Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Railgun
EagleEye-TraceId
X-WebKit-CSP
Permissions-Policy
X-OneAgent-JS-Injection
X-CST
X-Aws-Lambda-Call-Status
X-Backend-Server
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
Request-Id
X-Cache-Lookup
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Litespeed-Cache
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Ruxit-JS-Agent
X-Trace
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-Edge
Rating
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-Midtier
X-TtlSet
X-Vname
X-PC
X-Mcache
Nginx-Cache
X-Mod-Pagespeed
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-ESI
X-Server-Name
Edge-Control
X-NWS-LOG-UUID
X-Browser-Type
X-Times
X-Cnection
X-D2id
X-Element-Page-Cache
Verso
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Build
X-Ac
SPRequestDuration
SPIisLatency
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Ser
X-RateLimit-Remaining
X-B3-TraceId
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Ttl
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
S
X-Client-IP
Edge-Cache-Tag
X-Sol
X-Middleton-Display
Pagespeed
Display
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Server-ID
X-Recruiting
X-Daa-Tunnel
X-Varnish-TTL
Response
X-Middleton-Response
X-Content-Digest
X-ARC
X-Forwarded-For
X-TraceId
X-Webkit-Csp
X-T
Arr-Disable-Session-Affinity
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-MSEdge-Ref
Content-MD5
Cross-Origin-Resource-Policy
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
MicrosoftSharePointTeamServices
Front-End-Https
X-Shield-Request-Id
X-Accel-Expires
X-FastCGI-Cache
X-Hits
X-Cached
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
Public-Key-Pins
X-FTR-Backend
X-FTR-Cache-Status
X-HS-Content-Id
Server-Node
X-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Content-Security-Policy-Report-Only
X-Forwarded-Proto
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
X-FTR-Expires
X-ORACLE-DMS-RID
Payment
X-DIS-Request-ID
X-Frontend
Realpath
Origin-Trial
X-Protected-By
X-LLID
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
X-Fastcgi-Cache
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LB-Cache
Cache-Tags
X-Hostname
X-XRDS-LOCATION
X-Amz-Apigw-Id
X-Microsite
X-Amzn-RequestId
X-Request-Handler-Origin-Region
X-Origin-Server
X-Debug-Info
Referer-Policy
X-Page-Id
Host
X-Ratelimit-Limit
Mrf-Cache-Status
X-Activity-Id
Fastcgi-Cache
X-AppVersion
X-Az
X-B3-TraceId-Primal
MRF-Tech
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Cluster-Name
Count-Hit
X-Www-Served-By
X-Varnish-Backend
X-ORACLE-DMS-ECID
X-Correlation-Id
X-Varnish-Server
X-Geo-Country
Accept-Charset
X-App-Server
X-F-Cache
X-PressLabs-Stats
X-Ua-Device
Retry-After
X-Fastly-Request-ID
X-TEC-API-ROOT
X-FB-Debug
X-TEC-API-VERSION
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-Goog-Metageneration
X-RateLimit-Reset
X-Load-Cache
X-CSRF-Token
X-Upgrade-Enabled
X-Px
Access-Control-Allow-Method
TCN
X-Git-Hash
X-Seen-By
Server-Name
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Tt-Trace-Tag
X-Tt-Trace-Host
Section-Io-Cache
X-Request-Guid
X-Revision
X-Contextid
X-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Content-Options
X-Grace
X-Cache-Control
X-B
X-Type
X-Varnish-Ttl
Paypal-Debug-Id
X-Whom
Charset
X-B3-Sampled
X-TT
Healthy
DC
X-Fb-Rlafr
X-Azure-Ref
X-B-Cache
X-Wix-Request-Id
X-Signature
X-App-Environment
X-Proxy
X-Node-Name
X-Mobile
X-Origin-Cache
X-Air-Pt
X-Newrelic-App-Data
X-Magnolia-Registration
Frame-Options
X-N
X-Amz-Replication-Status
X-Fastly-Request-Id
Accept-Ch
Filterid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Ecid
X-TTL
X-Logged-In
X-WebKit-CSP-Report-Only
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Time
Content-Disposition
Backend
NGB
Akamai-GRN
Viewport
VIX-Pulpo-Node
X-Oracle-Dms-Rid
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
X-Is-Bot
X-Cache-Age
X-Rendered-As
X-Language
X-Datadog-Sampled
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-User
X-Tumblr-Pixel-1
SD-X-WS
Ms-Operation-Id
X-ProcessESI
Liferay-Portal
X-Varnish-Grace
X-Servername
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-RTag
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Unique-Id
X-Hl-Ver
MS-CV
X-RemovedCookies
X-Amzn-Remapped-Content-Length
X-UUID
X-FW-Type
X-IPS-LoggedIn
X-Debug
Upgrade-Insecure-Requests
X-Backend-Name
X-FW-Static
X-FW-Version
X-FW-Server
X-FW-Dynamic
X-Adobe-Content
X-Adobe-Loc
X-FW-Serve
X-FW-Hash
X-Environment-Context
Fastly-SWR
X-Via-JSL
X-NYM-Debug-Backend
Fastly-SIE
X-L-Path
X-G
X-Cacheable-TTL
X-Cache-Grace
X-Instance
X-Proxy-Cache-Info
X-Template
X-Device-Type
From-Origin
X-Region
ServerID
X-User-Agent
X-B3-SpanId
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
Country
X-Route-Name
X-Rule
X-Cache-Hit
Refresh
X-Flags
X-Ratelimit-Remaining
X-Rid
X-Status
X-VC-Cache
Url
Countrycode
Version
X-INCAP-ABP
X-Source
X-Webkit-CSP
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-App-Version
X-Jobs
CDN-RequestId
Alternate-Protocol
GEO-INFO
X-Storage
X-Air-Trace-Id
X-Air-Source
X-WP-CF-Super-Cache-Active
X-Air-Hostname
X-NODE
AMP-Access-Control-Allow-Source-Origin
WPO-Cache-Status
WPO-Cache-Message
X-Kinja-CCPA
OT-Force-Account-Verify
X-Akamai-Request-ID2
X-Content-Powered-By
Surrogate-Key
X-Real-IP
X-Origin-CC
X-Origin-TTL
X-B3-Traceid
X-Rocket-Nginx-Serving-Static
X-Hosted-By
Protected
X-Accel-Version
X-VC
SRV
X-ServerID
X-Tec-Api-Version
Access-Control-Request-Headers
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cache-Time
X-Nginx-Cache
X-Akamai-Edgescape
X-Handled-By
Amp-Access-Control-Allow-Source-Origin
X-CDN-Forward
X-Edge-Location
X-Page-View
X-Mode
Xet-Cookie
X-Framework
Webserver
X-Endurance-Cache-Level
X-Upstream-Ct
X-Xfnlog-Site
Meta-Geo
X-Rewrite-Enabled
X-Upstream-Ht
X-Cache-Rule
X-UPSTREAM-Address
X-TT-LOGID
Filters
X-Rn-Rsrv
X-Cache-Operation
X-Platform-Router
X-Director
Accept-Language
X-Platform-Processor
X-LJ-Flow-ID
Selected-Fe
ServedBy
X-AWS-Id
X-Cache-Debug
Section-Io-Id
X-JoinUs
X-Origin
Cross-Origin-Embedder-Policy
X-Platform-Cluster
X-Detected-As
X-Proxy-Build
X-Tumblr-Pixel-2
X-Timing-Wait
X-Tumblr-Pixel-3
Front
X-VWS-Id
X-Served-From
X-Soup
X-Varnish-Cache-Hits
X-SaId
X-Worker
X-No-Session
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Web-Mar-Node
X-PHP-Host
TWC-Privacy
X-Origin-Hint
TWC-Locale-Group
X-Web-Node
Node
X-Lambda-Id
Mn-Server-Ip
X-Labrador-Cache-Channel
Property-Id
X-Routing-Service
X-Webstats-RespID
TWC-Connection-Speed
X-Proxied
X-Logging-Id
TWC-Device-Class
X-Zipkin-Id
X-Use-Mantle
X-Extlb
X-Redis-Cache
X-Say-TTL
X-Cluster
X-SayCDN-TTL
X-Drupal-Cache-Tags
X-Cms-Context
X-Say-Cacheable
X-BYPASS-REASON
X-ProxyCache-Key
Webcakes-App-Version
Webcakes-App-Name
X-ProxyCache-Status
Webcakes-Region
X-Adobe-Source
X-Drupal-Cache-Contexts
X-Format
X-VCT
X-IPLB-Request-ID
X-Is-Desktop
X-Is-Mobile
X-Tncms
X-Browser-Name
X-Varnish-Age
X-AB
X-GeoCountry
X-GeoCode
X-Geo-Region
X-IPLB-Instance
X-Is-Supported-Browser
X-Varnish-Beresp-Grace
Azure-SlotName
X-RM-Cache-TTL
X-Loop
X-Site-Version
X-Sucuri-Cache
X-Skip-Cache
X-RCS-CacheZone
X-Restarts
Azure-InstanceId
Apigw-Requestid
X-Tcp-Rtt
X-S
Azure-RegionName
X-Locale
Azure-SiteName
Azure-Version
X-Is-Tablet
X-Reqid
X-Forwarded-Host
CF-IPCountry
X-Generation-Time
X-Fetched-On
X-Cache-Server
X-Httpd
X-R9-Blue-Green-Version
X-Tb
X-Vercel-Cache
X-Vercel-Id
X-Provided-By
X-Shopify-Stage
CDN-Uid
X-Ms-Request-Id
X-Frame-Option
X-Origin-Date
Xserver
X-Ms-Version
X-Container-Uri
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Cache-Host
X-Alternate-Cache-Key
CDN-RequestPullSuccess
CDN-Cache
CDN-RequestPullCode
X-Git-Commit
X-Storefront-Renderer-Rendered
X-Sucuri-ID
DB-Nickname
X-Server-W
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
WP-Super-Cache
X-ShardId
X-ShopId
X-Uri
X-Vcache
X-MP-GENERATED-AT
X-Cdn-Origin
Atl-Traceid
X-Vcl-Version
X-XRDS-Location
X-Http-Reason
Cross-Origin-Embedder-Policy-Report-Only
Source
Fastcgi-Useragent
Cache-Tv-Group
Sid
X-Generated-By
X-Pass-Why
Priority
Content-Secure-Policy
X-SRV
X-FB-TRIP-ID
X-DynaTrace
Cross-Origin-Window-Policy
X-RID
X-Scope-Id
X-CMSURLCustom
Onion-Location
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Buckets
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Urbn-Context-Path
Cache
X-Urbn-Site-Id
Locale
X-Content-Age
HostName
X-LSADC-Cache
X-Sql-Duration-Ms
X-Sql-Count
X-Azure-Ref-OriginShield
X-Optimistic-Header
X-Dc
X-WP-CF-Super-Cache-Cookies-Bypass
X-Proxy-Cache-Status
X-DataDome
X-GEO
X-Xrds-Location
X-Cluster-Node
X-Cache-Action
Expiry
X-Varnish-Beresp-Ttl
X-Request-URI
User-Cache-Control
WZWS-RAY
X-TA-CDN-Provider
X-Datadome
X-Connection-Hash
DCR-Decision-By
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Candidate-Md5Url
X-Bl-Debug
A
X-Vtex-Remote-Cache
Lang
Magicmarker
X-Request-Start
X-Platform
X-BCube-Filmed-By
Ngx-Var-Key
MD5-Digest
X-Rojux
X-Cache-Bucket
X-Ec-GeoHdr
X-SRCache-Key
X-Destination
X-Developer
X-TIM-N
X-Vdms-Version
X-Ec-Custom-Error
X-Ec-Fail
X-ScT
X-Cache-NE
X-S-Cookie
X-Conf
X-D
X-Scheme
X-SB
X-PAYTM-SRV-ID
Ngx.Var.Host
X-Viewer-Country
Vix-Hermes-Req-Id
X-Instance-Name
T-Server
Surrogated-Key
Sever-Int
Sslversion
X-A
X-A-Ccd
X-A-Wwc
X-Aed
X-A-Dgt
X-Varnish-Hostname
X-A-Dam
X-A-Dcw
X-Vdms-Path
Server-Hostname
Redirect-Candidate
Rendered-Blocks
Origin-Agent-Cluster
Origin
X-Op-Id-All
X-ND-Cache
Req-ID
X-Epic-Correlation-Id
X-B-Cookie
X-External-Request-Id
X-Dispatcher-Server
Server-Host
X-Bc-Bl
Server-Ext
X-Application
Meta-Geo-Continent
X-VCache
X-Cache-Expired-At
X-UA
X-Block-Status
X-Cache-Id
X-BBC-Edge-Cache-Status
X-Auto-Login
X-B3-Trace-ID
X-Cache-Info
X-Bip
X-VG-WebCache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Esi-Check
X-VG-TLSProxy
X-Core-Value
X-Amz-Meta-Cb-Modifiedtime
X-Clientip
X-Cache-TTL-Remaining
X-Access
Pramga
Release
X-Correlation-ID
NM-Fastcgi-Cache
Locid
Host-ID
L
Req-Svc-Chain
Ssr
X-Fastly-Cache
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
Wxu-Next-Hostname
V-Age
Wxu-Next-Commit
X-AK-Request-ID
X-Forwarded-Site
X-Pubstack
X-Req
X-Request-Time
X-Proxied-Request
X-Pool
X-Nyt-Route
X-Origin-Time
X-Rocket-Build-Number
X-SD-PageType
X-TH-Server
X-Thanos
X-UA-Device-Type
X-Sigma-Backend
X-Sigma
X-Section
X-Varnish-Beresp-Status
X-Node-Id
X-NMSegId
X-GeoIP-Region-Code
X-Gzip
X-Hnp-Log
X-GeoIP-Country-Code
X-Generated-On
X-Gdpr
X-Gen-Mode
X-Human
X-Varnishpool
X-NCache
X-Nginx-Cache-Key
X-Varnish-Director
X-Mly-Id
X-Level-Front-Cache
X-Loc
Fastly-GeoIP-CountryCode
X-Amz-Storage-Class
CDCHOST
Apple-News-Services-Handled
Content-Script-Type
DSUID
X-Lagoon
Content-Style-Type
Cdncip
X-WA-Info
X-Zen-Fury
Cdnsip
Yak-Timeinfo
Cluster
X-We-Are-Hiring
Environment
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
C-Via
X-VServer
X-Via-Edge
X-Via-SSL
X-Origin-Response-Time
Edge-Copy-Time
X-Service
X-TimeS
X-Newrelic-Synthetics
X-Via-CDN
S-Rt
Web-Mar-Region
X-GeoIP
We-Hiring
X-VarnishDD-TTL
X-Ad-Load-Variation
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-HN
X-Aicache-OS
X-GeoIP-City
Click-Count-Error
Click-Count-Action-Start
X-Backend-Instance
Canary
X-Cache-Date
X-Device-Os
Cache-Provider
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cdn-Srv
X-Cache-Aspx
X-Branch-Name
Adler-Geo
X-ApacheServer
X-From
X-Fmm-Version
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Men
X-Geo-Header
Uber-Trace-Id
Platform
X-Request-Host
PFcat
Fastly-SSL
X-Region-Sid
X-Micro-Cache
Country-Code
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
On-Server
X-Server-IP
X-SVT-ORM-VERSION
Gh-Request-Id
X-V-Cache
X-Var-Ttl
Is-Eu
X-SVT-ORM-RULES
Mail-Subject
Machine
Esi-Enabled
RNT-Machine
Producers
Tube-Got-Eval
RNT-Time
Tube-Got-Results
Tube-Return
X-Moov-T
X-Moov-Xdn-Version
X-Mvc-Supplant-Cachable
Tube-Get-Contents
X-PERF
X-Policy
X-Org
X-Old-Content-Length
Fastly-Drupal-HTML
LB
X-CGP
X-Fastly-Backend
X-Edge-Server
X-Test
X-Up
X-Proto
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Eu-Site
X-Sn-Servicetimems
True-Client-Country-4JS
X-Hash
X-API-Version
X-Slack-Backend
AKAMAI
XM
X-Slack-Shared-Secret-Outcome
X-Mg-Request-UUID
X-Csrf-Jwt
Cdn-Host
W
HA-Ipaddr
X-ECache
Ha-Gx-Prefs
Cdn-Request-Time
Cache-Key
Cf-Device-Type
X-App-Name
X-Origin-Expires
Proxy-Firewall
L5d-Success-Class
X-Accel-Expires-Debug
X-LB-ID
Type
X-Date
X-Cache-Backend
Fastly-Backend-Name
NGX
X-Mvc-Supplant-OutputCached
X-CacheTTL
X-Ua
X-Parent-Response-Time
X-NGINX-Cache
X-Ah-Environment
X-Varnish-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Poph
X-DynaTrace-JS-Agent
X-Via-Popv
X-DC
X-HA-Backend
X-Via-Popn
X-Tx-Id
X-COUNTRY
Cache-Hits
X-Irp-Debug
X-Servedbyhost
NtCoent-Length
X-CACHE-GROUP
Pics-Label
X-Ratelimit-Reset
X-Zone
Datacenter
GeoIp-Country-Code
X-Owner
X-CDN-Cache-Status
X-Via-Fastly
X-Refresh
Cdn
X-VHOST
X-ZONE
X-Core-Mission
X-SIPLIST1
IsBot
X-LB-NoCache
X-Cloudmap
Cdn-Requestid
X-Location
X-Ig-Origin-Region
X-Srv
X-TX-ID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Qloud-Router
Fusion-Source
X-PDP-UNCACHING-HASH
SID
Server-ID
X-Wa
Fusion-Content-Source
Fusion-Deployment-Id
X-Nc
X-Akamai-Transformed
N-Cache
X-B3-Parentspanid
Powered-By
Expect-Staple
Resin-Trace
X-CF-Lambda-Fn
Cross-Origin-Opener-Policy-Report-Only
X-CF-Lambda-Version
X-NWS-UUID-VERIFY
X-Jungle-Id
Xc-Version
X-Nananana
X-Tenant
X-CUA
GeoIP-Latitude
X-Forwarded-Path
DataCenter
Origin-CC
X-Cache-Type
X-Shop-Environment
X-Fpc
X-Orig-Expires
Origin-EX
X-Hit
X-NewRelic-App-Data
X-DataCenter
Uri
CloudFront-Viewer-Country
Cmstype
X-Gamma-Serve
X-Nf-Request-Id
X-User
XkeyRZ
Cmsid
X-Proxy-CacheRZ
X-Client-Ip
X-URL
X-CS
X-IAuth-Set-Uid
X-Segment-20210421
Mime-Version
CPC-Cache
Fastly-Drupal-Html
CPC-Age
Cf-Ipcountry
X-Presslabs-Stats
X-Vmg-Version
X-Cached-By
User-Agent
X-Amz-Meta-Opti
X-Render-Time
CDN
X-TIME
True-Client-IP
X-Cdn-Diag
X-Tt-Logid
X-LiteSpeed-Tag
X-Info
Srv
X-Wormhole-Sdk
True-Client-Ip
X-VTEX-Cache-Server
Debug
X-Esi
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-Varnish-Beresp-TTL
X-Cdn-Forward
X-CACHE-AGE
X-Auth-Group-Type
X-Geo
X-Fastly-Country-Code
Edge-Cache
MIME-Version
X-Dynatrace-Js-Agent
Load-Balancing
CacheControlHeader
X-Dispatch
X-Datacenter
X-Variation
X-Oracle-DMS-ECID
X-LiteSpeed-Cache-Control
Tcn
X-B3-Spanid
X-LAGOON
X-Vc
X-HOST
X-Ig-Push-State
X-APP-VERSION
X-Cs
X-HostName
X-FPC
Ohc-File-Size
Odigeo-Trace-Id
X-Use-Magma
X-Webkit-Csp-Report-Only
X-WA
X-NodeID
X-Custom-Header
Hostname
X-CSRF-TOKEN
VNS-Cache
X-NC
X-Vgn-Hpd-Reason
Server-Id
VNS-Age
Cl-Cache
X-AIR-PT
X-MCACHE
X-Lb-Nocache
X-PHP-Backend
X-Depends
Ohc-Cache-HIT
X-Pad
X-Varnish-CookieHashed-On
X-DefElseHash
X-DefHash
X-Varnish-CookieINHashed-On
GeoIP-Country-Code
RATING
X-Varnish-Remaining-TTL
X-Dispatcher-Number
X-ServedByHost
X-Cdn-Cache-Status
X-M-Log
X-VC-TTL
Lb
X-M-Reqid
X-Api-Version
X-MSEdge-Features
X-MSEdge-Flight
PICS-Label
Geoip-Latitude
X-Cache-Ttl
Cloudfront-Viewer-Country
X-APP
X-Fastly-Backend-Reqs
CountryCode
X-MiniProfiler-Ids
X-Via-PopN
X-Via-PopV
X-Ha-Backend
X-Cache-FS-Status
X-Via-PopH
Cache-Name
X-Litespeed-Tag
Epwk-X-Cache
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-VCL-Version
X-Lb-Id
Xkeylog
Xkey-La3
X-Cdn-Request-ID
X-Mid
X-Proxy-Cache-La3
X-Akamai-Pragma-Client-IP
Time
X-IN-APIGATEWAY
X-Web-Server
Memcached
OriginIP
X-Snapshot-Date
Ngx
X-RequestId
Memory
X-IN-APIGATEWAYSSL
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Shardid
X-Shopid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Cache-Version
X-Sucuri-Id
X-Th-Server
X-Check-Cacheable
X-Serial
X-Requestid
X-Service-Response-Time
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Dw-Trace-Id
Sm-Log-Id
CF-Cached-On
Akamai-Cache-Status
X-Udemy-Cache-App-Namespace
Warning
BehaviorPad-Version
X-Mg-Cache