Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
X-XSS-Protection
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
CF-RAY
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
P3p
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
X-Cacheable
CF-Ray
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-Content-Security-Policy
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Backend
Allow
X-Cache-Group
Cf-Edge-Cache
Request-Context
X-Robots-Tag
X-Server
Keep-Alive
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Vhost
X-Proxy-Cache
X-Rq
Xkey
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
Cf-Railgun
X-Page-Speed
X-Pingback
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Aws-Lambda-Call-Status
X-Dns-Prefetch-Control
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Application-Context
X-Country-Code
X-Trace
X-Oneagent-Js-Injection
Content-Location
X-Ruxit-JS-Agent
X-Cache-Lookup
Service-Worker-Allowed
X-Url
X-Content-Type
X-Country
X-ECACHE
X-Clacks-Overhead
X-Edge
X-Litespeed-Cache
X-Mod-Pagespeed
X-Rack-Cache
X-Amz-Server-Side-Encryption
Cache-Tag
X-Midtier
X-FTR-Request-ID
X-Origin-Cache-Key
Cross-Origin-Opener-Policy
Accept-Ch
X-MS-InvokeApp
X-Mcache
X-PC
X-Upstream
X-Powered-By-Plesk
X-Vname
X-TtlSet
Nginx-Cache
Rating
X-ESI
Edge-Control
X-D2id
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Browser-Type
X-Element-Page-Cache
X-Times
Verso
X-Ruxit-Js-Agent
X-Ac
X-Cnection
X-Server-Name
SPIisLatency
SPRequestDuration
X-Vcap-Request-Id
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-Navigation-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-RateLimit-Remaining
X-B3-TraceId
X-VARITI-CCR
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Origin-Trial
X-Ser
X-GitHub-Request-Id
AR-CACHE
RTSS
X-NF-Request-ID
S
X-Cache-Key
X-Cache-TTL
X-Mg-S
X-Content-Security-Policy-Report-Only
X-Server-ID
Edge-Cache-Tag
X-Amz-Rid
X-Goog-Hash
X-Middleton-Display
Fastly-Restarts
X-Sol
Pagespeed
Display
X-Amzn-Trace-Id
X-Powered-CMS
X-NWS-LOG-UUID
X-Client-IP
X-Ttl
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Version
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Varnish-TTL
X-Erf-Bev-Bev
X-ARC
Access-Control-Request-Method
X-Kinsta-Cache
X-Edge-Location-Klb
X-Recruiting
Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Arr-Disable-Session-Affinity
X-Content-Digest
X-T
X-MSEdge-Ref
Content-MD5
X-Forwarded-For
X-Accel-Expires
MicrosoftSharePointTeamServices
Response
X-Middleton-Response
X-Ua-Device
X-TraceId
TP-Cache
X-Shield-Request-Id
X-Hits
X-Cached
Public-Key-Pins
X-WebKit-CSP-Report-Only
X-Id
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-RateLimit-Limit
X-Frontend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
X-Kinja-CCPA
Server-Node
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Request-Received
X-Ua-Browser
X-Request-Processing-Time
Payment
MS-Author-Via
X-Fastcgi-Cache
Front-End-Https
Cross-Origin-Resource-Policy
X-DIS-Request-ID
X-Webkit-Csp
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-LLID
X-Forwarded-Proto
X-GUploader-UploadID
Cache-Tags
X-FastCGI-Cache
X-LB-Cache
TP-L2-Cache
Realpath
X-TTL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Protected-By
X-PressLabs-Stats
Count-Hit
X-Daa-Tunnel
X-Origin-Server
X-ORACLE-DMS-RID
X-Distributor
X-Microsite
X-Request-Handler-Origin-Region
Mrf-Cache-Status
X-F-Cache
MRF-Tech
X-B3-TraceId-Primal
X-Az
X-AppVersion
X-Page-Id
X-Correlation-Id
X-Cluster-Name
X-Activity-Id
Accept-Charset
X-Varnish-Backend
X-Www-Served-By
X-NGENIX-Cache
X-Geo-Country
X-FB-Debug
X-Rid
X-Debug-Info
X-App-Server
Referer-Policy
X-Hostname
X-Varnish-Server
X-Goog-Metageneration
Host
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Envoy-Decorator-Operation
Fastcgi-Cache
Access-Control-Allow-Method
X-Git-Hash
X-ORACLE-DMS-ECID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Retry-After
Server-Name
X-Px
X-RateLimit-Reset
X-Tt-Trace-Tag
X-B3-Sampled
X-Tt-Trace-Host
X-Oracle-Dms-Ecid
DC
X-Content-Options
X-Ratelimit-Limit
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Origin-Cache
X-Fastly-Request-ID
X-Contextid
X-Revision
X-Load-Cache
X-Mobile
X-App-Environment
X-B-Cache
X-TT
X-Signature
X-Fb-Rlafr
TCN
Cleartype
X-Trace-Id
X-Type
X-Language
X-B
X-Grace
Charset
X-Datadog-Trace-Id
Paypal-Debug-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Newrelic-App-Data
X-Logged-In
X-Oracle-Dms-Rid
Frame-Options
Section-Io-Cache
X-Cache-Control
X-Amz-Replication-Status
X-ASPNET-VERSION
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Amz-Meta-S3cmd-Attrs
X-CSRF-Token
X-XRDS-LOCATION
X-Seen-By
X-Webkit-CSP
Filterid
X-Magnolia-Registration
X-Whom
X-EdgeConnect-Cache-Status
X-Wix-Request-Id
Healthy
X-Ezoic-Cdn
Content-Disposition
X-Upgrade-Enabled
X-Azure-Ref
X-App-Version
X-Varnish-Ttl
X-Node-Name
X-Proxy
X-Ratelimit-Remaining
X-B3-Traceid
Backend
X-N
Akamai-GRN
Upgrade-Insecure-Requests
X-Use-Magma
X-Template
X-Fastly-Request-Id
X-Proxy-Cache-Info
Refresh
NGB
X-Response-Served-From
X-Air-Pt
X-Original-Request-Id
X-Servername
X-ProcessESI
X-Rendered-As
X-RemovedCookies
X-Page-View
X-Unique-Id
Url
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SD-X-WS
Ms-Operation-Id
X-RTag
X-Is-Bot
MS-CV
X-Tumblr-Pixel-0
X-Cacheable-TTL
X-Tumblr-Pixel
Liferay-Portal
X-UUID
X-Tumblr-User
X-Adobe-Content
X-Adobe-Loc
X-Datadog-Sampled
X-L-Path
X-Tumblr-Pixel-1
X-Jobs
X-Environment-Context
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Grace
X-G
X-B3-SpanId
X-Varnish-Grace
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Region
X-Amzn-Remapped-Content-Length
From-Origin
X-Hosted-By
X-Instance
Viewport
X-FW-Dynamic
X-FW-Hash
Fastly-SIE
X-NYM-Debug-Backend
X-User-Agent
X-Cache-Hit
Fastly-SWR
X-FW-Static
X-FW-Server
X-IPS-LoggedIn
X-FW-Version
X-FW-Type
X-FW-Serve
X-Rule
X-Device-Type
X-Debug
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
Country
X-Status
X-XRDS-Location
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Hl-Ver
Protected
X-Http-Reason
X-Content-Powered-By
X-Backend-Name
X-Origin-TTL
X-Akamai-Request-ID2
X-Origin-CC
ServerID
Version
Alternate-Protocol
X-Cache-Age
X-Cache-Status-Check
X-VC-Cache
X-Time
X-Akamai-Edgescape
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-NODE
X-Hcs-Proxy-Type
WPO-Cache-Status
WPO-Cache-Message
X-CDN-Forward
X-Nginx-Cache
Countrycode
X-Rocket-Nginx-Serving-Static
X-Framework
X-HTML-Minification-Powered-By
Front
X-Edge-Location
X-Tec-Api-Root
CF-IPCountry
X-Cache-Rule
X-INCAP-ABP
X-Tec-Api-Origin
X-Tec-Api-Version
X-Source
SRV
Access-Control-Request-Headers
CDN-RequestId
GEO-INFO
X-Httpd
X-Mode
X-Via-JSL
X-Storage
X-Endurance-Cache-Level
X-WP-CF-Super-Cache-Active
X-Accel-Version
Accept-Language
X-Rewrite-Enabled
X-Cache-Operation
Filters
X-Rn-Rsrv
X-UPSTREAM-Address
X-Upstream-Ht
X-Upstream-Ct
X-Xfnlog-Site
Meta-Geo
X-Real-IP
X-Lambda-Id
Xet-Cookie
X-SaId
X-Soup
X-Cache-Debug
OT-Force-Account-Verify
X-JoinUs
X-Detected-As
X-Skip-Cache
X-Say-TTL
X-Use-Mantle
X-Sql-Count
X-Vcache
X-Say-Cacheable
X-Director
Apigw-Requestid
X-Sql-Duration-Ms
X-Adobe-Source
X-Cms-Context
Webserver
X-Loop
X-SayCDN-TTL
X-Varnish-Age
X-Served-From
Xserver
X-Tumblr-Pixel-3
X-Tncms
X-Tumblr-Pixel-2
X-Cache-Time
X-Logging-Id
X-ProxyCache-Status
X-ProxyCache-Key
X-GeoCode
X-Varnish-Beresp-Grace
ServedBy
X-GeoCountry
X-BYPASS-REASON
X-Varnish-Cache-Hits
X-Redis-Cache
X-Uri
X-VC
DB-Nickname
Web-Mar-Node
X-Container-Uri
X-Format
TWC-Connection-Speed
X-Extlb
TWC-Device-Class
X-Cache-Host
TWC-GeoIP-Country
X-Browser-Name
Webcakes-App-Name
X-AB
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-LatLong
Webcakes-App-Version
X-PHP-Host
X-Zipkin-Id
Selected-Fe
X-Tcp-Rtt
X-Routing-Service
X-Restarts
X-Handled-By
X-No-Session
X-Worker
X-Timing-Wait
X-S
X-Proxy-Build
X-RCS-CacheZone
X-Proxied
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
X-Generation-Time
X-Is-Supported-Browser
X-Is-Tablet
Property-Id
X-Origin-Hint
X-Origin
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Git-Commit
Mn-Server-Ip
X-RM-Cache-TTL
X-Server-W
X-VCT
X-LJ-Flow-ID
X-Tb
X-DynaTrace
X-Vercel-Cache
X-Vercel-Id
X-AWS-Id
X-VWS-Id
X-Fetched-On
X-ServerID
Cache-Tv-Group
X-COUNTRY
Azure-Version
X-IPLB-Request-ID
X-IPLB-Instance
Node
X-Cache-Server
X-Cluster
Azure-SlotName
X-Reqid
Azure-InstanceId
X-Provided-By
Azure-SiteName
Azure-RegionName
Priority
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-Ms-Version
X-Ms-Request-Id
X-Frame-Option
Section-Io-Id
X-Site-Version
Content-Secure-Policy
X-Platform-Processor
X-Platform-Router
Fastcgi-Useragent
X-Platform-Cluster
X-Locale
X-MP-GENERATED-AT
Source
S-Rt
AMP-Access-Control-Allow-Source-Origin
X-Urbn-Context-Path
Onion-Location
X-Ua
WZWS-RAY
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Webstats-RespID
X-Urbn-Site-Id
Locale
X-Content-Age
CDN-EdgeStorageId
CDN-PullZone
X-Alternate-Cache-Key
CDN-CachedAt
CDN-RequestCountryCode
CDN-RequestPullCode
X-Storefront-Renderer-Rendered
X-Web-Node
CDN-Uid
CDN-RequestPullSuccess
CDN-Cache
X-Vcl-Version
X-Shopify-Stage
WP-Super-Cache
X-Generated-By
X-Origin-Date
Cross-Origin-Embedder-Policy
X-SRV
X-Cache-Action
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Ttl
X-Pass-Why
X-Cluster-Node
X-Mg-Request-UUID
X-Proxy-Cache-Status
X-Xrds-Location
X-Sucuri-Cache
X-Cdn-Origin
X-Sucuri-ID
Sid
Cross-Origin-Window-Policy
X-Buckets
Fastly-Drupal-HTML
X-DataDome
X-Cache-Expired-At
X-Newrelic-Synthetics
X-Request-URI
Cache
X-GEO
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Thinkindot-L3
X-CMSURLCustom
X-Scope-Id
TDXMobile
X-TT-LOGID
X-Shield-Cache-Expires
X-LSADC-Cache
Ngx.Var.Host
X-Vtex-Remote-Cache
Meta-Geo-Continent
Lang
Ngx-Var-Key
X-Viewer-Country
Environment
MD5-Digest
Gannett-Cam-Experience-Id
X-TIM-N
X-Ec-GeoHdr
X-B-Cookie
X-Ec-Fail
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Application
X-Men
X-A-Wwc
X-Aed
X-External-Request-Id
X-Developer
X-Destination
DCR-Decision-By
X-Bl-Debug
X-BCube-Filmed-By
X-Bc-Bl
Candidate-Md5Url
X-Cache-Bucket
X-D
X-Conf
X-Cache-NE
X-PAYTM-SRV-ID
X-A-Dgt
X-Up
Sslversion
Surrogated-Key
X-SRCache-Key
X-Vdms-Path
Rendered-Blocks
Origin-Agent-Cluster
X-Vdms-Version
Redirect-Candidate
T-Server
Type
X-S-Cookie
DCR-Processing-Time-Ms
X-Rojux
X-A-Dcw
X-Scheme
X-A-Dam
X-A
X-A-Ccd
X-ScT
Origin
CDCHOST
HostName
X-DC
X-Tt-Logid
X-Aspnetmvc-Version
X-Service
Host-ID
X-Sigma
L
X-Sigma-Backend
X-BBC-Edge-Cache-Status
X-SD-PageType
Magicmarker
Fastly-SSL
X-Section
X-SVT-ORM-VERSION
X-VG-WebCache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-VG-TLSProxy
X-Varnish-Hostname
X-SB
Country-Code
X-V-Cache
X-Varnish-Director
X-Acquia-Purge-Cdn-Unconfigured
X-Request-Time
X-Aicache-OS
X-VCache
Ssr
X-Pool
X-Correlation-ID
V-Age
X-Access
X-Mly-Id
X-Op-Id-All
Vix-Hermes-Req-Id
Sever-Int
X-Loc
Req-Svc-Chain
X-Human
Pramga
Apple-News-Services-Handled
X-Req
X-Instance-Name
Server-Hostname
Server-Host
Server-Ext
X-Level-Front-Cache
X-Rocket-Build-Number
X-SVT-ORM-RULES
X-Generated-On
X-GeoIP-Country-Code
X-Cache-Info
X-Core-Value
Cross-Origin-Embedder-Policy-Report-Only
X-Dispatcher-Server
X-Fastly-Backend
X-Fastly-Cache
X-GeoIP-Region-Code
X-Core-Mission
X-VServer
Edge-Copy-Time
X-Datadome
X-Optimistic-Header
X-TimeS
X-Parent-Response-Time
X-Via-SSL
X-Via-CDN
User-Cache-Control
X-Via-Edge
X-Varnish-Beresp-Status
X-Device-Os
LB
X-Proxied-Request
X-Thanos
X-Platform
X-From
Producers
X-Debug-Cache-Fetch
X-Debug-Cache-Store
True-Client-Country-4JS
X-Pubstack
X-Fmm-Version
Tube-Got-Results
X-Org
Wxu-Next-Region
Wxu-Next-Hostname
X-DPWN-IS-SECURE
X-Old-Content-Length
X-NCache
X-Nginx-Cache-Key
X-Nyt-Route
Wxu-Next-Commit
X-Ad-Load-Variation
Tube-Return
X-WA-Info
Tube-Got-Eval
X-Origin-Time
X-Via-Popv
X-Origin-Response-Time
X-Server-IP
Tube-Get-Contents
Platform
X-GeoIP-City
X-Cache-TTL-Remaining
Fastly-GeoIP-CountryCode
X-We-Are-Hiring
Release
Click-Count-Action-Start
Is-Eu
Click-Count-Error
X-Block-Status
X-Sn-Servicetimems
C-Via
Cache-Provider
X-UA-Device-Type
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
DSUID
X-HA-Backend
X-Via-Popn
Adler-Geo
X-Hash
X-B3-Trace-ID
X-Request-Host
X-HS-Content-Campaign-Id
X-Cache-Date
X-Gdpr
X-Via-Poph
X-Zen-Fury
X-Hnp-Log
X-TH-Server
X-Bip
X-Clientip
X-Gen-Mode
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Id
X-Geo-Header
X-CF-Lambda-Version
X-ApacheServer
X-Auto-Login
X-CF-Lambda-Fn
X-Esi-Check
X-Micro-Cache
X-Gzip
X-GoCache-CacheStatus
X-Nf-Request-Id
Esi-Enabled
Web-Mar-Region
NM-Fastcgi-Cache
Canary
Atl-Traceid
X-Forwarded-Site
Req-ID
Uber-Trace-Id
X-Policy
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Irp-Debug
X-GeoIP
X-CacheTTL
X-FC-Vary-Parameters
X-NMSegId
X-Node-Id
X-Request-Start
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-TA-CDN-Provider
X-PERF
X-Varnishpool
X-Owner
Expect-Staple
Proxy-Firewall
IsBot
X-SIPLIST1
Machine
On-Server
Pics-Label
X-Client-Ip
X-Proto
X-Edge-Server
X-Var-Ttl
Gh-Request-Id
X-Tenant
X-Shop-Environment
X-Qloud-Router
X-Orig-Expires
X-Wikidot-Backend
X-Wikidot-Static-Cache
We-Hiring
W
Mail-Subject
Xc-Version
X-Forwarded-Path
X-Date
X-Accel-Expires-Debug
X-Ratelimit-Reset
X-App-Name
Cdn-Request-Time
X-Cache-Type
Cdn-Host
X-ZONE
Fastly-Backend-Name
AKAMAI
N-Cache
Cf-Device-Type
NGX
X-Cdn-Srv
Datacenter
X-Csrf-Jwt
X-CGP
X-Eu-Site
X-Amz-Meta-Cb-Modifiedtime
X-Test
X-Tx-Id
X-Gamma-Serve
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-Ah-Environment
X-LB-NoCache
SID
Expiry
X-Connection-Hash
X-Moov-Xdn-Version
Cmstype
Cluster
Content-Style-Type
A
Server-ID
Content-Script-Type
X-Moov-T
X-Branch-Name
Cmsid
X-Dc
Cdn
X-Cache-Aspx
X-Vmg-Version
X-LB-ID
X-URL
X-Refresh
X-Api-Version
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Varnish-Hits
Locid
X-Servedbyhost
CPC-Cache
X-Wa
X-NGINX-Cache
X-Nc
CPC-Age
X-LAGOON
Cdnsip
RNT-Time
RNT-Machine
X-Cdn-Diag
X-ND-Cache
X-AK-Request-ID
X-Fpc
Yak-Timeinfo
Cache-Key
Cdncip
X-Region-Sid
X-TIME
X-VHOST
X-HN
X-MCACHE
X-Amz-Storage-Class
RATING
PFcat
X-DynaTrace-JS-Agent
X-VarnishDD-TTL
NtCoent-Length
Cdn-Requestid
CloudFront-Viewer-Country
X-CDN-Cache-Status
X-Nananana
X-Tb-Optimization-Total-Bytes-Saved
GeoIp-Country-Code
X-Srv
X-Akamai-Transformed
X-CACHE-AGE
X-Azure-Ref-OriginShield
X-Via-Fastly
XM
X-B3-Parentspanid
CacheControlHeader
X-Variation
X-Backend-Instance
Resin-Trace
X-Hit
X-Origin-Expires
X-CSRF-TOKEN
X-TX-ID
Uri
X-Cache-Backend
X-API-Version
X-Zone
User-Agent
X-LiteSpeed-Tag
X-Fastly-Country-Code
MIME-Version
VNS-Age
VNS-Cache
Cache-Name
X-Proxy-CacheRZ
XkeyRZ
X-Vc
X-LiteSpeed-Cache-Control
X-Info
Cross-Origin-Opener-Policy-Report-Only
True-Client-Ip
X-Lagoon
X-Amz-Meta-Opti
Tcn
Hostname
X-Dynatrace-Js-Agent
X-Datacenter
Lb
X-DataCenter
X-Dispatcher-Number
X-HostName
X-B3-Spanid
DataCenter
X-Cached-By
True-Client-IP
X-Geo
GeoIP-Latitude
X-NewRelic-App-Data
X-Esi
X-UA
Mime-Version
X-AIR-PT
X-Traceid
X-Ig-Origin-Region
Cache-Hits
Fusion-Content-Source
Fusion-Deployment-Id
X-Location
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-Mid
X-NWS-UUID-VERIFY
Fusion-Source
Cf-Ipcountry
Powered-By
X-Presslabs-Stats
Fastly-Drupal-Html
BehaviorPad-Version
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-Jungle-Id
X-CUA
Origin-EX
X-IAuth-Set-Uid
X-Cloudmap
Origin-CC
Srv
GeoIP-Country-Code
X-Segment-20210421
X-User
CountryCode
X-Varnish-Beresp-TTL
X-ECache
X-CS
X-Cdn-Cache-Status
X-Dispatch
Server-Info
Location
X-Cache-Enabled
Ohc-File-Size
X-Cs
X-Litespeed-Tag
CF-Ctrl
X-Internal-Host
My-App
X-Oracle-DMS-ECID
Debug
Cl-Cache
X-FPC
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
CDN
Wpo-Cache-Status
Wpo-Cache-Message
Ohc-Cache-HIT
Section-Origin-Responded
X-NC
Section-Io-Origin-Time-Seconds
X-ServedByHost
X-WA
Server-Id
X-Fastly-Backend-Reqs
X-App
Section-Io-Origin-Status
X-Wormhole-Sdk
X-Lb-Id
X-Render-Time
X-Snapshot-Date
X-Nitro-Cache
X-Powered-By-VTEX-Cache
YJS-ID
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-VCL-Version
Load-Balancing
X-Lb-Nocache
X-Akamai-Pragma-Client-IP
Edge-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-Cache-FS-Status
X-Auth-Group-Type
X-Litespeed-Cache-Control
Ms-Author-Via
X-ID
X-Nitro-Cache-From
X-MiniProfiler-Ids
Xkeylog
X-Proxy-Cache-La3
CF-Cached-On
Xkey-La3
X-Cdn-Request-ID
X-Nitro-Rev
X-Dw-Trace-Id
X-RID
X-Acquia-Site
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Memory
X-APP-VERSION
OriginIP
Memcached
Time
X-Acquia-Application-Trace
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Acquia-Application-UUID
X-FL-QIT-DEBUG
X-Varnish-CookieHashed-On
X-Ig-Push-State
X-Serial
X-DefHash
X-DefElseHash
X-Check-Cacheable
X-Acquia-Purge-Tags
X-FL-EDGE
FSS-Cache
X-NodeID
Ngx
Srvid
X-Th-Server
X-Cache-Version
X-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Ha-Backend
Akamai-Cache-Status
X-Http-Duration-Ms
X-Http-Count
X-Mg-Cache
X-RequestId
X-Pad
Yjs-Id
X-Sucuri-Id
X-Vary
Inserted-Into-Cache-At
X-Te-Count
X-Lsadc-Cache
X-Te-Duration-Ms
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-Via-PopH
Sm-Log-Id
X-Service-Response-Time
X-Via-PopN
X-Via-PopV
X-Fastly-Cache-Hits
X-Udemy-Cache-App-Namespace
X-Web-Server