Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Cf-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Ua-Compatible
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
Keep-Alive
X-AH-Environment
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Litespeed-Cache
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Server-Id
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
P3p
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Request-Id
Fastly-Restarts
X-Content-Type
X-Clacks-Overhead
X-Application-Context
X-Country
X-TtlSet
X-PC
X-Vname
X-Times
Rating
X-Cnection
X-Browser-Type
X-Midtier
X-Edge
X-Mcache
X-ESI
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Cache-TTL
X-FTR-Backend
X-FTR-Backend-Server
X-Vcap-Request-Id
X-FTR-Expires
Accept-Ch-Lifetime
Origin-Trial
Surrogate-Key
X-Ac
Edge-Control
X-Powered-By-Plesk
X-Element-Page-Cache
X-Cdn-Fetch
X-Abt-Application-Version
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Exp-Id
X-D2id
X-NWS-LOG-UUID
X-Nf-Request-Id
X-FastCGI-Cache
X-Ua-Device
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-ORACLE-DMS-RID
X-Navigation-Version
X-Mod-Pagespeed
Nginx-Cache
X-Amz-Rid
X-Sol
X-Middleton-Display
Pagespeed
Display
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-GitHub-Request-Id
X-Language
X-Client-IP
Akamai-GRN
X-Envoy-Decorator-Operation
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
Response
X-Erf-Bev-Bev
X-Middleton-Response
X-Instrumentation
X-Kraken-Loop-Name
S
Edge-Cache-Tag
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-MS-InvokeApp
X-Goog-Hash
X-Resp-Is-Stale
X-ARC
X-Kinsta-Cache
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Ser
X-Distributor
X-Url
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
Access-Control-Request-Method
X-NGENIX-Cache
X-Cache-Key
Front-End-Https
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Recruiting
X-Varnish-TTL
RTSS
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
Public-Key-Pins
X-T
X-Mg-S
TP-Cache
X-MSEdge-Ref
Fastcgi-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-Ttl
X-Forwarded-For
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Daa-Tunnel
X-Ismobilevalue
X-Correlation-Id
X-Cluster-Name
Realpath
X-Cached
Cache-Tags
X-Id
AR-CACHE
X-Ruxit-Js-Agent
X-Fastly-Request-ID
X-TTL
X-Request-Received
X-Request-Processing-Time
X-Server-Name
X-HS-Combine-CSS
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ua-Browser
Payment
Content-MD5
X-DIS-Request-ID
X-RateLimit-Remaining
X-CST
X-Newrelic-App-Data
X-GUploader-UploadID
X-HS-CF-Cache-Status
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-HS-Prerendered
X-Cambria-Cache-Control
X-Xrds-Location
Content-Disposition
X-Azure-Ref
X-Webkit-Csp
Count-Hit
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-Px
X-Page-Id
YJS-ID
Cleartype
X-Unique-Id
X-Request-Handler-Origin-Region
Cross-Origin-Embedder-Policy
X-Microsite
Accept-Charset
X-Ratelimit-Reset
X-ORACLE-DMS-ECID
X-Proxy
X-FB-Debug
X-Origin-Server
X-Rid
Cross-Origin-Resource-Policy
X-Logged-In
X-Git-Hash
X-AppVersion
X-Protected-By
X-Activity-Id
X-Az
X-Www-Served-By
X-VARITI-CCR
X-LLID
X-Template
Ar-SID
X-Load-Cache
X-PressLabs-Stats
X-Goog-Metageneration
X-Varnish-Backend
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-SERVER-NAME
X-URL
X-Hits
Version
X-Forwarded-Proto
Server-Node
X-Upgrade-Enabled
X-Geo-Country
Server-Name
X-Amzn-RequestId
X-Request-Device-Id
X-Amz-Apigw-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Hostname
X-Content-Options
X-B3-Sampled
Section-Io-Cache
Viewport
X-Varnish-Grace
X-Frontend
X-Varnish-Server
X-App-Server
X-TT
X-Status
X-Device-Type
X-Fb-Rlafr
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Grace
Alternate-Protocol
X-B
Fastly-SIE
Access-Control-Allow-Method
Fastly-SWR
Healthy
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Upgrade-Insecure-Requests
X-Meli-Trace-Platform
X-Request-Guid
X-Meli-Trace-Site
X-WebKit-CSP-Report-Only
X-Meli-Trace-Bu
TCN
Host
X-COUNTRY
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
X-Tt-Trace-Tag
X-Tt-Trace-Host
DC
X-CSRF-Token
X-Buckets
X-Cache-Age
AKAMAI-GRN
Retry-After
X-Amzn-Remapped-Content-Length
X-Contextid
Amp-Access-Control-Allow-Source-Origin
X-NF-Request-ID
X-Debug
X-Cache-Control
MS-Author-Via
X-Revision
X-Tec-Api-Root
X-Type
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Tec-Api-Version
X-Tec-Api-Origin
X-Varnish-Ttl
X-Response-Served-From
X-Instance
X-Seen-By
X-Original-Request-Id
SD-X-WS
Cross-Origin-Embedder-Policy-Report-Only
X-RemovedCookies
X-Is-Bot
X-Adobe-Loc
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
X-UUID
X-Tumblr-Pixel-0
X-Hl-Ver
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-ProcessESI
X-NYM-Debug-Backend
X-Rendered-As
X-G
X-Akamai-Edgescape
X-Lambda-Id
Section-Io-Id
Access-Control-Request-Headers
X-Debug-IsPreview
X-Yottaa-Optimizations
X-N
X-Yottaa-Metrics
X-Backend-Name
X-App-Version
X-Debug-IsConnected
X-Storage
X-Trace-Id
X-ServerID
X-Content-Powered-By
X-Wormhole-Sdk
X-INCAP-ABP
X-Framework
X-Vcl-Version
X-Origin-CC
X-Mobile
X-Mg-Request-UUID
X-Origin-TTL
AR-SID
X-RTag
MS-CV
X-Akamai-Request-ID2
X-Server-W
Charset
NGB
Ms-Operation-Id
X-RM-Cache-TTL
X-AB
Frame-Options
X-Dc
X-Request-Site
X-Request-Bu
X-Cache-Status-Check
X-Cache-Hit
X-Request-Platform
X-Server-ID
VIX-Pulpo-Node
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-DataDome
Filterid
X-Fastcgi-Cache
Refresh
Cache
Accept-Language
X-Time
X-B3-SpanId
SRV
X-Node-Name
X-Real-IP
Webserver
X-Region
Paypal-Debug-Id
X-Oracle-Dms-Ecid
X-Requestid
Protected
Onion-Location
X-Ms-Version
X-Ms-Request-Id
X-HITS
X-User-Agent
CDN-RequestId
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-VC-Cache
Liferay-Portal
X-F-Cache
X-Cache-Expired-At
Cross-Origin-Window-Policy
X-Pass-Why
Priority
X-Whom
X-WP-CF-Super-Cache-Active
X-Datadog-Trace-Id
X-IPS-LoggedIn
X-Datadog-Sampling-Priority
X-LB-Cache
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Rocket-Nginx-Serving-Static
X-HTML-Minification-Powered-By
Xet-Cookie
Backend
X-Mode
GEO-INFO
X-L-Path
X-Environment-Context
OT-Force-Account-Verify
X-Drupal-Cache-Tags
X-Tb
X-Service
X-Proxy-Cache-Info
X-Rule
X-App-Environment
X-Loop
X-Tcp-Rtt
X-Zipkin-Id
X-Browser-Name
X-Wix-Request-Id
X-Vcache
Url
X-Geo-Region
Meta-Geo
Filters
X-Adobe-Source
X-Extlb
X-Detected-As
X-Proxied
Fastcgi-Useragent
X-Cloudmap
X-UPSTREAM-Address
X-Tncms
ServerID
X-Rewrite-Enabled
X-Is-Supported-Browser
X-Handled-By
X-JoinUs
X-Is-Tablet
X-Rn-Rsrv
X-Routing-Service
X-Servername
Web-Mar-Node
X-Is-Desktop
X-SaId
X-Is-Mobile
X-Cacheable-TTL
X-Hit
X-Debug-Info
X-Director
Atl-Traceid
X-Connection-Hash
X-Cms-Context
X-Alternate-Cache-Key
X-Cdn-Origin
Expiry
X-Endurance-Cache-Level
X-Format
X-IPLB-Request-ID
X-IPLB-Instance
X-Locale
X-Hosted-By
X-MP-GENERATED-AT
X-Forwarded-Host
X-Generation-Time
X-Logging-Id
X-Storefront-Renderer-Rendered
X-VC
Property-Id
TWC-Connection-Speed
TWC-Device-Class
X-Web-Node
X-Varnish-Beresp-Grace
X-Skip-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
TWC-GeoIP-City
X-Origin-Hint
TWC-Locale-Group
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Region
Webcakes-Region
TWC-GeoIP-Country
TWC-GeoIP-DMA
TWC-GeoIP-LatLong
X-Shopify-Stage
Country
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-Redis-Cache
X-FW-Version
X-Origin-Date
X-Cluster-Node
X-ProxyCache-Key
Uber-Trace-Id
X-Cluster
X-Httpd
Environment
X-BYPASS-REASON
X-ProxyCache-Status
X-Cache-Action
X-ECache
ServedBy
X-Cache-Host
X-Soup
Mn-Server-Ip
X-Yandex-Req-Id
X-Scope-Id
X-RateLimit-Remaining-Second
X-Restarts
X-RateLimit-Limit-Second
X-Say-TTL
X-Edge-Location
X-Say-Cacheable
X-SayCDN-TTL
X-Served-From
X-PHP-Host
Locale
X-Urbn-Site-Id
X-Drupal-Cache-Contexts
X-Urbn-Context-Path
X-Labrador-Cache-Channel
X-FB-TRIP-ID
X-S
Apigw-Requestid
X-XRDS-Location
X-Auth-Group-Type
X-Fetched-On
Selected-Fe
X-Mly-Id
X-Origin
YJS-CacheStatus
Cache-Hits
X-Proxy-Build
DB-Nickname
X-Timing-Wait
LB
X-Origin-Cache
X-R9-Blue-Green-Version
X-No-Session
X-RCS-CacheZone
X-VCT
X-Is-Modern-Browser
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-GEO
X-Cache-Debug
X-Sorting-Hat-ShopId
X-NewRelic-App-Data
Front
X-WP-CF-Super-Cache-Cookies-Bypass
Countrycode
X-Varnish-Age
X-Varnish-Cache-Hits
X-SRV
X-CLOUD-TRACE-CONTEXT
X-Provided-By
Node
X-Lagoon
X-Api-Version
X-Is-Mobile-Only
Xserver
X-Source
Cache-Tv-Group
X-UA
WPO-Cache-Status
X-Platform
X-CDN-Forward
X-Webstats-RespID
X-Varnish-Beresp-Ttl
X-Site-Version
X-TA-CDN-Provider
X-Generated-By
X-Cdn
X-CDN-Cache-Status
Cache-Provider
From-Origin
X-Azure-Ref-OriginShield
X-B3-Traceid
X-Ua
Referer-Policy
X-Fastly-Request-Id
X-Accel-Version
X-CACHE-AGE
AMP-Access-Control-Allow-Source-Origin
X-B-Cache
X-Signature
X-NWS-UUID-VERIFY
X-Xfnlog-Site
X-VC-TTL
Request-ID
X-TT-LOGID
X-Presslabs-Stats
Location
X-Optimistic-Header
X-PHP-Backend
X-Sucuri-Cache
CF-IPCountry
X-Reqid
CDN-Cache
CDN-CachedAt
CDN-RequestCountryCode
CDN-Uid
WPO-Cache-Message
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Tb-Optimization-Total-Bytes-Saved
CDN-PullZone
CDN-EdgeStorageId
X-IsAdmin
X-Cache-Operation
X-Cache-Rule
X-Worker
X-Tx-Id
X-Tt-Logid
X-Forwarded-Site
X-Ig-Origin-Region
X-Ig-Push-State
Redirect-Candidate
X-A-Ccd
X-GeoCode
Odigeo-Trace-Id
Apple-News-Services-Handled
Origin
Apple-News-Services-Host
Meta-Geo-Continent
X-Fmm-Version
X-HS-Content-Campaign-Id
MD5-Digest
Lang
X-S-Cookie
X-Save-Cache
DCR-Processing-Time-Ms
Apple-News-Services-Request-Url
X-Rojux
Cdncip
Rendered-Blocks
X-A-Dam
Host-ID
Apple-News-Services-Parsed-Url
X-Rocket-Build-Number
X-Req
X-A-Dcw
X-Ee-Request-Date
X-Old-Content-Length
X-Loc
X-External-Request-Id
X-Origin-Expires
Cluster
X-Ee-Request-Id
RNT-Time
Time-Cloud-Cache
Fastly-SSL
Sslversion
X-Node-Id
Cdnsip
DCR-Decision-By
X-Micro-Cache
Fl-Custom-Application
X-Ee-Generated-By
X-GeoCountry
Web-Mar-Region
Store-Cloud-Cache
Expect-Staple
X-PERF
X-PAYTM-SRV-ID
X-Ee-Origin
RNT-Machine
Ngx.Var.Host
Candidate-Md5Url
X-A
X-Slack-Shared-Secret-Outcome
X-B-Cookie
X-Cms-Device
X-Clientip
X-Sucuri-ID
X-Vary-Devices
X-Auto-Login
X-Litespeed-Cache-Control
X-Contensis-Viewer-Groups
X-Varnish-Director
X-Varnish-Hostname
X-Conf
X-Vdms-Version
X-VG-TLSProxy
X-Cache-Aspx
X-Cache-NE
X-Developer
X-Destination
X-Depends
Xc-Version
X-Bl-Debug
X-VG-WebCache
X-A-Dgt
X-Vtex-Remote-Cache
X-BCube-Filmed-By
X-Content-Age
X-Application
X-Sigma-Backend
X-Ec-Fail
Log-Origin
X-SRCache-Key
X-Sigma
X-Access
X-A-Wwc
X-ScT
X-SD-PageType
X-Section
X-Action
X-Slack-Backend
X-Core-Value
X-AK-Request-ID
X-Aed
X-ApacheServer
X-D
X-Varnish-Authentication
X-Ec-GeoHdr
X-Frame-Option
X-Fastly-Backend
PFcat
X-Debug-Cache-Fetch
X-Content-Length
Origin-EX
X-Gen-Mode
X-FC-Vary-Parameters
X-DefElseHash
X-CUA
X-Gdpr
X-CGP
Nord-Request-ID
X-Debug-Cache-Store
X-DefHash
X-Csrf-Jwt
Origin-Agent-Cluster
Origin-CC
X-Epic-Correlation-Id
X-Amz-Storage-Class
X-Akamai-Device-Characteristics
X-Ec-Custom-Error
X-App-Name
Thinkindot-CacheControl-Type
User-Cache-Control
X-Aicache-OS
X-AB-Test
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
V-Age
Thinkindot-CacheControl
TDXMobile
Req-Svc-Chain
RewriteTeamHook
X-Dispatcher-Server
X-Eu-Site
X-Block-Status
RewriteTestHook
X-Bc-Bl
X-Backend-Instance
X-BBC-Edge-Cache-Status
ServerName
Server-Host
X-Bug-Bounty
X-Path
X-Region-Sid
N-Cache
Wxu-Next-Commit
X-Render-Time
X-Request-URI
L5d-Success-Class
X-SB
Wxu-Next-Hostname
X-Policy
Wxu-Next-Region
X-From
X-Nyt-Route
X-Op-Id-All
X-Date
X-Origin-Time
IsBot
XM
X-Uri
X-Up
X-UA-Device-Type
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
X-Thinkindot-L1
X-Shield-Cache-Expires
X-We-Are-Hiring
X-Sn-Servicetimems
X-Viewer-Country
X-Air-Pt
X-Via-Fastly
X-GeoIP-City
X-Hash
X-HN
X-V-Cache
DSUID
Country-Code
X-Hnp-Log
Cmstype
X-Human
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Generated-On
L
Ha-Gx-Prefs
Gh-Request-Id
X-GeoIP-Country-Code
Gannett-Cam-Experience-Id
Cmsid
X-Internal-TTL
Azure-SlotName
X-SIPLIST1
Azure-SiteName
Azure-RegionName
X-Org
Azure-InstanceId
Azure-Version
X-Men
CDCHOST
X-Ion-Healthy
X-Ion-Hop
Cache-Contol
X-Level-Front-Cache
X-Jungle-Id
X-VarnishDD-TTL
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Mvc-Supplant-Cachable
X-Gamma-Serve
X-Cache-Date
X-Proto
X-ElasticPress-Query
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Vmg-Version
Pragrma
X-Gzip
X-Esi-Check
X-NMSegId
X-Moov-T
X-Pubstack
Origin-Site
X-SVT-ORM-RULES
X-Server-IP
X-SVT-ORM-VERSION
X-Vercel-Id
X-DPWN-IS-SECURE
X-Vercel-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
NM-Fastcgi-Cache
X-Thanos
X-Edge-Server
Content-Style-Type
Content-Script-Type
Release
X-B3-Trace-ID
Mail-Subject
Machine
Platform
Producers
Tube-Got-Eval
Tube-Get-Contents
Fastly-GeoIP-CountryCode
Click-Count-Error
C-Via
Sid
CacheControlHeader
Cdn-Host
Click-Count-Action-Start
Cdn-Request-Time
Tube-Got-Results
Fastly-Backend-Name
X-Cache-FS-Status
Tube-Return
X-CacheTTL
X-Cache-Id
X-Bip
We-Hiring
X-LSADC-Cache
Source
X-Parent-Response-Time
X-Origin-Response-Time
Canary
Powered-By
X-NGINX-Cache
X-Location
X-Proxied-Request
X-Mvc-Supplant-OutputCached
S-Rt
X-Litespeed-Tag
X-ZONE
X-Pad
X-Cs
Vix-Hermes-Req-Id
X-Upstream-Ht
X-Upstream-Ct
Debug
Mime-Version
X-Cached-By
Fastly-Drupal-HTML
X-ND-Cache
Pics-Label
Product
X-Refresh
X-TH-Server
NGX
X-Datadome
X-APP
X-Varnish-Hits
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popv
X-Via-Popn
X-Via-Poph
HA-Ipaddr
CloudFront-Viewer-Country
Cookie
X-HA-Backend
X-Cache-VC
X-Nananana
X-DynaTrace-JS-Agent
X-AIR-PT
X-Cdn-Forward
X-User
GeoIp-Country-Code
X-Servedbyhost
GeoIP-Latitude
Edge-Cache
X-LB-ID
Server-ID
X-Webkit-CSP
X-GeoIP
X-FORWARDED-FOR
HostName
X-LB-NoCache
MIME-Version
Akamai-Mon-Iucid-Del
X-Wa
X-Nginx-Cache
X-Fpc
X-Debug-Service
WZWS-RAY
X-Srv
Fastly-Drupal-Html
DataCenter
X-Nginx-Cache-Key
X-B3-Parentspanid
X-Nc
Tcn
X-Zone
X-Scheme
Server-Hostname
X-Request-Start
Server-Ext
X-Unity-Cache
Surrogated-Key
Sever-Int
Resin-Trace
SID
Load-Balancing
X-Client-Ip
Lb
X-RateLimit-Limit
Show-Do-Not-Sell-Link
X-Lsadc-Cache
True-Client-Country-4JS
X-CS
X-Cache-Backend
Cdn
X-VCL-Version
X-Newrelic-Synthetics
Traceparent
X-Pool
X-Service-Response-Time
X-Request-Host
Wsr-Cache
Sm-Log-Id
X-NodeID
X-B3-Spanid
X-RequestId
X-TX-ID
N1-Cache
X-Vc
X-Vgn-Hpd-Reason
NtCoent-Length
X-Cache-Grace
Yjs-Id
X-DataCenter
X-Datacenter
Yak-Timeinfo
X-HOST
X-DynaTrace
X-LiteSpeed-Cache-Control
X-Via-CDN
X-Via-Edge
X-HubSpot-Correlation-Id
CDN
X-WA
X-CDN-Provider
Edge-Copy-Time
X-Via-SSL
X-Oracle-DMS-ECID
Xkeylog
X-Srcache-Store-Status
Serverhost
X-API-Version
X-Air-Source
XkeyR9
X-Air-Trace-Id
X-Srcache-Fetch-Status
X-Proxy-CacheR9
Cdn-Requestid
X-Zen-Fury
Datacenter
X-Geolocation
X-Proxy-Cache-La3
X-FPC
X-Air-Hostname
Hostname
Xkey-La3
X-Udemy-Cache-App-Namespace
X-NC
X-LiteSpeed-Tag
X-Jobs
Req-ID
Server-Id
X-Fastly-Backend-Reqs
A
X-ID
X-Dynatrace-Js-Agent
X-Lb-Id
X-Cdn-Srv
Geoip-Latitude
WP-Super-Cache
X-Ez-Minify-Html
True-Client-IP
X-Html-Minification-Powered-By
Uri
X-Akamai-Pragma-Client-IP
X-Varnish-Beresp-TTL
CountryCode
Proxy-Firewall
X-Via-JSL
X-Stale
ServerHost
T-Server
X-ServedByHost
GeoIP-Country-Code
Esi-Enabled
X-VTEX-Cache-Server
Cs
On-Server
X-Powered-By-VTEX-Cache
RATING
X-TimeS
X-VTEX-Cache-Time
X-Ez-Minify-Js
Cloudfront-Viewer-Country
Srv
X-Lb-Nocache
X-Swift-Error
From-Cache
X-VC-Age
WebServer
X-Styx-Info
X-MSEdge-Flight
X-MSEdge-Features
X-CSRF-TOKEN
X-Styx-Origin-Id
Cr
X-WA-Info
X-HA-Bot-Classification
X-HA-Application-Name
Pramga
Coldstone-Viewer-Country
Coldstone-Viewer-Currency
X-App
Coldstone-Viewer-Country-Region-Name
X-Ha-Backend
X-HA-Device-Type
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Webkit-Csp-Report-Only
Ngx
X-Via-PopN
X-Fastly-Cache
X-Via-PopV
X-TIM-N
Content-Secure-Policy
X-Ssense-Gql
X-Var-Ttl
X-Ssense-Shipping-Surcharge-Enabled
X-Via-PopH
FSS-Cache
X-Correlation-ID
X-Check-Cacheable
W
X-Cdn-Cache-Status
BehaviorPad-Version
X-Web-Server
X-Shardid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Geo
X-Th-Server
X-Proxy-Cache-LA2
X-Wp-Cf-Super-Cache-Active
X-Elasticpress-Query
X-Request-Url
X-DC
X-Serial
X-Sucuri-Id
Cl-Cache
Akamai-X-True-TTL
X-ATG-Version
X-Wp-Cf-Super-Cache-Cookies-Bypass
Cf-Ipcountry
X-Request-Time
Xkey-G-Jp
User-Agent
X-Ramcache
FSS-Proxy
X-Nitro-Cache
X-Env
Host-Name
X-Fastly-Cache-Hits
X-Mg-Cache
Bxpunish
X-Fastly-Cache-Status
My-App
Cneonction
Bxuuid
X-Cache-TTL-Remaining