Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Cf-Request-Id
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
X-CDN
Access-Control-Expose-Headers
Content-Encoding
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
X-Request-ID
Cf-Apo-Via
Keep-Alive
X-Turbo-Charged-By
X-Amz-Version-Id
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
Grace
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Litespeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Node
X-FTR-Request-ID
X-Device
X-Server-Id
EagleEye-TraceId
X-Cache-Lookup
X-Host
X-Country-Code
X-Backend-Server
Surrogate-Control
X-LiteSpeed-Cache
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Ruxit-JS-Agent
X-Response-Time
Cache-Tag
P3p
X-Amz-Server-Side-Encryption
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Ua-Device
X-Nginx-Upstream-Cache-Status
X-Trace
X-Nginx-Cache-Status
Service-Worker-Allowed
Request-Id
X-TraceId
Fastly-Restarts
X-Application-Context
X-Content-Type
X-Clacks-Overhead
X-Times
X-Vname
Rating
X-PC
X-TtlSet
X-Cnection
X-Midtier
X-Mcache
X-Edge
X-ESI
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Browser-Type
X-Nf-Request-Id
X-FTR-Expires
X-Country
X-Cache-TTL
Edge-Control
X-Vcap-Request-Id
Origin-Trial
Accept-Ch-Lifetime
Surrogate-Key
X-Powered-By-Plesk
X-Ac
X-Element-Page-Cache
X-NWS-LOG-UUID
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-D2id
X-Exp-Id
X-Exp-Variant
X-Abt-Application-Version
X-FastCGI-Cache
X-Oneagent-Js-Injection
Verso
X-Upstream
X-B3-TraceId
X-Mod-Pagespeed
X-ECACHE
X-ORACLE-DMS-RID
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Language
X-GitHub-Request-Id
Akamai-GRN
X-Envoy-Decorator-Operation
X-Url
X-Middleton-Response
Response
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
S
AR-PoweredBy
AR-Request-ID
AR-ATIME
Edge-Cache-Tag
X-MS-InvokeApp
X-Ruxit-Js-Agent
X-Goog-Hash
X-Resp-Is-Stale
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Kinsta-Cache
X-Distributor
X-Client-IP
X-ARC
X-Ser
SPRequestGuid
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
X-NGENIX-Cache
Access-Control-Request-Method
X-Content-Digest
X-Ezoic-Cdn
Front-End-Https
X-Shield-Request-Id
X-Ttl
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Recruiting
X-Cache-Key
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Mg-S
X-T
Public-Key-Pins
X-MSEdge-Ref
Fastcgi-Cache
TP-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-Accel-Expires
X-HS-Content-Id
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Ismobilevalue
Realpath
AR-CACHE
Cache-Tags
X-Cluster-Name
X-Cached
X-Correlation-Id
X-Id
X-Forwarded-For
X-Content-Security-Policy-Report-Only
X-HS-Combine-CSS
X-Fastly-Request-ID
Content-MD5
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Newrelic-App-Data
X-DIS-Request-ID
X-RateLimit-Remaining
X-GUploader-UploadID
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-HS-CF-Cache-Status
X-HS-Prerendered
X-Azure-Ref
YJS-ID
X-Server-Name
Content-Disposition
Ar-SID
X-Xrds-Location
X-Amz-Replication-Status
X-Webkit-Csp
Count-Hit
X-Ratelimit-Remaining
X-Request-Device-Id
X-TTL
X-Px
X-CST
X-Origin-Server
X-Unique-Id
Cleartype
X-Ratelimit-Reset
Cross-Origin-Embedder-Policy
X-Page-Id
X-FB-Debug
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Cross-Origin-Resource-Policy
X-Logged-In
X-VARITI-CCR
X-Rid
X-SERVER-NAME
X-COUNTRY
Accept-Charset
X-Protected-By
X-Activity-Id
X-Git-Hash
X-Az
X-Proxy
X-AppVersion
X-Amz-Meta-S3cmd-Attrs
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-LLID
MicrosoftSharePointTeamServices
X-Load-Cache
X-Goog-Metageneration
X-ORACLE-DMS-ECID
X-Template
Version
X-Varnish-Backend
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hits
X-Geo-Country
X-Meli-Trace-Site
X-Meli-Trace-Platform
X-Forwarded-Proto
X-Meli-Trace-Bu
Server-Node
X-Upgrade-Enabled
Server-Name
X-PressLabs-Stats
X-Hostname
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-B3-Sampled
X-Content-Options
X-Varnish-Grace
Section-Io-Cache
Viewport
X-WebKit-CSP-Report-Only
Mrf-Cache-Status
X-App-Server
X-TT
X-Frontend
X-Grace
X-Fb-Rlafr
MRF-Tech
X-B3-TraceId-Primal
X-Device-Type
Fastly-SWR
Fastly-SIE
Access-Control-Allow-Method
X-B
X-Varnish-Server
Alternate-Protocol
Healthy
X-Status
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Request-Guid
X-Goog-Stored-Content-Length
Upgrade-Insecure-Requests
DC
TCN
X-Magnolia-Registration
Host
X-EdgeConnect-Cache-Status
X-Contextid
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-URL
X-Cache-Age
Retry-After
X-Tt-Trace-Tag
X-Tt-Trace-Host
AKAMAI-GRN
X-Buckets
MS-Author-Via
X-Cache-Control
X-Debug
Amp-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Ecid
X-App-Version
X-Revision
X-Type
Frame-Options
X-Tec-Api-Origin
X-Tec-Api-Version
X-Varnish-Ttl
X-Tec-Api-Root
SD-X-WS
X-Instance
X-Seen-By
X-Original-Request-Id
X-Backend-Name
X-Response-Served-From
X-Akamai-Edgescape
X-Origin-CC
X-Adobe-Loc
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
X-Cache-Status-Check
X-INCAP-ABP
X-Requestid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Cross-Origin-Embedder-Policy-Report-Only
X-Yottaa-Optimizations
X-Hl-Ver
X-Vcl-Version
X-NYM-Debug-Backend
X-Tumblr-Pixel-1
X-ProcessESI
X-UUID
X-RemovedCookies
X-Rendered-As
X-Origin-TTL
X-WP-CF-Super-Cache-Cache-Control
X-Yottaa-Metrics
X-Tumblr-User
X-N
X-WP-CF-Super-Cache
X-Is-Bot
X-Akamai-Request-ID2
Section-Io-Id
X-ServerID
X-Framework
X-G
X-Mg-Request-UUID
Access-Control-Request-Headers
X-Lambda-Id
X-Debug-IsPreview
X-Trace-Id
X-Debug-IsConnected
X-Content-Powered-By
Charset
X-RM-Cache-TTL
Ms-Operation-Id
X-Server-W
X-Storage
X-Mobile
X-RTag
MS-CV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AB
NGB
X-Dc
X-Request-Site
Webserver
X-Request-Platform
X-Request-Bu
Filterid
Cache
X-Fastcgi-Cache
Accept-Language
X-DataDome
X-Cache-Hit
X-Cache-Time
X-B3-SpanId
Refresh
X-Time
SRV
Paypal-Debug-Id
X-Region
X-Ms-Version
X-VC-Cache
X-Ms-Request-Id
Onion-Location
X-Node-Name
X-Real-IP
X-User-Agent
X-HITS
X-F-Cache
Priority
X-Yandex-Req-Id
AR-SID
CDN-RequestId
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-IPS-LoggedIn
Liferay-Portal
X-Pass-Why
Protected
Xet-Cookie
X-Wormhole-Sdk
X-Rocket-Nginx-Serving-Static
X-HTML-Minification-Powered-By
X-LB-Cache
X-Environment-Context
X-Mode
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-NF-Request-ID
X-Whom
X-Datadog-Parent-Id
GEO-INFO
X-L-Path
X-Datadog-Sampled
Backend
YJS-CacheStatus
X-Service
X-Drupal-Cache-Tags
Country
X-Handled-By
X-Rule
X-WP-CF-Super-Cache-Active
X-Tb
OT-Force-Account-Verify
X-Servername
Meta-Geo
X-Geo-Region
X-IPLB-Request-ID
X-IPLB-Instance
Property-Id
X-Is-Tablet
ServerID
X-Adobe-Source
X-JoinUs
ServedBy
X-Browser-Name
X-Extlb
TWC-GeoIP-City
X-FB-TRIP-ID
X-Is-Desktop
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Detected-As
X-SaId
X-Varnish-Beresp-Grace
X-App-Environment
X-Is-Modern-Browser
X-Vcache
X-Cloudmap
TWC-GeoIP-DMA
X-Wix-Request-Id
Web-Mar-Node
X-UPSTREAM-Address
Webcakes-Region
X-Origin-Hint
X-Is-Supported-Browser
X-Proxied
Filters
Webcakes-App-Name
Webcakes-App-Version
X-Zipkin-Id
X-Origin-Date
TWC-Privacy
Url
X-Tcp-Rtt
X-Is-Mobile
X-Loop
TWC-GeoIP-LatLong
TWC-GeoIP-Region
TWC-Locale-Group
X-XRDS-Location
X-Tncms
X-Proxy-Cache-Info
X-Routing-Service
X-Rewrite-Enabled
X-Rn-Rsrv
X-MP-GENERATED-AT
DB-Nickname
X-Cache-Host
X-Director
Atl-Traceid
X-Format
X-Cdn-Origin
X-Cms-Context
Expiry
X-Cluster-Node
X-Connection-Hash
X-Fetched-On
X-Soup
X-Restarts
X-Redis-Cache
Uber-Trace-Id
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Tumblr-Pixel-2
X-Web-Node
X-ProxyCache-Key
X-ProxyCache-Status
X-Tumblr-Pixel-3
X-Cacheable-TTL
X-Forwarded-Host
X-Cluster
X-Generation-Time
X-BYPASS-REASON
X-Cache-Action
Mn-Server-Ip
X-Hit
X-Hosted-By
X-Skip-Cache
X-Shopify-Stage
X-Httpd
X-Locale
X-Logging-Id
Locale
X-SayCDN-TTL
X-Say-TTL
X-Urbn-Context-Path
X-FW-Version
X-FW-Type
X-Scope-Id
X-RCS-CacheZone
X-RateLimit-Limit-Second
X-Urbn-Site-Id
X-RateLimit-Remaining-Second
X-ECache
X-FW-Static
X-Say-Cacheable
Environment
Apigw-Requestid
X-FW-Server
X-Edge-Location
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-PHP-Host
X-Debug-Info
X-Auth-Group-Type
X-Labrador-Cache-Channel
X-Proxy-Build
X-Timing-Wait
X-Endurance-Cache-Level
X-Served-From
Selected-Fe
X-S
X-Drupal-Cache-Contexts
Fastcgi-Useragent
Cache-Hits
X-VC
X-VCT
LB
X-Origin-Cache
X-Origin
X-Provided-By
X-Cache-Debug
X-Is-Mobile-Only
X-Mly-Id
X-Server-ID
X-R9-Blue-Green-Version
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-No-Session
X-ShardId
X-GEO
X-Presslabs-Stats
X-NewRelic-App-Data
X-Api-Version
X-Platform
Front
Node
Xserver
X-CLOUD-TRACE-CONTEXT
X-Varnish-Age
X-CDN-Forward
X-Varnish-Cache-Hits
X-CDN-Cache-Status
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Tv-Group
X-Generated-By
WPO-Cache-Status
X-SRV
X-UA
Countrycode
X-Varnish-Beresp-Ttl
Referer-Policy
X-Signature
X-Ua
X-NWS-UUID-VERIFY
X-Fastly-Request-Id
X-B3-Traceid
X-B-Cache
X-Webstats-RespID
X-Optimistic-Header
X-Site-Version
X-CACHE-AGE
From-Origin
X-Azure-Ref-OriginShield
X-Tt-Logid
Cache-Provider
AMP-Access-Control-Allow-Source-Origin
X-Accel-Version
Request-ID
X-VC-TTL
X-Cache-Operation
X-Cache-Rule
Location
X-PHP-Backend
X-Source
X-Worker
X-IsAdmin
X-TA-CDN-Provider
X-Xfnlog-Site
CF-IPCountry
X-Auto-Login
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
X-LJ-Flow-ID
Source
X-Tx-Id
X-VWS-Id
X-AWS-Id
X-Reqid
X-CGP
Xc-Version
X-Vtex-Remote-Cache
X-Cache-NE
X-BCube-Filmed-By
Fl-Custom-Application
X-From
Expect-Staple
X-FC-Vary-Parameters
X-ScT
Lang
S-Rt
X-Fmm-Version
X-Forwarded-Site
X-HS-Content-Campaign-Id
X-GeoCode
X-Hash
X-GeoCountry
X-GeoIP-City
Host-ID
Ha-Gx-Prefs
Gh-Request-Id
IsBot
L5d-Success-Class
X-Cache-Aspx
X-Viewer-Country
X-Clientip
X-Bug-Bounty
X-Bl-Debug
Apple-News-Services-Host
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
X-Destination
X-Developer
CDN-PullZone
Cdncip
Cdnsip
X-Content-Age
X-Core-Value
X-Csrf-Jwt
DCR-Decision-By
Cluster
X-Depends
DCR-Processing-Time-Ms
CDN-EdgeStorageId
CDN-CachedAt
X-Eu-Site
X-Cms-Device
X-Ee-Request-Id
X-External-Request-Id
Apple-News-Services-Request-Url
X-VG-WebCache
Apple-News-Services-Parsed-Url
X-Ee-Request-Date
X-Ee-Origin
Candidate-Md5Url
X-Contensis-Viewer-Groups
CDN-Cache
X-Conf
X-Ec-Fail
X-Ee-Generated-By
X-Ec-GeoHdr
Apple-News-Services-Handled
MD5-Digest
X-Policy
X-PERF
X-PAYTM-SRV-ID
X-Slack-Shared-Secret-Outcome
X-A
Wxu-Next-Region
X-Pubstack
X-A-Ccd
Store-Cloud-Cache
X-A-Dgt
X-Origin-Expires
X-Org
X-A-Dcw
X-A-Dam
X-SRCache-Key
Sslversion
Time-Cloud-Cache
X-Slack-Backend
X-Rojux
X-Rocket-Build-Number
X-Request-URI
X-S-Cookie
X-Save-Cache
Web-Mar-Region
Wxu-Next-Commit
X-SD-PageType
X-Section
X-SIPLIST1
X-NGINX-Cache
X-Req
X-Sigma-Backend
Wxu-Next-Hostname
X-Sigma
RNT-Time
RNT-Machine
X-Vdms-Version
X-Loc
X-B-Cookie
X-Vary-Devices
X-Application
Origin
Odigeo-Trace-Id
Ngx.Var.Host
N-Cache
X-Ig-Push-State
X-Ig-Origin-Region
X-D
WPO-Cache-Message
Meta-Geo-Continent
X-VG-TLSProxy
X-Micro-Cache
X-ApacheServer
X-Node-Id
X-Varnish-Authentication
Rendered-Blocks
X-Access
X-Old-Content-Length
X-A-Wwc
X-V-Cache
X-Varnish-Beresp-Status
Redirect-Candidate
X-Varnish-Hostname
X-AK-Request-ID
Pragrma
X-Aed
X-Action
X-Varnish-Director
Log-Origin
Origin-Agent-Cluster
X-Litespeed-Cache-Control
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Mvc-Supplant-Cachable
X-Acquia-Purge-Cdn-Unconfigured
X-Moov-Xdn-Version
X-Nyt-Route
X-NMSegId
X-Accel-Expires-Debug
X-Moov-Xdn-Caching-Status
X-Varnish-Remaining-TTL
X-App-Name
X-Men
X-Moov-T
X-Amz-Storage-Class
X-AB-Test
X-CUA
X-Aicache-OS
X-Uri
X-Render-Time
X-Region-Sid
X-Proto
X-Shield-Cache-Expires
X-SB
V-Age
We-Hiring
X-Path
X-Sn-Servicetimems
X-Up
X-Op-Id-All
X-Origin-Time
X-UA-Device-Type
X-Thinkindot-L1
X-Thinkindot-L3
X-VarnishDD-TTL
X-Level-Front-Cache
X-CacheTTL
X-We-Are-Hiring
Powered-By
X-Gamma-Serve
X-Gdpr
X-Vmg-Version
X-Cache-Date
X-Fastly-Backend
X-Epic-Correlation-Id
X-Debug-Cache-Store
X-Content-Length
X-Debug-Cache-Fetch
X-DefElseHash
X-DefHash
X-Ec-Custom-Error
X-Dispatcher-Server
X-Gen-Mode
X-Generated-On
X-Ion-Healthy
X-Internal-TTL
X-Bc-Bl
X-Ion-Hop
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Jungle-Id
User-Cache-Control
X-Human
X-GeoIP-Region-Code
X-Block-Status
X-GeoIP-Country-Code
X-GoCache-CacheStatus
X-HN
X-Via-Fastly
X-Hnp-Log
X-Date
X-Akamai-Device-Characteristics
DSUID
Country-Code
Content-Style-Type
Cmstype
Fastly-SSL
Gannett-Cam-Experience-Id
Nord-Request-ID
NM-Fastcgi-Cache
Mail-Subject
L
Cmsid
CDCHOST
Azure-RegionName
Azure-InstanceId
X-Upstream-Ht
X-Upstream-Ct
Azure-SiteName
Azure-SlotName
Canary
Cache-Contol
Azure-Version
Origin-CC
Content-Script-Type
RewriteTestHook
RewriteTeamHook
Req-Svc-Chain
Origin-EX
ServerName
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
Release
Server-Host
Origin-Site
PFcat
X-Frame-Option
X-Client-Ip
Vix-Hermes-Req-Id
X-Bip
X-Esi-Check
Cdn-Host
C-Via
X-Edge-Server
CacheControlHeader
Machine
Tube-Get-Contents
Platform
X-DPWN-IS-SECURE
X-SVT-ORM-VERSION
X-Gzip
Sid
X-Location
Tube-Got-Eval
Tube-Got-Results
X-Mvc-Supplant-OutputCached
X-Proxied-Request
X-Air-Pt
X-SVT-ORM-RULES
Tube-Return
X-Sucuri-ID
X-FORWARDED-FOR
Cdn-Request-Time
X-Server-IP
X-Cache-Id
Click-Count-Action-Start
Fastly-Backend-Name
X-Wikidot-Backend
X-Cache-FS-Status
XM
X-Wikidot-Static-Cache
Producers
X-Vercel-Id
Fastly-GeoIP-CountryCode
X-Cs
X-Vercel-Cache
Click-Count-Error
X-B3-Trace-ID
X-Thanos
X-TT-LOGID
X-Parent-Response-Time
X-LSADC-Cache
X-ND-Cache
Pics-Label
X-ElasticPress-Query
X-Origin-Response-Time
X-Pad
Fastly-Drupal-HTML
NGX
Mime-Version
Debug
CloudFront-Viewer-Country
X-Via-Popn
X-Datadome
X-Refresh
X-Nananana
X-Via-Poph
X-Varnish-Hits
X-APP
X-Via-Popv
X-Cached-By
X-ZONE
HA-Ipaddr
X-TH-Server
Product
Cookie
X-AIR-PT
GeoIp-Country-Code
X-HA-Backend
X-DynaTrace-JS-Agent
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
GeoIP-Latitude
X-Litespeed-Tag
X-Zone
Server-ID
X-Debug-Service
X-Nginx-Cache-Key
X-Cache-VC
X-Srv
Load-Balancing
X-Webkit-CSP
X-Cdn-Forward
Sever-Int
True-Client-Country-4JS
X-User
Edge-Cache
X-GeoIP
Server-Ext
Server-Hostname
X-Wa
X-LB-ID
X-B3-Parentspanid
WZWS-RAY
MIME-Version
HostName
X-Fpc
DataCenter
Fastly-Drupal-Html
Show-Do-Not-Sell-Link
X-Nc
Tcn
X-Unity-Cache
Cdn
X-Cache-Backend
Traceparent
X-Newrelic-Synthetics
SID
Akamai-Mon-Iucid-Del
Resin-Trace
X-RateLimit-Limit
X-LB-NoCache
X-Lsadc-Cache
Lb
X-Vc
X-Ez-Minify-Html
X-Scheme
X-Request-Start
X-VCL-Version
Wsr-Cache
Surrogated-Key
X-Nginx-Cache
X-B3-Spanid
X-TX-ID
X-Pool
Yjs-Id
X-CDN-Provider
Sm-Log-Id
X-Service-Response-Time
X-CS
X-NodeID
XkeyR9
Xkey-La3
Xkeylog
X-Proxy-CacheR9
Serverhost
X-Request-Host
X-Proxy-Cache-La3
X-Datacenter
NtCoent-Length
X-HOST
X-RequestId
CountryCode
X-WA
X-Cache-Grace
A
X-Vgn-Hpd-Reason
Hostname
X-HubSpot-Correlation-Id
X-LiteSpeed-Tag
X-Udemy-Cache-App-Namespace
CDN
N1-Cache
X-FPC
X-API-Version
Cs
X-NC
X-Akamai-Pragma-Client-IP
Yak-Timeinfo
X-DynaTrace
X-LiteSpeed-Cache-Control
X-DataCenter
Cdn-Requestid
Datacenter
X-Lb-Id
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Esi-Enabled
Server-Id
X-Fastly-Backend-Reqs
X-ID
X-Dynatrace-Js-Agent
Uri
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Via-SSL
X-VC-Age
X-Via-JSL
Geoip-Latitude
X-Geolocation
X-Jobs
X-Html-Minification-Powered-By
X-Stale
X-Zen-Fury
X-Varnish-Beresp-TTL
Pramga
T-Server
X-HA-Application-Name
X-HA-Bot-Classification
Cr
Req-ID
GeoIP-Country-Code
X-Styx-Info
X-ServedByHost
Proxy-Firewall
X-Styx-Origin-Id
True-Client-IP
X-Srcache-Fetch-Status
ServerHost
RATING
X-Srcache-Store-Status
X-Ez-Minify-Js
X-HA-Device-Type
X-AC
X-TimeS
Cloudfront-Viewer-Country
X-Var-Ttl
Srv
X-TIM-N
On-Server
X-Cdn-Srv
X-Lb-Nocache
X-Swift-Error
From-Cache
Content-Secure-Policy
WP-Super-Cache
X-Oracle-DMS-ECID
X-MSEdge-Features
W
X-MSEdge-Flight
X-Powered-By-VTEX-Cache
X-CSRF-TOKEN
X-CACHE-KEY
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Ha-Backend
X-App
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-Proxy-Cache-LA2
X-Via-PopN
X-Fastly-Cache
X-Ramcache
X-Correlation-ID
FSS-Cache
X-Via-PopH
X-Via-PopV
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Cdn-Cache-Status
X-Geo
X-Elasticpress-Query
Ngx
Cl-Cache
X-Web-Server
X-Sucuri-Id
X-Sorting-Hat-Shopid
Coldstone-Viewer-Country-Region-Name
X-Check-Cacheable
CF-Cached-On
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
X-WA-Info
X-Sorting-Hat-Podid
X-Webkit-Csp-Report-Only
X-Shardid
X-Shopid
Ohc-File-Size
X-Key
X-DC
Ohc-Cache-HIT
WebServer
Akamai-X-True-TTL
X-ATG-Version
X-Th-Server
X-VServer
X-Serial
Cf-Ipcountry
X-PageType
Xkey-G-Jp
Warning
URI
Host-Name
FSS-Proxy
X-Mg-Cache
X-Fastly-Cache-Status
Cneonction
X-Request-Url
User-Agent
BehaviorPad-Version
X-Fastly-Cache-Hits
X-Env