Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
X-DNS-Prefetch-Control
P3p
X-Cache-Status
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
CF-Ray
Host-Header
Cf-Edge-Cache
X-Backend
Allow
Request-Context
Keep-Alive
X-UA-Device
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
Xkey
EagleId
X-Age
X-Rq
X-Vhost
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
Cf-Railgun
Ali-Swift-Global-Savetime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
EagleEye-TraceId
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-WebKit-CSP
X-Aws-Lambda-Call-Status
X-CST
X-OneAgent-JS-Injection
Permissions-Policy
X-Backend-Server
X-Readtime
X-Server-Id
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-HW
X-Nginx-Upstream-Cache-Status
X-Cache-Lookup
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Trace
X-Country
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
X-Origin-Cache-Key
Accept-Ch-Lifetime
X-Edge
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-Amz-Server-Side-Encryption
X-Midtier
X-Mcache
X-Mod-Pagespeed
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
X-ECACHE
Nginx-Cache
X-ESI
X-Upstream
Rating
X-Powered-By-Plesk
Edge-Control
X-Server-Name
X-Browser-Type
X-Cnection
X-D2id
X-Times
X-Element-Page-Cache
Verso
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja-Revision
SPIisLatency
X-Ruxit-Js-Agent
SPRequestDuration
X-Ac
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-NWS-LOG-UUID
SPRequestGuid
X-SharePointHealthScore
X-Ser
X-Abt-Application-Version
X-Navigation-Version
X-GitHub-Request-Id
X-B3-TraceId
X-Dw-Request-Base-Id
X-Vcap-Request-Id
X-RateLimit-Remaining
X-NF-Request-ID
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Mg-S
X-VARITI-CCR
X-Client-IP
S
Display
Pagespeed
X-Sol
X-Middleton-Display
Edge-Cache-Tag
X-Server-ID
X-Cache-Key
X-Ttl
RTSS
Fastly-Restarts
X-Amzn-Trace-Id
X-Amz-Rid
X-Cache-TTL
Cache-Status
X-Powered-CMS
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Version
X-Edge-Location-Klb
X-Goog-Hash
Access-Control-Request-Method
X-Kinsta-Cache
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Recruiting
X-ARC
Response
X-Middleton-Response
X-TraceId
X-Content-Digest
X-Varnish-TTL
X-Forwarded-For
Arr-Disable-Session-Affinity
X-T
Origin-Trial
Content-MD5
X-Daa-Tunnel
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-MSEdge-Ref
MicrosoftSharePointTeamServices
TP-Cache
X-Accel-Expires
Front-End-Https
X-Shield-Request-Id
Cross-Origin-Resource-Policy
X-Content-Security-Policy-Report-Only
X-Cached
Public-Key-Pins
X-Id
X-Hits
MS-Author-Via
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Expires
Server-Node
X-Ua-Browser
X-DIS-Request-ID
X-Forwarded-Proto
Payment
X-Frontend
X-Request-Received
X-Request-Processing-Time
X-Webkit-Csp
X-FastCGI-Cache
X-LLID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
Realpath
X-Fastcgi-Cache
X-Protected-By
TP-L2-Cache
X-GUploader-UploadID
X-ORACLE-DMS-RID
Cache-Tags
X-LB-Cache
X-Distributor
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Ratelimit-Limit
X-Microsite
X-Request-Handler-Origin-Region
X-Origin-Server
X-RateLimit-Limit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Mrf-Cache-Status
MRF-Tech
X-Hostname
Referer-Policy
X-B3-TraceId-Primal
X-Az
X-Debug-Info
Count-Hit
X-AppVersion
X-Page-Id
X-Activity-Id
X-NGENIX-Cache
Host
X-Www-Served-By
X-Cluster-Name
X-Varnish-Server
X-Varnish-Backend
X-Envoy-Decorator-Operation
Fastcgi-Cache
X-Correlation-Id
X-F-Cache
Accept-Charset
X-Geo-Country
X-App-Server
X-Ua-Device
X-ORACLE-DMS-ECID
X-PressLabs-Stats
X-XRDS-LOCATION
X-TTL
X-Varnish-Ttl
X-FB-Debug
X-Goog-Metageneration
Retry-After
Access-Control-Allow-Method
X-CSRF-Token
X-Ezoic-Cdn
X-Load-Cache
X-Git-Hash
X-Upgrade-Enabled
X-Fastly-Request-Id
X-Content-Options
X-Seen-By
X-RateLimit-Reset
Server-Name
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Px
X-Datadog-Parent-Id
X-Revision
X-Contextid
X-Request-Guid
Section-Io-Cache
TCN
X-Oracle-Dms-Ecid
X-Cache-Control
X-Tt-Trace-Host
X-B
X-Tt-Trace-Tag
X-Type
X-Trace-Id
Charset
X-Grace
X-Amz-Meta-S3cmd-Attrs
X-B3-Sampled
Healthy
X-TT
X-Webkit-CSP
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Cleartype
X-Whom
X-Fb-Rlafr
X-Newrelic-App-Data
X-Signature
X-B-Cache
X-Wix-Request-Id
DC
Paypal-Debug-Id
X-Node-Name
X-App-Environment
X-Mobile
X-Origin-Cache
X-Proxy
X-Magnolia-Registration
Frame-Options
Accept-Ch
X-Azure-Ref
X-Amz-Replication-Status
X-Rid
X-Oracle-Dms-Rid
X-WebKit-CSP-Report-Only
X-Ratelimit-Remaining
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Fastly-Request-ID
X-N
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Cache-Control
X-Logged-In
X-WP-CF-Super-Cache
X-Air-Pt
Filterid
X-Route-Name
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Language
X-Flags
X-Providence-Cookie
X-Kinja-CCPA
Content-Disposition
Backend
Akamai-GRN
X-Time
NGB
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Template
X-Cache-Age
X-Yottaa-Metrics
X-RemovedCookies
X-Rendered-As
X-Yottaa-Optimizations
X-Is-Bot
X-RTag
X-Unique-Id
Ms-Operation-Id
X-ProcessESI
X-Debug-IsConnected
X-Varnish-Grace
SD-X-WS
X-Debug-IsPreview
Upgrade-Insecure-Requests
X-Servername
X-Datadog-Sampled
MS-CV
X-UUID
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
Liferay-Portal
X-Adobe-Content
X-Tumblr-Pixel-0
X-Adobe-Loc
Viewport
X-Cacheable-TTL
X-Environment-Context
Fastly-SWR
Refresh
X-Amzn-Remapped-Content-Length
Fastly-SIE
X-G
X-L-Path
X-NYM-Debug-Backend
X-Region
X-Hl-Ver
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Proxy-Cache-Info
X-Hcs-Proxy-Type
X-FW-Dynamic
X-FW-Serve
X-FW-Static
X-FW-Type
X-Backend-Name
X-FW-Server
X-App-Version
X-Cache-Grace
X-Debug
X-FW-Version
X-Device-Type
From-Origin
X-FW-Hash
X-Via-JSL
X-IPS-LoggedIn
X-Instance
X-Rule
X-User-Agent
X-B3-Traceid
Country
X-Cache-Hit
X-Status
ServerID
Url
X-VC-Cache
X-Jobs
Countrycode
X-B3-SpanId
X-INCAP-ABP
WPO-Cache-Message
X-Tec-Api-Root
WPO-Cache-Status
X-Tec-Api-Version
Alternate-Protocol
X-Tec-Api-Origin
Version
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-Source
X-NODE
X-Origin-TTL
X-Origin-CC
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Akamai-Request-ID2
X-Page-View
X-Nginx-Cache
Surrogate-Key
CDN-RequestId
X-Hosted-By
X-Content-Powered-By
GEO-INFO
Amp-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Active
X-Storage
Protected
SRV
X-Rocket-Nginx-Serving-Static
OT-Force-Account-Verify
X-Akamai-Edgescape
X-Accel-Version
X-VC
X-Real-IP
Access-Control-Request-Headers
X-CDN-Forward
X-Edge-Location
X-Framework
AMP-Access-Control-Allow-Source-Origin
X-ServerID
CF-IPCountry
X-Mode
Front
X-Use-Mantle
X-Cache-Rule
Filters
X-Cache-Time
X-Xfnlog-Site
X-UPSTREAM-Address
Meta-Geo
X-Cache-Operation
X-Http-Reason
X-Rewrite-Enabled
X-Rn-Rsrv
Accept-Language
X-Served-From
X-Cache-Debug
X-Proxy-Build
X-LJ-Flow-ID
X-Timing-Wait
X-Soup
Webserver
X-AWS-Id
Xet-Cookie
X-Detected-As
X-JoinUs
Mn-Server-Ip
X-SaId
Selected-Fe
X-VWS-Id
ServedBy
X-Origin
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-2
X-Cms-Context
X-Tumblr-Pixel-3
X-Say-Cacheable
Section-Io-Id
X-Adobe-Source
X-BYPASS-REASON
X-Cluster
X-Routing-Service
Node
X-Extlb
X-SayCDN-TTL
X-Director
X-Say-TTL
Apigw-Requestid
X-Handled-By
Xserver
X-Worker
X-Web-Node
X-Logging-Id
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-No-Session
X-Lambda-Id
X-Zipkin-Id
X-Httpd
X-Proxied
X-ProxyCache-Key
Webcakes-App-Version
X-VCT
Webcakes-App-Name
X-Endurance-Cache-Level
X-Upstream-Ht
X-Restarts
Webcakes-Region
X-Is-Mobile
X-Platform-Cluster
TWC-Locale-Group
X-Format
X-Vcache
X-S
TWC-Privacy
X-Origin-Hint
DB-Nickname
Web-Mar-Node
Property-Id
X-AB
X-Tcp-Rtt
X-RM-Cache-TTL
TWC-Device-Class
X-Varnish-Beresp-Grace
X-GeoCountry
X-Redis-Cache
TWC-GeoIP-Country
X-Is-Supported-Browser
X-Is-Tablet
X-Labrador-Cache-Channel
X-Is-Desktop
X-Platform-Router
X-GeoCode
X-PHP-Host
X-Forwarded-Host
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Platform-Processor
X-RCS-CacheZone
X-Geo-Region
X-Browser-Name
X-Skip-Cache
X-Site-Version
X-Upstream-Ct
X-Container-Uri
X-R9-Blue-Green-Version
X-Varnish-Age
X-Drupal-Cache-Tags
X-Git-Commit
X-Reqid
X-Locale
X-IPLB-Instance
X-Tncms
X-IPLB-Request-ID
X-Generation-Time
X-Loop
X-Webstats-RespID
X-Fetched-On
X-Server-W
X-Drupal-Cache-Contexts
X-Cache-Server
X-Cache-Host
X-Ms-Request-Id
X-Vercel-Cache
X-Tb
X-Vercel-Id
X-Ms-Version
X-Provided-By
Azure-SiteName
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Uri
X-MP-GENERATED-AT
X-Alternate-Cache-Key
CDN-Uid
CDN-Cache
X-Storefront-Renderer-Rendered
Azure-InstanceId
Azure-Version
Azure-RegionName
X-Shopify-Stage
Azure-SlotName
X-TT-LOGID
X-Origin-Date
X-DynaTrace
X-Frame-Option
X-XRDS-Location
X-ShardId
X-Sorting-Hat-ShopId
X-Sucuri-Cache
X-ShopId
X-Sorting-Hat-PodId
Source
Cache-Tv-Group
Fastcgi-Useragent
WP-Super-Cache
X-Sucuri-ID
X-Cdn-Origin
X-FB-TRIP-ID
Content-Secure-Policy
X-Sql-Count
Cross-Origin-Embedder-Policy-Report-Only
X-Vcl-Version
X-Sql-Duration-Ms
X-Generated-By
Priority
Sid
Atl-Traceid
X-Xrds-Location
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Pass-Why
X-Content-Age
Onion-Location
X-Buckets
X-DataDome
X-SRV
Thinkindot-CacheControl
Cross-Origin-Window-Policy
TDXMobile
Thinkindot-CacheControl-Type
HostName
X-Shield-Cache-Expires
Cache
X-Thinkindot-L3
X-Scope-Id
X-CMSURLCustom
Thinkindot-Control
X-LSADC-Cache
X-Newrelic-Synthetics
X-Cluster-Node
WZWS-RAY
X-Proxy-Cache-Status
X-Varnish-Beresp-Ttl
S-Rt
X-Cache-Action
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Expired-At
X-GEO
X-Optimistic-Header
X-Via-CDN
X-TA-CDN-Provider
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
User-Cache-Control
Expiry
X-Connection-Hash
X-Access
X-Ec-Custom-Error
X-Aed
X-Cache-NE
X-Destination
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Bucket
X-Ec-Fail
X-Conf
X-Developer
X-Application
X-B-Cookie
X-D
X-Dispatcher-Server
X-A-Ccd
Redirect-Candidate
Origin-Agent-Cluster
Origin
Rendered-Blocks
Req-ID
Server-Host
Server-Ext
DCR-Decision-By
DCR-Processing-Time-Ms
Magicmarker
Lang
L
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Ngx-Var-Key
Server-Hostname
Sever-Int
X-Ec-GeoHdr
X-A
Apple-News-Services-Handled
A
X-A-Dam
X-A-Dgt
X-A-Dcw
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CDCHOST
Surrogated-Key
Sslversion
Candidate-Md5Url
T-Server
Apple-News-Services-Request-Url
Vix-Hermes-Req-Id
X-A-Wwc
X-External-Request-Id
X-Instance-Name
X-Request-Start
X-Vdms-Path
X-Op-Id-All
X-Section
X-Varnish-Hostname
X-SRCache-Key
X-PAYTM-SRV-ID
X-TIM-N
X-Platform
X-Correlation-ID
X-Epic-Correlation-Id
X-Vdms-Version
X-ScT
X-Rojux
X-Ua
Gannett-Cam-Experience-Id
Fastly-Drupal-HTML
X-SB
X-Scheme
X-S-Cookie
X-Viewer-Country
X-Vtex-Remote-Cache
X-Dc
X-TimeS
Wxu-Next-Commit
X-TH-Server
X-Sigma-Backend
Type
X-Sigma
X-Varnish-Beresp-Status
X-VServer
X-VG-WebCache
X-VG-TLSProxy
X-WA-Info
X-Zen-Fury
Host-ID
X-ND-Cache
Yak-Timeinfo
NM-Fastcgi-Cache
Pramga
Wxu-Next-Hostname
X-UA-Device-Type
X-Thanos
Req-Svc-Chain
X-Varnish-Director
X-Varnishpool
Release
Ssr
X-Rocket-Build-Number
X-Branch-Name
X-Hnp-Log
X-Cache-Info
X-Block-Status
X-Bip
X-Level-Front-Cache
X-Human
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Forwarded-Site
X-Fastly-Cache
X-Gen-Mode
X-Core-Value
X-Clientip
X-Generated-On
X-BBC-Edge-Cache-Status
X-Loc
X-Pubstack
X-Pool
X-Acquia-Purge-Cdn-Unconfigured
X-Req
X-Request-Time
X-SD-PageType
X-Request-URI
X-Node-Id
X-NMSegId
X-AK-Request-ID
X-Mly-Id
X-Moov-T
X-Moov-Xdn-Version
X-Nginx-Cache-Key
X-NCache
Wxu-Next-Region
X-Cache-TTL-Remaining
Cdnsip
Content-Script-Type
DSUID
Cdncip
X-Azure-Ref-OriginShield
Cache-Provider
C-Via
Environment
Content-Style-Type
Fastly-SSL
X-Origin-Response-Time
X-Service
X-CGP
X-Cache-Id
PFcat
X-Cache-Date
X-Csrf-Jwt
X-Debug-Cache-Store
X-Esi-Check
X-DPWN-IS-SECURE
X-Device-Os
X-Debug-Cache-Fetch
X-Eu-Site
X-Ad-Load-Variation
Adler-Geo
X-Mg-Request-UUID
W
X-HN
X-Aicache-OS
X-VarnishDD-TTL
X-B3-Trace-ID
X-Auto-Login
X-Amz-Meta-Cb-Modifiedtime
X-Amz-Storage-Class
X-Fmm-Version
X-Old-Content-Length
X-Org
X-Nyt-Route
X-Mvc-Supplant-OutputCached
X-V-Cache
X-Policy
X-Proxied-Request
X-SVT-ORM-RULES
X-Server-IP
X-Request-Host
X-Region-Sid
X-Mvc-Supplant-Cachable
X-Men
X-Gdpr
X-From
X-We-Are-Hiring
X-SVT-ORM-VERSION
V-Age
X-GeoIP
X-ECache
X-HS-Content-Campaign-Id
X-Gzip
X-GeoIP-City
X-FC-Vary-Parameters
X-Origin-Time
Cluster
True-Client-Country-4JS
Tube-Get-Contents
L5d-Success-Class
Tube-Got-Eval
Canary
Locid
Platform
Producers
Country-Code
Click-Count-Action-Start
Fastly-GeoIP-CountryCode
Esi-Enabled
HA-Ipaddr
Ha-Gx-Prefs
Click-Count-Error
Tube-Return
Is-Eu
Uber-Trace-Id
Tube-Got-Results
X-VCache
X-Datadome
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Cache-Aspx
X-DC
X-Up
X-Contensis-Viewer-Groups
X-Var-Ttl
RNT-Machine
X-Slack-Backend
RNT-Time
X-Varnish-Authentication
X-Cdn-Srv
X-Fastly-Backend
On-Server
Mail-Subject
Gh-Request-Id
X-Proto
X-Geo-Header
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Machine
We-Hiring
Web-Mar-Region
X-Ratelimit-Reset
X-PERF
X-Hash
X-ApacheServer
X-Micro-Cache
X-GoCache-CacheStatus
X-Tx-Id
Pics-Label
Proxy-Firewall
X-Test
X-LB-ID
X-Edge-Server
XM
X-Parent-Response-Time
X-Irp-Debug
X-Ah-Environment
X-Wikidot-Static-Cache
Cdn-Host
Cache-Key
X-CacheTTL
X-App-Name
Cf-Device-Type
AKAMAI
Cdn-Request-Time
X-Wikidot-Backend
X-Backend-Instance
LB
X-Accel-Expires-Debug
X-Owner
X-COUNTRY
Fastly-Backend-Name
X-Varnish-Hits
X-Origin-Expires
NGX
X-Servedbyhost
X-Date
X-Core-Mission
X-Lagoon
Cdn
X-Via-Poph
X-Cache-Backend
X-Via-Popv
X-HA-Backend
X-ZONE
X-Via-Popn
X-SIPLIST1
X-DynaTrace-JS-Agent
IsBot
X-CACHE-GROUP
X-API-Version
X-UA
X-RID
X-LB-NoCache
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-Srv
X-VHOST
X-Qloud-Router
NtCoent-Length
RATING
X-Nf-Request-Id
X-Use-Magma
Cdn-Requestid
Datacenter
X-NGINX-Cache
GeoIp-Country-Code
X-CDN-Cache-Status
X-CF-Lambda-Fn
X-CF-Lambda-Version
N-Cache
X-Wa
Expect-Staple
X-Nc
Server-ID
X-Zone
Cache-Hits
X-Orig-Expires
X-Via-Fastly
X-Nananana
X-Cache-Type
X-Forwarded-Path
SID
CloudFront-Viewer-Country
X-Tenant
Xc-Version
X-Shop-Environment
Cmsid
X-Gamma-Serve
X-Fpc
Cross-Origin-Opener-Policy-Report-Only
GeoIP-Latitude
Cmstype
CPC-Age
CPC-Cache
X-Hit
DataCenter
X-B3-Parentspanid
X-Ig-Origin-Region
X-Akamai-Transformed
X-TX-ID
User-Agent
Uri
X-Vmg-Version
X-Location
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
X-Cloudmap
X-Cdn-Diag
Fusion-Template-Id
XkeyRZ
Resin-Trace
X-Proxy-CacheRZ
X-Client-Ip
X-Tt-Logid
X-CS
X-Presslabs-Stats
Powered-By
X-URL
X-DataCenter
Origin-CC
True-Client-Ip
Origin-EX
X-CUA
X-TIME
X-Jungle-Id
X-Info
X-Amz-Meta-Opti
Tcn
CacheControlHeader
X-Variation
Mime-Version
MIME-Version
X-Fastly-Country-Code
X-NWS-UUID-VERIFY
X-IAuth-Set-Uid
X-User
X-LAGOON
X-NewRelic-App-Data
X-HostName
X-B3-Spanid
X-Segment-20210421
Fastly-Drupal-Html
True-Client-IP
X-Cached-By
X-CACHE-AGE
X-Geo
X-Datacenter
Srv
X-Dynatrace-Js-Agent
Cf-Ipcountry
Load-Balancing
X-AIR-PT
CDN
X-Cdn-Forward
X-VTEX-Cache-Time
VNS-Cache
VNS-Age
X-VTEX-Cache-Server
X-Render-Time
X-Vc
X-HOST
Debug
X-LiteSpeed-Tag
X-Powered-By-VTEX-Cache
X-Varnish-Beresp-TTL
X-LiteSpeed-Cache-Control
X-Wormhole-Sdk
Lb
Ohc-File-Size
Edge-Cache
X-Api-Version
X-Auth-Group-Type
X-Webkit-Csp-Report-Only
X-CSRF-TOKEN
Hostname
Cl-Cache
X-Dispatch
Ohc-Cache-HIT
X-Dispatcher-Number
X-Ig-Push-State
X-FPC
X-MCACHE
GeoIP-Country-Code
X-NodeID
X-Cdn-Cache-Status
Server-Id
X-Esi
Odigeo-Trace-Id
X-NC
X-WA
Cache-Name
X-Vgn-Hpd-Reason
X-Cs
X-Custom-Header
X-APP-VERSION
X-Lb-Nocache
X-Oracle-DMS-ECID
X-Litespeed-Tag
X-Mid
X-PHP-Backend
X-Cache-Ttl
X-VCL-Version
X-Pad
X-Fastly-Backend-Reqs
X-Depends
X-Via-PopH
X-Ha-Backend
X-DefHash
X-Via-PopV
X-DefElseHash
X-Via-PopN
X-Varnish-CookieINHashed-On
CountryCode
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-ServedByHost
Ms-Author-Via
X-Litespeed-Cache-Control
X-M-Reqid
X-M-Log
Ngx
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
X-MSEdge-Flight
X-Proxy-Cache-La3
X-Cdn-Request-ID
X-MSEdge-Features
X-Lb-Id
X-RequestId
Xkey-La3
Xkeylog
BehaviorPad-Version
X-Web-Server
PICS-Label
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
OriginIP
X-Snapshot-Date
Memcached
Time
X-Cache-Enabled
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Memory
X-VC-TTL
FSS-Cache
X-Acquia-Site
X-Sorting-Hat-Podid
X-Cache-Version
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-PDP-UNCACHING-HASH
X-Cache-FS-Status
Warning
Epwk-X-Cache
X-App
X-Check-Cacheable
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-Sucuri-Id
Location
X-Lsadc-Cache
YJS-ID
CF-Cached-On
X-Udemy-Cache-App-Namespace
X-FL-QIT-DEBUG
Srvid
X-Dw-Trace-Id
X-Mg-Cache
X-Service-Response-Time
X-Serial
X-FL-EDGE
Sm-Log-Id
Server-Info
Akamai-Cache-Status