Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
Cf-Request-Id
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Amz-Version-Id
X-Rq
Keep-Alive
X-Cache-Group
X-Vhost
X-AH-Environment
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-LiteSpeed-Cache
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Server-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
P3p
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Fastly-Restarts
Request-Id
X-Country
X-Clacks-Overhead
X-Content-Type
X-Application-Context
Rating
X-PC
X-Vname
X-TtlSet
X-Times
X-Cnection
X-ESI
X-Browser-Type
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Cache-TTL
X-FTR-Backend
X-FTR-Balancer
X-Edge
X-Mcache
X-Midtier
X-Vcap-Request-Id
X-FTR-Expires
Surrogate-Key
X-Ac
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Abt-Application-Version
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Element-Page-Cache
X-NWS-LOG-UUID
X-D2id
Verso
X-FastCGI-Cache
X-Ua-Device
X-B3-TraceId
X-Nf-Request-Id
X-Upstream
X-ORACLE-DMS-RID
X-ECACHE
X-Mod-Pagespeed
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Pagespeed
Display
X-Sol
X-Middleton-Display
X-GitHub-Request-Id
Akamai-GRN
X-Client-IP
X-Language
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
Response
X-Envoy-Decorator-Operation
X-Middleton-Response
S
X-Ratelimit-Limit
Edge-Cache-Tag
AR-PoweredBy
AR-Request-ID
X-Goog-Hash
AR-ATIME
X-Resp-Is-Stale
X-MS-InvokeApp
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
X-Url
X-Content-Digest
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
X-Dw-Request-Base-Id
Front-End-Https
X-NGENIX-Cache
X-Cache-Key
X-Ezoic-Cdn
X-Recruiting
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
X-Ttl
X-Version
Cache-Status
X-Powered-CMS
Public-Key-Pins
X-Oneagent-Js-Injection
X-Mg-S
X-Varnish-TTL
X-T
X-MSEdge-Ref
Fastcgi-Cache
TP-Cache
X-Forwarded-For
Arr-Disable-Session-Affinity
X-Accel-Expires
X-HS-Content-Id
X-HS-Cache-Config
X-Daa-Tunnel
X-HS-Hub-Id
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
Cache-Tags
X-Fastly-Request-ID
X-Id
X-Webkit-Csp
X-Cached
AR-CACHE
X-Server-Name
X-Ruxit-Js-Agent
X-CST
X-HS-Combine-CSS
Payment
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-Request-Received
X-Request-Processing-Time
X-DIS-Request-ID
Content-MD5
X-Ua-Browser
X-Newrelic-App-Data
X-GUploader-UploadID
X-Cambria-Cache-Control
X-HP-Webp
X-Xrds-Location
X-HP-Trace-Id
X-Jurisdiction
X-HS-Prerendered
X-RateLimit-Remaining
X-HS-CF-Cache-Status
X-ORACLE-DMS-ECID
X-Ratelimit-Remaining
Content-Disposition
X-TTL
X-Azure-Ref
Count-Hit
X-Amz-Replication-Status
X-Px
X-Page-Id
Accept-Charset
Cross-Origin-Resource-Policy
X-Request-Handler-Origin-Region
X-Microsite
X-Unique-Id
Cleartype
X-Proxy
X-Logged-In
X-Ratelimit-Reset
X-FB-Debug
X-Git-Hash
X-Origin-Server
X-Protected-By
X-Activity-Id
X-AppVersion
YJS-ID
X-PressLabs-Stats
X-Az
X-Www-Served-By
X-Load-Cache
X-Rid
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-LLID
X-Goog-Metageneration
X-Template
X-SRCache-Store-Status
X-Varnish-Backend
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-Hits
Version
X-Amz-Meta-S3cmd-Attrs
Ar-SID
X-Forwarded-Proto
Server-Node
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Server-ID
X-Geo-Country
X-TEC-API-VERSION
X-Upgrade-Enabled
X-SERVER-NAME
X-URL
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-Sampled
X-Content-Options
X-Frontend
X-Hostname
X-Varnish-Server
Section-Io-Cache
X-App-Server
X-Status
X-TT
X-Varnish-Grace
Viewport
X-Device-Type
X-B3-TraceId-Primal
X-B
Fastly-SWR
Mrf-Cache-Status
MRF-Tech
Alternate-Protocol
X-Request-Device-Id
X-Grace
Fastly-SIE
X-Fb-Rlafr
Access-Control-Allow-Method
TCN
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Upgrade-Insecure-Requests
Healthy
X-Request-Guid
X-Varnish-Ttl
X-NF-Request-ID
X-Tt-Trace-Tag
X-Tt-Trace-Host
Host
X-Magnolia-Registration
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-COUNTRY
X-Cache-Age
X-Buckets
DC
Retry-After
X-Debug
X-EdgeConnect-Cache-Status
X-WebKit-CSP-Report-Only
X-Contextid
X-Amzn-Remapped-Content-Length
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Cache-Control
AKAMAI-GRN
X-Wormhole-Sdk
MS-Author-Via
X-Revision
X-Type
X-Instance
X-Fastcgi-Cache
X-WP-CF-Super-Cache
AR-SID
X-Original-Request-Id
X-WP-CF-Super-Cache-Cache-Control
X-Vcl-Version
X-Response-Served-From
X-Yottaa-Metrics
X-Origin-CC
X-Rendered-As
X-Origin-TTL
X-Yottaa-Optimizations
X-NYM-Debug-Backend
X-Is-Bot
X-Adobe-Content
X-Adobe-Loc
X-Lambda-Id
X-Akamai-Edgescape
X-Backend-Name
Section-Io-Id
Cross-Origin-Embedder-Policy-Report-Only
Access-Control-Request-Headers
X-Seen-By
Cross-Origin-Opener-Policy-Report-Only
X-G
X-ServerID
X-Content-Powered-By
X-Trace-Id
Charset
X-Mg-Request-UUID
X-UUID
X-Framework
X-RM-Cache-TTL
X-Hl-Ver
X-Server-W
X-Debug-IsPreview
SD-X-WS
NGB
X-Debug-IsConnected
X-App-Version
X-INCAP-ABP
X-N
X-AB
X-Dc
X-Storage
X-Akamai-Request-ID2
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Ms-Operation-Id
X-RTag
X-DataDome
MS-CV
X-Cache-Hit
X-Mobile
X-Cache-Status-Check
X-Cache-Time
X-ProcessESI
X-RemovedCookies
Frame-Options
X-Request-Bu
X-Request-Platform
Refresh
X-Request-Site
VIX-Pulpo-Upstream-Status
X-B3-SpanId
Filterid
VIX-Pulpo-Node
X-Time
X-Tec-Api-Origin
Cache
X-Tec-Api-Root
X-Tec-Api-Version
Accept-Language
SRV
X-Region
Protected
X-Real-IP
Webserver
X-Node-Name
CDN-RequestId
Paypal-Debug-Id
X-User-Agent
X-Ms-Version
X-Oracle-Dms-Ecid
Onion-Location
X-Ms-Request-Id
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Liferay-Portal
Cross-Origin-Window-Policy
X-Hcs-Proxy-Type
X-LB-Cache
X-F-Cache
X-VC-Cache
X-Requestid
X-HITS
X-HTML-Minification-Powered-By
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Whom
X-Cache-Expired-At
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Active
X-Rocket-Nginx-Serving-Static
X-Mode
OT-Force-Account-Verify
Xet-Cookie
Backend
Priority
X-Pass-Why
X-Environment-Context
X-L-Path
GEO-INFO
X-Proxy-Cache-Info
X-Tb
X-Drupal-Cache-Tags
X-App-Environment
X-Adobe-Source
X-Handled-By
Meta-Geo
Filters
Web-Mar-Node
X-Service
Fastcgi-Useragent
ServerID
Url
X-Rewrite-Enabled
X-Is-Supported-Browser
X-Is-Tablet
X-JoinUs
X-FW-Version
X-Is-Mobile
X-Is-Desktop
X-Endurance-Cache-Level
X-Extlb
X-Geo-Region
X-MP-GENERATED-AT
X-Proxied
X-Tncms
X-UPSTREAM-Address
X-Vcache
X-Zipkin-Id
X-Tcp-Rtt
X-Servername
X-Rn-Rsrv
X-Routing-Service
X-SaId
X-Detected-As
X-Loop
X-FW-Hash
X-Browser-Name
X-Cacheable-TTL
X-Cloudmap
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Static
X-Debug-Info
X-FW-Type
X-IPLB-Request-ID
X-Director
TWC-Device-Class
X-IPLB-Instance
TWC-GeoIP-DMA
X-Rule
TWC-GeoIP-Country
TWC-GeoIP-City
ServedBy
X-Varnish-Beresp-Grace
X-Web-Node
Country
Atl-Traceid
Property-Id
X-Storefront-Renderer-Rendered
TWC-Connection-Speed
X-Shopify-Stage
TWC-GeoIP-Region
X-Alternate-Cache-Key
TWC-GeoIP-LatLong
Webcakes-App-Name
Webcakes-Region
X-Restarts
X-Hosted-By
X-Hit
X-Format
X-Forwarded-Host
Webcakes-App-Version
X-Logging-Id
X-Cache-Host
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
X-Origin-Date
LB
X-Cluster-Node
X-Edge-Location
X-Generation-Time
X-Wix-Request-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-BYPASS-REASON
X-Httpd
X-Say-TTL
X-Locale
X-Say-Cacheable
X-SayCDN-TTL
X-Cdn-Origin
X-Cache-Action
X-Cluster
Mn-Server-Ip
Apigw-Requestid
X-VC
X-FB-TRIP-ID
X-Cms-Context
X-Redis-Cache
X-Labrador-Cache-Channel
X-Drupal-Cache-Contexts
Environment
X-Origin-Cache
X-PHP-Host
X-Skip-Cache
Uber-Trace-Id
X-Soup
X-S
X-Scope-Id
X-RateLimit-Remaining-Second
X-Urbn-Context-Path
X-Fetched-On
Locale
X-Urbn-Site-Id
X-Served-From
X-RateLimit-Limit-Second
X-Mly-Id
DB-Nickname
X-Origin
Cache-Hits
X-ECache
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-Auth-Group-Type
X-XRDS-Location
X-ShopId
X-ShardId
YJS-CacheStatus
X-Sorting-Hat-PodId
X-Connection-Hash
Expiry
X-GEO
X-Sorting-Hat-ShopId
X-R9-Blue-Green-Version
X-Yandex-Req-Id
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-VCT
X-Cache-Debug
X-Is-Modern-Browser
X-Varnish-Cache-Hits
Front
X-SRV
X-No-Session
Countrycode
Request-ID
X-NewRelic-App-Data
X-WP-CF-Super-Cache-Cookies-Bypass
X-Source
X-UA
X-Lagoon
X-Varnish-Age
WPO-Cache-Status
Node
X-Varnish-Beresp-Ttl
Xserver
X-Provided-By
X-CLOUD-TRACE-CONTEXT
X-Api-Version
X-CDN-Forward
X-Is-Mobile-Only
X-Platform
X-Generated-By
X-Webstats-RespID
Cache-Tv-Group
From-Origin
Cache-Provider
X-Site-Version
Referer-Policy
X-Cdn
X-CDN-Cache-Status
X-Signature
X-B3-Traceid
X-B-Cache
X-TA-CDN-Provider
X-Azure-Ref-OriginShield
X-Accel-Version
X-CACHE-AGE
X-Xfnlog-Site
X-VC-TTL
X-NWS-UUID-VERIFY
X-Sucuri-Cache
CF-IPCountry
X-PHP-Backend
X-Ua
Location
X-TT-LOGID
WPO-Cache-Message
X-Tx-Id
CDN-PullZone
CDN-EdgeStorageId
X-Tt-Logid
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullSuccess
X-Cache-Operation
X-Cache-Rule
CDN-RequestPullCode
X-Presslabs-Stats
X-Optimistic-Header
CDN-Uid
X-Tb-Optimization-Total-Bytes-Saved
X-IsAdmin
X-Reqid
AMP-Access-Control-Allow-Source-Origin
X-Air-Pt
Lang
Log-Origin
X-ScT
X-Section
Fl-Custom-Application
X-Sigma
Fastly-SSL
X-Sigma-Backend
MD5-Digest
X-Rocket-Build-Number
X-Request-URI
X-Origin-Expires
Origin
Odigeo-Trace-Id
Ngx.Var.Host
Meta-Geo-Continent
X-S-Cookie
X-Rojux
Expect-Staple
DCR-Decision-By
X-Vdms-Version
Apple-News-Services-Handled
X-Varnish-Director
Apple-News-Services-Host
X-VG-TLSProxy
X-VG-WebCache
XM
Xc-Version
X-Vtex-Remote-Cache
Apple-News-Services-Parsed-Url
X-Varnish-Authentication
X-Slack-Backend
Cdnsip
Redirect-Candidate
Cdncip
Candidate-Md5Url
X-SRCache-Key
X-Slack-Shared-Secret-Outcome
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
X-Micro-Cache
X-Cache-Aspx
X-Bl-Debug
X-A
X-A-Ccd
X-Cache-NE
X-Conf
Sslversion
X-Contensis-Viewer-Groups
Web-Mar-Region
X-BCube-Filmed-By
X-B-Cookie
X-Action
X-Access
X-A-Dcw
X-Aed
X-AK-Request-ID
X-A-Dam
X-Auto-Login
X-Application
RNT-Time
X-Content-Age
X-GeoCountry
X-GeoCode
X-Forwarded-Site
X-HS-Content-Campaign-Id
X-Ig-Origin-Region
X-A-Dgt
X-Loc
X-Ig-Push-State
X-Fmm-Version
X-External-Request-Id
X-Destination
X-Depends
X-D
RNT-Machine
Rendered-Blocks
X-Ec-GeoHdr
X-Ec-Fail
X-Developer
X-Old-Content-Length
X-A-Wwc
X-Fastly-Request-Id
X-Frame-Option
X-Worker
X-Sucuri-ID
X-App-Name
X-Aicache-OS
X-SIPLIST1
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Akamai-Device-Characteristics
X-Save-Cache
X-CGP
X-Clientip
X-Cms-Device
X-Bug-Bounty
X-Block-Status
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-Backend-Instance
X-Sn-Servicetimems
Origin-CC
Origin-EX
X-Up
Origin-Agent-Cluster
X-Uri
X-Varnish-Beresp-Status
X-PERF
Req-Svc-Chain
X-UA-Device-Type
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
User-Cache-Control
Time-Cloud-Cache
ServerName
Store-Cloud-Cache
X-Pubstack
X-Core-Value
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-GeoIP-City
X-Generated-On
X-From
X-Gen-Mode
X-Hash
X-Hnp-Log
X-Moov-T
X-Men
X-Level-Front-Cache
X-Internal-TTL
X-Moov-Xdn-Caching-Status
X-Human
X-Moov-Xdn-Version
X-FC-Vary-Parameters
X-Fastly-Backend
X-DefElseHash
X-DefHash
X-Policy
X-Date
X-CUA
X-Varnish-CookieHashed-On
X-Csrf-Jwt
X-Path
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Eu-Site
X-Ee-Request-Id
X-Ee-Request-Date
X-Ee-Generated-By
X-Ee-Origin
X-Content-Length
V-Age
DSUID
Country-Code
Cmstype
Gannett-Cam-Experience-Id
X-Vary-Devices
X-Varnish-Remaining-TTL
Ha-Gx-Prefs
Gh-Request-Id
Cmsid
CDCHOST
X-We-Are-Hiring
X-ApacheServer
Host-ID
Azure-InstanceId
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
IsBot
X-Viewer-Country
L
L5d-Success-Class
X-Varnish-CookieINHashed-On
X-LSADC-Cache
X-Nyt-Route
X-NMSegId
X-B3-Trace-ID
Pragrma
X-Gamma-Serve
X-Gdpr
Cdn-Request-Time
X-Wikidot-Static-Cache
X-Gzip
Producers
X-Server-IP
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
X-Wikidot-Backend
Cache-Contol
Nord-Request-ID
X-Origin-Time
Mail-Subject
X-CacheTTL
X-Esi-Check
RewriteTeamHook
X-PAYTM-SRV-ID
Machine
Platform
X-Region-Sid
X-Cache-Id
X-Node-Id
X-Edge-Server
X-SD-PageType
X-V-Cache
X-Render-Time
X-Cache-FS-Status
Click-Count-Error
X-Vercel-Id
Tube-Get-Contents
X-Jungle-Id
Thinkindot-CacheControl-Type
Tube-Got-Eval
Tube-Got-Results
C-Via
Tube-Return
Thinkindot-CacheControl
TDXMobile
X-Varnish-Hostname
RewriteTestHook
Server-Host
X-Thinkindot-L3
CacheControlHeader
X-Thinkindot-L1
Release
X-Ion-Hop
X-Mvc-Supplant-Cachable
Cdn-Host
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Debug-Cache-Store
X-Req
X-Vercel-Cache
Click-Count-Action-Start
X-SVT-ORM-VERSION
We-Hiring
X-Ion-Healthy
Cluster
X-SVT-ORM-RULES
NM-Fastcgi-Cache
X-Shield-Cache-Expires
X-Parent-Response-Time
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
N-Cache
X-Mvc-Supplant-OutputCached
X-Via-Fastly
PFcat
X-Amz-Storage-Class
Source
X-Dispatcher-Server
X-VarnishDD-TTL
X-HN
X-ElasticPress-Query
X-Origin-Response-Time
X-Vmg-Version
X-SB
Fastly-Drupal-HTML
X-Cache-Date
X-Bip
X-Thanos
X-Op-Id-All
Content-Style-Type
X-AB-Test
Content-Script-Type
X-Proxied-Request
X-Proto
X-Org
X-ZONE
X-Litespeed-Cache-Control
Origin-Site
Powered-By
S-Rt
X-Location
Canary
X-Cs
X-Cached-By
X-Pad
Sid
X-Litespeed-Tag
Vix-Hermes-Req-Id
Debug
Product
X-Refresh
X-TH-Server
CloudFront-Viewer-Country
X-NGINX-Cache
HA-Ipaddr
Pics-Label
X-ND-Cache
X-Via-Popv
X-Nananana
X-Via-Popn
NGX
X-Via-Poph
X-Amz-Meta-Cb-Modifiedtime
X-APP
X-Upstream-Ht
X-Upstream-Ct
Mime-Version
X-Cache-VC
GeoIP-Latitude
X-Servedbyhost
X-HA-Backend
X-Varnish-Hits
Cookie
X-Nginx-Cache
X-Ah-Environment
Server-ID
X-Cdn-Forward
X-LB-ID
Edge-Cache
X-AIR-PT
MIME-Version
X-User
X-Datadome
X-DynaTrace-JS-Agent
GeoIp-Country-Code
X-Wa
X-Fpc
X-Nc
X-GeoIP
X-Webkit-CSP
SID
HostName
Akamai-Mon-Iucid-Del
X-B3-Parentspanid
X-LB-NoCache
Surrogated-Key
WZWS-RAY
X-Unity-Cache
X-Srv
X-Request-Start
X-Debug-Service
X-FORWARDED-FOR
X-Nginx-Cache-Key
X-Zone
Server-Ext
Server-Hostname
Sever-Int
DataCenter
True-Client-Country-4JS
Resin-Trace
X-Scheme
Load-Balancing
Fastly-Drupal-Html
X-Client-Ip
Cdn
Show-Do-Not-Sell-Link
X-CS
X-Request-Host
N1-Cache
X-NodeID
X-Pool
X-Cache-Backend
Tcn
X-Lsadc-Cache
X-RequestId
X-VCL-Version
Lb
Wsr-Cache
Sm-Log-Id
Traceparent
NtCoent-Length
X-Cache-Grace
X-Service-Response-Time
X-Vc
X-B3-Spanid
X-Newrelic-Synthetics
X-Vgn-Hpd-Reason
X-DataCenter
Yak-Timeinfo
X-DynaTrace
Yjs-Id
X-TX-ID
X-Via-SSL
X-HOST
X-Datacenter
X-LiteSpeed-Cache-Control
Edge-Copy-Time
X-Via-CDN
X-Via-Edge
X-Air-Trace-Id
X-NODE
X-Air-Source
X-Air-Hostname
X-Zen-Fury
X-Geolocation
Serverhost
Datacenter
X-HubSpot-Correlation-Id
X-CDN-Provider
X-RateLimit-Limit
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Xkeylog
X-WA
XkeyR9
Xkey-La3
Hostname
X-Udemy-Cache-App-Namespace
X-Proxy-CacheR9
X-Proxy-Cache-La3
X-Jobs
X-API-Version
Cdn-Requestid
CDN
Req-ID
X-Dynatrace-Js-Agent
X-Webkit-Csp-Report-Only
X-LiteSpeed-Tag
X-ID
X-Cdn-Srv
A
X-Fastly-Backend-Reqs
X-NC
Uri
GeoIP-Country-Code
X-FPC
WP-Super-Cache
X-Powered-By-VTEX-Cache
X-Lb-Id
True-Client-IP
Server-Id
X-Akamai-Pragma-Client-IP
X-VTEX-Cache-Time
Proxy-Firewall
X-VTEX-Cache-Server
X-Html-Minification-Powered-By
CountryCode
X-Ez-Minify-Html
X-TimeS
RATING
X-Stale
X-Via-JSL
X-Ez-Minify-Js
Esi-Enabled
T-Server
On-Server
Geoip-Latitude
Cs
Coldstone-Viewer-Country
From-Cache
Coldstone-Viewer-Country-Region-Name
ServerHost
X-Varnish-Beresp-TTL
Coldstone-Viewer-Currency
X-ServedByHost
X-WA-Info
X-Lb-Nocache
X-Swift-Error
Srv
X-Oracle-DMS-ECID
WebServer
X-CSRF-TOKEN
X-HA-Application-Name
Cloudfront-Viewer-Country
X-HA-Bot-Classification
X-App
X-Styx-Origin-Id
X-VC-Age
X-Styx-Info
X-HA-Device-Type
Pramga
Cr
Ngx
X-Ha-Backend
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
X-Wp-Cf-Super-Cache
X-Ssense-Shipping-Surcharge-Enabled
FSS-Cache
BehaviorPad-Version
X-Var-Ttl
X-TIM-N
X-Correlation-ID
X-Via-PopV
Content-Secure-Policy
X-Via-PopN
X-Ssense-Gql
X-Via-PopH
X-MSEdge-Flight
X-MSEdge-Features
X-Fastly-Cache
X-Sucuri-Id
X-Cdn-Cache-Status
X-Shopid
X-Sorting-Hat-Shopid
X-Shardid
X-Geo
W
X-Check-Cacheable
X-Web-Server
X-Sorting-Hat-Podid
X-Nitro-Cache
X-Elasticpress-Query
X-Proxy-Cache-LA2
X-Th-Server
X-Serial
Akamai-X-True-TTL
X-Request-Url
Cl-Cache
My-App
X-DC
Xkey-G-Jp
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-ATG-Version
X-Request-Time
Cf-Ipcountry
X-Ramcache
User-Agent
X-Mg-Cache
FSS-Proxy
Cneonction
X-Fastly-Cache-Hits
X-Cache-TTL-Remaining
True-Client-Ip
Host-Name
Bxuuid
X-Env
Bxpunish
X-Fastly-Cache-Status