Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-Runtime
X-AspNet-Version
Accept-CH
P3p
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-LiteSpeed-Cache
X-Device
Cf-Railgun
EagleEye-TraceId
Permissions-Policy
X-WebKit-CSP
X-CST
X-Backend-Server
X-Aws-Lambda-Call-Status
X-OneAgent-JS-Injection
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Cache-Lookup
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Oneagent-Js-Injection
X-Country
X-Trace
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Ruxit-JS-Agent
Accept-Ch-Lifetime
Rating
X-Origin-Cache-Key
X-Rack-Cache
Cache-Tag
X-Amz-Server-Side-Encryption
X-Edge
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-Midtier
X-PC
X-Vname
X-TtlSet
Nginx-Cache
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-ESI
X-Server-Name
Edge-Control
X-Ruxit-Js-Agent
X-NWS-LOG-UUID
X-Browser-Type
X-Cnection
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Ac
SPIisLatency
SPRequestDuration
X-Ser
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-RateLimit-Remaining
X-SharePointHealthScore
SPRequestGuid
X-Ttl
X-GitHub-Request-Id
X-NF-Request-ID
X-Navigation-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-B3-TraceId
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
S
X-Middleton-Display
X-Sol
Pagespeed
Display
Edge-Cache-Tag
X-Client-IP
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
X-Webkit-Csp
X-Amzn-Trace-Id
RTSS
X-Amz-Rid
X-Cache-TTL
Cache-Status
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Powered-CMS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Server-ID
X-Goog-Hash
X-Daa-Tunnel
X-Recruiting
X-Middleton-Response
Response
X-Content-Digest
X-ARC
X-Forwarded-For
X-TraceId
X-Varnish-TTL
X-T
Arr-Disable-Session-Affinity
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-MSEdge-Ref
Content-MD5
Cross-Origin-Resource-Policy
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
Front-End-Https
TP-Cache
X-Shield-Request-Id
X-Accel-Expires
X-Hits
X-Cached
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
Public-Key-Pins
X-FTR-Backend
X-FTR-Backend-Server
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Ua-Browser
X-Request-Received
X-Forwarded-Proto
X-FTR-Expires
X-Request-Processing-Time
X-Id
X-RateLimit-Limit
X-FastCGI-Cache
X-Content-Security-Policy-Report-Only
Payment
X-Frontend
X-DIS-Request-ID
X-ORACLE-DMS-RID
Realpath
X-Protected-By
X-LLID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
Origin-Trial
X-Fastcgi-Cache
X-Distributor
X-Hostname
X-GUploader-UploadID
TP-L2-Cache
X-Kong-Upstream-Latency
X-LB-Cache
X-Kong-Proxy-Latency
Cache-Tags
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Debug-Info
X-Origin-Server
X-Page-Id
Referer-Policy
Host
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Count-Hit
X-Az
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Activity-Id
X-XRDS-LOCATION
X-AppVersion
X-Geo-Country
X-NGENIX-Cache
X-Www-Served-By
X-Cluster-Name
X-Varnish-Backend
X-Varnish-Server
Accept-Charset
X-Correlation-Id
X-ASPNET-VERSION
X-App-Server
X-ORACLE-DMS-ECID
X-F-Cache
X-Ua-Device
X-PressLabs-Stats
X-Fastly-Request-ID
X-Varnish-Ttl
X-Ezoic-Cdn
Retry-After
X-FB-Debug
X-Load-Cache
X-Ratelimit-Limit
TCN
X-Goog-Metageneration
X-RateLimit-Reset
X-Upgrade-Enabled
X-CSRF-Token
X-Px
Access-Control-Allow-Method
X-Seen-By
X-Git-Hash
Server-Name
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-TEC-API-ORIGIN
X-Revision
X-TEC-API-ROOT
X-TEC-API-VERSION
Section-Io-Cache
X-Contextid
X-Request-Guid
X-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Content-Options
X-Cache-Control
X-Grace
Charset
X-Type
X-B
X-B3-Sampled
Paypal-Debug-Id
X-TT
X-Whom
Healthy
DC
X-Fb-Rlafr
X-Azure-Ref
X-Wix-Request-Id
X-Proxy
X-B-Cache
X-Signature
X-App-Environment
X-Node-Name
X-Mobile
X-Air-Pt
Accept-Ch
X-Magnolia-Registration
X-N
X-Oracle-Dms-Ecid
X-Newrelic-App-Data
Frame-Options
X-Origin-Cache
X-Amz-Replication-Status
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Cache-Control
Filterid
X-WP-CF-Super-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Logged-In
X-Fastly-Request-Id
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-WebKit-CSP-Report-Only
X-Oracle-Dms-Rid
Content-Disposition
Backend
X-Time
NGB
Viewport
X-Response-Served-From
X-Original-Request-Id
Akamai-GRN
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Rendered-As
X-Cache-Age
SD-X-WS
X-Debug-IsConnected
X-Tumblr-User
X-Datadog-Sampled
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Ratelimit-Remaining
X-RTag
Ms-Operation-Id
X-Hl-Ver
X-Varnish-Grace
X-Yottaa-Metrics
X-Rid
X-Yottaa-Optimizations
X-Debug-IsPreview
X-Unique-Id
X-RemovedCookies
X-ProcessESI
X-Servername
Liferay-Portal
MS-CV
X-Amzn-Remapped-Content-Length
X-UUID
X-Language
X-FW-Dynamic
X-Adobe-Content
X-FW-Serve
X-TTL
X-FW-Hash
X-Instance
X-IPS-LoggedIn
X-FW-Server
X-FW-Version
X-Backend-Name
X-Adobe-Loc
X-FW-Type
X-FW-Static
Upgrade-Insecure-Requests
X-Debug
X-Cacheable-TTL
X-G
Fastly-SWR
X-Cache-Grace
ServerID
X-NYM-Debug-Backend
X-L-Path
X-Environment-Context
Fastly-SIE
X-Via-JSL
From-Origin
X-B3-Traceid
X-Region
X-Proxy-Cache-Info
X-Device-Type
X-User-Agent
X-Cache-Hit
X-Template
Country
X-Rule
Refresh
X-Aspnet-Duration-Ms
X-Status
X-Route-Name
X-Providence-Cookie
X-VC-Cache
X-Is-Crawler
X-Flags
X-Webkit-CSP
Url
Version
X-INCAP-ABP
Countrycode
X-Source
X-B3-SpanId
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Status-Check
GEO-INFO
X-App-Version
X-HTML-Minification-Powered-By
SRV
Alternate-Protocol
X-NODE
X-Storage
X-Jobs
WPO-Cache-Message
X-Nginx-Cache
WPO-Cache-Status
X-WP-CF-Super-Cache-Active
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
OT-Force-Account-Verify
X-Akamai-Request-ID2
AMP-Access-Control-Allow-Source-Origin
X-CDN-Forward
X-Content-Powered-By
CDN-RequestId
X-Real-IP
X-Origin-CC
X-Origin-TTL
X-Rocket-Nginx-Serving-Static
Surrogate-Key
Protected
Access-Control-Request-Headers
X-ServerID
X-Hosted-By
X-VC
X-Accel-Version
Amp-Access-Control-Allow-Source-Origin
X-Cache-Time
CF-IPCountry
X-Akamai-Edgescape
X-Handled-By
X-Kinja-CCPA
X-Cache-Operation
X-Mode
X-Cache-Rule
X-Use-Mantle
X-Endurance-Cache-Level
Webserver
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Xfnlog-Site
X-Page-View
X-Edge-Location
X-Rewrite-Enabled
Filters
X-Framework
Xet-Cookie
X-Rn-Rsrv
Meta-Geo
X-UPSTREAM-Address
X-Upstream-Ht
X-Upstream-Ct
X-Soup
X-JoinUs
X-AWS-Id
X-Director
ServedBy
X-LJ-Flow-ID
X-Detected-As
X-Timing-Wait
X-Cache-Debug
X-Origin
X-SaId
X-Varnish-Cache-Hits
Section-Io-Id
X-VWS-Id
X-Proxy-Build
X-Tumblr-Pixel-2
X-Served-From
X-Tumblr-Pixel-3
Selected-Fe
Cross-Origin-Embedder-Policy
X-Cms-Context
X-Drupal-Cache-Tags
X-Cluster
X-BYPASS-REASON
X-Adobe-Source
X-Extlb
X-Labrador-Cache-Channel
X-Origin-Hint
X-No-Session
X-Lambda-Id
TWC-Connection-Speed
Webcakes-Region
Webcakes-App-Version
Mn-Server-Ip
TWC-GeoIP-Country
Node
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
Front
X-PHP-Host
X-Sucuri-Cache
X-Webstats-RespID
X-SayCDN-TTL
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Say-TTL
X-Say-Cacheable
X-Logging-Id
X-Worker
Accept-Language
X-Web-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Restarts
X-Redis-Cache
X-AB
X-Site-Version
X-Tncms
X-VCT
X-Varnish-Beresp-Grace
X-Varnish-Age
X-Skip-Cache
X-Tcp-Rtt
X-Drupal-Cache-Contexts
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-RCS-CacheZone
X-Loop
X-Locale
X-Is-Desktop
X-IPLB-Request-ID
X-RM-Cache-TTL
X-S
X-Format
X-Geo-Region
X-GeoCountry
X-GeoCode
X-Browser-Name
X-IPLB-Instance
Azure-InstanceId
Azure-SiteName
Apigw-Requestid
Azure-RegionName
Azure-SlotName
Azure-Version
CDN-RequestPullCode
CDN-PullZone
X-R9-Blue-Green-Version
X-Container-Uri
CDN-EdgeStorageId
CDN-RequestCountryCode
X-Generation-Time
X-Fetched-On
X-Vercel-Id
X-Vercel-Cache
X-Sucuri-ID
X-Httpd
X-Git-Commit
X-Cache-Server
CDN-RequestPullSuccess
CDN-Uid
X-Origin-Date
X-Forwarded-Host
CDN-CachedAt
X-Cache-Host
X-Alternate-Cache-Key
Xserver
X-Shopify-Stage
X-Reqid
CDN-Cache
X-Tb
X-Storefront-Renderer-Rendered
X-Ms-Version
X-Ms-Request-Id
X-Provided-By
DB-Nickname
X-Frame-Option
X-Vcache
X-TT-LOGID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Atl-Traceid
X-ShopId
X-Server-W
X-ShardId
X-XRDS-Location
WP-Super-Cache
X-Cdn-Origin
X-MP-GENERATED-AT
X-Uri
Fastcgi-Useragent
X-Vcl-Version
X-Http-Reason
Cross-Origin-Embedder-Policy-Report-Only
Cache-Tv-Group
Source
X-Generated-By
Sid
Content-Secure-Policy
X-Pass-Why
X-FB-TRIP-ID
Cross-Origin-Window-Policy
X-DynaTrace
X-Thinkindot-L3
Priority
X-Shield-Cache-Expires
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Scope-Id
X-CMSURLCustom
X-Buckets
Onion-Location
Cache
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Azure-Ref-OriginShield
X-Content-Age
X-LSADC-Cache
X-SRV
X-RID
HostName
X-Sql-Duration-Ms
X-Sql-Count
X-Varnish-Beresp-Ttl
X-Optimistic-Header
X-DataDome
X-Xrds-Location
X-Dc
X-WP-CF-Super-Cache-Cookies-Bypass
X-TA-CDN-Provider
X-Cluster-Node
X-Proxy-Cache-Status
X-UA
X-Request-URI
X-Cache-Action
User-Cache-Control
X-Connection-Hash
WZWS-RAY
X-Newrelic-Synthetics
Expiry
X-SB
X-TIM-N
X-SRCache-Key
X-Instance-Name
X-PAYTM-SRV-ID
X-ND-Cache
X-Op-Id-All
A
Candidate-Md5Url
X-ScT
X-Scheme
X-Dispatcher-Server
X-B-Cookie
X-Bc-Bl
X-GEO
X-Application
X-Aed
X-BCube-Filmed-By
Server-Host
Req-ID
X-Cache-Bucket
Server-Ext
X-Bl-Debug
Server-Hostname
X-A-Wwc
X-A
X-A-Ccd
Vix-Hermes-Req-Id
T-Server
X-Request-Start
X-A-Dam
X-A-Dcw
Sever-Int
Sslversion
X-A-Dgt
Surrogated-Key
Rendered-Blocks
X-Cache-NE
X-External-Request-Id
Magicmarker
MD5-Digest
X-Epic-Correlation-Id
Meta-Geo-Continent
X-Platform
Lang
DCR-Decision-By
DCR-Processing-Time-Ms
X-Rojux
Gannett-Cam-Experience-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Conf
Origin
Origin-Agent-Cluster
Redirect-Candidate
Ngx.Var.Host
X-D
Ngx-Var-Key
X-Ec-Custom-Error
X-Developer
X-Destination
X-S-Cookie
X-Lagoon
X-Viewer-Country
X-Varnish-Hostname
X-Vdms-Path
X-Vtex-Remote-Cache
X-Correlation-ID
X-Vdms-Version
X-Datadome
X-TimeS
X-WA-Info
NM-Fastcgi-Cache
X-Pool
X-Request-Time
X-VServer
X-We-Are-Hiring
X-Debug-Cache-Fetch
X-Core-Value
Content-Style-Type
X-Pubstack
X-VG-WebCache
X-Forwarded-Site
X-Debug-Cache-Store
X-Rocket-Build-Number
X-Proxied-Request
Host-ID
Yak-Timeinfo
L
Fastly-SSL
Environment
Fastly-GeoIP-CountryCode
Locid
Pramga
X-Esi-Check
Req-Svc-Chain
Wxu-Next-Commit
Wxu-Next-Hostname
X-Auto-Login
X-B3-Trace-ID
X-Req
Wxu-Next-Region
Release
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-AK-Request-ID
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-BBC-Edge-Cache-Status
V-Age
C-Via
X-Cache-Info
X-Zen-Fury
X-Cache-TTL-Remaining
Content-Script-Type
X-Cache-Expired-At
X-Cache-Id
X-Bip
X-Block-Status
DSUID
Ssr
X-Clientip
X-Fastly-Cache
X-Varnish-Director
X-Gzip
X-Sigma
X-Sigma-Backend
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-UA-Device-Type
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Thanos
X-Hnp-Log
X-Level-Front-Cache
X-Loc
X-Mly-Id
X-Varnishpool
X-NCache
X-Nginx-Cache-Key
X-VG-TLSProxy
X-TH-Server
X-Human
Apple-News-Services-Request-Url
X-Varnish-Beresp-Status
X-Gen-Mode
Cluster
X-Generated-On
Cdncip
X-Nyt-Route
X-Gdpr
X-SD-PageType
Cdnsip
X-Node-Id
CDCHOST
X-Section
X-Origin-Time
X-NMSegId
LB
X-Via-Edge
X-Via-CDN
Fastly-Drupal-HTML
Edge-Copy-Time
X-Service
X-Via-SSL
X-Origin-Response-Time
X-Origin-Expires
X-Branch-Name
X-Aicache-OS
X-Cache-Aspx
X-Old-Content-Length
X-Cache-Date
X-VCache
X-ApacheServer
X-Backend-Instance
X-PERF
X-Org
X-Mvc-Supplant-Cachable
X-Contensis-Viewer-Groups
X-SVT-ORM-VERSION
X-DPWN-IS-SECURE
X-Geo-Header
X-GeoIP
X-Device-Os
XM
Tube-Return
X-Policy
X-From
X-Fmm-Version
X-FC-Vary-Parameters
X-GeoIP-City
X-SVT-ORM-RULES
X-RateLimit-Remaining-Second
X-Cdn-Srv
X-Region-Sid
X-Men
X-RateLimit-Limit-Second
X-HS-Content-Campaign-Id
X-Moov-Xdn-Version
X-GoCache-CacheStatus
X-HN
X-Moov-T
X-Micro-Cache
X-Request-Host
PFcat
X-ECache
Mail-Subject
Machine
Platform
Producers
RNT-Time
X-Var-Ttl
RNT-Machine
Is-Eu
X-Ad-Load-Variation
X-Server-IP
X-V-Cache
X-VarnishDD-TTL
Adler-Geo
Cache-Provider
Esi-Enabled
Country-Code
Canary
Click-Count-Action-Start
Gh-Request-Id
Web-Mar-Region
On-Server
Tube-Get-Contents
Uber-Trace-Id
We-Hiring
Tube-Got-Eval
S-Rt
True-Client-Country-4JS
Click-Count-Error
Tube-Got-Results
X-Varnish-Authentication
HA-Ipaddr
X-Up
Ha-Gx-Prefs
X-App-Name
Cdn-Host
Cdn-Request-Time
Cf-Device-Type
X-Proto
X-Fastly-Backend
X-Sn-Servicetimems
W
X-Eu-Site
X-Edge-Server
X-API-Version
X-Wikidot-Static-Cache
X-CGP
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Test
X-Hash
L5d-Success-Class
Proxy-Firewall
Cache-Key
X-Wikidot-Backend
AKAMAI
X-Mvc-Supplant-OutputCached
X-Cache-Backend
X-Csrf-Jwt
X-Mg-Request-UUID
X-Ah-Environment
X-Parent-Response-Time
Type
X-CacheTTL
X-Accel-Expires-Debug
X-Date
X-LB-ID
Fastly-Backend-Name
X-Ua
X-COUNTRY
NGX
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Hits
X-DC
X-Servedbyhost
X-Tx-Id
Cache-Hits
Cdn-Requestid
X-Via-Popn
X-DynaTrace-JS-Agent
X-Via-Popv
X-HA-Backend
Pics-Label
X-Via-Poph
X-CACHE-GROUP
X-Ratelimit-Reset
Cdn
X-Zone
X-Srv
X-Via-Fastly
X-Irp-Debug
X-Refresh
NtCoent-Length
X-LB-NoCache
Datacenter
X-VHOST
X-Owner
GeoIp-Country-Code
X-CDN-Cache-Status
X-Cloudmap
X-NGINX-Cache
X-Location
X-Core-Mission
X-SIPLIST1
X-Ig-Origin-Region
Server-ID
X-ZONE
IsBot
X-Wa
X-Nc
SID
X-PDP-UNCACHING-HASH
X-NWS-UUID-VERIFY
Fusion-Component-Id
Fusion-Template-Id
X-Akamai-Transformed
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-TX-ID
Resin-Trace
Powered-By
Cross-Origin-Opener-Policy-Report-Only
X-Fpc
X-Qloud-Router
Origin-EX
X-CF-Lambda-Version
X-CUA
N-Cache
X-Jungle-Id
Expect-Staple
X-B3-Parentspanid
Origin-CC
DataCenter
X-Nananana
X-Hit
GeoIP-Latitude
X-CF-Lambda-Fn
X-Tt-Logid
X-Forwarded-Path
CloudFront-Viewer-Country
X-Tenant
X-Nf-Request-Id
Xc-Version
X-NewRelic-App-Data
X-Orig-Expires
X-Cache-Type
X-User
X-Shop-Environment
XkeyRZ
X-Proxy-CacheRZ
X-Client-Ip
Uri
X-URL
X-Presslabs-Stats
X-Gamma-Serve
Cmsid
X-CS
X-Segment-20210421
Cmstype
X-DataCenter
Mime-Version
CPC-Age
X-Render-Time
True-Client-Ip
X-Amz-Meta-Opti
X-TIME
CPC-Cache
X-Cached-By
User-Agent
X-IAuth-Set-Uid
Fastly-Drupal-Html
X-Geo
X-Wormhole-Sdk
X-Vmg-Version
X-Cdn-Diag
Debug
X-VTEX-Cache-Server
X-B3-Spanid
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-Info
X-Esi
X-LiteSpeed-Tag
X-Fastly-Country-Code
X-CACHE-AGE
X-Auth-Group-Type
True-Client-IP
Edge-Cache
MIME-Version
X-Dynatrace-Js-Agent
Cf-Ipcountry
X-Dispatch
X-Datacenter
Load-Balancing
CDN
X-Oracle-DMS-ECID
X-HOST
CacheControlHeader
Srv
X-Variation
X-Ig-Push-State
X-Vc
X-Cs
X-LiteSpeed-Cache-Control
X-LAGOON
X-Varnish-Beresp-TTL
Ohc-File-Size
Odigeo-Trace-Id
X-Webkit-Csp-Report-Only
X-Cdn-Forward
Cl-Cache
X-AIR-PT
X-Vgn-Hpd-Reason
X-NodeID
X-CSRF-TOKEN
Hostname
X-Custom-Header
Tcn
X-APP-VERSION
X-PHP-Backend
X-Pad
X-NC
X-Depends
X-FPC
X-MCACHE
VNS-Cache
X-WA
VNS-Age
Ohc-Cache-HIT
Server-Id
X-Varnish-Remaining-TTL
X-DefHash
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-DefElseHash
GeoIP-Country-Code
X-HostName
X-Lb-Nocache
X-Cdn-Cache-Status
X-M-Log
X-M-Reqid
X-VC-TTL
Geoip-Latitude
X-Dispatcher-Number
X-Cache-Ttl
X-Api-Version
X-MSEdge-Flight
CountryCode
X-ServedByHost
X-Fastly-Backend-Reqs
X-MSEdge-Features
X-APP
X-Via-PopH
X-Ha-Backend
X-Via-PopN
X-Via-PopV
PICS-Label
X-Litespeed-Tag
Lb
X-Cache-FS-Status
Epwk-X-Cache
X-Use-Magma
X-Litespeed-Cache-Control
X-VCL-Version
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Xkeylog
Xkey-La3
X-Proxy-Cache-La3
Ngx
Cloudfront-Viewer-Country
X-Lb-Id
X-Cdn-Request-ID
Cache-Name
X-IN-APIGATEWAYSSL
X-Web-Server
Memcached
X-Snapshot-Date
X-IN-APIGATEWAY
X-RequestId
OriginIP
Memory
Time
X-Acquia-Purge-Tags
X-Acquia-Site
X-Mid
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-MiniProfiler-Ids
X-Shardid
X-Shopid
X-Cache-Version
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Warning
Server-Info
X-Ramcache
X-Requestid
FSS-Cache
X-Th-Server
X-Udemy-Cache-App-Namespace
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
CF-Cached-On
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-Mg-Cache
X-Dw-Trace-Id
X-Service-Response-Time
X-Serial
Akamai-Cache-Status