Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Varnish
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-Request-ID
Access-Control-Expose-Headers
Upgrade
X-CDN
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
EagleId
X-Amz-Id-2
X-Amz-Request-Id
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Host
Surrogate-Control
X-Vhost
X-Device
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
Content-Location
X-Origin-Upstream-Status
X-HW
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
X-Rack-Cache
RTSS
Accept-CH
Edge-Control
X-Url
MS-Author-Via
X-Cdn
X-Clacks-Overhead
Accept-CH-Lifetime
X-Px
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
Verso
X-Goog-Hash
X-Varnish-TTL
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
X-Middleton-Display
X-Middleton-Response
X-Sol
Pagespeed
Response
X-Amz-Server-Side-Encryption
Display
X-MS-InvokeApp
X-Cache-TTL
X-Content-Type
X-DynaTrace
X-D2id
X-NF-Request-ID
X-Amz-Rid
X-Vcap-Request-Id
X-CST
X-VARITI-CCR
X-Abt-Application-Version
X-Cached
AR-ATIME
AR-CACHE
AR-Request-ID
AR-PoweredBy
Ar-Sid
TCN
Pinterest-Generated-By
X-Ttl
X-ESI
X-Powered-CMS
X-Version
X-Navigation-Version
X-Upstream
Accept-Ch
X-Fastly-Request-ID
Cache-Tag
X-Debug
X-Grace
X-Server-Name
Accept-Ch-Lifetime
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Charset
X-Element-Page-Cache
X-MSEdge-Ref
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-XRDS-Location
Realpath
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
X-Oneagent-Js-Injection
X-Shield-Request-Id
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Hp-Webp
X-Jurisdiction
SPIisLatency
SPRequestDuration
Pinterest-Version
X-Pinterest-Rid
X-Amz-Meta-S3cmd-Attrs
X-TTL
X-Id
X-Recruiting
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
S
X-Kinsta-Cache
X-T
X-Content-Digest
X-Cache-Key
Fastcgi-Cache
X-Logged-In
X-Trace
X-Node-Name
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
ServerID
Fastly-Restarts
X-Request-Received
X-Request-Processing-Time
X-Mobile-URL
X-Amzn-Trace-Id
X-Cache-Hit
X-Frontend
X-Hostname
Front-End-Https
Server-Node
X-FastCGI-Cache
X-Cache-Age
X-Server-ID
X-Client-IP
X-Forwarded-For
X-Yandex-Sdch-Disable
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
Edge-Cache-Tag
Powered
X-FTR-Expires
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Server-Name
Arc-Version
PB-RID
X-Ruxit-Js-Agent
PB-PID
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ah-Environment
X-User-Agent
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Akamai-Edgescape
X-Hits
X-Page-Id
X-F-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Revision
X-Jobs
Filters
X-LB-Cache
Alternate-Protocol
X-Correlation-Id
X-Origin-Server
X-Zen-Fury
DynaTrace
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile-Rewrite
X-Content-Powered-By
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Geo-Country
X-Fastcgi-Cache
X-Varnish-Age
AMP-Access-Control-Allow-Source-Origin
X-Daa-Tunnel
X-N
Accept-Charset
X-FTR-Cache-Host
X-RateLimit-Remaining
Cache-Tags
X-Varnish-Backend
X-B
X-Ser
X-Type
DC
X-Varnish-Grace
Paypal-Debug-Id
X-Esi
X-WebKit-CSP-Report-Only
Surrogate-Key
X-Git-Hash
X-Amz-Replication-Status
X-Rid
X-Content-Options
X-Whom
Host
Retry-After
Section-Io-Cache
X-B-Cache
X-Signature
X-App-Environment
X-Request-Guid
X-FB-Debug
X-TT
X-AppVersion
X-Az
X-Edge
X-Activity-Id
X-IPLB-Instance
Fastcgi-Useragent
X-Endurance-Cache-Level
X-Status
X-Debug-Info
Actual-Object-TTL
Frame-Options
Healthy
X-Via-JSL
Nel
X-HTML-Minification-Powered-By
X-ATG-Version
MicrosoftSharePointTeamServices
Srv
X-Webkit-CSP
X-Release
Content-Disposition
X-AOL-HN
X-Contextid
X-Cache-Action
X-Amzn-RequestId
Refresh
X-Seen-By
X-Amz-Apigw-Id
Backend-Timing
X-ATS-Timestamp
X-App-Server
From-Origin
X-ECACHE
Access-Control-Allow-Method
X-Pinterest-Direct
X-B3-Sampled
X-Protected-By
X-Accel-Buffering
X-Cache-Rule
X-Response-Served-From
X-Cache-Operation
X-ProcessESI
X-RemovedCookies
X-MCACHE
X-Mid
X-Region
X-Tumblr-User
Odigeo-Trace-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cacheable-TTL
X-Rendered-As
X-Is-Bot
X-FW-Dynamic
Uber-Trace-Id
Datacenter
X-UUID
X-Environment-Context
X-L-Path
X-Instance
X-FW-Type
X-WA-Info
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Upgrade-Enabled
X-FW-Static
X-Drupal-Cache-Tags
X-Varnish-Server
Eomportal-Instance
Payment
X-Rule
X-Cache-Time
X-Adobe-Loc
X-Adobe-Content
Countrycode
MS-CV
X-Host-Name
X-Proxy
X-Litespeed-Cache
X-Time
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Cached-By
X-Mobile
Xserver
X-Cache-Server
X-NewRelic-App-Data
X-Cache-Control
X-PHP-Backend
X-UnsetCookies
Source
X-Load-Cache
X-Azure-Ref
Access-Control-Request-Headers
Server-Info
X-Air-Hostname
Accept-Language
X-SERVER-NAME
X-NGENIX-Cache
X-Yottaa-Metrics
X-Backend-Name
X-GeoIP
X-Yottaa-Optimizations
X-Tt-Trace-Tag
X-Cache-NGX
X-Tt-Trace-Host
X-Origin-Response-Time
X-Handled-By
X-Akamai-Transformed
X-RateLimit-Limit
Filterid
X-Pass-Why
X-Framework
X-Mode
X-NWS-UUID-VERIFY
Liferay-Portal
Version
X-CSRF-Token
X-XRDS-LOCATION
X-Correlation-ID
X-Wix-Request-Id
X-Presslabs-Stats
X-URL
X-FireWall-Port
X-Unique-Id
X-Cache-Var
X-ES-SERVER
X-UA-Device-Type
X-Adobe-Source
X-Locale
X-Vcache
X-VWS-Id
X-CCM
Cross-Origin-Window-Policy
Meta-Geo
X-Path-Route
X-ApacheServer
X-Via-Fastly
Load-Balancing
X-Proxied
X-Routing-Service
X-LJ-Flow-ID
X-RN-RSRV
X-Cache-Var-Map
X-UPSTREAM-Address
X-PERF
X-Zipkin-Id
Cache-Status
X-AWS-Id
Mn-Server-Ip
X-Tumblr-Pixel-2
DSUID
X-NCache
X-MP-GENERATED-AT
X-Section
X-Format
ServedBy
Cache
X-IP
X-Tumblr-Pixel-1
X-Pubstack
X-Qloud-Router
Akamai-GRN
X-Real-IP
X-TX-ID
Cache-Hits
X-Viewer-Country
Now
X-Detected-As
X-Cache-Status-Check
X-Www-Served-By
X-Site-Version
X-Cluster
X-Access
Cache-Name
DB-Nickname
Cache-Tv-Group
Decoy-Debug-Key
Cleartype
Decoy-Debug-Status
X-Device-Type
Section-Origin-Responded
Webcakes-App-Name
Section-Io-Origin-Time-Seconds
Webcakes-App-Version
TWC-Connection-Speed
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Section-Io-Origin-Status
Webcakes-Region
X-FW-Version
X-Bc-Bl
X-CS
X-Cache-Config
Property-Id
TWC-Privacy
Section-Io-Id
X-Amzn-Remapped-Content-Length
S-Rt
Decoy-Debug-TTL
X-PCL
X-Storage
X-OCL
X-ServerID
X-Web-Node
X-Say-Cacheable
X-Varnish-Cache-Hits
X-Redis-Cache
X-R9-Blue-Green-Version
X-Info
X-Origin-Hint
Apigw-Requestid
X-Hyper-Cache
X-Human
X-SayCDN-TTL
X-Say-TTL
X-Cache-2
X-ProxyCache-Key
X-PHP-Host
X-Alternate-Cache-Key
Webserver
X-Cache-Host
X-Time-Microsecs
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Sorting-Hat-ShopId
X-ProxyCache-Status
X-Sorting-Hat-PodId
X-BYPASS-REASON
Fastly-SSL
X-NYM-Debug-Backend
X-ShardId
X-Labrador-Cache-Channel
X-Hosted-By
X-Origin
X-Shopify-Stage
X-Cache-Enabled
X-ShopId
X-IPS-LoggedIn
X-APP-VERSION
X-Content-Age
X-BCube-Filmed-By
Selected-Fe
X-Geo
X-JoinUs
X-SaId
X-From
X-Loop
X-Hl-Ver
Azure-Version
Azure-SlotName
X-TNCMS
X-FB-TRIP-ID
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-Timing-Wait
X-Proxy-Build
Origin-Cache-Control
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-RTag
Ms-Operation-Id
NGB
X-Cache-Remote
X-PressLabs-Stats
X-VCache
X-No-Session
Ec-Rule-Version
X-Ua
X-Generated
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
Origin-Edge-Control
X-EC-Lua
X-CDN-Forward
Time
X-Xfnlog-Site
X-Debug-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
SD-X-WS
X-Storefront-Renderer-Rendered
X-Pad
X-SRV
X-Soup
X-Source
X-Backend-TTL
X-Old-Content-Length
X-Varnish-Hostname
X-App-Version
X-Proto
Upgrade-Insecure-Requests
X-Cluster-Node
X-Tb
X-Akamai-Request-ID
X-TA-CDN-Provider
X-NC
X-Cache-PHP
Referer-Policy
X-App
Geo-Info
User-Agent
Cache-Key
X-RCS-CacheZone
X-RequestSource
LB
Proxy-Connection
X-Parent-Response-Time
X-Cache-NE
GEO-INFO
X-DC
X-Cache-Backend
X-Client-Ip
X-Magnolia-Registration
X-FORWARDED-FOR
X-Origin-CC
NGX
X-Origin-TTL
X-Trv-Group
X-Aed
X-Cache-Grace
X-G
X-Accel-Expires-Debug
X-Geo-Header
X-A
IsBot
Who
M-TraceId
Machine
X-A-Ccd
X-A-Dam
X-Generation-Time
X-A-Dgt
X-A-Dcw
X-External-Request-Id
X-A-Wwc
X-Developers
BehaviorPad-Version
Fastcgi-X-Cache-Version
AsisCache
Arc-Country
X-CF-Lambda-Fn
X-Application
Content-Style-Type
X-B-Cookie
X-ARC
CacheControlHeader
Content-Script-Type
X-CF-Lambda-Version
Xc-Version
FNAC-ModuleRouting
X-Developer
X-DevSite-Last-Modified
X-Dispatch
GEO-REGION-INFO
X-Destination
X-Date
AKAMAI
X-Cms-Context
X-Connection-Hash
X-D
X-Edge-Location
MD5-Digest
X-SD-PageType
X-ScT
X-VG-WebServer
True-Client-Country-4JS
X-VG-WebCache
X-Scheme
X-S-Cookie
X-Vtex-Processado-Em
X-Response-By
X-Rewrite-Enabled
X-Rojux
Pragrma
X-SIPLIST1
T-Server
Rendered-Blocks
X-Trace-Id
X-Twitter-Response-Tags
X-Transaction
X-Swa-Ws
X-SVT-ORM-VERSION
X-Vdms-Version
X-Vdms-Path
X-SRCache-Key
X-SVT-ORM-RULES
UCS
X-S
Mobile-Detection-Method
X-Method
X-Vtex-Remote-Cache
Meta-Geo-Continent
Viewtype
X-NodeID
X-PAYTM-SRV-ID
VivaBuild
X-Region-Sid
On-Server
X-AIR-PT
N-Cache
X-Processor
X-Nginx-Cache-Key
X-Tumblr-Pixel-3
X-Proxy-Cache-Status
X-Distributor
OT-Force-Account-Verify
Node
User-Cache-Control
Vix-Hermes-Req-Id
X-Agile-Id
Sever-Int
Server-Host
Web-Mar-Node
X-Auto-Login
V-Age
We-Hiring
Server-Hostname
Viewport
Thinkindot-CacheControl-Type
X-Agile
Thinkindot-Control
Wxu-Next-Region
Wxu-Next-Hostname
X-Agile-Age
Wxu-Next-Commit
Thinkindot-CacheControl
X-Generated-In
X-Owner
X-Node-Id
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Micro-Cache
X-Matched-Rule
X-Level-Front-Cache
X-Loc
X-Location
X-Logging-Id
X-Req
X-Reqid
X-Varnish-Cacheable
X-User
X-Uri
X-Thinkindot-L3
X-VC-Cache
X-Thanos
X-Server-W
X-ServiceProvider
X-Skip-Cache
X-SN
X-LAGOON
X-Key
X-Compress-Hint
X-Device-Os
X-Dispatcher-Server
X-Fmm-Version
X-Cache-URL
X-Cache-Info
X-Bip
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
X-Gen-Mode
X-Generated-On
X-WADP-Cache
Server-Ext
X-Is-Gdpr
X-JWT-State
X-Wikidot-Backend
X-Hnp-Log
X-Worker
X-Wikidot-Static-Cache
X-Has-Esi
X-Hash
X-Backend-State
X-Clara-WADP
X-Cluster-Name
Pagetype
CDCHOST
MIME-Version
Mail-Subject
Gh-Request-Id
Kp-EeAlive
Magicmarker
Release
NM-Fastcgi-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Forwarded-Host
X-Hit
X-Varnish-Beresp-Grace
X-Distil-CS
X-Envoy-Decorator-Operation
C-Via
X-Epic-Correlation-Id
X-Cache-Tags
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-CGP
Adler-Geo
X-Esi-Check
X-Contensis-Viewer-Groups
X-Core-Value
X-Core-Mission
X-Clientip
X-Irp-Debug
X-Var-Ttl
X-TrackingId
X-TH-Server
X-Slack-Backend
X-Variation
X-Varnish-Authentication
X-Webstats-RespID
X-We-Are-Hiring
X-VServer
X-VG-TLSProxy
X-Servername
X-Request-UUID
X-Mvc-Supplant-Cachable
X-Cache-Id
X-Gzip
X-Fastly-Cache
X-NU-AKA-ACS-Version
X-Origin-Date
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Eu-Site
FilterID
L5d-Success-Class
Fastly-SIE
X-Backend-Host
ServerName
W
Fastly-Drupal-HTML
Platform
Fastly-SWR
Ha-Gx-Prefs
Rt-Fastcgi-Cache
X-BBXSRF
Is-Eu
HA-Ipaddr
X-Cache-ASPX
X-Newrelic-Synthetics
X-Li-Fabric
X-Reboot
Memcached
X-Session-Fingerprint
X-Via-CDN
X-LI-UUID
Fastly-Backend-Name
X-LI-Proto
X-Up
X-Li-Pop
X-GoCache-CacheStatus
X-Dc
RNT-Machine
Cache-Cookie-Set-Lfrom
Sid
RNT-Time
Cache-Cookie-Set-Idcheck
X-Minions-Version
Cache-Cookie-Set-From
X-Be
X-ElasticPress-Query
X-BC
X-Nc
X-Wa
X-ZONE
X-Srv
X-Batcache
X-Configured-By
Cf-Ipcountry
X-Refresh
X-Aicache-OS
X-Varnish-URL
X-Nginx-Cache
X-UA
X-Cache-Debug
X-Branch-Name
X-Ua-Device
DCR-Processing-Time-Ms
X-Mvc-Supplant-OutputCached
HostName
CACHE
X-Servedbyhost
DCR-Decision-By
S-Cnection
X-B3-Traceid
X-Varnishpool
Memory
Pramga
Hostname
X-MSEdge-Features
X-Instart-Info
X-Fastly-Cache-Status
X-Ratelimit-Reset
X-MSEdge-Flight
X-ND-Cache
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopH
HitType
Location
X-Original-Request-Id
X-Cdn-Forward
X-Via-PopV
X-Platform-Server
X-PF-Uncompressing
X-TIME
X-BE
X-Sucuri-ID
X-Zone
X-VCL-Version
NtCoent-Length
X-LB-ID
X-Bc
X-Ms-Request-Id
X-Microcachable
X-Pjax-Url
X-Ms-Version
X-TT-TIMESTAMP
X-Sucuri-Cache
X-Debug-Panamera-Host
X-FPC
X-Debug-Panamera-Sitecode
X-CF-Powered-By
Powered-By-ChinaCache
Esi-Enabled
X-Check-Cacheable
X-COUNTRY
X-OVcl
X-OVcl-Cache
GeoIP-Country-Code
X-VarnishDD-TTL
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
PFcat
X-Oss-Server-Time
X-GEO
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-Azure-Ref-OriginShield
X-Instart-Isnd
GeoIP-Latitude
X-Vgn-Hpd-Variations-Key
Server-ID
Resin-Trace
L
X-App-Name
Ohc-File-Size
FSS-Cache
Cache-Host
X-Platform
X-Vgn-Hpd-Reason
X-Server-IP
X-Fastly-Backend-Reqs
X-BACKEND-TTL
X-Cdn-Srv
X-Render-Time
X-Varnish-Ttl
X-Svr
X-Unique-ID
X-Generated-By
Server-Cache-Control
Server-Surrogate-Control
X-CUA
X-HS-Status
X-S-Maxage
Pics-Label
Cteonnt-Length
X-VHOST
Ohc-Response-Time
X-Rocket-Nginx-Bypass
X-Fastly-Country-Code
Geoip-Latitude
Tracecode
X-PJAX-URL
X-Cache-Expired-At
Epwk-X-Cache
X-Fpc
GeoIp-Country-Code
X-CSRF-TOKEN
Backend-Name
X-RunCloud-Cache
Backend
X-Vcl-Version
SRV
X-Newrelic-App-Data
X-Varnish-Hits
SN
X-Via-Poph
X-Csrf-Jwt
X-Via-Popv
X-VCT
Cdn-Host
Cdn-Request-Time
X-Ratelimit-Remaining
Request-Country
Locid
X-Pf-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Edge-Server
Heartbleed
Request-EU
CF-Cached-On
X-CACHE-AGE
X-Request-URI
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-ServedByHost
X-CACHE-KEY
X-StackifyID
X-Gamma-Serve
Lfy
WWW-Authenticate
X-Request-Time
X-Sigma
X-Rocket-Build-Number
X-Sigma-Backend
X-ECache
X-NGINX-Cache
X-Varnish-Url
XServer
X-Ratelimit-Limit
X-Nananana
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Host-ID
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-DPWN-IS-SECURE
X-Oss-Cdn-Auth
X-Tec-Api-Root
X-Tec-Api-Version
CF-IPCountry
X-Tec-Api-Origin
Tcn
NR-ENABLED
WPE-Backend
X-Debug-Cache-Fetch
X-HostName
URI
X-Apw-Access-Action
Country-Code
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-LiteSpeed-Cache-Control
X-Debug-Cache-Store
X-WebServer
Lb
CDN-Uid
X-Via-Ucdn
CDN-RequestId
Cloudfront-Viewer-Country
CDN-Cache
X-WA
X-Cache-Tag
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
SID
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
PICS-Label
X-Proxy-Upstream
X-Debug-Cache-Status
X-Debug-Cache-Bypass
X-Shopify-Generated-Cart-Token
Product
X-B3-Spanid
X-Debug-Cache-String
X-Debug-Xas-Auth
Server-Ttl
X-Cache-Version
X-Tb-Optimization-Total-Bytes-Saved
Dnion-Transfer-Encoding
X-Sn-Servicetimems
My-App
WZWS-RAY
X-Fetched-On
Cneonction
Surrogated-Key
X-Amz-Meta-Cb-Modifiedtime
Proxy-Firewall
X-Acquia-Site
Ohc-Cache-HIT
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Cdn-Origin
X-Acquia-Application-UUID
X-IN-APIGATEWAYSSL
X-ServerName
X-Fastly-Cache-Hits
X-IN-APIGATEWAY
X-GeoIP-Country-Code
X-Snapshot-Date
Cf-Alt-Svc
X-Html-Edge-Cache
X-Dw-Trace-Id
X-SB
X-Varnish-Beresp-TTL
X-VC
X-Swift-Error
Inserted-Into-Cache-At
X-ElasticPress-Search
A
X-Request-URL
X-WR-MODIFICATION
Warning
FSS-Proxy