Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-Xss-Protection
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Ua-Compatible
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
EagleId
Xkey
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
X-Pingback
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Aws-Lambda-Call-Status
X-CST
Permissions-Policy
X-OneAgent-JS-Injection
X-Backend-Server
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
X-Litespeed-Cache
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Midtier
X-Mcache
X-Mod-Pagespeed
Rating
X-PC
X-TtlSet
X-Vname
X-MS-InvokeApp
Nginx-Cache
X-ECACHE
X-ESI
X-Upstream
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-D2id
X-Element-Page-Cache
X-Times
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-NWS-LOG-UUID
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
X-Ac
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
X-Ser
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Navigation-Version
X-Abt-Application-Version
X-GitHub-Request-Id
X-NF-Request-ID
X-Vcap-Request-Id
X-Ttl
X-Dw-Request-Base-Id
X-RateLimit-Remaining
AR-CACHE
X-Mg-S
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Client-IP
X-VARITI-CCR
S
X-Middleton-Display
Edge-Cache-Tag
Pagespeed
Display
X-Sol
X-Cache-Key
Fastly-Restarts
RTSS
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
Cache-Status
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Powered-CMS
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Edge-Location-Klb
X-Kinsta-Cache
X-Version
X-Server-ID
Access-Control-Request-Method
X-Goog-Hash
X-Recruiting
X-Varnish-TTL
X-ARC
X-Middleton-Response
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Response
X-Content-Digest
X-Daa-Tunnel
X-TraceId
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
Content-MD5
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TP-Cache
Front-End-Https
Origin-Trial
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Accel-Expires
X-Cached
X-Hits
X-Content-Security-Policy-Report-Only
MS-Author-Via
Public-Key-Pins
X-Id
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-Fastcgi-Cache
X-HS-Cache-Config
X-Forwarded-Proto
X-FTR-Expires
Server-Node
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
Payment
X-Frontend
X-Webkit-Csp
X-LLID
Realpath
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-ORACLE-DMS-RID
X-FastCGI-Cache
X-LB-Cache
Cache-Tags
X-Hostname
X-Ratelimit-Limit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
X-RateLimit-Limit
Referer-Policy
X-B3-TraceId-Primal
X-Page-Id
Mrf-Cache-Status
MRF-Tech
X-Debug-Info
Host
X-Az
X-Activity-Id
X-AppVersion
Fastcgi-Cache
Count-Hit
X-Geo-Country
X-Cluster-Name
X-Www-Served-By
X-NGENIX-Cache
X-Varnish-Server
X-Varnish-Backend
X-Envoy-Decorator-Operation
Accept-Charset
X-Correlation-Id
X-F-Cache
X-App-Server
X-Ua-Device
X-XRDS-LOCATION
X-PressLabs-Stats
X-FB-Debug
X-Goog-Metageneration
Retry-After
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Load-Cache
X-Upgrade-Enabled
X-TEC-API-ORIGIN
Access-Control-Allow-Method
X-CSRF-Token
X-Git-Hash
TCN
X-Seen-By
X-Px
X-Varnish-Ttl
X-Content-Options
X-RateLimit-Reset
Server-Name
X-Grace
Section-Io-Cache
X-Request-Guid
X-Contextid
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Cache-Control
X-Trace-Id
X-Tt-Trace-Host
X-Type
Cleartype
X-Tt-Trace-Tag
Charset
X-B
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Oracle-Dms-Ecid
X-Datadog-Trace-Id
Healthy
X-B3-Sampled
X-TT
X-Fastly-Request-Id
Paypal-Debug-Id
X-Whom
DC
X-Fastly-Request-ID
X-Fb-Rlafr
X-Wix-Request-Id
X-B-Cache
X-Signature
X-App-Environment
X-Node-Name
X-Air-Pt
X-Origin-Cache
X-Mobile
X-Azure-Ref
X-Proxy
Frame-Options
X-Magnolia-Registration
X-TTL
Accept-Ch
X-Amz-Replication-Status
X-Oracle-Dms-Rid
X-Newrelic-App-Data
X-Ratelimit-Remaining
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-N
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Filterid
X-Rid
X-EdgeConnect-Cache-Status
X-WebKit-CSP-Report-Only
X-Logged-In
Content-Disposition
X-Language
X-Aspnet-Duration-Ms
Akamai-GRN
Backend
X-Flags
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
NGB
X-Time
VIX-Pulpo-Upstream-Status
X-CCDN-CacheTTL
X-Response-Served-From
VIX-Pulpo-Node
X-Original-Request-Id
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Viewport
X-Is-Bot
X-Rendered-As
X-Varnish-Grace
SD-X-WS
MS-CV
Liferay-Portal
Ms-Operation-Id
X-Debug-IsPreview
X-Servername
X-RTag
X-RemovedCookies
X-ProcessESI
X-Yottaa-Metrics
X-Tumblr-Pixel
X-Unique-Id
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Cache-Age
X-Yottaa-Optimizations
X-Debug-IsConnected
X-Datadog-Sampled
X-Amzn-Remapped-Content-Length
X-UUID
X-FW-Dynamic
X-Debug
X-Adobe-Content
X-Adobe-Loc
Upgrade-Insecure-Requests
X-Hl-Ver
X-FW-Hash
X-Backend-Name
X-FW-Version
X-FW-Type
X-FW-Server
X-Instance
X-FW-Serve
X-NYM-Debug-Backend
X-IPS-LoggedIn
X-FW-Static
X-Via-JSL
X-Template
X-L-Path
X-Region
Fastly-SIE
X-Proxy-Cache-Info
X-G
X-Environment-Context
X-Cacheable-TTL
X-Cache-Grace
Refresh
Fastly-SWR
X-Device-Type
X-Kinja-CCPA
X-User-Agent
ServerID
From-Origin
Country
X-Cache-Hit
X-Status
X-Rule
X-B3-SpanId
X-App-Version
Url
X-VC-Cache
X-INCAP-ABP
X-Webkit-CSP
Countrycode
Version
X-Source
X-Jobs
Alternate-Protocol
WPO-Cache-Message
X-HTML-Minification-Powered-By
X-Cache-Status-Check
WPO-Cache-Status
X-NODE
X-Air-Hostname
X-Air-Source
GEO-INFO
X-Air-Trace-Id
X-Nginx-Cache
CDN-RequestId
X-WP-CF-Super-Cache-Active
X-Storage
X-Origin-TTL
X-Origin-CC
X-Akamai-Request-ID2
Surrogate-Key
X-Content-Powered-By
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
X-Hosted-By
SRV
X-Rocket-Nginx-Serving-Static
OT-Force-Account-Verify
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Page-View
Protected
X-Accel-Version
X-Real-IP
X-VC
Access-Control-Request-Headers
X-CDN-Forward
X-Akamai-Edgescape
AMP-Access-Control-Allow-Source-Origin
X-Edge-Location
CF-IPCountry
X-ServerID
X-Cache-Time
X-Framework
X-Use-Mantle
X-Mode
Filters
Webserver
X-Cache-Rule
X-Cache-Operation
Front
X-Rewrite-Enabled
Xet-Cookie
X-Handled-By
X-Rn-Rsrv
Meta-Geo
X-Endurance-Cache-Level
X-Upstream-Ht
X-UPSTREAM-Address
X-Upstream-Ct
X-Xfnlog-Site
Accept-Language
X-LJ-Flow-ID
X-JoinUs
X-VWS-Id
X-Proxy-Build
X-Origin
X-Timing-Wait
Mn-Server-Ip
Section-Io-Id
X-SaId
X-Cache-Debug
X-Varnish-Cache-Hits
X-Detected-As
X-Served-From
X-Soup
X-Director
X-Tumblr-Pixel-2
X-AWS-Id
ServedBy
Selected-Fe
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
X-BYPASS-REASON
X-Redis-Cache
X-Adobe-Source
Webcakes-Region
Apigw-Requestid
Webcakes-App-Version
X-ProxyCache-Status
X-ProxyCache-Key
Xserver
X-Say-TTL
X-Zipkin-Id
X-Worker
X-Web-Node
Webcakes-App-Name
Web-Mar-Node
Property-Id
X-Routing-Service
X-Say-Cacheable
Node
X-SayCDN-TTL
X-Restarts
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Cms-Context
X-Cluster
X-No-Session
X-Format
X-Lambda-Id
X-Origin-Hint
X-Labrador-Cache-Channel
X-Proxied
X-Drupal-Cache-Tags
X-Extlb
X-Platform-Cluster
X-Vcache
X-PHP-Host
X-Logging-Id
X-Platform-Processor
X-Platform-Router
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-RM-Cache-TTL
X-Loop
X-Locale
X-Geo-Region
X-AB
X-Browser-Name
X-RCS-CacheZone
X-Drupal-Cache-Contexts
X-Forwarded-Host
X-GeoCode
X-IPLB-Request-ID
X-IPLB-Instance
X-GeoCountry
X-Is-Desktop
X-S
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Tncms
X-Webstats-RespID
X-VCT
X-Varnish-Beresp-Grace
X-Varnish-Age
X-Tcp-Rtt
Azure-Version
X-TT-LOGID
X-Skip-Cache
X-Site-Version
DB-Nickname
X-Httpd
X-Vercel-Id
X-Cache-Host
X-Fetched-On
X-Generation-Time
X-Git-Commit
X-R9-Blue-Green-Version
X-Cache-Server
X-Http-Reason
X-Container-Uri
X-Reqid
X-Tb
X-Vercel-Cache
CDN-EdgeStorageId
CDN-CachedAt
X-Storefront-Renderer-Rendered
CDN-PullZone
CDN-Cache
CDN-RequestPullCode
X-Ms-Request-Id
X-Ms-Version
CDN-Uid
CDN-RequestPullSuccess
X-Shopify-Stage
CDN-RequestCountryCode
X-Frame-Option
X-Alternate-Cache-Key
X-Provided-By
X-Server-W
X-MP-GENERATED-AT
X-Origin-Date
X-Sucuri-Cache
X-Uri
Fastcgi-Useragent
WP-Super-Cache
X-XRDS-Location
X-Sucuri-ID
X-Sorting-Hat-PodId
X-DynaTrace
Source
X-ShopId
X-Sorting-Hat-ShopId
X-Cdn-Origin
X-ShardId
X-Vcl-Version
Cache-Tv-Group
Cross-Origin-Embedder-Policy-Report-Only
Atl-Traceid
X-Xrds-Location
X-Generated-By
Content-Secure-Policy
X-FB-TRIP-ID
Priority
X-Sql-Duration-Ms
X-Sql-Count
X-SRV
X-Pass-Why
Onion-Location
X-Buckets
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Content-Age
Sid
Cross-Origin-Window-Policy
TDXMobile
X-DataDome
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-CMSURLCustom
X-Shield-Cache-Expires
X-Scope-Id
X-Thinkindot-L3
Cache
HostName
X-LSADC-Cache
X-Varnish-Beresp-Ttl
X-Cluster-Node
WZWS-RAY
X-Newrelic-Synthetics
X-Proxy-Cache-Status
X-WP-CF-Super-Cache-Cookies-Bypass
X-Optimistic-Header
X-Cache-Action
X-GEO
X-Azure-Ref-OriginShield
S-Rt
X-Cache-Expired-At
X-Via-Edge
User-Cache-Control
Edge-Copy-Time
X-Connection-Hash
Expiry
X-Via-SSL
X-Via-CDN
X-Dc
CDCHOST
MD5-Digest
X-Cache-NE
Candidate-Md5Url
A
X-A-Wwc
X-A-Dgt
X-Cache-Bucket
X-Application
X-B-Cookie
X-Viewer-Country
X-Vtex-Remote-Cache
X-Access
X-Destination
X-Developer
X-Dispatcher-Server
X-Ec-Custom-Error
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Conf
Apple-News-Services-Host
X-D
X-Ec-Fail
X-Ec-GeoHdr
X-Aed
X-Op-Id-All
Fastly-Drupal-HTML
X-Correlation-ID
X-Platform
Lang
X-Epic-Correlation-Id
X-PAYTM-SRV-ID
X-External-Request-Id
Apple-News-Services-Handled
X-Varnish-Hostname
X-Bc-Bl
Req-ID
Rendered-Blocks
Redirect-Candidate
Server-Ext
Ngx.Var.Host
Server-Host
X-ScT
X-Request-Start
X-Scheme
X-SB
X-Rojux
X-BCube-Filmed-By
Origin-Agent-Cluster
Gannett-Cam-Experience-Id
Origin
X-S-Cookie
Magicmarker
X-ND-Cache
X-A-Dcw
X-Instance-Name
Meta-Geo-Continent
Vix-Hermes-Req-Id
X-TIM-N
L
X-A
X-A-Ccd
X-Vdms-Version
X-Vdms-Path
X-A-Dam
Server-Hostname
T-Server
DCR-Decision-By
Sever-Int
DCR-Processing-Time-Ms
X-Section
Ngx-Var-Key
X-SRCache-Key
Sslversion
Surrogated-Key
X-Bl-Debug
X-TimeS
X-TA-CDN-Provider
X-B3-Trace-ID
Wxu-Next-Hostname
Release
Ssr
Pramga
PFcat
NM-Fastcgi-Cache
V-Age
Wxu-Next-Commit
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-AK-Request-ID
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
X-Auto-Login
X-Gdpr
X-SD-PageType
X-Human
X-Level-Front-Cache
X-Loc
X-Moov-T
X-Mly-Id
X-Sigma
X-Sigma-Backend
X-Gzip
X-Thanos
X-HN
X-TH-Server
X-Hnp-Log
X-Moov-Xdn-Version
X-NCache
X-Pubstack
X-Req
X-Proxied-Request
X-Pool
X-Origin-Time
X-Nyt-Route
X-Request-Time
X-Rocket-Build-Number
X-Nginx-Cache-Key
X-NMSegId
X-Request-URI
X-Node-Id
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Esi-Check
X-Fastly-Cache
Yak-Timeinfo
X-Core-Value
X-Clientip
X-Block-Status
X-Bip
X-Cache-Id
X-Cache-Info
X-Cache-TTL-Remaining
X-Forwarded-Site
X-Gen-Mode
X-Varnish-Director
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Generated-On
X-UA-Device-Type
X-Varnishpool
X-VG-TLSProxy
X-We-Are-Hiring
X-Zen-Fury
X-WA-Info
X-VServer
X-VG-WebCache
X-BBC-Edge-Cache-Status
Req-Svc-Chain
Content-Script-Type
Content-Style-Type
Environment
Fastly-GeoIP-CountryCode
Cluster
C-Via
Cdncip
Cdnsip
Cache-Provider
Fastly-SSL
DSUID
Host-ID
X-Service
X-Origin-Response-Time
X-Ua
X-Contensis-Viewer-Groups
Locid
X-Csrf-Jwt
X-CGP
X-Device-Os
X-FC-Vary-Parameters
X-Eu-Site
X-DPWN-IS-SECURE
X-Cdn-Srv
X-Cache-Date
X-V-Cache
X-Var-Ttl
X-Aicache-OS
X-Varnish-Authentication
X-ApacheServer
Adler-Geo
X-Cache-Aspx
X-Fmm-Version
X-Backend-Instance
X-Ad-Load-Variation
X-SVT-ORM-VERSION
X-ECache
X-Request-Host
X-Server-IP
X-Mvc-Supplant-OutputCached
X-Old-Content-Length
X-Org
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Mail-Subject
X-PERF
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-GeoIP
X-Geo-Header
X-From
X-SVT-ORM-RULES
X-GeoIP-City
Canary
X-Men
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-Region-Sid
X-Policy
Platform
Producers
RNT-Machine
Gh-Request-Id
Ha-Gx-Prefs
On-Server
Type
RNT-Time
Esi-Enabled
Tube-Got-Results
Tube-Return
Uber-Trace-Id
Tube-Got-Eval
Tube-Get-Contents
Country-Code
True-Client-Country-4JS
W
HA-Ipaddr
L5d-Success-Class
Web-Mar-Region
We-Hiring
Click-Count-Error
Machine
Click-Count-Action-Start
Is-Eu
X-Mg-Request-UUID
X-Datadome
X-Edge-Server
X-RID
X-Fastly-Backend
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
X-Slack-Backend
Cdn-Host
X-Sn-Servicetimems
Proxy-Firewall
X-Ratelimit-Reset
X-VCache
X-Up
X-DC
X-Hash
X-Proto
X-Slack-Shared-Secret-Outcome
X-Lagoon
Cache-Key
X-App-Name
X-Branch-Name
AKAMAI
Cf-Device-Type
Cdn-Request-Time
X-UA
LB
X-Tx-Id
X-Ah-Environment
X-LB-ID
X-Origin-Expires
X-Date
X-Accel-Expires-Debug
Fastly-Backend-Name
X-Test
X-Parent-Response-Time
NGX
X-API-Version
X-CacheTTL
X-Cache-Backend
X-COUNTRY
Pics-Label
X-Varnish-Hits
X-Irp-Debug
X-Servedbyhost
X-Via-Popn
X-Via-Popv
X-CACHE-GROUP
X-DynaTrace-JS-Agent
X-HA-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-Owner
X-Refresh
X-Via-Poph
Cdn
X-SIPLIST1
IsBot
X-LB-NoCache
X-Core-Mission
Datacenter
X-VHOST
X-ZONE
SID
NtCoent-Length
X-Zone
X-NGINX-Cache
Cache-Hits
Cdn-Requestid
X-CDN-Cache-Status
X-Wa
X-Qloud-Router
X-Via-Fastly
Server-ID
GeoIp-Country-Code
X-Nc
X-Srv
X-CF-Lambda-Version
Expect-Staple
N-Cache
X-Nananana
X-CF-Lambda-Fn
X-Presslabs-Stats
X-Forwarded-Path
X-Ig-Origin-Region
Xc-Version
X-Orig-Expires
X-Location
CloudFront-Viewer-Country
Cross-Origin-Opener-Policy-Report-Only
X-Shop-Environment
X-Cache-Type
X-Fpc
GeoIP-Latitude
X-Tenant
X-Akamai-Transformed
X-Cloudmap
Fusion-Deployment-Id
Resin-Trace
Fusion-Content-Source
Fusion-Component-Id
X-B3-Parentspanid
Fusion-Content-Id
Cmstype
Cmsid
Fusion-Template-Id
Fusion-Source
DataCenter
X-Gamma-Serve
X-Hit
X-TX-ID
Uri
XkeyRZ
X-Proxy-CacheRZ
X-NewRelic-App-Data
X-DataCenter
CPC-Age
CPC-Cache
Powered-By
X-Nf-Request-Id
X-Client-Ip
X-URL
X-CS
X-Cdn-Diag
Origin-EX
User-Agent
Origin-CC
X-Jungle-Id
X-Vmg-Version
X-CUA
X-Use-Magma
X-User
True-Client-Ip
X-Tt-Logid
X-NWS-UUID-VERIFY
X-Amz-Meta-Opti
X-Info
X-TIME
RATING
MIME-Version
X-Fastly-Country-Code
X-IAuth-Set-Uid
X-Segment-20210421
Mime-Version
Srv
X-CACHE-AGE
X-Geo
Fastly-Drupal-Html
X-Cached-By
True-Client-IP
CacheControlHeader
X-Variation
X-Render-Time
X-LAGOON
X-Dynatrace-Js-Agent
Load-Balancing
Cf-Ipcountry
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Datacenter
X-Oracle-DMS-ECID
X-Powered-By-VTEX-Cache
X-Webkit-Csp-Report-Only
CDN
Tcn
X-Cdn-Forward
X-B3-Spanid
X-HOST
X-Vc
Debug
X-Wormhole-Sdk
Edge-Cache
X-Auth-Group-Type
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-PDP-UNCACHING-HASH
VNS-Age
X-HostName
VNS-Cache
X-LiteSpeed-Tag
Ohc-File-Size
X-Dispatch
Cl-Cache
X-Ig-Push-State
X-CSRF-TOKEN
Hostname
Odigeo-Trace-Id
X-FPC
X-NodeID
Lb
X-MCACHE
GeoIP-Country-Code
X-AIR-PT
Ohc-Cache-HIT
X-APP-VERSION
X-Litespeed-Tag
X-Api-Version
X-Cs
X-Cdn-Cache-Status
X-Esi
X-NC
X-WA
X-Custom-Header
X-Vgn-Hpd-Reason
Server-Id
X-Dispatcher-Number
X-PHP-Backend
X-Depends
X-Lb-Nocache
X-Pad
Cache-Name
X-DefElseHash
X-DefHash
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Cache-Ttl
X-Ha-Backend
X-Via-PopH
X-ServedByHost
X-M-Log
X-M-Reqid
X-VC-TTL
X-Fastly-Backend-Reqs
X-Mid
X-Via-PopN
X-Via-PopV
PICS-Label
CountryCode
X-Srcache-Store-Status
X-Litespeed-Cache-Control
Ms-Author-Via
X-VCL-Version
X-Srcache-Fetch-Status
X-Cdn-Request-ID
X-Lb-Id
X-Akamai-Pragma-Client-IP
X-Proxy-Cache-La3
Xkeylog
X-MSEdge-Features
X-MSEdge-Flight
X-Shardid
X-Shopid
Xkey-La3
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-RequestId
Geoip-Latitude
X-Acquia-Application-Trace
X-MiniProfiler-Ids
X-Cache-FS-Status
Epwk-X-Cache
BehaviorPad-Version
X-Snapshot-Date
Ngx
Time
Memory
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Web-Server
Memcached
OriginIP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Version
Warning
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-App
X-Requestid
X-APP
Sm-Log-Id
Cloudfront-Viewer-Country
X-Lsadc-Cache
X-Mg-Cache
X-Serial
X-Sucuri-Id
X-Th-Server
X-Service-Response-Time
CF-Cached-On
FSS-Cache
X-Cache-Enabled
Akamai-Cache-Status
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cookies-Bypass