Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-Drupal-Cache
X-Cache-Status
X-Ua-Compatible
Accept-CH-Lifetime
X-DNS-Prefetch-Control
P3p
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
X-Request-ID
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Keep-Alive
Request-Context
X-UA-Device
X-Dns-Prefetch-Control
X-Robots-Tag
X-Server
X-Cache-Group
Allow
EagleId
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Permissions-Policy
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Railgun
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Cache-Lookup
X-WebKit-CSP
X-Host
X-Server-Id
X-Readtime
X-Aws-Lambda-Call-Status
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Node
X-Litespeed-Cache
X-Nginx-Cache-Status
X-Application-Context
Content-Location
X-Country-Code
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
Cross-Origin-Opener-Policy
Nginx-Cache
X-Vname
X-TtlSet
X-PC
X-Mcache
X-NWS-LOG-UUID
X-Edge
X-Midtier
X-Times
X-MS-InvokeApp
X-Origin-Cache-Key
X-Upstream
X-Mod-Pagespeed
X-Server-Name
X-Powered-By-Plesk
X-ECACHE
X-Browser-Type
Edge-Control
X-ESI
X-Cnection
X-D2id
X-Element-Page-Cache
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
Verso
X-Ser
AR-Request-ID
AR-PoweredBy
X-Ac
AR-SID
AR-ATIME
X-RateLimit-Remaining
SPRequestDuration
SPIisLatency
SPRequestGuid
X-Webkit-Csp
X-SharePointHealthScore
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-B3-TraceId
X-NF-Request-ID
X-Navigation-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
X-Client-IP
X-Middleton-Display
X-Sol
Pagespeed
Display
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
S
Edge-Cache-Tag
X-Ttl
X-Daa-Tunnel
Fastly-Restarts
X-Cache-Key
X-Cache-TTL
X-VARITI-CCR
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Amz-Rid
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
RTSS
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Varnish-TTL
Response
X-Middleton-Response
X-Server-ID
X-Recruiting
X-FastCGI-Cache
X-Content-Digest
X-TraceId
X-ARC
X-Forwarded-For
X-T
X-MSEdge-Ref
Arr-Disable-Session-Affinity
Cross-Origin-Resource-Policy
MS-Author-Via
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Front-End-Https
X-Shield-Request-Id
TP-Cache
X-RateLimit-Limit
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Id
X-Accel-Expires
X-Hits
X-Cached
Realpath
X-Forwarded-Proto
X-FTR-Expires
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
Public-Key-Pins
X-HS-Hub-Id
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-ORACLE-DMS-RID
X-Fastly-Request-ID
Payment
X-Frontend
X-Protected-By
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-LLID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-DIS-Request-ID
X-Distributor
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Correlation-Id
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-LB-Cache
X-XRDS-LOCATION
TP-L2-Cache
X-Request-Handler-Origin-Region
Cache-Tags
X-Microsite
Fastcgi-Cache
Count-Hit
Referer-Policy
X-Amz-Apigw-Id
X-Activity-Id
X-Amzn-RequestId
X-Az
MRF-Tech
X-Debug-Info
X-AppVersion
X-B3-TraceId-Primal
Host
Mrf-Cache-Status
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Www-Served-By
X-Cluster-Name
X-Origin-Server
X-Varnish-Server
X-Hostname
X-Varnish-Backend
X-Geo-Country
Accept-Charset
X-Page-Id
X-App-Server
X-Ua-Device
X-Ezoic-Cdn
X-PressLabs-Stats
X-F-Cache
Retry-After
X-Px
X-Load-Cache
X-RateLimit-Reset
X-Goog-Metageneration
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Origin-Trial
X-FB-Debug
X-CSRF-Token
X-Upgrade-Enabled
X-Seen-By
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Ratelimit-Limit
Cleartype
Access-Control-Allow-Method
X-Git-Hash
X-Fastcgi-Cache
X-Request-Guid
TCN
Section-Io-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Control
X-Grace
X-TTL
X-Azure-Ref
X-TT
X-Contextid
X-Trace-Id
X-B
X-B3-Sampled
X-Whom
X-Type
X-Revision
X-Webkit-CSP
Charset
Paypal-Debug-Id
DC
Healthy
X-Proxy
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
X-Fb-Rlafr
X-Wix-Request-Id
X-Mobile
X-N
X-B-Cache
X-Newrelic-App-Data
X-Signature
X-App-Environment
X-Node-Name
X-Varnish-Ttl
X-Magnolia-Registration
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Accept-Ch
Filterid
X-WP-CF-Super-Cache
X-Amz-Replication-Status
X-WP-CF-Super-Cache-Cache-Control
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
Frame-Options
X-Air-Pt
X-Logged-In
X-Time
Viewport
X-EdgeConnect-Cache-Status
X-Unique-Id
NGB
X-Cache-Grace
X-Oracle-Dms-Rid
VIX-Pulpo-Upstream-Status
X-Debug
VIX-Pulpo-Node
X-Debug-IsPreview
Backend
Content-Disposition
X-Debug-IsConnected
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-ProcessESI
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Is-Bot
X-RemovedCookies
X-Tumblr-User
X-Varnish-Grace
Fastly-SWR
X-Datadog-Sampled
X-Adobe-Loc
Fastly-SIE
X-Adobe-Content
Liferay-Portal
SD-X-WS
X-Servername
MS-CV
Ms-Operation-Id
X-G
X-RTag
X-IPS-LoggedIn
X-FW-Static
X-FW-Serve
X-Instance
X-FW-Hash
X-FW-Dynamic
X-NYM-Debug-Backend
X-Backend-Name
X-WebKit-CSP-Report-Only
X-FW-Server
X-Cache-Age
X-FW-Version
X-Hl-Ver
X-FW-Type
X-UUID
X-Amzn-Remapped-Content-Length
ServerID
X-Response-Served-From
X-Original-Request-Id
From-Origin
X-VC-Cache
X-Cacheable-TTL
X-Proxy-Cache-Info
X-Device-Type
X-Via-JSL
X-Environment-Context
X-L-Path
X-User-Agent
Version
X-Ratelimit-Remaining
X-Region
X-Rule
Akamai-GRN
Upgrade-Insecure-Requests
X-Status
Country
X-Cache-Hit
X-B3-SpanId
X-Source
Refresh
X-Template
X-INCAP-ABP
Countrycode
SRV
GEO-INFO
X-Language
X-Storage
Url
X-HTML-Minification-Powered-By
X-Rid
OT-Force-Account-Verify
CDN-RequestId
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Cache-Status-Check
Alternate-Protocol
X-WP-CF-Super-Cache-Active
X-Real-IP
X-NODE
AMP-Access-Control-Allow-Source-Origin
WPO-Cache-Message
X-Origin-CC
X-App-Version
X-Origin-TTL
WPO-Cache-Status
X-ServerID
X-CDN-Forward
X-Jobs
X-B3-Traceid
X-Fastly-Request-Id
X-VC
X-Akamai-Request-ID2
Surrogate-Key
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Sucuri-Cache
X-Route-Name
X-Is-Crawler
X-Tec-Api-Origin
X-Nginx-Cache
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Time
Access-Control-Request-Headers
X-Content-Powered-By
X-Sucuri-ID
Protected
X-TT-LOGID
X-Handled-By
X-Mode
X-Rocket-Nginx-Serving-Static
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-Upstream-Ht
X-Endurance-Cache-Level
X-Rewrite-Enabled
Meta-Geo
X-Rn-Rsrv
X-UPSTREAM-Address
X-Hosted-By
Filters
X-Upstream-Ct
X-Xfnlog-Site
X-Akamai-Edgescape
X-Accel-Version
X-RM-Cache-TTL
Cross-Origin-Embedder-Policy
X-Cache-Operation
X-Tumblr-Pixel-3
Webserver
X-Cache-Rule
ServedBy
X-JoinUs
X-Edge-Location
X-Drupal-Cache-Tags
X-LJ-Flow-ID
X-Origin
X-SaId
X-Proxy-Build
X-VWS-Id
X-Timing-Wait
X-AWS-Id
X-Adobe-Source
Selected-Fe
X-Cache-Debug
X-Detected-As
X-Tumblr-Pixel-2
X-Worker
Section-Io-Id
X-Webstats-RespID
X-Director
X-PHP-Host
X-Cms-Context
X-Cluster
X-Restarts
X-Proxied
X-Origin-Hint
Front
X-Extlb
X-Labrador-Cache-Channel
X-Framework
Mn-Server-Ip
X-No-Session
X-Drupal-Cache-Contexts
X-Routing-Service
X-Redis-Cache
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Varnish-Cache-Hits
Node
X-Zipkin-Id
Property-Id
Webcakes-Region
X-Soup
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
X-Forwarded-Host
X-Geo-Region
X-IPLB-Request-ID
X-Browser-Name
X-BYPASS-REASON
X-AB
X-Is-Desktop
X-Logging-Id
X-Served-From
X-Site-Version
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Tb
X-Tcp-Rtt
Xserver
X-Web-Node
X-Varnish-Age
X-Tncms
X-S
X-RCS-CacheZone
X-Locale
X-Loop
X-Lambda-Id
X-Is-Tablet
X-Is-Supported-Browser
X-Origin-Date
X-Platform-Cluster
X-ProxyCache-Status
X-ProxyCache-Key
X-Platform-Router
X-Platform-Processor
X-Is-Mobile
X-IPLB-Instance
CDN-RequestPullCode
Atl-Traceid
Apigw-Requestid
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
CDN-RequestPullSuccess
X-Httpd
X-Git-Commit
X-GeoCountry
X-RID
X-R9-Blue-Green-Version
X-Alternate-Cache-Key
Azure-RegionName
Azure-InstanceId
X-GeoCode
X-Storefront-Renderer-Rendered
Azure-SiteName
X-Skip-Cache
X-Format
X-Container-Uri
X-Generation-Time
X-Cdn-Origin
X-Reqid
X-Shopify-Stage
X-Cache-Host
Azure-Version
X-Varnish-Beresp-Grace
Azure-SlotName
X-VCT
X-Vercel-Id
X-Fetched-On
Accept-Language
X-Vercel-Cache
X-Provided-By
X-Ms-Request-Id
X-Ms-Version
X-Frame-Option
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Cache-Server
X-Sorting-Hat-ShopId
Fastcgi-Useragent
DB-Nickname
X-Vcache
Cross-Origin-Window-Policy
X-XRDS-Location
X-Azure-Ref-OriginShield
X-SRV
X-Server-W
Source
WP-Super-Cache
X-Vcl-Version
CF-IPCountry
X-PDP-UNCACHING-HASH
X-Uri
X-MP-GENERATED-AT
Cross-Origin-Embedder-Policy-Report-Only
Sid
X-Generated-By
X-Page-View
X-Shield-Cache-Expires
X-Scope-Id
Cache
X-CMSURLCustom
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-UA
Cache-Tv-Group
X-Pass-Why
X-FB-TRIP-ID
Content-Secure-Policy
X-Buckets
X-Optimistic-Header
X-Lagoon
HostName
Onion-Location
X-Dc
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LSADC-Cache
Locale
X-WP-CF-Super-Cache-Cookies-Bypass
X-Datadome
X-Content-Age
X-Use-Mantle
X-Request-URI
X-Http-Reason
X-DataDome
User-Cache-Control
X-Xrds-Location
Priority
X-DynaTrace
Locid
X-Connection-Hash
Expiry
X-Varnish-Beresp-Ttl
X-GEO
X-Platform
DCR-Processing-Time-Ms
Server-Ext
X-Varnish-Hostname
A
Req-ID
X-Bc-Bl
X-Cache-Bucket
Redirect-Candidate
Rendered-Blocks
Sever-Int
Server-Host
X-SB
X-Epic-Correlation-Id
X-SRCache-Key
X-BCube-Filmed-By
X-Ec-Fail
X-Developer
X-Conf
X-Dispatcher-Server
X-Ec-GeoHdr
X-TIM-N
X-Vdms-Path
Server-Hostname
X-Rojux
X-Request-Start
X-UA-Device-Type
Candidate-Md5Url
DCR-Decision-By
X-Vdms-Version
X-A-Dgt
X-A-Dcw
X-A-Dam
T-Server
Surrogated-Key
X-Op-Id-All
X-A-Wwc
X-A-Ccd
MD5-Digest
Ngx.Var.Host
X-ND-Cache
X-D
Meta-Geo-Continent
X-Vtex-Remote-Cache
X-Cache-NE
X-A
X-Bl-Debug
Ngx-Var-Key
Lang
X-Viewer-Country
Vix-Hermes-Req-Id
Origin-Agent-Cluster
X-ScT
Gannett-Cam-Experience-Id
Sslversion
X-Cluster-Node
Origin
Magicmarker
X-Aed
LB
X-NWS-UUID-VERIFY
Cache-Hits
X-S-Cookie
X-Core-Value
Cdncip
CDCHOST
Wxu-Next-Region
Wxu-Next-Commit
V-Age
Wxu-Next-Hostname
X-AK-Request-ID
X-B3-Trace-ID
X-Amz-Meta-Cb-Modifiedtime
X-Bip
X-Block-Status
Pramga
X-Pubstack
X-Cache-Id
NM-Fastcgi-Cache
True-Client-Country-4JS
X-Cache-TTL-Remaining
Host-ID
Content-Script-Type
Content-Style-Type
X-Origin-Expires
Cluster
X-Clientip
X-Req
X-Application
X-B-Cookie
X-PAYTM-SRV-ID
Fastly-SSL
X-Origin-Time
Environment
Cdnsip
X-Fastly-Cache
X-GeoIP-City
X-GeoIP-Country-Code
X-Auto-Login
X-GeoIP
X-Generated-On
X-External-Request-Id
X-GeoIP-Region-Code
X-Hnp-Log
X-Varnishpool
X-Thanos
X-Esi-Check
X-Gen-Mode
XM
X-Nginx-Cache-Key
X-Forwarded-Site
X-Cache-Action
X-NMSegId
X-Scheme
X-Zen-Fury
X-Gdpr
X-TA-CDN-Provider
X-Node-Id
X-WA-Info
X-Ec-Custom-Error
X-Gzip
X-Destination
X-Level-Front-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-SD-PageType
X-Kinja-CCPA
X-NCache
X-Loc
X-Nyt-Route
X-Device-Os
X-Proxy-Cache-Status
X-Service
X-Micro-Cache
Release
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-BBC-Edge-Cache-Status
Req-Svc-Chain
X-Access
X-HS-Content-Campaign-Id
X-VarnishDD-TTL
Web-Mar-Region
X-From
X-ApacheServer
Producers
RNT-Machine
X-Backend-Instance
X-Mly-Id
X-Men
X-Cache-Backend
X-HN
X-VG-WebCache
X-Cache-Aspx
X-Pool
X-VG-TLSProxy
X-GoCache-CacheStatus
X-Policy
X-Aicache-OS
X-Geo-Header
Uber-Trace-Id
Platform
X-Proxied-Request
Yak-Timeinfo
Ssr
We-Hiring
RNT-Time
X-Varnish-Director
X-TH-Server
X-DPWN-IS-SECURE
X-Old-Content-Length
X-Contensis-Viewer-Groups
X-Request-Time
Country-Code
X-Varnish-Authentication
X-Var-Ttl
X-Cache-Expired-At
X-V-Cache
X-Org
X-Sn-Servicetimems
Apple-News-Services-Handled
Adler-Geo
X-Server-IP
X-Section
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Canary
Cache-Provider
C-Via
Apple-News-Services-Request-Url
DSUID
X-Request-Host
X-Sql-Duration-Ms
Machine
X-Fmm-Version
X-Varnish-Beresp-Status
L
X-Sql-Count
Mail-Subject
PFcat
X-Cache-Info
X-We-Are-Hiring
X-RateLimit-Limit-Second
Is-Eu
X-RateLimit-Remaining-Second
X-Mvc-Supplant-Cachable
Gh-Request-Id
Fastly-GeoIP-CountryCode
X-Region-Sid
Esi-Enabled
X-FC-Vary-Parameters
X-Cdn-Srv
X-PERF
X-Origin-Response-Time
X-VCache
X-Instance-Name
X-Moov-Xdn-Version
X-Mvc-Supplant-OutputCached
X-Moov-T
X-Human
X-Csrf-Jwt
X-Hash
X-CGP
X-Fastly-Backend
X-Eu-Site
X-Edge-Server
X-Slack-Backend
Cdn-Host
Cache-Key
AKAMAI
Cdn-Request-Time
Cf-Device-Type
Ha-Gx-Prefs
Click-Count-Error
Click-Count-Action-Start
X-Slack-Shared-Secret-Outcome
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Newrelic-Synthetics
X-ECache
X-Wikidot-Backend
X-Up
X-SVT-ORM-VERSION
X-App-Name
HA-Ipaddr
X-Test
Proxy-Firewall
X-Amz-Storage-Class
X-Proto
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
Tube-Return
On-Server
W
L5d-Success-Class
X-Cloudmap
X-VServer
X-Accel-Expires-Debug
Fastly-Drupal-HTML
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Fastly
X-Sigma-Backend
X-LB-ID
X-Date
Fastly-Backend-Name
X-CacheTTL
X-Cache-Date
X-Rocket-Build-Number
X-Sigma
WZWS-RAY
X-Mg-Request-UUID
NGX
X-NGINX-Cache
X-Ah-Environment
X-API-Version
X-DynaTrace-JS-Agent
X-COUNTRY
X-HA-Backend
X-Ig-Origin-Region
X-Via-Poph
X-Varnish-Hits
X-DC
X-Location
X-Via-Popv
X-Zone
X-Parent-Response-Time
X-Branch-Name
Pics-Label
NtCoent-Length
X-Via-Popn
X-Tx-Id
Datacenter
Fusion-Deployment-Id
Edge-Copy-Time
X-Via-Edge
Fusion-Content-Id
X-Via-CDN
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-CACHE-GROUP
X-Refresh
Fusion-Template-Id
X-Via-SSL
X-Ratelimit-Reset
S-Rt
X-Correlation-ID
X-Wormhole-Sdk
GeoIp-Country-Code
X-Akamai-Transformed
X-CDN-Cache-Status
Type
X-Servedbyhost
X-VHOST
Cdn-Requestid
X-Jungle-Id
X-CUA
X-LB-NoCache
Cdn
Resin-Trace
X-Esi
X-User
Origin-EX
Origin-CC
X-Ua
Powered-By
X-ZONE
X-TX-ID
SID
Server-ID
X-Irp-Debug
Cf-Ipcountry
X-Srv
X-Wa
X-Owner
X-Nc
X-Core-Mission
X-Render-Time
IsBot
X-VTEX-Cache-Server
X-VTEX-Cache-Time
Cross-Origin-Opener-Policy-Report-Only
X-LiteSpeed-Tag
GeoIP-Latitude
X-Powered-By-VTEX-Cache
X-Hit
Fastly-Drupal-Html
X-Nananana
X-Cached-By
X-SIPLIST1
X-AIR-PT
X-Nf-Request-Id
Edge-Cache
CloudFront-Viewer-Country
Uri
X-NewRelic-App-Data
XkeyRZ
X-B3-Parentspanid
X-Qloud-Router
X-Proxy-CacheRZ
X-Fpc
X-Cs
Mime-Version
DataCenter
X-Client-Ip
X-DataCenter
X-Presslabs-Stats
X-Segment-20210421
X-IAuth-Set-Uid
Debug
X-URL
X-CS
X-LiteSpeed-Cache-Control
N-Cache
X-TIME
Expect-Staple
X-Ig-Push-State
True-Client-IP
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Auth-Group-Type
X-Amz-Meta-Opti
Tcn
CDN
X-Geo
X-PHP-Backend
X-Forwarded-Path
Xc-Version
X-Cache-Type
X-Tenant
X-Orig-Expires
X-Shop-Environment
Odigeo-Trace-Id
X-HostName
X-Vgn-Hpd-Reason
True-Client-Ip
X-Custom-Header
X-Gamma-Serve
MIME-Version
X-NodeID
X-Varnish-Beresp-TTL
X-Tt-Logid
Cmstype
X-CACHE-AGE
Cmsid
X-Dynatrace-Js-Agent
X-Pad
CPC-Age
CPC-Cache
X-Info
Load-Balancing
User-Agent
X-Vmg-Version
X-B3-Spanid
X-Api-Version
X-Depends
X-HOST
X-Dispatch
X-Cdn-Diag
X-FPC
X-Varnish-Remaining-TTL
X-NC
X-WA
X-Varnish-CookieHashed-On
X-DefElseHash
X-Fastly-Country-Code
X-DefHash
Srv
X-Varnish-CookieINHashed-On
X-Vc
Request-ID
X-M-Log
Ohc-File-Size
X-M-Reqid
X-VC-TTL
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-Variation
Geoip-Latitude
X-CSRF-TOKEN
X-Datacenter
Cl-Cache
Hostname
X-APP-VERSION
Server-Id
CacheControlHeader
X-APP
X-Cache-FS-Status
X-TimeS
X-LAGOON
Ohc-Cache-HIT
X-ServedByHost
X-Lb-Nocache
GeoIP-Country-Code
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
Cloudfront-Viewer-Country
VNS-Age
FSS-Cache
VNS-Cache
Epwk-X-Cache
Server-Info
X-Cache-Ttl
Srvid
X-FL-QIT-DEBUG
PICS-Label
X-Via-PopN
ServerHost
X-Via-PopH
X-Litespeed-Tag
X-Ha-Backend
X-Via-PopV
BehaviorPad-Version
X-Fastly-Backend-Reqs
CountryCode
X-Srcache-Store-Status
X-Litespeed-Cache-Control
Rtss
X-VCL-Version
X-Srcache-Fetch-Status
X-Lb-Id
X-Proxy-Cache-La3
Xkey-La3
X-MSEdge-Features
X-MSEdge-Flight
Xkeylog
X-Cdn-Request-ID
X-Th-Server
Ngx
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
Time
X-Acquia-Site
Memcached
X-Check-Cacheable
X-Serial
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-Web-Server
Memory
X-Acquia-Application-UUID
OriginIP
X-Dispatcher-Number
X-IN-APIGATEWAY
X-RequestId
X-Sorting-Hat-Shopid
X-Shopid
X-Cache-Version
X-Shardid
X-Sorting-Hat-Podid
X-RAMCache
X-Ramcache
X-Service-Response-Time
Warning
Akamai-Cache-Status
X-Udemy-Cache-App-Namespace
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-Mg-Cache
X-Dw-Trace-Id
Sm-Log-Id
X-Requestid