Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-AH-Environment
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Pingback
X-Dns-Prefetch-Control
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Server-Id
X-Cache-Lookup
X-Backend-Server
X-Country-Code
X-LiteSpeed-Cache
Surrogate-Control
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-HW
X-Response-Time
Accept-Ch-Lifetime
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
P3p
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Application-Context
X-Clacks-Overhead
X-Vname
Rating
X-TtlSet
X-Times
X-PC
X-Country
X-Cnection
X-Ua-Device
X-Mcache
X-ESI
X-Midtier
X-Edge
X-Cache-TTL
X-FTR-Cache-Status
X-FTR-Balancer
X-Browser-Type
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Surrogate-Key
Edge-Control
Origin-Trial
X-FastCGI-Cache
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-D2id
X-Nf-Request-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-NWS-LOG-UUID
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
X-Pinterest-Rid
Pinterest-Generated-By
Display
X-Sol
X-Middleton-Display
Pagespeed
Pinterest-Version
X-GitHub-Request-Id
Akamai-GRN
X-Language
X-Envoy-Decorator-Operation
Response
X-Middleton-Response
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Client-IP
S
AR-Request-ID
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
X-Oneagent-Js-Injection
X-MS-InvokeApp
X-Goog-Hash
X-Ratelimit-Limit
X-Resp-Is-Stale
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-ARC
X-Distributor
X-Url
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
X-Content-Digest
Access-Control-Request-Method
X-NGENIX-Cache
Front-End-Https
X-Ezoic-Cdn
X-Varnish-TTL
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Recruiting
X-Cache-Key
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Version
Public-Key-Pins
X-Ruxit-Js-Agent
X-T
X-Ttl
X-Mg-S
Fastcgi-Cache
TP-Cache
X-MSEdge-Ref
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Webkit-Csp
X-Daa-Tunnel
X-Ismobilevalue
X-Forwarded-For
Cache-Tags
Realpath
X-Cluster-Name
X-Cached
AR-CACHE
X-Correlation-Id
X-Fastly-Request-ID
X-Id
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Content-Security-Policy-Report-Only
X-Ua-Browser
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Newrelic-App-Data
Payment
Content-MD5
X-DIS-Request-ID
X-TTL
X-Server-Name
X-GUploader-UploadID
X-RateLimit-Remaining
X-CST
X-Jurisdiction
X-HP-Trace-Id
X-HS-Prerendered
X-Cambria-Cache-Control
X-HP-Webp
X-HS-CF-Cache-Status
Content-Disposition
X-Azure-Ref
X-Ratelimit-Remaining
Count-Hit
X-Amz-Replication-Status
X-Xrds-Location
X-ORACLE-DMS-ECID
X-Px
YJS-ID
Cleartype
X-Page-Id
Cross-Origin-Embedder-Policy
Accept-Charset
X-Unique-Id
X-Ratelimit-Reset
X-Proxy
X-FB-Debug
X-Origin-Server
X-Logged-In
Ar-SID
Cross-Origin-Resource-Policy
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Az
X-Protected-By
X-Activity-Id
X-AppVersion
X-Www-Served-By
X-Git-Hash
X-VARITI-CCR
X-SERVER-NAME
X-Microsite
X-Request-Handler-Origin-Region
X-Template
X-Goog-Metageneration
X-Rid
X-LLID
X-Load-Cache
MicrosoftSharePointTeamServices
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
X-PressLabs-Stats
Version
X-Request-Device-Id
X-Forwarded-Proto
Server-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Upgrade-Enabled
Server-Name
X-URL
X-Geo-Country
X-Hits
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Hostname
X-COUNTRY
X-Content-Options
X-Frontend
X-Varnish-Grace
Viewport
X-B3-Sampled
X-App-Server
Section-Io-Cache
X-Varnish-Server
X-TT
X-Meli-Trace-Site
X-Meli-Trace-Platform
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Meli-Trace-Bu
X-Device-Type
X-Fb-Rlafr
X-B
Fastly-SIE
Alternate-Protocol
Fastly-SWR
Access-Control-Allow-Method
X-Grace
X-Status
Healthy
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-WebKit-CSP-Report-Only
X-Request-Guid
Upgrade-Insecure-Requests
TCN
Host
X-Magnolia-Registration
DC
X-EdgeConnect-Cache-Status
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-CSRF-Token
X-Buckets
Retry-After
X-Amzn-Remapped-Content-Length
X-Contextid
Amp-Access-Control-Allow-Source-Origin
X-Debug
X-Cache-Control
MS-Author-Via
AKAMAI-GRN
X-Cache-Age
X-NF-Request-ID
X-Revision
X-Type
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Vcl-Version
X-Instance
SD-X-WS
X-Response-Served-From
X-Original-Request-Id
X-Seen-By
X-Hl-Ver
X-Yottaa-Optimizations
Cross-Origin-Embedder-Policy-Report-Only
X-Yottaa-Metrics
X-UUID
X-Rendered-As
X-N
X-NYM-Debug-Backend
X-Is-Bot
Cross-Origin-Opener-Policy-Report-Only
X-App-Version
X-Lambda-Id
X-Backend-Name
X-Adobe-Loc
X-ProcessESI
X-RemovedCookies
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Request-Headers
X-Adobe-Content
X-Storage
X-ServerID
X-Tec-Api-Root
X-Tec-Api-Version
X-Trace-Id
X-Mobile
Charset
Section-Io-Id
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-Framework
Frame-Options
X-Tec-Api-Origin
X-Varnish-Ttl
X-Akamai-Edgescape
NGB
X-INCAP-ABP
MS-CV
X-Mg-Request-UUID
X-RM-Cache-TTL
X-G
X-RTag
X-Server-W
X-Akamai-Request-ID2
X-Origin-CC
X-Origin-TTL
Ms-Operation-Id
X-Dc
X-AB
X-Cache-Status-Check
AR-SID
X-Wormhole-Sdk
VIX-Pulpo-Upstream-Status
X-Oracle-Dms-Ecid
VIX-Pulpo-Node
X-DataDome
X-Cache-Hit
X-Cache-Time
Filterid
Cache
X-Request-Platform
Refresh
Accept-Language
X-Request-Bu
X-Request-Site
X-Server-ID
X-Time
X-B3-SpanId
SRV
X-HITS
X-Requestid
Webserver
X-Real-IP
X-Node-Name
Paypal-Debug-Id
X-Region
Protected
Onion-Location
X-CCDN-CacheTTL
CDN-RequestId
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-VC-Cache
X-Ms-Request-Id
X-Ms-Version
X-User-Agent
X-CLOUD-TRACE-CONTEXT
X-F-Cache
Liferay-Portal
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-LB-Cache
X-Datadog-Trace-Id
X-Whom
X-HTML-Minification-Powered-By
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
X-Pass-Why
X-Datadog-Sampled
Priority
X-IPS-LoggedIn
X-Datadog-Parent-Id
Backend
Xet-Cookie
X-Mode
X-XRDS-Location
X-Environment-Context
X-WP-CF-Super-Cache-Active
X-L-Path
GEO-INFO
X-Service
OT-Force-Account-Verify
X-Rule
X-Handled-By
X-Tb
X-Drupal-Cache-Tags
X-Proxy-Cache-Info
X-Yandex-Req-Id
X-Fastcgi-Cache
X-Servername
X-Cacheable-TTL
X-Is-Mobile
Country
X-Is-Desktop
X-Browser-Name
X-Cloudmap
X-App-Environment
X-Tncms
X-Is-Tablet
X-Is-Supported-Browser
Filters
X-Routing-Service
X-MP-GENERATED-AT
Web-Mar-Node
Url
X-Tcp-Rtt
X-Vcache
X-JoinUs
X-Zipkin-Id
X-Extlb
ServerID
X-Detected-As
X-Rewrite-Enabled
X-UPSTREAM-Address
Meta-Geo
X-Proxied
X-Loop
X-SaId
X-Rn-Rsrv
X-Wix-Request-Id
X-Geo-Region
X-Cache-Host
X-Format
Atl-Traceid
X-Generation-Time
X-IPLB-Instance
X-Cms-Context
ServedBy
X-Adobe-Source
X-Alternate-Cache-Key
Uber-Trace-Id
X-Connection-Hash
X-Director
X-Hit
X-Hosted-By
X-IPLB-Request-ID
X-FW-Serve
X-Restarts
TWC-Locale-Group
TWC-Device-Class
X-Redis-Cache
TWC-GeoIP-City
X-Web-Node
TWC-GeoIP-Region
X-FW-Version
TWC-Connection-Speed
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Expiry
Property-Id
TWC-Privacy
X-Shopify-Stage
X-Origin-Hint
X-FW-Dynamic
X-Locale
X-Skip-Cache
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
X-Tumblr-Pixel-2
X-Logging-Id
X-Storefront-Renderer-Rendered
TWC-GeoIP-DMA
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Varnish-Beresp-Grace
X-Tumblr-Pixel-3
X-Cdn-Origin
X-BYPASS-REASON
X-Soup
X-Scope-Id
X-Cache-Action
X-Httpd
X-Debug-Info
X-ProxyCache-Key
X-ProxyCache-Status
X-Edge-Location
X-Endurance-Cache-Level
X-Forwarded-Host
X-Origin-Date
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Cluster-Node
X-Cluster
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
Mn-Server-Ip
Apigw-Requestid
Environment
Locale
X-S
X-Labrador-Cache-Channel
X-Served-From
X-Drupal-Cache-Contexts
X-Urbn-Site-Id
X-Urbn-Context-Path
Fastcgi-Useragent
X-FB-TRIP-ID
X-PHP-Host
YJS-CacheStatus
X-Proxy-Build
X-Origin
LB
DB-Nickname
X-Auth-Group-Type
X-Fetched-On
Cache-Hits
X-Timing-Wait
Selected-Fe
X-VC
X-Mly-Id
X-Origin-Cache
X-ECache
X-RCS-CacheZone
X-Is-Modern-Browser
X-VCT
X-No-Session
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-ShopId
X-Cache-Debug
X-Sorting-Hat-ShopId
X-ShardId
Front
X-Varnish-Age
X-CDN-Forward
X-GEO
X-Varnish-Cache-Hits
X-NewRelic-App-Data
X-Provided-By
X-WP-CF-Super-Cache-Cookies-Bypass
X-Lagoon
Node
X-Is-Mobile-Only
X-Api-Version
X-UA
Xserver
Countrycode
X-Varnish-Beresp-Ttl
X-SRV
X-Platform
X-Generated-By
WPO-Cache-Status
Cache-Tv-Group
X-CACHE-AGE
X-TA-CDN-Provider
X-Source
X-Site-Version
Referer-Policy
Cache-Provider
X-Presslabs-Stats
X-Webstats-RespID
X-Azure-Ref-OriginShield
X-Cdn
X-CDN-Cache-Status
X-Accel-Version
X-Signature
X-B-Cache
X-Fastly-Request-Id
From-Origin
X-B3-Traceid
X-Ua
X-VC-TTL
X-NWS-UUID-VERIFY
AMP-Access-Control-Allow-Source-Origin
X-Tt-Logid
X-Optimistic-Header
X-PHP-Backend
Location
X-Xfnlog-Site
CF-IPCountry
X-Sucuri-Cache
Request-ID
X-Cache-Operation
X-Cache-Rule
X-IsAdmin
X-Worker
WPO-Cache-Message
CDN-Uid
CDN-RequestPullSuccess
X-Tx-Id
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
CDN-CachedAt
CDN-RequestPullCode
CDN-Cache
X-Reqid
MD5-Digest
Log-Origin
Meta-Geo-Continent
X-Action
Cdnsip
X-Access
Ngx.Var.Host
Lang
Apple-News-Services-Parsed-Url
DCR-Processing-Time-Ms
DCR-Decision-By
Cluster
Expect-Staple
Fastly-SSL
Apple-News-Services-Host
Host-ID
Fl-Custom-Application
Apple-News-Services-Request-Url
Odigeo-Trace-Id
Time-Cloud-Cache
Store-Cloud-Cache
Sslversion
Web-Mar-Region
X-A
X-A-Dam
X-A-Ccd
RNT-Time
X-A-Dgt
Candidate-Md5Url
Origin
Cdncip
Redirect-Candidate
Rendered-Blocks
RNT-Machine
X-A-Wwc
X-A-Dcw
X-Core-Value
X-Rojux
X-Rocket-Build-Number
X-S-Cookie
X-Save-Cache
X-SD-PageType
X-ScT
X-Request-URI
X-Req
X-Micro-Cache
X-Ig-Push-State
X-Node-Id
X-Old-Content-Length
X-PERF
X-PAYTM-SRV-ID
X-Section
X-Sigma
X-VG-WebCache
X-VG-TLSProxy
X-Viewer-Country
X-Vtex-Remote-Cache
XM
Xc-Version
X-Vdms-Version
X-Vary-Devices
X-Slack-Backend
X-Sigma-Backend
X-Slack-Shared-Secret-Outcome
X-Varnish-Authentication
X-Varnish-Hostname
X-Varnish-Director
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Cms-Device
X-Clientip
X-Conf
X-Contensis-Viewer-Groups
Apple-News-Services-Handled
X-Content-Age
X-Cache-NE
X-Cache-Aspx
X-ApacheServer
X-AK-Request-ID
X-Application
X-B-Cookie
X-Bl-Debug
X-BCube-Filmed-By
X-D
X-Depends
X-External-Request-Id
X-Ee-Request-Id
X-Fmm-Version
X-Forwarded-Site
X-GeoCountry
X-GeoCode
X-Ee-Request-Date
X-Ee-Origin
X-Developer
X-Destination
X-Ec-Fail
X-Ec-GeoHdr
X-Ee-Generated-By
X-Aed
X-Auto-Login
X-Sucuri-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Pt
X-TT-LOGID
X-Frame-Option
X-LSADC-Cache
X-Epic-Correlation-Id
X-Eu-Site
X-Hnp-Log
X-Dispatcher-Server
X-Ec-Custom-Error
X-Fastly-Backend
X-FC-Vary-Parameters
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Generated-On
X-Gen-Mode
X-DefHash
X-Gdpr
X-HN
X-DefElseHash
X-Akamai-Device-Characteristics
X-Amz-Storage-Class
X-App-Name
X-Backend-Instance
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
V-Age
X-AB-Test
X-Accel-Expires-Debug
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-CUA
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Csrf-Jwt
X-Content-Length
X-Block-Status
X-Bug-Bounty
X-CGP
X-Human
X-Ion-Hop
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Via-Fastly
X-We-Are-Hiring
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Up
X-Uri
X-Varnish-Beresp-Status
IsBot
N-Cache
X-Org
X-SIPLIST1
X-V-Cache
X-Hash
X-From
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Thinkindot-L3
X-Thinkindot-L1
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Nyt-Route
X-Men
X-Loc
User-Cache-Control
X-Jungle-Id
X-Level-Front-Cache
X-Origin-Expires
X-Origin-Time
X-SB
X-Shield-Cache-Expires
X-SRCache-Key
X-Render-Time
X-Region-Sid
X-Path
X-Policy
X-Pubstack
X-Ion-Healthy
X-Op-Id-All
Cmsid
Cmstype
Country-Code
RewriteTeamHook
RewriteTestHook
Cache-Contol
CDCHOST
Origin-Agent-Cluster
Req-Svc-Chain
DSUID
L5d-Success-Class
PFcat
Nord-Request-ID
L
Ha-Gx-Prefs
Gannett-Cam-Experience-Id
Gh-Request-Id
ServerName
Server-Host
TDXMobile
Azure-InstanceId
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-SiteName
X-AWS-Id
X-Litespeed-Cache-Control
X-LJ-Flow-ID
X-VWS-Id
X-Gamma-Serve
Fastly-GeoIP-CountryCode
X-Proto
X-GeoIP-City
Fastly-Backend-Name
X-Mvc-Supplant-Cachable
X-Gzip
Pragrma
X-Edge-Server
X-DPWN-IS-SECURE
X-Vmg-Version
X-Esi-Check
X-NMSegId
Machine
Mail-Subject
X-Internal-TTL
X-Sn-Servicetimems
C-Via
X-Vercel-Id
X-Vercel-Cache
CacheControlHeader
Release
X-Wikidot-Backend
NM-Fastcgi-Cache
Content-Style-Type
Content-Script-Type
X-Wikidot-Static-Cache
Cdn-Host
Cdn-Request-Time
X-Cache-Date
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Origin-Site
X-Thanos
Click-Count-Error
Source
X-UA-Device-Type
Tube-Get-Contents
X-Server-IP
Click-Count-Action-Start
Platform
Producers
X-Cache-Id
X-CacheTTL
Tube-Got-Eval
X-Cache-FS-Status
We-Hiring
Origin-EX
Origin-CC
X-B3-Trace-ID
Tube-Got-Results
X-Bip
Tube-Return
X-Parent-Response-Time
Powered-By
S-Rt
X-ZONE
Sid
X-Mvc-Supplant-OutputCached
X-Origin-Response-Time
Canary
X-ElasticPress-Query
X-Proxied-Request
X-Location
X-Upstream-Ct
X-Upstream-Ht
X-Pad
Fastly-Drupal-HTML
X-NGINX-Cache
Vix-Hermes-Req-Id
X-Cs
X-Cached-By
CloudFront-Viewer-Country
Pics-Label
X-ND-Cache
NGX
X-Refresh
Debug
Mime-Version
X-Via-Popv
X-Nananana
X-Via-Popn
X-Litespeed-Tag
Product
X-TH-Server
X-APP
X-Via-Poph
X-HA-Backend
HA-Ipaddr
X-Datadome
X-Amz-Meta-Cb-Modifiedtime
X-FORWARDED-FOR
X-Cache-VC
Server-ID
GeoIp-Country-Code
X-Varnish-Hits
X-Client-Ip
Cookie
GeoIP-Latitude
X-Servedbyhost
X-AIR-PT
Edge-Cache
X-User
X-DynaTrace-JS-Agent
X-Srv
X-LB-ID
X-Nginx-Cache
MIME-Version
X-Webkit-CSP
X-Cdn-Forward
X-Nginx-Cache-Key
X-Debug-Service
X-GeoIP
X-Wa
X-Fpc
X-Nc
Load-Balancing
Server-Hostname
Server-Ext
Fastly-Drupal-Html
True-Client-Country-4JS
X-B3-Parentspanid
SID
Sever-Int
X-LB-NoCache
HostName
WZWS-RAY
DataCenter
Akamai-Mon-Iucid-Del
X-Zone
X-Request-Start
X-Scheme
Resin-Trace
Tcn
X-Unity-Cache
Surrogated-Key
Show-Do-Not-Sell-Link
Lb
X-Cache-Backend
X-RateLimit-Limit
Cdn
X-CS
X-Vc
X-Newrelic-Synthetics
Traceparent
X-Service-Response-Time
Sm-Log-Id
X-VCL-Version
X-Lsadc-Cache
X-Pool
X-Request-Host
Wsr-Cache
X-NodeID
X-B3-Spanid
X-RequestId
N1-Cache
X-TX-ID
X-Vgn-Hpd-Reason
X-LiteSpeed-Cache-Control
Yjs-Id
X-Cache-Grace
X-ID
X-DynaTrace
X-Datacenter
NtCoent-Length
Yak-Timeinfo
X-HubSpot-Correlation-Id
X-Ez-Minify-Html
X-HOST
X-DataCenter
X-Proxy-CacheR9
CDN
XkeyR9
Xkeylog
Hostname
Xkey-La3
Edge-Copy-Time
X-Proxy-Cache-La3
X-Via-CDN
Datacenter
X-LiteSpeed-Tag
X-WA
X-Via-Edge
X-CDN-Provider
Serverhost
X-Via-SSL
X-API-Version
X-Udemy-Cache-App-Namespace
X-FPC
X-NC
A
X-Zen-Fury
Cdn-Requestid
X-Air-Trace-Id
X-Air-Source
X-Geolocation
X-Air-Hostname
X-Dynatrace-Js-Agent
CountryCode
Req-ID
X-Fastly-Backend-Reqs
X-Lb-Id
X-Jobs
X-Akamai-Pragma-Client-IP
Cs
Uri
X-Html-Minification-Powered-By
Esi-Enabled
True-Client-IP
Geoip-Latitude
X-Stale
WP-Super-Cache
Server-Id
X-Via-JSL
X-Cdn-Srv
ServerHost
GeoIP-Country-Code
T-Server
On-Server
X-Srcache-Fetch-Status
X-VC-Age
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-Srcache-Store-Status
RATING
X-Ez-Minify-Js
X-TimeS
X-ServedByHost
X-Correlation-ID
X-VTEX-Cache-Time
Proxy-Firewall
X-HA-Application-Name
Pramga
Cr
X-Lb-Nocache
X-HA-Device-Type
From-Cache
Srv
X-Swift-Error
X-Styx-Origin-Id
X-Varnish-Beresp-TTL
X-Styx-Info
X-HA-Bot-Classification
X-Oracle-DMS-ECID
WebServer
Cloudfront-Viewer-Country
X-MSEdge-Features
X-MSEdge-Flight
X-CSRF-TOKEN
X-App
Coldstone-Viewer-Country
X-CACHE-KEY
Coldstone-Viewer-Currency
Content-Secure-Policy
X-Var-Ttl
X-Ha-Backend
X-TIM-N
X-WA-Info
Coldstone-Viewer-Country-Region-Name
X-LAGOON
X-Webkit-Csp-Report-Only
X-Cdn-Cache-Status
X-Geo
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Via-PopH
W
Ngx
FSS-Cache
X-Fastly-Cache
X-Via-PopV
X-Via-PopN
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
Cl-Cache
X-Proxy-Cache-LA2
X-Ramcache
X-Elasticpress-Query
X-Shopid
X-Shardid
X-Sorting-Hat-Podid
X-Web-Server
X-Sorting-Hat-Shopid
X-Check-Cacheable
BehaviorPad-Version
X-RID
Akamai-X-True-TTL
X-Sucuri-Id
X-Serial
X-Th-Server
X-Request-Url
X-DC
X-ATG-Version
Cf-Ipcountry
Bxpunish
Bxuuid
Ohc-Cache-HIT
X-Key
X-VServer
X-Cdn-Provider
URI
User-Agent
Ohc-File-Size
Xkey-G-Jp
Cneonction
X-Nitro-Cache
My-App
Host-Name
X-Env
X-Mg-Cache
X-Fastly-Cache-Status
X-Request-Time
X-Fastly-Cache-Hits
FSS-Proxy
X-Cache-TTL-Remaining