Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
Cf-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Ua-Compatible
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
Keep-Alive
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-AH-Environment
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
P3p
X-Pingback
Allow
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-LiteSpeed-Cache
X-Device
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Server-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Fastly-Restarts
Request-Id
X-Country
X-Clacks-Overhead
X-Content-Type
X-TtlSet
X-PC
X-Vname
X-Application-Context
X-Times
Rating
X-Cnection
X-Cache-TTL
X-Midtier
X-Mcache
X-Edge
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-Browser-Type
X-Vcap-Request-Id
X-FTR-Expires
Surrogate-Key
X-Ac
X-ESI
Edge-Control
Origin-Trial
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-D2id
X-Element-Page-Cache
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-FastCGI-Cache
X-Abt-Application-Version
X-NWS-LOG-UUID
Verso
X-Nf-Request-Id
X-Ua-Device
X-Upstream
X-B3-TraceId
X-ORACLE-DMS-RID
X-ECACHE
X-Navigation-Version
X-Mod-Pagespeed
X-Amz-Rid
Nginx-Cache
Display
X-Sol
X-Middleton-Display
Pagespeed
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-GitHub-Request-Id
Akamai-GRN
X-Client-IP
X-Language
Response
X-Middleton-Response
X-Envoy-Decorator-Operation
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
S
Edge-Cache-Tag
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Ratelimit-Limit
X-MS-InvokeApp
X-Goog-Hash
X-Resp-Is-Stale
X-ARC
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Distributor
X-Url
X-Content-Digest
SPRequestDuration
SPIisLatency
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
X-Ezoic-Cdn
X-Dw-Request-Base-Id
Front-End-Https
X-NGENIX-Cache
X-Recruiting
X-Shield-Request-Id
X-Cache-Key
RTSS
X-Amzn-Trace-Id
X-Varnish-TTL
X-Version
Cache-Status
X-Powered-CMS
Public-Key-Pins
X-Oneagent-Js-Injection
X-T
X-Mg-S
Fastcgi-Cache
X-Ttl
X-MSEdge-Ref
TP-Cache
X-Forwarded-For
Arr-Disable-Session-Affinity
X-Accel-Expires
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Daa-Tunnel
X-Ismobilevalue
X-Correlation-Id
Realpath
Cache-Tags
X-Cluster-Name
X-Cached
X-Id
AR-CACHE
X-Fastly-Request-ID
X-Server-Name
X-Request-Processing-Time
X-CST
X-Request-Received
X-HS-Combine-CSS
X-Ruxit-Js-Agent
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ua-Browser
Payment
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
Content-MD5
X-TTL
X-Newrelic-App-Data
X-GUploader-UploadID
X-RateLimit-Remaining
X-Xrds-Location
X-HS-Prerendered
X-HS-CF-Cache-Status
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HP-Webp
X-Jurisdiction
X-ORACLE-DMS-ECID
X-Ratelimit-Remaining
Content-Disposition
X-Azure-Ref
X-Amz-Replication-Status
Count-Hit
X-Webkit-Csp
X-Px
X-Page-Id
X-Ratelimit-Reset
Accept-Charset
X-Request-Handler-Origin-Region
Cleartype
X-Microsite
X-Proxy
X-Unique-Id
X-AppVersion
X-Logged-In
X-Activity-Id
X-Az
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Protected-By
X-FB-Debug
X-Origin-Server
Cross-Origin-Resource-Policy
X-Www-Served-By
X-Git-Hash
Cross-Origin-Embedder-Policy
X-Rid
X-PressLabs-Stats
X-VARITI-CCR
X-Load-Cache
YJS-ID
X-Template
X-LLID
X-Goog-Metageneration
X-Varnish-Backend
MicrosoftSharePointTeamServices
Version
X-Hits
Ar-SID
X-Forwarded-Proto
X-Amz-Meta-S3cmd-Attrs
X-Upgrade-Enabled
Server-Name
X-SERVER-NAME
Server-Node
X-Amzn-RequestId
X-URL
X-Amz-Apigw-Id
X-Geo-Country
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Request-Device-Id
X-Hostname
X-Frontend
X-Content-Options
X-B3-Sampled
X-Varnish-Server
X-App-Server
X-Varnish-Grace
Viewport
MRF-Tech
Mrf-Cache-Status
X-Status
Section-Io-Cache
X-B3-TraceId-Primal
X-TT
Fastly-SIE
X-B
Alternate-Protocol
Fastly-SWR
X-Grace
X-Fb-Rlafr
X-Device-Type
Access-Control-Allow-Method
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
Healthy
X-Server-ID
TCN
Upgrade-Insecure-Requests
X-Request-Guid
X-NF-Request-ID
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-CSRF-Token
X-WebKit-CSP-Report-Only
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-COUNTRY
X-Buckets
DC
X-Cache-Age
Amp-Access-Control-Allow-Source-Origin
Retry-After
X-Amzn-Remapped-Content-Length
X-Debug
X-Varnish-Ttl
X-Contextid
AKAMAI-GRN
X-Cache-Control
MS-Author-Via
X-Wormhole-Sdk
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Revision
X-Instance
X-Original-Request-Id
AR-SID
X-Type
X-Response-Served-From
X-Vcl-Version
X-Origin-TTL
X-NYM-Debug-Backend
X-Origin-CC
X-Rendered-As
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Is-Bot
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UUID
X-Seen-By
X-Adobe-Content
SD-X-WS
X-Adobe-Loc
X-Backend-Name
X-Lambda-Id
X-Hl-Ver
X-Mobile
X-ServerID
Access-Control-Request-Headers
X-Akamai-Edgescape
MS-CV
NGB
X-Framework
X-G
X-Content-Powered-By
Ms-Operation-Id
Charset
X-Tumblr-User
X-Debug-IsPreview
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-App-Version
X-Debug-IsConnected
X-Tumblr-Pixel-0
X-RM-Cache-TTL
X-Trace-Id
X-Mg-Request-UUID
X-Server-W
X-RTag
X-INCAP-ABP
X-AB
X-Tec-Api-Origin
X-Tec-Api-Root
X-Storage
X-Tec-Api-Version
X-ProcessESI
X-Cache-Hit
X-N
X-RemovedCookies
Section-Io-Id
X-Akamai-Request-ID2
X-Dc
Frame-Options
X-Cache-Status-Check
X-DataDome
Filterid
X-Cache-Time
X-Request-Bu
Refresh
X-Request-Site
X-Request-Platform
X-B3-SpanId
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Cache
Accept-Language
SRV
X-Time
X-Real-IP
X-Region
X-Node-Name
Webserver
Protected
X-Fastcgi-Cache
Paypal-Debug-Id
X-User-Agent
X-Ms-Request-Id
Onion-Location
X-Ms-Version
X-Oracle-Dms-Ecid
Liferay-Portal
Cross-Origin-Window-Policy
CDN-RequestId
X-CCDN-CacheTTL
X-F-Cache
X-Hcs-Proxy-Type
X-LB-Cache
X-CCDN-Origin-Time
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-HITS
X-Whom
X-VC-Cache
X-Requestid
X-Datadog-Trace-Id
X-HTML-Minification-Powered-By
X-WP-CF-Super-Cache-Active
X-Cache-Expired-At
X-IPS-LoggedIn
Priority
Xet-Cookie
X-Mode
X-Pass-Why
X-Rocket-Nginx-Serving-Static
Backend
OT-Force-Account-Verify
GEO-INFO
X-Drupal-Cache-Tags
X-Proxy-Cache-Info
X-Environment-Context
X-L-Path
X-Tb
X-Rule
X-App-Environment
Filters
Meta-Geo
Fastcgi-Useragent
X-Extlb
X-SaId
Web-Mar-Node
X-Browser-Name
X-Cloudmap
X-Detected-As
X-Geo-Region
Url
X-Servername
X-Is-Desktop
X-JoinUs
ServerID
X-MP-GENERATED-AT
X-Service
X-Loop
X-Handled-By
X-Is-Tablet
X-Tcp-Rtt
X-Rewrite-Enabled
X-Is-Mobile
X-Is-Supported-Browser
X-Proxied
X-Routing-Service
X-Rn-Rsrv
X-FW-Server
X-FW-Serve
X-Vcache
X-Cacheable-TTL
X-FW-Static
X-FW-Version
X-FW-Type
X-FW-Hash
X-Zipkin-Id
X-Tncms
X-UPSTREAM-Address
X-FW-Dynamic
X-Restarts
ServedBy
X-Cache-Host
X-VC
TWC-Connection-Speed
X-Wix-Request-Id
Property-Id
X-Endurance-Cache-Level
X-Origin-Hint
X-Generation-Time
X-IPLB-Request-ID
X-IPLB-Instance
X-Hit
X-Debug-Info
TWC-Device-Class
Webcakes-App-Name
TWC-Privacy
X-Locale
Webcakes-App-Version
Webcakes-Region
X-Adobe-Source
X-Hosted-By
TWC-GeoIP-Region
TWC-Locale-Group
TWC-GeoIP-DMA
TWC-GeoIP-Country
TWC-GeoIP-City
TWC-GeoIP-LatLong
X-Forwarded-Host
X-Redis-Cache
Apigw-Requestid
X-Logging-Id
X-Storefront-Renderer-Rendered
Atl-Traceid
X-Httpd
X-Cms-Context
X-Alternate-Cache-Key
X-Cluster-Node
X-Director
X-Varnish-Beresp-Grace
X-Shopify-Stage
X-Cdn-Origin
X-Cache-Action
Environment
Uber-Trace-Id
Country
X-Format
X-Origin-Date
Mn-Server-Ip
X-Cluster
X-Drupal-Cache-Contexts
X-BYPASS-REASON
X-FB-TRIP-ID
X-Edge-Location
X-Skip-Cache
X-ProxyCache-Key
X-Say-TTL
X-SayCDN-TTL
X-RateLimit-Limit-Second
X-Say-Cacheable
X-ProxyCache-Status
X-S
X-Scope-Id
X-RateLimit-Remaining-Second
X-Soup
X-Connection-Hash
Expiry
X-Tumblr-Pixel-3
Selected-Fe
X-Timing-Wait
X-Tumblr-Pixel-2
X-Proxy-Build
X-Labrador-Cache-Channel
X-Web-Node
LB
X-Origin
Cache-Hits
X-Served-From
X-PHP-Host
X-ECache
X-R9-Blue-Green-Version
X-Origin-Cache
DB-Nickname
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Fetched-On
Locale
X-Mly-Id
X-XRDS-Location
X-Auth-Group-Type
X-RCS-CacheZone
X-Yandex-Req-Id
X-Cache-Debug
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-VCT
X-No-Session
X-GEO
YJS-CacheStatus
Request-ID
X-Is-Modern-Browser
Countrycode
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Age
Front
X-SRV
X-Source
X-NewRelic-App-Data
X-Varnish-Cache-Hits
X-Lagoon
Node
Xserver
X-UA
X-CLOUD-TRACE-CONTEXT
WPO-Cache-Status
X-Webkit-CSP
X-Is-Mobile-Only
X-Api-Version
X-Generated-By
X-Site-Version
X-Varnish-Beresp-Ttl
X-Platform
X-Provided-By
Cache-Tv-Group
Cache-Provider
X-CDN-Forward
X-Webstats-RespID
X-Accel-Version
X-Cdn
X-Azure-Ref-OriginShield
From-Origin
X-Ua
X-TA-CDN-Provider
X-Fastly-Request-Id
X-CDN-Cache-Status
Referer-Policy
X-B3-Traceid
X-B-Cache
X-Signature
X-CACHE-AGE
X-TT-LOGID
X-Xfnlog-Site
X-VC-TTL
AMP-Access-Control-Allow-Source-Origin
X-Sucuri-Cache
X-PHP-Backend
Location
X-Presslabs-Stats
X-NWS-UUID-VERIFY
CF-IPCountry
X-Optimistic-Header
X-Reqid
WPO-Cache-Message
CDN-RequestCountryCode
X-Sucuri-ID
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Air-Pt
CDN-CachedAt
CDN-EdgeStorageId
X-Tx-Id
X-IsAdmin
CDN-Cache
CDN-PullZone
X-Ec-GeoHdr
X-Ee-Generated-By
X-Ec-Fail
Candidate-Md5Url
X-Cache-Rule
X-External-Request-Id
X-HS-Content-Campaign-Id
X-GeoCode
X-Forwarded-Site
X-Cache-Operation
X-Fmm-Version
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Request-Id
X-Worker
X-GeoCountry
X-Core-Value
Sslversion
Store-Cloud-Cache
X-Auto-Login
X-Application
X-B-Cookie
RNT-Time
Redirect-Candidate
Rendered-Blocks
RNT-Machine
Time-Cloud-Cache
X-Aed
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
X-Action
Web-Mar-Region
X-A
X-BCube-Filmed-By
X-Bl-Debug
Fastly-SSL
Fl-Custom-Application
X-Content-Age
X-Conf
Expect-Staple
X-D
X-Destination
DCR-Decision-By
DCR-Processing-Time-Ms
X-Cms-Device
Lang
Ngx.Var.Host
Odigeo-Trace-Id
Origin
X-Cache-NE
Meta-Geo-Continent
Log-Origin
X-Clientip
MD5-Digest
X-Developer
X-Tb-Optimization-Total-Bytes-Saved
X-Loc
X-Save-Cache
X-Vary-Devices
X-Frame-Option
X-S-Cookie
Xc-Version
X-Micro-Cache
X-Old-Content-Length
X-Slack-Shared-Secret-Outcome
XM
X-Slack-Backend
X-Rojux
X-ScT
X-Vtex-Remote-Cache
X-Ig-Push-State
X-Ig-Origin-Region
X-Vdms-Version
X-Viewer-Country
X-Request-URI
X-Tt-Logid
X-CGP
X-SIPLIST1
X-Sigma-Backend
X-Sigma
Country-Code
X-Csrf-Jwt
X-SRCache-Key
X-Rocket-Build-Number
L5d-Success-Class
IsBot
X-Date
X-ApacheServer
Gannett-Cam-Experience-Id
Nord-Request-ID
X-Section
Gh-Request-Id
X-Contensis-Viewer-Groups
X-Content-Length
Ha-Gx-Prefs
X-Render-Time
X-Block-Status
X-Aicache-OS
User-Cache-Control
X-AK-Request-ID
Host-ID
X-App-Name
V-Age
Wxu-Next-Commit
X-VG-WebCache
X-Accel-Expires-Debug
X-VG-TLSProxy
Wxu-Next-Region
Wxu-Next-Hostname
X-Varnish-Director
ServerName
X-Bc-Bl
X-Up
X-Debug-Cache-Fetch
X-Bug-Bounty
X-Cache-Aspx
X-Backend-Instance
RewriteTeamHook
Server-Host
X-Varnish-Authentication
X-V-Cache
X-Uri
RewriteTestHook
Origin-Agent-Cluster
X-CUA
X-Eu-Site
X-Jungle-Id
X-Nyt-Route
X-Level-Front-Cache
X-Generated-On
X-Ion-Hop
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Fastly-Backend
X-Debug-Cache-Store
X-Req
X-Men
X-SD-PageType
X-From
X-PERF
X-Gdpr
X-Varnish-Hostname
X-FC-Vary-Parameters
X-Access
X-Gen-Mode
X-Epic-Correlation-Id
Apple-News-Services-Parsed-Url
X-Pubstack
Cdnsip
Cdncip
CDCHOST
X-Region-Sid
Cmsid
X-Internal-TTL
X-Hnp-Log
X-Depends
Cmstype
X-Policy
X-Hash
X-Node-Id
Cluster
X-Path
X-Ion-Healthy
X-Origin-Time
X-GoCache-CacheStatus
X-Origin-Expires
Cache-Contol
X-Litespeed-Cache-Control
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Wikidot-Static-Cache
X-Gzip
X-Akamai-Device-Characteristics
X-Acquia-Purge-Cdn-Unconfigured
X-GeoIP-City
X-Wikidot-Backend
X-Thinkindot-L1
X-Shield-Cache-Expires
X-Server-IP
X-CacheTTL
X-Sn-Servicetimems
X-Cache-Id
X-Edge-Server
X-Proto
X-DefHash
X-DefElseHash
X-Human
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Esi-Check
X-Cache-FS-Status
X-Moov-Xdn-Version
X-BBC-Edge-Cache-Status
X-Moov-Xdn-Caching-Status
X-B3-Trace-ID
X-Moov-T
X-UA-Device-Type
X-Thinkindot-L3
X-Thanos
X-NMSegId
X-Mvc-Supplant-Cachable
X-Bip
X-Gamma-Serve
Pragrma
Content-Style-Type
X-VarnishDD-TTL
Content-Script-Type
X-Dispatcher-Server
X-HN
X-Via-Fastly
DSUID
Mail-Subject
L
Fastly-Backend-Name
We-Hiring
Cdn-Request-Time
X-We-Are-Hiring
Azure-InstanceId
X-Op-Id-All
X-PAYTM-SRV-ID
X-SB
Azure-RegionName
Azure-SiteName
Cdn-Host
CacheControlHeader
Azure-Version
Azure-SlotName
NM-Fastcgi-Cache
Machine
Origin-EX
Thinkindot-CacheControl-Type
Req-Svc-Chain
X-AB-Test
Thinkindot-CacheControl
Origin-CC
TDXMobile
N-Cache
PFcat
Producers
X-Org
Platform
Origin-Site
Source
X-LSADC-Cache
X-Parent-Response-Time
Canary
X-Vercel-Id
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Tube-Get-Contents
X-Vmg-Version
X-Vercel-Cache
Click-Count-Action-Start
C-Via
Release
Sid
Click-Count-Error
X-Location
X-Litespeed-Tag
X-Amz-Storage-Class
Fastly-GeoIP-CountryCode
X-SVT-ORM-VERSION
X-ElasticPress-Query
X-SVT-ORM-RULES
X-ZONE
X-Cache-Date
X-Mvc-Supplant-OutputCached
X-AWS-Id
X-Pad
X-VWS-Id
X-LJ-Flow-ID
X-Cs
Fastly-Drupal-HTML
Debug
X-Proxied-Request
X-Origin-Response-Time
X-Cached-By
X-NGINX-Cache
X-Refresh
Product
S-Rt
Powered-By
X-TH-Server
X-Upstream-Ht
X-Upstream-Ct
Mime-Version
X-Amz-Meta-Cb-Modifiedtime
HA-Ipaddr
X-APP
Vix-Hermes-Req-Id
X-Via-Poph
X-Nananana
X-Via-Popn
NGX
Pics-Label
X-ND-Cache
X-Via-Popv
CloudFront-Viewer-Country
X-Datadome
X-Cache-VC
X-Cdn-Forward
X-HA-Backend
X-Varnish-Hits
Cookie
X-Ah-Environment
GeoIP-Latitude
X-Servedbyhost
X-DynaTrace-JS-Agent
X-AIR-PT
X-LB-ID
GeoIp-Country-Code
Server-ID
Edge-Cache
X-User
X-Nginx-Cache
MIME-Version
Akamai-Mon-Iucid-Del
X-Fpc
X-Wa
X-GeoIP
HostName
X-Nc
X-LB-NoCache
Surrogated-Key
X-Request-Start
X-Srv
X-FORWARDED-FOR
SID
X-B3-Parentspanid
WZWS-RAY
DataCenter
X-Nginx-Cache-Key
Fastly-Drupal-Html
X-Zone
Tcn
Sever-Int
Server-Hostname
Resin-Trace
True-Client-Country-4JS
Server-Ext
X-Debug-Service
X-Scheme
X-Unity-Cache
Load-Balancing
X-Client-Ip
Show-Do-Not-Sell-Link
Lb
X-RateLimit-Limit
X-CS
X-Lsadc-Cache
Cdn
X-Request-Host
X-Pool
X-NodeID
N1-Cache
X-Cache-Backend
X-VCL-Version
X-Newrelic-Synthetics
X-RequestId
Sm-Log-Id
NtCoent-Length
Wsr-Cache
X-Cache-Grace
X-Service-Response-Time
X-B3-Spanid
X-TX-ID
X-Vc
X-DynaTrace
X-Vgn-Hpd-Reason
X-DataCenter
Yjs-Id
Yak-Timeinfo
Traceparent
X-Via-SSL
X-Via-Edge
X-HOST
X-Via-CDN
X-Datacenter
X-LiteSpeed-Cache-Control
Edge-Copy-Time
X-Air-Source
X-Air-Hostname
X-NODE
X-Air-Trace-Id
X-WA
X-Zen-Fury
Datacenter
X-Geolocation
X-API-Version
X-NC
X-HubSpot-Correlation-Id
X-Proxy-CacheR9
CDN
Hostname
Cdn-Requestid
Req-ID
Xkeylog
Serverhost
X-Jobs
Xkey-La3
X-Proxy-Cache-La3
XkeyR9
X-CDN-Provider
X-Dynatrace-Js-Agent
X-LiteSpeed-Tag
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
X-ID
Uri
X-Cdn-Srv
X-FPC
A
X-Ez-Minify-Html
Server-Id
X-Html-Minification-Powered-By
True-Client-IP
Geoip-Latitude
X-Akamai-Pragma-Client-IP
X-Lb-Id
GeoIP-Country-Code
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
WP-Super-Cache
CountryCode
RATING
Proxy-Firewall
X-Stale
T-Server
X-TimeS
X-Srcache-Fetch-Status
ServerHost
X-Ez-Minify-Js
X-Srcache-Store-Status
Cs
X-Via-JSL
Esi-Enabled
X-Varnish-Beresp-TTL
On-Server
X-Webkit-Csp-Report-Only
Coldstone-Viewer-Country
Srv
X-Lb-Nocache
X-Swift-Error
From-Cache
X-ServedByHost
X-WA-Info
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
Cloudfront-Viewer-Country
X-Esi
WebServer
X-Oracle-DMS-ECID
X-VC-Age
X-App
Pramga
X-HA-Device-Type
X-Styx-Origin-Id
X-Ha-Backend
X-HA-Bot-Classification
X-Styx-Info
X-HA-Application-Name
X-CSRF-TOKEN
Cr
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
X-CACHE-KEY
X-Via-PopV
X-Via-PopN
Ngx
X-Fastly-Cache
Content-Secure-Policy
X-Ssense-Gql
FSS-Cache
X-TIM-N
X-Via-PopH
BehaviorPad-Version
X-Var-Ttl
X-Ssense-Shipping-Surcharge-Enabled
X-Correlation-ID
X-MSEdge-Features
X-MSEdge-Flight
X-Sorting-Hat-Podid
X-Geo
X-Web-Server
X-Shardid
X-Shopid
W
X-Sorting-Hat-Shopid
X-Check-Cacheable
X-Cdn-Cache-Status
X-Elasticpress-Query
X-Proxy-Cache-LA2
X-Th-Server
X-Wp-Cf-Super-Cache-Active
X-Request-Url
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-ATG-Version
My-App
X-Request-Time
X-Nitro-Cache
X-DC
X-Serial
Akamai-X-True-TTL
X-Sucuri-Id
Cf-Ipcountry
True-Client-Ip
Xkey-G-Jp
X-Ramcache
User-Agent
Cl-Cache
X-Cache-TTL-Remaining
X-Mg-Cache
Host-Name
X-Env
FSS-Proxy
X-Fastly-Cache-Status
Bxuuid
X-Fastly-Cache-Hits
Cneonction
Bxpunish