Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
Cf-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
Keep-Alive
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-AH-Environment
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-LiteSpeed-Cache
X-FTR-Request-ID
X-Device
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Server-Id
X-Country-Code
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
Content-Location
P3p
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Country
X-Clacks-Overhead
X-Content-Type
X-Application-Context
X-TtlSet
X-PC
X-Vname
X-Times
Rating
X-Cnection
X-Browser-Type
X-ESI
X-Cache-TTL
X-Edge
X-Midtier
X-Mcache
X-Vcap-Request-Id
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
Surrogate-Key
X-FTR-Expires
Origin-Trial
X-Ac
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-D2id
X-Kinja-Server
X-Abt-Application-Version
X-FastCGI-Cache
X-Element-Page-Cache
X-NWS-LOG-UUID
Verso
X-Nf-Request-Id
X-Ua-Device
X-Upstream
X-ECACHE
X-Navigation-Version
X-Amz-Rid
X-ORACLE-DMS-RID
Nginx-Cache
X-B3-TraceId
X-Mod-Pagespeed
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-GitHub-Request-Id
X-Client-IP
X-Instrumentation
X-Kraken-Loop-Name
X-Language
X-PDP-UNCACHING-HASH
Response
X-Server-Lifecycle-Phase
X-Middleton-Response
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
S
Akamai-GRN
Edge-Cache-Tag
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Goog-Hash
X-MS-InvokeApp
X-ARC
X-Resp-Is-Stale
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
X-Content-Digest
SPRequestDuration
SPIisLatency
Access-Control-Request-Method
SPRequestGuid
X-SharePointHealthScore
X-Cache-Key
Front-End-Https
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-NGENIX-Cache
X-Recruiting
X-Url
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
Public-Key-Pins
X-Oneagent-Js-Injection
X-T
X-Ruxit-Js-Agent
X-Varnish-TTL
TP-Cache
Fastcgi-Cache
X-Ttl
X-MSEdge-Ref
X-Forwarded-For
X-Mg-S
Arr-Disable-Session-Affinity
X-Accel-Expires
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Daa-Tunnel
X-Ismobilevalue
Realpath
X-Fastly-Request-ID
X-Cluster-Name
Cache-Tags
X-Id
X-Cached
X-Correlation-Id
AR-CACHE
X-Server-Name
X-HS-Combine-CSS
X-CST
X-Request-Received
X-Request-Processing-Time
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
Payment
X-Ua-Browser
X-Kong-Upstream-Latency
Content-MD5
X-DIS-Request-ID
X-TTL
X-Newrelic-App-Data
X-Ratelimit-Remaining
X-GUploader-UploadID
X-Xrds-Location
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HS-Prerendered
X-Jurisdiction
X-HP-Webp
X-HS-CF-Cache-Status
Content-Disposition
X-Azure-Ref
Count-Hit
X-ORACLE-DMS-ECID
X-Amz-Replication-Status
X-RateLimit-Remaining
X-Webkit-Csp
X-Px
X-Page-Id
Cleartype
X-Ratelimit-Reset
X-Unique-Id
X-Microsite
Cross-Origin-Resource-Policy
X-Request-Handler-Origin-Region
Accept-Charset
X-Logged-In
X-Proxy
X-FB-Debug
X-Protected-By
X-Git-Hash
X-Az
X-Origin-Server
X-AppVersion
X-Activity-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Cross-Origin-Embedder-Policy
X-Rid
X-URL
X-VARITI-CCR
X-Www-Served-By
X-PressLabs-Stats
X-Load-Cache
X-LLID
X-Template
X-Goog-Metageneration
X-Varnish-Backend
MicrosoftSharePointTeamServices
Ar-SID
X-Hits
Version
YJS-ID
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-Geo-Country
Server-Node
X-Upgrade-Enabled
X-SERVER-NAME
Server-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Request-Device-Id
X-Hostname
X-B3-Sampled
X-Frontend
X-Content-Options
X-Varnish-Server
Section-Io-Cache
X-Varnish-Grace
X-App-Server
Viewport
X-TT
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Device-Type
X-Status
X-Grace
X-B
X-Fb-Rlafr
Access-Control-Allow-Method
Fastly-SWR
Fastly-SIE
Alternate-Protocol
TCN
AKAMAI-GRN
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Varnish-Ttl
Healthy
Upgrade-Insecure-Requests
X-Server-ID
X-Request-Guid
X-NF-Request-ID
Host
X-WebKit-CSP-Report-Only
X-Tt-Trace-Tag
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Magnolia-Registration
X-Tt-Trace-Host
X-Meli-Trace-Site
X-CSRF-Token
X-COUNTRY
DC
X-Cache-Age
X-EdgeConnect-Cache-Status
X-Buckets
Amp-Access-Control-Allow-Source-Origin
Retry-After
X-Debug
X-Amzn-Remapped-Content-Length
X-Contextid
MS-Author-Via
X-Cache-Control
X-Wormhole-Sdk
X-Revision
X-Type
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Original-Request-Id
X-Response-Served-From
AR-SID
X-Instance
Cross-Origin-Embedder-Policy-Report-Only
X-Rendered-As
X-Origin-CC
X-Is-Bot
X-NYM-Debug-Backend
X-Origin-TTL
X-UUID
X-Adobe-Loc
X-Adobe-Content
Cross-Origin-Opener-Policy-Report-Only
X-Vcl-Version
Access-Control-Request-Headers
X-Hl-Ver
X-Yottaa-Optimizations
X-Yottaa-Metrics
SD-X-WS
X-Seen-By
X-Akamai-Edgescape
X-Lambda-Id
X-G
X-Backend-Name
Section-Io-Id
X-Tec-Api-Version
X-Tumblr-Pixel-0
X-Tec-Api-Root
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tec-Api-Origin
X-Mg-Request-UUID
X-Debug-IsConnected
X-Mobile
X-Debug-IsPreview
X-Tumblr-User
X-Content-Powered-By
Charset
X-Storage
X-ServerID
X-Trace-Id
X-RTag
X-Framework
NGB
X-INCAP-ABP
X-Server-W
Ms-Operation-Id
MS-CV
X-App-Version
X-ProcessESI
X-RM-Cache-TTL
X-Akamai-Request-ID2
X-RemovedCookies
X-AB
X-Dc
X-N
X-Cache-Hit
X-Cache-Status-Check
Frame-Options
X-Cache-Time
Filterid
X-DataDome
X-Request-Bu
X-Request-Site
X-Request-Platform
Refresh
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Cache
X-Time
Accept-Language
Protected
X-Region
X-Real-IP
SRV
Webserver
X-Node-Name
X-B3-SpanId
X-Fastcgi-Cache
Paypal-Debug-Id
CDN-RequestId
Onion-Location
X-Ms-Version
X-Requestid
X-Ms-Request-Id
X-Oracle-Dms-Ecid
X-User-Agent
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Cross-Origin-Window-Policy
Liferay-Portal
X-CCDN-CacheTTL
X-VC-Cache
X-LB-Cache
X-HITS
X-Datadog-Parent-Id
X-Cache-Expired-At
X-F-Cache
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Whom
X-Datadog-Sampling-Priority
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Active
Priority
X-Rocket-Nginx-Serving-Static
X-Mode
OT-Force-Account-Verify
Xet-Cookie
GEO-INFO
X-L-Path
Backend
X-Environment-Context
X-HTML-Minification-Powered-By
X-Pass-Why
X-Proxy-Cache-Info
X-Drupal-Cache-Tags
X-Tb
X-Service
X-App-Environment
X-Rule
X-Cacheable-TTL
Url
X-Tncms
X-Is-Tablet
X-Tcp-Rtt
X-FW-Dynamic
X-Loop
X-FW-Hash
X-Is-Supported-Browser
X-JoinUs
X-Is-Mobile
X-Vcache
Meta-Geo
X-Zipkin-Id
Filters
X-Geo-Region
X-UPSTREAM-Address
X-Is-Desktop
X-SaId
X-Servername
X-MP-GENERATED-AT
X-FW-Type
X-Handled-By
LB
X-Cloudmap
X-Debug-Info
X-Extlb
X-FW-Version
X-Detected-As
X-Adobe-Source
X-FW-Static
X-FW-Serve
X-Routing-Service
X-FW-Server
X-Rn-Rsrv
X-Browser-Name
X-Rewrite-Enabled
X-Proxied
Property-Id
Fastcgi-Useragent
Country
X-Director
X-Forwarded-Host
X-Generation-Time
X-Format
X-Endurance-Cache-Level
X-Cdn-Origin
ServerID
X-Hit
X-Origin-Date
X-Varnish-Beresp-Grace
X-Web-Node
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Origin-Hint
X-Restarts
X-Cache-Host
X-Alternate-Cache-Key
TWC-GeoIP-DMA
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-GeoIP-City
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Region
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
Web-Mar-Node
TWC-Privacy
ServedBy
X-Locale
X-IPLB-Instance
X-IPLB-Request-ID
X-VC
X-Cluster-Node
X-Hosted-By
Uber-Trace-Id
Apigw-Requestid
X-Edge-Location
Atl-Traceid
Mn-Server-Ip
X-Logging-Id
X-Httpd
X-ProxyCache-Key
Environment
X-Cms-Context
X-ProxyCache-Status
X-Scope-Id
X-Soup
X-Wix-Request-Id
X-Skip-Cache
X-Cache-Action
X-BYPASS-REASON
X-Cluster
X-FB-TRIP-ID
X-Served-From
X-Say-Cacheable
X-S
X-Drupal-Cache-Contexts
X-Say-TTL
X-SayCDN-TTL
X-Redis-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Selected-Fe
X-Tumblr-Pixel-3
X-Urbn-Site-Id
X-PHP-Host
X-Labrador-Cache-Channel
X-Mly-Id
X-Origin
Locale
X-Proxy-Build
X-Urbn-Context-Path
X-Tumblr-Pixel-2
DB-Nickname
X-Auth-Group-Type
X-Origin-Cache
X-Timing-Wait
Cache-Hits
Expiry
X-Connection-Hash
X-Fetched-On
X-Yandex-Req-Id
X-R9-Blue-Green-Version
X-ECache
X-XRDS-Location
X-GEO
X-ShardId
X-RCS-CacheZone
X-VCT
X-B3-Traceid
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-Cache-Debug
X-No-Session
YJS-CacheStatus
X-Varnish-Cache-Hits
X-Is-Modern-Browser
Countrycode
Front
X-Varnish-Age
X-NewRelic-App-Data
X-Source
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Beresp-Ttl
X-SRV
Node
WPO-Cache-Status
X-UA
X-CDN-Forward
X-CLOUD-TRACE-CONTEXT
Xserver
X-Provided-By
X-Lagoon
X-Is-Mobile-Only
X-Api-Version
X-Platform
X-Webstats-RespID
X-Site-Version
X-Generated-By
Cache-Tv-Group
From-Origin
X-Accel-Version
X-Cdn
X-Azure-Ref-OriginShield
Referer-Policy
Cache-Provider
X-CDN-Cache-Status
X-Ua
X-TA-CDN-Provider
X-VC-TTL
X-CACHE-AGE
X-Signature
X-B-Cache
X-Xfnlog-Site
AMP-Access-Control-Allow-Source-Origin
X-Sucuri-Cache
X-NWS-UUID-VERIFY
X-PHP-Backend
Location
X-TT-LOGID
WPO-Cache-Message
Request-ID
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullCode
CF-IPCountry
CDN-RequestPullSuccess
X-Cache-Rule
CDN-CachedAt
X-Presslabs-Stats
X-Reqid
X-Cache-Operation
X-Optimistic-Header
CDN-Cache
CDN-Uid
X-Tt-Logid
X-IsAdmin
X-Tb-Optimization-Total-Bytes-Saved
X-Tx-Id
X-Sucuri-ID
X-Air-Pt
X-Vary-Devices
Apple-News-Services-Host
Odigeo-Trace-Id
Origin
X-ScT
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Slack-Shared-Secret-Outcome
X-BCube-Filmed-By
X-Ec-GeoHdr
X-Cache-NE
X-Worker
X-Ec-Fail
XM
X-Bl-Debug
Xc-Version
X-Vdms-Version
X-GeoCountry
X-Varnish-Authentication
Fl-Custom-Application
Ngx.Var.Host
Meta-Geo-Continent
Fastly-SSL
X-Ee-Request-Id
X-Ee-Request-Date
X-Ee-Origin
MD5-Digest
X-Cache-Aspx
X-GeoCode
X-Destination
X-Depends
X-Developer
X-Ee-Generated-By
Log-Origin
Lang
X-Section
RNT-Time
X-Ig-Origin-Region
X-Slack-Backend
X-A
X-Loc
X-A-Ccd
X-Sigma
DCR-Decision-By
X-Rocket-Build-Number
X-Core-Value
X-Micro-Cache
X-HS-Content-Campaign-Id
DCR-Processing-Time-Ms
X-Frame-Option
X-A-Dam
X-Aed
X-Action
X-Contensis-Viewer-Groups
X-VG-TLSProxy
X-AK-Request-ID
X-Fastly-Request-Id
X-Sigma-Backend
X-Ig-Push-State
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Access
X-Rojux
X-Application
X-D
Expect-Staple
RNT-Machine
Apple-News-Services-Handled
Candidate-Md5Url
X-External-Request-Id
X-Clientip
X-Conf
Redirect-Candidate
Rendered-Blocks
X-Save-Cache
X-Vtex-Remote-Cache
X-Origin-Expires
Sslversion
Time-Cloud-Cache
Cdnsip
X-S-Cookie
Cdncip
X-Cms-Device
X-Auto-Login
X-Viewer-Country
X-B-Cookie
Store-Cloud-Cache
X-Region-Sid
Country-Code
X-Shield-Cache-Expires
DSUID
X-CGP
Gannett-Cam-Experience-Id
Gh-Request-Id
X-Backend-Instance
X-Request-URI
V-Age
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
ServerName
TDXMobile
Web-Mar-Region
Wxu-Next-Commit
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-Accel-Expires-Debug
Wxu-Next-Region
Wxu-Next-Hostname
Server-Host
RewriteTestHook
X-Bug-Bounty
Nord-Request-ID
L5d-Success-Class
L
X-Render-Time
Origin-Agent-Cluster
Origin-CC
Req-Svc-Chain
RewriteTeamHook
X-BBC-Edge-Cache-Status
X-Bc-Bl
Origin-EX
Ha-Gx-Prefs
X-V-Cache
X-GoCache-CacheStatus
X-Old-Content-Length
X-Node-Id
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Forwarded-Site
X-From
X-ApacheServer
X-Gdpr
X-LSADC-Cache
Cluster
X-Eu-Site
X-Varnish-Remaining-TTL
X-Content-Age
X-GeoIP-City
X-We-Are-Hiring
Host-ID
X-Fmm-Version
X-PAYTM-SRV-ID
X-Ion-Healthy
X-Origin-Time
X-Internal-TTL
X-Ion-Hop
X-Varnish-Hostname
X-VG-WebCache
X-Path
X-Jungle-Id
X-Level-Front-Cache
X-Nyt-Route
X-Akamai-Device-Characteristics
X-Moov-T
X-Hash
X-PERF
X-Req
X-SD-PageType
X-Men
X-Epic-Correlation-Id
X-Generated-On
X-Sn-Servicetimems
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-SRCache-Key
X-Debug-Cache-Store
X-Thinkindot-L3
X-DefHash
X-DefElseHash
Azure-SlotName
Azure-Version
X-Csrf-Jwt
X-Content-Length
Cmsid
Cmstype
X-CUA
CDCHOST
X-Debug-Cache-Fetch
Cache-Contol
X-Date
X-UA-Device-Type
X-Thinkindot-L1
X-Up
X-Ec-Custom-Error
X-Pubstack
X-Uri
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Varnish-Director
X-Varnish-CookieINHashed-On
X-Fastly-Backend
X-FC-Vary-Parameters
X-Bip
X-Edge-Server
X-Block-Status
X-Gen-Mode
X-CacheTTL
X-GeoIP-Region-Code
X-Cache-FS-Status
X-Gamma-Serve
X-Proto
X-Policy
X-GeoIP-Country-Code
X-B3-Trace-ID
X-DPWN-IS-SECURE
X-Human
X-NMSegId
X-Hnp-Log
X-App-Name
X-Cache-Date
X-Vercel-Cache
Content-Script-Type
X-SIPLIST1
Click-Count-Error
Click-Count-Action-Start
Content-Style-Type
PFcat
X-Amz-Storage-Class
X-Server-IP
X-AB-Test
Fastly-Backend-Name
Cdn-Request-Time
Cdn-Host
X-Vmg-Version
X-SVT-ORM-VERSION
X-Vercel-Id
X-Thanos
X-SVT-ORM-RULES
C-Via
X-Wikidot-Static-Cache
X-Wikidot-Backend
CacheControlHeader
N-Cache
X-Org
Tube-Got-Eval
Tube-Get-Contents
X-HN
Release
Tube-Got-Results
Tube-Return
We-Hiring
X-Op-Id-All
User-Cache-Control
X-Dispatcher-Server
Producers
X-SB
IsBot
X-VarnishDD-TTL
X-Via-Fastly
X-Litespeed-Cache-Control
Mail-Subject
Pragrma
Platform
Origin-Site
NM-Fastcgi-Cache
X-AWS-Id
Fastly-Drupal-HTML
X-VWS-Id
X-LJ-Flow-ID
X-Parent-Response-Time
Machine
X-Esi-Check
X-ZONE
Canary
X-Mvc-Supplant-Cachable
Source
Sid
Fastly-GeoIP-CountryCode
X-Gzip
X-Cache-Id
X-Location
X-ElasticPress-Query
X-Litespeed-Tag
X-Pad
Powered-By
X-Proxied-Request
X-Origin-Response-Time
X-Mvc-Supplant-OutputCached
X-Cs
S-Rt
Debug
X-Upstream-Ct
Product
X-Upstream-Ht
X-TH-Server
CloudFront-Viewer-Country
Vix-Hermes-Req-Id
X-Refresh
X-Cached-By
X-NGINX-Cache
X-Nananana
NGX
HA-Ipaddr
X-ND-Cache
Mime-Version
X-Via-Popv
Pics-Label
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popn
X-Via-Poph
X-Cache-VC
GeoIP-Latitude
X-HA-Backend
X-Datadome
X-Servedbyhost
X-APP
X-Varnish-Hits
X-Nginx-Cache
Cookie
X-Ah-Environment
Server-ID
X-DynaTrace-JS-Agent
X-Cdn-Forward
X-AIR-PT
Edge-Cache
X-LB-ID
X-User
GeoIp-Country-Code
X-Wa
X-Srv
X-Nc
X-GeoIP
X-Fpc
MIME-Version
X-Webkit-CSP
X-B3-Parentspanid
HostName
X-LB-NoCache
Akamai-Mon-Iucid-Del
Surrogated-Key
DataCenter
X-Request-Start
X-FORWARDED-FOR
WZWS-RAY
X-Nginx-Cache-Key
SID
X-Unity-Cache
X-Zone
Resin-Trace
Yjs-Id
X-Debug-Service
X-Scheme
Load-Balancing
Fastly-Drupal-Html
X-Client-Ip
X-B3-Spanid
Cdn
Server-Ext
Sever-Int
Show-Do-Not-Sell-Link
True-Client-Country-4JS
Server-Hostname
X-CS
X-Pool
N1-Cache
X-Request-Host
Tcn
X-NodeID
X-Newrelic-Synthetics
X-RequestId
X-Lsadc-Cache
X-VCL-Version
Sm-Log-Id
Lb
X-Service-Response-Time
Wsr-Cache
X-Cache-Backend
X-Cache-Grace
Traceparent
NtCoent-Length
X-Vc
X-Vgn-Hpd-Reason
X-DynaTrace
X-DataCenter
X-TX-ID
Yak-Timeinfo
X-HOST
Edge-Copy-Time
X-Via-SSL
X-LiteSpeed-Cache-Control
X-Datacenter
X-Via-Edge
X-Via-CDN
X-NODE
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-HubSpot-Correlation-Id
X-API-Version
X-Zen-Fury
X-CDN-Provider
X-Geolocation
X-RateLimit-Limit
Datacenter
X-Jobs
Cdn-Requestid
X-WA
X-Udemy-Cache-App-Namespace
CDN
Req-ID
Hostname
Serverhost
X-Html-Minification-Powered-By
X-LiteSpeed-Tag
X-Dynatrace-Js-Agent
X-Fastly-Backend-Reqs
X-Cdn-Srv
GeoIP-Country-Code
X-ID
A
X-FPC
XkeyR9
Xkeylog
X-Proxy-Cache-La3
Uri
X-Proxy-CacheR9
Xkey-La3
X-NC
X-Ez-Minify-Html
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-VTEX-Cache-Server
Server-Id
X-Akamai-Pragma-Client-IP
WP-Super-Cache
X-Lb-Id
True-Client-IP
CountryCode
X-Via-JSL
X-TimeS
Esi-Enabled
T-Server
X-Stale
RATING
Proxy-Firewall
X-Ez-Minify-Js
X-Srcache-Fetch-Status
On-Server
X-Srcache-Store-Status
Cs
Geoip-Latitude
X-Correlation-ID
X-Webkit-Csp-Report-Only
Srv
X-Varnish-Beresp-TTL
From-Cache
X-Lb-Nocache
X-LAGOON
X-App
Coldstone-Viewer-Country
X-WA-Info
Coldstone-Viewer-Currency
X-Swift-Error
X-ServedByHost
ServerHost
X-VC-Age
Coldstone-Viewer-Country-Region-Name
X-Oracle-DMS-ECID
WebServer
Cloudfront-Viewer-Country
X-HA-Device-Type
X-Styx-Info
Cr
Pramga
X-Styx-Origin-Id
X-CSRF-TOKEN
X-HA-Application-Name
X-HA-Bot-Classification
X-Ha-Backend
Ngx
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-TIM-N
X-Via-PopH
X-Via-PopN
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
BehaviorPad-Version
X-Var-Ttl
Content-Secure-Policy
FSS-Cache
X-MSEdge-Features
X-Fastly-Cache
X-Via-PopV
X-MSEdge-Flight
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
W
X-Web-Server
X-Geo
X-Check-Cacheable
X-Cdn-Cache-Status
X-Proxy-Cache-LA2
X-Elasticpress-Query
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Request-Url
X-Wp-Cf-Super-Cache-Active
X-ATG-Version
My-App
X-Request-Time
X-Nitro-Cache
X-DC
X-Serial
Akamai-X-True-TTL
X-Sucuri-Id
Cf-Ipcountry
True-Client-Ip
Xkey-G-Jp
X-Ramcache
User-Agent
Cl-Cache
X-Cache-TTL-Remaining
X-Mg-Cache
Host-Name
X-Env
FSS-Proxy
X-Fastly-Cache-Status
Bxuuid
X-Fastly-Cache-Hits
Cneonction
Bxpunish