Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
X-XSS-Protection
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Xss-Protection
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
P3p
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
X-Content-Security-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
X-Backend
Allow
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Vhost
X-Rq
Xkey
X-Age
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Swift-CacheTime
X-Swift-SaveTime
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-WebKit-CSP
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Nginx-Cache-Status
X-Node
Accept-Ch-Lifetime
X-Application-Context
X-Country-Code
X-Oneagent-Js-Injection
X-Trace
X-Cache-Lookup
Content-Location
X-Ruxit-JS-Agent
X-Litespeed-Cache
X-Url
Service-Worker-Allowed
X-Content-Type
X-Clacks-Overhead
X-ECACHE
X-Country
X-Edge
X-Mod-Pagespeed
X-Origin-Cache-Key
X-Amz-Server-Side-Encryption
X-Rack-Cache
Cache-Tag
X-Midtier
X-FTR-Request-ID
Cross-Origin-Opener-Policy
Accept-Ch
X-MS-InvokeApp
X-Mcache
X-Upstream
X-ESI
Nginx-Cache
X-Powered-By-Plesk
X-PC
X-TtlSet
X-Vname
Rating
Edge-Control
X-Browser-Type
X-D2id
X-Element-Page-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
Verso
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Times
X-Server-Name
X-Ac
X-Ruxit-Js-Agent
X-Cnection
SPRequestDuration
SPIisLatency
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Vcap-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Dw-Request-Base-Id
X-NF-Request-ID
X-RateLimit-Remaining
X-GitHub-Request-Id
X-VARITI-CCR
X-Ser
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
AR-CACHE
X-Ttl
S
X-Cache-Key
RTSS
Origin-Trial
X-Mg-S
X-Cache-TTL
Edge-Cache-Tag
X-Amz-Rid
X-Sol
X-Middleton-Display
Pagespeed
Display
Fastly-Restarts
X-Goog-Hash
X-Amzn-Trace-Id
X-Content-Security-Policy-Report-Only
X-Client-IP
X-Varnish-TTL
X-Powered-CMS
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Version
X-Kinsta-Cache
Access-Control-Request-Method
X-Edge-Location-Klb
Cache-Status
X-ARC
X-Recruiting
X-Server-ID
X-Content-Digest
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Arr-Disable-Session-Affinity
X-Webkit-Csp
X-T
X-MSEdge-Ref
X-Forwarded-For
X-Middleton-Response
Response
X-TraceId
Content-MD5
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Ua-Device
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
TP-Cache
X-Hits
X-Cached
X-Shield-Request-Id
Public-Key-Pins
X-RateLimit-Limit
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Request-Processing-Time
X-Request-Received
X-FTR-Expires
X-Id
Server-Node
X-HS-Cache-Config
Payment
MS-Author-Via
X-Frontend
X-HS-Combine-CSS
X-HS-Hub-Id
X-Ua-Browser
X-HS-Content-Id
X-Fastcgi-Cache
X-DIS-Request-ID
Front-End-Https
Cross-Origin-Resource-Policy
X-LLID
X-WebKit-CSP-Report-Only
X-Forwarded-Proto
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-GUploader-UploadID
X-Kinja-CCPA
Cache-Tags
X-LB-Cache
TP-L2-Cache
X-Daa-Tunnel
Realpath
X-FastCGI-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Protected-By
X-Origin-Server
X-Distributor
Count-Hit
X-ORACLE-DMS-RID
X-Microsite
X-Request-Handler-Origin-Region
X-Page-Id
X-F-Cache
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Cluster-Name
X-NGENIX-Cache
Accept-Charset
X-Www-Served-By
X-AppVersion
X-Activity-Id
X-Varnish-Backend
X-Az
X-Correlation-Id
X-Geo-Country
X-Hostname
Referer-Policy
X-Debug-Info
X-App-Server
X-PressLabs-Stats
X-Goog-Metageneration
X-Envoy-Decorator-Operation
X-FB-Debug
X-Kong-Upstream-Latency
Fastcgi-Cache
X-Kong-Proxy-Latency
Host
X-Varnish-Server
X-Rid
Access-Control-Allow-Method
X-Git-Hash
X-ORACLE-DMS-ECID
X-TTL
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Retry-After
Server-Name
X-Fastly-Request-ID
X-Oracle-Dms-Ecid
X-RateLimit-Reset
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Px
DC
X-Content-Options
X-Ratelimit-Limit
X-Request-Guid
X-Load-Cache
X-Contextid
X-Route-Name
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Flags
X-B3-Sampled
TCN
X-Revision
X-Grace
X-Trace-Id
X-Signature
X-B-Cache
X-App-Environment
X-Mobile
X-Type
Paypal-Debug-Id
Cleartype
Charset
X-Origin-Cache
X-TT
X-Datadog-Sampling-Priority
X-Language
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Cache-Control
X-B
X-Fb-Rlafr
X-CSRF-Token
Section-Io-Cache
X-Oracle-Dms-Rid
X-Seen-By
Frame-Options
X-Amz-Replication-Status
X-Logged-In
X-Upgrade-Enabled
X-Goog-Storage-Class
Filterid
X-Goog-Generation
X-Ezoic-Cdn
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-ASPNET-VERSION
X-XRDS-LOCATION
X-Whom
X-Wix-Request-Id
X-Magnolia-Registration
Healthy
X-Newrelic-App-Data
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-App-Version
X-Node-Name
Content-Disposition
X-Proxy
X-N
X-Ratelimit-Remaining
Backend
X-Air-Pt
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
NGB
Refresh
X-Proxy-Cache-Info
X-Fastly-Request-Id
X-Varnish-Ttl
X-Response-Served-From
X-B3-SpanId
X-Original-Request-Id
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Unique-Id
X-Tumblr-Pixel
X-Servername
SD-X-WS
VIX-Pulpo-Node
X-Page-View
X-RemovedCookies
VIX-Pulpo-Upstream-Status
X-ProcessESI
Url
X-Amzn-Remapped-Content-Length
X-Adobe-Loc
X-Yottaa-Optimizations
X-Instance
X-RTag
MS-CV
Ms-Operation-Id
Liferay-Portal
X-Debug-IsPreview
Viewport
X-Varnish-Grace
X-Debug-IsConnected
X-Adobe-Content
X-Datadog-Sampled
X-Yottaa-Metrics
X-G
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Cache-Grace
X-IPS-LoggedIn
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-FW-Version
X-Region
X-Debug
X-Cacheable-TTL
X-User-Agent
Fastly-SIE
Fastly-SWR
X-UUID
X-Device-Type
X-Environment-Context
From-Origin
X-L-Path
X-Jobs
X-NYM-Debug-Backend
X-Rule
X-Cache-Hit
X-B3-Traceid
Country
X-Status
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Surrogate-Key
X-Hosted-By
Amp-Access-Control-Allow-Source-Origin
X-Use-Magma
X-XRDS-Location
X-Hl-Ver
X-Backend-Name
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
ServerID
X-Content-Powered-By
X-Http-Reason
X-Webkit-CSP
X-Akamai-Request-ID2
Protected
X-Origin-CC
X-Cache-Status-Check
X-VC-Cache
X-Origin-TTL
Alternate-Protocol
X-Cache-Age
X-Time
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Version
X-HTML-Minification-Powered-By
X-NODE
X-Akamai-Edgescape
Countrycode
X-INCAP-ABP
X-COUNTRY
WPO-Cache-Message
WPO-Cache-Status
X-CDN-Forward
X-Rocket-Nginx-Serving-Static
X-Framework
SRV
CF-IPCountry
X-Via-JSL
GEO-INFO
CDN-RequestId
X-Edge-Location
Front
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Rule
X-Storage
X-WP-CF-Super-Cache-Active
X-Nginx-Cache
X-Source
Access-Control-Request-Headers
X-Accel-Version
X-Httpd
X-Endurance-Cache-Level
X-Mode
X-Rn-Rsrv
X-Xfnlog-Site
OT-Force-Account-Verify
X-Upstream-Ct
X-UPSTREAM-Address
Webserver
X-Rewrite-Enabled
Filters
X-Cache-Operation
Meta-Geo
Accept-Language
X-Upstream-Ht
X-Real-IP
X-Soup
X-Detected-As
X-Served-From
X-JoinUs
X-Timing-Wait
Xet-Cookie
X-Tumblr-Pixel-2
Selected-Fe
X-Tumblr-Pixel-3
X-SaId
X-Cache-Debug
X-Cache-Time
X-Proxy-Build
X-Director
X-BYPASS-REASON
X-Tncms
X-Use-Mantle
X-Vcache
X-Adobe-Source
X-Cms-Context
X-Varnish-Age
ServedBy
X-Lambda-Id
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-Handled-By
X-Redis-Cache
X-Say-TTL
X-Sql-Count
X-SayCDN-TTL
X-Loop
X-ProxyCache-Key
X-Sql-Duration-Ms
X-Say-Cacheable
TWC-GeoIP-LatLong
Property-Id
X-Skip-Cache
X-GeoCountry
X-Format
TWC-Device-Class
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
TWC-GeoIP-Country
TWC-Connection-Speed
Apigw-Requestid
DB-Nickname
X-GeoCode
X-Worker
Webcakes-Region
Xserver
X-Logging-Id
X-RM-Cache-TTL
X-Server-W
X-Restarts
X-No-Session
X-Varnish-Beresp-Grace
X-S
X-Labrador-Cache-Channel
X-VC
TWC-Locale-Group
Webcakes-App-Version
TWC-Privacy
Web-Mar-Node
Webcakes-App-Name
X-PHP-Host
X-Origin-Hint
X-Fetched-On
Mn-Server-Ip
X-RCS-CacheZone
X-DynaTrace
X-Cache-Host
X-Cache-Server
X-VWS-Id
X-IPLB-Request-ID
X-Git-Commit
X-IPLB-Instance
X-LJ-Flow-ID
X-AWS-Id
X-Generation-Time
X-Container-Uri
X-VCT
X-Is-Supported-Browser
X-Ms-Version
X-Vercel-Cache
X-Ms-Request-Id
X-Vercel-Id
X-Origin
X-Routing-Service
X-Provided-By
X-Proxied
X-Reqid
X-Cluster
X-Zipkin-Id
X-ServerID
X-Geo-Region
X-Frame-Option
X-Forwarded-Host
X-Tb
X-Tcp-Rtt
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-Extlb
Node
X-AB
X-Browser-Name
X-R9-Blue-Green-Version
Cache-Tv-Group
X-Uri
Section-Io-Id
X-Locale
Priority
X-Site-Version
X-FB-TRIP-ID
Content-Secure-Policy
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
Fastcgi-Useragent
Source
X-Webstats-RespID
X-MP-GENERATED-AT
X-Drupal-Cache-Tags
WZWS-RAY
X-Drupal-Cache-Contexts
X-Vcl-Version
X-Web-Node
AMP-Access-Control-Allow-Source-Origin
WP-Super-Cache
Onion-Location
Cross-Origin-Embedder-Policy
X-Origin-Date
X-SRV
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-Uid
CDN-Cache
CDN-CachedAt
X-Shopify-Stage
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Content-Age
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
S-Rt
X-Generated-By
X-Ua
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Xrds-Location
X-ShopId
X-ShardId
X-Varnish-Beresp-Ttl
X-Cluster-Node
X-Sucuri-Cache
X-Cdn-Origin
X-Newrelic-Synthetics
X-Pass-Why
X-Cache-Action
X-Sucuri-ID
X-Proxy-Cache-Status
X-Buckets
X-TT-LOGID
X-DataDome
X-Mg-Request-UUID
Cross-Origin-Window-Policy
Fastly-Drupal-HTML
X-Cache-Expired-At
Sid
X-Scope-Id
X-Shield-Cache-Expires
X-CMSURLCustom
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Thinkindot-L3
Thinkindot-Control
X-TA-CDN-Provider
X-GEO
X-LSADC-Cache
Cache
X-Request-URI
Cross-Origin-Embedder-Policy-Report-Only
DCR-Processing-Time-Ms
X-Application
Rendered-Blocks
X-SRCache-Key
X-Aed
X-TIM-N
X-ScT
X-B-Cookie
X-S-Cookie
Gannett-Cam-Experience-Id
MD5-Digest
CDCHOST
Sslversion
X-Scheme
X-Rojux
Surrogated-Key
X-A-Dcw
X-A-Dgt
X-Vtex-Remote-Cache
X-A-Dam
X-A
X-A-Ccd
X-A-Wwc
X-DC
X-Vdms-Path
T-Server
X-Vdms-Version
Type
X-Viewer-Country
X-Bc-Bl
Candidate-Md5Url
X-Developer
DCR-Decision-By
Meta-Geo-Continent
X-Ec-Custom-Error
Ngx.Var.Host
X-Destination
X-BCube-Filmed-By
Origin
Origin-Agent-Cluster
X-D
Ngx-Var-Key
X-Conf
X-Ec-Fail
HostName
X-PAYTM-SRV-ID
Environment
X-External-Request-Id
X-Ec-GeoHdr
X-Bl-Debug
Redirect-Candidate
X-Cache-NE
X-Epic-Correlation-Id
Lang
X-Cache-Bucket
X-Aspnetmvc-Version
X-Optimistic-Header
X-WP-CF-Super-Cache-Cookies-Bypass
V-Age
X-We-Are-Hiring
Server-Hostname
Release
Req-Svc-Chain
Fastly-SSL
Fastly-GeoIP-CountryCode
L
Host-ID
Magicmarker
Pramga
Sever-Int
Server-Host
Server-Ext
Ssr
X-Loc
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Dispatcher-Server
X-Origin-Time
X-Platform
X-Pool
X-Req
X-Pubstack
X-Proxied-Request
X-Core-Value
X-Fastly-Cache
X-Gdpr
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Human
X-Instance-Name
X-Generated-On
X-Men
X-Op-Id-All
X-Nyt-Route
X-Mly-Id
X-Cache-Info
X-Request-Time
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Varnish-Beresp-Status
X-Level-Front-Cache
X-Varnish-Director
X-Varnish-Hostname
X-VServer
X-VG-WebCache
X-VG-TLSProxy
X-Up
X-Thanos
X-SB
X-BBC-Edge-Cache-Status
X-Rocket-Build-Number
X-Bip
X-Aicache-OS
X-SD-PageType
X-Sigma-Backend
X-Sigma
X-Section
Vix-Hermes-Req-Id
X-B3-Trace-ID
Apple-News-Services-Host
Apple-News-Services-Handled
X-VCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Correlation-ID
X-Via-CDN
Edge-Copy-Time
X-Via-SSL
X-Service
X-Via-Edge
User-Cache-Control
X-TimeS
X-Datadome
Atl-Traceid
X-Zen-Fury
X-Request-Start
X-Server-IP
X-DPWN-IS-SECURE
X-Device-Os
Req-ID
X-Forwarded-Site
X-TH-Server
X-Node-Id
X-Cache-Date
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
Uber-Trace-Id
We-Hiring
X-Ad-Load-Variation
X-ApacheServer
X-Clientip
X-Varnishpool
X-Cache-Id
X-Esi-Check
X-Auto-Login
X-Block-Status
X-Core-Mission
X-From
X-Org
X-Origin-Response-Time
X-PERF
X-Old-Content-Length
X-NMSegId
X-NCache
X-Nginx-Cache-Key
X-Policy
X-RateLimit-Limit-Second
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-UA-Device-Type
X-V-Cache
X-RateLimit-Remaining-Second
X-Var-Ttl
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Geo-Header
X-GeoIP
X-Gen-Mode
Tube-Return
X-FC-Vary-Parameters
X-Fmm-Version
X-GeoIP-City
X-Gzip
X-Irp-Debug
X-Micro-Cache
X-WA-Info
X-HS-Content-Campaign-Id
X-Hash
X-Hnp-Log
X-Fastly-Backend
X-Cache-TTL-Remaining
Machine
DSUID
Mail-Subject
Tube-Got-Results
Adler-Geo
Canary
Esi-Enabled
Gh-Request-Id
Is-Eu
C-Via
Cache-Provider
Click-Count-Error
Country-Code
Platform
NM-Fastcgi-Cache
Producers
Click-Count-Action-Start
Tube-Got-Eval
Tube-Get-Contents
On-Server
True-Client-Country-4JS
X-CacheTTL
X-Via-Popv
X-HA-Backend
IsBot
Proxy-Firewall
X-GoCache-CacheStatus
X-Edge-Server
N-Cache
Pics-Label
X-Cdn-Srv
AKAMAI
X-Via-Poph
X-Test
LB
X-Request-Host
X-Proto
W
X-SIPLIST1
Cf-Device-Type
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Datacenter
Cdn-Request-Time
X-App-Name
X-Via-Popn
Cdn-Host
X-Parent-Response-Time
X-Csrf-Jwt
Ha-Gx-Prefs
X-Date
Fastly-Backend-Name
HA-Ipaddr
Expect-Staple
X-Owner
X-Ratelimit-Reset
NGX
X-Eu-Site
L5d-Success-Class
X-Tt-Logid
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-ZONE
X-Accel-Expires-Debug
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Amz-Meta-Cb-Modifiedtime
X-CGP
Cluster
X-Connection-Hash
Expiry
SID
X-Contensis-Viewer-Groups
Content-Script-Type
X-Cache-Type
X-Cache-Aspx
X-Moov-T
X-Moov-Xdn-Version
X-Varnish-Authentication
X-LB-NoCache
X-Forwarded-Path
X-Orig-Expires
A
X-Shop-Environment
X-Tenant
X-Ah-Environment
X-Branch-Name
X-Qloud-Router
Content-Style-Type
X-Tx-Id
Xc-Version
X-NGINX-Cache
RNT-Time
Cache-Key
RNT-Machine
X-Gamma-Serve
Cdn
X-Dc
Yak-Timeinfo
X-Refresh
Cmstype
Cmsid
X-AK-Request-ID
X-Nc
X-Varnish-Hits
Server-ID
Cdnsip
Cdncip
Locid
X-Region-Sid
X-LB-ID
X-Servedbyhost
X-ND-Cache
X-Wa
PFcat
X-Amz-Storage-Class
X-Tb-Optimization-Total-Bytes-Saved
CPC-Age
X-Vmg-Version
X-VarnishDD-TTL
X-Cdn-Diag
X-HN
X-Nf-Request-Id
CPC-Cache
X-Api-Version
X-VHOST
X-DynaTrace-JS-Agent
X-MCACHE
RATING
NtCoent-Length
X-TIME
X-LAGOON
X-Fpc
GeoIp-Country-Code
X-Client-Ip
X-CDN-Cache-Status
X-Backend-Instance
Cdn-Requestid
X-Azure-Ref-OriginShield
X-Nananana
CloudFront-Viewer-Country
XM
Resin-Trace
X-Origin-Expires
X-B3-Parentspanid
CacheControlHeader
X-Cache-Backend
X-API-Version
X-Via-Fastly
X-Akamai-Transformed
X-Srv
X-CACHE-AGE
X-LiteSpeed-Tag
X-Variation
X-TX-ID
Uri
X-Lagoon
X-Hit
X-Zone
X-Fastly-Country-Code
XkeyRZ
MIME-Version
X-Proxy-CacheRZ
User-Agent
X-Presslabs-Stats
X-LiteSpeed-Cache-Control
X-URL
VNS-Age
X-CSRF-TOKEN
VNS-Cache
X-Vc
X-NewRelic-App-Data
Cache-Name
X-Amz-Meta-Opti
Cross-Origin-Opener-Policy-Report-Only
X-Info
True-Client-Ip
X-DataCenter
X-UA
Tcn
X-Dynatrace-Js-Agent
Lb
X-Datacenter
True-Client-IP
Hostname
GeoIP-Latitude
X-HostName
X-Dispatcher-Number
X-Ig-Origin-Region
X-Geo
X-Location
Cache-Hits
X-NWS-UUID-VERIFY
Fusion-Content-Source
Fusion-Deployment-Id
DataCenter
X-Webkit-Csp-Report-Only
X-Cached-By
Mime-Version
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-B3-Spanid
Powered-By
X-Mid
Origin-CC
X-AIR-PT
Cf-Ipcountry
Fastly-Drupal-Html
Origin-EX
X-Jungle-Id
X-CUA
X-Cloudmap
X-Cdn-Forward
X-IAuth-Set-Uid
X-User
BehaviorPad-Version
X-Segment-20210421
X-CS
Srv
X-Traceid
GeoIP-Country-Code
Ohc-File-Size
Debug
CountryCode
X-ECache
X-Varnish-Beresp-TTL
X-Dispatch
X-Cdn-Cache-Status
X-Render-Time
Cl-Cache
X-Esi
X-Cache-Enabled
Ohc-Cache-HIT
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-Wp-Cf-Super-Cache-Cache-Control
Server-Info
X-Cs
X-Wp-Cf-Super-Cache
X-VTEX-Cache-Time
X-FPC
Load-Balancing
Location
My-App
X-Oracle-DMS-ECID
X-Wormhole-Sdk
X-RID
X-Lb-Id
Wpo-Cache-Status
CDN
Wpo-Cache-Message
Edge-Cache
X-WA
X-Snapshot-Date
X-Auth-Group-Type
X-ServedByHost
X-NC
X-Litespeed-Tag
CF-Ctrl
YJS-ID
X-Internal-Host
Server-Id
X-App
X-Lb-Nocache
X-MSEdge-Features
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-MSEdge-Flight
X-Fastly-Backend-Reqs
Section-Origin-Responded
X-Nitro-Cache
Ms-Author-Via
X-VCL-Version
X-ID
X-Litespeed-Cache-Control
X-Nitro-Cache-From
X-Proxy-Cache-La3
X-Nitro-Rev
Xkey-La3
CF-Cached-On
Xkeylog
X-Cache-FS-Status
X-Cdn-Request-ID
X-Ig-Push-State
X-NodeID
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
X-Dw-Trace-Id
Memcached
OriginIP
Memory
X-Acquia-Purge-Tags
X-Acquia-Site
Time
X-IN-APIGATEWAY
X-Acquia-Application-UUID
X-IN-APIGATEWAYSSL
Ngx
Srvid
X-Th-Server
Odigeo-Trace-Id
X-FL-EDGE
X-Acquia-Application-Trace
X-APP-VERSION
FSS-Cache
X-FL-QIT-DEBUG
X-Sorting-Hat-Shopid
X-Cache-Version
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-Varnish-Remaining-TTL
X-Vary
X-Varnish-CookieINHashed-On
Akamai-Cache-Status
X-Mg-Cache
X-Vgn-Hpd-Reason
X-Varnish-CookieHashed-On
X-Http-Count
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-RequestId
X-Ha-Backend
X-Via-PopH
X-Lsadc-Cache
X-Fastly-Cache-Hits
X-Via-PopV
X-Via-PopN
X-Udemy-Cache-App-Namespace
X-Te-Duration-Ms
X-Check-Cacheable
X-Serial
X-Service-Response-Time
X-Web-Server
Sm-Log-Id
X-DefHash
X-Te-Count
X-Pad
X-Http-Duration-Ms
X-DefElseHash
Yjs-Id