Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
Status
X-Ua-Compatible
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
X-Age
P3p
X-Cache-Group
X-Robots-Tag
Feature-Policy
X-Proxy-Cache
Request-Context
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
Cf-Railgun
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Cache-Lookup
X-Readtime
X-Backend-Server
X-Node
X-Dispatcher
X-Origin-Upstream-Status
NEL
X-HW
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-Ruxit-JS-Agent
X-Country
X-ORACLE-DMS-RID
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
X-Url
Edge-Control
X-Rack-Cache
X-Clacks-Overhead
Accept-CH
X-Px
RTSS
MS-Author-Via
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
Accept-CH-Lifetime
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
Public-Key-Pins
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Middleton-Response
Pagespeed
X-Forwarded-Proto
Display
X-Middleton-Display
X-Sol
Response
X-Amz-Server-Side-Encryption
X-DynaTrace
X-Cache-TTL
Host-Header
X-Pass-Why
X-D2id
X-Content-Type
X-Amz-Rid
Pinterest-Generated-By
TCN
X-NF-Request-ID
X-CST
X-Vcap-Request-Id
X-Cached
X-Abt-Application-Version
X-VARITI-CCR
AR-ATIME
AR-PoweredBy
AR-Request-ID
Accept-Ch
Ar-Sid
AR-CACHE
X-ESI
X-Navigation-Version
X-Ttl
X-Version
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Upstream
X-Powered-CMS
X-Instart-Request-ID
Accept-Ch-Lifetime
X-Debug
X-Grace
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Access-Control-Request-Method
X-MSEdge-Ref
Charset
Nginx-Cache
X-Accel-Expires
X-XRDS-Location
Content-MD5
X-Element-Page-Cache
Realpath
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
SPIisLatency
Mrf-Cache-Status
SPRequestDuration
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-DynaTrace-JS-Agent
S
X-SharePointHealthScore
SPRequestGuid
X-Pinterest-Rid
Pinterest-Version
X-Shield-Request-Id
X-TTL
X-Hp-Webp
X-Jurisdiction
X-Cdn
X-Dw-Request-Base-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Client-IP
X-Trace
X-Kinsta-Cache
X-T
Fastcgi-Cache
X-Node-Name
X-Content-Digest
X-FastCGI-Cache
X-Logged-In
X-Server-ID
X-Mobile-URL
X-NWS-LOG-UUID
X-Cache-Key
TP-Cache
TP-L2-Cache
X-Cache-Hit
X-Request-Received
X-Frontend
Server-Node
X-Request-Processing-Time
X-Cache-Age
X-Hostname
X-Oneagent-Js-Injection
ServerID
Front-End-Https
X-Amzn-Trace-Id
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
Fastly-Restarts
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-Forwarded-For
Edge-Cache-Tag
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Server-Name
X-Yandex-Sdch-Disable
Powered
PB-PID
Arc-Version
PB-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Revision
DynaTrace
Filters
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Page-Id
X-DIS-Request-ID
X-Zen-Fury
X-LB-Cache
X-F-Cache
X-Hits
X-Jobs
X-Akamai-Edgescape
X-Mobile-Rewrite
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Accept-Charset
X-Content-Powered-By
X-Geo-Country
X-Origin-Server
Alternate-Protocol
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Fastcgi-Cache
X-Correlation-Id
X-Varnish-Age
X-FTR-Cache-Host
X-N
AMP-Access-Control-Allow-Source-Origin
X-B
Nel
X-Daa-Tunnel
X-Varnish-Backend
Cache-Tags
X-RateLimit-Remaining
X-Ruxit-Js-Agent
X-Rid
X-ATS-Timestamp
Backend-Timing
X-Az
X-AppVersion
X-Activity-Id
DC
X-Type
X-WebKit-CSP-Report-Only
X-Varnish-Grace
Retry-After
X-Amz-Replication-Status
MicrosoftSharePointTeamServices
X-Via-JSL
X-Whom
Surrogate-Key
Section-Io-Cache
X-Git-Hash
X-FB-Debug
X-Signature
X-B-Cache
X-Request-Guid
Paypal-Debug-Id
X-App-Environment
X-TT
X-Content-Options
X-Status
Host
X-Edge
X-Debug-Info
X-Esi
Frame-Options
Actual-Object-TTL
X-ATG-Version
X-Ser
Fastcgi-Useragent
X-App-Server
X-IPLB-Instance
Healthy
X-Endurance-Cache-Level
X-AOL-HN
X-Contextid
X-Amzn-RequestId
X-HTML-Minification-Powered-By
X-Seen-By
X-Cache-Action
X-ECACHE
X-B3-Sampled
Srv
Refresh
From-Origin
X-Pinterest-Direct
X-Host-Name
X-Amz-Apigw-Id
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-RemovedCookies
X-Cache-Rule
X-Accel-Buffering
X-Response-Served-From
X-Instance
X-Drupal-Cache-Tags
X-ProcessESI
X-Cache-Operation
X-Protected-By
VIX-Pulpo-Upstream-Status
X-MCACHE
VIX-Pulpo-Node
X-Rule
X-Is-Bot
X-Rendered-As
X-UUID
Content-Disposition
X-Mid
X-Cacheable-TTL
Odigeo-Trace-Id
X-Region
X-WA-Info
Payment
MS-CV
Datacenter
Eomportal-Instance
X-Environment-Context
X-L-Path
Source
X-FW-Type
X-FW-Static
X-Varnish-Server
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Adobe-Loc
X-Adobe-Content
X-Cache-Time
Countrycode
X-Time
Xserver
X-Litespeed-Cache
X-Cache-Control
X-Release
X-Cached-By
X-PressLabs-Stats
Uber-Trace-Id
Cache-Status
X-Proxy
X-Akamai-Request-ID2
X-EdgeConnect-Cache-Status
X-Cache-Server
X-UnsetCookies
X-Load-Cache
X-VCache
X-GeoIP
X-Mobile
X-Akamai-Transformed
X-Webkit-CSP
X-NewRelic-App-Data
X-Azure-Ref
X-PHP-Backend
X-Yottaa-Optimizations
Access-Control-Request-Headers
X-Yottaa-Metrics
X-Correlation-ID
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Wix-Request-Id
X-SERVER-NAME
X-Mode
Version
X-Handled-By
X-Cluster
X-Air-Hostname
X-NGENIX-Cache
Accept-Language
X-IPS-LoggedIn
Liferay-Portal
Cache
X-NWS-UUID-VERIFY
X-Cache-NGX
X-Backend-Name
NGB
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Framework
X-XRDS-LOCATION
X-FireWall-Port
X-CCM
X-Cache-Var
X-Cache-Remote
X-LJ-Flow-ID
X-Locale
Meta-Geo
X-CSRF-Token
Load-Balancing
X-Cache-Status-Check
X-Cache-Var-Map
X-PERF
Filterid
X-Zipkin-Id
X-VWS-Id
X-ApacheServer
X-AWS-Id
X-Routing-Service
X-RN-RSRV
Cross-Origin-Window-Policy
X-Adobe-Source
X-URL
X-Via-Fastly
X-UA-Device-Type
X-ES-SERVER
X-UPSTREAM-Address
X-Proxied
X-Path-Route
Mn-Server-Ip
X-Storage
DSUID
X-Ua
Decoy-Debug-TTL
X-MP-GENERATED-AT
X-Www-Served-By
X-TX-ID
X-Detected-As
X-Viewer-Country
X-PCL
X-R9-Blue-Green-Version
X-Site-Version
X-Qloud-Router
X-OCL
X-Real-IP
Cache-Hits
Decoy-Debug-Key
Decoy-Debug-Status
ServedBy
X-Say-Cacheable
X-Say-TTL
Cache-Name
Fastly-SSL
X-APP-VERSION
Ms-Operation-Id
Section-Io-Origin-Time-Seconds
Now
X-SayCDN-TTL
X-RTag
X-Cache-Config
X-Human
X-NCache
X-IP
X-Format
X-Redis-Cache
X-Bc-Bl
Section-Origin-Responded
X-Access
Section-Io-Id
Section-Io-Origin-Status
Cleartype
X-Pubstack
Akamai-GRN
X-Info
X-Section
TWC-Connection-Speed
Webserver
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
X-Alternate-Cache-Key
S-Rt
Property-Id
X-Cache-Enabled
X-BYPASS-REASON
TWC-Device-Class
TWC-Locale-Group
X-CS
X-Sorting-Hat-PodId
X-Labrador-Cache-Channel
X-Sorting-Hat-ShopId
X-PHP-Host
X-ProxyCache-Status
X-Shopify-Stage
X-No-Session
X-ServerID
X-ShardId
X-Geo
X-ShopId
X-Hosted-By
X-Hl-Ver
X-FC-Vary-Parameters
Cache-Tv-Group
X-EIG-Tracking-Id
X-Device-Type
X-Web-Node
X-Varnish-Cache-Hits
X-ProxyCache-Key
X-FW-Version
X-Origin-Hint
X-SaId
X-Timing-Wait
X-TNCMS
X-BCube-Filmed-By
X-Time-Microsecs
X-Origin
X-Proxy-Build
X-Generated
X-Content-Age
X-From
X-FB-TRIP-ID
X-JoinUs
Selected-Fe
X-NYM-Debug-Backend
X-Loop
X-Cache-Host
X-Amzn-Remapped-Content-Length
X-Hyper-Cache
DB-Nickname
Server-Info
Origin-Cache-Control
Ec-Rule-Version
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-RateLimit-Limit
Azure-Version
Azure-SiteName
X-RequestSource
Origin-Edge-Control
X-Xfnlog-Site
X-Drupal-Cache-Contexts
X-Unique-Id
X-Cache-TTL-Remaining
X-Cache-2
Time
SD-X-WS
X-EC-Lua
Geo-Info
X-Urbn-Site-Id
Country
X-Urbn-Context-Path
Locale
X-Goog-Meta-Goog-Reserved-File-Mtime
User-Agent
X-Pad
Apigw-Requestid
X-Presslabs-Stats
X-Old-Content-Length
X-Varnish-Hostname
X-Source
X-Cluster-Node
X-Cache-NE
Upgrade-Insecure-Requests
FilterID
X-Debug-Cache
X-Soup
X-RCS-CacheZone
X-Akamai-Request-ID
X-Vcache
X-Parent-Response-Time
X-Cache-Backend
X-App-Version
X-Proto
X-CDN-Forward
X-Backend-TTL
X-Tb
Proxy-Connection
X-DC
X-Cache-Grace
X-Cache-PHP
X-Proxy-Cache-Status
X-Forwarded-Host
X-Srv
X-Storefront-Renderer-Rendered
X-Tumblr-Pixel-3
X-Matched-Rule
X-CF-Lambda-Fn
X-NodeID
X-Nginx-Cache-Key
X-CF-Lambda-Version
Xc-Version
X-Method
T-Server
UCS
True-Client-Country-4JS
X-Uri
Viewtype
X-Region-Sid
GEO-REGION-INFO
X-Processor
Rendered-Blocks
ServerName
Thinkindot-CacheControl
X-PAYTM-SRV-ID
Thinkindot-CacheControl-Type
Server-Host
N-Cache
IsBot
Content-Script-Type
X-Generated-On
X-Developer
M-TraceId
X-Destination
Content-Style-Type
X-DevSite-Last-Modified
X-External-Request-Id
FNAC-ModuleRouting
X-Dispatch
Fastcgi-X-Cache-Version
X-G
BehaviorPad-Version
AsisCache
Cache-Key
Mobile-Detection-Method
VivaBuild
Pagetype
X-Connection-Hash
Meta-Geo-Continent
X-D
Machine
Arc-Country
MD5-Digest
X-Date
X-Geo-Header
X-Level-Front-Cache
Thinkindot-Control
X-A-Ccd
X-SIPLIST1
X-Twitter-Response-Tags
X-A-Dam
X-Trv-Group
X-Session-Fingerprint
X-ServiceProvider
X-SD-PageType
X-SRV
X-Application
X-A
X-A-Dcw
X-VG-WebServer
X-Accel-Expires-Debug
X-Aed
X-Vtex-Processado-Em
X-Thinkindot-L3
X-Vtex-Remote-Cache
X-Trace-Id
X-A-Dgt
X-A-Wwc
X-Transaction
X-SRCache-Key
X-ScT
X-FORWARDED-FOR
X-Response-By
X-Rewrite-Enabled
WPE-Backend
X-S
X-B-Cookie
X-Vdms-Version
X-Vdms-Path
Who
X-Reqid
NR-ENABLED
X-Rojux
X-VG-WebCache
X-Scheme
X-ARC
X-S-Cookie
OT-Force-Account-Verify
X-Nc
NGX
X-App
User-Cache-Control
X-Device-Os
X-Dispatcher-Server
Mail-Subject
Magicmarker
X-Agile-Id
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
X-Developers
Kp-EeAlive
X-Bip
Release
X-Cache-Info
Sever-Int
X-Cache-URL
Server-Hostname
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Web-Mar-Node
Viewport
V-Age
Server-Ext
Wxu-Next-Region
On-Server
NM-Fastcgi-Cache
X-Core-Value
X-Agile
X-Compress-Hint
Vix-Hermes-Req-Id
RNT-Time
RNT-Machine
X-Clara-WADP
X-Cms-Context
X-Agile-Age
X-Hash
X-Backend-State
X-SN
X-Node-Id
X-WADP-Cache
X-Skip-Cache
X-Micro-Cache
X-Swa-Ws
X-Thanos
X-Be
X-Location
X-Logging-Id
X-Worker
X-Wikidot-Static-Cache
LB
X-Servername
X-Req
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-AIR-PT
X-Cluster-Name
X-Owner
X-Policy
X-User
X-LAGOON
Apple-News-Services-Request-Url
CDCHOST
X-Generated-In
Apple-News-Services-Parsed-Url
X-Generation-Time
CacheControlHeader
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Hnp-Log
Apple-News-Services-Host
Apple-News-Services-Handled
X-Varnish-Cacheable
Node
X-VC-Cache
X-Magnolia-Registration
X-NC
AKAMAI
Cache-Cookie-Set-Idcheck
X-Gen-Mode
X-Fmm-Version
X-Envoy-Decorator-Operation
X-Origin-TTL
Sid
X-Origin-CC
X-Hit
X-Request-UUID
X-VServer
X-BBXSRF
X-TrackingId
X-Request-Host
X-Server-W
X-Variation
X-We-Are-Hiring
X-Slack-Backend
X-VG-TLSProxy
X-Var-Ttl
X-TH-Server
X-Origin-Expires
X-Has-Esi
X-Irp-Debug
X-Is-Gdpr
X-Core-Mission
X-Gzip
X-Fastly-Cache
X-Esi-Check
X-Epic-Correlation-Id
X-Distributor
X-Distil-CS
X-JWT-State
X-Loc
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Reboot
X-Cache-Id
X-Cache-Tags
X-Eu-Site
X-Clientip
X-CGP
X-Mvc-Supplant-Cachable
X-Origin-Date
X-Webstats-RespID
X-Cache-Debug
HA-Ipaddr
Ha-Gx-Prefs
Is-Eu
L5d-Success-Class
Platform
Gh-Request-Id
Fastly-SWR
Adler-Geo
S-Cnection
C-Via
Fastly-Drupal-HTML
Fastly-SIE
Rt-Fastcgi-Cache
X-Newrelic-Synthetics
W
X-Auto-Login
Cf-Ipcountry
X-TA-CDN-Provider
X-Cache-ASPX
Memcached
X-LI-UUID
X-LI-Proto
X-Branch-Name
X-GoCache-CacheStatus
X-Li-Fabric
X-Li-Pop
X-Varnish-Authentication
X-Backend-Host
X-NU-AKA-ACS-Version
X-SVT-ORM-RULES
X-Configured-By
X-SVT-ORM-VERSION
X-Contensis-Viewer-Groups
X-Varnish-Beresp-Status
Referer-Policy
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Edge-Location
X-Key
HostName
X-Wa
X-Dc
X-Microcachable
Pragrma
X-Instart-Info
X-Cdn-Forward
X-Refresh
X-Envoy-Upstream-Healthchecked-Cluster
X-Via-PopH
X-Via-PopV
X-Platform-Server
X-Varnish-URL
Fastly-Backend-Name
X-Ms-Request-Id
X-Ms-Version
GEO-INFO
MIME-Version
X-TT-TIMESTAMP
X-UA
X-ZONE
X-Via-CDN
X-BC
X-Up
X-Servedbyhost
X-Mvc-Supplant-OutputCached
X-Ua-Device
NtCoent-Length
Esi-Enabled
X-TIME
X-Bc
Memory
X-MSEdge-Features
X-MSEdge-Flight
X-Minions-Version
X-Zone
X-Batcache
X-Vgn-Hpd-Reason
X-B3-Traceid
L
X-Nginx-Cache
X-App-Name
Server-ID
Tracecode
X-ElasticPress-Query
X-BACKEND-TTL
X-VCL-Version
X-Server-IP
X-Aicache-OS
X-ND-Cache
X-Sucuri-ID
X-Pjax-Url
Ohc-File-Size
Cache-Host
CACHE
X-Unique-ID
X-Svr
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
X-Cdn-Srv
Server-Cache-Control
GeoIP-Country-Code
X-FPC
DCR-Processing-Time-Ms
X-COUNTRY
DCR-Decision-By
X-Generated-By
X-CF-Powered-By
Server-Surrogate-Control
X-S-Maxage
FSS-Cache
X-Fastly-Cache-Status
X-Azure-Ref-OriginShield
Location
X-PF-Uncompressing
GeoIP-Latitude
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Ohc-Response-Time
Powered-By-ChinaCache
X-Oss-Server-Time
X-Oss-Object-Type
X-CLOUD-TRACE-CONTEXT
Pramga
X-VCT
X-Rocket-Nginx-Bypass
Resin-Trace
HitType
X-Check-Cacheable
X-GEO
X-BE
X-Varnishpool
Hostname
X-LB-ID
X-Ratelimit-Reset
Request-EU
Locid
Request-Country
X-Varnish-Ttl
PFcat
Heartbleed
X-Sucuri-Cache
X-VarnishDD-TTL
Cteonnt-Length
X-Varnish-Hits
X-Client-Ip
X-OVcl
X-Vgn-Hpd-Ssi
X-Vgn-Hpd-Cached
Amp-Access-Control-Allow-Source-Origin
X-OVcl-Cache
X-Vgn-Hpd-Variations-Key
X-Request-URI
Cdn-Request-Time
SRV
Cdn-Host
X-Fpc
X-Original-Request-Id
Lfy
X-Platform
X-Edge-Server
X-Fastly-Backend-Reqs
X-Instart-Isnd
X-CACHE-KEY
X-VHOST
X-Render-Time
X-Newrelic-App-Data
Geoip-Latitude
GeoIp-Country-Code
X-Fastly-Country-Code
X-Gamma-Serve
X-HS-Status
X-Cache-Expired-At
X-PJAX-URL
X-CSRF-TOKEN
CF-Cached-On
X-Shopify-Generated-Cart-Token
SN
X-Vcl-Version
X-Pf-Uncompressing
X-CUA
X-WebServer
WZWS-RAY
X-Ratelimit-Remaining
X-NGINX-Cache
X-Ratelimit-Limit
X-CACHE-AGE
X-Oracle-Dms-Rid
Product
X-Proxy-Upstream
Epwk-X-Cache
Mime-Version
My-App
X-Cdn-Origin
WWW-Authenticate
X-Fetched-On
X-Varnish-Url
Pics-Label
X-Sn-Servicetimems
X-ServedByHost
X-ECache
URI
X-RunCloud-Cache
X-StackifyID
Ohc-Cache-HIT
XServer
X-GeoIP-Country-Code
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Backend-Name
Backend
X-Ftr-Cache-Host
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Oss-Cdn-Auth
X-Csrf-Jwt
Dt-Cache-Category
X-Via-Poph
X-Via-Popv
CloudFront-Viewer-Country
A
X-B3-SpanId
X-Request-Start
X-Debug-Cache-Store
PICS-Label
X-Debug-Cache-Fetch
Lb
X-Swift-Error
X-Request-Time
Server-Ttl
X-Debug-Do-Not-Cache-Uri
Cloudfront-Viewer-Country
X-Debug-Cache-String
Cdn
Host-ID
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
Group
X-Cache-Tag
X-Debug-Cache-Bypass
X-Debug-Cache-Status
X-Debug-Xas-Auth
SID
X-LiteSpeed-Cache-Control
X-Nananana
X-Debug-Ysi-Auth
X-Served-From
X-Cache-Version
CF-IPCountry
X-Acquia-Purge-Tags
Dnion-Transfer-Encoding
X-Cache-Hfrom
X-Apw-Access-Object
X-WA
X-Acquia-Site
X-Apw-Hits
X-Apw-Access-Token
Proxy-Firewall
Cneonction
X-Cache-Hm
X-Apw-Access-Action
X-Acquia-Application-Trace
X-Varnish-Beresp-TTL
X-Acquia-Application-UUID
X-WR-MODIFICATION
X-APP
X-Snapshot-Date
FSS-Proxy
X-DPWN-IS-SECURE
Warning
Cf-Alt-Svc
X-Request-URL
X-Dw-Trace-Id
X-SB
X-VC
X-Html-Edge-Cache
X-Via-Ucdn
X-ElasticPress-Search
X-Varnish-ID
Req-ID
Origin
Inserted-Into-Cache-At