Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
Cf-Request-Id
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
X-Turbo-Charged-By
X-Rq
X-Cache-Group
X-Amz-Version-Id
X-Vhost
P3p
Keep-Alive
X-AH-Environment
X-Dispatcher
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
X-FTR-Request-ID
X-LiteSpeed-Cache
X-Device
X-Node
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Ruxit-JS-Agent
X-Server-Id
X-Readtime
X-Cloud-Trace-Context
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
X-Country
Fastly-Restarts
X-Clacks-Overhead
Request-Id
X-Content-Type
X-Application-Context
X-PC
X-TtlSet
X-Vname
Rating
X-Times
X-Cnection
X-Cache-TTL
X-ESI
X-Browser-Type
X-Mcache
X-Midtier
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Edge
X-Country-Code-Real
X-FTR-Expires
X-Ac
Origin-Trial
Accept-Ch-Lifetime
Edge-Control
X-Powered-By-Plesk
X-Kinja
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Abt-Application-Version
X-Element-Page-Cache
X-NWS-LOG-UUID
X-D2id
Verso
X-FastCGI-Cache
X-B3-TraceId
X-Upstream
X-ECACHE
X-Mod-Pagespeed
X-Amz-Rid
Nginx-Cache
X-Navigation-Version
X-Nf-Request-Id
X-ORACLE-DMS-RID
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Client-IP
X-GitHub-Request-Id
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Akamai-GRN
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Language
X-Kraken-Loop-Name
X-Middleton-Response
Response
X-Ratelimit-Limit
X-Envoy-Decorator-Operation
AR-Request-ID
AR-ATIME
S
AR-PoweredBy
Edge-Cache-Tag
X-ARC
X-Goog-Hash
X-Resp-Is-Stale
X-MS-InvokeApp
X-Ua-Device
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Content-Digest
X-Distributor
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-Dw-Request-Base-Id
Access-Control-Request-Method
Front-End-Https
X-Cache-Key
X-Ezoic-Cdn
X-NGENIX-Cache
X-Url
X-Recruiting
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Version
X-Forwarded-For
Public-Key-Pins
X-MSEdge-Ref
X-T
X-Varnish-TTL
X-Ttl
X-Mg-S
TP-Cache
Fastcgi-Cache
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Correlation-Id
X-Ismobilevalue
X-Fastly-Request-ID
Realpath
X-Cluster-Name
Cache-Tags
X-Cached
X-Server-Name
X-CST
AR-CACHE
X-Newrelic-App-Data
X-Id
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-HS-Combine-CSS
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-TTL
X-Content-Security-Policy-Report-Only
X-Ratelimit-Remaining
Content-MD5
X-GUploader-UploadID
X-HP-Webp
X-Jurisdiction
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Xrds-Location
X-ORACLE-DMS-ECID
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Oneagent-Js-Injection
Count-Hit
Content-Disposition
X-Azure-Ref
X-Amz-Replication-Status
X-Webkit-Csp
X-RateLimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-Px
X-Page-Id
Cross-Origin-Resource-Policy
X-Unique-Id
Cleartype
Accept-Charset
X-Ratelimit-Reset
X-Ruxit-Js-Agent
X-Protected-By
X-Microsite
X-Request-Handler-Origin-Region
X-Git-Hash
X-Logged-In
X-Az
X-AppVersion
X-Origin-Server
X-FB-Debug
X-Rid
X-Proxy
X-Activity-Id
Cross-Origin-Embedder-Policy
X-Www-Served-By
X-VARITI-CCR
X-Load-Cache
X-URL
X-LLID
X-Template
X-Goog-Metageneration
X-Varnish-Backend
X-Server-ID
MicrosoftSharePointTeamServices
YJS-ID
X-Hits
X-Forwarded-Proto
Version
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Server-Node
Server-Name
X-Amz-Meta-S3cmd-Attrs
X-SERVER-NAME
X-Geo-Country
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Amzn-RequestId
Ar-SID
X-Hostname
X-NF-Request-ID
X-Frontend
X-Content-Options
X-Varnish-Server
Section-Io-Cache
X-B3-Sampled
Viewport
X-Varnish-Grace
X-TT
X-App-Server
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Status
MRF-Tech
X-Device-Type
Fastly-SWR
Fastly-SIE
X-B
X-Grace
Alternate-Protocol
X-Fb-Rlafr
Access-Control-Allow-Method
Upgrade-Insecure-Requests
X-Goog-Storage-Class
X-Request-Device-Id
TCN
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Varnish-Ttl
Healthy
X-Tt-Trace-Tag
X-Request-Guid
X-Tt-Trace-Host
Host
X-Wormhole-Sdk
Amp-Access-Control-Allow-Source-Origin
X-Buckets
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-Cache-Age
X-CSRF-Token
DC
Retry-After
X-Debug
AR-SID
X-WebKit-CSP-Report-Only
X-Amzn-Remapped-Content-Length
AKAMAI-GRN
X-Contextid
MS-Author-Via
X-Cache-Control
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Revision
X-Original-Request-Id
X-Vcl-Version
X-Instance
X-Response-Served-From
X-Adobe-Loc
X-Yottaa-Optimizations
X-Is-Bot
X-Type
X-NYM-Debug-Backend
X-Fastcgi-Cache
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-Yottaa-Metrics
X-Rendered-As
X-Adobe-Content
X-Akamai-Edgescape
SD-X-WS
Access-Control-Request-Headers
Section-Io-Id
X-G
X-Origin-CC
X-Lambda-Id
X-Origin-TTL
X-Seen-By
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-UUID
X-Hl-Ver
Charset
X-Tumblr-User
X-ServerID
X-Cache-Hit
X-Debug-IsConnected
X-Debug-IsPreview
X-Mobile
X-Trace-Id
X-Storage
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Backend-Name
X-Server-W
X-Mg-Request-UUID
X-Content-Powered-By
X-Framework
X-RM-Cache-TTL
NGB
X-DataDome
X-RTag
MS-CV
Ms-Operation-Id
X-INCAP-ABP
X-RemovedCookies
X-Dc
X-ProcessESI
X-App-Version
X-COUNTRY
X-N
X-AB
X-Akamai-Request-ID2
X-Cache-Time
Filterid
Refresh
X-Cache-Status-Check
X-Time
X-Request-Site
X-Request-Platform
X-Request-Bu
Frame-Options
Protected
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
SRV
Cache
X-Real-IP
X-Region
X-B3-SpanId
Accept-Language
X-Node-Name
Webserver
CDN-RequestId
X-LB-Cache
X-CCDN-CacheTTL
Onion-Location
Cross-Origin-Window-Policy
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Paypal-Debug-Id
X-Ms-Request-Id
X-User-Agent
X-Ms-Version
X-Whom
Liferay-Portal
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Oracle-Dms-Ecid
X-HITS
X-F-Cache
X-Cache-Expired-At
X-VC-Cache
Priority
X-IPS-LoggedIn
X-Mode
X-HTML-Minification-Powered-By
OT-Force-Account-Verify
X-Rocket-Nginx-Serving-Static
Backend
X-Requestid
Xet-Cookie
X-Proxy-Cache-Info
X-Pass-Why
X-WP-CF-Super-Cache-Active
X-Environment-Context
X-App-Environment
X-L-Path
X-Tb
X-Cacheable-TTL
X-FW-Version
GEO-INFO
X-Service
X-FW-Dynamic
X-FW-Hash
X-Drupal-Cache-Tags
X-FW-Serve
X-FW-Type
X-FW-Server
X-FW-Static
X-MP-GENERATED-AT
X-Loop
X-Vcache
X-Proxied
X-Servername
X-Zipkin-Id
X-UPSTREAM-Address
X-JoinUs
Web-Mar-Node
X-Rewrite-Enabled
X-SaId
Url
LB
Fastcgi-Useragent
X-Debug-Info
Meta-Geo
X-Routing-Service
X-Tncms
X-Detected-As
X-Extlb
X-Cloudmap
X-Adobe-Source
Filters
ServerID
X-Rn-Rsrv
TWC-Privacy
X-Geo-Region
X-Cache-Host
TWC-GeoIP-Region
TWC-Locale-Group
X-Alternate-Cache-Key
Webcakes-App-Name
X-Endurance-Cache-Level
X-Web-Node
Webcakes-Region
Webcakes-App-Version
X-Browser-Name
X-Shopify-Stage
TWC-GeoIP-LatLong
X-Locale
X-Origin-Hint
TWC-Connection-Speed
X-Origin-Date
X-Forwarded-Host
X-Restarts
Property-Id
X-Director
X-Storefront-Renderer-Rendered
X-Is-Tablet
X-IPLB-Request-ID
X-Logging-Id
Country
X-Hosted-By
X-Is-Desktop
X-Format
X-Hit
X-Is-Mobile
X-Tcp-Rtt
X-Is-Supported-Browser
TWC-Device-Class
TWC-GeoIP-City
TWC-GeoIP-Country
TWC-GeoIP-DMA
Atl-Traceid
X-VC
X-Handled-By
X-IPLB-Instance
X-ProxyCache-Key
X-Httpd
X-ProxyCache-Status
X-Redis-Cache
X-Rule
X-Edge-Location
Uber-Trace-Id
X-Cms-Context
X-Cache-Action
X-BYPASS-REASON
X-Cluster
ServedBy
X-Say-Cacheable
X-Cluster-Node
Mn-Server-Ip
Apigw-Requestid
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Cdn-Origin
X-Generation-Time
X-Wix-Request-Id
X-Scope-Id
X-Soup
Environment
X-Say-TTL
X-SayCDN-TTL
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
X-RateLimit-Remaining-Second
X-Labrador-Cache-Channel
X-RateLimit-Limit-Second
X-PHP-Host
X-Tumblr-Pixel-3
X-Auth-Group-Type
X-Mly-Id
X-Timing-Wait
X-Origin
X-Proxy-Build
X-S
X-Fetched-On
X-Tumblr-Pixel-2
X-Served-From
X-Connection-Hash
X-R9-Blue-Green-Version
Expiry
Cache-Hits
Selected-Fe
DB-Nickname
X-Source
X-Urbn-Site-Id
X-Urbn-Context-Path
X-ECache
Locale
X-Origin-Cache
X-XRDS-Location
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-GEO
X-VCT
X-RCS-CacheZone
X-No-Session
X-Varnish-Cache-Hits
X-Varnish-Age
X-Cache-Debug
Request-ID
Front
Countrycode
X-UA
YJS-CacheStatus
X-Yandex-Req-Id
X-Is-Modern-Browser
X-Lagoon
WPO-Cache-Status
X-SRV
X-Varnish-Beresp-Ttl
Xserver
Node
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
X-Webstats-RespID
X-WP-CF-Super-Cache-Cookies-Bypass
X-Site-Version
X-Api-Version
X-TA-CDN-Provider
X-Provided-By
X-Generated-By
Cache-Provider
From-Origin
X-Is-Mobile-Only
X-Platform
X-Azure-Ref-OriginShield
X-Cdn
Referer-Policy
Cache-Tv-Group
X-Accel-Version
X-Xfnlog-Site
X-TT-LOGID
X-B3-Traceid
X-VC-TTL
X-B-Cache
X-Signature
X-NewRelic-App-Data
X-CACHE-AGE
X-CDN-Cache-Status
X-Sucuri-Cache
X-Air-Pt
CF-IPCountry
X-Reqid
Location
X-Ua
X-Tx-Id
X-Sucuri-ID
WPO-Cache-Message
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-NWS-UUID-VERIFY
X-PHP-Backend
CDN-RequestCountryCode
CDN-Cache
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Cache-Operation
X-Cache-Rule
X-Tb-Optimization-Total-Bytes-Saved
X-IsAdmin
AMP-Access-Control-Allow-Source-Origin
X-Content-Age
X-Frame-Option
Log-Origin
Lang
RNT-Machine
Fl-Custom-Application
Sslversion
RNT-Time
X-Vtex-Remote-Cache
Expect-Staple
Cdncip
Cdnsip
Fastly-SSL
XM
Candidate-Md5Url
Apple-News-Services-Request-Url
Odigeo-Trace-Id
Apple-News-Services-Parsed-Url
Ngx.Var.Host
Apple-News-Services-Host
DCR-Processing-Time-Ms
Xc-Version
Rendered-Blocks
Redirect-Candidate
DCR-Decision-By
Apple-News-Services-Handled
Origin
Meta-Geo-Continent
MD5-Digest
X-SRCache-Key
X-Depends
X-Request-URI
X-Destination
X-Developer
X-Origin-Expires
X-D
X-Contensis-Viewer-Groups
X-Rocket-Build-Number
X-Cache-Aspx
X-Cache-NE
X-Clientip
X-Conf
X-Old-Content-Length
X-Ec-Fail
X-GeoCountry
X-GeoCode
X-Ig-Push-State
X-HS-Content-Campaign-Id
X-Ig-Origin-Region
X-Forwarded-Site
X-Fmm-Version
X-Micro-Cache
X-Loc
X-Ec-GeoHdr
X-External-Request-Id
X-Bl-Debug
X-BCube-Filmed-By
X-A-Dgt
X-Varnish-Authentication
X-A-Wwc
X-Access
X-Slack-Shared-Secret-Outcome
X-A-Dcw
X-Varnish-Director
X-A
Web-Mar-Region
X-A-Dam
X-VG-TLSProxy
X-Vdms-Version
X-Slack-Backend
X-Sigma-Backend
X-Rojux
X-S-Cookie
X-Application
X-Auto-Login
X-B-Cookie
X-AK-Request-ID
X-Aed
X-Sigma
X-Action
X-Section
X-ScT
X-VG-WebCache
X-A-Ccd
X-Fastly-Request-Id
X-Optimistic-Header
X-Tt-Logid
Origin-Agent-Cluster
Origin-CC
Store-Cloud-Cache
Time-Cloud-Cache
X-Cms-Device
Origin-EX
X-DefHash
X-Varnish-CookieHashed-On
Req-Svc-Chain
X-Date
X-DefElseHash
X-Ec-Custom-Error
X-V-Cache
X-Core-Value
L
L5d-Success-Class
IsBot
X-Ee-Origin
X-Thinkindot-L3
X-FC-Vary-Parameters
X-UA-Device-Type
X-Epic-Correlation-Id
X-Uri
X-Eu-Site
X-Up
X-Fastly-Backend
X-Csrf-Jwt
X-Varnish-CookieINHashed-On
X-Litespeed-Tag
X-Bc-Bl
X-We-Are-Hiring
X-LSADC-Cache
X-Block-Status
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
X-Aicache-OS
X-Akamai-Device-Characteristics
X-App-Name
X-Acquia-Purge-Cdn-Unconfigured
X-Backend-Instance
Wxu-Next-Region
Wxu-Next-Hostname
TDXMobile
Thinkindot-CacheControl
X-CGP
ServerName
Ha-Gx-Prefs
Thinkindot-CacheControl-Type
X-Varnish-Hostname
X-Worker
Wxu-Next-Commit
V-Age
User-Cache-Control
X-Varnish-Remaining-TTL
X-Content-Length
X-Ee-Generated-By
X-Moov-T
X-Men
Azure-Version
Azure-SlotName
Azure-SiteName
X-SD-PageType
X-Thinkindot-L1
X-Human
X-Sn-Servicetimems
X-SIPLIST1
X-Shield-Cache-Expires
X-Internal-TTL
Azure-RegionName
Azure-InstanceId
X-Region-Sid
X-Req
X-Origin-Time
X-Path
X-PAYTM-SRV-ID
X-Nyt-Route
X-Node-Id
X-Moov-Xdn-Caching-Status
X-Save-Cache
X-Moov-Xdn-Version
X-Vary-Devices
X-Viewer-Country
Cluster
CDCHOST
X-GeoIP-Region-Code
X-Ee-Request-Id
X-GoCache-CacheStatus
X-Gdpr
X-GeoIP-Country-Code
X-GeoIP-City
DSUID
X-Gen-Mode
Gannett-Cam-Experience-Id
Country-Code
X-From
Cmsid
X-Hnp-Log
Cmstype
X-Hash
X-Ee-Request-Date
X-Vercel-Cache
X-SVT-ORM-VERSION
X-Policy
X-Pubstack
X-NMSegId
X-Org
X-Op-Id-All
X-B3-Trace-ID
X-Via-Fastly
X-Gamma-Serve
X-Vercel-Id
X-Cache-Date
X-HN
X-Gzip
X-SB
X-Server-IP
X-CUA
X-DPWN-IS-SECURE
X-Varnish-Beresp-Status
X-SVT-ORM-RULES
X-CacheTTL
X-Dispatcher-Server
X-Bug-Bounty
X-Esi-Check
X-Cache-FS-Status
X-Edge-Server
X-Cache-Id
X-VarnishDD-TTL
X-Mvc-Supplant-Cachable
X-AB-Test
Platform
Pragrma
PFcat
X-Level-Front-Cache
X-Jungle-Id
Click-Count-Error
Click-Count-Action-Start
Server-Host
RewriteTeamHook
Cdn-Host
Producers
Cdn-Request-Time
NM-Fastcgi-Cache
X-Ion-Hop
X-Generated-On
Mail-Subject
Fastly-Backend-Name
Gh-Request-Id
Fastly-GeoIP-CountryCode
X-Ion-Healthy
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Content-Script-Type
Content-Style-Type
N-Cache
CacheControlHeader
RewriteTestHook
X-Wikidot-Static-Cache
C-Via
We-Hiring
Cache-Contol
X-ApacheServer
X-Wikidot-Backend
X-Amz-Storage-Class
X-Proto
X-Vmg-Version
X-PERF
Tube-Return
Host-ID
Nord-Request-ID
Tube-Got-Results
Tube-Get-Contents
Tube-Got-Eval
X-Render-Time
X-Presslabs-Stats
X-Parent-Response-Time
Fastly-Drupal-HTML
X-Origin-Response-Time
Machine
X-TH-Server
X-Thanos
X-Proxied-Request
Origin-Site
Canary
X-Mvc-Supplant-OutputCached
X-Bip
Release
X-Location
X-VWS-Id
Source
X-AWS-Id
X-LJ-Flow-ID
X-Cs
X-ElasticPress-Query
Product
Debug
X-Litespeed-Cache-Control
X-Cached-By
Sid
X-Pad
X-ZONE
NGX
X-Amz-Meta-Cb-Modifiedtime
HA-Ipaddr
S-Rt
Powered-By
CloudFront-Viewer-Country
X-Refresh
Vix-Hermes-Req-Id
X-Via-Poph
X-APP
X-Via-Popv
X-Via-Popn
X-Nginx-Cache
X-Cache-VC
X-Upstream-Ct
X-Upstream-Ht
Mime-Version
X-HA-Backend
X-ND-Cache
GeoIP-Latitude
X-NGINX-Cache
Pics-Label
X-Servedbyhost
X-Nananana
X-Varnish-Hits
Server-ID
X-User
X-Ah-Environment
Edge-Cache
Cookie
X-Cdn-Forward
X-LB-ID
X-GeoIP
MIME-Version
X-Datadome
X-Srv
GeoIp-Country-Code
X-AIR-PT
X-Wa
X-Nc
X-LB-NoCache
Surrogated-Key
X-Fpc
X-DynaTrace-JS-Agent
Akamai-Mon-Iucid-Del
X-Webkit-CSP
SID
HostName
X-Zone
X-Request-Start
WZWS-RAY
X-B3-Parentspanid
X-Scheme
Resin-Trace
DataCenter
X-Debug-Service
X-Unity-Cache
N1-Cache
Fastly-Drupal-Html
X-Request-Host
Server-Ext
X-Pool
True-Client-Country-4JS
X-NodeID
X-Nginx-Cache-Key
Server-Hostname
Sever-Int
X-CS
X-RequestId
Show-Do-Not-Sell-Link
X-DynaTrace
Load-Balancing
Tcn
X-LiteSpeed-Cache-Control
X-Cache-Grace
Sm-Log-Id
X-Service-Response-Time
Cdn
X-Lsadc-Cache
X-VCL-Version
NtCoent-Length
X-Vgn-Hpd-Reason
Lb
X-Cache-Backend
X-DataCenter
Yak-Timeinfo
Wsr-Cache
X-B3-Spanid
X-Vc
X-ID
X-FORWARDED-FOR
Yjs-Id
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Newrelic-Synthetics
Traceparent
X-Datacenter
X-Zen-Fury
X-HOST
X-TX-ID
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-Via-CDN
X-Geolocation
X-NODE
X-Jobs
X-Client-Ip
Req-ID
X-API-Version
Datacenter
X-RateLimit-Limit
X-HubSpot-Correlation-Id
X-WA
Cdn-Requestid
X-Fastly-Backend-Reqs
X-CDN-Provider
CDN
X-Dynatrace-Js-Agent
Hostname
Serverhost
X-Cdn-Srv
X-LiteSpeed-Tag
X-NC
X-Proxy-Cache-La3
X-Proxy-CacheR9
XkeyR9
X-Udemy-Cache-App-Namespace
X-FPC
Xkey-La3
X-Powered-By-VTEX-Cache
GeoIP-Country-Code
X-VTEX-Cache-Time
X-VTEX-Cache-Server
Uri
WP-Super-Cache
Xkeylog
X-Webkit-Csp-Report-Only
X-Ez-Minify-Js
A
X-Akamai-Pragma-Client-IP
True-Client-IP
X-Html-Minification-Powered-By
Server-Id
CountryCode
X-WA-Info
X-TimeS
On-Server
RATING
Proxy-Firewall
T-Server
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
X-Stale
Geoip-Latitude
X-Lb-Id
Coldstone-Viewer-Currency
X-Swift-Error
From-Cache
X-Lb-Nocache
Srv
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
ServerHost
X-Varnish-Beresp-TTL
X-ServedByHost
Cs
WebServer
X-Oracle-DMS-ECID
X-Via-JSL
X-App
Esi-Enabled
BehaviorPad-Version
X-CSRF-TOKEN
Cloudfront-Viewer-Country
X-Ha-Backend
X-VC-Age
X-LAGOON
X-Oracle-Dms-Rid
X-Web-Server
X-MSEdge-Features
X-Ssense-Gql
X-MSEdge-Flight
Ngx
X-HA-Application-Name
X-Correlation-ID
X-HA-Bot-Classification
X-HA-Device-Type
X-Styx-Origin-Id
X-Styx-Info
X-Ssense-Shipping-Surcharge-Enabled
Cr
X-Via-PopH
FSS-Cache
X-Via-PopN
X-Via-PopV
X-Fastly-Cache
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Srcache-Fetch-Status
X-Wp-Cf-Super-Cache-Active
X-Srcache-Store-Status
Content-Secure-Policy
X-TIM-N
Pramga
X-Nitro-Cache
X-Elasticpress-Query
X-Request-Time
X-Shopid
X-Cdn-Cache-Status
X-Ez-Minify-Html
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shardid
X-Geo
X-Check-Cacheable
X-Proxy-Cache-LA2
True-Client-Ip
W
X-Ramcache
User-Agent
X-Var-Ttl
My-App
X-DC
X-Fastly-Cache-Status
X-Th-Server
Akamai-X-True-TTL
X-ATG-Version
X-Serial
X-Request-Url
Cf-Ipcountry
Warning
X-VServer
X-Platform-Server
X-Sucuri-Id
X-Env
Host-Name
X-Mg-Cache
Ohc-Cache-HIT
Bxpunish
Bxuuid
X-Fastly-Cache-Hits
Cneonction
FSS-Proxy
X-Cache-TTL-Remaining
X-Beacon
Ohc-File-Size