Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-FRAME-OPTIONS
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Check
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
EagleId
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-Backend-Server
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Content-Type
X-Clacks-Overhead
X-Url
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-PC
X-Vname
X-TtlSet
Nginx-Cache
X-MS-InvokeApp
X-ECACHE
Rating
X-Upstream
X-Powered-By-Plesk
X-ESI
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-Times
X-D2id
Verso
X-Element-Page-Cache
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Ac
X-NWS-LOG-UUID
SPIisLatency
SPRequestDuration
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-B3-TraceId
X-RateLimit-Remaining
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-Ser
X-Abt-Application-Version
X-Navigation-Version
X-NF-Request-ID
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Pinterest-Rid
X-Mg-S
Pinterest-Generated-By
Pinterest-Version
X-VARITI-CCR
S
X-Middleton-Display
Pagespeed
Display
X-Sol
Edge-Cache-Tag
X-Ttl
X-Client-IP
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Cache-Key
X-Amz-Rid
X-Cache-TTL
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Powered-CMS
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
Cache-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
X-Goog-Hash
Access-Control-Request-Method
X-Recruiting
X-Varnish-TTL
X-Server-ID
X-ARC
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Daa-Tunnel
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
Content-MD5
X-MSEdge-Ref
Origin-Trial
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
MicrosoftSharePointTeamServices
X-Accel-Expires
Front-End-Https
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Cached
X-Content-Security-Policy-Report-Only
X-Hits
MS-Author-Via
Public-Key-Pins
X-Id
X-FTR-Backend-Server
X-FTR-Backend
X-FastCGI-Cache
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-Ua-Browser
Server-Node
X-HS-Hub-Id
X-Request-Received
X-HS-Content-Id
X-DIS-Request-ID
X-HS-Cache-Config
X-HS-Combine-CSS
X-Forwarded-Proto
X-Request-Processing-Time
Payment
X-Frontend
X-LLID
Realpath
X-ORACLE-DMS-RID
X-Webkit-Csp
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Distributor
X-Fastcgi-Cache
X-RateLimit-Limit
Cache-Tags
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Kong-Proxy-Latency
X-Microsite
X-Kong-Upstream-Latency
X-Request-Handler-Origin-Region
Referer-Policy
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Hostname
MRF-Tech
X-Az
X-AppVersion
X-Activity-Id
Count-Hit
X-Debug-Info
X-Ratelimit-Limit
X-NGENIX-Cache
X-Www-Served-By
Host
X-Correlation-Id
X-Page-Id
Fastcgi-Cache
X-Geo-Country
X-Cluster-Name
X-Varnish-Server
X-Envoy-Decorator-Operation
X-Varnish-Backend
Accept-Charset
X-F-Cache
X-App-Server
X-XRDS-LOCATION
X-PressLabs-Stats
X-Ua-Device
X-ORACLE-DMS-ECID
X-FB-Debug
X-Goog-Metageneration
X-TTL
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-RateLimit-Reset
X-TEC-API-ROOT
X-Ezoic-Cdn
X-Upgrade-Enabled
X-Git-Hash
Access-Control-Allow-Method
X-Load-Cache
X-Content-Options
X-CSRF-Token
X-Seen-By
X-Px
TCN
Server-Name
X-Fastly-Request-Id
X-Revision
X-Request-Guid
X-Contextid
Section-Io-Cache
X-Trace-Id
X-Cache-Control
X-Tt-Trace-Host
X-Amz-Meta-S3cmd-Attrs
X-Type
X-Tt-Trace-Tag
X-Grace
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Varnish-Ttl
Cleartype
Charset
X-Datadog-Trace-Id
X-B
X-B3-Sampled
Paypal-Debug-Id
X-TT
DC
Healthy
X-Whom
X-Fb-Rlafr
X-Signature
X-B-Cache
X-App-Environment
X-Wix-Request-Id
X-Node-Name
X-Fastly-Request-ID
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Mobile
X-Proxy
X-Azure-Ref
X-Newrelic-App-Data
Frame-Options
X-Amz-Replication-Status
X-Air-Pt
X-Magnolia-Registration
X-WebKit-CSP-Report-Only
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-N
Accept-Ch
Filterid
X-WP-CF-Super-Cache-Cache-Control
X-Rid
X-WP-CF-Super-Cache
X-EdgeConnect-Cache-Status
X-Logged-In
X-Oracle-Dms-Rid
X-Language
Content-Disposition
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
Akamai-GRN
X-Aspnet-Duration-Ms
Backend
X-Flags
X-Kinja-CCPA
NGB
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Response-Served-From
X-Rendered-As
X-Template
X-NODE
X-Is-Bot
SD-X-WS
X-Datadog-Sampled
X-Debug-IsConnected
Ms-Operation-Id
X-Debug-IsPreview
Viewport
X-Unique-Id
X-Tumblr-Pixel-0
Liferay-Portal
X-Tumblr-Pixel
X-Servername
X-RTag
X-Tumblr-Pixel-1
X-RemovedCookies
X-Yottaa-Metrics
X-Varnish-Grace
MS-CV
X-Tumblr-User
X-Yottaa-Optimizations
X-ProcessESI
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-FW-Version
X-FW-Type
X-Proxy-Cache-Info
X-FW-Server
X-Instance
X-Debug
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-FW-Serve
X-UUID
X-NYM-Debug-Backend
X-FW-Static
Upgrade-Insecure-Requests
X-FW-Dynamic
X-Adobe-Loc
X-Adobe-Content
X-FW-Hash
X-L-Path
X-Environment-Context
X-Via-JSL
X-Cacheable-TTL
X-Hl-Ver
X-Region
Fastly-SIE
X-Cache-Grace
Refresh
X-G
X-Time
Fastly-SWR
From-Origin
X-Device-Type
X-Cache-Hit
Country
X-Ratelimit-Remaining
X-Status
X-User-Agent
X-B3-SpanId
X-Backend-Name
X-Cache-Age
ServerID
X-Rule
X-App-Version
Url
X-VC-Cache
X-INCAP-ABP
Version
X-Jobs
Countrycode
X-Webkit-CSP
Alternate-Protocol
WPO-Cache-Message
WPO-Cache-Status
X-Source
X-Air-Trace-Id
X-Origin-TTL
X-Air-Source
X-Air-Hostname
X-Origin-CC
X-Cache-Status-Check
X-HTML-Minification-Powered-By
CDN-RequestId
GEO-INFO
X-Akamai-Request-ID2
X-WP-CF-Super-Cache-Active
X-Hosted-By
X-Storage
X-Content-Powered-By
Protected
X-Rocket-Nginx-Serving-Static
Surrogate-Key
X-Page-View
X-Nginx-Cache
OT-Force-Account-Verify
X-Accel-Version
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
AMP-Access-Control-Allow-Source-Origin
SRV
X-Akamai-Edgescape
X-Real-IP
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Access-Control-Request-Headers
X-Edge-Location
X-Framework
X-ServerID
X-Cache-Time
X-VC
X-Mode
Front
X-CDN-Forward
Xet-Cookie
X-Cache-Rule
Accept-Language
X-Cache-Operation
X-UPSTREAM-Address
X-Upstream-Ct
X-Rn-Rsrv
X-Rewrite-Enabled
Filters
Meta-Geo
X-Handled-By
X-Endurance-Cache-Level
X-Upstream-Ht
CF-IPCountry
X-Xfnlog-Site
X-Director
Section-Io-Id
X-Varnish-Cache-Hits
X-LJ-Flow-ID
X-Timing-Wait
Selected-Fe
Webserver
Cross-Origin-Embedder-Policy
X-Served-From
X-JoinUs
ServedBy
X-Detected-As
X-SaId
X-Soup
X-Cache-Debug
X-Tumblr-Pixel-3
X-Origin
X-XRDS-Location
X-Proxy-Build
Mn-Server-Ip
X-AWS-Id
X-Tumblr-Pixel-2
X-VWS-Id
X-Worker
X-Proxied
Webcakes-App-Version
X-Routing-Service
X-PHP-Host
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-Redis-Cache
X-Lambda-Id
X-Use-Mantle
Property-Id
X-Origin-Hint
X-Web-Node
X-Restarts
Apigw-Requestid
X-SayCDN-TTL
X-Httpd
X-Extlb
TWC-GeoIP-Country
X-Say-Cacheable
Webcakes-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
Web-Mar-Node
X-Zipkin-Id
X-Cms-Context
TWC-Privacy
X-TT-LOGID
X-Format
TWC-Device-Class
Webcakes-App-Name
Xserver
X-Adobe-Source
X-Logging-Id
X-Say-TTL
Node
X-AB
X-No-Session
X-GeoCountry
DB-Nickname
X-BYPASS-REASON
X-GeoCode
X-Cluster
X-Is-Supported-Browser
X-Geo-Region
X-Is-Tablet
X-Locale
X-Loop
X-Forwarded-Host
X-Is-Desktop
X-Is-Mobile
X-Browser-Name
X-Tcp-Rtt
X-Tncms
X-Http-Reason
X-Skip-Cache
X-Site-Version
X-S
X-Varnish-Age
X-Varnish-Beresp-Grace
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-ProxyCache-Key
X-RM-Cache-TTL
X-Drupal-Cache-Tags
Azure-RegionName
X-ProxyCache-Status
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-SiteName
X-RCS-CacheZone
X-Vercel-Id
X-Vercel-Cache
X-Drupal-Cache-Contexts
X-IPLB-Request-ID
X-Cache-Host
X-VCT
X-Container-Uri
X-Generation-Time
X-Fetched-On
X-Tb
X-Webstats-RespID
X-IPLB-Instance
X-Git-Commit
X-Cache-Server
X-Reqid
X-Frame-Option
X-Vcache
X-Provided-By
X-R9-Blue-Green-Version
X-Server-W
CDN-Cache
X-Storefront-Renderer-Rendered
CDN-CachedAt
CDN-PullZone
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Shopify-Stage
X-Ms-Request-Id
X-Alternate-Cache-Key
X-Ms-Version
X-Uri
X-Sucuri-Cache
X-MP-GENERATED-AT
WP-Super-Cache
X-Origin-Date
X-Sucuri-ID
Fastcgi-Useragent
Source
Cache-Tv-Group
X-Vcl-Version
X-DynaTrace
X-Cdn-Origin
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
Cross-Origin-Embedder-Policy-Report-Only
Content-Secure-Policy
X-FB-TRIP-ID
X-Generated-By
Atl-Traceid
Priority
X-SRV
Onion-Location
X-Sql-Count
X-Sql-Duration-Ms
X-Pass-Why
Sid
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
X-Buckets
X-Thinkindot-L3
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Scope-Id
Thinkindot-Control
X-Shield-Cache-Expires
Cross-Origin-Window-Policy
Cache
X-DataDome
X-LSADC-Cache
HostName
X-Proxy-Cache-Status
X-WP-CF-Super-Cache-Cookies-Bypass
X-Newrelic-Synthetics
WZWS-RAY
X-Cluster-Node
X-GEO
X-Optimistic-Header
X-Cache-Action
X-Varnish-Beresp-Ttl
X-Xrds-Location
S-Rt
X-Cache-Expired-At
X-Via-CDN
X-Via-SSL
User-Cache-Control
X-Via-Edge
Edge-Copy-Time
X-Connection-Hash
Expiry
X-Dc
X-D
X-Ec-Custom-Error
X-Ec-Fail
X-Ec-GeoHdr
X-Vdms-Path
Vix-Hermes-Req-Id
X-Dispatcher-Server
X-Destination
A
X-Developer
X-A
X-Aed
X-Application
X-B-Cookie
X-Access
X-A-Wwc
X-TIM-N
X-A-Dcw
X-A-Dgt
Gannett-Cam-Experience-Id
X-Bc-Bl
X-Epic-Correlation-Id
X-Cache-NE
X-Vdms-Version
X-Cache-Bucket
X-A-Ccd
X-BCube-Filmed-By
X-A-Dam
X-Bl-Debug
X-Conf
Apple-News-Services-Handled
Redirect-Candidate
X-Op-Id-All
Origin-Agent-Cluster
X-PAYTM-SRV-ID
Magicmarker
X-Section
X-S-Cookie
Server-Ext
Req-ID
Rendered-Blocks
Origin
X-ScT
DCR-Processing-Time-Ms
MD5-Digest
X-SB
X-Rojux
DCR-Decision-By
X-Request-Start
Ngx.Var.Host
Ngx-Var-Key
Meta-Geo-Continent
X-Scheme
Lang
Server-Host
X-Vtex-Remote-Cache
Surrogated-Key
X-SRCache-Key
Sslversion
Candidate-Md5Url
T-Server
Apple-News-Services-Request-Url
X-External-Request-Id
Apple-News-Services-Host
X-Varnish-Hostname
Apple-News-Services-Parsed-Url
L
CDCHOST
Sever-Int
X-Viewer-Country
Server-Hostname
X-Instance-Name
X-Azure-Ref-OriginShield
X-TA-CDN-Provider
Req-Svc-Chain
Wxu-Next-Hostname
Wxu-Next-Region
V-Age
Ssr
Pramga
X-VG-WebCache
Wxu-Next-Commit
Release
Host-ID
X-Debug-Cache-Store
X-Nginx-Cache-Key
X-NCache
X-NMSegId
X-Node-Id
X-Nyt-Route
X-Moov-Xdn-Version
X-Moov-T
X-Varnish-Beresp-Status
X-Human
X-Level-Front-Cache
X-Loc
X-Mly-Id
X-Origin-Time
X-Platform
X-Sigma
X-SD-PageType
X-Sigma-Backend
X-TH-Server
X-Thanos
X-Rocket-Build-Number
X-Request-URI
X-Pool
X-Proxied-Request
X-Req
X-Request-Time
X-Hnp-Log
X-Gzip
X-Cache-Id
X-VG-TLSProxy
X-Cache-Info
X-Cache-TTL-Remaining
X-Clientip
X-Block-Status
X-Bip
X-Amz-Meta-Cb-Modifiedtime
X-AK-Request-ID
X-Auto-Login
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Core-Value
X-Debug-Cache-Fetch
X-Gen-Mode
X-Gdpr
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Varnish-Director
X-Forwarded-Site
X-VServer
X-Varnishpool
X-Esi-Check
X-Fastly-Cache
X-Acquia-Purge-Cdn-Unconfigured
NM-Fastcgi-Cache
X-ND-Cache
Cdncip
Fastly-SSL
DSUID
Environment
Cdnsip
Content-Style-Type
Cluster
Fastly-Drupal-HTML
X-Correlation-ID
X-Ua
Content-Script-Type
X-UA-Device-Type
Cache-Provider
C-Via
X-We-Are-Hiring
X-WA-Info
Fastly-GeoIP-CountryCode
Yak-Timeinfo
X-Zen-Fury
X-Origin-Response-Time
X-Datadome
X-TimeS
X-Service
X-VCache
X-Cdn-Srv
X-Ad-Load-Variation
W
X-Cache-Date
X-Aicache-OS
X-Amz-Storage-Class
PFcat
X-HN
X-VarnishDD-TTL
X-Cache-Aspx
X-ApacheServer
Web-Mar-Region
X-Fmm-Version
X-Pubstack
X-RateLimit-Limit-Second
X-PERF
X-Org
X-Old-Content-Length
X-RateLimit-Remaining-Second
X-Region-Sid
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-IP
X-Request-Host
X-V-Cache
X-Var-Ttl
X-Geo-Header
X-GeoIP
X-From
Adler-Geo
X-DPWN-IS-SECURE
X-GeoIP-City
X-GoCache-CacheStatus
X-Varnish-Authentication
X-Micro-Cache
X-Men
X-HS-Content-Campaign-Id
X-Device-Os
X-Contensis-Viewer-Groups
Click-Count-Action-Start
Click-Count-Error
RNT-Machine
RNT-Time
True-Client-Country-4JS
Producers
On-Server
Esi-Enabled
Is-Eu
Locid
Machine
Country-Code
Tube-Get-Contents
Platform
Tube-Got-Results
Tube-Return
Type
Uber-Trace-Id
Tube-Got-Eval
X-Mvc-Supplant-Cachable
X-Hash
X-Mvc-Supplant-OutputCached
X-ECache
Mail-Subject
We-Hiring
L5d-Success-Class
X-CGP
X-Csrf-Jwt
X-Edge-Server
X-Wikidot-Static-Cache
Proxy-Firewall
X-Eu-Site
X-FC-Vary-Parameters
Cf-Device-Type
X-Fastly-Backend
X-Wikidot-Backend
X-Policy
X-Sn-Servicetimems
X-App-Name
Cdn-Host
X-Slack-Shared-Secret-Outcome
Gh-Request-Id
Canary
X-Mg-Request-UUID
X-Test
X-Backend-Instance
Cache-Key
X-Slack-Backend
Ha-Gx-Prefs
AKAMAI
Cdn-Request-Time
X-Up
X-Branch-Name
HA-Ipaddr
X-Proto
Fastly-Backend-Name
X-DC
X-RID
X-LB-ID
NGX
X-Accel-Expires-Debug
XM
X-Parent-Response-Time
X-Date
X-Lagoon
X-Tx-Id
LB
X-UA
X-Cache-Backend
X-CacheTTL
X-API-Version
Pics-Label
X-Ah-Environment
X-Irp-Debug
X-Varnish-Hits
X-Origin-Expires
X-Owner
X-HA-Backend
X-Via-Popn
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popv
X-Servedbyhost
X-Via-Poph
X-COUNTRY
X-URL
X-DynaTrace-JS-Agent
X-SIPLIST1
X-ZONE
X-Refresh
X-CACHE-GROUP
IsBot
Cdn
X-Core-Mission
X-NGINX-Cache
X-Ratelimit-Reset
Datacenter
X-CDN-Cache-Status
X-LB-NoCache
GeoIp-Country-Code
NtCoent-Length
X-VHOST
X-Client-Ip
X-Qloud-Router
SID
RATING
X-Zone
X-Use-Magma
Cdn-Requestid
Cache-Hits
X-Nananana
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Nc
Server-ID
X-Srv
X-Via-Fastly
Expect-Staple
X-Wa
N-Cache
X-Forwarded-Path
X-Shop-Environment
X-Orig-Expires
X-Tenant
CloudFront-Viewer-Country
Xc-Version
X-Akamai-Transformed
X-Cache-Type
Cmsid
X-B3-Parentspanid
Resin-Trace
GeoIP-Latitude
X-Gamma-Serve
X-TX-ID
X-Ig-Origin-Region
X-Location
Cross-Origin-Opener-Policy-Report-Only
X-Fpc
Cmstype
X-Cloudmap
Fusion-Content-Id
Fusion-Source
CPC-Age
Fusion-Component-Id
Fusion-Deployment-Id
CPC-Cache
Fusion-Content-Source
DataCenter
X-Hit
Fusion-Template-Id
X-CS
X-TIME
X-NewRelic-App-Data
User-Agent
XkeyRZ
X-Nf-Request-Id
X-DataCenter
Powered-By
X-Cdn-Diag
X-Vmg-Version
X-Proxy-CacheRZ
Uri
Origin-EX
X-Jungle-Id
X-Presslabs-Stats
Origin-CC
X-CUA
X-NWS-UUID-VERIFY
X-CACHE-AGE
Srv
X-User
True-Client-IP
X-Amz-Meta-Opti
Mime-Version
X-Tt-Logid
X-Info
Fastly-Drupal-Html
Tcn
X-Cached-By
CacheControlHeader
X-IAuth-Set-Uid
X-Segment-20210421
X-Fastly-Country-Code
True-Client-Ip
MIME-Version
Cf-Ipcountry
X-Variation
X-HostName
X-LAGOON
X-Esi
X-Dynatrace-Js-Agent
X-Cdn-Forward
X-Vc
CDN
X-Geo
X-Datacenter
X-Render-Time
X-Oracle-DMS-ECID
Load-Balancing
X-Powered-By-VTEX-Cache
X-CSRF-TOKEN
X-Varnish-Beresp-TTL
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-B3-Spanid
X-Wormhole-Sdk
X-LiteSpeed-Cache-Control
X-LiteSpeed-Tag
Debug
X-HOST
VNS-Age
VNS-Cache
Edge-Cache
X-Auth-Group-Type
Ohc-File-Size
Hostname
X-Dispatch
X-Api-Version
Lb
X-AIR-PT
X-PDP-UNCACHING-HASH
X-Webkit-Csp-Report-Only
X-FPC
Cl-Cache
X-Ig-Push-State
Odigeo-Trace-Id
X-NC
X-Dispatcher-Number
X-WA
X-NodeID
X-MCACHE
Server-Id
X-APP-VERSION
Ohc-Cache-HIT
X-Custom-Header
X-Vgn-Hpd-Reason
GeoIP-Country-Code
X-Litespeed-Tag
X-Lb-Nocache
Cache-Name
X-PHP-Backend
X-Cdn-Cache-Status
X-Depends
X-Cs
X-ServedByHost
X-Varnish-CookieINHashed-On
X-DefHash
X-Varnish-CookieHashed-On
X-DefElseHash
X-Mid
X-Varnish-Remaining-TTL
X-CACHE-KEY
X-Cache-Ttl
X-Pad
CountryCode
X-Fastly-Backend-Reqs
PICS-Label
X-Via-PopH
X-Via-PopV
X-M-Log
X-M-Reqid
X-Ha-Backend
X-Via-PopN
X-VCL-Version
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Ms-Author-Via
X-Cdn-Request-ID
BehaviorPad-Version
X-Lb-Id
X-MiniProfiler-Ids
X-Sorting-Hat-Shopid
X-Akamai-Pragma-Client-IP
X-MSEdge-Features
X-MSEdge-Flight
X-VC-TTL
X-Proxy-Cache-La3
Xkey-La3
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
Xkeylog
X-Cache-FS-Status
X-APP
X-Cache-Enabled
FSS-Cache
Epwk-X-Cache
X-Acquia-Site
Memory
Time
X-Acquia-Application-Trace
X-IN-APIGATEWAY
Memcached
X-Web-Server
X-IN-APIGATEWAYSSL
OriginIP
X-Snapshot-Date
X-RequestId
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Geoip-Latitude
Ngx
X-Cache-Version
CF-Cached-On
X-Requestid
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
Warning
Cloudfront-Viewer-Country
X-Th-Server
X-Udemy-Cache-App-Namespace
X-Service-Response-Time
Location
Server-Info
X-Lsadc-Cache
X-Dw-Trace-Id
YJS-ID
Akamai-Cache-Status
Srvid
X-Serial
X-Check-Cacheable
X-Mg-Cache
X-FL-QIT-DEBUG
X-FL-EDGE
Sm-Log-Id