Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
X-DNS-Prefetch-Control
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
Ali-Swift-Global-Savetime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
Cf-Railgun
X-LiteSpeed-Cache
Permissions-Policy
EagleEye-TraceId
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-CST
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Cache-Lookup
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
X-Origin-Cache-Key
Cache-Tag
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Edge
Cross-Origin-Opener-Policy
X-Midtier
X-TtlSet
X-PC
X-Vname
Nginx-Cache
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-Upstream
X-Powered-By-Plesk
X-ECACHE
X-Server-Name
X-NWS-LOG-UUID
Edge-Control
X-ESI
X-Browser-Type
X-Cnection
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Ac
X-Ser
AR-SID
AR-Request-ID
SPRequestDuration
AR-PoweredBy
AR-ATIME
SPIisLatency
X-RateLimit-Remaining
X-B3-TraceId
X-SharePointHealthScore
X-Ruxit-Js-Agent
SPRequestGuid
X-GitHub-Request-Id
X-NF-Request-ID
X-Abt-Application-Version
X-Navigation-Version
X-Ttl
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
Pinterest-Version
Pinterest-Generated-By
X-Client-IP
X-Pinterest-Rid
Display
X-Middleton-Display
Pagespeed
X-Sol
S
Edge-Cache-Tag
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
X-Amzn-Trace-Id
RTSS
X-Cache-TTL
X-Amz-Rid
X-Webkit-Csp
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
X-Version
X-Kinsta-Cache
Access-Control-Request-Method
X-Daa-Tunnel
X-Goog-Hash
X-Server-ID
X-Recruiting
X-Middleton-Response
Response
X-Varnish-TTL
X-Content-Digest
X-ARC
X-Forwarded-For
X-TraceId
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Cross-Origin-Resource-Policy
MS-Author-Via
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
TP-Cache
X-Shield-Request-Id
X-Accel-Expires
X-FastCGI-Cache
X-Cached
X-Hits
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
Server-Node
Public-Key-Pins
X-Request-Received
X-FTR-Expires
X-Request-Processing-Time
X-Id
X-Forwarded-Proto
X-Ua-Browser
X-ORACLE-DMS-RID
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Payment
X-HS-Content-Id
X-Frontend
X-Content-Security-Policy-Report-Only
X-Protected-By
Realpath
X-DIS-Request-ID
X-RateLimit-Limit
X-LLID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Distributor
X-GUploader-UploadID
TP-L2-Cache
X-Fastcgi-Cache
Origin-Trial
X-LB-Cache
X-Hostname
Cache-Tags
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Debug-Info
X-Origin-Server
Host
Count-Hit
X-Page-Id
Referer-Policy
X-Envoy-Decorator-Operation
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Fastcgi-Cache
X-ORACLE-DMS-ECID
X-Cluster-Name
X-NGENIX-Cache
X-AppVersion
X-Az
X-Www-Served-By
X-Activity-Id
Accept-Charset
X-Geo-Country
X-Varnish-Backend
X-Varnish-Server
X-Correlation-Id
X-App-Server
X-F-Cache
X-PressLabs-Stats
X-Ratelimit-Limit
X-Ezoic-Cdn
X-Ua-Device
Retry-After
X-Fastly-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-FB-Debug
X-RateLimit-Reset
X-Goog-Metageneration
X-Load-Cache
X-CSRF-Token
X-Upgrade-Enabled
X-Px
Access-Control-Allow-Method
TCN
X-Git-Hash
X-Seen-By
Server-Name
Cleartype
X-Amz-Meta-S3cmd-Attrs
X-Tt-Trace-Host
X-Tt-Trace-Tag
Section-Io-Cache
X-Request-Guid
X-Contextid
X-Revision
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Grace
X-Cache-Control
X-Trace-Id
X-Type
Charset
X-Content-Options
X-Varnish-Ttl
Healthy
X-TT
X-B3-Sampled
X-B
Paypal-Debug-Id
X-Azure-Ref
X-Whom
DC
X-Fb-Rlafr
X-Wix-Request-Id
X-Newrelic-App-Data
X-B-Cache
X-Proxy
X-Signature
X-App-Environment
X-Air-Pt
X-Mobile
X-Node-Name
X-Magnolia-Registration
X-N
X-Fastly-Request-Id
X-EdgeConnect-Cache-Status
Frame-Options
X-Amz-Replication-Status
Filterid
X-Origin-Cache
Accept-Ch
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Oracle-Dms-Ecid
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Logged-In
X-CCDN-CacheTTL
X-TTL
X-WebKit-CSP-Report-Only
X-Time
Backend
Viewport
NGB
Content-Disposition
Akamai-GRN
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Response-Served-From
X-Original-Request-Id
X-Oracle-Dms-Rid
X-Cache-Age
X-Is-Bot
X-Rendered-As
X-Debug-IsConnected
X-Yottaa-Metrics
X-Datadog-Sampled
Liferay-Portal
X-Tumblr-User
X-Debug-IsPreview
X-Hl-Ver
X-Unique-Id
SD-X-WS
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Yottaa-Optimizations
X-RemovedCookies
X-Tumblr-Pixel
X-ProcessESI
X-Varnish-Grace
X-Servername
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Adobe-Loc
X-Amzn-Remapped-Content-Length
X-Adobe-Content
X-FW-Static
X-Backend-Name
X-FW-Type
X-IPS-LoggedIn
Upgrade-Insecure-Requests
MS-CV
X-UUID
X-FW-Version
Ms-Operation-Id
X-RTag
X-Instance
X-Cacheable-TTL
X-Via-JSL
ServerID
X-Debug
X-Cache-Grace
X-NYM-Debug-Backend
X-G
X-L-Path
Fastly-SIE
X-Environment-Context
Fastly-SWR
X-User-Agent
X-Region
From-Origin
X-Proxy-Cache-Info
X-Device-Type
X-Language
X-Cache-Hit
X-Ratelimit-Remaining
Country
X-Rule
X-Template
X-Status
Refresh
X-VC-Cache
X-B3-SpanId
Version
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Flags
Url
X-Source
Countrycode
X-Rid
X-INCAP-ABP
X-Webkit-CSP
GEO-INFO
X-Cache-Status-Check
CDN-RequestId
X-HTML-Minification-Powered-By
X-Storage
X-Air-Hostname
X-Air-Trace-Id
Alternate-Protocol
X-Air-Source
WPO-Cache-Message
WPO-Cache-Status
X-Jobs
X-App-Version
SRV
X-NODE
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
AMP-Access-Control-Allow-Source-Origin
X-Real-IP
X-Origin-CC
X-Akamai-Request-ID2
X-Origin-TTL
X-Content-Powered-By
X-B3-Traceid
Protected
X-ServerID
X-Rocket-Nginx-Serving-Static
Surrogate-Key
X-Tec-Api-Root
X-CDN-Forward
X-Hosted-By
X-Tec-Api-Version
X-VC
X-Accel-Version
X-Cache-Time
X-Tec-Api-Origin
Access-Control-Request-Headers
X-Nginx-Cache
X-Handled-By
X-Akamai-Edgescape
X-Cache-Operation
X-Cache-Rule
X-Mode
Amp-Access-Control-Allow-Source-Origin
X-Rewrite-Enabled
X-Upstream-Ht
Filters
X-Platform-Processor
Xet-Cookie
X-Upstream-Ct
X-Platform-Cluster
Meta-Geo
X-Rn-Rsrv
X-Endurance-Cache-Level
X-Edge-Location
X-Framework
X-UPSTREAM-Address
Webserver
X-Platform-Router
X-Soup
X-Timing-Wait
X-Proxy-Build
X-Tumblr-Pixel-2
X-Sucuri-Cache
X-Origin
ServedBy
X-Detected-As
X-Served-From
X-SaId
X-Cache-Debug
X-Director
X-JoinUs
Section-Io-Id
X-Varnish-Cache-Hits
Selected-Fe
X-Xfnlog-Site
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
X-Proxied
Webcakes-App-Version
X-PHP-Host
X-Origin-Hint
X-ProxyCache-Key
X-ProxyCache-Status
X-Use-Mantle
X-Redis-Cache
Webcakes-App-Name
Webcakes-Region
Mn-Server-Ip
X-BYPASS-REASON
X-Cms-Context
X-Extlb
X-AWS-Id
X-Adobe-Source
X-LJ-Flow-ID
X-Lambda-Id
X-Labrador-Cache-Channel
TWC-Privacy
Web-Mar-Node
X-VWS-Id
Front
X-Routing-Service
X-Webstats-RespID
X-Worker
Property-Id
X-Logging-Id
X-Zipkin-Id
TWC-Connection-Speed
TWC-Device-Class
X-Kinja-CCPA
TWC-Locale-Group
X-Web-Node
X-Say-Cacheable
X-Say-TTL
TWC-GeoIP-Country
Node
TWC-GeoIP-LatLong
X-SayCDN-TTL
X-Drupal-Cache-Contexts
X-AB
X-Drupal-Cache-Tags
X-Browser-Name
X-Cluster
X-Locale
X-Tcp-Rtt
X-Site-Version
X-S
X-RM-Cache-TTL
X-Tncms
X-Varnish-Age
X-VCT
X-Skip-Cache
X-Varnish-Beresp-Grace
X-Restarts
X-RCS-CacheZone
X-Is-Mobile
X-Is-Desktop
X-GeoCountry
X-Geo-Region
X-Is-Supported-Browser
X-Is-Tablet
X-Page-View
X-No-Session
X-Loop
X-Format
X-GeoCode
Azure-SiteName
X-Sucuri-ID
Azure-SlotName
Azure-Version
Accept-Language
Azure-InstanceId
Azure-RegionName
X-Tb
X-IPLB-Instance
X-IPLB-Request-ID
X-Httpd
X-Storefront-Renderer-Rendered
X-Generation-Time
X-Git-Commit
CF-IPCountry
X-Vercel-Id
X-Vercel-Cache
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-R9-Blue-Green-Version
Xserver
CDN-Cache
CDN-RequestCountryCode
X-Origin-Date
X-Fetched-On
X-Shopify-Stage
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Container-Uri
X-Forwarded-Host
X-Cache-Host
X-Alternate-Cache-Key
X-Cache-Server
X-TT-LOGID
Apigw-Requestid
X-Reqid
X-Frame-Option
X-Provided-By
X-Vcache
X-Ms-Version
X-Ms-Request-Id
DB-Nickname
Atl-Traceid
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Server-W
WP-Super-Cache
X-Cdn-Origin
Fastcgi-Useragent
X-MP-GENERATED-AT
X-Vcl-Version
X-XRDS-Location
X-RID
X-Uri
Cross-Origin-Embedder-Policy-Report-Only
X-Generated-By
Source
Sid
X-Http-Reason
X-Pass-Why
X-SRV
Cross-Origin-Window-Policy
Cache-Tv-Group
X-FB-TRIP-ID
Content-Secure-Policy
Thinkindot-CacheControl
TDXMobile
Thinkindot-Control
X-Scope-Id
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Thinkindot-L3
Cache
Priority
X-Azure-Ref-OriginShield
X-Buckets
Onion-Location
X-DynaTrace
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-DataDome
X-Content-Age
X-LSADC-Cache
HostName
X-ECache
X-Dc
X-Optimistic-Header
X-Sql-Duration-Ms
X-Sql-Count
X-WP-CF-Super-Cache-Cookies-Bypass
X-GEO
X-Proxy-Cache-Status
X-Cluster-Node
X-Xrds-Location
X-UA
X-Newrelic-Synthetics
X-Request-URI
X-Lagoon
Expiry
X-Cache-Action
X-Varnish-Beresp-Ttl
X-Connection-Hash
X-TA-CDN-Provider
DCR-Decision-By
X-Viewer-Country
Candidate-Md5Url
X-Vdms-Version
A
X-Vtex-Remote-Cache
Lang
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
X-Platform
X-Destination
X-Developer
Vix-Hermes-Req-Id
X-D
X-A
X-Dispatcher-Server
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Ec-Fail
T-Server
X-A-Ccd
X-Conf
X-B-Cookie
X-Bc-Bl
X-A-Dgt
X-A-Wwc
X-Aed
X-BCube-Filmed-By
X-Bl-Debug
X-A-Dam
X-A-Dcw
X-Cache-NE
X-Cache-Bucket
X-External-Request-Id
Surrogated-Key
Redirect-Candidate
X-Vdms-Path
X-Varnish-Hostname
X-TIM-N
X-SRCache-Key
Origin-Agent-Cluster
Origin
MD5-Digest
Meta-Geo-Continent
Ngx-Var-Key
Ngx.Var.Host
X-ScT
X-Scheme
X-Op-Id-All
X-PAYTM-SRV-ID
X-ND-Cache
Sslversion
X-Instance-Name
Req-ID
X-Application
X-S-Cookie
Rendered-Blocks
X-Rojux
X-Request-Start
Magicmarker
Server-Host
WZWS-RAY
User-Cache-Control
Locid
X-Cache-TTL-Remaining
X-Clientip
X-Core-Value
X-Cache-Info
X-Cache-Id
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Bip
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gdpr
X-Forwarded-Site
X-Esi-Check
X-Fastly-Cache
X-Auto-Login
X-Amz-Storage-Class
Server-Hostname
Sever-Int
Ssr
Server-Ext
Req-Svc-Chain
L
NM-Fastcgi-Cache
Pramga
V-Age
Wxu-Next-Commit
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-AK-Request-ID
X-Cache-Expired-At
X-Correlation-ID
Wxu-Next-Hostname
Wxu-Next-Region
X-Gzip
X-Human
X-TH-Server
X-Thanos
X-Varnish-Beresp-Status
X-Sigma-Backend
X-Sigma
X-SB
X-SD-PageType
X-Section
X-Varnish-Director
X-Varnishpool
X-We-Are-Hiring
X-Zen-Fury
C-Via
X-WA-Info
X-VServer
X-VG-TLSProxy
X-VG-WebCache
X-Rocket-Build-Number
X-Request-Time
X-NCache
X-Nginx-Cache-Key
X-NMSegId
Yak-Timeinfo
X-Mly-Id
Host-ID
X-Level-Front-Cache
X-Node-Id
X-Nyt-Route
X-Proxied-Request
X-Pubstack
X-Req
X-Pool
X-Origin-Time
X-Datadome
Release
DSUID
X-Loc
Cdnsip
Apple-News-Services-Handled
Content-Script-Type
Apple-News-Services-Host
Cluster
Apple-News-Services-Request-Url
Content-Style-Type
Environment
Fastly-GeoIP-CountryCode
Fastly-SSL
Cdncip
Apple-News-Services-Parsed-Url
LB
X-TimeS
X-Origin-Response-Time
X-Service
X-FC-Vary-Parameters
X-Ad-Load-Variation
X-UA-Device-Type
X-Var-Ttl
X-Contensis-Viewer-Groups
Canary
X-V-Cache
X-Men
X-Micro-Cache
X-Aicache-OS
Country-Code
X-Fmm-Version
CDCHOST
X-Cache-Aspx
X-Branch-Name
X-Block-Status
X-Cdn-Srv
X-Region-Sid
X-Old-Content-Length
X-Org
X-Request-Host
X-DPWN-IS-SECURE
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Mvc-Supplant-Cachable
X-ApacheServer
Web-Mar-Region
X-Hnp-Log
X-Device-Os
X-Server-IP
X-Backend-Instance
Cache-Provider
X-Amz-Meta-Cb-Modifiedtime
X-VarnishDD-TTL
Adler-Geo
X-HS-Content-Campaign-Id
X-Cache-Date
Tube-Return
Tube-Got-Results
Platform
Tube-Got-Eval
PFcat
X-Moov-T
X-Moov-Xdn-Version
XM
Is-Eu
X-HN
Gh-Request-Id
X-SVT-ORM-VERSION
Mail-Subject
X-SVT-ORM-RULES
Machine
X-Policy
Producers
True-Client-Country-4JS
X-Geo-Header
Esi-Enabled
X-Gen-Mode
Uber-Trace-Id
X-From
X-Varnish-Authentication
X-Origin-Expires
X-GeoIP
X-GeoIP-City
On-Server
Tube-Get-Contents
X-GoCache-CacheStatus
X-PERF
RNT-Machine
Click-Count-Action-Start
Click-Count-Error
RNT-Time
We-Hiring
Fastly-Drupal-HTML
X-Via-Edge
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-Hash
AKAMAI
Cache-Key
X-Fastly-Backend
X-Edge-Server
X-Mvc-Supplant-OutputCached
X-Eu-Site
X-VCache
X-Slack-Shared-Secret-Outcome
X-Test
X-Up
X-Sn-Servicetimems
X-App-Name
X-Slack-Backend
W
X-Wikidot-Backend
L5d-Success-Class
Ha-Gx-Prefs
X-Cache-Backend
Proxy-Firewall
X-Wikidot-Static-Cache
Cf-Device-Type
S-Rt
X-Csrf-Jwt
Cdn-Host
Cdn-Request-Time
X-Proto
HA-Ipaddr
X-CGP
X-Mg-Request-UUID
X-API-Version
X-LB-ID
X-CacheTTL
NGX
X-Parent-Response-Time
X-Date
X-Accel-Expires-Debug
Fastly-Backend-Name
X-NGINX-Cache
Cache-Hits
X-Ah-Environment
X-Varnish-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-Tx-Id
Type
X-Ua
X-Zone
X-DynaTrace-JS-Agent
X-DC
X-PDP-UNCACHING-HASH
X-COUNTRY
X-CACHE-GROUP
X-Via-Fastly
NtCoent-Length
X-Servedbyhost
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-Refresh
Pics-Label
X-HA-Backend
Datacenter
X-Ratelimit-Reset
X-CDN-Cache-Status
X-NWS-UUID-VERIFY
X-Cloudmap
GeoIp-Country-Code
X-Irp-Debug
X-VHOST
Cdn
X-Owner
X-LB-NoCache
X-Location
X-Ig-Origin-Region
Cdn-Requestid
X-Akamai-Transformed
Fusion-Template-Id
Fusion-Source
X-Srv
X-Esi
Fusion-Content-Source
X-ZONE
X-SIPLIST1
Fusion-Deployment-Id
X-Core-Mission
Fusion-Component-Id
Fusion-Content-Id
IsBot
Resin-Trace
X-Nc
X-Wa
Powered-By
SID
Server-ID
Origin-EX
X-TX-ID
X-CUA
GeoIP-Latitude
Origin-CC
X-Nananana
X-Jungle-Id
Cross-Origin-Opener-Policy-Report-Only
X-Qloud-Router
N-Cache
Expect-Staple
X-Wormhole-Sdk
X-CF-Lambda-Version
DataCenter
X-CF-Lambda-Fn
X-Hit
X-Fpc
X-Tt-Logid
X-Nf-Request-Id
Xc-Version
X-Proxy-CacheRZ
X-CS
X-Shop-Environment
XkeyRZ
X-Forwarded-Path
X-B3-Parentspanid
X-Cache-Type
Mime-Version
X-NewRelic-App-Data
X-Segment-20210421
X-Tenant
X-User
X-Orig-Expires
X-DataCenter
X-Client-Ip
X-Cached-By
CloudFront-Viewer-Country
Uri
Cf-Ipcountry
Cmsid
X-Gamma-Serve
X-URL
Cmstype
X-Presslabs-Stats
Fastly-Drupal-Html
X-VTEX-Cache-Time
X-Render-Time
X-Powered-By-VTEX-Cache
True-Client-IP
X-VTEX-Cache-Server
Debug
X-TIME
X-IAuth-Set-Uid
X-Amz-Meta-Opti
CPC-Cache
CPC-Age
User-Agent
X-Vmg-Version
X-Info
True-Client-Ip
X-Auth-Group-Type
X-Cdn-Diag
CDN
X-LiteSpeed-Tag
X-Varnish-Beresp-TTL
Srv
Edge-Cache
X-Fastly-Country-Code
MIME-Version
X-Dispatch
X-Geo
X-CACHE-AGE
X-Dynatrace-Js-Agent
X-Ig-Push-State
Load-Balancing
X-Oracle-DMS-ECID
X-Datacenter
Tcn
X-B3-Spanid
X-Cdn-Forward
X-HOST
X-Variation
X-Vc
CacheControlHeader
Odigeo-Trace-Id
X-LiteSpeed-Cache-Control
X-Cs
X-LAGOON
X-Custom-Header
X-Vgn-Hpd-Reason
Ohc-File-Size
X-HostName
X-NodeID
X-PHP-Backend
X-FPC
X-APP-VERSION
X-Webkit-Csp-Report-Only
X-Pad
X-AIR-PT
Server-Id
Cl-Cache
X-CSRF-TOKEN
X-NC
X-Depends
X-WA
Hostname
X-DefHash
X-DefElseHash
X-MCACHE
X-Lb-Nocache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
VNS-Age
VNS-Cache
X-Varnish-Remaining-TTL
Ohc-Cache-HIT
X-M-Reqid
X-M-Log
GeoIP-Country-Code
X-VC-TTL
X-Api-Version
X-Cdn-Cache-Status
X-Dispatcher-Number
X-APP
Epwk-X-Cache
X-Cache-FS-Status
PICS-Label
X-Ha-Backend
X-ServedByHost
Geoip-Latitude
X-Cache-Ttl
X-MSEdge-Flight
X-MSEdge-Features
X-Via-PopH
Cloudfront-Viewer-Country
X-Fastly-Backend-Reqs
X-Litespeed-Tag
CountryCode
X-Via-PopN
X-Via-PopV
Lb
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Use-Magma
X-Litespeed-Cache-Control
X-VCL-Version
X-Proxy-Cache-La3
X-Akamai-Pragma-Client-IP
Xkey-La3
X-Lb-Id
Xkeylog
X-Cdn-Request-ID
Cache-Name
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-Acquia-Site
OriginIP
FSS-Cache
Server-Info
X-MiniProfiler-Ids
X-RAMCache
X-RequestId
Ngx
X-IN-APIGATEWAY
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Time
Memory
X-Web-Server
Memcached
X-Mid
X-Cache-Version
X-Shopid
X-Sorting-Hat-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Requestid
X-FL-QIT-DEBUG
Srvid
X-Service-Response-Time
X-Udemy-Cache-App-Namespace
CF-Cached-On
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-Sucuri-Id
Sm-Log-Id
X-Check-Cacheable
Akamai-Cache-Status
X-Mg-Cache
X-Dw-Trace-Id
X-Serial
Warning