Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Age
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
P3p
Report-To
X-Amz-Version-Id
X-Server-Id
X-Dns-Prefetch-Control
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Accept-CH
X-Rack-Cache
Edge-Control
X-Url
RTSS
Accept-CH-Lifetime
X-Clacks-Overhead
X-Px
MS-Author-Via
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Goog-Hash
Verso
X-Powered-By-Plesk
Host-Header
Service-Worker-Allowed
X-Varnish-TTL
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-B3-TraceId
X-GitHub-Request-Id
Public-Key-Pins
Arr-Disable-Session-Affinity
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Ttl
X-Forwarded-Proto
Response
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
Display
X-Cache-TTL
X-DynaTrace
X-Cdn
X-Content-Type
X-D2id
X-Amz-Rid
X-NF-Request-ID
X-Vcap-Request-Id
TCN
X-CST
X-Abt-Application-Version
X-Cached
X-VARITI-CCR
Pinterest-Generated-By
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
X-ESI
X-Version
X-Navigation-Version
X-Powered-CMS
X-Upstream
Cache-Tag
X-Fastly-Request-ID
X-Server-Name
X-Grace
X-Debug
X-Instart-Request-ID
Access-Control-Request-Method
X-XRDS-Location
Charset
X-MSEdge-Ref
Accept-Ch
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Nginx-Cache
Content-MD5
X-Element-Page-Cache
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Accel-Expires
Realpath
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
Accept-Ch-Lifetime
X-SharePointHealthScore
SPRequestGuid
S
X-Pinterest-Rid
Pinterest-Version
X-Hp-Webp
X-Jurisdiction
X-Pass-Why
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Kinsta-Cache
X-Trace
X-T
Fastcgi-Cache
X-Client-IP
X-Content-Digest
X-Logged-In
X-Node-Name
X-Cache-Key
X-NWS-LOG-UUID
X-Mobile-URL
TP-L2-Cache
TP-Cache
X-Oneagent-Js-Injection
X-Hostname
X-FastCGI-Cache
Server-Node
X-Request-Processing-Time
X-Cache-Hit
X-Request-Received
ServerID
X-Cache-Age
X-Frontend
Front-End-Https
X-Amzn-Trace-Id
Fastly-Restarts
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-TTL
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-Yandex-Sdch-Disable
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Server-Name
Powered
PB-PID
Arc-Version
PB-RID
X-Ruxit-Js-Agent
X-Microsite
X-Request-Handler-Origin-Region
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
X-Page-Id
X-DIS-Request-ID
X-Hits
X-LB-Cache
Filters
X-F-Cache
X-Akamai-Edgescape
X-Zen-Fury
X-Jobs
DynaTrace
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Erf-Bev-Bev
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Erf-Bev-Bev-Is-Generated
X-Mobile-Rewrite
X-Fastcgi-Cache
X-Origin-Server
X-Content-Powered-By
Alternate-Protocol
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Geo-Country
Accept-Charset
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Correlation-Id
X-FTR-Cache-Host
X-N
X-Daa-Tunnel
X-B
Cache-Tags
X-Varnish-Backend
X-Rid
X-WebKit-CSP-Report-Only
Retry-After
X-Type
X-Varnish-Grace
X-Amz-Replication-Status
X-Esi
X-Git-Hash
X-Content-Options
DC
Surrogate-Key
Section-Io-Cache
X-Whom
Host
Paypal-Debug-Id
X-TT
X-Signature
X-B-Cache
X-FB-Debug
X-Server-ID
X-App-Environment
X-Request-Guid
X-Via-JSL
X-AppVersion
X-Edge
X-Az
X-RateLimit-Remaining
X-Activity-Id
X-Status
MicrosoftSharePointTeamServices
X-ATS-Timestamp
Backend-Timing
X-Ser
X-Debug-Info
Fastcgi-Useragent
Frame-Options
Actual-Object-TTL
X-IPLB-Instance
X-ATG-Version
X-Webkit-CSP
Healthy
Nel
X-Endurance-Cache-Level
X-App-Server
X-HTML-Minification-Powered-By
Srv
X-AOL-HN
X-Contextid
X-Cache-Action
X-Amzn-RequestId
X-Seen-By
X-ECACHE
Refresh
X-Pinterest-Direct
X-B3-Sampled
From-Origin
Access-Control-Allow-Method
X-Amz-Apigw-Id
X-Response-Served-From
X-Protected-By
X-Cache-Rule
X-Upgrade-Enabled
X-Accel-Buffering
X-Host-Name
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-ProcessESI
X-Cache-Operation
X-Tumblr-User
X-Drupal-Cache-Tags
X-RemovedCookies
Content-Disposition
X-Instance
X-Cacheable-TTL
VIX-Pulpo-Node
Odigeo-Trace-Id
VIX-Pulpo-Upstream-Status
X-Mid
X-MCACHE
X-Is-Bot
X-Region
X-Rendered-As
X-WA-Info
X-L-Path
X-Environment-Context
X-Release
X-UUID
Payment
Eomportal-Instance
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-Rule
X-Varnish-Server
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Adobe-Loc
X-Cache-Time
X-Adobe-Content
Countrycode
MS-CV
X-Litespeed-Cache
Datacenter
Uber-Trace-Id
Source
X-Time
X-Proxy
X-Cached-By
X-Load-Cache
X-Akamai-Request-ID2
X-Cache-Control
X-EdgeConnect-Cache-Status
X-Cache-Server
X-UnsetCookies
X-Mobile
Xserver
X-Correlation-ID
X-GeoIP
Cache-Status
X-PHP-Backend
X-SERVER-NAME
X-Akamai-Transformed
Access-Control-Request-Headers
X-Azure-Ref
X-NewRelic-App-Data
X-Yottaa-Metrics
X-Yottaa-Optimizations
Accept-Language
X-Tt-Trace-Host
X-Origin-Response-Time
X-Tt-Trace-Tag
X-PressLabs-Stats
X-Air-Hostname
Version
X-Mode
X-Wix-Request-Id
Filterid
X-NGENIX-Cache
X-Handled-By
Liferay-Portal
X-Cache-NGX
X-NWS-UUID-VERIFY
X-Backend-Name
X-Cluster
X-VCache
X-IPS-LoggedIn
X-Framework
X-URL
Server-Info
X-APP-VERSION
X-ES-SERVER
X-Zipkin-Id
X-CCM
X-UPSTREAM-Address
X-Cache-Var-Map
X-LJ-Flow-ID
X-PERF
Meta-Geo
X-Tumblr-Pixel-2
X-Locale
X-RN-RSRV
X-Cache-Var
X-Proxied
X-Routing-Service
Load-Balancing
NGB
X-FireWall-Port
X-Tumblr-Pixel-1
X-Adobe-Source
Cross-Origin-Window-Policy
X-Cache-Remote
X-Via-Fastly
X-Path-Route
X-AWS-Id
X-ApacheServer
X-UA-Device-Type
X-VWS-Id
Cache-Hits
X-Site-Version
DSUID
X-Real-IP
X-Www-Served-By
Cache
X-MP-GENERATED-AT
X-Viewer-Country
Mn-Server-Ip
ServedBy
X-Detected-As
X-Cache-Status-Check
X-Qloud-Router
X-TX-ID
X-Web-Node
X-Section
Cache-Name
Akamai-GRN
X-Storage
X-Info
X-Access
X-IP
X-Cache-Config
X-Human
X-Format
X-PCL
Cache-Tv-Group
Section-Io-Origin-Status
X-Pubstack
X-Say-Cacheable
Section-Io-Id
X-R9-Blue-Green-Version
X-Redis-Cache
Now
Decoy-Debug-TTL
Section-Io-Origin-Time-Seconds
X-OCL
Cleartype
X-Say-TTL
Decoy-Debug-Key
Section-Origin-Responded
X-NCache
X-SayCDN-TTL
Decoy-Debug-Status
Webserver
Webcakes-Region
Webcakes-App-Version
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Alternate-Cache-Key
X-ShopId
TWC-Privacy
TWC-Locale-Group
X-Sorting-Hat-ShopId
S-Rt
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-ShardId
X-ServerID
X-FC-Vary-Parameters
X-PHP-Host
X-EIG-Tracking-Id
X-FW-Version
X-Hosted-By
X-Labrador-Cache-Channel
X-Origin-Hint
X-Device-Type
X-CS
X-BYPASS-REASON
X-Bc-Bl
X-Cache-Enabled
X-Cache-Host
X-ProxyCache-Key
X-ProxyCache-Status
Property-Id
Webcakes-App-Name
X-Unique-Id
X-Varnish-Cache-Hits
Fastly-SSL
X-CSRF-Token
X-Ua
X-No-Session
X-Origin
X-From
X-Hl-Ver
X-SaId
X-BCube-Filmed-By
X-Content-Age
X-JoinUs
X-NYM-Debug-Backend
Selected-Fe
X-FB-TRIP-ID
X-Time-Microsecs
X-Timing-Wait
X-Proxy-Build
X-RTag
Origin-Cache-Control
X-Generated
X-RateLimit-Limit
X-Amzn-Remapped-Content-Length
DB-Nickname
Ms-Operation-Id
X-TNCMS
X-Loop
X-Hyper-Cache
Ec-Rule-Version
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-XRDS-LOCATION
X-Presslabs-Stats
Apigw-Requestid
X-Geo
X-Cache-2
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-Xfnlog-Site
Time
X-Urbn-Site-Id
Locale
Origin-Edge-Control
X-Urbn-Context-Path
SD-X-WS
X-Vcache
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
X-RequestSource
X-Pad
X-EC-Lua
X-Old-Content-Length
X-Source
X-Debug-Cache
X-CDN-Forward
User-Agent
Geo-Info
X-Varnish-Hostname
X-Cluster-Node
X-Soup
X-Backend-TTL
Upgrade-Insecure-Requests
X-Cache-NE
X-Akamai-Request-ID
X-RCS-CacheZone
X-Proto
X-Parent-Response-Time
X-Tb
X-Storefront-Renderer-Rendered
X-SRV
X-Cache-Backend
X-App-Version
X-Cache-PHP
Proxy-Connection
X-TA-CDN-Provider
X-NC
FilterID
X-DC
X-Cache-Grace
X-Proxy-Cache-Status
Cache-Key
X-FORWARDED-FOR
X-Origin-TTL
X-Forwarded-Host
X-Origin-CC
Meta-Geo-Continent
Machine
M-TraceId
MD5-Digest
Mobile-Detection-Method
N-Cache
Rendered-Blocks
ServerName
UCS
Viewtype
Who
True-Client-Country-4JS
X-Transaction
IsBot
T-Server
X-Trv-Group
X-A
Arc-Country
AsisCache
BehaviorPad-Version
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-App
Content-Script-Type
X-VG-WebCache
X-Twitter-Response-Tags
Fastcgi-X-Cache-Version
FNAC-ModuleRouting
Content-Style-Type
X-Vdms-Path
X-Vdms-Version
Xc-Version
GEO-REGION-INFO
X-Swa-Ws
X-Date
X-Response-By
X-Region-Sid
X-Processor
X-D
X-Connection-Hash
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Rewrite-Enabled
X-PAYTM-SRV-ID
X-Destination
X-Geo-Header
X-Dispatch
X-G
X-Method
X-DevSite-Last-Modified
X-NodeID
X-Developer
X-Nginx-Cache-Key
X-B-Cookie
X-ARC
X-A-Wwc
X-SRCache-Key
X-SIPLIST1
X-External-Request-Id
X-A-Dgt
X-Trace-Id
X-A-Dam
X-A-Dcw
X-Accel-Expires-Debug
X-Session-Fingerprint
X-S-Cookie
X-S
X-Rojux
X-Application
X-Scheme
X-SD-PageType
X-ScT
X-Aed
X-A-Ccd
VivaBuild
LB
X-Uri
X-AIR-PT
X-Magnolia-Registration
User-Cache-Control
X-Tumblr-Pixel-3
X-Generated-On
X-Agile-Age
X-Agile
X-Node-Id
On-Server
X-Generation-Time
NM-Fastcgi-Cache
NGX
X-Owner
Mail-Subject
Kp-EeAlive
X-Gen-Mode
X-Fmm-Version
X-Req
We-Hiring
X-Generated-In
X-Agile-Id
Magicmarker
Pagetype
X-Newrelic-Synthetics
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
Release
X-LAGOON
Wxu-Next-Hostname
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Wxu-Next-Commit
V-Age
Web-Mar-Node
Vix-Hermes-Req-Id
X-Hnp-Log
Viewport
X-Level-Front-Cache
Sever-Int
RNT-Machine
X-Logging-Id
X-Matched-Rule
X-Backend-State
RNT-Time
X-Loc
Wxu-Next-Region
Server-Hostname
Server-Host
Server-Ext
X-Micro-Cache
X-Reqid
X-User
X-Thinkindot-L3
X-Cache-URL
X-Dispatcher-Server
X-Device-Os
X-Cache-Info
AKAMAI
Referer-Policy
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Varnish-Cacheable
X-VC-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Cms-Context
X-Compress-Hint
X-Worker
X-Wikidot-Static-Cache
X-Developers
X-WADP-Cache
X-Clara-WADP
X-Wikidot-Backend
X-Thanos
Apple-News-Services-Handled
X-ServiceProvider
X-Skip-Cache
X-Servername
X-Cache-Bucket
X-Block-Status
X-Bip
CDCHOST
X-SN
X-Cache-FS-Status
Cache-Cookie-Set-Idcheck
CacheControlHeader
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Srv
X-B3-Traceid
X-Hit
OT-Force-Account-Verify
X-Auto-Login
X-Cluster-Name
X-Esi-Check
X-BBXSRF
X-Hash
X-Eu-Site
X-Fastly-Cache
X-Gzip
X-Cache-Id
X-Distil-CS
X-Cache-Tags
X-Epic-Correlation-Id
X-Has-Esi
X-Core-Value
X-Envoy-Decorator-Operation
X-Distributor
X-CGP
X-Clientip
X-Mvc-Supplant-Cachable
X-Server-W
X-Slack-Backend
C-Via
X-TH-Server
Fastly-Drupal-HTML
Fastly-SIE
W
X-Request-UUID
Fastly-SWR
Adler-Geo
X-TrackingId
X-We-Are-Hiring
X-Webstats-RespID
X-Key
X-Edge-Location
X-VServer
Node
X-Var-Ttl
X-Variation
X-VG-TLSProxy
Gh-Request-Id
X-Request-Host
Platform
Ha-Gx-Prefs
X-NU-AKA-ACS-Version
X-Location
X-Irp-Debug
X-JWT-State
X-Is-Gdpr
Rt-Fastcgi-Cache
X-Origin-Date
X-Origin-Expires
Is-Eu
HA-Ipaddr
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
L5d-Success-Class
Sid
X-Be
Pragrma
X-Li-Pop
X-Core-Mission
X-Contensis-Viewer-Groups
X-Reboot
X-GoCache-CacheStatus
X-Varnish-Authentication
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Backend-Host
Memcached
X-Varnish-Beresp-Grace
X-Cache-ASPX
X-Dc
GEO-INFO
X-Nc
X-BC
X-Branch-Name
S-Cnection
X-Cache-Debug
MIME-Version
X-Wa
X-ZONE
X-Configured-By
Cf-Ipcountry
X-Refresh
X-Varnish-URL
X-Via-PopV
Fastly-Backend-Name
X-Up
X-Via-PopH
X-Instart-Info
X-Via-CDN
X-UA
HostName
X-Microcachable
X-Envoy-Upstream-Healthchecked-Cluster
X-Platform-Server
X-Servedbyhost
X-Minions-Version
X-Batcache
X-Ua-Device
X-ElasticPress-Query
CACHE
X-Ms-Version
X-Ms-Request-Id
X-TIME
X-TT-TIMESTAMP
X-Mvc-Supplant-OutputCached
X-Cdn-Forward
X-Aicache-OS
X-MSEdge-Flight
Memory
X-MSEdge-Features
X-Nginx-Cache
X-Vgn-Hpd-Reason
X-VCL-Version
Esi-Enabled
WPE-Backend
X-ND-Cache
NR-ENABLED
X-Sucuri-ID
NtCoent-Length
X-Debug-Panamera-Sitecode
Server-ID
L
X-App-Name
DCR-Decision-By
X-Debug-Panamera-Host
DCR-Processing-Time-Ms
X-GEO
X-Pjax-Url
X-Server-IP
X-FPC
X-PF-Uncompressing
Pramga
X-Fastly-Cache-Status
X-COUNTRY
Powered-By-ChinaCache
X-Client-Ip
Cache-Host
X-Zone
Hostname
X-Bc
X-Cdn-Srv
X-Svr
X-Oss-Server-Time
GeoIP-Country-Code
X-Oss-Storage-Class
X-CF-Powered-By
X-Oss-Object-Type
HitType
Ohc-File-Size
X-Oss-Hash-Crc64ecma
Location
X-Oss-Request-Id
X-BACKEND-TTL
FSS-Cache
X-BE
X-Ratelimit-Reset
X-Varnishpool
Server-Cache-Control
GeoIP-Latitude
Server-Surrogate-Control
X-Generated-By
X-Webkit-Csp
X-Sucuri-Cache
X-Unique-ID
X-S-Maxage
X-Check-Cacheable
Tracecode
X-Azure-Ref-OriginShield
X-LB-ID
Ohc-Response-Time
Resin-Trace
X-Varnish-Ttl
X-OVcl-Cache
X-VarnishDD-TTL
PFcat
X-OVcl
X-Rocket-Nginx-Bypass
X-Original-Request-Id
Cteonnt-Length
X-VCT
X-Fastly-Backend-Reqs
X-Fastly-Country-Code
X-Instart-Isnd
X-CSRF-TOKEN
X-Ratelimit-Remaining
X-Edge-Server
X-Vgn-Hpd-Ssi
Cdn-Host
Request-Country
X-Platform
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
X-PJAX-URL
Request-EU
Cdn-Request-Time
X-Render-Time
Heartbleed
Locid
X-VHOST
X-Varnish-Hits
X-HS-Status
X-Cache-Expired-At
X-Fpc
X-Newrelic-App-Data
X-Request-URI
GeoIp-Country-Code
Geoip-Latitude
CF-Cached-On
X-CUA
Lfy
X-Tec-Api-Origin
SRV
X-Tec-Api-Root
X-Tec-Api-Version
Amp-Access-Control-Allow-Source-Origin
X-Vcl-Version
Pics-Label
Epwk-X-Cache
X-Pf-Uncompressing
X-Gamma-Serve
X-Ratelimit-Limit
X-NGINX-Cache
X-CACHE-AGE
XServer
X-Oracle-Dms-Rid
SN
X-CLOUD-TRACE-CONTEXT
X-Shopify-Generated-Cart-Token
X-ECache
X-WebServer
Backend-Name
WWW-Authenticate
X-CACHE-KEY
X-RunCloud-Cache
Backend
X-Amzn-Remapped-Date
X-Proxy-Upstream
Product
WZWS-RAY
X-Amzn-Remapped-Connection
X-Csrf-Jwt
X-ServedByHost
URI
X-StackifyID
X-Varnish-Url
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-Cdn-Origin
Lb
X-Sn-Servicetimems
My-App
X-Via-Poph
X-Fastly-Request-Id
X-Via-Popv
X-Fetched-On
X-Oss-Cdn-Auth
Mime-Version
X-Rocket-Build-Number
X-Debug-Cache-Fetch
X-Request-Time
A
X-Sigma-Backend
X-Nananana
X-Sigma
X-Debug-Cache-Store
X-GeoIP-Country-Code
PICS-Label
Server-Ttl
X-Debug-Do-Not-Cache-Uri
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
X-Debug-Cache-Bypass
SID
Host-ID
CF-IPCountry
Dt-Cache-Category
X-Debug-Cache-Status
X-Debug-Cache-String
X-B3-SpanId
X-Cache-Tag
X-LiteSpeed-Cache-Control
Ohc-Cache-HIT
X-Debug-Xas-Auth
Cloudfront-Viewer-Country
X-Debug-Ysi-Auth
X-Cache-Version
X-DPWN-IS-SECURE
X-WA
Proxy-Firewall
Cneonction
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Varnish-Beresp-TTL
DataCenter
X-Request-Start
X-Acquia-Site
X-Acquia-Purge-Tags
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-APP
X-IN-APIGATEWAYSSL
X-Served-From
X-Lb-Id
Country-Code
Cdn
FSS-Proxy
X-IN-APIGATEWAY
Dnion-Transfer-Encoding
X-ElasticPress-Search
X-Swift-Error
X-Html-Edge-Cache
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-WR-MODIFICATION
X-Request-URL
Warning
Inserted-Into-Cache-At
Group
X-VC
X-Snapshot-Date