Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-AspNet-Version
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Vhost
X-Age
X-Rq
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-Dns-Prefetch-Control
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Nginx-Cache-Status
X-Node
X-Cloud-Trace-Context
X-Application-Context
X-Country-Code
X-Ruxit-JS-Agent
X-Trace
X-Cache-Lookup
Content-Location
X-Url
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Litespeed-Cache
X-Edge
X-Mod-Pagespeed
X-Origin-Cache-Key
Accept-Ch
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Rack-Cache
X-Midtier
Cross-Origin-Opener-Policy
Cache-Tag
X-Mcache
X-MS-InvokeApp
X-Upstream
Nginx-Cache
X-PC
X-Vname
X-TtlSet
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-D2id
X-Element-Page-Cache
X-Browser-Type
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
Verso
X-Times
X-Server-Name
X-Ac
X-Cnection
SPIisLatency
SPRequestDuration
X-B3-TraceId
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-Vcap-Request-Id
X-Navigation-Version
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-Abt-Application-Version
X-RateLimit-Remaining
X-NF-Request-ID
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-Ser
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
AR-CACHE
S
X-Cache-Key
X-Mg-S
RTSS
X-Cache-TTL
X-Client-IP
Origin-Trial
X-Sol
X-Middleton-Display
Display
Pagespeed
Edge-Cache-Tag
X-Amz-Rid
X-Amzn-Trace-Id
Fastly-Restarts
X-Goog-Hash
X-NWS-LOG-UUID
X-Powered-CMS
X-Ttl
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
X-Server-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Cache-Status
X-Erf-Bev-Bev-Is-Generated
Access-Control-Request-Method
X-Recruiting
X-ARC
X-Webkit-Csp
X-Content-Digest
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
X-TraceId
X-T
X-Forwarded-For
X-MSEdge-Ref
Response
X-Middleton-Response
X-Ua-Device
Content-MD5
MicrosoftSharePointTeamServices
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Accel-Expires
TP-Cache
X-Hits
X-Cached
X-Shield-Request-Id
X-RateLimit-Limit
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Expires
X-Request-Received
X-Request-Processing-Time
Public-Key-Pins
X-Ua-Browser
X-Id
X-HS-Cache-Config
X-Frontend
MS-Author-Via
Payment
Server-Node
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-DIS-Request-ID
Front-End-Https
X-LLID
X-Forwarded-Proto
X-GUploader-UploadID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Cross-Origin-Resource-Policy
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
X-FastCGI-Cache
TP-L2-Cache
Cache-Tags
X-Daa-Tunnel
X-LB-Cache
Realpath
X-Amzn-RequestId
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-Amz-Apigw-Id
X-Protected-By
X-Distributor
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
Count-Hit
X-TTL
X-Page-Id
X-NGENIX-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Activity-Id
X-AppVersion
X-Az
X-Www-Served-By
X-F-Cache
X-Varnish-Backend
Accept-Charset
X-PressLabs-Stats
X-Cluster-Name
Referer-Policy
X-Debug-Info
X-Geo-Country
X-App-Server
X-Correlation-Id
X-Varnish-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-FB-Debug
X-ORACLE-DMS-ECID
Fastcgi-Cache
X-Envoy-Decorator-Operation
Host
X-Hostname
Access-Control-Allow-Method
X-Git-Hash
X-Rid
X-RateLimit-Reset
X-XRDS-LOCATION
Retry-After
Server-Name
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Load-Cache
X-Fastly-Request-ID
X-Tt-Trace-Tag
X-Px
X-Tt-Trace-Host
DC
X-Content-Options
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Webkit-CSP
X-Route-Name
X-Origin-Cache
X-Providence-Cookie
X-Flags
X-Request-Guid
X-B3-Sampled
X-CSRF-Token
X-App-Environment
X-Contextid
X-Grace
X-Oracle-Dms-Ecid
X-Cache-Control
X-B-Cache
Paypal-Debug-Id
X-Revision
X-Mobile
X-Type
X-Signature
X-Trace-Id
Cleartype
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-ASPNET-VERSION
X-Datadog-Sampling-Priority
X-TT
Charset
X-Upgrade-Enabled
X-B
X-Amz-Meta-S3cmd-Attrs
X-Language
Section-Io-Cache
X-Fb-Rlafr
X-Seen-By
X-Ezoic-Cdn
X-Ratelimit-Limit
X-Amz-Replication-Status
TCN
Frame-Options
X-Goog-Storage-Class
X-Whom
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Logged-In
X-Wix-Request-Id
Filterid
X-Magnolia-Registration
Healthy
X-Node-Name
X-Oracle-Dms-Rid
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-Newrelic-App-Data
X-App-Version
X-N
Content-Disposition
X-Proxy
Backend
X-Fastly-Request-Id
X-Varnish-Ttl
Akamai-GRN
X-Template
NGB
Upgrade-Insecure-Requests
Refresh
X-Proxy-Cache-Info
X-Air-Pt
X-Original-Request-Id
X-Response-Served-From
X-Rendered-As
X-Is-Bot
X-RemovedCookies
X-ProcessESI
SD-X-WS
X-Servername
X-Page-View
X-B3-SpanId
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Instance
X-Amzn-Remapped-Content-Length
X-Yottaa-Metrics
X-Datadog-Sampled
X-Varnish-Grace
X-Unique-Id
X-Tumblr-User
X-Tumblr-Pixel-1
Ms-Operation-Id
Viewport
X-Debug-IsConnected
Url
MS-CV
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Yottaa-Optimizations
X-Debug-IsPreview
Liferay-Portal
X-Adobe-Content
X-Tumblr-Pixel
X-RTag
X-Cache-Grace
X-FW-Version
X-WP-CF-Super-Cache-Cache-Control
X-IPS-LoggedIn
X-G
X-FW-Type
X-User-Agent
X-UUID
X-FW-Dynamic
Fastly-SIE
Fastly-SWR
X-WP-CF-Super-Cache
X-FW-Serve
X-FW-Hash
X-Debug
X-Ratelimit-Remaining
X-FW-Static
X-FW-Server
X-NYM-Debug-Backend
X-Cacheable-TTL
From-Origin
X-Region
X-Device-Type
X-Jobs
X-L-Path
X-Environment-Context
X-Rule
Country
X-Status
X-Cache-Hit
X-Hosted-By
Surrogate-Key
X-Backend-Name
X-Hl-Ver
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
ServerID
X-Cache-Age
X-Http-Reason
X-Origin-TTL
X-Content-Powered-By
X-Origin-CC
X-VC-Cache
X-Cache-Status-Check
Protected
X-Akamai-Request-ID2
Alternate-Protocol
Countrycode
Amp-Access-Control-Allow-Source-Origin
X-NODE
X-Time
X-XRDS-Location
X-Hcs-Proxy-Type
WPO-Cache-Message
WPO-Cache-Status
X-CCDN-Origin-Time
X-Use-Magma
X-CCDN-CacheTTL
X-B3-Traceid
X-HTML-Minification-Powered-By
Version
X-Via-JSL
X-INCAP-ABP
X-Akamai-Edgescape
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Framework
X-CDN-Forward
X-Rocket-Nginx-Serving-Static
SRV
GEO-INFO
X-Source
X-Edge-Location
X-Cache-Rule
Front
X-Storage
CDN-RequestId
X-WP-CF-Super-Cache-Active
CF-IPCountry
X-Nginx-Cache
Access-Control-Request-Headers
X-Accel-Version
X-Mode
X-Httpd
X-Endurance-Cache-Level
X-Use-Mantle
X-UPSTREAM-Address
X-Upstream-Ct
X-Xfnlog-Site
X-Upstream-Ht
X-Rn-Rsrv
X-VC
Xet-Cookie
Accept-Language
Meta-Geo
X-Cache-Operation
X-Rewrite-Enabled
Filters
X-JoinUs
X-Detected-As
X-Cache-Debug
Selected-Fe
X-Proxy-Build
X-Real-IP
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Timing-Wait
Webserver
X-SaId
X-Served-From
X-Director
X-Tncms
X-Worker
X-Cms-Context
X-Soup
X-Loop
X-Sql-Count
X-Adobe-Source
X-Redis-Cache
X-Sql-Duration-Ms
X-Varnish-Age
X-Handled-By
ServedBy
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-ProxyCache-Status
X-PHP-Host
X-Origin-Hint
X-Lambda-Id
OT-Force-Account-Verify
Property-Id
Webcakes-App-Name
Web-Mar-Node
Webcakes-App-Version
Webcakes-Region
X-BYPASS-REASON
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
X-Restarts
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Apigw-Requestid
X-No-Session
X-S
X-Varnish-Cache-Hits
X-Say-Cacheable
X-Server-W
X-Say-TTL
X-SayCDN-TTL
X-Cache-Time
X-RM-Cache-TTL
Xserver
X-Varnish-Beresp-Grace
X-IPLB-Instance
X-GeoCountry
X-Git-Commit
X-GeoCode
Mn-Server-Ip
X-Logging-Id
X-AWS-Id
X-Cache-Server
X-Container-Uri
X-VWS-Id
X-Format
Azure-Version
X-DynaTrace
X-Generation-Time
DB-Nickname
AMP-Access-Control-Allow-Source-Origin
Azure-SlotName
X-Cache-Host
X-RCS-CacheZone
X-IPLB-Request-ID
X-LJ-Flow-ID
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Skip-Cache
X-Is-Tablet
X-Is-Mobile
X-Is-Supported-Browser
X-Origin
X-Tcp-Rtt
X-VCT
X-Reqid
X-COUNTRY
X-Is-Desktop
X-Cluster
X-Tb
X-Zipkin-Id
X-Ms-Version
X-Fetched-On
X-Ms-Request-Id
X-Forwarded-Host
X-Extlb
X-Provided-By
X-Browser-Name
X-AB
X-Routing-Service
X-Proxied
X-Geo-Region
X-ServerID
Node
X-Frame-Option
X-Uri
X-R9-Blue-Green-Version
X-Vercel-Cache
X-Vercel-Id
Cache-Tv-Group
X-Site-Version
Section-Io-Id
X-Locale
X-FB-TRIP-ID
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Web-Node
Content-Secure-Policy
X-Webstats-RespID
X-Vcache
Priority
Source
X-Drupal-Cache-Contexts
Cross-Origin-Embedder-Policy
Fastcgi-Useragent
X-MP-GENERATED-AT
X-Drupal-Cache-Tags
X-Vcl-Version
CDN-RequestPullSuccess
Onion-Location
CDN-RequestPullCode
CDN-RequestCountryCode
X-Origin-Date
WP-Super-Cache
CDN-CachedAt
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-Storefront-Renderer-Rendered
WZWS-RAY
X-Shopify-Stage
X-Alternate-Cache-Key
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Content-Age
X-SRV
X-Generated-By
S-Rt
X-ShopId
X-Sorting-Hat-ShopId
X-Ua
X-Sorting-Hat-PodId
X-ShardId
X-Sucuri-Cache
X-Newrelic-Synthetics
X-Pass-Why
X-Cluster-Node
X-Cdn-Origin
X-Sucuri-ID
X-TT-LOGID
X-Buckets
Sid
X-Cache-Action
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-Mg-Request-UUID
X-VCache
X-Xrds-Location
Cross-Origin-Embedder-Policy-Report-Only
Cache
X-Scope-Id
X-Shield-Cache-Expires
X-CMSURLCustom
X-Datadome
Thinkindot-CacheControl
Fastly-Drupal-HTML
Thinkindot-Control
TDXMobile
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-LSADC-Cache
X-DataDome
HostName
X-Optimistic-Header
X-Aspnetmvc-Version
X-ScT
X-Cache-NE
Origin
Surrogated-Key
DCR-Decision-By
X-Ec-Fail
X-D
X-Vdms-Version
X-Developer
Ngx-Var-Key
X-Bl-Debug
Ngx.Var.Host
X-A-Wwc
X-Ec-GeoHdr
Meta-Geo-Continent
X-B-Cookie
Origin-Agent-Cluster
Rendered-Blocks
Redirect-Candidate
T-Server
MD5-Digest
Lang
Gannett-Cam-Experience-Id
X-Aed
DCR-Processing-Time-Ms
X-S-Cookie
X-Rojux
Environment
X-External-Request-Id
X-Epic-Correlation-Id
X-Correlation-ID
X-A-Dcw
X-TIM-N
X-A-Dgt
Type
X-Viewer-Country
X-A-Dam
X-Destination
X-Vdms-Path
X-A
X-A-Ccd
X-Request-URI
X-Bc-Bl
X-Vtex-Remote-Cache
CDCHOST
X-SRCache-Key
Candidate-Md5Url
X-Cache-Bucket
X-Conf
Sslversion
X-BCube-Filmed-By
X-Application
X-GEO
X-Via-SSL
Edge-Copy-Time
X-TimeS
X-Via-Edge
X-WP-CF-Super-Cache-Cookies-Bypass
X-Via-CDN
X-Instance-Name
Pramga
X-GeoIP-Country-Code
X-Level-Front-Cache
X-Core-Value
X-Forwarded-Site
X-Generated-On
X-Debug-Cache-Store
Magicmarker
X-Fastly-Cache
X-GeoIP-Region-Code
X-Dispatcher-Server
X-Ec-Custom-Error
Host-ID
X-Debug-Cache-Fetch
X-Gdpr
X-PAYTM-SRV-ID
X-Varnishpool
X-Varnish-Hostname
Sever-Int
Fastly-SSL
X-B3-Trace-ID
X-Platform
Server-Hostname
X-Pubstack
X-TH-Server
X-Up
X-Thanos
X-Bip
X-Server-IP
X-Aicache-OS
X-Men
Server-Host
X-Origin-Time
X-Request-Start
Atl-Traceid
Req-ID
Vix-Hermes-Req-Id
V-Age
X-Req
X-SB
X-Op-Id-All
X-SD-PageType
Server-Ext
X-Scheme
X-Nyt-Route
X-Node-Id
X-Service
User-Cache-Control
X-BBC-Edge-Cache-Status
Is-Eu
Gh-Request-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Access
True-Client-Country-4JS
X-Device-Os
X-Block-Status
X-Ad-Load-Variation
Web-Mar-Region
X-Cache-TTL-Remaining
NM-Fastcgi-Cache
X-Cache-Info
Platform
Req-Svc-Chain
Release
Producers
X-Cache-Id
Wxu-Next-Region
Machine
X-Auto-Login
L
Mail-Subject
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Commit
Ssr
X-Policy
X-Pool
X-ApacheServer
X-PERF
X-Proxied-Request
X-RateLimit-Limit-Second
X-Request-Time
X-RateLimit-Remaining-Second
Fastly-GeoIP-CountryCode
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Mvc-Supplant-OutputCached
X-NCache
X-NMSegId
X-Nginx-Cache-Key
X-Rocket-Build-Number
X-Section
X-VServer
X-VG-WebCache
X-We-Are-Hiring
X-Zen-Fury
X-WA-Info
X-Clientip
X-VG-TLSProxy
X-Varnish-Director
X-Sigma-Backend
X-Sigma
X-UA-Device-Type
X-V-Cache
X-Varnish-Beresp-Status
X-Var-Ttl
X-Micro-Cache
X-Org
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Fmm-Version
Adler-Geo
X-Loc
X-Esi-Check
X-From
Canary
Cache-Provider
X-Gen-Mode
X-Fastly-Backend
X-FC-Vary-Parameters
X-GeoIP
X-Geo-Header
X-Hnp-Log
X-Hash
X-HS-Content-Campaign-Id
X-Human
X-Irp-Debug
Esi-Enabled
X-DPWN-IS-SECURE
X-GeoIP-City
Country-Code
X-Gzip
X-DC
X-App-Name
DSUID
Cluster
X-Via-Poph
X-Request-Host
X-Edge-Server
X-Via-Popv
X-Via-Popn
X-SIPLIST1
X-GoCache-CacheStatus
X-Cache-Date
X-Origin-Response-Time
X-HA-Backend
X-CacheTTL
X-Cdn-Srv
X-Proto
X-Core-Mission
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Test
Proxy-Firewall
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
Cf-Device-Type
AKAMAI
C-Via
Cdn-Request-Time
Tube-Return
Uber-Trace-Id
W
On-Server
IsBot
Pics-Label
Click-Count-Error
Click-Count-Action-Start
X-ZONE
Cdn-Host
X-TA-CDN-Provider
X-Connection-Hash
X-Parent-Response-Time
Expiry
X-Dc
X-Cache-Aspx
Fastly-Backend-Name
X-Contensis-Viewer-Groups
X-Amz-Meta-Cb-Modifiedtime
L5d-Success-Class
Expect-Staple
Ha-Gx-Prefs
LB
X-Eu-Site
X-Owner
X-Wikidot-Backend
X-Date
X-Wikidot-Static-Cache
X-Ah-Environment
HA-Ipaddr
X-CGP
X-Branch-Name
X-CF-Lambda-Version
A
X-CF-Lambda-Fn
Content-Style-Type
N-Cache
X-Accel-Expires-Debug
Content-Script-Type
X-Csrf-Jwt
X-Varnish-Authentication
X-NGINX-Cache
Datacenter
X-Moov-T
X-Tenant
X-Qloud-Router
X-Orig-Expires
X-Forwarded-Path
X-Shop-Environment
RNT-Time
RNT-Machine
Cache-Key
NGX
X-Moov-Xdn-Version
X-Cache-Type
Xc-Version
X-Tt-Logid
X-LB-ID
Cdncip
X-ND-Cache
X-LB-NoCache
X-AK-Request-ID
Cdnsip
X-Region-Sid
Locid
X-Gamma-Serve
Cdn
X-Ratelimit-Reset
X-VarnishDD-TTL
X-Tx-Id
X-Refresh
Yak-Timeinfo
PFcat
X-HN
X-Varnish-Hits
Cmstype
Cmsid
SID
X-VHOST
CPC-Cache
CPC-Age
X-Cdn-Diag
NtCoent-Length
X-CDN-Cache-Status
X-Tb-Optimization-Total-Bytes-Saved
X-Wa
X-Servedbyhost
X-DynaTrace-JS-Agent
X-Vmg-Version
RATING
Server-ID
GeoIp-Country-Code
X-Backend-Instance
X-Amz-Storage-Class
X-Nc
X-Azure-Ref-OriginShield
Cdn-Requestid
XM
X-LAGOON
X-TX-ID
X-Api-Version
X-API-Version
X-Origin-Expires
X-Nananana
X-Cache-Backend
X-Fpc
X-Srv
X-TIME
X-Akamai-Transformed
CacheControlHeader
X-B3-Parentspanid
X-Via-Fastly
CloudFront-Viewer-Country
X-Hit
X-Variation
X-Lagoon
Resin-Trace
Tcn
X-Nf-Request-Id
X-CACHE-AGE
Uri
X-Proxy-CacheRZ
XkeyRZ
User-Agent
X-HostName
X-Client-Ip
X-LiteSpeed-Tag
X-URL
X-Fastly-Country-Code
X-Zone
X-NewRelic-App-Data
X-Datacenter
X-Amz-Meta-Opti
X-Info
VNS-Age
Cross-Origin-Opener-Policy-Report-Only
VNS-Cache
MIME-Version
X-LiteSpeed-Cache-Control
X-UA
Cache-Name
X-MCACHE
X-Geo
Lb
True-Client-Ip
X-Dynatrace-Js-Agent
X-Vc
DataCenter
X-Ig-Origin-Region
GeoIP-Latitude
X-DataCenter
X-CSRF-TOKEN
Mime-Version
X-Location
True-Client-IP
X-Presslabs-Stats
Hostname
Cache-Hits
X-AIR-PT
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
X-NWS-UUID-VERIFY
Fusion-Template-Id
Fusion-Deployment-Id
X-Dispatcher-Number
Fusion-Component-Id
Cf-Ipcountry
Fastly-Drupal-Html
X-B3-Spanid
X-Cached-By
Request-ID
X-Jungle-Id
Powered-By
X-Mid
X-CUA
Origin-EX
Origin-CC
X-Cloudmap
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-CLOUD-TRACE-CONTEXT
X-IAuth-Set-Uid
X-Segment-20210421
X-User
X-Varnish-Beresp-TTL
X-RID
X-CS
Srv
Ohc-File-Size
Debug
BehaviorPad-Version
X-ECache
X-Dispatch
X-FPC
GeoIP-Country-Code
X-Esi
X-Render-Time
Ohc-Cache-HIT
X-Litespeed-Tag
CDN
X-ServedByHost
X-WA
X-Cache-Enabled
X-NC
X-Cs
X-Cdn-Cache-Status
X-VTEX-Cache-Server
Load-Balancing
X-Oracle-DMS-ECID
Cl-Cache
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
CountryCode
Server-Info
X-Lb-Id
X-Wormhole-Sdk
Server-Id
Edge-Cache
My-App
Location
YJS-ID
X-Lb-Nocache
X-Auth-Group-Type
X-Traceid
X-Snapshot-Date
CF-Ctrl
X-Wp-Cf-Super-Cache
X-Fastly-Backend-Reqs
X-Internal-Host
X-Wp-Cf-Super-Cache-Cache-Control
Wpo-Cache-Message
X-VCL-Version
Wpo-Cache-Status
Ms-Author-Via
X-ID
X-Litespeed-Cache-Control
Xkey-La3
Xkeylog
X-Cdn-Request-ID
X-NodeID
X-Ig-Push-State
X-Proxy-Cache-La3
X-Nitro-Cache-From
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
X-MSEdge-Flight
X-MSEdge-Features
X-App
X-Nitro-Cache
X-Nitro-Rev
CF-Cached-On
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
X-Dw-Trace-Id
X-APP-VERSION
X-FL-QIT-DEBUG
Memcached
Memory
Time
X-Acquia-Site
Srvid
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Cache-FS-Status
X-Acquia-Application-Trace
X-FL-EDGE
OriginIP
X-IN-APIGATEWAYSSL
FSS-Cache
Geoip-Latitude
X-IN-APIGATEWAY
Ngx
Odigeo-Trace-Id
X-Shopid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shardid
X-Cache-Version
Akamai-Cache-Status
X-Vgn-Hpd-Reason
X-Via-PopH
X-Pad
X-Ha-Backend
X-Te-Count
X-Via-PopN
X-Http-Count
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Service-Response-Time
X-RequestId
X-Udemy-Cache-App-Namespace
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-Sucuri-Id
X-Lsadc-Cache
Sm-Log-Id
X-Fastly-Cache-Hits
X-Mg-Cache
X-Web-Server
X-Serial
X-Check-Cacheable
X-Via-PopV