Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
P3p
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Allow
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Vhost
X-Rq
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Dns-Prefetch-Control
X-CST
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
Permissions-Policy
X-Backend-Server
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Litespeed-Cache
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
Accept-Ch-Lifetime
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-ECACHE
X-MS-InvokeApp
Nginx-Cache
X-PC
X-Vname
X-TtlSet
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
Verso
X-Times
X-Cnection
X-Element-Page-Cache
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-D2id
X-Ac
SPRequestDuration
SPIisLatency
X-B3-TraceId
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-NWS-LOG-UUID
X-Ser
X-Abt-Application-Version
X-NF-Request-ID
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Navigation-Version
X-RateLimit-Remaining
X-Dw-Request-Base-Id
AR-CACHE
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Mg-S
X-Client-IP
S
X-VARITI-CCR
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Ttl
Edge-Cache-Tag
X-Cache-Key
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Cache-Status
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Goog-Hash
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Varnish-TTL
X-Server-ID
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
Origin-Trial
X-MSEdge-Ref
Content-MD5
X-Daa-Tunnel
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-Cache
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
Cross-Origin-Resource-Policy
Front-End-Https
X-Hits
X-Cached
X-Id
MS-Author-Via
Public-Key-Pins
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
Server-Node
X-Ua-Browser
X-FTR-Expires
X-DIS-Request-ID
X-Request-Processing-Time
X-HS-Hub-Id
X-Forwarded-Proto
X-HS-Combine-CSS
X-Request-Received
Payment
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
X-Fastcgi-Cache
X-LLID
Realpath
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Webkit-Csp
X-ORACLE-DMS-RID
X-Protected-By
X-FastCGI-Cache
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
Cache-Tags
X-LB-Cache
X-Ratelimit-Limit
X-Origin-Server
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Upstream-Latency
Referer-Policy
X-Kong-Proxy-Latency
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Count-Hit
X-Page-Id
X-Hostname
X-Cluster-Name
X-Correlation-Id
X-Www-Served-By
X-NGENIX-Cache
X-Debug-Info
X-Az
X-AppVersion
Host
X-ORACLE-DMS-ECID
X-Activity-Id
X-F-Cache
Fastcgi-Cache
X-Varnish-Server
Accept-Charset
X-Varnish-Backend
X-RateLimit-Limit
X-Envoy-Decorator-Operation
X-Geo-Country
X-App-Server
X-XRDS-LOCATION
X-PressLabs-Stats
X-Ua-Device
X-FB-Debug
X-Goog-Metageneration
X-TTL
Retry-After
X-Fastly-Request-Id
X-Git-Hash
Access-Control-Allow-Method
X-CSRF-Token
X-Upgrade-Enabled
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-Load-Cache
X-RateLimit-Reset
X-Content-Options
X-Seen-By
X-Px
Server-Name
X-Tt-Trace-Tag
X-Contextid
X-Revision
X-Request-Guid
X-Tt-Trace-Host
X-Cache-Control
X-Datadog-Sampling-Priority
Charset
X-Trace-Id
TCN
X-Datadog-Trace-Id
Section-Io-Cache
X-Datadog-Parent-Id
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Ttl
X-Type
X-B3-Sampled
Cleartype
X-B
X-Grace
DC
X-TT
Paypal-Debug-Id
Healthy
X-Newrelic-App-Data
X-B-Cache
X-Signature
X-Whom
X-Fb-Rlafr
X-Wix-Request-Id
X-App-Environment
X-Oracle-Dms-Ecid
X-Node-Name
X-Origin-Cache
Frame-Options
X-WebKit-CSP-Report-Only
X-Rid
X-Amz-Replication-Status
X-Mobile
X-Magnolia-Registration
X-Azure-Ref
X-Proxy
X-Kinja-CCPA
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Air-Pt
X-EdgeConnect-Cache-Status
Filterid
Accept-Ch
X-N
X-Oracle-Dms-Rid
X-Logged-In
X-Language
X-WP-CF-Super-Cache
X-Route-Name
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-WP-CF-Super-Cache-Cache-Control
X-Fastly-Request-ID
X-Providence-Cookie
X-Ratelimit-Remaining
Content-Disposition
Akamai-GRN
Backend
NGB
X-Time
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Age
X-Is-Bot
X-Rendered-As
Upgrade-Insecure-Requests
X-Template
X-Yottaa-Optimizations
Viewport
X-Varnish-Grace
X-Debug-IsPreview
X-Servername
X-Proxy-Cache-Info
X-Debug-IsConnected
Liferay-Portal
X-Yottaa-Metrics
Refresh
X-FW-Static
X-FW-Type
Ms-Operation-Id
X-Adobe-Content
X-FW-Server
X-Datadog-Sampled
X-Adobe-Loc
MS-CV
X-Tumblr-Pixel-1
X-ProcessESI
X-IPS-LoggedIn
X-RTag
X-RemovedCookies
X-Debug
X-Instance
X-FW-Version
X-Tumblr-Pixel
X-Unique-Id
X-App-Version
X-Tumblr-User
X-FW-Serve
X-Tumblr-Pixel-0
X-FW-Dynamic
X-FW-Hash
X-G
X-L-Path
X-Cache-Grace
Fastly-SIE
Fastly-SWR
X-Region
X-Amzn-Remapped-Content-Length
SD-X-WS
X-NYM-Debug-Backend
X-Cacheable-TTL
X-Environment-Context
From-Origin
X-Device-Type
X-Backend-Name
X-B3-SpanId
X-UUID
X-User-Agent
X-Hl-Ver
X-Status
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Country
X-CCDN-CacheTTL
X-Cache-Hit
ServerID
X-Via-JSL
Url
X-Rule
X-Jobs
X-VC-Cache
X-INCAP-ABP
Countrycode
WPO-Cache-Message
X-Origin-TTL
X-Origin-CC
Version
WPO-Cache-Status
X-Webkit-CSP
Alternate-Protocol
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Cache-Status-Check
X-HTML-Minification-Powered-By
Surrogate-Key
X-Hosted-By
X-Akamai-Request-ID2
X-Page-View
X-Source
GEO-INFO
X-Content-Powered-By
CDN-RequestId
X-NODE
Protected
X-Storage
X-Nginx-Cache
X-WP-CF-Super-Cache-Active
X-Akamai-Edgescape
X-Rocket-Nginx-Serving-Static
Amp-Access-Control-Allow-Source-Origin
OT-Force-Account-Verify
X-B3-Traceid
X-Accel-Version
AMP-Access-Control-Allow-Source-Origin
SRV
X-Tec-Api-Origin
X-VC
Access-Control-Request-Headers
X-Tec-Api-Version
X-Tec-Api-Root
X-Real-IP
X-Edge-Location
X-Framework
X-Cache-Rule
X-ServerID
Front
X-Mode
X-Http-Reason
X-Cache-Time
X-Upstream-Ht
X-Xfnlog-Site
Webserver
Meta-Geo
Accept-Language
X-Upstream-Ct
X-Rn-Rsrv
X-UPSTREAM-Address
CF-IPCountry
X-Rewrite-Enabled
X-Cache-Operation
Filters
X-CDN-Forward
X-AWS-Id
X-Director
X-Timing-Wait
X-SaId
X-Detected-As
X-Cache-Debug
X-JoinUs
X-LJ-Flow-ID
X-Origin
Cross-Origin-Embedder-Policy
X-Proxy-Build
Selected-Fe
ServedBy
X-Httpd
X-TT-LOGID
X-VWS-Id
X-Handled-By
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Soup
X-Served-From
X-Tumblr-Pixel-2
X-SayCDN-TTL
Node
Property-Id
X-Say-TTL
TWC-Device-Class
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-Cluster
TWC-Privacy
TWC-Locale-Group
Apigw-Requestid
Web-Mar-Node
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Adobe-Source
X-BYPASS-REASON
X-Format
Xserver
X-Zipkin-Id
X-Origin-Hint
Section-Io-Id
X-No-Session
X-Lambda-Id
X-Logging-Id
X-Web-Node
X-Routing-Service
X-Redis-Cache
X-Restarts
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Host
X-Proxied
X-Say-Cacheable
X-Labrador-Cache-Channel
X-Extlb
Xet-Cookie
X-Tumblr-Pixel-3
X-Use-Mantle
X-Geo-Region
X-Browser-Name
X-Endurance-Cache-Level
X-Cms-Context
X-RCS-CacheZone
X-GeoCode
X-GeoCountry
X-Is-Desktop
X-Locale
X-Is-Mobile
X-Is-Supported-Browser
X-Loop
X-S
X-AB
X-IPLB-Instance
X-IPLB-Request-ID
X-Is-Tablet
Azure-RegionName
X-Tcp-Rtt
Azure-SlotName
Azure-InstanceId
X-Skip-Cache
X-Tncms
X-RM-Cache-TTL
Azure-Version
Azure-SiteName
X-VCT
DB-Nickname
X-Varnish-Beresp-Grace
X-Site-Version
X-Generation-Time
X-Cache-Server
X-Cache-Host
X-Varnish-Age
X-Platform-Router
X-Platform-Cluster
X-Vercel-Id
X-Vercel-Cache
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Platform-Processor
X-Fetched-On
X-Server-W
X-Tb
X-Frame-Option
X-Container-Uri
X-Webstats-RespID
X-Git-Commit
X-Vcache
X-R9-Blue-Green-Version
X-Drupal-Cache-Contexts
X-Worker
X-Ms-Version
X-Reqid
X-Ms-Request-Id
X-Provided-By
X-Uri
CDN-RequestPullSuccess
X-MP-GENERATED-AT
X-Shopify-Stage
X-Alternate-Cache-Key
CDN-Uid
CDN-PullZone
X-Storefront-Renderer-Rendered
CDN-RequestCountryCode
CDN-Cache
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-CachedAt
X-DynaTrace
X-Origin-Date
WP-Super-Cache
X-Sucuri-Cache
Source
Fastcgi-Useragent
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-ShopId
X-Vcl-Version
X-XRDS-Location
Cache-Tv-Group
X-Sucuri-ID
Content-Secure-Policy
X-Cdn-Origin
X-FB-TRIP-ID
X-Sql-Duration-Ms
X-Generated-By
X-Sql-Count
Cross-Origin-Embedder-Policy-Report-Only
Priority
X-Pass-Why
X-SRV
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Xrds-Location
Sid
Onion-Location
X-Buckets
X-Content-Age
Atl-Traceid
HostName
X-Scope-Id
X-CMSURLCustom
Thinkindot-Control
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Newrelic-Synthetics
X-DataDome
Thinkindot-CacheControl-Type
Cross-Origin-Window-Policy
X-Cluster-Node
Thinkindot-CacheControl
TDXMobile
X-LSADC-Cache
X-Proxy-Cache-Status
Cache
WZWS-RAY
S-Rt
X-TA-CDN-Provider
X-Cache-Action
X-Varnish-Beresp-Ttl
X-Cache-Expired-At
X-GEO
X-WP-CF-Super-Cache-Cookies-Bypass
X-Optimistic-Header
X-Connection-Hash
User-Cache-Control
X-Ua
X-Via-CDN
Expiry
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
Origin-Agent-Cluster
Origin
Sever-Int
Server-Hostname
Ngx.Var.Host
Server-Ext
Req-ID
Rendered-Blocks
Redirect-Candidate
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
Candidate-Md5Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
A
Apple-News-Services-Handled
CDCHOST
DCR-Decision-By
MD5-Digest
Meta-Geo-Continent
Lang
L
Sslversion
Gannett-Cam-Experience-Id
Ngx-Var-Key
X-A-Dam
X-Op-Id-All
X-PAYTM-SRV-ID
X-Platform
X-Request-Start
X-External-Request-Id
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Ec-Fail
X-Ec-GeoHdr
X-Rojux
X-S-Cookie
X-Vdms-Path
X-Vdms-Version
X-Vtex-Remote-Cache
X-TIM-N
X-SRCache-Key
X-Scheme
X-ScT
X-Section
X-Dispatcher-Server
X-Developer
X-A-Dgt
X-A-Wwc
X-Access
X-A-Dcw
X-A-Ccd
T-Server
Vix-Hermes-Req-Id
X-A
X-Aed
X-Application
X-Cache-NE
X-D
X-Destination
X-Cache-Bucket
X-Bl-Debug
X-B-Cookie
X-Bc-Bl
X-BCube-Filmed-By
Surrogated-Key
X-Conf
X-Dc
X-Branch-Name
X-Cache-Id
X-Block-Status
X-Bip
X-BBC-Edge-Cache-Status
X-VCache
X-Cache-Info
X-Esi-Check
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gen-Mode
X-Forwarded-Site
X-B3-Trace-ID
X-Fastly-Cache
X-Cache-TTL-Remaining
X-Auto-Login
X-Correlation-ID
Req-Svc-Chain
Server-Host
Release
Pramga
Host-ID
NM-Fastcgi-Cache
Ssr
Type
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Meta-Cb-Modifiedtime
Wxu-Next-Region
Wxu-Next-Hostname
V-Age
Wxu-Next-Commit
X-Gzip
X-Hnp-Log
X-Varnish-Director
X-Varnish-Hostname
X-Varnishpool
X-Varnish-Beresp-Status
X-UA-Device-Type
X-TH-Server
X-Thanos
X-VG-TLSProxy
X-VG-WebCache
X-Zen-Fury
Magicmarker
X-We-Are-Hiring
X-WA-Info
X-Viewer-Country
X-VServer
X-Sigma-Backend
X-Sigma
X-Moov-Xdn-Version
X-NCache
X-Nginx-Cache-Key
X-Moov-T
X-Mly-Id
X-Human
X-Loc
X-NMSegId
X-Pool
X-Rocket-Build-Number
X-SB
X-Request-URI
X-Request-Time
X-Proxied-Request
X-Pubstack
Fastly-SSL
X-Instance-Name
C-Via
Content-Script-Type
Cache-Provider
Fastly-Drupal-HTML
DSUID
Content-Style-Type
Fastly-GeoIP-CountryCode
Environment
X-Origin-Response-Time
X-Mg-Request-UUID
X-Datadome
X-TimeS
X-Aicache-OS
X-Region-Sid
X-ApacheServer
Cluster
X-ND-Cache
X-Request-Host
Web-Mar-Region
We-Hiring
Yak-Timeinfo
X-Server-IP
Country-Code
X-SD-PageType
X-Ad-Load-Variation
Click-Count-Error
X-Geo-Header
X-Azure-Ref-OriginShield
X-Req
X-Cache-Aspx
X-Core-Value
X-Micro-Cache
Adler-Geo
X-Contensis-Viewer-Groups
X-Clientip
X-Men
X-DPWN-IS-SECURE
X-Device-Os
X-Level-Front-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Cache-Date
X-Policy
Uber-Trace-Id
Canary
X-PERF
X-Origin-Time
X-Cdn-Srv
X-Node-Id
X-Nyt-Route
X-Old-Content-Length
Click-Count-Action-Start
W
Producers
Platform
X-GeoIP-City
X-From
Esi-Enabled
RNT-Machine
X-GoCache-CacheStatus
X-Fmm-Version
RNT-Time
On-Server
X-GeoIP
Cdncip
Is-Eu
Gh-Request-Id
Cdnsip
X-Generated-On
Locid
X-Gdpr
Mail-Subject
Machine
X-Varnish-Authentication
X-AK-Request-ID
X-SVT-ORM-RULES
True-Client-Country-4JS
X-Var-Ttl
Tube-Get-Contents
Tube-Got-Eval
Tube-Return
Tube-Got-Results
X-FC-Vary-Parameters
X-SVT-ORM-VERSION
X-V-Cache
X-Service
X-ECache
X-HS-Content-Campaign-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Edge-Server
L5d-Success-Class
X-App-Name
X-Csrf-Jwt
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
AKAMAI
X-Hash
X-Fastly-Backend
HA-Ipaddr
X-CGP
Ha-Gx-Prefs
X-RateLimit-Limit-Second
Cdn-Request-Time
Cache-Key
Proxy-Firewall
Cf-Device-Type
X-Eu-Site
X-Sn-Servicetimems
X-VarnishDD-TTL
X-Up
X-Amz-Storage-Class
X-Org
X-HN
PFcat
X-RateLimit-Remaining-Second
Cdn-Host
X-Test
X-Use-Magma
X-Parent-Response-Time
X-Irp-Debug
X-Accel-Expires-Debug
X-Proto
X-DC
X-Backend-Instance
X-LB-ID
Fastly-Backend-Name
X-CacheTTL
X-Date
X-Ratelimit-Reset
Pics-Label
XM
X-Tx-Id
NGX
X-Ah-Environment
X-ZONE
X-Lagoon
LB
X-Via-Popv
X-Via-Popn
X-SIPLIST1
X-Cache-Backend
X-Origin-Expires
X-Owner
X-HA-Backend
X-Via-Poph
X-Servedbyhost
X-Core-Mission
IsBot
X-COUNTRY
X-Refresh
X-NGINX-Cache
Cdn
X-UA
X-API-Version
X-DynaTrace-JS-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Hits
X-CACHE-GROUP
X-RID
Datacenter
X-Qloud-Router
NtCoent-Length
X-LB-NoCache
X-VHOST
X-CDN-Cache-Status
X-CF-Lambda-Version
X-CF-Lambda-Fn
Expect-Staple
RATING
N-Cache
SID
GeoIp-Country-Code
Cdn-Requestid
X-Tenant
X-Srv
X-Shop-Environment
CloudFront-Viewer-Country
X-Orig-Expires
X-Cache-Type
X-Nc
X-Nananana
X-Wa
X-Forwarded-Path
Server-ID
Xc-Version
X-Zone
X-Gamma-Serve
X-Via-Fastly
Cmstype
Cmsid
Cache-Hits
CPC-Cache
X-B3-Parentspanid
X-Presslabs-Stats
X-Fpc
Cross-Origin-Opener-Policy-Report-Only
X-TX-ID
GeoIP-Latitude
X-Akamai-Transformed
CPC-Age
X-Hit
DataCenter
X-Vmg-Version
Resin-Trace
Uri
X-Cdn-Diag
X-Ig-Origin-Region
X-Location
X-Cloudmap
X-Nf-Request-Id
User-Agent
Fusion-Content-Source
XkeyRZ
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Proxy-CacheRZ
Fusion-Template-Id
Fusion-Source
X-Client-Ip
X-DataCenter
X-CS
X-URL
Powered-By
X-CUA
X-TIME
True-Client-Ip
X-NWS-UUID-VERIFY
Mime-Version
X-Jungle-Id
Origin-EX
X-Variation
X-Fastly-Country-Code
X-Tt-Logid
X-Info
CacheControlHeader
X-Amz-Meta-Opti
Origin-CC
Tcn
Srv
X-LAGOON
Fastly-Drupal-Html
Cf-Ipcountry
X-User
True-Client-IP
X-Cached-By
MIME-Version
X-IAuth-Set-Uid
X-Datacenter
X-Cdn-Forward
X-NewRelic-App-Data
X-HostName
X-Geo
X-CACHE-AGE
X-Segment-20210421
X-Api-Version
X-Dynatrace-Js-Agent
X-Render-Time
Load-Balancing
Lb
X-Varnish-Beresp-TTL
VNS-Age
VNS-Cache
X-B3-Spanid
X-Webkit-Csp-Report-Only
CDN
X-HOST
X-LiteSpeed-Tag
X-Vc
X-VTEX-Cache-Time
X-VTEX-Cache-Server
Debug
X-Powered-By-VTEX-Cache
X-Wormhole-Sdk
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-AIR-PT
X-Auth-Group-Type
Edge-Cache
X-CSRF-TOKEN
Cl-Cache
X-FPC
X-Dispatcher-Number
X-Dispatch
Hostname
Cache-Name
Ohc-Cache-HIT
X-WA
Server-Id
X-MCACHE
GeoIP-Country-Code
X-Ig-Push-State
X-NC
X-Esi
X-NodeID
X-Lb-Nocache
X-Cdn-Cache-Status
Odigeo-Trace-Id
X-Litespeed-Tag
X-APP-VERSION
X-Oracle-DMS-ECID
X-Mid
X-Custom-Header
X-Cs
X-ServedByHost
X-PHP-Backend
X-Vgn-Hpd-Reason
X-Depends
X-Pad
X-Cache-Ttl
X-Ha-Backend
X-Varnish-CookieHashed-On
BehaviorPad-Version
X-Varnish-CookieINHashed-On
X-Via-PopH
X-Via-PopV
X-DefHash
CountryCode
X-Via-PopN
X-Varnish-Remaining-TTL
X-Fastly-Backend-Reqs
X-DefElseHash
X-Srcache-Fetch-Status
Ms-Author-Via
X-Srcache-Store-Status
X-Litespeed-Cache-Control
X-VCL-Version
X-MSEdge-Flight
X-Lb-Id
X-Cache-Enabled
X-Proxy-Cache-La3
X-Cdn-Request-ID
X-MSEdge-Features
PICS-Label
X-M-Reqid
X-VC-TTL
X-M-Log
X-MiniProfiler-Ids
X-RequestId
X-Akamai-Pragma-Client-IP
Ngx
Xkeylog
Xkey-La3
X-Web-Server
X-FL-EDGE
X-IN-APIGATEWAYSSL
Srvid
Location
X-FL-QIT-DEBUG
Time
X-Snapshot-Date
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
FSS-Cache
YJS-ID
Server-Info
Memcached
X-Acquia-Site
Memory
X-Acquia-Application-UUID
OriginIP
X-IN-APIGATEWAY
X-Cache-Version
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Check-Cacheable
Sm-Log-Id
CF-Ctrl
Warning
Epwk-X-Cache
X-Cache-FS-Status
X-Serial
X-Mg-Cache
My-App
Geoip-Latitude
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-Internal-Host
CF-Cached-On
X-Service-Response-Time
Akamai-Cache-Status
X-Sucuri-Id
X-Lsadc-Cache