Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
X-DNS-Prefetch-Control
P3p
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
X-Request-ID
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
X-UA-Device
Keep-Alive
Request-Context
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-Cache-Group
Allow
EagleId
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Permissions-Policy
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Railgun
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Backend-Server
X-WebKit-CSP
X-CST
X-Cache-Lookup
X-Host
X-Server-Id
X-Readtime
X-Aws-Lambda-Call-Status
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
X-HW
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Node
X-Litespeed-Cache
X-Nginx-Cache-Status
X-Application-Context
Content-Location
X-Country-Code
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
Nginx-Cache
X-PC
X-Vname
X-TtlSet
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-NWS-LOG-UUID
X-Midtier
X-Times
X-MS-InvokeApp
X-Origin-Cache-Key
X-Upstream
X-Server-Name
X-Mod-Pagespeed
X-ECACHE
X-Powered-By-Plesk
X-Browser-Type
Edge-Control
X-ESI
X-Cnection
X-D2id
X-Element-Page-Cache
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
Verso
X-Ser
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
X-Ac
X-RateLimit-Remaining
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-NF-Request-ID
X-B3-TraceId
X-Navigation-Version
X-Abt-Application-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Mg-S
X-Client-IP
Display
X-Middleton-Display
Pagespeed
X-Sol
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Edge-Cache-Tag
S
X-Ttl
X-Daa-Tunnel
X-Webkit-Csp
X-Cache-Key
Fastly-Restarts
X-Cache-TTL
X-VARITI-CCR
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Amz-Rid
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
RTSS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Varnish-TTL
X-Goog-Hash
Response
X-Middleton-Response
X-Server-ID
X-Recruiting
X-FastCGI-Cache
X-Content-Digest
X-TraceId
X-ARC
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
MS-Author-Via
Cross-Origin-Resource-Policy
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
Front-End-Https
X-SRCache-Fetch-Status
TP-Cache
X-RateLimit-Limit
X-Shield-Request-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-Forwarded-Proto
X-Cached
Realpath
X-Hits
X-Id
X-Accel-Expires
X-FTR-Expires
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-ORACLE-DMS-RID
X-Fastly-Request-ID
X-Frontend
Public-Key-Pins
Server-Node
Payment
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Protected-By
X-LLID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Distributor
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Correlation-Id
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-LB-Cache
TP-L2-Cache
X-XRDS-LOCATION
X-Request-Handler-Origin-Region
X-Microsite
Cache-Tags
Fastcgi-Cache
Count-Hit
Referer-Policy
X-AppVersion
X-Activity-Id
X-Debug-Info
X-B3-TraceId-Primal
X-Az
Mrf-Cache-Status
MRF-Tech
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
X-NGENIX-Cache
Host
X-Cluster-Name
X-Hostname
X-Www-Served-By
X-Varnish-Backend
X-Varnish-Server
Accept-Charset
X-Page-Id
X-Origin-Server
X-Geo-Country
X-App-Server
X-Ezoic-Cdn
X-PressLabs-Stats
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Retry-After
X-TEC-API-ROOT
X-F-Cache
X-Px
X-RateLimit-Reset
X-Load-Cache
Origin-Trial
X-FB-Debug
X-Goog-Metageneration
X-Upgrade-Enabled
X-CSRF-Token
X-Seen-By
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Limit
Cleartype
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Git-Hash
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Request-Guid
TCN
X-Cache-Control
X-Grace
Section-Io-Cache
X-Azure-Ref
X-B
X-B3-Sampled
X-TT
Paypal-Debug-Id
Healthy
X-Webkit-CSP
X-Trace-Id
X-Revision
X-Whom
X-TTL
DC
X-Contextid
X-Type
Charset
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Proxy
X-Fb-Rlafr
X-Datadog-Trace-Id
X-Content-Options
X-Wix-Request-Id
X-Mobile
X-N
X-Newrelic-App-Data
X-Signature
X-App-Environment
X-B-Cache
X-Node-Name
X-CCDN-CacheTTL
X-Varnish-Ttl
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Accept-Ch
Filterid
X-Magnolia-Registration
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Amz-Replication-Status
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
Frame-Options
X-Goog-Stored-Content-Length
X-Time
X-Air-Pt
X-Logged-In
Viewport
X-EdgeConnect-Cache-Status
NGB
X-Unique-Id
X-Debug
Content-Disposition
VIX-Pulpo-Node
X-Cache-Grace
VIX-Pulpo-Upstream-Status
X-Oracle-Dms-Rid
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Rendered-As
X-Tumblr-User
X-RemovedCookies
X-Is-Bot
X-Debug-IsConnected
X-ProcessESI
SD-X-WS
X-G
MS-CV
Fastly-SIE
Liferay-Portal
X-Servername
X-Adobe-Content
X-Datadog-Sampled
X-Varnish-Grace
X-RTag
X-Yottaa-Optimizations
Fastly-SWR
Backend
X-Yottaa-Metrics
Ms-Operation-Id
X-Adobe-Loc
X-IPS-LoggedIn
X-Amzn-Remapped-Content-Length
X-Backend-Name
X-FW-Version
X-NYM-Debug-Backend
X-Instance
X-FW-Dynamic
X-Cache-Age
X-FW-Server
X-FW-Static
X-FW-Hash
X-FW-Serve
X-UUID
X-FW-Type
X-Hl-Ver
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-VC-Cache
X-Original-Request-Id
X-Cacheable-TTL
ServerID
From-Origin
X-Via-JSL
X-Proxy-Cache-Info
X-User-Agent
X-Device-Type
X-Region
X-Rule
X-Environment-Context
Version
Upgrade-Insecure-Requests
X-Cache-Hit
X-L-Path
Akamai-GRN
X-Ratelimit-Remaining
X-Ua-Device
X-Status
Country
X-B3-SpanId
X-Source
Refresh
X-INCAP-ABP
X-Template
Countrycode
SRV
GEO-INFO
X-Storage
CDN-RequestId
X-Language
Url
X-HTML-Minification-Powered-By
X-Rid
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
OT-Force-Account-Verify
X-Cache-Status-Check
X-WP-CF-Super-Cache-Active
Alternate-Protocol
AMP-Access-Control-Allow-Source-Origin
X-NODE
X-Real-IP
X-Origin-TTL
X-Origin-CC
X-CDN-Forward
WPO-Cache-Message
WPO-Cache-Status
X-ServerID
X-App-Version
X-Fastly-Request-Id
X-Jobs
X-B3-Traceid
X-Akamai-Request-ID2
X-VC
Surrogate-Key
X-Sucuri-Cache
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Flags
X-Content-Powered-By
Access-Control-Request-Headers
X-TT-LOGID
X-Cache-Time
Protected
X-Sucuri-ID
X-Mode
X-Handled-By
X-Rocket-Nginx-Serving-Static
Amp-Access-Control-Allow-Source-Origin
X-Accel-Version
Xet-Cookie
X-UPSTREAM-Address
X-Upstream-Ct
X-Upstream-Ht
X-Rn-Rsrv
X-Xfnlog-Site
X-Endurance-Cache-Level
Webserver
Filters
Meta-Geo
X-Rewrite-Enabled
X-Akamai-Edgescape
X-Hosted-By
X-Detected-As
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
X-VWS-Id
X-Worker
X-Webstats-RespID
X-Timing-Wait
X-Edge-Location
X-AWS-Id
Front
X-RM-Cache-TTL
Cross-Origin-Embedder-Policy
X-SaId
X-Proxy-Build
X-Adobe-Source
ServedBy
Selected-Fe
X-Nginx-Cache
X-Cache-Debug
X-Origin
X-LJ-Flow-ID
X-JoinUs
TWC-Device-Class
TWC-Connection-Speed
Section-Io-Id
TWC-GeoIP-Country
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
Web-Mar-Node
X-Zipkin-Id
X-Served-From
TWC-GeoIP-LatLong
X-Logging-Id
X-Redis-Cache
X-No-Session
Atl-Traceid
X-Origin-Hint
X-Restarts
X-Cache-Rule
X-Cache-Operation
Property-Id
Node
Mn-Server-Ip
X-Routing-Service
Webcakes-Region
TWC-Privacy
X-Framework
X-Web-Node
X-Director
X-Drupal-Cache-Contexts
X-Extlb
X-Proxied
X-Cluster
X-Cms-Context
X-PHP-Host
X-Labrador-Cache-Channel
X-Forwarded-Host
X-RCS-CacheZone
CDN-EdgeStorageId
CDN-PullZone
X-Geo-Region
X-IPLB-Request-ID
CDN-Uid
X-Origin-Date
X-IPLB-Instance
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Is-Desktop
CDN-CachedAt
X-Platform-Router
X-BYPASS-REASON
X-Browser-Name
X-AB
X-Lambda-Id
X-Is-Tablet
X-Locale
X-ProxyCache-Key
X-Platform-Cluster
X-Loop
X-Is-Mobile
X-Is-Supported-Browser
X-Platform-Processor
X-ProxyCache-Status
CDN-RequestCountryCode
X-S
X-Tcp-Rtt
X-Tncms
X-Varnish-Age
CDN-Cache
X-Tb
X-Site-Version
X-Skip-Cache
X-Soup
Apigw-Requestid
X-RID
Xserver
X-Varnish-Cache-Hits
X-VCT
X-Alternate-Cache-Key
X-Tec-Api-Version
X-Git-Commit
X-Httpd
X-Tec-Api-Origin
X-Tec-Api-Root
X-Generation-Time
X-Shopify-Stage
X-Container-Uri
X-Vercel-Cache
X-Fetched-On
X-Vercel-Id
X-Cdn-Origin
X-Storefront-Renderer-Rendered
X-Cache-Host
X-Say-TTL
X-R9-Blue-Green-Version
X-Reqid
X-SayCDN-TTL
X-Say-Cacheable
X-Ms-Version
Azure-RegionName
X-Ms-Request-Id
X-GeoCountry
Azure-Version
X-Frame-Option
Azure-SiteName
X-Varnish-Beresp-Grace
X-Provided-By
Azure-InstanceId
X-Format
Accept-Language
Azure-SlotName
X-GeoCode
Fastcgi-Useragent
X-Cache-Server
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
DB-Nickname
X-Vcache
Cross-Origin-Window-Policy
X-SRV
X-XRDS-Location
X-Server-W
Source
X-Vcl-Version
X-Azure-Ref-OriginShield
CF-IPCountry
X-MP-GENERATED-AT
WP-Super-Cache
X-Uri
X-PDP-UNCACHING-HASH
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-CMSURLCustom
Thinkindot-Control
X-Shield-Cache-Expires
X-Thinkindot-L3
Sid
TDXMobile
X-Scope-Id
Cross-Origin-Embedder-Policy-Report-Only
X-Generated-By
X-Page-View
Cache
X-UA
X-Pass-Why
Cache-Tv-Group
X-FB-TRIP-ID
Content-Secure-Policy
X-Buckets
X-Lagoon
X-Optimistic-Header
X-LSADC-Cache
HostName
Onion-Location
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Dc
X-WP-CF-Super-Cache-Cookies-Bypass
X-Datadome
X-Content-Age
X-Use-Mantle
Priority
X-Http-Reason
X-DataDome
X-Request-URI
User-Cache-Control
X-Xrds-Location
X-Connection-Hash
Locid
X-DynaTrace
Expiry
X-GEO
X-UA-Device-Type
Origin
X-TIM-N
Meta-Geo-Continent
Surrogated-Key
Ngx-Var-Key
Ngx.Var.Host
Rendered-Blocks
Server-Ext
Server-Host
Sever-Int
Sslversion
Req-ID
X-Developer
Redirect-Candidate
Origin-Agent-Cluster
Gannett-Cam-Experience-Id
X-Ec-Fail
X-Request-Start
DCR-Decision-By
Candidate-Md5Url
X-Rojux
X-SB
A
X-ScT
X-Ec-GeoHdr
DCR-Processing-Time-Ms
Lang
LB
Magicmarker
X-Vtex-Remote-Cache
T-Server
X-Dispatcher-Server
X-SRCache-Key
MD5-Digest
Server-Hostname
X-D
X-Vdms-Version
X-Aed
X-Cache-NE
X-A-Dgt
X-A-Wwc
X-Vdms-Path
X-Cache-Bucket
X-Bl-Debug
X-BCube-Filmed-By
X-Varnish-Hostname
X-Bc-Bl
X-Op-Id-All
X-A-Dcw
X-ND-Cache
Vix-Hermes-Req-Id
X-Platform
X-A-Ccd
X-A
X-A-Dam
X-Conf
X-Cluster-Node
X-Proxy-Cache-Status
X-NWS-UUID-VERIFY
Cache-Hits
Content-Script-Type
Content-Style-Type
X-Req
X-Clientip
X-Block-Status
Cluster
X-Bip
X-Cache-TTL-Remaining
X-Core-Value
CDCHOST
Cdncip
C-Via
X-Origin-Time
X-Cache-Id
X-Origin-Expires
X-Nyt-Route
Release
Pramga
X-Device-Os
X-Debug-Cache-Store
Wxu-Next-Region
X-Pubstack
X-Destination
V-Age
Wxu-Next-Commit
Wxu-Next-Hostname
NM-Fastcgi-Cache
X-AK-Request-ID
X-B-Cookie
X-B3-Trace-ID
Fastly-SSL
Environment
True-Client-Country-4JS
Host-ID
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Fetch
X-Application
X-Auto-Login
DSUID
Cdnsip
X-GeoIP-Region-Code
XM
X-Zen-Fury
X-Varnishpool
X-TA-CDN-Provider
X-Gzip
X-GeoIP-City
Yak-Timeinfo
X-Viewer-Country
X-Gdpr
X-Node-Id
X-Fastly-Cache
X-Thanos
X-External-Request-Id
X-Kinja-CCPA
X-WA-Info
X-S-Cookie
X-Epic-Correlation-Id
X-Esi-Check
X-Nginx-Cache-Key
X-Varnish-Beresp-Ttl
X-GeoIP-Country-Code
X-GeoIP
X-Gen-Mode
X-NCache
X-Cache-Action
X-NMSegId
X-Generated-On
X-Forwarded-Site
X-SD-PageType
X-Level-Front-Cache
X-Hnp-Log
X-Service
X-Cache-Expired-At
X-Origin-Response-Time
X-FC-Vary-Parameters
X-Acquia-Purge-Cdn-Unconfigured
RNT-Time
RNT-Machine
X-Ad-Load-Variation
Producers
X-We-Are-Hiring
Platform
X-HS-Content-Campaign-Id
X-Varnish-Authentication
X-Men
X-Fmm-Version
X-VarnishDD-TTL
X-ApacheServer
X-Org
Tube-Return
Tube-Got-Results
X-Pool
X-Aicache-OS
We-Hiring
X-Loc
X-Policy
Tube-Got-Eval
Tube-Get-Contents
Web-Mar-Region
X-Human
X-Amz-Storage-Class
Ssr
X-Sql-Count
X-HN
X-From
X-Backend-Instance
X-TH-Server
Country-Code
X-Moov-T
X-Moov-Xdn-Version
X-Request-Time
X-Request-Host
PFcat
X-Region-Sid
Esi-Enabled
X-Sn-Servicetimems
X-DPWN-IS-SECURE
X-Geo-Header
X-PAYTM-SRV-ID
X-Server-IP
X-Cdn-Srv
X-Ec-Custom-Error
Cache-Provider
X-PERF
X-Mvc-Supplant-Cachable
Click-Count-Error
Click-Count-Action-Start
Canary
X-Micro-Cache
X-RateLimit-Limit-Second
Adler-Geo
Mail-Subject
Machine
X-Old-Content-Length
X-Sql-Duration-Ms
X-Var-Ttl
X-V-Cache
On-Server
X-Scheme
X-SVT-ORM-RULES
X-Cache-Aspx
X-Contensis-Viewer-Groups
Gh-Request-Id
X-Cache-Backend
Is-Eu
X-SVT-ORM-VERSION
L
X-RateLimit-Remaining-Second
X-GoCache-CacheStatus
X-VCache
X-NGINX-Cache
X-CGP
X-Cache-Info
X-ECache
X-Hash
X-BBC-Edge-Cache-Status
X-Newrelic-Synthetics
X-Csrf-Jwt
X-VG-TLSProxy
X-App-Name
X-VG-WebCache
X-Mly-Id
Cf-Device-Type
X-Varnish-Director
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
Cdn-Request-Time
Cdn-Host
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Section
Cache-Key
HA-Ipaddr
X-Edge-Server
Uber-Trace-Id
X-Proto
X-Wikidot-Static-Cache
W
X-Varnish-Beresp-Status
X-Instance-Name
X-Mvc-Supplant-OutputCached
X-Proxied-Request
X-Wikidot-Backend
X-Test
X-Eu-Site
L5d-Success-Class
X-Up
X-Fastly-Backend
Req-Svc-Chain
Proxy-Firewall
X-Access
X-Cloudmap
X-Sigma
X-Rocket-Build-Number
Fastly-Backend-Name
X-Sigma-Backend
X-Via-Fastly
Fastly-Drupal-HTML
X-VServer
X-LB-ID
NGX
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Date
X-CacheTTL
X-Accel-Expires-Debug
X-Date
WZWS-RAY
X-Mg-Request-UUID
X-Ah-Environment
X-Via-Popn
X-Varnish-Hits
X-Via-Popv
X-COUNTRY
X-DC
X-Via-Poph
X-Ig-Origin-Region
X-DynaTrace-JS-Agent
Pics-Label
X-Branch-Name
X-Tx-Id
X-HA-Backend
X-Zone
X-Location
X-Parent-Response-Time
X-API-Version
NtCoent-Length
Datacenter
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
X-Refresh
Fusion-Content-Id
X-CACHE-GROUP
X-Via-Edge
X-Via-CDN
X-Via-SSL
Edge-Copy-Time
Fusion-Template-Id
Fusion-Source
X-Ratelimit-Reset
X-Correlation-ID
S-Rt
GeoIp-Country-Code
Type
X-Servedbyhost
X-Wormhole-Sdk
X-CDN-Cache-Status
X-Akamai-Transformed
X-VHOST
X-Jungle-Id
X-CUA
Powered-By
Cdn
X-Esi
X-ZONE
Origin-CC
Origin-EX
X-User
Request-ID
Resin-Trace
X-Ua
X-LB-NoCache
X-TX-ID
SID
X-Irp-Debug
Cf-Ipcountry
Cdn-Requestid
X-Srv
X-Nc
X-Render-Time
X-Wa
Server-ID
X-Core-Mission
X-Owner
Cross-Origin-Opener-Policy-Report-Only
X-SIPLIST1
X-LiteSpeed-Tag
Fastly-Drupal-Html
X-Cached-By
X-VTEX-Cache-Time
IsBot
X-Nananana
GeoIP-Latitude
X-Powered-By-VTEX-Cache
X-Hit
X-VTEX-Cache-Server
X-AIR-PT
X-NewRelic-App-Data
Uri
XkeyRZ
X-B3-Parentspanid
CloudFront-Viewer-Country
X-Qloud-Router
X-Proxy-CacheRZ
Edge-Cache
X-Nf-Request-Id
X-Fpc
X-Client-Ip
DataCenter
Mime-Version
X-Cs
X-Segment-20210421
True-Client-IP
X-Presslabs-Stats
X-Auth-Group-Type
X-DataCenter
X-IAuth-Set-Uid
X-URL
Debug
X-CS
X-LiteSpeed-Cache-Control
X-Ig-Push-State
X-TIME
X-Amz-Meta-Opti
Tcn
X-CF-Lambda-Fn
Expect-Staple
N-Cache
X-CF-Lambda-Version
X-PHP-Backend
CDN
X-Geo
Odigeo-Trace-Id
X-Tenant
X-Forwarded-Path
X-Cache-Type
Xc-Version
X-Varnish-Beresp-TTL
X-Orig-Expires
X-Shop-Environment
X-HostName
True-Client-Ip
Cmstype
MIME-Version
Cmsid
X-Vgn-Hpd-Reason
X-Tt-Logid
X-Gamma-Serve
X-NodeID
X-CACHE-AGE
X-Custom-Header
X-Dynatrace-Js-Agent
Load-Balancing
X-Pad
CPC-Cache
X-Dispatch
X-Vmg-Version
User-Agent
X-Info
CPC-Age
X-Api-Version
X-B3-Spanid
X-NC
X-WA
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-HOST
Srv
X-Depends
X-Fastly-Country-Code
X-Cdn-Diag
X-FPC
X-Vc
X-DefElseHash
X-M-Reqid
X-M-Log
Ohc-File-Size
X-VC-TTL
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-CSRF-TOKEN
Hostname
X-Variation
Cl-Cache
Geoip-Latitude
X-Datacenter
X-APP-VERSION
Server-Id
X-APP
X-Cache-FS-Status
CacheControlHeader
X-LAGOON
X-TimeS
Ohc-Cache-HIT
X-Lb-Nocache
X-ServedByHost
GeoIP-Country-Code
Cloudfront-Viewer-Country
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
FSS-Cache
Server-Info
VNS-Cache
VNS-Age
Epwk-X-Cache
X-Cache-Ttl
ServerHost
X-Litespeed-Tag
X-Ha-Backend
Srvid
CountryCode
BehaviorPad-Version
X-FL-QIT-DEBUG
X-Via-PopN
X-Fastly-Backend-Reqs
X-Via-PopH
PICS-Label
X-Via-PopV
Rtss
X-VCL-Version
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Litespeed-Cache-Control
X-Lb-Id
X-MSEdge-Features
Xkeylog
X-Cdn-Request-ID
Xkey-La3
X-Proxy-Cache-La3
X-MSEdge-Flight
Ngx
X-IN-APIGATEWAY
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-Serial
OriginIP
X-RequestId
X-Dispatcher-Number
X-Th-Server
X-MiniProfiler-Ids
X-Web-Server
X-IN-APIGATEWAYSSL
Memcached
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Snapshot-Date
X-Acquia-Application-Trace
Memory
X-Acquia-Site
Time
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-Cache-Version
X-Sorting-Hat-Podid
X-Ramcache
X-RAMCache
X-Sucuri-Id
X-Dw-Trace-Id
Akamai-Cache-Status
Sm-Log-Id
X-Service-Response-Time
Warning
X-Udemy-Cache-App-Namespace
X-Mg-Cache
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Requestid