Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
X-XSS-Protection
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
P3p
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
CF-Ray
X-Ua-Compatible
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Backend
Allow
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Vhost
X-Rq
Xkey
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Application-Context
X-Country-Code
X-Oneagent-Js-Injection
X-Trace
X-Cache-Lookup
Content-Location
X-Ruxit-JS-Agent
X-Url
Service-Worker-Allowed
X-Content-Type
X-Clacks-Overhead
X-ECACHE
X-Country
X-Edge
X-Litespeed-Cache
X-Mod-Pagespeed
X-Origin-Cache-Key
X-Amz-Server-Side-Encryption
X-Rack-Cache
Cache-Tag
X-Midtier
X-FTR-Request-ID
Cross-Origin-Opener-Policy
Accept-Ch
X-MS-InvokeApp
X-Mcache
X-Upstream
X-ESI
Nginx-Cache
X-Powered-By-Plesk
X-PC
X-TtlSet
X-Vname
Rating
Edge-Control
X-Browser-Type
X-D2id
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
Verso
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Times
X-Server-Name
X-Ac
X-Ruxit-Js-Agent
X-Cnection
SPRequestDuration
SPIisLatency
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Vcap-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-SharePointHealthScore
SPRequestGuid
X-Dw-Request-Base-Id
X-RateLimit-Remaining
X-B3-TraceId
X-GitHub-Request-Id
X-VARITI-CCR
X-Ser
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
AR-CACHE
S
X-Cache-Key
X-NF-Request-ID
RTSS
X-Mg-S
Origin-Trial
X-Cache-TTL
X-Server-ID
Edge-Cache-Tag
X-Amz-Rid
Display
Pagespeed
X-Sol
X-Middleton-Display
Fastly-Restarts
X-Amzn-Trace-Id
X-Content-Security-Policy-Report-Only
X-Ttl
X-Goog-Hash
X-Client-IP
X-Powered-CMS
X-NWS-LOG-UUID
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Version
X-Edge-Location-Klb
X-Kinsta-Cache
Access-Control-Request-Method
X-Varnish-TTL
Cache-Status
X-ARC
X-Recruiting
X-Content-Digest
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-T
X-Webkit-Csp
X-MSEdge-Ref
X-Forwarded-For
X-Middleton-Response
Response
X-TraceId
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Ua-Device
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
TP-Cache
X-Hits
X-Cached
X-Shield-Request-Id
Public-Key-Pins
X-RateLimit-Limit
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Request-Processing-Time
X-Request-Received
X-FTR-Expires
X-Id
Server-Node
X-HS-Cache-Config
Payment
MS-Author-Via
X-Frontend
X-HS-Combine-CSS
X-HS-Hub-Id
X-Ua-Browser
X-HS-Content-Id
X-FastCGI-Cache
X-WebKit-CSP-Report-Only
X-DIS-Request-ID
Front-End-Https
Cross-Origin-Resource-Policy
X-LLID
X-Forwarded-Proto
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-GUploader-UploadID
X-Kinja-CCPA
Cache-Tags
X-Daa-Tunnel
X-LB-Cache
TP-L2-Cache
Realpath
X-Fastcgi-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Protected-By
X-Origin-Server
Count-Hit
X-Distributor
X-ORACLE-DMS-RID
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
X-PressLabs-Stats
X-F-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
X-TTL
X-Cluster-Name
MRF-Tech
X-AppVersion
X-Www-Served-By
X-Activity-Id
X-Varnish-Backend
Accept-Charset
X-NGENIX-Cache
X-Az
X-Correlation-Id
X-Geo-Country
X-Hostname
Referer-Policy
X-App-Server
X-Debug-Info
X-Kong-Proxy-Latency
X-FB-Debug
X-Envoy-Decorator-Operation
X-Goog-Metageneration
Fastcgi-Cache
X-Kong-Upstream-Latency
X-Varnish-Server
Host
X-Rid
Access-Control-Allow-Method
X-Git-Hash
X-ORACLE-DMS-ECID
Retry-After
Server-Name
X-Fastly-Request-ID
X-Oracle-Dms-Ecid
X-RateLimit-Reset
X-Tt-Trace-Host
X-Px
X-Tt-Trace-Tag
X-Content-Options
DC
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Ratelimit-Limit
X-TEC-API-VERSION
X-Load-Cache
X-B3-Sampled
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Is-Crawler
X-Contextid
X-Flags
X-Revision
TCN
X-Webkit-CSP
X-B-Cache
X-Mobile
X-App-Environment
X-Grace
X-Trace-Id
X-Signature
Paypal-Debug-Id
X-Origin-Cache
X-Type
Cleartype
X-TT
Charset
X-Datadog-Sampling-Priority
X-Amz-Meta-S3cmd-Attrs
X-Language
X-Fb-Rlafr
X-Datadog-Trace-Id
X-Cache-Control
X-Datadog-Parent-Id
X-B
Section-Io-Cache
X-CSRF-Token
X-Seen-By
Frame-Options
X-Oracle-Dms-Rid
X-Amz-Replication-Status
X-Logged-In
X-Upgrade-Enabled
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-ASPNET-VERSION
X-Ezoic-Cdn
Filterid
X-Whom
X-XRDS-LOCATION
X-Wix-Request-Id
Healthy
X-Magnolia-Registration
X-Newrelic-App-Data
X-Varnish-Ttl
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-App-Version
X-Node-Name
Content-Disposition
X-B3-Traceid
X-Proxy
X-N
X-Ratelimit-Remaining
Backend
Akamai-GRN
X-Template
Upgrade-Insecure-Requests
X-Fastly-Request-Id
Refresh
NGB
X-Proxy-Cache-Info
X-Air-Pt
X-Response-Served-From
X-Original-Request-Id
X-Rendered-As
X-Is-Bot
X-Tumblr-Pixel-0
X-Unique-Id
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-ProcessESI
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
X-RemovedCookies
X-Servername
X-Page-View
X-Yottaa-Optimizations
X-Datadog-Sampled
Liferay-Portal
X-Debug-IsConnected
X-Debug-IsPreview
X-RTag
X-Amzn-Remapped-Content-Length
MS-CV
X-Adobe-Content
Viewport
X-Yottaa-Metrics
X-Instance
Url
X-Varnish-Grace
Ms-Operation-Id
X-Adobe-Loc
X-FW-Type
X-G
X-FW-Static
X-FW-Version
X-Debug
X-Cache-Grace
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
X-IPS-LoggedIn
X-Cacheable-TTL
X-User-Agent
X-Region
X-UUID
Fastly-SIE
X-B3-SpanId
From-Origin
Fastly-SWR
X-Device-Type
X-NYM-Debug-Backend
X-L-Path
X-Environment-Context
X-Jobs
X-Rule
Country
X-Cache-Hit
X-Status
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Amp-Access-Control-Allow-Source-Origin
Surrogate-Key
X-Hosted-By
X-Use-Magma
X-XRDS-Location
X-Hl-Ver
X-Backend-Name
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
ServerID
X-Http-Reason
X-Content-Powered-By
X-Akamai-Request-ID2
Protected
X-Cache-Status-Check
X-VC-Cache
X-Cache-Age
X-Origin-CC
Alternate-Protocol
X-Origin-TTL
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Hcs-Proxy-Type
X-Time
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Version
X-HTML-Minification-Powered-By
X-Akamai-Edgescape
Countrycode
X-NODE
X-INCAP-ABP
WPO-Cache-Status
WPO-Cache-Message
X-COUNTRY
X-Rocket-Nginx-Serving-Static
X-CDN-Forward
X-Framework
CF-IPCountry
X-Via-JSL
SRV
GEO-INFO
CDN-RequestId
X-Edge-Location
Front
X-Cache-Rule
X-WP-CF-Super-Cache-Active
X-Nginx-Cache
X-Storage
Access-Control-Request-Headers
X-Source
X-Httpd
X-Accel-Version
X-Endurance-Cache-Level
X-Mode
X-Upstream-Ct
Xet-Cookie
X-UPSTREAM-Address
X-Rn-Rsrv
X-Xfnlog-Site
Accept-Language
X-Cache-Operation
X-Upstream-Ht
Filters
Meta-Geo
Webserver
OT-Force-Account-Verify
X-Rewrite-Enabled
X-Detected-As
X-Served-From
X-Director
Selected-Fe
X-Tumblr-Pixel-2
X-JoinUs
X-Timing-Wait
X-Soup
X-Tumblr-Pixel-3
X-Real-IP
X-SaId
X-Proxy-Build
X-Cache-Debug
X-Cache-Time
X-Cms-Context
X-BYPASS-REASON
X-Varnish-Age
X-Tncms
X-Use-Mantle
X-Sql-Duration-Ms
X-Handled-By
X-ProxyCache-Key
X-ProxyCache-Status
X-Redis-Cache
X-Varnish-Cache-Hits
ServedBy
X-Sql-Count
X-Vcache
X-Adobe-Source
X-Say-Cacheable
X-SayCDN-TTL
X-Loop
X-Say-TTL
X-Lambda-Id
X-GeoCode
X-GeoCountry
X-Skip-Cache
X-Worker
X-Origin-Hint
X-PHP-Host
Azure-Version
X-Format
TWC-GeoIP-Country
DB-Nickname
Azure-SlotName
Azure-SiteName
X-Server-W
Apigw-Requestid
Azure-InstanceId
Azure-RegionName
TWC-GeoIP-LatLong
X-S
Webcakes-App-Version
Webcakes-App-Name
Xserver
Property-Id
X-VC
X-Varnish-Beresp-Grace
X-Logging-Id
X-Labrador-Cache-Channel
Web-Mar-Node
X-No-Session
Webcakes-Region
TWC-Device-Class
X-Restarts
TWC-Locale-Group
TWC-Privacy
TWC-Connection-Speed
X-AWS-Id
Mn-Server-Ip
X-DynaTrace
X-Fetched-On
X-Cache-Server
X-Git-Commit
X-RM-Cache-TTL
X-IPLB-Request-ID
X-Container-Uri
X-LJ-Flow-ID
X-VCT
X-IPLB-Instance
X-Cache-Host
X-RCS-CacheZone
X-VWS-Id
X-Generation-Time
X-Is-Mobile
X-Ms-Version
X-Ms-Request-Id
X-Vercel-Cache
X-Vercel-Id
X-Routing-Service
X-Reqid
X-Origin
X-Provided-By
X-Proxied
X-Cluster
X-Zipkin-Id
X-Geo-Region
X-Frame-Option
X-Forwarded-Host
X-Extlb
X-Tb
X-Tcp-Rtt
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Desktop
X-ServerID
Node
X-AB
X-Browser-Name
X-Uri
Cache-Tv-Group
X-R9-Blue-Green-Version
Section-Io-Id
X-Site-Version
X-Locale
Priority
X-FB-TRIP-ID
Content-Secure-Policy
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
Source
Fastcgi-Useragent
X-Webstats-RespID
X-Web-Node
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-MP-GENERATED-AT
Onion-Location
AMP-Access-Control-Allow-Source-Origin
WP-Super-Cache
WZWS-RAY
CDN-Cache
X-Origin-Date
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-CachedAt
CDN-RequestCountryCode
Cross-Origin-Embedder-Policy
CDN-PullZone
CDN-EdgeStorageId
X-Alternate-Cache-Key
X-Content-Age
X-Urbn-Site-Id
X-Vcl-Version
Locale
X-Shopify-Stage
X-Urbn-Context-Path
X-Storefront-Renderer-Rendered
S-Rt
X-Generated-By
X-Ua
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Xrds-Location
X-SRV
X-ShopId
X-ShardId
X-Varnish-Beresp-Ttl
X-Sucuri-Cache
X-Pass-Why
X-Cluster-Node
X-Newrelic-Synthetics
X-Cdn-Origin
X-Proxy-Cache-Status
X-Cache-Action
X-Sucuri-ID
X-Buckets
Sid
X-Mg-Request-UUID
X-DataDome
Fastly-Drupal-HTML
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-TT-LOGID
X-TA-CDN-Provider
X-Shield-Cache-Expires
X-Scope-Id
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-CMSURLCustom
X-LSADC-Cache
Cache
X-Request-URI
X-GEO
Cross-Origin-Embedder-Policy-Report-Only
X-ScT
X-Application
Rendered-Blocks
X-B-Cookie
X-SRCache-Key
DCR-Processing-Time-Ms
Candidate-Md5Url
X-Bc-Bl
CDCHOST
X-S-Cookie
X-TIM-N
X-Scheme
Sslversion
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Vtex-Remote-Cache
X-A-Dam
X-A
X-A-Ccd
X-DC
X-Viewer-Country
Surrogated-Key
X-BCube-Filmed-By
T-Server
X-Vdms-Path
Type
X-Vdms-Version
X-Aed
X-Rojux
Environment
X-Ec-Fail
X-D
X-Ec-GeoHdr
X-Epic-Correlation-Id
Origin-Agent-Cluster
X-Ec-Custom-Error
X-Developer
Ngx-Var-Key
X-Destination
Ngx.Var.Host
Origin
DCR-Decision-By
X-PAYTM-SRV-ID
MD5-Digest
Gannett-Cam-Experience-Id
X-Cache-Bucket
X-Bl-Debug
Lang
HostName
Redirect-Candidate
Meta-Geo-Continent
X-External-Request-Id
X-Cache-NE
X-Conf
X-Aspnetmvc-Version
X-Optimistic-Header
X-WP-CF-Super-Cache-Cookies-Bypass
V-Age
Magicmarker
X-We-Are-Hiring
Server-Hostname
Host-ID
Fastly-SSL
L
Fastly-GeoIP-CountryCode
Release
Req-Svc-Chain
Pramga
Sever-Int
Server-Host
Server-Ext
Ssr
X-Up
X-Debug-Cache-Store
X-Dispatcher-Server
X-Origin-Time
X-Fastly-Cache
X-Debug-Cache-Fetch
X-Platform
X-Pubstack
X-Proxied-Request
X-Core-Value
X-Pool
X-Gdpr
X-Op-Id-All
X-GeoIP-Region-Code
X-Human
X-Instance-Name
X-Level-Front-Cache
X-GeoIP-Country-Code
X-Generated-On
X-Nyt-Route
X-Mly-Id
X-Men
X-Cache-Info
X-Req
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Varnish-Beresp-Status
X-Loc
X-Varnish-Director
X-Varnish-Hostname
X-VServer
X-VG-WebCache
X-VG-TLSProxy
X-Thanos
X-Sigma-Backend
X-BBC-Edge-Cache-Status
X-Rocket-Build-Number
X-Request-Time
X-Bip
X-SB
X-Aicache-OS
X-Sigma
X-Section
X-SD-PageType
Vix-Hermes-Req-Id
X-B3-Trace-ID
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Correlation-ID
Apple-News-Services-Request-Url
X-VCache
Apple-News-Services-Handled
X-Via-CDN
Edge-Copy-Time
X-Datadome
User-Cache-Control
X-Via-Edge
X-TimeS
Atl-Traceid
X-Via-SSL
X-Service
X-Esi-Check
X-Request-Start
X-Zen-Fury
X-DPWN-IS-SECURE
Req-ID
X-Server-IP
X-Device-Os
X-Forwarded-Site
X-Node-Id
X-Cache-Id
Wxu-Next-Region
X-Ad-Load-Variation
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Web-Mar-Region
X-ApacheServer
X-Auto-Login
X-Varnishpool
X-Core-Mission
X-Clientip
X-SVT-ORM-VERSION
X-Block-Status
X-Cache-Date
X-TH-Server
X-From
X-Org
X-Origin-Response-Time
X-PERF
X-Old-Content-Length
X-NMSegId
X-NCache
X-Nginx-Cache-Key
X-Policy
X-Tt-Logid
X-UA-Device-Type
X-SVT-ORM-RULES
X-V-Cache
X-Var-Ttl
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Gen-Mode
X-Geo-Header
X-GeoIP
Uber-Trace-Id
X-Fmm-Version
X-Fastly-Backend
X-FC-Vary-Parameters
X-GeoIP-City
X-Gzip
X-Irp-Debug
X-Micro-Cache
X-WA-Info
X-HS-Content-Campaign-Id
X-Hash
X-Hnp-Log
X-Nf-Request-Id
X-Cache-TTL-Remaining
Mail-Subject
Machine
Adler-Geo
Country-Code
Click-Count-Action-Start
DSUID
Canary
Is-Eu
Gh-Request-Id
C-Via
Cache-Provider
Esi-Enabled
NM-Fastcgi-Cache
Click-Count-Error
True-Client-Country-4JS
Tube-Got-Results
Platform
Producers
Tube-Return
Tube-Got-Eval
On-Server
Tube-Get-Contents
X-HA-Backend
X-CacheTTL
X-Via-Popv
X-Cdn-Srv
Proxy-Firewall
IsBot
X-Edge-Server
Pics-Label
X-GoCache-CacheStatus
AKAMAI
X-Via-Poph
X-Test
LB
X-Request-Host
X-Proto
W
X-SIPLIST1
Cf-Device-Type
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Cdn-Host
Cdn-Request-Time
X-Via-Popn
X-App-Name
X-Parent-Response-Time
X-Csrf-Jwt
Ha-Gx-Prefs
X-Date
Fastly-Backend-Name
HA-Ipaddr
Expect-Staple
N-Cache
X-Ratelimit-Reset
NGX
X-Owner
X-Eu-Site
L5d-Success-Class
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-ZONE
X-Accel-Expires-Debug
Cluster
X-CGP
X-Amz-Meta-Cb-Modifiedtime
X-Connection-Hash
Datacenter
Expiry
X-Varnish-Authentication
X-LB-NoCache
X-Cache-Aspx
X-NGINX-Cache
X-Qloud-Router
Content-Script-Type
X-Moov-Xdn-Version
X-Moov-T
X-Cache-Type
X-Contensis-Viewer-Groups
X-Tx-Id
X-Forwarded-Path
X-Orig-Expires
A
Xc-Version
X-Tenant
X-Shop-Environment
X-Branch-Name
X-Ah-Environment
Content-Style-Type
Cache-Key
X-Gamma-Serve
RNT-Time
RNT-Machine
Cdn
SID
X-Dc
Server-ID
X-Region-Sid
X-Wa
X-AK-Request-ID
X-ND-Cache
X-Servedbyhost
X-Varnish-Hits
Cdnsip
X-Refresh
Cmstype
X-LB-ID
Locid
Yak-Timeinfo
Cdncip
X-Nc
Cmsid
X-LAGOON
X-Amz-Storage-Class
CPC-Age
X-Cdn-Diag
X-HN
X-Tb-Optimization-Total-Bytes-Saved
X-VarnishDD-TTL
PFcat
X-Vmg-Version
CPC-Cache
X-VHOST
X-DynaTrace-JS-Agent
X-Api-Version
NtCoent-Length
X-TIME
GeoIp-Country-Code
X-Backend-Instance
X-Fpc
X-Client-Ip
X-CDN-Cache-Status
RATING
X-MCACHE
X-Azure-Ref-OriginShield
X-Srv
Cdn-Requestid
XM
CloudFront-Viewer-Country
X-Nananana
CacheControlHeader
X-API-Version
X-Origin-Expires
Resin-Trace
X-B3-Parentspanid
X-Cache-Backend
X-Via-Fastly
X-Akamai-Transformed
X-CACHE-AGE
X-TX-ID
X-Variation
X-LiteSpeed-Tag
Uri
X-Hit
X-Zone
XkeyRZ
User-Agent
MIME-Version
X-Fastly-Country-Code
X-Proxy-CacheRZ
X-Lagoon
X-CSRF-TOKEN
X-LiteSpeed-Cache-Control
VNS-Age
X-URL
VNS-Cache
X-Vc
X-NewRelic-App-Data
Cache-Name
X-Amz-Meta-Opti
X-Datacenter
Cross-Origin-Opener-Policy-Report-Only
True-Client-Ip
X-Info
Tcn
X-UA
X-Dynatrace-Js-Agent
Lb
Hostname
True-Client-IP
X-DataCenter
GeoIP-Latitude
X-B3-Spanid
X-HostName
DataCenter
X-Ig-Origin-Region
X-Geo
X-Presslabs-Stats
X-Dispatcher-Number
X-Location
X-AIR-PT
Cache-Hits
Fusion-Source
Fusion-Template-Id
X-NWS-UUID-VERIFY
Fusion-Deployment-Id
Fusion-Component-Id
Mime-Version
X-Cached-By
Fusion-Content-Id
Fusion-Content-Source
Powered-By
X-Mid
X-Cloudmap
Fastly-Drupal-Html
Origin-CC
Cf-Ipcountry
X-CUA
X-Jungle-Id
Origin-EX
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-IAuth-Set-Uid
X-User
X-Segment-20210421
BehaviorPad-Version
X-CS
Srv
Ohc-File-Size
Debug
GeoIP-Country-Code
X-Traceid
X-Varnish-Beresp-TTL
X-ECache
CountryCode
X-Dispatch
X-Cdn-Cache-Status
X-Cache-Enabled
Cl-Cache
X-Render-Time
X-Esi
Ohc-Cache-HIT
X-Litespeed-Tag
X-Powered-By-VTEX-Cache
Server-Info
X-Cs
X-VTEX-Cache-Time
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-VTEX-Cache-Server
X-FPC
Load-Balancing
Location
My-App
X-Oracle-DMS-ECID
X-Lb-Id
X-RID
X-Wormhole-Sdk
Wpo-Cache-Message
Wpo-Cache-Status
CDN
X-VCL-Version
Edge-Cache
X-Auth-Group-Type
X-WA
X-ServedByHost
CF-Ctrl
Server-Id
X-Internal-Host
X-NC
YJS-ID
X-Snapshot-Date
X-Fastly-Backend-Reqs
X-App
Section-Io-Origin-Status
X-MSEdge-Features
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Nitro-Cache
X-Lb-Nocache
X-MSEdge-Flight
X-ID
X-Litespeed-Cache-Control
Ms-Author-Via
X-NodeID
Xkey-La3
X-Ig-Push-State
Xkeylog
X-Proxy-Cache-La3
X-Nitro-Cache-From
X-Nitro-Rev
X-Cdn-Request-ID
CF-Cached-On
X-MiniProfiler-Ids
X-Cache-FS-Status
X-Akamai-Pragma-Client-IP
X-Dw-Trace-Id
X-Acquia-Application-UUID
X-APP-VERSION
X-Acquia-Site
Odigeo-Trace-Id
OriginIP
X-FL-EDGE
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Srvid
Memcached
X-Th-Server
FSS-Cache
X-Acquia-Application-Trace
X-FL-QIT-DEBUG
Time
X-Acquia-Purge-Tags
Ngx
Memory
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-Cache-Version
Akamai-Cache-Status
X-Vgn-Hpd-Reason
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Mg-Cache
X-Vary
X-Varnish-Remaining-TTL
X-Lsadc-Cache
X-Web-Server
X-Via-PopN
X-Te-Duration-Ms
X-Te-Count
X-Pad
X-Via-PopH
X-Ha-Backend
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-RequestId
X-Udemy-Cache-App-Namespace
X-Http-Duration-Ms
X-Http-Count
X-Check-Cacheable
X-Serial
X-Service-Response-Time
X-Sucuri-Id
Sm-Log-Id
X-DefHash
X-Via-PopV
X-DefElseHash
X-Fastly-Cache-Hits
Yjs-Id