Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Strict-Transport-Security
X-Frame-Options
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-FRAME-OPTIONS
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Check
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
EagleId
Xkey
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-Backend-Server
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Content-Type
X-Clacks-Overhead
X-Url
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-PC
X-Vname
X-TtlSet
X-ECACHE
X-MS-InvokeApp
Nginx-Cache
X-Upstream
Rating
X-Powered-By-Plesk
X-ESI
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-D2id
X-Times
X-Element-Page-Cache
Verso
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Ac
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
X-B3-TraceId
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-RateLimit-Remaining
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-NF-Request-ID
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Mg-S
X-VARITI-CCR
S
X-Middleton-Display
X-Sol
Display
Pagespeed
Edge-Cache-Tag
X-Ttl
X-Client-IP
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Cache-Key
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
Cache-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Varnish-TTL
X-Recruiting
X-Server-ID
X-ARC
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Daa-Tunnel
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
Content-MD5
X-MSEdge-Ref
Origin-Trial
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
MicrosoftSharePointTeamServices
X-Accel-Expires
Front-End-Https
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Content-Security-Policy-Report-Only
X-Cached
X-Hits
MS-Author-Via
Public-Key-Pins
X-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-FastCGI-Cache
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-HS-Combine-CSS
Server-Node
X-FTR-Expires
X-HS-Cache-Config
X-Request-Processing-Time
X-Request-Received
X-Forwarded-Proto
X-DIS-Request-ID
Payment
X-Frontend
X-LLID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
Realpath
X-Webkit-Csp
X-ORACLE-DMS-RID
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-Fastcgi-Cache
Cache-Tags
X-RateLimit-Limit
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Microsite
X-Request-Handler-Origin-Region
Referer-Policy
X-Hostname
X-Page-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Count-Hit
X-Ratelimit-Limit
X-Debug-Info
X-AppVersion
X-Az
X-Activity-Id
X-Cluster-Name
Fastcgi-Cache
X-NGENIX-Cache
X-Www-Served-By
X-Correlation-Id
Host
X-Geo-Country
X-Varnish-Server
X-Varnish-Backend
Accept-Charset
X-Envoy-Decorator-Operation
X-F-Cache
X-App-Server
X-XRDS-LOCATION
X-PressLabs-Stats
X-ORACLE-DMS-ECID
X-Ua-Device
X-FB-Debug
X-Goog-Metageneration
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Retry-After
X-TTL
X-RateLimit-Reset
X-Ezoic-Cdn
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Git-Hash
X-Load-Cache
X-Content-Options
X-Seen-By
X-CSRF-Token
X-Px
TCN
X-Fastly-Request-Id
Server-Name
X-Grace
Section-Io-Cache
X-Revision
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-Request-Guid
X-Tt-Trace-Host
X-Cache-Control
X-Trace-Id
X-Tt-Trace-Tag
X-Type
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Varnish-Ttl
X-B
Charset
Cleartype
X-Datadog-Parent-Id
X-B3-Sampled
Healthy
X-TT
Paypal-Debug-Id
X-Whom
DC
X-Fb-Rlafr
X-Signature
X-B-Cache
X-Oracle-Dms-Ecid
X-App-Environment
X-Wix-Request-Id
X-Node-Name
X-Fastly-Request-ID
X-Mobile
X-Origin-Cache
X-Proxy
Frame-Options
X-Azure-Ref
X-Newrelic-App-Data
X-Amz-Replication-Status
X-Magnolia-Registration
X-Air-Pt
X-WebKit-CSP-Report-Only
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-N
X-Rid
Accept-Ch
Filterid
X-WP-CF-Super-Cache-Cache-Control
X-Oracle-Dms-Rid
X-WP-CF-Super-Cache
X-Logged-In
X-EdgeConnect-Cache-Status
X-Language
Content-Disposition
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Route-Name
X-Providence-Cookie
Akamai-GRN
Backend
X-Flags
X-NODE
X-Kinja-CCPA
NGB
X-Original-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Rendered-As
X-Is-Bot
X-Template
SD-X-WS
X-Datadog-Sampled
Ms-Operation-Id
X-Debug-IsPreview
X-Debug-IsConnected
Viewport
X-Unique-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Servername
X-RTag
X-RemovedCookies
X-Tumblr-User
X-Yottaa-Metrics
X-Varnish-Grace
MS-CV
Liferay-Portal
X-Yottaa-Optimizations
X-ProcessESI
Upgrade-Insecure-Requests
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-FW-Hash
X-Proxy-Cache-Info
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-Amzn-Remapped-Content-Length
X-Adobe-Content
X-Adobe-Loc
X-Debug
X-FW-Static
X-FW-Type
X-UUID
X-NYM-Debug-Backend
X-Instance
X-IPS-LoggedIn
X-FW-Version
X-Backend-Name
Fastly-SWR
Fastly-SIE
Refresh
X-Hl-Ver
X-Region
X-G
X-L-Path
X-Via-JSL
X-Cacheable-TTL
X-Cache-Grace
X-Environment-Context
X-Time
X-Device-Type
From-Origin
X-User-Agent
X-B3-SpanId
ServerID
X-Ratelimit-Remaining
X-Status
X-Rule
Country
X-Cache-Age
X-Cache-Hit
X-App-Version
Url
X-VC-Cache
X-INCAP-ABP
Countrycode
Version
X-Jobs
WPO-Cache-Status
Alternate-Protocol
X-Source
X-Webkit-CSP
WPO-Cache-Message
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-Origin-CC
X-Air-Hostname
X-Origin-TTL
X-Air-Trace-Id
X-Air-Source
GEO-INFO
CDN-RequestId
Surrogate-Key
X-Akamai-Request-ID2
X-Content-Powered-By
X-WP-CF-Super-Cache-Active
X-Hosted-By
X-Storage
Protected
X-Rocket-Nginx-Serving-Static
X-Page-View
X-Nginx-Cache
OT-Force-Account-Verify
X-B3-Traceid
X-Accel-Version
Amp-Access-Control-Allow-Source-Origin
X-Akamai-Edgescape
SRV
X-Real-IP
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Access-Control-Request-Headers
X-Tec-Api-Origin
X-Edge-Location
X-Framework
X-ServerID
X-Cache-Time
X-VC
X-CDN-Forward
Front
X-Cache-Rule
Xet-Cookie
X-Mode
X-Rn-Rsrv
X-Handled-By
X-Cache-Operation
X-Upstream-Ct
X-UPSTREAM-Address
X-Xfnlog-Site
Meta-Geo
Accept-Language
X-Endurance-Cache-Level
Filters
X-Upstream-Ht
CF-IPCountry
Webserver
X-XRDS-Location
X-Rewrite-Enabled
Mn-Server-Ip
X-LJ-Flow-ID
X-Timing-Wait
ServedBy
X-SaId
X-Soup
X-Detected-As
Cross-Origin-Embedder-Policy
X-Served-From
X-Cache-Debug
X-Varnish-Cache-Hits
X-AWS-Id
Section-Io-Id
X-JoinUs
X-VWS-Id
X-Tumblr-Pixel-3
X-Director
X-Tumblr-Pixel-2
X-Origin
Selected-Fe
X-Proxy-Build
X-Redis-Cache
X-PHP-Host
Property-Id
Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxied
Apigw-Requestid
X-Origin-Hint
TWC-Device-Class
X-Routing-Service
X-Restarts
TWC-Connection-Speed
X-Say-Cacheable
TWC-GeoIP-Country
X-Labrador-Cache-Channel
X-Use-Mantle
X-Say-TTL
X-Cms-Context
X-Logging-Id
X-Extlb
X-Cluster
X-Adobe-Source
X-BYPASS-REASON
X-Web-Node
X-Zipkin-Id
Xserver
X-No-Session
X-Worker
Webcakes-Region
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
X-Lambda-Id
X-SayCDN-TTL
Web-Mar-Node
X-TT-LOGID
Webcakes-App-Version
X-Httpd
X-Format
Webcakes-App-Name
X-Forwarded-Host
X-Locale
X-Loop
X-AB
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-IPLB-Request-ID
X-IPLB-Instance
X-Geo-Region
X-GeoCode
X-GeoCountry
X-Browser-Name
X-Tcp-Rtt
X-S
X-RM-Cache-TTL
X-Varnish-Age
X-Platform-Cluster
DB-Nickname
X-Site-Version
X-Tncms
X-Http-Reason
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Platform-Processor
Azure-SlotName
Azure-Version
X-VCT
Azure-SiteName
Azure-RegionName
X-RCS-CacheZone
X-Drupal-Cache-Tags
X-Platform-Router
Azure-InstanceId
X-Drupal-Cache-Contexts
X-Container-Uri
X-Generation-Time
X-Git-Commit
X-Fetched-On
X-Vercel-Id
X-Webstats-RespID
X-Cache-Server
X-Cache-Host
X-Reqid
X-Vercel-Cache
X-R9-Blue-Green-Version
X-Tb
X-Vcache
X-Frame-Option
X-Server-W
X-Ms-Request-Id
X-Ms-Version
X-Provided-By
X-Storefront-Renderer-Rendered
CDN-CachedAt
X-Shopify-Stage
CDN-EdgeStorageId
CDN-PullZone
X-Alternate-Cache-Key
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-Cache
CDN-RequestCountryCode
X-Origin-Date
X-Uri
X-MP-GENERATED-AT
X-Sucuri-Cache
WP-Super-Cache
X-Sucuri-ID
Fastcgi-Useragent
X-DynaTrace
X-Vcl-Version
Cache-Tv-Group
Source
X-Cdn-Origin
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
Cross-Origin-Embedder-Policy-Report-Only
Content-Secure-Policy
X-FB-TRIP-ID
X-Generated-By
Priority
Atl-Traceid
X-SRV
Onion-Location
X-Sql-Duration-Ms
X-Pass-Why
X-Sql-Count
X-Urbn-Site-Id
X-Urbn-Context-Path
Sid
Locale
X-Content-Age
X-Buckets
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Scope-Id
TDXMobile
X-CMSURLCustom
Thinkindot-Control
Cross-Origin-Window-Policy
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Cache
X-DataDome
X-LSADC-Cache
X-Cluster-Node
X-Proxy-Cache-Status
HostName
WZWS-RAY
X-WP-CF-Super-Cache-Cookies-Bypass
X-Newrelic-Synthetics
X-Optimistic-Header
X-Cache-Action
X-GEO
X-Varnish-Beresp-Ttl
S-Rt
X-Cache-Expired-At
X-Xrds-Location
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-Dc
X-Connection-Hash
User-Cache-Control
Edge-Copy-Time
Expiry
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
Apple-News-Services-Host
X-Vdms-Path
X-Ec-Custom-Error
Apple-News-Services-Handled
X-Dispatcher-Server
X-Developer
X-A-Dam
X-B-Cookie
X-A-Dcw
X-Bc-Bl
X-Application
X-Aed
X-A-Dgt
X-A-Wwc
X-Access
X-BCube-Filmed-By
X-External-Request-Id
X-Vdms-Version
X-Conf
A
X-Cache-NE
X-A
X-Bl-Debug
X-A-Ccd
X-Cache-Bucket
X-D
Candidate-Md5Url
Origin-Agent-Cluster
X-PAYTM-SRV-ID
X-Platform
Origin
Magicmarker
X-Op-Id-All
Lang
X-Section
Redirect-Candidate
Apple-News-Services-Parsed-Url
Ngx.Var.Host
Ngx-Var-Key
X-Rojux
X-S-Cookie
X-SB
X-Scheme
MD5-Digest
Meta-Geo-Continent
DCR-Decision-By
X-Request-Start
DCR-Processing-Time-Ms
X-ScT
Rendered-Blocks
Surrogated-Key
X-Vtex-Remote-Cache
Gannett-Cam-Experience-Id
CDCHOST
T-Server
X-TIM-N
X-Varnish-Hostname
Apple-News-Services-Request-Url
Vix-Hermes-Req-Id
Sslversion
X-Instance-Name
Req-ID
Server-Ext
Server-Hostname
X-Viewer-Country
X-SRCache-Key
Sever-Int
L
Server-Host
X-TA-CDN-Provider
X-Azure-Ref-OriginShield
Host-ID
Pramga
X-VG-WebCache
Ssr
V-Age
Wxu-Next-Commit
Req-Svc-Chain
Wxu-Next-Hostname
Release
Wxu-Next-Region
X-Debug-Cache-Store
X-Nginx-Cache-Key
X-NCache
X-NMSegId
X-Node-Id
X-Nyt-Route
X-Moov-Xdn-Version
X-Moov-T
X-Varnish-Beresp-Status
X-Human
X-Level-Front-Cache
X-Loc
X-Mly-Id
X-Origin-Time
X-Pool
X-Sigma
X-SD-PageType
X-Sigma-Backend
X-TH-Server
X-Thanos
X-Rocket-Build-Number
X-Request-URI
X-Proxied-Request
X-Pubstack
X-Req
X-Request-Time
X-Hnp-Log
X-Gzip
X-Cache-Id
X-VG-TLSProxy
X-Cache-Info
X-Cache-TTL-Remaining
X-Clientip
X-Block-Status
X-Bip
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
X-Auto-Login
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Core-Value
X-Debug-Cache-Fetch
X-Gen-Mode
X-Gdpr
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Varnish-Director
X-Forwarded-Site
X-VServer
X-Varnishpool
X-Esi-Check
X-Fastly-Cache
X-Acquia-Purge-Cdn-Unconfigured
NM-Fastcgi-Cache
Fastly-Drupal-HTML
Content-Style-Type
Cache-Provider
DSUID
Environment
X-Ua
Fastly-SSL
Cluster
X-Correlation-ID
Cdnsip
Cdncip
Content-Script-Type
X-UA-Device-Type
X-ND-Cache
Fastly-GeoIP-CountryCode
C-Via
X-WA-Info
Yak-Timeinfo
X-Zen-Fury
X-We-Are-Hiring
X-Datadome
X-Service
X-VCache
X-TimeS
X-Origin-Response-Time
X-Device-Os
X-DPWN-IS-SECURE
PFcat
X-Csrf-Jwt
X-Ad-Load-Variation
X-Amz-Storage-Class
X-Aicache-OS
X-ApacheServer
X-HN
X-VarnishDD-TTL
X-Cdn-Srv
X-Cache-Date
X-Cache-Aspx
X-CGP
X-From
X-Policy
X-RateLimit-Limit-Second
X-PERF
X-Org
X-V-Cache
X-Old-Content-Length
X-RateLimit-Remaining-Second
X-Region-Sid
X-SVT-ORM-VERSION
X-Mg-Request-UUID
X-SVT-ORM-RULES
X-Server-IP
X-Request-Host
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Geo-Header
X-GeoIP
Adler-Geo
X-Fmm-Version
X-FC-Vary-Parameters
X-GeoIP-City
X-GoCache-CacheStatus
X-Varnish-Authentication
X-Var-Ttl
X-Micro-Cache
X-Men
X-HS-Content-Campaign-Id
X-Eu-Site
X-Contensis-Viewer-Groups
HA-Ipaddr
Gh-Request-Id
Tube-Got-Eval
Click-Count-Error
Tube-Got-Results
Canary
Tube-Get-Contents
Locid
RNT-Time
Click-Count-Action-Start
L5d-Success-Class
Ha-Gx-Prefs
RNT-Machine
Tube-Return
Machine
Country-Code
Platform
W
We-Hiring
On-Server
True-Client-Country-4JS
Producers
Uber-Trace-Id
Type
Is-Eu
Esi-Enabled
Web-Mar-Region
Mail-Subject
Cdn-Host
Cf-Device-Type
X-ECache
X-Hash
Proxy-Firewall
X-Fastly-Backend
X-Proto
X-Edge-Server
Cdn-Request-Time
X-Sn-Servicetimems
X-Slack-Backend
X-Branch-Name
Cache-Key
X-App-Name
X-Backend-Instance
X-Wikidot-Backend
X-Wikidot-Static-Cache
AKAMAI
X-Test
X-Up
X-Slack-Shared-Secret-Outcome
X-CacheTTL
X-DC
X-Accel-Expires-Debug
Fastly-Backend-Name
NGX
X-Date
X-Parent-Response-Time
X-LB-ID
X-Lagoon
XM
X-RID
X-Tx-Id
LB
X-UA
X-Varnish-Hits
X-API-Version
X-Ah-Environment
X-Origin-Expires
X-Irp-Debug
X-Cache-Backend
Pics-Label
X-HA-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Poph
X-Owner
X-COUNTRY
X-Via-Popn
X-URL
X-Via-Popv
X-Servedbyhost
X-Core-Mission
X-NGINX-Cache
X-ZONE
Cdn
X-SIPLIST1
IsBot
X-DynaTrace-JS-Agent
X-CACHE-GROUP
X-Refresh
X-Ratelimit-Reset
Datacenter
NtCoent-Length
GeoIp-Country-Code
X-LB-NoCache
X-CDN-Cache-Status
X-Client-Ip
X-VHOST
X-Qloud-Router
SID
RATING
X-Zone
X-Use-Magma
Cache-Hits
Cdn-Requestid
X-Wa
N-Cache
X-Nananana
X-CF-Lambda-Fn
X-Nc
Expect-Staple
X-Via-Fastly
Server-ID
X-Srv
X-CF-Lambda-Version
X-Forwarded-Path
X-Orig-Expires
X-Cache-Type
X-Akamai-Transformed
X-Tenant
CloudFront-Viewer-Country
Xc-Version
X-Shop-Environment
Cross-Origin-Opener-Policy-Report-Only
X-Ig-Origin-Region
X-B3-Parentspanid
X-Location
X-Fpc
X-TX-ID
Cmstype
GeoIP-Latitude
Cmsid
X-Gamma-Serve
Resin-Trace
X-Cloudmap
DataCenter
X-TIME
CPC-Cache
CPC-Age
Fusion-Content-Id
Fusion-Template-Id
X-Hit
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
X-CS
X-Cdn-Diag
User-Agent
Powered-By
X-Proxy-CacheRZ
XkeyRZ
X-Nf-Request-Id
Uri
X-Vmg-Version
X-DataCenter
X-NewRelic-App-Data
X-Presslabs-Stats
Origin-EX
Origin-CC
X-CUA
X-Jungle-Id
X-CACHE-AGE
X-NWS-UUID-VERIFY
X-Info
X-Amz-Meta-Opti
Mime-Version
X-Tt-Logid
Srv
True-Client-IP
X-User
Fastly-Drupal-Html
Tcn
CacheControlHeader
X-Cached-By
X-Esi
X-IAuth-Set-Uid
X-Segment-20210421
X-Fastly-Country-Code
True-Client-Ip
MIME-Version
Cf-Ipcountry
X-Variation
X-Dynatrace-Js-Agent
X-LAGOON
X-Cdn-Forward
X-HostName
X-Render-Time
X-Datacenter
X-Geo
X-Vc
CDN
X-VTEX-Cache-Time
Load-Balancing
X-Oracle-DMS-ECID
X-Varnish-Beresp-TTL
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
X-CSRF-TOKEN
X-LiteSpeed-Cache-Control
X-Wormhole-Sdk
X-B3-Spanid
Debug
X-LiteSpeed-Tag
X-HOST
VNS-Age
VNS-Cache
Edge-Cache
X-Auth-Group-Type
Ohc-File-Size
Hostname
X-Dispatch
X-Api-Version
Lb
X-AIR-PT
X-PDP-UNCACHING-HASH
X-Webkit-Csp-Report-Only
X-FPC
Cl-Cache
X-Ig-Push-State
Odigeo-Trace-Id
X-NC
X-Dispatcher-Number
X-WA
X-NodeID
X-MCACHE
Server-Id
X-APP-VERSION
Ohc-Cache-HIT
X-Custom-Header
X-Vgn-Hpd-Reason
GeoIP-Country-Code
X-Lb-Nocache
X-Litespeed-Tag
Cache-Name
X-Depends
X-Cs
X-PHP-Backend
X-Cdn-Cache-Status
X-Pad
X-Varnish-CookieINHashed-On
X-DefElseHash
X-CACHE-KEY
X-ServedByHost
X-DefHash
X-Varnish-CookieHashed-On
X-Mid
X-Varnish-Remaining-TTL
X-Cache-Ttl
PICS-Label
X-VC-TTL
X-Via-PopN
X-Fastly-Backend-Reqs
X-Ha-Backend
X-Via-PopV
X-M-Reqid
CountryCode
X-M-Log
X-Via-PopH
X-VCL-Version
X-Srcache-Store-Status
Ms-Author-Via
X-Srcache-Fetch-Status
X-Litespeed-Cache-Control
X-Cdn-Request-ID
X-MiniProfiler-Ids
X-Lb-Id
BehaviorPad-Version
X-Sorting-Hat-Shopid
X-Proxy-Cache-La3
X-MSEdge-Flight
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
Xkey-La3
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
Xkeylog
X-Cache-FS-Status
X-APP
X-Cache-Enabled
FSS-Cache
Epwk-X-Cache
X-Acquia-Site
Memory
Time
X-Acquia-Application-Trace
X-IN-APIGATEWAY
Memcached
X-Web-Server
X-IN-APIGATEWAYSSL
OriginIP
X-Snapshot-Date
X-RequestId
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Geoip-Latitude
Ngx
X-Cache-Version
CF-Cached-On
X-Requestid
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
Warning
Cloudfront-Viewer-Country
X-Th-Server
X-Udemy-Cache-App-Namespace
X-Service-Response-Time
Location
Server-Info
X-Lsadc-Cache
X-Dw-Trace-Id
YJS-ID
Akamai-Cache-Status
Srvid
X-Serial
X-Check-Cacheable
X-Mg-Cache
X-FL-QIT-DEBUG
X-FL-EDGE
Sm-Log-Id