Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH-Lifetime
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Cf-Request-Id
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
Xkey
X-CONTENT-TYPE-OPTIONS
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
X-XSS-PROTECTION
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Request-ID
X-Amz-Version-Id
X-Rq
X-AH-Environment
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Litespeed-Cache
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Node
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Server-Id
X-Host
X-Country-Code
X-Backend-Server
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-LiteSpeed-Cache
X-Response-Time
X-Ruxit-JS-Agent
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
P3p
X-Ua-Device
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
Request-Id
X-TraceId
Fastly-Restarts
X-Application-Context
X-Content-Type
X-Clacks-Overhead
X-Times
Rating
X-Vname
X-TtlSet
X-PC
X-Cnection
X-Nf-Request-Id
X-Midtier
X-Mcache
X-Edge
X-ESI
X-Oneagent-Js-Injection
X-Browser-Type
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
Edge-Control
X-Vcap-Request-Id
X-Cache-TTL
Origin-Trial
Surrogate-Key
X-Country
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Element-Page-Cache
X-FastCGI-Cache
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-D2id
X-Abt-Application-Version
X-Ac
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
Akamai-GRN
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Sol
Display
X-Middleton-Display
Pagespeed
X-GitHub-Request-Id
X-Language
X-Url
X-Ruxit-Js-Agent
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
S
AR-Request-ID
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
X-MS-InvokeApp
X-Ratelimit-Limit
X-Ttl
X-Goog-Hash
X-Resp-Is-Stale
X-Distributor
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
X-Ser
SPRequestGuid
SPRequestDuration
X-SharePointHealthScore
SPIisLatency
X-Client-IP
X-NGENIX-Cache
Access-Control-Request-Method
X-Ezoic-Cdn
X-Content-Digest
Front-End-Https
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Cache-Key
X-Recruiting
RTSS
X-Amzn-Trace-Id
X-Varnish-TTL
Cache-Status
X-Version
X-Powered-CMS
X-Mg-S
Public-Key-Pins
X-T
TP-Cache
Fastcgi-Cache
X-MSEdge-Ref
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Accel-Expires
X-Daa-Tunnel
Arr-Disable-Session-Affinity
X-Ismobilevalue
AR-CACHE
Realpath
Cache-Tags
X-Cluster-Name
X-Cached
X-Fastly-Request-ID
X-Correlation-Id
X-Id
X-Content-Security-Policy-Report-Only
Content-MD5
X-HS-Combine-CSS
X-Newrelic-App-Data
X-Request-Processing-Time
X-Request-Received
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ua-Browser
Payment
X-DIS-Request-ID
X-Forwarded-For
X-GUploader-UploadID
X-Jurisdiction
X-HP-Webp
X-Cambria-Cache-Control
YJS-ID
X-HP-Trace-Id
Ar-SID
X-HS-Prerendered
X-Azure-Ref
X-RateLimit-Remaining
X-HS-CF-Cache-Status
Content-Disposition
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-Request-Device-Id
X-COUNTRY
X-Server-Name
X-Xrds-Location
Count-Hit
X-Webkit-Csp
X-SERVER-NAME
X-Px
X-Origin-Server
X-Unique-Id
Cleartype
Cross-Origin-Resource-Policy
X-Ratelimit-Reset
X-Page-Id
X-SRCache-Store-Status
Cross-Origin-Embedder-Policy
X-SRCache-Fetch-Status
X-Logged-In
X-VARITI-CCR
X-FB-Debug
X-Rid
Accept-Charset
X-Git-Hash
X-Protected-By
X-Proxy
X-AppVersion
X-Az
X-Activity-Id
X-Amz-Meta-S3cmd-Attrs
X-Www-Served-By
X-Load-Cache
X-LLID
X-CST
MicrosoftSharePointTeamServices
X-Goog-Metageneration
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Template
X-Request-Handler-Origin-Region
Version
X-Microsite
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Backend
X-Geo-Country
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-ORACLE-DMS-ECID
X-Forwarded-Proto
X-TTL
Server-Node
X-Upgrade-Enabled
X-Hits
Server-Name
X-Hostname
X-B3-Sampled
X-Content-Options
X-PressLabs-Stats
Section-Io-Cache
Viewport
X-Varnish-Grace
X-TT
X-Device-Type
X-App-Server
X-Fb-Rlafr
X-Grace
Fastly-SWR
Access-Control-Allow-Method
X-Frontend
Fastly-SIE
X-B
Mrf-Cache-Status
X-Varnish-Server
MRF-Tech
X-B3-TraceId-Primal
Alternate-Protocol
Healthy
X-WebKit-CSP-Report-Only
X-Status
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
TCN
X-Request-Guid
Upgrade-Insecure-Requests
X-Magnolia-Registration
DC
X-Contextid
Host
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-Oracle-Dms-Ecid
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
X-Tt-Trace-Tag
MS-Author-Via
Retry-After
X-Tt-Trace-Host
X-Cache-Control
X-Varnish-Ttl
X-URL
X-Buckets
X-Debug
X-Cache-Age
AKAMAI-GRN
X-App-Version
Frame-Options
X-Type
X-Revision
X-Requestid
X-Vcl-Version
X-Original-Request-Id
X-Backend-Name
X-Response-Served-From
SD-X-WS
X-Instance
X-Seen-By
X-Yottaa-Metrics
X-Akamai-Edgescape
X-WP-CF-Super-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Loc
X-Adobe-Content
X-Yottaa-Optimizations
X-INCAP-ABP
X-Tumblr-User
Cross-Origin-Embedder-Policy-Report-Only
X-Is-Bot
X-NYM-Debug-Backend
X-ProcessESI
X-Rendered-As
X-RemovedCookies
X-Cache-Status-Check
X-N
X-Tumblr-Pixel-1
X-UUID
X-WP-CF-Super-Cache-Cache-Control
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Hl-Ver
Access-Control-Request-Headers
X-Framework
X-ServerID
X-Lambda-Id
X-Trace-Id
X-Origin-CC
X-Origin-TTL
X-G
X-Mg-Request-UUID
X-Debug-IsPreview
X-Content-Powered-By
X-Akamai-Request-ID2
Section-Io-Id
X-Debug-IsConnected
Charset
X-Mobile
X-Server-W
MS-CV
X-RM-Cache-TTL
X-RTag
X-Storage
Ms-Operation-Id
X-AB
VIX-Pulpo-Node
NGB
VIX-Pulpo-Upstream-Status
X-DataDome
X-Dc
Webserver
Filterid
X-B3-SpanId
Cache
Accept-Language
X-Server-ID
X-Request-Site
X-Request-Bu
X-Request-Platform
X-Cache-Time
X-HITS
X-Tec-Api-Root
X-Fastcgi-Cache
X-Cache-Hit
X-Tec-Api-Origin
X-Tec-Api-Version
Refresh
Paypal-Debug-Id
SRV
X-VC-Cache
X-Time
Onion-Location
X-Ms-Version
X-Ms-Request-Id
X-Region
X-Real-IP
X-Yandex-Req-Id
X-Node-Name
X-User-Agent
X-F-Cache
Priority
CDN-RequestId
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Xet-Cookie
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Pass-Why
X-XRDS-Location
X-LB-Cache
X-HTML-Minification-Powered-By
Protected
Liferay-Portal
X-Rocket-Nginx-Serving-Static
X-L-Path
AR-SID
GEO-INFO
X-Environment-Context
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Mode
X-Datadog-Sampling-Priority
X-Datadog-Sampled
YJS-CacheStatus
X-Whom
X-Drupal-Cache-Tags
Backend
X-Wormhole-Sdk
Country
X-Service
X-Cache-Expired-At
X-Rule
X-Tb
X-NF-Request-ID
X-WP-CF-Super-Cache-Active
X-Adobe-Source
X-Handled-By
OT-Force-Account-Verify
LB
X-Origin-Date
X-Proxied
X-Tncms
ServedBy
X-MP-GENERATED-AT
Property-Id
X-Origin-Hint
X-Extlb
X-IPLB-Instance
Webcakes-App-Name
X-IPLB-Request-ID
Web-Mar-Node
X-Detected-As
Webcakes-App-Version
Webcakes-Region
X-Cloudmap
Meta-Geo
Url
X-Browser-Name
ServerID
X-UPSTREAM-Address
X-Varnish-Beresp-Grace
X-Is-Modern-Browser
X-Is-Tablet
TWC-GeoIP-City
X-Loop
X-Is-Supported-Browser
TWC-Device-Class
X-Proxy-Cache-Info
X-Is-Mobile
TWC-GeoIP-DMA
X-Wix-Request-Id
X-Servername
TWC-GeoIP-Country
X-JoinUs
X-Tcp-Rtt
X-Is-Desktop
TWC-Connection-Speed
TWC-GeoIP-Region
X-Rewrite-Enabled
X-App-Environment
TWC-Locale-Group
X-Vcache
TWC-Privacy
X-FB-TRIP-ID
X-Rn-Rsrv
TWC-GeoIP-LatLong
X-Routing-Service
X-Zipkin-Id
X-SaId
X-Geo-Region
Mn-Server-Ip
Uber-Trace-Id
Expiry
X-Redis-Cache
X-Connection-Hash
X-Format
X-Cms-Context
X-Web-Node
X-Logging-Id
X-Locale
X-Fetched-On
X-Storefront-Renderer-Rendered
X-Soup
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Skip-Cache
X-Shopify-Stage
X-Forwarded-Host
X-Generation-Time
X-Cdn-Origin
X-ProxyCache-Key
X-Cache-Host
X-Cache-Action
X-BYPASS-REASON
X-Httpd
X-Hosted-By
X-Hit
X-Restarts
X-Cluster-Node
X-Director
X-ProxyCache-Status
X-Cluster
X-Alternate-Cache-Key
DB-Nickname
Atl-Traceid
X-Cacheable-TTL
X-Urbn-Site-Id
X-SayCDN-TTL
X-Edge-Location
X-RateLimit-Remaining-Second
X-Urbn-Context-Path
X-FW-Dynamic
X-FW-Type
X-FW-Version
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-RCS-CacheZone
X-RateLimit-Limit-Second
X-Say-TTL
X-Scope-Id
X-Say-Cacheable
Apigw-Requestid
Locale
Environment
Fastcgi-Useragent
Selected-Fe
Cache-Hits
Filters
X-PHP-Host
X-Drupal-Cache-Contexts
X-S
X-Auth-Group-Type
X-Proxy-Build
X-Presslabs-Stats
X-Timing-Wait
X-Served-From
X-Labrador-Cache-Channel
X-Origin
X-Debug-Info
X-Endurance-Cache-Level
X-VCT
X-Cache-Debug
X-Provided-By
X-ECache
X-Origin-Cache
X-Is-Mobile-Only
X-GEO
X-ShardId
X-R9-Blue-Green-Version
X-Mly-Id
X-UA
X-VC
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-No-Session
X-Platform
Front
X-CDN-Forward
Node
Xserver
X-NewRelic-App-Data
X-CDN-Cache-Status
X-Lagoon
X-Varnish-Cache-Hits
X-Varnish-Age
X-Varnish-Beresp-Ttl
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Tv-Group
X-SRV
X-Generated-By
X-CLOUD-TRACE-CONTEXT
WPO-Cache-Status
X-Api-Version
X-Tt-Logid
X-CACHE-AGE
Countrycode
X-Signature
X-B-Cache
X-NWS-UUID-VERIFY
X-Optimistic-Header
X-Site-Version
X-Webstats-RespID
Referer-Policy
From-Origin
X-Azure-Ref-OriginShield
Cache-Provider
X-B3-Traceid
X-Accel-Version
X-Client-Ip
X-VC-TTL
X-Cache-Rule
X-Cache-Operation
X-PHP-Backend
X-IsAdmin
X-Worker
Location
X-Tx-Id
Request-ID
X-Ua
X-Auto-Login
X-FORWARDED-FOR
CF-IPCountry
X-Tb-Optimization-Total-Bytes-Saved
Source
X-Sucuri-Cache
X-Source
X-Xfnlog-Site
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-TA-CDN-Provider
AMP-Access-Control-Allow-Source-Origin
S-Rt
X-Reqid
X-Litespeed-Cache-Control
IsBot
L5d-Success-Class
CDN-Uid
Host-ID
Ha-Gx-Prefs
Lang
Log-Origin
MD5-Digest
Meta-Geo-Continent
X-Application
X-B-Cookie
X-BCube-Filmed-By
Gh-Request-Id
X-Bl-Debug
X-Cache-NE
DCR-Processing-Time-Ms
DCR-Decision-By
Cluster
Cdncip
Expect-Staple
X-Cache-Aspx
Fl-Custom-Application
X-ApacheServer
Fastly-SSL
X-Bug-Bounty
Cdnsip
Odigeo-Trace-Id
Wxu-Next-Hostname
X-Access
X-CGP
X-Action
Web-Mar-Region
Wxu-Next-Region
X-A
X-A-Dgt
X-A-Dam
X-A-Ccd
X-A-Wwc
X-Aed
X-AK-Request-ID
Pragrma
Redirect-Candidate
Origin
X-A-Dcw
Ngx.Var.Host
Rendered-Blocks
RNT-Machine
Time-Cloud-Cache
Store-Cloud-Cache
Sslversion
RNT-Time
N-Cache
X-Eu-Site
X-Save-Cache
X-S-Cookie
X-Rojux
X-ScT
X-SD-PageType
X-Sigma
X-Section
X-Rocket-Build-Number
X-Request-URI
X-PAYTM-SRV-ID
X-Origin-Expires
X-PERF
X-Policy
X-Req
X-Pubstack
X-Sigma-Backend
X-SIPLIST1
X-VG-TLSProxy
X-Vdms-Version
X-Vary-Devices
X-VG-WebCache
X-Viewer-Country
Xc-Version
X-Vtex-Remote-Cache
X-Varnish-Hostname
X-Varnish-Director
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-SRCache-Key
X-V-Cache
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Org
X-Old-Content-Length
X-Ec-Fail
X-Developer
X-Destination
X-Ec-GeoHdr
X-Ee-Generated-By
X-Ee-Request-Date
X-Ee-Origin
X-Depends
X-D
X-Conf
X-Cms-Device
X-Contensis-Viewer-Groups
X-Content-Age
X-Csrf-Jwt
X-Core-Value
X-Ee-Request-Id
CDN-RequestPullSuccess
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Hash
X-Ig-Push-State
X-Loc
X-Node-Id
X-Micro-Cache
X-GeoIP-City
X-GeoCountry
X-FC-Vary-Parameters
X-External-Request-Id
X-Fmm-Version
X-Forwarded-Site
X-GeoCode
X-From
X-Clientip
Wxu-Next-Commit
CDN-EdgeStorageId
CDN-RequestPullCode
Candidate-Md5Url
Apple-News-Services-Handled
WPO-Cache-Message
X-Fastly-Request-Id
CDN-CachedAt
Apple-News-Services-Request-Url
Origin-Agent-Cluster
CDN-RequestCountryCode
CDN-Cache
Apple-News-Services-Parsed-Url
CDN-PullZone
Apple-News-Services-Host
X-Upstream-Ht
X-Upstream-Ct
X-Gen-Mode
X-Gdpr
X-VarnishDD-TTL
X-Fastly-Backend
X-Varnish-Remaining-TTL
Powered-By
We-Hiring
X-Gamma-Serve
X-CUA
X-Generated-On
TDXMobile
Thinkindot-CacheControl
X-Proto
X-GoCache-CacheStatus
ServerName
Thinkindot-CacheControl-Type
X-GeoIP-Region-Code
X-Varnish-CookieINHashed-On
User-Cache-Control
X-Varnish-CookieHashed-On
X-GeoIP-Country-Code
X-SB
V-Age
X-Aicache-OS
X-Via-Fastly
X-DefHash
X-Dispatcher-Server
X-Cache-Date
X-Block-Status
X-We-Are-Hiring
X-DefElseHash
X-Debug-Cache-Store
X-Vmg-Version
X-Content-Length
X-Date
X-Debug-Cache-Fetch
X-CacheTTL
X-Thinkindot-L3
X-Bc-Bl
Server-Host
X-Akamai-Device-Characteristics
X-Epic-Correlation-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-Region-Sid
X-Amz-Storage-Class
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Ec-Custom-Error
X-App-Name
X-Render-Time
X-AB-Test
RewriteTestHook
X-Moov-Xdn-Caching-Status
CDCHOST
X-Moov-Xdn-Version
X-Mvc-Supplant-Cachable
DSUID
Gannett-Cam-Experience-Id
X-Moov-T
L
X-Up
X-Level-Front-Cache
X-Men
Canary
X-NMSegId
X-Nyt-Route
Cmsid
Cmstype
X-Uri
X-Origin-Time
X-Path
X-Sn-Servicetimems
X-Op-Id-All
Country-Code
X-Shield-Cache-Expires
Content-Style-Type
Content-Script-Type
X-Air-Pt
X-Jungle-Id
Cache-Contol
PFcat
X-UA-Device-Type
Origin-Site
Origin-EX
X-Internal-TTL
Origin-CC
X-Human
Release
X-Thinkindot-L1
X-NGINX-Cache
RewriteTeamHook
X-HN
X-Hnp-Log
Req-Svc-Chain
Nord-Request-ID
X-Ion-Healthy
Azure-InstanceId
Azure-SiteName
NM-Fastcgi-Cache
X-Ion-Hop
Azure-RegionName
Azure-SlotName
Mail-Subject
Azure-Version
X-Frame-Option
X-LSADC-Cache
X-Gzip
X-Location
X-Vercel-Cache
X-Mvc-Supplant-OutputCached
X-Esi-Check
X-Vercel-Id
X-Edge-Server
X-DPWN-IS-SECURE
X-Proxied-Request
X-Cs
Tube-Got-Eval
Tube-Get-Contents
X-Server-IP
X-Thanos
Tube-Return
X-Bip
Machine
Vix-Hermes-Req-Id
X-SVT-ORM-VERSION
Producers
Platform
Cdn-Host
Click-Count-Error
Click-Count-Action-Start
Cdn-Request-Time
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
X-SVT-ORM-RULES
C-Via
CacheControlHeader
Fastly-Drupal-HTML
Tube-Got-Results
X-Cache-FS-Status
X-Cache-Id
X-B3-Trace-ID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Parent-Response-Time
X-ND-Cache
X-ElasticPress-Query
XM
X-Sucuri-ID
Pics-Label
X-Origin-Response-Time
CloudFront-Viewer-Country
NGX
X-ZONE
Sid
X-Pad
Mime-Version
Debug
X-Cached-By
X-TT-LOGID
X-Via-Poph
X-Via-Popn
X-APP
X-Via-Popv
X-Varnish-Hits
X-Refresh
X-HA-Backend
GeoIP-Latitude
X-Servedbyhost
X-TH-Server
HA-Ipaddr
GeoIp-Country-Code
Product
X-Nananana
Server-ID
Cookie
X-AIR-PT
X-Nginx-Cache-Key
X-Datadome
X-Debug-Service
X-Amz-Meta-Cb-Modifiedtime
X-DynaTrace-JS-Agent
Load-Balancing
True-Client-Country-4JS
X-Litespeed-Tag
X-Nc
Sever-Int
X-GeoIP
X-Fpc
Server-Ext
Server-Hostname
X-Wa
X-Cache-VC
X-Srv
SID
X-Cdn-Forward
X-Webkit-CSP
X-B3-Parentspanid
X-User
Cdn
X-Zone
Show-Do-Not-Sell-Link
Edge-Cache
X-Ez-Minify-Html
Traceparent
X-Cache-Backend
MIME-Version
X-LB-ID
WZWS-RAY
HostName
DataCenter
X-Vc
X-Unity-Cache
X-Newrelic-Synthetics
Fastly-Drupal-Html
Akamai-Mon-Iucid-Del
X-LB-NoCache
Resin-Trace
X-Scheme
Tcn
X-Nginx-Cache
X-Request-Start
X-VCL-Version
X-Lsadc-Cache
Serverhost
Lb
Surrogated-Key
X-CDN-Provider
X-AC
Wsr-Cache
X-API-Version
CountryCode
X-B3-Spanid
Sm-Log-Id
X-Service-Response-Time
X-Proxy-CacheR9
X-Proxy-Cache-La3
XkeyR9
Xkeylog
X-Pool
Xkey-La3
Yjs-Id
X-CS
X-Datacenter
Hostname
NtCoent-Length
X-TX-ID
X-HOST
A
X-NodeID
X-Udemy-Cache-App-Namespace
X-Request-Host
X-RequestId
Cs
X-Vgn-Hpd-Reason
X-LiteSpeed-Tag
Datacenter
Uri
X-Lb-Id
X-Cache-Grace
X-HubSpot-Correlation-Id
X-RateLimit-Limit
X-Air-Source
N1-Cache
X-Air-Hostname
X-Air-Trace-Id
X-LiteSpeed-Cache-Control
CDN
Yak-Timeinfo
X-Dynatrace-Js-Agent
Cdn-Requestid
X-Akamai-Pragma-Client-IP
Esi-Enabled
X-WA
X-DataCenter
X-DynaTrace
X-FPC
X-Via-Edge
X-Via-CDN
X-VC-Age
X-ID
X-Fastly-Backend-Reqs
Edge-Copy-Time
X-Via-SSL
X-NC
X-Stale
X-Styx-Origin-Id
X-Styx-Info
X-Html-Minification-Powered-By
X-Geolocation
X-HA-Device-Type
Server-Id
Pramga
X-HA-Bot-Classification
X-Jobs
X-Via-JSL
X-HA-Application-Name
X-Zen-Fury
Cr
GeoIP-Country-Code
Geoip-Latitude
T-Server
RATING
X-Var-Ttl
X-TIM-N
Proxy-Firewall
X-Srcache-Store-Status
True-Client-IP
X-Srcache-Fetch-Status
X-Ez-Minify-Js
X-TimeS
Req-ID
Content-Secure-Policy
ServerHost
W
X-Lb-Nocache
From-Cache
X-ServedByHost
X-Webkit-Csp-Report-Only
X-Swift-Error
WP-Super-Cache
X-Varnish-Beresp-TTL
X-Cdn-Srv
On-Server
Srv
X-Oracle-DMS-ECID
X-MSEdge-Features
X-MSEdge-Flight
X-App
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
X-CSRF-TOKEN
X-VTEX-Cache-Server
X-CACHE-KEY
X-Proxy-Cache-LA2
X-Ramcache
X-Ha-Backend
Cloudfront-Viewer-Country
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Fastly-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Sucuri-Id
X-Correlation-ID
X-Via-PopH
X-Ssense-Gql
X-Via-PopV
X-Via-PopN
FSS-Cache
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
CF-Cached-On
X-Sorting-Hat-Shopid
X-Geo
X-Shardid
X-Shopid
X-Sorting-Hat-Podid
Coldstone-Viewer-Country-Region-Name
Ohc-File-Size
X-Key
X-VServer
Ohc-Cache-HIT
Cl-Cache
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
X-Check-Cacheable
X-Web-Server
Ngx
X-WA-Info
X-Cdn-Cache-Status
X-Elasticpress-Query
Akamai-X-True-TTL
X-DC
X-ATG-Version
X-Th-Server
X-PageType
WebServer
X-Serial
Cf-Ipcountry
Xkey-G-Jp
Host-Name
Warning
X-Env
X-Mg-Cache
Cneonction
FSS-Proxy
X-Request-Url
X-Fastly-Cache-Hits
X-Fastly-Cache-Status
BehaviorPad-Version
User-Agent