Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
Cf-Request-Id
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Accept-Ch
Server-Timing
Permissions-Policy
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Request-ID
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-Cache-Group
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-LiteSpeed-Cache
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Server-Id
X-Ruxit-JS-Agent
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Accept-Ch-Lifetime
Cache-Tag
P3p
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Clacks-Overhead
X-Content-Type
X-Country
X-Application-Context
X-Vname
X-TtlSet
X-PC
Rating
X-Times
X-Cnection
X-ESI
X-Cache-TTL
X-Browser-Type
X-Edge
X-Mcache
X-Midtier
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Expires
X-Ac
Origin-Trial
Edge-Control
X-Powered-By-Plesk
X-Exp-Variant
X-Kinja
X-D2id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Element-Page-Cache
X-Kinja-Build
X-Exp-Id
X-Abt-Application-Version
X-NWS-LOG-UUID
X-FastCGI-Cache
Verso
X-Upstream
X-B3-TraceId
X-Nf-Request-Id
X-ORACLE-DMS-RID
X-Navigation-Version
X-ECACHE
X-Mod-Pagespeed
Nginx-Cache
X-Amz-Rid
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Client-IP
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-GitHub-Request-Id
X-Language
X-Middleton-Response
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
Response
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Envoy-Decorator-Operation
Akamai-GRN
X-Ratelimit-Limit
X-Ua-Device
S
Edge-Cache-Tag
AR-ATIME
X-Goog-Hash
AR-PoweredBy
AR-Request-ID
X-Resp-Is-Stale
X-MS-InvokeApp
X-ARC
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Distributor
X-Content-Digest
SPRequestDuration
SPIisLatency
SPRequestGuid
X-SharePointHealthScore
X-Url
Access-Control-Request-Method
X-Cache-Key
X-Ezoic-Cdn
Front-End-Https
X-Dw-Request-Base-Id
X-NGENIX-Cache
X-Recruiting
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Varnish-TTL
X-Ttl
Public-Key-Pins
X-Forwarded-For
X-T
X-MSEdge-Ref
TP-Cache
Fastcgi-Cache
X-Mg-S
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Fastly-Request-ID
X-CST
X-HS-Combine-CSS
X-Server-Name
X-Request-Received
X-Request-Processing-Time
X-Kong-Upstream-Latency
Payment
X-Kong-Proxy-Latency
X-Ua-Browser
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
Content-MD5
X-Xrds-Location
X-GUploader-UploadID
X-Newrelic-App-Data
X-ORACLE-DMS-ECID
X-Ratelimit-Remaining
X-TTL
X-Oneagent-Js-Injection
X-HS-Prerendered
X-HS-CF-Cache-Status
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Webp
X-RateLimit-Remaining
X-Webkit-Csp
Content-Disposition
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-Ruxit-Js-Agent
X-Px
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-PressLabs-Stats
X-Page-Id
Cleartype
X-Ratelimit-Reset
X-Microsite
X-Request-Handler-Origin-Region
Cross-Origin-Resource-Policy
X-Unique-Id
Accept-Charset
X-Logged-In
X-Proxy
X-FB-Debug
X-Protected-By
X-Az
X-Origin-Server
X-AppVersion
X-Git-Hash
X-Activity-Id
X-Rid
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-Www-Served-By
X-Load-Cache
X-LLID
X-Goog-Metageneration
X-Template
YJS-ID
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-SERVER-NAME
Version
X-Amz-Meta-S3cmd-Attrs
X-URL
X-Forwarded-Proto
Server-Node
X-Hits
X-Upgrade-Enabled
Ar-SID
Server-Name
X-Geo-Country
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Hostname
X-Frontend
X-Content-Options
X-B3-Sampled
X-Varnish-Server
Section-Io-Cache
Viewport
X-TT
X-Status
X-App-Server
X-Varnish-Grace
X-Request-Device-Id
MRF-Tech
Mrf-Cache-Status
X-Device-Type
X-B3-TraceId-Primal
X-B
Fastly-SWR
X-Grace
Fastly-SIE
Alternate-Protocol
X-Fb-Rlafr
Access-Control-Allow-Method
TCN
X-Server-ID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-NF-Request-ID
Upgrade-Insecure-Requests
Healthy
X-Request-Guid
X-COUNTRY
X-Tt-Trace-Tag
X-Tt-Trace-Host
Host
X-Magnolia-Registration
Amp-Access-Control-Allow-Source-Origin
X-Buckets
X-WebKit-CSP-Report-Only
X-Varnish-Ttl
DC
X-EdgeConnect-Cache-Status
X-Cache-Age
AKAMAI-GRN
Retry-After
X-Wormhole-Sdk
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-Debug
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Contextid
X-Cache-Control
MS-Author-Via
AR-SID
X-Revision
X-Instance
X-Response-Served-From
X-Original-Request-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Cross-Origin-Opener-Policy-Report-Only
X-Origin-CC
X-Origin-TTL
Cross-Origin-Embedder-Policy-Report-Only
X-Is-Bot
X-NYM-Debug-Backend
X-Yottaa-Optimizations
X-Rendered-As
X-Adobe-Loc
X-Adobe-Content
X-UUID
X-Yottaa-Metrics
X-Type
X-Seen-By
X-Vcl-Version
X-Backend-Name
SD-X-WS
X-G
Access-Control-Request-Headers
Section-Io-Id
X-Lambda-Id
X-Akamai-Edgescape
X-Hl-Ver
X-Debug-IsPreview
X-Trace-Id
X-Mg-Request-UUID
X-Tumblr-Pixel-1
X-Tumblr-User
X-Framework
X-Debug-IsConnected
Charset
X-Tumblr-Pixel-0
X-Mobile
X-Content-Powered-By
X-ServerID
X-Tumblr-Pixel
X-Server-W
X-INCAP-ABP
X-RTag
NGB
X-Cache-Hit
X-App-Version
X-RM-Cache-TTL
X-Storage
MS-CV
Ms-Operation-Id
X-Dc
X-Akamai-Request-ID2
X-ProcessESI
X-AB
X-RemovedCookies
X-N
X-DataDome
X-Request-Platform
X-Request-Site
X-Request-Bu
X-Cache-Status-Check
X-Cache-Time
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Frame-Options
Refresh
Filterid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Time
Cache
Protected
X-B3-SpanId
Accept-Language
X-Fastcgi-Cache
X-Region
X-Real-IP
SRV
X-Node-Name
Webserver
Paypal-Debug-Id
CDN-RequestId
Onion-Location
X-User-Agent
X-HITS
X-CCDN-CacheTTL
X-Ms-Version
X-CCDN-Origin-Time
Cross-Origin-Window-Policy
X-Ms-Request-Id
X-Hcs-Proxy-Type
X-LB-Cache
Liferay-Portal
X-Cache-Expired-At
X-Datadog-Sampling-Priority
X-Whom
X-F-Cache
X-Datadog-Trace-Id
X-VC-Cache
X-Datadog-Parent-Id
X-Datadog-Sampled
X-IPS-LoggedIn
X-Requestid
X-HTML-Minification-Powered-By
X-WP-CF-Super-Cache-Active
Priority
X-Mode
X-Rocket-Nginx-Serving-Static
Backend
X-Pass-Why
OT-Force-Account-Verify
Xet-Cookie
X-Oracle-Dms-Ecid
X-Proxy-Cache-Info
X-VC
GEO-INFO
X-L-Path
X-Environment-Context
X-Tb
X-App-Environment
X-Service
X-Drupal-Cache-Tags
X-Cacheable-TTL
Web-Mar-Node
X-Loop
X-MP-GENERATED-AT
Filters
X-Handled-By
X-JoinUs
X-Is-Tablet
ServerID
Fastcgi-Useragent
X-Tcp-Rtt
X-Rn-Rsrv
X-Proxied
X-Rewrite-Enabled
X-Zipkin-Id
Meta-Geo
X-Vcache
X-Servername
X-Tncms
X-UPSTREAM-Address
X-Is-Supported-Browser
X-Browser-Name
X-FW-Dynamic
X-Cloudmap
X-Adobe-Source
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
X-FW-Server
X-Debug-Info
X-Detected-As
X-Is-Desktop
X-Is-Mobile
X-SaId
X-Routing-Service
Url
X-Endurance-Cache-Level
X-Extlb
X-Geo-Region
X-FW-Version
Webcakes-App-Version
TWC-GeoIP-Region
X-IPLB-Request-ID
TWC-Privacy
X-IPLB-Instance
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Name
TWC-GeoIP-LatLong
X-Alternate-Cache-Key
Property-Id
Country
ServedBy
X-Rule
X-Restarts
X-Origin-Hint
TWC-Connection-Speed
TWC-GeoIP-DMA
X-Shopify-Stage
X-Web-Node
X-Wix-Request-Id
X-Varnish-Beresp-Grace
X-Storefront-Renderer-Rendered
Atl-Traceid
TWC-GeoIP-Country
X-Origin-Date
X-Director
TWC-GeoIP-City
LB
X-Cdn-Origin
X-Cache-Host
X-Format
X-Forwarded-Host
TWC-Device-Class
X-Locale
X-Logging-Id
X-Hosted-By
X-Hit
X-Generation-Time
Mn-Server-Ip
X-Say-Cacheable
X-Soup
X-Scope-Id
X-SayCDN-TTL
Uber-Trace-Id
X-Cms-Context
X-Skip-Cache
X-Redis-Cache
X-Say-TTL
X-ProxyCache-Status
X-Cluster
X-Cache-Action
X-Cluster-Node
X-Edge-Location
X-ProxyCache-Key
X-Httpd
X-BYPASS-REASON
Apigw-Requestid
Environment
X-ECache
X-Labrador-Cache-Channel
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Mly-Id
X-PHP-Host
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
X-S
X-Served-From
X-Timing-Wait
Selected-Fe
X-Origin
X-R9-Blue-Green-Version
Expiry
X-Connection-Hash
X-Urbn-Context-Path
DB-Nickname
X-Urbn-Site-Id
X-Fetched-On
X-Auth-Group-Type
Cache-Hits
Locale
X-Proxy-Build
X-Origin-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
Countrycode
X-GEO
X-NewRelic-App-Data
X-Sorting-Hat-ShopId
X-ShardId
X-No-Session
X-RCS-CacheZone
X-VCT
X-Sorting-Hat-PodId
X-ShopId
YJS-CacheStatus
X-Cache-Debug
X-Varnish-Cache-Hits
X-Source
X-Yandex-Req-Id
X-Is-Modern-Browser
X-Varnish-Age
Front
X-SRV
X-UA
X-CLOUD-TRACE-CONTEXT
X-WP-CF-Super-Cache-Cookies-Bypass
X-Lagoon
WPO-Cache-Status
X-Api-Version
X-Varnish-Beresp-Ttl
Node
X-XRDS-Location
Xserver
X-Provided-By
X-CDN-Forward
X-Webstats-RespID
X-Is-Mobile-Only
X-Site-Version
X-Platform
X-Generated-By
Cache-Tv-Group
X-Cdn
Cache-Provider
From-Origin
X-Accel-Version
X-B3-Traceid
X-Azure-Ref-OriginShield
X-Fastly-Request-Id
Referer-Policy
X-TA-CDN-Provider
X-CACHE-AGE
X-Xfnlog-Site
X-CDN-Cache-Status
X-B-Cache
X-Signature
X-VC-TTL
X-TT-LOGID
X-Ua
Request-ID
CF-IPCountry
X-Sucuri-Cache
X-PHP-Backend
X-NWS-UUID-VERIFY
Location
WPO-Cache-Message
CDN-Uid
CDN-RequestPullCode
CDN-PullZone
X-Tx-Id
CDN-RequestPullSuccess
CDN-CachedAt
CDN-RequestCountryCode
X-Air-Pt
CDN-EdgeStorageId
CDN-Cache
AMP-Access-Control-Allow-Source-Origin
X-Reqid
X-Tb-Optimization-Total-Bytes-Saved
X-Optimistic-Header
X-Cache-Operation
X-Cache-Rule
X-Tt-Logid
X-IsAdmin
X-Sucuri-ID
X-Content-Age
X-Developer
Cdncip
X-Destination
X-Core-Value
X-D
Candidate-Md5Url
X-Depends
Cdnsip
Apple-News-Services-Handled
X-Varnish-Authentication
X-Ee-Request-Id
X-External-Request-Id
X-Fmm-Version
X-GeoCode
X-Vtex-Remote-Cache
X-Ee-Request-Date
X-Ee-Origin
Apple-News-Services-Request-Url
X-Ec-GeoHdr
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Ee-Generated-By
X-Contensis-Viewer-Groups
X-Ec-Fail
X-Cache-NE
X-A-Dcw
Odigeo-Trace-Id
Origin
X-A-Dam
X-A-Dgt
X-A-Wwc
Meta-Geo-Continent
X-Access
Ngx.Var.Host
X-A-Ccd
X-A
RNT-Time
Store-Cloud-Cache
Sslversion
RNT-Machine
Time-Cloud-Cache
Web-Mar-Region
Redirect-Candidate
Rendered-Blocks
MD5-Digest
X-Action
DCR-Processing-Time-Ms
X-Bl-Debug
Expect-Staple
DCR-Decision-By
X-Cache-Aspx
X-Cms-Device
X-Clientip
X-GeoCountry
X-BCube-Filmed-By
Fastly-SSL
X-Aed
Lang
Log-Origin
X-AK-Request-ID
X-Application
Fl-Custom-Application
X-B-Cookie
X-Auto-Login
X-Conf
X-Forwarded-Site
XM
X-Sigma-Backend
X-VG-WebCache
X-Viewer-Country
X-Ig-Origin-Region
X-Ig-Push-State
X-VG-TLSProxy
X-Origin-Expires
X-Sigma
X-Frame-Option
X-Loc
X-Micro-Cache
X-Vary-Devices
X-Varnish-Director
X-Request-URI
X-SRCache-Key
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Rojux
X-S-Cookie
X-Old-Content-Length
X-ScT
X-Save-Cache
X-Rocket-Build-Number
X-Section
Xc-Version
X-Vdms-Version
X-HS-Content-Campaign-Id
X-Backend-Instance
X-Akamai-Device-Characteristics
X-Origin-Time
X-PAYTM-SRV-ID
X-App-Name
X-PERF
X-Req
X-SIPLIST1
X-Bc-Bl
X-Node-Id
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
V-Age
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
User-Cache-Control
Thinkindot-CacheControl-Type
X-We-Are-Hiring
TDXMobile
Thinkindot-CacheControl
X-Render-Time
X-Shield-Cache-Expires
X-Acquia-Purge-Cdn-Unconfigured
X-ApacheServer
X-Policy
Host-ID
X-Pubstack
X-Region-Sid
Cluster
X-Block-Status
X-Path
X-CGP
X-Varnish-Beresp-Status
X-Human
X-V-Cache
X-Epic-Correlation-Id
X-Eu-Site
X-UA-Device-Type
X-Internal-TTL
X-Jungle-Id
X-Ion-Hop
X-Varnish-CookieHashed-On
X-Ion-Healthy
X-Fastly-Backend
X-FC-Vary-Parameters
X-Generated-On
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Uri
X-Up
X-Gen-Mode
X-GoCache-CacheStatus
X-Hnp-Log
X-Hash
X-From
X-Gdpr
X-Thinkindot-L3
X-Varnish-CookieINHashed-On
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Content-Length
X-Thinkindot-L1
X-Csrf-Jwt
X-Varnish-Hostname
X-Sn-Servicetimems
X-Nyt-Route
X-SD-PageType
X-Moov-Xdn-Version
X-GeoIP-City
X-CUA
X-Men
ServerName
X-Varnish-Remaining-TTL
X-Ec-Custom-Error
X-Level-Front-Cache
X-DefHash
X-DefElseHash
X-Date
X-Worker
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Bug-Bounty
X-Aicache-OS
Gannett-Cam-Experience-Id
Nord-Request-ID
Origin-Agent-Cluster
Origin-CC
Azure-Version
Origin-EX
Cache-Contol
CDCHOST
Ha-Gx-Prefs
Cmsid
Gh-Request-Id
IsBot
L5d-Success-Class
L
Cmstype
Azure-SlotName
DSUID
Req-Svc-Chain
Country-Code
RewriteTestHook
RewriteTeamHook
Azure-SiteName
Server-Host
Azure-InstanceId
Azure-RegionName
X-Presslabs-Stats
X-LSADC-Cache
X-Thanos
X-Cache-Id
Content-Script-Type
X-CacheTTL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Content-Style-Type
X-Litespeed-Cache-Control
X-Server-IP
CacheControlHeader
X-Mvc-Supplant-Cachable
X-Edge-Server
Sid
X-Esi-Check
X-Gamma-Serve
X-Gzip
X-NMSegId
X-DPWN-IS-SECURE
Cdn-Request-Time
Click-Count-Action-Start
Cdn-Host
X-Proto
C-Via
X-Cache-FS-Status
Click-Count-Error
X-Vmg-Version
Platform
Pragrma
Producers
Origin-Site
X-VarnishDD-TTL
X-Op-Id-All
X-Cache-Date
NM-Fastcgi-Cache
We-Hiring
X-Via-Fastly
Tube-Get-Contents
N-Cache
X-Org
Tube-Got-Eval
Tube-Got-Results
Release
Tube-Return
Mail-Subject
X-SB
Fastly-GeoIP-CountryCode
X-Wikidot-Backend
X-Wikidot-Static-Cache
Fastly-Backend-Name
X-Bip
X-Vercel-Cache
X-Vercel-Id
PFcat
X-B3-Trace-ID
X-Dispatcher-Server
X-Amz-Storage-Class
X-HN
Machine
X-AB-Test
X-AWS-Id
X-Parent-Response-Time
X-VWS-Id
X-LJ-Flow-ID
X-Origin-Response-Time
X-Proxied-Request
Fastly-Drupal-HTML
X-Mvc-Supplant-OutputCached
X-ElasticPress-Query
X-Location
Source
Canary
X-ZONE
X-Litespeed-Tag
X-Pad
Product
S-Rt
Debug
X-TH-Server
Powered-By
X-NGINX-Cache
X-Cached-By
NGX
X-Refresh
Vix-Hermes-Req-Id
X-Amz-Meta-Cb-Modifiedtime
HA-Ipaddr
X-Cs
X-Upstream-Ct
X-Upstream-Ht
CloudFront-Viewer-Country
X-Nananana
Mime-Version
X-Cache-VC
X-ND-Cache
X-APP
Pics-Label
Cookie
X-Ah-Environment
GeoIP-Latitude
X-Via-Poph
X-Via-Popv
X-Servedbyhost
X-Via-Popn
X-Varnish-Hits
X-Cdn-Forward
Edge-Cache
Server-ID
X-Datadome
X-HA-Backend
X-User
X-Nginx-Cache
GeoIp-Country-Code
X-LB-ID
X-DynaTrace-JS-Agent
X-AIR-PT
MIME-Version
X-Webkit-CSP
X-LB-NoCache
X-Fpc
X-GeoIP
X-Nc
X-Wa
Akamai-Mon-Iucid-Del
Surrogated-Key
X-Request-Start
X-B3-Parentspanid
X-Srv
WZWS-RAY
HostName
X-Zone
X-Scheme
X-Debug-Service
X-Unity-Cache
Resin-Trace
X-Nginx-Cache-Key
DataCenter
X-CS
SID
Fastly-Drupal-Html
Server-Hostname
Sever-Int
Server-Ext
True-Client-Country-4JS
X-Pool
Load-Balancing
N1-Cache
Tcn
Show-Do-Not-Sell-Link
Cdn
X-Request-Host
X-NodeID
X-Lsadc-Cache
X-RequestId
X-VCL-Version
Lb
X-Cache-Backend
X-Cache-Grace
Wsr-Cache
X-Service-Response-Time
Sm-Log-Id
X-FORWARDED-FOR
X-B3-Spanid
X-Newrelic-Synthetics
X-Vgn-Hpd-Reason
NtCoent-Length
X-DataCenter
Yjs-Id
Yak-Timeinfo
X-DynaTrace
Traceparent
X-HOST
X-Datacenter
Edge-Copy-Time
X-TX-ID
X-LiteSpeed-Cache-Control
X-Via-SSL
X-Via-CDN
X-Via-Edge
X-Air-Source
X-NODE
X-Air-Trace-Id
X-Vc
X-Air-Hostname
X-Zen-Fury
Datacenter
X-Client-Ip
X-Geolocation
X-RateLimit-Limit
CDN
X-HubSpot-Correlation-Id
X-WA
X-CDN-Provider
Hostname
Cdn-Requestid
Req-ID
X-Jobs
X-API-Version
X-LiteSpeed-Tag
Uri
X-Cdn-Srv
X-Udemy-Cache-App-Namespace
X-NC
Xkeylog
Xkey-La3
X-ID
X-Proxy-CacheR9
X-Dynatrace-Js-Agent
X-Proxy-Cache-La3
XkeyR9
X-FPC
Serverhost
X-Fastly-Backend-Reqs
X-Powered-By-VTEX-Cache
GeoIP-Country-Code
X-Html-Minification-Powered-By
True-Client-IP
X-VTEX-Cache-Time
X-Akamai-Pragma-Client-IP
A
Server-Id
WP-Super-Cache
X-VTEX-Cache-Server
X-Lb-Id
X-CSRF-TOKEN
ServerHost
RATING
X-Ez-Minify-Js
X-Stale
T-Server
Geoip-Latitude
X-TimeS
Proxy-Firewall
On-Server
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-Via-JSL
Srv
X-WA-Info
X-Varnish-Beresp-TTL
From-Cache
Esi-Enabled
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Country
X-Ha-Backend
X-ServedByHost
X-Swift-Error
Cs
X-Oracle-DMS-ECID
WebServer
CountryCode
X-Ez-Minify-Html
X-App
Cloudfront-Viewer-Country
X-VC-Age
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache
Pramga
X-HA-Device-Type
X-MSEdge-Flight
X-Ssense-Gql
BehaviorPad-Version
Ngx
X-HA-Application-Name
X-HA-Bot-Classification
X-Ssense-Shipping-Surcharge-Enabled
X-MSEdge-Features
X-Correlation-ID
X-Styx-Origin-Id
Cr
FSS-Cache
X-Styx-Info
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Sorting-Hat-Podid
X-Check-Cacheable
X-TIM-N
Content-Secure-Policy
X-Sorting-Hat-Shopid
X-Shopid
X-Web-Server
X-Geo
X-Cdn-Cache-Status
X-Var-Ttl
X-Shardid
W
My-App
X-Proxy-Cache-LA2
X-Th-Server
X-Request-Url
X-Elasticpress-Query
X-Nitro-Cache
X-Request-Time
X-Sucuri-Id
X-Serial
X-DC
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-X-True-TTL
X-ATG-Version
Cf-Ipcountry
User-Agent
Bxuuid
X-Cache-TTL-Remaining
X-Ramcache
Xkey-G-Jp
Cl-Cache
Bxpunish
Cneonction
X-Env
True-Client-Ip
Host-Name
X-Fastly-Cache-Hits
FSS-Proxy
X-Mg-Cache
X-Fastly-Cache-Status