Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
Accept-CH-Lifetime
X-Drupal-Cache
X-Cache-Status
X-Ua-Compatible
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Railgun
EagleEye-TraceId
X-WebKit-CSP
Permissions-Policy
X-OneAgent-JS-Injection
X-CST
X-Aws-Lambda-Call-Status
X-Backend-Server
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
Request-Id
X-Cache-Lookup
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Litespeed-Cache
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Ruxit-JS-Agent
X-Trace
Service-Worker-Allowed
X-Content-Type
X-Clacks-Overhead
X-Url
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
X-Edge
X-Amz-Server-Side-Encryption
Rating
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-Midtier
X-Vname
X-TtlSet
X-PC
X-Mcache
Nginx-Cache
X-Mod-Pagespeed
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-Server-Name
Edge-Control
X-ESI
X-NWS-LOG-UUID
X-Browser-Type
X-Cnection
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Ac
SPIisLatency
SPRequestDuration
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Ser
X-RateLimit-Remaining
X-B3-TraceId
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-GitHub-Request-Id
X-NF-Request-ID
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Ttl
X-Mg-S
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
S
Edge-Cache-Tag
X-Sol
Pagespeed
Display
X-Middleton-Display
X-VARITI-CCR
Fastly-Restarts
X-Client-IP
RTSS
X-Amzn-Trace-Id
X-Cache-Key
X-Cache-TTL
X-Amz-Rid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
Cache-Status
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Server-ID
X-Daa-Tunnel
X-Recruiting
X-Varnish-TTL
Response
X-Middleton-Response
X-ARC
X-Content-Digest
X-Forwarded-For
X-TraceId
X-Webkit-Csp
X-T
Arr-Disable-Session-Affinity
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-MSEdge-Ref
Content-MD5
X-SRCache-Fetch-Status
Cross-Origin-Resource-Policy
X-SRCache-Store-Status
MS-Author-Via
TP-Cache
MicrosoftSharePointTeamServices
Front-End-Https
X-Shield-Request-Id
X-Accel-Expires
X-Hits
X-Cached
X-FastCGI-Cache
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
Public-Key-Pins
X-FTR-Backend
X-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
Server-Node
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-FTR-Expires
X-Forwarded-Proto
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
Payment
X-Frontend
Realpath
X-RateLimit-Limit
X-Protected-By
X-LLID
Origin-Trial
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-ORACLE-DMS-RID
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
X-Fastcgi-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cache-Tags
X-LB-Cache
X-Hostname
X-Amzn-RequestId
X-Microsite
X-Request-Handler-Origin-Region
X-Amz-Apigw-Id
X-Origin-Server
X-Debug-Info
Referer-Policy
Host
X-Page-Id
X-AppVersion
X-B3-TraceId-Primal
X-Az
X-Activity-Id
MRF-Tech
Fastcgi-Cache
Mrf-Cache-Status
Count-Hit
X-Www-Served-By
X-NGENIX-Cache
X-Cluster-Name
X-Envoy-Decorator-Operation
X-Geo-Country
X-Varnish-Backend
X-Correlation-Id
X-Varnish-Server
Accept-Charset
X-App-Server
X-F-Cache
X-XRDS-LOCATION
X-PressLabs-Stats
X-Ratelimit-Limit
X-ORACLE-DMS-ECID
X-Ua-Device
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-FB-Debug
X-TEC-API-ROOT
X-Ezoic-Cdn
X-Fastly-Request-ID
X-Goog-Metageneration
X-RateLimit-Reset
X-Load-Cache
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Px
TCN
X-Git-Hash
X-Seen-By
X-CSRF-Token
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cleartype
X-Contextid
X-Request-Guid
Section-Io-Cache
X-Revision
X-Cache-Control
X-Datadog-Trace-Id
X-Content-Options
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Trace-Id
X-Grace
X-Type
X-B
X-Varnish-Ttl
X-TT
X-B3-Sampled
Paypal-Debug-Id
Healthy
Charset
X-Whom
DC
X-Fb-Rlafr
X-Azure-Ref
X-Oracle-Dms-Ecid
X-TTL
X-Signature
X-Wix-Request-Id
X-B-Cache
X-App-Environment
X-Proxy
X-Mobile
X-Node-Name
X-Origin-Cache
X-Air-Pt
X-Magnolia-Registration
X-N
X-Newrelic-App-Data
Frame-Options
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Accept-Ch
Filterid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Oracle-Dms-Rid
X-Logged-In
X-WebKit-CSP-Report-Only
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Content-Disposition
X-NODE
Backend
NGB
Viewport
Akamai-GRN
X-Response-Served-From
X-Rid
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Rendered-As
X-Language
X-Is-Bot
X-Unique-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Varnish-Grace
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
Ms-Operation-Id
SD-X-WS
MS-CV
Liferay-Portal
X-Datadog-Sampled
X-Time
X-Yottaa-Metrics
X-Servername
X-Hl-Ver
X-ProcessESI
X-RemovedCookies
X-Debug-IsPreview
X-Debug-IsConnected
X-RTag
X-Adobe-Loc
Upgrade-Insecure-Requests
X-FW-Version
X-Backend-Name
X-FW-Type
X-IPS-LoggedIn
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Debug
X-UUID
X-Amzn-Remapped-Content-Length
X-FW-Serve
X-FW-Static
X-Adobe-Content
X-Instance
X-G
X-Cacheable-TTL
X-Via-JSL
X-L-Path
X-Cache-Grace
X-NYM-Debug-Backend
X-Environment-Context
Fastly-SWR
Fastly-SIE
X-Template
X-Proxy-Cache-Info
ServerID
From-Origin
X-User-Agent
X-Region
X-Device-Type
Country
X-Cache-Age
Refresh
X-Rule
X-Cache-Hit
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-B3-SpanId
X-Ratelimit-Remaining
X-Aspnet-Duration-Ms
X-Status
X-VC-Cache
Url
X-INCAP-ABP
Countrycode
Version
X-Source
X-App-Version
X-Webkit-CSP
X-Cache-Status-Check
X-HTML-Minification-Powered-By
GEO-INFO
CDN-RequestId
Alternate-Protocol
X-Jobs
X-Storage
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-WP-CF-Super-Cache-Active
WPO-Cache-Message
WPO-Cache-Status
SRV
X-Kinja-CCPA
OT-Force-Account-Verify
X-Akamai-Request-ID2
X-Content-Powered-By
X-Nginx-Cache
X-Origin-TTL
Surrogate-Key
X-Origin-CC
X-Real-IP
X-Rocket-Nginx-Serving-Static
X-B3-Traceid
Protected
Amp-Access-Control-Allow-Source-Origin
X-Hosted-By
X-Accel-Version
X-ServerID
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-CDN-Forward
X-Tec-Api-Origin
Access-Control-Request-Headers
X-Tec-Api-Root
X-Cache-Time
X-Akamai-Edgescape
X-VC
X-Handled-By
X-Mode
X-Cache-Operation
X-Page-View
X-Framework
X-Edge-Location
X-Cache-Rule
CF-IPCountry
X-XRDS-Location
Webserver
X-Upstream-Ct
X-UPSTREAM-Address
X-Xfnlog-Site
Xet-Cookie
Meta-Geo
Filters
X-TT-LOGID
X-Upstream-Ht
X-Rn-Rsrv
X-Rewrite-Enabled
X-Endurance-Cache-Level
X-AWS-Id
X-Origin
X-Cache-Debug
X-Director
X-JoinUs
X-LJ-Flow-ID
X-VWS-Id
X-Detected-As
Section-Io-Id
X-Soup
X-SaId
Cross-Origin-Embedder-Policy
X-Proxy-Build
X-Served-From
Selected-Fe
Accept-Language
ServedBy
X-Platform-Router
Front
X-Varnish-Cache-Hits
X-Platform-Processor
X-Platform-Cluster
X-Tumblr-Pixel-3
X-Timing-Wait
X-Tumblr-Pixel-2
X-Origin-Hint
Property-Id
TWC-Device-Class
TWC-Connection-Speed
X-PHP-Host
X-Proxied
X-Lambda-Id
X-Redis-Cache
X-ProxyCache-Status
X-ProxyCache-Key
Mn-Server-Ip
TWC-GeoIP-Country
Node
TWC-Locale-Group
X-Webstats-RespID
X-Cms-Context
X-Cluster
X-Drupal-Cache-Tags
X-Extlb
X-Web-Node
X-Logging-Id
X-Worker
X-No-Session
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-BYPASS-REASON
X-Adobe-Source
TWC-GeoIP-LatLong
X-Zipkin-Id
X-Say-TTL
X-SayCDN-TTL
X-Use-Mantle
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Routing-Service
X-Is-Mobile
X-Format
X-Locale
X-Is-Desktop
X-Varnish-Age
X-Sucuri-Cache
X-AB
X-VCT
X-Browser-Name
X-Skip-Cache
X-Site-Version
X-Geo-Region
X-Loop
X-Drupal-Cache-Contexts
X-Restarts
X-Varnish-Beresp-Grace
Azure-RegionName
X-Is-Tablet
Azure-SiteName
Azure-InstanceId
X-S
X-Tcp-Rtt
X-RCS-CacheZone
Apigw-Requestid
Azure-SlotName
Azure-Version
X-IPLB-Instance
X-IPLB-Request-ID
X-GeoCode
X-RM-Cache-TTL
X-Is-Supported-Browser
X-Tncms
X-GeoCountry
X-Vercel-Cache
X-Vercel-Id
X-Reqid
X-Tb
X-Httpd
X-Cache-Server
X-Forwarded-Host
X-R9-Blue-Green-Version
X-Generation-Time
X-Fetched-On
X-Container-Uri
X-Git-Commit
X-Ms-Request-Id
X-Origin-Date
X-Frame-Option
Xserver
X-Provided-By
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestPullCode
DB-Nickname
X-Sucuri-ID
CDN-Uid
CDN-RequestPullSuccess
X-Ms-Version
X-Vcache
X-Cache-Host
CDN-CachedAt
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
CDN-Cache
X-Shopify-Stage
X-Server-W
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
WP-Super-Cache
X-ShardId
X-Uri
Atl-Traceid
X-MP-GENERATED-AT
X-Cdn-Origin
X-Http-Reason
X-Vcl-Version
Cross-Origin-Embedder-Policy-Report-Only
Cache-Tv-Group
Source
Fastcgi-Useragent
X-Generated-By
X-Pass-Why
Priority
Content-Secure-Policy
X-FB-TRIP-ID
X-SRV
X-DynaTrace
Sid
Cross-Origin-Window-Policy
X-Scope-Id
X-Shield-Cache-Expires
X-CMSURLCustom
X-Buckets
X-Thinkindot-L3
Onion-Location
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Content-Age
X-LSADC-Cache
X-Sql-Duration-Ms
X-DataDome
X-Sql-Count
X-Azure-Ref-OriginShield
X-Optimistic-Header
X-WP-CF-Super-Cache-Cookies-Bypass
HostName
X-RID
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
X-GEO
X-Xrds-Location
X-Cluster-Node
X-Cache-Action
X-Dc
X-TA-CDN-Provider
User-Cache-Control
X-Connection-Hash
X-Request-URI
WZWS-RAY
Expiry
Server-Ext
Req-ID
Sslversion
T-Server
Surrogated-Key
Sever-Int
Server-Hostname
Server-Host
Ngx.Var.Host
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Vix-Hermes-Req-Id
A
Candidate-Md5Url
DCR-Decision-By
Lang
Magicmarker
Origin-Agent-Cluster
Redirect-Candidate
Origin
Ngx-Var-Key
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
X-Cache-Bucket
X-Platform
X-Request-Start
X-Rojux
X-S-Cookie
X-PAYTM-SRV-ID
X-Op-Id-All
X-External-Request-Id
X-Instance-Name
X-ND-Cache
X-SB
X-Scheme
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-Vdms-Path
X-Varnish-Hostname
X-ScT
X-SRCache-Key
X-TIM-N
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Aed
X-Application
X-B-Cookie
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Bc-Bl
X-BCube-Filmed-By
X-Dispatcher-Server
X-Ec-Custom-Error
X-Ec-Fail
X-Developer
X-Destination
X-Cache-NE
X-Conf
X-D
X-A
X-Bl-Debug
X-Cache-Expired-At
X-UA
L
X-Gzip
X-GeoIP-Country-Code
Host-ID
Locid
X-GeoIP-Region-Code
X-Generated-On
X-Fastly-Cache
X-Forwarded-Site
X-Gdpr
X-Gen-Mode
X-Hnp-Log
X-Human
Cluster
Content-Script-Type
X-NCache
X-Nginx-Cache-Key
X-NMSegId
Content-Style-Type
X-Mly-Id
X-Level-Front-Cache
X-Esi-Check
Environment
Wxu-Next-Hostname
X-Loc
Fastly-GeoIP-CountryCode
X-Debug-Cache-Store
X-Auto-Login
X-Amz-Storage-Class
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Bip
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
Wxu-Next-Region
Wxu-Next-Commit
X-Access
X-Acquia-Purge-Cdn-Unconfigured
V-Age
Ssr
X-Block-Status
X-Core-Value
X-Clientip
Pramga
X-Debug-Cache-Fetch
X-Node-Id
Release
X-Cache-TTL-Remaining
X-Correlation-ID
X-Cache-Id
X-Cache-Info
Req-Svc-Chain
NM-Fastcgi-Cache
DSUID
X-Sigma
X-Sigma-Backend
X-TH-Server
X-Thanos
Cdnsip
Fastly-Drupal-HTML
X-Req
X-Request-Time
X-Rocket-Build-Number
X-SD-PageType
X-UA-Device-Type
X-Varnish-Beresp-Status
X-WA-Info
X-We-Are-Hiring
X-Zen-Fury
Yak-Timeinfo
X-VServer
X-VG-WebCache
X-Varnish-Director
X-Varnishpool
X-VG-TLSProxy
X-Lagoon
X-Pubstack
X-Section
Apple-News-Services-Parsed-Url
CDCHOST
X-Proxied-Request
C-Via
X-Pool
X-Origin-Time
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Nyt-Route
Apple-News-Services-Handled
Cdncip
X-Service
X-Via-Edge
X-Datadome
Edge-Copy-Time
X-Via-SSL
S-Rt
X-Via-CDN
X-TimeS
X-Origin-Response-Time
X-Newrelic-Synthetics
X-Moov-T
Fastly-SSL
X-VarnishDD-TTL
X-Micro-Cache
X-Cache-Aspx
X-Branch-Name
X-PERF
X-Backend-Instance
X-Moov-Xdn-Version
X-ApacheServer
X-Org
X-Ad-Load-Variation
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Aicache-OS
X-Cache-Date
X-Policy
X-HN
X-From
X-Fmm-Version
X-FC-Vary-Parameters
X-Request-Host
X-Geo-Header
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-GeoIP
X-Region-Sid
X-HS-Content-Campaign-Id
X-DPWN-IS-SECURE
X-Cdn-Srv
X-Men
X-V-Cache
X-Var-Ttl
X-GoCache-CacheStatus
X-Contensis-Viewer-Groups
X-Device-Os
X-Server-IP
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Authentication
X-GeoIP-City
Tube-Got-Results
Click-Count-Action-Start
Tube-Return
Mail-Subject
Gh-Request-Id
RNT-Machine
Tube-Got-Eval
Country-Code
Adler-Geo
Tube-Get-Contents
Machine
RNT-Time
Uber-Trace-Id
Web-Mar-Region
Canary
Click-Count-Error
PFcat
Is-Eu
We-Hiring
Platform
Cache-Provider
Esi-Enabled
Producers
On-Server
LB
X-API-Version
X-VCache
X-Origin-Expires
Proxy-Firewall
Ha-Gx-Prefs
X-CGP
X-Slack-Backend
True-Client-Country-4JS
W
X-Csrf-Jwt
Cdn-Host
Cdn-Request-Time
XM
X-ECache
Cf-Device-Type
HA-Ipaddr
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Mg-Request-UUID
X-Test
X-Up
X-Eu-Site
X-Proto
X-Edge-Server
L5d-Success-Class
AKAMAI
X-Fastly-Backend
X-Wikidot-Static-Cache
X-App-Name
X-Hash
Cache-Key
X-Wikidot-Backend
X-Mvc-Supplant-OutputCached
X-DC
X-CacheTTL
Fastly-Backend-Name
X-Ua
Type
X-Accel-Expires-Debug
X-Parent-Response-Time
X-Cache-Backend
X-Date
X-LB-ID
X-Tx-Id
X-Varnish-Hits
X-Ah-Environment
NGX
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-URL
X-Via-Popv
Pics-Label
X-HA-Backend
X-Via-Poph
X-Via-Popn
X-COUNTRY
Cache-Hits
X-DynaTrace-JS-Agent
X-NGINX-Cache
X-CACHE-GROUP
NtCoent-Length
X-Irp-Debug
Datacenter
X-Ratelimit-Reset
Cdn
X-Zone
X-Refresh
X-LB-NoCache
X-Owner
X-CDN-Cache-Status
X-Via-Fastly
GeoIp-Country-Code
X-VHOST
X-Client-Ip
X-ZONE
SID
X-SIPLIST1
X-Core-Mission
IsBot
Cdn-Requestid
X-Cloudmap
X-Esi
Server-ID
X-Srv
X-Ig-Origin-Region
X-Nc
X-Location
X-Wa
Fusion-Component-Id
Fusion-Source
X-PDP-UNCACHING-HASH
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
X-Qloud-Router
X-Akamai-Transformed
X-NWS-UUID-VERIFY
X-Fpc
Expect-Staple
X-Nananana
Resin-Trace
X-CF-Lambda-Version
Powered-By
Cross-Origin-Opener-Policy-Report-Only
X-CF-Lambda-Fn
X-TX-ID
X-B3-Parentspanid
N-Cache
GeoIP-Latitude
X-Shop-Environment
X-Hit
Origin-CC
X-Forwarded-Path
Origin-EX
X-Tenant
X-Cache-Type
X-Orig-Expires
Xc-Version
X-CUA
X-Jungle-Id
X-TIME
DataCenter
CloudFront-Viewer-Country
X-CS
X-Proxy-CacheRZ
Uri
X-NewRelic-App-Data
XkeyRZ
X-Nf-Request-Id
Cmsid
X-Gamma-Serve
Cmstype
X-DataCenter
X-User
CPC-Cache
X-Presslabs-Stats
CPC-Age
X-Segment-20210421
X-CACHE-AGE
X-Vmg-Version
User-Agent
X-Amz-Meta-Opti
True-Client-IP
X-Cached-By
X-Cdn-Diag
X-Info
X-Tt-Logid
X-Render-Time
X-IAuth-Set-Uid
X-Wormhole-Sdk
Mime-Version
Fastly-Drupal-Html
True-Client-Ip
MIME-Version
X-VTEX-Cache-Time
Cf-Ipcountry
Debug
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
X-LiteSpeed-Tag
X-Dynatrace-Js-Agent
CDN
Edge-Cache
X-Geo
X-Auth-Group-Type
X-Fastly-Country-Code
X-Vc
X-Dispatch
X-Oracle-DMS-ECID
X-Variation
CacheControlHeader
Srv
Load-Balancing
X-Varnish-Beresp-TTL
X-CSRF-TOKEN
X-Datacenter
Tcn
X-LAGOON
X-LiteSpeed-Cache-Control
X-B3-Spanid
X-Ig-Push-State
X-Cdn-Forward
X-HOST
Hostname
X-HostName
Ohc-File-Size
Odigeo-Trace-Id
X-Use-Magma
X-Webkit-Csp-Report-Only
X-Vgn-Hpd-Reason
X-NodeID
Cl-Cache
X-Custom-Header
VNS-Cache
VNS-Age
X-Cs
X-FPC
X-AIR-PT
X-APP-VERSION
Server-Id
X-PHP-Backend
X-NC
X-WA
X-MCACHE
X-Depends
X-Pad
Ohc-Cache-HIT
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-DefHash
X-DefElseHash
RATING
X-Varnish-Remaining-TTL
X-Lb-Nocache
GeoIP-Country-Code
X-Cdn-Cache-Status
X-VC-TTL
Lb
X-M-Reqid
X-Dispatcher-Number
X-M-Log
X-Litespeed-Tag
X-MSEdge-Features
X-CACHE-KEY
X-MSEdge-Flight
X-ServedByHost
X-Api-Version
X-Cache-Ttl
X-MiniProfiler-Ids
X-Cache-FS-Status
Cache-Name
X-APP
CountryCode
X-Fastly-Backend-Reqs
X-Via-PopN
X-Via-PopV
Geoip-Latitude
X-Via-PopH
PICS-Label
Epwk-X-Cache
X-Ha-Backend
X-Litespeed-Cache-Control
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-VCL-Version
Xkeylog
Xkey-La3
Cloudfront-Viewer-Country
X-Lb-Id
X-Proxy-Cache-La3
X-Snapshot-Date
X-Mid
X-Cdn-Request-ID
Ngx
X-Acquia-Purge-Tags
X-IN-APIGATEWAYSSL
Memcached
Memory
X-IN-APIGATEWAY
OriginIP
X-Akamai-Pragma-Client-IP
X-RequestId
Time
X-Web-Server
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Shardid
X-Sorting-Hat-Shopid
X-Shopid
X-Cache-Version
X-Sorting-Hat-Podid
X-Ramcache
FSS-Cache
Server-Info
X-Th-Server
X-Udemy-Cache-App-Namespace
X-Requestid
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
Sm-Log-Id
X-Dw-Trace-Id
Akamai-Cache-Status
X-Mg-Cache
X-Service-Response-Time
X-Serial
Warning
BehaviorPad-Version
X-Check-Cacheable
CF-Cached-On