Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Request-ID
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Amz-Version-Id
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Litespeed-Cache
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Node
X-Device
X-Cache-Lookup
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
Accept-Ch-Lifetime
X-Response-Time
P3p
Cache-Tag
Cf-Request-Id
X-LiteSpeed-Cache
X-Amz-Server-Side-Encryption
X-Ua-Device
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
Request-Id
X-TraceId
X-Content-Type
Fastly-Restarts
X-Application-Context
X-Times
X-TtlSet
X-PC
X-Nf-Request-Id
X-Vname
X-Clacks-Overhead
Rating
X-Cnection
X-Midtier
X-Mcache
X-Edge
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-Browser-Type
X-ESI
X-FTR-Expires
X-Vcap-Request-Id
Origin-Trial
Edge-Control
X-Cache-TTL
X-Element-Page-Cache
X-FastCGI-Cache
X-D2id
Surrogate-Key
X-NWS-LOG-UUID
X-Powered-By-Plesk
X-Oneagent-Js-Injection
X-Country
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Abt-Application-Version
X-Ac
X-Upstream
Verso
X-Navigation-Version
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-B3-TraceId
X-Url
X-Amz-Rid
Nginx-Cache
X-Language
Akamai-GRN
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-GitHub-Request-Id
X-Sol
Pagespeed
Display
X-Middleton-Display
X-ECACHE
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
S
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
X-MS-InvokeApp
AR-ATIME
AR-PoweredBy
AR-Request-ID
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Distributor
X-Resp-Is-Stale
X-Ser
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
SPIisLatency
X-Ttl
Access-Control-Request-Method
X-NGENIX-Cache
X-Client-IP
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
Front-End-Https
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Content-Digest
X-Ezoic-Cdn
X-Recruiting
RTSS
X-Cache-Key
X-Varnish-TTL
Cache-Status
X-T
X-Version
X-Mg-S
X-Powered-CMS
Public-Key-Pins
TP-Cache
X-HS-Cache-Config
X-MSEdge-Ref
X-HS-Hub-Id
X-HS-Content-Id
Fastcgi-Cache
X-Accel-Expires
X-Ismobilevalue
Arr-Disable-Session-Affinity
X-Daa-Tunnel
AR-CACHE
Cache-Tags
X-Cached
X-Cluster-Name
Realpath
X-Correlation-Id
X-Id
Content-MD5
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
X-Request-Received
X-Request-Device-Id
X-HS-Combine-CSS
Ar-SID
YJS-ID
X-Forwarded-For
X-Fastly-Request-ID
X-Ua-Browser
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-Newrelic-App-Data
X-HP-Webp
X-Cambria-Cache-Control
X-Jurisdiction
X-COUNTRY
X-HP-Trace-Id
X-Xrds-Location
X-GUploader-UploadID
X-Azure-Ref
X-RateLimit-Remaining
X-HS-Prerendered
X-Amz-Replication-Status
X-HS-CF-Cache-Status
X-Webkit-Csp
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Meli-Trace-Site
Content-Disposition
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-Ratelimit-Reset
X-Px
X-Origin-Server
X-Unique-Id
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Page-Id
X-Logged-In
X-AppVersion
X-Az
X-Activity-Id
X-Rid
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Cross-Origin-Resource-Policy
Cleartype
MicrosoftSharePointTeamServices
X-SERVER-NAME
X-ORACLE-DMS-ECID
X-Microsite
Cross-Origin-Embedder-Policy
X-Request-Handler-Origin-Region
X-FB-Debug
X-Proxy
X-VARITI-CCR
Accept-Charset
X-Www-Served-By
X-TTL
X-Load-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TEC-API-ORIGIN
X-LLID
X-TEC-API-ROOT
X-TEC-API-VERSION
Version
X-Goog-Metageneration
X-Geo-Country
X-Template
X-Forwarded-Proto
X-Varnish-Backend
X-CST
X-Upgrade-Enabled
X-PressLabs-Stats
X-Hits
Server-Node
Server-Name
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-Hostname
X-App-Server
X-Content-Options
Access-Control-Allow-Method
Section-Io-Cache
Healthy
Viewport
X-Varnish-Grace
X-Grace
X-TT
X-Device-Type
X-Frontend
X-Fb-Rlafr
Fastly-SIE
Fastly-SWR
Alternate-Protocol
X-B
X-Varnish-Server
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Request-Guid
X-Status
TCN
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Contextid
DC
Upgrade-Insecure-Requests
X-Magnolia-Registration
AKAMAI-GRN
Retry-After
X-EdgeConnect-Cache-Status
Host
X-Amzn-Remapped-Content-Length
X-Requestid
MS-Author-Via
X-Cache-Control
X-Cache-Age
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-Tt-Trace-Host
Frame-Options
X-Tt-Trace-Tag
X-Buckets
X-Debug
X-Varnish-Ttl
X-Origin-CC
X-Origin-TTL
X-Type
X-Original-Request-Id
X-Revision
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
X-Hl-Ver
SD-X-WS
X-Mobile
X-Oracle-Dms-Ecid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-INCAP-ABP
X-UUID
X-Instance
X-G
X-Backend-Name
X-ServerID
X-Seen-By
X-N
Cross-Origin-Opener-Policy-Report-Only
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Yottaa-Optimizations
X-Is-Bot
X-NYM-Debug-Backend
X-Rendered-As
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Cache-Status-Check
X-Adobe-Content
X-Tumblr-Pixel
Cross-Origin-Embedder-Policy-Report-Only
X-Akamai-Request-ID2
X-Lambda-Id
Access-Control-Request-Headers
X-WP-CF-Super-Cache-Cache-Control
X-Mg-Request-UUID
NGB
X-AB
MS-CV
X-Debug-IsPreview
X-WP-CF-Super-Cache
X-Debug-IsConnected
X-RTag
X-Framework
Ms-Operation-Id
X-Content-Powered-By
X-Trace-Id
Section-Io-Id
X-Server-W
X-Storage
X-RM-Cache-TTL
Charset
X-Vcl-Version
X-Dc
Cache
Webserver
Filterid
X-Yandex-Req-Id
X-DataDome
X-ECache
Paypal-Debug-Id
X-Request-Platform
Accept-Language
X-Request-Site
X-B3-SpanId
X-Request-Bu
Refresh
X-Cache-Time
X-Cache-Hit
X-URL
X-VC-Cache
X-HITS
X-Tec-Api-Root
X-Tec-Api-Version
SRV
X-Tec-Api-Origin
X-Ms-Version
X-Ms-Request-Id
Onion-Location
X-Time
X-Node-Name
X-User-Agent
X-F-Cache
X-Region
X-Real-IP
YJS-CacheStatus
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Xet-Cookie
Liferay-Portal
CDN-RequestId
Priority
GEO-INFO
X-HTML-Minification-Powered-By
X-Fastcgi-Cache
X-IPS-LoggedIn
X-Mode
X-Environment-Context
X-L-Path
X-LB-Cache
X-Service
Cross-Origin-Window-Policy
X-Pass-Why
X-Rule
X-Datadog-Sampled
X-Rocket-Nginx-Serving-Static
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Timing-Wait
X-Drupal-Cache-Tags
X-Tb
X-UPSTREAM-Address
X-Rn-Rsrv
X-Proxy-Build
X-JoinUs
X-Cache-Expired-At
Selected-Fe
Meta-Geo
X-Rewrite-Enabled
Country
X-SaId
Backend
Protected
X-Is-Desktop
X-Is-Mobile
X-Is-Mobile-Only
X-Geo-Region
X-Handled-By
X-BYPASS-REASON
X-Browser-Name
X-ProxyCache-Status
X-Is-Modern-Browser
X-Is-Supported-Browser
X-Wix-Request-Id
X-Tcp-Rtt
X-Origin-Cache
X-ProxyCache-Key
X-Whom
X-Is-Tablet
X-Adobe-Source
X-VC
X-Web-Node
Mn-Server-Ip
X-Provided-By
X-Generation-Time
X-Origin
TWC-GeoIP-LatLong
TWC-GeoIP-DMA
Expiry
X-Servername
TWC-GeoIP-Region
TWC-GeoIP-Country
TWC-GeoIP-City
Property-Id
X-RateLimit-Remaining-Second
TWC-Locale-Group
Fastcgi-Useragent
TWC-Device-Class
TWC-Connection-Speed
X-RCS-CacheZone
Webcakes-Region
X-Httpd
X-FB-TRIP-ID
X-Extlb
X-Detected-As
X-Loop
X-Proxy-Cache-Info
X-Origin-Hint
X-Origin-Date
X-Proxied
X-Connection-Hash
X-Cloudmap
Web-Mar-Node
Url
Uber-Trace-Id
Webcakes-App-Name
Webcakes-App-Version
X-Cacheable-TTL
X-RateLimit-Limit-Second
X-WP-CF-Super-Cache-Active
TWC-Privacy
X-Routing-Service
X-Tncms
X-VCT
X-Zipkin-Id
X-Vcache
X-Varnish-Beresp-Grace
ServerID
Atl-Traceid
OT-Force-Account-Verify
X-Director
Apigw-Requestid
X-Redis-Cache
DB-Nickname
X-Format
X-Forwarded-Host
LB
X-Tumblr-Pixel-3
X-Fetched-On
X-Tumblr-Pixel-2
X-Hosted-By
X-Cdn-Origin
X-Logging-Id
X-Shopify-Stage
X-MP-GENERATED-AT
X-Soup
X-Cache-Action
X-Skip-Cache
X-Storefront-Renderer-Rendered
X-Locale
ServedBy
X-Cms-Context
X-Alternate-Cache-Key
X-App-Environment
X-Cluster
X-Auth-Group-Type
X-Hit
X-FW-Hash
X-Debug-Info
X-Cluster-Node
X-FW-Serve
X-Edge-Location
X-Endurance-Cache-Level
X-FW-Dynamic
Locale
X-FW-Static
X-SayCDN-TTL
Environment
X-FW-Type
X-Urbn-Site-Id
X-FW-Version
Cache-Hits
X-Say-TTL
X-Scope-Id
X-Served-From
X-Restarts
X-Urbn-Context-Path
X-Say-Cacheable
X-Cache-Host
X-FW-Server
X-NewRelic-App-Data
X-Labrador-Cache-Channel
X-Cache-Debug
X-Drupal-Cache-Contexts
X-IPLB-Instance
X-IPLB-Request-ID
X-PHP-Host
Filters
X-Server-ID
X-S
X-Api-Version
X-XRDS-Location
Node
X-Mly-Id
X-R9-Blue-Green-Version
X-Platform
X-GEO
Front
X-CDN-Cache-Status
AR-SID
X-No-Session
X-CDN-Forward
X-CLOUD-TRACE-CONTEXT
Xserver
X-Tt-Logid
X-ShardId
X-Sorting-Hat-PodId
X-UA
WPO-Cache-Status
X-Sorting-Hat-ShopId
X-ShopId
X-Varnish-Age
X-Optimistic-Header
Countrycode
Cache-Tv-Group
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Cache-Hits
X-Varnish-Beresp-Ttl
X-Wormhole-Sdk
X-Fastly-Request-Id
X-Generated-By
X-Presslabs-Stats
X-B3-Traceid
X-SRV
X-Signature
X-B-Cache
X-NWS-UUID-VERIFY
Referer-Policy
X-CACHE-AGE
X-Webstats-RespID
X-Client-Ip
X-Azure-Ref-OriginShield
X-Site-Version
Request-ID
From-Origin
X-Ua
AMP-Access-Control-Allow-Source-Origin
Cache-Provider
X-IsAdmin
X-Cache-Rule
X-Cache-Operation
X-PHP-Backend
X-Accel-Version
X-Auto-Login
X-Worker
Location
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-NF-Request-ID
X-VC-TTL
X-TA-CDN-Provider
X-Upstream-Ct
X-Upstream-Ht
X-Tx-Id
Source
X-Vtex-Remote-Cache
X-ApacheServer
X-Application
Redirect-Candidate
X-Aed
Origin-Agent-Cluster
S-Rt
Xc-Version
X-B-Cookie
X-Tb-Optimization-Total-Bytes-Saved
X-Org
X-BCube-Filmed-By
WPO-Cache-Message
X-Cache-NE
X-Clientip
X-Bc-Bl
X-PERF
X-Ig-Push-State
X-Bl-Debug
X-Ig-Origin-Region
Lang
MD5-Digest
X-GeoCode
Host-ID
X-GeoCountry
Meta-Geo-Continent
N-Cache
Rendered-Blocks
Pragrma
Origin
Ngx.Var.Host
Fl-Custom-Application
Sslversion
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A
Candidate-Md5Url
Expect-Staple
DCR-Processing-Time-Ms
DCR-Decision-By
X-External-Request-Id
X-Conf
X-Loc
X-Rojux
X-Destination
X-S-Cookie
X-Developer
X-D
X-Ec-Fail
X-Content-Age
X-Vdms-Version
X-SRCache-Key
X-Ec-GeoHdr
X-ScT
X-Xfnlog-Site
X-Litespeed-Cache-Control
Cdncip
X-HS-Content-Campaign-Id
X-Hash
CF-IPCountry
Time-Cloud-Cache
X-Fmm-Version
We-Hiring
Cluster
Cdnsip
CDN-RequestPullCode
Wxu-Next-Commit
X-Save-Cache
CDN-Cache
Canary
X-Contensis-Viewer-Groups
X-SD-PageType
Wxu-Next-Region
CDN-CachedAt
CDN-EdgeStorageId
X-Server-IP
CDN-RequestPullSuccess
CDN-RequestCountryCode
Web-Mar-Region
X-FC-Vary-Parameters
CDN-PullZone
CDN-Uid
Fastly-SSL
X-Ee-Generated-By
RNT-Time
X-Req
Mail-Subject
ServerName
Odigeo-Trace-Id
RNT-Machine
Powered-By
X-Varnish-Hostname
X-Gamma-Serve
X-From
Origin-Site
Log-Origin
L5d-Success-Class
X-Section
Gannett-Cam-Experience-Id
Store-Cloud-Cache
X-Depends
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoIP-City
IsBot
X-Forwarded-Site
X-Rocket-Build-Number
Ha-Gx-Prefs
Gh-Request-Id
X-GoCache-CacheStatus
Wxu-Next-Hostname
X-Varnish-Director
X-Ee-Origin
X-Old-Content-Length
X-CUA
X-Csrf-Jwt
X-Node-Id
X-V-Cache
X-Policy
X-Sucuri-Cache
X-Epic-Correlation-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-ND-Cache
X-Bug-Bounty
X-PAYTM-SRV-ID
X-VG-WebCache
X-VG-TLSProxy
X-Cms-Device
Sid
X-CGP
X-Ee-Request-Date
X-Core-Value
X-Origin-Expires
X-Cache-Aspx
X-Ee-Request-Id
X-Eu-Site
X-Vary-Devices
X-Varnish-Beresp-Status
X-Internal-TTL
X-Access
X-Varnish-Authentication
X-Aicache-OS
X-Action
X-SIPLIST1
Apple-News-Services-Handled
X-Sigma-Backend
X-Sigma
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-AK-Request-ID
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Reqid
X-NGINX-Cache
X-Parent-Response-Time
RewriteTestHook
X-Akamai-Device-Characteristics
X-Debug-Cache-Store
X-Cache-FS-Status
Server-Host
RewriteTeamHook
X-Content-Length
Req-Svc-Chain
User-Cache-Control
Release
Thinkindot-CacheControl-Type
X-Amz-Storage-Class
V-Age
X-Ec-Custom-Error
X-DefHash
X-Dispatcher-Server
X-Bip
X-App-Name
X-Debug-Cache-Fetch
X-Acquia-Purge-Cdn-Unconfigured
X-DefElseHash
X-BBC-Edge-Cache-Status
X-Date
X-Block-Status
X-Accel-Expires-Debug
X-Backend-Instance
X-Cache-Date
Thinkindot-CacheControl
TDXMobile
Vix-Hermes-Req-Id
X-AB-Test
X-Frame-Option
X-HN
X-Op-Id-All
X-Fastly-Backend
X-Cs
X-Nyt-Route
X-Origin-Time
X-Path
X-Via-Fastly
X-Viewer-Country
X-Up
X-Vmg-Version
X-NMSegId
X-We-Are-Hiring
X-Level-Front-Cache
X-Jungle-Id
Country-Code
X-Gdpr
X-Mvc-Supplant-OutputCached
X-Men
X-FORWARDED-FOR
X-UA-Device-Type
X-Wikidot-Static-Cache
X-Air-Pt
X-Varnish-CookieHashed-On
X-SB
X-Shield-Cache-Expires
X-Request-URI
X-Render-Time
X-Proto
X-Pubstack
X-Region-Sid
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Thanos
X-Thinkindot-L1
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Varnish-CookieINHashed-On
X-Sn-Servicetimems
X-Uri
X-Ion-Hop
X-CacheTTL
X-Generated-On
Machine
NM-Fastcgi-Cache
X-Human
X-Hnp-Log
CDCHOST
L
Fastly-Backend-Name
Content-Style-Type
Content-Script-Type
Cmstype
X-Wikidot-Backend
Cmsid
DSUID
Cache-Contol
Nord-Request-ID
Azure-SiteName
X-Gen-Mode
Azure-RegionName
Azure-InstanceId
X-Ion-Healthy
Azure-Version
Azure-SlotName
Origin-CC
Origin-EX
PFcat
Pics-Label
Fastly-GeoIP-CountryCode
X-Vercel-Id
X-Vercel-Cache
X-Gzip
X-DPWN-IS-SECURE
Platform
Producers
X-Proxied-Request
X-Cache-Id
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-B3-Trace-ID
CacheControlHeader
X-Moov-T
C-Via
CloudFront-Viewer-Country
X-Esi-Check
X-Location
Cdn-Host
Cdn-Request-Time
Tube-Return
Tube-Got-Results
X-Edge-Server
Tube-Got-Eval
Tube-Get-Contents
X-ElasticPress-Query
X-LSADC-Cache
Click-Count-Error
Click-Count-Action-Start
XM
X-Origin-Response-Time
Fastly-Drupal-HTML
X-ZONE
X-Sucuri-ID
X-Source
Mime-Version
X-Pad
NGX
X-Cached-By
Debug
X-Refresh
Load-Balancing
X-Varnish-Hits
X-APP
Cookie
GeoIP-Latitude
X-Servedbyhost
X-Nginx-Cache-Key
GeoIp-Country-Code
X-Via-Popv
X-Debug-Service
X-Datadome
X-Via-Popn
X-Via-Poph
True-Client-Country-4JS
Server-Ext
X-Nananana
Server-Hostname
X-DynaTrace-JS-Agent
Sever-Int
X-Srv
X-TH-Server
Server-ID
Product
X-AIR-PT
X-HA-Backend
HA-Ipaddr
X-Litespeed-Tag
X-TT-LOGID
X-Webkit-CSP
X-Amz-Meta-Cb-Modifiedtime
Cdn
Show-Do-Not-Sell-Link
X-Cdn-Forward
Traceparent
X-Ez-Minify-Html
X-Nc
X-Zone
X-Cache-Backend
WZWS-RAY
X-Fpc
X-Cache-VC
X-GeoIP
X-Wa
X-Newrelic-Synthetics
DataCenter
X-B3-Parentspanid
HostName
X-LB-ID
X-Unity-Cache
X-User
Edge-Cache
Fastly-Drupal-Html
SID
MIME-Version
Tcn
X-VCL-Version
X-Lsadc-Cache
X-CDN-Provider
X-Request-Start
Akamai-Mon-Iucid-Del
X-AC
X-LB-NoCache
Resin-Trace
Lb
X-B3-Spanid
X-Vc
X-Nginx-Cache
Yjs-Id
X-Proxy-CacheR9
X-Scheme
X-Service-Response-Time
Sm-Log-Id
Serverhost
Xkeylog
X-Proxy-Cache-La3
XkeyR9
A
Xkey-La3
Wsr-Cache
X-TX-ID
CountryCode
X-Datacenter
X-LiteSpeed-Tag
X-HOST
Cs
Surrogated-Key
Hostname
X-Request-Host
X-Lb-Id
NtCoent-Length
X-Pool
X-CS
X-LiteSpeed-Cache-Control
X-RateLimit-Limit
Uri
X-Akamai-Pragma-Client-IP
Datacenter
X-WA
X-Dynatrace-Js-Agent
X-NodeID
X-HubSpot-Correlation-Id
Esi-Enabled
CDN
Cdn-Requestid
X-API-Version
X-RequestId
X-Aspnet-Version
X-Fastly-Backend-Reqs
X-FPC
X-VC-Age
X-Udemy-Cache-App-Namespace
X-ID
X-NC
X-Vgn-Hpd-Reason
X-Cache-Grace
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-HA-Device-Type
X-Stale
X-HA-Bot-Classification
X-HA-Application-Name
X-Styx-Info
X-DataCenter
Content-Secure-Policy
X-Styx-Origin-Id
Yak-Timeinfo
Pramga
X-TIM-N
X-Via-JSL
X-DynaTrace
Server-Id
Proxy-Firewall
X-Html-Minification-Powered-By
Cr
X-CSRF-TOKEN
N1-Cache
GeoIP-Country-Code
X-Var-Ttl
Geoip-Latitude
T-Server
ServerHost
X-Srcache-Store-Status
X-TimeS
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Ez-Minify-Js
X-Srcache-Fetch-Status
RATING
Edge-Copy-Time
Req-ID
X-Varnish-Beresp-TTL
X-Geolocation
Srv
X-Ha-Backend
X-Swift-Error
X-ServedByHost
X-Jobs
W
X-Lb-Nocache
X-Zen-Fury
From-Cache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Aspnetmvc-Version
X-Oracle-DMS-ECID
True-Client-IP
WP-Super-Cache
X-MSEdge-Features
X-App
X-MSEdge-Flight
X-Via-PopV
X-Via-PopN
X-Via-PopH
Cloudfront-Viewer-Country
X-CACHE-KEY
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sorting-Hat-Shopid
X-Wp-Cf-Super-Cache-Active
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-LAGOON
X-Key
X-VServer
Ohc-Cache-HIT
Ohc-File-Size
X-Ramcache
X-ByteArk-Cache
X-Correlation-ID
FSS-Cache
On-Server
X-Proxy-Cache-LA2
X-Cdn-Srv
X-Ssense-Gql
X-ByteArk-ReqID
X-Ssense-Shipping-Surcharge-Enabled
X-Elasticpress-Query
CF-Cached-On
Ngx
X-Check-Cacheable
X-Cdn-Cache-Status
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Web-Server
X-Webkit-Csp-Report-Only
Cl-Cache
X-Powered-By-VTEX-Cache
X-Sucuri-Id
X-Geo
X-DC
X-Serial
X-Th-Server
X-Fastly-Cache
X-ATG-Version
WebServer
Akamai-X-True-TTL
X-PageType
Cf-Ipcountry
X-Iplb-Request-Id
X-Iplb-Instance
Warning
FSS-Proxy
X-WA-Info
Cneonction
X-MiniProfiler-Ids
X-Limited
X-Beacon
My-App
X-Mg-Cache
Xkey-G-Jp
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Currency
X-Fastly-Cache-Status
User-Agent
X-Request-Url
X-Env
Host-Name