Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-UA-Compatible
X-Served-By
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-DNS-Prefetch-Control
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-AH-Environment
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Grace
X-Pingback
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
P3p
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Ac
X-Cache-Lookup
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
Accept-CH
Rating
X-Country-Code
X-Cnection
Accept-CH-Lifetime
X-Rack-Cache
Edge-Control
X-Url
RTSS
X-Clacks-Overhead
X-Px
MS-Author-Via
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
Verso
X-Powered-By-Plesk
Host-Header
Service-Worker-Allowed
X-Varnish-TTL
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-B3-TraceId
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
Public-Key-Pins
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Display
X-Middleton-Response
Display
Pagespeed
X-Ttl
Response
X-Sol
X-Forwarded-Proto
X-Cache-TTL
X-DynaTrace
X-Cdn
X-Content-Type
X-NF-Request-ID
X-Amz-Rid
X-D2id
TCN
X-Vcap-Request-Id
X-Abt-Application-Version
X-Cached
X-CST
X-VARITI-CCR
Pinterest-Generated-By
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
Ar-Sid
X-ESI
X-Version
X-Navigation-Version
X-Powered-CMS
X-Upstream
Cache-Tag
X-Fastly-Request-ID
X-Server-Name
X-Grace
X-Debug
X-Instart-Request-ID
Access-Control-Request-Method
X-XRDS-Location
Charset
X-MSEdge-Ref
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Nginx-Cache
Content-MD5
X-Element-Page-Cache
Realpath
Mrf-Cache-Status
X-Accel-Expires
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
X-Ezoic-Cdn
SPRequestDuration
X-DynaTrace-JS-Agent
SPIisLatency
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
X-SharePointHealthScore
SPRequestGuid
X-Pinterest-Rid
S
Pinterest-Version
Accept-Ch
X-Jurisdiction
X-Hp-Webp
X-Pass-Why
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Kinsta-Cache
X-Trace
X-T
Fastcgi-Cache
X-Content-Digest
X-Client-IP
X-Node-Name
X-Logged-In
Accept-Ch-Lifetime
X-Cache-Key
X-Mobile-URL
X-NWS-LOG-UUID
X-Oneagent-Js-Injection
TP-L2-Cache
TP-Cache
X-FastCGI-Cache
Server-Node
X-Request-Received
X-Cache-Hit
X-Frontend
X-Hostname
X-Request-Processing-Time
ServerID
X-Cache-Age
X-Amzn-Trace-Id
Fastly-Restarts
Front-End-Https
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-TTL
X-Country-Code-Real
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-Goog-Generation
X-Yandex-Sdch-Disable
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
Server-Name
Powered
PB-PID
PB-RID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Revision
X-User-Agent
X-Page-Id
X-DIS-Request-ID
Filters
X-Hits
X-LB-Cache
X-Jobs
X-F-Cache
X-Zen-Fury
X-Akamai-Edgescape
DynaTrace
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Fastcgi-Cache
Alternate-Protocol
X-HS-Combine-CSS
X-HS-Content-Id
X-Origin-Server
X-HS-Cache-Config
X-HS-Hub-Id
X-Geo-Country
X-Content-Powered-By
Accept-Charset
X-Varnish-Age
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-N
X-Daa-Tunnel
X-Varnish-Backend
X-B
Cache-Tags
X-Rid
Retry-After
X-Amz-Replication-Status
X-Esi
X-Type
X-WebKit-CSP-Report-Only
X-Varnish-Grace
Section-Io-Cache
X-Content-Options
DC
X-Git-Hash
X-Server-ID
Surrogate-Key
Paypal-Debug-Id
Host
X-B-Cache
X-Request-Guid
X-Signature
X-Whom
X-App-Environment
X-FB-Debug
X-Via-JSL
X-TT
X-AppVersion
X-Az
X-Edge
X-Activity-Id
X-RateLimit-Remaining
X-ATS-Timestamp
MicrosoftSharePointTeamServices
Backend-Timing
X-Debug-Info
X-Status
Fastcgi-Useragent
X-Ser
Frame-Options
X-IPLB-Instance
Actual-Object-TTL
X-ATG-Version
X-Webkit-CSP
Healthy
X-Endurance-Cache-Level
Nel
X-App-Server
X-HTML-Minification-Powered-By
X-Contextid
Srv
X-AOL-HN
X-Cache-Action
X-Seen-By
X-Amzn-RequestId
X-ECACHE
Refresh
X-B3-Sampled
X-Pinterest-Direct
From-Origin
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Cache-Rule
X-Protected-By
X-Response-Served-From
X-Accel-Buffering
X-Tumblr-Pixel
X-ProcessESI
X-Host-Name
X-RemovedCookies
X-Drupal-Cache-Tags
Content-Disposition
X-Cache-Operation
X-Upgrade-Enabled
X-Tumblr-Pixel-0
X-Tumblr-User
X-MCACHE
Odigeo-Trace-Id
X-Instance
X-Mid
X-Is-Bot
X-Region
X-Rendered-As
X-Cacheable-TTL
Payment
X-WA-Info
X-Release
X-UUID
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-FW-Dynamic
X-Environment-Context
X-FW-Hash
X-FW-Static
X-L-Path
X-FW-Serve
X-Rule
X-Varnish-Server
X-FW-Server
X-FW-Type
Eomportal-Instance
Countrycode
MS-CV
X-Adobe-Loc
X-Litespeed-Cache
X-Adobe-Content
X-Cache-Time
Datacenter
Source
Uber-Trace-Id
X-Time
X-Proxy
X-Load-Cache
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Cache-Control
X-Cached-By
X-Cache-Server
X-UnsetCookies
Xserver
X-Mobile
X-PHP-Backend
Cache-Status
X-Correlation-ID
X-GeoIP
X-Akamai-Transformed
X-SERVER-NAME
Access-Control-Request-Headers
X-Azure-Ref
X-Yottaa-Optimizations
X-NewRelic-App-Data
X-Yottaa-Metrics
X-Tt-Trace-Host
Accept-Language
X-Tt-Trace-Tag
X-Origin-Response-Time
X-PressLabs-Stats
X-Air-Hostname
Filterid
X-Mode
X-NGENIX-Cache
X-Wix-Request-Id
X-Handled-By
Liferay-Portal
X-Backend-Name
X-Cache-NGX
Version
X-NWS-UUID-VERIFY
X-VCache
X-Cluster
X-URL
X-IPS-LoggedIn
X-Framework
Server-Info
X-Locale
X-Path-Route
X-FireWall-Port
X-VWS-Id
X-Via-Fastly
X-Tumblr-Pixel-2
X-Routing-Service
X-RN-RSRV
X-Tumblr-Pixel-1
X-UA-Device-Type
X-ES-SERVER
X-UPSTREAM-Address
X-Proxied
X-PERF
X-LJ-Flow-ID
X-Adobe-Source
Cross-Origin-Window-Policy
X-APP-VERSION
Meta-Geo
X-Zipkin-Id
Load-Balancing
X-ApacheServer
NGB
X-AWS-Id
X-Cache-Var
X-Cache-Var-Map
X-CCM
X-TX-ID
X-Site-Version
X-Real-IP
X-Qloud-Router
Cache-Hits
X-Viewer-Country
X-Cache-Status-Check
X-Www-Served-By
X-MP-GENERATED-AT
X-Detected-As
ServedBy
Mn-Server-Ip
DSUID
Cache
Section-Io-Id
X-Cache-Config
X-Pubstack
X-R9-Blue-Green-Version
X-Redis-Cache
X-Cache-Remote
X-Human
X-PCL
X-NCache
X-Info
Akamai-GRN
Now
X-Access
X-OCL
X-Say-Cacheable
X-Say-TTL
X-Storage
Cache-Name
X-Format
Decoy-Debug-Status
Decoy-Debug-Key
X-Web-Node
Cleartype
X-IP
Decoy-Debug-TTL
X-Section
X-SayCDN-TTL
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Cache-Enabled
X-CS
Fastly-SSL
S-Rt
TWC-Privacy
Webcakes-App-Name
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-Region
X-Alternate-Cache-Key
X-Bc-Bl
Property-Id
X-Device-Type
Webserver
X-BYPASS-REASON
X-Hosted-By
X-Shopify-Stage
X-CSRF-Token
X-Sorting-Hat-PodId
X-Origin-Hint
X-ShopId
X-ProxyCache-Status
X-ProxyCache-Key
X-ShardId
X-Sorting-Hat-ShopId
TWC-Locale-Group
X-Unique-Id
Cache-Tv-Group
X-FW-Version
X-FC-Vary-Parameters
X-Varnish-Cache-Hits
X-TNCMS
X-Timing-Wait
X-ServerID
X-PHP-Host
X-Hl-Ver
X-Cache-Host
X-Content-Age
X-From
X-Labrador-Cache-Channel
X-Loop
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-No-Session
X-Proxy-Build
X-EIG-Tracking-Id
X-Ua
Selected-Fe
X-JoinUs
X-BCube-Filmed-By
X-Time-Microsecs
X-Hyper-Cache
X-Generated
X-RTag
X-SaId
X-Amzn-Remapped-Content-Length
X-RateLimit-Limit
X-Origin
Ms-Operation-Id
Origin-Cache-Control
DB-Nickname
Ec-Rule-Version
X-XRDS-LOCATION
X-Presslabs-Stats
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
X-Geo
X-Cache-2
X-Drupal-Cache-Contexts
Apigw-Requestid
Locale
X-Cache-TTL-Remaining
X-Urbn-Context-Path
X-Urbn-Site-Id
Time
X-Xfnlog-Site
X-Vcache
Origin-Edge-Control
SD-X-WS
X-Goog-Meta-Goog-Reserved-File-Mtime
X-RequestSource
Country
X-EC-Lua
X-Pad
X-Source
Geo-Info
X-Varnish-Hostname
X-CDN-Forward
User-Agent
X-Debug-Cache
X-Old-Content-Length
X-Soup
Upgrade-Insecure-Requests
X-Backend-TTL
X-Cluster-Node
X-Cache-NE
X-Akamai-Request-ID
X-RCS-CacheZone
X-Proto
X-Parent-Response-Time
X-Tb
X-Cache-Backend
X-Storefront-Renderer-Rendered
X-SRV
Proxy-Connection
X-App-Version
X-Cache-PHP
X-TA-CDN-Provider
X-NC
FilterID
X-Cache-Grace
X-DC
X-Proxy-Cache-Status
Cache-Key
X-FORWARDED-FOR
X-Origin-CC
X-Forwarded-Host
X-Origin-TTL
AsisCache
VivaBuild
Viewtype
Machine
X-A-Dcw
X-A
X-A-Ccd
X-App
BehaviorPad-Version
X-A-Dam
Arc-Country
Who
Content-Style-Type
Meta-Geo-Continent
Mobile-Detection-Method
X-A-Dgt
FNAC-ModuleRouting
MD5-Digest
GEO-REGION-INFO
N-Cache
Rendered-Blocks
Content-Script-Type
True-Client-Country-4JS
IsBot
M-TraceId
Fastcgi-X-Cache-Version
T-Server
UCS
X-Trace-Id
X-S-Cookie
X-S
X-Rojux
X-Rewrite-Enabled
X-Developer
X-Destination
X-ScT
X-D
X-Date
X-Scheme
X-Response-By
X-DevSite-Last-Modified
X-Method
X-Nginx-Cache-Key
X-NodeID
X-PAYTM-SRV-ID
X-Geo-Header
X-Processor
X-Dispatch
X-External-Request-Id
X-Region-Sid
X-G
X-SD-PageType
X-Session-Fingerprint
X-VG-WebCache
X-Application
X-Vdms-Version
X-Vdms-Path
X-Aed
X-VG-WebServer
X-Accel-Expires-Debug
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-Trv-Group
X-Swa-Ws
X-SRCache-Key
X-Connection-Hash
X-SIPLIST1
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-ARC
X-B-Cookie
X-Transaction
X-A-Wwc
ServerName
X-AIR-PT
LB
User-Cache-Control
X-Tumblr-Pixel-3
X-Magnolia-Registration
Sever-Int
Server-Hostname
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Matched-Rule
Web-Mar-Node
X-Micro-Cache
Viewport
Thinkindot-Control
X-Node-Id
Server-Ext
RNT-Machine
X-Reqid
X-Req
X-Newrelic-Synthetics
Magicmarker
X-ServiceProvider
X-Servername
NGX
On-Server
X-RateLimit-Limit-Second
X-Logging-Id
X-RateLimit-Remaining-Second
Release
Pagetype
X-Policy
Wxu-Next-Hostname
X-Clara-WADP
X-Cms-Context
X-Generation-Time
X-Cache-URL
X-Cache-Bucket
X-Cache-Info
X-Compress-Hint
X-Generated-On
X-Developers
X-Device-Os
X-Fmm-Version
X-Gen-Mode
X-Generated-In
X-Hash
X-Block-Status
X-Uri
X-Agile
X-Loc
Wxu-Next-Region
X-Skip-Cache
X-Agile-Age
X-Agile-Id
X-Backend-State
X-Bip
X-Hnp-Log
X-LAGOON
X-Level-Front-Cache
Wxu-Next-Commit
RNT-Time
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Referer-Policy
Cache-Cookie-Set-Lfrom
CacheControlHeader
X-Varnish-Cacheable
X-VC-Cache
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Worker
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Wikidot-Static-Cache
X-Wikidot-Backend
Apple-News-Services-Handled
AKAMAI
X-WADP-Cache
X-User
Apple-News-Services-Request-Url
X-Thanos
X-Thinkindot-L3
Kp-EeAlive
X-SN
X-Hit
X-Irp-Debug
X-Request-UUID
L5d-Success-Class
X-We-Are-Hiring
X-Webstats-RespID
X-BBXSRF
Mail-Subject
X-B3-Traceid
X-Rebelmouse-Surrogate-Control
X-Server-W
X-JWT-State
X-Auto-Login
X-Is-Gdpr
Node
X-TH-Server
X-Cache-Tags
X-Edge-Location
X-Slack-Backend
X-Fastly-Cache
X-Eu-Site
X-Distil-CS
X-Dispatcher-Server
X-Core-Value
X-Core-Mission
X-Location
X-Cache-FS-Status
X-CGP
X-Clientip
X-Key
X-Cluster-Name
X-Has-Esi
X-Srv
X-Origin-Expires
X-Mvc-Supplant-Cachable
V-Age
X-VG-TLSProxy
Ha-Gx-Prefs
NM-Fastcgi-Cache
X-NU-AKA-ACS-Version
X-Origin-Date
X-VServer
Fastly-SWR
X-Envoy-Decorator-Operation
Fastly-SIE
Vix-Hermes-Req-Id
W
X-Rebelmouse-Cache-Control
C-Via
X-TrackingId
X-Request-Host
Gh-Request-Id
HA-Ipaddr
Rt-Fastcgi-Cache
We-Hiring
X-Owner
X-Var-Ttl
Sid
X-Be
OT-Force-Account-Verify
X-Variation
Memcached
Adler-Geo
X-Distributor
Platform
X-Epic-Correlation-Id
Fastly-Drupal-HTML
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Esi-Check
X-Gzip
Pragrma
X-Reboot
X-Cache-Id
X-GoCache-CacheStatus
X-Backend-Host
Is-Eu
X-Cache-ASPX
X-Dc
X-Varnish-Beresp-Ttl
GEO-INFO
X-Varnish-Beresp-Status
X-Nc
X-Varnish-Beresp-Grace
S-Cnection
X-LI-UUID
X-Li-Pop
X-Wa
X-BC
MIME-Version
X-Li-Fabric
X-LI-Proto
X-ZONE
X-Branch-Name
X-Cache-Debug
X-Configured-By
Cf-Ipcountry
Fastly-Backend-Name
X-Up
X-Instart-Info
X-Via-PopH
X-Refresh
X-Varnish-URL
X-Via-PopV
X-Microcachable
HostName
X-UA
X-Via-CDN
X-Batcache
X-Minions-Version
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-Servedbyhost
X-Ua-Device
X-Mvc-Supplant-OutputCached
X-TIME
X-TT-TIMESTAMP
X-Ms-Request-Id
X-Ms-Version
X-ElasticPress-Query
CACHE
X-Cdn-Forward
Memory
X-MSEdge-Features
X-MSEdge-Flight
X-Aicache-OS
X-Vgn-Hpd-Reason
X-Nginx-Cache
X-ND-Cache
X-VCL-Version
WPE-Backend
NR-ENABLED
Esi-Enabled
NtCoent-Length
L
DCR-Decision-By
X-Sucuri-ID
DCR-Processing-Time-Ms
X-Debug-Panamera-Host
Server-ID
X-App-Name
X-Debug-Panamera-Sitecode
X-COUNTRY
Hostname
X-Client-Ip
X-Server-IP
X-Fastly-Cache-Status
X-PF-Uncompressing
X-FPC
Powered-By-ChinaCache
Cache-Host
X-GEO
Pramga
X-Pjax-Url
X-Zone
X-Bc
X-CF-Powered-By
X-Oss-Storage-Class
Location
X-Oss-Server-Time
Ohc-File-Size
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Cdn-Srv
HitType
GeoIP-Country-Code
X-Oss-Object-Type
X-Svr
X-BACKEND-TTL
FSS-Cache
X-BE
X-Varnishpool
Server-Surrogate-Control
Server-Cache-Control
X-Ratelimit-Reset
GeoIP-Latitude
X-Generated-By
X-S-Maxage
X-Unique-ID
X-Sucuri-Cache
Tracecode
X-Azure-Ref-OriginShield
X-LB-ID
Ohc-Response-Time
X-Check-Cacheable
Resin-Trace
X-OVcl-Cache
X-Rocket-Nginx-Bypass
X-VarnishDD-TTL
PFcat
X-Varnish-Ttl
X-OVcl
X-Original-Request-Id
X-VCT
Cteonnt-Length
X-Fastly-Backend-Reqs
X-CSRF-TOKEN
Cdn-Request-Time
Cdn-Host
X-Render-Time
X-Fastly-Country-Code
X-Platform
X-PJAX-URL
X-Cache-Expired-At
X-Edge-Server
X-Instart-Isnd
Locid
Request-EU
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Variations-Key
Heartbleed
X-Vgn-Hpd-Cached
Request-Country
X-Ratelimit-Remaining
X-Varnish-Hits
X-VHOST
X-Request-URI
GeoIp-Country-Code
X-HS-Status
Geoip-Latitude
X-Fpc
X-Newrelic-App-Data
CF-Cached-On
Lfy
X-CUA
SRV
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Pf-Uncompressing
X-Gamma-Serve
X-Vcl-Version
Epwk-X-Cache
X-NGINX-Cache
SN
Pics-Label
X-CACHE-AGE
X-Oracle-Dms-Rid
X-Ratelimit-Limit
XServer
X-CLOUD-TRACE-CONTEXT
X-Shopify-Generated-Cart-Token
WWW-Authenticate
X-CACHE-KEY
X-ECache
X-WebServer
Backend-Name
Backend
X-StackifyID
Product
X-Csrf-Jwt
X-Proxy-Upstream
X-Amzn-Remapped-Connection
X-RunCloud-Cache
URI
X-Amzn-Remapped-Date
X-ServedByHost
WZWS-RAY
X-Varnish-Url
X-Ftr-Cache-Host
X-Via-Popv
My-App
CloudFront-Viewer-Country
X-Sn-Servicetimems
X-Fetched-On
X-Oss-Cdn-Auth
X-Cdn-Origin
X-Via-Poph
X-Fastly-Request-Id
Mime-Version
X-Rocket-Build-Number
X-Request-Time
A
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GeoIP-Country-Code
X-Nananana
X-Sigma
X-Sigma-Backend
Lb
Server-Ttl
X-Cache-Tag
Cloudfront-Viewer-Country
CF-IPCountry
PICS-Label
Host-ID
X-LiteSpeed-Cache-Control
X-Debug-Cache-String
Ohc-Cache-HIT
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Debug-Cache-Status
X-Debug-Cache-Bypass
Dt-Cache-Category
SID
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
X-B3-SpanId
X-Debug-Do-Not-Cache-Uri
X-Cache-Version
X-Apw-Access-Object
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Varnish-Beresp-TTL
X-Apw-Hits
X-Apw-Access-Token
X-WA
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Cneonction
X-Acquia-Site
X-Request-Start
Proxy-Firewall
X-APP
DataCenter
Group
X-Lb-Id
X-DPWN-IS-SECURE
X-IN-APIGATEWAY
FSS-Proxy
Country-Code
Dnion-Transfer-Encoding
X-Served-From
X-IN-APIGATEWAYSSL
X-Request-URL
X-Html-Edge-Cache
X-WR-MODIFICATION
Cf-Alt-Svc
X-Dw-Trace-Id
X-SB
X-VC
X-ElasticPress-Search
Warning
Inserted-Into-Cache-At
X-Swift-Error
Cdn
X-Snapshot-Date