Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
P3p
Accept-CH
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Check
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Allow
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
EagleId
X-Vhost
X-Rq
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Dns-Prefetch-Control
X-CST
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Litespeed-Cache
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
Accept-Ch-Lifetime
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-ECACHE
X-MS-InvokeApp
Nginx-Cache
X-PC
X-Vname
X-TtlSet
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
Verso
X-Cnection
X-Times
X-Element-Page-Cache
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
X-D2id
X-Ac
SPRequestDuration
SPIisLatency
X-B3-TraceId
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-NWS-LOG-UUID
X-Ser
X-Abt-Application-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-GitHub-Request-Id
X-Navigation-Version
X-RateLimit-Remaining
X-Dw-Request-Base-Id
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Mg-S
X-Client-IP
X-VARITI-CCR
S
Edge-Cache-Tag
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Ttl
X-Cache-Key
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Powered-CMS
Cache-Status
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Cache-TTL
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Varnish-TTL
X-Server-ID
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Forwarded-For
Arr-Disable-Session-Affinity
Origin-Trial
X-T
X-MSEdge-Ref
Content-MD5
X-Daa-Tunnel
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
TP-Cache
X-Accel-Expires
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
Cross-Origin-Resource-Policy
Front-End-Https
X-Hits
X-Cached
X-Id
Public-Key-Pins
MS-Author-Via
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
Server-Node
X-FTR-Expires
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-DIS-Request-ID
X-HS-Combine-CSS
X-HS-Cache-Config
Payment
X-Request-Received
X-Request-Processing-Time
X-Forwarded-Proto
X-Frontend
X-Fastcgi-Cache
X-LLID
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
Realpath
X-Webkit-Csp
X-Protected-By
X-ORACLE-DMS-RID
X-FastCGI-Cache
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-LB-Cache
Cache-Tags
X-Ratelimit-Limit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Upstream-Latency
Referer-Policy
X-Kong-Proxy-Latency
X-B3-TraceId-Primal
Mrf-Cache-Status
Count-Hit
MRF-Tech
X-Page-Id
X-Hostname
X-Debug-Info
X-Cluster-Name
X-NGENIX-Cache
X-Www-Served-By
X-AppVersion
X-Az
X-Correlation-Id
X-Activity-Id
Host
X-ORACLE-DMS-ECID
X-Varnish-Backend
Accept-Charset
X-F-Cache
X-Varnish-Server
Fastcgi-Cache
X-RateLimit-Limit
X-Envoy-Decorator-Operation
X-Geo-Country
X-App-Server
X-PressLabs-Stats
X-XRDS-LOCATION
X-FB-Debug
X-Ua-Device
X-Goog-Metageneration
X-TTL
Retry-After
X-Fastly-Request-Id
Access-Control-Allow-Method
X-Git-Hash
X-CSRF-Token
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upgrade-Enabled
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-Load-Cache
X-Content-Options
X-RateLimit-Reset
X-Seen-By
X-Px
X-Request-Guid
Server-Name
X-Revision
X-Contextid
X-Tt-Trace-Host
X-Tt-Trace-Tag
TCN
X-Datadog-Parent-Id
X-Cache-Control
X-Trace-Id
X-Datadog-Trace-Id
Charset
X-Datadog-Sampling-Priority
X-Amz-Meta-S3cmd-Attrs
Section-Io-Cache
X-Type
X-B3-Sampled
X-B
X-Grace
Cleartype
X-Varnish-Ttl
DC
Paypal-Debug-Id
X-TT
Healthy
X-Fb-Rlafr
X-B-Cache
X-Newrelic-App-Data
X-Signature
X-Whom
X-App-Environment
X-Oracle-Dms-Ecid
X-Wix-Request-Id
X-Node-Name
X-Origin-Cache
Frame-Options
X-Rid
X-WebKit-CSP-Report-Only
X-Azure-Ref
X-Amz-Replication-Status
X-Magnolia-Registration
X-Mobile
X-Proxy
X-Kinja-CCPA
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Air-Pt
X-EdgeConnect-Cache-Status
Filterid
Accept-Ch
X-N
X-Logged-In
X-Oracle-Dms-Rid
X-Language
X-Aspnet-Duration-Ms
X-WP-CF-Super-Cache-Cache-Control
X-Fastly-Request-ID
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-WP-CF-Super-Cache
X-Route-Name
X-Ratelimit-Remaining
Content-Disposition
Akamai-GRN
Backend
NGB
X-Time
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Node
X-Rendered-As
X-Cache-Age
Upgrade-Insecure-Requests
X-Is-Bot
X-Template
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Proxy-Cache-Info
X-Debug-IsPreview
Viewport
Liferay-Portal
X-Debug-IsConnected
X-Varnish-Grace
X-Servername
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
Refresh
X-Adobe-Content
X-Tumblr-User
X-FW-Version
X-FW-Dynamic
X-Amzn-Remapped-Content-Length
MS-CV
Ms-Operation-Id
X-RTag
X-ProcessESI
X-Datadog-Sampled
X-Debug
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Tumblr-Pixel
X-IPS-LoggedIn
X-Instance
X-RemovedCookies
X-Unique-Id
X-Tumblr-Pixel-1
X-App-Version
X-NYM-Debug-Backend
X-G
X-Environment-Context
Fastly-SWR
X-L-Path
SD-X-WS
Fastly-SIE
X-Cacheable-TTL
X-Cache-Grace
X-Region
From-Origin
X-UUID
X-User-Agent
X-B3-SpanId
X-Backend-Name
X-Device-Type
X-CCDN-Origin-Time
X-Cache-Hit
X-Rule
Country
X-Status
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Hl-Ver
ServerID
X-Via-JSL
Url
X-Jobs
X-INCAP-ABP
X-VC-Cache
Countrycode
WPO-Cache-Message
WPO-Cache-Status
X-Origin-CC
Version
X-Origin-TTL
Alternate-Protocol
X-Webkit-CSP
X-Air-Source
X-Cache-Status-Check
X-Air-Trace-Id
X-HTML-Minification-Powered-By
X-Air-Hostname
Surrogate-Key
X-Hosted-By
X-Akamai-Request-ID2
X-Source
X-Page-View
CDN-RequestId
GEO-INFO
X-Content-Powered-By
X-NODE
Protected
X-Storage
X-Nginx-Cache
X-WP-CF-Super-Cache-Active
X-Akamai-Edgescape
X-Rocket-Nginx-Serving-Static
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
OT-Force-Account-Verify
X-Accel-Version
AMP-Access-Control-Allow-Source-Origin
SRV
X-Tec-Api-Root
X-Tec-Api-Origin
X-VC
Access-Control-Request-Headers
X-Real-IP
X-Tec-Api-Version
X-Edge-Location
X-Framework
X-ServerID
X-Cache-Rule
X-Mode
Front
X-Http-Reason
X-Cache-Time
Webserver
X-Upstream-Ht
X-Xfnlog-Site
X-Cache-Operation
Meta-Geo
Accept-Language
X-Upstream-Ct
X-Rn-Rsrv
CF-IPCountry
X-UPSTREAM-Address
X-Rewrite-Enabled
Filters
X-CDN-Forward
X-Cache-Debug
X-Detected-As
X-SaId
Xet-Cookie
X-Timing-Wait
X-Director
X-AWS-Id
X-JoinUs
X-LJ-Flow-ID
Selected-Fe
ServedBy
X-VWS-Id
X-TT-LOGID
Cross-Origin-Embedder-Policy
X-Proxy-Build
Mn-Server-Ip
X-Served-From
X-Varnish-Cache-Hits
X-Origin
X-Httpd
X-Soup
X-Handled-By
Webcakes-App-Version
X-Tumblr-Pixel-2
Webcakes-App-Name
Property-Id
X-Say-TTL
TWC-Privacy
Node
Webcakes-Region
X-SayCDN-TTL
TWC-Device-Class
X-Adobe-Source
TWC-GeoIP-Country
Web-Mar-Node
TWC-Connection-Speed
TWC-GeoIP-LatLong
Apigw-Requestid
X-BYPASS-REASON
TWC-Locale-Group
X-Format
Xserver
X-Zipkin-Id
X-Origin-Hint
Section-Io-Id
X-No-Session
X-Lambda-Id
X-Logging-Id
X-Web-Node
X-Routing-Service
X-Redis-Cache
X-Restarts
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Host
X-Proxied
X-Cluster
X-Labrador-Cache-Channel
X-Use-Mantle
X-Extlb
X-Tumblr-Pixel-3
X-Say-Cacheable
X-Browser-Name
X-Geo-Region
X-Cms-Context
X-RCS-CacheZone
X-GeoCode
X-Endurance-Cache-Level
X-GeoCountry
X-Is-Desktop
X-Locale
X-Is-Mobile
X-Is-Supported-Browser
X-Loop
X-S
X-AB
X-IPLB-Instance
X-IPLB-Request-ID
X-Is-Tablet
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Worker
X-RM-Cache-TTL
X-Tncms
X-Tcp-Rtt
Azure-Version
X-Skip-Cache
X-Varnish-Beresp-Grace
X-VCT
DB-Nickname
X-Site-Version
X-Git-Commit
X-Platform-Router
X-R9-Blue-Green-Version
X-Generation-Time
X-Container-Uri
X-Platform-Processor
X-Reqid
X-Drupal-Cache-Tags
X-Vercel-Id
X-Cache-Server
X-Forwarded-Host
X-Vercel-Cache
X-Platform-Cluster
X-Varnish-Age
X-Fetched-On
X-Server-W
X-Tb
X-Cache-Host
X-Ms-Version
X-Vcache
X-Ms-Request-Id
X-Webstats-RespID
X-Drupal-Cache-Contexts
X-Provided-By
X-Frame-Option
X-Uri
X-Shopify-Stage
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-RequestPullCode
X-MP-GENERATED-AT
X-Storefront-Renderer-Rendered
CDN-PullZone
CDN-Uid
CDN-CachedAt
CDN-Cache
X-Alternate-Cache-Key
CDN-RequestCountryCode
X-DynaTrace
X-Origin-Date
WP-Super-Cache
Source
X-Sucuri-Cache
Fastcgi-Useragent
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Vcl-Version
X-XRDS-Location
Cache-Tv-Group
X-Sucuri-ID
X-Cdn-Origin
X-FB-TRIP-ID
Content-Secure-Policy
X-Generated-By
X-Sql-Count
X-Sql-Duration-Ms
Priority
Cross-Origin-Embedder-Policy-Report-Only
Onion-Location
X-SRV
X-Pass-Why
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Xrds-Location
X-Buckets
Sid
X-Content-Age
Atl-Traceid
HostName
X-Scope-Id
Cross-Origin-Window-Policy
Thinkindot-Control
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Newrelic-Synthetics
X-DataDome
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Cluster-Node
Thinkindot-CacheControl
TDXMobile
X-LSADC-Cache
X-Proxy-Cache-Status
Cache
WZWS-RAY
S-Rt
X-Cache-Action
X-Ua
X-TA-CDN-Provider
X-GEO
X-Cache-Expired-At
X-Varnish-Beresp-Ttl
X-WP-CF-Super-Cache-Cookies-Bypass
X-Optimistic-Header
X-Connection-Hash
User-Cache-Control
Expiry
Edge-Copy-Time
X-Via-Edge
X-Via-CDN
X-Via-SSL
Origin-Agent-Cluster
Origin
Sever-Int
Server-Hostname
Ngx.Var.Host
Server-Ext
Req-ID
Rendered-Blocks
Redirect-Candidate
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
Candidate-Md5Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
A
Apple-News-Services-Handled
CDCHOST
DCR-Decision-By
MD5-Digest
Meta-Geo-Continent
Lang
L
Sslversion
Gannett-Cam-Experience-Id
Ngx-Var-Key
X-A-Dam
X-Op-Id-All
X-PAYTM-SRV-ID
X-Platform
X-Request-Start
X-External-Request-Id
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Ec-Fail
X-Ec-GeoHdr
X-Rojux
X-S-Cookie
X-Vdms-Path
X-Vdms-Version
X-Vtex-Remote-Cache
X-TIM-N
X-SRCache-Key
X-Scheme
X-ScT
X-Section
X-Dispatcher-Server
X-Developer
X-A-Dgt
X-A-Wwc
X-Access
X-A-Dcw
X-A-Ccd
T-Server
Vix-Hermes-Req-Id
X-A
X-Aed
X-Application
X-Cache-NE
X-D
X-Destination
X-Cache-Bucket
X-Bl-Debug
X-B-Cookie
X-Bc-Bl
X-BCube-Filmed-By
Surrogated-Key
X-Conf
X-Dc
X-Cache-Info
X-Cache-TTL-Remaining
X-Clientip
X-Cache-Id
X-Branch-Name
X-Bip
X-Block-Status
X-Esi-Check
X-VCache
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gen-Mode
X-Gdpr
X-Fastly-Cache
X-Forwarded-Site
X-Gzip
X-BBC-Edge-Cache-Status
Req-Svc-Chain
Server-Host
Ssr
X-Correlation-ID
Release
NM-Fastcgi-Cache
Pramga
Type
V-Age
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Hnp-Log
X-Human
X-Varnish-Beresp-Status
X-Varnish-Director
X-Varnish-Hostname
X-UA-Device-Type
X-Thanos
X-Sigma-Backend
X-TH-Server
X-Varnishpool
X-VG-TLSProxy
X-We-Are-Hiring
X-Zen-Fury
Magicmarker
X-WA-Info
X-VServer
X-VG-WebCache
X-Viewer-Country
X-Sigma
X-SB
X-NCache
X-Nginx-Cache-Key
X-NMSegId
X-Moov-Xdn-Version
X-Moov-T
X-Loc
X-Mly-Id
X-Nyt-Route
X-Origin-Time
X-Request-URI
X-Rocket-Build-Number
X-Request-Time
X-Pubstack
X-Pool
X-Proxied-Request
Host-ID
X-Instance-Name
Content-Script-Type
Fastly-SSL
Cache-Provider
C-Via
Fastly-Drupal-HTML
Fastly-GeoIP-CountryCode
DSUID
Content-Style-Type
Environment
X-TimeS
X-Datadome
X-Mg-Request-UUID
X-Origin-Response-Time
X-Men
X-ApacheServer
X-Ad-Load-Variation
Country-Code
X-Aicache-OS
X-Mvc-Supplant-OutputCached
We-Hiring
Web-Mar-Region
W
X-Region-Sid
X-Core-Value
Gh-Request-Id
X-Policy
X-Mvc-Supplant-Cachable
Adler-Geo
X-Node-Id
X-Old-Content-Length
X-PERF
X-Micro-Cache
X-HS-Content-Campaign-Id
X-Cdn-Srv
X-FC-Vary-Parameters
X-Fmm-Version
Canary
X-DPWN-IS-SECURE
X-Device-Os
X-Debug-Cache-Fetch
X-Contensis-Viewer-Groups
X-Debug-Cache-Store
X-From
X-Generated-On
Click-Count-Error
X-GeoIP-City
Cluster
X-GoCache-CacheStatus
X-Cache-Aspx
X-GeoIP
Click-Count-Action-Start
X-Geo-Header
X-Cache-Date
X-Level-Front-Cache
X-Req
X-Var-Ttl
X-Varnish-Authentication
X-Request-Host
RNT-Machine
RNT-Time
X-SVT-ORM-VERSION
X-V-Cache
Producers
Mail-Subject
Yak-Timeinfo
X-AK-Request-ID
On-Server
Cdnsip
Platform
Cdncip
X-SVT-ORM-RULES
Machine
Tube-Return
X-SD-PageType
True-Client-Country-4JS
X-Azure-Ref-OriginShield
Tube-Get-Contents
Tube-Got-Results
Tube-Got-Eval
X-Server-IP
Uber-Trace-Id
Locid
Is-Eu
X-ND-Cache
Esi-Enabled
X-Service
X-Eu-Site
PFcat
X-Fastly-Backend
Cdn-Host
X-Csrf-Jwt
X-HN
X-VarnishDD-TTL
X-Edge-Server
X-Amz-Storage-Class
X-Hash
X-Sn-Servicetimems
AKAMAI
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-RateLimit-Remaining-Second
X-Org
X-Test
X-Up
HA-Ipaddr
L5d-Success-Class
Ha-Gx-Prefs
Cache-Key
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CGP
X-RateLimit-Limit-Second
Cdn-Request-Time
Proxy-Firewall
Cf-Device-Type
X-ECache
X-App-Name
X-Parent-Response-Time
X-Use-Magma
X-Accel-Expires-Debug
X-DC
X-Backend-Instance
X-CacheTTL
Fastly-Backend-Name
X-Irp-Debug
X-Date
X-Proto
X-LB-ID
X-Ratelimit-Reset
NGX
X-Tx-Id
XM
X-Ah-Environment
Pics-Label
LB
X-Lagoon
X-ZONE
X-Cache-Backend
X-Origin-Expires
X-API-Version
IsBot
X-HA-Backend
X-COUNTRY
X-SIPLIST1
X-Via-Popn
X-Via-Poph
X-Servedbyhost
X-Via-Popv
X-Owner
X-Core-Mission
X-CACHE-GROUP
X-Tb-Optimization-Total-Bytes-Saved
Cdn
X-NGINX-Cache
X-Refresh
X-Varnish-Hits
X-DynaTrace-JS-Agent
X-RID
Datacenter
X-LB-NoCache
NtCoent-Length
X-Qloud-Router
X-UA
X-VHOST
Expect-Staple
GeoIp-Country-Code
SID
N-Cache
RATING
X-CF-Lambda-Version
X-CDN-Cache-Status
X-CF-Lambda-Fn
Cdn-Requestid
X-Orig-Expires
Xc-Version
CloudFront-Viewer-Country
X-Nc
X-Shop-Environment
X-Srv
X-Nananana
X-Wa
X-Tenant
X-Forwarded-Path
X-Cache-Type
Server-ID
X-Zone
X-Gamma-Serve
X-Via-Fastly
Cmsid
Cmstype
Cache-Hits
X-Fpc
CPC-Cache
CPC-Age
X-Akamai-Transformed
GeoIP-Latitude
X-B3-Parentspanid
X-TX-ID
Cross-Origin-Opener-Policy-Report-Only
X-Hit
X-Cdn-Diag
Resin-Trace
Uri
X-Ig-Origin-Region
X-Location
DataCenter
X-Vmg-Version
Fusion-Source
X-Nf-Request-Id
Fusion-Template-Id
X-Proxy-CacheRZ
Fusion-Content-Id
XkeyRZ
X-Cloudmap
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
User-Agent
X-Client-Ip
X-URL
X-CS
X-Presslabs-Stats
Powered-By
X-DataCenter
Mime-Version
X-Fastly-Country-Code
X-Variation
X-TIME
Origin-CC
X-Tt-Logid
X-Info
CacheControlHeader
X-Amz-Meta-Opti
True-Client-Ip
X-CUA
X-Jungle-Id
X-NWS-UUID-VERIFY
Origin-EX
Srv
Tcn
X-LAGOON
Fastly-Drupal-Html
X-Cached-By
Cf-Ipcountry
X-User
X-Datacenter
X-IAuth-Set-Uid
MIME-Version
True-Client-IP
X-NewRelic-App-Data
X-Cdn-Forward
X-HostName
X-CACHE-AGE
X-Geo
X-Segment-20210421
X-Dynatrace-Js-Agent
X-Api-Version
X-Varnish-Beresp-TTL
Lb
X-Render-Time
VNS-Cache
VNS-Age
Load-Balancing
CDN
X-Webkit-Csp-Report-Only
X-B3-Spanid
X-Vc
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
Debug
X-HOST
X-LiteSpeed-Tag
X-VTEX-Cache-Time
X-Wormhole-Sdk
X-LiteSpeed-Cache-Control
X-Auth-Group-Type
Ohc-File-Size
X-AIR-PT
X-CSRF-TOKEN
X-Dispatch
X-FPC
X-Cache-Ttl
X-Dispatcher-Number
Edge-Cache
Cl-Cache
Hostname
Cache-Name
Ohc-Cache-HIT
X-Ig-Push-State
GeoIP-Country-Code
X-MCACHE
X-WA
Server-Id
X-NC
X-Cdn-Cache-Status
X-Esi
Odigeo-Trace-Id
X-NodeID
X-Lb-Nocache
X-Litespeed-Tag
X-Custom-Header
X-Cs
X-Mid
X-Oracle-DMS-ECID
X-APP-VERSION
X-ServedByHost
X-Depends
X-PHP-Backend
X-Vgn-Hpd-Reason
X-Pad
X-Via-PopN
BehaviorPad-Version
X-Fastly-Backend-Reqs
CountryCode
X-Via-PopV
X-Ha-Backend
X-Via-PopH
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-DefHash
X-DefElseHash
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Ms-Author-Via
X-Litespeed-Cache-Control
X-VCL-Version
X-M-Log
Ngx
X-M-Reqid
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
X-VC-TTL
X-Cdn-Request-ID
X-Web-Server
X-Cache-Enabled
Xkey-La3
X-Proxy-Cache-La3
X-RequestId
X-MSEdge-Flight
PICS-Label
X-Lb-Id
X-MSEdge-Features
Xkeylog
X-FL-EDGE
X-FL-QIT-DEBUG
X-Acquia-Purge-Tags
FSS-Cache
Memcached
Memory
YJS-ID
Server-Info
X-IN-APIGATEWAY
X-Snapshot-Date
OriginIP
X-IN-APIGATEWAYSSL
Srvid
Time
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
Location
X-Sorting-Hat-Podid
X-Shopid
X-Sorting-Hat-Shopid
X-Cache-Version
X-Shardid
X-Udemy-Cache-App-Namespace
X-Sucuri-Id
Epwk-X-Cache
X-Cache-FS-Status
CF-Cached-On
X-Th-Server
Warning
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-Check-Cacheable
X-Service-Response-Time
X-Internal-Host
Akamai-Cache-Status
X-Mg-Cache
X-Serial
CF-Ctrl
My-App
Sm-Log-Id
X-Dw-Trace-Id
X-Lsadc-Cache