Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Vhost
Xkey
X-Rq
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
Request-Id
X-Akam-SW-Version
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
X-Ruxit-JS-Agent
X-Trace
X-Cache-Lookup
Content-Location
X-Url
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Litespeed-Cache
X-Edge
X-Origin-Cache-Key
X-Mod-Pagespeed
Accept-Ch
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-FTR-Request-ID
X-Midtier
Cross-Origin-Opener-Policy
Cache-Tag
X-Mcache
X-MS-InvokeApp
X-Upstream
Nginx-Cache
X-TtlSet
X-ESI
X-PC
X-Vname
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-D2id
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja
Verso
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Times
X-Server-Name
X-Cnection
X-Ac
SPRequestDuration
SPIisLatency
X-B3-TraceId
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
X-Vcap-Request-Id
X-Navigation-Version
X-Ruxit-Js-Agent
X-Abt-Application-Version
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
X-NF-Request-ID
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-Ser
X-VARITI-CCR
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
AR-CACHE
S
X-Cache-Key
X-Mg-S
RTSS
X-Ttl
X-Client-IP
X-Cache-TTL
Origin-Trial
Edge-Cache-Tag
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Amz-Rid
X-Amzn-Trace-Id
Fastly-Restarts
X-NWS-LOG-UUID
X-Goog-Hash
X-Powered-CMS
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Server-ID
X-Edge-Location-Klb
X-Version
X-Kinsta-Cache
Cache-Status
Access-Control-Request-Method
X-ARC
X-Recruiting
X-Webkit-Csp
X-Content-Digest
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TraceId
X-T
X-MSEdge-Ref
X-Forwarded-For
Response
X-Middleton-Response
X-Ua-Device
Content-MD5
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Hits
X-Cached
X-FTR-Balancer
Public-Key-Pins
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-Request-Processing-Time
Server-Node
X-Request-Received
X-Id
Payment
X-HS-Hub-Id
X-HS-Cache-Config
X-Ua-Browser
X-Frontend
X-HS-Combine-CSS
X-HS-Content-Id
MS-Author-Via
Front-End-Https
X-DIS-Request-ID
X-RateLimit-Limit
Cross-Origin-Resource-Policy
X-LLID
X-Forwarded-Proto
X-GUploader-UploadID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-FastCGI-Cache
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
X-Daa-Tunnel
TP-L2-Cache
Cache-Tags
X-LB-Cache
Realpath
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-Protected-By
X-Origin-Server
X-Distributor
Count-Hit
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-F-Cache
X-Cluster-Name
X-NGENIX-Cache
X-Az
X-Activity-Id
MRF-Tech
X-Www-Served-By
X-AppVersion
X-PressLabs-Stats
X-B3-TraceId-Primal
Mrf-Cache-Status
Accept-Charset
X-Varnish-Backend
X-Geo-Country
X-Hostname
Referer-Policy
X-Correlation-Id
X-Debug-Info
X-App-Server
X-Envoy-Decorator-Operation
X-Varnish-Server
X-Kong-Upstream-Latency
X-FB-Debug
X-Goog-Metageneration
Fastcgi-Cache
X-Kong-Proxy-Latency
Host
X-ORACLE-DMS-ECID
X-TTL
Access-Control-Allow-Method
X-Git-Hash
X-Rid
X-RateLimit-Reset
X-Ratelimit-Limit
X-XRDS-LOCATION
Retry-After
Server-Name
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Content-Options
X-Tt-Trace-Tag
X-Fastly-Request-ID
X-Px
X-Tt-Trace-Host
X-Load-Cache
DC
X-Is-Crawler
X-Contextid
X-Origin-Cache
X-Aspnet-Duration-Ms
X-Route-Name
X-Flags
X-Providence-Cookie
X-Request-Guid
X-Revision
X-B3-Sampled
X-CSRF-Token
TCN
X-Signature
X-Oracle-Dms-Ecid
X-Grace
X-App-Environment
X-Type
X-B-Cache
X-Trace-Id
X-Mobile
Paypal-Debug-Id
X-Cache-Control
Charset
Cleartype
X-Upgrade-Enabled
X-Datadog-Parent-Id
X-B
X-Datadog-Sampling-Priority
X-TT
X-Datadog-Trace-Id
X-ASPNET-VERSION
X-Fb-Rlafr
Section-Io-Cache
X-Amz-Meta-S3cmd-Attrs
X-Language
X-Seen-By
X-Amz-Replication-Status
Frame-Options
X-Ezoic-Cdn
X-Goog-Storage-Class
X-Whom
X-Goog-Stored-Content-Length
X-Logged-In
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Healthy
X-Magnolia-Registration
X-Wix-Request-Id
Filterid
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Rid
X-Node-Name
X-Newrelic-App-Data
X-Azure-Ref
X-N
Content-Disposition
X-App-Version
X-Proxy
Backend
X-Fastly-Request-Id
X-Air-Pt
X-Varnish-Ttl
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
Refresh
NGB
X-Proxy-Cache-Info
X-Response-Served-From
X-Original-Request-Id
X-Is-Bot
X-Rendered-As
X-Page-View
VIX-Pulpo-Node
X-Tumblr-Pixel
X-ProcessESI
SD-X-WS
X-Tumblr-Pixel-0
X-Servername
X-Yottaa-Metrics
X-Tumblr-User
X-B3-SpanId
X-Tumblr-Pixel-1
X-Unique-Id
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-Debug-IsPreview
X-Varnish-Grace
X-WP-CF-Super-Cache-Cache-Control
Viewport
X-Adobe-Content
Liferay-Portal
MS-CV
Ms-Operation-Id
X-Amzn-Remapped-Content-Length
X-Adobe-Loc
X-Datadog-Sampled
X-Debug-IsConnected
X-RTag
Url
X-Instance
X-WP-CF-Super-Cache
X-Cacheable-TTL
Fastly-SIE
Fastly-SWR
X-Cache-Grace
X-FW-Hash
X-Debug
X-FW-Dynamic
X-FW-Type
X-FW-Version
X-IPS-LoggedIn
X-User-Agent
X-Region
X-G
X-Ratelimit-Remaining
X-FW-Static
X-FW-Serve
X-UUID
X-FW-Server
X-NYM-Debug-Backend
X-Jobs
X-Environment-Context
X-L-Path
X-Device-Type
From-Origin
X-Rule
Country
X-Cache-Hit
X-Status
Surrogate-Key
X-Hl-Ver
X-Hosted-By
X-Backend-Name
X-Air-Hostname
ServerID
X-Air-Trace-Id
X-Webkit-CSP
X-Air-Source
X-Cache-Age
X-Http-Reason
X-Time
X-Content-Powered-By
X-Akamai-Request-ID2
Protected
X-VC-Cache
X-Cache-Status-Check
Alternate-Protocol
X-Origin-TTL
X-Origin-CC
X-XRDS-Location
Amp-Access-Control-Allow-Source-Origin
Countrycode
X-NODE
WPO-Cache-Status
WPO-Cache-Message
X-Hcs-Proxy-Type
X-Use-Magma
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Version
X-B3-Traceid
X-HTML-Minification-Powered-By
X-Via-JSL
X-INCAP-ABP
X-Akamai-Edgescape
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Framework
GEO-INFO
CDN-RequestId
X-Edge-Location
X-WP-CF-Super-Cache-Active
X-Source
X-Storage
Front
X-Cache-Rule
X-Accel-Version
X-CDN-Forward
Access-Control-Request-Headers
SRV
CF-IPCountry
X-Nginx-Cache
X-Httpd
X-Mode
X-Use-Mantle
X-Endurance-Cache-Level
Accept-Language
X-Xfnlog-Site
Webserver
OT-Force-Account-Verify
X-Real-IP
X-UPSTREAM-Address
X-Upstream-Ht
X-Upstream-Ct
Xet-Cookie
X-VC
X-Rn-Rsrv
X-Cache-Operation
X-Rewrite-Enabled
Meta-Geo
Filters
X-Proxy-Build
X-Cache-Debug
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Detected-As
X-Soup
X-SaId
Selected-Fe
X-JoinUs
X-Timing-Wait
X-Director
X-Served-From
ServedBy
X-Worker
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Cache-Time
X-ProxyCache-Status
X-Handled-By
X-Sql-Count
X-Sql-Duration-Ms
X-Tncms
X-Varnish-Cache-Hits
X-ProxyCache-Key
X-Redis-Cache
X-Lambda-Id
X-Varnish-Age
X-Adobe-Source
X-Cms-Context
X-Loop
X-BYPASS-REASON
Apigw-Requestid
Azure-InstanceId
X-PHP-Host
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Origin-Hint
X-Server-W
Azure-RegionName
AMP-Access-Control-Allow-Source-Origin
TWC-Device-Class
TWC-Connection-Speed
X-GeoCountry
Property-Id
X-S
X-RM-Cache-TTL
DB-Nickname
Azure-SlotName
Azure-Version
X-Restarts
Azure-SiteName
TWC-Locale-Group
X-Logging-Id
TWC-Privacy
Webcakes-App-Version
X-GeoCode
X-Varnish-Beresp-Grace
X-Format
X-Labrador-Cache-Channel
Xserver
Webcakes-Region
Web-Mar-Node
X-Skip-Cache
Webcakes-App-Name
X-No-Session
X-Fetched-On
Mn-Server-Ip
X-VCT
X-AWS-Id
X-IPLB-Instance
X-DynaTrace
X-IPLB-Request-ID
X-LJ-Flow-ID
X-VWS-Id
X-RCS-CacheZone
X-Cache-Server
X-Git-Commit
X-Cache-Host
X-Generation-Time
X-Container-Uri
X-Extlb
X-Cluster
X-Routing-Service
X-Is-Supported-Browser
X-Provided-By
X-Proxied
X-Ms-Version
X-COUNTRY
Node
X-Forwarded-Host
X-Vercel-Id
X-Tb
X-Tcp-Rtt
X-Vercel-Cache
X-Frame-Option
X-Reqid
X-Ms-Request-Id
X-Is-Tablet
X-Origin
X-Is-Mobile
X-ServerID
X-Is-Desktop
X-Geo-Region
X-AB
X-Zipkin-Id
X-Browser-Name
Cache-Tv-Group
Section-Io-Id
X-Uri
X-R9-Blue-Green-Version
X-Site-Version
X-Locale
X-FB-TRIP-ID
X-Platform-Processor
Priority
X-Web-Node
X-Platform-Cluster
X-Platform-Router
Content-Secure-Policy
X-Webstats-RespID
X-Vcache
Source
X-MP-GENERATED-AT
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
Cross-Origin-Embedder-Policy
Fastcgi-Useragent
X-Vcl-Version
WP-Super-Cache
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-PullZone
X-Origin-Date
Onion-Location
CDN-RequestCountryCode
CDN-Cache
CDN-EdgeStorageId
CDN-CachedAt
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
WZWS-RAY
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
X-SRV
X-Generated-By
S-Rt
X-Ua
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Sucuri-Cache
X-Pass-Why
X-Newrelic-Synthetics
X-TT-LOGID
X-Cluster-Node
X-Cdn-Origin
Sid
X-Buckets
X-Sucuri-ID
X-Proxy-Cache-Status
X-Cache-Action
X-Varnish-Beresp-Ttl
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-Mg-Request-UUID
X-VCache
Cross-Origin-Embedder-Policy-Report-Only
X-Xrds-Location
X-Scope-Id
X-CMSURLCustom
X-Shield-Cache-Expires
TDXMobile
Thinkindot-CacheControl
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-Control
X-LSADC-Cache
X-Datadome
Fastly-Drupal-HTML
Cache
X-GEO
HostName
X-DataDome
X-Request-URI
X-Optimistic-Header
X-Aspnetmvc-Version
X-A-Dcw
X-Aed
X-A-Dam
X-TIM-N
X-Viewer-Country
X-A-Wwc
Redirect-Candidate
Rendered-Blocks
X-Vtex-Remote-Cache
X-A-Ccd
X-A-Dgt
X-Scheme
Sslversion
X-Vdms-Version
X-Vdms-Path
Surrogated-Key
Type
CDCHOST
Candidate-Md5Url
DCR-Decision-By
X-Correlation-ID
Origin-Agent-Cluster
X-ScT
X-A
DCR-Processing-Time-Ms
Meta-Geo-Continent
X-D
T-Server
X-Conf
X-S-Cookie
MD5-Digest
X-Rojux
X-External-Request-Id
X-Destination
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-PAYTM-SRV-ID
Lang
Environment
X-Bc-Bl
X-SRCache-Key
X-B-Cookie
X-Ec-Custom-Error
X-Application
Origin
X-BCube-Filmed-By
Gannett-Cam-Experience-Id
X-Cache-NE
Ngx-Var-Key
X-Cache-Bucket
Ngx.Var.Host
X-Bl-Debug
Atl-Traceid
Edge-Copy-Time
X-TimeS
X-WP-CF-Super-Cache-Cookies-Bypass
X-Via-Edge
X-Via-CDN
X-Via-SSL
X-Generated-On
X-Gdpr
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Forwarded-Site
Magicmarker
X-Origin-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Human
X-Dispatcher-Server
X-Fastly-Cache
Host-ID
X-Mly-Id
X-Men
X-SD-PageType
X-Nyt-Route
X-Node-Id
X-Loc
X-Level-Front-Cache
X-SB
X-Core-Value
X-Instance-Name
Fastly-SSL
X-Op-Id-All
L
X-Platform
X-Request-Start
X-Req
X-Request-Time
Vix-Hermes-Req-Id
X-Proxied-Request
Server-Ext
V-Age
Sever-Int
Ssr
X-Pubstack
Server-Hostname
Server-Host
X-Section
Req-Svc-Chain
X-B3-Trace-ID
X-Pool
X-BBC-Edge-Cache-Status
X-Bip
X-Rocket-Build-Number
X-Aicache-OS
Pramga
Req-ID
X-Access
Release
X-Acquia-Purge-Cdn-Unconfigured
X-Cache-Info
Fastly-GeoIP-CountryCode
X-TH-Server
X-Thanos
X-Sigma-Backend
X-Sigma
Apple-News-Services-Host
Apple-News-Services-Handled
X-Up
X-Varnish-Beresp-Status
X-VG-WebCache
X-VServer
X-VG-TLSProxy
X-Varnishpool
X-Varnish-Director
X-Varnish-Hostname
Apple-News-Services-Parsed-Url
X-We-Are-Hiring
Apple-News-Services-Request-Url
X-Server-IP
X-Origin-Response-Time
X-Service
User-Cache-Control
DSUID
X-Clientip
X-Policy
X-Auto-Login
Tube-Get-Contents
X-Block-Status
X-WA-Info
X-Cache-TTL-Remaining
X-Cache-Id
X-PERF
X-Cache-Date
X-ApacheServer
X-Ad-Load-Variation
We-Hiring
Click-Count-Action-Start
Uber-Trace-Id
Click-Count-Error
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Region
Tube-Got-Eval
Tube-Got-Results
Wxu-Next-Hostname
Tube-Return
X-DPWN-IS-SECURE
X-Org
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Hnp-Log
X-Hash
X-Micro-Cache
X-Old-Content-Length
X-Nginx-Cache-Key
X-NCache
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Gzip
X-GeoIP-City
X-Fastly-Backend
X-Esi-Check
True-Client-Country-4JS
X-Device-Os
X-FC-Vary-Parameters
X-Fmm-Version
X-GeoIP
X-Geo-Header
X-Gen-Mode
X-From
X-Core-Mission
X-Zen-Fury
X-SVT-ORM-VERSION
Platform
On-Server
Producers
Cache-Provider
Country-Code
X-UA-Device-Type
NM-Fastcgi-Cache
C-Via
Gh-Request-Id
Esi-Enabled
X-NMSegId
Is-Eu
Adler-Geo
Mail-Subject
Machine
X-V-Cache
X-SVT-ORM-RULES
X-Var-Ttl
Canary
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-DC
Proxy-Firewall
W
X-Slack-Backend
X-SIPLIST1
X-Proto
X-ZONE
X-Sn-Servicetimems
X-Cdn-Srv
X-Via-Poph
X-Via-Popn
Cluster
X-CacheTTL
Cf-Device-Type
X-Edge-Server
X-Slack-Shared-Secret-Outcome
X-Request-Host
Cdn-Request-Time
X-Test
AKAMAI
Cdn-Host
X-Via-Popv
X-HA-Backend
IsBot
X-App-Name
X-GoCache-CacheStatus
X-Dc
X-TA-CDN-Provider
Expiry
X-Connection-Hash
X-Parent-Response-Time
Content-Style-Type
X-Varnish-Authentication
Content-Script-Type
LB
X-Branch-Name
HA-Ipaddr
L5d-Success-Class
NGX
X-Ah-Environment
X-Eu-Site
A
N-Cache
Ha-Gx-Prefs
X-Date
X-Amz-Meta-Cb-Modifiedtime
X-Wikidot-Static-Cache
X-Wikidot-Backend
Pics-Label
Fastly-Backend-Name
X-Owner
X-NGINX-Cache
X-CF-Lambda-Fn
X-Cache-Aspx
X-Moov-T
X-Csrf-Jwt
X-Moov-Xdn-Version
X-CF-Lambda-Version
X-Accel-Expires-Debug
X-Contensis-Viewer-Groups
Expect-Staple
X-CGP
Datacenter
X-Orig-Expires
X-Shop-Environment
Xc-Version
X-Tenant
RNT-Machine
RNT-Time
X-Cache-Type
X-Qloud-Router
X-Forwarded-Path
Cache-Key
X-Tt-Logid
X-Gamma-Serve
Yak-Timeinfo
Locid
X-AK-Request-ID
X-LB-NoCache
X-LB-ID
X-Region-Sid
Cdncip
Cdnsip
X-ND-Cache
Cdn
X-Ratelimit-Reset
PFcat
X-HN
X-Amz-Storage-Class
X-Refresh
X-VarnishDD-TTL
X-Tx-Id
X-Varnish-Hits
Cmsid
Cmstype
SID
X-VHOST
X-Wa
X-Vmg-Version
X-Servedbyhost
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-Backend-Instance
X-CDN-Cache-Status
Server-ID
X-DynaTrace-JS-Agent
CPC-Cache
CPC-Age
RATING
X-Cdn-Diag
GeoIp-Country-Code
X-Nc
Cdn-Requestid
X-Azure-Ref-OriginShield
XM
X-LAGOON
X-TX-ID
X-Api-Version
X-Nananana
X-Origin-Expires
X-Fpc
X-API-Version
X-Cache-Backend
X-Srv
X-Akamai-Transformed
X-TIME
X-Via-Fastly
CacheControlHeader
CloudFront-Viewer-Country
X-B3-Parentspanid
X-Lagoon
X-Variation
X-Hit
Resin-Trace
XkeyRZ
User-Agent
X-Nf-Request-Id
X-CACHE-AGE
Uri
X-Proxy-CacheRZ
X-Client-Ip
X-Fastly-Country-Code
X-Zone
X-URL
Cross-Origin-Opener-Policy-Report-Only
X-LiteSpeed-Tag
X-NewRelic-App-Data
X-Amz-Meta-Opti
MIME-Version
X-LiteSpeed-Cache-Control
VNS-Age
X-Info
VNS-Cache
Tcn
Cache-Name
X-MCACHE
X-UA
X-Datacenter
X-DataCenter
True-Client-IP
Lb
True-Client-Ip
X-Vc
X-HostName
X-Dynatrace-Js-Agent
DataCenter
GeoIP-Latitude
X-CSRF-TOKEN
Mime-Version
X-Geo
X-Ig-Origin-Region
X-Presslabs-Stats
X-Location
Cache-Hits
Hostname
Fusion-Component-Id
Fusion-Content-Id
X-NWS-UUID-VERIFY
Cf-Ipcountry
X-Dispatcher-Number
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Cdn-Forward
Fastly-Drupal-Html
X-B3-Spanid
Powered-By
X-Cached-By
Srv
X-Jungle-Id
Origin-EX
X-Mid
X-CUA
X-AIR-PT
Origin-CC
X-Cloudmap
X-Webkit-Csp-Report-Only
X-RID
X-Segment-20210421
X-Varnish-Beresp-TTL
X-User
X-IAuth-Set-Uid
X-CS
Debug
BehaviorPad-Version
Ohc-File-Size
X-ECache
X-FPC
Cl-Cache
X-Esi
X-Dispatch
X-Render-Time
GeoIP-Country-Code
X-Litespeed-Tag
Ohc-Cache-HIT
CDN
X-Oracle-DMS-ECID
X-NC
X-Powered-By-VTEX-Cache
X-ServedByHost
X-WA
X-VTEX-Cache-Server
X-Cache-Enabled
X-VTEX-Cache-Time
X-Wormhole-Sdk
X-Cdn-Cache-Status
Load-Balancing
Server-Id
X-Cs
CountryCode
YJS-ID
X-Auth-Group-Type
Server-Info
X-Lb-Id
Location
X-Lb-Nocache
Edge-Cache
My-App
X-Internal-Host
CF-Ctrl
X-Snapshot-Date
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Traceid
X-Fastly-Backend-Reqs
Wpo-Cache-Status
Wpo-Cache-Message
X-APP-VERSION
X-VCL-Version
X-Litespeed-Cache-Control
Ms-Author-Via
X-ID
X-Proxy-Cache-La3
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Xkeylog
CF-Cached-On
X-App
Xkey-La3
X-Cdn-Request-ID
Section-Io-Origin-Status
X-MSEdge-Flight
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
X-Ig-Push-State
X-NodeID
X-Nitro-Cache
X-Nitro-Rev
X-Nitro-Cache-From
X-Dw-Trace-Id
Time
Memory
Memcached
Odigeo-Trace-Id
X-Cache-FS-Status
X-IN-APIGATEWAY
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-IN-APIGATEWAYSSL
Ngx
Geoip-Latitude
Srvid
X-FL-EDGE
OriginIP
FSS-Cache
X-FL-QIT-DEBUG
X-Sorting-Hat-Podid
X-Cache-Version
X-Shopid
X-Sorting-Hat-Shopid
X-Shardid
X-Fastly-Cache-Hits
Akamai-Cache-Status
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-Service-Response-Time
X-Check-Cacheable
PICS-Label
X-Vgn-Hpd-Reason
Cloudfront-Viewer-Country
Sm-Log-Id
X-Web-Server
X-Serial
X-Http-Count
X-Via-PopN
X-Pad
X-Via-PopH
X-Ha-Backend
X-Te-Duration-Ms
X-Lsadc-Cache
X-Via-PopV
X-Http-Duration-Ms
X-RequestId
X-Mg-Cache
X-Udemy-Cache-App-Namespace
X-Te-Count