Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
Cf-Request-Id
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
X-Ua-Compatible
Server-Timing
X-Drupal-Cache
Permissions-Policy
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-UA-Device
X-Vhost
X-Cache-Group
X-Amz-Version-Id
Keep-Alive
X-Dispatcher
X-AH-Environment
X-Proxy-Cache
X-Server
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
P3p
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-LiteSpeed-Cache
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-Host
X-Litespeed-Cache
X-Cache-Lookup
X-Backend-Server
X-Ruxit-JS-Agent
Surrogate-Control
X-Country-Code
X-Server-Id
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
X-Country
Service-Worker-Allowed
X-Nginx-Cache-Status
Fastly-Restarts
X-TraceId
X-Clacks-Overhead
X-Content-Type
Request-Id
X-Vname
X-PC
X-TtlSet
X-Application-Context
Rating
X-Times
X-Cnection
X-Cache-TTL
X-ESI
X-Browser-Type
X-Mcache
X-Edge
X-Midtier
Surrogate-Key
X-FTR-Cache-Status
X-Vcap-Request-Id
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
Accept-Ch-Lifetime
X-Ac
Origin-Trial
Edge-Control
X-Powered-By-Plesk
X-Abt-Application-Version
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Element-Page-Cache
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-NWS-LOG-UUID
X-D2id
Verso
X-Upstream
X-B3-TraceId
X-ORACLE-DMS-RID
X-ECACHE
X-Client-IP
X-Amz-Rid
X-Mod-Pagespeed
Nginx-Cache
X-Navigation-Version
Pagespeed
X-Sol
X-Middleton-Display
Display
X-GitHub-Request-Id
X-FastCGI-Cache
X-Nf-Request-Id
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
Response
X-PDP-UNCACHING-HASH
X-Middleton-Response
X-Language
X-Envoy-Decorator-Operation
Akamai-GRN
X-Goog-Hash
S
AR-Request-ID
AR-PoweredBy
X-ARC
AR-ATIME
Edge-Cache-Tag
X-MS-InvokeApp
X-Resp-Is-Stale
X-Url
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Limit
X-Ser
X-Content-Digest
X-Distributor
SPRequestDuration
SPIisLatency
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
X-Dw-Request-Base-Id
Front-End-Https
X-Cache-Key
X-Ezoic-Cdn
X-Recruiting
X-NGENIX-Cache
X-Shield-Request-Id
X-Forwarded-For
RTSS
Cache-Status
X-Amzn-Trace-Id
X-Powered-CMS
X-Version
Public-Key-Pins
X-T
X-Server-Name
X-MSEdge-Ref
TP-Cache
Fastcgi-Cache
Arr-Disable-Session-Affinity
X-Mg-S
X-Ua-Device
X-Accel-Expires
X-Daa-Tunnel
X-Varnish-TTL
X-HS-Cache-Config
X-HS-Content-Id
X-Ttl
X-HS-Hub-Id
X-Id
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Cluster-Name
Cache-Tags
X-Cached
X-CST
AR-CACHE
X-Fastly-Request-ID
X-Xrds-Location
X-TTL
X-ORACLE-DMS-ECID
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-Ua-Browser
Payment
X-Newrelic-App-Data
X-DIS-Request-ID
X-Kong-Proxy-Latency
X-RateLimit-Remaining
X-Kong-Upstream-Latency
X-GUploader-UploadID
X-Content-Security-Policy-Report-Only
Content-MD5
X-Jurisdiction
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HP-Webp
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Webkit-Csp
Content-Disposition
Count-Hit
X-PressLabs-Stats
X-Azure-Ref
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Px
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Page-Id
Cross-Origin-Resource-Policy
X-Unique-Id
Cleartype
Accept-Charset
X-Ratelimit-Reset
X-Logged-In
X-FB-Debug
X-Git-Hash
X-Proxy
X-Protected-By
X-Activity-Id
X-Load-Cache
X-Rid
X-AppVersion
X-Origin-Server
Cross-Origin-Embedder-Policy
X-Az
X-VARITI-CCR
X-Server-ID
X-Www-Served-By
X-LLID
X-Goog-Metageneration
X-Template
X-Varnish-Backend
MicrosoftSharePointTeamServices
Version
Server-Node
YJS-ID
X-Forwarded-Proto
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-Upgrade-Enabled
X-Geo-Country
X-Amzn-RequestId
X-NF-Request-ID
X-Amz-Apigw-Id
X-Frontend
X-Hostname
X-Content-Options
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Ar-SID
X-Varnish-Server
X-URL
X-B3-Sampled
X-Ruxit-Js-Agent
Section-Io-Cache
X-Varnish-Grace
Viewport
X-TT
X-App-Server
X-Device-Type
MRF-Tech
X-Status
Mrf-Cache-Status
X-B3-TraceId-Primal
Fastly-SIE
X-B
X-Fb-Rlafr
X-Grace
Fastly-SWR
X-Varnish-Ttl
Alternate-Protocol
Access-Control-Allow-Method
X-Goog-Stored-Content-Encoding
X-Cache-Age
X-Goog-Storage-Class
X-Oneagent-Js-Injection
X-Goog-Generation
X-Goog-Stored-Content-Length
Upgrade-Insecure-Requests
X-Wormhole-Sdk
X-SERVER-NAME
X-Fastcgi-Cache
Healthy
TCN
X-Tt-Trace-Host
X-Tt-Trace-Tag
Host
X-Request-Guid
X-Magnolia-Registration
X-Buckets
X-Request-Device-Id
AR-SID
X-EdgeConnect-Cache-Status
X-CSRF-Token
DC
X-Debug
Retry-After
AKAMAI-GRN
Amp-Access-Control-Allow-Source-Origin
X-WebKit-CSP-Report-Only
X-Amzn-Remapped-Content-Length
X-Contextid
X-Cache-Control
X-Revision
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-WP-CF-Super-Cache
X-Response-Served-From
X-Instance
X-WP-CF-Super-Cache-Cache-Control
X-Original-Request-Id
X-Vcl-Version
X-Adobe-Loc
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
Cross-Origin-Embedder-Policy-Report-Only
X-Cache-Hit
X-Type
X-Yottaa-Metrics
X-Is-Bot
X-NYM-Debug-Backend
X-Yottaa-Optimizations
X-Origin-TTL
X-Rendered-As
X-Origin-CC
MS-Author-Via
Access-Control-Request-Headers
X-Seen-By
X-Lambda-Id
X-Mobile
X-Backend-Name
Section-Io-Id
SD-X-WS
X-G
X-Akamai-Edgescape
X-Content-Powered-By
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Hl-Ver
X-UUID
X-Trace-Id
X-ServerID
X-Mg-Request-UUID
X-Debug-IsPreview
X-Debug-IsConnected
Charset
X-Framework
X-RM-Cache-TTL
X-Server-W
X-Storage
NGB
X-ProcessESI
X-RemovedCookies
X-Meli-Trace-Site
X-Dc
X-Meli-Trace-Platform
Ms-Operation-Id
MS-CV
X-INCAP-ABP
X-Meli-Trace-Bu
X-RTag
X-Cache-Time
X-AB
X-Akamai-Request-ID2
X-Request-Bu
X-N
X-Request-Platform
X-Request-Site
Refresh
X-Cache-Status-Check
Filterid
X-App-Version
Protected
X-Time
X-DataDome
X-Region
X-Real-IP
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Frame-Options
SRV
X-Node-Name
Cache
Accept-Language
X-B3-SpanId
Webserver
X-LB-Cache
CDN-RequestId
Paypal-Debug-Id
Cross-Origin-Window-Policy
X-User-Agent
Onion-Location
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Whom
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Ms-Request-Id
X-Ms-Version
Priority
X-COUNTRY
X-Cache-Expired-At
Liferay-Portal
X-IPS-LoggedIn
X-F-Cache
X-VC
X-WP-CF-Super-Cache-Active
X-HTML-Minification-Powered-By
X-VC-Cache
OT-Force-Account-Verify
X-Mode
X-Rocket-Nginx-Serving-Static
Backend
X-Pass-Why
X-Proxy-Cache-Info
X-Cacheable-TTL
X-Tb
Xet-Cookie
X-App-Environment
X-FW-Type
X-FW-Version
X-L-Path
GEO-INFO
X-FW-Static
X-Environment-Context
X-FW-Dynamic
X-FW-Server
X-Drupal-Cache-Tags
X-FW-Serve
X-FW-Hash
Web-Mar-Node
X-Service
Url
X-Vcache
X-UPSTREAM-Address
X-Servername
Meta-Geo
X-Zipkin-Id
Filters
X-Rn-Rsrv
X-Requestid
X-JoinUs
Fastcgi-Useragent
X-Adobe-Source
X-Routing-Service
X-Rewrite-Enabled
ServerID
X-SaId
X-Cloudmap
X-Handled-By
X-MP-GENERATED-AT
X-Loop
X-Detected-As
X-Tncms
X-Proxied
X-Debug-Info
X-Extlb
Webcakes-App-Name
TWC-GeoIP-DMA
TWC-Device-Class
TWC-GeoIP-Country
Atl-Traceid
X-IPLB-Request-ID
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Region
TWC-Locale-Group
Property-Id
X-Logging-Id
TWC-Privacy
TWC-GeoIP-City
ServedBy
X-IPLB-Instance
X-Tcp-Rtt
X-Is-Desktop
X-Geo-Region
X-Cache-Host
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
Webcakes-App-Version
X-Origin-Hint
X-Origin-Date
X-Forwarded-Host
X-Hit
X-Hosted-By
X-Format
X-Varnish-Beresp-Grace
X-Director
X-Endurance-Cache-Level
X-Storefront-Renderer-Rendered
Country
X-Restarts
X-Browser-Name
X-Web-Node
X-Locale
X-Alternate-Cache-Key
X-Rule
X-Shopify-Stage
Webcakes-Region
X-Cluster-Node
X-Httpd
X-Cms-Context
X-Edge-Location
X-Wix-Request-Id
Mn-Server-Ip
X-Generation-Time
X-Cdn-Origin
X-Cluster
X-Redis-Cache
Uber-Trace-Id
X-R9-Blue-Green-Version
X-Soup
X-BYPASS-REASON
X-Scope-Id
X-Cache-Action
X-Say-TTL
X-Skip-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-SayCDN-TTL
X-Say-Cacheable
Apigw-Requestid
X-Source
X-ECache
Environment
X-Drupal-Cache-Contexts
Countrycode
X-PHP-Host
X-Mly-Id
X-Served-From
X-FB-TRIP-ID
X-Labrador-Cache-Channel
X-RateLimit-Remaining-Second
X-S
X-RateLimit-Limit-Second
X-Connection-Hash
Expiry
DB-Nickname
Cache-Hits
X-Fetched-On
X-Origin
X-Auth-Group-Type
X-Tumblr-Pixel-3
Selected-Fe
X-Tumblr-Pixel-2
X-Proxy-Build
X-Timing-Wait
LB
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
Request-ID
X-SRV
X-Varnish-Cache-Hits
X-Oracle-Dms-Ecid
X-GEO
X-Origin-Cache
X-ShopId
X-Sorting-Hat-PodId
X-HITS
X-Sorting-Hat-ShopId
X-No-Session
X-ShardId
X-VCT
X-Varnish-Age
X-RCS-CacheZone
X-Cache-Debug
Front
WPO-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Api-Version
YJS-CacheStatus
X-WP-CF-Super-Cache-Cookies-Bypass
X-Is-Modern-Browser
X-Lagoon
X-TT-LOGID
X-Site-Version
X-Yandex-Req-Id
Xserver
X-Webstats-RespID
Node
Cache-Provider
X-TA-CDN-Provider
From-Origin
X-UA
X-Varnish-Beresp-Ttl
X-Cdn
X-Generated-By
X-Azure-Ref-OriginShield
X-Platform
X-Provided-By
X-Is-Mobile-Only
X-Xfnlog-Site
Cache-Tv-Group
X-B3-Traceid
X-Ua
X-Accel-Version
X-Fastly-Request-Id
Referer-Policy
X-CDN-Forward
X-NewRelic-App-Data
X-VC-TTL
AMP-Access-Control-Allow-Source-Origin
X-B-Cache
X-Signature
X-XRDS-Location
X-Sucuri-Cache
X-CDN-Cache-Status
CF-IPCountry
WPO-Cache-Message
X-Reqid
X-Sucuri-ID
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
X-PHP-Backend
CDN-CachedAt
CDN-Cache
Location
X-Tb-Optimization-Total-Bytes-Saved
X-NWS-UUID-VERIFY
X-Litespeed-Tag
X-Air-Pt
X-Content-Age
X-Frame-Option
X-Cache-Rule
X-Cache-Operation
MD5-Digest
Meta-Geo-Continent
X-ScT
X-Section
X-S-Cookie
X-Rojux
X-Rocket-Build-Number
Odigeo-Trace-Id
X-Sigma
Log-Origin
X-Slack-Shared-Secret-Outcome
Ngx.Var.Host
X-Slack-Backend
X-Sigma-Backend
X-SRCache-Key
Fastly-SSL
X-VG-WebCache
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Vtex-Remote-Cache
Apple-News-Services-Host
XM
X-IsAdmin
Xc-Version
Apple-News-Services-Handled
Candidate-Md5Url
Cdncip
X-Request-URI
X-Varnish-Director
Fl-Custom-Application
Lang
X-Vdms-Version
Expect-Staple
Cdnsip
DCR-Decision-By
DCR-Processing-Time-Ms
X-Varnish-Authentication
X-Micro-Cache
X-Developer
X-Destination
X-Depends
X-D
X-Ec-Fail
X-Ec-GeoHdr
X-Forwarded-Site
X-Fmm-Version
X-External-Request-Id
X-Contensis-Viewer-Groups
X-Conf
X-Auto-Login
X-Cache-Aspx
X-Bl-Debug
X-B-Cookie
X-Application
X-Cache-NE
X-Action
X-Clientip
X-Aed
X-Access
X-A-Wwc
RNT-Time
Sslversion
X-BCube-Filmed-By
X-Loc
X-Old-Content-Length
RNT-Machine
Redirect-Candidate
Rendered-Blocks
X-Origin-Expires
X-Ig-Push-State
Web-Mar-Region
X-A-Dcw
X-GeoCountry
X-GeoCode
X-A-Dgt
X-A-Dam
X-HS-Content-Campaign-Id
X-A
X-Ig-Origin-Region
X-A-Ccd
Origin
X-AK-Request-ID
X-Tx-Id
X-Optimistic-Header
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-SD-PageType
X-Shield-Cache-Expires
User-Cache-Control
V-Age
X-Req
X-Region-Sid
X-PAYTM-SRV-ID
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-Fastly-Backend
X-SIPLIST1
X-Pubstack
X-Policy
Thinkindot-CacheControl-Type
X-Up
Origin-Agent-Cluster
Origin-CC
X-Uri
X-V-Cache
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
Origin-EX
X-UA-Device-Type
X-Sn-Servicetimems
TDXMobile
Thinkindot-CacheControl
ServerName
X-FC-Vary-Parameters
X-Thinkindot-L3
Req-Svc-Chain
X-Aicache-OS
X-Akamai-Device-Characteristics
X-Date
X-DefElseHash
X-DefHash
X-Hnp-Log
X-CUA
X-Content-Length
X-Csrf-Jwt
X-Hash
X-GoCache-CacheStatus
X-Gen-Mode
X-Gdpr
X-Epic-Correlation-Id
X-GeoIP-City
X-Ec-Custom-Error
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Human
X-Internal-TTL
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-Nyt-Route
X-App-Name
X-Varnish-CookieINHashed-On
X-Origin-Time
X-Node-Id
X-Block-Status
X-Men
X-Eu-Site
X-CGP
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Bug-Bounty
X-Moov-Xdn-Version
X-Path
X-Thinkindot-L1
Cluster
X-Varnish-Hostname
Time-Cloud-Cache
X-Cms-Device
CDCHOST
Cmstype
Store-Cloud-Cache
X-Worker
Gannett-Cam-Experience-Id
DSUID
X-From
Country-Code
X-Core-Value
Azure-Version
X-Ee-Request-Id
X-Ee-Request-Date
X-Save-Cache
X-Vary-Devices
X-Viewer-Country
X-Ee-Origin
X-Ee-Generated-By
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-We-Are-Hiring
Cmsid
Ha-Gx-Prefs
X-Varnish-Remaining-TTL
Gh-Request-Id
IsBot
L5d-Success-Class
L
Platform
X-Cache-Id
PFcat
X-CacheTTL
X-Debug-Cache-Store
X-VarnishDD-TTL
X-Vercel-Cache
X-Cache-FS-Status
CacheControlHeader
X-Mvc-Supplant-Cachable
X-Bip
C-Via
X-Debug-Cache-Fetch
X-Litespeed-Cache-Control
X-Cache-Date
Pragrma
Sid
N-Cache
X-DPWN-IS-SECURE
X-Dispatcher-Server
NM-Fastcgi-Cache
Host-ID
X-PERF
X-ApacheServer
X-Edge-Server
X-Render-Time
X-Gzip
X-Generated-On
X-NMSegId
Mail-Subject
X-HN
X-Ion-Healthy
X-Level-Front-Cache
X-Jungle-Id
X-Ion-Hop
Machine
Cdn-Host
X-SB
Nord-Request-ID
Cache-Contol
X-SVT-ORM-RULES
RewriteTeamHook
X-Proto
Content-Style-Type
X-SVT-ORM-VERSION
X-Server-IP
We-Hiring
Tube-Got-Eval
Tube-Get-Contents
X-Wikidot-Backend
Tube-Got-Results
Tube-Return
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-Wikidot-Static-Cache
Producers
X-AB-Test
Release
X-Org
X-Gamma-Serve
X-Op-Id-All
X-CACHE-AGE
X-Vmg-Version
Cdn-Request-Time
X-B3-Trace-ID
Content-Script-Type
X-Amz-Storage-Class
X-Via-Fastly
Server-Host
RewriteTestHook
X-Vercel-Id
X-Thanos
Click-Count-Error
X-Esi-Check
Click-Count-Action-Start
X-Parent-Response-Time
X-TH-Server
Origin-Site
X-Proxied-Request
X-Origin-Response-Time
X-Location
X-Mvc-Supplant-OutputCached
X-ElasticPress-Query
NGX
X-LSADC-Cache
Canary
Product
Source
X-Tt-Logid
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Cs
X-Amz-Meta-Cb-Modifiedtime
Debug
HA-Ipaddr
X-Pad
X-Cached-By
Mime-Version
Fastly-Drupal-HTML
X-Refresh
X-Cache-VC
S-Rt
Powered-By
X-ZONE
X-Cdn-Forward
X-Datadome
X-Presslabs-Stats
X-NGINX-Cache
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-APP
Vix-Hermes-Req-Id
X-Nginx-Cache
X-User
Cookie
X-Nananana
X-LB-ID
X-Upstream-Ct
X-Ah-Environment
Edge-Cache
X-ND-Cache
X-Varnish-Hits
X-HA-Backend
Pics-Label
X-Upstream-Ht
X-AIR-PT
CloudFront-Viewer-Country
GeoIP-Latitude
X-DynaTrace-JS-Agent
X-Servedbyhost
Server-ID
Surrogated-Key
X-LB-NoCache
X-GeoIP
HostName
Akamai-Mon-Iucid-Del
X-Webkit-CSP
GeoIp-Country-Code
X-Request-Start
X-Zone
MIME-Version
Fastly-Drupal-Html
X-Scheme
WZWS-RAY
X-Nc
X-Wa
DataCenter
X-Fpc
Tcn
X-B3-Parentspanid
Resin-Trace
SID
N1-Cache
X-Srv
X-Lsadc-Cache
X-RateLimit-Limit
X-NodeID
X-Debug-Service
Lb
X-Unity-Cache
X-Nginx-Cache-Key
X-Request-Host
X-Pool
X-CS
X-RequestId
X-LiteSpeed-Cache-Control
X-Cache-Grace
Server-Ext
Server-Hostname
True-Client-Country-4JS
Sever-Int
X-VCL-Version
X-Service-Response-Time
Show-Do-Not-Sell-Link
X-Vgn-Hpd-Reason
Wsr-Cache
Sm-Log-Id
Yak-Timeinfo
X-DataCenter
X-B3-Spanid
X-TX-ID
Load-Balancing
Yjs-Id
X-Air-Trace-Id
X-Cache-Backend
X-DynaTrace
X-Air-Hostname
Cdn
X-Air-Source
X-Newrelic-Synthetics
X-Zen-Fury
Edge-Copy-Time
X-HOST
X-Geolocation
X-Via-SSL
X-Datacenter
X-Via-Edge
X-Via-CDN
NtCoent-Length
X-NODE
CDN
X-Jobs
Req-ID
Traceparent
X-WA
X-Cdn-Srv
X-API-Version
X-FPC
Cdn-Requestid
X-NC
X-HubSpot-Correlation-Id
X-Vc
X-LiteSpeed-Tag
X-CDN-Provider
X-Akamai-Pragma-Client-IP
Uri
X-Fastly-Backend-Reqs
Server-Id
Datacenter
GeoIP-Country-Code
X-FORWARDED-FOR
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-Udemy-Cache-App-Namespace
WP-Super-Cache
X-VTEX-Cache-Server
X-Webkit-Csp-Report-Only
X-Proxy-Cache-La3
X-Ez-Minify-Js
Serverhost
X-Html-Minification-Powered-By
True-Client-IP
Hostname
X-Dynatrace-Js-Agent
X-Proxy-CacheR9
Xkey-La3
XkeyR9
Geoip-Latitude
Xkeylog
X-Varnish-Beresp-TTL
T-Server
Coldstone-Viewer-Currency
ServerHost
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
On-Server
RATING
X-ServedByHost
X-WA-Info
X-Stale
X-TimeS
A
Cloudfront-Viewer-Country
X-Lb-Id
Srv
X-Swift-Error
From-Cache
Proxy-Firewall
X-Lb-Nocache
X-Oracle-DMS-ECID
X-Client-Ip
WebServer
Esi-Enabled
BehaviorPad-Version
X-Via-JSL
X-Ha-Backend
X-App
X-CSRF-TOKEN
X-ID
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-LAGOON
X-VC-Age
X-Ssense-Shipping-Surcharge-Enabled
X-Correlation-ID
X-MSEdge-Flight
X-Ssense-Gql
X-MSEdge-Features
X-Check-Cacheable
X-Via-PopN
X-Fastly-Cache
X-Via-PopH
X-Via-PopV
FSS-Cache
Cs
X-Srcache-Store-Status
X-Srcache-Fetch-Status
CountryCode
X-Shopid
X-HA-Device-Type
X-Sorting-Hat-Podid
Pramga
X-Cdn-Cache-Status
X-Geo
Cr
X-HA-Application-Name
X-Sorting-Hat-Shopid
X-HA-Bot-Classification
X-Styx-Origin-Id
X-Nitro-Cache
X-Styx-Info
X-Serial
X-Request-Time
X-Web-Server
X-Shardid
Ms-Author-Via
X-Var-Ttl
X-Fastly-Cache-Status
X-Elasticpress-Query
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-ATG-Version
X-Request-Url
X-Proxy-Cache-LA2
X-DC
Content-Secure-Policy
True-Client-Ip
Akamai-X-True-TTL
My-App
X-TIM-N
Ngx
Cf-Ipcountry
User-Agent
X-Ramcache
Bxuuid
X-Beacon
X-Mg-Cache
X-Platform-Server
Cneonction
FSS-Proxy
X-Sucuri-Id
X-Fastly-Cache-Hits
X-Cache-TTL-Remaining
Ohc-File-Size
Ohc-Cache-HIT
Bxpunish
X-Env
Warning
Host-Name
X-VServer