Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Xss-Protection
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Dns-Prefetch-Control
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
EagleEye-TraceId
X-Host
X-OneAgent-JS-Injection
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
NEL
Request-Id
X-Mod-Pagespeed
Content-Location
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Rack-Cache
X-Pass-Why
X-Px
RTSS
MS-Author-Via
X-FTR-Request-ID
Accept-CH
X-Vname
X-PC
X-TtlSet
X-Goog-Hash
X-Powered-By-Plesk
Verso
X-B3-TraceId
Service-Worker-Allowed
Accept-CH-Lifetime
Public-Key-Pins
X-Cdn-Fetch
X-GitHub-Request-Id
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-DynaTrace
Pagespeed
Display
X-Middleton-Display
X-Middleton-Response
X-Forwarded-Proto
X-Sol
Response
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-Ttl
X-D2id
X-Amz-Rid
X-CST
Accept-Ch
TCN
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
Pinterest-Generated-By
X-Content-Type
X-VARITI-CCR
X-Cached
X-Navigation-Version
Cache-Tag
X-ESI
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Fastly-Request-ID
Accept-Ch-Lifetime
Ar-Sid
AR-CACHE
X-Version
X-Server-Name
X-Instart-Request-ID
X-TEC-API-ROOT
X-Upstream
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Powered-CMS
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
X-Debug
X-Accel-Expires
Host-Header
Charset
X-Oneagent-Js-Injection
Nginx-Cache
SPRequestDuration
SPIisLatency
S
Content-MD5
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
Realpath
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-DynaTrace-JS-Agent
X-Client-IP
X-XRDS-Location
X-Pinterest-Rid
Pinterest-Version
X-Shield-Request-Id
X-Hp-Webp
X-Jurisdiction
X-Cdn
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Trace
X-Recruiting
X-Id
X-Amz-Meta-S3cmd-Attrs
X-T
X-Kinsta-Cache
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Server-ID
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-ASPNET-VERSION
X-Cache-Key
X-Request-Processing-Time
X-Cache-Hit
X-TTL
X-Request-Received
X-Cache-Age
Server-Node
X-Frontend
ServerID
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-Hostname
X-FTR-Balancer
X-FTR-Backend-Server
Edge-Cache-Tag
X-Amzn-Trace-Id
Front-End-Https
X-FTR-Expires
X-Goog-Storage-Class
X-GUploader-UploadID
X-Forwarded-For
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Ruxit-Js-Agent
Fastly-Restarts
Server-Name
PB-PID
PB-RID
Arc-Version
Powered
X-Yandex-Sdch-Disable
DynaTrace
X-Microsite
X-Request-Handler-Origin-Region
X-DIS-Request-ID
X-Zen-Fury
Nel
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
Filters
X-Page-Id
X-F-Cache
X-Akamai-Edgescape
X-Jobs
X-LB-Cache
X-Hits
X-Mobile-Rewrite
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Accept-Charset
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
X-Varnish-Age
Backend-Timing
X-ATS-Timestamp
AMP-Access-Control-Allow-Source-Origin
X-N
Alternate-Protocol
X-B
X-FTR-Cache-Host
X-Fastcgi-Cache
MicrosoftSharePointTeamServices
X-Correlation-Id
X-Via-JSL
X-Daa-Tunnel
X-Varnish-Backend
X-Rid
X-Erf-Bev-Bev
Cache-Tags
X-Erf-Bev-Bev-Is-Generated
X-AppVersion
X-Az
X-Activity-Id
DC
X-WebKit-CSP-Report-Only
X-Type
X-Amz-Replication-Status
X-FB-Debug
X-Whom
X-Signature
X-Git-Hash
X-B-Cache
X-ATG-Version
Retry-After
Paypal-Debug-Id
Section-Io-Cache
X-TT
Surrogate-Key
X-Ser
X-Debug-Info
X-Varnish-Grace
X-App-Environment
X-Edge
Frame-Options
X-RateLimit-Remaining
X-Esi
Host
X-Content-Options
Actual-Object-TTL
X-Status
X-App-Server
Fastcgi-Useragent
X-Request-Guid
Healthy
X-AOL-HN
X-Contextid
X-IPLB-Instance
X-Endurance-Cache-Level
X-Amzn-RequestId
X-Cache-Action
X-Seen-By
X-HTML-Minification-Powered-By
X-Pinterest-Direct
X-B3-Sampled
Refresh
X-Host-Name
Srv
X-ECACHE
From-Origin
X-Upgrade-Enabled
X-Tumblr-Pixel
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-User
Source
X-Drupal-Cache-Tags
X-Instance
X-Response-Served-From
X-ProcessESI
X-RemovedCookies
X-Cache-Rule
X-Accel-Buffering
X-Cache-Operation
X-MCACHE
X-Mid
VIX-Pulpo-Upstream-Status
X-Region
VIX-Pulpo-Node
Odigeo-Trace-Id
MS-CV
Payment
X-Rule
X-Cacheable-TTL
X-Protected-By
Eomportal-Instance
X-UUID
X-Varnish-Server
X-Is-Bot
X-WA-Info
X-L-Path
X-Rendered-As
X-Environment-Context
X-Adobe-Loc
X-PressLabs-Stats
X-Adobe-Content
Datacenter
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-Cache-Time
Countrycode
Cache-Status
Content-Disposition
X-VCache
X-Time
Xserver
X-Cache-Control
X-Litespeed-Cache
X-Cache-Server
X-Correlation-ID
X-GeoIP
X-Akamai-Request-ID2
X-Cached-By
Uber-Trace-Id
X-Proxy
X-UnsetCookies
X-Akamai-Transformed
X-XRDS-LOCATION
X-Wix-Request-Id
X-Mobile
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Tt-Trace-Host
Version
X-PHP-Backend
X-Release
Access-Control-Request-Headers
X-SERVER-NAME
X-Cluster
NGB
X-Handled-By
X-Azure-Ref
X-Mode
Filterid
X-NewRelic-App-Data
X-APP-VERSION
X-NGENIX-Cache
X-Cache-NGX
X-IPS-LoggedIn
Accept-Language
X-Tumblr-Pixel-1
Cache
X-Backend-Name
X-Tumblr-Pixel-2
X-Air-Hostname
X-NWS-UUID-VERIFY
X-Cache-Remote
Liferay-Portal
Meta-Geo
X-No-Session
X-Path-Route
Cross-Origin-Window-Policy
X-Cache-Var
X-Adobe-Source
X-UPSTREAM-Address
Load-Balancing
X-ES-SERVER
X-FireWall-Port
X-URL
X-CSRF-Token
X-CCM
X-RN-RSRV
X-Via-Fastly
X-Cache-Var-Map
X-Cache-Status-Check
X-UA-Device-Type
X-Framework
X-R9-Blue-Green-Version
X-ApacheServer
X-Www-Served-By
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-PERF
X-Viewer-Country
X-Storage
X-Locale
ServedBy
X-MP-GENERATED-AT
X-OCL
X-PCL
Cache-Hits
DSUID
Cleartype
Decoy-Debug-Key
Decoy-Debug-Status
Cache-Name
X-Pubstack
X-Site-Version
X-Real-IP
Akamai-GRN
Decoy-Debug-TTL
Ms-Operation-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Bc-Bl
Now
X-Cache-Config
Mn-Server-Ip
X-RTag
X-TX-ID
X-RequestSource
X-Proxied
X-Device-Type
X-ProxyCache-Key
X-BYPASS-REASON
X-Redis-Cache
X-NCache
X-ProxyCache-Status
X-Info
X-Format
X-FW-Version
X-Access
X-Hl-Ver
Fastly-SSL
X-Human
X-EIG-Tracking-Id
Webserver
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Routing-Service
X-Alternate-Cache-Key
X-Section
X-Zipkin-Id
X-Web-Node
X-Varnish-Cache-Hits
X-ShopId
X-Shopify-Stage
X-ServerID
X-Say-TTL
X-SayCDN-TTL
X-ShardId
X-Say-Cacheable
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Cache-Enabled
X-Origin-Hint
X-Detected-As
X-BCube-Filmed-By
X-Qloud-Router
X-NYM-Debug-Backend
X-Time-Microsecs
TWC-GeoIP-LatLong
X-SaId
X-Timing-Wait
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-CS
TWC-Device-Class
X-Origin
Webcakes-App-Name
X-Proxy-Build
X-From
X-JoinUs
Selected-Fe
X-Ua
S-Rt
DB-Nickname
X-Generated
X-Geo
X-IP
X-Loop
X-Content-Age
X-TNCMS
X-Labrador-Cache-Channel
X-PHP-Host
X-Amzn-Remapped-Content-Length
Cache-Tv-Group
X-Hosted-By
X-Hyper-Cache
X-Cache-Host
Azure-RegionName
Azure-InstanceId
Azure-Version
Azure-SiteName
Azure-SlotName
Origin-Edge-Control
X-Xfnlog-Site
Origin-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
Ec-Rule-Version
Country
WPE-Backend
NR-ENABLED
X-Drupal-Cache-Contexts
X-Unique-Id
X-Cache-2
SD-X-WS
X-Source
User-Agent
Geo-Info
Time
X-Pad
X-Old-Content-Length
X-Cache-TTL-Remaining
X-Urbn-Context-Path
X-Urbn-Site-Id
X-RateLimit-Limit
X-Varnish-Hostname
X-Cluster-Node
Locale
Server-Info
X-Cache-NE
X-Parent-Response-Time
Upgrade-Insecure-Requests
X-Presslabs-Stats
X-EC-Lua
X-Srv
Apigw-Requestid
X-Cache-Backend
X-Akamai-Request-ID
X-Debug-Cache
FilterID
X-RCS-CacheZone
X-Soup
X-Nc
Proxy-Connection
X-Webkit-CSP
X-Cache-Grace
X-Proxy-Cache-Status
X-Forwarded-Host
X-Tb
X-Backend-TTL
X-CDN-Forward
X-Newrelic-Synthetics
X-Proto
X-Tumblr-Pixel-3
X-TA-CDN-Provider
X-App-Version
X-Cache-PHP
NGX
S-Cnection
T-Server
BehaviorPad-Version
Content-Script-Type
AsisCache
Thinkindot-CacheControl
X-VG-WebServer
Arc-Country
X-Vtex-Processado-Em
Thinkindot-CacheControl-Type
Thinkindot-Control
ServerName
Mobile-Detection-Method
Meta-Geo-Continent
Pagetype
Xc-Version
Server-Host
Rendered-Blocks
X-VG-WebCache
MD5-Digest
Fastcgi-X-Cache-Version
Content-Style-Type
GEO-REGION-INFO
M-TraceId
Machine
X-Vtex-Remote-Cache
X-A-Dcw
X-Reqid
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Date
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-Rojux
X-Application
X-ARC
X-B-Cookie
X-Region-Sid
X-Processor
X-Level-Front-Cache
X-Matched-Rule
X-External-Request-Id
X-G
X-Generated-On
X-Dispatch
X-DevSite-Last-Modified
X-PAYTM-SRV-ID
X-NodeID
X-Destination
X-Developer
X-Aed
X-S
X-Trace-Id
VivaBuild
Who
X-A
X-A-Ccd
Viewtype
True-Client-Country-4JS
X-Vdms-Path
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-A-Dam
X-Thinkindot-L3
X-ServiceProvider
X-Accel-Expires-Debug
X-ScT
X-Scheme
X-S-Cookie
X-Session-Fingerprint
X-SRCache-Key
X-Geo-Header
X-A-Dgt
X-A-Wwc
X-Swa-Ws
X-Vdms-Version
UCS
X-Cluster-Name
X-FORWARDED-FOR
X-Uri
OT-Force-Account-Verify
X-Be
Cache-Key
X-Cache-FS-Status
X-Bip
X-Cms-Context
X-Branch-Name
X-Device-Os
X-Vcache
X-Dispatcher-Server
X-Core-Value
X-Agile-Age
On-Server
Release
NM-Fastcgi-Cache
N-Cache
Mail-Subject
V-Age
Viewport
X-Generated-In
X-Agile
We-Hiring
Vix-Hermes-Req-Id
X-Agile-Id
Sid
X-VC-Cache
X-Dc
X-User
X-Thanos
X-SN
X-Worker
FNAC-ModuleRouting
X-SIPLIST1
X-Nginx-Cache-Key
X-Method
IsBot
X-Skip-Cache
X-SD-PageType
X-Location
X-LAGOON
X-Hash
X-Generation-Time
X-Logging-Id
X-Node-Id
X-Response-By
Cf-Ipcountry
X-RateLimit-Remaining-Second
X-Owner
Kp-EeAlive
X-RateLimit-Limit-Second
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
CacheControlHeader
CDCHOST
X-AIR-PT
AKAMAI
X-Microcachable
X-DC
User-Cache-Control
X-Envoy-Decorator-Operation
X-Hit
X-Origin-Date
X-Block-Status
X-Origin-Expires
X-Cache-Bucket
RNT-Machine
X-WADP-Cache
X-Cache-Tags
X-Backend-State
X-Request-UUID
X-Wikidot-Backend
X-Rebelmouse-Cache-Control
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Rebelmouse-Surrogate-Control
Apple-News-Services-Handled
X-Auto-Login
X-CGP
X-Wikidot-Static-Cache
Magicmarker
X-Clientip
X-Micro-Cache
X-TH-Server
X-Gen-Mode
Adler-Geo
X-Has-Esi
X-Hnp-Log
X-JWT-State
X-Is-Gdpr
X-Servername
X-Fmm-Version
X-Var-Ttl
RNT-Time
X-VG-TLSProxy
C-Via
X-Magnolia-Registration
X-Distil-CS
X-Distributor
X-Eu-Site
X-Epic-Correlation-Id
X-Variation
X-Clara-WADP
X-Cache-Info
X-Req
Rt-Fastcgi-Cache
HA-Ipaddr
X-Policy
X-Developers
X-Varnish-Cacheable
Platform
Fastly-SWR
Fastly-SIE
L5d-Success-Class
Fastly-Drupal-HTML
X-Compress-Hint
Is-Eu
Sever-Int
Server-Hostname
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
W
Gh-Request-Id
Web-Mar-Node
Ha-Gx-Prefs
Server-Ext
X-App
X-Varnish-Beresp-Grace
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Irp-Debug
X-Varnish-Authentication
X-TrackingId
X-Webstats-RespID
X-Loc
X-Fastly-Cache
X-Cache-URL
X-Instart-Info
X-Contensis-Viewer-Groups
X-Cache-ASPX
Node
X-Reboot
X-Core-Mission
X-BBXSRF
X-Backend-Host
X-Cache-Debug
X-Request-Host
X-We-Are-Hiring
X-Slack-Backend
X-VServer
X-Server-W
X-Mvc-Supplant-Cachable
X-Cdn-Forward
X-Origin-CC
HostName
X-Origin-TTL
LB
X-GoCache-CacheStatus
X-Li-Pop
X-Platform-Server
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-SRV
X-Esi-Check
X-Cache-Id
X-Via-PopH
X-Gzip
X-Via-PopV
Memcached
X-UA
X-Configured-By
X-NU-AKA-ACS-Version
X-Ms-Request-Id
X-NC
X-Ms-Version
X-Envoy-Upstream-Healthchecked-Cluster
X-Wa
X-SVT-ORM-VERSION
X-TT-TIMESTAMP
X-SVT-ORM-RULES
X-BC
X-Edge-Location
Tracecode
X-Key
X-ZONE
Referer-Policy
NtCoent-Length
X-Vgn-Hpd-Reason
MIME-Version
Pragrma
Esi-Enabled
X-Refresh
GEO-INFO
Server-ID
L
X-BACKEND-TTL
Ohc-File-Size
X-Varnish-URL
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-Server-IP
X-App-Name
Fastly-Backend-Name
X-Servedbyhost
X-TIME
X-Via-CDN
X-MSEdge-Features
Cache-Host
X-MSEdge-Flight
X-B3-Traceid
X-Nginx-Cache
X-Up
Memory
X-Sucuri-ID
X-Zone
X-Bc
Server-Surrogate-Control
X-Batcache
Server-Cache-Control
X-Minions-Version
X-Cdn-Srv
X-Varnish-Ttl
X-Pjax-Url
CACHE
X-Unique-ID
X-VCT
X-S-Maxage
X-Debug-Panamera-Host
X-FPC
X-Generated-By
Ohc-Response-Time
X-Svr
X-ElasticPress-Query
X-Debug-Panamera-Sitecode
X-ND-Cache
X-COUNTRY
FSS-Cache
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-VCL-Version
X-Oss-Server-Time
X-Oss-Storage-Class
X-CF-Powered-By
X-Rocket-Nginx-Bypass
X-Aicache-OS
Request-EU
X-GEO
GeoIP-Country-Code
Locid
DCR-Processing-Time-Ms
Heartbleed
Resin-Trace
DCR-Decision-By
Request-Country
Cteonnt-Length
X-Varnish-Hits
X-Azure-Ref-OriginShield
X-Request-URI
X-PF-Uncompressing
GeoIP-Latitude
X-Fastly-Cache-Status
Pramga
Powered-By-ChinaCache
Location
Lfy
X-BE
Hostname
X-Sucuri-Cache
X-Shopify-Generated-Cart-Token
X-LB-ID
X-Gamma-Serve
HitType
X-Check-Cacheable
X-Fastly-Country-Code
Cdn-Host
X-Ratelimit-Reset
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
Geoip-Latitude
X-Edge-Server
X-Varnishpool
SRV
Cdn-Request-Time
PFcat
X-VarnishDD-TTL
CF-Cached-On
WZWS-RAY
X-Ratelimit-Remaining
X-CACHE-KEY
X-VHOST
X-PJAX-URL
X-Newrelic-App-Data
X-Fpc
X-OVcl
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-WebServer
X-Vgn-Hpd-Cached
X-Vcl-Version
X-HS-Status
X-OVcl-Cache
X-CSRF-TOKEN
X-Instart-Isnd
X-Proxy-Upstream
Product
X-Platform
X-ECache
X-Ratelimit-Limit
X-Cache-Expired-At
X-Pf-Uncompressing
My-App
X-Cdn-Origin
X-Sn-Servicetimems
X-Fetched-On
Mime-Version
X-Render-Time
Ohc-Cache-HIT
SN
X-NGINX-Cache
X-CACHE-AGE
X-Original-Request-Id
X-GeoIP-Country-Code
X-ServedByHost
X-Oracle-Dms-Rid
X-Ftr-Cache-Host
X-CLOUD-TRACE-CONTEXT
X-Varnish-Url
X-Amzn-Remapped-Date
X-CUA
Dt-Cache-Category
X-Amzn-Remapped-Connection
WWW-Authenticate
X-Oss-Cdn-Auth
Epwk-X-Cache
URI
XServer
X-Swift-Error
X-Cache-Tag
Group
Pics-Label
X-Request-Start
X-Tec-Api-Root
X-Tec-Api-Version
X-B3-SpanId
CloudFront-Viewer-Country
A
X-Served-From
X-StackifyID
Cf-Alt-Svc
X-B3-Spanid
X-Tec-Api-Origin
X-Client-Ip
PICS-Label
Backend-Name
X-RunCloud-Cache
X-Debug-Cache-Store
Backend
Cdn
X-Debug-Cache-Fetch
Lb
X-WR-MODIFICATION
X-Amzn-Requestid
X-Apw-Access-Token
X-Apw-Hits
X-Debug-Cache-Bypass
X-Apw-Access-Object
Cloudfront-Viewer-Country
X-Apw-Access-Action
X-Via-Ucdn
X-WA
X-Tb-Optimization-Total-Bytes-Saved
X-Csrf-Jwt
X-Debug-Cache-Status
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
X-Request-Time
X-Nananana
X-Via-Popv
SID
X-Via-Poph
X-Debug-Xas-Auth
Server-Ttl
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Cache-Version
Origin
X-Via-NSCOPI
Proxy-Firewall
Cneonction
X-Cache-Hfrom
Country-Code
X-Cache-Hm
NnCoection
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-APP
X-WPE-Loopback-Upstream-Addr
CF-IPCountry
Warning
X-Snapshot-Date
X-VC
Req-ID
X-Request-URL
X-ElasticPress-Search
Geoip-City
X-Html-Edge-Cache
X-Ocache
X-B3-Parentspanid
X-Varnish-ID
X-SB
X-Dw-Trace-Id
X-DPWN-IS-SECURE