Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Ua-Compatible
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
EagleId
Xkey
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-Backend-Server
X-Readtime
X-Server-Id
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-Vname
X-TtlSet
X-PC
Nginx-Cache
X-MS-InvokeApp
X-ECACHE
X-ESI
X-Upstream
Rating
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-Times
X-D2id
Verso
X-Element-Page-Cache
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Ac
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
X-B3-TraceId
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-NF-Request-ID
X-GitHub-Request-Id
X-Vcap-Request-Id
X-RateLimit-Remaining
X-Dw-Request-Base-Id
X-Ttl
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Mg-S
X-Client-IP
X-VARITI-CCR
S
Pagespeed
X-Sol
X-Middleton-Display
Display
Edge-Cache-Tag
X-Cache-Key
X-Server-ID
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Cache-Status
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
X-Goog-Hash
Access-Control-Request-Method
X-Varnish-TTL
X-Recruiting
X-ARC
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Response
X-Middleton-Response
X-Content-Digest
X-TraceId
X-Daa-Tunnel
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
Content-MD5
X-MSEdge-Ref
Origin-Trial
TP-Cache
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-Accel-Expires
Front-End-Https
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Content-Security-Policy-Report-Only
X-Cached
X-Hits
MS-Author-Via
X-Id
Public-Key-Pins
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Ua-Browser
X-HS-Cache-Config
X-FTR-Expires
X-HS-Hub-Id
Server-Node
X-HS-Combine-CSS
X-HS-Content-Id
X-Request-Processing-Time
X-Forwarded-Proto
X-DIS-Request-ID
X-Request-Received
Payment
X-Frontend
X-Fastcgi-Cache
X-LLID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Realpath
X-FastCGI-Cache
X-Webkit-Csp
X-ORACLE-DMS-RID
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-Ratelimit-Limit
X-LB-Cache
Cache-Tags
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Kong-Proxy-Latency
X-Microsite
X-Kong-Upstream-Latency
X-Request-Handler-Origin-Region
Referer-Policy
X-Hostname
X-B3-TraceId-Primal
X-Page-Id
Mrf-Cache-Status
MRF-Tech
Count-Hit
X-Activity-Id
X-Debug-Info
X-AppVersion
X-Az
X-Www-Served-By
X-Cluster-Name
X-NGENIX-Cache
X-Correlation-Id
Host
Fastcgi-Cache
X-Geo-Country
X-Varnish-Server
X-Varnish-Backend
Accept-Charset
X-Envoy-Decorator-Operation
X-RateLimit-Limit
X-F-Cache
X-App-Server
X-PressLabs-Stats
X-XRDS-LOCATION
X-ORACLE-DMS-ECID
X-Ua-Device
X-FB-Debug
X-Goog-Metageneration
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Retry-After
X-Ezoic-Cdn
X-Upgrade-Enabled
Access-Control-Allow-Method
X-CSRF-Token
X-Git-Hash
X-Load-Cache
X-RateLimit-Reset
X-Seen-By
X-Content-Options
X-Px
TCN
X-Fastly-Request-Id
Server-Name
X-Request-Guid
Section-Io-Cache
X-Grace
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Contextid
X-Type
X-Cache-Control
X-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-B
Cleartype
Charset
X-Varnish-Ttl
X-TTL
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Healthy
X-TT
Paypal-Debug-Id
X-B3-Sampled
X-Whom
DC
X-Fb-Rlafr
X-B-Cache
X-Signature
X-Wix-Request-Id
X-App-Environment
X-Oracle-Dms-Ecid
X-Node-Name
X-Origin-Cache
X-Fastly-Request-ID
X-Mobile
X-Azure-Ref
X-Proxy
X-Newrelic-App-Data
Frame-Options
X-Magnolia-Registration
X-Amz-Replication-Status
X-Air-Pt
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-N
Filterid
X-Rid
Accept-Ch
X-WebKit-CSP-Report-Only
X-WP-CF-Super-Cache
X-Oracle-Dms-Rid
X-WP-CF-Super-Cache-Cache-Control
X-Logged-In
X-Ratelimit-Remaining
X-EdgeConnect-Cache-Status
X-Language
Content-Disposition
Akamai-GRN
X-Flags
X-Aspnet-Duration-Ms
Backend
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Kinja-CCPA
X-NODE
NGB
X-Time
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Node
X-Rendered-As
X-Cache-Age
X-Template
X-Is-Bot
X-Yottaa-Optimizations
Liferay-Portal
X-ProcessESI
MS-CV
Viewport
X-Tumblr-Pixel-0
X-Yottaa-Metrics
Ms-Operation-Id
SD-X-WS
X-Datadog-Sampled
X-Tumblr-Pixel-1
X-Tumblr-User
X-RTag
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Tumblr-Pixel
X-CCDN-CacheTTL
X-Debug-IsPreview
X-Unique-Id
X-Debug-IsConnected
X-Varnish-Grace
Upgrade-Insecure-Requests
X-Servername
X-RemovedCookies
X-Instance
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-IPS-LoggedIn
X-Amzn-Remapped-Content-Length
X-Adobe-Content
X-UUID
X-FW-Server
X-Debug
X-FW-Serve
X-FW-Static
X-Adobe-Loc
X-FW-Version
X-FW-Dynamic
X-FW-Type
X-FW-Hash
X-Environment-Context
X-Region
Refresh
X-Cache-Grace
X-G
Fastly-SIE
X-L-Path
Fastly-SWR
X-Cacheable-TTL
X-Via-JSL
X-Hl-Ver
X-Backend-Name
From-Origin
X-User-Agent
X-Device-Type
X-Cache-Hit
X-Rule
X-Status
ServerID
X-B3-SpanId
Country
X-App-Version
Url
X-VC-Cache
X-INCAP-ABP
Countrycode
Version
X-Jobs
WPO-Cache-Message
WPO-Cache-Status
X-Source
X-Webkit-CSP
Alternate-Protocol
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-Origin-TTL
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Origin-CC
GEO-INFO
CDN-RequestId
Surrogate-Key
X-Akamai-Request-ID2
X-Content-Powered-By
X-WP-CF-Super-Cache-Active
X-Storage
X-Hosted-By
X-Rocket-Nginx-Serving-Static
X-Nginx-Cache
Protected
X-Page-View
OT-Force-Account-Verify
Amp-Access-Control-Allow-Source-Origin
X-Accel-Version
X-B3-Traceid
X-Akamai-Edgescape
X-VC
AMP-Access-Control-Allow-Source-Origin
SRV
X-Real-IP
X-Tec-Api-Version
Access-Control-Request-Headers
X-Tec-Api-Origin
X-Tec-Api-Root
X-Edge-Location
X-ServerID
X-Framework
X-Cache-Time
Xet-Cookie
X-CDN-Forward
X-Mode
Front
X-Cache-Rule
X-UPSTREAM-Address
X-Upstream-Ct
X-Rn-Rsrv
Filters
Webserver
X-Xfnlog-Site
X-Cache-Operation
X-Endurance-Cache-Level
X-Handled-By
CF-IPCountry
X-Upstream-Ht
Meta-Geo
X-Rewrite-Enabled
X-Served-From
X-Varnish-Cache-Hits
X-Proxy-Build
X-Origin
X-SaId
X-JoinUs
X-Cache-Debug
Selected-Fe
Section-Io-Id
X-AWS-Id
ServedBy
Accept-Language
X-Detected-As
X-VWS-Id
X-Director
Mn-Server-Ip
X-Soup
X-Timing-Wait
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-LJ-Flow-ID
X-Cluster
X-Extlb
X-Cms-Context
X-Format
X-SayCDN-TTL
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
Node
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-Privacy
Web-Mar-Node
X-Adobe-Source
Apigw-Requestid
Webcakes-Region
X-Say-TTL
Webcakes-App-Name
X-BYPASS-REASON
Xserver
X-TT-LOGID
X-Restarts
X-Redis-Cache
X-Routing-Service
TWC-Connection-Speed
X-Worker
X-Web-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Httpd
X-Logging-Id
X-Lambda-Id
X-No-Session
X-Origin-Hint
X-Proxied
X-PHP-Host
X-Zipkin-Id
X-Use-Mantle
X-Say-Cacheable
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Tcp-Rtt
X-RCS-CacheZone
X-IPLB-Request-ID
X-Drupal-Cache-Tags
X-Platform-Cluster
X-Locale
X-IPLB-Instance
X-GeoCountry
X-GeoCode
X-Geo-Region
X-Loop
X-Tncms
X-RM-Cache-TTL
X-Platform-Processor
X-Varnish-Age
X-Varnish-Beresp-Grace
X-VCT
X-Is-Supported-Browser
X-Skip-Cache
X-Browser-Name
X-Site-Version
X-Is-Desktop
X-Is-Tablet
X-Is-Mobile
X-AB
X-S
X-Platform-Router
DB-Nickname
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Http-Reason
Azure-Version
Azure-SlotName
X-Git-Commit
X-Drupal-Cache-Contexts
X-Cache-Host
X-Generation-Time
X-Fetched-On
X-Cache-Server
X-Vercel-Id
X-Webstats-RespID
X-R9-Blue-Green-Version
X-Reqid
X-Tb
X-Container-Uri
X-Vercel-Cache
X-Provided-By
X-Frame-Option
X-Ms-Request-Id
X-Server-W
X-Vcache
X-Ms-Version
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-CachedAt
CDN-Cache
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
CDN-Uid
CDN-RequestPullSuccess
X-Uri
X-Sucuri-Cache
X-MP-GENERATED-AT
X-Origin-Date
WP-Super-Cache
X-Sucuri-ID
Fastcgi-Useragent
X-DynaTrace
Source
X-Vcl-Version
X-XRDS-Location
Cache-Tv-Group
X-Cdn-Origin
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
Cross-Origin-Embedder-Policy-Report-Only
Content-Secure-Policy
X-Generated-By
X-FB-TRIP-ID
Priority
Atl-Traceid
X-SRV
X-Xrds-Location
X-Pass-Why
X-Sql-Count
X-Sql-Duration-Ms
Onion-Location
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
Sid
X-Buckets
X-Content-Age
Thinkindot-CacheControl
TDXMobile
X-Scope-Id
X-Shield-Cache-Expires
Cross-Origin-Window-Policy
Thinkindot-Control
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Thinkindot-L3
Cache
HostName
X-DataDome
X-Cluster-Node
X-Newrelic-Synthetics
X-LSADC-Cache
X-Proxy-Cache-Status
X-WP-CF-Super-Cache-Cookies-Bypass
WZWS-RAY
X-GEO
X-Optimistic-Header
X-Cache-Action
X-Varnish-Beresp-Ttl
X-Cache-Expired-At
S-Rt
X-Ua
X-Via-CDN
Expiry
X-Via-Edge
X-Dc
X-Via-SSL
Edge-Copy-Time
X-Connection-Hash
User-Cache-Control
MD5-Digest
Magicmarker
Meta-Geo-Continent
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
Candidate-Md5Url
CDCHOST
DCR-Decision-By
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
A
Apple-News-Services-Handled
L
Gannett-Cam-Experience-Id
Lang
X-A-Wwc
X-External-Request-Id
X-Epic-Correlation-Id
X-Instance-Name
X-Op-Id-All
X-Platform
X-PAYTM-SRV-ID
X-Ec-GeoHdr
X-Ec-Fail
X-Destination
X-D
X-Developer
X-Dispatcher-Server
X-Ec-Custom-Error
X-Request-Start
X-Rojux
X-Vdms-Path
X-Varnish-Hostname
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-TIM-N
X-SRCache-Key
X-SB
X-S-Cookie
X-Scheme
X-ScT
X-Section
X-Conf
X-Cache-NE
Server-Hostname
Server-Host
Sever-Int
Sslversion
Surrogated-Key
Server-Ext
Req-ID
Origin
Ngx.Var.Host
Origin-Agent-Cluster
Redirect-Candidate
Rendered-Blocks
T-Server
Vix-Hermes-Req-Id
X-Bc-Bl
X-B-Cookie
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Bucket
X-Application
X-Aed
X-A-Dam
X-A
X-A-Dcw
X-A-Dgt
X-Access
Ngx-Var-Key
X-A-Ccd
X-Azure-Ref-OriginShield
X-TA-CDN-Provider
X-Core-Value
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Clientip
X-Cache-TTL-Remaining
X-Cache-Id
X-Cache-Info
X-Esi-Check
X-Fastly-Cache
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Hnp-Log
X-Generated-On
X-Gen-Mode
X-Forwarded-Site
X-Gdpr
X-Block-Status
X-Bip
Wxu-Next-Hostname
Wxu-Next-Region
Pramga
Wxu-Next-Commit
V-Age
Req-Svc-Chain
Ssr
X-Correlation-ID
X-Acquia-Purge-Cdn-Unconfigured
X-BBC-Edge-Cache-Status
X-Human
X-B3-Trace-ID
X-Auto-Login
X-AK-Request-ID
X-Amz-Meta-Cb-Modifiedtime
Release
X-Loc
X-UA-Device-Type
X-Varnish-Beresp-Status
X-Varnish-Director
X-Thanos
X-TH-Server
X-Sigma
X-Sigma-Backend
X-Varnishpool
X-VG-TLSProxy
X-Zen-Fury
Yak-Timeinfo
X-ND-Cache
X-We-Are-Hiring
X-WA-Info
X-VG-WebCache
X-VServer
X-SD-PageType
X-Rocket-Build-Number
X-NCache
X-Nginx-Cache-Key
X-NMSegId
X-Moov-Xdn-Version
X-Moov-T
NM-Fastcgi-Cache
X-Mly-Id
X-Node-Id
X-Nyt-Route
X-Req
X-Request-Time
X-Request-URI
X-Pubstack
X-Proxied-Request
X-Origin-Time
X-Pool
X-Level-Front-Cache
X-Gzip
Cdncip
Cdnsip
Fastly-GeoIP-CountryCode
Host-ID
Cache-Provider
Cluster
Content-Script-Type
Fastly-SSL
Environment
DSUID
Content-Style-Type
C-Via
Fastly-Drupal-HTML
X-VCache
X-Origin-Response-Time
X-Service
X-TimeS
X-Datadome
X-Mg-Request-UUID
X-FC-Vary-Parameters
X-CGP
X-Eu-Site
X-Contensis-Viewer-Groups
X-DPWN-IS-SECURE
X-Varnish-Authentication
X-Csrf-Jwt
X-Device-Os
X-Cdn-Srv
X-ApacheServer
Esi-Enabled
X-Aicache-OS
X-VarnishDD-TTL
X-Ad-Load-Variation
X-HN
X-Amz-Storage-Class
PFcat
Country-Code
X-Cache-Date
X-Cache-Aspx
X-Fmm-Version
X-From
X-Old-Content-Length
X-Org
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Server-IP
X-PERF
X-Policy
X-Region-Sid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Adler-Geo
X-SVT-ORM-RULES
X-Micro-Cache
X-Geo-Header
X-GeoIP
X-V-Cache
X-Var-Ttl
X-Request-Host
X-GeoIP-City
X-GoCache-CacheStatus
X-Men
Canary
X-HS-Content-Campaign-Id
X-SVT-ORM-VERSION
Click-Count-Action-Start
Click-Count-Error
Web-Mar-Region
Tube-Got-Results
True-Client-Country-4JS
Platform
Tube-Get-Contents
W
HA-Ipaddr
Tube-Return
Ha-Gx-Prefs
On-Server
Tube-Got-Eval
Gh-Request-Id
Type
Locid
RNT-Machine
RNT-Time
L5d-Success-Class
Machine
Is-Eu
We-Hiring
Mail-Subject
Producers
Uber-Trace-Id
X-Test
X-Up
X-Hash
Cdn-Request-Time
X-Fastly-Backend
X-Slack-Shared-Secret-Outcome
X-App-Name
X-Wikidot-Backend
Proxy-Firewall
X-Wikidot-Static-Cache
X-Edge-Server
AKAMAI
X-Backend-Instance
Cdn-Host
Cache-Key
X-Branch-Name
X-Sn-Servicetimems
X-Slack-Backend
Cf-Device-Type
X-Proto
X-ECache
X-Date
XM
X-Parent-Response-Time
X-Lagoon
NGX
X-Ratelimit-Reset
X-Accel-Expires-Debug
X-CacheTTL
X-DC
X-RID
X-LB-ID
Fastly-Backend-Name
LB
X-Tx-Id
Pics-Label
X-Irp-Debug
X-API-Version
X-Origin-Expires
X-Ah-Environment
X-Varnish-Hits
X-Cache-Backend
X-Via-Popv
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-COUNTRY
X-HA-Backend
X-Via-Popn
X-Via-Poph
X-Owner
X-UA
Cdn
X-DynaTrace-JS-Agent
IsBot
X-ZONE
X-Core-Mission
X-Refresh
X-NGINX-Cache
X-SIPLIST1
X-CACHE-GROUP
Datacenter
X-LB-NoCache
NtCoent-Length
X-VHOST
X-CDN-Cache-Status
SID
GeoIp-Country-Code
X-Qloud-Router
X-Zone
RATING
X-Use-Magma
Cdn-Requestid
Cache-Hits
Expect-Staple
X-Nc
Server-ID
X-CF-Lambda-Version
X-Wa
N-Cache
X-Via-Fastly
X-Nananana
X-CF-Lambda-Fn
X-Srv
X-Orig-Expires
CloudFront-Viewer-Country
X-Tenant
X-Shop-Environment
X-Forwarded-Path
X-Cache-Type
X-Akamai-Transformed
Xc-Version
X-Ig-Origin-Region
Cmstype
X-B3-Parentspanid
Cmsid
X-TX-ID
X-Fpc
Resin-Trace
X-Location
X-Gamma-Serve
GeoIP-Latitude
Cross-Origin-Opener-Policy-Report-Only
X-Cloudmap
X-Hit
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
CPC-Age
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
CPC-Cache
DataCenter
X-Nf-Request-Id
X-DataCenter
User-Agent
X-Proxy-CacheRZ
X-Cdn-Diag
Uri
X-NewRelic-App-Data
Powered-By
XkeyRZ
X-Vmg-Version
X-Client-Ip
Origin-EX
X-Jungle-Id
Origin-CC
X-Presslabs-Stats
X-URL
X-CUA
X-CS
X-NWS-UUID-VERIFY
X-Amz-Meta-Opti
True-Client-Ip
X-User
X-Info
X-Tt-Logid
X-TIME
Mime-Version
Srv
Fastly-Drupal-Html
Tcn
X-Cached-By
X-Segment-20210421
MIME-Version
Cf-Ipcountry
CacheControlHeader
X-Variation
X-Fastly-Country-Code
True-Client-IP
X-IAuth-Set-Uid
X-Dynatrace-Js-Agent
X-Cdn-Forward
X-LAGOON
X-HostName
X-Geo
CDN
X-Datacenter
X-CACHE-AGE
X-Render-Time
X-Oracle-DMS-ECID
X-Powered-By-VTEX-Cache
X-Varnish-Beresp-TTL
X-VTEX-Cache-Time
X-VTEX-Cache-Server
Load-Balancing
X-LiteSpeed-Cache-Control
X-Webkit-Csp-Report-Only
X-B3-Spanid
X-Wormhole-Sdk
VNS-Age
VNS-Cache
X-Auth-Group-Type
X-Vc
X-HOST
Debug
X-LiteSpeed-Tag
Edge-Cache
X-Dispatch
X-AIR-PT
Ohc-File-Size
X-PDP-UNCACHING-HASH
X-Api-Version
Lb
X-FPC
X-CSRF-TOKEN
Cl-Cache
Hostname
X-Ig-Push-State
X-NC
GeoIP-Country-Code
Odigeo-Trace-Id
X-NodeID
Server-Id
X-MCACHE
X-Dispatcher-Number
X-WA
Ohc-Cache-HIT
X-Cs
X-APP-VERSION
X-Esi
X-Cdn-Cache-Status
X-Litespeed-Tag
X-Vgn-Hpd-Reason
X-Custom-Header
X-Lb-Nocache
Cache-Name
X-Depends
X-PHP-Backend
X-Pad
X-Varnish-CookieINHashed-On
X-Mid
X-Varnish-CookieHashed-On
X-DefElseHash
X-Varnish-Remaining-TTL
X-DefHash
X-ServedByHost
X-Cache-Ttl
X-Via-PopN
X-Via-PopV
X-Fastly-Backend-Reqs
PICS-Label
CountryCode
X-Via-PopH
X-VC-TTL
X-M-Reqid
X-Ha-Backend
X-M-Log
X-Srcache-Store-Status
Ms-Author-Via
X-Srcache-Fetch-Status
X-Litespeed-Cache-Control
X-VCL-Version
Xkey-La3
Xkeylog
X-Cdn-Request-ID
X-Proxy-Cache-La3
BehaviorPad-Version
X-Lb-Id
X-MSEdge-Features
X-Sorting-Hat-Podid
X-MSEdge-Flight
X-MiniProfiler-Ids
X-Sorting-Hat-Shopid
X-Shardid
X-Akamai-Pragma-Client-IP
X-Shopid
X-Snapshot-Date
FSS-Cache
X-Cache-FS-Status
Memory
OriginIP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Enabled
Geoip-Latitude
Epwk-X-Cache
X-APP
X-Acquia-Site
X-Web-Server
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Time
Memcached
Ngx
X-RequestId
X-Cache-Version
Warning
X-Requestid
Cloudfront-Viewer-Country
X-Serial
X-Udemy-Cache-App-Namespace
X-FL-QIT-DEBUG
X-FL-EDGE
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
YJS-ID
CF-Cached-On
X-Sucuri-Id
Sm-Log-Id
X-Check-Cacheable
Srvid
Server-Info
Akamai-Cache-Status
X-Mg-Cache
X-Dw-Trace-Id
X-Lsadc-Cache
X-Service-Response-Time
Location