Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
Upgrade
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
P3p
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
X-Dns-Prefetch-Control
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Readtime
X-Cache-Lookup
X-Backend-Server
X-Node
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-HW
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Accept-CH
Rating
X-Country-Code
X-Cnection
Accept-CH-Lifetime
X-Rack-Cache
Edge-Control
X-Url
RTSS
X-Clacks-Overhead
X-Px
MS-Author-Via
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
Verso
X-Powered-By-Plesk
Host-Header
Service-Worker-Allowed
X-Varnish-TTL
X-B3-TraceId
X-GoogleNews-Bot
Public-Key-Pins
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Sol
Response
X-Middleton-Display
Display
Pagespeed
X-Middleton-Response
X-Cache-TTL
X-DynaTrace
X-Cdn
X-Content-Type
X-D2id
X-Ttl
X-Amz-Rid
X-NF-Request-ID
X-Vcap-Request-Id
TCN
X-CST
X-Abt-Application-Version
X-Cached
X-VARITI-CCR
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-CACHE
Pinterest-Generated-By
X-Version
X-ESI
X-Navigation-Version
X-Powered-CMS
X-Fastly-Request-ID
Cache-Tag
X-Upstream
X-Grace
X-Debug
X-Instart-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Access-Control-Request-Method
X-XRDS-Location
X-Server-Name
Charset
X-MSEdge-Ref
Nginx-Cache
X-Element-Page-Cache
Content-MD5
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Accel-Expires
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
Realpath
SPRequestDuration
SPIisLatency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Shield-Request-Id
S
X-SharePointHealthScore
SPRequestGuid
Accept-Ch
X-Pass-Why
X-Hp-Webp
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
Pinterest-Version
X-Recruiting
X-Id
X-Dw-Request-Base-Id
X-Kinsta-Cache
X-Trace
Fastcgi-Cache
X-T
X-Content-Digest
X-Node-Name
Accept-Ch-Lifetime
X-Logged-In
X-TTL
X-Client-IP
X-Cache-Key
X-NWS-LOG-UUID
TP-Cache
X-Mobile-URL
TP-L2-Cache
X-Oneagent-Js-Injection
X-FastCGI-Cache
X-Hostname
Server-Node
X-Request-Processing-Time
ServerID
X-Request-Received
X-Cache-Hit
X-Frontend
Front-End-Https
X-Cache-Age
X-Amzn-Trace-Id
Fastly-Restarts
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Yandex-Sdch-Disable
X-Goog-Metageneration
Server-Name
Powered
PB-PID
PB-RID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Page-Id
X-DIS-Request-ID
X-Revision
X-Hits
X-F-Cache
X-LB-Cache
X-Jobs
X-Zen-Fury
X-Akamai-Edgescape
DynaTrace
Filters
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Correlation-Id
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Kong-Proxy-Latency
X-Mobile-Rewrite
X-Kong-Upstream-Latency
X-Fastcgi-Cache
X-HS-Content-Id
X-Content-Powered-By
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Geo-Country
Accept-Charset
Alternate-Protocol
X-Origin-Server
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-FTR-Cache-Host
X-Daa-Tunnel
X-Ruxit-Js-Agent
X-B
X-Varnish-Backend
Cache-Tags
X-RateLimit-Remaining
X-Varnish-Grace
Retry-After
X-WebKit-CSP-Report-Only
X-Rid
X-Esi
X-Amz-Replication-Status
Surrogate-Key
X-Whom
DC
X-Type
X-FB-Debug
X-Server-ID
X-Git-Hash
Section-Io-Cache
Paypal-Debug-Id
X-B-Cache
Host
X-Signature
X-Request-Guid
X-Content-Options
X-Via-JSL
X-TT
X-AppVersion
X-Az
X-App-Environment
X-Activity-Id
X-Status
Backend-Timing
X-ATS-Timestamp
X-Edge
MicrosoftSharePointTeamServices
X-Debug-Info
X-Ser
Fastcgi-Useragent
Frame-Options
Actual-Object-TTL
X-IPLB-Instance
X-ATG-Version
X-Webkit-CSP
X-Endurance-Cache-Level
Healthy
Nel
X-App-Server
X-HTML-Minification-Powered-By
X-Contextid
X-AOL-HN
Srv
X-Cache-Action
X-Amzn-RequestId
X-Seen-By
Refresh
X-B3-Sampled
X-ECACHE
Access-Control-Allow-Method
X-Amz-Apigw-Id
From-Origin
X-Protected-By
X-Upgrade-Enabled
X-Response-Served-From
X-Pinterest-Direct
X-Cache-Rule
X-Accel-Buffering
X-Cache-Operation
X-Host-Name
X-RemovedCookies
X-ProcessESI
Content-Disposition
X-Drupal-Cache-Tags
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Rendered-As
X-Instance
X-Tumblr-User
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Is-Bot
X-Region
Datacenter
X-Cacheable-TTL
X-Environment-Context
X-UUID
X-WA-Info
X-MCACHE
X-L-Path
X-Mid
Payment
X-FW-Type
X-FW-Hash
X-Rule
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-Release
X-FW-Server
X-Adobe-Loc
Countrycode
MS-CV
X-Adobe-Content
Eomportal-Instance
X-Varnish-Server
X-Cache-Time
X-Time
X-Litespeed-Cache
X-SERVER-NAME
Uber-Trace-Id
Source
X-Cached-By
X-Proxy
X-Load-Cache
X-EdgeConnect-Cache-Status
Xserver
X-Akamai-Request-ID2
X-Cache-Control
X-UnsetCookies
X-Cache-Server
X-PressLabs-Stats
Cache-Status
X-Mobile
X-PHP-Backend
X-Azure-Ref
Access-Control-Request-Headers
X-Akamai-Transformed
X-NewRelic-App-Data
X-Yottaa-Optimizations
X-Origin-Response-Time
X-Tt-Trace-Host
X-Yottaa-Metrics
X-Tt-Trace-Tag
X-GeoIP
Accept-Language
X-Air-Hostname
Version
X-Wix-Request-Id
X-Mode
X-Backend-Name
X-NWS-UUID-VERIFY
Filterid
X-NGENIX-Cache
X-Cache-NGX
X-Handled-By
X-Cluster
Liferay-Portal
X-Correlation-ID
X-IPS-LoggedIn
X-URL
Server-Info
X-Framework
X-APP-VERSION
X-Tumblr-Pixel-1
X-ApacheServer
X-Locale
Load-Balancing
X-PERF
X-Cache-Var-Map
X-Zipkin-Id
X-Routing-Service
Meta-Geo
X-RateLimit-Limit
X-RN-RSRV
X-Tumblr-Pixel-2
X-Cache-Var
X-Proxied
X-Cache-Remote
X-UA-Device-Type
X-FireWall-Port
NGB
Cross-Origin-Window-Policy
X-UPSTREAM-Address
X-CCM
X-ES-SERVER
X-Path-Route
X-Adobe-Source
X-Via-Fastly
X-CSRF-Token
Cache-Hits
X-LJ-Flow-ID
X-Cache-Status-Check
Cache
X-Site-Version
X-VWS-Id
X-Viewer-Country
X-VCache
X-MP-GENERATED-AT
DSUID
X-AWS-Id
X-Ua
X-TX-ID
X-Detected-As
Akamai-GRN
Cache-Tv-Group
X-Real-IP
X-Qloud-Router
X-Www-Served-By
X-NCache
X-OCL
ServedBy
Now
X-Access
X-IP
X-Cache-Config
X-Format
X-Info
X-PCL
Mn-Server-Ip
X-Storage
Decoy-Debug-Status
X-Redis-Cache
Decoy-Debug-Key
X-Say-Cacheable
X-Say-TTL
X-Web-Node
X-Section
X-SayCDN-TTL
Cleartype
Decoy-Debug-TTL
X-ProxyCache-Key
X-Bc-Bl
X-BYPASS-REASON
X-Cache-Host
Webserver
Section-Origin-Responded
S-Rt
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-CS
X-FC-Vary-Parameters
X-R9-Blue-Green-Version
X-Pubstack
X-PHP-Host
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-Human
X-ServerID
X-FW-Version
X-Hosted-By
Fastly-SSL
X-Varnish-Cache-Hits
Cache-Name
X-Unique-Id
X-Time-Microsecs
X-Content-Age
X-Sorting-Hat-ShopId
X-BCube-Filmed-By
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Shopify-Stage
X-TNCMS
X-Device-Type
X-No-Session
X-Loop
X-NYM-Debug-Backend
X-Origin
X-Origin-Hint
X-SaId
X-JoinUs
X-ShopId
X-EIG-Tracking-Id
X-ShardId
X-From
X-Hl-Ver
TWC-Locale-Group
X-Cache-Enabled
TWC-Connection-Speed
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Selected-Fe
X-Proxy-Build
X-Hyper-Cache
X-Geo
X-Generated
Origin-Cache-Control
X-Timing-Wait
Ms-Operation-Id
DB-Nickname
X-RTag
X-Amzn-Remapped-Content-Length
X-Vcache
Azure-RegionName
Azure-SiteName
X-FB-TRIP-ID
Ec-Rule-Version
Azure-InstanceId
Azure-Version
X-XRDS-LOCATION
Azure-SlotName
Apigw-Requestid
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
Time
X-Xfnlog-Site
Origin-Edge-Control
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cache-2
X-Presslabs-Stats
X-EC-Lua
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
Country
X-RequestSource
X-Old-Content-Length
X-Pad
X-Cluster-Node
X-CDN-Forward
Geo-Info
X-Source
User-Agent
X-Debug-Cache
X-Varnish-Hostname
Upgrade-Insecure-Requests
X-Backend-TTL
X-Cache-NE
X-Soup
X-SRV
X-Akamai-Request-ID
X-RCS-CacheZone
X-Proto
X-Parent-Response-Time
X-Tb
X-DC
X-Storefront-Renderer-Rendered
X-App-Version
X-Cache-PHP
X-Cache-Backend
X-NC
X-TA-CDN-Provider
Proxy-Connection
X-Cache-Grace
FilterID
LB
Cache-Key
X-FORWARDED-FOR
X-Proxy-Cache-Status
X-Forwarded-Host
X-Origin-CC
X-Origin-TTL
X-AIR-PT
X-Accel-Expires-Debug
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-DevSite-Last-Modified
GEO-REGION-INFO
Viewtype
X-Destination
X-VG-WebCache
IsBot
X-Region-Sid
X-VG-WebServer
X-Developer
VivaBuild
X-PAYTM-SRV-ID
X-Processor
X-Nginx-Cache-Key
X-Aed
ServerName
X-G
T-Server
X-App
X-Geo-Header
Arc-Country
AsisCache
BehaviorPad-Version
X-External-Request-Id
Content-Script-Type
Fastcgi-X-Cache-Version
UCS
X-A-Wwc
Xc-Version
X-Application
Content-Style-Type
True-Client-Country-4JS
X-Method
FNAC-ModuleRouting
X-CF-Lambda-Fn
X-Transaction
X-Date
X-SD-PageType
X-ScT
X-Trv-Group
X-Connection-Hash
M-TraceId
X-Twitter-Response-Tags
X-A-Dcw
Machine
X-A-Dam
X-A-Ccd
X-Session-Fingerprint
X-CF-Lambda-Version
MD5-Digest
Meta-Geo-Continent
X-SIPLIST1
X-A-Dgt
Mobile-Detection-Method
X-Rojux
X-Vdms-Version
X-SRCache-Key
X-Rewrite-Enabled
X-Response-By
X-D
Who
X-B-Cookie
X-S
X-Uri
X-ARC
X-Vdms-Path
X-S-Cookie
X-A
Rendered-Blocks
User-Cache-Control
X-Magnolia-Registration
X-Tumblr-Pixel-3
Cache-Cookie-Set-Lfrom
X-Cms-Context
Apple-News-Services-Parsed-Url
X-Gen-Mode
Apple-News-Services-Request-Url
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Cache-Info
X-Cache-URL
RNT-Machine
Release
X-Dispatch
X-Developers
Apple-News-Services-Host
RNT-Time
NGX
Server-Hostname
CDCHOST
Pagetype
Server-Ext
Magicmarker
Mail-Subject
X-Fmm-Version
X-Worker
We-Hiring
Web-Mar-Node
X-Req
X-Reqid
X-Backend-State
Vix-Hermes-Req-Id
X-WADP-Cache
V-Age
Viewport
X-Policy
X-VC-Cache
X-Varnish-Cacheable
X-Thinkindot-L3
X-ServiceProvider
X-Skip-Cache
X-Swa-Ws
N-Cache
X-Servername
X-Scheme
X-User
X-Trace-Id
On-Server
X-NodeID
X-Node-Id
Sever-Int
X-Hnp-Log
X-Block-Status
Thinkindot-CacheControl
X-SVT-ORM-VERSION
X-Cache-Bucket
AKAMAI
X-Generated-In
X-Cache-FS-Status
X-Generation-Time
Apple-News-Services-Handled
X-LAGOON
X-Wikidot-Static-Cache
X-Clara-WADP
X-Wikidot-Backend
Referer-Policy
Thinkindot-CacheControl-Type
X-Matched-Rule
X-Loc
X-SVT-ORM-RULES
Thinkindot-Control
X-Hit
OT-Force-Account-Verify
X-Auto-Login
X-Bip
X-Cache-Id
X-Cache-Tags
X-CGP
X-Request-Host
X-RateLimit-Remaining-Second
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Agile-Id
X-RateLimit-Limit-Second
X-Owner
X-Mvc-Supplant-Cachable
X-NU-AKA-ACS-Version
X-Origin-Date
X-Origin-Expires
X-Request-UUID
X-Server-W
X-VG-TLSProxy
X-VServer
X-We-Are-Hiring
X-Key
X-Variation
X-TrackingId
X-Slack-Backend
X-SN
X-TH-Server
X-Thanos
X-Micro-Cache
X-Logging-Id
X-Distil-CS
X-Distributor
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Device-Os
X-Cluster-Name
X-Compress-Hint
X-Core-Mission
X-Core-Value
X-Esi-Check
X-Eu-Site
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-Location
X-Irp-Debug
X-Hash
X-Fastly-Cache
X-Generated-On
X-Gzip
X-Has-Esi
X-Clientip
W
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
NM-Fastcgi-Cache
Rt-Fastcgi-Cache
Platform
Gh-Request-Id
Fastly-SWR
C-Via
Adler-Geo
Node
CacheControlHeader
X-Agile-Age
Fastly-SIE
Fastly-Drupal-HTML
Server-Host
Kp-EeAlive
Wxu-Next-Commit
Wxu-Next-Region
X-Agile
Wxu-Next-Hostname
Sid
X-Newrelic-Synthetics
X-Contensis-Viewer-Groups
X-Var-Ttl
X-Varnish-Authentication
X-BBXSRF
X-Reboot
X-LI-UUID
Memcached
X-Li-Pop
X-Webstats-RespID
X-Li-Fabric
X-Edge-Location
X-GoCache-CacheStatus
X-LI-Proto
X-Cache-ASPX
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Srv
X-Varnish-Beresp-Grace
X-Nc
X-ZONE
X-Be
X-Backend-Host
X-Wa
X-Configured-By
GEO-INFO
X-Branch-Name
MIME-Version
X-BC
X-Cache-Debug
Pragrma
S-Cnection
Cf-Ipcountry
X-Dc
Fastly-Backend-Name
X-Instart-Info
X-Varnish-URL
X-Refresh
X-Via-CDN
X-Microcachable
HostName
X-Via-PopH
X-Up
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopV
X-Batcache
X-Platform-Server
X-Servedbyhost
X-Ua-Device
X-TT-TIMESTAMP
X-Client-Ip
X-Ms-Version
X-Ms-Request-Id
X-Minions-Version
X-ElasticPress-Query
CACHE
X-Nginx-Cache
X-UA
X-Cdn-Forward
X-B3-Traceid
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-MSEdge-Flight
Memory
X-MSEdge-Features
NR-ENABLED
Esi-Enabled
WPE-Backend
X-ND-Cache
X-VCL-Version
NtCoent-Length
X-TIME
X-Vgn-Hpd-Reason
X-Sucuri-ID
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-App-Name
L
DCR-Processing-Time-Ms
DCR-Decision-By
Server-ID
X-COUNTRY
Cache-Host
Powered-By-ChinaCache
X-Server-IP
X-BE
X-FPC
X-Fastly-Cache-Status
X-Pjax-Url
Hostname
X-Bc
X-Zone
GeoIP-Country-Code
X-Oss-Storage-Class
Location
X-Oss-Object-Type
X-Svr
X-Oss-Request-Id
Pramga
X-Oss-Hash-Crc64ecma
HitType
X-Cdn-Srv
Ohc-File-Size
X-PF-Uncompressing
X-Oss-Server-Time
X-CF-Powered-By
FSS-Cache
X-Oracle-Dms-Rid
X-BACKEND-TTL
X-Ratelimit-Reset
X-LB-ID
Server-Surrogate-Control
X-GEO
GeoIP-Latitude
Server-Cache-Control
X-Generated-By
X-S-Maxage
X-Unique-ID
X-Azure-Ref-OriginShield
X-Varnishpool
Ohc-Response-Time
Resin-Trace
Tracecode
X-Sucuri-Cache
X-Check-Cacheable
PFcat
X-VarnishDD-TTL
X-Original-Request-Id
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
Cteonnt-Length
X-VCT
X-Fastly-Backend-Reqs
X-OVcl
X-OVcl-Cache
X-Platform
X-Instart-Isnd
Request-EU
Locid
X-Render-Time
X-Fastly-Country-Code
Cdn-Request-Time
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
Cdn-Host
X-Vgn-Hpd-Ssi
Heartbleed
X-Edge-Server
Request-Country
X-Varnish-Hits
X-VHOST
X-Fpc
X-Request-URI
X-HS-Status
X-PJAX-URL
X-CACHE-KEY
X-Cache-Expired-At
X-Newrelic-App-Data
X-CSRF-TOKEN
CF-Cached-On
Geoip-Latitude
X-Pf-Uncompressing
Lfy
GeoIp-Country-Code
Amp-Access-Control-Allow-Source-Origin
SRV
Epwk-X-Cache
X-Ratelimit-Remaining
X-CUA
X-Vcl-Version
X-Gamma-Serve
Pics-Label
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
SN
X-Shopify-Generated-Cart-Token
Backend
WWW-Authenticate
X-WebServer
X-NGINX-Cache
X-ECache
Product
X-Varnish-Url
X-StackifyID
X-Amzn-Remapped-Date
X-ServedByHost
Backend-Name
X-Amzn-Remapped-Connection
X-Ratelimit-Limit
X-RunCloud-Cache
X-Via-Poph
URI
X-Proxy-Upstream
XServer
X-Csrf-Jwt
WZWS-RAY
X-Via-Popv
X-Ftr-Cache-Host
X-Oss-Cdn-Auth
My-App
X-Tec-Api-Origin
X-Fetched-On
X-Tec-Api-Root
CloudFront-Viewer-Country
X-Cdn-Origin
X-Sn-Servicetimems
X-Tec-Api-Version
Mime-Version
X-GeoIP-Country-Code
X-Sigma
X-Sigma-Backend
X-Nananana
X-Request-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Rocket-Build-Number
A
Lb
Cloudfront-Viewer-Country
X-Cache-Tag
PICS-Label
Server-Ttl
Dt-Cache-Category
CF-IPCountry
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-Debug-Cache-Bypass
Ohc-Cache-HIT
SID
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
X-B3-SpanId
X-LiteSpeed-Cache-Control
Host-ID
X-Cache-Version
Cneonction
X-Apw-Access-Action
X-Apw-Access-Object
X-Varnish-Beresp-TTL
X-Apw-Hits
X-Request-Start
X-Apw-Access-Token
X-WA
X-Acquia-Application-Trace
Dnion-Transfer-Encoding
X-Acquia-Application-UUID
Proxy-Firewall
X-Acquia-Site
X-Acquia-Purge-Tags
X-DPWN-IS-SECURE
X-APP
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-IN-APIGATEWAY
FSS-Proxy
Country-Code
Warning
X-Dw-Trace-Id
X-WR-MODIFICATION
Group
X-Request-URL
X-ElasticPress-Search
Cdn
X-Html-Edge-Cache
Cf-Alt-Svc
X-Swift-Error
X-Served-From
X-VC
X-SB
Inserted-Into-Cache-At