Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
X-Adblock-Key
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Ua-Compatible
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Vhost
Xkey
X-Rq
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Cf-Apo-Via
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Swift-SaveTime
X-Swift-CacheTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Trace
Content-Location
X-Url
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Litespeed-Cache
X-Edge
X-Origin-Cache-Key
X-Mod-Pagespeed
Accept-Ch
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
Cache-Tag
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Mcache
X-MS-InvokeApp
Nginx-Cache
X-Upstream
X-PC
X-TtlSet
X-Vname
X-Powered-By-Plesk
Rating
X-ESI
Edge-Control
X-Browser-Type
X-D2id
X-Element-Page-Cache
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
Verso
X-Times
X-Server-Name
X-Cnection
X-Ac
SPRequestDuration
SPIisLatency
X-B3-TraceId
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
X-Vcap-Request-Id
X-Navigation-Version
X-Ruxit-Js-Agent
X-Abt-Application-Version
SPRequestGuid
X-SharePointHealthScore
X-RateLimit-Remaining
X-NF-Request-ID
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-Ser
X-VARITI-CCR
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
AR-CACHE
S
X-Cache-Key
X-Mg-S
RTSS
X-Cache-TTL
Origin-Trial
X-Client-IP
Display
Pagespeed
X-Sol
X-Middleton-Display
Edge-Cache-Tag
X-Webkit-Csp
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Goog-Hash
X-NWS-LOG-UUID
X-Powered-CMS
X-Ttl
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Server-ID
X-Erf-Bev-Bev
Cache-Status
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-ARC
X-Recruiting
X-Content-Digest
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TraceId
X-T
X-MSEdge-Ref
X-Forwarded-For
Response
X-Middleton-Response
X-Ua-Device
Content-MD5
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Shield-Request-Id
X-Hits
X-Cached
X-RateLimit-Limit
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
Public-Key-Pins
X-FTR-Expires
X-Request-Processing-Time
X-Id
X-Request-Received
Server-Node
Payment
X-HS-Content-Id
X-Ua-Browser
X-HS-Hub-Id
MS-Author-Via
X-HS-Combine-CSS
X-HS-Cache-Config
X-Frontend
Front-End-Https
X-DIS-Request-ID
Cross-Origin-Resource-Policy
X-LLID
X-Forwarded-Proto
X-GUploader-UploadID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-FastCGI-Cache
X-Fastcgi-Cache
X-WebKit-CSP-Report-Only
X-Daa-Tunnel
TP-L2-Cache
X-LB-Cache
Cache-Tags
Realpath
X-Kinja-CCPA
X-Amz-Apigw-Id
X-ORACLE-DMS-RID
X-Amzn-RequestId
X-Protected-By
X-Origin-Server
X-Distributor
Count-Hit
X-TTL
X-Microsite
X-Request-Handler-Origin-Region
X-Page-Id
X-F-Cache
X-Www-Served-By
X-NGENIX-Cache
X-Az
MRF-Tech
X-Activity-Id
Mrf-Cache-Status
X-AppVersion
X-PressLabs-Stats
X-Cluster-Name
X-B3-TraceId-Primal
Accept-Charset
X-Varnish-Backend
Referer-Policy
X-Geo-Country
X-Correlation-Id
X-App-Server
X-Debug-Info
X-Envoy-Decorator-Operation
X-Varnish-Server
X-FB-Debug
X-Kong-Upstream-Latency
X-Goog-Metageneration
Fastcgi-Cache
X-Kong-Proxy-Latency
Host
X-ORACLE-DMS-ECID
X-Hostname
Access-Control-Allow-Method
X-Git-Hash
X-Rid
X-RateLimit-Reset
X-XRDS-LOCATION
Retry-After
Server-Name
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Content-Options
X-Tt-Trace-Tag
X-Px
X-Tt-Trace-Host
X-Fastly-Request-ID
X-Load-Cache
DC
X-Route-Name
X-Request-Guid
X-Origin-Cache
X-Flags
X-Contextid
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Revision
X-B3-Sampled
X-CSRF-Token
X-App-Environment
X-Oracle-Dms-Ecid
X-Trace-Id
X-Grace
X-Signature
X-B-Cache
X-Type
Paypal-Debug-Id
X-Mobile
Cleartype
X-Cache-Control
X-Upgrade-Enabled
X-Datadog-Parent-Id
X-TT
Charset
X-Datadog-Sampling-Priority
X-B
X-ASPNET-VERSION
X-Datadog-Trace-Id
X-Fb-Rlafr
X-Amz-Meta-S3cmd-Attrs
Section-Io-Cache
X-Language
X-Seen-By
Frame-Options
X-Amz-Replication-Status
X-Ezoic-Cdn
X-Ratelimit-Limit
TCN
X-Whom
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Logged-In
X-Goog-Generation
X-Goog-Storage-Class
X-Magnolia-Registration
X-Wix-Request-Id
Filterid
Healthy
X-Node-Name
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Rid
X-Newrelic-App-Data
X-Azure-Ref
X-App-Version
Content-Disposition
X-N
X-Proxy
Backend
X-Fastly-Request-Id
X-Varnish-Ttl
Akamai-GRN
X-Template
Upgrade-Insecure-Requests
NGB
Refresh
X-Air-Pt
X-Proxy-Cache-Info
X-Original-Request-Id
X-Response-Served-From
X-Rendered-As
X-Is-Bot
X-Unique-Id
X-Yottaa-Optimizations
X-Servername
X-RemovedCookies
X-Tumblr-Pixel
SD-X-WS
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Page-View
X-B3-SpanId
X-Tumblr-Pixel-0
X-Tumblr-User
X-ProcessESI
Liferay-Portal
X-Varnish-Grace
MS-CV
Ms-Operation-Id
X-Debug-IsPreview
X-Adobe-Content
Viewport
X-Adobe-Loc
X-WP-CF-Super-Cache-Cache-Control
X-RTag
X-Instance
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache
X-Debug-IsConnected
Url
X-Datadog-Sampled
X-Cache-Grace
X-FW-Hash
Fastly-SWR
VIX-Pulpo-Upstream-Status
X-Debug
X-FW-Dynamic
VIX-Pulpo-Node
X-Cacheable-TTL
Fastly-SIE
X-FW-Type
X-Region
X-G
X-IPS-LoggedIn
X-FW-Version
X-Ratelimit-Remaining
X-User-Agent
X-FW-Serve
X-FW-Server
X-FW-Static
X-UUID
X-NYM-Debug-Backend
X-Jobs
X-Environment-Context
X-Device-Type
X-L-Path
From-Origin
X-Rule
Country
X-Cache-Hit
X-Status
X-Hosted-By
X-Hl-Ver
X-Backend-Name
Surrogate-Key
ServerID
X-Webkit-CSP
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Cache-Age
X-Content-Powered-By
X-Http-Reason
X-Time
Alternate-Protocol
Protected
X-Cache-Status-Check
X-VC-Cache
X-Akamai-Request-ID2
Amp-Access-Control-Allow-Source-Origin
X-Origin-CC
Countrycode
X-XRDS-Location
X-NODE
X-Origin-TTL
WPO-Cache-Status
WPO-Cache-Message
X-Hcs-Proxy-Type
X-Use-Magma
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Version
X-B3-Traceid
X-HTML-Minification-Powered-By
X-INCAP-ABP
X-Akamai-Edgescape
X-Via-JSL
X-Rocket-Nginx-Serving-Static
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
SRV
X-CDN-Forward
X-Framework
GEO-INFO
CDN-RequestId
X-Edge-Location
Front
X-Source
X-Storage
X-Cache-Rule
X-WP-CF-Super-Cache-Active
Access-Control-Request-Headers
X-Accel-Version
CF-IPCountry
X-Nginx-Cache
X-Mode
X-Httpd
X-Endurance-Cache-Level
X-Use-Mantle
X-VC
X-UPSTREAM-Address
X-Upstream-Ct
Filters
X-Upstream-Ht
Webserver
Meta-Geo
X-Xfnlog-Site
Accept-Language
X-Real-IP
OT-Force-Account-Verify
Xet-Cookie
X-Cache-Operation
X-Rewrite-Enabled
X-Rn-Rsrv
X-Tumblr-Pixel-2
X-Cache-Debug
Selected-Fe
X-SaId
X-Timing-Wait
X-Proxy-Build
X-Detected-As
X-Soup
X-JoinUs
X-Served-From
X-Director
X-Tumblr-Pixel-3
X-ProxyCache-Key
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-Cache-Time
X-Handled-By
X-Tncms
X-Sql-Duration-Ms
X-Cms-Context
X-Sql-Count
X-Say-Cacheable
X-Say-TTL
X-Worker
X-BYPASS-REASON
X-Lambda-Id
X-Loop
X-Varnish-Age
X-Redis-Cache
X-Adobe-Source
X-SayCDN-TTL
X-Skip-Cache
Azure-SlotName
X-RM-Cache-TTL
X-Restarts
Azure-SiteName
DB-Nickname
X-PHP-Host
AMP-Access-Control-Allow-Source-Origin
X-Server-W
Apigw-Requestid
Azure-InstanceId
Web-Mar-Node
Azure-RegionName
Webcakes-App-Name
X-Logging-Id
Webcakes-App-Version
ServedBy
TWC-GeoIP-Country
X-S
Webcakes-Region
Xserver
TWC-Connection-Speed
X-Varnish-Beresp-Grace
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
Azure-Version
X-GeoCountry
X-GeoCode
X-Origin-Hint
X-Format
TWC-Device-Class
TWC-Locale-Group
X-No-Session
Property-Id
TWC-Privacy
X-Cache-Host
X-Cache-Server
X-AWS-Id
X-Container-Uri
X-Generation-Time
X-DynaTrace
Mn-Server-Ip
X-Fetched-On
X-Git-Commit
X-IPLB-Instance
X-IPLB-Request-ID
X-LJ-Flow-ID
X-VWS-Id
X-VCT
X-RCS-CacheZone
X-Tb
X-Cluster
X-Tcp-Rtt
X-Vercel-Cache
X-Vercel-Id
X-Origin
X-Is-Tablet
X-Extlb
X-Is-Desktop
X-Is-Mobile
X-Browser-Name
X-Routing-Service
X-Is-Supported-Browser
X-AB
X-Forwarded-Host
X-Frame-Option
X-Reqid
X-Ms-Request-Id
X-Zipkin-Id
Node
X-Geo-Region
X-ServerID
X-Ms-Version
X-COUNTRY
X-Proxied
X-Provided-By
Cache-Tv-Group
Section-Io-Id
X-Uri
X-R9-Blue-Green-Version
X-Locale
X-Site-Version
X-FB-TRIP-ID
Priority
X-Web-Node
Content-Secure-Policy
X-Webstats-RespID
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
Source
X-Vcache
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
Fastcgi-Useragent
Cross-Origin-Embedder-Policy
X-MP-GENERATED-AT
WP-Super-Cache
X-Vcl-Version
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-Uid
CDN-EdgeStorageId
X-Origin-Date
Onion-Location
CDN-RequestCountryCode
CDN-Cache
CDN-PullZone
CDN-CachedAt
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
WZWS-RAY
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
X-SRV
X-Generated-By
S-Rt
X-Ua
X-ShardId
X-Newrelic-Synthetics
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Pass-Why
X-Sucuri-Cache
X-Cdn-Origin
X-TT-LOGID
X-Cluster-Node
Sid
X-Sucuri-ID
X-Buckets
X-Cache-Action
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
X-Cache-Expired-At
X-Mg-Request-UUID
Cross-Origin-Window-Policy
X-Xrds-Location
X-VCache
Cross-Origin-Embedder-Policy-Report-Only
TDXMobile
X-Shield-Cache-Expires
X-Thinkindot-L3
X-Scope-Id
X-CMSURLCustom
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Fastly-Drupal-HTML
X-Datadome
Cache
X-LSADC-Cache
X-Request-URI
X-DataDome
HostName
X-GEO
X-Aspnetmvc-Version
X-Optimistic-Header
X-A-Dam
X-A-Ccd
Sslversion
X-Vdms-Path
X-A
X-Vdms-Version
X-ScT
T-Server
Type
MD5-Digest
CDCHOST
X-Correlation-ID
Surrogated-Key
X-Scheme
Origin-Agent-Cluster
Lang
Gannett-Cam-Experience-Id
Origin
Ngx.Var.Host
X-SRCache-Key
Ngx-Var-Key
Environment
Redirect-Candidate
DCR-Decision-By
Rendered-Blocks
Candidate-Md5Url
X-Rojux
DCR-Processing-Time-Ms
X-TIM-N
X-S-Cookie
Meta-Geo-Continent
X-A-Dcw
X-PAYTM-SRV-ID
X-A-Dgt
X-Cache-NE
X-Cache-Bucket
X-BCube-Filmed-By
X-Bl-Debug
X-D
X-Destination
X-Epic-Correlation-Id
X-External-Request-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Developer
X-Ec-Custom-Error
X-Bc-Bl
X-Conf
X-A-Wwc
X-Vtex-Remote-Cache
X-Application
X-B-Cookie
X-Aed
Atl-Traceid
Edge-Copy-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-Via-SSL
X-Via-CDN
X-TimeS
X-Via-Edge
X-GeoIP-Country-Code
Magicmarker
X-Human
X-GeoIP-Region-Code
X-Gdpr
X-Fastly-Cache
X-Access
X-Forwarded-Site
X-Generated-On
X-SB
X-Mly-Id
X-Men
X-Nyt-Route
X-SD-PageType
X-Node-Id
X-Section
X-Loc
X-Level-Front-Cache
Host-ID
L
X-Proxied-Request
X-Op-Id-All
Fastly-SSL
X-Instance-Name
X-Acquia-Purge-Cdn-Unconfigured
X-Req
X-Platform
X-Request-Start
X-Cache-Info
X-Request-Time
Server-Ext
Server-Host
Ssr
X-Bip
X-B3-Trace-ID
Sever-Int
Server-Hostname
Req-Svc-Chain
Req-ID
X-BBC-Edge-Cache-Status
X-Debug-Cache-Store
X-Rocket-Build-Number
V-Age
X-Origin-Time
X-Debug-Cache-Fetch
Pramga
X-Pool
X-Aicache-OS
X-Core-Value
Release
X-Dispatcher-Server
Fastly-GeoIP-CountryCode
X-Thanos
X-Up
X-TH-Server
X-Sigma-Backend
Apple-News-Services-Handled
X-Sigma
X-Varnish-Beresp-Status
X-Varnish-Director
X-Viewer-Country
X-We-Are-Hiring
X-VG-WebCache
X-VG-TLSProxy
X-Varnish-Hostname
X-Varnishpool
Apple-News-Services-Host
X-VServer
X-Server-IP
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
User-Cache-Control
X-Service
X-Origin-Response-Time
X-NCache
X-Mvc-Supplant-Cachable
X-Fmm-Version
Wxu-Next-Region
We-Hiring
Vix-Hermes-Req-Id
Wxu-Next-Commit
Web-Mar-Region
Wxu-Next-Hostname
Uber-Trace-Id
Click-Count-Action-Start
X-Gen-Mode
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Cache-Provider
True-Client-Country-4JS
Tube-Return
Tube-Got-Results
Tube-Get-Contents
X-From
X-Pubstack
X-Nginx-Cache-Key
X-PERF
X-Cache-Date
X-WA-Info
X-Block-Status
X-Cache-Id
X-DPWN-IS-SECURE
X-Core-Mission
X-Device-Os
X-Cache-TTL-Remaining
X-Clientip
DSUID
X-Fastly-Backend
X-Ad-Load-Variation
Click-Count-Error
Canary
X-ApacheServer
X-Zen-Fury
X-Policy
X-Esi-Check
X-Auto-Login
X-FC-Vary-Parameters
Tube-Got-Eval
X-Hash
Is-Eu
On-Server
Platform
X-Irp-Debug
Adler-Geo
Gh-Request-Id
NM-Fastcgi-Cache
X-SVT-ORM-VERSION
X-Org
Machine
Mail-Subject
X-Geo-Header
X-SVT-ORM-RULES
X-Hnp-Log
X-HS-Content-Campaign-Id
Producers
X-Mvc-Supplant-OutputCached
C-Via
X-UA-Device-Type
Esi-Enabled
X-V-Cache
X-Var-Ttl
X-Old-Content-Length
X-Gzip
Country-Code
X-NMSegId
X-GeoIP-City
X-Micro-Cache
X-GeoIP
X-DC
X-Cdn-Srv
X-SIPLIST1
X-CacheTTL
X-Edge-Server
X-App-Name
X-ZONE
X-Request-Host
AKAMAI
IsBot
Cluster
X-Sn-Servicetimems
W
X-Test
Pics-Label
X-Proto
X-GoCache-CacheStatus
X-Via-Popn
X-Via-Poph
X-HA-Backend
X-Via-Popv
Cf-Device-Type
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Cdn-Host
Proxy-Firewall
Cdn-Request-Time
X-Dc
X-Connection-Hash
X-TA-CDN-Provider
Expiry
X-Parent-Response-Time
X-Date
X-Varnish-Authentication
X-Eu-Site
X-Owner
Content-Script-Type
LB
X-Moov-Xdn-Version
A
X-Branch-Name
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
L5d-Success-Class
X-NGINX-Cache
X-Csrf-Jwt
N-Cache
NGX
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Accel-Expires-Debug
HA-Ipaddr
Ha-Gx-Prefs
X-CGP
X-Contensis-Viewer-Groups
X-Moov-T
X-CF-Lambda-Version
X-CF-Lambda-Fn
Fastly-Backend-Name
X-Ah-Environment
X-Cache-Aspx
Expect-Staple
Datacenter
X-Shop-Environment
X-Orig-Expires
X-Tenant
X-Qloud-Router
RNT-Machine
Cache-Key
X-Cache-Type
Xc-Version
RNT-Time
X-Forwarded-Path
X-Tt-Logid
Yak-Timeinfo
X-LB-ID
X-AK-Request-ID
X-Gamma-Serve
X-Region-Sid
Cdnsip
Cdncip
X-ND-Cache
X-LB-NoCache
Locid
Cdn
X-Ratelimit-Reset
PFcat
X-HN
X-Amz-Storage-Class
X-VarnishDD-TTL
X-Tx-Id
X-Varnish-Hits
X-Refresh
Cmsid
Cmstype
X-VHOST
SID
X-Wa
X-Servedbyhost
X-Vmg-Version
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-Backend-Instance
X-CDN-Cache-Status
X-Cdn-Diag
Server-ID
X-DynaTrace-JS-Agent
CPC-Cache
X-Nc
RATING
GeoIp-Country-Code
CPC-Age
X-Azure-Ref-OriginShield
Cdn-Requestid
XM
X-LAGOON
X-Api-Version
X-TX-ID
X-API-Version
X-Cache-Backend
X-Origin-Expires
X-Fpc
X-Nananana
X-TIME
X-Srv
X-Akamai-Transformed
CloudFront-Viewer-Country
X-B3-Parentspanid
CacheControlHeader
X-Via-Fastly
Resin-Trace
X-Hit
X-Lagoon
X-Variation
Tcn
X-HostName
X-Nf-Request-Id
X-Proxy-CacheRZ
XkeyRZ
User-Agent
X-CACHE-AGE
Uri
X-Client-Ip
X-Zone
X-LiteSpeed-Tag
X-Fastly-Country-Code
Cross-Origin-Opener-Policy-Report-Only
X-URL
X-NewRelic-App-Data
VNS-Cache
X-Amz-Meta-Opti
MIME-Version
VNS-Age
X-LiteSpeed-Cache-Control
X-Datacenter
X-Info
Cache-Name
X-UA
X-MCACHE
Lb
True-Client-IP
True-Client-Ip
X-Vc
X-Esi
X-Dynatrace-Js-Agent
DataCenter
X-Location
X-DataCenter
GeoIP-Latitude
X-Geo
X-Presslabs-Stats
X-Ig-Origin-Region
Mime-Version
X-CSRF-TOKEN
Cache-Hits
Hostname
X-AIR-PT
Fusion-Content-Source
Cf-Ipcountry
X-Dispatcher-Number
Fusion-Content-Id
Fusion-Component-Id
X-NWS-UUID-VERIFY
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fastly-Drupal-Html
X-B3-Spanid
Powered-By
X-Cached-By
Origin-EX
X-CUA
X-Jungle-Id
X-Mid
Origin-CC
X-Cloudmap
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-RID
X-User
X-Segment-20210421
X-IAuth-Set-Uid
X-Varnish-Beresp-TTL
X-CS
Srv
Ohc-File-Size
Debug
BehaviorPad-Version
X-ECache
X-Render-Time
GeoIP-Country-Code
Cl-Cache
X-FPC
X-Dispatch
CDN
Ohc-Cache-HIT
X-Litespeed-Tag
X-VTEX-Cache-Time
X-NC
X-VTEX-Cache-Server
X-Cdn-Cache-Status
X-WA
X-Powered-By-VTEX-Cache
X-ServedByHost
Server-Id
Load-Balancing
X-Oracle-DMS-ECID
X-Cache-Enabled
X-Wormhole-Sdk
X-Cs
CountryCode
X-Lb-Id
YJS-ID
Edge-Cache
X-Lb-Nocache
My-App
Location
Server-Info
X-Auth-Group-Type
X-Snapshot-Date
X-Internal-Host
X-Fastly-Backend-Reqs
CF-Ctrl
X-Traceid
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Ms-Author-Via
X-ID
X-VCL-Version
Wpo-Cache-Message
X-Litespeed-Cache-Control
Wpo-Cache-Status
Xkeylog
Xkey-La3
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-MSEdge-Features
X-NodeID
X-Nitro-Rev
X-Ig-Push-State
X-Nitro-Cache
Section-Origin-Responded
X-Proxy-Cache-La3
X-MiniProfiler-Ids
X-Nitro-Cache-From
X-Akamai-Pragma-Client-IP
X-Cdn-Request-ID
X-App
CF-Cached-On
X-MSEdge-Flight
X-Dw-Trace-Id
X-IN-APIGATEWAY
OriginIP
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
Time
Srvid
X-FL-EDGE
X-APP-VERSION
Memory
X-Acquia-Site
Ngx
Memcached
X-Cache-FS-Status
Geoip-Latitude
X-Acquia-Purge-Tags
FSS-Cache
X-Acquia-Application-UUID
X-FL-QIT-DEBUG
Odigeo-Trace-Id
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Cache-Version
X-Shardid
Akamai-Cache-Status
X-Via-PopH
X-Ha-Backend
X-Te-Duration-Ms
X-Te-Count
X-Lsadc-Cache
X-Via-PopN
X-Vgn-Hpd-Reason
Cloudfront-Viewer-Country
X-Fastly-Cache-Hits
X-Via-PopV
X-Pad
X-Http-Duration-Ms
X-Udemy-Cache-App-Namespace
X-RequestId
X-Service-Response-Time
X-Serial
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-Http-Count
X-Web-Server
X-Mg-Cache
X-Sucuri-Id
Sm-Log-Id