Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-AH-Environment
X-Age
X-Server
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
P3p
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Accept-CH
Rating
X-Country-Code
X-Cnection
Accept-CH-Lifetime
X-Rack-Cache
Edge-Control
X-Url
RTSS
X-Clacks-Overhead
MS-Author-Via
X-Px
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
Verso
X-Powered-By-Plesk
Host-Header
Service-Worker-Allowed
X-Varnish-TTL
X-B3-TraceId
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja
Public-Key-Pins
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
Pagespeed
X-Sol
Display
X-Middleton-Response
X-Middleton-Display
Response
X-Cache-TTL
X-DynaTrace
X-Content-Type
X-Cdn
X-D2id
X-Ttl
X-Amz-Rid
X-NF-Request-ID
X-Vcap-Request-Id
TCN
X-CST
X-Abt-Application-Version
X-Cached
X-VARITI-CCR
Pinterest-Generated-By
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
X-ESI
X-Version
X-Navigation-Version
X-Powered-CMS
X-Fastly-Request-ID
X-Upstream
Cache-Tag
X-Server-Name
X-Debug
X-Grace
X-Instart-Request-ID
X-TEC-API-ORIGIN
Access-Control-Request-Method
X-TEC-API-ROOT
X-TEC-API-VERSION
X-XRDS-Location
Charset
X-MSEdge-Ref
Nginx-Cache
Content-MD5
X-Element-Page-Cache
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Realpath
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
SPRequestGuid
S
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-Pass-Why
X-Hp-Webp
Accept-Ch
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Kinsta-Cache
X-Trace
X-T
Fastcgi-Cache
X-Content-Digest
X-Logged-In
X-Node-Name
X-Cache-Key
Accept-Ch-Lifetime
X-TTL
X-Client-IP
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-Mobile-URL
X-Oneagent-Js-Injection
X-FastCGI-Cache
X-Hostname
X-Request-Received
X-Frontend
Server-Node
X-Request-Processing-Time
X-Cache-Hit
ServerID
X-Cache-Age
Front-End-Https
X-Amzn-Trace-Id
Fastly-Restarts
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Yandex-Sdch-Disable
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Server-Name
Powered
X-Server-ID
PB-PID
Arc-Version
PB-RID
X-Request-Handler-Origin-Region
X-Microsite
X-User-Agent
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Page-Id
X-Revision
X-Hits
X-F-Cache
X-Jobs
X-LB-Cache
Filters
X-Akamai-Edgescape
X-Zen-Fury
DynaTrace
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
X-Fastcgi-Cache
X-Content-Powered-By
Alternate-Protocol
X-Origin-Server
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Geo-Country
Accept-Charset
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-FTR-Cache-Host
X-Ruxit-Js-Agent
X-Daa-Tunnel
X-B
Cache-Tags
X-Varnish-Backend
X-RateLimit-Remaining
X-Rid
X-Amz-Replication-Status
Retry-After
X-Type
X-WebKit-CSP-Report-Only
X-Esi
X-Varnish-Grace
DC
Host
Section-Io-Cache
X-Content-Options
X-Whom
X-Git-Hash
Surrogate-Key
X-TT
X-Via-JSL
X-Signature
X-B-Cache
X-FB-Debug
Paypal-Debug-Id
X-App-Environment
X-Request-Guid
X-Edge
X-Activity-Id
X-Az
X-AppVersion
X-Status
Backend-Timing
MicrosoftSharePointTeamServices
X-ATS-Timestamp
X-Ser
X-Debug-Info
Fastcgi-Useragent
Frame-Options
Actual-Object-TTL
X-IPLB-Instance
X-ATG-Version
X-Webkit-CSP
Healthy
Nel
X-Endurance-Cache-Level
X-App-Server
X-HTML-Minification-Powered-By
X-Contextid
Srv
X-AOL-HN
X-Cache-Action
X-Amzn-RequestId
X-Seen-By
X-ECACHE
X-Pinterest-Direct
Refresh
X-B3-Sampled
From-Origin
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Protected-By
X-Cache-Rule
X-Response-Served-From
X-Upgrade-Enabled
X-Accel-Buffering
Content-Disposition
X-Tumblr-Pixel-0
X-ProcessESI
X-Cache-Operation
X-Drupal-Cache-Tags
X-RemovedCookies
X-Tumblr-User
X-Tumblr-Pixel
X-Host-Name
X-Region
X-Is-Bot
X-Instance
Odigeo-Trace-Id
X-Rendered-As
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Mid
X-Cacheable-TTL
X-MCACHE
X-Environment-Context
Datacenter
Payment
X-WA-Info
X-L-Path
X-Release
X-UUID
X-FW-Static
X-FW-Server
X-Rule
X-Varnish-Server
X-FW-Hash
X-FW-Dynamic
Eomportal-Instance
X-FW-Type
X-FW-Serve
X-Adobe-Loc
X-Cache-Time
X-Adobe-Content
MS-CV
Countrycode
X-Time
X-Litespeed-Cache
Source
Uber-Trace-Id
X-Proxy
X-Cached-By
X-Load-Cache
X-Akamai-Request-ID2
Xserver
X-EdgeConnect-Cache-Status
X-Cache-Control
X-Cache-Server
X-UnsetCookies
X-Mobile
Cache-Status
X-GeoIP
X-PHP-Backend
X-NewRelic-App-Data
Access-Control-Request-Headers
X-Azure-Ref
X-Akamai-Transformed
X-SERVER-NAME
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Host
Accept-Language
X-Origin-Response-Time
X-Tt-Trace-Tag
X-PressLabs-Stats
Version
X-Air-Hostname
X-Wix-Request-Id
Filterid
X-NGENIX-Cache
X-Handled-By
X-Mode
X-Cache-NGX
X-Backend-Name
Liferay-Portal
X-NWS-UUID-VERIFY
X-Cluster
X-Correlation-ID
X-Framework
X-IPS-LoggedIn
X-URL
Server-Info
X-CSRF-Token
X-RN-RSRV
X-AWS-Id
X-Path-Route
X-Locale
X-PERF
X-Proxied
X-Tumblr-Pixel-1
X-Routing-Service
X-Zipkin-Id
X-Via-Fastly
X-UPSTREAM-Address
X-UA-Device-Type
X-FireWall-Port
X-VWS-Id
Load-Balancing
Cross-Origin-Window-Policy
Meta-Geo
X-Tumblr-Pixel-2
X-Cache-Var
X-Adobe-Source
X-RateLimit-Limit
X-Cache-Var-Map
X-ES-SERVER
X-LJ-Flow-ID
X-CCM
NGB
X-ApacheServer
X-Cache-Remote
X-Ua
X-Site-Version
Mn-Server-Ip
X-Detected-As
DSUID
X-MP-GENERATED-AT
X-Www-Served-By
Cache-Hits
ServedBy
X-Real-IP
Cache
X-Viewer-Country
X-VCache
X-TX-ID
X-Cache-Status-Check
X-Qloud-Router
Cleartype
X-SayCDN-TTL
X-Web-Node
X-Storage
Akamai-GRN
X-Cache-Config
X-Section
Cache-Name
Cache-Tv-Group
X-Say-Cacheable
Section-Io-Origin-Status
X-IP
X-Pubstack
X-PCL
Section-Origin-Responded
X-NCache
X-OCL
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Info
X-Access
Decoy-Debug-TTL
Decoy-Debug-Key
X-Format
X-Redis-Cache
X-Human
Now
X-R9-Blue-Green-Version
X-Say-TTL
Decoy-Debug-Status
X-Bc-Bl
X-Alternate-Cache-Key
Webserver
X-BYPASS-REASON
X-Cache-Enabled
X-CS
X-Cache-Host
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
X-Device-Type
X-EIG-Tracking-Id
X-ShardId
X-ServerID
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-ProxyCache-Key
X-FW-Version
X-FC-Vary-Parameters
X-Hosted-By
X-Labrador-Cache-Channel
X-PHP-Host
X-Origin-Hint
TWC-Connection-Speed
X-ShopId
S-Rt
Property-Id
X-Unique-Id
Fastly-SSL
X-JoinUs
X-Time-Microsecs
X-Hl-Ver
X-From
X-SaId
X-Timing-Wait
X-Loop
X-BCube-Filmed-By
X-Content-Age
Selected-Fe
X-Geo
X-Origin
X-TNCMS
X-Proxy-Build
X-NYM-Debug-Backend
X-APP-VERSION
X-FB-TRIP-ID
X-No-Session
DB-Nickname
Origin-Cache-Control
X-Generated
Ms-Operation-Id
X-Amzn-Remapped-Content-Length
X-Hyper-Cache
X-RTag
X-Vcache
X-XRDS-LOCATION
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Presslabs-Stats
Ec-Rule-Version
X-Cache-2
Apigw-Requestid
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Xfnlog-Site
Time
Origin-Edge-Control
SD-X-WS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EC-Lua
Country
X-RequestSource
X-Pad
X-Old-Content-Length
X-Source
User-Agent
X-Varnish-Hostname
X-Cluster-Node
Geo-Info
X-Debug-Cache
X-CDN-Forward
X-Soup
X-Backend-TTL
Upgrade-Insecure-Requests
X-App-Version
X-SRV
X-Akamai-Request-ID
X-Cache-NE
X-Parent-Response-Time
X-RCS-CacheZone
X-Proto
X-DC
X-Tb
X-Cache-Backend
X-Storefront-Renderer-Rendered
Proxy-Connection
X-Cache-PHP
X-TA-CDN-Provider
X-NC
FilterID
LB
X-App
X-Cache-Grace
X-FORWARDED-FOR
X-Proxy-Cache-Status
Cache-Key
X-Origin-CC
X-Origin-TTL
X-Forwarded-Host
X-G
N-Cache
Content-Script-Type
X-DevSite-Last-Modified
X-Dispatch
Content-Style-Type
X-External-Request-Id
X-AIR-PT
Rendered-Blocks
X-Geo-Header
FNAC-ModuleRouting
X-Scheme
Fastcgi-X-Cache-Version
Who
X-Trv-Group
X-Transaction
X-VG-WebServer
X-Trace-Id
X-Twitter-Response-Tags
X-Destination
BehaviorPad-Version
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
AsisCache
X-B-Cookie
X-Aed
Arc-Country
X-Application
X-ARC
X-A-Dcw
X-A-Dam
X-Date
VivaBuild
X-Vdms-Path
X-Developer
X-D
X-Connection-Hash
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-A-Ccd
X-A
X-VG-WebCache
GEO-REGION-INFO
X-Swa-Ws
Meta-Geo-Continent
MD5-Digest
Mobile-Detection-Method
X-Session-Fingerprint
X-Vtex-Remote-Cache
X-Region-Sid
X-Processor
X-SRCache-Key
X-Rojux
X-Rewrite-Enabled
IsBot
X-Response-By
Viewtype
X-SIPLIST1
X-S
Machine
X-S-Cookie
X-SD-PageType
X-Method
ServerName
Xc-Version
X-Vtex-Processado-Em
X-ScT
UCS
X-Nginx-Cache-Key
X-Uri
X-PAYTM-SRV-ID
M-TraceId
X-Vdms-Version
True-Client-Country-4JS
X-NodeID
T-Server
X-Tumblr-Pixel-3
X-Magnolia-Registration
User-Cache-Control
X-Ah-Environment
Server-Host
X-Agile
Server-Ext
RNT-Machine
Thinkindot-Control
Wxu-Next-Commit
V-Age
Web-Mar-Node
Vix-Hermes-Req-Id
Viewport
Thinkindot-CacheControl-Type
Release
Sever-Int
Wxu-Next-Region
RNT-Time
Thinkindot-CacheControl
Pagetype
Wxu-Next-Hostname
Server-Hostname
X-Owner
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
On-Server
X-Req
X-Reqid
X-SVT-ORM-RULES
X-Policy
X-Matched-Rule
X-Micro-Cache
X-Node-Id
X-SVT-ORM-VERSION
X-Servername
X-ServiceProvider
X-Thinkindot-L3
X-Thanos
X-User
X-Varnish-Cacheable
X-VC-Cache
X-WADP-Cache
X-Wikidot-Backend
X-Worker
X-Wikidot-Static-Cache
X-Skip-Cache
X-SN
X-Logging-Id
X-Loc
X-Cache-URL
X-Cache-Info
X-Clara-WADP
X-Cms-Context
X-Compress-Hint
X-Cache-FS-Status
X-Cache-Bucket
X-Agile-Id
X-Backend-State
X-Bip
X-Block-Status
X-Developers
X-Device-Os
X-Hash
X-Hnp-Log
X-LAGOON
X-Level-Front-Cache
X-Generation-Time
X-Generated-On
X-Dispatcher-Server
X-Fmm-Version
X-Gen-Mode
X-Generated-In
X-Agile-Age
We-Hiring
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Magicmarker
Cache-Cookie-Set-Idcheck
Kp-EeAlive
Referer-Policy
CDCHOST
CacheControlHeader
Cache-Cookie-Set-Lfrom
Mail-Subject
Apple-News-Services-Host
NM-Fastcgi-Cache
NGX
AKAMAI
X-Hit
OT-Force-Account-Verify
X-Distil-CS
X-Cluster-Name
X-Distributor
X-Envoy-Decorator-Operation
X-Esi-Check
X-Epic-Correlation-Id
Node
X-Cache-Id
X-CGP
X-Clientip
X-Cache-Tags
X-Core-Mission
X-Eu-Site
X-Core-Value
X-Has-Esi
X-TrackingId
X-Var-Ttl
X-TH-Server
X-Slack-Backend
X-Server-W
X-Variation
X-VG-TLSProxy
X-Key
X-Edge-Location
X-Webstats-RespID
X-We-Are-Hiring
X-VServer
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Is-Gdpr
X-JWT-State
X-Irp-Debug
X-BBXSRF
X-Gzip
X-Location
X-Mvc-Supplant-Cachable
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Origin-Date
X-NU-AKA-ACS-Version
X-Fastly-Cache
X-Request-UUID
Fastly-Drupal-HTML
Adler-Geo
X-Auto-Login
L5d-Success-Class
C-Via
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Gh-Request-Id
Rt-Fastcgi-Cache
W
Platform
Fastly-SIE
Fastly-SWR
X-Newrelic-Synthetics
Sid
X-GoCache-CacheStatus
X-Cache-ASPX
Pragrma
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
Memcached
X-Varnish-Beresp-Grace
X-Varnish-Authentication
X-Backend-Host
X-Contensis-Viewer-Groups
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Reboot
X-Srv
GEO-INFO
X-Nc
X-Be
MIME-Version
X-Wa
S-Cnection
X-ZONE
X-BC
X-Branch-Name
X-Cache-Debug
X-Configured-By
Cf-Ipcountry
X-Dc
X-Instart-Info
X-Refresh
Fastly-Backend-Name
X-Varnish-URL
X-Up
X-Microcachable
X-Via-CDN
HostName
X-Minions-Version
X-Servedbyhost
X-Via-PopH
X-Via-PopV
X-Envoy-Upstream-Healthchecked-Cluster
X-Batcache
X-Platform-Server
X-Ua-Device
X-Client-Ip
X-Ms-Version
X-Ms-Request-Id
X-ElasticPress-Query
X-Nginx-Cache
CACHE
X-TT-TIMESTAMP
X-UA
X-Cdn-Forward
X-B3-Traceid
X-MSEdge-Flight
X-Mvc-Supplant-OutputCached
X-MSEdge-Features
Memory
X-Aicache-OS
WPE-Backend
X-VCL-Version
X-ND-Cache
NR-ENABLED
Esi-Enabled
NtCoent-Length
X-Vgn-Hpd-Reason
X-TIME
X-Sucuri-ID
Server-ID
X-Debug-Panamera-Host
X-App-Name
DCR-Processing-Time-Ms
X-Pjax-Url
L
X-Debug-Panamera-Sitecode
DCR-Decision-By
Hostname
X-Server-IP
X-COUNTRY
GeoIP-Country-Code
Powered-By-ChinaCache
Cache-Host
Pramga
X-PF-Uncompressing
X-Fastly-Cache-Status
X-BE
X-Bc
X-Zone
X-Oss-Storage-Class
HitType
X-Oss-Object-Type
X-Svr
X-Oss-Hash-Crc64ecma
Location
X-Oss-Request-Id
X-Oss-Server-Time
X-FPC
GeoIP-Latitude
Ohc-File-Size
X-Cdn-Srv
X-CF-Powered-By
FSS-Cache
X-BACKEND-TTL
X-Ratelimit-Reset
X-Varnishpool
X-GEO
X-LB-ID
X-Generated-By
Server-Surrogate-Control
Server-Cache-Control
X-Unique-ID
X-Sucuri-Cache
X-S-Maxage
Resin-Trace
X-Check-Cacheable
X-Azure-Ref-OriginShield
Tracecode
Ohc-Response-Time
X-OVcl
X-Rocket-Nginx-Bypass
X-Original-Request-Id
PFcat
X-Varnish-Ttl
X-OVcl-Cache
X-VarnishDD-TTL
X-VCT
Cteonnt-Length
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Instart-Isnd
X-Fastly-Backend-Reqs
X-Platform
Request-Country
X-Render-Time
Request-EU
Locid
Cdn-Host
Heartbleed
X-Fpc
Cdn-Request-Time
X-Edge-Server
X-Fastly-Country-Code
X-VHOST
X-Varnish-Hits
X-Newrelic-App-Data
X-HS-Status
X-Cache-Expired-At
X-PJAX-URL
X-Request-URI
CF-Cached-On
X-CSRF-TOKEN
Lfy
GeoIp-Country-Code
X-CUA
Geoip-Latitude
Amp-Access-Control-Allow-Source-Origin
SRV
X-Pf-Uncompressing
Pics-Label
X-Vcl-Version
X-Ratelimit-Remaining
X-Gamma-Serve
Epwk-X-Cache
X-Oracle-Dms-Rid
X-CLOUD-TRACE-CONTEXT
SN
X-CACHE-AGE
X-Shopify-Generated-Cart-Token
X-RunCloud-Cache
WWW-Authenticate
X-WebServer
Backend-Name
Backend
X-NGINX-Cache
X-CACHE-KEY
X-ECache
X-ServedByHost
URI
X-Proxy-Upstream
WZWS-RAY
X-Via-Poph
Product
X-Amzn-Remapped-Date
X-Via-Popv
XServer
X-Varnish-Url
X-Amzn-Remapped-Connection
X-Csrf-Jwt
X-StackifyID
X-Ratelimit-Limit
X-Ftr-Cache-Host
X-Oss-Cdn-Auth
X-Cdn-Origin
X-Fetched-On
CloudFront-Viewer-Country
X-Sn-Servicetimems
My-App
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Mime-Version
X-Nananana
X-Sigma-Backend
X-GeoIP-Country-Code
X-Debug-Cache-Fetch
A
X-Debug-Cache-Store
X-Request-Time
X-Sigma
X-Rocket-Build-Number
Lb
Server-Ttl
X-Debug-Cache-Status
X-Cache-Tag
X-Debug-Cache-Bypass
PICS-Label
Cloudfront-Viewer-Country
Dt-Cache-Category
X-Debug-Cache-String
X-Debug-Ysi-Auth
X-Debug-Do-Not-Cache-Uri
Ohc-Cache-HIT
Host-ID
CF-IPCountry
X-B3-Spanid
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Xas-Auth
X-LiteSpeed-Cache-Control
SID
X-B3-SpanId
X-Cache-Version
X-DPWN-IS-SECURE
X-WA
Dnion-Transfer-Encoding
X-Request-Start
X-Varnish-Beresp-TTL
X-Apw-Access-Object
X-Apw-Access-Action
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Apw-Access-Token
Cneonction
X-Apw-Hits
Proxy-Firewall
X-Acquia-Application-UUID
Cf-Alt-Svc
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
FSS-Proxy
Country-Code
X-Snapshot-Date
X-Dw-Trace-Id
X-ElasticPress-Search
X-Served-From
X-Request-URL
X-WR-MODIFICATION
X-Html-Edge-Cache
Cdn
X-Swift-Error
Inserted-Into-Cache-At
Group
X-SB
X-VC
Warning