Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Generator
CF-Ray
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Pingback
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-WebKit-CSP
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Readtime
X-Server-Id
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Cache-Lookup
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-ECACHE
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
Nginx-Cache
X-PC
X-TtlSet
X-Vname
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
X-Cnection
X-Element-Page-Cache
X-Times
Verso
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Ac
SPRequestDuration
X-Ruxit-Js-Agent
SPIisLatency
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Abt-Application-Version
X-Ser
X-NWS-LOG-UUID
X-Dw-Request-Base-Id
X-B3-TraceId
X-Vcap-Request-Id
X-GitHub-Request-Id
X-RateLimit-Remaining
X-NF-Request-ID
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-VARITI-CCR
X-Mg-S
S
X-Client-IP
X-Sol
X-Middleton-Display
Pagespeed
Display
Edge-Cache-Tag
X-Server-ID
X-Cache-Key
RTSS
Fastly-Restarts
X-Amz-Rid
X-Amzn-Trace-Id
X-Cache-TTL
X-Ttl
X-Powered-CMS
Cache-Status
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Goog-Hash
X-Version
Access-Control-Request-Method
X-Edge-Location-Klb
X-Kinsta-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Recruiting
X-ARC
Response
X-TraceId
X-Middleton-Response
X-Varnish-TTL
X-Content-Digest
Origin-Trial
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
X-MSEdge-Ref
MicrosoftSharePointTeamServices
X-Daa-Tunnel
TP-Cache
X-Accel-Expires
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
Cross-Origin-Resource-Policy
Front-End-Https
X-Cached
X-Hits
X-Id
Public-Key-Pins
MS-Author-Via
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-Ua-Browser
X-DIS-Request-ID
X-Forwarded-Proto
X-Frontend
Payment
X-Request-Received
X-Request-Processing-Time
X-Webkit-Csp
X-FastCGI-Cache
X-LLID
X-Jurisdiction
Realpath
X-HP-Webp
X-HP-Trace-Id
X-Fastcgi-Cache
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-ORACLE-DMS-RID
Cache-Tags
X-LB-Cache
X-Distributor
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ratelimit-Limit
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
X-RateLimit-Limit
X-TTL
MRF-Tech
Mrf-Cache-Status
Referer-Policy
Count-Hit
X-B3-TraceId-Primal
X-Page-Id
X-Az
X-Kong-Upstream-Latency
X-AppVersion
X-Activity-Id
X-Kong-Proxy-Latency
X-Hostname
X-NGENIX-Cache
X-Debug-Info
X-Cluster-Name
Host
X-Www-Served-By
X-Geo-Country
X-Correlation-Id
X-F-Cache
X-Varnish-Backend
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Varnish-Server
Accept-Charset
X-App-Server
X-Ua-Device
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-XRDS-LOCATION
X-FB-Debug
X-Varnish-Ttl
X-Goog-Metageneration
Retry-After
Access-Control-Allow-Method
X-CSRF-Token
X-Git-Hash
X-Load-Cache
X-Upgrade-Enabled
X-Ezoic-Cdn
X-Content-Options
X-Fastly-Request-Id
X-RateLimit-Reset
Server-Name
X-Seen-By
X-Datadog-Trace-Id
X-Contextid
X-Px
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Request-Guid
X-Revision
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Control
Charset
X-Oracle-Dms-Ecid
X-B3-Sampled
X-Trace-Id
X-Type
Section-Io-Cache
X-B
TCN
X-TT
X-Amz-Meta-S3cmd-Attrs
X-Webkit-CSP
X-Grace
Cleartype
Healthy
X-Signature
X-TEC-API-ORIGIN
X-B-Cache
X-TEC-API-VERSION
X-TEC-API-ROOT
DC
X-Fb-Rlafr
X-Whom
X-App-Environment
X-Node-Name
Paypal-Debug-Id
X-Rid
X-Wix-Request-Id
X-Newrelic-App-Data
X-WebKit-CSP-Report-Only
X-Kinja-CCPA
X-Origin-Cache
X-Mobile
Frame-Options
X-Magnolia-Registration
X-Amz-Replication-Status
Accept-Ch
X-Proxy
X-Azure-Ref
X-Oracle-Dms-Rid
X-Ratelimit-Remaining
X-Flags
X-Is-Crawler
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Providence-Cookie
X-Goog-Generation
X-Aspnet-Duration-Ms
X-Route-Name
X-EdgeConnect-Cache-Status
X-Logged-In
X-Fastly-Request-ID
X-WP-CF-Super-Cache-Cache-Control
X-N
X-WP-CF-Super-Cache
X-Language
Filterid
X-Air-Pt
Content-Disposition
Backend
Akamai-GRN
NGB
X-Original-Request-Id
X-App-Version
VIX-Pulpo-Node
X-Response-Served-From
VIX-Pulpo-Upstream-Status
Upgrade-Insecure-Requests
X-Cache-Age
X-Time
X-Datadog-Sampled
X-ProcessESI
X-RemovedCookies
X-Is-Bot
X-Template
MS-CV
SD-X-WS
Ms-Operation-Id
X-Yottaa-Metrics
X-Rendered-As
X-RTag
X-Servername
X-Varnish-Grace
X-Unique-Id
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
Refresh
X-UUID
Liferay-Portal
X-Proxy-Cache-Info
X-Tumblr-Pixel
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-Environment-Context
X-L-Path
Viewport
Fastly-SWR
X-Region
Fastly-SIE
X-G
X-Amzn-Remapped-Content-Length
X-Cache-Grace
X-Hl-Ver
X-NYM-Debug-Backend
From-Origin
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Version
X-IPS-LoggedIn
X-FW-Serve
X-Instance
X-Debug
X-Device-Type
X-FW-Dynamic
X-Rule
X-Backend-Name
X-User-Agent
X-B3-Traceid
Url
X-Cache-Hit
Country
X-Jobs
X-Status
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Via-JSL
X-CCDN-Origin-Time
ServerID
X-Origin-CC
X-B3-SpanId
X-Origin-TTL
Countrycode
X-VC-Cache
X-INCAP-ABP
WPO-Cache-Status
WPO-Cache-Message
Alternate-Protocol
X-Tec-Api-Version
X-Page-View
X-Tec-Api-Root
X-Tec-Api-Origin
Version
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-Air-Trace-Id
Surrogate-Key
X-Air-Source
X-Air-Hostname
X-NODE
X-Akamai-Request-ID2
X-Source
X-Hosted-By
X-Nginx-Cache
X-Content-Powered-By
X-WP-CF-Super-Cache-Active
Protected
Amp-Access-Control-Allow-Source-Origin
CDN-RequestId
GEO-INFO
X-Rocket-Nginx-Serving-Static
SRV
X-Storage
X-Akamai-Edgescape
OT-Force-Account-Verify
X-Accel-Version
X-VC
Access-Control-Request-Headers
X-CDN-Forward
X-Edge-Location
X-Real-IP
X-Http-Reason
X-Framework
AMP-Access-Control-Allow-Source-Origin
X-Mode
X-Cache-Rule
CF-IPCountry
Front
X-Use-Mantle
X-ServerID
Meta-Geo
X-Xfnlog-Site
Filters
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Rn-Rsrv
X-Cache-Operation
Accept-Language
X-Cache-Time
X-Detected-As
Cross-Origin-Embedder-Policy
Webserver
X-SaId
X-AWS-Id
X-Proxy-Build
X-Cache-Debug
X-LJ-Flow-ID
X-Origin
X-Served-From
X-Soup
ServedBy
Selected-Fe
X-VWS-Id
Xet-Cookie
X-Timing-Wait
X-JoinUs
Mn-Server-Ip
X-Httpd
Xserver
X-Zipkin-Id
X-SayCDN-TTL
X-Worker
X-ProxyCache-Status
X-Cluster
X-ProxyCache-Key
X-Web-Node
X-BYPASS-REASON
X-Tumblr-Pixel-3
X-Logging-Id
X-Say-Cacheable
X-Say-TTL
Node
X-Routing-Service
X-Proxied
X-Tumblr-Pixel-2
Apigw-Requestid
X-Varnish-Cache-Hits
X-Adobe-Source
X-Cms-Context
X-Extlb
X-No-Session
X-Lambda-Id
X-Director
TWC-Device-Class
TWC-Connection-Speed
X-Is-Desktop
TWC-GeoIP-Country
X-Redis-Cache
X-Handled-By
X-RM-Cache-TTL
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
Property-Id
X-Labrador-Cache-Channel
X-GeoCountry
X-Restarts
TWC-Privacy
X-Origin-Hint
X-Format
X-RCS-CacheZone
X-Browser-Name
X-PHP-Host
X-Endurance-Cache-Level
X-Geo-Region
X-AB
Web-Mar-Node
TWC-Locale-Group
Webcakes-App-Name
X-GeoCode
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
X-S
X-Varnish-Beresp-Grace
X-Upstream-Ht
X-VCT
Section-Io-Id
X-Server-W
X-Tcp-Rtt
X-Upstream-Ct
DB-Nickname
X-Site-Version
X-Skip-Cache
X-Fetched-On
X-Forwarded-Host
X-Platform-Router
X-Platform-Processor
X-Container-Uri
X-Platform-Cluster
X-R9-Blue-Green-Version
X-DynaTrace
X-Locale
X-IPLB-Instance
X-Reqid
X-IPLB-Request-ID
X-Git-Commit
X-Tncms
X-Loop
X-Varnish-Age
X-Generation-Time
X-Cache-Server
X-Ms-Version
X-Ms-Request-Id
X-Webstats-RespID
X-Vercel-Id
X-Vercel-Cache
X-Tb
X-Drupal-Cache-Tags
X-Uri
X-Cache-Host
X-Provided-By
Azure-SlotName
Azure-InstanceId
Azure-Version
Azure-RegionName
X-TT-LOGID
X-Drupal-Cache-Contexts
X-MP-GENERATED-AT
Azure-SiteName
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
X-Storefront-Renderer-Rendered
CDN-Cache
X-Vcache
X-Shopify-Stage
X-Alternate-Cache-Key
X-XRDS-Location
X-Frame-Option
X-Origin-Date
Cache-Tv-Group
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
Source
Fastcgi-Useragent
X-Sucuri-Cache
X-Sql-Duration-Ms
X-Sql-Count
WP-Super-Cache
Content-Secure-Policy
X-FB-TRIP-ID
Priority
X-Sucuri-ID
X-Vcl-Version
X-Generated-By
X-Cdn-Origin
Cross-Origin-Embedder-Policy-Report-Only
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Xrds-Location
Sid
Locale
X-Newrelic-Synthetics
Onion-Location
X-Content-Age
X-Pass-Why
Atl-Traceid
X-Buckets
WZWS-RAY
X-SRV
S-Rt
HostName
X-Cluster-Node
X-Thinkindot-L3
TDXMobile
X-Proxy-Cache-Status
Thinkindot-CacheControl-Type
Thinkindot-Control
X-LSADC-Cache
X-Shield-Cache-Expires
X-Scope-Id
Thinkindot-CacheControl
Cache
X-CMSURLCustom
Cross-Origin-Window-Policy
X-DataDome
X-Varnish-Beresp-Ttl
X-Cache-Action
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Expired-At
X-Via-CDN
X-Ua
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-GEO
X-Optimistic-Header
Expiry
X-Connection-Hash
User-Cache-Control
X-PAYTM-SRV-ID
Req-ID
X-Op-Id-All
X-Request-Start
X-A-Wwc
X-A-Dcw
X-A-Ccd
X-Destination
X-Platform
X-A
X-A-Dam
X-A-Dgt
CDCHOST
MD5-Digest
Meta-Geo-Continent
Server-Hostname
X-Epic-Correlation-Id
X-Ec-GeoHdr
Sever-Int
L
Lang
Server-Host
Server-Ext
X-External-Request-Id
Redirect-Candidate
Rendered-Blocks
Origin-Agent-Cluster
Origin
Ngx-Var-Key
Ngx.Var.Host
X-Ec-Fail
Sslversion
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Vix-Hermes-Req-Id
Apple-News-Services-Host
Apple-News-Services-Handled
A
X-Dispatcher-Server
Candidate-Md5Url
X-Instance-Name
T-Server
Surrogated-Key
Gannett-Cam-Experience-Id
DCR-Processing-Time-Ms
DCR-Decision-By
Type
X-Ec-Custom-Error
X-Developer
X-Access
X-Scheme
X-BCube-Filmed-By
X-ScT
X-Bl-Debug
X-Bc-Bl
X-VCache
X-Rojux
X-S-Cookie
X-SB
X-Vtex-Remote-Cache
X-Viewer-Country
X-Varnish-Hostname
X-SRCache-Key
X-Conf
X-Vdms-Path
X-Cache-Bucket
X-Cache-NE
X-Correlation-ID
X-Vdms-Version
X-B-Cookie
X-Section
X-Application
X-D
X-TIM-N
Fastly-Drupal-HTML
X-Aed
X-Datadome
X-TimeS
Release
Content-Style-Type
X-VG-WebCache
X-Forwarded-Site
X-VG-TLSProxy
X-TH-Server
X-Sigma-Backend
X-TA-CDN-Provider
X-Cache-TTL-Remaining
X-Human
DSUID
X-Hnp-Log
NM-Fastcgi-Cache
Content-Script-Type
X-Sigma
Ssr
X-Varnish-Director
X-Rocket-Build-Number
X-Varnishpool
X-Varnish-Beresp-Status
X-Generated-On
X-Request-Time
X-Gen-Mode
Host-ID
X-Acquia-Purge-Cdn-Unconfigured
X-GeoIP-Region-Code
X-Branch-Name
X-Level-Front-Cache
Fastly-SSL
X-GeoIP-Country-Code
X-Req
Environment
X-VServer
X-NCache
X-Nginx-Cache-Key
Pramga
X-Thanos
X-Bip
X-Loc
X-Clientip
X-NMSegId
X-BBC-Edge-Cache-Status
Wxu-Next-Commit
X-Core-Value
Magicmarker
X-Node-Id
Wxu-Next-Region
Wxu-Next-Hostname
X-Moov-Xdn-Version
X-Pool
X-Mly-Id
X-SD-PageType
C-Via
X-UA-Device-Type
Cache-Provider
X-Request-URI
X-Block-Status
X-WA-Info
X-Pubstack
X-Zen-Fury
X-Dc
X-Moov-T
Req-Svc-Chain
X-Cache-Info
X-Fastly-Cache
X-Service
X-Mg-Request-UUID
X-Origin-Response-Time
X-Esi-Check
X-DPWN-IS-SECURE
X-Auto-Login
X-B3-Trace-ID
W
X-Debug-Cache-Fetch
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
X-Ad-Load-Variation
X-Aicache-OS
X-Device-Os
V-Age
Tube-Get-Contents
True-Client-Country-4JS
X-Cache-Date
Tube-Got-Eval
Tube-Got-Results
Uber-Trace-Id
Tube-Return
X-Cache-Id
X-Mvc-Supplant-OutputCached
X-Old-Content-Length
X-Org
X-Origin-Time
X-Policy
X-Nyt-Route
X-Mvc-Supplant-Cachable
Canary
X-Men
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Proxied-Request
Yak-Timeinfo
Cdncip
Cdnsip
X-AK-Request-ID
X-We-Are-Hiring
X-Server-IP
X-Region-Sid
X-Request-Host
X-ND-Cache
X-Irp-Debug
Adler-Geo
Locid
X-GeoIP
Click-Count-Action-Start
X-GeoIP-City
X-Gdpr
X-From
Producers
Platform
X-FC-Vary-Parameters
X-Fmm-Version
Fastly-GeoIP-CountryCode
Is-Eu
Cluster
X-HS-Content-Campaign-Id
Country-Code
Click-Count-Error
X-Gzip
X-V-Cache
Esi-Enabled
X-Use-Magma
X-Azure-Ref-OriginShield
X-Slack-Shared-Secret-Outcome
Ha-Gx-Prefs
HA-Ipaddr
X-Sn-Servicetimems
X-Var-Ttl
L5d-Success-Class
X-Slack-Backend
X-Contensis-Viewer-Groups
X-Up
X-Varnish-Authentication
X-PERF
X-Fastly-Backend
X-Proto
X-RateLimit-Limit-Second
X-Micro-Cache
X-Hash
X-Geo-Header
X-GoCache-CacheStatus
X-RateLimit-Remaining-Second
X-VarnishDD-TTL
X-Csrf-Jwt
X-Cdn-Srv
X-Eu-Site
PFcat
X-HN
X-Amz-Storage-Class
X-CGP
RNT-Time
We-Hiring
X-Cache-Aspx
Web-Mar-Region
X-ApacheServer
Mail-Subject
X-DC
Machine
On-Server
Gh-Request-Id
RNT-Machine
X-Ratelimit-Reset
X-Parent-Response-Time
X-Edge-Server
AKAMAI
Cf-Device-Type
Cache-Key
Pics-Label
Cdn-Request-Time
Proxy-Firewall
Cdn-Host
NGX
X-Ah-Environment
X-CacheTTL
X-App-Name
X-LB-ID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Test
X-ZONE
X-HA-Backend
Fastly-Backend-Name
IsBot
X-COUNTRY
X-Backend-Instance
XM
X-Owner
X-Via-Popv
X-SIPLIST1
X-Via-Poph
X-Tx-Id
X-Via-Popn
X-Accel-Expires-Debug
X-Date
X-Core-Mission
LB
Cdn
X-CACHE-GROUP
X-Servedbyhost
X-Varnish-Hits
X-DynaTrace-JS-Agent
X-Origin-Expires
NtCoent-Length
X-Refresh
X-Qloud-Router
X-Cache-Backend
X-LB-NoCache
X-API-Version
X-Lagoon
X-Srv
X-VHOST
Datacenter
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Lambda-Version
RATING
X-Nf-Request-Id
X-UA
X-CF-Lambda-Fn
N-Cache
Expect-Staple
Cdn-Requestid
X-NGINX-Cache
Server-ID
X-CDN-Cache-Status
X-Shop-Environment
X-Tenant
GeoIp-Country-Code
Xc-Version
X-Cache-Type
X-Forwarded-Path
X-Wa
X-ECache
X-Nc
X-Orig-Expires
X-Nananana
SID
CloudFront-Viewer-Country
Cmstype
Cmsid
X-Gamma-Serve
X-RID
X-Zone
CPC-Cache
CPC-Age
Cross-Origin-Opener-Policy-Report-Only
X-TX-ID
X-Via-Fastly
X-Fpc
Cache-Hits
X-Vmg-Version
GeoIP-Latitude
X-Hit
X-B3-Parentspanid
Uri
Resin-Trace
X-Cdn-Diag
DataCenter
User-Agent
X-Ig-Origin-Region
X-Akamai-Transformed
X-Proxy-CacheRZ
XkeyRZ
X-Client-Ip
X-Tt-Logid
X-URL
Fusion-Source
Fusion-Deployment-Id
X-Location
Fusion-Template-Id
Fusion-Component-Id
X-Presslabs-Stats
Fusion-Content-Id
Fusion-Content-Source
X-Cloudmap
X-Fastly-Country-Code
X-Variation
Powered-By
X-TIME
True-Client-Ip
X-Amz-Meta-Opti
CacheControlHeader
X-Info
Tcn
X-LAGOON
X-CS
Mime-Version
X-Datacenter
X-Jungle-Id
Origin-EX
X-CUA
Origin-CC
X-DataCenter
MIME-Version
X-NewRelic-App-Data
X-B3-Spanid
X-HostName
X-CACHE-AGE
Fastly-Drupal-Html
X-Geo
X-NWS-UUID-VERIFY
True-Client-IP
X-Cached-By
X-User
X-IAuth-Set-Uid
X-Dynatrace-Js-Agent
X-Api-Version
Lb
X-AIR-PT
Srv
X-Segment-20210421
Cf-Ipcountry
VNS-Age
Load-Balancing
VNS-Cache
X-Cdn-Forward
Debug
X-LiteSpeed-Tag
X-Vc
X-HOST
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-Render-Time
X-VTEX-Cache-Time
CDN
X-Webkit-Csp-Report-Only
Ohc-File-Size
Hostname
X-Dispatcher-Number
X-CSRF-TOKEN
X-Auth-Group-Type
Cl-Cache
X-Wormhole-Sdk
Edge-Cache
Cache-Name
GeoIP-Country-Code
X-Dispatch
X-FPC
X-MCACHE
Ohc-Cache-HIT
Server-Id
X-Cdn-Cache-Status
X-Esi
X-WA
X-Ig-Push-State
X-NC
X-Litespeed-Tag
Odigeo-Trace-Id
X-NodeID
X-Cs
X-Mid
X-Oracle-DMS-ECID
X-Lb-Nocache
X-Custom-Header
X-ServedByHost
X-Vgn-Hpd-Reason
X-VCL-Version
X-Cache-Ttl
X-APP-VERSION
X-Fastly-Backend-Reqs
CountryCode
X-PHP-Backend
BehaviorPad-Version
Ms-Author-Via
X-Pad
X-Litespeed-Cache-Control
X-Lb-Id
Xkeylog
X-Varnish-Remaining-TTL
X-Cache-Enabled
X-MiniProfiler-Ids
X-Proxy-Cache-La3
X-Cdn-Request-ID
X-DefElseHash
X-Akamai-Pragma-Client-IP
X-MSEdge-Features
Xkey-La3
X-Via-PopH
X-Via-PopN
X-Varnish-CookieINHashed-On
X-Ha-Backend
X-Via-PopV
X-MSEdge-Flight
X-DefHash
X-Depends
X-Varnish-CookieHashed-On
X-M-Reqid
X-FL-EDGE
YJS-ID
X-Acquia-Site
X-FL-QIT-DEBUG
PICS-Label
Server-Info
X-M-Log
X-Acquia-Application-UUID
X-IN-APIGATEWAY
Location
Memcached
OriginIP
FSS-Cache
Ngx
Srvid
Memory
X-IN-APIGATEWAYSSL
Time
X-Acquia-Application-Trace
X-Snapshot-Date
X-Acquia-Purge-Tags
X-Sorting-Hat-Shopid
X-Cache-Version
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-Sucuri-Id
X-Udemy-Cache-App-Namespace
X-VC-TTL
Warning
X-Th-Server
Geoip-Latitude
X-RequestId
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Dw-Trace-Id
X-Lsadc-Cache
X-Serial
X-Service-Response-Time
X-Web-Server
X-Internal-Host
Akamai-Cache-Status
X-Mg-Cache
CF-Cached-On
My-App
Sm-Log-Id
X-Check-Cacheable
CF-Ctrl