Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Request-ID
Request-Context
X-Age
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Amz-Version-Id
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Litespeed-Cache
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-SaveTime
X-Swift-CacheTime
X-Dns-Prefetch-Control
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
X-Cache-Lookup
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Accept-Ch-Lifetime
X-LiteSpeed-Cache
Cache-Tag
P3p
Cf-Request-Id
X-Amz-Server-Side-Encryption
X-Ua-Device
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
Request-Id
X-TraceId
X-Application-Context
Fastly-Restarts
X-Content-Type
X-Nf-Request-Id
X-Times
Rating
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
X-Cnection
X-Mcache
X-Edge
X-Midtier
X-ESI
X-Vcap-Request-Id
X-Browser-Type
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
Edge-Control
X-FTR-Expires
X-Cache-TTL
Origin-Trial
X-Element-Page-Cache
X-D2id
Surrogate-Key
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Country
X-Powered-By-Plesk
X-Oneagent-Js-Injection
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Ac
X-Abt-Application-Version
X-Upstream
Verso
X-Mod-Pagespeed
X-Navigation-Version
X-B3-TraceId
X-Url
X-ORACLE-DMS-RID
X-Amz-Rid
Akamai-GRN
X-Language
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Nginx-Cache
X-ECACHE
Display
Pagespeed
X-GitHub-Request-Id
X-Sol
X-Middleton-Display
S
X-Envoy-Decorator-Operation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
Response
X-Middleton-Response
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-MS-InvokeApp
Edge-Cache-Tag
X-Ratelimit-Limit
X-Distributor
X-Goog-Hash
X-Resp-Is-Stale
SPRequestGuid
SPRequestDuration
X-SharePointHealthScore
SPIisLatency
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-NGENIX-Cache
X-ARC
X-Client-IP
X-Ttl
Front-End-Https
Access-Control-Request-Method
X-Dw-Request-Base-Id
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
X-Shield-Request-Id
X-Content-Digest
X-Ezoic-Cdn
RTSS
X-Varnish-TTL
X-Recruiting
X-Cache-Key
Cache-Status
X-Version
X-T
X-Mg-S
TP-Cache
X-Powered-CMS
Public-Key-Pins
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Fastcgi-Cache
X-Accel-Expires
X-MSEdge-Ref
X-Ismobilevalue
Arr-Disable-Session-Affinity
AR-CACHE
X-Daa-Tunnel
Realpath
Cache-Tags
X-Cluster-Name
X-Cached
X-Id
X-Correlation-Id
Content-MD5
X-Content-Security-Policy-Report-Only
X-Request-Received
Ar-SID
X-Request-Processing-Time
YJS-ID
X-Request-Device-Id
X-Forwarded-For
X-HS-Combine-CSS
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Fastly-Request-ID
X-Newrelic-App-Data
Payment
X-DIS-Request-ID
X-Ua-Browser
X-Xrds-Location
X-HP-Webp
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Jurisdiction
X-COUNTRY
X-Azure-Ref
X-GUploader-UploadID
X-RateLimit-Remaining
X-HS-CF-Cache-Status
X-Amz-Replication-Status
X-HS-Prerendered
X-Webkit-Csp
Content-Disposition
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-Px
X-Ratelimit-Reset
X-Origin-Server
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Protected-By
X-Page-Id
X-Unique-Id
Accept-Charset
X-Logged-In
Cleartype
Cross-Origin-Resource-Policy
X-Az
X-AppVersion
X-Proxy
X-Activity-Id
MicrosoftSharePointTeamServices
X-Www-Served-By
X-Rid
Cross-Origin-Embedder-Policy
X-FB-Debug
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-ORACLE-DMS-ECID
X-SERVER-NAME
X-Microsite
X-Request-Handler-Origin-Region
X-VARITI-CCR
X-TTL
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Load-Cache
Version
X-LLID
X-Template
X-Goog-Metageneration
X-Forwarded-Proto
X-Geo-Country
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Varnish-Backend
X-TEC-API-ORIGIN
X-PressLabs-Stats
X-Upgrade-Enabled
X-CST
X-Hits
Server-Node
X-B3-Sampled
Server-Name
X-App-Server
X-Content-Options
X-Hostname
X-WebKit-CSP-Report-Only
X-TT
X-B
X-Varnish-Server
X-Grace
X-Fb-Rlafr
Healthy
Access-Control-Allow-Method
Section-Io-Cache
Fastly-SWR
Fastly-SIE
Alternate-Protocol
Viewport
X-Varnish-Grace
X-Frontend
X-Device-Type
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Status
X-Request-Guid
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
TCN
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Contextid
DC
Upgrade-Insecure-Requests
Host
X-Magnolia-Registration
AKAMAI-GRN
MS-Author-Via
X-EdgeConnect-Cache-Status
Retry-After
X-Amzn-Remapped-Content-Length
X-CSRF-Token
X-App-Version
X-Requestid
X-Cache-Age
X-Cache-Control
Frame-Options
Amp-Access-Control-Allow-Source-Origin
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Revision
X-Type
X-Varnish-Ttl
X-Origin-CC
X-Origin-TTL
X-Debug
X-Buckets
X-Original-Request-Id
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
X-Hl-Ver
X-INCAP-ABP
X-UUID
SD-X-WS
X-Mobile
Cross-Origin-Embedder-Policy-Report-Only
X-Oracle-Dms-Ecid
X-Lambda-Id
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
X-NYM-Debug-Backend
X-Adobe-Loc
X-Akamai-Edgescape
VIX-Pulpo-Upstream-Status
X-Backend-Name
VIX-Pulpo-Node
Ms-Operation-Id
MS-CV
X-Content-Powered-By
X-Debug-IsConnected
X-Seen-By
X-ServerID
X-Instance
X-G
X-Debug-IsPreview
Access-Control-Request-Headers
X-RTag
X-N
X-Rendered-As
X-Is-Bot
X-Cache-Status-Check
X-AB
X-Tumblr-Pixel
X-Server-W
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
NGB
X-Mg-Request-UUID
X-Framework
X-Akamai-Request-ID2
Section-Io-Id
X-Trace-Id
X-RM-Cache-TTL
X-Dc
X-Storage
Charset
X-Vcl-Version
Cache
Webserver
X-DataDome
X-B3-SpanId
X-Yandex-Req-Id
Filterid
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Time
X-Tec-Api-Origin
Paypal-Debug-Id
Accept-Language
X-Request-Bu
X-Request-Platform
SRV
X-Request-Site
Refresh
X-URL
X-Cache-Hit
X-VC-Cache
X-HITS
Onion-Location
X-Fastcgi-Cache
X-Ms-Version
X-Ms-Request-Id
X-ECache
X-Real-IP
X-F-Cache
X-Time
X-Node-Name
YJS-CacheStatus
X-Region
X-User-Agent
X-Mode
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Environment-Context
Xet-Cookie
X-L-Path
CDN-RequestId
Liferay-Portal
Priority
X-IPS-LoggedIn
GEO-INFO
X-HTML-Minification-Powered-By
X-LB-Cache
X-Pass-Why
X-Service
Cross-Origin-Window-Policy
X-Drupal-Cache-Tags
X-Datadog-Trace-Id
X-Adobe-Source
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Rule
X-Is-Mobile
X-JoinUs
X-Cache-Expired-At
X-Is-Mobile-Only
X-SaId
X-Is-Supported-Browser
X-UPSTREAM-Address
X-Is-Modern-Browser
X-Is-Desktop
X-Geo-Region
Meta-Geo
Selected-Fe
X-Browser-Name
X-Cloudmap
X-Tcp-Rtt
Backend
X-Extlb
Country
X-Timing-Wait
X-Tb
X-Rn-Rsrv
X-Zipkin-Id
X-Proxy-Build
X-Routing-Service
X-Proxied
Protected
X-Rewrite-Enabled
X-Is-Tablet
X-VC
Url
X-Whom
X-Httpd
X-ProxyCache-Status
X-Origin
X-Origin-Cache
X-Hit
X-RCS-CacheZone
X-Handled-By
X-ProxyCache-Key
X-Proxy-Cache-Info
X-Wix-Request-Id
X-BYPASS-REASON
X-Servername
X-Alternate-Cache-Key
X-Generation-Time
Mn-Server-Ip
OT-Force-Account-Verify
X-Provided-By
X-MP-GENERATED-AT
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Cluster
X-Web-Node
Environment
Expiry
Cache-Hits
X-Connection-Hash
X-WP-CF-Super-Cache-Active
X-Cacheable-TTL
Property-Id
X-Varnish-Beresp-Grace
X-Detected-As
X-Origin-Date
X-RateLimit-Limit-Second
X-FB-TRIP-ID
X-RateLimit-Remaining-Second
Fastcgi-Useragent
X-Tncms
TWC-Device-Class
Web-Mar-Node
Webcakes-Region
Uber-Trace-Id
TWC-Privacy
X-Origin-Hint
Webcakes-App-Version
X-S
X-VCT
Webcakes-App-Name
TWC-GeoIP-Region
TWC-Locale-Group
TWC-GeoIP-City
ServerID
X-Vcache
TWC-Connection-Speed
X-Loop
TWC-GeoIP-Country
TWC-GeoIP-DMA
TWC-GeoIP-LatLong
X-Cache-Action
ServedBy
X-Cdn-Origin
X-App-Environment
X-Tumblr-Pixel-3
DB-Nickname
X-Auth-Group-Type
X-Format
LB
X-Redis-Cache
X-Soup
X-Hosted-By
X-Locale
X-Tumblr-Pixel-2
X-Logging-Id
X-Skip-Cache
X-Fetched-On
X-Cms-Context
Atl-Traceid
Apigw-Requestid
X-Director
X-Drupal-Cache-Contexts
X-FW-Type
X-FW-Version
X-Urbn-Site-Id
X-Scope-Id
X-Urbn-Context-Path
X-FW-Static
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-FW-Serve
X-Endurance-Cache-Level
X-FW-Dynamic
Locale
X-Edge-Location
X-Debug-Info
X-FW-Hash
X-Restarts
X-Served-From
X-Cluster-Node
X-FW-Server
X-Cache-Host
X-Labrador-Cache-Channel
X-PHP-Host
X-Cache-Debug
Filters
X-Server-ID
X-IPLB-Request-ID
X-IPLB-Instance
X-Platform
X-NewRelic-App-Data
X-R9-Blue-Green-Version
X-Mly-Id
X-XRDS-Location
Node
X-Api-Version
Front
X-GEO
AR-SID
X-CDN-Cache-Status
X-Sorting-Hat-PodId
X-CDN-Forward
X-Sorting-Hat-ShopId
X-CLOUD-TRACE-CONTEXT
X-No-Session
X-ShopId
X-ShardId
Xserver
X-Tt-Logid
X-Optimistic-Header
WPO-Cache-Status
X-UA
X-Varnish-Cache-Hits
X-Varnish-Age
Countrycode
X-Lagoon
X-Varnish-Beresp-Ttl
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Tv-Group
X-Fastly-Request-Id
X-SRV
X-Presslabs-Stats
X-Wormhole-Sdk
X-Generated-By
X-B3-Traceid
X-NWS-UUID-VERIFY
X-B-Cache
X-Signature
X-CACHE-AGE
Referer-Policy
X-Webstats-RespID
X-Client-Ip
X-Site-Version
X-Azure-Ref-OriginShield
X-Ua
AMP-Access-Control-Allow-Source-Origin
From-Origin
Request-ID
X-Cache-Operation
Cache-Provider
X-Cache-Rule
X-PHP-Backend
X-IsAdmin
X-Accel-Version
Location
X-AWS-Id
X-Auto-Login
X-VWS-Id
X-NF-Request-ID
X-LJ-Flow-ID
X-Worker
X-TA-CDN-Provider
X-VC-TTL
X-Upstream-Ht
X-Upstream-Ct
X-Tx-Id
X-BCube-Filmed-By
X-Clientip
X-A-Dcw
X-Bc-Bl
X-Application
DCR-Decision-By
Source
X-Cache-NE
X-Tb-Optimization-Total-Bytes-Saved
X-B-Cookie
X-A-Dgt
X-Bl-Debug
X-A-Dam
X-A-Wwc
X-A-Ccd
X-Developer
X-Destination
X-D
X-Content-Age
X-Aed
S-Rt
Xc-Version
WPO-Cache-Message
X-Conf
Origin-Agent-Cluster
X-Ec-GeoHdr
X-Ec-Fail
X-Vtex-Remote-Cache
X-ApacheServer
X-Vdms-Version
Host-ID
X-A
Origin
X-Loc
Pragrma
X-Ig-Origin-Region
Redirect-Candidate
Ngx.Var.Host
N-Cache
Lang
X-PERF
X-SRCache-Key
MD5-Digest
Meta-Geo-Continent
X-Org
Candidate-Md5Url
X-Ig-Push-State
X-Varnish-Hostname
X-ScT
Rendered-Blocks
Fl-Custom-Application
Expect-Staple
X-External-Request-Id
DCR-Processing-Time-Ms
X-GeoCountry
X-GeoCode
ServerName
Sslversion
X-S-Cookie
X-Rojux
X-Xfnlog-Site
X-Litespeed-Cache-Control
Fastly-SSL
Gannett-Cam-Experience-Id
Ha-Gx-Prefs
Gh-Request-Id
X-AK-Request-ID
L5d-Success-Class
IsBot
X-Action
We-Hiring
Time-Cloud-Cache
Store-Cloud-Cache
Web-Mar-Region
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
RNT-Time
RNT-Machine
X-Aicache-OS
Mail-Subject
Odigeo-Trace-Id
Origin-Site
Powered-By
Pics-Label
Log-Origin
Country-Code
X-Varnish-Authentication
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Node-Id
X-V-Cache
X-Old-Content-Length
X-Men
X-Varnish-Beresp-Status
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Hash
X-HS-Content-Campaign-Id
X-Internal-TTL
X-Uri
X-Origin-Expires
X-SD-PageType
X-Save-Cache
X-Slack-Backend
X-SIPLIST1
X-Sigma-Backend
X-Section
X-Rocket-Build-Number
X-Slack-Shared-Secret-Outcome
X-PAYTM-SRV-ID
X-Up
X-Policy
X-Render-Time
X-Req
X-GeoIP-Country-Code
X-GeoIP-City
X-Csrf-Jwt
X-Core-Value
X-CUA
X-Depends
X-Ee-Generated-By
X-Sigma
X-Content-Length
X-ND-Cache
X-CGP
X-Cache-Aspx
X-Cms-Device
X-Server-IP
X-Contensis-Viewer-Groups
X-VG-WebCache
X-Ee-Origin
X-Vary-Devices
X-Forwarded-Site
X-Varnish-Director
X-From
X-Gamma-Serve
X-Fmm-Version
X-FC-Vary-Parameters
X-Ee-Request-Id
X-Ee-Request-Date
X-Epic-Correlation-Id
X-VG-TLSProxy
X-Eu-Site
X-Bug-Bounty
X-Access
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-Uid
Cdncip
CF-IPCountry
Cdnsip
CDN-EdgeStorageId
CDN-CachedAt
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Canary
CDN-Cache
CDCHOST
Cluster
CDN-PullZone
Cmstype
Sid
X-Cs
Cmsid
X-Sucuri-Cache
X-NGINX-Cache
X-Parent-Response-Time
X-Reqid
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Level-Front-Cache
X-Air-Pt
X-AB-Test
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-DefElseHash
X-DefHash
X-Nyt-Route
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
X-Origin-Time
Azure-RegionName
Azure-InstanceId
X-Debug-Cache-Fetch
X-Dispatcher-Server
X-Op-Id-All
X-Debug-Cache-Store
X-Ec-Custom-Error
X-Cache-Date
X-Backend-Instance
X-Gen-Mode
X-Generated-On
X-Block-Status
X-BBC-Edge-Cache-Status
X-Bip
X-FORWARDED-FOR
X-Gdpr
X-App-Name
X-Path
X-Akamai-Device-Characteristics
X-Frame-Option
X-Ion-Healthy
X-Ion-Hop
X-Human
X-Cache-FS-Status
X-HN
X-Hnp-Log
X-Amz-Storage-Class
X-Jungle-Id
Thinkindot-CacheControl
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Machine
X-Varnish-Remaining-TTL
L
NM-Fastcgi-Cache
Nord-Request-ID
Origin-EX
PFcat
X-Proto
X-Thinkindot-L3
X-UA-Device-Type
X-VarnishDD-TTL
X-Via-Fastly
X-CacheTTL
X-Wikidot-Static-Cache
DSUID
X-Fastly-Backend
Content-Style-Type
Content-Script-Type
Fastly-Backend-Name
X-Viewer-Country
X-Vmg-Version
X-We-Are-Hiring
X-Wikidot-Backend
X-Thinkindot-L1
Origin-CC
X-Thanos
TDXMobile
X-SB
RewriteTestHook
Cache-Contol
Server-Host
Azure-Version
Azure-SlotName
X-Region-Sid
X-Request-URI
X-Pubstack
X-Date
X-Sn-Servicetimems
Release
X-SVT-ORM-RULES
Thinkindot-CacheControl-Type
Azure-SiteName
RewriteTeamHook
X-Shield-Cache-Expires
Req-Svc-Chain
X-SVT-ORM-VERSION
X-Proxied-Request
X-DPWN-IS-SECURE
X-Vercel-Id
X-Moov-T
X-Gzip
X-Location
X-Moov-Xdn-Version
X-Vercel-Cache
X-ElasticPress-Query
X-Esi-Check
X-Edge-Server
X-Moov-Xdn-Caching-Status
Tube-Get-Contents
C-Via
Tube-Got-Eval
Tube-Got-Results
X-B3-Trace-ID
Tube-Return
CacheControlHeader
Producers
Click-Count-Error
Fastly-GeoIP-CountryCode
Click-Count-Action-Start
Cdn-Host
Platform
X-Cache-Id
Cdn-Request-Time
X-LSADC-Cache
Fastly-Drupal-HTML
X-Origin-Response-Time
X-Sucuri-ID
X-Source
Mime-Version
XM
X-Pad
CloudFront-Viewer-Country
X-ZONE
NGX
X-Cached-By
X-Varnish-Hits
Debug
X-Refresh
Load-Balancing
X-Datadome
X-Via-Popv
X-APP
X-Via-Popn
X-Via-Poph
Cookie
X-AIR-PT
X-HA-Backend
X-Nginx-Cache-Key
GeoIP-Latitude
X-Servedbyhost
GeoIp-Country-Code
X-Debug-Service
True-Client-Country-4JS
X-TT-LOGID
X-Srv
X-TH-Server
X-Nananana
Server-ID
HA-Ipaddr
Sever-Int
X-DynaTrace-JS-Agent
Server-Hostname
Server-Ext
Product
X-Litespeed-Tag
X-Webkit-CSP
X-Zone
Cdn
X-Amz-Meta-Cb-Modifiedtime
X-Ez-Minify-Html
Show-Do-Not-Sell-Link
Traceparent
X-Cdn-Forward
X-Nc
X-Wa
X-Cache-Backend
X-Cache-VC
WZWS-RAY
X-Fpc
X-GeoIP
X-Newrelic-Synthetics
HostName
Edge-Cache
DataCenter
X-User
X-LB-ID
X-B3-Parentspanid
X-Unity-Cache
Fastly-Drupal-Html
SID
MIME-Version
Tcn
X-VCL-Version
X-Lsadc-Cache
X-Request-Start
X-AC
Akamai-Mon-Iucid-Del
Lb
Resin-Trace
X-CDN-Provider
X-LB-NoCache
X-Nginx-Cache
X-Vc
X-B3-Spanid
X-Scheme
A
Xkeylog
X-Proxy-CacheR9
X-Service-Response-Time
XkeyR9
X-Proxy-Cache-La3
Serverhost
Wsr-Cache
Xkey-La3
Sm-Log-Id
X-Datacenter
X-TX-ID
X-HOST
Yjs-Id
X-LiteSpeed-Tag
CountryCode
Surrogated-Key
Cs
X-CS
NtCoent-Length
X-LiteSpeed-Cache-Control
Hostname
X-RateLimit-Limit
X-Lb-Id
X-Request-Host
X-Pool
X-HubSpot-Correlation-Id
X-Dynatrace-Js-Agent
X-WA
Esi-Enabled
X-FPC
X-Akamai-Pragma-Client-IP
X-NodeID
Datacenter
Cdn-Requestid
CDN
Uri
X-RequestId
X-API-Version
X-Vgn-Hpd-Reason
X-NC
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
X-ID
X-Cache-Grace
X-VC-Age
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-HA-Application-Name
X-Styx-Origin-Id
X-HA-Bot-Classification
X-Html-Minification-Powered-By
X-Styx-Info
Pramga
X-HA-Device-Type
X-Via-JSL
X-Stale
X-TIM-N
X-DynaTrace
Proxy-Firewall
X-DataCenter
Cr
Content-Secure-Policy
Server-Id
Yak-Timeinfo
N1-Cache
X-CSRF-TOKEN
T-Server
X-Ez-Minify-Js
ServerHost
X-Via-CDN
X-Via-Edge
X-TimeS
RATING
W
X-Var-Ttl
X-Via-SSL
GeoIP-Country-Code
Edge-Copy-Time
Geoip-Latitude
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Cloudfront-Viewer-Country
X-ServedByHost
X-Lb-Nocache
From-Cache
Req-ID
X-Geolocation
X-Jobs
X-Varnish-Beresp-TTL
X-Ha-Backend
Srv
X-Zen-Fury
X-Swift-Error
X-Oracle-DMS-ECID
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-MSEdge-Features
X-MSEdge-Flight
True-Client-IP
X-App
X-CACHE-KEY
WP-Super-Cache
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Sorting-Hat-Podid
X-LAGOON
X-Shardid
X-Sorting-Hat-Shopid
X-Shopid
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-Ramcache
X-ByteArk-Cache
X-Cdn-Srv
On-Server
X-Proxy-Cache-LA2
FSS-Cache
X-Ssense-Gql
X-Correlation-ID
Ohc-File-Size
X-Key
X-VServer
Ohc-Cache-HIT
X-ByteArk-ReqID
X-Ssense-Shipping-Surcharge-Enabled
X-Web-Server
X-Powered-By-VTEX-Cache
Ngx
X-Webkit-Csp-Report-Only
X-Elasticpress-Query
Cl-Cache
X-Geo
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Check-Cacheable
CF-Cached-On
X-Sucuri-Id
X-Cdn-Cache-Status
WebServer
X-PageType
X-DC
X-Serial
X-Th-Server
Akamai-X-True-TTL
X-ATG-Version
X-Fastly-Cache
Cf-Ipcountry
X-Iplb-Request-Id
X-Iplb-Instance
X-MiniProfiler-Ids
X-WA-Info
Coldstone-Viewer-Currency
Warning
X-Mg-Cache
X-Limited
X-Beacon
My-App
X-Env
X-Request-Url
FSS-Proxy
X-Fastly-Cache-Status
Cneonction
Coldstone-Viewer-Country
Xkey-G-Jp
Coldstone-Viewer-Country-Region-Name
User-Agent
Host-Name