Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
Cf-Request-Id
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Cf-Apo-Via
X-Via
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-Vhost
X-Cache-Group
Keep-Alive
X-Dispatcher
X-AH-Environment
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
P3p
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-LiteSpeed-Cache
X-FTR-Request-ID
X-Litespeed-Cache
X-Node
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Ruxit-JS-Agent
X-Server-Id
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-Country
Fastly-Restarts
X-TraceId
X-Clacks-Overhead
X-Content-Type
X-Application-Context
Rating
X-Vname
X-TtlSet
X-PC
Request-Id
X-Times
X-Cnection
X-ESI
X-Cache-TTL
X-Edge
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Mcache
X-Country-Code-Real
X-Midtier
X-Browser-Type
X-FTR-Backend-Server
Surrogate-Key
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Abt-Application-Version
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-NWS-LOG-UUID
X-Element-Page-Cache
Verso
X-D2id
X-B3-TraceId
X-ORACLE-DMS-RID
X-Upstream
X-ECACHE
X-Amz-Rid
X-Mod-Pagespeed
X-FastCGI-Cache
Nginx-Cache
X-Nf-Request-Id
Pagespeed
X-Middleton-Display
Display
X-Client-IP
X-Sol
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-GitHub-Request-Id
Akamai-GRN
X-Language
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Middleton-Response
Response
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
S
X-Goog-Hash
Edge-Cache-Tag
X-Resp-Is-Stale
AR-Request-ID
X-MS-InvokeApp
AR-ATIME
X-ARC
AR-PoweredBy
X-Ua-Device
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Content-Digest
X-Distributor
X-Url
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
Access-Control-Request-Method
X-Dw-Request-Base-Id
Front-End-Https
X-Cache-Key
X-NGENIX-Cache
X-Ezoic-Cdn
X-Recruiting
X-Shield-Request-Id
RTSS
Cache-Status
X-Amzn-Trace-Id
X-Ttl
X-Version
X-Powered-CMS
X-Forwarded-For
Public-Key-Pins
X-MSEdge-Ref
X-T
X-Mg-S
Fastcgi-Cache
TP-Cache
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Accel-Expires
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Server-Name
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Varnish-TTL
X-Fastly-Request-ID
Cache-Tags
X-Cluster-Name
X-Id
X-Cached
X-CST
AR-CACHE
X-Newrelic-App-Data
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
Payment
X-DIS-Request-ID
X-Kong-Upstream-Latency
X-Ua-Browser
X-Xrds-Location
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-ORACLE-DMS-ECID
X-GUploader-UploadID
Content-MD5
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Cambria-Cache-Control
X-RateLimit-Remaining
X-HS-CF-Cache-Status
X-HS-Prerendered
X-TTL
Count-Hit
X-Oneagent-Js-Injection
X-Ratelimit-Remaining
Content-Disposition
X-Azure-Ref
X-Amz-Replication-Status
X-Webkit-Csp
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-Px
Cross-Origin-Resource-Policy
X-Page-Id
Accept-Charset
X-Unique-Id
Cleartype
X-Ruxit-Js-Agent
X-Logged-In
X-Microsite
X-Request-Handler-Origin-Region
X-Proxy
X-Ratelimit-Reset
X-FB-Debug
X-Git-Hash
X-Load-Cache
X-Origin-Server
X-Protected-By
X-Rid
X-Activity-Id
X-Az
X-AppVersion
X-Hits
X-Www-Served-By
X-VARITI-CCR
X-LLID
X-Goog-Metageneration
Cross-Origin-Embedder-Policy
X-Template
X-Varnish-Backend
X-Server-ID
MicrosoftSharePointTeamServices
YJS-ID
Version
X-Forwarded-Proto
Server-Node
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
X-URL
X-Upgrade-Enabled
X-Amzn-RequestId
X-Amz-Apigw-Id
Ar-SID
X-Frontend
X-NF-Request-ID
X-Varnish-Ttl
X-Content-Options
X-Hostname
X-Varnish-Server
X-SERVER-NAME
X-B3-Sampled
Section-Io-Cache
X-App-Server
X-TT
Viewport
X-Varnish-Grace
X-Status
X-Device-Type
X-B
Mrf-Cache-Status
X-B3-TraceId-Primal
Fastly-SIE
Fastly-SWR
X-Grace
MRF-Tech
X-Fb-Rlafr
Alternate-Protocol
Access-Control-Allow-Method
TCN
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Upgrade-Insecure-Requests
Healthy
X-Cache-Age
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Request-Guid
X-Wormhole-Sdk
Host
X-Magnolia-Registration
Amp-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-Buckets
X-EdgeConnect-Cache-Status
X-Request-Device-Id
X-CSRF-Token
DC
X-Debug
AR-SID
Retry-After
AKAMAI-GRN
X-Contextid
X-Amzn-Remapped-Content-Length
X-Cache-Control
X-WebKit-CSP-Report-Only
MS-Author-Via
X-Revision
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Response-Served-From
X-Original-Request-Id
X-Instance
X-Vcl-Version
X-NYM-Debug-Backend
X-Is-Bot
X-Rendered-As
X-Type
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Adobe-Content
X-Adobe-Loc
X-Backend-Name
X-G
X-Akamai-Edgescape
Section-Io-Id
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
Access-Control-Request-Headers
X-Lambda-Id
X-Origin-CC
X-Origin-TTL
X-Seen-By
Charset
X-ServerID
X-Content-Powered-By
X-Mg-Request-UUID
X-Trace-Id
X-Cache-Hit
X-Framework
X-RM-Cache-TTL
X-Server-W
X-Debug-IsConnected
X-Debug-IsPreview
NGB
SD-X-WS
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-UUID
X-Tumblr-User
X-Storage
X-Meli-Trace-Platform
X-Dc
X-Meli-Trace-Site
X-Hl-Ver
X-Meli-Trace-Bu
X-Tumblr-Pixel-0
X-INCAP-ABP
X-COUNTRY
X-AB
X-N
X-DataDome
X-App-Version
X-Akamai-Request-ID2
X-Mobile
Ms-Operation-Id
MS-CV
X-RTag
X-Cache-Time
X-Cache-Status-Check
X-ProcessESI
Filterid
X-RemovedCookies
Refresh
X-Time
X-Request-Bu
X-Request-Platform
X-Request-Site
Protected
X-Tec-Api-Version
VIX-Pulpo-Upstream-Status
Frame-Options
VIX-Pulpo-Node
X-Tec-Api-Origin
X-Tec-Api-Root
SRV
X-Real-IP
X-Region
X-B3-SpanId
Accept-Language
Cache
X-Node-Name
Webserver
X-LB-Cache
CDN-RequestId
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Cross-Origin-Window-Policy
X-User-Agent
Paypal-Debug-Id
X-Hcs-Proxy-Type
X-Ms-Request-Id
X-Ms-Version
Onion-Location
Liferay-Portal
X-Whom
X-F-Cache
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
Priority
X-Cache-Expired-At
X-IPS-LoggedIn
Request-ID
X-HTML-Minification-Powered-By
X-VC-Cache
X-WP-CF-Super-Cache-Active
X-Mode
OT-Force-Account-Verify
Backend
X-Rocket-Nginx-Serving-Static
Xet-Cookie
X-Proxy-Cache-Info
X-App-Environment
X-L-Path
X-Pass-Why
GEO-INFO
X-Tb
X-VC
X-Requestid
X-Environment-Context
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-Drupal-Cache-Tags
X-FW-Serve
X-FW-Version
X-FW-Type
X-FW-Static
Url
X-Loop
Filters
Web-Mar-Node
X-Adobe-Source
X-Extlb
X-Cloudmap
ServerID
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Tncms
X-SaId
X-Proxied
X-Service
X-Detected-As
X-Servername
X-Handled-By
X-MP-GENERATED-AT
X-Rn-Rsrv
X-Routing-Service
X-JoinUs
Fastcgi-Useragent
X-Vcache
Meta-Geo
X-Debug-Info
X-Oracle-Dms-Ecid
X-Zipkin-Id
X-Is-Mobile
X-Format
X-Cache-Host
Country
X-Is-Tablet
X-Shopify-Stage
X-Is-Supported-Browser
X-Alternate-Cache-Key
X-Tcp-Rtt
X-Endurance-Cache-Level
TWC-GeoIP-City
X-Restarts
TWC-GeoIP-Country
TWC-GeoIP-DMA
X-Web-Node
X-Logging-Id
TWC-Device-Class
X-Origin-Hint
X-Forwarded-Host
X-Origin-Date
ServedBy
TWC-Connection-Speed
Property-Id
X-Browser-Name
TWC-GeoIP-LatLong
X-Hosted-By
Webcakes-Region
X-Hit
X-Storefront-Renderer-Rendered
X-Geo-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-Region
TWC-Privacy
X-Varnish-Beresp-Grace
X-Director
X-Is-Desktop
Atl-Traceid
LB
X-HITS
X-IPLB-Instance
X-IPLB-Request-ID
X-Httpd
Mn-Server-Ip
Apigw-Requestid
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Locale
X-ProxyCache-Status
X-Cache-Action
X-BYPASS-REASON
X-Cluster
X-Cluster-Node
X-Edge-Location
X-ProxyCache-Key
Uber-Trace-Id
X-FB-TRIP-ID
X-Cms-Context
X-Drupal-Cache-Contexts
X-Labrador-Cache-Channel
X-PHP-Host
X-Redis-Cache
X-Skip-Cache
X-Scope-Id
X-Cdn-Origin
X-Generation-Time
X-Wix-Request-Id
X-S
X-Soup
Environment
X-Mly-Id
X-RateLimit-Remaining-Second
X-Fetched-On
DB-Nickname
X-RateLimit-Limit-Second
X-Rule
X-Served-From
X-Origin
X-Urbn-Site-Id
X-Auth-Group-Type
X-Urbn-Context-Path
Locale
X-Timing-Wait
Cache-Hits
X-Source
Selected-Fe
X-Proxy-Build
X-ECache
X-R9-Blue-Green-Version
X-Connection-Hash
X-GEO
X-ShopId
X-ShardId
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Sorting-Hat-PodId
Expiry
X-Origin-Cache
X-Sorting-Hat-ShopId
Countrycode
X-RCS-CacheZone
X-Varnish-Cache-Hits
X-VCT
Front
X-Cache-Debug
X-No-Session
X-Varnish-Age
X-UA
WPO-Cache-Status
YJS-CacheStatus
X-WP-CF-Super-Cache-Cookies-Bypass
X-Lagoon
X-Is-Modern-Browser
X-Yandex-Req-Id
X-SRV
X-Varnish-Beresp-Ttl
Node
X-CLOUD-TRACE-CONTEXT
Xserver
X-Api-Version
X-CDN-Forward
X-Webstats-RespID
X-XRDS-Location
X-Generated-By
From-Origin
X-Site-Version
Cache-Provider
X-Platform
X-TA-CDN-Provider
X-Provided-By
X-Is-Mobile-Only
Referer-Policy
X-Cdn
Cache-Tv-Group
X-Azure-Ref-OriginShield
X-B3-Traceid
X-TT-LOGID
X-Xfnlog-Site
X-Accel-Version
X-NewRelic-App-Data
X-B-Cache
X-Signature
X-CDN-Cache-Status
X-VC-TTL
CF-IPCountry
X-Sucuri-Cache
WPO-Cache-Message
X-Sucuri-ID
X-NWS-UUID-VERIFY
X-Ua
CDN-Cache
X-Reqid
CDN-CachedAt
X-Air-Pt
CDN-PullZone
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
X-PHP-Backend
CDN-EdgeStorageId
X-Tx-Id
Location
X-Cache-Rule
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Operation
AMP-Access-Control-Allow-Source-Origin
X-Content-Age
X-CACHE-AGE
X-IsAdmin
X-Frame-Option
X-Fmm-Version
X-Forwarded-Site
Apple-News-Services-Handled
X-GeoCode
X-Ig-Origin-Region
X-Developer
Odigeo-Trace-Id
Origin
X-VG-WebCache
X-Vtex-Remote-Cache
Ngx.Var.Host
XM
Xc-Version
X-Ig-Push-State
MD5-Digest
Apple-News-Services-Parsed-Url
X-Ec-GeoHdr
Expect-Staple
X-GeoCountry
Apple-News-Services-Request-Url
DCR-Processing-Time-Ms
Cdncip
Cdnsip
DCR-Decision-By
Fastly-SSL
X-Destination
Apple-News-Services-Host
Candidate-Md5Url
Meta-Geo-Continent
X-Ec-Fail
Log-Origin
Fl-Custom-Application
X-HS-Content-Campaign-Id
Lang
X-External-Request-Id
X-Varnish-Director
X-Access
X-Auto-Login
X-Application
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-B-Cookie
X-Varnish-Authentication
X-A-Wwc
X-Bl-Debug
X-BCube-Filmed-By
X-Slack-Backend
X-Sigma-Backend
X-Rocket-Build-Number
X-Action
X-Aed
X-AK-Request-ID
X-S-Cookie
X-ScT
X-Sigma
X-Section
X-Request-URI
X-A-Dgt
X-Origin-Expires
X-Vdms-Version
X-Rojux
X-Loc
X-D
RNT-Time
RNT-Machine
Redirect-Candidate
Rendered-Blocks
X-Depends
Sslversion
Web-Mar-Region
X-A-Ccd
X-Old-Content-Length
X-A-Dcw
X-Cache-Aspx
X-Cache-NE
X-Conf
X-Micro-Cache
X-A
X-Contensis-Viewer-Groups
X-VG-TLSProxy
X-A-Dam
X-Optimistic-Header
X-Fastly-Request-Id
X-Tt-Logid
IsBot
L5d-Success-Class
L
X-CGP
X-Moov-T
X-Block-Status
X-Bug-Bounty
X-Varnish-Remaining-TTL
X-Clientip
Ha-Gx-Prefs
X-Varnish-CookieHashed-On
X-Date
X-DefElseHash
X-DefHash
X-Csrf-Jwt
Gannett-Cam-Experience-Id
X-Moov-Xdn-Caching-Status
Gh-Request-Id
X-Varnish-CookieINHashed-On
X-Content-Length
X-Men
X-BBC-Edge-Cache-Status
X-We-Are-Hiring
ServerName
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
Wxu-Next-Hostname
V-Age
User-Cache-Control
X-Internal-TTL
Wxu-Next-Commit
Req-Svc-Chain
X-Aicache-OS
Origin-EX
Origin-CC
Origin-Agent-Cluster
DSUID
X-Backend-Instance
X-Litespeed-Tag
X-Akamai-Device-Characteristics
X-App-Name
X-Moov-Xdn-Version
X-Bc-Bl
X-CUA
Azure-RegionName
Azure-InstanceId
X-GeoIP-City
X-GeoIP-Country-Code
Azure-SiteName
Azure-SlotName
X-From
X-Varnish-Beresp-Status
Azure-Version
X-GeoIP-Region-Code
X-Path
X-Human
X-Pubstack
X-Policy
X-SIPLIST1
X-Hnp-Log
X-Sn-Servicetimems
X-GoCache-CacheStatus
X-Hash
CDCHOST
X-Gen-Mode
X-Eu-Site
X-Up
X-Fastly-Backend
X-UA-Device-Type
Cmstype
X-Epic-Correlation-Id
Country-Code
X-Ec-Custom-Error
X-Uri
X-FC-Vary-Parameters
Cmsid
X-LSADC-Cache
X-Cache-FS-Status
X-Wikidot-Backend
We-Hiring
X-CacheTTL
X-Req
X-Cache-Id
X-Wikidot-Static-Cache
X-DPWN-IS-SECURE
X-Server-IP
X-V-Cache
X-Worker
X-SD-PageType
X-Shield-Cache-Expires
X-Edge-Server
X-B3-Trace-ID
X-SVT-ORM-RULES
X-Vercel-Id
X-Varnish-Hostname
X-SVT-ORM-VERSION
X-Vercel-Cache
X-Thinkindot-L1
X-Gamma-Serve
X-Thinkindot-L3
X-Esi-Check
X-Gdpr
X-Mvc-Supplant-Cachable
X-Gzip
Tube-Return
X-Ee-Generated-By
Machine
X-NMSegId
X-Ee-Origin
Fastly-GeoIP-CountryCode
X-Ee-Request-Date
X-Vary-Devices
X-Nyt-Route
Time-Cloud-Cache
Store-Cloud-Cache
X-Cms-Device
X-Core-Value
NM-Fastcgi-Cache
Fastly-Backend-Name
X-PERF
CacheControlHeader
Cdn-Host
C-Via
X-Save-Cache
X-Origin-Time
X-Viewer-Country
Cdn-Request-Time
X-Level-Front-Cache
X-Generated-On
X-Ee-Request-Id
Cluster
Click-Count-Error
Click-Count-Action-Start
Host-ID
Mail-Subject
TDXMobile
Thinkindot-CacheControl
X-PAYTM-SRV-ID
Tube-Got-Eval
X-Node-Id
Tube-Get-Contents
Release
X-ApacheServer
Thinkindot-CacheControl-Type
Producers
X-Region-Sid
Tube-Got-Results
Pragrma
Platform
X-Presslabs-Stats
X-Parent-Response-Time
X-Ion-Healthy
Content-Script-Type
Content-Style-Type
X-AB-Test
X-Render-Time
X-SB
X-HN
X-Jungle-Id
X-Org
X-Thanos
X-Origin-Response-Time
X-Dispatcher-Server
Nord-Request-ID
X-TH-Server
X-Proto
X-Vmg-Version
X-Ion-Hop
RewriteTeamHook
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Amz-Storage-Class
X-VarnishDD-TTL
N-Cache
X-Bip
X-Via-Fastly
X-Cache-Date
X-Proxied-Request
Server-Host
X-Mvc-Supplant-OutputCached
Fastly-Drupal-HTML
Cache-Contol
RewriteTestHook
X-Op-Id-All
PFcat
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
Source
X-Cs
X-Litespeed-Cache-Control
Product
X-Location
Origin-Site
X-ElasticPress-Query
Canary
Sid
X-Cached-By
X-ZONE
S-Rt
Powered-By
HA-Ipaddr
X-Amz-Meta-Cb-Modifiedtime
NGX
Debug
X-Pad
X-Nginx-Cache
X-Refresh
X-Via-Popv
X-APP
X-Via-Popn
Vix-Hermes-Req-Id
CloudFront-Viewer-Country
X-Cache-VC
X-Via-Poph
X-NGINX-Cache
GeoIP-Latitude
X-Nananana
Mime-Version
X-HA-Backend
X-Servedbyhost
Pics-Label
X-ND-Cache
Cookie
X-LB-ID
X-Varnish-Hits
X-Upstream-Ct
Edge-Cache
X-Upstream-Ht
Server-ID
X-Ah-Environment
X-User
X-Cdn-Forward
X-AIR-PT
MIME-Version
X-Datadome
X-Wa
X-Srv
X-Nc
X-GeoIP
X-LB-NoCache
X-Fpc
HostName
X-DynaTrace-JS-Agent
Surrogated-Key
Akamai-Mon-Iucid-Del
SID
X-Webkit-CSP
X-Zone
X-Request-Start
GeoIp-Country-Code
X-B3-Parentspanid
WZWS-RAY
X-Scheme
Resin-Trace
X-Debug-Service
DataCenter
X-Nginx-Cache-Key
X-Unity-Cache
Fastly-Drupal-Html
N1-Cache
X-Pool
True-Client-Country-4JS
Sever-Int
X-NodeID
X-Request-Host
Server-Ext
Server-Hostname
X-CS
X-RequestId
Cdn
X-DynaTrace
X-LiteSpeed-Cache-Control
Load-Balancing
Tcn
X-Cache-Grace
Show-Do-Not-Sell-Link
X-Lsadc-Cache
X-VCL-Version
Yak-Timeinfo
Lb
X-Cache-Backend
NtCoent-Length
X-Vgn-Hpd-Reason
X-Service-Response-Time
X-DataCenter
Sm-Log-Id
Wsr-Cache
X-B3-Spanid
X-FORWARDED-FOR
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Yjs-Id
Traceparent
X-Newrelic-Synthetics
X-Datacenter
X-HOST
Edge-Copy-Time
X-Geolocation
X-Via-SSL
X-Zen-Fury
X-Via-CDN
X-Via-Edge
X-TX-ID
X-Vc
X-NODE
X-Webkit-Csp-Report-Only
Req-ID
X-HubSpot-Correlation-Id
X-Client-Ip
X-Jobs
X-RateLimit-Limit
X-WA
Serverhost
X-CDN-Provider
X-API-Version
Cdn-Requestid
GeoIP-Country-Code
CDN
X-Fastly-Backend-Reqs
Datacenter
X-Cdn-Srv
X-LiteSpeed-Tag
X-Powered-By-VTEX-Cache
Hostname
X-Dynatrace-Js-Agent
Xkeylog
X-Proxy-CacheR9
X-Proxy-Cache-La3
Xkey-La3
X-FPC
X-Udemy-Cache-App-Namespace
X-VTEX-Cache-Server
X-VTEX-Cache-Time
Uri
WP-Super-Cache
X-ID
XkeyR9
X-NC
Server-Id
True-Client-IP
X-Akamai-Pragma-Client-IP
X-Html-Minification-Powered-By
A
X-TimeS
X-Stale
T-Server
Geoip-Latitude
X-Lb-Id
Coldstone-Viewer-Currency
X-WA-Info
On-Server
Coldstone-Viewer-Country
RATING
Proxy-Firewall
Coldstone-Viewer-Country-Region-Name
X-Ez-Minify-Js
Srv
X-ServedByHost
Esi-Enabled
ServerHost
From-Cache
X-Via-JSL
X-Swift-Error
X-Varnish-Beresp-TTL
X-Lb-Nocache
X-Oracle-DMS-ECID
CountryCode
WebServer
Cloudfront-Viewer-Country
X-Ha-Backend
X-CSRF-TOKEN
X-App
BehaviorPad-Version
Cs
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
Cr
X-Styx-Info
X-VC-Age
X-HA-Device-Type
X-Styx-Origin-Id
X-HA-Application-Name
X-MSEdge-Features
X-MSEdge-Flight
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-HA-Bot-Classification
Pramga
X-Via-PopV
X-Via-PopH
X-Web-Server
X-Fastly-Cache
FSS-Cache
X-Via-PopN
Ngx
X-Correlation-ID
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Ez-Minify-Html
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Request-Time
X-Geo
X-Elasticpress-Query
X-Cdn-Cache-Status
Content-Secure-Policy
X-Shardid
X-Var-Ttl
X-Check-Cacheable
X-Shopid
X-TIM-N
X-Nitro-Cache
X-Th-Server
My-App
W
X-Serial
X-Ramcache
X-Proxy-Cache-LA2
X-Wp-Cf-Super-Cache-Active
User-Agent
X-DC
True-Client-Ip
Akamai-X-True-TTL
X-Fastly-Cache-Status
X-Request-Url
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-ATG-Version
Cf-Ipcountry
Ohc-Cache-HIT
Ohc-File-Size
X-VServer
X-Cache-TTL-Remaining
Cneonction
Warning
X-Mg-Cache
FSS-Proxy
X-Sucuri-Id
X-Fastly-Cache-Hits
Host-Name
X-Beacon
Bxpunish
Bxuuid
X-Env
X-Platform-Server