Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
P3p
Accept-CH
X-DNS-Prefetch-Control
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
X-Ua-Compatible
X-Generator
X-Check
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
Ali-Swift-Global-Savetime
X-Pingback
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Railgun
Permissions-Policy
EagleEye-TraceId
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-CST
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Cache-Lookup
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Ruxit-JS-Agent
X-Trace
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
X-Origin-Cache-Key
Cache-Tag
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-Edge
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Midtier
X-Vname
X-TtlSet
X-PC
Nginx-Cache
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-Upstream
X-Powered-By-Plesk
X-ECACHE
X-Server-Name
X-NWS-LOG-UUID
Edge-Control
X-ESI
X-Browser-Type
X-Cnection
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Ac
X-Ser
AR-Request-ID
AR-SID
AR-ATIME
SPRequestDuration
AR-PoweredBy
SPIisLatency
X-B3-TraceId
SPRequestGuid
X-Ruxit-Js-Agent
X-SharePointHealthScore
X-GitHub-Request-Id
X-NF-Request-ID
X-Abt-Application-Version
X-Navigation-Version
X-RateLimit-Remaining
X-Ttl
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
Pinterest-Generated-By
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
Pagespeed
Display
X-Middleton-Display
X-Sol
S
Edge-Cache-Tag
X-VARITI-CCR
Fastly-Restarts
X-Cache-TTL
X-Cache-Key
X-Amzn-Trace-Id
RTSS
X-Webkit-Csp
X-Amz-Rid
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
Cache-Status
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
Access-Control-Request-Method
X-Version
X-Daa-Tunnel
X-Goog-Hash
X-Server-ID
X-Recruiting
X-Middleton-Response
Response
X-Varnish-TTL
X-Content-Digest
X-ARC
X-Forwarded-For
X-TraceId
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Cross-Origin-Resource-Policy
Content-MD5
MS-Author-Via
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Front-End-Https
TP-Cache
X-Shield-Request-Id
X-Accel-Expires
X-FastCGI-Cache
X-Hits
X-Cached
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
Public-Key-Pins
X-HS-Combine-CSS
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ua-Browser
X-Id
X-Request-Received
X-ORACLE-DMS-RID
X-Request-Processing-Time
X-FTR-Expires
X-Forwarded-Proto
Payment
X-Content-Security-Policy-Report-Only
X-Frontend
Realpath
X-Protected-By
X-DIS-Request-ID
X-LLID
X-RateLimit-Limit
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
X-Fastcgi-Cache
Origin-Trial
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LB-Cache
X-Hostname
Cache-Tags
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Debug-Info
X-Origin-Server
Host
Referer-Policy
Fastcgi-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Az
X-Page-Id
X-Envoy-Decorator-Operation
X-AppVersion
MRF-Tech
X-Activity-Id
Count-Hit
X-Www-Served-By
X-Cluster-Name
X-ORACLE-DMS-ECID
X-Varnish-Backend
X-Correlation-Id
X-Varnish-Server
X-Geo-Country
Accept-Charset
X-NGENIX-Cache
X-App-Server
X-PressLabs-Stats
X-F-Cache
X-Ratelimit-Limit
X-Ezoic-Cdn
X-Ua-Device
Retry-After
X-Fastly-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-FB-Debug
X-Goog-Metageneration
X-RateLimit-Reset
X-Load-Cache
X-Upgrade-Enabled
X-CSRF-Token
X-Px
Access-Control-Allow-Method
TCN
X-Seen-By
X-Git-Hash
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Tt-Trace-Host
Cleartype
X-Tt-Trace-Tag
X-Request-Guid
X-Revision
X-Contextid
Section-Io-Cache
X-Grace
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Trace-Id
X-Cache-Control
X-Type
X-B
Charset
X-Content-Options
X-Varnish-Ttl
X-TT
X-B3-Sampled
X-Whom
Healthy
X-Azure-Ref
Paypal-Debug-Id
DC
X-Fb-Rlafr
X-Proxy
X-Wix-Request-Id
X-Newrelic-App-Data
X-B-Cache
X-Signature
X-App-Environment
X-Air-Pt
X-Mobile
X-Node-Name
X-Magnolia-Registration
X-N
Frame-Options
X-Fastly-Request-Id
X-EdgeConnect-Cache-Status
X-Amz-Replication-Status
Accept-Ch
X-Origin-Cache
Filterid
X-Oracle-Dms-Ecid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Ratelimit-Remaining
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-TTL
X-Logged-In
X-WebKit-CSP-Report-Only
X-Time
Content-Disposition
Backend
Viewport
VIX-Pulpo-Upstream-Status
X-Original-Request-Id
X-Oracle-Dms-Rid
Akamai-GRN
X-Response-Served-From
NGB
VIX-Pulpo-Node
X-Cache-Age
X-Rendered-As
X-RTag
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Is-Bot
X-Debug-IsConnected
X-ProcessESI
X-Hl-Ver
X-RemovedCookies
X-Servername
X-Unique-Id
Liferay-Portal
X-Debug-IsPreview
X-Tumblr-User
MS-CV
Ms-Operation-Id
X-Varnish-Grace
X-Datadog-Sampled
SD-X-WS
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Amzn-Remapped-Content-Length
X-Adobe-Content
X-Instance
X-Adobe-Loc
X-FW-Hash
X-FW-Serve
X-Debug
X-FW-Type
X-FW-Version
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-IPS-LoggedIn
X-Backend-Name
Upgrade-Insecure-Requests
X-UUID
X-G
X-Cache-Grace
ServerID
X-Via-JSL
X-Cacheable-TTL
Fastly-SWR
X-Environment-Context
X-L-Path
Fastly-SIE
X-NYM-Debug-Backend
X-Region
From-Origin
X-User-Agent
X-Language
X-Proxy-Cache-Info
X-Device-Type
Country
X-Cache-Hit
X-Rule
X-Template
X-VC-Cache
X-Status
Refresh
Version
X-Flags
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Is-Crawler
Countrycode
X-B3-SpanId
X-Source
X-INCAP-ABP
Url
X-Rid
GEO-INFO
X-Webkit-CSP
X-HTML-Minification-Powered-By
CDN-RequestId
X-Cache-Status-Check
X-Storage
X-Air-Trace-Id
X-Air-Source
Alternate-Protocol
X-Air-Hostname
WPO-Cache-Status
X-Jobs
WPO-Cache-Message
X-App-Version
X-NODE
SRV
OT-Force-Account-Verify
AMP-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Active
X-Akamai-Request-ID2
X-Origin-CC
X-Real-IP
X-Origin-TTL
X-Content-Powered-By
X-B3-Traceid
Surrogate-Key
X-ServerID
X-Rocket-Nginx-Serving-Static
X-VC
Protected
X-CDN-Forward
X-Tec-Api-Root
X-Tec-Api-Version
X-Hosted-By
X-Tec-Api-Origin
X-Accel-Version
X-Cache-Time
Access-Control-Request-Headers
X-Nginx-Cache
X-Handled-By
X-Mode
X-Akamai-Edgescape
X-Cache-Operation
X-Cache-Rule
Amp-Access-Control-Allow-Source-Origin
X-TT-LOGID
X-Rn-Rsrv
X-Edge-Location
X-UPSTREAM-Address
X-Upstream-Ct
X-Upstream-Ht
X-Platform-Processor
X-Xfnlog-Site
X-Platform-Router
X-Platform-Cluster
X-Rewrite-Enabled
X-Endurance-Cache-Level
Filters
Meta-Geo
Xet-Cookie
X-Framework
Webserver
X-Proxy-Build
X-Tumblr-Pixel-3
X-Origin
X-Sucuri-Cache
X-Timing-Wait
X-Varnish-Cache-Hits
X-Cache-Debug
ServedBy
X-AWS-Id
Selected-Fe
Section-Io-Id
X-Tumblr-Pixel-2
X-SaId
X-Served-From
X-Soup
X-LJ-Flow-ID
X-JoinUs
X-Director
X-VWS-Id
Cross-Origin-Embedder-Policy
X-No-Session
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Cluster
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Kinja-CCPA
Property-Id
Mn-Server-Ip
X-Redis-Cache
Front
Node
X-Restarts
X-Routing-Service
X-Proxied
X-Use-Mantle
X-Webstats-RespID
TWC-Locale-Group
X-Logging-Id
X-Extlb
X-Lambda-Id
X-Drupal-Cache-Tags
X-PHP-Host
X-Web-Node
X-Origin-Hint
X-Detected-As
X-Labrador-Cache-Channel
X-Adobe-Source
X-Zipkin-Id
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
Webcakes-Region
X-Worker
Web-Mar-Node
X-Is-Supported-Browser
X-Loop
X-Is-Tablet
X-Locale
X-Is-Mobile
X-GeoCode
X-Browser-Name
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-Cms-Context
X-Format
X-AB
X-IPLB-Request-ID
X-IPLB-Instance
X-GeoCountry
X-Geo-Region
X-Is-Desktop
Azure-InstanceId
X-VCT
X-Site-Version
X-RM-Cache-TTL
X-Sucuri-ID
X-Skip-Cache
X-Tcp-Rtt
X-Varnish-Beresp-Grace
X-Varnish-Age
X-Tncms
X-RCS-CacheZone
X-S
Azure-RegionName
Accept-Language
Azure-SiteName
Azure-SlotName
Azure-Version
X-Page-View
Apigw-Requestid
X-ProxyCache-Key
X-ProxyCache-Status
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-Uid
X-Container-Uri
X-Vercel-Id
X-Forwarded-Host
X-Vercel-Cache
X-Fetched-On
X-Tb
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Git-Commit
X-Reqid
X-R9-Blue-Green-Version
X-Generation-Time
X-Origin-Date
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
Xserver
CDN-PullZone
X-Httpd
CF-IPCountry
X-Alternate-Cache-Key
X-Cache-Host
X-Cache-Server
X-Provided-By
X-Vcache
X-Ms-Version
X-Frame-Option
X-Ms-Request-Id
DB-Nickname
Atl-Traceid
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
WP-Super-Cache
X-Server-W
X-Cdn-Origin
X-MP-GENERATED-AT
Fastcgi-Useragent
X-Uri
X-XRDS-Location
X-RID
X-Vcl-Version
Cross-Origin-Embedder-Policy-Report-Only
Sid
X-Generated-By
Cache-Tv-Group
Source
X-Http-Reason
Cross-Origin-Window-Policy
X-SRV
X-Pass-Why
Content-Secure-Policy
X-FB-TRIP-ID
X-Scope-Id
X-Shield-Cache-Expires
X-CMSURLCustom
X-Thinkindot-L3
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Priority
Cache
X-Azure-Ref-OriginShield
X-Buckets
Onion-Location
X-DynaTrace
X-Aspnetmvc-Version
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-DataDome
X-LSADC-Cache
X-Content-Age
X-ECache
X-Optimistic-Header
X-Dc
HostName
X-Sql-Duration-Ms
X-Sql-Count
X-WP-CF-Super-Cache-Cookies-Bypass
X-GEO
X-Proxy-Cache-Status
X-Cluster-Node
X-UA
X-Xrds-Location
X-Request-URI
X-Newrelic-Synthetics
X-Cache-Action
X-Varnish-Beresp-Ttl
User-Cache-Control
X-Lagoon
Expiry
X-Connection-Hash
X-TA-CDN-Provider
X-Viewer-Country
X-Scheme
X-SRCache-Key
X-ScT
X-Varnish-Hostname
X-Vdms-Path
X-Vdms-Version
X-A-Dgt
DCR-Decision-By
X-TIM-N
A
X-Cache-NE
Vix-Hermes-Req-Id
Sslversion
X-Cache-Bucket
X-Bl-Debug
T-Server
X-Conf
Sever-Int
X-BCube-Filmed-By
X-A-Dcw
X-A-Ccd
X-A-Dam
DCR-Processing-Time-Ms
Candidate-Md5Url
X-Vtex-Remote-Cache
Lang
X-PAYTM-SRV-ID
X-B-Cookie
X-Destination
X-Application
Server-Ext
X-A-Wwc
X-Aed
X-Platform
X-Op-Id-All
X-ND-Cache
X-Ec-Fail
X-Ec-Custom-Error
X-Dispatcher-Server
X-Ec-GeoHdr
Server-Host
X-Instance-Name
X-External-Request-Id
X-Epic-Correlation-Id
Req-ID
X-Request-Start
MD5-Digest
X-D
Meta-Geo-Continent
Magicmarker
X-Developer
X-Bc-Bl
X-S-Cookie
Gannett-Cam-Experience-Id
X-Rojux
X-A
Origin-Agent-Cluster
Redirect-Candidate
Rendered-Blocks
Origin
Ngx.Var.Host
Surrogated-Key
Ngx-Var-Key
X-SB
Server-Hostname
WZWS-RAY
Locid
X-Gzip
X-Hnp-Log
X-Human
L
X-Level-Front-Cache
X-GeoIP-Country-Code
X-Gen-Mode
X-Gdpr
X-Generated-On
NM-Fastcgi-Cache
X-Loc
X-GeoIP-Region-Code
Host-ID
Environment
X-Nyt-Route
X-Origin-Time
X-Datadome
Content-Style-Type
Fastly-GeoIP-CountryCode
Fastly-SSL
X-Mly-Id
X-NCache
X-Nginx-Cache-Key
X-NMSegId
Pramga
X-Forwarded-Site
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
X-BBC-Edge-Cache-Status
X-Bip
X-Auto-Login
X-Correlation-ID
X-AK-Request-ID
X-Access
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Cache-Expired-At
X-Block-Status
V-Age
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Esi-Check
X-Fastly-Cache
Req-Svc-Chain
X-Core-Value
Ssr
X-Cache-Id
X-Cache-Info
X-Cache-TTL-Remaining
X-Clientip
Content-Script-Type
X-Node-Id
X-TH-Server
X-Thanos
X-Varnish-Beresp-Status
X-Varnish-Director
X-Sigma-Backend
X-Sigma
Apple-News-Services-Handled
X-Rocket-Build-Number
X-SD-PageType
X-Section
X-Varnishpool
X-VG-TLSProxy
C-Via
DSUID
Release
Yak-Timeinfo
X-Zen-Fury
X-We-Are-Hiring
X-VG-WebCache
X-VServer
X-WA-Info
Apple-News-Services-Host
X-UA-Device-Type
Cdncip
X-Pubstack
Cdnsip
X-Proxied-Request
Cluster
X-Pool
Apple-News-Services-Parsed-Url
CDCHOST
X-Request-Time
Apple-News-Services-Request-Url
LB
X-Service
X-Origin-Response-Time
X-TimeS
X-Backend-Instance
X-B3-Trace-ID
X-HS-Content-Campaign-Id
X-Branch-Name
X-Org
X-HN
X-Cache-Aspx
X-Origin-Expires
X-Men
X-SVT-ORM-VERSION
XM
X-PERF
X-Aicache-OS
X-SVT-ORM-RULES
X-ApacheServer
X-Mvc-Supplant-Cachable
X-Cache-Date
X-Moov-T
X-Moov-Xdn-Version
On-Server
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-From
X-V-Cache
X-Region-Sid
X-Req
X-Request-Host
X-GeoIP-City
X-GeoIP
X-Geo-Header
X-Fmm-Version
X-FC-Vary-Parameters
X-VarnishDD-TTL
X-Contensis-Viewer-Groups
X-Server-IP
X-Old-Content-Length
X-Ad-Load-Variation
X-GoCache-CacheStatus
X-Var-Ttl
X-Varnish-Authentication
X-DPWN-IS-SECURE
X-Device-Os
X-Cdn-Srv
X-Micro-Cache
Gh-Request-Id
We-Hiring
Web-Mar-Region
Adler-Geo
Is-Eu
Uber-Trace-Id
Country-Code
Producers
Platform
Mail-Subject
Canary
X-Acquia-Purge-Cdn-Unconfigured
Esi-Enabled
Machine
True-Client-Country-4JS
PFcat
Cache-Provider
X-Via-CDN
X-Via-SSL
X-Via-Edge
Fastly-Drupal-HTML
Edge-Copy-Time
Cdn-Request-Time
X-Proto
Cdn-Host
Cf-Device-Type
X-Fastly-Backend
HA-Ipaddr
Proxy-Firewall
L5d-Success-Class
X-Hash
RNT-Machine
Ha-Gx-Prefs
X-Edge-Server
X-VCache
RNT-Time
X-Eu-Site
X-Mvc-Supplant-OutputCached
AKAMAI
Cache-Key
Tube-Got-Results
X-Up
S-Rt
X-Wikidot-Backend
X-Wikidot-Static-Cache
W
Tube-Got-Eval
Click-Count-Error
Click-Count-Action-Start
X-App-Name
X-Test
X-Slack-Backend
X-CGP
X-Csrf-Jwt
Tube-Get-Contents
X-Slack-Shared-Secret-Outcome
Tube-Return
X-Sn-Servicetimems
X-Cache-Backend
X-Mg-Request-UUID
X-Accel-Expires-Debug
X-API-Version
X-Parent-Response-Time
X-CacheTTL
Fastly-Backend-Name
X-Date
NGX
X-NGINX-Cache
X-Tx-Id
X-Tb-Optimization-Total-Bytes-Saved
X-LB-ID
X-Ah-Environment
Cache-Hits
X-Varnish-Hits
Type
X-Ua
X-PDP-UNCACHING-HASH
X-Zone
X-COUNTRY
X-DynaTrace-JS-Agent
X-Servedbyhost
X-DC
X-Via-Poph
X-Refresh
X-Via-Popn
X-Via-Popv
X-HA-Backend
X-Via-Fastly
X-CACHE-GROUP
Pics-Label
NtCoent-Length
X-Ratelimit-Reset
Datacenter
X-NWS-UUID-VERIFY
X-CDN-Cache-Status
GeoIp-Country-Code
X-Cloudmap
X-Irp-Debug
X-VHOST
Cdn
X-Location
X-Owner
X-LB-NoCache
X-Ig-Origin-Region
X-Akamai-Transformed
Cdn-Requestid
Fusion-Content-Source
Fusion-Content-Id
X-SIPLIST1
Fusion-Source
IsBot
X-Srv
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Component-Id
X-ZONE
X-Core-Mission
X-Esi
X-Nc
Resin-Trace
Powered-By
SID
X-Wa
Server-ID
X-TX-ID
X-Nananana
X-Jungle-Id
GeoIP-Latitude
X-CUA
Origin-EX
Cross-Origin-Opener-Policy-Report-Only
X-Qloud-Router
Origin-CC
X-CF-Lambda-Version
X-Fpc
X-CF-Lambda-Fn
DataCenter
X-User
X-Hit
N-Cache
X-Wormhole-Sdk
Expect-Staple
X-CS
Xc-Version
X-B3-Parentspanid
X-Proxy-CacheRZ
X-NewRelic-App-Data
XkeyRZ
CloudFront-Viewer-Country
X-Cache-Type
X-Orig-Expires
X-Shop-Environment
X-DataCenter
X-Segment-20210421
X-Tenant
X-Forwarded-Path
X-Nf-Request-Id
Mime-Version
X-Client-Ip
X-IAuth-Set-Uid
X-Render-Time
Fastly-Drupal-Html
X-Gamma-Serve
X-URL
Cmsid
Cf-Ipcountry
Uri
X-Cached-By
X-Presslabs-Stats
Cmstype
X-Powered-By-VTEX-Cache
CPC-Age
X-VTEX-Cache-Server
CPC-Cache
X-VTEX-Cache-Time
X-Amz-Meta-Opti
User-Agent
X-TIME
X-Tt-Logid
Debug
True-Client-IP
True-Client-Ip
CDN
X-Cdn-Diag
X-Info
X-Auth-Group-Type
Edge-Cache
X-Vmg-Version
X-Varnish-Beresp-TTL
Srv
X-LiteSpeed-Tag
MIME-Version
X-Dispatch
X-B3-Spanid
X-CACHE-AGE
X-Fastly-Country-Code
X-Geo
X-Dynatrace-Js-Agent
Load-Balancing
X-Datacenter
X-Ig-Push-State
X-Oracle-DMS-ECID
X-Cdn-Forward
Tcn
Odigeo-Trace-Id
X-HOST
X-Vc
X-Variation
CacheControlHeader
X-LiteSpeed-Cache-Control
X-Cs
X-LAGOON
X-Vgn-Hpd-Reason
X-FPC
X-APP-VERSION
X-HostName
Ohc-File-Size
X-NodeID
X-Custom-Header
Hostname
X-PHP-Backend
X-AIR-PT
X-Webkit-Csp-Report-Only
X-Pad
X-CSRF-TOKEN
Cl-Cache
Server-Id
X-Depends
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-MCACHE
X-DefElseHash
X-WA
X-NC
X-DefHash
X-Lb-Nocache
X-Varnish-CookieHashed-On
VNS-Cache
VNS-Age
Ohc-Cache-HIT
X-VC-TTL
X-M-Log
X-M-Reqid
GeoIP-Country-Code
X-Api-Version
X-Cdn-Cache-Status
X-Via-PopH
X-Via-PopN
X-Ha-Backend
X-Dispatcher-Number
X-ServedByHost
X-Cache-FS-Status
X-APP
Epwk-X-Cache
X-Via-PopV
PICS-Label
Geoip-Latitude
X-CACHE-KEY
X-Cache-Ttl
Lb
X-Fastly-Backend-Reqs
X-MSEdge-Features
X-MSEdge-Flight
X-Litespeed-Tag
Cloudfront-Viewer-Country
CountryCode
X-VCL-Version
X-Use-Magma
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Litespeed-Cache-Control
X-Akamai-Pragma-Client-IP
Xkey-La3
X-Cdn-Request-ID
X-Lb-Id
Xkeylog
X-Proxy-Cache-La3
Cache-Name
Server-Info
FSS-Cache
Time
X-IN-APIGATEWAYSSL
X-Web-Server
Memcached
OriginIP
X-RequestId
X-Mid
Ngx
X-MiniProfiler-Ids
Memory
X-IN-APIGATEWAY
X-Snapshot-Date
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Cache-Version
X-Shardid
X-Shopid
Srvid
X-Requestid
X-Th-Server
X-Sucuri-Id
X-RAMCache
X-FL-QIT-DEBUG
Akamai-Cache-Status
X-Ramcache
X-Wp-Cf-Super-Cache-Cookies-Bypass
Warning
X-Check-Cacheable
X-Serial
X-Service-Response-Time
Sm-Log-Id
CF-Cached-On
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-Mg-Cache