Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
X-DNS-Prefetch-Control
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
Ali-Swift-Global-Savetime
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Railgun
X-LiteSpeed-Cache
Permissions-Policy
EagleEye-TraceId
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Cache-Lookup
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Node
X-Nginx-Cache-Status
X-Cloud-Trace-Context
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
X-Origin-Cache-Key
Cache-Tag
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-Edge
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Midtier
X-PC
X-Vname
X-TtlSet
Nginx-Cache
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-ECACHE
X-Upstream
X-Powered-By-Plesk
X-Server-Name
X-NWS-LOG-UUID
Edge-Control
X-ESI
X-Browser-Type
X-Cnection
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Ac
X-Ser
AR-ATIME
SPRequestDuration
AR-SID
AR-PoweredBy
AR-Request-ID
SPIisLatency
X-RateLimit-Remaining
X-B3-TraceId
SPRequestGuid
X-Ruxit-Js-Agent
X-SharePointHealthScore
X-GitHub-Request-Id
X-NF-Request-ID
X-Navigation-Version
X-Abt-Application-Version
X-Ttl
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
X-Client-IP
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
S
Display
X-Sol
X-Middleton-Display
Pagespeed
Edge-Cache-Tag
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
X-Amzn-Trace-Id
X-Cache-TTL
X-Amz-Rid
RTSS
X-Webkit-Csp
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-Daa-Tunnel
X-Goog-Hash
X-Server-ID
X-Recruiting
Response
X-Middleton-Response
X-Varnish-TTL
X-Content-Digest
X-ARC
X-Forwarded-For
X-TraceId
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Cross-Origin-Resource-Policy
Content-MD5
MS-Author-Via
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
TP-Cache
X-Shield-Request-Id
X-Accel-Expires
X-FastCGI-Cache
X-Hits
X-Cached
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
Server-Node
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
Public-Key-Pins
X-Request-Processing-Time
X-Ua-Browser
X-ORACLE-DMS-RID
X-Id
X-FTR-Expires
X-Request-Received
X-Forwarded-Proto
Payment
X-Frontend
X-Content-Security-Policy-Report-Only
Realpath
X-Protected-By
X-DIS-Request-ID
X-RateLimit-Limit
X-LLID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
Origin-Trial
X-Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Hostname
X-LB-Cache
Cache-Tags
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Debug-Info
X-Origin-Server
Host
Fastcgi-Cache
Referer-Policy
Count-Hit
X-Page-Id
Mrf-Cache-Status
X-Activity-Id
MRF-Tech
X-AppVersion
X-Az
X-Envoy-Decorator-Operation
X-B3-TraceId-Primal
X-Cluster-Name
X-NGENIX-Cache
X-ORACLE-DMS-ECID
X-Www-Served-By
X-Varnish-Backend
X-Varnish-Server
X-Correlation-Id
X-Geo-Country
Accept-Charset
X-App-Server
X-F-Cache
X-PressLabs-Stats
X-Ratelimit-Limit
X-Ezoic-Cdn
X-Ua-Device
Retry-After
X-Fastly-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-FB-Debug
X-RateLimit-Reset
X-Goog-Metageneration
X-Load-Cache
X-Upgrade-Enabled
X-CSRF-Token
X-Px
TCN
Access-Control-Allow-Method
X-Git-Hash
X-Seen-By
Server-Name
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Contextid
X-Request-Guid
X-Revision
Section-Io-Cache
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Grace
X-Cache-Control
X-Datadog-Parent-Id
X-Trace-Id
X-Content-Options
X-Varnish-Ttl
X-Type
X-B
Charset
Paypal-Debug-Id
X-B3-Sampled
X-Azure-Ref
X-Whom
Healthy
X-TT
DC
X-Fb-Rlafr
X-Proxy
X-Wix-Request-Id
X-Signature
X-B-Cache
X-Newrelic-App-Data
X-Mobile
X-Air-Pt
X-App-Environment
X-Node-Name
X-Magnolia-Registration
X-N
Frame-Options
X-EdgeConnect-Cache-Status
X-Amz-Replication-Status
X-Fastly-Request-Id
Accept-Ch
Filterid
X-Origin-Cache
X-Oracle-Dms-Ecid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Logged-In
X-CCDN-Origin-Time
X-TTL
X-Time
X-WebKit-CSP-Report-Only
Backend
Content-Disposition
Viewport
NGB
Akamai-GRN
X-Response-Served-From
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Oracle-Dms-Rid
X-Rendered-As
X-Is-Bot
X-Cache-Age
X-Tumblr-Pixel
X-Debug-IsPreview
X-Yottaa-Metrics
X-ProcessESI
X-Servername
X-Datadog-Sampled
X-Hl-Ver
X-Yottaa-Optimizations
X-Varnish-Grace
X-Tumblr-User
SD-X-WS
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Ms-Operation-Id
X-RemovedCookies
X-RTag
X-Debug-IsConnected
Liferay-Portal
MS-CV
X-Unique-Id
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-Debug
X-Adobe-Content
X-Adobe-Loc
X-Backend-Name
Upgrade-Insecure-Requests
X-FW-Serve
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-Instance
X-FW-Version
X-FW-Dynamic
X-UUID
X-Via-JSL
X-Cacheable-TTL
Fastly-SIE
Fastly-SWR
X-Cache-Grace
X-Environment-Context
ServerID
X-L-Path
X-NYM-Debug-Backend
X-G
X-Device-Type
X-Proxy-Cache-Info
X-Region
X-Language
From-Origin
X-User-Agent
X-Ratelimit-Remaining
Country
X-Cache-Hit
X-Rule
X-VC-Cache
Refresh
X-Status
X-Template
X-B3-SpanId
Version
X-Aspnet-Duration-Ms
X-Flags
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
Countrycode
X-Source
Url
X-INCAP-ABP
X-Rid
GEO-INFO
X-Webkit-CSP
X-HTML-Minification-Powered-By
X-Cache-Status-Check
CDN-RequestId
X-Storage
WPO-Cache-Status
WPO-Cache-Message
X-Air-Hostname
X-Air-Source
Alternate-Protocol
X-Air-Trace-Id
X-Jobs
X-App-Version
OT-Force-Account-Verify
SRV
X-WP-CF-Super-Cache-Active
X-NODE
AMP-Access-Control-Allow-Source-Origin
X-Real-IP
X-Origin-TTL
X-Origin-CC
X-Akamai-Request-ID2
X-Content-Powered-By
X-B3-Traceid
Protected
X-Rocket-Nginx-Serving-Static
X-VC
Surrogate-Key
X-ServerID
X-CDN-Forward
X-Cache-Time
Access-Control-Request-Headers
X-Hosted-By
X-Tec-Api-Root
X-Tec-Api-Origin
X-Accel-Version
X-Tec-Api-Version
X-Nginx-Cache
X-Handled-By
X-Akamai-Edgescape
X-Cache-Operation
X-Cache-Rule
Amp-Access-Control-Allow-Source-Origin
X-Mode
X-TT-LOGID
X-Xfnlog-Site
X-Platform-Cluster
X-UPSTREAM-Address
X-Upstream-Ct
X-Platform-Processor
X-Upstream-Ht
X-Edge-Location
X-Platform-Router
Xet-Cookie
Webserver
X-Framework
X-Rn-Rsrv
X-Rewrite-Enabled
Meta-Geo
Filters
X-Endurance-Cache-Level
X-Origin
X-Soup
X-Served-From
X-SaId
X-Timing-Wait
X-Tumblr-Pixel-2
X-VWS-Id
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
X-Proxy-Build
X-LJ-Flow-ID
ServedBy
Selected-Fe
Section-Io-Id
X-AWS-Id
X-Cache-Debug
X-JoinUs
X-Director
X-Detected-As
X-Sucuri-Cache
Cross-Origin-Embedder-Policy
X-Cms-Context
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Labrador-Cache-Channel
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Kinja-CCPA
Front
X-Redis-Cache
Mn-Server-Ip
X-ProxyCache-Status
Node
X-Restarts
X-Routing-Service
Property-Id
X-Use-Mantle
X-ProxyCache-Key
TWC-Locale-Group
X-Lambda-Id
X-Logging-Id
X-BYPASS-REASON
X-Origin-Hint
X-Extlb
X-Drupal-Cache-Tags
X-Web-Node
X-Cluster
X-No-Session
X-Webstats-RespID
X-Adobe-Source
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
X-Zipkin-Id
X-PHP-Host
X-Worker
X-Proxied
Webcakes-Region
Webcakes-App-Version
X-Is-Supported-Browser
X-Is-Tablet
Accept-Language
X-GeoCountry
X-AB
X-Browser-Name
X-Format
X-Drupal-Cache-Contexts
X-Geo-Region
X-GeoCode
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
X-Locale
X-Is-Mobile
Azure-SiteName
X-Loop
X-Tcp-Rtt
X-Site-Version
X-S
X-Varnish-Age
X-Varnish-Beresp-Grace
X-Page-View
X-VCT
X-Skip-Cache
X-RM-Cache-TTL
X-Tncms
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Sucuri-ID
Azure-Version
Apigw-Requestid
X-RCS-CacheZone
X-Forwarded-Host
X-Origin-Date
CDN-RequestPullSuccess
CDN-Uid
X-Generation-Time
X-Fetched-On
CDN-RequestPullCode
X-Vercel-Id
X-Container-Uri
X-Vercel-Cache
CDN-EdgeStorageId
X-Storefront-Renderer-Rendered
X-Git-Commit
X-Shopify-Stage
X-Reqid
X-Tb
X-R9-Blue-Green-Version
CDN-PullZone
CDN-CachedAt
CDN-Cache
Xserver
CDN-RequestCountryCode
X-Httpd
CF-IPCountry
X-Cache-Host
X-Alternate-Cache-Key
X-Cache-Server
X-Ms-Version
X-Ms-Request-Id
X-Provided-By
X-Frame-Option
DB-Nickname
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
Atl-Traceid
WP-Super-Cache
X-Server-W
X-Cdn-Origin
X-Vcache
Fastcgi-Useragent
X-Uri
X-MP-GENERATED-AT
X-RID
X-Vcl-Version
X-XRDS-Location
Cross-Origin-Embedder-Policy-Report-Only
Sid
X-Generated-By
Source
Cache-Tv-Group
X-Http-Reason
Cross-Origin-Window-Policy
X-Pass-Why
X-SRV
X-FB-TRIP-ID
Content-Secure-Policy
X-CMSURLCustom
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Scope-Id
TDXMobile
Thinkindot-CacheControl
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Azure-Ref-OriginShield
Cache
X-Buckets
Priority
X-DynaTrace
Onion-Location
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
HostName
X-LSADC-Cache
X-Content-Age
X-Optimistic-Header
X-Dc
X-WP-CF-Super-Cache-Cookies-Bypass
X-Sql-Duration-Ms
X-Sql-Count
X-DataDome
X-GEO
X-Cluster-Node
X-UA
X-Datadome
X-Proxy-Cache-Status
X-Xrds-Location
X-Request-URI
X-Lagoon
Expiry
X-Newrelic-Synthetics
User-Cache-Control
X-TA-CDN-Provider
X-Cache-Action
X-Varnish-Beresp-Ttl
X-Connection-Hash
X-ScT
X-TIM-N
Candidate-Md5Url
DCR-Decision-By
A
X-Op-Id-All
X-Platform
X-PAYTM-SRV-ID
X-Request-Start
DCR-Processing-Time-Ms
X-Varnish-Hostname
X-ND-Cache
X-Rojux
X-SB
X-S-Cookie
X-Vdms-Path
X-Instance-Name
X-Scheme
X-Ec-GeoHdr
Server-Host
X-Application
Server-Hostname
X-Aed
Server-Ext
X-B-Cookie
X-BCube-Filmed-By
Rendered-Blocks
X-Bc-Bl
Req-ID
X-A-Wwc
X-A-Dgt
Vix-Hermes-Req-Id
T-Server
Sslversion
Surrogated-Key
Sever-Int
X-A
X-A-Dcw
X-A-Dam
X-A-Ccd
X-Bl-Debug
X-Cache-Bucket
X-SRCache-Key
Ngx-Var-Key
X-Epic-Correlation-Id
Ngx.Var.Host
Meta-Geo-Continent
MD5-Digest
X-External-Request-Id
Lang
Magicmarker
Origin
X-Ec-Fail
Redirect-Candidate
X-D
X-Conf
X-Cache-NE
X-Destination
X-Developer
Origin-Agent-Cluster
X-Ec-Custom-Error
X-Dispatcher-Server
Gannett-Cam-Experience-Id
X-Vdms-Version
X-Vtex-Remote-Cache
X-Viewer-Country
Locid
WZWS-RAY
X-Generated-On
X-NMSegId
X-Node-Id
X-Amz-Meta-Cb-Modifiedtime
Host-ID
C-Via
L
X-Nginx-Cache-Key
X-NCache
X-AK-Request-ID
Fastly-GeoIP-CountryCode
Content-Style-Type
X-B3-Trace-ID
V-Age
X-Thanos
Cluster
X-TH-Server
X-Gen-Mode
X-Nyt-Route
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Storage-Class
Environment
X-Auto-Login
Fastly-SSL
X-Rocket-Build-Number
X-Correlation-ID
X-Debug-Cache-Fetch
Release
Wxu-Next-Commit
Wxu-Next-Hostname
Ssr
X-Loc
X-GeoIP-Country-Code
X-Level-Front-Cache
X-Debug-Cache-Store
X-Cache-Expired-At
Wxu-Next-Region
Req-Svc-Chain
NM-Fastcgi-Cache
X-SD-PageType
DSUID
X-Access
X-BBC-Edge-Cache-Status
X-Human
Pramga
X-GeoIP-Region-Code
X-Mly-Id
X-Forwarded-Site
X-Section
X-VCache
Content-Script-Type
X-Varnishpool
X-Varnish-Beresp-Status
X-WA-Info
Yak-Timeinfo
X-Cache-Info
X-Hnp-Log
X-Cache-Id
X-Proxied-Request
X-Varnish-Director
X-Origin-Time
X-Gzip
X-Fastly-Cache
X-Core-Value
X-Sigma-Backend
X-We-Are-Hiring
X-UA-Device-Type
X-Zen-Fury
X-Cache-TTL-Remaining
X-Request-Time
X-Sigma
CDCHOST
X-Clientip
X-Pubstack
X-Esi-Check
X-Gdpr
Cdnsip
X-Req
Cdncip
X-Pool
X-Bip
Apple-News-Services-Host
Apple-News-Services-Handled
X-VServer
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-VG-WebCache
X-VG-TLSProxy
X-Block-Status
X-Service
X-Origin-Response-Time
X-TimeS
LB
X-Moov-Xdn-Version
XM
X-ApacheServer
X-SVT-ORM-VERSION
We-Hiring
X-Contensis-Viewer-Groups
Tube-Got-Results
X-Backend-Instance
X-SVT-ORM-RULES
X-Branch-Name
X-Server-IP
X-Cache-Aspx
X-Ad-Load-Variation
X-HN
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
Tube-Return
X-Cdn-Srv
X-Cache-Date
X-Aicache-OS
X-Moov-T
Web-Mar-Region
Click-Count-Action-Start
Country-Code
X-Request-Host
X-VarnishDD-TTL
X-Org
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Old-Content-Length
Esi-Enabled
X-Region-Sid
X-GeoIP-City
Canary
X-Fmm-Version
X-Var-Ttl
X-Origin-Expires
X-Varnish-Authentication
X-Policy
X-V-Cache
Adler-Geo
Cache-Provider
X-From
X-FC-Vary-Parameters
Gh-Request-Id
X-Geo-Header
X-Men
RNT-Time
RNT-Machine
On-Server
X-Device-Os
Tube-Get-Contents
Uber-Trace-Id
True-Client-Country-4JS
Tube-Got-Eval
X-Micro-Cache
Producers
Mail-Subject
Machine
X-DPWN-IS-SECURE
Is-Eu
Click-Count-Error
X-GeoIP
Platform
X-Mvc-Supplant-Cachable
PFcat
X-PERF
Edge-Copy-Time
X-Via-SSL
Fastly-Drupal-HTML
X-Via-CDN
X-Via-Edge
X-Csrf-Jwt
X-Edge-Server
X-Fastly-Backend
X-Eu-Site
Proxy-Firewall
Cf-Device-Type
Cdn-Request-Time
X-Test
Ha-Gx-Prefs
HA-Ipaddr
Cdn-Host
X-Up
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Proto
AKAMAI
Cache-Key
L5d-Success-Class
X-Mvc-Supplant-OutputCached
X-Cache-Backend
S-Rt
X-App-Name
X-Hash
W
X-Slack-Backend
X-ECache
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-CGP
X-Mg-Request-UUID
X-LB-ID
X-API-Version
X-Accel-Expires-Debug
X-CacheTTL
X-Parent-Response-Time
X-Date
Fastly-Backend-Name
NGX
X-NGINX-Cache
X-Ah-Environment
Type
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Hits
Cache-Hits
X-Ua
X-COUNTRY
X-DynaTrace-JS-Agent
X-Via-Popv
X-Tx-Id
X-Via-Popn
X-Zone
X-PDP-UNCACHING-HASH
X-HA-Backend
X-Via-Poph
X-DC
NtCoent-Length
X-Refresh
X-CACHE-GROUP
Pics-Label
X-Servedbyhost
X-Via-Fastly
X-Ratelimit-Reset
Datacenter
X-NWS-UUID-VERIFY
GeoIp-Country-Code
X-CDN-Cache-Status
X-Irp-Debug
X-Cloudmap
Cdn
X-VHOST
X-LB-NoCache
X-Owner
X-Location
X-Ig-Origin-Region
Cdn-Requestid
X-Akamai-Transformed
X-SIPLIST1
IsBot
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Core-Mission
X-Srv
Fusion-Template-Id
X-ZONE
Fusion-Content-Source
Fusion-Deployment-Id
X-Esi
X-TX-ID
X-Nc
Powered-By
X-Wa
Resin-Trace
Server-ID
SID
Origin-CC
X-CUA
X-Qloud-Router
Cross-Origin-Opener-Policy-Report-Only
X-Jungle-Id
Origin-EX
X-Nananana
X-User
X-Hit
N-Cache
DataCenter
X-Fpc
X-Wormhole-Sdk
GeoIP-Latitude
Expect-Staple
X-CF-Lambda-Fn
X-CF-Lambda-Version
Mime-Version
X-Nf-Request-Id
X-B3-Parentspanid
X-Proxy-CacheRZ
X-DataCenter
X-Segment-20210421
X-Forwarded-Path
XkeyRZ
X-Shop-Environment
X-NewRelic-App-Data
X-Tenant
X-Orig-Expires
X-Cache-Type
Xc-Version
X-Client-Ip
X-Cached-By
X-CS
CloudFront-Viewer-Country
Cmsid
X-Render-Time
Fastly-Drupal-Html
X-Presslabs-Stats
X-URL
Cmstype
Uri
Cf-Ipcountry
X-Gamma-Serve
X-Amz-Meta-Opti
Debug
X-IAuth-Set-Uid
True-Client-IP
CPC-Age
CPC-Cache
User-Agent
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-TIME
X-VTEX-Cache-Server
X-Tt-Logid
X-Cdn-Diag
Edge-Cache
X-Auth-Group-Type
X-Info
True-Client-Ip
CDN
X-Vmg-Version
Srv
X-LiteSpeed-Tag
X-Varnish-Beresp-TTL
X-Fastly-Country-Code
X-Geo
X-Dispatch
X-CACHE-AGE
MIME-Version
X-Dynatrace-Js-Agent
X-Ig-Push-State
X-Oracle-DMS-ECID
X-Datacenter
X-Cs
Load-Balancing
X-Cdn-Forward
X-B3-Spanid
Tcn
X-HOST
Odigeo-Trace-Id
X-Variation
CacheControlHeader
X-Vc
X-LAGOON
X-LiteSpeed-Cache-Control
X-Custom-Header
X-FPC
X-Vgn-Hpd-Reason
X-PHP-Backend
X-APP-VERSION
X-NodeID
Ohc-File-Size
X-HostName
X-Pad
X-Webkit-Csp-Report-Only
X-AIR-PT
Server-Id
X-CLOUD-TRACE-CONTEXT
Cl-Cache
X-Depends
X-CSRF-TOKEN
Hostname
X-NC
X-WA
VNS-Cache
VNS-Age
X-DefElseHash
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Lb-Nocache
X-DefHash
X-MCACHE
Ohc-Cache-HIT
X-VC-TTL
GeoIP-Country-Code
X-M-Log
X-M-Reqid
X-Api-Version
X-Cdn-Cache-Status
X-ServedByHost
Geoip-Latitude
X-Cache-FS-Status
PICS-Label
Epwk-X-Cache
Cloudfront-Viewer-Country
X-APP
X-Dispatcher-Number
X-Cache-Ttl
X-MSEdge-Features
X-Fastly-Backend-Reqs
X-MSEdge-Flight
CountryCode
X-Via-PopH
X-Ha-Backend
Lb
X-Via-PopN
X-Litespeed-Tag
X-Via-PopV
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Use-Magma
X-VCL-Version
X-Litespeed-Cache-Control
Xkeylog
Xkey-La3
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-La3
X-Lb-Id
X-Cdn-Request-ID
Cache-Name
OriginIP
Server-Info
X-IN-APIGATEWAY
X-Snapshot-Date
X-RequestId
X-MiniProfiler-Ids
X-Mid
X-RAMCache
Ngx
FSS-Cache
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Site
Time
X-Acquia-Application-UUID
Memcached
X-Web-Server
Memory
X-Sorting-Hat-Podid
X-Shopid
X-Sorting-Hat-Shopid
X-Cache-Version
X-Shardid
X-FL-QIT-DEBUG
Srvid
X-Requestid
X-Sucuri-Id
X-Udemy-Cache-App-Namespace
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
CF-Cached-On
X-Check-Cacheable
X-Serial
Akamai-Cache-Status
X-Mg-Cache
X-Dw-Trace-Id
X-Service-Response-Time
Warning