Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
P3p
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Ua-Compatible
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Allow
Cf-Edge-Cache
X-Backend
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-LiteSpeed-Cache
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-Dns-Prefetch-Control
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Readtime
X-Server-Id
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Litespeed-Cache
X-Cache-Lookup
X-Application-Context
X-Country-Code
X-Trace
Content-Location
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-ECACHE
X-Mcache
Cache-Tag
X-Mod-Pagespeed
X-Midtier
X-FTR-Request-ID
X-MS-InvokeApp
Nginx-Cache
X-PC
X-TtlSet
X-Vname
X-Upstream
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
Verso
X-GoogleNews-Bot
X-Exp-Id
X-Times
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Cnection
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-Ac
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-SharePointHealthScore
SPRequestGuid
X-Abt-Application-Version
X-Navigation-Version
X-Vcap-Request-Id
X-Ser
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-B3-TraceId
X-NWS-LOG-UUID
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-NF-Request-ID
AR-CACHE
X-VARITI-CCR
X-Server-ID
X-Mg-S
S
X-Middleton-Display
Display
X-Sol
Pagespeed
X-RateLimit-Remaining
X-Client-IP
Edge-Cache-Tag
RTSS
X-Cache-Key
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Accept-Ch
X-Goog-Hash
X-Ttl
Cache-Status
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
Origin-Trial
X-Content-Digest
X-TraceId
Response
X-Middleton-Response
X-Varnish-TTL
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
X-Content-Security-Policy-Report-Only
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Hits
X-Daa-Tunnel
X-Cached
Front-End-Https
Public-Key-Pins
X-Id
Cross-Origin-Resource-Policy
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
MS-Author-Via
X-HS-Hub-Id
X-Request-Processing-Time
X-HS-Content-Id
X-Request-Received
X-HS-Combine-CSS
Server-Node
X-DIS-Request-ID
X-Ua-Browser
X-HS-Cache-Config
Payment
X-Frontend
X-Forwarded-Proto
X-Webkit-Csp
X-FastCGI-Cache
X-ORACLE-DMS-RID
X-LLID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-GUploader-UploadID
Realpath
X-Fastcgi-Cache
X-Protected-By
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Distributor
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-Ratelimit-Limit
X-TTL
X-Request-Handler-Origin-Region
X-Microsite
X-RateLimit-Limit
Count-Hit
X-Page-Id
Referer-Policy
X-Kong-Upstream-Latency
X-B3-TraceId-Primal
MRF-Tech
X-Activity-Id
Mrf-Cache-Status
X-Hostname
X-Kong-Proxy-Latency
X-Az
X-AppVersion
X-F-Cache
X-Debug-Info
X-Cluster-Name
X-Geo-Country
X-Www-Served-By
X-Varnish-Backend
Accept-Charset
Host
X-NGENIX-Cache
X-Correlation-Id
X-Envoy-Decorator-Operation
X-App-Server
Fastcgi-Cache
X-Varnish-Server
X-ORACLE-DMS-ECID
X-Ua-Device
X-PressLabs-Stats
X-FB-Debug
X-XRDS-LOCATION
X-Goog-Metageneration
X-Varnish-Ttl
Access-Control-Allow-Method
X-Git-Hash
X-CSRF-Token
Retry-After
X-Upgrade-Enabled
X-WebKit-CSP-Report-Only
X-Load-Cache
X-Ezoic-Cdn
X-Kinja-CCPA
X-Webkit-CSP
X-Content-Options
Server-Name
X-Fastly-Request-Id
X-RateLimit-Reset
X-Datadog-Trace-Id
X-Rid
X-Datadog-Sampling-Priority
X-Revision
X-Px
X-Datadog-Parent-Id
X-Seen-By
X-Contextid
Charset
X-Request-Guid
X-Cache-Control
X-Tt-Trace-Tag
X-Ratelimit-Remaining
X-Tt-Trace-Host
Section-Io-Cache
X-Type
X-Amz-Meta-S3cmd-Attrs
X-Trace-Id
X-Grace
TCN
DC
Cleartype
X-B-Cache
X-Signature
X-TT
Paypal-Debug-Id
X-Oracle-Dms-Ecid
X-B3-Sampled
X-B
X-App-Environment
X-Fb-Rlafr
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Healthy
X-Newrelic-App-Data
X-Whom
X-Wix-Request-Id
X-Node-Name
X-Mobile
Frame-Options
X-Amz-Replication-Status
X-Origin-Cache
X-Magnolia-Registration
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-EdgeConnect-Cache-Status
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Azure-Ref
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Logged-In
X-Proxy
X-Fastly-Request-ID
X-Language
Filterid
X-N
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Content-Disposition
Akamai-GRN
X-Oracle-Dms-Rid
Backend
X-Air-Pt
X-App-Version
X-Template
X-Response-Served-From
Upgrade-Insecure-Requests
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
VIX-Pulpo-Node
NGB
Refresh
X-Proxy-Cache-Info
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Varnish-Grace
X-Yottaa-Optimizations
X-Unique-Id
X-Tumblr-User
X-Time
X-Debug-IsConnected
X-ProcessESI
X-Cache-Age
X-Debug-IsPreview
X-Datadog-Sampled
X-Is-Bot
X-RemovedCookies
X-Rendered-As
SD-X-WS
X-Tumblr-Pixel-0
X-IPS-LoggedIn
X-Adobe-Loc
X-Amzn-Remapped-Content-Length
X-Servername
X-Instance
X-UUID
Viewport
X-RTag
Liferay-Portal
Ms-Operation-Id
MS-CV
X-Adobe-Content
X-Cacheable-TTL
X-Debug
X-G
X-FW-Serve
X-Cache-Grace
X-FW-Type
X-FW-Version
X-FW-Dynamic
X-FW-Static
X-FW-Hash
X-FW-Server
X-L-Path
X-Region
From-Origin
X-Environment-Context
X-User-Agent
X-Rule
Country
X-NYM-Debug-Backend
X-Device-Type
X-Hl-Ver
X-Cache-Hit
Fastly-SWR
Fastly-SIE
X-B3-Traceid
X-Backend-Name
Url
X-Status
ServerID
X-Jobs
X-Hcs-Proxy-Type
X-Page-View
X-CCDN-Origin-Time
X-Via-JSL
X-CCDN-CacheTTL
X-VC-Cache
Countrycode
WPO-Cache-Status
WPO-Cache-Message
X-INCAP-ABP
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Alternate-Protocol
X-Origin-TTL
X-Air-Trace-Id
X-Cache-Status-Check
Surrogate-Key
X-Air-Source
X-Air-Hostname
X-Origin-CC
X-HTML-Minification-Powered-By
X-Hosted-By
Version
X-B3-SpanId
X-NODE
X-Akamai-Request-ID2
Amp-Access-Control-Allow-Source-Origin
X-Nginx-Cache
X-Content-Powered-By
X-Source
Protected
GEO-INFO
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
SRV
X-Storage
CDN-RequestId
X-Http-Reason
X-WP-CF-Super-Cache-Active
X-Accel-Version
Access-Control-Request-Headers
X-VC
X-Edge-Location
X-Framework
OT-Force-Account-Verify
X-CDN-Forward
X-Real-IP
X-Cache-Rule
Front
CF-IPCountry
X-Use-Mantle
X-Mode
X-ServerID
Webserver
Accept-Language
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Rn-Rsrv
X-Upstream-Ct
X-Upstream-Ht
Filters
Xet-Cookie
X-Xfnlog-Site
X-Cache-Operation
X-Httpd
Meta-Geo
X-Tumblr-Pixel-2
X-Proxy-Build
X-Tumblr-Pixel-3
X-SaId
X-Director
X-Served-From
X-Cache-Time
Selected-Fe
X-Timing-Wait
X-Soup
X-Varnish-Cache-Hits
X-JoinUs
X-Origin
Node
X-Say-TTL
X-Handled-By
X-Labrador-Cache-Channel
X-PHP-Host
X-Adobe-Source
X-Say-Cacheable
X-SayCDN-TTL
X-Web-Node
X-Redis-Cache
X-Detected-As
X-Logging-Id
X-Endurance-Cache-Level
X-Cache-Debug
X-Worker
ServedBy
Azure-SiteName
Azure-SlotName
X-Tncms
X-GeoCountry
Azure-InstanceId
X-Is-Mobile
X-Tcp-Rtt
X-Is-Supported-Browser
Azure-RegionName
X-Is-Desktop
X-Browser-Name
X-Loop
X-S
Apigw-Requestid
Property-Id
X-Varnish-Age
X-Varnish-Beresp-Grace
X-VCT
X-Geo-Region
X-AB
Azure-Version
DB-Nickname
X-Skip-Cache
X-GeoCode
X-Is-Tablet
X-No-Session
Xserver
X-Format
X-Cms-Context
X-ProxyCache-Key
X-BYPASS-REASON
X-Lambda-Id
X-Server-W
X-ProxyCache-Status
X-Origin-Hint
TWC-Connection-Speed
X-Restarts
AMP-Access-Control-Allow-Source-Origin
Section-Io-Id
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
TWC-Device-Class
Webcakes-App-Version
Web-Mar-Node
Webcakes-App-Name
X-RCS-CacheZone
X-Tb
X-DynaTrace
X-Fetched-On
X-Site-Version
X-R9-Blue-Green-Version
X-VWS-Id
X-Git-Commit
X-RM-Cache-TTL
X-Generation-Time
X-AWS-Id
X-Locale
X-LJ-Flow-ID
Mn-Server-Ip
X-IPLB-Instance
X-IPLB-Request-ID
Cross-Origin-Embedder-Policy
X-Vercel-Id
X-Container-Uri
X-Cache-Server
X-Cache-Host
X-Vercel-Cache
X-Proxied
X-Forwarded-Host
X-Ms-Request-Id
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Provided-By
X-Ms-Version
X-Extlb
X-Routing-Service
X-Frame-Option
X-Uri
X-Zipkin-Id
X-Cluster
X-Reqid
X-MP-GENERATED-AT
X-Webstats-RespID
X-Vcache
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-XRDS-Location
X-Sql-Count
X-Sql-Duration-Ms
X-Origin-Date
Cache-Tv-Group
WP-Super-Cache
X-Alternate-Cache-Key
CDN-Uid
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-PullZone
CDN-EdgeStorageId
X-Storefront-Renderer-Rendered
CDN-Cache
CDN-CachedAt
X-Shopify-Stage
Source
X-TT-LOGID
Fastcgi-Useragent
Priority
Content-Secure-Policy
X-FB-TRIP-ID
X-Sucuri-Cache
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Sucuri-ID
X-Xrds-Location
X-Cdn-Origin
X-Generated-By
Onion-Location
Sid
X-Vcl-Version
Cross-Origin-Embedder-Policy-Report-Only
X-Urbn-Site-Id
X-Content-Age
X-Urbn-Context-Path
Locale
X-Pass-Why
WZWS-RAY
S-Rt
X-Newrelic-Synthetics
X-Buckets
X-Cluster-Node
X-SRV
Atl-Traceid
X-Thinkindot-L3
Thinkindot-CacheControl
X-CMSURLCustom
Thinkindot-Control
X-Use-Magma
Thinkindot-CacheControl-Type
X-Scope-Id
X-Shield-Cache-Expires
TDXMobile
X-Ua
X-Varnish-Beresp-Ttl
X-LSADC-Cache
Cache
X-Cache-Action
X-Proxy-Cache-Status
X-DataDome
HostName
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-GEO
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-WP-CF-Super-Cache-Cookies-Bypass
X-B-Cookie
Fastly-Drupal-HTML
X-Optimistic-Header
X-Bc-Bl
CDCHOST
Server-Host
Req-ID
Rendered-Blocks
X-BCube-Filmed-By
Candidate-Md5Url
X-A-Dcw
X-External-Request-Id
DCR-Decision-By
T-Server
X-Developer
X-Application
DCR-Processing-Time-Ms
Surrogated-Key
X-Conf
X-Destination
Sslversion
Redirect-Candidate
X-Ec-Custom-Error
Origin
Lang
X-Cache-Bucket
X-TIM-N
X-A
X-Bl-Debug
X-A-Dgt
X-Ec-GeoHdr
X-SRCache-Key
X-A-Wwc
X-A-Ccd
Ngx-Var-Key
X-Vdms-Path
X-Vdms-Version
X-Viewer-Country
Origin-Agent-Cluster
X-Varnish-Hostname
X-A-Dam
Ngx.Var.Host
X-Ec-Fail
Gannett-Cam-Experience-Id
Meta-Geo-Continent
X-Dispatcher-Server
Vix-Hermes-Req-Id
X-D
X-Cache-NE
X-Platform
X-Correlation-ID
X-PAYTM-SRV-ID
Type
MD5-Digest
X-Aed
X-Scheme
X-Epic-Correlation-Id
X-ScT
X-VCache
X-S-Cookie
X-Vtex-Remote-Cache
X-Rojux
X-Request-Start
X-Request-URI
Expiry
X-Datadome
X-TimeS
X-Connection-Hash
Fastly-SSL
X-Cache-Info
Fastly-GeoIP-CountryCode
Host-ID
Apple-News-Services-Parsed-Url
X-Cache-Id
NM-Fastcgi-Cache
X-Branch-Name
L
Apple-News-Services-Request-Url
Magicmarker
Apple-News-Services-Host
Apple-News-Services-Handled
X-Core-Value
Content-Script-Type
Server-Ext
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Cluster
Content-Style-Type
Sever-Int
X-Bip
Server-Hostname
Environment
DSUID
Pramga
X-Clientip
X-Level-Front-Cache
X-Pool
X-Proxied-Request
X-Pubstack
V-Age
X-Origin-Time
X-Section
X-Nyt-Route
X-Op-Id-All
X-WA-Info
X-SB
X-Request-Time
X-Rocket-Build-Number
X-Varnish-Beresp-Status
X-Varnish-Director
X-Varnishpool
X-VG-TLSProxy
X-We-Are-Hiring
X-Thanos
X-SD-PageType
X-Sigma
X-Sigma-Backend
X-TH-Server
X-Mg-Request-UUID
X-VServer
Release
X-Gdpr
X-Generated-On
X-VG-WebCache
X-Forwarded-Site
A
User-Cache-Control
X-Esi-Check
X-Fastly-Cache
X-Access
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-NMSegId
X-Mly-Id
Ssr
X-Human
X-Node-Id
X-Gzip
X-Instance-Name
X-Loc
X-Service
X-Origin-Response-Time
X-Ad-Load-Variation
X-ApacheServer
C-Via
X-GeoIP
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-PERF
X-Old-Content-Length
X-Org
X-Request-Host
X-Server-IP
X-Var-Ttl
X-Varnish-Authentication
X-V-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-From
X-DPWN-IS-SECURE
X-Device-Os
X-Cache-Date
X-Contensis-Viewer-Groups
X-Geo-Header
X-GeoIP-City
X-Men
X-Micro-Cache
X-Irp-Debug
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-Cache-Aspx
Machine
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
X-Amz-Meta-Cb-Modifiedtime
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
Wxu-Next-Hostname
Wxu-Next-Commit
Esi-Enabled
Req-Svc-Chain
Canary
Adler-Geo
X-Block-Status
X-Cache-TTL-Remaining
X-Nginx-Cache-Key
X-Req
X-UA-Device-Type
X-Zen-Fury
X-NCache
X-Moov-Xdn-Version
X-Gen-Mode
X-Hnp-Log
Web-Mar-Region
X-Moov-T
X-Dc
X-Auto-Login
On-Server
Mail-Subject
Is-Eu
Platform
Producers
We-Hiring
Cache-Provider
Uber-Trace-Id
Gh-Request-Id
True-Client-Country-4JS
X-Wikidot-Backend
X-Cdn-Srv
X-Fmm-Version
Country-Code
X-TA-CDN-Provider
Proxy-Firewall
Locid
X-DC
X-Test
X-Slack-Shared-Secret-Outcome
Cdnsip
X-Ratelimit-Reset
X-ND-Cache
X-App-Name
X-Wikidot-Static-Cache
X-Proto
X-Aicache-OS
X-Hash
Cdncip
Click-Count-Error
X-Sn-Servicetimems
Click-Count-Action-Start
AKAMAI
RNT-Time
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
Cache-Key
Cdn-Request-Time
Cdn-Host
Cf-Device-Type
Tube-Return
W
Yak-Timeinfo
X-Slack-Backend
RNT-Machine
X-Up
X-Fastly-Backend
X-AK-Request-ID
X-Edge-Server
X-Region-Sid
X-Parent-Response-Time
X-Owner
HA-Ipaddr
Pics-Label
X-Eu-Site
X-CGP
L5d-Success-Class
X-VarnishDD-TTL
X-CacheTTL
Ha-Gx-Prefs
X-Accel-Expires-Debug
X-Ah-Environment
PFcat
X-Azure-Ref-OriginShield
NGX
Fastly-Backend-Name
X-Amz-Storage-Class
X-Csrf-Jwt
X-HN
X-Date
X-ZONE
IsBot
X-Backend-Instance
X-COUNTRY
X-SIPLIST1
X-LB-ID
X-HA-Backend
X-Via-Popv
X-Core-Mission
X-Via-Popn
X-Via-Poph
X-Tx-Id
X-DynaTrace-JS-Agent
Cdn
X-CACHE-GROUP
X-Qloud-Router
XM
LB
Datacenter
X-LB-NoCache
X-Origin-Expires
N-Cache
X-CF-Lambda-Version
Expect-Staple
X-CF-Lambda-Fn
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
NtCoent-Length
X-Servedbyhost
X-API-Version
X-Cache-Backend
X-Nf-Request-Id
X-Varnish-Hits
X-VHOST
X-Cache-Type
X-Forwarded-Path
X-Shop-Environment
X-Orig-Expires
X-Tenant
RATING
Xc-Version
Cdn-Requestid
X-ECache
X-NGINX-Cache
X-Wa
Server-ID
X-Nc
X-Gamma-Serve
Cmsid
Cmstype
X-CDN-Cache-Status
GeoIp-Country-Code
X-Lagoon
X-UA
CPC-Cache
CloudFront-Viewer-Country
SID
CPC-Age
X-Nananana
Resin-Trace
X-Akamai-Transformed
Cross-Origin-Opener-Policy-Report-Only
X-Tt-Logid
X-TX-ID
X-Cdn-Diag
X-Vmg-Version
X-Fpc
X-Zone
X-Hit
X-Via-Fastly
X-LAGOON
Cache-Hits
User-Agent
X-B3-Parentspanid
GeoIP-Latitude
Uri
XkeyRZ
X-Proxy-CacheRZ
X-Client-Ip
X-RID
DataCenter
X-Variation
CacheControlHeader
X-Presslabs-Stats
X-URL
X-Location
X-Ig-Origin-Region
X-B3-Spanid
X-Api-Version
Fusion-Component-Id
Fusion-Template-Id
True-Client-Ip
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
X-TIME
X-Amz-Meta-Opti
Fusion-Content-Source
X-Info
X-Datacenter
X-Fastly-Country-Code
Tcn
Powered-By
Lb
X-Cloudmap
MIME-Version
X-NewRelic-App-Data
X-NWS-UUID-VERIFY
X-HostName
True-Client-IP
VNS-Age
X-CS
VNS-Cache
Mime-Version
Fastly-Drupal-Html
X-CACHE-AGE
X-DataCenter
X-Jungle-Id
Origin-CC
Origin-EX
X-Geo
X-CUA
X-Dynatrace-Js-Agent
X-AIR-PT
Cf-Ipcountry
X-LiteSpeed-Tag
X-IAuth-Set-Uid
X-User
X-Cached-By
X-Cdn-Forward
Debug
X-Segment-20210421
X-Vc
Srv
X-HOST
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
Load-Balancing
X-Dispatcher-Number
Hostname
X-Render-Time
Cache-Name
Cl-Cache
X-Webkit-Csp-Report-Only
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-CSRF-TOKEN
CDN
X-FPC
Edge-Cache
X-Auth-Group-Type
GeoIP-Country-Code
X-MCACHE
X-Dispatch
Server-Id
X-Esi
X-Wormhole-Sdk
X-Cdn-Cache-Status
X-Mid
Ohc-File-Size
X-Litespeed-Tag
X-Ig-Push-State
X-NC
X-Cs
X-Oracle-DMS-ECID
X-WA
Ohc-Cache-HIT
X-NodeID
X-APP-VERSION
X-Lb-Nocache
X-VCL-Version
Odigeo-Trace-Id
BehaviorPad-Version
X-ServedByHost
X-Cache-Ttl
X-Cache-Enabled
X-Fastly-Backend-Reqs
CountryCode
X-Vgn-Hpd-Reason
X-Custom-Header
Ms-Author-Via
X-Litespeed-Cache-Control
X-Depends
X-PHP-Backend
X-Proxy-Cache-La3
X-MiniProfiler-Ids
X-Cdn-Request-ID
YJS-ID
X-Akamai-Pragma-Client-IP
Server-Info
Xkeylog
X-Lb-Id
X-MSEdge-Flight
Xkey-La3
X-MSEdge-Features
X-Pad
X-Acquia-Purge-Tags
X-Acquia-Site
X-Varnish-CookieINHashed-On
X-Acquia-Application-UUID
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefElseHash
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-Acquia-Application-Trace
X-Via-PopV
X-DefHash
Ngx
FSS-Cache
X-Snapshot-Date
X-IN-APIGATEWAY
X-FL-EDGE
Time
Srvid
Location
My-App
X-IN-APIGATEWAYSSL
OriginIP
Memcached
X-FL-QIT-DEBUG
Memory
X-Sorting-Hat-Podid
X-Cache-Version
X-Shopid
X-Shardid
X-Sorting-Hat-Shopid
CF-Cached-On
X-VC-TTL
X-Lsadc-Cache
X-M-Reqid
X-Internal-Host
Warning
X-M-Log
PICS-Label
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Check-Cacheable
Sm-Log-Id
X-Serial
X-Service-Response-Time
X-Web-Server
X-Dw-Trace-Id
X-Mg-Cache
X-Fastly-Cache-Hits
Geoip-Latitude
X-Th-Server
Akamai-Cache-Status
X-RequestId
CF-Ctrl
X-Udemy-Cache-App-Namespace
X-Sucuri-Id