Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-AspNet-Version
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Expect-Ct
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Page-Speed
X-Pingback
Cf-Railgun
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
EagleEye-TraceId
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Nginx-Cache-Status
X-Node
X-Litespeed-Cache
X-Cloud-Trace-Context
X-Application-Context
X-Country-Code
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Trace
Content-Location
Service-Worker-Allowed
X-Url
X-Content-Type
X-Country
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Edge
X-ECACHE
X-Origin-Cache-Key
X-Mcache
Accept-Ch
X-Mod-Pagespeed
X-Amz-Server-Side-Encryption
X-Midtier
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-Rack-Cache
Cache-Tag
X-MS-InvokeApp
Nginx-Cache
X-Upstream
X-TtlSet
X-PC
X-ESI
X-Vname
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-D2id
Verso
X-Element-Page-Cache
X-Server-Name
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Times
X-B3-TraceId
X-Cnection
X-Ac
SPRequestDuration
SPIisLatency
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Abt-Application-Version
X-SharePointHealthScore
SPRequestGuid
X-Vcap-Request-Id
X-Navigation-Version
X-RateLimit-Remaining
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Ruxit-Js-Agent
X-GitHub-Request-Id
X-Ser
X-VARITI-CCR
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Mg-S
S
X-Cache-Key
X-Middleton-Display
RTSS
Display
X-Sol
Pagespeed
X-NWS-LOG-UUID
X-Client-IP
X-Ttl
X-Cache-TTL
Edge-Cache-Tag
Fastly-Restarts
X-Amz-Rid
X-Amzn-Trace-Id
Origin-Trial
X-Powered-CMS
X-Goog-Hash
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Server-ID
X-Version
X-Edge-Location-Klb
X-Kinsta-Cache
Cache-Status
Access-Control-Request-Method
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
X-Recruiting
X-ARC
X-TraceId
X-Content-Digest
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Arr-Disable-Session-Affinity
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-Middleton-Response
Response
X-Forwarded-For
X-Ua-Device
Content-MD5
X-Accel-Expires
MicrosoftSharePointTeamServices
TP-Cache
X-Cached
X-Shield-Request-Id
X-Hits
X-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
Public-Key-Pins
X-FTR-Expires
MS-Author-Via
X-Request-Processing-Time
X-Request-Received
Payment
Server-Node
X-Ua-Browser
Front-End-Https
Cross-Origin-Resource-Policy
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Webkit-Csp
X-Frontend
X-HS-Hub-Id
X-DIS-Request-ID
X-RateLimit-Limit
X-Forwarded-Proto
X-LLID
X-Daa-Tunnel
X-HP-Webp
X-HP-Trace-Id
X-GUploader-UploadID
X-Jurisdiction
X-FastCGI-Cache
X-Fastcgi-Cache
TP-L2-Cache
X-LB-Cache
Realpath
X-Protected-By
Cache-Tags
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Distributor
X-Microsite
Count-Hit
X-Request-Handler-Origin-Region
X-Page-Id
X-ORACLE-DMS-RID
X-F-Cache
X-B3-TraceId-Primal
X-NGENIX-Cache
X-Www-Served-By
MRF-Tech
X-Kinja-CCPA
Mrf-Cache-Status
X-Activity-Id
X-AppVersion
X-Az
Accept-Charset
X-Cluster-Name
X-Hostname
Referer-Policy
X-Geo-Country
X-Debug-Info
X-Varnish-Backend
X-App-Server
X-Envoy-Decorator-Operation
X-Correlation-Id
Host
Fastcgi-Cache
X-PressLabs-Stats
X-Kong-Proxy-Latency
X-Varnish-Server
X-Kong-Upstream-Latency
X-Goog-Metageneration
X-TTL
X-FB-Debug
Access-Control-Allow-Method
X-Git-Hash
X-Aspnet-Version
X-RateLimit-Reset
X-ORACLE-DMS-ECID
Retry-After
X-Oracle-Dms-Ecid
X-XRDS-LOCATION
X-Ratelimit-Limit
X-Rid
Server-Name
X-Content-Options
X-CSRF-Token
X-Load-Cache
X-Upgrade-Enabled
X-Px
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Contextid
X-Route-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Aspnet-Duration-Ms
X-Flags
X-Fastly-Request-Id
X-Revision
DC
X-App-Environment
X-B-Cache
TCN
X-Origin-Cache
X-Signature
Charset
X-Trace-Id
X-Cache-Control
X-Grace
Paypal-Debug-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Type
Section-Io-Cache
Cleartype
X-Ezoic-Cdn
X-ASPNET-VERSION
X-Seen-By
X-B
X-TT
X-Oracle-Dms-Rid
X-Mobile
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-B3-Sampled
X-Fb-Rlafr
Healthy
Frame-Options
X-Amz-Replication-Status
X-Wix-Request-Id
X-Language
X-Magnolia-Registration
X-Varnish-Ttl
X-Whom
X-Logged-In
X-Goog-Storage-Class
X-Node-Name
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Filterid
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-Fastly-Request-ID
X-N
X-Newrelic-App-Data
X-Proxy
X-App-Version
X-Air-Pt
Content-Disposition
Backend
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
NGB
Refresh
X-Proxy-Cache-Info
X-Response-Served-From
X-Original-Request-Id
X-Rendered-As
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-Yottaa-Metrics
X-Yottaa-Optimizations
SD-X-WS
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-ProcessESI
X-Page-View
X-RemovedCookies
X-Tumblr-Pixel
X-Unique-Id
VIX-Pulpo-Node
Liferay-Portal
X-Adobe-Loc
X-Amzn-Remapped-Content-Length
X-Varnish-Grace
X-UUID
X-WP-CF-Super-Cache
X-Adobe-Content
X-Servername
X-Datadog-Sampled
Viewport
X-Instance
X-Debug-IsConnected
X-Debug-IsPreview
X-WP-CF-Super-Cache-Cache-Control
X-IPS-LoggedIn
MS-CV
X-RTag
Ms-Operation-Id
X-B3-SpanId
Fastly-SWR
X-Ratelimit-Remaining
Fastly-SIE
X-G
X-FW-Server
X-User-Agent
X-FW-Static
X-NYM-Debug-Backend
X-FW-Type
X-FW-Version
Url
X-Cacheable-TTL
X-Device-Type
X-Region
X-FW-Serve
X-Debug
X-Cache-Grace
X-FW-Hash
X-FW-Dynamic
X-Rule
From-Origin
Country
X-Cache-Hit
X-Jobs
X-Hl-Ver
X-Environment-Context
X-L-Path
X-Backend-Name
X-Status
ServerID
X-Webkit-CSP
Surrogate-Key
X-Cache-Age
X-Air-Source
Countrycode
X-Hosted-By
X-Air-Trace-Id
X-Air-Hostname
X-Time
Alternate-Protocol
X-Origin-CC
X-Tec-Api-Origin
X-VC-Cache
X-Tec-Api-Root
X-Tec-Api-Version
X-Origin-TTL
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Content-Powered-By
X-Hcs-Proxy-Type
X-Cache-Status-Check
X-Http-Reason
X-Akamai-Request-ID2
Amp-Access-Control-Allow-Source-Origin
X-NODE
X-Via-JSL
X-INCAP-ABP
Protected
X-HTML-Minification-Powered-By
WPO-Cache-Message
WPO-Cache-Status
Version
X-Akamai-Edgescape
X-Rocket-Nginx-Serving-Static
GEO-INFO
CDN-RequestId
X-Framework
X-Storage
X-Accel-Version
X-Edge-Location
X-Source
SRV
X-WP-CF-Super-Cache-Active
X-Cache-Rule
X-CDN-Forward
Access-Control-Request-Headers
Front
CF-IPCountry
X-Nginx-Cache
X-XRDS-Location
X-Httpd
X-Use-Mantle
X-Use-Magma
X-Real-IP
OT-Force-Account-Verify
X-Rn-Rsrv
X-UPSTREAM-Address
X-Upstream-Ht
X-Rewrite-Enabled
X-Upstream-Ct
Accept-Language
X-Xfnlog-Site
Filters
X-Cache-Operation
Webserver
Meta-Geo
X-Endurance-Cache-Level
X-VC
X-Detected-As
X-JoinUs
X-Cache-Debug
X-Director
Selected-Fe
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Timing-Wait
X-Served-From
X-Soup
X-Proxy-Build
X-SaId
X-BYPASS-REASON
X-Sql-Duration-Ms
X-ProxyCache-Status
X-Adobe-Source
X-Sql-Count
X-Origin
ServedBy
X-Redis-Cache
X-Worker
X-Mode
X-Cms-Context
X-ProxyCache-Key
X-Say-Cacheable
X-Handled-By
X-SayCDN-TTL
X-Say-TTL
X-Varnish-Cache-Hits
X-Logging-Id
Azure-InstanceId
TWC-Connection-Speed
Azure-RegionName
X-Tncms
Azure-SiteName
X-RM-Cache-TTL
TWC-Device-Class
DB-Nickname
X-S
Azure-Version
Azure-SlotName
Webcakes-Region
X-GeoCountry
X-GeoCode
X-Format
X-PHP-Host
X-Labrador-Cache-Channel
X-Loop
X-Origin-Hint
X-Cache-Time
X-B3-Traceid
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Web-Mar-Node
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
Property-Id
X-VCT
X-Varnish-Age
Xet-Cookie
AMP-Access-Control-Allow-Source-Origin
Xserver
X-Fetched-On
X-Cache-Server
X-Tb
X-DynaTrace
X-Generation-Time
X-RCS-CacheZone
X-Restarts
X-No-Session
X-Lambda-Id
X-Git-Commit
X-Server-W
X-Skip-Cache
X-Container-Uri
X-Varnish-Beresp-Grace
X-Vercel-Cache
X-Vercel-Id
X-AB
X-VWS-Id
X-IPLB-Request-ID
Section-Io-Id
X-IPLB-Instance
X-Browser-Name
X-Tcp-Rtt
X-Cache-Host
X-Frame-Option
X-Geo-Region
X-Is-Desktop
X-AWS-Id
X-Is-Mobile
X-Ms-Version
X-Ms-Request-Id
X-Provided-By
Node
Mn-Server-Ip
X-ServerID
X-LJ-Flow-ID
X-Is-Supported-Browser
X-Is-Tablet
X-Vcache
X-Web-Node
Apigw-Requestid
X-Reqid
X-R9-Blue-Green-Version
X-Cluster
X-Forwarded-Host
X-Locale
X-Site-Version
X-Platform-Cluster
Cross-Origin-Embedder-Policy
X-Platform-Processor
X-Platform-Router
X-Uri
X-COUNTRY
X-Webstats-RespID
X-Drupal-Cache-Contexts
X-Proxied
X-Routing-Service
Source
X-Zipkin-Id
Cache-Tv-Group
Priority
X-FB-TRIP-ID
X-Extlb
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-MP-GENERATED-AT
Content-Secure-Policy
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-Cache
CDN-PullZone
CDN-RequestPullSuccess
CDN-CachedAt
CDN-EdgeStorageId
WP-Super-Cache
CDN-Uid
X-Origin-Date
X-Vcl-Version
Onion-Location
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-TT-LOGID
X-Generated-By
WZWS-RAY
X-Xrds-Location
X-Urbn-Site-Id
X-Content-Age
Locale
X-SRV
X-Urbn-Context-Path
X-Sucuri-Cache
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
S-Rt
X-Pass-Why
X-Sucuri-ID
X-Cdn-Origin
X-Newrelic-Synthetics
X-Cluster-Node
Sid
X-Ua
X-Buckets
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
Cross-Origin-Embedder-Policy-Report-Only
X-Cache-Action
X-Cache-Expired-At
Thinkindot-CacheControl-Type
Cross-Origin-Window-Policy
X-DataDome
TDXMobile
Thinkindot-CacheControl
X-Thinkindot-L3
Thinkindot-Control
X-Scope-Id
X-CMSURLCustom
X-Shield-Cache-Expires
Cache
X-LSADC-Cache
Fastly-Drupal-HTML
X-GEO
Atl-Traceid
HostName
X-Mg-Request-UUID
X-Aspnetmvc-Version
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-Via-Edge
X-Request-URI
X-Application
X-B-Cookie
X-Vtex-Remote-Cache
X-Aed
X-A-Dgt
X-A-Dam
X-A-Dcw
X-Bc-Bl
X-A-Wwc
X-BCube-Filmed-By
X-Vdms-Path
X-VCache
X-Ec-Custom-Error
X-External-Request-Id
X-Vdms-Version
X-Ec-Fail
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Viewer-Country
X-A-Ccd
X-A
Meta-Geo-Continent
Candidate-Md5Url
Ngx-Var-Key
MD5-Digest
Lang
DCR-Processing-Time-Ms
Environment
Gannett-Cam-Experience-Id
Ngx.Var.Host
Origin
T-Server
Type
DCR-Decision-By
Surrogated-Key
Sslversion
Origin-Agent-Cluster
Redirect-Candidate
Rendered-Blocks
X-TIM-N
X-Bl-Debug
X-S-Cookie
X-Rojux
X-Scheme
X-ScT
X-Cache-NE
X-Conf
X-Destination
X-Optimistic-Header
X-Correlation-ID
X-PAYTM-SRV-ID
X-Developer
X-Cache-Bucket
X-D
X-SRCache-Key
X-TimeS
X-Datadome
X-WP-CF-Super-Cache-Cookies-Bypass
X-We-Are-Hiring
X-Level-Front-Cache
X-Proxied-Request
Pramga
Req-Svc-Chain
Release
X-TH-Server
X-Debug-Cache-Fetch
X-Loc
V-Age
X-Debug-Cache-Store
X-Pubstack
X-Pool
Ssr
Server-Host
X-Dispatcher-Server
X-Op-Id-All
Host-ID
Fastly-SSL
Fastly-GeoIP-CountryCode
X-Nyt-Route
DSUID
L
X-Varnish-Beresp-Status
X-Varnish-Hostname
X-Req
X-Mly-Id
X-Varnish-Director
Magicmarker
X-Origin-Time
X-Platform
X-Forwarded-Site
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-WA-Info
X-Clientip
X-Aicache-OS
X-Varnishpool
X-Sigma
X-VServer
X-Cache-Info
X-VG-TLSProxy
X-SD-PageType
X-Section
X-Bip
X-Node-Id
X-Sigma-Backend
X-Acquia-Purge-Cdn-Unconfigured
X-GeoIP-Region-Code
X-Human
X-GeoIP-Country-Code
X-Generated-On
X-VG-WebCache
X-Gdpr
Vix-Hermes-Req-Id
X-Thanos
X-Rocket-Build-Number
X-Access
X-Request-Time
X-Core-Value
X-Request-Start
X-Instance-Name
X-Fastly-Cache
Req-ID
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Request-Url
CDCHOST
X-Origin-Response-Time
Tube-Return
Tube-Got-Eval
Tube-Got-Results
Uber-Trace-Id
Tube-Get-Contents
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Cache-Date
Adler-Geo
Server-Ext
X-Old-Content-Length
Sever-Int
True-Client-Country-4JS
X-Men
X-NCache
X-Irp-Debug
X-FC-Vary-Parameters
X-ApacheServer
X-Fmm-Version
X-From
X-Esi-Check
X-Auto-Login
X-Cache-Id
X-Cache-TTL-Remaining
X-Device-Os
X-DPWN-IS-SECURE
X-Ad-Load-Variation
X-Geo-Header
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Region
We-Hiring
Wxu-Next-Region
X-HS-Content-Campaign-Id
X-GeoIP
X-GeoIP-City
X-Gzip
X-Org
Server-Hostname
X-Up
Machine
X-V-Cache
Mail-Subject
X-SVT-ORM-VERSION
X-Server-IP
X-SVT-ORM-RULES
X-Var-Ttl
X-PERF
Click-Count-Error
Esi-Enabled
Click-Count-Action-Start
Gh-Request-Id
Cluster
Is-Eu
Canary
X-Zen-Fury
Producers
X-Request-Host
Platform
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Country-Code
X-Policy
X-TA-CDN-Provider
NM-Fastcgi-Cache
On-Server
X-SB
Cache-Provider
X-Service
X-DC
User-Cache-Control
X-Connection-Hash
Expiry
Content-Script-Type
Content-Style-Type
X-Edge-Server
X-Branch-Name
A
X-Varnish-Authentication
X-Cdn-Srv
X-Core-Mission
X-ZONE
X-GoCache-CacheStatus
X-Hnp-Log
X-Nginx-Cache-Key
X-UA-Device-Type
X-Test
X-Hash
X-Cache-Aspx
X-Moov-Xdn-Version
X-Moov-T
X-Gen-Mode
X-Contensis-Viewer-Groups
X-Fastly-Backend
X-Proto
X-App-Name
Cdn-Request-Time
AKAMAI
Cdn-Host
X-Block-Status
C-Via
Cf-Device-Type
W
X-Dc
X-Parent-Response-Time
Ha-Gx-Prefs
HA-Ipaddr
NGX
X-Slack-Backend
X-Wikidot-Static-Cache
Proxy-Firewall
RNT-Machine
RNT-Time
X-Eu-Site
Fastly-Backend-Name
X-Ah-Environment
IsBot
X-Wikidot-Backend
Cache-Key
X-CacheTTL
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-SIPLIST1
X-CGP
Pics-Label
X-Csrf-Jwt
L5d-Success-Class
Datacenter
X-NGINX-Cache
X-Qloud-Router
LB
X-Accel-Expires-Debug
X-HA-Backend
X-Owner
X-Via-Poph
X-Amz-Meta-Cb-Modifiedtime
Expect-Staple
X-Via-Popn
X-Via-Popv
Locid
X-AK-Request-ID
X-ND-Cache
X-Date
N-Cache
Cdnsip
Cdncip
Yak-Timeinfo
X-CF-Lambda-Fn
X-Region-Sid
X-CF-Lambda-Version
X-Amz-Storage-Class
X-HN
X-Cache-Type
X-Shop-Environment
X-Orig-Expires
X-VarnishDD-TTL
PFcat
Xc-Version
X-LB-NoCache
X-Tenant
X-Tx-Id
X-Forwarded-Path
X-LB-ID
X-Ratelimit-Reset
Cdn
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-Azure-Ref-OriginShield
X-Gamma-Serve
X-Backend-Instance
X-VHOST
SID
X-Tt-Logid
X-Wa
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
X-Nc
XM
RATING
X-Servedbyhost
Cmstype
NtCoent-Length
Cmsid
GeoIp-Country-Code
X-Varnish-Hits
Cdn-Requestid
X-Cdn-Diag
X-Cache-Backend
CPC-Age
Server-ID
X-Vmg-Version
X-Origin-Expires
X-API-Version
CPC-Cache
X-Nananana
X-Lagoon
X-Akamai-Transformed
X-TIME
X-Srv
CloudFront-Viewer-Country
X-Fpc
X-LAGOON
X-Via-Fastly
X-TX-ID
X-Api-Version
X-NewRelic-App-Data
X-Hit
X-B3-Parentspanid
CacheControlHeader
Resin-Trace
X-Zone
XkeyRZ
Cross-Origin-Opener-Policy-Report-Only
X-Variation
X-Nf-Request-Id
Uri
User-Agent
X-Proxy-CacheRZ
X-Client-Ip
X-UA
X-CACHE-AGE
X-URL
X-Presslabs-Stats
X-Fastly-Country-Code
GeoIP-Latitude
X-Amz-Meta-Opti
MIME-Version
X-Info
X-LiteSpeed-Tag
Tcn
X-ECache
Lb
X-DataCenter
VNS-Cache
Cache-Hits
X-Datacenter
True-Client-IP
X-Location
X-Ig-Origin-Region
True-Client-Ip
VNS-Age
X-HostName
DataCenter
X-LiteSpeed-Cache-Control
X-Dynatrace-Js-Agent
Cache-Name
Mime-Version
X-NWS-UUID-VERIFY
X-Geo
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-RID
Fusion-Component-Id
X-Vc
Powered-By
Cf-Ipcountry
Hostname
X-B3-Spanid
X-Cdn-Forward
Fastly-Drupal-Html
X-Cached-By
X-Jungle-Id
X-CUA
X-Dispatcher-Number
X-HOST
Srv
X-CSRF-TOKEN
X-IAuth-Set-Uid
X-User
Origin-EX
Origin-CC
X-CLOUD-TRACE-CONTEXT
X-AIR-PT
X-CS
X-Segment-20210421
X-Webkit-Csp-Report-Only
X-Cloudmap
Debug
X-Mid
X-Varnish-Beresp-TTL
X-MCACHE
Cl-Cache
X-Render-Time
Load-Balancing
X-Esi
CDN
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-Dispatch
GeoIP-Country-Code
Ohc-File-Size
BehaviorPad-Version
X-Wormhole-Sdk
X-VTEX-Cache-Time
X-FPC
X-Litespeed-Tag
Edge-Cache
X-Oracle-DMS-ECID
Server-Id
X-Cs
X-WA
X-Auth-Group-Type
X-Cdn-Cache-Status
X-NC
Ohc-Cache-HIT
X-Lb-Nocache
X-Lb-Id
YJS-ID
X-ServedByHost
X-Cache-Enabled
Server-Info
My-App
X-Ig-Push-State
X-NodeID
X-Fastly-Backend-Reqs
X-Wp-Cf-Super-Cache
Location
X-Wp-Cf-Super-Cache-Cache-Control
CountryCode
X-APP-VERSION
Ms-Author-Via
X-Litespeed-Cache-Control
X-VCL-Version
Wpo-Cache-Status
Wpo-Cache-Message
Xkey-La3
X-Internal-Host
Xkeylog
Odigeo-Trace-Id
X-MiniProfiler-Ids
X-Snapshot-Date
CF-Ctrl
X-Proxy-Cache-La3
X-Akamai-Pragma-Client-IP
CF-Cached-On
X-MSEdge-Flight
X-Cdn-Request-ID
X-MSEdge-Features
X-Pad
Section-Origin-Responded
X-FL-EDGE
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Srvid
Memory
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Time
X-Nitro-Cache
OriginIP
X-Nitro-Cache-From
Memcached
X-FL-QIT-DEBUG
X-Vgn-Hpd-Reason
Ngx
Section-Io-Origin-Status
X-Acquia-Site
X-Custom-Header
X-App
Section-Io-Origin-Time-Seconds
X-Nitro-Rev
FSS-Cache
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-Cache-Version
X-Sorting-Hat-Shopid
X-Via-PopV
X-Http-Count
X-Ha-Backend
PICS-Label
X-Depends
X-PHP-Backend
Cloudfront-Viewer-Country
X-Http-Duration-Ms
X-Via-PopH
Akamai-Cache-Status
X-Via-PopN
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-RequestId
X-Th-Server
X-Sucuri-Id
X-Lsadc-Cache
X-Cache-FS-Status
X-Udemy-Cache-App-Namespace
X-Te-Duration-Ms
X-Web-Server
X-Dw-Trace-Id
X-Mg-Cache
X-Service-Response-Time
X-Serial
X-Te-Count
Sm-Log-Id
X-Fastly-Cache-Hits