Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-LiteSpeed-Cache
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
Cf-Railgun
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Server-Id
X-Response-Time
X-Readtime
Surrogate-Control
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-Litespeed-Cache
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
X-FTR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
X-Ac
X-Element-Page-Cache
X-D2id
X-ESI
X-GitHub-Request-Id
Edge-Control
X-Kinja
X-CST
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
Verso
X-Cdn-Fetch
X-Kinja-Server
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-ECACHE
X-Upstream
X-Navigation-Version
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
Fastly-Restarts
X-Webkit-Csp
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
X-B3-TraceId
X-Mod-Pagespeed
X-Amz-Rid
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-ARC
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Powered-CMS
X-Mg-S
X-Ratelimit-Limit
S
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
X-Ratelimit-Remaining
X-TTL
X-NF-Request-ID
RTSS
Realpath
X-Forwarded-For
X-Cache-Key
X-T
X-Content-Digest
Cross-Origin-Resource-Policy
X-Fastly-Request-ID
X-Server-ID
X-Recruiting
Fastcgi-Cache
X-Correlation-Id
X-Cached
X-MSEdge-Ref
X-ORACLE-DMS-RID
X-TraceId
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ruxit-Js-Agent
X-Ua-Browser
X-Varnish-TTL
X-Forwarded-Proto
X-Request-Processing-Time
X-Request-Received
X-PressLabs-Stats
X-Protected-By
Payment
X-LLID
Arr-Disable-Session-Affinity
X-HS-Hub-Id
X-HS-Cache-Config
TP-Cache
X-HS-Content-Id
X-Frontend
Server-Node
Public-Key-Pins
MS-Author-Via
Count-Hit
Content-MD5
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-HS-Combine-CSS
X-Accel-Expires
X-GUploader-UploadID
X-Newrelic-App-Data
X-LB-Cache
X-RateLimit-Remaining
X-Distributor
X-NODE
X-Origin-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ezoic-Cdn
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-ORACLE-DMS-ECID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Surrogate-Key
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-Content-Security-Policy-Report-Only
X-FTR-Expires
Host
X-Activity-Id
X-Varnish-Server
X-Az
X-App-Server
X-AppVersion
Accept-Charset
Cleartype
Cache-Tags
Mrf-Cache-Status
X-Ua-Device
X-B3-TraceId-Primal
MRF-Tech
X-Amz-Meta-S3cmd-Attrs
X-Cluster-Name
X-Varnish-Backend
Retry-After
X-Goog-Metageneration
Filterid
X-Unique-Id
X-Hits
Server-Name
X-Debug
X-Git-Hash
Access-Control-Allow-Method
X-Logged-In
X-Load-Cache
X-Azure-Ref
X-NGENIX-Cache
X-Upgrade-Enabled
X-Envoy-Decorator-Operation
X-Id
X-Ttl
X-CSRF-Token
X-FB-Debug
X-Geo-Country
X-Hostname
X-Amz-Apigw-Id
X-Amzn-RequestId
TCN
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Proxy
TP-L2-Cache
X-TT
X-B
Section-Io-Cache
Viewport
X-Varnish-Ttl
X-Seen-By
X-Revision
X-Request-Guid
X-Grace
DC
X-Cache-Control
X-Contextid
X-Type
X-B3-Sampled
Healthy
X-Fb-Rlafr
X-Trace-Id
X-Time
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-F-Cache
X-CCDN-CacheTTL
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Fastly-SWR
Fastly-SIE
X-Mobile
X-N
Content-Disposition
Referer-Policy
Paypal-Debug-Id
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-WP-CF-Super-Cache-Cache-Control
X-Ratelimit-Reset
X-WP-CF-Super-Cache
X-Nf-Request-Id
X-Varnish-Grace
X-XRDS-LOCATION
X-Magnolia-Registration
X-DIS-Request-ID
X-Origin-Cache
X-Webkit-CSP
X-Amz-Replication-Status
X-Debug-Info
X-Page-Id
X-Via-JSL
X-Px
X-Wormhole-Sdk
X-Oracle-Dms-Ecid
Version
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-ProcessESI
X-RemovedCookies
Amp-Access-Control-Allow-Source-Origin
X-Whom
X-UUID
X-G
X-Rid
X-Tumblr-Pixel
X-Content-Options
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Adobe-Content
X-App-Environment
X-Rule
X-Node-Name
X-Debug-IsConnected
X-Debug-IsPreview
X-Adobe-Loc
X-Datadog-Sampled
NGB
SD-X-WS
X-Source
VIX-Pulpo-Node
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
X-RTag
X-Storage
Ms-Operation-Id
MS-CV
X-Yottaa-Metrics
X-Hl-Ver
X-Template
X-B-Cache
X-Is-Bot
X-Proxy-Cache-Info
X-Rendered-As
X-Signature
X-User-Agent
Cross-Origin-Window-Policy
X-Instance
X-Cacheable-TTL
X-Wix-Request-Id
X-Region
X-NYM-Debug-Backend
X-Backend-Name
X-Device-Type
X-Status
GEO-INFO
Country
X-L-Path
X-FW-Hash
X-FW-Dynamic
X-Environment-Context
X-FW-Serve
X-FW-Server
X-FW-Version
X-FW-Static
X-ServerID
X-FW-Type
X-Ismobilevalue
X-Cache-Age
X-NWS-UUID-VERIFY
Charset
Countrycode
X-IPS-LoggedIn
ServerID
X-RM-Cache-TTL
SRV
X-EdgeConnect-Cache-Status
X-Real-IP
X-Cache-Grace
Front
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Framework
X-Amzn-Remapped-Content-Length
X-Cache-Hit
Liferay-Portal
X-Xrds-Location
X-AB
X-B3-SpanId
X-Oracle-Dms-Rid
X-Language
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Air-Pt
X-Content-Powered-By
X-Api-Version
OT-Force-Account-Verify
X-Air-Trace-Id
X-Air-Source
X-Sucuri-Cache
X-Air-Hostname
X-Servername
X-Sucuri-ID
X-UA
X-VC
X-DataDome
X-VC-Cache
Xet-Cookie
From-Origin
X-URL
Accept-Language
X-Mode
X-Aws-Lambda-Call-Status
Backend
X-Tt-Logid
Refresh
X-ECache
Access-Control-Request-Headers
LB
Webserver
X-Cache-Status-Check
X-Nginx-Cache
Upgrade-Insecure-Requests
X-Handled-By
X-HTML-Minification-Powered-By
X-Cache-Time
X-Fastly-Request-Id
X-SaId
X-UPSTREAM-Address
X-Rewrite-Enabled
X-JoinUs
X-RCS-CacheZone
Cache
Meta-Geo
X-SRV
Filters
X-Rn-Rsrv
X-Request-URI
X-Cms-Context
Property-Id
TWC-Connection-Speed
Webcakes-App-Name
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Version
X-Xfnlog-Site
X-Adobe-Source
X-Container-Uri
TWC-Device-Class
Webcakes-Region
ServedBy
X-Hosted-By
X-Mg-Request-UUID
X-Generated-By
X-PHP-Host
X-Git-Commit
X-S
X-Origin-Date
X-Webstats-RespID
X-Labrador-Cache-Channel
X-Tumblr-Pixel-2
X-Varnish-Age
TWC-Locale-Group
X-Provided-By
X-R9-Blue-Green-Version
X-Origin-Hint
X-RateLimit-Limit
X-Redis-Cache
X-Forwarded-Host
X-ProxyCache-Status
X-Tb
X-ProxyCache-Key
X-Site-Version
Section-Io-Id
X-Cache-Debug
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Lambda-Id
X-Locale
X-Tncms
X-No-Session
X-Loop
X-Logging-Id
X-Httpd
X-Geo-Region
X-Browser-Name
X-Akamai-Edgescape
X-Accel-Version
Web-Mar-Node
X-BYPASS-REASON
X-Web-Node
X-Fetched-On
X-Served-From
X-Cluster
Url
Atl-Traceid
X-Reqid
X-Tcp-Rtt
X-Skip-Cache
X-Scope-Id
X-Upstream-Ht
X-Cache-Rule
X-Shopify-Stage
X-Optimistic-Header
X-Restarts
X-Say-Cacheable
X-Cache-Operation
X-Frame-Option
X-Storefront-Renderer-Rendered
X-Soup
X-Upstream-Ct
X-Detected-As
X-Director
X-Origin
Selected-Fe
X-Cache-Host
X-Varnish-Beresp-Grace
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Format
X-VCT
X-Timing-Wait
Apigw-Requestid
X-Alternate-Cache-Key
X-SayCDN-TTL
X-Proxy-Build
X-IPLB-Instance
X-IPLB-Request-ID
X-Say-TTL
X-Cloudmap
X-AWS-Id
X-Proxied
X-RID
X-VWS-Id
X-LJ-Flow-ID
X-Zipkin-Id
Onion-Location
Xserver
X-Ms-Request-Id
X-Edge-Location
X-Extlb
X-Ms-Version
X-Endurance-Cache-Level
X-Routing-Service
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-INCAP-ABP
Expiry
X-ShardId
X-Connection-Hash
X-Azure-Ref-OriginShield
X-GeoCountry
Frame-Options
Priority
X-GeoCode
X-Vcache
X-Lagoon
X-Cache-Expired-At
X-WP-CF-Super-Cache-Cookies-Bypass
Cdn-Requestid
X-Vcl-Version
Source
X-CDN-Forward
WPO-Cache-Message
Protected
WPO-Cache-Status
Environment
X-Generation-Time
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-Control
X-Shield-Cache-Expires
X-CMSURLCustom
X-B3-Traceid
Thinkindot-CacheControl-Type
TDXMobile
X-Fastcgi-Cache
Fastcgi-Useragent
X-Drupal-Cache-Tags
X-Cache-Action
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Origin-TTL
X-PHP-Backend
X-Origin-CC
X-Pass-Why
X-Cdn-Origin
Uber-Trace-Id
CF-IPCountry
X-App-Version
X-Rocket-Nginx-Serving-Static
Sid
X-ID
X-Worker
X-GEO
X-Urbn-Context-Path
X-Cluster-Node
X-Urbn-Site-Id
Locale
X-Vercel-Cache
X-Vercel-Id
Azure-SlotName
X-Aspnetmvc-Version
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Cache-Hits
Node
X-XRDS-Location
X-Buckets
X-FB-TRIP-ID
Cache-Tv-Group
CDN-PullZone
CDN-CachedAt
CDN-Cache
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-Uid
CDN-EdgeStorageId
Cross-Origin-Embedder-Policy
X-Auth-Group-Type
X-TA-CDN-Provider
X-Tumblr-Pixel-3
X-Server-W
X-Pad
X-Cache-Server
Alternate-Protocol
X-A
X-Tx-Id
DB-Nickname
X-DC
X-LiteSpeed-Cache-Control
X-Client-Ip
X-Bc-Bl
Gannett-Cam-Experience-Id
X-BCube-Filmed-By
Cdn-Request-Time
X-Op-Id-All
X-Org
X-Origin-Expires
Cdn-Host
X-Esi-Check
AMP-Access-Control-Allow-Source-Origin
X-Req
Magicmarker
X-Ec-GeoHdr
Lang
X-Bl-Debug
X-Epic-Correlation-Id
X-Edge-Server
X-Fastly-Backend
X-Custom-Header
X-Ig-Origin-Region
X-Ig-Push-State
X-Cache-NE
X-Cache-TTL-Remaining
Content-Secure-Policy
X-Conf
X-Content-Age
X-Gzip
X-Level-Front-Cache
X-Generated-On
X-Core-Value
X-ND-Cache
X-Rojux
DCR-Processing-Time-Ms
X-Service
X-Cache-Id
DCR-Decision-By
X-D
X-Aed
X-Viewer-Country
Candidate-Md5Url
X-LSADC-Cache
X-Via-Fastly
Wxu-Next-Commit
X-Varnish-Remaining-TTL
X-Vdms-Version
Wxu-Next-Hostname
X-Vtex-Remote-Cache
X-Dispatcher-Server
Surrogated-Key
X-DefElseHash
Sslversion
T-Server
Rendered-Blocks
A
X-Developer
X-DefHash
Wxu-Next-Region
Origin-Agent-Cluster
X-SRCache-Key
Ngx.Var.Host
X-A-Dgt
X-A-Wwc
X-Ec-Fail
MD5-Digest
X-ScT
Meta-Geo-Continent
X-GeoIP-City
X-A-Dcw
X-A-Ccd
X-V-Cache
Odigeo-Trace-Id
X-TIM-N
X-A-Dam
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Mime-Version
User-Cache-Control
X-Backend-Instance
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-AK-Request-ID
V-Age
Tube-Return
Ssr
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
X-Amz-Storage-Class
X-App-Name
X-Cache-FS-Status
X-Cache-Info
X-CacheTTL
X-Cdn-Srv
X-Cache-Bucket
X-Block-Status
X-B3-Trace-ID
X-Debug-Cache-Fetch
X-Bip
X-Clientip
X-GeoIP
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-UA-Device-Type
X-Thanos
X-Sn-Servicetimems
X-Server-IP
X-Region-Sid
X-RateLimit-Remaining-Second
X-Request-Time
X-SB
X-SD-PageType
X-Scheme
X-Varnish-Director
X-Varnish-Hostname
PFcat
Fastly-SSL
X-HN
X-NodeID
XM
X-VarnishDD-TTL
Cache-Provider
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Backend
X-RateLimit-Limit-Second
X-Pubstack
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GoCache-CacheStatus
X-Hnp-Log
X-Jobs
X-HS-Content-Campaign-Id
Server-Host
X-Geo-Header
X-Fastly-Cache
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-Fmm-Version
X-Gdpr
X-Forwarded-Site
X-Loc
X-Men
X-PAYTM-SRV-ID
X-Origin-Time
X-Platform
X-Policy
X-Proto
X-Powered-By-VTEX-Cache
X-Origin-Response-Time
X-Nyt-Route
X-Mly-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-NMSegId
X-Node-Id
X-Debug-Cache-Store
X-Gen-Mode
Platform
Esi-Enabled
Adler-Geo
Edge-Cache
Powered-By
Fastly-Backend-Name
Origin
Is-Eu
AKAMAI
NM-Fastcgi-Cache
Cdncip
Cdnsip
HostName
Producers
Content-Style-Type
RNT-Machine
Country-Code
RNT-Time
Req-ID
Content-Script-Type
Click-Count-Error
Click-Count-Action-Start
Host-ID
X-HITS
X-Varnish-Beresp-Ttl
C-Via
X-Depends
Apple-News-Services-Request-Url
X-CUA
Cluster
Ha-Gx-Prefs
CDCHOST
X-Date
Canary
Cache-Key
X-We-Are-Hiring
X-Request-Start
X-Human
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Request-Host
X-Proxied-Request
X-Mvc-Supplant-OutputCached
X-Nginx-Cache-Key
X-Location
X-Pool
X-Hash
Server-Ext
Yak-Timeinfo
X-Ec-Custom-Error
Apple-News-Services-Handled
Apple-News-Services-Host
X-Varnishpool
X-Dc
X-Var-Ttl
X-Varnish-Authentication
X-Varnish-Beresp-Status
Apple-News-Services-Parsed-Url
X-Contensis-Viewer-Groups
HA-Ipaddr
On-Server
Origin-CC
X-Accel-Expires-Debug
NGX
X-Section
Machine
Mail-Subject
Origin-EX
Web-Mar-Region
Req-Svc-Chain
Sever-Int
Server-Hostname
Release
Proxy-Firewall
We-Hiring
Pramga
X-Cs
Server-Info
Fastly-GeoIP-CountryCode
DSUID
X-Access
X-Csrf-Jwt
X-Cache-Aspx
X-CGP
X-BBC-Edge-Cache-Status
L
L5d-Success-Class
W
Gh-Request-Id
X-Eu-Site
X-Auto-Login
True-Client-Country-4JS
X-NGINX-Cache
X-AIR-PT
Fusion-Content-Source
Debug
X-RateLimit-Reset
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-WA-Info
Fusion-Source
X-Ad-Load-Variation
BehaviorPad-Version
Fusion-Template-Id
X-Varnish-Hits
X-Device-Os
Redirect-Candidate
X-LB-ID
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Via-Popv
Fastly-Drupal-HTML
X-APP
X-MP-GENERATED-AT
X-Via-Popn
X-Up
X-HA-Backend
X-NCache
Pics-Label
X-Via-Poph
X-From
X-Zone
GeoIP-Latitude
X-LiteSpeed-Tag
X-Akamai-Transformed
CloudFront-Viewer-Country
X-Content-Length
X-Newrelic-Synthetics
X-Jungle-Id
X-VHOST
X-CACHE-AGE
SID
X-Parent-Response-Time
CDN-RequestId
X-B3-Parentspanid
X-Cache-Backend
X-Refresh
X-Servedbyhost
X-Vdms-Path
X-Origin-Cache-Key
X-Nc
X-Nananana
X-LB-NoCache
Vc-Max-Age
WP-Super-Cache
Fastly-Drupal-Html
X-Dispatcher-Number
X-Uri
X-Datadome
X-ZONE
X-CACHE-KEY
Resin-Trace
X-CDN-Cache-Status
X-Litespeed-Tag
X-DynaTrace-JS-Agent
X-M-Reqid
X-RequestId
Product
X-Cached-By
X-Wa
X-Render-Time
X-ApacheServer
X-VC-TTL
Server-ID
Datacenter
X-M-Log
X-PERF
Cdn
NtCoent-Length
X-B3-Spanid
GeoIp-Country-Code
X-Amz-Meta-Cb-Modifiedtime
X-CS
X-Ckpd-Fst-Backend
X-Fpc
S-Rt
X-Bug-Bounty
FSS-Cache
Locid
X-IAuth-Set-Uid
X-Varnish-Beresp-TTL
X-VCache
Serverhost
True-Client-Ip
Uri
X-Esi
ServerName
X-TX-ID
X-HostName
X-HubSpot-Correlation-Id
X-Srv
X-SERVER-NAME
X-Nf-Country
X-Nf-Language
X-Nf-Ats-Version
True-Client-IP
X-TT-LOGID
GeoIP-Country-Code
X-Original-Request-Id
X-Response-Served-From
X-Old-Content-Length
X-CLOUD-TRACE-CONTEXT
Tcn
X-TIME
CDN
X-Vmg-Version
X-Dynatrace-Js-Agent
X-FPC
X-NewRelic-App-Data
X-Cdn-Cache-Status
X-Akamai-Device-Characteristics
Ngx-Var-Key
User-Agent
Srv
X-Cdn-Forward
Request-ID
X-Gamma-Serve
X-WA
X-Info
X-Vgn-Hpd-Reason
X-Vc
ServerHost
CacheControlHeader
Cf-Ipcountry
Xc-Version
X-Hit
X-Moov-Xdn-Version
X-Moov-T
X-TH-Server
Server-Id
Hostname
X-COUNTRY
X-APP-VERSION
X-Platform-Router
X-NC
X-Platform-Cluster
X-Webkit-Csp-Report-Only
X-Platform-Processor
Expect-Staple
X-VCL-Version
X-FL-QIT-DEBUG
Srvid
X-Dispatch
X-Presslabs-Stats
X-Lb-Nocache
X-Amz-Meta-Opti
X-Geo
Geoip-Latitude
Cf-Device-Type
X-Limited
X-V
X-ServedByHost
X-External-Request-Id
X-B-Cookie
X-User
X-Application
X-S-Cookie
X-Destination
Cneonction
Cross-Origin-Embedder-Policy-Report-Only
Cloudfront-Viewer-Country
X-Oracle-DMS-ECID
X-New
X-App
X-Via-PopH
X-Platform-Server
X-Rollout
X-Ha-Backend
X-Zen-Fury
X-Via-PopN
Origin-Trial
X-Via-PopV
N-Cache
X-Eligible
Permission-Policy
WZWS-RAY
PICS-Label
X-Proxy-CacheRZ
X-Sigma-Backend
X-Instance-Name
X-Correlation-ID
X-MSEdge-Flight
X-MSEdge-Features
X-Rocket-Build-Number
X-Sigma
X-Cache-Date
X-Ua
Ohc-File-Size
X-Akamai-Pragma-Client-IP
XkeyRZ
Epwk-X-Cache
Rtss
X-Ftr-Request-Id
X-VServer
X-Sqd-Stime
X-Sqd-Ctime
X-API-Version
X-MiniProfiler-Ids
X-Serial
X-Branch-Name
X-Internal-TTL
X-Segment-20210421
X-Web-Server
X-Lb-Id
X-Check-Cacheable
X-ElasticPress-Query
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Lb
IsBot
X-Path
Cl-Cache
X-EC-Lua
X-Service-Response-Time
X-Datacenter
Timeexpire
Sm-Log-Id
X-SIPLIST1
Edge-Copy-Time
Cmsid
X-Via-CDN
X-Via-SSL
Cmstype
X-Acquia-Site
X-Acquia-Application-Trace
X-Via-Edge
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Servername
X-Litespeed-Cache-Control
CountryCode
X-CSRF-TOKEN
X-LAGOON
X-CDN-Origin
X-Traceid
Fl-Custom-Application
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-Th-Server
X-Origin-Upstream-Status
X-Shardid
X-Shopid
X-Sorting-Hat-Podid
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-Sorting-Hat-Shopid
Warning
Wpo-Cache-Message
Wpo-Cache-Status
X-RAMCache
X-IN-APIGATEWAYSSL
X-Ramcache
Ohc-Cache-HIT
Ngx
X-Snapshot-Date
X-Fastly-Backend-Reqs