Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
CF-Cache-Status
Cf-Request-Id
ETag
Accept-Ranges
Expect-CT
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
X-XSS-Protection
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
X-Xss-Protection
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Accept-CH
X-Served-By
P3P
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-Runtime
X-AspNet-Version
X-Drupal-Cache
P3p
Server-Timing
X-Generator
X-Cache-Status
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-Iinfo
X-FRAME-OPTIONS
Permissions-Policy
X-Drupal-Dynamic-Cache
X-Ua-Compatible
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Upgrade
Content-Encoding
Status
X-CDN
X-AspNetMvc-Version
Access-Control-Max-Age
Host-Header
Cf-Edge-Cache
X-Robots-Tag
Request-Context
X-Amz-Request-Id
X-Check
X-Backend
Accept-CH-Lifetime
X-Amz-Id-2
X-Hacker
Cf-Apo-Via
X-Cache-Group
X-Turbo-Charged-By
X-Proxy-Cache
X-Age
Keep-Alive
X-Rq
EagleId
X-Via
X-UA-Device
X-Dispatcher
X-Server
X-Vhost
X-Amz-Version-Id
X-AH-Environment
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-Litespeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
Grace
X-Server-Powered-By
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Ali-Swift-Global-Savetime
Allow
X-Cache-Lookup
Xkey
X-Page-Speed
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Cloud-Trace-Context
X-Device
X-Backend-Server
X-Dns-Prefetch-Control
X-Akam-SW-Version
X-Host
EagleEye-TraceId
Surrogate-Control
X-Response-Time
X-Readtime
Cf-Railgun
X-Server-Id
X-Node
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Country
X-Url
X-Nginx-Cache-Status
Content-Location
X-Content-Type
Cache-Tag
X-Country-Code
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
Fastly-Restarts
X-Clacks-Overhead
X-Trace
X-Application-Context
Cross-Origin-Opener-Policy
X-NWS-LOG-UUID
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-LiteSpeed-Cache
X-Vname
X-PC
X-TtlSet
X-Edge
X-Midtier
X-Mcache
Surrogate-Key
Rating
X-Server-Name
X-Cache-TTL
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Browser-Type
X-Cnection
X-Element-Page-Cache
X-Abt-Application-Version
X-Powered-By-Plesk
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-ESI
Nginx-Cache
X-GitHub-Request-Id
Edge-Control
X-Vcap-Request-Id
X-D2id
Verso
X-Ac
X-Ser
X-ECACHE
X-MS-InvokeApp
X-ORACLE-DMS-RID
X-Client-IP
Response
X-Middleton-Response
X-Amz-Rid
X-ARC
X-Ratelimit-Limit
X-Dw-Request-Base-Id
X-CST
X-Wormhole-Sdk
X-Powered-CMS
X-Goog-Hash
X-Ratelimit-Remaining
X-Navigation-Version
X-Kinsta-Cache
X-Edge-Location-Klb
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Upstream
X-B3-TraceId
X-Forwarded-For
X-Amzn-Trace-Id
X-FastCGI-Cache
X-Ruxit-Js-Agent
RTSS
X-Cache-Key
X-Daa-Tunnel
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
Edge-Cache-Tag
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
Cache-Status
Public-Key-Pins
X-Server-ID
X-Content-Digest
X-Oneagent-Js-Injection
X-Ttl
X-Ezoic-Cdn
X-Version
Accept-Ch-Lifetime
X-Mg-S
X-ORACLE-DMS-ECID
SPRequestGuid
X-SharePointHealthScore
Realpath
S
X-Shield-Request-Id
X-MSEdge-Ref
X-T
Fastcgi-Cache
Cross-Origin-Resource-Policy
AR-CACHE
Origin-Trial
X-Recruiting
X-NF-Request-ID
X-Fastly-Request-ID
X-Cached
X-Accel-Expires
Front-End-Https
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Distributor
X-Ua-Device
X-Nf-Request-Id
X-FTR-Request-ID
X-Azure-Ref
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Access-Control-Request-Method
TP-Cache
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-Newrelic-App-Data
Count-Hit
X-Ua-Browser
X-Request-Received
X-Id
X-HS-Content-Id
X-Debug
X-HS-Cache-Config
X-HS-Hub-Id
X-TTL
X-LLID
X-Xrds-Location
Cache-Tags
Server-Node
X-Ismobilevalue
X-Content-Security-Policy-Report-Only
X-Cluster-Name
X-PressLabs-Stats
X-Correlation-Id
MicrosoftSharePointTeamServices
X-Frontend
X-VARITI-CCR
X-Hits
X-Varnish-TTL
X-GUploader-UploadID
X-HS-Combine-CSS
X-Varnish-Backend
X-NGENIX-Cache
X-Aspnetmvc-Version
X-Protected-By
X-Amz-Replication-Status
Payment
Accept-Ch
X-Goog-Metageneration
X-Varnish-Ttl
X-Request-Handler-Origin-Region
X-Microsite
Akamai-GRN
X-Unique-Id
X-LB-Cache
Cleartype
X-Varnish-Server
X-FB-Debug
X-Logged-In
X-Az
X-Activity-Id
X-Www-Served-By
X-Git-Hash
X-AppVersion
X-Tt-Trace-Host
X-Page-Id
X-Ratelimit-Reset
Content-Disposition
X-Tt-Trace-Tag
X-Hostname
Host
X-Forwarded-Proto
X-DIS-Request-ID
Filterid
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Server
X-Template
Amp-Access-Control-Allow-Source-Origin
X-Geo-Country
Frame-Options
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-TraceId
Access-Control-Allow-Method
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Version
X-Origin-Server
X-Load-Cache
X-Aspnet-Version
X-Fastcgi-Cache
X-Upgrade-Enabled
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Type
Fastly-SIE
Accept-Charset
Fastly-SWR
X-ASPNET-VERSION
Trailer
Viewport
X-Content-Options
Section-Io-Cache
X-Fb-Rlafr
X-TT
X-Grace
Retry-After
X-B
X-B3-Sampled
X-Cache-Control
MS-Author-Via
X-Envoy-Decorator-Operation
X-Rid
X-Ah-Environment
X-Source
Content-MD5
X-Tec-Api-Version
X-Tec-Api-Origin
X-Cache-Age
X-Tec-Api-Root
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Server-Name
X-Device-Type
X-Vcl-Version
X-Magnolia-Registration
X-Request-Guid
X-Trace-Id
X-Language
X-Revision
X-Px
X-TEC-API-ORIGIN
X-Buckets
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Cdn
X-Mobile
Healthy
TCN
X-HS-Prerendered
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Active
X-Akamai-Edgescape
X-Backend-Name
X-Webkit-CSP
X-B3-Traceid
X-CSRF-Token
X-Varnish-Grace
X-Status
X-App-Environment
Protected
X-RM-Cache-TTL
X-Instance
X-FW-Version
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-FW-Static
X-Environment-Context
X-FW-Type
X-NYM-Debug-Backend
X-FW-Server
X-FW-Dynamic
X-FW-Serve
X-Debug-Info
X-Tumblr-User
X-FW-Hash
X-L-Path
X-Rule
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel
X-Origin-Cache
X-Mg-Request-UUID
X-Storage
X-Framework
Cross-Origin-Window-Policy
Access-Control-Request-Headers
X-Region
X-ServerID
X-Contextid
GEO-INFO
NGB
SD-X-WS
X-Proxy-Cache-Info
X-Cache-Time
X-Node-Name
X-RTag
X-Debug-IsConnected
X-Datadog-Sampling-Priority
X-Edge-Location
X-Content-Powered-By
X-Datadog-Trace-Id
Charset
X-UUID
MS-CV
X-Datadog-Sampled
Ms-Operation-Id
X-Proxy
X-Debug-IsPreview
X-Rendered-As
X-Is-Bot
X-Cacheable-TTL
X-Datadog-Parent-Id
X-Amz-Meta-S3cmd-Attrs
X-Original-Request-Id
X-Response-Served-From
Upgrade-Insecure-Requests
X-Adobe-Loc
X-Yottaa-Optimizations
X-G
X-Adobe-Content
X-Yottaa-Metrics
Cross-Origin-Embedder-Policy-Report-Only
Refresh
X-Whom
X-ECache
OT-Force-Account-Verify
Webserver
Countrycode
DC
X-Lambda-Id
Paypal-Debug-Id
X-User-Agent
Section-Io-Id
X-Seen-By
X-HTML-Minification-Powered-By
X-Reqid
X-VC
X-Amzn-Remapped-Content-Length
Front
X-WebKit-CSP-Report-Only
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Server-W
Alternate-Protocol
X-VHOST
Priority
X-TT-LOGID
X-RateLimit-Remaining
X-IPS-LoggedIn
SRV
X-Real-IP
X-Fastly-Request-Id
X-Time
X-WP-CF-Super-Cache-Cookies-Bypass
X-Akamai-Request-ID2
X-AB
Liferay-Portal
X-Cache-Status-Check
Country
X-N
Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Expires
Xet-Cookie
X-DataDome
X-Mode
X-Nginx-Cache
Onion-Location
TWC-GeoIP-LatLong
Filters
ServerID
TWC-GeoIP-Country
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
X-UPSTREAM-Address
X-Tumblr-Pixel-2
X-JoinUs
X-SaId
X-FB-TRIP-ID
TWC-Connection-Speed
X-Rn-Rsrv
X-Rewrite-Enabled
X-Format
Fastcgi-Useragent
TWC-Device-Class
X-Cache-Host
Property-Id
Meta-Geo
X-Rocket-Nginx-Serving-Static
Environment
X-Connection-Hash
X-Origin-CC
Expiry
X-Scope-Id
X-Tb
X-Restarts
X-Hosted-By
X-Hl-Ver
X-Cache-Expired-At
X-Origin-Date
DB-Nickname
X-Origin-TTL
X-Varnish-Age
Mn-Server-Ip
X-Say-TTL
X-Fetched-On
X-VC-Cache
X-Say-Cacheable
X-Redis-Cache
Web-Mar-Node
X-PHP-Host
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
X-SayCDN-TTL
X-IPLB-Request-ID
X-Frame-Option
X-Cluster-Node
X-Accel-Version
X-Cache-Action
Uber-Trace-Id
From-Origin
X-IPLB-Instance
X-Skip-Cache
X-Logging-Id
X-ProxyCache-Status
X-ProxyCache-Key
WPO-Cache-Status
WPO-Cache-Message
X-Webstats-RespID
X-Loop
X-Handled-By
X-Director
X-Soup
X-Tncms
X-BYPASS-REASON
X-Vcache
X-Httpd
X-Cms-Context
Atl-Traceid
Apigw-Requestid
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Web-Node
X-Forwarded-Host
X-Cluster
Selected-Fe
X-Auth-Group-Type
ServedBy
X-Served-From
X-DynaTrace
X-B3-SpanId
X-Servername
X-Proxy-Build
Cross-Origin-Opener-Policy-Report-Only
Url
X-Timing-Wait
X-Extlb
X-Adobe-Source
X-Detected-As
X-Routing-Service
X-Proxied
X-Origin
X-S
X-Request-URI
X-Cloudmap
X-Zipkin-Id
X-Tumblr-Pixel-3
X-Ms-Request-Id
X-Ms-Version
Cross-Origin-Embedder-Policy
X-Hit
Accept-Language
Referer-Policy
N-Cache
X-LSADC-Cache
X-Generated-By
X-Azure-Ref-OriginShield
Surrogated-Key
X-XRDS-Location
Ohc-File-Size
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Worker
Xserver
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
LB
X-SRV
X-Resp-Is-Stale
X-Wix-Request-Id
X-Generation-Time
X-HS-CF-Cache-Status
X-Sucuri-Cache
X-Xfnlog-Site
X-Lagoon
CF-IPCountry
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
Source
X-App-Version
X-Cdn-Origin
X-Cache-Hit
X-NWS-UUID-VERIFY
X-RCS-CacheZone
X-Sucuri-ID
X-F-Cache
X-MP-GENERATED-AT
X-Cache-Debug
X-Tx-Id
X-TA-CDN-Provider
Node
X-VCT
CDN-RequestId
X-Is-Supported-Browser
X-Browser-Name
X-Is-Tablet
X-Tcp-Rtt
X-Geo-Region
X-Is-Mobile
X-Is-Desktop
X-Urbn-Site-Id
X-CDN-Forward
X-Mly-Id
Cache
Locale
X-NODE
X-Cache-Rule
X-Urbn-Context-Path
X-No-Session
X-Signature
X-Pad
X-B-Cache
X-Varnish-Beresp-Ttl
X-INCAP-ABP
X-ElasticPress-Query
X-Via-JSL
X-Cache-Operation
X-Via-SSL
Edge-Copy-Time
X-Via-Edge
X-Proxy-Cache-Status
X-Via-CDN
W
User-Agent
We-Hiring
X-Org
X-GeoCountry
X-Geolocation
Sslversion
X-Jobs
Wxu-Next-Hostname
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-AB-Test
X-DPWN-IS-SECURE
X-Aicache-OS
X-Aed
X-A-Dam
X-A-Ccd
Apple-News-Services-Handled
Wxu-Next-Commit
Wxu-Next-Region
X-Vtex-Remote-Cache
X-A
X-GeoCode
X-ScT
Apple-News-Services-Parsed-Url
X-HN
DCR-Decision-By
DCR-Processing-Time-Ms
Content-Secure-Policy
L5d-Success-Class
Lang
Cluster
Host-ID
HA-Ipaddr
Ha-Gx-Prefs
X-Ig-Origin-Region
Fl-Custom-Application
Fastly-GeoIP-CountryCode
Expect-Staple
Fastly-Backend-Name
Mail-Subject
MD5-Digest
Cache-Provider
Rendered-Blocks
Candidate-Md5Url
X-Ig-Push-State
BehaviorPad-Version
X-Mvc-Supplant-Cachable
Apple-News-Services-Request-Url
Redirect-Candidate
Producers
Ngx.Var.Host
Meta-Geo-Continent
Odigeo-Trace-Id
Origin
PFcat
X-Eu-Site
Apple-News-Services-Host
X-Access
X-Path
X-PAYTM-SRV-ID
X-TIM-N
X-Bug-Bounty
X-Bl-Debug
X-Backend-Instance
X-D
X-Bc-Bl
X-Platform-Server
X-VarnishDD-TTL
X-Csrf-Jwt
X-Cache-NE
X-Gdpr
X-Cache-Info
X-Section
Xc-Version
X-Ec-Fail
X-FC-Vary-Parameters
X-BCube-Filmed-By
X-Origin-Time
X-Conf
X-Proxied-Request
X-Developer
X-Vdms-Version
X-CGP
X-Nyt-Route
X-Debug-Cache-Store
X-App-Name
X-Rojux
X-Proto
X-Ec-GeoHdr
X-Op-Id-All
X-Debug-Cache-Fetch
X-Shopify-Stage
X-Oracle-Dms-Ecid
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Hash
X-Contensis-Viewer-Groups
X-Content-Length
Req-Svc-Chain
Platform
X-GeoIP-Region-Code
X-DefElseHash
X-VTEX-Cache-Server
X-DefHash
X-Depends
X-Dispatcher-Server
L
X-Date
NM-Fastcgi-Cache
X-GeoIP-Country-Code
Mime-Version
X-Fmm-Version
RNT-Machine
Origin-Agent-Cluster
TDXMobile
X-Auto-Login
X-Accel-Expires-Debug
X-Amz-Storage-Class
X-Cache-Grace
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Cache-Id
X-Cache-Date
X-Cache-Aspx
X-We-Are-Hiring
X-VTEX-Cache-Time
X-AK-Request-ID
X-Akamai-Device-Characteristics
X-Amz-Meta-Cb-Modifiedtime
Web-Mar-Region
X-Application
X-Generated-On
Gh-Request-Id
X-B-Cookie
X-Epic-Correlation-Id
V-Age
X-Cdn-Srv
X-GoCache-CacheStatus
X-Wikidot-Backend
X-Edge-Server
Fastly-SSL
X-Clientip
Server-Host
X-Gzip
X-External-Request-Id
X-CacheTTL
Thinkindot-CacheControl
X-GeoIP-City
X-Wikidot-Static-Cache
X-GeoIP
X-Destination
Thinkindot-CacheControl-Type
X-Cached-By
X-Gamma-Serve
X-Esi-Check
RNT-Time
Cdn-Request-Time
X-V-Cache
X-VServer
X-Var-Ttl
X-S-Cookie
X-Irp-Debug
X-Litespeed-Tag
X-Thinkindot-L3
X-Node-Id
X-Varnish-Authentication
X-Varnish-CookieHashed-On
X-NodeID
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-SiteName
X-Level-Front-Cache
X-Vmg-Version
X-SB
X-Slack-Backend
X-Shield-Cache-Expires
X-Mvc-Supplant-OutputCached
X-Slack-Shared-Secret-Outcome
X-Via-Fastly
X-NMSegId
X-VG-WebCache
X-Locale
X-Loc
X-Location
X-SD-PageType
X-Scheme
X-Fastly-Backend
Canary
Azure-RegionName
X-Platform
X-Req
X-Request-Time
X-Viewer-Country
X-HS-Content-Campaign-Id
Content-Style-Type
Content-Script-Type
Cdnsip
X-Powered-By-VTEX-Cache
Cdncip
X-Policy
Debug
X-Varnishpool
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-Director
Gannett-Cam-Experience-Id
CDCHOST
X-Origin-Expires
Cdn-Host
X-Upstream-Ct
X-Upstream-Ht
X-UA
X-NGINX-Cache
X-Pool
User-Cache-Control
X-Micro-Cache
X-Origin-Response-Time
X-ORCA-Accelerator
X-Server-IP
X-SVT-ORM-RULES
X-Core-Value
X-Cache-FS-Status
X-Varnish-Beresp-Status
XM
Yak-Timeinfo
X-Block-Status
X-UA-Device-Type
X-Request-Start
X-Pubstack
X-Sn-Servicetimems
Pramga
X-SVT-ORM-VERSION
X-Thanos
X-Bip
X-SIPLIST1
X-Men
X-Gen-Mode
CDN-CachedAt
CDN-EdgeStorageId
X-GEO
Origin-EX
Product
X-Acquia-Purge-Cdn-Unconfigured
X-Human
ServerName
Req-ID
Release
Origin-CC
CDN-PullZone
Click-Count-Error
Click-Count-Action-Start
IsBot
Country-Code
DSUID
X-Hnp-Log
NGX
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
X-Ec-Custom-Error
CDN-Cache
Tube-Got-Results
Tube-Got-Eval
Tube-Return
X-CUA
X-Site-Version
Tube-Get-Contents
X-Content-Age
X-Request-Host
X-Internal-TTL
X-IsAdmin
Sid
Ohc-Cache-HIT
Akamai-Mon-Iucid-Del
X-Service
Ssr
X-VC-TTL
X-LB-NoCache
X-VG-TLSProxy
X-Varnish-Hits
X-Tb-Optimization-Total-Bytes-Saved
X-User
Esi-Enabled
X-Zen-Fury
X-B3-Spanid
X-Api-Version
X-HOST
X-RID
Fastly-Drupal-HTML
X-AIR-PT
GeoIP-Latitude
X-CACHE-GROUP
X-Refresh
X-ZONE
Cdn-Requestid
X-Cs
XkeyRZ
Cache-Key
A
X-Cache-Bucket
X-Servedbyhost
X-Proxy-CacheRZ
CloudFront-Viewer-Country
X-RequestId
X-DC
X-Tt-Logid
X-Newrelic-Synthetics
X-Vgn-Hpd-Reason
X-TH-Server
X-HITS
X-Nc
X-Wa
C-Via
X-Cdn-Forward
X-HubSpot-Correlation-Id
TP-L2-Cache
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-Moov-T
X-B3-Parentspanid
X-Moov-Xdn-Caching-Status
X-Via-Poph
X-APP
X-Moov-Xdn-Version
X-Nananana
X-Via-Popv
X-Old-Content-Length
Server-ID
X-Via-Popn
X-HA-Backend
X-LB-ID
X-DynaTrace-JS-Agent
X-Optimistic-Header
X-Srv
X-Endurance-Cache-Level
Proxy-Firewall
X-LiteSpeed-Tag
X-CS
X-Webkit-Csp-Report-Only
X-LiteSpeed-Cache-Control
HostName
X-Presslabs-Stats
X-Parent-Response-Time
Fastly-Drupal-Html
Cdn
X-Action
X-Air-Pt
X-Zone
X-COUNTRY
True-Client-Country-4JS
WP-Super-Cache
X-URL
N1-Cache
X-Webkit-Csp
Sever-Int
X-Ua
X-Vercel-Id
X-Test
Server-Hostname
Location
X-Vercel-Cache
Server-Ext
X-Thinkindot-L1
X-Cache-VC
X-CACHE-AGE
Adler-Geo
GeoIp-Country-Code
X-Fpc
Is-Eu
X-DataCenter
Cache-Hits
X-API-Version
SID
TWC-GeoIP-City
X-Litespeed-Cache-Control
TWC-GeoIP-Region
TWC-GeoIP-DMA
X-Nginx-Cache-Key
X-LJ-Flow-ID
X-AWS-Id
X-Datadome
X-VWS-Id
X-Dispatcher-Number
WZWS-RAY
X-NewRelic-App-Data
X-Provided-By
Uri
X-RateLimit-Limit
True-Client-Ip
X-PERF
True-Client-IP
X-ApacheServer
X-Render-Time
SEZNAM-JOBS-OFFER
X-Geo-Header
X-Custom-Header
X-Datacenter
T-Server
GeoIP-Country-Code
Resin-Trace
X-Pass-Why
X-ND-Cache
X-CLOUD-TRACE-CONTEXT
X-Ssense-Gql
X-Uri
X-Varnish-Beresp-TTL
X-Ssense-Shipping-Surcharge-Enabled
X-WA-Info
X-Nitro-Cache
S-Rt
X-SERVER-NAME
Log-Origin
X-Jungle-Id
X-FPC
X-Ion-Hop
X-CMSURLCustom
Vc-Max-Age
Serverhost
X-Cache-Server
X-Ion-Healthy
RewriteTeamHook
Tcn
X-Stale
RewriteTestHook
Srv
Cache-Contol
X-Service-Response-Time
X-Client-Ip
Cache-Tv-Group
Sm-Log-Id
X-APP-VERSION
My-App
Cmsid
Cmstype
Pics-Label
X-Correlation-ID
X-Srcache-Store-Status
X-Dynatrace-Js-Agent
X-Srcache-Fetch-Status
Lb
Hostname
X-From
X-Oracle-Dms-Rid
X-TX-ID
Powered-By
X-XRDS-LOCATION
X-Air-Trace-Id
X-Udemy-Cache-App-Namespace
X-Debug-Service
X-Air-Source
X-Fastly-Cache-Status
CacheControlHeader
Av-Poweredby
X-Up
Vix-Hermes-Req-Id
X-Cdn-Cache-Status
Server-Id
X-Air-Hostname
X-Akamai-Pragma-Client-IP
X-Cache-TTL-Remaining
X-App
X-Lb-Id
X-Fastly-Cache
X-Ckpd-Fst-Backend
X-Vc
X-LAGOON
X-Via-PopH
X-Via-PopN
Thinkindot-Control
On-Server
X-Via-PopV
Cf-Ipcountry
X-Ha-Backend
X-Cache-Ttl
X-Oracle-DMS-ECID
ServerHost
X-Github-Request-Id
NtCoent-Length
X-Fastly-Backend-Reqs
X-Html-Minification-Powered-By
X-NC
X-WA
X-Esi
X-PHP-Backend
X-Save-Cache
X-VCL-Version
X-Vary-Devices
X-Ee-Origin
Time-Cloud-Cache
Store-Cloud-Cache
Geoip-Latitude
X-Amz-Meta-Opti
Origin-Site
X-Cms-Device
AKAMAI
Xkey-La3
Xkeylog
X-Proxy-Cache-La3
X-Ee-Request-Date
X-Ee-Generated-By
X-Ee-Request-Id
X-Traceid
WebServer
X-ServedByHost
X-Requestid
Epwk-X-Cache
X-SRCache-Key
X-VTEX-Cache-Backend-Header-Time
X-IAuth-Set-Uid
X-VTEX-Cache-Backend-Connect-Time
X-Varnish-Hostname
X-MSEdge-Flight
WWW-Authenticate
X-MSEdge-Features
Cloudfront-Viewer-Country
CountryCode
X-Serial
X-Info
X-Limited
Edge-Cache
X-HS-Status
Warning
X-Check-Cacheable
X-Sucuri-Id
Cl-Cache
Magicmarker
Pragrma
X-Lb-Nocache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Ms-Author-Via
X-Akamai-Transformed
X-Pod
X-Dw-Trace-Id
Reporter
FSS-Cache
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-CDN-Cache-Status
X-Lsadc-Cache
X-Geo
YJS-ID
X-UP
Yjs-Id
X-Platform-Router
X-Platform-Processor
X-Web-Server
X-Platform-Cluster
X-Mg-Cache
CF-Cached-On
Timeexpire
X-Elasticpress-Query
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Orig-Cache-Control
Cneonction
X-Tncms-Bot-Tier
X-Ramcache
Thinkindot-Cache-Type
X-Ms-Blob-Type
X-Ms-Lease-Status
X-BBC-Origin-Response-Status
X-Td-Header-From-No-Data