Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
X-Request-ID
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Allow
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
EagleId
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Cf-Railgun
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-LiteSpeed-Cache
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
Permissions-Policy
X-Backend-Server
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Cache-Lookup
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-Amz-Server-Side-Encryption
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
Nginx-Cache
X-TtlSet
X-Vname
X-ECACHE
X-Upstream
X-Powered-By-Plesk
Rating
X-ESI
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
X-Cnection
X-Element-Page-Cache
X-Times
Verso
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Ruxit-Js-Agent
X-Ac
SPRequestDuration
SPIisLatency
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-NWS-LOG-UUID
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-NF-Request-ID
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Mg-S
X-VARITI-CCR
X-Client-IP
Display
X-Middleton-Display
X-Sol
Pagespeed
S
Edge-Cache-Tag
X-Cache-Key
X-Ttl
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
X-Goog-Hash
X-Server-ID
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Varnish-TTL
X-ARC
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Webkit-Csp
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
Origin-Trial
X-Daa-Tunnel
Content-MD5
X-MSEdge-Ref
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
TP-Cache
X-Accel-Expires
X-Shield-Request-Id
Front-End-Https
X-Cached
X-Content-Security-Policy-Report-Only
X-Hits
Cross-Origin-Resource-Policy
MS-Author-Via
Public-Key-Pins
X-Id
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Forwarded-Proto
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-DIS-Request-ID
Server-Node
Payment
X-Frontend
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LLID
X-HP-Webp
Realpath
X-HP-Trace-Id
X-Jurisdiction
X-Fastcgi-Cache
X-Protected-By
TP-L2-Cache
X-RateLimit-Limit
X-GUploader-UploadID
X-Distributor
X-LB-Cache
Cache-Tags
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Referer-Policy
X-Page-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-XRDS-LOCATION
X-Activity-Id
X-AppVersion
X-Az
X-Debug-Info
X-Www-Served-By
X-NGENIX-Cache
X-Varnish-Backend
X-Varnish-Server
X-Cluster-Name
Host
Fastcgi-Cache
Count-Hit
Accept-Charset
X-Correlation-Id
X-Envoy-Decorator-Operation
X-App-Server
X-F-Cache
X-Hostname
X-Geo-Country
X-ORACLE-DMS-ECID
X-Ratelimit-Limit
X-Ua-Device
X-PressLabs-Stats
X-TTL
X-FB-Debug
X-Goog-Metageneration
Retry-After
X-RateLimit-Reset
X-Ezoic-Cdn
X-Upgrade-Enabled
Access-Control-Allow-Method
X-CSRF-Token
X-Load-Cache
X-Git-Hash
X-Fastly-Request-Id
X-Seen-By
X-Content-Options
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Varnish-Ttl
Server-Name
X-Px
X-Request-Guid
X-Cache-Control
X-Datadog-Parent-Id
X-Grace
X-Amz-Meta-S3cmd-Attrs
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Section-Io-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Type
Cleartype
X-B
X-Trace-Id
X-Contextid
X-Revision
X-B3-Sampled
Paypal-Debug-Id
X-TT
DC
X-Whom
Charset
Healthy
X-App-Environment
X-Fb-Rlafr
TCN
X-B-Cache
X-Wix-Request-Id
X-Signature
X-Node-Name
X-Mobile
X-Origin-Cache
X-Proxy
Accept-Ch
Frame-Options
X-Azure-Ref
X-Amz-Replication-Status
X-Oracle-Dms-Ecid
X-Newrelic-App-Data
X-Magnolia-Registration
X-WebKit-CSP-Report-Only
X-Fastly-Request-ID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-N
Filterid
X-EdgeConnect-Cache-Status
X-Air-Pt
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Logged-In
X-Language
X-Rid
X-Flags
X-Aspnet-Duration-Ms
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Kinja-CCPA
Content-Disposition
X-Oracle-Dms-Rid
Akamai-GRN
Backend
NGB
X-Response-Served-From
X-Original-Request-Id
X-Template
X-Rendered-As
X-Is-Bot
X-Debug-IsConnected
X-Debug-IsPreview
VIX-Pulpo-Upstream-Status
X-Datadog-Sampled
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Viewport
SD-X-WS
X-Servername
X-RemovedCookies
X-ProcessESI
X-RTag
X-Varnish-Grace
VIX-Pulpo-Node
X-Cache-Age
X-Ratelimit-Remaining
X-Tumblr-User
X-Time
MS-CV
X-Tumblr-Pixel-1
Ms-Operation-Id
X-FW-Serve
Refresh
X-FW-Hash
X-Adobe-Loc
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Amzn-Remapped-Content-Length
X-FW-Dynamic
X-Unique-Id
X-Adobe-Content
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-Instance
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Version
X-IPS-LoggedIn
X-Debug
X-UUID
X-CCDN-CacheTTL
Upgrade-Insecure-Requests
X-G
X-App-Version
X-CCDN-Origin-Time
X-Cache-Grace
Fastly-SIE
X-Backend-Name
X-Hcs-Proxy-Type
Fastly-SWR
X-L-Path
X-Region
X-Cacheable-TTL
X-Hl-Ver
From-Origin
X-User-Agent
X-Environment-Context
X-Device-Type
X-Rule
ServerID
X-Status
X-Via-JSL
Country
X-Cache-Hit
X-B3-SpanId
Url
X-VC-Cache
X-Jobs
X-Webkit-CSP
X-INCAP-ABP
Countrycode
Alternate-Protocol
WPO-Cache-Message
WPO-Cache-Status
X-HTML-Minification-Powered-By
Version
X-Source
X-Cache-Status-Check
X-NODE
X-Air-Hostname
X-Origin-CC
X-Origin-TTL
X-Air-Trace-Id
X-Air-Source
GEO-INFO
X-Akamai-Request-ID2
X-Page-View
Surrogate-Key
X-Hosted-By
X-Content-Powered-By
X-B3-Traceid
X-WP-CF-Super-Cache-Active
CDN-RequestId
Protected
SRV
X-Storage
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Origin
X-Tec-Api-Root
X-Nginx-Cache
X-Akamai-Edgescape
X-Accel-Version
X-VC
OT-Force-Account-Verify
X-CDN-Forward
X-Real-IP
X-Edge-Location
Amp-Access-Control-Allow-Source-Origin
Access-Control-Request-Headers
X-Framework
X-ServerID
X-Use-Mantle
X-Mode
X-Cache-Rule
Xet-Cookie
X-Rn-Rsrv
X-Rewrite-Enabled
X-Http-Reason
Accept-Language
Front
X-UPSTREAM-Address
X-Cache-Time
Meta-Geo
X-Xfnlog-Site
Filters
X-Cache-Operation
X-Upstream-Ht
X-Upstream-Ct
Selected-Fe
X-AWS-Id
X-Cache-Debug
Mn-Server-Ip
X-Handled-By
X-Origin
X-LJ-Flow-ID
X-JoinUs
X-Endurance-Cache-Level
CF-IPCountry
X-Detected-As
Webserver
Cross-Origin-Embedder-Policy
X-Proxy-Build
X-VWS-Id
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Timing-Wait
X-SaId
X-Director
X-Labrador-Cache-Channel
X-Httpd
Section-Io-Id
X-Cluster
ServedBy
X-Extlb
X-Cms-Context
Apigw-Requestid
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Locale-Group
X-No-Session
X-Adobe-Source
X-Varnish-Cache-Hits
Property-Id
TWC-Privacy
Node
Xserver
Webcakes-App-Version
X-Redis-Cache
Webcakes-Region
X-Routing-Service
X-Restarts
X-Served-From
X-Zipkin-Id
Webcakes-App-Name
X-Worker
Web-Mar-Node
X-PHP-Host
X-Soup
X-Proxied
X-Origin-Hint
X-Browser-Name
X-Drupal-Cache-Tags
X-Format
X-Geo-Region
X-BYPASS-REASON
X-Web-Node
X-Forwarded-Host
X-Is-Mobile
X-ProxyCache-Key
X-AB
X-Site-Version
X-Tcp-Rtt
X-SayCDN-TTL
X-ProxyCache-Status
X-S
X-Say-Cacheable
X-RCS-CacheZone
X-Say-TTL
X-Loop
X-Logging-Id
X-Is-Desktop
X-Tncms
X-IPLB-Request-ID
X-IPLB-Instance
X-RM-Cache-TTL
X-Is-Supported-Browser
X-Is-Tablet
X-Locale
X-Varnish-Age
X-Lambda-Id
X-Platform-Cluster
X-Webstats-RespID
X-GeoCountry
X-Tb
X-Git-Commit
X-Skip-Cache
X-Server-W
X-Reqid
X-R9-Blue-Green-Version
X-Platform-Router
X-GeoCode
X-Container-Uri
X-Cache-Server
X-VCT
X-Platform-Processor
X-Varnish-Beresp-Grace
X-Generation-Time
X-Cache-Host
X-Drupal-Cache-Contexts
Azure-InstanceId
DB-Nickname
Azure-Version
Azure-RegionName
Azure-SiteName
X-TT-LOGID
Azure-SlotName
X-Ms-Request-Id
X-Fetched-On
X-Ms-Version
X-Provided-By
X-Vercel-Cache
X-Vercel-Id
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
X-Shopify-Stage
X-Vcache
X-Uri
X-MP-GENERATED-AT
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
CDN-RequestPullSuccess
CDN-Cache
CDN-Uid
X-Frame-Option
X-Origin-Date
X-DynaTrace
X-XRDS-Location
X-Sucuri-Cache
X-Sorting-Hat-PodId
X-ShopId
WP-Super-Cache
X-Sorting-Hat-ShopId
X-ShardId
Fastcgi-Useragent
Source
Cache-Tv-Group
X-Sucuri-ID
X-Vcl-Version
X-Cdn-Origin
Cross-Origin-Embedder-Policy-Report-Only
X-FB-TRIP-ID
Content-Secure-Policy
X-Sql-Duration-Ms
X-Sql-Count
X-Generated-By
Sid
Priority
Onion-Location
Atl-Traceid
Locale
X-Urbn-Site-Id
X-SRV
X-Pass-Why
X-Urbn-Context-Path
X-Content-Age
X-Buckets
X-CMSURLCustom
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Shield-Cache-Expires
X-Scope-Id
X-Thinkindot-L3
Cache
HostName
Cross-Origin-Window-Policy
WZWS-RAY
X-Newrelic-Synthetics
X-Cluster-Node
X-DataDome
X-LSADC-Cache
X-Xrds-Location
S-Rt
X-WP-CF-Super-Cache-Cookies-Bypass
X-Proxy-Cache-Status
X-Cache-Action
X-Via-SSL
X-Via-CDN
X-Cache-Expired-At
X-Varnish-Beresp-Ttl
X-Optimistic-Header
X-Dc
X-Via-Edge
Edge-Copy-Time
X-GEO
Expiry
X-Connection-Hash
User-Cache-Control
X-A-Ccd
Sslversion
Sever-Int
Surrogated-Key
T-Server
Server-Hostname
X-Op-Id-All
X-Vdms-Version
X-Platform
X-A-Dam
X-Instance-Name
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Lang
Magicmarker
DCR-Decision-By
A
Candidate-Md5Url
CDCHOST
X-Vtex-Remote-Cache
X-Correlation-ID
MD5-Digest
Meta-Geo-Continent
Redirect-Candidate
Rendered-Blocks
Req-ID
Server-Ext
X-A-Dcw
Origin-Agent-Cluster
Ngx-Var-Key
Ngx.Var.Host
Origin
Server-Host
X-A
X-Cache-Bucket
X-Vdms-Path
X-Request-Start
X-Ua
X-SB
X-BCube-Filmed-By
X-SRCache-Key
X-S-Cookie
X-Cache-NE
X-External-Request-Id
X-Conf
X-TIM-N
X-Ec-GeoHdr
X-D
X-Epic-Correlation-Id
X-Varnish-Hostname
X-A-Dgt
X-ScT
X-Bc-Bl
X-Bl-Debug
X-Aed
X-Ec-Fail
X-Developer
X-Application
X-Destination
X-B-Cookie
X-A-Wwc
X-Dispatcher-Server
X-Rojux
X-VCache
X-TA-CDN-Provider
X-TimeS
X-Datadome
Host-ID
X-Generated-On
Cdncip
X-Debug-Cache-Fetch
Content-Script-Type
X-Core-Value
Content-Style-Type
X-Debug-Cache-Store
Cluster
Environment
X-GeoIP-Country-Code
X-Gzip
Fastly-SSL
Cdnsip
X-Esi-Check
Vix-Hermes-Req-Id
X-Auto-Login
X-B3-Trace-ID
V-Age
X-Fastly-Cache
Wxu-Next-Commit
Wxu-Next-Hostname
X-AK-Request-ID
X-Access
X-Amz-Meta-Cb-Modifiedtime
X-VServer
Wxu-Next-Region
Type
X-Bip
X-Gdpr
NM-Fastcgi-Cache
X-Clientip
X-Viewer-Country
L
X-Forwarded-Site
X-Varnishpool
X-Block-Status
X-Cache-Id
Pramga
X-Cache-TTL-Remaining
X-Gen-Mode
X-GeoIP-Region-Code
X-Node-Id
X-NMSegId
X-WA-Info
X-Nyt-Route
X-Origin-Time
Cache-Provider
X-Level-Front-Cache
X-Zen-Fury
X-NCache
X-Hnp-Log
X-Nginx-Cache-Key
X-ND-Cache
X-Azure-Ref-OriginShield
X-UA-Device-Type
X-Section
X-Req
X-SD-PageType
X-Scheme
X-Thanos
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-PAYTM-SRV-ID
X-TH-Server
Apple-News-Services-Parsed-Url
X-Ec-Custom-Error
Apple-News-Services-Host
X-Service
Fastly-Drupal-HTML
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
X-Pool
X-Mg-Request-UUID
X-Policy
X-Aicache-OS
X-ApacheServer
X-BBC-Edge-Cache-Status
X-Moov-Xdn-Version
X-Moov-T
X-Mly-Id
X-Proxied-Request
X-PERF
X-GoCache-CacheStatus
X-We-Are-Hiring
Country-Code
X-V-Cache
X-VG-WebCache
True-Client-Country-4JS
Adler-Geo
X-VG-TLSProxy
X-Org
Web-Mar-Region
We-Hiring
X-Old-Content-Length
X-Branch-Name
X-Cache-Aspx
C-Via
X-Request-Host
X-Csrf-Jwt
X-Mvc-Supplant-OutputCached
X-Contensis-Viewer-Groups
Canary
X-Rocket-Build-Number
X-DPWN-IS-SECURE
X-Request-Time
X-Request-URI
X-Device-Os
X-Server-IP
X-CGP
X-Sigma-Backend
X-RateLimit-Limit-Second
X-Cache-Info
X-ECache
X-Pubstack
X-RateLimit-Remaining-Second
X-Mvc-Supplant-Cachable
X-Region-Sid
X-Cdn-Srv
X-Sigma
X-Eu-Site
X-GeoIP-City
W
Esi-Enabled
Yak-Timeinfo
Locid
Release
X-Var-Ttl
L5d-Success-Class
X-HN
X-VarnishDD-TTL
Producers
Machine
X-Varnish-Authentication
DSUID
X-Human
X-From
Platform
X-HS-Content-Campaign-Id
Mail-Subject
PFcat
X-Fmm-Version
Req-Svc-Chain
X-GeoIP
X-Varnish-Director
X-Varnish-Beresp-Status
HA-Ipaddr
X-FC-Vary-Parameters
Gh-Request-Id
Ha-Gx-Prefs
X-Geo-Header
X-Men
RNT-Machine
Ssr
RNT-Time
Is-Eu
Fastly-GeoIP-CountryCode
X-Loc
X-Micro-Cache
X-Origin-Response-Time
X-Cache-Date
X-Slack-Backend
X-Backend-Instance
Cache-Key
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Amz-Storage-Class
X-Wikidot-Static-Cache
X-Wikidot-Backend
Proxy-Firewall
Click-Count-Action-Start
X-Test
X-Up
X-Slack-Shared-Secret-Outcome
X-Proto
X-Hash
AKAMAI
Click-Count-Error
Uber-Trace-Id
Tube-Got-Results
Tube-Return
X-SVT-ORM-RULES
Cf-Device-Type
On-Server
X-Sn-Servicetimems
Tube-Got-Eval
Tube-Get-Contents
X-App-Name
X-Fastly-Backend
X-SVT-ORM-VERSION
X-RID
X-Ah-Environment
XM
X-Date
X-LB-ID
X-CacheTTL
Pics-Label
X-Parent-Response-Time
X-Irp-Debug
X-Accel-Expires-Debug
Fastly-Backend-Name
X-Lagoon
LB
X-Owner
X-Tx-Id
X-API-Version
NGX
X-DC
X-Cache-Backend
X-COUNTRY
X-Varnish-Hits
X-Origin-Expires
X-UA
X-SIPLIST1
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-GROUP
IsBot
X-Core-Mission
X-ZONE
X-DynaTrace-JS-Agent
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-HA-Backend
X-Servedbyhost
X-NGINX-Cache
X-Ratelimit-Reset
X-Refresh
Datacenter
X-VHOST
Cdn
X-LB-NoCache
X-Qloud-Router
RATING
X-CDN-Cache-Status
GeoIp-Country-Code
NtCoent-Length
Cdn-Requestid
X-Use-Magma
X-CF-Lambda-Fn
X-CF-Lambda-Version
N-Cache
Expect-Staple
X-Srv
X-Zone
X-Tenant
Cache-Hits
X-Nananana
X-Wa
X-Nc
X-Forwarded-Path
X-Orig-Expires
X-Shop-Environment
Server-ID
Xc-Version
X-Via-Fastly
SID
X-Cache-Type
Cross-Origin-Opener-Policy-Report-Only
X-Gamma-Serve
Cmstype
Cmsid
X-TX-ID
CloudFront-Viewer-Country
X-Akamai-Transformed
X-Location
X-B3-Parentspanid
X-Fpc
CPC-Age
GeoIP-Latitude
CPC-Cache
Resin-Trace
X-Ig-Origin-Region
X-Hit
DataCenter
Tcn
Fusion-Content-Source
Fusion-Content-Id
X-Vmg-Version
X-Proxy-CacheRZ
X-Cloudmap
Fusion-Component-Id
XkeyRZ
X-Cdn-Diag
User-Agent
Uri
Fusion-Deployment-Id
Fusion-Template-Id
X-Nf-Request-Id
Fusion-Source
X-Client-Ip
X-HostName
X-NewRelic-App-Data
X-Presslabs-Stats
X-URL
X-CS
X-Info
X-Amz-Meta-Opti
X-Tt-Logid
Origin-CC
X-Jungle-Id
Mime-Version
Origin-EX
X-CUA
Powered-By
X-DataCenter
X-TIME
Fastly-Drupal-Html
X-IAuth-Set-Uid
True-Client-Ip
CacheControlHeader
X-Datacenter
X-User
X-Variation
X-Fastly-Country-Code
X-NWS-UUID-VERIFY
X-LAGOON
Cf-Ipcountry
True-Client-IP
MIME-Version
X-CACHE-AGE
X-Segment-20210421
X-Geo
X-Esi
CDN
X-Cached-By
X-AIR-PT
Srv
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
Load-Balancing
X-Render-Time
X-B3-Spanid
X-Cdn-Forward
X-Varnish-Beresp-TTL
Debug
X-Vc
VNS-Cache
X-VTEX-Cache-Time
X-HOST
X-VTEX-Cache-Server
VNS-Age
X-LiteSpeed-Tag
X-Powered-By-VTEX-Cache
X-LiteSpeed-Cache-Control
X-Api-Version
Lb
Edge-Cache
Ohc-File-Size
X-Wormhole-Sdk
X-Webkit-Csp-Report-Only
X-Auth-Group-Type
X-FPC
Hostname
X-CSRF-TOKEN
Cl-Cache
X-MCACHE
X-Ig-Push-State
X-NC
X-Dispatch
X-WA
X-Dispatcher-Number
Ohc-Cache-HIT
Server-Id
GeoIP-Country-Code
X-NodeID
Odigeo-Trace-Id
Cache-Name
X-Vgn-Hpd-Reason
X-APP-VERSION
X-Cs
X-Cdn-Cache-Status
X-Custom-Header
X-Lb-Nocache
X-Litespeed-Tag
X-PHP-Backend
X-Mid
X-Depends
X-ServedByHost
X-PDP-UNCACHING-HASH
X-Pad
X-Cache-Ttl
X-Fastly-Backend-Reqs
CountryCode
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-DefElseHash
X-DefHash
X-Via-PopN
X-Via-PopV
X-Ha-Backend
X-Via-PopH
X-VCL-Version
Ms-Author-Via
X-Litespeed-Cache-Control
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Lb-Id
X-VC-TTL
X-Cdn-Request-ID
PICS-Label
X-M-Log
X-M-Reqid
Xkey-La3
X-MSEdge-Flight
BehaviorPad-Version
X-Proxy-Cache-La3
X-MSEdge-Features
X-MiniProfiler-Ids
Xkeylog
X-Akamai-Pragma-Client-IP
Geoip-Latitude
X-Web-Server
FSS-Cache
X-Snapshot-Date
OriginIP
X-Cache-Enabled
Ngx
X-RequestId
X-IN-APIGATEWAY
X-Acquia-Application-UUID
Time
Memory
Memcached
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
X-IN-APIGATEWAYSSL
X-Shopid
X-Sorting-Hat-Podid
X-Cache-Version
X-Sorting-Hat-Shopid
X-Shardid
Location
X-APP
Warning
X-FL-QIT-DEBUG
Srvid
Epwk-X-Cache
X-Cache-FS-Status
Server-Info
X-FL-EDGE
X-Requestid
X-Sucuri-Id
X-Dw-Trace-Id
Sm-Log-Id
X-Check-Cacheable
X-Serial
X-Service-Response-Time
X-Mg-Cache
X-Udemy-Cache-App-Namespace
CF-Cached-On
X-Lsadc-Cache
X-Th-Server
Akamai-Cache-Status
X-Wp-Cf-Super-Cache-Cookies-Bypass
YJS-ID