Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
Cf-Request-Id
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
X-Cache-Group
X-Vhost
X-Amz-Version-Id
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
P3p
X-Server-Powered-By
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-FTR-Request-ID
X-LiteSpeed-Cache
X-Device
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Ruxit-JS-Agent
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
X-Server-Id
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-Country
Fastly-Restarts
Request-Id
X-Clacks-Overhead
X-Content-Type
X-TraceId
X-Vname
X-PC
X-Application-Context
X-TtlSet
Rating
X-Times
X-Cnection
X-Cache-TTL
X-ESI
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Expires
X-Ac
Origin-Trial
Accept-Ch-Lifetime
Edge-Control
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-NWS-LOG-UUID
X-D2id
Verso
X-FastCGI-Cache
X-Upstream
X-B3-TraceId
X-ORACLE-DMS-RID
X-ECACHE
X-Mod-Pagespeed
X-Amz-Rid
X-Navigation-Version
X-Nf-Request-Id
Nginx-Cache
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Client-IP
X-GitHub-Request-Id
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
Akamai-GRN
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Middleton-Response
X-Kraken-Loop-Name
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
Response
X-Language
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
S
AR-ATIME
AR-Request-ID
AR-PoweredBy
X-Goog-Hash
Edge-Cache-Tag
X-Resp-Is-Stale
X-MS-InvokeApp
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ua-Device
X-Ser
X-Content-Digest
X-Distributor
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
X-Dw-Request-Base-Id
Front-End-Https
X-Cache-Key
X-Ezoic-Cdn
X-NGENIX-Cache
X-Recruiting
X-Url
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
X-Powered-CMS
Cache-Status
X-Version
X-Forwarded-For
Public-Key-Pins
X-T
X-MSEdge-Ref
X-Varnish-TTL
X-Mg-S
X-Ttl
Fastcgi-Cache
TP-Cache
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Server-Name
X-Correlation-Id
X-Ismobilevalue
X-Fastly-Request-ID
Realpath
X-Cluster-Name
Cache-Tags
X-Id
X-Cached
X-CST
AR-CACHE
X-Newrelic-App-Data
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-Ua-Browser
Payment
X-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-ECID
X-Ratelimit-Remaining
X-GUploader-UploadID
Content-MD5
X-Cambria-Cache-Control
X-Server-ID
X-HP-Trace-Id
X-Xrds-Location
X-Jurisdiction
X-HP-Webp
X-HS-Prerendered
X-HS-CF-Cache-Status
Content-Disposition
X-Oneagent-Js-Injection
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-RateLimit-Remaining
X-Webkit-Csp
X-SRCache-Store-Status
X-PressLabs-Stats
X-SRCache-Fetch-Status
X-Px
Cross-Origin-Resource-Policy
X-Page-Id
Accept-Charset
Cleartype
X-Logged-In
X-Ruxit-Js-Agent
X-Ratelimit-Reset
X-Request-Handler-Origin-Region
X-Protected-By
X-Git-Hash
X-FB-Debug
X-Unique-Id
X-Microsite
X-Proxy
X-Rid
X-Origin-Server
X-AppVersion
X-Az
X-Activity-Id
X-URL
Cross-Origin-Embedder-Policy
X-Www-Served-By
X-Load-Cache
X-LLID
X-VARITI-CCR
X-Template
X-Goog-Metageneration
X-Varnish-Backend
YJS-ID
MicrosoftSharePointTeamServices
X-Hits
Version
Server-Node
X-Forwarded-Proto
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Geo-Country
X-Upgrade-Enabled
X-Amzn-RequestId
X-Amz-Apigw-Id
Ar-SID
X-NF-Request-ID
X-Hostname
X-Frontend
X-Varnish-Server
X-Content-Options
X-B3-Sampled
X-SERVER-NAME
Section-Io-Cache
X-TT
X-Varnish-Grace
X-App-Server
Viewport
X-B3-TraceId-Primal
X-Device-Type
X-Status
MRF-Tech
Mrf-Cache-Status
X-Fb-Rlafr
Fastly-SIE
X-B
Fastly-SWR
X-Grace
Access-Control-Allow-Method
Alternate-Protocol
TCN
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Request-Device-Id
Upgrade-Insecure-Requests
Healthy
X-Varnish-Ttl
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Request-Guid
Amp-Access-Control-Allow-Source-Origin
X-Wormhole-Sdk
Host
X-Magnolia-Registration
X-Buckets
X-EdgeConnect-Cache-Status
X-CSRF-Token
X-Cache-Age
DC
AR-SID
X-Debug
Retry-After
X-Amzn-Remapped-Content-Length
AKAMAI-GRN
X-Contextid
X-Cache-Control
MS-Author-Via
X-Meli-Trace-Platform
X-Revision
X-Meli-Trace-Bu
X-WebKit-CSP-Report-Only
X-Meli-Trace-Site
X-Original-Request-Id
X-Response-Served-From
X-Vcl-Version
X-Instance
X-Fastcgi-Cache
X-Rendered-As
X-Adobe-Loc
X-Adobe-Content
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-Is-Bot
X-Type
X-NYM-Debug-Backend
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Origin-CC
X-Lambda-Id
X-Mobile
Section-Io-Id
SD-X-WS
X-Seen-By
Access-Control-Request-Headers
X-Origin-TTL
X-Akamai-Edgescape
X-G
X-Backend-Name
X-Trace-Id
X-UUID
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Debug-IsPreview
X-Debug-IsConnected
X-Framework
X-Content-Powered-By
Charset
X-Mg-Request-UUID
X-Tumblr-Pixel-0
X-Hl-Ver
X-ServerID
X-Cache-Hit
X-DataDome
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
NGB
X-RM-Cache-TTL
X-Storage
MS-CV
X-RemovedCookies
X-ProcessESI
Ms-Operation-Id
X-INCAP-ABP
X-RTag
X-Dc
X-Server-W
X-N
X-Akamai-Request-ID2
X-COUNTRY
X-App-Version
X-AB
X-Cache-Time
Filterid
X-Cache-Status-Check
Refresh
X-Time
X-Request-Bu
X-Request-Site
Frame-Options
X-Request-Platform
Protected
X-Tec-Api-Origin
VIX-Pulpo-Node
X-Tec-Api-Version
X-Tec-Api-Root
VIX-Pulpo-Upstream-Status
SRV
X-B3-SpanId
Cache
X-Real-IP
Accept-Language
X-Region
X-Node-Name
X-LB-Cache
CDN-RequestId
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Paypal-Debug-Id
X-Hcs-Proxy-Type
X-User-Agent
Onion-Location
Webserver
Cross-Origin-Window-Policy
Liferay-Portal
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Whom
X-Ms-Version
X-Ms-Request-Id
X-Datadog-Sampling-Priority
X-Cache-Expired-At
X-F-Cache
X-HITS
Priority
X-VC-Cache
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
X-Mode
OT-Force-Account-Verify
Backend
X-Rocket-Nginx-Serving-Static
X-Requestid
X-Proxy-Cache-Info
Xet-Cookie
X-WP-CF-Super-Cache-Active
X-Pass-Why
X-Tb
X-VC
X-Cacheable-TTL
GEO-INFO
X-Environment-Context
X-L-Path
X-FW-Version
X-FW-Static
X-FW-Type
X-Service
X-Drupal-Cache-Tags
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Serve
Meta-Geo
X-Adobe-Source
X-Oracle-Dms-Ecid
Filters
Fastcgi-Useragent
X-Routing-Service
X-Rn-Rsrv
X-SaId
X-UPSTREAM-Address
Url
X-Zipkin-Id
Web-Mar-Node
X-Vcache
X-Handled-By
X-Tncms
X-Rewrite-Enabled
ServerID
X-Servername
X-MP-GENERATED-AT
X-Proxied
X-Loop
X-Extlb
X-JoinUs
X-Debug-Info
X-Detected-As
LB
X-Cloudmap
X-IPLB-Instance
X-IPLB-Request-ID
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-Region
X-Format
X-Endurance-Cache-Level
TWC-Privacy
TWC-Locale-Group
Atl-Traceid
X-Geo-Region
X-Is-Desktop
TWC-GeoIP-City
X-Is-Tablet
ServedBy
TWC-Device-Class
X-Tcp-Rtt
TWC-GeoIP-Country
X-Is-Supported-Browser
TWC-GeoIP-DMA
X-Director
X-Hit
X-Is-Mobile
TWC-Connection-Speed
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-Rule
X-Origin-Hint
X-Origin-Date
Webcakes-App-Name
X-Alternate-Cache-Key
X-Cache-Host
X-App-Environment
X-Shopify-Stage
Country
X-Varnish-Beresp-Grace
Webcakes-Region
X-Web-Node
X-Logging-Id
X-Hosted-By
X-Browser-Name
X-Locale
X-Restarts
Webcakes-App-Version
X-Cms-Context
X-Wix-Request-Id
X-ProxyCache-Key
X-Cluster
X-Say-Cacheable
X-Redis-Cache
X-Cluster-Node
X-ProxyCache-Status
X-Soup
X-Httpd
Uber-Trace-Id
X-Cdn-Origin
X-BYPASS-REASON
X-Generation-Time
X-Edge-Location
X-SayCDN-TTL
X-Scope-Id
X-Skip-Cache
X-Say-TTL
Apigw-Requestid
Environment
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Drupal-Cache-Contexts
Mn-Server-Ip
X-Cache-Action
X-Labrador-Cache-Channel
X-Served-From
X-PHP-Host
X-S
X-Mly-Id
Selected-Fe
X-Auth-Group-Type
X-Tumblr-Pixel-2
Expiry
X-Connection-Hash
Cache-Hits
X-Origin
X-Proxy-Build
X-Tumblr-Pixel-3
X-Timing-Wait
X-R9-Blue-Green-Version
X-Fetched-On
X-ECache
Locale
X-Urbn-Site-Id
X-Source
X-Urbn-Context-Path
X-Origin-Cache
X-XRDS-Location
X-FB-TRIP-ID
Countrycode
X-GEO
X-ShopId
X-ShardId
DB-Nickname
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-VCT
X-No-Session
X-Varnish-Cache-Hits
X-Cache-Debug
Front
X-Varnish-Age
Request-ID
X-RCS-CacheZone
X-UA
WPO-Cache-Status
YJS-CacheStatus
X-Yandex-Req-Id
X-Is-Modern-Browser
X-Lagoon
X-Varnish-Beresp-Ttl
X-SRV
Node
Xserver
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
X-Site-Version
X-WP-CF-Super-Cache-Cookies-Bypass
X-Api-Version
X-Webstats-RespID
X-TA-CDN-Provider
X-Generated-By
X-Platform
X-Provided-By
Cache-Provider
From-Origin
X-Is-Mobile-Only
X-Accel-Version
Referer-Policy
Cache-Tv-Group
X-Cdn
X-Azure-Ref-OriginShield
X-Xfnlog-Site
X-VC-TTL
X-B3-Traceid
X-TT-LOGID
X-NewRelic-App-Data
X-B-Cache
X-CACHE-AGE
X-Signature
X-CDN-Cache-Status
CF-IPCountry
X-Sucuri-Cache
X-Air-Pt
WPO-Cache-Message
X-Reqid
X-Ua
X-Tx-Id
X-Sucuri-ID
X-NWS-UUID-VERIFY
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-Cache
X-PHP-Backend
CDN-PullZone
CDN-Uid
CDN-RequestPullCode
CDN-CachedAt
Location
CDN-RequestCountryCode
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Rule
X-Cache-Operation
X-Frame-Option
X-Content-Age
X-IsAdmin
AMP-Access-Control-Allow-Source-Origin
X-Clientip
Candidate-Md5Url
Cdncip
X-Cache-Aspx
X-Conf
X-Cache-NE
Apple-News-Services-Handled
X-Fmm-Version
X-External-Request-Id
X-Ec-GeoHdr
X-Forwarded-Site
X-Optimistic-Header
X-GeoCountry
X-Slack-Backend
X-Ec-Fail
X-Developer
Apple-News-Services-Request-Url
X-D
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Destination
X-Depends
X-Contensis-Viewer-Groups
X-Auto-Login
Log-Origin
Web-Mar-Region
MD5-Digest
Lang
X-A
X-A-Dam
X-A-Ccd
Meta-Geo-Continent
Ngx.Var.Host
RNT-Machine
Rendered-Blocks
RNT-Time
Origin
Odigeo-Trace-Id
Sslversion
X-A-Dcw
X-A-Dgt
X-AK-Request-ID
DCR-Decision-By
X-Application
X-B-Cookie
X-Bl-Debug
X-BCube-Filmed-By
DCR-Processing-Time-Ms
X-Aed
Fl-Custom-Application
X-A-Wwc
Fastly-SSL
X-Access
X-Action
Expect-Staple
Cdnsip
X-GeoCode
X-Vdms-Version
Redirect-Candidate
X-Origin-Expires
X-Varnish-Director
X-VG-TLSProxy
X-Micro-Cache
XM
Xc-Version
X-Vtex-Remote-Cache
X-VG-WebCache
X-Varnish-Authentication
X-Fastly-Request-Id
X-SRCache-Key
X-Slack-Shared-Secret-Outcome
X-Sigma
X-Sigma-Backend
X-Section
X-ScT
X-Request-URI
X-Rocket-Build-Number
X-Rojux
X-S-Cookie
X-Loc
X-Old-Content-Length
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Ig-Origin-Region
X-Tt-Logid
X-Thinkindot-L3
X-Accel-Expires-Debug
X-Region-Sid
X-Ee-Generated-By
Wxu-Next-Region
X-Human
X-UA-Device-Type
X-Req
X-Up
X-Aicache-OS
X-Policy
X-Gdpr
X-PAYTM-SRV-ID
X-Pubstack
X-V-Cache
X-Uri
X-Acquia-Purge-Cdn-Unconfigured
X-Gen-Mode
Wxu-Next-Hostname
X-Thinkindot-L1
ServerName
X-Sn-Servicetimems
TDXMobile
X-Ee-Request-Date
X-Hash
X-SIPLIST1
Req-Svc-Chain
X-Ee-Origin
Thinkindot-CacheControl
X-Shield-Cache-Expires
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Varnish-Beresp-Status
V-Age
X-SD-PageType
Thinkindot-CacheControl-Type
User-Cache-Control
X-GoCache-CacheStatus
Wxu-Next-Commit
X-Varnish-CookieHashed-On
X-Viewer-Country
X-Men
X-FC-Vary-Parameters
X-DefElseHash
X-Date
X-Moov-T
X-CUA
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-DefHash
X-Internal-TTL
X-Ec-Custom-Error
Store-Cloud-Cache
Time-Cloud-Cache
X-Eu-Site
X-Cms-Device
X-We-Are-Hiring
X-Worker
X-Fastly-Backend
X-Csrf-Jwt
X-Content-Length
X-Bc-Bl
X-Ee-Request-Id
X-Origin-Time
X-Save-Cache
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Epic-Correlation-Id
X-Varnish-CookieINHashed-On
X-Path
X-Varnish-Hostname
X-Block-Status
X-Varnish-Remaining-TTL
X-Core-Value
X-Node-Id
X-CGP
X-Vary-Devices
X-Bug-Bounty
X-Hnp-Log
X-Nyt-Route
X-App-Name
X-Akamai-Device-Characteristics
DSUID
Country-Code
Cmstype
Gannett-Cam-Experience-Id
Gh-Request-Id
L
IsBot
Ha-Gx-Prefs
Cmsid
Cluster
Azure-InstanceId
X-LSADC-Cache
X-Litespeed-Tag
Azure-SiteName
Azure-SlotName
CDCHOST
Azure-Version
L5d-Success-Class
Azure-RegionName
Origin-EX
Origin-Agent-Cluster
Origin-CC
RewriteTestHook
X-DPWN-IS-SECURE
Tube-Got-Results
X-Edge-Server
Server-Host
X-ApacheServer
X-PERF
X-Thanos
X-Esi-Check
RewriteTeamHook
X-Generated-On
CacheControlHeader
X-CacheTTL
X-Cache-Id
C-Via
X-Wikidot-Backend
X-SVT-ORM-VERSION
Release
PFcat
Platform
X-From
X-Op-Id-All
X-Render-Time
X-NMSegId
X-Debug-Cache-Store
X-Org
X-Level-Front-Cache
X-Proto
X-Ion-Healthy
X-Ion-Hop
X-Jungle-Id
X-Mvc-Supplant-Cachable
Producers
X-GeoIP-City
X-Wikidot-Static-Cache
Host-ID
X-SVT-ORM-RULES
X-Gzip
X-HN
X-SB
X-Debug-Cache-Fetch
X-Server-IP
Nord-Request-ID
X-Dispatcher-Server
Content-Style-Type
X-Cache-FS-Status
Fastly-GeoIP-CountryCode
X-Amz-Storage-Class
X-Via-Fastly
X-Vercel-Id
Cache-Contol
Content-Script-Type
X-AB-Test
NM-Fastcgi-Cache
Mail-Subject
N-Cache
Tube-Return
X-Vmg-Version
We-Hiring
Tube-Get-Contents
Tube-Got-Eval
Machine
X-Vercel-Cache
Fastly-Backend-Name
Cdn-Request-Time
X-Bip
Click-Count-Error
Click-Count-Action-Start
X-VarnishDD-TTL
Cdn-Host
X-B3-Trace-ID
X-Cache-Date
X-Parent-Response-Time
X-Presslabs-Stats
Fastly-Drupal-HTML
X-Location
X-Mvc-Supplant-OutputCached
Pragrma
X-TH-Server
X-Origin-Response-Time
X-Gamma-Serve
Canary
Source
Origin-Site
X-Proxied-Request
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Cs
X-Litespeed-Cache-Control
Product
X-ElasticPress-Query
Debug
X-ZONE
X-Pad
X-Cached-By
Sid
NGX
S-Rt
X-Amz-Meta-Cb-Modifiedtime
Powered-By
HA-Ipaddr
CloudFront-Viewer-Country
X-Nginx-Cache
X-Via-Popn
X-Refresh
X-Cache-VC
X-Via-Popv
X-Via-Poph
Vix-Hermes-Req-Id
X-APP
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Hits
Pics-Label
X-NGINX-Cache
X-Nananana
X-ND-Cache
GeoIP-Latitude
X-HA-Backend
Mime-Version
X-Servedbyhost
Edge-Cache
X-User
X-LB-ID
X-Ah-Environment
Cookie
Server-ID
X-Cdn-Forward
X-Datadome
MIME-Version
X-Wa
X-Srv
Surrogated-Key
X-AIR-PT
X-GeoIP
X-LB-NoCache
X-Nc
X-DynaTrace-JS-Agent
Akamai-Mon-Iucid-Del
X-Fpc
SID
X-Webkit-CSP
GeoIp-Country-Code
X-Zone
X-Request-Start
HostName
WZWS-RAY
X-B3-Parentspanid
X-Scheme
DataCenter
Resin-Trace
X-Nginx-Cache-Key
X-Debug-Service
X-Unity-Cache
N1-Cache
Fastly-Drupal-Html
X-NodeID
True-Client-Country-4JS
X-Pool
Sever-Int
Server-Hostname
X-Request-Host
Server-Ext
X-RequestId
X-CS
Cdn
X-Cache-Grace
X-LiteSpeed-Cache-Control
X-DynaTrace
Show-Do-Not-Sell-Link
Tcn
X-Service-Response-Time
Load-Balancing
Sm-Log-Id
X-VCL-Version
X-Lsadc-Cache
Yak-Timeinfo
Lb
NtCoent-Length
X-Cache-Backend
Wsr-Cache
X-Vgn-Hpd-Reason
X-DataCenter
X-B3-Spanid
X-FORWARDED-FOR
X-Air-Trace-Id
X-Air-Hostname
Yjs-Id
X-Air-Source
X-Newrelic-Synthetics
Traceparent
X-Geolocation
X-Zen-Fury
X-HOST
Edge-Copy-Time
X-TX-ID
X-Via-Edge
X-Datacenter
X-Via-SSL
X-Via-CDN
X-NODE
X-Vc
Datacenter
X-Webkit-Csp-Report-Only
X-HubSpot-Correlation-Id
X-Jobs
X-RateLimit-Limit
X-Client-Ip
X-API-Version
Req-ID
X-Fastly-Backend-Reqs
X-Cdn-Srv
CDN
X-WA
Serverhost
X-CDN-Provider
X-Dynatrace-Js-Agent
Cdn-Requestid
GeoIP-Country-Code
X-LiteSpeed-Tag
X-NC
XkeyR9
X-FPC
Xkey-La3
Hostname
WP-Super-Cache
X-Proxy-CacheR9
X-Powered-By-VTEX-Cache
Xkeylog
X-Proxy-Cache-La3
Uri
X-VTEX-Cache-Time
X-Udemy-Cache-App-Namespace
X-ID
X-VTEX-Cache-Server
X-Ez-Minify-Js
True-Client-IP
X-Html-Minification-Powered-By
X-Akamai-Pragma-Client-IP
A
Server-Id
WebServer
Proxy-Firewall
X-WA-Info
On-Server
X-Wp-Cf-Super-Cache
X-Lb-Id
X-Wp-Cf-Super-Cache-Cache-Control
Geoip-Latitude
Coldstone-Viewer-Country-Region-Name
X-TimeS
X-Stale
Coldstone-Viewer-Country
Coldstone-Viewer-Currency
T-Server
RATING
X-Traceid
Srv
X-Swift-Error
X-ServedByHost
ServerHost
Esi-Enabled
X-Lb-Nocache
X-Varnish-Beresp-TTL
From-Cache
CountryCode
Cs
X-Oracle-DMS-ECID
X-App
Cloudfront-Viewer-Country
X-Via-JSL
X-VC-Age
BehaviorPad-Version
X-CSRF-TOKEN
X-Ha-Backend
X-LAGOON
X-Ssense-Gql
Cr
X-MSEdge-Flight
X-HA-Device-Type
X-Styx-Origin-Id
X-Ssense-Shipping-Surcharge-Enabled
X-HA-Application-Name
X-MSEdge-Features
X-Styx-Info
Pramga
X-HA-Bot-Classification
X-Via-PopN
X-Wp-Cf-Super-Cache-Active
X-Via-PopV
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Fastly-Cache
Ngx
X-Web-Server
X-Correlation-ID
X-Via-PopH
FSS-Cache
X-Ez-Minify-Html
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-TIM-N
X-Geo
X-Var-Ttl
X-Nitro-Cache
X-Request-Time
X-Elasticpress-Query
X-Shardid
Content-Secure-Policy
X-Cdn-Cache-Status
X-Shopid
X-Check-Cacheable
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
True-Client-Ip
X-DC
My-App
X-Proxy-Cache-LA2
X-Th-Server
X-Serial
Akamai-X-True-TTL
W
User-Agent
X-Ramcache
X-ATG-Version
X-Request-Url
X-Fastly-Cache-Status
Cf-Ipcountry
X-VServer
X-Sucuri-Id
X-Mg-Cache
X-Beacon
X-Platform-Server
Ohc-Cache-HIT
Ohc-File-Size
X-Env
X-Cache-TTL-Remaining
Bxuuid
Bxpunish
Cneonction
Host-Name
X-Fastly-Cache-Hits
Warning
FSS-Proxy