Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
X-DNS-Prefetch-Control
P3p
X-Generator
X-Ua-Compatible
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
X-Request-ID
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
X-UA-Device
Keep-Alive
Request-Context
X-Robots-Tag
X-Server
Allow
X-Cache-Group
EagleId
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Dns-Prefetch-Control
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Pingback
Permissions-Policy
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-LiteSpeed-Cache
X-Device
Cf-Railgun
EagleEye-TraceId
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Cache-Lookup
X-Host
X-Aws-Lambda-Call-Status
X-Server-Id
X-Readtime
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
Content-Location
X-Country-Code
X-Country
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Trace
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-Rack-Cache
Rating
Cache-Tag
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-FTR-Request-ID
Nginx-Cache
X-Origin-Cache-Key
X-TtlSet
X-Vname
X-PC
X-Mcache
X-Edge
X-Midtier
X-NWS-LOG-UUID
X-MS-InvokeApp
X-Times
X-Mod-Pagespeed
X-Upstream
X-Server-Name
X-Powered-By-Plesk
X-ECACHE
X-Browser-Type
Edge-Control
X-ESI
X-Cnection
X-D2id
X-Element-Page-Cache
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
Verso
X-Ser
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Ac
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Abt-Application-Version
X-B3-TraceId
X-Navigation-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Ttl
X-NF-Request-ID
AR-CACHE
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Client-IP
X-Mg-S
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Edge-Cache-Tag
S
Fastly-Restarts
X-Cache-Key
X-VARITI-CCR
X-Erf-Bev-Bev
X-Cache-TTL
X-Erf-Bev-Bev-Is-Generated
X-Daa-Tunnel
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Amzn-Trace-Id
X-Amz-Rid
RTSS
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
X-Kinsta-Cache
X-Server-ID
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-Goog-Hash
X-Recruiting
X-Webkit-Csp
X-Content-Digest
X-Varnish-TTL
X-FastCGI-Cache
X-ARC
X-Forwarded-For
X-TraceId
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Cross-Origin-Resource-Policy
MS-Author-Via
Content-MD5
MicrosoftSharePointTeamServices
Front-End-Https
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
X-Shield-Request-Id
X-Accel-Expires
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Id
X-Forwarded-Proto
X-Cached
X-Ua-Browser
Realpath
Public-Key-Pins
X-Request-Received
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Hits
X-FTR-Backend-Server
X-Country-Code-Real
Server-Node
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-HS-Combine-CSS
X-RateLimit-Limit
X-Frontend
Payment
X-Protected-By
X-FTR-Expires
X-LLID
X-Fastly-Request-ID
X-DIS-Request-ID
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-RID
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
TP-L2-Cache
X-LB-Cache
X-Correlation-Id
Cache-Tags
X-Request-Handler-Origin-Region
X-Microsite
Count-Hit
Fastcgi-Cache
X-Envoy-Decorator-Operation
Mrf-Cache-Status
X-Amzn-RequestId
MRF-Tech
Referer-Policy
X-Activity-Id
X-Amz-Apigw-Id
X-Az
Host
X-AppVersion
X-B3-TraceId-Primal
X-Debug-Info
X-NGENIX-Cache
X-Cluster-Name
X-Hostname
X-Origin-Server
X-Varnish-Backend
X-Www-Served-By
X-Geo-Country
X-XRDS-LOCATION
X-Varnish-Server
X-ORACLE-DMS-ECID
X-Page-Id
Accept-Charset
X-App-Server
X-Ezoic-Cdn
X-PressLabs-Stats
X-F-Cache
X-TEC-API-VERSION
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Origin-Trial
X-Load-Cache
X-Px
X-Ratelimit-Limit
X-FB-Debug
X-Goog-Metageneration
X-Upgrade-Enabled
X-CSRF-Token
X-Seen-By
X-Fastcgi-Cache
X-RateLimit-Reset
TCN
X-Amz-Meta-S3cmd-Attrs
Server-Name
Cleartype
Access-Control-Allow-Method
X-Webkit-CSP
X-Git-Hash
X-Tt-Trace-Host
X-Tt-Trace-Tag
Section-Io-Cache
X-Grace
X-B3-Sampled
X-TT
X-B
X-Varnish-Ttl
X-Trace-Id
X-Type
X-Azure-Ref
X-Revision
X-Contextid
Healthy
Charset
X-Cache-Control
Paypal-Debug-Id
X-Datadog-Trace-Id
X-Whom
X-Datadog-Parent-Id
DC
X-Datadog-Sampling-Priority
X-Content-Options
X-Fb-Rlafr
X-Proxy
X-Request-Guid
X-Wix-Request-Id
X-Mobile
X-N
X-B-Cache
X-Signature
X-Air-Pt
Accept-Ch
X-App-Environment
X-Newrelic-App-Data
X-Oracle-Dms-Ecid
X-Node-Name
X-Magnolia-Registration
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Amz-Replication-Status
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Filterid
Frame-Options
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Origin-Cache
X-Logged-In
X-TTL
X-Time
X-EdgeConnect-Cache-Status
Viewport
X-Oracle-Dms-Rid
NGB
X-Unique-Id
VIX-Pulpo-Upstream-Status
Content-Disposition
Backend
X-Response-Served-From
X-Original-Request-Id
X-Debug
VIX-Pulpo-Node
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Debug-IsPreview
X-Debug-IsConnected
X-Tumblr-User
X-ProcessESI
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Version
X-G
X-FW-Serve
X-RTag
Ms-Operation-Id
X-Cache-Grace
MS-CV
X-Yottaa-Optimizations
X-FW-Dynamic
X-Ratelimit-Remaining
X-Yottaa-Metrics
X-Datadog-Sampled
X-WebKit-CSP-Report-Only
X-VC-Cache
Fastly-SWR
Fastly-SIE
X-Ua-Device
X-Adobe-Loc
X-Is-Bot
X-Rendered-As
X-NYM-Debug-Backend
X-IPS-LoggedIn
X-Hl-Ver
X-Adobe-Content
Liferay-Portal
X-UUID
X-Amzn-Remapped-Content-Length
X-Backend-Name
X-Device-Type
From-Origin
X-Instance
X-Varnish-Grace
X-Servername
X-Cache-Age
SD-X-WS
X-Environment-Context
X-Cacheable-TTL
X-User-Agent
Akamai-GRN
Upgrade-Insecure-Requests
ServerID
X-L-Path
X-Proxy-Cache-Info
X-Region
Version
X-Via-JSL
X-Status
X-Rule
X-Cache-Hit
Country
Refresh
X-B3-SpanId
X-Source
X-Template
X-INCAP-ABP
Countrycode
GEO-INFO
X-Language
X-Rid
CDN-RequestId
X-Storage
SRV
X-HTML-Minification-Powered-By
Url
X-NODE
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Cache-Status-Check
OT-Force-Account-Verify
X-WP-CF-Super-Cache-Active
Alternate-Protocol
X-Origin-TTL
X-Fastly-Request-Id
X-Origin-CC
X-B3-Traceid
WPO-Cache-Message
X-Real-IP
WPO-Cache-Status
X-App-Version
X-Providence-Cookie
X-CDN-Forward
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Jobs
AMP-Access-Control-Allow-Source-Origin
X-ServerID
X-Akamai-Request-ID2
X-VC
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
X-Cache-Time
Access-Control-Request-Headers
X-Content-Powered-By
X-TT-LOGID
X-Nginx-Cache
Protected
X-Rocket-Nginx-Serving-Static
X-Sucuri-Cache
X-Mode
X-Accel-Version
X-Handled-By
X-Xfnlog-Site
X-Upstream-Ht
X-Upstream-Ct
Filters
X-Rewrite-Enabled
Xet-Cookie
X-Akamai-Edgescape
Webserver
Meta-Geo
X-Sucuri-ID
X-Rn-Rsrv
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-VWS-Id
X-Timing-Wait
X-Webstats-RespID
X-LJ-Flow-ID
X-Cache-Operation
X-GeoCountry
X-GeoCode
X-Cache-Rule
X-JoinUs
X-Drupal-Cache-Tags
X-SaId
X-Labrador-Cache-Channel
X-Worker
Section-Io-Id
X-Hosted-By
X-Proxy-Build
X-PHP-Host
X-Tec-Api-Version
X-AWS-Id
X-Tec-Api-Root
X-Tec-Api-Origin
Selected-Fe
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
X-Origin
ServedBy
X-Tumblr-Pixel-2
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
X-Origin-Hint
Node
Property-Id
X-RM-Cache-TTL
X-Proxied
X-Restarts
Mn-Server-Ip
X-Adobe-Source
X-Web-Node
X-No-Session
TWC-GeoIP-Country
X-Cluster
X-Served-From
TWC-Privacy
X-Varnish-Cache-Hits
Webcakes-Region
TWC-GeoIP-LatLong
X-Edge-Location
X-Routing-Service
X-Zipkin-Id
X-Drupal-Cache-Contexts
TWC-Device-Class
X-Extlb
X-Geo-Region
Front
X-AB
X-Director
X-Cms-Context
Atl-Traceid
Apigw-Requestid
X-BYPASS-REASON
X-Forwarded-Host
X-Browser-Name
X-Say-TTL
X-S
X-VCT
X-Say-Cacheable
Web-Mar-Node
X-SayCDN-TTL
X-Varnish-Age
X-Origin-Date
X-ProxyCache-Status
X-ProxyCache-Key
X-RCS-CacheZone
X-Redis-Cache
X-Framework
X-IPLB-Instance
Xserver
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-IPLB-Request-ID
X-Skip-Cache
X-Lambda-Id
X-Tb
X-Soup
X-Logging-Id
X-Tcp-Rtt
X-Locale
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Grace
X-Vercel-Cache
X-Vercel-Id
X-Tncms
X-Reqid
X-R9-Blue-Green-Version
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Loop
X-Site-Version
X-Detected-As
X-Cdn-Origin
X-Cache-Host
X-Fetched-On
X-Format
X-Httpd
X-Shopify-Stage
X-Generation-Time
X-Cache-Debug
CDN-EdgeStorageId
CDN-Uid
CDN-Cache
Azure-Version
CDN-CachedAt
CDN-RequestPullSuccess
CDN-PullZone
CDN-RequestPullCode
Azure-SlotName
Azure-SiteName
CDN-RequestCountryCode
Azure-InstanceId
Azure-RegionName
X-Git-Commit
X-Ms-Version
X-Container-Uri
X-Ms-Request-Id
X-Frame-Option
Accept-Language
X-Vcache
X-Cache-Server
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-RID
X-ShopId
X-ShardId
X-XRDS-Location
X-Provided-By
DB-Nickname
Fastcgi-Useragent
CF-IPCountry
WP-Super-Cache
X-Server-W
Cross-Origin-Window-Policy
Source
X-Vcl-Version
X-Uri
X-MP-GENERATED-AT
X-Page-View
X-Azure-Ref-OriginShield
X-SRV
Cross-Origin-Embedder-Policy-Report-Only
X-Thinkindot-L3
X-CMSURLCustom
X-Shield-Cache-Expires
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Scope-Id
X-Generated-By
Sid
Cache
Cache-Tv-Group
X-UA
X-Pass-Why
X-FB-TRIP-ID
X-Buckets
Content-Secure-Policy
X-PDP-UNCACHING-HASH
X-Optimistic-Header
X-LSADC-Cache
X-Lagoon
HostName
Onion-Location
X-Use-Mantle
X-DataDome
X-Content-Age
X-Http-Reason
Priority
X-Urbn-Context-Path
X-Xrds-Location
X-Urbn-Site-Id
Locale
X-Dc
X-DynaTrace
X-WP-CF-Super-Cache-Cookies-Bypass
X-GEO
X-Request-URI
X-Datadome
X-Connection-Hash
Expiry
Locid
User-Cache-Control
X-A-Wwc
X-Aed
X-Op-Id-All
X-Dispatcher-Server
X-D
X-Varnish-Beresp-Ttl
X-Epic-Correlation-Id
A
X-Conf
X-A-Dgt
X-Ec-GeoHdr
Gannett-Cam-Experience-Id
X-Ec-Fail
X-Kinja-CCPA
X-ND-Cache
X-BCube-Filmed-By
X-Bc-Bl
X-Bl-Debug
X-External-Request-Id
Candidate-Md5Url
X-Cache-NE
X-B-Cookie
DCR-Decision-By
X-Destination
X-Application
X-Developer
DCR-Processing-Time-Ms
T-Server
X-Cache-Bucket
X-Rojux
X-ScT
X-Viewer-Country
X-Vdms-Version
X-Vdms-Path
X-Vtex-Remote-Cache
Ngx.Var.Host
X-S-Cookie
X-TA-CDN-Provider
X-TIM-N
Origin
Req-ID
Redirect-Candidate
X-UA-Device-Type
Vix-Hermes-Req-Id
Origin-Agent-Cluster
X-Varnish-Hostname
X-Platform
Rendered-Blocks
X-SRCache-Key
Server-Host
X-SB
MD5-Digest
Surrogated-Key
Sslversion
X-Cluster-Node
X-A-Dam
Magicmarker
Lang
LB
X-A-Dcw
X-A-Ccd
Meta-Geo-Continent
Ngx-Var-Key
X-Zen-Fury
X-A
X-Request-Start
X-Proxy-Cache-Status
Producers
Server-Ext
Server-Hostname
V-Age
X-Contensis-Viewer-Groups
True-Client-Country-4JS
X-Debug-Cache-Fetch
Sever-Int
Release
X-Core-Value
Cdncip
Environment
X-Auto-Login
DSUID
X-B3-Trace-ID
NM-Fastcgi-Cache
Adler-Geo
X-Amz-Meta-Cb-Modifiedtime
Is-Eu
Host-ID
X-Ad-Load-Variation
X-AK-Request-ID
X-Bip
Wxu-Next-Region
Wxu-Next-Commit
Platform
X-Cache-TTL-Remaining
X-Clientip
CDCHOST
X-Cache-Id
Wxu-Next-Hostname
Cluster
X-Cache-Aspx
Cdnsip
C-Via
X-Loc
X-Nyt-Route
X-Debug-Cache-Store
X-Origin-Time
X-PAYTM-SRV-ID
X-Node-Id
X-NMSegId
X-Level-Front-Cache
X-NCache
X-Nginx-Cache-Key
X-Pubstack
X-Sql-Duration-Ms
X-Varnishpool
X-WA-Info
XM
Yak-Timeinfo
X-Varnish-Authentication
X-Thanos
X-Sql-Count
X-Req
X-Scheme
X-Gzip
X-Origin-Expires
X-Generated-On
X-GeoIP
X-GeoIP-City
X-Esi-Check
Cache-Hits
X-Device-Os
X-DPWN-IS-SECURE
X-GeoIP-Country-Code
X-Gdpr
X-GeoIP-Region-Code
X-Service
Fastly-Drupal-HTML
X-V-Cache
X-Fastly-Cache
X-Var-Ttl
X-TH-Server
X-Hnp-Log
X-SVT-ORM-VERSION
X-Server-IP
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Varnish-Beresp-Status
We-Hiring
X-BBC-Edge-Cache-Status
X-We-Are-Hiring
X-Ec-Custom-Error
Tube-Get-Contents
X-HN
X-Aicache-OS
X-VG-TLSProxy
Tube-Got-Eval
X-Section
Uber-Trace-Id
Tube-Return
Tube-Got-Results
X-VarnishDD-TTL
X-Cdn-Srv
X-Org
X-Geo-Header
X-Acquia-Purge-Cdn-Unconfigured
X-Instance-Name
X-Cache-Expired-At
X-Block-Status
X-Cache-Backend
X-Moov-Xdn-Version
X-Moov-T
X-ApacheServer
X-Micro-Cache
X-Men
X-Access
X-Gen-Mode
X-From
X-GoCache-CacheStatus
X-Forwarded-Site
X-Request-Time
X-Mly-Id
X-Region-Sid
X-RateLimit-Remaining-Second
X-PERF
X-Pool
X-Proxied-Request
X-RateLimit-Limit-Second
X-SD-PageType
X-Amz-Storage-Class
Apple-News-Services-Handled
X-NWS-UUID-VERIFY
Esi-Enabled
Fastly-GeoIP-CountryCode
Fastly-SSL
Machine
L
Gh-Request-Id
Country-Code
Content-Style-Type
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-ECache
Canary
Content-Script-Type
Click-Count-Error
Click-Count-Action-Start
Mail-Subject
Ssr
RNT-Machine
PFcat
Pramga
Req-Svc-Chain
RNT-Time
X-Newrelic-Synthetics
On-Server
X-Cache-Action
X-Origin-Response-Time
X-VG-WebCache
X-Wikidot-Static-Cache
X-Cache-Info
Cdn-Host
Cf-Device-Type
X-Cache-Date
Cdn-Request-Time
X-Wikidot-Backend
Cache-Key
X-VServer
X-HS-Content-Campaign-Id
X-Csrf-Jwt
X-CGP
X-Human
AKAMAI
X-Mvc-Supplant-Cachable
Cache-Provider
X-Hash
X-Old-Content-Length
X-Correlation-ID
Ha-Gx-Prefs
X-Sigma-Backend
Web-Mar-Region
X-Sigma
HA-Ipaddr
X-FC-Vary-Parameters
X-Test
X-Edge-Server
L5d-Success-Class
X-Policy
X-Fmm-Version
X-Request-Host
Proxy-Firewall
X-Eu-Site
X-Proto
W
X-Backend-Instance
X-Up
X-Rocket-Build-Number
X-Varnish-Director
WZWS-RAY
X-Fastly-Backend
X-Via-Fastly
X-Slack-Shared-Secret-Outcome
X-Tb-Optimization-Total-Bytes-Saved
X-NGINX-Cache
X-Slack-Backend
X-VCache
X-Ah-Environment
X-Mvc-Supplant-OutputCached
X-LB-ID
X-Cloudmap
X-Accel-Expires-Debug
X-App-Name
X-CacheTTL
X-Date
NGX
Fastly-Backend-Name
X-Zone
X-Branch-Name
X-Tx-Id
X-COUNTRY
X-Mg-Request-UUID
X-API-Version
X-DC
Edge-Copy-Time
X-Parent-Response-Time
Pics-Label
X-Via-Popv
X-HA-Backend
X-Via-CDN
X-Via-SSL
X-Via-Popn
NtCoent-Length
X-Location
X-Via-Edge
X-Ig-Origin-Region
X-Servedbyhost
X-DynaTrace-JS-Agent
X-Via-Poph
X-CACHE-GROUP
X-Varnish-Hits
X-Ratelimit-Reset
S-Rt
Datacenter
X-Refresh
Fusion-Component-Id
Type
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-Nf-Request-Id
Cdn
X-VHOST
X-CDN-Cache-Status
Origin-EX
X-Esi
Origin-CC
Powered-By
Resin-Trace
X-LB-NoCache
X-Jungle-Id
X-Wormhole-Sdk
X-Ua
GeoIp-Country-Code
SID
X-CUA
X-User
X-Wa
X-Irp-Debug
X-Akamai-Transformed
X-Nc
X-ZONE
Cdn-Requestid
Server-ID
X-Srv
X-Core-Mission
X-Owner
X-TX-ID
X-Render-Time
X-SIPLIST1
GeoIP-Latitude
X-Fpc
X-Hit
IsBot
Cross-Origin-Opener-Policy-Report-Only
Cf-Ipcountry
X-B3-Parentspanid
CloudFront-Viewer-Country
X-LiteSpeed-Tag
X-Nananana
X-NewRelic-App-Data
XkeyRZ
X-Qloud-Router
X-Proxy-CacheRZ
DataCenter
X-Client-Ip
Debug
X-DataCenter
X-VTEX-Cache-Server
X-Presslabs-Stats
X-IAuth-Set-Uid
X-URL
Edge-Cache
Uri
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-Cached-By
X-Segment-20210421
X-CS
Mime-Version
Fastly-Drupal-Html
N-Cache
Expect-Staple
X-Auth-Group-Type
X-CF-Lambda-Version
X-Cs
True-Client-IP
X-CF-Lambda-Fn
X-TIME
X-Amz-Meta-Opti
Xc-Version
X-Ig-Push-State
X-Orig-Expires
X-Cache-Type
X-Forwarded-Path
X-Shop-Environment
X-LiteSpeed-Cache-Control
X-Tenant
X-HostName
CDN
True-Client-Ip
X-Gamma-Serve
Cmstype
Cmsid
X-Varnish-Beresp-TTL
MIME-Version
X-PHP-Backend
X-CACHE-AGE
Odigeo-Trace-Id
X-Tt-Logid
X-Geo
X-Dynatrace-Js-Agent
X-Custom-Header
X-NodeID
Tcn
X-Info
CPC-Age
X-Vmg-Version
Load-Balancing
User-Agent
CPC-Cache
X-B3-Spanid
X-AIR-PT
X-HOST
X-Vc
X-Cdn-Diag
X-Fastly-Country-Code
X-Pad
X-Depends
X-Dispatch
Srv
X-Vgn-Hpd-Reason
Request-ID
X-DefHash
Ohc-File-Size
X-Varnish-CookieHashed-On
X-FPC
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Varnish-Remaining-TTL
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-M-Reqid
X-Api-Version
X-NC
X-Variation
X-M-Log
Hostname
X-Datacenter
Cl-Cache
X-WA
X-VC-TTL
X-CSRF-TOKEN
X-APP-VERSION
CacheControlHeader
Server-Id
X-TimeS
X-LAGOON
Ohc-Cache-HIT
X-Lb-Nocache
X-Cache-FS-Status
GeoIP-Country-Code
Geoip-Latitude
X-Oracle-DMS-ECID
X-ServedByHost
X-APP
X-Cdn-Cache-Status
VNS-Cache
Cloudfront-Viewer-Country
VNS-Age
Epwk-X-Cache
X-Cache-Ttl
CountryCode
X-Fastly-Backend-Reqs
PICS-Label
Server-Info
X-Via-PopN
X-Via-PopV
X-Litespeed-Tag
FSS-Cache
X-Via-PopH
X-Ha-Backend
X-Srcache-Store-Status
X-Litespeed-Cache-Control
X-VCL-Version
X-Srcache-Fetch-Status
X-Lb-Id
X-FL-QIT-DEBUG
Srvid
BehaviorPad-Version
X-MSEdge-Flight
X-MSEdge-Features
X-Cdn-Request-ID
Xkeylog
Xkey-La3
X-Proxy-Cache-La3
Memcached
OriginIP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Akamai-Pragma-Client-IP
ServerHost
X-RequestId
X-Th-Server
Ngx
X-MiniProfiler-Ids
X-Check-Cacheable
X-Serial
X-Acquia-Purge-Tags
X-Acquia-Site
X-Snapshot-Date
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Web-Server
Memory
Time
X-Dispatcher-Number
X-Cache-Version
X-Shopid
X-Shardid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Udemy-Cache-App-Namespace
X-Sucuri-Id
X-Ramcache
Serverhost
Akamai-Cache-Status
X-RAMCache
X-Requestid
Sm-Log-Id
X-Dw-Trace-Id
Warning
X-Mg-Cache
X-Service-Response-Time