Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-UA-Compatible
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-AspNet-Version
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
X-Drupal-Cache
X-Ua-Compatible
Accept-CH-Lifetime
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
X-Backend
Cf-Edge-Cache
Allow
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Rq
X-Age
X-Vhost
EagleId
Xkey
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Page-Speed
X-Swift-SaveTime
X-Pingback
X-Swift-CacheTime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-LiteSpeed-Cache
X-Aws-Lambda-Call-Status
X-WebKit-CSP
X-CST
X-Backend-Server
Permissions-Policy
X-OneAgent-JS-Injection
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Cache-Lookup
Accept-Ch-Lifetime
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
X-Country
Content-Location
X-Trace
X-Oneagent-Js-Injection
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Ruxit-JS-Agent
X-Origin-Cache-Key
X-Edge
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Amz-Server-Side-Encryption
Cache-Tag
X-ECACHE
X-Midtier
X-Mcache
X-FTR-Request-ID
X-Mod-Pagespeed
Nginx-Cache
X-MS-InvokeApp
X-Vname
X-TtlSet
X-PC
X-ESI
X-Powered-By-Plesk
X-Upstream
Rating
Edge-Control
X-Ruxit-Js-Agent
X-Server-Name
X-Browser-Type
X-D2id
Verso
X-Element-Page-Cache
X-Cnection
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Times
SPIisLatency
SPRequestDuration
X-Ac
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-SharePointHealthScore
SPRequestGuid
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-Ser
X-Vcap-Request-Id
X-NF-Request-ID
X-Dw-Request-Base-Id
X-B3-TraceId
X-NWS-LOG-UUID
X-GitHub-Request-Id
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-VARITI-CCR
X-Middleton-Display
Display
Pagespeed
X-Sol
S
X-Client-IP
X-Mg-S
Edge-Cache-Tag
X-Cache-Key
X-Ttl
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Cache-Status
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
X-Server-ID
Access-Control-Request-Method
X-Version
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Recruiting
X-ARC
Response
X-Middleton-Response
X-Content-Digest
X-Varnish-TTL
X-Webkit-Csp
Origin-Trial
X-TraceId
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
Content-MD5
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
MicrosoftSharePointTeamServices
TP-Cache
X-Content-Security-Policy-Report-Only
X-Accel-Expires
X-Daa-Tunnel
X-Shield-Request-Id
Cross-Origin-Resource-Policy
Front-End-Https
X-Cached
X-Hits
X-Id
Public-Key-Pins
MS-Author-Via
X-Ua-Browser
Server-Node
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Hub-Id
X-DIS-Request-ID
X-HS-Cache-Config
X-FTR-Cache-Status
X-Country-Code-Real
X-Forwarded-Proto
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
Payment
X-FTR-Expires
X-Frontend
X-FastCGI-Cache
X-LLID
X-ORACLE-DMS-RID
X-HP-Trace-Id
X-Jurisdiction
Realpath
X-HP-Webp
X-Fastcgi-Cache
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-RateLimit-Limit
Cache-Tags
X-Distributor
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Microsite
X-Request-Handler-Origin-Region
Count-Hit
X-Kong-Proxy-Latency
Mrf-Cache-Status
Referer-Policy
X-Kong-Upstream-Latency
MRF-Tech
X-B3-TraceId-Primal
X-Az
X-Hostname
X-Activity-Id
X-AppVersion
X-Cluster-Name
X-ORACLE-DMS-ECID
X-Page-Id
X-NGENIX-Cache
X-Www-Served-By
X-F-Cache
X-Varnish-Backend
X-XRDS-LOCATION
Host
X-Varnish-Server
X-Geo-Country
X-Envoy-Decorator-Operation
Accept-Charset
X-Debug-Info
Fastcgi-Cache
X-Correlation-Id
X-App-Server
X-Ua-Device
X-Ratelimit-Limit
X-PressLabs-Stats
X-TTL
X-FB-Debug
X-Goog-Metageneration
X-Varnish-Ttl
Access-Control-Allow-Method
Retry-After
X-Git-Hash
X-CSRF-Token
X-Ezoic-Cdn
X-Upgrade-Enabled
X-RateLimit-Reset
X-Load-Cache
X-Content-Options
X-Fastly-Request-Id
X-ASPNET-VERSION
X-Px
X-Seen-By
X-Revision
X-Tt-Trace-Tag
X-Type
X-Datadog-Trace-Id
TCN
X-Contextid
X-Datadog-Parent-Id
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Datadog-Sampling-Priority
Charset
X-Tt-Trace-Host
X-B3-Sampled
Section-Io-Cache
X-Grace
X-B
X-Trace-Id
Cleartype
Paypal-Debug-Id
DC
X-Cache-Control
X-TT
Healthy
X-Signature
X-B-Cache
X-Fb-Rlafr
X-TEC-API-VERSION
X-Request-Guid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Rid
X-Whom
X-App-Environment
X-WebKit-CSP-Report-Only
X-Node-Name
X-Newrelic-App-Data
X-Wix-Request-Id
X-Kinja-CCPA
Frame-Options
X-Mobile
X-Origin-Cache
X-Amz-Replication-Status
X-Magnolia-Registration
X-Proxy
Accept-Ch
X-Azure-Ref
X-Oracle-Dms-Ecid
X-EdgeConnect-Cache-Status
X-Flags
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
X-Goog-Storage-Class
X-Providence-Cookie
X-Goog-Generation
X-N
X-Logged-In
X-Fastly-Request-ID
Filterid
X-Language
X-WP-CF-Super-Cache-Cache-Control
X-Air-Pt
X-WP-CF-Super-Cache
Content-Disposition
Akamai-GRN
Backend
X-Oracle-Dms-Rid
NGB
X-App-Version
VIX-Pulpo-Node
X-Response-Served-From
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Template
Upgrade-Insecure-Requests
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Proxy-Cache-Info
X-Tumblr-Pixel
MS-CV
X-Debug-IsPreview
X-Debug-IsConnected
X-Time
X-Ratelimit-Remaining
X-Unique-Id
Ms-Operation-Id
X-Tumblr-User
X-RemovedCookies
X-ProcessESI
X-Datadog-Sampled
Refresh
Viewport
X-RTag
X-Cache-Age
X-Yottaa-Metrics
X-UUID
X-IPS-LoggedIn
X-FW-Version
X-FW-Static
X-Debug
X-Yottaa-Optimizations
X-Is-Bot
X-FW-Hash
X-FW-Dynamic
X-Rendered-As
X-FW-Type
X-FW-Serve
Liferay-Portal
X-FW-Server
SD-X-WS
X-Varnish-Grace
X-Servername
X-Adobe-Loc
X-Environment-Context
X-NYM-Debug-Backend
X-L-Path
X-Amzn-Remapped-Content-Length
X-G
X-Instance
X-Adobe-Content
X-Region
X-Device-Type
Fastly-SIE
X-User-Agent
X-Hl-Ver
Fastly-SWR
From-Origin
X-Cache-Grace
X-Cacheable-TTL
X-Status
Country
X-B3-Traceid
X-Backend-Name
X-Cache-Hit
X-Rule
Url
X-Jobs
X-Hcs-Proxy-Type
ServerID
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Via-JSL
X-VC-Cache
X-INCAP-ABP
X-Origin-CC
X-B3-SpanId
X-Origin-TTL
X-Webkit-CSP
Countrycode
WPO-Cache-Status
WPO-Cache-Message
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Page-View
X-Air-Hostname
X-Air-Source
Alternate-Protocol
X-Cache-Status-Check
X-Air-Trace-Id
X-HTML-Minification-Powered-By
Version
X-NODE
Surrogate-Key
X-Source
X-Content-Powered-By
X-Akamai-Request-ID2
X-Nginx-Cache
GEO-INFO
X-Hosted-By
X-Storage
Protected
X-Rocket-Nginx-Serving-Static
X-WP-CF-Super-Cache-Active
AMP-Access-Control-Allow-Source-Origin
SRV
X-Akamai-Edgescape
X-Accel-Version
OT-Force-Account-Verify
Access-Control-Request-Headers
X-VC
CDN-RequestId
Amp-Access-Control-Allow-Source-Origin
X-Http-Reason
X-CDN-Forward
X-Real-IP
X-Framework
X-Edge-Location
X-Mode
CF-IPCountry
X-Cache-Rule
X-Use-Mantle
Front
X-Upstream-Ct
X-Upstream-Ht
X-Xfnlog-Site
Webserver
X-Rn-Rsrv
Filters
X-Cache-Time
X-Cache-Operation
X-Rewrite-Enabled
X-ServerID
X-UPSTREAM-Address
Meta-Geo
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Proxy-Build
X-AWS-Id
X-Timing-Wait
Selected-Fe
Cross-Origin-Embedder-Policy
X-Served-From
X-SaId
ServedBy
X-VWS-Id
X-Varnish-Cache-Hits
Mn-Server-Ip
X-Origin
X-JoinUs
X-Httpd
X-LJ-Flow-ID
X-Restarts
Apigw-Requestid
TWC-Connection-Speed
TWC-Device-Class
X-Labrador-Cache-Channel
X-Lambda-Id
X-Routing-Service
X-ProxyCache-Status
X-Proxied
X-PHP-Host
X-Origin-Hint
Accept-Language
X-No-Session
X-Endurance-Cache-Level
X-ProxyCache-Key
Node
Property-Id
TWC-GeoIP-Country
X-Format
Section-Io-Id
X-Cluster
X-BYPASS-REASON
Xserver
X-Worker
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Version
X-Extlb
TWC-Privacy
TWC-Locale-Group
X-Director
X-Soup
X-Zipkin-Id
Xet-Cookie
Webcakes-App-Name
X-Cms-Context
X-Is-Tablet
DB-Nickname
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
X-Handled-By
X-GeoCountry
Web-Mar-Node
X-AB
X-Adobe-Source
X-IPLB-Instance
X-GeoCode
X-Browser-Name
X-IPLB-Request-ID
X-Logging-Id
X-SayCDN-TTL
X-Server-W
X-Say-TTL
X-Say-Cacheable
X-S
Azure-Version
X-Tcp-Rtt
X-Web-Node
X-VCT
X-Varnish-Beresp-Grace
X-Varnish-Age
X-Redis-Cache
X-Skip-Cache
Azure-InstanceId
Azure-RegionName
Azure-SlotName
X-Locale
Azure-SiteName
X-RCS-CacheZone
X-Cache-Host
X-RM-Cache-TTL
X-Cache-Debug
X-Generation-Time
X-Cache-Server
X-Detected-As
X-Fetched-On
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Vercel-Cache
X-Vercel-Id
X-R9-Blue-Green-Version
X-Loop
X-Site-Version
X-Tncms
X-Tb
X-Reqid
X-Ms-Request-Id
X-Platform-Router
X-Platform-Processor
X-Git-Commit
X-Ms-Version
X-Frame-Option
X-Drupal-Cache-Contexts
X-Uri
X-Platform-Cluster
X-DynaTrace
X-Container-Uri
X-MP-GENERATED-AT
X-TT-LOGID
X-Webstats-RespID
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Cache
X-Provided-By
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Uid
CDN-CachedAt
X-XRDS-Location
WP-Super-Cache
X-Origin-Date
Cache-Tv-Group
X-Vcache
X-ShardId
X-ShopId
Source
X-Sorting-Hat-PodId
Fastcgi-Useragent
X-Sorting-Hat-ShopId
X-Sql-Count
X-Sql-Duration-Ms
Priority
X-FB-TRIP-ID
X-Vcl-Version
Content-Secure-Policy
X-Sucuri-Cache
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Origin
X-Sucuri-ID
Sid
Onion-Location
X-Generated-By
X-Pass-Why
X-Content-Age
X-Newrelic-Synthetics
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Buckets
Atl-Traceid
WZWS-RAY
X-SRV
X-Thinkindot-L3
X-Shield-Cache-Expires
X-CMSURLCustom
X-Cluster-Node
S-Rt
HostName
Thinkindot-Control
X-Scope-Id
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Proxy-Cache-Status
X-LSADC-Cache
Cache
Cross-Origin-Window-Policy
X-Varnish-Beresp-Ttl
X-Xrds-Location
X-Cache-Expired-At
X-VCache
X-Ua
X-Cache-Action
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-DataDome
X-Optimistic-Header
X-Datadome
X-WP-CF-Super-Cache-Cookies-Bypass
X-Connection-Hash
Expiry
X-Dc
X-PAYTM-SRV-ID
A
Apple-News-Services-Handled
Gannett-Cam-Experience-Id
User-Cache-Control
Lang
L
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Candidate-Md5Url
CDCHOST
X-Instance-Name
DCR-Decision-By
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
MD5-Digest
Meta-Geo-Continent
Req-ID
Rendered-Blocks
Server-Host
X-Request-Start
Sslversion
X-External-Request-Id
Redirect-Candidate
Origin-Agent-Cluster
Ngx-Var-Key
X-Op-Id-All
Ngx.Var.Host
X-Platform
Origin
X-Rojux
Surrogated-Key
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Destination
X-Varnish-Hostname
X-SRCache-Key
X-D
X-BCube-Filmed-By
X-A-Dam
X-Access
X-Viewer-Country
X-B-Cookie
X-Cache-NE
X-Dispatcher-Server
X-Vtex-Remote-Cache
X-Correlation-ID
X-Application
X-Bc-Bl
X-Aed
X-Developer
X-A-Ccd
X-A
T-Server
X-ScT
X-GEO
Type
X-Cache-Bucket
X-Scheme
X-Conf
X-S-Cookie
X-SB
X-Epic-Correlation-Id
X-Section
X-Vdms-Path
X-Vdms-Version
X-Ec-Fail
X-Bl-Debug
X-TIM-N
X-Ec-GeoHdr
Vix-Hermes-Req-Id
X-TimeS
Host-ID
X-GeoIP-Country-Code
X-Cache-Id
X-Debug-Cache-Store
X-Core-Value
X-Gzip
Cluster
X-Clientip
DSUID
X-Debug-Cache-Fetch
Fastly-GeoIP-CountryCode
X-GeoIP-Region-Code
Environment
X-Cache-TTL-Remaining
X-Gdpr
Sever-Int
Wxu-Next-Region
Server-Hostname
Server-Ext
Wxu-Next-Hostname
Wxu-Next-Commit
X-Level-Front-Cache
X-Esi-Check
V-Age
Req-Svc-Chain
Release
X-Auto-Login
X-Generated-On
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
Ssr
X-Amz-Meta-Cb-Modifiedtime
X-Ec-Custom-Error
NM-Fastcgi-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-Bip
X-Node-Id
X-Req
X-Pubstack
X-Request-Time
X-Loc
X-Sigma
X-Proxied-Request
X-Pool
X-Nginx-Cache-Key
X-NMSegId
X-Nyt-Route
X-Origin-Time
Magicmarker
X-Sigma-Backend
X-TH-Server
X-Varnish-Beresp-Status
X-UA-Device-Type
X-Thanos
X-Varnishpool
X-VG-TLSProxy
X-TA-CDN-Provider
X-Zen-Fury
X-We-Are-Hiring
X-WA-Info
X-NCache
X-Rocket-Build-Number
X-Mly-Id
X-Moov-T
X-Moov-Xdn-Version
C-Via
X-Service
X-Mg-Request-UUID
Fastly-Drupal-HTML
Content-Style-Type
X-SVT-ORM-RULES
X-Ad-Load-Variation
Tube-Got-Eval
X-ApacheServer
Content-Script-Type
Country-Code
X-Aicache-OS
Tube-Got-Results
X-Server-IP
Yak-Timeinfo
Gh-Request-Id
W
Tube-Return
Uber-Trace-Id
We-Hiring
X-DPWN-IS-SECURE
Cache-Provider
X-VServer
X-Varnish-Authentication
Click-Count-Action-Start
X-Cache-Info
X-Varnish-Director
X-Var-Ttl
X-V-Cache
X-Contensis-Viewer-Groups
Canary
X-Cdn-Srv
X-Device-Os
X-Cache-Date
X-Men
X-VG-WebCache
X-SVT-ORM-VERSION
Tube-Get-Contents
X-Human
X-Block-Status
Click-Count-Error
X-Cache-Aspx
X-Branch-Name
X-Hnp-Log
X-SD-PageType
X-Region-Sid
X-RateLimit-Remaining-Second
Adler-Geo
X-From
X-Org
Fastly-SSL
X-Gen-Mode
X-RateLimit-Limit-Second
Esi-Enabled
Pramga
Platform
X-GoCache-CacheStatus
On-Server
X-Forwarded-Site
X-PERF
Producers
Mail-Subject
RNT-Machine
X-ND-Cache
X-Request-URI
Is-Eu
X-GeoIP-City
X-Micro-Cache
X-GeoIP
Machine
RNT-Time
True-Client-Country-4JS
X-Geo-Header
X-Fastly-Cache
X-Use-Magma
X-Origin-Response-Time
X-Irp-Debug
X-Policy
X-Up
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Test
X-Mvc-Supplant-OutputCached
X-Proto
X-Request-Host
X-Csrf-Jwt
X-CGP
X-AK-Request-ID
X-FC-Vary-Parameters
X-Eu-Site
X-HN
PFcat
X-VarnishDD-TTL
X-Edge-Server
X-Hash
X-Sn-Servicetimems
Cdncip
X-Amz-Storage-Class
X-Wikidot-Static-Cache
X-Wikidot-Backend
Cdnsip
Ha-Gx-Prefs
X-Fmm-Version
L5d-Success-Class
HA-Ipaddr
X-HS-Content-Campaign-Id
Proxy-Firewall
Cf-Device-Type
Locid
Cdn-Request-Time
Cdn-Host
AKAMAI
Cache-Key
Web-Mar-Region
X-Azure-Ref-OriginShield
X-Parent-Response-Time
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Fastly-Backend
X-Ah-Environment
X-LB-ID
X-Date
Fastly-Backend-Name
NGX
Pics-Label
X-App-Name
X-CacheTTL
X-Accel-Expires-Debug
X-ZONE
XM
X-Via-Popv
IsBot
X-Via-Popn
X-HA-Backend
X-Owner
X-Backend-Instance
X-Via-Poph
X-COUNTRY
X-Core-Mission
X-DC
X-SIPLIST1
LB
X-CACHE-GROUP
X-DynaTrace-JS-Agent
X-Varnish-Hits
X-Cache-Backend
Cdn
X-API-Version
X-Servedbyhost
Cdn-Requestid
X-Ratelimit-Reset
X-Tx-Id
X-Lagoon
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
X-Refresh
X-Qloud-Router
X-LB-NoCache
X-Origin-Expires
NtCoent-Length
X-VHOST
Datacenter
X-UA
Expect-Staple
N-Cache
RATING
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-NGINX-Cache
Server-ID
X-Tenant
X-ECache
X-CDN-Cache-Status
X-Orig-Expires
Xc-Version
X-Shop-Environment
X-Forwarded-Path
GeoIp-Country-Code
X-Cache-Type
Cross-Origin-Opener-Policy-Report-Only
X-Wa
X-RID
X-Nananana
X-Nc
X-Gamma-Serve
SID
CloudFront-Viewer-Country
Cmsid
Cmstype
X-TX-ID
CPC-Age
X-Zone
X-Fpc
CPC-Cache
X-Via-Fastly
Cache-Hits
X-Vmg-Version
Resin-Trace
DataCenter
Uri
X-B3-Parentspanid
X-Cdn-Diag
X-Hit
X-Ig-Origin-Region
X-Proxy-CacheRZ
GeoIP-Latitude
X-Nf-Request-Id
XkeyRZ
X-Akamai-Transformed
X-Location
User-Agent
X-Tt-Logid
X-Client-Ip
Fusion-Template-Id
X-URL
X-Presslabs-Stats
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Source
X-Cloudmap
X-Info
Powered-By
True-Client-Ip
CacheControlHeader
X-Datacenter
X-Amz-Meta-Opti
X-Variation
X-TIME
X-Fastly-Country-Code
X-CS
X-LAGOON
Tcn
Origin-CC
Origin-EX
Fastly-Drupal-Html
X-Jungle-Id
Mime-Version
X-DataCenter
X-Geo
X-NewRelic-App-Data
X-B3-Spanid
X-HostName
X-CACHE-AGE
X-User
X-CUA
X-IAuth-Set-Uid
True-Client-IP
X-NWS-UUID-VERIFY
MIME-Version
X-Api-Version
X-Dynatrace-Js-Agent
X-AIR-PT
Load-Balancing
X-Segment-20210421
VNS-Age
Lb
Cf-Ipcountry
Srv
VNS-Cache
X-Cached-By
X-Cdn-Forward
X-HOST
Debug
X-Render-Time
X-Vc
X-LiteSpeed-Tag
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
CDN
X-Webkit-Csp-Report-Only
X-CSRF-TOKEN
Hostname
Ohc-File-Size
X-Wormhole-Sdk
Edge-Cache
X-Auth-Group-Type
Cl-Cache
X-Dispatcher-Number
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
Cache-Name
X-FPC
X-Dispatch
X-MCACHE
Ohc-Cache-HIT
X-NC
Server-Id
X-Ig-Push-State
GeoIP-Country-Code
X-Esi
X-WA
X-Litespeed-Tag
X-Oracle-DMS-ECID
X-NodeID
Odigeo-Trace-Id
X-Cs
X-Cdn-Cache-Status
X-Lb-Nocache
X-Mid
X-ServedByHost
X-Custom-Header
X-Cache-Ttl
X-APP-VERSION
X-Depends
X-PHP-Backend
X-Vgn-Hpd-Reason
X-MSEdge-Features
CountryCode
X-Fastly-Backend-Reqs
BehaviorPad-Version
X-MSEdge-Flight
Ms-Author-Via
X-Litespeed-Cache-Control
X-VCL-Version
X-Pad
X-Proxy-Cache-La3
X-DefHash
Xkey-La3
X-Cache-Enabled
X-DefElseHash
X-Lb-Id
X-Varnish-Remaining-TTL
X-Cdn-Request-ID
X-MiniProfiler-Ids
X-Ha-Backend
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Via-PopN
Xkeylog
X-Via-PopV
X-Akamai-Pragma-Client-IP
X-Via-PopH
Srvid
X-FL-QIT-DEBUG
Server-Info
X-M-Reqid
YJS-ID
X-Snapshot-Date
FSS-Cache
X-VC-TTL
Ngx
X-M-Log
X-Acquia-Site
Memcached
Memory
OriginIP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-FL-EDGE
PICS-Label
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Time
Location
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Cache-Version
X-Shopid
X-Shardid
Geoip-Latitude
X-RequestId
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Udemy-Cache-App-Namespace
X-Sucuri-Id
CF-Ctrl
X-Internal-Host
My-App
Warning
X-Th-Server
X-Lsadc-Cache
X-Web-Server
X-Dw-Trace-Id
X-Mg-Cache
X-Service-Response-Time
X-Serial
Akamai-Cache-Status
Sm-Log-Id
X-Check-Cacheable
CF-Cached-On