Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
P3p
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
X-Request-ID
X-Cacheable
Server-Timing
CF-Ray
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
Allow
X-Backend
Cf-Edge-Cache
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Cache-Group
X-UA-Device
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
X-Age
X-Vhost
X-Rq
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Readtime
X-Server-Id
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Litespeed-Cache
X-Application-Context
X-Cache-Lookup
X-Country-Code
X-Trace
Content-Location
X-Ruxit-JS-Agent
X-Oneagent-Js-Injection
X-Url
Service-Worker-Allowed
X-Content-Type
X-Country
X-Clacks-Overhead
X-Edge
X-ECACHE
X-Origin-Cache-Key
X-Mcache
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Midtier
X-Mod-Pagespeed
Cross-Origin-Opener-Policy
Cache-Tag
X-FTR-Request-ID
Accept-Ch
X-MS-InvokeApp
Nginx-Cache
X-Vname
X-TtlSet
X-PC
X-Upstream
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Browser-Type
X-D2id
X-Server-Name
X-Times
X-Cdn-Fetch
X-Element-Page-Cache
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
Verso
X-Cnection
X-Ac
SPIisLatency
SPRequestDuration
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Ruxit-Js-Agent
X-Abt-Application-Version
X-Navigation-Version
X-B3-TraceId
SPRequestGuid
X-Vcap-Request-Id
X-SharePointHealthScore
X-Dw-Request-Base-Id
X-GitHub-Request-Id
X-Ser
X-NF-Request-ID
AR-CACHE
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-VARITI-CCR
X-NWS-LOG-UUID
X-Mg-S
S
X-RateLimit-Remaining
X-Cache-Key
X-Client-IP
X-Middleton-Display
X-Sol
Display
Pagespeed
RTSS
Edge-Cache-Tag
X-Server-ID
Fastly-Restarts
X-Amz-Rid
X-Ttl
X-Amzn-Trace-Id
X-Cache-TTL
X-Powered-CMS
X-Goog-Hash
Origin-Trial
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Edge-Location-Klb
X-Version
X-Kinsta-Cache
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
X-Recruiting
X-ARC
X-Varnish-TTL
X-TraceId
X-Content-Digest
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Webkit-Csp
Arr-Disable-Session-Affinity
X-Middleton-Response
Response
X-Forwarded-For
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
X-T
Content-MD5
X-Ua-Device
X-Accel-Expires
MicrosoftSharePointTeamServices
TP-Cache
X-Shield-Request-Id
X-Cached
X-Hits
X-Id
Public-Key-Pins
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Expires
Cross-Origin-Resource-Policy
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
MS-Author-Via
X-Daa-Tunnel
Front-End-Https
Server-Node
X-Frontend
X-Ua-Browser
Payment
X-DIS-Request-ID
X-Request-Received
X-Request-Processing-Time
X-Forwarded-Proto
X-FastCGI-Cache
X-LLID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-RateLimit-Limit
X-GUploader-UploadID
X-LB-Cache
Realpath
TP-L2-Cache
X-Protected-By
X-Fastcgi-Cache
Cache-Tags
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-Request-Handler-Origin-Region
X-Distributor
X-Microsite
Count-Hit
X-WebKit-CSP-Report-Only
X-Page-Id
X-Activity-Id
X-AppVersion
X-Az
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Hostname
X-F-Cache
X-Cluster-Name
X-TTL
X-Correlation-Id
X-Varnish-Backend
X-Debug-Info
X-Geo-Country
X-Www-Served-By
Referer-Policy
X-ORACLE-DMS-RID
X-NGENIX-Cache
Accept-Charset
X-Kinja-CCPA
Fastcgi-Cache
Host
X-PressLabs-Stats
X-Envoy-Decorator-Operation
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Server
X-Varnish-Server
X-FB-Debug
X-Goog-Metageneration
X-Ratelimit-Limit
X-Oracle-Dms-Ecid
Access-Control-Allow-Method
X-Git-Hash
Retry-After
X-Rid
X-ORACLE-DMS-ECID
Server-Name
X-RateLimit-Reset
X-CSRF-Token
X-Oracle-Dms-Rid
X-Content-Options
X-Load-Cache
X-XRDS-LOCATION
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Px
X-Contextid
X-Upgrade-Enabled
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Revision
X-Route-Name
X-Is-Crawler
TCN
DC
X-App-Environment
X-Cache-Control
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Charset
X-Trace-Id
X-Varnish-Ttl
X-Seen-By
X-Origin-Cache
X-Grace
X-B3-Sampled
X-Type
X-Ezoic-Cdn
X-Fastly-Request-Id
X-B-Cache
X-Signature
X-Mobile
Paypal-Debug-Id
X-Ratelimit-Remaining
Section-Io-Cache
X-B
X-TT
Cleartype
X-Amz-Meta-S3cmd-Attrs
X-Fb-Rlafr
Healthy
X-ASPNET-VERSION
X-Wix-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Whom
X-Amz-Replication-Status
Frame-Options
X-Magnolia-Registration
X-Node-Name
X-Logged-In
X-Webkit-CSP
X-EdgeConnect-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Fastly-Request-ID
X-Language
Filterid
X-Azure-Ref
X-Newrelic-App-Data
X-Proxy
X-N
Content-Disposition
X-App-Version
Backend
Akamai-GRN
Upgrade-Insecure-Requests
X-Air-Pt
X-Template
X-Response-Served-From
X-Original-Request-Id
X-Proxy-Cache-Info
Refresh
VIX-Pulpo-Upstream-Status
X-ProcessESI
X-Yottaa-Optimizations
VIX-Pulpo-Node
NGB
X-Yottaa-Metrics
SD-X-WS
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-RemovedCookies
X-Unique-Id
X-Tumblr-Pixel-1
X-Servername
X-Tumblr-Pixel
X-Page-View
X-Tumblr-Pixel-0
MS-CV
X-Datadog-Sampled
X-RTag
X-Tumblr-User
X-Varnish-Grace
X-Is-Bot
Ms-Operation-Id
X-Rendered-As
X-UUID
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-Debug-IsPreview
X-Instance
X-Cacheable-TTL
X-Region
Liferay-Portal
Fastly-SWR
X-Adobe-Content
X-Adobe-Loc
Fastly-SIE
Viewport
X-IPS-LoggedIn
X-G
X-FW-Version
X-FW-Serve
X-FW-Type
X-FW-Hash
X-Debug
X-FW-Static
Url
X-FW-Server
X-Device-Type
From-Origin
X-User-Agent
X-FW-Dynamic
X-Cache-Grace
X-Rule
X-NYM-Debug-Backend
X-Jobs
X-L-Path
X-Environment-Context
X-Hl-Ver
Country
X-Cache-Hit
Amp-Access-Control-Allow-Source-Origin
X-Backend-Name
X-B3-Traceid
X-Status
X-Cache-Age
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Time
ServerID
Surrogate-Key
Countrycode
X-Hosted-By
X-B3-SpanId
X-CCDN-CacheTTL
X-Origin-CC
X-Origin-TTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Air-Hostname
X-Air-Source
Alternate-Protocol
X-Air-Trace-Id
X-Via-JSL
X-VC-Cache
X-Cache-Status-Check
X-Content-Powered-By
X-Akamai-Request-ID2
X-HTML-Minification-Powered-By
Version
X-INCAP-ABP
WPO-Cache-Message
Protected
WPO-Cache-Status
X-NODE
X-Http-Reason
SRV
X-Akamai-Edgescape
X-Nginx-Cache
X-Rocket-Nginx-Serving-Static
CDN-RequestId
GEO-INFO
X-Framework
X-CDN-Forward
X-Source
CF-IPCountry
X-WP-CF-Super-Cache-Active
X-Storage
X-Edge-Location
X-Accel-Version
X-Cache-Rule
Access-Control-Request-Headers
Front
X-Real-IP
X-Httpd
X-Mode
OT-Force-Account-Verify
X-VC
X-Cache-Operation
Meta-Geo
Filters
X-Xfnlog-Site
X-Rn-Rsrv
X-XRDS-Location
Accept-Language
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-JoinUs
Selected-Fe
X-SaId
X-Timing-Wait
X-Upstream-Ht
Webserver
X-Proxy-Build
X-Soup
X-Upstream-Ct
X-Served-From
X-Director
X-Use-Magma
X-Say-Cacheable
X-Cache-Debug
X-SayCDN-TTL
X-Tumblr-Pixel-3
X-Detected-As
X-Say-TTL
ServedBy
X-Use-Mantle
X-Logging-Id
X-Origin
X-Worker
X-Tumblr-Pixel-2
Xet-Cookie
DB-Nickname
X-Redis-Cache
X-RM-Cache-TTL
X-Varnish-Cache-Hits
X-Adobe-Source
X-ProxyCache-Status
X-VCT
X-BYPASS-REASON
X-Cms-Context
X-Handled-By
X-GeoCountry
X-GeoCode
Xserver
X-Lambda-Id
X-Sql-Count
X-ProxyCache-Key
X-No-Session
X-Sql-Duration-Ms
Property-Id
X-Git-Commit
TWC-Connection-Speed
Mn-Server-Ip
X-Labrador-Cache-Channel
X-LJ-Flow-ID
TWC-Device-Class
X-RCS-CacheZone
X-Origin-Hint
X-Loop
TWC-GeoIP-LatLong
X-Container-Uri
Webcakes-App-Name
Web-Mar-Node
Webcakes-App-Version
X-Cache-Time
X-AWS-Id
Webcakes-Region
X-DynaTrace
TWC-Privacy
X-Vcache
TWC-GeoIP-Country
X-Generation-Time
X-Format
X-Fetched-On
TWC-Locale-Group
X-PHP-Host
X-Restarts
X-ServerID
Apigw-Requestid
X-Skip-Cache
X-Server-W
X-Varnish-Beresp-Grace
X-Varnish-Age
X-VWS-Id
X-Tncms
X-Vercel-Cache
X-Web-Node
X-IPLB-Request-ID
X-Vercel-Id
X-Cluster
X-Cache-Server
X-IPLB-Instance
X-Tb
X-Reqid
Node
X-Ms-Version
X-Geo-Region
X-Forwarded-Host
X-Extlb
X-Proxied
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Provided-By
X-Is-Desktop
X-Site-Version
Azure-SlotName
X-Zipkin-Id
X-Ms-Request-Id
Section-Io-Id
X-Is-Tablet
X-Cache-Host
X-Is-Mobile
X-Is-Supported-Browser
Azure-Version
X-Tcp-Rtt
X-S
X-Browser-Name
X-AB
X-Routing-Service
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Uri
X-R9-Blue-Green-Version
Cross-Origin-Embedder-Policy
X-Locale
Cache-Tv-Group
X-Frame-Option
X-Webstats-RespID
X-Xrds-Location
Priority
X-Drupal-Cache-Tags
Source
Fastcgi-Useragent
X-MP-GENERATED-AT
X-FB-TRIP-ID
X-COUNTRY
Content-Secure-Policy
X-Origin-Date
X-Drupal-Cache-Contexts
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullSuccess
AMP-Access-Control-Allow-Source-Origin
CDN-RequestPullCode
CDN-Uid
X-Generated-By
WP-Super-Cache
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Vcl-Version
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
Onion-Location
X-ShardId
X-TT-LOGID
S-Rt
X-Sorting-Hat-PodId
X-Sucuri-Cache
X-ShopId
X-Sorting-Hat-ShopId
WZWS-RAY
X-Pass-Why
X-Cdn-Origin
Sid
X-Cluster-Node
X-Newrelic-Synthetics
X-Sucuri-ID
X-Varnish-Beresp-Ttl
X-Ua
X-SRV
Cross-Origin-Embedder-Policy-Report-Only
X-Buckets
X-Proxy-Cache-Status
X-Cache-Action
X-DataDome
X-Cache-Expired-At
Cross-Origin-Window-Policy
Thinkindot-CacheControl
Thinkindot-Control
TDXMobile
X-CMSURLCustom
X-Shield-Cache-Expires
X-Thinkindot-L3
X-LSADC-Cache
X-Scope-Id
Thinkindot-CacheControl-Type
Cache
Atl-Traceid
X-GEO
Fastly-Drupal-HTML
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-Via-CDN
X-Request-URI
X-Rojux
Ngx.Var.Host
Ngx-Var-Key
X-S-Cookie
X-ScT
X-Ec-Fail
Origin-Agent-Cluster
X-Ec-GeoHdr
X-Scheme
Origin
Meta-Geo-Continent
DCR-Decision-By
X-Optimistic-Header
X-PAYTM-SRV-ID
X-Ec-Custom-Error
DCR-Processing-Time-Ms
CDCHOST
Candidate-Md5Url
Gannett-Cam-Experience-Id
MD5-Digest
X-External-Request-Id
Lang
X-Epic-Correlation-Id
HostName
X-A
X-A-Ccd
X-A-Wwc
X-Viewer-Country
X-D
T-Server
Type
X-A-Dam
X-A-Dcw
X-Bc-Bl
X-B-Cookie
Redirect-Candidate
X-BCube-Filmed-By
X-Vdms-Path
X-Vdms-Version
Surrogated-Key
X-Vtex-Remote-Cache
X-Conf
X-SRCache-Key
X-Aed
Rendered-Blocks
X-Mg-Request-UUID
X-Cache-NE
X-A-Dgt
X-Cache-Bucket
X-TIM-N
Sslversion
X-Application
X-WP-CF-Super-Cache-Cookies-Bypass
X-Bl-Debug
X-Developer
X-Destination
X-Aspnetmvc-Version
X-GeoIP-Region-Code
Apple-News-Services-Host
X-Bip
X-Clientip
X-Cache-Info
X-Human
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
X-Forwarded-Site
Server-Host
Server-Hostname
Sever-Int
Ssr
Server-Ext
X-Dispatcher-Server
Pramga
Release
Req-ID
Magicmarker
Vix-Hermes-Req-Id
DSUID
X-Access
X-Generated-On
Environment
Fastly-SSL
L
Host-ID
X-Fastly-Cache
X-Aicache-OS
X-Instance-Name
X-Thanos
X-Pubstack
X-Request-Start
X-Request-Time
X-VServer
X-VCache
X-TH-Server
X-Op-Id-All
X-Platform
X-Pool
X-Node-Id
X-VG-WebCache
X-Rocket-Build-Number
X-Sigma
X-Varnishpool
X-Sigma-Backend
X-Varnish-Hostname
X-Varnish-Director
X-Loc
X-Level-Front-Cache
X-Correlation-ID
X-SB
X-SD-PageType
X-Section
X-Varnish-Beresp-Status
X-TimeS
X-DC
X-Datadome
User-Cache-Control
X-Origin-Response-Time
V-Age
NM-Fastcgi-Cache
X-VG-TLSProxy
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Mvc-Supplant-OutputCached
X-WA-Info
X-GeoIP
X-NMSegId
X-Nginx-Cache-Key
X-NCache
X-Mvc-Supplant-Cachable
X-Server-IP
X-Device-Os
Wxu-Next-Region
Wxu-Next-Hostname
X-SVT-ORM-RULES
Wxu-Next-Commit
X-SVT-ORM-VERSION
X-Men
Req-Svc-Chain
X-Irp-Debug
X-V-Cache
X-Mly-Id
Uber-Trace-Id
X-TA-CDN-Provider
X-Acquia-Purge-Cdn-Unconfigured
X-Request-Host
X-GeoIP-City
X-Origin-Time
X-Policy
X-BBC-Edge-Cache-Status
X-Req
X-Nyt-Route
True-Client-Country-4JS
X-Gdpr
X-Debug-Cache-Store
X-Cache-Date
X-Block-Status
X-Org
X-Gen-Mode
Canary
Fastly-GeoIP-CountryCode
X-Debug-Cache-Fetch
X-Core-Value
X-Zen-Fury
C-Via
X-We-Are-Hiring
X-Proxied-Request
Cache-Provider
X-UA-Device-Type
X-FC-Vary-Parameters
X-Service
X-Connection-Hash
Expiry
X-Var-Ttl
W
We-Hiring
Web-Mar-Region
X-ApacheServer
Content-Style-Type
X-Cache-Id
X-Branch-Name
X-Cache-TTL-Remaining
A
Content-Script-Type
X-Moov-Xdn-Version
X-Auto-Login
Cluster
X-Core-Mission
X-B3-Trace-ID
X-Moov-T
X-Ad-Load-Variation
Platform
X-RateLimit-Limit-Second
Gh-Request-Id
X-Fmm-Version
Tube-Return
Is-Eu
X-Fastly-Backend
IsBot
X-Gzip
X-Proto
Country-Code
Click-Count-Error
Click-Count-Action-Start
X-PERF
X-Old-Content-Length
X-From
Esi-Enabled
X-Geo-Header
X-RateLimit-Remaining-Second
X-Up
Machine
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
Adler-Geo
X-DPWN-IS-SECURE
X-SIPLIST1
X-Esi-Check
X-Hash
Mail-Subject
Producers
On-Server
X-Cdn-Srv
X-CacheTTL
X-Micro-Cache
X-Varnish-Authentication
X-Csrf-Jwt
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Test
X-Slack-Backend
X-Eu-Site
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-GoCache-CacheStatus
X-CGP
Pics-Label
X-Ratelimit-Reset
X-ZONE
X-App-Name
AKAMAI
L5d-Success-Class
Ha-Gx-Prefs
HA-Ipaddr
X-Parent-Response-Time
X-Ah-Environment
X-Qloud-Router
X-Owner
Cdn-Host
X-HA-Backend
LB
Cf-Device-Type
Cdn-Request-Time
X-Tx-Id
Cdncip
X-Region-Sid
Cdnsip
X-AK-Request-ID
X-ND-Cache
Yak-Timeinfo
X-Amz-Meta-Cb-Modifiedtime
Locid
X-Via-Popv
X-Via-Poph
Cache-Key
X-Dc
X-Wikidot-Static-Cache
X-Wikidot-Backend
Fastly-Backend-Name
X-Via-Popn
Proxy-Firewall
X-Edge-Server
Datacenter
X-LB-NoCache
N-Cache
RNT-Machine
RNT-Time
X-HN
NGX
X-Accel-Expires-Debug
Cdn
X-Amz-Storage-Class
Expect-Staple
X-VarnishDD-TTL
PFcat
X-CF-Lambda-Fn
X-Date
X-CF-Lambda-Version
X-Azure-Ref-OriginShield
X-Cache-Type
X-Orig-Expires
X-CACHE-GROUP
X-Refresh
X-Shop-Environment
X-LB-ID
X-Servedbyhost
X-Tenant
Xc-Version
X-Forwarded-Path
X-Tt-Logid
X-Wa
X-Backend-Instance
X-Nc
X-Gamma-Serve
X-NGINX-Cache
X-DynaTrace-JS-Agent
XM
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
X-VHOST
GeoIp-Country-Code
X-Nf-Request-Id
RATING
SID
X-Varnish-Hits
Cmstype
Cmsid
Server-ID
X-CDN-Cache-Status
NtCoent-Length
X-Origin-Expires
Cdn-Requestid
X-Cache-Backend
CPC-Age
X-Cdn-Diag
X-Vmg-Version
CloudFront-Viewer-Country
CPC-Cache
X-API-Version
X-Nananana
X-Fpc
X-Lagoon
X-TIME
X-Akamai-Transformed
X-TX-ID
X-B3-Parentspanid
X-LAGOON
Resin-Trace
X-Via-Fastly
X-Zone
X-Api-Version
X-UA
X-Hit
X-NewRelic-App-Data
CacheControlHeader
Uri
XkeyRZ
X-Proxy-CacheRZ
Cross-Origin-Opener-Policy-Report-Only
X-Variation
User-Agent
X-Client-Ip
MIME-Version
GeoIP-Latitude
X-URL
X-Presslabs-Stats
X-CACHE-AGE
X-B3-Spanid
Cache-Hits
X-Amz-Meta-Opti
X-Info
X-Fastly-Country-Code
True-Client-Ip
X-Ig-Origin-Region
DataCenter
X-ECache
X-LiteSpeed-Tag
Tcn
Lb
X-DataCenter
Fusion-Component-Id
X-Location
X-Datacenter
True-Client-IP
X-NWS-UUID-VERIFY
Fusion-Content-Id
Fusion-Source
VNS-Cache
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Template-Id
VNS-Age
X-LiteSpeed-Cache-Control
X-Dynatrace-Js-Agent
X-HostName
Cache-Name
X-RID
Hostname
Powered-By
X-Vc
X-Geo
X-Cloudmap
X-Jungle-Id
Mime-Version
X-CUA
X-Cached-By
Origin-CC
X-AIR-PT
Origin-EX
X-CS
Fastly-Drupal-Html
X-User
X-HOST
X-IAuth-Set-Uid
X-Dispatcher-Number
X-CSRF-TOKEN
X-Segment-20210421
Cf-Ipcountry
X-Webkit-Csp-Report-Only
X-Cdn-Forward
Load-Balancing
X-Mid
X-Varnish-Beresp-TTL
Debug
Cl-Cache
Srv
X-Render-Time
X-MCACHE
GeoIP-Country-Code
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
Edge-Cache
X-Auth-Group-Type
X-Dispatch
CDN
X-Esi
BehaviorPad-Version
X-Cdn-Cache-Status
Ohc-File-Size
X-FPC
X-Wormhole-Sdk
X-Litespeed-Tag
X-Cs
Server-Id
X-Oracle-DMS-ECID
Ohc-Cache-HIT
X-Cache-Enabled
X-Lb-Id
X-Ig-Push-State
YJS-ID
X-WA
X-NC
X-ServedByHost
X-Cache-Ttl
X-VCL-Version
Location
X-Wp-Cf-Super-Cache
CountryCode
X-Wp-Cf-Super-Cache-Cache-Control
X-NodeID
Odigeo-Trace-Id
Server-Info
X-Lb-Nocache
My-App
X-Fastly-Backend-Reqs
Ms-Author-Via
Wpo-Cache-Message
X-Litespeed-Cache-Control
Wpo-Cache-Status
X-APP-VERSION
Xkeylog
X-Snapshot-Date
Xkey-La3
CF-Ctrl
X-Proxy-Cache-La3
Ngx
CF-Cached-On
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
X-Internal-Host
X-Vgn-Hpd-Reason
X-MSEdge-Flight
X-MSEdge-Features
X-Custom-Header
X-Via-PopN
Memcached
Memory
Section-Io-Origin-Time-Seconds
X-IN-APIGATEWAYSSL
X-Ha-Backend
Section-Origin-Responded
X-PHP-Backend
X-Acquia-Site
X-Acquia-Purge-Tags
Time
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Via-PopH
X-App
X-Nitro-Cache
X-FL-EDGE
X-IN-APIGATEWAY
Srvid
X-Nitro-Cache-From
X-Nitro-Rev
X-Pad
FSS-Cache
X-FL-QIT-DEBUG
X-Sucuri-Id
Section-Io-Origin-Status
X-Via-PopV
OriginIP
X-Sorting-Hat-Shopid
X-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Cache-Version
Geoip-Latitude
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-Serial
X-Check-Cacheable
X-RequestId
X-Cache-FS-Status
X-Depends
Sm-Log-Id
Akamai-Cache-Status
X-Service-Response-Time
X-Te-Count
X-Mg-Cache
X-Fastly-Cache-Hits
X-Http-Count
X-Te-Duration-Ms
X-Udemy-Cache-App-Namespace
X-Lsadc-Cache
X-Web-Server
X-Dw-Trace-Id
X-Http-Duration-Ms