Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
X-XSS-Protection
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
Cf-Request-Id
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-Vhost
X-Cache-Group
Keep-Alive
X-Dispatcher
X-AH-Environment
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
P3p
X-Server-Powered-By
Allow
X-Pingback
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-LiteSpeed-Cache
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Ruxit-JS-Agent
X-Server-Id
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-Country
Fastly-Restarts
X-TraceId
X-Content-Type
Request-Id
X-Clacks-Overhead
X-TtlSet
X-Vname
X-Application-Context
X-PC
Rating
X-Times
X-Cnection
X-Cache-TTL
X-ESI
X-Midtier
X-Edge
X-Mcache
X-Browser-Type
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
X-Ac
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Abt-Application-Version
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Element-Page-Cache
X-NWS-LOG-UUID
X-D2id
Verso
X-Ua-Device
X-Upstream
X-ECACHE
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Navigation-Version
X-FastCGI-Cache
X-Amz-Rid
Nginx-Cache
X-B3-TraceId
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Nf-Request-Id
X-Client-IP
X-GitHub-Request-Id
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Akamai-GRN
X-Language
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Middleton-Response
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
Response
X-Erf-Bev-Bev
X-Instrumentation
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
AR-PoweredBy
AR-ATIME
S
AR-Request-ID
Edge-Cache-Tag
X-Goog-Hash
X-MS-InvokeApp
X-Resp-Is-Stale
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Url
X-Content-Digest
X-Distributor
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
Access-Control-Request-Method
Front-End-Https
X-Dw-Request-Base-Id
X-Cache-Key
X-Ezoic-Cdn
X-NGENIX-Cache
X-Recruiting
X-Shield-Request-Id
RTSS
Cache-Status
X-Amzn-Trace-Id
X-Version
X-Powered-CMS
X-Forwarded-For
Public-Key-Pins
X-Mg-S
X-MSEdge-Ref
X-Ttl
TP-Cache
X-T
Fastcgi-Cache
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Accel-Expires
X-HS-Content-Id
X-Server-Name
X-HS-Cache-Config
X-HS-Hub-Id
X-Correlation-Id
X-Ismobilevalue
X-Fastly-Request-ID
X-Varnish-TTL
Realpath
X-Cluster-Name
Cache-Tags
X-Id
X-Cached
X-CST
AR-CACHE
X-Newrelic-App-Data
X-HS-Combine-CSS
Payment
X-Request-Received
X-Request-Processing-Time
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TTL
X-DIS-Request-ID
X-Ua-Browser
X-ORACLE-DMS-ECID
X-Xrds-Location
X-Content-Security-Policy-Report-Only
Content-MD5
X-GUploader-UploadID
X-RateLimit-Remaining
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-HS-Prerendered
X-HS-CF-Cache-Status
Content-Disposition
X-Oneagent-Js-Injection
Count-Hit
X-Ratelimit-Remaining
X-Azure-Ref
X-Amz-Replication-Status
X-Webkit-Csp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Px
X-PressLabs-Stats
Cross-Origin-Resource-Policy
Accept-Charset
X-Unique-Id
X-Page-Id
X-Logged-In
X-Ruxit-Js-Agent
X-Ratelimit-Reset
X-Microsite
X-Git-Hash
X-Protected-By
X-Proxy
X-Request-Handler-Origin-Region
X-FB-Debug
Cleartype
X-AppVersion
X-Activity-Id
Cross-Origin-Embedder-Policy
X-Rid
X-Az
X-VARITI-CCR
X-Origin-Server
X-Www-Served-By
X-Load-Cache
X-LLID
X-Template
X-Goog-Metageneration
X-Hits
X-Varnish-Backend
X-Server-ID
MicrosoftSharePointTeamServices
YJS-ID
Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Server-Node
X-Forwarded-Proto
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
X-Upgrade-Enabled
X-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
Ar-SID
X-Varnish-Ttl
X-Frontend
X-NF-Request-ID
X-Hostname
X-Content-Options
X-B3-Sampled
X-Varnish-Server
X-SERVER-NAME
X-Varnish-Grace
X-TT
Section-Io-Cache
X-App-Server
Mrf-Cache-Status
X-Device-Type
X-B3-TraceId-Primal
MRF-Tech
Fastly-SIE
X-B
X-Fb-Rlafr
Fastly-SWR
Access-Control-Allow-Method
X-Grace
Alternate-Protocol
Viewport
X-Status
TCN
X-Goog-Stored-Content-Length
X-Request-Device-Id
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Upgrade-Insecure-Requests
Healthy
X-Cache-Age
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Request-Guid
Amp-Access-Control-Allow-Source-Origin
Host
X-Wormhole-Sdk
X-Magnolia-Registration
X-Fastcgi-Cache
X-EdgeConnect-Cache-Status
X-Buckets
X-CSRF-Token
X-Debug
AR-SID
DC
Retry-After
X-Amzn-Remapped-Content-Length
X-WebKit-CSP-Report-Only
AKAMAI-GRN
X-Contextid
X-Cache-Control
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Revision
X-Meli-Trace-Bu
MS-Author-Via
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Original-Request-Id
X-Response-Served-From
X-Adobe-Content
X-Yottaa-Metrics
X-Adobe-Loc
X-Yottaa-Optimizations
X-Lambda-Id
Access-Control-Request-Headers
X-Akamai-Edgescape
Cross-Origin-Opener-Policy-Report-Only
SD-X-WS
Cross-Origin-Embedder-Policy-Report-Only
X-G
X-Instance
X-Is-Bot
X-Origin-TTL
X-Origin-CC
X-Type
X-Mobile
X-Rendered-As
X-NYM-Debug-Backend
X-Hl-Ver
X-Trace-Id
X-ServerID
X-UUID
X-Mg-Request-UUID
X-Backend-Name
Section-Io-Id
X-Debug-IsPreview
X-Framework
X-Seen-By
X-Debug-IsConnected
X-Content-Powered-By
X-Tumblr-Pixel-1
X-DataDome
X-Tumblr-User
X-Tumblr-Pixel-0
X-RM-Cache-TTL
X-Cache-Hit
X-Tumblr-Pixel
Charset
X-RemovedCookies
X-Storage
X-Dc
X-Server-W
Ms-Operation-Id
MS-CV
X-RTag
X-Vcl-Version
X-ProcessESI
X-AB
X-COUNTRY
NGB
X-Akamai-Request-ID2
X-INCAP-ABP
X-Cache-Time
X-N
X-App-Version
X-Cache-Status-Check
X-Request-Site
Refresh
Frame-Options
Filterid
X-Time
X-Request-Bu
X-Request-Platform
Protected
X-Tec-Api-Root
VIX-Pulpo-Node
X-Tec-Api-Origin
VIX-Pulpo-Upstream-Status
X-Tec-Api-Version
X-Region
Accept-Language
SRV
X-Real-IP
X-Node-Name
Cache
Webserver
X-LB-Cache
CDN-RequestId
X-B3-SpanId
Cross-Origin-Window-Policy
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Paypal-Debug-Id
X-User-Agent
Onion-Location
X-Ms-Request-Id
X-Ms-Version
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
Priority
X-Cache-Expired-At
X-F-Cache
X-WP-CF-Super-Cache-Active
X-Whom
X-VC-Cache
Liferay-Portal
X-IPS-LoggedIn
X-Mode
OT-Force-Account-Verify
X-Rocket-Nginx-Serving-Static
Backend
X-Requestid
X-Proxy-Cache-Info
Xet-Cookie
X-VC
X-Pass-Why
X-HTML-Minification-Powered-By
X-L-Path
X-Environment-Context
X-Tb
X-App-Environment
X-Cacheable-TTL
GEO-INFO
X-Service
Filters
X-JoinUs
X-Oracle-Dms-Ecid
X-UPSTREAM-Address
X-Extlb
X-Detected-As
X-Drupal-Cache-Tags
X-Servername
X-MP-GENERATED-AT
X-Rewrite-Enabled
X-Proxied
X-Rn-Rsrv
X-Routing-Service
X-SaId
X-Debug-Info
X-Zipkin-Id
Meta-Geo
X-Cloudmap
Fastcgi-Useragent
X-Adobe-Source
LB
Url
ServedBy
X-Storefront-Renderer-Rendered
X-Logging-Id
X-Shopify-Stage
X-Origin-Date
X-Tcp-Rtt
X-Handled-By
Country
X-Rule
X-Tncms
X-Loop
X-Hosted-By
X-Endurance-Cache-Level
X-Browser-Name
X-Geo-Region
X-Is-Desktop
X-Is-Supported-Browser
X-Is-Mobile
X-Alternate-Cache-Key
X-Web-Node
X-Hit
X-Is-Tablet
X-Forwarded-Host
X-Varnish-Beresp-Grace
X-Vcache
Web-Mar-Node
Atl-Traceid
X-HITS
Property-Id
Mn-Server-Ip
X-Httpd
X-Format
TWC-Connection-Speed
X-Locale
TWC-Device-Class
X-ProxyCache-Key
X-Say-Cacheable
X-Say-TTL
X-Restarts
X-Cluster
TWC-GeoIP-City
X-ProxyCache-Status
X-Origin-Hint
TWC-GeoIP-Country
X-Cms-Context
X-Director
Webcakes-Region
X-BYPASS-REASON
X-Cache-Action
X-Cluster-Node
X-Cache-Host
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-Locale-Group
Uber-Trace-Id
TWC-Privacy
X-SayCDN-TTL
Apigw-Requestid
X-FW-Hash
X-FW-Dynamic
X-Wix-Request-Id
X-Cdn-Origin
X-FW-Serve
X-FW-Server
Environment
X-FW-Version
X-FW-Type
X-FW-Static
X-IPLB-Request-ID
X-IPLB-Instance
X-Soup
X-Skip-Cache
ServerID
X-Edge-Location
X-PHP-Host
X-Served-From
X-Labrador-Cache-Channel
X-Scope-Id
X-Redis-Cache
X-S
Selected-Fe
X-Drupal-Cache-Contexts
X-Fetched-On
X-FB-TRIP-ID
X-Mly-Id
X-Connection-Hash
Expiry
DB-Nickname
X-R9-Blue-Green-Version
X-RateLimit-Limit-Second
X-Timing-Wait
X-Proxy-Build
Cache-Hits
X-RateLimit-Remaining-Second
X-Origin
X-Auth-Group-Type
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Source
Locale
X-Generation-Time
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-ECache
Countrycode
X-Origin-Cache
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-GEO
X-Sorting-Hat-ShopId
X-RCS-CacheZone
X-VCT
X-B3-Traceid
X-No-Session
X-Varnish-Cache-Hits
X-Varnish-Age
X-Cache-Debug
Request-ID
Front
X-Yandex-Req-Id
X-WP-CF-Super-Cache-Cookies-Bypass
YJS-CacheStatus
WPO-Cache-Status
X-Is-Modern-Browser
X-SRV
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
X-UA
Node
X-CDN-Forward
Xserver
X-Lagoon
X-Api-Version
X-Webstats-RespID
X-Site-Version
X-XRDS-Location
X-Platform
X-Generated-By
From-Origin
X-Webkit-CSP
Cache-Provider
X-TA-CDN-Provider
X-Provided-By
X-Is-Mobile-Only
X-Azure-Ref-OriginShield
X-Cdn
Referer-Policy
X-VC-TTL
X-TT-LOGID
X-Accel-Version
Cache-Tv-Group
X-Xfnlog-Site
X-Ua
X-NewRelic-App-Data
X-CDN-Cache-Status
X-B-Cache
X-Signature
WPO-Cache-Message
CF-IPCountry
X-Reqid
Location
X-Tx-Id
X-Sucuri-Cache
X-NWS-UUID-VERIFY
CDN-CachedAt
CDN-Cache
X-PHP-Backend
CDN-PullZone
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
X-Air-Pt
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Operation
X-Sucuri-ID
X-Cache-Rule
X-Frame-Option
X-CACHE-AGE
X-Content-Age
X-IsAdmin
AMP-Access-Control-Allow-Source-Origin
X-Optimistic-Header
X-Origin-Expires
X-Rocket-Build-Number
X-A-Dam
X-Request-URI
X-A-Ccd
X-Old-Content-Length
X-A
Apple-News-Services-Handled
X-Destination
MD5-Digest
Meta-Geo-Continent
X-Developer
Lang
Fl-Custom-Application
X-Ec-GeoHdr
X-Ec-Fail
Ngx.Var.Host
Odigeo-Trace-Id
Rendered-Blocks
X-Cache-NE
Sslversion
Redirect-Candidate
X-Clientip
X-D
Origin
X-Conf
Fastly-SSL
Expect-Staple
Apple-News-Services-Request-Url
X-Bl-Debug
Candidate-Md5Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Ig-Push-State
X-Ig-Origin-Region
X-Rojux
X-GeoCountry
X-GeoCode
DCR-Decision-By
DCR-Processing-Time-Ms
X-External-Request-Id
X-Fmm-Version
X-Forwarded-Site
Cdncip
Cdnsip
X-Loc
X-A-Dcw
X-Sigma
X-Sigma-Backend
X-VG-WebCache
X-Access
XM
X-BCube-Filmed-By
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Fastly-Request-Id
X-Slack-Backend
X-B-Cookie
X-Vtex-Remote-Cache
X-Varnish-Director
X-Application
X-ScT
X-Section
X-AK-Request-ID
X-A-Wwc
X-S-Cookie
X-Aed
X-A-Dgt
X-Tt-Logid
L5d-Success-Class
Ha-Gx-Prefs
Country-Code
X-Fastly-Backend
L
X-Akamai-Device-Characteristics
IsBot
X-FC-Vary-Parameters
DSUID
X-Cache-Aspx
X-Thinkindot-L3
X-BBC-Edge-Cache-Status
X-Eu-Site
X-Epic-Correlation-Id
X-Litespeed-Tag
X-Thinkindot-L1
Gannett-Cam-Experience-Id
X-LSADC-Cache
X-Ec-Custom-Error
X-DefHash
X-Varnish-Authentication
Thinkindot-CacheControl-Type
X-CGP
X-Varnish-Hostname
X-Contensis-Viewer-Groups
X-Varnish-Remaining-TTL
Req-Svc-Chain
RNT-Machine
X-Varnish-CookieINHashed-On
TDXMobile
ServerName
X-Varnish-Beresp-Status
RNT-Time
X-Content-Length
X-Csrf-Jwt
X-Uri
X-Depends
X-Backend-Instance
X-Up
X-UA-Device-Type
X-DefElseHash
X-Auto-Login
Origin-CC
Origin-EX
Origin-Agent-Cluster
X-V-Cache
X-CUA
Log-Origin
X-Worker
X-Node-Id
Web-Mar-Region
X-SIPLIST1
X-Varnish-CookieHashed-On
Wxu-Next-Commit
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Ee-Request-Id
X-Ee-Request-Date
X-Men
X-Micro-Cache
X-Moov-T
X-Bc-Bl
Wxu-Next-Hostname
X-Req
X-Region-Sid
X-Save-Cache
X-Vary-Devices
X-Viewer-Country
Thinkindot-CacheControl
X-Pubstack
Wxu-Next-Region
X-Shield-Cache-Expires
X-PAYTM-SRV-ID
X-Policy
X-SD-PageType
X-Aicache-OS
X-Ee-Origin
X-GeoIP-Country-Code
X-GeoIP-City
X-GeoIP-Region-Code
X-Bug-Bounty
X-Hash
X-Block-Status
CDCHOST
X-Action
Cmstype
X-From
Cmsid
User-Cache-Control
X-Gen-Mode
X-Internal-TTL
X-Acquia-Purge-Cdn-Unconfigured
X-Cms-Device
X-Human
X-Core-Value
X-Sn-Servicetimems
X-Ee-Generated-By
X-Hnp-Log
Time-Cloud-Cache
Store-Cloud-Cache
X-HS-Content-Campaign-Id
X-Bip
X-Cache-Date
X-PERF
X-Cache-Id
X-Cache-FS-Status
X-Nyt-Route
X-Level-Front-Cache
X-Generated-On
Server-Host
X-Server-IP
X-Render-Time
Host-ID
X-SB
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Vercel-Id
X-Vercel-Cache
X-VarnishDD-TTL
X-Via-Fastly
X-Thanos
X-We-Are-Hiring
X-Vmg-Version
X-ApacheServer
X-Proto
X-Gamma-Serve
X-Gdpr
X-GoCache-CacheStatus
X-Esi-Check
X-DPWN-IS-SECURE
X-Date
X-Dispatcher-Server
X-Gzip
X-HN
X-Origin-Time
X-Path
X-Org
X-Op-Id-All
X-Mvc-Supplant-Cachable
X-NMSegId
X-CacheTTL
Tube-Return
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
PFcat
Platform
Azure-InstanceId
Content-Style-Type
Pragrma
NM-Fastcgi-Cache
N-Cache
Cluster
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
Content-Script-Type
Click-Count-Error
Click-Count-Action-Start
Machine
C-Via
Gh-Request-Id
Release
Producers
X-Amz-Storage-Class
V-Age
X-App-Name
X-Accel-Expires-Debug
X-AB-Test
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
X-Parent-Response-Time
X-Presslabs-Stats
Fastly-Drupal-HTML
Cdn-Request-Time
X-Debug-Cache-Store
X-TH-Server
X-Proxied-Request
Canary
X-Debug-Cache-Fetch
RewriteTestHook
X-Wikidot-Static-Cache
Cache-Contol
Nord-Request-ID
Source
X-Wikidot-Backend
RewriteTeamHook
X-Origin-Response-Time
X-Mvc-Supplant-OutputCached
Origin-Site
CacheControlHeader
Cdn-Host
X-Ion-Healthy
X-B3-Trace-ID
X-Ion-Hop
X-Jungle-Id
We-Hiring
X-Edge-Server
Mail-Subject
X-ElasticPress-Query
Sid
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
X-Cs
X-Location
Product
X-Litespeed-Cache-Control
Debug
X-Cached-By
X-Pad
X-ZONE
HA-Ipaddr
Powered-By
NGX
S-Rt
X-Amz-Meta-Cb-Modifiedtime
CloudFront-Viewer-Country
X-Nginx-Cache
Mime-Version
X-Refresh
X-Via-Popv
X-Via-Poph
X-Via-Popn
Vix-Hermes-Req-Id
X-Cache-VC
X-Nananana
X-ND-Cache
X-Upstream-Ct
X-HA-Backend
GeoIP-Latitude
X-Servedbyhost
X-APP
X-Upstream-Ht
X-NGINX-Cache
X-Varnish-Hits
Pics-Label
X-User
X-LB-ID
Edge-Cache
X-Ah-Environment
Server-ID
Cookie
X-Cdn-Forward
X-AIR-PT
X-DynaTrace-JS-Agent
X-Datadome
X-Wa
X-LB-NoCache
X-Nc
Akamai-Mon-Iucid-Del
X-Fpc
X-GeoIP
Surrogated-Key
HostName
MIME-Version
X-Srv
X-Zone
GeoIp-Country-Code
X-Request-Start
SID
DataCenter
WZWS-RAY
X-B3-Parentspanid
X-Scheme
X-Debug-Service
X-Unity-Cache
Resin-Trace
X-Nginx-Cache-Key
N1-Cache
X-VCL-Version
Fastly-Drupal-Html
Server-Hostname
X-Request-Host
Server-Ext
X-NodeID
True-Client-Country-4JS
Sever-Int
X-Pool
X-LiteSpeed-Cache-Control
X-B3-Spanid
X-RequestId
X-CS
Load-Balancing
Sm-Log-Id
X-Service-Response-Time
X-Cache-Grace
Show-Do-Not-Sell-Link
Tcn
X-DynaTrace
Cdn
X-Lsadc-Cache
X-Vgn-Hpd-Reason
Wsr-Cache
NtCoent-Length
X-DataCenter
Yak-Timeinfo
Lb
X-FORWARDED-FOR
X-Cache-Backend
X-Air-Source
X-Air-Hostname
Yjs-Id
X-Air-Trace-Id
Traceparent
X-Newrelic-Synthetics
X-Zen-Fury
X-Via-Edge
X-Via-SSL
X-Datacenter
X-Geolocation
X-Via-CDN
Edge-Copy-Time
X-TX-ID
X-HOST
X-Vc
X-NODE
Req-ID
X-Client-Ip
X-RateLimit-Limit
X-Jobs
X-HubSpot-Correlation-Id
X-Cdn-Srv
GeoIP-Country-Code
Serverhost
Cdn-Requestid
X-Fastly-Backend-Reqs
CDN
X-API-Version
Datacenter
X-WA
X-CDN-Provider
X-LiteSpeed-Tag
X-Html-Minification-Powered-By
X-NC
X-ID
X-Powered-By-VTEX-Cache
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
Hostname
WP-Super-Cache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-FPC
Uri
X-Webkit-Csp-Report-Only
X-Akamai-Pragma-Client-IP
True-Client-IP
A
Server-Id
XkeyR9
Xkeylog
Xkey-La3
X-Proxy-CacheR9
X-Proxy-Cache-La3
On-Server
Geoip-Latitude
X-Stale
X-Lb-Id
X-WA-Info
T-Server
Coldstone-Viewer-Country
Proxy-Firewall
RATING
X-Ez-Minify-Js
Coldstone-Viewer-Country-Region-Name
X-TimeS
Coldstone-Viewer-Currency
Esi-Enabled
X-Varnish-Beresp-TTL
ServerHost
X-Swift-Error
X-Lb-Nocache
X-ServedByHost
From-Cache
Srv
X-Via-JSL
WebServer
Cs
X-Oracle-DMS-ECID
CountryCode
X-VC-Age
X-Ha-Backend
Cloudfront-Viewer-Country
X-App
BehaviorPad-Version
X-CSRF-TOKEN
X-Ez-Minify-Html
X-LAGOON
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Via-PopV
X-Ssense-Gql
X-MSEdge-Features
X-MSEdge-Flight
X-Correlation-ID
Cr
X-Styx-Info
X-Styx-Origin-Id
X-HA-Device-Type
X-HA-Bot-Classification
Pramga
X-HA-Application-Name
FSS-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Via-PopN
X-Via-PopH
X-Fastly-Cache
Ngx
X-Web-Server
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Shopid
X-Shardid
X-Sorting-Hat-Shopid
X-Check-Cacheable
X-Nitro-Cache
X-Cdn-Cache-Status
X-Geo
X-Request-Time
Content-Secure-Policy
X-Sorting-Hat-Podid
X-TIM-N
X-Fastly-Cache-Status
User-Agent
W
X-Ramcache
X-Var-Ttl
X-Th-Server
X-Proxy-Cache-LA2
X-Elasticpress-Query
True-Client-Ip
X-Serial
X-ATG-Version
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-X-True-TTL
X-Wp-Cf-Super-Cache-Active
My-App
X-DC
X-Request-Url
Cf-Ipcountry
X-Env
Ohc-File-Size
Cneonction
Ohc-Cache-HIT
Bxuuid
X-Sucuri-Id
X-Mg-Cache
FSS-Proxy
X-VServer
X-Beacon
Warning
X-Fastly-Cache-Hits
Bxpunish
X-Cache-TTL-Remaining
X-Platform-Server
Host-Name