Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Vhost
Xkey
X-Rq
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
Permissions-Policy
Accept-Ch-Lifetime
X-Server-Id
X-Readtime
X-Host
X-Response-Time
Request-Id
X-Akam-SW-Version
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
X-Ruxit-JS-Agent
X-Trace
X-Cache-Lookup
Content-Location
X-Url
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Litespeed-Cache
X-Edge
X-Origin-Cache-Key
X-Mod-Pagespeed
Accept-Ch
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Midtier
X-FTR-Request-ID
Cache-Tag
Cross-Origin-Opener-Policy
X-Mcache
X-MS-InvokeApp
X-Upstream
Nginx-Cache
X-PC
X-TtlSet
X-Vname
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-D2id
X-Element-Page-Cache
Verso
X-Browser-Type
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Times
X-Server-Name
X-Ac
X-Cnection
SPIisLatency
SPRequestDuration
X-B3-TraceId
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
X-Vcap-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Ruxit-Js-Agent
X-SharePointHealthScore
SPRequestGuid
X-RateLimit-Remaining
X-Dw-Request-Base-Id
X-NF-Request-ID
X-GitHub-Request-Id
X-Ser
X-VARITI-CCR
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
AR-CACHE
S
X-Cache-Key
X-Mg-S
RTSS
X-Client-IP
X-Cache-TTL
Origin-Trial
Edge-Cache-Tag
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Webkit-Csp
X-Amzn-Trace-Id
X-Amz-Rid
Fastly-Restarts
X-Goog-Hash
X-NWS-LOG-UUID
X-Powered-CMS
X-Varnish-TTL
X-Ttl
X-Content-Security-Policy-Report-Only
X-Server-ID
X-Edge-Location-Klb
X-Version
Cache-Status
X-Kinsta-Cache
Access-Control-Request-Method
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Recruiting
X-ARC
X-Content-Digest
Arr-Disable-Session-Affinity
X-TraceId
X-SRCache-Fetch-Status
X-T
X-SRCache-Store-Status
X-MSEdge-Ref
X-Forwarded-For
X-Middleton-Response
Response
X-Ua-Device
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
TP-Cache
X-Shield-Request-Id
X-Hits
X-Cached
X-RateLimit-Limit
X-Fastcgi-Cache
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
Public-Key-Pins
X-FTR-Cache-Status
X-FTR-Expires
Server-Node
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
MS-Author-Via
X-HS-Cache-Config
X-Frontend
X-Id
Payment
Front-End-Https
X-DIS-Request-ID
X-Forwarded-Proto
X-LLID
Cross-Origin-Resource-Policy
X-GUploader-UploadID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-WebKit-CSP-Report-Only
Cache-Tags
X-Daa-Tunnel
TP-L2-Cache
X-LB-Cache
Realpath
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kinja-CCPA
X-ORACLE-DMS-RID
X-Protected-By
X-Origin-Server
X-Distributor
X-TTL
Count-Hit
X-Microsite
X-Request-Handler-Origin-Region
X-FastCGI-Cache
X-Page-Id
X-F-Cache
X-Activity-Id
X-PressLabs-Stats
X-Cluster-Name
Mrf-Cache-Status
MRF-Tech
X-Www-Served-By
X-AppVersion
X-Az
X-NGENIX-Cache
X-B3-TraceId-Primal
X-Varnish-Backend
Accept-Charset
X-Geo-Country
Referer-Policy
X-Hostname
X-Debug-Info
X-App-Server
X-Envoy-Decorator-Operation
X-Kong-Upstream-Latency
X-Goog-Metageneration
Fastcgi-Cache
X-FB-Debug
X-Varnish-Server
Host
X-Kong-Proxy-Latency
X-ORACLE-DMS-ECID
X-Rid
X-Correlation-Id
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
X-XRDS-LOCATION
Retry-After
Server-Name
X-Tt-Trace-Tag
X-Px
X-Content-Options
X-Fastly-Request-ID
X-Tt-Trace-Host
X-Load-Cache
DC
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Flags
X-Route-Name
X-Providence-Cookie
X-Origin-Cache
X-Contextid
X-Request-Guid
X-Revision
X-CSRF-Token
X-B-Cache
X-Oracle-Dms-Ecid
X-B3-Sampled
X-Trace-Id
X-App-Environment
X-Signature
X-Type
X-Grace
Charset
X-Cache-Control
Cleartype
Paypal-Debug-Id
X-Mobile
X-B
X-Datadog-Sampling-Priority
X-Upgrade-Enabled
X-TEC-API-VERSION
X-TEC-API-ROOT
X-ASPNET-VERSION
X-Datadog-Trace-Id
X-TEC-API-ORIGIN
X-Datadog-Parent-Id
X-TT
X-Amz-Meta-S3cmd-Attrs
X-Fb-Rlafr
X-Seen-By
Section-Io-Cache
X-Language
X-Ezoic-Cdn
Frame-Options
X-Ratelimit-Limit
X-Amz-Replication-Status
TCN
X-Goog-Generation
X-Logged-In
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Whom
X-Wix-Request-Id
Filterid
X-Magnolia-Registration
Healthy
X-EdgeConnect-Cache-Status
X-Node-Name
X-Oracle-Dms-Rid
X-Newrelic-App-Data
X-Azure-Ref
X-App-Version
X-N
Content-Disposition
X-Proxy
Backend
X-Fastly-Request-Id
X-Varnish-Ttl
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
Refresh
NGB
X-Proxy-Cache-Info
X-Air-Pt
X-Original-Request-Id
X-Response-Served-From
X-Rendered-As
X-Is-Bot
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Page-View
X-Tumblr-User
SD-X-WS
X-Unique-Id
X-Tumblr-Pixel
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Servername
X-Tumblr-Pixel-0
Viewport
X-RTag
X-Instance
X-Varnish-Grace
Liferay-Portal
X-Amzn-Remapped-Content-Length
MS-CV
X-Datadog-Sampled
X-ProcessESI
Url
Ms-Operation-Id
X-RemovedCookies
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-B3-SpanId
X-FW-Serve
X-FW-Dynamic
X-Debug-IsPreview
X-Debug-IsConnected
Fastly-SWR
Fastly-SIE
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-FW-Server
X-FW-Hash
X-Ratelimit-Remaining
X-Region
X-FW-Static
X-IPS-LoggedIn
X-User-Agent
X-FW-Type
X-FW-Version
X-UUID
X-Cache-Grace
X-Debug
X-L-Path
X-NYM-Debug-Backend
X-Environment-Context
X-Jobs
X-Device-Type
Country
X-G
X-Rule
X-Cache-Hit
From-Origin
X-Status
X-Hl-Ver
X-Backend-Name
X-Hosted-By
Surrogate-Key
X-Air-Hostname
X-Air-Trace-Id
ServerID
X-Webkit-CSP
X-Air-Source
X-Cache-Age
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Time
X-Content-Powered-By
X-Http-Reason
X-VC-Cache
Protected
Alternate-Protocol
X-Origin-TTL
X-Cache-Status-Check
X-Akamai-Request-ID2
X-Origin-CC
X-XRDS-Location
X-NODE
Countrycode
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
WPO-Cache-Status
X-CCDN-CacheTTL
WPO-Cache-Message
X-HTML-Minification-Powered-By
Version
X-B3-Traceid
X-Via-JSL
X-INCAP-ABP
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
X-Framework
X-CDN-Forward
SRV
X-Nginx-Cache
GEO-INFO
CF-IPCountry
X-Edge-Location
X-Storage
X-WP-CF-Super-Cache-Active
X-Cache-Rule
Front
X-Source
Access-Control-Request-Headers
X-Accel-Version
X-Httpd
X-Mode
CDN-RequestId
X-Use-Mantle
X-Endurance-Cache-Level
Accept-Language
X-Cache-Operation
X-Rn-Rsrv
X-Xfnlog-Site
Filters
X-Real-IP
Meta-Geo
Xet-Cookie
X-UPSTREAM-Address
X-Rewrite-Enabled
X-VC
Webserver
OT-Force-Account-Verify
X-Upstream-Ct
X-Upstream-Ht
Selected-Fe
X-Detected-As
X-Soup
X-Served-From
X-SaId
X-Cache-Debug
X-Director
X-Tumblr-Pixel-3
X-JoinUs
X-Timing-Wait
X-Tumblr-Pixel-2
X-Proxy-Build
X-Say-Cacheable
X-Varnish-Age
X-SayCDN-TTL
X-Sql-Duration-Ms
X-Tncms
X-Loop
X-ProxyCache-Status
X-ProxyCache-Key
X-Cms-Context
X-Redis-Cache
X-Cache-Time
X-Lambda-Id
X-Say-TTL
X-Worker
X-Varnish-Cache-Hits
X-Sql-Count
X-Handled-By
X-BYPASS-REASON
ServedBy
X-Labrador-Cache-Channel
X-RM-Cache-TTL
Property-Id
Azure-Version
Azure-RegionName
Apigw-Requestid
Azure-SiteName
Azure-SlotName
DB-Nickname
X-S
TWC-GeoIP-LatLong
X-Adobe-Source
Webcakes-Region
X-Restarts
X-Format
X-GeoCountry
X-GeoCode
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
Web-Mar-Node
TWC-Connection-Speed
Azure-InstanceId
X-No-Session
X-Logging-Id
AMP-Access-Control-Allow-Source-Origin
X-Origin-Hint
X-PHP-Host
X-Varnish-Beresp-Grace
Xserver
X-Skip-Cache
X-Server-W
X-VWS-Id
X-IPLB-Instance
X-IPLB-Request-ID
X-Fetched-On
X-Generation-Time
X-LJ-Flow-ID
X-Git-Commit
X-Container-Uri
Mn-Server-Ip
X-AWS-Id
X-DynaTrace
X-Cache-Server
X-VCT
X-Cache-Host
X-RCS-CacheZone
X-Cluster
X-Vercel-Id
X-Geo-Region
X-Is-Mobile
X-Is-Supported-Browser
X-Ms-Version
X-COUNTRY
X-Browser-Name
X-Frame-Option
X-ServerID
X-Routing-Service
X-AB
X-Origin
X-Tcp-Rtt
X-Extlb
X-Zipkin-Id
X-Provided-By
X-Reqid
X-Is-Desktop
X-Vercel-Cache
X-Is-Tablet
Node
X-Proxied
X-Ms-Request-Id
X-Forwarded-Host
Cache-Tv-Group
X-Tb
X-R9-Blue-Green-Version
X-Uri
Section-Io-Id
X-Locale
X-Site-Version
X-FB-TRIP-ID
Priority
X-Platform-Cluster
X-Platform-Processor
X-Web-Node
X-Platform-Router
Content-Secure-Policy
X-Vcache
Cross-Origin-Embedder-Policy
X-MP-GENERATED-AT
Fastcgi-Useragent
Source
X-Webstats-RespID
X-Vcl-Version
WP-Super-Cache
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
WZWS-RAY
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-Uid
CDN-PullZone
CDN-RequestPullSuccess
CDN-Cache
Onion-Location
CDN-EdgeStorageId
CDN-CachedAt
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Origin-Date
X-Content-Age
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
S-Rt
X-Generated-By
X-ShardId
X-Sorting-Hat-PodId
X-Ua
X-ShopId
X-Sorting-Hat-ShopId
X-Newrelic-Synthetics
X-Sucuri-Cache
X-SRV
X-Varnish-Beresp-Ttl
X-Pass-Why
X-Cluster-Node
X-Sucuri-ID
X-Buckets
Sid
X-Cdn-Origin
X-Proxy-Cache-Status
X-Cache-Action
X-TT-LOGID
Cross-Origin-Window-Policy
X-Correlation-ID
X-Mg-Request-UUID
X-Cache-Expired-At
X-VCache
X-Xrds-Location
X-CMSURLCustom
X-Shield-Cache-Expires
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Cross-Origin-Embedder-Policy-Report-Only
X-Scope-Id
X-Thinkindot-L3
Cache
X-LSADC-Cache
Fastly-Drupal-HTML
X-Datadome
X-DataDome
X-Request-URI
HostName
X-Aspnetmvc-Version
X-Optimistic-Header
X-Epic-Correlation-Id
X-External-Request-Id
Meta-Geo-Continent
Environment
X-Conf
X-D
X-Cache-NE
X-A
X-Bl-Debug
X-Cache-Bucket
DCR-Processing-Time-Ms
DCR-Decision-By
X-Ec-Custom-Error
X-Ec-Fail
T-Server
X-Developer
X-Vdms-Version
X-Destination
X-Ec-GeoHdr
Type
Candidate-Md5Url
X-Rojux
X-S-Cookie
Lang
Origin-Agent-Cluster
X-Application
Surrogated-Key
X-TIM-N
CDCHOST
X-SRCache-Key
MD5-Digest
Ngx.Var.Host
Ngx-Var-Key
X-Viewer-Country
Origin
X-Scheme
X-ScT
X-A-Dcw
Redirect-Candidate
X-PAYTM-SRV-ID
X-A-Dam
Gannett-Cam-Experience-Id
X-A-Wwc
X-A-Ccd
X-Vdms-Path
X-A-Dgt
Sslversion
X-BCube-Filmed-By
Rendered-Blocks
X-Aed
X-Vtex-Remote-Cache
X-B-Cookie
X-Bc-Bl
X-WP-CF-Super-Cache-Cookies-Bypass
X-Via-CDN
Edge-Copy-Time
X-TimeS
Atl-Traceid
X-GEO
X-Via-Edge
X-Via-SSL
Sever-Int
Magicmarker
Pramga
L
Host-ID
Fastly-GeoIP-CountryCode
Fastly-SSL
Req-ID
Req-Svc-Chain
Ssr
V-Age
Server-Hostname
Server-Host
Server-Ext
Vix-Hermes-Req-Id
X-Dispatcher-Server
X-Request-Time
X-Request-Start
X-Rocket-Build-Number
X-SB
X-SD-PageType
X-Req
X-Pubstack
X-Origin-Time
X-Platform
X-Pool
X-Proxied-Request
X-Section
X-Server-IP
X-Varnish-Hostname
X-Varnish-Director
X-Varnishpool
X-VG-TLSProxy
X-VG-WebCache
X-Varnish-Beresp-Status
X-Up
X-Sigma
X-Sigma-Backend
X-TH-Server
X-Thanos
X-Op-Id-All
X-Nyt-Route
X-Debug-Cache-Fetch
X-Core-Value
X-Debug-Cache-Store
X-Fastly-Cache
X-Forwarded-Site
X-Cache-Info
X-Bip
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Gdpr
X-Generated-On
X-Men
X-Mly-Id
X-VServer
X-Node-Id
X-Level-Front-Cache
X-We-Are-Hiring
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Human
X-Instance-Name
X-Access
Release
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-TA-CDN-Provider
User-Cache-Control
X-Service
Uber-Trace-Id
X-Mvc-Supplant-OutputCached
Tube-Return
Tube-Got-Results
X-Mvc-Supplant-Cachable
X-SVT-ORM-VERSION
Web-Mar-Region
We-Hiring
X-Policy
Tube-Got-Eval
X-Core-Mission
Adler-Geo
X-RateLimit-Limit-Second
X-SVT-ORM-RULES
X-Cache-TTL-Remaining
X-Esi-Check
X-Cache-Id
X-Org
True-Client-Country-4JS
Wxu-Next-Commit
Wxu-Next-Hostname
X-Old-Content-Length
X-Zen-Fury
X-Auto-Login
DSUID
X-Micro-Cache
X-HS-Content-Campaign-Id
X-RateLimit-Remaining-Second
X-Block-Status
X-Loc
X-ApacheServer
Esi-Enabled
X-V-Cache
X-DPWN-IS-SECURE
Wxu-Next-Region
X-Clientip
X-Hash
X-Hnp-Log
X-Ad-Load-Variation
X-Irp-Debug
X-Cache-Date
Tube-Get-Contents
X-From
X-Gzip
X-FC-Vary-Parameters
NM-Fastcgi-Cache
On-Server
Gh-Request-Id
X-Origin-Response-Time
X-Fmm-Version
X-Nginx-Cache-Key
Click-Count-Error
Machine
Mail-Subject
Click-Count-Action-Start
Is-Eu
X-NCache
Country-Code
Canary
X-Fastly-Backend
C-Via
X-Var-Ttl
X-Geo-Header
X-PERF
X-WA-Info
Cache-Provider
X-NMSegId
X-Gen-Mode
Platform
Producers
X-DC
X-Slack-Shared-Secret-Outcome
X-App-Name
X-Cdn-Srv
X-UA-Device-Type
Cluster
X-GeoIP
X-CacheTTL
X-Via-Popv
IsBot
X-Slack-Backend
X-ZONE
X-Device-Os
X-HA-Backend
Pics-Label
X-Proto
Cdn-Host
X-SIPLIST1
Proxy-Firewall
AKAMAI
X-Request-Host
X-Edge-Server
X-Via-Poph
Cdn-Request-Time
W
X-Via-Popn
X-Test
Cf-Device-Type
X-GeoIP-City
X-GoCache-CacheStatus
Expiry
X-Dc
X-Connection-Hash
X-Tt-Logid
X-Parent-Response-Time
X-Csrf-Jwt
X-Date
X-Owner
X-Wikidot-Static-Cache
X-Eu-Site
X-Branch-Name
X-Contensis-Viewer-Groups
X-Cache-Aspx
NGX
LB
X-Moov-T
Content-Script-Type
X-Moov-Xdn-Version
N-Cache
L5d-Success-Class
Fastly-Backend-Name
Expect-Staple
X-Wikidot-Backend
X-Sn-Servicetimems
HA-Ipaddr
Ha-Gx-Prefs
Content-Style-Type
X-Varnish-Authentication
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-CGP
X-Accel-Expires-Debug
X-Amz-Meta-Cb-Modifiedtime
X-Ah-Environment
A
Datacenter
X-Cache-Type
X-LB-NoCache
X-Qloud-Router
Xc-Version
X-Orig-Expires
RNT-Time
RNT-Machine
X-Tenant
X-Forwarded-Path
X-Shop-Environment
Cache-Key
Cdnsip
Locid
Cdncip
X-ND-Cache
Yak-Timeinfo
Cdn-Requestid
X-Region-Sid
X-Gamma-Serve
X-AK-Request-ID
X-LB-ID
X-NGINX-Cache
X-Ratelimit-Reset
Cdn
X-HN
Cmsid
X-Tx-Id
Server-ID
PFcat
Cmstype
X-Amz-Storage-Class
X-Varnish-Hits
X-Refresh
X-VarnishDD-TTL
X-VHOST
SID
X-Vmg-Version
RATING
X-Backend-Instance
X-Servedbyhost
X-Cdn-Diag
CPC-Age
NtCoent-Length
X-CDN-Cache-Status
X-Wa
GeoIp-Country-Code
CPC-Cache
X-Nc
X-DynaTrace-JS-Agent
X-Azure-Ref-OriginShield
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
XM
X-LAGOON
X-Api-Version
X-TX-ID
X-API-Version
X-Nananana
CloudFront-Viewer-Country
X-Cache-Backend
X-Fpc
X-TIME
X-Akamai-Transformed
CacheControlHeader
X-Via-Fastly
X-Origin-Expires
Resin-Trace
X-Variation
X-Lagoon
X-B3-Parentspanid
X-Hit
Tcn
User-Agent
XkeyRZ
X-Proxy-CacheRZ
X-CACHE-AGE
Uri
X-Nf-Request-Id
X-Client-Ip
X-URL
X-LiteSpeed-Tag
X-Fastly-Country-Code
X-Zone
X-NewRelic-App-Data
X-LiteSpeed-Cache-Control
Cross-Origin-Opener-Policy-Report-Only
X-Datacenter
X-Amz-Meta-Opti
VNS-Cache
VNS-Age
X-Info
MIME-Version
True-Client-Ip
Cache-Name
X-UA
X-Geo
X-MCACHE
Lb
DataCenter
X-HostName
X-Dynatrace-Js-Agent
X-Vc
X-Ig-Origin-Region
True-Client-IP
X-Location
X-Presslabs-Stats
X-DataCenter
X-CSRF-TOKEN
GeoIP-Latitude
Mime-Version
Hostname
Cache-Hits
X-AIR-PT
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-NWS-UUID-VERIFY
Fusion-Content-Id
Fusion-Template-Id
X-Dispatcher-Number
X-B3-Spanid
Fastly-Drupal-Html
Powered-By
X-Cached-By
Origin-EX
Origin-CC
X-Mid
X-CUA
X-Cloudmap
X-Jungle-Id
Cf-Ipcountry
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-IAuth-Set-Uid
X-User
X-Segment-20210421
X-CS
Srv
Ohc-File-Size
Debug
BehaviorPad-Version
X-ECache
X-Varnish-Beresp-TTL
X-FPC
X-Render-Time
X-Esi
Cl-Cache
X-Dispatch
GeoIP-Country-Code
CDN
X-Litespeed-Tag
Ohc-Cache-HIT
X-WA
X-Oracle-DMS-ECID
X-RID
X-NC
X-ServedByHost
X-Cs
X-Powered-By-VTEX-Cache
Load-Balancing
X-VTEX-Cache-Time
X-Cdn-Cache-Status
X-Wormhole-Sdk
X-Cache-Enabled
X-VTEX-Cache-Server
CountryCode
Edge-Cache
X-Auth-Group-Type
Server-Info
Server-Id
YJS-ID
My-App
X-Lb-Id
Location
X-Fastly-Backend-Reqs
X-Traceid
X-Snapshot-Date
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
CF-Ctrl
X-Internal-Host
X-Lb-Nocache
X-VCL-Version
X-ID
Ms-Author-Via
X-Litespeed-Cache-Control
Wpo-Cache-Message
Wpo-Cache-Status
Xkey-La3
Xkeylog
X-Nitro-Rev
X-Ig-Push-State
X-Nitro-Cache
X-App
X-Proxy-Cache-La3
CF-Cached-On
Section-Origin-Responded
X-Nitro-Cache-From
Section-Io-Origin-Status
X-MiniProfiler-Ids
X-MSEdge-Flight
X-MSEdge-Features
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
X-NodeID
Section-Io-Origin-Time-Seconds
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Acquia-Site
X-Acquia-Purge-Tags
OriginIP
Memcached
Time
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Memory
Srvid
Odigeo-Trace-Id
X-Cache-FS-Status
X-FL-EDGE
X-FL-QIT-DEBUG
X-APP-VERSION
FSS-Cache
Geoip-Latitude
Ngx
X-Sorting-Hat-Shopid
X-Shardid
X-Cache-Version
X-Shopid
X-Sorting-Hat-Podid
X-Pad
Akamai-Cache-Status
X-Http-Duration-Ms
X-Http-Count
X-Vgn-Hpd-Reason
X-Mg-Cache
X-Ha-Backend
X-Udemy-Cache-App-Namespace
X-Fastly-Cache-Hits
X-Via-PopV
X-RequestId
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-Th-Server
X-Via-PopN
X-Via-PopH
X-Service-Response-Time
X-Web-Server
X-Te-Duration-Ms
X-Serial
X-Check-Cacheable
X-Lsadc-Cache
Sm-Log-Id
X-Te-Count