Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Served-By
X-UA-Compatible
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
P3p
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Allow
Cf-Edge-Cache
X-Backend
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Page-Speed
X-LiteSpeed-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Litespeed-Cache
X-Cache-Lookup
X-Application-Context
X-Country-Code
X-Trace
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-ECACHE
X-Mcache
Cache-Tag
X-Midtier
X-FTR-Request-ID
X-Mod-Pagespeed
X-MS-InvokeApp
Nginx-Cache
X-TtlSet
X-Vname
X-PC
X-Upstream
X-Powered-By-Plesk
Rating
X-ESI
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
Verso
X-Times
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Cnection
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-Ac
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Abt-Application-Version
X-Navigation-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Ser
X-NF-Request-ID
X-GitHub-Request-Id
X-RateLimit-Remaining
X-NWS-LOG-UUID
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-VARITI-CCR
X-Mg-S
S
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Client-IP
Edge-Cache-Tag
X-Cache-Key
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Accept-Ch
X-Goog-Hash
X-Ttl
Cache-Status
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Kinsta-Cache
X-Server-ID
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
Origin-Trial
X-Varnish-TTL
X-Webkit-Csp
X-Content-Digest
X-TraceId
Response
X-Middleton-Response
Arr-Disable-Session-Affinity
X-Forwarded-For
X-T
X-Content-Security-Policy-Report-Only
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
MicrosoftSharePointTeamServices
TP-Cache
X-Accel-Expires
X-Shield-Request-Id
X-Hits
X-Daa-Tunnel
X-Cached
Cross-Origin-Resource-Policy
X-Id
Public-Key-Pins
Front-End-Https
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
MS-Author-Via
X-Request-Received
X-HS-Combine-CSS
X-HS-Cache-Config
X-DIS-Request-ID
X-HS-Content-Id
X-HS-Hub-Id
X-Request-Processing-Time
Server-Node
X-Ua-Browser
Payment
X-Forwarded-Proto
X-Frontend
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LLID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-GUploader-UploadID
X-Fastcgi-Cache
Realpath
X-Protected-By
X-RateLimit-Limit
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Distributor
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-TTL
X-Microsite
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
Count-Hit
X-Page-Id
X-XRDS-LOCATION
Referer-Policy
X-AppVersion
X-Geo-Country
X-Activity-Id
X-B3-TraceId-Primal
X-Az
MRF-Tech
Mrf-Cache-Status
X-Debug-Info
X-Kong-Upstream-Latency
X-Cluster-Name
X-Kong-Proxy-Latency
X-F-Cache
X-Varnish-Backend
X-Www-Served-By
Host
Accept-Charset
X-Correlation-Id
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-App-Server
X-NGENIX-Cache
X-Varnish-Server
X-Ua-Device
X-Hostname
X-PressLabs-Stats
X-Ratelimit-Limit
X-FB-Debug
X-Goog-Metageneration
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
Retry-After
X-CSRF-Token
X-WebKit-CSP-Report-Only
X-Upgrade-Enabled
X-Load-Cache
X-Ezoic-Cdn
X-TEC-API-VERSION
X-Content-Options
X-Kinja-CCPA
X-TEC-API-ORIGIN
X-Varnish-Ttl
X-TEC-API-ROOT
X-Fastly-Request-Id
Server-Name
X-Px
X-Seen-By
X-Datadog-Trace-Id
X-Contextid
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Revision
X-Request-Guid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Charset
X-Cache-Control
X-Type
X-Trace-Id
DC
Section-Io-Cache
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-TT
Paypal-Debug-Id
Cleartype
X-B3-Sampled
X-App-Environment
X-B
X-B-Cache
X-Signature
X-Fb-Rlafr
X-Whom
Healthy
X-Rid
X-Newrelic-App-Data
X-Node-Name
X-Wix-Request-Id
TCN
Frame-Options
X-Mobile
X-Origin-Cache
X-Magnolia-Registration
X-Amz-Replication-Status
X-Flags
X-EdgeConnect-Cache-Status
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Azure-Ref
X-Goog-Stored-Content-Length
X-Oracle-Dms-Ecid
X-Logged-In
X-Language
X-Proxy
X-Fastly-Request-ID
Filterid
X-Ratelimit-Remaining
X-N
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Content-Disposition
Backend
Akamai-GRN
X-Oracle-Dms-Rid
X-Air-Pt
X-App-Version
X-Response-Served-From
Upgrade-Insecure-Requests
X-Template
VIX-Pulpo-Upstream-Status
NGB
VIX-Pulpo-Node
X-Original-Request-Id
Refresh
X-Proxy-Cache-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Debug-IsConnected
X-Varnish-Grace
X-Datadog-Sampled
X-Tumblr-Pixel
X-RemovedCookies
X-ProcessESI
SD-X-WS
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Unique-Id
X-Tumblr-User
X-Cache-Age
X-Rendered-As
X-Time
X-Is-Bot
X-Debug-IsPreview
X-UUID
Viewport
Liferay-Portal
MS-CV
X-RTag
X-Servername
Ms-Operation-Id
X-Amzn-Remapped-Content-Length
X-Adobe-Content
X-Adobe-Loc
X-Instance
X-IPS-LoggedIn
X-Cache-Grace
X-FW-Version
X-FW-Dynamic
X-Debug
X-G
X-FW-Server
X-FW-Serve
X-Cacheable-TTL
X-FW-Static
X-FW-Type
X-FW-Hash
X-L-Path
X-Region
Fastly-SIE
From-Origin
Fastly-SWR
X-User-Agent
X-Environment-Context
X-Backend-Name
X-Rule
Country
X-Hl-Ver
X-NYM-Debug-Backend
X-Device-Type
X-Cache-Hit
Url
X-Status
X-Jobs
ServerID
X-B3-SpanId
X-Webkit-CSP
X-Page-View
X-Via-JSL
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Countrycode
X-VC-Cache
WPO-Cache-Status
WPO-Cache-Message
X-INCAP-ABP
X-Origin-CC
X-Origin-TTL
Alternate-Protocol
X-Cache-Status-Check
X-Air-Hostname
X-Hosted-By
X-Air-Source
Surrogate-Key
X-Air-Trace-Id
X-NODE
X-HTML-Minification-Powered-By
Version
X-Akamai-Request-ID2
X-Content-Powered-By
X-Source
Protected
GEO-INFO
X-B3-Traceid
X-Rocket-Nginx-Serving-Static
SRV
X-Akamai-Edgescape
X-Storage
CDN-RequestId
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-WP-CF-Super-Cache-Active
Amp-Access-Control-Allow-Source-Origin
X-Accel-Version
X-Http-Reason
X-Nginx-Cache
Access-Control-Request-Headers
X-Framework
X-CDN-Forward
OT-Force-Account-Verify
X-VC
X-Edge-Location
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
Front
X-Real-IP
X-Mode
X-Use-Mantle
Accept-Language
Webserver
X-Cache-Operation
X-Rewrite-Enabled
X-Rn-Rsrv
Meta-Geo
Filters
X-Upstream-Ht
X-Upstream-Ct
X-UPSTREAM-Address
X-ServerID
X-Xfnlog-Site
X-Httpd
Xet-Cookie
X-JoinUs
X-Director
X-Tumblr-Pixel-3
X-Timing-Wait
X-Tumblr-Pixel-2
X-Served-From
X-Soup
X-Varnish-Cache-Hits
X-SaId
Selected-Fe
X-Cache-Time
X-Proxy-Build
CF-IPCountry
X-Origin
X-Worker
X-SayCDN-TTL
X-Detected-As
X-Cache-Debug
X-Endurance-Cache-Level
X-Adobe-Source
Node
X-Logging-Id
X-Say-Cacheable
X-PHP-Host
X-Redis-Cache
X-Say-TTL
X-Labrador-Cache-Channel
ServedBy
X-Web-Node
X-Handled-By
TWC-Locale-Group
DB-Nickname
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Web-Mar-Node
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-Country
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Is-Tablet
X-Loop
TWC-Device-Class
X-RM-Cache-TTL
X-GeoCountry
X-GeoCode
X-Browser-Name
X-AB
TWC-GeoIP-LatLong
X-Tcp-Rtt
X-Varnish-Age
X-Geo-Region
X-Skip-Cache
X-Tncms
Azure-InstanceId
X-Varnish-Beresp-Grace
X-S
Section-Io-Id
Xserver
X-Server-W
Property-Id
X-Restarts
X-Origin-Hint
X-No-Session
X-ProxyCache-Key
X-ProxyCache-Status
X-Lambda-Id
X-Cms-Context
X-Format
Webcakes-App-Version
X-VCT
Apigw-Requestid
Webcakes-Region
Webcakes-App-Name
X-BYPASS-REASON
X-Generation-Time
X-R9-Blue-Green-Version
X-Fetched-On
X-IPLB-Instance
X-Vercel-Id
X-LJ-Flow-ID
X-RCS-CacheZone
X-Vercel-Cache
X-IPLB-Request-ID
X-DynaTrace
X-Git-Commit
X-AWS-Id
X-Site-Version
X-Locale
Mn-Server-Ip
X-VWS-Id
Cross-Origin-Embedder-Policy
X-Cache-Host
X-Tb
X-Cache-Server
X-Container-Uri
X-Platform-Processor
X-Routing-Service
X-Ms-Version
X-Platform-Cluster
X-Platform-Router
X-Ms-Request-Id
X-Zipkin-Id
X-Forwarded-Host
X-Extlb
X-Frame-Option
X-Provided-By
X-Proxied
X-Reqid
X-Uri
X-Cluster
X-TT-LOGID
X-Webstats-RespID
X-MP-GENERATED-AT
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-XRDS-Location
X-Sql-Duration-Ms
X-Sql-Count
Cache-Tv-Group
X-Origin-Date
WP-Super-Cache
CDN-CachedAt
CDN-Cache
X-Storefront-Renderer-Rendered
CDN-PullZone
CDN-Uid
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullCode
X-Alternate-Cache-Key
Fastcgi-Useragent
X-Shopify-Stage
Source
Priority
Content-Secure-Policy
X-Vcache
X-FB-TRIP-ID
X-Sucuri-Cache
X-Vcl-Version
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Generated-By
Onion-Location
X-Sucuri-ID
X-Cdn-Origin
Sid
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Content-Age
Cross-Origin-Embedder-Policy-Report-Only
X-Pass-Why
X-Newrelic-Synthetics
X-SRV
S-Rt
WZWS-RAY
X-Buckets
X-Cluster-Node
Atl-Traceid
X-Use-Magma
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Scope-Id
X-CMSURLCustom
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cache
X-Ua
X-Cache-Action
X-LSADC-Cache
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
HostName
X-Xrds-Location
X-VCache
X-Cache-Expired-At
Edge-Copy-Time
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Varnish-Beresp-Ttl
X-GEO
X-Datadome
X-WP-CF-Super-Cache-Cookies-Bypass
X-DataDome
Meta-Geo-Continent
Ngx-Var-Key
Origin
Ngx.Var.Host
MD5-Digest
DCR-Decision-By
CDCHOST
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Candidate-Md5Url
Lang
Origin-Agent-Cluster
X-A-Dgt
X-External-Request-Id
X-Optimistic-Header
X-PAYTM-SRV-ID
X-Platform
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Destination
X-Developer
X-Dispatcher-Server
X-Ec-Fail
X-Request-Start
X-Rojux
X-Vdms-Path
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Hostname
X-TIM-N
X-S-Cookie
X-Scheme
X-ScT
X-SRCache-Key
X-D
X-Conf
Type
Vix-Hermes-Req-Id
X-A
X-A-Ccd
T-Server
Surrogated-Key
Rendered-Blocks
Req-ID
Server-Host
Sslversion
X-A-Dam
X-A-Dcw
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Bucket
X-Cache-NE
X-Bc-Bl
X-B-Cookie
X-A-Wwc
X-Aed
X-Application
Redirect-Candidate
X-Ec-Custom-Error
X-Dc
X-Correlation-ID
X-Request-URI
X-TimeS
X-Connection-Hash
Expiry
Environment
X-TH-Server
X-Thanos
Fastly-GeoIP-CountryCode
X-Sigma-Backend
X-Gzip
Fastly-SSL
DSUID
X-Varnish-Beresp-Status
X-Varnishpool
X-VG-TLSProxy
Cluster
X-VG-WebCache
Content-Script-Type
Content-Style-Type
X-GeoIP-Country-Code
Host-ID
X-Varnish-Director
X-GeoIP-Region-Code
X-SD-PageType
Pramga
X-Origin-Time
X-Loc
X-Level-Front-Cache
Ssr
X-Nyt-Route
X-NMSegId
X-Node-Id
Release
NM-Fastcgi-Cache
X-Pool
Magicmarker
X-Mly-Id
V-Age
X-Rocket-Build-Number
X-Request-Time
X-Proxied-Request
X-Pubstack
X-Human
X-Sigma
X-VServer
X-Access
X-Mg-Request-UUID
X-Fastly-Cache
X-Forwarded-Site
X-Gdpr
X-Bip
X-Generated-On
X-Esi-Check
X-Branch-Name
X-Core-Value
X-Clientip
X-Instance-Name
X-Debug-Cache-Fetch
X-Op-Id-All
X-Debug-Cache-Store
Sever-Int
X-SB
X-We-Are-Hiring
Server-Hostname
Apple-News-Services-Request-Url
A
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-WA-Info
X-Section
Server-Ext
L
X-Cache-Info
User-Cache-Control
X-Cache-Id
X-Service
X-Origin-Response-Time
Fastly-Drupal-HTML
X-TA-CDN-Provider
X-Micro-Cache
X-Men
X-FC-Vary-Parameters
X-GoCache-CacheStatus
X-GeoIP
X-GeoIP-City
X-Geo-Header
X-HS-Content-Campaign-Id
X-Device-Os
X-Irp-Debug
X-DPWN-IS-SECURE
X-Contensis-Viewer-Groups
X-SVT-ORM-RULES
X-BBC-Edge-Cache-Status
X-Block-Status
X-Cache-TTL-Remaining
X-B3-Trace-ID
X-Auto-Login
Wxu-Next-Region
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Meta-Cb-Modifiedtime
X-Gen-Mode
X-Hnp-Log
X-Req
X-UA-Device-Type
X-Zen-Fury
X-Nginx-Cache-Key
X-NCache
X-Moov-T
X-Moov-Xdn-Version
Wxu-Next-Hostname
Wxu-Next-Commit
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-Host
X-Policy
X-PERF
X-Mvc-Supplant-OutputCached
X-Old-Content-Length
X-Org
X-Server-IP
X-Cache-Date
C-Via
Cache-Provider
Req-Svc-Chain
X-Varnish-Authentication
X-Var-Ttl
X-SVT-ORM-VERSION
X-V-Cache
X-Mvc-Supplant-Cachable
X-From
Is-Eu
Canary
Mail-Subject
Gh-Request-Id
X-Ad-Load-Variation
X-ApacheServer
Adler-Geo
Esi-Enabled
On-Server
Machine
True-Client-Country-4JS
X-Cache-Aspx
Uber-Trace-Id
Web-Mar-Region
We-Hiring
Producers
Platform
Cf-Device-Type
Cdn-Request-Time
Cdn-Host
Proxy-Firewall
X-Slack-Shared-Secret-Outcome
X-Proto
X-Sn-Servicetimems
X-Up
X-Slack-Backend
X-Wikidot-Static-Cache
X-Cdn-Srv
W
Tube-Return
Tube-Got-Results
X-Fmm-Version
Yak-Timeinfo
X-AK-Request-ID
Cdnsip
Cdncip
X-Region-Sid
Tube-Got-Eval
Tube-Get-Contents
X-ND-Cache
AKAMAI
Cache-Key
X-Hash
Click-Count-Action-Start
Click-Count-Error
RNT-Time
RNT-Machine
Locid
Country-Code
X-Wikidot-Backend
X-Test
X-Edge-Server
X-App-Name
X-Aicache-OS
X-Fastly-Backend
X-Parent-Response-Time
X-Date
X-Azure-Ref-OriginShield
X-HN
Fastly-Backend-Name
X-Accel-Expires-Debug
X-Core-Mission
X-Ah-Environment
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
Pics-Label
X-CGP
X-Csrf-Jwt
X-Amz-Storage-Class
PFcat
X-Eu-Site
X-CacheTTL
NGX
X-VarnishDD-TTL
X-Owner
X-ZONE
X-COUNTRY
X-Backend-Instance
X-HA-Backend
X-SIPLIST1
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-LB-ID
IsBot
X-DC
X-CACHE-GROUP
X-Qloud-Router
X-NGINX-Cache
XM
X-DynaTrace-JS-Agent
Datacenter
X-Ratelimit-Reset
LB
Expect-Staple
X-Cache-Backend
X-Varnish-Hits
X-Refresh
X-API-Version
X-Origin-Expires
X-Tx-Id
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-CF-Lambda-Fn
X-CF-Lambda-Version
N-Cache
X-VHOST
Cdn
X-Lagoon
X-Cache-Type
X-Shop-Environment
X-Tenant
X-LB-NoCache
X-Servedbyhost
X-Orig-Expires
Xc-Version
RATING
X-Forwarded-Path
GeoIp-Country-Code
X-CDN-Cache-Status
X-ECache
Cdn-Requestid
X-Srv
X-Gamma-Serve
Cmstype
Cmsid
X-UA
X-TX-ID
SID
X-Nananana
X-RID
Server-ID
X-Nc
CPC-Age
X-Wa
CPC-Cache
X-Vmg-Version
Cross-Origin-Opener-Policy-Report-Only
CloudFront-Viewer-Country
X-Cdn-Diag
X-Akamai-Transformed
X-Zone
X-Hit
X-B3-Parentspanid
X-Via-Fastly
X-Fpc
Resin-Trace
Tcn
X-Proxy-CacheRZ
X-Nf-Request-Id
XkeyRZ
Uri
Cache-Hits
X-HostName
User-Agent
X-Tt-Logid
X-Client-Ip
DataCenter
GeoIP-Latitude
X-Presslabs-Stats
X-LAGOON
X-Variation
X-Location
X-Ig-Origin-Region
CacheControlHeader
X-URL
Fusion-Deployment-Id
X-Amz-Meta-Opti
X-Fastly-Country-Code
X-Info
X-Datacenter
Fusion-Source
X-Api-Version
Fusion-Content-Id
Fusion-Content-Source
X-TIME
Fusion-Component-Id
Fusion-Template-Id
Fastly-Drupal-Html
Lb
Cf-Ipcountry
X-Cloudmap
True-Client-Ip
Mime-Version
Powered-By
True-Client-IP
X-Esi
X-NWS-UUID-VERIFY
X-NewRelic-App-Data
X-B3-Spanid
VNS-Age
VNS-Cache
Origin-EX
X-CS
X-Jungle-Id
Origin-CC
X-DataCenter
X-CUA
X-Geo
X-CACHE-AGE
MIME-Version
X-Dynatrace-Js-Agent
X-AIR-PT
X-Cached-By
X-LiteSpeed-Tag
X-User
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-Cdn-Forward
Debug
X-Segment-20210421
X-Vc
Srv
X-HOST
X-LiteSpeed-Cache-Control
Load-Balancing
Cache-Name
X-Dispatcher-Number
Hostname
X-Render-Time
Cl-Cache
CDN
X-Webkit-Csp-Report-Only
X-VTEX-Cache-Time
X-FPC
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-CSRF-TOKEN
X-Auth-Group-Type
X-Wormhole-Sdk
X-MCACHE
Edge-Cache
Server-Id
GeoIP-Country-Code
X-Dispatch
X-NC
X-Mid
X-WA
Ohc-File-Size
X-Litespeed-Tag
X-Lb-Nocache
X-Cs
X-Oracle-DMS-ECID
X-ServedByHost
X-Cdn-Cache-Status
X-Ig-Push-State
Ohc-Cache-HIT
BehaviorPad-Version
Odigeo-Trace-Id
X-NodeID
X-APP-VERSION
X-Cache-Ttl
CountryCode
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
X-Cache-Enabled
X-Custom-Header
X-Litespeed-Cache-Control
Ms-Author-Via
X-VCL-Version
X-PHP-Backend
Server-Info
Xkeylog
X-MSEdge-Features
YJS-ID
X-Lb-Id
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
X-MSEdge-Flight
X-Depends
Xkey-La3
X-Proxy-Cache-La3
X-Cdn-Request-ID
X-Pad
X-Acquia-Application-Trace
Time
Memory
X-Ha-Backend
X-Acquia-Application-UUID
X-Acquia-Site
Memcached
X-Acquia-Purge-Tags
My-App
X-Varnish-CookieINHashed-On
Ngx
X-Via-PopH
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Snapshot-Date
X-FL-QIT-DEBUG
X-FL-EDGE
Srvid
Location
X-DefHash
Geoip-Latitude
X-Via-PopV
X-Via-PopN
X-IN-APIGATEWAYSSL
X-DefElseHash
FSS-Cache
OriginIP
X-IN-APIGATEWAY
X-Shopid
X-Shardid
X-Cache-Version
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-M-Reqid
PICS-Label
Cloudfront-Viewer-Country
Warning
X-VC-TTL
X-M-Log
X-Fastly-Cache-Hits
X-Sucuri-Id
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
CF-Cached-On
X-Lsadc-Cache
CF-Ctrl
X-Internal-Host
X-RequestId
X-Udemy-Cache-App-Namespace
X-Web-Server
X-Dw-Trace-Id
X-Mg-Cache
X-Service-Response-Time
X-Serial
Sm-Log-Id
X-Check-Cacheable
Akamai-Cache-Status