Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Xss-Protection
X-Served-By
Alt-Svc
X-Varnish
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
X-Drupal-Cache
X-Check
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Cacheable
X-Kinja-Server-Push
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Iinfo
X-Buckets
X-Ua-Compatible
Status
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
P3p
X-CDN
Upgrade
X-Request-ID
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Backend
X-Age
X-Server
X-AH-Environment
X-Turbo-Charged-By
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-UA-Device
X-Server-Powered-By
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Server-Id
Cf-Railgun
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Readtime
X-Cache-Lookup
X-Ac
X-Node
X-Backend-Server
X-Dns-Prefetch-Control
X-Dispatcher
NEL
X-Origin-Upstream-Status
Content-Location
X-HW
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
X-Ruxit-JS-Agent
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
Accept-CH
X-Country-Code
X-Cnection
X-Rack-Cache
X-Url
Edge-Control
RTSS
Accept-CH-Lifetime
Host-Header
MS-Author-Via
X-Clacks-Overhead
X-Px
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-GitHub-Request-Id
Arr-Disable-Session-Affinity
Public-Key-Pins
X-Forwarded-Proto
X-MS-InvokeApp
X-Amz-Server-Side-Encryption
X-Middleton-Response
X-Middleton-Display
Response
Display
X-Sol
Pagespeed
X-Cache-TTL
X-DynaTrace
X-Content-Type
X-D2id
X-Amz-Rid
X-NF-Request-ID
X-Cached
TCN
X-Vcap-Request-Id
X-Abt-Application-Version
X-VARITI-CCR
X-CST
X-Cdn
Pinterest-Generated-By
X-Ttl
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-CACHE
X-ESI
X-Navigation-Version
X-Version
X-Powered-CMS
X-Upstream
X-Fastly-Request-ID
Cache-Tag
X-Server-Name
X-Debug
X-Grace
X-XRDS-Location
X-Instart-Request-ID
Access-Control-Request-Method
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Charset
X-MSEdge-Ref
X-Element-Page-Cache
Nginx-Cache
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
Content-MD5
MRF-Tech
X-Mrf-Item-Lastmod
Accept-Ch
Realpath
X-Accel-Expires
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Shield-Request-Id
SPIisLatency
SPRequestDuration
X-Hp-Webp
SPRequestGuid
X-SharePointHealthScore
X-Jurisdiction
Pinterest-Version
X-Pinterest-Rid
Accept-Ch-Lifetime
S
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Id
X-Dw-Request-Base-Id
X-Kinsta-Cache
X-TTL
X-T
X-Content-Digest
X-Cache-Key
Fastcgi-Cache
X-Logged-In
X-Trace
X-Node-Name
X-NWS-LOG-UUID
TP-L2-Cache
TP-Cache
X-Mobile-URL
X-Hostname
Fastly-Restarts
X-Cache-Hit
ServerID
X-Request-Processing-Time
X-Request-Received
X-Frontend
Front-End-Https
X-Cache-Age
Server-Node
X-Amzn-Trace-Id
X-Oneagent-Js-Injection
X-Client-IP
X-FastCGI-Cache
X-Forwarded-For
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
Edge-Cache-Tag
X-Yandex-Sdch-Disable
X-FTR-Expires
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
Powered
X-Goog-Generation
Server-Name
X-Pass-Why
X-Server-ID
PB-RID
PB-PID
Arc-Version
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Page-Id
X-DIS-Request-ID
X-Hits
X-F-Cache
X-Revision
Filters
X-Jobs
X-LB-Cache
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Akamai-Edgescape
X-Correlation-Id
X-Fastcgi-Cache
X-Zen-Fury
Alternate-Protocol
DynaTrace
X-Origin-Server
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile-Rewrite
AMP-Access-Control-Allow-Source-Origin
X-Geo-Country
X-Content-Powered-By
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Accept-Charset
X-Daa-Tunnel
X-Varnish-Age
X-FTR-Cache-Host
X-N
X-RateLimit-Remaining
X-B
Cache-Tags
X-Ruxit-Js-Agent
X-Varnish-Backend
X-Rid
X-Varnish-Grace
X-Amz-Replication-Status
X-WebKit-CSP-Report-Only
Retry-After
X-Type
X-Git-Hash
DC
Host
X-Whom
X-Content-Options
Section-Io-Cache
Paypal-Debug-Id
X-App-Environment
X-Ser
X-TT
X-Request-Guid
Surrogate-Key
X-FB-Debug
X-Signature
X-B-Cache
X-Edge
X-Az
X-AppVersion
X-Activity-Id
X-Esi
Fastcgi-Useragent
X-Via-JSL
X-Debug-Info
X-IPLB-Instance
Frame-Options
X-Status
Actual-Object-TTL
MicrosoftSharePointTeamServices
X-Endurance-Cache-Level
Healthy
X-ATG-Version
X-Webkit-CSP
X-ATS-Timestamp
X-HTML-Minification-Powered-By
Backend-Timing
Srv
Nel
X-App-Server
X-AOL-HN
X-Contextid
X-Cache-Action
X-Seen-By
Refresh
X-ECACHE
X-Amzn-RequestId
Content-Disposition
X-Release
From-Origin
X-B3-Sampled
X-Amz-Apigw-Id
Access-Control-Allow-Method
X-Pinterest-Direct
X-Response-Served-From
X-Protected-By
X-Cache-Rule
X-Accel-Buffering
X-Cache-Operation
X-ProcessESI
X-RemovedCookies
X-Upgrade-Enabled
Odigeo-Trace-Id
X-MCACHE
VIX-Pulpo-Node
X-Mid
X-Tumblr-Pixel
X-Rendered-As
X-Tumblr-User
X-Tumblr-Pixel-0
VIX-Pulpo-Upstream-Status
X-Region
X-Is-Bot
X-Cacheable-TTL
X-WA-Info
X-Environment-Context
Datacenter
X-L-Path
X-UUID
X-Drupal-Cache-Tags
Eomportal-Instance
X-Instance
X-FW-Hash
X-Varnish-Server
X-Rule
X-FW-Dynamic
X-Host-Name
Payment
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Cache-Time
X-Adobe-Loc
Countrycode
MS-CV
X-Adobe-Content
X-Time
Uber-Trace-Id
X-Ah-Environment
X-EdgeConnect-Cache-Status
X-Cached-By
X-Proxy
X-Litespeed-Cache
X-Akamai-Request-ID2
Source
Xserver
X-Load-Cache
X-Cache-Server
X-NewRelic-App-Data
X-Cache-Control
X-Mobile
X-UnsetCookies
X-PHP-Backend
Access-Control-Request-Headers
X-Azure-Ref
Accept-Language
X-GeoIP
X-Akamai-Transformed
X-Air-Hostname
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NGENIX-Cache
X-Origin-Response-Time
X-SERVER-NAME
X-Cache-NGX
Version
X-NWS-UUID-VERIFY
Server-Info
X-Backend-Name
X-Handled-By
Filterid
X-Wix-Request-Id
X-Mode
Liferay-Portal
Cache-Status
X-Framework
X-CSRF-Token
X-RateLimit-Limit
X-Vcache
X-Cluster
X-Correlation-ID
X-IPS-LoggedIn
Load-Balancing
X-FireWall-Port
Cross-Origin-Window-Policy
X-Adobe-Source
Meta-Geo
X-Proxied
X-Path-Route
X-UPSTREAM-Address
X-Via-Fastly
X-Routing-Service
X-Ua
X-UA-Device-Type
X-RN-RSRV
X-ApacheServer
X-Presslabs-Stats
X-PERF
X-LJ-Flow-ID
X-Locale
X-CCM
Cache
X-Cache-Var
X-AWS-Id
X-Zipkin-Id
X-Cache-Var-Map
X-VWS-Id
X-URL
X-ES-SERVER
Cache-Hits
X-Tumblr-Pixel-1
X-Www-Served-By
X-Site-Version
X-Viewer-Country
X-TX-ID
DSUID
Mn-Server-Ip
X-Tumblr-Pixel-2
X-Real-IP
X-Qloud-Router
X-Detected-As
ServedBy
X-Cache-Status-Check
X-MP-GENERATED-AT
X-Access
X-Format
X-Pubstack
Cleartype
X-IP
X-Web-Node
Cache-Name
X-Cache-Config
Cache-Tv-Group
X-Human
Akamai-GRN
Now
Decoy-Debug-Key
X-SayCDN-TTL
X-Storage
X-R9-Blue-Green-Version
X-Say-TTL
X-Redis-Cache
X-Say-Cacheable
X-PCL
Section-Io-Origin-Time-Seconds
Decoy-Debug-Status
Section-Io-Origin-Status
X-Section
Decoy-Debug-TTL
X-OCL
Section-Origin-Responded
X-Info
Section-Io-Id
X-PressLabs-Stats
X-Unique-Id
Webserver
X-FW-Version
X-Geo
X-Alternate-Cache-Key
X-Device-Type
X-CS
X-ProxyCache-Status
X-PHP-Host
X-Bc-Bl
X-NCache
X-Cache-Remote
X-ServerID
X-Hosted-By
X-FC-Vary-Parameters
X-EIG-Tracking-Id
NGB
X-Origin-Hint
X-BYPASS-REASON
X-Cache-Enabled
X-Labrador-Cache-Channel
X-Cache-Host
Webcakes-Region
X-ProxyCache-Key
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Version
X-Sorting-Hat-ShopId
TWC-Connection-Speed
X-Hyper-Cache
Property-Id
S-Rt
Origin-Cache-Control
X-Sorting-Hat-PodId
TWC-GeoIP-LatLong
X-ShardId
TWC-Privacy
Webcakes-App-Name
X-Shopify-Stage
X-ShopId
Fastly-SSL
TWC-Locale-Group
X-From
X-Time-Microsecs
X-FB-TRIP-ID
X-Proxy-Build
X-SaId
X-Loop
X-Timing-Wait
X-TNCMS
X-NYM-Debug-Backend
X-JoinUs
X-Origin
X-Hl-Ver
X-Varnish-Cache-Hits
X-BCube-Filmed-By
Selected-Fe
X-Content-Age
Ms-Operation-Id
DB-Nickname
X-Amzn-Remapped-Content-Length
X-RTag
Apigw-Requestid
X-No-Session
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Cache-2
Ec-Rule-Version
X-APP-VERSION
X-Generated
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Cache-TTL-Remaining
X-VCache
X-EC-Lua
X-Drupal-Cache-Contexts
X-XRDS-LOCATION
Time
X-Xfnlog-Site
Origin-Edge-Control
SD-X-WS
X-Goog-Meta-Goog-Reserved-File-Mtime
Country
X-SRV
X-Source
X-Debug-Cache
X-CDN-Forward
X-Pad
X-App-Version
X-Soup
X-Old-Content-Length
X-Varnish-Hostname
X-Backend-TTL
Upgrade-Insecure-Requests
X-Cluster-Node
X-RequestSource
Geo-Info
X-Akamai-Request-ID
X-Storefront-Renderer-Rendered
X-DC
X-Tb
X-Proto
X-Cache-NE
User-Agent
X-RCS-CacheZone
LB
X-Cache-PHP
X-Parent-Response-Time
X-NC
X-TA-CDN-Provider
Proxy-Connection
X-Cache-Backend
X-App
Cache-Key
X-Cache-Grace
Referer-Policy
X-Origin-TTL
X-Magnolia-Registration
X-Origin-CC
FilterID
X-Client-Ip
X-Proxy-Cache-Status
X-SVT-ORM-RULES
X-SRCache-Key
X-SVT-ORM-VERSION
X-Trace-Id
M-TraceId
Machine
MD5-Digest
X-Swa-Ws
X-SIPLIST1
T-Server
True-Client-Country-4JS
X-SD-PageType
ServerName
Rendered-Blocks
Meta-Geo-Continent
Mobile-Detection-Method
N-Cache
IsBot
X-Transaction
AsisCache
X-VG-WebServer
X-VG-WebCache
Arc-Country
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
NGX
X-Vdms-Version
BehaviorPad-Version
X-Twitter-Response-Tags
X-Trv-Group
UCS
FNAC-ModuleRouting
Fastcgi-X-Cache-Version
X-Vdms-Path
Content-Script-Type
Content-Style-Type
GEO-REGION-INFO
X-ScT
X-DevSite-Last-Modified
X-Developer
X-Destination
X-Dispatch
X-External-Request-Id
X-Method
X-Geo-Header
X-G
X-Date
X-Accel-Expires-Debug
X-ARC
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Connection-Hash
X-D
X-Aed
X-Application
X-Nginx-Cache-Key
X-NodeID
X-S
X-Rojux
X-Rewrite-Enabled
X-S-Cookie
Who
X-B-Cookie
X-Scheme
VivaBuild
X-A
X-Response-By
X-PAYTM-SRV-ID
X-A-Dcw
X-A-Wwc
X-A-Dam
X-Processor
X-A-Ccd
X-Region-Sid
Viewtype
X-A-Dgt
X-FORWARDED-FOR
X-Forwarded-Host
X-Uri
User-Cache-Control
X-Logging-Id
Pagetype
X-Loc
X-Matched-Rule
X-Agile-Id
X-Agile-Age
X-Servername
X-ServiceProvider
X-Skip-Cache
Release
NM-Fastcgi-Cache
Magicmarker
Mail-Subject
X-Block-Status
X-User
X-Level-Front-Cache
X-AIR-PT
X-Thinkindot-L3
X-Backend-State
X-SN
X-Bip
X-Thanos
X-Agile
Server-Host
We-Hiring
Web-Mar-Node
X-Node-Id
Vix-Hermes-Req-Id
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Wxu-Next-Commit
X-Owner
X-Policy
Wxu-Next-Region
Wxu-Next-Hostname
X-Tumblr-Pixel-3
Viewport
X-Req
X-Reqid
Server-Hostname
X-Cache-Bucket
Sever-Int
X-Micro-Cache
V-Age
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Ext
X-LAGOON
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cms-Context
X-Hash
CacheControlHeader
CDCHOST
On-Server
X-Developers
X-Distributor
X-Dispatcher-Server
Node
X-Fmm-Version
X-Gen-Mode
X-Device-Os
X-Generated-On
X-Generation-Time
X-Generated-In
AKAMAI
X-Compress-Hint
X-Cache-FS-Status
X-WADP-Cache
X-Hnp-Log
X-Varnish-Cacheable
X-Worker
Kp-EeAlive
X-Clara-WADP
X-Cache-URL
X-Wikidot-Static-Cache
X-Cache-Info
X-Key
X-VC-Cache
X-Wikidot-Backend
OT-Force-Account-Verify
X-Hit
X-Envoy-Decorator-Operation
X-NU-AKA-ACS-Version
X-Esi-Check
X-Epic-Correlation-Id
X-Fastly-Cache
X-Distil-CS
X-Mvc-Supplant-Cachable
X-Core-Mission
X-Origin-Date
X-Cluster-Name
X-Clientip
X-Core-Value
X-CGP
X-Cache-Tags
X-Gzip
X-BBXSRF
X-Irp-Debug
X-Cache-Id
Rt-Fastcgi-Cache
Fastly-SWR
Fastly-SIE
Fastly-Drupal-HTML
C-Via
X-Webstats-RespID
X-We-Are-Hiring
HA-Ipaddr
Ha-Gx-Prefs
X-Origin-Expires
Adler-Geo
X-Edge-Location
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Pragrma
X-Server-W
X-Location
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-VG-TLSProxy
X-VServer
X-Request-Host
X-Eu-Site
X-Rebelmouse-Surrogate-Control
Is-Eu
X-Request-UUID
GEO-INFO
X-Session-Fingerprint
X-Rebelmouse-Cache-Control
X-Slack-Backend
X-Var-Ttl
X-Variation
L5d-Success-Class
X-TrackingId
X-TH-Server
W
Platform
MIME-Version
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Auto-Login
Gh-Request-Id
X-Li-Fabric
Sid
X-Backend-Host
X-Li-Pop
X-GoCache-CacheStatus
X-LI-Proto
X-Cache-ASPX
X-LI-UUID
X-Reboot
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Memcached
RNT-Machine
Cache-Cookie-Set-From
RNT-Time
X-ZONE
X-BC
X-Wa
X-Newrelic-Synthetics
X-Nc
X-Up
X-Be
Fastly-Backend-Name
X-Via-CDN
X-Branch-Name
X-Batcache
X-Cache-Debug
X-Configured-By
X-Minions-Version
X-Varnish-URL
X-Refresh
S-Cnection
X-Dc
X-Srv
X-ElasticPress-Query
X-Nginx-Cache
HostName
Cf-Ipcountry
X-Servedbyhost
X-Aicache-OS
X-Instart-Info
X-Ua-Device
X-Via-PopV
X-Platform-Server
X-Envoy-Upstream-Healthchecked-Cluster
X-Microcachable
X-Via-PopH
X-Mvc-Supplant-OutputCached
CACHE
X-Cdn-Forward
X-B3-Traceid
X-UA
X-VCL-Version
X-TT-TIMESTAMP
X-Ms-Version
X-Ms-Request-Id
DCR-Processing-Time-Ms
DCR-Decision-By
X-Sucuri-ID
Memory
Pramga
X-PF-Uncompressing
X-ND-Cache
X-Fastly-Cache-Status
X-MSEdge-Flight
X-MSEdge-Features
X-Pjax-Url
X-Ratelimit-Reset
Hostname
X-Varnishpool
X-BE
X-TIME
X-Debug-Panamera-Host
X-Debug-Panamera-Sitecode
Esi-Enabled
GeoIP-Country-Code
Location
HitType
NtCoent-Length
X-Original-Request-Id
L
X-COUNTRY
X-LB-ID
GeoIP-Latitude
Server-ID
X-App-Name
Powered-By-ChinaCache
X-CF-Powered-By
X-Vgn-Hpd-Reason
X-Zone
X-Bc
FSS-Cache
X-Sucuri-Cache
X-Oss-Request-Id
X-Oss-Server-Time
X-FPC
X-Check-Cacheable
X-Oss-Object-Type
X-Oss-Storage-Class
X-Server-IP
Cache-Host
X-Oss-Hash-Crc64ecma
X-VarnishDD-TTL
X-OVcl-Cache
X-OVcl
PFcat
X-Cdn-Srv
X-Azure-Ref-OriginShield
X-GEO
Ohc-File-Size
X-Svr
X-Unique-ID
X-BACKEND-TTL
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
X-Generated-By
Server-Surrogate-Control
X-Instart-Isnd
Resin-Trace
X-Vgn-Hpd-Ssi
Server-Cache-Control
NR-ENABLED
WPE-Backend
X-S-Maxage
X-Varnish-Ttl
Ohc-Response-Time
X-Platform
X-Render-Time
X-Fastly-Backend-Reqs
Cteonnt-Length
X-Fpc
X-Rocket-Nginx-Bypass
X-Fastly-Country-Code
X-HS-Status
Tracecode
X-VCT
X-VHOST
X-Cache-Expired-At
Epwk-X-Cache
X-PJAX-URL
Locid
Cdn-Request-Time
Cdn-Host
Pics-Label
Request-Country
X-CUA
X-Edge-Server
Heartbleed
Request-EU
X-CSRF-TOKEN
X-Varnish-Hits
Geoip-Latitude
GeoIp-Country-Code
X-Request-URI
SRV
X-Newrelic-App-Data
CF-Cached-On
X-Vcl-Version
X-Ratelimit-Remaining
Backend-Name
X-Pf-Uncompressing
Lfy
Backend
X-RunCloud-Cache
X-CLOUD-TRACE-CONTEXT
X-CACHE-AGE
X-Oracle-Dms-Rid
X-Via-Poph
X-Gamma-Serve
X-StackifyID
SN
X-Csrf-Jwt
X-Via-Popv
X-CACHE-KEY
X-ECache
WWW-Authenticate
X-NGINX-Cache
X-Ratelimit-Limit
X-Sigma-Backend
X-Rocket-Build-Number
X-Sigma
X-ServedByHost
X-Varnish-Url
X-WebServer
X-Amzn-Remapped-Date
XServer
X-Request-Time
Amp-Access-Control-Allow-Source-Origin
X-Shopify-Generated-Cart-Token
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
CloudFront-Viewer-Country
Host-ID
X-Oss-Cdn-Auth
X-Proxy-Upstream
X-Tec-Api-Origin
URI
X-Tec-Api-Version
Product
X-Tec-Api-Root
WZWS-RAY
X-Fetched-On
My-App
X-Nananana
X-Apw-Hits
X-Cdn-Origin
X-Debug-Cache-Fetch
X-Debug-Cache-Store
CF-IPCountry
X-DPWN-IS-SECURE
X-Apw-Access-Token
X-Sn-Servicetimems
X-Apw-Access-Object
X-Apw-Access-Action
Lb
X-Cache-Tag
Cloudfront-Viewer-Country
PICS-Label
Server-Ttl
X-Debug-Cache-String
X-Debug-Cache-Bypass
A
X-GeoIP-Country-Code
X-B3-Spanid
SID
X-Tb-Optimization-Total-Bytes-Saved
X-Debug-Do-Not-Cache-Uri
X-Debug-Cache-Status
X-Debug-Xas-Auth
Country-Code
X-LiteSpeed-Cache-Control
Mime-Version
X-Debug-Ysi-Auth
X-Cache-Version
CDN-RequestId
CDN-Uid
X-Via-Ucdn
CDN-EdgeStorageId
Dnion-Transfer-Encoding
CDN-Cache
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
X-B3-SpanId
Ohc-Cache-HIT
Dt-Cache-Category
Cneonction
X-Acquia-Purge-Tags
Proxy-Firewall
X-WA
X-Varnish-Beresp-TTL
X-WR-MODIFICATION
X-IN-APIGATEWAYSSL
X-Request-URL
X-Request-Start
Cdn
X-IN-APIGATEWAY
X-ElasticPress-Search
FSS-Proxy
Warning
X-Dw-Trace-Id
X-SB
Cf-Alt-Svc
Inserted-Into-Cache-At
X-Html-Edge-Cache
X-VC
X-Swift-Error
X-Snapshot-Date