Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
P3p
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
Cf-Edge-Cache
X-Backend
Request-Context
X-UA-Device
X-Robots-Tag
Keep-Alive
X-Server
X-Cache-Group
X-Hacker
X-Turbo-Charged-By
X-AH-Environment
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Page-Speed
X-Pingback
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Litespeed-Cache
X-Cache-Lookup
X-Application-Context
X-Country-Code
X-Trace
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-ECACHE
X-FTR-Request-ID
Cache-Tag
X-Mcache
X-Midtier
X-Mod-Pagespeed
Nginx-Cache
X-MS-InvokeApp
X-Vname
X-TtlSet
X-PC
X-Upstream
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
X-Times
Verso
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Cnection
X-Ruxit-Js-Agent
SPIisLatency
SPRequestDuration
X-Ac
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Vcap-Request-Id
X-Abt-Application-Version
X-Ser
X-Dw-Request-Base-Id
X-NF-Request-ID
X-GitHub-Request-Id
X-RateLimit-Remaining
X-NWS-LOG-UUID
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
AR-CACHE
X-VARITI-CCR
X-Mg-S
Pagespeed
S
X-Middleton-Display
Display
X-Sol
X-Client-IP
RTSS
X-Cache-Key
Edge-Cache-Tag
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Accept-Ch
X-Ttl
X-Goog-Hash
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
Cache-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-ID
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
Origin-Trial
X-Varnish-TTL
X-Content-Digest
X-TraceId
Response
X-Middleton-Response
X-Webkit-Csp
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
X-Content-Security-Policy-Report-Only
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
MicrosoftSharePointTeamServices
TP-Cache
X-Accel-Expires
X-Shield-Request-Id
X-Hits
X-Cached
X-Daa-Tunnel
Front-End-Https
X-Id
Public-Key-Pins
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
Cross-Origin-Resource-Policy
X-FTR-Expires
MS-Author-Via
X-DIS-Request-ID
X-Request-Processing-Time
X-Ua-Browser
X-Request-Received
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Server-Node
Payment
X-Forwarded-Proto
X-Frontend
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LLID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Fastcgi-Cache
Realpath
X-GUploader-UploadID
X-Protected-By
X-RateLimit-Limit
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Distributor
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Request-Handler-Origin-Region
X-ORACLE-DMS-ECID
X-Microsite
X-TTL
X-Page-Id
Referer-Policy
X-XRDS-LOCATION
X-Az
Mrf-Cache-Status
X-AppVersion
X-B3-TraceId-Primal
X-Activity-Id
MRF-Tech
X-Kong-Proxy-Latency
X-Debug-Info
X-Kong-Upstream-Latency
Count-Hit
X-Cluster-Name
X-Geo-Country
X-Www-Served-By
X-Varnish-Backend
X-F-Cache
Accept-Charset
X-App-Server
Host
X-NGENIX-Cache
X-Varnish-Server
X-Envoy-Decorator-Operation
X-Correlation-Id
Fastcgi-Cache
X-Ua-Device
X-Hostname
X-PressLabs-Stats
X-Ratelimit-Limit
X-Goog-Metageneration
X-FB-Debug
Access-Control-Allow-Method
X-RateLimit-Reset
X-Git-Hash
X-CSRF-Token
Retry-After
X-Upgrade-Enabled
X-WebKit-CSP-Report-Only
X-Load-Cache
X-Ezoic-Cdn
X-Varnish-Ttl
X-Kinja-CCPA
X-Content-Options
Server-Name
X-Fastly-Request-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Datadog-Sampling-Priority
X-Seen-By
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Request-Guid
X-Px
X-Cache-Control
X-Revision
X-Grace
Charset
X-Amz-Meta-S3cmd-Attrs
X-Tt-Trace-Tag
X-Tt-Trace-Host
DC
X-Contextid
X-TT
X-Trace-Id
X-Type
Cleartype
Paypal-Debug-Id
Section-Io-Cache
X-B
X-App-Environment
X-B3-Sampled
X-Signature
X-B-Cache
X-Whom
X-Fb-Rlafr
X-Wix-Request-Id
Healthy
X-Rid
X-Node-Name
X-Newrelic-App-Data
TCN
X-Mobile
X-Origin-Cache
X-Amz-Replication-Status
Frame-Options
X-Is-Crawler
X-Magnolia-Registration
X-Aspnet-Duration-Ms
X-Flags
X-Route-Name
X-Providence-Cookie
X-EdgeConnect-Cache-Status
X-Goog-Stored-Content-Encoding
X-Azure-Ref
X-Goog-Generation
X-Oracle-Dms-Ecid
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Fastly-Request-ID
X-Language
X-Proxy
X-Logged-In
Filterid
X-Ratelimit-Remaining
X-N
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Content-Disposition
X-Oracle-Dms-Rid
Akamai-GRN
X-Air-Pt
Backend
X-App-Version
X-Original-Request-Id
X-Template
X-Response-Served-From
NGB
X-Proxy-Cache-Info
Refresh
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-User
X-Is-Bot
X-Varnish-Grace
X-Rendered-As
X-Debug-IsPreview
X-ProcessESI
X-Cache-Age
Upgrade-Insecure-Requests
X-Debug-IsConnected
VIX-Pulpo-Upstream-Status
SD-X-WS
VIX-Pulpo-Node
X-Datadog-Sampled
X-Adobe-Loc
X-Yottaa-Metrics
X-Yottaa-Optimizations
MS-CV
Liferay-Portal
X-Adobe-Content
X-UUID
Ms-Operation-Id
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-Instance
X-Unique-Id
Viewport
X-Servername
X-RTag
X-FW-Version
X-FW-Type
X-FW-Static
X-FW-Serve
X-G
X-Cache-Grace
X-FW-Server
X-Debug
X-FW-Dynamic
X-Time
X-FW-Hash
Fastly-SWR
From-Origin
X-Cacheable-TTL
Fastly-SIE
X-User-Agent
X-Region
X-Environment-Context
X-Rule
X-L-Path
X-Device-Type
X-NYM-Debug-Backend
X-Backend-Name
X-Cache-Hit
Country
Url
X-Status
X-Hl-Ver
X-Jobs
ServerID
X-B3-SpanId
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Webkit-CSP
X-CCDN-CacheTTL
X-Page-View
WPO-Cache-Message
X-VC-Cache
Countrycode
X-Via-JSL
WPO-Cache-Status
X-INCAP-ABP
Alternate-Protocol
X-Air-Source
X-Cache-Status-Check
X-Air-Trace-Id
Surrogate-Key
X-Origin-TTL
X-Origin-CC
X-Hosted-By
X-Air-Hostname
X-NODE
X-HTML-Minification-Powered-By
Version
X-Akamai-Request-ID2
X-Source
X-Content-Powered-By
Protected
X-B3-Traceid
GEO-INFO
SRV
X-Akamai-Edgescape
X-Tec-Api-Version
X-Tec-Api-Root
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Origin
X-WP-CF-Super-Cache-Active
X-Http-Reason
X-Nginx-Cache
Amp-Access-Control-Allow-Source-Origin
X-Storage
CDN-RequestId
X-Accel-Version
X-Framework
X-Edge-Location
X-CDN-Forward
X-VC
Access-Control-Request-Headers
X-Cache-Rule
Front
OT-Force-Account-Verify
AMP-Access-Control-Allow-Source-Origin
X-Real-IP
X-Mode
X-Use-Mantle
X-Httpd
X-Cache-Operation
Accept-Language
Meta-Geo
X-ServerID
X-Xfnlog-Site
X-Rn-Rsrv
Filters
X-Upstream-Ct
X-Upstream-Ht
Xet-Cookie
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-SaId
X-Proxy-Build
Selected-Fe
X-Origin
X-Tumblr-Pixel-3
Webserver
X-JoinUs
X-Timing-Wait
CF-IPCountry
X-Detected-As
X-Cache-Debug
X-Redis-Cache
X-Varnish-Cache-Hits
X-Handled-By
X-Labrador-Cache-Channel
X-PHP-Host
X-Endurance-Cache-Level
X-Director
Node
X-Adobe-Source
X-Cache-Time
X-Worker
ServedBy
X-Served-From
X-Soup
X-Web-Node
X-Say-Cacheable
X-Say-TTL
Apigw-Requestid
X-S
TWC-Connection-Speed
X-RM-Cache-TTL
Property-Id
X-No-Session
X-Origin-Hint
X-Browser-Name
X-Is-Tablet
X-Tcp-Rtt
X-Logging-Id
X-Loop
X-Is-Supported-Browser
X-Is-Mobile
TWC-Device-Class
X-Varnish-Age
X-Geo-Region
X-Is-Desktop
X-AB
X-SayCDN-TTL
X-Restarts
X-Tncms
X-Server-W
Webcakes-App-Name
X-Cms-Context
Xserver
Webcakes-Region
TWC-Privacy
Web-Mar-Node
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
X-BYPASS-REASON
X-ProxyCache-Status
X-Container-Uri
X-Cache-Server
X-Cache-Host
X-DynaTrace
X-Varnish-Beresp-Grace
X-LJ-Flow-ID
Section-Io-Id
X-GeoCode
X-GeoCountry
X-Git-Commit
X-RCS-CacheZone
X-Generation-Time
X-IPLB-Instance
X-AWS-Id
X-VWS-Id
X-Lambda-Id
X-VCT
Azure-Version
X-Site-Version
DB-Nickname
X-IPLB-Request-ID
Azure-SlotName
Azure-SiteName
Cross-Origin-Embedder-Policy
Azure-InstanceId
Azure-RegionName
Mn-Server-Ip
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-Skip-Cache
X-Locale
X-Tb
X-Format
X-Ms-Request-Id
X-Provided-By
X-Ms-Version
X-Proxied
X-Extlb
X-Zipkin-Id
X-Platform-Router
X-Reqid
X-Uri
X-Vercel-Cache
X-Vercel-Id
X-Routing-Service
X-Forwarded-Host
X-Cluster
X-Platform-Cluster
X-Platform-Processor
X-Fetched-On
X-Frame-Option
X-MP-GENERATED-AT
X-Webstats-RespID
X-Drupal-Cache-Tags
X-TT-LOGID
X-Drupal-Cache-Contexts
X-XRDS-Location
Cache-Tv-Group
X-Sql-Count
X-Origin-Date
X-Sql-Duration-Ms
CDN-Cache
X-Storefront-Renderer-Rendered
X-Shopify-Stage
CDN-CachedAt
X-Alternate-Cache-Key
CDN-PullZone
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-EdgeStorageId
WP-Super-Cache
Source
Fastcgi-Useragent
Priority
X-FB-TRIP-ID
X-Vcache
Content-Secure-Policy
X-Vcl-Version
X-Sucuri-Cache
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Generated-By
X-Sucuri-ID
X-Cdn-Origin
Onion-Location
Sid
X-Urbn-Site-Id
Cross-Origin-Embedder-Policy-Report-Only
X-Urbn-Context-Path
Locale
X-Content-Age
X-Pass-Why
X-SRV
X-Newrelic-Synthetics
S-Rt
WZWS-RAY
X-Buckets
X-Cluster-Node
Atl-Traceid
X-Use-Magma
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Cache
X-Ua
Thinkindot-CacheControl
X-Cache-Action
Thinkindot-Control
X-Scope-Id
X-Shield-Cache-Expires
X-CMSURLCustom
TDXMobile
Cross-Origin-Window-Policy
HostName
X-Xrds-Location
X-LSADC-Cache
X-VCache
X-Cache-Expired-At
X-Varnish-Beresp-Ttl
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-Datadome
X-Proxy-Cache-Status
Edge-Copy-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-DataDome
Ngx.Var.Host
X-A-Wwc
X-Ec-Fail
X-External-Request-Id
Redirect-Candidate
MD5-Digest
Origin
X-Conf
X-Dispatcher-Server
X-TIM-N
Ngx-Var-Key
X-SRCache-Key
X-D
Lang
X-Dc
X-ScT
X-S-Cookie
X-Rojux
X-B-Cookie
X-Aed
X-GEO
X-Application
Origin-Agent-Cluster
Server-Host
X-Cache-Bucket
X-Optimistic-Header
Meta-Geo-Continent
T-Server
Surrogated-Key
Sslversion
X-Developer
Type
DCR-Decision-By
X-A-Ccd
X-Bc-Bl
X-A
X-BCube-Filmed-By
X-A-Dam
DCR-Processing-Time-Ms
X-Bl-Debug
X-Epic-Correlation-Id
X-A-Dcw
X-Platform
X-Vdms-Path
X-Vdms-Version
X-Correlation-ID
X-Varnish-Hostname
Rendered-Blocks
Req-ID
X-Request-Start
X-Cache-NE
X-A-Dgt
X-Ec-GeoHdr
CDCHOST
X-Vtex-Remote-Cache
X-Destination
Candidate-Md5Url
Gannett-Cam-Experience-Id
Expiry
X-Connection-Hash
X-TimeS
Content-Script-Type
X-Gdpr
Cluster
Environment
Content-Style-Type
X-Esi-Check
X-Forwarded-Site
X-Generated-On
X-Fastly-Cache
X-GeoIP-Country-Code
Host-ID
Magicmarker
X-Level-Front-Cache
X-Ec-Custom-Error
X-Gzip
User-Cache-Control
X-GeoIP-Region-Code
Fastly-SSL
X-SD-PageType
X-WA-Info
X-Op-Id-All
A
X-VServer
X-Viewer-Country
X-NMSegId
X-Clientip
X-Varnishpool
X-Instance-Name
X-Cache-Id
V-Age
Vix-Hermes-Req-Id
X-Bip
X-Branch-Name
Sever-Int
Server-Ext
Server-Hostname
X-SB
X-Thanos
X-Debug-Cache-Store
X-Pubstack
NM-Fastcgi-Cache
X-PAYTM-SRV-ID
X-Origin-Time
X-Node-Id
X-Nyt-Route
X-TH-Server
X-Debug-Cache-Fetch
Pramga
X-Core-Value
X-Scheme
X-Mg-Request-UUID
Fastly-Drupal-HTML
X-Service
X-TA-CDN-Provider
X-Request-URI
X-Cache-Info
X-Contensis-Viewer-Groups
X-Device-Os
X-Cache-Aspx
X-DPWN-IS-SECURE
X-RateLimit-Remaining-Second
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Cache-Provider
L
Wxu-Next-Hostname
Wxu-Next-Commit
Apple-News-Services-Host
Apple-News-Services-Handled
X-Varnish-Director
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-VG-WebCache
X-We-Are-Hiring
Wxu-Next-Region
X-Access
X-Nginx-Cache-Key
X-NCache
X-Req
X-Section
X-Zen-Fury
X-UA-Device-Type
X-Hnp-Log
X-Gen-Mode
X-Auto-Login
X-Amz-Meta-Cb-Modifiedtime
X-B3-Trace-ID
X-Block-Status
X-Cache-TTL-Remaining
X-Varnish-Authentication
X-Var-Ttl
X-Men
X-Loc
X-Micro-Cache
X-Mly-Id
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-Human
X-GeoIP
X-Geo-Header
X-GeoIP-City
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
X-Old-Content-Length
X-Org
X-Rocket-Build-Number
X-Request-Time
X-Server-IP
X-Sigma
X-V-Cache
X-Sigma-Backend
X-Request-Host
X-ApacheServer
X-Policy
X-PERF
X-Pool
X-Proxied-Request
X-RateLimit-Limit-Second
X-FC-Vary-Parameters
X-From
Ssr
Platform
True-Client-Country-4JS
Adler-Geo
Esi-Enabled
Producers
Release
Canary
Machine
Mail-Subject
Fastly-GeoIP-CountryCode
X-Ad-Load-Variation
We-Hiring
DSUID
Is-Eu
Gh-Request-Id
Web-Mar-Region
X-Origin-Response-Time
Cf-Device-Type
X-Fastly-Backend
Country-Code
Req-Svc-Chain
RNT-Time
RNT-Machine
X-Aicache-OS
Locid
X-Hash
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Proto
X-Slack-Backend
X-Test
X-Up
Cache-Key
Cdn-Host
AKAMAI
C-Via
X-Wikidot-Backend
X-Wikidot-Static-Cache
Cdn-Request-Time
X-Acquia-Purge-Cdn-Unconfigured
Proxy-Firewall
Cdncip
On-Server
Cdnsip
X-ND-Cache
X-AK-Request-ID
X-Cache-Date
Uber-Trace-Id
X-Moov-Xdn-Version
X-Region-Sid
X-App-Name
X-Edge-Server
W
X-Moov-T
X-BBC-Edge-Cache-Status
X-Fmm-Version
X-Cdn-Srv
X-Parent-Response-Time
X-Eu-Site
X-Csrf-Jwt
Yak-Timeinfo
PFcat
X-Ah-Environment
X-HN
X-VarnishDD-TTL
Click-Count-Error
Tube-Return
Tube-Get-Contents
Tube-Got-Eval
X-Owner
Ha-Gx-Prefs
Click-Count-Action-Start
Pics-Label
L5d-Success-Class
HA-Ipaddr
X-CGP
Tube-Got-Results
X-Date
Fastly-Backend-Name
X-CacheTTL
X-Accel-Expires-Debug
X-Azure-Ref-OriginShield
X-ZONE
X-LB-ID
X-HA-Backend
X-DC
IsBot
X-Via-Poph
X-Amz-Storage-Class
X-Backend-Instance
X-Core-Mission
X-Via-Popv
X-COUNTRY
X-Via-Popn
NGX
X-SIPLIST1
X-DynaTrace-JS-Agent
X-Qloud-Router
X-CACHE-GROUP
XM
LB
Datacenter
X-Ratelimit-Reset
X-NGINX-Cache
Expect-Staple
X-Refresh
N-Cache
X-CF-Lambda-Version
X-API-Version
X-Cache-Backend
X-Origin-Expires
X-Varnish-Hits
X-Tx-Id
NtCoent-Length
X-CF-Lambda-Fn
X-Tb-Optimization-Total-Bytes-Saved
X-Lagoon
Cdn
X-VHOST
X-Orig-Expires
X-Forwarded-Path
X-LB-NoCache
X-Servedbyhost
X-Shop-Environment
X-Cache-Type
RATING
Xc-Version
X-CDN-Cache-Status
X-Tenant
GeoIp-Country-Code
Cdn-Requestid
X-ECache
X-Srv
Cmsid
X-Gamma-Serve
Cmstype
X-UA
X-TX-ID
Server-ID
CPC-Cache
X-Wa
X-Nananana
X-Nc
CPC-Age
SID
X-RID
X-Vmg-Version
CloudFront-Viewer-Country
Cross-Origin-Opener-Policy-Report-Only
X-Cdn-Diag
X-Akamai-Transformed
X-Zone
Resin-Trace
X-B3-Parentspanid
X-Via-Fastly
X-Fpc
X-Hit
Tcn
User-Agent
X-Tt-Logid
X-Proxy-CacheRZ
Uri
Cache-Hits
X-Nf-Request-Id
XkeyRZ
DataCenter
X-HostName
X-Client-Ip
CacheControlHeader
X-Ig-Origin-Region
X-Presslabs-Stats
X-Location
GeoIP-Latitude
X-Variation
X-URL
X-LAGOON
X-Datacenter
Fusion-Content-Id
X-Fastly-Country-Code
X-Info
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-TIME
X-Amz-Meta-Opti
X-Api-Version
X-Geo
Fastly-Drupal-Html
Lb
X-Cloudmap
True-Client-Ip
Mime-Version
X-NWS-UUID-VERIFY
Cf-Ipcountry
X-B3-Spanid
X-NewRelic-App-Data
X-CACHE-AGE
X-DataCenter
X-CUA
MIME-Version
X-Jungle-Id
VNS-Age
Powered-By
X-CS
Origin-CC
True-Client-IP
Origin-EX
VNS-Cache
X-Dynatrace-Js-Agent
X-AIR-PT
X-IAuth-Set-Uid
X-User
X-LiteSpeed-Tag
X-Cached-By
X-Cdn-Forward
X-Varnish-Beresp-TTL
Srv
X-Vc
X-Segment-20210421
Debug
X-HOST
Load-Balancing
X-LiteSpeed-Cache-Control
Request-ID
Hostname
X-Render-Time
CDN
Cache-Name
X-Dispatcher-Number
X-Webkit-Csp-Report-Only
X-VTEX-Cache-Time
X-VTEX-Cache-Server
Cl-Cache
X-Powered-By-VTEX-Cache
X-CSRF-TOKEN
X-FPC
X-MCACHE
Edge-Cache
Ohc-File-Size
X-Mid
X-Dispatch
X-Auth-Group-Type
X-NC
Server-Id
X-Wormhole-Sdk
GeoIP-Country-Code
X-Esi
X-WA
X-Litespeed-Tag
X-Ig-Push-State
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
X-Cs
X-ServedByHost
Ohc-Cache-HIT
BehaviorPad-Version
Odigeo-Trace-Id
X-APP-VERSION
X-NodeID
X-Lb-Nocache
X-Cache-Ttl
CountryCode
X-Cache-Enabled
X-Fastly-Backend-Reqs
X-Custom-Header
X-Vgn-Hpd-Reason
X-VCL-Version
Ms-Author-Via
X-Litespeed-Cache-Control
X-Cdn-Request-ID
X-Lb-Id
X-PHP-Backend
X-Depends
X-MiniProfiler-Ids
Server-Info
X-Akamai-Pragma-Client-IP
Xkeylog
YJS-ID
X-MSEdge-Features
Xkey-La3
X-MSEdge-Flight
X-Proxy-Cache-La3
X-Pad
X-Via-PopN
X-Acquia-Purge-Tags
X-Via-PopV
X-Snapshot-Date
X-Acquia-Site
FSS-Cache
Srvid
Location
My-App
X-Ha-Backend
X-FL-QIT-DEBUG
X-FL-EDGE
X-Via-PopH
X-Acquia-Application-UUID
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
X-IN-APIGATEWAY
OriginIP
Geoip-Latitude
Ngx
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Memcached
X-DefElseHash
X-DefHash
Memory
X-Varnish-CookieHashed-On
Time
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-Cache-Version
X-M-Reqid
X-VC-TTL
Warning
PICS-Label
X-M-Log
X-Mg-Cache
X-Check-Cacheable
X-Th-Server
X-Serial
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Udemy-Cache-App-Namespace
X-RequestId
X-Service-Response-Time
X-Web-Server
X-Internal-Host
Akamai-Cache-Status
X-Fastly-Cache-Hits
X-Lsadc-Cache
CF-Cached-On
X-Sucuri-Id
X-Dw-Trace-Id
CF-Ctrl