Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Check
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-AH-Environment
X-Age
X-Server
X-Turbo-Charged-By
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
EagleEye-TraceId
X-Origin-Cache
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Node
X-Backend-Server
NEL
X-Dispatcher
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Accept-CH
X-Rack-Cache
X-Url
Edge-Control
RTSS
X-Clacks-Overhead
MS-Author-Via
X-Px
Accept-CH-Lifetime
Host-Header
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
Public-Key-Pins
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Middleton-Display
Response
X-Middleton-Response
X-Sol
Display
Pagespeed
X-Cache-TTL
X-DynaTrace
X-Ttl
X-Content-Type
X-D2id
X-NF-Request-ID
X-Amz-Rid
TCN
X-Vcap-Request-Id
X-CST
X-Abt-Application-Version
Pinterest-Generated-By
X-VARITI-CCR
X-Cached
X-Cdn
AR-Request-ID
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-ESI
X-Navigation-Version
X-Version
X-Powered-CMS
X-Upstream
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
Accept-Ch
X-Debug
X-Grace
X-Instart-Request-ID
X-TEC-API-ORIGIN
Access-Control-Request-Method
X-TEC-API-ROOT
X-TEC-API-VERSION
Charset
X-MSEdge-Ref
Nginx-Cache
X-XRDS-Location
X-Element-Page-Cache
Content-MD5
Accept-Ch-Lifetime
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Realpath
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
SPRequestDuration
SPIisLatency
X-Shield-Request-Id
X-Oneagent-Js-Injection
SPRequestGuid
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
S
X-Hp-Webp
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Dw-Request-Base-Id
X-Pass-Why
X-Id
X-Kinsta-Cache
X-Trace
X-T
Fastcgi-Cache
X-Content-Digest
X-Cache-Key
X-Logged-In
X-Node-Name
X-Client-IP
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Mobile-URL
X-TTL
X-Hostname
Server-Node
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Cache-Hit
ServerID
Fastly-Restarts
X-Cache-Age
Front-End-Https
X-Amzn-Trace-Id
X-FastCGI-Cache
X-FTR-Cache-Status
X-Forwarded-For
X-Country-Code-Real
Edge-Cache-Tag
X-Yandex-Sdch-Disable
X-FTR-Expires
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Goog-Generation
Powered
Server-Name
PB-PID
PB-RID
Arc-Version
X-Server-ID
X-Microsite
X-Request-Handler-Origin-Region
X-Ruxit-Js-Agent
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Page-Id
X-DIS-Request-ID
X-Revision
X-Hits
X-LB-Cache
X-F-Cache
X-Jobs
Filters
X-Akamai-Edgescape
X-Fastcgi-Cache
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Erf-Bev-Bev-Is-Generated
X-Zen-Fury
X-Erf-Bev-Bev
DynaTrace
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
Alternate-Protocol
X-Origin-Server
X-HS-Cache-Config
X-Geo-Country
X-HS-Combine-CSS
X-Content-Powered-By
X-HS-Content-Id
X-HS-Hub-Id
Accept-Charset
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-Daa-Tunnel
X-B
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Varnish-Backend
Cache-Tags
X-Rid
X-Type
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
Retry-After
X-Varnish-Grace
X-Content-Options
DC
Host
X-Git-Hash
Surrogate-Key
X-Whom
Section-Io-Cache
X-FB-Debug
Paypal-Debug-Id
X-TT
X-Request-Guid
X-Signature
X-App-Environment
X-B-Cache
X-Edge
X-Ser
X-Via-JSL
X-AppVersion
X-Activity-Id
X-Az
X-Esi
Fastcgi-Useragent
MicrosoftSharePointTeamServices
X-Debug-Info
X-Status
Frame-Options
X-IPLB-Instance
Actual-Object-TTL
Backend-Timing
X-ATS-Timestamp
X-ATG-Version
Healthy
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-App-Server
X-Webkit-CSP
Srv
X-AOL-HN
Nel
X-Contextid
X-Cache-Action
X-Seen-By
X-Amzn-RequestId
Refresh
X-ECACHE
X-B3-Sampled
X-Pinterest-Direct
From-Origin
Access-Control-Allow-Method
X-Amz-Apigw-Id
Content-Disposition
X-Response-Served-From
X-Accel-Buffering
X-Cache-Rule
X-Upgrade-Enabled
X-Protected-By
X-ProcessESI
X-Cache-Operation
X-Tumblr-User
X-Release
X-Tumblr-Pixel
X-RemovedCookies
X-Tumblr-Pixel-0
X-Is-Bot
X-Cacheable-TTL
X-Instance
Odigeo-Trace-Id
X-Host-Name
X-Region
X-Rendered-As
X-Mid
X-Drupal-Cache-Tags
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-MCACHE
Datacenter
X-UUID
X-WA-Info
Payment
X-Environment-Context
X-L-Path
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
Eomportal-Instance
X-Time
X-Rule
X-Varnish-Server
X-Cache-Time
X-Adobe-Loc
Countrycode
X-Adobe-Content
MS-CV
Uber-Trace-Id
X-Proxy
X-Cached-By
Source
X-Litespeed-Cache
Xserver
X-Akamai-Request-ID2
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Cache-Server
X-Cache-Control
X-Mobile
X-UnsetCookies
X-NewRelic-App-Data
X-PHP-Backend
X-Akamai-Transformed
Access-Control-Request-Headers
X-Azure-Ref
X-GeoIP
X-PressLabs-Stats
X-Yottaa-Optimizations
X-Yottaa-Metrics
Accept-Language
Cache-Status
X-Origin-Response-Time
X-Tt-Trace-Host
X-Air-Hostname
X-Tt-Trace-Tag
Filterid
X-NGENIX-Cache
Version
X-SERVER-NAME
X-Wix-Request-Id
Liferay-Portal
X-Backend-Name
X-Cache-NGX
X-Handled-By
X-Mode
X-NWS-UUID-VERIFY
X-Cluster
X-Framework
X-CSRF-Token
Server-Info
X-RateLimit-Limit
X-XRDS-LOCATION
X-VCache
X-IPS-LoggedIn
X-Correlation-ID
X-UPSTREAM-Address
Cross-Origin-Window-Policy
X-Path-Route
X-Tumblr-Pixel-2
X-UA-Device-Type
X-URL
Meta-Geo
X-Cache-Var-Map
Load-Balancing
X-Zipkin-Id
X-Locale
X-FireWall-Port
X-Via-Fastly
X-ES-SERVER
X-RN-RSRV
X-CCM
Cache
X-Proxied
X-VWS-Id
X-AWS-Id
X-Cache-Var
X-Adobe-Source
X-Tumblr-Pixel-1
X-LJ-Flow-ID
X-ApacheServer
X-PERF
X-Routing-Service
ServedBy
X-Real-IP
X-Qloud-Router
X-MP-GENERATED-AT
X-TX-ID
Mn-Server-Ip
X-Cache-Remote
DSUID
X-Cache-Status-Check
X-Detected-As
X-Site-Version
NGB
X-Www-Served-By
Cache-Hits
X-Viewer-Country
X-Human
Cache-Tv-Group
X-Info
X-R9-Blue-Green-Version
Section-Io-Origin-Status
X-IP
X-Redis-Cache
X-Say-TTL
X-Cache-Config
Section-Io-Id
Cleartype
Decoy-Debug-Status
X-Format
X-Say-Cacheable
Decoy-Debug-Key
X-SayCDN-TTL
X-Web-Node
Now
X-Access
X-Storage
Decoy-Debug-TTL
X-NCache
X-Section
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Cache-Name
X-Pubstack
X-OCL
Akamai-GRN
X-PCL
Fastly-SSL
Property-Id
S-Rt
X-FW-Version
TWC-Connection-Speed
X-Cache-Host
Webserver
Webcakes-Region
X-Alternate-Cache-Key
X-Bc-Bl
X-BYPASS-REASON
X-EIG-Tracking-Id
X-Cache-Enabled
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
X-Device-Type
TWC-GeoIP-LatLong
TWC-Locale-Group
X-FC-Vary-Parameters
TWC-Privacy
X-CS
X-Labrador-Cache-Channel
X-Hosted-By
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Origin-Hint
X-Geo
X-Varnish-Cache-Hits
X-Ua
X-Shopify-Stage
X-PHP-Host
X-ServerID
X-ProxyCache-Status
X-ShardId
X-ProxyCache-Key
X-ShopId
X-Timing-Wait
X-TNCMS
X-SaId
X-NYM-Debug-Backend
X-Time-Microsecs
X-FB-TRIP-ID
X-BCube-Filmed-By
X-Proxy-Build
X-Content-Age
X-Origin
X-Hyper-Cache
Origin-Cache-Control
X-JoinUs
X-Hl-Ver
Selected-Fe
X-Loop
X-From
Ms-Operation-Id
X-RTag
X-Amzn-Remapped-Content-Length
X-No-Session
DB-Nickname
X-Generated
X-Unique-Id
Azure-SlotName
Azure-SiteName
Ec-Rule-Version
Azure-Version
Azure-InstanceId
Azure-RegionName
X-APP-VERSION
Apigw-Requestid
X-Cache-2
X-Cache-TTL-Remaining
X-Vcache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Presslabs-Stats
Locale
X-Drupal-Cache-Contexts
Time
X-Xfnlog-Site
Origin-Edge-Control
X-EC-Lua
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
Country
Geo-Info
X-Pad
X-Source
X-RequestSource
X-App-Version
X-Old-Content-Length
X-Debug-Cache
X-Cluster-Node
X-Varnish-Hostname
Upgrade-Insecure-Requests
X-Soup
X-CDN-Forward
User-Agent
X-Akamai-Request-ID
X-Cache-NE
X-Proto
X-TA-CDN-Provider
X-Backend-TTL
X-Parent-Response-Time
X-RCS-CacheZone
X-SRV
X-Tb
X-Storefront-Renderer-Rendered
X-Cache-PHP
X-Cache-Backend
X-DC
Proxy-Connection
X-App
LB
X-Cache-Grace
Cache-Key
X-NC
X-Proxy-Cache-Status
FilterID
X-Origin-TTL
X-Forwarded-Host
X-Origin-CC
VivaBuild
UCS
True-Client-Country-4JS
Viewtype
X-Accel-Expires-Debug
T-Server
X-A-Dam
X-A-Wwc
X-A-Ccd
X-A
Who
X-A-Dcw
X-A-Dgt
GEO-REGION-INFO
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
BehaviorPad-Version
AsisCache
X-Magnolia-Registration
Arc-Country
FNAC-ModuleRouting
IsBot
Mobile-Detection-Method
N-Cache
Rendered-Blocks
Meta-Geo-Continent
MD5-Digest
M-TraceId
Machine
ServerName
X-Date
X-Vtex-Remote-Cache
X-Scheme
X-ScT
X-SD-PageType
X-S-Cookie
X-S
X-Response-By
X-Rewrite-Enabled
X-Rojux
X-SIPLIST1
X-SRCache-Key
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Twitter-Response-Tags
X-Trv-Group
X-Swa-Ws
X-Trace-Id
X-Transaction
Xc-Version
X-Region-Sid
X-D
X-Vtex-Processado-Em
X-Destination
X-Developer
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-ARC
X-B-Cookie
X-DevSite-Last-Modified
X-Dispatch
X-NodeID
X-PAYTM-SRV-ID
X-Processor
X-Nginx-Cache-Key
X-Method
X-External-Request-Id
X-G
X-Geo-Header
X-Aed
X-CF-Lambda-Fn
X-FORWARDED-FOR
X-Uri
X-Tumblr-Pixel-3
Referer-Policy
User-Cache-Control
X-Agile-Age
X-Agile-Id
X-Agile
Wxu-Next-Region
Wxu-Next-Hostname
X-Backend-State
X-Block-Status
X-Cache-URL
X-Clara-WADP
X-Cms-Context
X-Cache-Info
X-Cache-FS-Status
Wxu-Next-Commit
X-Cache-Bucket
X-Bip
We-Hiring
RNT-Time
Server-Ext
Server-Host
RNT-Machine
Release
NM-Fastcgi-Cache
On-Server
Pagetype
Server-Hostname
Sever-Int
Viewport
Vix-Hermes-Req-Id
X-Compress-Hint
V-Age
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Web-Mar-Node
X-Device-Os
X-SN
X-Thanos
X-Thinkindot-L3
X-Skip-Cache
X-Session-Fingerprint
X-Req
X-Reqid
X-ServiceProvider
X-User
X-Varnish-Cacheable
X-Worker
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VC-Cache
X-WADP-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Generated-On
X-Generation-Time
X-Hash
X-Generated-In
X-Gen-Mode
NGX
X-Dispatcher-Server
X-Fmm-Version
X-Hnp-Log
X-LAGOON
X-Node-Id
X-Owner
X-Policy
X-Micro-Cache
X-Matched-Rule
X-Loc
X-Logging-Id
X-Developers
X-Level-Front-Cache
Magicmarker
Cache-Cookie-Set-Lfrom
Apple-News-Services-Request-Url
Kp-EeAlive
X-AIR-PT
Cache-Cookie-Set-From
Mail-Subject
Cache-Cookie-Set-Idcheck
CacheControlHeader
AKAMAI
Apple-News-Services-Handled
CDCHOST
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Node
X-Ah-Environment
X-Hit
OT-Force-Account-Verify
X-Esi-Check
X-Gzip
X-Eu-Site
X-Fastly-Cache
X-Distil-CS
X-Clientip
X-Cluster-Name
X-CGP
X-Cache-Tags
X-Cache-Id
X-Core-Mission
X-Core-Value
X-Envoy-Decorator-Operation
X-Distributor
X-Has-Esi
C-Via
X-Epic-Correlation-Id
X-JWT-State
X-Var-Ttl
X-Variation
X-TrackingId
X-TH-Server
X-Slack-Backend
X-VG-TLSProxy
X-VServer
X-Edge-Location
X-Key
X-Webstats-RespID
X-We-Are-Hiring
X-Servername
X-Server-W
X-Location
X-Mvc-Supplant-Cachable
Adler-Geo
X-BBXSRF
X-Is-Gdpr
X-NU-AKA-ACS-Version
X-Origin-Date
X-Request-UUID
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Irp-Debug
X-Request-Host
Fastly-SWR
Fastly-Drupal-HTML
L5d-Success-Class
Rt-Fastcgi-Cache
Platform
Is-Eu
Gh-Request-Id
W
Ha-Gx-Prefs
HA-Ipaddr
X-Auto-Login
Fastly-SIE
X-Srv
Sid
X-Varnish-Beresp-Status
X-Nc
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Pragrma
X-Varnish-Authentication
X-Li-Fabric
X-Li-Pop
X-Reboot
X-Backend-Host
Memcached
X-GoCache-CacheStatus
X-Contensis-Viewer-Groups
X-LI-Proto
X-Cache-ASPX
X-LI-UUID
X-Newrelic-Synthetics
X-ZONE
X-BC
X-Be
MIME-Version
GEO-INFO
X-Dc
Cf-Ipcountry
X-Cache-Debug
X-Branch-Name
X-Wa
X-Configured-By
S-Cnection
X-Up
Fastly-Backend-Name
HostName
X-Via-CDN
X-Refresh
X-Varnish-URL
X-Instart-Info
X-Minions-Version
X-Servedbyhost
X-Batcache
X-UA
X-Cdn-Forward
X-Microcachable
X-Nginx-Cache
X-Via-PopV
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopH
X-Platform-Server
X-ElasticPress-Query
X-Ua-Device
X-Client-Ip
CACHE
X-Aicache-OS
X-Ms-Request-Id
X-TT-TIMESTAMP
X-Ms-Version
X-B3-Traceid
X-Sucuri-ID
X-MSEdge-Features
X-Mvc-Supplant-OutputCached
Memory
X-MSEdge-Flight
DCR-Decision-By
X-Pjax-Url
X-ND-Cache
Esi-Enabled
X-VCL-Version
NR-ENABLED
DCR-Processing-Time-Ms
WPE-Backend
NtCoent-Length
X-TIME
X-Vgn-Hpd-Reason
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
Pramga
X-Fastly-Cache-Status
X-PF-Uncompressing
Server-ID
X-App-Name
L
Hostname
Location
Powered-By-ChinaCache
X-CF-Powered-By
X-BE
X-Server-IP
X-Varnishpool
X-BACKEND-TTL
GeoIP-Country-Code
Cache-Host
X-Ratelimit-Reset
X-COUNTRY
HitType
X-Bc
X-Unique-ID
FSS-Cache
X-Zone
X-Oss-Server-Time
X-Oss-Storage-Class
X-LB-ID
GeoIP-Latitude
X-Oss-Request-Id
X-Cdn-Srv
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
Ohc-File-Size
X-Sucuri-Cache
X-Svr
X-FPC
X-Webkit-Csp
Server-Cache-Control
X-Original-Request-Id
X-Azure-Ref-OriginShield
Server-Surrogate-Control
X-GEO
X-Generated-By
X-S-Maxage
PFcat
X-OVcl
X-OVcl-Cache
X-VarnishDD-TTL
Tracecode
Resin-Trace
X-Check-Cacheable
Ohc-Response-Time
X-Varnish-Ttl
X-Fastly-Backend-Reqs
X-Rocket-Nginx-Bypass
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Instart-Isnd
X-VCT
Cteonnt-Length
X-Platform
X-Render-Time
X-Fpc
Cdn-Request-Time
Locid
X-Edge-Server
Request-Country
X-Fastly-Country-Code
Request-EU
Heartbleed
Cdn-Host
X-Varnish-Hits
X-VHOST
X-Cache-Expired-At
X-Newrelic-App-Data
X-CUA
GeoIp-Country-Code
Geoip-Latitude
X-PJAX-URL
X-HS-Status
X-Request-URI
X-CSRF-TOKEN
CF-Cached-On
Pics-Label
X-Vcl-Version
Lfy
Epwk-X-Cache
SRV
Amp-Access-Control-Allow-Source-Origin
X-Pf-Uncompressing
SN
X-Ratelimit-Remaining
X-Gamma-Serve
Backend
X-CACHE-AGE
X-Ftr-Cache-Host
Backend-Name
X-Oracle-Dms-Rid
X-CLOUD-TRACE-CONTEXT
X-RunCloud-Cache
X-Shopify-Generated-Cart-Token
WWW-Authenticate
X-NGINX-Cache
X-CACHE-KEY
X-WebServer
X-Via-Poph
X-Via-Popv
X-Csrf-Jwt
X-ECache
X-Ratelimit-Limit
X-Ftr-Request-Id
Product
URI
XServer
X-ServedByHost
X-Proxy-Upstream
X-StackifyID
X-Varnish-Url
WZWS-RAY
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Sigma
X-Fetched-On
X-Tec-Api-Version
X-Sigma-Backend
X-Tec-Api-Origin
X-Cdn-Origin
X-Tec-Api-Root
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
X-Nananana
X-Request-Time
My-App
X-Sn-Servicetimems
X-Rocket-Build-Number
Mime-Version
Host-ID
A
X-GeoIP-Country-Code
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Lb
X-Ftr-Backend
Dt-Cache-Category
X-Cache-Tag
X-B3-SpanId
X-WA
Cloudfront-Viewer-Country
PICS-Label
Server-Ttl
X-Ftr-Dc
SID
X-DPWN-IS-SECURE
X-Debug-Cache-Bypass
X-B3-Spanid
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Cache-Status
Dnion-Transfer-Encoding
X-Tb-Optimization-Total-Bytes-Saved
Ohc-Cache-HIT
CF-IPCountry
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Backend-Server
X-Cache-Version
X-Varnish-Beresp-TTL
X-Request-Start
X-IN-APIGATEWAY
Country-Code
X-IN-APIGATEWAYSSL
Proxy-Firewall
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Acquia-Application-Trace
Cneonction
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
FSS-Proxy
X-ServerName
X-Snapshot-Date
X-SB
X-Request-URL
X-WR-MODIFICATION
X-ElasticPress-Search
X-Served-From
Cdn
X-Html-Edge-Cache
Cf-Alt-Svc
X-Swift-Error
Inserted-Into-Cache-At
X-VC
X-Dw-Trace-Id
Group
Warning