Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-AspNet-Version
Accept-CH
X-Cache-Status
X-DNS-Prefetch-Control
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Litespeed-Cache
X-Trace
Content-Location
X-Url
Service-Worker-Allowed
X-Content-Type
X-Country
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-ECACHE
X-Edge
X-Origin-Cache-Key
X-Mcache
Accept-Ch
X-Mod-Pagespeed
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Midtier
X-Rack-Cache
X-FTR-Request-ID
Cache-Tag
X-MS-InvokeApp
Nginx-Cache
X-Upstream
X-PC
X-TtlSet
X-Vname
X-Powered-By-Plesk
Rating
X-ESI
Edge-Control
X-Browser-Type
X-D2id
X-Server-Name
Verso
X-Element-Page-Cache
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-B3-TraceId
X-Times
X-Cnection
SPRequestDuration
SPIisLatency
X-Ac
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Abt-Application-Version
X-Vcap-Request-Id
X-Navigation-Version
X-SharePointHealthScore
SPRequestGuid
X-RateLimit-Remaining
X-NF-Request-ID
X-Dw-Request-Base-Id
X-Ruxit-Js-Agent
X-GitHub-Request-Id
X-Ser
AR-CACHE
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Mg-S
S
X-Cache-Key
RTSS
Pagespeed
Display
X-Middleton-Display
X-Sol
X-NWS-LOG-UUID
X-Client-IP
Edge-Cache-Tag
X-Cache-TTL
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
Origin-Trial
X-Powered-CMS
X-Goog-Hash
X-Varnish-TTL
X-Ttl
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
Cache-Status
X-Version
X-Server-ID
X-Kinsta-Cache
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
X-Recruiting
X-ARC
X-Webkit-Csp
X-TraceId
X-Content-Digest
Arr-Disable-Session-Affinity
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-T
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-For
Response
X-Middleton-Response
X-MSEdge-Ref
X-Ua-Device
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Cached
X-Hits
X-RateLimit-Limit
X-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
Public-Key-Pins
X-FTR-Expires
X-Request-Processing-Time
X-Request-Received
MS-Author-Via
Server-Node
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ua-Browser
X-HS-Combine-CSS
Payment
Front-End-Https
Cross-Origin-Resource-Policy
X-DIS-Request-ID
X-Frontend
X-Forwarded-Proto
X-Daa-Tunnel
X-LLID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-GUploader-UploadID
X-Fastcgi-Cache
X-FastCGI-Cache
TP-L2-Cache
X-LB-Cache
Realpath
X-Protected-By
Cache-Tags
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-WebKit-CSP-Report-Only
X-Distributor
X-Request-Handler-Origin-Region
Count-Hit
X-Microsite
X-TTL
X-ORACLE-DMS-RID
X-Page-Id
MRF-Tech
X-F-Cache
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Kinja-CCPA
X-Www-Served-By
X-AppVersion
X-Activity-Id
X-NGENIX-Cache
X-Az
X-Cluster-Name
Accept-Charset
Referer-Policy
X-Varnish-Backend
X-Geo-Country
X-Debug-Info
X-Envoy-Decorator-Operation
X-Correlation-Id
X-App-Server
Fastcgi-Cache
X-Varnish-Server
Host
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-PressLabs-Stats
X-Goog-Metageneration
X-Hostname
X-FB-Debug
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
X-ORACLE-DMS-ECID
X-Oracle-Dms-Ecid
Retry-After
X-XRDS-LOCATION
X-Rid
Server-Name
X-CSRF-Token
X-Content-Options
X-Load-Cache
X-Px
X-Upgrade-Enabled
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Request-Guid
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Contextid
X-Aspnet-Duration-Ms
X-Revision
DC
X-Cache-Control
X-Trace-Id
X-Signature
Charset
X-Origin-Cache
X-App-Environment
X-Grace
X-B-Cache
X-Type
Paypal-Debug-Id
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-B
X-Datadog-Sampling-Priority
X-Oracle-Dms-Rid
X-TT
X-B3-Sampled
X-Seen-By
Cleartype
X-ASPNET-VERSION
Section-Io-Cache
X-Ezoic-Cdn
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Amz-Meta-S3cmd-Attrs
X-Mobile
X-TEC-API-ROOT
X-Fastly-Request-ID
X-Ratelimit-Limit
X-Fb-Rlafr
Frame-Options
TCN
X-Amz-Replication-Status
Healthy
X-Whom
X-Wix-Request-Id
X-Magnolia-Registration
X-Language
X-Logged-In
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Fastly-Request-Id
X-Node-Name
Filterid
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-Proxy
X-App-Version
X-N
X-Newrelic-App-Data
Content-Disposition
Backend
X-Varnish-Ttl
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
X-Air-Pt
NGB
X-Proxy-Cache-Info
Refresh
X-Original-Request-Id
X-Response-Served-From
X-Rendered-As
X-Is-Bot
VIX-Pulpo-Upstream-Status
X-Unique-Id
X-Page-View
VIX-Pulpo-Node
X-Tumblr-User
X-ProcessESI
X-Tumblr-Pixel
X-Yottaa-Metrics
SD-X-WS
X-Tumblr-Pixel-1
X-RemovedCookies
X-Yottaa-Optimizations
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Debug-IsConnected
X-Instance
X-WP-CF-Super-Cache
Viewport
X-Adobe-Content
X-Adobe-Loc
Liferay-Portal
X-Servername
X-Datadog-Sampled
X-UUID
X-Varnish-Grace
X-Amzn-Remapped-Content-Length
X-RTag
MS-CV
X-WP-CF-Super-Cache-Cache-Control
Ms-Operation-Id
X-IPS-LoggedIn
X-FW-Static
X-FW-Type
X-Ratelimit-Remaining
X-FW-Version
Fastly-SWR
X-FW-Server
X-G
X-FW-Serve
Fastly-SIE
X-Debug
X-B3-SpanId
X-FW-Dynamic
X-FW-Hash
X-Device-Type
X-User-Agent
X-NYM-Debug-Backend
X-Cacheable-TTL
X-Cache-Grace
Url
X-Region
From-Origin
X-Rule
Country
X-L-Path
X-Environment-Context
X-Cache-Hit
X-Jobs
X-Status
X-Hl-Ver
X-Backend-Name
ServerID
X-Webkit-CSP
Surrogate-Key
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
Countrycode
X-Cache-Age
X-Hosted-By
X-Time
X-Origin-TTL
X-Origin-CC
X-Tec-Api-Origin
Alternate-Protocol
X-Tec-Api-Version
X-Tec-Api-Root
X-VC-Cache
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Content-Powered-By
X-Cache-Status-Check
X-Akamai-Request-ID2
X-NODE
X-Http-Reason
Amp-Access-Control-Allow-Source-Origin
X-Via-JSL
Protected
X-INCAP-ABP
X-HTML-Minification-Powered-By
WPO-Cache-Status
WPO-Cache-Message
Version
SRV
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
X-CDN-Forward
GEO-INFO
CDN-RequestId
X-Framework
X-Storage
X-Source
X-WP-CF-Super-Cache-Active
X-Accel-Version
X-Edge-Location
X-Cache-Rule
Access-Control-Request-Headers
Front
CF-IPCountry
X-Nginx-Cache
X-XRDS-Location
X-Httpd
OT-Force-Account-Verify
X-Mode
X-Real-IP
X-Use-Magma
X-Use-Mantle
X-Xfnlog-Site
X-Rn-Rsrv
X-Upstream-Ct
X-Upstream-Ht
X-UPSTREAM-Address
Accept-Language
Webserver
X-Endurance-Cache-Level
Meta-Geo
Filters
X-Cache-Operation
X-VC
X-Rewrite-Enabled
X-Tumblr-Pixel-3
Selected-Fe
X-Timing-Wait
X-Tumblr-Pixel-2
X-Cache-Debug
X-Soup
X-SaId
X-Detected-As
X-JoinUs
X-Served-From
X-Director
X-Proxy-Build
X-Handled-By
X-Varnish-Cache-Hits
X-BYPASS-REASON
X-Adobe-Source
X-Say-TTL
X-ProxyCache-Key
X-ProxyCache-Status
X-Origin
ServedBy
X-Logging-Id
X-Cms-Context
X-Redis-Cache
X-Sql-Duration-Ms
X-Worker
X-Sql-Count
X-SayCDN-TTL
X-Say-Cacheable
X-Cache-Time
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Property-Id
Web-Mar-Node
DB-Nickname
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
Webcakes-Region
X-Tncms
Webcakes-App-Version
Azure-InstanceId
X-GeoCode
X-VCT
X-PHP-Host
X-Origin-Hint
X-Restarts
X-RM-Cache-TTL
AMP-Access-Control-Allow-Source-Origin
X-Server-W
X-S
Xserver
X-No-Session
Xet-Cookie
X-Lambda-Id
X-Labrador-Cache-Channel
X-GeoCountry
X-Format
X-Loop
X-Varnish-Age
X-B3-Traceid
X-LJ-Flow-ID
X-Skip-Cache
X-RCS-CacheZone
X-Vercel-Id
X-Generation-Time
X-Git-Commit
X-Fetched-On
X-Cache-Server
X-DynaTrace
X-Varnish-Beresp-Grace
X-AWS-Id
X-Container-Uri
X-VWS-Id
X-Vercel-Cache
X-IPLB-Request-ID
X-IPLB-Instance
X-Tb
Mn-Server-Ip
Apigw-Requestid
X-Ms-Version
X-Cluster
X-Provided-By
X-Cache-Host
X-Reqid
X-Ms-Request-Id
X-Is-Tablet
X-Geo-Region
X-Frame-Option
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Browser-Name
X-Tcp-Rtt
Section-Io-Id
Node
X-AB
X-Web-Node
X-ServerID
X-R9-Blue-Green-Version
X-Routing-Service
X-Extlb
X-Locale
X-Site-Version
X-Proxied
X-Forwarded-Host
X-Zipkin-Id
X-Uri
X-Platform-Router
X-Platform-Processor
Cross-Origin-Embedder-Policy
X-Platform-Cluster
Cache-Tv-Group
X-Webstats-RespID
X-COUNTRY
Source
X-Drupal-Cache-Contexts
X-FB-TRIP-ID
X-Drupal-Cache-Tags
Priority
Content-Secure-Policy
X-Vcache
X-MP-GENERATED-AT
Fastcgi-Useragent
WP-Super-Cache
X-Vcl-Version
X-Origin-Date
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullCode
Onion-Location
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-TT-LOGID
WZWS-RAY
X-Xrds-Location
Locale
X-SRV
X-Generated-By
X-Content-Age
X-Urbn-Site-Id
X-Urbn-Context-Path
X-ShardId
X-Sucuri-Cache
X-Sorting-Hat-PodId
X-ShopId
S-Rt
X-Sorting-Hat-ShopId
X-Pass-Why
X-Cdn-Origin
X-Newrelic-Synthetics
X-Sucuri-ID
Sid
X-Ua
X-Cluster-Node
X-Buckets
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
Cross-Origin-Embedder-Policy-Report-Only
X-Cache-Action
X-Cache-Expired-At
X-CMSURLCustom
X-Shield-Cache-Expires
X-Thinkindot-L3
Cross-Origin-Window-Policy
X-VCache
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Scope-Id
X-LSADC-Cache
Cache
X-DataDome
X-GEO
X-Mg-Request-UUID
Atl-Traceid
HostName
Fastly-Drupal-HTML
Edge-Copy-Time
X-Aspnetmvc-Version
X-Via-SSL
X-Request-URI
X-Via-CDN
X-Via-Edge
Origin-Agent-Cluster
X-Bl-Debug
X-A-Dam
X-A-Dcw
X-Bc-Bl
X-Vdms-Version
X-Application
Lang
X-B-Cookie
Origin
X-BCube-Filmed-By
Type
Gannett-Cam-Experience-Id
X-A-Wwc
X-Epic-Correlation-Id
X-External-Request-Id
CDCHOST
X-D
X-Ec-GeoHdr
X-Ec-Fail
Candidate-Md5Url
X-Developer
X-Aed
X-Ec-Custom-Error
X-Conf
X-SRCache-Key
Ngx-Var-Key
X-Cache-Bucket
Ngx.Var.Host
X-Destination
Environment
DCR-Processing-Time-Ms
Meta-Geo-Continent
X-Cache-NE
MD5-Digest
DCR-Decision-By
X-A-Dgt
X-Vdms-Path
X-TIM-N
X-Rojux
X-Viewer-Country
X-S-Cookie
T-Server
Rendered-Blocks
Sslversion
X-PAYTM-SRV-ID
X-Optimistic-Header
X-Vtex-Remote-Cache
X-Correlation-ID
Redirect-Candidate
Surrogated-Key
X-A-Ccd
X-ScT
X-Scheme
X-A
X-WP-CF-Super-Cache-Cookies-Bypass
X-Datadome
X-TimeS
Apple-News-Services-Request-Url
Host-ID
X-Dispatcher-Server
X-Proxied-Request
X-Pool
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
V-Age
X-Platform
X-Pubstack
Sever-Int
Apple-News-Services-Host
X-Debug-Cache-Store
X-Rocket-Build-Number
X-Aicache-OS
X-Request-Time
Fastly-SSL
Fastly-GeoIP-CountryCode
X-SB
DSUID
X-Cache-Info
X-Request-Start
X-Debug-Cache-Fetch
Magicmarker
Ssr
X-Core-Value
X-Clientip
X-Req
X-Bip
Server-Hostname
X-Human
X-Instance-Name
Pramga
X-Mly-Id
Req-ID
X-Thanos
X-Sigma
X-TH-Server
Req-Svc-Chain
X-VG-WebCache
Release
X-Loc
X-Level-Front-Cache
X-WA-Info
X-Sigma-Backend
X-Varnish-Hostname
X-Varnishpool
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Varnish-Director
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Server-Ext
X-Fastly-Cache
X-Access
Server-Host
X-Op-Id-All
X-SD-PageType
X-Origin-Time
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Nyt-Route
X-VServer
X-Section
X-We-Are-Hiring
X-Forwarded-Site
X-Generated-On
L
X-Node-Id
X-Gdpr
User-Cache-Control
X-Origin-Response-Time
We-Hiring
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
Uber-Trace-Id
X-Ad-Load-Variation
X-Hnp-Log
X-NMSegId
X-Zen-Fury
X-Old-Content-Length
X-Org
X-Nginx-Cache-Key
X-NCache
Cluster
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-V-Cache
X-PERF
X-UA-Device-Type
X-Server-IP
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Up
X-Request-Host
X-Policy
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Var-Ttl
X-Micro-Cache
X-DPWN-IS-SECURE
X-Esi-Check
X-FC-Vary-Parameters
X-Fmm-Version
X-Device-Os
X-Cache-TTL-Remaining
X-Block-Status
X-Cache-Date
X-Cache-Id
X-From
X-Gen-Mode
X-Irp-Debug
Tube-Return
X-Men
X-HS-Content-Campaign-Id
X-Gzip
X-Geo-Header
X-GeoIP
X-GeoIP-City
X-Auto-Login
X-ApacheServer
Machine
C-Via
Mail-Subject
Click-Count-Error
On-Server
NM-Fastcgi-Cache
Cache-Provider
Is-Eu
Country-Code
Click-Count-Action-Start
Esi-Enabled
Gh-Request-Id
Canary
Platform
Adler-Geo
Tube-Get-Contents
X-TA-CDN-Provider
True-Client-Country-4JS
Tube-Got-Results
Tube-Got-Eval
Producers
X-Service
X-Connection-Hash
Expiry
X-DC
X-Moov-Xdn-Version
Cdn-Request-Time
X-Varnish-Authentication
X-ZONE
X-Cdn-Srv
X-Core-Mission
Content-Style-Type
Content-Script-Type
X-Proto
X-SIPLIST1
X-Cache-Aspx
X-Edge-Server
X-Fastly-Backend
X-Hash
AKAMAI
X-Moov-T
X-Test
X-GoCache-CacheStatus
X-Contensis-Viewer-Groups
Cdn-Host
Cf-Device-Type
W
IsBot
Pics-Label
X-App-Name
A
X-Branch-Name
X-Parent-Response-Time
X-Dc
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-HA-Backend
X-Sn-Servicetimems
L5d-Success-Class
Proxy-Firewall
X-Via-Popn
X-Via-Poph
X-Via-Popv
NGX
X-Eu-Site
Cache-Key
HA-Ipaddr
RNT-Machine
RNT-Time
X-CGP
X-Ah-Environment
X-CacheTTL
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Csrf-Jwt
Ha-Gx-Prefs
X-Amz-Meta-Cb-Modifiedtime
Fastly-Backend-Name
Datacenter
X-NGINX-Cache
Yak-Timeinfo
LB
X-ND-Cache
X-Qloud-Router
X-Owner
X-Accel-Expires-Debug
Cdnsip
Cdncip
X-Region-Sid
Expect-Staple
X-Date
X-AK-Request-ID
Locid
N-Cache
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-HN
X-VarnishDD-TTL
X-Orig-Expires
X-LB-NoCache
X-LB-ID
Xc-Version
PFcat
X-Tenant
X-Cache-Type
X-Forwarded-Path
X-Shop-Environment
X-Amz-Storage-Class
Cdn
X-Ratelimit-Reset
X-Refresh
X-Backend-Instance
X-Tx-Id
X-Varnish-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-Gamma-Serve
X-Azure-Ref-OriginShield
X-VHOST
SID
X-Servedbyhost
X-Tt-Logid
X-Wa
X-DynaTrace-JS-Agent
GeoIp-Country-Code
XM
Cmstype
Cmsid
X-CDN-Cache-Status
RATING
NtCoent-Length
X-Nc
Cdn-Requestid
X-Origin-Expires
X-API-Version
X-Vmg-Version
X-Cache-Backend
CPC-Cache
X-Cdn-Diag
CPC-Age
Server-ID
X-TX-ID
X-Nananana
X-Akamai-Transformed
X-TIME
X-Srv
X-Lagoon
CloudFront-Viewer-Country
X-Via-Fastly
X-Fpc
X-LAGOON
X-Api-Version
CacheControlHeader
X-Hit
X-B3-Parentspanid
Resin-Trace
X-NewRelic-App-Data
X-Zone
Tcn
User-Agent
Uri
X-Variation
XkeyRZ
X-HostName
X-Nf-Request-Id
X-Proxy-CacheRZ
Cross-Origin-Opener-Policy-Report-Only
X-Client-Ip
X-UA
X-URL
X-CACHE-AGE
X-Presslabs-Stats
X-Info
X-Amz-Meta-Opti
MIME-Version
X-Datacenter
X-Fastly-Country-Code
X-LiteSpeed-Tag
VNS-Age
Lb
X-Ig-Origin-Region
GeoIP-Latitude
Cache-Hits
X-Location
VNS-Cache
True-Client-Ip
True-Client-IP
X-Esi
X-Dynatrace-Js-Agent
DataCenter
X-LiteSpeed-Cache-Control
Fusion-Deployment-Id
Fusion-Content-Source
Cache-Name
Fusion-Template-Id
X-DataCenter
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Mime-Version
X-Geo
X-RID
X-Vc
X-NWS-UUID-VERIFY
X-AIR-PT
Cf-Ipcountry
Hostname
Powered-By
Fastly-Drupal-Html
X-B3-Spanid
Origin-EX
X-Dispatcher-Number
X-HOST
X-Cloudmap
X-Cached-By
X-CUA
Origin-CC
X-Jungle-Id
X-CSRF-TOKEN
X-IAuth-Set-Uid
X-User
X-CS
X-Segment-20210421
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-Mid
X-Varnish-Beresp-TTL
Debug
Srv
X-Render-Time
Cl-Cache
X-MCACHE
Load-Balancing
X-ECache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
CDN
X-Powered-By-VTEX-Cache
Ohc-File-Size
GeoIP-Country-Code
X-Dispatch
BehaviorPad-Version
X-FPC
X-Wormhole-Sdk
X-Litespeed-Tag
X-ServedByHost
X-Auth-Group-Type
Edge-Cache
X-Cdn-Cache-Status
X-WA
X-NC
Server-Id
X-Cs
X-Oracle-DMS-ECID
Ohc-Cache-HIT
X-Cache-Enabled
X-Lb-Nocache
YJS-ID
X-Lb-Id
X-Fastly-Backend-Reqs
X-Wp-Cf-Super-Cache
Server-Info
X-Wp-Cf-Super-Cache-Cache-Control
X-NodeID
X-Ig-Push-State
My-App
Location
CountryCode
Wpo-Cache-Status
Ms-Author-Via
Wpo-Cache-Message
X-VCL-Version
X-Litespeed-Cache-Control
Xkeylog
X-Cdn-Request-ID
Xkey-La3
X-Snapshot-Date
X-Proxy-Cache-La3
CF-Cached-On
Odigeo-Trace-Id
CF-Ctrl
X-Internal-Host
X-MSEdge-Features
X-MiniProfiler-Ids
X-MSEdge-Flight
X-Akamai-Pragma-Client-IP
OriginIP
Memcached
Section-Io-Origin-Time-Seconds
X-APP-VERSION
Memory
X-Acquia-Application-Trace
X-IN-APIGATEWAY
X-Acquia-Site
X-Acquia-Purge-Tags
Section-Origin-Responded
Section-Io-Origin-Status
X-IN-APIGATEWAYSSL
X-Acquia-Application-UUID
FSS-Cache
X-Custom-Header
Srvid
Geoip-Latitude
Ngx
X-Vgn-Hpd-Reason
X-FL-EDGE
X-FL-QIT-DEBUG
X-Nitro-Cache
X-Pad
X-Nitro-Cache-From
X-Nitro-Rev
X-App
Time
X-Sorting-Hat-Shopid
X-Shopid
X-Sorting-Hat-Podid
X-Cache-Version
X-Shardid
X-Cache-FS-Status
Akamai-Cache-Status
X-Via-PopV
X-Http-Count
X-Http-Duration-Ms
X-Udemy-Cache-App-Namespace
X-Depends
X-PHP-Backend
Cloudfront-Viewer-Country
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-RequestId
X-Via-PopN
X-Check-Cacheable
X-Lsadc-Cache
X-Serial
X-Service-Response-Time
X-Th-Server
X-Web-Server
X-Dw-Trace-Id
X-Te-Count
X-Via-PopH
X-Fastly-Cache-Hits
X-Mg-Cache
X-Te-Duration-Ms
Sm-Log-Id
X-Ha-Backend