Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
P3p
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Ua-Compatible
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Allow
Cf-Edge-Cache
X-Backend
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Litespeed-Cache
X-Cache-Lookup
X-Application-Context
X-Country-Code
X-Trace
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-ECACHE
Cache-Tag
X-Mcache
X-Midtier
X-FTR-Request-ID
X-Mod-Pagespeed
X-MS-InvokeApp
Nginx-Cache
X-Vname
X-TtlSet
X-PC
X-Upstream
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
Verso
X-Times
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Cnection
X-Ruxit-Js-Agent
SPIisLatency
SPRequestDuration
X-Ac
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Abt-Application-Version
X-Vcap-Request-Id
X-Ser
X-Dw-Request-Base-Id
X-NF-Request-ID
X-GitHub-Request-Id
X-RateLimit-Remaining
X-NWS-LOG-UUID
Pinterest-Version
X-Pinterest-Rid
AR-CACHE
Pinterest-Generated-By
X-VARITI-CCR
X-Mg-S
S
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Client-IP
X-Cache-Key
Edge-Cache-Tag
RTSS
X-Ttl
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Accept-Ch
X-Goog-Hash
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
Cache-Status
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-ID
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
Origin-Trial
X-Varnish-TTL
X-Content-Digest
X-TraceId
X-Middleton-Response
Response
Arr-Disable-Session-Affinity
X-Forwarded-For
X-T
X-Content-Security-Policy-Report-Only
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Hits
X-Daa-Tunnel
X-Cached
Public-Key-Pins
Front-End-Https
Cross-Origin-Resource-Policy
X-Id
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
MS-Author-Via
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-DIS-Request-ID
X-HS-Combine-CSS
Payment
X-Forwarded-Proto
X-Frontend
X-ORACLE-DMS-RID
X-Webkit-Csp
X-FastCGI-Cache
X-LLID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Fastcgi-Cache
Realpath
X-GUploader-UploadID
X-Protected-By
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Distributor
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-ORACLE-DMS-ECID
X-Microsite
X-Ratelimit-Limit
X-Request-Handler-Origin-Region
X-RateLimit-Limit
Count-Hit
X-XRDS-LOCATION
Referer-Policy
X-Page-Id
X-Activity-Id
X-Geo-Country
X-B3-TraceId-Primal
X-AppVersion
X-Az
MRF-Tech
Mrf-Cache-Status
X-Hostname
X-F-Cache
X-Debug-Info
X-Cluster-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Www-Served-By
X-Varnish-Backend
Accept-Charset
Host
Fastcgi-Cache
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-App-Server
X-Correlation-Id
X-Varnish-Server
X-Ua-Device
X-PressLabs-Stats
X-TTL
X-FB-Debug
X-Goog-Metageneration
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
X-CSRF-Token
Retry-After
X-WebKit-CSP-Report-Only
X-Upgrade-Enabled
X-Load-Cache
X-Ezoic-Cdn
X-Varnish-Ttl
X-Content-Options
X-Kinja-CCPA
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Fastly-Request-Id
Server-Name
X-Px
X-Contextid
X-Seen-By
X-Revision
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Request-Guid
X-Tt-Trace-Host
Charset
X-Cache-Control
X-Tt-Trace-Tag
DC
Section-Io-Cache
X-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Type
X-Grace
TCN
Cleartype
Paypal-Debug-Id
X-TT
X-B-Cache
X-B
X-App-Environment
X-Signature
X-B3-Sampled
X-Fb-Rlafr
Healthy
X-Whom
X-Newrelic-App-Data
X-Rid
X-Wix-Request-Id
X-Node-Name
X-Mobile
X-Origin-Cache
Frame-Options
X-Magnolia-Registration
X-Amz-Replication-Status
X-Providence-Cookie
X-Route-Name
X-EdgeConnect-Cache-Status
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Azure-Ref
X-Goog-Stored-Content-Encoding
X-Oracle-Dms-Ecid
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Language
X-Proxy
X-Fastly-Request-ID
X-Logged-In
Filterid
X-N
X-Ratelimit-Remaining
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Air-Pt
Content-Disposition
Backend
X-Oracle-Dms-Rid
Akamai-GRN
X-Response-Served-From
VIX-Pulpo-Node
Upgrade-Insecure-Requests
VIX-Pulpo-Upstream-Status
X-Template
X-Original-Request-Id
NGB
Refresh
X-Proxy-Cache-Info
X-Datadog-Sampled
X-Tumblr-Pixel-0
X-ProcessESI
X-App-Version
X-Rendered-As
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Grace
X-Unique-Id
X-Debug-IsPreview
X-Time
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Is-Bot
X-Cache-Age
X-Debug-IsConnected
SD-X-WS
X-Instance
MS-CV
X-Servername
X-RTag
Liferay-Portal
Viewport
X-Amzn-Remapped-Content-Length
X-UUID
X-IPS-LoggedIn
X-Adobe-Loc
Ms-Operation-Id
X-Adobe-Content
X-Cache-Grace
X-G
X-Cacheable-TTL
X-Debug
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Version
X-FW-Server
X-FW-Static
X-FW-Type
Fastly-SIE
X-Environment-Context
X-L-Path
X-User-Agent
X-Region
From-Origin
Fastly-SWR
X-Backend-Name
X-Hl-Ver
X-Cache-Hit
X-NYM-Debug-Backend
Country
X-Device-Type
X-Rule
Url
X-Status
X-Jobs
ServerID
X-Page-View
X-Webkit-CSP
X-CCDN-CacheTTL
X-B3-SpanId
X-Via-JSL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
WPO-Cache-Status
WPO-Cache-Message
X-VC-Cache
Countrycode
X-Origin-TTL
X-Origin-CC
X-INCAP-ABP
Alternate-Protocol
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Cache-Status-Check
X-Hosted-By
Surrogate-Key
Version
X-HTML-Minification-Powered-By
X-NODE
X-Akamai-Request-ID2
X-Content-Powered-By
X-Source
Protected
X-B3-Traceid
GEO-INFO
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
X-Storage
CDN-RequestId
X-Tec-Api-Version
X-WP-CF-Super-Cache-Active
X-Tec-Api-Origin
X-Tec-Api-Root
Amp-Access-Control-Allow-Source-Origin
X-Nginx-Cache
X-Accel-Version
X-Http-Reason
Access-Control-Request-Headers
X-Framework
SRV
X-VC
X-Edge-Location
OT-Force-Account-Verify
AMP-Access-Control-Allow-Source-Origin
X-Real-IP
X-Cache-Rule
Front
X-Use-Mantle
X-Mode
X-Rn-Rsrv
Meta-Geo
X-Cache-Operation
X-Rewrite-Enabled
X-CDN-Forward
X-Upstream-Ht
X-ServerID
X-Upstream-Ct
X-UPSTREAM-Address
Accept-Language
Filters
Webserver
X-Xfnlog-Site
Xet-Cookie
X-Httpd
X-Served-From
CF-IPCountry
X-Cache-Time
X-Timing-Wait
X-Director
Selected-Fe
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-JoinUs
X-Soup
X-Origin
X-Proxy-Build
X-SaId
X-Labrador-Cache-Channel
X-PHP-Host
X-Say-Cacheable
X-Detected-As
X-Redis-Cache
X-Web-Node
X-Cache-Debug
X-Worker
Node
X-Endurance-Cache-Level
X-Adobe-Source
X-SayCDN-TTL
X-Say-TTL
X-Handled-By
ServedBy
X-Logging-Id
DB-Nickname
TWC-Device-Class
X-Is-Tablet
Webcakes-App-Name
X-Is-Supported-Browser
Azure-Version
Azure-RegionName
X-No-Session
Azure-SiteName
TWC-GeoIP-Country
Web-Mar-Node
Azure-SlotName
TWC-Connection-Speed
X-RM-Cache-TTL
X-Geo-Region
X-GeoCode
X-Browser-Name
X-Tcp-Rtt
X-Loop
TWC-GeoIP-LatLong
X-GeoCountry
X-AB
X-Skip-Cache
X-Is-Mobile
X-Is-Desktop
X-Tncms
TWC-Locale-Group
TWC-Privacy
Azure-InstanceId
Section-Io-Id
X-Format
Apigw-Requestid
X-Restarts
X-Lambda-Id
X-S
X-Varnish-Age
X-Server-W
Property-Id
X-Cms-Context
X-VCT
Webcakes-Region
Webcakes-App-Version
X-Varnish-Beresp-Grace
Xserver
X-Origin-Hint
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-Fetched-On
X-DynaTrace
X-Locale
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-LJ-Flow-ID
X-IPLB-Request-ID
X-Git-Commit
X-Generation-Time
X-IPLB-Instance
X-Vercel-Id
X-Vercel-Cache
X-Site-Version
X-Container-Uri
X-AWS-Id
Mn-Server-Ip
Cross-Origin-Embedder-Policy
X-Cache-Server
X-Tb
X-VWS-Id
X-Cache-Host
X-Routing-Service
X-Platform-Processor
X-Cluster
X-Platform-Router
X-Ms-Version
X-Ms-Request-Id
X-Uri
X-Platform-Cluster
X-Reqid
X-Proxied
X-Provided-By
X-Zipkin-Id
X-Forwarded-Host
X-Extlb
X-Frame-Option
X-Webstats-RespID
X-MP-GENERATED-AT
X-TT-LOGID
X-Drupal-Cache-Tags
X-XRDS-Location
X-Drupal-Cache-Contexts
X-Origin-Date
X-Sql-Duration-Ms
X-Sql-Count
Cache-Tv-Group
WP-Super-Cache
CDN-CachedAt
CDN-Cache
X-Storefront-Renderer-Rendered
CDN-PullZone
CDN-Uid
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullCode
X-Alternate-Cache-Key
Fastcgi-Useragent
X-Shopify-Stage
Source
Priority
Content-Secure-Policy
X-Vcache
X-FB-TRIP-ID
X-Sucuri-Cache
X-Vcl-Version
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Generated-By
Onion-Location
X-Sucuri-ID
X-Cdn-Origin
Sid
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
Cross-Origin-Embedder-Policy-Report-Only
X-Newrelic-Synthetics
X-Pass-Why
X-SRV
WZWS-RAY
S-Rt
X-Buckets
X-Cluster-Node
Atl-Traceid
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Scope-Id
X-CMSURLCustom
X-Use-Magma
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cache
X-Ua
X-Cache-Action
X-LSADC-Cache
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
HostName
X-Xrds-Location
X-VCache
X-Cache-Expired-At
Edge-Copy-Time
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Varnish-Beresp-Ttl
X-GEO
X-Datadome
X-WP-CF-Super-Cache-Cookies-Bypass
X-DataDome
Meta-Geo-Continent
Ngx-Var-Key
Origin
Ngx.Var.Host
MD5-Digest
DCR-Decision-By
CDCHOST
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Candidate-Md5Url
Lang
Origin-Agent-Cluster
X-A-Dgt
X-External-Request-Id
X-Optimistic-Header
X-PAYTM-SRV-ID
X-Platform
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Destination
X-Developer
X-Dispatcher-Server
X-Ec-Fail
X-Request-Start
X-Rojux
X-Vdms-Path
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Hostname
X-TIM-N
X-S-Cookie
X-Scheme
X-ScT
X-SRCache-Key
X-D
X-Conf
Type
Vix-Hermes-Req-Id
X-A
X-A-Ccd
T-Server
Surrogated-Key
Rendered-Blocks
Req-ID
Server-Host
Sslversion
X-A-Dam
X-A-Dcw
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Bucket
X-Cache-NE
X-Bc-Bl
X-B-Cookie
X-A-Wwc
X-Aed
X-Application
Redirect-Candidate
X-Ec-Custom-Error
X-Correlation-ID
X-Dc
Expiry
X-TimeS
X-Connection-Hash
X-Request-URI
X-Varnish-Beresp-Status
X-VG-WebCache
X-Mg-Request-UUID
X-VServer
X-Bip
X-VG-TLSProxy
X-Cache-Id
X-Cache-Info
X-Varnishpool
X-Branch-Name
X-WA-Info
X-Varnish-Director
X-Op-Id-All
Pramga
Release
NM-Fastcgi-Cache
L
Host-ID
Magicmarker
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
V-Age
X-Clientip
Apple-News-Services-Handled
Apple-News-Services-Host
Ssr
X-We-Are-Hiring
X-Debug-Cache-Fetch
X-Nyt-Route
X-Sigma-Backend
X-Node-Id
X-NMSegId
X-Loc
X-Mly-Id
X-Origin-Time
X-Sigma
X-Request-Time
X-Rocket-Build-Number
X-SD-PageType
X-Pubstack
X-Pool
X-Proxied-Request
X-Level-Front-Cache
X-Human
X-Esi-Check
X-Fastly-Cache
X-TH-Server
X-Thanos
Server-Ext
X-Debug-Cache-Store
X-Forwarded-Site
X-Instance-Name
X-GeoIP-Region-Code
X-Gzip
X-GeoIP-Country-Code
X-Generated-On
X-Gdpr
X-Core-Value
A
Environment
X-Access
Cluster
Server-Hostname
DSUID
X-Section
Content-Script-Type
Content-Style-Type
Sever-Int
User-Cache-Control
X-SB
Fastly-SSL
Fastly-GeoIP-CountryCode
X-Origin-Response-Time
Fastly-Drupal-HTML
X-Service
X-TA-CDN-Provider
X-Acquia-Purge-Cdn-Unconfigured
X-SVT-ORM-VERSION
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-Cache-Date
X-FC-Vary-Parameters
Adler-Geo
Wxu-Next-Commit
X-Device-Os
X-Moov-Xdn-Version
X-Var-Ttl
Wxu-Next-Region
X-Contensis-Viewer-Groups
X-SVT-ORM-RULES
X-Varnish-Authentication
X-DPWN-IS-SECURE
X-Moov-T
X-Hnp-Log
Wxu-Next-Hostname
X-Geo-Header
X-Org
X-Cache-TTL-Remaining
X-Old-Content-Length
X-Zen-Fury
X-Mvc-Supplant-OutputCached
X-PERF
X-Gen-Mode
X-RateLimit-Remaining-Second
X-Request-Host
X-RateLimit-Limit-Second
X-Server-IP
X-Policy
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-GeoIP-City
X-BBC-Edge-Cache-Status
X-GeoIP
X-Cache-Aspx
X-B3-Trace-ID
X-Block-Status
X-GoCache-CacheStatus
X-Men
X-Irp-Debug
X-UA-Device-Type
X-HS-Content-Campaign-Id
X-From
X-V-Cache
Platform
Producers
Esi-Enabled
On-Server
Uber-Trace-Id
Web-Mar-Region
We-Hiring
True-Client-Country-4JS
X-Req
X-Nginx-Cache-Key
C-Via
Cache-Provider
X-ApacheServer
X-Ad-Load-Variation
Machine
Req-Svc-Chain
Canary
Is-Eu
Gh-Request-Id
X-NCache
Mail-Subject
RNT-Machine
Cdnsip
Click-Count-Action-Start
X-AK-Request-ID
Cache-Key
X-Slack-Backend
Cdncip
X-Hash
X-Fmm-Version
Click-Count-Error
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
Locid
X-Cdn-Srv
X-Proto
Proxy-Firewall
Country-Code
Tube-Get-Contents
Cf-Device-Type
Cdn-Request-Time
Tube-Got-Eval
AKAMAI
Yak-Timeinfo
Tube-Return
X-Wikidot-Static-Cache
X-ND-Cache
X-App-Name
X-Wikidot-Backend
Cdn-Host
X-Fastly-Backend
X-Up
X-Aicache-OS
X-Region-Sid
W
Tube-Got-Results
X-Edge-Server
X-Test
RNT-Time
X-Parent-Response-Time
X-Owner
NGX
X-VarnishDD-TTL
PFcat
L5d-Success-Class
HA-Ipaddr
X-Csrf-Jwt
Fastly-Backend-Name
Ha-Gx-Prefs
X-CacheTTL
X-Date
X-Azure-Ref-OriginShield
X-Ah-Environment
X-Amz-Storage-Class
X-Eu-Site
X-Accel-Expires-Debug
X-Core-Mission
X-CGP
X-HN
X-ZONE
X-DC
Pics-Label
X-COUNTRY
X-LB-ID
X-Via-Popn
X-Via-Popv
X-Backend-Instance
X-HA-Backend
X-Via-Poph
X-SIPLIST1
IsBot
X-DynaTrace-JS-Agent
XM
X-NGINX-Cache
X-CACHE-GROUP
X-Qloud-Router
LB
Datacenter
X-Ratelimit-Reset
X-API-Version
X-Varnish-Hits
X-Cache-Backend
Expect-Staple
NtCoent-Length
N-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Tx-Id
X-Refresh
X-Origin-Expires
X-VHOST
X-Lagoon
Cdn
X-Tenant
X-Orig-Expires
RATING
X-Shop-Environment
X-Cache-Type
Xc-Version
X-Forwarded-Path
X-CDN-Cache-Status
X-Servedbyhost
GeoIp-Country-Code
X-LB-NoCache
X-ECache
Cdn-Requestid
Cmstype
X-Srv
Cmsid
X-Gamma-Serve
X-TX-ID
X-UA
CPC-Cache
CPC-Age
SID
X-Wa
X-Nc
X-Nananana
X-RID
Server-ID
X-Vmg-Version
X-Cdn-Diag
Cross-Origin-Opener-Policy-Report-Only
CloudFront-Viewer-Country
X-Zone
X-Akamai-Transformed
Resin-Trace
X-Via-Fastly
X-B3-Parentspanid
X-Hit
X-Fpc
X-Nf-Request-Id
Cache-Hits
X-Tt-Logid
User-Agent
X-Proxy-CacheRZ
XkeyRZ
Uri
DataCenter
X-Client-Ip
X-Presslabs-Stats
X-Variation
GeoIP-Latitude
X-URL
X-Ig-Origin-Region
X-LAGOON
X-Location
CacheControlHeader
X-Api-Version
X-Info
X-Fastly-Country-Code
Fusion-Component-Id
Fusion-Content-Id
X-Amz-Meta-Opti
Fusion-Template-Id
Fusion-Source
X-TIME
Fusion-Content-Source
Fusion-Deployment-Id
Fastly-Drupal-Html
Tcn
True-Client-Ip
X-Datacenter
Cf-Ipcountry
Powered-By
X-DataCenter
X-Cloudmap
Lb
True-Client-IP
Mime-Version
X-HostName
X-Cdn-Forward
X-NewRelic-App-Data
X-NWS-UUID-VERIFY
X-B3-Spanid
Srv
Origin-CC
X-CS
Origin-EX
X-CUA
VNS-Cache
X-CACHE-AGE
VNS-Age
X-Geo
MIME-Version
X-Jungle-Id
X-Dynatrace-Js-Agent
X-Cached-By
X-IAuth-Set-Uid
X-Varnish-Beresp-TTL
X-LiteSpeed-Tag
X-User
Debug
X-Segment-20210421
X-Vc
X-HOST
Load-Balancing
X-LiteSpeed-Cache-Control
CDN
Cache-Name
X-Dispatcher-Number
X-AIR-PT
X-Render-Time
Hostname
X-Webkit-Csp-Report-Only
X-VTEX-Cache-Time
X-CSRF-TOKEN
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
Cl-Cache
X-FPC
X-Auth-Group-Type
Edge-Cache
Server-Id
X-Wormhole-Sdk
X-MCACHE
GeoIP-Country-Code
X-NC
X-Dispatch
X-Esi
X-Mid
Ohc-File-Size
X-WA
X-Litespeed-Tag
X-APP-VERSION
X-Lb-Nocache
X-Oracle-DMS-ECID
X-Cs
X-ServedByHost
X-Ig-Push-State
X-Cdn-Cache-Status
Ohc-Cache-HIT
BehaviorPad-Version
X-NodeID
Odigeo-Trace-Id
X-Cache-Ttl
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
X-Custom-Header
X-Cache-Enabled
CountryCode
X-Litespeed-Cache-Control
X-VCL-Version
Ms-Author-Via
X-PHP-Backend
X-Cdn-Request-ID
X-Depends
YJS-ID
X-Lb-Id
Server-Info
X-MSEdge-Flight
X-MSEdge-Features
X-MiniProfiler-Ids
X-Proxy-Cache-La3
Xkeylog
X-Akamai-Pragma-Client-IP
Xkey-La3
X-Pad
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-FL-EDGE
X-FL-QIT-DEBUG
Time
Srvid
X-Ha-Backend
OriginIP
X-DefHash
FSS-Cache
My-App
X-Snapshot-Date
X-Varnish-CookieHashed-On
Geoip-Latitude
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Ngx
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Via-PopN
X-Via-PopH
Memcached
Memory
Location
X-Via-PopV
PICS-Label
X-DefElseHash
X-Shopid
X-Shardid
X-Cache-Version
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Warning
Cloudfront-Viewer-Country
X-VC-TTL
X-M-Reqid
X-M-Log
X-Fastly-Cache-Hits
X-Sucuri-Id
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
CF-Cached-On
X-Lsadc-Cache
CF-Ctrl
X-Internal-Host
X-RequestId
X-Udemy-Cache-App-Namespace
X-Web-Server
X-Dw-Trace-Id
X-Mg-Cache
X-Service-Response-Time
X-Serial
Sm-Log-Id
X-Check-Cacheable
Akamai-Cache-Status