Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
P3p
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
EagleEye-TraceId
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Node
X-Cloud-Trace-Context
X-Cache-Lookup
X-Application-Context
X-Country-Code
X-Trace
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Cache-Tag
X-Mcache
X-FTR-Request-ID
X-Midtier
X-Mod-Pagespeed
X-ECACHE
X-MS-InvokeApp
Nginx-Cache
X-Vname
X-TtlSet
X-PC
X-Upstream
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
Verso
X-Element-Page-Cache
X-Times
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Cnection
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-Ac
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Abt-Application-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Ser
X-GitHub-Request-Id
X-NF-Request-ID
X-RateLimit-Remaining
X-NWS-LOG-UUID
Pinterest-Version
AR-CACHE
Pinterest-Generated-By
X-Pinterest-Rid
X-VARITI-CCR
X-Mg-S
S
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Client-IP
X-Cache-Key
RTSS
Edge-Cache-Tag
Fastly-Restarts
X-Ttl
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Accept-Ch
X-Goog-Hash
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
Cache-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Server-ID
Access-Control-Request-Method
X-Version
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Origin-Trial
X-ARC
X-Varnish-TTL
X-Content-Digest
X-TraceId
Response
X-Middleton-Response
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
X-Content-Security-Policy-Report-Only
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Device
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Hits
X-Daa-Tunnel
X-Cached
X-Id
Cross-Origin-Resource-Policy
Public-Key-Pins
Front-End-Https
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
MS-Author-Via
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Combine-CSS
X-DIS-Request-ID
X-HS-Content-Id
Server-Node
Payment
X-HS-Cache-Config
X-Ua-Browser
X-Forwarded-Proto
X-Frontend
X-Webkit-Csp
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LLID
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Fastcgi-Cache
X-GUploader-UploadID
Realpath
X-Protected-By
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Distributor
X-Amz-Apigw-Id
X-Origin-Server
X-Amzn-RequestId
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Limit
X-RateLimit-Limit
Count-Hit
X-XRDS-LOCATION
Referer-Policy
X-Page-Id
X-Hostname
X-Geo-Country
X-Activity-Id
X-Az
X-AppVersion
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-F-Cache
X-Debug-Info
X-Www-Served-By
X-Varnish-Backend
X-Cluster-Name
Accept-Charset
X-App-Server
X-Envoy-Decorator-Operation
Host
X-NGENIX-Cache
Fastcgi-Cache
X-Correlation-Id
X-Varnish-Server
X-PressLabs-Stats
X-TTL
X-FB-Debug
X-Goog-Metageneration
X-Fastly-Request-Id
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
Retry-After
X-CSRF-Token
X-WebKit-CSP-Report-Only
X-Upgrade-Enabled
X-Load-Cache
X-Ezoic-Cdn
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Kinja-CCPA
X-Content-Options
X-TEC-API-ORIGIN
X-Varnish-Ttl
Server-Name
X-Seen-By
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Revision
X-Contextid
Charset
X-Request-Guid
X-Px
X-Cache-Control
Section-Io-Cache
X-Type
X-Tt-Trace-Tag
TCN
DC
X-Grace
X-Tt-Trace-Host
X-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-TT
Paypal-Debug-Id
Cleartype
X-Signature
X-App-Environment
X-B-Cache
X-Fb-Rlafr
X-B
Healthy
X-B3-Sampled
X-Whom
X-Wix-Request-Id
X-Newrelic-App-Data
X-Node-Name
X-Rid
X-Mobile
X-Origin-Cache
Frame-Options
X-Magnolia-Registration
X-Amz-Replication-Status
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Flags
X-EdgeConnect-Cache-Status
X-Goog-Generation
X-Azure-Ref
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Oracle-Dms-Ecid
X-Logged-In
X-Language
Filterid
X-Proxy
X-N
X-Ratelimit-Remaining
X-Air-Pt
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Content-Disposition
Backend
X-Oracle-Dms-Rid
Akamai-GRN
X-Fastly-Request-ID
X-Template
Upgrade-Insecure-Requests
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
NGB
VIX-Pulpo-Node
Refresh
X-Proxy-Cache-Info
X-Tumblr-User
X-Tumblr-Pixel-1
X-Unique-Id
X-Is-Bot
X-Datadog-Sampled
SD-X-WS
X-Debug-IsConnected
X-Tumblr-Pixel-0
X-ProcessESI
X-Debug-IsPreview
X-RemovedCookies
X-Rendered-As
X-Tumblr-Pixel
X-App-Version
X-Cache-Age
X-Yottaa-Metrics
X-Varnish-Grace
X-Yottaa-Optimizations
X-Time
X-Adobe-Content
X-UUID
X-RTag
X-Instance
X-Adobe-Loc
MS-CV
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
Ms-Operation-Id
Liferay-Portal
X-Cacheable-TTL
X-Cache-Grace
X-G
X-Servername
Viewport
X-FW-Server
Fastly-SIE
X-Region
X-FW-Version
X-FW-Serve
X-User-Agent
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Dynamic
Fastly-SWR
From-Origin
X-Debug
Country
X-Cache-Hit
X-Rule
X-Environment-Context
X-L-Path
X-NYM-Debug-Backend
X-Device-Type
X-Backend-Name
X-Hl-Ver
X-Status
X-Jobs
ServerID
Url
X-Page-View
X-Webkit-CSP
X-B3-SpanId
X-CCDN-CacheTTL
X-Via-JSL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Countrycode
WPO-Cache-Message
WPO-Cache-Status
X-VC-Cache
X-Origin-CC
X-INCAP-ABP
X-Origin-TTL
Alternate-Protocol
X-Cache-Status-Check
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Hosted-By
Surrogate-Key
X-HTML-Minification-Powered-By
Version
X-NODE
X-Akamai-Request-ID2
X-Content-Powered-By
X-Source
Protected
GEO-INFO
X-B3-Traceid
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
X-Tec-Api-Root
CDN-RequestId
X-Tec-Api-Origin
X-Tec-Api-Version
X-Storage
X-Nginx-Cache
X-Http-Reason
Amp-Access-Control-Allow-Source-Origin
X-Accel-Version
X-WP-CF-Super-Cache-Active
Access-Control-Request-Headers
X-Framework
OT-Force-Account-Verify
X-VC
X-Edge-Location
SRV
X-Real-IP
Front
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-Use-Mantle
X-UPSTREAM-Address
X-Upstream-Ct
Filters
X-Rn-Rsrv
X-Rewrite-Enabled
Meta-Geo
Xet-Cookie
X-CDN-Forward
Accept-Language
X-Cache-Operation
X-Upstream-Ht
Webserver
X-ServerID
X-Httpd
X-Tumblr-Pixel-3
X-Cache-Time
X-Timing-Wait
X-Served-From
X-Soup
CF-IPCountry
X-SaId
X-Proxy-Build
X-Origin
X-Director
X-JoinUs
X-Varnish-Cache-Hits
Selected-Fe
X-Tumblr-Pixel-2
X-Endurance-Cache-Level
X-SayCDN-TTL
X-Cache-Debug
Node
X-Say-TTL
X-Adobe-Source
X-Handled-By
X-Say-Cacheable
X-Detected-As
X-Web-Node
X-PHP-Host
X-Redis-Cache
X-Worker
X-Labrador-Cache-Channel
X-Logging-Id
X-Mode
X-Browser-Name
X-VCT
X-AB
Azure-InstanceId
DB-Nickname
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Tcp-Rtt
X-Skip-Cache
X-Is-Supported-Browser
X-Xfnlog-Site
X-Is-Tablet
X-S
X-RM-Cache-TTL
X-Loop
X-Is-Mobile
X-Is-Desktop
X-Varnish-Age
Apigw-Requestid
X-Tncms
X-Geo-Region
X-GeoCountry
X-GeoCode
X-Varnish-Beresp-Grace
X-No-Session
X-Format
X-Cms-Context
X-ProxyCache-Key
X-Restarts
Section-Io-Id
Xserver
X-BYPASS-REASON
X-ProxyCache-Status
ServedBy
X-Locale
X-Container-Uri
X-Origin-Hint
X-Cache-Server
X-Cache-Host
X-Lambda-Id
X-Server-W
X-DynaTrace
X-Vercel-Id
TWC-Locale-Group
X-Site-Version
X-Generation-Time
Property-Id
X-Fetched-On
TWC-Connection-Speed
X-Git-Commit
X-Vercel-Cache
X-IPLB-Request-ID
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-Tb
TWC-Privacy
X-IPLB-Instance
Web-Mar-Node
X-R9-Blue-Green-Version
TWC-Device-Class
X-Uri
X-VWS-Id
X-Forwarded-Host
X-Ms-Version
X-Provided-By
X-Platform-Router
X-Ms-Request-Id
X-Platform-Processor
X-Platform-Cluster
X-Reqid
X-Frame-Option
X-AWS-Id
X-RCS-CacheZone
X-LJ-Flow-ID
Mn-Server-Ip
X-Webstats-RespID
X-Cluster
X-MP-GENERATED-AT
X-Drupal-Cache-Tags
Cross-Origin-Embedder-Policy
X-TT-LOGID
X-Extlb
X-Routing-Service
X-XRDS-Location
X-Zipkin-Id
X-Proxied
X-Vcache
X-Drupal-Cache-Contexts
X-Sql-Count
WP-Super-Cache
Cache-Tv-Group
X-Sql-Duration-Ms
X-Origin-Date
X-Alternate-Cache-Key
CDN-Uid
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-PullZone
CDN-EdgeStorageId
X-Storefront-Renderer-Rendered
CDN-Cache
CDN-CachedAt
X-Shopify-Stage
Source
Priority
Fastcgi-Useragent
Content-Secure-Policy
X-FB-TRIP-ID
X-Sucuri-Cache
X-Vcl-Version
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Sucuri-ID
Onion-Location
X-Cdn-Origin
X-Generated-By
Sid
Cross-Origin-Embedder-Policy-Report-Only
Locale
X-Content-Age
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Newrelic-Synthetics
X-SRV
X-Pass-Why
S-Rt
WZWS-RAY
X-Buckets
X-Cluster-Node
Atl-Traceid
X-Use-Magma
Thinkindot-CacheControl
X-CMSURLCustom
X-Scope-Id
X-Shield-Cache-Expires
X-Thinkindot-L3
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl-Type
Cache
X-Ua
X-Cache-Action
X-Xrds-Location
X-Proxy-Cache-Status
X-LSADC-Cache
Cross-Origin-Window-Policy
HostName
X-DataDome
X-Cache-Expired-At
X-Via-SSL
X-Varnish-Beresp-Ttl
Edge-Copy-Time
X-Via-CDN
X-Via-Edge
X-GEO
X-WP-CF-Super-Cache-Cookies-Bypass
Rendered-Blocks
Req-ID
X-Cache-NE
DCR-Decision-By
Redirect-Candidate
X-A-Wwc
X-Conf
Server-Host
DCR-Processing-Time-Ms
X-A-Dcw
Vix-Hermes-Req-Id
X-Vtex-Remote-Cache
X-TIM-N
Ngx-Var-Key
X-A-Dgt
X-Ec-Fail
X-Application
Candidate-Md5Url
X-Varnish-Hostname
X-Dispatcher-Server
X-Epic-Correlation-Id
Origin
X-Vdms-Path
X-Ec-Custom-Error
X-Ec-GeoHdr
X-Vdms-Version
X-External-Request-Id
X-Developer
X-Aed
X-Rojux
X-Cache-Bucket
X-D
Origin-Agent-Cluster
X-Destination
X-A
CDCHOST
X-Dc
X-Platform
T-Server
X-BCube-Filmed-By
MD5-Digest
Lang
X-Viewer-Country
X-PAYTM-SRV-ID
X-SRCache-Key
Surrogated-Key
X-A-Dam
X-ScT
X-Request-Start
X-B-Cookie
X-VCache
Type
X-Bc-Bl
X-Scheme
Meta-Geo-Continent
X-S-Cookie
X-Bl-Debug
X-Correlation-ID
X-A-Ccd
Gannett-Cam-Experience-Id
Sslversion
Ngx.Var.Host
X-Optimistic-Header
X-Datadome
X-Request-URI
X-Connection-Hash
Expiry
X-TimeS
X-Mg-Request-UUID
User-Cache-Control
DSUID
NM-Fastcgi-Cache
Apple-News-Services-Handled
Environment
Fastly-GeoIP-CountryCode
Fastly-SSL
X-Debug-Cache-Store
Content-Script-Type
Content-Style-Type
X-Clientip
X-Cache-Info
L
Host-ID
X-Cache-Id
A
X-Debug-Cache-Fetch
Cluster
Magicmarker
X-Bip
X-Core-Value
X-Branch-Name
X-Access
X-NMSegId
V-Age
X-Sigma-Backend
X-Node-Id
X-Nyt-Route
X-TH-Server
X-Thanos
X-Level-Front-Cache
X-Loc
X-WA-Info
X-Mly-Id
X-Sigma
Ssr
X-SD-PageType
Apple-News-Services-Request-Url
X-Request-Time
X-Rocket-Build-Number
X-Pubstack
X-Proxied-Request
X-Origin-Time
X-SB
X-Section
X-Pool
X-VG-WebCache
Apple-News-Services-Parsed-Url
X-Fastly-Cache
X-Forwarded-Site
X-We-Are-Hiring
Apple-News-Services-Host
X-Varnish-Beresp-Status
X-Esi-Check
X-VG-TLSProxy
X-Varnishpool
X-Varnish-Director
X-Generated-On
X-Gdpr
X-Human
Pramga
Release
X-GeoIP-Region-Code
X-Gzip
X-VServer
X-GeoIP-Country-Code
X-TA-CDN-Provider
Fastly-Drupal-HTML
X-Origin-Response-Time
X-Service
X-ApacheServer
X-Ad-Load-Variation
X-HS-Content-Campaign-Id
X-Policy
X-RateLimit-Limit-Second
X-PERF
X-Org
X-Mvc-Supplant-OutputCached
X-Old-Content-Length
X-RateLimit-Remaining-Second
X-Request-Host
X-Var-Ttl
X-Varnish-Authentication
X-V-Cache
X-SVT-ORM-VERSION
X-Server-IP
X-SVT-ORM-RULES
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-FC-Vary-Parameters
X-From
X-DPWN-IS-SECURE
X-Device-Os
X-Cache-Date
X-Contensis-Viewer-Groups
X-Geo-Header
X-GeoIP
X-Irp-Debug
X-Men
Web-Mar-Region
X-GoCache-CacheStatus
X-GeoIP-City
X-Cache-Aspx
Is-Eu
We-Hiring
X-Block-Status
X-BBC-Edge-Cache-Status
X-Gen-Mode
X-ECache
Esi-Enabled
X-Moov-T
X-Instance-Name
X-B3-Trace-ID
X-Amz-Meta-Cb-Modifiedtime
Server-Ext
Server-Hostname
Sever-Int
Adler-Geo
X-Acquia-Purge-Cdn-Unconfigured
Canary
Req-Svc-Chain
X-Moov-Xdn-Version
X-Hnp-Log
X-UA-Device-Type
True-Client-Country-4JS
On-Server
Platform
Cache-Provider
Producers
X-Req
Uber-Trace-Id
Machine
Gh-Request-Id
X-Op-Id-All
Mail-Subject
X-Wikidot-Backend
Tube-Return
X-ND-Cache
Wxu-Next-Region
Wxu-Next-Hostname
X-Fastly-Backend
W
X-AK-Request-ID
X-Up
X-Auto-Login
X-Fmm-Version
X-Hash
Tube-Got-Results
X-Region-Sid
X-NCache
X-Proto
X-Cache-TTL-Remaining
Cdnsip
Cdncip
X-Nginx-Cache-Key
X-Zen-Fury
Yak-Timeinfo
Wxu-Next-Commit
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Slack-Backend
Country-Code
Cdn-Request-Time
X-App-Name
X-Test
Tube-Got-Eval
Click-Count-Error
Locid
Click-Count-Action-Start
Cdn-Host
Cf-Device-Type
X-Edge-Server
Tube-Get-Contents
Proxy-Firewall
X-Wikidot-Static-Cache
AKAMAI
RNT-Time
X-Aicache-OS
C-Via
Cache-Key
RNT-Machine
X-Parent-Response-Time
X-Amz-Storage-Class
Fastly-Backend-Name
NGX
X-Accel-Expires-Debug
Ha-Gx-Prefs
X-CGP
PFcat
X-Owner
X-Eu-Site
X-Csrf-Jwt
X-Ah-Environment
X-Core-Mission
X-Date
X-Azure-Ref-OriginShield
X-VarnishDD-TTL
L5d-Success-Class
X-Cdn-Srv
X-HN
HA-Ipaddr
X-CacheTTL
X-ZONE
X-Via-Popn
X-Via-Popv
X-COUNTRY
IsBot
X-Via-Poph
X-SIPLIST1
X-LB-ID
Pics-Label
X-DC
X-Backend-Instance
X-NGINX-Cache
X-DynaTrace-JS-Agent
X-CACHE-GROUP
X-Qloud-Router
X-HA-Backend
Datacenter
LB
X-Ratelimit-Reset
X-Tb-Optimization-Total-Bytes-Saved
X-Tx-Id
Expect-Staple
XM
N-Cache
NtCoent-Length
X-Cache-Backend
X-API-Version
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Origin-Expires
X-Refresh
Cdn
X-VHOST
X-Lagoon
X-CDN-Cache-Status
Xc-Version
X-Cache-Type
GeoIp-Country-Code
X-Servedbyhost
X-LB-NoCache
X-Forwarded-Path
X-Orig-Expires
RATING
X-Varnish-Hits
X-Shop-Environment
X-Tenant
Cdn-Requestid
X-Gamma-Serve
X-Srv
Cmsid
Cmstype
X-TX-ID
X-UA
X-Wa
CPC-Age
X-Nc
CPC-Cache
X-RID
SID
X-Nananana
Server-ID
Cross-Origin-Opener-Policy-Report-Only
X-Vmg-Version
X-Cdn-Diag
CloudFront-Viewer-Country
X-Akamai-Transformed
X-Zone
X-B3-Parentspanid
X-Fpc
X-Hit
Resin-Trace
X-Via-Fastly
X-Proxy-CacheRZ
X-Tt-Logid
User-Agent
Cache-Hits
XkeyRZ
Uri
X-Nf-Request-Id
X-Client-Ip
DataCenter
X-Ig-Origin-Region
X-URL
X-Presslabs-Stats
X-LAGOON
X-Location
CacheControlHeader
GeoIP-Latitude
X-Variation
Fusion-Source
Fusion-Content-Id
X-Fastly-Country-Code
Fusion-Content-Source
X-TIME
X-Amz-Meta-Opti
Fusion-Component-Id
X-Api-Version
Fusion-Deployment-Id
Fusion-Template-Id
X-Info
Fastly-Drupal-Html
Tcn
Cf-Ipcountry
X-DataCenter
Mime-Version
True-Client-IP
Lb
True-Client-Ip
X-Datacenter
X-HostName
X-B3-Spanid
Srv
X-Cdn-Forward
X-NewRelic-App-Data
X-NWS-UUID-VERIFY
X-Jungle-Id
X-CS
VNS-Age
X-Geo
MIME-Version
Powered-By
X-CUA
X-CACHE-AGE
VNS-Cache
X-Dynatrace-Js-Agent
X-Cloudmap
X-LiteSpeed-Tag
Origin-CC
X-Cached-By
X-Varnish-Beresp-TTL
Origin-EX
X-User
X-IAuth-Set-Uid
X-Segment-20210421
X-Vc
Debug
X-HOST
X-LiteSpeed-Cache-Control
Load-Balancing
X-Dispatcher-Number
Hostname
CDN
Cache-Name
X-Render-Time
X-AIR-PT
X-Webkit-Csp-Report-Only
Cl-Cache
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-CSRF-TOKEN
X-FPC
X-CLOUD-TRACE-CONTEXT
Edge-Cache
X-MCACHE
X-Auth-Group-Type
Server-Id
X-Dispatch
X-NC
Ohc-File-Size
X-Wormhole-Sdk
X-Mid
GeoIP-Country-Code
X-Esi
X-WA
X-APP-VERSION
X-Litespeed-Tag
X-ServedByHost
X-Cs
X-Ig-Push-State
X-Lb-Nocache
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
Ohc-Cache-HIT
Odigeo-Trace-Id
BehaviorPad-Version
X-NodeID
X-Cache-Ttl
X-Vgn-Hpd-Reason
X-Fastly-Backend-Reqs
X-Custom-Header
CountryCode
X-Cache-Enabled
Ms-Author-Via
X-VCL-Version
X-Litespeed-Cache-Control
YJS-ID
X-Depends
X-MiniProfiler-Ids
X-Lb-Id
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
Server-Info
X-PHP-Backend
X-MSEdge-Flight
X-Proxy-Cache-La3
Xkey-La3
Xkeylog
X-MSEdge-Features
X-Pad
Location
Srvid
X-FL-QIT-DEBUG
My-App
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Acquia-Site
X-Via-PopH
X-Via-PopN
X-Ha-Backend
PICS-Label
X-Via-PopV
X-DefHash
X-DefElseHash
X-Varnish-CookieINHashed-On
X-FL-EDGE
X-Acquia-Purge-Tags
Memcached
Memory
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Ngx
X-Snapshot-Date
OriginIP
Time
FSS-Cache
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Shopid
X-Sorting-Hat-Shopid
X-Shardid
X-Cache-Version
X-Sorting-Hat-Podid
X-Internal-Host
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-Th-Server
Geoip-Latitude
X-Udemy-Cache-App-Namespace
X-M-Reqid
X-VC-TTL
X-M-Log
Warning
Cloudfront-Viewer-Country
X-Dw-Trace-Id
X-Lsadc-Cache
X-Serial
CF-Ctrl
X-Service-Response-Time
X-Web-Server
X-Mg-Cache
X-Check-Cacheable
Akamai-Cache-Status
X-RequestId
X-Fastly-Cache-Hits
Sm-Log-Id
CF-Cached-On