Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Vhost
X-Device
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
Content-Location
X-Origin-Upstream-Status
NEL
X-HW
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
X-Rack-Cache
RTSS
Accept-CH
Edge-Control
X-Url
MS-Author-Via
X-Clacks-Overhead
Accept-CH-Lifetime
X-Px
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
Pagespeed
X-Amz-Server-Side-Encryption
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Display
X-MS-InvokeApp
X-Content-Type
X-Cache-TTL
X-DynaTrace
X-Cdn
X-D2id
X-CST
X-Ttl
X-NF-Request-ID
X-Amz-Rid
X-Vcap-Request-Id
TCN
X-VARITI-CCR
X-Cached
X-Abt-Application-Version
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
Pinterest-Generated-By
X-ESI
X-Powered-CMS
X-Navigation-Version
X-Upstream
X-Version
Accept-Ch
X-Fastly-Request-ID
X-Debug
Cache-Tag
X-Grace
X-Server-Name
Accept-Ch-Lifetime
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Charset
X-Element-Page-Cache
X-MSEdge-Ref
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-XRDS-Location
Realpath
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Hp-Webp
X-Jurisdiction
SPRequestDuration
SPIisLatency
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
Pinterest-Version
X-Id
X-Recruiting
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
S
X-Kinsta-Cache
X-T
X-Content-Digest
X-Logged-In
X-Trace
Fastcgi-Cache
X-TTL
X-NWS-LOG-UUID
X-Node-Name
X-Cache-Key
TP-Cache
TP-L2-Cache
X-Hostname
ServerID
Fastly-Restarts
X-Oneagent-Js-Injection
X-Request-Received
X-Request-Processing-Time
X-Amzn-Trace-Id
X-Mobile-URL
X-Cache-Hit
X-Frontend
Front-End-Https
Server-Node
X-FastCGI-Cache
X-Cache-Age
X-Server-ID
X-Client-IP
X-Forwarded-For
X-Yandex-Sdch-Disable
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
Edge-Cache-Tag
Powered
X-FTR-Expires
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Server-Name
Arc-Version
PB-PID
PB-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Ah-Environment
X-Akamai-Edgescape
X-Page-Id
X-Hits
X-DIS-Request-ID
X-F-Cache
X-Revision
Filters
X-LB-Cache
X-Jobs
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-Content-Powered-By
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-Geo-Country
X-Fastcgi-Cache
X-Varnish-Age
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
Nel
X-N
Accept-Charset
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-RateLimit-Remaining
Cache-Tags
X-B
X-Varnish-Backend
X-Ser
X-Type
Paypal-Debug-Id
X-Varnish-Grace
DC
Surrogate-Key
X-Git-Hash
X-Rid
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
X-Esi
X-Content-Options
Section-Io-Cache
X-Whom
Retry-After
Host
X-App-Environment
X-Signature
X-B-Cache
X-FB-Debug
X-Request-Guid
X-TT
X-AppVersion
X-Edge
X-Activity-Id
X-Az
X-IPLB-Instance
Fastcgi-Useragent
X-Endurance-Cache-Level
X-Debug-Info
X-Status
Frame-Options
Actual-Object-TTL
Healthy
X-Via-JSL
X-HTML-Minification-Powered-By
X-ATG-Version
X-Release
MicrosoftSharePointTeamServices
Content-Disposition
X-AOL-HN
X-Contextid
Refresh
Srv
X-Cache-Action
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Seen-By
X-ATS-Timestamp
X-App-Server
Backend-Timing
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-Protected-By
X-Pinterest-Direct
X-B3-Sampled
X-Accel-Buffering
X-Response-Served-From
X-Cache-Rule
X-ProcessESI
X-Cache-Operation
X-Mid
X-MCACHE
X-RemovedCookies
X-Region
X-Tumblr-User
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tumblr-Pixel-0
X-Cacheable-TTL
Odigeo-Trace-Id
X-Tumblr-Pixel
X-Rendered-As
X-Is-Bot
X-Instance
X-FW-Server
Uber-Trace-Id
X-L-Path
Datacenter
X-FW-Type
X-FW-Static
X-UUID
X-FW-Dynamic
X-Upgrade-Enabled
X-WA-Info
X-Environment-Context
X-FW-Hash
X-FW-Serve
Eomportal-Instance
Payment
X-Drupal-Cache-Tags
X-Varnish-Server
X-Rule
X-Cache-Time
X-Adobe-Loc
Countrycode
X-Adobe-Content
MS-CV
X-Host-Name
X-Proxy
X-Akamai-Request-ID2
X-Cached-By
X-EdgeConnect-Cache-Status
X-Time
X-Mobile
Xserver
Source
X-Cache-Server
X-NewRelic-App-Data
X-PHP-Backend
X-Load-Cache
X-UnsetCookies
X-Cache-Control
Access-Control-Request-Headers
X-Air-Hostname
Server-Info
X-Azure-Ref
X-Correlation-ID
Accept-Language
X-SERVER-NAME
X-GeoIP
X-Yottaa-Optimizations
X-NGENIX-Cache
X-Yottaa-Metrics
X-Backend-Name
X-Cache-NGX
X-Origin-Response-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Presslabs-Stats
X-Handled-By
X-Akamai-Transformed
Liferay-Portal
Filterid
X-Webkit-CSP
X-Framework
X-NWS-UUID-VERIFY
X-Pass-Why
Version
X-Mode
X-CSRF-Token
X-XRDS-LOCATION
X-Unique-Id
X-Wix-Request-Id
X-URL
X-RateLimit-Limit
X-FireWall-Port
X-APP-VERSION
X-UPSTREAM-Address
Meta-Geo
Load-Balancing
X-Adobe-Source
X-Cache-Var
X-Cache-Var-Map
X-CCM
X-ES-SERVER
X-AWS-Id
X-ApacheServer
Cross-Origin-Window-Policy
X-LJ-Flow-ID
X-Via-Fastly
X-PERF
X-Path-Route
X-Proxied
X-Zipkin-Id
Cache-Status
X-VWS-Id
X-Vcache
X-UA-Device-Type
X-Routing-Service
X-RN-RSRV
X-Locale
DSUID
X-Detected-As
X-Viewer-Country
X-Format
X-TX-ID
X-Real-IP
Cache-Hits
X-Cache-Status-Check
Now
X-Access
X-Qloud-Router
Mn-Server-Ip
X-Site-Version
X-Cluster
X-Section
Akamai-GRN
X-Www-Served-By
Cache
X-Tumblr-Pixel-2
X-NCache
X-IP
X-MP-GENERATED-AT
ServedBy
X-Tumblr-Pixel-1
X-Pubstack
X-Say-TTL
X-Amzn-Remapped-Content-Length
X-SayCDN-TTL
TWC-Connection-Speed
X-Info
X-Hyper-Cache
TWC-GeoIP-LatLong
Apigw-Requestid
X-OCL
Cache-Name
Cleartype
Decoy-Debug-TTL
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
TWC-Device-Class
Decoy-Debug-Status
Decoy-Debug-Key
X-Cache-Config
X-Say-Cacheable
DB-Nickname
Cache-Tv-Group
Section-Io-Origin-Status
X-Varnish-Cache-Hits
Webcakes-App-Name
S-Rt
X-CS
TWC-Locale-Group
X-Web-Node
X-Device-Type
X-R9-Blue-Green-Version
X-Storage
X-Redis-Cache
Property-Id
TWC-GeoIP-Country
X-FW-Version
X-Human
X-Origin-Hint
X-ServerID
Webcakes-Region
X-PCL
Section-Io-Id
TWC-Privacy
Webcakes-App-Version
Webserver
X-Shopify-Stage
X-ProxyCache-Status
X-Hosted-By
X-Time-Microsecs
X-FC-Vary-Parameters
X-ProxyCache-Key
X-PHP-Host
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-Origin
X-EIG-Tracking-Id
X-Sorting-Hat-ShopId
X-Cache-Enabled
X-BYPASS-REASON
X-Bc-Bl
X-Cache-Host
X-ShardId
X-Sorting-Hat-PodId
X-Cache-2
X-ShopId
X-Alternate-Cache-Key
Fastly-SSL
X-IPS-LoggedIn
X-Content-Age
X-SaId
X-TNCMS
X-BCube-Filmed-By
Azure-InstanceId
X-FB-TRIP-ID
X-From
X-Geo
X-Loop
X-JoinUs
X-Hl-Ver
Azure-RegionName
X-Proxy-Build
X-Timing-Wait
Azure-Version
Azure-SlotName
Selected-Fe
Azure-SiteName
X-RTag
Ms-Operation-Id
Locale
X-Urbn-Site-Id
Origin-Cache-Control
X-Urbn-Context-Path
X-Cache-Remote
NGB
X-VCache
X-No-Session
X-Ua
Ec-Rule-Version
X-Generated
X-Drupal-Cache-Contexts
X-CDN-Forward
X-Cache-TTL-Remaining
X-PressLabs-Stats
Origin-Edge-Control
Time
X-Xfnlog-Site
X-EC-Lua
X-Backend-TTL
X-Debug-Cache
SD-X-WS
Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Storefront-Renderer-Rendered
X-Pad
X-Source
X-SRV
X-Soup
X-NC
X-Old-Content-Length
X-Varnish-Hostname
Upgrade-Insecure-Requests
X-Proto
X-Akamai-Request-ID
X-Tb
X-Cluster-Node
X-TA-CDN-Provider
GEO-INFO
X-Cache-PHP
Referer-Policy
X-App-Version
Proxy-Connection
User-Agent
X-RCS-CacheZone
LB
X-RequestSource
Cache-Key
X-Parent-Response-Time
X-Cache-NE
X-Cache-Backend
X-App
X-Client-Ip
X-DC
X-FORWARDED-FOR
X-Magnolia-Registration
NGX
X-Origin-CC
Geo-Info
X-Origin-TTL
Pragrma
X-Cms-Context
X-Connection-Hash
Rendered-Blocks
T-Server
X-PAYTM-SRV-ID
X-Processor
Viewtype
X-Dispatch
UCS
True-Client-Country-4JS
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Nginx-Cache-Key
X-NodeID
X-Method
X-D
Fastcgi-X-Cache-Version
X-Developer
M-TraceId
Content-Style-Type
X-G
Content-Script-Type
X-External-Request-Id
X-Developers
IsBot
X-Edge-Location
X-DevSite-Last-Modified
GEO-REGION-INFO
FNAC-ModuleRouting
Machine
CacheControlHeader
Meta-Geo-Continent
Arc-Country
Mobile-Detection-Method
AKAMAI
N-Cache
AsisCache
BehaviorPad-Version
X-Generation-Time
MD5-Digest
X-Geo-Header
X-Destination
X-Date
On-Server
VivaBuild
X-A-Wwc
X-Vtex-Processado-Em
X-Accel-Expires-Debug
X-SRCache-Key
X-SVT-ORM-RULES
X-Aed
X-A-Dgt
X-Vtex-Remote-Cache
X-A-Ccd
X-A
X-A-Dam
X-SIPLIST1
X-Cache-Grace
X-SVT-ORM-VERSION
X-Swa-Ws
X-ARC
X-Trv-Group
X-Twitter-Response-Tags
X-B-Cookie
Xc-Version
X-Transaction
X-Application
X-VG-WebCache
X-VG-WebServer
X-Trace-Id
X-Vdms-Version
X-Vdms-Path
X-SD-PageType
X-A-Dcw
X-Scheme
X-S-Cookie
Who
X-Rewrite-Enabled
X-S
X-ScT
X-Region-Sid
X-Rojux
X-AIR-PT
X-Response-By
X-Distributor
X-Proxy-Cache-Status
OT-Force-Account-Verify
Node
User-Cache-Control
X-Tumblr-Pixel-3
Web-Mar-Node
V-Age
Mail-Subject
Magicmarker
Viewport
X-Cache-Info
Kp-EeAlive
X-Block-Status
We-Hiring
X-Backend-State
X-Device-Os
X-Auto-Login
Wxu-Next-Commit
X-Cache-Bucket
Vix-Hermes-Req-Id
Wxu-Next-Hostname
Release
Pagetype
Wxu-Next-Region
Sever-Int
X-Compress-Hint
Server-Ext
X-Clara-WADP
Server-Hostname
NM-Fastcgi-Cache
Thinkindot-CacheControl
X-Agile
X-Agile-Age
X-Agile-Id
Server-Host
X-Cache-URL
Thinkindot-CacheControl-Type
Thinkindot-Control
MIME-Version
X-Cache-FS-Status
X-Hnp-Log
X-Dispatcher-Server
X-Node-Id
X-SN
X-Bip
X-Worker
X-Micro-Cache
X-Matched-Rule
X-Loc
X-LAGOON
X-Thanos
X-Location
X-Logging-Id
X-Owner
X-Wikidot-Static-Cache
X-Servername
X-ServiceProvider
X-Req
X-Reqid
X-Server-W
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Skip-Cache
X-Policy
X-Wikidot-Backend
X-WADP-Cache
X-Key
X-Level-Front-Cache
Apple-News-Services-Request-Url
X-Has-Esi
Apple-News-Services-Parsed-Url
X-Forwarded-Host
Apple-News-Services-Host
X-User
X-Generated-On
X-Fmm-Version
X-Gen-Mode
X-Generated-In
CDCHOST
Apple-News-Services-Handled
X-Hash
X-JWT-State
X-Thinkindot-L3
X-Cluster-Name
X-Is-Gdpr
X-VC-Cache
X-Varnish-Cacheable
X-Uri
Gh-Request-Id
X-Hit
X-Cache-Id
X-Varnish-Authentication
X-Cache-ASPX
X-Slack-Backend
X-TrackingId
X-We-Are-Hiring
X-TH-Server
X-VServer
X-VG-TLSProxy
X-Var-Ttl
X-NU-AKA-ACS-Version
X-Variation
X-Irp-Debug
X-Core-Value
X-Core-Mission
X-Gzip
X-Fastly-Cache
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-Esi-Check
X-Eu-Site
X-Contensis-Viewer-Groups
X-Clientip
X-Webstats-RespID
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Cache-Tags
X-Origin-Expires
X-CGP
X-Mvc-Supplant-Cachable
X-Origin-Date
X-Request-UUID
X-BBXSRF
ServerName
Fastly-SWR
Fastly-SIE
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
Rt-Fastcgi-Cache
Is-Eu
Fastly-Drupal-HTML
C-Via
X-Varnish-Beresp-Grace
X-Backend-Host
FilterID
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
W
Adler-Geo
Platform
X-Newrelic-Synthetics
X-Li-Fabric
X-Session-Fingerprint
X-Reboot
X-GoCache-CacheStatus
X-Li-Pop
X-LI-Proto
X-Via-CDN
X-Up
X-LI-UUID
X-Distil-CS
Fastly-Backend-Name
Memcached
X-BC
X-ZONE
X-Dc
Cache-Cookie-Set-From
Sid
RNT-Machine
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Minions-Version
RNT-Time
X-Wa
X-Be
X-Srv
X-ElasticPress-Query
X-Configured-By
X-Refresh
X-Batcache
X-Aicache-OS
X-UA
X-Nc
X-Cache-Debug
X-Branch-Name
Cf-Ipcountry
X-Varnish-URL
X-Ua-Device
X-Mvc-Supplant-OutputCached
DCR-Processing-Time-Ms
DCR-Decision-By
X-Nginx-Cache
X-Servedbyhost
X-TIME
HostName
CACHE
X-B3-Traceid
S-Cnection
X-Ratelimit-Reset
Hostname
X-Varnishpool
X-Fastly-Cache-Status
Pramga
X-Instart-Info
Memory
HitType
X-Via-PopH
X-MSEdge-Features
X-Platform-Server
X-Original-Request-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-PF-Uncompressing
X-ND-Cache
X-MSEdge-Flight
Location
X-Via-PopV
X-BE
X-Sucuri-ID
X-Microcachable
X-VCL-Version
X-LB-ID
NtCoent-Length
X-TT-TIMESTAMP
X-Ms-Request-Id
X-Ms-Version
X-Pjax-Url
X-Sucuri-Cache
Powered-By-ChinaCache
X-CF-Powered-By
X-Cdn-Forward
X-COUNTRY
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Check-Cacheable
Esi-Enabled
X-FPC
X-Bc
X-Zone
X-Oss-Object-Type
X-OVcl-Cache
X-OVcl
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-VarnishDD-TTL
GeoIP-Country-Code
PFcat
X-CLOUD-TRACE-CONTEXT
X-Vgn-Hpd-Variations-Key
Resin-Trace
X-Azure-Ref-OriginShield
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
GeoIP-Latitude
X-GEO
X-App-Name
Server-ID
X-Instart-Isnd
L
Ohc-File-Size
FSS-Cache
X-Server-IP
X-Fastly-Backend-Reqs
X-Cdn-Srv
X-Vgn-Hpd-Reason
Cache-Host
X-Render-Time
X-Platform
Server-Cache-Control
X-Generated-By
X-Svr
Server-Surrogate-Control
X-Varnish-Ttl
X-BACKEND-TTL
X-CUA
X-HS-Status
X-S-Maxage
Cteonnt-Length
X-Unique-ID
SRV
X-VHOST
Ohc-Response-Time
X-Cache-Expired-At
Epwk-X-Cache
GeoIp-Country-Code
X-Fpc
Pics-Label
Geoip-Latitude
X-Fastly-Country-Code
X-CACHE-KEY
X-Rocket-Nginx-Bypass
Tracecode
X-PJAX-URL
X-CSRF-TOKEN
Backend-Name
X-RunCloud-Cache
Backend
X-Vcl-Version
X-Newrelic-App-Data
X-Varnish-Hits
X-Csrf-Jwt
X-Via-Poph
X-VCT
Request-EU
Request-Country
Cdn-Host
Locid
Cdn-Request-Time
X-Via-Popv
X-Ratelimit-Remaining
SN
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
Heartbleed
X-Edge-Server
CF-Cached-On
X-NGINX-Cache
X-Ratelimit-Limit
X-CACHE-AGE
X-Oracle-Dms-Rid
X-Request-URI
X-Request-Time
WWW-Authenticate
Lfy
X-Gamma-Serve
X-Sigma
X-ServedByHost
X-Sigma-Backend
X-ECache
X-StackifyID
X-Varnish-Url
X-Rocket-Build-Number
CF-IPCountry
XServer
X-Nananana
Host-ID
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-Tec-Api-Origin
X-Tec-Api-Version
X-DPWN-IS-SECURE
X-Tec-Api-Root
X-Oss-Cdn-Auth
WPE-Backend
NR-ENABLED
Country-Code
X-Debug-Cache-Store
X-Debug-Cache-Fetch
PICS-Label
X-WebServer
URI
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
X-LiteSpeed-Cache-Control
Lb
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Cache-Bypass
Cloudfront-Viewer-Country
X-Via-Ucdn
X-Debug-Do-Not-Cache-Uri
X-Cache-Tag
Product
CDN-Uid
X-Debug-Ysi-Auth
X-Debug-Xas-Auth
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestId
SID
CDN-Cache
X-Shopify-Generated-Cart-Token
X-B3-Spanid
Server-Ttl
CDN-CachedAt
CDN-EdgeStorageId
X-Proxy-Upstream
X-Cache-Version
Dnion-Transfer-Encoding
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
My-App
X-Cdn-Origin
X-Acquia-Application-Trace
X-Fetched-On
WZWS-RAY
X-Amz-Meta-Cb-Modifiedtime
Surrogated-Key
Cneonction
Ohc-Cache-HIT
X-WA
X-Acquia-Application-UUID
Proxy-Firewall
X-Acquia-Purge-Tags
X-Acquia-Site
X-APP
X-Fastly-Cache-Hits
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
FSS-Proxy
X-Swift-Error
Cf-Alt-Svc
X-Html-Edge-Cache
X-Varnish-Beresp-TTL
X-Dw-Trace-Id
X-GeoIP-Country-Code
X-SB
A
X-VC
X-Snapshot-Date
X-Request-URL
Warning
Inserted-Into-Cache-At
X-WR-MODIFICATION
X-ElasticPress-Search