Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
CF-Ray
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
Cf-Edge-Cache
X-Backend
Allow
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
EagleId
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Cf-Railgun
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Ali-Swift-Global-Savetime
X-Device
EagleEye-TraceId
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
Permissions-Policy
X-Backend-Server
X-Readtime
X-Server-Id
X-Response-Time
X-Host
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cross-Origin-Opener-Policy
Cache-Tag
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
Nginx-Cache
X-PC
X-Vname
X-TtlSet
X-ECACHE
X-ESI
X-Upstream
X-Powered-By-Plesk
Rating
Edge-Control
X-Server-Name
X-Browser-Type
X-D2id
X-Cnection
X-Element-Page-Cache
Verso
X-Times
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-Ac
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
X-NWS-LOG-UUID
X-SharePointHealthScore
SPRequestGuid
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-GitHub-Request-Id
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-B3-TraceId
X-RateLimit-Remaining
X-NF-Request-ID
AR-CACHE
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Mg-S
X-Server-ID
X-VARITI-CCR
X-Client-IP
S
Display
X-Sol
X-Middleton-Display
Pagespeed
Edge-Cache-Tag
X-Cache-Key
RTSS
X-Ttl
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Powered-CMS
Cache-Status
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Version
Access-Control-Request-Method
X-Recruiting
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-ARC
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Varnish-TTL
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
X-Daa-Tunnel
Origin-Trial
X-MSEdge-Ref
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-MD5
TP-Cache
MicrosoftSharePointTeamServices
X-Accel-Expires
Front-End-Https
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Content-Security-Policy-Report-Only
X-Cached
X-Hits
Public-Key-Pins
MS-Author-Via
X-Id
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-Ua-Browser
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Request-Processing-Time
X-DIS-Request-ID
X-FTR-Expires
X-Request-Received
X-Forwarded-Proto
Payment
X-Frontend
X-FastCGI-Cache
X-Webkit-Csp
X-LLID
Realpath
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Protected-By
X-Fastcgi-Cache
TP-L2-Cache
X-GUploader-UploadID
X-ORACLE-DMS-RID
X-Distributor
Cache-Tags
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Ratelimit-Limit
X-Origin-Server
X-Request-Handler-Origin-Region
X-Microsite
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Referer-Policy
X-Hostname
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Page-Id
X-AppVersion
Count-Hit
X-Az
X-Activity-Id
X-Debug-Info
X-Www-Served-By
X-NGENIX-Cache
X-Cluster-Name
Host
X-Varnish-Server
Fastcgi-Cache
X-Varnish-Backend
X-F-Cache
X-Envoy-Decorator-Operation
Accept-Charset
X-Correlation-Id
X-App-Server
X-Geo-Country
X-Ua-Device
X-PressLabs-Stats
X-ORACLE-DMS-ECID
X-TTL
X-XRDS-LOCATION
X-Varnish-Ttl
X-FB-Debug
X-Goog-Metageneration
Retry-After
X-Ezoic-Cdn
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Git-Hash
X-CSRF-Token
X-Load-Cache
X-Fastly-Request-Id
X-Seen-By
X-Content-Options
X-Webkit-CSP
X-RateLimit-Reset
X-Px
Server-Name
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Revision
TCN
X-Contextid
X-Request-Guid
X-Datadog-Trace-Id
Section-Io-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Grace
X-Trace-Id
X-Oracle-Dms-Ecid
X-Amz-Meta-S3cmd-Attrs
X-Type
X-Cache-Control
X-B
Charset
Cleartype
X-TT
Healthy
Paypal-Debug-Id
X-B3-Sampled
X-Whom
X-TEC-API-ORIGIN
DC
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Wix-Request-Id
X-Signature
X-B-Cache
X-Fb-Rlafr
X-Newrelic-App-Data
X-App-Environment
X-Node-Name
X-Mobile
Frame-Options
X-Origin-Cache
X-Proxy
X-Azure-Ref
Accept-Ch
X-Amz-Replication-Status
X-Magnolia-Registration
X-Rid
X-WebKit-CSP-Report-Only
X-Oracle-Dms-Rid
X-Ratelimit-Remaining
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Fastly-Request-ID
X-N
X-EdgeConnect-Cache-Status
Filterid
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Logged-In
X-Air-Pt
X-Language
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Kinja-CCPA
Content-Disposition
Akamai-GRN
Backend
NGB
X-Original-Request-Id
X-Template
X-Response-Served-From
X-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Rendered-As
X-Is-Bot
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Datadog-Sampled
X-RemovedCookies
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Age
X-Servername
X-RTag
X-Varnish-Grace
X-ProcessESI
Liferay-Portal
MS-CV
Viewport
SD-X-WS
Ms-Operation-Id
X-Unique-Id
X-Tumblr-User
X-Debug-IsConnected
X-Debug-IsPreview
Upgrade-Insecure-Requests
X-Tumblr-Pixel-1
X-Proxy-Cache-Info
X-Adobe-Content
X-Adobe-Loc
X-FW-Serve
Refresh
X-FW-Static
X-Debug
X-IPS-LoggedIn
X-UUID
X-NYM-Debug-Backend
X-Instance
X-FW-Dynamic
X-Amzn-Remapped-Content-Length
X-FW-Version
X-FW-Server
X-FW-Type
X-FW-Hash
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Fastly-SWR
X-Environment-Context
X-G
Fastly-SIE
X-L-Path
X-App-Version
X-Hl-Ver
X-Cacheable-TTL
X-Cache-Grace
X-Region
X-Backend-Name
X-User-Agent
X-Device-Type
X-B3-Traceid
X-Via-JSL
From-Origin
Country
X-Cache-Hit
X-Status
X-Rule
ServerID
Url
X-VC-Cache
X-Jobs
X-INCAP-ABP
X-B3-SpanId
Countrycode
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Alternate-Protocol
Version
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Status-Check
X-HTML-Minification-Powered-By
X-Source
X-NODE
X-Air-Source
X-Origin-CC
X-Air-Hostname
X-Origin-TTL
X-Air-Trace-Id
X-Nginx-Cache
X-Page-View
GEO-INFO
Surrogate-Key
X-Akamai-Request-ID2
X-Hosted-By
X-Content-Powered-By
CDN-RequestId
Amp-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Active
X-Storage
SRV
X-Rocket-Nginx-Serving-Static
Protected
X-Accel-Version
OT-Force-Account-Verify
X-Akamai-Edgescape
X-VC
Access-Control-Request-Headers
X-Real-IP
X-Edge-Location
X-CDN-Forward
CF-IPCountry
X-Framework
AMP-Access-Control-Allow-Source-Origin
X-ServerID
X-Use-Mantle
X-Mode
X-Cache-Rule
X-Cache-Time
Front
X-Rewrite-Enabled
X-Upstream-Ct
Accept-Language
Xet-Cookie
Filters
Meta-Geo
X-UPSTREAM-Address
X-Rn-Rsrv
X-Upstream-Ht
X-Http-Reason
X-Xfnlog-Site
Webserver
X-Cache-Operation
Section-Io-Id
X-Tumblr-Pixel-3
X-SaId
X-Soup
X-Varnish-Cache-Hits
Cross-Origin-Embedder-Policy
X-LJ-Flow-ID
X-Tumblr-Pixel-2
X-VWS-Id
X-Origin
Mn-Server-Ip
ServedBy
X-Detected-As
X-Timing-Wait
X-Served-From
X-AWS-Id
X-JoinUs
Selected-Fe
X-Cache-Debug
X-Director
X-Proxy-Build
X-Handled-By
X-Zipkin-Id
Apigw-Requestid
X-Endurance-Cache-Level
X-Format
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-Adobe-Source
X-BYPASS-REASON
X-Extlb
X-Cms-Context
X-Cluster
Web-Mar-Node
TWC-Privacy
TWC-Connection-Speed
Xserver
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Node
X-Worker
X-ProxyCache-Key
X-Proxied
X-ProxyCache-Status
X-Redis-Cache
X-Restarts
X-Lambda-Id
X-PHP-Host
X-No-Session
X-Logging-Id
X-Vcache
X-Origin-Hint
X-Routing-Service
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Web-Node
X-Httpd
X-Say-TTL
X-SayCDN-TTL
X-Tcp-Rtt
X-Tncms
X-Site-Version
X-Platform-Router
X-S
X-Platform-Cluster
X-Varnish-Age
X-AB
X-Browser-Name
X-Platform-Processor
X-RM-Cache-TTL
X-RCS-CacheZone
X-Skip-Cache
X-Forwarded-Host
Azure-InstanceId
X-IPLB-Request-ID
Azure-RegionName
Azure-SiteName
X-Is-Supported-Browser
X-VCT
X-Is-Tablet
X-GeoCountry
X-GeoCode
X-IPLB-Instance
Azure-Version
Azure-SlotName
X-Loop
DB-Nickname
X-Is-Mobile
X-Locale
X-Is-Desktop
X-Drupal-Cache-Tags
X-Geo-Region
X-Varnish-Beresp-Grace
X-Server-W
X-Cache-Server
X-Tb
X-Git-Commit
X-Cache-Host
X-Container-Uri
X-Vercel-Id
X-Drupal-Cache-Contexts
X-Generation-Time
X-Reqid
X-R9-Blue-Green-Version
X-Webstats-RespID
X-Vercel-Cache
X-Fetched-On
X-Ms-Request-Id
X-Ms-Version
X-Frame-Option
X-Provided-By
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
X-MP-GENERATED-AT
CDN-EdgeStorageId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
CDN-Cache
CDN-CachedAt
X-Uri
CDN-PullZone
X-TT-LOGID
X-Origin-Date
X-XRDS-Location
X-Sucuri-Cache
WP-Super-Cache
X-DynaTrace
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
Fastcgi-Useragent
Source
Cache-Tv-Group
X-Sucuri-ID
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Origin
X-FB-TRIP-ID
Content-Secure-Policy
X-Sql-Count
X-Generated-By
X-Xrds-Location
X-Sql-Duration-Ms
X-Vcl-Version
Priority
Sid
Atl-Traceid
Onion-Location
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Pass-Why
X-Buckets
X-Content-Age
X-DataDome
X-Thinkindot-L3
X-Newrelic-Synthetics
Thinkindot-Control
Thinkindot-CacheControl
TDXMobile
X-SRV
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Shield-Cache-Expires
X-Scope-Id
Cache
HostName
Cross-Origin-Window-Policy
X-LSADC-Cache
X-Cluster-Node
WZWS-RAY
X-Varnish-Beresp-Ttl
X-Proxy-Cache-Status
S-Rt
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Action
Edge-Copy-Time
X-Optimistic-Header
X-Via-CDN
X-Cache-Expired-At
X-TA-CDN-Provider
X-Via-SSL
X-Via-Edge
X-GEO
Expiry
X-Connection-Hash
User-Cache-Control
T-Server
Surrogated-Key
X-Platform
L
Gannett-Cam-Experience-Id
Lang
Sslversion
Server-Hostname
X-SRCache-Key
Magicmarker
Sever-Int
DCR-Processing-Time-Ms
DCR-Decision-By
X-A-Dcw
X-A-Dgt
X-Request-Start
X-A-Wwc
X-A-Dam
X-A-Ccd
Vix-Hermes-Req-Id
X-PAYTM-SRV-ID
X-TIM-N
X-A
Server-Host
Server-Ext
A
Meta-Geo-Continent
X-SB
X-Scheme
Ngx.Var.Host
Ngx-Var-Key
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Rojux
X-ScT
MD5-Digest
Candidate-Md5Url
Req-ID
CDCHOST
Rendered-Blocks
Redirect-Candidate
Fastly-Drupal-HTML
X-Section
Origin
Origin-Agent-Cluster
X-S-Cookie
X-Access
X-Viewer-Country
X-Developer
X-Bl-Debug
X-Bc-Bl
X-Dispatcher-Server
X-Ec-Fail
X-Ec-Custom-Error
X-Destination
X-Cache-Bucket
X-Ua
X-Conf
X-Op-Id-All
X-Cache-NE
X-D
X-Vtex-Remote-Cache
X-Instance-Name
X-Ec-GeoHdr
X-BCube-Filmed-By
X-Vdms-Path
X-Correlation-ID
X-Varnish-Hostname
X-External-Request-Id
X-Vdms-Version
X-Aed
X-Epic-Correlation-Id
X-B-Cookie
X-Application
X-TimeS
X-Dc
X-Fastly-Cache
X-Clientip
X-Core-Value
X-Nginx-Cache-Key
X-Esi-Check
X-Debug-Cache-Fetch
X-Pubstack
X-NCache
X-NMSegId
Fastly-SSL
Fastly-GeoIP-CountryCode
X-Req
X-Forwarded-Site
X-Debug-Cache-Store
DSUID
Host-ID
Pramga
Type
V-Age
X-Origin-Time
X-B3-Trace-ID
Ssr
X-BBC-Edge-Cache-Status
X-Auto-Login
Wxu-Next-Commit
X-AK-Request-ID
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
Wxu-Next-Region
Wxu-Next-Hostname
X-Bip
X-Pool
X-Moov-Xdn-Version
X-Cache-Info
X-Cache-TTL-Remaining
NM-Fastcgi-Cache
X-Nyt-Route
X-Acquia-Purge-Cdn-Unconfigured
X-Cache-Id
X-Branch-Name
X-Block-Status
X-Proxied-Request
Req-Svc-Chain
Release
X-Node-Id
Environment
X-Azure-Ref-OriginShield
X-Hnp-Log
X-Gzip
X-Moov-T
X-GeoIP-Region-Code
X-VServer
X-TH-Server
X-Zen-Fury
Cache-Provider
C-Via
X-We-Are-Hiring
X-WA-Info
X-Sigma
X-VG-WebCache
X-Varnish-Director
X-Generated-On
X-Varnish-Beresp-Status
X-UA-Device-Type
X-Thanos
X-Gen-Mode
X-GeoIP-Country-Code
X-Mly-Id
X-Sigma-Backend
X-VG-TLSProxy
X-Varnishpool
X-Gdpr
Yak-Timeinfo
X-SD-PageType
X-Loc
X-ND-Cache
X-Human
X-Rocket-Build-Number
Cluster
Content-Script-Type
X-Request-Time
X-Request-URI
Cdnsip
X-Level-Front-Cache
Cdncip
X-Origin-Response-Time
X-Service
X-Amz-Storage-Class
X-CGP
X-FC-Vary-Parameters
X-ECache
PFcat
X-Ad-Load-Variation
X-GeoIP
X-Var-Ttl
We-Hiring
Country-Code
X-HS-Content-Campaign-Id
Web-Mar-Region
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-V-Cache
X-Varnish-Authentication
X-Mg-Request-UUID
X-GoCache-CacheStatus
X-Fmm-Version
X-VarnishDD-TTL
X-Csrf-Jwt
X-HN
X-Cache-Date
X-Cache-Aspx
X-Device-Os
X-Micro-Cache
X-Old-Content-Length
X-ApacheServer
X-Org
X-Contensis-Viewer-Groups
X-Eu-Site
X-DPWN-IS-SECURE
X-Cdn-Srv
X-GeoIP-City
W
Machine
Mail-Subject
Locid
X-RateLimit-Limit-Second
L5d-Success-Class
Canary
On-Server
X-From
Producers
Platform
X-Server-IP
X-Men
Is-Eu
Click-Count-Error
Esi-Enabled
X-Mvc-Supplant-Cachable
X-Request-Host
Click-Count-Action-Start
X-Region-Sid
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
X-RateLimit-Remaining-Second
RNT-Machine
Adler-Geo
X-Policy
RNT-Time
X-SVT-ORM-RULES
Tube-Got-Eval
Tube-Return
True-Client-Country-4JS
X-SVT-ORM-VERSION
X-Geo-Header
Tube-Get-Contents
Tube-Got-Results
X-PERF
Uber-Trace-Id
X-VCache
X-Datadome
X-DC
Cdn-Host
X-Backend-Instance
Cache-Key
Cdn-Request-Time
Cf-Device-Type
X-Up
X-Wikidot-Static-Cache
X-Slack-Shared-Secret-Outcome
X-Fastly-Backend
X-Hash
X-Slack-Backend
X-App-Name
Proxy-Firewall
X-Edge-Server
X-Proto
X-Test
X-Ratelimit-Reset
X-Wikidot-Backend
X-Sn-Servicetimems
AKAMAI
X-Tx-Id
X-LB-ID
Fastly-Backend-Name
XM
X-Accel-Expires-Debug
X-Ah-Environment
Pics-Label
X-Irp-Debug
X-CacheTTL
X-Date
X-Parent-Response-Time
LB
X-COUNTRY
X-Owner
X-Servedbyhost
X-Cache-Backend
X-API-Version
NGX
X-Varnish-Hits
X-Origin-Expires
X-UA
X-HA-Backend
IsBot
X-Lagoon
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Poph
Cdn
X-Via-Popn
X-SIPLIST1
X-DynaTrace-JS-Agent
X-ZONE
X-CACHE-GROUP
X-Via-Popv
X-Core-Mission
X-RID
X-Srv
X-Nf-Request-Id
X-Refresh
X-LB-NoCache
X-VHOST
Datacenter
NtCoent-Length
X-Qloud-Router
RATING
Cdn-Requestid
X-NGINX-Cache
X-Use-Magma
X-Wa
Server-ID
X-Nc
X-CF-Lambda-Version
N-Cache
X-CF-Lambda-Fn
X-CDN-Cache-Status
Expect-Staple
GeoIp-Country-Code
X-Zone
X-Shop-Environment
Xc-Version
X-Cache-Type
X-Orig-Expires
SID
X-Via-Fastly
X-Tenant
X-Forwarded-Path
Cache-Hits
X-Nananana
CloudFront-Viewer-Country
Cross-Origin-Opener-Policy-Report-Only
Cmsid
Cmstype
X-Fpc
GeoIP-Latitude
X-Gamma-Serve
CPC-Cache
X-Akamai-Transformed
DataCenter
X-Hit
X-Location
X-B3-Parentspanid
X-Ig-Origin-Region
CPC-Age
X-TX-ID
Fusion-Source
X-Cloudmap
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
X-Tt-Logid
XkeyRZ
Fusion-Component-Id
X-Vmg-Version
X-Proxy-CacheRZ
Fusion-Content-Source
Uri
X-Cdn-Diag
User-Agent
Resin-Trace
X-Client-Ip
X-URL
Powered-By
X-CS
X-Presslabs-Stats
X-Amz-Meta-Opti
X-Info
X-TIME
True-Client-Ip
X-LAGOON
Origin-EX
X-CUA
X-Jungle-Id
Origin-CC
X-DataCenter
Tcn
X-IAuth-Set-Uid
X-User
X-Fastly-Country-Code
X-B3-Spanid
Mime-Version
X-Variation
X-Datacenter
MIME-Version
CacheControlHeader
X-NWS-UUID-VERIFY
X-HostName
X-NewRelic-App-Data
Fastly-Drupal-Html
X-Segment-20210421
X-CACHE-AGE
True-Client-IP
X-Geo
X-Cached-By
Srv
X-Dynatrace-Js-Agent
X-AIR-PT
Cf-Ipcountry
Load-Balancing
X-Render-Time
X-Cdn-Forward
CDN
Debug
X-Vc
VNS-Cache
X-HOST
VNS-Age
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-LiteSpeed-Tag
X-Wormhole-Sdk
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-TTL
X-Auth-Group-Type
Ohc-File-Size
Lb
X-Api-Version
Edge-Cache
X-Webkit-Csp-Report-Only
X-CSRF-TOKEN
X-Dispatch
Cl-Cache
Hostname
Ohc-Cache-HIT
GeoIP-Country-Code
X-MCACHE
X-Ig-Push-State
X-Dispatcher-Number
X-FPC
X-NC
X-WA
Server-Id
X-Esi
Cache-Name
X-Cdn-Cache-Status
X-NodeID
Odigeo-Trace-Id
X-Cs
X-APP-VERSION
X-Vgn-Hpd-Reason
X-Oracle-DMS-ECID
X-Custom-Header
X-Lb-Nocache
X-Litespeed-Tag
X-Mid
X-PHP-Backend
X-VCL-Version
X-Depends
X-Cache-Ttl
X-Pad
X-Varnish-CookieHashed-On
X-DefHash
X-Varnish-Remaining-TTL
X-Fastly-Backend-Reqs
X-Varnish-CookieINHashed-On
X-ServedByHost
X-Via-PopH
X-Ha-Backend
CountryCode
X-Via-PopN
X-Via-PopV
X-DefElseHash
X-Litespeed-Cache-Control
Ms-Author-Via
X-Web-Server
X-VC-TTL
X-Lb-Id
X-M-Reqid
PICS-Label
X-M-Log
X-Cdn-Request-ID
X-MiniProfiler-Ids
X-RequestId
X-MSEdge-Features
Xkey-La3
Xkeylog
X-MSEdge-Flight
X-Proxy-Cache-La3
Ngx
BehaviorPad-Version
X-Akamai-Pragma-Client-IP
X-Snapshot-Date
FSS-Cache
X-Cache-Enabled
OriginIP
X-IN-APIGATEWAY
X-Acquia-Application-Trace
Time
Memory
Memcached
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-IN-APIGATEWAYSSL
X-Acquia-Site
X-Sorting-Hat-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Shopid
X-PDP-UNCACHING-HASH
X-Cache-Version
X-Check-Cacheable
Warning
Sm-Log-Id
X-Lsadc-Cache
Server-Info
YJS-ID
X-Serial
X-Cache-FS-Status
X-App
Epwk-X-Cache
Location
Srvid
X-Dw-Trace-Id
Akamai-Cache-Status
X-Service-Response-Time
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
Geoip-Latitude
X-Udemy-Cache-App-Namespace
CF-Cached-On
X-FL-QIT-DEBUG
X-Mg-Cache
X-FL-EDGE
X-Th-Server