Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
P3p
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Allow
X-Backend
Cf-Edge-Cache
Request-Context
X-Robots-Tag
Keep-Alive
X-Cache-Group
X-Server
X-UA-Device
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Page-Speed
X-Pingback
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-LiteSpeed-Cache
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-WebKit-CSP
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
X-Litespeed-Cache
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Application-Context
X-Cache-Lookup
X-Country-Code
X-Trace
Content-Location
X-Ruxit-JS-Agent
X-Oneagent-Js-Injection
X-Url
Service-Worker-Allowed
X-Content-Type
X-Clacks-Overhead
X-Country
X-Edge
X-ECACHE
X-Origin-Cache-Key
X-Mcache
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Midtier
X-Mod-Pagespeed
Cross-Origin-Opener-Policy
Cache-Tag
X-FTR-Request-ID
Accept-Ch
Nginx-Cache
X-MS-InvokeApp
X-TtlSet
X-PC
X-Upstream
X-Vname
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
Verso
X-Kinja
X-Times
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-Cnection
X-Ac
SPRequestDuration
SPIisLatency
X-B3-TraceId
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-Ruxit-Js-Agent
X-Abt-Application-Version
X-Navigation-Version
X-Vcap-Request-Id
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-Ser
AR-CACHE
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-VARITI-CCR
X-Mg-S
X-NWS-LOG-UUID
S
X-RateLimit-Remaining
X-Ttl
X-Cache-Key
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Client-IP
RTSS
Edge-Cache-Tag
Fastly-Restarts
X-Amz-Rid
X-Amzn-Trace-Id
X-Powered-CMS
X-Cache-TTL
X-Goog-Hash
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
Origin-Trial
X-Edge-Location-Klb
Cache-Status
X-Kinsta-Cache
X-Varnish-TTL
X-Version
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
X-Server-ID
X-Recruiting
X-ARC
X-TraceId
X-Content-Digest
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
X-Webkit-Csp
X-Forwarded-For
X-T
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
Content-MD5
X-Ua-Device
X-Accel-Expires
MicrosoftSharePointTeamServices
TP-Cache
X-Hits
X-Shield-Request-Id
X-Cached
X-Id
Public-Key-Pins
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
MS-Author-Via
Cross-Origin-Resource-Policy
X-HS-Hub-Id
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Ua-Browser
Front-End-Https
X-Request-Processing-Time
Payment
X-Request-Received
X-Daa-Tunnel
X-Frontend
X-DIS-Request-ID
X-Fastcgi-Cache
X-Forwarded-Proto
X-LLID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-GUploader-UploadID
X-RateLimit-Limit
X-LB-Cache
TP-L2-Cache
Realpath
X-Protected-By
Cache-Tags
X-FastCGI-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Distributor
X-Request-Handler-Origin-Region
X-Microsite
Count-Hit
X-Page-Id
X-WebKit-CSP-Report-Only
X-Activity-Id
X-Az
X-AppVersion
X-Cluster-Name
Mrf-Cache-Status
X-B3-TraceId-Primal
X-F-Cache
MRF-Tech
X-Hostname
X-Varnish-Backend
X-Debug-Info
Referer-Policy
X-Www-Served-By
X-Correlation-Id
X-Geo-Country
Accept-Charset
X-ORACLE-DMS-RID
X-NGENIX-Cache
Fastcgi-Cache
X-Kong-Upstream-Latency
X-App-Server
X-Kinja-CCPA
X-Kong-Proxy-Latency
X-Envoy-Decorator-Operation
Host
X-Varnish-Server
X-Goog-Metageneration
X-FB-Debug
X-PressLabs-Stats
X-Ratelimit-Limit
X-Oracle-Dms-Ecid
Access-Control-Allow-Method
X-TTL
X-Git-Hash
X-Rid
Retry-After
X-ORACLE-DMS-ECID
X-RateLimit-Reset
Server-Name
X-CSRF-Token
X-Oracle-Dms-Rid
X-Load-Cache
X-Content-Options
X-XRDS-LOCATION
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Upgrade-Enabled
X-Px
X-Providence-Cookie
X-Is-Crawler
X-Contextid
X-Flags
X-Revision
DC
X-Aspnet-Duration-Ms
X-Route-Name
X-Request-Guid
TCN
X-TEC-API-ORIGIN
X-App-Environment
X-TEC-API-ROOT
X-Trace-Id
X-TEC-API-VERSION
Charset
X-Ezoic-Cdn
X-Datadog-Parent-Id
Paypal-Debug-Id
X-Type
X-Datadog-Trace-Id
X-Cache-Control
X-Grace
X-Datadog-Sampling-Priority
X-Seen-By
X-B3-Sampled
X-Origin-Cache
Cleartype
X-B-Cache
X-Amz-Meta-S3cmd-Attrs
X-Signature
X-Fastly-Request-Id
Section-Io-Cache
X-Mobile
X-B
X-TT
X-Ratelimit-Remaining
X-Fb-Rlafr
Healthy
X-Amz-Replication-Status
Frame-Options
X-Whom
X-Wix-Request-Id
X-ASPNET-VERSION
X-Fastly-Request-ID
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Node-Name
X-Goog-Stored-Content-Encoding
X-Logged-In
X-Language
Filterid
X-Varnish-Ttl
X-Azure-Ref
X-Newrelic-App-Data
X-Proxy
X-N
X-Air-Pt
Content-Disposition
X-App-Version
Backend
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
X-Proxy-Cache-Info
X-Original-Request-Id
Refresh
X-Response-Served-From
NGB
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-0
X-Is-Bot
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Unique-Id
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Rendered-As
X-ProcessESI
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
VIX-Pulpo-Node
X-RemovedCookies
SD-X-WS
X-Datadog-Sampled
MS-CV
X-Varnish-Grace
X-Amzn-Remapped-Content-Length
X-Servername
Ms-Operation-Id
Viewport
X-Page-View
X-Instance
X-RTag
X-FW-Serve
X-FW-Server
X-UUID
X-Debug-IsConnected
X-IPS-LoggedIn
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-Debug-IsPreview
X-Debug
X-FW-Hash
Liferay-Portal
X-FW-Version
Fastly-SIE
Fastly-SWR
X-Region
X-Adobe-Content
X-User-Agent
X-Adobe-Loc
X-Cache-Grace
X-Cacheable-TTL
Url
X-Device-Type
X-NYM-Debug-Backend
X-Rule
X-G
From-Origin
X-Cache-Hit
X-Environment-Context
X-Jobs
Country
X-L-Path
X-Backend-Name
X-Hl-Ver
X-Status
X-B3-SpanId
Amp-Access-Control-Allow-Source-Origin
ServerID
X-Cache-Age
Surrogate-Key
Countrycode
X-Time
X-Hosted-By
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Air-Trace-Id
X-Origin-TTL
X-Origin-CC
X-CCDN-Origin-Time
X-Air-Hostname
X-Air-Source
Alternate-Protocol
X-Webkit-CSP
X-VC-Cache
X-Via-JSL
X-INCAP-ABP
X-Akamai-Request-ID2
X-Cache-Status-Check
X-Content-Powered-By
X-Tec-Api-Origin
Version
X-HTML-Minification-Powered-By
X-Tec-Api-Root
X-Tec-Api-Version
WPO-Cache-Status
Protected
WPO-Cache-Message
X-Http-Reason
SRV
X-NODE
GEO-INFO
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
X-Nginx-Cache
CDN-RequestId
X-Framework
CF-IPCountry
X-B3-Traceid
X-CDN-Forward
X-Storage
X-WP-CF-Super-Cache-Active
X-Source
X-Accel-Version
X-Edge-Location
X-Cache-Rule
Access-Control-Request-Headers
Front
X-Real-IP
X-Mode
X-Httpd
X-VC
OT-Force-Account-Verify
X-UPSTREAM-Address
Webserver
X-Rn-Rsrv
Accept-Language
X-Rewrite-Enabled
Meta-Geo
X-XRDS-Location
X-Cache-Operation
X-Endurance-Cache-Level
Filters
X-Xfnlog-Site
Selected-Fe
X-Upstream-Ht
X-Upstream-Ct
X-Timing-Wait
X-JoinUs
X-Director
X-Tumblr-Pixel-2
X-Proxy-Build
X-Served-From
X-Tumblr-Pixel-3
X-Soup
X-SaId
X-Say-TTL
X-Handled-By
X-Detected-As
X-Origin
X-SayCDN-TTL
X-Varnish-Cache-Hits
X-Cache-Debug
X-Use-Mantle
X-Redis-Cache
X-Say-Cacheable
X-Logging-Id
X-Use-Magma
X-Worker
ServedBy
X-ProxyCache-Key
Webcakes-Region
X-Adobe-Source
X-Cms-Context
Web-Mar-Node
Webcakes-App-Name
TWC-Privacy
X-Cache-Time
X-BYPASS-REASON
TWC-Locale-Group
TWC-GeoIP-LatLong
X-ProxyCache-Status
Azure-Version
X-No-Session
X-PHP-Host
X-Loop
X-Lambda-Id
X-Origin-Hint
Property-Id
Webcakes-App-Version
DB-Nickname
X-Restarts
TWC-Connection-Speed
X-RM-Cache-TTL
TWC-GeoIP-Country
X-GeoCode
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-GeoCountry
X-Labrador-Cache-Channel
TWC-Device-Class
Azure-SlotName
X-Format
X-Varnish-Age
X-VCT
X-Sql-Count
Xserver
X-Tncms
X-Vcache
Xet-Cookie
X-Sql-Duration-Ms
X-Server-W
X-VWS-Id
X-Vercel-Id
X-RCS-CacheZone
X-Vercel-Cache
X-AWS-Id
X-Cache-Server
X-LJ-Flow-ID
X-Container-Uri
X-DynaTrace
X-IPLB-Instance
X-Fetched-On
Mn-Server-Ip
X-ServerID
X-Skip-Cache
X-Git-Commit
X-IPLB-Request-ID
Apigw-Requestid
X-Tb
X-Varnish-Beresp-Grace
X-Generation-Time
X-Frame-Option
Node
X-Cluster
X-Cache-Host
X-Web-Node
Section-Io-Id
X-Provided-By
X-Reqid
X-Is-Tablet
X-Forwarded-Host
X-Geo-Region
X-Routing-Service
X-Extlb
X-Proxied
X-Is-Desktop
X-Is-Supported-Browser
X-Is-Mobile
X-Locale
X-AB
X-Ms-Version
X-Ms-Request-Id
X-Zipkin-Id
X-Site-Version
X-S
X-Browser-Name
X-Tcp-Rtt
X-Platform-Processor
X-Xrds-Location
X-Platform-Cluster
Cross-Origin-Embedder-Policy
X-Platform-Router
X-R9-Blue-Green-Version
X-Uri
X-Webstats-RespID
Cache-Tv-Group
X-Drupal-Cache-Tags
Priority
Source
X-Drupal-Cache-Contexts
Fastcgi-Useragent
X-MP-GENERATED-AT
X-FB-TRIP-ID
Content-Secure-Policy
X-Origin-Date
WP-Super-Cache
X-COUNTRY
AMP-Access-Control-Allow-Source-Origin
CDN-RequestCountryCode
CDN-Cache
CDN-RequestPullCode
CDN-Uid
X-Vcl-Version
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestPullSuccess
X-TT-LOGID
Onion-Location
X-Shopify-Stage
X-Generated-By
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Sucuri-Cache
Locale
X-Content-Age
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
S-Rt
X-SRV
WZWS-RAY
X-Cdn-Origin
X-Sucuri-ID
X-Pass-Why
X-Cluster-Node
X-Newrelic-Synthetics
X-Buckets
Sid
X-Ua
X-Varnish-Beresp-Ttl
Cross-Origin-Embedder-Policy-Report-Only
X-DataDome
X-Proxy-Cache-Status
X-Cache-Action
X-CMSURLCustom
X-Thinkindot-L3
Thinkindot-Control
X-Shield-Cache-Expires
X-Scope-Id
Thinkindot-CacheControl-Type
X-Cache-Expired-At
TDXMobile
Cross-Origin-Window-Policy
Thinkindot-CacheControl
X-LSADC-Cache
Cache
Atl-Traceid
Fastly-Drupal-HTML
X-GEO
X-Via-CDN
X-Via-Edge
X-Request-URI
X-Via-SSL
Edge-Copy-Time
Meta-Geo-Continent
Redirect-Candidate
MD5-Digest
Origin-Agent-Cluster
Origin
Ngx.Var.Host
Ngx-Var-Key
DCR-Processing-Time-Ms
CDCHOST
Candidate-Md5Url
DCR-Decision-By
Rendered-Blocks
Gannett-Cam-Experience-Id
Lang
X-A-Wwc
X-Optimistic-Header
X-PAYTM-SRV-ID
X-Rojux
X-External-Request-Id
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Ec-Fail
X-Ec-GeoHdr
X-S-Cookie
X-Scheme
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-Vdms-Path
X-TIM-N
X-ScT
X-SRCache-Key
X-Developer
X-Destination
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A
Surrogated-Key
T-Server
Type
X-Aed
X-Application
X-Cache-Bucket
X-Cache-NE
X-D
X-Bl-Debug
X-BCube-Filmed-By
X-B-Cookie
X-Bc-Bl
Sslversion
X-Conf
X-WP-CF-Super-Cache-Cookies-Bypass
X-Mg-Request-UUID
HostName
X-Aspnetmvc-Version
X-Access
X-Aicache-OS
X-VCache
X-Gdpr
Vix-Hermes-Req-Id
X-Bip
X-Cache-Info
X-Dispatcher-Server
X-Fastly-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Clientip
V-Age
X-Forwarded-Site
Sever-Int
L
Magicmarker
Host-ID
Fastly-SSL
Environment
Fastly-GeoIP-CountryCode
Pramga
Release
Server-Hostname
X-Generated-On
Server-Host
Server-Ext
Req-ID
Ssr
X-Instance-Name
X-Sigma-Backend
X-TH-Server
X-Sigma
X-Section
X-SB
X-SD-PageType
X-Thanos
X-Varnish-Beresp-Status
X-VServer
X-We-Are-Hiring
X-VG-WebCache
X-Varnishpool
X-Varnish-Director
X-Varnish-Hostname
X-Rocket-Build-Number
X-Request-Time
X-Node-Id
X-Nyt-Route
X-Loc
X-Level-Front-Cache
X-GeoIP-Region-Code
DSUID
X-Op-Id-All
X-Origin-Time
X-Pubstack
X-Request-Start
X-Proxied-Request
X-Pool
X-Platform
X-GeoIP-Country-Code
X-Human
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Correlation-ID
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-TimeS
X-DC
X-Origin-Response-Time
User-Cache-Control
X-Datadome
X-Cache-Date
X-B3-Trace-ID
X-VG-TLSProxy
X-Acquia-Purge-Cdn-Unconfigured
X-RateLimit-Remaining-Second
Cache-Provider
X-BBC-Edge-Cache-Status
X-Block-Status
X-Zen-Fury
X-Policy
X-WA-Info
X-RateLimit-Limit-Second
Req-Svc-Chain
C-Via
X-Auto-Login
Wxu-Next-Commit
Web-Mar-Region
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-UA-Device-Type
Uber-Trace-Id
True-Client-Country-4JS
Cluster
X-Var-Ttl
X-V-Cache
X-Request-Host
X-Server-IP
X-ApacheServer
X-Req
X-PERF
Gh-Request-Id
X-HS-Content-Campaign-Id
X-Hnp-Log
X-Irp-Debug
X-Cache-Id
X-Core-Value
X-Mly-Id
X-Device-Os
X-Gzip
X-Esi-Check
X-FC-Vary-Parameters
X-Gen-Mode
X-Geo-Header
X-GeoIP-City
X-GeoIP
X-Mvc-Supplant-Cachable
X-Men
X-NMSegId
X-Nginx-Cache-Key
X-Mvc-Supplant-OutputCached
NM-Fastcgi-Cache
X-Org
X-TA-CDN-Provider
On-Server
Machine
Mail-Subject
Canary
X-NCache
X-Service
Expiry
X-Connection-Hash
X-From
X-Fmm-Version
X-Cache-TTL-Remaining
X-Ad-Load-Variation
X-Fastly-Backend
X-Old-Content-Length
X-App-Name
X-Micro-Cache
X-Core-Mission
X-Cdn-Srv
X-Hash
X-SIPLIST1
X-DPWN-IS-SECURE
X-Proto
W
X-Moov-T
X-Moov-Xdn-Version
Content-Script-Type
X-GoCache-CacheStatus
X-Contensis-Viewer-Groups
Platform
X-Cache-Aspx
Content-Style-Type
IsBot
Country-Code
Click-Count-Error
Click-Count-Action-Start
Esi-Enabled
A
Is-Eu
X-Branch-Name
Producers
X-Varnish-Authentication
Adler-Geo
AKAMAI
X-Up
Tube-Return
Tube-Got-Results
Tube-Get-Contents
Tube-Got-Eval
X-Test
Datacenter
HA-Ipaddr
Ha-Gx-Prefs
Cdn-Host
X-Sn-Servicetimems
X-Slack-Backend
X-Eu-Site
X-Edge-Server
Cdn-Request-Time
X-Amz-Meta-Cb-Modifiedtime
L5d-Success-Class
X-Csrf-Jwt
Proxy-Firewall
Cf-Device-Type
Pics-Label
X-Ratelimit-Reset
X-CacheTTL
Cache-Key
X-Slack-Shared-Secret-Outcome
X-ZONE
X-Wikidot-Static-Cache
X-CGP
X-Wikidot-Backend
X-Parent-Response-Time
Cdncip
Cdnsip
X-AK-Request-ID
X-ND-Cache
Yak-Timeinfo
X-Qloud-Router
RNT-Machine
Locid
X-Via-Poph
X-Ah-Environment
X-Via-Popn
X-Owner
X-Via-Popv
RNT-Time
X-HA-Backend
X-Region-Sid
X-Dc
X-Tx-Id
X-Date
LB
Fastly-Backend-Name
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-HN
X-VarnishDD-TTL
X-CF-Lambda-Fn
X-Amz-Storage-Class
NGX
Cdn
X-LB-NoCache
PFcat
N-Cache
Expect-Staple
X-Azure-Ref-OriginShield
X-Refresh
X-LB-ID
X-Orig-Expires
X-Backend-Instance
X-Cache-Type
X-Servedbyhost
X-Shop-Environment
X-CACHE-GROUP
X-Tenant
Xc-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Forwarded-Path
SID
X-NGINX-Cache
X-Wa
X-DynaTrace-JS-Agent
XM
X-Gamma-Serve
X-Nc
X-VHOST
X-Tt-Logid
NtCoent-Length
GeoIp-Country-Code
X-Cache-Backend
X-Origin-Expires
Server-ID
X-API-Version
X-Varnish-Hits
RATING
Cmsid
X-CDN-Cache-Status
Cmstype
Cdn-Requestid
CPC-Cache
CloudFront-Viewer-Country
X-Srv
X-Cdn-Diag
CPC-Age
X-Lagoon
X-Vmg-Version
X-Fpc
X-Nananana
X-TIME
X-Akamai-Transformed
X-Presslabs-Stats
Resin-Trace
X-LAGOON
X-Via-Fastly
X-TX-ID
X-B3-Parentspanid
X-UA
X-Api-Version
X-Zone
Uri
X-NewRelic-App-Data
Cross-Origin-Opener-Policy-Report-Only
X-Hit
CacheControlHeader
X-Variation
X-Nf-Request-Id
XkeyRZ
X-Proxy-CacheRZ
User-Agent
X-Client-Ip
X-CACHE-AGE
GeoIP-Latitude
MIME-Version
X-URL
Cache-Hits
X-Fastly-Country-Code
X-Location
X-Ig-Origin-Region
X-DataCenter
X-Info
True-Client-Ip
X-Amz-Meta-Opti
Tcn
X-LiteSpeed-Tag
X-ECache
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
VNS-Age
X-Datacenter
VNS-Cache
True-Client-IP
Lb
X-NWS-UUID-VERIFY
X-HostName
X-Dynatrace-Js-Agent
X-B3-Spanid
X-LiteSpeed-Cache-Control
DataCenter
Hostname
Powered-By
X-Vc
X-RID
Cache-Name
X-Geo
X-Cloudmap
Mime-Version
X-Jungle-Id
X-CUA
Origin-CC
Origin-EX
X-Cached-By
X-CS
X-Webkit-Csp-Report-Only
Fastly-Drupal-Html
X-HOST
X-Dispatcher-Number
X-IAuth-Set-Uid
X-User
X-CSRF-TOKEN
X-AIR-PT
Debug
Cf-Ipcountry
X-Segment-20210421
X-Cdn-Forward
X-Varnish-Beresp-TTL
X-Mid
Cl-Cache
Load-Balancing
X-Render-Time
Srv
GeoIP-Country-Code
X-MCACHE
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
CDN
X-Dispatch
Ohc-File-Size
BehaviorPad-Version
X-Cdn-Cache-Status
X-Wormhole-Sdk
X-Auth-Group-Type
Edge-Cache
X-FPC
X-Esi
X-Litespeed-Tag
Server-Id
X-Oracle-DMS-ECID
X-Cs
Ohc-Cache-HIT
X-Lb-Id
YJS-ID
X-ServedByHost
X-Cache-Enabled
X-Ig-Push-State
X-NC
X-WA
X-Cache-Ttl
Odigeo-Trace-Id
X-NodeID
Server-Info
X-Wp-Cf-Super-Cache
X-Fastly-Backend-Reqs
X-Wp-Cf-Super-Cache-Cache-Control
CountryCode
Location
My-App
X-Lb-Nocache
Wpo-Cache-Message
Wpo-Cache-Status
X-VCL-Version
X-Litespeed-Cache-Control
Ms-Author-Via
X-APP-VERSION
X-Proxy-Cache-La3
X-Custom-Header
Ngx
X-Internal-Host
X-Cdn-Request-ID
Xkeylog
Xkey-La3
CF-Cached-On
X-MiniProfiler-Ids
X-MSEdge-Flight
X-Snapshot-Date
X-Akamai-Pragma-Client-IP
CF-Ctrl
X-Vgn-Hpd-Reason
X-MSEdge-Features
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Time
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Memory
X-App
X-Via-PopH
X-Ha-Backend
X-Depends
X-PHP-Backend
X-Via-PopN
X-Via-PopV
X-Acquia-Site
Section-Origin-Responded
Memcached
X-Acquia-Purge-Tags
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
OriginIP
X-FL-EDGE
Srvid
X-Pad
X-FL-QIT-DEBUG
X-Nitro-Cache
FSS-Cache
X-Nitro-Cache-From
X-Nitro-Rev
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shopid
X-Cache-Version
X-Shardid
X-Te-Count
X-Sucuri-Id
X-Http-Count
Akamai-Cache-Status
X-Http-Duration-Ms
X-Th-Server
X-Udemy-Cache-App-Namespace
X-Lsadc-Cache
X-Te-Duration-Ms
Sm-Log-Id
X-Check-Cacheable
X-Service-Response-Time
X-Web-Server
X-Cache-FS-Status
X-Dw-Trace-Id
X-RequestId
Geoip-Latitude
X-Mg-Cache
X-Serial
X-Fastly-Cache-Hits
X-Wp-Cf-Super-Cache-Cookies-Bypass