Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Vhost
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
Content-Location
X-Origin-Upstream-Status
X-HW
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
Fusion-Deployment-Id
X-Country
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
Accept-CH
X-Rack-Cache
RTSS
Edge-Control
X-Url
Accept-CH-Lifetime
MS-Author-Via
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
Verso
X-Goog-Hash
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Varnish-TTL
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
Pagespeed
X-Amz-Server-Side-Encryption
Response
X-Middleton-Display
X-Sol
X-Middleton-Response
Display
X-MS-InvokeApp
X-Content-Type
X-Cache-TTL
X-DynaTrace
X-Cdn
X-D2id
X-NF-Request-ID
X-Ttl
X-Vcap-Request-Id
X-Amz-Rid
X-CST
TCN
X-VARITI-CCR
X-Abt-Application-Version
X-Cached
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
Pinterest-Generated-By
X-ESI
X-Powered-CMS
X-Version
X-Upstream
X-Navigation-Version
X-Fastly-Request-ID
X-Debug
Cache-Tag
X-Grace
X-Server-Name
Accept-Ch
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Charset
X-Element-Page-Cache
X-MSEdge-Ref
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-XRDS-Location
Realpath
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
Accept-Ch-Lifetime
X-Shield-Request-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
X-Hp-Webp
X-Jurisdiction
SPRequestDuration
SPIisLatency
X-Amz-Meta-S3cmd-Attrs
Pinterest-Version
X-Pinterest-Rid
X-Id
X-Recruiting
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
S
X-Kinsta-Cache
X-T
X-Content-Digest
X-Logged-In
Fastcgi-Cache
X-Trace
X-TTL
X-Node-Name
X-NWS-LOG-UUID
X-Cache-Key
TP-Cache
TP-L2-Cache
X-Hostname
ServerID
Fastly-Restarts
X-Oneagent-Js-Injection
X-Request-Received
X-Request-Processing-Time
X-Mobile-URL
X-Amzn-Trace-Id
X-Cache-Hit
X-Frontend
Front-End-Https
Server-Node
X-FastCGI-Cache
X-Cache-Age
X-Server-ID
X-Client-IP
X-Yandex-Sdch-Disable
X-Forwarded-For
X-Country-Code-Real
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
Edge-Cache-Tag
Powered
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
Server-Name
Arc-Version
PB-PID
PB-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Ah-Environment
X-Hits
X-DIS-Request-ID
X-Akamai-Edgescape
X-Page-Id
X-Erf-Bev-Bev-Is-Generated
X-F-Cache
X-Erf-Bev-Bev
Filters
X-Revision
X-Jobs
X-LB-Cache
Alternate-Protocol
X-Origin-Server
X-Correlation-Id
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Content-Powered-By
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Geo-Country
X-Fastcgi-Cache
X-Varnish-Age
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
X-N
Accept-Charset
X-Ruxit-Js-Agent
X-FTR-Cache-Host
Cache-Tags
X-B
X-Varnish-Backend
X-Ser
X-Type
Paypal-Debug-Id
X-Varnish-Grace
DC
X-Esi
X-Amz-Replication-Status
Surrogate-Key
X-Rid
X-WebKit-CSP-Report-Only
X-Git-Hash
X-RateLimit-Remaining
Section-Io-Cache
Retry-After
X-B-Cache
X-Whom
Host
X-App-Environment
X-Signature
X-Content-Options
X-Request-Guid
X-TT
X-FB-Debug
X-Activity-Id
X-Edge
X-Az
X-AppVersion
Fastcgi-Useragent
X-IPLB-Instance
X-Debug-Info
X-Status
X-Endurance-Cache-Level
Frame-Options
Actual-Object-TTL
Healthy
X-Via-JSL
Nel
X-HTML-Minification-Powered-By
X-ATG-Version
Srv
MicrosoftSharePointTeamServices
X-Release
X-AOL-HN
Content-Disposition
Refresh
X-Contextid
X-Cache-Action
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Seen-By
Backend-Timing
X-ATS-Timestamp
X-App-Server
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-B3-Sampled
X-Pinterest-Direct
X-Protected-By
X-Response-Served-From
X-Accel-Buffering
X-Cache-Rule
X-Mid
X-Cache-Operation
X-MCACHE
X-Region
X-ProcessESI
X-RemovedCookies
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cacheable-TTL
VIX-Pulpo-Node
X-Is-Bot
Odigeo-Trace-Id
Uber-Trace-Id
X-Instance
Datacenter
X-FW-Dynamic
X-L-Path
X-FW-Type
X-Upgrade-Enabled
X-UUID
X-WA-Info
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Serve
X-Environment-Context
X-Varnish-Server
Payment
X-Rule
Eomportal-Instance
X-Cache-Time
X-Drupal-Cache-Tags
Countrycode
X-Adobe-Content
X-Adobe-Loc
MS-CV
X-Proxy
X-Litespeed-Cache
X-Time
X-Host-Name
X-EdgeConnect-Cache-Status
X-Cached-By
X-Akamai-Request-ID2
Xserver
X-Mobile
X-Cache-Server
X-NewRelic-App-Data
Source
X-PHP-Backend
X-Cache-Control
X-UnsetCookies
X-Load-Cache
X-Air-Hostname
X-Azure-Ref
Access-Control-Request-Headers
Server-Info
Accept-Language
X-SERVER-NAME
X-GeoIP
X-Backend-Name
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-NGENIX-Cache
X-Origin-Response-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-NGX
X-Presslabs-Stats
X-Handled-By
X-Akamai-Transformed
Filterid
X-Webkit-CSP
Liferay-Portal
X-NWS-UUID-VERIFY
X-Pass-Why
Version
X-Framework
X-Mode
X-Unique-Id
X-XRDS-LOCATION
X-CSRF-Token
X-Wix-Request-Id
X-Correlation-ID
X-URL
X-RateLimit-Limit
X-FireWall-Port
X-APP-VERSION
Load-Balancing
X-Via-Fastly
X-Cache-Var
X-ES-SERVER
X-UPSTREAM-Address
X-Vcache
Cache-Status
X-AWS-Id
X-Proxied
X-CCM
Meta-Geo
X-Routing-Service
X-PERF
X-LJ-Flow-ID
X-Locale
X-UA-Device-Type
Cross-Origin-Window-Policy
X-Cache-Var-Map
X-RN-RSRV
X-Adobe-Source
X-ApacheServer
X-Path-Route
X-Zipkin-Id
X-VWS-Id
Now
ServedBy
Akamai-GRN
X-Format
DSUID
Cache-Hits
X-Cache-Status-Check
X-Detected-As
Mn-Server-Ip
X-Access
X-Cluster
X-Viewer-Country
X-Real-IP
X-TX-ID
X-Section
Cache
X-Www-Served-By
X-NCache
X-MP-GENERATED-AT
X-Qloud-Router
X-Tumblr-Pixel-1
X-Site-Version
X-Tumblr-Pixel-2
X-Pubstack
X-IP
X-Say-TTL
X-SayCDN-TTL
X-ServerID
Decoy-Debug-Key
Cache-Name
X-Amzn-Remapped-Content-Length
Cache-Tv-Group
Cleartype
Decoy-Debug-Status
DB-Nickname
Decoy-Debug-TTL
Webcakes-Region
X-Redis-Cache
TWC-Privacy
Section-Origin-Responded
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Webcakes-App-Version
TWC-GeoIP-Country
Property-Id
S-Rt
Section-Io-Id
Webcakes-App-Name
X-Say-Cacheable
Apigw-Requestid
X-Varnish-Cache-Hits
X-CS
X-OCL
X-Device-Type
X-R9-Blue-Green-Version
X-Storage
X-Origin-Hint
X-Info
X-PCL
X-Human
X-Bc-Bl
X-Hyper-Cache
X-Cache-Config
X-Web-Node
X-FW-Version
X-Origin
X-NYM-Debug-Backend
X-Hosted-By
X-Labrador-Cache-Channel
X-FC-Vary-Parameters
X-PHP-Host
X-EIG-Tracking-Id
X-Time-Microsecs
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-BYPASS-REASON
X-Cache-Enabled
X-Cache-Host
X-ProxyCache-Status
Webserver
X-Cache-2
X-ShardId
X-ShopId
X-ProxyCache-Key
Fastly-SSL
X-IPS-LoggedIn
X-TNCMS
X-Timing-Wait
X-Proxy-Build
X-BCube-Filmed-By
Azure-InstanceId
X-FB-TRIP-ID
X-SaId
X-Geo
X-Loop
X-JoinUs
X-Hl-Ver
Azure-RegionName
X-From
X-Content-Age
Azure-Version
Azure-SlotName
Selected-Fe
Azure-SiteName
Locale
X-RTag
Ms-Operation-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
Origin-Cache-Control
X-VCache
X-Cache-Remote
NGB
X-No-Session
X-Ua
Ec-Rule-Version
X-Generated
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-PressLabs-Stats
X-Xfnlog-Site
Origin-Edge-Control
X-CDN-Forward
Time
X-EC-Lua
X-Debug-Cache
Country
X-Storefront-Renderer-Rendered
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-SRV
X-Source
X-Pad
X-Soup
X-Backend-TTL
X-Varnish-Hostname
X-Proto
Upgrade-Insecure-Requests
X-Old-Content-Length
X-Tb
X-Cluster-Node
X-Akamai-Request-ID
X-TA-CDN-Provider
X-NC
X-Cache-PHP
GEO-INFO
Referer-Policy
X-App-Version
Cache-Key
X-Parent-Response-Time
X-RCS-CacheZone
LB
User-Agent
Proxy-Connection
X-RequestSource
X-Cache-NE
X-DC
X-Cache-Backend
X-App
X-Client-Ip
X-FORWARDED-FOR
X-Magnolia-Registration
NGX
X-Origin-CC
Geo-Info
X-Origin-TTL
CacheControlHeader
Xc-Version
AKAMAI
X-CF-Lambda-Version
X-Cms-Context
BehaviorPad-Version
Arc-Country
AsisCache
X-Connection-Hash
X-CF-Lambda-Fn
X-Developers
X-External-Request-Id
X-Edge-Location
X-Swa-Ws
X-Generation-Time
X-Geo-Header
X-Dispatch
X-DevSite-Last-Modified
X-Date
X-Destination
X-Developer
X-B-Cookie
X-D
X-Application
VivaBuild
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
Machine
Who
Viewtype
N-Cache
Rendered-Blocks
T-Server
True-Client-Country-4JS
Pragrma
On-Server
UCS
M-TraceId
X-A
GEO-REGION-INFO
X-Aed
FNAC-ModuleRouting
Fastcgi-X-Cache-Version
Content-Style-Type
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
IsBot
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Content-Script-Type
X-G
X-VG-WebCache
X-Vdms-Version
X-Trace-Id
X-VG-WebServer
X-Vtex-Processado-Em
X-PAYTM-SRV-ID
X-SIPLIST1
X-Scheme
X-AIR-PT
X-ScT
X-Trv-Group
X-NodeID
X-Vdms-Path
X-Processor
X-Nginx-Cache-Key
X-SD-PageType
X-Transaction
X-Method
X-S-Cookie
X-Twitter-Response-Tags
X-S
X-Cache-Grace
X-Response-By
X-SVT-ORM-VERSION
X-Rewrite-Enabled
X-Vtex-Remote-Cache
X-SVT-ORM-RULES
X-Rojux
X-SRCache-Key
X-Region-Sid
X-Tumblr-Pixel-3
OT-Force-Account-Verify
X-Proxy-Cache-Status
Node
X-Distributor
User-Cache-Control
X-Varnish-Cacheable
Wxu-Next-Hostname
Wxu-Next-Region
X-Agile
X-User
X-Uri
Vix-Hermes-Req-Id
Thinkindot-Control
X-Thanos
V-Age
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
Server-Hostname
Sever-Int
X-SN
Viewport
Web-Mar-Node
X-Servername
X-Server-W
We-Hiring
X-Agile-Age
X-Skip-Cache
X-Thinkindot-L3
X-ServiceProvider
Wxu-Next-Commit
X-RateLimit-Limit-Second
X-Fmm-Version
X-LAGOON
X-Gen-Mode
X-Generated-In
X-Level-Front-Cache
X-Loc
X-Device-Os
X-Location
X-Dispatcher-Server
X-Generated-On
X-Worker
X-Hnp-Log
X-Key
X-Is-Gdpr
X-WADP-Cache
X-Wikidot-Backend
X-Has-Esi
X-Hash
X-Wikidot-Static-Cache
X-Logging-Id
Server-Ext
X-RateLimit-Remaining-Second
X-JWT-State
X-Block-Status
X-Cache-Bucket
X-Backend-State
X-Auto-Login
X-VC-Cache
X-Reqid
X-Req
X-Cache-FS-Status
X-Cache-Info
X-Compress-Hint
X-Micro-Cache
X-Matched-Rule
X-Node-Id
X-Clara-WADP
X-Cache-URL
X-Policy
X-Owner
X-Agile-Id
X-Bip
Magicmarker
Kp-EeAlive
Mail-Subject
MIME-Version
NM-Fastcgi-Cache
Gh-Request-Id
CDCHOST
X-Cluster-Name
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Pagetype
Apple-News-Services-Host
X-Forwarded-Host
Release
X-Hit
X-Core-Value
X-Contensis-Viewer-Groups
Rt-Fastcgi-Cache
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Ttl
X-Rebelmouse-Cache-Control
Adler-Geo
X-Clientip
C-Via
X-Cache-Tags
ServerName
X-CGP
X-Varnish-Beresp-Status
X-Mvc-Supplant-Cachable
X-Cache-Id
X-Epic-Correlation-Id
X-Origin-Expires
X-Irp-Debug
X-Origin-Date
X-Webstats-RespID
X-We-Are-Hiring
X-NU-AKA-ACS-Version
X-Gzip
X-VServer
X-Cache-ASPX
X-Envoy-Decorator-Operation
X-Esi-Check
X-Eu-Site
X-Fastly-Cache
X-TH-Server
X-Varnish-Beresp-Grace
X-Core-Mission
Ha-Gx-Prefs
HA-Ipaddr
X-Varnish-Authentication
Fastly-SWR
Fastly-Drupal-HTML
Fastly-SIE
X-Variation
Is-Eu
FilterID
Platform
W
X-Slack-Backend
X-Var-Ttl
L5d-Success-Class
X-Request-UUID
X-TrackingId
X-Backend-Host
X-VG-TLSProxy
X-BBXSRF
X-Request-Host
X-Newrelic-Synthetics
X-Via-CDN
X-Reboot
X-Up
X-Distil-CS
X-Li-Fabric
Fastly-Backend-Name
X-GoCache-CacheStatus
Memcached
X-LI-Proto
X-Session-Fingerprint
X-LI-UUID
X-Li-Pop
X-Dc
RNT-Time
Cache-Cookie-Set-Idcheck
X-Minions-Version
RNT-Machine
Sid
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Nc
X-Srv
X-Wa
X-Be
X-ZONE
X-BC
X-ElasticPress-Query
X-Batcache
X-Configured-By
X-Refresh
X-Varnish-URL
Cf-Ipcountry
X-Aicache-OS
X-UA
X-Cache-Debug
X-Branch-Name
X-Ua-Device
DCR-Processing-Time-Ms
HostName
X-Nginx-Cache
DCR-Decision-By
X-Mvc-Supplant-OutputCached
CACHE
X-Servedbyhost
X-B3-Traceid
S-Cnection
Pramga
Hostname
X-Varnish-Ttl
Memory
X-Fastly-Cache-Status
X-Ratelimit-Reset
X-Varnishpool
X-MSEdge-Flight
X-MSEdge-Features
X-Instart-Info
X-Cdn-Forward
X-Via-PopH
X-Platform-Server
X-Original-Request-Id
X-Via-PopV
HitType
X-PF-Uncompressing
X-Envoy-Upstream-Healthchecked-Cluster
Location
X-ND-Cache
X-BE
X-Sucuri-ID
X-TIME
X-VCL-Version
X-Microcachable
X-TT-TIMESTAMP
X-Ms-Version
X-LB-ID
X-Pjax-Url
NtCoent-Length
X-Bc
X-Zone
X-Ms-Request-Id
X-Sucuri-Cache
X-COUNTRY
X-Check-Cacheable
Esi-Enabled
X-CF-Powered-By
Powered-By-ChinaCache
X-Debug-Panamera-Host
X-FPC
X-Debug-Panamera-Sitecode
X-OVcl
X-VarnishDD-TTL
X-OVcl-Cache
PFcat
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
GeoIP-Country-Code
X-Instart-Isnd
X-Vgn-Hpd-Variations-Key
L
X-App-Name
Resin-Trace
Server-ID
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
X-GEO
GeoIP-Latitude
X-Azure-Ref-OriginShield
FSS-Cache
Ohc-File-Size
X-Platform
X-Render-Time
X-Server-IP
X-Cdn-Srv
Cache-Host
X-Vgn-Hpd-Reason
X-Fastly-Backend-Reqs
X-BACKEND-TTL
X-Generated-By
Server-Cache-Control
Server-Surrogate-Control
X-Svr
X-CUA
X-HS-Status
X-S-Maxage
X-Ratelimit-Remaining
Cteonnt-Length
X-Unique-ID
Ohc-Response-Time
X-VHOST
Pics-Label
X-PJAX-URL
Epwk-X-Cache
X-Fastly-Country-Code
X-Fpc
X-Cache-Expired-At
Tracecode
X-Rocket-Nginx-Bypass
X-CACHE-KEY
GeoIp-Country-Code
Geoip-Latitude
X-CSRF-TOKEN
Backend
X-RunCloud-Cache
X-Vcl-Version
Backend-Name
X-Newrelic-App-Data
X-Varnish-Hits
SRV
Cdn-Request-Time
Heartbleed
Locid
Cdn-Host
X-Csrf-Jwt
Request-EU
Request-Country
X-Edge-Server
X-Via-Popv
SN
X-Pf-Uncompressing
X-VCT
Amp-Access-Control-Allow-Source-Origin
X-Via-Poph
CF-Cached-On
X-Ratelimit-Limit
X-NGINX-Cache
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-Request-URI
X-CACHE-AGE
X-Request-Time
Lfy
X-ECache
X-ServedByHost
WWW-Authenticate
X-Gamma-Serve
X-Sigma-Backend
X-Sigma
X-StackifyID
X-Rocket-Build-Number
XServer
X-Varnish-Url
X-Amzn-Remapped-Date
Host-ID
X-Amzn-Remapped-Connection
X-Nananana
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-DPWN-IS-SECURE
X-Tec-Api-Version
CF-IPCountry
X-Tec-Api-Root
X-Tec-Api-Origin
X-Oss-Cdn-Auth
NR-ENABLED
WPE-Backend
Country-Code
PICS-Label
X-Debug-Cache-Fetch
X-Debug-Cache-Store
URI
X-Apw-Hits
X-Apw-Access-Object
X-WebServer
X-LiteSpeed-Cache-Control
X-Apw-Access-Token
X-Apw-Access-Action
Lb
X-Debug-Cache-Status
X-Debug-Cache-Bypass
SID
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Cache-Tag
X-Via-Ucdn
X-Debug-Ysi-Auth
CDN-Uid
CDN-CachedAt
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-RequestId
CDN-Cache
X-Proxy-Upstream
X-Shopify-Generated-Cart-Token
X-WA
CDN-PullZone
X-Debug-Cache-String
X-B3-Spanid
Server-Ttl
Cloudfront-Viewer-Country
Product
X-Cache-Version
X-Acquia-Site
WZWS-RAY
X-Cdn-Origin
Cneonction
Dnion-Transfer-Encoding
My-App
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
X-Amz-Meta-Cb-Modifiedtime
X-Acquia-Application-Trace
Proxy-Firewall
X-Fetched-On
X-Acquia-Application-UUID
Surrogated-Key
Ohc-Cache-HIT
X-Acquia-Purge-Tags
X-APP
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-VC
X-IN-APIGATEWAYSSL
X-SB
Cf-Alt-Svc
X-GeoIP-Country-Code
X-WR-MODIFICATION
X-Swift-Error
X-Varnish-Beresp-TTL
X-Html-Edge-Cache
X-Request-URL
Inserted-Into-Cache-At
A
FSS-Proxy
X-ElasticPress-Search
X-Snapshot-Date
Warning
X-IN-APIGATEWAY