Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Request-ID
Keep-Alive
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Amz-Version-Id
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Litespeed-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-SaveTime
X-Swift-CacheTime
X-Dns-Prefetch-Control
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Node
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Server-Id
X-Host
X-Country-Code
X-Backend-Server
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Accept-Ch-Lifetime
Cache-Tag
P3p
Cf-Request-Id
X-Ua-Device
X-Amz-Server-Side-Encryption
X-LiteSpeed-Cache
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
Request-Id
X-TraceId
X-Application-Context
X-Content-Type
Fastly-Restarts
X-Times
X-Nf-Request-Id
X-Vname
X-PC
X-TtlSet
Rating
X-Clacks-Overhead
X-Cnection
X-Edge
X-Mcache
X-Midtier
X-ESI
X-Browser-Type
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Vcap-Request-Id
X-FTR-Cache-Status
X-FTR-Expires
Origin-Trial
Edge-Control
X-Cache-TTL
X-Element-Page-Cache
X-D2id
Surrogate-Key
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Country
X-Powered-By-Plesk
X-Oneagent-Js-Injection
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Ac
X-Abt-Application-Version
X-Upstream
Verso
X-Mod-Pagespeed
X-Navigation-Version
X-B3-TraceId
X-Url
X-ORACLE-DMS-RID
X-Amz-Rid
X-Language
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Nginx-Cache
Akamai-GRN
Pagespeed
X-GitHub-Request-Id
Display
X-Sol
X-Middleton-Display
X-ECACHE
S
X-Envoy-Decorator-Operation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Response
X-Middleton-Response
X-MS-InvokeApp
AR-Request-ID
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
X-Ratelimit-Limit
X-Distributor
X-Goog-Hash
X-Resp-Is-Stale
SPIisLatency
X-Edge-Location-Klb
X-SharePointHealthScore
X-Kinsta-Cache
SPRequestGuid
SPRequestDuration
X-Ser
X-ARC
X-NGENIX-Cache
X-Ttl
Access-Control-Request-Method
Front-End-Https
X-Dw-Request-Base-Id
X-Client-IP
X-Ruxit-Js-Agent
X-Shield-Request-Id
X-Amzn-Trace-Id
X-Content-Digest
X-Ezoic-Cdn
RTSS
X-Recruiting
X-Varnish-TTL
X-Cache-Key
Cache-Status
X-Version
X-T
X-Mg-S
TP-Cache
X-Powered-CMS
Public-Key-Pins
X-Accel-Expires
X-MSEdge-Ref
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Fastcgi-Cache
X-Ismobilevalue
X-Daa-Tunnel
Arr-Disable-Session-Affinity
AR-CACHE
Realpath
X-Cached
Cache-Tags
X-Cluster-Name
X-Id
X-Correlation-Id
Content-MD5
X-Request-Received
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
Ar-SID
YJS-ID
X-Request-Device-Id
X-HS-Combine-CSS
X-Forwarded-For
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Fastly-Request-ID
X-Newrelic-App-Data
Payment
X-DIS-Request-ID
X-Ua-Browser
X-Xrds-Location
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-COUNTRY
X-Azure-Ref
X-RateLimit-Remaining
X-GUploader-UploadID
X-HS-Prerendered
X-Amz-Replication-Status
X-HS-CF-Cache-Status
Content-Disposition
X-Webkit-Csp
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-Px
X-Ratelimit-Reset
X-Page-Id
X-Origin-Server
X-Protected-By
X-Unique-Id
X-SRCache-Store-Status
Accept-Charset
X-Az
X-AppVersion
X-Activity-Id
X-SRCache-Fetch-Status
Cross-Origin-Resource-Policy
X-Logged-In
X-Rid
X-FB-Debug
MicrosoftSharePointTeamServices
X-Www-Served-By
X-Proxy
X-SERVER-NAME
X-Amz-Meta-S3cmd-Attrs
X-Git-Hash
Cleartype
X-ORACLE-DMS-ECID
X-Microsite
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-Request-Handler-Origin-Region
X-TTL
X-Load-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
Version
X-LLID
X-Goog-Metageneration
X-Template
X-Geo-Country
X-TEC-API-ROOT
X-Varnish-Backend
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Forwarded-Proto
X-CST
X-PressLabs-Stats
X-Upgrade-Enabled
Server-Node
X-Hits
Server-Name
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-App-Server
X-Hostname
X-TT
X-Content-Options
X-B
X-Fb-Rlafr
X-Grace
X-Varnish-Server
Access-Control-Allow-Method
Alternate-Protocol
Section-Io-Cache
X-Varnish-Grace
Viewport
Fastly-SWR
Fastly-SIE
Healthy
X-Frontend
X-Device-Type
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Status
AKAMAI-GRN
X-Request-Guid
X-Goog-Storage-Class
X-Goog-Generation
TCN
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Contextid
Upgrade-Insecure-Requests
DC
X-Magnolia-Registration
Host
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
Retry-After
MS-Author-Via
X-Requestid
X-CSRF-Token
X-Cache-Control
X-Cache-Age
Amp-Access-Control-Allow-Source-Origin
X-App-Version
Frame-Options
X-Revision
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Buckets
X-Origin-CC
X-Debug
X-Origin-TTL
X-Varnish-Ttl
X-Response-Served-From
X-Original-Request-Id
X-Type
X-ProcessESI
X-RemovedCookies
X-Hl-Ver
X-UUID
SD-X-WS
Cross-Origin-Opener-Policy-Report-Only
X-Mobile
Cross-Origin-Embedder-Policy-Report-Only
X-Adobe-Content
X-Akamai-Edgescape
X-Adobe-Loc
X-Oracle-Dms-Ecid
X-Content-Powered-By
Access-Control-Request-Headers
X-Backend-Name
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Ms-Operation-Id
MS-CV
X-Debug-IsConnected
X-ServerID
X-RTag
X-Seen-By
X-Debug-IsPreview
X-INCAP-ABP
X-Instance
X-G
X-AB
X-N
X-Cache-Status-Check
X-Is-Bot
X-NYM-Debug-Backend
X-Tumblr-User
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Rendered-As
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Mg-Request-UUID
X-Lambda-Id
X-Trace-Id
X-Framework
X-WP-CF-Super-Cache
Section-Io-Id
X-Akamai-Request-ID2
NGB
X-WP-CF-Super-Cache-Cache-Control
X-Storage
X-Server-W
X-RM-Cache-TTL
X-Dc
X-Vcl-Version
Charset
Cache
Webserver
X-Yandex-Req-Id
Filterid
X-DataDome
X-B3-SpanId
X-Cache-Time
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-ECache
Paypal-Debug-Id
Accept-Language
X-Request-Bu
X-Request-Site
X-Request-Platform
Refresh
X-URL
X-VC-Cache
X-Cache-Hit
X-Ms-Version
Onion-Location
X-Ms-Request-Id
X-HITS
X-Fastcgi-Cache
SRV
X-F-Cache
X-Time
X-Real-IP
X-Node-Name
YJS-CacheStatus
X-Region
X-User-Agent
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Xet-Cookie
X-Mode
X-IPS-LoggedIn
Priority
Liferay-Portal
CDN-RequestId
X-HTML-Minification-Powered-By
GEO-INFO
X-LB-Cache
X-L-Path
X-Environment-Context
X-Service
X-Drupal-Cache-Tags
X-Pass-Why
Cross-Origin-Window-Policy
X-Rocket-Nginx-Serving-Static
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Adobe-Source
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Rule
X-JoinUs
X-Is-Modern-Browser
Backend
X-Is-Supported-Browser
X-Is-Tablet
Selected-Fe
X-Timing-Wait
X-Is-Mobile-Only
X-Tb
X-Geo-Region
X-SaId
X-Is-Desktop
X-Is-Mobile
X-Cache-Expired-At
X-Rewrite-Enabled
Meta-Geo
X-Rn-Rsrv
X-UPSTREAM-Address
X-Browser-Name
Protected
Country
X-Proxy-Build
X-Tcp-Rtt
X-Proxy-Cache-Info
X-ProxyCache-Key
X-VC
X-Origin
X-Whom
X-BYPASS-REASON
X-Httpd
X-Wix-Request-Id
X-Handled-By
X-ProxyCache-Status
X-Origin-Cache
X-Web-Node
X-Generation-Time
X-MP-GENERATED-AT
X-Storefront-Renderer-Rendered
OT-Force-Account-Verify
X-Alternate-Cache-Key
X-Shopify-Stage
X-Provided-By
Mn-Server-Ip
TWC-Locale-Group
X-Routing-Service
ServerID
Cache-Hits
Property-Id
TWC-GeoIP-Country
X-Connection-Hash
X-FB-TRIP-ID
X-Extlb
TWC-Device-Class
X-S
TWC-GeoIP-DMA
TWC-GeoIP-City
TWC-GeoIP-Region
X-Loop
TWC-GeoIP-LatLong
X-WP-CF-Super-Cache-Active
TWC-Connection-Speed
X-Detected-As
X-Origin-Date
Webcakes-Region
X-Servername
X-Zipkin-Id
TWC-Privacy
X-CLOUD-TRACE-CONTEXT
X-Cloudmap
X-Cacheable-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxied
X-RCS-CacheZone
X-Vcache
X-VCT
Fastcgi-Useragent
Url
Expiry
Environment
Uber-Trace-Id
Web-Mar-Node
Webcakes-App-Name
Webcakes-App-Version
X-Varnish-Beresp-Grace
X-Origin-Hint
X-Tncms
X-Cdn-Origin
DB-Nickname
Atl-Traceid
X-Cms-Context
X-Cluster
ServedBy
X-Redis-Cache
X-Skip-Cache
X-Cache-Action
X-Soup
X-Tumblr-Pixel-3
X-Logging-Id
X-Auth-Group-Type
X-Tumblr-Pixel-2
X-App-Environment
Apigw-Requestid
X-Fetched-On
X-Drupal-Cache-Contexts
X-Director
X-Format
X-Forwarded-Host
X-Hosted-By
X-Hit
LB
X-Locale
X-Cache-Host
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-FW-Version
X-Scope-Id
X-Served-From
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Restarts
Locale
X-FW-Type
X-Endurance-Cache-Level
X-Edge-Location
X-Debug-Info
X-Cluster-Node
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Labrador-Cache-Channel
X-Cache-Debug
X-PHP-Host
Filters
X-Server-ID
X-IPLB-Instance
X-IPLB-Request-ID
X-NewRelic-App-Data
X-Platform
Node
X-Mly-Id
X-R9-Blue-Green-Version
X-XRDS-Location
Front
X-Api-Version
X-GEO
AR-SID
X-CDN-Cache-Status
X-Sorting-Hat-PodId
X-No-Session
X-Sorting-Hat-ShopId
X-CDN-Forward
X-ShardId
X-ShopId
Xserver
X-Tt-Logid
X-Varnish-Age
X-Optimistic-Header
X-Varnish-Cache-Hits
WPO-Cache-Status
X-UA
Countrycode
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Beresp-Ttl
Cache-Tv-Group
X-SRV
X-Fastly-Request-Id
X-Presslabs-Stats
X-Generated-By
X-Wormhole-Sdk
X-B3-Traceid
X-Signature
X-NWS-UUID-VERIFY
X-B-Cache
Referer-Policy
X-CACHE-AGE
X-Client-Ip
X-Webstats-RespID
X-Azure-Ref-OriginShield
X-Site-Version
Request-ID
X-Ua
From-Origin
X-IsAdmin
X-Cache-Operation
X-Cache-Rule
X-PHP-Backend
Cache-Provider
X-Accel-Version
Location
X-Worker
X-VWS-Id
AMP-Access-Control-Allow-Source-Origin
X-AWS-Id
X-LJ-Flow-ID
X-NF-Request-ID
X-Auto-Login
X-TA-CDN-Provider
X-VC-TTL
X-Upstream-Ct
X-Upstream-Ht
X-Tx-Id
X-Loc
X-Bc-Bl
X-Tb-Optimization-Total-Bytes-Saved
X-A-Dcw
X-A-Dam
X-A-Ccd
X-Bl-Debug
X-Ig-Origin-Region
X-BCube-Filmed-By
Xc-Version
N-Cache
X-Content-Age
Ngx.Var.Host
X-Conf
Meta-Geo-Continent
X-Org
WPO-Cache-Message
X-A
Origin
MD5-Digest
Source
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
X-External-Request-Id
DCR-Decision-By
DCR-Processing-Time-Ms
Fl-Custom-Application
Expect-Staple
X-Cache-NE
X-Destination
Candidate-Md5Url
Pragrma
S-Rt
Host-ID
Lang
Rendered-Blocks
X-B-Cookie
Origin-Agent-Cluster
Redirect-Candidate
X-D
X-GeoCode
X-GeoCountry
X-Clientip
X-Ig-Push-State
Sslversion
X-SRCache-Key
X-Aed
X-Application
X-S-Cookie
X-Varnish-Hostname
X-Rojux
X-PERF
X-A-Wwc
X-ScT
X-Vdms-Version
X-Vtex-Remote-Cache
X-ApacheServer
X-A-Dgt
X-Litespeed-Cache-Control
X-Xfnlog-Site
Cdncip
Cdnsip
Cmstype
X-SD-PageType
X-Section
Powered-By
X-Ee-Generated-By
Cmsid
X-Ee-Origin
Cluster
X-Ee-Request-Date
CDN-RequestCountryCode
X-Eu-Site
CDN-Cache
Canary
X-FC-Vary-Parameters
X-Fmm-Version
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Ee-Request-Id
CDN-PullZone
X-Epic-Correlation-Id
CDN-Uid
Origin-Site
Log-Origin
X-Content-Length
Time-Cloud-Cache
L5d-Success-Class
IsBot
X-Core-Value
Mail-Subject
X-Action
Odigeo-Trace-Id
X-Cms-Device
X-Contensis-Viewer-Groups
X-AK-Request-ID
X-Aicache-OS
X-Csrf-Jwt
X-Slack-Shared-Secret-Outcome
X-CGP
Fastly-SSL
X-Forwarded-Site
X-Sigma-Backend
X-Depends
X-Up
X-SIPLIST1
Gannett-Cam-Experience-Id
Ha-Gx-Prefs
X-CUA
Gh-Request-Id
X-Access
X-Slack-Backend
X-Sigma
X-Cache-Aspx
X-VG-TLSProxy
Country-Code
X-Men
X-Micro-Cache
X-Cs
Store-Cloud-Cache
X-Vary-Devices
Web-Mar-Region
X-Save-Cache
X-Internal-TTL
X-Sucuri-Cache
X-Render-Time
X-Policy
X-Mvc-Supplant-Cachable
Wxu-Next-Commit
Wxu-Next-Region
X-Origin-Expires
Wxu-Next-Hostname
Sid
X-VG-WebCache
X-PAYTM-SRV-ID
RNT-Machine
CF-IPCountry
X-Node-Id
RNT-Time
X-Old-Content-Length
X-HS-Content-Campaign-Id
We-Hiring
X-V-Cache
X-Uri
X-GeoIP-City
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Rocket-Build-Number
Apple-News-Services-Handled
Apple-News-Services-Host
X-Gamma-Serve
X-From
ServerName
X-Bug-Bounty
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Varnish-Authentication
X-GoCache-CacheStatus
X-Varnish-Beresp-Status
X-Req
X-ND-Cache
X-Varnish-Director
X-Hash
X-Server-IP
X-NGINX-Cache
X-Parent-Response-Time
X-Reqid
X-App-Name
X-AB-Test
X-Cache-Date
X-Amz-Storage-Class
X-Cache-FS-Status
X-Akamai-Device-Characteristics
X-Block-Status
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Accel-Expires-Debug
X-Bip
X-Ion-Healthy
X-Thanos
X-SVT-ORM-VERSION
X-Thinkindot-L1
X-Thinkindot-L3
X-UA-Device-Type
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Region-Sid
X-Request-URI
X-SB
X-Shield-Cache-Expires
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CacheTTL
X-Fastly-Backend
X-We-Are-Hiring
X-Vmg-Version
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Via-Fastly
X-Viewer-Country
X-Pubstack
X-Proto
X-Frame-Option
X-Gdpr
X-Gen-Mode
X-Generated-On
X-Ec-Custom-Error
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefElseHash
X-DefHash
X-HN
X-Hnp-Log
X-Nyt-Route
X-Op-Id-All
X-Origin-Time
X-Path
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Human
X-Ion-Hop
X-Jungle-Id
X-Level-Front-Cache
X-Date
X-Acquia-Purge-Cdn-Unconfigured
Azure-Version
Cache-Contol
Pics-Label
CDCHOST
Release
Azure-SlotName
RewriteTeamHook
Azure-SiteName
Fastly-Backend-Name
PFcat
Origin-EX
Content-Script-Type
Content-Style-Type
DSUID
L
Machine
Origin-CC
Nord-Request-ID
NM-Fastcgi-Cache
RewriteTestHook
Req-Svc-Chain
X-Air-Pt
V-Age
User-Cache-Control
Server-Host
X-FORWARDED-FOR
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Azure-RegionName
TDXMobile
Vix-Hermes-Req-Id
Azure-InstanceId
X-LSADC-Cache
Cdn-Request-Time
Click-Count-Action-Start
X-Moov-Xdn-Version
Click-Count-Error
X-DPWN-IS-SECURE
X-Proxied-Request
Cdn-Host
X-Gzip
C-Via
X-Vercel-Cache
X-Vercel-Id
CacheControlHeader
X-Location
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Esi-Check
X-ElasticPress-Query
X-Edge-Server
Tube-Got-Eval
Platform
X-B3-Trace-ID
Tube-Get-Contents
X-Cache-Id
Producers
Tube-Return
Tube-Got-Results
Fastly-GeoIP-CountryCode
X-Origin-Response-Time
X-Sucuri-ID
X-Source
Fastly-Drupal-HTML
XM
Mime-Version
CloudFront-Viewer-Country
X-Pad
NGX
X-ZONE
X-Cached-By
X-Refresh
Debug
Load-Balancing
X-Via-Popv
Cookie
X-Via-Poph
X-Varnish-Hits
X-APP
X-Via-Popn
X-Debug-Service
GeoIp-Country-Code
GeoIP-Latitude
X-Servedbyhost
X-Datadome
X-Nginx-Cache-Key
True-Client-Country-4JS
X-TH-Server
Sever-Int
HA-Ipaddr
X-HA-Backend
Product
Server-Hostname
X-Nananana
X-AIR-PT
Server-ID
Server-Ext
X-Srv
X-DynaTrace-JS-Agent
X-TT-LOGID
X-Litespeed-Tag
X-Webkit-CSP
X-Zone
Cdn
X-Ez-Minify-Html
Show-Do-Not-Sell-Link
X-Amz-Meta-Cb-Modifiedtime
Traceparent
X-Cdn-Forward
X-Cache-Backend
X-Nc
WZWS-RAY
X-Fpc
X-GeoIP
X-Wa
X-Cache-VC
X-Newrelic-Synthetics
DataCenter
X-B3-Parentspanid
X-User
Edge-Cache
HostName
X-Unity-Cache
X-LB-ID
Fastly-Drupal-Html
SID
MIME-Version
Tcn
X-Lsadc-Cache
X-VCL-Version
X-CDN-Provider
Resin-Trace
Akamai-Mon-Iucid-Del
Lb
X-Request-Start
X-AC
X-LB-NoCache
X-B3-Spanid
X-Vc
X-Nginx-Cache
X-Scheme
Xkey-La3
Xkeylog
X-Service-Response-Time
X-Proxy-CacheR9
X-Proxy-Cache-La3
Serverhost
Wsr-Cache
XkeyR9
A
Sm-Log-Id
X-Datacenter
X-LiteSpeed-Tag
Yjs-Id
CountryCode
X-TX-ID
X-HOST
Cs
Surrogated-Key
Hostname
X-LiteSpeed-Cache-Control
X-CS
X-Lb-Id
X-Pool
NtCoent-Length
X-Request-Host
X-RateLimit-Limit
X-Dynatrace-Js-Agent
X-WA
Cdn-Requestid
Esi-Enabled
X-HubSpot-Correlation-Id
Datacenter
CDN
Uri
X-NodeID
X-FPC
X-Akamai-Pragma-Client-IP
X-API-Version
X-RequestId
X-ID
X-Fastly-Backend-Reqs
X-Vgn-Hpd-Reason
X-Cache-Grace
X-Udemy-Cache-App-Namespace
X-NC
X-VC-Age
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
Proxy-Firewall
X-Stale
X-Styx-Info
Yak-Timeinfo
X-TIM-N
X-DataCenter
Content-Secure-Policy
Pramga
Cr
X-Styx-Origin-Id
X-HA-Application-Name
X-DynaTrace
Server-Id
X-Html-Minification-Powered-By
X-HA-Device-Type
X-HA-Bot-Classification
X-Via-JSL
N1-Cache
X-CSRF-TOKEN
X-TimeS
RATING
ServerHost
T-Server
X-Var-Ttl
X-Via-CDN
X-Srcache-Fetch-Status
X-Via-Edge
GeoIP-Country-Code
X-Via-SSL
X-Srcache-Store-Status
X-Ez-Minify-Js
Edge-Copy-Time
Geoip-Latitude
Cloudfront-Viewer-Country
W
X-Swift-Error
X-Lb-Nocache
X-Jobs
X-Varnish-Beresp-TTL
X-Zen-Fury
Srv
X-Ha-Backend
Req-ID
X-Geolocation
From-Cache
X-ServedByHost
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Oracle-DMS-ECID
X-App
WP-Super-Cache
True-Client-IP
X-MSEdge-Features
X-MSEdge-Flight
X-Via-PopV
X-CACHE-KEY
X-Via-PopN
X-Via-PopH
X-Shardid
X-LAGOON
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sorting-Hat-Shopid
X-Shopid
X-Sorting-Hat-Podid
X-Proxy-Cache-LA2
X-ByteArk-ReqID
FSS-Cache
X-ByteArk-Cache
On-Server
X-Correlation-ID
X-Ramcache
X-Key
X-VServer
Ohc-File-Size
X-Cdn-Srv
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
Ohc-Cache-HIT
CF-Cached-On
Ngx
X-Web-Server
X-Elasticpress-Query
X-Sucuri-Id
X-VTEX-Cache-Time
X-Webkit-Csp-Report-Only
X-Cdn-Cache-Status
X-Geo
Cl-Cache
X-Powered-By-VTEX-Cache
X-Check-Cacheable
X-VTEX-Cache-Server
X-PageType
X-Th-Server
Akamai-X-True-TTL
X-Fastly-Cache
X-ATG-Version
X-Serial
WebServer
X-DC
Cf-Ipcountry
X-Iplb-Request-Id
X-Iplb-Instance
X-Mg-Cache
Coldstone-Viewer-Currency
Warning
X-Beacon
X-MiniProfiler-Ids
X-Limited
Coldstone-Viewer-Country-Region-Name
My-App
Host-Name
X-Env
X-Request-Url
X-WA-Info
User-Agent
X-Fastly-Cache-Status
Xkey-G-Jp
Cneonction
Coldstone-Viewer-Country
FSS-Proxy