Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
Cf-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
Keep-Alive
X-Vhost
X-Cache-Group
X-AH-Environment
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-Varnish-Cache
X-OneAgent-JS-Injection
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-Device
X-LiteSpeed-Cache
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Server-Id
X-Country-Code
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
Content-Location
P3p
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
Service-Worker-Allowed
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Country
X-Clacks-Overhead
X-Content-Type
X-Application-Context
X-Vname
X-TtlSet
X-PC
Rating
X-Times
X-Cnection
X-ESI
X-Browser-Type
X-Cache-TTL
X-Midtier
X-Mcache
X-Edge
X-Ua-Device
X-Vcap-Request-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
Surrogate-Key
X-FTR-Expires
X-Ac
Origin-Trial
Edge-Control
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-D2id
X-Element-Page-Cache
X-FastCGI-Cache
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Abt-Application-Version
X-NWS-LOG-UUID
Verso
X-Nf-Request-Id
X-Upstream
X-ECACHE
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
X-ORACLE-DMS-RID
X-B3-TraceId
X-Mod-Pagespeed
Display
Pagespeed
X-Middleton-Display
X-Sol
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-GitHub-Request-Id
X-Middleton-Response
Response
X-Client-IP
X-Language
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Envoy-Decorator-Operation
S
Akamai-GRN
Edge-Cache-Tag
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Goog-Hash
X-MS-InvokeApp
X-Ratelimit-Limit
X-ARC
X-Resp-Is-Stale
X-Oneagent-Js-Injection
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Distributor
X-Url
SPRequestDuration
SPIisLatency
X-Content-Digest
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
X-Ezoic-Cdn
Front-End-Https
X-NGENIX-Cache
X-Dw-Request-Base-Id
X-Recruiting
X-Shield-Request-Id
X-Cache-Key
RTSS
X-Ttl
X-Amzn-Trace-Id
Cache-Status
X-Varnish-TTL
X-Powered-CMS
X-Version
Public-Key-Pins
X-T
X-Ruxit-Js-Agent
TP-Cache
Fastcgi-Cache
X-Forwarded-For
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Mg-S
X-Ismobilevalue
X-Webkit-Csp
Realpath
X-Correlation-Id
X-Cluster-Name
Cache-Tags
X-Id
X-Cached
AR-CACHE
X-Fastly-Request-ID
X-Server-Name
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-CST
X-Content-Security-Policy-Report-Only
X-Ua-Browser
Payment
X-Kong-Proxy-Latency
X-DIS-Request-ID
Content-MD5
X-Kong-Upstream-Latency
X-GUploader-UploadID
X-Newrelic-App-Data
X-Cambria-Cache-Control
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Xrds-Location
X-RateLimit-Remaining
Content-Disposition
X-Ratelimit-Remaining
X-TTL
Count-Hit
X-Azure-Ref
X-ORACLE-DMS-ECID
X-Amz-Replication-Status
X-Px
Cleartype
Cross-Origin-Resource-Policy
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
X-Page-Id
X-Logged-In
Accept-Charset
X-Proxy
X-Protected-By
X-Az
X-Activity-Id
X-FB-Debug
X-AppVersion
X-Rid
X-Git-Hash
Cross-Origin-Embedder-Policy
X-Origin-Server
X-Ratelimit-Reset
X-VARITI-CCR
X-Www-Served-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-LLID
X-Load-Cache
X-Goog-Metageneration
X-Template
X-Varnish-Backend
MicrosoftSharePointTeamServices
Ar-SID
YJS-ID
Version
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-Hits
Server-Node
X-Geo-Country
X-Upgrade-Enabled
X-SERVER-NAME
X-URL
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Request-Device-Id
X-Hostname
X-Frontend
X-B3-Sampled
X-Content-Options
X-Varnish-Server
Viewport
X-App-Server
X-TT
Section-Io-Cache
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Status
X-Device-Type
X-Varnish-Grace
X-Grace
X-B
X-Fb-Rlafr
Alternate-Protocol
Access-Control-Allow-Method
Fastly-SIE
TCN
Fastly-SWR
AKAMAI-GRN
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Healthy
Upgrade-Insecure-Requests
X-Server-ID
X-NF-Request-ID
Host
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-WebKit-CSP-Report-Only
X-Meli-Trace-Platform
X-Magnolia-Registration
X-Request-Guid
X-CSRF-Token
X-COUNTRY
DC
X-EdgeConnect-Cache-Status
X-Buckets
X-Cache-Age
Retry-After
Amp-Access-Control-Allow-Source-Origin
X-Debug
X-Varnish-Ttl
X-Amzn-Remapped-Content-Length
X-Contextid
MS-Author-Via
X-Wormhole-Sdk
X-Cache-Control
X-Revision
X-Type
AR-SID
X-Original-Request-Id
X-Response-Served-From
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Vcl-Version
X-UUID
X-Instance
X-Origin-TTL
X-WP-CF-Super-Cache
X-Origin-CC
X-WP-CF-Super-Cache-Cache-Control
Section-Io-Id
X-Adobe-Loc
X-Akamai-Edgescape
X-Adobe-Content
X-Hl-Ver
X-G
X-NYM-Debug-Backend
X-Lambda-Id
X-Content-Powered-By
X-Rendered-As
X-Is-Bot
Charset
Access-Control-Request-Headers
X-Mobile
X-Yottaa-Metrics
X-Tec-Api-Root
X-Tec-Api-Origin
X-Debug-IsPreview
X-Tec-Api-Version
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Debug-IsConnected
X-Backend-Name
X-Yottaa-Optimizations
X-Seen-By
X-Storage
Ms-Operation-Id
NGB
SD-X-WS
X-Trace-Id
X-INCAP-ABP
X-Framework
X-Mg-Request-UUID
X-RTag
MS-CV
X-Server-W
X-ServerID
X-Dc
X-RemovedCookies
X-ProcessESI
X-AB
X-App-Version
X-RM-Cache-TTL
X-Akamai-Request-ID2
X-N
X-Cache-Status-Check
Frame-Options
X-Cache-Time
X-Cache-Hit
Filterid
X-DataDome
Refresh
X-Request-Bu
X-Request-Site
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Request-Platform
X-Time
Cache
Accept-Language
SRV
X-Region
Protected
Webserver
X-Real-IP
X-Node-Name
X-B3-SpanId
X-Fastcgi-Cache
Paypal-Debug-Id
CDN-RequestId
Onion-Location
X-Requestid
X-Oracle-Dms-Ecid
X-User-Agent
X-CLOUD-TRACE-CONTEXT
X-CCDN-CacheTTL
X-Ms-Request-Id
X-CCDN-Origin-Time
Cross-Origin-Window-Policy
Liferay-Portal
X-Hcs-Proxy-Type
X-Ms-Version
X-VC-Cache
X-LB-Cache
X-Cache-Expired-At
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Whom
X-Datadog-Trace-Id
X-HITS
X-F-Cache
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-Mode
X-WP-CF-Super-Cache-Active
Priority
X-Rocket-Nginx-Serving-Static
Xet-Cookie
OT-Force-Account-Verify
X-Environment-Context
Backend
X-L-Path
X-Pass-Why
X-Proxy-Cache-Info
GEO-INFO
X-Drupal-Cache-Tags
X-Tb
X-Rule
X-Service
X-Cacheable-TTL
X-App-Environment
X-Is-Desktop
X-Is-Mobile
X-Is-Tablet
X-JoinUs
X-FW-Static
Filters
X-Browser-Name
X-Zipkin-Id
X-Cloudmap
X-Debug-Info
Meta-Geo
X-Extlb
X-Geo-Region
X-Is-Supported-Browser
X-SaId
X-Routing-Service
X-FW-Serve
X-FW-Server
X-FW-Type
X-FW-Version
X-Rn-Rsrv
X-FW-Hash
X-Rewrite-Enabled
X-MP-GENERATED-AT
X-UPSTREAM-Address
X-Proxied
X-Tcp-Rtt
X-FW-Dynamic
TWC-GeoIP-Country
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-GeoIP-LatLong
TWC-GeoIP-City
ServerID
Fastcgi-Useragent
Property-Id
Country
ServedBy
TWC-Connection-Speed
TWC-Device-Class
X-Forwarded-Host
X-Origin-Hint
X-Restarts
X-Loop
X-Locale
X-Hit
X-Servername
X-Shopify-Stage
X-Vcache
X-Varnish-Beresp-Grace
X-Tncms
X-Storefront-Renderer-Rendered
X-IPLB-Request-ID
X-Format
Webcakes-App-Name
Webcakes-App-Version
Web-Mar-Node
Url
TWC-Privacy
Webcakes-Region
X-Adobe-Source
X-Endurance-Cache-Level
X-Cdn-Origin
X-Cache-Host
X-Alternate-Cache-Key
TWC-Locale-Group
X-Generation-Time
X-Handled-By
X-VC
X-IPLB-Instance
X-Edge-Location
Atl-Traceid
X-Director
X-Web-Node
X-Scope-Id
X-ProxyCache-Status
Mn-Server-Ip
X-Logging-Id
X-Origin-Date
X-ProxyCache-Key
Uber-Trace-Id
X-Httpd
Apigw-Requestid
Environment
X-Cluster-Node
X-Cluster
X-BYPASS-REASON
X-Skip-Cache
X-Cms-Context
X-Served-From
X-Detected-As
X-Cache-Action
X-Drupal-Cache-Contexts
X-S
X-FB-TRIP-ID
X-RateLimit-Limit-Second
X-Redis-Cache
X-RateLimit-Remaining-Second
X-Soup
X-Origin
LB
X-PHP-Host
X-Mly-Id
Selected-Fe
X-Labrador-Cache-Channel
X-Connection-Hash
Expiry
X-Proxy-Build
DB-Nickname
X-Auth-Group-Type
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Timing-Wait
X-Fetched-On
Cache-Hits
X-Wix-Request-Id
X-Hosted-By
X-Yandex-Req-Id
X-SayCDN-TTL
X-R9-Blue-Green-Version
Locale
X-ECache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Origin-Cache
X-Say-Cacheable
X-Say-TTL
X-XRDS-Location
X-RCS-CacheZone
X-VCT
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-B3-Traceid
X-No-Session
YJS-CacheStatus
Front
X-Varnish-Cache-Hits
Countrycode
X-Cache-Debug
X-Is-Modern-Browser
X-GEO
X-Varnish-Age
X-NewRelic-App-Data
X-Source
X-WP-CF-Super-Cache-Cookies-Bypass
X-SRV
WPO-Cache-Status
X-Lagoon
Node
X-Varnish-Beresp-Ttl
X-UA
X-Provided-By
X-CDN-Forward
Xserver
X-Is-Mobile-Only
X-Api-Version
X-Site-Version
X-Platform
Cache-Tv-Group
From-Origin
X-Webstats-RespID
Referer-Policy
X-Cdn
X-Generated-By
X-Azure-Ref-OriginShield
X-Accel-Version
Cache-Provider
X-Ua
X-TA-CDN-Provider
X-Fastly-Request-Id
X-VC-TTL
X-Signature
X-B-Cache
X-CACHE-AGE
X-Xfnlog-Site
X-CDN-Cache-Status
AMP-Access-Control-Allow-Source-Origin
Location
X-NWS-UUID-VERIFY
X-PHP-Backend
WPO-Cache-Message
X-TT-LOGID
Request-ID
X-Sucuri-Cache
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-Uid
X-Optimistic-Header
X-Presslabs-Stats
X-Cache-Operation
X-Cache-Rule
CF-IPCountry
CDN-Cache
X-Reqid
X-Tt-Logid
X-Tb-Optimization-Total-Bytes-Saved
X-IsAdmin
X-Tx-Id
X-Air-Pt
X-Cache-NE
X-Cache-Aspx
X-Ig-Origin-Region
X-Bl-Debug
X-BCube-Filmed-By
X-Loc
Apple-News-Services-Parsed-Url
X-Ec-GeoHdr
X-Ig-Push-State
X-Frame-Option
X-Sigma-Backend
X-Clientip
Redirect-Candidate
X-External-Request-Id
RNT-Machine
X-Rojux
Rendered-Blocks
Apple-News-Services-Host
X-Varnish-Authentication
X-Access
X-Rocket-Build-Number
X-Action
X-GeoCode
Time-Cloud-Cache
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Aed
Store-Cloud-Cache
X-Auto-Login
X-B-Cookie
X-A-Ccd
X-A
X-Application
Sslversion
Candidate-Md5Url
RNT-Time
Apple-News-Services-Request-Url
X-Destination
X-Ec-Fail
X-S-Cookie
X-Core-Value
Lang
DCR-Processing-Time-Ms
X-Vdms-Version
X-Vtex-Remote-Cache
DCR-Decision-By
X-VG-TLSProxy
Ngx.Var.Host
Expect-Staple
Fl-Custom-Application
Log-Origin
X-Section
MD5-Digest
X-Viewer-Country
X-Save-Cache
X-Micro-Cache
Meta-Geo-Continent
X-GeoCountry
Odigeo-Trace-Id
X-Ee-Generated-By
X-Conf
X-Developer
Apple-News-Services-Handled
Xc-Version
X-Depends
X-Sigma
X-ScT
X-Cms-Device
X-Ee-Request-Id
X-Ee-Request-Date
X-Ee-Origin
X-Vary-Devices
X-D
Origin
XM
X-Contensis-Viewer-Groups
X-Worker
X-Sucuri-ID
V-Age
L5d-Success-Class
X-Request-URI
L
Server-Host
Req-Svc-Chain
Origin-Agent-Cluster
Origin-CC
Origin-EX
RewriteTeamHook
RewriteTestHook
Thinkindot-CacheControl
TDXMobile
Nord-Request-ID
ServerName
Thinkindot-CacheControl-Type
X-BBC-Edge-Cache-Status
X-Ion-Hop
X-Nyt-Route
X-Content-Length
X-Debug-Cache-Fetch
X-Ion-Healthy
X-Content-Age
X-CGP
X-DefHash
X-DefElseHash
X-Debug-Cache-Store
X-Old-Content-Length
X-Moov-Xdn-Version
X-Origin-Expires
X-Eu-Site
X-Men
X-Csrf-Jwt
X-Moov-T
X-Date
X-GeoIP-City
X-Moov-Xdn-Caching-Status
X-Origin-Time
X-Jungle-Id
X-Internal-TTL
X-Fmm-Version
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Generated-On
X-Aicache-OS
X-Hash
X-GoCache-CacheStatus
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Epic-Correlation-Id
X-AK-Request-ID
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-Forwarded-Site
X-Bc-Bl
X-Pubstack
X-Region-Sid
X-Render-Time
X-Gdpr
X-From
X-Akamai-Device-Characteristics
Web-Mar-Region
X-Varnish-Director
Azure-InstanceId
Azure-RegionName
X-Slack-Backend
X-Sn-Servicetimems
X-Thinkindot-L1
X-SRCache-Key
Azure-SiteName
Azure-SlotName
CDCHOST
Cdncip
X-Req
Cache-Contol
Azure-Version
X-Thinkindot-L3
X-UA-Device-Type
X-Varnish-CookieINHashed-On
Cluster
X-Varnish-Remaining-TTL
X-LSADC-Cache
X-We-Are-Hiring
X-VG-WebCache
Host-ID
X-Varnish-CookieHashed-On
X-Varnish-Hostname
X-Up
X-Uri
X-V-Cache
X-Varnish-Beresp-Status
Cdnsip
X-Slack-Shared-Secret-Outcome
Gannett-Cam-Experience-Id
X-PAYTM-SRV-ID
Gh-Request-Id
Country-Code
Fastly-SSL
X-ApacheServer
DSUID
X-Node-Id
X-PERF
X-Shield-Cache-Expires
Cmsid
Ha-Gx-Prefs
Cmstype
X-CUA
X-Block-Status
PFcat
X-Policy
X-Wikidot-Backend
X-Bip
N-Cache
X-Backend-Instance
X-Gamma-Serve
X-Gen-Mode
Fastly-Backend-Name
IsBot
X-B3-Trace-ID
X-Wikidot-Static-Cache
X-Org
X-Proto
X-CacheTTL
X-Amz-Storage-Class
X-Edge-Server
X-Vercel-Cache
X-Ec-Custom-Error
X-NMSegId
Mail-Subject
X-Cache-Date
X-Vercel-Id
X-Cache-FS-Status
X-FC-Vary-Parameters
X-App-Name
X-Fastly-Backend
X-Bug-Bounty
X-Path
Tube-Got-Eval
Tube-Get-Contents
Pragrma
Tube-Got-Results
Tube-Return
User-Cache-Control
Origin-Site
X-AB-Test
X-SIPLIST1
Cdn-Host
Cdn-Request-Time
Click-Count-Error
Release
X-Human
C-Via
CacheControlHeader
We-Hiring
X-Litespeed-Cache-Control
X-GeoIP-Country-Code
NM-Fastcgi-Cache
X-GeoIP-Region-Code
Click-Count-Action-Start
X-HN
X-Dispatcher-Server
X-VarnishDD-TTL
X-Server-IP
X-Thanos
X-Hnp-Log
X-Op-Id-All
X-Vmg-Version
X-SB
X-SVT-ORM-RULES
X-SD-PageType
X-SVT-ORM-VERSION
X-Via-Fastly
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Parent-Response-Time
X-Cache-Id
Platform
Content-Style-Type
Sid
X-Esi-Check
Producers
Canary
X-ZONE
X-Mvc-Supplant-Cachable
Source
X-Gzip
Machine
Fastly-GeoIP-CountryCode
Content-Script-Type
X-ElasticPress-Query
X-DPWN-IS-SECURE
X-Location
X-Pad
X-Litespeed-Tag
X-Cs
X-Origin-Response-Time
X-Mvc-Supplant-OutputCached
S-Rt
X-Proxied-Request
Fastly-Drupal-HTML
Powered-By
X-TH-Server
CloudFront-Viewer-Country
X-Upstream-Ht
Product
Debug
X-Upstream-Ct
X-Refresh
Vix-Hermes-Req-Id
X-Cached-By
X-NGINX-Cache
X-Via-Poph
HA-Ipaddr
X-Nananana
Mime-Version
NGX
X-ND-Cache
X-Via-Popv
X-Amz-Meta-Cb-Modifiedtime
Pics-Label
X-Via-Popn
X-Servedbyhost
X-Cache-VC
X-Datadome
X-HA-Backend
X-APP
X-Varnish-Hits
GeoIP-Latitude
Server-ID
X-Ah-Environment
Cookie
X-Nginx-Cache
X-Cdn-Forward
X-DynaTrace-JS-Agent
X-AIR-PT
Edge-Cache
X-LB-ID
X-User
GeoIp-Country-Code
X-Srv
X-Fpc
X-GeoIP
MIME-Version
X-Webkit-CSP
X-B3-Parentspanid
HostName
X-Wa
Akamai-Mon-Iucid-Del
X-Nc
X-LB-NoCache
Surrogated-Key
X-Request-Start
WZWS-RAY
X-FORWARDED-FOR
DataCenter
X-Unity-Cache
X-Nginx-Cache-Key
SID
Fastly-Drupal-Html
X-Zone
X-Scheme
Resin-Trace
Yjs-Id
X-Debug-Service
X-Client-Ip
Load-Balancing
Server-Hostname
True-Client-Country-4JS
Sever-Int
Server-Ext
X-B3-Spanid
Cdn
X-CS
Show-Do-Not-Sell-Link
X-Request-Host
X-NodeID
Tcn
Lb
N1-Cache
X-Pool
X-Newrelic-Synthetics
X-RequestId
X-Lsadc-Cache
X-VCL-Version
X-Service-Response-Time
Sm-Log-Id
X-RateLimit-Limit
Wsr-Cache
X-Cache-Backend
X-Cache-Grace
Traceparent
NtCoent-Length
X-Vc
X-DynaTrace
X-Vgn-Hpd-Reason
X-TX-ID
Yak-Timeinfo
X-DataCenter
X-LiteSpeed-Cache-Control
X-Via-CDN
X-Datacenter
X-HOST
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-NODE
X-API-Version
X-Zen-Fury
X-Geolocation
X-HubSpot-Correlation-Id
Datacenter
X-WA
X-Jobs
CDN
Serverhost
X-CDN-Provider
Hostname
Cdn-Requestid
Req-ID
X-Dynatrace-Js-Agent
X-LiteSpeed-Tag
A
X-Udemy-Cache-App-Namespace
X-ID
X-Fastly-Backend-Reqs
Xkey-La3
X-Cdn-Srv
X-NC
Uri
Xkeylog
X-Proxy-CacheR9
XkeyR9
X-Proxy-Cache-La3
X-FPC
X-Ez-Minify-Html
X-Akamai-Pragma-Client-IP
GeoIP-Country-Code
X-Html-Minification-Powered-By
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
Server-Id
WP-Super-Cache
X-Lb-Id
True-Client-IP
X-VTEX-Cache-Time
CountryCode
X-Stale
T-Server
X-Via-JSL
RATING
Proxy-Firewall
X-TimeS
X-Srcache-Fetch-Status
Cs
Geoip-Latitude
On-Server
X-Ez-Minify-Js
Esi-Enabled
X-Srcache-Store-Status
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-Varnish-Beresp-TTL
ServerHost
Srv
X-WA-Info
From-Cache
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Country
X-ServedByHost
X-VC-Age
X-Swift-Error
Coldstone-Viewer-Currency
WebServer
X-Oracle-DMS-ECID
X-App
Cloudfront-Viewer-Country
X-Styx-Info
Cr
X-CSRF-TOKEN
X-Styx-Origin-Id
X-HA-Application-Name
Ngx
X-HA-Bot-Classification
X-Ha-Backend
X-HA-Device-Type
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Geo
FSS-Cache
X-Var-Ttl
X-Ssense-Shipping-Surcharge-Enabled
BehaviorPad-Version
X-Ssense-Gql
X-TIM-N
X-Cdn-Cache-Status
Pramga
X-Fastly-Cache
X-Via-PopN
X-Via-PopV
Content-Secure-Policy
X-Via-PopH
X-Correlation-ID
X-MSEdge-Features
X-MSEdge-Flight
X-CACHE-KEY
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Check-Cacheable
W
X-Web-Server
X-Shardid
X-Th-Server
X-Elasticpress-Query
X-Proxy-Cache-LA2
X-Wp-Cf-Super-Cache-Active
X-Request-Url
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-ATG-Version
My-App
X-Request-Time
X-Nitro-Cache
X-DC
X-Serial
Akamai-X-True-TTL
X-Sucuri-Id
Cf-Ipcountry
True-Client-Ip
Xkey-G-Jp
X-Ramcache
User-Agent
Cl-Cache
X-Cache-TTL-Remaining
X-Mg-Cache
Host-Name
X-Env
FSS-Proxy
X-Fastly-Cache-Status
Bxuuid
X-Fastly-Cache-Hits
Cneonction
Bxpunish