Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
Accept-CH-Lifetime
X-Drupal-Cache
X-Cache-Status
X-DNS-Prefetch-Control
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
X-Request-ID
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-UA-Device
X-Backend
Keep-Alive
Request-Context
X-Robots-Tag
X-Server
Allow
X-Cache-Group
X-Hacker
EagleId
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Dns-Prefetch-Control
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Pingback
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Permissions-Policy
X-Device
Cf-Railgun
EagleEye-TraceId
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-CST
X-Cache-Lookup
X-Server-Id
X-Aws-Lambda-Call-Status
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-PC
X-TtlSet
X-Vname
Nginx-Cache
X-Origin-Cache-Key
X-Mcache
X-Edge
X-Midtier
X-MS-InvokeApp
X-NWS-LOG-UUID
X-Upstream
X-Mod-Pagespeed
X-Times
X-Server-Name
X-Powered-By-Plesk
X-Browser-Type
Edge-Control
X-ECACHE
X-ESI
X-Cnection
X-Element-Page-Cache
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-D2id
X-Kinja-Build
Verso
X-Ser
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
X-Ac
SPIisLatency
SPRequestDuration
X-RateLimit-Remaining
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-Abt-Application-Version
X-NF-Request-ID
X-Navigation-Version
X-Vcap-Request-Id
X-Ttl
X-Dw-Request-Base-Id
AR-CACHE
X-Mg-S
X-Client-IP
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Edge-Cache-Tag
S
Fastly-Restarts
X-Cache-Key
X-VARITI-CCR
X-Cache-TTL
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Amz-Rid
X-Server-Lifecycle-Phase
X-Amzn-Trace-Id
X-Daa-Tunnel
RTSS
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Server-ID
X-Middleton-Response
Response
X-Recruiting
X-Varnish-TTL
X-Content-Digest
X-Webkit-Csp
X-ARC
X-TraceId
X-Forwarded-For
X-FastCGI-Cache
X-T
X-MSEdge-Ref
Arr-Disable-Session-Affinity
Content-MD5
Cross-Origin-Resource-Policy
MS-Author-Via
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
TP-Cache
X-Shield-Request-Id
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Accel-Expires
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-Hits
X-Cached
X-Forwarded-Proto
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Received
X-HS-Combine-CSS
X-Id
Public-Key-Pins
X-HS-Cache-Config
X-Ua-Browser
Realpath
Server-Node
X-ORACLE-DMS-RID
X-FTR-Expires
X-Frontend
Payment
X-Protected-By
X-RateLimit-Limit
X-LLID
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
TP-L2-Cache
X-ORACLE-DMS-ECID
X-LB-Cache
X-Correlation-Id
X-Fastly-Request-ID
X-XRDS-LOCATION
Cache-Tags
X-Microsite
X-Request-Handler-Origin-Region
Fastcgi-Cache
X-Debug-Info
Count-Hit
X-Amzn-RequestId
X-Page-Id
X-Amz-Apigw-Id
Referer-Policy
MRF-Tech
X-Envoy-Decorator-Operation
X-B3-TraceId-Primal
X-Az
X-AppVersion
X-Activity-Id
Mrf-Cache-Status
Host
X-Hostname
X-NGENIX-Cache
X-Origin-Server
X-Cluster-Name
X-Varnish-Backend
X-Www-Served-By
X-Varnish-Server
Accept-Charset
X-Geo-Country
X-App-Server
Origin-Trial
X-PressLabs-Stats
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Ratelimit-Limit
X-F-Cache
X-TEC-API-VERSION
Retry-After
X-Fastcgi-Cache
X-Load-Cache
X-Px
X-RateLimit-Reset
X-Goog-Metageneration
X-FB-Debug
X-CSRF-Token
X-Upgrade-Enabled
X-Seen-By
TCN
Server-Name
X-Amz-Meta-S3cmd-Attrs
Access-Control-Allow-Method
Cleartype
X-Git-Hash
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Grace
Section-Io-Cache
X-Request-Guid
X-Cache-Control
X-B
X-B3-Sampled
X-Revision
X-Contextid
X-TT
X-Trace-Id
X-Varnish-Ttl
Paypal-Debug-Id
X-Webkit-CSP
Healthy
Charset
X-Azure-Ref
X-Whom
X-Type
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
DC
X-Content-Options
X-Fb-Rlafr
X-Proxy
X-Wix-Request-Id
X-Mobile
X-Air-Pt
X-Signature
X-B-Cache
X-App-Environment
X-Newrelic-App-Data
X-N
X-Node-Name
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Amz-Replication-Status
X-Magnolia-Registration
Filterid
Accept-Ch
Frame-Options
X-Origin-Cache
X-Oracle-Dms-Ecid
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Hcs-Proxy-Type
X-EdgeConnect-Cache-Status
X-Logged-In
X-Time
Viewport
NGB
Backend
X-Unique-Id
X-TTL
Content-Disposition
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Debug
X-Original-Request-Id
VIX-Pulpo-Node
X-Oracle-Dms-Rid
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Rendered-As
X-Debug-IsPreview
X-Debug-IsConnected
X-Tumblr-Pixel
X-RemovedCookies
X-WebKit-CSP-Report-Only
X-Cache-Grace
X-Is-Bot
X-Yottaa-Metrics
X-ProcessESI
X-Adobe-Loc
SD-X-WS
Liferay-Portal
X-Datadog-Sampled
MS-CV
X-Adobe-Content
Ms-Operation-Id
X-FW-Type
X-RTag
X-FW-Dynamic
X-FW-Static
X-Varnish-Grace
X-FW-Version
X-FW-Server
X-FW-Serve
X-Servername
X-G
X-FW-Hash
X-IPS-LoggedIn
X-NYM-Debug-Backend
Fastly-SWR
X-UUID
Fastly-SIE
X-Instance
X-Amzn-Remapped-Content-Length
X-Backend-Name
X-Hl-Ver
X-Fastly-Request-Id
X-Cacheable-TTL
X-Device-Type
X-Via-JSL
X-Cache-Age
ServerID
From-Origin
Akamai-GRN
X-VC-Cache
X-User-Agent
X-L-Path
X-Environment-Context
X-Region
X-Proxy-Cache-Info
Upgrade-Insecure-Requests
X-Rule
X-Ratelimit-Remaining
X-Cache-Hit
Version
X-Ua-Device
X-Status
Country
X-B3-SpanId
Refresh
X-Template
X-Source
X-Language
X-INCAP-ABP
Countrycode
GEO-INFO
CDN-RequestId
Url
X-Storage
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-WP-CF-Super-Cache-Active
X-Rid
SRV
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Origin-TTL
Alternate-Protocol
X-Origin-CC
OT-Force-Account-Verify
X-NODE
AMP-Access-Control-Allow-Source-Origin
WPO-Cache-Message
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Flags
X-Real-IP
WPO-Cache-Status
X-Route-Name
X-Providence-Cookie
X-Jobs
X-ServerID
X-App-Version
X-Akamai-Request-ID2
X-B3-Traceid
X-VC
Surrogate-Key
X-Content-Powered-By
X-CDN-Forward
X-Cache-Time
Access-Control-Request-Headers
Protected
X-Mode
X-Sucuri-Cache
X-Rocket-Nginx-Serving-Static
X-Accel-Version
X-Hosted-By
X-Handled-By
Xet-Cookie
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-ID
X-Akamai-Edgescape
Filters
X-Cache-Rule
X-Rn-Rsrv
X-Xfnlog-Site
Meta-Geo
X-Rewrite-Enabled
X-Cache-Operation
X-TT-LOGID
X-Upstream-Ct
X-Upstream-Ht
Webserver
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-SaId
X-GeoCode
ServedBy
Selected-Fe
Cross-Origin-Embedder-Policy
Section-Io-Id
X-Adobe-Source
X-AWS-Id
X-Edge-Location
X-Drupal-Cache-Tags
X-Detected-As
X-Cache-Debug
X-GeoCountry
X-Webstats-RespID
X-LJ-Flow-ID
X-Proxy-Build
X-VWS-Id
X-Tumblr-Pixel-3
X-Timing-Wait
X-Framework
X-Origin
X-Nginx-Cache
X-Web-Node
X-PHP-Host
X-Tumblr-Pixel-2
X-Worker
X-JoinUs
X-Labrador-Cache-Channel
X-Cms-Context
Atl-Traceid
X-Zipkin-Id
Webcakes-Region
X-No-Session
X-Logging-Id
X-Cluster
X-Proxied
Web-Mar-Node
X-Soup
X-Platform-Cluster
Property-Id
Node
X-Platform-Processor
Mn-Server-Ip
X-Origin-Hint
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Version
X-Director
X-Drupal-Cache-Contexts
X-Platform-Router
X-Served-From
X-SayCDN-TTL
X-Say-Cacheable
X-Routing-Service
X-Redis-Cache
X-Extlb
X-Restarts
X-Say-TTL
X-Varnish-Cache-Hits
X-RM-Cache-TTL
X-ProxyCache-Key
X-Is-Supported-Browser
X-IPLB-Request-ID
X-Is-Mobile
Xserver
Front
X-Is-Desktop
X-RCS-CacheZone
X-ProxyCache-Status
X-S
X-Origin-Date
X-AB
X-Tcp-Rtt
X-Geo-Region
X-Locale
X-Forwarded-Host
X-Lambda-Id
X-Skip-Cache
X-Tncms
X-BYPASS-REASON
X-Tb
X-Is-Tablet
X-Varnish-Age
X-IPLB-Instance
X-Loop
X-Site-Version
X-Browser-Name
X-VCT
CDN-PullZone
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
Apigw-Requestid
X-RID
X-Fetched-On
X-Format
Azure-InstanceId
X-R9-Blue-Green-Version
Azure-RegionName
X-Generation-Time
X-Cache-Host
Azure-SiteName
Accept-Language
X-Httpd
X-Git-Commit
X-Alternate-Cache-Key
X-Reqid
X-Tec-Api-Root
X-Storefront-Renderer-Rendered
X-Tec-Api-Origin
X-Varnish-Beresp-Grace
X-Vercel-Cache
Azure-SlotName
X-Vercel-Id
Azure-Version
X-Container-Uri
X-Shopify-Stage
X-Tec-Api-Version
X-Cdn-Origin
X-Frame-Option
X-Ms-Request-Id
X-Vcache
X-Ms-Version
X-Provided-By
X-Cache-Server
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
Fastcgi-Useragent
DB-Nickname
X-Server-W
WP-Super-Cache
X-XRDS-Location
X-SRV
X-Vcl-Version
X-Page-View
CF-IPCountry
Cross-Origin-Window-Policy
X-Uri
X-MP-GENERATED-AT
Source
X-Generated-By
X-Azure-Ref-OriginShield
Cross-Origin-Embedder-Policy-Report-Only
Sid
X-Use-Mantle
Thinkindot-CacheControl-Type
TDXMobile
X-Scope-Id
Thinkindot-CacheControl
Thinkindot-Control
X-Shield-Cache-Expires
X-Thinkindot-L3
X-CMSURLCustom
Cache
Cache-Tv-Group
X-Pass-Why
X-FB-TRIP-ID
X-Buckets
Content-Secure-Policy
X-UA
X-Kinja-CCPA
Onion-Location
X-LSADC-Cache
Priority
X-Optimistic-Header
HostName
X-DataDome
Locale
X-PDP-UNCACHING-HASH
X-ECache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Http-Reason
X-Dc
X-WP-CF-Super-Cache-Cookies-Bypass
X-Content-Age
X-Lagoon
X-DynaTrace
X-GEO
X-Newrelic-Synthetics
X-Xrds-Location
X-TA-CDN-Provider
X-Request-URI
X-Cluster-Node
Locid
User-Cache-Control
LB
Req-ID
Server-Ext
Meta-Geo-Continent
Server-Host
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
Cdnsip
A
Candidate-Md5Url
Cdncip
Gannett-Cam-Experience-Id
Lang
Origin
Origin-Agent-Cluster
Redirect-Candidate
Ngx.Var.Host
Ngx-Var-Key
Magicmarker
MD5-Digest
Rendered-Blocks
X-A
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-External-Request-Id
X-ND-Cache
X-Ec-Fail
X-Dispatcher-Server
X-Vdms-Version
X-D
X-Destination
X-Developer
X-Op-Id-All
X-Platform
X-UA-Device-Type
X-ScT
X-SRCache-Key
X-TIM-N
X-SB
X-S-Cookie
X-Request-Start
X-Vdms-Path
X-Varnish-Hostname
X-Rojux
X-Connection-Hash
X-Conf
Vix-Hermes-Req-Id
X-Viewer-Country
X-A-Ccd
X-A-Dam
X-Vtex-Remote-Cache
T-Server
Sever-Int
Sslversion
X-Zen-Fury
Surrogated-Key
X-A-Dcw
X-A-Wwc
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Bucket
X-Cache-NE
X-Bc-Bl
X-B-Cookie
X-Aed
X-AK-Request-ID
X-Application
Server-Hostname
X-A-Dgt
X-Proxy-Cache-Status
X-Datadome
X-Sql-Count
X-Sql-Duration-Ms
X-Cache-Action
X-B3-Trace-ID
X-Cache-Id
X-Bip
X-Block-Status
X-Cache-Aspx
X-Clientip
X-Debug-Cache-Store
X-Device-Os
X-Debug-Cache-Fetch
X-Core-Value
X-Auto-Login
X-Contensis-Viewer-Groups
X-Cache-TTL-Remaining
Wxu-Next-Region
Pramga
Producers
Platform
NM-Fastcgi-Cache
Host-ID
Is-Eu
Release
X-Varnish-Beresp-Ttl
X-DPWN-IS-SECURE
X-Ad-Load-Variation
Wxu-Next-Hostname
Wxu-Next-Commit
True-Client-Country-4JS
V-Age
X-Amz-Meta-Cb-Modifiedtime
X-Ec-Custom-Error
X-PAYTM-SRV-ID
X-Pubstack
X-Req
X-Origin-Time
X-Origin-Expires
X-Node-Id
X-Nyt-Route
X-Scheme
X-SD-PageType
XM
Yak-Timeinfo
X-WA-Info
X-Varnishpool
X-Thanos
X-Varnish-Authentication
X-NMSegId
X-Nginx-Cache-Key
X-Gen-Mode
X-Generated-On
X-Gdpr
X-Forwarded-Site
X-Esi-Check
X-Fastly-Cache
X-GeoIP
X-GeoIP-City
X-Loc
X-NCache
X-Level-Front-Cache
X-Hnp-Log
X-GeoIP-Region-Code
X-Gzip
Fastly-SSL
X-GeoIP-Country-Code
DSUID
Environment
C-Via
Cluster
Adler-Geo
Content-Style-Type
CDCHOST
Content-Script-Type
X-Service
X-Origin-Response-Time
X-V-Cache
Canary
X-Cdn-Srv
X-Var-Ttl
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-SVT-ORM-RULES
Apple-News-Services-Request-Url
Cache-Provider
X-TH-Server
X-Cache-Expired-At
X-Amz-Storage-Class
X-ApacheServer
X-VG-TLSProxy
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-VG-WebCache
Click-Count-Error
Click-Count-Action-Start
Apple-News-Services-Parsed-Url
X-Cache-Info
X-Cache-Backend
X-VarnishDD-TTL
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Varnish-Beresp-Status
X-FC-Vary-Parameters
X-Mvc-Supplant-Cachable
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Moov-Xdn-Version
X-Moov-T
X-Micro-Cache
X-Mly-Id
X-Proxied-Request
X-Pool
X-PERF
Cache-Hits
X-Org
Fastly-GeoIP-CountryCode
X-Policy
X-Old-Content-Length
X-Men
X-Region-Sid
X-Server-IP
X-Section
X-From
X-Fmm-Version
Apple-News-Services-Handled
X-Access
X-Geo-Header
X-Request-Time
X-Request-Host
X-Instance-Name
X-Human
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-HN
Apple-News-Services-Host
X-Varnish-Director
Tube-Get-Contents
Ssr
RNT-Time
Tube-Got-Eval
Tube-Got-Results
Uber-Trace-Id
Tube-Return
Req-Svc-Chain
Esi-Enabled
L
Gh-Request-Id
Machine
Mail-Subject
PFcat
On-Server
Country-Code
RNT-Machine
We-Hiring
X-We-Are-Hiring
Web-Mar-Region
Fastly-Drupal-HTML
X-NGINX-Cache
X-Up
WZWS-RAY
X-CGP
X-Wikidot-Static-Cache
X-Mvc-Supplant-OutputCached
X-VServer
HA-Ipaddr
Ha-Gx-Prefs
Proxy-Firewall
Cache-Key
X-Rocket-Build-Number
X-Test
X-Slack-Shared-Secret-Outcome
X-Hash
X-Csrf-Jwt
L5d-Success-Class
X-Edge-Server
X-Proto
AKAMAI
X-Zone
Cf-Device-Type
X-Sigma-Backend
X-Sigma
X-App-Name
X-Fastly-Backend
Cdn-Request-Time
W
X-Slack-Backend
Cdn-Host
X-Wikidot-Backend
X-Cache-Date
X-Eu-Site
X-Correlation-ID
X-NWS-UUID-VERIFY
X-Tb-Optimization-Total-Bytes-Saved
Fastly-Backend-Name
X-VCache
NGX
X-Accel-Expires-Debug
X-CacheTTL
X-LB-ID
X-Date
X-Tx-Id
X-Mg-Request-UUID
X-Via-Fastly
X-Cloudmap
X-Branch-Name
X-API-Version
X-Ah-Environment
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-Via-Edge
X-Servedbyhost
X-DynaTrace-JS-Agent
X-DC
X-COUNTRY
NtCoent-Length
S-Rt
X-Parent-Response-Time
X-Varnish-Hits
X-HA-Backend
X-Via-Poph
X-Via-Popv
X-Location
X-Via-Popn
Type
Pics-Label
X-Ig-Origin-Region
X-Refresh
X-CACHE-GROUP
Datacenter
X-Ratelimit-Reset
X-CDN-Cache-Status
GeoIp-Country-Code
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Template-Id
Cdn
X-VHOST
X-Ua
X-Jungle-Id
X-Wormhole-Sdk
X-Akamai-Transformed
Resin-Trace
X-CUA
X-Esi
Powered-By
Origin-EX
X-LB-NoCache
X-Irp-Debug
Origin-CC
X-Core-Mission
X-Wa
SID
X-User
X-Nc
X-Owner
Cdn-Requestid
Cf-Ipcountry
X-SIPLIST1
GeoIP-Latitude
X-Srv
IsBot
X-TX-ID
Server-ID
Cross-Origin-Opener-Policy-Report-Only
X-ZONE
DataCenter
X-Fpc
X-Qloud-Router
X-Hit
X-Render-Time
X-CS
X-LiteSpeed-Tag
X-Nananana
X-Nf-Request-Id
X-Proxy-CacheRZ
X-B3-Parentspanid
X-Powered-By-VTEX-Cache
XkeyRZ
X-VTEX-Cache-Time
CloudFront-Viewer-Country
Debug
X-VTEX-Cache-Server
X-NewRelic-App-Data
X-Client-Ip
Fastly-Drupal-Html
Mime-Version
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Presslabs-Stats
Edge-Cache
X-URL
N-Cache
X-IAuth-Set-Uid
X-DataCenter
Expect-Staple
X-Segment-20210421
X-Cached-By
True-Client-IP
Uri
X-Forwarded-Path
X-Auth-Group-Type
Xc-Version
X-Cache-Type
X-Amz-Meta-Opti
X-Shop-Environment
X-Orig-Expires
X-Tt-Logid
X-Tenant
X-TimeS
X-TIME
X-Varnish-Beresp-TTL
CDN
Cmstype
Cmsid
X-Ig-Push-State
X-Gamma-Serve
X-Cs
Srv
X-LiteSpeed-Cache-Control
X-HostName
User-Agent
X-Info
MIME-Version
X-CACHE-AGE
True-Client-Ip
X-PHP-Backend
X-Geo
X-Vmg-Version
Odigeo-Trace-Id
CPC-Cache
CPC-Age
X-Dynatrace-Js-Agent
Load-Balancing
X-Fastly-Country-Code
X-Cdn-Diag
X-NodeID
Tcn
X-Custom-Header
X-Vgn-Hpd-Reason
X-AIR-PT
X-B3-Spanid
X-Cdn-Forward
X-Pad
X-HOST
X-Vc
X-Depends
X-FPC
X-Dispatch
Request-ID
X-Varnish-CookieHashed-On
X-DefElseHash
X-DefHash
X-NC
X-APP-VERSION
X-Varnish-Remaining-TTL
Ohc-File-Size
X-WA
X-Variation
X-Datacenter
X-Varnish-CookieINHashed-On
X-Webkit-Csp-Report-Only
X-M-Reqid
Hostname
X-CSRF-TOKEN
X-M-Log
Server-Id
X-VC-TTL
Cl-Cache
CacheControlHeader
X-Api-Version
X-LAGOON
X-Lb-Nocache
Ohc-Cache-HIT
GeoIP-Country-Code
X-APP
Geoip-Latitude
X-Cache-FS-Status
VNS-Age
X-ServedByHost
VNS-Cache
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
X-Ha-Backend
PICS-Label
Epwk-X-Cache
Cloudfront-Viewer-Country
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Cache-Ttl
FSS-Cache
X-Litespeed-Tag
Server-Info
CountryCode
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-VCL-Version
X-Srcache-Store-Status
X-Lb-Id
X-FL-QIT-DEBUG
Srvid
BehaviorPad-Version
ServerHost
Xkey-La3
X-MSEdge-Flight
X-MSEdge-Features
X-Dispatcher-Number
X-Proxy-Cache-La3
Xkeylog
X-Snapshot-Date
X-Cdn-Request-ID
OriginIP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Acquia-Site
Ngx
X-Th-Server
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
X-RequestId
Time
Memory
X-Check-Cacheable
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Memcached
X-Acquia-Application-Trace
X-Web-Server
X-Serial
X-Cache-Version
X-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Ramcache
X-Mid
Sm-Log-Id
X-RAMCache
X-Mg-Cache
Akamai-Cache-Status
Warning
X-Dw-Trace-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Service-Response-Time
X-Udemy-Cache-App-Namespace
X-Sucuri-Id
X-Requestid