Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
Allow
X-Backend
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-LiteSpeed-Cache
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Cache-Lookup
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
Cache-Tag
X-Amz-Server-Side-Encryption
X-ECACHE
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
Nginx-Cache
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
Verso
X-Element-Page-Cache
X-Cnection
X-Times
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Kinja-Build
SPRequestDuration
X-Ac
SPIisLatency
X-Ruxit-Js-Agent
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Abt-Application-Version
X-Ser
X-NF-Request-ID
X-Vcap-Request-Id
X-NWS-LOG-UUID
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-RateLimit-Remaining
AR-CACHE
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Mg-S
X-VARITI-CCR
S
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Client-IP
Edge-Cache-Tag
X-Cache-Key
X-Ttl
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Cache-Status
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
X-Server-ID
Access-Control-Request-Method
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Recruiting
X-Varnish-TTL
X-ARC
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
Origin-Trial
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
MicrosoftSharePointTeamServices
TP-Cache
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
X-Accel-Expires
X-Shield-Request-Id
X-Cached
X-Hits
Front-End-Https
Cross-Origin-Resource-Policy
Public-Key-Pins
X-Id
MS-Author-Via
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-Fastcgi-Cache
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Ua-Browser
X-DIS-Request-ID
X-Request-Received
X-Request-Processing-Time
X-Forwarded-Proto
Payment
X-Frontend
X-Webkit-Csp
X-LLID
Realpath
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Protected-By
X-GUploader-UploadID
TP-L2-Cache
X-ORACLE-DMS-RID
Cache-Tags
X-LB-Cache
X-Distributor
X-FastCGI-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Ratelimit-Limit
X-Request-Handler-Origin-Region
X-Microsite
X-RateLimit-Limit
Referer-Policy
X-B3-TraceId-Primal
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Page-Id
Mrf-Cache-Status
Count-Hit
MRF-Tech
X-AppVersion
X-Activity-Id
X-Az
X-Hostname
X-NGENIX-Cache
X-Debug-Info
X-Www-Served-By
X-Cluster-Name
X-F-Cache
Host
X-Geo-Country
X-Varnish-Backend
Accept-Charset
X-Varnish-Server
X-Correlation-Id
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-App-Server
X-ORACLE-DMS-ECID
X-Ua-Device
X-TTL
X-XRDS-LOCATION
X-FB-Debug
X-Goog-Metageneration
X-PressLabs-Stats
Access-Control-Allow-Method
Retry-After
X-Git-Hash
X-CSRF-Token
X-Upgrade-Enabled
X-Ezoic-Cdn
X-Load-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Fastly-Request-Id
X-Content-Options
X-Varnish-Ttl
X-RateLimit-Reset
X-Seen-By
X-Px
Server-Name
X-Request-Guid
X-Contextid
X-Tt-Trace-Host
X-Datadog-Sampling-Priority
X-Tt-Trace-Tag
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Revision
Charset
X-Cache-Control
X-Type
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
Section-Io-Cache
TCN
X-B3-Sampled
X-B
X-Grace
Cleartype
X-Oracle-Dms-Ecid
Paypal-Debug-Id
X-TT
DC
Healthy
X-Signature
X-B-Cache
X-Fb-Rlafr
X-App-Environment
X-Whom
X-Wix-Request-Id
X-Rid
X-Node-Name
X-Newrelic-App-Data
X-Kinja-CCPA
X-Origin-Cache
X-Mobile
Frame-Options
X-WebKit-CSP-Report-Only
X-Amz-Replication-Status
X-Magnolia-Registration
X-Proxy
X-Azure-Ref
Accept-Ch
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Length
X-Ratelimit-Remaining
X-Goog-Storage-Class
X-Goog-Generation
X-EdgeConnect-Cache-Status
X-Goog-Stored-Content-Encoding
X-Air-Pt
X-Flags
X-Fastly-Request-ID
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-N
X-Logged-In
Filterid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Language
Content-Disposition
Backend
Akamai-GRN
NGB
X-App-Version
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Node
X-Is-Bot
X-Rendered-As
Upgrade-Insecure-Requests
X-Cache-Age
X-Template
X-Time
Ms-Operation-Id
X-ProcessESI
X-Proxy-Cache-Info
MS-CV
SD-X-WS
Viewport
X-Debug-IsConnected
X-Datadog-Sampled
X-RemovedCookies
X-Debug-IsPreview
X-RTag
X-Varnish-Grace
X-Yottaa-Metrics
X-Yottaa-Optimizations
Refresh
X-Unique-Id
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Servername
X-Tumblr-User
X-Tumblr-Pixel-1
X-FW-Dynamic
X-Adobe-Content
X-Adobe-Loc
X-Debug
X-FW-Server
X-FW-Hash
X-Instance
X-IPS-LoggedIn
X-UUID
X-FW-Type
X-FW-Version
X-FW-Static
X-FW-Serve
X-Amzn-Remapped-Content-Length
X-NYM-Debug-Backend
X-L-Path
Fastly-SWR
X-Region
X-G
Fastly-SIE
X-Cacheable-TTL
X-Cache-Grace
X-Environment-Context
X-Hl-Ver
X-Backend-Name
X-Device-Type
X-User-Agent
From-Origin
X-Rule
X-Status
Country
X-Cache-Hit
X-B3-SpanId
Url
ServerID
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Jobs
X-Via-JSL
X-Webkit-CSP
X-VC-Cache
X-INCAP-ABP
X-Origin-CC
X-Origin-TTL
Countrycode
WPO-Cache-Message
WPO-Cache-Status
Alternate-Protocol
X-Page-View
X-HTML-Minification-Powered-By
X-Air-Trace-Id
X-Cache-Status-Check
Version
X-Air-Source
X-Air-Hostname
Surrogate-Key
X-NODE
X-Hosted-By
X-Source
X-Akamai-Request-ID2
X-Content-Powered-By
X-Nginx-Cache
GEO-INFO
Amp-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Active
X-B3-Traceid
Protected
CDN-RequestId
SRV
X-Storage
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Accel-Version
OT-Force-Account-Verify
X-VC
Access-Control-Request-Headers
X-Edge-Location
X-Http-Reason
X-Framework
X-CDN-Forward
X-Real-IP
AMP-Access-Control-Allow-Source-Origin
CF-IPCountry
X-Mode
X-Cache-Rule
Front
X-ServerID
X-Use-Mantle
X-Rewrite-Enabled
Webserver
X-Cache-Time
X-Rn-Rsrv
X-Xfnlog-Site
X-Upstream-Ht
Accept-Language
X-Upstream-Ct
Xet-Cookie
Filters
X-Cache-Operation
X-UPSTREAM-Address
Meta-Geo
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-3
X-Timing-Wait
Selected-Fe
X-LJ-Flow-ID
X-Tumblr-Pixel-2
X-AWS-Id
X-VWS-Id
X-Varnish-Cache-Hits
X-Served-From
X-Detected-As
X-Director
X-SaId
X-JoinUs
ServedBy
X-Proxy-Build
X-Soup
X-Cache-Debug
X-Origin
Mn-Server-Ip
X-Httpd
TWC-Device-Class
TWC-Connection-Speed
X-ProxyCache-Status
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Redis-Cache
Web-Mar-Node
Property-Id
X-Say-TTL
X-SayCDN-TTL
X-Server-W
X-Say-Cacheable
X-Routing-Service
X-Labrador-Cache-Channel
X-Restarts
Webcakes-App-Name
Webcakes-App-Version
X-Extlb
X-Endurance-Cache-Level
X-Cms-Context
X-Logging-Id
X-Format
X-Handled-By
X-Lambda-Id
X-No-Session
X-Cluster
X-ProxyCache-Key
X-Adobe-Source
Webcakes-Region
X-BYPASS-REASON
X-Proxied
X-Origin-Hint
X-PHP-Host
Apigw-Requestid
Node
X-TT-LOGID
Section-Io-Id
Xserver
X-Zipkin-Id
X-Worker
X-Web-Node
X-IPLB-Instance
X-RCS-CacheZone
X-Geo-Region
X-Loop
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Browser-Name
X-IPLB-Request-ID
X-AB
X-Is-Tablet
X-Locale
X-GeoCountry
X-Skip-Cache
X-Site-Version
X-Tcp-Rtt
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Tncms
DB-Nickname
X-RM-Cache-TTL
X-Varnish-Beresp-Grace
X-VCT
X-S
X-Varnish-Age
X-GeoCode
X-Cache-Server
X-Cache-Host
X-Generation-Time
X-DynaTrace
X-Git-Commit
X-Container-Uri
X-Fetched-On
X-Drupal-Cache-Tags
X-R9-Blue-Green-Version
X-Vercel-Cache
X-Forwarded-Host
X-Platform-Router
X-Vercel-Id
X-Tb
X-Platform-Processor
X-Platform-Cluster
X-Reqid
X-Frame-Option
X-Ms-Request-Id
X-Provided-By
X-Webstats-RespID
X-Ms-Version
X-Uri
X-Drupal-Cache-Contexts
X-Vcache
X-MP-GENERATED-AT
CDN-Uid
X-Alternate-Cache-Key
CDN-Cache
X-Storefront-Renderer-Rendered
X-Shopify-Stage
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullSuccess
X-Origin-Date
X-XRDS-Location
Cache-Tv-Group
WP-Super-Cache
X-Sorting-Hat-ShopId
X-Sucuri-Cache
X-ShopId
X-Sorting-Hat-PodId
Source
X-ShardId
Fastcgi-Useragent
X-Sql-Duration-Ms
X-Sql-Count
X-Vcl-Version
X-Sucuri-ID
Priority
X-FB-TRIP-ID
Content-Secure-Policy
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Origin
X-Xrds-Location
X-Generated-By
Onion-Location
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-SRV
X-Newrelic-Synthetics
X-Pass-Why
X-Content-Age
Sid
Atl-Traceid
X-Buckets
WZWS-RAY
X-Scope-Id
X-CMSURLCustom
Thinkindot-Control
X-Cluster-Node
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
S-Rt
X-Thinkindot-L3
HostName
X-LSADC-Cache
X-Proxy-Cache-Status
Cache
X-DataDome
X-Varnish-Beresp-Ttl
Cross-Origin-Window-Policy
X-Cache-Action
X-Cache-Expired-At
X-WP-CF-Super-Cache-Cookies-Bypass
X-GEO
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-Via-CDN
X-Ua
X-Optimistic-Header
X-Connection-Hash
Expiry
User-Cache-Control
X-SRCache-Key
Lang
X-ScT
X-Section
X-TIM-N
DCR-Decision-By
Apple-News-Services-Request-Url
Candidate-Md5Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
A
Apple-News-Services-Handled
CDCHOST
DCR-Processing-Time-Ms
X-Vdms-Version
X-Vdms-Path
X-Viewer-Country
X-Vtex-Remote-Cache
Gannett-Cam-Experience-Id
L
X-Varnish-Hostname
X-PAYTM-SRV-ID
X-A
X-Developer
X-Destination
X-D
X-A-Ccd
X-Dispatcher-Server
Vix-Hermes-Req-Id
Surrogated-Key
T-Server
Type
X-Ec-Custom-Error
X-A-Dam
X-Conf
X-B-Cookie
X-Bc-Bl
X-A-Wwc
X-Application
X-Access
X-A-Dgt
X-BCube-Filmed-By
X-A-Dcw
X-Cache-NE
X-Cache-Bucket
X-Bl-Debug
Sslversion
Sever-Int
Ngx.Var.Host
X-Request-Start
X-Platform
Origin
X-Aed
Ngx-Var-Key
X-Rojux
MD5-Digest
X-SB
Meta-Geo-Continent
X-S-Cookie
Origin-Agent-Cluster
X-Op-Id-All
X-Ec-GeoHdr
X-Ec-Fail
Server-Ext
Server-Host
Req-ID
Rendered-Blocks
Redirect-Candidate
X-Instance-Name
X-External-Request-Id
X-Epic-Correlation-Id
X-Scheme
Server-Hostname
Fastly-Drupal-HTML
X-VCache
X-Correlation-ID
X-Datadome
X-TimeS
X-NMSegId
V-Age
X-Nyt-Route
X-Nginx-Cache-Key
X-Node-Id
Wxu-Next-Commit
X-Moov-Xdn-Version
X-Moov-T
Wxu-Next-Region
Wxu-Next-Hostname
Ssr
X-NCache
X-Pool
X-Request-URI
NM-Fastcgi-Cache
X-Rocket-Build-Number
X-SD-PageType
X-Sigma-Backend
X-Sigma
X-Request-Time
X-Req
X-Proxied-Request
X-Mly-Id
X-Pubstack
Release
Pramga
X-Origin-Time
X-Amz-Meta-Cb-Modifiedtime
X-Generated-On
X-Core-Value
X-TA-CDN-Provider
X-Clientip
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gen-Mode
X-Gdpr
X-Fastly-Cache
X-Esi-Check
X-Forwarded-Site
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Gzip
X-Cache-TTL-Remaining
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Level-Front-Cache
X-Loc
Host-ID
X-Auto-Login
X-Bip
X-Human
X-Cache-Id
X-Cache-Info
X-Hnp-Log
X-Branch-Name
X-Block-Status
X-Acquia-Purge-Cdn-Unconfigured
Req-Svc-Chain
Cluster
X-Varnish-Beresp-Status
X-Varnish-Director
Content-Script-Type
Content-Style-Type
DSUID
X-Dc
X-UA-Device-Type
X-VG-TLSProxy
X-VG-WebCache
X-We-Are-Hiring
X-Zen-Fury
Magicmarker
X-WA-Info
X-VServer
Cache-Provider
C-Via
Environment
X-Varnishpool
X-Thanos
X-TH-Server
Fastly-SSL
Fastly-GeoIP-CountryCode
X-Origin-Response-Time
X-Service
X-Mg-Request-UUID
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Is-Eu
Adler-Geo
X-Irp-Debug
X-ApacheServer
X-Men
Canary
X-Mvc-Supplant-Cachable
Mail-Subject
Machine
Locid
Cdncip
X-Ad-Load-Variation
Esi-Enabled
X-Aicache-OS
X-HS-Content-Campaign-Id
X-From
Yak-Timeinfo
X-Contensis-Viewer-Groups
X-Fmm-Version
X-Device-Os
X-ND-Cache
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-Geo-Header
X-GeoIP
X-Cache-Date
Gh-Request-Id
X-Cache-Aspx
X-GoCache-CacheStatus
X-AK-Request-ID
X-Cdn-Srv
X-GeoIP-City
Cdnsip
X-Micro-Cache
X-Server-IP
X-PERF
Country-Code
X-Var-Ttl
X-Org
True-Client-Country-4JS
X-Old-Content-Length
X-Varnish-Authentication
RNT-Time
RNT-Machine
Platform
X-Request-Host
On-Server
Producers
X-Region-Sid
X-V-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Tube-Get-Contents
X-Policy
Click-Count-Error
Tube-Return
X-Mvc-Supplant-OutputCached
Click-Count-Action-Start
Tube-Got-Eval
Tube-Got-Results
Uber-Trace-Id
We-Hiring
Web-Mar-Region
W
X-Use-Magma
X-Azure-Ref-OriginShield
X-Csrf-Jwt
X-CGP
Cdn-Request-Time
X-VarnishDD-TTL
X-Eu-Site
X-Fastly-Backend
X-HN
X-DC
X-Amz-Storage-Class
Proxy-Firewall
PFcat
X-Up
Cf-Device-Type
X-App-Name
X-Slack-Shared-Secret-Outcome
Cdn-Host
X-Ratelimit-Reset
X-Sn-Servicetimems
X-Wikidot-Backend
X-Wikidot-Static-Cache
AKAMAI
Ha-Gx-Prefs
X-Proto
Cache-Key
X-Slack-Backend
X-Edge-Server
X-Test
L5d-Success-Class
HA-Ipaddr
X-Hash
X-Parent-Response-Time
X-Backend-Instance
Pics-Label
X-LB-ID
X-Date
X-CacheTTL
Fastly-Backend-Name
NGX
X-Accel-Expires-Debug
X-Ah-Environment
X-ZONE
X-Via-Popv
X-Via-Popn
X-Tx-Id
IsBot
X-COUNTRY
X-SIPLIST1
X-Core-Mission
X-Via-Poph
X-HA-Backend
X-Owner
XM
LB
X-API-Version
X-CACHE-GROUP
Datacenter
X-Cache-Backend
X-DynaTrace-JS-Agent
Cdn
X-Servedbyhost
X-Origin-Expires
X-Varnish-Hits
X-Lagoon
X-LB-NoCache
NtCoent-Length
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-Qloud-Router
X-UA
X-VHOST
Expect-Staple
SID
X-CF-Lambda-Version
X-CF-Lambda-Fn
RATING
N-Cache
Cdn-Requestid
X-NGINX-Cache
X-Orig-Expires
X-Srv
Server-ID
Xc-Version
GeoIp-Country-Code
X-Shop-Environment
X-Nc
X-Wa
X-Tenant
X-CDN-Cache-Status
X-Cache-Type
X-ECache
X-Forwarded-Path
CloudFront-Viewer-Country
Cross-Origin-Opener-Policy-Report-Only
X-RID
Cmsid
Cmstype
X-Nananana
X-Gamma-Serve
X-Presslabs-Stats
X-Via-Fastly
X-Fpc
X-TX-ID
X-Zone
CPC-Cache
CPC-Age
Cache-Hits
X-Vmg-Version
X-Hit
Resin-Trace
X-B3-Parentspanid
GeoIP-Latitude
X-Cdn-Diag
Uri
X-Proxy-CacheRZ
X-Location
XkeyRZ
X-Akamai-Transformed
User-Agent
X-Ig-Origin-Region
X-Nf-Request-Id
X-Client-Ip
DataCenter
Fusion-Template-Id
X-URL
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Cloudmap
X-Amz-Meta-Opti
X-Fastly-Country-Code
X-Info
True-Client-Ip
X-Variation
X-DataCenter
CacheControlHeader
X-TIME
Powered-By
X-Tt-Logid
Tcn
X-LAGOON
X-CS
Origin-EX
X-Datacenter
Mime-Version
Origin-CC
X-CUA
X-Jungle-Id
MIME-Version
X-NewRelic-App-Data
X-HostName
X-CACHE-AGE
X-IAuth-Set-Uid
True-Client-IP
X-NWS-UUID-VERIFY
Fastly-Drupal-Html
X-Cached-By
X-Geo
X-User
X-Api-Version
X-Dynatrace-Js-Agent
Load-Balancing
VNS-Age
VNS-Cache
Debug
Cf-Ipcountry
Lb
Srv
X-Segment-20210421
X-Webkit-Csp-Report-Only
X-B3-Spanid
X-Cdn-Forward
X-Render-Time
X-LiteSpeed-Tag
X-HOST
X-Vc
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-VTEX-Cache-Server
X-AIR-PT
X-VTEX-Cache-Time
CDN
X-Powered-By-VTEX-Cache
X-Dispatcher-Number
Hostname
X-CSRF-TOKEN
Cl-Cache
X-Wormhole-Sdk
Edge-Cache
X-Auth-Group-Type
Ohc-File-Size
Cache-Name
GeoIP-Country-Code
X-Dispatch
X-MCACHE
X-FPC
X-Litespeed-Tag
Ohc-Cache-HIT
X-Cdn-Cache-Status
X-Ig-Push-State
X-NC
X-Esi
Server-Id
X-WA
X-NodeID
Odigeo-Trace-Id
X-Mid
X-Lb-Nocache
X-Cs
X-Oracle-DMS-ECID
X-Custom-Header
X-Vgn-Hpd-Reason
X-ServedByHost
X-Cache-Ttl
X-APP-VERSION
X-Fastly-Backend-Reqs
X-PHP-Backend
CountryCode
X-Depends
BehaviorPad-Version
Ms-Author-Via
X-Litespeed-Cache-Control
X-VCL-Version
X-Pad
X-Cdn-Request-ID
X-DefElseHash
X-DefHash
Xkeylog
X-Via-PopN
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Cache-Enabled
X-Varnish-Remaining-TTL
X-Via-PopH
X-Via-PopV
X-Ha-Backend
X-Lb-Id
X-Proxy-Cache-La3
Xkey-La3
X-MSEdge-Features
X-MSEdge-Flight
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
X-Acquia-Site
X-VC-TTL
X-M-Reqid
X-M-Log
PICS-Label
X-Acquia-Purge-Tags
YJS-ID
OriginIP
X-IN-APIGATEWAY
Server-Info
Location
Ngx
FSS-Cache
X-Snapshot-Date
X-Acquia-Application-UUID
Srvid
X-IN-APIGATEWAYSSL
X-FL-QIT-DEBUG
Memcached
Memory
Time
X-Acquia-Application-Trace
X-FL-EDGE
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Cache-Version
X-Shopid
My-App
CF-Ctrl
Warning
X-Internal-Host
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Serial
X-Check-Cacheable
X-Mg-Cache
X-Service-Response-Time
X-Dw-Trace-Id
X-Web-Server
Sm-Log-Id
X-Udemy-Cache-App-Namespace
X-Sucuri-Id
CF-Cached-On
X-Th-Server
Geoip-Latitude
Akamai-Cache-Status
X-RequestId
X-Lsadc-Cache