Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
X-DNS-Prefetch-Control
P3p
X-Ua-Compatible
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
X-Request-ID
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
X-UA-Device
Keep-Alive
Request-Context
X-Robots-Tag
X-Server
Allow
X-Cache-Group
EagleId
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Dns-Prefetch-Control
Xkey
X-Age
X-Rq
X-Vhost
X-Amz-Version-Id
X-Dispatcher
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Pingback
Permissions-Policy
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-LiteSpeed-Cache
X-Device
Cf-Railgun
X-OneAgent-JS-Injection
EagleEye-TraceId
X-WebKit-CSP
X-Backend-Server
X-CST
X-Cache-Lookup
X-Host
X-Aws-Lambda-Call-Status
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Server-Id
Surrogate-Control
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
X-HW
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Application-Context
X-Node
X-Country-Code
Content-Location
X-Ruxit-JS-Agent
X-Country
Service-Worker-Allowed
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
Rating
X-Rack-Cache
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Oneagent-Js-Injection
Cross-Origin-Opener-Policy
X-TtlSet
Nginx-Cache
X-PC
X-Vname
X-Origin-Cache-Key
X-Mcache
X-Edge
X-Midtier
X-NWS-LOG-UUID
X-MS-InvokeApp
X-Times
X-Mod-Pagespeed
X-Upstream
X-Server-Name
X-Powered-By-Plesk
X-ECACHE
X-Browser-Type
Edge-Control
X-ESI
X-Cnection
X-Cdn-Fetch
X-Exp-Variant
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Element-Page-Cache
X-Exp-Id
Verso
X-Ser
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Ac
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-GitHub-Request-Id
X-Abt-Application-Version
X-B3-TraceId
X-NF-Request-ID
X-Navigation-Version
X-RateLimit-Remaining
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Ttl
AR-CACHE
X-Ruxit-Js-Agent
X-Mg-S
Display
X-Sol
X-Middleton-Display
X-Client-IP
Pagespeed
X-Server-ID
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Edge-Cache-Tag
S
Fastly-Restarts
X-Cache-Key
X-VARITI-CCR
X-Cache-TTL
X-Daa-Tunnel
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Amz-Rid
X-Amzn-Trace-Id
RTSS
Cache-Status
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Goog-Hash
Response
X-Middleton-Response
X-Recruiting
X-Webkit-Csp
X-Content-Digest
X-Varnish-TTL
X-TraceId
X-ARC
X-Forwarded-For
X-T
X-FastCGI-Cache
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Cross-Origin-Resource-Policy
MS-Author-Via
Content-MD5
X-SRCache-Store-Status
Front-End-Https
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
TP-Cache
X-Shield-Request-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-Accel-Expires
X-Forwarded-Proto
X-Hits
X-Cached
X-HS-Content-Id
X-HS-Hub-Id
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Id
Public-Key-Pins
X-HS-Cache-Config
X-Ua-Browser
Realpath
Server-Node
X-FTR-Expires
X-Frontend
Payment
X-Protected-By
X-LLID
X-Fastly-Request-ID
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Distributor
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-DMS-RID
X-Correlation-Id
X-GUploader-UploadID
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Request-Handler-Origin-Region
X-Microsite
Fastcgi-Cache
X-Debug-Info
Count-Hit
Referer-Policy
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Envoy-Decorator-Operation
X-Activity-Id
Mrf-Cache-Status
MRF-Tech
X-AppVersion
Host
X-B3-TraceId-Primal
X-Az
X-Origin-Server
X-Varnish-Backend
X-Cluster-Name
X-Hostname
X-Www-Served-By
X-NGENIX-Cache
X-Page-Id
X-Varnish-Server
X-Geo-Country
Accept-Charset
X-TEC-API-ROOT
X-Ratelimit-Limit
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-App-Server
X-Ezoic-Cdn
X-Fastcgi-Cache
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-F-Cache
Retry-After
X-XRDS-LOCATION
Origin-Trial
X-Load-Cache
X-Px
X-Goog-Metageneration
X-FB-Debug
X-CSRF-Token
X-Seen-By
X-Upgrade-Enabled
Server-Name
X-Amz-Meta-S3cmd-Attrs
TCN
Cleartype
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
X-Webkit-CSP
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Varnish-Ttl
Section-Io-Cache
X-Grace
X-Request-Guid
X-Cache-Control
X-B3-Sampled
X-Oracle-Dms-Ecid
X-B
X-Contextid
X-TT
X-Trace-Id
X-Azure-Ref
X-Revision
X-Type
X-Whom
Paypal-Debug-Id
Healthy
Charset
DC
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
X-Fb-Rlafr
X-Proxy
X-Wix-Request-Id
X-Mobile
X-B-Cache
X-Newrelic-App-Data
X-Air-Pt
X-Signature
X-N
X-App-Environment
Accept-Ch
X-Node-Name
X-Oracle-Dms-Rid
X-Ratelimit-Remaining
X-Magnolia-Registration
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Filterid
X-Hcs-Proxy-Type
X-Amz-Replication-Status
Frame-Options
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-NODE
X-Origin-Cache
X-EdgeConnect-Cache-Status
X-Logged-In
X-Time
X-TTL
Viewport
NGB
X-Unique-Id
Content-Disposition
Backend
VIX-Pulpo-Node
X-Response-Served-From
X-Debug
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Yottaa-Metrics
X-Is-Bot
X-Tumblr-Pixel
X-Debug-IsConnected
X-Debug-IsPreview
X-ProcessESI
X-Tumblr-Pixel-0
X-Yottaa-Optimizations
X-Cache-Grace
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-User
X-Rendered-As
Fastly-SIE
X-RTag
Liferay-Portal
MS-CV
Fastly-SWR
Ms-Operation-Id
X-FW-Version
X-Varnish-Grace
X-G
X-Servername
X-FW-Hash
X-FW-Type
X-Datadog-Sampled
X-Adobe-Content
X-Adobe-Loc
X-FW-Static
X-FW-Server
SD-X-WS
X-FW-Dynamic
X-FW-Serve
X-Ua-Device
X-IPS-LoggedIn
X-Backend-Name
X-Hl-Ver
X-Instance
X-Amzn-Remapped-Content-Length
X-UUID
X-VC-Cache
X-NYM-Debug-Backend
From-Origin
ServerID
X-Cacheable-TTL
X-Device-Type
X-Cache-Age
Upgrade-Insecure-Requests
X-Region
Akamai-GRN
X-Via-JSL
X-L-Path
X-Proxy-Cache-Info
X-Environment-Context
X-User-Agent
Version
X-Rule
X-Cache-Hit
X-WebKit-CSP-Report-Only
X-Status
Country
X-B3-SpanId
Refresh
X-Source
CDN-RequestId
X-Template
X-INCAP-ABP
Countrycode
GEO-INFO
SRV
X-Rid
X-Language
X-Storage
Url
X-HTML-Minification-Powered-By
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Cache-Status-Check
Alternate-Protocol
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
X-B3-Traceid
X-Origin-CC
X-Fastly-Request-Id
X-Origin-TTL
Amp-Access-Control-Allow-Source-Origin
X-Real-IP
WPO-Cache-Message
WPO-Cache-Status
X-App-Version
X-CDN-Forward
X-Jobs
X-ServerID
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Flags
X-Is-Crawler
X-Akamai-Request-ID2
X-VC
Surrogate-Key
X-Content-Powered-By
X-Cache-Time
Access-Control-Request-Headers
X-Sucuri-Cache
X-TT-LOGID
Protected
X-Mode
X-Handled-By
AMP-Access-Control-Allow-Source-Origin
Xet-Cookie
X-Nginx-Cache
X-Rocket-Nginx-Serving-Static
X-Sucuri-ID
X-Accel-Version
Meta-Geo
X-Upstream-Ht
X-Akamai-Edgescape
X-Endurance-Cache-Level
Webserver
Filters
X-Xfnlog-Site
X-Rewrite-Enabled
X-Hosted-By
X-Upstream-Ct
X-UPSTREAM-Address
X-Rn-Rsrv
X-Cache-Rule
X-Adobe-Source
X-RM-Cache-TTL
X-AWS-Id
X-Cache-Operation
X-Detected-As
Selected-Fe
Section-Io-Id
Cross-Origin-Embedder-Policy
ServedBy
X-GeoCountry
X-Drupal-Cache-Tags
X-Edge-Location
X-GeoCode
X-Cache-Debug
X-LJ-Flow-ID
X-SaId
X-Webstats-RespID
X-Proxy-Build
X-VWS-Id
X-Origin
X-Tumblr-Pixel-3
X-Timing-Wait
X-Tumblr-Pixel-2
X-Worker
X-JoinUs
X-PHP-Host
X-Labrador-Cache-Channel
X-Web-Node
X-Zipkin-Id
Webcakes-Region
Atl-Traceid
Front
X-Varnish-Cache-Hits
X-Cms-Context
X-Cluster
X-Served-From
TWC-Privacy
X-Say-TTL
X-Say-Cacheable
TWC-Connection-Speed
Property-Id
Node
X-SayCDN-TTL
Mn-Server-Ip
TWC-Device-Class
TWC-GeoIP-Country
Web-Mar-Node
Webcakes-App-Name
X-Director
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Routing-Service
Webcakes-App-Version
X-Restarts
X-Platform-Cluster
X-Origin-Hint
X-No-Session
X-Platform-Processor
X-Vcache
X-Proxied
X-Platform-Router
X-Soup
X-Logging-Id
X-Framework
X-Drupal-Cache-Contexts
X-Redis-Cache
X-Extlb
X-Is-Tablet
X-Is-Mobile
X-Origin-Date
X-S
X-Loop
X-Lambda-Id
X-Locale
X-Is-Desktop
X-IPLB-Instance
X-BYPASS-REASON
X-VCT
X-Tcp-Rtt
X-Varnish-Age
X-Skip-Cache
X-Site-Version
X-Tncms
X-RCS-CacheZone
X-Browser-Name
X-Forwarded-Host
Xserver
X-Is-Supported-Browser
X-AB
X-Tb
X-ProxyCache-Key
X-ProxyCache-Status
X-Geo-Region
X-IPLB-Request-ID
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-PullZone
CDN-EdgeStorageId
Apigw-Requestid
CDN-CachedAt
CDN-Uid
CDN-RequestPullSuccess
X-Container-Uri
X-Httpd
X-Cache-Host
X-Alternate-Cache-Key
Azure-InstanceId
X-Shopify-Stage
X-Git-Commit
X-Reqid
X-Fetched-On
X-Vercel-Id
Azure-RegionName
X-Format
X-Generation-Time
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Grace
X-Cdn-Origin
X-Vercel-Cache
Azure-SlotName
Azure-Version
Azure-SiteName
X-R9-Blue-Green-Version
X-Provided-By
X-Ms-Version
X-Frame-Option
X-Ms-Request-Id
Accept-Language
X-Cache-Server
Fastcgi-Useragent
X-ShopId
X-ShardId
X-RID
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-XRDS-Location
DB-Nickname
X-SRV
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
CF-IPCountry
X-Server-W
WP-Super-Cache
Cross-Origin-Window-Policy
X-Azure-Ref-OriginShield
X-Vcl-Version
Source
X-MP-GENERATED-AT
X-Uri
X-Page-View
Cross-Origin-Embedder-Policy-Report-Only
X-Generated-By
X-Shield-Cache-Expires
X-Scope-Id
Thinkindot-Control
X-Xrds-Location
X-CMSURLCustom
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Thinkindot-L3
Cache
Cache-Tv-Group
X-Pass-Why
X-FB-TRIP-ID
X-DataDome
X-Buckets
Content-Secure-Policy
Sid
X-PDP-UNCACHING-HASH
X-UA
X-LSADC-Cache
X-Lagoon
X-Optimistic-Header
Onion-Location
HostName
Locale
X-Use-Mantle
X-Urbn-Site-Id
X-Urbn-Context-Path
X-WP-CF-Super-Cache-Cookies-Bypass
X-Http-Reason
X-Content-Age
X-GEO
Priority
X-DynaTrace
X-Request-URI
User-Cache-Control
X-Dc
Expiry
X-Connection-Hash
Locid
Cdncip
Server-Ext
Candidate-Md5Url
A
Req-ID
Redirect-Candidate
Ngx.Var.Host
Lang
LB
Ngx-Var-Key
Meta-Geo-Continent
Magicmarker
Gannett-Cam-Experience-Id
Origin
Origin-Agent-Cluster
MD5-Digest
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
Rendered-Blocks
X-Conf
X-Op-Id-All
X-Platform
X-Request-Start
X-Rojux
X-ND-Cache
X-External-Request-Id
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-S-Cookie
X-SB
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-Zen-Fury
X-Vdms-Path
X-Varnish-Hostname
X-ScT
X-SRCache-Key
X-TIM-N
X-UA-Device-Type
X-Developer
X-Destination
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
Vix-Hermes-Req-Id
T-Server
Server-Hostname
Sever-Int
Sslversion
Surrogated-Key
X-A-Wwc
X-Aed
X-Bl-Debug
X-Cache-Bucket
X-Cache-NE
X-D
X-BCube-Filmed-By
X-Bc-Bl
X-AK-Request-ID
X-Application
X-B-Cookie
Server-Host
X-A-Dgt
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-Kinja-CCPA
X-TA-CDN-Provider
X-Proxy-Cache-Status
X-Newrelic-Synthetics
X-Bip
X-Block-Status
X-Datadome
X-B3-Trace-ID
X-Cache-Aspx
X-Auto-Login
X-Cache-TTL-Remaining
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Value
X-Contensis-Viewer-Groups
X-Amz-Meta-Cb-Modifiedtime
X-Clientip
X-Cache-Id
Wxu-Next-Hostname
Pramga
Producers
Platform
NM-Fastcgi-Cache
Host-ID
Is-Eu
Release
X-Sql-Duration-Ms
X-Device-Os
Wxu-Next-Region
Wxu-Next-Commit
V-Age
X-Sql-Count
True-Client-Country-4JS
X-Ad-Load-Variation
X-Ec-Custom-Error
X-PAYTM-SRV-ID
X-Pubstack
X-Req
X-Origin-Time
X-Origin-Expires
X-Node-Id
X-Nyt-Route
X-Scheme
X-SD-PageType
X-WA-Info
XM
Yak-Timeinfo
X-Varnishpool
X-Cache-Action
X-Thanos
X-Varnish-Authentication
X-NMSegId
X-Nginx-Cache-Key
X-Gdpr
X-Gen-Mode
X-Generated-On
X-Forwarded-Site
X-Fastly-Cache
Fastly-SSL
X-Esi-Check
X-GeoIP
X-GeoIP-City
X-Loc
X-NCache
X-Level-Front-Cache
X-Hnp-Log
X-GeoIP-Country-Code
X-Gzip
X-DPWN-IS-SECURE
X-GeoIP-Region-Code
DSUID
Environment
C-Via
CDCHOST
Cluster
Content-Style-Type
Adler-Geo
Content-Script-Type
Cache-Hits
Fastly-Drupal-HTML
X-Service
X-Origin-Response-Time
X-Request-Host
X-VG-WebCache
Web-Mar-Region
We-Hiring
X-Cache-Expired-At
Apple-News-Services-Host
X-Cdn-Srv
X-RateLimit-Remaining-Second
X-Region-Sid
X-Request-Time
Apple-News-Services-Handled
Tube-Got-Results
Fastly-GeoIP-CountryCode
Tube-Got-Eval
Tube-Return
Uber-Trace-Id
X-Org
X-VG-TLSProxy
X-Cache-Info
Click-Count-Error
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Proxied-Request
X-Varnish-Beresp-Status
X-Pool
Canary
X-BBC-Edge-Cache-Status
X-Old-Content-Length
X-Backend-Instance
X-ApacheServer
X-Cache-Backend
Click-Count-Action-Start
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-RateLimit-Limit-Second
X-PERF
X-Amz-Storage-Class
X-HS-Content-Campaign-Id
Cache-Provider
X-Policy
Tube-Get-Contents
X-From
X-We-Are-Hiring
X-TH-Server
X-Aicache-OS
Esi-Enabled
X-Men
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-ECache
On-Server
X-Geo-Header
Mail-Subject
X-GoCache-CacheStatus
X-HN
Gh-Request-Id
X-Var-Ttl
X-V-Cache
X-Human
Machine
X-Instance-Name
X-Varnish-Director
L
X-Fmm-Version
PFcat
X-Moov-T
RNT-Time
RNT-Machine
X-SVT-ORM-VERSION
Country-Code
X-Moov-Xdn-Version
Ssr
X-Server-IP
Req-Svc-Chain
X-Sn-Servicetimems
X-Section
X-FC-Vary-Parameters
X-Mly-Id
X-SVT-ORM-RULES
X-VarnishDD-TTL
X-NWS-UUID-VERIFY
AKAMAI
X-Wikidot-Static-Cache
X-Mvc-Supplant-OutputCached
X-Hash
X-DC
X-Eu-Site
X-Csrf-Jwt
X-Fastly-Backend
X-Edge-Server
Cache-Key
X-Wikidot-Backend
X-CGP
X-VServer
Cf-Device-Type
X-Slack-Shared-Secret-Outcome
Proxy-Firewall
X-App-Name
X-Ratelimit-Reset
X-Slack-Backend
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
W
X-Test
X-Proto
X-Cache-Date
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Up
Cdn-Host
Cdn-Request-Time
X-Tx-Id
WZWS-RAY
X-Ah-Environment
NGX
X-Tb-Optimization-Total-Bytes-Saved
Fastly-Backend-Name
X-LB-ID
X-Via-Fastly
X-Cloudmap
X-Accel-Expires-Debug
X-CacheTTL
X-Date
X-NGINX-Cache
X-API-Version
X-Branch-Name
X-Mg-Request-UUID
X-COUNTRY
X-Zone
X-VCache
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-Ig-Origin-Region
Edge-Copy-Time
X-Via-Popn
X-Servedbyhost
X-CACHE-GROUP
X-HA-Backend
Pics-Label
X-Parent-Response-Time
NtCoent-Length
X-Via-Popv
X-Via-Poph
X-Location
X-Varnish-Hits
S-Rt
Datacenter
X-Correlation-ID
X-DynaTrace-JS-Agent
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
Type
X-Refresh
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Ua
X-VHOST
Cdn
SID
X-Akamai-Transformed
Origin-EX
X-CUA
GeoIp-Country-Code
X-LB-NoCache
Resin-Trace
X-CDN-Cache-Status
X-Jungle-Id
X-Wormhole-Sdk
Origin-CC
X-Esi
Powered-By
X-Wa
X-Nc
X-User
X-Irp-Debug
X-ZONE
X-Owner
Server-ID
X-Core-Mission
GeoIP-Latitude
IsBot
Cross-Origin-Opener-Policy-Report-Only
X-SIPLIST1
X-Hit
X-Render-Time
X-Fpc
Cf-Ipcountry
X-TX-ID
X-LiteSpeed-Tag
X-Nananana
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-NewRelic-App-Data
X-Nf-Request-Id
X-Proxy-CacheRZ
Debug
Cdn-Requestid
CloudFront-Viewer-Country
X-Cached-By
X-Srv
XkeyRZ
X-B3-Parentspanid
X-Qloud-Router
X-Client-Ip
DataCenter
Uri
X-CS
X-URL
X-Segment-20210421
X-DataCenter
Edge-Cache
X-Presslabs-Stats
X-IAuth-Set-Uid
Mime-Version
X-Cs
Expect-Staple
X-CF-Lambda-Fn
N-Cache
X-Amz-Meta-Opti
Fastly-Drupal-Html
X-TIME
True-Client-IP
X-Auth-Group-Type
X-CF-Lambda-Version
X-Ig-Push-State
Xc-Version
X-Orig-Expires
X-Shop-Environment
X-Cache-Type
X-Tenant
X-Forwarded-Path
X-Dynatrace-Js-Agent
X-LiteSpeed-Cache-Control
CDN
X-HostName
X-Gamma-Serve
X-PHP-Backend
Odigeo-Trace-Id
MIME-Version
Cmstype
X-Tt-Logid
True-Client-Ip
Cmsid
X-Varnish-Beresp-TTL
X-CACHE-AGE
X-Vgn-Hpd-Reason
Tcn
X-Info
CPC-Cache
X-NodeID
CPC-Age
Load-Balancing
User-Agent
X-Vmg-Version
X-Custom-Header
X-B3-Spanid
X-Geo
X-Webkit-Csp-Report-Only
X-AIR-PT
X-Cdn-Diag
X-Dispatch
Srv
X-HOST
X-Vc
X-Fastly-Country-Code
X-Depends
X-Pad
Request-ID
X-DefHash
X-FPC
X-DefElseHash
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
Ohc-File-Size
X-Cdn-Forward
Cl-Cache
X-Variation
X-M-Reqid
X-VC-TTL
X-M-Log
Hostname
X-CSRF-TOKEN
X-Datacenter
X-WA
X-Api-Version
X-NC
X-APP-VERSION
Server-Id
GeoIP-Country-Code
CacheControlHeader
X-TimeS
Ohc-Cache-HIT
X-LAGOON
Geoip-Latitude
X-APP
X-Cache-FS-Status
X-Cdn-Cache-Status
X-Lb-Nocache
X-Oracle-DMS-ECID
X-ServedByHost
VNS-Cache
Cloudfront-Viewer-Country
VNS-Age
Epwk-X-Cache
X-Cache-Ttl
X-Via-PopN
FSS-Cache
X-Ha-Backend
CountryCode
PICS-Label
X-Fastly-Backend-Reqs
X-Litespeed-Tag
Server-Info
X-Via-PopH
X-Via-PopV
X-Srcache-Fetch-Status
X-Litespeed-Cache-Control
X-VCL-Version
X-Srcache-Store-Status
X-Lb-Id
Srvid
Xkey-La3
X-FL-QIT-DEBUG
Xkeylog
X-MSEdge-Features
X-MSEdge-Flight
BehaviorPad-Version
X-Cdn-Request-ID
X-Proxy-Cache-La3
X-IN-APIGATEWAY
X-Snapshot-Date
X-Dispatcher-Number
X-MiniProfiler-Ids
X-Th-Server
Ngx
X-IN-APIGATEWAYSSL
X-RequestId
OriginIP
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Akamai-Pragma-Client-IP
X-Acquia-Site
ServerHost
Time
X-Acquia-Purge-Tags
Memory
X-Serial
X-Check-Cacheable
Memcached
X-Web-Server
X-Cache-Version
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-RAMCache
Serverhost
X-Ramcache
X-Service-Response-Time
X-Udemy-Cache-App-Namespace
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
Sm-Log-Id
X-Dw-Trace-Id
Warning
Akamai-Cache-Status
X-Mg-Cache
X-Requestid