Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
P3p
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Ua-Compatible
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Allow
Cf-Edge-Cache
X-Backend
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Cache-Lookup
X-Application-Context
X-Country-Code
X-Trace
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Mcache
Cache-Tag
X-Midtier
X-FTR-Request-ID
X-Mod-Pagespeed
X-ECACHE
Nginx-Cache
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-Upstream
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
Verso
X-Times
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Cnection
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-Ac
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Abt-Application-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Ser
X-NF-Request-ID
X-GitHub-Request-Id
X-RateLimit-Remaining
X-NWS-LOG-UUID
Pinterest-Generated-By
AR-CACHE
X-Pinterest-Rid
Pinterest-Version
X-VARITI-CCR
X-Mg-S
S
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Client-IP
Edge-Cache-Tag
X-Cache-Key
RTSS
X-Ttl
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Accept-Ch
X-Goog-Hash
X-Kraken-Loop-Name
X-Instrumentation
Cache-Status
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-ID
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
Origin-Trial
X-Varnish-TTL
X-Content-Digest
X-TraceId
X-Middleton-Response
Response
Arr-Disable-Session-Affinity
X-Forwarded-For
X-T
X-Content-Security-Policy-Report-Only
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
MicrosoftSharePointTeamServices
TP-Cache
X-Accel-Expires
X-Shield-Request-Id
X-Hits
X-Cached
X-Daa-Tunnel
X-Id
Front-End-Https
Cross-Origin-Resource-Policy
Public-Key-Pins
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
MS-Author-Via
X-FTR-Expires
X-HS-Content-Id
X-HS-Cache-Config
X-DIS-Request-ID
Server-Node
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
X-HS-Hub-Id
X-HS-Combine-CSS
Payment
X-Frontend
X-Forwarded-Proto
X-Webkit-Csp
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LLID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Fastcgi-Cache
Realpath
X-GUploader-UploadID
X-Protected-By
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Distributor
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Ratelimit-Limit
X-RateLimit-Limit
Count-Hit
X-XRDS-LOCATION
X-Page-Id
Referer-Policy
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Az
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Hostname
X-Debug-Info
X-Cluster-Name
X-F-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Www-Served-By
X-Varnish-Backend
Accept-Charset
Host
X-Envoy-Decorator-Operation
X-Correlation-Id
X-App-Server
Fastcgi-Cache
X-NGENIX-Cache
X-Varnish-Server
X-Ua-Device
X-PressLabs-Stats
X-TTL
X-FB-Debug
X-Goog-Metageneration
X-Fastly-Request-Id
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
X-CSRF-Token
Retry-After
X-WebKit-CSP-Report-Only
X-Upgrade-Enabled
X-Load-Cache
X-Ezoic-Cdn
X-Content-Options
X-TEC-API-ROOT
X-Kinja-CCPA
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Varnish-Ttl
Server-Name
X-Px
X-Seen-By
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Contextid
X-Datadog-Parent-Id
X-Revision
Charset
X-Request-Guid
X-Tt-Trace-Host
X-Cache-Control
X-Tt-Trace-Tag
DC
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
X-Type
Section-Io-Cache
X-Grace
TCN
Paypal-Debug-Id
X-TT
Cleartype
X-B-Cache
X-Signature
X-B3-Sampled
X-B
X-App-Environment
X-Fb-Rlafr
Healthy
X-Whom
X-Wix-Request-Id
X-Newrelic-App-Data
X-Rid
X-Node-Name
Frame-Options
X-Mobile
X-Origin-Cache
X-Amz-Replication-Status
X-Magnolia-Registration
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Route-Name
X-EdgeConnect-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Azure-Ref
X-Goog-Storage-Class
X-Oracle-Dms-Ecid
X-Logged-In
X-Proxy
X-Language
Filterid
X-N
X-Ratelimit-Remaining
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Air-Pt
Content-Disposition
Backend
Akamai-GRN
X-Oracle-Dms-Rid
X-Fastly-Request-ID
Upgrade-Insecure-Requests
X-Template
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
X-Proxy-Cache-Info
Refresh
X-App-Version
SD-X-WS
X-ProcessESI
X-RemovedCookies
X-Debug-IsConnected
X-Datadog-Sampled
X-Tumblr-Pixel
X-Debug-IsPreview
X-Unique-Id
X-Yottaa-Optimizations
X-Is-Bot
X-Cache-Age
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Time
X-Tumblr-Pixel-1
X-Tumblr-User
X-Rendered-As
X-Varnish-Grace
Viewport
X-Adobe-Content
X-Adobe-Loc
X-IPS-LoggedIn
X-Instance
Liferay-Portal
Ms-Operation-Id
MS-CV
X-RTag
X-UUID
X-Servername
X-Amzn-Remapped-Content-Length
X-FW-Type
X-FW-Version
X-Cacheable-TTL
X-Cache-Grace
X-FW-Server
X-Debug
X-G
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Region
X-Environment-Context
X-User-Agent
Fastly-SIE
Fastly-SWR
X-L-Path
From-Origin
X-Backend-Name
X-NYM-Debug-Backend
Country
X-Rule
X-Hl-Ver
X-Device-Type
X-Cache-Hit
X-Status
Url
X-Jobs
ServerID
X-Via-JSL
X-Webkit-CSP
X-Page-View
X-B3-SpanId
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Countrycode
WPO-Cache-Message
X-VC-Cache
WPO-Cache-Status
X-Origin-TTL
X-Origin-CC
X-INCAP-ABP
Alternate-Protocol
X-Hosted-By
X-Cache-Status-Check
X-Air-Trace-Id
Surrogate-Key
X-Air-Hostname
X-Air-Source
X-HTML-Minification-Powered-By
X-NODE
Version
X-Akamai-Request-ID2
X-Content-Powered-By
X-Source
Protected
X-B3-Traceid
GEO-INFO
X-Akamai-Edgescape
X-Rocket-Nginx-Serving-Static
X-WP-CF-Super-Cache-Active
X-Tec-Api-Root
CDN-RequestId
X-Tec-Api-Origin
X-Storage
X-Tec-Api-Version
X-Nginx-Cache
X-Http-Reason
Amp-Access-Control-Allow-Source-Origin
X-Accel-Version
Access-Control-Request-Headers
X-Framework
SRV
X-VC
X-Edge-Location
OT-Force-Account-Verify
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
Front
X-Real-IP
X-Mode
X-Use-Mantle
Webserver
Meta-Geo
X-Upstream-Ht
X-CDN-Forward
Accept-Language
Filters
X-Upstream-Ct
X-Rewrite-Enabled
X-Rn-Rsrv
X-ServerID
X-Httpd
X-Cache-Operation
Xet-Cookie
X-Xfnlog-Site
X-UPSTREAM-Address
X-Soup
X-SaId
X-Director
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Served-From
X-Origin
X-Timing-Wait
X-Cache-Time
Selected-Fe
X-Tumblr-Pixel-2
X-Proxy-Build
CF-IPCountry
X-JoinUs
X-Say-TTL
X-SayCDN-TTL
X-Worker
X-Detected-As
X-Logging-Id
X-Web-Node
X-PHP-Host
X-Adobe-Source
X-Redis-Cache
ServedBy
X-Endurance-Cache-Level
X-Labrador-Cache-Channel
X-Handled-By
X-Cache-Debug
Node
X-Say-Cacheable
Azure-Version
DB-Nickname
X-Browser-Name
Azure-RegionName
Azure-InstanceId
Property-Id
X-VCT
Azure-SiteName
Azure-SlotName
X-Skip-Cache
X-S
X-Is-Desktop
X-Loop
X-RM-Cache-TTL
X-Varnish-Beresp-Grace
X-Is-Supported-Browser
X-Is-Mobile
X-GeoCountry
X-Is-Tablet
Apigw-Requestid
X-AB
X-Tncms
X-Geo-Region
X-Tcp-Rtt
X-GeoCode
X-Varnish-Age
X-No-Session
X-Format
X-Cms-Context
X-Origin-Hint
Xserver
X-Server-W
X-Restarts
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Connection-Speed
X-Lambda-Id
Webcakes-Region
X-BYPASS-REASON
Web-Mar-Node
TWC-Privacy
Webcakes-App-Version
TWC-Device-Class
TWC-GeoIP-LatLong
Section-Io-Id
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Locale-Group
X-Fetched-On
X-DynaTrace
X-Tb
X-Git-Commit
X-VWS-Id
X-R9-Blue-Green-Version
X-Site-Version
X-Generation-Time
X-RCS-CacheZone
Cross-Origin-Embedder-Policy
X-Vercel-Id
X-IPLB-Request-ID
X-IPLB-Instance
X-AWS-Id
X-Container-Uri
X-Cache-Host
X-LJ-Flow-ID
X-Vercel-Cache
X-Cache-Server
X-Locale
Mn-Server-Ip
X-Ms-Request-Id
X-Zipkin-Id
X-Ms-Version
X-Platform-Cluster
X-Cluster
X-Platform-Router
X-Platform-Processor
X-Provided-By
X-Forwarded-Host
X-Uri
X-Routing-Service
X-Proxied
X-Extlb
X-Reqid
X-Frame-Option
X-MP-GENERATED-AT
X-Webstats-RespID
X-TT-LOGID
X-Vcache
X-Drupal-Cache-Tags
X-XRDS-Location
X-Drupal-Cache-Contexts
Cache-Tv-Group
X-Sql-Duration-Ms
X-Sql-Count
WP-Super-Cache
X-Origin-Date
X-Alternate-Cache-Key
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
X-Storefront-Renderer-Rendered
CDN-Cache
CDN-CachedAt
X-Shopify-Stage
Source
Priority
Fastcgi-Useragent
Content-Secure-Policy
X-FB-TRIP-ID
X-Sucuri-Cache
X-Vcl-Version
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Sucuri-ID
X-Generated-By
X-Cdn-Origin
Onion-Location
Sid
X-Urbn-Site-Id
Locale
X-Content-Age
X-Urbn-Context-Path
Cross-Origin-Embedder-Policy-Report-Only
X-SRV
X-Newrelic-Synthetics
X-Pass-Why
WZWS-RAY
S-Rt
X-Buckets
X-Cluster-Node
Atl-Traceid
Thinkindot-CacheControl
X-CMSURLCustom
X-Use-Magma
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-Control
X-Scope-Id
Thinkindot-CacheControl-Type
TDXMobile
X-Ua
Cache
X-Cache-Action
X-DataDome
X-Proxy-Cache-Status
X-Xrds-Location
Cross-Origin-Window-Policy
X-LSADC-Cache
HostName
X-Cache-Expired-At
X-GEO
X-Via-CDN
Edge-Copy-Time
X-Via-SSL
X-Varnish-Beresp-Ttl
X-Via-Edge
X-WP-CF-Super-Cache-Cookies-Bypass
X-Optimistic-Header
DCR-Decision-By
X-Varnish-Hostname
X-D
X-Epic-Correlation-Id
X-TIM-N
Rendered-Blocks
X-Developer
Sslversion
X-Ec-Custom-Error
Candidate-Md5Url
Type
X-Dispatcher-Server
X-Platform
Surrogated-Key
X-PAYTM-SRV-ID
T-Server
DCR-Processing-Time-Ms
X-Request-Start
X-ScT
Req-ID
X-SRCache-Key
Vix-Hermes-Req-Id
X-Scheme
X-S-Cookie
CDCHOST
Server-Host
X-Rojux
X-Destination
X-Correlation-ID
X-Bc-Bl
Lang
X-VCache
X-Dc
X-A-Dam
X-BCube-Filmed-By
X-A
X-Cache-NE
X-A-Ccd
X-Vdms-Path
X-A-Dcw
X-Conf
X-B-Cookie
X-Application
X-Aed
Meta-Geo-Continent
X-A-Dgt
X-A-Wwc
MD5-Digest
X-Ec-GeoHdr
Ngx-Var-Key
X-Bl-Debug
Origin
X-Cache-Bucket
X-Viewer-Country
X-Vdms-Version
Origin-Agent-Cluster
Redirect-Candidate
X-Vtex-Remote-Cache
Ngx.Var.Host
X-External-Request-Id
Gannett-Cam-Experience-Id
X-Ec-Fail
X-Request-URI
X-Datadome
X-Connection-Hash
Expiry
X-TimeS
X-Nyt-Route
X-Node-Id
Pramga
X-Esi-Check
X-NMSegId
NM-Fastcgi-Cache
X-Fastly-Cache
X-Loc
Fastly-GeoIP-CountryCode
X-Gzip
Fastly-SSL
X-GeoIP-Country-Code
Release
DSUID
Environment
X-GeoIP-Region-Code
Content-Style-Type
Content-Script-Type
X-Level-Front-Cache
Magicmarker
X-Forwarded-Site
X-Gdpr
Cluster
Host-ID
X-Generated-On
X-Human
X-Mly-Id
X-Debug-Cache-Fetch
L
Apple-News-Services-Request-Url
Server-Ext
Server-Hostname
Sever-Int
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-WA-Info
X-We-Are-Hiring
A
Apple-News-Services-Handled
X-Access
X-Core-Value
X-SB
X-Section
X-Cache-Id
X-Mg-Request-UUID
X-Branch-Name
X-Op-Id-All
X-Clientip
X-Cache-Info
X-Instance-Name
X-Bip
X-VServer
X-VG-WebCache
X-Request-Time
X-Rocket-Build-Number
X-SD-PageType
X-Sigma
X-Pubstack
X-Proxied-Request
User-Cache-Control
Ssr
X-Origin-Time
X-Pool
X-Sigma-Backend
V-Age
X-Debug-Cache-Store
X-Varnishpool
X-Varnish-Beresp-Status
X-Varnish-Director
X-Thanos
X-VG-TLSProxy
X-TH-Server
X-Origin-Response-Time
X-ECache
X-TA-CDN-Provider
X-Service
Fastly-Drupal-HTML
X-Device-Os
X-Contensis-Viewer-Groups
X-DPWN-IS-SECURE
X-Request-Host
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-B3-Trace-ID
Wxu-Next-Region
Wxu-Next-Hostname
C-Via
Cache-Provider
Req-Svc-Chain
Wxu-Next-Commit
X-BBC-Edge-Cache-Status
X-Block-Status
X-Nginx-Cache-Key
X-Req
X-UA-Device-Type
X-Zen-Fury
X-NCache
X-Moov-Xdn-Version
X-Cache-TTL-Remaining
X-Gen-Mode
X-Hnp-Log
X-Moov-T
X-Varnish-Authentication
X-Var-Ttl
X-Men
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Geo-Header
X-GeoIP
X-GeoIP-City
X-GoCache-CacheStatus
X-Old-Content-Length
X-Org
X-Server-IP
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-V-Cache
X-Cache-Date
X-RateLimit-Remaining-Second
X-PERF
X-Policy
X-RateLimit-Limit-Second
X-FC-Vary-Parameters
X-From
On-Server
Machine
X-Ad-Load-Variation
X-Aicache-OS
Web-Mar-Region
Mail-Subject
Uber-Trace-Id
Adler-Geo
We-Hiring
True-Client-Country-4JS
X-ApacheServer
Is-Eu
Platform
X-Cache-Aspx
Producers
Esi-Enabled
Gh-Request-Id
Canary
X-Test
X-ND-Cache
X-Wikidot-Backend
X-Up
AKAMAI
Cdn-Request-Time
Cf-Device-Type
Cdn-Host
Cache-Key
X-Slack-Backend
X-Proto
X-Slack-Shared-Secret-Outcome
Country-Code
X-AK-Request-ID
W
Tube-Return
X-Cdn-Srv
X-Fmm-Version
X-Region-Sid
Cdncip
Cdnsip
Tube-Got-Results
Tube-Got-Eval
X-Hash
Click-Count-Error
Click-Count-Action-Start
Yak-Timeinfo
Locid
Tube-Get-Contents
RNT-Time
RNT-Machine
X-Wikidot-Static-Cache
X-Sn-Servicetimems
Proxy-Firewall
X-Edge-Server
X-App-Name
X-Fastly-Backend
X-Parent-Response-Time
L5d-Success-Class
X-Amz-Storage-Class
X-Azure-Ref-OriginShield
X-Owner
X-Eu-Site
X-HN
X-Csrf-Jwt
NGX
X-VarnishDD-TTL
X-Ah-Environment
X-Date
X-CGP
X-CacheTTL
X-Accel-Expires-Debug
PFcat
Ha-Gx-Prefs
HA-Ipaddr
Fastly-Backend-Name
X-Core-Mission
X-ZONE
X-COUNTRY
X-SIPLIST1
X-Backend-Instance
X-LB-ID
Pics-Label
IsBot
X-DC
X-Tx-Id
X-CACHE-GROUP
X-NGINX-Cache
X-Qloud-Router
X-DynaTrace-JS-Agent
X-HA-Backend
X-Via-Poph
XM
X-Via-Popn
X-Via-Popv
X-Ratelimit-Reset
Datacenter
LB
X-Varnish-Hits
X-Cache-Backend
NtCoent-Length
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Origin-Expires
X-API-Version
X-Tb-Optimization-Total-Bytes-Saved
N-Cache
X-Refresh
X-Servedbyhost
Expect-Staple
X-Lagoon
X-VHOST
Cdn
X-CDN-Cache-Status
X-Orig-Expires
GeoIp-Country-Code
X-LB-NoCache
Xc-Version
X-Shop-Environment
RATING
X-Cache-Type
X-Forwarded-Path
X-Tenant
Cdn-Requestid
X-Gamma-Serve
Cmstype
X-Srv
Cmsid
X-UA
X-RID
CPC-Cache
CPC-Age
X-Nc
X-Nananana
CloudFront-Viewer-Country
Server-ID
X-Wa
SID
X-Cdn-Diag
X-Vmg-Version
X-TX-ID
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Transformed
X-Zone
X-B3-Parentspanid
Resin-Trace
X-Via-Fastly
X-Fpc
X-Hit
X-Tt-Logid
X-Proxy-CacheRZ
XkeyRZ
User-Agent
Cache-Hits
GeoIP-Latitude
X-Nf-Request-Id
Uri
X-Client-Ip
DataCenter
X-URL
X-Presslabs-Stats
X-Location
CacheControlHeader
X-Variation
X-Ig-Origin-Region
X-LAGOON
Fusion-Component-Id
X-Amz-Meta-Opti
X-Fastly-Country-Code
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
X-Api-Version
Fusion-Content-Source
Fusion-Source
X-TIME
X-Info
X-CS
Fastly-Drupal-Html
Tcn
Powered-By
X-DataCenter
True-Client-IP
Mime-Version
True-Client-Ip
Cf-Ipcountry
X-Cloudmap
Lb
X-Datacenter
X-HostName
X-NewRelic-App-Data
X-Cdn-Forward
X-B3-Spanid
Srv
Origin-CC
MIME-Version
X-CUA
X-Jungle-Id
Origin-EX
X-CACHE-AGE
X-Geo
VNS-Cache
VNS-Age
X-Dynatrace-Js-Agent
X-NWS-UUID-VERIFY
X-LiteSpeed-Tag
X-Varnish-Beresp-TTL
X-User
X-Cached-By
X-IAuth-Set-Uid
X-HOST
Debug
X-Segment-20210421
X-Vc
X-LiteSpeed-Cache-Control
Load-Balancing
X-AIR-PT
CDN
X-Render-Time
Hostname
Cache-Name
X-Dispatcher-Number
X-Webkit-Csp-Report-Only
X-FPC
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
Cl-Cache
X-CSRF-TOKEN
Ohc-File-Size
X-Auth-Group-Type
X-Wormhole-Sdk
Server-Id
Edge-Cache
X-MCACHE
X-NC
X-Dispatch
GeoIP-Country-Code
X-Esi
X-Mid
X-WA
X-APP-VERSION
X-Litespeed-Tag
Ohc-Cache-HIT
X-Ig-Push-State
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
X-Lb-Nocache
X-ServedByHost
X-NodeID
BehaviorPad-Version
Odigeo-Trace-Id
X-Cache-Ttl
X-Cs
CountryCode
X-Cache-Enabled
X-Vgn-Hpd-Reason
X-Custom-Header
X-Fastly-Backend-Reqs
Ms-Author-Via
X-Litespeed-Cache-Control
X-VCL-Version
Server-Info
X-MiniProfiler-Ids
YJS-ID
X-Akamai-Pragma-Client-IP
X-Cdn-Request-ID
X-Via-PopN
X-Via-PopV
X-MSEdge-Features
X-PHP-Backend
X-Ha-Backend
X-Depends
Xkeylog
Xkey-La3
X-Via-PopH
X-MSEdge-Flight
X-Proxy-Cache-La3
X-Lb-Id
X-Pad
X-Acquia-Purge-Tags
X-Varnish-Remaining-TTL
X-Acquia-Site
X-Varnish-CookieHashed-On
X-Acquia-Application-UUID
PICS-Label
X-DefElseHash
X-DefHash
X-Varnish-CookieINHashed-On
FSS-Cache
My-App
OriginIP
X-IN-APIGATEWAY
X-FL-EDGE
X-Snapshot-Date
Ngx
X-Acquia-Application-Trace
X-FL-QIT-DEBUG
Location
X-IN-APIGATEWAYSSL
Memcached
Srvid
Time
Memory
X-Shardid
X-Sorting-Hat-Podid
X-Cache-Version
X-Sorting-Hat-Shopid
X-Shopid
X-M-Reqid
Warning
X-Lsadc-Cache
X-M-Log
CF-Cached-On
CF-Ctrl
X-VC-TTL
Geoip-Latitude
X-Check-Cacheable
X-Mg-Cache
X-Serial
X-Service-Response-Time
X-Dw-Trace-Id
X-Web-Server
Sm-Log-Id
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-RequestId
X-Udemy-Cache-App-Namespace
X-Internal-Host
Akamai-Cache-Status
X-Sucuri-Id