Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
X-UA-Compatible
P3P
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH
P3p
X-DNS-Prefetch-Control
X-Drupal-Cache
Accept-CH-Lifetime
X-Cache-Status
X-Generator
X-Check
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Cf-Edge-Cache
X-Backend
Request-Context
Keep-Alive
X-UA-Device
Allow
X-Robots-Tag
X-Server
X-Cache-Group
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Age
X-Rq
Xkey
X-Vhost
X-Dispatcher
X-Amz-Version-Id
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Page-Speed
Ali-Swift-Global-Savetime
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
Cf-Railgun
X-LiteSpeed-Cache
Permissions-Policy
EagleEye-TraceId
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Backend-Server
X-CST
X-Aws-Lambda-Call-Status
X-Server-Id
X-Host
X-Readtime
X-Response-Time
X-Cache-Lookup
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-Litespeed-Cache
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-HW
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
X-Application-Context
X-Country-Code
Content-Location
X-Country
X-Ruxit-JS-Agent
X-Trace
Service-Worker-Allowed
X-Url
X-Content-Type
X-Clacks-Overhead
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
X-Origin-Cache-Key
Cache-Tag
Accept-Ch-Lifetime
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Edge
Cross-Origin-Opener-Policy
X-Midtier
X-PC
X-Vname
X-TtlSet
Nginx-Cache
X-Mcache
X-MS-InvokeApp
X-Mod-Pagespeed
X-Upstream
X-Powered-By-Plesk
X-ECACHE
X-Server-Name
X-NWS-LOG-UUID
Edge-Control
X-ESI
X-Browser-Type
X-Cnection
X-Times
X-D2id
X-Element-Page-Cache
Verso
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Ac
X-Ser
AR-SID
SPIisLatency
AR-PoweredBy
AR-Request-ID
SPRequestDuration
AR-ATIME
X-RateLimit-Remaining
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-Ruxit-Js-Agent
X-GitHub-Request-Id
X-NF-Request-ID
X-Navigation-Version
X-Abt-Application-Version
X-Ttl
X-Dw-Request-Base-Id
X-Vcap-Request-Id
AR-CACHE
X-Mg-S
X-Client-IP
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
S
X-Sol
Pagespeed
Display
X-Middleton-Display
Edge-Cache-Tag
X-VARITI-CCR
X-Cache-Key
Fastly-Restarts
X-Amzn-Trace-Id
RTSS
X-Cache-TTL
X-Amz-Rid
X-Webkit-Csp
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
Cache-Status
X-Powered-CMS
X-Kinsta-Cache
X-Edge-Location-Klb
X-Version
Access-Control-Request-Method
X-Daa-Tunnel
X-Goog-Hash
X-Server-ID
X-Recruiting
Response
X-Middleton-Response
X-Varnish-TTL
X-Content-Digest
X-ARC
X-Forwarded-For
X-TraceId
X-T
Arr-Disable-Session-Affinity
X-MSEdge-Ref
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Cross-Origin-Resource-Policy
Content-MD5
MS-Author-Via
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TP-Cache
Front-End-Https
X-Shield-Request-Id
X-Accel-Expires
X-FastCGI-Cache
X-Cached
X-Hits
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-HS-Hub-Id
X-HS-Combine-CSS
Server-Node
X-HS-Content-Id
Public-Key-Pins
X-HS-Cache-Config
X-Request-Received
X-ORACLE-DMS-RID
X-Forwarded-Proto
X-FTR-Expires
X-Ua-Browser
X-Id
X-Request-Processing-Time
Payment
X-Frontend
X-Content-Security-Policy-Report-Only
Realpath
X-Protected-By
X-DIS-Request-ID
X-LLID
X-RateLimit-Limit
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Distributor
TP-L2-Cache
X-GUploader-UploadID
X-Fastcgi-Cache
Origin-Trial
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
X-Hostname
Cache-Tags
X-XRDS-LOCATION
X-Microsite
X-Request-Handler-Origin-Region
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Debug-Info
X-Origin-Server
Count-Hit
Referer-Policy
Host
Fastcgi-Cache
X-Page-Id
MRF-Tech
Mrf-Cache-Status
X-AppVersion
X-B3-TraceId-Primal
X-Envoy-Decorator-Operation
X-Az
X-Activity-Id
X-Cluster-Name
X-ORACLE-DMS-ECID
X-NGENIX-Cache
X-Www-Served-By
X-Correlation-Id
X-Varnish-Backend
X-Varnish-Server
X-Geo-Country
Accept-Charset
X-App-Server
X-PressLabs-Stats
X-F-Cache
X-Ratelimit-Limit
X-Ezoic-Cdn
X-Ua-Device
Retry-After
X-TEC-API-ORIGIN
X-Fastly-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-FB-Debug
X-RateLimit-Reset
X-Load-Cache
X-Goog-Metageneration
X-Upgrade-Enabled
X-CSRF-Token
X-Px
Access-Control-Allow-Method
TCN
X-Seen-By
X-Git-Hash
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Tt-Trace-Host
X-Tt-Trace-Tag
Cleartype
Section-Io-Cache
X-Contextid
X-Request-Guid
X-Revision
X-Trace-Id
X-Datadog-Sampling-Priority
X-Grace
X-Datadog-Parent-Id
X-Cache-Control
X-Datadog-Trace-Id
X-B
X-Varnish-Ttl
Charset
X-Content-Options
X-Type
X-Azure-Ref
X-B3-Sampled
Paypal-Debug-Id
X-TT
X-Whom
Healthy
DC
X-Fb-Rlafr
X-Wix-Request-Id
X-Proxy
X-B-Cache
X-Signature
X-Newrelic-App-Data
X-Air-Pt
X-App-Environment
X-Mobile
X-Node-Name
X-Magnolia-Registration
X-N
X-EdgeConnect-Cache-Status
Frame-Options
X-Fastly-Request-Id
X-Amz-Replication-Status
X-Origin-Cache
Accept-Ch
Filterid
X-WP-CF-Super-Cache
X-Oracle-Dms-Ecid
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Logged-In
X-TTL
X-Time
X-WebKit-CSP-Report-Only
Backend
Content-Disposition
Viewport
NGB
X-Oracle-Dms-Rid
X-Response-Served-From
X-Original-Request-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Akamai-GRN
X-Cache-Age
X-Rendered-As
X-Is-Bot
X-Varnish-Grace
SD-X-WS
Liferay-Portal
X-Yottaa-Optimizations
MS-CV
Ms-Operation-Id
X-Unique-Id
X-Hl-Ver
X-Tumblr-User
X-Tumblr-Pixel-1
X-Datadog-Sampled
X-Tumblr-Pixel
X-RTag
X-Debug-IsPreview
X-Servername
X-Yottaa-Metrics
X-ProcessESI
X-Debug-IsConnected
X-RemovedCookies
X-Tumblr-Pixel-0
X-FW-Hash
X-Amzn-Remapped-Content-Length
X-FW-Server
X-IPS-LoggedIn
X-FW-Static
Upgrade-Insecure-Requests
X-Instance
X-FW-Type
X-Debug
X-FW-Dynamic
X-Adobe-Loc
X-FW-Version
X-FW-Serve
X-Adobe-Content
X-UUID
X-Backend-Name
ServerID
X-Cache-Grace
X-Environment-Context
X-Cacheable-TTL
Fastly-SWR
Fastly-SIE
X-L-Path
X-Via-JSL
X-G
X-NYM-Debug-Backend
X-User-Agent
X-Region
X-Device-Type
X-Language
From-Origin
X-Proxy-Cache-Info
Country
X-Cache-Hit
X-Ratelimit-Remaining
X-Rule
X-VC-Cache
Refresh
X-Template
X-Status
X-B3-SpanId
Version
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
Countrycode
X-Source
Url
X-INCAP-ABP
X-Rid
GEO-INFO
X-Webkit-CSP
X-Cache-Status-Check
X-HTML-Minification-Powered-By
CDN-RequestId
X-Storage
X-Air-Hostname
Alternate-Protocol
X-Air-Trace-Id
X-Air-Source
WPO-Cache-Message
WPO-Cache-Status
X-Jobs
X-App-Version
SRV
AMP-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
X-NODE
X-Origin-TTL
X-Akamai-Request-ID2
X-Origin-CC
X-Real-IP
X-Content-Powered-By
X-B3-Traceid
X-ServerID
X-VC
X-Rocket-Nginx-Serving-Static
Surrogate-Key
Protected
X-CDN-Forward
X-Tec-Api-Root
X-Tec-Api-Version
X-Hosted-By
Access-Control-Request-Headers
X-Tec-Api-Origin
X-Cache-Time
X-Accel-Version
X-Nginx-Cache
X-Handled-By
X-Cache-Operation
X-Mode
X-Cache-Rule
X-Akamai-Edgescape
Amp-Access-Control-Allow-Source-Origin
X-Platform-Cluster
X-Framework
X-UPSTREAM-Address
X-Platform-Processor
X-Platform-Router
X-Rn-Rsrv
X-Rewrite-Enabled
X-Upstream-Ht
X-Upstream-Ct
Webserver
X-Xfnlog-Site
Filters
Xet-Cookie
Meta-Geo
X-Endurance-Cache-Level
X-Edge-Location
X-Served-From
X-Timing-Wait
X-SaId
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-VWS-Id
X-Soup
X-Origin
ServedBy
Selected-Fe
Section-Io-Id
X-Sucuri-Cache
X-AWS-Id
X-Cache-Debug
X-LJ-Flow-ID
X-JoinUs
X-Director
X-Detected-As
X-Proxy-Build
Cross-Origin-Embedder-Policy
X-Cms-Context
X-Kinja-CCPA
X-SayCDN-TTL
X-Say-TTL
X-Labrador-Cache-Channel
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Say-Cacheable
Front
X-Redis-Cache
Mn-Server-Ip
X-ProxyCache-Status
Node
X-Restarts
X-Routing-Service
X-Use-Mantle
Property-Id
X-ProxyCache-Key
TWC-Locale-Group
X-Lambda-Id
X-Logging-Id
X-BYPASS-REASON
X-Origin-Hint
X-Extlb
X-Drupal-Cache-Tags
X-Cluster
X-Web-Node
X-No-Session
X-Webstats-RespID
X-Adobe-Source
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
X-Zipkin-Id
X-PHP-Host
X-Worker
X-Proxied
Webcakes-Region
Webcakes-App-Version
X-Is-Supported-Browser
X-Is-Tablet
X-Page-View
X-GeoCountry
X-AB
X-Browser-Name
X-Format
X-Drupal-Cache-Contexts
X-Geo-Region
X-GeoCode
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
X-Locale
X-Is-Mobile
Azure-SiteName
X-Loop
X-Tcp-Rtt
X-Site-Version
X-S
X-Varnish-Age
X-Varnish-Beresp-Grace
Accept-Language
X-VCT
X-Skip-Cache
X-RM-Cache-TTL
X-Tncms
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Sucuri-ID
Azure-Version
Apigw-Requestid
X-RCS-CacheZone
X-Forwarded-Host
X-Origin-Date
CDN-RequestPullSuccess
CDN-Uid
X-Generation-Time
X-Fetched-On
CDN-RequestPullCode
X-Vercel-Id
X-Container-Uri
X-Vercel-Cache
CDN-EdgeStorageId
X-Storefront-Renderer-Rendered
X-Git-Commit
X-Shopify-Stage
X-Reqid
X-Tb
X-R9-Blue-Green-Version
CDN-PullZone
CDN-CachedAt
CDN-Cache
Xserver
CDN-RequestCountryCode
X-Httpd
CF-IPCountry
X-TT-LOGID
X-Cache-Server
X-Cache-Host
X-Alternate-Cache-Key
X-Frame-Option
X-Ms-Version
X-Provided-By
X-Vcache
X-Ms-Request-Id
DB-Nickname
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
Atl-Traceid
WP-Super-Cache
X-Server-W
X-Cdn-Origin
X-MP-GENERATED-AT
X-Uri
Fastcgi-Useragent
X-Vcl-Version
X-RID
X-XRDS-Location
Cross-Origin-Embedder-Policy-Report-Only
Source
Cache-Tv-Group
X-Generated-By
Sid
X-Http-Reason
X-Pass-Why
Cross-Origin-Window-Policy
X-SRV
Content-Secure-Policy
X-FB-TRIP-ID
X-CMSURLCustom
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-Control
Thinkindot-CacheControl
X-Scope-Id
TDXMobile
Thinkindot-CacheControl-Type
Cache
X-Buckets
Priority
X-Azure-Ref-OriginShield
Onion-Location
X-DynaTrace
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-LSADC-Cache
HostName
X-DataDome
X-Content-Age
X-ECache
X-Optimistic-Header
X-Dc
X-Sql-Duration-Ms
X-Sql-Count
X-WP-CF-Super-Cache-Cookies-Bypass
X-GEO
X-UA
X-Cluster-Node
X-Proxy-Cache-Status
X-Xrds-Location
X-Request-URI
X-Newrelic-Synthetics
X-Cache-Action
X-TA-CDN-Provider
X-Lagoon
Expiry
X-Connection-Hash
User-Cache-Control
X-Varnish-Beresp-Ttl
X-Scheme
X-Varnish-Hostname
X-TIM-N
Candidate-Md5Url
DCR-Decision-By
X-S-Cookie
X-PAYTM-SRV-ID
X-Op-Id-All
X-Vdms-Path
X-ND-Cache
X-Platform
X-Request-Start
A
DCR-Processing-Time-Ms
X-Instance-Name
X-Rojux
X-SB
X-Ec-GeoHdr
Server-Ext
Server-Host
X-Aed
Server-Hostname
X-Application
Req-ID
X-BCube-Filmed-By
X-Bc-Bl
X-B-Cookie
Rendered-Blocks
X-A-Wwc
X-A-Dgt
Vix-Hermes-Req-Id
T-Server
Sslversion
Surrogated-Key
Sever-Int
X-A
X-A-Dcw
X-A-Dam
X-A-Ccd
X-Bl-Debug
X-Cache-Bucket
Ngx-Var-Key
Ngx.Var.Host
X-External-Request-Id
Origin
X-SRCache-Key
Meta-Geo-Continent
Lang
X-ScT
Magicmarker
MD5-Digest
X-Epic-Correlation-Id
X-Ec-Fail
X-D
X-Conf
Redirect-Candidate
X-Cache-NE
X-Destination
X-Developer
X-Ec-Custom-Error
X-Dispatcher-Server
Origin-Agent-Cluster
Gannett-Cam-Experience-Id
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
Locid
WZWS-RAY
Fastly-GeoIP-CountryCode
X-Generated-On
Fastly-SSL
X-Gdpr
Host-ID
X-Cache-Expired-At
X-Forwarded-Site
X-BBC-Edge-Cache-Status
X-B3-Trace-ID
X-Gen-Mode
Environment
X-Gzip
X-Thanos
Cluster
X-Auto-Login
X-UA-Device-Type
Content-Script-Type
Content-Style-Type
V-Age
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-TH-Server
X-Fastly-Cache
X-Esi-Check
X-Sigma
X-Sigma-Backend
Pramga
X-Block-Status
X-Clientip
X-Cache-TTL-Remaining
X-Cache-Info
Release
Yak-Timeinfo
X-Cache-Id
Req-Svc-Chain
X-Bip
X-Core-Value
Ssr
C-Via
X-SD-PageType
X-Correlation-ID
X-Datadome
X-Debug-Cache-Store
X-Section
NM-Fastcgi-Cache
DSUID
X-Debug-Cache-Fetch
L
Cdnsip
X-Nyt-Route
X-VG-WebCache
X-VG-TLSProxy
Wxu-Next-Commit
Cdncip
X-Node-Id
X-Varnish-Beresp-Status
X-Zen-Fury
X-Varnish-Director
Wxu-Next-Hostname
X-Request-Time
X-WA-Info
X-VServer
X-Pool
X-We-Are-Hiring
X-Proxied-Request
Wxu-Next-Region
X-Origin-Time
X-AK-Request-ID
X-Varnishpool
X-NMSegId
X-Loc
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Storage-Class
X-Level-Front-Cache
X-Human
X-Hnp-Log
X-Req
CDCHOST
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Amz-Meta-Cb-Modifiedtime
X-Rocket-Build-Number
X-NCache
X-Nginx-Cache-Key
X-Mly-Id
Apple-News-Services-Host
Apple-News-Services-Handled
X-Pubstack
X-Service
X-Origin-Response-Time
X-TimeS
LB
X-ApacheServer
X-SVT-ORM-RULES
X-Moov-Xdn-Version
X-Ad-Load-Variation
X-SVT-ORM-VERSION
X-Branch-Name
XM
X-Aicache-OS
X-Backend-Instance
X-GeoIP
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Micro-Cache
X-Men
X-HS-Content-Campaign-Id
X-Org
X-Origin-Expires
X-RateLimit-Remaining-Second
X-Region-Sid
X-RateLimit-Limit-Second
X-Policy
X-PERF
X-HN
X-GoCache-CacheStatus
X-Device-Os
X-DPWN-IS-SECURE
X-Contensis-Viewer-Groups
X-Server-IP
X-Cdn-Srv
X-FC-Vary-Parameters
X-Fmm-Version
X-GeoIP-City
X-Moov-T
X-Geo-Header
X-From
X-Cache-Aspx
X-Cache-Date
Click-Count-Error
Click-Count-Action-Start
Mail-Subject
Machine
PFcat
Platform
RNT-Time
RNT-Machine
On-Server
Producers
Gh-Request-Id
Esi-Enabled
X-Var-Ttl
X-Varnish-Authentication
X-VarnishDD-TTL
X-Request-Host
X-V-Cache
Adler-Geo
Country-Code
Canary
Cache-Provider
Tube-Get-Contents
Is-Eu
True-Client-Country-4JS
Web-Mar-Region
Uber-Trace-Id
Tube-Return
Tube-Got-Results
We-Hiring
Tube-Got-Eval
X-Via-CDN
X-Via-SSL
Fastly-Drupal-HTML
Edge-Copy-Time
X-Via-Edge
X-Proto
X-Test
X-Slack-Backend
X-Eu-Site
X-Fastly-Backend
HA-Ipaddr
Ha-Gx-Prefs
W
Cf-Device-Type
X-Wikidot-Static-Cache
X-Wikidot-Backend
AKAMAI
X-Mvc-Supplant-OutputCached
X-Cache-Backend
Cache-Key
S-Rt
Cdn-Request-Time
Cdn-Host
L5d-Success-Class
X-Up
X-Hash
X-App-Name
X-CGP
X-Slack-Shared-Secret-Outcome
Proxy-Firewall
X-Csrf-Jwt
X-Edge-Server
X-VCache
X-Sn-Servicetimems
X-Mg-Request-UUID
X-LB-ID
NGX
Fastly-Backend-Name
X-API-Version
X-Accel-Expires-Debug
X-Date
X-CacheTTL
X-Parent-Response-Time
X-NGINX-Cache
X-Tx-Id
X-Ah-Environment
X-Varnish-Hits
Cache-Hits
Type
X-Tb-Optimization-Total-Bytes-Saved
X-Ua
X-DC
X-DynaTrace-JS-Agent
X-COUNTRY
X-Zone
X-PDP-UNCACHING-HASH
X-Servedbyhost
Pics-Label
NtCoent-Length
X-Via-Popv
X-CACHE-GROUP
X-Via-Poph
X-Via-Fastly
X-HA-Backend
X-Via-Popn
X-Refresh
X-Ratelimit-Reset
Datacenter
GeoIp-Country-Code
X-Irp-Debug
X-NWS-UUID-VERIFY
X-Cloudmap
X-CDN-Cache-Status
X-VHOST
Cdn
X-LB-NoCache
X-Ig-Origin-Region
X-Owner
X-Location
X-Akamai-Transformed
Cdn-Requestid
Fusion-Component-Id
X-Core-Mission
Fusion-Content-Id
X-Srv
Fusion-Deployment-Id
Fusion-Content-Source
X-Esi
Fusion-Source
X-ZONE
Fusion-Template-Id
IsBot
X-SIPLIST1
Powered-By
X-Nc
X-Wa
Resin-Trace
Server-ID
SID
X-Qloud-Router
Cross-Origin-Opener-Policy-Report-Only
X-Jungle-Id
X-TX-ID
Origin-EX
X-CUA
X-Nananana
GeoIP-Latitude
Origin-CC
X-User
N-Cache
Expect-Staple
DataCenter
X-Hit
X-Fpc
X-CF-Lambda-Fn
X-Wormhole-Sdk
X-CF-Lambda-Version
X-Tt-Logid
X-CS
Mime-Version
X-Segment-20210421
Xc-Version
CloudFront-Viewer-Country
X-Nf-Request-Id
X-B3-Parentspanid
X-Shop-Environment
X-NewRelic-App-Data
X-Forwarded-Path
X-Orig-Expires
X-Proxy-CacheRZ
X-Cache-Type
X-Tenant
XkeyRZ
X-DataCenter
X-Client-Ip
X-Cached-By
X-URL
X-Presslabs-Stats
Cf-Ipcountry
X-Gamma-Serve
X-IAuth-Set-Uid
Fastly-Drupal-Html
X-Render-Time
Cmsid
Cmstype
Uri
X-Amz-Meta-Opti
X-TIME
Debug
True-Client-IP
CPC-Cache
User-Agent
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
CPC-Age
X-VTEX-Cache-Server
True-Client-Ip
X-Cdn-Diag
X-Vmg-Version
Edge-Cache
CDN
X-Auth-Group-Type
X-Info
X-LiteSpeed-Tag
X-Varnish-Beresp-TTL
Srv
X-Dispatch
X-Fastly-Country-Code
X-Geo
MIME-Version
X-CACHE-AGE
X-Dynatrace-Js-Agent
Load-Balancing
X-Ig-Push-State
X-Oracle-DMS-ECID
X-Datacenter
X-Cdn-Forward
X-B3-Spanid
Tcn
X-HOST
X-Vc
CacheControlHeader
X-Variation
Odigeo-Trace-Id
X-LiteSpeed-Cache-Control
X-LAGOON
X-Cs
X-NodeID
X-PHP-Backend
X-APP-VERSION
Ohc-File-Size
X-Custom-Header
X-FPC
X-Vgn-Hpd-Reason
X-HostName
X-AIR-PT
X-Pad
X-Webkit-Csp-Report-Only
X-Depends
Hostname
Cl-Cache
X-WA
X-CSRF-TOKEN
X-NC
Server-Id
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Lb-Nocache
X-DefHash
VNS-Age
X-Varnish-Remaining-TTL
X-DefElseHash
VNS-Cache
X-MCACHE
Ohc-Cache-HIT
X-M-Log
X-VC-TTL
X-M-Reqid
GeoIP-Country-Code
X-Api-Version
X-Cdn-Cache-Status
X-Ha-Backend
X-Via-PopH
X-Dispatcher-Number
Geoip-Latitude
X-ServedByHost
Epwk-X-Cache
X-Cache-FS-Status
X-APP
PICS-Label
X-Via-PopN
X-Via-PopV
X-Cache-Ttl
X-Fastly-Backend-Reqs
Lb
X-MSEdge-Features
X-MSEdge-Flight
CountryCode
X-Litespeed-Tag
Cloudfront-Viewer-Country
X-VCL-Version
X-Litespeed-Cache-Control
X-Srcache-Fetch-Status
X-Use-Magma
X-Srcache-Store-Status
X-Lb-Id
X-Proxy-Cache-La3
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
Xkeylog
Xkey-La3
Cache-Name
X-Web-Server
Memory
FSS-Cache
Memcached
X-IN-APIGATEWAY
OriginIP
X-Mid
Server-Info
X-IN-APIGATEWAYSSL
Time
X-Acquia-Site
X-MiniProfiler-Ids
X-Snapshot-Date
X-RequestId
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Ngx
X-RAMCache
X-Sorting-Hat-Shopid
X-Cache-Version
X-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Requestid
Srvid
X-FL-QIT-DEBUG
X-Sucuri-Id
X-Udemy-Cache-App-Namespace
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
CF-Cached-On
X-Check-Cacheable
X-Serial
Akamai-Cache-Status
X-Mg-Cache
X-Dw-Trace-Id
X-Service-Response-Time
Warning