Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Link
CF-Cache-Status
X-Powered-By
Pragma
ETag
CF-RAY
Expect-CT
Via
X-XSS-Protection
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Xss-Protection
Referrer-Policy
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
X-Served-By
Alt-Svc
X-Request-Id
X-Varnish
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Check
X-Drupal-Cache
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Generator
X-Cache-Status
CF-Ray
X-Cacheable
X-Kinja-Server-Push
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Template
X-Language
X-FRAME-OPTIONS
X-AspNetMvc-Version
X-Ua-Compatible
X-Iinfo
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
X-Envoy-Upstream-Service-Time
Access-Control-Max-Age
Keep-Alive
X-Via
X-Drupal-Dynamic-Cache
X-Ws-Request-Id
X-Request-ID
X-AH-Environment
X-Backend
X-Server
X-Turbo-Charged-By
X-Age
X-Cache-Group
X-Robots-Tag
Feature-Policy
Request-Context
X-Proxy-Cache
Xkey
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Hacker
X-Page-Speed
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
X-Pingback
Grace
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
P3p
Ali-Swift-Global-Savetime
Report-To
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Server-Id
Cf-Railgun
X-WebKit-CSP
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Origin-Cache
EagleEye-TraceId
X-Host
Surrogate-Control
X-Device
X-Response-Time
X-Vhost
X-Ac
X-Readtime
X-Cache-Lookup
X-Backend-Server
X-Node
NEL
X-Dispatcher
X-Origin-Upstream-Status
X-HW
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Content-Location
X-Mod-Pagespeed
Request-Id
X-DataDome
X-Application-Context
X-ORACLE-DMS-ECID
X-Akam-SW-Version
Fusion-Deployment-Id
X-ORACLE-DMS-RID
X-Country
X-Ruxit-JS-Agent
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cloud-Trace-Context
Rating
X-Country-Code
X-Cnection
Edge-Control
X-Url
X-Rack-Cache
Accept-CH
X-Clacks-Overhead
RTSS
X-Px
MS-Author-Via
Accept-CH-Lifetime
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Goog-Hash
Verso
X-Powered-By-Plesk
X-Varnish-TTL
Service-Worker-Allowed
X-B3-TraceId
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
Public-Key-Pins
X-GitHub-Request-Id
X-MS-InvokeApp
Arr-Disable-Session-Affinity
X-Forwarded-Proto
Display
X-Middleton-Response
X-Sol
Response
Pagespeed
Host-Header
X-Middleton-Display
X-Amz-Server-Side-Encryption
X-Cache-TTL
X-DynaTrace
X-D2id
X-Ttl
X-Content-Type
Pinterest-Generated-By
X-Amz-Rid
X-NF-Request-ID
TCN
X-CST
X-Vcap-Request-Id
X-Cached
X-Abt-Application-Version
X-VARITI-CCR
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-CACHE
X-Navigation-Version
X-ESI
X-Version
X-Fastly-Request-ID
X-Pass-Why
Cache-Tag
Accept-Ch
X-Powered-CMS
X-Upstream
X-Server-Name
X-Debug
X-Instart-Request-ID
X-Grace
Access-Control-Request-Method
X-MSEdge-Ref
Charset
X-TEC-API-ORIGIN
Nginx-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
Accept-Ch-Lifetime
X-Accel-Expires
Content-MD5
X-XRDS-Location
X-Element-Page-Cache
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Realpath
SPRequestDuration
SPIisLatency
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
S
SPRequestGuid
X-SharePointHealthScore
X-Shield-Request-Id
X-Pinterest-Rid
Pinterest-Version
X-Hp-Webp
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-Dw-Request-Base-Id
X-Recruiting
X-Id
X-Client-IP
X-Kinsta-Cache
X-Trace
X-T
X-Content-Digest
Fastcgi-Cache
X-Node-Name
X-FastCGI-Cache
X-Logged-In
X-Cache-Key
X-TTL
X-Mobile-URL
X-NWS-LOG-UUID
TP-Cache
TP-L2-Cache
X-Oneagent-Js-Injection
X-Cache-Hit
Server-Node
X-Request-Processing-Time
X-Hostname
X-Frontend
X-Request-Received
X-Cache-Age
ServerID
X-Amzn-Trace-Id
Front-End-Https
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
Fastly-Restarts
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
Edge-Cache-Tag
X-Forwarded-For
X-FTR-Expires
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Yandex-Sdch-Disable
Server-Name
Powered
PB-RID
PB-PID
Arc-Version
X-Server-ID
X-Microsite
X-Request-Handler-Origin-Region
X-Revision
Filters
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Page-Id
X-DIS-Request-ID
X-F-Cache
X-LB-Cache
X-Hits
X-Zen-Fury
X-Jobs
DynaTrace
X-Akamai-Edgescape
X-Mobile-Rewrite
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Correlation-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-HS-Content-Id
X-Content-Powered-By
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
Accept-Charset
X-Geo-Country
X-Origin-Server
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Age
X-N
X-FTR-Cache-Host
X-Fastcgi-Cache
X-Ruxit-Js-Agent
X-Daa-Tunnel
X-B
X-Varnish-Backend
Cache-Tags
X-Rid
X-ATS-Timestamp
Backend-Timing
X-Az
X-Activity-Id
X-AppVersion
X-Via-JSL
Retry-After
X-WebKit-CSP-Report-Only
DC
X-Varnish-Grace
X-Type
X-Amz-Replication-Status
X-Esi
Section-Io-Cache
X-Whom
MicrosoftSharePointTeamServices
X-Git-Hash
Surrogate-Key
X-FB-Debug
X-Signature
X-Status
X-App-Environment
X-B-Cache
X-Request-Guid
Paypal-Debug-Id
X-TT
X-Content-Options
Host
X-Edge
X-Debug-Info
X-RateLimit-Remaining
Frame-Options
Fastcgi-Useragent
X-ATG-Version
Actual-Object-TTL
X-Ser
X-App-Server
X-IPLB-Instance
Healthy
Nel
X-Endurance-Cache-Level
X-Contextid
X-HTML-Minification-Powered-By
X-AOL-HN
X-Amzn-RequestId
Srv
X-Cache-Action
X-Seen-By
X-ECACHE
X-B3-Sampled
From-Origin
Refresh
X-Pinterest-Direct
Access-Control-Allow-Method
X-Host-Name
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-RemovedCookies
X-Response-Served-From
X-Tumblr-Pixel-0
X-Drupal-Cache-Tags
X-Cache-Rule
X-ProcessESI
X-Protected-By
X-Accel-Buffering
X-Tumblr-Pixel
X-Tumblr-User
X-Instance
Content-Disposition
X-Cache-Operation
X-Region
VIX-Pulpo-Upstream-Status
X-Mid
X-MCACHE
VIX-Pulpo-Node
X-Rule
X-Is-Bot
X-Cacheable-TTL
X-Rendered-As
Odigeo-Trace-Id
X-UUID
X-Environment-Context
X-L-Path
Payment
Datacenter
MS-CV
Eomportal-Instance
X-WA-Info
X-FW-Dynamic
X-FW-Hash
X-Varnish-Server
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-Adobe-Content
X-Adobe-Loc
X-Cache-Time
Countrycode
Source
X-Litespeed-Cache
X-Release
X-Time
X-Cached-By
Uber-Trace-Id
X-Cache-Control
X-Proxy
X-Load-Cache
X-EdgeConnect-Cache-Status
X-Akamai-Request-ID2
X-Cache-Server
X-UnsetCookies
X-PressLabs-Stats
Xserver
Cache-Status
X-Mobile
X-Webkit-CSP
X-GeoIP
X-PHP-Backend
X-NewRelic-App-Data
X-SERVER-NAME
X-VCache
X-Akamai-Transformed
X-Azure-Ref
X-Yottaa-Optimizations
X-Yottaa-Metrics
Access-Control-Request-Headers
X-Origin-Response-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
Version
X-Wix-Request-Id
X-Mode
X-Handled-By
X-Air-Hostname
Filterid
Accept-Language
X-NWS-UUID-VERIFY
X-Cluster
X-NGENIX-Cache
Liferay-Portal
X-Cache-NGX
X-Backend-Name
X-XRDS-LOCATION
X-IPS-LoggedIn
X-Ua-Device
X-Correlation-ID
Cache
X-URL
X-Framework
NGB
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Remote
X-FireWall-Port
X-APP-VERSION
X-Zipkin-Id
X-Cache-Var-Map
X-CSRF-Token
X-LJ-Flow-ID
X-PERF
X-ES-SERVER
X-Locale
X-CCM
X-UPSTREAM-Address
X-ApacheServer
X-Adobe-Source
X-UA-Device-Type
X-AWS-Id
X-Path-Route
X-RN-RSRV
X-Routing-Service
Load-Balancing
X-Cache-Status-Check
Meta-Geo
X-VWS-Id
X-Via-Fastly
X-Cache-Var
X-Proxied
Cross-Origin-Window-Policy
Decoy-Debug-Key
X-R9-Blue-Green-Version
X-OCL
X-Real-IP
ServedBy
Decoy-Debug-TTL
Decoy-Debug-Status
X-Detected-As
X-PCL
X-Qloud-Router
Mn-Server-Ip
X-Viewer-Country
X-TX-ID
Cache-Hits
X-MP-GENERATED-AT
X-Site-Version
X-Storage
X-Www-Served-By
DSUID
Cleartype
X-Access
X-Info
X-Human
Cache-Tv-Group
Cache-Name
X-Pubstack
Akamai-GRN
X-NCache
Fastly-SSL
X-Format
Section-Origin-Responded
X-Cache-Config
X-Bc-Bl
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Ms-Operation-Id
Now
Section-Io-Id
X-Redis-Cache
X-IP
X-Say-TTL
Server-Info
X-Say-Cacheable
X-SayCDN-TTL
X-RTag
X-Web-Node
X-Section
X-Cache-Enabled
X-Ua
X-Device-Type
X-EIG-Tracking-Id
X-CS
Property-Id
X-BYPASS-REASON
S-Rt
X-Varnish-Cache-Hits
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
Webserver
X-Alternate-Cache-Key
TWC-Privacy
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Connection-Speed
X-Sorting-Hat-ShopId
X-Hosted-By
X-PHP-Host
X-No-Session
X-ShopId
X-ShardId
X-ServerID
X-Origin-Hint
X-Hl-Ver
X-FW-Version
X-FC-Vary-Parameters
X-ProxyCache-Status
X-Sorting-Hat-PodId
X-ProxyCache-Key
X-Shopify-Stage
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-SaId
X-Proxy-Build
X-Origin
X-Cache-Host
X-Content-Age
X-From
X-Time-Microsecs
X-Timing-Wait
X-TNCMS
X-JoinUs
X-BCube-Filmed-By
X-FB-TRIP-ID
X-Loop
X-Generated
Selected-Fe
X-Amzn-Remapped-Content-Length
DB-Nickname
X-Hyper-Cache
Origin-Cache-Control
Azure-SiteName
Azure-SlotName
Ec-Rule-Version
Azure-Version
X-RateLimit-Limit
Azure-RegionName
Azure-InstanceId
X-Unique-Id
X-Geo
Origin-Edge-Control
X-RequestSource
X-Cache-2
X-Cache-TTL-Remaining
X-Drupal-Cache-Contexts
X-Xfnlog-Site
Time
X-Goog-Meta-Goog-Reserved-File-Mtime
Apigw-Requestid
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
SD-X-WS
User-Agent
X-EC-Lua
X-Presslabs-Stats
Country
Geo-Info
X-Pad
X-Old-Content-Length
X-Varnish-Hostname
X-Source
X-Cluster-Node
X-Debug-Cache
X-Vcache
X-Cache-NE
Upgrade-Insecure-Requests
X-Soup
X-Akamai-Request-ID
X-Parent-Response-Time
X-CDN-Forward
X-RCS-CacheZone
X-Backend-TTL
X-Cache-Backend
X-Proto
X-Tb
Proxy-Connection
FilterID
X-App-Version
X-Cache-Grace
X-Cache-PHP
X-Proxy-Cache-Status
X-Storefront-Renderer-Rendered
X-DC
X-FORWARDED-FOR
X-Forwarded-Host
X-SRV
X-Srv
Cache-Key
Viewtype
True-Client-Country-4JS
M-TraceId
UCS
X-Vtex-Remote-Cache
VivaBuild
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Vtex-Processado-Em
GEO-REGION-INFO
Who
Arc-Country
X-A
IsBot
Fastcgi-X-Cache-Version
Pagetype
FNAC-ModuleRouting
MD5-Digest
Content-Script-Type
Meta-Geo-Continent
N-Cache
X-A-Wwc
Mobile-Detection-Method
Machine
Rendered-Blocks
Xc-Version
Content-Style-Type
BehaviorPad-Version
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
ServerName
T-Server
AsisCache
X-D
X-SD-PageType
X-ServiceProvider
X-ScT
X-Scheme
X-Level-Front-Cache
X-Session-Fingerprint
X-SIPLIST1
X-G
X-Generated-On
X-SRCache-Key
X-Geo-Header
X-S-Cookie
X-S
X-NodeID
X-PAYTM-SRV-ID
X-Processor
X-Region-Sid
X-Response-By
X-Rewrite-Enabled
X-Matched-Rule
X-Rojux
X-Method
X-Nginx-Cache-Key
X-Swa-Ws
X-External-Request-Id
X-B-Cookie
X-CF-Lambda-Fn
X-Vdms-Path
X-CF-Lambda-Version
X-Vdms-Version
X-VG-WebCache
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
X-Connection-Hash
X-Twitter-Response-Tags
X-Developer
X-Thinkindot-L3
X-DevSite-Last-Modified
X-Dispatch
X-Destination
X-Date
X-Trv-Group
X-Transaction
X-Reqid
X-Trace-Id
X-VG-WebServer
Thinkindot-Control
X-AIR-PT
X-Tumblr-Pixel-3
LB
X-NC
X-Uri
X-App
User-Cache-Control
X-Origin-CC
X-Origin-TTL
Web-Mar-Node
Vix-Hermes-Req-Id
OT-Force-Account-Verify
We-Hiring
X-Req
X-Agile
X-Agile-Age
V-Age
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Sever-Int
Release
X-Thanos
On-Server
NM-Fastcgi-Cache
NGX
RNT-Machine
RNT-Time
X-Skip-Cache
X-Agile-Id
X-SN
Server-Hostname
Server-Ext
X-Servername
X-RateLimit-Remaining-Second
X-Logging-Id
X-Location
X-Dispatcher-Server
X-Micro-Cache
X-Developers
X-Device-Os
X-Fmm-Version
X-Loc
X-Hash
X-Hnp-Log
X-LAGOON
X-Generation-Time
X-Gen-Mode
X-Generated-In
X-Node-Id
X-Core-Value
X-Cache-FS-Status
X-Policy
X-Cache-Bucket
X-Block-Status
X-Backend-State
X-Bip
X-Cache-Info
X-Cache-URL
X-Compress-Hint
X-Be
X-Cms-Context
X-Clara-WADP
X-Owner
X-RateLimit-Limit-Second
Viewport
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-User
CacheControlHeader
X-WADP-Cache
CDCHOST
X-Wikidot-Static-Cache
X-Worker
AKAMAI
X-Magnolia-Registration
Node
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Kp-EeAlive
X-Wikidot-Backend
Mail-Subject
Magicmarker
X-Varnish-Cacheable
X-VC-Cache
X-Cluster-Name
X-Nc
X-Hit
X-CGP
X-Clientip
Platform
X-Configured-By
X-NU-AKA-ACS-Version
X-TrackingId
X-Cache-Id
Rt-Fastcgi-Cache
X-TH-Server
L5d-Success-Class
X-Cache-Tags
X-Origin-Expires
X-Core-Mission
X-Origin-Date
X-Mvc-Supplant-Cachable
X-Fastly-Cache
X-Eu-Site
X-Esi-Check
X-Var-Ttl
X-Gzip
X-Is-Gdpr
X-Irp-Debug
X-Has-Esi
X-Epic-Correlation-Id
X-Envoy-Decorator-Operation
Adler-Geo
X-BBXSRF
X-TA-CDN-Provider
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Distributor
X-Distil-CS
X-Variation
C-Via
X-Reboot
X-JWT-State
Fastly-Drupal-HTML
HA-Ipaddr
X-VG-TLSProxy
X-VServer
Fastly-SIE
X-Slack-Backend
Sid
X-Request-UUID
X-Request-Host
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Newrelic-Synthetics
X-We-Are-Hiring
X-Webstats-RespID
Is-Eu
Ha-Gx-Prefs
X-Auto-Login
X-Server-W
Gh-Request-Id
W
Referer-Policy
S-Cnection
X-Backend-Host
X-Edge-Location
X-Li-Pop
X-Li-Fabric
X-Varnish-Authentication
X-Cache-Debug
X-Cache-ASPX
X-Branch-Name
Cf-Ipcountry
X-LI-Proto
X-Key
Memcached
X-GoCache-CacheStatus
X-Contensis-Viewer-Groups
X-LI-UUID
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Dc
X-Varnish-Beresp-Ttl
Pragrma
X-Wa
WPE-Backend
NR-ENABLED
X-Instart-Info
MIME-Version
X-Via-PopH
X-Microcachable
X-Via-PopV
HostName
X-Platform-Server
X-Varnish-URL
GEO-INFO
Fastly-Backend-Name
X-Refresh
X-Envoy-Upstream-Healthchecked-Cluster
X-BC
X-UA
X-Cdn-Forward
X-ZONE
X-Ms-Version
X-TT-TIMESTAMP
X-Servedbyhost
X-Up
X-Ms-Request-Id
X-Via-CDN
X-Mvc-Supplant-OutputCached
X-Minions-Version
X-TIME
X-Batcache
X-B3-Traceid
X-MSEdge-Features
Esi-Enabled
Memory
X-MSEdge-Flight
X-ElasticPress-Query
NtCoent-Length
X-Zone
X-Bc
X-Vgn-Hpd-Reason
X-App-Name
X-VCL-Version
L
Server-ID
X-Aicache-OS
X-ND-Cache
X-Nginx-Cache
CACHE
Cache-Host
X-Debug-Panamera-Sitecode
X-Sucuri-ID
X-Server-IP
X-Debug-Panamera-Host
X-BACKEND-TTL
Ohc-File-Size
X-Svr
X-CF-Powered-By
DCR-Processing-Time-Ms
DCR-Decision-By
Tracecode
X-Pjax-Url
X-FPC
X-Cdn-Srv
X-GEO
X-COUNTRY
X-Unique-ID
Server-Surrogate-Control
X-Oss-Object-Type
Pramga
Location
X-Fastly-Cache-Status
X-Oss-Server-Time
X-PF-Uncompressing
GeoIP-Country-Code
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
Powered-By-ChinaCache
Server-Cache-Control
X-Generated-By
X-Oss-Storage-Class
FSS-Cache
Hostname
X-S-Maxage
X-Azure-Ref-OriginShield
GeoIP-Latitude
Ohc-Response-Time
HitType
X-BE
X-VCT
X-Varnishpool
X-Ratelimit-Reset
X-Rocket-Nginx-Bypass
X-Check-Cacheable
Resin-Trace
X-LB-ID
X-Sucuri-Cache
PFcat
X-VarnishDD-TTL
X-Varnish-Ttl
X-Client-Ip
Cteonnt-Length
X-OVcl-Cache
X-Vgn-Hpd-Cached
Heartbleed
X-OVcl
X-Vgn-Hpd-Ssi
Locid
X-Vgn-Hpd-Variations-Key
Request-Country
Request-EU
X-Varnish-Hits
X-Ratelimit-Remaining
X-Platform
X-Fastly-Backend-Reqs
Cdn-Request-Time
X-Edge-Server
X-Instart-Isnd
X-Original-Request-Id
X-Request-URI
Cdn-Host
X-PJAX-URL
X-VHOST
X-Fastly-Country-Code
Lfy
X-Render-Time
X-HS-Status
GeoIp-Country-Code
X-Newrelic-App-Data
X-Cache-Expired-At
Geoip-Latitude
X-Fpc
X-CSRF-TOKEN
CF-Cached-On
X-Gamma-Serve
X-Tec-Api-Origin
X-Tec-Api-Root
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
SRV
X-CUA
X-Vcl-Version
SN
X-Pf-Uncompressing
X-Shopify-Generated-Cart-Token
X-Ratelimit-Limit
X-NGINX-Cache
X-CLOUD-TRACE-CONTEXT
X-Oracle-Dms-Rid
X-WebServer
XServer
X-CACHE-AGE
Epwk-X-Cache
WZWS-RAY
WWW-Authenticate
X-Proxy-Upstream
X-CACHE-KEY
X-ECache
Product
Pics-Label
X-RunCloud-Cache
X-ServedByHost
X-StackifyID
Backend
X-Varnish-Url
X-Amzn-Remapped-Date
Backend-Name
X-Amzn-Remapped-Connection
URI
Mime-Version
X-Cdn-Origin
X-Fetched-On
X-Sn-Servicetimems
My-App
X-Ftr-Cache-Host
CloudFront-Viewer-Country
X-Oss-Cdn-Auth
A
X-GeoIP-Country-Code
X-Csrf-Jwt
Ohc-Cache-HIT
Dt-Cache-Category
X-Debug-Cache-Store
X-B3-SpanId
X-Via-Popv
X-Via-Poph
PICS-Label
X-Debug-Cache-Fetch
Lb
X-Request-Time
X-Nananana
SID
X-Debug-Xas-Auth
Server-Ttl
X-Debug-Cache-Bypass
X-Debug-Cache-Status
X-Debug-Cache-String
X-Request-Start
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
Host-ID
X-LiteSpeed-Cache-Control
X-Debug-Do-Not-Cache-Uri
X-Debug-Ysi-Auth
X-Cache-Tag
Cloudfront-Viewer-Country
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Spanid
X-Swift-Error
X-Cache-Version
X-Acquia-Application-UUID
X-Apw-Hits
Dnion-Transfer-Encoding
CF-IPCountry
X-Acquia-Purge-Tags
Cneonction
X-Acquia-Site
X-WA
Cdn
X-Apw-Access-Object
X-Apw-Access-Action
Group
X-Acquia-Application-Trace
X-Varnish-Beresp-TTL
X-Served-From
X-Apw-Access-Token
Proxy-Firewall
X-APP
X-Snapshot-Date
X-Lb-Id
X-VC
FSS-Proxy
X-DPWN-IS-SECURE
X-SB
X-Cache-Hm
X-Cache-Hfrom
X-ElasticPress-Search
X-Dw-Trace-Id
X-Varnish-ID
X-Html-Edge-Cache
X-Request-URL
Inserted-Into-Cache-At
X-WR-MODIFICATION
Cf-Alt-Svc
Warning