Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
Cf-Request-Id
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
X-Cache-Group
X-Amz-Version-Id
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
P3p
X-Server-Powered-By
Allow
X-Pingback
X-Dns-Prefetch-Control
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-FTR-Request-ID
X-LiteSpeed-Cache
X-Device
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Server-Id
X-Readtime
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Fastly-Restarts
Request-Id
X-Clacks-Overhead
X-Content-Type
X-Country
X-Application-Context
X-PC
X-TtlSet
X-Vname
Rating
X-Times
X-Cnection
X-Cache-TTL
X-ESI
X-Mcache
X-Edge
X-Browser-Type
X-Midtier
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
Surrogate-Key
X-Country-Code-Real
X-FTR-Backend
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-GoogleNews-Bot
X-Exp-Id
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-NWS-LOG-UUID
X-D2id
Verso
X-Ua-Device
X-FastCGI-Cache
X-B3-TraceId
X-Upstream
X-ECACHE
X-ORACLE-DMS-RID
X-Amz-Rid
X-Mod-Pagespeed
Nginx-Cache
X-Navigation-Version
X-Nf-Request-Id
Display
X-Middleton-Display
X-Sol
Pagespeed
X-GitHub-Request-Id
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Akamai-GRN
X-Client-IP
X-Middleton-Response
X-Language
Response
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Envoy-Decorator-Operation
X-Ratelimit-Limit
S
AR-ATIME
Edge-Cache-Tag
X-Goog-Hash
AR-Request-ID
AR-PoweredBy
X-ARC
X-Resp-Is-Stale
X-MS-InvokeApp
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Content-Digest
X-Distributor
SPRequestDuration
SPIisLatency
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
Front-End-Https
X-Cache-Key
X-Dw-Request-Base-Id
X-Ezoic-Cdn
X-NGENIX-Cache
X-Url
X-Recruiting
X-Shield-Request-Id
RTSS
X-Ttl
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Version
X-Oneagent-Js-Injection
Public-Key-Pins
X-MSEdge-Ref
X-T
X-Varnish-TTL
Fastcgi-Cache
X-Forwarded-For
TP-Cache
X-Mg-S
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Correlation-Id
X-Ismobilevalue
X-Fastly-Request-ID
Realpath
X-Cluster-Name
Cache-Tags
X-Cached
X-Server-Name
AR-CACHE
X-CST
X-Newrelic-App-Data
X-Id
X-Ruxit-Js-Agent
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
Payment
X-Ua-Browser
X-DIS-Request-ID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
X-GUploader-UploadID
X-Ratelimit-Remaining
Content-MD5
X-Jurisdiction
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HP-Webp
X-Xrds-Location
X-HS-CF-Cache-Status
X-HS-Prerendered
X-ORACLE-DMS-ECID
Content-Disposition
X-TTL
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-Webkit-Csp
X-RateLimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Px
Cross-Origin-Resource-Policy
X-Page-Id
Cleartype
Accept-Charset
X-Unique-Id
X-Ratelimit-Reset
X-Logged-In
X-Proxy
X-Microsite
X-Protected-By
X-FB-Debug
X-Request-Handler-Origin-Region
X-Git-Hash
X-Az
X-Origin-Server
X-AppVersion
X-Rid
X-Activity-Id
X-VARITI-CCR
X-Load-Cache
Cross-Origin-Embedder-Policy
X-URL
X-Www-Served-By
X-PressLabs-Stats
X-LLID
X-Template
X-Goog-Metageneration
X-Varnish-Backend
X-Server-ID
MicrosoftSharePointTeamServices
YJS-ID
Version
X-Hits
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Server-Node
X-Forwarded-Proto
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
X-SERVER-NAME
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Amzn-RequestId
Ar-SID
X-NF-Request-ID
X-Frontend
X-Hostname
X-Content-Options
X-Varnish-Server
Section-Io-Cache
X-B3-Sampled
X-TT
X-App-Server
X-Varnish-Grace
Viewport
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Status
X-Device-Type
Fastly-SWR
Fastly-SIE
X-B
X-Fb-Rlafr
X-Grace
Access-Control-Allow-Method
Alternate-Protocol
TCN
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Upgrade-Insecure-Requests
X-Request-Device-Id
X-Varnish-Ttl
Healthy
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Request-Guid
Amp-Access-Control-Allow-Source-Origin
X-Wormhole-Sdk
Host
X-Magnolia-Registration
X-Buckets
X-EdgeConnect-Cache-Status
X-Cache-Age
X-COUNTRY
X-CSRF-Token
DC
AR-SID
X-Debug
Retry-After
X-WebKit-CSP-Report-Only
X-Amzn-Remapped-Content-Length
AKAMAI-GRN
X-Contextid
X-Cache-Control
MS-Author-Via
X-Meli-Trace-Platform
X-Revision
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Vcl-Version
X-Instance
X-Response-Served-From
X-Original-Request-Id
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-Is-Bot
X-Type
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Fastcgi-Cache
X-Rendered-As
X-Adobe-Content
X-Adobe-Loc
X-NYM-Debug-Backend
X-Mobile
X-Akamai-Edgescape
X-G
X-Lambda-Id
Access-Control-Request-Headers
X-Origin-TTL
X-Origin-CC
X-Seen-By
SD-X-WS
Section-Io-Id
X-Backend-Name
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-UUID
X-Hl-Ver
X-Mg-Request-UUID
X-Debug-IsConnected
X-Content-Powered-By
Charset
X-Debug-IsPreview
X-Framework
X-Trace-Id
X-ServerID
X-Tumblr-Pixel
X-Cache-Hit
X-Storage
NGB
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Server-W
X-DataDome
X-RM-Cache-TTL
Ms-Operation-Id
X-RTag
X-RemovedCookies
X-ProcessESI
MS-CV
X-Dc
X-INCAP-ABP
X-N
X-App-Version
X-Akamai-Request-ID2
X-AB
X-Cache-Time
Filterid
X-Cache-Status-Check
Refresh
Frame-Options
X-Request-Platform
X-Request-Bu
X-Request-Site
X-Time
Protected
X-Tec-Api-Origin
X-Tec-Api-Root
VIX-Pulpo-Node
X-Tec-Api-Version
VIX-Pulpo-Upstream-Status
Accept-Language
SRV
Cache
X-B3-SpanId
X-Real-IP
X-Region
X-Node-Name
Webserver
X-LB-Cache
CDN-RequestId
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Paypal-Debug-Id
X-User-Agent
Cross-Origin-Window-Policy
Onion-Location
X-Oracle-Dms-Ecid
X-Ms-Version
X-Ms-Request-Id
Liferay-Portal
X-Whom
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Cache-Expired-At
Priority
X-HITS
X-F-Cache
X-VC-Cache
X-HTML-Minification-Powered-By
X-IPS-LoggedIn
X-Mode
OT-Force-Account-Verify
X-Requestid
X-Rocket-Nginx-Serving-Static
Backend
X-Proxy-Cache-Info
X-WP-CF-Super-Cache-Active
Xet-Cookie
X-Pass-Why
GEO-INFO
X-App-Environment
X-Cacheable-TTL
X-Tb
X-L-Path
X-Environment-Context
X-Service
X-FW-Version
X-FW-Type
X-FW-Dynamic
X-Drupal-Cache-Tags
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Server
X-Routing-Service
X-Rn-Rsrv
X-Rewrite-Enabled
Filters
X-Servername
X-Adobe-Source
X-Proxied
X-Loop
LB
X-Handled-By
ServerID
X-Vcache
X-Cloudmap
X-Zipkin-Id
X-Debug-Info
X-Detected-As
X-UPSTREAM-Address
X-Extlb
X-MP-GENERATED-AT
Web-Mar-Node
Meta-Geo
X-Tncms
X-JoinUs
Fastcgi-Useragent
X-SaId
Url
X-Endurance-Cache-Level
X-Is-Mobile
X-Is-Desktop
TWC-GeoIP-LatLong
TWC-Locale-Group
ServedBy
TWC-GeoIP-Region
X-IPLB-Instance
X-Director
Webcakes-App-Name
TWC-GeoIP-Country
X-Is-Supported-Browser
X-Web-Node
X-Restarts
X-Browser-Name
TWC-GeoIP-City
TWC-Device-Class
Property-Id
X-Is-Tablet
TWC-Connection-Speed
X-Cache-Host
X-IPLB-Request-ID
TWC-GeoIP-DMA
X-Hosted-By
X-Geo-Region
X-Rule
X-Logging-Id
X-Hit
X-Locale
X-VC
Webcakes-Region
X-Tcp-Rtt
Country
X-Shopify-Stage
Webcakes-App-Version
X-Forwarded-Host
X-Origin-Hint
TWC-Privacy
X-Varnish-Beresp-Grace
X-Storefront-Renderer-Rendered
X-Format
X-Origin-Date
X-Alternate-Cache-Key
Atl-Traceid
X-Wix-Request-Id
X-BYPASS-REASON
Mn-Server-Ip
Uber-Trace-Id
X-Cache-Action
Apigw-Requestid
X-Httpd
X-Soup
X-Skip-Cache
X-Generation-Time
X-SayCDN-TTL
X-Say-Cacheable
X-Cluster
X-ProxyCache-Key
X-ProxyCache-Status
X-Cdn-Origin
X-Scope-Id
X-Say-TTL
Environment
X-Cms-Context
X-Cluster-Node
X-Edge-Location
X-Redis-Cache
X-S
X-RateLimit-Limit-Second
X-PHP-Host
X-Labrador-Cache-Channel
X-Served-From
X-FB-TRIP-ID
X-RateLimit-Remaining-Second
X-Drupal-Cache-Contexts
X-R9-Blue-Green-Version
X-Mly-Id
X-Fetched-On
X-Auth-Group-Type
X-Connection-Hash
X-Timing-Wait
X-Tumblr-Pixel-2
X-Origin
X-Tumblr-Pixel-3
X-Proxy-Build
Cache-Hits
Expiry
Selected-Fe
DB-Nickname
X-Source
Locale
X-Urbn-Site-Id
X-ECache
X-Urbn-Context-Path
X-XRDS-Location
X-Origin-Cache
X-GEO
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Varnish-Cache-Hits
X-No-Session
X-RCS-CacheZone
X-VCT
X-Cache-Debug
Front
Request-ID
X-UA
X-Varnish-Age
Countrycode
YJS-CacheStatus
WPO-Cache-Status
X-Yandex-Req-Id
X-Lagoon
X-Is-Modern-Browser
X-Varnish-Beresp-Ttl
X-SRV
X-CDN-Forward
Node
X-CLOUD-TRACE-CONTEXT
Xserver
X-Api-Version
X-Webstats-RespID
X-WP-CF-Super-Cache-Cookies-Bypass
X-Site-Version
X-TA-CDN-Provider
X-Provided-By
X-Platform
From-Origin
Cache-Provider
X-Generated-By
X-Is-Mobile-Only
X-Azure-Ref-OriginShield
X-Accel-Version
X-Cdn
Referer-Policy
Cache-Tv-Group
X-B3-Traceid
X-TT-LOGID
X-VC-TTL
X-Xfnlog-Site
X-Signature
X-NewRelic-App-Data
X-B-Cache
X-CACHE-AGE
X-CDN-Cache-Status
CF-IPCountry
WPO-Cache-Message
X-Air-Pt
X-Sucuri-Cache
X-Reqid
X-Ua
X-Tx-Id
X-Sucuri-ID
Location
CDN-RequestCountryCode
X-NWS-UUID-VERIFY
CDN-RequestPullCode
X-Presslabs-Stats
CDN-RequestPullSuccess
X-PHP-Backend
CDN-Uid
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Cache-Operation
X-Cache-Rule
X-Tb-Optimization-Total-Bytes-Saved
X-Content-Age
X-IsAdmin
AMP-Access-Control-Allow-Source-Origin
X-Frame-Option
X-Auto-Login
X-Action
X-Loc
X-Micro-Cache
DCR-Processing-Time-Ms
Fastly-SSL
X-Application
X-HS-Content-Campaign-Id
X-Ig-Origin-Region
Fl-Custom-Application
Expect-Staple
X-Optimistic-Header
DCR-Decision-By
X-Aed
X-Ig-Push-State
X-AK-Request-ID
X-Fmm-Version
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Developer
X-Destination
X-Depends
X-D
Candidate-Md5Url
X-Contensis-Viewer-Groups
X-Conf
X-Clientip
Cdncip
X-Ec-Fail
X-Bl-Debug
X-Forwarded-Site
X-GeoCode
X-GeoCountry
X-BCube-Filmed-By
XM
X-Cache-Aspx
X-Ec-GeoHdr
Cdnsip
X-External-Request-Id
X-Cache-NE
X-B-Cookie
X-A-Dam
X-VG-TLSProxy
X-Sigma
Ngx.Var.Host
X-Vdms-Version
X-Sigma-Backend
X-Slack-Backend
X-VG-WebCache
Meta-Geo-Continent
X-Slack-Shared-Secret-Outcome
X-Section
X-Request-URI
X-Varnish-Director
X-Rocket-Build-Number
X-S-Cookie
Odigeo-Trace-Id
X-Fastly-Request-Id
Origin
X-ScT
Web-Mar-Region
MD5-Digest
X-Varnish-Authentication
RNT-Machine
X-A-Dgt
X-A-Dcw
X-A-Wwc
Redirect-Candidate
X-Access
Xc-Version
Rendered-Blocks
RNT-Time
X-A-Ccd
Log-Origin
X-Vtex-Remote-Cache
X-A
Sslversion
X-Origin-Expires
X-Old-Content-Length
Lang
X-SRCache-Key
X-Rojux
X-Tt-Logid
X-Akamai-Device-Characteristics
X-App-Name
Wxu-Next-Region
X-Backend-Instance
ServerName
X-Content-Length
X-Accel-Expires-Debug
Req-Svc-Chain
X-Aicache-OS
Wxu-Next-Hostname
TDXMobile
Thinkindot-CacheControl-Type
X-Bug-Bounty
User-Cache-Control
V-Age
X-Block-Status
X-Acquia-Purge-Cdn-Unconfigured
X-BBC-Edge-Cache-Status
Wxu-Next-Commit
Thinkindot-CacheControl
X-CGP
X-GeoIP-Region-Code
X-Path
X-Save-Cache
X-PAYTM-SRV-ID
X-Policy
X-Region-Sid
X-Pubstack
X-Origin-Time
X-We-Are-Hiring
X-Vary-Devices
X-Viewer-Country
X-Worker
X-Moov-Xdn-Version
X-Nyt-Route
X-Node-Id
X-Req
X-Varnish-Remaining-TTL
X-V-Cache
X-Sn-Servicetimems
X-Thinkindot-L1
X-Thinkindot-L3
X-Up
X-Uri
X-SIPLIST1
X-Shield-Cache-Expires
X-Varnish-CookieINHashed-On
X-Varnish-Hostname
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-SD-PageType
X-Moov-Xdn-Caching-Status
X-Ee-Request-Id
X-From
X-FC-Vary-Parameters
X-Gdpr
X-Gen-Mode
X-Ee-Request-Date
X-GeoIP-City
X-Fastly-Backend
X-Eu-Site
X-Date
X-CUA
X-DefElseHash
X-DefHash
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-Ee-Origin
X-GeoIP-Country-Code
X-Men
X-Internal-TTL
X-Cms-Device
Time-Cloud-Cache
Store-Cloud-Cache
X-Moov-T
X-Core-Value
X-Ee-Generated-By
X-GoCache-CacheStatus
X-UA-Device-Type
X-Hash
X-Hnp-Log
X-Human
X-Csrf-Jwt
X-Bc-Bl
X-Litespeed-Tag
L
IsBot
DSUID
Gh-Request-Id
X-LSADC-Cache
Azure-InstanceId
Azure-Version
Gannett-Cam-Experience-Id
L5d-Success-Class
Azure-SlotName
Origin-Agent-Cluster
Cmsid
Cmstype
CDCHOST
Ha-Gx-Prefs
Cluster
Azure-SiteName
Origin-CC
Origin-EX
Country-Code
Azure-RegionName
Cdn-Request-Time
Cdn-Host
Click-Count-Error
X-Cache-Date
X-ApacheServer
X-Bip
X-Cache-FS-Status
X-PERF
X-Thanos
X-CacheTTL
X-Cache-Id
Click-Count-Action-Start
X-SVT-ORM-VERSION
X-Op-Id-All
X-Org
X-Esi-Check
X-NMSegId
X-Mvc-Supplant-Cachable
X-HN
X-Gamma-Serve
X-Render-Time
X-Proto
X-Edge-Server
X-SVT-ORM-RULES
X-VarnishDD-TTL
C-Via
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-SB
X-Server-IP
Release
CacheControlHeader
X-Vercel-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Tube-Return
Tube-Got-Results
We-Hiring
NM-Fastcgi-Cache
N-Cache
RewriteTestHook
X-Gzip
Tube-Got-Eval
Tube-Get-Contents
Pragrma
Producers
X-Jungle-Id
X-Level-Front-Cache
Platform
X-Ion-Hop
X-Generated-On
X-Ion-Healthy
PFcat
Mail-Subject
Server-Host
X-Vmg-Version
Host-ID
Machine
X-Wikidot-Backend
Content-Style-Type
X-B3-Trace-ID
X-Vercel-Id
X-Via-Fastly
Content-Script-Type
X-Wikidot-Static-Cache
X-Amz-Storage-Class
Nord-Request-ID
Fastly-Backend-Name
RewriteTeamHook
Cache-Contol
X-AB-Test
Fastly-GeoIP-CountryCode
X-Parent-Response-Time
Fastly-Drupal-HTML
Origin-Site
X-TH-Server
X-Proxied-Request
X-Location
Canary
X-Origin-Response-Time
Source
X-Mvc-Supplant-OutputCached
X-VWS-Id
X-LJ-Flow-ID
X-Cs
X-AWS-Id
Product
X-Litespeed-Cache-Control
Debug
X-ElasticPress-Query
X-ZONE
X-Pad
Sid
X-Cached-By
Powered-By
NGX
X-Amz-Meta-Cb-Modifiedtime
S-Rt
HA-Ipaddr
X-NGINX-Cache
CloudFront-Viewer-Country
X-Refresh
Vix-Hermes-Req-Id
X-Via-Popn
X-Via-Popv
X-Cache-VC
X-Via-Poph
X-APP
X-Upstream-Ct
X-Upstream-Ht
Pics-Label
X-ND-Cache
X-Varnish-Hits
X-Nananana
X-Servedbyhost
GeoIP-Latitude
X-Nginx-Cache
Mime-Version
X-HA-Backend
X-Ah-Environment
Server-ID
Cookie
Edge-Cache
X-User
X-Cdn-Forward
X-LB-ID
X-Datadome
MIME-Version
X-GeoIP
X-Wa
X-Srv
X-AIR-PT
X-LB-NoCache
X-Nc
X-Fpc
Akamai-Mon-Iucid-Del
X-DynaTrace-JS-Agent
GeoIp-Country-Code
Surrogated-Key
SID
X-Webkit-CSP
HostName
WZWS-RAY
X-Zone
X-Request-Start
X-FORWARDED-FOR
X-Scheme
X-B3-Parentspanid
Resin-Trace
X-Unity-Cache
DataCenter
X-Nginx-Cache-Key
X-Debug-Service
X-Client-Ip
Fastly-Drupal-Html
N1-Cache
True-Client-Country-4JS
Server-Ext
X-NodeID
Server-Hostname
X-Pool
X-Request-Host
Sever-Int
X-CS
X-RequestId
Sm-Log-Id
X-Cache-Grace
X-Service-Response-Time
Show-Do-Not-Sell-Link
X-DynaTrace
X-LiteSpeed-Cache-Control
Tcn
Cdn
Load-Balancing
X-Lsadc-Cache
X-VCL-Version
X-Vgn-Hpd-Reason
Lb
NtCoent-Length
X-Cache-Backend
Wsr-Cache
Yak-Timeinfo
X-DataCenter
X-ID
X-Vc
X-B3-Spanid
X-Air-Source
X-Air-Hostname
Yjs-Id
X-Air-Trace-Id
X-Newrelic-Synthetics
Traceparent
X-Via-Edge
X-Via-SSL
X-Zen-Fury
X-TX-ID
X-Geolocation
X-Via-CDN
X-Datacenter
X-HOST
Edge-Copy-Time
X-NODE
X-Jobs
Datacenter
Req-ID
X-API-Version
X-HubSpot-Correlation-Id
X-RateLimit-Limit
X-Fastly-Backend-Reqs
X-Dynatrace-Js-Agent
X-Cdn-Srv
Cdn-Requestid
X-WA
Serverhost
Hostname
X-CDN-Provider
CDN
X-LiteSpeed-Tag
XkeyR9
Xkeylog
X-Proxy-Cache-La3
X-VTEX-Cache-Server
X-Ez-Minify-Js
Xkey-La3
GeoIP-Country-Code
X-NC
X-FPC
X-Powered-By-VTEX-Cache
X-Proxy-CacheR9
X-Udemy-Cache-App-Namespace
Uri
WP-Super-Cache
X-VTEX-Cache-Time
X-Webkit-Csp-Report-Only
A
True-Client-IP
Server-Id
X-Lb-Id
X-Akamai-Pragma-Client-IP
X-Html-Minification-Powered-By
CountryCode
X-Stale
Proxy-Firewall
On-Server
RATING
Coldstone-Viewer-Country-Region-Name
X-Wp-Cf-Super-Cache
T-Server
X-Wp-Cf-Super-Cache-Cache-Control
X-WA-Info
Coldstone-Viewer-Country
Coldstone-Viewer-Currency
Geoip-Latitude
X-TimeS
X-Swift-Error
Esi-Enabled
X-Lb-Nocache
X-ServedByHost
Srv
From-Cache
ServerHost
X-Varnish-Beresp-TTL
Cs
WebServer
X-Oracle-DMS-ECID
BehaviorPad-Version
Cloudfront-Viewer-Country
X-VC-Age
X-App
X-Via-JSL
X-Ha-Backend
X-CSRF-TOKEN
X-LAGOON
X-Styx-Info
FSS-Cache
Ngx
X-Via-PopN
X-Styx-Origin-Id
X-MSEdge-Features
X-Wp-Cf-Super-Cache-Active
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
X-MSEdge-Flight
X-Via-PopV
X-Wp-Cf-Super-Cache-Cookies-Bypass
Cr
X-Web-Server
Pramga
X-Via-PopH
X-HA-Application-Name
X-HA-Device-Type
X-HA-Bot-Classification
X-Fastly-Cache
X-Correlation-ID
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Ez-Minify-Html
X-Elasticpress-Query
Content-Secure-Policy
X-TIM-N
X-Var-Ttl
X-Cdn-Cache-Status
X-Nitro-Cache
X-Sorting-Hat-Shopid
X-Request-Time
X-Shardid
X-Check-Cacheable
X-Sorting-Hat-Podid
X-Geo
X-Shopid
X-Serial
X-Proxy-Cache-LA2
My-App
X-Ramcache
W
User-Agent
X-DC
X-Request-Url
X-Th-Server
Akamai-X-True-TTL
X-ATG-Version
X-Fastly-Cache-Status
True-Client-Ip
Cf-Ipcountry
X-VServer
Bxpunish
Bxuuid
X-Env
Host-Name
X-Cache-TTL-Remaining
X-Mg-Cache
X-Fastly-Cache-Hits
X-Sucuri-Id
Warning
Ohc-Cache-HIT
FSS-Proxy
Cneonction
Ohc-File-Size
X-Platform-Server
X-Beacon