Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-Served-By
P3P
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Accept-CH
P3p
X-Drupal-Cache
X-Ua-Compatible
X-Cache-Status
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Keep-Alive
Request-Context
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
Ali-Swift-Global-Savetime
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-LiteSpeed-Cache
Cf-Railgun
EagleEye-TraceId
Permissions-Policy
X-WebKit-CSP
X-CST
X-Backend-Server
X-Aws-Lambda-Call-Status
X-OneAgent-JS-Injection
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Oneagent-Js-Injection
X-Trace
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Ruxit-JS-Agent
X-Origin-Cache-Key
Rating
X-Rack-Cache
Cache-Tag
X-Amz-Server-Side-Encryption
X-Edge
Cross-Origin-Opener-Policy
X-Midtier
X-FTR-Request-ID
Nginx-Cache
X-TtlSet
X-PC
X-Vname
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-ESI
X-Server-Name
Edge-Control
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Browser-Type
X-Cnection
X-D2id
X-Element-Page-Cache
Verso
X-Times
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
SPIisLatency
SPRequestDuration
X-Ser
X-Ac
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-SharePointHealthScore
X-RateLimit-Remaining
SPRequestGuid
X-Ttl
X-Abt-Application-Version
X-Navigation-Version
X-GitHub-Request-Id
X-NF-Request-ID
X-Dw-Request-Base-Id
X-B3-TraceId
X-Vcap-Request-Id
AR-CACHE
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Middleton-Display
Display
X-Sol
Pagespeed
S
X-Mg-S
Edge-Cache-Tag
X-Client-IP
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
X-Webkit-Csp
X-Amzn-Trace-Id
X-Cache-TTL
RTSS
X-Amz-Rid
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Instrumentation
X-Powered-CMS
X-Edge-Location-Klb
X-Server-ID
X-Kinsta-Cache
Access-Control-Request-Method
X-Version
X-Goog-Hash
X-Daa-Tunnel
X-Recruiting
X-Middleton-Response
Response
X-ARC
X-Content-Digest
X-Forwarded-For
X-Varnish-TTL
X-T
X-TraceId
Arr-Disable-Session-Affinity
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-MSEdge-Ref
Content-MD5
Cross-Origin-Resource-Policy
MS-Author-Via
TP-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
Front-End-Https
X-Shield-Request-Id
X-Accel-Expires
X-Cached
X-Hits
Public-Key-Pins
Server-Node
X-Ua-Browser
X-Request-Received
X-HS-Hub-Id
X-Request-Processing-Time
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-Id
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FastCGI-Cache
Payment
X-FTR-Balancer
X-Country-Code-Real
X-Frontend
X-FTR-Backend
X-DIS-Request-ID
X-RateLimit-Limit
X-FTR-Expires
Realpath
X-Protected-By
X-LLID
X-ORACLE-DMS-RID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Origin-Trial
X-Fastcgi-Cache
X-Hostname
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
Cache-Tags
X-Microsite
X-Request-Handler-Origin-Region
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
Host
Count-Hit
MRF-Tech
Referer-Policy
X-AppVersion
Mrf-Cache-Status
X-Debug-Info
X-B3-TraceId-Primal
X-Envoy-Decorator-Operation
X-Activity-Id
X-Az
X-Page-Id
X-NGENIX-Cache
Fastcgi-Cache
X-Www-Served-By
X-Cluster-Name
X-Varnish-Backend
X-Geo-Country
X-Varnish-Server
X-XRDS-LOCATION
Accept-Charset
X-App-Server
X-Correlation-Id
X-F-Cache
X-Ua-Device
X-PressLabs-Stats
X-ORACLE-DMS-ECID
X-Fastly-Request-ID
X-Ezoic-Cdn
Retry-After
X-FB-Debug
X-Varnish-Ttl
TCN
X-Ratelimit-Limit
X-Goog-Metageneration
X-Load-Cache
X-Upgrade-Enabled
X-CSRF-Token
X-Px
Access-Control-Allow-Method
X-ASPNET-VERSION
X-RateLimit-Reset
X-Git-Hash
X-Seen-By
X-Amz-Meta-S3cmd-Attrs
Server-Name
Cleartype
X-TEC-API-ORIGIN
X-Tt-Trace-Host
X-TEC-API-VERSION
X-Tt-Trace-Tag
X-TEC-API-ROOT
X-Contextid
Section-Io-Cache
X-Grace
X-Content-Options
X-Revision
X-Trace-Id
X-Type
Charset
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-B
X-Datadog-Sampling-Priority
Healthy
X-B3-Sampled
Paypal-Debug-Id
X-TT
X-Cache-Control
X-Whom
DC
X-Request-Guid
X-Fb-Rlafr
X-Azure-Ref
X-Proxy
X-Signature
X-B-Cache
X-Wix-Request-Id
X-App-Environment
X-Mobile
X-Node-Name
X-Air-Pt
X-Magnolia-Registration
Accept-Ch
X-N
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Newrelic-App-Data
Frame-Options
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache
Filterid
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Logged-In
X-Fastly-Request-Id
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-WebKit-CSP-Report-Only
X-Oracle-Dms-Rid
Content-Disposition
Backend
X-Time
NGB
Viewport
Akamai-GRN
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-1
X-Debug-IsConnected
X-RemovedCookies
X-RTag
X-Ratelimit-Remaining
X-Tumblr-User
MS-CV
X-Hl-Ver
X-Datadog-Sampled
X-Unique-Id
X-Rid
X-ProcessESI
X-Tumblr-Pixel-0
Ms-Operation-Id
X-Tumblr-Pixel
X-Debug-IsPreview
X-UUID
X-Debug
X-Cache-Age
X-TTL
X-IPS-LoggedIn
X-Yottaa-Optimizations
X-Is-Bot
X-Yottaa-Metrics
X-Language
X-Rendered-As
Upgrade-Insecure-Requests
Liferay-Portal
X-FW-Dynamic
X-FW-Serve
X-FW-Version
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Hash
X-Varnish-Grace
SD-X-WS
X-Amzn-Remapped-Content-Length
X-Environment-Context
X-G
X-L-Path
X-Instance
X-NYM-Debug-Backend
X-Backend-Name
X-Adobe-Content
X-Adobe-Loc
X-Servername
X-Via-JSL
X-Proxy-Cache-Info
X-Region
Fastly-SIE
From-Origin
ServerID
X-Cacheable-TTL
X-Cache-Grace
X-Device-Type
Fastly-SWR
X-User-Agent
Country
Refresh
X-B3-Traceid
X-Template
X-VC-Cache
X-Rule
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Cache-Hit
X-Flags
X-Is-Crawler
X-Status
X-Webkit-CSP
Version
X-INCAP-ABP
X-B3-SpanId
Countrycode
Url
X-Source
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-HTML-Minification-Powered-By
X-App-Version
X-Cache-Status-Check
X-NODE
GEO-INFO
X-Jobs
SRV
X-Storage
X-Nginx-Cache
WPO-Cache-Status
WPO-Cache-Message
Alternate-Protocol
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
X-Origin-CC
X-CDN-Forward
X-Content-Powered-By
X-Origin-TTL
CDN-RequestId
X-Akamai-Request-ID2
X-Real-IP
AMP-Access-Control-Allow-Source-Origin
Surrogate-Key
X-Rocket-Nginx-Serving-Static
Access-Control-Request-Headers
Protected
X-Accel-Version
X-VC
Amp-Access-Control-Allow-Source-Origin
X-ServerID
X-Cache-Time
X-Hosted-By
X-Akamai-Edgescape
CF-IPCountry
X-Cache-Rule
X-Cache-Operation
X-Kinja-CCPA
X-Handled-By
X-Use-Mantle
X-Mode
Filters
X-Rn-Rsrv
X-Xfnlog-Site
Webserver
Meta-Geo
X-Page-View
X-Endurance-Cache-Level
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Upstream-Ct
X-Upstream-Ht
X-JoinUs
X-Platform-Router
Xet-Cookie
X-AWS-Id
Selected-Fe
Section-Io-Id
X-Timing-Wait
X-Proxy-Build
ServedBy
X-Edge-Location
X-Tumblr-Pixel-2
X-Platform-Processor
X-Served-From
X-VWS-Id
X-Platform-Cluster
X-Origin
X-Varnish-Cache-Hits
X-SaId
X-LJ-Flow-ID
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
X-Framework
X-PHP-Host
X-Origin-Hint
X-Proxied
X-ProxyCache-Key
X-ProxyCache-Status
X-No-Session
Webcakes-Region
X-Labrador-Cache-Channel
X-Drupal-Cache-Tags
X-Extlb
X-Director
X-Cluster
X-Routing-Service
X-BYPASS-REASON
X-Lambda-Id
X-Restarts
TWC-Device-Class
Webcakes-App-Version
TWC-GeoIP-Country
X-Worker
Property-Id
TWC-Connection-Speed
X-Zipkin-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
Node
Mn-Server-Ip
TWC-Privacy
X-Soup
Webcakes-App-Name
X-Drupal-Cache-Contexts
X-Cms-Context
X-Adobe-Source
X-Format
X-AB
Web-Mar-Node
X-Browser-Name
X-Is-Tablet
X-Varnish-Age
X-Tcp-Rtt
X-SayCDN-TTL
X-Say-TTL
X-Varnish-Beresp-Grace
X-Webstats-RespID
X-Web-Node
X-VCT
X-Skip-Cache
X-Logging-Id
X-Say-Cacheable
X-S
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
X-GeoCode
X-Is-Mobile
X-Is-Supported-Browser
X-Redis-Cache
X-RCS-CacheZone
X-Locale
Front
X-Geo-Region
X-GeoCountry
Azure-Version
Apigw-Requestid
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Detected-As
X-Cache-Debug
X-Vercel-Cache
X-Cache-Server
X-Forwarded-Host
X-Cache-Host
X-Vercel-Id
X-Fetched-On
X-Reqid
X-Storefront-Renderer-Rendered
X-RM-Cache-TTL
X-Site-Version
X-Shopify-Stage
X-Tb
X-R9-Blue-Green-Version
X-Httpd
Xserver
X-Loop
X-Tncms
X-Sucuri-Cache
X-Generation-Time
Accept-Language
X-Alternate-Cache-Key
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-RequestPullSuccess
X-Git-Commit
X-Frame-Option
CDN-Uid
CDN-PullZone
X-Ms-Version
X-Origin-Date
X-Ms-Request-Id
CDN-Cache
CDN-EdgeStorageId
DB-Nickname
CDN-CachedAt
X-Container-Uri
X-Sucuri-ID
X-Vcache
X-TT-LOGID
X-Server-W
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
WP-Super-Cache
X-Provided-By
X-XRDS-Location
Atl-Traceid
X-MP-GENERATED-AT
X-Cdn-Origin
X-Uri
X-Http-Reason
X-Vcl-Version
Cross-Origin-Embedder-Policy-Report-Only
Source
Fastcgi-Useragent
Cache-Tv-Group
X-Generated-By
Sid
X-Pass-Why
Content-Secure-Policy
X-FB-TRIP-ID
X-DynaTrace
Cross-Origin-Window-Policy
Thinkindot-CacheControl-Type
TDXMobile
X-Shield-Cache-Expires
X-Scope-Id
Thinkindot-Control
Priority
X-CMSURLCustom
X-Thinkindot-L3
Thinkindot-CacheControl
X-Buckets
Onion-Location
Cache
X-Azure-Ref-OriginShield
X-LSADC-Cache
X-Content-Age
X-SRV
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
HostName
X-RID
X-Sql-Duration-Ms
X-Sql-Count
X-Varnish-Beresp-Ttl
X-Optimistic-Header
X-DataDome
X-Xrds-Location
X-Dc
X-Proxy-Cache-Status
X-WP-CF-Super-Cache-Cookies-Bypass
X-TA-CDN-Provider
X-Cluster-Node
X-Newrelic-Synthetics
WZWS-RAY
X-UA
Expiry
X-Connection-Hash
X-GEO
X-Ec-GeoHdr
X-Bl-Debug
X-B-Cookie
X-A-Dam
X-Ec-Fail
X-Epic-Correlation-Id
X-External-Request-Id
X-Op-Id-All
X-PAYTM-SRV-ID
X-A-Ccd
X-ND-Cache
X-Instance-Name
X-Dispatcher-Server
X-Developer
X-D
X-A-Wwc
X-Conf
X-Cache-NE
X-Cache-Bucket
X-Application
X-A-Dgt
X-BCube-Filmed-By
X-Destination
X-Request-URI
X-Bc-Bl
X-A-Dcw
X-Aed
A
Origin-Agent-Cluster
X-Vdms-Path
X-Rojux
X-Request-Start
Origin
Ngx-Var-Key
Ngx.Var.Host
X-S-Cookie
X-SB
X-ScT
X-SRCache-Key
X-TIM-N
Rendered-Blocks
X-Scheme
Req-ID
X-Varnish-Hostname
Meta-Geo-Continent
MD5-Digest
DCR-Decision-By
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Candidate-Md5Url
Vix-Hermes-Req-Id
Redirect-Candidate
X-A
T-Server
Lang
Sslversion
Magicmarker
Surrogated-Key
X-Platform
X-Viewer-Country
X-Vdms-Version
X-Vtex-Remote-Cache
Server-Host
X-Correlation-ID
X-Cache-Action
X-TimeS
X-Datadome
User-Cache-Control
X-Lagoon
X-Amz-Storage-Class
Wxu-Next-Hostname
Wxu-Next-Commit
X-Sigma-Backend
V-Age
Wxu-Next-Region
X-Sigma
X-Acquia-Purge-Cdn-Unconfigured
X-Section
Ssr
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Expired-At
X-Access
Server-Hostname
L
X-Varnish-Beresp-Status
X-Varnishpool
Host-ID
X-VG-TLSProxy
Fastly-GeoIP-CountryCode
NM-Fastcgi-Cache
X-UA-Device-Type
X-TH-Server
X-Auto-Login
Server-Ext
Req-Svc-Chain
X-Thanos
Sever-Int
X-Rocket-Build-Number
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Generated-On
X-Gdpr
X-Origin-Time
X-Esi-Check
X-Gzip
X-Nyt-Route
X-Loc
X-Mly-Id
X-Level-Front-Cache
X-Nginx-Cache-Key
X-Node-Id
X-NMSegId
X-Ec-Custom-Error
X-Pool
X-Cache-Id
X-Cache-TTL-Remaining
X-Request-Time
X-Bip
X-BBC-Edge-Cache-Status
Environment
X-Req
X-Clientip
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Proxied-Request
X-Core-Value
X-Pubstack
X-B3-Trace-ID
X-NCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-WA-Info
CDCHOST
Apple-News-Services-Handled
X-We-Are-Hiring
Yak-Timeinfo
Release
DSUID
C-Via
Cluster
X-Zen-Fury
Fastly-Drupal-HTML
LB
X-Service
X-Via-SSL
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Cache-Info
X-Region-Sid
X-RateLimit-Limit-Second
On-Server
X-VG-WebCache
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-RateLimit-Remaining-Second
X-Cdn-Srv
Content-Style-Type
X-SD-PageType
X-Aicache-OS
X-Ad-Load-Variation
Adler-Geo
Country-Code
X-AK-Request-ID
X-ApacheServer
Esi-Enabled
X-Device-Os
Click-Count-Action-Start
S-Rt
X-Block-Status
Tube-Get-Contents
X-HN
X-Hnp-Log
X-GoCache-CacheStatus
X-Moov-T
X-Cache-Date
X-Human
X-Moov-Xdn-Version
X-Men
X-Micro-Cache
XM
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-GeoIP-City
X-GeoIP
Tube-Got-Results
Tube-Return
Tube-Got-Eval
X-PERF
X-Server-IP
X-Fastly-Cache
X-Forwarded-Site
X-Geo-Header
X-Gen-Mode
X-From
X-Org
X-DPWN-IS-SECURE
Click-Count-Error
X-ECache
Producers
Pramga
Platform
X-VServer
Cdnsip
True-Client-Country-4JS
Canary
RNT-Machine
Cdncip
PFcat
X-V-Cache
Locid
X-VarnishDD-TTL
Content-Script-Type
Is-Eu
Machine
Mail-Subject
X-Var-Ttl
X-Varnish-Authentication
X-Varnish-Director
Uber-Trace-Id
RNT-Time
We-Hiring
Fastly-SSL
Gh-Request-Id
X-VCache
X-Origin-Response-Time
W
X-Old-Content-Length
X-Origin-Expires
X-Wikidot-Static-Cache
X-Eu-Site
Cache-Provider
X-Backend-Instance
X-Edge-Server
X-API-Version
X-FC-Vary-Parameters
X-Fmm-Version
HA-Ipaddr
X-HS-Content-Campaign-Id
L5d-Success-Class
AKAMAI
X-Mvc-Supplant-Cachable
X-Hash
Cache-Key
X-Cache-Backend
Cf-Device-Type
X-Wikidot-Backend
Web-Mar-Region
X-Up
Proxy-Firewall
X-Csrf-Jwt
X-Test
X-CGP
Ha-Gx-Prefs
Cdn-Request-Time
Cdn-Host
X-Request-Host
X-Policy
X-Proto
X-Branch-Name
X-Sn-Servicetimems
X-Mg-Request-UUID
X-Accel-Expires-Debug
X-LB-ID
Fastly-Backend-Name
X-Ah-Environment
X-App-Name
Type
X-Slack-Backend
X-Mvc-Supplant-OutputCached
X-Parent-Response-Time
X-Slack-Shared-Secret-Outcome
X-Date
X-CacheTTL
X-Fastly-Backend
X-Ua
X-Varnish-Hits
X-COUNTRY
NGX
X-DC
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
X-Tx-Id
Cache-Hits
X-Via-Popn
X-CACHE-GROUP
X-Via-Poph
Pics-Label
X-DynaTrace-JS-Agent
X-Via-Popv
X-HA-Backend
Cdn-Requestid
Cdn
X-Ratelimit-Reset
X-Zone
NtCoent-Length
X-Via-Fastly
X-Refresh
X-Srv
X-LB-NoCache
X-Irp-Debug
X-VHOST
Datacenter
X-Owner
X-NGINX-Cache
X-Cloudmap
X-CDN-Cache-Status
X-Location
X-Core-Mission
X-Ig-Origin-Region
GeoIp-Country-Code
Server-ID
X-ZONE
X-SIPLIST1
IsBot
X-Wa
X-Nc
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-PDP-UNCACHING-HASH
Fusion-Content-Id
SID
X-Akamai-Transformed
X-NWS-UUID-VERIFY
X-Fpc
Cross-Origin-Opener-Policy-Report-Only
Resin-Trace
Powered-By
X-Qloud-Router
X-TX-ID
X-Nananana
Origin-EX
X-Jungle-Id
N-Cache
GeoIP-Latitude
Origin-CC
Expect-Staple
X-B3-Parentspanid
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Hit
DataCenter
CloudFront-Viewer-Country
X-Nf-Request-Id
X-Tt-Logid
XkeyRZ
X-User
X-CUA
X-Proxy-CacheRZ
Xc-Version
X-NewRelic-App-Data
X-Shop-Environment
X-Cache-Type
X-Orig-Expires
X-Forwarded-Path
X-Tenant
X-Client-Ip
X-Presslabs-Stats
X-Gamma-Serve
X-Segment-20210421
Cmsid
X-CS
Uri
X-URL
Cmstype
X-DataCenter
X-Amz-Meta-Opti
X-TIME
X-Render-Time
True-Client-Ip
Mime-Version
X-IAuth-Set-Uid
User-Agent
CPC-Age
CPC-Cache
X-Wormhole-Sdk
Debug
Fastly-Drupal-Html
X-Cached-By
X-Vmg-Version
X-Geo
X-Info
X-Cdn-Diag
X-Esi
X-B3-Spanid
X-LiteSpeed-Tag
MIME-Version
X-CACHE-AGE
X-VTEX-Cache-Time
X-Auth-Group-Type
Edge-Cache
X-VTEX-Cache-Server
X-Fastly-Country-Code
True-Client-IP
X-Powered-By-VTEX-Cache
X-Dynatrace-Js-Agent
CDN
Load-Balancing
X-Datacenter
X-Oracle-DMS-ECID
X-Dispatch
Cf-Ipcountry
CacheControlHeader
X-Variation
X-Ig-Push-State
X-Vc
X-HOST
Srv
X-LiteSpeed-Cache-Control
X-LAGOON
X-Cs
X-Varnish-Beresp-TTL
Odigeo-Trace-Id
Ohc-File-Size
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-AIR-PT
Hostname
Cl-Cache
X-CSRF-TOKEN
X-Custom-Header
X-NodeID
X-PHP-Backend
X-APP-VERSION
Tcn
X-Vgn-Hpd-Reason
X-MCACHE
VNS-Cache
VNS-Age
X-Depends
X-FPC
X-Pad
Ohc-Cache-HIT
GeoIP-Country-Code
X-NC
X-WA
X-DefHash
Server-Id
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-HostName
X-M-Reqid
X-Lb-Nocache
X-VC-TTL
X-M-Log
X-Cdn-Cache-Status
X-Dispatcher-Number
X-Cache-Ttl
X-Api-Version
X-Fastly-Backend-Reqs
Lb
X-ServedByHost
X-MSEdge-Features
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-Litespeed-Tag
X-Cache-FS-Status
Epwk-X-Cache
PICS-Label
Geoip-Latitude
X-MSEdge-Flight
X-Via-PopV
CountryCode
X-VCL-Version
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-Use-Magma
X-Srcache-Store-Status
Xkey-La3
X-Lb-Id
X-MiniProfiler-Ids
X-APP
Xkeylog
Cloudfront-Viewer-Country
Ngx
X-Proxy-Cache-La3
X-Cdn-Request-ID
Cache-Name
X-Mid
X-Acquia-Purge-Tags
X-Snapshot-Date
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Application-UUID
X-RequestId
Time
Memory
OriginIP
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Web-Server
Memcached
X-Sorting-Hat-Shopid
X-Shardid
X-Cache-Version
X-Sorting-Hat-Podid
X-Shopid
X-Akamai-Pragma-Client-IP
Sm-Log-Id
X-Dw-Trace-Id
X-Check-Cacheable
X-Requestid
X-Ramcache
Server-Info
FSS-Cache
X-Mg-Cache
Akamai-Cache-Status
X-Udemy-Cache-App-Namespace
X-Th-Server
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
CF-Cached-On
X-Service-Response-Time
Warning
X-Serial