Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
Cf-Request-Id
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-Cache-Group
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Proxy-Cache
X-Server
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-Device
X-Node
X-LiteSpeed-Cache
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Server-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
P3p
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Request-Id
Fastly-Restarts
X-Clacks-Overhead
X-Content-Type
X-Country
X-TtlSet
X-PC
X-Vname
X-Application-Context
Rating
X-Times
X-Cnection
X-ESI
X-Browser-Type
X-Mcache
X-Edge
X-Midtier
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Cache-TTL
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Expires
Accept-Ch-Lifetime
Origin-Trial
X-Ac
Edge-Control
X-Powered-By-Plesk
X-Kinja-Revision
X-Kinja-Server
X-Abt-Application-Version
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Element-Page-Cache
X-D2id
X-NWS-LOG-UUID
X-FastCGI-Cache
Verso
X-Upstream
X-Nf-Request-Id
X-B3-TraceId
X-ORACLE-DMS-RID
X-Navigation-Version
X-Mod-Pagespeed
X-Amz-Rid
Nginx-Cache
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-GitHub-Request-Id
X-Client-IP
X-ECACHE
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Middleton-Response
Response
X-Language
Akamai-GRN
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
X-Ua-Device
Edge-Cache-Tag
S
AR-PoweredBy
AR-Request-ID
X-Goog-Hash
AR-ATIME
X-Resp-Is-Stale
X-ARC
X-MS-InvokeApp
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
X-Content-Digest
SPIisLatency
SPRequestDuration
X-Url
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
X-Cache-Key
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-Recruiting
X-NGENIX-Cache
Front-End-Https
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Varnish-TTL
X-Ttl
X-Forwarded-For
Public-Key-Pins
X-T
Fastcgi-Cache
X-Mg-S
X-MSEdge-Ref
Arr-Disable-Session-Affinity
TP-Cache
X-Accel-Expires
X-HS-Hub-Id
X-Daa-Tunnel
X-HS-Content-Id
X-HS-Cache-Config
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
X-Cached
Cache-Tags
X-Id
AR-CACHE
X-Fastly-Request-ID
X-Server-Name
X-HS-Combine-CSS
X-CST
X-Request-Received
Payment
X-Request-Processing-Time
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
Content-MD5
X-GUploader-UploadID
X-Xrds-Location
X-ORACLE-DMS-ECID
X-Newrelic-App-Data
X-Oneagent-Js-Injection
X-TTL
X-Ratelimit-Remaining
X-HS-CF-Cache-Status
X-HS-Prerendered
X-HP-Trace-Id
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Webp
X-Webkit-Csp
Content-Disposition
X-RateLimit-Remaining
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-Ruxit-Js-Agent
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Px
X-PressLabs-Stats
X-Unique-Id
X-Ratelimit-Reset
Accept-Charset
Cleartype
X-Page-Id
X-Logged-In
X-Git-Hash
X-Protected-By
X-Proxy
Cross-Origin-Resource-Policy
X-Origin-Server
X-Az
X-Activity-Id
X-AppVersion
X-FB-Debug
X-Rid
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-Request-Handler-Origin-Region
X-Load-Cache
X-Microsite
X-Www-Served-By
X-LLID
X-Goog-Metageneration
X-Varnish-Backend
YJS-ID
X-Template
MicrosoftSharePointTeamServices
X-SERVER-NAME
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
Version
Server-Node
X-Hits
X-URL
X-Geo-Country
Ar-SID
X-Upgrade-Enabled
Server-Name
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Amz-Apigw-Id
X-TEC-API-VERSION
X-Amzn-RequestId
X-Hostname
X-Content-Options
X-Frontend
Section-Io-Cache
X-B3-Sampled
X-Varnish-Server
Viewport
X-Varnish-Grace
X-Status
X-B3-TraceId-Primal
X-Device-Type
Mrf-Cache-Status
MRF-Tech
X-App-Server
X-TT
Fastly-SWR
X-Grace
Fastly-SIE
Access-Control-Allow-Method
Alternate-Protocol
X-Request-Device-Id
X-Fb-Rlafr
X-Server-ID
TCN
X-B
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-NF-Request-ID
X-Goog-Stored-Content-Length
Upgrade-Insecure-Requests
Healthy
X-Request-Guid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
Amp-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
X-COUNTRY
X-WebKit-CSP-Report-Only
X-Varnish-Ttl
DC
X-Buckets
X-EdgeConnect-Cache-Status
AKAMAI-GRN
X-Cache-Age
Retry-After
X-Wormhole-Sdk
X-Amzn-Remapped-Content-Length
X-CSRF-Token
X-Debug
X-Contextid
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Cache-Control
AR-SID
MS-Author-Via
X-Revision
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Response-Served-From
X-Original-Request-Id
X-Instance
X-Vcl-Version
Cross-Origin-Embedder-Policy-Report-Only
X-Origin-TTL
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UUID
X-Origin-CC
X-Rendered-As
Cross-Origin-Opener-Policy-Report-Only
X-Seen-By
X-NYM-Debug-Backend
X-Is-Bot
X-Lambda-Id
SD-X-WS
X-Backend-Name
Section-Io-Id
X-Type
Access-Control-Request-Headers
X-Framework
X-Hl-Ver
X-Adobe-Content
X-Mobile
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Mg-Request-UUID
X-Trace-Id
X-Content-Powered-By
X-Adobe-Loc
X-Akamai-Edgescape
X-Debug-IsConnected
Charset
X-App-Version
X-INCAP-ABP
MS-CV
X-Storage
Ms-Operation-Id
X-G
NGB
X-Cache-Hit
X-Debug-IsPreview
X-RTag
X-ProcessESI
X-RemovedCookies
X-ServerID
X-RM-Cache-TTL
X-Server-W
X-DataDome
X-Akamai-Request-ID2
X-Request-Platform
X-N
X-Dc
X-Request-Bu
X-Request-Site
X-Cache-Status-Check
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-AB
Refresh
Filterid
Frame-Options
X-Cache-Time
Cache
X-Time
Protected
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Fastcgi-Cache
X-Region
Accept-Language
X-B3-SpanId
SRV
X-Node-Name
X-Real-IP
Webserver
CDN-RequestId
X-ECache
Paypal-Debug-Id
X-User-Agent
X-HITS
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Cross-Origin-Window-Policy
Onion-Location
X-Hcs-Proxy-Type
X-LB-Cache
X-Ms-Version
X-Ms-Request-Id
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Cache-Expired-At
Liferay-Portal
X-F-Cache
X-Requestid
X-VC-Cache
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-WP-CF-Super-Cache-Active
X-Whom
Priority
X-Mode
Backend
X-Pass-Why
X-Rocket-Nginx-Serving-Static
Xet-Cookie
X-Oracle-Dms-Ecid
OT-Force-Account-Verify
X-Proxy-Cache-Info
GEO-INFO
X-Tb
X-VC
X-Environment-Context
X-L-Path
X-Drupal-Cache-Tags
X-App-Environment
X-Service
X-Cloudmap
ServerID
X-Rn-Rsrv
Filters
X-Rewrite-Enabled
Meta-Geo
Url
Web-Mar-Node
X-Servername
Fastcgi-Useragent
X-Routing-Service
X-Debug-Info
X-Browser-Name
X-SaId
X-Handled-By
X-Detected-As
X-FW-Server
X-Is-Supported-Browser
X-FW-Serve
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
X-FW-Version
X-FW-Type
X-FW-Hash
X-FW-Dynamic
X-JoinUs
X-Endurance-Cache-Level
X-Loop
X-Is-Tablet
X-Cacheable-TTL
X-Proxied
X-Extlb
X-UPSTREAM-Address
X-FW-Static
X-Vcache
X-Zipkin-Id
X-Tncms
X-Tcp-Rtt
X-Origin-Date
X-Restarts
Webcakes-Region
X-Director
Property-Id
X-Origin-Hint
Webcakes-App-Version
X-MP-GENERATED-AT
X-Locale
X-Adobe-Source
TWC-Device-Class
X-Logging-Id
X-IPLB-Request-ID
X-IPLB-Instance
TWC-GeoIP-Country
TWC-GeoIP-City
X-Wix-Request-Id
LB
TWC-GeoIP-Region
X-Rule
TWC-Privacy
X-Generation-Time
Country
TWC-GeoIP-LatLong
X-Web-Node
ServedBy
TWC-Locale-Group
Webcakes-App-Name
TWC-Connection-Speed
TWC-GeoIP-DMA
X-Format
Atl-Traceid
X-Forwarded-Host
Mn-Server-Ip
X-Redis-Cache
X-Storefront-Renderer-Rendered
X-Hit
X-ProxyCache-Status
Uber-Trace-Id
X-Cms-Context
X-Shopify-Stage
X-Httpd
X-Soup
X-Hosted-By
X-Scope-Id
X-Cluster-Node
X-Cdn-Origin
X-Cache-Host
X-BYPASS-REASON
X-Alternate-Cache-Key
X-ProxyCache-Key
X-Say-Cacheable
X-SayCDN-TTL
X-Cluster
X-Say-TTL
X-Varnish-Beresp-Grace
X-Edge-Location
X-Cache-Action
X-Skip-Cache
X-RateLimit-Limit-Second
X-Served-From
X-Drupal-Cache-Contexts
X-RateLimit-Remaining-Second
X-FB-TRIP-ID
Apigw-Requestid
X-Fetched-On
X-Connection-Hash
X-Timing-Wait
Selected-Fe
X-Tumblr-Pixel-2
X-Auth-Group-Type
X-Tumblr-Pixel-3
Expiry
X-Origin-Cache
X-R9-Blue-Green-Version
DB-Nickname
X-Labrador-Cache-Channel
X-Proxy-Build
X-PHP-Host
X-Mly-Id
X-Urbn-Site-Id
Environment
X-Origin
Locale
X-Urbn-Context-Path
Cache-Hits
X-S
Countrycode
X-RCS-CacheZone
X-VCT
X-No-Session
X-ShardId
X-Yandex-Req-Id
X-Sorting-Hat-PodId
X-Source
X-Sorting-Hat-ShopId
YJS-CacheStatus
X-ShopId
X-NewRelic-App-Data
X-GEO
X-Cache-Debug
X-Is-Modern-Browser
X-Varnish-Age
Front
X-Varnish-Cache-Hits
X-CLOUD-TRACE-CONTEXT
X-WP-CF-Super-Cache-Cookies-Bypass
X-UA
WPO-Cache-Status
X-SRV
X-Api-Version
X-Lagoon
Node
Xserver
X-XRDS-Location
X-Provided-By
X-Varnish-Beresp-Ttl
X-Site-Version
X-Webstats-RespID
X-CDN-Forward
X-Is-Mobile-Only
X-Generated-By
X-Cdn
Cache-Tv-Group
Cache-Provider
From-Origin
X-TA-CDN-Provider
X-Accel-Version
X-Azure-Ref-OriginShield
Referer-Policy
X-Fastly-Request-Id
X-B3-Traceid
X-Platform
X-Xfnlog-Site
X-CDN-Cache-Status
X-VC-TTL
X-Signature
X-B-Cache
X-CACHE-AGE
Request-ID
X-Ua
X-TT-LOGID
CF-IPCountry
X-Sucuri-Cache
X-NWS-UUID-VERIFY
Location
WPO-Cache-Message
AMP-Access-Control-Allow-Source-Origin
X-Reqid
X-Tx-Id
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
X-Air-Pt
CDN-EdgeStorageId
X-PHP-Backend
CDN-CachedAt
CDN-Cache
X-Optimistic-Header
X-Cache-Operation
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Rule
X-IsAdmin
X-Sucuri-ID
X-Tt-Logid
X-Access
X-Aed
X-AK-Request-ID
X-Rocket-Build-Number
X-Request-URI
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Wwc
X-Application
X-Sigma
X-Bl-Debug
X-Sigma-Backend
X-Cache-Aspx
X-Ig-Origin-Region
X-BCube-Filmed-By
X-Section
X-S-Cookie
Apple-News-Services-Handled
X-B-Cookie
X-Ig-Push-State
X-ScT
X-Rojux
Apple-News-Services-Parsed-Url
Fastly-SSL
Fl-Custom-Application
Expect-Staple
Redirect-Candidate
Rendered-Blocks
Origin
Odigeo-Trace-Id
Log-Origin
Lang
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
DCR-Processing-Time-Ms
DCR-Decision-By
Candidate-Md5Url
Cdncip
Web-Mar-Region
Apple-News-Services-Request-Url
X-Cache-NE
Cdnsip
Sslversion
RNT-Machine
X-Loc
X-Old-Content-Length
X-Origin-Expires
RNT-Time
Apple-News-Services-Host
X-Auto-Login
X-Depends
X-Destination
XM
X-Fmm-Version
X-VG-WebCache
X-SRCache-Key
X-D
Xc-Version
X-Developer
X-External-Request-Id
X-Vtex-Remote-Cache
X-Viewer-Country
X-Ec-GeoHdr
X-Ec-Fail
X-Frame-Option
X-Varnish-Authentication
X-Forwarded-Site
X-Content-Age
X-HS-Content-Campaign-Id
X-Varnish-Director
X-GeoCode
X-Clientip
X-Contensis-Viewer-Groups
X-Vdms-Version
X-Core-Value
X-GeoCountry
X-Conf
X-GeoIP-Region-Code
X-GeoIP-City
ServerName
TDXMobile
Thinkindot-CacheControl
X-Ee-Request-Id
Store-Cloud-Cache
X-Epic-Correlation-Id
X-Fastly-Backend
X-Eu-Site
X-Level-Front-Cache
X-Micro-Cache
X-From
X-GoCache-CacheStatus
Origin-EX
X-Gdpr
Origin-Agent-Cluster
Origin-CC
Thinkindot-CacheControl-Type
X-Generated-On
RewriteTestHook
X-Gen-Mode
RewriteTeamHook
Req-Svc-Chain
Nord-Request-ID
X-FC-Vary-Parameters
Wxu-Next-Region
X-App-Name
X-CUA
L5d-Success-Class
X-Hnp-Log
X-Date
X-Akamai-Device-Characteristics
X-Ion-Healthy
X-Internal-TTL
X-Csrf-Jwt
X-Backend-Instance
X-Block-Status
X-Bug-Bounty
X-CGP
X-Cms-Device
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-Content-Length
X-Debug-Cache-Fetch
X-Aicache-OS
X-Ee-Request-Date
Wxu-Next-Commit
Wxu-Next-Hostname
V-Age
User-Cache-Control
X-Jungle-Id
X-Ion-Hop
X-Human
X-Ee-Origin
X-Acquia-Purge-Cdn-Unconfigured
X-Action
X-Debug-Cache-Store
X-Accel-Expires-Debug
X-Hash
X-Ee-Generated-By
X-Ec-Custom-Error
Time-Cloud-Cache
X-Moov-T
X-Render-Time
X-Region-Sid
X-Pubstack
L
X-Save-Cache
X-Shield-Cache-Expires
X-SD-PageType
X-Varnish-Hostname
X-Policy
X-Path
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-GeoIP-Country-Code
X-Origin-Time
X-SIPLIST1
X-Req
X-UA-Device-Type
X-We-Are-Hiring
X-Thinkindot-L3
X-VG-TLSProxy
X-Uri
X-Vary-Devices
X-Varnish-Beresp-Status
X-V-Cache
X-Thinkindot-L1
Cluster
X-PAYTM-SRV-ID
X-Slack-Backend
X-PERF
X-Node-Id
X-Slack-Shared-Secret-Outcome
Host-ID
X-ApacheServer
Cache-Contol
X-Worker
IsBot
X-Moov-Xdn-Version
X-Nyt-Route
Cmsid
Cmstype
Gannett-Cam-Experience-Id
DSUID
Gh-Request-Id
CDCHOST
X-Moov-Xdn-Caching-Status
Ha-Gx-Prefs
Country-Code
X-LSADC-Cache
X-Presslabs-Stats
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-HN
X-Op-Id-All
X-Cache-Date
Pragrma
X-CacheTTL
Fastly-Backend-Name
X-Mvc-Supplant-Cachable
Sid
Fastly-GeoIP-CountryCode
X-DefElseHash
X-Men
X-Wikidot-Backend
X-Varnish-CookieHashed-On
X-Vmg-Version
X-Litespeed-Cache-Control
X-Up
X-Thanos
X-Wikidot-Static-Cache
PFcat
X-AB-Test
X-Bip
X-DefHash
X-Gamma-Serve
X-SVT-ORM-VERSION
X-Amz-Storage-Class
Origin-Site
X-Org
Content-Script-Type
X-Varnish-CookieINHashed-On
N-Cache
X-Server-IP
X-Varnish-Remaining-TTL
Content-Style-Type
Server-Host
Click-Count-Error
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Tube-Return
C-Via
Click-Count-Action-Start
We-Hiring
Machine
X-Proto
Release
Mail-Subject
X-VarnishDD-TTL
X-B3-Trace-ID
X-SB
X-Via-Fastly
X-Parent-Response-Time
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
Cdn-Host
NM-Fastcgi-Cache
X-Vercel-Cache
X-Origin-Response-Time
X-Vercel-Id
CacheControlHeader
Producers
Platform
X-Edge-Server
X-Esi-Check
X-Cache-Id
X-Proxied-Request
X-Mvc-Supplant-OutputCached
X-Dispatcher-Server
X-ElasticPress-Query
X-NMSegId
Source
X-Location
Cdn-Request-Time
X-Gzip
X-DPWN-IS-SECURE
Canary
X-Cache-FS-Status
X-Pad
X-ZONE
X-Litespeed-Tag
Fastly-Drupal-HTML
Powered-By
Debug
Product
X-TH-Server
X-Cached-By
S-Rt
X-Refresh
X-Amz-Meta-Cb-Modifiedtime
X-Cs
HA-Ipaddr
NGX
X-NGINX-Cache
X-Upstream-Ct
X-Upstream-Ht
CloudFront-Viewer-Country
Pics-Label
X-ND-Cache
X-APP
Mime-Version
Vix-Hermes-Req-Id
X-Cache-VC
X-Nananana
GeoIP-Latitude
X-Via-Popn
X-Via-Poph
Cookie
X-Ah-Environment
X-Varnish-Hits
X-Servedbyhost
X-Via-Popv
X-Cdn-Forward
X-HA-Backend
X-User
X-Datadome
Edge-Cache
X-Nginx-Cache
X-DynaTrace-JS-Agent
X-LB-ID
X-AIR-PT
GeoIp-Country-Code
Server-ID
X-Webkit-CSP
MIME-Version
X-LB-NoCache
X-GeoIP
Akamai-Mon-Iucid-Del
X-Nc
X-Wa
Surrogated-Key
HostName
X-Srv
X-Fpc
X-Request-Start
WZWS-RAY
X-Zone
X-Scheme
Resin-Trace
X-Unity-Cache
X-Debug-Service
DataCenter
X-B3-Parentspanid
X-Nginx-Cache-Key
SID
X-CS
Fastly-Drupal-Html
Server-Ext
Server-Hostname
Sever-Int
True-Client-Country-4JS
Tcn
X-NodeID
Load-Balancing
X-Pool
N1-Cache
X-Request-Host
X-RequestId
X-VCL-Version
X-Lsadc-Cache
Lb
X-Cache-Grace
X-Service-Response-Time
X-Cache-Backend
Cdn
Sm-Log-Id
Wsr-Cache
Show-Do-Not-Sell-Link
X-FORWARDED-FOR
X-B3-Spanid
X-Newrelic-Synthetics
X-Vgn-Hpd-Reason
Yak-Timeinfo
X-DataCenter
X-DynaTrace
Yjs-Id
NtCoent-Length
X-LiteSpeed-Cache-Control
X-Datacenter
X-Via-SSL
Edge-Copy-Time
X-Via-CDN
X-HOST
Traceparent
X-TX-ID
X-Via-Edge
X-Air-Trace-Id
X-Air-Source
X-NODE
X-Vc
X-Air-Hostname
X-Zen-Fury
X-RateLimit-Limit
X-Client-Ip
X-Geolocation
X-CDN-Provider
Cdn-Requestid
X-Jobs
X-API-Version
Hostname
Req-ID
X-WA
X-HubSpot-Correlation-Id
CDN
Datacenter
X-LiteSpeed-Tag
X-Udemy-Cache-App-Namespace
Serverhost
X-Fastly-Backend-Reqs
Xkeylog
X-Cdn-Srv
Xkey-La3
X-Proxy-CacheR9
XkeyR9
Uri
X-Proxy-Cache-La3
X-NC
X-ID
X-FPC
X-Powered-By-VTEX-Cache
X-Akamai-Pragma-Client-IP
X-Lb-Id
GeoIP-Country-Code
Server-Id
X-Dynatrace-Js-Agent
True-Client-IP
X-Html-Minification-Powered-By
X-VTEX-Cache-Time
WP-Super-Cache
X-VTEX-Cache-Server
A
X-TimeS
RATING
X-Stale
T-Server
ServerHost
On-Server
Geoip-Latitude
X-Ez-Minify-Js
Proxy-Firewall
X-Webkit-Csp-Report-Only
Coldstone-Viewer-Country-Region-Name
X-WA-Info
X-Swift-Error
X-Varnish-Beresp-TTL
X-ServedByHost
X-Lb-Nocache
Coldstone-Viewer-Country
Coldstone-Viewer-Currency
X-Ha-Backend
Esi-Enabled
From-Cache
Srv
X-Oracle-DMS-ECID
CountryCode
Cs
WebServer
X-Via-JSL
Cloudfront-Viewer-Country
X-VC-Age
X-Ez-Minify-Html
X-App
X-Via-PopH
X-CSRF-TOKEN
X-Via-PopN
X-Via-PopV
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Styx-Info
X-HA-Device-Type
X-MSEdge-Flight
X-HA-Application-Name
Cr
X-MSEdge-Features
X-Ssense-Gql
Pramga
X-Styx-Origin-Id
X-Ssense-Shipping-Surcharge-Enabled
X-HA-Bot-Classification
FSS-Cache
Ngx
BehaviorPad-Version
X-Fastly-Cache
X-Correlation-ID
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Shopid
X-Check-Cacheable
X-Shardid
X-Cdn-Cache-Status
X-Sorting-Hat-Shopid
X-Geo
X-Sorting-Hat-Podid
X-Web-Server
X-TIM-N
X-Var-Ttl
Content-Secure-Policy
W
X-Elasticpress-Query
X-Nitro-Cache
My-App
X-Proxy-Cache-LA2
X-Request-Time
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-X-True-TTL
X-Request-Url
X-Serial
X-Wp-Cf-Super-Cache-Active
X-Sucuri-Id
X-DC
X-ATG-Version
Cf-Ipcountry
User-Agent
Cneonction
FSS-Proxy
Cl-Cache
Xkey-G-Jp
X-Fastly-Cache-Hits
X-Ramcache
Bxpunish
Bxuuid
X-Env
Host-Name
X-Cache-TTL-Remaining
True-Client-Ip
X-Fastly-Cache-Status
X-Mg-Cache