Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
Allow
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
EagleId
Xkey
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Cf-Railgun
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-OneAgent-JS-Injection
X-Backend-Server
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
X-Litespeed-Cache
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
Rating
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
Nginx-Cache
X-ECACHE
X-ESI
X-Upstream
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-D2id
X-Element-Page-Cache
X-Times
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Ac
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-GitHub-Request-Id
X-NF-Request-ID
X-Vcap-Request-Id
X-Ttl
X-Dw-Request-Base-Id
X-RateLimit-Remaining
AR-CACHE
X-Mg-S
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Client-IP
X-VARITI-CCR
S
X-Middleton-Display
Edge-Cache-Tag
Pagespeed
Display
X-Sol
X-Cache-Key
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
Cache-Status
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
X-Server-ID
Access-Control-Request-Method
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ARC
X-Middleton-Response
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Response
X-Content-Digest
X-Daa-Tunnel
X-TraceId
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
Front-End-Https
Origin-Trial
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Accel-Expires
X-Cached
X-Hits
X-Content-Security-Policy-Report-Only
MS-Author-Via
Public-Key-Pins
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-Fastcgi-Cache
X-HS-Cache-Config
X-Forwarded-Proto
X-FTR-Expires
Server-Node
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
Payment
X-Frontend
X-Webkit-Csp
X-LLID
Realpath
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LB-Cache
Cache-Tags
X-Hostname
X-Ratelimit-Limit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
X-RateLimit-Limit
Referer-Policy
X-B3-TraceId-Primal
X-Page-Id
Mrf-Cache-Status
MRF-Tech
X-Debug-Info
Host
X-Az
X-Activity-Id
X-AppVersion
Fastcgi-Cache
Count-Hit
X-Geo-Country
X-Cluster-Name
X-Www-Served-By
X-NGENIX-Cache
X-Varnish-Server
X-Varnish-Backend
X-Envoy-Decorator-Operation
Accept-Charset
X-Correlation-Id
X-F-Cache
X-App-Server
X-Ua-Device
X-XRDS-LOCATION
X-PressLabs-Stats
X-FB-Debug
X-Goog-Metageneration
X-Ezoic-Cdn
Retry-After
X-ORACLE-DMS-ECID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Upgrade-Enabled
X-TEC-API-ORIGIN
Access-Control-Allow-Method
X-CSRF-Token
X-Load-Cache
X-Git-Hash
TCN
X-Seen-By
X-Px
X-Varnish-Ttl
X-RateLimit-Reset
Server-Name
X-Content-Options
X-Grace
Section-Io-Cache
X-Request-Guid
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Trace-Id
X-Tt-Trace-Host
X-Type
X-Cache-Control
X-Tt-Trace-Tag
Healthy
X-B
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Cleartype
X-Oracle-Dms-Ecid
X-Datadog-Parent-Id
X-Fastly-Request-Id
Paypal-Debug-Id
X-B3-Sampled
Charset
X-Whom
X-TT
DC
X-Fastly-Request-ID
X-Fb-Rlafr
X-B-Cache
X-Signature
X-Wix-Request-Id
X-App-Environment
X-Node-Name
X-Origin-Cache
X-Air-Pt
X-Proxy
X-Azure-Ref
X-Mobile
Frame-Options
X-Magnolia-Registration
Accept-Ch
X-TTL
X-Oracle-Dms-Rid
X-Amz-Replication-Status
X-Newrelic-App-Data
X-Ratelimit-Remaining
X-Goog-Stored-Content-Encoding
X-N
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-WP-CF-Super-Cache-Cache-Control
Filterid
X-WP-CF-Super-Cache
X-Rid
X-EdgeConnect-Cache-Status
X-WebKit-CSP-Report-Only
X-Logged-In
Content-Disposition
X-Language
X-Aspnet-Duration-Ms
Backend
X-Route-Name
X-Is-Crawler
X-Flags
Akamai-GRN
X-Providence-Cookie
NGB
X-Time
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Node
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Debug-IsPreview
X-Tumblr-User
X-Unique-Id
X-Debug-IsConnected
X-Cache-Age
X-Servername
X-Varnish-Grace
Ms-Operation-Id
Viewport
X-RemovedCookies
X-Yottaa-Optimizations
X-ProcessESI
X-Datadog-Sampled
X-Tumblr-Pixel-0
SD-X-WS
X-RTag
Liferay-Portal
MS-CV
X-FW-Serve
X-NYM-Debug-Backend
X-Adobe-Content
X-Adobe-Loc
X-FW-Static
Upgrade-Insecure-Requests
X-Amzn-Remapped-Content-Length
X-UUID
X-Via-JSL
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Backend-Name
X-Instance
X-FW-Version
X-IPS-LoggedIn
X-Hl-Ver
X-FW-Type
X-Debug
X-Template
Fastly-SWR
Refresh
Fastly-SIE
X-Proxy-Cache-Info
X-Environment-Context
X-Region
X-Cacheable-TTL
X-L-Path
X-G
X-Cache-Grace
X-Kinja-CCPA
X-Device-Type
ServerID
From-Origin
X-User-Agent
X-Status
X-Cache-Hit
Country
X-Rule
X-B3-SpanId
X-App-Version
Url
X-VC-Cache
X-Webkit-CSP
X-INCAP-ABP
Countrycode
Version
X-Source
X-Jobs
Alternate-Protocol
WPO-Cache-Status
X-Cache-Status-Check
X-HTML-Minification-Powered-By
WPO-Cache-Message
X-NODE
X-Air-Trace-Id
X-Air-Source
GEO-INFO
X-Air-Hostname
X-Nginx-Cache
CDN-RequestId
X-Storage
X-Origin-TTL
X-Akamai-Request-ID2
X-WP-CF-Super-Cache-Active
X-Origin-CC
X-Content-Powered-By
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
Surrogate-Key
X-Hosted-By
SRV
X-Tec-Api-Origin
X-Tec-Api-Version
Protected
X-Page-View
X-Rocket-Nginx-Serving-Static
OT-Force-Account-Verify
X-Tec-Api-Root
X-Accel-Version
X-Real-IP
Access-Control-Request-Headers
X-VC
X-Akamai-Edgescape
X-CDN-Forward
X-Edge-Location
X-ServerID
AMP-Access-Control-Allow-Source-Origin
CF-IPCountry
X-Cache-Time
X-Framework
X-Mode
X-Use-Mantle
X-Handled-By
X-Rn-Rsrv
Filters
X-Xfnlog-Site
Meta-Geo
X-UPSTREAM-Address
Xet-Cookie
X-Rewrite-Enabled
X-Endurance-Cache-Level
X-Cache-Operation
Front
Webserver
X-Cache-Rule
Accept-Language
X-Upstream-Ct
X-Varnish-Cache-Hits
X-Upstream-Ht
Selected-Fe
X-VWS-Id
X-AWS-Id
ServedBy
Section-Io-Id
Mn-Server-Ip
X-Proxy-Build
X-Cache-Debug
X-Served-From
X-JoinUs
X-SaId
X-Detected-As
X-Soup
X-Timing-Wait
X-Origin
X-Tumblr-Pixel-3
X-Director
X-Tumblr-Pixel-2
X-LJ-Flow-ID
Cross-Origin-Embedder-Policy
Web-Mar-Node
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-BYPASS-REASON
X-Adobe-Source
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
X-Zipkin-Id
Xserver
Apigw-Requestid
X-Worker
X-Web-Node
TWC-Connection-Speed
Property-Id
Node
X-Cluster
X-Cms-Context
X-Proxied
X-PHP-Host
X-Origin-Hint
X-Routing-Service
X-ProxyCache-Key
X-Restarts
X-Redis-Cache
X-ProxyCache-Status
X-No-Session
X-Logging-Id
X-Format
X-Extlb
X-Drupal-Cache-Tags
X-SayCDN-TTL
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Say-TTL
X-Lambda-Id
X-Platform-Cluster
TWC-Privacy
X-Vcache
X-Platform-Router
X-Platform-Processor
X-IPLB-Request-ID
X-RM-Cache-TTL
X-IPLB-Instance
X-Is-Desktop
X-Is-Supported-Browser
X-Varnish-Age
X-Locale
X-Skip-Cache
X-Is-Mobile
X-GeoCode
X-Tncms
X-Tcp-Rtt
X-Drupal-Cache-Contexts
X-Site-Version
X-Forwarded-Host
X-Browser-Name
X-Varnish-Beresp-Grace
X-Geo-Region
X-AB
X-GeoCountry
X-Is-Tablet
X-Loop
X-Httpd
X-RCS-CacheZone
Azure-SlotName
Azure-SiteName
X-Webstats-RespID
Azure-InstanceId
Azure-RegionName
DB-Nickname
Azure-Version
X-S
X-TT-LOGID
X-VCT
X-Http-Reason
X-Git-Commit
X-Cache-Host
X-Tb
X-Fetched-On
X-Cache-Server
X-R9-Blue-Green-Version
X-Container-Uri
X-Reqid
X-Vercel-Cache
X-Generation-Time
X-Vercel-Id
CDN-Uid
X-Ms-Version
X-Provided-By
X-Server-W
X-Frame-Option
X-Ms-Request-Id
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
CDN-Cache
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
CDN-RequestCountryCode
CDN-RequestPullCode
X-MP-GENERATED-AT
X-Origin-Date
X-Sucuri-Cache
Fastcgi-Useragent
X-Uri
X-XRDS-Location
WP-Super-Cache
X-Sucuri-ID
X-Cdn-Origin
X-ShopId
X-Vcl-Version
Cache-Tv-Group
Source
X-Sorting-Hat-PodId
X-DynaTrace
X-ShardId
X-Sorting-Hat-ShopId
Cross-Origin-Embedder-Policy-Report-Only
Atl-Traceid
X-FB-TRIP-ID
X-Generated-By
X-Xrds-Location
Content-Secure-Policy
Priority
X-Sql-Count
X-SRV
X-Sql-Duration-Ms
Onion-Location
X-Pass-Why
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Buckets
X-Content-Age
Sid
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-CMSURLCustom
X-Scope-Id
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-Control
X-DataDome
Cross-Origin-Window-Policy
Cache
HostName
X-LSADC-Cache
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-WP-CF-Super-Cache-Cookies-Bypass
X-Proxy-Cache-Status
WZWS-RAY
X-Optimistic-Header
X-Cache-Action
X-GEO
X-Azure-Ref-OriginShield
X-Cache-Expired-At
S-Rt
Expiry
X-Via-Edge
User-Cache-Control
X-Via-SSL
X-Via-CDN
X-Connection-Hash
Edge-Copy-Time
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Magicmarker
X-External-Request-Id
X-Instance-Name
Lang
X-Epic-Correlation-Id
Origin
X-Ec-Custom-Error
X-Dispatcher-Server
Rendered-Blocks
X-Ec-Fail
X-Ec-GeoHdr
Origin-Agent-Cluster
Redirect-Candidate
L
Gannett-Cam-Experience-Id
X-ND-Cache
X-SRCache-Key
A
X-Op-Id-All
X-PAYTM-SRV-ID
X-Platform
X-Dc
Apple-News-Services-Handled
Apple-News-Services-Host
DCR-Decision-By
DCR-Processing-Time-Ms
CDCHOST
Candidate-Md5Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Req-ID
Server-Ext
X-A-Dgt
X-Cache-NE
X-A-Wwc
X-Conf
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Access
X-Cache-Bucket
X-Rojux
X-Bc-Bl
X-Bl-Debug
X-B-Cookie
X-Application
X-Aed
X-S-Cookie
X-A
X-SB
Sslversion
X-Request-Start
Surrogated-Key
Sever-Int
X-Section
Server-Host
Server-Hostname
T-Server
X-Developer
X-D
X-Scheme
Vix-Hermes-Req-Id
X-TIM-N
X-ScT
X-Destination
X-BCube-Filmed-By
Ngx-Var-Key
X-Vdms-Path
Fastly-Drupal-HTML
X-Vtex-Remote-Cache
X-Correlation-ID
X-Viewer-Country
X-Vdms-Version
X-Varnish-Hostname
X-TA-CDN-Provider
X-TimeS
X-Bip
X-Auto-Login
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Block-Status
X-VG-WebCache
X-Cache-Id
X-Request-URI
X-Clientip
X-Cache-TTL-Remaining
X-Cache-Info
X-Amz-Storage-Class
X-Rocket-Build-Number
X-AK-Request-ID
Pramga
Release
Req-Svc-Chain
PFcat
NM-Fastcgi-Cache
X-Varnishpool
X-We-Are-Hiring
Ssr
X-SD-PageType
X-Core-Value
X-VG-TLSProxy
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Hostname
V-Age
Wxu-Next-Commit
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Fetch
X-Moov-T
X-Moov-Xdn-Version
X-Pubstack
X-Mly-Id
X-Loc
X-Human
X-Level-Front-Cache
X-NCache
X-Nginx-Cache-Key
X-WA-Info
X-Pool
X-Origin-Time
X-Nyt-Route
X-NMSegId
X-Node-Id
X-Hnp-Log
X-HN
X-Esi-Check
X-Zen-Fury
X-Fastly-Cache
X-VServer
Yak-Timeinfo
Host-ID
X-Debug-Cache-Store
X-Forwarded-Site
X-Req
X-GeoIP-Region-Code
X-Gzip
X-GeoIP-Country-Code
X-Generated-On
X-Gdpr
X-Gen-Mode
X-Request-Time
Wxu-Next-Region
X-Sigma
X-Sigma-Backend
X-Varnish-Beresp-Status
Environment
X-Proxied-Request
X-TH-Server
Fastly-SSL
Fastly-GeoIP-CountryCode
Content-Style-Type
Content-Script-Type
Cdncip
C-Via
Cache-Provider
Cdnsip
X-VarnishDD-TTL
Cluster
X-Varnish-Director
X-Thanos
DSUID
X-UA-Device-Type
X-Service
X-Origin-Response-Time
X-Ua
X-FC-Vary-Parameters
X-Fmm-Version
X-Varnish-Authentication
X-Request-Host
X-PERF
X-Server-IP
X-Ad-Load-Variation
X-From
X-Region-Sid
X-GeoIP
Web-Mar-Region
X-Geo-Header
X-Device-Os
X-V-Cache
X-SVT-ORM-RULES
X-Aicache-OS
Country-Code
Mail-Subject
X-Cache-Date
Machine
X-Backend-Instance
X-Policy
Click-Count-Error
X-DPWN-IS-SECURE
X-ECache
L5d-Success-Class
We-Hiring
Locid
Is-Eu
X-ApacheServer
X-Eu-Site
Adler-Geo
Click-Count-Action-Start
W
RNT-Time
RNT-Machine
Gh-Request-Id
X-Cdn-Srv
X-Micro-Cache
X-RateLimit-Limit-Second
X-Men
X-Mvc-Supplant-Cachable
X-Mvc-Supplant-OutputCached
X-Org
Platform
X-Old-Content-Length
Producers
X-Contensis-Viewer-Groups
On-Server
Canary
X-RateLimit-Remaining-Second
X-Csrf-Jwt
X-GoCache-CacheStatus
Uber-Trace-Id
Type
Ha-Gx-Prefs
X-SVT-ORM-VERSION
X-GeoIP-City
X-CGP
Tube-Return
Tube-Got-Results
HA-Ipaddr
X-Var-Ttl
X-HS-Content-Campaign-Id
True-Client-Country-4JS
Esi-Enabled
Tube-Got-Eval
Tube-Get-Contents
X-Cache-Aspx
X-Mg-Request-UUID
X-Datadome
X-Slack-Shared-Secret-Outcome
X-Proto
X-Wikidot-Static-Cache
Cache-Key
X-Wikidot-Backend
X-Test
X-Hash
X-Lagoon
X-Edge-Server
AKAMAI
X-Fastly-Backend
X-Ratelimit-Reset
X-Sn-Servicetimems
Cdn-Request-Time
X-Slack-Backend
X-RID
Cf-Device-Type
X-Branch-Name
X-App-Name
X-Up
X-DC
Proxy-Firewall
X-VCache
Cdn-Host
XM
X-UA
X-Tx-Id
LB
X-LB-ID
X-API-Version
X-Accel-Expires-Debug
NGX
X-Origin-Expires
X-Ah-Environment
X-CacheTTL
X-Parent-Response-Time
X-Date
X-Cache-Backend
X-COUNTRY
Fastly-Backend-Name
X-Irp-Debug
X-Servedbyhost
Pics-Label
X-Varnish-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
X-Owner
X-DynaTrace-JS-Agent
X-Via-Popv
Cdn
X-Via-Popn
X-HA-Backend
X-CACHE-GROUP
X-Via-Poph
X-LB-NoCache
IsBot
X-SIPLIST1
X-Core-Mission
X-VHOST
Datacenter
X-ZONE
X-Zone
SID
NtCoent-Length
X-NGINX-Cache
Cdn-Requestid
Cache-Hits
X-Qloud-Router
X-Srv
GeoIp-Country-Code
X-Nc
X-Wa
X-CDN-Cache-Status
X-Via-Fastly
Server-ID
N-Cache
Expect-Staple
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Nananana
X-Presslabs-Stats
X-Akamai-Transformed
X-Cache-Type
X-Orig-Expires
CloudFront-Viewer-Country
GeoIP-Latitude
X-Tenant
X-Ig-Origin-Region
Cross-Origin-Opener-Policy-Report-Only
X-Forwarded-Path
Xc-Version
X-Location
X-Fpc
X-Shop-Environment
X-Cloudmap
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Resin-Trace
X-Gamma-Serve
X-Hit
DataCenter
Cmsid
X-B3-Parentspanid
Cmstype
X-TX-ID
CPC-Age
X-Nf-Request-Id
Powered-By
X-DataCenter
XkeyRZ
Uri
X-NewRelic-App-Data
CPC-Cache
X-Proxy-CacheRZ
X-Client-Ip
Origin-EX
X-Jungle-Id
User-Agent
X-CS
X-Cdn-Diag
X-URL
X-Vmg-Version
Origin-CC
X-CUA
X-Use-Magma
X-TIME
X-NWS-UUID-VERIFY
X-Info
True-Client-Ip
X-Amz-Meta-Opti
X-Tt-Logid
X-User
RATING
X-IAuth-Set-Uid
X-Segment-20210421
Mime-Version
X-Fastly-Country-Code
MIME-Version
X-Geo
True-Client-IP
X-Cached-By
X-Render-Time
Fastly-Drupal-Html
CacheControlHeader
Srv
X-CACHE-AGE
X-Variation
X-Dynatrace-Js-Agent
X-LAGOON
X-Datacenter
X-VTEX-Cache-Server
Cf-Ipcountry
X-Oracle-DMS-ECID
Load-Balancing
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-B3-Spanid
X-Cdn-Forward
Tcn
X-Webkit-Csp-Report-Only
CDN
X-Vc
X-HOST
Debug
X-Wormhole-Sdk
Edge-Cache
X-Auth-Group-Type
X-Varnish-Beresp-TTL
X-PDP-UNCACHING-HASH
X-LiteSpeed-Tag
X-LiteSpeed-Cache-Control
Ohc-File-Size
VNS-Age
X-HostName
VNS-Cache
X-Dispatch
X-CSRF-TOKEN
Cl-Cache
X-Ig-Push-State
Hostname
GeoIP-Country-Code
X-FPC
Odigeo-Trace-Id
X-NodeID
Lb
X-AIR-PT
X-MCACHE
X-Api-Version
Ohc-Cache-HIT
X-APP-VERSION
X-Cs
X-WA
X-Esi
X-Litespeed-Tag
X-Cdn-Cache-Status
Server-Id
X-Vgn-Hpd-Reason
X-NC
X-Custom-Header
X-Dispatcher-Number
X-Lb-Nocache
X-Depends
X-PHP-Backend
Cache-Name
X-Pad
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefElseHash
X-Varnish-CookieINHashed-On
X-DefHash
X-Cache-Ttl
X-M-Log
X-Via-PopV
X-Mid
X-Via-PopN
X-Fastly-Backend-Reqs
X-VC-TTL
X-ServedByHost
X-Ha-Backend
X-Via-PopH
X-M-Reqid
PICS-Label
CountryCode
X-VCL-Version
Ms-Author-Via
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Xkeylog
X-Sorting-Hat-Shopid
X-MSEdge-Features
X-Cdn-Request-ID
X-Sorting-Hat-Podid
X-Shardid
X-MSEdge-Flight
X-Shopid
X-Lb-Id
X-Proxy-Cache-La3
Xkey-La3
X-Akamai-Pragma-Client-IP
X-Cache-FS-Status
Epwk-X-Cache
OriginIP
Ngx
Memory
Memcached
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-IN-APIGATEWAY
X-Web-Server
BehaviorPad-Version
X-MiniProfiler-Ids
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
Geoip-Latitude
X-Acquia-Application-Trace
Time
X-RequestId
X-Cache-Version
X-Requestid
Warning
X-APP
Cloudfront-Viewer-Country
X-Lsadc-Cache
X-Udemy-Cache-App-Namespace
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
CF-Cached-On
X-Sucuri-Id
X-Check-Cacheable
X-Serial
X-Mg-Cache
FSS-Cache
X-Cache-Enabled
X-Dw-Trace-Id
X-Service-Response-Time
Akamai-Cache-Status