Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-Drupal-Cache
X-Ua-Compatible
X-Cache-Status
Accept-CH-Lifetime
X-DNS-Prefetch-Control
P3p
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
X-Request-ID
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
X-UA-Device
Keep-Alive
Request-Context
X-Robots-Tag
X-Server
X-Cache-Group
Allow
EagleId
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Dns-Prefetch-Control
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Permissions-Policy
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Railgun
EagleEye-TraceId
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-CST
X-Cache-Lookup
X-Host
X-Server-Id
X-Readtime
X-Aws-Lambda-Call-Status
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Node
X-Litespeed-Cache
X-Nginx-Cache-Status
X-Application-Context
Content-Location
X-Country-Code
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
Cache-Tag
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
Cross-Origin-Opener-Policy
Nginx-Cache
X-TtlSet
X-Vname
X-PC
X-Mcache
X-Edge
X-NWS-LOG-UUID
X-Midtier
X-Times
X-MS-InvokeApp
X-Origin-Cache-Key
X-Upstream
X-Mod-Pagespeed
X-Server-Name
X-ECACHE
X-Powered-By-Plesk
X-Browser-Type
Edge-Control
X-Cnection
X-D2id
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-ESI
X-Kinja-Server
X-Exp-Variant
Verso
X-Ser
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Ac
X-RateLimit-Remaining
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-B3-TraceId
X-NF-Request-ID
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
X-Client-IP
Pagespeed
Display
X-Middleton-Display
X-Sol
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
S
Edge-Cache-Tag
X-Ttl
X-Daa-Tunnel
X-Webkit-Csp
Fastly-Restarts
X-Cache-Key
X-Cache-TTL
X-VARITI-CCR
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Amz-Rid
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
RTSS
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Varnish-TTL
Response
X-Middleton-Response
X-Server-ID
X-Recruiting
X-FastCGI-Cache
X-Content-Digest
X-TraceId
X-ARC
X-Forwarded-For
X-T
X-MSEdge-Ref
Arr-Disable-Session-Affinity
Cross-Origin-Resource-Policy
MS-Author-Via
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
TP-Cache
X-Shield-Request-Id
X-RateLimit-Limit
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-Id
X-Accel-Expires
Realpath
X-Cached
X-Hits
X-Forwarded-Proto
X-HS-Combine-CSS
Public-Key-Pins
X-Ua-Browser
X-HS-Content-Id
X-FTR-Expires
X-HS-Cache-Config
X-HS-Hub-Id
X-Request-Processing-Time
X-Request-Received
Server-Node
Payment
X-Fastly-Request-ID
X-Frontend
X-ORACLE-DMS-RID
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Protected-By
X-LLID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Content-Security-Policy-Report-Only
X-Distributor
X-DIS-Request-ID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Correlation-Id
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-LB-Cache
TP-L2-Cache
X-XRDS-LOCATION
Cache-Tags
Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
Count-Hit
Referer-Policy
X-AppVersion
X-Az
X-Amz-Apigw-Id
Mrf-Cache-Status
X-Amzn-RequestId
Host
X-Activity-Id
MRF-Tech
X-B3-TraceId-Primal
X-Debug-Info
X-Hostname
X-NGENIX-Cache
X-Cluster-Name
X-Www-Served-By
X-Envoy-Decorator-Operation
X-Origin-Server
X-Varnish-Backend
X-Varnish-Server
Accept-Charset
X-Page-Id
X-Geo-Country
X-App-Server
X-Ezoic-Cdn
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-F-Cache
Retry-After
X-Px
X-RateLimit-Reset
X-Goog-Metageneration
X-Load-Cache
X-FB-Debug
Origin-Trial
X-Upgrade-Enabled
X-CSRF-Token
X-Seen-By
Server-Name
X-Ratelimit-Limit
X-Amz-Meta-S3cmd-Attrs
Cleartype
Access-Control-Allow-Method
X-Git-Hash
X-Fastcgi-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
TCN
X-Request-Guid
Section-Io-Cache
X-Cache-Control
X-TTL
X-Grace
X-Azure-Ref
X-TT
X-B
X-Trace-Id
X-Revision
X-Contextid
X-B3-Sampled
X-Webkit-CSP
Healthy
X-Whom
Paypal-Debug-Id
Charset
X-Type
DC
X-Fb-Rlafr
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Proxy
X-Content-Options
X-Wix-Request-Id
X-Mobile
X-N
X-Newrelic-App-Data
X-Signature
X-B-Cache
X-App-Environment
X-Node-Name
X-Magnolia-Registration
X-CCDN-CacheTTL
X-Varnish-Ttl
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Accept-Ch
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Filterid
X-Amz-Replication-Status
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Goog-Generation
Frame-Options
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Time
X-Air-Pt
X-Logged-In
X-EdgeConnect-Cache-Status
Viewport
X-Unique-Id
NGB
X-Debug
Content-Disposition
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Grace
X-Oracle-Dms-Rid
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Yottaa-Optimizations
Backend
X-Debug-IsPreview
X-Debug-IsConnected
X-ProcessESI
X-Yottaa-Metrics
X-Tumblr-User
X-Is-Bot
X-Rendered-As
X-RemovedCookies
X-Varnish-Grace
Ms-Operation-Id
X-Adobe-Loc
X-Datadog-Sampled
X-G
X-RTag
X-Servername
SD-X-WS
Fastly-SIE
Liferay-Portal
X-Adobe-Content
MS-CV
Fastly-SWR
X-FW-Static
X-NYM-Debug-Backend
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Hl-Ver
X-Amzn-Remapped-Content-Length
X-FW-Type
X-WebKit-CSP-Report-Only
X-FW-Dynamic
X-Cache-Age
X-Instance
X-FW-Version
X-IPS-LoggedIn
X-Backend-Name
X-UUID
From-Origin
ServerID
X-Cacheable-TTL
X-VC-Cache
X-Original-Request-Id
X-Response-Served-From
X-Device-Type
X-Proxy-Cache-Info
X-User-Agent
X-L-Path
X-Region
X-Environment-Context
X-Via-JSL
Version
X-Ratelimit-Remaining
X-Cache-Hit
Upgrade-Insecure-Requests
X-Rule
Akamai-GRN
Country
X-Status
X-Ua-Device
X-B3-SpanId
X-Source
Refresh
X-Template
X-INCAP-ABP
SRV
GEO-INFO
Countrycode
CDN-RequestId
X-Storage
X-Language
Url
X-HTML-Minification-Powered-By
X-Rid
OT-Force-Account-Verify
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Cache-Status-Check
X-WP-CF-Super-Cache-Active
X-NODE
AMP-Access-Control-Allow-Source-Origin
X-Real-IP
Alternate-Protocol
WPO-Cache-Message
X-App-Version
X-ServerID
X-Origin-TTL
X-Origin-CC
WPO-Cache-Status
X-CDN-Forward
X-B3-Traceid
X-Jobs
X-Fastly-Request-Id
X-VC
X-Akamai-Request-ID2
Surrogate-Key
X-Is-Crawler
X-Sucuri-Cache
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
Access-Control-Request-Headers
X-Content-Powered-By
X-Cache-Time
X-TT-LOGID
Protected
X-Sucuri-ID
X-Rocket-Nginx-Serving-Static
X-Mode
X-Handled-By
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-Accel-Version
Meta-Geo
X-Hosted-By
Filters
X-Rewrite-Enabled
X-Akamai-Edgescape
X-Upstream-Ct
X-Upstream-Ht
X-Xfnlog-Site
Webserver
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-Rn-Rsrv
Cross-Origin-Embedder-Policy
X-Cache-Rule
Section-Io-Id
Front
X-Cache-Operation
X-RM-Cache-TTL
X-Detected-As
X-Timing-Wait
X-SaId
X-Proxy-Build
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Worker
X-VWS-Id
X-Origin
X-LJ-Flow-ID
X-AWS-Id
X-Adobe-Source
ServedBy
X-Cache-Debug
X-Drupal-Cache-Tags
X-JoinUs
X-Edge-Location
Selected-Fe
X-Webstats-RespID
X-Nginx-Cache
Webcakes-App-Name
Web-Mar-Node
Webcakes-App-Version
X-Cluster
X-Director
TWC-Privacy
Webcakes-Region
TWC-Locale-Group
Property-Id
Node
Mn-Server-Ip
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Drupal-Cache-Contexts
X-Framework
X-Served-From
X-Routing-Service
X-Restarts
X-Soup
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Web-Node
X-Redis-Cache
X-Proxied
X-Labrador-Cache-Channel
X-Extlb
X-Logging-Id
X-No-Session
X-PHP-Host
X-Origin-Hint
Atl-Traceid
X-Cms-Context
X-Forwarded-Host
X-Tb
X-Geo-Region
X-IPLB-Instance
X-Is-Desktop
X-IPLB-Request-ID
X-Tcp-Rtt
X-Say-Cacheable
X-VCT
CDN-Uid
X-Varnish-Age
X-AB
X-Browser-Name
X-Tncms
X-Is-Mobile
X-Is-Supported-Browser
X-ProxyCache-Status
X-ProxyCache-Key
X-RCS-CacheZone
X-SayCDN-TTL
X-S
X-Say-TTL
X-Origin-Date
X-Loop
X-Skip-Cache
X-Is-Tablet
X-Lambda-Id
X-Locale
X-Site-Version
CDN-RequestPullSuccess
X-BYPASS-REASON
CDN-Cache
CDN-RequestCountryCode
X-RID
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullCode
Apigw-Requestid
CDN-PullZone
Xserver
X-Tec-Api-Version
Azure-SiteName
X-Shopify-Stage
X-GeoCode
Azure-InstanceId
X-GeoCountry
X-Alternate-Cache-Key
X-Git-Commit
X-Httpd
Azure-RegionName
X-Tec-Api-Origin
X-Varnish-Beresp-Grace
X-Format
X-Vercel-Cache
X-Vercel-Id
X-Fetched-On
X-Reqid
X-R9-Blue-Green-Version
X-Tec-Api-Root
Azure-SlotName
X-Generation-Time
X-Cdn-Origin
Azure-Version
X-Container-Uri
X-Cache-Host
X-Storefront-Renderer-Rendered
X-Frame-Option
Accept-Language
X-Platform-Router
X-Provided-By
X-Platform-Processor
X-Platform-Cluster
X-Ms-Version
X-Ms-Request-Id
X-Sorting-Hat-ShopId
Fastcgi-Useragent
X-ShardId
X-ShopId
X-Cache-Server
X-Sorting-Hat-PodId
X-Vcache
DB-Nickname
Cross-Origin-Window-Policy
X-Azure-Ref-OriginShield
X-Server-W
X-XRDS-Location
X-SRV
WP-Super-Cache
X-Vcl-Version
Source
CF-IPCountry
X-MP-GENERATED-AT
X-PDP-UNCACHING-HASH
X-Uri
X-Scope-Id
TDXMobile
X-CMSURLCustom
Thinkindot-Control
Thinkindot-CacheControl-Type
Cross-Origin-Embedder-Policy-Report-Only
Thinkindot-CacheControl
Sid
X-Generated-By
X-Shield-Cache-Expires
X-Thinkindot-L3
Cache
X-Page-View
X-Pass-Why
X-UA
Cache-Tv-Group
X-FB-TRIP-ID
X-Buckets
Content-Secure-Policy
X-Lagoon
X-Optimistic-Header
HostName
X-LSADC-Cache
Onion-Location
Locale
X-Dc
X-Urbn-Context-Path
X-Urbn-Site-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-Content-Age
X-Datadome
X-Use-Mantle
Priority
X-GEO
X-Request-URI
X-DataDome
X-Http-Reason
X-Xrds-Location
User-Cache-Control
X-DynaTrace
X-Connection-Hash
Expiry
Locid
X-TIM-N
X-ScT
X-ND-Cache
A
Meta-Geo-Continent
MD5-Digest
Ngx-Var-Key
Ngx.Var.Host
Origin
X-A-Ccd
Magicmarker
X-A-Dam
Gannett-Cam-Experience-Id
Lang
LB
Origin-Agent-Cluster
Redirect-Candidate
Sever-Int
Sslversion
Surrogated-Key
T-Server
Server-Hostname
Server-Host
X-A
Rendered-Blocks
Req-ID
Server-Ext
X-A-Dcw
X-A-Dgt
X-Conf
X-D
Vix-Hermes-Req-Id
X-Platform
Candidate-Md5Url
X-Developer
X-Op-Id-All
X-SB
X-Ec-GeoHdr
X-Ec-Fail
X-Dispatcher-Server
X-Cache-NE
X-Cache-Bucket
X-BCube-Filmed-By
X-Bc-Bl
X-Aed
X-A-Wwc
DCR-Processing-Time-Ms
DCR-Decision-By
X-Bl-Debug
X-UA-Device-Type
X-Rojux
X-Request-Start
X-Epic-Correlation-Id
X-SRCache-Key
X-Vtex-Remote-Cache
X-Vdms-Path
X-Cluster-Node
X-Vdms-Version
X-Viewer-Country
X-Varnish-Hostname
X-Proxy-Cache-Status
X-NWS-UUID-VERIFY
Cache-Hits
Cluster
X-Auto-Login
X-B-Cookie
Content-Script-Type
Content-Style-Type
X-Cache-Action
X-B3-Trace-ID
Cdnsip
X-Cache-Id
C-Via
X-Cache-TTL-Remaining
X-PAYTM-SRV-ID
X-S-Cookie
CDCHOST
X-Bip
X-Application
Cdncip
X-Pubstack
X-NCache
Environment
Wxu-Next-Commit
X-TA-CDN-Provider
Wxu-Next-Hostname
Wxu-Next-Region
NM-Fastcgi-Cache
V-Age
X-Varnishpool
True-Client-Country-4JS
Release
Pramga
X-Loc
Yak-Timeinfo
Fastly-SSL
X-Amz-Meta-Cb-Modifiedtime
X-Req
X-Origin-Time
X-Zen-Fury
X-AK-Request-ID
XM
Host-ID
X-Level-Front-Cache
DSUID
X-Block-Status
X-Nyt-Route
X-Forwarded-Site
X-Clientip
X-NMSegId
X-Varnish-Beresp-Ttl
X-Fastly-Cache
X-Kinja-CCPA
X-Esi-Check
X-External-Request-Id
X-Gdpr
X-Gen-Mode
X-Gzip
X-Thanos
X-Hnp-Log
X-Nginx-Cache-Key
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Generated-On
X-GeoIP
X-GeoIP-City
X-Ec-Custom-Error
X-Node-Id
X-WA-Info
X-Debug-Cache-Fetch
X-SD-PageType
X-Scheme
X-Destination
X-Debug-Cache-Store
X-Device-Os
X-Core-Value
X-Origin-Expires
X-Cache-Expired-At
X-Service
X-Origin-Response-Time
Uber-Trace-Id
X-HN
X-Policy
X-Pool
X-Contensis-Viewer-Groups
X-GoCache-CacheStatus
X-PERF
X-Cdn-Srv
X-Human
X-VarnishDD-TTL
Ssr
X-V-Cache
X-HS-Content-Campaign-Id
X-Proxied-Request
Tube-Got-Results
Tube-Return
We-Hiring
Tube-Got-Eval
Tube-Get-Contents
X-Men
X-Geo-Header
X-ApacheServer
X-FC-Vary-Parameters
X-Amz-Storage-Class
X-Fmm-Version
X-Newrelic-Synthetics
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-DPWN-IS-SECURE
X-Old-Content-Length
X-Org
X-From
X-Cache-Aspx
X-Cache-Backend
X-Cache-Info
X-VG-TLSProxy
X-Access
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-VG-WebCache
Web-Mar-Region
RNT-Machine
Fastly-GeoIP-CountryCode
X-Mly-Id
X-Moov-T
Esi-Enabled
X-Section
Gh-Request-Id
X-Server-IP
X-Varnish-Director
Machine
Apple-News-Services-Request-Url
X-Region-Sid
Is-Eu
X-Sql-Duration-Ms
X-Sql-Count
Apple-News-Services-Handled
Canary
Apple-News-Services-Host
Cache-Provider
Apple-News-Services-Parsed-Url
Adler-Geo
Click-Count-Action-Start
X-Request-Time
X-Request-Host
Country-Code
X-We-Are-Hiring
Click-Count-Error
X-Micro-Cache
L
Mail-Subject
Producers
X-SVT-ORM-VERSION
PFcat
On-Server
X-Varnish-Beresp-Status
X-TH-Server
RNT-Time
X-Var-Ttl
X-Varnish-Authentication
X-RateLimit-Limit-Second
Req-Svc-Chain
X-SVT-ORM-RULES
Platform
X-Mvc-Supplant-Cachable
X-RateLimit-Remaining-Second
X-Moov-Xdn-Version
X-Aicache-OS
X-Sn-Servicetimems
X-NGINX-Cache
X-VCache
X-CGP
AKAMAI
X-Mvc-Supplant-OutputCached
X-Up
X-Eu-Site
X-Edge-Server
X-Csrf-Jwt
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-ECache
X-Fastly-Backend
X-Hash
X-Test
X-Wikidot-Backend
Cache-Key
HA-Ipaddr
Cf-Device-Type
X-Proto
X-Wikidot-Static-Cache
L5d-Success-Class
W
X-App-Name
Ha-Gx-Prefs
Cdn-Request-Time
Proxy-Firewall
Cdn-Host
X-Instance-Name
X-Esi
X-Cloudmap
X-Sigma
NGX
X-VServer
X-Sigma-Backend
X-Accel-Expires-Debug
X-Tb-Optimization-Total-Bytes-Saved
Fastly-Drupal-HTML
X-Cache-Date
X-Via-Fastly
X-LB-ID
X-CacheTTL
X-Rocket-Build-Number
Fastly-Backend-Name
X-Date
WZWS-RAY
X-Mg-Request-UUID
X-Ah-Environment
X-Via-Popv
X-Tx-Id
X-Parent-Response-Time
X-HA-Backend
X-Location
NtCoent-Length
X-Zone
Pics-Label
X-Via-Popn
X-Varnish-Hits
X-API-Version
X-COUNTRY
X-Branch-Name
X-Via-Poph
X-DynaTrace-JS-Agent
X-DC
X-Ig-Origin-Region
Datacenter
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
Fusion-Component-Id
Fusion-Content-Id
X-Refresh
X-Via-CDN
Fusion-Template-Id
X-CACHE-GROUP
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
X-Ratelimit-Reset
X-Correlation-ID
S-Rt
GeoIp-Country-Code
X-Wormhole-Sdk
X-Akamai-Transformed
X-Servedbyhost
Type
X-CDN-Cache-Status
X-VHOST
X-CUA
X-Jungle-Id
Powered-By
Cdn
X-ZONE
X-User
Origin-EX
Origin-CC
Resin-Trace
X-Ua
X-LB-NoCache
X-TX-ID
SID
X-Irp-Debug
Cf-Ipcountry
Cdn-Requestid
Server-ID
X-Wa
X-Srv
X-Owner
X-Nc
X-Core-Mission
X-Render-Time
X-VTEX-Cache-Time
X-VTEX-Cache-Server
IsBot
X-SIPLIST1
Cross-Origin-Opener-Policy-Report-Only
X-Powered-By-VTEX-Cache
X-Nananana
Fastly-Drupal-Html
X-LiteSpeed-Tag
GeoIP-Latitude
X-Hit
X-Cached-By
X-AIR-PT
X-NewRelic-App-Data
Edge-Cache
CloudFront-Viewer-Country
X-Nf-Request-Id
Uri
XkeyRZ
X-B3-Parentspanid
X-Proxy-CacheRZ
X-Fpc
X-Qloud-Router
X-Client-Ip
X-Cs
DataCenter
Mime-Version
X-Presslabs-Stats
X-Auth-Group-Type
Debug
X-CS
True-Client-IP
X-URL
X-IAuth-Set-Uid
X-DataCenter
X-Segment-20210421
X-LiteSpeed-Cache-Control
X-Ig-Push-State
X-Amz-Meta-Opti
X-TIME
Tcn
Expect-Staple
X-CF-Lambda-Version
X-CF-Lambda-Fn
N-Cache
X-PHP-Backend
X-Varnish-Beresp-TTL
CDN
X-Tenant
Xc-Version
X-Cache-Type
X-Forwarded-Path
X-Shop-Environment
X-Orig-Expires
Odigeo-Trace-Id
X-HostName
X-CACHE-AGE
X-NodeID
X-Gamma-Serve
X-Custom-Header
X-Vgn-Hpd-Reason
MIME-Version
True-Client-Ip
Cmstype
X-Geo
X-Tt-Logid
Cmsid
X-Dynatrace-Js-Agent
CPC-Age
X-Vmg-Version
X-Info
X-Pad
X-Dispatch
CPC-Cache
User-Agent
Load-Balancing
X-Api-Version
X-B3-Spanid
Srv
X-Depends
X-HOST
X-Cdn-Diag
X-WA
X-Fastly-Country-Code
X-FPC
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Vc
X-NC
X-Varnish-CookieHashed-On
X-DefElseHash
X-DefHash
Request-ID
X-VC-TTL
X-M-Reqid
X-M-Log
Ohc-File-Size
X-Cdn-Forward
X-Webkit-Csp-Report-Only
Cl-Cache
Server-Id
Geoip-Latitude
X-CSRF-TOKEN
X-Variation
X-Datacenter
Hostname
X-APP-VERSION
X-APP
X-Lb-Nocache
CacheControlHeader
X-Cache-FS-Status
X-TimeS
Ohc-Cache-HIT
X-LAGOON
X-ServedByHost
GeoIP-Country-Code
Cloudfront-Viewer-Country
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
VNS-Age
Epwk-X-Cache
Server-Info
FSS-Cache
VNS-Cache
X-Cache-Ttl
X-Via-PopV
PICS-Label
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-MSEdge-Flight
CountryCode
ServerHost
Srvid
X-FL-QIT-DEBUG
BehaviorPad-Version
X-Litespeed-Tag
X-MSEdge-Features
X-Fastly-Backend-Reqs
Rtss
X-VCL-Version
X-Litespeed-Cache-Control
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Proxy-Cache-La3
X-Lb-Id
X-Cdn-Request-ID
Xkeylog
Xkey-La3
X-Acquia-Site
X-Serial
X-Akamai-Pragma-Client-IP
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
Memcached
X-Web-Server
Time
X-Th-Server
X-Acquia-Application-UUID
X-Check-Cacheable
OriginIP
Ngx
X-MiniProfiler-Ids
Memory
X-RequestId
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-Dispatcher-Number
X-Shardid
X-Cache-Version
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shopid
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Ramcache
X-Udemy-Cache-App-Namespace
X-RAMCache
Sm-Log-Id
X-Requestid
Warning
X-Mg-Cache
X-Dw-Trace-Id
X-Service-Response-Time
Akamai-Cache-Status