Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
Cf-Request-Id
X-Download-Options
X-Timer
X-Request-Id
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
X-Drupal-Cache
Permissions-Policy
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
Request-Context
X-Backend
X-Robots-Tag
P3p
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-UA-Device
X-Vhost
X-Cache-Group
X-Amz-Version-Id
Keep-Alive
X-Dispatcher
X-AH-Environment
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-LiteSpeed-Cache
X-Litespeed-Cache
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
X-Ruxit-JS-Agent
Surrogate-Control
X-Country-Code
X-Server-Id
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Cloud-Trace-Context
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
X-Country
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Fastly-Restarts
X-Clacks-Overhead
X-Content-Type
Request-Id
X-TtlSet
X-PC
X-Vname
X-Times
X-Application-Context
Rating
X-Cnection
X-Cache-TTL
X-ESI
X-Browser-Type
Surrogate-Key
X-FTR-Balancer
X-FTR-Cache-Status
X-Midtier
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Mcache
X-Edge
X-Vcap-Request-Id
X-FTR-Expires
Accept-Ch-Lifetime
X-Ac
Origin-Trial
Edge-Control
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-Abt-Application-Version
X-Exp-Id
X-Element-Page-Cache
X-NWS-LOG-UUID
X-D2id
Verso
X-Upstream
X-B3-TraceId
X-ORACLE-DMS-RID
X-Amz-Rid
Nginx-Cache
X-Client-IP
X-Mod-Pagespeed
X-Navigation-Version
X-Sol
Display
X-Middleton-Display
Pagespeed
X-GitHub-Request-Id
X-FastCGI-Cache
X-Nf-Request-Id
X-ECACHE
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
Response
X-Middleton-Response
X-Erf-Bev-Bev-Is-Generated
X-Language
X-Envoy-Decorator-Operation
X-Goog-Hash
S
X-ARC
X-Resp-Is-Stale
AR-ATIME
AR-PoweredBy
X-MS-InvokeApp
Edge-Cache-Tag
AR-Request-ID
X-Url
X-Kinsta-Cache
X-Ratelimit-Limit
X-Ser
X-Edge-Location-Klb
X-Content-Digest
Akamai-GRN
X-Distributor
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-Cache-Key
Front-End-Https
X-Ezoic-Cdn
X-Recruiting
X-Shield-Request-Id
X-NGENIX-Cache
X-Forwarded-For
RTSS
X-Powered-CMS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Ttl
Public-Key-Pins
X-MSEdge-Ref
X-T
X-Server-Name
Fastcgi-Cache
X-Mg-S
TP-Cache
X-Ua-Device
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Correlation-Id
X-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
X-CST
X-Varnish-TTL
Cache-Tags
X-Cached
X-Fastly-Request-ID
AR-CACHE
X-Xrds-Location
X-ORACLE-DMS-ECID
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-Newrelic-App-Data
Payment
X-RateLimit-Remaining
X-Kong-Proxy-Latency
X-DIS-Request-ID
X-Kong-Upstream-Latency
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
Content-MD5
X-TTL
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HP-Webp
X-Jurisdiction
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Webkit-Csp
Count-Hit
Content-Disposition
X-PressLabs-Stats
X-Amz-Replication-Status
X-Azure-Ref
X-Ratelimit-Remaining
X-Px
X-Hits
X-Request-Handler-Origin-Region
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Microsite
Cross-Origin-Resource-Policy
X-Page-Id
Accept-Charset
X-Logged-In
Cleartype
X-Ratelimit-Reset
X-FB-Debug
X-Git-Hash
X-Protected-By
X-Unique-Id
X-Load-Cache
X-Activity-Id
X-AppVersion
X-Rid
X-Az
X-Proxy
X-VARITI-CCR
X-Www-Served-By
X-Origin-Server
X-Server-ID
Cross-Origin-Embedder-Policy
X-Goog-Metageneration
X-LLID
X-Varnish-Backend
X-Template
MicrosoftSharePointTeamServices
YJS-ID
Server-Node
Version
X-Forwarded-Proto
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
X-Upgrade-Enabled
X-Varnish-Ttl
X-NF-Request-ID
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Hostname
X-Frontend
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Content-Options
Ar-SID
X-Varnish-Server
X-URL
X-Ruxit-Js-Agent
Section-Io-Cache
X-App-Server
X-TT
AKAMAI-GRN
X-Varnish-Grace
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Viewport
X-B3-Sampled
X-Device-Type
X-Status
Fastly-SIE
Fastly-SWR
X-Fb-Rlafr
X-B
X-Grace
Access-Control-Allow-Method
Alternate-Protocol
X-Oneagent-Js-Injection
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
TCN
Upgrade-Insecure-Requests
X-Wormhole-Sdk
X-Cache-Age
X-SERVER-NAME
X-Fastcgi-Cache
Healthy
X-Request-Guid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
X-Magnolia-Registration
AR-SID
X-Request-Device-Id
X-Buckets
Amp-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
X-CSRF-Token
DC
X-Debug
Retry-After
X-WebKit-CSP-Report-Only
X-Amzn-Remapped-Content-Length
X-Contextid
X-Cache-Control
X-Revision
MS-Author-Via
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Original-Request-Id
X-Response-Served-From
X-Instance
X-Origin-CC
X-Is-Bot
X-Cache-Hit
X-Vcl-Version
X-Origin-TTL
Cross-Origin-Embedder-Policy-Report-Only
X-Adobe-Loc
X-Rendered-As
X-Adobe-Content
X-Yottaa-Metrics
X-Yottaa-Optimizations
Cross-Origin-Opener-Policy-Report-Only
X-NYM-Debug-Backend
X-Seen-By
X-Type
X-Akamai-Edgescape
X-Backend-Name
Section-Io-Id
SD-X-WS
Access-Control-Request-Headers
X-G
X-Mobile
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-Pixel
X-Framework
X-Tumblr-User
X-Tumblr-Pixel-1
Charset
X-UUID
X-Hl-Ver
X-Tumblr-Pixel-0
X-Trace-Id
X-Content-Powered-By
X-ServerID
X-Mg-Request-UUID
X-RM-Cache-TTL
X-Lambda-Id
NGB
X-Storage
X-ProcessESI
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Meli-Trace-Site
MS-CV
X-Server-W
X-Dc
X-RTag
X-RemovedCookies
Ms-Operation-Id
X-Cache-Time
X-DataDome
X-INCAP-ABP
X-N
X-Request-Site
X-Akamai-Request-ID2
X-AB
X-Request-Platform
X-Request-Bu
X-Cache-Status-Check
Refresh
Filterid
Protected
X-Time
X-App-Version
X-Real-IP
Frame-Options
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Region
Cache
Accept-Language
X-Node-Name
X-B3-SpanId
Webserver
X-LB-Cache
CDN-RequestId
SRV
X-User-Agent
Cross-Origin-Window-Policy
Paypal-Debug-Id
X-CCDN-Origin-Time
X-Whom
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CLOUD-TRACE-CONTEXT
X-ECache
Onion-Location
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Ms-Version
X-Ms-Request-Id
Liferay-Portal
Priority
X-COUNTRY
X-IPS-LoggedIn
X-F-Cache
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-VC-Cache
X-WP-CF-Super-Cache-Active
X-VC
OT-Force-Account-Verify
Backend
X-Rocket-Nginx-Serving-Static
X-Proxy-Cache-Info
X-Tb
X-Cacheable-TTL
Xet-Cookie
X-Pass-Why
X-App-Environment
X-FW-Type
X-FW-Version
X-Drupal-Cache-Tags
X-FW-Static
X-Mode
X-FW-Server
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
GEO-INFO
X-Handled-By
Fastcgi-Useragent
X-MP-GENERATED-AT
X-L-Path
X-Environment-Context
X-Rn-Rsrv
X-Loop
X-SaId
X-Rewrite-Enabled
X-Tncms
Filters
ServerID
X-Detected-As
X-Debug-Info
X-Service
X-JoinUs
X-UPSTREAM-Address
X-Vcache
Meta-Geo
X-Adobe-Source
X-Alternate-Cache-Key
X-Tcp-Rtt
X-Origin-Date
X-Is-Tablet
X-Is-Supported-Browser
X-Logging-Id
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Rule
X-Restarts
Atl-Traceid
Country
X-Servername
X-Varnish-Beresp-Grace
X-Is-Mobile
X-Cache-Host
X-Director
X-Hosted-By
X-IPLB-Request-ID
X-IPLB-Instance
Url
Web-Mar-Node
X-Locale
X-Endurance-Cache-Level
X-Web-Node
X-Is-Desktop
X-Geo-Region
X-Browser-Name
Property-Id
TWC-GeoIP-City
X-Wix-Request-Id
TWC-Connection-Speed
TWC-Device-Class
ServedBy
Webcakes-App-Name
X-ProxyCache-Key
X-Soup
X-Origin-Hint
X-Generation-Time
X-Forwarded-Host
X-Httpd
X-Skip-Cache
X-Scope-Id
X-ProxyCache-Status
X-Redis-Cache
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Format
X-Cdn-Origin
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Region
TWC-GeoIP-LatLong
TWC-GeoIP-DMA
Uber-Trace-Id
X-R9-Blue-Green-Version
X-Cache-Action
X-Cms-Context
X-BYPASS-REASON
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
Apigw-Requestid
Environment
X-Requestid
X-Source
LB
X-Edge-Location
X-Extlb
X-Cluster
X-Mly-Id
X-Cloudmap
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
X-PHP-Host
X-Routing-Service
X-S
X-Served-From
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Labrador-Cache-Channel
X-Proxied
X-Zipkin-Id
X-Cluster-Node
Countrycode
Cache-Hits
X-Tumblr-Pixel-2
X-Fetched-On
X-Auth-Group-Type
X-Origin
X-Timing-Wait
X-Proxy-Build
X-Connection-Hash
X-Tumblr-Pixel-3
Selected-Fe
Expiry
DB-Nickname
X-Hit
Mn-Server-Ip
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-SRV
Request-ID
X-Origin-Cache
X-Oracle-Dms-Ecid
X-Varnish-Cache-Hits
X-ShopId
X-Sorting-Hat-ShopId
X-HITS
X-No-Session
X-Sorting-Hat-PodId
X-ShardId
X-GEO
X-VCT
X-Varnish-Age
X-RCS-CacheZone
Front
X-Cache-Debug
WPO-Cache-Status
X-Api-Version
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
X-Is-Modern-Browser
YJS-CacheStatus
X-Site-Version
Node
X-Webstats-RespID
Xserver
X-Varnish-Beresp-Ttl
X-UA
X-Yandex-Req-Id
X-TA-CDN-Provider
X-Cdn
From-Origin
X-Provided-By
X-Generated-By
X-Azure-Ref-OriginShield
X-Platform
Cache-Provider
X-Fastly-Request-Id
X-Xfnlog-Site
X-Accel-Version
X-Ua
X-B3-Traceid
Referer-Policy
X-Is-Mobile-Only
X-TT-LOGID
Cache-Tv-Group
X-CDN-Forward
X-NewRelic-App-Data
X-VC-TTL
X-B-Cache
X-Signature
X-Sucuri-Cache
X-CDN-Cache-Status
CF-IPCountry
X-XRDS-Location
WPO-Cache-Message
X-Reqid
X-Sucuri-ID
Location
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
CDN-PullZone
CDN-RequestCountryCode
X-PHP-Backend
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-CachedAt
AMP-Access-Control-Allow-Source-Origin
X-Litespeed-Tag
X-NWS-UUID-VERIFY
X-Air-Pt
X-Tb-Optimization-Total-Bytes-Saved
X-Content-Age
X-Cache-Rule
X-Frame-Option
X-Cache-Operation
X-HS-Content-Campaign-Id
Cdncip
X-Aed
X-AK-Request-ID
Cdnsip
X-Application
X-Action
X-A-Dgt
X-VG-WebCache
X-VG-TLSProxy
X-A-Dcw
X-Vtex-Remote-Cache
X-A-Wwc
X-Ig-Push-State
X-B-Cookie
Xc-Version
X-Loc
X-Ig-Origin-Region
X-GeoCode
X-Contensis-Viewer-Groups
X-Ec-Fail
X-Ec-GeoHdr
X-Conf
X-Developer
X-D
X-IsAdmin
X-Depends
X-Destination
X-External-Request-Id
X-Clientip
X-BCube-Filmed-By
DCR-Decision-By
X-GeoCountry
X-Bl-Debug
X-Cache-Aspx
X-Cache-NE
X-Fmm-Version
X-Forwarded-Site
Candidate-Md5Url
X-Vdms-Version
X-Slack-Shared-Secret-Outcome
Lang
X-Slack-Backend
X-Sigma-Backend
Redirect-Candidate
Rendered-Blocks
Meta-Geo-Continent
X-Varnish-Director
X-SRCache-Key
X-Tx-Id
X-Sigma
X-Rojux
X-Rocket-Build-Number
X-Request-URI
MD5-Digest
X-S-Cookie
X-ScT
Origin
Odigeo-Trace-Id
Ngx.Var.Host
RNT-Time
RNT-Machine
Expect-Staple
Web-Mar-Region
X-Old-Content-Length
X-Origin-Expires
X-A
X-A-Ccd
X-Micro-Cache
DCR-Processing-Time-Ms
X-A-Dam
Fl-Custom-Application
X-Varnish-Authentication
Sslversion
X-CUA
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
Req-Svc-Chain
Thinkindot-CacheControl
X-Backend-Instance
TDXMobile
X-Bc-Bl
X-Date
X-Access
X-Aicache-OS
Origin-Agent-Cluster
X-Block-Status
X-Auto-Login
Thinkindot-CacheControl-Type
V-Age
User-Cache-Control
X-App-Name
X-Bug-Bounty
X-Ee-Request-Date
X-Node-Id
X-Moov-Xdn-Version
X-Nyt-Route
X-Varnish-CookieHashed-On
X-Origin-Time
X-Varnish-Beresp-Status
X-Varnish-CookieINHashed-On
X-Moov-Xdn-Caching-Status
X-Men
X-We-Are-Hiring
X-Varnish-Remaining-TTL
X-Varnish-Hostname
X-Moov-T
X-V-Cache
X-Uri
X-Pubstack
X-Sn-Servicetimems
X-Shield-Cache-Expires
X-Section
X-Req
X-SD-PageType
X-Policy
X-PAYTM-SRV-ID
X-UA-Device-Type
X-Up
X-Thinkindot-L3
X-Path
X-Thinkindot-L1
X-Worker
X-Internal-TTL
X-Ee-Request-Id
X-FC-Vary-Parameters
X-From
X-Gdpr
X-Ee-Origin
X-Region-Sid
X-Fastly-Backend
X-Epic-Correlation-Id
X-Viewer-Country
X-DefHash
X-Vary-Devices
X-Save-Cache
X-Ec-Custom-Error
X-Ee-Generated-By
X-Gen-Mode
Time-Cloud-Cache
X-Hnp-Log
X-Human
Store-Cloud-Cache
XM
X-Cms-Device
X-Core-Value
X-GeoIP-Country-Code
X-GeoIP-City
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hash
X-DefElseHash
X-Acquia-Purge-Cdn-Unconfigured
Apple-News-Services-Handled
Apple-News-Services-Host
Cmstype
Country-Code
DSUID
Gannett-Cam-Experience-Id
X-Optimistic-Header
Cmsid
Cluster
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Gh-Request-Id
Fastly-SSL
Log-Origin
Server-Host
X-Csrf-Jwt
X-Debug-Cache-Store
RewriteTestHook
X-Debug-Cache-Fetch
X-Dispatcher-Server
RewriteTeamHook
X-Eu-Site
X-Esi-Check
X-Edge-Server
X-DPWN-IS-SECURE
X-Content-Length
X-Generated-On
X-Cache-Date
X-Cache-FS-Status
X-Level-Front-Cache
X-Render-Time
X-ApacheServer
X-Cache-Id
X-Jungle-Id
X-Ion-Healthy
X-Ion-Hop
X-CGP
X-CacheTTL
Nord-Request-ID
X-Gamma-Serve
X-SVT-ORM-RULES
X-Wikidot-Backend
X-LSADC-Cache
X-Wikidot-Static-Cache
X-Litespeed-Cache-Control
X-SVT-ORM-VERSION
X-Thanos
X-Vmg-Version
X-Tt-Logid
X-Via-Fastly
X-Vercel-Id
X-Vercel-Cache
X-SIPLIST1
X-Server-IP
X-Mvc-Supplant-Cachable
X-NMSegId
Host-ID
X-Gzip
Cache-Contol
X-Org
X-Proto
N-Cache
X-SB
X-Bip
X-CACHE-AGE
X-PERF
Sid
Tube-Got-Results
Tube-Return
Fastly-GeoIP-CountryCode
Tube-Got-Eval
Tube-Get-Contents
Wxu-Next-Region
Origin-CC
L5d-Success-Class
We-Hiring
Platform
Wxu-Next-Commit
Wxu-Next-Hostname
NM-Fastcgi-Cache
Content-Style-Type
Fastly-Backend-Name
Machine
Mail-Subject
Content-Script-Type
Ha-Gx-Prefs
ServerName
Cdn-Host
Producers
Cdn-Request-Time
X-B3-Trace-ID
CDCHOST
Pragrma
CacheControlHeader
Click-Count-Error
Click-Count-Action-Start
IsBot
X-Amz-Storage-Class
X-Akamai-Device-Characteristics
Release
Origin-EX
L
X-Parent-Response-Time
X-HN
X-TH-Server
Origin-Site
X-Proxied-Request
PFcat
X-VarnishDD-TTL
X-Origin-Response-Time
Product
X-Mvc-Supplant-OutputCached
X-Location
X-Op-Id-All
X-ElasticPress-Query
Canary
NGX
C-Via
X-AB-Test
X-AWS-Id
X-Cs
Source
X-VWS-Id
X-LJ-Flow-ID
X-Amz-Meta-Cb-Modifiedtime
Debug
HA-Ipaddr
Mime-Version
X-Pad
X-Cached-By
Fastly-Drupal-HTML
S-Rt
X-Refresh
X-Cache-VC
X-ZONE
X-Cdn-Forward
X-Presslabs-Stats
X-Via-Poph
Powered-By
X-Via-Popn
X-Via-Popv
Vix-Hermes-Req-Id
X-Nginx-Cache
X-APP
X-NGINX-Cache
X-ND-Cache
Cookie
X-User
X-Upstream-Ct
X-LB-ID
X-Upstream-Ht
X-Nananana
Edge-Cache
X-Ah-Environment
CloudFront-Viewer-Country
X-Datadome
GeoIP-Latitude
X-HA-Backend
Pics-Label
X-Varnish-Hits
X-DynaTrace-JS-Agent
X-Servedbyhost
X-AIR-PT
Surrogated-Key
X-LB-NoCache
Akamai-Mon-Iucid-Del
X-GeoIP
Server-ID
HostName
X-Webkit-CSP
GeoIp-Country-Code
X-Zone
X-Request-Start
X-Scheme
X-Fpc
X-Nc
Fastly-Drupal-Html
MIME-Version
DataCenter
WZWS-RAY
X-Wa
X-B3-Parentspanid
Resin-Trace
N1-Cache
SID
X-Debug-Service
X-Srv
X-Pool
X-RateLimit-Limit
X-NodeID
X-Request-Host
X-Unity-Cache
X-CS
X-RequestId
X-LiteSpeed-Cache-Control
Server-Ext
X-Nginx-Cache-Key
Server-Hostname
True-Client-Country-4JS
Sever-Int
Tcn
X-Cache-Grace
X-Lsadc-Cache
X-VCL-Version
X-Service-Response-Time
Wsr-Cache
X-DataCenter
Sm-Log-Id
Show-Do-Not-Sell-Link
Lb
Yak-Timeinfo
X-Vgn-Hpd-Reason
Load-Balancing
X-B3-Spanid
X-TX-ID
X-Cache-Backend
Cdn
X-Air-Source
Yjs-Id
X-DynaTrace
X-Air-Trace-Id
X-Air-Hostname
X-Newrelic-Synthetics
X-Zen-Fury
Edge-Copy-Time
X-Via-SSL
X-HOST
X-Via-CDN
X-Via-Edge
X-Datacenter
NtCoent-Length
X-Geolocation
X-NODE
CDN
X-Jobs
Req-ID
Traceparent
X-WA
X-API-Version
X-NC
X-FPC
X-HubSpot-Correlation-Id
Cdn-Requestid
X-Cdn-Srv
X-Vc
X-LiteSpeed-Tag
Uri
X-FORWARDED-FOR
Datacenter
X-Akamai-Pragma-Client-IP
X-Powered-By-VTEX-Cache
Server-Id
WP-Super-Cache
X-CDN-Provider
GeoIP-Country-Code
X-Fastly-Backend-Reqs
X-Udemy-Cache-App-Namespace
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Webkit-Csp-Report-Only
XkeyR9
Xkey-La3
Serverhost
X-Proxy-CacheR9
X-Dynatrace-Js-Agent
X-Proxy-Cache-La3
Xkeylog
Hostname
True-Client-IP
X-Ez-Minify-Js
X-Html-Minification-Powered-By
X-Varnish-Beresp-TTL
On-Server
X-ServedByHost
X-Stale
T-Server
Geoip-Latitude
RATING
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Country
X-TimeS
A
ServerHost
X-WA-Info
Srv
Cloudfront-Viewer-Country
X-Lb-Id
X-Swift-Error
Proxy-Firewall
X-Lb-Nocache
From-Cache
X-Oracle-DMS-ECID
WebServer
X-Client-Ip
X-App
BehaviorPad-Version
Esi-Enabled
X-Via-JSL
X-Ha-Backend
X-CSRF-TOKEN
X-Wp-Cf-Super-Cache
X-ID
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-MSEdge-Flight
X-VC-Age
X-Check-Cacheable
FSS-Cache
X-Via-PopH
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Fastly-Cache
X-MSEdge-Features
X-Via-PopN
X-Correlation-ID
X-Via-PopV
X-Srcache-Store-Status
X-Srcache-Fetch-Status
CountryCode
Cs
X-Cdn-Cache-Status
X-Request-Time
X-Nitro-Cache
X-Shardid
X-Sorting-Hat-Podid
Pramga
X-Sorting-Hat-Shopid
X-Shopid
X-Geo
X-Serial
X-Web-Server
X-HA-Application-Name
X-ATG-Version
X-Request-Url
X-HA-Bot-Classification
X-Fastly-Cache-Status
X-Wp-Cf-Super-Cache-Active
True-Client-Ip
X-Proxy-Cache-LA2
X-Th-Server
Cr
X-Elasticpress-Query
X-HA-Device-Type
X-Var-Ttl
My-App
X-DC
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-X-True-TTL
X-TIM-N
Content-Secure-Policy
X-Styx-Origin-Id
X-Styx-Info
Ngx
Cf-Ipcountry
X-Ramcache
Ohc-Cache-HIT
Cneonction
Host-Name
X-Cache-TTL-Remaining
X-Platform-Server
Bxuuid
X-VServer
Bxpunish
X-Env
X-Sucuri-Id
X-Beacon
Warning
FSS-Proxy
X-Fastly-Cache-Hits
X-Mg-Cache
Ohc-File-Size