Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-CDN
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Envoy-Upstream-Service-Time
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Server
X-Turbo-Charged-By
X-Backend
P3p
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
Xkey
X-Proxy-Cache
Request-Context
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-WebKit-CSP
X-Dns-Prefetch-Control
Cf-Railgun
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Origin-Cache
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Host
X-Device
Surrogate-Control
X-Response-Time
X-Backend-Server
X-Vhost
X-Cache-Lookup
X-Ac
X-Readtime
X-Node
X-Origin-Upstream-Status
NEL
X-Dispatcher
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Request-Id
Content-Location
X-Mod-Pagespeed
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Clacks-Overhead
X-Pass-Why
X-Rack-Cache
X-Px
RTSS
Accept-CH
X-FTR-Request-ID
MS-Author-Via
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-Powered-By-Plesk
Verso
Accept-CH-Lifetime
X-B3-TraceId
Service-Worker-Allowed
Public-Key-Pins
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Varnish-TTL
X-MS-InvokeApp
X-DynaTrace
Arr-Disable-Session-Affinity
X-Middleton-Response
Pagespeed
Display
Response
X-Sol
X-Middleton-Display
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-D2id
X-Amz-Rid
X-Ttl
TCN
X-CST
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
Pinterest-Generated-By
X-Content-Type
X-Cached
X-VARITI-CCR
Accept-Ch
X-Navigation-Version
Cache-Tag
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Fastly-Request-ID
X-ESI
Ar-Sid
AR-CACHE
X-Version
X-Instart-Request-ID
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Accept-Ch-Lifetime
X-TEC-API-VERSION
X-Grace
X-Upstream
X-Powered-CMS
Access-Control-Request-Method
X-MSEdge-Ref
X-Accel-Expires
X-Debug
X-Server-Name
Nginx-Cache
Charset
SPIisLatency
SPRequestDuration
S
X-FastCGI-Cache
X-XRDS-Location
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Ezoic-Cdn
SPRequestGuid
X-SharePointHealthScore
X-DynaTrace-JS-Agent
X-Element-Page-Cache
Realpath
X-Client-IP
X-Cdn
Host-Header
X-Shield-Request-Id
Pinterest-Version
X-Jurisdiction
X-Pinterest-Rid
X-Hp-Webp
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
X-Trace
X-Recruiting
X-Id
X-Amz-Meta-S3cmd-Attrs
X-Kinsta-Cache
X-T
X-Node-Name
Fastcgi-Cache
X-Content-Digest
X-Server-ID
X-Logged-In
X-ASPNET-VERSION
X-TTL
X-NWS-LOG-UUID
X-Mobile-URL
TP-Cache
TP-L2-Cache
X-Request-Processing-Time
X-Request-Received
X-Cache-Age
X-Frontend
X-Cache-Hit
Server-Node
X-Cache-Key
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-Country-Code-Real
ServerID
Edge-Cache-Tag
Front-End-Https
X-Hostname
X-Amzn-Trace-Id
X-FTR-Expires
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Server-Name
PB-RID
X-Forwarded-For
PB-PID
Arc-Version
Fastly-Restarts
Powered
DynaTrace
X-Yandex-Sdch-Disable
X-Microsite
X-Request-Handler-Origin-Region
X-Zen-Fury
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
Filters
X-User-Agent
X-Revision
X-Ruxit-Js-Agent
X-Page-Id
X-F-Cache
X-Jobs
X-Akamai-Edgescape
X-Mobile-Rewrite
X-LB-Cache
Accept-Charset
X-Hits
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Powered-By
Backend-Timing
X-ATS-Timestamp
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Geo-Country
X-Varnish-Age
X-Origin-Server
Nel
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
Alternate-Protocol
X-N
X-B
X-FTR-Cache-Host
MicrosoftSharePointTeamServices
X-Via-JSL
X-Daa-Tunnel
X-Varnish-Backend
X-Rid
Cache-Tags
X-AppVersion
X-Activity-Id
X-Az
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-ATG-Version
X-Esi
X-WebKit-CSP-Report-Only
X-Type
X-FB-Debug
X-Amz-Replication-Status
DC
X-B-Cache
Retry-After
Section-Io-Cache
X-Signature
X-TT
X-Whom
Surrogate-Key
X-Debug-Info
X-Varnish-Grace
X-Ser
X-Git-Hash
X-App-Environment
Frame-Options
X-Edge
Paypal-Debug-Id
X-App-Server
Actual-Object-TTL
X-Content-Options
Host
X-Status
X-RateLimit-Remaining
X-Request-Guid
Fastcgi-Useragent
X-Fastcgi-Cache
X-Contextid
Healthy
X-AOL-HN
X-IPLB-Instance
X-Cache-Action
X-Seen-By
X-Amzn-RequestId
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
Srv
X-Host-Name
X-B3-Sampled
Refresh
X-PressLabs-Stats
X-ECACHE
X-Upgrade-Enabled
From-Origin
X-Pinterest-Direct
Access-Control-Allow-Method
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Source
X-Instance
X-Drupal-Cache-Tags
X-Amz-Apigw-Id
X-Cache-Rule
X-ProcessESI
X-Accel-Buffering
X-RemovedCookies
X-Response-Served-From
X-Cache-Operation
X-Time
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Region
VIX-Pulpo-Upstream-Status
X-Mid
X-MCACHE
X-UUID
MS-CV
Payment
Eomportal-Instance
X-Rule
X-Is-Bot
X-Rendered-As
X-Protected-By
X-Environment-Context
X-Varnish-Server
X-L-Path
X-Cacheable-TTL
X-WA-Info
X-FW-Server
X-FW-Type
X-Adobe-Content
Cache-Status
X-Adobe-Loc
Countrycode
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Cache-Time
Datacenter
X-Litespeed-Cache
Content-Disposition
X-SERVER-NAME
X-VCache
X-Cache-Control
Xserver
X-GeoIP
X-Cache-Server
X-Akamai-Request-ID2
X-Cached-By
X-Akamai-Transformed
X-UnsetCookies
X-Proxy
Uber-Trace-Id
X-Wix-Request-Id
X-Correlation-ID
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
NGB
Version
X-APP-VERSION
X-Cluster
X-Mode
Access-Control-Request-Headers
X-Mobile
X-PHP-Backend
X-Azure-Ref
X-XRDS-LOCATION
X-Release
Filterid
X-IPS-LoggedIn
X-Handled-By
X-Cache-Remote
X-URL
X-Tumblr-Pixel-1
X-NGENIX-Cache
X-Tumblr-Pixel-2
X-NewRelic-App-Data
Accept-Language
X-FireWall-Port
X-NWS-UUID-VERIFY
X-Cache-NGX
X-Backend-Name
X-Air-Hostname
Liferay-Portal
X-RequestSource
Load-Balancing
Meta-Geo
Cross-Origin-Window-Policy
X-CCM
X-Cache-Var
X-No-Session
X-Path-Route
X-Cache-Status-Check
X-RN-RSRV
X-Cache-Var-Map
X-Adobe-Source
X-ES-SERVER
X-UA-Device-Type
X-Via-Fastly
X-UPSTREAM-Address
X-Storage
X-AWS-Id
X-ApacheServer
X-LJ-Flow-ID
X-PERF
X-VWS-Id
X-Www-Served-By
X-Viewer-Country
X-Locale
X-MP-GENERATED-AT
X-OCL
X-PCL
Cache-Hits
DSUID
X-Ua
X-CSRF-Token
Mn-Server-Ip
Cleartype
Decoy-Debug-TTL
Decoy-Debug-Key
Cache-Name
Decoy-Debug-Status
X-Real-IP
Akamai-GRN
X-Site-Version
X-RTag
Now
X-R9-Blue-Green-Version
Ms-Operation-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
ServedBy
X-Bc-Bl
X-Cache-Config
X-TX-ID
Section-Io-Origin-Status
X-Framework
Section-Io-Id
X-BYPASS-REASON
X-Info
X-EIG-Tracking-Id
X-Device-Type
X-Say-TTL
X-Say-Cacheable
X-Hl-Ver
X-Alternate-Cache-Key
X-SayCDN-TTL
X-ProxyCache-Key
X-NCache
X-FW-Version
X-ProxyCache-Status
X-Pubstack
Webserver
Fastly-SSL
X-Redis-Cache
X-Web-Node
X-Varnish-Cache-Hits
X-ServerID
X-Proxied
X-Access
X-Format
X-Section
X-Routing-Service
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Zipkin-Id
X-Sorting-Hat-ShopId
X-ShopId
S-Rt
Webcakes-Region
X-Human
Webcakes-App-Name
X-CS
Webcakes-App-Version
X-Origin-Hint
X-Cache-Enabled
X-FB-TRIP-ID
X-FC-Vary-Parameters
X-From
X-BCube-Filmed-By
Selected-Fe
TWC-Privacy
X-Proxy-Build
TWC-Device-Class
Cache
Property-Id
X-Timing-Wait
X-SaId
X-Detected-As
X-Time-Microsecs
X-Origin
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-JoinUs
TWC-GeoIP-Country
X-NYM-Debug-Backend
TWC-Locale-Group
X-Labrador-Cache-Channel
Cache-Tv-Group
X-PHP-Host
X-Generated
X-Amzn-Remapped-Content-Length
X-IP
X-Content-Age
X-TNCMS
DB-Nickname
X-Qloud-Router
X-Loop
X-Hyper-Cache
X-Hosted-By
Azure-SlotName
Azure-SiteName
Azure-Version
Origin-Cache-Control
Origin-Edge-Control
Azure-RegionName
Azure-InstanceId
X-Cache-Host
X-Xfnlog-Site
X-Geo
NR-ENABLED
X-Goog-Meta-Goog-Reserved-File-Mtime
WPE-Backend
Country
X-Unique-Id
Ec-Rule-Version
SD-X-WS
X-RateLimit-Limit
X-Drupal-Cache-Contexts
X-Source
User-Agent
X-Pad
X-Varnish-Hostname
X-Cache-2
X-Old-Content-Length
X-Cluster-Node
Time
X-Cache-NE
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Cache-TTL-Remaining
Server-Info
Geo-Info
X-Parent-Response-Time
Upgrade-Insecure-Requests
FilterID
X-EC-Lua
X-Akamai-Request-ID
Apigw-Requestid
X-Srv
X-Debug-Cache
X-Webkit-CSP
X-RCS-CacheZone
X-Cache-Backend
Proxy-Connection
X-Proxy-Cache-Status
X-Soup
X-Cache-Grace
X-Backend-TTL
X-Forwarded-Host
X-CDN-Forward
X-Presslabs-Stats
X-TA-CDN-Provider
X-Newrelic-Synthetics
X-Tb
S-Cnection
X-Tumblr-Pixel-3
X-FORWARDED-FOR
X-Proto
X-Nc
X-Cache-PHP
NGX
Pagetype
Rendered-Blocks
Mobile-Detection-Method
X-CF-Lambda-Fn
Content-Script-Type
AsisCache
X-Vdms-Path
Server-Host
Arc-Country
X-Vdms-Version
BehaviorPad-Version
Content-Style-Type
X-VG-WebCache
MD5-Digest
X-VG-WebServer
X-B-Cookie
X-Vtex-Processado-Em
Machine
Xc-Version
Meta-Geo-Continent
Fastcgi-X-Cache-Version
X-Twitter-Response-Tags
GEO-REGION-INFO
M-TraceId
X-Vtex-Remote-Cache
Thinkindot-Control
X-PAYTM-SRV-ID
X-Matched-Rule
X-A-Dcw
X-Geo-Header
X-Connection-Hash
X-ARC
X-Region-Sid
X-Processor
X-CF-Lambda-Version
X-A-Dam
X-A-Dgt
X-A-Wwc
X-DevSite-Last-Modified
X-Developer
X-D
X-Destination
X-Dispatch
X-Application
X-G
X-Accel-Expires-Debug
X-Aed
X-External-Request-Id
X-Reqid
X-Rewrite-Enabled
Thinkindot-CacheControl-Type
X-Date
True-Client-Country-4JS
Viewtype
Thinkindot-CacheControl
T-Server
X-Transaction
X-Thinkindot-L3
X-SRCache-Key
ServerName
X-Session-Fingerprint
X-ServiceProvider
X-S-Cookie
X-S
X-A-Ccd
X-Rojux
X-A
Who
X-ScT
X-Scheme
VivaBuild
X-Trv-Group
UCS
X-Uri
X-Cluster-Name
X-Vcache
OT-Force-Account-Verify
Cf-Ipcountry
X-Microcachable
X-DC
X-Trace-Id
We-Hiring
FNAC-ModuleRouting
X-Swa-Ws
X-SN
X-Skip-Cache
IsBot
Vix-Hermes-Req-Id
X-User
N-Cache
Release
On-Server
X-Worker
X-VC-Cache
Viewport
Mail-Subject
NM-Fastcgi-Cache
X-Cache-FS-Status
X-Hash
X-Generation-Time
X-Generated-On
X-Generated-In
X-NodeID
X-Node-Id
X-Location
X-Level-Front-Cache
X-LAGOON
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cms-Context
X-Response-By
Kp-EeAlive
X-Branch-Name
X-Core-Value
Sid
X-Dispatcher-Server
X-Device-Os
X-App-Version
X-SD-PageType
V-Age
Cache-Cookie-Set-Lfrom
Cache-Key
CacheControlHeader
X-Nginx-Cache-Key
Cache-Cookie-Set-Idcheck
AKAMAI
Cache-Cookie-Set-From
X-Method
X-SIPLIST1
CDCHOST
X-AIR-PT
User-Cache-Control
X-Envoy-Decorator-Operation
X-Hit
X-JWT-State
X-Backend-State
X-Bip
X-Is-Gdpr
X-Cache-Bucket
X-Instart-Info
X-Servername
X-Block-Status
X-Agile-Id
X-Thanos
X-Magnolia-Registration
Web-Mar-Node
X-Developers
X-TH-Server
Adler-Geo
X-Policy
X-Logging-Id
X-Agile-Age
X-Agile
X-App
X-Cache-Tags
X-Eu-Site
X-Epic-Correlation-Id
X-Rebelmouse-Surrogate-Control
X-Distributor
X-Rebelmouse-Cache-Control
X-Fmm-Version
X-Origin-Expires
X-Owner
X-Gen-Mode
X-Distil-CS
X-Varnish-Cacheable
X-Request-UUID
X-Hnp-Log
X-Req
X-Origin-Date
W
X-CGP
X-Has-Esi
X-Clientip
X-Clara-WADP
X-Cache-Info
X-Auto-Login
Is-Eu
Rt-Fastcgi-Cache
X-Dc
RNT-Machine
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Parsed-Url
X-WADP-Cache
Wxu-Next-Region
Magicmarker
Wxu-Next-Hostname
X-Wikidot-Backend
L5d-Success-Class
Apple-News-Services-Handled
Apple-News-Services-Host
Platform
X-Wikidot-Static-Cache
RNT-Time
Wxu-Next-Commit
X-Var-Ttl
C-Via
Fastly-SWR
Fastly-Drupal-HTML
Fastly-SIE
Apple-News-Services-Request-Url
Sever-Int
X-VG-TLSProxy
Gh-Request-Id
X-NC
Server-Ext
Server-Hostname
X-Variation
X-Be
X-Cache-Debug
X-Reboot
X-Storefront-Renderer-Rendered
X-Irp-Debug
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Platform-Server
X-Loc
X-Fastly-Cache
X-Cache-URL
X-We-Are-Hiring
X-Webstats-RespID
X-Via-PopH
X-Compress-Hint
X-Via-PopV
X-Cache-ASPX
X-Backend-Host
X-VServer
X-BBXSRF
X-Core-Mission
X-SRV
X-TrackingId
X-Slack-Backend
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Request-Host
X-Server-W
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Origin-TTL
X-Origin-CC
X-Varnish-Beresp-Status
X-Li-Pop
X-GoCache-CacheStatus
X-Li-Fabric
X-LI-UUID
X-Esi-Check
X-Ms-Version
X-Cache-Id
X-TT-TIMESTAMP
X-LI-Proto
Memcached
X-Gzip
X-Ms-Request-Id
X-Envoy-Upstream-Healthchecked-Cluster
X-Cdn-Forward
LB
X-SVT-ORM-VERSION
X-NU-AKA-ACS-Version
X-Configured-By
Tracecode
Node
X-Wa
X-SVT-ORM-RULES
X-Vgn-Hpd-Reason
HostName
X-Refresh
X-UA
Esi-Enabled
X-Key
X-Edge-Location
GEO-INFO
NtCoent-Length
X-BC
X-ZONE
MIME-Version
Referer-Policy
Ohc-File-Size
L
Server-ID
Pragrma
X-Varnish-URL
X-Ua-Device
X-Servedbyhost
X-Server-IP
X-Mvc-Supplant-OutputCached
CACHE
Cache-Host
X-App-Name
X-BACKEND-TTL
X-Nginx-Cache
X-B3-Traceid
X-MSEdge-Flight
Fastly-Backend-Name
X-MSEdge-Features
X-Zone
X-Bc
X-Via-CDN
Memory
X-Up
Server-Cache-Control
X-Varnish-Ttl
Server-Surrogate-Control
X-Cdn-Srv
X-TIME
X-VCT
X-S-Maxage
Ohc-Response-Time
X-Generated-By
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-FPC
X-Minions-Version
X-Batcache
X-Svr
X-Sucuri-ID
X-ND-Cache
X-Pjax-Url
X-VCL-Version
X-ElasticPress-Query
X-COUNTRY
X-Unique-ID
X-Oracle-Dms-Rid
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Rocket-Nginx-Bypass
X-CF-Powered-By
X-Aicache-OS
X-Oss-Storage-Class
X-Oss-Object-Type
FSS-Cache
X-GEO
Request-EU
Resin-Trace
Request-Country
GeoIP-Country-Code
Heartbleed
Locid
X-Varnish-Hits
DCR-Decision-By
X-BE
DCR-Processing-Time-Ms
GeoIP-Latitude
X-Request-URI
Hostname
Cteonnt-Length
Powered-By-ChinaCache
X-Fastly-Cache-Status
Location
X-Azure-Ref-OriginShield
Lfy
X-Shopify-Generated-Cart-Token
Pramga
X-PF-Uncompressing
X-Gamma-Serve
X-Check-Cacheable
HitType
Cdn-Request-Time
X-LB-ID
Cdn-Host
X-Edge-Server
CF-Cached-On
WZWS-RAY
X-VHOST
X-Sucuri-Cache
X-Ratelimit-Remaining
Amp-Access-Control-Allow-Source-Origin
X-VarnishDD-TTL
PFcat
X-CACHE-KEY
X-HS-Status
X-WebServer
X-PJAX-URL
X-Newrelic-App-Data
Geoip-Latitude
X-Fastly-Country-Code
GeoIp-Country-Code
X-Varnishpool
X-Ratelimit-Reset
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-Proxy-Upstream
X-Fpc
X-Pf-Uncompressing
X-OVcl
X-Vgn-Hpd-Ssi
X-Vcl-Version
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Variations-Key
Product
X-OVcl-Cache
SRV
X-ECache
X-Platform
X-Fetched-On
X-Cdn-Origin
X-Instart-Isnd
My-App
Ohc-Cache-HIT
Mime-Version
X-Sn-Servicetimems
X-Cache-Expired-At
X-CLOUD-TRACE-CONTEXT
X-Ftr-Cache-Host
SN
X-GeoIP-Country-Code
X-CACHE-AGE
X-Render-Time
WWW-Authenticate
X-NGINX-Cache
X-ServedByHost
Dt-Cache-Category
X-Ratelimit-Limit
X-CUA
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Varnish-Url
URI
X-Original-Request-Id
XServer
X-Swift-Error
Group
X-Tec-Api-Origin
X-Served-From
Pics-Label
X-Tec-Api-Root
X-Tec-Api-Version
X-Oss-Cdn-Auth
CloudFront-Viewer-Country
X-B3-Spanid
X-Request-Start
Epwk-X-Cache
A
X-B3-SpanId
Cf-Alt-Svc
X-Client-Ip
X-Debug-Cache-Store
X-StackifyID
Cdn
X-Debug-Cache-Fetch
Lb
X-WR-MODIFICATION
X-Amzn-Requestid
X-Via-Ucdn
SID
Backend
X-Debug-Cache-Status
X-Cache-Tag
X-Apw-Hits
X-Request-Time
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
Cloudfront-Viewer-Country
X-WA
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Do-Not-Cache-Uri
X-LiteSpeed-Cache-Control
X-Debug-Ysi-Auth
X-Debug-Cache-String
PICS-Label
Server-Ttl
X-Debug-Xas-Auth
X-Debug-Cache-Bypass
X-Cache-Version
NnCoection
Origin
Country-Code
X-Via-NSCOPI
Proxy-Firewall
X-Acquia-Site
X-Via-Poph
Backend-Name
X-Via-Popv
X-Cache-Hfrom
X-Varnish-Beresp-TTL
X-Cache-Hm
X-Nananana
X-Csrf-Jwt
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
X-RunCloud-Cache
X-Acquia-Application-UUID
Cneonction
X-Acquia-Purge-Tags
X-WPE-Loopback-Upstream-Addr
X-Snapshot-Date
Warning
Inserted-Into-Cache-At
X-SB
X-Request-URL
X-ElasticPress-Search
Req-ID
X-DPWN-IS-SECURE
X-Html-Edge-Cache
X-Ocache
X-B3-Parentspanid
X-VC
X-Varnish-ID
X-Dw-Trace-Id
Geoip-City