Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Ua-Compatible
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Xkey
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
Cf-Railgun
X-Dns-Prefetch-Control
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Origin-Cache
EagleEye-TraceId
X-Host
X-OneAgent-JS-Injection
X-Device
Surrogate-Control
X-Response-Time
X-Vhost
X-Backend-Server
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
X-Dispatcher
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
NEL
Content-Location
Request-Id
X-Mod-Pagespeed
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Rack-Cache
X-Pass-Why
X-Px
RTSS
MS-Author-Via
X-FTR-Request-ID
Accept-CH
X-PC
X-Vname
X-Goog-Hash
X-TtlSet
X-Powered-By-Plesk
Verso
X-B3-TraceId
Service-Worker-Allowed
Accept-CH-Lifetime
Public-Key-Pins
X-GitHub-Request-Id
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-GoogleNews-Bot
X-Varnish-TTL
X-DynaTrace
Arr-Disable-Session-Affinity
X-MS-InvokeApp
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Pagespeed
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Ttl
TCN
Accept-Ch
X-Amz-Rid
X-CST
X-Abt-Application-Version
Pinterest-Generated-By
X-Content-Type
X-Vcap-Request-Id
X-NF-Request-ID
X-VARITI-CCR
X-Cached
X-Navigation-Version
X-ESI
Cache-Tag
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Fastly-Request-ID
Accept-Ch-Lifetime
AR-CACHE
Ar-Sid
X-Version
X-Server-Name
X-Instart-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Upstream
X-TEC-API-ROOT
X-Powered-CMS
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
X-Debug
X-Accel-Expires
Charset
Host-Header
Nginx-Cache
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
S
Content-MD5
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Realpath
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Element-Page-Cache
X-Client-IP
X-DynaTrace-JS-Agent
X-XRDS-Location
X-SharePointHealthScore
SPRequestGuid
X-Pinterest-Rid
Pinterest-Version
X-Shield-Request-Id
X-Jurisdiction
X-Hp-Webp
X-Cdn
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Trace
X-Recruiting
X-Id
X-Amz-Meta-S3cmd-Attrs
X-T
X-Kinsta-Cache
X-Node-Name
X-Content-Digest
Fastcgi-Cache
X-Logged-In
X-Server-ID
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Cache-Key
X-TTL
X-ASPNET-VERSION
X-Frontend
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Cache-Age
ServerID
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-Amzn-Trace-Id
Edge-Cache-Tag
X-Hostname
Front-End-Https
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Forwarded-For
Fastly-Restarts
Server-Name
X-Ruxit-Js-Agent
PB-RID
PB-PID
Arc-Version
Powered
X-Yandex-Sdch-Disable
DynaTrace
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
Filters
X-Zen-Fury
X-Revision
X-User-Agent
X-Page-Id
Nel
X-F-Cache
X-LB-Cache
X-Jobs
X-Akamai-Edgescape
X-Mobile-Rewrite
X-Hits
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-HS-Cache-Config
Accept-Charset
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Kong-Proxy-Latency
X-Content-Powered-By
X-Kong-Upstream-Latency
X-Geo-Country
Backend-Timing
X-Origin-Server
X-ATS-Timestamp
X-Varnish-Age
X-N
Alternate-Protocol
X-B
AMP-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-FTR-Cache-Host
X-Daa-Tunnel
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-Correlation-Id
X-Rid
X-Via-JSL
Cache-Tags
X-Activity-Id
X-Az
X-AppVersion
X-WebKit-CSP-Report-Only
DC
X-Type
X-FB-Debug
X-Git-Hash
X-Amz-Replication-Status
Paypal-Debug-Id
X-Whom
X-ATG-Version
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-B-Cache
X-Varnish-Grace
Retry-After
X-Ser
X-Signature
X-Debug-Info
Surrogate-Key
X-TT
X-Edge
X-App-Environment
Section-Io-Cache
X-Esi
Frame-Options
X-RateLimit-Remaining
Actual-Object-TTL
X-Status
Host
X-Content-Options
X-App-Server
Fastcgi-Useragent
X-Request-Guid
Healthy
X-IPLB-Instance
X-AOL-HN
X-Contextid
X-Amzn-RequestId
X-Cache-Action
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Seen-By
X-Pinterest-Direct
Srv
X-Host-Name
Refresh
X-ECACHE
X-Upgrade-Enabled
From-Origin
X-Tumblr-User
Access-Control-Allow-Method
X-Amz-Apigw-Id
Source
X-B3-Sampled
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Instance
X-RemovedCookies
X-ProcessESI
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Response-Served-From
X-Cache-Rule
X-Cache-Operation
Odigeo-Trace-Id
X-MCACHE
X-Region
X-Mid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
MS-CV
X-Protected-By
X-Cacheable-TTL
X-Rule
X-Rendered-As
X-UUID
Payment
X-Varnish-Server
X-Is-Bot
Eomportal-Instance
X-Cache-Time
X-L-Path
X-WA-Info
X-PressLabs-Stats
Datacenter
X-Environment-Context
Countrycode
X-VCache
X-Time
X-FW-Static
X-FW-Serve
X-FW-Type
Content-Disposition
X-FW-Dynamic
X-FW-Server
X-FW-Hash
Cache-Status
X-Adobe-Loc
X-Adobe-Content
Xserver
X-Cache-Control
X-Litespeed-Cache
X-Cache-Server
X-GeoIP
X-Correlation-ID
X-Cached-By
X-Akamai-Request-ID2
X-UnsetCookies
Uber-Trace-Id
X-XRDS-LOCATION
X-Proxy
X-Akamai-Transformed
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Mobile
X-Wix-Request-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
Version
X-PHP-Backend
X-SERVER-NAME
Access-Control-Request-Headers
X-Cluster
NGB
X-Handled-By
X-Release
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Azure-Ref
Filterid
X-Tt-Trace-Host
X-NGENIX-Cache
X-APP-VERSION
X-Mode
X-Backend-Name
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Accept-Language
Cache
X-Cache-NGX
X-NewRelic-App-Data
X-Tumblr-Pixel-2
X-NWS-UUID-VERIFY
X-Air-Hostname
X-CSRF-Token
X-Cache-Remote
X-Framework
X-URL
X-Cache-Status-Check
Cross-Origin-Window-Policy
X-Adobe-Source
X-RN-RSRV
X-UA-Device-Type
Meta-Geo
X-UPSTREAM-Address
X-Path-Route
X-Via-Fastly
X-ES-SERVER
X-Cache-Var-Map
X-FireWall-Port
X-Cache-Var
X-No-Session
Load-Balancing
X-CCM
X-Viewer-Country
X-PCL
X-Www-Served-By
Cache-Hits
X-MP-GENERATED-AT
X-Locale
X-OCL
X-PERF
X-ApacheServer
X-Storage
DSUID
X-Real-IP
X-RTag
X-Cache-Config
Ms-Operation-Id
X-R9-Blue-Green-Version
X-Pubstack
ServedBy
Akamai-GRN
Liferay-Portal
X-Site-Version
Now
Decoy-Debug-Key
X-LJ-Flow-ID
Cleartype
X-VWS-Id
X-AWS-Id
X-RequestSource
Decoy-Debug-Status
Decoy-Debug-TTL
Webserver
X-Bc-Bl
X-BYPASS-REASON
Section-Origin-Responded
Cache-Name
Section-Io-Origin-Status
Fastly-SSL
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-ProxyCache-Status
Mn-Server-Ip
X-Web-Node
X-ServerID
X-Access
X-Format
X-TX-ID
X-Section
X-SayCDN-TTL
X-Say-TTL
X-Hl-Ver
X-FW-Version
X-NCache
X-ProxyCache-Key
X-Say-Cacheable
X-Redis-Cache
X-Device-Type
X-Human
X-Alternate-Cache-Key
TWC-Locale-Group
X-BCube-Filmed-By
TWC-Privacy
X-NYM-Debug-Backend
TWC-GeoIP-LatLong
S-Rt
TWC-GeoIP-Country
Selected-Fe
X-Origin
Webcakes-App-Name
Webcakes-App-Version
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-Info
Webcakes-Region
X-EIG-Tracking-Id
X-Detected-As
X-Origin-Hint
X-Time-Microsecs
X-CS
X-JoinUs
X-Proxy-Build
X-Ua
Property-Id
X-ShopId
X-ShardId
X-Varnish-Cache-Hits
X-SaId
TWC-Connection-Speed
X-Timing-Wait
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
TWC-Device-Class
X-Shopify-Stage
X-Generated
DB-Nickname
X-Qloud-Router
X-Cache-Enabled
X-Amzn-Remapped-Content-Length
X-IP
X-Loop
X-TNCMS
Cache-Tv-Group
X-PHP-Host
X-Labrador-Cache-Channel
X-Geo
X-Hosted-By
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Hyper-Cache
X-From
X-Content-Age
Azure-Version
Azure-SlotName
Origin-Cache-Control
Origin-Edge-Control
Azure-RegionName
X-Xfnlog-Site
Azure-SiteName
Azure-InstanceId
X-Cache-Host
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
NR-ENABLED
WPE-Backend
Ec-Rule-Version
SD-X-WS
X-Cache-2
X-Drupal-Cache-Contexts
X-Source
Time
User-Agent
X-Pad
Geo-Info
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Unique-Id
X-RateLimit-Limit
X-Old-Content-Length
X-Varnish-Hostname
X-Cluster-Node
Server-Info
X-Cache-NE
X-Cache-TTL-Remaining
Upgrade-Insecure-Requests
X-Presslabs-Stats
X-Parent-Response-Time
X-Srv
X-EC-Lua
Apigw-Requestid
FilterID
X-Debug-Cache
X-Cache-Backend
X-Soup
X-Akamai-Request-ID
Proxy-Connection
X-Webkit-CSP
X-Nc
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Cache-Grace
X-Newrelic-Synthetics
X-Tb
X-Forwarded-Host
X-Proto
X-TA-CDN-Provider
X-Cache-PHP
X-Backend-TTL
X-App-Version
X-Tumblr-Pixel-3
S-Cnection
X-CDN-Forward
X-External-Request-Id
X-Dispatch
X-Scheme
Meta-Geo-Continent
X-G
Machine
X-S-Cookie
MD5-Digest
Mobile-Detection-Method
X-ServiceProvider
X-Destination
X-SRCache-Key
X-Swa-Ws
X-Developer
X-Session-Fingerprint
X-Generated-On
Pagetype
X-DevSite-Last-Modified
X-ScT
M-TraceId
X-Rojux
X-Matched-Rule
X-Level-Front-Cache
X-NodeID
X-Rewrite-Enabled
X-Processor
X-Reqid
X-PAYTM-SRV-ID
X-Geo-Header
Arc-Country
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-S
Content-Style-Type
Content-Script-Type
AsisCache
BehaviorPad-Version
X-Date
X-D
Thinkindot-Control
X-VG-WebCache
True-Client-Country-4JS
Thinkindot-CacheControl-Type
X-Twitter-Response-Tags
X-Trv-Group
X-VG-WebServer
T-Server
UCS
Viewtype
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-Vdms-Version
X-A
VivaBuild
X-Vdms-Path
Who
X-Region-Sid
X-Transaction
Server-Host
X-Vtex-Remote-Cache
X-CF-Lambda-Fn
X-Thinkindot-L3
X-CF-Lambda-Version
X-A-Dam
Xc-Version
X-Connection-Hash
X-Vtex-Processado-Em
ServerName
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-Application
X-ARC
X-Trace-Id
X-B-Cookie
Rendered-Blocks
Thinkindot-CacheControl
X-FORWARDED-FOR
OT-Force-Account-Verify
X-Uri
X-Cluster-Name
NGX
Cache-Key
X-Be
X-Location
X-Response-By
X-Worker
Release
X-SD-PageType
X-Agile
CDCHOST
X-Agile-Id
We-Hiring
X-Agile-Age
IsBot
FNAC-ModuleRouting
V-Age
X-Generation-Time
X-Thanos
N-Cache
NM-Fastcgi-Cache
On-Server
X-User
Mail-Subject
X-Hash
X-RateLimit-Remaining-Second
Viewport
Kp-EeAlive
X-Skip-Cache
X-Generated-In
X-SN
Vix-Hermes-Req-Id
CacheControlHeader
X-AIR-PT
X-Device-Os
Sid
Cf-Ipcountry
X-Node-Id
X-Vcache
X-SIPLIST1
X-Owner
X-Cms-Context
X-RateLimit-Limit-Second
X-Dispatcher-Server
AKAMAI
X-Cache-FS-Status
X-Branch-Name
X-Bip
X-Method
X-Microcachable
X-Hit
User-Cache-Control
X-DC
X-Dc
X-Variation
X-TH-Server
X-Core-Value
X-Distil-CS
Rt-Fastcgi-Cache
X-Epic-Correlation-Id
X-Eu-Site
X-Gen-Mode
X-Cache-Info
X-Request-UUID
X-Cache-Bucket
X-Fmm-Version
X-Auto-Login
X-Block-Status
X-Cache-Tags
X-Logging-Id
X-Servername
X-Clientip
X-Backend-State
X-Clara-WADP
X-CGP
Web-Mar-Node
X-Micro-Cache
X-VC-Cache
Cache-Cookie-Set-Lfrom
Magicmarker
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
C-Via
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Wikidot-Static-Cache
Apple-News-Services-Handled
Fastly-Drupal-HTML
X-Hnp-Log
RNT-Machine
RNT-Time
X-Is-Gdpr
X-Nginx-Cache-Key
X-Compress-Hint
X-Developers
X-Req
X-JWT-State
Adler-Geo
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Wikidot-Backend
Apple-News-Services-Request-Url
Is-Eu
Gh-Request-Id
X-Has-Esi
HA-Ipaddr
L5d-Success-Class
Platform
X-WADP-Cache
X-LAGOON
Ha-Gx-Prefs
X-Varnish-Beresp-Ttl
X-Envoy-Decorator-Operation
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-App
Fastly-SWR
W
X-VG-TLSProxy
X-TrackingId
X-Instart-Info
Fastly-SIE
Sever-Int
X-Origin-Expires
X-Origin-Date
X-Storefront-Renderer-Rendered
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Distributor
X-Policy
X-Var-Ttl
X-Webstats-RespID
X-Varnish-Cacheable
X-Magnolia-Registration
X-Backend-Host
X-Rebelmouse-Cache-Control
X-BBXSRF
X-We-Are-Hiring
X-Slack-Backend
Server-Ext
X-VServer
X-Rebelmouse-Surrogate-Control
X-Reboot
Server-Hostname
X-Request-Host
HostName
Node
X-Origin-CC
X-Cdn-Forward
X-Origin-TTL
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-Fastly-Cache
X-Cache-URL
Memcached
X-Via-PopH
X-Varnish-Authentication
X-Via-PopV
LB
X-Core-Mission
X-Cache-Debug
X-Server-W
X-Cache-Id
X-Esi-Check
X-Platform-Server
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-SRV
X-Loc
X-Gzip
X-Ms-Version
X-TT-TIMESTAMP
X-NU-AKA-ACS-Version
X-Ms-Request-Id
X-Configured-By
X-NC
X-Envoy-Upstream-Healthchecked-Cluster
X-SVT-ORM-VERSION
X-GoCache-CacheStatus
X-SVT-ORM-RULES
X-UA
Tracecode
X-Wa
X-Edge-Location
X-Key
NtCoent-Length
X-ZONE
X-BC
X-Vgn-Hpd-Reason
MIME-Version
Referer-Policy
X-Refresh
Esi-Enabled
Pragrma
L
X-BACKEND-TTL
Server-ID
GEO-INFO
Ohc-File-Size
X-Varnish-URL
X-Mvc-Supplant-OutputCached
X-Ua-Device
X-App-Name
X-Server-IP
Cache-Host
X-Servedbyhost
Fastly-Backend-Name
X-Nginx-Cache
X-TIME
X-Via-CDN
X-B3-Traceid
Memory
X-MSEdge-Features
X-MSEdge-Flight
X-Sucuri-ID
X-Zone
X-Bc
X-Cdn-Srv
X-Pjax-Url
Server-Cache-Control
X-Up
X-Varnish-Ttl
X-Minions-Version
X-Batcache
Server-Surrogate-Control
X-Unique-ID
CACHE
X-S-Maxage
X-VCT
X-FPC
X-ND-Cache
X-Generated-By
X-Svr
X-Debug-Panamera-Host
Ohc-Response-Time
X-ElasticPress-Query
X-Debug-Panamera-Sitecode
FSS-Cache
X-COUNTRY
X-VCL-Version
X-Oss-Object-Type
X-Oss-Request-Id
X-Aicache-OS
Resin-Trace
X-CF-Powered-By
X-Oss-Server-Time
X-Oss-Storage-Class
X-Rocket-Nginx-Bypass
X-Oss-Hash-Crc64ecma
Locid
X-GEO
Heartbleed
DCR-Decision-By
GeoIP-Country-Code
Request-EU
Request-Country
DCR-Processing-Time-Ms
Cteonnt-Length
X-Varnish-Hits
X-PF-Uncompressing
GeoIP-Latitude
X-Request-URI
Location
Powered-By-ChinaCache
Lfy
X-Fastly-Cache-Status
Pramga
X-Azure-Ref-OriginShield
X-BE
Hostname
X-Sucuri-Cache
X-Shopify-Generated-Cart-Token
X-Gamma-Serve
HitType
X-Check-Cacheable
X-LB-ID
X-Fastly-Country-Code
X-Edge-Server
Amp-Access-Control-Allow-Source-Origin
Cdn-Request-Time
Cdn-Host
X-Varnishpool
Geoip-Latitude
GeoIp-Country-Code
PFcat
X-VarnishDD-TTL
CF-Cached-On
X-Ratelimit-Reset
WZWS-RAY
X-VHOST
X-Ratelimit-Remaining
X-Newrelic-App-Data
SRV
X-PJAX-URL
X-Fastly-Backend-Reqs
X-CACHE-KEY
X-Vgn-Hpd-Variations-Key
X-OVcl
X-HS-Status
X-Fpc
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-WebServer
X-OVcl-Cache
X-Vcl-Version
X-CSRF-TOKEN
X-Instart-Isnd
X-Platform
X-Proxy-Upstream
Product
X-ECache
X-Ratelimit-Limit
X-Render-Time
X-Fetched-On
X-Sn-Servicetimems
My-App
Ohc-Cache-HIT
Mime-Version
X-Pf-Uncompressing
X-Cdn-Origin
X-ServedByHost
X-Ftr-Cache-Host
X-Oracle-Dms-Rid
X-GeoIP-Country-Code
X-CACHE-AGE
X-NGINX-Cache
X-Original-Request-Id
SN
X-CLOUD-TRACE-CONTEXT
X-Cache-Expired-At
WWW-Authenticate
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Dt-Cache-Category
X-CUA
Epwk-X-Cache
X-Varnish-Url
URI
XServer
X-Swift-Error
X-Cache-Tag
CloudFront-Viewer-Country
X-Request-Start
X-Tec-Api-Version
Group
X-B3-SpanId
X-Served-From
X-Tec-Api-Origin
X-Tec-Api-Root
A
X-B3-Spanid
X-Oss-Cdn-Auth
Cf-Alt-Svc
Pics-Label
X-Client-Ip
Backend
Backend-Name
Cdn
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-StackifyID
PICS-Label
X-RunCloud-Cache
Lb
X-WR-MODIFICATION
X-Amzn-Requestid
Cloudfront-Viewer-Country
SID
Server-Ttl
X-Debug-Do-Not-Cache-Uri
X-Tb-Optimization-Total-Bytes-Saved
X-Csrf-Jwt
X-Debug-Cache-Bypass
X-Via-Poph
X-WA
X-Request-Time
X-Via-Popv
X-Via-Ucdn
X-Debug-Cache-String
X-Debug-Cache-Status
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Debug-Xas-Auth
X-Nananana
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Cache-Version
X-Cache-Hfrom
X-Via-NSCOPI
Proxy-Firewall
Origin
X-Cache-Hm
X-Varnish-Beresp-TTL
Cneonction
NnCoection
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Country-Code
X-IN-APIGATEWAY
Inserted-Into-Cache-At
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
X-WPE-Loopback-Upstream-Addr
X-APP
X-Snapshot-Date
Warning
X-Html-Edge-Cache
X-Ocache
X-Varnish-ID
Req-ID
X-B3-Parentspanid
X-DPWN-IS-SECURE
X-ElasticPress-Search
X-VC
X-SB
X-Dw-Trace-Id
X-Request-URL
Geoip-City