Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
P3p
Accept-CH
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Check
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Allow
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
EagleId
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Ali-Swift-Global-Savetime
X-WebKit-CSP
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Dns-Prefetch-Control
X-CST
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Litespeed-Cache
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Accept-Ch-Lifetime
Cache-Tag
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
Nginx-Cache
X-MS-InvokeApp
X-TtlSet
X-Vname
X-PC
X-ESI
X-Upstream
X-Powered-By-Plesk
X-ECACHE
Rating
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
Verso
X-Times
X-Cnection
X-Element-Page-Cache
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Ac
SPIisLatency
SPRequestDuration
X-B3-TraceId
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
X-RateLimit-Remaining
X-Ruxit-Js-Agent
X-SharePointHealthScore
X-NWS-LOG-UUID
SPRequestGuid
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-NF-Request-ID
X-Vcap-Request-Id
X-GitHub-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Mg-S
X-VARITI-CCR
X-Client-IP
S
X-Sol
X-Middleton-Display
Display
Pagespeed
Edge-Cache-Tag
X-Ttl
X-Cache-Key
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
Cache-Status
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Edge-Location-Klb
X-Goog-Hash
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Recruiting
X-Varnish-TTL
X-Server-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
Origin-Trial
X-SRCache-Store-Status
X-MSEdge-Ref
X-SRCache-Fetch-Status
Content-MD5
X-Daa-Tunnel
MicrosoftSharePointTeamServices
TP-Cache
X-Accel-Expires
X-Content-Security-Policy-Report-Only
X-Shield-Request-Id
Front-End-Https
X-Hits
X-Cached
Cross-Origin-Resource-Policy
X-Id
Public-Key-Pins
MS-Author-Via
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FastCGI-Cache
X-HS-Hub-Id
X-Ua-Browser
Server-Node
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Request-Processing-Time
X-Request-Received
X-DIS-Request-ID
X-FTR-Expires
Payment
X-ORACLE-DMS-RID
X-Forwarded-Proto
X-Frontend
X-LLID
Realpath
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Webkit-Csp
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Ratelimit-Limit
X-Distributor
X-LB-Cache
Cache-Tags
X-Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
Referer-Policy
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-B3-TraceId-Primal
Count-Hit
X-Hostname
Mrf-Cache-Status
X-Page-Id
MRF-Tech
X-Activity-Id
X-AppVersion
X-Az
X-Www-Served-By
X-Debug-Info
X-NGENIX-Cache
X-Cluster-Name
X-Correlation-Id
Host
Fastcgi-Cache
X-Varnish-Backend
Accept-Charset
X-F-Cache
X-Varnish-Server
X-RateLimit-Limit
X-Geo-Country
X-Envoy-Decorator-Operation
X-App-Server
X-PressLabs-Stats
X-Fastly-Request-Id
X-Ua-Device
X-FB-Debug
X-Goog-Metageneration
X-TTL
Retry-After
X-RateLimit-Reset
Access-Control-Allow-Method
X-Git-Hash
X-CSRF-Token
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Upgrade-Enabled
X-Load-Cache
X-Content-Options
X-Seen-By
X-Px
Server-Name
X-Revision
X-Request-Guid
X-Datadog-Parent-Id
X-Tt-Trace-Tag
TCN
X-Tt-Trace-Host
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Contextid
Section-Io-Cache
X-Trace-Id
Charset
X-Type
X-Amz-Meta-S3cmd-Attrs
X-Cache-Control
X-B3-Sampled
X-Varnish-Ttl
X-Grace
X-B
Cleartype
Paypal-Debug-Id
X-TT
DC
Healthy
X-Newrelic-App-Data
X-B-Cache
X-Whom
X-Signature
X-Fb-Rlafr
X-Wix-Request-Id
X-App-Environment
X-Node-Name
X-WebKit-CSP-Report-Only
X-Origin-Cache
Frame-Options
X-Mobile
X-Azure-Ref
X-Proxy
X-Amz-Replication-Status
X-Magnolia-Registration
X-Kinja-CCPA
X-Goog-Storage-Class
X-Air-Pt
X-Goog-Stored-Content-Length
X-EdgeConnect-Cache-Status
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-N
X-Logged-In
Accept-Ch
X-Oracle-Dms-Ecid
Filterid
X-Rid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Route-Name
X-Aspnet-Duration-Ms
X-Language
X-Is-Crawler
X-Providence-Cookie
X-Flags
Content-Disposition
Akamai-GRN
Backend
NGB
X-Time
X-Original-Request-Id
X-Cache-Age
VIX-Pulpo-Node
X-Response-Served-From
X-Oracle-Dms-Rid
VIX-Pulpo-Upstream-Status
X-Rendered-As
Upgrade-Insecure-Requests
X-Template
X-Is-Bot
Liferay-Portal
X-RemovedCookies
X-ProcessESI
MS-CV
Ms-Operation-Id
SD-X-WS
X-Unique-Id
Viewport
X-Debug-IsConnected
X-Datadog-Sampled
X-Tumblr-Pixel-1
X-Servername
X-Tumblr-Pixel
X-Tumblr-User
X-Varnish-Grace
X-Debug-IsPreview
X-Proxy-Cache-Info
X-RTag
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Fastly-Request-ID
X-Adobe-Content
X-FW-Dynamic
X-FW-Serve
X-Amzn-Remapped-Content-Length
X-Debug
X-Adobe-Loc
Refresh
X-FW-Server
X-UUID
X-FW-Hash
X-Instance
X-FW-Static
X-IPS-LoggedIn
X-FW-Version
X-FW-Type
X-Cacheable-TTL
X-L-Path
Fastly-SWR
X-Cache-Grace
X-NYM-Debug-Backend
X-Environment-Context
Fastly-SIE
X-Region
X-G
X-Hl-Ver
From-Origin
X-B3-SpanId
X-Device-Type
X-Backend-Name
X-User-Agent
X-Status
X-App-Version
X-Rule
X-Cache-Hit
Country
X-Ratelimit-Remaining
X-Via-JSL
X-Hcs-Proxy-Type
ServerID
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Url
X-Jobs
X-VC-Cache
X-INCAP-ABP
Countrycode
X-Origin-CC
X-Origin-TTL
WPO-Cache-Message
Version
WPO-Cache-Status
Alternate-Protocol
X-Webkit-CSP
X-Air-Hostname
X-Air-Trace-Id
X-HTML-Minification-Powered-By
X-Air-Source
X-Cache-Status-Check
X-Source
Surrogate-Key
X-Akamai-Request-ID2
X-Page-View
X-Hosted-By
CDN-RequestId
GEO-INFO
AMP-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-NODE
X-Storage
X-WP-CF-Super-Cache-Active
Protected
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
OT-Force-Account-Verify
X-Accel-Version
X-B3-Traceid
X-VC
X-Tec-Api-Version
X-Real-IP
Access-Control-Request-Headers
X-Tec-Api-Origin
X-Tec-Api-Root
X-Framework
X-Edge-Location
X-Nginx-Cache
Front
X-Cache-Rule
X-ServerID
X-Mode
Amp-Access-Control-Allow-Source-Origin
SRV
X-Http-Reason
X-Cache-Time
X-Upstream-Ct
X-UPSTREAM-Address
X-Upstream-Ht
X-Rn-Rsrv
Filters
X-Cache-Operation
X-Rewrite-Enabled
Webserver
X-Xfnlog-Site
Meta-Geo
X-Cache-Debug
X-Detected-As
X-Director
X-JoinUs
X-AWS-Id
ServedBy
Accept-Language
Cross-Origin-Embedder-Policy
Mn-Server-Ip
Selected-Fe
X-LJ-Flow-ID
X-Origin
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Httpd
X-Timing-Wait
X-Soup
X-Proxy-Build
X-SaId
X-Served-From
Xet-Cookie
X-VWS-Id
X-TT-LOGID
X-Extlb
X-Endurance-Cache-Level
X-Cms-Context
X-Cluster
X-Format
Apigw-Requestid
X-Logging-Id
X-Use-Mantle
TWC-Connection-Speed
X-Labrador-Cache-Channel
X-Handled-By
X-BYPASS-REASON
Webcakes-Region
TWC-Locale-Group
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
Node
X-No-Session
Webcakes-App-Version
Webcakes-App-Name
Web-Mar-Node
X-Adobe-Source
X-Lambda-Id
X-Say-TTL
X-SayCDN-TTL
X-Web-Node
X-Say-Cacheable
X-Redis-Cache
X-Restarts
X-Routing-Service
X-Origin-Hint
X-Worker
X-Proxied
X-PHP-Host
Section-Io-Id
X-Zipkin-Id
Xserver
X-ProxyCache-Status
X-ProxyCache-Key
X-AB
X-Site-Version
X-Varnish-Beresp-Grace
X-VCT
X-Varnish-Age
X-Tncms
X-Tcp-Rtt
X-Skip-Cache
X-RM-Cache-TTL
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-Locale
X-Loop
X-Is-Desktop
X-IPLB-Request-ID
X-Geo-Region
X-S
X-GeoCountry
X-RCS-CacheZone
X-IPLB-Instance
X-Browser-Name
X-GeoCode
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-CDN-Forward
DB-Nickname
X-Cache-Server
X-Platform-Router
X-Cache-Host
X-Git-Commit
X-Vercel-Cache
X-Generation-Time
X-Container-Uri
X-Vercel-Id
X-Platform-Cluster
CF-IPCountry
X-Tb
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Reqid
X-Platform-Processor
X-Fetched-On
X-R9-Blue-Green-Version
X-Server-W
X-Provided-By
X-Drupal-Cache-Contexts
X-Webstats-RespID
X-Ms-Request-Id
X-Frame-Option
X-Ms-Version
X-Vcache
X-Uri
X-DynaTrace
CDN-RequestPullCode
CDN-RequestPullSuccess
X-MP-GENERATED-AT
CDN-Cache
CDN-Uid
X-Storefront-Renderer-Rendered
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
X-Alternate-Cache-Key
CDN-RequestCountryCode
X-Shopify-Stage
X-Origin-Date
X-Sucuri-Cache
WP-Super-Cache
X-ShopId
X-ShardId
Cache-Tv-Group
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Fastcgi-Useragent
Source
X-Vcl-Version
X-XRDS-Location
X-Sucuri-ID
Priority
X-FB-TRIP-ID
Content-Secure-Policy
X-Cdn-Origin
X-Generated-By
X-Sql-Duration-Ms
X-Sql-Count
Sid
Cross-Origin-Embedder-Policy-Report-Only
X-SRV
X-Pass-Why
Onion-Location
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Content-Age
Atl-Traceid
X-Buckets
Thinkindot-CacheControl
X-Shield-Cache-Expires
X-CMSURLCustom
HostName
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
X-Thinkindot-L3
X-Scope-Id
X-Newrelic-Synthetics
Cache
X-Cluster-Node
X-DataDome
X-ECache
Cross-Origin-Window-Policy
WZWS-RAY
X-LSADC-Cache
X-Proxy-Cache-Status
S-Rt
X-TA-CDN-Provider
X-Cache-Action
X-GEO
X-Cache-Expired-At
X-WP-CF-Super-Cache-Cookies-Bypass
X-Dc
X-Optimistic-Header
X-Xrds-Location
User-Cache-Control
X-Varnish-Beresp-Ttl
X-Via-SSL
X-Connection-Hash
X-Via-CDN
X-Ua
Expiry
Edge-Copy-Time
X-Via-Edge
Candidate-Md5Url
CDCHOST
X-Developer
MD5-Digest
X-Cache-NE
Meta-Geo-Continent
X-Cache-Bucket
DCR-Decision-By
DCR-Processing-Time-Ms
Lang
L
Gannett-Cam-Experience-Id
X-D
X-Instance-Name
X-Conf
X-Destination
X-Dispatcher-Server
X-Op-Id-All
Apple-News-Services-Request-Url
X-PAYTM-SRV-ID
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
Apple-News-Services-Parsed-Url
Ngx.Var.Host
A
Ngx-Var-Key
X-Ec-Custom-Error
Apple-News-Services-Handled
Apple-News-Services-Host
X-External-Request-Id
X-BCube-Filmed-By
X-A-Wwc
X-Vtex-Remote-Cache
Sslversion
X-S-Cookie
X-B-Cookie
Sever-Int
X-Viewer-Country
X-Aed
X-A-Dgt
X-Rojux
X-Access
Vix-Hermes-Req-Id
T-Server
X-Section
X-Application
X-SRCache-Key
X-ScT
X-Scheme
X-SB
X-TIM-N
Surrogated-Key
X-A-Dam
X-A-Dcw
X-A-Ccd
X-Bl-Debug
Redirect-Candidate
Server-Hostname
X-Vdms-Version
Origin-Agent-Cluster
X-Platform
X-A
Origin
Rendered-Blocks
X-Request-Start
Server-Ext
Server-Host
X-Bc-Bl
X-Varnish-Hostname
Req-ID
X-Vdms-Path
Cluster
Type
Wxu-Next-Commit
DSUID
X-Acquia-Purge-Cdn-Unconfigured
Content-Script-Type
Wxu-Next-Region
Content-Style-Type
X-Esi-Check
Wxu-Next-Hostname
V-Age
Fastly-GeoIP-CountryCode
X-Fastly-Cache
X-Cache-Id
X-Cache-Info
X-BBC-Edge-Cache-Status
X-Bip
Req-Svc-Chain
X-Branch-Name
X-Block-Status
Pramga
Release
X-B3-Trace-ID
X-Cache-TTL-Remaining
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Auto-Login
X-Amz-Meta-Cb-Modifiedtime
NM-Fastcgi-Cache
Ssr
X-Clientip
Host-ID
X-Core-Value
Fastly-SSL
Environment
X-Pool
X-Node-Id
X-NMSegId
X-Nyt-Route
X-Sigma-Backend
X-Origin-Time
X-Nginx-Cache-Key
X-NCache
X-TH-Server
X-Mly-Id
X-Rocket-Build-Number
X-Moov-Xdn-Version
X-Sigma
X-SD-PageType
X-Zen-Fury
X-We-Are-Hiring
Magicmarker
X-Request-Time
X-Request-URI
X-WA-Info
X-Req
X-Proxied-Request
X-Pubstack
X-VServer
X-VCache
X-Thanos
X-Moov-T
X-UA-Device-Type
C-Via
X-GeoIP-Country-Code
X-VG-WebCache
X-Gdpr
X-Gen-Mode
X-Varnishpool
X-Generated-On
X-Varnish-Director
X-Varnish-Beresp-Status
Cache-Provider
X-GeoIP-Region-Code
X-Human
X-Level-Front-Cache
X-Loc
X-VG-TLSProxy
X-Forwarded-Site
X-Gzip
X-Hnp-Log
X-Correlation-ID
X-Datadome
X-TimeS
X-Service
X-Mg-Request-UUID
X-Origin-Response-Time
X-Var-Ttl
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Ad-Load-Variation
X-V-Cache
X-Aicache-OS
X-Server-IP
X-ApacheServer
X-Varnish-Authentication
X-Policy
X-Men
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Contensis-Viewer-Groups
X-Cdn-Srv
X-Mvc-Supplant-Cachable
X-GoCache-CacheStatus
X-GeoIP-City
X-From
X-Fmm-Version
X-DPWN-IS-SECURE
X-Geo-Header
X-Device-Os
X-GeoIP
X-Mvc-Supplant-OutputCached
X-Cache-Date
X-Region-Sid
X-RateLimit-Remaining-Second
X-Request-Host
Yak-Timeinfo
Cdnsip
X-AK-Request-ID
X-ND-Cache
X-RateLimit-Limit-Second
X-Org
X-Old-Content-Length
X-PERF
X-Cache-Aspx
X-FC-Vary-Parameters
Cdncip
Producers
Click-Count-Error
Country-Code
On-Server
Platform
RNT-Time
Click-Count-Action-Start
Mail-Subject
Machine
Is-Eu
X-Azure-Ref-OriginShield
Locid
Gh-Request-Id
Esi-Enabled
Web-Mar-Region
Canary
RNT-Machine
Tube-Return
Tube-Got-Eval
Uber-Trace-Id
Adler-Geo
We-Hiring
W
Tube-Get-Contents
Tube-Got-Results
True-Client-Country-4JS
Fastly-Drupal-HTML
AKAMAI
Cache-Key
X-Up
X-Test
X-Fastly-Backend
X-Hash
Cdn-Request-Time
X-Wikidot-Backend
X-Proto
X-Edge-Server
X-Slack-Backend
Cdn-Host
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
Cf-Device-Type
X-Wikidot-Static-Cache
PFcat
X-Eu-Site
X-Csrf-Jwt
X-Amz-Storage-Class
X-HN
X-App-Name
X-VarnishDD-TTL
X-CGP
Proxy-Firewall
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
X-Use-Magma
X-Parent-Response-Time
X-LB-ID
Fastly-Backend-Name
X-RID
X-Date
X-Backend-Instance
X-Irp-Debug
NGX
X-Accel-Expires-Debug
X-CacheTTL
X-Tx-Id
X-NGINX-Cache
X-Ah-Environment
XM
LB
X-Lagoon
X-ZONE
X-Servedbyhost
X-Cache-Backend
X-COUNTRY
X-Owner
X-DynaTrace-JS-Agent
X-Varnish-Hits
X-SIPLIST1
X-Origin-Expires
Pics-Label
X-API-Version
X-DC
IsBot
X-Core-Mission
X-UA
X-Refresh
X-Via-Popv
X-Via-Popn
X-CACHE-GROUP
X-Via-Poph
X-HA-Backend
NtCoent-Length
X-Tb-Optimization-Total-Bytes-Saved
X-Ratelimit-Reset
GeoIp-Country-Code
X-CDN-Cache-Status
X-Qloud-Router
X-VHOST
Datacenter
Cdn
X-LB-NoCache
X-CF-Lambda-Version
RATING
X-CF-Lambda-Fn
Expect-Staple
N-Cache
Cdn-Requestid
X-Forwarded-Path
X-Srv
X-Orig-Expires
Xc-Version
X-Tenant
X-Shop-Environment
CloudFront-Viewer-Country
X-Cache-Type
X-Nananana
X-Zone
Cmsid
X-Nc
X-Wa
SID
X-Gamma-Serve
Cache-Hits
X-Via-Fastly
Cmstype
Server-ID
DataCenter
Cross-Origin-Opener-Policy-Report-Only
CPC-Cache
Uri
CPC-Age
X-Akamai-Transformed
X-TX-ID
X-B3-Parentspanid
GeoIP-Latitude
X-Location
X-Cdn-Diag
X-Fpc
X-Ig-Origin-Region
X-Vmg-Version
Resin-Trace
X-Hit
X-CS
Fusion-Content-Id
Fusion-Component-Id
User-Agent
X-Cloudmap
X-Nf-Request-Id
Fusion-Deployment-Id
XkeyRZ
X-Proxy-CacheRZ
Srv
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Client-Ip
X-Presslabs-Stats
Fastly-Drupal-Html
Mime-Version
X-DataCenter
Powered-By
Cf-Ipcountry
X-URL
X-Cdn-Forward
X-NWS-UUID-VERIFY
True-Client-IP
X-Info
X-Amz-Meta-Opti
Origin-CC
Origin-EX
CacheControlHeader
X-Variation
X-Jungle-Id
X-CUA
X-Fastly-Country-Code
X-TIME
X-Tt-Logid
X-LAGOON
Tcn
X-Datacenter
X-IAuth-Set-Uid
X-User
X-Cached-By
True-Client-Ip
X-HostName
X-NewRelic-App-Data
X-Varnish-Beresp-TTL
X-Segment-20210421
X-Geo
MIME-Version
X-CACHE-AGE
CDN
X-Dynatrace-Js-Agent
X-Api-Version
VNS-Cache
X-Render-Time
VNS-Age
Load-Balancing
Lb
X-LiteSpeed-Cache-Control
X-B3-Spanid
X-VTEX-Cache-Time
X-HOST
Debug
X-Vc
X-VTEX-Cache-Server
X-LiteSpeed-Tag
X-Powered-By-VTEX-Cache
X-Auth-Group-Type
Edge-Cache
X-FPC
Ohc-File-Size
X-AIR-PT
X-Wormhole-Sdk
X-Webkit-Csp-Report-Only
Hostname
X-Dispatch
X-NC
X-WA
X-CSRF-TOKEN
X-Dispatcher-Number
Cl-Cache
Server-Id
Cache-Name
Ohc-Cache-HIT
X-Ig-Push-State
X-Lb-Nocache
X-MCACHE
X-APP-VERSION
Odigeo-Trace-Id
X-Esi
X-NodeID
GeoIP-Country-Code
X-Litespeed-Tag
X-Vgn-Hpd-Reason
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
X-Mid
X-Custom-Header
X-Via-PopV
X-ServedByHost
X-PHP-Backend
X-Depends
X-Ha-Backend
X-Via-PopH
X-Via-PopN
X-Cache-Ttl
X-Pad
X-Cs
CountryCode
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Fastly-Backend-Reqs
X-DefHash
X-Varnish-CookieINHashed-On
PICS-Label
BehaviorPad-Version
X-DefElseHash
X-VCL-Version
Ms-Author-Via
X-Litespeed-Cache-Control
X-MiniProfiler-Ids
X-Web-Server
X-Cdn-Request-ID
X-MSEdge-Features
X-M-Log
X-Akamai-Pragma-Client-IP
Xkeylog
X-Cache-Enabled
X-Lb-Id
Xkey-La3
X-MSEdge-Flight
X-Proxy-Cache-La3
X-VC-TTL
X-M-Reqid
X-RequestId
Server-Info
Srvid
X-Snapshot-Date
FSS-Cache
X-FL-QIT-DEBUG
X-FL-EDGE
Location
Memory
YJS-ID
Memcached
X-IN-APIGATEWAY
Ngx
Time
OriginIP
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
X-Acquia-Site
X-Cache-Version
X-Shopid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
Warning
CF-Cached-On
X-Sucuri-Id
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Lsadc-Cache
My-App
CF-Ctrl
X-Internal-Host
Geoip-Latitude
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-Mg-Cache
X-Service-Response-Time
X-Serial
Sm-Log-Id
X-Check-Cacheable
Akamai-Cache-Status