Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Request-ID
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Page-Speed
X-Hacker
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
P3p
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Cache-Lookup
X-Ac
X-Readtime
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Content-Location
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
Accept-CH
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
Accept-CH-Lifetime
X-Clacks-Overhead
RTSS
X-Px
MS-Author-Via
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-B3-TraceId
X-Varnish-TTL
Service-Worker-Allowed
Host-Header
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
Public-Key-Pins
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Amz-Server-Side-Encryption
X-Forwarded-Proto
Display
Response
Pagespeed
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Cache-TTL
X-DynaTrace
X-Ttl
X-Content-Type
X-D2id
X-Amz-Rid
X-NF-Request-ID
TCN
X-Vcap-Request-Id
X-CST
X-Abt-Application-Version
X-Cached
X-VARITI-CCR
X-Cdn
Pinterest-Generated-By
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
X-ESI
X-Navigation-Version
X-Version
X-Fastly-Request-ID
X-Powered-CMS
Cache-Tag
X-Upstream
X-Server-Name
X-Pass-Why
X-Grace
X-Debug
X-Instart-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Access-Control-Request-Method
X-TEC-API-VERSION
Charset
X-MSEdge-Ref
Nginx-Cache
X-XRDS-Location
X-Accel-Expires
Content-MD5
X-Element-Page-Cache
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
MRF-Tech
Realpath
Accept-Ch
SPIisLatency
SPRequestDuration
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
SPRequestGuid
X-SharePointHealthScore
S
X-Shield-Request-Id
X-Pinterest-Rid
Pinterest-Version
X-Jurisdiction
X-Hp-Webp
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
Accept-Ch-Lifetime
X-Id
X-Trace
X-Kinsta-Cache
X-T
Fastcgi-Cache
X-Content-Digest
X-Node-Name
X-Cache-Key
X-Client-IP
X-Logged-In
X-NWS-LOG-UUID
X-Mobile-URL
TP-L2-Cache
TP-Cache
X-TTL
X-Frontend
X-Request-Received
X-Cache-Hit
X-FastCGI-Cache
X-Request-Processing-Time
X-Hostname
ServerID
Server-Node
X-Cache-Age
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Front-End-Https
Fastly-Restarts
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-Forwarded-For
Edge-Cache-Tag
X-FTR-Expires
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Yandex-Sdch-Disable
Server-Name
Powered
PB-RID
Arc-Version
PB-PID
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
X-DIS-Request-ID
X-Page-Id
X-Hits
X-Server-ID
X-LB-Cache
X-F-Cache
Filters
DynaTrace
X-Akamai-Edgescape
X-Jobs
X-Zen-Fury
X-Fastcgi-Cache
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile-Rewrite
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Origin-Server
X-Content-Powered-By
X-Webkit-CSP
Alternate-Protocol
Accept-Charset
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-FTR-Cache-Host
X-N
X-Daa-Tunnel
X-B
X-RateLimit-Remaining
X-Varnish-Backend
Cache-Tags
X-Litespeed-Cache
X-Ruxit-Js-Agent
X-Rid
X-Amz-Replication-Status
X-Varnish-Grace
X-WebKit-CSP-Report-Only
Retry-After
X-Type
X-Whom
Section-Io-Cache
DC
X-FB-Debug
X-Request-Guid
X-B-Cache
X-App-Environment
Surrogate-Key
Paypal-Debug-Id
X-Signature
X-Git-Hash
Host
X-TT
MicrosoftSharePointTeamServices
X-Content-Options
X-Via-JSL
X-AppVersion
X-Activity-Id
X-ATS-Timestamp
X-Az
Backend-Timing
X-Edge
X-Status
X-Esi
Fastcgi-Useragent
X-Ser
Frame-Options
Actual-Object-TTL
X-Debug-Info
X-ATG-Version
X-IPLB-Instance
Healthy
X-Endurance-Cache-Level
X-App-Server
X-HTML-Minification-Powered-By
Srv
X-AOL-HN
X-Contextid
X-Amzn-RequestId
Nel
X-Cache-Action
X-Seen-By
X-ECACHE
Refresh
X-B3-Sampled
X-Pinterest-Direct
From-Origin
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Host-Name
X-Accel-Buffering
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Response-Served-From
X-Upgrade-Enabled
X-Protected-By
X-ProcessESI
X-RemovedCookies
X-Drupal-Cache-Tags
X-Mid
X-Cacheable-TTL
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-Region
X-Cache-Rule
X-Instance
X-MCACHE
X-Is-Bot
Odigeo-Trace-Id
VIX-Pulpo-Node
Content-Disposition
X-Environment-Context
X-WA-Info
X-Time
Datacenter
X-Cache-Operation
X-L-Path
Payment
Eomportal-Instance
X-Varnish-Server
X-UUID
X-Rule
X-FW-Dynamic
X-FW-Server
MS-CV
X-FW-Hash
X-FW-Static
X-Release
X-Adobe-Content
X-Adobe-Loc
X-FW-Serve
X-Cache-Time
Countrycode
X-FW-Type
Source
Uber-Trace-Id
Xserver
X-Proxy
X-Cached-By
X-Cache-Server
X-EdgeConnect-Cache-Status
X-Load-Cache
X-Cache-Control
X-Akamai-Request-ID2
X-PressLabs-Stats
X-UnsetCookies
X-Mobile
X-GeoIP
X-PHP-Backend
X-Akamai-Transformed
Cache-Status
Access-Control-Request-Headers
X-NewRelic-App-Data
X-Azure-Ref
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
Accept-Language
Version
X-Wix-Request-Id
X-Air-Hostname
X-SERVER-NAME
X-VCache
X-Mode
X-Handled-By
X-NGENIX-Cache
X-Cluster
X-Backend-Name
X-NWS-UUID-VERIFY
Liferay-Portal
Cache
X-Cache-NGX
X-IPS-LoggedIn
X-Framework
X-XRDS-LOCATION
NGB
X-Correlation-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-CSRF-Token
X-Zipkin-Id
X-ES-SERVER
X-Cache-Remote
X-Cache-Var-Map
X-AWS-Id
Load-Balancing
X-Proxied
X-Routing-Service
Meta-Geo
X-CCM
X-Via-Fastly
X-FireWall-Port
X-Path-Route
X-PERF
X-RateLimit-Limit
X-Locale
X-LJ-Flow-ID
X-UA-Device-Type
X-URL
X-UPSTREAM-Address
Cross-Origin-Window-Policy
X-VWS-Id
X-Adobe-Source
X-RN-RSRV
X-Cache-Var
X-ApacheServer
Filterid
X-Real-IP
Server-Info
ServedBy
X-Www-Served-By
X-Viewer-Country
X-Detected-As
X-MP-GENERATED-AT
X-TX-ID
X-Qloud-Router
X-Cache-Status-Check
Cache-Hits
Mn-Server-Ip
X-Site-Version
DSUID
Cache-Name
X-R9-Blue-Green-Version
X-Storage
X-NCache
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-IP
X-Cache-Config
X-Human
X-Info
Now
X-Web-Node
Decoy-Debug-Status
Decoy-Debug-Key
Cleartype
X-Pubstack
X-Redis-Cache
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
Cache-Tv-Group
Decoy-Debug-TTL
X-Ua
X-FC-Vary-Parameters
X-Format
X-EIG-Tracking-Id
X-Device-Type
X-CS
S-Rt
Property-Id
Fastly-SSL
X-Labrador-Cache-Channel
X-Alternate-Cache-Key
X-Geo
X-Cache-Enabled
TWC-Connection-Speed
Webcakes-Region
Webcakes-App-Version
Webserver
X-Bc-Bl
X-Access
Webcakes-App-Name
TWC-Privacy
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-APP-VERSION
X-Hosted-By
X-Shopify-Stage
X-ShopId
Akamai-GRN
X-Origin-Hint
X-PCL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Section
X-ServerID
X-OCL
X-PHP-Host
X-ShardId
X-SaId
X-BYPASS-REASON
X-TNCMS
X-Varnish-Cache-Hits
X-Timing-Wait
X-Time-Microsecs
X-BCube-Filmed-By
X-Content-Age
Selected-Fe
X-Hl-Ver
X-Cache-Host
X-JoinUs
X-No-Session
X-From
X-FW-Version
X-Proxy-Build
X-ProxyCache-Key
X-FB-TRIP-ID
X-Loop
X-ProxyCache-Status
X-Amzn-Remapped-Content-Length
X-Origin
X-RTag
X-Generated
X-Hyper-Cache
X-NYM-Debug-Backend
Ms-Operation-Id
Origin-Cache-Control
DB-Nickname
Ec-Rule-Version
X-Unique-Id
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-InstanceId
X-Cache-TTL-Remaining
X-Cache-2
X-Drupal-Cache-Contexts
Origin-Edge-Control
X-Xfnlog-Site
Time
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
Apigw-Requestid
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
X-RequestSource
Country
X-Presslabs-Stats
X-Vcache
X-Pad
X-Old-Content-Length
Geo-Info
X-Varnish-Hostname
X-Source
User-Agent
X-Cluster-Node
X-EC-Lua
X-Debug-Cache
X-Cache-NE
X-Soup
Upgrade-Insecure-Requests
X-Akamai-Request-ID
FilterID
X-RCS-CacheZone
X-App-Version
X-Proto
X-Parent-Response-Time
X-Cache-Backend
X-CDN-Forward
Proxy-Connection
X-Tb
X-Backend-TTL
X-DC
X-SRV
X-Storefront-Renderer-Rendered
X-Cache-Grace
X-Proxy-Cache-Status
X-TA-CDN-Provider
X-Cache-PHP
LB
Cache-Key
True-Client-Country-4JS
X-Trace-Id
X-External-Request-Id
X-Transaction
X-Dispatch
UCS
N-Cache
X-Developer
X-B-Cookie
X-ARC
X-Uri
X-Application
Rendered-Blocks
X-Geo-Header
X-SD-PageType
Content-Style-Type
Xc-Version
X-G
Content-Script-Type
X-Destination
X-Forwarded-Host
X-CF-Lambda-Version
X-ScT
X-Scheme
X-S-Cookie
X-CF-Lambda-Fn
X-Newrelic-Synthetics
Arc-Country
AsisCache
BehaviorPad-Version
X-S
VivaBuild
X-Date
X-Swa-Ws
X-A
X-D
X-Connection-Hash
X-SRCache-Key
X-Rojux
Viewtype
Fastcgi-X-Cache-Version
X-Aed
X-FORWARDED-FOR
X-A-Dam
X-Vtex-Processado-Em
X-NodeID
X-A-Ccd
X-Vdms-Version
X-Session-Fingerprint
T-Server
X-VG-WebServer
MD5-Digest
X-Processor
X-A-Dgt
X-VG-WebCache
X-Region-Sid
M-TraceId
X-PAYTM-SRV-ID
IsBot
X-A-Dcw
X-App
X-SIPLIST1
X-A-Wwc
X-Tumblr-Pixel-3
Meta-Geo-Continent
Machine
GEO-REGION-INFO
FNAC-ModuleRouting
X-Accel-Expires-Debug
ServerName
X-Trv-Group
X-Response-By
X-Twitter-Response-Tags
Mobile-Detection-Method
X-Nginx-Cache-Key
X-Vdms-Path
X-Method
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-Srv
User-Cache-Control
X-Origin-CC
X-Origin-TTL
X-Magnolia-Registration
Web-Mar-Node
Who
Wxu-Next-Commit
Server-Host
Wxu-Next-Hostname
RNT-Machine
RNT-Time
Release
Pagetype
NM-Fastcgi-Cache
NGX
On-Server
Server-Ext
Thinkindot-Control
V-Age
Viewport
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Hostname
Sever-Int
We-Hiring
X-Owner
X-Node-Id
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Micro-Cache
X-Matched-Rule
X-Level-Front-Cache
X-Loc
X-Logging-Id
X-Req
X-Reqid
X-User
X-VC-Cache
X-WADP-Cache
X-Worker
X-Thinkindot-L3
X-Thanos
X-ServiceProvider
X-Skip-Cache
X-SN
X-LAGOON
X-Hnp-Log
X-Cache-URL
X-Clara-WADP
X-Cms-Context
X-Compress-Hint
X-Cache-Info
X-Cache-FS-Status
X-Bip
X-Block-Status
X-Cache-Bucket
X-Developers
X-Device-Os
X-Generated-On
X-Generation-Time
X-Hash
X-Generated-In
X-Gen-Mode
X-DevSite-Last-Modified
X-Dispatcher-Server
X-Fmm-Version
Wxu-Next-Region
Vix-Hermes-Req-Id
OT-Force-Account-Verify
Mail-Subject
X-NC
Cache-Cookie-Set-From
X-Nc
X-AIR-PT
AKAMAI
Kp-EeAlive
Cache-Cookie-Set-Idcheck
Magicmarker
CacheControlHeader
Cache-Cookie-Set-Lfrom
X-Cluster-Name
X-Distributor
X-Esi-Check
X-TrackingId
X-Servername
Sid
Referer-Policy
X-Cache-Id
X-BBXSRF
X-Backend-State
X-Auto-Login
X-Cache-Tags
X-TH-Server
X-Core-Mission
X-SVT-ORM-VERSION
X-Slack-Backend
X-Clientip
X-Core-Value
X-Webstats-RespID
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Origin-Date
X-Request-UUID
X-Be
X-Server-W
X-Var-Ttl
X-Variation
X-Varnish-Cacheable
X-NU-AKA-ACS-Version
X-Mvc-Supplant-Cachable
X-We-Are-Hiring
X-Gzip
X-Agile-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Has-Esi
X-Irp-Debug
X-VServer
X-Location
X-JWT-State
X-Is-Gdpr
X-Fastly-Cache
X-SVT-ORM-RULES
Apple-News-Services-Request-Url
C-Via
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Adler-Geo
Apple-News-Services-Handled
CDCHOST
Fastly-SIE
Platform
Is-Eu
Rt-Fastcgi-Cache
Gh-Request-Id
X-Agile-Age
Node
Fastly-SWR
X-Agile
X-Hit
X-Li-Pop
X-Backend-Host
X-Li-Fabric
X-Reboot
X-Key
X-Varnish-Beresp-Ttl
X-GoCache-CacheStatus
W
X-Distil-CS
X-Envoy-Decorator-Operation
Fastly-Drupal-HTML
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Eu-Site
X-Epic-Correlation-Id
X-Varnish-Beresp-Grace
X-Contensis-Viewer-Groups
X-Varnish-Beresp-Status
X-CGP
X-LI-UUID
X-VG-TLSProxy
X-Varnish-Authentication
Cf-Ipcountry
X-LI-Proto
X-Cache-ASPX
X-Edge-Location
Memcached
S-Cnection
X-Cache-Debug
X-Branch-Name
Pragrma
X-Configured-By
X-Dc
HostName
MIME-Version
X-Wa
GEO-INFO
X-Cdn-Forward
NR-ENABLED
WPE-Backend
X-Microcachable
X-Varnish-URL
X-Refresh
X-Instart-Info
X-Via-CDN
X-ZONE
X-BC
X-Via-PopH
X-Via-PopV
X-Up
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
Fastly-Backend-Name
X-UA
X-Batcache
X-Minions-Version
X-Mvc-Supplant-OutputCached
X-Ms-Request-Id
X-Ms-Version
X-TT-TIMESTAMP
X-Servedbyhost
X-Ua-Device
Memory
X-Vgn-Hpd-Reason
X-ElasticPress-Query
X-MSEdge-Features
X-MSEdge-Flight
X-B3-Traceid
X-Nginx-Cache
X-Aicache-OS
NtCoent-Length
Esi-Enabled
X-Bc
X-Zone
X-Sucuri-ID
L
X-BACKEND-TTL
X-ND-Cache
X-Pjax-Url
Server-ID
X-App-Name
X-VCL-Version
X-TIME
CACHE
DCR-Decision-By
X-Server-IP
Cache-Host
X-Debug-Panamera-Sitecode
X-Debug-Panamera-Host
DCR-Processing-Time-Ms
Ohc-File-Size
GeoIP-Country-Code
X-CF-Powered-By
X-FPC
X-Svr
X-Cdn-Srv
X-PF-Uncompressing
Tracecode
X-COUNTRY
X-Client-Ip
Powered-By-ChinaCache
Pramga
X-Fastly-Cache-Status
FSS-Cache
X-Unique-ID
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
GeoIP-Latitude
Server-Surrogate-Control
X-Generated-By
Server-Cache-Control
Location
HitType
X-Oss-Storage-Class
X-BE
X-Ratelimit-Reset
X-Varnishpool
X-S-Maxage
Hostname
X-Azure-Ref-OriginShield
Resin-Trace
X-LB-ID
Ohc-Response-Time
X-GEO
X-Sucuri-Cache
X-Check-Cacheable
X-VCT
X-Rocket-Nginx-Bypass
X-Original-Request-Id
X-Varnish-Ttl
X-OVcl-Cache
X-OVcl
Cteonnt-Length
X-Fastly-Backend-Reqs
PFcat
X-VarnishDD-TTL
Request-EU
Locid
X-Instart-Isnd
Heartbleed
Request-Country
X-Fastly-Country-Code
X-Varnish-Hits
Cdn-Request-Time
X-Render-Time
X-Fpc
X-Edge-Server
X-Cache-Expired-At
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
Cdn-Host
X-Request-URI
X-Platform
X-VHOST
Lfy
X-PJAX-URL
Geoip-Latitude
GeoIp-Country-Code
X-HS-Status
X-Newrelic-App-Data
X-CSRF-TOKEN
CF-Cached-On
X-Gamma-Serve
X-Vcl-Version
X-CUA
SRV
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Remaining
SN
X-Pf-Uncompressing
X-Shopify-Generated-Cart-Token
Epwk-X-Cache
Pics-Label
X-Oracle-Dms-Rid
X-NGINX-Cache
X-WebServer
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
WZWS-RAY
WWW-Authenticate
Product
X-RunCloud-Cache
X-ECache
Backend
Backend-Name
X-ServedByHost
X-CACHE-KEY
X-StackifyID
X-Proxy-Upstream
X-Fetched-On
X-Sn-Servicetimems
My-App
Mime-Version
X-Ratelimit-Limit
X-Varnish-Url
X-Via-Popv
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
XServer
X-Cdn-Origin
URI
X-Via-Poph
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-Tec-Api-Root
X-Tec-Api-Origin
X-Csrf-Jwt
X-GeoIP-Country-Code
A
X-Oss-Cdn-Auth
X-Tec-Api-Version
Ohc-Cache-HIT
X-B3-SpanId
Dt-Cache-Category
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Lb
X-Sigma
Server-Ttl
X-Cache-Tag
X-Sigma-Backend
X-Rocket-Build-Number
Cloudfront-Viewer-Country
PICS-Label
X-WA
Host-ID
X-Request-Time
X-Request-Start
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-LiteSpeed-Cache-Control
X-Debug-Cache-String
X-Debug-Cache-Status
SID
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
X-Nananana
X-Debug-Cache-Bypass
X-Cache-Version
X-Swift-Error
X-Served-From
X-Acquia-Application-UUID
X-Apw-Hits
Cdn
X-DPWN-IS-SECURE
CF-IPCountry
Group
X-Apw-Access-Token
X-Varnish-Beresp-TTL
Cneonction
Proxy-Firewall
X-Acquia-Site
X-Acquia-Purge-Tags
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Apw-Access-Object
Cf-Alt-Svc
X-Cache-Hfrom
X-APP
FSS-Proxy
X-Snapshot-Date
Dnion-Transfer-Encoding
X-Html-Edge-Cache
X-Cache-Hm
X-ElasticPress-Search
X-Request-URL
X-WR-MODIFICATION
X-Dw-Trace-Id
X-Varnish-ID
Inserted-Into-Cache-At
X-VC
X-SB
Warning