Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Cf-Request-Id
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
X-CDN
Access-Control-Expose-Headers
Content-Encoding
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Request-ID
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-Litespeed-Cache
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
X-Server-Id
EagleEye-TraceId
X-Cache-Lookup
X-Host
X-Country-Code
X-Backend-Server
Surrogate-Control
X-LiteSpeed-Cache
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Ruxit-JS-Agent
X-Response-Time
Cache-Tag
P3p
X-Amz-Server-Side-Encryption
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Ua-Device
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Fastly-Restarts
Request-Id
X-Content-Type
X-Application-Context
X-Clacks-Overhead
X-Times
X-TtlSet
X-Vname
X-PC
Rating
X-Cnection
X-Edge
X-Midtier
X-Mcache
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Nf-Request-Id
X-Country
X-FTR-Expires
X-Cache-TTL
Edge-Control
X-Vcap-Request-Id
X-Browser-Type
Accept-Ch-Lifetime
X-ESI
Surrogate-Key
Origin-Trial
X-FastCGI-Cache
X-Ac
X-Powered-By-Plesk
X-Element-Page-Cache
X-D2id
X-NWS-LOG-UUID
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Abt-Application-Version
X-Oneagent-Js-Injection
Verso
X-Upstream
X-B3-TraceId
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Navigation-Version
X-ECACHE
X-Amz-Rid
Nginx-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Display
X-Middleton-Display
Pagespeed
X-Sol
X-GitHub-Request-Id
X-Language
Akamai-GRN
X-Envoy-Decorator-Operation
Response
X-Middleton-Response
X-Url
S
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
Edge-Cache-Tag
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-MS-InvokeApp
X-Ruxit-Js-Agent
X-Goog-Hash
X-Ratelimit-Limit
X-Resp-Is-Stale
X-Edge-Location-Klb
X-Kinsta-Cache
X-Client-IP
X-Distributor
X-Ser
X-ARC
SPRequestGuid
SPRequestDuration
X-SharePointHealthScore
SPIisLatency
X-NGENIX-Cache
Access-Control-Request-Method
X-Content-Digest
X-Ezoic-Cdn
Front-End-Https
X-Ttl
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Recruiting
RTSS
X-Amzn-Trace-Id
X-Cache-Key
X-Version
Cache-Status
X-Powered-CMS
X-Mg-S
X-T
Public-Key-Pins
Fastcgi-Cache
TP-Cache
X-MSEdge-Ref
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Accel-Expires
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Ismobilevalue
Realpath
Cache-Tags
AR-CACHE
X-Cached
X-Cluster-Name
X-Correlation-Id
X-Id
X-Forwarded-For
X-Fastly-Request-ID
X-Content-Security-Policy-Report-Only
X-HS-Combine-CSS
X-Request-Processing-Time
X-Request-Received
Content-MD5
X-Kong-Upstream-Latency
X-Ua-Browser
X-Kong-Proxy-Latency
Payment
X-DIS-Request-ID
X-RateLimit-Remaining
X-Newrelic-App-Data
X-HP-Trace-Id
X-GUploader-UploadID
X-Cambria-Cache-Control
X-HP-Webp
X-Jurisdiction
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Azure-Ref
X-Server-Name
X-Xrds-Location
YJS-ID
Content-Disposition
Ar-SID
X-Webkit-Csp
X-Amz-Replication-Status
X-Ratelimit-Remaining
Count-Hit
X-Request-Device-Id
X-TTL
X-Px
X-CST
X-Origin-Server
X-Unique-Id
X-Page-Id
X-Ratelimit-Reset
Cleartype
Cross-Origin-Embedder-Policy
Accept-Charset
X-Az
X-FB-Debug
X-AppVersion
X-Logged-In
X-SERVER-NAME
X-SRCache-Fetch-Status
X-COUNTRY
X-SRCache-Store-Status
X-Proxy
X-VARITI-CCR
X-Activity-Id
X-Rid
X-Protected-By
X-Git-Hash
X-Request-Handler-Origin-Region
X-Www-Served-By
X-Microsite
X-Amz-Meta-S3cmd-Attrs
Cross-Origin-Resource-Policy
X-LLID
MicrosoftSharePointTeamServices
X-Goog-Metageneration
X-ORACLE-DMS-ECID
X-Template
X-Load-Cache
Version
X-Varnish-Backend
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Forwarded-Proto
X-Hits
Server-Node
X-Geo-Country
Server-Name
X-Upgrade-Enabled
X-PressLabs-Stats
X-Hostname
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-B3-Sampled
X-Content-Options
X-Varnish-Grace
Viewport
X-App-Server
Mrf-Cache-Status
MRF-Tech
X-Frontend
X-B3-TraceId-Primal
X-WebKit-CSP-Report-Only
Fastly-SWR
Fastly-SIE
Section-Io-Cache
X-TT
X-Grace
X-Fb-Rlafr
Alternate-Protocol
X-B
Access-Control-Allow-Method
X-Varnish-Server
X-Device-Type
X-Status
Healthy
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Request-Guid
X-Goog-Storage-Class
Upgrade-Insecure-Requests
TCN
DC
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
Host
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-Contextid
X-URL
AKAMAI-GRN
X-Cache-Age
X-Tt-Trace-Host
Retry-After
X-Tt-Trace-Tag
X-Buckets
X-Cache-Control
MS-Author-Via
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
X-App-Version
X-Debug
X-Origin-CC
X-Origin-TTL
X-Type
X-Revision
Frame-Options
X-Varnish-Ttl
X-Original-Request-Id
X-Instance
X-Response-Served-From
X-Backend-Name
SD-X-WS
X-Seen-By
Cross-Origin-Opener-Policy-Report-Only
X-Is-Bot
X-WP-CF-Super-Cache
X-Yottaa-Metrics
X-UUID
X-Rendered-As
X-Yottaa-Optimizations
Cross-Origin-Embedder-Policy-Report-Only
X-WP-CF-Super-Cache-Cache-Control
X-NYM-Debug-Backend
X-Tec-Api-Root
X-Vcl-Version
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tumblr-Pixel
X-ServerID
X-Adobe-Content
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-INCAP-ABP
X-Adobe-Loc
X-Akamai-Edgescape
X-Hl-Ver
X-N
X-ProcessESI
X-Cache-Status-Check
X-Tumblr-User
X-RemovedCookies
X-Mg-Request-UUID
X-Akamai-Request-ID2
X-Content-Powered-By
X-RM-Cache-TTL
MS-CV
X-Mobile
X-Server-W
X-Debug-IsPreview
X-Framework
X-Lambda-Id
Ms-Operation-Id
X-RTag
X-Debug-IsConnected
X-Trace-Id
Access-Control-Request-Headers
X-G
X-Requestid
X-Storage
NGB
Charset
X-AB
X-Request-Bu
VIX-Pulpo-Upstream-Status
Section-Io-Id
X-Request-Site
VIX-Pulpo-Node
X-Request-Platform
Webserver
X-Dc
Filterid
X-DataDome
Cache
X-Cache-Hit
Accept-Language
X-Cache-Time
Refresh
X-B3-SpanId
Paypal-Debug-Id
SRV
X-Ms-Version
X-Ms-Request-Id
X-Time
X-Real-IP
X-Region
Onion-Location
X-Node-Name
X-VC-Cache
X-User-Agent
X-HITS
X-F-Cache
Priority
AR-SID
X-IPS-LoggedIn
X-Hcs-Proxy-Type
X-Pass-Why
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Cache-Expired-At
Liferay-Portal
Cross-Origin-Window-Policy
X-Yandex-Req-Id
X-Wormhole-Sdk
Xet-Cookie
Protected
X-HTML-Minification-Powered-By
X-LB-Cache
CDN-RequestId
X-NF-Request-ID
GEO-INFO
X-Whom
X-Rocket-Nginx-Serving-Static
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Mode
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Fastcgi-Cache
X-L-Path
X-Environment-Context
Backend
YJS-CacheStatus
X-Drupal-Cache-Tags
X-Rule
X-Service
X-Handled-By
X-WP-CF-Super-Cache-Active
Country
X-Tb
Filters
X-IPLB-Instance
X-Zipkin-Id
ServerID
Meta-Geo
X-IPLB-Request-ID
Property-Id
X-Wix-Request-Id
X-Vcache
TWC-GeoIP-DMA
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-City
ServedBy
TWC-Privacy
TWC-GeoIP-Region
X-Is-Desktop
X-Cloudmap
X-Browser-Name
X-Proxied
X-Loop
Webcakes-App-Version
Webcakes-Region
X-Is-Mobile
X-Is-Modern-Browser
X-Origin-Hint
X-Detected-As
X-MP-GENERATED-AT
X-XRDS-Location
X-JoinUs
X-Is-Supported-Browser
X-Is-Tablet
Webcakes-App-Name
X-Rewrite-Enabled
X-Tcp-Rtt
TWC-Locale-Group
X-Servername
X-Tncms
X-FB-TRIP-ID
X-UPSTREAM-Address
X-Proxy-Cache-Info
X-Extlb
Web-Mar-Node
X-App-Environment
X-Rn-Rsrv
Url
OT-Force-Account-Verify
X-Routing-Service
X-Geo-Region
X-SaId
X-Locale
X-Hit
X-Generation-Time
X-Httpd
X-Hosted-By
X-Cache-Action
X-Restarts
X-Redis-Cache
Uber-Trace-Id
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Varnish-Beresp-Grace
X-Adobe-Source
X-Cache-Host
X-Connection-Hash
Mn-Server-Ip
X-Cms-Context
X-Cluster-Node
X-Cluster
X-Origin-Date
Expiry
X-Storefront-Renderer-Rendered
X-Soup
X-ECache
X-ProxyCache-Status
Environment
X-Cacheable-TTL
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-FW-Dynamic
X-Fetched-On
X-Format
X-Director
X-Skip-Cache
X-Shopify-Stage
DB-Nickname
X-ProxyCache-Key
X-FW-Static
X-Cdn-Origin
X-FW-Server
X-RCS-CacheZone
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Version
Atl-Traceid
X-Logging-Id
Apigw-Requestid
X-Alternate-Cache-Key
X-BYPASS-REASON
X-Forwarded-Host
X-Debug-Info
X-S
X-Say-Cacheable
X-Scope-Id
Cache-Hits
X-Say-TTL
Selected-Fe
X-Proxy-Build
X-Endurance-Cache-Level
X-Timing-Wait
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Drupal-Cache-Contexts
X-SayCDN-TTL
X-Edge-Location
Fastcgi-Useragent
X-Labrador-Cache-Channel
LB
X-Served-From
X-PHP-Host
X-Web-Node
X-VC
X-Origin
X-Origin-Cache
X-VCT
X-Cache-Debug
X-Is-Mobile-Only
X-Auth-Group-Type
X-R9-Blue-Green-Version
Request-ID
X-Server-ID
X-No-Session
X-NewRelic-App-Data
X-Sorting-Hat-ShopId
X-Provided-By
X-Sorting-Hat-PodId
X-ShopId
X-Mly-Id
X-ShardId
X-GEO
X-Presslabs-Stats
X-Api-Version
X-Platform
Front
Node
Xserver
X-Varnish-Age
X-Webkit-CSP
X-CLOUD-TRACE-CONTEXT
X-WP-CF-Super-Cache-Cookies-Bypass
X-CDN-Cache-Status
Cache-Tv-Group
X-Lagoon
X-CDN-Forward
X-Varnish-Cache-Hits
X-Generated-By
Countrycode
X-UA
WPO-Cache-Status
X-SRV
X-Varnish-Beresp-Ttl
X-Optimistic-Header
X-Site-Version
X-B-Cache
X-Fastly-Request-Id
X-Signature
X-B3-Traceid
X-Ua
X-CACHE-AGE
X-Webstats-RespID
X-NWS-UUID-VERIFY
Cache-Provider
X-Tt-Logid
X-Azure-Ref-OriginShield
Referer-Policy
From-Origin
AMP-Access-Control-Allow-Source-Origin
X-Accel-Version
X-PHP-Backend
X-Worker
X-VC-TTL
X-Source
Location
X-TA-CDN-Provider
X-IsAdmin
X-Xfnlog-Site
X-Cache-Rule
X-Auto-Login
X-Cache-Operation
X-Sucuri-Cache
Source
X-Reqid
X-Tx-Id
X-Ee-Origin
X-Hash
X-Ee-Request-Date
Expect-Staple
Gh-Request-Id
Fl-Custom-Application
Fastly-SSL
X-Ec-Fail
Wxu-Next-Hostname
Ha-Gx-Prefs
Host-ID
X-Developer
X-Action
X-Aed
X-Ec-GeoHdr
X-Ee-Generated-By
X-Ee-Request-Id
X-Micro-Cache
X-A-Dgt
X-Loc
Redirect-Candidate
Wxu-Next-Region
X-A-Ccd
X-A-Dam
X-A-Dcw
Candidate-Md5Url
Cluster
DCR-Processing-Time-Ms
X-A-Wwc
X-Ig-Origin-Region
IsBot
X-Fmm-Version
X-Ig-Push-State
DCR-Decision-By
X-HS-Content-Campaign-Id
L5d-Success-Class
X-Eu-Site
N-Cache
X-Forwarded-Site
X-External-Request-Id
X-CGP
X-Clientip
X-Node-Id
X-Cms-Device
RNT-Time
X-Cache-NE
X-Bug-Bounty
Pragrma
X-GeoCountry
RNT-Machine
X-FC-Vary-Parameters
Origin
Odigeo-Trace-Id
X-Bl-Debug
X-BCube-Filmed-By
Ngx.Var.Host
X-B-Cookie
X-A
X-ApacheServer
X-From
Time-Cloud-Cache
Lang
Web-Mar-Region
Rendered-Blocks
Wxu-Next-Commit
X-GeoCode
X-D
Store-Cloud-Cache
X-Application
MD5-Digest
Meta-Geo-Continent
X-Conf
Log-Origin
Sslversion
X-Csrf-Jwt
X-Core-Value
X-Content-Age
X-Destination
X-Old-Content-Length
X-V-Cache
X-Save-Cache
X-Slack-Shared-Secret-Outcome
X-Viewer-Country
X-Vtex-Remote-Cache
X-Vdms-Version
X-Vary-Devices
X-Policy
X-Slack-Backend
X-SIPLIST1
X-Varnish-Hostname
X-Pubstack
X-Req
X-PERF
X-Tb-Optimization-Total-Bytes-Saved
X-ScT
Xc-Version
X-Rojux
X-Request-URI
X-SD-PageType
X-Org
CF-IPCountry
X-S-Cookie
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-NGINX-Cache
X-Litespeed-Cache-Control
S-Rt
X-Gen-Mode
RewriteTestHook
X-Generated-On
ServerName
Server-Host
X-SRCache-Key
RewriteTeamHook
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Section
Mail-Subject
X-SB
X-Sigma
NM-Fastcgi-Cache
X-GeoIP-City
X-Sigma-Backend
X-Gdpr
Nord-Request-ID
Origin-Site
X-Varnish-Authentication
X-Via-Fastly
X-CacheTTL
X-Contensis-Viewer-Groups
X-Fastly-Backend
X-Cache-Aspx
X-Block-Status
X-VG-WebCache
X-Content-Length
X-Date
X-Epic-Correlation-Id
X-CUA
X-Dispatcher-Server
X-Depends
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-VG-TLSProxy
X-Bc-Bl
X-Uri
X-Varnish-Beresp-Status
X-AB-Test
X-Up
We-Hiring
User-Cache-Control
V-Age
X-Accel-Expires-Debug
X-Access
X-App-Name
X-Backend-Instance
X-VarnishDD-TTL
X-AK-Request-ID
X-Varnish-Director
X-Aicache-OS
X-Gamma-Serve
PFcat
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-Cache
CDCHOST
Cache-Contol
Canary
CDN-RequestCountryCode
CDN-RequestPullCode
X-Level-Front-Cache
X-Jungle-Id
Cdnsip
Cdncip
CDN-RequestPullSuccess
CDN-Uid
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Origin-Time
X-Path
X-Origin-Expires
X-NMSegId
X-Op-Id-All
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Upstream-Ht
Apple-News-Services-Handled
Apple-News-Services-Host
X-Men
WPO-Cache-Message
X-Upstream-Ct
X-PAYTM-SRV-ID
Cmsid
X-Proto
X-Ion-Healthy
Country-Code
Gannett-Cam-Experience-Id
X-HN
Content-Script-Type
X-Rocket-Build-Number
X-Internal-TTL
Content-Style-Type
X-Render-Time
X-Region-Sid
Cmstype
X-Ion-Hop
X-GoCache-CacheStatus
X-Hnp-Log
X-Frame-Option
X-Client-Ip
X-Moov-Xdn-Caching-Status
X-Moov-T
Fastly-Backend-Name
X-Vmg-Version
X-We-Are-Hiring
X-Edge-Server
X-Cache-Id
X-Cs
DSUID
X-Thanos
X-Human
X-Server-IP
X-Cache-FS-Status
X-Cache-Date
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-DPWN-IS-SECURE
X-Esi-Check
X-Gzip
Powered-By
X-DefHash
X-Mvc-Supplant-OutputCached
X-Ec-Custom-Error
Machine
X-Moov-Xdn-Version
Sid
X-Bip
X-Shield-Cache-Expires
X-Sucuri-ID
XM
X-DefElseHash
X-B3-Trace-ID
Producers
Cdn-Request-Time
X-UA-Device-Type
Cdn-Host
Platform
L
X-Varnish-CookieHashed-On
X-BBC-Edge-Cache-Status
Release
X-Thinkindot-L3
Thinkindot-CacheControl
TDXMobile
X-Sn-Servicetimems
Thinkindot-CacheControl-Type
X-Thinkindot-L1
X-FORWARDED-FOR
Req-Svc-Chain
Origin-EX
X-Air-Pt
Azure-SlotName
X-Varnish-Remaining-TTL
Azure-SiteName
X-Acquia-Purge-Cdn-Unconfigured
Origin-Agent-Cluster
Azure-InstanceId
X-Amz-Storage-Class
Azure-RegionName
X-Varnish-CookieINHashed-On
CacheControlHeader
Azure-Version
Origin-CC
X-Akamai-Device-Characteristics
X-Location
X-LSADC-Cache
X-Parent-Response-Time
X-Vercel-Id
X-ND-Cache
X-Proxied-Request
Pics-Label
X-ElasticPress-Query
Vix-Hermes-Req-Id
X-SVT-ORM-VERSION
X-Vercel-Cache
X-SVT-ORM-RULES
Tube-Get-Contents
X-TT-LOGID
Tube-Got-Eval
Tube-Got-Results
C-Via
Click-Count-Action-Start
Fastly-GeoIP-CountryCode
Click-Count-Error
Tube-Return
X-Pad
X-Origin-Response-Time
Fastly-Drupal-HTML
Debug
Mime-Version
NGX
CloudFront-Viewer-Country
X-Datadome
X-Refresh
X-Via-Popv
X-Via-Popn
X-Varnish-Hits
X-Nananana
X-Via-Poph
X-APP
X-Cached-By
X-ZONE
Cookie
X-TH-Server
Product
X-HA-Backend
HA-Ipaddr
GeoIp-Country-Code
X-AIR-PT
X-DynaTrace-JS-Agent
GeoIP-Latitude
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
X-Zone
X-Litespeed-Tag
X-Cache-VC
Server-ID
X-Srv
X-Nginx-Cache-Key
Load-Balancing
X-Cdn-Forward
Server-Ext
Server-Hostname
True-Client-Country-4JS
Edge-Cache
Sever-Int
X-Debug-Service
X-User
X-GeoIP
X-LB-ID
MIME-Version
HostName
Show-Do-Not-Sell-Link
Fastly-Drupal-Html
WZWS-RAY
X-Nc
X-Fpc
DataCenter
X-Wa
X-Cache-Backend
Cdn
Tcn
X-B3-Parentspanid
X-Unity-Cache
SID
Lb
Akamai-Mon-Iucid-Del
Resin-Trace
X-LB-NoCache
X-Lsadc-Cache
Traceparent
X-Newrelic-Synthetics
X-RateLimit-Limit
X-Vc
X-Ez-Minify-Html
X-Request-Start
X-Scheme
X-VCL-Version
Wsr-Cache
Surrogated-Key
X-Nginx-Cache
X-B3-Spanid
X-TX-ID
Sm-Log-Id
Yjs-Id
X-Service-Response-Time
X-Pool
X-CS
NtCoent-Length
Serverhost
X-HOST
X-NodeID
X-Request-Host
X-CDN-Provider
X-Datacenter
X-Proxy-Cache-La3
Xkeylog
X-Proxy-CacheR9
XkeyR9
Xkey-La3
CountryCode
X-RequestId
X-Vgn-Hpd-Reason
A
X-LiteSpeed-Tag
Hostname
X-HubSpot-Correlation-Id
X-Cache-Grace
X-WA
N1-Cache
Cdn-Requestid
X-DataCenter
Cs
CDN
X-NC
Datacenter
X-DynaTrace
X-LiteSpeed-Cache-Control
X-API-Version
X-Lb-Id
Yak-Timeinfo
X-Akamai-Pragma-Client-IP
X-Udemy-Cache-App-Namespace
X-CACHE-KEY
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-ID
Uri
X-Dynatrace-Js-Agent
Edge-Copy-Time
X-Fastly-Backend-Reqs
X-FPC
X-Via-CDN
X-Via-Edge
Esi-Enabled
X-Via-SSL
X-Stale
Geoip-Latitude
Server-Id
X-Via-JSL
X-Jobs
X-Geolocation
X-Zen-Fury
X-Html-Minification-Powered-By
X-Srcache-Fetch-Status
X-Varnish-Beresp-TTL
X-Styx-Origin-Id
X-Styx-Info
T-Server
Cr
ServerHost
X-HA-Application-Name
X-HA-Bot-Classification
X-AC
GeoIP-Country-Code
X-Ez-Minify-Js
X-VC-Age
True-Client-IP
X-TimeS
Proxy-Firewall
RATING
Pramga
Req-ID
X-HA-Device-Type
X-Srcache-Store-Status
X-ServedByHost
On-Server
X-Lb-Nocache
Cloudfront-Viewer-Country
From-Cache
X-TIM-N
X-Var-Ttl
WP-Super-Cache
Content-Secure-Policy
X-Swift-Error
X-Cdn-Srv
Srv
X-Esi
X-Oracle-DMS-ECID
X-VTEX-Cache-Time
X-MSEdge-Features
X-VTEX-Cache-Server
X-MSEdge-Flight
X-CSRF-TOKEN
X-Powered-By-VTEX-Cache
X-App
X-Ha-Backend
W
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Via-PopV
X-Ssense-Gql
FSS-Cache
X-Via-PopN
X-Correlation-ID
X-Via-PopH
X-Fastly-Cache
X-Proxy-Cache-LA2
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Elasticpress-Query
X-Geo
X-Cdn-Cache-Status
Ngx
X-Sucuri-Id
CF-Cached-On
X-Check-Cacheable
X-Shopid
X-WA-Info
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Web-Server
X-Ramcache
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
X-Shardid
Cl-Cache
X-Webkit-Csp-Report-Only
Coldstone-Viewer-Currency
WebServer
X-VServer
X-Serial
X-DC
Ohc-File-Size
X-Key
X-ATG-Version
X-Th-Server
Akamai-X-True-TTL
Ohc-Cache-HIT
Cf-Ipcountry
Warning
URI
Xkey-G-Jp
FSS-Proxy
BehaviorPad-Version
Cneonction
X-Fastly-Cache-Hits
X-Mg-Cache
Host-Name
X-Request-Url
X-Fastly-Cache-Status
X-Env
User-Agent