Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
X-DNS-Prefetch-Control
P3p
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
X-UA-Device
Keep-Alive
Request-Context
X-Robots-Tag
X-Server
X-Cache-Group
Allow
EagleId
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Dns-Prefetch-Control
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
Permissions-Policy
X-Pingback
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Railgun
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Backend-Server
X-WebKit-CSP
X-Cache-Lookup
X-CST
X-Host
X-Server-Id
X-Aws-Lambda-Call-Status
X-Readtime
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Node
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Application-Context
Content-Location
X-Country-Code
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
Cache-Tag
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Vname
Nginx-Cache
X-PC
X-TtlSet
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-NWS-LOG-UUID
X-Midtier
X-Times
X-MS-InvokeApp
X-Origin-Cache-Key
X-Upstream
X-Mod-Pagespeed
X-Server-Name
X-Powered-By-Plesk
X-Browser-Type
Edge-Control
X-ECACHE
X-ESI
X-Cnection
X-D2id
X-Exp-Variant
X-Element-Page-Cache
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Revision
Verso
X-Ser
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
X-RateLimit-Remaining
SPRequestDuration
SPIisLatency
X-Ac
SPRequestGuid
X-SharePointHealthScore
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-B3-TraceId
X-NF-Request-ID
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
X-Ttl
X-Client-IP
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
S
Edge-Cache-Tag
X-Daa-Tunnel
X-Webkit-Csp
X-Cache-Key
X-Cache-TTL
Fastly-Restarts
X-VARITI-CCR
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Amz-Rid
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
RTSS
X-Version
Access-Control-Request-Method
X-Goog-Hash
Response
X-Varnish-TTL
X-Middleton-Response
X-Server-ID
X-Recruiting
X-FastCGI-Cache
X-Content-Digest
X-TraceId
X-Forwarded-For
X-ARC
X-T
X-MSEdge-Ref
Arr-Disable-Session-Affinity
Cross-Origin-Resource-Policy
MS-Author-Via
MicrosoftSharePointTeamServices
Content-MD5
Front-End-Https
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
X-Shield-Request-Id
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Accel-Expires
X-Id
X-Cached
X-Forwarded-Proto
X-HS-Content-Id
X-Request-Processing-Time
X-HS-Combine-CSS
X-HS-Hub-Id
Public-Key-Pins
X-Hits
Realpath
X-FTR-Expires
X-HS-Cache-Config
X-Request-Received
Payment
X-ORACLE-DMS-RID
X-Ua-Browser
Server-Node
X-Frontend
X-Protected-By
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-RateLimit-Limit
X-LLID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-DIS-Request-ID
X-Distributor
X-Content-Security-Policy-Report-Only
X-Fastly-Request-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Correlation-Id
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-LB-Cache
TP-L2-Cache
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
Fastcgi-Cache
Count-Hit
Cache-Tags
Referer-Policy
X-Activity-Id
X-AppVersion
X-Az
X-Hostname
Host
Mrf-Cache-Status
X-Envoy-Decorator-Operation
MRF-Tech
X-NGENIX-Cache
X-Amzn-RequestId
X-Www-Served-By
X-B3-TraceId-Primal
X-Debug-Info
X-Amz-Apigw-Id
X-Cluster-Name
X-Origin-Server
X-Varnish-Backend
X-Geo-Country
Accept-Charset
X-Varnish-Server
X-Page-Id
X-App-Server
X-Ezoic-Cdn
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ratelimit-Limit
Retry-After
X-F-Cache
X-Px
X-RateLimit-Reset
X-Goog-Metageneration
X-Load-Cache
Origin-Trial
X-FB-Debug
X-CSRF-Token
X-Upgrade-Enabled
X-Seen-By
Server-Name
X-Amz-Meta-S3cmd-Attrs
TCN
Cleartype
Access-Control-Allow-Method
X-Git-Hash
X-Fastcgi-Cache
Section-Io-Cache
X-Tt-Trace-Tag
X-Request-Guid
X-Tt-Trace-Host
X-Grace
X-Cache-Control
X-Contextid
X-Azure-Ref
X-TT
X-Trace-Id
X-B
X-Revision
X-Webkit-CSP
Charset
X-Type
Paypal-Debug-Id
Healthy
X-Whom
DC
X-B3-Sampled
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Fb-Rlafr
X-Datadog-Parent-Id
X-Content-Options
X-Proxy
X-Wix-Request-Id
X-Mobile
X-Newrelic-App-Data
X-N
X-B-Cache
X-Signature
X-App-Environment
X-Node-Name
X-TTL
X-Magnolia-Registration
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Varnish-Ttl
X-Air-Pt
Filterid
Accept-Ch
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Amz-Replication-Status
X-Origin-Cache
X-Oracle-Dms-Ecid
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Frame-Options
X-Time
X-Logged-In
X-EdgeConnect-Cache-Status
Viewport
NGB
X-Unique-Id
X-Debug
VIX-Pulpo-Node
X-Oracle-Dms-Rid
X-Cache-Grace
Content-Disposition
VIX-Pulpo-Upstream-Status
X-Rendered-As
X-Tumblr-Pixel
X-RemovedCookies
X-Debug-IsConnected
X-Debug-IsPreview
X-Yottaa-Optimizations
X-Is-Bot
X-Yottaa-Metrics
Backend
X-Tumblr-Pixel-1
X-ProcessESI
X-Tumblr-Pixel-0
X-Tumblr-User
X-RTag
X-Datadog-Sampled
Fastly-SWR
SD-X-WS
Fastly-SIE
Liferay-Portal
MS-CV
X-G
Ms-Operation-Id
X-Adobe-Loc
X-Varnish-Grace
X-Adobe-Content
X-Instance
X-Hl-Ver
X-NYM-Debug-Backend
X-Backend-Name
X-Amzn-Remapped-Content-Length
X-Servername
X-UUID
X-Cache-Age
X-IPS-LoggedIn
X-WebKit-CSP-Report-Only
X-FW-Version
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Static
X-VC-Cache
X-FW-Dynamic
X-FW-Hash
X-Cacheable-TTL
X-Response-Served-From
ServerID
From-Origin
X-Original-Request-Id
X-Proxy-Cache-Info
X-Region
X-Via-JSL
X-Device-Type
X-User-Agent
X-Environment-Context
Upgrade-Insecure-Requests
Akamai-GRN
Version
X-Ratelimit-Remaining
X-Cache-Hit
X-L-Path
X-Rule
X-Ua-Device
Country
X-Status
X-B3-SpanId
X-Source
Refresh
X-Template
X-INCAP-ABP
GEO-INFO
Countrycode
CDN-RequestId
X-Fastly-Request-Id
X-Storage
X-Language
X-HTML-Minification-Powered-By
Url
X-Rid
OT-Force-Account-Verify
SRV
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Cache-Status-Check
X-WP-CF-Super-Cache-Active
Alternate-Protocol
X-Real-IP
X-NODE
AMP-Access-Control-Allow-Source-Origin
X-Origin-TTL
X-Origin-CC
WPO-Cache-Status
WPO-Cache-Message
X-ServerID
X-B3-Traceid
X-Jobs
X-VC
X-Akamai-Request-ID2
X-App-Version
X-Providence-Cookie
X-Route-Name
X-CDN-Forward
X-Is-Crawler
X-Sucuri-Cache
Surrogate-Key
X-Aspnet-Duration-Ms
X-Flags
X-Cache-Time
Access-Control-Request-Headers
X-Content-Powered-By
Protected
X-Sucuri-ID
X-Rocket-Nginx-Serving-Static
X-Handled-By
Xet-Cookie
Amp-Access-Control-Allow-Source-Origin
X-Accel-Version
Filters
X-Upstream-Ht
X-Hosted-By
X-Akamai-Edgescape
X-Upstream-Ct
Webserver
X-Rewrite-Enabled
X-Rn-Rsrv
Meta-Geo
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-TT-LOGID
X-Cache-Debug
X-Proxy-Build
X-Adobe-Source
X-Origin
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Front
X-RM-Cache-TTL
Selected-Fe
Section-Io-Id
X-JoinUs
X-Mode
X-Webstats-RespID
X-Worker
X-Timing-Wait
X-SaId
X-Nginx-Cache
X-Edge-Location
X-Detected-As
X-Cache-Operation
X-Drupal-Cache-Tags
X-Cache-Rule
X-Web-Node
X-VWS-Id
ServedBy
X-Logging-Id
X-Labrador-Cache-Channel
Node
X-Redis-Cache
X-No-Session
X-LJ-Flow-ID
X-Restarts
X-Drupal-Cache-Contexts
X-Soup
X-Varnish-Cache-Hits
X-Director
X-AWS-Id
X-PHP-Host
X-Served-From
X-Cms-Context
Atl-Traceid
X-Framework
CDN-RequestPullCode
CDN-PullZone
CDN-RequestPullSuccess
CDN-CachedAt
CDN-EdgeStorageId
X-Origin-Hint
X-Origin-Date
Mn-Server-Ip
CDN-Uid
CDN-RequestCountryCode
CDN-Cache
Webcakes-App-Name
X-Forwarded-Host
X-Geo-Region
X-Locale
X-Loop
X-Cluster
X-IPLB-Instance
X-IPLB-Request-ID
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-BYPASS-REASON
X-Browser-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-AB
Webcakes-Region
Webcakes-App-Version
Web-Mar-Node
Property-Id
Apigw-Requestid
X-RID
X-Say-Cacheable
X-Tcp-Rtt
X-Tncms
X-Skip-Cache
X-Xfnlog-Site
X-Varnish-Age
X-Tb
X-SayCDN-TTL
X-VCT
X-Site-Version
X-S
X-ProxyCache-Status
X-ProxyCache-Key
Xserver
X-Say-TTL
X-Generation-Time
X-Reqid
X-Varnish-Beresp-Grace
X-Vercel-Cache
X-Tec-Api-Version
X-Format
X-Fetched-On
X-Tec-Api-Root
X-Tec-Api-Origin
X-Vercel-Id
X-RCS-CacheZone
X-Alternate-Cache-Key
X-GeoCode
X-Storefront-Renderer-Rendered
X-Container-Uri
X-Httpd
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Cdn-Origin
Cross-Origin-Embedder-Policy
X-Shopify-Stage
X-GeoCountry
X-R9-Blue-Green-Version
X-Cache-Host
X-Git-Commit
X-Lambda-Id
X-Extlb
X-Ms-Request-Id
X-Zipkin-Id
X-Proxied
X-Ms-Version
X-Provided-By
Accept-Language
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Frame-Option
X-Routing-Service
X-Vcache
Fastcgi-Useragent
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Cache-Server
X-Sorting-Hat-ShopId
DB-Nickname
Cross-Origin-Window-Policy
X-Vcl-Version
X-Azure-Ref-OriginShield
Source
X-SRV
WP-Super-Cache
X-XRDS-Location
CF-IPCountry
X-Uri
X-Server-W
X-MP-GENERATED-AT
X-PDP-UNCACHING-HASH
X-Scope-Id
X-CMSURLCustom
X-Shield-Cache-Expires
Thinkindot-Control
X-Thinkindot-L3
TDXMobile
X-Generated-By
Cross-Origin-Embedder-Policy-Report-Only
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Sid
X-Page-View
Cache
X-Pass-Why
X-UA
Cache-Tv-Group
X-FB-TRIP-ID
Content-Secure-Policy
X-Buckets
X-Lagoon
X-Optimistic-Header
HostName
X-LSADC-Cache
X-DataDome
Onion-Location
X-Dc
Locale
X-ECache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Content-Age
X-WP-CF-Super-Cache-Cookies-Bypass
Priority
X-Use-Mantle
X-GEO
X-Request-URI
X-Http-Reason
X-Xrds-Location
User-Cache-Control
X-DynaTrace
X-Connection-Hash
Locid
Expiry
X-Datadome
Server-Host
X-Request-Start
Server-Hostname
X-Dispatcher-Server
Sever-Int
Req-ID
Server-Ext
X-Ec-GeoHdr
X-ScT
Surrogated-Key
T-Server
X-SB
DCR-Processing-Time-Ms
Candidate-Md5Url
DCR-Decision-By
Sslversion
Redirect-Candidate
X-Developer
A
Meta-Geo-Continent
MD5-Digest
Magicmarker
X-Ec-Fail
X-Bc-Bl
LB
Ngx-Var-Key
Ngx.Var.Host
X-Cache-NE
Lang
X-Platform
Origin-Agent-Cluster
Gannett-Cam-Experience-Id
X-ND-Cache
Origin
X-Cache-Bucket
Rendered-Blocks
X-Rojux
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
X-UA-Device-Type
X-Bl-Debug
X-A
X-Vdms-Path
X-Vdms-Version
X-BCube-Filmed-By
X-D
X-Cluster-Node
X-Epic-Correlation-Id
X-Vtex-Remote-Cache
X-Aed
X-Viewer-Country
X-TIM-N
X-Varnish-Hostname
X-Conf
X-SRCache-Key
Vix-Hermes-Req-Id
X-NWS-UUID-VERIFY
X-Proxy-Cache-Status
Cache-Hits
X-Application
X-GeoIP
X-B-Cookie
X-GeoIP-City
Fastly-SSL
X-Varnish-Beresp-Ttl
X-Clientip
X-Core-Value
Host-ID
X-WA-Info
X-SD-PageType
X-Fastly-Cache
X-GeoIP-Country-Code
X-Amz-Meta-Cb-Modifiedtime
DSUID
X-GeoIP-Region-Code
X-Cache-Id
Cdnsip
X-Gzip
Cluster
True-Client-Country-4JS
Content-Style-Type
Cdncip
X-Cache-Action
X-Hnp-Log
X-Ec-Custom-Error
Yak-Timeinfo
X-B3-Trace-ID
X-Debug-Cache-Store
X-Debug-Cache-Fetch
CDCHOST
Environment
X-Loc
Pramga
X-Origin-Time
X-PAYTM-SRV-ID
X-Origin-Expires
Content-Script-Type
X-S-Cookie
X-Op-Id-All
X-Destination
Release
X-Pubstack
X-Forwarded-Site
X-External-Request-Id
X-Req
X-Bip
X-TA-CDN-Provider
X-Nyt-Route
X-Node-Id
X-Kinja-CCPA
X-Varnishpool
X-Block-Status
X-AK-Request-ID
X-Level-Front-Cache
X-Thanos
X-Generated-On
X-Gen-Mode
X-Gdpr
X-NMSegId
V-Age
NM-Fastcgi-Cache
X-Esi-Check
X-Device-Os
X-Scheme
X-Cache-Expired-At
X-Service
X-Origin-Response-Time
Tube-Got-Results
Uber-Trace-Id
X-Sn-Servicetimems
X-SVT-ORM-RULES
Tube-Return
X-SVT-ORM-VERSION
X-Sql-Count
X-Sql-Duration-Ms
X-TH-Server
X-Contensis-Viewer-Groups
Tube-Got-Eval
Tube-Get-Contents
X-Request-Host
X-Region-Sid
X-RateLimit-Remaining-Second
RNT-Time
X-Fmm-Version
X-Request-Time
X-FC-Vary-Parameters
X-Server-IP
X-Section
Ssr
We-Hiring
Web-Mar-Region
X-ApacheServer
X-We-Are-Hiring
X-Amz-Storage-Class
X-Newrelic-Synthetics
X-VG-WebCache
X-Zen-Fury
X-Auto-Login
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Aicache-OS
XM
X-VG-TLSProxy
X-Ad-Load-Variation
X-V-Cache
X-Var-Ttl
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-VarnishDD-TTL
X-Varnish-Director
X-HN
RNT-Machine
Adler-Geo
X-Cache-Backend
Gh-Request-Id
X-Cache-TTL-Remaining
Apple-News-Services-Handled
X-HS-Content-Campaign-Id
Is-Eu
X-Human
X-Cache-Aspx
L
X-Geo-Header
Apple-News-Services-Host
Fastly-GeoIP-CountryCode
Click-Count-Action-Start
X-Cache-Info
X-GoCache-CacheStatus
Click-Count-Error
Country-Code
Canary
Cache-Provider
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Esi-Enabled
C-Via
X-RateLimit-Limit-Second
X-Men
Platform
X-From
PFcat
Machine
Producers
X-PERF
Req-Svc-Chain
X-Proxied-Request
X-Pool
X-Policy
X-Old-Content-Length
X-Org
On-Server
Mail-Subject
X-Mly-Id
X-Moov-Xdn-Version
X-Mvc-Supplant-Cachable
X-DPWN-IS-SECURE
X-Nginx-Cache-Key
X-Moov-T
X-Micro-Cache
X-NCache
X-NGINX-Cache
X-Cdn-Srv
X-CGP
X-Csrf-Jwt
X-Edge-Server
Cdn-Host
X-Mvc-Supplant-OutputCached
X-App-Name
X-Instance-Name
AKAMAI
X-Proto
X-Wikidot-Static-Cache
X-Test
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Wikidot-Backend
X-Up
Cache-Key
L5d-Success-Class
Proxy-Firewall
X-Fastly-Backend
X-Eu-Site
Cdn-Request-Time
HA-Ipaddr
Cf-Device-Type
X-Hash
Ha-Gx-Prefs
W
X-Via-Fastly
X-VServer
X-LB-ID
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-CacheTTL
Fastly-Drupal-HTML
X-Cache-Date
X-Accel-Expires-Debug
Fastly-Backend-Name
NGX
X-Date
X-VCache
WZWS-RAY
X-Cloudmap
X-Ah-Environment
X-Mg-Request-UUID
X-Zone
X-Ig-Origin-Region
X-COUNTRY
X-Tx-Id
X-Location
X-Via-Popn
X-DynaTrace-JS-Agent
NtCoent-Length
X-Via-Popv
X-Parent-Response-Time
X-Via-Poph
X-DC
X-API-Version
X-Branch-Name
Datacenter
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-Via-Edge
X-CACHE-GROUP
X-Via-SSL
X-HA-Backend
X-Via-CDN
Fusion-Source
Edge-Copy-Time
Pics-Label
Fusion-Component-Id
X-Refresh
X-Varnish-Hits
S-Rt
X-Correlation-ID
X-Ratelimit-Reset
X-Akamai-Transformed
X-CDN-Cache-Status
X-Servedbyhost
GeoIp-Country-Code
Type
X-VHOST
X-Wormhole-Sdk
X-Jungle-Id
X-CUA
Powered-By
Cdn
X-User
X-Ua
X-LB-NoCache
X-Esi
X-ZONE
Resin-Trace
X-TX-ID
SID
Origin-EX
Origin-CC
X-Irp-Debug
Cf-Ipcountry
Cdn-Requestid
X-Nc
Server-ID
X-Srv
X-Core-Mission
X-Render-Time
X-Wa
X-Owner
GeoIP-Latitude
X-SIPLIST1
X-Hit
Cross-Origin-Opener-Policy-Report-Only
IsBot
Fastly-Drupal-Html
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-LiteSpeed-Tag
X-Nananana
X-VTEX-Cache-Server
X-Cached-By
Uri
XkeyRZ
CloudFront-Viewer-Country
X-B3-Parentspanid
X-NewRelic-App-Data
X-Nf-Request-Id
X-Qloud-Router
X-Fpc
X-Proxy-CacheRZ
Edge-Cache
X-Client-Ip
DataCenter
X-Cs
Mime-Version
Debug
X-IAuth-Set-Uid
X-Presslabs-Stats
X-Auth-Group-Type
X-DataCenter
X-Segment-20210421
True-Client-IP
X-CS
X-URL
X-LiteSpeed-Cache-Control
X-CF-Lambda-Fn
X-Amz-Meta-Opti
Expect-Staple
X-Ig-Push-State
X-CF-Lambda-Version
X-TIME
N-Cache
X-Tt-Logid
X-Varnish-Beresp-TTL
CDN
X-AIR-PT
X-PHP-Backend
Odigeo-Trace-Id
X-Forwarded-Path
X-Orig-Expires
X-Shop-Environment
Xc-Version
X-Cache-Type
X-Tenant
Srv
X-HostName
X-Gamma-Serve
MIME-Version
Cmsid
X-Custom-Header
True-Client-Ip
X-NodeID
Cmstype
X-Vgn-Hpd-Reason
X-Geo
X-CACHE-AGE
X-Dynatrace-Js-Agent
Load-Balancing
User-Agent
X-Vmg-Version
X-Pad
CPC-Age
X-Dispatch
Tcn
X-Info
CPC-Cache
X-Cdn-Forward
X-B3-Spanid
X-Api-Version
X-DefElseHash
X-DefHash
X-NC
X-Cdn-Diag
X-Fastly-Country-Code
X-Depends
X-HOST
X-FPC
X-Varnish-CookieHashed-On
X-WA
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Vc
Request-ID
X-APP-VERSION
X-M-Reqid
Ohc-File-Size
X-M-Log
X-VC-TTL
X-CLOUD-TRACE-CONTEXT
X-Webkit-Csp-Report-Only
Hostname
Cl-Cache
X-CSRF-TOKEN
X-Variation
Server-Id
X-Datacenter
CacheControlHeader
Geoip-Latitude
X-Lb-Nocache
X-APP
X-Cache-FS-Status
Ohc-Cache-HIT
X-LAGOON
X-TimeS
X-ServedByHost
GeoIP-Country-Code
X-Cdn-Cache-Status
Cloudfront-Viewer-Country
X-Oracle-DMS-ECID
VNS-Age
VNS-Cache
PICS-Label
Epwk-X-Cache
FSS-Cache
Server-Info
X-Cache-Ttl
X-FL-QIT-DEBUG
X-MSEdge-Flight
BehaviorPad-Version
X-Via-PopH
Srvid
CountryCode
ServerHost
X-Via-PopV
X-Via-PopN
X-Ha-Backend
X-MSEdge-Features
X-Litespeed-Tag
X-Fastly-Backend-Reqs
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-VCL-Version
Rtss
X-Litespeed-Cache-Control
Xkey-La3
X-Cdn-Request-ID
X-Proxy-Cache-La3
Xkeylog
X-Lb-Id
X-Acquia-Application-UUID
Ngx
X-MiniProfiler-Ids
X-Acquia-Application-Trace
X-RequestId
Time
X-Web-Server
X-Serial
Memcached
Memory
X-Th-Server
X-Akamai-Pragma-Client-IP
X-Dispatcher-Number
X-IN-APIGATEWAYSSL
X-Check-Cacheable
X-Acquia-Site
OriginIP
X-IN-APIGATEWAY
X-Acquia-Purge-Tags
X-Snapshot-Date
X-Shardid
X-Sorting-Hat-Podid
X-Cache-Version
X-Sorting-Hat-Shopid
X-Shopid
X-RAMCache
X-Service-Response-Time
X-Ramcache
X-Mg-Cache
Akamai-Cache-Status
Warning
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
Sm-Log-Id
X-Requestid