Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Cf-Request-Id
Permissions-Policy
X-Ua-Compatible
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
X-CDN
Access-Control-Expose-Headers
Content-Encoding
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
X-Request-ID
Cf-Apo-Via
Keep-Alive
X-Turbo-Charged-By
X-Amz-Version-Id
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
Grace
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Litespeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Node
X-FTR-Request-ID
X-Device
X-Server-Id
EagleEye-TraceId
X-Cache-Lookup
X-Host
X-Country-Code
X-Backend-Server
Surrogate-Control
X-LiteSpeed-Cache
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Ruxit-JS-Agent
X-Response-Time
Cache-Tag
P3p
X-Amz-Server-Side-Encryption
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Ua-Device
X-Nginx-Upstream-Cache-Status
X-Trace
X-Nginx-Cache-Status
Service-Worker-Allowed
Request-Id
X-TraceId
Fastly-Restarts
X-Application-Context
X-Content-Type
X-Clacks-Overhead
X-Times
X-Vname
Rating
X-PC
X-TtlSet
X-Cnection
X-Midtier
X-Mcache
X-Edge
X-ESI
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Browser-Type
X-Nf-Request-Id
X-FTR-Expires
X-Country
X-Cache-TTL
Edge-Control
X-Vcap-Request-Id
Origin-Trial
Accept-Ch-Lifetime
Surrogate-Key
X-Powered-By-Plesk
X-Ac
X-Element-Page-Cache
X-NWS-LOG-UUID
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-D2id
X-Exp-Id
X-Exp-Variant
X-Abt-Application-Version
X-FastCGI-Cache
X-Oneagent-Js-Injection
Verso
X-Upstream
X-B3-TraceId
X-Mod-Pagespeed
X-ECACHE
X-ORACLE-DMS-RID
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Language
X-GitHub-Request-Id
Akamai-GRN
X-Envoy-Decorator-Operation
X-Url
X-Middleton-Response
Response
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
S
AR-PoweredBy
AR-Request-ID
AR-ATIME
Edge-Cache-Tag
X-MS-InvokeApp
X-Ruxit-Js-Agent
X-Goog-Hash
X-Resp-Is-Stale
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Kinsta-Cache
X-Distributor
X-Client-IP
X-ARC
X-Ser
SPRequestGuid
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
X-NGENIX-Cache
Access-Control-Request-Method
X-Content-Digest
X-Ezoic-Cdn
Front-End-Https
X-Shield-Request-Id
X-Ttl
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Recruiting
X-Cache-Key
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Mg-S
X-T
Public-Key-Pins
X-MSEdge-Ref
Fastcgi-Cache
TP-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-Accel-Expires
X-HS-Content-Id
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Ismobilevalue
Realpath
AR-CACHE
Cache-Tags
X-Cluster-Name
X-Cached
X-Correlation-Id
X-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-HS-Combine-CSS
X-Fastly-Request-ID
Content-MD5
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
X-DIS-Request-ID
X-RateLimit-Remaining
X-GUploader-UploadID
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-HS-CF-Cache-Status
X-HS-Prerendered
X-Azure-Ref
YJS-ID
X-Server-Name
Content-Disposition
Ar-SID
X-Xrds-Location
X-Amz-Replication-Status
X-Webkit-Csp
Count-Hit
X-Ratelimit-Remaining
X-Request-Device-Id
X-TTL
X-Px
X-CST
X-Origin-Server
X-Unique-Id
X-Ratelimit-Reset
X-Page-Id
Cross-Origin-Embedder-Policy
Cleartype
X-FB-Debug
X-SRCache-Fetch-Status
Accept-Charset
X-SRCache-Store-Status
Cross-Origin-Resource-Policy
X-Logged-In
X-VARITI-CCR
X-Rid
X-SERVER-NAME
X-Protected-By
X-COUNTRY
X-Proxy
X-Activity-Id
X-Az
X-Git-Hash
X-AppVersion
X-Amz-Meta-S3cmd-Attrs
X-Microsite
X-Request-Handler-Origin-Region
X-Www-Served-By
X-LLID
MicrosoftSharePointTeamServices
X-Load-Cache
X-Goog-Metageneration
X-ORACLE-DMS-ECID
X-Template
Version
X-Varnish-Backend
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hits
X-Geo-Country
X-Meli-Trace-Site
X-Meli-Trace-Platform
X-Forwarded-Proto
X-Meli-Trace-Bu
Server-Node
X-Upgrade-Enabled
Server-Name
X-PressLabs-Stats
X-Hostname
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-B3-Sampled
X-Content-Options
X-Varnish-Grace
Section-Io-Cache
Viewport
X-WebKit-CSP-Report-Only
Mrf-Cache-Status
X-App-Server
X-TT
X-Frontend
X-Grace
X-Fb-Rlafr
MRF-Tech
X-B3-TraceId-Primal
X-Device-Type
Fastly-SWR
Fastly-SIE
Access-Control-Allow-Method
X-B
X-Varnish-Server
Alternate-Protocol
Healthy
X-Status
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Request-Guid
X-Goog-Stored-Content-Length
Upgrade-Insecure-Requests
DC
TCN
X-Magnolia-Registration
Host
X-EdgeConnect-Cache-Status
X-Contextid
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-URL
X-Cache-Age
Retry-After
X-Tt-Trace-Tag
X-Tt-Trace-Host
AKAMAI-GRN
X-Buckets
MS-Author-Via
X-Cache-Control
X-Debug
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Ecid
X-App-Version
X-Revision
X-Type
Frame-Options
X-Tec-Api-Origin
X-Tec-Api-Version
X-Varnish-Ttl
X-Tec-Api-Root
SD-X-WS
X-Instance
X-Seen-By
X-Original-Request-Id
X-Backend-Name
X-Response-Served-From
X-Akamai-Edgescape
X-Origin-CC
X-Adobe-Loc
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
X-Cache-Status-Check
X-INCAP-ABP
X-Requestid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Cross-Origin-Embedder-Policy-Report-Only
X-Yottaa-Optimizations
X-Hl-Ver
X-Vcl-Version
X-NYM-Debug-Backend
X-Tumblr-Pixel-1
X-ProcessESI
X-UUID
X-RemovedCookies
X-Rendered-As
X-Origin-TTL
X-WP-CF-Super-Cache-Cache-Control
X-Yottaa-Metrics
X-Tumblr-User
X-N
X-WP-CF-Super-Cache
X-Is-Bot
X-Akamai-Request-ID2
Section-Io-Id
X-ServerID
X-Framework
X-G
X-Mg-Request-UUID
Access-Control-Request-Headers
X-Lambda-Id
X-Debug-IsPreview
X-Trace-Id
X-Debug-IsConnected
X-Content-Powered-By
Charset
X-RM-Cache-TTL
Ms-Operation-Id
X-Server-W
X-Storage
X-Mobile
X-RTag
MS-CV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AB
NGB
X-Dc
X-Request-Site
Webserver
X-Request-Platform
X-Request-Bu
Filterid
Cache
X-Fastcgi-Cache
Accept-Language
X-DataDome
X-Cache-Hit
X-Cache-Time
X-B3-SpanId
Refresh
X-Time
SRV
Paypal-Debug-Id
X-Region
X-Ms-Version
X-VC-Cache
X-Ms-Request-Id
Onion-Location
X-Node-Name
X-Real-IP
X-User-Agent
X-HITS
X-F-Cache
Priority
X-Yandex-Req-Id
AR-SID
CDN-RequestId
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-IPS-LoggedIn
Liferay-Portal
X-Pass-Why
Protected
Xet-Cookie
X-Wormhole-Sdk
X-Rocket-Nginx-Serving-Static
X-HTML-Minification-Powered-By
X-LB-Cache
X-Environment-Context
X-Mode
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-NF-Request-ID
X-Whom
X-Datadog-Parent-Id
GEO-INFO
X-L-Path
X-Datadog-Sampled
Backend
YJS-CacheStatus
X-Service
X-Drupal-Cache-Tags
Country
X-Handled-By
X-Rule
X-WP-CF-Super-Cache-Active
X-Tb
OT-Force-Account-Verify
X-Servername
Meta-Geo
X-Geo-Region
X-IPLB-Request-ID
X-IPLB-Instance
Property-Id
X-Is-Tablet
ServerID
X-Adobe-Source
X-JoinUs
ServedBy
X-Browser-Name
X-Extlb
TWC-GeoIP-City
X-FB-TRIP-ID
X-Is-Desktop
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Detected-As
X-SaId
X-Varnish-Beresp-Grace
X-App-Environment
X-Is-Modern-Browser
X-Vcache
X-Cloudmap
TWC-GeoIP-DMA
X-Wix-Request-Id
Web-Mar-Node
X-UPSTREAM-Address
Webcakes-Region
X-Origin-Hint
X-Is-Supported-Browser
X-Proxied
Filters
Webcakes-App-Name
Webcakes-App-Version
X-Zipkin-Id
X-Origin-Date
TWC-Privacy
Url
X-Tcp-Rtt
X-Is-Mobile
X-Loop
TWC-GeoIP-LatLong
TWC-GeoIP-Region
TWC-Locale-Group
X-XRDS-Location
X-Tncms
X-Proxy-Cache-Info
X-Routing-Service
X-Rewrite-Enabled
X-Rn-Rsrv
X-MP-GENERATED-AT
DB-Nickname
X-Cache-Host
X-Director
Atl-Traceid
X-Format
X-Cdn-Origin
X-Cms-Context
Expiry
X-Cluster-Node
X-Connection-Hash
X-Fetched-On
X-Soup
X-Restarts
X-Redis-Cache
Uber-Trace-Id
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Tumblr-Pixel-2
X-Web-Node
X-ProxyCache-Key
X-ProxyCache-Status
X-Tumblr-Pixel-3
X-Cacheable-TTL
X-Forwarded-Host
X-Cluster
X-Generation-Time
X-BYPASS-REASON
X-Cache-Action
Mn-Server-Ip
X-Hit
X-Hosted-By
X-Skip-Cache
X-Shopify-Stage
X-Httpd
X-Locale
X-Logging-Id
Locale
X-SayCDN-TTL
X-Say-TTL
X-Urbn-Context-Path
X-FW-Version
X-FW-Type
X-Scope-Id
X-RCS-CacheZone
X-RateLimit-Limit-Second
X-Urbn-Site-Id
X-RateLimit-Remaining-Second
X-ECache
X-FW-Static
X-Say-Cacheable
Environment
Apigw-Requestid
X-FW-Server
X-Edge-Location
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-PHP-Host
X-Debug-Info
X-Auth-Group-Type
X-Labrador-Cache-Channel
X-Proxy-Build
X-Timing-Wait
X-Endurance-Cache-Level
X-Served-From
Selected-Fe
X-S
X-Drupal-Cache-Contexts
Fastcgi-Useragent
Cache-Hits
X-VC
X-VCT
LB
X-Origin-Cache
X-Origin
X-Provided-By
X-Cache-Debug
X-Is-Mobile-Only
X-Mly-Id
X-Server-ID
X-R9-Blue-Green-Version
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-No-Session
X-ShardId
X-GEO
X-Presslabs-Stats
X-NewRelic-App-Data
X-Api-Version
X-Platform
Front
Node
Xserver
X-CLOUD-TRACE-CONTEXT
X-Varnish-Age
X-CDN-Forward
X-Varnish-Cache-Hits
X-CDN-Cache-Status
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Tv-Group
X-Generated-By
WPO-Cache-Status
X-SRV
X-UA
Countrycode
X-Varnish-Beresp-Ttl
Referer-Policy
X-Signature
X-Ua
X-NWS-UUID-VERIFY
X-Fastly-Request-Id
X-B3-Traceid
X-B-Cache
X-Webstats-RespID
X-Optimistic-Header
X-Site-Version
X-CACHE-AGE
From-Origin
X-Azure-Ref-OriginShield
X-Tt-Logid
Cache-Provider
AMP-Access-Control-Allow-Source-Origin
X-Accel-Version
Request-ID
X-VC-TTL
X-Cache-Operation
X-Cache-Rule
Location
X-PHP-Backend
X-Source
X-Worker
X-IsAdmin
X-TA-CDN-Provider
X-Xfnlog-Site
CF-IPCountry
X-Auto-Login
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
X-LJ-Flow-ID
Source
X-Tx-Id
X-VWS-Id
X-AWS-Id
X-Reqid
Xc-Version
X-From
Fastly-SSL
X-Vtex-Remote-Cache
Fl-Custom-Application
X-CGP
X-Forwarded-Site
X-ScT
Expect-Staple
X-FC-Vary-Parameters
X-HS-Content-Campaign-Id
X-Fmm-Version
S-Rt
X-Cache-NE
X-Bl-Debug
Ha-Gx-Prefs
IsBot
X-GeoCode
X-GeoCountry
X-Bug-Bounty
X-GeoIP-City
Gh-Request-Id
X-Hash
L5d-Success-Class
Lang
X-Cache-Aspx
Apple-News-Services-Handled
X-Viewer-Country
Host-ID
Apple-News-Services-Parsed-Url
CDN-RequestPullSuccess
CDN-Uid
Cdncip
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-Destination
Cdnsip
X-Depends
X-Content-Age
X-Core-Value
X-D
DCR-Decision-By
DCR-Processing-Time-Ms
X-Contensis-Viewer-Groups
Cluster
X-Developer
CDN-EdgeStorageId
X-Clientip
X-Ee-Request-Id
X-Ee-Request-Date
X-Eu-Site
X-External-Request-Id
Log-Origin
Apple-News-Services-Request-Url
X-Ee-Origin
X-Ee-Generated-By
X-Conf
CDN-Cache
CDN-CachedAt
Candidate-Md5Url
X-Cms-Device
X-Ec-GeoHdr
X-Ec-Fail
Apple-News-Services-Host
X-Ig-Push-State
X-Policy
X-PERF
X-PAYTM-SRV-ID
X-Slack-Shared-Secret-Outcome
X-A
Time-Cloud-Cache
X-Pubstack
X-A-Ccd
X-A-Dam
X-A-Dgt
X-Origin-Expires
X-Org
X-A-Dcw
Sslversion
X-SRCache-Key
Store-Cloud-Cache
Wxu-Next-Region
X-Slack-Backend
X-Rojux
X-Rocket-Build-Number
X-Request-URI
X-S-Cookie
X-Save-Cache
Web-Mar-Region
Wxu-Next-Commit
X-SD-PageType
X-Section
X-SIPLIST1
X-NGINX-Cache
X-Req
X-Sigma-Backend
Wxu-Next-Hostname
X-Sigma
X-A-Wwc
RNT-Time
X-Vdms-Version
X-Loc
X-B-Cookie
X-Vary-Devices
Odigeo-Trace-Id
Origin
X-Application
Ngx.Var.Host
N-Cache
X-Csrf-Jwt
X-Ig-Origin-Region
X-BCube-Filmed-By
MD5-Digest
WPO-Cache-Message
Meta-Geo-Continent
X-VG-TLSProxy
X-Micro-Cache
X-ApacheServer
X-Node-Id
X-Varnish-Authentication
Rendered-Blocks
X-Access
X-Old-Content-Length
RNT-Machine
X-V-Cache
X-Varnish-Beresp-Status
X-Action
X-Varnish-Hostname
X-AK-Request-ID
Pragrma
X-Aed
Redirect-Candidate
X-Varnish-Director
X-VG-WebCache
Origin-Agent-Cluster
X-Litespeed-Cache-Control
X-Varnish-CookieINHashed-On
X-Mvc-Supplant-Cachable
X-Aicache-OS
X-Varnish-CookieHashed-On
X-NMSegId
X-Nyt-Route
X-Acquia-Purge-Cdn-Unconfigured
X-Moov-Xdn-Version
X-CUA
X-Varnish-Remaining-TTL
X-Men
X-VarnishDD-TTL
X-App-Name
X-Moov-T
X-Accel-Expires-Debug
X-Amz-Storage-Class
X-Moov-Xdn-Caching-Status
X-AB-Test
X-Region-Sid
X-Proto
X-Path
X-Render-Time
X-Shield-Cache-Expires
We-Hiring
X-SB
X-Sn-Servicetimems
X-Thinkindot-L1
X-Op-Id-All
X-Uri
X-Up
X-Origin-Time
X-Thinkindot-L3
X-UA-Device-Type
X-Level-Front-Cache
X-Backend-Instance
X-We-Are-Hiring
X-CacheTTL
Powered-By
X-Gamma-Serve
X-Gdpr
X-Vmg-Version
X-Cache-Date
X-Fastly-Backend
X-Epic-Correlation-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Content-Length
X-DefElseHash
X-DefHash
X-Ec-Custom-Error
X-Dispatcher-Server
X-Gen-Mode
X-Generated-On
X-Ion-Healthy
X-Internal-TTL
V-Age
X-Ion-Hop
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-Jungle-Id
X-Human
X-Via-Fastly
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Block-Status
X-GoCache-CacheStatus
X-Hnp-Log
X-HN
X-Date
X-Akamai-Device-Characteristics
DSUID
Country-Code
Content-Style-Type
Cmstype
Gannett-Cam-Experience-Id
L
Origin-CC
Nord-Request-ID
NM-Fastcgi-Cache
Mail-Subject
Cmsid
CDCHOST
Azure-InstanceId
User-Cache-Control
X-Upstream-Ht
X-Upstream-Ct
Azure-RegionName
Azure-SiteName
Canary
Cache-Contol
Azure-Version
Azure-SlotName
Origin-EX
Content-Script-Type
PFcat
Release
Thinkindot-CacheControl
Req-Svc-Chain
ServerName
RewriteTeamHook
Origin-Site
RewriteTestHook
Thinkindot-CacheControl-Type
TDXMobile
Server-Host
X-Client-Ip
X-Frame-Option
Click-Count-Action-Start
Click-Count-Error
C-Via
X-Edge-Server
Cdn-Host
Cdn-Request-Time
CacheControlHeader
Tube-Get-Contents
Sid
X-Mvc-Supplant-OutputCached
X-Gzip
X-Location
Tube-Return
Tube-Got-Results
X-Proxied-Request
X-FORWARDED-FOR
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Air-Pt
Tube-Got-Eval
X-Sucuri-ID
X-Esi-Check
X-DPWN-IS-SECURE
X-Cache-FS-Status
X-Wikidot-Static-Cache
X-Wikidot-Backend
Vix-Hermes-Req-Id
Fastly-GeoIP-CountryCode
Machine
XM
X-B3-Trace-ID
X-Server-IP
Platform
Producers
X-Bip
X-Cache-Id
Fastly-Backend-Name
X-Thanos
X-Cs
X-Vercel-Id
X-Vercel-Cache
X-TT-LOGID
X-Parent-Response-Time
X-LSADC-Cache
X-Origin-Response-Time
Pics-Label
X-ElasticPress-Query
X-ND-Cache
X-Pad
NGX
Fastly-Drupal-HTML
Mime-Version
Debug
CloudFront-Viewer-Country
X-Varnish-Hits
X-Nananana
X-Datadome
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Refresh
X-APP
X-ZONE
X-Cached-By
X-HA-Backend
GeoIp-Country-Code
X-TH-Server
X-AIR-PT
Product
Cookie
HA-Ipaddr
X-DynaTrace-JS-Agent
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
GeoIP-Latitude
X-Litespeed-Tag
X-Zone
Server-ID
X-Debug-Service
X-Nginx-Cache-Key
X-Cache-VC
X-Srv
Load-Balancing
X-Webkit-CSP
X-Cdn-Forward
Sever-Int
True-Client-Country-4JS
X-User
Edge-Cache
X-GeoIP
Server-Ext
Server-Hostname
X-Wa
X-LB-ID
X-B3-Parentspanid
WZWS-RAY
MIME-Version
HostName
X-Fpc
DataCenter
Fastly-Drupal-Html
Show-Do-Not-Sell-Link
X-Nc
Tcn
X-Unity-Cache
Cdn
X-Cache-Backend
Traceparent
X-Newrelic-Synthetics
SID
Akamai-Mon-Iucid-Del
Resin-Trace
X-RateLimit-Limit
X-LB-NoCache
X-Lsadc-Cache
Lb
X-Vc
X-Ez-Minify-Html
X-Scheme
X-Request-Start
X-VCL-Version
Wsr-Cache
Surrogated-Key
X-Nginx-Cache
X-B3-Spanid
X-TX-ID
X-Pool
Yjs-Id
X-CDN-Provider
Sm-Log-Id
X-Service-Response-Time
X-CS
X-NodeID
XkeyR9
Xkey-La3
Xkeylog
X-Proxy-CacheR9
Serverhost
X-Request-Host
X-Proxy-Cache-La3
X-Datacenter
NtCoent-Length
X-HOST
X-RequestId
CountryCode
X-WA
X-Cache-Grace
A
X-Vgn-Hpd-Reason
Hostname
X-HubSpot-Correlation-Id
X-LiteSpeed-Tag
X-Udemy-Cache-App-Namespace
CDN
N1-Cache
X-FPC
X-API-Version
Cs
X-NC
X-Akamai-Pragma-Client-IP
Yak-Timeinfo
X-DynaTrace
X-LiteSpeed-Cache-Control
X-DataCenter
Cdn-Requestid
Datacenter
X-Lb-Id
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Esi-Enabled
Server-Id
X-Fastly-Backend-Reqs
X-ID
X-Dynatrace-Js-Agent
Uri
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-VC-Age
X-Via-JSL
Geoip-Latitude
X-Geolocation
X-Jobs
X-Html-Minification-Powered-By
X-Stale
X-Zen-Fury
X-Varnish-Beresp-TTL
Pramga
T-Server
X-HA-Application-Name
X-HA-Bot-Classification
Cr
Req-ID
GeoIP-Country-Code
X-Styx-Info
X-ServedByHost
Proxy-Firewall
X-Styx-Origin-Id
True-Client-IP
X-Srcache-Fetch-Status
ServerHost
RATING
X-Srcache-Store-Status
X-Ez-Minify-Js
X-HA-Device-Type
X-AC
X-TimeS
Cloudfront-Viewer-Country
X-Var-Ttl
Srv
X-TIM-N
On-Server
X-Cdn-Srv
X-Lb-Nocache
X-Swift-Error
From-Cache
Content-Secure-Policy
WP-Super-Cache
X-Oracle-DMS-ECID
X-MSEdge-Features
W
X-MSEdge-Flight
X-Powered-By-VTEX-Cache
X-CSRF-TOKEN
X-CACHE-KEY
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Ha-Backend
X-App
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Proxy-Cache-LA2
X-Via-PopN
X-Fastly-Cache
X-Ramcache
X-Correlation-ID
FSS-Cache
X-Via-PopH
X-Via-PopV
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Cdn-Cache-Status
X-Geo
X-Elasticpress-Query
Ngx
Cl-Cache
X-Web-Server
X-Sucuri-Id
X-Sorting-Hat-Shopid
Coldstone-Viewer-Country-Region-Name
X-Check-Cacheable
CF-Cached-On
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
X-WA-Info
X-Sorting-Hat-Podid
X-Webkit-Csp-Report-Only
X-Shardid
X-Shopid
Ohc-File-Size
X-Key
X-DC
Ohc-Cache-HIT
WebServer
Akamai-X-True-TTL
X-ATG-Version
X-Th-Server
X-VServer
X-Serial
Cf-Ipcountry
X-PageType
Xkey-G-Jp
Warning
URI
Host-Name
FSS-Proxy
X-Mg-Cache
X-Fastly-Cache-Status
Cneonction
X-Request-Url
User-Agent
BehaviorPad-Version
X-Fastly-Cache-Hits
X-Env