Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
EagleId
Xkey
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-OneAgent-JS-Injection
X-Backend-Server
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
X-Litespeed-Cache
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Url
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-TtlSet
Rating
X-PC
X-Vname
X-MS-InvokeApp
Nginx-Cache
X-ECACHE
X-ESI
X-Upstream
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-D2id
X-Element-Page-Cache
X-Times
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Ac
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-B3-TraceId
X-Ser
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Abt-Application-Version
X-GitHub-Request-Id
X-NF-Request-ID
X-Vcap-Request-Id
X-Ttl
X-Dw-Request-Base-Id
X-RateLimit-Remaining
AR-CACHE
X-Mg-S
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Client-IP
X-VARITI-CCR
S
X-Middleton-Display
Edge-Cache-Tag
Pagespeed
Display
X-Sol
X-Cache-Key
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
Cache-Status
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
X-Server-ID
Access-Control-Request-Method
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ARC
X-Middleton-Response
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Response
X-Content-Digest
X-Daa-Tunnel
X-TraceId
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
Front-End-Https
Origin-Trial
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Accel-Expires
X-Cached
X-Hits
X-Content-Security-Policy-Report-Only
MS-Author-Via
Public-Key-Pins
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-Fastcgi-Cache
X-HS-Cache-Config
X-Forwarded-Proto
X-FTR-Expires
Server-Node
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
Payment
X-Frontend
X-Webkit-Csp
X-LLID
Realpath
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LB-Cache
Cache-Tags
X-Hostname
X-Ratelimit-Limit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
X-RateLimit-Limit
Referer-Policy
X-B3-TraceId-Primal
X-Page-Id
Mrf-Cache-Status
MRF-Tech
X-Debug-Info
Host
X-Az
X-Activity-Id
X-AppVersion
Fastcgi-Cache
Count-Hit
X-Geo-Country
X-Cluster-Name
X-Www-Served-By
X-NGENIX-Cache
X-Varnish-Server
X-Varnish-Backend
X-Envoy-Decorator-Operation
Accept-Charset
X-Correlation-Id
X-F-Cache
X-App-Server
X-Ua-Device
X-XRDS-LOCATION
X-PressLabs-Stats
X-FB-Debug
X-Goog-Metageneration
Retry-After
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Load-Cache
X-Upgrade-Enabled
X-TEC-API-ORIGIN
Access-Control-Allow-Method
X-CSRF-Token
X-Git-Hash
TCN
X-Seen-By
X-Px
X-Varnish-Ttl
X-Content-Options
X-RateLimit-Reset
Server-Name
X-Grace
Section-Io-Cache
X-Request-Guid
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Trace-Id
X-Tt-Trace-Host
X-Type
X-Cache-Control
X-Tt-Trace-Tag
X-Datadog-Trace-Id
Healthy
X-Oracle-Dms-Ecid
X-B
X-Datadog-Sampling-Priority
Charset
Cleartype
X-Datadog-Parent-Id
X-Fastly-Request-Id
Paypal-Debug-Id
X-Whom
X-B3-Sampled
X-TT
X-Fastly-Request-ID
DC
X-Fb-Rlafr
X-B-Cache
X-Signature
X-Wix-Request-Id
X-App-Environment
X-Node-Name
X-Origin-Cache
X-Air-Pt
X-Proxy
X-Azure-Ref
X-Mobile
Frame-Options
X-Magnolia-Registration
Accept-Ch
X-TTL
X-Oracle-Dms-Rid
X-Amz-Replication-Status
X-Newrelic-App-Data
X-Ratelimit-Remaining
X-Goog-Stored-Content-Encoding
X-N
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-WP-CF-Super-Cache-Cache-Control
Filterid
X-WP-CF-Super-Cache
X-Rid
X-EdgeConnect-Cache-Status
X-WebKit-CSP-Report-Only
X-Logged-In
Content-Disposition
X-Language
X-Aspnet-Duration-Ms
Backend
X-Route-Name
X-Is-Crawler
X-Flags
Akamai-GRN
X-Providence-Cookie
NGB
X-Time
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Node
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Debug-IsPreview
X-Tumblr-User
X-Unique-Id
X-Debug-IsConnected
X-Cache-Age
X-Servername
X-Varnish-Grace
Ms-Operation-Id
Viewport
X-RemovedCookies
X-Yottaa-Optimizations
X-ProcessESI
X-Datadog-Sampled
X-Tumblr-Pixel-0
SD-X-WS
X-RTag
Liferay-Portal
MS-CV
X-FW-Serve
X-NYM-Debug-Backend
X-Adobe-Content
X-Adobe-Loc
X-FW-Static
Upgrade-Insecure-Requests
X-Amzn-Remapped-Content-Length
X-UUID
X-Via-JSL
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Backend-Name
X-Instance
X-FW-Version
X-IPS-LoggedIn
X-Hl-Ver
X-FW-Type
X-Debug
X-Template
Fastly-SWR
Refresh
Fastly-SIE
X-Proxy-Cache-Info
X-Environment-Context
X-Region
X-Cacheable-TTL
X-L-Path
X-G
X-Cache-Grace
X-Kinja-CCPA
X-Device-Type
ServerID
From-Origin
X-User-Agent
X-Status
X-Cache-Hit
Country
X-Rule
X-B3-SpanId
X-App-Version
Url
X-VC-Cache
X-Webkit-CSP
X-INCAP-ABP
Countrycode
Version
X-Source
X-Jobs
Alternate-Protocol
WPO-Cache-Status
X-Cache-Status-Check
X-HTML-Minification-Powered-By
WPO-Cache-Message
X-NODE
X-Air-Trace-Id
X-Air-Source
GEO-INFO
X-Air-Hostname
X-Nginx-Cache
CDN-RequestId
X-Storage
X-Origin-TTL
X-Akamai-Request-ID2
X-WP-CF-Super-Cache-Active
X-Origin-CC
X-Content-Powered-By
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
Surrogate-Key
X-Hosted-By
SRV
X-Tec-Api-Origin
X-Tec-Api-Version
Protected
X-Page-View
X-Rocket-Nginx-Serving-Static
OT-Force-Account-Verify
X-Tec-Api-Root
X-Accel-Version
X-Real-IP
Access-Control-Request-Headers
X-VC
X-Akamai-Edgescape
X-CDN-Forward
X-Edge-Location
X-ServerID
CF-IPCountry
AMP-Access-Control-Allow-Source-Origin
X-Framework
X-Cache-Time
X-Use-Mantle
X-Mode
X-Rn-Rsrv
Filters
X-Upstream-Ct
X-Xfnlog-Site
Meta-Geo
X-Upstream-Ht
X-Handled-By
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Cache-Operation
Xet-Cookie
Webserver
X-Cache-Rule
X-Endurance-Cache-Level
Front
X-Varnish-Cache-Hits
Accept-Language
Mn-Server-Ip
ServedBy
X-VWS-Id
X-AWS-Id
X-Director
Selected-Fe
Section-Io-Id
X-Origin
X-Soup
X-Served-From
X-SaId
X-Detected-As
X-Timing-Wait
X-Tumblr-Pixel-2
X-LJ-Flow-ID
X-Proxy-Build
X-Tumblr-Pixel-3
X-JoinUs
X-Cache-Debug
Cross-Origin-Embedder-Policy
Web-Mar-Node
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-BYPASS-REASON
X-Adobe-Source
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
X-Zipkin-Id
Xserver
Apigw-Requestid
X-Worker
X-Web-Node
TWC-Connection-Speed
Property-Id
Node
X-Cluster
X-Cms-Context
X-Proxied
X-PHP-Host
X-Origin-Hint
X-Routing-Service
X-ProxyCache-Key
X-Restarts
X-Redis-Cache
X-ProxyCache-Status
X-No-Session
X-Logging-Id
X-Format
X-Extlb
X-Drupal-Cache-Tags
X-SayCDN-TTL
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Say-TTL
X-Lambda-Id
X-Platform-Cluster
TWC-Privacy
X-Vcache
X-Platform-Router
X-Platform-Processor
X-IPLB-Request-ID
X-RM-Cache-TTL
X-IPLB-Instance
X-Is-Desktop
X-Is-Supported-Browser
X-Varnish-Age
X-Locale
X-Skip-Cache
X-Is-Mobile
X-GeoCode
X-Tncms
X-Tcp-Rtt
X-Drupal-Cache-Contexts
X-Site-Version
X-Forwarded-Host
X-Browser-Name
X-Varnish-Beresp-Grace
X-Geo-Region
X-AB
X-GeoCountry
X-Is-Tablet
X-Loop
X-Httpd
X-RCS-CacheZone
Azure-SlotName
Azure-SiteName
X-Webstats-RespID
Azure-InstanceId
Azure-RegionName
DB-Nickname
Azure-Version
X-S
X-TT-LOGID
X-VCT
X-Http-Reason
X-Git-Commit
X-Cache-Host
X-Tb
X-Fetched-On
X-Cache-Server
X-R9-Blue-Green-Version
X-Container-Uri
X-Reqid
X-Vercel-Cache
X-Generation-Time
X-Vercel-Id
CDN-Uid
X-Ms-Version
X-Provided-By
X-Server-W
X-Frame-Option
X-Ms-Request-Id
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
CDN-Cache
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
CDN-RequestCountryCode
CDN-RequestPullCode
X-MP-GENERATED-AT
X-Origin-Date
X-Sucuri-Cache
Fastcgi-Useragent
X-Uri
X-XRDS-Location
WP-Super-Cache
X-Sucuri-ID
X-Cdn-Origin
X-ShopId
X-Vcl-Version
Cache-Tv-Group
Source
X-Sorting-Hat-PodId
X-DynaTrace
X-ShardId
X-Sorting-Hat-ShopId
Cross-Origin-Embedder-Policy-Report-Only
Atl-Traceid
X-FB-TRIP-ID
X-Generated-By
X-Xrds-Location
Content-Secure-Policy
Priority
X-Sql-Count
X-SRV
X-Sql-Duration-Ms
Onion-Location
X-Pass-Why
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Buckets
X-Content-Age
Sid
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-CMSURLCustom
X-Scope-Id
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-Control
X-DataDome
Cross-Origin-Window-Policy
Cache
HostName
X-LSADC-Cache
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
X-Newrelic-Synthetics
WZWS-RAY
X-WP-CF-Super-Cache-Cookies-Bypass
X-Optimistic-Header
X-GEO
X-Cache-Action
X-Cache-Expired-At
S-Rt
X-Azure-Ref-OriginShield
X-Via-CDN
User-Cache-Control
X-Via-SSL
X-Via-Edge
X-Connection-Hash
Expiry
Edge-Copy-Time
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Magicmarker
X-Instance-Name
X-ND-Cache
Lang
X-Request-Start
Origin
X-Ec-GeoHdr
X-Ec-Fail
Rendered-Blocks
X-Epic-Correlation-Id
X-External-Request-Id
Origin-Agent-Cluster
Redirect-Candidate
L
Gannett-Cam-Experience-Id
X-Op-Id-All
A
Apple-News-Services-Handled
X-PAYTM-SRV-ID
X-Platform
X-TIM-N
X-Dc
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
DCR-Decision-By
DCR-Processing-Time-Ms
CDCHOST
Candidate-Md5Url
Apple-News-Services-Request-Url
X-SRCache-Key
Req-ID
Server-Ext
X-A-Wwc
X-Cache-NE
X-Access
X-Conf
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Aed
X-Rojux
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-Bucket
X-S-Cookie
X-B-Cookie
X-SB
X-Application
X-A-Ccd
X-A
Surrogated-Key
X-Ec-Custom-Error
T-Server
Sslversion
Sever-Int
Server-Host
Server-Hostname
X-Section
X-Dispatcher-Server
X-D
X-Scheme
X-ScT
X-Destination
Vix-Hermes-Req-Id
X-Developer
X-Bl-Debug
Ngx-Var-Key
X-Viewer-Country
X-Varnish-Hostname
X-Vtex-Remote-Cache
X-Vdms-Version
X-Vdms-Path
Fastly-Drupal-HTML
X-Correlation-ID
X-TA-CDN-Provider
X-TimeS
X-VG-WebCache
X-Auto-Login
X-Amz-Storage-Class
X-Amz-Meta-Cb-Modifiedtime
X-Acquia-Purge-Cdn-Unconfigured
X-AK-Request-ID
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Cache-TTL-Remaining
X-Rocket-Build-Number
X-Cache-Info
X-Cache-Id
X-Bip
X-Block-Status
X-Origin-Time
Wxu-Next-Hostname
PFcat
Pramga
X-Pool
NM-Fastcgi-Cache
X-Proxied-Request
X-We-Are-Hiring
Release
Req-Svc-Chain
X-VG-TLSProxy
Wxu-Next-Commit
V-Age
X-SD-PageType
Ssr
X-WA-Info
X-Clientip
X-Core-Value
X-Gzip
X-HN
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gen-Mode
X-Generated-On
X-Hnp-Log
X-Human
X-Moov-Xdn-Version
X-NCache
X-Moov-T
X-Mly-Id
X-Level-Front-Cache
X-Loc
X-Gdpr
X-Req
Host-ID
X-Request-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Nyt-Route
X-Request-URI
Yak-Timeinfo
X-Node-Id
X-Zen-Fury
X-Forwarded-Site
X-Fastly-Cache
X-Esi-Check
X-VServer
X-NMSegId
X-Nginx-Cache-Key
Wxu-Next-Region
Content-Style-Type
Content-Script-Type
Cluster
Cdnsip
X-Sigma-Backend
DSUID
Fastly-SSL
Fastly-GeoIP-CountryCode
Environment
Cache-Provider
C-Via
X-TH-Server
X-Thanos
X-UA-Device-Type
X-Pubstack
X-Varnish-Beresp-Status
X-Varnishpool
X-VarnishDD-TTL
X-Varnish-Director
X-Sigma
Cdncip
X-Origin-Response-Time
X-Service
X-Ua
X-DPWN-IS-SECURE
Locid
Mail-Subject
X-Device-Os
Machine
X-ECache
X-Fmm-Version
X-FC-Vary-Parameters
Adler-Geo
X-Eu-Site
X-Csrf-Jwt
Click-Count-Error
Click-Count-Action-Start
X-Backend-Instance
X-ApacheServer
Gh-Request-Id
X-Cache-Aspx
X-Cache-Date
X-SVT-ORM-RULES
X-Contensis-Viewer-Groups
X-Cdn-Srv
HA-Ipaddr
Canary
X-From
X-Mvc-Supplant-OutputCached
Ha-Gx-Prefs
X-Mvc-Supplant-Cachable
L5d-Success-Class
X-RateLimit-Limit-Second
X-Var-Ttl
X-Old-Content-Length
X-Policy
X-PERF
Is-Eu
X-Org
X-Micro-Cache
X-Men
X-GeoIP
X-Geo-Header
X-SVT-ORM-VERSION
X-Aicache-OS
X-GeoIP-City
X-GoCache-CacheStatus
X-RateLimit-Remaining-Second
X-Region-Sid
X-HS-Content-Campaign-Id
X-Varnish-Authentication
X-Request-Host
X-CGP
Esi-Enabled
Tube-Get-Contents
True-Client-Country-4JS
X-V-Cache
W
Tube-Got-Eval
Tube-Got-Results
On-Server
Uber-Trace-Id
Type
Tube-Return
X-Server-IP
RNT-Time
Web-Mar-Region
Country-Code
Platform
We-Hiring
X-Ad-Load-Variation
RNT-Machine
Producers
X-Mg-Request-UUID
X-Datadome
X-Sn-Servicetimems
X-DC
X-Edge-Server
Cache-Key
X-Ratelimit-Reset
AKAMAI
X-Hash
X-Up
X-Proto
X-Lagoon
Proxy-Firewall
X-Test
X-VCache
X-Wikidot-Static-Cache
X-Wikidot-Backend
XM
X-Fastly-Backend
X-RID
X-App-Name
X-Slack-Shared-Secret-Outcome
Cdn-Host
Cdn-Request-Time
X-Branch-Name
X-Slack-Backend
Cf-Device-Type
X-Tx-Id
X-UA
LB
X-Accel-Expires-Debug
X-LB-ID
X-Ah-Environment
X-API-Version
X-CacheTTL
X-Origin-Expires
X-Cache-Backend
X-Date
NGX
X-Parent-Response-Time
Fastly-Backend-Name
X-URL
X-COUNTRY
X-Irp-Debug
Pics-Label
X-Varnish-Hits
X-Servedbyhost
X-Refresh
X-Owner
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Poph
X-CACHE-GROUP
X-HA-Backend
X-Via-Popn
X-Via-Popv
Cdn
X-DynaTrace-JS-Agent
X-LB-NoCache
X-Core-Mission
IsBot
X-SIPLIST1
X-VHOST
Datacenter
X-ZONE
NtCoent-Length
X-Zone
SID
X-NGINX-Cache
Cache-Hits
Cdn-Requestid
X-CDN-Cache-Status
X-Srv
X-Qloud-Router
Server-ID
X-Nc
X-Wa
GeoIp-Country-Code
X-Via-Fastly
X-CF-Lambda-Fn
X-CF-Lambda-Version
Expect-Staple
N-Cache
X-Nananana
X-Presslabs-Stats
X-Akamai-Transformed
X-Orig-Expires
X-Forwarded-Path
X-Shop-Environment
GeoIP-Latitude
Cross-Origin-Opener-Policy-Report-Only
X-Fpc
X-Tenant
X-Location
CloudFront-Viewer-Country
X-Ig-Origin-Region
Xc-Version
X-Cache-Type
X-Cloudmap
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Resin-Trace
X-Gamma-Serve
X-Hit
DataCenter
Cmsid
X-B3-Parentspanid
Cmstype
X-TX-ID
CPC-Age
X-Nf-Request-Id
Powered-By
X-DataCenter
XkeyRZ
Uri
X-NewRelic-App-Data
CPC-Cache
X-Proxy-CacheRZ
X-Client-Ip
Origin-CC
X-CS
X-Jungle-Id
Origin-EX
X-Cdn-Diag
X-CUA
X-Vmg-Version
User-Agent
X-Use-Magma
X-NWS-UUID-VERIFY
X-TIME
X-Amz-Meta-Opti
True-Client-Ip
X-User
X-Tt-Logid
X-Info
RATING
Mime-Version
MIME-Version
X-Segment-20210421
X-IAuth-Set-Uid
X-Fastly-Country-Code
True-Client-IP
X-CACHE-AGE
X-Render-Time
X-Variation
X-Cached-By
X-Geo
CacheControlHeader
Srv
Fastly-Drupal-Html
X-LAGOON
X-Dynatrace-Js-Agent
Cf-Ipcountry
X-Datacenter
Load-Balancing
X-Oracle-DMS-ECID
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-Cdn-Forward
X-B3-Spanid
Tcn
X-Webkit-Csp-Report-Only
CDN
X-Vc
X-HOST
Debug
X-Wormhole-Sdk
Edge-Cache
X-Auth-Group-Type
X-Varnish-Beresp-TTL
X-PDP-UNCACHING-HASH
X-LiteSpeed-Tag
X-LiteSpeed-Cache-Control
Ohc-File-Size
VNS-Age
X-HostName
VNS-Cache
X-Dispatch
X-CSRF-TOKEN
Cl-Cache
X-Ig-Push-State
Hostname
X-FPC
X-MCACHE
Odigeo-Trace-Id
X-NodeID
GeoIP-Country-Code
Lb
X-AIR-PT
Ohc-Cache-HIT
X-Api-Version
X-APP-VERSION
X-Cs
Server-Id
X-Cdn-Cache-Status
X-Esi
X-Litespeed-Tag
X-NC
X-Dispatcher-Number
X-WA
X-Custom-Header
X-Vgn-Hpd-Reason
X-Lb-Nocache
X-PHP-Backend
X-Depends
Cache-Name
X-Pad
X-DefElseHash
X-Varnish-CookieINHashed-On
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Cache-Ttl
X-M-Log
X-Mid
X-ServedByHost
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Ha-Backend
X-VC-TTL
X-Fastly-Backend-Reqs
X-M-Reqid
PICS-Label
CountryCode
X-VCL-Version
Ms-Author-Via
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Xkeylog
X-Sorting-Hat-Shopid
X-MSEdge-Features
X-Cdn-Request-ID
X-Sorting-Hat-Podid
X-Shardid
X-MSEdge-Flight
X-Shopid
X-Lb-Id
X-Proxy-Cache-La3
Xkey-La3
X-Akamai-Pragma-Client-IP
X-Cache-FS-Status
X-APP
Epwk-X-Cache
OriginIP
Memory
Memcached
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-IN-APIGATEWAY
X-Web-Server
Ngx
X-MiniProfiler-Ids
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
BehaviorPad-Version
X-Acquia-Application-Trace
Geoip-Latitude
Time
X-RequestId
X-Cache-Version
X-Requestid
Warning
Cloudfront-Viewer-Country
X-Lsadc-Cache
X-Udemy-Cache-App-Namespace
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
CF-Cached-On
X-Sucuri-Id
X-Check-Cacheable
X-Serial
X-Mg-Cache
FSS-Cache
X-Cache-Enabled
X-Dw-Trace-Id
X-Service-Response-Time
Akamai-Cache-Status