Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
CF-RAY
ETag
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
Content-Security-Policy-Report-Only
X-Check
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
P3p
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
X-CDN
Upgrade
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
CF-Ray
X-Backend
X-Age
X-Server
X-Turbo-Charged-By
X-AH-Environment
X-Cache-Group
X-Robots-Tag
Request-Context
Feature-Policy
X-Proxy-Cache
Xkey
EagleId
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
Server-Timing
Grace
X-Pingback
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Vhost
X-Response-Time
X-Readtime
X-Ac
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Node
X-Backend-Server
X-Dispatcher
NEL
Content-Location
X-Origin-Upstream-Status
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
Host-Header
X-Cnection
X-Country-Code
Accept-CH
X-Rack-Cache
RTSS
Edge-Control
X-Url
MS-Author-Via
Accept-CH-Lifetime
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
Verso
X-Goog-Hash
Service-Worker-Allowed
X-Powered-By-Plesk
X-B3-TraceId
X-Varnish-TTL
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
Arr-Disable-Session-Affinity
X-GitHub-Request-Id
X-Forwarded-Proto
Public-Key-Pins
X-Amz-Server-Side-Encryption
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
Display
X-MS-InvokeApp
X-Content-Type
X-Cache-TTL
X-DynaTrace
X-Cdn
X-D2id
X-NF-Request-ID
X-CST
X-Ttl
X-Vcap-Request-Id
X-Amz-Rid
TCN
X-VARITI-CCR
X-Cached
X-Abt-Application-Version
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
Pinterest-Generated-By
X-Powered-CMS
X-ESI
X-Navigation-Version
X-Upstream
X-Version
X-Fastly-Request-ID
X-Debug
Cache-Tag
X-Grace
X-Server-Name
Accept-Ch
X-Instart-Request-ID
Access-Control-Request-Method
Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Element-Page-Cache
X-MSEdge-Ref
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-XRDS-Location
Realpath
Content-MD5
Nginx-Cache
X-Ezoic-Cdn
X-Accel-Expires
Accept-Ch-Lifetime
X-Shield-Request-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-DynaTrace-JS-Agent
X-Jurisdiction
X-Hp-Webp
SPRequestDuration
SPIisLatency
X-Pinterest-Rid
Pinterest-Version
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-SharePointHealthScore
X-Id
SPRequestGuid
X-Dw-Request-Base-Id
S
X-Kinsta-Cache
X-T
X-Content-Digest
Fastcgi-Cache
X-Logged-In
X-Trace
X-TTL
X-Cache-Key
X-NWS-LOG-UUID
X-Node-Name
TP-L2-Cache
TP-Cache
X-Hostname
ServerID
X-Oneagent-Js-Injection
X-Request-Received
X-Mobile-URL
X-Amzn-Trace-Id
Fastly-Restarts
X-Request-Processing-Time
X-Cache-Hit
X-Frontend
Front-End-Https
X-Cache-Age
X-FastCGI-Cache
Server-Node
X-Server-ID
X-Forwarded-For
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
Edge-Cache-Tag
X-Client-IP
Powered
X-FTR-Expires
X-Yandex-Sdch-Disable
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
Server-Name
Arc-Version
PB-PID
PB-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-User-Agent
X-Ah-Environment
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Hits
X-DIS-Request-ID
X-Akamai-Edgescape
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-F-Cache
Filters
X-Revision
X-LB-Cache
X-Jobs
Alternate-Protocol
X-Origin-Server
X-Zen-Fury
X-Correlation-Id
X-ORACLE-APMCS-REQUEST-ID
DynaTrace
X-Mobile-Rewrite
X-ORACLE-APMCS-TAG
X-Content-Powered-By
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Fastcgi-Cache
X-Daa-Tunnel
X-Geo-Country
X-N
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
Accept-Charset
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-Varnish-Backend
Cache-Tags
X-B
X-Ser
DC
X-Varnish-Grace
Paypal-Debug-Id
X-Rid
X-Amz-Replication-Status
X-Esi
X-Type
X-WebKit-CSP-Report-Only
X-RateLimit-Remaining
Retry-After
X-Signature
X-App-Environment
X-Whom
X-Git-Hash
X-B-Cache
Section-Io-Cache
Surrogate-Key
X-FB-Debug
X-Content-Options
X-TT
X-Request-Guid
Host
X-Az
X-AppVersion
X-Edge
X-Activity-Id
Fastcgi-Useragent
X-IPLB-Instance
X-Endurance-Cache-Level
X-Status
Frame-Options
Actual-Object-TTL
X-Debug-Info
X-Via-JSL
Nel
Healthy
X-HTML-Minification-Powered-By
X-ATG-Version
Srv
MicrosoftSharePointTeamServices
X-Release
X-AOL-HN
Content-Disposition
X-Contextid
X-Cache-Action
X-Amzn-RequestId
X-Seen-By
X-App-Server
Backend-Timing
X-ATS-Timestamp
Refresh
X-Amz-Apigw-Id
X-ECACHE
From-Origin
Access-Control-Allow-Method
X-Protected-By
X-Pinterest-Direct
X-B3-Sampled
X-Accel-Buffering
X-Response-Served-From
X-RemovedCookies
X-Mid
X-ProcessESI
X-MCACHE
X-Is-Bot
X-Tumblr-User
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-0
X-Region
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Cache-Rule
X-Tumblr-Pixel
X-Rendered-As
X-Cacheable-TTL
Uber-Trace-Id
X-Cache-Operation
X-L-Path
X-WA-Info
X-Environment-Context
X-FW-Static
X-Rule
X-FW-Type
X-Upgrade-Enabled
X-Varnish-Server
X-UUID
X-Drupal-Cache-Tags
X-FW-Server
X-FW-Hash
Eomportal-Instance
X-Cache-Time
X-FW-Serve
Datacenter
X-Instance
X-FW-Dynamic
Payment
X-Adobe-Loc
MS-CV
X-Adobe-Content
Countrycode
X-Litespeed-Cache
X-Time
X-Proxy
X-Host-Name
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Cached-By
X-Mobile
Xserver
X-NewRelic-App-Data
X-Cache-Server
X-Cache-Control
X-Load-Cache
X-PHP-Backend
X-UnsetCookies
Source
Server-Info
Access-Control-Request-Headers
X-Azure-Ref
Accept-Language
X-Air-Hostname
X-SERVER-NAME
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-NGENIX-Cache
X-Backend-Name
X-GeoIP
X-Tt-Trace-Tag
X-Origin-Response-Time
X-Tt-Trace-Host
X-Handled-By
X-Akamai-Transformed
X-Cache-NGX
X-Framework
X-Webkit-CSP
Version
Liferay-Portal
X-Presslabs-Stats
X-NWS-UUID-VERIFY
X-Pass-Why
Filterid
X-Mode
X-CSRF-Token
X-XRDS-LOCATION
X-Unique-Id
X-Correlation-ID
X-Wix-Request-Id
X-URL
X-FireWall-Port
X-RateLimit-Limit
Load-Balancing
X-CCM
X-Cache-Var-Map
X-LJ-Flow-ID
X-Vcache
X-APP-VERSION
X-RN-RSRV
X-Routing-Service
Meta-Geo
X-Zipkin-Id
X-AWS-Id
Cross-Origin-Window-Policy
X-Adobe-Source
Cache-Status
X-Proxied
X-ES-SERVER
X-Via-Fastly
X-Path-Route
X-Cache-Var
X-VWS-Id
X-UPSTREAM-Address
X-UA-Device-Type
X-Locale
X-NCache
X-Viewer-Country
X-Detected-As
X-Site-Version
Cache-Hits
Now
X-Cluster
X-TX-ID
X-PERF
X-Cache-Status-Check
Cache
X-Real-IP
X-Www-Served-By
X-MP-GENERATED-AT
X-Tumblr-Pixel-2
DSUID
ServedBy
X-Tumblr-Pixel-1
X-IP
X-Pubstack
X-ApacheServer
Cleartype
DB-Nickname
Cache-Name
Cache-Tv-Group
Apigw-Requestid
X-Cache-Config
X-Amzn-Remapped-Content-Length
X-Info
Section-Origin-Responded
X-Bc-Bl
X-Hyper-Cache
Akamai-GRN
S-Rt
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-ServerID
Decoy-Debug-TTL
X-Redis-Cache
X-R9-Blue-Green-Version
X-Web-Node
X-Device-Type
Section-Io-Origin-Status
Decoy-Debug-Status
X-Storage
Mn-Server-Ip
Decoy-Debug-Key
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Qloud-Router
X-Human
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
X-Labrador-Cache-Channel
X-PHP-Host
X-Time-Microsecs
X-PCL
X-Varnish-Cache-Hits
X-Origin-Hint
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Shopify-Stage
X-Cache-2
X-OCL
X-Hosted-By
Webserver
X-Alternate-Cache-Key
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Cache-Enabled
X-Cache-Host
X-FW-Version
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-CS
TWC-Privacy
Fastly-SSL
Property-Id
X-Access
X-SaId
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-FB-TRIP-ID
X-Proxy-Build
X-Timing-Wait
X-TNCMS
X-Format
X-Section
Azure-SlotName
X-NYM-Debug-Backend
X-ProxyCache-Key
X-Hl-Ver
X-Loop
X-JoinUs
Selected-Fe
X-Content-Age
X-ProxyCache-Status
X-BCube-Filmed-By
Azure-Version
X-Geo
X-Origin
X-BYPASS-REASON
X-RTag
X-IPS-LoggedIn
X-Urbn-Context-Path
Ms-Operation-Id
X-From
X-Urbn-Site-Id
Origin-Cache-Control
Locale
X-VCache
NGB
X-Cache-Remote
Ec-Rule-Version
X-No-Session
X-Ua
X-Generated
X-Drupal-Cache-Contexts
X-Cache-TTL-Remaining
X-PressLabs-Stats
X-EC-Lua
X-CDN-Forward
Time
Origin-Edge-Control
X-Debug-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
SD-X-WS
Country
X-Storefront-Renderer-Rendered
X-Xfnlog-Site
X-SRV
X-Soup
X-Pad
X-Backend-TTL
X-Source
X-Proto
X-Old-Content-Length
X-Varnish-Hostname
X-Akamai-Request-ID
X-Cluster-Node
Upgrade-Insecure-Requests
X-Tb
X-NC
X-TA-CDN-Provider
GEO-INFO
X-App-Version
Referer-Policy
X-Parent-Response-Time
LB
Proxy-Connection
User-Agent
X-Cache-PHP
X-RequestSource
X-Cache-NE
Cache-Key
X-Cache-Backend
X-RCS-CacheZone
X-Client-Ip
X-DC
X-App
X-FORWARDED-FOR
X-Magnolia-Registration
NGX
X-Origin-TTL
X-Origin-CC
Geo-Info
X-PAYTM-SRV-ID
X-A-Wwc
X-Trace-Id
Arc-Country
X-Application
X-Date
X-Transaction
X-Vdms-Version
X-D
AsisCache
X-Processor
T-Server
X-Generation-Time
IsBot
X-A-Dcw
X-Geo-Header
BehaviorPad-Version
X-Destination
X-A-Dgt
M-TraceId
Machine
On-Server
X-Cms-Context
Pragrma
X-ARC
N-Cache
X-Aed
X-Accel-Expires-Debug
Meta-Geo-Continent
X-Connection-Hash
Rendered-Blocks
X-CF-Lambda-Fn
X-Trv-Group
AKAMAI
X-NodeID
X-Twitter-Response-Tags
MD5-Digest
X-Nginx-Cache-Key
X-CF-Lambda-Version
Mobile-Detection-Method
X-AIR-PT
X-B-Cookie
X-SIPLIST1
X-Vtex-Processado-Em
X-Dispatch
X-A
X-Vdms-Path
X-Vtex-Remote-Cache
X-Edge-Location
X-A-Ccd
GEO-REGION-INFO
Who
X-VG-WebServer
X-VG-WebCache
X-Swa-Ws
X-Cache-Grace
X-SVT-ORM-VERSION
X-SRCache-Key
Xc-Version
X-SVT-ORM-RULES
CacheControlHeader
X-External-Request-Id
X-G
Content-Script-Type
Content-Style-Type
UCS
True-Client-Country-4JS
X-A-Dam
X-Developer
X-Region-Sid
X-Response-By
X-Rewrite-Enabled
X-ScT
X-SD-PageType
Viewtype
VivaBuild
X-Scheme
X-S-Cookie
X-Rojux
X-S
Fastcgi-X-Cache-Version
X-Distributor
User-Cache-Control
X-Tumblr-Pixel-3
OT-Force-Account-Verify
Node
X-Proxy-Cache-Status
X-Device-Os
X-Block-Status
Thinkindot-Control
Thinkindot-CacheControl-Type
V-Age
X-Developers
X-DevSite-Last-Modified
We-Hiring
Web-Mar-Node
X-Bip
Gh-Request-Id
Thinkindot-CacheControl
Vix-Hermes-Req-Id
Viewport
Kp-EeAlive
X-Clara-WADP
Mail-Subject
X-Cache-URL
Release
Pagetype
MIME-Version
NM-Fastcgi-Cache
X-Cache-Info
Server-Ext
Sever-Int
X-Auto-Login
X-Cache-Bucket
X-Cache-FS-Status
Server-Host
Server-Hostname
X-Dispatcher-Server
X-JWT-State
X-Method
X-Micro-Cache
X-Thanos
X-Node-Id
X-VC-Cache
X-Matched-Rule
X-Level-Front-Cache
X-Location
X-Logging-Id
X-Worker
FNAC-ModuleRouting
X-ServiceProvider
X-WADP-Cache
X-Server-W
X-Reqid
X-Skip-Cache
X-RateLimit-Remaining-Second
X-Owner
X-SN
X-RateLimit-Limit-Second
X-LAGOON
X-Loc
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Generated-On
X-Fmm-Version
Apple-News-Services-Parsed-Url
X-Gen-Mode
X-Hash
X-Hnp-Log
X-Is-Gdpr
X-Key
X-User
X-Has-Esi
X-Thinkindot-L3
X-Cluster-Name
X-Generated-In
X-Var-Ttl
X-We-Are-Hiring
X-Uri
X-Servername
X-Backend-Host
X-TrackingId
X-Varnish-Authentication
X-Request-UUID
X-TH-Server
X-Variation
X-BBXSRF
X-VServer
X-Varnish-Cacheable
X-Slack-Backend
X-Wikidot-Static-Cache
X-Irp-Debug
X-Compress-Hint
X-Clientip
X-Mvc-Supplant-Cachable
X-Contensis-Viewer-Groups
X-Core-Mission
X-Esi-Check
X-Fastly-Cache
X-Gzip
X-Core-Value
X-NU-AKA-ACS-Version
X-Cache-Tags
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Cache-ASPX
X-Req
X-Webstats-RespID
X-Wikidot-Backend
X-Origin-Date
X-Origin-Expires
X-Cache-Id
X-Policy
X-Request-Host
X-Backend-State
X-Varnish-Beresp-Ttl
Adler-Geo
ServerName
X-Forwarded-Host
Is-Eu
Rt-Fastcgi-Cache
Platform
Fastly-SWR
X-Varnish-Beresp-Status
Fastly-SIE
C-Via
Magicmarker
X-Agile
X-Agile-Age
X-Agile-Id
Wxu-Next-Region
CDCHOST
FilterID
Wxu-Next-Commit
X-Varnish-Beresp-Grace
Wxu-Next-Hostname
X-Hit
X-Newrelic-Synthetics
HA-Ipaddr
X-Li-Pop
Ha-Gx-Prefs
X-LI-Proto
Fastly-Drupal-HTML
Fastly-Backend-Name
X-GoCache-CacheStatus
X-Up
X-Eu-Site
X-Epic-Correlation-Id
X-Li-Fabric
X-Envoy-Decorator-Operation
X-Distil-CS
Memcached
X-CGP
X-Reboot
X-Session-Fingerprint
X-VG-TLSProxy
X-Via-CDN
X-LI-UUID
L5d-Success-Class
W
X-Dc
Sid
Cache-Cookie-Set-From
RNT-Time
RNT-Machine
X-Minions-Version
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Srv
X-Wa
X-Be
X-ZONE
X-BC
X-ElasticPress-Query
X-Nc
X-Aicache-OS
X-Configured-By
X-Refresh
X-Varnish-URL
X-Batcache
Cf-Ipcountry
X-UA
X-Branch-Name
X-Cache-Debug
X-Ua-Device
HostName
DCR-Decision-By
DCR-Processing-Time-Ms
X-Nginx-Cache
X-Servedbyhost
X-Mvc-Supplant-OutputCached
CACHE
S-Cnection
X-B3-Traceid
X-MSEdge-Features
X-Ratelimit-Reset
X-Varnishpool
Memory
X-Instart-Info
X-Fastly-Cache-Status
Pramga
X-MSEdge-Flight
Hostname
Location
X-Platform-Server
X-Cdn-Forward
X-Original-Request-Id
X-PF-Uncompressing
X-Varnish-Ttl
X-ND-Cache
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopV
X-Via-PopH
HitType
X-BE
X-Sucuri-ID
X-TIME
X-VCL-Version
X-Zone
X-Microcachable
NtCoent-Length
X-Bc
X-TT-TIMESTAMP
X-Pjax-Url
X-Ms-Version
X-Ms-Request-Id
X-LB-ID
X-Sucuri-Cache
X-COUNTRY
X-Check-Cacheable
Esi-Enabled
X-Debug-Panamera-Sitecode
X-FPC
X-CF-Powered-By
X-Debug-Panamera-Host
Powered-By-ChinaCache
X-Oss-Server-Time
GeoIP-Country-Code
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-OVcl-Cache
X-Oss-Storage-Class
X-OVcl
Resin-Trace
X-VarnishDD-TTL
X-Vgn-Hpd-Ssi
X-GEO
L
Server-ID
X-Instart-Isnd
GeoIP-Latitude
X-Azure-Ref-OriginShield
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-App-Name
PFcat
Ohc-File-Size
FSS-Cache
X-Server-IP
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
X-Cdn-Srv
X-BACKEND-TTL
X-Platform
Cache-Host
X-Render-Time
Server-Cache-Control
X-Generated-By
Server-Surrogate-Control
X-Svr
X-HS-Status
X-CUA
X-S-Maxage
Cteonnt-Length
X-Unique-ID
X-Ratelimit-Remaining
Ohc-Response-Time
X-VHOST
Geoip-Latitude
X-Fastly-Country-Code
Tracecode
X-Rocket-Nginx-Bypass
X-PJAX-URL
X-Fpc
Epwk-X-Cache
X-Cache-Expired-At
GeoIp-Country-Code
Pics-Label
X-CACHE-KEY
X-CSRF-TOKEN
X-RunCloud-Cache
Backend-Name
X-Vcl-Version
Backend
SRV
X-Newrelic-App-Data
X-Varnish-Hits
X-Edge-Server
Cdn-Request-Time
X-Pf-Uncompressing
Heartbleed
Locid
X-Via-Popv
X-Via-Poph
Request-EU
Request-Country
Amp-Access-Control-Allow-Source-Origin
Cdn-Host
X-VCT
SN
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
X-NGINX-Cache
X-Csrf-Jwt
X-Request-URI
X-CACHE-AGE
X-Oracle-Dms-Rid
X-Ratelimit-Limit
WWW-Authenticate
X-ECache
Lfy
X-ServedByHost
X-StackifyID
X-Gamma-Serve
XServer
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Varnish-Url
X-Request-Time
X-Sigma
X-Sigma-Backend
X-Nananana
Host-ID
X-Rocket-Build-Number
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-Tec-Api-Version
CF-IPCountry
X-DPWN-IS-SECURE
X-Oss-Cdn-Auth
X-Tec-Api-Root
X-Tec-Api-Origin
NR-ENABLED
WPE-Backend
URI
X-Debug-Cache-Fetch
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-LiteSpeed-Cache-Control
X-Debug-Cache-Store
X-WebServer
X-Apw-Access-Object
Lb
X-WA
X-Cache-Tag
Cloudfront-Viewer-Country
Product
SID
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
Country-Code
CDN-Cache
CDN-CachedAt
X-B3-Spanid
Server-Ttl
X-Debug-Cache-Status
X-Debug-Cache-String
X-Debug-Do-Not-Cache-Uri
X-Debug-Xas-Auth
X-Debug-Ysi-Auth
X-Proxy-Upstream
X-Debug-Cache-Bypass
X-Shopify-Generated-Cart-Token
PICS-Label
X-Cache-Version
Dnion-Transfer-Encoding
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Amz-Meta-Cb-Modifiedtime
X-Acquia-Application-Trace
Ohc-Cache-HIT
X-Sn-Servicetimems
Surrogated-Key
X-Via-Ucdn
Cneonction
WZWS-RAY
X-Tb-Optimization-Total-Bytes-Saved
X-Cdn-Origin
My-App
X-Fetched-On
Proxy-Firewall
X-ElasticPress-Search
X-Fastly-Cache-Hits
A
X-APP
X-WR-MODIFICATION
X-Request-URL
X-GeoIP-Country-Code
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-SB
Cf-Alt-Svc
Inserted-Into-Cache-At
X-Snapshot-Date
X-VC
X-Swift-Error
Warning
X-IN-APIGATEWAY
FSS-Proxy
X-Varnish-Beresp-TTL
X-Html-Edge-Cache