Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
P3p
Accept-CH
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Ua-Compatible
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
X-Request-ID
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Allow
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
EagleId
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
EagleEye-TraceId
X-LiteSpeed-Cache
X-Aws-Lambda-Call-Status
X-Dns-Prefetch-Control
X-CST
X-OneAgent-JS-Injection
Permissions-Policy
X-Backend-Server
X-Readtime
X-Server-Id
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Accept-Ch-Lifetime
Cache-Tag
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
Nginx-Cache
X-ECACHE
X-Vname
X-TtlSet
X-PC
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
Verso
X-Cnection
X-D2id
X-Element-Page-Cache
X-Times
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Ac
SPIisLatency
SPRequestDuration
X-B3-TraceId
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-NWS-LOG-UUID
X-Navigation-Version
X-Ser
X-Abt-Application-Version
X-NF-Request-ID
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
X-GitHub-Request-Id
AR-CACHE
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Mg-S
X-Client-IP
S
X-VARITI-CCR
Edge-Cache-Tag
Display
X-Sol
Pagespeed
X-Middleton-Display
RTSS
X-Cache-Key
X-Ttl
X-Server-ID
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Goog-Hash
X-Edge-Location-Klb
X-Version
X-Kinsta-Cache
Access-Control-Request-Method
X-Recruiting
X-Varnish-TTL
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
Response
X-Middleton-Response
X-TraceId
X-Content-Digest
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
Origin-Trial
X-MSEdge-Ref
Content-MD5
X-Daa-Tunnel
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
TP-Cache
X-Content-Security-Policy-Report-Only
X-Accel-Expires
Front-End-Https
X-Shield-Request-Id
X-Hits
Cross-Origin-Resource-Policy
X-Cached
Public-Key-Pins
X-Id
MS-Author-Via
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Server-Node
X-Ua-Browser
X-FTR-Expires
Payment
X-Request-Received
X-Request-Processing-Time
X-Forwarded-Proto
X-DIS-Request-ID
X-Frontend
X-Fastcgi-Cache
X-HP-Webp
X-Jurisdiction
Realpath
X-LLID
X-HP-Trace-Id
X-Webkit-Csp
X-FastCGI-Cache
X-ORACLE-DMS-RID
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
Cache-Tags
X-LB-Cache
X-Ratelimit-Limit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
Referer-Policy
X-Page-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hostname
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Cluster-Name
X-AppVersion
X-Az
X-NGENIX-Cache
X-Activity-Id
Count-Hit
X-Correlation-Id
Fastcgi-Cache
X-Debug-Info
X-ORACLE-DMS-ECID
X-Varnish-Backend
X-Www-Served-By
Accept-Charset
X-RateLimit-Limit
X-F-Cache
X-Varnish-Server
Host
X-App-Server
X-Envoy-Decorator-Operation
X-Geo-Country
X-XRDS-LOCATION
X-PressLabs-Stats
X-Ua-Device
X-FB-Debug
X-Goog-Metageneration
X-TTL
Access-Control-Allow-Method
Retry-After
X-Fastly-Request-Id
X-Ezoic-Cdn
X-Git-Hash
X-CSRF-Token
X-Upgrade-Enabled
X-Load-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-RateLimit-Reset
X-Seen-By
X-Content-Options
Server-Name
X-Px
X-Datadog-Sampling-Priority
X-Tt-Trace-Host
X-Datadog-Trace-Id
X-Contextid
TCN
X-Datadog-Parent-Id
X-Tt-Trace-Tag
X-Request-Guid
Section-Io-Cache
X-Trace-Id
X-Type
Charset
X-Revision
X-B
X-Cache-Control
X-Varnish-Ttl
X-B3-Sampled
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Grace
X-TT
Healthy
X-Signature
X-Whom
X-B-Cache
DC
Paypal-Debug-Id
X-Wix-Request-Id
X-Fb-Rlafr
X-Newrelic-App-Data
X-Oracle-Dms-Ecid
X-App-Environment
X-Node-Name
X-Origin-Cache
X-Rid
X-WebKit-CSP-Report-Only
Frame-Options
X-Magnolia-Registration
X-Azure-Ref
X-Mobile
X-Proxy
X-Amz-Replication-Status
X-Kinja-CCPA
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-EdgeConnect-Cache-Status
X-Air-Pt
Accept-Ch
X-Logged-In
X-N
X-Oracle-Dms-Rid
Filterid
X-WP-CF-Super-Cache
X-Language
X-WP-CF-Super-Cache-Cache-Control
X-Route-Name
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Ratelimit-Remaining
Content-Disposition
X-Fastly-Request-ID
Akamai-GRN
Backend
X-NODE
NGB
X-Time
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Template
X-Original-Request-Id
X-Response-Served-From
X-Is-Bot
X-Rendered-As
X-Yottaa-Metrics
X-Datadog-Sampled
X-Cache-Age
X-Yottaa-Optimizations
Upgrade-Insecure-Requests
SD-X-WS
Liferay-Portal
X-Servername
X-UUID
X-FW-Dynamic
X-Varnish-Grace
X-Debug
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
Viewport
X-Debug-IsPreview
X-Debug-IsConnected
X-Proxy-Cache-Info
X-FW-Server
Ms-Operation-Id
X-Tumblr-Pixel-0
X-App-Version
X-Tumblr-Pixel
MS-CV
X-Instance
X-FW-Version
X-RTag
X-Tumblr-User
X-FW-Serve
X-FW-Static
X-Tumblr-Pixel-1
X-FW-Type
X-L-Path
X-Cache-Grace
X-IPS-LoggedIn
X-Amzn-Remapped-Content-Length
X-ProcessESI
Refresh
X-Environment-Context
X-G
X-Unique-Id
X-RemovedCookies
X-NYM-Debug-Backend
Fastly-SWR
Fastly-SIE
X-B3-SpanId
X-Region
X-Device-Type
X-Backend-Name
X-Cacheable-TTL
X-User-Agent
X-Hl-Ver
X-Status
X-Rule
X-Cache-Hit
ServerID
Country
From-Origin
X-Via-JSL
Url
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-VC-Cache
Countrycode
X-INCAP-ABP
X-Jobs
WPO-Cache-Message
X-Origin-CC
X-Origin-TTL
WPO-Cache-Status
Version
X-Webkit-CSP
Alternate-Protocol
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-Air-Hostname
X-Air-Source
Surrogate-Key
X-Air-Trace-Id
X-Source
X-Hosted-By
X-Page-View
X-Content-Powered-By
GEO-INFO
CDN-RequestId
X-Akamai-Request-ID2
X-WP-CF-Super-Cache-Active
Protected
X-Storage
X-Rocket-Nginx-Serving-Static
X-Nginx-Cache
OT-Force-Account-Verify
X-B3-Traceid
X-Akamai-Edgescape
X-Accel-Version
SRV
Amp-Access-Control-Allow-Source-Origin
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-VC
X-Real-IP
Access-Control-Request-Headers
X-Edge-Location
X-Framework
X-Cache-Rule
X-Mode
Front
X-ServerID
X-Http-Reason
X-Cache-Time
X-CDN-Forward
CF-IPCountry
X-Rewrite-Enabled
X-Rn-Rsrv
X-Cache-Operation
X-Upstream-Ct
Filters
Meta-Geo
X-UPSTREAM-Address
X-Upstream-Ht
X-Xfnlog-Site
Webserver
X-SaId
ServedBy
Xet-Cookie
X-Varnish-Cache-Hits
Accept-Language
X-JoinUs
X-TT-LOGID
X-Origin
X-Detected-As
X-Cache-Debug
X-Director
X-ProxyCache-Key
X-Proxy-Build
X-Proxied
X-Say-TTL
X-Routing-Service
Cross-Origin-Embedder-Policy
X-Cms-Context
X-Cluster
Apigw-Requestid
X-Served-From
X-Say-Cacheable
X-SayCDN-TTL
X-ProxyCache-Status
X-Soup
X-LJ-Flow-ID
X-Logging-Id
X-Restarts
X-Lambda-Id
X-Labrador-Cache-Channel
X-Adobe-Source
X-AWS-Id
X-Handled-By
Selected-Fe
X-PHP-Host
Mn-Server-Ip
Node
X-Extlb
X-BYPASS-REASON
X-Format
Web-Mar-Node
X-Httpd
X-Timing-Wait
X-Web-Node
X-Use-Mantle
X-Zipkin-Id
Section-Io-Id
Xserver
X-VWS-Id
X-Worker
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Browser-Name
X-Loop
Property-Id
X-Is-Mobile
X-No-Session
X-IPLB-Request-ID
X-S
X-Is-Supported-Browser
X-Is-Desktop
X-AB
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
X-Origin-Hint
Webcakes-Region
TWC-Connection-Speed
X-Is-Tablet
X-IPLB-Instance
X-Tcp-Rtt
X-GeoCode
X-GeoCountry
X-Geo-Region
X-Redis-Cache
X-Tncms
X-Endurance-Cache-Level
X-Varnish-Age
X-Varnish-Beresp-Grace
Azure-Version
X-VCT
Webcakes-App-Name
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Cache-Host
X-Generation-Time
X-Git-Commit
X-Tb
X-RM-Cache-TTL
X-Container-Uri
X-Locale
X-Vercel-Id
X-Vercel-Cache
X-Reqid
X-Site-Version
X-Skip-Cache
X-R9-Blue-Green-Version
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Provided-By
X-Drupal-Cache-Contexts
X-Webstats-RespID
X-Platform-Router
X-Cache-Server
X-Vcache
X-Frame-Option
X-Platform-Cluster
X-Platform-Processor
X-Ms-Version
X-Ms-Request-Id
X-Uri
DB-Nickname
X-RCS-CacheZone
X-Server-W
X-MP-GENERATED-AT
X-Alternate-Cache-Key
CDN-Cache
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestPullCode
CDN-Uid
CDN-RequestPullSuccess
X-Storefront-Renderer-Rendered
CDN-RequestCountryCode
X-Shopify-Stage
X-Fetched-On
X-DynaTrace
X-Origin-Date
WP-Super-Cache
X-Sucuri-Cache
Fastcgi-Useragent
X-Sorting-Hat-ShopId
Cache-Tv-Group
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Vcl-Version
X-Sucuri-ID
X-XRDS-Location
Source
X-Cdn-Origin
X-FB-TRIP-ID
Content-Secure-Policy
X-Generated-By
X-Sql-Duration-Ms
X-Sql-Count
Priority
X-SRV
Onion-Location
X-Pass-Why
X-Urbn-Site-Id
Cross-Origin-Embedder-Policy-Report-Only
X-Urbn-Context-Path
Locale
X-Buckets
Sid
X-Content-Age
Atl-Traceid
X-Xrds-Location
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Scope-Id
X-CMSURLCustom
X-Newrelic-Synthetics
HostName
X-Cluster-Node
Cache
X-DataDome
X-Proxy-Cache-Status
WZWS-RAY
Cross-Origin-Window-Policy
S-Rt
X-LSADC-Cache
X-TA-CDN-Provider
X-Cache-Action
X-Varnish-Beresp-Ttl
X-GEO
X-WP-CF-Super-Cache-Cookies-Bypass
X-Ua
X-Optimistic-Header
X-Cache-Expired-At
User-Cache-Control
X-Connection-Hash
Expiry
X-Via-SSL
X-Via-Edge
X-Via-CDN
Edge-Copy-Time
Redirect-Candidate
X-Destination
X-A-Dcw
X-A-Dgt
Rendered-Blocks
X-Developer
X-D
X-Platform
X-Cache-NE
Server-Ext
X-A-Ccd
X-Conf
CDCHOST
X-Application
X-A-Dam
Req-ID
X-A-Wwc
X-Epic-Correlation-Id
X-Ec-GeoHdr
Ngx.Var.Host
X-Aed
A
X-Dc
X-External-Request-Id
Ngx-Var-Key
X-Viewer-Country
Apple-News-Services-Handled
Apple-News-Services-Host
X-Ec-Custom-Error
Origin-Agent-Cluster
X-Access
Candidate-Md5Url
X-Vdms-Version
Origin
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Ec-Fail
X-Instance-Name
X-A
X-SB
MD5-Digest
X-ScT
X-S-Cookie
X-Rojux
Meta-Geo-Continent
Sever-Int
X-Vtex-Remote-Cache
X-Section
Sslversion
Gannett-Cam-Experience-Id
X-Vdms-Path
X-SRCache-Key
X-Bl-Debug
T-Server
Surrogated-Key
Vix-Hermes-Req-Id
Server-Hostname
X-Cache-Bucket
L
Lang
X-Bc-Bl
Server-Host
DCR-Processing-Time-Ms
DCR-Decision-By
X-Varnish-Hostname
X-Request-Start
X-TIM-N
X-BCube-Filmed-By
X-B-Cookie
X-BBC-Edge-Cache-Status
Host-ID
X-Esi-Check
X-Block-Status
Fastly-GeoIP-CountryCode
X-Clientip
Cluster
DSUID
X-Auto-Login
X-Cache-TTL-Remaining
X-Cache-Info
X-Cache-Id
X-Core-Value
Environment
X-Amz-Meta-Cb-Modifiedtime
Cache-Provider
X-Dispatcher-Server
Fastly-SSL
X-Debug-Cache-Fetch
X-Debug-Cache-Store
C-Via
X-Gzip
X-Proxied-Request
X-Pubstack
X-We-Are-Hiring
X-Req
X-PAYTM-SRV-ID
X-Origin-Time
Req-Svc-Chain
X-Nyt-Route
X-Zen-Fury
X-Op-Id-All
X-Correlation-ID
X-Request-URI
V-Age
Type
X-Varnish-Beresp-Status
X-WA-Info
X-UA-Device-Type
X-VCache
X-Scheme
X-SD-PageType
X-TH-Server
Release
X-Node-Id
X-Gdpr
X-Moov-Xdn-Version
X-Acquia-Purge-Cdn-Unconfigured
X-GeoIP-Country-Code
Magicmarker
X-VG-TLSProxy
X-Varnish-Director
X-Forwarded-Site
X-VServer
X-VG-WebCache
X-GeoIP-Region-Code
X-Gen-Mode
X-Hnp-Log
X-Human
X-Moov-T
X-B3-Trace-ID
X-Mly-Id
X-Loc
Fastly-Drupal-HTML
X-Service
X-Mg-Request-UUID
X-Origin-Response-Time
X-Datadome
X-TimeS
X-Aicache-OS
Web-Mar-Region
Wxu-Next-Region
Wxu-Next-Hostname
X-Ad-Load-Variation
Wxu-Next-Commit
We-Hiring
X-FC-Vary-Parameters
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-Host
X-Request-Time
X-Pool
X-Policy
X-NMSegId
Cdncip
X-Old-Content-Length
X-Rocket-Build-Number
X-Server-IP
X-Thanos
X-Var-Ttl
X-Varnish-Authentication
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Varnishpool
X-Sigma
X-Sigma-Backend
X-Nginx-Cache-Key
X-NCache
X-Fastly-Cache
X-Fmm-Version
Yak-Timeinfo
X-AK-Request-ID
X-DPWN-IS-SECURE
X-Contensis-Viewer-Groups
X-Branch-Name
X-Cache-Aspx
X-ND-Cache
Cdnsip
X-Generated-On
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Men
X-Level-Front-Cache
Tube-Return
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
X-Bip
X-Cdn-Srv
Tube-Got-Results
Platform
Pramga
Producers
Adler-Geo
On-Server
NM-Fastcgi-Cache
Locid
Mail-Subject
Is-Eu
Gh-Request-Id
Content-Script-Type
RNT-Time
RNT-Machine
Ssr
True-Client-Country-4JS
Click-Count-Action-Start
Country-Code
Content-Style-Type
Tube-Got-Eval
Click-Count-Error
Tube-Get-Contents
X-Azure-Ref-OriginShield
X-From
Cf-Device-Type
X-Edge-Server
X-Geo-Header
X-Device-Os
Cdn-Host
Canary
Cdn-Request-Time
X-Fastly-Backend
X-Region-Sid
Ha-Gx-Prefs
X-Wikidot-Static-Cache
X-Wikidot-Backend
HA-Ipaddr
L5d-Success-Class
X-Eu-Site
X-Csrf-Jwt
X-CGP
X-V-Cache
X-Up
X-PERF
X-Org
X-GeoIP-City
X-Proto
X-ECache
X-Sn-Servicetimems
X-Slack-Backend
X-GeoIP
X-Slack-Shared-Secret-Outcome
X-App-Name
X-ApacheServer
Proxy-Firewall
W
Uber-Trace-Id
X-Cache-Date
Machine
Esi-Enabled
X-Parent-Response-Time
X-Use-Magma
X-LB-ID
X-Irp-Debug
X-Hash
Cache-Key
AKAMAI
X-Test
Fastly-Backend-Name
X-Accel-Expires-Debug
X-DC
X-Date
X-VarnishDD-TTL
X-Amz-Storage-Class
X-Backend-Instance
PFcat
X-CacheTTL
X-HN
X-Tx-Id
NGX
X-Ah-Environment
XM
Pics-Label
X-Ratelimit-Reset
X-Lagoon
LB
X-ZONE
X-Varnish-Hits
X-Owner
X-Servedbyhost
X-HA-Backend
X-Cache-Backend
X-Via-Popn
X-Origin-Expires
X-API-Version
X-COUNTRY
X-SIPLIST1
X-Via-Poph
X-Via-Popv
X-Core-Mission
IsBot
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-GROUP
X-DynaTrace-JS-Agent
X-NGINX-Cache
X-Refresh
Cdn
X-RID
X-Qloud-Router
NtCoent-Length
X-LB-NoCache
Datacenter
X-UA
X-VHOST
N-Cache
RATING
Expect-Staple
X-CDN-Cache-Status
X-CF-Lambda-Fn
X-CF-Lambda-Version
GeoIp-Country-Code
SID
Cdn-Requestid
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-Forwarded-Path
X-Nc
X-Srv
X-Cache-Type
X-Wa
X-Nananana
Xc-Version
CloudFront-Viewer-Country
Server-ID
X-Zone
Cache-Hits
Cmstype
X-Gamma-Serve
Cmsid
X-B3-Parentspanid
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Transformed
X-Fpc
X-TX-ID
GeoIP-Latitude
X-Via-Fastly
CPC-Cache
CPC-Age
Resin-Trace
X-Ig-Origin-Region
X-Vmg-Version
X-Cdn-Diag
Uri
DataCenter
X-Hit
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-Nf-Request-Id
Fusion-Content-Id
Fusion-Component-Id
X-Location
XkeyRZ
X-Cloudmap
User-Agent
X-Proxy-CacheRZ
X-Client-Ip
X-URL
X-CS
Powered-By
X-Presslabs-Stats
X-DataCenter
X-NWS-UUID-VERIFY
Origin-EX
X-Info
X-Tt-Logid
X-Amz-Meta-Opti
CacheControlHeader
Mime-Version
X-TIME
Origin-CC
X-CUA
X-Jungle-Id
X-Variation
X-Fastly-Country-Code
Fastly-Drupal-Html
Srv
Tcn
X-LAGOON
True-Client-IP
True-Client-Ip
MIME-Version
Cf-Ipcountry
X-IAuth-Set-Uid
X-Cached-By
X-Datacenter
X-Cdn-Forward
X-HostName
X-Dynatrace-Js-Agent
X-NewRelic-App-Data
X-Geo
X-Segment-20210421
X-CACHE-AGE
X-User
X-Api-Version
VNS-Age
VNS-Cache
X-Render-Time
Load-Balancing
Lb
X-Varnish-Beresp-TTL
X-B3-Spanid
CDN
X-VTEX-Cache-Server
Debug
X-LiteSpeed-Tag
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-Vc
X-HOST
X-Webkit-Csp-Report-Only
X-LiteSpeed-Cache-Control
X-AIR-PT
Edge-Cache
X-Wormhole-Sdk
X-Auth-Group-Type
Cl-Cache
Hostname
Ohc-File-Size
X-Dispatcher-Number
X-CSRF-TOKEN
X-FPC
Cache-Name
X-NC
X-Ig-Push-State
X-WA
X-Dispatch
Server-Id
X-MCACHE
Ohc-Cache-HIT
X-Lb-Nocache
X-Esi
X-NodeID
Odigeo-Trace-Id
GeoIP-Country-Code
X-Litespeed-Tag
X-Vgn-Hpd-Reason
X-Mid
X-Custom-Header
X-Cdn-Cache-Status
X-APP-VERSION
X-Oracle-DMS-ECID
X-Cs
X-Depends
X-ServedByHost
X-PHP-Backend
X-Cache-Ttl
X-Pad
X-DefHash
X-Ha-Backend
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Fastly-Backend-Reqs
X-DefElseHash
BehaviorPad-Version
X-Varnish-CookieINHashed-On
X-Via-PopN
CountryCode
X-Via-PopV
X-Via-PopH
X-Litespeed-Cache-Control
Ms-Author-Via
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-VCL-Version
X-Proxy-Cache-La3
X-M-Reqid
X-RequestId
X-VC-TTL
X-MSEdge-Flight
Ngx
X-MSEdge-Features
X-Cdn-Request-ID
PICS-Label
X-Web-Server
X-MiniProfiler-Ids
X-Lb-Id
Xkeylog
X-Cache-Enabled
Xkey-La3
X-Akamai-Pragma-Client-IP
X-M-Log
X-FL-QIT-DEBUG
X-FL-EDGE
Memory
Srvid
Location
Server-Info
X-Snapshot-Date
X-IN-APIGATEWAYSSL
OriginIP
YJS-ID
Memcached
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Time
FSS-Cache
X-IN-APIGATEWAY
X-Sorting-Hat-Podid
X-Cache-Version
X-Shardid
X-Sorting-Hat-Shopid
X-Shopid
X-Cache-FS-Status
X-Wp-Cf-Super-Cache-Cookies-Bypass
CF-Ctrl
X-Internal-Host
X-Sucuri-Id
X-Th-Server
Warning
My-App
X-Serial
X-Service-Response-Time
CF-Cached-On
X-Mg-Cache
X-Check-Cacheable
Akamai-Cache-Status
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-Lsadc-Cache
Sm-Log-Id
Geoip-Latitude