Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
Cf-Request-Id
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
X-Vhost
X-Cache-Group
X-Amz-Version-Id
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
P3p
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-LiteSpeed-Cache
X-FTR-Request-ID
X-Litespeed-Cache
X-Device
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Ruxit-JS-Agent
X-Server-Id
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-Country
Fastly-Restarts
X-TraceId
Request-Id
X-Clacks-Overhead
X-Content-Type
X-Application-Context
X-PC
X-TtlSet
X-Vname
Rating
X-Times
X-Cnection
X-Cache-TTL
X-ESI
X-Browser-Type
X-Mcache
X-Midtier
X-Edge
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-Ac
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Exp-Id
X-Abt-Application-Version
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Element-Page-Cache
X-NWS-LOG-UUID
X-D2id
Verso
X-FastCGI-Cache
X-Upstream
X-ECACHE
X-ORACLE-DMS-RID
X-Amz-Rid
X-Mod-Pagespeed
Nginx-Cache
X-Navigation-Version
X-Nf-Request-Id
X-B3-TraceId
Display
Pagespeed
X-Middleton-Display
X-Sol
X-GitHub-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Client-IP
Pinterest-Generated-By
X-Middleton-Response
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
Response
X-Kraken-Loop-Name
X-Language
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
S
Edge-Cache-Tag
X-Goog-Hash
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-ARC
Akamai-GRN
X-MS-InvokeApp
X-Resp-Is-Stale
X-Ua-Device
X-Ser
X-Edge-Location-Klb
X-Kinsta-Cache
X-Content-Digest
X-Distributor
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
SPRequestGuid
X-SharePointHealthScore
Front-End-Https
X-Dw-Request-Base-Id
X-Cache-Key
X-Ezoic-Cdn
X-NGENIX-Cache
X-Recruiting
X-Url
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Version
X-Forwarded-For
Public-Key-Pins
X-T
X-MSEdge-Ref
X-Ttl
TP-Cache
Fastcgi-Cache
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Mg-S
X-Accel-Expires
X-Server-Name
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ismobilevalue
X-Fastly-Request-ID
Realpath
X-Varnish-TTL
X-Cluster-Name
Cache-Tags
X-Correlation-Id
X-Cached
X-Id
AR-CACHE
X-CST
X-Newrelic-App-Data
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Ua-Browser
X-DIS-Request-ID
X-TTL
Payment
X-Kong-Proxy-Latency
X-Xrds-Location
X-Kong-Upstream-Latency
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
Content-MD5
X-Ratelimit-Remaining
X-ORACLE-DMS-ECID
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-HS-CF-Cache-Status
X-HS-Prerendered
Content-Disposition
X-Oneagent-Js-Injection
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-RateLimit-Remaining
X-Webkit-Csp
X-PressLabs-Stats
X-Px
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Cross-Origin-Resource-Policy
X-Page-Id
X-Unique-Id
Cleartype
Accept-Charset
X-Logged-In
X-Ratelimit-Reset
X-Ruxit-Js-Agent
X-Proxy
X-Request-Handler-Origin-Region
X-Git-Hash
X-Microsite
X-Protected-By
X-FB-Debug
X-Az
X-Activity-Id
X-Rid
X-Origin-Server
X-AppVersion
X-Load-Cache
X-Www-Served-By
X-VARITI-CCR
Cross-Origin-Embedder-Policy
X-LLID
X-Hits
X-Goog-Metageneration
X-URL
X-Template
X-Varnish-Backend
X-Server-ID
MicrosoftSharePointTeamServices
Version
X-Forwarded-Proto
Server-Node
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
Server-Name
X-Upgrade-Enabled
YJS-ID
X-Amzn-RequestId
X-Amz-Apigw-Id
Ar-SID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Varnish-Ttl
X-NF-Request-ID
X-Hostname
X-Frontend
X-Content-Options
X-Varnish-Server
X-B3-Sampled
X-SERVER-NAME
Section-Io-Cache
X-App-Server
Viewport
X-Varnish-Grace
X-TT
X-Status
AKAMAI-GRN
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Device-Type
X-Grace
X-B
X-Fb-Rlafr
Access-Control-Allow-Method
Fastly-SIE
Fastly-SWR
Alternate-Protocol
TCN
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Request-Device-Id
Upgrade-Insecure-Requests
Healthy
X-Cache-Age
X-Tt-Trace-Tag
Host
X-Wormhole-Sdk
X-Request-Guid
X-Tt-Trace-Host
X-Magnolia-Registration
X-Buckets
X-EdgeConnect-Cache-Status
X-CSRF-Token
DC
Amp-Access-Control-Allow-Source-Origin
Retry-After
AR-SID
X-WebKit-CSP-Report-Only
X-Debug
X-Amzn-Remapped-Content-Length
X-Contextid
X-Cache-Control
MS-Author-Via
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Revision
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Original-Request-Id
X-Instance
X-Response-Served-From
X-Adobe-Content
Cross-Origin-Opener-Policy-Report-Only
X-Fastcgi-Cache
X-Type
X-Vcl-Version
X-Is-Bot
X-Adobe-Loc
X-NYM-Debug-Backend
Cross-Origin-Embedder-Policy-Report-Only
X-Rendered-As
X-G
Access-Control-Request-Headers
X-Backend-Name
X-Yottaa-Metrics
X-Mobile
X-Lambda-Id
X-Akamai-Edgescape
X-Origin-CC
Section-Io-Id
X-Origin-TTL
SD-X-WS
X-Yottaa-Optimizations
X-Debug-IsPreview
X-Tumblr-Pixel
Charset
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-UUID
X-Debug-IsConnected
X-Content-Powered-By
X-Seen-By
X-Hl-Ver
X-Mg-Request-UUID
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Hit
X-Server-W
X-ServerID
X-Trace-Id
X-Storage
NGB
X-Framework
Ms-Operation-Id
X-INCAP-ABP
X-RTag
X-ProcessESI
X-Dc
MS-CV
X-RM-Cache-TTL
X-RemovedCookies
X-Akamai-Request-ID2
X-App-Version
X-COUNTRY
X-AB
X-N
X-Cache-Time
X-Cache-Status-Check
Filterid
Refresh
X-DataDome
X-Time
Frame-Options
X-Request-Site
X-Request-Platform
X-Request-Bu
Protected
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Cache
Accept-Language
X-Region
X-Real-IP
SRV
X-Node-Name
Webserver
X-LB-Cache
CDN-RequestId
Paypal-Debug-Id
X-B3-SpanId
Onion-Location
X-User-Agent
Cross-Origin-Window-Policy
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Ms-Version
X-Ms-Request-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Whom
Liferay-Portal
X-VC-Cache
Priority
X-Cache-Expired-At
X-F-Cache
X-IPS-LoggedIn
X-Mode
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
X-Rocket-Nginx-Serving-Static
X-Requestid
X-Proxy-Cache-Info
X-VC
X-HTML-Minification-Powered-By
Backend
Xet-Cookie
GEO-INFO
X-App-Environment
X-Tb
X-Pass-Why
X-Cacheable-TTL
X-L-Path
X-Environment-Context
X-FW-Version
X-Service
X-FW-Type
X-FW-Static
X-Drupal-Cache-Tags
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Routing-Service
X-Rn-Rsrv
Url
X-SaId
X-Servername
Filters
X-Debug-Info
Meta-Geo
X-Detected-As
X-Loop
X-Handled-By
X-MP-GENERATED-AT
X-Proxied
LB
X-Extlb
X-Rewrite-Enabled
X-Cloudmap
X-Vcache
X-JoinUs
X-UPSTREAM-Address
X-Tncms
X-Oracle-Dms-Ecid
X-Zipkin-Id
X-Adobe-Source
X-Origin-Hint
X-Origin-Date
TWC-GeoIP-Region
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Property-Id
X-Varnish-Beresp-Grace
X-Format
X-HITS
TWC-GeoIP-DMA
TWC-GeoIP-Country
TWC-Device-Class
X-Forwarded-Host
X-Hit
ServerID
X-IPLB-Request-ID
X-IPLB-Instance
TWC-GeoIP-City
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Director
Webcakes-Region
X-Rule
X-Web-Node
Webcakes-App-Name
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
Fastcgi-Useragent
X-Endurance-Cache-Level
X-Cache-Host
X-Locale
X-Is-Supported-Browser
Country
Webcakes-App-Version
TWC-Connection-Speed
X-Browser-Name
ServedBy
X-Tcp-Rtt
Web-Mar-Node
X-Is-Tablet
X-Restarts
Mn-Server-Ip
X-Skip-Cache
X-Scope-Id
X-ProxyCache-Status
X-ProxyCache-Key
Apigw-Requestid
X-Soup
X-Generation-Time
X-Cdn-Origin
X-Logging-Id
X-Httpd
X-Cluster
X-Cache-Action
X-BYPASS-REASON
X-Cluster-Node
X-Cms-Context
X-Hosted-By
X-Edge-Location
Uber-Trace-Id
Atl-Traceid
Environment
X-Say-Cacheable
X-SayCDN-TTL
X-Redis-Cache
X-RateLimit-Remaining-Second
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
X-Wix-Request-Id
X-Say-TTL
X-S
X-RateLimit-Limit-Second
X-Served-From
X-Connection-Hash
X-Origin
X-Proxy-Build
Expiry
X-Tumblr-Pixel-3
Cache-Hits
X-Auth-Group-Type
X-Mly-Id
X-PHP-Host
X-Fetched-On
DB-Nickname
Selected-Fe
X-Timing-Wait
X-R9-Blue-Green-Version
X-Tumblr-Pixel-2
X-Labrador-Cache-Channel
X-Urbn-Context-Path
X-Source
Locale
X-Urbn-Site-Id
X-ECache
Countrycode
X-Origin-Cache
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-GEO
X-Varnish-Cache-Hits
X-B3-Traceid
X-No-Session
X-RCS-CacheZone
X-VCT
X-Varnish-Age
X-Cache-Debug
Request-ID
Front
X-Yandex-Req-Id
WPO-Cache-Status
X-Is-Modern-Browser
YJS-CacheStatus
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Beresp-Ttl
X-SRV
X-UA
Node
X-CDN-Forward
X-CLOUD-TRACE-CONTEXT
X-Webstats-RespID
X-Lagoon
X-Site-Version
Xserver
X-Api-Version
X-XRDS-Location
X-Platform
X-Provided-By
From-Origin
X-TA-CDN-Provider
X-Generated-By
X-Is-Mobile-Only
X-Azure-Ref-OriginShield
Cache-Provider
Cache-Tv-Group
X-Cdn
X-Accel-Version
Referer-Policy
X-VC-TTL
X-Ua
X-TT-LOGID
X-Xfnlog-Site
X-NewRelic-App-Data
X-CDN-Cache-Status
X-Signature
X-B-Cache
WPO-Cache-Message
AMP-Access-Control-Allow-Source-Origin
X-Sucuri-Cache
X-Reqid
Location
CF-IPCountry
X-Sucuri-ID
X-NWS-UUID-VERIFY
CDN-CachedAt
CDN-Cache
X-Air-Pt
CDN-RequestCountryCode
CDN-EdgeStorageId
X-PHP-Backend
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-PullZone
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Operation
X-Cache-Rule
X-IsAdmin
X-Tx-Id
X-CACHE-AGE
X-Frame-Option
DCR-Decision-By
X-Loc
X-Micro-Cache
Cdnsip
Cdncip
X-Rocket-Build-Number
X-Origin-Expires
X-Ig-Push-State
DCR-Processing-Time-Ms
X-External-Request-Id
X-Ec-GeoHdr
Expect-Staple
X-GeoCode
X-GeoCountry
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
Candidate-Md5Url
X-Rojux
X-Varnish-Authentication
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Vdms-Version
X-VG-TLSProxy
XM
Xc-Version
X-Vtex-Remote-Cache
X-Sigma-Backend
X-Sigma
X-S-Cookie
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-ScT
Apple-News-Services-Handled
X-Section
Fastly-SSL
X-Developer
X-Action
X-Access
X-A-Wwc
Origin
X-Aed
Ngx.Var.Host
Odigeo-Trace-Id
X-Application
Redirect-Candidate
X-A-Dgt
RNT-Machine
X-A
Sslversion
X-A-Ccd
X-A-Dam
Rendered-Blocks
X-A-Dcw
X-Auto-Login
X-B-Cookie
Log-Origin
MD5-Digest
X-Depends
X-Destination
Lang
RNT-Time
Fl-Custom-Application
X-D
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-Bl-Debug
X-BCube-Filmed-By
X-Cache-NE
X-Clientip
Meta-Geo-Continent
X-Conf
X-Ec-Fail
X-AK-Request-ID
X-Fastly-Request-Id
X-Optimistic-Header
X-Content-Age
X-Date
X-DefElseHash
X-DefHash
X-Csrf-Jwt
X-Bug-Bounty
X-CGP
X-Content-Length
X-Ec-Custom-Error
X-CUA
X-Epic-Correlation-Id
X-GeoIP-City
X-GoCache-CacheStatus
X-Hash
X-Internal-TTL
X-Gdpr
X-From
X-Eu-Site
X-Fmm-Version
X-Forwarded-Site
X-Bc-Bl
X-Backend-Instance
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
V-Age
Web-Mar-Region
TDXMobile
ServerName
Origin-CC
Origin-EX
Req-Svc-Chain
Wxu-Next-Commit
Wxu-Next-Hostname
X-Akamai-Device-Characteristics
X-LSADC-Cache
X-Men
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
X-Litespeed-Tag
X-Accel-Expires-Debug
X-BBC-Edge-Cache-Status
X-Moov-Xdn-Version
X-Varnish-Remaining-TTL
X-VG-WebCache
X-We-Are-Hiring
X-Worker
X-Varnish-Hostname
X-Varnish-Director
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Store-Cloud-Cache
Time-Cloud-Cache
X-Ee-Request-Id
X-Save-Cache
X-Vary-Devices
X-Viewer-Country
X-Ee-Request-Date
X-Ee-Origin
X-Cms-Device
X-Core-Value
X-Ee-Generated-By
X-V-Cache
X-Uri
X-Origin-Time
X-Path
X-PAYTM-SRV-ID
X-Pubstack
X-Tt-Logid
X-Old-Content-Length
Origin-Agent-Cluster
X-Node-Id
X-Nyt-Route
X-Region-Sid
X-Req
X-Thinkindot-L1
X-Thinkindot-L3
X-UA-Device-Type
X-Up
X-SRCache-Key
X-Sn-Servicetimems
X-Request-URI
X-SD-PageType
X-Shield-Cache-Expires
X-Moov-T
X-Moov-Xdn-Caching-Status
L5d-Success-Class
Cmstype
Azure-InstanceId
Azure-SlotName
Gannett-Cam-Experience-Id
Azure-SiteName
CDCHOST
L
Cmsid
Ha-Gx-Prefs
Azure-Version
Cluster
Country-Code
DSUID
Azure-RegionName
Gh-Request-Id
X-Vercel-Id
X-Edge-Server
X-Vmg-Version
Fastly-Backend-Name
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-Via-Fastly
X-Wikidot-Backend
RewriteTeamHook
X-Block-Status
X-Bip
RewriteTestHook
X-Cache-Date
X-Cache-FS-Status
X-Vercel-Cache
X-Wikidot-Static-Cache
Cache-Contol
Nord-Request-ID
X-Proto
X-Policy
X-Thanos
X-Org
Cdn-Request-Time
X-Human
Click-Count-Error
X-Op-Id-All
X-SVT-ORM-RULES
Click-Count-Action-Start
X-NMSegId
X-SVT-ORM-VERSION
X-Hnp-Log
X-HN
Content-Style-Type
X-VarnishDD-TTL
X-FC-Vary-Parameters
X-SIPLIST1
X-Gamma-Serve
Content-Script-Type
Cdn-Host
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gen-Mode
X-Fastly-Backend
X-CacheTTL
User-Cache-Control
N-Cache
CacheControlHeader
X-Ion-Healthy
Tube-Return
Tube-Got-Eval
Tube-Got-Results
X-Generated-On
X-AB-Test
Host-ID
X-Render-Time
Mail-Subject
Pragrma
X-Level-Front-Cache
X-Jungle-Id
X-Ion-Hop
C-Via
We-Hiring
X-Debug-Cache-Store
Producers
X-App-Name
Platform
Tube-Get-Contents
PFcat
Server-Host
X-SB
X-B3-Trace-ID
Release
X-PERF
X-Server-IP
NM-Fastcgi-Cache
IsBot
X-Debug-Cache-Fetch
X-Amz-Storage-Class
X-ApacheServer
X-Parent-Response-Time
X-Presslabs-Stats
Fastly-Drupal-HTML
Machine
X-TH-Server
X-Mvc-Supplant-Cachable
X-Location
X-Gzip
X-ElasticPress-Query
Sid
Fastly-GeoIP-CountryCode
Origin-Site
X-Cache-Id
Canary
X-Esi-Check
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
Source
X-Cs
X-Origin-Response-Time
X-Mvc-Supplant-OutputCached
X-Proxied-Request
Product
X-Litespeed-Cache-Control
X-ZONE
X-Pad
Debug
S-Rt
NGX
X-Amz-Meta-Cb-Modifiedtime
X-Refresh
Powered-By
HA-Ipaddr
X-Cached-By
X-Nginx-Cache
CloudFront-Viewer-Country
Vix-Hermes-Req-Id
Mime-Version
X-Via-Poph
X-Via-Popv
X-Cache-VC
X-Via-Popn
X-Upstream-Ht
X-Upstream-Ct
X-Nananana
X-APP
GeoIP-Latitude
X-Datadome
X-NGINX-Cache
X-Varnish-Hits
Pics-Label
X-Servedbyhost
X-HA-Backend
X-ND-Cache
Edge-Cache
Cookie
Server-ID
X-User
X-Ah-Environment
X-LB-ID
X-AIR-PT
X-Cdn-Forward
X-DynaTrace-JS-Agent
X-LB-NoCache
Surrogated-Key
X-Nc
HostName
X-Wa
Akamai-Mon-Iucid-Del
X-Fpc
X-GeoIP
X-Srv
X-Webkit-CSP
MIME-Version
GeoIp-Country-Code
X-Zone
X-Request-Start
DataCenter
X-B3-Parentspanid
WZWS-RAY
SID
X-Scheme
Resin-Trace
X-Unity-Cache
X-Nginx-Cache-Key
Fastly-Drupal-Html
N1-Cache
Yjs-Id
X-NodeID
X-Pool
X-Debug-Service
X-LiteSpeed-Cache-Control
X-Request-Host
X-B3-Spanid
X-RequestId
X-CS
Tcn
X-Cache-Grace
Cdn
Sever-Int
Show-Do-Not-Sell-Link
True-Client-Country-4JS
Server-Hostname
Server-Ext
X-Service-Response-Time
X-DynaTrace
Load-Balancing
Sm-Log-Id
X-Lsadc-Cache
X-VCL-Version
Wsr-Cache
X-Vgn-Hpd-Reason
X-DataCenter
Lb
Yak-Timeinfo
NtCoent-Length
X-FORWARDED-FOR
X-TX-ID
X-Air-Trace-Id
X-Cache-Backend
X-Air-Source
X-Air-Hostname
Traceparent
X-Newrelic-Synthetics
X-Via-Edge
X-HOST
X-Zen-Fury
X-Geolocation
X-Via-SSL
Edge-Copy-Time
X-Datacenter
X-Via-CDN
X-NODE
X-Vc
X-HubSpot-Correlation-Id
X-API-Version
X-RateLimit-Limit
X-Jobs
Req-ID
X-Client-Ip
X-CDN-Provider
X-Cdn-Srv
Cdn-Requestid
X-Fastly-Backend-Reqs
X-WA
X-Html-Minification-Powered-By
CDN
GeoIP-Country-Code
Datacenter
X-LiteSpeed-Tag
X-ID
Serverhost
X-FPC
X-Powered-By-VTEX-Cache
X-NC
WP-Super-Cache
Hostname
X-VTEX-Cache-Server
X-Dynatrace-Js-Agent
Uri
X-Udemy-Cache-App-Namespace
X-VTEX-Cache-Time
X-Webkit-Csp-Report-Only
X-Proxy-Cache-La3
X-Proxy-CacheR9
Xkey-La3
Server-Id
True-Client-IP
X-Akamai-Pragma-Client-IP
XkeyR9
A
Xkeylog
Geoip-Latitude
Coldstone-Viewer-Country-Region-Name
On-Server
T-Server
X-Lb-Id
X-TimeS
X-Stale
X-Ez-Minify-Js
RATING
Coldstone-Viewer-Country
X-WA-Info
Proxy-Firewall
Coldstone-Viewer-Currency
X-Correlation-ID
X-Varnish-Beresp-TTL
X-ServedByHost
X-Swift-Error
X-Lb-Nocache
X-App
X-LAGOON
Esi-Enabled
X-Via-JSL
From-Cache
Srv
ServerHost
X-Oracle-DMS-ECID
CountryCode
WebServer
Cs
Cloudfront-Viewer-Country
BehaviorPad-Version
X-VC-Age
X-Ha-Backend
X-Ez-Minify-Html
X-CSRF-TOKEN
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Web-Server
Cr
X-MSEdge-Features
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-MSEdge-Flight
X-HA-Device-Type
X-Via-PopN
Ngx
X-Via-PopH
X-Styx-Origin-Id
Pramga
X-Fastly-Cache
X-Styx-Info
X-Via-PopV
FSS-Cache
X-HA-Application-Name
X-HA-Bot-Classification
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Shardid
X-Shopid
X-Sorting-Hat-Podid
X-TIM-N
X-Sorting-Hat-Shopid
X-Cdn-Cache-Status
X-Geo
X-Check-Cacheable
X-Var-Ttl
X-Request-Time
Content-Secure-Policy
X-Nitro-Cache
User-Agent
X-Th-Server
W
X-ATG-Version
X-DC
X-Request-Url
X-Elasticpress-Query
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Serial
X-Ramcache
X-Fastly-Cache-Status
X-Wp-Cf-Super-Cache-Active
Akamai-X-True-TTL
X-Proxy-Cache-LA2
True-Client-Ip
My-App
Cf-Ipcountry
X-Fastly-Cache-Hits
Warning
X-Cache-TTL-Remaining
Bxuuid
Bxpunish
X-VServer
X-Beacon
Ohc-Cache-HIT
Cneonction
X-Mg-Cache
Host-Name
Ohc-File-Size
X-Sucuri-Id
FSS-Proxy
X-Platform-Server
X-Env