Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Vhost
Xkey
X-Rq
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Nginx-Cache-Status
X-Node
X-Cloud-Trace-Context
X-Application-Context
X-Country-Code
X-Ruxit-JS-Agent
X-Trace
X-Cache-Lookup
Content-Location
X-Url
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Litespeed-Cache
X-Edge
X-Origin-Cache-Key
X-Mod-Pagespeed
Accept-Ch
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-FTR-Request-ID
X-Midtier
Cache-Tag
Cross-Origin-Opener-Policy
X-Mcache
X-MS-InvokeApp
Nginx-Cache
X-Upstream
X-PC
X-TtlSet
X-Vname
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-D2id
X-Element-Page-Cache
X-Kinja-Build
Verso
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Times
X-Server-Name
X-Cnection
X-Ac
SPRequestDuration
SPIisLatency
X-B3-TraceId
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Vcap-Request-Id
X-Navigation-Version
X-Ruxit-Js-Agent
X-Abt-Application-Version
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
X-NF-Request-ID
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-Ser
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
AR-CACHE
S
X-Cache-Key
X-Mg-S
RTSS
X-Ttl
X-Cache-TTL
X-Client-IP
Origin-Trial
Edge-Cache-Tag
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Amz-Rid
X-Amzn-Trace-Id
Fastly-Restarts
X-Goog-Hash
X-NWS-LOG-UUID
X-Powered-CMS
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-ID
Cache-Status
X-Version
X-Edge-Location-Klb
X-Kinsta-Cache
Access-Control-Request-Method
X-ARC
X-Recruiting
X-Webkit-Csp
X-Content-Digest
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TraceId
X-T
X-MSEdge-Ref
X-Forwarded-For
Response
X-Middleton-Response
X-Ua-Device
Content-MD5
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Hits
X-Cached
X-FTR-Backend
Public-Key-Pins
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
X-Request-Received
Server-Node
X-Request-Processing-Time
X-Id
MS-Author-Via
X-HS-Cache-Config
Payment
X-Frontend
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Ua-Browser
X-DIS-Request-ID
Front-End-Https
X-RateLimit-Limit
Cross-Origin-Resource-Policy
X-LLID
X-Forwarded-Proto
X-GUploader-UploadID
X-Jurisdiction
X-HP-Trace-Id
X-FastCGI-Cache
X-HP-Webp
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
X-Daa-Tunnel
TP-L2-Cache
Cache-Tags
X-LB-Cache
Realpath
X-ORACLE-DMS-RID
X-Kinja-CCPA
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Protected-By
X-Origin-Server
X-Distributor
Count-Hit
X-Microsite
X-Request-Handler-Origin-Region
X-Page-Id
X-F-Cache
Mrf-Cache-Status
X-Cluster-Name
X-Www-Served-By
X-Az
X-NGENIX-Cache
X-Activity-Id
X-PressLabs-Stats
X-B3-TraceId-Primal
MRF-Tech
X-AppVersion
X-Varnish-Backend
Accept-Charset
X-Geo-Country
Referer-Policy
X-Hostname
X-Correlation-Id
X-Debug-Info
X-App-Server
X-Envoy-Decorator-Operation
X-Varnish-Server
X-Goog-Metageneration
Host
Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FB-Debug
X-ORACLE-DMS-ECID
X-TTL
Access-Control-Allow-Method
X-Git-Hash
X-Rid
X-RateLimit-Reset
Retry-After
X-Ratelimit-Limit
X-XRDS-LOCATION
Server-Name
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
X-Load-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Fastly-Request-ID
X-Px
DC
X-Request-Guid
X-Origin-Cache
X-Route-Name
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Contextid
X-CSRF-Token
X-B3-Sampled
X-Revision
TCN
X-App-Environment
X-Grace
X-Trace-Id
X-B-Cache
X-Oracle-Dms-Ecid
X-Signature
X-Type
Charset
X-Mobile
Cleartype
Paypal-Debug-Id
X-Cache-Control
X-Upgrade-Enabled
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-TT
X-ASPNET-VERSION
X-Datadog-Trace-Id
X-B
X-Amz-Meta-S3cmd-Attrs
Section-Io-Cache
X-Fb-Rlafr
X-Seen-By
X-Language
X-Amz-Replication-Status
X-Ezoic-Cdn
Frame-Options
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Logged-In
X-Whom
Healthy
Filterid
X-Magnolia-Registration
X-Wix-Request-Id
X-Oracle-Dms-Rid
X-Node-Name
X-EdgeConnect-Cache-Status
X-Newrelic-App-Data
X-Azure-Ref
Content-Disposition
X-N
X-Proxy
X-App-Version
Backend
X-Air-Pt
X-Fastly-Request-Id
Akamai-GRN
X-Varnish-Ttl
X-Template
Upgrade-Insecure-Requests
Refresh
NGB
X-Proxy-Cache-Info
X-Response-Served-From
X-Original-Request-Id
X-Is-Bot
X-Rendered-As
X-Page-View
SD-X-WS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-ProcessESI
X-Unique-Id
X-Yottaa-Metrics
X-B3-SpanId
X-Servername
X-Tumblr-User
X-Yottaa-Optimizations
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-Adobe-Content
Url
Ms-Operation-Id
X-Adobe-Loc
X-Varnish-Grace
Liferay-Portal
MS-CV
X-Instance
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache
X-Debug-IsPreview
X-Datadog-Sampled
X-Debug-IsConnected
X-RTag
Fastly-SIE
X-Debug
X-Ratelimit-Remaining
Fastly-SWR
X-User-Agent
X-Cacheable-TTL
X-IPS-LoggedIn
X-FW-Dynamic
X-UUID
X-FW-Serve
X-FW-Static
X-Region
X-FW-Hash
X-Cache-Grace
X-G
X-FW-Version
X-FW-Type
X-FW-Server
X-Device-Type
X-L-Path
From-Origin
X-Environment-Context
X-Jobs
X-NYM-Debug-Backend
X-Cache-Hit
Country
X-Rule
X-Status
X-Hl-Ver
X-Hosted-By
X-Backend-Name
Surrogate-Key
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
ServerID
X-Webkit-CSP
X-Cache-Age
X-Content-Powered-By
X-Http-Reason
X-Time
X-VC-Cache
Alternate-Protocol
X-Cache-Status-Check
X-Akamai-Request-ID2
Protected
X-Origin-CC
X-Origin-TTL
Countrycode
X-XRDS-Location
X-NODE
Amp-Access-Control-Allow-Source-Origin
WPO-Cache-Message
WPO-Cache-Status
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Use-Magma
X-B3-Traceid
X-HTML-Minification-Powered-By
Version
X-Via-JSL
X-INCAP-ABP
X-Akamai-Edgescape
X-Tec-Api-Root
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Version
X-Tec-Api-Origin
X-Framework
GEO-INFO
X-Edge-Location
CDN-RequestId
Front
X-Source
X-WP-CF-Super-Cache-Active
X-Storage
X-Cache-Rule
X-Accel-Version
X-CDN-Forward
Access-Control-Request-Headers
CF-IPCountry
X-Nginx-Cache
SRV
X-Mode
X-Httpd
X-Endurance-Cache-Level
X-Use-Mantle
Filters
Xet-Cookie
Accept-Language
X-Rewrite-Enabled
Meta-Geo
X-Rn-Rsrv
X-Cache-Operation
Webserver
X-Upstream-Ht
X-VC
X-Xfnlog-Site
X-Upstream-Ct
OT-Force-Account-Verify
X-Real-IP
X-UPSTREAM-Address
Selected-Fe
X-Timing-Wait
X-Tumblr-Pixel-2
X-Soup
X-SaId
X-Tumblr-Pixel-3
X-Cache-Debug
X-Served-From
X-JoinUs
X-Proxy-Build
X-Director
X-Detected-As
X-SayCDN-TTL
X-Loop
X-Lambda-Id
ServedBy
X-Redis-Cache
X-Worker
X-Sql-Count
X-Sql-Duration-Ms
X-ProxyCache-Key
X-Tncms
X-Cache-Time
X-Handled-By
X-Say-Cacheable
X-Say-TTL
X-Adobe-Source
X-BYPASS-REASON
X-Varnish-Cache-Hits
X-Varnish-Age
X-Cms-Context
X-ProxyCache-Status
Azure-Version
X-S
Azure-InstanceId
Azure-RegionName
Azure-SlotName
DB-Nickname
Azure-SiteName
TWC-Locale-Group
X-GeoCode
X-Format
X-Restarts
X-GeoCountry
X-Labrador-Cache-Channel
X-PHP-Host
X-Origin-Hint
X-No-Session
X-RM-Cache-TTL
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Version
Webcakes-App-Name
Web-Mar-Node
Property-Id
Apigw-Requestid
X-Server-W
AMP-Access-Control-Allow-Source-Origin
X-Logging-Id
X-Varnish-Beresp-Grace
Xserver
X-Skip-Cache
X-DynaTrace
X-Cache-Server
X-AWS-Id
X-Fetched-On
X-Container-Uri
X-VCT
X-Git-Commit
X-RCS-CacheZone
X-VWS-Id
X-LJ-Flow-ID
X-IPLB-Request-ID
X-IPLB-Instance
X-Generation-Time
X-Cache-Host
Mn-Server-Ip
X-Forwarded-Host
X-Frame-Option
X-Reqid
X-Is-Tablet
X-Origin
X-Is-Supported-Browser
X-Vercel-Cache
X-Tcp-Rtt
X-Extlb
X-Vercel-Id
X-Is-Mobile
X-AB
X-Zipkin-Id
X-Provided-By
X-Proxied
X-Ms-Version
X-Ms-Request-Id
X-Is-Desktop
X-Geo-Region
X-ServerID
X-Browser-Name
X-Cluster
X-Tb
Node
X-COUNTRY
X-Routing-Service
X-R9-Blue-Green-Version
X-Uri
Section-Io-Id
Cache-Tv-Group
X-Site-Version
X-Locale
Priority
X-Platform-Cluster
X-Web-Node
X-FB-TRIP-ID
X-Platform-Router
X-Platform-Processor
X-Vcache
X-Webstats-RespID
Source
Content-Secure-Policy
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
Cross-Origin-Embedder-Policy
Fastcgi-Useragent
X-MP-GENERATED-AT
X-Vcl-Version
WP-Super-Cache
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-CachedAt
Onion-Location
CDN-Cache
X-Origin-Date
CDN-Uid
CDN-RequestPullSuccess
CDN-PullZone
CDN-RequestPullCode
WZWS-RAY
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
X-SRV
X-Generated-By
S-Rt
X-Ua
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Pass-Why
X-Sucuri-Cache
X-Newrelic-Synthetics
X-Cdn-Origin
X-Cluster-Node
X-TT-LOGID
X-Buckets
Sid
X-Sucuri-ID
X-Cache-Action
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
X-Cache-Expired-At
X-Mg-Request-UUID
Cross-Origin-Window-Policy
Cross-Origin-Embedder-Policy-Report-Only
X-Xrds-Location
X-VCache
Thinkindot-Control
X-CMSURLCustom
X-Thinkindot-L3
Thinkindot-CacheControl
X-Shield-Cache-Expires
X-Scope-Id
TDXMobile
Thinkindot-CacheControl-Type
X-Datadome
X-LSADC-Cache
Cache
Fastly-Drupal-HTML
X-GEO
HostName
X-DataDome
X-Request-URI
X-Aspnetmvc-Version
X-Optimistic-Header
X-External-Request-Id
X-Vdms-Path
X-Ec-Custom-Error
Origin
Ngx.Var.Host
X-Correlation-ID
Ngx-Var-Key
Meta-Geo-Continent
MD5-Digest
X-Vdms-Version
Candidate-Md5Url
X-Viewer-Country
X-Destination
DCR-Processing-Time-Ms
Environment
X-Ec-Fail
DCR-Decision-By
X-SRCache-Key
X-ScT
X-Scheme
X-Ec-GeoHdr
Origin-Agent-Cluster
CDCHOST
X-Epic-Correlation-Id
Lang
X-S-Cookie
Gannett-Cam-Experience-Id
X-Developer
X-TIM-N
X-Rojux
X-Vtex-Remote-Cache
X-Bc-Bl
Type
X-BCube-Filmed-By
X-Aed
X-Bl-Debug
X-Conf
T-Server
Surrogated-Key
Sslversion
X-A-Dcw
X-Application
X-B-Cookie
X-D
Rendered-Blocks
X-A-Ccd
X-A-Wwc
Redirect-Candidate
X-Cache-Bucket
X-A-Dam
X-PAYTM-SRV-ID
X-A
X-Cache-NE
X-A-Dgt
Atl-Traceid
X-WP-CF-Super-Cache-Cookies-Bypass
X-TimeS
Edge-Copy-Time
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Cache-Info
X-Access
X-Section
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Acquia-Purge-Cdn-Unconfigured
Apple-News-Services-Request-Url
X-Bip
X-B3-Trace-ID
X-Dispatcher-Server
X-BBC-Edge-Cache-Status
X-Aicache-OS
X-Platform
X-SB
X-SD-PageType
V-Age
X-Request-Start
Req-Svc-Chain
X-Req
Server-Ext
Server-Host
X-Rocket-Build-Number
X-Request-Time
Pramga
Apple-News-Services-Handled
Release
Req-ID
X-Origin-Time
Server-Hostname
X-Core-Value
X-Proxied-Request
X-Debug-Cache-Store
Vix-Hermes-Req-Id
X-Pool
Fastly-SSL
Host-ID
X-Pubstack
Magicmarker
Sever-Int
Ssr
X-Debug-Cache-Fetch
L
Fastly-GeoIP-CountryCode
X-Server-IP
X-VG-WebCache
X-VG-TLSProxy
X-VServer
X-Fastly-Cache
X-We-Are-Hiring
X-Varnishpool
X-Varnish-Hostname
X-Thanos
X-Up
X-Varnish-Beresp-Status
X-Varnish-Director
X-Gdpr
X-Generated-On
X-Men
X-Loc
X-Nyt-Route
X-Mly-Id
X-Node-Id
X-Level-Front-Cache
X-Op-Id-All
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Human
X-Instance-Name
X-TH-Server
X-Forwarded-Site
X-Sigma
X-Sigma-Backend
X-Origin-Response-Time
User-Cache-Control
X-Service
Web-Mar-Region
We-Hiring
Wxu-Next-Hostname
X-Hash
X-Hnp-Log
X-Gzip
Wxu-Next-Region
X-GeoIP-City
Wxu-Next-Commit
X-Geo-Header
True-Client-Country-4JS
X-From
X-WA-Info
X-Org
Tube-Get-Contents
Tube-Got-Eval
X-Core-Mission
Uber-Trace-Id
Tube-Return
Tube-Got-Results
X-GeoIP
X-Ad-Load-Variation
X-PERF
X-Cache-Date
X-Mvc-Supplant-Cachable
X-Block-Status
X-Mvc-Supplant-OutputCached
X-Cache-Id
X-Cache-TTL-Remaining
X-NMSegId
Adler-Geo
X-DPWN-IS-SECURE
X-Micro-Cache
X-ApacheServer
X-Irp-Debug
Canary
X-RateLimit-Limit-Second
X-Policy
X-Old-Content-Length
C-Via
Cache-Provider
X-Auto-Login
X-HS-Content-Campaign-Id
X-Gen-Mode
X-Device-Os
Country-Code
Mail-Subject
Machine
X-NCache
NM-Fastcgi-Cache
Click-Count-Error
Platform
X-Fastly-Backend
X-Esi-Check
Is-Eu
X-SVT-ORM-VERSION
Esi-Enabled
X-Nginx-Cache-Key
X-UA-Device-Type
X-SVT-ORM-RULES
X-Var-Ttl
X-V-Cache
Gh-Request-Id
Producers
On-Server
Click-Count-Action-Start
X-Zen-Fury
X-FC-Vary-Parameters
X-Fmm-Version
X-RateLimit-Remaining-Second
DSUID
X-Clientip
X-DC
X-Sn-Servicetimems
Cf-Device-Type
X-Slack-Shared-Secret-Outcome
X-ZONE
X-Test
X-CacheTTL
X-Edge-Server
AKAMAI
W
IsBot
Cluster
X-App-Name
X-GoCache-CacheStatus
X-Via-Popv
X-HA-Backend
Cdn-Host
X-SIPLIST1
Cdn-Request-Time
X-Proto
X-Request-Host
Proxy-Firewall
X-Via-Popn
X-Cdn-Srv
X-Slack-Backend
X-Via-Poph
X-TA-CDN-Provider
X-Dc
Expiry
X-Connection-Hash
X-Parent-Response-Time
X-CF-Lambda-Version
X-Csrf-Jwt
X-CF-Lambda-Fn
X-Eu-Site
X-Date
X-CGP
Fastly-Backend-Name
X-Contensis-Viewer-Groups
X-Moov-T
X-Cache-Aspx
X-Owner
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Moov-Xdn-Version
X-Varnish-Authentication
X-Branch-Name
A
Content-Style-Type
LB
Content-Script-Type
X-Ah-Environment
X-NGINX-Cache
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
N-Cache
Pics-Label
X-Amz-Meta-Cb-Modifiedtime
X-Accel-Expires-Debug
Expect-Staple
NGX
Datacenter
X-Tenant
X-Orig-Expires
X-Qloud-Router
X-Cache-Type
RNT-Time
RNT-Machine
Cache-Key
X-Shop-Environment
X-Forwarded-Path
Xc-Version
X-Tt-Logid
X-Region-Sid
X-LB-NoCache
X-LB-ID
Cdncip
Cdnsip
Yak-Timeinfo
X-AK-Request-ID
X-Gamma-Serve
X-ND-Cache
Locid
X-Ratelimit-Reset
Cdn
Cmsid
PFcat
X-Amz-Storage-Class
X-VarnishDD-TTL
X-HN
X-Varnish-Hits
X-Refresh
Cmstype
X-Tx-Id
X-VHOST
SID
NtCoent-Length
X-Backend-Instance
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
X-Servedbyhost
X-Vmg-Version
X-CDN-Cache-Status
CPC-Age
Server-ID
X-DynaTrace-JS-Agent
X-Cdn-Diag
CPC-Cache
GeoIp-Country-Code
RATING
X-Nc
Cdn-Requestid
X-Azure-Ref-OriginShield
XM
X-LAGOON
X-TX-ID
X-Api-Version
X-Cache-Backend
X-Origin-Expires
X-API-Version
X-Fpc
X-Nananana
X-Srv
X-Akamai-Transformed
X-TIME
CloudFront-Viewer-Country
CacheControlHeader
X-Via-Fastly
X-B3-Parentspanid
X-Hit
X-Lagoon
Resin-Trace
X-Variation
XkeyRZ
X-Proxy-CacheRZ
Uri
User-Agent
X-CACHE-AGE
X-Nf-Request-Id
X-Client-Ip
X-URL
Cross-Origin-Opener-Policy-Report-Only
X-Fastly-Country-Code
X-Zone
X-LiteSpeed-Tag
X-NewRelic-App-Data
X-Info
X-Amz-Meta-Opti
VNS-Age
X-LiteSpeed-Cache-Control
VNS-Cache
MIME-Version
X-UA
Tcn
Cache-Name
X-MCACHE
True-Client-Ip
Lb
True-Client-IP
X-DataCenter
X-Datacenter
X-Dynatrace-Js-Agent
X-HostName
X-Vc
DataCenter
X-CSRF-TOKEN
X-Presslabs-Stats
X-Ig-Origin-Region
GeoIP-Latitude
X-Location
Mime-Version
X-Geo
Cache-Hits
Hostname
Fusion-Deployment-Id
Fusion-Content-Source
Cf-Ipcountry
Fusion-Source
Fusion-Component-Id
X-Dispatcher-Number
X-NWS-UUID-VERIFY
Fusion-Template-Id
Fusion-Content-Id
Fastly-Drupal-Html
X-Cdn-Forward
X-B3-Spanid
Powered-By
Srv
X-Cached-By
X-Jungle-Id
X-AIR-PT
X-Cloudmap
Origin-EX
X-CUA
X-Mid
Origin-CC
X-RID
X-Webkit-Csp-Report-Only
X-Varnish-Beresp-TTL
X-User
X-Segment-20210421
X-IAuth-Set-Uid
X-CLOUD-TRACE-CONTEXT
X-CS
Debug
Ohc-File-Size
BehaviorPad-Version
X-ECache
X-Esi
GeoIP-Country-Code
Cl-Cache
X-FPC
X-Dispatch
X-Render-Time
CDN
Ohc-Cache-HIT
X-Litespeed-Tag
X-VTEX-Cache-Time
X-NC
X-ServedByHost
X-VTEX-Cache-Server
X-WA
X-Powered-By-VTEX-Cache
X-Cdn-Cache-Status
Server-Id
Load-Balancing
X-Oracle-DMS-ECID
X-Cache-Enabled
X-Wormhole-Sdk
X-Cs
CountryCode
X-Lb-Id
YJS-ID
Edge-Cache
X-Lb-Nocache
My-App
Location
Server-Info
X-Auth-Group-Type
X-Snapshot-Date
X-Internal-Host
X-Fastly-Backend-Reqs
CF-Ctrl
X-Traceid
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-ID
X-Litespeed-Cache-Control
X-VCL-Version
Ms-Author-Via
X-APP-VERSION
Wpo-Cache-Status
Wpo-Cache-Message
Xkeylog
X-MSEdge-Features
Xkey-La3
Section-Io-Origin-Time-Seconds
X-Nitro-Cache-From
X-Akamai-Pragma-Client-IP
X-Ig-Push-State
X-Nitro-Rev
X-NodeID
Section-Io-Origin-Status
X-Proxy-Cache-La3
X-App
CF-Cached-On
X-MiniProfiler-Ids
X-Nitro-Cache
X-Cdn-Request-ID
Section-Origin-Responded
X-MSEdge-Flight
X-Dw-Trace-Id
X-IN-APIGATEWAY
OriginIP
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
Srvid
Time
X-FL-EDGE
Memory
X-Acquia-Site
Ngx
Memcached
X-Cache-FS-Status
Geoip-Latitude
X-Acquia-Purge-Tags
FSS-Cache
X-Acquia-Application-UUID
X-FL-QIT-DEBUG
Odigeo-Trace-Id
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Cache-Version
X-Shardid
Akamai-Cache-Status
X-Via-PopH
X-Ha-Backend
X-Te-Duration-Ms
X-Te-Count
X-Lsadc-Cache
X-Via-PopN
PICS-Label
X-Vgn-Hpd-Reason
Cloudfront-Viewer-Country
X-Fastly-Cache-Hits
X-Via-PopV
X-Pad
X-Http-Duration-Ms
X-Udemy-Cache-App-Namespace
X-RequestId
X-Service-Response-Time
X-Serial
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-Http-Count
X-Web-Server
X-Mg-Cache
X-Sucuri-Id
Sm-Log-Id