Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
Accept-CH-Lifetime
X-Drupal-Cache
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-UA-Device
X-Backend
Keep-Alive
Request-Context
X-Robots-Tag
X-Server
Allow
X-Cache-Group
X-Hacker
X-AH-Environment
EagleId
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Dns-Prefetch-Control
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Pingback
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Permissions-Policy
X-Device
Cf-Railgun
EagleEye-TraceId
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-CST
X-Cache-Lookup
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Node
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
Nginx-Cache
X-Origin-Cache-Key
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-MS-InvokeApp
X-NWS-LOG-UUID
X-Upstream
X-Mod-Pagespeed
X-Times
X-Powered-By-Plesk
X-Server-Name
X-Browser-Type
Edge-Control
X-ECACHE
X-ESI
X-Cnection
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-D2id
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Element-Page-Cache
Verso
X-Ser
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
SPRequestDuration
SPIisLatency
X-RateLimit-Remaining
X-Ac
SPRequestGuid
X-SharePointHealthScore
X-Ruxit-Js-Agent
X-GitHub-Request-Id
X-B3-TraceId
X-Abt-Application-Version
X-NF-Request-ID
X-Navigation-Version
X-Vcap-Request-Id
X-Ttl
X-Dw-Request-Base-Id
AR-CACHE
X-Mg-S
X-Client-IP
Display
X-Sol
X-Middleton-Display
Pagespeed
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Edge-Cache-Tag
S
Fastly-Restarts
X-Cache-Key
X-VARITI-CCR
X-Cache-TTL
X-Amz-Rid
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Amzn-Trace-Id
X-Daa-Tunnel
RTSS
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Server-ID
X-Middleton-Response
Response
X-Recruiting
X-Varnish-TTL
X-Content-Digest
X-Webkit-Csp
X-TraceId
X-ARC
X-Forwarded-For
X-FastCGI-Cache
X-T
X-MSEdge-Ref
Arr-Disable-Session-Affinity
Cross-Origin-Resource-Policy
MS-Author-Via
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-Cache
Front-End-Https
X-Shield-Request-Id
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Accel-Expires
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-Cached
X-Forwarded-Proto
X-Hits
X-HS-Content-Id
X-Id
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
Public-Key-Pins
X-ORACLE-DMS-RID
X-FTR-Expires
Realpath
X-Ua-Browser
Payment
Server-Node
X-Frontend
X-Protected-By
X-LLID
X-RateLimit-Limit
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-GUploader-UploadID
TP-L2-Cache
X-ORACLE-DMS-ECID
X-LB-Cache
X-Fastly-Request-ID
X-Correlation-Id
X-XRDS-LOCATION
X-Request-Handler-Origin-Region
Cache-Tags
X-Microsite
Fastcgi-Cache
X-Debug-Info
Count-Hit
X-Page-Id
Referer-Policy
X-Hostname
X-Az
X-Envoy-Decorator-Operation
X-Activity-Id
X-AppVersion
X-Amzn-RequestId
X-Amz-Apigw-Id
X-NGENIX-Cache
X-Origin-Server
X-Varnish-Backend
Host
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Www-Served-By
X-Cluster-Name
X-Geo-Country
X-Varnish-Server
Accept-Charset
X-App-Server
Origin-Trial
X-PressLabs-Stats
X-Ezoic-Cdn
X-TEC-API-VERSION
X-F-Cache
X-TEC-API-ROOT
X-Ratelimit-Limit
X-TEC-API-ORIGIN
Retry-After
X-Fastcgi-Cache
X-Load-Cache
X-Goog-Metageneration
X-FB-Debug
X-Px
X-RateLimit-Reset
X-CSRF-Token
X-Seen-By
X-Upgrade-Enabled
TCN
Server-Name
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
Cleartype
X-Git-Hash
Section-Io-Cache
X-Request-Guid
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Grace
X-Cache-Control
X-TT
X-Trace-Id
X-Revision
X-Contextid
X-B
X-Varnish-Ttl
Healthy
Charset
X-Whom
X-Type
X-Azure-Ref
Paypal-Debug-Id
X-Webkit-CSP
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
DC
X-Datadog-Parent-Id
X-B3-Sampled
X-Content-Options
X-Fb-Rlafr
X-Proxy
X-Wix-Request-Id
X-Air-Pt
X-Mobile
X-Signature
X-B-Cache
X-App-Environment
X-N
X-Newrelic-App-Data
X-Node-Name
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Accept-Ch
Filterid
X-Magnolia-Registration
X-Amz-Replication-Status
X-Oracle-Dms-Ecid
Frame-Options
X-Origin-Cache
X-Goog-Storage-Class
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Hcs-Proxy-Type
X-EdgeConnect-Cache-Status
X-Time
X-Logged-In
Viewport
Backend
NGB
Content-Disposition
X-TTL
X-Debug
VIX-Pulpo-Upstream-Status
X-Oracle-Dms-Rid
VIX-Pulpo-Node
X-Response-Served-From
X-Original-Request-Id
X-Debug-IsPreview
X-Debug-IsConnected
X-Unique-Id
X-WebKit-CSP-Report-Only
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-RemovedCookies
X-ProcessESI
X-Is-Bot
X-Cache-Grace
MS-CV
X-Varnish-Grace
SD-X-WS
Ms-Operation-Id
X-Adobe-Loc
X-G
Liferay-Portal
X-Datadog-Sampled
X-RTag
X-Adobe-Content
Fastly-SIE
X-Amzn-Remapped-Content-Length
Fastly-SWR
X-FW-Hash
X-Instance
X-Hl-Ver
X-IPS-LoggedIn
X-NYM-Debug-Backend
X-UUID
X-Servername
X-FW-Version
X-FW-Type
X-FW-Dynamic
X-Backend-Name
X-FW-Serve
X-FW-Server
X-FW-Static
X-Via-JSL
X-Device-Type
X-VC-Cache
X-Cacheable-TTL
ServerID
From-Origin
X-Fastly-Request-Id
X-Cache-Age
Akamai-GRN
Upgrade-Insecure-Requests
X-Proxy-Cache-Info
X-User-Agent
X-Region
X-Cache-Hit
X-Environment-Context
X-L-Path
X-Rule
X-Ratelimit-Remaining
X-Status
Version
X-Ua-Device
Country
X-B3-SpanId
Refresh
X-Template
X-Source
X-Language
X-INCAP-ABP
Countrycode
CDN-RequestId
GEO-INFO
X-Storage
Url
X-HTML-Minification-Powered-By
X-Air-Source
SRV
X-Air-Hostname
X-Air-Trace-Id
X-Rid
X-WP-CF-Super-Cache-Active
X-Cache-Status-Check
X-Origin-TTL
X-Origin-CC
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-NODE
OT-Force-Account-Verify
X-Aspnet-Duration-Ms
X-Route-Name
WPO-Cache-Message
WPO-Cache-Status
X-Providence-Cookie
X-Flags
X-Is-Crawler
X-Real-IP
X-Jobs
X-ServerID
X-App-Version
X-Akamai-Request-ID2
X-B3-Traceid
X-VC
Surrogate-Key
X-CDN-Forward
X-Content-Powered-By
X-Cache-Time
Protected
Access-Control-Request-Headers
X-Sucuri-Cache
X-Rocket-Nginx-Serving-Static
Xet-Cookie
X-Accel-Version
X-Handled-By
X-Hosted-By
X-Sucuri-ID
X-Akamai-Edgescape
Amp-Access-Control-Allow-Source-Origin
X-Cache-Rule
Filters
X-Cache-Operation
X-TT-LOGID
Webserver
X-Mode
Meta-Geo
X-Upstream-Ht
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Upstream-Ct
X-Rn-Rsrv
X-Worker
X-Edge-Location
X-Drupal-Cache-Tags
X-Adobe-Source
X-SaId
X-PHP-Host
X-Detected-As
X-GeoCode
X-GeoCountry
X-Nginx-Cache
X-Webstats-RespID
Selected-Fe
X-Tumblr-Pixel-2
Section-Io-Id
X-Tumblr-Pixel-3
X-JoinUs
X-Labrador-Cache-Channel
X-Framework
X-Cache-Debug
X-Proxy-Build
X-Origin
X-Web-Node
X-Timing-Wait
X-Director
X-Cms-Context
X-Drupal-Cache-Contexts
X-AWS-Id
X-VWS-Id
X-Redis-Cache
X-Platform-Cluster
X-Restarts
X-Soup
Atl-Traceid
X-No-Session
ServedBy
Node
X-LJ-Flow-ID
X-Logging-Id
X-Served-From
X-Varnish-Cache-Hits
X-SayCDN-TTL
X-RM-Cache-TTL
X-Platform-Processor
X-Say-Cacheable
X-Say-TTL
X-Platform-Router
Front
Webcakes-Region
Webcakes-App-Version
Mn-Server-Ip
TWC-Device-Class
TWC-Privacy
Web-Mar-Node
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-GeoIP-Country
Property-Id
X-ProxyCache-Key
X-IPLB-Request-ID
X-Is-Desktop
X-Site-Version
X-Skip-Cache
X-Tb
X-Is-Mobile
X-Is-Supported-Browser
X-Origin-Date
X-Origin-Hint
X-Loop
X-Locale
X-Is-Tablet
X-Tcp-Rtt
X-IPLB-Instance
X-Forwarded-Host
X-Xfnlog-Site
X-Cluster
X-BYPASS-REASON
X-Browser-Name
X-ProxyCache-Status
X-S
X-Varnish-Age
X-Tncms
X-VCT
X-Geo-Region
Xserver
X-AB
CDN-EdgeStorageId
CDN-RequestPullCode
X-RID
CDN-RequestCountryCode
CDN-CachedAt
Apigw-Requestid
CDN-Cache
CDN-RequestPullSuccess
CDN-PullZone
CDN-Uid
X-Fetched-On
X-Format
X-Generation-Time
X-Shopify-Stage
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Host
X-Tec-Api-Root
X-Vercel-Id
X-Git-Commit
X-Vercel-Cache
X-Lambda-Id
Cross-Origin-Embedder-Policy
X-Varnish-Beresp-Grace
X-Reqid
X-RCS-CacheZone
X-R9-Blue-Green-Version
Accept-Language
X-Alternate-Cache-Key
X-Httpd
X-Container-Uri
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Storefront-Renderer-Rendered
Azure-Version
X-Zipkin-Id
X-Ms-Request-Id
X-Ms-Version
X-Extlb
X-Routing-Service
X-Cdn-Origin
X-Proxied
X-Frame-Option
X-Provided-By
X-Vcache
X-Cache-Server
X-ShopId
Fastcgi-Useragent
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
DB-Nickname
WP-Super-Cache
X-Page-View
X-SRV
X-XRDS-Location
X-Vcl-Version
CF-IPCountry
X-Uri
Source
X-MP-GENERATED-AT
Cross-Origin-Window-Policy
X-Server-W
X-Azure-Ref-OriginShield
X-Generated-By
Cross-Origin-Embedder-Policy-Report-Only
Sid
X-Use-Mantle
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Scope-Id
TDXMobile
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-Control
Thinkindot-CacheControl
Cache-Tv-Group
Cache
X-Pass-Why
X-FB-TRIP-ID
Content-Secure-Policy
X-Buckets
X-UA
X-Kinja-CCPA
Priority
HostName
X-Optimistic-Header
Onion-Location
X-LSADC-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-PDP-UNCACHING-HASH
X-Http-Reason
Locale
X-DataDome
X-Dc
X-Content-Age
X-WP-CF-Super-Cache-Cookies-Bypass
X-Lagoon
X-ECache
X-DynaTrace
X-GEO
X-Xrds-Location
X-TA-CDN-Provider
X-Request-URI
X-Newrelic-Synthetics
Locid
LB
User-Cache-Control
X-Cluster-Node
Req-ID
Rendered-Blocks
A
Cdnsip
Lang
Origin
Magicmarker
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Origin-Agent-Cluster
Gannett-Cam-Experience-Id
Ngx-Var-Key
Cdncip
DCR-Decision-By
DCR-Processing-Time-Ms
Redirect-Candidate
Expiry
Candidate-Md5Url
X-Bl-Debug
X-External-Request-Id
X-ND-Cache
X-Platform
X-Request-Start
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Destination
X-Developer
X-Dispatcher-Server
X-Ec-Fail
X-Rojux
X-S-Cookie
X-Vdms-Path
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Hostname
X-UA-Device-Type
X-SB
X-ScT
X-SRCache-Key
X-TIM-N
X-D
X-Connection-Hash
Vix-Hermes-Req-Id
X-A-Ccd
X-A-Dam
X-A-Dcw
T-Server
Surrogated-Key
Server-Host
Server-Hostname
Sever-Int
Sslversion
X-A-Dgt
X-A-Wwc
X-BCube-Filmed-By
X-Cache-Bucket
X-Cache-NE
X-Conf
X-Bc-Bl
X-B-Cookie
X-Aed
X-AK-Request-ID
X-Application
Server-Ext
X-A
X-Proxy-Cache-Status
X-Datadome
X-Sql-Duration-Ms
X-Cache-Action
X-Sql-Count
X-Cache-Aspx
X-Block-Status
X-Bip
X-B3-Trace-ID
X-Cache-Id
X-Debug-Cache-Store
X-Device-Os
X-DPWN-IS-SECURE
X-Debug-Cache-Fetch
X-Core-Value
X-Clientip
X-Contensis-Viewer-Groups
X-Amz-Meta-Cb-Modifiedtime
V-Age
Is-Eu
NM-Fastcgi-Cache
Host-ID
Fastly-SSL
Environment
X-Varnish-Beresp-Ttl
Platform
True-Client-Country-4JS
X-Ec-Custom-Error
Release
Producers
Pramga
X-Ad-Load-Variation
X-Esi-Check
X-Pubstack
X-Req
X-PAYTM-SRV-ID
X-Origin-Time
X-Op-Id-All
X-Origin-Expires
X-Scheme
X-SD-PageType
X-Zen-Fury
Yak-Timeinfo
X-WA-Info
X-Varnishpool
X-Thanos
X-Varnish-Authentication
X-Nyt-Route
X-Node-Id
X-Generated-On
X-GeoIP
X-Gen-Mode
X-Gdpr
X-Fastly-Cache
X-Forwarded-Site
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Loc
X-NMSegId
X-Level-Front-Cache
X-Hnp-Log
X-Gzip
DSUID
X-GeoIP-City
Cluster
Adler-Geo
CDCHOST
Content-Style-Type
Content-Script-Type
X-Service
X-Origin-Response-Time
Apple-News-Services-Host
Apple-News-Services-Handled
XM
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Cache-TTL-Remaining
C-Via
X-FC-Vary-Parameters
X-Fmm-Version
X-HS-Content-Campaign-Id
X-Human
X-HN
X-GoCache-CacheStatus
X-From
X-Geo-Header
X-Cache-Info
X-Cache-Expired-At
X-Aicache-OS
X-Amz-Storage-Class
X-Acquia-Purge-Cdn-Unconfigured
X-Access
Wxu-Next-Hostname
Wxu-Next-Region
X-ApacheServer
X-Auto-Login
Cache-Provider
X-Cache-Backend
Canary
X-BBC-Edge-Cache-Status
X-VarnishDD-TTL
X-Backend-Instance
X-We-Are-Hiring
X-Instance-Name
X-Request-Host
X-Request-Time
X-Section
X-Region-Sid
X-RateLimit-Remaining-Second
X-Proxied-Request
X-RateLimit-Limit-Second
X-Server-IP
X-Sn-Servicetimems
X-Var-Ttl
X-Varnish-Beresp-Status
X-V-Cache
X-TH-Server
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Pool
X-Policy
X-Mly-Id
X-Moov-T
Wxu-Next-Commit
X-Micro-Cache
X-VG-TLSProxy
X-Men
X-VG-WebCache
X-Moov-Xdn-Version
X-Org
X-PERF
X-Old-Content-Length
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-NCache
X-Varnish-Director
Cache-Hits
Fastly-GeoIP-CountryCode
Tube-Got-Eval
Click-Count-Action-Start
Machine
Tube-Got-Results
Click-Count-Error
On-Server
PFcat
Uber-Trace-Id
Tube-Return
Tube-Get-Contents
L
Req-Svc-Chain
Web-Mar-Region
Gh-Request-Id
RNT-Machine
Esi-Enabled
Country-Code
We-Hiring
RNT-Time
Ssr
Mail-Subject
Fastly-Drupal-HTML
X-NGINX-Cache
X-Mvc-Supplant-OutputCached
X-Csrf-Jwt
AKAMAI
X-Eu-Site
L5d-Success-Class
X-Rocket-Build-Number
X-Test
X-Zone
X-Hash
Ha-Gx-Prefs
WZWS-RAY
X-Up
X-Cdn-Srv
X-VServer
X-Fastly-Backend
Proxy-Firewall
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Edge-Server
X-CGP
W
X-App-Name
X-Sigma
X-Sigma-Backend
X-Proto
Cdn-Request-Time
Cdn-Host
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Cache-Key
X-Cache-Date
Cf-Device-Type
HA-Ipaddr
X-Correlation-ID
X-NWS-UUID-VERIFY
X-VCache
NGX
X-LB-ID
X-Tb-Optimization-Total-Bytes-Saved
X-CacheTTL
Fastly-Backend-Name
X-Date
X-Accel-Expires-Debug
X-Mg-Request-UUID
X-API-Version
X-Ah-Environment
X-Via-Fastly
X-Branch-Name
X-Via-Edge
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-DynaTrace-JS-Agent
X-COUNTRY
X-Via-Poph
X-Tx-Id
NtCoent-Length
X-Via-Popv
X-Via-Popn
S-Rt
X-Parent-Response-Time
X-DC
X-Cloudmap
X-Servedbyhost
X-HA-Backend
X-Refresh
Pics-Label
X-Ig-Origin-Region
Type
X-CACHE-GROUP
X-Varnish-Hits
X-Location
Datacenter
X-Ratelimit-Reset
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-CDN-Cache-Status
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
GeoIp-Country-Code
X-Ua
X-VHOST
Cdn
X-Akamai-Transformed
X-Jungle-Id
X-CUA
Resin-Trace
Powered-By
X-Irp-Debug
X-LB-NoCache
X-Esi
X-TX-ID
SID
X-User
Origin-CC
X-Owner
Origin-EX
X-Nc
X-Wormhole-Sdk
X-Wa
X-Core-Mission
Cdn-Requestid
Cf-Ipcountry
X-SIPLIST1
Cross-Origin-Opener-Policy-Report-Only
IsBot
X-Srv
Server-ID
GeoIP-Latitude
X-Qloud-Router
DataCenter
X-ZONE
X-Fpc
X-Render-Time
X-Hit
X-LiteSpeed-Tag
X-Nf-Request-Id
X-Powered-By-VTEX-Cache
X-B3-Parentspanid
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-NewRelic-App-Data
XkeyRZ
Debug
X-Nananana
X-Proxy-CacheRZ
Fastly-Drupal-Html
X-Client-Ip
Mime-Version
True-Client-IP
Expect-Staple
Edge-Cache
X-Presslabs-Stats
X-Segment-20210421
X-URL
X-CF-Lambda-Fn
X-CS
CloudFront-Viewer-Country
X-Cached-By
N-Cache
X-DataCenter
X-IAuth-Set-Uid
X-CF-Lambda-Version
Uri
X-Amz-Meta-Opti
X-Auth-Group-Type
Xc-Version
X-Cs
X-Shop-Environment
X-TimeS
X-TIME
X-Cache-Type
X-Orig-Expires
X-Forwarded-Path
X-Tenant
X-Varnish-Beresp-TTL
CDN
X-Tt-Logid
Cmstype
Cmsid
X-Ig-Push-State
X-Gamma-Serve
X-LiteSpeed-Cache-Control
Srv
X-HostName
X-Info
Odigeo-Trace-Id
User-Agent
True-Client-Ip
MIME-Version
X-CACHE-AGE
X-Geo
X-PHP-Backend
CPC-Age
X-Vmg-Version
CPC-Cache
X-Dynatrace-Js-Agent
X-Custom-Header
Tcn
X-Cdn-Diag
X-Fastly-Country-Code
X-Vgn-Hpd-Reason
Load-Balancing
X-NodeID
X-B3-Spanid
X-Cdn-Forward
X-AIR-PT
X-Vc
X-Depends
X-FPC
X-Dispatch
X-HOST
X-Pad
Request-ID
X-Varnish-Remaining-TTL
X-WA
Ohc-File-Size
X-Datacenter
X-APP-VERSION
X-Variation
X-Varnish-CookieINHashed-On
X-DefElseHash
X-DefHash
X-NC
X-Varnish-CookieHashed-On
X-CLOUD-TRACE-CONTEXT
X-Webkit-Csp-Report-Only
Server-Id
Cl-Cache
X-CSRF-TOKEN
CacheControlHeader
Hostname
X-M-Log
X-M-Reqid
X-VC-TTL
X-Api-Version
X-LAGOON
X-Lb-Nocache
Ohc-Cache-HIT
X-ServedByHost
X-Cache-FS-Status
X-APP
GeoIP-Country-Code
Geoip-Latitude
X-Oracle-DMS-ECID
VNS-Cache
VNS-Age
Cloudfront-Viewer-Country
X-Cdn-Cache-Status
Epwk-X-Cache
PICS-Label
X-Cache-Ttl
X-Litespeed-Tag
FSS-Cache
Server-Info
X-Fastly-Backend-Reqs
X-Via-PopV
CountryCode
X-Ha-Backend
X-Via-PopN
X-Via-PopH
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Litespeed-Cache-Control
X-VCL-Version
X-Cdn-Request-ID
ServerHost
X-Lb-Id
Srvid
X-FL-QIT-DEBUG
BehaviorPad-Version
X-MSEdge-Features
X-Snapshot-Date
X-Dispatcher-Number
X-MSEdge-Flight
Xkey-La3
Xkeylog
X-Proxy-Cache-La3
X-Check-Cacheable
X-IN-APIGATEWAYSSL
X-Akamai-Pragma-Client-IP
X-Th-Server
X-IN-APIGATEWAY
OriginIP
Ngx
X-MiniProfiler-Ids
X-RequestId
X-Web-Server
X-Serial
X-Acquia-Application-UUID
Memcached
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
Memory
Time
X-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Cache-Version
X-Sucuri-Id
X-Mid
X-RAMCache
X-Ramcache
Warning
X-Service-Response-Time
X-Dw-Trace-Id
X-Mg-Cache
Sm-Log-Id
Akamai-Cache-Status
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Udemy-Cache-App-Namespace
X-Requestid