Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Served-By
X-UA-Compatible
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
P3p
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Ua-Compatible
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Rq
X-Age
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
Request-Id
X-Akam-SW-Version
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Nginx-Cache-Status
X-Node
X-Cloud-Trace-Context
X-Application-Context
X-Country-Code
X-Ruxit-JS-Agent
X-Litespeed-Cache
X-Trace
X-Cache-Lookup
Content-Location
Service-Worker-Allowed
X-Url
X-Oneagent-Js-Injection
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Edge
X-Origin-Cache-Key
X-Mod-Pagespeed
Accept-Ch
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-FTR-Request-ID
X-Midtier
Cache-Tag
Cross-Origin-Opener-Policy
X-Mcache
X-MS-InvokeApp
X-Upstream
Nginx-Cache
X-TtlSet
X-ESI
X-PC
X-Vname
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-D2id
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Element-Page-Cache
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
Verso
X-Times
X-Server-Name
X-Cnection
X-Ac
SPIisLatency
SPRequestDuration
X-B3-TraceId
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-Vcap-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
X-NF-Request-ID
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-Ser
X-VARITI-CCR
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
AR-CACHE
S
X-Cache-Key
X-Mg-S
RTSS
X-Ttl
X-Client-IP
Origin-Trial
X-Cache-TTL
Edge-Cache-Tag
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Amz-Rid
Fastly-Restarts
X-Amzn-Trace-Id
X-NWS-LOG-UUID
X-Goog-Hash
X-Powered-CMS
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-ID
Cache-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
Access-Control-Request-Method
X-ARC
X-Recruiting
X-Webkit-Csp
X-Content-Digest
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TraceId
X-T
X-MSEdge-Ref
X-Forwarded-For
Response
X-Middleton-Response
X-Ua-Device
Content-MD5
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Hits
X-Shield-Request-Id
X-Cached
X-FTR-Balancer
X-Country-Code-Real
Public-Key-Pins
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Id
X-Request-Processing-Time
Server-Node
X-Request-Received
Payment
X-HS-Combine-CSS
X-HS-Content-Id
X-Ua-Browser
MS-Author-Via
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
Front-End-Https
X-DIS-Request-ID
X-RateLimit-Limit
Cross-Origin-Resource-Policy
X-LLID
X-Forwarded-Proto
X-GUploader-UploadID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-FastCGI-Cache
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
X-Daa-Tunnel
TP-L2-Cache
X-LB-Cache
Cache-Tags
X-Amzn-RequestId
X-Amz-Apigw-Id
Realpath
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-Protected-By
X-Origin-Server
X-Distributor
Count-Hit
X-Microsite
X-Request-Handler-Origin-Region
X-Page-Id
X-F-Cache
X-PressLabs-Stats
X-Activity-Id
X-Cluster-Name
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Www-Served-By
X-Az
X-AppVersion
X-NGENIX-Cache
Accept-Charset
X-Varnish-Backend
X-Geo-Country
Referer-Policy
X-Hostname
X-Correlation-Id
X-Debug-Info
X-App-Server
X-Envoy-Decorator-Operation
X-Kong-Proxy-Latency
Fastcgi-Cache
X-Goog-Metageneration
X-FB-Debug
X-Kong-Upstream-Latency
X-Varnish-Server
Host
X-ORACLE-DMS-ECID
X-TTL
Access-Control-Allow-Method
X-Git-Hash
X-Rid
X-RateLimit-Reset
X-Ratelimit-Limit
Retry-After
X-XRDS-LOCATION
Server-Name
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Tt-Trace-Tag
X-Content-Options
X-Load-Cache
X-Px
X-Tt-Trace-Host
DC
X-Origin-Cache
X-Route-Name
X-Request-Guid
X-Contextid
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Revision
X-CSRF-Token
X-B3-Sampled
X-App-Environment
X-Type
X-Trace-Id
X-Grace
X-Oracle-Dms-Ecid
TCN
X-B-Cache
X-Signature
X-Upgrade-Enabled
X-Cache-Control
Paypal-Debug-Id
Cleartype
X-Mobile
Charset
X-TT
X-ASPNET-VERSION
X-Datadog-Parent-Id
X-B
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Fb-Rlafr
Section-Io-Cache
X-Seen-By
X-Language
X-Amz-Replication-Status
X-Ezoic-Cdn
Frame-Options
X-Logged-In
X-Goog-Storage-Class
X-Goog-Generation
X-Whom
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Fastly-Request-ID
X-Magnolia-Registration
Filterid
X-Wix-Request-Id
Healthy
X-Fastly-Request-Id
X-Oracle-Dms-Rid
X-Node-Name
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-Azure-Ref
X-N
Content-Disposition
X-App-Version
X-Proxy
Backend
X-Air-Pt
X-Varnish-Ttl
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
Refresh
NGB
X-Proxy-Cache-Info
X-Response-Served-From
X-Original-Request-Id
X-Is-Bot
X-Rendered-As
X-ProcessESI
X-Page-View
X-Servername
X-Tumblr-Pixel-0
VIX-Pulpo-Upstream-Status
X-RemovedCookies
VIX-Pulpo-Node
X-B3-SpanId
X-Unique-Id
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
SD-X-WS
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel
MS-CV
X-RTag
Viewport
Url
X-Adobe-Content
X-WP-CF-Super-Cache
X-Adobe-Loc
X-Amzn-Remapped-Content-Length
X-Datadog-Sampled
X-Instance
X-Debug-IsPreview
Liferay-Portal
Ms-Operation-Id
X-WP-CF-Super-Cache-Cache-Control
X-Debug-IsConnected
X-Varnish-Grace
X-FW-Dynamic
Fastly-SWR
X-FW-Serve
X-FW-Hash
X-User-Agent
X-Cache-Grace
Fastly-SIE
X-Cacheable-TTL
X-IPS-LoggedIn
X-FW-Version
X-Debug
X-FW-Type
X-Region
X-Ratelimit-Remaining
X-G
X-FW-Static
X-UUID
X-FW-Server
X-Jobs
X-Environment-Context
From-Origin
X-L-Path
X-NYM-Debug-Backend
X-Device-Type
X-Rule
X-Cache-Hit
Country
X-Status
X-Backend-Name
X-Hosted-By
Surrogate-Key
X-Hl-Ver
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Webkit-CSP
ServerID
X-Cache-Age
X-Http-Reason
X-Content-Powered-By
X-Time
Protected
X-Cache-Status-Check
Alternate-Protocol
X-Akamai-Request-ID2
X-VC-Cache
X-Origin-TTL
X-Origin-CC
X-NODE
Amp-Access-Control-Allow-Source-Origin
X-XRDS-Location
Countrycode
WPO-Cache-Message
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
WPO-Cache-Status
X-Use-Magma
X-HTML-Minification-Powered-By
X-B3-Traceid
Version
X-Via-JSL
X-INCAP-ABP
X-Akamai-Edgescape
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Framework
GEO-INFO
CDN-RequestId
X-Edge-Location
X-Cache-Rule
X-Storage
X-Source
Front
X-WP-CF-Super-Cache-Active
Access-Control-Request-Headers
X-CDN-Forward
X-Accel-Version
CF-IPCountry
SRV
X-Nginx-Cache
X-Httpd
X-Mode
X-Use-Mantle
X-Endurance-Cache-Level
X-Upstream-Ht
X-Upstream-Ct
X-UPSTREAM-Address
Xet-Cookie
Filters
X-Rn-Rsrv
X-Rewrite-Enabled
Meta-Geo
X-Cache-Operation
X-VC
Webserver
Accept-Language
X-Real-IP
OT-Force-Account-Verify
X-Soup
X-Tumblr-Pixel-2
X-Cache-Debug
X-Served-From
X-Xfnlog-Site
X-Tumblr-Pixel-3
X-Timing-Wait
X-SaId
Selected-Fe
X-Proxy-Build
X-JoinUs
X-Detected-As
X-Director
X-Redis-Cache
X-Tncms
X-ProxyCache-Status
X-Worker
X-Handled-By
X-Lambda-Id
X-Sql-Duration-Ms
X-SayCDN-TTL
X-Loop
X-Say-TTL
X-Sql-Count
X-ProxyCache-Key
X-Varnish-Cache-Hits
X-Adobe-Source
X-BYPASS-REASON
X-Cms-Context
X-Cache-Time
ServedBy
X-Varnish-Age
X-Say-Cacheable
X-PHP-Host
X-No-Session
DB-Nickname
X-RM-Cache-TTL
X-Labrador-Cache-Channel
X-Server-W
Xserver
Azure-SlotName
Apigw-Requestid
X-S
X-Format
X-GeoCode
Azure-SiteName
Azure-Version
Azure-InstanceId
X-Restarts
X-GeoCountry
Azure-RegionName
X-Logging-Id
AMP-Access-Control-Allow-Source-Origin
X-Skip-Cache
X-Varnish-Beresp-Grace
X-DynaTrace
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
X-Fetched-On
X-Cache-Server
Mn-Server-Ip
X-Cache-Host
X-AWS-Id
X-Generation-Time
X-VCT
X-Container-Uri
X-Git-Commit
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Origin-Hint
TWC-Privacy
Web-Mar-Node
TWC-GeoIP-Country
X-VWS-Id
TWC-Device-Class
Property-Id
X-IPLB-Instance
X-IPLB-Request-ID
TWC-Connection-Speed
X-LJ-Flow-ID
X-Is-Mobile
X-Extlb
X-Ms-Version
X-RCS-CacheZone
X-Provided-By
X-Proxied
X-Ms-Request-Id
X-COUNTRY
X-Cluster
X-Forwarded-Host
X-Frame-Option
X-Reqid
X-Vercel-Id
X-Vercel-Cache
X-Is-Tablet
X-Vcache
X-Geo-Region
X-Origin
X-Browser-Name
X-AB
X-Zipkin-Id
X-ServerID
X-Is-Supported-Browser
X-Tcp-Rtt
X-Tb
Node
X-Is-Desktop
X-Routing-Service
Cache-Tv-Group
X-R9-Blue-Green-Version
X-Uri
Section-Io-Id
X-Locale
X-Site-Version
Priority
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Web-Node
X-FB-TRIP-ID
Source
Content-Secure-Policy
X-Webstats-RespID
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-MP-GENERATED-AT
Cross-Origin-Embedder-Policy
WP-Super-Cache
X-Vcl-Version
CDN-RequestPullCode
CDN-Cache
CDN-RequestCountryCode
Onion-Location
CDN-PullZone
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-Uid
X-Origin-Date
CDN-CachedAt
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
WZWS-RAY
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
X-SRV
X-Generated-By
S-Rt
X-ShardId
X-Ua
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Pass-Why
X-Newrelic-Synthetics
X-Sucuri-Cache
X-Cdn-Origin
X-Cluster-Node
X-TT-LOGID
X-Buckets
Sid
X-Sucuri-ID
X-Cache-Action
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
X-Cache-Expired-At
X-Mg-Request-UUID
Cross-Origin-Window-Policy
Cross-Origin-Embedder-Policy-Report-Only
X-Xrds-Location
X-CMSURLCustom
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-Control
X-Scope-Id
Thinkindot-CacheControl-Type
TDXMobile
Cache
Fastly-Drupal-HTML
X-Datadome
X-LSADC-Cache
X-GEO
HostName
X-DataDome
X-Request-URI
X-Optimistic-Header
X-Aspnetmvc-Version
Ngx-Var-Key
X-Vdms-Path
X-Ec-Custom-Error
Ngx.Var.Host
X-Vdms-Version
X-External-Request-Id
X-Viewer-Country
MD5-Digest
Candidate-Md5Url
X-Correlation-ID
Meta-Geo-Continent
Origin
Origin-Agent-Cluster
X-Destination
DCR-Processing-Time-Ms
Environment
X-Ec-Fail
DCR-Decision-By
X-SRCache-Key
X-ScT
X-Scheme
X-Ec-GeoHdr
X-D
CDCHOST
X-Epic-Correlation-Id
Lang
X-S-Cookie
Gannett-Cam-Experience-Id
X-Developer
X-TIM-N
X-Rojux
X-Vtex-Remote-Cache
X-Bc-Bl
X-VCache
X-BCube-Filmed-By
X-Conf
X-Bl-Debug
Sslversion
Type
T-Server
X-B-Cookie
X-A-Dcw
X-Application
Surrogated-Key
X-Aed
X-A-Wwc
X-A-Dgt
Redirect-Candidate
X-A-Dam
Rendered-Blocks
X-A-Ccd
X-Cache-NE
X-PAYTM-SRV-ID
X-Cache-Bucket
X-A
X-WP-CF-Super-Cache-Cookies-Bypass
Atl-Traceid
X-TimeS
Edge-Copy-Time
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-Cache-Info
X-Access
X-Section
Apple-News-Services-Host
X-Acquia-Purge-Cdn-Unconfigured
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-SB
X-Dispatcher-Server
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Bip
X-Platform
X-Aicache-OS
X-SD-PageType
V-Age
X-Req
X-Request-Start
Server-Ext
Server-Host
Server-Hostname
X-Rocket-Build-Number
X-Request-Time
Release
Pramga
Req-ID
Req-Svc-Chain
X-Origin-Time
X-Core-Value
Sever-Int
Apple-News-Services-Handled
X-Proxied-Request
Vix-Hermes-Req-Id
X-Pool
Fastly-SSL
X-Debug-Cache-Store
Host-ID
Magicmarker
Ssr
X-Debug-Cache-Fetch
L
X-Pubstack
Fastly-GeoIP-CountryCode
X-Server-IP
X-VG-TLSProxy
X-VG-WebCache
X-VServer
X-Fastly-Cache
X-Varnishpool
X-Varnish-Hostname
X-Thanos
X-Up
X-Varnish-Beresp-Status
X-Varnish-Director
X-We-Are-Hiring
X-Gdpr
X-Men
X-Nyt-Route
X-Mly-Id
X-Node-Id
X-Loc
X-Level-Front-Cache
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Human
X-TH-Server
X-Forwarded-Site
X-Sigma
X-Sigma-Backend
X-Origin-Response-Time
X-Service
User-Cache-Control
X-WA-Info
X-Org
X-From
X-SVT-ORM-VERSION
X-Irp-Debug
True-Client-Country-4JS
X-Gen-Mode
X-ApacheServer
DSUID
X-Old-Content-Length
X-Zen-Fury
X-RateLimit-Remaining-Second
X-Clientip
X-Op-Id-All
X-Policy
X-RateLimit-Limit-Second
Tube-Got-Eval
We-Hiring
Canary
Esi-Enabled
Web-Mar-Region
X-HS-Content-Campaign-Id
X-Hash
X-Hnp-Log
X-Core-Mission
X-Ad-Load-Variation
X-GeoIP-City
Tube-Return
Tube-Got-Results
X-Fmm-Version
X-Instance-Name
Uber-Trace-Id
X-GeoIP
X-Geo-Header
Tube-Get-Contents
X-FC-Vary-Parameters
X-Mvc-Supplant-OutputCached
X-Esi-Check
X-Cache-Id
Country-Code
X-PERF
Mail-Subject
X-Device-Os
Machine
Is-Eu
X-Var-Ttl
X-UA-Device-Type
X-SVT-ORM-RULES
X-Nginx-Cache-Key
X-NMSegId
Gh-Request-Id
Adler-Geo
X-V-Cache
X-Auto-Login
X-Cache-Date
Platform
X-Fastly-Backend
Click-Count-Action-Start
Cache-Provider
Producers
X-Cache-TTL-Remaining
X-Gzip
X-Mvc-Supplant-Cachable
C-Via
On-Server
X-DPWN-IS-SECURE
Click-Count-Error
X-Micro-Cache
NM-Fastcgi-Cache
X-Block-Status
X-DC
X-HA-Backend
X-App-Name
Cdn-Request-Time
X-NCache
X-Via-Poph
X-Via-Popn
X-Via-Popv
Cf-Device-Type
X-SIPLIST1
X-Slack-Backend
X-Sn-Servicetimems
X-Test
X-Edge-Server
IsBot
X-Slack-Shared-Secret-Outcome
X-GoCache-CacheStatus
Proxy-Firewall
W
X-Proto
Cdn-Host
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cdn-Srv
Wxu-Next-Region
Cluster
X-Request-Host
AKAMAI
X-CacheTTL
X-ZONE
X-TA-CDN-Provider
X-Dc
Expiry
X-Parent-Response-Time
X-Connection-Hash
X-CF-Lambda-Version
X-Csrf-Jwt
X-CF-Lambda-Fn
X-Eu-Site
X-Date
X-CGP
Fastly-Backend-Name
X-Contensis-Viewer-Groups
X-Moov-T
X-Cache-Aspx
X-Owner
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Moov-Xdn-Version
X-Varnish-Authentication
X-Branch-Name
A
Content-Style-Type
LB
Content-Script-Type
X-Ah-Environment
X-NGINX-Cache
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
N-Cache
Pics-Label
X-Amz-Meta-Cb-Modifiedtime
X-Accel-Expires-Debug
Expect-Staple
NGX
Datacenter
X-Tenant
X-Orig-Expires
X-Qloud-Router
X-Cache-Type
RNT-Time
RNT-Machine
Cache-Key
X-Shop-Environment
X-Forwarded-Path
Xc-Version
X-Tt-Logid
X-Region-Sid
X-LB-NoCache
X-LB-ID
Cdncip
Cdnsip
Yak-Timeinfo
X-AK-Request-ID
X-Gamma-Serve
X-ND-Cache
Locid
X-Ratelimit-Reset
Cdn
Cmsid
PFcat
X-Amz-Storage-Class
X-VarnishDD-TTL
X-HN
X-Varnish-Hits
X-Refresh
Cmstype
X-Tx-Id
X-VHOST
SID
NtCoent-Length
X-Backend-Instance
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
X-Servedbyhost
X-Vmg-Version
X-CDN-Cache-Status
CPC-Age
Server-ID
X-DynaTrace-JS-Agent
X-Cdn-Diag
CPC-Cache
GeoIp-Country-Code
RATING
X-Nc
Cdn-Requestid
X-Azure-Ref-OriginShield
XM
X-LAGOON
X-TX-ID
X-Api-Version
X-Cache-Backend
X-Origin-Expires
X-API-Version
X-Fpc
X-Nananana
X-Srv
X-Akamai-Transformed
X-TIME
CloudFront-Viewer-Country
CacheControlHeader
X-Via-Fastly
X-B3-Parentspanid
X-Hit
X-Lagoon
Resin-Trace
X-Variation
XkeyRZ
X-Proxy-CacheRZ
Uri
User-Agent
X-CACHE-AGE
X-Nf-Request-Id
X-Client-Ip
X-URL
Cross-Origin-Opener-Policy-Report-Only
X-Fastly-Country-Code
X-Zone
X-LiteSpeed-Tag
X-NewRelic-App-Data
X-Info
X-Amz-Meta-Opti
VNS-Age
X-LiteSpeed-Cache-Control
VNS-Cache
MIME-Version
X-UA
Tcn
Cache-Name
X-MCACHE
GeoIP-Latitude
Lb
True-Client-Ip
True-Client-IP
X-Datacenter
X-DataCenter
X-Dynatrace-Js-Agent
X-HostName
X-Vc
DataCenter
X-Presslabs-Stats
X-CSRF-TOKEN
X-Geo
X-Location
X-Ig-Origin-Region
Mime-Version
Hostname
Cache-Hits
Cf-Ipcountry
Fusion-Deployment-Id
X-NWS-UUID-VERIFY
Fusion-Content-Source
Fusion-Component-Id
X-Dispatcher-Number
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-Cdn-Forward
Fastly-Drupal-Html
X-B3-Spanid
Powered-By
X-Cached-By
Srv
Origin-EX
X-Jungle-Id
X-CUA
Origin-CC
X-AIR-PT
X-Mid
X-Cloudmap
X-Webkit-Csp-Report-Only
X-RID
X-CLOUD-TRACE-CONTEXT
X-Varnish-Beresp-TTL
X-User
X-IAuth-Set-Uid
X-Segment-20210421
X-CS
Debug
Ohc-File-Size
BehaviorPad-Version
X-ECache
X-Esi
GeoIP-Country-Code
Cl-Cache
X-FPC
X-Dispatch
X-Render-Time
CDN
Ohc-Cache-HIT
X-Litespeed-Tag
X-VTEX-Cache-Time
X-NC
X-ServedByHost
X-VTEX-Cache-Server
X-WA
X-Powered-By-VTEX-Cache
X-Cdn-Cache-Status
Server-Id
X-Oracle-DMS-ECID
X-Cache-Enabled
Load-Balancing
X-Cs
CountryCode
Server-Info
My-App
Edge-Cache
X-Lb-Nocache
X-Auth-Group-Type
X-Lb-Id
Location
X-Wormhole-Sdk
YJS-ID
X-Wp-Cf-Super-Cache-Cache-Control
X-Traceid
X-Wp-Cf-Super-Cache
X-Snapshot-Date
CF-Ctrl
X-Fastly-Backend-Reqs
X-Internal-Host
X-VCL-Version
X-Litespeed-Cache-Control
Ms-Author-Via
X-ID
Wpo-Cache-Message
X-APP-VERSION
Wpo-Cache-Status
X-Akamai-Pragma-Client-IP
Section-Io-Origin-Time-Seconds
X-Proxy-Cache-La3
Xkey-La3
X-MiniProfiler-Ids
Section-Io-Origin-Status
X-Nitro-Cache
Section-Origin-Responded
Xkeylog
X-Nitro-Rev
CF-Cached-On
X-MSEdge-Features
X-NodeID
X-Nitro-Cache-From
X-MSEdge-Flight
X-Cdn-Request-ID
X-App
X-Ig-Push-State
X-Dw-Trace-Id
OriginIP
Time
Memory
X-FL-EDGE
Srvid
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Acquia-Application-Trace
X-Cache-FS-Status
X-Acquia-Site
Ngx
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
FSS-Cache
Memcached
X-FL-QIT-DEBUG
Odigeo-Trace-Id
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Cache-Version
X-Shardid
Akamai-Cache-Status
X-Via-PopH
X-Ha-Backend
X-Te-Duration-Ms
X-Te-Count
X-Lsadc-Cache
X-Via-PopN
PICS-Label
X-Vgn-Hpd-Reason
Cloudfront-Viewer-Country
X-Fastly-Cache-Hits
X-Via-PopV
X-Pad
X-Http-Duration-Ms
X-Udemy-Cache-App-Namespace
X-RequestId
X-Service-Response-Time
X-Serial
X-Check-Cacheable
Geoip-Latitude
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Web-Server
X-Http-Count
X-Mg-Cache
X-Sucuri-Id
X-Th-Server
Sm-Log-Id