Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
X-DNS-Prefetch-Control
P3p
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Keep-Alive
Request-Context
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
Allow
EagleId
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Dns-Prefetch-Control
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Permissions-Policy
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Railgun
EagleEye-TraceId
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-CST
X-Cache-Lookup
X-Host
X-Server-Id
X-Aws-Lambda-Call-Status
X-Readtime
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Node
X-Litespeed-Cache
X-Nginx-Cache-Status
X-Application-Context
Content-Location
X-Country-Code
X-Ruxit-JS-Agent
X-Country
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
Cross-Origin-Opener-Policy
Nginx-Cache
X-Vname
X-PC
X-TtlSet
X-NWS-LOG-UUID
X-Edge
X-Mcache
X-Midtier
X-Times
X-MS-InvokeApp
X-Origin-Cache-Key
X-Upstream
X-Mod-Pagespeed
X-Server-Name
X-Powered-By-Plesk
X-ECACHE
X-Browser-Type
Edge-Control
X-ESI
X-Cnection
X-D2id
X-Element-Page-Cache
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
Verso
X-Ser
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Ac
AR-SID
SPRequestDuration
SPIisLatency
X-RateLimit-Remaining
SPRequestGuid
X-SharePointHealthScore
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-B3-TraceId
X-NF-Request-ID
X-Abt-Application-Version
X-Navigation-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Mg-S
X-Client-IP
Display
Pagespeed
X-Middleton-Display
X-Sol
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
S
Edge-Cache-Tag
X-Ttl
X-Daa-Tunnel
X-Webkit-Csp
Fastly-Restarts
X-Cache-TTL
X-Cache-Key
X-VARITI-CCR
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Amz-Rid
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
RTSS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Varnish-TTL
Response
X-Middleton-Response
X-Server-ID
X-Recruiting
X-FastCGI-Cache
X-Content-Digest
X-TraceId
X-ARC
X-Forwarded-For
X-T
X-MSEdge-Ref
Arr-Disable-Session-Affinity
MS-Author-Via
Cross-Origin-Resource-Policy
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
TP-Cache
X-Shield-Request-Id
X-RateLimit-Limit
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Id
X-Accel-Expires
Realpath
X-Cached
X-Hits
X-Forwarded-Proto
Public-Key-Pins
X-Ua-Browser
X-FTR-Expires
X-Request-Received
X-Request-Processing-Time
X-HS-Cache-Config
Server-Node
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Fastly-Request-ID
Payment
X-ORACLE-DMS-RID
X-Frontend
X-Protected-By
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-LLID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Distributor
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Correlation-Id
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-LB-Cache
TP-L2-Cache
X-XRDS-LOCATION
X-Microsite
Cache-Tags
X-Request-Handler-Origin-Region
Fastcgi-Cache
Referer-Policy
Count-Hit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Debug-Info
MRF-Tech
Mrf-Cache-Status
X-AppVersion
X-Activity-Id
X-B3-TraceId-Primal
Host
X-Az
X-Www-Served-By
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Hostname
X-Origin-Server
X-Cluster-Name
X-Varnish-Backend
X-Varnish-Server
X-Page-Id
Accept-Charset
X-Geo-Country
X-App-Server
X-Ua-Device
X-Ezoic-Cdn
X-PressLabs-Stats
Retry-After
X-TEC-API-VERSION
X-F-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Px
X-Load-Cache
X-RateLimit-Reset
X-Goog-Metageneration
Origin-Trial
X-FB-Debug
X-CSRF-Token
X-Seen-By
X-Upgrade-Enabled
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Limit
Cleartype
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Git-Hash
X-Tt-Trace-Tag
Section-Io-Cache
X-Tt-Trace-Host
TCN
X-Request-Guid
X-Grace
X-Cache-Control
X-B3-Sampled
X-TT
X-Trace-Id
X-Contextid
X-TTL
X-Azure-Ref
X-B
X-Revision
X-Webkit-CSP
Charset
X-Type
Paypal-Debug-Id
X-Whom
Healthy
DC
X-Datadog-Trace-Id
X-Proxy
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
X-Fb-Rlafr
X-Wix-Request-Id
X-Mobile
X-N
X-Signature
X-Newrelic-App-Data
X-B-Cache
X-App-Environment
X-Node-Name
X-Varnish-Ttl
X-Magnolia-Registration
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Accept-Ch
Filterid
X-Amz-Replication-Status
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
Frame-Options
X-Air-Pt
X-Logged-In
X-Time
Viewport
X-EdgeConnect-Cache-Status
X-Unique-Id
NGB
X-Cache-Grace
X-Oracle-Dms-Rid
VIX-Pulpo-Upstream-Status
X-Debug
VIX-Pulpo-Node
X-Debug-IsPreview
Backend
Content-Disposition
X-Debug-IsConnected
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-ProcessESI
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Is-Bot
X-RemovedCookies
X-Tumblr-User
X-Varnish-Grace
Fastly-SWR
X-Datadog-Sampled
X-Adobe-Loc
Fastly-SIE
X-Adobe-Content
Liferay-Portal
SD-X-WS
X-Servername
MS-CV
Ms-Operation-Id
X-G
X-RTag
X-IPS-LoggedIn
X-FW-Static
X-FW-Serve
X-Instance
X-FW-Hash
X-FW-Dynamic
X-NYM-Debug-Backend
X-Backend-Name
X-WebKit-CSP-Report-Only
X-FW-Server
X-Cache-Age
X-FW-Version
X-Hl-Ver
X-FW-Type
X-UUID
X-Amzn-Remapped-Content-Length
ServerID
X-Response-Served-From
X-Original-Request-Id
From-Origin
X-VC-Cache
X-Cacheable-TTL
X-Proxy-Cache-Info
X-Device-Type
X-Via-JSL
X-Environment-Context
X-L-Path
X-User-Agent
Version
X-Ratelimit-Remaining
X-Region
X-Rule
Akamai-GRN
Upgrade-Insecure-Requests
X-Status
Country
X-Cache-Hit
X-B3-SpanId
X-Source
Refresh
X-Template
X-INCAP-ABP
Countrycode
SRV
GEO-INFO
X-Language
X-Storage
Url
X-HTML-Minification-Powered-By
X-Rid
CDN-RequestId
X-Air-Trace-Id
OT-Force-Account-Verify
X-Air-Source
X-Air-Hostname
X-Cache-Status-Check
Alternate-Protocol
X-WP-CF-Super-Cache-Active
X-Real-IP
X-NODE
AMP-Access-Control-Allow-Source-Origin
WPO-Cache-Message
X-Origin-CC
X-App-Version
X-Origin-TTL
WPO-Cache-Status
X-ServerID
X-CDN-Forward
X-Jobs
X-B3-Traceid
X-Fastly-Request-Id
X-VC
X-Akamai-Request-ID2
Surrogate-Key
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Sucuri-Cache
X-Providence-Cookie
X-Route-Name
X-Content-Powered-By
Protected
X-Sucuri-ID
X-Cache-Time
X-TT-LOGID
Access-Control-Request-Headers
X-Mode
X-Rocket-Nginx-Serving-Static
X-Handled-By
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-Upstream-Ht
X-Accel-Version
Filters
X-Xfnlog-Site
X-Endurance-Cache-Level
Meta-Geo
X-Hosted-By
X-Rn-Rsrv
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Upstream-Ct
X-Akamai-Edgescape
X-RM-Cache-TTL
Cross-Origin-Embedder-Policy
X-SaId
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Webserver
X-Proxy-Build
X-Timing-Wait
X-Origin
X-JoinUs
X-Worker
X-Edge-Location
X-Detected-As
X-VWS-Id
X-Cache-Debug
X-LJ-Flow-ID
Selected-Fe
Section-Io-Id
ServedBy
X-Adobe-Source
X-AWS-Id
X-Drupal-Cache-Tags
X-Webstats-RespID
X-Nginx-Cache
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
Webcakes-App-Version
TWC-Locale-Group
X-Origin-Hint
X-Cluster
X-Varnish-Cache-Hits
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Node
Mn-Server-Ip
Front
X-PHP-Host
Property-Id
X-Routing-Service
X-Soup
TWC-Device-Class
TWC-Connection-Speed
X-Restarts
X-No-Session
X-Redis-Cache
X-Extlb
X-Drupal-Cache-Contexts
X-Framework
X-Zipkin-Id
X-Cms-Context
X-Proxied
X-Labrador-Cache-Channel
X-Logging-Id
X-Loop
X-Say-TTL
X-Locale
X-Say-Cacheable
X-SayCDN-TTL
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
X-Platform-Cluster
CDN-RequestPullCode
CDN-Uid
X-Is-Mobile
CDN-Cache
X-Platform-Router
X-AB
X-Director
X-Browser-Name
X-RCS-CacheZone
X-Forwarded-Host
X-Platform-Processor
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Desktop
X-IPLB-Request-ID
X-Geo-Region
X-IPLB-Instance
X-S
X-Served-From
X-Site-Version
Atl-Traceid
Apigw-Requestid
X-Tb
Xserver
X-Varnish-Age
X-Tcp-Rtt
X-Tncms
X-Origin-Date
X-Web-Node
X-Cache-Host
X-R9-Blue-Green-Version
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Cdn-Origin
X-Shopify-Stage
X-ProxyCache-Status
X-ProxyCache-Key
X-Container-Uri
X-Tec-Api-Origin
X-Tec-Api-Root
X-Lambda-Id
X-Tec-Api-Version
X-Httpd
X-Git-Commit
X-Format
X-Generation-Time
X-GeoCode
X-GeoCountry
X-VCT
X-BYPASS-REASON
X-Cache-Operation
Azure-InstanceId
X-Storefront-Renderer-Rendered
X-Skip-Cache
X-Cache-Rule
Azure-RegionName
X-Reqid
Azure-SiteName
Azure-Version
X-RID
Azure-SlotName
X-Vercel-Cache
X-Ms-Version
Accept-Language
X-Fetched-On
X-Ms-Request-Id
X-Vercel-Id
X-Provided-By
X-Frame-Option
X-Sorting-Hat-PodId
X-Cache-Server
X-ShopId
X-Sorting-Hat-ShopId
Fastcgi-Useragent
X-ShardId
DB-Nickname
X-Vcache
Cross-Origin-Window-Policy
X-SRV
X-Vcl-Version
WP-Super-Cache
X-Azure-Ref-OriginShield
X-XRDS-Location
Source
X-Server-W
CF-IPCountry
X-Uri
X-PDP-UNCACHING-HASH
X-MP-GENERATED-AT
X-Generated-By
Cross-Origin-Embedder-Policy-Report-Only
Sid
X-Scope-Id
X-CMSURLCustom
X-Shield-Cache-Expires
X-Thinkindot-L3
Cache
Thinkindot-Control
TDXMobile
X-Page-View
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-UA
X-Pass-Why
Cache-Tv-Group
X-FB-TRIP-ID
X-Buckets
Content-Secure-Policy
X-Lagoon
X-Optimistic-Header
HostName
Onion-Location
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Dc
X-LSADC-Cache
Locale
X-Datadome
X-Content-Age
X-WP-CF-Super-Cache-Cookies-Bypass
X-Use-Mantle
X-DataDome
X-Request-URI
X-Http-Reason
User-Cache-Control
X-Xrds-Location
Priority
Expiry
X-Connection-Hash
X-DynaTrace
Locid
X-GEO
X-Varnish-Beresp-Ttl
Magicmarker
Origin-Agent-Cluster
LB
MD5-Digest
Redirect-Candidate
Gannett-Cam-Experience-Id
Origin
Ngx-Var-Key
Ngx.Var.Host
Meta-Geo-Continent
A
X-ScT
X-SRCache-Key
X-TIM-N
X-SB
X-Rojux
DCR-Decision-By
X-Request-Start
Candidate-Md5Url
DCR-Processing-Time-Ms
Server-Ext
X-Cache-Bucket
X-Cache-NE
X-Bl-Debug
X-BCube-Filmed-By
X-Aed
X-Bc-Bl
X-Conf
X-D
X-Ec-GeoHdr
X-ND-Cache
X-Ec-Fail
X-Dispatcher-Server
X-Op-Id-All
X-Developer
X-A-Wwc
X-A-Dgt
Sever-Int
Sslversion
Server-Hostname
Server-Host
Req-ID
X-UA-Device-Type
Surrogated-Key
T-Server
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A
Vix-Hermes-Req-Id
X-Platform
Rendered-Blocks
Lang
X-Varnish-Hostname
X-Viewer-Country
X-Vdms-Path
X-Vdms-Version
X-Cluster-Node
X-Vtex-Remote-Cache
Cache-Hits
X-NWS-UUID-VERIFY
Wxu-Next-Region
Wxu-Next-Hostname
V-Age
True-Client-Country-4JS
X-Gzip
Wxu-Next-Commit
XM
X-Application
X-Auto-Login
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
X-TA-CDN-Provider
X-Nginx-Cache-Key
X-Pubstack
Fastly-SSL
X-Generated-On
Environment
X-Req
Content-Script-Type
Content-Style-Type
X-Hnp-Log
Host-ID
Pramga
X-GeoIP
X-Gdpr
NM-Fastcgi-Cache
X-Gen-Mode
X-B-Cookie
X-GeoIP-Region-Code
X-Device-Os
X-Nyt-Route
X-Cache-Action
X-Destination
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Ec-Custom-Error
X-NMSegId
X-Fastly-Cache
X-Node-Id
X-External-Request-Id
X-Esi-Check
X-Epic-Correlation-Id
X-GeoIP-City
X-Core-Value
X-Block-Status
X-WA-Info
Cluster
X-Bip
X-Forwarded-Site
X-Zen-Fury
X-Cache-Id
X-Cache-TTL-Remaining
X-Origin-Expires
X-Clientip
X-Origin-Time
X-PAYTM-SRV-ID
X-GeoIP-Country-Code
X-B3-Trace-ID
X-Varnishpool
X-Level-Front-Cache
X-S-Cookie
X-NCache
CDCHOST
X-Kinja-CCPA
X-Thanos
X-SD-PageType
X-Loc
Cdnsip
X-Scheme
Cdncip
X-Proxy-Cache-Status
X-Service
X-Cache-Backend
X-Proxied-Request
Apple-News-Services-Handled
X-Cache-Aspx
X-Old-Content-Length
X-Cache-Expired-At
X-Fmm-Version
X-Aicache-OS
X-Sql-Duration-Ms
Release
RNT-Machine
Apple-News-Services-Host
RNT-Time
X-VarnishDD-TTL
Apple-News-Services-Parsed-Url
Req-Svc-Chain
X-Sql-Count
X-BBC-Edge-Cache-Status
X-GoCache-CacheStatus
X-Section
Web-Mar-Region
X-VG-WebCache
X-DPWN-IS-SECURE
X-Ad-Load-Variation
X-ApacheServer
X-Access
We-Hiring
X-Backend-Instance
Uber-Trace-Id
Adler-Geo
X-Server-IP
Producers
X-VG-TLSProxy
X-FC-Vary-Parameters
X-Policy
Yak-Timeinfo
X-Men
Apple-News-Services-Request-Url
Canary
Fastly-GeoIP-CountryCode
X-V-Cache
Gh-Request-Id
X-Cdn-Srv
X-Sn-Servicetimems
X-Varnish-Authentication
Is-Eu
X-Region-Sid
Esi-Enabled
Country-Code
X-Org
X-Geo-Header
X-Varnish-Director
X-Request-Host
DSUID
X-HS-Content-Campaign-Id
X-Contensis-Viewer-Groups
X-PERF
X-RateLimit-Remaining-Second
X-Mvc-Supplant-Cachable
X-RateLimit-Limit-Second
C-Via
X-Varnish-Beresp-Status
Platform
X-Cache-Info
X-From
X-TH-Server
X-Mly-Id
X-HN
Machine
Cache-Provider
PFcat
X-Var-Ttl
X-Micro-Cache
Mail-Subject
X-VCache
X-Origin-Response-Time
X-Slack-Backend
X-Csrf-Jwt
X-App-Name
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-ECache
X-Amz-Storage-Class
X-Moov-T
X-Moov-Xdn-Version
X-CGP
X-Wikidot-Backend
AKAMAI
X-We-Are-Hiring
L5d-Success-Class
L
X-Mvc-Supplant-OutputCached
Cache-Key
Proxy-Firewall
X-NGINX-Cache
On-Server
X-Instance-Name
HA-Ipaddr
X-Request-Time
Cf-Device-Type
Click-Count-Error
Cdn-Request-Time
X-Human
Ha-Gx-Prefs
X-Newrelic-Synthetics
Cdn-Host
X-SVT-ORM-VERSION
X-Hash
X-Test
Click-Count-Action-Start
W
X-Fastly-Backend
X-Eu-Site
X-Acquia-Purge-Cdn-Unconfigured
X-Edge-Server
Tube-Return
X-Pool
X-Slack-Shared-Secret-Outcome
X-Up
X-Proto
Tube-Get-Contents
Tube-Got-Results
Tube-Got-Eval
Ssr
X-Cloudmap
X-Date
X-Tb-Optimization-Total-Bytes-Saved
X-LB-ID
X-Via-Fastly
X-VServer
X-Accel-Expires-Debug
Fastly-Drupal-HTML
X-Cache-Date
X-Sigma
X-CacheTTL
Fastly-Backend-Name
X-Sigma-Backend
X-Rocket-Build-Number
WZWS-RAY
NGX
X-Mg-Request-UUID
X-Ah-Environment
X-Parent-Response-Time
X-Location
Pics-Label
X-Via-Popv
NtCoent-Length
X-HA-Backend
X-Zone
X-Branch-Name
X-COUNTRY
X-Ig-Origin-Region
X-Via-Poph
X-API-Version
X-DC
X-Tx-Id
X-Via-Popn
X-DynaTrace-JS-Agent
X-Varnish-Hits
Datacenter
X-Refresh
X-Via-SSL
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-Via-CDN
X-Via-Edge
Fusion-Component-Id
Fusion-Content-Source
X-CACHE-GROUP
Edge-Copy-Time
Fusion-Content-Id
S-Rt
X-Correlation-ID
X-Ratelimit-Reset
X-Servedbyhost
X-Akamai-Transformed
Type
GeoIp-Country-Code
X-Wormhole-Sdk
X-CDN-Cache-Status
X-VHOST
X-CUA
X-Jungle-Id
Cdn-Requestid
X-LB-NoCache
Cdn
Resin-Trace
X-Esi
X-User
Origin-EX
Origin-CC
X-Ua
Powered-By
X-ZONE
X-TX-ID
SID
Server-ID
X-Irp-Debug
Cf-Ipcountry
X-Srv
X-Wa
X-Owner
X-Nc
X-Core-Mission
X-Render-Time
IsBot
X-VTEX-Cache-Server
X-VTEX-Cache-Time
Cross-Origin-Opener-Policy-Report-Only
X-LiteSpeed-Tag
GeoIP-Latitude
X-Powered-By-VTEX-Cache
X-Hit
Fastly-Drupal-Html
X-Nananana
X-Cached-By
X-SIPLIST1
X-AIR-PT
X-Nf-Request-Id
Edge-Cache
CloudFront-Viewer-Country
Uri
X-NewRelic-App-Data
XkeyRZ
X-B3-Parentspanid
X-Qloud-Router
X-Proxy-CacheRZ
X-Fpc
X-Cs
Mime-Version
DataCenter
X-Client-Ip
X-DataCenter
X-Presslabs-Stats
X-Segment-20210421
X-IAuth-Set-Uid
Debug
X-URL
X-CS
X-LiteSpeed-Cache-Control
N-Cache
X-TIME
Expect-Staple
X-Ig-Push-State
True-Client-IP
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Auth-Group-Type
X-Amz-Meta-Opti
Tcn
CDN
X-Geo
X-PHP-Backend
X-Forwarded-Path
Xc-Version
X-Cache-Type
X-Tenant
X-Orig-Expires
X-Shop-Environment
Odigeo-Trace-Id
X-HostName
X-Vgn-Hpd-Reason
True-Client-Ip
X-Custom-Header
X-Gamma-Serve
MIME-Version
X-NodeID
X-Varnish-Beresp-TTL
X-Tt-Logid
Cmstype
X-CACHE-AGE
Cmsid
X-Dynatrace-Js-Agent
X-Pad
CPC-Age
CPC-Cache
X-Info
Load-Balancing
User-Agent
X-Vmg-Version
X-B3-Spanid
X-Api-Version
X-Depends
X-HOST
X-Dispatch
X-Cdn-Diag
X-FPC
X-Varnish-Remaining-TTL
X-NC
X-WA
X-Varnish-CookieHashed-On
X-DefElseHash
X-Fastly-Country-Code
X-DefHash
Srv
X-Varnish-CookieINHashed-On
X-Vc
Request-ID
X-M-Log
Ohc-File-Size
X-M-Reqid
X-VC-TTL
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-Variation
Geoip-Latitude
X-CSRF-TOKEN
X-Datacenter
Cl-Cache
Hostname
X-APP-VERSION
Server-Id
CacheControlHeader
X-APP
X-Cache-FS-Status
X-TimeS
X-LAGOON
Ohc-Cache-HIT
X-ServedByHost
X-Lb-Nocache
GeoIP-Country-Code
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
Cloudfront-Viewer-Country
VNS-Age
FSS-Cache
VNS-Cache
Epwk-X-Cache
Server-Info
X-Cache-Ttl
Srvid
X-FL-QIT-DEBUG
PICS-Label
X-Via-PopN
ServerHost
X-Via-PopH
X-Litespeed-Tag
X-Ha-Backend
X-Via-PopV
BehaviorPad-Version
X-Fastly-Backend-Reqs
CountryCode
X-Srcache-Store-Status
X-Litespeed-Cache-Control
Rtss
X-VCL-Version
X-Srcache-Fetch-Status
X-Lb-Id
X-Proxy-Cache-La3
Xkey-La3
X-MSEdge-Features
X-MSEdge-Flight
Xkeylog
X-Cdn-Request-ID
X-Th-Server
Ngx
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
Time
X-Acquia-Site
Memcached
X-Check-Cacheable
X-Serial
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-Web-Server
Memory
X-Acquia-Application-UUID
OriginIP
X-Dispatcher-Number
X-IN-APIGATEWAY
X-RequestId
X-Sorting-Hat-Shopid
X-Shopid
X-Cache-Version
X-Shardid
X-Sorting-Hat-Podid
X-RAMCache
X-Ramcache
X-Service-Response-Time
Warning
Akamai-Cache-Status
X-Udemy-Cache-App-Namespace
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-Mg-Cache
X-Dw-Trace-Id
Sm-Log-Id
X-Requestid