Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
X-DNS-Prefetch-Control
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
CF-Ray
X-Ua-Compatible
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
Cf-Edge-Cache
X-UA-Device
X-Backend
Keep-Alive
Request-Context
X-Robots-Tag
Allow
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
EagleId
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
Ali-Swift-Global-Savetime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-LiteSpeed-Cache
X-Device
Cf-Railgun
Permissions-Policy
EagleEye-TraceId
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
X-CST
X-Aws-Lambda-Call-Status
X-Host
X-Readtime
X-Cache-Lookup
X-Response-Time
X-Server-Id
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Url
X-Ruxit-JS-Agent
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
Rating
X-Rack-Cache
Cache-Tag
X-Origin-Cache-Key
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Edge
Cross-Origin-Opener-Policy
X-PC
X-Vname
X-TtlSet
X-Midtier
Nginx-Cache
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-Upstream
X-ECACHE
X-Powered-By-Plesk
X-Server-Name
X-NWS-LOG-UUID
Edge-Control
X-Times
X-ESI
X-Browser-Type
X-Cnection
X-D2id
X-Element-Page-Cache
Verso
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Ser
X-Ruxit-Js-Agent
AR-SID
X-Ac
AR-Request-ID
AR-ATIME
AR-PoweredBy
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-GitHub-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-Ttl
X-B3-TraceId
X-NF-Request-ID
AR-CACHE
X-Mg-S
X-Server-ID
Display
X-Pinterest-Rid
Pagespeed
X-Middleton-Display
Pinterest-Version
X-Sol
Pinterest-Generated-By
X-Client-IP
S
Edge-Cache-Tag
Fastly-Restarts
X-Cache-Key
X-VARITI-CCR
X-Amzn-Trace-Id
X-Cache-TTL
X-Amz-Rid
RTSS
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Cache-Status
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
X-Daa-Tunnel
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Recruiting
X-Middleton-Response
Response
X-Webkit-Csp
X-Content-Digest
X-ARC
X-Forwarded-For
X-TraceId
X-T
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Cross-Origin-Resource-Policy
Content-MD5
MS-Author-Via
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
MicrosoftSharePointTeamServices
X-FastCGI-Cache
Front-End-Https
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-Cache
X-Shield-Request-Id
X-Accel-Expires
X-Cached
X-Hits
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
Public-Key-Pins
X-FTR-Backend
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
X-HS-Content-Id
X-FTR-Expires
X-Request-Processing-Time
X-Ua-Browser
X-Forwarded-Proto
X-Request-Received
X-Id
X-Frontend
Payment
Realpath
X-Content-Security-Policy-Report-Only
X-Protected-By
X-DIS-Request-ID
X-LLID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-RateLimit-Limit
X-Distributor
X-ORACLE-DMS-RID
X-Hostname
X-GUploader-UploadID
TP-L2-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
Cache-Tags
Origin-Trial
X-Fastcgi-Cache
X-Microsite
X-Request-Handler-Origin-Region
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Debug-Info
Count-Hit
Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Fastly-Request-ID
X-Page-Id
X-Origin-Server
Host
Referer-Policy
MRF-Tech
X-AppVersion
X-Activity-Id
X-Az
Mrf-Cache-Status
X-B3-TraceId-Primal
X-NGENIX-Cache
X-Cluster-Name
X-Www-Served-By
X-Varnish-Server
X-Geo-Country
X-Varnish-Backend
X-Correlation-Id
Accept-Charset
X-Ratelimit-Limit
X-App-Server
X-ORACLE-DMS-ECID
X-F-Cache
X-PressLabs-Stats
X-XRDS-LOCATION
X-Ezoic-Cdn
X-Varnish-Ttl
Retry-After
X-FB-Debug
TCN
X-Load-Cache
X-Px
X-Goog-Metageneration
X-Upgrade-Enabled
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-CSRF-Token
Access-Control-Allow-Method
X-Seen-By
X-Webkit-CSP
Server-Name
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-RateLimit-Reset
X-Tt-Trace-Tag
X-Tt-Trace-Host
Cleartype
Section-Io-Cache
X-Revision
X-Request-Guid
X-Contextid
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Trace-Id
X-Grace
X-Datadog-Trace-Id
X-Cache-Control
X-Content-Options
Healthy
X-Type
X-Oracle-Dms-Ecid
Charset
X-B
X-TT
X-B3-Sampled
X-Whom
Paypal-Debug-Id
X-Azure-Ref
DC
X-Fb-Rlafr
X-Air-Pt
X-Proxy
X-Wix-Request-Id
X-Signature
X-B-Cache
X-Mobile
X-App-Environment
X-Node-Name
X-Newrelic-App-Data
X-N
Accept-Ch
X-Magnolia-Registration
X-Oracle-Dms-Rid
X-Ratelimit-Remaining
Frame-Options
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Amz-Replication-Status
Filterid
X-Origin-Cache
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-TTL
X-CCDN-CacheTTL
X-Goog-Stored-Content-Length
X-Goog-Generation
X-EdgeConnect-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Logged-In
X-Time
Content-Disposition
Backend
NGB
Viewport
X-WebKit-CSP-Report-Only
X-Response-Served-From
VIX-Pulpo-Node
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
Akamai-GRN
X-Is-Bot
X-Rendered-As
X-RTag
X-Servername
X-Datadog-Sampled
SD-X-WS
Liferay-Portal
MS-CV
Ms-Operation-Id
X-Unique-Id
Upgrade-Insecure-Requests
X-Debug-IsConnected
X-Tumblr-Pixel-1
X-Tumblr-User
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Fastly-Request-Id
X-Debug-IsPreview
X-ProcessESI
X-RemovedCookies
X-Varnish-Grace
X-Hl-Ver
X-FW-Hash
X-FW-Dynamic
X-Debug
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Static
X-Adobe-Loc
X-Adobe-Content
X-IPS-LoggedIn
X-Cache-Age
X-Instance
X-UUID
X-Backend-Name
X-Cacheable-TTL
X-Amzn-Remapped-Content-Length
X-FW-Version
X-Environment-Context
X-Cache-Grace
Fastly-SIE
Fastly-SWR
ServerID
X-L-Path
X-Via-JSL
X-NYM-Debug-Backend
X-G
X-Region
X-Language
From-Origin
X-Cache-Hit
X-User-Agent
X-Proxy-Cache-Info
X-Device-Type
X-VC-Cache
X-B3-Traceid
Country
X-Rule
X-Template
X-Rid
X-Status
Refresh
Version
X-Ua-Device
X-Source
X-INCAP-ABP
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
Url
X-Providence-Cookie
Countrycode
X-Flags
CDN-RequestId
X-B3-SpanId
GEO-INFO
X-Storage
X-HTML-Minification-Powered-By
SRV
X-Cache-Status-Check
X-NODE
Alternate-Protocol
X-App-Version
X-WP-CF-Super-Cache-Active
X-Air-Source
X-Jobs
X-Air-Hostname
X-Air-Trace-Id
WPO-Cache-Status
WPO-Cache-Message
OT-Force-Account-Verify
Amp-Access-Control-Allow-Source-Origin
X-Real-IP
X-Origin-TTL
X-Origin-CC
X-CDN-Forward
X-Akamai-Request-ID2
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Nginx-Cache
X-Content-Powered-By
X-ServerID
X-Cache-Time
Protected
X-Rocket-Nginx-Serving-Static
Access-Control-Request-Headers
Surrogate-Key
X-VC
X-Accel-Version
AMP-Access-Control-Allow-Source-Origin
X-Hosted-By
X-Cache-Operation
X-Cache-Rule
X-Handled-By
X-Mode
Webserver
X-Akamai-Edgescape
X-Endurance-Cache-Level
Filters
X-Sucuri-Cache
Meta-Geo
X-UPSTREAM-Address
X-Platform-Cluster
X-Upstream-Ht
X-Platform-Processor
X-Platform-Router
X-Rn-Rsrv
X-Rewrite-Enabled
X-Edge-Location
X-Xfnlog-Site
X-Upstream-Ct
X-Served-From
X-Tumblr-Pixel-3
X-Timing-Wait
X-Web-Node
Selected-Fe
X-Proxy-Build
X-Cache-Debug
X-Soup
Xet-Cookie
X-JoinUs
Cross-Origin-Embedder-Policy
X-VWS-Id
X-SaId
X-Logging-Id
CF-IPCountry
X-AWS-Id
Section-Io-Id
X-Varnish-Cache-Hits
X-Director
X-LJ-Flow-ID
X-Detected-As
X-Origin
X-Framework
ServedBy
X-Tumblr-Pixel-2
TWC-Privacy
X-Vcache
TWC-Locale-Group
X-Cluster
X-Webstats-RespID
X-VCT
Webcakes-Region
X-Extlb
X-Worker
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-App-Name
X-Cms-Context
Web-Mar-Node
X-Sucuri-ID
X-BYPASS-REASON
X-Skip-Cache
TWC-Connection-Speed
X-Drupal-Cache-Tags
X-Adobe-Source
X-Zipkin-Id
X-Proxied
X-Say-TTL
X-Say-Cacheable
Mn-Server-Ip
X-No-Session
Property-Id
X-Origin-Hint
X-SayCDN-TTL
X-ProxyCache-Key
X-Redis-Cache
X-Restarts
X-Routing-Service
X-Lambda-Id
X-Labrador-Cache-Channel
TWC-GeoIP-Country
Front
X-ProxyCache-Status
TWC-Device-Class
X-PHP-Host
Node
X-AB
X-Browser-Name
X-Is-Tablet
X-Varnish-Age
X-RCS-CacheZone
X-GeoCode
X-GeoCountry
X-RM-Cache-TTL
X-Drupal-Cache-Contexts
X-Loop
X-Locale
X-Tncms
X-Tcp-Rtt
X-S
X-Is-Supported-Browser
X-Vercel-Id
X-Vercel-Cache
X-Fetched-On
X-Varnish-Beresp-Grace
X-Format
X-Geo-Region
X-Is-Mobile
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
X-Site-Version
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
Accept-Language
Azure-Version
Azure-SiteName
Azure-SlotName
Azure-RegionName
CDN-PullZone
CDN-RequestPullCode
Apigw-Requestid
Azure-InstanceId
CDN-Uid
CDN-RequestPullSuccess
X-Git-Commit
X-Generation-Time
X-Page-View
X-Httpd
X-TT-LOGID
X-Shopify-Stage
X-Origin-Date
X-Tb
Xserver
X-Forwarded-Host
Atl-Traceid
X-Reqid
X-Frame-Option
X-Storefront-Renderer-Rendered
X-R9-Blue-Green-Version
X-Use-Mantle
X-Cache-Server
X-Alternate-Cache-Key
X-Cache-Host
X-Container-Uri
X-Ms-Version
X-Provided-By
X-Ms-Request-Id
DB-Nickname
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Cdn-Origin
WP-Super-Cache
X-Server-W
X-XRDS-Location
X-MP-GENERATED-AT
X-Uri
Fastcgi-Useragent
X-Kinja-CCPA
Cross-Origin-Embedder-Policy-Report-Only
Source
Cache-Tv-Group
X-Generated-By
X-Xrds-Location
X-Vcl-Version
Thinkindot-CacheControl-Type
X-CMSURLCustom
Thinkindot-CacheControl
Thinkindot-Control
X-Thinkindot-L3
Cross-Origin-Window-Policy
X-Scope-Id
X-Shield-Cache-Expires
TDXMobile
X-RID
Sid
X-Pass-Why
X-Http-Reason
X-Azure-Ref-OriginShield
Content-Secure-Policy
X-FB-TRIP-ID
Cache
X-Buckets
X-LSADC-Cache
X-DataDome
Onion-Location
X-DynaTrace
X-SRV
X-Urbn-Context-Path
X-Urbn-Site-Id
Priority
Locale
HostName
X-Content-Age
X-Optimistic-Header
X-GEO
X-WP-CF-Super-Cache-Cookies-Bypass
X-UA
X-Sql-Duration-Ms
X-Sql-Count
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
X-Cluster-Node
X-Request-URI
X-Dc
User-Cache-Control
X-ND-Cache
Vix-Hermes-Req-Id
X-Cache-NE
X-Bc-Bl
X-A-Dgt
X-A
X-A-Ccd
X-Instance-Name
X-A-Dcw
Meta-Geo-Continent
X-A-Dam
Origin
X-D
C-Via
X-Destination
X-Lagoon
X-B-Cookie
X-Connection-Hash
Ngx.Var.Host
Ngx-Var-Key
X-Bl-Debug
X-Conf
X-Developer
X-Dispatcher-Server
X-External-Request-Id
Yak-Timeinfo
X-Aed
Candidate-Md5Url
X-Application
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Ec-Fail
X-Ec-GeoHdr
X-A-Wwc
Fastly-Drupal-HTML
Sever-Int
Gannett-Cam-Experience-Id
Server-Hostname
X-SRCache-Key
Sslversion
X-TA-CDN-Provider
A
X-SB
X-Scheme
X-ScT
Lang
X-Vdms-Version
X-Varnish-Hostname
X-Cache-Action
Release
Redirect-Candidate
Rendered-Blocks
X-Vdms-Path
Server-Host
Server-Ext
X-TIM-N
Req-ID
X-Rojux
X-S-Cookie
Magicmarker
DCR-Processing-Time-Ms
X-Vtex-Remote-Cache
X-Platform
Origin-Agent-Cluster
X-Op-Id-All
X-BCube-Filmed-By
DCR-Decision-By
MD5-Digest
DSUID
X-PAYTM-SRV-ID
T-Server
X-Request-Start
Expiry
X-Correlation-ID
X-Cache-Bucket
X-Viewer-Country
Surrogated-Key
LB
X-Newrelic-Synthetics
Locid
WZWS-RAY
X-Origin-Response-Time
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
Tube-Get-Contents
X-Bip
Tube-Got-Eval
Tube-Got-Results
Ssr
Req-Svc-Chain
On-Server
Pramga
Tube-Return
V-Age
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Meta-Cb-Modifiedtime
X-Access
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Auto-Login
X-Level-Front-Cache
X-Section
X-SD-PageType
X-Sigma
X-Sigma-Backend
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Rocket-Build-Number
X-Request-Time
X-Pool
X-Origin-Time
X-Proxied-Request
X-Pubstack
X-Req
X-Thanos
X-Varnish-Beresp-Status
Cdncip
XM
Cdnsip
X-AK-Request-ID
X-UA-Device-Type
X-Loc
X-We-Are-Hiring
X-WA-Info
X-Varnishpool
X-Varnish-Director
X-VServer
X-VG-TLSProxy
X-VG-WebCache
X-Nyt-Route
NM-Fastcgi-Cache
X-Esi-Check
X-Debug-Cache-Store
X-Fastly-Cache
X-Forwarded-Site
X-Gen-Mode
X-Gdpr
X-Debug-Cache-Fetch
X-Core-Value
X-Cache-Id
X-Cache-Date
X-Cache-Info
X-Cache-TTL-Remaining
X-Clientip
X-Generated-On
X-GeoIP-Country-Code
X-Nginx-Cache-Key
X-NCache
X-NMSegId
X-Node-Id
X-Zen-Fury
X-Moov-Xdn-Version
X-Moov-T
X-Gzip
X-GeoIP-Region-Code
X-Hnp-Log
X-Human
X-Mly-Id
X-Block-Status
X-Amz-Storage-Class
Content-Script-Type
Cluster
Content-Style-Type
Environment
Fastly-GeoIP-CountryCode
Click-Count-Action-Start
CDCHOST
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastly-SSL
Click-Count-Error
Host-ID
L
X-Service
X-Cache-Expired-At
PFcat
X-ECache
X-FC-Vary-Parameters
X-Backend-Instance
Mail-Subject
X-ApacheServer
X-Micro-Cache
Canary
RNT-Machine
Cache-Provider
X-Aicache-OS
X-Fmm-Version
X-Mvc-Supplant-Cachable
X-From
X-Org
X-Server-IP
X-Datadome
X-Request-Host
X-Cdn-Srv
X-RateLimit-Remaining-Second
X-Region-Sid
X-TH-Server
X-Policy
X-VarnishDD-TTL
X-PERF
X-Var-Ttl
X-Branch-Name
X-V-Cache
X-Cache-Backend
X-Old-Content-Length
Adler-Geo
X-Device-Os
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Men
Uber-Trace-Id
X-Cache-Aspx
X-DPWN-IS-SECURE
Esi-Enabled
Gh-Request-Id
RNT-Time
X-Origin-Expires
X-GoCache-CacheStatus
X-GeoIP
X-GeoIP-City
X-Ad-Load-Variation
Country-Code
X-Geo-Header
X-HS-Content-Campaign-Id
X-RateLimit-Limit-Second
Machine
Platform
Is-Eu
Producers
True-Client-Country-4JS
Web-Mar-Region
X-HN
We-Hiring
X-Hash
X-Edge-Server
X-Eu-Site
X-Via-CDN
X-Csrf-Jwt
X-Mvc-Supplant-OutputCached
X-Fastly-Backend
X-Via-SSL
X-Proto
X-Via-Edge
X-API-Version
W
X-Sn-Servicetimems
Cf-Device-Type
Cdn-Request-Time
Cdn-Host
Ha-Gx-Prefs
HA-Ipaddr
NGX
Edge-Copy-Time
Proxy-Firewall
L5d-Success-Class
X-CGP
X-Wikidot-Static-Cache
X-Test
X-Up
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Ratelimit-Reset
X-Wikidot-Backend
X-DC
AKAMAI
Cache-Key
X-App-Name
S-Rt
X-Tx-Id
X-Parent-Response-Time
X-Ah-Environment
X-Mg-Request-UUID
X-LB-ID
Cache-Hits
X-Accel-Expires-Debug
X-Date
Fastly-Backend-Name
X-CacheTTL
X-VCache
X-Tb-Optimization-Total-Bytes-Saved
X-PDP-UNCACHING-HASH
X-Zone
X-Varnish-Hits
X-Servedbyhost
Type
X-COUNTRY
X-Via-Popv
Pics-Label
X-CACHE-GROUP
X-NGINX-Cache
X-Via-Fastly
X-HA-Backend
X-Ua
X-Via-Popn
X-Via-Poph
X-DynaTrace-JS-Agent
NtCoent-Length
X-NWS-UUID-VERIFY
Cdn
X-Nf-Request-Id
X-Cloudmap
X-Refresh
X-Srv
X-TimeS
X-VHOST
Datacenter
X-Ig-Origin-Region
X-LB-NoCache
X-Irp-Debug
X-Location
Fusion-Template-Id
X-CDN-Cache-Status
X-Owner
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
X-Core-Mission
X-Esi
X-Wa
GeoIp-Country-Code
Fusion-Content-Id
Fusion-Component-Id
X-Nc
X-SIPLIST1
Powered-By
Server-ID
X-Akamai-Transformed
IsBot
Resin-Trace
SID
Cdn-Requestid
X-ZONE
X-Jungle-Id
X-Fpc
Origin-EX
Origin-CC
GeoIP-Latitude
X-CUA
Cross-Origin-Opener-Policy-Report-Only
X-Qloud-Router
DataCenter
X-Hit
X-User
X-Nananana
X-Wormhole-Sdk
X-TX-ID
X-CF-Lambda-Version
X-Proxy-CacheRZ
XkeyRZ
CloudFront-Viewer-Country
X-B3-Parentspanid
X-Tt-Logid
N-Cache
Expect-Staple
X-CF-Lambda-Fn
X-NewRelic-App-Data
X-Client-Ip
X-Orig-Expires
X-Forwarded-Path
Uri
X-Presslabs-Stats
X-Cache-Type
X-Segment-20210421
Xc-Version
X-IAuth-Set-Uid
X-DataCenter
X-Shop-Environment
X-CS
X-Tenant
X-URL
X-Render-Time
X-Cached-By
X-Powered-By-VTEX-Cache
Cmstype
X-Amz-Meta-Opti
Cmsid
X-VTEX-Cache-Time
X-Gamma-Serve
X-TIME
X-VTEX-Cache-Server
Debug
True-Client-Ip
X-LiteSpeed-Tag
MIME-Version
Mime-Version
X-Auth-Group-Type
CPC-Cache
True-Client-IP
Cf-Ipcountry
User-Agent
CPC-Age
Edge-Cache
X-B3-Spanid
X-Info
Fastly-Drupal-Html
X-Vmg-Version
X-CACHE-AGE
X-Fastly-Country-Code
X-Cdn-Diag
X-Dynatrace-Js-Agent
X-Cs
Load-Balancing
X-Dispatch
X-Varnish-Beresp-TTL
X-Ig-Push-State
CDN
X-Geo
X-LiteSpeed-Cache-Control
Odigeo-Trace-Id
X-LAGOON
X-HOST
X-Datacenter
Srv
X-Vc
X-Custom-Header
X-Vgn-Hpd-Reason
X-NodeID
X-Variation
X-PHP-Backend
CacheControlHeader
Ohc-File-Size
X-Webkit-Csp-Report-Only
X-Cdn-Forward
Cl-Cache
X-Pad
X-Depends
X-CSRF-TOKEN
Hostname
Tcn
X-APP-VERSION
X-Varnish-CookieHashed-On
X-FPC
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-MCACHE
X-DefElseHash
Server-Id
X-DefHash
GeoIP-Country-Code
Ohc-Cache-HIT
X-AIR-PT
X-NC
X-HostName
X-Lb-Nocache
X-WA
X-VC-TTL
VNS-Cache
X-Cdn-Cache-Status
X-M-Reqid
X-M-Log
VNS-Age
X-Oracle-DMS-ECID
X-Cache-FS-Status
X-VCL-Version
Geoip-Latitude
Epwk-X-Cache
X-Cache-Ttl
X-Api-Version
Cloudfront-Viewer-Country
X-Fastly-Backend-Reqs
X-MSEdge-Flight
X-Dispatcher-Number
X-APP
X-Via-PopH
X-Via-PopN
CountryCode
X-Ha-Backend
X-Via-PopV
PICS-Label
X-MSEdge-Features
X-Litespeed-Tag
X-ServedByHost
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-La3
X-Lb-Id
Xkey-La3
Xkeylog
X-Cdn-Request-ID
X-Acquia-Site
Lb
OriginIP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Th-Server
FSS-Cache
Server-Info
X-MiniProfiler-Ids
Ngx
X-Check-Cacheable
X-Serial
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Mid
X-Acquia-Application-Trace
Time
X-Web-Server
Memcached
Memory
X-RequestId
X-Shopid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shardid
X-Cache-Version
BehaviorPad-Version
X-RAMCache
Serverhost
X-Udemy-Cache-App-Namespace
X-App
X-FL-QIT-DEBUG
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Ramcache
Srvid
Sm-Log-Id
X-Snapshot-Date
Warning
Akamai-Cache-Status
X-Mg-Cache
X-Dw-Trace-Id
X-Requestid
Cache-Name
X-Service-Response-Time
X-Sucuri-Id