Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
Allow
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Device
X-LiteSpeed-Cache
EagleEye-TraceId
X-WebKit-CSP
Permissions-Policy
X-CST
X-OneAgent-JS-Injection
X-Aws-Lambda-Call-Status
X-Backend-Server
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-Origin-Cache-Key
X-Rack-Cache
Cache-Tag
X-Edge
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
Rating
X-FTR-Request-ID
X-Midtier
X-Vname
X-PC
X-TtlSet
X-Mcache
Nginx-Cache
X-Mod-Pagespeed
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-ESI
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-NWS-LOG-UUID
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Ruxit-Js-Agent
X-Ac
SPIisLatency
SPRequestDuration
AR-Request-ID
AR-ATIME
X-Ser
AR-PoweredBy
AR-SID
X-RateLimit-Remaining
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Abt-Application-Version
X-Navigation-Version
X-GitHub-Request-Id
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Ttl
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
S
Edge-Cache-Tag
X-Client-IP
X-Sol
Display
X-Middleton-Display
Pagespeed
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
Cache-Status
X-Erf-Bev-Bev-Is-Generated
X-Powered-CMS
X-Edge-Location-Klb
X-Version
X-Kinsta-Cache
X-Server-ID
Access-Control-Request-Method
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-Daa-Tunnel
Response
X-Middleton-Response
X-ARC
X-Content-Digest
X-Webkit-Csp
X-Forwarded-For
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-TraceId
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-Cache
Cross-Origin-Resource-Policy
MS-Author-Via
Front-End-Https
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-Accel-Expires
X-Cached
X-Hits
X-FTR-Backend
X-FTR-Backend-Server
X-Content-Security-Policy-Report-Only
X-FTR-Cache-Status
X-Country-Code-Real
Public-Key-Pins
X-FTR-Balancer
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
Server-Node
X-Id
X-FTR-Expires
X-HS-Combine-CSS
X-Request-Processing-Time
X-Ua-Browser
Origin-Trial
X-Request-Received
X-Forwarded-Proto
X-DIS-Request-ID
X-FastCGI-Cache
Payment
X-Frontend
X-ORACLE-DMS-RID
X-LLID
Realpath
X-Protected-By
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Fastcgi-Cache
X-RateLimit-Limit
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
Cache-Tags
X-Kong-Upstream-Latency
X-LB-Cache
X-Kong-Proxy-Latency
X-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Origin-Server
X-Debug-Info
X-Page-Id
Referer-Policy
Host
X-XRDS-LOCATION
Mrf-Cache-Status
MRF-Tech
X-Activity-Id
X-B3-TraceId-Primal
X-Az
X-AppVersion
X-NGENIX-Cache
X-Www-Served-By
Count-Hit
X-Cluster-Name
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Varnish-Server
X-Varnish-Backend
X-Geo-Country
Accept-Charset
X-Correlation-Id
X-F-Cache
X-App-Server
X-Ratelimit-Limit
X-Ua-Device
X-ORACLE-DMS-ECID
X-PressLabs-Stats
Retry-After
X-FB-Debug
X-Goog-Metageneration
X-Ezoic-Cdn
X-Load-Cache
X-RateLimit-Reset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Upgrade-Enabled
X-CSRF-Token
X-Fastly-Request-ID
Access-Control-Allow-Method
X-Git-Hash
TCN
X-Px
X-Seen-By
X-Varnish-Ttl
X-Amz-Meta-S3cmd-Attrs
Server-Name
Cleartype
X-Tt-Trace-Host
X-Request-Guid
X-Revision
X-Content-Options
X-Contextid
X-Tt-Trace-Tag
Section-Io-Cache
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Trace-Id
X-Grace
X-Cache-Control
X-Datadog-Trace-Id
X-Type
X-B
X-Whom
Charset
Healthy
X-TT
X-B3-Sampled
Paypal-Debug-Id
DC
X-Fb-Rlafr
X-Wix-Request-Id
X-B-Cache
X-Signature
X-App-Environment
X-Azure-Ref
X-Proxy
X-Node-Name
X-Mobile
X-Origin-Cache
X-Air-Pt
Accept-Ch
X-Magnolia-Registration
X-Fastly-Request-Id
Frame-Options
X-Oracle-Dms-Ecid
X-Amz-Replication-Status
X-Newrelic-App-Data
X-TTL
X-N
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Generation
Filterid
X-Goog-Storage-Class
X-EdgeConnect-Cache-Status
X-WebKit-CSP-Report-Only
X-Logged-In
X-Oracle-Dms-Rid
Content-Disposition
Backend
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Time
NGB
X-Language
Akamai-GRN
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
Viewport
VIX-Pulpo-Node
X-Is-Bot
X-Rendered-As
X-Datadog-Sampled
X-Is-Crawler
X-Tumblr-Pixel-0
X-Servername
X-Flags
X-ProcessESI
X-Ratelimit-Remaining
MS-CV
Liferay-Portal
X-Unique-Id
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Tumblr-User
X-Route-Name
SD-X-WS
Ms-Operation-Id
X-Providence-Cookie
X-Debug-IsConnected
X-RTag
X-Cache-Age
X-Debug-IsPreview
X-Varnish-Grace
X-Aspnet-Duration-Ms
X-Hl-Ver
X-RemovedCookies
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-FW-Static
X-FW-Server
X-FW-Serve
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
Upgrade-Insecure-Requests
X-FW-Version
X-FW-Type
X-Adobe-Loc
X-Backend-Name
X-FW-Hash
X-Rid
X-UUID
X-Debug
X-FW-Dynamic
X-Adobe-Content
X-Via-JSL
Fastly-SWR
X-Cacheable-TTL
X-NYM-Debug-Backend
Fastly-SIE
X-L-Path
X-G
X-Environment-Context
X-Template
X-Cache-Grace
X-Instance
From-Origin
X-Device-Type
X-Proxy-Cache-Info
Refresh
X-Region
X-User-Agent
ServerID
X-Rule
X-Cache-Hit
Country
X-Status
X-B3-SpanId
X-VC-Cache
Url
X-Webkit-CSP
X-INCAP-ABP
Countrycode
X-App-Version
X-Source
Version
X-Jobs
Alternate-Protocol
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-NODE
GEO-INFO
X-Kinja-CCPA
X-Storage
CDN-RequestId
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-WP-CF-Super-Cache-Active
WPO-Cache-Status
WPO-Cache-Message
X-B3-Traceid
X-Akamai-Request-ID2
X-Content-Powered-By
X-Origin-CC
SRV
OT-Force-Account-Verify
X-Origin-TTL
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Root
X-Tec-Api-Origin
Surrogate-Key
X-Tec-Api-Version
X-Real-IP
X-Rocket-Nginx-Serving-Static
Protected
X-Hosted-By
X-Nginx-Cache
X-Accel-Version
Access-Control-Request-Headers
X-VC
X-CDN-Forward
Amp-Access-Control-Allow-Source-Origin
X-ServerID
X-Page-View
X-Cache-Time
X-Akamai-Edgescape
X-Mode
X-Framework
X-Handled-By
X-Edge-Location
X-Use-Mantle
X-Cache-Operation
Xet-Cookie
Webserver
Meta-Geo
X-Xfnlog-Site
Filters
X-UPSTREAM-Address
X-Upstream-Ct
X-Endurance-Cache-Level
X-Upstream-Ht
X-Rn-Rsrv
X-Rewrite-Enabled
X-Cache-Rule
X-Proxy-Build
X-Tumblr-Pixel-2
X-Timing-Wait
X-Soup
X-Served-From
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-VWS-Id
X-SaId
X-Origin
X-AWS-Id
ServedBy
Selected-Fe
Section-Io-Id
X-Cache-Debug
X-Detected-As
X-LJ-Flow-ID
X-JoinUs
X-Director
Accept-Language
Cross-Origin-Embedder-Policy
Front
CF-IPCountry
X-Proxied
X-PHP-Host
X-Origin-Hint
X-No-Session
X-ProxyCache-Key
X-ProxyCache-Status
X-Redis-Cache
TWC-Connection-Speed
X-Web-Node
X-Cluster
X-Logging-Id
X-Drupal-Cache-Tags
Property-Id
X-Extlb
X-Labrador-Cache-Channel
Mn-Server-Ip
TWC-GeoIP-Country
X-Cms-Context
X-Lambda-Id
Node
TWC-Device-Class
Webcakes-Region
Webcakes-App-Version
X-TT-LOGID
X-Worker
X-Adobe-Source
X-Webstats-RespID
X-BYPASS-REASON
Webcakes-App-Name
X-Zipkin-Id
X-Say-Cacheable
TWC-GeoIP-LatLong
X-Routing-Service
Web-Mar-Node
X-Say-TTL
TWC-Privacy
X-SayCDN-TTL
TWC-Locale-Group
X-Geo-Region
X-GeoCode
X-GeoCountry
X-Format
X-Drupal-Cache-Contexts
X-IPLB-Instance
X-Restarts
X-AB
X-Is-Mobile
X-RM-Cache-TTL
X-S
X-RCS-CacheZone
X-Loop
X-IPLB-Request-ID
X-Site-Version
X-Skip-Cache
X-Varnish-Beresp-Grace
X-VCT
X-Varnish-Age
X-Tncms
X-Tcp-Rtt
X-Is-Tablet
X-Locale
X-Is-Supported-Browser
Azure-SlotName
Azure-Version
X-Is-Desktop
Azure-RegionName
Azure-SiteName
X-Browser-Name
Apigw-Requestid
Azure-InstanceId
X-Vercel-Id
X-Httpd
X-Vercel-Cache
X-Generation-Time
X-Fetched-On
X-Forwarded-Host
X-Tb
X-Reqid
X-R9-Blue-Green-Version
X-Cache-Server
X-Sucuri-Cache
DB-Nickname
X-Origin-Date
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
Xserver
CDN-Cache
X-Ms-Request-Id
X-Ms-Version
X-Container-Uri
X-Cache-Host
X-Alternate-Cache-Key
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestCountryCode
X-Git-Commit
X-Provided-By
X-Frame-Option
CDN-RequestPullCode
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Vcache
X-Server-W
X-Sucuri-ID
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
WP-Super-Cache
X-Uri
X-ShardId
X-Http-Reason
X-XRDS-Location
X-MP-GENERATED-AT
X-Cdn-Origin
Atl-Traceid
Fastcgi-Useragent
X-Vcl-Version
Source
Cross-Origin-Embedder-Policy-Report-Only
Cache-Tv-Group
X-DynaTrace
X-Generated-By
Sid
X-FB-TRIP-ID
Content-Secure-Policy
Priority
X-Pass-Why
X-SRV
X-Buckets
Onion-Location
X-Scope-Id
X-CMSURLCustom
Thinkindot-CacheControl
X-Thinkindot-L3
TDXMobile
X-Shield-Cache-Expires
X-Urbn-Site-Id
Locale
Thinkindot-CacheControl-Type
Cross-Origin-Window-Policy
X-Urbn-Context-Path
Thinkindot-Control
X-Sql-Duration-Ms
X-Content-Age
Cache
X-Sql-Count
X-LSADC-Cache
X-RID
HostName
X-Azure-Ref-OriginShield
X-DataDome
X-Optimistic-Header
X-Xrds-Location
X-WP-CF-Super-Cache-Cookies-Bypass
X-Dc
X-Proxy-Cache-Status
X-GEO
X-Varnish-Beresp-Ttl
X-TA-CDN-Provider
WZWS-RAY
X-Cluster-Node
X-Cache-Action
X-Connection-Hash
User-Cache-Control
Expiry
A
DCR-Processing-Time-Ms
Magicmarker
Gannett-Cam-Experience-Id
Ngx-Var-Key
MD5-Digest
DCR-Decision-By
Candidate-Md5Url
Meta-Geo-Continent
Lang
X-A-Dcw
X-Instance-Name
X-External-Request-Id
X-ND-Cache
X-Op-Id-All
X-PAYTM-SRV-ID
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
X-Destination
X-Dispatcher-Server
X-Ec-Custom-Error
X-Ec-Fail
X-Platform
X-Request-Start
X-Vdms-Path
X-Varnish-Hostname
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-TIM-N
X-SRCache-Key
X-S-Cookie
X-Rojux
X-SB
X-Scheme
X-ScT
X-D
X-Conf
Sslversion
Sever-Int
Surrogated-Key
T-Server
Vix-Hermes-Req-Id
Server-Hostname
Server-Host
Origin-Agent-Cluster
Origin
Redirect-Candidate
Req-ID
Server-Ext
X-A
X-A-Ccd
X-BCube-Filmed-By
X-Bc-Bl
X-Bl-Debug
X-Cache-Bucket
X-Cache-NE
X-B-Cookie
X-Application
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
Ngx.Var.Host
Rendered-Blocks
X-Correlation-ID
S-Rt
X-Via-Edge
Edge-Copy-Time
X-TimeS
X-Datadome
X-Request-URI
X-Via-SSL
X-Cache-Expired-At
X-Newrelic-Synthetics
X-Via-CDN
X-Generated-On
DSUID
X-GeoIP-Country-Code
X-Gen-Mode
X-Gdpr
X-Forwarded-Site
Content-Script-Type
Content-Style-Type
X-NCache
Locid
X-GeoIP-Region-Code
X-Hnp-Log
X-Human
Fastly-GeoIP-CountryCode
X-Level-Front-Cache
NM-Fastcgi-Cache
Host-ID
L
Environment
X-Gzip
X-Loc
Pramga
V-Age
X-Amz-Storage-Class
X-Auto-Login
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
Wxu-Next-Region
X-Access
Wxu-Next-Hostname
Wxu-Next-Commit
X-Acquia-Purge-Cdn-Unconfigured
X-Bip
X-Block-Status
X-Debug-Cache-Fetch
X-Core-Value
X-Debug-Cache-Store
X-Nginx-Cache-Key
X-Esi-Check
Release
Req-Svc-Chain
X-Cache-Id
Ssr
X-Cache-Info
X-Cache-TTL-Remaining
X-Clientip
X-Fastly-Cache
X-Mly-Id
Apple-News-Services-Parsed-Url
X-UA-Device-Type
X-Thanos
Apple-News-Services-Request-Url
X-Pubstack
X-Proxied-Request
C-Via
X-Varnish-Beresp-Status
Apple-News-Services-Host
Apple-News-Services-Handled
X-Req
X-Rocket-Build-Number
X-Request-Time
X-SD-PageType
X-Section
X-TH-Server
X-Sigma-Backend
X-Sigma
X-Varnish-Director
X-Pool
X-Nyt-Route
X-We-Are-Hiring
X-WA-Info
X-Zen-Fury
Yak-Timeinfo
Cluster
X-NMSegId
X-Node-Id
Cdnsip
Cdncip
X-VG-TLSProxy
X-Varnishpool
CDCHOST
X-Origin-Time
X-VG-WebCache
X-VServer
Fastly-Drupal-HTML
X-Service
X-Lagoon
X-VCache
X-Origin-Response-Time
X-UA
X-Policy
X-HS-Content-Campaign-Id
X-ApacheServer
X-VarnishDD-TTL
X-HN
X-Varnish-Authentication
X-GoCache-CacheStatus
X-PERF
X-Backend-Instance
X-Org
X-Moov-T
X-Moov-Xdn-Version
X-Mvc-Supplant-Cachable
Fastly-SSL
X-Old-Content-Length
X-Ad-Load-Variation
X-Men
X-Micro-Cache
X-Aicache-OS
X-Var-Ttl
X-Branch-Name
X-Region-Sid
X-Server-IP
X-From
X-Fmm-Version
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Device-Os
X-Request-Host
X-Contensis-Viewer-Groups
X-RateLimit-Remaining-Second
X-Cache-Date
X-GeoIP
X-Cache-Aspx
X-Geo-Header
X-RateLimit-Limit-Second
X-SVT-ORM-RULES
X-Cdn-Srv
X-SVT-ORM-VERSION
X-V-Cache
X-GeoIP-City
Click-Count-Error
X-ECache
Country-Code
Esi-Enabled
Click-Count-Action-Start
Tube-Get-Contents
Tube-Got-Results
Tube-Got-Eval
Cache-Provider
Gh-Request-Id
Is-Eu
PFcat
Platform
Producers
On-Server
Mail-Subject
RNT-Time
Machine
RNT-Machine
Tube-Return
Canary
We-Hiring
Web-Mar-Region
Adler-Geo
Uber-Trace-Id
LB
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Hash
L5d-Success-Class
True-Client-Country-4JS
X-API-Version
XM
X-Origin-Expires
X-Edge-Server
X-Fastly-Backend
X-Eu-Site
X-Up
X-Test
Cdn-Host
Cdn-Request-Time
Proxy-Firewall
X-Ua
Cache-Key
AKAMAI
Cf-Device-Type
X-Mg-Request-UUID
X-Proto
Ha-Gx-Prefs
X-Sn-Servicetimems
X-Mvc-Supplant-OutputCached
X-Slack-Shared-Secret-Outcome
HA-Ipaddr
X-Slack-Backend
X-Csrf-Jwt
X-App-Name
X-CGP
W
Type
Fastly-Backend-Name
X-CacheTTL
NGX
X-LB-ID
X-Ah-Environment
X-Parent-Response-Time
X-Accel-Expires-Debug
X-Cache-Backend
X-Date
X-Varnish-Hits
X-Tx-Id
X-COUNTRY
X-DC
X-Irp-Debug
X-HA-Backend
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-DynaTrace-JS-Agent
X-CACHE-GROUP
X-Via-Popv
X-Via-Poph
Pics-Label
X-NGINX-Cache
X-Ratelimit-Reset
Cache-Hits
X-Owner
NtCoent-Length
X-Refresh
X-ZONE
Cdn
Datacenter
X-VHOST
X-Via-Fastly
GeoIp-Country-Code
X-Zone
X-Core-Mission
X-LB-NoCache
IsBot
X-CDN-Cache-Status
X-SIPLIST1
Cdn-Requestid
X-Srv
X-Nc
Server-ID
X-Ig-Origin-Region
SID
X-Qloud-Router
X-Cloudmap
X-Wa
X-Location
X-TX-ID
Fusion-Content-Source
Cross-Origin-Opener-Policy-Report-Only
Fusion-Deployment-Id
N-Cache
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Expect-Staple
X-CF-Lambda-Version
Fusion-Component-Id
X-CF-Lambda-Fn
X-Akamai-Transformed
Powered-By
DataCenter
X-Tenant
X-Fpc
Resin-Trace
GeoIP-Latitude
X-Hit
X-Shop-Environment
Xc-Version
X-Cache-Type
X-Forwarded-Path
X-B3-Parentspanid
X-Orig-Expires
X-Nananana
Cmsid
X-NewRelic-App-Data
CloudFront-Viewer-Country
X-Nf-Request-Id
X-NWS-UUID-VERIFY
Cmstype
X-Proxy-CacheRZ
X-CUA
X-Jungle-Id
Origin-EX
Origin-CC
X-Gamma-Serve
Uri
XkeyRZ
X-Client-Ip
X-DataCenter
X-URL
X-Presslabs-Stats
CPC-Age
X-CS
X-User
CPC-Cache
X-Info
X-Amz-Meta-Opti
X-Tt-Logid
X-Vmg-Version
X-TIME
User-Agent
Mime-Version
X-Cdn-Diag
X-PDP-UNCACHING-HASH
X-IAuth-Set-Uid
X-Segment-20210421
Fastly-Drupal-Html
X-Render-Time
True-Client-Ip
Cf-Ipcountry
X-Esi
True-Client-IP
X-Cached-By
CDN
X-LiteSpeed-Tag
X-CACHE-AGE
X-VTEX-Cache-Server
X-Geo
Debug
X-Wormhole-Sdk
X-VTEX-Cache-Time
MIME-Version
X-Powered-By-VTEX-Cache
X-Fastly-Country-Code
X-Dynatrace-Js-Agent
X-Variation
Srv
X-Datacenter
X-Varnish-Beresp-TTL
X-Auth-Group-Type
CacheControlHeader
X-Oracle-DMS-ECID
Load-Balancing
Edge-Cache
X-LAGOON
Tcn
X-B3-Spanid
X-Cdn-Forward
X-HOST
X-Vc
X-Dispatch
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-HostName
X-Ig-Push-State
X-Webkit-Csp-Report-Only
X-Use-Magma
X-CSRF-TOKEN
Hostname
Odigeo-Trace-Id
VNS-Age
Cl-Cache
X-Cs
VNS-Cache
X-FPC
X-AIR-PT
X-APP-VERSION
X-Vgn-Hpd-Reason
X-Custom-Header
X-WA
X-NodeID
Server-Id
X-NC
X-MCACHE
Ohc-Cache-HIT
X-Depends
GeoIP-Country-Code
RATING
X-PHP-Backend
X-Lb-Nocache
X-Pad
X-Cdn-Cache-Status
X-Varnish-CookieHashed-On
Lb
X-Dispatcher-Number
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-DefElseHash
X-DefHash
X-M-Log
X-Api-Version
X-VC-TTL
X-ServedByHost
X-M-Reqid
X-Cache-Ttl
X-Fastly-Backend-Reqs
Geoip-Latitude
PICS-Label
X-Via-PopV
X-MSEdge-Flight
X-MSEdge-Features
Cache-Name
X-Litespeed-Tag
X-Via-PopH
X-Via-PopN
X-Ha-Backend
CountryCode
X-VCL-Version
X-Srcache-Fetch-Status
X-Litespeed-Cache-Control
X-Srcache-Store-Status
Cloudfront-Viewer-Country
X-Cdn-Request-ID
X-Cache-FS-Status
Epwk-X-Cache
X-Lb-Id
X-APP
X-Proxy-Cache-La3
X-Mid
X-MiniProfiler-Ids
Xkeylog
Xkey-La3
X-Acquia-Purge-Tags
OriginIP
X-IN-APIGATEWAY
X-Acquia-Application-UUID
Ngx
X-Akamai-Pragma-Client-IP
X-Snapshot-Date
X-Acquia-Site
X-IN-APIGATEWAYSSL
X-RequestId
Memcached
X-Web-Server
Time
Memory
X-Acquia-Application-Trace
X-Sorting-Hat-Shopid
X-Cache-Version
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-Requestid
CF-Cached-On
X-Mg-Cache
Warning
BehaviorPad-Version
X-Dw-Trace-Id
X-Service-Response-Time
X-Serial
X-Check-Cacheable
X-Udemy-Cache-App-Namespace
Akamai-Cache-Status
X-Sucuri-Id
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
Sm-Log-Id