Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
Keep-Alive
X-Amz-Version-Id
X-AH-Environment
X-Rq
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-LiteSpeed-Cache
X-Backend-Server
X-Country-Code
X-Server-Id
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
P3p
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Application-Context
X-Clacks-Overhead
Rating
X-PC
X-TtlSet
X-Vname
X-Times
X-Country
X-Cnection
X-Ua-Device
X-ESI
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-Cache-TTL
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Surrogate-Key
Origin-Trial
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Element-Page-Cache
X-FastCGI-Cache
X-Abt-Application-Version
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-NWS-LOG-UUID
X-Nf-Request-Id
X-D2id
Verso
X-B3-TraceId
X-Upstream
X-ECACHE
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Amz-Rid
X-Navigation-Version
Nginx-Cache
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Pagespeed
X-Middleton-Display
Display
X-Sol
Akamai-GRN
X-GitHub-Request-Id
X-Language
X-Envoy-Decorator-Operation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Kraken-Loop-Name
Response
X-Middleton-Response
X-Client-IP
S
X-Oneagent-Js-Injection
Edge-Cache-Tag
X-Ratelimit-Limit
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-MS-InvokeApp
X-Goog-Hash
X-ARC
X-Resp-Is-Stale
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
X-Url
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
Access-Control-Request-Method
X-NGENIX-Cache
X-Cache-Key
Front-End-Https
X-Dw-Request-Base-Id
X-Ezoic-Cdn
X-Shield-Request-Id
X-Recruiting
RTSS
X-Ttl
X-Varnish-TTL
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Ruxit-Js-Agent
X-Mg-S
Public-Key-Pins
X-T
X-MSEdge-Ref
Fastcgi-Cache
TP-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Daa-Tunnel
X-Forwarded-For
X-Ismobilevalue
X-Correlation-Id
X-Cluster-Name
Realpath
Cache-Tags
X-Id
X-Fastly-Request-ID
X-Cached
AR-CACHE
X-Request-Processing-Time
X-Request-Received
X-Content-Security-Policy-Report-Only
X-HS-Combine-CSS
Payment
Content-MD5
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ua-Browser
X-Newrelic-App-Data
X-DIS-Request-ID
X-GUploader-UploadID
X-Server-Name
X-CST
X-Cambria-Cache-Control
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-HS-Prerendered
X-HS-CF-Cache-Status
X-RateLimit-Remaining
X-Azure-Ref
Content-Disposition
X-Ratelimit-Remaining
X-TTL
X-Amz-Replication-Status
Count-Hit
X-Xrds-Location
X-Webkit-Csp
X-ORACLE-DMS-ECID
YJS-ID
X-Px
X-Page-Id
Cleartype
Accept-Charset
Cross-Origin-Resource-Policy
X-SRCache-Fetch-Status
X-Unique-Id
X-SRCache-Store-Status
X-Origin-Server
X-Logged-In
X-FB-Debug
X-Proxy
X-Ratelimit-Reset
Cross-Origin-Embedder-Policy
X-Rid
X-Git-Hash
X-Www-Served-By
X-Protected-By
X-AppVersion
Ar-SID
X-Activity-Id
X-Az
X-SERVER-NAME
X-VARITI-CCR
X-Request-Handler-Origin-Region
X-Microsite
X-Goog-Metageneration
X-LLID
X-Load-Cache
X-Template
MicrosoftSharePointTeamServices
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
X-PressLabs-Stats
Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Forwarded-Proto
Server-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-URL
X-Upgrade-Enabled
Server-Name
X-Geo-Country
X-Request-Device-Id
X-Hits
X-Hostname
X-COUNTRY
X-Content-Options
X-B3-Sampled
X-Frontend
Section-Io-Cache
X-App-Server
Viewport
X-TT
X-Varnish-Grace
X-Varnish-Server
X-Device-Type
Fastly-SIE
X-Fb-Rlafr
X-Status
Fastly-SWR
X-B
X-B3-TraceId-Primal
X-Grace
Alternate-Protocol
MRF-Tech
Mrf-Cache-Status
Access-Control-Allow-Method
TCN
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Healthy
X-Request-Guid
Upgrade-Insecure-Requests
X-Meli-Trace-Site
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Magnolia-Registration
Host
X-EdgeConnect-Cache-Status
X-WebKit-CSP-Report-Only
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-Tt-Trace-Tag
X-Tt-Trace-Host
DC
X-Server-ID
X-Buckets
Retry-After
X-Contextid
X-Debug
X-Varnish-Ttl
X-Amzn-Remapped-Content-Length
X-Cache-Control
AKAMAI-GRN
X-Cache-Age
MS-Author-Via
X-NF-Request-ID
X-Revision
X-Type
X-Vcl-Version
X-Instance
X-Response-Served-From
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Original-Request-Id
X-NYM-Debug-Backend
X-App-Version
X-Is-Bot
X-Rendered-As
X-Adobe-Content
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-N
X-Seen-By
X-Adobe-Loc
X-Akamai-Edgescape
SD-X-WS
Cross-Origin-Opener-Policy-Report-Only
Access-Control-Request-Headers
Section-Io-Id
X-Backend-Name
X-G
X-Lambda-Id
Cross-Origin-Embedder-Policy-Report-Only
X-Debug-IsConnected
Charset
X-Content-Powered-By
X-UUID
X-INCAP-ABP
X-Mg-Request-UUID
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Debug-IsPreview
X-Trace-Id
X-ServerID
X-Tumblr-Pixel-0
X-Hl-Ver
NGB
X-Server-W
X-Framework
X-RM-Cache-TTL
X-Akamai-Request-ID2
X-Origin-TTL
X-Origin-CC
X-Storage
X-RemovedCookies
Frame-Options
X-ProcessESI
X-DataDome
X-AB
X-Dc
X-Cache-Status-Check
Ms-Operation-Id
MS-CV
X-RTag
X-Wormhole-Sdk
AR-SID
X-Mobile
VIX-Pulpo-Node
X-Cache-Hit
X-Oracle-Dms-Ecid
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Request-Site
Filterid
Refresh
X-Request-Platform
X-Request-Bu
X-B3-SpanId
Cache
Accept-Language
X-Time
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
SRV
X-Fastcgi-Cache
X-HITS
X-Requestid
X-Real-IP
X-Region
Webserver
X-Node-Name
Paypal-Debug-Id
Protected
X-CCDN-Origin-Time
X-Ms-Request-Id
X-CCDN-CacheTTL
X-Ms-Version
Onion-Location
CDN-RequestId
X-Hcs-Proxy-Type
X-User-Agent
X-VC-Cache
X-F-Cache
Liferay-Portal
Cross-Origin-Window-Policy
X-Cache-Expired-At
Priority
X-LB-Cache
X-IPS-LoggedIn
X-Whom
X-HTML-Minification-Powered-By
X-WP-CF-Super-Cache-Active
X-Datadog-Parent-Id
Backend
X-Datadog-Sampled
X-Pass-Why
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Rocket-Nginx-Serving-Static
X-Mode
Xet-Cookie
X-Environment-Context
X-L-Path
GEO-INFO
X-XRDS-Location
OT-Force-Account-Verify
X-Tb
X-Proxy-Cache-Info
X-Handled-By
X-Service
X-Drupal-Cache-Tags
Meta-Geo
Country
Filters
X-Browser-Name
X-Cloudmap
Url
ServerID
Web-Mar-Node
X-Vcache
X-Extlb
X-Adobe-Source
X-Geo-Region
X-App-Environment
X-Detected-As
X-Tcp-Rtt
X-JoinUs
X-Loop
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-MP-GENERATED-AT
X-Rewrite-Enabled
X-SaId
X-Servername
X-Routing-Service
X-Rn-Rsrv
X-Is-Desktop
X-Proxied
X-Tncms
Fastcgi-Useragent
X-Zipkin-Id
X-UPSTREAM-Address
TWC-GeoIP-DMA
X-IPLB-Instance
X-Alternate-Cache-Key
TWC-GeoIP-LatLong
Webcakes-Region
X-Hit
X-Director
X-IPLB-Request-ID
X-FW-Serve
X-Restarts
X-Wix-Request-Id
TWC-Locale-Group
TWC-GeoIP-Region
X-Cache-Host
TWC-GeoIP-City
TWC-Device-Class
X-Shopify-Stage
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
X-Origin-Date
LB
ServedBy
Property-Id
X-FW-Server
X-Cacheable-TTL
X-Storefront-Renderer-Rendered
X-FW-Hash
X-FW-Dynamic
X-Hosted-By
X-Web-Node
X-FW-Static
Atl-Traceid
TWC-Connection-Speed
X-FW-Version
X-Yandex-Req-Id
X-Logging-Id
X-Origin-Hint
X-FW-Type
X-Format
X-Varnish-Beresp-Grace
X-Forwarded-Host
X-Say-TTL
X-Say-Cacheable
Uber-Trace-Id
X-SayCDN-TTL
X-Cluster-Node
X-Locale
X-Cache-Action
X-Endurance-Cache-Level
X-Generation-Time
X-Httpd
Mn-Server-Ip
X-Skip-Cache
X-Edge-Location
X-ProxyCache-Key
X-Cluster
X-Cdn-Origin
X-Redis-Cache
X-ProxyCache-Status
X-Debug-Info
X-Cms-Context
X-BYPASS-REASON
Apigw-Requestid
X-Rule
X-PHP-Host
X-RateLimit-Limit-Second
YJS-CacheStatus
X-Labrador-Cache-Channel
Environment
X-S
X-Scope-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Soup
X-FB-TRIP-ID
Locale
X-Drupal-Cache-Contexts
X-RateLimit-Remaining-Second
X-Connection-Hash
X-Fetched-On
DB-Nickname
X-Tumblr-Pixel-2
Selected-Fe
X-Proxy-Build
X-Origin
Expiry
X-Tumblr-Pixel-3
X-Served-From
X-Timing-Wait
X-Auth-Group-Type
X-ECache
X-VC
X-Mly-Id
Cache-Hits
X-Is-Modern-Browser
X-VCT
X-RCS-CacheZone
X-Origin-Cache
X-GEO
X-ShardId
X-Cache-Debug
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-No-Session
X-R9-Blue-Green-Version
Front
X-UA
X-SRV
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Cache-Hits
X-CDN-Forward
X-Provided-By
X-NewRelic-App-Data
X-Is-Mobile-Only
X-Varnish-Age
Xserver
X-Lagoon
Node
X-Varnish-Beresp-Ttl
Countrycode
X-CLOUD-TRACE-CONTEXT
Cache-Tv-Group
X-Api-Version
X-CACHE-AGE
WPO-Cache-Status
X-Platform
X-Generated-By
X-TA-CDN-Provider
X-Source
X-Webstats-RespID
X-CDN-Cache-Status
X-Presslabs-Stats
From-Origin
X-Site-Version
X-Cdn
Cache-Provider
Referer-Policy
X-Signature
X-B-Cache
X-B3-Traceid
X-Azure-Ref-OriginShield
X-Accel-Version
X-NWS-UUID-VERIFY
X-Tt-Logid
X-Optimistic-Header
X-Xfnlog-Site
X-VC-TTL
X-PHP-Backend
X-Tx-Id
X-Sucuri-Cache
CF-IPCountry
Request-ID
X-Cache-Operation
X-Cache-Rule
X-Ua
Location
X-IsAdmin
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-Uid
CDN-PullZone
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-Cache
X-Tb-Optimization-Total-Bytes-Saved
CDN-CachedAt
WPO-Cache-Message
X-Worker
AMP-Access-Control-Allow-Source-Origin
Apple-News-Services-Request-Url
X-S-Cookie
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Cdnsip
X-External-Request-Id
X-Rojux
Fl-Custom-Application
Apple-News-Services-Host
Expect-Staple
X-Forwarded-Site
X-Access
Candidate-Md5Url
DCR-Processing-Time-Ms
X-HS-Content-Campaign-Id
X-Fmm-Version
X-Rocket-Build-Number
X-Ig-Push-State
X-Ig-Origin-Region
Fastly-SSL
X-Request-URI
X-Origin-Expires
Cdncip
Log-Origin
X-Old-Content-Length
X-A-Wwc
MD5-Digest
Meta-Geo-Continent
X-PERF
X-Cache-NE
X-AK-Request-ID
Lang
X-Loc
X-Aed
X-A-Dgt
X-Action
DCR-Decision-By
X-GeoCode
Host-ID
X-Micro-Cache
Ngx.Var.Host
Odigeo-Trace-Id
X-SRCache-Key
X-Vtex-Remote-Cache
X-Varnish-Director
Rendered-Blocks
X-Reqid
X-Developer
Redirect-Candidate
X-BCube-Filmed-By
X-Varnish-Authentication
X-A-Dcw
X-Ec-GeoHdr
X-Ec-Fail
X-Conf
X-Vdms-Version
X-A-Dam
RNT-Machine
X-VG-TLSProxy
X-Cache-Aspx
Web-Mar-Region
X-A-Ccd
RNT-Time
X-A
X-D
Xc-Version
X-Sigma
X-Sigma-Backend
X-Slack-Backend
X-Fastly-Request-Id
X-Depends
X-Content-Age
X-ApacheServer
X-ScT
Origin
X-Section
X-VG-WebCache
Sslversion
X-B-Cookie
X-Contensis-Viewer-Groups
XM
X-Sucuri-ID
X-Auto-Login
X-Destination
X-GeoCountry
X-Slack-Shared-Secret-Outcome
X-Application
X-Bl-Debug
X-Frame-Option
X-TT-LOGID
X-Air-Pt
V-Age
User-Cache-Control
X-Gen-Mode
Country-Code
X-CUA
X-Generated-On
X-DefHash
X-DefElseHash
DSUID
X-Csrf-Jwt
X-Core-Value
Store-Cloud-Cache
X-Date
Time-Cloud-Cache
X-Ec-Custom-Error
X-Ee-Origin
X-Ee-Generated-By
X-Epic-Correlation-Id
Origin-EX
X-Ee-Request-Id
Origin-Agent-Cluster
X-Ee-Request-Date
Origin-CC
L5d-Success-Class
L
Gannett-Cam-Experience-Id
ServerName
X-Fastly-Backend
Gh-Request-Id
Ha-Gx-Prefs
Req-Svc-Chain
X-Eu-Site
X-FC-Vary-Parameters
X-Save-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Varnish-Hostname
X-Varnish-Remaining-TTL
X-Vary-Devices
X-LSADC-Cache
X-Varnish-Beresp-Status
X-Uri
X-SD-PageType
Cmstype
X-App-Name
X-Sn-Servicetimems
X-Up
X-UA-Device-Type
X-Backend-Instance
X-BBC-Edge-Cache-Status
Wxu-Next-Region
Wxu-Next-Hostname
X-From
X-GeoIP-City
X-Clientip
X-Hash
Wxu-Next-Commit
X-Bug-Bounty
X-Viewer-Country
X-Bc-Bl
X-We-Are-Hiring
X-Cms-Device
X-Block-Status
IsBot
X-SIPLIST1
X-V-Cache
Azure-Version
X-Human
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Hnp-Log
CDCHOST
Cluster
Cmsid
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Accel-Expires-Debug
X-GoCache-CacheStatus
X-Internal-TTL
X-Acquia-Purge-Cdn-Unconfigured
X-Path
X-Content-Length
X-PAYTM-SRV-ID
X-Policy
X-Req
X-Pubstack
X-Akamai-Device-Characteristics
X-Node-Id
X-Men
X-Level-Front-Cache
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Aicache-OS
X-Moov-Xdn-Version
X-CGP
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-CacheTTL
X-Region-Sid
X-VarnishDD-TTL
X-Vercel-Cache
X-Vercel-Id
X-Thinkindot-L3
X-Thinkindot-L1
X-Shield-Cache-Expires
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Via-Fastly
X-Wikidot-Backend
X-NMSegId
X-Org
Pragrma
X-Gamma-Serve
Release
X-Wikidot-Static-Cache
N-Cache
NM-Fastcgi-Cache
X-Server-IP
X-SB
X-Esi-Check
X-Gdpr
X-Gzip
X-ElasticPress-Query
X-Edge-Server
X-Debug-Cache-Store
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-HN
X-Ion-Healthy
X-Op-Id-All
X-Origin-Time
X-Render-Time
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Ion-Hop
X-Jungle-Id
X-Debug-Cache-Fetch
X-Amz-Storage-Class
PFcat
Nord-Request-ID
Mail-Subject
Producers
RewriteTeamHook
TDXMobile
Server-Host
RewriteTestHook
Machine
Fastly-GeoIP-CountryCode
CacheControlHeader
Cache-Contol
C-Via
Cdn-Host
Cdn-Request-Time
Fastly-Backend-Name
Click-Count-Error
Click-Count-Action-Start
Thinkindot-CacheControl
Platform
Tube-Got-Results
We-Hiring
Tube-Return
Thinkindot-CacheControl-Type
X-Cache-Id
Tube-Got-Eval
X-AB-Test
X-B3-Trace-ID
Tube-Get-Contents
X-Cache-FS-Status
X-Parent-Response-Time
Source
X-Proto
X-Proxied-Request
X-Origin-Response-Time
X-Mvc-Supplant-OutputCached
Content-Script-Type
X-Bip
Content-Style-Type
Origin-Site
X-ZONE
Fastly-Drupal-HTML
X-Cache-Date
X-Litespeed-Cache-Control
X-Vmg-Version
X-Thanos
S-Rt
Powered-By
Canary
X-NGINX-Cache
X-Location
X-Cs
Vix-Hermes-Req-Id
Sid
X-Cached-By
X-Pad
X-Refresh
X-ND-Cache
X-Upstream-Ct
X-Upstream-Ht
CloudFront-Viewer-Country
Pics-Label
Debug
NGX
X-Nananana
Product
X-Litespeed-Tag
X-TH-Server
X-Via-Popv
X-Via-Popn
X-APP
X-Via-Poph
X-Amz-Meta-Cb-Modifiedtime
X-HA-Backend
GeoIP-Latitude
X-Servedbyhost
HA-Ipaddr
Mime-Version
X-FORWARDED-FOR
X-Client-Ip
Server-ID
X-Cache-VC
Cookie
X-Varnish-Hits
GeoIp-Country-Code
Edge-Cache
X-User
X-Datadome
MIME-Version
X-AIR-PT
X-DynaTrace-JS-Agent
X-Fpc
X-Nc
X-Wa
X-GeoIP
X-LB-ID
X-Webkit-CSP
X-Cdn-Forward
X-Nginx-Cache
SID
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Debug-Service
Server-Ext
Akamai-Mon-Iucid-Del
Sever-Int
Server-Hostname
WZWS-RAY
Load-Balancing
X-LB-NoCache
True-Client-Country-4JS
X-Srv
HostName
X-Zone
Surrogated-Key
Cdn
Resin-Trace
X-Scheme
X-Request-Start
Show-Do-Not-Sell-Link
DataCenter
X-Unity-Cache
Fastly-Drupal-Html
X-Cache-Backend
X-CS
X-Vc
Traceparent
X-Newrelic-Synthetics
X-LiteSpeed-Cache-Control
Tcn
X-Lsadc-Cache
X-VCL-Version
X-Service-Response-Time
Lb
Wsr-Cache
X-Request-Host
X-NodeID
Sm-Log-Id
X-Pool
N1-Cache
X-RequestId
X-B3-Spanid
X-Cache-Grace
Yjs-Id
X-Vgn-Hpd-Reason
X-LiteSpeed-Tag
X-HubSpot-Correlation-Id
X-HOST
NtCoent-Length
Serverhost
X-DynaTrace
X-Datacenter
X-TX-ID
X-DataCenter
X-CDN-Provider
Yak-Timeinfo
X-API-Version
Xkey-La3
Xkeylog
X-Udemy-Cache-App-Namespace
XkeyR9
X-Proxy-Cache-La3
Hostname
X-Proxy-CacheR9
X-Via-Edge
X-Via-CDN
Datacenter
Edge-Copy-Time
X-Ez-Minify-Html
X-RateLimit-Limit
X-Via-SSL
X-Air-Source
X-Air-Hostname
CDN
X-Zen-Fury
X-WA
X-Air-Trace-Id
X-Geolocation
A
Cdn-Requestid
CountryCode
X-Dynatrace-Js-Agent
X-Jobs
X-Lb-Id
X-Fastly-Backend-Reqs
X-FPC
X-NC
X-ID
Req-ID
Esi-Enabled
Cs
X-Akamai-Pragma-Client-IP
Uri
Server-Id
X-Cdn-Srv
WP-Super-Cache
GeoIP-Country-Code
X-Via-JSL
X-Html-Minification-Powered-By
True-Client-IP
X-Webkit-Csp-Report-Only
X-Ez-Minify-Js
X-Stale
X-Srcache-Fetch-Status
Proxy-Firewall
X-VTEX-Cache-Time
On-Server
X-VTEX-Cache-Server
X-Srcache-Store-Status
X-Powered-By-VTEX-Cache
Geoip-Latitude
X-TimeS
T-Server
RATING
X-Lb-Nocache
From-Cache
X-ServedByHost
X-MSEdge-Features
ServerHost
Srv
X-HA-Device-Type
X-Styx-Info
X-Styx-Origin-Id
X-HA-Bot-Classification
X-HA-Application-Name
Cr
Pramga
X-VC-Age
X-MSEdge-Flight
X-Swift-Error
X-Varnish-Beresp-TTL
WebServer
X-Oracle-DMS-ECID
Coldstone-Viewer-Currency
X-App
Coldstone-Viewer-Country
X-TIM-N
X-Ha-Backend
X-Var-Ttl
Coldstone-Viewer-Country-Region-Name
Content-Secure-Policy
X-WA-Info
X-CSRF-TOKEN
Cloudfront-Viewer-Country
X-LAGOON
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Fastly-Cache
X-Ssense-Gql
X-Via-PopH
X-Via-PopN
Ngx
FSS-Cache
X-Ssense-Shipping-Surcharge-Enabled
W
X-Correlation-ID
X-Via-PopV
X-Shopid
X-Check-Cacheable
X-Geo
X-Cdn-Cache-Status
X-Shardid
X-Sorting-Hat-Shopid
X-Web-Server
X-Sorting-Hat-Podid
X-Ramcache
BehaviorPad-Version
Cl-Cache
X-Elasticpress-Query
Akamai-X-True-TTL
X-Proxy-Cache-LA2
X-Request-Url
X-ATG-Version
X-Wp-Cf-Super-Cache-Active
X-Sucuri-Id
X-Serial
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-DC
X-Th-Server
Cf-Ipcountry
Xkey-G-Jp
User-Agent
X-Fastly-Cache-Hits
X-Key
X-Nitro-Cache
Cneonction
FSS-Proxy
X-Mg-Cache
X-Cache-TTL-Remaining
Bxpunish
Bxuuid
X-Fastly-Cache-Status
My-App
X-Env
Host-Name
X-Request-Time