Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Cf-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
X-Ua-Compatible
Server-Timing
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
Keep-Alive
X-AH-Environment
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Litespeed-Cache
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Server-Id
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
P3p
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Clacks-Overhead
X-Country
X-Application-Context
X-PC
X-TtlSet
X-Vname
Rating
X-Times
X-Cnection
X-Edge
X-Midtier
X-Browser-Type
X-ESI
X-Mcache
X-Cache-TTL
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Vcap-Request-Id
X-FTR-Expires
Accept-Ch-Lifetime
Surrogate-Key
X-Ac
Origin-Trial
Edge-Control
X-Powered-By-Plesk
X-Element-Page-Cache
X-Cdn-Fetch
X-Abt-Application-Version
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-D2id
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Nf-Request-Id
X-Ua-Device
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-ORACLE-DMS-RID
X-Navigation-Version
X-Mod-Pagespeed
X-Amz-Rid
Nginx-Cache
Display
X-Sol
Pagespeed
X-Middleton-Display
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-GitHub-Request-Id
X-Language
X-Client-IP
X-Envoy-Decorator-Operation
Akamai-GRN
X-Middleton-Response
Response
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
S
AR-ATIME
AR-Request-ID
AR-PoweredBy
Edge-Cache-Tag
X-MS-InvokeApp
X-Goog-Hash
X-Resp-Is-Stale
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ratelimit-Limit
X-Ser
X-Distributor
SPRequestDuration
SPIisLatency
X-Url
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
X-Cache-Key
Access-Control-Request-Method
X-NGENIX-Cache
X-Ezoic-Cdn
Front-End-Https
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Recruiting
X-Varnish-TTL
RTSS
X-Amzn-Trace-Id
X-Oneagent-Js-Injection
Cache-Status
X-Powered-CMS
X-Version
Public-Key-Pins
X-T
X-Mg-S
X-MSEdge-Ref
Fastcgi-Cache
TP-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-Forwarded-For
X-Ttl
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Daa-Tunnel
X-Ismobilevalue
X-Correlation-Id
Realpath
X-Cluster-Name
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Ruxit-Js-Agent
X-Fastly-Request-ID
X-TTL
X-Request-Received
X-Request-Processing-Time
X-Server-Name
X-HS-Combine-CSS
X-Ua-Browser
X-Kong-Proxy-Latency
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
Payment
Content-MD5
X-DIS-Request-ID
X-RateLimit-Remaining
X-CST
X-Newrelic-App-Data
X-GUploader-UploadID
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Xrds-Location
Content-Disposition
X-Webkit-Csp
X-Azure-Ref
Count-Hit
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-Px
YJS-ID
X-Page-Id
Cleartype
Cross-Origin-Embedder-Policy
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
Accept-Charset
X-ORACLE-DMS-ECID
X-Unique-Id
X-Microsite
X-Proxy
Cross-Origin-Resource-Policy
X-Logged-In
X-FB-Debug
X-Origin-Server
X-Rid
X-Activity-Id
X-AppVersion
X-Az
X-Git-Hash
X-Protected-By
X-Www-Served-By
X-VARITI-CCR
X-Template
X-Load-Cache
X-PressLabs-Stats
Ar-SID
X-LLID
X-Goog-Metageneration
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Meta-S3cmd-Attrs
X-SERVER-NAME
X-URL
Version
X-Forwarded-Proto
X-Hits
Server-Node
X-Upgrade-Enabled
Server-Name
X-Geo-Country
X-Amz-Apigw-Id
X-Request-Device-Id
X-Amzn-RequestId
X-Hostname
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-B3-Sampled
X-Content-Options
X-Frontend
X-Varnish-Grace
Viewport
Section-Io-Cache
X-TT
X-Varnish-Server
X-App-Server
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Device-Type
X-Fb-Rlafr
X-Status
Alternate-Protocol
X-B
Fastly-SWR
X-Grace
Access-Control-Allow-Method
Fastly-SIE
Healthy
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Upgrade-Insecure-Requests
X-Meli-Trace-Site
X-Request-Guid
X-WebKit-CSP-Report-Only
X-Meli-Trace-Platform
X-Meli-Trace-Bu
TCN
Host
X-COUNTRY
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
X-Tt-Trace-Host
X-Tt-Trace-Tag
DC
X-CSRF-Token
X-Buckets
X-Cache-Age
AKAMAI-GRN
Retry-After
X-Contextid
X-Amzn-Remapped-Content-Length
Amp-Access-Control-Allow-Source-Origin
X-Debug
X-NF-Request-ID
MS-Author-Via
X-Cache-Control
X-Revision
X-Varnish-Ttl
X-Tec-Api-Origin
X-Type
X-Tec-Api-Version
X-Tec-Api-Root
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Response-Served-From
X-Seen-By
SD-X-WS
X-Original-Request-Id
X-Instance
Cross-Origin-Embedder-Policy-Report-Only
X-RemovedCookies
X-Rendered-As
Cross-Origin-Opener-Policy-Report-Only
X-Hl-Ver
X-Adobe-Loc
X-Is-Bot
X-Adobe-Content
X-NYM-Debug-Backend
X-ProcessESI
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Tumblr-User
X-Yottaa-Optimizations
X-UUID
X-Tumblr-Pixel
X-Vcl-Version
X-N
Section-Io-Id
X-Backend-Name
X-Lambda-Id
Access-Control-Request-Headers
X-Debug-IsPreview
X-G
X-Akamai-Edgescape
X-App-Version
X-Debug-IsConnected
X-Content-Powered-By
AR-SID
X-Framework
X-Mg-Request-UUID
X-Origin-CC
Charset
X-Trace-Id
X-Origin-TTL
X-ServerID
X-Storage
X-Wormhole-Sdk
X-Mobile
X-INCAP-ABP
X-Akamai-Request-ID2
NGB
X-Server-W
MS-CV
Ms-Operation-Id
X-RTag
X-RM-Cache-TTL
X-AB
X-Dc
Frame-Options
X-Request-Bu
X-Cache-Status-Check
X-Request-Site
X-Request-Platform
X-Cache-Hit
X-Server-ID
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Fastcgi-Cache
X-Cache-Time
Refresh
X-DataDome
Filterid
Cache
Accept-Language
X-B3-SpanId
X-Time
SRV
X-Real-IP
X-Node-Name
Webserver
X-Region
Protected
X-Oracle-Dms-Ecid
X-Requestid
Paypal-Debug-Id
Onion-Location
X-Ms-Request-Id
X-User-Agent
X-Ms-Version
X-HITS
CDN-RequestId
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-VC-Cache
X-Hcs-Proxy-Type
Liferay-Portal
X-F-Cache
Cross-Origin-Window-Policy
X-Cache-Expired-At
Priority
X-WP-CF-Super-Cache-Active
X-IPS-LoggedIn
X-Datadog-Trace-Id
X-LB-Cache
X-Whom
X-Datadog-Parent-Id
X-Pass-Why
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
X-HTML-Minification-Powered-By
X-Mode
Xet-Cookie
Backend
OT-Force-Account-Verify
GEO-INFO
X-L-Path
X-Environment-Context
X-Service
X-Tb
X-Drupal-Cache-Tags
X-Proxy-Cache-Info
X-Rule
X-Is-Mobile
X-Is-Supported-Browser
Filters
X-Vcache
X-Tncms
X-Zipkin-Id
X-Wix-Request-Id
Meta-Geo
X-App-Environment
X-Tcp-Rtt
X-Adobe-Source
X-Proxied
ServerID
X-Detected-As
X-Loop
X-Cloudmap
X-Browser-Name
X-Handled-By
Web-Mar-Node
X-UPSTREAM-Address
X-Geo-Region
X-Extlb
X-Is-Tablet
X-Is-Desktop
X-Cacheable-TTL
X-Servername
Url
X-Rn-Rsrv
X-Routing-Service
X-Rewrite-Enabled
X-JoinUs
Fastcgi-Useragent
X-SaId
X-MP-GENERATED-AT
X-IPLB-Request-ID
X-Alternate-Cache-Key
TWC-GeoIP-Region
X-Director
TWC-Device-Class
X-IPLB-Instance
X-Endurance-Cache-Level
Uber-Trace-Id
X-Locale
X-Cache-Host
X-Cdn-Origin
TWC-GeoIP-LatLong
X-FW-Version
X-FW-Serve
X-Connection-Hash
X-Cms-Context
X-FW-Hash
X-FW-Dynamic
X-Debug-Info
X-FW-Server
X-FW-Type
X-Origin-Date
X-Format
X-FW-Static
TWC-GeoIP-DMA
Atl-Traceid
TWC-GeoIP-City
X-Skip-Cache
TWC-GeoIP-Country
X-Shopify-Stage
X-Web-Node
TWC-Privacy
Webcakes-App-Name
X-Storefront-Renderer-Rendered
Expiry
Webcakes-Region
X-Logging-Id
X-Restarts
Webcakes-App-Version
X-Origin-Hint
X-Forwarded-Host
X-Redis-Cache
X-Hit
X-VC
X-Tumblr-Pixel-2
Country
X-Generation-Time
ServedBy
X-Hosted-By
X-Varnish-Beresp-Grace
Property-Id
TWC-Connection-Speed
X-Tumblr-Pixel-3
TWC-Locale-Group
X-Soup
X-BYPASS-REASON
X-Say-TTL
X-Scope-Id
X-SayCDN-TTL
X-Httpd
X-Cache-Action
Mn-Server-Ip
X-Say-Cacheable
X-RateLimit-Remaining-Second
X-Edge-Location
X-Cluster-Node
X-ProxyCache-Key
X-ProxyCache-Status
X-RateLimit-Limit-Second
X-Cluster
Apigw-Requestid
X-Yandex-Req-Id
X-ECache
Environment
X-XRDS-Location
X-Served-From
X-S
X-PHP-Host
X-Drupal-Cache-Contexts
X-FB-TRIP-ID
Locale
X-Urbn-Context-Path
X-Labrador-Cache-Channel
X-Urbn-Site-Id
DB-Nickname
YJS-CacheStatus
X-Proxy-Build
X-Mly-Id
X-Origin
Cache-Hits
X-Timing-Wait
Selected-Fe
X-Fetched-On
X-Auth-Group-Type
X-No-Session
X-Origin-Cache
X-R9-Blue-Green-Version
LB
X-RCS-CacheZone
X-Is-Modern-Browser
X-VCT
X-Cache-Debug
X-Sorting-Hat-ShopId
X-GEO
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-NewRelic-App-Data
X-Varnish-Cache-Hits
Front
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Age
Countrycode
X-SRV
X-Provided-By
X-CLOUD-TRACE-CONTEXT
X-Api-Version
X-Is-Mobile-Only
Node
Xserver
X-Lagoon
X-Source
Cache-Tv-Group
X-UA
WPO-Cache-Status
X-Generated-By
X-CDN-Forward
X-Platform
X-Site-Version
X-Varnish-Beresp-Ttl
X-Cdn
X-TA-CDN-Provider
X-Webstats-RespID
X-CDN-Cache-Status
Cache-Provider
X-B3-Traceid
X-Azure-Ref-OriginShield
Referer-Policy
From-Origin
X-Ua
X-Fastly-Request-Id
X-CACHE-AGE
X-Accel-Version
X-B-Cache
X-Signature
AMP-Access-Control-Allow-Source-Origin
X-VC-TTL
X-Xfnlog-Site
X-NWS-UUID-VERIFY
Request-ID
Location
X-Presslabs-Stats
X-Optimistic-Header
X-TT-LOGID
X-PHP-Backend
X-Sucuri-Cache
CF-IPCountry
X-Cache-Operation
X-Cache-Rule
X-Reqid
CDN-Cache
CDN-RequestPullSuccess
X-Tb-Optimization-Total-Bytes-Saved
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
WPO-Cache-Message
CDN-CachedAt
X-IsAdmin
X-Worker
CDN-EdgeStorageId
CDN-PullZone
X-Tt-Logid
X-Tx-Id
X-Cache-Aspx
X-A-Dcw
Expect-Staple
X-Contensis-Viewer-Groups
X-Content-Age
X-Node-Id
X-A-Ccd
X-Conf
X-Cms-Device
X-Origin-Expires
X-A-Dam
X-Clientip
X-Cache-NE
X-Slack-Shared-Secret-Outcome
X-Save-Cache
X-Rocket-Build-Number
X-PAYTM-SRV-ID
X-ApacheServer
X-ScT
X-Auto-Login
X-Application
X-Request-URI
X-Rojux
Candidate-Md5Url
Cdnsip
X-Action
Cluster
Cdncip
X-Aed
X-AK-Request-ID
X-S-Cookie
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-A-Wwc
X-Core-Value
X-Slack-Backend
X-SRCache-Key
X-A-Dgt
X-Bl-Debug
X-BCube-Filmed-By
X-Sigma-Backend
DCR-Processing-Time-Ms
X-SD-PageType
Apple-News-Services-Handled
Apple-News-Services-Host
X-Section
X-B-Cookie
X-Sigma
DCR-Decision-By
X-Req
Rendered-Blocks
X-Litespeed-Cache-Control
X-Ee-Generated-By
X-Ig-Origin-Region
Sslversion
Ngx.Var.Host
X-HS-Content-Campaign-Id
X-Ig-Push-State
Store-Cloud-Cache
X-Viewer-Country
X-Ec-Fail
X-Varnish-Authentication
X-Sucuri-ID
X-Ec-GeoHdr
X-Ee-Origin
X-Ee-Request-Date
RNT-Machine
X-GeoCountry
X-Fmm-Version
X-Forwarded-Site
Redirect-Candidate
X-GeoCode
RNT-Time
X-External-Request-Id
Xc-Version
X-Ee-Request-Id
Odigeo-Trace-Id
XM
Origin
Meta-Geo-Continent
X-Vtex-Remote-Cache
X-Loc
Web-Mar-Region
X-Varnish-Director
X-Access
MD5-Digest
X-PERF
X-A
Fl-Custom-Application
Fastly-SSL
X-Micro-Cache
X-D
X-Old-Content-Length
Host-ID
X-Varnish-Hostname
X-VG-TLSProxy
Time-Cloud-Cache
X-Destination
X-VG-WebCache
Log-Origin
X-Developer
X-Depends
Lang
X-Vary-Devices
X-Vdms-Version
X-Frame-Option
RewriteTeamHook
Thinkindot-CacheControl
TDXMobile
Req-Svc-Chain
User-Cache-Control
X-Accel-Expires-Debug
X-Policy
Server-Host
ServerName
Thinkindot-CacheControl-Type
X-AB-Test
RewriteTestHook
V-Age
X-Content-Length
X-Ec-Custom-Error
X-Internal-TTL
X-Human
X-Hnp-Log
X-Ion-Healthy
X-Nyt-Route
X-DefHash
X-Jungle-Id
X-Dispatcher-Server
X-Ion-Hop
X-HN
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Generated-On
X-Gen-Mode
X-Gdpr
X-Fastly-Backend
X-GeoIP-Country-Code
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Eu-Site
X-Moov-Xdn-Version
X-DefElseHash
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-Block-Status
X-Origin-Time
X-App-Name
X-Aicache-OS
X-Akamai-Device-Characteristics
X-Amz-Storage-Class
X-Path
X-Bug-Bounty
X-Op-Id-All
X-Debug-Cache-Fetch
X-Men
X-Level-Front-Cache
X-Debug-Cache-Store
X-Date
X-CUA
X-CGP
X-Moov-T
X-Csrf-Jwt
X-Acquia-Purge-Cdn-Unconfigured
Azure-InstanceId
X-Air-Pt
Cmsid
X-Up
X-GeoIP-City
X-Varnish-Beresp-Status
Cmstype
Country-Code
X-VarnishDD-TTL
X-Render-Time
DSUID
X-Sn-Servicetimems
CDCHOST
X-We-Are-Hiring
X-Moov-Xdn-Caching-Status
Azure-RegionName
X-Varnish-CookieHashed-On
X-Shield-Cache-Expires
X-Varnish-CookieINHashed-On
Azure-SiteName
Azure-SlotName
Cache-Contol
X-Hash
X-SB
Azure-Version
X-Org
Gannett-Cam-Experience-Id
Origin-Agent-Cluster
Wxu-Next-Region
Nord-Request-ID
Wxu-Next-Hostname
X-Pubstack
Origin-CC
Origin-EX
X-UA-Device-Type
X-From
X-Thinkindot-L3
PFcat
Wxu-Next-Commit
X-SIPLIST1
Ha-Gx-Prefs
X-Varnish-Remaining-TTL
X-V-Cache
Gh-Request-Id
X-Region-Sid
IsBot
N-Cache
L5d-Success-Class
L
X-Uri
X-Thinkindot-L1
X-Via-Fastly
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
Sid
X-Wikidot-Backend
NM-Fastcgi-Cache
Content-Style-Type
Origin-Site
Release
X-Gamma-Serve
X-Cache-Date
Content-Script-Type
X-Esi-Check
X-DPWN-IS-SECURE
X-Vercel-Id
X-NMSegId
X-Edge-Server
X-ElasticPress-Query
X-Wikidot-Static-Cache
X-Vercel-Cache
X-Thanos
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
We-Hiring
Pragrma
Click-Count-Error
CacheControlHeader
Cdn-Host
Click-Count-Action-Start
Tube-Return
Tube-Got-Results
X-Proto
Platform
Producers
Mail-Subject
Machine
Tube-Got-Eval
Tube-Get-Contents
C-Via
Cdn-Request-Time
X-Gzip
X-SVT-ORM-VERSION
X-Cache-FS-Status
X-Cache-Id
X-CacheTTL
X-Vmg-Version
X-Bip
X-Mvc-Supplant-Cachable
X-B3-Trace-ID
X-SVT-ORM-RULES
X-Server-IP
Source
X-LSADC-Cache
X-Parent-Response-Time
X-Origin-Response-Time
S-Rt
X-Proxied-Request
X-Mvc-Supplant-OutputCached
Canary
Powered-By
X-NGINX-Cache
X-Location
X-ZONE
X-Litespeed-Tag
X-Pad
Vix-Hermes-Req-Id
X-Cs
X-Upstream-Ct
X-Upstream-Ht
Debug
X-Cached-By
Fastly-Drupal-HTML
Mime-Version
X-ND-Cache
X-TH-Server
X-Refresh
Pics-Label
NGX
Product
X-Datadome
X-Varnish-Hits
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Nananana
X-APP
HA-Ipaddr
X-Amz-Meta-Cb-Modifiedtime
CloudFront-Viewer-Country
Cookie
X-HA-Backend
X-Cache-VC
X-AIR-PT
X-DynaTrace-JS-Agent
X-Cdn-Forward
GeoIP-Latitude
Edge-Cache
X-User
GeoIp-Country-Code
X-Servedbyhost
X-LB-ID
Server-ID
X-Webkit-CSP
X-GeoIP
X-Nc
X-LB-NoCache
Akamai-Mon-Iucid-Del
HostName
X-Debug-Service
X-Srv
Fastly-Drupal-Html
DataCenter
X-Fpc
X-B3-Parentspanid
X-Nginx-Cache
WZWS-RAY
X-FORWARDED-FOR
MIME-Version
X-Nginx-Cache-Key
X-Wa
Tcn
X-Zone
True-Client-Country-4JS
X-Request-Start
X-Unity-Cache
Server-Ext
Sever-Int
X-Scheme
Resin-Trace
Surrogated-Key
Server-Hostname
X-Client-Ip
Load-Balancing
SID
X-RateLimit-Limit
X-Lsadc-Cache
Show-Do-Not-Sell-Link
Lb
X-CS
Cdn
X-Cache-Backend
X-Newrelic-Synthetics
X-VCL-Version
Sm-Log-Id
X-Request-Host
Traceparent
Wsr-Cache
X-Pool
X-NodeID
X-Service-Response-Time
X-TX-ID
X-B3-Spanid
N1-Cache
X-RequestId
X-Vc
X-Cache-Grace
X-Vgn-Hpd-Reason
Yjs-Id
NtCoent-Length
X-Datacenter
X-HOST
Yak-Timeinfo
X-DataCenter
X-DynaTrace
X-LiteSpeed-Cache-Control
X-CDN-Provider
X-HubSpot-Correlation-Id
CDN
X-Via-SSL
X-Via-CDN
X-Via-Edge
Edge-Copy-Time
X-Oracle-DMS-ECID
X-WA
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Air-Trace-Id
Serverhost
Cdn-Requestid
X-Air-Source
XkeyR9
X-Proxy-Cache-La3
X-Proxy-CacheR9
X-Zen-Fury
Xkey-La3
X-FPC
X-NC
X-Air-Hostname
Xkeylog
X-Udemy-Cache-App-Namespace
Datacenter
Hostname
X-API-Version
X-Geolocation
X-LiteSpeed-Tag
X-Jobs
X-Fastly-Backend-Reqs
A
X-ID
Req-ID
Server-Id
X-Ez-Minify-Html
X-Dynatrace-Js-Agent
X-Cdn-Srv
X-Akamai-Pragma-Client-IP
X-Lb-Id
WP-Super-Cache
Uri
X-Html-Minification-Powered-By
True-Client-IP
Geoip-Latitude
CountryCode
X-Varnish-Beresp-TTL
T-Server
X-Powered-By-VTEX-Cache
X-Via-JSL
X-VTEX-Cache-Time
ServerHost
X-Stale
X-VTEX-Cache-Server
X-Ez-Minify-Js
On-Server
X-ServedByHost
Proxy-Firewall
GeoIP-Country-Code
Cs
X-TimeS
Esi-Enabled
RATING
Cloudfront-Viewer-Country
X-Lb-Nocache
From-Cache
X-VC-Age
Srv
X-Swift-Error
WebServer
X-Styx-Info
X-CSRF-TOKEN
X-MSEdge-Features
X-HA-Application-Name
X-HA-Device-Type
X-MSEdge-Flight
X-App
Cr
Pramga
X-HA-Bot-Classification
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
X-Styx-Origin-Id
X-WA-Info
X-Ha-Backend
X-Wp-Cf-Super-Cache
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Webkit-Csp-Report-Only
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Via-PopN
X-Var-Ttl
X-TIM-N
FSS-Cache
X-Via-PopH
Ngx
X-Correlation-ID
X-Via-PopV
X-Fastly-Cache
Content-Secure-Policy
X-Sorting-Hat-Shopid
BehaviorPad-Version
W
X-Check-Cacheable
X-Sorting-Hat-Podid
X-Shopid
X-Cdn-Cache-Status
X-Web-Server
X-Shardid
X-Geo
Cl-Cache
X-Serial
X-Th-Server
X-Elasticpress-Query
X-Proxy-Cache-LA2
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-Request-Url
X-Ramcache
Akamai-X-True-TTL
X-DC
X-ATG-Version
Cf-Ipcountry
User-Agent
Xkey-G-Jp
X-Cache-TTL-Remaining
Bxpunish
X-Request-Time
Bxuuid
My-App
X-Nitro-Cache
X-Fastly-Cache-Hits
Cneonction
X-Env
Host-Name
X-Mg-Cache
FSS-Proxy
X-Fastly-Cache-Status