Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
X-Served-By
P3P
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-LiteSpeed-Cache
X-Device
Cf-Railgun
EagleEye-TraceId
X-WebKit-CSP
Permissions-Policy
X-OneAgent-JS-Injection
X-CST
X-Backend-Server
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Application-Context
X-Node
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Url
Accept-Ch-Lifetime
Rating
X-Origin-Cache-Key
X-Rack-Cache
Cache-Tag
X-Amz-Server-Side-Encryption
X-Edge
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-Midtier
X-PC
X-Vname
X-TtlSet
Nginx-Cache
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-Server-Name
Edge-Control
X-ESI
X-NWS-LOG-UUID
X-Browser-Type
X-Cnection
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Ruxit-Js-Agent
X-Ac
SPIisLatency
SPRequestDuration
X-Ser
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-RateLimit-Remaining
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Ttl
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Pagespeed
Display
X-Middleton-Display
X-Sol
S
Edge-Cache-Tag
X-VARITI-CCR
Fastly-Restarts
X-Client-IP
X-Amzn-Trace-Id
X-Cache-TTL
RTSS
X-Cache-Key
X-Amz-Rid
Cache-Status
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
X-Server-ID
Access-Control-Request-Method
X-Goog-Hash
X-Daa-Tunnel
X-Recruiting
Response
X-Middleton-Response
X-Varnish-TTL
X-Content-Digest
X-ARC
X-Webkit-Csp
X-Forwarded-For
X-TraceId
X-T
Arr-Disable-Session-Affinity
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-MSEdge-Ref
Content-MD5
Cross-Origin-Resource-Policy
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
MicrosoftSharePointTeamServices
Front-End-Https
X-Shield-Request-Id
X-Accel-Expires
X-Hits
X-Cached
X-FTR-Backend
X-Country-Code-Real
Public-Key-Pins
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
Server-Node
X-HS-Cache-Config
X-Request-Processing-Time
X-Ua-Browser
X-RateLimit-Limit
X-Id
X-Forwarded-Proto
X-FTR-Expires
X-Request-Received
Payment
X-FastCGI-Cache
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
X-Frontend
Realpath
X-Protected-By
X-LLID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Origin-Trial
X-Fastcgi-Cache
X-Distributor
X-ORACLE-DMS-RID
X-Hostname
TP-L2-Cache
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
Cache-Tags
X-Request-Handler-Origin-Region
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Microsite
X-Debug-Info
X-Origin-Server
X-Page-Id
Host
Referer-Policy
Fastcgi-Cache
Mrf-Cache-Status
Count-Hit
X-Envoy-Decorator-Operation
MRF-Tech
X-Activity-Id
X-Az
X-AppVersion
X-B3-TraceId-Primal
X-Geo-Country
X-Cluster-Name
X-NGENIX-Cache
X-Www-Served-By
X-Varnish-Backend
X-Varnish-Server
Accept-Charset
X-Correlation-Id
X-App-Server
X-F-Cache
X-Ua-Device
X-PressLabs-Stats
X-Fastly-Request-ID
X-XRDS-LOCATION
X-Ezoic-Cdn
Retry-After
X-FB-Debug
X-Goog-Metageneration
X-ORACLE-DMS-ECID
X-Load-Cache
X-Ratelimit-Limit
TCN
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-RateLimit-Reset
X-Upgrade-Enabled
X-TEC-API-VERSION
X-Px
Access-Control-Allow-Method
X-Seen-By
X-Git-Hash
X-Varnish-Ttl
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-CSRF-Token
X-Tt-Trace-Host
Cleartype
X-Tt-Trace-Tag
X-Contextid
Section-Io-Cache
X-Revision
X-Request-Guid
X-Datadog-Parent-Id
X-Content-Options
X-Cache-Control
X-Datadog-Trace-Id
X-Grace
X-Trace-Id
X-Datadog-Sampling-Priority
X-Oracle-Dms-Ecid
Charset
X-Type
X-B
Paypal-Debug-Id
X-B3-Sampled
X-TT
Healthy
X-Whom
DC
X-Fb-Rlafr
X-Air-Pt
X-Azure-Ref
X-Wix-Request-Id
X-B-Cache
X-Signature
X-Proxy
X-App-Environment
X-Node-Name
X-Mobile
X-Origin-Cache
Accept-Ch
X-Magnolia-Registration
X-N
X-Oracle-Dms-Rid
X-Newrelic-App-Data
Frame-Options
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Filterid
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-TTL
X-Goog-Storage-Class
X-Logged-In
X-Fastly-Request-Id
X-NODE
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-WebKit-CSP-Report-Only
Backend
Content-Disposition
NGB
Viewport
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
Akamai-GRN
X-Response-Served-From
X-Is-Bot
X-Rendered-As
X-Yottaa-Optimizations
X-Datadog-Sampled
X-Yottaa-Metrics
X-ProcessESI
Liferay-Portal
X-Tumblr-User
X-Tumblr-Pixel-0
X-Debug-IsConnected
Ms-Operation-Id
X-RTag
X-Tumblr-Pixel-1
X-Varnish-Grace
MS-CV
SD-X-WS
X-Debug-IsPreview
X-Hl-Ver
X-RemovedCookies
X-Servername
X-Tumblr-Pixel
X-Unique-Id
X-Rid
X-Ratelimit-Remaining
X-FW-Version
X-FW-Static
X-Adobe-Content
Upgrade-Insecure-Requests
X-FW-Server
X-UUID
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-Language
X-Instance
X-Adobe-Loc
X-FW-Type
X-FW-Dynamic
X-Debug
X-Time
X-FW-Hash
X-FW-Serve
X-Backend-Name
Fastly-SWR
Fastly-SIE
X-L-Path
X-Environment-Context
X-NYM-Debug-Backend
X-G
X-Via-JSL
X-Cacheable-TTL
X-Cache-Grace
ServerID
X-Region
X-User-Agent
X-Proxy-Cache-Info
X-Device-Type
From-Origin
X-Rule
X-Template
Refresh
Country
X-Cache-Hit
X-VC-Cache
X-Flags
X-Route-Name
X-Cache-Age
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Status
X-B3-SpanId
X-Providence-Cookie
Url
Version
X-Webkit-CSP
X-INCAP-ABP
X-Source
Countrycode
X-HTML-Minification-Powered-By
GEO-INFO
X-Cache-Status-Check
X-App-Version
Alternate-Protocol
SRV
X-Jobs
X-Storage
CDN-RequestId
X-Nginx-Cache
X-WP-CF-Super-Cache-Active
WPO-Cache-Message
WPO-Cache-Status
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
Amp-Access-Control-Allow-Source-Origin
OT-Force-Account-Verify
X-B3-Traceid
X-Akamai-Request-ID2
X-Real-IP
X-Content-Powered-By
X-CDN-Forward
X-Tec-Api-Root
X-Origin-TTL
X-Origin-CC
X-Tec-Api-Version
X-Tec-Api-Origin
X-Rocket-Nginx-Serving-Static
Protected
Surrogate-Key
Access-Control-Request-Headers
X-ServerID
X-Hosted-By
X-Accel-Version
X-Cache-Time
X-XRDS-Location
CF-IPCountry
X-Handled-By
X-Akamai-Edgescape
AMP-Access-Control-Allow-Source-Origin
X-Cache-Operation
X-Kinja-CCPA
X-VC
X-Cache-Rule
X-Use-Mantle
X-Mode
X-Page-View
X-Endurance-Cache-Level
Webserver
X-Upstream-Ct
X-Upstream-Ht
X-Xfnlog-Site
Filters
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Platform-Cluster
X-Edge-Location
Xet-Cookie
Meta-Geo
X-Rn-Rsrv
X-Platform-Router
X-Framework
X-Platform-Processor
X-LJ-Flow-ID
X-Cache-Debug
X-Proxy-Build
Accept-Language
X-Director
X-VWS-Id
X-Served-From
X-JoinUs
X-TT-LOGID
X-Tumblr-Pixel-2
Selected-Fe
Section-Io-Id
X-Timing-Wait
X-Tumblr-Pixel-3
X-Detected-As
X-SaId
X-Varnish-Cache-Hits
X-Origin
X-Soup
Cross-Origin-Embedder-Policy
ServedBy
X-AWS-Id
X-BYPASS-REASON
X-Extlb
X-No-Session
X-Drupal-Cache-Tags
X-Cluster
X-Sucuri-Cache
X-Cms-Context
TWC-GeoIP-Country
TWC-Device-Class
X-Labrador-Cache-Channel
Mn-Server-Ip
TWC-Connection-Speed
Front
Node
Property-Id
TWC-GeoIP-LatLong
X-Lambda-Id
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
Web-Mar-Node
TWC-Locale-Group
TWC-Privacy
X-Adobe-Source
X-Say-Cacheable
X-Vcache
X-Restarts
X-Zipkin-Id
X-Worker
X-Webstats-RespID
X-Say-TTL
X-SayCDN-TTL
X-Logging-Id
X-Redis-Cache
X-Routing-Service
X-PHP-Host
X-Proxied
X-Origin-Hint
X-ProxyCache-Key
X-Web-Node
X-ProxyCache-Status
X-GeoCode
X-Site-Version
X-GeoCountry
X-Geo-Region
X-Drupal-Cache-Contexts
X-Tncms
X-Skip-Cache
X-Format
X-AB
X-Varnish-Beresp-Grace
X-Browser-Name
X-Varnish-Age
X-Tcp-Rtt
X-Is-Desktop
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-IPLB-Instance
Apigw-Requestid
X-RM-Cache-TTL
X-Loop
X-Locale
X-RCS-CacheZone
Azure-Version
Azure-SlotName
X-S
X-Is-Mobile
X-IPLB-Request-ID
X-Is-Supported-Browser
X-VCT
X-Is-Tablet
CDN-RequestCountryCode
CDN-Uid
X-Forwarded-Host
CDN-RequestPullSuccess
X-Vercel-Id
X-Fetched-On
CDN-RequestPullCode
X-Shopify-Stage
X-Git-Commit
X-Origin-Date
X-Httpd
X-Container-Uri
X-R9-Blue-Green-Version
X-Reqid
X-Storefront-Renderer-Rendered
X-Tb
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
Xserver
X-Generation-Time
CDN-PullZone
X-Vercel-Cache
X-Sucuri-ID
X-Alternate-Cache-Key
X-Cache-Server
X-Cache-Host
X-Ms-Request-Id
DB-Nickname
X-Provided-By
X-Frame-Option
X-Ms-Version
X-ShopId
X-Server-W
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
Atl-Traceid
WP-Super-Cache
X-Cdn-Origin
X-MP-GENERATED-AT
X-Uri
X-Vcl-Version
Cross-Origin-Embedder-Policy-Report-Only
X-Http-Reason
Cache-Tv-Group
Source
Fastcgi-Useragent
X-Generated-By
X-Pass-Why
Content-Secure-Policy
X-FB-TRIP-ID
X-SRV
Priority
X-DynaTrace
Cross-Origin-Window-Policy
X-Shield-Cache-Expires
X-CMSURLCustom
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Buckets
X-Scope-Id
TDXMobile
X-Thinkindot-L3
Thinkindot-CacheControl
Onion-Location
Cache
Sid
X-DataDome
X-Azure-Ref-OriginShield
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-LSADC-Cache
X-Content-Age
X-RID
X-Sql-Duration-Ms
X-Sql-Count
X-WP-CF-Super-Cache-Cookies-Bypass
X-Optimistic-Header
X-Varnish-Beresp-Ttl
HostName
X-Xrds-Location
X-TA-CDN-Provider
X-Cluster-Node
X-Proxy-Cache-Status
X-GEO
Expiry
X-Cache-Action
X-Request-URI
X-Dc
User-Cache-Control
X-UA
WZWS-RAY
X-Connection-Hash
X-A-Ccd
X-Instance-Name
X-A-Dam
X-Bl-Debug
X-A-Dcw
X-A-Wwc
X-A-Dgt
X-Bc-Bl
X-BCube-Filmed-By
X-B-Cookie
X-Ec-Custom-Error
X-Ec-Fail
X-Application
X-Dispatcher-Server
X-Developer
X-Conf
X-D
X-Destination
X-Ec-GeoHdr
X-Cache-NE
X-Lagoon
X-Cache-Bucket
X-Aed
Fastly-Drupal-HTML
X-A
X-Epic-Correlation-Id
X-External-Request-Id
A
Sslversion
X-Scheme
X-ScT
X-Vdms-Version
Server-Ext
X-SB
X-S-Cookie
Server-Host
X-Rojux
Ngx.Var.Host
X-Vdms-Path
Req-ID
DCR-Processing-Time-Ms
X-TIM-N
Origin-Agent-Cluster
DCR-Decision-By
X-Varnish-Hostname
Origin
Rendered-Blocks
X-SRCache-Key
Server-Hostname
X-Request-Start
Vix-Hermes-Req-Id
Meta-Geo-Continent
X-Op-Id-All
MD5-Digest
Magicmarker
Lang
Candidate-Md5Url
X-ND-Cache
T-Server
Ngx-Var-Key
Surrogated-Key
X-Viewer-Country
Sever-Int
X-Correlation-ID
Gannett-Cam-Experience-Id
X-PAYTM-SRV-ID
X-Vtex-Remote-Cache
X-Platform
Redirect-Candidate
X-TimeS
X-Newrelic-Synthetics
X-Access
X-Acquia-Purge-Cdn-Unconfigured
V-Age
Wxu-Next-Commit
Wxu-Next-Hostname
Locid
Yak-Timeinfo
Ssr
Req-Svc-Chain
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-B3-Trace-ID
Wxu-Next-Region
X-AK-Request-ID
NM-Fastcgi-Cache
X-Auto-Login
X-Gzip
X-Section
X-SD-PageType
X-Sigma
X-Sigma-Backend
X-TH-Server
X-Rocket-Build-Number
X-Request-Time
X-Pool
X-Origin-Time
X-Proxied-Request
X-Pubstack
X-Req
X-Thanos
X-UA-Device-Type
X-Zen-Fury
X-We-Are-Hiring
C-Via
DSUID
Release
X-WA-Info
X-VServer
X-Varnish-Director
X-Varnish-Beresp-Status
X-Varnishpool
X-VG-TLSProxy
X-VG-WebCache
X-Nyt-Route
X-Node-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Esi-Check
X-Fastly-Cache
X-Forwarded-Site
X-Core-Value
X-Clientip
X-Block-Status
X-Bip
X-Cache-Id
X-Cache-Info
X-Cache-TTL-Remaining
X-Gdpr
X-Gen-Mode
X-Mly-Id
X-Loc
X-NCache
X-Nginx-Cache-Key
X-NMSegId
X-Level-Front-Cache
X-Human
X-GeoIP-Country-Code
X-Generated-On
X-GeoIP-Region-Code
L
X-Hnp-Log
X-BBC-Edge-Cache-Status
Pramga
Cluster
Cdnsip
Content-Script-Type
Content-Style-Type
Environment
Cdncip
CDCHOST
X-Cache-Expired-At
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
Apple-News-Services-Request-Url
Fastly-SSL
Host-ID
X-Via-Edge
X-Via-SSL
X-Via-CDN
X-API-Version
X-Service
X-Origin-Response-Time
Edge-Copy-Time
LB
X-Old-Content-Length
X-SVT-ORM-VERSION
X-FC-Vary-Parameters
X-Backend-Instance
X-Org
X-Moov-Xdn-Version
X-Fmm-Version
X-VarnishDD-TTL
X-ApacheServer
X-DPWN-IS-SECURE
X-Ad-Load-Variation
X-Device-Os
X-Aicache-OS
X-Policy
On-Server
X-PERF
X-Origin-Expires
X-Moov-T
X-Cdn-Srv
X-HN
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-GeoIP-City
X-Geo-Header
X-GeoIP
Click-Count-Error
Click-Count-Action-Start
X-From
X-Cache-Aspx
X-Branch-Name
X-RateLimit-Limit-Second
X-Mvc-Supplant-Cachable
X-Men
X-Micro-Cache
X-Contensis-Viewer-Groups
Adler-Geo
Gh-Request-Id
X-Cache-Date
Tube-Return
X-Server-IP
X-RateLimit-Remaining-Second
X-ECache
True-Client-Country-4JS
X-Varnish-Authentication
X-Var-Ttl
RNT-Time
Tube-Got-Results
X-V-Cache
Esi-Enabled
Tube-Got-Eval
Country-Code
Platform
RNT-Machine
Producers
Uber-Trace-Id
X-SVT-ORM-RULES
Web-Mar-Region
Tube-Get-Contents
Canary
S-Rt
X-Region-Sid
Cache-Provider
Machine
We-Hiring
Mail-Subject
PFcat
Is-Eu
X-Request-Host
XM
X-Datadome
X-Up
X-Cache-Backend
X-Eu-Site
X-Fastly-Backend
X-Test
X-Mvc-Supplant-OutputCached
X-Wikidot-Static-Cache
X-DC
X-Proto
X-Wikidot-Backend
X-Slack-Backend
X-Hash
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Edge-Server
W
Cdn-Host
Cache-Key
AKAMAI
X-CGP
Cdn-Request-Time
Cf-Device-Type
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
Proxy-Firewall
X-Csrf-Jwt
X-App-Name
X-Mg-Request-UUID
X-Tx-Id
X-VCache
X-Parent-Response-Time
X-LB-ID
Fastly-Backend-Name
Type
X-Ah-Environment
X-CacheTTL
X-Date
X-Accel-Expires-Debug
X-Ua
X-URL
X-Tb-Optimization-Total-Bytes-Saved
X-Servedbyhost
NGX
X-COUNTRY
X-Varnish-Hits
Cache-Hits
X-CACHE-GROUP
X-Via-Poph
X-HA-Backend
X-Via-Popv
X-Via-Popn
Pics-Label
Cdn
X-Ratelimit-Reset
X-Zone
NtCoent-Length
X-Irp-Debug
X-Via-Fastly
X-DynaTrace-JS-Agent
X-LB-NoCache
X-Client-Ip
X-VHOST
Datacenter
X-Refresh
X-Owner
SID
X-CDN-Cache-Status
GeoIp-Country-Code
X-NGINX-Cache
X-Cloudmap
Cdn-Requestid
X-Esi
X-Nc
X-ZONE
X-Ig-Origin-Region
X-Core-Mission
IsBot
X-Location
X-Srv
X-Wa
X-SIPLIST1
Server-ID
X-PDP-UNCACHING-HASH
Fusion-Component-Id
X-Akamai-Transformed
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-NWS-UUID-VERIFY
X-Qloud-Router
Powered-By
Cross-Origin-Opener-Policy-Report-Only
GeoIP-Latitude
Resin-Trace
X-Fpc
X-B3-Parentspanid
X-Nananana
Expect-Staple
N-Cache
X-CF-Lambda-Version
X-TIME
X-Jungle-Id
DataCenter
Origin-CC
X-CF-Lambda-Fn
Origin-EX
X-CUA
X-Hit
X-CS
X-TX-ID
X-DataCenter
CloudFront-Viewer-Country
X-Nf-Request-Id
X-User
X-NewRelic-App-Data
X-Cache-Type
X-Shop-Environment
X-Proxy-CacheRZ
X-Forwarded-Path
XkeyRZ
Xc-Version
X-Tenant
X-Orig-Expires
X-Segment-20210421
Uri
X-Gamma-Serve
X-Presslabs-Stats
Cmsid
Cmstype
X-CACHE-AGE
X-Wormhole-Sdk
X-Cached-By
X-IAuth-Set-Uid
X-Amz-Meta-Opti
X-Render-Time
CPC-Age
User-Agent
CPC-Cache
X-Tt-Logid
X-Info
True-Client-IP
Mime-Version
X-Cdn-Diag
Debug
True-Client-Ip
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
MIME-Version
X-VTEX-Cache-Server
X-Vmg-Version
X-LiteSpeed-Tag
X-Dynatrace-Js-Agent
Fastly-Drupal-Html
X-Vc
Edge-Cache
X-Geo
X-Fastly-Country-Code
X-Auth-Group-Type
X-Dispatch
CDN
X-Oracle-DMS-ECID
Load-Balancing
X-CSRF-TOKEN
Cf-Ipcountry
X-LiteSpeed-Cache-Control
X-B3-Spanid
Srv
X-Ig-Push-State
X-Datacenter
X-HOST
CacheControlHeader
X-Variation
Hostname
X-Varnish-Beresp-TTL
X-LAGOON
Odigeo-Trace-Id
Ohc-File-Size
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-Vgn-Hpd-Reason
X-Cs
Cl-Cache
X-Custom-Header
X-NodeID
Tcn
X-APP-VERSION
X-Depends
X-FPC
VNS-Cache
VNS-Age
X-PHP-Backend
X-MCACHE
Ohc-Cache-HIT
X-Pad
X-NC
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-WA
Server-Id
X-DefHash
X-DefElseHash
X-Varnish-CookieHashed-On
GeoIP-Country-Code
X-AIR-PT
X-HostName
X-VC-TTL
X-M-Log
X-Lb-Nocache
X-Cdn-Cache-Status
X-M-Reqid
X-Litespeed-Tag
X-CACHE-KEY
X-MSEdge-Features
X-MSEdge-Flight
X-Dispatcher-Number
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-Via-PopH
X-ServedByHost
X-Via-PopN
X-Via-PopV
Geoip-Latitude
PICS-Label
X-Ha-Backend
X-Cache-FS-Status
Epwk-X-Cache
X-APP
Lb
CountryCode
X-Litespeed-Cache-Control
X-VCL-Version
X-Use-Magma
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MiniProfiler-Ids
Ngx
X-Proxy-Cache-La3
Xkeylog
X-Lb-Id
Xkey-La3
Cloudfront-Viewer-Country
X-Snapshot-Date
X-Cdn-Request-ID
X-Api-Version
Cache-Name
X-IN-APIGATEWAYSSL
X-Web-Server
Memcached
X-IN-APIGATEWAY
X-RequestId
X-Mid
Memory
OriginIP
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
Time
X-Acquia-Application-Trace
X-Cache-Version
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
Warning
X-Ramcache
X-Requestid
FSS-Cache
Server-Info
X-Service-Response-Time
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Udemy-Cache-App-Namespace
X-Th-Server
X-Sucuri-Id
CF-Cached-On
Sm-Log-Id
X-Akamai-Pragma-Client-IP
X-Mg-Cache
X-Dw-Trace-Id
X-Serial
X-Check-Cacheable
Akamai-Cache-Status