Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Ua-Compatible
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
EagleId
Xkey
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Device
X-LiteSpeed-Cache
X-WebKit-CSP
EagleEye-TraceId
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-OneAgent-JS-Injection
X-Backend-Server
X-Readtime
X-Host
X-Server-Id
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-Litespeed-Cache
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Rack-Cache
X-Edge
Cache-Tag
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
Rating
X-Vname
X-TtlSet
X-PC
X-MS-InvokeApp
Nginx-Cache
X-ECACHE
X-ESI
X-Upstream
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-D2id
Verso
X-Element-Page-Cache
X-Times
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Server
X-NWS-LOG-UUID
SPIisLatency
X-Ruxit-Js-Agent
SPRequestDuration
X-Ac
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-B3-TraceId
X-Ser
SPRequestGuid
X-SharePointHealthScore
X-Navigation-Version
X-Abt-Application-Version
X-GitHub-Request-Id
X-NF-Request-ID
X-Ttl
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-RateLimit-Remaining
AR-CACHE
X-Mg-S
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Server-ID
X-Client-IP
S
X-VARITI-CCR
Edge-Cache-Tag
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Cache-Key
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
Cache-Status
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ARC
Response
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Middleton-Response
X-Content-Digest
X-Daa-Tunnel
X-TraceId
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-Cache
Front-End-Https
Origin-Trial
X-Accel-Expires
Cross-Origin-Resource-Policy
X-Shield-Request-Id
X-Cached
X-Hits
X-Content-Security-Policy-Report-Only
MS-Author-Via
Public-Key-Pins
X-Id
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-Fastcgi-Cache
X-Ua-Browser
X-Forwarded-Proto
X-FTR-Expires
Server-Node
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
Payment
X-Frontend
X-Webkit-Csp
X-LLID
Realpath
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LB-Cache
Cache-Tags
X-Hostname
X-Ratelimit-Limit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
X-RateLimit-Limit
Referer-Policy
X-B3-TraceId-Primal
X-Debug-Info
Mrf-Cache-Status
X-Page-Id
MRF-Tech
X-AppVersion
X-Az
Host
X-Activity-Id
X-Www-Served-By
Count-Hit
X-Geo-Country
X-Cluster-Name
Fastcgi-Cache
X-NGENIX-Cache
X-Varnish-Server
X-Envoy-Decorator-Operation
X-Varnish-Backend
Accept-Charset
X-Correlation-Id
X-F-Cache
X-App-Server
X-Ua-Device
X-PressLabs-Stats
X-XRDS-LOCATION
X-FB-Debug
X-Goog-Metageneration
Retry-After
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Load-Cache
X-Upgrade-Enabled
X-TEC-API-ORIGIN
Access-Control-Allow-Method
X-CSRF-Token
X-Git-Hash
TCN
X-Seen-By
X-Px
X-Varnish-Ttl
X-Content-Options
X-RateLimit-Reset
Server-Name
X-Grace
Section-Io-Cache
X-Request-Guid
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Trace-Id
X-Tt-Trace-Host
X-Type
X-Cache-Control
X-Tt-Trace-Tag
X-Datadog-Trace-Id
Healthy
X-Oracle-Dms-Ecid
X-B
X-Datadog-Sampling-Priority
Charset
Cleartype
X-Datadog-Parent-Id
X-Fastly-Request-Id
Paypal-Debug-Id
X-Whom
X-B3-Sampled
X-TT
X-Fastly-Request-ID
DC
X-Fb-Rlafr
X-B-Cache
X-Signature
X-Wix-Request-Id
X-App-Environment
X-Node-Name
X-Origin-Cache
X-Air-Pt
X-Proxy
X-Azure-Ref
X-Mobile
Frame-Options
X-Magnolia-Registration
Accept-Ch
X-TTL
X-Oracle-Dms-Rid
X-Amz-Replication-Status
X-Newrelic-App-Data
X-Ratelimit-Remaining
X-Goog-Stored-Content-Encoding
X-N
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-WP-CF-Super-Cache-Cache-Control
Filterid
X-WP-CF-Super-Cache
X-Rid
X-EdgeConnect-Cache-Status
X-WebKit-CSP-Report-Only
X-Logged-In
X-NODE
Content-Disposition
X-Language
X-Route-Name
Backend
X-Is-Crawler
Akamai-GRN
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
NGB
X-Time
X-CCDN-Origin-Time
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel
X-Varnish-Grace
X-Debug-IsPreview
X-Yottaa-Metrics
X-Cache-Age
X-Unique-Id
X-Debug-IsConnected
X-Servername
X-Tumblr-User
MS-CV
X-RemovedCookies
X-Yottaa-Optimizations
Viewport
X-ProcessESI
X-Datadog-Sampled
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-RTag
Liferay-Portal
SD-X-WS
Ms-Operation-Id
X-NYM-Debug-Backend
X-FW-Serve
X-Adobe-Content
X-Adobe-Loc
Upgrade-Insecure-Requests
X-Amzn-Remapped-Content-Length
X-UUID
X-Via-JSL
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Hl-Ver
X-FW-Static
X-Backend-Name
X-Instance
X-Debug
X-IPS-LoggedIn
X-FW-Version
X-Template
X-FW-Type
Refresh
X-Cacheable-TTL
Fastly-SIE
X-Environment-Context
Fastly-SWR
X-Cache-Grace
X-G
X-Region
X-Proxy-Cache-Info
X-L-Path
ServerID
X-Kinja-CCPA
From-Origin
X-User-Agent
X-Device-Type
X-Cache-Hit
X-Status
Country
X-Rule
X-B3-SpanId
X-App-Version
Url
X-VC-Cache
X-INCAP-ABP
X-Webkit-CSP
Countrycode
Version
X-Jobs
X-Source
Alternate-Protocol
WPO-Cache-Status
X-Cache-Status-Check
WPO-Cache-Message
X-HTML-Minification-Powered-By
X-Air-Hostname
GEO-INFO
X-Air-Source
X-Air-Trace-Id
CDN-RequestId
X-Nginx-Cache
X-Akamai-Request-ID2
X-Storage
X-WP-CF-Super-Cache-Active
X-Origin-TTL
X-Origin-CC
X-Content-Powered-By
Amp-Access-Control-Allow-Source-Origin
X-B3-Traceid
Surrogate-Key
X-Hosted-By
SRV
X-Tec-Api-Origin
X-Tec-Api-Version
Protected
X-Page-View
X-Rocket-Nginx-Serving-Static
OT-Force-Account-Verify
X-Tec-Api-Root
X-Accel-Version
X-Real-IP
Access-Control-Request-Headers
X-VC
X-Akamai-Edgescape
X-CDN-Forward
X-Edge-Location
X-ServerID
CF-IPCountry
AMP-Access-Control-Allow-Source-Origin
X-Framework
X-Cache-Time
X-Use-Mantle
X-Mode
X-Rn-Rsrv
Filters
X-Upstream-Ct
X-Xfnlog-Site
Meta-Geo
X-Upstream-Ht
X-Handled-By
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Cache-Operation
Xet-Cookie
Webserver
X-Cache-Rule
X-Endurance-Cache-Level
Front
X-Varnish-Cache-Hits
Accept-Language
Mn-Server-Ip
ServedBy
X-VWS-Id
X-AWS-Id
X-Director
Selected-Fe
Section-Io-Id
X-Origin
X-Soup
X-Served-From
X-SaId
X-Detected-As
X-Timing-Wait
X-Tumblr-Pixel-2
X-LJ-Flow-ID
X-Proxy-Build
X-Tumblr-Pixel-3
X-JoinUs
X-Cache-Debug
Cross-Origin-Embedder-Policy
Web-Mar-Node
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-App-Version
X-BYPASS-REASON
X-Adobe-Source
Webcakes-Region
TWC-GeoIP-Country
TWC-Device-Class
X-Zipkin-Id
Xserver
Apigw-Requestid
X-Worker
X-Web-Node
TWC-Connection-Speed
Property-Id
Node
X-Cluster
X-Cms-Context
X-Proxied
X-PHP-Host
X-Origin-Hint
X-Routing-Service
X-ProxyCache-Key
X-Restarts
X-Redis-Cache
X-ProxyCache-Status
X-No-Session
X-Logging-Id
X-Format
X-Extlb
X-Drupal-Cache-Tags
X-SayCDN-TTL
X-Labrador-Cache-Channel
X-Say-Cacheable
X-Say-TTL
X-Lambda-Id
X-Platform-Cluster
TWC-Privacy
X-Vcache
X-Platform-Router
X-Platform-Processor
X-IPLB-Request-ID
X-RM-Cache-TTL
X-IPLB-Instance
X-Is-Desktop
X-Is-Supported-Browser
X-Varnish-Age
X-Locale
X-Skip-Cache
X-Is-Mobile
X-GeoCode
X-Tncms
X-Tcp-Rtt
X-Drupal-Cache-Contexts
X-Site-Version
X-Forwarded-Host
X-Browser-Name
X-Varnish-Beresp-Grace
X-Geo-Region
X-AB
X-GeoCountry
X-Is-Tablet
X-Loop
X-Httpd
X-RCS-CacheZone
Azure-SlotName
Azure-SiteName
X-Webstats-RespID
Azure-InstanceId
Azure-RegionName
DB-Nickname
Azure-Version
X-S
X-TT-LOGID
X-VCT
X-Http-Reason
X-Git-Commit
X-Cache-Host
X-Tb
X-Fetched-On
X-Cache-Server
X-R9-Blue-Green-Version
X-Container-Uri
X-Reqid
X-Vercel-Cache
X-Generation-Time
X-Vercel-Id
CDN-Uid
X-Ms-Version
X-Provided-By
X-Server-W
X-Frame-Option
X-Ms-Request-Id
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
CDN-Cache
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
CDN-RequestCountryCode
CDN-RequestPullCode
X-MP-GENERATED-AT
X-Origin-Date
X-Sucuri-Cache
Fastcgi-Useragent
X-Uri
X-XRDS-Location
WP-Super-Cache
X-Sucuri-ID
X-Cdn-Origin
X-ShopId
X-Vcl-Version
Cache-Tv-Group
Source
X-Sorting-Hat-PodId
X-DynaTrace
X-ShardId
X-Sorting-Hat-ShopId
Cross-Origin-Embedder-Policy-Report-Only
Atl-Traceid
X-FB-TRIP-ID
X-Generated-By
X-Xrds-Location
Content-Secure-Policy
Priority
X-Sql-Count
X-SRV
X-Sql-Duration-Ms
Onion-Location
X-Pass-Why
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Buckets
X-Content-Age
Sid
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl
X-CMSURLCustom
X-Scope-Id
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Cross-Origin-Window-Policy
X-DataDome
Cache
HostName
X-LSADC-Cache
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-WP-CF-Super-Cache-Cookies-Bypass
X-Newrelic-Synthetics
WZWS-RAY
X-Proxy-Cache-Status
X-Optimistic-Header
X-Cache-Action
X-GEO
X-Azure-Ref-OriginShield
X-Cache-Expired-At
S-Rt
X-Via-Edge
X-Via-CDN
User-Cache-Control
X-Via-SSL
X-Connection-Hash
X-Ua
Expiry
Edge-Copy-Time
Surrogated-Key
Sslversion
Server-Hostname
Server-Host
X-TIM-N
Sever-Int
Vix-Hermes-Req-Id
X-D
X-Instance-Name
Fastly-Drupal-HTML
X-A-Dam
X-Developer
X-A
X-Varnish-Hostname
X-Scheme
X-ScT
Server-Ext
X-SB
X-S-Cookie
T-Server
Redirect-Candidate
MD5-Digest
Magicmarker
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Lang
L
DCR-Processing-Time-Ms
DCR-Decision-By
Gannett-Cam-Experience-Id
CDCHOST
Candidate-Md5Url
Apple-News-Services-Handled
Meta-Geo-Continent
X-Dc
Origin-Agent-Cluster
X-External-Request-Id
X-A-Dcw
Rendered-Blocks
X-Vtex-Remote-Cache
Origin
A
X-Section
X-SRCache-Key
Ngx-Var-Key
Ngx.Var.Host
Req-ID
X-A-Ccd
X-B-Cookie
X-Ec-GeoHdr
X-Conf
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Application
X-Bl-Debug
X-Ec-Custom-Error
X-Ec-Fail
X-PAYTM-SRV-ID
X-Vdms-Path
X-Platform
X-Bc-Bl
X-BCube-Filmed-By
X-ND-Cache
X-Cache-Bucket
X-Destination
X-Access
X-Vdms-Version
X-A-Wwc
X-A-Dgt
X-Op-Id-All
X-Aed
X-Cache-NE
X-Correlation-ID
X-Request-Start
X-Rojux
X-Viewer-Country
X-TimeS
X-TA-CDN-Provider
X-Cache-Info
X-Cache-TTL-Remaining
Host-ID
DSUID
Environment
X-Forwarded-Site
X-Sigma
Content-Style-Type
Fastly-GeoIP-CountryCode
Fastly-SSL
X-Fastly-Cache
X-Clientip
X-WA-Info
X-Req
X-Core-Value
X-Request-Time
PFcat
X-Amz-Meta-Cb-Modifiedtime
V-Age
X-Amz-Storage-Class
X-Auto-Login
Ssr
X-AK-Request-ID
X-Debug-Cache-Store
X-Acquia-Purge-Cdn-Unconfigured
X-Esi-Check
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Rocket-Build-Number
X-SD-PageType
Content-Script-Type
Pramga
X-Block-Status
NM-Fastcgi-Cache
X-Request-URI
Release
X-Bip
X-Debug-Cache-Fetch
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
Req-Svc-Chain
X-Cache-Id
Cluster
X-HN
X-Sigma-Backend
X-UA-Device-Type
X-Varnish-Beresp-Status
X-Varnish-Director
X-Human
X-Hnp-Log
Yak-Timeinfo
X-Thanos
X-Generated-On
X-Gen-Mode
X-Pool
X-GeoIP-Country-Code
X-TH-Server
X-GeoIP-Region-Code
X-VarnishDD-TTL
X-Level-Front-Cache
X-Nginx-Cache-Key
X-NCache
X-Proxied-Request
X-NMSegId
X-Node-Id
X-Origin-Time
X-Nyt-Route
X-Varnishpool
X-Moov-Xdn-Version
X-Pubstack
X-Loc
X-Mly-Id
X-VG-WebCache
X-VG-TLSProxy
X-Moov-T
X-Gdpr
X-Gzip
Cdncip
X-VServer
Cache-Provider
X-We-Are-Hiring
Cdnsip
C-Via
X-Zen-Fury
X-Origin-Response-Time
X-Service
X-RateLimit-Limit-Second
Gh-Request-Id
X-Micro-Cache
X-Ad-Load-Variation
X-Cdn-Srv
X-Men
X-Aicache-OS
X-RateLimit-Remaining-Second
HA-Ipaddr
X-HS-Content-Campaign-Id
Canary
Country-Code
X-Policy
X-PERF
Ha-Gx-Prefs
X-Org
X-Server-IP
X-Old-Content-Length
X-From
Click-Count-Error
Click-Count-Action-Start
Locid
X-Cache-Aspx
X-Cache-Date
X-Request-Host
X-Device-Os
Esi-Enabled
X-FC-Vary-Parameters
Is-Eu
X-Region-Sid
X-Fmm-Version
X-Mvc-Supplant-Cachable
X-Backend-Instance
X-Mvc-Supplant-OutputCached
X-ApacheServer
We-Hiring
RNT-Time
RNT-Machine
X-Eu-Site
X-Contensis-Viewer-Groups
Mail-Subject
Web-Mar-Region
Machine
X-GoCache-CacheStatus
X-Csrf-Jwt
Adler-Geo
Producers
X-GeoIP
X-DPWN-IS-SECURE
X-GeoIP-City
X-Geo-Header
X-ECache
On-Server
X-SVT-ORM-VERSION
L5d-Success-Class
Uber-Trace-Id
Type
X-Var-Ttl
X-Varnish-Authentication
X-SVT-ORM-RULES
W
Tube-Return
Tube-Got-Results
True-Client-Country-4JS
X-CGP
Platform
X-V-Cache
Tube-Get-Contents
Tube-Got-Eval
X-Datadome
X-Mg-Request-UUID
X-Wikidot-Backend
X-Ratelimit-Reset
X-RID
X-Edge-Server
X-Wikidot-Static-Cache
X-Hash
AKAMAI
X-Fastly-Backend
X-Sn-Servicetimems
Proxy-Firewall
X-Slack-Shared-Secret-Outcome
Cache-Key
Cf-Device-Type
Cdn-Request-Time
Cdn-Host
X-Slack-Backend
X-Proto
X-Test
X-VCache
X-DC
X-Branch-Name
XM
X-Lagoon
X-Up
X-App-Name
LB
X-Tx-Id
X-LB-ID
NGX
X-Parent-Response-Time
Fastly-Backend-Name
X-API-Version
X-Origin-Expires
X-Accel-Expires-Debug
X-Date
X-Ah-Environment
X-Cache-Backend
X-CacheTTL
X-Varnish-Hits
X-Irp-Debug
Pics-Label
X-Servedbyhost
X-COUNTRY
X-UA
X-Via-Popn
Cdn
X-Via-Popv
X-Tb-Optimization-Total-Bytes-Saved
X-HA-Backend
X-CACHE-GROUP
X-Owner
X-Via-Poph
X-Refresh
IsBot
X-DynaTrace-JS-Agent
X-LB-NoCache
X-SIPLIST1
X-Core-Mission
X-ZONE
X-VHOST
Datacenter
SID
X-Zone
NtCoent-Length
Cdn-Requestid
Cache-Hits
X-NGINX-Cache
X-Wa
X-Nc
X-Srv
Server-ID
X-Qloud-Router
X-CDN-Cache-Status
X-Via-Fastly
GeoIp-Country-Code
X-Nananana
X-CF-Lambda-Fn
Expect-Staple
X-CF-Lambda-Version
N-Cache
X-Orig-Expires
X-Akamai-Transformed
X-Shop-Environment
CloudFront-Viewer-Country
X-Forwarded-Path
X-Ig-Origin-Region
X-Cache-Type
Xc-Version
X-Tenant
X-Fpc
X-Location
GeoIP-Latitude
Cross-Origin-Opener-Policy-Report-Only
X-Cloudmap
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Resin-Trace
X-B3-Parentspanid
X-Hit
DataCenter
Cmsid
X-Gamma-Serve
Cmstype
X-TX-ID
CPC-Cache
X-DataCenter
X-Proxy-CacheRZ
CPC-Age
XkeyRZ
Uri
X-NewRelic-App-Data
Powered-By
X-Nf-Request-Id
X-Client-Ip
Origin-CC
X-CS
X-Presslabs-Stats
X-URL
Origin-EX
X-Cdn-Diag
X-Vmg-Version
X-Jungle-Id
User-Agent
X-CUA
X-Use-Magma
X-Info
X-TIME
X-Amz-Meta-Opti
X-User
X-Tt-Logid
True-Client-Ip
X-NWS-UUID-VERIFY
RATING
MIME-Version
X-Segment-20210421
X-IAuth-Set-Uid
X-Fastly-Country-Code
Mime-Version
X-Dynatrace-Js-Agent
True-Client-IP
Fastly-Drupal-Html
X-Render-Time
X-Geo
CacheControlHeader
X-Variation
X-CACHE-AGE
Srv
X-Cached-By
X-LAGOON
X-Oracle-DMS-ECID
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Datacenter
Cf-Ipcountry
Load-Balancing
CDN
X-B3-Spanid
Tcn
X-Webkit-Csp-Report-Only
X-Cdn-Forward
X-Auth-Group-Type
Debug
Edge-Cache
X-Vc
X-HOST
X-Wormhole-Sdk
X-Varnish-Beresp-TTL
X-LiteSpeed-Tag
X-HostName
X-LiteSpeed-Cache-Control
VNS-Cache
X-Dispatch
X-PDP-UNCACHING-HASH
Ohc-File-Size
VNS-Age
Cl-Cache
Hostname
X-Ig-Push-State
X-CSRF-TOKEN
X-AIR-PT
Lb
X-MCACHE
Odigeo-Trace-Id
X-NodeID
X-FPC
GeoIP-Country-Code
X-Cs
Ohc-Cache-HIT
X-APP-VERSION
X-Api-Version
X-WA
X-Dispatcher-Number
X-Litespeed-Tag
X-Custom-Header
X-NC
X-Esi
X-Cdn-Cache-Status
Server-Id
X-Vgn-Hpd-Reason
X-Depends
X-PHP-Backend
X-Lb-Nocache
Cache-Name
X-Pad
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-DefElseHash
X-DefHash
X-Varnish-CookieHashed-On
X-Cache-Ttl
X-M-Reqid
X-Mid
X-Ha-Backend
X-M-Log
X-Via-PopV
X-ServedByHost
X-Via-PopH
X-Via-PopN
X-VC-TTL
X-Fastly-Backend-Reqs
CountryCode
PICS-Label
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Litespeed-Cache-Control
Ms-Author-Via
X-VCL-Version
X-Sorting-Hat-Shopid
X-Cdn-Request-ID
X-Sorting-Hat-Podid
X-Akamai-Pragma-Client-IP
Xkeylog
X-Lb-Id
X-MSEdge-Features
X-Shardid
X-MSEdge-Flight
Xkey-La3
X-Shopid
X-Proxy-Cache-La3
X-MiniProfiler-Ids
Memcached
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Snapshot-Date
OriginIP
X-APP
Ngx
Geoip-Latitude
X-RequestId
Epwk-X-Cache
BehaviorPad-Version
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Web-Server
Time
Memory
X-Cache-FS-Status
X-Acquia-Site
X-Cache-Version
X-Requestid
Warning
Cloudfront-Viewer-Country
X-Check-Cacheable
X-Udemy-Cache-App-Namespace
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
CF-Cached-On
X-Sucuri-Id
X-Serial
X-Service-Response-Time
X-Cache-Enabled
Akamai-Cache-Status
X-Mg-Cache
X-Dw-Trace-Id
FSS-Cache
X-Lsadc-Cache