Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
Cf-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
Keep-Alive
X-Vhost
X-Cache-Group
X-AH-Environment
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Device
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-LiteSpeed-Cache
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Server-Id
X-Cloud-Trace-Context
X-Readtime
X-Ruxit-JS-Agent
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
P3p
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Country
X-Content-Type
X-Clacks-Overhead
X-Application-Context
X-TtlSet
X-PC
X-Vname
X-Times
Rating
X-Cnection
X-Cache-TTL
X-Browser-Type
X-Mcache
X-ESI
X-Edge
X-Midtier
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Country-Code-Real
X-Ac
X-FTR-Expires
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Abt-Application-Version
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-D2id
X-Element-Page-Cache
X-FastCGI-Cache
X-NWS-LOG-UUID
Verso
X-Ua-Device
X-Nf-Request-Id
X-Upstream
X-ECACHE
X-ORACLE-DMS-RID
X-Navigation-Version
X-Mod-Pagespeed
Nginx-Cache
X-B3-TraceId
X-Amz-Rid
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-GitHub-Request-Id
X-Client-IP
X-Language
Response
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Middleton-Response
X-Erf-Bev-Bev-Is-Generated
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
Akamai-GRN
S
Edge-Cache-Tag
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-MS-InvokeApp
X-Goog-Hash
X-Resp-Is-Stale
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Url
X-Distributor
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
X-Content-Digest
SPRequestGuid
Access-Control-Request-Method
Front-End-Https
X-Cache-Key
X-Dw-Request-Base-Id
X-Ezoic-Cdn
X-NGENIX-Cache
X-Shield-Request-Id
X-Recruiting
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
Public-Key-Pins
X-Oneagent-Js-Injection
X-Mg-S
TP-Cache
X-Varnish-TTL
X-Ttl
Fastcgi-Cache
X-T
X-Forwarded-For
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Correlation-Id
X-Ismobilevalue
Realpath
Cache-Tags
X-Cluster-Name
X-Fastly-Request-ID
X-Id
X-Cached
AR-CACHE
X-Server-Name
X-HS-Combine-CSS
X-Ruxit-Js-Agent
X-CST
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Payment
X-Request-Processing-Time
Content-MD5
X-Request-Received
X-TTL
X-Ua-Browser
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
X-Newrelic-App-Data
X-GUploader-UploadID
X-RateLimit-Remaining
X-HP-Trace-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Jurisdiction
X-HS-Prerendered
X-Xrds-Location
X-HS-CF-Cache-Status
X-ORACLE-DMS-ECID
Content-Disposition
X-Ratelimit-Remaining
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-Webkit-Csp
X-Px
X-Request-Handler-Origin-Region
X-Unique-Id
X-Page-Id
Cross-Origin-Resource-Policy
X-Microsite
X-Ratelimit-Reset
Accept-Charset
X-Logged-In
X-Proxy
X-Protected-By
X-SRCache-Store-Status
Cleartype
X-FB-Debug
X-Git-Hash
X-Az
X-SRCache-Fetch-Status
Cross-Origin-Embedder-Policy
X-Origin-Server
X-AppVersion
X-Activity-Id
X-Rid
YJS-ID
X-VARITI-CCR
X-Www-Served-By
X-Template
X-Load-Cache
X-PressLabs-Stats
X-LLID
X-Goog-Metageneration
X-Varnish-Backend
MicrosoftSharePointTeamServices
Version
Ar-SID
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Proto
X-Hits
X-Geo-Country
Server-Node
Server-Name
X-SERVER-NAME
X-Upgrade-Enabled
X-URL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Request-Device-Id
X-Hostname
X-Frontend
X-B3-Sampled
X-Content-Options
Section-Io-Cache
X-Varnish-Server
X-Varnish-Grace
X-TT
MRF-Tech
X-App-Server
X-B3-TraceId-Primal
X-Device-Type
Mrf-Cache-Status
X-B
Fastly-SWR
Fastly-SIE
X-Fb-Rlafr
Alternate-Protocol
X-Grace
Viewport
X-Status
Access-Control-Allow-Method
TCN
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Varnish-Ttl
Healthy
X-Goog-Stored-Content-Length
Upgrade-Insecure-Requests
AKAMAI-GRN
X-Server-ID
X-Request-Guid
X-NF-Request-ID
Amp-Access-Control-Allow-Source-Origin
X-Tt-Trace-Host
Host
X-Tt-Trace-Tag
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Magnolia-Registration
X-Meli-Trace-Site
X-CSRF-Token
X-COUNTRY
X-Buckets
X-Cache-Age
X-WebKit-CSP-Report-Only
DC
X-EdgeConnect-Cache-Status
X-Debug
Retry-After
X-Amzn-Remapped-Content-Length
X-Contextid
X-Cache-Control
X-Wormhole-Sdk
MS-Author-Via
X-Revision
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Type
AR-SID
X-Response-Served-From
X-Original-Request-Id
X-Origin-TTL
X-Adobe-Content
X-Adobe-Loc
X-Origin-CC
X-Yottaa-Metrics
X-UUID
X-Yottaa-Optimizations
X-Is-Bot
Access-Control-Request-Headers
X-Instance
X-Akamai-Edgescape
X-Lambda-Id
Cross-Origin-Opener-Policy-Report-Only
X-G
X-Rendered-As
Cross-Origin-Embedder-Policy-Report-Only
X-NYM-Debug-Backend
SD-X-WS
X-Hl-Ver
X-Seen-By
X-Backend-Name
X-Debug-IsPreview
X-Content-Powered-By
Section-Io-Id
X-Debug-IsConnected
X-Framework
X-Mobile
X-Trace-Id
X-ServerID
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-RTag
X-RM-Cache-TTL
X-Mg-Request-UUID
Charset
X-DataDome
X-Tumblr-Pixel-1
X-Tumblr-User
Ms-Operation-Id
MS-CV
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Dc
X-Vcl-Version
X-Akamai-Request-ID2
X-AB
X-Storage
X-Server-W
X-ProcessESI
X-INCAP-ABP
X-RemovedCookies
NGB
X-N
X-App-Version
Frame-Options
X-Cache-Status-Check
X-Cache-Time
X-Cache-Hit
X-Request-Bu
X-Request-Site
X-Request-Platform
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Time
Filterid
Accept-Language
Cache
SRV
Refresh
X-Region
X-Real-IP
Protected
X-Node-Name
X-B3-SpanId
X-Fastcgi-Cache
Webserver
CDN-RequestId
Onion-Location
X-Requestid
X-Oracle-Dms-Ecid
Paypal-Debug-Id
X-Ms-Request-Id
X-Ms-Version
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-User-Agent
Cross-Origin-Window-Policy
X-Hcs-Proxy-Type
X-LB-Cache
X-VC-Cache
X-Datadog-Sampling-Priority
X-F-Cache
X-Cache-Expired-At
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Parent-Id
Liferay-Portal
X-HITS
X-WP-CF-Super-Cache-Active
X-IPS-LoggedIn
X-Mode
X-Whom
X-Rocket-Nginx-Serving-Static
Backend
OT-Force-Account-Verify
Xet-Cookie
X-Pass-Why
X-L-Path
Priority
X-Environment-Context
X-HTML-Minification-Powered-By
X-Proxy-Cache-Info
GEO-INFO
X-Cacheable-TTL
X-Tb
X-Service
X-Rule
X-Is-Mobile
X-Is-Desktop
X-Is-Supported-Browser
X-JoinUs
X-Is-Tablet
Meta-Geo
Filters
X-Extlb
X-Browser-Name
X-Cloudmap
X-MP-GENERATED-AT
Fastcgi-Useragent
X-Debug-Info
Url
X-Adobe-Source
X-Detected-As
X-Drupal-Cache-Tags
X-Geo-Region
X-SaId
X-Routing-Service
X-Rn-Rsrv
X-Servername
X-UPSTREAM-Address
X-App-Environment
LB
X-Zipkin-Id
X-Rewrite-Enabled
X-Tcp-Rtt
X-Proxied
X-Logging-Id
Web-Mar-Node
X-Varnish-Beresp-Grace
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Origin-Date
X-Tncms
X-Vcache
X-Handled-By
Atl-Traceid
X-Wix-Request-Id
Country
X-Loop
ServedBy
X-Web-Node
X-Cdn-Origin
X-VC
X-Shopify-Stage
X-Hit
X-Forwarded-Host
X-Endurance-Cache-Level
X-Hosted-By
Mn-Server-Ip
X-ProxyCache-Key
Property-Id
TWC-Connection-Speed
TWC-GeoIP-City
TWC-Device-Class
X-Format
X-Cms-Context
X-Httpd
X-Origin-Hint
Apigw-Requestid
X-Skip-Cache
TWC-GeoIP-Country
X-ProxyCache-Status
Uber-Trace-Id
TWC-GeoIP-DMA
X-Cluster-Node
X-SayCDN-TTL
Webcakes-Region
X-Locale
X-Cluster
X-Cache-Host
X-Cache-Action
X-BYPASS-REASON
X-Restarts
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-Region
TWC-GeoIP-LatLong
TWC-Privacy
X-Director
X-Say-TTL
X-Say-Cacheable
X-Soup
Webcakes-App-Name
X-IPLB-Request-ID
Environment
X-IPLB-Instance
X-Scope-Id
X-Served-From
X-FW-Type
X-S
X-Labrador-Cache-Channel
ServerID
X-Edge-Location
X-FW-Static
X-PHP-Host
X-FW-Version
X-Redis-Cache
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FB-TRIP-ID
X-Fetched-On
Locale
X-Urbn-Site-Id
X-Generation-Time
X-Auth-Group-Type
X-Urbn-Context-Path
X-Origin
X-Origin-Cache
Expiry
X-Connection-Hash
X-RateLimit-Limit-Second
X-Mly-Id
X-Timing-Wait
X-RateLimit-Remaining-Second
X-Proxy-Build
Selected-Fe
Cache-Hits
DB-Nickname
X-ECache
X-Yandex-Req-Id
X-Tumblr-Pixel-2
X-R9-Blue-Green-Version
X-Tumblr-Pixel-3
X-Drupal-Cache-Contexts
X-XRDS-Location
X-GEO
X-Sorting-Hat-PodId
X-VCT
X-RCS-CacheZone
X-Sorting-Hat-ShopId
YJS-CacheStatus
X-ShopId
X-ShardId
X-B3-Traceid
X-No-Session
Front
X-Varnish-Cache-Hits
X-Is-Modern-Browser
X-Cache-Debug
Countrycode
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Age
X-NewRelic-App-Data
X-Source
X-SRV
X-Varnish-Beresp-Ttl
WPO-Cache-Status
Xserver
Node
X-CLOUD-TRACE-CONTEXT
X-UA
X-CDN-Forward
X-Provided-By
X-Is-Mobile-Only
X-Api-Version
X-Lagoon
X-Platform
X-Generated-By
X-Site-Version
X-Webstats-RespID
Cache-Provider
From-Origin
X-Azure-Ref-OriginShield
Cache-Tv-Group
X-Webkit-CSP
X-TA-CDN-Provider
X-Cdn
X-CDN-Cache-Status
X-Accel-Version
Referer-Policy
X-B-Cache
X-Ua
X-Signature
X-CACHE-AGE
X-VC-TTL
X-Xfnlog-Site
CF-IPCountry
Location
X-PHP-Backend
X-NWS-UUID-VERIFY
WPO-Cache-Message
Request-ID
X-TT-LOGID
X-Tx-Id
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Tt-Logid
X-Optimistic-Header
X-Presslabs-Stats
X-Cache-Rule
X-Cache-Operation
CDN-RequestCountryCode
CDN-PullZone
X-Sucuri-Cache
X-Reqid
X-IsAdmin
X-Air-Pt
AMP-Access-Control-Allow-Source-Origin
Candidate-Md5Url
Apple-News-Services-Request-Url
X-Cache-NE
Cdncip
X-Clientip
Cdnsip
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Worker
XM
X-Destination
X-Ec-Fail
Apple-News-Services-Handled
X-Cms-Device
DCR-Decision-By
Ngx.Var.Host
Meta-Geo-Continent
Odigeo-Trace-Id
X-Access
Rendered-Blocks
Sslversion
MD5-Digest
X-Aed
DCR-Processing-Time-Ms
Redirect-Candidate
Expect-Staple
Fastly-SSL
Lang
Origin
X-A-Ccd
X-Rocket-Build-Number
X-A-Dam
X-Request-URI
X-D
X-External-Request-Id
X-Ee-Request-Id
X-Rojux
X-Section
X-Sigma
X-ScT
X-Save-Cache
X-S-Cookie
X-Origin-Expires
X-Old-Content-Length
X-Forwarded-Site
X-AK-Request-ID
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-GeoCode
X-GeoCountry
X-Loc
X-Application
X-Ig-Push-State
X-Ig-Origin-Region
X-B-Cookie
X-Sigma-Backend
X-Viewer-Country
X-A
X-Content-Age
X-Fmm-Version
X-Ec-GeoHdr
X-Conf
X-Vtex-Remote-Cache
X-BCube-Filmed-By
Store-Cloud-Cache
Time-Cloud-Cache
Xc-Version
X-Ee-Generated-By
X-Ee-Origin
X-Core-Value
X-Varnish-Director
X-SRCache-Key
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Ee-Request-Date
X-Vary-Devices
X-Developer
X-VG-WebCache
X-VG-TLSProxy
X-Vdms-Version
X-Bl-Debug
Fl-Custom-Application
X-Fastly-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Frame-Option
X-Sucuri-ID
X-GeoIP-City
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gen-Mode
X-Hash
X-From
X-Fastly-Backend
ServerName
Server-Host
RNT-Time
X-FC-Vary-Parameters
RNT-Machine
Req-Svc-Chain
Origin-EX
X-Moov-T
X-Micro-Cache
X-Moov-Xdn-Caching-Status
Log-Origin
L5d-Success-Class
X-Moov-Xdn-Version
X-Level-Front-Cache
X-Internal-TTL
Origin-Agent-Cluster
Origin-CC
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Human
X-Eu-Site
TDXMobile
X-Action
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-CGP
X-Content-Length
X-Contensis-Viewer-Groups
X-Akamai-Device-Characteristics
X-Cache-Aspx
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Block-Status
X-Bug-Bounty
X-Csrf-Jwt
X-CUA
X-Ec-Custom-Error
X-Depends
X-Epic-Correlation-Id
Thinkindot-CacheControl-Type
L
Thinkindot-CacheControl
X-DefHash
X-DefElseHash
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Web-Mar-Region
User-Cache-Control
X-LSADC-Cache
X-Men
X-Uri
X-V-Cache
X-Varnish-Authentication
IsBot
X-Up
X-UA-Device-Type
X-Thinkindot-L1
X-Thinkindot-L3
Cmstype
Cmsid
CDCHOST
X-Varnish-CookieHashed-On
X-PERF
X-Req
X-SD-PageType
X-Varnish-Hostname
X-PAYTM-SRV-ID
X-Node-Id
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Host-ID
X-ApacheServer
Country-Code
X-Varnish-Beresp-Status
X-Policy
X-Shield-Cache-Expires
DSUID
X-Render-Time
X-Region-Sid
X-Pubstack
X-SIPLIST1
X-Sn-Servicetimems
Ha-Gx-Prefs
Gannett-Cam-Experience-Id
X-Origin-Time
X-Nyt-Route
X-CacheTTL
X-Op-Id-All
X-Amz-Storage-Class
X-Dispatcher-Server
X-HN
X-Backend-Instance
X-Cache-Id
X-NMSegId
X-Via-Fastly
X-Bip
N-Cache
X-Org
X-VarnishDD-TTL
X-Mvc-Supplant-Cachable
X-Cache-FS-Status
X-Cache-Date
X-AB-Test
X-SB
X-We-Are-Hiring
X-Proto
X-Esi-Check
X-Path
X-Ion-Healthy
X-Server-IP
X-Gzip
X-Gdpr
X-Gamma-Serve
X-SVT-ORM-VERSION
X-Thanos
X-DPWN-IS-SECURE
X-Ion-Hop
X-SVT-ORM-RULES
Cluster
X-Jungle-Id
PFcat
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Vercel-Cache
X-Vercel-Id
X-Vmg-Version
X-Date
X-GoCache-CacheStatus
Pragrma
Producers
Azure-InstanceId
Platform
Nord-Request-ID
Origin-Site
Release
RewriteTeamHook
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
RewriteTestHook
Azure-RegionName
Machine
Click-Count-Error
Content-Script-Type
Click-Count-Action-Start
Cache-Contol
C-Via
Content-Style-Type
Azure-Version
Gh-Request-Id
Azure-SiteName
Azure-SlotName
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
V-Age
NM-Fastcgi-Cache
X-App-Name
X-Accel-Expires-Debug
X-Parent-Response-Time
X-VWS-Id
Source
Fastly-Drupal-HTML
X-AWS-Id
X-LJ-Flow-ID
We-Hiring
X-ElasticPress-Query
Mail-Subject
X-Origin-Response-Time
X-Wikidot-Backend
Cdn-Host
Canary
CacheControlHeader
Cdn-Request-Time
X-B3-Trace-ID
X-Wikidot-Static-Cache
X-Litespeed-Cache-Control
X-Proxied-Request
X-Mvc-Supplant-OutputCached
X-Edge-Server
X-ZONE
Sid
X-Pad
X-Location
Powered-By
S-Rt
X-Cs
Debug
X-Litespeed-Tag
X-Cached-By
Vix-Hermes-Req-Id
CloudFront-Viewer-Country
Product
X-TH-Server
X-Refresh
X-NGINX-Cache
X-Upstream-Ht
X-Upstream-Ct
NGX
Mime-Version
Pics-Label
X-Amz-Meta-Cb-Modifiedtime
X-Nananana
X-Via-Poph
HA-Ipaddr
X-Via-Popv
X-Via-Popn
X-ND-Cache
X-Cache-VC
X-HA-Backend
X-APP
X-Servedbyhost
GeoIP-Latitude
X-Varnish-Hits
X-Ah-Environment
X-Nginx-Cache
Cookie
Server-ID
X-AIR-PT
X-DynaTrace-JS-Agent
X-Cdn-Forward
Edge-Cache
X-LB-ID
X-Datadome
X-User
X-Fpc
X-Nc
GeoIp-Country-Code
X-GeoIP
X-Wa
MIME-Version
X-Srv
HostName
X-LB-NoCache
Akamai-Mon-Iucid-Del
X-B3-Parentspanid
Surrogated-Key
WZWS-RAY
X-Request-Start
X-Unity-Cache
DataCenter
SID
X-Nginx-Cache-Key
X-FORWARDED-FOR
X-Debug-Service
X-Zone
X-Scheme
Resin-Trace
Server-Hostname
Server-Ext
True-Client-Country-4JS
Sever-Int
X-VCL-Version
Fastly-Drupal-Html
Load-Balancing
X-Client-Ip
Show-Do-Not-Sell-Link
X-B3-Spanid
Cdn
X-CS
X-Pool
N1-Cache
X-NodeID
Tcn
X-Request-Host
X-Lsadc-Cache
X-RequestId
Wsr-Cache
Sm-Log-Id
NtCoent-Length
X-Cache-Backend
X-Cache-Grace
Traceparent
X-Service-Response-Time
Lb
X-Newrelic-Synthetics
X-Vc
Yjs-Id
X-Vgn-Hpd-Reason
Yak-Timeinfo
X-DataCenter
X-DynaTrace
X-Datacenter
X-Via-SSL
Edge-Copy-Time
X-HOST
X-Via-Edge
X-TX-ID
X-LiteSpeed-Cache-Control
X-Via-CDN
X-Air-Hostname
X-NODE
X-Air-Source
X-Air-Trace-Id
X-Zen-Fury
X-RateLimit-Limit
X-CDN-Provider
Datacenter
X-Geolocation
X-HubSpot-Correlation-Id
Serverhost
Req-ID
X-Jobs
X-API-Version
CDN
X-WA
Cdn-Requestid
X-Udemy-Cache-App-Namespace
Hostname
X-Html-Minification-Powered-By
X-LiteSpeed-Tag
X-Dynatrace-Js-Agent
X-Proxy-Cache-La3
Uri
Xkeylog
X-FPC
XkeyR9
X-NC
X-Proxy-CacheR9
X-ID
Xkey-La3
GeoIP-Country-Code
X-Fastly-Backend-Reqs
A
X-Cdn-Srv
X-Ez-Minify-Html
X-VTEX-Cache-Time
X-VTEX-Cache-Server
Server-Id
True-Client-IP
WP-Super-Cache
X-Lb-Id
X-Powered-By-VTEX-Cache
X-Akamai-Pragma-Client-IP
CountryCode
Esi-Enabled
T-Server
X-Stale
X-TimeS
X-Srcache-Store-Status
X-Ez-Minify-Js
Geoip-Latitude
X-Srcache-Fetch-Status
Proxy-Firewall
X-Via-JSL
On-Server
Cs
RATING
X-Webkit-Csp-Report-Only
X-Lb-Nocache
ServerHost
X-ServedByHost
From-Cache
X-VC-Age
Coldstone-Viewer-Country
Coldstone-Viewer-Currency
X-Varnish-Beresp-TTL
Srv
Coldstone-Viewer-Country-Region-Name
X-WA-Info
X-Swift-Error
X-Oracle-DMS-ECID
WebServer
X-Styx-Info
Cr
Cloudfront-Viewer-Country
X-HA-Device-Type
X-Styx-Origin-Id
X-HA-Bot-Classification
Ngx
X-App
Pramga
X-CSRF-TOKEN
X-HA-Application-Name
X-Ha-Backend
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Correlation-ID
X-Ssense-Shipping-Surcharge-Enabled
Content-Secure-Policy
FSS-Cache
X-TIM-N
X-Via-PopN
X-Ssense-Gql
X-Via-PopH
X-MSEdge-Features
X-Fastly-Cache
X-Via-PopV
BehaviorPad-Version
X-MSEdge-Flight
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Check-Cacheable
W
X-Shopid
X-Var-Ttl
X-Cdn-Cache-Status
X-Geo
X-Shardid
X-Web-Server
X-Th-Server
Cl-Cache
X-Proxy-Cache-LA2
X-Elasticpress-Query
X-Wp-Cf-Super-Cache-Cookies-Bypass
My-App
X-Request-Time
X-Request-Url
X-ATG-Version
X-Nitro-Cache
X-Serial
X-Wp-Cf-Super-Cache-Active
X-DC
Akamai-X-True-TTL
X-Sucuri-Id
Cf-Ipcountry
Xkey-G-Jp
True-Client-Ip
X-Ramcache
User-Agent
X-Cache-TTL-Remaining
X-Mg-Cache
Host-Name
X-Env
X-Fastly-Cache-Status
FSS-Proxy
Bxuuid
X-Fastly-Cache-Hits
Cneonction
Bxpunish