Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
X-XSS-Protection
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Xss-Protection
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-AspNet-Version
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
X-Backend
Allow
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
X-Server
Keep-Alive
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Vhost
X-Proxy-Cache
X-Rq
X-Age
Xkey
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Swift-SaveTime
X-Swift-CacheTime
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-Backend-Server
X-OneAgent-JS-Injection
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Oneagent-Js-Injection
X-Country-Code
X-Trace
Content-Location
X-Url
X-Cache-Lookup
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Content-Type
X-Country
X-Clacks-Overhead
X-Litespeed-Cache
X-Edge
X-ECACHE
X-Mod-Pagespeed
Accept-Ch
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Midtier
X-Origin-Cache-Key
X-FTR-Request-ID
Cache-Tag
Cross-Origin-Opener-Policy
X-MS-InvokeApp
X-Mcache
X-Upstream
X-PC
X-Powered-By-Plesk
X-TtlSet
X-Vname
Nginx-Cache
X-ESI
Rating
Edge-Control
X-Ruxit-Js-Agent
X-D2id
X-Cdn-Fetch
X-Browser-Type
X-Exp-Id
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
Verso
X-Times
X-Ac
X-Server-Name
X-Cnection
SPRequestDuration
SPIisLatency
X-Vcap-Request-Id
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Navigation-Version
X-Abt-Application-Version
X-SharePointHealthScore
X-Dw-Request-Base-Id
SPRequestGuid
X-VARITI-CCR
Pinterest-Generated-By
X-NF-Request-ID
X-Pinterest-Rid
Pinterest-Version
X-GitHub-Request-Id
X-Ser
X-RateLimit-Remaining
X-B3-TraceId
Origin-Trial
AR-CACHE
S
RTSS
X-Cache-Key
X-Mg-S
X-Cache-TTL
X-Ttl
Edge-Cache-Tag
X-Goog-Hash
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Amz-Rid
X-Content-Security-Policy-Report-Only
X-Amzn-Trace-Id
Fastly-Restarts
X-Client-IP
X-Powered-CMS
X-NWS-LOG-UUID
X-Server-ID
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Access-Control-Request-Method
X-Edge-Location-Klb
X-Version
X-Kinsta-Cache
X-ARC
Cache-Status
X-Varnish-TTL
X-Recruiting
X-Webkit-Csp
X-Content-Digest
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
X-MSEdge-Ref
X-Forwarded-For
X-Ua-Device
X-TraceId
Content-MD5
X-Middleton-Response
Response
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Hits
X-Shield-Request-Id
X-Cached
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Public-Key-Pins
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-Frontend
X-Id
X-FTR-Cache-Status
Server-Node
X-FTR-Expires
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Ua-Browser
X-HS-Hub-Id
X-WebKit-CSP-Report-Only
Payment
X-Request-Received
MS-Author-Via
X-Request-Processing-Time
X-RateLimit-Limit
X-DIS-Request-ID
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-FastCGI-Cache
Front-End-Https
Cross-Origin-Resource-Policy
X-GUploader-UploadID
X-Forwarded-Proto
X-LLID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Cache-Tags
X-Fastcgi-Cache
TP-L2-Cache
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
Realpath
X-Protected-By
X-Origin-Server
X-PressLabs-Stats
Count-Hit
X-Daa-Tunnel
X-Distributor
X-Request-Handler-Origin-Region
X-Microsite
X-ORACLE-DMS-ECID
X-Page-Id
X-Cluster-Name
Accept-Charset
X-F-Cache
X-Varnish-Backend
X-Az
X-Activity-Id
X-AppVersion
X-NGENIX-Cache
X-Www-Served-By
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Geo-Country
X-App-Server
X-Correlation-Id
X-FB-Debug
X-Hostname
X-Debug-Info
X-Kong-Upstream-Latency
Referer-Policy
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-Varnish-Server
Host
X-Envoy-Decorator-Operation
Fastcgi-Cache
X-TTL
X-Rid
Access-Control-Allow-Method
X-Git-Hash
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-RateLimit-Reset
X-Ratelimit-Limit
X-XRDS-LOCATION
Retry-After
Server-Name
DC
X-Content-Options
X-Px
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Load-Cache
X-B3-Sampled
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Route-Name
X-Request-Guid
X-Revision
X-Contextid
X-Mobile
TCN
Cleartype
X-Origin-Cache
X-Trace-Id
X-Type
X-App-Environment
X-Language
X-Grace
X-Fb-Rlafr
Charset
Paypal-Debug-Id
X-B-Cache
X-Signature
X-TT
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-ASPNET-VERSION
X-CSRF-Token
X-B
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Cache-Control
X-Amz-Replication-Status
Section-Io-Cache
X-Logged-In
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Seen-By
Filterid
X-Newrelic-App-Data
X-Upgrade-Enabled
X-Whom
X-Ezoic-Cdn
X-Magnolia-Registration
X-Varnish-Ttl
X-Wix-Request-Id
Healthy
X-Fastly-Request-Id
X-Fastly-Request-ID
X-Oracle-Dms-Ecid
X-EdgeConnect-Cache-Status
X-Azure-Ref
Content-Disposition
X-Node-Name
X-B3-Traceid
X-Ratelimit-Remaining
X-App-Version
X-Proxy
Backend
X-N
X-Oracle-Dms-Rid
Akamai-GRN
X-Template
Upgrade-Insecure-Requests
X-Air-Pt
X-Proxy-Cache-Info
Refresh
NGB
X-Original-Request-Id
X-Response-Served-From
X-Is-Bot
X-Rendered-As
X-Servername
X-Unique-Id
X-Tumblr-User
Url
VIX-Pulpo-Node
X-Datadog-Sampled
MS-CV
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Page-View
X-ProcessESI
Ms-Operation-Id
X-RemovedCookies
X-Tumblr-Pixel
X-RTag
SD-X-WS
X-Cache-Grace
X-Adobe-Loc
X-Yottaa-Optimizations
Viewport
X-Cacheable-TTL
X-Adobe-Content
X-Environment-Context
X-Instance
X-Region
X-Jobs
X-Amzn-Remapped-Content-Length
X-L-Path
X-Varnish-Grace
X-User-Agent
Liferay-Portal
X-Yottaa-Metrics
From-Origin
X-G
X-FW-Type
X-FW-Version
X-IPS-LoggedIn
X-UUID
X-FW-Static
X-FW-Server
X-Debug-IsConnected
X-Debug-IsPreview
X-FW-Dynamic
X-FW-Hash
X-Debug
X-FW-Serve
Fastly-SWR
Fastly-SIE
X-Use-Magma
X-Cache-Hit
X-B3-SpanId
X-NYM-Debug-Backend
Country
X-Device-Type
X-Status
X-Rule
Surrogate-Key
X-Hosted-By
Amp-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Backend-Name
X-Hl-Ver
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Webkit-CSP
ServerID
X-Cache-Age
Protected
X-Content-Powered-By
X-Http-Reason
X-Akamai-Request-ID2
X-Cache-Status-Check
X-XRDS-Location
X-Time
X-VC-Cache
X-Origin-CC
Version
Alternate-Protocol
X-NODE
X-Origin-TTL
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
Countrycode
WPO-Cache-Message
WPO-Cache-Status
X-Rocket-Nginx-Serving-Static
X-INCAP-ABP
X-Framework
Front
X-Edge-Location
X-Via-JSL
X-CDN-Forward
X-Source
GEO-INFO
X-Cache-Rule
Access-Control-Request-Headers
CDN-RequestId
X-Storage
X-Httpd
X-Accel-Version
CF-IPCountry
X-Mode
X-Nginx-Cache
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-WP-CF-Super-Cache-Active
X-Endurance-Cache-Level
X-Use-Mantle
SRV
Meta-Geo
Accept-Language
X-Cache-Operation
X-UPSTREAM-Address
X-Xfnlog-Site
Webserver
X-Rn-Rsrv
X-Rewrite-Enabled
X-VC
X-Upstream-Ht
Filters
X-Upstream-Ct
X-Timing-Wait
X-SaId
X-Proxy-Build
X-Cache-Time
X-JoinUs
Xet-Cookie
X-Real-IP
X-Soup
X-Loop
OT-Force-Account-Verify
X-Varnish-Age
X-Lambda-Id
X-Director
X-Tumblr-Pixel-2
X-Detected-As
Selected-Fe
X-Served-From
X-Tumblr-Pixel-3
X-Tncms
X-Redis-Cache
X-Cms-Context
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
X-Say-Cacheable
X-Handled-By
X-Adobe-Source
X-Skip-Cache
X-Varnish-Beresp-Grace
ServedBy
Apigw-Requestid
X-Say-TTL
X-Cache-Debug
X-SayCDN-TTL
X-Sql-Count
X-Sql-Duration-Ms
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
Web-Mar-Node
X-Labrador-Cache-Channel
X-Cache-Host
X-GeoCountry
X-GeoCode
X-Format
TWC-Privacy
TWC-Locale-Group
X-Logging-Id
DB-Nickname
Azure-Version
Property-Id
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Azure-SlotName
X-Restarts
X-S
X-Uri
X-COUNTRY
X-Vcache
X-Server-W
X-Worker
X-RM-Cache-TTL
Xserver
X-No-Session
X-PHP-Host
X-Origin-Hint
X-DynaTrace
X-Extlb
X-Is-Tablet
X-Fetched-On
X-Cache-Server
X-AB
X-Browser-Name
X-Origin
X-Container-Uri
X-Forwarded-Host
X-Tcp-Rtt
X-IPLB-Instance
X-IPLB-Request-ID
X-Is-Desktop
X-Git-Commit
X-Tb
X-Generation-Time
X-Is-Supported-Browser
X-Geo-Region
X-ServerID
X-Zipkin-Id
X-AWS-Id
X-Proxied
Mn-Server-Ip
X-Vercel-Id
X-VWS-Id
X-Is-Mobile
X-Vercel-Cache
X-LJ-Flow-ID
X-VCT
X-Routing-Service
X-RCS-CacheZone
Cache-Tv-Group
X-Ms-Request-Id
Node
X-Reqid
X-Frame-Option
X-Provided-By
X-Ms-Version
X-Cluster
Section-Io-Id
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-Locale
X-Site-Version
Priority
Content-Secure-Policy
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
AMP-Access-Control-Allow-Source-Origin
X-Webstats-RespID
Fastcgi-Useragent
Source
X-MP-GENERATED-AT
X-Web-Node
WZWS-RAY
X-Drupal-Cache-Tags
X-Vcl-Version
Onion-Location
S-Rt
X-Drupal-Cache-Contexts
WP-Super-Cache
Cross-Origin-Embedder-Policy
X-Ua
X-SRV
X-Origin-Date
X-Urbn-Context-Path
X-Content-Age
X-Urbn-Site-Id
Locale
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-Uid
CDN-Cache
X-Shopify-Stage
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Generated-By
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Action
X-Cluster-Node
X-Sucuri-Cache
X-Cdn-Origin
X-Buckets
Sid
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
X-Sucuri-ID
X-Mg-Request-UUID
X-Pass-Why
X-Newrelic-Synthetics
X-TT-LOGID
Cross-Origin-Window-Policy
X-DataDome
X-Cache-Expired-At
X-Xrds-Location
Fastly-Drupal-HTML
Thinkindot-Control
Thinkindot-CacheControl
X-CMSURLCustom
X-Scope-Id
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
Cache
TDXMobile
X-Thinkindot-L3
X-Request-URI
X-LSADC-Cache
X-GEO
Cross-Origin-Embedder-Policy-Report-Only
X-Aspnetmvc-Version
Meta-Geo-Continent
MD5-Digest
Lang
Ngx-Var-Key
CDCHOST
Ngx.Var.Host
Candidate-Md5Url
X-Destination
X-Cache-Bucket
Gannett-Cam-Experience-Id
DCR-Processing-Time-Ms
X-D
X-Conf
V-Age
X-A
X-Cache-NE
Origin
X-A-Ccd
X-Aed
X-Bl-Debug
X-A-Wwc
X-BCube-Filmed-By
Type
X-B-Cookie
X-Bc-Bl
X-A-Dgt
T-Server
Redirect-Candidate
X-A-Dam
Origin-Agent-Cluster
Rendered-Blocks
X-A-Dcw
Surrogated-Key
Sslversion
X-Application
X-Developer
X-Vdms-Path
X-PAYTM-SRV-ID
X-Men
X-Vdms-Version
X-Viewer-Country
X-TIM-N
X-Rojux
X-Scheme
X-ScT
X-SRCache-Key
X-S-Cookie
X-VCache
X-Vtex-Remote-Cache
X-Correlation-ID
DCR-Decision-By
X-External-Request-Id
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Ec-Custom-Error
HostName
X-Service
X-TA-CDN-Provider
X-TimeS
X-Via-Edge
X-Datadome
X-Via-CDN
X-Via-SSL
Edge-Copy-Time
X-Optimistic-Header
X-Sigma-Backend
Sever-Int
X-Up
Ssr
X-Server-IP
Fastly-GeoIP-CountryCode
X-SVT-ORM-RULES
Server-Hostname
Environment
X-SVT-ORM-VERSION
X-Thanos
X-Varnish-Beresp-Status
X-VServer
X-VG-WebCache
X-VG-TLSProxy
Magicmarker
Fastly-SSL
Host-ID
L
X-Sigma
X-Varnish-Hostname
X-V-Cache
Server-Ext
Release
X-We-Are-Hiring
X-Varnish-Director
Pramga
Server-Host
X-Request-Time
X-Instance-Name
X-Human
X-Hash
X-Level-Front-Cache
X-Loc
X-Mly-Id
X-Bip
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Dispatcher-Server
X-Core-Mission
X-Debug-Cache-Fetch
X-Fastly-Backend
X-Fastly-Cache
X-Generated-On
X-Gdpr
X-Nyt-Route
X-Op-Id-All
X-Debug-Cache-Store
X-Req
X-Pubstack
X-Rocket-Build-Number
Vix-Hermes-Req-Id
X-SD-PageType
X-SB
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Origin-Time
X-B3-Trace-ID
X-Platform
X-Pool
X-Proxied-Request
X-Aicache-OS
X-Section
X-Cache-Info
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Country-Code
Apple-News-Services-Host
User-Cache-Control
X-Core-Value
X-Device-Os
Uber-Trace-Id
X-Clientip
We-Hiring
X-DPWN-IS-SECURE
X-Esi-Check
X-GeoIP
X-Geo-Header
X-Gen-Mode
X-FC-Vary-Parameters
X-CacheTTL
X-Cache-Date
X-ApacheServer
X-Auto-Login
X-Ad-Load-Variation
Wxu-Next-Region
Wxu-Next-Commit
X-BBC-Edge-Cache-Status
Atl-Traceid
Wxu-Next-Hostname
X-Block-Status
X-GeoIP-City
Web-Mar-Region
X-Cache-Id
X-Gzip
X-UA-Device-Type
X-Var-Ttl
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Request-Host
X-Slack-Backend
X-WP-CF-Super-Cache-Cookies-Bypass
X-Zen-Fury
X-TH-Server
X-Varnishpool
X-Request-Start
X-Node-Id
Req-ID
X-Forwarded-Site
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Irp-Debug
X-HS-Content-Campaign-Id
Tube-Return
X-Hnp-Log
X-NCache
X-Nginx-Cache-Key
X-Origin-Response-Time
X-PERF
X-Org
X-Old-Content-Length
X-NMSegId
X-GoCache-CacheStatus
X-Policy
Tube-Got-Results
Gh-Request-Id
Platform
Is-Eu
Cache-Provider
Adler-Geo
Producers
Click-Count-Error
Req-Svc-Chain
DSUID
Proxy-Firewall
Click-Count-Action-Start
C-Via
NM-Fastcgi-Cache
Mail-Subject
Canary
Machine
Tube-Get-Contents
Tube-Got-Eval
True-Client-Country-4JS
On-Server
X-Parent-Response-Time
X-DC
N-Cache
Cf-Device-Type
X-Date
X-WA-Info
X-Cdn-Srv
Cdn-Host
X-CF-Lambda-Version
X-Wikidot-Backend
X-CF-Lambda-Fn
IsBot
X-Via-Poph
LB
X-Test
X-Fmm-Version
X-From
X-ZONE
X-Cache-TTL-Remaining
X-Edge-Server
X-Via-Popn
X-SIPLIST1
X-HA-Backend
X-Tt-Logid
X-Via-Popv
X-Wikidot-Static-Cache
X-App-Name
Esi-Enabled
X-Micro-Cache
AKAMAI
X-Accel-Expires-Debug
X-Proto
Expect-Staple
W
Cdn-Request-Time
X-Owner
X-NGINX-Cache
X-Dc
Ha-Gx-Prefs
X-Qloud-Router
X-Tenant
X-Eu-Site
Pics-Label
X-Shop-Environment
X-Orig-Expires
HA-Ipaddr
X-Forwarded-Path
X-Amz-Meta-Cb-Modifiedtime
X-Ah-Environment
X-CGP
X-Csrf-Jwt
L5d-Success-Class
Cluster
X-Cache-Type
Fastly-Backend-Name
Xc-Version
Expiry
X-Connection-Hash
Datacenter
X-Moov-Xdn-Version
X-Varnish-Authentication
NGX
X-Moov-T
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-Gamma-Serve
Content-Script-Type
X-Branch-Name
Content-Style-Type
A
X-Tx-Id
Cmsid
X-LB-NoCache
Locid
RNT-Machine
Cache-Key
Cmstype
RNT-Time
X-Ratelimit-Reset
SID
Cdn
X-Refresh
X-Nc
CPC-Cache
X-Servedbyhost
X-Wa
X-Region-Sid
X-LB-ID
X-Nf-Request-Id
Cdncip
Cdnsip
Yak-Timeinfo
X-AK-Request-ID
Server-ID
CPC-Age
X-Varnish-Hits
X-Vmg-Version
X-Cdn-Diag
X-ND-Cache
X-VHOST
X-DynaTrace-JS-Agent
X-Api-Version
X-HN
X-VarnishDD-TTL
X-Amz-Storage-Class
NtCoent-Length
GeoIp-Country-Code
X-LAGOON
PFcat
X-Tb-Optimization-Total-Bytes-Saved
X-MCACHE
X-Client-Ip
X-CDN-Cache-Status
RATING
Cdn-Requestid
X-Backend-Instance
X-Fpc
X-B3-Parentspanid
X-Azure-Ref-OriginShield
X-Nananana
CacheControlHeader
CloudFront-Viewer-Country
XM
X-TIME
X-Akamai-Transformed
X-Srv
X-TX-ID
Resin-Trace
X-Origin-Expires
X-Via-Fastly
X-Cache-Backend
X-Variation
X-API-Version
X-LiteSpeed-Tag
X-CACHE-AGE
Uri
X-Hit
User-Agent
X-Lagoon
X-CSRF-TOKEN
X-URL
X-Zone
MIME-Version
X-LiteSpeed-Cache-Control
VNS-Cache
X-Proxy-CacheRZ
VNS-Age
X-Fastly-Country-Code
XkeyRZ
Cache-Name
X-Info
Cross-Origin-Opener-Policy-Report-Only
X-Amz-Meta-Opti
Hostname
X-ECache
Tcn
True-Client-IP
X-DataCenter
Lb
X-Datacenter
True-Client-Ip
X-B3-Spanid
X-Vc
X-HostName
DataCenter
X-NewRelic-App-Data
GeoIP-Latitude
X-Dispatcher-Number
X-Dynatrace-Js-Agent
X-Geo
X-UA
Cf-Ipcountry
X-Cached-By
X-Ig-Origin-Region
Mime-Version
X-Location
Fastly-Drupal-Html
Cache-Hits
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-Mid
Fusion-Content-Id
Srv
Fusion-Source
X-NWS-UUID-VERIFY
Fusion-Content-Source
Powered-By
X-AIR-PT
X-Presslabs-Stats
X-Webkit-Csp-Report-Only
X-Cdn-Forward
Origin-EX
X-IAuth-Set-Uid
X-Cloudmap
X-Jungle-Id
Origin-CC
X-CUA
X-CS
X-Varnish-Beresp-TTL
BehaviorPad-Version
X-Traceid
X-Segment-20210421
X-User
CountryCode
Ohc-File-Size
GeoIP-Country-Code
Debug
X-Dispatch
X-FPC
X-Cache-Enabled
X-Esi
CDN
Server-Id
X-Oracle-DMS-ECID
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Cl-Cache
Server-Info
X-RID
Location
X-Lb-Id
My-App
X-Cdn-Cache-Status
X-Render-Time
Ohc-Cache-HIT
Wpo-Cache-Status
Wpo-Cache-Message
X-Powered-By-VTEX-Cache
CF-Ctrl
X-VTEX-Cache-Server
X-WA
X-Internal-Host
X-VTEX-Cache-Time
X-Snapshot-Date
X-ServedByHost
X-Litespeed-Tag
X-Wormhole-Sdk
X-NC
YJS-ID
Load-Balancing
X-Cs
Section-Io-Origin-Time-Seconds
X-App
X-MSEdge-Features
Edge-Cache
X-MSEdge-Flight
X-Lb-Nocache
Section-Io-Origin-Status
Section-Origin-Responded
X-Nitro-Cache
X-Auth-Group-Type
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-ID
X-VCL-Version
X-APP-VERSION
Ms-Author-Via
Xkey-La3
X-MiniProfiler-Ids
Xkeylog
X-Nitro-Rev
X-Cache-FS-Status
X-Akamai-Pragma-Client-IP
X-Nitro-Cache-From
X-Cdn-Request-ID
X-Proxy-Cache-La3
CF-Cached-On
X-Dw-Trace-Id
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-NodeID
X-IN-APIGATEWAYSSL
Memory
Memcached
X-Ig-Push-State
Time
OriginIP
X-IN-APIGATEWAY
X-Acquia-Site
X-Via-PopV
X-Via-PopH
FSS-Cache
X-Via-PopN
Srvid
X-FL-EDGE
X-FL-QIT-DEBUG
X-Ha-Backend
X-Th-Server
Ngx
X-Shopid
X-Shardid
X-Cache-Version
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-DefHash
X-Vary
X-DefElseHash
Yjs-Id
X-Http-Duration-Ms
X-Http-Count
Akamai-Cache-Status
X-Varnish-Remaining-TTL
Odigeo-Trace-Id
PICS-Label
X-RequestId
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Pad
X-Mg-Cache
X-Check-Cacheable
Sm-Log-Id
X-Fastly-Cache-Hits
X-Serial
X-Service-Response-Time
X-Udemy-Cache-App-Namespace
X-Lsadc-Cache
X-Te-Duration-Ms
X-Te-Count
Geoip-Latitude
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-Web-Server