Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
Accept-CH-Lifetime
X-Cache-Status
X-Drupal-Cache
X-Ua-Compatible
X-Check
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
X-Request-ID
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Allow
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
EagleId
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Aws-Lambda-Call-Status
X-OneAgent-JS-Injection
X-CST
Permissions-Policy
X-Backend-Server
X-Readtime
X-Server-Id
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cache-Lookup
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Trace
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
X-Rack-Cache
X-Edge
Accept-Ch-Lifetime
Cache-Tag
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Amz-Server-Side-Encryption
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
Nginx-Cache
X-ECACHE
X-ESI
X-Upstream
Rating
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
Verso
X-D2id
X-Element-Page-Cache
X-Times
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Ac
SPIisLatency
X-NWS-LOG-UUID
SPRequestDuration
AR-Request-ID
AR-PoweredBy
AR-SID
X-B3-TraceId
AR-ATIME
X-Ruxit-Js-Agent
SPRequestGuid
X-SharePointHealthScore
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-NF-Request-ID
X-Vcap-Request-Id
X-RateLimit-Remaining
X-GitHub-Request-Id
X-Dw-Request-Base-Id
AR-CACHE
X-Ttl
X-Mg-S
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Client-IP
S
Edge-Cache-Tag
X-VARITI-CCR
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Cache-Key
X-Server-ID
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
Cache-Status
X-Powered-CMS
X-Edge-Location-Klb
X-Version
X-Kinsta-Cache
X-Goog-Hash
Access-Control-Request-Method
X-Recruiting
X-Varnish-TTL
X-ARC
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Middleton-Response
Response
X-Content-Digest
X-TraceId
X-Daa-Tunnel
X-Forwarded-For
X-T
Arr-Disable-Session-Affinity
Content-MD5
X-MSEdge-Ref
Origin-Trial
X-SRCache-Fetch-Status
TP-Cache
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
Front-End-Https
X-Accel-Expires
Cross-Origin-Resource-Policy
X-Shield-Request-Id
X-Cached
X-Content-Security-Policy-Report-Only
X-Hits
MS-Author-Via
X-Id
Public-Key-Pins
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-FTR-Expires
X-HS-Content-Id
X-Ua-Browser
X-Forwarded-Proto
Server-Node
X-Request-Received
X-Request-Processing-Time
Payment
X-DIS-Request-ID
X-Frontend
X-Fastcgi-Cache
Realpath
X-HP-Trace-Id
X-LLID
X-HP-Webp
X-Jurisdiction
X-FastCGI-Cache
X-ORACLE-DMS-RID
X-Webkit-Csp
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-Distributor
X-Ratelimit-Limit
Cache-Tags
X-LB-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Microsite
X-Origin-Server
X-Request-Handler-Origin-Region
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Referer-Policy
X-Hostname
X-Page-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Fastcgi-Cache
X-AppVersion
X-Activity-Id
X-Correlation-Id
X-Az
X-Cluster-Name
X-Debug-Info
X-NGENIX-Cache
X-Varnish-Backend
X-Www-Served-By
Count-Hit
X-Varnish-Server
Host
Accept-Charset
X-RateLimit-Limit
X-Geo-Country
X-F-Cache
X-Envoy-Decorator-Operation
X-App-Server
X-PressLabs-Stats
X-XRDS-LOCATION
X-Ua-Device
X-ORACLE-DMS-ECID
X-FB-Debug
X-Goog-Metageneration
Retry-After
X-Ezoic-Cdn
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Access-Control-Allow-Method
X-Load-Cache
X-CSRF-Token
X-Upgrade-Enabled
X-Git-Hash
X-RateLimit-Reset
X-Content-Options
X-Seen-By
X-Px
X-Fastly-Request-Id
Server-Name
TCN
X-Contextid
X-Request-Guid
Section-Io-Cache
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Type
X-Grace
X-Trace-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cache-Control
X-B
Charset
X-Datadog-Parent-Id
X-Varnish-Ttl
X-TTL
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-TT
Cleartype
X-B3-Sampled
Healthy
X-Whom
Paypal-Debug-Id
X-Signature
X-B-Cache
X-Fb-Rlafr
DC
X-Wix-Request-Id
X-Oracle-Dms-Ecid
X-App-Environment
X-Node-Name
X-Origin-Cache
X-Proxy
X-Mobile
X-Fastly-Request-ID
X-Azure-Ref
X-Magnolia-Registration
Frame-Options
X-Newrelic-App-Data
X-Amz-Replication-Status
X-Air-Pt
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-N
Accept-Ch
X-Rid
X-Oracle-Dms-Rid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-WebKit-CSP-Report-Only
Filterid
X-Logged-In
X-EdgeConnect-Cache-Status
X-Language
X-Ratelimit-Remaining
Content-Disposition
Backend
Akamai-GRN
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Route-Name
X-Flags
X-Providence-Cookie
X-NODE
X-Kinja-CCPA
NGB
X-Time
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Response-Served-From
X-Original-Request-Id
X-Template
X-Is-Bot
X-Rendered-As
Liferay-Portal
SD-X-WS
X-Yottaa-Optimizations
X-Cache-Age
X-Datadog-Sampled
X-Servername
X-Yottaa-Metrics
X-RTag
X-FW-Serve
X-Tumblr-User
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-Adobe-Content
X-FW-Server
X-FW-Version
X-Instance
X-UUID
Viewport
X-Debug
MS-CV
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Adobe-Loc
Ms-Operation-Id
X-Debug-IsConnected
X-NYM-Debug-Backend
X-Varnish-Grace
X-FW-Hash
Upgrade-Insecure-Requests
X-Debug-IsPreview
X-Via-JSL
X-Backend-Name
X-IPS-LoggedIn
X-ProcessESI
X-L-Path
X-Unique-Id
X-Cache-Grace
X-Amzn-Remapped-Content-Length
X-Proxy-Cache-Info
X-RemovedCookies
X-G
X-Environment-Context
X-Region
X-Device-Type
X-Hl-Ver
Fastly-SIE
Refresh
Fastly-SWR
X-Cacheable-TTL
X-Cache-Hit
X-Rule
X-CCDN-Origin-Time
ServerID
X-Hcs-Proxy-Type
X-B3-SpanId
X-CCDN-CacheTTL
X-Status
X-User-Agent
From-Origin
Country
X-App-Version
Url
X-VC-Cache
Countrycode
X-INCAP-ABP
Version
WPO-Cache-Status
WPO-Cache-Message
X-Webkit-CSP
X-Source
Alternate-Protocol
X-Jobs
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-Origin-CC
X-Origin-TTL
CDN-RequestId
X-Air-Hostname
X-Air-Source
GEO-INFO
X-Air-Trace-Id
Surrogate-Key
X-Hosted-By
X-Akamai-Request-ID2
X-WP-CF-Super-Cache-Active
X-Content-Powered-By
X-Storage
X-Rocket-Nginx-Serving-Static
X-Page-View
Protected
OT-Force-Account-Verify
X-Nginx-Cache
X-Accel-Version
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
AMP-Access-Control-Allow-Source-Origin
X-Real-IP
SRV
X-Tec-Api-Version
X-VC
X-Tec-Api-Origin
X-Akamai-Edgescape
Access-Control-Request-Headers
X-Tec-Api-Root
X-Edge-Location
X-ServerID
X-Framework
X-Cache-Time
X-CDN-Forward
X-Cache-Rule
Front
X-Mode
Xet-Cookie
X-Rewrite-Enabled
Webserver
X-Rn-Rsrv
CF-IPCountry
X-Upstream-Ht
Filters
X-Cache-Operation
Meta-Geo
X-Xfnlog-Site
X-UPSTREAM-Address
X-Upstream-Ct
ServedBy
X-Detected-As
X-Director
X-JoinUs
Accept-Language
X-Handled-By
X-Endurance-Cache-Level
X-Varnish-Cache-Hits
X-Origin
X-Cache-Debug
Section-Io-Id
X-SaId
X-Adobe-Source
X-AWS-Id
Mn-Server-Ip
Cross-Origin-Embedder-Policy
Apigw-Requestid
X-BYPASS-REASON
Node
Selected-Fe
Web-Mar-Node
X-Labrador-Cache-Channel
X-Served-From
X-Soup
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Timing-Wait
X-Tumblr-Pixel-2
X-Worker
Xserver
X-Web-Node
X-VWS-Id
X-Tumblr-Pixel-3
X-Routing-Service
X-Restarts
X-Lambda-Id
X-LJ-Flow-ID
X-Format
X-Extlb
X-Cms-Context
X-Logging-Id
X-PHP-Host
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Proxied
X-Cluster
X-Zipkin-Id
X-Use-Mantle
X-TT-LOGID
Azure-Version
X-Redis-Cache
X-AB
X-Httpd
X-Browser-Name
X-Drupal-Cache-Tags
X-Http-Reason
X-Loop
X-S
Webcakes-Region
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
X-No-Session
Property-Id
Webcakes-App-Version
Webcakes-App-Name
X-Origin-Hint
TWC-Locale-Group
Azure-SlotName
X-Varnish-Beresp-Grace
X-IPLB-Request-ID
X-Varnish-Age
X-Is-Desktop
X-IPLB-Instance
X-GeoCountry
X-Geo-Region
X-Forwarded-Host
X-GeoCode
X-VCT
Azure-SiteName
X-Tncms
X-Tcp-Rtt
Azure-InstanceId
X-Is-Supported-Browser
Azure-RegionName
X-Is-Tablet
X-Is-Mobile
X-Cache-Host
X-Locale
X-Container-Uri
X-Webstats-RespID
X-Git-Commit
X-Drupal-Cache-Contexts
X-Platform-Cluster
X-RM-Cache-TTL
X-Platform-Router
X-Skip-Cache
X-Tb
X-Vercel-Cache
X-Vercel-Id
X-Reqid
X-Site-Version
X-R9-Blue-Green-Version
X-Generation-Time
X-Platform-Processor
X-Frame-Option
X-Provided-By
X-Cache-Server
X-Vcache
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
CDN-Uid
X-Ms-Request-Id
CDN-RequestPullSuccess
X-RCS-CacheZone
CDN-EdgeStorageId
CDN-CachedAt
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
DB-Nickname
CDN-Cache
X-Ms-Version
X-Server-W
X-Uri
X-Fetched-On
X-Sucuri-Cache
X-MP-GENERATED-AT
X-Origin-Date
WP-Super-Cache
X-Sucuri-ID
Fastcgi-Useragent
Cache-Tv-Group
X-XRDS-Location
X-DynaTrace
X-Vcl-Version
X-Sorting-Hat-PodId
X-Cdn-Origin
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
Source
Content-Secure-Policy
X-FB-TRIP-ID
X-Generated-By
Cross-Origin-Embedder-Policy-Report-Only
Priority
X-SRV
Atl-Traceid
Onion-Location
X-Sql-Duration-Ms
X-Sql-Count
X-Pass-Why
X-Urbn-Site-Id
Sid
X-Urbn-Context-Path
Locale
X-Content-Age
X-Buckets
X-Xrds-Location
X-Shield-Cache-Expires
Thinkindot-Control
X-Scope-Id
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-CMSURLCustom
Thinkindot-CacheControl
TDXMobile
Cache
Cross-Origin-Window-Policy
HostName
X-DataDome
X-Cluster-Node
X-Proxy-Cache-Status
X-WP-CF-Super-Cache-Cookies-Bypass
X-Newrelic-Synthetics
X-LSADC-Cache
WZWS-RAY
X-Varnish-Beresp-Ttl
X-Cache-Action
X-GEO
X-Optimistic-Header
S-Rt
Expiry
Edge-Copy-Time
X-Cache-Expired-At
X-Dc
User-Cache-Control
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Connection-Hash
X-Instance-Name
X-Developer
X-Aed
X-Access
X-A-Wwc
Apple-News-Services-Parsed-Url
Lang
X-Viewer-Country
X-Ec-Fail
Magicmarker
L
X-External-Request-Id
Server-Hostname
Server-Host
Server-Ext
MD5-Digest
Meta-Geo-Continent
Redirect-Candidate
Origin
Origin-Agent-Cluster
X-Ec-GeoHdr
Rendered-Blocks
Ngx.Var.Host
Req-ID
X-Epic-Correlation-Id
Ngx-Var-Key
X-Ec-Custom-Error
Gannett-Cam-Experience-Id
A
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Vdms-Version
X-A
X-A-Dcw
X-A-Dam
X-A-Ccd
X-Vtex-Remote-Cache
Vix-Hermes-Req-Id
DCR-Processing-Time-Ms
Sslversion
Sever-Int
DCR-Decision-By
Surrogated-Key
Candidate-Md5Url
CDCHOST
T-Server
X-A-Dgt
X-Application
X-SRCache-Key
X-D
X-B-Cookie
X-Ua
X-Varnish-Hostname
X-TIM-N
X-Bc-Bl
X-ScT
X-Destination
X-SB
X-S-Cookie
X-Platform
X-Conf
X-Section
X-Bl-Debug
X-Vdms-Path
X-Cache-Bucket
X-Rojux
X-Cache-NE
X-Request-Start
X-BCube-Filmed-By
X-TA-CDN-Provider
X-Req
X-Cache-Info
X-Varnish-Beresp-Status
Cluster
V-Age
X-Request-URI
X-VServer
Cdncip
Cdnsip
X-Correlation-ID
X-Forwarded-Site
X-VG-WebCache
X-Cache-Id
X-Dispatcher-Server
X-Esi-Check
X-PAYTM-SRV-ID
X-UA-Device-Type
Req-Svc-Chain
X-Origin-Time
X-Clientip
X-Nyt-Route
X-Node-Id
Release
X-Op-Id-All
X-Debug-Cache-Fetch
X-Moov-Xdn-Version
Fastly-GeoIP-CountryCode
X-Loc
X-Varnish-Director
Environment
Fastly-SSL
X-Cache-TTL-Remaining
Host-ID
X-Proxied-Request
X-Debug-Cache-Store
X-Pubstack
DSUID
Cache-Provider
X-Human
Yak-Timeinfo
X-Gdpr
X-Zen-Fury
X-TH-Server
X-Core-Value
X-SD-PageType
X-Mly-Id
X-BBC-Edge-Cache-Status
X-Auto-Login
X-GeoIP-Region-Code
X-Gzip
X-ND-Cache
X-GeoIP-Country-Code
X-B3-Trace-ID
X-Hnp-Log
X-Acquia-Purge-Cdn-Unconfigured
X-Azure-Ref-OriginShield
X-VG-TLSProxy
X-AK-Request-ID
X-Gen-Mode
X-Block-Status
C-Via
X-Moov-T
X-WA-Info
X-Amz-Meta-Cb-Modifiedtime
X-We-Are-Hiring
X-Scheme
X-TimeS
X-VCache
X-Datadome
X-Origin-Response-Time
Fastly-Drupal-HTML
X-Service
Producers
RNT-Machine
X-Ad-Load-Variation
Pramga
X-Csrf-Jwt
X-CGP
X-Contensis-Viewer-Groups
X-Aicache-OS
Wxu-Next-Region
Tube-Got-Eval
Tube-Get-Contents
True-Client-Country-4JS
Tube-Got-Results
Tube-Return
X-Cache-Aspx
Type
We-Hiring
Ssr
X-DPWN-IS-SECURE
X-Varnishpool
RNT-Time
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Region
X-Bip
X-Cdn-Srv
X-Var-Ttl
X-Generated-On
X-Request-Host
X-Request-Time
X-Rocket-Build-Number
X-Thanos
X-RateLimit-Remaining-Second
Adler-Geo
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-SVT-ORM-RULES
X-RateLimit-Limit-Second
X-Mg-Request-UUID
Platform
X-Level-Front-Cache
X-Men
X-Micro-Cache
X-SVT-ORM-VERSION
X-Old-Content-Length
X-Sigma-Backend
X-GoCache-CacheStatus
X-Server-IP
X-Sigma
X-HS-Content-Campaign-Id
Click-Count-Action-Start
X-Pool
HA-Ipaddr
Is-Eu
Ha-Gx-Prefs
Click-Count-Error
Gh-Request-Id
L5d-Success-Class
Locid
NM-Fastcgi-Cache
X-Eu-Site
Mail-Subject
X-NCache
On-Server
X-Fastly-Cache
X-NMSegId
Content-Script-Type
X-Varnish-Authentication
X-Policy
Content-Style-Type
Country-Code
X-FC-Vary-Parameters
X-Nginx-Cache-Key
X-Fmm-Version
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Up
X-Slack-Backend
X-Branch-Name
X-ECache
X-Proto
X-Region-Sid
X-PERF
X-Cache-Date
X-Org
X-HN
Uber-Trace-Id
Cdn-Request-Time
X-Device-Os
Cdn-Host
Canary
Cf-Device-Type
X-From
X-Edge-Server
Proxy-Firewall
Machine
X-Fastly-Backend
Esi-Enabled
X-Wikidot-Backend
W
X-VarnishDD-TTL
X-V-Cache
X-ApacheServer
X-App-Name
X-GeoIP-City
X-Backend-Instance
X-Geo-Header
X-Wikidot-Static-Cache
X-GeoIP
PFcat
X-Amz-Storage-Class
X-Test
X-Hash
X-LB-ID
X-Date
X-Lagoon
X-Parent-Response-Time
X-Accel-Expires-Debug
NGX
AKAMAI
X-RID
X-CacheTTL
X-DC
XM
Cache-Key
Fastly-Backend-Name
X-Tx-Id
LB
X-Origin-Expires
X-Irp-Debug
X-Cache-Backend
X-API-Version
X-Varnish-Hits
X-Ah-Environment
Pics-Label
X-Ratelimit-Reset
X-Owner
X-Servedbyhost
X-HA-Backend
X-Via-Poph
X-Via-Popv
X-Tb-Optimization-Total-Bytes-Saved
X-Via-Popn
X-COUNTRY
X-UA
Cdn
X-Core-Mission
X-ZONE
X-Refresh
X-NGINX-Cache
X-CACHE-GROUP
IsBot
X-DynaTrace-JS-Agent
X-SIPLIST1
NtCoent-Length
X-LB-NoCache
Datacenter
X-VHOST
RATING
X-Zone
X-CDN-Cache-Status
X-Qloud-Router
GeoIp-Country-Code
Cdn-Requestid
Cache-Hits
SID
X-Use-Magma
X-CF-Lambda-Version
X-Wa
X-CF-Lambda-Fn
Server-ID
X-Nc
Expect-Staple
X-Nananana
X-Srv
N-Cache
X-Orig-Expires
Xc-Version
X-Via-Fastly
X-Cache-Type
X-Tenant
X-Akamai-Transformed
X-Shop-Environment
CloudFront-Viewer-Country
X-Forwarded-Path
X-Ig-Origin-Region
GeoIP-Latitude
X-TX-ID
Cmsid
Cmstype
Resin-Trace
X-B3-Parentspanid
X-Fpc
X-Gamma-Serve
Cross-Origin-Opener-Policy-Report-Only
X-Cloudmap
DataCenter
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
X-Location
CPC-Cache
CPC-Age
Fusion-Content-Id
Fusion-Deployment-Id
X-Hit
X-Nf-Request-Id
Powered-By
X-Vmg-Version
User-Agent
X-DataCenter
X-Proxy-CacheRZ
XkeyRZ
X-Cdn-Diag
X-NewRelic-App-Data
Uri
X-Client-Ip
X-Jungle-Id
Origin-EX
X-CUA
X-Presslabs-Stats
X-CS
Origin-CC
X-URL
X-NWS-UUID-VERIFY
Mime-Version
X-Tt-Logid
X-TIME
Srv
X-Amz-Meta-Opti
X-Info
Fastly-Drupal-Html
Tcn
Cf-Ipcountry
CacheControlHeader
X-Cached-By
MIME-Version
True-Client-IP
X-IAuth-Set-Uid
True-Client-Ip
X-Fastly-Country-Code
X-Segment-20210421
X-User
X-Variation
X-HostName
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-LAGOON
X-CACHE-AGE
X-Datacenter
X-Render-Time
CDN
X-Geo
X-Varnish-Beresp-TTL
X-Oracle-DMS-ECID
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
Load-Balancing
X-VTEX-Cache-Time
X-B3-Spanid
X-LiteSpeed-Cache-Control
X-Vc
VNS-Cache
Debug
Edge-Cache
X-HOST
VNS-Age
X-Webkit-Csp-Report-Only
X-Wormhole-Sdk
X-LiteSpeed-Tag
X-Auth-Group-Type
X-Api-Version
X-PDP-UNCACHING-HASH
X-AIR-PT
Ohc-File-Size
Lb
X-Dispatch
X-Ig-Push-State
Hostname
X-FPC
X-CSRF-TOKEN
Cl-Cache
Server-Id
X-Dispatcher-Number
X-MCACHE
X-NC
X-WA
X-NodeID
Odigeo-Trace-Id
Ohc-Cache-HIT
X-APP-VERSION
X-Esi
GeoIP-Country-Code
X-Litespeed-Tag
X-Vgn-Hpd-Reason
X-Cs
X-Custom-Header
X-Lb-Nocache
Cache-Name
X-Cdn-Cache-Status
X-Depends
X-PHP-Backend
X-Pad
X-ServedByHost
X-DefElseHash
X-DefHash
X-Varnish-CookieINHashed-On
X-Mid
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Cache-Ttl
X-VC-TTL
X-Fastly-Backend-Reqs
X-M-Reqid
X-M-Log
PICS-Label
X-Via-PopH
X-Ha-Backend
X-Via-PopN
X-Via-PopV
CountryCode
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-VCL-Version
X-Srcache-Store-Status
Ms-Author-Via
X-Lb-Id
X-Cdn-Request-ID
Xkeylog
Xkey-La3
X-MSEdge-Flight
X-Proxy-Cache-La3
X-MiniProfiler-Ids
X-Shardid
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
X-Shopid
X-Sorting-Hat-Shopid
BehaviorPad-Version
X-Sorting-Hat-Podid
FSS-Cache
Geoip-Latitude
X-Cache-Enabled
X-Snapshot-Date
X-Web-Server
Ngx
X-RequestId
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
Time
X-Cache-FS-Status
Memcached
Memory
X-APP
X-Acquia-Purge-Tags
OriginIP
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Version
Warning
Location
X-FL-QIT-DEBUG
Server-Info
X-Requestid
Srvid
Cloudfront-Viewer-Country
Epwk-X-Cache
X-FL-EDGE
X-Sucuri-Id
X-Dw-Trace-Id
Sm-Log-Id
X-Check-Cacheable
X-Serial
X-Service-Response-Time
X-Mg-Cache
X-Udemy-Cache-App-Namespace
CF-Cached-On
X-Lsadc-Cache
X-Th-Server
Akamai-Cache-Status
X-Wp-Cf-Super-Cache-Cookies-Bypass
YJS-ID