Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
Cf-Request-Id
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
X-Ua-Compatible
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
P3p
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
X-Cache-Group
X-Amz-Version-Id
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
Allow
X-Pingback
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-FTR-Request-ID
X-Device
X-Litespeed-Cache
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Ruxit-JS-Agent
X-Server-Id
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-Country
Fastly-Restarts
X-TraceId
X-Clacks-Overhead
X-Content-Type
X-Application-Context
X-Vname
X-TtlSet
X-PC
Rating
X-Times
Request-Id
X-Cnection
X-Cache-TTL
X-Edge
X-Mcache
X-Browser-Type
X-Midtier
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Expires
X-Ac
X-ESI
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Element-Page-Cache
X-Cdn-Fetch
X-Abt-Application-Version
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-NWS-LOG-UUID
X-D2id
Verso
X-FastCGI-Cache
X-B3-TraceId
X-Upstream
X-ECACHE
X-ORACLE-DMS-RID
X-Amz-Rid
X-Mod-Pagespeed
X-Navigation-Version
Nginx-Cache
X-Nf-Request-Id
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Client-IP
X-GitHub-Request-Id
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Akamai-GRN
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Language
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
Response
X-Middleton-Response
X-Envoy-Decorator-Operation
S
X-Goog-Hash
AR-ATIME
Edge-Cache-Tag
AR-Request-ID
AR-PoweredBy
X-ARC
X-Resp-Is-Stale
X-MS-InvokeApp
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ua-Device
X-Ser
X-Content-Digest
X-Url
X-Distributor
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
Access-Control-Request-Method
X-Dw-Request-Base-Id
Front-End-Https
X-Ezoic-Cdn
X-NGENIX-Cache
X-Recruiting
X-Shield-Request-Id
X-Cache-Key
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Version
X-Forwarded-For
Public-Key-Pins
X-T
X-Varnish-TTL
X-MSEdge-Ref
X-Ttl
TP-Cache
X-Mg-S
Fastcgi-Cache
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-Server-Name
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
Cache-Tags
X-Id
X-Cached
X-Fastly-Request-ID
X-CST
AR-CACHE
X-Newrelic-App-Data
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Kong-Proxy-Latency
X-Ua-Browser
Payment
X-Kong-Upstream-Latency
X-TTL
X-DIS-Request-ID
X-Xrds-Location
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-ECID
Content-MD5
X-GUploader-UploadID
X-RateLimit-Remaining
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Webp
X-HP-Trace-Id
X-HS-Prerendered
X-HS-CF-Cache-Status
Content-Disposition
Count-Hit
X-Oneagent-Js-Injection
X-Ratelimit-Remaining
X-Azure-Ref
X-Amz-Replication-Status
X-Webkit-Csp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-Px
X-Page-Id
Cross-Origin-Resource-Policy
Accept-Charset
X-Unique-Id
Cleartype
X-Logged-In
X-Ratelimit-Reset
X-Ruxit-Js-Agent
X-Protected-By
X-Git-Hash
X-Proxy
X-Request-Handler-Origin-Region
X-Microsite
X-FB-Debug
X-AppVersion
X-Rid
X-Az
X-Activity-Id
X-Origin-Server
X-VARITI-CCR
X-Www-Served-By
X-Hits
X-Load-Cache
Cross-Origin-Embedder-Policy
X-LLID
X-Goog-Metageneration
X-Template
X-Varnish-Backend
X-Server-ID
MicrosoftSharePointTeamServices
YJS-ID
Version
Server-Node
X-Forwarded-Proto
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
X-Upgrade-Enabled
X-URL
X-Amzn-RequestId
X-Amz-Apigw-Id
Ar-SID
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Hostname
X-Frontend
X-NF-Request-ID
X-Content-Options
X-Varnish-Server
X-SERVER-NAME
X-B3-Sampled
Section-Io-Cache
X-App-Server
X-TT
Viewport
X-Varnish-Grace
MRF-Tech
Mrf-Cache-Status
X-Device-Type
X-Status
X-B3-TraceId-Primal
Fastly-SIE
X-B
Fastly-SWR
X-Grace
X-Fb-Rlafr
Access-Control-Allow-Method
Alternate-Protocol
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Request-Device-Id
Upgrade-Insecure-Requests
Healthy
X-Cache-Age
X-Varnish-Ttl
TCN
X-Request-Guid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
X-Wormhole-Sdk
X-Magnolia-Registration
X-Buckets
X-EdgeConnect-Cache-Status
X-CSRF-Token
DC
Amp-Access-Control-Allow-Source-Origin
X-Debug
AR-SID
Retry-After
X-WebKit-CSP-Report-Only
X-Amzn-Remapped-Content-Length
AKAMAI-GRN
X-Contextid
X-Cache-Control
MS-Author-Via
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Revision
X-Meli-Trace-Site
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Response-Served-From
X-Original-Request-Id
X-Instance
X-Vcl-Version
X-Is-Bot
X-Adobe-Loc
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-NYM-Debug-Backend
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Type
X-Fastcgi-Cache
X-Adobe-Content
X-Origin-CC
X-Origin-TTL
X-Backend-Name
X-Lambda-Id
X-G
X-Mobile
X-Akamai-Edgescape
Section-Io-Id
Access-Control-Request-Headers
X-Seen-By
SD-X-WS
X-Tec-Api-Origin
X-Framework
X-Tec-Api-Root
X-Content-Powered-By
X-Mg-Request-UUID
X-Tec-Api-Version
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Hl-Ver
X-Debug-IsConnected
Charset
X-UUID
X-Tumblr-User
X-Trace-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-ServerID
X-Storage
NGB
X-Cache-Hit
X-Server-W
X-RM-Cache-TTL
X-Dc
X-ProcessESI
X-RTag
X-INCAP-ABP
Ms-Operation-Id
X-RemovedCookies
MS-CV
X-COUNTRY
X-Akamai-Request-ID2
X-AB
X-N
X-App-Version
X-Cache-Time
X-Cache-Status-Check
Filterid
Refresh
X-DataDome
Frame-Options
X-Time
X-Request-Site
X-Request-Bu
X-Request-Platform
Protected
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SRV
X-B3-SpanId
Accept-Language
Cache
X-Real-IP
X-Region
X-Node-Name
Webserver
X-LB-Cache
CDN-RequestId
Paypal-Debug-Id
Onion-Location
Cross-Origin-Window-Policy
X-CCDN-Origin-Time
X-User-Agent
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Ms-Request-Id
X-Ms-Version
X-Datadog-Sampled
Liferay-Portal
X-Datadog-Sampling-Priority
X-Whom
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-F-Cache
X-VC-Cache
X-Cache-Expired-At
Request-ID
Priority
X-HTML-Minification-Powered-By
X-WP-CF-Super-Cache-Active
X-IPS-LoggedIn
X-Mode
OT-Force-Account-Verify
X-Rocket-Nginx-Serving-Static
Backend
X-Requestid
Xet-Cookie
X-Proxy-Cache-Info
X-VC
X-Pass-Why
X-Cacheable-TTL
X-App-Environment
X-Environment-Context
GEO-INFO
X-L-Path
X-Tb
X-FW-Type
X-FW-Version
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-Drupal-Cache-Tags
X-FW-Serve
X-Cloudmap
X-Proxied
Fastcgi-Useragent
X-Rewrite-Enabled
Url
X-Service
X-Handled-By
ServerID
Web-Mar-Node
X-Detected-As
X-Debug-Info
X-Loop
X-Rn-Rsrv
X-MP-GENERATED-AT
X-Routing-Service
X-Tncms
X-Extlb
X-Zipkin-Id
X-SaId
X-UPSTREAM-Address
X-Servername
X-Oracle-Dms-Ecid
Meta-Geo
X-Adobe-Source
X-Vcache
X-JoinUs
Filters
Webcakes-Region
X-Is-Mobile
X-Is-Desktop
X-Director
X-Endurance-Cache-Level
TWC-Connection-Speed
TWC-Locale-Group
X-Locale
TWC-GeoIP-City
X-Format
X-Geo-Region
X-Logging-Id
Webcakes-App-Version
Webcakes-App-Name
X-Is-Tablet
Property-Id
ServedBy
TWC-Device-Class
X-Alternate-Cache-Key
TWC-GeoIP-Country
X-Forwarded-Host
TWC-GeoIP-DMA
X-Origin-Date
TWC-Privacy
X-Hit
X-Is-Supported-Browser
X-Hosted-By
X-Rule
X-Storefront-Renderer-Rendered
Country
TWC-GeoIP-LatLong
TWC-GeoIP-Region
X-Browser-Name
X-Cache-Host
X-Shopify-Stage
X-Web-Node
X-Restarts
X-Tcp-Rtt
X-Varnish-Beresp-Grace
X-Origin-Hint
Atl-Traceid
X-HITS
X-IPLB-Instance
X-IPLB-Request-ID
X-ProxyCache-Status
Environment
X-Redis-Cache
X-ProxyCache-Key
Mn-Server-Ip
X-Cluster
X-Edge-Location
X-Cluster-Node
X-Httpd
Apigw-Requestid
X-Cache-Action
X-Say-Cacheable
X-Soup
X-Cdn-Origin
X-Generation-Time
X-Wix-Request-Id
X-Skip-Cache
Uber-Trace-Id
X-Cms-Context
X-Say-TTL
X-SayCDN-TTL
X-Scope-Id
X-BYPASS-REASON
X-RateLimit-Remaining-Second
X-S
X-Served-From
X-PHP-Host
X-Labrador-Cache-Channel
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
X-RateLimit-Limit-Second
DB-Nickname
X-Auth-Group-Type
Expiry
X-R9-Blue-Green-Version
X-Proxy-Build
X-Connection-Hash
Cache-Hits
X-Origin
X-Fetched-On
X-Timing-Wait
X-Mly-Id
LB
Selected-Fe
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Urbn-Site-Id
X-Source
X-Urbn-Context-Path
Locale
X-Origin-Cache
X-ECache
Countrycode
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShardId
X-GEO
X-ShopId
X-No-Session
X-Varnish-Cache-Hits
X-VCT
X-RCS-CacheZone
X-Varnish-Age
X-Cache-Debug
Front
X-SRV
X-Webkit-CSP
YJS-CacheStatus
X-WP-CF-Super-Cache-Cookies-Bypass
X-Yandex-Req-Id
WPO-Cache-Status
X-Is-Modern-Browser
X-Lagoon
Node
X-CLOUD-TRACE-CONTEXT
X-UA
Xserver
X-Site-Version
X-Api-Version
X-Webstats-RespID
X-Varnish-Beresp-Ttl
X-XRDS-Location
X-TT-LOGID
X-Generated-By
From-Origin
Cache-Provider
X-Platform
X-Provided-By
X-Azure-Ref-OriginShield
X-Is-Mobile-Only
X-CDN-Forward
Cache-Tv-Group
X-TA-CDN-Provider
Referer-Policy
X-Accel-Version
X-Cdn
X-Xfnlog-Site
X-VC-TTL
X-B3-Traceid
X-Ua
X-Fastly-Request-Id
X-NewRelic-App-Data
X-Signature
X-B-Cache
AMP-Access-Control-Allow-Source-Origin
X-CDN-Cache-Status
X-Sucuri-Cache
CF-IPCountry
WPO-Cache-Message
X-Reqid
Location
X-NWS-UUID-VERIFY
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullCode
CDN-Uid
X-Air-Pt
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-CachedAt
X-PHP-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-ID
X-Cache-Operation
X-Cache-Rule
X-IsAdmin
X-CACHE-AGE
X-Tx-Id
X-Content-Age
X-Frame-Option
RNT-Time
RNT-Machine
Xc-Version
Rendered-Blocks
Meta-Geo-Continent
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
Expect-Staple
Cdncip
Candidate-Md5Url
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Fastly-SSL
Fl-Custom-Application
X-Request-URI
X-Origin-Expires
XM
Origin
Odigeo-Trace-Id
Ngx.Var.Host
Lang
Log-Origin
MD5-Digest
Redirect-Candidate
X-Old-Content-Length
X-S-Cookie
X-Cache-Aspx
X-Cache-NE
X-Clientip
X-Conf
X-Bl-Debug
X-BCube-Filmed-By
X-Application
X-Section
X-ScT
X-Auto-Login
X-B-Cookie
X-Contensis-Viewer-Groups
X-GeoCountry
X-Ec-Fail
X-Forwarded-Site
X-Rocket-Build-Number
X-Fmm-Version
X-Ec-GeoHdr
X-Developer
X-Destination
X-GeoCode
X-D
X-Rojux
X-Depends
X-Sigma
X-HS-Content-Campaign-Id
X-Loc
X-A-Dgt
X-A-Wwc
X-VG-WebCache
X-Ig-Push-State
X-Micro-Cache
X-External-Request-Id
Web-Mar-Region
Sslversion
X-A
X-A-Ccd
X-A-Dcw
X-VG-TLSProxy
X-Access
X-Aed
X-Action
X-AK-Request-ID
X-Slack-Backend
X-Sigma-Backend
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Ig-Origin-Region
X-Vdms-Version
X-Varnish-Director
X-Varnish-Authentication
X-Vtex-Remote-Cache
X-A-Dam
X-Optimistic-Header
X-Bc-Bl
X-Block-Status
X-BBC-Edge-Cache-Status
X-Bug-Bounty
X-Backend-Instance
X-Akamai-Device-Characteristics
X-App-Name
X-Litespeed-Tag
X-CGP
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Date
X-DefElseHash
X-Varnish-CookieINHashed-On
X-CUA
X-Varnish-Hostname
X-Content-Length
X-Csrf-Jwt
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
Store-Cloud-Cache
ServerName
TDXMobile
Time-Cloud-Cache
Req-Svc-Chain
Origin-CC
Origin-EX
X-Cms-Device
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Worker
X-Accel-Expires-Debug
X-Region-Sid
Wxu-Next-Region
Wxu-Next-Hostname
User-Cache-Control
V-Age
Wxu-Next-Commit
X-DefHash
X-V-Cache
X-Men
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Shield-Cache-Expires
X-Internal-TTL
X-Human
X-Sn-Servicetimems
X-SIPLIST1
X-Moov-Xdn-Version
X-SD-PageType
X-Policy
X-Req
X-Pubstack
X-PAYTM-SRV-ID
X-Path
X-Node-Id
X-Nyt-Route
X-Origin-Time
X-Hnp-Log
X-Hash
X-Fastly-Backend
X-Up
X-FC-Vary-Parameters
X-Uri
X-Eu-Site
Origin-Agent-Cluster
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-UA-Device-Type
X-Thinkindot-L3
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-GeoIP-City
X-Gen-Mode
X-Thinkindot-L1
X-From
X-Gdpr
X-Varnish-Beresp-Status
X-We-Are-Hiring
Azure-SlotName
Azure-Version
X-Save-Cache
Azure-SiteName
Gh-Request-Id
Azure-RegionName
L
Country-Code
Ha-Gx-Prefs
IsBot
Cmsid
L5d-Success-Class
Cluster
CDCHOST
Cmstype
X-Core-Value
X-Ee-Request-Date
X-Ee-Request-Id
Azure-InstanceId
Gannett-Cam-Experience-Id
X-Ee-Generated-By
X-Viewer-Country
X-Ee-Origin
DSUID
X-Vary-Devices
X-CacheTTL
X-Level-Front-Cache
X-Vercel-Id
X-DPWN-IS-SECURE
X-Cache-FS-Status
X-Vercel-Cache
X-Cache-Id
Content-Script-Type
X-Generated-On
X-Ion-Hop
Fastly-Backend-Name
Content-Style-Type
X-Jungle-Id
X-VarnishDD-TTL
X-Dispatcher-Server
Cdn-Request-Time
X-ApacheServer
X-PERF
Host-ID
X-Server-IP
X-SVT-ORM-RULES
X-Mvc-Supplant-Cachable
X-NMSegId
X-Proto
X-Org
X-Op-Id-All
X-SB
X-HN
X-Gzip
X-Render-Time
X-Cache-Date
Click-Count-Action-Start
Click-Count-Error
X-Esi-Check
Cdn-Host
X-Gamma-Serve
X-SVT-ORM-VERSION
X-Thanos
C-Via
CacheControlHeader
X-Edge-Server
X-Ion-Healthy
Server-Host
N-Cache
RewriteTestHook
NM-Fastcgi-Cache
Nord-Request-ID
X-Amz-Storage-Class
X-Debug-Cache-Fetch
X-Vmg-Version
Tube-Get-Contents
X-AB-Test
X-Wikidot-Backend
X-Wikidot-Static-Cache
Cache-Contol
Tube-Return
Tube-Got-Eval
Tube-Got-Results
Mail-Subject
RewriteTeamHook
PFcat
X-Debug-Cache-Store
X-Via-Fastly
X-Bip
Fastly-GeoIP-CountryCode
Machine
X-B3-Trace-ID
Platform
Release
Producers
We-Hiring
Pragrma
X-Presslabs-Stats
X-Parent-Response-Time
X-LSADC-Cache
X-Tt-Logid
Canary
X-Proxied-Request
Source
X-Origin-Response-Time
X-Mvc-Supplant-OutputCached
X-Location
Sid
X-TH-Server
Origin-Site
X-ElasticPress-Query
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Cs
X-Litespeed-Cache-Control
NGX
Fastly-Drupal-HTML
Debug
Product
X-ZONE
X-Cached-By
X-Pad
Powered-By
X-Amz-Meta-Cb-Modifiedtime
X-Refresh
S-Rt
HA-Ipaddr
Mime-Version
X-NGINX-Cache
X-APP
X-Via-Poph
Vix-Hermes-Req-Id
X-Via-Popn
X-Cache-VC
X-Via-Popv
X-Upstream-Ct
X-Datadome
X-Cdn-Forward
X-Upstream-Ht
X-HA-Backend
X-Varnish-Hits
CloudFront-Viewer-Country
X-ND-Cache
X-Nginx-Cache
X-Nananana
Pics-Label
GeoIP-Latitude
Cookie
X-LB-ID
X-User
Edge-Cache
X-Ah-Environment
X-Servedbyhost
X-AIR-PT
X-DynaTrace-JS-Agent
Server-ID
X-GeoIP
Akamai-Mon-Iucid-Del
HostName
X-LB-NoCache
Surrogated-Key
GeoIp-Country-Code
MIME-Version
X-Wa
X-Request-Start
X-Nc
X-Fpc
X-Zone
X-Scheme
X-Srv
WZWS-RAY
DataCenter
SID
Fastly-Drupal-Html
X-B3-Parentspanid
Tcn
X-Nginx-Cache-Key
X-Unity-Cache
Resin-Trace
X-Debug-Service
N1-Cache
Server-Ext
X-Lsadc-Cache
True-Client-Country-4JS
Lb
X-Pool
Sever-Int
X-NodeID
X-RateLimit-Limit
Server-Hostname
X-Request-Host
X-RequestId
X-CS
X-LiteSpeed-Cache-Control
Load-Balancing
Show-Do-Not-Sell-Link
X-Cache-Grace
X-DynaTrace
X-VCL-Version
X-DataCenter
NtCoent-Length
Wsr-Cache
Cdn
X-Cache-Backend
Sm-Log-Id
X-Service-Response-Time
Yak-Timeinfo
X-Vgn-Hpd-Reason
X-FORWARDED-FOR
X-B3-Spanid
X-TX-ID
Yjs-Id
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Newrelic-Synthetics
Traceparent
X-Datacenter
X-Zen-Fury
Edge-Copy-Time
X-HOST
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Geolocation
X-NODE
X-Vc
Req-ID
X-Jobs
X-WA
X-API-Version
X-HubSpot-Correlation-Id
CDN
X-Client-Ip
X-FPC
X-CDN-Provider
X-Udemy-Cache-App-Namespace
X-NC
Cdn-Requestid
X-Cdn-Srv
Datacenter
X-Fastly-Backend-Reqs
X-LiteSpeed-Tag
Server-Id
X-VTEX-Cache-Server
X-Dynatrace-Js-Agent
X-ID
X-Powered-By-VTEX-Cache
Serverhost
Hostname
GeoIP-Country-Code
Xkey-La3
Uri
WP-Super-Cache
X-Proxy-CacheR9
Xkeylog
X-Proxy-Cache-La3
XkeyR9
X-VTEX-Cache-Time
X-Webkit-Csp-Report-Only
X-Html-Minification-Powered-By
X-Akamai-Pragma-Client-IP
Geoip-Latitude
A
True-Client-IP
X-Varnish-Beresp-TTL
On-Server
X-ServedByHost
X-WA-Info
X-Stale
T-Server
X-Lb-Id
ServerHost
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Currency
X-Ez-Minify-Js
Coldstone-Viewer-Country
RATING
Proxy-Firewall
X-TimeS
X-Esi
Cloudfront-Viewer-Country
From-Cache
Srv
Esi-Enabled
X-Swift-Error
X-Lb-Nocache
X-Via-JSL
Cs
WebServer
X-Oracle-DMS-ECID
CountryCode
X-VC-Age
X-App
X-Ha-Backend
X-CSRF-TOKEN
X-Ez-Minify-Html
BehaviorPad-Version
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-CACHE-KEY
X-Styx-Info
X-Styx-Origin-Id
X-MSEdge-Flight
X-MSEdge-Features
X-HA-Device-Type
X-Ssense-Shipping-Surcharge-Enabled
Pramga
X-HA-Application-Name
X-Correlation-ID
X-HA-Bot-Classification
Cr
X-Ssense-Gql
X-Fastly-Cache
X-Via-PopN
X-Via-PopV
FSS-Cache
X-Via-PopH
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Sorting-Hat-Podid
X-Geo
X-Sorting-Hat-Shopid
X-Check-Cacheable
X-Web-Server
X-Request-Time
Ngx
X-Nitro-Cache
Content-Secure-Policy
X-Cdn-Cache-Status
X-Shardid
X-Shopid
X-Var-Ttl
X-TIM-N
True-Client-Ip
My-App
X-Th-Server
W
User-Agent
X-Proxy-Cache-LA2
X-Elasticpress-Query
X-DC
X-ATG-Version
X-Sucuri-Id
X-Request-Url
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-X-True-TTL
X-Fastly-Cache-Status
X-Serial
Cf-Ipcountry
Cl-Cache
Xkey-G-Jp
X-Ramcache
X-Cache-TTL-Remaining
Bxuuid
Bxpunish
X-Mg-Cache
Cneonction
X-Env
Ohc-Cache-HIT
Warning
Ohc-File-Size
Host-Name
X-Fastly-Cache-Hits
FSS-Proxy
X-VServer
X-Platform-Server
X-Beacon