Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Check
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
EagleId
Xkey
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-Backend-Server
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Url
X-Content-Type
X-Ruxit-JS-Agent
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Cache-Tag
Accept-Ch-Lifetime
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-PC
X-TtlSet
X-Vname
X-ECACHE
X-MS-InvokeApp
Nginx-Cache
X-ESI
X-Upstream
Rating
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Ruxit-Js-Agent
X-Cnection
X-Times
X-D2id
Verso
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-NWS-LOG-UUID
X-Ac
SPIisLatency
SPRequestDuration
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
X-RateLimit-Remaining
X-SharePointHealthScore
SPRequestGuid
X-Ser
X-Abt-Application-Version
X-Navigation-Version
X-NF-Request-ID
X-B3-TraceId
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Mg-S
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-VARITI-CCR
S
X-Middleton-Display
Edge-Cache-Tag
Pagespeed
X-Sol
Display
X-Ttl
X-Cache-Key
X-Client-IP
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
X-Goog-Hash
Access-Control-Request-Method
X-Varnish-TTL
X-Recruiting
X-Server-ID
X-ARC
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Daa-Tunnel
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
Content-MD5
X-MSEdge-Ref
Origin-Trial
X-SRCache-Fetch-Status
TP-Cache
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
Front-End-Https
X-Accel-Expires
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Content-Security-Policy-Report-Only
X-Cached
X-Hits
MS-Author-Via
X-Id
Public-Key-Pins
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FastCGI-Cache
X-Ua-Browser
Server-Node
X-HS-Cache-Config
X-HS-Combine-CSS
X-FTR-Expires
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Processing-Time
X-Forwarded-Proto
X-Request-Received
X-DIS-Request-ID
Payment
X-ORACLE-DMS-RID
X-Frontend
X-LLID
Realpath
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Webkit-Csp
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-Fastcgi-Cache
X-LB-Cache
Cache-Tags
X-RateLimit-Limit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Referer-Policy
X-Hostname
MRF-Tech
X-B3-TraceId-Primal
X-Page-Id
Mrf-Cache-Status
Count-Hit
X-AppVersion
X-Az
X-Ratelimit-Limit
X-Activity-Id
X-Debug-Info
X-Www-Served-By
X-NGENIX-Cache
Host
X-Cluster-Name
Fastcgi-Cache
X-Correlation-Id
X-Varnish-Server
X-Varnish-Backend
X-Geo-Country
Accept-Charset
X-Envoy-Decorator-Operation
X-F-Cache
X-App-Server
X-PressLabs-Stats
X-XRDS-LOCATION
X-Ua-Device
X-ORACLE-DMS-ECID
X-FB-Debug
X-Goog-Metageneration
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Retry-After
X-TEC-API-ROOT
X-TTL
X-RateLimit-Reset
X-Ezoic-Cdn
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Git-Hash
X-Load-Cache
X-Content-Options
X-Seen-By
X-CSRF-Token
X-Px
Server-Name
X-Fastly-Request-Id
TCN
X-Request-Guid
Section-Io-Cache
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Contextid
X-Tt-Trace-Tag
X-Type
X-Cache-Control
X-Trace-Id
X-Tt-Trace-Host
X-B
Cleartype
Charset
X-Varnish-Ttl
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-B3-Sampled
X-TT
Healthy
Paypal-Debug-Id
X-Whom
DC
X-Fb-Rlafr
X-Signature
X-B-Cache
X-Wix-Request-Id
X-App-Environment
X-Oracle-Dms-Ecid
X-Node-Name
X-Fastly-Request-ID
X-Mobile
X-Origin-Cache
X-Proxy
Frame-Options
X-Azure-Ref
X-Newrelic-App-Data
X-Magnolia-Registration
X-Amz-Replication-Status
X-Air-Pt
X-WebKit-CSP-Report-Only
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Accept-Ch
Filterid
X-Rid
X-N
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-EdgeConnect-Cache-Status
X-Logged-In
X-Language
Content-Disposition
X-Aspnet-Duration-Ms
X-Route-Name
Backend
X-Is-Crawler
X-Flags
Akamai-GRN
X-Providence-Cookie
X-Kinja-CCPA
X-Time
NGB
X-Oracle-Dms-Rid
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Response-Served-From
X-Is-Bot
X-Template
X-Rendered-As
MS-CV
Upgrade-Insecure-Requests
Ms-Operation-Id
Liferay-Portal
X-Debug-IsConnected
X-Debug-IsPreview
X-Datadog-Sampled
X-Yottaa-Metrics
X-Unique-Id
X-Servername
X-RTag
SD-X-WS
Viewport
X-Tumblr-User
X-Tumblr-Pixel-1
X-CCDN-CacheTTL
X-RemovedCookies
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Yottaa-Optimizations
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Tumblr-Pixel
X-ProcessESI
X-FW-Static
X-Adobe-Content
X-Adobe-Loc
X-FW-Hash
X-FW-Dynamic
X-Proxy-Cache-Info
X-IPS-LoggedIn
X-FW-Type
X-Instance
X-FW-Serve
X-UUID
X-Amzn-Remapped-Content-Length
X-NYM-Debug-Backend
X-FW-Version
X-Debug
X-FW-Server
X-G
Refresh
X-Backend-Name
X-Hl-Ver
X-Cache-Grace
X-Via-JSL
Fastly-SWR
X-L-Path
Fastly-SIE
X-Cacheable-TTL
X-Environment-Context
X-Region
From-Origin
X-Device-Type
X-User-Agent
X-B3-SpanId
X-Cache-Age
Country
X-Ratelimit-Remaining
X-Cache-Hit
X-Rule
X-Status
ServerID
X-App-Version
X-B3-Traceid
Url
X-VC-Cache
X-INCAP-ABP
Version
X-Jobs
X-Source
Alternate-Protocol
WPO-Cache-Status
WPO-Cache-Message
X-Webkit-CSP
X-Cache-Status-Check
X-HTML-Minification-Powered-By
Countrycode
X-Origin-CC
X-Origin-TTL
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
CDN-RequestId
GEO-INFO
X-Akamai-Request-ID2
Surrogate-Key
X-Hosted-By
X-Content-Powered-By
X-NODE
X-Storage
X-WP-CF-Super-Cache-Active
X-Rocket-Nginx-Serving-Static
Protected
X-Nginx-Cache
X-Page-View
OT-Force-Account-Verify
X-Accel-Version
Amp-Access-Control-Allow-Source-Origin
AMP-Access-Control-Allow-Source-Origin
X-Real-IP
X-Akamai-Edgescape
SRV
Access-Control-Request-Headers
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Edge-Location
X-ServerID
X-Framework
X-Cache-Time
X-VC
Xet-Cookie
X-CDN-Forward
X-Cache-Rule
X-Mode
Front
X-Rn-Rsrv
X-Endurance-Cache-Level
X-XRDS-Location
X-Xfnlog-Site
CF-IPCountry
Filters
Webserver
Meta-Geo
Accept-Language
X-Cache-Operation
X-Upstream-Ct
X-Upstream-Ht
X-Handled-By
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Cache-Debug
X-Proxy-Build
X-SaId
X-AWS-Id
X-Origin
X-Served-From
X-LJ-Flow-ID
X-Detected-As
Selected-Fe
ServedBy
X-Timing-Wait
Section-Io-Id
X-Soup
Mn-Server-Ip
X-VWS-Id
X-Varnish-Cache-Hits
X-JoinUs
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
X-Director
X-Proxied
Webcakes-App-Version
Webcakes-Region
X-Adobe-Source
Node
TWC-Privacy
Webcakes-App-Name
Web-Mar-Node
TWC-Locale-Group
TWC-Device-Class
X-No-Session
X-BYPASS-REASON
Property-Id
TWC-Connection-Speed
X-Logging-Id
TWC-GeoIP-Country
X-Origin-Hint
X-ProxyCache-Key
X-PHP-Host
Apigw-Requestid
X-Lambda-Id
TWC-GeoIP-LatLong
X-Labrador-Cache-Channel
X-Cluster
Xserver
X-TT-LOGID
X-SayCDN-TTL
X-Say-TTL
X-Httpd
X-Cms-Context
X-Web-Node
X-Worker
X-Zipkin-Id
X-Extlb
X-Say-Cacheable
X-Redis-Cache
X-Use-Mantle
X-Format
X-Restarts
X-ProxyCache-Status
X-Routing-Service
X-Http-Reason
X-Is-Tablet
X-Varnish-Age
X-VCT
X-GeoCountry
X-Varnish-Beresp-Grace
X-Platform-Processor
X-Is-Mobile
X-AB
X-Platform-Cluster
X-Geo-Region
X-Forwarded-Host
X-Is-Supported-Browser
X-Platform-Router
X-Drupal-Cache-Tags
X-GeoCode
X-Skip-Cache
X-IPLB-Instance
X-Browser-Name
X-Tncms
X-S
X-RM-Cache-TTL
X-RCS-CacheZone
X-IPLB-Request-ID
X-Is-Desktop
Azure-RegionName
Azure-InstanceId
X-Site-Version
X-Locale
DB-Nickname
X-Tcp-Rtt
Azure-SiteName
X-Loop
Azure-Version
Azure-SlotName
X-Git-Commit
X-Fetched-On
X-Container-Uri
X-Cache-Server
X-Cache-Host
X-Reqid
X-Generation-Time
X-Webstats-RespID
X-Drupal-Cache-Contexts
X-R9-Blue-Green-Version
X-Vercel-Id
X-Tb
X-Vercel-Cache
X-Server-W
X-Ms-Request-Id
X-Vcache
X-Ms-Version
X-Frame-Option
X-Provided-By
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
CDN-Cache
X-Shopify-Stage
X-Uri
X-Sucuri-Cache
X-Origin-Date
X-MP-GENERATED-AT
WP-Super-Cache
X-Sucuri-ID
Fastcgi-Useragent
X-Vcl-Version
Source
Cache-Tv-Group
X-DynaTrace
X-ShardId
X-Cdn-Origin
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
Cross-Origin-Embedder-Policy-Report-Only
X-FB-TRIP-ID
X-Generated-By
Content-Secure-Policy
X-SRV
Priority
Atl-Traceid
X-Pass-Why
Onion-Location
X-Sql-Count
X-Sql-Duration-Ms
Locale
X-Urbn-Site-Id
Sid
X-Urbn-Context-Path
X-Content-Age
X-Buckets
Cross-Origin-Window-Policy
Thinkindot-CacheControl-Type
X-Scope-Id
X-Shield-Cache-Expires
X-CMSURLCustom
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-Control
TDXMobile
Cache
X-DataDome
X-LSADC-Cache
X-Cluster-Node
HostName
X-Proxy-Cache-Status
X-Newrelic-Synthetics
WZWS-RAY
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Action
X-GEO
X-Varnish-Beresp-Ttl
X-Optimistic-Header
X-Cache-Expired-At
S-Rt
X-Xrds-Location
X-Via-CDN
X-Via-Edge
User-Cache-Control
Expiry
Edge-Copy-Time
X-Connection-Hash
X-Via-SSL
X-Dc
Apple-News-Services-Handled
X-Bc-Bl
X-BCube-Filmed-By
Server-Ext
X-B-Cookie
X-Rojux
X-Application
Server-Host
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Rendered-Blocks
X-Op-Id-All
X-TIM-N
Req-ID
X-Cache-Bucket
Apple-News-Services-Request-Url
X-ScT
X-Bl-Debug
A
Server-Hostname
Vix-Hermes-Req-Id
Sslversion
Sever-Int
T-Server
X-Scheme
X-SB
X-S-Cookie
Surrogated-Key
X-Viewer-Country
X-A
X-Access
X-PAYTM-SRV-ID
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Platform
X-Cache-NE
X-Vtex-Remote-Cache
X-Developer
DCR-Decision-By
X-Request-Start
X-Destination
Lang
Redirect-Candidate
Gannett-Cam-Experience-Id
X-Vdms-Path
X-Dispatcher-Server
X-Epic-Correlation-Id
DCR-Processing-Time-Ms
X-External-Request-Id
X-Varnish-Hostname
X-Ec-GeoHdr
X-Ec-Custom-Error
X-SRCache-Key
X-Ec-Fail
X-Vdms-Version
L
Candidate-Md5Url
Ngx-Var-Key
Ngx.Var.Host
X-Instance-Name
X-Section
X-Conf
Origin-Agent-Cluster
X-D
Magicmarker
CDCHOST
MD5-Digest
Meta-Geo-Continent
Origin
X-TA-CDN-Provider
X-Azure-Ref-OriginShield
Release
X-Proxied-Request
X-Pool
Pramga
NM-Fastcgi-Cache
X-Req
Host-ID
X-VServer
Req-Svc-Chain
X-Origin-Time
Ssr
X-Acquia-Purge-Cdn-Unconfigured
X-Clientip
X-Human
X-Core-Value
X-Hnp-Log
X-VG-TLSProxy
Fastly-GeoIP-CountryCode
X-Loc
X-Level-Front-Cache
X-Varnish-Director
X-Cache-TTL-Remaining
X-Gzip
X-GeoIP-Region-Code
X-Gdpr
X-Forwarded-Site
X-Esi-Check
X-Fastly-Cache
X-Gen-Mode
X-Generated-On
X-Debug-Cache-Fetch
X-GeoIP-Country-Code
X-Debug-Cache-Store
X-Varnish-Beresp-Status
X-Mly-Id
Wxu-Next-Hostname
Wxu-Next-Region
X-Varnishpool
X-AK-Request-ID
X-NCache
Wxu-Next-Commit
X-Node-Id
X-NMSegId
X-Nginx-Cache-Key
V-Age
X-Amz-Meta-Cb-Modifiedtime
X-Auto-Login
X-Block-Status
X-VG-WebCache
X-Cache-Id
X-Cache-Info
X-Moov-T
X-Moov-Xdn-Version
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Bip
X-Nyt-Route
Fastly-SSL
X-Zen-Fury
Yak-Timeinfo
X-Request-Time
X-ND-Cache
X-We-Are-Hiring
C-Via
Cdncip
X-WA-Info
Cache-Provider
X-Request-URI
X-Rocket-Build-Number
X-Correlation-ID
X-Sigma-Backend
X-Sigma
X-SD-PageType
X-TH-Server
X-Thanos
Fastly-Drupal-HTML
X-Ua
X-Pubstack
Cdnsip
X-UA-Device-Type
Content-Style-Type
Cluster
Content-Script-Type
Environment
DSUID
X-Origin-Response-Time
X-VCache
X-Datadome
X-TimeS
X-Service
X-Request-Host
X-VarnishDD-TTL
X-Ad-Load-Variation
Is-Eu
X-Contensis-Viewer-Groups
X-Device-Os
X-Csrf-Jwt
X-CGP
X-Cdn-Srv
Esi-Enabled
HA-Ipaddr
Ha-Gx-Prefs
X-SVT-ORM-VERSION
X-Cache-Aspx
Gh-Request-Id
X-Cache-Date
X-Aicache-OS
X-ApacheServer
X-Eu-Site
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Varnish-Authentication
X-Micro-Cache
X-Men
X-Var-Ttl
X-Old-Content-Length
X-Policy
X-PERF
X-Mg-Request-UUID
X-Org
X-V-Cache
X-HS-Content-Campaign-Id
X-Fmm-Version
X-FC-Vary-Parameters
X-HN
X-SVT-ORM-RULES
X-From
X-Geo-Header
X-Server-IP
X-GoCache-CacheStatus
X-GeoIP-City
X-GeoIP
X-DPWN-IS-SECURE
Country-Code
Uber-Trace-Id
Type
RNT-Time
RNT-Machine
X-RateLimit-Limit-Second
Machine
L5d-Success-Class
Tube-Return
Tube-Got-Results
X-RateLimit-Remaining-Second
True-Client-Country-4JS
X-Region-Sid
Adler-Geo
Tube-Got-Eval
Tube-Get-Contents
Producers
Locid
We-Hiring
W
On-Server
Click-Count-Action-Start
Click-Count-Error
Web-Mar-Region
Platform
Mail-Subject
Canary
X-Amz-Storage-Class
PFcat
X-Sn-Servicetimems
X-Proto
X-Backend-Instance
X-Wikidot-Backend
X-Hash
X-Test
X-Edge-Server
Proxy-Firewall
X-Wikidot-Static-Cache
X-Slack-Backend
Cdn-Request-Time
Cache-Key
Cdn-Host
X-ECache
AKAMAI
Cf-Device-Type
X-Fastly-Backend
X-Up
X-Slack-Shared-Secret-Outcome
X-App-Name
X-Branch-Name
XM
X-Lagoon
Fastly-Backend-Name
NGX
X-RID
X-CacheTTL
X-Parent-Response-Time
X-Accel-Expires-Debug
X-DC
X-LB-ID
X-Date
X-UA
LB
X-Tx-Id
X-Origin-Expires
Pics-Label
X-Irp-Debug
X-Varnish-Hits
X-Cache-Backend
X-API-Version
X-Ah-Environment
X-Via-Popv
X-Via-Popn
X-HA-Backend
X-COUNTRY
X-Tb-Optimization-Total-Bytes-Saved
X-Servedbyhost
X-Owner
X-Via-Poph
X-NGINX-Cache
X-Core-Mission
X-ZONE
Cdn
X-CACHE-GROUP
X-Refresh
IsBot
X-SIPLIST1
X-DynaTrace-JS-Agent
Datacenter
X-Ratelimit-Reset
X-LB-NoCache
NtCoent-Length
X-CDN-Cache-Status
GeoIp-Country-Code
X-Client-Ip
X-VHOST
RATING
SID
X-Qloud-Router
X-Zone
Cache-Hits
X-Use-Magma
Cdn-Requestid
X-Nananana
Expect-Staple
X-Srv
X-Via-Fastly
X-CF-Lambda-Fn
N-Cache
X-CF-Lambda-Version
X-Wa
X-Nc
Server-ID
X-Orig-Expires
X-Shop-Environment
CloudFront-Viewer-Country
X-Tenant
Xc-Version
X-Cache-Type
X-Forwarded-Path
X-Akamai-Transformed
X-Fpc
X-B3-Parentspanid
X-Location
Cmsid
Cross-Origin-Opener-Policy-Report-Only
Cmstype
X-Gamma-Serve
Resin-Trace
X-Ig-Origin-Region
GeoIP-Latitude
X-TX-ID
X-Cloudmap
DataCenter
X-Hit
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
CPC-Age
Fusion-Content-Source
CPC-Cache
Fusion-Content-Id
Fusion-Component-Id
X-CS
X-NewRelic-App-Data
X-Cdn-Diag
X-Nf-Request-Id
Powered-By
User-Agent
XkeyRZ
X-Vmg-Version
Uri
X-Proxy-CacheRZ
X-DataCenter
X-Presslabs-Stats
X-CUA
X-URL
Origin-CC
X-Jungle-Id
Origin-EX
X-CACHE-AGE
X-NWS-UUID-VERIFY
X-TIME
X-User
True-Client-IP
Srv
Mime-Version
X-Amz-Meta-Opti
X-Info
X-Tt-Logid
Fastly-Drupal-Html
Tcn
X-IAuth-Set-Uid
MIME-Version
X-Cached-By
X-Fastly-Country-Code
True-Client-Ip
X-Segment-20210421
X-Variation
CacheControlHeader
Cf-Ipcountry
X-LAGOON
X-HostName
X-Dynatrace-Js-Agent
X-Cdn-Forward
CDN
X-Datacenter
X-Geo
X-Render-Time
X-Vc
X-Varnish-Beresp-TTL
X-CSRF-TOKEN
X-Oracle-DMS-ECID
Load-Balancing
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-B3-Spanid
X-LiteSpeed-Cache-Control
X-Wormhole-Sdk
Edge-Cache
VNS-Age
Debug
X-Auth-Group-Type
VNS-Cache
X-HOST
X-LiteSpeed-Tag
Ohc-File-Size
Hostname
X-Dispatch
X-PDP-UNCACHING-HASH
X-Api-Version
X-AIR-PT
Lb
X-Webkit-Csp-Report-Only
X-FPC
X-Ig-Push-State
Cl-Cache
X-NC
Server-Id
X-Dispatcher-Number
X-MCACHE
Odigeo-Trace-Id
X-WA
X-NodeID
Ohc-Cache-HIT
X-APP-VERSION
X-Vgn-Hpd-Reason
X-Custom-Header
X-Esi
GeoIP-Country-Code
X-Lb-Nocache
Cache-Name
X-Litespeed-Tag
X-PHP-Backend
X-Depends
CountryCode
X-Cdn-Cache-Status
X-Cs
X-Pad
X-Varnish-CookieINHashed-On
X-Mid
X-DefElseHash
X-DefHash
X-Varnish-CookieHashed-On
X-ServedByHost
X-Varnish-Remaining-TTL
X-Cache-Ttl
X-Via-PopV
PICS-Label
X-Via-PopN
X-Via-PopH
X-M-Reqid
X-Ha-Backend
X-VC-TTL
X-M-Log
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Ms-Author-Via
X-VCL-Version
X-Cdn-Request-ID
X-Lb-Id
X-MSEdge-Flight
BehaviorPad-Version
X-MiniProfiler-Ids
X-Proxy-Cache-La3
X-Shardid
Xkey-La3
X-Sorting-Hat-Podid
X-Shopid
X-Akamai-Pragma-Client-IP
X-MSEdge-Features
Xkeylog
X-Sorting-Hat-Shopid
X-Cache-FS-Status
X-APP
Epwk-X-Cache
X-Cache-Enabled
FSS-Cache
X-Acquia-Site
Memory
Time
X-Acquia-Application-Trace
X-IN-APIGATEWAY
Memcached
X-Web-Server
X-IN-APIGATEWAYSSL
OriginIP
X-Snapshot-Date
X-RequestId
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Geoip-Latitude
Ngx
X-Cache-Version
CF-Cached-On
X-Requestid
X-Sucuri-Id
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
Warning
Cloudfront-Viewer-Country
X-Udemy-Cache-App-Namespace
X-Service-Response-Time
Location
Server-Info
X-Dw-Trace-Id
X-Lsadc-Cache
YJS-ID
Akamai-Cache-Status
Srvid
X-Serial
X-Check-Cacheable
X-Mg-Cache
X-FL-QIT-DEBUG
X-FL-EDGE
Sm-Log-Id