Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Request-Id
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
P3p
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
X-Request-ID
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Allow
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
EagleId
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
Permissions-Policy
X-Backend-Server
X-Server-Id
X-Litespeed-Cache
X-Readtime
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
X-Vname
X-TtlSet
Nginx-Cache
X-PC
X-ECACHE
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
X-Cnection
X-Element-Page-Cache
Verso
X-Times
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Ac
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
X-B3-TraceId
X-NWS-LOG-UUID
X-SharePointHealthScore
SPRequestGuid
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-NF-Request-ID
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
AR-CACHE
Pinterest-Version
X-Ttl
Pinterest-Generated-By
X-Pinterest-Rid
X-Mg-S
X-VARITI-CCR
S
X-Client-IP
X-Sol
Display
Pagespeed
X-Middleton-Display
Edge-Cache-Tag
X-Cache-Key
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Cache-Status
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
X-Goog-Hash
Access-Control-Request-Method
X-Server-ID
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Varnish-TTL
X-ARC
Response
X-Middleton-Response
X-Content-Digest
X-TraceId
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
Origin-Trial
X-Daa-Tunnel
X-MSEdge-Ref
Content-MD5
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
TP-Cache
X-Accel-Expires
Front-End-Https
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Content-Security-Policy-Report-Only
X-Cached
X-Hits
MS-Author-Via
Public-Key-Pins
X-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-Fastcgi-Cache
X-HS-Hub-Id
X-HS-Cache-Config
Server-Node
X-Ua-Browser
X-HS-Combine-CSS
X-HS-Content-Id
X-FTR-Expires
X-Forwarded-Proto
X-Request-Processing-Time
X-DIS-Request-ID
X-Request-Received
Payment
X-Frontend
X-Webkit-Csp
X-LLID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Realpath
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-ORACLE-DMS-RID
X-Distributor
X-FastCGI-Cache
X-LB-Cache
Cache-Tags
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Ratelimit-Limit
X-Origin-Server
X-Microsite
X-Request-Handler-Origin-Region
X-Kong-Upstream-Latency
X-RateLimit-Limit
X-Kong-Proxy-Latency
Referer-Policy
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Hostname
X-Page-Id
MRF-Tech
X-Az
Count-Hit
X-AppVersion
X-Activity-Id
X-Debug-Info
X-NGENIX-Cache
X-Www-Served-By
Host
X-Cluster-Name
Fastcgi-Cache
X-Varnish-Server
X-Varnish-Backend
X-Correlation-Id
Accept-Charset
X-Envoy-Decorator-Operation
X-F-Cache
X-App-Server
X-Geo-Country
X-ORACLE-DMS-ECID
X-Ua-Device
X-XRDS-LOCATION
X-FB-Debug
X-Goog-Metageneration
X-PressLabs-Stats
Retry-After
X-Ezoic-Cdn
Access-Control-Allow-Method
X-Upgrade-Enabled
X-CSRF-Token
X-Git-Hash
X-Load-Cache
X-Fastly-Request-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Seen-By
X-Content-Options
X-Varnish-Ttl
X-TTL
X-RateLimit-Reset
Server-Name
X-Px
Section-Io-Cache
X-Contextid
TCN
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Request-Guid
X-Datadog-Trace-Id
X-Revision
X-Type
X-Oracle-Dms-Ecid
X-Tt-Trace-Tag
X-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Tt-Trace-Host
X-Cache-Control
X-Grace
Charset
X-B
Cleartype
Paypal-Debug-Id
Healthy
X-B3-Sampled
X-TT
X-Whom
DC
X-Signature
X-Fb-Rlafr
X-B-Cache
X-Wix-Request-Id
X-App-Environment
X-Newrelic-App-Data
X-Node-Name
X-Origin-Cache
X-Proxy
Frame-Options
X-Mobile
Accept-Ch
X-Magnolia-Registration
X-Amz-Replication-Status
X-Azure-Ref
X-Rid
X-Oracle-Dms-Rid
X-Air-Pt
X-Ratelimit-Remaining
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Fastly-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-N
X-WebKit-CSP-Report-Only
X-EdgeConnect-Cache-Status
Filterid
X-WP-CF-Super-Cache-Cache-Control
X-Logged-In
X-WP-CF-Super-Cache
X-Language
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Is-Crawler
X-Kinja-CCPA
Content-Disposition
Akamai-GRN
Backend
NGB
X-Time
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Response-Served-From
X-Template
X-Rendered-As
X-Is-Bot
X-Yottaa-Metrics
X-ProcessESI
X-Cache-Age
X-Unique-Id
X-Datadog-Sampled
Upgrade-Insecure-Requests
X-Varnish-Grace
X-Tumblr-User
X-Yottaa-Optimizations
X-Debug-IsConnected
SD-X-WS
X-RTag
Liferay-Portal
MS-CV
X-Debug-IsPreview
Viewport
X-Tumblr-Pixel-1
X-RemovedCookies
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Servername
Ms-Operation-Id
X-Adobe-Loc
X-Adobe-Content
X-FW-Version
X-UUID
Refresh
X-IPS-LoggedIn
X-Instance
X-Amzn-Remapped-Content-Length
X-Proxy-Cache-Info
X-FW-Type
X-Debug
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-NYM-Debug-Backend
X-FW-Static
X-App-Version
Fastly-SIE
X-Environment-Context
X-Hcs-Proxy-Type
Fastly-SWR
X-L-Path
X-Cacheable-TTL
X-Cache-Grace
X-G
X-Hl-Ver
X-Region
X-Backend-Name
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Via-JSL
X-User-Agent
X-Device-Type
From-Origin
X-Status
Country
X-Cache-Hit
ServerID
X-Rule
X-B3-SpanId
Url
X-VC-Cache
X-Jobs
X-INCAP-ABP
X-Webkit-CSP
Countrycode
WPO-Cache-Status
Alternate-Protocol
Version
WPO-Cache-Message
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-Source
X-Origin-TTL
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Origin-CC
X-NODE
X-Page-View
GEO-INFO
Surrogate-Key
X-Akamai-Request-ID2
X-Nginx-Cache
X-Hosted-By
CDN-RequestId
X-Content-Powered-By
X-Storage
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Active
X-Rocket-Nginx-Serving-Static
Protected
SRV
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Accel-Version
OT-Force-Account-Verify
X-Akamai-Edgescape
X-Real-IP
Access-Control-Request-Headers
X-VC
X-CDN-Forward
X-Edge-Location
X-Framework
AMP-Access-Control-Allow-Source-Origin
CF-IPCountry
X-ServerID
X-Cache-Time
X-Use-Mantle
X-Cache-Rule
X-Mode
Front
X-UPSTREAM-Address
X-Upstream-Ct
X-Xfnlog-Site
X-Rn-Rsrv
X-Upstream-Ht
Webserver
Accept-Language
Meta-Geo
X-Cache-Operation
X-Rewrite-Enabled
Filters
X-Http-Reason
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Mn-Server-Ip
X-SaId
X-Varnish-Cache-Hits
Xet-Cookie
Cross-Origin-Embedder-Policy
X-Timing-Wait
Section-Io-Id
X-Served-From
X-Soup
Selected-Fe
ServedBy
X-Handled-By
X-JoinUs
X-LJ-Flow-ID
X-Director
X-AWS-Id
X-Origin
X-VWS-Id
X-Proxy-Build
X-Detected-As
X-Cache-Debug
X-Origin-Hint
X-No-Session
X-Labrador-Cache-Channel
Apigw-Requestid
X-Lambda-Id
X-Cluster
X-Format
Node
X-Extlb
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Endurance-Cache-Level
X-Adobe-Source
X-Cms-Context
X-BYPASS-REASON
Web-Mar-Node
TWC-Privacy
TWC-Connection-Speed
X-PHP-Host
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
X-Logging-Id
X-Web-Node
X-Proxied
X-Worker
X-Zipkin-Id
X-Vcache
X-Httpd
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
Xserver
X-Routing-Service
X-Redis-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-Restarts
X-Tcp-Rtt
X-Tncms
X-Platform-Router
X-Skip-Cache
X-Platform-Processor
X-Site-Version
X-Varnish-Beresp-Grace
X-Drupal-Cache-Tags
X-Browser-Name
X-TT-LOGID
X-VCT
X-AB
X-Platform-Cluster
X-Varnish-Age
X-Forwarded-Host
Azure-InstanceId
X-RCS-CacheZone
Azure-RegionName
Azure-SiteName
X-S
X-Is-Mobile
X-Locale
X-RM-Cache-TTL
X-Is-Tablet
X-Is-Supported-Browser
Azure-SlotName
Azure-Version
X-GeoCountry
X-GeoCode
X-Geo-Region
DB-Nickname
X-Loop
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
X-Webstats-RespID
X-Container-Uri
X-R9-Blue-Green-Version
X-Reqid
X-Vercel-Cache
X-Fetched-On
X-Server-W
X-Tb
X-Generation-Time
X-Vercel-Id
X-Drupal-Cache-Contexts
X-Git-Commit
X-Cache-Host
X-Cache-Server
X-Frame-Option
X-Provided-By
X-Ms-Version
X-Ms-Request-Id
CDN-EdgeStorageId
X-MP-GENERATED-AT
CDN-Cache
CDN-PullZone
CDN-RequestPullSuccess
CDN-Uid
X-Storefront-Renderer-Rendered
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-CachedAt
X-Alternate-Cache-Key
X-Shopify-Stage
X-Uri
X-Origin-Date
X-DynaTrace
X-XRDS-Location
X-Sucuri-Cache
WP-Super-Cache
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
Fastcgi-Useragent
Source
Cache-Tv-Group
X-Sucuri-ID
X-Vcl-Version
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Origin
Content-Secure-Policy
X-FB-TRIP-ID
X-Xrds-Location
X-Sql-Duration-Ms
X-Sql-Count
X-Generated-By
Priority
Onion-Location
Atl-Traceid
X-Pass-Why
X-Urbn-Site-Id
Locale
X-SRV
X-Urbn-Context-Path
X-Buckets
X-Content-Age
Sid
X-DataDome
Thinkindot-Control
Thinkindot-CacheControl-Type
X-CMSURLCustom
TDXMobile
X-Thinkindot-L3
Thinkindot-CacheControl
X-Shield-Cache-Expires
X-Scope-Id
HostName
Cache
Cross-Origin-Window-Policy
WZWS-RAY
X-Newrelic-Synthetics
X-LSADC-Cache
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
S-Rt
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Action
X-Optimistic-Header
X-Cache-Expired-At
X-TA-CDN-Provider
X-Via-Edge
X-Via-CDN
Edge-Copy-Time
X-GEO
X-Via-SSL
X-Connection-Hash
Expiry
User-Cache-Control
Lang
L
CDCHOST
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
A
Candidate-Md5Url
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
DCR-Processing-Time-Ms
DCR-Decision-By
Gannett-Cam-Experience-Id
X-Request-Start
X-B-Cookie
X-Bc-Bl
X-Application
X-Aed
X-A-Wwc
X-Access
X-BCube-Filmed-By
X-Bl-Debug
Redirect-Candidate
X-Conf
X-Cache-NE
Rendered-Blocks
X-Cache-Bucket
Req-ID
X-A-Dgt
Sslversion
Surrogated-Key
Sever-Int
Server-Hostname
Server-Host
T-Server
Vix-Hermes-Req-Id
X-A-Dam
X-A-Dcw
Server-Ext
X-A-Ccd
X-A
X-D
X-Destination
X-SB
X-Scheme
Meta-Geo-Continent
X-S-Cookie
X-Rojux
X-ScT
X-Section
Magicmarker
X-Varnish-Hostname
X-TIM-N
MD5-Digest
X-SRCache-Key
Ngx-Var-Key
Ngx.Var.Host
X-Ec-Fail
X-Ec-GeoHdr
X-Ec-Custom-Error
X-Dispatcher-Server
X-Developer
X-Epic-Correlation-Id
X-External-Request-Id
X-Platform
Origin-Agent-Cluster
X-PAYTM-SRV-ID
X-Op-Id-All
X-Instance-Name
X-Vdms-Path
Origin
X-Correlation-ID
X-Ua
Fastly-Drupal-HTML
X-TimeS
X-Dc
X-NCache
Ssr
Wxu-Next-Hostname
X-Moov-Xdn-Version
X-Moov-T
Fastly-SSL
X-Mly-Id
Host-ID
X-Nginx-Cache-Key
X-Branch-Name
X-Origin-Time
Content-Style-Type
Req-Svc-Chain
X-Nyt-Route
DSUID
X-Loc
X-NMSegId
X-Node-Id
Environment
Fastly-GeoIP-CountryCode
X-Human
X-Fastly-Cache
X-Clientip
X-Forwarded-Site
NM-Fastcgi-Cache
X-Esi-Check
Pramga
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Release
X-Core-Value
X-Gdpr
X-Gen-Mode
X-Gzip
X-Hnp-Log
X-Cache-Id
X-Block-Status
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Generated-On
X-Cache-TTL-Remaining
X-Cache-Info
X-Level-Front-Cache
Content-Script-Type
X-Varnish-Beresp-Status
X-Varnish-Director
X-Varnishpool
X-Azure-Ref-OriginShield
X-AK-Request-ID
X-UA-Device-Type
V-Age
X-TH-Server
X-Bip
X-VG-TLSProxy
X-VG-WebCache
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
X-ND-Cache
Wxu-Next-Commit
Yak-Timeinfo
X-Zen-Fury
X-VServer
X-WA-Info
X-We-Are-Hiring
X-Amz-Meta-Cb-Modifiedtime
X-Thanos
X-B3-Trace-ID
Cdncip
X-Sigma-Backend
X-Req
Type
Cdnsip
X-BBC-Edge-Cache-Status
Cluster
X-Pool
X-Proxied-Request
X-Pubstack
X-Request-Time
X-Auto-Login
X-Request-URI
X-SD-PageType
X-Sigma
X-Rocket-Build-Number
C-Via
Cache-Provider
X-Origin-Response-Time
X-Service
X-Csrf-Jwt
X-ApacheServer
X-CGP
X-Cache-Date
X-ECache
X-Ad-Load-Variation
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-Aicache-OS
X-Cdn-Srv
X-Mvc-Supplant-Cachable
X-Server-IP
X-SVT-ORM-RULES
X-Request-Host
X-Region-Sid
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SVT-ORM-VERSION
X-V-Cache
X-HN
X-VarnishDD-TTL
X-Amz-Storage-Class
PFcat
X-Var-Ttl
X-Varnish-Authentication
X-Policy
X-PERF
X-From
X-Geo-Header
X-Fmm-Version
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Eu-Site
X-GeoIP
X-GeoIP-City
X-Old-Content-Length
X-Org
X-Mvc-Supplant-OutputCached
X-Micro-Cache
X-HS-Content-Campaign-Id
X-Men
X-Device-Os
X-GoCache-CacheStatus
Country-Code
Esi-Enabled
Gh-Request-Id
Ha-Gx-Prefs
True-Client-Country-4JS
Click-Count-Error
Tube-Got-Eval
RNT-Machine
Tube-Get-Contents
HA-Ipaddr
Is-Eu
Platform
Producers
X-Mg-Request-UUID
RNT-Time
On-Server
Mail-Subject
L5d-Success-Class
Locid
Machine
Tube-Got-Results
Click-Count-Action-Start
Uber-Trace-Id
Web-Mar-Region
Adler-Geo
We-Hiring
Canary
W
Tube-Return
X-Datadome
X-VCache
X-Edge-Server
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Fastly-Backend
Cf-Device-Type
X-Backend-Instance
X-Ratelimit-Reset
X-Up
Proxy-Firewall
Cdn-Host
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Cache-Key
Cdn-Request-Time
AKAMAI
X-Proto
X-Hash
X-Test
X-Sn-Servicetimems
X-DC
X-App-Name
X-Tx-Id
X-Parent-Response-Time
X-Irp-Debug
X-CacheTTL
X-Ah-Environment
X-LB-ID
Fastly-Backend-Name
XM
X-Accel-Expires-Debug
X-Date
Pics-Label
X-Lagoon
LB
X-Owner
X-Varnish-Hits
X-Origin-Expires
X-API-Version
X-Cache-Backend
X-Servedbyhost
X-COUNTRY
NGX
X-UA
IsBot
X-ZONE
X-HA-Backend
X-SIPLIST1
X-Via-Popn
X-Via-Popv
X-Core-Mission
X-Tb-Optimization-Total-Bytes-Saved
Cdn
X-DynaTrace-JS-Agent
X-Via-Poph
X-CACHE-GROUP
X-RID
X-Refresh
X-LB-NoCache
X-VHOST
Datacenter
RATING
X-Qloud-Router
NtCoent-Length
SID
Cdn-Requestid
X-Use-Magma
X-NGINX-Cache
X-Nc
GeoIp-Country-Code
X-CDN-Cache-Status
Expect-Staple
N-Cache
X-Wa
X-CF-Lambda-Fn
X-CF-Lambda-Version
Server-ID
X-Srv
X-Zone
CloudFront-Viewer-Country
Xc-Version
X-Orig-Expires
X-Cache-Type
X-Via-Fastly
X-Tenant
Cache-Hits
X-Nananana
X-Forwarded-Path
X-Shop-Environment
X-Presslabs-Stats
Cross-Origin-Opener-Policy-Report-Only
Cmsid
Cmstype
X-Fpc
X-Gamma-Serve
GeoIP-Latitude
X-Akamai-Transformed
X-Location
X-Hit
X-B3-Parentspanid
X-Ig-Origin-Region
DataCenter
CPC-Cache
CPC-Age
X-TX-ID
Fusion-Content-Id
X-Proxy-CacheRZ
X-Cloudmap
XkeyRZ
Resin-Trace
Fusion-Content-Source
Fusion-Template-Id
Uri
Fusion-Deployment-Id
Fusion-Source
X-Nf-Request-Id
X-Vmg-Version
X-Cdn-Diag
Fusion-Component-Id
User-Agent
X-Client-Ip
Powered-By
X-CS
X-DataCenter
X-URL
X-Amz-Meta-Opti
X-TIME
X-Tt-Logid
Origin-CC
Origin-EX
X-Jungle-Id
X-CUA
X-Info
True-Client-Ip
Tcn
X-Fastly-Country-Code
X-User
X-NWS-UUID-VERIFY
X-Variation
CacheControlHeader
Mime-Version
X-IAuth-Set-Uid
MIME-Version
X-LAGOON
X-NewRelic-App-Data
X-HostName
X-Segment-20210421
X-CACHE-AGE
X-Cached-By
X-Geo
Fastly-Drupal-Html
X-Datacenter
True-Client-IP
X-Dynatrace-Js-Agent
Srv
X-Render-Time
Load-Balancing
Cf-Ipcountry
X-Webkit-Csp-Report-Only
X-B3-Spanid
CDN
X-Cdn-Forward
Debug
X-Powered-By-VTEX-Cache
VNS-Cache
X-Vc
X-HOST
X-LiteSpeed-Tag
VNS-Age
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wormhole-Sdk
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
X-Auth-Group-Type
Edge-Cache
Ohc-File-Size
X-Api-Version
Lb
X-AIR-PT
X-Dispatch
Hostname
X-CSRF-TOKEN
Cl-Cache
Ohc-Cache-HIT
X-MCACHE
X-Dispatcher-Number
X-Ig-Push-State
X-FPC
GeoIP-Country-Code
X-NC
X-Cdn-Cache-Status
Odigeo-Trace-Id
X-Esi
Cache-Name
Server-Id
X-NodeID
X-WA
X-APP-VERSION
X-Vgn-Hpd-Reason
X-Oracle-DMS-ECID
X-Cs
X-Custom-Header
X-Lb-Nocache
X-Litespeed-Tag
X-Depends
X-Mid
X-PHP-Backend
X-Cache-Ttl
X-Pad
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Fastly-Backend-Reqs
X-Varnish-CookieHashed-On
X-Via-PopV
X-Via-PopH
X-DefHash
CountryCode
X-Via-PopN
X-Ha-Backend
X-ServedByHost
X-DefElseHash
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-VCL-Version
X-Srcache-Store-Status
Ms-Author-Via
X-Web-Server
X-VC-TTL
X-Lb-Id
PICS-Label
X-M-Log
X-Cdn-Request-ID
X-M-Reqid
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-La3
X-RequestId
Xkey-La3
Ngx
X-MSEdge-Flight
BehaviorPad-Version
X-MSEdge-Features
Xkeylog
X-MiniProfiler-Ids
X-Cache-Enabled
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Memcached
FSS-Cache
Memory
X-Snapshot-Date
X-Acquia-Purge-Tags
Time
X-IN-APIGATEWAYSSL
OriginIP
X-Acquia-Site
X-IN-APIGATEWAY
X-Shardid
X-Cache-Version
X-Shopid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-FL-EDGE
Epwk-X-Cache
X-FL-QIT-DEBUG
X-Cache-FS-Status
Warning
Server-Info
X-App
Srvid
X-PDP-UNCACHING-HASH
Location
X-Th-Server
Sm-Log-Id
X-Mg-Cache
X-Dw-Trace-Id
X-Check-Cacheable
X-Service-Response-Time
X-Serial
X-Udemy-Cache-App-Namespace
Geoip-Latitude
CF-Cached-On
X-Lsadc-Cache
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-Cache-Status
YJS-ID