Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
P3p
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
Server-Timing
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Accept-CH
Rating
X-Country-Code
X-Cnection
Accept-CH-Lifetime
X-Rack-Cache
Host-Header
Edge-Control
X-Url
RTSS
MS-Author-Via
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Kinja
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
X-Amz-Server-Side-Encryption
X-Middleton-Display
Response
Pagespeed
Display
X-Sol
X-Middleton-Response
X-MS-InvokeApp
X-Cache-TTL
X-DynaTrace
X-Content-Type
X-Cdn
X-D2id
X-NF-Request-ID
X-Ttl
X-Amz-Rid
TCN
X-CST
X-Vcap-Request-Id
X-Cached
X-Abt-Application-Version
X-VARITI-CCR
Pinterest-Generated-By
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
AR-PoweredBy
X-ESI
X-Powered-CMS
X-Version
X-Navigation-Version
X-Upstream
X-Fastly-Request-ID
Cache-Tag
X-Debug
X-Server-Name
X-Grace
X-Instart-Request-ID
Access-Control-Request-Method
X-XRDS-Location
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Charset
X-MSEdge-Ref
X-Element-Page-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Realpath
Content-MD5
Nginx-Cache
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Accept-Ch
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Jurisdiction
X-Hp-Webp
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
SPRequestGuid
X-Recruiting
X-Id
S
X-Dw-Request-Base-Id
X-Kinsta-Cache
X-T
Accept-Ch-Lifetime
X-Content-Digest
X-Trace
X-Cache-Key
Fastcgi-Cache
X-Logged-In
X-TTL
X-Node-Name
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Hostname
X-Oneagent-Js-Injection
ServerID
X-Mobile-URL
X-Request-Received
X-Request-Processing-Time
X-Amzn-Trace-Id
Fastly-Restarts
X-Cache-Hit
X-Frontend
Server-Node
Front-End-Https
X-Cache-Age
X-FastCGI-Cache
X-Server-ID
X-Client-IP
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend
X-Forwarded-For
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
Edge-Cache-Tag
X-Yandex-Sdch-Disable
Powered
X-GUploader-UploadID
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
Server-Name
Arc-Version
PB-PID
PB-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Ah-Environment
X-Content-Security-Policy-Report-Only
X-User-Agent
X-DIS-Request-ID
X-Page-Id
X-Akamai-Edgescape
X-Hits
X-Revision
X-F-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Jobs
Filters
X-LB-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Zen-Fury
Alternate-Protocol
X-Origin-Server
X-Correlation-Id
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Fastcgi-Cache
X-Content-Powered-By
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Daa-Tunnel
Accept-Charset
X-N
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-B
Cache-Tags
X-RateLimit-Remaining
X-Varnish-Backend
X-Type
X-Pass-Why
X-Ser
DC
X-Rid
Paypal-Debug-Id
X-Varnish-Grace
X-WebKit-CSP-Report-Only
X-Git-Hash
X-Amz-Replication-Status
Surrogate-Key
X-Esi
Section-Io-Cache
X-B-Cache
X-Signature
X-Whom
X-App-Environment
X-Content-Options
Retry-After
Host
X-Request-Guid
X-TT
X-FB-Debug
X-AppVersion
X-Az
X-Edge
X-Activity-Id
X-IPLB-Instance
Fastcgi-Useragent
X-Status
X-Debug-Info
X-Via-JSL
Frame-Options
Actual-Object-TTL
X-Endurance-Cache-Level
X-Webkit-CSP
Healthy
Nel
MicrosoftSharePointTeamServices
X-ATG-Version
X-HTML-Minification-Powered-By
Backend-Timing
Srv
X-ATS-Timestamp
X-AOL-HN
X-Contextid
X-App-Server
X-Cache-Action
X-Release
Content-Disposition
X-Seen-By
Refresh
X-Amzn-RequestId
X-Amz-Apigw-Id
X-ECACHE
From-Origin
X-B3-Sampled
Access-Control-Allow-Method
X-Protected-By
X-Cache-Rule
X-Accel-Buffering
X-Pinterest-Direct
X-Response-Served-From
X-ProcessESI
X-RemovedCookies
X-Region
X-Cache-Operation
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
VIX-Pulpo-Upstream-Status
Odigeo-Trace-Id
X-Rendered-As
VIX-Pulpo-Node
X-Upgrade-Enabled
X-Instance
X-Cacheable-TTL
X-Is-Bot
X-Mid
X-MCACHE
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-UUID
X-FW-Server
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Type
Datacenter
X-Environment-Context
X-L-Path
X-WA-Info
X-Host-Name
X-Rule
X-Cache-Time
Eomportal-Instance
Payment
X-Varnish-Server
Countrycode
Uber-Trace-Id
X-Adobe-Content
X-Adobe-Loc
MS-CV
X-Time
X-Litespeed-Cache
X-Proxy
X-EdgeConnect-Cache-Status
X-Cached-By
X-Akamai-Request-ID2
Xserver
Source
X-Cache-Server
X-Mobile
X-Cache-Control
X-Load-Cache
X-NewRelic-App-Data
X-UnsetCookies
X-PHP-Backend
Access-Control-Request-Headers
X-Air-Hostname
X-Azure-Ref
Accept-Language
X-SERVER-NAME
X-GeoIP
X-Akamai-Transformed
X-Yottaa-Metrics
X-Yottaa-Optimizations
Server-Info
X-NWS-UUID-VERIFY
X-Cache-NGX
X-Backend-Name
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Tt-Trace-Host
X-NGENIX-Cache
X-Handled-By
Version
Liferay-Portal
X-Vcache
X-Mode
X-Wix-Request-Id
X-Framework
X-Unique-Id
Cache-Status
X-Correlation-ID
X-CSRF-Token
X-RateLimit-Limit
X-URL
X-Presslabs-Stats
Filterid
X-FireWall-Port
X-Cluster
X-ES-SERVER
X-Cache-Var-Map
X-Locale
X-UPSTREAM-Address
X-CCM
X-Cache-Var
X-LJ-Flow-ID
X-Zipkin-Id
X-Tumblr-Pixel-2
X-Adobe-Source
X-ApacheServer
X-Tumblr-Pixel-1
Meta-Geo
X-UA-Device-Type
Load-Balancing
X-Path-Route
X-Proxied
X-PERF
X-VWS-Id
Cross-Origin-Window-Policy
X-Routing-Service
X-AWS-Id
X-RN-RSRV
X-Via-Fastly
Mn-Server-Ip
X-Section
X-MP-GENERATED-AT
X-Viewer-Country
X-Cache-Status-Check
X-Detected-As
X-TX-ID
X-IP
X-Format
X-Www-Served-By
X-NCache
Now
X-Site-Version
Cache-Hits
ServedBy
X-Access
X-Real-IP
X-Qloud-Router
X-Pubstack
Akamai-GRN
DSUID
Cache
X-IPS-LoggedIn
X-Device-Type
X-CS
S-Rt
X-Cache-Config
X-FW-Version
Property-Id
Decoy-Debug-TTL
Cleartype
Cache-Tv-Group
Cache-Name
X-Human
DB-Nickname
Decoy-Debug-Status
Decoy-Debug-Key
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Ua
TWC-Privacy
X-Amzn-Remapped-Content-Length
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Bc-Bl
Section-Origin-Responded
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Section-Io-Origin-Status
X-Info
X-Say-Cacheable
X-Say-TTL
X-PCL
X-Web-Node
X-Storage
X-R9-Blue-Green-Version
X-Redis-Cache
X-Varnish-Cache-Hits
X-SayCDN-TTL
X-Origin-Hint
Apigw-Requestid
X-OCL
X-ServerID
X-Cache-Enabled
X-Cache-Host
X-Shopify-Stage
X-Time-Microsecs
X-ShardId
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-BYPASS-REASON
X-ShopId
X-FC-Vary-Parameters
X-Origin
X-Hyper-Cache
X-Alternate-Cache-Key
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
Webserver
X-ProxyCache-Key
X-PHP-Host
X-Sorting-Hat-PodId
X-Hosted-By
X-EIG-Tracking-Id
Fastly-SSL
X-Timing-Wait
X-Cache-2
X-TNCMS
X-APP-VERSION
X-Hl-Ver
X-JoinUs
X-PressLabs-Stats
X-Proxy-Build
X-From
X-SaId
X-Loop
X-FB-TRIP-ID
X-BCube-Filmed-By
X-Content-Age
Azure-RegionName
Selected-Fe
X-Cache-Remote
Azure-InstanceId
X-Geo
Azure-SiteName
Origin-Cache-Control
NGB
Azure-Version
Azure-SlotName
X-RTag
Ms-Operation-Id
X-Urbn-Context-Path
X-No-Session
X-Urbn-Site-Id
Locale
X-Generated
Ec-Rule-Version
X-XRDS-LOCATION
X-CDN-Forward
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
Time
X-EC-Lua
Origin-Edge-Control
X-SRV
X-VCache
X-Xfnlog-Site
X-Backend-TTL
SD-X-WS
Country
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Debug-Cache
X-Source
X-Pad
X-Soup
X-Storefront-Renderer-Rendered
X-NC
X-Old-Content-Length
X-Varnish-Hostname
X-Cluster-Node
X-App-Version
Upgrade-Insecure-Requests
X-Akamai-Request-ID
X-Proto
X-Tb
X-RequestSource
User-Agent
X-TA-CDN-Provider
X-DC
X-Cache-PHP
X-Parent-Response-Time
LB
X-Cache-NE
X-RCS-CacheZone
Proxy-Connection
Geo-Info
X-App
Cache-Key
X-Cache-Backend
Referer-Policy
GEO-INFO
X-Client-Ip
FilterID
X-FORWARDED-FOR
X-Origin-TTL
X-Origin-CC
X-Cache-Grace
X-Magnolia-Registration
Content-Script-Type
X-B-Cookie
X-PAYTM-SRV-ID
X-CF-Lambda-Fn
X-NodeID
Content-Style-Type
X-Application
X-Method
AsisCache
Arc-Country
AKAMAI
X-ARC
NGX
BehaviorPad-Version
X-Generation-Time
X-Aed
X-Geo-Header
CacheControlHeader
X-Nginx-Cache-Key
X-A-Ccd
Viewtype
UCS
True-Client-Country-4JS
VivaBuild
X-Developers
X-CF-Lambda-Version
Who
Mobile-Detection-Method
T-Server
N-Cache
X-D
X-Destination
Rendered-Blocks
X-Connection-Hash
On-Server
X-Developer
X-Cms-Context
Meta-Geo-Continent
MD5-Digest
GEO-REGION-INFO
X-External-Request-Id
X-Edge-Location
X-A-Dgt
FNAC-ModuleRouting
Fastcgi-X-Cache-Version
X-G
X-A-Wwc
X-A-Dcw
X-A-Dam
X-DevSite-Last-Modified
M-TraceId
Machine
X-Dispatch
X-A
X-Date
IsBot
X-Accel-Expires-Debug
X-ScT
X-SIPLIST1
X-Tumblr-Pixel-3
X-Proxy-Cache-Status
X-Processor
X-SVT-ORM-RULES
X-SD-PageType
X-Scheme
X-Rewrite-Enabled
X-Rojux
X-S
X-S-Cookie
X-SVT-ORM-VERSION
X-Swa-Ws
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Trace-Id
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Response-By
X-SRCache-Key
X-AIR-PT
X-Region-Sid
User-Cache-Control
X-Uri
X-Forwarded-Host
X-Req
Pagetype
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Node-Id
X-Dispatcher-Server
X-User
Release
X-Agile
NM-Fastcgi-Cache
X-Agile-Id
Mail-Subject
Magicmarker
X-Device-Os
X-Thanos
X-Agile-Age
X-Thinkindot-L3
X-WADP-Cache
X-Worker
OT-Force-Account-Verify
Viewport
V-Age
X-Clara-WADP
Wxu-Next-Region
X-Owner
Wxu-Next-Hostname
Web-Mar-Node
We-Hiring
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-VC-Cache
Thinkindot-Control
Server-Host
Server-Ext
X-Compress-Hint
X-RateLimit-Remaining-Second
Server-Hostname
ServerName
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Varnish-Cacheable
Sever-Int
X-RateLimit-Limit-Second
X-Policy
X-Hash
X-Hnp-Log
X-Block-Status
X-Location
X-Has-Esi
X-Bip
X-Key
CDCHOST
Kp-EeAlive
X-Cache-Bucket
X-Cache-FS-Status
X-Logging-Id
X-Is-Gdpr
X-JWT-State
Apple-News-Services-Handled
Apple-News-Services-Host
X-Matched-Rule
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-LAGOON
X-Server-W
Gh-Request-Id
X-Cache-URL
X-Loc
X-Skip-Cache
Pragrma
X-Auto-Login
X-Reqid
X-SN
Node
X-Backend-State
X-Cache-Info
X-Micro-Cache
X-Servername
X-Generated-On
X-Generated-In
X-Gen-Mode
X-Fmm-Version
X-Level-Front-Cache
X-ServiceProvider
X-Distributor
X-Hit
X-Cluster-Name
X-Cache-Tags
MIME-Version
X-Cache-Id
X-Webstats-RespID
X-VServer
X-We-Are-Hiring
X-TrackingId
X-Esi-Check
X-Eu-Site
X-Epic-Correlation-Id
X-Envoy-Decorator-Operation
X-NU-AKA-ACS-Version
X-Distil-CS
X-Slack-Backend
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Request-Host
X-Gzip
X-Session-Fingerprint
X-Fastly-Cache
X-TH-Server
X-Origin-Date
X-Varnish-Authentication
X-Variation
X-Clientip
X-Rebelmouse-Cache-Control
X-VG-TLSProxy
X-Contensis-Viewer-Groups
X-Core-Mission
X-Origin-Expires
X-Request-UUID
X-Rebelmouse-Surrogate-Control
X-Var-Ttl
X-Core-Value
X-CGP
Fastly-SIE
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
C-Via
Platform
Fastly-SWR
X-Cache-ASPX
X-Varnish-Beresp-Ttl
Adler-Geo
X-Varnish-Beresp-Status
Fastly-Drupal-HTML
X-Varnish-Beresp-Grace
Rt-Fastcgi-Cache
L5d-Success-Class
W
X-Backend-Host
X-BBXSRF
X-Newrelic-Synthetics
Memcached
X-LI-UUID
X-Li-Pop
X-LI-Proto
X-Reboot
Cache-Cookie-Set-Lfrom
X-Li-Fabric
X-GoCache-CacheStatus
Cache-Cookie-Set-Idcheck
RNT-Time
Cache-Cookie-Set-From
RNT-Machine
Sid
X-Up
Fastly-Backend-Name
X-Wa
X-Via-CDN
X-Configured-By
X-Minions-Version
X-BC
X-ZONE
X-Dc
X-Batcache
X-Branch-Name
X-ElasticPress-Query
X-Refresh
X-Cache-Debug
Cf-Ipcountry
X-Varnish-URL
X-Be
X-Srv
X-Nginx-Cache
X-Nc
X-Servedbyhost
S-Cnection
X-Aicache-OS
X-Ua-Device
X-Instart-Info
CACHE
X-B3-Traceid
X-UA
HostName
DCR-Decision-By
DCR-Processing-Time-Ms
X-Platform-Server
X-Mvc-Supplant-OutputCached
X-BE
X-Via-PopH
Hostname
X-Via-PopV
X-Envoy-Upstream-Healthchecked-Cluster
X-Microcachable
X-TT-TIMESTAMP
X-PF-Uncompressing
X-MSEdge-Features
X-ND-Cache
Pramga
X-Ms-Version
X-MSEdge-Flight
X-Fastly-Cache-Status
X-Ms-Request-Id
X-VCL-Version
Memory
X-Ratelimit-Reset
X-TIME
X-Varnishpool
X-Sucuri-ID
HitType
X-Zone
X-Bc
Location
Esi-Enabled
X-Pjax-Url
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
X-Original-Request-Id
NtCoent-Length
X-Cdn-Forward
X-LB-ID
Powered-By-ChinaCache
X-COUNTRY
GeoIP-Country-Code
X-Sucuri-Cache
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-App-Name
X-Oss-Server-Time
Server-ID
X-Oss-Storage-Class
X-Oss-Request-Id
X-Check-Cacheable
L
X-CF-Powered-By
X-FPC
GeoIP-Latitude
FSS-Cache
X-Vgn-Hpd-Reason
Ohc-File-Size
X-OVcl-Cache
X-VarnishDD-TTL
X-Cdn-Srv
PFcat
X-GEO
X-Server-IP
X-OVcl
Cache-Host
Server-Cache-Control
X-Azure-Ref-OriginShield
X-Generated-By
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Server-Surrogate-Control
X-Instart-Isnd
X-Svr
Resin-Trace
X-Fastly-Backend-Reqs
X-Platform
X-Varnish-Ttl
X-Render-Time
X-S-Maxage
Cteonnt-Length
X-BACKEND-TTL
Ohc-Response-Time
X-HS-Status
X-CUA
X-Unique-ID
X-Rocket-Nginx-Bypass
Tracecode
X-Fpc
X-Fastly-Country-Code
X-VHOST
Pics-Label
X-PJAX-URL
X-Cache-Expired-At
Epwk-X-Cache
X-CSRF-TOKEN
X-Varnish-Hits
X-VCT
GeoIp-Country-Code
WPE-Backend
X-Edge-Server
Locid
Heartbleed
Cdn-Request-Time
Cdn-Host
NR-ENABLED
Geoip-Latitude
Request-Country
Request-EU
SRV
CF-Cached-On
X-Newrelic-App-Data
X-RunCloud-Cache
Backend-Name
Amp-Access-Control-Allow-Source-Origin
X-Pf-Uncompressing
X-Vcl-Version
X-Request-URI
X-Ratelimit-Remaining
Backend
Lfy
X-CLOUD-TRACE-CONTEXT
X-Via-Popv
X-Oracle-Dms-Rid
SN
X-CACHE-AGE
X-Via-Poph
X-Csrf-Jwt
X-Gamma-Serve
WWW-Authenticate
X-NGINX-Cache
X-CACHE-KEY
X-StackifyID
X-ECache
X-Sigma-Backend
XServer
X-Ratelimit-Limit
X-ServedByHost
X-Varnish-Url
X-Sigma
X-Amzn-Remapped-Connection
X-Request-Time
X-Rocket-Build-Number
X-Amzn-Remapped-Date
X-Ftr-Cache-Host
Host-ID
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
CF-IPCountry
URI
X-Tec-Api-Root
X-Tec-Api-Origin
X-WebServer
X-Nananana
X-Tec-Api-Version
X-Shopify-Generated-Cart-Token
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Apw-Hits
X-Apw-Access-Object
X-DPWN-IS-SECURE
X-Apw-Access-Action
X-Proxy-Upstream
Product
X-Apw-Access-Token
Lb
X-Sn-Servicetimems
Cloudfront-Viewer-Country
X-Tb-Optimization-Total-Bytes-Saved
PICS-Label
SID
X-Fetched-On
My-App
WZWS-RAY
X-Cdn-Origin
Country-Code
X-Cache-Tag
X-B3-Spanid
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-String
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Debug-Cache-Status
X-Debug-Cache-Bypass
Server-Ttl
X-Cache-Version
CDN-CachedAt
Dnion-Transfer-Encoding
CDN-RequestId
CDN-Uid
X-Via-Ucdn
CDN-PullZone
CDN-Cache
CDN-RequestCountryCode
A
CDN-EdgeStorageId
X-WA
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Cneonction
Proxy-Firewall
Ohc-Cache-HIT
X-GeoIP-Country-Code
Mime-Version
X-SB
X-Amz-Meta-Cb-Modifiedtime
X-IN-APIGATEWAYSSL
Surrogated-Key
X-IN-APIGATEWAY
Cf-Alt-Svc
X-Dw-Trace-Id
X-VC
X-Varnish-Beresp-TTL
Warning
Inserted-Into-Cache-At
X-B3-SpanId
X-Swift-Error
X-Snapshot-Date
X-ElasticPress-Search
Dt-Cache-Category
X-Html-Edge-Cache
X-WR-MODIFICATION
X-Request-URL
FSS-Proxy