Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
Cf-Request-Id
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-Cache-Group
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-Device
X-Node
EagleEye-TraceId
X-LiteSpeed-Cache
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Server-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
P3p
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Clacks-Overhead
X-Content-Type
X-Country
X-Application-Context
X-PC
X-TtlSet
X-Vname
X-Times
Rating
X-Cnection
X-ESI
X-Browser-Type
X-Cache-TTL
X-Edge
X-Mcache
X-Midtier
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Expires
Accept-Ch-Lifetime
X-Ac
Origin-Trial
Edge-Control
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Exp-Variant
X-D2id
X-Element-Page-Cache
X-Kinja-Revision
X-Abt-Application-Version
X-Kinja-Server
X-Kinja
X-NWS-LOG-UUID
X-FastCGI-Cache
Verso
X-Upstream
X-B3-TraceId
X-Nf-Request-Id
X-ORACLE-DMS-RID
X-Navigation-Version
X-Mod-Pagespeed
Nginx-Cache
X-Amz-Rid
Display
X-Sol
Pagespeed
X-Middleton-Display
Pinterest-Generated-By
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
X-GitHub-Request-Id
X-ECACHE
X-Language
X-Middleton-Response
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Response
X-Envoy-Decorator-Operation
Akamai-GRN
X-Ratelimit-Limit
X-Ua-Device
S
Edge-Cache-Tag
X-Goog-Hash
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Resp-Is-Stale
X-MS-InvokeApp
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
X-Content-Digest
SPRequestDuration
SPIisLatency
SPRequestGuid
X-Url
X-SharePointHealthScore
Access-Control-Request-Method
X-Cache-Key
X-Dw-Request-Base-Id
X-Ezoic-Cdn
Front-End-Https
X-NGENIX-Cache
X-Recruiting
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Varnish-TTL
X-Ttl
Public-Key-Pins
X-Forwarded-For
X-T
X-Mg-S
Fastcgi-Cache
X-MSEdge-Ref
TP-Cache
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
Cache-Tags
X-Id
X-Cached
AR-CACHE
X-Fastly-Request-ID
X-CST
X-Server-Name
X-HS-Combine-CSS
X-Request-Processing-Time
X-Request-Received
X-Kong-Upstream-Latency
Payment
X-Kong-Proxy-Latency
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-DIS-Request-ID
Content-MD5
X-Xrds-Location
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-Newrelic-App-Data
X-Ratelimit-Remaining
X-TTL
X-Oneagent-Js-Injection
X-HS-CF-Cache-Status
X-Jurisdiction
X-HP-Trace-Id
X-HS-Prerendered
X-HP-Webp
X-Cambria-Cache-Control
Content-Disposition
X-Webkit-Csp
X-RateLimit-Remaining
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-Ruxit-Js-Agent
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Px
X-PressLabs-Stats
X-Page-Id
X-Unique-Id
Cleartype
Accept-Charset
X-Ratelimit-Reset
X-Request-Handler-Origin-Region
Cross-Origin-Resource-Policy
X-Microsite
X-Logged-In
X-Proxy
X-Az
X-Git-Hash
X-Protected-By
X-Activity-Id
X-AppVersion
X-FB-Debug
X-Origin-Server
Cross-Origin-Embedder-Policy
X-Rid
X-VARITI-CCR
X-Www-Served-By
X-Load-Cache
X-LLID
X-Template
X-Goog-Metageneration
YJS-ID
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-SERVER-NAME
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
Version
X-URL
Server-Node
X-Hits
X-Upgrade-Enabled
Server-Name
X-Geo-Country
Ar-SID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Hostname
X-Frontend
X-Content-Options
X-B3-Sampled
Section-Io-Cache
X-Varnish-Server
X-Varnish-Grace
X-Status
X-TT
X-App-Server
Viewport
MRF-Tech
X-Device-Type
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Request-Device-Id
X-Grace
X-B
Fastly-SWR
Fastly-SIE
X-Fb-Rlafr
Alternate-Protocol
Access-Control-Allow-Method
X-Server-ID
TCN
X-Goog-Stored-Content-Length
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
Upgrade-Insecure-Requests
Healthy
X-Request-Guid
X-COUNTRY
X-Tt-Trace-Tag
X-Tt-Trace-Host
Host
X-Magnolia-Registration
Amp-Access-Control-Allow-Source-Origin
X-WebKit-CSP-Report-Only
X-Buckets
X-Varnish-Ttl
DC
X-EdgeConnect-Cache-Status
Retry-After
AKAMAI-GRN
X-Cache-Age
X-Wormhole-Sdk
X-Debug
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Contextid
X-Meli-Trace-Platform
X-Cache-Control
MS-Author-Via
AR-SID
X-Revision
X-WP-CF-Super-Cache-Cache-Control
X-Instance
X-Response-Served-From
X-WP-CF-Super-Cache
X-Original-Request-Id
X-Yottaa-Metrics
X-UUID
X-Yottaa-Optimizations
X-Origin-CC
X-Seen-By
X-Origin-TTL
X-Type
X-Adobe-Loc
X-NYM-Debug-Backend
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-Vcl-Version
X-Rendered-As
X-Adobe-Content
X-Is-Bot
X-Akamai-Edgescape
SD-X-WS
X-Hl-Ver
X-Lambda-Id
X-G
X-Backend-Name
Access-Control-Request-Headers
Section-Io-Id
Charset
X-Framework
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Debug-IsPreview
X-Content-Powered-By
X-Debug-IsConnected
X-Trace-Id
X-Mobile
X-Mg-Request-UUID
X-ServerID
X-RTag
X-App-Version
X-RM-Cache-TTL
MS-CV
X-INCAP-ABP
X-Cache-Hit
NGB
Ms-Operation-Id
X-Server-W
X-Storage
X-ProcessESI
X-Dc
X-N
X-RemovedCookies
X-Akamai-Request-ID2
X-AB
X-DataDome
X-Request-Bu
X-Request-Site
X-Request-Platform
X-Cache-Status-Check
X-Cache-Time
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Frame-Options
Filterid
Refresh
X-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Cache
Protected
X-Fastcgi-Cache
X-B3-SpanId
Accept-Language
X-Region
X-Real-IP
SRV
X-Node-Name
Webserver
CDN-RequestId
X-ECache
Paypal-Debug-Id
Onion-Location
X-User-Agent
X-HITS
X-CCDN-Origin-Time
X-Ms-Request-Id
X-CCDN-CacheTTL
Cross-Origin-Window-Policy
X-Ms-Version
X-Hcs-Proxy-Type
Liferay-Portal
X-LB-Cache
X-Datadog-Sampled
X-Datadog-Trace-Id
X-F-Cache
X-Whom
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-VC-Cache
X-Cache-Expired-At
X-IPS-LoggedIn
X-Requestid
X-HTML-Minification-Powered-By
X-WP-CF-Super-Cache-Active
Priority
X-Mode
X-Rocket-Nginx-Serving-Static
X-Pass-Why
Xet-Cookie
Backend
OT-Force-Account-Verify
X-Oracle-Dms-Ecid
X-Tb
X-Proxy-Cache-Info
X-L-Path
X-VC
GEO-INFO
X-Environment-Context
X-App-Environment
X-Service
X-Cacheable-TTL
X-Drupal-Cache-Tags
Web-Mar-Node
X-Cloudmap
X-Rewrite-Enabled
ServerID
X-Adobe-Source
X-Browser-Name
Url
X-Proxied
X-Handled-By
X-Rn-Rsrv
X-FW-Server
X-Loop
X-Endurance-Cache-Level
X-Extlb
X-MP-GENERATED-AT
X-Is-Tablet
X-Is-Mobile
X-Detected-As
X-Vcache
X-Routing-Service
X-Tncms
X-Servername
Fastcgi-Useragent
X-Is-Desktop
X-UPSTREAM-Address
X-Geo-Region
X-Is-Supported-Browser
X-Debug-Info
X-Tcp-Rtt
X-JoinUs
X-FW-Static
X-FW-Serve
X-FW-Type
X-FW-Version
X-SaId
X-Zipkin-Id
Filters
Meta-Geo
X-FW-Hash
X-FW-Dynamic
TWC-Locale-Group
TWC-Privacy
Property-Id
TWC-GeoIP-Region
TWC-GeoIP-LatLong
X-Storefront-Renderer-Rendered
Webcakes-Region
X-IPLB-Request-ID
X-Varnish-Beresp-Grace
X-Web-Node
Webcakes-App-Name
Webcakes-App-Version
X-IPLB-Instance
X-Shopify-Stage
X-Logging-Id
X-Cache-Host
X-Cdn-Origin
Atl-Traceid
TWC-Device-Class
X-Origin-Hint
TWC-Connection-Speed
X-Restarts
X-Rule
ServedBy
Country
X-Wix-Request-Id
X-Alternate-Cache-Key
TWC-GeoIP-Country
X-Generation-Time
X-Locale
X-Hit
X-Hosted-By
TWC-GeoIP-DMA
X-Forwarded-Host
X-Origin-Date
X-Director
TWC-GeoIP-City
X-Format
LB
Mn-Server-Ip
X-Say-TTL
X-Soup
X-Scope-Id
X-SayCDN-TTL
Uber-Trace-Id
X-Cms-Context
X-Skip-Cache
X-Redis-Cache
X-Say-Cacheable
X-ProxyCache-Status
X-Cluster
X-Cache-Action
X-Cluster-Node
X-Edge-Location
X-ProxyCache-Key
X-Httpd
X-BYPASS-REASON
Apigw-Requestid
Environment
X-Drupal-Cache-Contexts
X-Mly-Id
X-RateLimit-Limit-Second
X-Served-From
X-RateLimit-Remaining-Second
X-PHP-Host
X-FB-TRIP-ID
X-S
X-Labrador-Cache-Channel
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Timing-Wait
X-R9-Blue-Green-Version
X-Connection-Hash
X-Proxy-Build
Expiry
X-Auth-Group-Type
Locale
X-Fetched-On
X-Origin-Cache
DB-Nickname
X-Origin
X-Urbn-Site-Id
Cache-Hits
X-Urbn-Context-Path
Selected-Fe
Countrycode
X-Sorting-Hat-PodId
X-NewRelic-App-Data
X-Sorting-Hat-ShopId
X-GEO
X-ShardId
X-No-Session
X-ShopId
X-RCS-CacheZone
X-VCT
X-Source
YJS-CacheStatus
X-Yandex-Req-Id
X-Varnish-Cache-Hits
X-Cache-Debug
Front
X-Varnish-Age
X-Is-Modern-Browser
X-SRV
X-WP-CF-Super-Cache-Cookies-Bypass
X-UA
X-CLOUD-TRACE-CONTEXT
X-Api-Version
X-Lagoon
WPO-Cache-Status
Xserver
Node
X-XRDS-Location
X-Varnish-Beresp-Ttl
X-Provided-By
X-Webstats-RespID
X-Site-Version
X-CDN-Forward
X-Is-Mobile-Only
X-Generated-By
Cache-Tv-Group
X-Platform
X-Cdn
Cache-Provider
From-Origin
X-TA-CDN-Provider
X-Azure-Ref-OriginShield
X-B3-Traceid
X-Accel-Version
Referer-Policy
X-Fastly-Request-Id
X-CACHE-AGE
X-CDN-Cache-Status
X-Xfnlog-Site
X-B-Cache
X-VC-TTL
X-Signature
X-Ua
Request-ID
X-TT-LOGID
CF-IPCountry
X-NWS-UUID-VERIFY
X-Sucuri-Cache
X-PHP-Backend
WPO-Cache-Message
Location
CDN-RequestCountryCode
CDN-Cache
CDN-RequestPullSuccess
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestPullCode
X-Tx-Id
CDN-Uid
X-Air-Pt
AMP-Access-Control-Allow-Source-Origin
X-Reqid
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Operation
X-Cache-Rule
X-Optimistic-Header
X-Sucuri-ID
X-IsAdmin
X-Tt-Logid
X-Request-URI
Expect-Staple
DCR-Decision-By
X-Bl-Debug
X-Fmm-Version
DCR-Processing-Time-Ms
X-External-Request-Id
X-Forwarded-Site
X-GeoCode
X-HS-Content-Campaign-Id
X-Auto-Login
X-Application
X-Sigma-Backend
X-Core-Value
X-Ig-Origin-Region
X-B-Cookie
Fl-Custom-Application
X-Frame-Option
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-GeoCountry
Fastly-SSL
X-BCube-Filmed-By
X-Ee-Request-Date
X-Cms-Device
X-Conf
X-Clientip
X-Depends
X-Destination
Candidate-Md5Url
X-Contensis-Viewer-Groups
Cdnsip
Cdncip
X-Content-Age
X-D
X-Developer
X-Cache-NE
X-Ee-Origin
X-Ee-Generated-By
X-AK-Request-ID
X-Ee-Request-Id
X-SRCache-Key
Apple-News-Services-Handled
Apple-News-Services-Host
X-Ec-Fail
X-Ec-GeoHdr
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Cache-Aspx
X-Ig-Push-State
X-Vdms-Version
XM
Xc-Version
X-Varnish-Authentication
X-Vary-Devices
X-A
Time-Cloud-Cache
X-A-Dam
X-Micro-Cache
X-A-Ccd
Web-Mar-Region
X-Rojux
X-VG-WebCache
X-Origin-Expires
X-VG-TLSProxy
Rendered-Blocks
X-Viewer-Country
X-S-Cookie
Redirect-Candidate
X-Old-Content-Length
X-Vtex-Remote-Cache
X-Save-Cache
Odigeo-Trace-Id
Origin
MD5-Digest
X-Rocket-Build-Number
Meta-Geo-Continent
Store-Cloud-Cache
RNT-Time
X-Action
Sslversion
X-Aed
X-Sigma
Lang
Log-Origin
X-ScT
X-Access
X-Loc
X-A-Wwc
X-A-Dgt
X-Varnish-Director
Ngx.Var.Host
RNT-Machine
X-A-Dcw
X-Section
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-CGP
X-Content-Length
Wxu-Next-Hostname
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
X-Backend-Instance
X-Acquia-Purge-Cdn-Unconfigured
X-Akamai-Device-Characteristics
X-App-Name
X-Bc-Bl
X-Block-Status
Wxu-Next-Commit
V-Age
X-Thinkindot-L1
Wxu-Next-Region
X-Bug-Bounty
User-Cache-Control
X-Epic-Correlation-Id
X-PAYTM-SRV-ID
X-PERF
X-Node-Id
X-Men
Host-ID
X-ApacheServer
ServerName
X-Req
X-Shield-Cache-Expires
X-Uri
X-V-Cache
X-Level-Front-Cache
X-SD-PageType
X-Varnish-Hostname
Cluster
X-Moov-T
X-Varnish-Remaining-TTL
X-Region-Sid
X-Varnish-Beresp-Status
X-Varnish-CookieINHashed-On
X-Render-Time
X-Varnish-CookieHashed-On
X-Pubstack
X-Policy
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-We-Are-Hiring
X-Nyt-Route
X-Path
X-Origin-Time
X-Jungle-Id
X-Ion-Hop
X-Fastly-Backend
X-Eu-Site
X-FC-Vary-Parameters
X-From
X-Gen-Mode
X-Gdpr
X-Sn-Servicetimems
X-Ec-Custom-Error
X-Date
X-CUA
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefHash
X-DefElseHash
X-Generated-On
X-Thinkindot-L3
X-Human
X-SIPLIST1
X-Up
X-Internal-TTL
X-Worker
X-Ion-Healthy
X-UA-Device-Type
X-Hnp-Log
X-GeoIP-Country-Code
X-GeoIP-City
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hash
X-Csrf-Jwt
X-Aicache-OS
Gannett-Cam-Experience-Id
Nord-Request-ID
Origin-Agent-Cluster
Origin-CC
Azure-Version
Origin-EX
Cache-Contol
CDCHOST
Ha-Gx-Prefs
Cmsid
Gh-Request-Id
IsBot
L5d-Success-Class
L
Cmstype
Azure-SlotName
DSUID
Req-Svc-Chain
Country-Code
RewriteTestHook
RewriteTeamHook
Azure-SiteName
Server-Host
Azure-InstanceId
Azure-RegionName
X-Presslabs-Stats
X-LSADC-Cache
X-Thanos
X-Cache-Id
Content-Script-Type
X-CacheTTL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Content-Style-Type
X-Litespeed-Cache-Control
X-Server-IP
CacheControlHeader
X-Mvc-Supplant-Cachable
X-Edge-Server
Sid
X-Esi-Check
X-Gamma-Serve
X-Gzip
X-NMSegId
X-DPWN-IS-SECURE
Cdn-Request-Time
Click-Count-Action-Start
Cdn-Host
X-Proto
C-Via
X-Cache-FS-Status
Click-Count-Error
X-Vmg-Version
Platform
Pragrma
Producers
Origin-Site
X-VarnishDD-TTL
X-Op-Id-All
X-Cache-Date
NM-Fastcgi-Cache
We-Hiring
X-Via-Fastly
Tube-Get-Contents
N-Cache
X-Org
Tube-Got-Eval
Tube-Got-Results
Release
Tube-Return
Mail-Subject
X-SB
Fastly-GeoIP-CountryCode
X-Wikidot-Backend
X-Wikidot-Static-Cache
Fastly-Backend-Name
X-Bip
X-Vercel-Cache
X-Vercel-Id
PFcat
X-B3-Trace-ID
X-Dispatcher-Server
X-Amz-Storage-Class
X-HN
Machine
X-AB-Test
X-AWS-Id
X-Parent-Response-Time
X-VWS-Id
X-LJ-Flow-ID
X-Origin-Response-Time
X-Proxied-Request
Fastly-Drupal-HTML
X-Mvc-Supplant-OutputCached
X-ElasticPress-Query
X-Location
Source
Canary
X-ZONE
X-Litespeed-Tag
X-Pad
Product
S-Rt
Debug
X-TH-Server
Powered-By
X-NGINX-Cache
X-Cached-By
NGX
X-Refresh
Vix-Hermes-Req-Id
X-Amz-Meta-Cb-Modifiedtime
HA-Ipaddr
X-Cs
X-Upstream-Ct
X-Upstream-Ht
CloudFront-Viewer-Country
X-Nananana
Mime-Version
X-Cache-VC
X-ND-Cache
X-APP
Pics-Label
Cookie
X-Ah-Environment
GeoIP-Latitude
X-Via-Poph
X-Via-Popv
X-Servedbyhost
X-Via-Popn
X-Varnish-Hits
X-Cdn-Forward
Edge-Cache
Server-ID
X-Datadome
X-HA-Backend
X-User
X-Nginx-Cache
GeoIp-Country-Code
X-LB-ID
X-DynaTrace-JS-Agent
X-AIR-PT
MIME-Version
X-Webkit-CSP
X-LB-NoCache
X-Fpc
X-GeoIP
X-Nc
X-Wa
Akamai-Mon-Iucid-Del
Surrogated-Key
X-Request-Start
HostName
X-B3-Parentspanid
X-Srv
WZWS-RAY
X-Zone
X-Scheme
Resin-Trace
DataCenter
X-Debug-Service
X-Unity-Cache
X-Nginx-Cache-Key
SID
X-CS
Fastly-Drupal-Html
Server-Ext
Sever-Int
Server-Hostname
True-Client-Country-4JS
N1-Cache
X-Pool
Load-Balancing
Show-Do-Not-Sell-Link
Cdn
Tcn
X-NodeID
X-Request-Host
X-Lsadc-Cache
X-RequestId
X-VCL-Version
Lb
X-Cache-Backend
X-Cache-Grace
Wsr-Cache
Sm-Log-Id
X-Service-Response-Time
X-DynaTrace
X-Newrelic-Synthetics
X-FORWARDED-FOR
X-B3-Spanid
X-DataCenter
NtCoent-Length
X-Vgn-Hpd-Reason
Yjs-Id
Yak-Timeinfo
Traceparent
X-HOST
X-LiteSpeed-Cache-Control
X-Datacenter
X-TX-ID
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-Air-Trace-Id
X-Air-Hostname
X-NODE
X-Vc
X-Air-Source
X-Geolocation
X-Zen-Fury
Datacenter
X-Client-Ip
X-RateLimit-Limit
CDN
X-HubSpot-Correlation-Id
X-CDN-Provider
X-WA
Hostname
Cdn-Requestid
Req-ID
X-Jobs
X-API-Version
X-LiteSpeed-Tag
Uri
X-Cdn-Srv
X-Udemy-Cache-App-Namespace
X-NC
Xkeylog
Xkey-La3
X-ID
X-Proxy-CacheR9
X-Dynatrace-Js-Agent
X-Proxy-Cache-La3
XkeyR9
X-FPC
Serverhost
X-Fastly-Backend-Reqs
X-Powered-By-VTEX-Cache
GeoIP-Country-Code
X-Html-Minification-Powered-By
True-Client-IP
X-VTEX-Cache-Time
X-Akamai-Pragma-Client-IP
A
Server-Id
WP-Super-Cache
X-VTEX-Cache-Server
X-Lb-Id
X-CSRF-TOKEN
ServerHost
RATING
X-Ez-Minify-Js
X-Stale
T-Server
Geoip-Latitude
X-TimeS
Proxy-Firewall
On-Server
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-Via-JSL
Srv
X-WA-Info
X-Varnish-Beresp-TTL
From-Cache
Esi-Enabled
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Country
X-Ha-Backend
X-ServedByHost
X-Swift-Error
Cs
X-Oracle-DMS-ECID
WebServer
CountryCode
X-Ez-Minify-Html
X-App
Cloudfront-Viewer-Country
X-VC-Age
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache
Pramga
X-HA-Device-Type
X-MSEdge-Flight
X-Ssense-Gql
BehaviorPad-Version
Ngx
X-HA-Application-Name
X-HA-Bot-Classification
X-Ssense-Shipping-Surcharge-Enabled
X-MSEdge-Features
X-Correlation-ID
X-Styx-Origin-Id
Cr
FSS-Cache
X-Styx-Info
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Sorting-Hat-Podid
X-Check-Cacheable
X-TIM-N
Content-Secure-Policy
X-Sorting-Hat-Shopid
X-Shopid
X-Web-Server
X-Geo
X-Cdn-Cache-Status
X-Var-Ttl
X-Shardid
W
My-App
X-Proxy-Cache-LA2
X-Th-Server
X-Request-Url
X-Elasticpress-Query
X-Nitro-Cache
X-Request-Time
X-Sucuri-Id
X-Serial
X-DC
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-X-True-TTL
X-ATG-Version
Cf-Ipcountry
User-Agent
Bxuuid
X-Cache-TTL-Remaining
X-Ramcache
Xkey-G-Jp
Cl-Cache
Bxpunish
Cneonction
X-Env
True-Client-Ip
Host-Name
X-Fastly-Cache-Hits
FSS-Proxy
X-Mg-Cache
X-Fastly-Cache-Status