Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
CF-Ray
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
Cf-Edge-Cache
Allow
X-Backend
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-WebKit-CSP
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Readtime
X-Server-Id
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Cache-Lookup
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-ECACHE
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
Nginx-Cache
X-PC
X-TtlSet
X-Vname
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
Verso
X-Element-Page-Cache
X-Cnection
X-Times
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Ruxit-Js-Agent
SPIisLatency
SPRequestDuration
X-Ac
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Abt-Application-Version
X-Ser
X-Vcap-Request-Id
X-NWS-LOG-UUID
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-B3-TraceId
X-RateLimit-Remaining
X-NF-Request-ID
AR-CACHE
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Mg-S
X-Server-ID
X-VARITI-CCR
S
Pagespeed
X-Sol
Display
X-Client-IP
X-Middleton-Display
Edge-Cache-Tag
X-Cache-Key
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
X-Ttl
Cache-Status
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Recruiting
X-ARC
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Varnish-TTL
Origin-Trial
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
MicrosoftSharePointTeamServices
TP-Cache
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-Accel-Expires
X-Shield-Request-Id
X-Cached
X-Hits
Front-End-Https
Cross-Origin-Resource-Policy
Public-Key-Pins
X-Id
MS-Author-Via
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-Ua-Browser
X-DIS-Request-ID
X-Request-Received
X-Request-Processing-Time
X-Forwarded-Proto
Payment
X-Frontend
X-Webkit-Csp
X-FastCGI-Cache
X-LLID
X-HP-Trace-Id
X-HP-Webp
Realpath
X-Jurisdiction
X-Fastcgi-Cache
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-ORACLE-DMS-RID
X-Distributor
Cache-Tags
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Ratelimit-Limit
X-Microsite
X-Request-Handler-Origin-Region
X-TTL
X-RateLimit-Limit
Referer-Policy
Count-Hit
X-Kong-Upstream-Latency
X-Page-Id
X-Kong-Proxy-Latency
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Activity-Id
X-Hostname
X-Az
X-AppVersion
X-Debug-Info
X-Cluster-Name
X-NGENIX-Cache
X-Www-Served-By
Host
X-Varnish-Backend
X-Geo-Country
X-F-Cache
X-Varnish-Server
Fastcgi-Cache
Accept-Charset
X-Correlation-Id
X-Envoy-Decorator-Operation
X-App-Server
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-Ua-Device
X-XRDS-LOCATION
X-FB-Debug
X-Varnish-Ttl
X-Goog-Metageneration
Retry-After
Access-Control-Allow-Method
X-Git-Hash
X-CSRF-Token
X-Upgrade-Enabled
X-Ezoic-Cdn
X-Load-Cache
X-Webkit-CSP
X-Content-Options
X-Fastly-Request-Id
X-RateLimit-Reset
X-Seen-By
Server-Name
X-Px
X-Revision
X-Contextid
X-Datadog-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Request-Guid
Section-Io-Cache
X-Cache-Control
X-Trace-Id
Charset
X-Type
TCN
X-Amz-Meta-S3cmd-Attrs
X-B
X-Oracle-Dms-Ecid
X-B3-Sampled
Cleartype
X-Grace
X-TT
DC
Paypal-Debug-Id
X-B-Cache
X-Signature
Healthy
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Whom
X-App-Environment
X-TEC-API-ORIGIN
X-Fb-Rlafr
X-Wix-Request-Id
X-Node-Name
X-Rid
X-WebKit-CSP-Report-Only
X-Newrelic-App-Data
X-Origin-Cache
X-Kinja-CCPA
X-Mobile
Frame-Options
X-Amz-Replication-Status
X-Magnolia-Registration
X-Azure-Ref
X-Proxy
Accept-Ch
X-Oracle-Dms-Rid
X-Goog-Generation
X-EdgeConnect-Cache-Status
X-Goog-Stored-Content-Length
X-Ratelimit-Remaining
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Fastly-Request-ID
X-Flags
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Logged-In
X-N
Filterid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Language
X-Air-Pt
Content-Disposition
Akamai-GRN
Backend
NGB
X-App-Version
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Is-Bot
Upgrade-Insecure-Requests
X-Rendered-As
X-Cache-Age
X-Template
X-Time
X-ProcessESI
MS-CV
X-RemovedCookies
Ms-Operation-Id
Viewport
X-Debug-IsPreview
X-Debug-IsConnected
X-Datadog-Sampled
X-Proxy-Cache-Info
SD-X-WS
X-RTag
X-Servername
X-Varnish-Grace
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Unique-Id
Refresh
X-Tumblr-Pixel
Liferay-Portal
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-FW-Dynamic
X-Adobe-Content
X-Debug
X-Adobe-Loc
X-FW-Server
X-FW-Hash
X-Instance
X-IPS-LoggedIn
X-UUID
X-FW-Type
X-FW-Version
X-FW-Static
X-Amzn-Remapped-Content-Length
X-FW-Serve
X-L-Path
X-Region
X-NYM-Debug-Backend
X-Environment-Context
Fastly-SIE
Fastly-SWR
X-G
X-Cache-Grace
X-Cacheable-TTL
X-User-Agent
X-B3-Traceid
X-Device-Type
X-Backend-Name
X-Hl-Ver
From-Origin
Country
X-Cache-Hit
X-Rule
X-Status
ServerID
Url
X-Jobs
X-Via-JSL
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-VC-Cache
X-INCAP-ABP
X-B3-SpanId
X-Origin-CC
X-Origin-TTL
Countrycode
WPO-Cache-Message
X-Tec-Api-Root
X-Tec-Api-Origin
WPO-Cache-Status
X-Tec-Api-Version
X-Page-View
Alternate-Protocol
X-Air-Source
X-HTML-Minification-Powered-By
X-Air-Hostname
X-Air-Trace-Id
X-Cache-Status-Check
Version
Surrogate-Key
X-NODE
X-Hosted-By
X-Source
X-Akamai-Request-ID2
X-Content-Powered-By
X-Nginx-Cache
GEO-INFO
CDN-RequestId
X-WP-CF-Super-Cache-Active
Amp-Access-Control-Allow-Source-Origin
Protected
X-Rocket-Nginx-Serving-Static
SRV
X-Storage
X-Akamai-Edgescape
X-Accel-Version
OT-Force-Account-Verify
Access-Control-Request-Headers
X-VC
X-Real-IP
X-Http-Reason
X-Framework
X-Edge-Location
X-CDN-Forward
CF-IPCountry
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
Front
X-Mode
X-ServerID
X-Use-Mantle
X-Cache-Operation
X-Rn-Rsrv
X-Cache-Time
X-Upstream-Ct
X-UPSTREAM-Address
Webserver
Accept-Language
X-Upstream-Ht
Filters
X-Xfnlog-Site
X-Rewrite-Enabled
Meta-Geo
Selected-Fe
Cross-Origin-Embedder-Policy
ServedBy
X-Timing-Wait
X-Director
X-Proxy-Build
X-Varnish-Cache-Hits
X-Origin
X-LJ-Flow-ID
X-Tumblr-Pixel-2
X-Soup
X-VWS-Id
X-JoinUs
X-SaId
X-Cache-Debug
X-Served-From
X-Detected-As
Xet-Cookie
X-Tumblr-Pixel-3
X-AWS-Id
Mn-Server-Ip
X-Httpd
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Web-Mar-Node
TWC-Privacy
X-ProxyCache-Status
Property-Id
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Routing-Service
X-Restarts
Webcakes-App-Name
X-Labrador-Cache-Channel
X-Redis-Cache
Webcakes-Region
X-Extlb
X-Endurance-Cache-Level
X-Cms-Context
X-Logging-Id
X-Format
X-Handled-By
X-Lambda-Id
X-No-Session
X-Cluster
X-ProxyCache-Key
X-Adobe-Source
Apigw-Requestid
X-BYPASS-REASON
X-Proxied
X-Origin-Hint
X-PHP-Host
Webcakes-App-Version
Node
Xserver
Section-Io-Id
X-Zipkin-Id
X-Worker
X-Web-Node
X-IPLB-Instance
X-Locale
X-RCS-CacheZone
X-Geo-Region
X-Loop
X-Browser-Name
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Desktop
X-IPLB-Request-ID
X-AB
X-VCT
X-GeoCountry
X-Server-W
X-Varnish-Beresp-Grace
DB-Nickname
X-Site-Version
Azure-SiteName
Azure-Version
X-Skip-Cache
X-Tncms
X-GeoCode
X-RM-Cache-TTL
X-Tcp-Rtt
Azure-InstanceId
X-Varnish-Age
Azure-RegionName
X-S
Azure-SlotName
X-Cache-Server
X-DynaTrace
X-Cache-Host
X-Fetched-On
X-Git-Commit
X-Generation-Time
X-Container-Uri
X-Drupal-Cache-Tags
X-Vercel-Id
X-R9-Blue-Green-Version
X-Reqid
X-Platform-Router
X-Vercel-Cache
X-Tb
X-Platform-Processor
X-Platform-Cluster
X-Forwarded-Host
X-Frame-Option
X-Ms-Request-Id
X-Webstats-RespID
X-Provided-By
X-Uri
X-Ms-Version
X-Drupal-Cache-Contexts
X-TT-LOGID
X-Vcache
X-MP-GENERATED-AT
CDN-Uid
X-Alternate-Cache-Key
CDN-Cache
X-Storefront-Renderer-Rendered
X-Shopify-Stage
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-PullZone
X-Origin-Date
X-XRDS-Location
Cache-Tv-Group
WP-Super-Cache
X-ShardId
X-Sorting-Hat-ShopId
X-Sucuri-Cache
X-ShopId
Source
X-Sorting-Hat-PodId
Fastcgi-Useragent
X-Sql-Duration-Ms
X-Sql-Count
X-Sucuri-ID
X-FB-TRIP-ID
Priority
Content-Secure-Policy
X-Cdn-Origin
Cross-Origin-Embedder-Policy-Report-Only
X-Generated-By
X-Vcl-Version
X-Xrds-Location
Onion-Location
Sid
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Pass-Why
X-Content-Age
X-Newrelic-Synthetics
X-Buckets
Atl-Traceid
WZWS-RAY
X-SRV
Thinkindot-CacheControl
X-Scope-Id
X-Thinkindot-L3
Thinkindot-Control
TDXMobile
X-CMSURLCustom
S-Rt
Thinkindot-CacheControl-Type
X-Cluster-Node
X-Shield-Cache-Expires
HostName
X-Proxy-Cache-Status
X-LSADC-Cache
Cache
Cross-Origin-Window-Policy
X-DataDome
X-Varnish-Beresp-Ttl
X-Cache-Action
X-Cache-Expired-At
X-WP-CF-Super-Cache-Cookies-Bypass
X-GEO
X-Via-Edge
X-Via-CDN
X-Via-SSL
Edge-Copy-Time
X-Ua
X-Optimistic-Header
User-Cache-Control
Expiry
X-Connection-Hash
X-Section
X-Scheme
X-ScT
X-SRCache-Key
X-TIM-N
DCR-Decision-By
Apple-News-Services-Request-Url
Candidate-Md5Url
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
A
Apple-News-Services-Handled
Lang
DCR-Processing-Time-Ms
X-Vdms-Version
X-Vdms-Path
X-Viewer-Country
X-Vtex-Remote-Cache
Gannett-Cam-Experience-Id
L
X-Varnish-Hostname
X-Op-Id-All
X-D
Vix-Hermes-Req-Id
X-Conf
X-A
X-A-Ccd
X-Destination
X-Developer
Surrogated-Key
T-Server
X-Dispatcher-Server
Type
X-Cache-NE
X-A-Dam
X-Application
X-A-Dgt
X-Aed
X-A-Wwc
X-B-Cookie
X-A-Dcw
X-Cache-Bucket
X-Bl-Debug
X-BCube-Filmed-By
X-Bc-Bl
Sslversion
Sever-Int
Ngx.Var.Host
X-Platform
X-PAYTM-SRV-ID
Origin
X-Access
Ngx-Var-Key
X-Request-Start
MD5-Digest
X-S-Cookie
Meta-Geo-Continent
X-Rojux
Origin-Agent-Cluster
X-Instance-Name
X-Ec-Fail
X-Ec-Custom-Error
Server-Ext
Server-Host
Req-ID
Rendered-Blocks
Redirect-Candidate
X-External-Request-Id
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-SB
Server-Hostname
Fastly-Drupal-HTML
X-Correlation-ID
X-VCache
X-TimeS
X-Datadome
X-NMSegId
X-Node-Id
Ssr
V-Age
X-Nyt-Route
X-NCache
Wxu-Next-Region
X-Moov-Xdn-Version
Wxu-Next-Hostname
Wxu-Next-Commit
X-Origin-Time
X-Nginx-Cache-Key
X-Proxied-Request
X-Rocket-Build-Number
X-Request-URI
X-SD-PageType
X-Sigma
X-Dc
X-Sigma-Backend
NM-Fastcgi-Cache
X-Request-Time
X-Pubstack
X-Moov-T
Release
Pramga
X-Req
X-Pool
X-Acquia-Purge-Cdn-Unconfigured
X-Clientip
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Cache-TTL-Remaining
X-Gzip
X-Core-Value
X-Gen-Mode
X-Fastly-Cache
X-Esi-Check
X-Forwarded-Site
X-Debug-Cache-Store
X-Gdpr
X-Debug-Cache-Fetch
X-TA-CDN-Provider
X-Cache-Info
X-Level-Front-Cache
X-B3-Trace-ID
X-Loc
X-Auto-Login
Host-ID
X-Amz-Meta-Cb-Modifiedtime
X-BBC-Edge-Cache-Status
X-Bip
X-Hnp-Log
X-Cache-Id
X-Branch-Name
X-Block-Status
X-Human
X-Mly-Id
Req-Svc-Chain
Cluster
X-Varnish-Beresp-Status
X-Varnish-Director
Content-Script-Type
Content-Style-Type
X-Thanos
X-UA-Device-Type
X-VG-TLSProxy
X-VG-WebCache
X-We-Are-Hiring
X-Zen-Fury
Magicmarker
X-WA-Info
X-VServer
Cache-Provider
C-Via
DSUID
X-Varnishpool
Fastly-SSL
Fastly-GeoIP-CountryCode
X-TH-Server
Environment
X-Origin-Response-Time
X-Service
X-Mg-Request-UUID
X-Men
Gh-Request-Id
X-SVT-ORM-VERSION
X-Irp-Debug
X-SVT-ORM-RULES
Adler-Geo
X-ApacheServer
Locid
X-Mvc-Supplant-Cachable
Canary
Mail-Subject
Machine
X-Ad-Load-Variation
Cdncip
X-Aicache-OS
X-HS-Content-Campaign-Id
X-From
Yak-Timeinfo
X-Contensis-Viewer-Groups
X-Fmm-Version
X-Device-Os
X-ND-Cache
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-Geo-Header
X-GeoIP
X-Cache-Date
Web-Mar-Region
X-Cache-Aspx
Is-Eu
X-GoCache-CacheStatus
X-GeoIP-City
X-Cdn-Srv
X-AK-Request-ID
Cdnsip
X-Micro-Cache
X-PERF
Country-Code
RNT-Time
X-Org
X-Var-Ttl
X-Server-IP
X-Old-Content-Length
X-Varnish-Authentication
RNT-Machine
X-V-Cache
Esi-Enabled
X-Request-Host
On-Server
Platform
Producers
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Region-Sid
True-Client-Country-4JS
X-Policy
Tube-Got-Eval
Uber-Trace-Id
Tube-Got-Results
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
We-Hiring
Tube-Return
W
X-Mvc-Supplant-OutputCached
X-Use-Magma
X-Azure-Ref-OriginShield
Proxy-Firewall
X-Amz-Storage-Class
PFcat
X-Up
X-Csrf-Jwt
X-Eu-Site
X-Ratelimit-Reset
AKAMAI
X-Wikidot-Backend
X-VarnishDD-TTL
X-Fastly-Backend
X-Slack-Backend
X-Wikidot-Static-Cache
X-HN
Cdn-Host
Cdn-Request-Time
Ha-Gx-Prefs
X-Test
X-Hash
X-Proto
HA-Ipaddr
L5d-Success-Class
Cf-Device-Type
Cache-Key
X-Edge-Server
X-CGP
X-App-Name
X-Slack-Shared-Secret-Outcome
X-DC
X-Sn-Servicetimems
X-Parent-Response-Time
X-Backend-Instance
Pics-Label
X-LB-ID
X-CacheTTL
X-Accel-Expires-Debug
X-Ah-Environment
NGX
X-Date
Fastly-Backend-Name
X-ZONE
X-COUNTRY
X-Owner
X-HA-Backend
X-Core-Mission
XM
X-Via-Popv
X-Via-Popn
X-Tx-Id
IsBot
X-SIPLIST1
X-Via-Poph
LB
X-Varnish-Hits
X-Servedbyhost
X-Cache-Backend
X-API-Version
X-Origin-Expires
X-CACHE-GROUP
Cdn
X-DynaTrace-JS-Agent
X-Srv
X-Refresh
NtCoent-Length
X-Nf-Request-Id
X-Qloud-Router
X-LB-NoCache
X-Tb-Optimization-Total-Bytes-Saved
X-VHOST
Datacenter
X-Lagoon
X-UA
RATING
Expect-Staple
N-Cache
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-NGINX-Cache
Cdn-Requestid
GeoIp-Country-Code
X-Tenant
Xc-Version
X-CDN-Cache-Status
X-Nc
X-Shop-Environment
X-Cache-Type
X-Forwarded-Path
X-Orig-Expires
X-ECache
Server-ID
X-Wa
X-Gamma-Serve
Cmsid
Cmstype
SID
X-RID
CloudFront-Viewer-Country
X-Nananana
Cross-Origin-Opener-Policy-Report-Only
X-Zone
CPC-Cache
CPC-Age
X-Via-Fastly
X-TX-ID
X-Fpc
Cache-Hits
Resin-Trace
X-Vmg-Version
DataCenter
Uri
X-B3-Parentspanid
X-Cdn-Diag
GeoIP-Latitude
X-Hit
X-Ig-Origin-Region
X-Location
User-Agent
X-Proxy-CacheRZ
XkeyRZ
X-Akamai-Transformed
X-Tt-Logid
X-Client-Ip
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-LAGOON
X-Presslabs-Stats
Fusion-Component-Id
X-URL
Fusion-Deployment-Id
X-Cloudmap
CacheControlHeader
X-Amz-Meta-Opti
X-Info
Powered-By
True-Client-Ip
X-Variation
X-TIME
X-Fastly-Country-Code
X-Datacenter
Tcn
X-CS
X-CUA
Origin-EX
Origin-CC
X-DataCenter
Mime-Version
MIME-Version
X-B3-Spanid
X-Jungle-Id
X-HostName
X-NewRelic-App-Data
X-IAuth-Set-Uid
X-NWS-UUID-VERIFY
True-Client-IP
X-Cached-By
X-User
X-CACHE-AGE
Fastly-Drupal-Html
X-Geo
X-Dynatrace-Js-Agent
X-AIR-PT
X-Api-Version
Load-Balancing
Srv
VNS-Age
Lb
Cf-Ipcountry
X-Segment-20210421
VNS-Cache
X-Cdn-Forward
X-Render-Time
X-LiteSpeed-Tag
Debug
X-Vc
X-HOST
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
CDN
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Webkit-Csp-Report-Only
Hostname
X-Auth-Group-Type
Ohc-File-Size
X-Wormhole-Sdk
X-CSRF-TOKEN
Cl-Cache
X-Dispatcher-Number
Edge-Cache
Cache-Name
X-FPC
X-Dispatch
GeoIP-Country-Code
X-MCACHE
Ohc-Cache-HIT
Server-Id
X-Esi
X-WA
X-Cdn-Cache-Status
X-NC
X-Ig-Push-State
X-Litespeed-Tag
Odigeo-Trace-Id
X-NodeID
X-Cs
X-Oracle-DMS-ECID
X-Mid
X-Lb-Nocache
X-Custom-Header
X-ServedByHost
X-VCL-Version
X-Vgn-Hpd-Reason
X-APP-VERSION
X-Cache-Ttl
BehaviorPad-Version
CountryCode
X-PHP-Backend
X-MSEdge-Features
X-MSEdge-Flight
X-Fastly-Backend-Reqs
X-Depends
Ms-Author-Via
X-Pad
X-Litespeed-Cache-Control
X-Cdn-Request-ID
X-DefElseHash
X-DefHash
Xkeylog
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Cache-Enabled
X-Varnish-Remaining-TTL
X-Via-PopV
X-Via-PopN
X-Lb-Id
X-Proxy-Cache-La3
Xkey-La3
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
X-Via-PopH
X-Ha-Backend
X-Acquia-Site
X-VC-TTL
X-M-Reqid
PICS-Label
X-Acquia-Purge-Tags
X-M-Log
YJS-ID
OriginIP
X-IN-APIGATEWAY
Server-Info
Location
Ngx
FSS-Cache
X-Snapshot-Date
X-Acquia-Application-UUID
Srvid
X-IN-APIGATEWAYSSL
X-FL-QIT-DEBUG
Memcached
Memory
Time
X-Acquia-Application-Trace
X-FL-EDGE
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Cache-Version
X-Shopid
My-App
CF-Ctrl
Warning
X-Internal-Host
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Serial
X-Check-Cacheable
X-Mg-Cache
X-Service-Response-Time
X-Dw-Trace-Id
X-Web-Server
Sm-Log-Id
X-Udemy-Cache-App-Namespace
X-Sucuri-Id
CF-Cached-On
X-Th-Server
Geoip-Latitude
Akamai-Cache-Status
X-RequestId
X-Lsadc-Cache