Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
Status
X-Ua-Compatible
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Request-Context
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Cache-Lookup
X-Readtime
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
X-Clacks-Overhead
Accept-CH
X-Px
RTSS
MS-Author-Via
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
Accept-CH-Lifetime
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
Pagespeed
Display
X-Middleton-Display
X-Forwarded-Proto
X-Sol
X-Middleton-Response
Response
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
Host-Header
X-Pass-Why
X-D2id
X-Content-Type
X-Amz-Rid
Pinterest-Generated-By
X-CST
TCN
X-NF-Request-ID
X-Vcap-Request-Id
X-Cached
X-Abt-Application-Version
X-Ttl
X-VARITI-CCR
AR-PoweredBy
AR-Request-ID
AR-ATIME
Accept-Ch
AR-CACHE
Ar-Sid
X-ESI
X-Navigation-Version
X-Version
X-Fastly-Request-ID
Cache-Tag
X-Powered-CMS
X-Server-Name
X-Upstream
X-Instart-Request-ID
X-Grace
Accept-Ch-Lifetime
X-Debug
Access-Control-Request-Method
X-MSEdge-Ref
X-TEC-API-ROOT
Charset
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
X-Accel-Expires
X-XRDS-Location
Content-MD5
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Element-Page-Cache
MRF-Tech
X-Mrf-Section-Lastmod
Realpath
SPIisLatency
SPRequestDuration
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
S
X-SharePointHealthScore
SPRequestGuid
X-Shield-Request-Id
X-Pinterest-Rid
Pinterest-Version
X-Hp-Webp
X-Jurisdiction
X-Cdn
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Client-IP
X-FastCGI-Cache
X-Trace
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-TTL
X-Content-Digest
X-Logged-In
X-Cache-Key
X-Server-ID
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-Cache-Hit
Server-Node
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Hostname
X-Cache-Age
X-Oneagent-Js-Injection
ServerID
X-Amzn-Trace-Id
Front-End-Https
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
Fastly-Restarts
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Yandex-Sdch-Disable
Server-Name
Powered
PB-RID
PB-PID
Arc-Version
X-Microsite
X-Request-Handler-Origin-Region
X-Revision
X-Content-Security-Policy-Report-Only
X-User-Agent
Filters
DynaTrace
X-DIS-Request-ID
X-Page-Id
X-Zen-Fury
X-LB-Cache
X-Jobs
X-Hits
X-F-Cache
X-Akamai-Edgescape
X-Correlation-Id
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Accept-Charset
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
Alternate-Protocol
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Varnish-Age
X-FTR-Cache-Host
X-N
AMP-Access-Control-Allow-Source-Origin
X-B
X-Daa-Tunnel
X-Varnish-Backend
Cache-Tags
X-Fastcgi-Cache
X-Rid
X-Ruxit-Js-Agent
Backend-Timing
X-ATS-Timestamp
X-AppVersion
X-Activity-Id
X-Az
X-Type
DC
X-Via-JSL
X-Amz-Replication-Status
X-Varnish-Grace
MicrosoftSharePointTeamServices
Retry-After
X-WebKit-CSP-Report-Only
X-Whom
X-Git-Hash
X-FB-Debug
Section-Io-Cache
Surrogate-Key
Paypal-Debug-Id
X-App-Environment
X-Request-Guid
X-TT
X-Signature
X-B-Cache
Host
X-Status
X-Content-Options
X-RateLimit-Remaining
X-Edge
X-Debug-Info
X-Esi
Frame-Options
X-Ser
Fastcgi-Useragent
X-ATG-Version
Actual-Object-TTL
X-App-Server
X-IPLB-Instance
Healthy
X-Endurance-Cache-Level
X-Contextid
X-AOL-HN
X-Amzn-RequestId
X-HTML-Minification-Powered-By
Srv
X-Cache-Action
Nel
X-Seen-By
X-ECACHE
X-B3-Sampled
Refresh
From-Origin
X-Pinterest-Direct
X-Host-Name
X-Amz-Apigw-Id
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Response-Served-From
X-Accel-Buffering
X-Drupal-Cache-Tags
X-ProcessESI
X-RemovedCookies
X-Instance
X-Cache-Rule
X-Protected-By
X-Cache-Operation
Content-Disposition
VIX-Pulpo-Node
X-Rendered-As
X-Rule
X-Region
X-Mid
X-Cacheable-TTL
X-Is-Bot
X-UUID
X-MCACHE
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
Datacenter
MS-CV
X-Environment-Context
X-L-Path
X-WA-Info
Payment
Eomportal-Instance
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-FW-Server
Source
X-Varnish-Server
X-Adobe-Loc
X-Adobe-Content
Countrycode
X-Cache-Time
X-Time
X-Litespeed-Cache
X-Release
X-Cache-Control
X-Cached-By
X-PressLabs-Stats
Uber-Trace-Id
X-Proxy
Cache-Status
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Cache-Server
Xserver
X-UnsetCookies
X-Load-Cache
X-Mobile
X-GeoIP
X-VCache
X-Akamai-Transformed
X-NewRelic-App-Data
X-Webkit-CSP
X-Azure-Ref
X-PHP-Backend
X-Yottaa-Optimizations
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Wix-Request-Id
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Tt-Trace-Host
X-SERVER-NAME
X-Mode
Version
X-Handled-By
X-Cluster
X-NGENIX-Cache
X-Air-Hostname
X-Cache-NGX
X-IPS-LoggedIn
Accept-Language
X-Backend-Name
Liferay-Portal
Cache
X-NWS-UUID-VERIFY
Filterid
NGB
X-Tumblr-Pixel-2
X-Framework
X-XRDS-LOCATION
X-Tumblr-Pixel-1
X-Ua-Device
X-FireWall-Port
X-Correlation-ID
X-Routing-Service
X-Via-Fastly
X-LJ-Flow-ID
X-ES-SERVER
X-VWS-Id
X-RN-RSRV
X-Proxied
X-Locale
X-CSRF-Token
X-Cache-Remote
X-UPSTREAM-Address
X-UA-Device-Type
Cross-Origin-Window-Policy
X-Cache-Var
X-Cache-Status-Check
Load-Balancing
X-Cache-Var-Map
X-CCM
Meta-Geo
X-URL
X-Zipkin-Id
X-ApacheServer
X-AWS-Id
X-PERF
X-Adobe-Source
X-Path-Route
ServedBy
X-Ua
Decoy-Debug-Status
Cache-Hits
X-Detected-As
Decoy-Debug-TTL
DSUID
Decoy-Debug-Key
X-R9-Blue-Green-Version
X-Real-IP
Mn-Server-Ip
X-Qloud-Router
X-Www-Served-By
X-Viewer-Country
X-TX-ID
X-Site-Version
X-Storage
X-MP-GENERATED-AT
X-OCL
X-PCL
X-Web-Node
X-SayCDN-TTL
X-Bc-Bl
Cache-Name
Akamai-GRN
X-Format
Cleartype
Now
Section-Origin-Responded
X-Cache-Config
X-Access
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Ms-Operation-Id
X-Section
Section-Io-Id
Fastly-SSL
X-Say-TTL
X-Info
X-RTag
X-Say-Cacheable
X-Human
X-Redis-Cache
X-IP
X-NCache
X-APP-VERSION
X-Pubstack
TWC-GeoIP-LatLong
X-Hl-Ver
X-Origin-Hint
TWC-Locale-Group
X-Sorting-Hat-ShopId
X-CS
X-ProxyCache-Key
Property-Id
TWC-Connection-Speed
X-BYPASS-REASON
X-Labrador-Cache-Channel
TWC-Device-Class
X-Cache-Enabled
X-PHP-Host
TWC-GeoIP-Country
S-Rt
X-Sorting-Hat-PodId
TWC-Privacy
X-Shopify-Stage
X-FC-Vary-Parameters
Webserver
X-Alternate-Cache-Key
X-FW-Version
X-Varnish-Cache-Hits
X-ServerID
X-ShopId
X-EIG-Tracking-Id
X-ShardId
X-ProxyCache-Status
Webcakes-App-Name
X-Hosted-By
Webcakes-App-Version
Webcakes-Region
Cache-Tv-Group
X-Device-Type
X-No-Session
X-BCube-Filmed-By
X-Proxy-Build
X-Content-Age
X-Loop
Selected-Fe
X-Time-Microsecs
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-Origin
X-SaId
X-Timing-Wait
X-JoinUs
X-TNCMS
X-Generated
X-From
X-Amzn-Remapped-Content-Length
DB-Nickname
Server-Info
X-Hyper-Cache
X-Cache-Host
Origin-Cache-Control
Ec-Rule-Version
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Azure-Version
X-RateLimit-Limit
X-Geo
Azure-SlotName
X-RequestSource
X-Xfnlog-Site
Origin-Edge-Control
X-Drupal-Cache-Contexts
Time
X-Cache-2
X-Cache-TTL-Remaining
X-Unique-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-EC-Lua
Geo-Info
Country
User-Agent
X-Pad
Apigw-Requestid
X-Old-Content-Length
X-Presslabs-Stats
X-Source
X-Varnish-Hostname
X-Cluster-Node
X-Cache-NE
Upgrade-Insecure-Requests
X-Debug-Cache
X-RCS-CacheZone
X-Vcache
X-Soup
X-Akamai-Request-ID
FilterID
X-Parent-Response-Time
X-Cache-Backend
X-App-Version
X-CDN-Forward
X-Proto
Proxy-Connection
X-Backend-TTL
X-Tb
X-DC
X-Cache-Grace
X-Cache-PHP
X-Proxy-Cache-Status
X-Srv
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-Tumblr-Pixel-3
Cache-Key
X-A-Ccd
X-Rewrite-Enabled
X-Rojux
X-Response-By
X-S
M-TraceId
X-Uri
X-A
Who
GEO-REGION-INFO
Machine
X-Region-Sid
VivaBuild
X-Level-Front-Cache
X-Reqid
Viewtype
X-Processor
X-Nginx-Cache-Key
MD5-Digest
X-Generated-On
BehaviorPad-Version
AsisCache
X-G
Arc-Country
Rendered-Blocks
Pagetype
N-Cache
Fastcgi-X-Cache-Version
Meta-Geo-Continent
Content-Style-Type
X-Geo-Header
Content-Script-Type
FNAC-ModuleRouting
Server-Host
Thinkindot-CacheControl-Type
Mobile-Detection-Method
X-NodeID
Thinkindot-Control
UCS
True-Client-Country-4JS
Thinkindot-CacheControl
T-Server
ServerName
X-External-Request-Id
X-S-Cookie
X-Matched-Rule
X-D
X-Method
X-PAYTM-SRV-ID
X-A-Dam
X-ARC
X-B-Cookie
X-SRV
X-Date
X-Application
X-Twitter-Response-Tags
X-Trace-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Trv-Group
Xc-Version
X-Vdms-Path
X-Developer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-DevSite-Last-Modified
X-VG-WebServer
X-VG-WebCache
X-Scheme
X-Vdms-Version
X-Dispatch
X-Destination
X-Thinkindot-L3
X-Transaction
NR-ENABLED
WPE-Backend
X-SIPLIST1
X-Accel-Expires-Debug
X-Session-Fingerprint
X-ServiceProvider
X-A-Dcw
IsBot
X-A-Dgt
X-Aed
X-A-Wwc
X-FORWARDED-FOR
X-Swa-Ws
X-SRCache-Key
X-Connection-Hash
X-SD-PageType
X-ScT
User-Cache-Control
NGX
OT-Force-Account-Verify
X-Nc
X-App
X-Device-Os
X-Cache-Info
X-Generation-Time
On-Server
Release
X-Developers
X-Hnp-Log
X-Cms-Context
Magicmarker
X-Cache-FS-Status
X-Clara-WADP
X-Compress-Hint
X-Hash
NM-Fastcgi-Cache
Kp-EeAlive
Mail-Subject
X-Cache-URL
X-Dispatcher-Server
Viewport
X-Agile
X-Agile-Age
X-Agile-Id
V-Age
Vix-Hermes-Req-Id
We-Hiring
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Node
X-Backend-State
X-Bip
X-Fmm-Version
RNT-Time
RNT-Machine
X-Gen-Mode
Server-Ext
X-Cache-Bucket
X-Block-Status
Sever-Int
X-Core-Value
Server-Hostname
X-Generated-In
X-Micro-Cache
X-Location
X-Loc
X-Logging-Id
X-Magnolia-Registration
Node
X-Varnish-Cacheable
X-SN
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-VC-Cache
X-Node-Id
X-Owner
LB
X-Thanos
X-Be
X-Servername
X-Skip-Cache
X-Req
X-AIR-PT
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-User
Apple-News-Services-Request-Url
AKAMAI
X-WADP-Cache
X-NC
X-Worker
X-Wikidot-Backend
X-LAGOON
X-Wikidot-Static-Cache
CDCHOST
X-Cluster-Name
CacheControlHeader
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Envoy-Decorator-Operation
X-Origin-TTL
X-Origin-CC
X-Hit
Sid
X-Var-Ttl
X-TH-Server
X-Esi-Check
X-Clientip
X-Core-Mission
X-CGP
X-TrackingId
X-Epic-Correlation-Id
S-Cnection
X-We-Are-Hiring
X-BBXSRF
X-VServer
X-VG-TLSProxy
X-Distil-CS
X-Distributor
X-Webstats-RespID
X-Cache-Tags
X-Newrelic-Synthetics
X-Variation
X-Cache-Id
X-Auto-Login
X-Reboot
L5d-Success-Class
Fastly-Drupal-HTML
X-Slack-Backend
Platform
HA-Ipaddr
X-Irp-Debug
Fastly-SIE
X-Gzip
Ha-Gx-Prefs
X-Is-Gdpr
X-JWT-State
Gh-Request-Id
X-Has-Esi
Fastly-SWR
Rt-Fastcgi-Cache
C-Via
W
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Is-Eu
X-Request-Host
X-Server-W
X-Request-UUID
Adler-Geo
X-Origin-Expires
X-Eu-Site
X-Fastly-Cache
X-Origin-Date
X-Mvc-Supplant-Cachable
Cf-Ipcountry
X-NU-AKA-ACS-Version
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-LI-Proto
X-LI-UUID
X-Varnish-Authentication
X-Li-Pop
X-Li-Fabric
X-GoCache-CacheStatus
X-Configured-By
X-Cache-Debug
X-Branch-Name
Memcached
X-Contensis-Viewer-Groups
X-TA-CDN-Provider
X-Cache-ASPX
X-Backend-Host
X-Varnish-Beresp-Ttl
Referer-Policy
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Wa
X-Edge-Location
X-Key
X-Dc
X-Microcachable
X-Instart-Info
X-Via-PopH
Pragrma
X-Via-PopV
X-Cdn-Forward
HostName
X-Platform-Server
MIME-Version
X-Varnish-URL
X-Envoy-Upstream-Healthchecked-Cluster
X-Refresh
X-TT-TIMESTAMP
GEO-INFO
X-Ms-Version
Fastly-Backend-Name
X-Ms-Request-Id
X-Via-CDN
X-Servedbyhost
X-UA
X-BC
X-ZONE
X-Up
X-Mvc-Supplant-OutputCached
NtCoent-Length
X-TIME
X-Minions-Version
X-MSEdge-Features
X-Zone
X-MSEdge-Flight
X-Batcache
X-Bc
Esi-Enabled
Memory
X-B3-Traceid
X-Vgn-Hpd-Reason
Tracecode
Server-ID
X-VCL-Version
X-Nginx-Cache
L
X-ElasticPress-Query
X-App-Name
X-BACKEND-TTL
Ohc-File-Size
X-Sucuri-ID
X-ND-Cache
X-Server-IP
Cache-Host
X-Aicache-OS
CACHE
X-Unique-ID
X-Svr
X-Cdn-Srv
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Pjax-Url
DCR-Decision-By
X-Generated-By
X-COUNTRY
GeoIP-Country-Code
X-GEO
DCR-Processing-Time-Ms
X-CF-Powered-By
Server-Cache-Control
X-FPC
Server-Surrogate-Control
X-S-Maxage
FSS-Cache
X-Azure-Ref-OriginShield
Powered-By-ChinaCache
X-PF-Uncompressing
Ohc-Response-Time
X-Oss-Hash-Crc64ecma
Pramga
Location
X-Oss-Object-Type
X-Oss-Request-Id
GeoIP-Latitude
X-Oss-Storage-Class
X-Fastly-Cache-Status
X-Oss-Server-Time
X-VCT
Hostname
Resin-Trace
X-Rocket-Nginx-Bypass
HitType
X-Ratelimit-Reset
X-BE
X-Check-Cacheable
X-Varnishpool
Heartbleed
X-LB-ID
Request-EU
X-VarnishDD-TTL
PFcat
Locid
X-Varnish-Ttl
X-Sucuri-Cache
Request-Country
Cteonnt-Length
X-Varnish-Hits
X-Client-Ip
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-OVcl
X-OVcl-Cache
Amp-Access-Control-Allow-Source-Origin
X-Request-URI
X-Ratelimit-Remaining
Cdn-Request-Time
X-Original-Request-Id
X-Fastly-Backend-Reqs
X-Instart-Isnd
X-Edge-Server
X-Platform
Lfy
X-PJAX-URL
Cdn-Host
X-Fpc
X-VHOST
X-Newrelic-App-Data
X-Gamma-Serve
X-Fastly-Country-Code
X-Render-Time
X-Cache-Expired-At
GeoIp-Country-Code
X-HS-Status
Geoip-Latitude
X-CSRF-TOKEN
CF-Cached-On
X-Shopify-Generated-Cart-Token
SN
X-Tec-Api-Version
X-Tec-Api-Root
SRV
X-Tec-Api-Origin
WZWS-RAY
X-CUA
X-Pf-Uncompressing
X-WebServer
X-Vcl-Version
X-Ratelimit-Limit
X-NGINX-Cache
X-Proxy-Upstream
Product
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
Epwk-X-Cache
X-CACHE-AGE
XServer
Mime-Version
X-Sn-Servicetimems
X-Cdn-Origin
WWW-Authenticate
My-App
X-Fetched-On
Pics-Label
X-CACHE-KEY
X-ECache
X-RunCloud-Cache
X-StackifyID
X-ServedByHost
X-Varnish-Url
URI
Backend-Name
Backend
Ohc-Cache-HIT
X-GeoIP-Country-Code
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Ftr-Cache-Host
X-Oss-Cdn-Auth
Dt-Cache-Category
A
CloudFront-Viewer-Country
X-Csrf-Jwt
X-B3-SpanId
X-Via-Popv
X-Debug-Cache-Fetch
PICS-Label
X-Debug-Cache-Store
X-Via-Poph
X-Request-Start
X-Swift-Error
Lb
Cdn
X-Debug-Cache-Bypass
X-Debug-Cache-String
X-Debug-Cache-Status
X-Cache-Tag
X-Debug-Xas-Auth
X-LiteSpeed-Cache-Control
Server-Ttl
X-Nananana
Group
X-B3-Spanid
X-Sigma-Backend
X-Sigma
X-Debug-Do-Not-Cache-Uri
X-Request-Time
Cloudfront-Viewer-Country
X-Rocket-Build-Number
SID
X-Debug-Ysi-Auth
X-Tb-Optimization-Total-Bytes-Saved
X-Served-From
Host-ID
X-Cache-Version
Dnion-Transfer-Encoding
X-WR-MODIFICATION
X-Cache-Hfrom
X-Varnish-Beresp-TTL
X-Cache-Hm
X-WA
CF-IPCountry
X-Acquia-Site
Cneonction
X-Apw-Hits
X-Apw-Access-Object
Proxy-Firewall
X-Acquia-Purge-Tags
X-Apw-Access-Token
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Apw-Access-Action
X-APP
X-Lb-Id
FSS-Proxy
X-Snapshot-Date
X-DPWN-IS-SECURE
Warning
X-Dw-Trace-Id
X-Request-URL
X-ElasticPress-Search
X-Via-Ucdn
X-Varnish-ID
X-Html-Edge-Cache
Cf-Alt-Svc
Req-ID
Origin
X-VC
X-SB
Inserted-Into-Cache-At