Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
Cf-Request-Id
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Request-ID
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-Cache-Group
X-Amz-Version-Id
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-Device
X-Node
EagleEye-TraceId
X-LiteSpeed-Cache
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Server-Id
X-Readtime
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
P3p
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Clacks-Overhead
X-Content-Type
X-Country
X-Application-Context
Rating
X-TtlSet
X-PC
X-Vname
X-Times
X-Cnection
X-ESI
X-Cache-TTL
X-Browser-Type
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-Edge
X-Midtier
X-Mcache
X-FTR-Expires
X-Vcap-Request-Id
Accept-Ch-Lifetime
Surrogate-Key
Origin-Trial
X-Ac
Edge-Control
X-Powered-By-Plesk
X-Abt-Application-Version
X-Element-Page-Cache
X-D2id
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-NWS-LOG-UUID
X-FastCGI-Cache
Verso
X-Ua-Device
X-Upstream
X-B3-TraceId
X-Nf-Request-Id
X-Navigation-Version
X-ORACLE-DMS-RID
Nginx-Cache
X-Amz-Rid
X-Mod-Pagespeed
X-ECACHE
X-Sol
X-Middleton-Display
Display
Pagespeed
Pinterest-Generated-By
X-GitHub-Request-Id
X-Pinterest-Rid
Pinterest-Version
X-Client-IP
X-Language
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Middleton-Response
Response
X-Envoy-Decorator-Operation
Akamai-GRN
X-Ratelimit-Limit
Edge-Cache-Tag
S
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Resp-Is-Stale
X-MS-InvokeApp
X-ARC
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
X-Content-Digest
SPRequestDuration
SPIisLatency
SPRequestGuid
X-Url
X-SharePointHealthScore
Access-Control-Request-Method
X-Cache-Key
Front-End-Https
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-NGENIX-Cache
X-Recruiting
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
X-Version
X-Powered-CMS
Cache-Status
X-Ttl
X-Oneagent-Js-Injection
X-Varnish-TTL
Public-Key-Pins
X-T
X-Mg-S
Fastcgi-Cache
TP-Cache
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Forwarded-For
X-Accel-Expires
X-Daa-Tunnel
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Correlation-Id
Realpath
X-Ismobilevalue
Cache-Tags
X-Cluster-Name
X-Fastly-Request-ID
X-Id
X-Cached
AR-CACHE
X-Ruxit-Js-Agent
X-CST
X-HS-Combine-CSS
X-Server-Name
X-Request-Received
X-Request-Processing-Time
Payment
X-Ua-Browser
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DIS-Request-ID
X-Content-Security-Policy-Report-Only
Content-MD5
X-GUploader-UploadID
X-Newrelic-App-Data
X-Ratelimit-Remaining
X-TTL
X-HS-Prerendered
X-HS-CF-Cache-Status
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Cambria-Cache-Control
X-Xrds-Location
X-Webkit-Csp
X-RateLimit-Remaining
Content-Disposition
Count-Hit
X-ORACLE-DMS-ECID
X-Azure-Ref
X-Amz-Replication-Status
X-Px
X-Page-Id
Cross-Origin-Resource-Policy
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
X-Microsite
Cleartype
X-Unique-Id
X-Proxy
X-Logged-In
Accept-Charset
X-Git-Hash
X-Origin-Server
X-SRCache-Fetch-Status
X-FB-Debug
Cross-Origin-Embedder-Policy
X-Rid
X-SRCache-Store-Status
X-Load-Cache
X-VARITI-CCR
X-Az
X-AppVersion
X-Activity-Id
X-Protected-By
X-Www-Served-By
X-LLID
X-PressLabs-Stats
X-Template
YJS-ID
X-Goog-Metageneration
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-SERVER-NAME
X-Amz-Meta-S3cmd-Attrs
X-URL
Server-Node
X-Hits
Version
X-Forwarded-Proto
Server-Name
X-Upgrade-Enabled
X-Geo-Country
Ar-SID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Hostname
X-Content-Options
X-Frontend
X-B3-Sampled
Section-Io-Cache
X-Status
Viewport
X-Varnish-Server
X-Varnish-Grace
X-TT
X-Device-Type
Fastly-SWR
Mrf-Cache-Status
Alternate-Protocol
X-Grace
MRF-Tech
X-B3-TraceId-Primal
X-Request-Device-Id
Fastly-SIE
X-App-Server
X-B
X-Fb-Rlafr
X-Server-ID
TCN
Access-Control-Allow-Method
X-NF-Request-ID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
Upgrade-Insecure-Requests
X-Request-Guid
Healthy
X-COUNTRY
X-Tt-Trace-Tag
Host
X-Tt-Trace-Host
Amp-Access-Control-Allow-Source-Origin
X-Magnolia-Registration
X-Buckets
X-CSRF-Token
DC
X-EdgeConnect-Cache-Status
X-Varnish-Ttl
X-WebKit-CSP-Report-Only
X-Cache-Age
AKAMAI-GRN
X-Wormhole-Sdk
X-Amzn-Remapped-Content-Length
Retry-After
X-Debug
X-Contextid
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Cache-Control
MS-Author-Via
AR-SID
X-Revision
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Original-Request-Id
X-Response-Served-From
X-Instance
X-Is-Bot
Cross-Origin-Embedder-Policy-Report-Only
X-Seen-By
X-NYM-Debug-Backend
X-Origin-TTL
X-Origin-CC
X-Adobe-Content
X-Type
X-Rendered-As
X-Adobe-Loc
X-Vcl-Version
Cross-Origin-Opener-Policy-Report-Only
X-UUID
Section-Io-Id
SD-X-WS
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-G
X-Backend-Name
X-Hl-Ver
X-ServerID
X-Tumblr-Pixel-1
Charset
X-Mobile
X-Framework
X-Mg-Request-UUID
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Lambda-Id
X-Akamai-Edgescape
Access-Control-Request-Headers
X-Debug-IsPreview
X-Content-Powered-By
X-Debug-IsConnected
X-Trace-Id
X-Server-W
NGB
X-RM-Cache-TTL
X-Storage
X-Cache-Hit
X-AB
X-Dc
X-ProcessESI
X-App-Version
X-RTag
Ms-Operation-Id
X-RemovedCookies
MS-CV
X-N
X-INCAP-ABP
X-Akamai-Request-ID2
X-Request-Bu
X-DataDome
X-Request-Site
X-Request-Platform
X-Cache-Time
X-Cache-Status-Check
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Filterid
Frame-Options
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Time
Refresh
Cache
Protected
Accept-Language
X-B3-SpanId
X-Fastcgi-Cache
SRV
X-Region
X-Real-IP
X-Node-Name
Webserver
X-Oracle-Dms-Ecid
CDN-RequestId
Paypal-Debug-Id
Onion-Location
X-HITS
X-User-Agent
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Ms-Version
X-Ms-Request-Id
Cross-Origin-Window-Policy
Liferay-Portal
X-VC-Cache
X-Cache-Expired-At
X-LB-Cache
X-Whom
X-F-Cache
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Requestid
X-IPS-LoggedIn
X-Datadog-Parent-Id
X-WP-CF-Super-Cache-Active
X-Rocket-Nginx-Serving-Static
X-HTML-Minification-Powered-By
Priority
X-Mode
OT-Force-Account-Verify
X-Pass-Why
Backend
Xet-Cookie
GEO-INFO
X-Environment-Context
X-L-Path
X-Proxy-Cache-Info
X-Service
X-Tb
X-App-Environment
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-Rewrite-Enabled
X-Rn-Rsrv
X-Tcp-Rtt
ServerID
Meta-Geo
Filters
Fastcgi-Useragent
X-Handled-By
Web-Mar-Node
X-UPSTREAM-Address
X-Adobe-Source
X-Browser-Name
X-SaId
X-FW-Version
X-FW-Type
X-Is-Desktop
X-Is-Mobile
X-Is-Tablet
X-Is-Supported-Browser
X-FW-Server
X-FW-Serve
X-Detected-As
X-Debug-Info
X-Endurance-Cache-Level
X-Geo-Region
X-FW-Hash
X-FW-Dynamic
X-JoinUs
X-FW-Static
X-MP-GENERATED-AT
X-Hit
TWC-GeoIP-Region
X-Restarts
TWC-GeoIP-LatLong
X-Generation-Time
X-IPLB-Request-ID
X-Origin-Hint
LB
X-Origin-Date
TWC-Privacy
TWC-Locale-Group
X-Cdn-Origin
X-IPLB-Instance
X-Forwarded-Host
TWC-Connection-Speed
X-Cloudmap
ServedBy
Property-Id
X-Cache-Host
X-Wix-Request-Id
X-Director
TWC-Device-Class
TWC-GeoIP-DMA
X-Format
X-Extlb
TWC-GeoIP-Country
TWC-GeoIP-City
Webcakes-App-Name
Url
X-Hosted-By
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Tncms
X-Rule
X-Servername
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Vcache
X-Locale
X-Proxied
Webcakes-App-Version
X-Loop
X-Zipkin-Id
Webcakes-Region
X-Web-Node
X-Routing-Service
X-Say-TTL
X-Cluster
X-SayCDN-TTL
Mn-Server-Ip
X-ProxyCache-Key
X-Cluster-Node
X-Say-Cacheable
Country
X-Scope-Id
X-Skip-Cache
X-ProxyCache-Status
X-BYPASS-REASON
X-Redis-Cache
X-Logging-Id
X-Cache-Action
Uber-Trace-Id
X-Soup
X-Edge-Location
X-Cms-Context
Apigw-Requestid
Atl-Traceid
Environment
X-VC
X-ECache
X-Drupal-Cache-Contexts
X-FB-TRIP-ID
X-Labrador-Cache-Channel
X-Served-From
X-PHP-Host
X-Mly-Id
X-Httpd
X-S
X-Tumblr-Pixel-3
X-Auth-Group-Type
Locale
DB-Nickname
X-Urbn-Context-Path
X-Tumblr-Pixel-2
X-RateLimit-Remaining-Second
X-XRDS-Location
X-R9-Blue-Green-Version
Expiry
X-Fetched-On
X-Connection-Hash
X-Urbn-Site-Id
X-RateLimit-Limit-Second
Cache-Hits
X-Origin-Cache
X-ShopId
X-Proxy-Build
Selected-Fe
X-Sorting-Hat-ShopId
X-Origin
X-ShardId
X-Sorting-Hat-PodId
X-GEO
X-Timing-Wait
X-RCS-CacheZone
X-Varnish-Cache-Hits
X-Cache-Debug
YJS-CacheStatus
X-Yandex-Req-Id
X-Source
Front
X-Is-Modern-Browser
X-NewRelic-App-Data
X-No-Session
Countrycode
X-VCT
X-SRV
X-WP-CF-Super-Cache-Cookies-Bypass
X-CLOUD-TRACE-CONTEXT
X-Varnish-Age
X-UA
WPO-Cache-Status
X-Api-Version
X-Lagoon
Node
Xserver
X-Varnish-Beresp-Ttl
X-Provided-By
X-Is-Mobile-Only
X-Webstats-RespID
X-CDN-Forward
X-Site-Version
X-Platform
X-Cdn
X-Generated-By
Cache-Provider
From-Origin
X-TA-CDN-Provider
X-B3-Traceid
X-Azure-Ref-OriginShield
Referer-Policy
Cache-Tv-Group
X-Accel-Version
X-CACHE-AGE
X-CDN-Cache-Status
X-Xfnlog-Site
X-B-Cache
X-Signature
X-VC-TTL
Request-ID
X-Ua
X-TT-LOGID
X-PHP-Backend
X-NWS-UUID-VERIFY
CF-IPCountry
X-Sucuri-Cache
Location
WPO-Cache-Message
X-Presslabs-Stats
CDN-Cache
X-Tx-Id
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullSuccess
X-Reqid
AMP-Access-Control-Allow-Source-Origin
CDN-Uid
CDN-PullZone
X-Air-Pt
CDN-RequestPullCode
CDN-RequestCountryCode
X-Fastly-Request-Id
X-Cache-Operation
X-Cache-Rule
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-ID
X-Tt-Logid
X-IsAdmin
X-Varnish-Authentication
X-Varnish-Director
Redirect-Candidate
Ngx.Var.Host
Odigeo-Trace-Id
Origin
RNT-Machine
Rendered-Blocks
Sslversion
X-Section
Web-Mar-Region
X-A
X-ScT
X-Slack-Backend
Time-Cloud-Cache
RNT-Time
Meta-Geo-Continent
X-Slack-Shared-Secret-Outcome
Store-Cloud-Cache
X-SRCache-Key
X-VG-TLSProxy
Apple-News-Services-Request-Url
Candidate-Md5Url
Cdncip
Cdnsip
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Xc-Version
X-Vtex-Remote-Cache
X-Viewer-Country
Apple-News-Services-Handled
DCR-Decision-By
DCR-Processing-Time-Ms
X-Vdms-Version
X-Vary-Devices
Lang
Log-Origin
X-Save-Cache
Fl-Custom-Application
Expect-Staple
X-VG-WebCache
Fastly-SSL
MD5-Digest
X-Origin-Expires
X-Developer
X-B-Cookie
X-BCube-Filmed-By
X-Destination
X-Ec-Fail
X-Auto-Login
X-Ee-Origin
X-Ee-Generated-By
X-Ec-GeoHdr
X-Application
X-Depends
X-Bl-Debug
X-Cache-NE
X-Cms-Device
X-Contensis-Viewer-Groups
X-Conf
X-Content-Age
XM
X-D
X-Core-Value
X-Cache-Aspx
X-Ee-Request-Date
X-AK-Request-ID
X-Loc
X-Ig-Push-State
X-Ig-Origin-Region
X-A-Dcw
X-Micro-Cache
X-Old-Content-Length
X-A-Ccd
X-A-Dam
X-Rojux
X-Request-URI
X-A-Dgt
X-HS-Content-Campaign-Id
X-Fmm-Version
X-External-Request-Id
X-Ee-Request-Id
X-Aed
X-Forwarded-Site
X-Access
X-GeoCountry
X-GeoCode
X-A-Wwc
X-S-Cookie
X-Action
X-Frame-Option
X-Optimistic-Header
X-Rocket-Build-Number
Wxu-Next-Region
X-Render-Time
Wxu-Next-Hostname
User-Cache-Control
Wxu-Next-Commit
X-Region-Sid
X-Acquia-Purge-Cdn-Unconfigured
X-Origin-Time
X-Akamai-Device-Characteristics
X-Nyt-Route
X-Aicache-OS
X-Path
X-Shield-Cache-Expires
X-Policy
X-Pubstack
X-Sigma-Backend
X-Thinkindot-L1
Req-Svc-Chain
RewriteTeamHook
X-Thinkindot-L3
X-UA-Device-Type
Origin-EX
X-Up
RewriteTestHook
Server-Host
Thinkindot-CacheControl-Type
X-App-Name
Thinkindot-CacheControl
TDXMobile
X-Epic-Correlation-Id
X-SIPLIST1
X-Sigma
X-Moov-Xdn-Caching-Status
X-GeoIP-City
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GeoIP-Country-Code
X-CUA
X-GeoIP-Region-Code
X-Csrf-Jwt
X-DefElseHash
X-DefHash
X-From
X-FC-Vary-Parameters
X-Eu-Site
X-Ec-Custom-Error
X-Gdpr
X-Generated-On
X-Gen-Mode
X-Content-Length
X-Hnp-Log
X-Moov-T
X-Block-Status
X-Bug-Bounty
X-Bc-Bl
X-BBC-Edge-Cache-Status
Origin-CC
X-Backend-Instance
X-Level-Front-Cache
X-Jungle-Id
X-CGP
X-Clientip
X-Human
X-Internal-TTL
X-Ion-Hop
X-Ion-Healthy
X-Moov-Xdn-Version
X-Sn-Servicetimems
IsBot
Cache-Contol
X-Req
Azure-Version
L
Azure-SiteName
Azure-SlotName
L5d-Success-Class
X-PERF
Ha-Gx-Prefs
X-PAYTM-SRV-ID
Origin-Agent-Cluster
X-ApacheServer
Host-ID
CDCHOST
Gh-Request-Id
Gannett-Cam-Experience-Id
Cluster
Azure-RegionName
X-We-Are-Hiring
X-Uri
X-Varnish-Beresp-Status
X-Varnish-CookieINHashed-On
Azure-InstanceId
X-Varnish-Hostname
X-Varnish-Remaining-TTL
X-SD-PageType
Nord-Request-ID
X-Varnish-CookieHashed-On
X-Worker
X-LSADC-Cache
Click-Count-Action-Start
X-Cache-FS-Status
Click-Count-Error
Cmsid
X-Cache-Id
X-Esi-Check
X-Men
X-Bip
X-HN
X-Node-Id
X-Op-Id-All
N-Cache
X-Cache-Date
Cmstype
X-Org
X-Edge-Server
C-Via
X-VarnishDD-TTL
X-SB
X-Date
X-Litespeed-Cache-Control
X-DPWN-IS-SECURE
Content-Script-Type
CacheControlHeader
Cdn-Host
X-Fastly-Backend
X-Hash
X-Gzip
X-Via-Fastly
X-GoCache-CacheStatus
Cdn-Request-Time
X-NMSegId
Tube-Get-Contents
X-Vmg-Version
X-Vercel-Id
Machine
Tube-Got-Eval
Tube-Got-Results
Content-Style-Type
V-Age
Tube-Return
Mail-Subject
X-Vercel-Cache
Producers
Pragrma
Platform
Origin-Site
X-V-Cache
Release
ServerName
X-Thanos
NM-Fastcgi-Cache
X-Server-IP
We-Hiring
X-Amz-Storage-Class
X-AB-Test
X-Mvc-Supplant-Cachable
X-Dispatcher-Server
Country-Code
X-B3-Trace-ID
PFcat
DSUID
X-Accel-Expires-Debug
X-Proto
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Parent-Response-Time
X-Proxied-Request
Fastly-Drupal-HTML
X-Wikidot-Static-Cache
X-ElasticPress-Query
X-Origin-Response-Time
X-Wikidot-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Gamma-Serve
X-Mvc-Supplant-OutputCached
X-Location
X-CacheTTL
Canary
Source
X-VWS-Id
X-Pad
X-Litespeed-Tag
Sid
X-AWS-Id
X-LJ-Flow-ID
X-TH-Server
Product
Debug
S-Rt
Powered-By
X-NGINX-Cache
X-Cached-By
X-ZONE
X-Amz-Meta-Cb-Modifiedtime
X-Refresh
NGX
Vix-Hermes-Req-Id
X-Cs
HA-Ipaddr
X-Upstream-Ct
CloudFront-Viewer-Country
X-Upstream-Ht
X-APP
X-Nananana
Pics-Label
Mime-Version
X-Cache-VC
X-ND-Cache
X-Servedbyhost
GeoIP-Latitude
X-Via-Popv
Cookie
X-Ah-Environment
X-Via-Poph
X-Via-Popn
X-Varnish-Hits
X-Cdn-Forward
X-HA-Backend
X-User
Server-ID
X-Datadome
Edge-Cache
X-Nginx-Cache
GeoIp-Country-Code
X-LB-ID
X-AIR-PT
X-DynaTrace-JS-Agent
MIME-Version
X-Webkit-CSP
X-LB-NoCache
Akamai-Mon-Iucid-Del
X-Fpc
X-Wa
X-GeoIP
X-Nc
Surrogated-Key
HostName
WZWS-RAY
X-B3-Parentspanid
X-Request-Start
X-Srv
X-Zone
X-Unity-Cache
X-Nginx-Cache-Key
DataCenter
X-Scheme
Resin-Trace
X-FORWARDED-FOR
X-Debug-Service
SID
Fastly-Drupal-Html
X-Client-Ip
Sever-Int
Server-Ext
True-Client-Country-4JS
Server-Hostname
X-CS
Tcn
N1-Cache
X-Pool
X-NodeID
X-Request-Host
Cdn
Show-Do-Not-Sell-Link
Load-Balancing
X-RequestId
X-Lsadc-Cache
X-VCL-Version
X-Cache-Backend
Wsr-Cache
X-Service-Response-Time
Sm-Log-Id
Lb
X-Cache-Grace
X-B3-Spanid
X-Newrelic-Synthetics
Yjs-Id
X-DataCenter
Yak-Timeinfo
X-Vgn-Hpd-Reason
X-DynaTrace
X-Vc
Traceparent
X-HOST
X-LiteSpeed-Cache-Control
X-Via-SSL
Edge-Copy-Time
X-Datacenter
X-Via-CDN
NtCoent-Length
X-Via-Edge
X-TX-ID
X-NODE
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
Datacenter
X-Zen-Fury
X-RateLimit-Limit
X-Geolocation
Cdn-Requestid
X-API-Version
X-Jobs
X-HubSpot-Correlation-Id
Hostname
X-CDN-Provider
Req-ID
X-WA
CDN
X-LiteSpeed-Tag
XkeyR9
Serverhost
X-Proxy-CacheR9
X-FPC
X-NC
X-Cdn-Srv
X-ID
X-Proxy-Cache-La3
Xkey-La3
X-Fastly-Backend-Reqs
Xkeylog
X-Udemy-Cache-App-Namespace
Uri
X-Dynatrace-Js-Agent
Server-Id
X-Akamai-Pragma-Client-IP
X-Lb-Id
WP-Super-Cache
X-VTEX-Cache-Time
A
X-Html-Minification-Powered-By
X-VTEX-Cache-Server
True-Client-IP
GeoIP-Country-Code
X-Powered-By-VTEX-Cache
X-TimeS
Proxy-Firewall
RATING
X-Stale
X-Ez-Minify-Js
T-Server
On-Server
Geoip-Latitude
X-Srcache-Fetch-Status
CountryCode
X-Srcache-Store-Status
X-Webkit-Csp-Report-Only
Srv
X-WA-Info
X-Varnish-Beresp-TTL
X-Swift-Error
ServerHost
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
X-ServedByHost
X-Via-JSL
X-Lb-Nocache
From-Cache
Esi-Enabled
Coldstone-Viewer-Country
Cs
WebServer
X-Oracle-DMS-ECID
X-Ha-Backend
X-CSRF-TOKEN
X-VC-Age
Cloudfront-Viewer-Country
X-App
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Ez-Minify-Html
X-Wp-Cf-Super-Cache
X-MSEdge-Flight
X-MSEdge-Features
X-HA-Bot-Classification
X-Styx-Origin-Id
X-HA-Application-Name
Cr
X-Styx-Info
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
BehaviorPad-Version
Pramga
X-HA-Device-Type
X-Via-PopH
X-Via-PopN
X-Correlation-ID
X-Fastly-Cache
Ngx
FSS-Cache
X-Via-PopV
X-Sorting-Hat-Podid
X-TIM-N
X-Sorting-Hat-Shopid
X-Shopid
X-Geo
X-Cdn-Cache-Status
X-Var-Ttl
X-Web-Server
X-Shardid
Content-Secure-Policy
X-Check-Cacheable
X-Elasticpress-Query
W
X-DC
X-Proxy-Cache-LA2
X-Sucuri-Id
X-Request-Url
X-Wp-Cf-Super-Cache-Active
X-Nitro-Cache
X-Serial
X-Th-Server
X-ATG-Version
Akamai-X-True-TTL
X-Request-Time
X-Wp-Cf-Super-Cache-Cookies-Bypass
My-App
Cf-Ipcountry
Xkey-G-Jp
X-Ramcache
User-Agent
Cl-Cache
Bxpunish
X-Fastly-Cache-Hits
X-Cache-TTL-Remaining
Bxuuid
True-Client-Ip
Cneonction
FSS-Proxy
X-Env
Host-Name
X-Mg-Cache
X-Fastly-Cache-Status