Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-Served-By
X-UA-Compatible
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
P3p
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Ua-Compatible
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Allow
Cf-Edge-Cache
X-Backend
Request-Context
X-UA-Device
Keep-Alive
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Pingback
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-Dns-Prefetch-Control
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Cache-Lookup
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-ECACHE
X-Mcache
Cache-Tag
X-Mod-Pagespeed
X-FTR-Request-ID
X-Midtier
X-MS-InvokeApp
Nginx-Cache
X-TtlSet
X-Vname
X-PC
X-Upstream
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
Verso
X-Times
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Cnection
X-Ruxit-Js-Agent
SPIisLatency
SPRequestDuration
X-Ac
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Abt-Application-Version
X-Navigation-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Ser
X-NF-Request-ID
X-GitHub-Request-Id
X-NWS-LOG-UUID
X-Pinterest-Rid
AR-CACHE
Pinterest-Generated-By
Pinterest-Version
X-VARITI-CCR
X-Mg-S
S
Pagespeed
X-Middleton-Display
Display
X-Sol
X-RateLimit-Remaining
X-Client-IP
X-Cache-Key
RTSS
Edge-Cache-Tag
X-Ttl
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Accept-Ch
X-Goog-Hash
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
Cache-Status
X-Edge-Location-Klb
X-Kinsta-Cache
X-Server-ID
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
Origin-Trial
X-Varnish-TTL
X-Content-Digest
X-TraceId
Response
X-Middleton-Response
Arr-Disable-Session-Affinity
X-Forwarded-For
X-T
X-Content-Security-Policy-Report-Only
X-MSEdge-Ref
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Hits
X-Cached
X-Daa-Tunnel
Public-Key-Pins
Front-End-Https
X-Id
Cross-Origin-Resource-Policy
X-Fastcgi-Cache
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Expires
MS-Author-Via
X-Request-Processing-Time
X-HS-Hub-Id
X-HS-Content-Id
X-Request-Received
X-HS-Cache-Config
Server-Node
X-DIS-Request-ID
X-Ua-Browser
X-HS-Combine-CSS
Payment
X-Forwarded-Proto
X-Frontend
X-Webkit-Csp
X-LLID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-GUploader-UploadID
Realpath
X-Protected-By
TP-L2-Cache
X-ORACLE-DMS-RID
X-LB-Cache
Cache-Tags
X-Distributor
X-FastCGI-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Ratelimit-Limit
X-Microsite
X-Request-Handler-Origin-Region
X-RateLimit-Limit
Count-Hit
Referer-Policy
X-Page-Id
X-Activity-Id
X-AppVersion
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Az
MRF-Tech
X-B3-TraceId-Primal
X-F-Cache
Mrf-Cache-Status
X-Hostname
X-Geo-Country
X-Cluster-Name
X-Debug-Info
X-Www-Served-By
X-Varnish-Backend
Accept-Charset
Host
X-Correlation-Id
X-NGENIX-Cache
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-App-Server
X-Varnish-Server
X-ORACLE-DMS-ECID
X-Ua-Device
X-TTL
X-XRDS-LOCATION
X-FB-Debug
X-Goog-Metageneration
X-PressLabs-Stats
Access-Control-Allow-Method
X-Git-Hash
Retry-After
X-CSRF-Token
X-Upgrade-Enabled
X-Load-Cache
X-Ezoic-Cdn
X-TEC-API-ROOT
X-Varnish-Ttl
X-Kinja-CCPA
X-TEC-API-ORIGIN
X-Content-Options
X-TEC-API-VERSION
X-WebKit-CSP-Report-Only
X-RateLimit-Reset
Server-Name
X-Fastly-Request-Id
X-Datadog-Parent-Id
X-Contextid
X-Px
X-Rid
X-Revision
X-Seen-By
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Charset
X-Tt-Trace-Host
X-Cache-Control
X-Oracle-Dms-Ecid
X-Tt-Trace-Tag
X-Request-Guid
X-Ratelimit-Remaining
DC
X-Type
X-Grace
TCN
X-Amz-Meta-S3cmd-Attrs
Section-Io-Cache
X-Trace-Id
X-Signature
X-B-Cache
Paypal-Debug-Id
Cleartype
X-TT
X-B3-Sampled
X-App-Environment
X-B
X-Fb-Rlafr
X-Newrelic-App-Data
Healthy
X-Whom
X-Wix-Request-Id
X-Node-Name
Frame-Options
X-Mobile
X-Amz-Replication-Status
X-Origin-Cache
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Route-Name
X-Providence-Cookie
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Azure-Ref
X-Logged-In
X-Proxy
X-Fastly-Request-ID
X-Language
Filterid
X-N
X-Air-Pt
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Content-Disposition
Akamai-GRN
Backend
X-App-Version
NGB
VIX-Pulpo-Upstream-Status
X-Template
X-Original-Request-Id
X-Response-Served-From
Upgrade-Insecure-Requests
VIX-Pulpo-Node
X-Proxy-Cache-Info
Refresh
SD-X-WS
X-Debug-IsPreview
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel
X-Debug-IsConnected
X-Datadog-Sampled
X-Unique-Id
X-Time
X-Yottaa-Optimizations
X-Cache-Age
X-Tumblr-Pixel-0
X-Varnish-Grace
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Tumblr-User
X-Rendered-As
X-Is-Bot
Viewport
X-Adobe-Content
X-IPS-LoggedIn
X-Adobe-Loc
X-Instance
Liferay-Portal
Ms-Operation-Id
MS-CV
X-RTag
X-Servername
X-Amzn-Remapped-Content-Length
X-UUID
X-FW-Type
X-Cacheable-TTL
X-Cache-Grace
X-FW-Version
X-FW-Server
X-Debug
X-G
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Region
X-Environment-Context
X-User-Agent
Fastly-SIE
Fastly-SWR
X-L-Path
From-Origin
X-Cache-Hit
X-Hl-Ver
X-NYM-Debug-Backend
X-Rule
X-Device-Type
Country
X-Backend-Name
X-Status
Url
ServerID
X-Jobs
X-CCDN-Origin-Time
X-Page-View
X-Webkit-CSP
X-CCDN-CacheTTL
X-Via-JSL
X-Hcs-Proxy-Type
Countrycode
X-B3-SpanId
WPO-Cache-Message
WPO-Cache-Status
X-VC-Cache
X-INCAP-ABP
Alternate-Protocol
X-Air-Hostname
X-Cache-Status-Check
X-Air-Trace-Id
Surrogate-Key
X-Origin-TTL
X-Hosted-By
X-Origin-CC
X-Air-Source
X-NODE
Version
X-HTML-Minification-Powered-By
X-Akamai-Request-ID2
Amp-Access-Control-Allow-Source-Origin
X-Nginx-Cache
X-Content-Powered-By
Protected
X-Source
GEO-INFO
X-B3-Traceid
SRV
X-Akamai-Edgescape
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Root
CDN-RequestId
X-Tec-Api-Origin
X-Tec-Api-Version
X-Storage
X-WP-CF-Super-Cache-Active
X-Accel-Version
X-Http-Reason
X-Framework
Access-Control-Request-Headers
X-CDN-Forward
OT-Force-Account-Verify
X-Edge-Location
X-VC
X-Cache-Rule
Front
CF-IPCountry
X-Real-IP
X-Use-Mantle
X-Mode
Meta-Geo
Accept-Language
Webserver
X-ServerID
X-Upstream-Ht
Filters
X-Upstream-Ct
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Cache-Operation
X-Httpd
Xet-Cookie
X-Xfnlog-Site
X-Rn-Rsrv
X-JoinUs
X-Timing-Wait
X-Cache-Time
X-Origin
X-Proxy-Build
X-SaId
Selected-Fe
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Tumblr-Pixel-2
X-Soup
X-Director
X-Served-From
X-SayCDN-TTL
X-Say-TTL
X-Worker
X-Adobe-Source
X-Web-Node
X-Detected-As
X-Say-Cacheable
X-PHP-Host
Node
X-Handled-By
X-Logging-Id
X-Redis-Cache
X-Labrador-Cache-Channel
X-Cache-Debug
ServedBy
X-Endurance-Cache-Level
Azure-Version
Azure-SlotName
X-VCT
X-Browser-Name
X-Varnish-Beresp-Grace
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Property-Id
X-Skip-Cache
X-Loop
X-GeoCountry
X-S
X-Is-Tablet
X-RM-Cache-TTL
X-Is-Mobile
X-Is-Desktop
X-GeoCode
X-Is-Supported-Browser
Apigw-Requestid
DB-Nickname
X-Tncms
X-Varnish-Age
X-Tcp-Rtt
X-Geo-Region
X-AB
X-No-Session
X-Format
X-Server-W
X-Cms-Context
AMP-Access-Control-Allow-Source-Origin
X-Restarts
TWC-Connection-Speed
X-ProxyCache-Key
X-Origin-Hint
X-ProxyCache-Status
X-Lambda-Id
Webcakes-Region
X-BYPASS-REASON
TWC-Locale-Group
Section-Io-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Web-Mar-Node
TWC-Privacy
Webcakes-App-Version
Xserver
Webcakes-App-Name
X-VWS-Id
X-DynaTrace
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Site-Version
X-Generation-Time
X-Git-Commit
X-Fetched-On
X-Vercel-Id
X-IPLB-Instance
X-Container-Uri
X-AWS-Id
X-Tb
Mn-Server-Ip
Cross-Origin-Embedder-Policy
X-LJ-Flow-ID
X-IPLB-Request-ID
X-Cache-Host
X-Locale
X-Cache-Server
X-Vercel-Cache
X-Provided-By
X-Platform-Cluster
X-Zipkin-Id
X-Ms-Version
X-Ms-Request-Id
X-Platform-Router
X-Forwarded-Host
X-Platform-Processor
X-Reqid
X-Uri
X-Proxied
X-Routing-Service
X-Frame-Option
X-Extlb
X-Cluster
X-TT-LOGID
X-Webstats-RespID
X-MP-GENERATED-AT
X-Drupal-Cache-Tags
X-Vcache
X-XRDS-Location
X-Drupal-Cache-Contexts
X-Sql-Duration-Ms
WP-Super-Cache
X-Sql-Count
X-Origin-Date
Cache-Tv-Group
X-Alternate-Cache-Key
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
X-Storefront-Renderer-Rendered
CDN-Cache
CDN-CachedAt
X-Shopify-Stage
Source
Fastcgi-Useragent
Priority
X-FB-TRIP-ID
Content-Secure-Policy
X-Vcl-Version
X-Sucuri-Cache
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-Cdn-Origin
X-Generated-By
X-Xrds-Location
X-Sucuri-ID
Onion-Location
X-Content-Age
X-Urbn-Context-Path
X-Urbn-Site-Id
Cross-Origin-Embedder-Policy-Report-Only
Locale
X-SRV
X-Pass-Why
S-Rt
X-Newrelic-Synthetics
Sid
WZWS-RAY
X-Buckets
X-Cluster-Node
Atl-Traceid
X-Scope-Id
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
TDXMobile
X-Thinkindot-L3
X-Use-Magma
X-Shield-Cache-Expires
X-CMSURLCustom
X-Varnish-Beresp-Ttl
X-Cache-Action
X-LSADC-Cache
Cache
X-Ua
X-DataDome
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
HostName
X-Cache-Expired-At
X-Via-Edge
X-Via-SSL
X-Via-CDN
X-GEO
Edge-Copy-Time
X-WP-CF-Super-Cache-Cookies-Bypass
Origin
Surrogated-Key
Fastly-Drupal-HTML
Sslversion
Redirect-Candidate
Server-Host
X-Bc-Bl
Rendered-Blocks
X-A-Dcw
Req-ID
X-Ec-Fail
X-Vtex-Remote-Cache
MD5-Digest
Lang
X-Cache-NE
Gannett-Cam-Experience-Id
Meta-Geo-Continent
X-Bl-Debug
Origin-Agent-Cluster
Ngx.Var.Host
Ngx-Var-Key
X-Cache-Bucket
DCR-Processing-Time-Ms
DCR-Decision-By
X-BCube-Filmed-By
X-Dispatcher-Server
X-Ec-Custom-Error
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Developer
X-Destination
X-Conf
X-D
CDCHOST
Candidate-Md5Url
X-External-Request-Id
T-Server
X-ScT
X-Varnish-Hostname
X-Platform
Type
X-Correlation-ID
X-PAYTM-SRV-ID
X-Scheme
X-VCache
X-A-Dam
X-Aed
Vix-Hermes-Req-Id
X-Request-Start
X-S-Cookie
X-Rojux
X-Vdms-Version
X-Vdms-Path
X-Viewer-Country
X-Optimistic-Header
X-A-Wwc
X-Application
X-A-Dgt
X-B-Cookie
X-SRCache-Key
X-TIM-N
X-A-Ccd
X-A
X-Connection-Hash
X-Request-URI
Expiry
X-Datadome
X-TimeS
Pramga
Server-Ext
X-We-Are-Hiring
X-Debug-Cache-Store
Cluster
Content-Script-Type
Server-Hostname
X-Debug-Cache-Fetch
X-Core-Value
Content-Style-Type
Apple-News-Services-Host
L
X-VG-TLSProxy
Apple-News-Services-Request-Url
Magicmarker
X-VG-WebCache
X-WA-Info
X-Branch-Name
X-Mg-Request-UUID
NM-Fastcgi-Cache
X-VServer
X-Varnishpool
X-Cache-Id
X-Thanos
X-Clientip
Environment
DSUID
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
Host-ID
X-Cache-Info
X-Varnish-Director
Fastly-SSL
X-Varnish-Beresp-Status
X-SD-PageType
X-Gzip
X-Human
X-Instance-Name
X-Origin-Time
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Pubstack
X-Proxied-Request
X-Pool
X-Section
X-Level-Front-Cache
X-Op-Id-All
X-Node-Id
X-Nyt-Route
X-NMSegId
X-Mly-Id
X-Loc
X-SB
Ssr
Sever-Int
X-Generated-On
X-Sigma
X-Esi-Check
X-Rocket-Build-Number
X-Sigma-Backend
User-Cache-Control
X-TH-Server
X-Bip
Apple-News-Services-Handled
X-Gdpr
X-Request-Time
X-Fastly-Cache
V-Age
A
X-Forwarded-Site
Release
X-Access
X-Origin-Response-Time
X-Service
X-ApacheServer
C-Via
X-Ad-Load-Variation
X-HS-Content-Campaign-Id
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-PERF
X-Old-Content-Length
X-Org
X-Request-Host
X-Server-IP
X-Var-Ttl
X-Varnish-Authentication
X-V-Cache
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-From
X-DPWN-IS-SECURE
X-Device-Os
X-Cache-Date
X-Contensis-Viewer-Groups
X-Geo-Header
X-GeoIP
X-Men
X-Micro-Cache
X-Irp-Debug
X-GoCache-CacheStatus
X-GeoIP-City
X-Cache-Aspx
Machine
X-Nginx-Cache-Key
X-NCache
Wxu-Next-Region
Adler-Geo
Gh-Request-Id
Mail-Subject
Is-Eu
X-Dc
X-Cache-TTL-Remaining
Web-Mar-Region
X-Hnp-Log
Canary
X-Moov-T
X-Moov-Xdn-Version
Esi-Enabled
Req-Svc-Chain
X-Gen-Mode
X-Req
X-Acquia-Purge-Cdn-Unconfigured
Uber-Trace-Id
X-Amz-Meta-Cb-Modifiedtime
Wxu-Next-Commit
Cache-Provider
We-Hiring
Wxu-Next-Hostname
X-Block-Status
X-Auto-Login
Platform
On-Server
X-UA-Device-Type
Producers
X-BBC-Edge-Cache-Status
X-Zen-Fury
True-Client-Country-4JS
X-B3-Trace-ID
X-Cdn-Srv
X-Fmm-Version
X-Sn-Servicetimems
Cdncip
X-Slack-Backend
Cdnsip
X-TA-CDN-Provider
X-AK-Request-ID
X-Proto
X-Ratelimit-Reset
X-Wikidot-Backend
X-Wikidot-Static-Cache
Yak-Timeinfo
X-Region-Sid
X-Slack-Shared-Secret-Outcome
X-Hash
X-Up
X-Fastly-Backend
X-DC
RNT-Machine
RNT-Time
Cf-Device-Type
Locid
Proxy-Firewall
X-Aicache-OS
Click-Count-Action-Start
X-App-Name
Click-Count-Error
Country-Code
Cache-Key
X-ND-Cache
Tube-Got-Results
W
Tube-Return
Tube-Got-Eval
AKAMAI
Tube-Get-Contents
X-Parent-Response-Time
X-Edge-Server
X-Owner
X-CGP
X-HN
Ha-Gx-Prefs
X-Csrf-Jwt
X-Accel-Expires-Debug
Pics-Label
L5d-Success-Class
X-Azure-Ref-OriginShield
HA-Ipaddr
X-Eu-Site
NGX
X-Amz-Storage-Class
X-Ah-Environment
X-Test
PFcat
X-Date
Fastly-Backend-Name
Cdn-Host
X-CacheTTL
Cdn-Request-Time
X-VarnishDD-TTL
X-ZONE
X-Via-Popn
X-Backend-Instance
X-Via-Poph
X-SIPLIST1
X-HA-Backend
IsBot
X-Via-Popv
Datacenter
X-LB-ID
X-Core-Mission
X-COUNTRY
X-Tx-Id
X-DynaTrace-JS-Agent
XM
Cdn
X-CACHE-GROUP
X-Qloud-Router
LB
X-Tb-Optimization-Total-Bytes-Saved
X-LB-NoCache
X-CF-Lambda-Version
X-CF-Lambda-Fn
Expect-Staple
X-Varnish-Hits
NtCoent-Length
X-Servedbyhost
X-Refresh
X-Cache-Backend
N-Cache
X-API-Version
X-Origin-Expires
X-VHOST
X-Lagoon
X-Cache-Type
SID
Xc-Version
X-Orig-Expires
X-Shop-Environment
X-Tenant
RATING
X-Forwarded-Path
X-ECache
X-NGINX-Cache
Cdn-Requestid
X-Wa
X-Nc
Server-ID
X-Gamma-Serve
GeoIp-Country-Code
Cmsid
Cmstype
X-Srv
X-CDN-Cache-Status
X-UA
CPC-Age
CloudFront-Viewer-Country
CPC-Cache
X-Nananana
X-Presslabs-Stats
Resin-Trace
X-Akamai-Transformed
X-Cdn-Diag
X-TX-ID
Cross-Origin-Opener-Policy-Report-Only
X-Vmg-Version
X-Fpc
X-Zone
X-Hit
X-Via-Fastly
X-Proxy-CacheRZ
GeoIP-Latitude
Cache-Hits
X-B3-Parentspanid
X-Nf-Request-Id
User-Agent
X-Tt-Logid
Uri
XkeyRZ
X-RID
X-Client-Ip
X-Variation
X-Ig-Origin-Region
X-LAGOON
X-Location
X-URL
CacheControlHeader
DataCenter
X-Fastly-Country-Code
X-Info
Fusion-Component-Id
X-Amz-Meta-Opti
X-Api-Version
X-TIME
Fusion-Template-Id
True-Client-Ip
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Tcn
X-Datacenter
Powered-By
MIME-Version
X-Cloudmap
Lb
X-DataCenter
X-B3-Spanid
X-NewRelic-App-Data
X-NWS-UUID-VERIFY
X-HostName
X-Geo
Origin-CC
X-Jungle-Id
X-CACHE-AGE
VNS-Cache
Origin-EX
X-CUA
Mime-Version
True-Client-IP
VNS-Age
X-CS
Fastly-Drupal-Html
X-Dynatrace-Js-Agent
X-Cached-By
X-User
Cf-Ipcountry
X-IAuth-Set-Uid
X-Cdn-Forward
X-Webkit-Csp-Report-Only
Debug
X-HOST
X-Vc
X-LiteSpeed-Tag
Srv
X-Segment-20210421
X-Varnish-Beresp-TTL
Load-Balancing
X-LiteSpeed-Cache-Control
Cl-Cache
Cache-Name
X-Render-Time
X-AIR-PT
X-Dispatcher-Number
Hostname
X-VTEX-Cache-Server
X-CSRF-TOKEN
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
CDN
X-MCACHE
X-Auth-Group-Type
X-FPC
GeoIP-Country-Code
Edge-Cache
X-Dispatch
Ohc-File-Size
X-Esi
X-Cdn-Cache-Status
Server-Id
X-Mid
X-Wormhole-Sdk
X-Litespeed-Tag
X-Cs
X-WA
X-NC
X-Oracle-DMS-ECID
X-Ig-Push-State
Ohc-Cache-HIT
BehaviorPad-Version
Odigeo-Trace-Id
X-NodeID
X-ServedByHost
X-APP-VERSION
X-Lb-Nocache
X-Cache-Ttl
X-Fastly-Backend-Reqs
CountryCode
X-Custom-Header
X-Cache-Enabled
X-Vgn-Hpd-Reason
X-Akamai-Pragma-Client-IP
Ms-Author-Via
X-Litespeed-Cache-Control
X-VCL-Version
X-PHP-Backend
X-Proxy-Cache-La3
X-Lb-Id
X-MiniProfiler-Ids
X-Depends
X-MSEdge-Flight
Server-Info
Xkeylog
X-Cdn-Request-ID
YJS-ID
X-MSEdge-Features
Xkey-La3
X-Pad
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-DefHash
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-DefElseHash
X-Ha-Backend
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Acquia-Application-Trace
X-Varnish-Remaining-TTL
X-IN-APIGATEWAY
X-FL-EDGE
X-Snapshot-Date
Location
X-IN-APIGATEWAYSSL
Srvid
OriginIP
Time
My-App
Memcached
Memory
X-FL-QIT-DEBUG
Ngx
FSS-Cache
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-Cache-Version
PICS-Label
X-M-Log
X-M-Reqid
Warning
X-Lsadc-Cache
CF-Cached-On
X-Internal-Host
X-RequestId
X-Serial
X-Mg-Cache
X-Service-Response-Time
X-Web-Server
CF-Ctrl
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
Geoip-Latitude
X-Udemy-Cache-App-Namespace
Sm-Log-Id
Akamai-Cache-Status
X-Sucuri-Id