Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Access-Control-Allow-Origin
Referrer-Policy
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Xss-Protection
X-Served-By
X-Download-Options
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Request-Id
Access-Control-Allow-Credentials
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-AspNet-Version
Alt-Svc
X-Runtime
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Generator
X-Cache-Status
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Content-Security-Policy
X-Drupal-Dynamic-Cache
Feature-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
X-Ua-Compatible
Access-Control-Max-Age
X-Via
Server-Timing
Request-Context
X-Robots-Tag
X-Turbo-Charged-By
X-UA-Device
X-Amz-Request-Id
X-Cache-Group
EagleId
X-Amz-Id-2
X-Backend
X-AH-Environment
P3p
X-Proxy-Cache
Keep-Alive
X-Dns-Prefetch-Control
X-Server
X-Ws-Request-Id
X-Age
Host-Header
Cf-Edge-Cache
X-Hacker
X-Vhost
X-Server-Powered-By
X-Rq
X-Varnish-Cache
X-Dispatcher
X-Amz-Version-Id
Grace
Allow
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Pantheon-Styx-Hostname
X-Page-Speed
X-Styx-Req-Id
Cf-Apo-Via
X-Device
X-WebKit-CSP
Cf-Railgun
Accept-CH
X-Aws-Lambda-Call-Status
X-Node
X-Pingback
X-Host
X-Ruxit-JS-Agent
X-Server-Id
EagleEye-TraceId
X-Nginx-Cache-Status
Surrogate-Control
X-Akam-SW-Version
X-Readtime
Request-Id
X-Backend-Server
X-Cache-Spec
X-Cache-Lookup
X-Content-Security-Policy-Report-Only
X-HW
Accept-Ch-Lifetime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Trace
X-Application-Context
X-Response-Time
Permissions-Policy
Fastly-Restarts
X-Nginx-Upstream-Cache-Status
X-Edge
X-Mod-Pagespeed
X-WebKit-CSP-Report-Only
X-Country
X-Content-Type
Content-Location
X-MS-InvokeApp
X-Url
Accept-CH-Lifetime
X-Mcache
X-CST
X-Clacks-Overhead
X-TtlSet
X-PC
X-Vname
Rating
X-Amz-Server-Side-Encryption
X-Midtier
X-Litespeed-Cache
RTSS
Cache-Tag
X-ESI
X-Vcap-Request-Id
X-D2id
X-Element-Page-Cache
X-VARITI-CCR
Verso
X-Rack-Cache
X-Server-Name
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Id
Origin-Trial
X-Ac
X-Powered-By-Plesk
X-GitHub-Request-Id
Service-Worker-Allowed
X-ECACHE
X-Cnection
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-Navigation-Version
Xkey
X-Ttl
X-Abt-Application-Version
Edge-Control
SPIisLatency
SPRequestDuration
X-Cache-TTL
X-B3-TraceId
X-NWS-LOG-UUID
X-Upstream
Arr-Disable-Session-Affinity
X-Webkit-Csp
X-Cached
X-Mg-S
X-Dw-Request-Base-Id
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Browser-Type
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Varnish-TTL
X-Px
X-Cache-Key
X-Middleton-Display
Display
X-Sol
Pagespeed
X-FastCGI-Cache
Accept-Ch
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-NF-Request-ID
Access-Control-Request-Method
Edge-Cache-Tag
X-Correlation-Id
X-Forwarded-For
X-Country-Code
X-Goog-Hash
Content-MD5
TCN
X-Powered-CMS
Front-End-Https
AR-SID
AR-Request-ID
X-Id
AR-CACHE
AR-ATIME
X-Version
AR-PoweredBy
Public-Key-Pins
X-RateLimit-Remaining
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-T
X-MSEdge-Ref
X-Content-Digest
X-Ser
X-Recruiting
X-Ratelimit-Limit
X-Amzn-Trace-Id
Response
X-Middleton-Response
X-Accel-Expires
X-Daa-Tunnel
TP-Cache
TP-L2-Cache
X-XRDS-Location
X-Shield-Request-Id
MicrosoftSharePointTeamServices
Nginx-Cache
S
Cache-Status
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Request-Received
X-Request-Processing-Time
X-HS-Hub-Id
Server-Node
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
Cache-Tags
X-Fastcgi-Cache
X-Hits
X-Distributor
X-PressLabs-Stats
X-Edge-Location-Klb
X-Kinsta-Cache
Cross-Origin-Opener-Policy
X-LB-Cache
X-Origin-Server
X-Ratelimit-Remaining
X-Ratelimit-Reset
Fastcgi-Cache
X-Ua-Browser
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Alternate-Protocol
X-Grace
Server-Name
Filterid
X-Frontend
X-DIS-Request-ID
X-Microsite
X-Request-Handler-Origin-Region
X-Protected-By
X-Rid
Healthy
X-LLID
X-Geo-Country
X-Fastly-Request-ID
X-FB-Debug
X-Logged-In
Cleartype
Payment
X-Varnish-Backend
X-Git-Hash
X-Debug-Info
X-Page-Id
X-Forwarded-Proto
X-Www-Served-By
X-Load-Cache
X-Hostname
X-NGENIX-Cache
X-Cluster-Name
X-DataDome
DC
X-ASPNET-VERSION
X-ECache
MS-Author-Via
X-Origin-Cache
Realpath
Charset
Content-Disposition
Access-Control-Allow-Method
X-TTL
X-B3-Sampled
X-GUploader-UploadID
X-Goog-Metageneration
X-Upgrade-Enabled
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Proxy
X-F-Cache
X-AppVersion
X-Activity-Id
X-Az
X-B3-Traceid
X-Seen-By
X-Amz-Meta-S3cmd-Attrs
X-Amz-Replication-Status
Retry-After
Paypal-Debug-Id
X-Server-ID
X-Fb-Rlafr
X-Azure-Ref
X-Cache-Age
Count-Hit
X-Type
X-Whom
Viewport
X-Request-Guid
X-Providence-Cookie
Surrogate-Key
X-Aspnet-Duration-Ms
X-Revision
X-Is-Crawler
Cross-Origin-Resource-Policy
X-Route-Name
X-Contextid
X-Flags
X-Wix-Request-Id
X-B
X-Signature
X-Aspnetmvc-Version
X-Varnish-Server
X-B-Cache
X-App-Environment
X-Hosted-By
X-VCache
Accept-Charset
X-Akamai-Edgescape
X-TT
X-DynaTrace
X-Language
Amp-Access-Control-Allow-Source-Origin
X-Source
X-App-Server
X-Fastly-Request-Id
X-Cache-Control
X-Mobile
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Referer-Policy
X-Goog-Stored-Content-Length
X-Times
X-Magnolia-Registration
X-Varnish-Grace
Host
X-Envoy-Decorator-Operation
Version
X-Varnish-Ttl
X-Cache-Rule
X-N
X-HTML-Minification-Powered-By
X-Oracle-Dms-Rid
X-Oracle-Dms-Ecid
WPO-Cache-Status
WPO-Cache-Message
X-Response-Served-From
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Varnish-Age
Refresh
X-Original-Request-Id
X-Tumblr-User
Access-Control-Request-Headers
MS-CV
Ms-Operation-Id
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-EdgeConnect-Cache-Status
X-Rule
X-Tumblr-Pixel-0
X-RTag
X-Cache-Status-Check
X-Cache-Time
SD-X-WS
X-UUID
X-User-Agent
GEO-INFO
X-Status
X-Backend-Name
X-Page-View
Protected
X-Cacheable-TTL
Akamai-GRN
X-Content-Powered-By
X-Cache-Grace
X-Framework
X-Rendered-As
Section-Io-Cache
X-Drupal-Cache-Tags
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-FW-Type
X-Cache-Expired-At
X-FW-Server
X-FW-Version
X-Instance
X-ProcessESI
X-Environment-Context
X-Is-Bot
X-L-Path
X-XRDS-LOCATION
X-FW-Static
X-Jobs
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-RemovedCookies
X-Drupal-Cache-Contexts
X-Device-Type
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Http-Reason
X-NYM-Debug-Backend
X-Akamai-Request-ID2
Url
From-Origin
X-Servername
X-RateLimit-Limit
X-Trace-Id
X-G
X-Region
NGB
X-Adobe-Loc
X-Adobe-Content
SRV
CDN-RequestId
X-Nginx-Cache
X-Template
Front
X-CDN-Forward
X-Unique-Id
Accept-Language
X-Debug-IsConnected
X-Debug-IsPreview
X-Content-Options
X-Yottaa-Optimizations
X-Cache-Hit
X-Yottaa-Metrics
Backend
Fastly-SWR
Fastly-SIE
Country
X-Zen-Fury
Liferay-Portal
X-Air-Trace-Id
X-Air-Hostname
X-Newrelic-App-Data
X-Air-Source
X-DynaTrace-JS-Agent
Pinterest-Version
X-Pinterest-Rid
X-Mode
Pinterest-Generated-By
X-COUNTRY
X-Cache-Operation
Content-Secure-Policy
X-Tb
X-Real-IP
X-RN-RSRV
Filters
X-Tumblr-Pixel-2
X-Amzn-Remapped-Content-Length
Webserver
X-Rocket-Nginx-Serving-Static
X-Content-Age
X-Generation-Time
X-Cache-Server
X-UPSTREAM-Address
Meta-Geo
X-Tt-Logid
Onion-Location
X-Rewrite-Enabled
Uber-Trace-Id
S-Rt
X-Proxy-Build
Azure-RegionName
Azure-InstanceId
X-IPS-LoggedIn
X-Locale
X-Format
Azure-Version
X-Proxy-Cache-Info
Selected-Fe
X-Access
X-PHP-Backend
CF-IPCountry
Azure-SlotName
Cache-Hits
Azure-SiteName
X-Node-Name
X-Section
X-Timing-Wait
X-Soup
X-Sql-Count
ServedBy
X-Skip-Cache
X-Sql-Duration-Ms
X-Site-Version
Property-Id
Webcakes-App-Name
Cache-Name
X-Web-Node
X-Sucuri-Cache
X-Sucuri-ID
X-Server-W
X-Uri
X-Cluster-Node
Node
X-Ms-Request-Id
TWC-Device-Class
X-Varnish-Beresp-Grace
X-Proto
TWC-GeoIP-Country
X-R9-Blue-Green-Version
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Origin-Hint
X-Ms-Version
Webcakes-Region
TWC-Locale-Group
Webcakes-App-Version
X-Time
Web-Mar-Node
X-Cache-Action
X-Zipkin-Id
X-Ua
ServerID
X-Cache-Host
X-Via-Fastly
X-UA-Device-Type
DB-Nickname
X-BYPASS-REASON
Cross-Origin-Window-Policy
X-Debug
X-Handled-By
X-Tumblr-Pixel-3
X-Forwarded-Host
X-Say-Cacheable
X-Say-TTL
X-TIME
X-SayCDN-TTL
X-Routing-Service
X-Extlb
X-ProxyCache-Status
X-ProxyCache-Key
X-Cache-TTL-Remaining
X-Proxied
X-Cms-Context
X-Reqid
X-Proxy-Cache-Status
X-Edge-Location
X-LJ-Flow-ID
X-SaId
X-LAGOON
X-IPLB-Instance
X-Origin-Date
X-Cluster
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-PHP-Host
X-AWS-Id
X-JoinUs
X-IPLB-Request-ID
X-VWS-Id
X-Labrador-Cache-Channel
X-VC-Cache
X-Detected-As
Mn-Server-Ip
X-Ruxit-Js-Agent
X-FB-TRIP-ID
X-No-Session
X-Urbn-Context-Path
X-Optimistic-Header
X-App-Version
X-Xfnlog-Site
Apigw-Requestid
Countrycode
Locale
X-Urbn-Site-Id
X-Adobe-Source
X-Tec-Api-Origin
X-Tec-Api-Root
Fastcgi-Useragent
X-ARC
X-Tec-Api-Version
WP-Super-Cache
Mime-Version
X-Buckets
X-LSADC-Cache
Cache-Tv-Group
X-Oneagent-Js-Injection
X-GeoCode
X-Director
X-GeoCountry
Source
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
Upgrade-Insecure-Requests
X-Hl-Ver
X-Varnish-Hits
X-Mg-Request-UUID
Fastly-Drupal-HTML
X-Request-Time
X-Generated-By
X-Redis-Cache
X-GEO
X-Cache-Debug
Frame-Options
X-FireWall-Port
X-Loop
CF-Cached-On
Xet-Cookie
X-Varnish-Cache-Hits
X-Origin-CC
X-Tx-Id
X-URL
X-Origin-TTL
X-Varnish-Hostname
X-Pass-Why
X-SRV
X-ShopId
X-Alternate-Cache-Key
X-RM-Cache-TTL
X-Shopify-Stage
X-ShardId
X-TA-CDN-Provider
X-Api-Version
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-TNCMS
X-ServerID
Load-Balancing
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Served-From
X-Pubstack
X-Service
X-Request-Host
X-Endurance-Cache-Level
X-Location
A
X-B-Cookie
X-A-Dgt
T-Server
X-Hash
X-Generated-On
X-Gdpr
X-Epic-Correlation-Id
X-External-Request-Id
X-BBC-Edge-Cache-Status
Xserver
X-Bc-Bl
X-Bip
X-A-Ccd
Server-Info
X-A
X-A-Dam
DSUID
X-Cache-Date
X-Cache-Info
X-Cache-NE
X-Conf
WWW-Authenticate
X-Developer
X-BCube-Filmed-By
X-Ec-Fail
X-Destination
Surrogated-Key
X-CUA
X-D
X-Ec-GeoHdr
X-Mid
X-S-Maxage
X-Vdms-Path
X-ScT
Ngx.Var.Host
Meta-Geo-Continent
X-Vdms-Version
X-Application
X-Rocket-Build-Number
Odigeo-Trace-Id
X-Rojux
X-S
X-S-Cookie
X-Sigma
X-Sigma-Backend
X-A-Wwc
X-Thanos
X-TIM-N
Lang
Country-Code
X-Test
X-SVT-ORM-VERSION
MD5-Digest
Memcached
X-Aed
X-SRCache-Key
X-SVT-ORM-RULES
X-Processor
Candidate-Md5Url
Edge-Cache
X-Mobile-URL
Xc-Version
DCR-Processing-Time-Ms
BehaviorPad-Version
X-A-Dcw
X-Level-Front-Cache
Host-ID
Cache-Host
Gannett-Cam-Experience-Id
Sslversion
Rendered-Blocks
X-Origin-Time
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
Origin
X-We-Are-Hiring
Release
DCR-Decision-By
X-Nyt-Route
Redirect-Candidate
Req-Svc-Chain
X-CSRF-Token
X-Restarts
X-Storage
Fastly-GeoIP-CountryCode
Gh-Request-Id
Mail-Subject
Magicmarker
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
Fastly-Backend-Name
Thinkindot-CacheControl-Type
We-Hiring
X-INCAP-ABP
X-SD-PageType
X-Server-IP
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Region-Sid
X-Pool
X-Mvc-Supplant-Cachable
X-Node-Id
X-Org
X-Origin-Response-Time
X-Sn-Servicetimems
X-Thinkindot-L3
NM-Fastcgi-Cache
Server-Host
X-Men
X-Origin
X-WP-CF-Super-Cache-Active
X-Worker
X-Var-Ttl
X-Varnish-Beresp-Status
X-Varnishpool
X-WADP-Cache
X-Loc
X-JWT-State
X-Core-Mission
X-Date
X-Developers
X-Dispatcher-Number
X-CMSURLCustom
X-Clara-WADP
X-Auto-Login
X-Cache-Bucket
X-Cdn-Origin
X-Cdn-Srv
X-Ec-Custom-Error
X-Fastly-Backend
X-HS-Content-Campaign-Id
X-Httpd
X-Human
X-Is-Gdpr
X-Has-Esi
X-Geo-Header
X-Fastly-Cache
X-Fmm-Version
X-Gamma-Serve
X-Accel-Expires-Debug
X-CacheTTL
Apple-News-Services-Host
Apple-News-Services-Handled
C-Via
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-B3-Spanid
Cache-Key
AKAMAI
X-Varnish-Beresp-Ttl
CacheControlHeader
X-Parent-Response-Time
Section-Io-Id
Section-Io-Origin-Status
X-Frame-Option
X-Fetched-On
X-FC-Vary-Parameters
Section-Io-Origin-Time-Seconds
X-Forwarded-Site
X-Block-Status
Wxu-Next-Commit
Wxu-Next-Hostname
Web-Mar-Region
User-Cache-Control
Tube-Return
Wxu-Next-Region
X-Accel-Buffering
X-Core-Value
X-Gen-Mode
X-Azure-Ref-OriginShield
X-App
Section-Origin-Responded
X-GeoIP-Country-Code
X-Request-Start
Vix-Hermes-Req-Id
X-Scale
X-Wix-Viewer-Type
X-VServer
X-WA-Info
X-Akamai-Device-Characteristics
X-Cache-Id
X-NodeID
X-Platform
X-Instance-Name
X-Gzip
X-Dispatcher-Server
X-Esi-Check
X-Vmg-Version
X-VG-TLSProxy
X-Irp-Debug
X-LB-NoCache
X-Hnp-Log
X-HN
Tube-Got-Results
X-GeoIP-Region-Code
X-Mly-Id
X-NCache
X-NWS-UUID-VERIFY
X-VarnishDD-TTL
X-Req
X-Op-Id-All
X-Nginx-Cache-Key
X-GeoIP-City
X-GeoIP
Machine
State
Datacenter
Cmsid
Server-Ext
Server-Hostname
Click-Count-Action-Start
Ssr
Cmstype
Click-Count-Error
Tube-Got-Eval
NGX
Canary
L
PFcat
Tube-Get-Contents
Cache-Provider
On-Server
Kp-EeAlive
CloudFront-Viewer-Country
CDCHOST
Sever-Int
X-Ckpd-Fst-Backend
X-Response-By
X-CGP
X-SB
X-DefHash
X-Minions-Version
X-Eu-Site
Origin-CC
Origin-EX
X-Old-Content-Length
X-Device-Os
X-Qloud-Router
X-DefElseHash
X-Varnish-CookieHashed-On
X-Provided-By
X-Csrf-Jwt
X-Cache-Tags
X-Ad-Defer-Variation
X-Cache-FS-Status
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Fastly-SSL
X-Origin-Expires
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Owner
Environment
Platform
X-Varnish-CookieINHashed-On
X-V-Cache
X-Variation
X-Cache-Remote
X-Varnish-Remaining-TTL
L5d-Success-Class
Adler-Geo
HostName
X-Webkit-CSP-Report-Only
X-CACHE-AGE
X-Air-Pt
Cluster
Decoy-Debug-TTL
X-Release
Decoy-Debug-Status
Decoy-Debug-Key
X-FL-EDGE
X-Platform-Server
X-Refresh
X-Aicache-OS
X-Mvc-Supplant-OutputCached
X-Cache-Backend
X-Microcachable
X-Nananana
Producers
X-DPWN-IS-SECURE
Srvid
Locid
Expect-Staple
X-FL-QIT-DEBUG
Pics-Label
X-Tid
X-Via-CDN
X-Dc
X-Ua-Device
X-Tb-Optimization-Total-Bytes-Saved
X-Correlation-ID
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-Vcl-Version
Env
X-From
X-ND-Cache
X-Zone
GeoIP-Latitude
X-RCS-CacheZone
X-DC
Sid
X-Trace-ID
X-VC
Memory
X-Cache-Enabled
X-Generated-In
Time
X-Up
NtCoent-Length
X-Cached-By
X-Servedbyhost
Svr
X-Lambda-Id
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Edge-Pop
X-Webkit-CSP
Cache
X-Cs
X-ZONE
X-DataCenter
X-Via-Poph
X-HS-Status
X-AIR-PT
SID
X-Via-Popn
X-Via-Popv
X-Srv
X-NewRelic-App-Data
VNS-Age
X-Vgn-Hpd-Cached
CPC-Age
X-HA-Backend
X-Presslabs-Stats
Fastly-Drupal-Html
AMP-Access-Control-Allow-Source-Origin
X-Vtex-Remote-Cache
X-Vgn-Hpd-Ssi
VNS-Cache
X-VCT
X-Nc
CPC-Cache
X-Render-Time
X-Esi
X-Vgn-Hpd-Variations-Key
X-Vc
X-Wa
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
GeoIp-Country-Code
X-CLOUD-TRACE-CONTEXT
Server-ID
X-LB-ID
X-Client-Ip
Cdn
X-Upstream-Ct
X-Upstream-Ht
X-TH-Server
X-B3-SpanId
X-Cache-Type
X-Check-Cacheable
Cdnsip
X-Gateway-Skip-Cache
X-Gateway-Request-Id
X-AK-Request-ID
X-Amz-Meta-Cb-Modifiedtime
X-Via-JSL
X-Gateway-Cache-Status
Cdncip
X-ATG-Version
Hostname
X-Gateway-Cache-Key
XkeyRZ
X-Proxy-CacheRZ
X-Via-NSCOPI
X-Fpc
X-Contensis-Viewer-Groups
Uri
X-Varnish-Authentication
X-MCACHE
True-Client-IP
X-Cache-ASPX
X-NGINX-Cache
M-TraceId
XServer
X-API-Version
X-Nf-Request-Id
Srv
X-Varnish-Beresp-TTL
X-EC-Lua
X-CS
X-Datadome
X-CSRF-TOKEN
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
True-Client-Ip
Esi-Enabled
X-CF-Lambda-Fn
Eomportal-Instance
X-CF-Lambda-Version
X-MSEdge-Features
X-MSEdge-Flight
X-MP-GENERATED-AT
X-FPC
Resin-Trace
OT-Force-Account-Verify
X-Udemy-Cache-App-Namespace
X-Wikidot-Static-Cache
CDN
X-Micro-Cache
N-Cache
X-Wikidot-Backend
X-CDN-Cache-Status
Ngx-Var-Key
Request-ID
YJS-ID
X-Tenant
X-APP-VERSION
RNT-Time
RNT-Machine
X-Fastly-Country-Code
X-Bl-Debug
Lb
Path
X-Orig-Expires
X-Forwarded-Path
X-Shop-Environment
X-Cache-Ttl
X-Request-URI
Server-Id
GeoIP-Country-Code
IsBot
X-SIPLIST1
X-Cache-NGX
X-TX-ID
X-WA
X-Lb-Id
X-Accel-Version
X-Ha-Backend
X-B3-Trace-ID
X-App-Name
X-Policy
X-Service-Response-Time
X-Info
Sm-Log-Id
X-VCL-Version
X-Datacenter
Cross-Origin-Opener-Policy-Report-Only
X-Geo
Location
LB
X-NC
X-RateLimit-Reset
HIT
X-Pod-Name
X-Edge-POP
X-Via-PopV
Hit
X-Via-PopH
X-Via-PopN
X-SERVER-NAME
X-Cdn-Cache-Status
Ohc-File-Size
X-Logging-Id
X-Akamai-Pragma-Client-IP
X-Cdn-Diag
X-Snapshot-Date
Timeexpire
ENV
Pramga
X-Srcache-Fetch-Status
X-Oss-Server-Time
X-Oss-Request-Id
Servername
X-Oss-Storage-Class
Proxy-Connection
X-Srcache-Store-Status
X-CACHE-KEY
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
FSS-Cache
X-Cache-Expires
X-Cdn-Request-ID
X-Git-Commit
X-Container-Uri
Epwk-X-Cache
Yjs-Id
X-Vcache
Req-ID
X-Ctl-Mach
Geoip-Latitude
X-ServedByHost
X-TimeS
X-UP
X-Amz-Meta-Opti
X-Cdn-Forward
X-Fastly-Backend-Reqs
X-Serial
X-LiteSpeed-Cache-Control
X-Scheme
WZWS-RAY
X-HostName
X-VG-WebCache
XM
X-Dw-Trace-Id
X-Hyper-Cache
X-Tncms
X-Rebelmouse-Cache-Control
Warning
X-Rebelmouse-Surrogate-Control
X-MiniProfiler-Ids
X-M-Log
X-M-Reqid
X-Iauth-Set-Uid
X-Moov-Xdn-Version
X-B3-Parentspanid
Cneonction
V-Age
X-Moov-T
X-TraceId
Cdn-Requestid
X-Acquia-Purge-Cdn-Unconfigured
CDN-RequestPullSuccess
Traceparent
CDN-RequestPullCode
X-Qnm-Cache
X-Swift-Error
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-RAMCache
Content-Script-Type
Content-Style-Type
X-Lb-Nocache
X-Acquia-Application-Trace
Ec-Rule-Version
X-Acquia-Site
X-TT-LOGID
X-F-Status
X-Lsadc-Cache
CountryCode
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
My-App
Inserted-Into-Cache-At
X-LiteSpeed-Tag
MIME-Version
X-Viewer-Country
X-IPS-Cached-Response
X-Clientip
X-Mg-Cache
X-Cache-Ngx
True-Client-Country-4JS
Ohc-Cache-HIT
Ngx
X-Mid-Debug-Cache-Key
X-Mid-Debug-Cache-Disk
X-Fastly-Cache-Hits
X-B3-ParentSpanId
X-Webstats-RespID
X-Th-Server
X-Request-URL
X-ApacheServer
X-PERF
X-Litespeed-Cache-Control