Threat Level: green Handler on Duty: Richard Porter

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
X-XSS-Protection
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
P3p
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Request-ID
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
X-Content-Security-Policy
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
Allow
X-Backend
Cf-Edge-Cache
Request-Context
X-Robots-Tag
Keep-Alive
X-Server
X-Cache-Group
X-UA-Device
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Proxy-Cache
X-Age
Xkey
X-Rq
X-Vhost
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Varnish-Cache
Grace
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
EagleEye-TraceId
Ali-Swift-Global-Savetime
X-Aws-Lambda-Call-Status
X-WebKit-CSP
X-CST
X-Backend-Server
Permissions-Policy
X-OneAgent-JS-Injection
X-Server-Id
X-Readtime
X-Response-Time
X-Akam-SW-Version
X-Host
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Litespeed-Cache
X-Application-Context
X-Oneagent-Js-Injection
X-Cache-Lookup
X-Country-Code
X-Trace
Content-Location
X-Url
Service-Worker-Allowed
X-Ruxit-JS-Agent
X-Content-Type
X-Clacks-Overhead
X-Country
X-Edge
X-ECACHE
X-Origin-Cache-Key
X-Mcache
X-Rack-Cache
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Midtier
X-Mod-Pagespeed
Cache-Tag
X-FTR-Request-ID
Accept-Ch
Nginx-Cache
X-MS-InvokeApp
X-PC
X-Upstream
X-Vname
X-TtlSet
X-ESI
X-Powered-By-Plesk
Rating
Edge-Control
X-Ruxit-Js-Agent
X-Browser-Type
X-Server-Name
X-D2id
X-Element-Page-Cache
Verso
X-Times
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Cnection
X-Ac
SPIisLatency
SPRequestDuration
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Abt-Application-Version
X-Navigation-Version
X-Vcap-Request-Id
X-B3-TraceId
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-GitHub-Request-Id
X-Dw-Request-Base-Id
X-Ser
X-RateLimit-Remaining
AR-CACHE
X-Pinterest-Rid
Pinterest-Generated-By
X-VARITI-CCR
Pinterest-Version
X-Mg-S
X-NWS-LOG-UUID
S
X-Cache-Key
X-Sol
X-Middleton-Display
Pagespeed
Display
RTSS
Edge-Cache-Tag
Fastly-Restarts
X-Amz-Rid
X-Amzn-Trace-Id
X-Client-IP
X-Ttl
X-Powered-CMS
X-Cache-TTL
X-Goog-Hash
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Origin-Trial
X-Edge-Location-Klb
X-Kinsta-Cache
X-Varnish-TTL
X-Version
Cache-Status
Access-Control-Request-Method
X-Content-Security-Policy-Report-Only
X-Server-ID
X-Recruiting
X-ARC
X-TraceId
X-Content-Digest
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Arr-Disable-Session-Affinity
Response
X-Middleton-Response
X-Webkit-Csp
X-T
X-Forwarded-For
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-MSEdge-Ref
Content-MD5
X-Ua-Device
X-Accel-Expires
MicrosoftSharePointTeamServices
TP-Cache
X-Shield-Request-Id
X-Hits
X-Cached
X-Id
Public-Key-Pins
X-RateLimit-Limit
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
MS-Author-Via
X-HS-Cache-Config
X-HS-Content-Id
Cross-Origin-Resource-Policy
X-HS-Hub-Id
Server-Node
X-Ua-Browser
X-HS-Combine-CSS
X-Request-Processing-Time
X-Request-Received
Payment
Front-End-Https
X-Frontend
X-DIS-Request-ID
X-Daa-Tunnel
X-FastCGI-Cache
X-Forwarded-Proto
X-LLID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-GUploader-UploadID
X-LB-Cache
Realpath
TP-L2-Cache
X-Protected-By
Cache-Tags
X-Fastcgi-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Origin-Server
X-Distributor
X-ORACLE-DMS-RID
X-WebKit-CSP-Report-Only
X-Microsite
X-Request-Handler-Origin-Region
Count-Hit
X-Page-Id
X-TTL
X-Cluster-Name
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Activity-Id
X-AppVersion
X-Az
X-Hostname
X-F-Cache
X-Varnish-Backend
X-Geo-Country
Referer-Policy
X-Correlation-Id
X-Debug-Info
Accept-Charset
X-Www-Served-By
X-NGENIX-Cache
Fastcgi-Cache
X-Kinja-CCPA
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-App-Server
Host
X-Envoy-Decorator-Operation
X-Varnish-Server
X-Goog-Metageneration
X-FB-Debug
X-PressLabs-Stats
Access-Control-Allow-Method
X-Oracle-Dms-Ecid
X-Git-Hash
X-RateLimit-Reset
Retry-After
X-Rid
X-Content-Options
X-ORACLE-DMS-ECID
Server-Name
X-Load-Cache
X-Upgrade-Enabled
X-Px
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-XRDS-LOCATION
X-Ratelimit-Limit
X-Aspnet-Duration-Ms
X-Revision
X-Contextid
X-Flags
X-Route-Name
TCN
DC
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-TEC-API-VERSION
X-App-Environment
X-Trace-Id
Charset
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-TEC-API-ROOT
X-Grace
Paypal-Debug-Id
X-CSRF-Token
X-Type
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Seen-By
X-Datadog-Trace-Id
X-Signature
X-B3-Sampled
X-Origin-Cache
X-B-Cache
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Fastly-Request-Id
Section-Io-Cache
X-Mobile
X-B
X-Fb-Rlafr
X-TT
Healthy
X-ASPNET-VERSION
X-Whom
X-Oracle-Dms-Rid
X-Wix-Request-Id
Frame-Options
X-Amz-Replication-Status
X-Fastly-Request-ID
X-Magnolia-Registration
X-Node-Name
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Language
X-Goog-Stored-Content-Encoding
X-Logged-In
Filterid
X-EdgeConnect-Cache-Status
X-Varnish-Ttl
X-Azure-Ref
X-Proxy
X-N
X-Air-Pt
X-Ratelimit-Remaining
Content-Disposition
X-App-Version
Backend
X-Newrelic-App-Data
Akamai-GRN
Upgrade-Insecure-Requests
X-Template
X-Original-Request-Id
Refresh
X-Proxy-Cache-Info
X-Response-Served-From
NGB
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
SD-X-WS
X-Unique-Id
X-RemovedCookies
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Is-Bot
X-Rendered-As
X-ProcessESI
X-WP-CF-Super-Cache-Cache-Control
X-Tumblr-User
X-WP-CF-Super-Cache
X-Yottaa-Metrics
X-Varnish-Grace
X-Amzn-Remapped-Content-Length
X-Instance
X-Yottaa-Optimizations
X-RTag
Viewport
X-Servername
Ms-Operation-Id
X-Page-View
X-Datadog-Sampled
MS-CV
X-Debug
X-Debug-IsConnected
X-FW-Static
X-FW-Type
X-FW-Server
Liferay-Portal
X-Debug-IsPreview
X-UUID
X-IPS-LoggedIn
X-FW-Serve
X-FW-Version
X-FW-Hash
X-FW-Dynamic
X-Adobe-Content
X-Adobe-Loc
Fastly-SIE
Fastly-SWR
X-Cacheable-TTL
X-User-Agent
X-Cache-Grace
X-Region
X-NYM-Debug-Backend
X-G
X-Rule
X-Device-Type
Url
From-Origin
X-Jobs
X-L-Path
X-Environment-Context
X-Cache-Hit
Country
X-Hl-Ver
X-Backend-Name
X-Status
X-B3-SpanId
X-B3-Traceid
Amp-Access-Control-Allow-Source-Origin
ServerID
X-Time
Surrogate-Key
X-Hosted-By
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Origin-TTL
X-Origin-CC
X-VC-Cache
X-Webkit-CSP
Alternate-Protocol
X-Cache-Age
Countrycode
X-Content-Powered-By
X-Cache-Status-Check
X-Via-JSL
X-INCAP-ABP
X-Akamai-Request-ID2
Version
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-HTML-Minification-Powered-By
WPO-Cache-Message
WPO-Cache-Status
Protected
X-Http-Reason
SRV
X-NODE
X-XRDS-Location
GEO-INFO
X-Rocket-Nginx-Serving-Static
X-Akamai-Edgescape
CDN-RequestId
CF-IPCountry
X-CDN-Forward
X-Framework
X-COUNTRY
X-Storage
X-Source
X-WP-CF-Super-Cache-Active
X-Accel-Version
X-Edge-Location
Access-Control-Request-Headers
X-Nginx-Cache
X-Cache-Rule
Front
X-Mode
X-Httpd
OT-Force-Account-Verify
X-Real-IP
X-Rn-Rsrv
Accept-Language
X-UPSTREAM-Address
X-Upstream-Ct
X-Upstream-Ht
X-Cache-Operation
X-Xfnlog-Site
Meta-Geo
X-Endurance-Cache-Level
X-Rewrite-Enabled
Webserver
Filters
X-Proxy-Build
X-Director
X-Tumblr-Pixel-3
X-Timing-Wait
X-Served-From
X-SaId
X-Soup
X-Tumblr-Pixel-2
Selected-Fe
X-JoinUs
X-Logging-Id
X-Handled-By
X-Cache-Debug
X-Redis-Cache
X-Say-Cacheable
ServedBy
X-SayCDN-TTL
X-Detected-As
X-Say-TTL
X-Varnish-Cache-Hits
X-Origin
X-Worker
X-Use-Magma
X-Use-Mantle
X-Tncms
X-Lambda-Id
Property-Id
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Vcache
DB-Nickname
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Restarts
Xserver
TWC-GeoIP-LatLong
TWC-Privacy
X-Cms-Context
X-ProxyCache-Key
X-Cache-Time
X-Format
X-GeoCode
X-Labrador-Cache-Channel
X-GeoCountry
X-VCT
X-ProxyCache-Status
Webcakes-App-Name
Web-Mar-Node
X-RM-Cache-TTL
Webcakes-App-Version
Webcakes-Region
X-BYPASS-REASON
X-Adobe-Source
TWC-Locale-Group
X-PHP-Host
X-Origin-Hint
X-Sql-Count
X-Loop
X-Server-W
X-Varnish-Age
X-No-Session
X-VC
X-Sql-Duration-Ms
X-Git-Commit
X-AWS-Id
X-Skip-Cache
X-IPLB-Instance
X-IPLB-Request-ID
X-VWS-Id
X-Vercel-Id
X-Vercel-Cache
X-Generation-Time
X-Container-Uri
X-Fetched-On
X-Varnish-Beresp-Grace
X-RCS-CacheZone
X-Tb
X-LJ-Flow-ID
X-Cache-Server
X-DynaTrace
Xet-Cookie
Mn-Server-Ip
Apigw-Requestid
X-ServerID
X-Cache-Host
X-Reqid
X-Cluster
X-Frame-Option
X-Provided-By
X-Web-Node
Section-Io-Id
Node
X-Geo-Region
X-Tcp-Rtt
X-Proxied
X-Forwarded-Host
X-Routing-Service
X-Extlb
X-Ms-Version
X-Locale
X-Is-Tablet
X-Ms-Request-Id
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-S
X-Site-Version
X-Browser-Name
X-AB
X-Zipkin-Id
X-Platform-Cluster
X-R9-Blue-Green-Version
Cross-Origin-Embedder-Policy
X-Uri
X-Platform-Processor
X-Platform-Router
Cache-Tv-Group
X-Webstats-RespID
Source
X-Drupal-Cache-Tags
Priority
Fastcgi-Useragent
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
Content-Secure-Policy
X-MP-GENERATED-AT
X-Origin-Date
WP-Super-Cache
X-Vcl-Version
CDN-CachedAt
CDN-Uid
CDN-RequestPullSuccess
AMP-Access-Control-Allow-Source-Origin
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-Cache
X-TT-LOGID
Onion-Location
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Generated-By
X-Urbn-Site-Id
X-Sucuri-Cache
X-Urbn-Context-Path
Locale
X-Content-Age
X-Sorting-Hat-ShopId
S-Rt
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Pass-Why
X-SRV
X-Xrds-Location
X-Sucuri-ID
X-Cdn-Origin
WZWS-RAY
X-Newrelic-Synthetics
X-Cluster-Node
X-Buckets
Sid
X-Ua
X-Varnish-Beresp-Ttl
Cross-Origin-Embedder-Policy-Report-Only
X-DataDome
X-Proxy-Cache-Status
X-Cache-Action
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-Shield-Cache-Expires
X-Thinkindot-L3
X-CMSURLCustom
X-Scope-Id
Cache
X-LSADC-Cache
Atl-Traceid
X-GEO
Fastly-Drupal-HTML
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-Via-CDN
X-Request-URI
X-Cache-NE
X-B-Cookie
X-A-Wwc
X-A-Dgt
X-Aed
X-BCube-Filmed-By
X-A-Dcw
X-Bl-Debug
X-Application
X-Bc-Bl
X-Cache-Bucket
Redirect-Candidate
MD5-Digest
Meta-Geo-Continent
Ngx-Var-Key
Ngx.Var.Host
Lang
Gannett-Cam-Experience-Id
CDCHOST
DCR-Decision-By
DCR-Processing-Time-Ms
Origin
Origin-Agent-Cluster
Type
X-A
X-A-Ccd
T-Server
Surrogated-Key
Candidate-Md5Url
Rendered-Blocks
Sslversion
X-A-Dam
X-Conf
X-ScT
X-SRCache-Key
X-Scheme
X-S-Cookie
X-PAYTM-SRV-ID
X-D
X-TIM-N
X-Vdms-Path
X-Vtex-Remote-Cache
X-Mg-Request-UUID
X-Viewer-Country
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vdms-Version
X-Optimistic-Header
X-Rojux
X-External-Request-Id
X-Destination
X-Developer
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Ec-Fail
X-Ec-GeoHdr
X-Aspnetmvc-Version
X-Thanos
X-Varnish-Beresp-Status
X-Dispatcher-Server
X-SD-PageType
X-Sigma-Backend
X-Section
X-Varnish-Director
X-TH-Server
X-Sigma
X-Bip
Environment
Fastly-GeoIP-CountryCode
DSUID
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-We-Are-Hiring
Fastly-SSL
X-VServer
X-VG-WebCache
Pramga
Magicmarker
X-Cache-Info
Host-ID
L
X-Varnish-Hostname
X-SB
X-Nyt-Route
X-Loc
X-Op-Id-All
X-Gdpr
X-Fastly-Cache
X-Origin-Time
X-Level-Front-Cache
X-Access
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Human
X-Aicache-OS
X-Instance-Name
X-Platform
X-Pool
Server-Hostname
Sever-Int
Server-Host
Server-Ext
X-Generated-On
Ssr
X-Rocket-Build-Number
X-Proxied-Request
Vix-Hermes-Req-Id
V-Age
X-Pubstack
X-Request-Time
Release
X-Clientip
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Correlation-ID
Apple-News-Services-Request-Url
X-VCache
X-Origin-Response-Time
X-DC
User-Cache-Control
X-TimeS
X-Datadome
X-TA-CDN-Provider
HostName
X-Varnishpool
X-VG-TLSProxy
X-Cache-Id
X-Core-Value
X-Device-Os
X-SVT-ORM-VERSION
X-UA-Device-Type
X-V-Cache
X-Cache-Date
X-Var-Ttl
X-BBC-Edge-Cache-Status
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
Uber-Trace-Id
We-Hiring
Cluster
X-Acquia-Purge-Cdn-Unconfigured
X-B3-Trace-ID
X-SVT-ORM-RULES
X-PERF
X-Zen-Fury
X-ApacheServer
X-Auto-Login
X-Block-Status
X-FC-Vary-Parameters
X-RateLimit-Remaining-Second
X-NCache
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Nginx-Cache-Key
X-RateLimit-Limit-Second
X-Org
Canary
X-Policy
X-Node-Id
X-NMSegId
X-Men
X-Req
X-Geo-Header
X-GeoIP
X-Gen-Mode
X-Forwarded-Site
True-Client-Country-4JS
X-GeoIP-City
X-Gzip
X-Request-Host
X-Irp-Debug
X-Request-Start
X-HS-Content-Campaign-Id
X-Hnp-Log
X-Esi-Check
X-WA-Info
C-Via
Gh-Request-Id
Req-Svc-Chain
Cache-Provider
On-Server
NM-Fastcgi-Cache
Machine
Req-ID
Mail-Subject
X-Service
Expiry
X-Connection-Hash
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Test
X-Cache-TTL-Remaining
Producers
Platform
X-Cdn-Srv
X-Core-Mission
X-Branch-Name
X-SIPLIST1
Country-Code
Esi-Enabled
X-Proto
X-Old-Content-Length
Click-Count-Action-Start
Click-Count-Error
X-Micro-Cache
AKAMAI
X-Server-IP
X-From
IsBot
Is-Eu
X-Hash
Adler-Geo
X-Fmm-Version
X-Up
X-Moov-Xdn-Version
X-Varnish-Authentication
X-Ad-Load-Variation
Tube-Got-Results
X-Moov-T
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-GoCache-CacheStatus
W
Tube-Got-Eval
Tube-Return
Content-Script-Type
Tube-Get-Contents
A
Content-Style-Type
X-App-Name
Datacenter
X-Eu-Site
X-Slack-Shared-Secret-Outcome
X-Edge-Server
Cf-Device-Type
X-Slack-Backend
X-Wikidot-Static-Cache
X-Sn-Servicetimems
Cdn-Host
X-ZONE
Cdn-Request-Time
X-Wikidot-Backend
Fastly-Backend-Name
HA-Ipaddr
Ha-Gx-Prefs
L5d-Success-Class
X-Amz-Meta-Cb-Modifiedtime
X-Csrf-Jwt
X-CacheTTL
Pics-Label
X-CGP
Proxy-Firewall
Cache-Key
X-Parent-Response-Time
LB
X-Tx-Id
RNT-Machine
Locid
X-Accel-Expires-Debug
X-AK-Request-ID
Cdnsip
Cdncip
X-Owner
X-Qloud-Router
X-Via-Popv
X-Via-Poph
X-Via-Popn
RNT-Time
X-HA-Backend
X-ND-Cache
X-Dc
X-Region-Sid
X-Ah-Environment
X-Date
X-NGINX-Cache
N-Cache
Expect-Staple
NGX
Yak-Timeinfo
X-HN
X-Amz-Storage-Class
PFcat
X-LB-NoCache
Cdn
X-CF-Lambda-Version
X-VarnishDD-TTL
X-CF-Lambda-Fn
X-Azure-Ref-OriginShield
X-Shop-Environment
X-Refresh
X-Orig-Expires
X-Backend-Instance
X-Tenant
X-Tb-Optimization-Total-Bytes-Saved
X-CACHE-GROUP
Xc-Version
X-Forwarded-Path
X-Cache-Type
SID
X-Servedbyhost
X-Ratelimit-Reset
X-LB-ID
X-Wa
XM
GeoIp-Country-Code
X-Gamma-Serve
X-Nc
X-CDN-Cache-Status
X-VHOST
NtCoent-Length
RATING
X-Origin-Expires
Server-ID
X-DynaTrace-JS-Agent
X-Tt-Logid
Cmstype
Cmsid
X-Cache-Backend
X-Varnish-Hits
X-API-Version
Cdn-Requestid
X-NewRelic-App-Data
X-Client-Ip
X-Lagoon
X-Cdn-Diag
X-Vmg-Version
CPC-Age
X-Srv
CPC-Cache
CloudFront-Viewer-Country
X-Nananana
X-Fpc
X-Akamai-Transformed
X-Presslabs-Stats
X-TIME
X-TX-ID
X-Via-Fastly
X-LAGOON
X-B3-Parentspanid
Resin-Trace
X-UA
X-Api-Version
X-CACHE-AGE
X-Zone
X-Hit
Cross-Origin-Opener-Policy-Report-Only
Uri
CacheControlHeader
X-Proxy-CacheRZ
X-Variation
User-Agent
XkeyRZ
X-Nf-Request-Id
X-URL
MIME-Version
GeoIP-Latitude
Cache-Hits
X-Fastly-Country-Code
X-Location
X-DataCenter
X-Info
X-Ig-Origin-Region
X-Vc
True-Client-IP
X-Amz-Meta-Opti
X-ECache
X-Dynatrace-Js-Agent
Hostname
X-LiteSpeed-Tag
Tcn
Fusion-Component-Id
Fusion-Content-Source
VNS-Age
X-Datacenter
VNS-Cache
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
X-NWS-UUID-VERIFY
True-Client-Ip
Lb
DataCenter
X-B3-Spanid
X-LiteSpeed-Cache-Control
X-HostName
X-CSRF-TOKEN
X-Geo
X-RID
Cache-Name
Powered-By
X-CS
X-Cloudmap
X-Jungle-Id
Origin-CC
Mime-Version
X-CUA
X-Cached-By
Origin-EX
Fastly-Drupal-Html
X-IAuth-Set-Uid
X-Dispatcher-Number
X-User
X-HOST
X-AIR-PT
Cf-Ipcountry
X-Segment-20210421
Debug
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-Varnish-Beresp-TTL
Load-Balancing
X-Render-Time
Cl-Cache
X-Mid
Srv
X-Wormhole-Sdk
X-Powered-By-VTEX-Cache
X-MCACHE
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Esi
BehaviorPad-Version
Ohc-File-Size
Edge-Cache
X-FPC
GeoIP-Country-Code
CDN
X-Auth-Group-Type
X-Dispatch
X-Litespeed-Tag
CountryCode
X-Lb-Id
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
Server-Id
Ohc-Cache-HIT
X-Ig-Push-State
X-Cache-Enabled
X-NC
X-WA
X-ServedByHost
YJS-ID
X-Cache-Ttl
X-Cs
X-Fastly-Backend-Reqs
Location
Server-Info
X-Lb-Nocache
X-NodeID
My-App
Odigeo-Trace-Id
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Wpo-Cache-Status
X-Litespeed-Cache-Control
X-VCL-Version
X-APP-VERSION
Ms-Author-Via
Wpo-Cache-Message
X-Internal-Host
X-Custom-Header
Ngx
X-Vgn-Hpd-Reason
X-Proxy-Cache-La3
Xkeylog
Xkey-La3
X-MSEdge-Features
X-Snapshot-Date
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
X-MSEdge-Flight
CF-Cached-On
X-Cdn-Request-ID
CF-Ctrl
X-Acquia-Application-UUID
X-Depends
X-Acquia-Application-Trace
X-Acquia-Site
X-IN-APIGATEWAYSSL
Memory
X-IN-APIGATEWAY
OriginIP
Memcached
Time
X-Acquia-Purge-Tags
Section-Origin-Responded
Srvid
Section-Io-Origin-Time-Seconds
X-FL-EDGE
X-FL-QIT-DEBUG
X-App
X-Ha-Backend
X-Via-PopH
X-Via-PopN
X-Via-PopV
FSS-Cache
Section-Io-Origin-Status
X-Nitro-Cache-From
X-Nitro-Cache
X-Nitro-Rev
X-Shardid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Cache-Version
X-Shopid
Akamai-Cache-Status
X-PHP-Backend
X-Pad
X-Te-Duration-Ms
X-Http-Duration-Ms
X-Http-Count
X-Te-Count
X-Cache-FS-Status
X-Fastly-Cache-Hits
X-Check-Cacheable
X-Serial
Sm-Log-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-RequestId
Geoip-Latitude
X-Service-Response-Time
X-Web-Server
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-Lsadc-Cache
X-Sucuri-Id
X-Th-Server
X-Mg-Cache