Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Accept-CH
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
X-AspNet-Version
X-Drupal-Cache
Server-Timing
P3p
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
Permissions-Policy
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Feature-Policy
Accept-CH-Lifetime
X-Content-Security-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
Access-Control-Max-Age
X-AspNetMvc-Version
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Backend
X-UA-Device
X-Amz-Id-2
Cf-Apo-Via
X-Hacker
X-Age
X-Cache-Group
X-Vhost
X-Proxy-Cache
X-Turbo-Charged-By
EagleId
Keep-Alive
X-Rq
X-Via
X-Dispatcher
X-Server
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
Xkey
X-Varnish-Cache
X-WebKit-CSP
X-Litespeed-Cache
Grace
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Swift-SaveTime
X-Swift-CacheTime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Page-Speed
X-Cache-Lookup
X-Cloud-Trace-Context
X-Check
X-Dns-Prefetch-Control
X-Device
X-Akam-SW-Version
X-Backend-Server
X-Host
Surrogate-Control
EagleEye-TraceId
X-Response-Time
X-Readtime
Cf-Railgun
X-HW
X-Node
X-Ruxit-JS-Agent
Request-Id
X-Server-Id
X-LiteSpeed-Cache
X-Country
X-Country-Code
Content-Location
X-Nginx-Cache-Status
Cache-Tag
X-Content-Type
X-Nginx-Upstream-Cache-Status
X-Url
Service-Worker-Allowed
Fastly-Restarts
X-Trace
X-Clacks-Overhead
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Application-Context
X-Amz-Server-Side-Encryption
X-Times
X-NWS-LOG-UUID
X-Vname
Surrogate-Key
X-PC
X-TtlSet
Rating
X-Edge
X-Mcache
X-Midtier
X-Server-Name
X-Cache-TTL
X-Sol
Pagespeed
Display
X-Middleton-Display
X-Cnection
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja
X-Browser-Type
X-GitHub-Request-Id
X-ESI
Nginx-Cache
X-Vcap-Request-Id
Edge-Control
X-ECACHE
X-Ac
Verso
X-MS-InvokeApp
X-D2id
X-Server-ID
X-Ser
X-Oneagent-Js-Injection
X-Amz-Rid
X-Client-IP
X-ORACLE-DMS-RID
X-Wormhole-Sdk
Response
X-Middleton-Response
X-FTR-Request-ID
X-Ratelimit-Limit
X-Goog-Hash
X-CST
X-Powered-CMS
X-ARC
X-B3-TraceId
X-Ruxit-Js-Agent
X-Dw-Request-Base-Id
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Remaining
X-Upstream
X-Navigation-Version
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Forwarded-For
Origin-Trial
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Cache-Key
X-Content-Digest
X-FastCGI-Cache
Edge-Cache-Tag
RTSS
Cache-Status
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
Public-Key-Pins
X-Ezoic-Cdn
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-Version
X-Ttl
X-Daa-Tunnel
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Fastly-Request-ID
X-Mg-S
Realpath
X-ORACLE-DMS-ECID
X-MSEdge-Ref
X-Shield-Request-Id
X-T
Front-End-Https
S
X-Recruiting
Fastcgi-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Distributor
Cross-Origin-Resource-Policy
X-Xrds-Location
X-Cached
AR-CACHE
Arr-Disable-Session-Affinity
X-Azure-Ref
Access-Control-Request-Method
X-TTL
Akamai-GRN
X-Request-Received
X-Correlation-Id
X-Request-Processing-Time
Count-Hit
TP-Cache
Cache-Tags
X-Id
X-HS-Hub-Id
X-Ua-Browser
X-HS-Content-Id
X-HS-Cache-Config
X-Debug
X-Ismobilevalue
X-Cluster-Name
X-TraceId
X-LLID
X-NGENIX-Cache
X-Newrelic-App-Data
X-Nf-Request-Id
X-Varnish-TTL
Server-Node
X-PressLabs-Stats
X-Ah-Environment
MicrosoftSharePointTeamServices
X-GUploader-UploadID
X-Aspnetmvc-Version
X-Content-Security-Policy-Report-Only
X-Frontend
X-Hits
X-Protected-By
X-Varnish-Backend
Accept-Ch
X-VARITI-CCR
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Goog-Metageneration
X-LB-Cache
X-Request-Handler-Origin-Region
X-Microsite
X-DIS-Request-ID
X-Page-Id
X-Unique-Id
Payment
X-Ratelimit-Reset
X-Git-Hash
X-FB-Debug
Cleartype
X-Logged-In
X-Varnish-Server
X-Az
X-AppVersion
X-Activity-Id
X-Tt-Trace-Tag
X-Www-Served-By
Content-Disposition
X-Tt-Trace-Host
X-Hostname
X-Cambria-Cache-Control
X-Fastcgi-Cache
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Template
Host
X-Varnish-Ttl
X-Amzn-RequestId
X-Amz-Apigw-Id
Filterid
Amp-Access-Control-Allow-Source-Origin
X-Forwarded-Proto
X-App-Server
X-Geo-Country
Version
X-Aspnet-Version
Accept-Charset
X-Load-Cache
X-ASPNET-VERSION
X-Envoy-Decorator-Operation
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Cache-Age
MRF-Tech
Trailer
X-Source
X-B3-TraceId-Primal
Frame-Options
Mrf-Cache-Status
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastly-SWR
Fastly-SIE
X-Type
Access-Control-Allow-Method
X-Content-Options
Section-Io-Cache
X-Upgrade-Enabled
Viewport
X-TT
X-Fb-Rlafr
Server-Name
X-HS-Prerendered
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-B
X-B3-Sampled
X-TEC-API-ROOT
X-Origin-Server
X-Grace
X-Language
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-FTR-Backend-Server
X-Cache-Control
X-Device-Type
X-Buckets
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Rid
X-Px
Retry-After
X-Cdn
MS-Author-Via
Content-MD5
X-Mobile
X-Magnolia-Registration
X-Request-Guid
X-Vcl-Version
TCN
X-EdgeConnect-Cache-Status
X-Trace-Id
X-Varnish-Grace
X-Revision
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Akamai-Edgescape
Protected
Healthy
X-WP-CF-Super-Cache-Active
X-Backend-Name
Cross-Origin-Embedder-Policy-Report-Only
Upgrade-Insecure-Requests
Charset
X-RM-Cache-TTL
X-Original-Request-Id
X-Response-Served-From
X-App-Environment
X-Debug-Info
SD-X-WS
X-Proxy
X-Instance
X-NYM-Debug-Backend
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Status
X-ServerID
X-ProcessESI
X-RemovedCookies
X-Rendered-As
X-Is-Bot
X-Framework
X-Cacheable-TTL
Cross-Origin-Window-Policy
Access-Control-Request-Headers
NGB
X-Adobe-Content
X-Cache-Time
X-Adobe-Loc
X-CSRF-Token
X-FW-Server
X-FW-Type
X-FW-Version
X-Storage
X-Rule
X-FW-Static
X-Region
X-FW-Serve
X-Node-Name
X-Mg-Request-UUID
X-FW-Dynamic
X-FW-Hash
X-Edge-Location
Refresh
X-Whom
Ms-Operation-Id
MS-CV
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Content-Powered-By
X-RTag
X-Proxy-Cache-Info
X-Debug-IsConnected
X-Datadog-Trace-Id
X-Debug-IsPreview
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-UUID
GEO-INFO
X-G
OT-Force-Account-Verify
X-Lambda-Id
X-Environment-Context
X-L-Path
X-Resp-Is-Stale
Section-Io-Id
Webserver
X-Contextid
X-B3-Traceid
X-Reqid
X-Amzn-Remapped-Content-Length
X-TT-LOGID
Countrycode
DC
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Origin-Cache
X-User-Agent
X-Server-W
X-HTML-Minification-Powered-By
Paypal-Debug-Id
X-Amz-Meta-S3cmd-Attrs
X-VC
X-RateLimit-Remaining
X-ECache
Alternate-Protocol
X-Real-IP
X-WebKit-CSP-Report-Only
Front
SRV
X-Time
Cross-Origin-Opener-Policy-Report-Only
X-B3-SpanId
Priority
X-DataDome
X-HS-CF-Cache-Status
X-Seen-By
Ohc-File-Size
WPO-Cache-Status
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
Accept-Ch-Lifetime
X-Rocket-Nginx-Serving-Static
Liferay-Portal
X-Nginx-Cache
X-Origin-TTL
X-Mode
X-Origin-CC
Xet-Cookie
X-Hl-Ver
Backend
X-IPS-LoggedIn
Onion-Location
X-Akamai-Request-ID2
X-Rn-Rsrv
X-Say-TTL
X-Tumblr-Pixel-3
TWC-GeoIP-LatLong
X-Rewrite-Enabled
X-Tumblr-Pixel-2
X-NODE
X-Say-Cacheable
TWC-Device-Class
TWC-Connection-Speed
ServerID
X-Redis-Cache
TWC-GeoIP-Country
X-AB
X-SaId
Webcakes-App-Version
Fastcgi-Useragent
X-Origin-Hint
Web-Mar-Node
Property-Id
X-Format
X-FB-TRIP-ID
X-JoinUs
TWC-Privacy
X-Cache-Host
X-Cache-Action
X-UPSTREAM-Address
Webcakes-Region
Webcakes-App-Name
Meta-Geo
Filters
X-SayCDN-TTL
TWC-Locale-Group
X-IPLB-Request-ID
DB-Nickname
From-Origin
X-Labrador-Cache-Channel
Expiry
Mn-Server-Ip
X-Hosted-By
X-Fetched-On
X-Director
X-Origin-Date
X-Vcache
X-VC-Cache
X-Detected-As
X-Connection-Hash
Uber-Trace-Id
X-Cache-Expired-At
X-Cluster-Node
X-Cms-Context
X-Handled-By
X-Varnish-Age
X-Scope-Id
X-Restarts
X-Tncms
X-Soup
X-R9-Blue-Green-Version
X-IPLB-Instance
X-Ms-Version
X-Ms-Request-Id
X-Loop
X-PHP-Host
X-Skip-Cache
Country
X-DynaTrace
X-N
Environment
X-Tb
X-Cache-Status-Check
X-Frame-Option
X-Logging-Id
X-Adobe-Source
X-BYPASS-REASON
X-Httpd
Atl-Traceid
Apigw-Requestid
X-Forwarded-Host
X-Accel-Version
X-Webstats-RespID
Url
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Servername
X-Web-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Auth-Group-Type
X-Timing-Wait
ServedBy
X-Cluster
Selected-Fe
X-Proxy-Build
X-Served-From
X-Cloudmap
X-Zipkin-Id
X-S
X-Routing-Service
X-Proxied
X-Extlb
X-Origin
Surrogated-Key
X-Hit
X-Azure-Ref-OriginShield
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
Cross-Origin-Embedder-Policy
X-SRV
X-LSADC-Cache
LB
X-CDN-Forward
X-Worker
Accept-Language
X-Cache-Hit
X-Request-URI
X-Lagoon
X-Sucuri-Cache
Referer-Policy
N-Cache
X-Generation-Time
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Generated-By
X-Fastly-Request-Id
X-App-Version
X-Cdn-Origin
X-Sucuri-ID
X-MP-GENERATED-AT
Xserver
CDN-RequestId
X-Oracle-Dms-Ecid
CF-IPCountry
Ohc-Cache-HIT
X-Xfnlog-Site
X-Tx-Id
X-URL
X-TA-CDN-Provider
Node
X-F-Cache
Source
VIX-Pulpo-Node
X-AIR-PT
X-Mly-Id
VIX-Pulpo-Upstream-Status
X-VC-TTL
Edge-Copy-Time
X-Via-CDN
X-Wix-Request-Id
Cache
X-Via-Edge
X-Via-SSL
X-Cache-Rule
X-Cache-Debug
X-UA
X-RCS-CacheZone
X-INCAP-ABP
X-Varnish-Beresp-Ttl
Cache-Provider
X-XRDS-Location
X-Site-Version
X-Pad
X-VCT
X-Locale
X-GEO
X-ElasticPress-Query
Apple-News-Services-Request-Url
Lang
X-A
We-Hiring
Sslversion
Mail-Subject
Fl-Custom-Application
L5d-Success-Class
Apple-News-Services-Parsed-Url
Wxu-Next-Hostname
Ha-Gx-Prefs
Wxu-Next-Region
Wxu-Next-Commit
HA-Ipaddr
Web-Mar-Region
Apple-News-Services-Host
MD5-Digest
Meta-Geo-Continent
Odigeo-Trace-Id
DCR-Decision-By
DCR-Processing-Time-Ms
Origin
Cluster
PFcat
Redirect-Candidate
Candidate-Md5Url
Ngx.Var.Host
Fastly-GeoIP-CountryCode
Fastly-SSL
Fastly-Backend-Name
Rendered-Blocks
BehaviorPad-Version
Expect-Staple
Producers
X-Bug-Bounty
X-Jobs
X-Is-Tablet
X-Is-Supported-Browser
X-Mvc-Supplant-Cachable
X-Nyt-Route
X-Org
X-Op-Id-All
X-Is-Mobile
X-Is-Desktop
X-Geolocation
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-HN
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Ig-Origin-Region
X-Origin-Time
X-Path
X-Tcp-Rtt
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-VarnishDD-TTL
X-Vdms-Version
Xc-Version
X-Vtex-Remote-Cache
X-Section
X-SD-PageType
X-Proto
X-Platform-Server
X-PAYTM-SRV-ID
X-Proxied-Request
X-Rojux
X-ScT
X-S-Cookie
X-GeoCountry
X-GeoCode
X-BCube-Filmed-By
X-Bc-Bl
X-Backend-Instance
X-Bl-Debug
X-Browser-Name
X-Cache-Grace
Apple-News-Services-Handled
X-B-Cookie
X-Application
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Wwc
X-Access
X-Aicache-OS
X-Aed
X-Cache-NE
X-Cache-Operation
X-Eu-Site
X-Ec-GeoHdr
X-Ec-Fail
X-External-Request-Id
X-FC-Vary-Parameters
X-Geo-Region
X-Gdpr
X-DPWN-IS-SECURE
X-Developer
X-CGP
X-Cached-By
X-Conf
X-Csrf-Jwt
X-Destination
X-D
X-A-Ccd
X-AB-Test
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-NWS-UUID-VERIFY
X-No-Session
X-Node-Id
X-NMSegId
X-Mvc-Supplant-OutputCached
X-NodeID
Req-Svc-Chain
X-Origin-Expires
RNT-Machine
X-Micro-Cache
X-Location
X-AK-Request-ID
X-Akamai-Device-Characteristics
Product
X-Accel-Expires-Debug
X-Loc
X-Level-Front-Cache
X-Platform
X-Policy
TDXMobile
Thinkindot-CacheControl
X-Request-Time
X-SB
X-Shield-Cache-Expires
X-DefHash
Thinkindot-CacheControl-Type
RNT-Time
X-Amz-Meta-Cb-Modifiedtime
V-Age
User-Cache-Control
X-Powered-By-VTEX-Cache
X-Request-Host
X-Req
X-Signature
X-App-Name
X-Esi-Check
X-Clientip
X-Epic-Correlation-Id
X-Fastly-Backend
X-CacheTTL
X-Gamma-Serve
X-Fmm-Version
X-Content-Age
X-Content-Length
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefElseHash
X-Date
X-Dispatcher-Server
X-Ec-Custom-Error
X-CUA
X-Gen-Mode
X-Cache-Info
X-B3-Trace-ID
X-Hnp-Log
X-BBC-Edge-Cache-Status
X-Human
X-B-Cache
X-Thinkindot-L3
X-Auto-Login
X-Hash
X-Gzip
X-Cache-Date
X-Generated-On
X-Cache-Id
X-GeoIP
X-GeoIP-City
X-GoCache-CacheStatus
X-Block-Status
X-Amz-Storage-Class
X-Scheme
NM-Fastcgi-Cache
X-VTEX-Cache-Time
Azure-Version
Azure-SlotName
Cdnsip
L
Azure-SiteName
X-Varnish-CookieHashed-On
Canary
X-Varnish-CookieINHashed-On
X-Varnish-Director
X-Varnish-Remaining-TTL
Cdncip
Debug
CDCHOST
Content-Style-Type
X-V-Cache
Origin-Agent-Cluster
X-Vmg-Version
Host-ID
Platform
X-VServer
Gh-Request-Id
Gannett-Cam-Experience-Id
X-VTEX-Cache-Server
X-Viewer-Country
X-User
X-Wikidot-Backend
Azure-InstanceId
Azure-RegionName
X-Wikidot-Static-Cache
X-VG-WebCache
X-Via-Fastly
X-Zen-Fury
Content-Script-Type
Akamai-Mon-Iucid-Del
X-ShardId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Ua-Device
X-ShopId
X-Internal-TTL
Country-Code
X-Bip
Content-Secure-Policy
Yak-Timeinfo
X-Cache-FS-Status
X-Core-Value
X-Contensis-Viewer-Groups
X-TH-Server
X-Litespeed-Tag
X-Depends
X-Edge-Server
X-Cdn-Srv
Click-Count-Action-Start
X-Cache-Aspx
Cdn-Request-Time
Cdn-Host
Click-Count-Error
X-Acquia-Purge-Cdn-Unconfigured
X-UA-Device-Type
NGX
X-Varnish-Beresp-Status
X-Pubstack
Req-ID
Tube-Got-Eval
Tube-Get-Contents
X-Request-Start
X-Varnish-Authentication
X-Sn-Servicetimems
Server-Host
Origin-EX
Origin-CC
ServerName
X-Server-IP
Tube-Return
Tube-Got-Results
Release
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-We-Are-Hiring
X-Thanos
X-IsAdmin
X-Men
XM
X-Pool
DSUID
X-VG-TLSProxy
W
X-TIM-N
X-Origin-Response-Time
Mime-Version
X-Service
X-Via-JSL
X-SIPLIST1
X-Vgn-Hpd-Reason
X-Tb-Optimization-Total-Bytes-Saved
CDN-RequestCountryCode
CDN-CachedAt
X-LB-NoCache
CDN-Cache
CDN-EdgeStorageId
X-NGINX-Cache
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-PullZone
CDN-Uid
X-Irp-Debug
X-RID
Ssr
X-HOST
IsBot
User-Agent
Fastly-Drupal-HTML
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Moov-Xdn-Version
X-Var-Ttl
X-Varnish-Hits
X-Varnishpool
X-Old-Content-Length
X-CACHE-GROUP
Sid
X-Cs
GeoIP-Latitude
N1-Cache
Pramga
X-DC
X-HubSpot-Correlation-Id
X-Refresh
X-Servedbyhost
X-Proxy-Cache-Status
X-ORCA-Accelerator
CloudFront-Viewer-Country
X-HITS
X-ZONE
X-RequestId
X-Action
X-Api-Version
X-Nc
X-Wa
X-APP
Esi-Enabled
TWC-GeoIP-Region
TWC-GeoIP-DMA
Cache-Hits
TWC-GeoIP-City
X-Upstream-Ct
Server-ID
X-Via-Poph
X-Vercel-Cache
X-HA-Backend
C-Via
Location
X-Thinkindot-L1
X-Cache-VC
X-LiteSpeed-Tag
X-Vercel-Id
X-Upstream-Ht
X-Via-Popn
X-Via-Popv
X-LiteSpeed-Cache-Control
X-Cache-Bucket
X-LB-ID
Cdn-Requestid
X-Dc
X-Webkit-CSP
X-Newrelic-Synthetics
X-Parent-Response-Time
Cache-Key
XkeyRZ
X-Proxy-CacheRZ
A
HostName
AMP-Access-Control-Allow-Source-Origin
X-Nananana
X-B3-Parentspanid
X-NewRelic-App-Data
X-Tt-Logid
X-Presslabs-Stats
X-B3-Spanid
X-DynaTrace-JS-Agent
X-COUNTRY
X-Zone
X-Webkit-Csp
X-CS
WP-Super-Cache
Fastly-Drupal-Html
SID
X-Ua
X-DataCenter
X-ApacheServer
X-Endurance-Cache-Level
X-PERF
X-WA-Info
X-Srv
X-CACHE-AGE
X-Nitro-Cache
Proxy-Firewall
X-Uri
X-Render-Time
X-API-Version
X-Fpc
X-Webkit-Csp-Report-Only
X-Litespeed-Cache-Control
X-RateLimit-Limit
GeoIp-Country-Code
X-Oracle-Dms-Rid
Uri
X-Cdn-Forward
True-Client-Ip
Cmstype
TP-L2-Cache
X-Jungle-Id
Log-Origin
Cache-Contol
Cmsid
RewriteTeamHook
RewriteTestHook
X-Ion-Healthy
X-Ion-Hop
GeoIP-Country-Code
X-Datadome
True-Client-Country-4JS
Resin-Trace
True-Client-IP
My-App
X-From
X-Up
Sever-Int
Server-Ext
Server-Hostname
Sm-Log-Id
X-Optimistic-Header
X-Service-Response-Time
X-CLOUD-TRACE-CONTEXT
X-Ssense-Shipping-Surcharge-Enabled
CacheControlHeader
X-Ssense-Gql
X-Test
X-SERVER-NAME
X-Stale
SEZNAM-JOBS-OFFER
Tcn
Adler-Geo
X-Dispatcher-Number
X-Udemy-Cache-App-Namespace
Is-Eu
Cdn
X-Datacenter
X-Dynatrace-Js-Agent
X-Varnish-Beresp-TTL
X-Pass-Why
X-Client-Ip
WZWS-RAY
X-Nginx-Cache-Key
X-FPC
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Srv
Lb
X-APP-VERSION
X-Air-Pt
X-Custom-Header
X-Air-Source
X-Fastly-Cache-Status
X-Air-Trace-Id
Hostname
X-Debug-Service
X-Air-Hostname
T-Server
X-Geo-Header
X-AWS-Id
X-VWS-Id
X-TX-ID
X-LJ-Flow-ID
Server-Id
X-SRCache-Key
Origin-Site
X-Varnish-Hostname
X-ND-Cache
X-Provided-By
X-Vc
Serverhost
X-App
Cf-Ipcountry
X-VCL-Version
X-Akamai-Pragma-Client-IP
Edge-Cache
X-Lb-Id
AKAMAI-GRN
NtCoent-Length
X-Fastly-Backend-Reqs
Vc-Max-Age
X-CMSURLCustom
X-Cache-Server
X-Correlation-ID
X-Cache-Ttl
X-Via-PopH
X-Html-Minification-Powered-By
X-Via-PopN
X-Oracle-DMS-ECID
X-Via-PopV
X-WA
X-Ha-Backend
Pics-Label
YJS-ID
X-NC
Pragrma
ServerHost
X-XRDS-LOCATION
X-Esi
Epwk-X-Cache
X-Rocket-Build-Number
X-Sigma-Backend
X-Forwarded-Site
Powered-By
S-Rt
Geoip-Latitude
Machine
X-Sigma
X-Region-Sid
X-Cdn-Cache-Status
Av-Poweredby
X-LAGOON
X-Requestid
Cloudfront-Viewer-Country
WWW-Authenticate
X-Cache-TTL-Remaining
Ms-Author-Via
X-Traceid
WebServer
Vix-Hermes-Req-Id
X-ServedByHost
Cache-Tv-Group
CountryCode
Xkey-La3
X-Sucuri-Id
Xkeylog
X-Fastly-Cache
Nord-Request-ID
X-Proxy-Cache-La3
X-Ckpd-Fst-Backend
Warning
X-MSEdge-Flight
X-MSEdge-Features
X-HS-Status
MIME-Version
X-Akamai-ERRuleID
FSS-Cache
Reporter
X-Lb-Nocache
X-Akamai-ERPolicy
Thinkindot-Control
X-Wp-Cf-Super-Cache
On-Server
X-Wp-Cf-Super-Cache-Cache-Control
X-Check-Cacheable
X-IAuth-Set-Uid
X-Serial
X-Tncms-Bot-Tier
X-Td-Header-From-No-Data
X-Web-Server
X-Dw-Trace-Id
DataCenter
Coldstone-Viewer-Country
Datacenter
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
X-VTEX-Cache-Backend-Connect-Time
Cneonction
X-Orig-Cache-Control
X-Mg-Cache
X-Elasticpress-Query
Thinkindot-Cache-Type
X-BBC-Origin-Response-Status
X-Cdn-Request-ID
Timeexpire
X-VTEX-Cache-Backend-Header-Time
X-Lsadc-Cache