Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
P3P
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
CF-Ray
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Request-ID
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Vhost
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Node
X-Backend-Server
X-Dns-Prefetch-Control
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Cnection
X-Country-Code
Host-Header
Accept-CH
X-Rack-Cache
X-Url
Edge-Control
RTSS
MS-Author-Via
X-Clacks-Overhead
Accept-CH-Lifetime
X-Px
X-Cdn
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Kinja-Server
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
Public-Key-Pins
X-Forwarded-Proto
X-Amz-Server-Side-Encryption
Response
X-Middleton-Response
X-Middleton-Display
Display
Pagespeed
X-Sol
X-MS-InvokeApp
X-Cache-TTL
X-DynaTrace
X-Content-Type
X-D2id
X-NF-Request-ID
X-Amz-Rid
X-Vcap-Request-Id
X-VARITI-CCR
X-Abt-Application-Version
X-Cached
X-CST
X-Ttl
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
TCN
Pinterest-Generated-By
X-ESI
X-Powered-CMS
X-Navigation-Version
X-Version
X-Upstream
X-Fastly-Request-ID
Accept-Ch
X-Server-Name
X-Debug
Cache-Tag
X-Grace
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Charset
X-Element-Page-Cache
Accept-Ch-Lifetime
X-MSEdge-Ref
X-XRDS-Location
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Realpath
Nginx-Cache
Content-MD5
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Hp-Webp
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
SPRequestGuid
X-Recruiting
X-Id
S
X-Dw-Request-Base-Id
X-TTL
X-T
X-Kinsta-Cache
X-Content-Digest
X-Cache-Key
X-Trace
Fastcgi-Cache
X-Logged-In
X-Node-Name
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
Fastly-Restarts
ServerID
X-Mobile-URL
X-Request-Processing-Time
X-Request-Received
X-Amzn-Trace-Id
X-Cache-Hit
X-Frontend
Front-End-Https
Server-Node
X-Hostname
X-Cache-Age
X-Client-IP
X-Forwarded-For
X-FastCGI-Cache
X-FTR-Balancer
X-FTR-Realm
X-Yandex-Sdch-Disable
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
Edge-Cache-Tag
Powered
X-Server-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
Server-Name
PB-RID
Arc-Version
PB-PID
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-Page-Id
X-DIS-Request-ID
X-Hits
X-Akamai-Edgescape
X-F-Cache
Filters
X-LB-Cache
X-Revision
X-Jobs
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Fastcgi-Cache
X-Correlation-Id
X-Ah-Environment
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Webkit-CSP
X-Content-Powered-By
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Geo-Country
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-Daa-Tunnel
Accept-Charset
X-N
X-FTR-Cache-Host
X-RateLimit-Remaining
X-B
Cache-Tags
X-Varnish-Backend
X-Ser
X-Type
X-Rid
X-Varnish-Grace
Paypal-Debug-Id
DC
X-Git-Hash
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
Surrogate-Key
Section-Io-Cache
X-Whom
X-App-Environment
Retry-After
X-Content-Options
X-B-Cache
Host
X-Signature
X-Request-Guid
X-TT
X-Pass-Why
X-FB-Debug
X-Edge
X-Az
X-AppVersion
X-Activity-Id
X-Esi
X-IPLB-Instance
Fastcgi-Useragent
X-Debug-Info
X-Status
Frame-Options
X-Endurance-Cache-Level
Actual-Object-TTL
X-Via-JSL
Healthy
MicrosoftSharePointTeamServices
X-ATG-Version
X-HTML-Minification-Powered-By
Srv
Nel
X-Release
X-AOL-HN
X-Cache-Action
Backend-Timing
X-App-Server
X-Contextid
Content-Disposition
X-ATS-Timestamp
X-Seen-By
X-ECACHE
X-Amzn-RequestId
Refresh
X-Amz-Apigw-Id
From-Origin
X-B3-Sampled
Access-Control-Allow-Method
X-Protected-By
X-Response-Served-From
X-Pinterest-Direct
X-Cache-Rule
X-Accel-Buffering
X-ProcessESI
X-Tumblr-Pixel
X-Mid
X-MCACHE
X-Tumblr-User
X-RemovedCookies
X-Region
X-Tumblr-Pixel-0
X-Cache-Operation
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cacheable-TTL
X-Upgrade-Enabled
X-Is-Bot
Odigeo-Trace-Id
X-Rendered-As
X-Instance
X-FW-Dynamic
X-WA-Info
X-UUID
X-Environment-Context
X-FW-Server
X-FW-Static
X-L-Path
X-FW-Type
X-FW-Serve
Datacenter
X-FW-Hash
Eomportal-Instance
X-Cache-Time
X-Varnish-Server
Uber-Trace-Id
Payment
X-Rule
X-Time
X-Drupal-Cache-Tags
MS-CV
X-Adobe-Content
X-Adobe-Loc
Countrycode
X-Host-Name
X-Proxy
X-Cached-By
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Litespeed-Cache
Xserver
X-Mobile
X-Cache-Server
X-NewRelic-App-Data
Source
X-Load-Cache
X-Cache-Control
X-UnsetCookies
X-PHP-Backend
X-Azure-Ref
X-Air-Hostname
Access-Control-Request-Headers
Accept-Language
X-GeoIP
Server-Info
X-NGENIX-Cache
X-Backend-Name
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Cache-NGX
X-Akamai-Transformed
X-Tt-Trace-Host
X-SERVER-NAME
X-Handled-By
Version
X-Framework
Liferay-Portal
X-Mode
X-NWS-UUID-VERIFY
X-RateLimit-Limit
X-CSRF-Token
X-Wix-Request-Id
Filterid
X-Vcache
X-Unique-Id
X-XRDS-LOCATION
Cache-Status
X-FireWall-Port
X-Correlation-ID
X-URL
X-CCM
X-Proxied
X-Locale
X-Cache-Var-Map
X-AWS-Id
X-Path-Route
X-Presslabs-Stats
X-Zipkin-Id
X-PERF
X-Cache-Var
X-Via-Fastly
X-VWS-Id
X-Cluster
X-Tumblr-Pixel-2
X-Adobe-Source
Meta-Geo
X-Tumblr-Pixel-1
Cross-Origin-Window-Policy
Load-Balancing
X-ES-SERVER
X-RN-RSRV
Cache
X-LJ-Flow-ID
X-UA-Device-Type
X-ApacheServer
X-Routing-Service
X-UPSTREAM-Address
Cache-Hits
X-Qloud-Router
X-TX-ID
X-Site-Version
X-Pubstack
X-Viewer-Country
X-NCache
X-Cache-Status-Check
X-Www-Served-By
X-Section
X-Detected-As
X-IP
X-Real-IP
X-MP-GENERATED-AT
Mn-Server-Ip
X-Format
X-Access
ServedBy
Now
Akamai-GRN
DSUID
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
Section-Origin-Responded
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Property-Id
S-Rt
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Amzn-Remapped-Content-Length
X-Bc-Bl
X-Say-TTL
X-Say-Cacheable
X-Redis-Cache
X-SayCDN-TTL
X-ServerID
X-Web-Node
X-Varnish-Cache-Hits
X-Storage
X-R9-Blue-Green-Version
X-PCL
X-Device-Type
X-CS
X-Cache-Config
X-FW-Version
X-Human
X-Origin-Hint
X-OCL
X-Info
DB-Nickname
X-PressLabs-Stats
Cache-Name
Apigw-Requestid
X-Hyper-Cache
Cache-Tv-Group
X-IPS-LoggedIn
Cleartype
X-NYM-Debug-Backend
X-Labrador-Cache-Channel
X-Geo
Webserver
X-Hosted-By
X-FC-Vary-Parameters
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Cache-Enabled
X-Cache-Host
X-EIG-Tracking-Id
X-PHP-Host
X-Origin
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Fastly-SSL
X-Time-Microsecs
X-ShopId
X-Shopify-Stage
X-ProxyCache-Status
X-ShardId
X-ProxyCache-Key
X-SaId
X-BCube-Filmed-By
X-Timing-Wait
X-Content-Age
X-Cache-2
X-Proxy-Build
X-Hl-Ver
X-TNCMS
X-FB-TRIP-ID
X-JoinUs
X-Loop
X-From
Selected-Fe
Azure-InstanceId
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
Ms-Operation-Id
NGB
Origin-Cache-Control
X-Cache-Remote
X-RTag
X-Ua
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-APP-VERSION
X-No-Session
Ec-Rule-Version
X-Generated
X-Cache-TTL-Remaining
X-VCache
X-Drupal-Cache-Contexts
X-CDN-Forward
X-Xfnlog-Site
Origin-Edge-Control
X-EC-Lua
Time
SD-X-WS
X-SRV
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
X-Debug-Cache
X-Source
X-Backend-TTL
X-App-Version
X-Pad
X-Soup
X-Storefront-Renderer-Rendered
X-Varnish-Hostname
X-Old-Content-Length
Upgrade-Insecure-Requests
X-Cluster-Node
X-Proto
X-Akamai-Request-ID
X-Tb
X-NC
Geo-Info
X-Cache-PHP
X-TA-CDN-Provider
X-RequestSource
LB
X-RCS-CacheZone
X-Parent-Response-Time
X-Cache-NE
X-App
User-Agent
Referer-Policy
Cache-Key
Proxy-Connection
X-DC
X-Cache-Backend
X-Magnolia-Registration
X-Cache-Grace
X-Client-Ip
GEO-INFO
X-Origin-CC
FilterID
NGX
X-Origin-TTL
BehaviorPad-Version
IsBot
AsisCache
GEO-REGION-INFO
X-D
X-A
X-Date
X-A-Dgt
X-Cms-Context
X-A-Dcw
X-A-Dam
X-A-Ccd
X-ARC
CacheControlHeader
X-Destination
X-G
X-DevSite-Last-Modified
Content-Style-Type
X-Connection-Hash
X-Dispatch
X-Aed
X-Edge-Location
X-CF-Lambda-Version
Who
X-External-Request-Id
X-Developers
X-Accel-Expires-Debug
Fastcgi-X-Cache-Version
X-Generation-Time
X-Geo-Header
X-Application
FNAC-ModuleRouting
Content-Script-Type
X-A-Wwc
X-Developer
AKAMAI
X-CF-Lambda-Fn
Arc-Country
T-Server
Meta-Geo-Continent
X-Vtex-Remote-Cache
Mobile-Detection-Method
X-Vtex-Processado-Em
UCS
X-SIPLIST1
X-SD-PageType
X-ScT
X-Rojux
X-Proxy-Cache-Status
X-S
X-B-Cookie
X-Scheme
N-Cache
X-SRCache-Key
X-Trace-Id
True-Client-Country-4JS
X-Transaction
X-Trv-Group
On-Server
X-Twitter-Response-Tags
X-Swa-Ws
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-Vdms-Path
X-FORWARDED-FOR
X-S-Cookie
X-Region-Sid
X-Rewrite-Enabled
Xc-Version
Viewtype
X-Tumblr-Pixel-3
VivaBuild
Machine
X-PAYTM-SRV-ID
MD5-Digest
X-Nginx-Cache-Key
X-Method
X-NodeID
X-Processor
Rendered-Blocks
M-TraceId
X-Response-By
X-Distributor
X-Uri
OT-Force-Account-Verify
User-Cache-Control
X-Forwarded-Host
Node
Server-Host
Wxu-Next-Commit
We-Hiring
Viewport
Thinkindot-CacheControl
X-Auto-Login
Thinkindot-CacheControl-Type
X-Agile-Id
Wxu-Next-Region
X-Agile-Age
Server-Hostname
X-Agile
Sever-Int
Web-Mar-Node
Thinkindot-Control
Vix-Hermes-Req-Id
Wxu-Next-Hostname
X-Reqid
X-Req
X-RateLimit-Remaining-Second
Server-Ext
X-Server-W
X-ServiceProvider
X-RateLimit-Limit-Second
X-Policy
X-Matched-Rule
X-Micro-Cache
X-Node-Id
X-Owner
X-Skip-Cache
X-SN
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Worker
Pragrma
X-WADP-Cache
X-VC-Cache
X-Thanos
X-Thinkindot-L3
X-User
X-Varnish-Cacheable
X-Logging-Id
X-Location
X-Compress-Hint
X-Clara-WADP
X-Device-Os
X-Dispatcher-Server
X-Fmm-Version
X-Cache-URL
X-Cache-Info
X-Bip
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
X-Gen-Mode
X-Generated-In
X-Key
X-LAGOON
X-Level-Front-Cache
X-Loc
X-JWT-State
X-Is-Gdpr
X-Generated-On
X-Has-Esi
X-Hash
X-Hnp-Log
X-Backend-State
V-Age
X-AIR-PT
Gh-Request-Id
Magicmarker
Mail-Subject
NM-Fastcgi-Cache
X-Cluster-Name
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Pagetype
Kp-EeAlive
Release
X-Hit
X-Varnish-Authentication
X-Core-Mission
X-Contensis-Viewer-Groups
X-Core-Value
X-Varnish-Beresp-Ttl
X-Distil-CS
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-Clientip
X-Webstats-RespID
X-Cache-Id
MIME-Version
X-Cache-Tags
X-We-Are-Hiring
X-CGP
Adler-Geo
X-VServer
X-Envoy-Decorator-Operation
X-Epic-Correlation-Id
X-TrackingId
X-Origin-Expires
X-Origin-Date
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-TH-Server
X-Request-UUID
X-Request-Host
X-NU-AKA-ACS-Version
X-Mvc-Supplant-Cachable
X-Eu-Site
X-Esi-Check
X-Variation
X-Fastly-Cache
X-Gzip
X-Var-Ttl
C-Via
X-Irp-Debug
X-Slack-Backend
X-Servername
Fastly-SIE
W
Fastly-SWR
X-Cache-ASPX
ServerName
Platform
Fastly-Drupal-HTML
L5d-Success-Class
X-Backend-Host
Is-Eu
X-BBXSRF
HA-Ipaddr
Rt-Fastcgi-Cache
Ha-Gx-Prefs
X-Li-Fabric
X-GoCache-CacheStatus
X-Session-Fingerprint
Memcached
X-Reboot
X-LI-Proto
X-Li-Pop
X-LI-UUID
Sid
X-Newrelic-Synthetics
Cache-Cookie-Set-From
RNT-Machine
X-Via-CDN
X-Up
Fastly-Backend-Name
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
RNT-Time
X-Dc
X-Wa
X-Minions-Version
X-Be
X-ZONE
X-BC
X-Varnish-URL
X-Nc
X-Srv
X-ElasticPress-Query
X-Refresh
X-Batcache
X-Configured-By
Cf-Ipcountry
X-Nginx-Cache
X-Aicache-OS
X-Branch-Name
X-Cache-Debug
X-UA
S-Cnection
X-Servedbyhost
HostName
X-Ua-Device
DCR-Processing-Time-Ms
X-Instart-Info
CACHE
DCR-Decision-By
X-Mvc-Supplant-OutputCached
X-B3-Traceid
Memory
X-Platform-Server
X-Via-PopH
X-BE
X-MSEdge-Features
X-Via-PopV
X-PF-Uncompressing
X-Fastly-Cache-Status
X-MSEdge-Flight
Pramga
Hostname
X-Varnishpool
X-Ratelimit-Reset
X-Envoy-Upstream-Healthchecked-Cluster
X-Zone
X-Sucuri-ID
X-Bc
X-Microcachable
HitType
X-Ms-Request-Id
X-Pjax-Url
X-Original-Request-Id
X-Cdn-Forward
X-VCL-Version
X-ND-Cache
X-Ms-Version
Location
X-TT-TIMESTAMP
X-TIME
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
Esi-Enabled
NtCoent-Length
X-LB-ID
X-Sucuri-Cache
X-Check-Cacheable
X-COUNTRY
X-FPC
X-CF-Powered-By
Powered-By-ChinaCache
GeoIP-Country-Code
L
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-VarnishDD-TTL
GeoIP-Latitude
X-App-Name
X-Oss-Object-Type
X-Oss-Storage-Class
Ohc-File-Size
PFcat
Server-ID
X-OVcl
X-OVcl-Cache
X-Vgn-Hpd-Reason
FSS-Cache
X-GEO
X-Vgn-Hpd-Cached
X-Azure-Ref-OriginShield
Cache-Host
X-Vgn-Hpd-Variations-Key
X-Server-IP
Resin-Trace
X-Cdn-Srv
X-Instart-Isnd
X-Vgn-Hpd-Ssi
X-Fastly-Backend-Reqs
Server-Cache-Control
Server-Surrogate-Control
X-Platform
X-BACKEND-TTL
X-Render-Time
X-Svr
X-Generated-By
X-Varnish-Ttl
X-Unique-ID
X-S-Maxage
Cteonnt-Length
X-CUA
Ohc-Response-Time
X-HS-Status
Tracecode
Pics-Label
X-Fastly-Country-Code
X-Rocket-Nginx-Bypass
X-Fpc
X-VHOST
Epwk-X-Cache
GeoIp-Country-Code
X-Cache-Expired-At
X-PJAX-URL
Geoip-Latitude
X-CSRF-TOKEN
X-VCT
X-Varnish-Hits
Locid
Heartbleed
X-Vcl-Version
Backend-Name
X-Edge-Server
X-RunCloud-Cache
Backend
NR-ENABLED
WPE-Backend
Request-EU
Request-Country
Cdn-Request-Time
Cdn-Host
X-Newrelic-App-Data
SRV
CF-Cached-On
X-Via-Poph
X-Ratelimit-Remaining
X-Pf-Uncompressing
X-Request-URI
Amp-Access-Control-Allow-Source-Origin
SN
X-Via-Popv
X-Csrf-Jwt
X-CACHE-AGE
X-Oracle-Dms-Rid
X-Gamma-Serve
X-CLOUD-TRACE-CONTEXT
Lfy
X-ECache
X-Sigma-Backend
X-StackifyID
X-Request-Time
X-Sigma
X-Rocket-Build-Number
WWW-Authenticate
X-ServedByHost
X-NGINX-Cache
X-CACHE-KEY
X-Amzn-Remapped-Date
Host-ID
X-Amzn-Remapped-Connection
X-Varnish-Url
X-Ratelimit-Limit
X-Nananana
XServer
X-Ftr-Cache-Host
Tcn
CF-IPCountry
X-DPWN-IS-SECURE
X-Tec-Api-Version
X-Oss-Cdn-Auth
X-Tec-Api-Origin
X-Tec-Api-Root
URI
CloudFront-Viewer-Country
X-WebServer
X-Shopify-Generated-Cart-Token
Product
X-Apw-Access-Object
X-Apw-Access-Token
X-LiteSpeed-Cache-Control
X-Apw-Hits
X-Debug-Cache-Store
X-Proxy-Upstream
X-HostName
X-Apw-Access-Action
Country-Code
X-Debug-Cache-Fetch
Lb
My-App
X-WA
CDN-RequestId
Cloudfront-Viewer-Country
X-Debug-Cache-Bypass
X-Cache-Tag
X-Cdn-Origin
CDN-Uid
SID
X-Fetched-On
CDN-EdgeStorageId
CDN-CachedAt
X-Via-Ucdn
CDN-PullZone
CDN-RequestCountryCode
X-Debug-Cache-Status
X-Debug-Ysi-Auth
WZWS-RAY
CDN-Cache
X-B3-Spanid
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Cache-String
X-Sn-Servicetimems
PICS-Label
X-Debug-Xas-Auth
X-Debug-Do-Not-Cache-Uri
Server-Ttl
Ohc-Cache-HIT
X-Cache-Version
Dnion-Transfer-Encoding
X-Amz-Meta-Cb-Modifiedtime
Surrogated-Key
A
Proxy-Firewall
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-GeoIP-Country-Code
Cneonction
X-Acquia-Purge-Tags
X-Acquia-Site
Mime-Version
X-SB
X-ServerName
X-VC
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Varnish-Beresp-TTL
Cf-Alt-Svc
X-Html-Edge-Cache
X-IN-APIGATEWAY
Dt-Cache-Category
X-Snapshot-Date
Warning
Inserted-Into-Cache-At
X-Swift-Error
X-B3-SpanId
FSS-Proxy
X-WR-MODIFICATION
X-Request-URL
X-ElasticPress-Search
X-IN-APIGATEWAYSSL