Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Request-ID
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Amz-Version-Id
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Litespeed-Cache
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Node
X-Device
X-Cache-Lookup
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
Accept-Ch-Lifetime
X-Response-Time
P3p
Cache-Tag
Cf-Request-Id
X-LiteSpeed-Cache
X-Amz-Server-Side-Encryption
X-Ua-Device
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Application-Context
X-Times
X-TtlSet
X-PC
X-Nf-Request-Id
X-Vname
X-Clacks-Overhead
Rating
X-Cnection
X-Midtier
X-Mcache
X-Edge
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-Browser-Type
X-ESI
X-FTR-Expires
X-Vcap-Request-Id
Origin-Trial
Edge-Control
X-Cache-TTL
X-Element-Page-Cache
X-FastCGI-Cache
Surrogate-Key
X-D2id
X-NWS-LOG-UUID
X-Powered-By-Plesk
X-Country
X-Oneagent-Js-Injection
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Abt-Application-Version
X-Ac
X-Upstream
Verso
X-Navigation-Version
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-B3-TraceId
X-Url
X-Amz-Rid
Nginx-Cache
X-Language
Akamai-GRN
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-GitHub-Request-Id
X-Sol
Pagespeed
Display
X-Middleton-Display
X-ECACHE
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
S
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
X-MS-InvokeApp
AR-ATIME
AR-PoweredBy
AR-Request-ID
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Distributor
X-Resp-Is-Stale
X-Ser
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
SPIisLatency
X-Ttl
Access-Control-Request-Method
X-NGENIX-Cache
X-Client-IP
X-Ruxit-Js-Agent
X-Amzn-Trace-Id
Front-End-Https
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Content-Digest
X-Ezoic-Cdn
X-Recruiting
RTSS
X-Cache-Key
X-Varnish-TTL
Cache-Status
X-T
X-Version
X-Mg-S
X-Powered-CMS
Public-Key-Pins
TP-Cache
X-HS-Cache-Config
X-MSEdge-Ref
X-HS-Hub-Id
X-HS-Content-Id
Fastcgi-Cache
X-Accel-Expires
X-Ismobilevalue
Arr-Disable-Session-Affinity
X-Daa-Tunnel
AR-CACHE
Cache-Tags
X-Cached
X-Cluster-Name
Realpath
X-Correlation-Id
X-Id
Content-MD5
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
X-Request-Received
X-Request-Device-Id
X-HS-Combine-CSS
Ar-SID
YJS-ID
X-Forwarded-For
X-Fastly-Request-ID
X-Ua-Browser
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-Newrelic-App-Data
X-HP-Webp
X-HP-Trace-Id
X-COUNTRY
X-Jurisdiction
X-Cambria-Cache-Control
X-Xrds-Location
X-GUploader-UploadID
X-Azure-Ref
X-RateLimit-Remaining
X-Amz-Replication-Status
X-HS-CF-Cache-Status
X-HS-Prerendered
X-Webkit-Csp
Content-Disposition
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-Ratelimit-Reset
X-Origin-Server
X-Px
X-Unique-Id
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Page-Id
X-Logged-In
X-AppVersion
X-Az
X-Activity-Id
X-Rid
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Cross-Origin-Resource-Policy
Cleartype
MicrosoftSharePointTeamServices
X-SERVER-NAME
X-ORACLE-DMS-ECID
X-Microsite
Cross-Origin-Embedder-Policy
X-Request-Handler-Origin-Region
X-FB-Debug
X-Proxy
X-VARITI-CCR
Accept-Charset
X-Www-Served-By
X-TTL
X-Load-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TEC-API-ORIGIN
X-LLID
X-TEC-API-ROOT
X-TEC-API-VERSION
Version
X-Goog-Metageneration
X-Geo-Country
X-Template
X-Forwarded-Proto
X-Varnish-Backend
X-CST
X-Upgrade-Enabled
X-PressLabs-Stats
X-Hits
Server-Node
Server-Name
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-Hostname
X-App-Server
X-Content-Options
Access-Control-Allow-Method
Section-Io-Cache
Healthy
Viewport
X-Varnish-Grace
X-Grace
X-TT
X-Device-Type
X-Frontend
X-Fb-Rlafr
Fastly-SIE
Fastly-SWR
Alternate-Protocol
X-B
X-Varnish-Server
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Request-Guid
X-Status
TCN
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Contextid
DC
Upgrade-Insecure-Requests
X-Magnolia-Registration
AKAMAI-GRN
Retry-After
X-EdgeConnect-Cache-Status
Host
X-Amzn-Remapped-Content-Length
X-Requestid
MS-Author-Via
X-Cache-Control
X-Cache-Age
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-Tt-Trace-Host
Frame-Options
X-Tt-Trace-Tag
X-Buckets
X-Debug
X-Varnish-Ttl
X-Origin-CC
X-Origin-TTL
X-Type
X-Original-Request-Id
X-Revision
X-Response-Served-From
X-RemovedCookies
X-ProcessESI
SD-X-WS
X-Oracle-Dms-Ecid
X-Hl-Ver
X-Mobile
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-INCAP-ABP
X-UUID
X-Instance
X-G
X-Backend-Name
X-ServerID
X-Seen-By
X-N
Cross-Origin-Opener-Policy-Report-Only
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Yottaa-Optimizations
X-Is-Bot
X-NYM-Debug-Backend
X-Rendered-As
X-Tumblr-Pixel-0
X-Akamai-Edgescape
X-Cache-Status-Check
X-Adobe-Content
X-Tumblr-Pixel
Cross-Origin-Embedder-Policy-Report-Only
X-Akamai-Request-ID2
X-Lambda-Id
Access-Control-Request-Headers
X-WP-CF-Super-Cache-Cache-Control
X-Mg-Request-UUID
NGB
X-AB
MS-CV
X-Debug-IsPreview
X-WP-CF-Super-Cache
X-Debug-IsConnected
X-RTag
X-Framework
Ms-Operation-Id
X-Content-Powered-By
X-Trace-Id
Section-Io-Id
X-Server-W
X-Storage
X-RM-Cache-TTL
Charset
X-Vcl-Version
X-Dc
Cache
Webserver
Filterid
X-Yandex-Req-Id
X-DataDome
X-ECache
Paypal-Debug-Id
X-Request-Platform
Accept-Language
X-Request-Site
X-B3-SpanId
X-Request-Bu
Refresh
X-Cache-Time
X-Cache-Hit
X-URL
X-VC-Cache
X-HITS
X-Tec-Api-Root
X-Tec-Api-Version
SRV
X-Tec-Api-Origin
X-Ms-Version
X-Ms-Request-Id
Onion-Location
X-Time
X-Node-Name
X-User-Agent
X-F-Cache
X-Region
X-Real-IP
YJS-CacheStatus
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Xet-Cookie
Liferay-Portal
CDN-RequestId
Priority
GEO-INFO
X-HTML-Minification-Powered-By
X-Fastcgi-Cache
X-IPS-LoggedIn
X-Mode
X-Environment-Context
X-L-Path
X-LB-Cache
X-Service
Cross-Origin-Window-Policy
X-Pass-Why
X-Rule
X-Datadog-Sampled
X-Rocket-Nginx-Serving-Static
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Timing-Wait
X-Drupal-Cache-Tags
X-Tb
X-UPSTREAM-Address
X-Rn-Rsrv
X-Proxy-Build
X-JoinUs
X-Cache-Expired-At
Selected-Fe
Meta-Geo
X-Rewrite-Enabled
Country
X-SaId
Backend
Protected
X-Whom
X-Geo-Region
X-Is-Mobile
X-Wix-Request-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-Browser-Name
X-BYPASS-REASON
X-Handled-By
X-Is-Mobile-Only
X-Is-Desktop
X-Is-Modern-Browser
X-Is-Tablet
X-Is-Supported-Browser
X-Origin-Cache
X-Tcp-Rtt
X-Adobe-Source
X-Origin
X-VC
X-Provided-By
Mn-Server-Ip
X-Web-Node
X-Generation-Time
TWC-GeoIP-Country
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-GeoIP-City
TWC-GeoIP-LatLong
Fastcgi-Useragent
Expiry
X-Servername
Property-Id
X-RCS-CacheZone
TWC-Connection-Speed
X-RateLimit-Remaining-Second
TWC-Device-Class
Webcakes-App-Version
X-Httpd
X-FB-TRIP-ID
X-Extlb
X-Detected-As
X-Loop
X-Proxy-Cache-Info
X-Origin-Hint
X-Origin-Date
X-Proxied
X-Connection-Hash
X-Cloudmap
Url
Uber-Trace-Id
TWC-Privacy
Web-Mar-Node
Webcakes-App-Name
X-RateLimit-Limit-Second
Webcakes-Region
X-WP-CF-Super-Cache-Active
TWC-Locale-Group
X-Routing-Service
ServerID
X-Zipkin-Id
X-Tncms
X-VCT
X-Varnish-Beresp-Grace
X-Vcache
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Soup
X-Locale
X-Redis-Cache
X-Alternate-Cache-Key
LB
OT-Force-Account-Verify
ServedBy
X-App-Environment
X-Format
X-Fetched-On
X-Forwarded-Host
X-Hit
X-Hosted-By
X-Director
X-Cms-Context
X-Cache-Action
X-Auth-Group-Type
X-Cacheable-TTL
X-Cdn-Origin
X-Cluster
DB-Nickname
X-Logging-Id
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Skip-Cache
Atl-Traceid
X-Tumblr-Pixel-2
X-Debug-Info
X-Cluster-Node
X-Say-Cacheable
X-Edge-Location
X-Endurance-Cache-Level
X-NewRelic-App-Data
X-Cache-Host
X-Scope-Id
X-Served-From
X-Say-TTL
Environment
X-SayCDN-TTL
X-Urbn-Context-Path
X-Urbn-Site-Id
X-FW-Type
X-Restarts
X-FW-Version
Locale
Cache-Hits
X-FW-Static
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
X-S
X-Drupal-Cache-Contexts
X-PHP-Host
X-Cache-Debug
Filters
X-IPLB-Instance
Apigw-Requestid
X-Server-ID
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-Platform
X-R9-Blue-Green-Version
Node
X-XRDS-Location
X-Api-Version
X-CDN-Cache-Status
X-GEO
X-Mly-Id
AR-SID
X-CDN-Forward
X-No-Session
X-CLOUD-TRACE-CONTEXT
X-Tt-Logid
Xserver
Front
X-Optimistic-Header
X-Varnish-Age
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
WPO-Cache-Status
X-ShardId
X-ShopId
X-UA
Countrycode
Cache-Tv-Group
X-Varnish-Beresp-Ttl
X-Varnish-Cache-Hits
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
X-Generated-By
X-Presslabs-Stats
X-Wormhole-Sdk
X-Fastly-Request-Id
X-SRV
X-B3-Traceid
X-Signature
X-B-Cache
X-NWS-UUID-VERIFY
X-CACHE-AGE
Referer-Policy
X-Client-Ip
X-Webstats-RespID
X-Azure-Ref-OriginShield
X-Site-Version
Request-ID
From-Origin
X-Ua
X-PHP-Backend
Cache-Provider
X-Cache-Rule
X-IsAdmin
AMP-Access-Control-Allow-Source-Origin
X-Cache-Operation
X-Accel-Version
X-Auto-Login
X-Worker
X-VWS-Id
X-LJ-Flow-ID
Location
X-AWS-Id
X-NF-Request-ID
X-TA-CDN-Provider
X-VC-TTL
X-Upstream-Ht
X-Upstream-Ct
X-Tx-Id
Expect-Staple
Sslversion
Redirect-Candidate
X-Content-Age
X-ApacheServer
X-Vdms-Version
X-SRCache-Key
Fl-Custom-Application
X-Conf
X-Vtex-Remote-Cache
Source
X-D
DCR-Decision-By
X-Org
X-Tb-Optimization-Total-Bytes-Saved
X-Bl-Debug
WPO-Cache-Message
X-Bc-Bl
X-BCube-Filmed-By
X-B-Cookie
X-Cache-NE
X-Loc
DCR-Processing-Time-Ms
Candidate-Md5Url
X-Clientip
X-External-Request-Id
X-Application
X-PERF
X-A
X-Destination
X-S-Cookie
Origin
Origin-Agent-Cluster
X-A-Ccd
N-Cache
Ngx.Var.Host
X-Rojux
X-A-Wwc
X-Ec-Fail
Pragrma
X-Ec-GeoHdr
X-Ig-Origin-Region
Rendered-Blocks
X-Developer
X-Ig-Push-State
X-ScT
S-Rt
X-A-Dam
X-A-Dcw
Meta-Geo-Continent
X-GeoCode
Host-ID
X-Aed
X-GeoCountry
Lang
Xc-Version
X-A-Dgt
MD5-Digest
X-Litespeed-Cache-Control
X-Xfnlog-Site
Canary
Wxu-Next-Commit
Wxu-Next-Hostname
Apple-News-Services-Host
CDN-EdgeStorageId
CDN-Cache
Apple-News-Services-Request-Url
Wxu-Next-Region
CDN-CachedAt
Apple-News-Services-Parsed-Url
X-FC-Vary-Parameters
X-Hash
IsBot
ServerName
L5d-Success-Class
Ha-Gx-Prefs
Gh-Request-Id
Gannett-Cam-Experience-Id
X-GeoIP-Country-Code
X-GeoIP-City
Log-Origin
Mail-Subject
Origin-Site
X-Gamma-Serve
Powered-By
X-From
Odigeo-Trace-Id
RNT-Time
RNT-Machine
Fastly-SSL
X-Forwarded-Site
CDN-RequestPullSuccess
CDN-Uid
Cdncip
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
We-Hiring
Cdnsip
Cluster
Store-Cloud-Cache
X-GoCache-CacheStatus
X-GeoIP-Region-Code
Apple-News-Services-Handled
Time-Cloud-Cache
X-Fmm-Version
X-HS-Content-Campaign-Id
Web-Mar-Region
X-AK-Request-ID
X-V-Cache
X-Ee-Origin
X-Varnish-Director
X-Vary-Devices
X-Policy
X-Slack-Shared-Secret-Outcome
X-Sucuri-Cache
X-CUA
X-Csrf-Jwt
X-VG-TLSProxy
X-PAYTM-SRV-ID
X-Cms-Device
Sid
X-Core-Value
X-Internal-TTL
X-Varnish-Authentication
X-Slack-Backend
X-Depends
X-Server-IP
X-Rocket-Build-Number
X-Req
X-Varnish-Hostname
X-Ee-Generated-By
CF-IPCountry
X-Save-Cache
X-SIPLIST1
X-Varnish-Beresp-Status
X-Sigma-Backend
X-Sigma
X-SD-PageType
X-Section
X-VG-WebCache
X-Contensis-Viewer-Groups
X-Node-Id
X-CGP
X-Old-Content-Length
X-ND-Cache
X-Origin-Expires
X-Epic-Correlation-Id
X-Micro-Cache
X-Access
X-Action
X-Aicache-OS
X-Eu-Site
X-Bug-Bounty
X-Mvc-Supplant-Cachable
X-Cache-Aspx
X-Ee-Request-Id
X-Ee-Request-Date
X-Parent-Response-Time
X-Reqid
X-NGINX-Cache
RewriteTeamHook
RewriteTestHook
Thinkindot-CacheControl-Type
User-Cache-Control
X-Akamai-Device-Characteristics
Thinkindot-CacheControl
X-Acquia-Purge-Cdn-Unconfigured
X-AB-Test
Release
X-Ec-Custom-Error
X-Accel-Expires-Debug
Req-Svc-Chain
X-Dispatcher-Server
Server-Host
X-Amz-Storage-Class
X-BBC-Edge-Cache-Status
Vix-Hermes-Req-Id
X-Backend-Instance
X-Debug-Cache-Fetch
X-Content-Length
X-Block-Status
X-Bip
TDXMobile
X-Debug-Cache-Store
X-Cache-Date
X-Date
X-DefElseHash
X-Frame-Option
X-App-Name
V-Age
X-DefHash
X-HN
X-Op-Id-All
X-Fastly-Backend
X-Cs
X-Nyt-Route
X-Origin-Time
X-Path
X-Via-Fastly
X-Viewer-Country
X-Up
X-Vmg-Version
X-NMSegId
X-We-Are-Hiring
X-Level-Front-Cache
X-Jungle-Id
Country-Code
X-CacheTTL
X-Mvc-Supplant-OutputCached
X-Men
X-Gdpr
X-UA-Device-Type
X-Wikidot-Static-Cache
X-Air-Pt
X-Varnish-CookieHashed-On
X-SB
X-Shield-Cache-Expires
X-Request-URI
X-Render-Time
X-Proto
X-Pubstack
X-Region-Sid
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Thanos
X-Thinkindot-L1
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Varnish-CookieINHashed-On
X-Sn-Servicetimems
X-Uri
X-Ion-Hop
X-FORWARDED-FOR
X-Generated-On
Machine
NM-Fastcgi-Cache
X-Human
Cmstype
CDCHOST
L
Fastly-Backend-Name
Content-Script-Type
X-Hnp-Log
Content-Style-Type
X-Wikidot-Backend
Cmsid
DSUID
X-Gen-Mode
Nord-Request-ID
Azure-SiteName
Cache-Contol
Azure-RegionName
Azure-InstanceId
X-Ion-Healthy
Azure-Version
Azure-SlotName
PFcat
Pics-Label
Origin-CC
Origin-EX
X-Vercel-Id
Producers
X-Vercel-Cache
X-Gzip
Fastly-GeoIP-CountryCode
X-Proxied-Request
X-DPWN-IS-SECURE
Platform
X-Cache-Id
X-Moov-Xdn-Version
X-B3-Trace-ID
CacheControlHeader
Cdn-Host
X-Moov-Xdn-Caching-Status
X-Moov-T
CloudFront-Viewer-Country
X-Esi-Check
X-Location
C-Via
Tube-Get-Contents
Cdn-Request-Time
Tube-Return
Tube-Got-Results
Tube-Got-Eval
X-Edge-Server
X-LSADC-Cache
X-ElasticPress-Query
Click-Count-Action-Start
X-Cache-FS-Status
Click-Count-Error
XM
X-Origin-Response-Time
Fastly-Drupal-HTML
X-ZONE
X-Sucuri-ID
X-Source
Mime-Version
X-Pad
NGX
X-Cached-By
Debug
X-Refresh
Load-Balancing
X-Varnish-Hits
X-APP
Cookie
GeoIP-Latitude
X-Servedbyhost
X-Nginx-Cache-Key
GeoIp-Country-Code
X-Via-Popv
X-Debug-Service
X-Datadome
X-Via-Popn
X-Via-Poph
True-Client-Country-4JS
Server-Ext
X-Nananana
Server-Hostname
X-DynaTrace-JS-Agent
Sever-Int
X-Srv
X-TH-Server
Server-ID
Product
X-AIR-PT
X-HA-Backend
HA-Ipaddr
X-Litespeed-Tag
X-TT-LOGID
X-Webkit-CSP
X-Amz-Meta-Cb-Modifiedtime
Cdn
Show-Do-Not-Sell-Link
X-Cdn-Forward
Traceparent
X-Ez-Minify-Html
X-Nc
X-Zone
X-Cache-Backend
WZWS-RAY
X-Fpc
X-Cache-VC
X-GeoIP
X-Wa
X-Newrelic-Synthetics
DataCenter
X-B3-Parentspanid
HostName
X-LB-ID
X-Unity-Cache
X-User
Edge-Cache
Fastly-Drupal-Html
SID
MIME-Version
Tcn
X-VCL-Version
X-Lsadc-Cache
X-CDN-Provider
X-Request-Start
Akamai-Mon-Iucid-Del
X-AC
X-LB-NoCache
Resin-Trace
Lb
X-B3-Spanid
X-Vc
X-Nginx-Cache
Yjs-Id
X-Proxy-CacheR9
X-Scheme
X-Service-Response-Time
Sm-Log-Id
Serverhost
Xkeylog
X-Proxy-Cache-La3
XkeyR9
A
Xkey-La3
Wsr-Cache
X-TX-ID
CountryCode
X-Datacenter
X-LiteSpeed-Tag
X-HOST
Cs
Surrogated-Key
Hostname
X-Request-Host
X-Lb-Id
NtCoent-Length
X-Pool
X-CS
X-LiteSpeed-Cache-Control
X-RateLimit-Limit
Uri
X-Akamai-Pragma-Client-IP
Datacenter
X-WA
X-Dynatrace-Js-Agent
X-NodeID
X-HubSpot-Correlation-Id
Esi-Enabled
CDN
Cdn-Requestid
X-API-Version
X-RequestId
X-Aspnet-Version
X-Fastly-Backend-Reqs
X-FPC
X-VC-Age
X-Udemy-Cache-App-Namespace
X-ID
X-NC
X-Vgn-Hpd-Reason
X-Cache-Grace
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-HA-Device-Type
X-Stale
X-HA-Bot-Classification
X-HA-Application-Name
X-Styx-Info
X-DataCenter
Content-Secure-Policy
X-Styx-Origin-Id
Yak-Timeinfo
Pramga
X-TIM-N
X-Via-JSL
X-DynaTrace
Server-Id
Proxy-Firewall
X-Html-Minification-Powered-By
Cr
X-CSRF-TOKEN
N1-Cache
GeoIP-Country-Code
X-Var-Ttl
Geoip-Latitude
T-Server
ServerHost
X-Srcache-Store-Status
X-TimeS
X-Via-CDN
X-Via-SSL
X-Via-Edge
X-Ez-Minify-Js
X-Srcache-Fetch-Status
RATING
Edge-Copy-Time
Req-ID
X-Varnish-Beresp-TTL
X-Geolocation
Srv
X-Ha-Backend
X-Swift-Error
X-ServedByHost
X-Jobs
W
X-Lb-Nocache
X-Zen-Fury
From-Cache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Aspnetmvc-Version
X-Oracle-DMS-ECID
True-Client-IP
WP-Super-Cache
X-MSEdge-Features
X-App
X-MSEdge-Flight
X-Via-PopV
X-Via-PopN
X-Via-PopH
Cloudfront-Viewer-Country
X-CACHE-KEY
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sorting-Hat-Shopid
X-Wp-Cf-Super-Cache-Active
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-LAGOON
X-Key
X-VServer
Ohc-Cache-HIT
Ohc-File-Size
X-Ramcache
X-ByteArk-Cache
X-Correlation-ID
FSS-Cache
On-Server
X-Proxy-Cache-LA2
X-Cdn-Srv
X-Ssense-Gql
X-ByteArk-ReqID
X-Ssense-Shipping-Surcharge-Enabled
X-Elasticpress-Query
CF-Cached-On
Ngx
X-Check-Cacheable
X-Cdn-Cache-Status
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Web-Server
X-Webkit-Csp-Report-Only
Cl-Cache
X-Powered-By-VTEX-Cache
X-Sucuri-Id
X-Geo
X-DC
X-Serial
X-Th-Server
X-Fastly-Cache
X-ATG-Version
WebServer
Akamai-X-True-TTL
X-PageType
Cf-Ipcountry
X-Iplb-Request-Id
X-Iplb-Instance
Warning
FSS-Proxy
X-WA-Info
Cneonction
X-MiniProfiler-Ids
X-Limited
X-Beacon
My-App
X-Mg-Cache
Xkey-G-Jp
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Currency
X-Fastly-Cache-Status
User-Agent
X-Request-Url
X-Env
Host-Name