Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Device
EagleEye-TraceId
X-WebKit-CSP
Permissions-Policy
X-OneAgent-JS-Injection
X-CST
X-Aws-Lambda-Call-Status
X-Backend-Server
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
Request-Id
X-Cache-Lookup
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Ruxit-JS-Agent
X-Trace
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
X-Edge
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Rating
X-FTR-Request-ID
X-Midtier
X-Vname
X-TtlSet
X-PC
X-Mcache
Nginx-Cache
X-Mod-Pagespeed
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-ESI
X-Server-Name
Edge-Control
X-Browser-Type
X-NWS-LOG-UUID
X-Times
X-Cnection
X-D2id
X-Element-Page-Cache
X-Exp-Id
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
Verso
X-Ac
SPRequestDuration
SPIisLatency
AR-Request-ID
AR-SID
AR-ATIME
X-Ser
AR-PoweredBy
X-RateLimit-Remaining
X-B3-TraceId
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Ttl
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
S
Edge-Cache-Tag
Display
X-Sol
X-Middleton-Display
X-Client-IP
Pagespeed
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
X-Amzn-Trace-Id
RTSS
X-Amz-Rid
X-Cache-TTL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Cache-Status
X-Powered-CMS
X-Version
X-Edge-Location-Klb
X-Kinsta-Cache
Access-Control-Request-Method
X-Goog-Hash
X-Server-ID
X-Recruiting
X-Daa-Tunnel
X-Varnish-TTL
X-Middleton-Response
Response
X-ARC
X-Content-Digest
X-Forwarded-For
X-TraceId
X-Webkit-Csp
X-T
Arr-Disable-Session-Affinity
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-MSEdge-Ref
Content-MD5
X-SRCache-Store-Status
Cross-Origin-Resource-Policy
X-SRCache-Fetch-Status
MS-Author-Via
TP-Cache
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-Accel-Expires
X-FastCGI-Cache
X-Hits
X-Cached
Public-Key-Pins
X-HS-Content-Id
X-HS-Cache-Config
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-HS-Combine-CSS
X-HS-Hub-Id
Server-Node
X-FTR-Balancer
X-FTR-Expires
X-Id
X-Request-Received
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Ua-Browser
X-ORACLE-DMS-RID
X-DIS-Request-ID
X-Forwarded-Proto
Payment
X-Frontend
Realpath
X-LLID
Origin-Trial
X-Protected-By
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
X-Fastcgi-Cache
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tags
X-LB-Cache
X-Hostname
X-XRDS-LOCATION
X-Amzn-RequestId
X-Request-Handler-Origin-Region
X-Microsite
X-Amz-Apigw-Id
X-Origin-Server
X-Debug-Info
Host
X-Page-Id
Referer-Policy
X-Activity-Id
X-AppVersion
X-Ratelimit-Limit
X-Az
Mrf-Cache-Status
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Cluster-Name
MRF-Tech
Count-Hit
X-NGENIX-Cache
X-Www-Served-By
X-B3-TraceId-Primal
X-Varnish-Backend
X-Varnish-Server
X-Geo-Country
X-ORACLE-DMS-ECID
X-Correlation-Id
Accept-Charset
X-App-Server
X-F-Cache
X-PressLabs-Stats
X-Ua-Device
Retry-After
X-FB-Debug
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Fastly-Request-ID
X-Ezoic-Cdn
X-Goog-Metageneration
X-RateLimit-Reset
X-Load-Cache
X-CSRF-Token
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Px
X-Git-Hash
TCN
X-Seen-By
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Tt-Trace-Host
Cleartype
X-Tt-Trace-Tag
X-Request-Guid
X-Revision
X-Contextid
Section-Io-Cache
X-Grace
X-Trace-Id
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Cache-Control
X-Datadog-Sampling-Priority
X-Varnish-Ttl
X-Content-Options
X-B
Paypal-Debug-Id
X-TT
X-B3-Sampled
X-Type
X-Whom
DC
Charset
Healthy
X-Fb-Rlafr
X-Azure-Ref
X-Signature
X-B-Cache
X-Wix-Request-Id
X-Proxy
X-App-Environment
X-Node-Name
X-Mobile
X-Origin-Cache
X-Newrelic-App-Data
X-Magnolia-Registration
X-Air-Pt
Frame-Options
X-Amz-Replication-Status
X-N
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Fastly-Request-Id
Accept-Ch
Filterid
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Ecid
X-TTL
X-WebKit-CSP-Report-Only
X-Logged-In
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Time
Content-Disposition
Backend
NGB
Viewport
X-Response-Served-From
Akamai-GRN
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Oracle-Dms-Rid
X-Original-Request-Id
X-Language
X-Cache-Age
X-Is-Bot
X-Rendered-As
X-Tumblr-User
SD-X-WS
X-Servername
X-Unique-Id
X-RemovedCookies
X-ProcessESI
X-Debug-IsPreview
X-Datadog-Sampled
Liferay-Portal
X-Debug-IsConnected
MS-CV
X-Tumblr-Pixel
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Hl-Ver
X-Yottaa-Metrics
X-Varnish-Grace
X-RTag
X-Backend-Name
X-FW-Hash
X-UUID
X-Debug
X-FW-Version
X-FW-Static
X-FW-Dynamic
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-FW-Server
Upgrade-Insecure-Requests
X-FW-Serve
X-Adobe-Content
X-Adobe-Loc
X-FW-Type
Fastly-SWR
X-L-Path
Fastly-SIE
X-Via-JSL
X-Cache-Grace
X-Cacheable-TTL
X-Environment-Context
X-G
From-Origin
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-Instance
X-Template
X-Device-Type
X-User-Agent
X-Flags
X-Aspnet-Duration-Ms
X-Rule
ServerID
X-Is-Crawler
Country
X-B3-SpanId
X-Ratelimit-Remaining
X-Region
X-Providence-Cookie
X-Route-Name
Refresh
X-Cache-Hit
X-Rid
X-VC-Cache
X-Status
Url
Countrycode
X-INCAP-ABP
Version
X-Source
X-Webkit-CSP
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-App-Version
Alternate-Protocol
X-Jobs
CDN-RequestId
X-Storage
GEO-INFO
X-Air-Hostname
X-WP-CF-Super-Cache-Active
X-Air-Source
X-Air-Trace-Id
X-NODE
AMP-Access-Control-Allow-Source-Origin
X-Akamai-Request-ID2
X-Kinja-CCPA
OT-Force-Account-Verify
X-Content-Powered-By
WPO-Cache-Status
X-Real-IP
WPO-Cache-Message
Surrogate-Key
X-Origin-CC
X-Origin-TTL
X-Rocket-Nginx-Serving-Static
X-B3-Traceid
Protected
X-Hosted-By
X-VC
X-Accel-Version
SRV
X-Tec-Api-Origin
X-Tec-Api-Root
X-ServerID
Access-Control-Request-Headers
X-Tec-Api-Version
X-Nginx-Cache
X-Cache-Time
X-Akamai-Edgescape
X-Handled-By
X-Page-View
Xet-Cookie
X-CDN-Forward
X-Mode
Amp-Access-Control-Allow-Source-Origin
X-Framework
X-Upstream-Ht
X-Xfnlog-Site
Meta-Geo
Filters
X-Rn-Rsrv
Webserver
X-Cache-Operation
X-TT-LOGID
X-Endurance-Cache-Level
X-Edge-Location
X-Upstream-Ct
X-UPSTREAM-Address
X-Cache-Rule
X-Rewrite-Enabled
X-Origin
X-Tumblr-Pixel-2
X-Timing-Wait
X-Soup
X-Served-From
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-VWS-Id
X-SaId
X-Proxy-Build
X-AWS-Id
ServedBy
Selected-Fe
Section-Io-Id
X-Cache-Debug
X-Detected-As
X-LJ-Flow-ID
X-JoinUs
X-Director
Accept-Language
Cross-Origin-Embedder-Policy
Front
X-Origin-Hint
X-No-Session
Webcakes-Region
X-PHP-Host
X-Proxied
Webcakes-App-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-Logging-Id
Property-Id
X-Cluster
X-Cms-Context
X-Drupal-Cache-Tags
X-BYPASS-REASON
X-Adobe-Source
X-Lambda-Id
X-Labrador-Cache-Channel
X-Extlb
X-Redis-Cache
Node
TWC-Device-Class
Webcakes-App-Name
TWC-Connection-Speed
X-Web-Node
X-Zipkin-Id
X-Worker
X-Webstats-RespID
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Say-TTL
X-Say-Cacheable
Web-Mar-Node
TWC-Locale-Group
X-SayCDN-TTL
TWC-Privacy
X-Use-Mantle
X-Routing-Service
X-Drupal-Cache-Contexts
X-Browser-Name
X-AB
X-Locale
X-Skip-Cache
X-Site-Version
X-S
X-Tcp-Rtt
X-Tncms
X-VCT
X-Varnish-Beresp-Grace
X-Varnish-Age
X-RM-Cache-TTL
X-RCS-CacheZone
X-IPLB-Instance
X-GeoCountry
X-GeoCode
X-IPLB-Request-ID
X-Is-Desktop
X-Loop
X-Is-Tablet
X-Is-Supported-Browser
X-Geo-Region
X-Is-Mobile
Mn-Server-Ip
Azure-RegionName
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-Version
X-Sucuri-Cache
X-Generation-Time
X-Httpd
X-Fetched-On
X-Vercel-Id
X-Vercel-Cache
X-R9-Blue-Green-Version
Apigw-Requestid
X-Tb
CF-IPCountry
X-Format
X-Reqid
X-Cache-Server
X-Restarts
X-Sucuri-ID
X-Frame-Option
DB-Nickname
X-Origin-Date
X-Provided-By
X-Forwarded-Host
X-Ms-Version
X-Ms-Request-Id
X-Storefront-Renderer-Rendered
X-Cache-Host
X-Alternate-Cache-Key
X-Container-Uri
X-Git-Commit
CDN-CachedAt
X-Shopify-Stage
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-PullZone
CDN-Uid
X-Server-W
Xserver
WP-Super-Cache
X-Vcache
X-Sorting-Hat-PodId
X-Uri
X-ShardId
X-Sorting-Hat-ShopId
X-ShopId
Atl-Traceid
X-Cdn-Origin
X-XRDS-Location
X-Http-Reason
X-Vcl-Version
X-MP-GENERATED-AT
Cross-Origin-Embedder-Policy-Report-Only
Fastcgi-Useragent
Source
Cache-Tv-Group
Sid
X-Generated-By
X-Pass-Why
Priority
X-SRV
Content-Secure-Policy
X-FB-TRIP-ID
X-DynaTrace
X-RID
Thinkindot-CacheControl
Onion-Location
TDXMobile
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Scope-Id
X-Thinkindot-L3
Thinkindot-Control
Cross-Origin-Window-Policy
X-Shield-Cache-Expires
X-Buckets
X-Urbn-Site-Id
X-Urbn-Context-Path
Cache
Locale
X-Content-Age
HostName
X-LSADC-Cache
X-Azure-Ref-OriginShield
X-Sql-Duration-Ms
X-Sql-Count
X-Optimistic-Header
X-WP-CF-Super-Cache-Cookies-Bypass
X-Dc
X-GEO
X-DataDome
X-Proxy-Cache-Status
X-Xrds-Location
X-Cache-Action
X-Datadome
User-Cache-Control
X-Varnish-Beresp-Ttl
WZWS-RAY
X-TA-CDN-Provider
X-Request-URI
X-Connection-Hash
Expiry
X-Cluster-Node
DCR-Decision-By
DCR-Processing-Time-Ms
MD5-Digest
Gannett-Cam-Experience-Id
X-Scheme
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Ec-Fail
X-Ec-Custom-Error
X-A-Dcw
X-A-Dam
X-External-Request-Id
X-ND-Cache
Vix-Hermes-Req-Id
X-A
X-Instance-Name
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Conf
X-D
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
X-Destination
X-Developer
X-Aed
X-Application
X-Dispatcher-Server
X-B-Cookie
X-Op-Id-All
X-PAYTM-SRV-ID
X-Viewer-Country
Server-Hostname
Sever-Int
X-Vdms-Version
Sslversion
Server-Host
Server-Ext
Origin
X-Vtex-Remote-Cache
Origin-Agent-Cluster
Req-ID
X-Vdms-Path
X-Varnish-Hostname
X-Rojux
X-S-Cookie
X-Request-Start
X-Platform
T-Server
X-SB
X-Cache-Bucket
X-TIM-N
X-SRCache-Key
X-ScT
Surrogated-Key
Meta-Geo-Continent
Rendered-Blocks
X-VCache
X-UA
X-Bip
X-Block-Status
X-Cache-Id
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Amz-Storage-Class
X-Cache-Info
X-Auto-Login
X-Cache-NE
X-Debug-Cache-Store
X-Esi-Check
X-Fastly-Cache
X-Debug-Cache-Fetch
X-Core-Value
X-Cache-TTL-Remaining
X-Clientip
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
Ngx.Var.Host
NM-Fastcgi-Cache
Pramga
Ngx-Var-Key
Magicmarker
Host-ID
Lang
Locid
Redirect-Candidate
Release
Wxu-Next-Region
X-Correlation-ID
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Hostname
Wxu-Next-Commit
Req-Svc-Chain
Ssr
V-Age
X-Forwarded-Site
X-Gen-Mode
X-TH-Server
X-Thanos
X-UA-Device-Type
X-Sigma-Backend
X-Sigma
X-Request-Time
X-Rocket-Build-Number
X-SD-PageType
X-Varnish-Beresp-Status
X-Varnish-Director
X-We-Are-Hiring
X-Zen-Fury
Yak-Timeinfo
X-WA-Info
X-VServer
X-Varnishpool
X-VG-TLSProxy
X-VG-WebCache
X-Req
X-Pubstack
X-Human
X-Level-Front-Cache
X-Loc
X-Hnp-Log
X-Gzip
Fastly-GeoIP-CountryCode
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Mly-Id
X-NCache
X-Origin-Time
X-Pool
X-Proxied-Request
X-Nyt-Route
X-Node-Id
X-Nginx-Cache-Key
X-NMSegId
X-Gdpr
X-Generated-On
Cluster
Content-Script-Type
Content-Style-Type
DSUID
Cdnsip
Cdncip
X-Lagoon
C-Via
Candidate-Md5Url
Environment
A
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-TimeS
S-Rt
X-Cache-Expired-At
X-Newrelic-Synthetics
Edge-Copy-Time
X-Origin-Response-Time
X-Service
X-Cdn-Srv
Apple-News-Services-Request-Url
X-Cache-Date
Apple-News-Services-Parsed-Url
X-V-Cache
X-Contensis-Viewer-Groups
X-DPWN-IS-SECURE
X-Device-Os
Apple-News-Services-Handled
Apple-News-Services-Host
X-Cache-Aspx
X-Var-Ttl
X-Aicache-OS
X-Varnish-Authentication
X-Ad-Load-Variation
X-Access
Gh-Request-Id
X-ApacheServer
Adler-Geo
Canary
X-Backend-Instance
CDCHOST
X-Branch-Name
X-FC-Vary-Parameters
X-Org
X-Old-Content-Length
X-Server-IP
X-Mvc-Supplant-Cachable
X-PERF
X-Policy
X-Region-Sid
X-Section
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-SVT-ORM-RULES
X-Micro-Cache
X-GeoIP-City
X-GeoIP
X-Geo-Header
X-From
Click-Count-Action-Start
X-SVT-ORM-VERSION
X-Men
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-Request-Host
X-Fmm-Version
Country-Code
Producers
Tube-Get-Contents
On-Server
Tube-Got-Results
Mail-Subject
Machine
L
Platform
Web-Mar-Region
We-Hiring
Click-Count-Error
Tube-Return
RNT-Machine
RNT-Time
Tube-Got-Eval
Esi-Enabled
Is-Eu
Uber-Trace-Id
LB
Fastly-Drupal-HTML
X-Proto
X-Slack-Backend
X-Fastly-Backend
X-Moov-T
X-Hash
X-ECache
X-Edge-Server
X-HN
Proxy-Firewall
X-Moov-Xdn-Version
AKAMAI
PFcat
Cache-Key
X-API-Version
Fastly-SSL
X-Wikidot-Static-Cache
X-VarnishDD-TTL
X-App-Name
X-Wikidot-Backend
Cdn-Request-Time
Cdn-Host
Cf-Device-Type
X-Up
X-Slack-Shared-Secret-Outcome
Cache-Provider
X-Mg-Request-UUID
X-Sn-Servicetimems
X-Test
X-Origin-Expires
L5d-Success-Class
W
Ha-Gx-Prefs
X-Accel-Expires-Debug
True-Client-Country-4JS
X-LB-ID
X-Eu-Site
X-Csrf-Jwt
X-CGP
Fastly-Backend-Name
HA-Ipaddr
X-Ua
X-Date
NGX
Type
XM
X-Parent-Response-Time
X-Mvc-Supplant-OutputCached
X-CacheTTL
X-NGINX-Cache
X-Cache-Backend
X-Varnish-Hits
X-Ah-Environment
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-DC
X-COUNTRY
X-DynaTrace-JS-Agent
X-HA-Backend
X-Tx-Id
Cache-Hits
X-CACHE-GROUP
Pics-Label
X-Irp-Debug
X-Servedbyhost
NtCoent-Length
X-Ratelimit-Reset
X-Zone
Datacenter
X-Via-Fastly
X-Owner
X-CDN-Cache-Status
X-Refresh
GeoIp-Country-Code
X-VHOST
Cdn
X-ZONE
X-Core-Mission
X-SIPLIST1
IsBot
X-LB-NoCache
X-Cloudmap
Cdn-Requestid
X-Srv
X-Ig-Origin-Region
X-Location
X-TX-ID
X-Wa
Fusion-Content-Id
SID
X-Qloud-Router
X-PDP-UNCACHING-HASH
Fusion-Component-Id
X-Nc
Fusion-Source
Fusion-Template-Id
Server-ID
Fusion-Content-Source
Fusion-Deployment-Id
X-Akamai-Transformed
X-B3-Parentspanid
Expect-Staple
Resin-Trace
N-Cache
Cross-Origin-Opener-Policy-Report-Only
Powered-By
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-NWS-UUID-VERIFY
X-Tenant
X-Fpc
Xc-Version
DataCenter
X-Cache-Type
X-Shop-Environment
Origin-CC
X-CUA
Origin-EX
X-Jungle-Id
X-Orig-Expires
GeoIP-Latitude
X-Hit
X-Forwarded-Path
X-Nananana
X-User
X-NewRelic-App-Data
Uri
X-Nf-Request-Id
X-Proxy-CacheRZ
XkeyRZ
Cmstype
CloudFront-Viewer-Country
Cmsid
X-Gamma-Serve
X-Client-Ip
X-IAuth-Set-Uid
Cf-Ipcountry
X-Presslabs-Stats
X-Segment-20210421
X-CS
CPC-Age
Fastly-Drupal-Html
X-DataCenter
Mime-Version
CPC-Cache
X-URL
User-Agent
X-Cdn-Diag
True-Client-IP
X-Info
X-LiteSpeed-Tag
X-Tt-Logid
X-Cached-By
X-Render-Time
X-TIME
CDN
X-Amz-Meta-Opti
X-Vmg-Version
X-Wormhole-Sdk
True-Client-Ip
X-Powered-By-VTEX-Cache
Debug
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Esi
X-Varnish-Beresp-TTL
X-Geo
X-Fastly-Country-Code
X-CACHE-AGE
Srv
MIME-Version
Edge-Cache
X-Auth-Group-Type
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
CacheControlHeader
X-Dispatch
X-Variation
Load-Balancing
X-Datacenter
X-B3-Spanid
X-LiteSpeed-Cache-Control
Tcn
X-LAGOON
X-Ig-Push-State
X-Vc
X-HOST
X-Cs
Ohc-File-Size
X-HostName
X-APP-VERSION
X-FPC
Odigeo-Trace-Id
X-Use-Magma
X-Webkit-Csp-Report-Only
VNS-Cache
Server-Id
X-CSRF-TOKEN
VNS-Age
X-Vgn-Hpd-Reason
Hostname
Cl-Cache
X-Custom-Header
X-NC
X-WA
X-AIR-PT
X-Lb-Nocache
X-NodeID
X-Depends
X-PHP-Backend
X-MCACHE
X-Pad
Ohc-Cache-HIT
GeoIP-Country-Code
X-DefElseHash
RATING
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-DefHash
X-M-Reqid
X-Dispatcher-Number
X-M-Log
X-Cdn-Cache-Status
Lb
X-ServedByHost
X-VC-TTL
X-Api-Version
X-MSEdge-Features
Geoip-Latitude
X-MSEdge-Flight
X-Cache-Ttl
X-Cache-FS-Status
Cloudfront-Viewer-Country
X-Fastly-Backend-Reqs
Epwk-X-Cache
X-APP
Cache-Name
X-Ha-Backend
X-Litespeed-Tag
X-MiniProfiler-Ids
PICS-Label
CountryCode
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-VCL-Version
X-Srcache-Fetch-Status
X-Litespeed-Cache-Control
X-Srcache-Store-Status
X-Cdn-Request-ID
X-Mid
X-Proxy-Cache-La3
Xkey-La3
Xkeylog
X-Lb-Id
Memcached
X-IN-APIGATEWAYSSL
X-Web-Server
Memory
X-IN-APIGATEWAY
OriginIP
Ngx
X-RequestId
Time
X-Snapshot-Date
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Akamai-Pragma-Client-IP
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-Cache-Version
X-Sorting-Hat-Podid
X-Requestid
X-Th-Server
X-Sucuri-Id
Warning
CF-Cached-On
Sm-Log-Id
BehaviorPad-Version
Akamai-Cache-Status
X-Dw-Trace-Id
X-Service-Response-Time
X-Serial
X-Udemy-Cache-App-Namespace
X-Mg-Cache
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cookies-Bypass