X-Fastcgi-Cache
X-Ah-Environment
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Content-Powered-By
X-Mobile-Rewrite
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Webkit-CSP
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Varnish-Age
X-Daa-Tunnel
Accept-Charset
X-N
X-FTR-Cache-Host
X-RateLimit-Remaining
X-B
Cache-Tags
X-Ser
X-Varnish-Backend
X-Type
Paypal-Debug-Id
DC
X-Amz-Replication-Status
X-Varnish-Grace
X-WebKit-CSP-Report-Only
X-Rid
Surrogate-Key
Section-Io-Cache
X-Whom
X-Git-Hash
X-App-Environment
X-Content-Options
X-Request-Guid
X-B-Cache
X-Pass-Why
Retry-After
X-Signature
Host
X-TT
X-FB-Debug
X-Activity-Id
X-AppVersion
X-Az
X-Esi
X-Edge
X-IPLB-Instance
X-Status
X-Endurance-Cache-Level
Frame-Options
X-Debug-Info
Actual-Object-TTL
X-Via-JSL
Healthy
Fastcgi-Useragent
MicrosoftSharePointTeamServices
X-HTML-Minification-Powered-By
X-ATG-Version
Srv
Nel
X-AOL-HN
X-Release
X-ATS-Timestamp
X-App-Server
X-Contextid
X-Cache-Action
Backend-Timing
Content-Disposition
Refresh
X-ECACHE
From-Origin
X-Seen-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-Sampled
Access-Control-Allow-Method
X-Protected-By
X-Accel-Buffering
X-Pinterest-Direct
X-Response-Served-From
X-ProcessESI
X-Region
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-RemovedCookies
X-Upgrade-Enabled
X-Instance
VIX-Pulpo-Upstream-Status
X-Mid
X-Is-Bot
X-Cache-Rule
VIX-Pulpo-Node
X-MCACHE
X-Rendered-As
Odigeo-Trace-Id
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Type
X-WA-Info
X-L-Path
X-UUID
X-FW-Hash
X-FW-Dynamic
Datacenter
X-Cache-Operation
X-Cacheable-TTL
X-Environment-Context
Eomportal-Instance
X-Rule
Payment
X-Time
X-Adobe-Content
MS-CV
X-Varnish-Server
X-Adobe-Loc
X-Drupal-Cache-Tags
X-Cache-Time
Uber-Trace-Id
Countrycode
X-Host-Name
X-Proxy
X-Cached-By
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Litespeed-Cache
Xserver
X-Cache-Server
X-NewRelic-App-Data
X-Mobile
Source
X-Cache-Control
X-Load-Cache
X-UnsetCookies
X-Air-Hostname
X-PHP-Backend
X-Azure-Ref
Accept-Language
Access-Control-Request-Headers
Server-Info
X-GeoIP
X-Backend-Name
X-Yottaa-Metrics
X-Akamai-Transformed
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-NGX
X-Yottaa-Optimizations
X-NGENIX-Cache
X-SERVER-NAME
Version
X-Handled-By
X-Framework
X-NWS-UUID-VERIFY
X-Mode
Liferay-Portal
X-RateLimit-Limit
X-CSRF-Token
Filterid
X-Vcache
X-Unique-Id
X-Wix-Request-Id
X-XRDS-LOCATION
Cache-Status
X-Correlation-ID
X-PERF
X-Routing-Service
X-ES-SERVER
X-Proxied
X-UA-Device-Type
X-URL
X-UPSTREAM-Address
Meta-Geo
X-Via-Fastly
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-VWS-Id
Load-Balancing
X-Cache-Var-Map
X-Path-Route
X-CCM
X-Presslabs-Stats
Cross-Origin-Window-Policy
X-ApacheServer
X-Adobe-Source
X-LJ-Flow-ID
X-Locale
X-Cluster
X-AWS-Id
X-RN-RSRV
X-Zipkin-Id
X-FireWall-Port
X-Cache-Var
X-NCache
X-Qloud-Router
X-Section
X-Viewer-Country
Now
Mn-Server-Ip
X-Real-IP
ServedBy
X-Cache-Status-Check
X-Www-Served-By
X-Access
X-Detected-As
X-Format
X-Pubstack
X-Site-Version
Cache-Hits
X-IP
Akamai-GRN
DSUID
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Section-Io-Id
Property-Id
DB-Nickname
Cleartype
Decoy-Debug-Key
Decoy-Debug-Status
X-ServerID
Decoy-Debug-TTL
TWC-Privacy
Webcakes-App-Name
X-MP-GENERATED-AT
X-R9-Blue-Green-Version
X-PressLabs-Stats
X-OCL
X-PCL
X-Origin-Hint
X-Info
X-FW-Version
Webcakes-Region
Webcakes-App-Version
X-Bc-Bl
X-CS
X-Redis-Cache
X-Device-Type
Cache-Name
TWC-Connection-Speed
X-TX-ID
X-IPS-LoggedIn
X-Hyper-Cache
X-Varnish-Cache-Hits
Apigw-Requestid
Cache
X-Say-Cacheable
X-Sorting-Hat-ShopId
X-BYPASS-REASON
X-Amzn-Remapped-Content-Length
X-Storage
X-SayCDN-TTL
X-Alternate-Cache-Key
X-Cache-Config
X-EIG-Tracking-Id
X-Origin
X-ProxyCache-Status
X-ProxyCache-Key
X-Human
X-Hosted-By
X-Geo
S-Rt
X-FC-Vary-Parameters
X-Cache-Enabled
X-Say-TTL
X-Sorting-Hat-PodId
X-Shopify-Stage
Cache-Tv-Group
X-ShopId
X-ShardId
Fastly-SSL
X-Web-Node
X-Cache-Host
X-Time-Microsecs
X-Content-Age
X-From
Webserver
X-Timing-Wait
X-SaId
Azure-InstanceId
X-Cache-2
X-Hl-Ver
X-NYM-Debug-Backend
Selected-Fe
Azure-SlotName
Azure-SiteName
Azure-RegionName
X-PHP-Host
X-Labrador-Cache-Channel
Azure-Version
X-JoinUs
X-Proxy-Build
X-Loop
X-Cache-Remote
X-Ua
Origin-Cache-Control
X-RTag
Ms-Operation-Id
X-FB-TRIP-ID
X-TNCMS
NGB
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-APP-VERSION
X-BCube-Filmed-By
Ec-Rule-Version
X-No-Session
X-Generated
X-Cache-TTL-Remaining
X-VCache
X-Drupal-Cache-Contexts
X-CDN-Forward
X-EC-Lua
Origin-Edge-Control
X-Xfnlog-Site
Time
Country
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-SRV
X-Debug-Cache
X-Source
X-Backend-TTL
X-Pad
X-App-Version
X-Soup
X-Storefront-Renderer-Rendered
X-Old-Content-Length
X-Varnish-Hostname
Upgrade-Insecure-Requests
X-Proto
X-Cluster-Node
X-Akamai-Request-ID
X-NC
X-Tb
X-Cache-PHP
Geo-Info
X-TA-CDN-Provider
X-RequestSource
LB
X-Parent-Response-Time
X-RCS-CacheZone
X-Cache-NE
User-Agent
X-App
Referer-Policy
Proxy-Connection
X-DC
Cache-Key
X-Cache-Backend
X-Magnolia-Registration
X-Origin-TTL
X-Cache-Grace
X-Origin-CC
GEO-INFO
FilterID
NGX
X-Client-Ip
CacheControlHeader
BehaviorPad-Version
Fastcgi-X-Cache-Version
FNAC-ModuleRouting
Content-Style-Type
Content-Script-Type
Arc-Country
X-A-Dcw
X-A-Dgt
X-A-Dam
AKAMAI
X-A
X-A-Ccd
AsisCache
M-TraceId
Viewtype
Mobile-Detection-Method
N-Cache
On-Server
T-Server
Rendered-Blocks
VivaBuild
Who
True-Client-Country-4JS
IsBot
Machine
MD5-Digest
X-A-Wwc
Meta-Geo-Continent
GEO-REGION-INFO
X-G
X-SIPLIST1
X-SD-PageType
X-SRCache-Key
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-ScT
X-Scheme
X-Rewrite-Enabled
X-Rojux
X-S
X-S-Cookie
X-Swa-Ws
X-Trace-Id
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Path
X-Response-By
X-Region-Sid
X-Connection-Hash
X-Cms-Context
X-D
X-Date
X-Destination
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Developer
X-Developers
X-Nginx-Cache-Key
X-NodeID
X-PAYTM-SRV-ID
X-Processor
X-Method
X-Geo-Header
X-Dispatch
X-Edge-Location
X-External-Request-Id
X-Generation-Time
X-Accel-Expires-Debug
UCS
X-Tumblr-Pixel-3
X-FORWARDED-FOR
X-Forwarded-Host
X-Uri
User-Cache-Control
OT-Force-Account-Verify
X-Distributor
Node
Web-Mar-Node
X-Matched-Rule
X-Clara-WADP
X-Hnp-Log
X-AIR-PT
NM-Fastcgi-Cache
We-Hiring
X-Hash
Mail-Subject
Magicmarker
X-Level-Front-Cache
X-Loc
Kp-EeAlive
X-LAGOON
X-Logging-Id
Wxu-Next-Commit
X-Key
X-Location
Pagetype
Sever-Int
X-DevSite-Last-Modified
X-Dispatcher-Server
Server-Hostname
X-Device-Os
Thinkindot-CacheControl
X-Proxy-Cache-Status
Thinkindot-Control
Thinkindot-CacheControl-Type
Server-Host
Server-Ext
X-Gen-Mode
X-Generated-In
X-Micro-Cache
X-Generated-On
Release
X-Fmm-Version
V-Age
Viewport
Vix-Hermes-Req-Id
X-Compress-Hint
Gh-Request-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Agile-Age
X-Thinkindot-L3
Wxu-Next-Hostname
X-Agile
X-Agile-Id
X-Varnish-Cacheable
X-Auto-Login
X-Backend-State
Pragrma
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VC-Cache
X-Bip
X-WADP-Cache
X-Thanos
X-Block-Status
X-RateLimit-Remaining-Second
X-Req
X-SN
X-RateLimit-Limit-Second
X-Policy
Wxu-Next-Region
X-Cache-URL
X-Owner
X-Cache-Info
X-Reqid
X-Cache-Bucket
X-Cache-FS-Status
X-ServiceProvider
CDCHOST
X-Server-W
X-Cluster-Name
X-Hit
X-Cache-ASPX
X-CGP
X-BBXSRF
X-Contensis-Viewer-Groups
X-Cache-Id
X-Core-Value
X-Core-Mission
X-Is-Gdpr
X-TH-Server
X-TrackingId
X-Slack-Backend
X-Skip-Cache
X-Request-UUID
X-Servername
X-User
X-Var-Ttl
X-Worker
MIME-Version
X-Webstats-RespID
X-VServer
X-Varnish-Authentication
X-VG-TLSProxy
X-Request-Host
X-Origin-Expires
X-Fastly-Cache
X-Gzip
X-Eu-Site
X-Esi-Check
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-Has-Esi
X-Irp-Debug
X-Node-Id
X-Origin-Date
X-Varnish-Beresp-Grace
X-JWT-State
X-Backend-Host
X-Distil-CS
X-Mvc-Supplant-Cachable
ServerName
Ha-Gx-Prefs
Fastly-Drupal-HTML
L5d-Success-Class
W
HA-Ipaddr
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-We-Are-Hiring
X-LI-UUID
X-GoCache-CacheStatus
Platform
X-Clientip
X-LI-Proto
X-Li-Pop
Memcached
Adler-Geo
Rt-Fastcgi-Cache
X-Li-Fabric
X-Variation
Is-Eu
Fastly-SIE
X-Cache-Tags
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-Session-Fingerprint
X-Reboot
Fastly-SWR
X-Rebelmouse-Surrogate-Control
C-Via
X-Newrelic-Synthetics
Sid
RNT-Machine
Fastly-Backend-Name
RNT-Time
Cache-Cookie-Set-Lfrom
X-Via-CDN
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Up
X-Dc
X-Wa
X-Minions-Version
X-Batcache
X-Srv
X-ZONE
Cf-Ipcountry
X-BC
X-Configured-By
X-Varnish-URL
X-ElasticPress-Query
X-Refresh
X-Be
X-Nc
X-Nginx-Cache
X-Cache-Debug
X-Branch-Name
X-Aicache-OS
HostName
X-Servedbyhost
X-UA
S-Cnection
X-Ua-Device
CACHE
DCR-Decision-By
DCR-Processing-Time-Ms
X-Instart-Info
X-Mvc-Supplant-OutputCached
X-B3-Traceid
X-Fastly-Cache-Status
X-Platform-Server
X-Via-PopH
Hostname
X-BE
X-PF-Uncompressing
X-MSEdge-Flight
X-MSEdge-Features
Memory
X-Ratelimit-Reset
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopV
X-Varnishpool
Pramga
X-Microcachable
X-Sucuri-ID
X-Zone
X-Bc
Location
X-VCL-Version
X-Pjax-Url
HitType
X-Ms-Request-Id
X-Original-Request-Id
X-TT-TIMESTAMP
X-Ms-Version
X-Cdn-Forward
X-ND-Cache
X-TIME
Esi-Enabled
X-Debug-Panamera-Host
X-LB-ID
NtCoent-Length
X-Debug-Panamera-Sitecode
X-Sucuri-Cache
Powered-By-ChinaCache
X-COUNTRY
X-Check-Cacheable
GeoIP-Country-Code
X-OVcl-Cache
X-VarnishDD-TTL
X-Oss-Hash-Crc64ecma
X-OVcl
X-Oss-Server-Time
X-Oss-Storage-Class
X-FPC
X-Oss-Request-Id
PFcat
X-Oss-Object-Type
Server-ID
X-App-Name
Ohc-File-Size
GeoIP-Latitude
L
X-CF-Powered-By
FSS-Cache
X-Vgn-Hpd-Reason
X-Server-IP
X-Azure-Ref-OriginShield
X-Instart-Isnd
X-GEO
X-Vgn-Hpd-Variations-Key
Resin-Trace
X-Vgn-Hpd-Ssi
X-Cdn-Srv
Cache-Host
X-Vgn-Hpd-Cached
Server-Cache-Control
Server-Surrogate-Control
X-Fastly-Backend-Reqs
X-Render-Time
X-BACKEND-TTL
X-Platform
X-Svr
X-Generated-By
X-Unique-ID
X-Varnish-Ttl
X-S-Maxage
Cteonnt-Length
X-CUA
Tracecode
Ohc-Response-Time
X-Fpc
X-HS-Status
Pics-Label
X-Fastly-Country-Code
X-Rocket-Nginx-Bypass
X-VHOST
X-Cache-Expired-At
Geoip-Latitude
GeoIp-Country-Code
Epwk-X-Cache
X-PJAX-URL
X-Varnish-Hits
X-CSRF-TOKEN
X-VCT
NR-ENABLED
X-Edge-Server
Locid
Cdn-Host
Heartbleed
WPE-Backend
Cdn-Request-Time
X-RunCloud-Cache
X-Vcl-Version
Request-EU
Backend-Name
Backend
Request-Country
CF-Cached-On
X-Newrelic-App-Data
SRV
X-Request-URI
Amp-Access-Control-Allow-Source-Origin
SN
X-Via-Popv
X-Ratelimit-Remaining
X-Via-Poph
X-Csrf-Jwt
X-Pf-Uncompressing
X-CLOUD-TRACE-CONTEXT
X-Gamma-Serve
Lfy
X-CACHE-AGE
X-Oracle-Dms-Rid
X-Request-Time
WWW-Authenticate
X-Rocket-Build-Number
X-StackifyID
X-Sigma
X-NGINX-Cache
X-Sigma-Backend
X-ECache
X-CACHE-KEY
X-Varnish-Url
X-ServedByHost
X-Ratelimit-Limit
X-Nananana
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Host-ID
XServer
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-WebServer
X-Oss-Cdn-Auth
CF-IPCountry
X-Tec-Api-Version
URI
X-Tec-Api-Root
X-Tec-Api-Origin
X-Shopify-Generated-Cart-Token
X-LiteSpeed-Cache-Control
X-Proxy-Upstream
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Product
Country-Code
X-DPWN-IS-SECURE
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
Lb
Tcn
X-HostName
CDN-Uid
X-Via-Ucdn
CDN-RequestCountryCode
X-Cache-Tag
X-Fetched-On
Ohc-Cache-HIT
CDN-PullZone
Cloudfront-Viewer-Country
CDN-EdgeStorageId
CDN-Cache
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
CDN-CachedAt
CDN-RequestId
My-App
X-B3-Spanid
WZWS-RAY
SID
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
Server-Ttl
X-Debug-Cache-Status
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
X-Cdn-Origin
X-Debug-Cache-Bypass
PICS-Label
X-Cache-Version
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Cneonction
X-Acquia-Application-Trace
Dnion-Transfer-Encoding
A
X-Amz-Meta-Cb-Modifiedtime
X-WA
X-GeoIP-Country-Code
Proxy-Firewall
Surrogated-Key
Mime-Version
X-ServerName
X-IN-APIGATEWAYSSL
X-Fastly-Cache-Hits
X-SB
X-Varnish-Beresp-TTL
Cf-Alt-Svc
X-VC
X-B3-SpanId
X-Dw-Trace-Id
X-Swift-Error
X-ElasticPress-Search
X-Request-URL
X-WR-MODIFICATION
Inserted-Into-Cache-At
Warning
FSS-Proxy
Dt-Cache-Category
X-Html-Edge-Cache
X-Snapshot-Date
X-IN-APIGATEWAY