Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Drupal-Cache
X-Cache-Status
Accept-CH-Lifetime
CF-Ray
X-Ua-Compatible
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
Allow
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Device
X-LiteSpeed-Cache
EagleEye-TraceId
X-Dns-Prefetch-Control
X-WebKit-CSP
Permissions-Policy
X-CST
X-Aws-Lambda-Call-Status
X-OneAgent-JS-Injection
X-Backend-Server
X-Readtime
X-Host
X-Response-Time
X-Server-Id
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Cache-Lookup
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Url
X-Ruxit-JS-Agent
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Accept-Ch-Lifetime
X-Origin-Cache-Key
X-Rack-Cache
Cache-Tag
X-Edge
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
Rating
X-FTR-Request-ID
X-Midtier
X-TtlSet
X-Vname
X-PC
X-Mcache
Nginx-Cache
X-Mod-Pagespeed
X-MS-InvokeApp
X-ECACHE
X-ESI
X-Upstream
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-NWS-LOG-UUID
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Ruxit-Js-Agent
X-Ac
SPRequestDuration
SPIisLatency
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-Ser
SPRequestGuid
X-SharePointHealthScore
X-GitHub-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-B3-TraceId
X-Ttl
X-RateLimit-Remaining
X-Vcap-Request-Id
X-NF-Request-ID
AR-CACHE
X-Mg-S
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Server-ID
S
Edge-Cache-Tag
Pagespeed
X-Client-IP
Display
X-Sol
X-Middleton-Display
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Recruiting
X-Daa-Tunnel
X-Middleton-Response
Response
X-ARC
X-Content-Digest
X-Forwarded-For
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-TraceId
X-Varnish-TTL
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Content-MD5
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
Cross-Origin-Resource-Policy
TP-Cache
Front-End-Https
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-Accel-Expires
X-Hits
X-Cached
Public-Key-Pins
X-Country-Code-Real
X-Content-Security-Policy-Report-Only
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Id
X-FTR-Expires
X-HS-Cache-Config
Server-Node
X-Ua-Browser
Origin-Trial
X-Request-Processing-Time
X-Request-Received
X-Forwarded-Proto
X-DIS-Request-ID
Payment
X-FastCGI-Cache
X-Frontend
X-Webkit-Csp
Realpath
X-LLID
X-Protected-By
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Fastcgi-Cache
X-Distributor
X-Hostname
TP-L2-Cache
X-ORACLE-DMS-RID
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LB-Cache
Cache-Tags
X-Ratelimit-Limit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Microsite
X-Request-Handler-Origin-Region
X-RateLimit-Limit
X-Origin-Server
X-Debug-Info
Referer-Policy
X-Page-Id
Host
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Az
X-Activity-Id
X-AppVersion
X-Geo-Country
X-NGENIX-Cache
X-Www-Served-By
X-Envoy-Decorator-Operation
Count-Hit
X-Cluster-Name
Fastcgi-Cache
X-Varnish-Backend
X-Varnish-Server
Accept-Charset
X-Correlation-Id
X-F-Cache
X-App-Server
X-Ua-Device
X-PressLabs-Stats
X-XRDS-LOCATION
X-Varnish-Ttl
Retry-After
X-FB-Debug
X-Ezoic-Cdn
X-Goog-Metageneration
TCN
X-Load-Cache
X-ORACLE-DMS-ECID
X-Upgrade-Enabled
X-CSRF-Token
X-Fastly-Request-ID
Access-Control-Allow-Method
X-Git-Hash
X-Webkit-CSP
X-Px
X-Seen-By
X-RateLimit-Reset
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Contextid
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Tt-Trace-Tag
Cleartype
X-Content-Options
X-Revision
X-Tt-Trace-Host
X-Request-Guid
Section-Io-Cache
X-Datadog-Sampling-Priority
X-Trace-Id
X-Datadog-Trace-Id
X-Cache-Control
X-Datadog-Parent-Id
X-Grace
X-Type
X-Oracle-Dms-Ecid
X-B
Charset
X-Whom
X-TT
Healthy
X-B3-Sampled
Paypal-Debug-Id
DC
X-Fb-Rlafr
X-B-Cache
X-Signature
X-Wix-Request-Id
X-Azure-Ref
X-App-Environment
X-Proxy
X-Node-Name
X-Air-Pt
X-Origin-Cache
X-Mobile
X-Magnolia-Registration
Accept-Ch
X-Fastly-Request-Id
Frame-Options
X-Oracle-Dms-Rid
X-TTL
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-Newrelic-App-Data
X-EdgeConnect-Cache-Status
X-N
Filterid
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-WebKit-CSP-Report-Only
X-Logged-In
Content-Disposition
X-Rid
X-CCDN-Origin-Time
Backend
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Time
NGB
Akamai-GRN
X-Language
VIX-Pulpo-Node
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
Viewport
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel-1
X-RTag
X-Debug-IsConnected
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Datadog-Sampled
X-Flags
SD-X-WS
X-Debug-IsPreview
X-Yottaa-Metrics
X-ProcessESI
MS-CV
X-Tumblr-Pixel-0
Liferay-Portal
X-Cache-Age
X-Tumblr-User
X-Unique-Id
X-Servername
X-RemovedCookies
X-Hl-Ver
X-Yottaa-Optimizations
Ms-Operation-Id
X-Varnish-Grace
X-Route-Name
X-Tumblr-Pixel
X-Is-Crawler
X-Adobe-Content
X-Adobe-Loc
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-Backend-Name
X-UUID
Upgrade-Insecure-Requests
X-IPS-LoggedIn
X-Debug
X-FW-Version
X-Amzn-Remapped-Content-Length
X-Instance
Fastly-SWR
Fastly-SIE
X-Via-JSL
X-Environment-Context
X-Template
X-L-Path
X-NYM-Debug-Backend
X-Cacheable-TTL
X-G
X-Cache-Grace
From-Origin
X-Proxy-Cache-Info
X-Device-Type
X-Region
X-B3-Traceid
X-User-Agent
Refresh
ServerID
X-Cache-Hit
X-Rule
Country
X-Status
X-VC-Cache
Url
X-INCAP-ABP
X-B3-SpanId
Countrycode
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Source
X-App-Version
Version
X-Jobs
Alternate-Protocol
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-NODE
GEO-INFO
X-Kinja-CCPA
X-Nginx-Cache
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Storage
CDN-RequestId
WPO-Cache-Message
WPO-Cache-Status
X-Akamai-Request-ID2
X-WP-CF-Super-Cache-Active
Amp-Access-Control-Allow-Source-Origin
OT-Force-Account-Verify
X-Origin-CC
SRV
X-Content-Powered-By
X-Origin-TTL
Surrogate-Key
X-Hosted-By
X-Rocket-Nginx-Serving-Static
X-Real-IP
Protected
X-Accel-Version
Access-Control-Request-Headers
X-VC
X-Page-View
X-CDN-Forward
X-ServerID
X-Cache-Time
CF-IPCountry
X-Akamai-Edgescape
AMP-Access-Control-Allow-Source-Origin
X-Endurance-Cache-Level
X-Edge-Location
X-Mode
X-Use-Mantle
X-Handled-By
X-Framework
X-Cache-Operation
X-Cache-Rule
Xet-Cookie
X-Xfnlog-Site
Filters
Webserver
X-Rewrite-Enabled
X-Rn-Rsrv
X-Upstream-Ct
X-Upstream-Ht
Meta-Geo
X-UPSTREAM-Address
X-Proxy-Build
X-Tumblr-Pixel-2
X-Timing-Wait
X-Soup
X-Served-From
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-VWS-Id
X-SaId
X-Origin
X-AWS-Id
ServedBy
Selected-Fe
Section-Io-Id
X-Cache-Debug
X-Detected-As
X-LJ-Flow-ID
X-JoinUs
X-Director
Accept-Language
Cross-Origin-Embedder-Policy
Front
X-Vcache
X-No-Session
X-Cluster
X-Origin-Hint
X-PHP-Host
TWC-Connection-Speed
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxied
X-Logging-Id
X-Cms-Context
Property-Id
Node
Mn-Server-Ip
X-BYPASS-REASON
X-Extlb
X-Lambda-Id
X-Labrador-Cache-Channel
X-Drupal-Cache-Tags
X-Redis-Cache
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Version
Webcakes-App-Name
X-Zipkin-Id
X-Web-Node
X-Adobe-Source
X-Webstats-RespID
X-Worker
Web-Mar-Node
Webcakes-Region
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Routing-Service
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Geo-Region
X-GeoCountry
X-GeoCode
X-Format
DB-Nickname
X-Drupal-Cache-Contexts
X-AB
X-Restarts
X-Browser-Name
Apigw-Requestid
X-RM-Cache-TTL
X-S
X-RCS-CacheZone
X-Loop
X-Is-Tablet
X-Site-Version
X-Skip-Cache
X-Varnish-Beresp-Grace
X-VCT
X-Varnish-Age
X-Tncms
X-Tcp-Rtt
X-Is-Supported-Browser
X-Locale
Azure-Version
X-Is-Mobile
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Httpd
X-Vercel-Cache
X-Vercel-Id
X-R9-Blue-Green-Version
X-Fetched-On
X-Reqid
X-Forwarded-Host
X-Tb
X-Generation-Time
X-Cache-Server
X-Sucuri-Cache
CDN-Uid
CDN-CachedAt
CDN-Cache
Xserver
X-Frame-Option
X-Cache-Host
CDN-RequestPullCode
CDN-EdgeStorageId
X-Git-Commit
CDN-RequestCountryCode
X-Container-Uri
X-Provided-By
CDN-RequestPullSuccess
CDN-PullZone
X-Ms-Request-Id
X-Ms-Version
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Origin-Date
X-Shopify-Stage
X-Sucuri-ID
X-Server-W
Fastcgi-Useragent
X-TT-LOGID
WP-Super-Cache
X-Uri
X-ShopId
X-Sorting-Hat-ShopId
X-Http-Reason
X-Sorting-Hat-PodId
X-ShardId
X-XRDS-Location
X-MP-GENERATED-AT
Atl-Traceid
X-Cdn-Origin
Cache-Tv-Group
Cross-Origin-Embedder-Policy-Report-Only
Source
X-Generated-By
X-Xrds-Location
X-Vcl-Version
X-DynaTrace
Sid
Content-Secure-Policy
X-FB-TRIP-ID
X-Pass-Why
Priority
X-Buckets
Onion-Location
Thinkindot-Control
Locale
X-CMSURLCustom
X-Shield-Cache-Expires
X-Scope-Id
X-Thinkindot-L3
Thinkindot-CacheControl-Type
TDXMobile
X-Urbn-Context-Path
Cross-Origin-Window-Policy
Thinkindot-CacheControl
X-Urbn-Site-Id
X-Content-Age
X-Sql-Duration-Ms
X-Sql-Count
Cache
X-DataDome
X-LSADC-Cache
X-SRV
HostName
X-Azure-Ref-OriginShield
X-Varnish-Beresp-Ttl
X-Optimistic-Header
X-Proxy-Cache-Status
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cluster-Node
X-TA-CDN-Provider
WZWS-RAY
X-GEO
X-Cache-Action
X-RID
X-Connection-Hash
User-Cache-Control
Expiry
X-Request-URI
DCR-Processing-Time-Ms
DCR-Decision-By
Candidate-Md5Url
A
Lang
Magicmarker
Gannett-Cam-Experience-Id
Meta-Geo-Continent
MD5-Digest
X-A-Dam
X-Instance-Name
X-External-Request-Id
X-ND-Cache
X-Op-Id-All
X-PAYTM-SRV-ID
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
X-Destination
X-Dispatcher-Server
X-Ec-Custom-Error
X-Ec-Fail
X-Platform
X-Request-Start
X-Vdms-Path
X-Varnish-Hostname
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-TIM-N
X-SRCache-Key
X-S-Cookie
X-Rojux
X-SB
X-Scheme
X-ScT
X-D
X-Conf
Sever-Int
Server-Hostname
Sslversion
Surrogated-Key
T-Server
Server-Host
Server-Ext
Origin
Ngx.Var.Host
Origin-Agent-Cluster
Redirect-Candidate
Rendered-Blocks
Vix-Hermes-Req-Id
X-A
X-BCube-Filmed-By
X-Bc-Bl
X-Bl-Debug
X-Cache-Bucket
X-Cache-NE
X-B-Cookie
X-Application
X-A-Dcw
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Aed
Ngx-Var-Key
Req-ID
X-Dc
X-Correlation-ID
Fastly-Drupal-HTML
X-Newrelic-Synthetics
X-Via-CDN
S-Rt
X-TimeS
Edge-Copy-Time
X-Via-Edge
X-Cache-Expired-At
X-Via-SSL
L
X-Forwarded-Site
X-GeoIP-Region-Code
Locid
X-Gen-Mode
X-Generated-On
X-Gzip
X-Gdpr
X-GeoIP-Country-Code
X-Hnp-Log
X-Mly-Id
Wxu-Next-Hostname
Content-Style-Type
Content-Script-Type
X-NCache
Environment
X-Loc
NM-Fastcgi-Cache
X-Human
Fastly-GeoIP-CountryCode
X-Level-Front-Cache
Host-ID
X-Debug-Cache-Store
X-B3-Trace-ID
X-Auto-Login
X-BBC-Edge-Cache-Status
Ssr
X-Bip
X-Amz-Storage-Class
X-Amz-Meta-Cb-Modifiedtime
X-Acquia-Purge-Cdn-Unconfigured
X-Access
Wxu-Next-Commit
V-Age
X-AK-Request-ID
X-Block-Status
X-Cache-Id
X-Nginx-Cache-Key
X-Core-Value
X-Debug-Cache-Fetch
Wxu-Next-Region
X-Esi-Check
Pramga
X-Clientip
X-Cache-Info
Req-Svc-Chain
X-Cache-TTL-Remaining
Release
X-Fastly-Cache
DSUID
Apple-News-Services-Handled
X-Varnish-Director
X-Varnish-Beresp-Status
X-Req
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Proxied-Request
C-Via
X-Pubstack
X-UA-Device-Type
Cluster
X-Sigma
X-Sigma-Backend
X-TH-Server
X-Section
X-SD-PageType
X-Thanos
X-Request-Time
X-Rocket-Build-Number
X-Varnishpool
Apple-News-Services-Request-Url
X-Pool
Yak-Timeinfo
X-VServer
Cdncip
X-Zen-Fury
X-We-Are-Hiring
X-WA-Info
Cdnsip
X-Nyt-Route
X-Origin-Time
X-NMSegId
X-VG-TLSProxy
X-Node-Id
X-VG-WebCache
CDCHOST
X-Service
X-Origin-Response-Time
X-UA
X-Cache-Aspx
Fastly-SSL
X-Cache-Date
X-Branch-Name
X-V-Cache
X-ApacheServer
X-SVT-ORM-VERSION
X-Aicache-OS
X-VarnishDD-TTL
X-Backend-Instance
X-Var-Ttl
X-Varnish-Authentication
X-Ad-Load-Variation
X-DPWN-IS-SECURE
X-PERF
X-HS-Content-Campaign-Id
X-HN
X-Policy
X-GoCache-CacheStatus
X-Org
X-Men
X-Moov-Xdn-Version
X-Mvc-Supplant-Cachable
X-Moov-T
X-Micro-Cache
X-Old-Content-Length
X-GeoIP
X-Geo-Header
X-Device-Os
X-Request-Host
X-Contensis-Viewer-Groups
X-Server-IP
X-Cdn-Srv
X-Region-Sid
X-FC-Vary-Parameters
X-RateLimit-Limit-Second
X-From
X-RateLimit-Remaining-Second
X-Fmm-Version
X-SVT-ORM-RULES
X-GeoIP-City
Platform
PFcat
Adler-Geo
Cache-Provider
Web-Mar-Region
RNT-Machine
Tube-Get-Contents
X-ECache
RNT-Time
Canary
On-Server
Esi-Enabled
Is-Eu
Gh-Request-Id
Machine
Mail-Subject
Click-Count-Action-Start
Click-Count-Error
Country-Code
Tube-Got-Eval
Producers
Tube-Return
Uber-Trace-Id
We-Hiring
Tube-Got-Results
X-Datadome
LB
X-Ua
X-API-Version
X-Edge-Server
X-Proto
AKAMAI
X-DC
X-Mg-Request-UUID
X-Wikidot-Static-Cache
X-Eu-Site
Cache-Key
X-Fastly-Backend
XM
X-Mvc-Supplant-OutputCached
X-Ratelimit-Reset
L5d-Success-Class
HA-Ipaddr
W
Cf-Device-Type
Ha-Gx-Prefs
X-Csrf-Jwt
Cdn-Host
Cdn-Request-Time
X-Hash
X-Origin-Expires
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Test
X-App-Name
X-Wikidot-Backend
True-Client-Country-4JS
X-Lagoon
Type
X-Up
Proxy-Firewall
X-CGP
X-Tx-Id
X-VCache
X-Ah-Environment
X-Accel-Expires-Debug
X-Date
NGX
X-Parent-Response-Time
X-Cache-Backend
X-LB-ID
Fastly-Backend-Name
X-CacheTTL
X-Servedbyhost
X-Varnish-Hits
X-COUNTRY
X-Via-Popn
Pics-Label
X-Via-Poph
X-Irp-Debug
X-DynaTrace-JS-Agent
X-Via-Popv
X-HA-Backend
Cdn
X-CACHE-GROUP
X-Tb-Optimization-Total-Bytes-Saved
X-Nf-Request-Id
Cache-Hits
X-Refresh
X-Owner
NtCoent-Length
X-LB-NoCache
X-Srv
X-ZONE
Datacenter
X-VHOST
X-Via-Fastly
X-Zone
X-SIPLIST1
X-Core-Mission
IsBot
X-NGINX-Cache
Cdn-Requestid
Server-ID
X-Wa
X-Nc
GeoIp-Country-Code
X-CDN-Cache-Status
X-Qloud-Router
X-Cloudmap
SID
X-Location
X-Ig-Origin-Region
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
N-Cache
GeoIP-Latitude
Fusion-Template-Id
Expect-Staple
Cross-Origin-Opener-Policy-Report-Only
Fusion-Content-Id
X-Fpc
X-CF-Lambda-Version
X-CF-Lambda-Fn
Fusion-Source
X-Akamai-Transformed
Resin-Trace
X-Shop-Environment
X-Tenant
X-Cache-Type
DataCenter
X-B3-Parentspanid
Xc-Version
Powered-By
X-Orig-Expires
X-Nananana
X-Forwarded-Path
CloudFront-Viewer-Country
X-Hit
X-Tt-Logid
X-TX-ID
Cmsid
Cmstype
Uri
X-NWS-UUID-VERIFY
X-NewRelic-App-Data
Origin-CC
Origin-EX
X-Jungle-Id
X-Gamma-Serve
X-Proxy-CacheRZ
X-CUA
XkeyRZ
X-Client-Ip
X-CS
X-URL
CPC-Cache
X-Presslabs-Stats
X-User
X-DataCenter
CPC-Age
True-Client-Ip
X-Amz-Meta-Opti
X-Vmg-Version
X-Info
X-PDP-UNCACHING-HASH
User-Agent
X-Cdn-Diag
X-TIME
X-Segment-20210421
X-IAuth-Set-Uid
X-B3-Spanid
MIME-Version
Mime-Version
X-Render-Time
X-Cached-By
X-LiteSpeed-Tag
X-Fastly-Country-Code
X-CACHE-AGE
True-Client-IP
X-LAGOON
Debug
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-Wormhole-Sdk
X-VTEX-Cache-Time
Fastly-Drupal-Html
X-Geo
X-Dynatrace-Js-Agent
Cf-Ipcountry
Srv
CacheControlHeader
Edge-Cache
CDN
X-Datacenter
Load-Balancing
X-Variation
X-Oracle-DMS-ECID
X-Auth-Group-Type
X-HOST
X-Cdn-Forward
X-Dispatch
X-Vc
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
Ohc-File-Size
X-Ig-Push-State
X-Use-Magma
X-Webkit-Csp-Report-Only
Cl-Cache
Odigeo-Trace-Id
Hostname
X-CSRF-TOKEN
X-Cs
VNS-Age
VNS-Cache
X-AIR-PT
Tcn
X-APP-VERSION
X-NodeID
X-MCACHE
X-Custom-Header
X-FPC
X-Vgn-Hpd-Reason
GeoIP-Country-Code
Ohc-Cache-HIT
X-WA
X-Depends
X-NC
Server-Id
RATING
X-PHP-Backend
X-Esi
X-Cdn-Cache-Status
X-HostName
X-Pad
Lb
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-DefElseHash
X-Dispatcher-Number
X-Lb-Nocache
X-VC-TTL
X-M-Log
X-VCL-Version
X-M-Reqid
X-Api-Version
X-Cache-Ttl
X-Litespeed-Tag
X-ServedByHost
Cache-Name
X-Ha-Backend
X-Via-PopV
X-Fastly-Backend-Reqs
X-Via-PopN
CountryCode
X-Via-PopH
PICS-Label
X-Litespeed-Cache-Control
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Cache-FS-Status
X-Proxy-Cache-La3
X-Cdn-Request-ID
Xkey-La3
X-Mid
Geoip-Latitude
X-MSEdge-Features
Xkeylog
X-MSEdge-Flight
X-Lb-Id
Epwk-X-Cache
X-APP
Cloudfront-Viewer-Country
X-Snapshot-Date
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Web-Server
X-RequestId
Ngx
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
Memcached
OriginIP
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Memory
Time
X-Acquia-Site
X-Cache-Version
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-App
X-Requestid
BehaviorPad-Version
Warning
X-Dw-Trace-Id
X-Th-Server
Sm-Log-Id
X-Check-Cacheable
X-Serial
X-Service-Response-Time
Akamai-Cache-Status
X-Mg-Cache
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Udemy-Cache-App-Namespace
CF-Cached-On