Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
P3p
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-Request-ID
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Allow
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
EagleId
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Cf-Railgun
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Ali-Swift-Global-Savetime
EagleEye-TraceId
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Litespeed-Cache
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
Nginx-Cache
X-MS-InvokeApp
X-TtlSet
X-PC
X-Vname
X-ESI
X-Upstream
X-ECACHE
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
X-Element-Page-Cache
X-Times
Verso
X-Cnection
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Cdn-Fetch
X-Ac
SPRequestDuration
SPIisLatency
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Ruxit-Js-Agent
X-RateLimit-Remaining
SPRequestGuid
X-SharePointHealthScore
X-Abt-Application-Version
X-Navigation-Version
X-Ser
X-NWS-LOG-UUID
X-B3-TraceId
X-Vcap-Request-Id
X-NF-Request-ID
X-GitHub-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Mg-S
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-VARITI-CCR
X-Client-IP
S
X-Sol
X-Middleton-Display
Pagespeed
Display
Edge-Cache-Tag
X-Ttl
X-Cache-Key
RTSS
Fastly-Restarts
X-Server-ID
X-Amzn-Trace-Id
X-Amz-Rid
Accept-Ch
X-Cache-TTL
X-Powered-CMS
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Kinsta-Cache
X-Goog-Hash
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
X-Varnish-TTL
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Forwarded-For
Arr-Disable-Session-Affinity
X-Webkit-Csp
X-T
Origin-Trial
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
X-Daa-Tunnel
MicrosoftSharePointTeamServices
TP-Cache
X-Content-Security-Policy-Report-Only
X-Accel-Expires
X-Shield-Request-Id
X-Hits
Front-End-Https
Cross-Origin-Resource-Policy
X-Cached
Public-Key-Pins
MS-Author-Via
X-Id
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FastCGI-Cache
X-HS-Hub-Id
X-Ua-Browser
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-DIS-Request-ID
Server-Node
X-FTR-Expires
X-ORACLE-DMS-RID
X-Request-Processing-Time
X-Request-Received
X-Frontend
X-Forwarded-Proto
Payment
X-LLID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Protected-By
Realpath
X-GUploader-UploadID
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Fastcgi-Cache
X-Distributor
X-RateLimit-Limit
X-ORACLE-DMS-ECID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hostname
X-AppVersion
X-Activity-Id
Count-Hit
X-Az
X-Page-Id
X-B3-TraceId-Primal
X-Cluster-Name
MRF-Tech
X-Ratelimit-Limit
X-Correlation-Id
X-Debug-Info
Referer-Policy
Mrf-Cache-Status
Fastcgi-Cache
X-Varnish-Backend
Host
X-Varnish-Server
X-Www-Served-By
X-Geo-Country
Accept-Charset
X-Envoy-Decorator-Operation
X-F-Cache
X-NGENIX-Cache
X-XRDS-LOCATION
X-App-Server
X-PressLabs-Stats
X-Fastly-Request-Id
X-Ua-Device
X-FB-Debug
X-Goog-Metageneration
X-TTL
X-RateLimit-Reset
Retry-After
Access-Control-Allow-Method
X-Varnish-Ttl
X-Git-Hash
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ezoic-Cdn
X-CSRF-Token
X-Upgrade-Enabled
X-Load-Cache
X-Content-Options
X-Seen-By
Server-Name
X-Px
X-Tt-Trace-Host
TCN
X-Tt-Trace-Tag
X-Type
X-Trace-Id
Charset
X-Datadog-Parent-Id
X-Amz-Meta-S3cmd-Attrs
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Aspnet-Version
X-Contextid
X-Request-Guid
X-Revision
Section-Io-Cache
X-B3-Sampled
X-Cache-Control
Cleartype
DC
Paypal-Debug-Id
X-Grace
Healthy
X-B
X-TT
X-Fb-Rlafr
X-Whom
X-Wix-Request-Id
X-App-Environment
X-B-Cache
X-Node-Name
X-Signature
X-WebKit-CSP-Report-Only
X-Origin-Cache
X-Mobile
X-Azure-Ref
Frame-Options
X-Amz-Replication-Status
X-Newrelic-App-Data
X-Magnolia-Registration
X-Proxy
X-Kinja-CCPA
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-EdgeConnect-Cache-Status
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Air-Pt
X-N
Filterid
X-Oracle-Dms-Ecid
X-Logged-In
X-Rid
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Language
X-Is-Crawler
X-Route-Name
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
Content-Disposition
Akamai-GRN
Backend
X-Time
X-Response-Served-From
X-Oracle-Dms-Rid
X-Original-Request-Id
X-Cache-Age
NGB
Upgrade-Insecure-Requests
X-Template
VIX-Pulpo-Upstream-Status
X-Is-Bot
VIX-Pulpo-Node
Viewport
Ms-Operation-Id
SD-X-WS
X-ProcessESI
MS-CV
X-Rendered-As
X-Unique-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-User
X-Tumblr-Pixel-0
X-RTag
X-Servername
X-Tumblr-Pixel
X-RemovedCookies
X-Tumblr-Pixel-1
X-Fastly-Request-ID
X-FW-Static
X-FW-Version
X-FW-Server
X-Proxy-Cache-Info
X-Varnish-Grace
Liferay-Portal
X-Amzn-Remapped-Content-Length
Refresh
X-Instance
X-FW-Serve
X-FW-Type
X-FW-Dynamic
X-Datadog-Sampled
X-Debug
X-FW-Hash
X-Cache-Grace
X-UUID
X-Debug-IsPreview
X-Region
X-L-Path
X-Environment-Context
X-IPS-LoggedIn
X-Debug-IsConnected
X-Cacheable-TTL
X-App-Version
From-Origin
Fastly-SIE
X-Adobe-Loc
X-Adobe-Content
X-Hl-Ver
Fastly-SWR
X-NYM-Debug-Backend
X-Backend-Name
X-User-Agent
X-Cache-Hit
X-G
Country
X-Rule
X-Status
X-Device-Type
X-Ratelimit-Remaining
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Via-JSL
ServerID
Url
X-B3-SpanId
X-B3-Traceid
X-Jobs
X-INCAP-ABP
Countrycode
X-VC-Cache
X-Origin-TTL
WPO-Cache-Status
WPO-Cache-Message
X-Origin-CC
Version
X-Webkit-CSP
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-Air-Hostname
X-Air-Trace-Id
X-Source
X-Air-Source
Surrogate-Key
X-Page-View
X-Hosted-By
Alternate-Protocol
GEO-INFO
X-Akamai-Request-ID2
X-NODE
X-Content-Powered-By
CDN-RequestId
X-WP-CF-Super-Cache-Active
Protected
X-Storage
X-Rocket-Nginx-Serving-Static
X-Nginx-Cache
X-Akamai-Edgescape
X-Accel-Version
AMP-Access-Control-Allow-Source-Origin
Amp-Access-Control-Allow-Source-Origin
X-VC
OT-Force-Account-Verify
Access-Control-Request-Headers
SRV
X-Real-IP
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Framework
X-Edge-Location
X-Mode
Front
X-Cache-Rule
X-Http-Reason
X-ServerID
X-Cache-Time
Filters
X-Rewrite-Enabled
X-Xfnlog-Site
X-Upstream-Ht
X-Upstream-Ct
X-UPSTREAM-Address
Webserver
Meta-Geo
X-Cache-Operation
X-Rn-Rsrv
X-LJ-Flow-ID
X-JoinUs
X-Tumblr-Pixel-3
CF-IPCountry
X-Proxy-Build
Xet-Cookie
X-Tumblr-Pixel-2
X-CDN-Forward
X-Director
X-Served-From
X-TT-LOGID
Selected-Fe
ServedBy
X-AWS-Id
Mn-Server-Ip
X-SaId
X-Soup
X-Timing-Wait
Cross-Origin-Embedder-Policy
X-VWS-Id
Webcakes-App-Version
Webcakes-App-Name
Web-Mar-Node
Webcakes-Region
X-Say-TTL
X-Say-Cacheable
X-Cache-Debug
TWC-Privacy
TWC-Locale-Group
Property-Id
X-Varnish-Cache-Hits
X-SayCDN-TTL
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Device-Class
X-Httpd
X-Cluster
X-Origin-Hint
X-Origin
X-No-Session
Section-Io-Id
X-Proxied
X-Restarts
X-Redis-Cache
X-Routing-Service
X-Logging-Id
X-Endurance-Cache-Level
X-Detected-As
X-Extlb
X-Format
X-Lambda-Id
X-Handled-By
Apigw-Requestid
TWC-GeoIP-Country
X-Web-Node
Xserver
X-Zipkin-Id
X-Worker
X-Use-Mantle
X-Tncms
X-Labrador-Cache-Channel
X-Locale
X-VCT
X-Loop
X-Varnish-Age
X-IPLB-Instance
X-GeoCountry
X-GeoCode
X-Cms-Context
Accept-Language
X-BYPASS-REASON
X-Adobe-Source
X-PHP-Host
X-IPLB-Request-ID
X-Varnish-Beresp-Grace
Azure-SiteName
Azure-SlotName
X-Skip-Cache
Azure-RegionName
X-ProxyCache-Status
X-ProxyCache-Key
Azure-InstanceId
X-RCS-CacheZone
Azure-Version
DB-Nickname
X-RM-Cache-TTL
X-Site-Version
X-Platform-Cluster
X-Geo-Region
X-Browser-Name
X-Generation-Time
X-Git-Commit
X-Vercel-Cache
X-Cache-Host
X-Reqid
X-Cache-Server
X-Tb
X-Container-Uri
X-Platform-Router
X-Vercel-Id
X-Is-Desktop
X-AB
X-Fetched-On
X-Forwarded-Host
X-Platform-Processor
X-Server-W
X-Is-Tablet
X-Tcp-Rtt
X-Drupal-Cache-Tags
X-Is-Supported-Browser
X-Is-Mobile
X-Frame-Option
X-Webstats-RespID
Node
X-Vcache
X-R9-Blue-Green-Version
X-Provided-By
X-Ms-Request-Id
X-Ms-Version
X-S
X-Drupal-Cache-Contexts
X-Uri
X-DynaTrace
X-MP-GENERATED-AT
CDN-CachedAt
CDN-RequestPullSuccess
X-Storefront-Renderer-Rendered
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-Uid
X-Alternate-Cache-Key
X-Shopify-Stage
CDN-EdgeStorageId
X-Origin-Date
CDN-PullZone
WP-Super-Cache
X-Sucuri-Cache
Fastcgi-Useragent
Cache-Tv-Group
Source
X-Sucuri-ID
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-XRDS-Location
X-Vcl-Version
Priority
Content-Secure-Policy
X-FB-TRIP-ID
X-Cdn-Origin
Sid
X-Generated-By
X-Sql-Duration-Ms
X-Sql-Count
Cross-Origin-Embedder-Policy-Report-Only
Onion-Location
X-Pass-Why
X-Content-Age
X-Xrds-Location
X-Urbn-Site-Id
X-Urbn-Context-Path
Atl-Traceid
Locale
X-Buckets
X-SRV
X-Scope-Id
X-Shield-Cache-Expires
X-Thinkindot-L3
X-CMSURLCustom
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-DataDome
Cache
X-Newrelic-Synthetics
X-Cluster-Node
X-ECache
X-LSADC-Cache
WZWS-RAY
Cross-Origin-Window-Policy
S-Rt
HostName
X-TA-CDN-Provider
X-Proxy-Cache-Status
X-Cache-Action
X-Aspnetmvc-Version
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Expired-At
X-Dc
X-Optimistic-Header
X-GEO
User-Cache-Control
X-Ua
Expiry
X-Connection-Hash
X-Varnish-Beresp-Ttl
X-Via-SSL
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-ScT
X-Scheme
X-Vdms-Path
X-SB
X-S-Cookie
X-Bl-Debug
DCR-Decision-By
X-Vdms-Version
X-Rojux
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-SRCache-Key
Apple-News-Services-Parsed-Url
Surrogated-Key
Sslversion
X-Aed
A
X-Cache-Bucket
Apple-News-Services-Handled
X-Cache-NE
Sever-Int
X-Application
Candidate-Md5Url
CDCHOST
Server-Hostname
X-Section
X-Ec-Fail
X-Op-Id-All
T-Server
X-TIM-N
X-External-Request-Id
X-Vtex-Remote-Cache
X-A-Dgt
X-A-Dcw
X-D
X-Bc-Bl
X-A-Wwc
X-A-Dam
X-A-Ccd
DCR-Processing-Time-Ms
MD5-Digest
Meta-Geo-Continent
X-A
X-Ec-Custom-Error
X-Access
X-Instance-Name
Redirect-Candidate
X-Destination
X-Developer
Origin-Agent-Cluster
Origin
Ngx-Var-Key
Ngx.Var.Host
Rendered-Blocks
X-Ec-GeoHdr
Lang
X-B-Cookie
X-Viewer-Country
X-PAYTM-SRV-ID
Server-Ext
L
X-BCube-Filmed-By
Gannett-Cam-Experience-Id
X-Epic-Correlation-Id
X-Conf
Content-Script-Type
Fastly-GeoIP-CountryCode
Content-Style-Type
Fastly-SSL
X-Bip
DSUID
X-Sigma
Pramga
Environment
X-Rocket-Build-Number
Release
X-Moov-Xdn-Version
X-SD-PageType
Server-Host
C-Via
Cache-Provider
X-Request-URI
X-Request-Time
Host-ID
X-Block-Status
X-Auto-Login
X-Branch-Name
Req-ID
X-Request-Start
Cluster
X-UA-Device-Type
X-Gen-Mode
X-Gdpr
X-Zen-Fury
X-Clientip
X-Generated-On
Magicmarker
X-We-Are-Hiring
X-Proxied-Request
X-Pubstack
X-Level-Front-Cache
X-Sigma-Backend
X-VServer
X-Correlation-ID
Wxu-Next-Commit
Wxu-Next-Hostname
X-Debug-Cache-Store
X-Hnp-Log
X-Moov-T
X-Human
X-NCache
X-Debug-Cache-Fetch
X-Origin-Time
Wxu-Next-Region
X-VCache
X-Dispatcher-Server
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Vix-Hermes-Req-Id
X-Nginx-Cache-Key
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-Beresp-Status
X-Varnish-Director
X-Thanos
X-VG-WebCache
X-Fastly-Cache
X-TH-Server
Ssr
X-Cache-Info
X-Pool
X-Varnish-Hostname
X-Varnishpool
X-Loc
X-Forwarded-Site
V-Age
X-Node-Id
Type
X-Nyt-Route
X-Platform
X-TimeS
X-Service
X-Origin-Response-Time
X-Datadome
X-Mg-Request-UUID
X-RateLimit-Remaining-Second
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-ApacheServer
Web-Mar-Region
We-Hiring
W
Uber-Trace-Id
X-Region-Sid
X-RateLimit-Limit-Second
X-B3-Trace-ID
Req-Svc-Chain
X-Req
True-Client-Country-4JS
X-Cache-Id
Cdncip
Cdnsip
X-Geo-Header
X-GeoIP
X-Cdn-Srv
X-WA-Info
X-Mvc-Supplant-Cachable
X-VG-TLSProxy
X-NMSegId
X-PERF
X-AK-Request-ID
X-Contensis-Viewer-Groups
X-Mly-Id
X-Org
X-ND-Cache
X-HS-Content-Campaign-Id
X-Gzip
Yak-Timeinfo
X-GeoIP-City
X-Core-Value
X-GoCache-CacheStatus
X-Varnish-Authentication
X-Var-Ttl
X-Mvc-Supplant-OutputCached
Gh-Request-Id
X-Esi-Check
X-Device-Os
Canary
Locid
Machine
On-Server
X-BBC-Edge-Cache-Status
NM-Fastcgi-Cache
X-Request-Host
Mail-Subject
X-Cache-Aspx
X-Server-IP
X-FC-Vary-Parameters
X-Policy
X-V-Cache
X-SVT-ORM-VERSION
X-Cache-TTL-Remaining
X-Cache-Date
X-Azure-Ref-OriginShield
X-SVT-ORM-RULES
Fastly-Drupal-HTML
X-Proto
X-DPWN-IS-SECURE
X-App-Name
X-Fastly-Backend
X-From
X-Wikidot-Backend
X-Wikidot-Static-Cache
Ha-Gx-Prefs
X-Fmm-Version
X-Micro-Cache
X-Test
X-Men
X-Old-Content-Length
HA-Ipaddr
L5d-Success-Class
X-HN
X-Hash
X-VarnishDD-TTL
X-Amz-Storage-Class
PFcat
X-CGP
X-Csrf-Jwt
X-Eu-Site
X-Ad-Load-Variation
X-Sn-Servicetimems
RNT-Machine
Proxy-Firewall
Producers
Platform
RNT-Time
Tube-Get-Contents
Tube-Return
Tube-Got-Results
Tube-Got-Eval
X-Slack-Shared-Secret-Outcome
Is-Eu
Cache-Key
AKAMAI
Adler-Geo
X-Slack-Backend
Click-Count-Action-Start
Click-Count-Error
Esi-Enabled
Country-Code
X-Use-Magma
X-Parent-Response-Time
X-Edge-Server
X-Irp-Debug
Fastly-Backend-Name
Cdn-Request-Time
Cdn-Host
X-Date
X-Up
Cf-Device-Type
X-RID
X-Backend-Instance
X-CacheTTL
X-Accel-Expires-Debug
X-Tx-Id
X-ZONE
X-Ah-Environment
NGX
XM
X-LB-ID
LB
X-Lagoon
X-Owner
X-Servedbyhost
X-DC
X-Varnish-Hits
X-Core-Mission
Pics-Label
IsBot
X-API-Version
X-Cache-Backend
X-Origin-Expires
X-COUNTRY
X-SIPLIST1
X-UA
X-DynaTrace-JS-Agent
X-HA-Backend
X-Via-Popn
X-CACHE-GROUP
NtCoent-Length
X-Refresh
X-Via-Poph
X-Via-Popv
X-Tb-Optimization-Total-Bytes-Saved
X-NGINX-Cache
X-Ratelimit-Reset
GeoIp-Country-Code
X-CDN-Cache-Status
X-Qloud-Router
X-VHOST
X-Srv
Cdn
Datacenter
X-LB-NoCache
X-CF-Lambda-Version
N-Cache
RATING
X-CF-Lambda-Fn
Expect-Staple
Cdn-Requestid
Xc-Version
X-Cache-Type
X-Tenant
X-Orig-Expires
CloudFront-Viewer-Country
X-Shop-Environment
X-Forwarded-Path
Cmsid
Cmstype
X-Gamma-Serve
X-Wa
X-Nc
X-Nananana
Server-ID
Cache-Hits
SID
DataCenter
X-Via-Fastly
CPC-Cache
X-TX-ID
X-B3-Parentspanid
CPC-Age
GeoIP-Latitude
Cross-Origin-Opener-Policy-Report-Only
Uri
X-Zone
X-Cdn-Diag
Resin-Trace
X-Location
X-Ig-Origin-Region
X-Hit
X-Fpc
X-Vmg-Version
X-Akamai-Transformed
X-CS
XkeyRZ
Fusion-Source
Fusion-Content-Source
X-Proxy-CacheRZ
Fusion-Deployment-Id
X-Cloudmap
User-Agent
X-Nf-Request-Id
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-Client-Ip
X-NewRelic-App-Data
Powered-By
Fastly-Drupal-Html
X-URL
X-Presslabs-Stats
X-DataCenter
X-NWS-UUID-VERIFY
X-Amz-Meta-Opti
X-TIME
X-Fastly-Country-Code
X-Tt-Logid
CacheControlHeader
Mime-Version
Origin-CC
Origin-EX
X-CUA
X-Info
True-Client-IP
X-Jungle-Id
X-Variation
Srv
Tcn
X-LAGOON
True-Client-Ip
X-User
Cf-Ipcountry
X-IAuth-Set-Uid
X-Cached-By
X-Datacenter
X-Cdn-Forward
X-B3-Spanid
X-Varnish-Beresp-TTL
X-HostName
MIME-Version
X-CACHE-AGE
X-Geo
CDN
X-Api-Version
X-Dynatrace-Js-Agent
X-Segment-20210421
X-Render-Time
Lb
VNS-Age
VNS-Cache
Load-Balancing
X-LiteSpeed-Cache-Control
Debug
X-LiteSpeed-Tag
X-HOST
X-Vc
Edge-Cache
X-Auth-Group-Type
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-AIR-PT
Ohc-File-Size
X-FPC
Hostname
X-Wormhole-Sdk
X-Webkit-Csp-Report-Only
X-Dispatcher-Number
Server-Id
X-Dispatch
Cl-Cache
X-CSRF-TOKEN
Cache-Name
Ohc-Cache-HIT
X-Ig-Push-State
X-MCACHE
X-WA
X-NC
Odigeo-Trace-Id
X-Lb-Nocache
X-Esi
GeoIP-Country-Code
X-Litespeed-Tag
X-Vgn-Hpd-Reason
X-APP-VERSION
X-Custom-Header
X-NodeID
X-Mid
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
X-Depends
X-Ha-Backend
X-Via-PopN
X-Via-PopV
X-ServedByHost
X-Via-PopH
X-PHP-Backend
X-Pad
X-Cache-Ttl
X-Cs
X-Fastly-Backend-Reqs
BehaviorPad-Version
CountryCode
Ms-Author-Via
X-Litespeed-Cache-Control
X-VCL-Version
PICS-Label
X-M-Reqid
X-DefElseHash
X-VC-TTL
X-DefHash
X-Cache-Enabled
X-MSEdge-Flight
X-Cdn-Request-ID
X-MSEdge-Features
X-Lb-Id
X-Web-Server
Xkey-La3
X-Varnish-CookieHashed-On
Xkeylog
X-M-Log
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-La3
X-RequestId
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Ngx
FSS-Cache
X-FL-EDGE
YJS-ID
X-Snapshot-Date
X-FL-QIT-DEBUG
X-IN-APIGATEWAYSSL
Srvid
Location
Time
Memory
Memcached
X-IN-APIGATEWAY
OriginIP
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Acquia-Site
Server-Info
X-Acquia-Purge-Tags
X-Cache-Version
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-Sorting-Hat-Shopid
Warning
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-Udemy-Cache-App-Namespace
X-Th-Server
X-Sucuri-Id
X-Lsadc-Cache
CF-Cached-On
X-Check-Cacheable
CF-Ctrl
X-Mg-Cache
X-Internal-Host
X-Dw-Trace-Id
My-App
X-Serial
X-Service-Response-Time
Akamai-Cache-Status