Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Keep-Alive
X-Request-ID
X-Via
Cf-Apo-Via
X-Amz-Version-Id
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Vhost
X-Cache-Group
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Litespeed-Cache
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-SaveTime
X-Swift-CacheTime
X-Dns-Prefetch-Control
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Server-Id
X-Host
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Accept-Ch-Lifetime
X-LiteSpeed-Cache
Cache-Tag
P3p
Cf-Request-Id
X-Amz-Server-Side-Encryption
X-Ua-Device
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
Request-Id
X-TraceId
X-Application-Context
Fastly-Restarts
X-Content-Type
X-Nf-Request-Id
X-Times
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
Rating
X-Cnection
X-Midtier
X-Mcache
X-Edge
X-ESI
X-Vcap-Request-Id
X-Browser-Type
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
Edge-Control
X-FTR-Expires
Origin-Trial
X-Cache-TTL
X-Element-Page-Cache
Surrogate-Key
X-D2id
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Country
X-Powered-By-Plesk
X-Oneagent-Js-Injection
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Ac
X-Abt-Application-Version
X-Upstream
Verso
X-Mod-Pagespeed
X-Navigation-Version
X-B3-TraceId
X-Url
X-ORACLE-DMS-RID
X-Amz-Rid
Akamai-GRN
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Language
Nginx-Cache
X-ECACHE
X-Middleton-Display
X-GitHub-Request-Id
X-Sol
Display
Pagespeed
S
X-Envoy-Decorator-Operation
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Response
X-Middleton-Response
AR-ATIME
X-MS-InvokeApp
AR-PoweredBy
AR-Request-ID
Edge-Cache-Tag
X-Ratelimit-Limit
X-Distributor
X-Goog-Hash
X-Resp-Is-Stale
X-SharePointHealthScore
SPIisLatency
SPRequestDuration
X-Kinsta-Cache
X-NGENIX-Cache
X-Ser
SPRequestGuid
X-Edge-Location-Klb
X-ARC
X-Client-IP
X-Ttl
Front-End-Https
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
X-Content-Digest
X-Ezoic-Cdn
X-Varnish-TTL
RTSS
X-Recruiting
X-Cache-Key
Cache-Status
X-Version
X-T
X-Mg-S
TP-Cache
Public-Key-Pins
X-Powered-CMS
X-HS-Content-Id
Fastcgi-Cache
X-HS-Hub-Id
X-HS-Cache-Config
X-Accel-Expires
X-MSEdge-Ref
X-Ismobilevalue
Arr-Disable-Session-Affinity
AR-CACHE
X-Daa-Tunnel
Realpath
Cache-Tags
X-Cached
X-Cluster-Name
X-Id
X-Correlation-Id
Content-MD5
X-Content-Security-Policy-Report-Only
Ar-SID
X-Request-Processing-Time
X-Request-Received
YJS-ID
X-Request-Device-Id
X-Forwarded-For
X-HS-Combine-CSS
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Fastly-Request-ID
X-Ua-Browser
Payment
X-Newrelic-App-Data
X-DIS-Request-ID
X-Xrds-Location
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Azure-Ref
X-COUNTRY
X-RateLimit-Remaining
X-GUploader-UploadID
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Amz-Replication-Status
X-Webkit-Csp
Content-Disposition
X-Meli-Trace-Site
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-Px
X-Ratelimit-Reset
X-Protected-By
X-Origin-Server
X-Page-Id
X-Unique-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Accept-Charset
X-Activity-Id
Cross-Origin-Resource-Policy
X-Az
Cleartype
X-AppVersion
X-Logged-In
X-Proxy
MicrosoftSharePointTeamServices
Cross-Origin-Embedder-Policy
X-Www-Served-By
X-FB-Debug
X-Rid
X-ORACLE-DMS-ECID
X-SERVER-NAME
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-Request-Handler-Origin-Region
X-Microsite
X-VARITI-CCR
X-TTL
X-Amzn-RequestId
X-Amz-Apigw-Id
Version
X-Load-Cache
X-LLID
X-Goog-Metageneration
X-Template
X-Geo-Country
X-Forwarded-Proto
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Varnish-Backend
X-PressLabs-Stats
X-CST
X-Hits
X-Upgrade-Enabled
Server-Node
X-B3-Sampled
Server-Name
X-Content-Options
X-App-Server
X-WebKit-CSP-Report-Only
X-Hostname
X-TT
X-B
X-Varnish-Server
Healthy
X-Fb-Rlafr
X-Grace
Access-Control-Allow-Method
Viewport
Section-Io-Cache
Fastly-SIE
Alternate-Protocol
Fastly-SWR
X-Varnish-Grace
X-Frontend
X-Device-Type
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Status
X-Request-Guid
TCN
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Contextid
DC
Upgrade-Insecure-Requests
Host
X-Magnolia-Registration
AKAMAI-GRN
Retry-After
MS-Author-Via
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-App-Version
X-CSRF-Token
X-Cache-Age
X-Cache-Control
X-Requestid
Frame-Options
X-Tt-Trace-Tag
X-Tt-Trace-Host
Amp-Access-Control-Allow-Source-Origin
X-Type
X-Revision
X-Varnish-Ttl
X-Origin-TTL
X-Debug
X-Buckets
X-Origin-CC
X-Response-Served-From
X-Original-Request-Id
X-RemovedCookies
X-ProcessESI
X-UUID
SD-X-WS
X-Hl-Ver
X-Akamai-Edgescape
X-NYM-Debug-Backend
Cross-Origin-Embedder-Policy-Report-Only
X-Adobe-Content
X-Oracle-Dms-Ecid
X-Mobile
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Loc
X-Lambda-Id
VIX-Pulpo-Upstream-Status
X-Debug-IsConnected
VIX-Pulpo-Node
X-G
MS-CV
X-Seen-By
X-RTag
X-INCAP-ABP
X-Debug-IsPreview
X-ServerID
X-Content-Powered-By
X-Backend-Name
Ms-Operation-Id
Access-Control-Request-Headers
X-Instance
X-Yottaa-Metrics
X-Server-W
X-AB
X-Yottaa-Optimizations
X-N
X-Cache-Status-Check
X-Tumblr-Pixel-0
X-Is-Bot
X-Tumblr-User
X-Tumblr-Pixel-1
X-Rendered-As
X-Tumblr-Pixel
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Akamai-Request-ID2
X-Mg-Request-UUID
X-Trace-Id
X-Framework
NGB
Section-Io-Id
X-Dc
X-Storage
X-RM-Cache-TTL
X-Vcl-Version
Charset
Cache
Webserver
X-B3-SpanId
Filterid
X-Yandex-Req-Id
X-DataDome
X-Cache-Time
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Paypal-Debug-Id
Accept-Language
X-Request-Platform
X-Request-Bu
X-Request-Site
Refresh
X-URL
X-VC-Cache
X-Cache-Hit
X-Ms-Version
X-Ms-Request-Id
SRV
X-ECache
Onion-Location
X-Fastcgi-Cache
X-HITS
X-Time
X-F-Cache
X-Real-IP
X-Node-Name
YJS-CacheStatus
X-Region
X-User-Agent
X-Mode
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Xet-Cookie
X-L-Path
X-Environment-Context
X-IPS-LoggedIn
Priority
Liferay-Portal
CDN-RequestId
GEO-INFO
X-HTML-Minification-Powered-By
X-LB-Cache
X-Drupal-Cache-Tags
Cross-Origin-Window-Policy
X-Service
X-Pass-Why
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Rocket-Nginx-Serving-Static
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Adobe-Source
X-Rule
X-Zipkin-Id
X-Routing-Service
X-Rn-Rsrv
X-Is-Mobile-Only
X-Is-Modern-Browser
X-Cache-Expired-At
X-Cloudmap
X-Timing-Wait
Selected-Fe
Meta-Geo
Country
X-Extlb
X-Is-Desktop
X-Rewrite-Enabled
X-Geo-Region
X-Tb
X-Is-Mobile
X-SaId
Protected
X-Proxy-Build
Backend
X-Is-Supported-Browser
X-Proxied
X-JoinUs
X-Browser-Name
X-Tcp-Rtt
X-UPSTREAM-Address
X-Is-Tablet
X-Origin-Cache
X-Proxy-Cache-Info
X-Origin
X-Whom
X-Hit
X-ProxyCache-Key
X-BYPASS-REASON
X-Httpd
X-VC
X-ProxyCache-Status
Url
X-Wix-Request-Id
X-Handled-By
X-Servername
X-RCS-CacheZone
X-Storefront-Renderer-Rendered
X-MP-GENERATED-AT
X-Generation-Time
X-Alternate-Cache-Key
X-Forwarded-Host
X-Shopify-Stage
X-Provided-By
X-Cluster
X-Web-Node
Mn-Server-Ip
OT-Force-Account-Verify
X-WP-CF-Super-Cache-Active
X-Origin-Hint
X-Origin-Date
TWC-Device-Class
X-Detected-As
Fastcgi-Useragent
X-Loop
X-Cacheable-TTL
Property-Id
Expiry
Environment
TWC-Connection-Speed
TWC-GeoIP-City
X-Connection-Hash
Cache-Hits
X-FB-TRIP-ID
ServerID
X-Varnish-Beresp-Grace
Webcakes-Region
TWC-Locale-Group
X-Vcache
Uber-Trace-Id
Webcakes-App-Version
X-S
TWC-Privacy
X-RateLimit-Limit-Second
TWC-GeoIP-Region
TWC-GeoIP-Country
X-Tncms
Web-Mar-Node
Webcakes-App-Name
TWC-GeoIP-DMA
X-VCT
TWC-GeoIP-LatLong
X-RateLimit-Remaining-Second
ServedBy
X-Redis-Cache
X-Cdn-Origin
X-Logging-Id
X-Locale
X-Cms-Context
DB-Nickname
X-Skip-Cache
X-Tumblr-Pixel-3
X-Hosted-By
X-Fetched-On
X-Format
X-Auth-Group-Type
X-Tumblr-Pixel-2
X-Drupal-Cache-Contexts
X-Director
X-Cache-Action
Apigw-Requestid
LB
X-Soup
X-App-Environment
Atl-Traceid
X-Restarts
X-Say-TTL
X-Say-Cacheable
X-FW-Version
X-Cache-Host
X-SayCDN-TTL
X-Scope-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Served-From
X-FW-Static
X-FW-Type
X-Edge-Location
X-Debug-Info
X-Cluster-Node
Locale
X-FW-Server
X-Endurance-Cache-Level
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Labrador-Cache-Channel
X-PHP-Host
X-Cache-Debug
Filters
X-Server-ID
X-IPLB-Instance
X-IPLB-Request-ID
X-NewRelic-App-Data
X-Platform
X-R9-Blue-Green-Version
X-XRDS-Location
X-Mly-Id
Node
X-Api-Version
Front
AR-SID
X-GEO
X-CDN-Cache-Status
X-CDN-Forward
X-ShopId
X-ShardId
X-No-Session
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-CLOUD-TRACE-CONTEXT
X-Optimistic-Header
Xserver
X-Tt-Logid
X-Varnish-Age
X-Varnish-Cache-Hits
X-UA
WPO-Cache-Status
Countrycode
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Beresp-Ttl
Cache-Tv-Group
X-SRV
X-Fastly-Request-Id
X-Wormhole-Sdk
X-Presslabs-Stats
X-Generated-By
X-B3-Traceid
X-NWS-UUID-VERIFY
X-B-Cache
X-Signature
Referer-Policy
X-CACHE-AGE
X-Client-Ip
X-Webstats-RespID
X-Azure-Ref-OriginShield
X-Site-Version
X-Ua
Request-ID
From-Origin
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-Cache-Operation
X-IsAdmin
Cache-Provider
X-PHP-Backend
X-Accel-Version
X-VWS-Id
X-Auto-Login
X-LJ-Flow-ID
X-AWS-Id
X-NF-Request-ID
Location
X-Worker
X-VC-TTL
X-TA-CDN-Provider
X-Upstream-Ct
X-Tx-Id
X-Upstream-Ht
X-Vtex-Remote-Cache
X-Bc-Bl
X-Developer
X-B-Cookie
Xc-Version
Origin-Agent-Cluster
X-Application
X-A-Dgt
X-ApacheServer
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-Ec-GeoHdr
X-Destination
X-Ec-Fail
X-D
X-S-Cookie
X-Conf
X-Aed
X-Rojux
X-Clientip
X-Cache-NE
X-Tb-Optimization-Total-Bytes-Saved
WPO-Cache-Message
X-Org
Source
X-BCube-Filmed-By
S-Rt
X-A-Wwc
X-Content-Age
X-Bl-Debug
X-ScT
DCR-Decision-By
X-GeoCode
X-GeoCountry
Origin
X-Loc
Candidate-Md5Url
Pragrma
X-SRCache-Key
Ngx.Var.Host
X-Ig-Origin-Region
Lang
X-Ig-Push-State
MD5-Digest
N-Cache
Meta-Geo-Continent
Rendered-Blocks
Redirect-Candidate
X-Vdms-Version
Sslversion
Fl-Custom-Application
Expect-Staple
DCR-Processing-Time-Ms
ServerName
X-External-Request-Id
Host-ID
X-PERF
X-Varnish-Hostname
X-Xfnlog-Site
X-Litespeed-Cache-Control
Fastly-SSL
L5d-Success-Class
Gannett-Cam-Experience-Id
X-Aicache-OS
X-AK-Request-ID
IsBot
Ha-Gx-Prefs
Gh-Request-Id
Odigeo-Trace-Id
We-Hiring
Time-Cloud-Cache
Store-Cloud-Cache
Wxu-Next-Region
X-Rocket-Build-Number
Wxu-Next-Commit
Wxu-Next-Hostname
RNT-Time
RNT-Machine
X-Action
Mail-Subject
Log-Origin
Web-Mar-Region
Origin-Site
Powered-By
Pics-Label
X-Save-Cache
X-Section
X-Gamma-Serve
X-From
X-Up
X-Sigma-Backend
X-GeoIP-City
X-Origin-Expires
X-Forwarded-Site
X-Uri
X-Varnish-Beresp-Status
X-Varnish-Director
X-PAYTM-SRV-ID
X-Varnish-Authentication
X-V-Cache
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Node-Id
X-Mvc-Supplant-Cachable
X-Old-Content-Length
X-Slack-Backend
X-SIPLIST1
X-Slack-Shared-Secret-Outcome
X-Micro-Cache
X-Hash
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
X-Internal-TTL
X-Men
X-Vary-Devices
X-Fmm-Version
X-Core-Value
X-Content-Length
X-Csrf-Jwt
X-CUA
X-Depends
X-Contensis-Viewer-Groups
X-Cms-Device
X-Cache-Aspx
X-Bug-Bounty
X-CGP
X-Server-IP
X-ND-Cache
Country-Code
X-VG-WebCache
X-Policy
X-Ee-Request-Id
X-Epic-Correlation-Id
X-Eu-Site
X-FC-Vary-Parameters
X-Ee-Request-Date
X-Ee-Origin
X-Req
X-Ee-Generated-By
X-Render-Time
X-Sigma
X-VG-TLSProxy
X-SD-PageType
X-Access
Cdnsip
Cdncip
CDN-Uid
CDCHOST
Apple-News-Services-Host
CF-IPCountry
Apple-News-Services-Parsed-Url
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-CachedAt
CDN-Cache
Canary
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
Cluster
Apple-News-Services-Handled
Sid
Apple-News-Services-Request-Url
Cmstype
X-Cs
Cmsid
X-Sucuri-Cache
X-NGINX-Cache
X-Parent-Response-Time
X-Reqid
X-Acquia-Purge-Cdn-Unconfigured
X-Level-Front-Cache
X-Path
X-Ion-Hop
X-Accel-Expires-Debug
X-Jungle-Id
X-Origin-Time
X-Mvc-Supplant-OutputCached
X-NMSegId
Azure-InstanceId
X-Op-Id-All
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
X-Air-Pt
X-Nyt-Route
X-AB-Test
X-App-Name
X-Cache-Date
X-Cache-FS-Status
X-Block-Status
X-Bip
X-Frame-Option
X-Ec-Custom-Error
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefElseHash
X-DefHash
X-FORWARDED-FOR
X-BBC-Edge-Cache-Status
X-HN
X-Hnp-Log
X-Akamai-Device-Characteristics
X-Human
X-Amz-Storage-Class
X-Proto
X-Backend-Instance
X-Gdpr
X-Gen-Mode
X-Generated-On
X-Ion-Healthy
TDXMobile
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Machine
L
X-Varnish-Remaining-TTL
NM-Fastcgi-Cache
Nord-Request-ID
PFcat
Origin-EX
X-Thinkindot-L3
X-UA-Device-Type
X-VarnishDD-TTL
X-Via-Fastly
DSUID
X-CacheTTL
X-Fastly-Backend
Content-Script-Type
Content-Style-Type
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Viewer-Country
X-Vmg-Version
X-We-Are-Hiring
Fastly-Backend-Name
X-Thinkindot-L1
Origin-CC
Azure-SlotName
RewriteTestHook
RewriteTeamHook
Azure-SiteName
X-Thanos
Cache-Contol
X-Pubstack
X-Region-Sid
Server-Host
X-Request-URI
Azure-Version
X-Date
Release
Azure-RegionName
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-SB
X-Sn-Servicetimems
Thinkindot-CacheControl
Req-Svc-Chain
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
X-DPWN-IS-SECURE
X-Vercel-Id
X-Location
X-Gzip
X-Proxied-Request
X-Moov-T
X-Moov-Xdn-Version
X-ElasticPress-Query
X-Esi-Check
X-Vercel-Cache
X-Edge-Server
X-Moov-Xdn-Caching-Status
Cdn-Request-Time
Cdn-Host
Platform
Click-Count-Action-Start
Click-Count-Error
Fastly-GeoIP-CountryCode
X-B3-Trace-ID
X-Cache-Id
Tube-Return
Producers
C-Via
Tube-Get-Contents
CacheControlHeader
X-LSADC-Cache
Tube-Got-Eval
Tube-Got-Results
XM
Fastly-Drupal-HTML
X-Source
Mime-Version
X-Origin-Response-Time
X-Sucuri-ID
X-Pad
CloudFront-Viewer-Country
X-ZONE
NGX
X-Cached-By
X-Refresh
X-Varnish-Hits
Debug
Load-Balancing
X-Via-Poph
X-Datadome
X-APP
Cookie
X-Via-Popv
X-Via-Popn
X-AIR-PT
X-Debug-Service
X-HA-Backend
GeoIP-Latitude
X-Servedbyhost
X-Nginx-Cache-Key
GeoIp-Country-Code
X-TT-LOGID
True-Client-Country-4JS
Server-Hostname
X-Nananana
X-TH-Server
Sever-Int
X-DynaTrace-JS-Agent
Product
Server-Ext
X-Srv
HA-Ipaddr
Server-ID
X-Zone
X-Litespeed-Tag
X-Webkit-CSP
Cdn
X-Ez-Minify-Html
X-Amz-Meta-Cb-Modifiedtime
Show-Do-Not-Sell-Link
X-Cdn-Forward
Traceparent
X-GeoIP
X-Wa
X-Cache-VC
X-Cache-Backend
X-Fpc
X-Nc
WZWS-RAY
X-Newrelic-Synthetics
X-User
X-B3-Parentspanid
Edge-Cache
DataCenter
X-Unity-Cache
HostName
X-LB-ID
Fastly-Drupal-Html
MIME-Version
Tcn
SID
X-VCL-Version
X-Lsadc-Cache
X-Request-Start
X-CDN-Provider
X-LB-NoCache
X-AC
Akamai-Mon-Iucid-Del
Resin-Trace
Lb
X-Nginx-Cache
X-Vc
X-B3-Spanid
XkeyR9
X-Scheme
X-Service-Response-Time
X-Proxy-CacheR9
Xkey-La3
A
Wsr-Cache
Sm-Log-Id
X-Proxy-Cache-La3
Xkeylog
Serverhost
CountryCode
X-LiteSpeed-Tag
X-HOST
X-TX-ID
Yjs-Id
X-Datacenter
Cs
Surrogated-Key
X-CS
X-LiteSpeed-Cache-Control
Hostname
X-RateLimit-Limit
X-Lb-Id
NtCoent-Length
X-Pool
X-Request-Host
X-HubSpot-Correlation-Id
X-NodeID
X-WA
X-Dynatrace-Js-Agent
Cdn-Requestid
Uri
X-FPC
Esi-Enabled
X-Akamai-Pragma-Client-IP
CDN
Datacenter
X-API-Version
X-RequestId
X-Fastly-Backend-Reqs
X-ID
X-Vgn-Hpd-Reason
X-Cache-Grace
RATING
X-NC
X-VC-Age
X-Udemy-Cache-App-Namespace
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-DynaTrace
Server-Id
X-Styx-Origin-Id
Yak-Timeinfo
X-DataCenter
X-TIM-N
X-Styx-Info
X-Via-JSL
X-Stale
Content-Secure-Policy
X-HA-Device-Type
Cr
X-HA-Application-Name
Pramga
Proxy-Firewall
X-HA-Bot-Classification
X-Html-Minification-Powered-By
N1-Cache
X-CSRF-TOKEN
T-Server
X-TimeS
Geoip-Latitude
W
X-Srcache-Store-Status
X-Var-Ttl
X-Ez-Minify-Js
X-Srcache-Fetch-Status
X-Via-Edge
X-Via-SSL
GeoIP-Country-Code
Edge-Copy-Time
X-Via-CDN
ServerHost
Cloudfront-Viewer-Country
Srv
X-Swift-Error
X-Zen-Fury
Req-ID
X-Lb-Nocache
X-Varnish-Beresp-TTL
X-ServedByHost
From-Cache
X-Jobs
X-Ha-Backend
X-Geolocation
X-Wp-Cf-Super-Cache-Cache-Control
X-Oracle-DMS-ECID
X-Wp-Cf-Super-Cache
X-Via-PopH
X-Via-PopV
X-Via-PopN
True-Client-IP
X-MSEdge-Features
X-MSEdge-Flight
X-CACHE-KEY
X-App
X-CACHE-GROUP
WP-Super-Cache
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sorting-Hat-Podid
X-Wp-Cf-Super-Cache-Active
X-Sorting-Hat-Shopid
X-Shopid
X-Shardid
X-LAGOON
X-ByteArk-ReqID
X-ByteArk-Cache
On-Server
X-Proxy-Cache-LA2
FSS-Cache
X-Correlation-ID
X-Cdn-Srv
X-Ramcache
X-Ssense-Gql
Ohc-File-Size
X-Key
X-Ssense-Shipping-Surcharge-Enabled
X-VServer
Ohc-Cache-HIT
X-Powered-By-VTEX-Cache
CF-Cached-On
X-Geo
X-Web-Server
X-Elasticpress-Query
Ngx
X-Webkit-Csp-Report-Only
Cl-Cache
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Check-Cacheable
X-Cdn-Cache-Status
X-Sucuri-Id
X-ATG-Version
X-PageType
X-Serial
Akamai-X-True-TTL
WebServer
X-Th-Server
X-DC
X-Fastly-Cache
X-Iplb-Request-Id
Cf-Ipcountry
X-Iplb-Instance
Warning
Coldstone-Viewer-Currency
Cneonction
FSS-Proxy
X-Beacon
X-MiniProfiler-Ids
X-Limited
X-WA-Info
My-App
Xkey-G-Jp
User-Agent
X-Mg-Cache
X-Fastly-Cache-Status
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
X-Request-Url
X-Env
Host-Name