Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
CF-Ray
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH-Lifetime
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Cf-Request-Id
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Xkey
X-CONTENT-TYPE-OPTIONS
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
X-XSS-PROTECTION
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Amz-Version-Id
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-UA-Device
X-Request-ID
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Litespeed-Cache
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-Cache-Lookup
X-Server-Id
X-Host
X-Country-Code
X-Backend-Server
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-LiteSpeed-Cache
X-Response-Time
X-Ruxit-JS-Agent
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
P3p
X-Ua-Device
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
X-Nginx-Cache-Status
Service-Worker-Allowed
Request-Id
Fastly-Restarts
X-TraceId
X-Application-Context
X-Content-Type
X-Clacks-Overhead
X-Times
Rating
X-TtlSet
X-PC
X-Vname
X-Cnection
X-Midtier
X-Nf-Request-Id
X-Edge
X-Mcache
X-ESI
X-Oneagent-Js-Injection
X-FTR-Cache-Status
X-FTR-Balancer
X-Browser-Type
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
Edge-Control
X-FTR-Expires
X-Cache-TTL
X-Vcap-Request-Id
Origin-Trial
X-FastCGI-Cache
Surrogate-Key
X-Country
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Element-Page-Cache
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-D2id
X-Exp-Variant
X-Abt-Application-Version
X-Ac
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
Akamai-GRN
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Pagespeed
Display
X-Middleton-Display
X-Sol
X-GitHub-Request-Id
X-Language
X-Ruxit-Js-Agent
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Instrumentation
S
AR-PoweredBy
AR-ATIME
AR-Request-ID
Edge-Cache-Tag
X-MS-InvokeApp
X-Url
X-Ratelimit-Limit
X-Goog-Hash
X-Resp-Is-Stale
X-Distributor
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-Ser
SPIisLatency
X-SharePointHealthScore
SPRequestDuration
SPRequestGuid
X-Client-IP
X-Ttl
X-NGENIX-Cache
Access-Control-Request-Method
Front-End-Https
X-Content-Digest
X-Shield-Request-Id
X-Ezoic-Cdn
X-Varnish-TTL
X-Dw-Request-Base-Id
X-Cache-Key
X-Recruiting
X-Amzn-Trace-Id
RTSS
X-Version
Cache-Status
X-Powered-CMS
X-Mg-S
X-T
Public-Key-Pins
TP-Cache
Fastcgi-Cache
X-MSEdge-Ref
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Accel-Expires
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Ismobilevalue
AR-CACHE
Realpath
Cache-Tags
X-Cluster-Name
X-Cached
X-Fastly-Request-ID
X-Id
X-Correlation-Id
X-Content-Security-Policy-Report-Only
Content-MD5
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
X-Newrelic-App-Data
X-Kong-Upstream-Latency
X-Ua-Browser
Payment
X-Kong-Proxy-Latency
X-DIS-Request-ID
X-Forwarded-For
X-Ratelimit-Remaining
X-GUploader-UploadID
X-HP-Webp
X-Jurisdiction
YJS-ID
X-HP-Trace-Id
Ar-SID
X-Cambria-Cache-Control
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Azure-Ref
Content-Disposition
X-Amz-Replication-Status
X-Server-Name
X-Request-Device-Id
X-COUNTRY
Count-Hit
X-RateLimit-Remaining
X-Webkit-Csp
X-SERVER-NAME
X-Origin-Server
X-Unique-Id
X-Px
X-Ratelimit-Reset
X-SRCache-Store-Status
Cleartype
Cross-Origin-Embedder-Policy
X-SRCache-Fetch-Status
Cross-Origin-Resource-Policy
X-Page-Id
X-Logged-In
X-Xrds-Location
Accept-Charset
X-VARITI-CCR
X-TTL
X-Rid
X-FB-Debug
X-Activity-Id
X-Git-Hash
X-Proxy
X-Protected-By
X-Az
X-AppVersion
X-Amz-Meta-S3cmd-Attrs
X-Www-Served-By
X-LLID
X-CST
X-Load-Cache
MicrosoftSharePointTeamServices
X-Goog-Metageneration
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Meli-Trace-Platform
X-Template
X-Amzn-RequestId
X-Microsite
Version
X-Amz-Apigw-Id
X-Request-Handler-Origin-Region
X-Varnish-Backend
X-TEC-API-ROOT
X-Geo-Country
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-ORACLE-DMS-ECID
X-Forwarded-Proto
Server-Node
X-Upgrade-Enabled
Server-Name
X-Hostname
X-B3-Sampled
X-Content-Options
X-PressLabs-Stats
X-Hits
Section-Io-Cache
X-Varnish-Grace
Viewport
X-App-Server
X-Device-Type
X-TT
X-Fb-Rlafr
X-Grace
X-Frontend
Fastly-SIE
Fastly-SWR
Access-Control-Allow-Method
X-B
X-Varnish-Server
Mrf-Cache-Status
Alternate-Protocol
X-B3-TraceId-Primal
MRF-Tech
Healthy
X-WebKit-CSP-Report-Only
X-Status
X-URL
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
TCN
X-Request-Guid
Upgrade-Insecure-Requests
X-Magnolia-Registration
DC
X-Contextid
Host
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-Oracle-Dms-Ecid
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
X-Tt-Trace-Host
Retry-After
X-Tt-Trace-Tag
MS-Author-Via
X-Cache-Control
X-Buckets
X-Debug
AKAMAI-GRN
X-App-Version
X-Revision
X-Type
Frame-Options
X-Requestid
X-Instance
X-Backend-Name
SD-X-WS
X-Seen-By
X-Vcl-Version
X-Cache-Age
X-Response-Served-From
X-Original-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-UUID
X-Adobe-Content
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Yottaa-Optimizations
X-Akamai-Edgescape
X-Cache-Status-Check
X-Tumblr-Pixel
X-Tumblr-User
X-N
Cross-Origin-Embedder-Policy-Report-Only
X-Tumblr-Pixel-1
X-Is-Bot
Cross-Origin-Opener-Policy-Report-Only
X-NYM-Debug-Backend
X-RemovedCookies
X-Hl-Ver
X-Yottaa-Metrics
X-WP-CF-Super-Cache
X-ProcessESI
X-INCAP-ABP
X-Rendered-As
Access-Control-Request-Headers
Section-Io-Id
X-Debug-IsPreview
X-Lambda-Id
X-Trace-Id
X-ServerID
X-Mg-Request-UUID
X-Akamai-Request-ID2
X-Framework
X-G
X-Origin-CC
X-Origin-TTL
X-Content-Powered-By
X-Debug-IsConnected
X-RTag
X-Storage
X-Server-W
Charset
X-Mobile
X-Varnish-Ttl
Ms-Operation-Id
X-RM-Cache-TTL
MS-CV
X-HITS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
NGB
X-AB
X-Dc
X-DataDome
Filterid
Cache
X-B3-SpanId
Accept-Language
Webserver
X-Request-Bu
X-Server-ID
X-Request-Platform
X-Request-Site
X-Cache-Time
X-Tec-Api-Root
X-Cache-Hit
X-Tec-Api-Origin
X-Tec-Api-Version
Refresh
SRV
Paypal-Debug-Id
X-XRDS-Location
X-Time
X-VC-Cache
Onion-Location
X-Ms-Version
X-Ms-Request-Id
X-Region
X-Yandex-Req-Id
X-Real-IP
X-Node-Name
X-User-Agent
X-F-Cache
Priority
CDN-RequestId
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-IPS-LoggedIn
Xet-Cookie
Cross-Origin-Window-Policy
X-Pass-Why
X-LB-Cache
X-HTML-Minification-Powered-By
Protected
Liferay-Portal
X-Environment-Context
X-Rocket-Nginx-Serving-Static
GEO-INFO
X-L-Path
AR-SID
YJS-CacheStatus
X-Whom
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Mode
X-Wormhole-Sdk
X-Drupal-Cache-Tags
Backend
Country
X-Service
X-Cache-Expired-At
X-Adobe-Source
X-Handled-By
X-Tb
X-NF-Request-ID
X-WP-CF-Super-Cache-Active
X-Rule
OT-Force-Account-Verify
X-Fastcgi-Cache
LB
X-JoinUs
X-Proxy-Cache-Info
ServerID
X-Detected-As
X-Geo-Region
X-Is-Desktop
X-Cloudmap
X-Is-Tablet
X-Loop
X-MP-GENERATED-AT
X-FB-TRIP-ID
X-Rn-Rsrv
X-Origin-Date
X-Extlb
X-UPSTREAM-Address
X-IPLB-Request-ID
TWC-Device-Class
X-Is-Mobile
X-Browser-Name
TWC-GeoIP-DMA
TWC-GeoIP-LatLong
Meta-Geo
Property-Id
ServedBy
TWC-Connection-Speed
TWC-GeoIP-City
TWC-GeoIP-Country
TWC-GeoIP-Region
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-Is-Supported-Browser
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
Url
X-Tcp-Rtt
X-IPLB-Instance
X-SaId
X-Zipkin-Id
X-Rewrite-Enabled
X-Is-Modern-Browser
X-Origin-Hint
X-Vcache
X-Varnish-Beresp-Grace
X-Proxied
X-Routing-Service
X-App-Environment
X-Wix-Request-Id
X-Servername
X-Tncms
X-ProxyCache-Key
X-Shopify-Stage
Uber-Trace-Id
X-Web-Node
X-Httpd
Mn-Server-Ip
X-Cdn-Origin
X-Cache-Host
X-BYPASS-REASON
Atl-Traceid
Expiry
X-Soup
X-Cluster
X-Alternate-Cache-Key
DB-Nickname
X-ProxyCache-Status
X-Cache-Action
X-Connection-Hash
X-Restarts
X-Cluster-Node
X-Redis-Cache
X-Tumblr-Pixel-3
X-Storefront-Renderer-Rendered
X-Format
X-Fetched-On
X-Skip-Cache
X-Forwarded-Host
X-Cacheable-TTL
X-Generation-Time
X-Hit
X-Tumblr-Pixel-2
X-Director
X-Locale
X-Logging-Id
X-Hosted-By
X-Cms-Context
X-Scope-Id
X-Urbn-Context-Path
X-SayCDN-TTL
X-Urbn-Site-Id
X-FW-Version
X-RateLimit-Remaining-Second
X-Say-Cacheable
X-Edge-Location
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-FW-Static
X-FW-Serve
X-RateLimit-Limit-Second
X-FW-Type
X-RCS-CacheZone
X-Say-TTL
Environment
Apigw-Requestid
Locale
X-Timing-Wait
Cache-Hits
X-Proxy-Build
X-Auth-Group-Type
X-Served-From
X-Drupal-Cache-Contexts
X-Labrador-Cache-Channel
Fastcgi-Useragent
Selected-Fe
X-Presslabs-Stats
Filters
X-PHP-Host
X-S
X-Origin
X-VCT
X-Debug-Info
X-Endurance-Cache-Level
X-ECache
X-Cache-Debug
X-Origin-Cache
X-Provided-By
X-Is-Mobile-Only
X-GEO
X-UA
X-R9-Blue-Green-Version
X-VC
X-Mly-Id
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-No-Session
X-Platform
Front
Xserver
Node
X-CDN-Forward
X-CACHE-AGE
X-NewRelic-App-Data
X-CDN-Cache-Status
X-Lagoon
X-Varnish-Beresp-Ttl
X-Varnish-Cache-Hits
X-Varnish-Age
X-WP-CF-Super-Cache-Cookies-Bypass
X-Generated-By
Cache-Tv-Group
X-SRV
X-CLOUD-TRACE-CONTEXT
WPO-Cache-Status
X-Tt-Logid
X-Api-Version
Countrycode
X-Signature
X-B-Cache
X-Optimistic-Header
X-NWS-UUID-VERIFY
X-Webstats-RespID
X-Site-Version
Referer-Policy
From-Origin
Cache-Provider
X-Azure-Ref-OriginShield
X-B3-Traceid
X-Accel-Version
X-Cache-Rule
X-Client-Ip
X-Cache-Operation
X-VC-TTL
X-PHP-Backend
X-IsAdmin
Location
X-Tx-Id
X-Worker
Request-ID
X-Ua
X-Auto-Login
X-FORWARDED-FOR
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Pt
X-Sucuri-Cache
Source
X-Source
CF-IPCountry
S-Rt
X-LJ-Flow-ID
X-Litespeed-Cache-Control
X-VWS-Id
X-TA-CDN-Provider
X-Reqid
X-AWS-Id
X-Xfnlog-Site
AMP-Access-Control-Allow-Source-Origin
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Hash
X-Bl-Debug
X-HS-Content-Campaign-Id
Odigeo-Trace-Id
X-Forwarded-Site
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-BCube-Filmed-By
Ngx.Var.Host
X-GeoCountry
X-GeoCode
MD5-Digest
Meta-Geo-Continent
X-GeoIP-City
X-Bug-Bounty
X-Cache-Aspx
Origin-Agent-Cluster
N-Cache
X-From
X-Ee-Request-Date
Host-ID
Ha-Gx-Prefs
X-D
DCR-Decision-By
X-Cache-NE
IsBot
Cluster
X-Developer
X-Destination
X-Depends
DCR-Processing-Time-Ms
X-Csrf-Jwt
Fastly-SSL
Fl-Custom-Application
X-Cms-Device
X-Clientip
X-Conf
X-Contensis-Viewer-Groups
X-Core-Value
Gh-Request-Id
X-Content-Age
Expect-Staple
L5d-Success-Class
Cdnsip
X-Ig-Origin-Region
X-Ee-Origin
Candidate-Md5Url
X-Ee-Generated-By
X-Ee-Request-Id
Lang
X-FC-Vary-Parameters
Log-Origin
X-External-Request-Id
X-Eu-Site
CDN-Cache
CDN-CachedAt
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
Cdncip
CDN-RequestCountryCode
X-Ec-Fail
CDN-EdgeStorageId
X-Ec-GeoHdr
CDN-PullZone
X-Fmm-Version
X-Micro-Cache
X-Varnish-Director
X-Req
X-Varnish-Hostname
X-Request-URI
Time-Cloud-Cache
X-S-Cookie
X-Rojux
X-Rocket-Build-Number
X-A-Dam
RNT-Machine
X-Aed
X-Policy
X-Ig-Push-State
X-Pubstack
X-Action
X-Fastly-Request-Id
X-A-Ccd
X-Vary-Devices
X-Save-Cache
RNT-Time
X-Slack-Backend
X-SIPLIST1
X-A-Dgt
X-A-Wwc
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Access
Store-Cloud-Cache
X-Sigma-Backend
X-V-Cache
X-SD-PageType
X-ScT
X-A-Dcw
X-Section
X-Varnish-Beresp-Status
X-Sigma
X-Varnish-Authentication
X-PERF
X-Vdms-Version
Xc-Version
Sslversion
Wxu-Next-Hostname
X-PAYTM-SRV-ID
Redirect-Candidate
X-ApacheServer
X-Application
X-Loc
Wxu-Next-Commit
Web-Mar-Region
Origin
WPO-Cache-Message
X-B-Cookie
X-Node-Id
Pragrma
X-Origin-Expires
X-Vtex-Remote-Cache
X-CGP
X-A
X-VG-WebCache
X-AK-Request-ID
X-VG-TLSProxy
X-Viewer-Country
X-Org
Wxu-Next-Region
Rendered-Blocks
X-Old-Content-Length
X-Upstream-Ct
X-Upstream-Ht
X-Block-Status
X-Accel-Expires-Debug
X-Bc-Bl
X-Aicache-OS
X-BBC-Edge-Cache-Status
X-Acquia-Purge-Cdn-Unconfigured
X-CacheTTL
X-Akamai-Device-Characteristics
X-Backend-Instance
X-App-Name
X-Amz-Storage-Class
X-Cache-Date
X-Level-Front-Cache
X-Render-Time
X-Region-Sid
X-SB
X-Shield-Cache-Expires
X-Sn-Servicetimems
X-Proto
X-Path
X-NMSegId
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Op-Id-All
X-Origin-Time
X-Thinkindot-L1
X-Thinkindot-L3
X-Vmg-Version
X-Via-Fastly
X-We-Are-Hiring
Powered-By
X-CUA
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Up
X-UA-Device-Type
X-Uri
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Fastly-Backend
X-Epic-Correlation-Id
X-Gamma-Serve
X-Gdpr
X-Gen-Mode
X-Ec-Custom-Error
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Date
X-Debug-Cache-Store
X-DefElseHash
X-DefHash
X-Generated-On
X-GeoIP-Country-Code
X-Jungle-Id
X-Ion-Hop
We-Hiring
X-Men
X-Moov-T
X-Ion-Healthy
X-Internal-TTL
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-HN
X-Hnp-Log
X-Human
X-Content-Length
X-AB-Test
Origin-CC
Nord-Request-ID
NM-Fastcgi-Cache
Origin-EX
CDCHOST
Canary
PFcat
DSUID
Mail-Subject
L
Country-Code
V-Age
X-NGINX-Cache
Gannett-Cam-Experience-Id
Content-Style-Type
Cmsid
Cmstype
Content-Script-Type
Cache-Contol
Origin-Site
Azure-SlotName
Azure-InstanceId
Thinkindot-CacheControl
ServerName
Azure-RegionName
TDXMobile
Azure-SiteName
Server-Host
RewriteTestHook
Release
User-Cache-Control
Azure-Version
Req-Svc-Chain
Thinkindot-CacheControl-Type
RewriteTeamHook
X-Frame-Option
X-LSADC-Cache
X-Proxied-Request
X-Cs
X-Gzip
X-Mvc-Supplant-OutputCached
X-Location
X-Edge-Server
CacheControlHeader
X-Esi-Check
Cdn-Host
Cdn-Request-Time
X-DPWN-IS-SECURE
C-Via
Click-Count-Action-Start
Click-Count-Error
X-SVT-ORM-VERSION
X-B3-Trace-ID
X-Wikidot-Static-Cache
X-Wikidot-Backend
Tube-Get-Contents
Platform
Machine
X-Bip
Vix-Hermes-Req-Id
X-Thanos
Producers
X-Server-IP
X-Cache-FS-Status
Fastly-Drupal-HTML
Tube-Got-Results
X-SVT-ORM-RULES
Fastly-GeoIP-CountryCode
Tube-Return
Tube-Got-Eval
Fastly-Backend-Name
X-Vercel-Cache
X-Vercel-Id
X-Cache-Id
X-Parent-Response-Time
Pics-Label
X-ND-Cache
XM
X-Origin-Response-Time
X-Sucuri-ID
X-ElasticPress-Query
CloudFront-Viewer-Country
NGX
X-Pad
X-ZONE
Sid
Mime-Version
Debug
X-Cached-By
X-TT-LOGID
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-APP
X-Varnish-Hits
X-HA-Backend
X-Servedbyhost
X-Refresh
GeoIP-Latitude
X-TH-Server
Cookie
Server-ID
X-Nananana
Product
HA-Ipaddr
GeoIp-Country-Code
Load-Balancing
X-Datadome
X-Amz-Meta-Cb-Modifiedtime
X-Nginx-Cache-Key
X-Debug-Service
True-Client-Country-4JS
X-Litespeed-Tag
X-Wa
X-Srv
Sever-Int
X-Nc
X-DynaTrace-JS-Agent
X-GeoIP
X-Fpc
X-Cache-VC
Server-Hostname
Server-Ext
X-AIR-PT
SID
X-Cdn-Forward
X-Webkit-CSP
Edge-Cache
X-User
X-B3-Parentspanid
X-Zone
Show-Do-Not-Sell-Link
Cdn
Traceparent
X-Ez-Minify-Html
HostName
WZWS-RAY
X-Cache-Backend
MIME-Version
X-LB-ID
X-Vc
X-Newrelic-Synthetics
DataCenter
X-Unity-Cache
Fastly-Drupal-Html
X-LB-NoCache
Akamai-Mon-Iucid-Del
Resin-Trace
X-Scheme
Tcn
X-Request-Start
X-Nginx-Cache
X-Lsadc-Cache
X-VCL-Version
Lb
X-CDN-Provider
Serverhost
X-AC
Surrogated-Key
Wsr-Cache
X-B3-Spanid
CountryCode
X-Pool
Xkey-La3
X-API-Version
X-Proxy-CacheR9
X-Proxy-Cache-La3
Yjs-Id
XkeyR9
Sm-Log-Id
X-Service-Response-Time
Xkeylog
X-CS
NtCoent-Length
Hostname
X-Datacenter
X-Udemy-Cache-App-Namespace
A
X-HOST
X-TX-ID
X-Request-Host
X-NodeID
Datacenter
X-RequestId
Cs
X-Vgn-Hpd-Reason
X-RateLimit-Limit
X-Cache-Grace
X-HubSpot-Correlation-Id
X-LiteSpeed-Tag
Uri
X-Lb-Id
X-Dynatrace-Js-Agent
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
N1-Cache
Cdn-Requestid
X-DynaTrace
Yak-Timeinfo
X-LiteSpeed-Cache-Control
CDN
X-DataCenter
X-Akamai-Pragma-Client-IP
X-WA
Esi-Enabled
X-VC-Age
Edge-Copy-Time
X-Via-CDN
X-Fastly-Backend-Reqs
X-FPC
X-NC
X-Via-SSL
X-Via-Edge
X-ID
Pramga
X-HA-Bot-Classification
X-HA-Application-Name
Cr
X-HA-Device-Type
X-Styx-Info
X-Html-Minification-Powered-By
Server-Id
GeoIP-Country-Code
X-Geolocation
X-Via-JSL
X-Zen-Fury
X-Jobs
X-Styx-Origin-Id
X-Stale
X-Traceid
True-Client-IP
Geoip-Latitude
X-Var-Ttl
X-TIM-N
Content-Secure-Policy
T-Server
Req-ID
RATING
X-TimeS
Proxy-Firewall
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Ez-Minify-Js
X-Webkit-Csp-Report-Only
W
X-Cdn-Srv
X-Swift-Error
Srv
WP-Super-Cache
ServerHost
X-Varnish-Beresp-TTL
On-Server
X-ServedByHost
X-Lb-Nocache
From-Cache
X-Oracle-DMS-ECID
X-MSEdge-Features
X-Proxy-Cache-LA2
X-MSEdge-Flight
X-App
X-Ramcache
X-VTEX-Cache-Time
X-CACHE-KEY
X-CSRF-TOKEN
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
X-Ha-Backend
Cloudfront-Viewer-Country
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-LAGOON
X-Fastly-Cache
X-Correlation-ID
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Via-PopV
X-Sucuri-Id
WebServer
X-Via-PopN
FSS-Cache
X-Via-PopH
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Geo
X-Cdn-Cache-Status
Coldstone-Viewer-Country
X-Shardid
Ohc-Cache-HIT
Ohc-File-Size
X-Key
X-VServer
Cl-Cache
X-Sorting-Hat-Shopid
Coldstone-Viewer-Country-Region-Name
X-Shopid
X-Sorting-Hat-Podid
CF-Cached-On
Ngx
X-Check-Cacheable
X-WA-Info
Coldstone-Viewer-Currency
X-Web-Server
X-Elasticpress-Query
X-PageType
Akamai-X-True-TTL
X-ATG-Version
X-DC
X-Serial
X-Th-Server
Cf-Ipcountry
Xkey-G-Jp
Warning
FSS-Proxy
Cneonction
X-Env
X-Fastly-Cache-Hits
BehaviorPad-Version
X-Request-Url
X-Mg-Cache
User-Agent
X-Fastly-Cache-Status
Host-Name