Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
Cf-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Permissions-Policy
X-Ua-Compatible
Server-Timing
X-Drupal-Cache
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Amz-Request-Id
X-Age
Request-Context
X-Amz-Id-2
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
X-Request-ID
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
Keep-Alive
X-AH-Environment
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-UA-Device
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
P3p
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Litespeed-Cache
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Server-Id
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
X-TraceId
Fastly-Restarts
X-Content-Type
X-Clacks-Overhead
Request-Id
X-Country
X-Application-Context
X-Vname
X-TtlSet
X-PC
X-Times
Rating
X-Cnection
X-Edge
X-Mcache
X-Browser-Type
X-Midtier
X-Cache-TTL
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Vcap-Request-Id
X-FTR-Expires
Accept-Ch-Lifetime
Origin-Trial
X-Ac
Surrogate-Key
X-ESI
Edge-Control
X-FastCGI-Cache
X-Powered-By-Plesk
X-Element-Page-Cache
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Abt-Application-Version
X-Kinja-Build
X-D2id
X-NWS-LOG-UUID
X-Nf-Request-Id
X-Ua-Device
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-GitHub-Request-Id
X-Language
X-Envoy-Decorator-Operation
X-Client-IP
Akamai-GRN
X-Middleton-Response
Response
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
S
AR-PoweredBy
AR-ATIME
AR-Request-ID
Edge-Cache-Tag
X-MS-InvokeApp
X-Goog-Hash
X-Resp-Is-Stale
X-ARC
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Limit
X-Ser
X-Distributor
SPIisLatency
X-Url
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
X-Content-Digest
Access-Control-Request-Method
X-NGENIX-Cache
X-Ezoic-Cdn
Front-End-Https
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Recruiting
X-Varnish-TTL
X-Cache-Key
RTSS
X-Amzn-Trace-Id
X-Oneagent-Js-Injection
Cache-Status
X-Version
X-Powered-CMS
Public-Key-Pins
X-T
X-Mg-S
TP-Cache
X-MSEdge-Ref
Fastcgi-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-Ttl
X-Forwarded-For
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Daa-Tunnel
X-Ismobilevalue
X-Correlation-Id
Realpath
X-Cluster-Name
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Ruxit-Js-Agent
X-Fastly-Request-ID
X-TTL
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Server-Name
X-Ua-Browser
X-Content-Security-Policy-Report-Only
Payment
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Content-MD5
X-RateLimit-Remaining
X-DIS-Request-ID
X-Newrelic-App-Data
X-CST
X-GUploader-UploadID
X-Cambria-Cache-Control
X-HS-CF-Cache-Status
X-Jurisdiction
X-HS-Prerendered
X-HP-Trace-Id
X-HP-Webp
X-Xrds-Location
Content-Disposition
X-Azure-Ref
X-Webkit-Csp
X-ORACLE-DMS-ECID
Count-Hit
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-Px
YJS-ID
X-Page-Id
Cleartype
X-Microsite
Cross-Origin-Embedder-Policy
X-Request-Handler-Origin-Region
X-Ratelimit-Reset
Accept-Charset
X-Unique-Id
X-Proxy
X-Origin-Server
Cross-Origin-Resource-Policy
X-Logged-In
X-FB-Debug
X-Rid
X-Git-Hash
X-AppVersion
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Activity-Id
X-Az
X-Www-Served-By
X-VARITI-CCR
Ar-SID
X-Template
X-Load-Cache
X-PressLabs-Stats
X-LLID
X-Goog-Metageneration
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-SERVER-NAME
X-URL
Version
X-Forwarded-Proto
X-Hits
Server-Node
X-Upgrade-Enabled
X-Geo-Country
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Request-Device-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Hostname
X-B3-Sampled
X-Content-Options
X-Frontend
Viewport
X-Varnish-Grace
Section-Io-Cache
X-TT
X-App-Server
X-Varnish-Server
X-Status
X-Device-Type
MRF-Tech
X-Fb-Rlafr
Mrf-Cache-Status
X-B3-TraceId-Primal
Alternate-Protocol
X-B
Fastly-SWR
X-Grace
Fastly-SIE
Access-Control-Allow-Method
Healthy
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Upgrade-Insecure-Requests
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Request-Guid
X-WebKit-CSP-Report-Only
TCN
Host
X-COUNTRY
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-Tt-Trace-Tag
DC
X-Tt-Trace-Host
X-CSRF-Token
X-Buckets
X-Cache-Age
AKAMAI-GRN
Retry-After
X-Amzn-Remapped-Content-Length
X-Contextid
X-NF-Request-ID
Amp-Access-Control-Allow-Source-Origin
X-Debug
MS-Author-Via
X-Cache-Control
X-Revision
X-WP-CF-Super-Cache-Cache-Control
X-Tec-Api-Root
X-WP-CF-Super-Cache
X-Tec-Api-Origin
X-Type
X-Tec-Api-Version
X-Varnish-Ttl
X-Instance
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-Seen-By
X-Tumblr-User
X-Is-Bot
X-Yottaa-Optimizations
X-Hl-Ver
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Rendered-As
X-Vcl-Version
X-Yottaa-Metrics
X-ProcessESI
X-Adobe-Content
X-NYM-Debug-Backend
X-Adobe-Loc
X-RemovedCookies
Access-Control-Request-Headers
X-Lambda-Id
X-Debug-IsPreview
X-Debug-IsConnected
X-Backend-Name
X-G
X-N
X-Akamai-Edgescape
X-App-Version
Section-Io-Id
X-Mobile
X-Trace-Id
X-ServerID
X-Framework
X-Mg-Request-UUID
X-Storage
AR-SID
Charset
X-INCAP-ABP
X-Content-Powered-By
X-Wormhole-Sdk
X-Origin-CC
X-Origin-TTL
X-RM-Cache-TTL
MS-CV
X-Server-W
Ms-Operation-Id
X-Akamai-Request-ID2
NGB
X-RTag
X-Dc
Frame-Options
X-AB
X-Cache-Hit
X-Request-Site
X-Cache-Status-Check
X-Request-Bu
X-Request-Platform
X-Server-ID
VIX-Pulpo-Node
X-Cache-Time
VIX-Pulpo-Upstream-Status
X-DataDome
Refresh
Filterid
Accept-Language
Cache
X-B3-SpanId
X-Time
SRV
X-Real-IP
X-Region
X-Node-Name
Webserver
X-Oracle-Dms-Ecid
X-Requestid
Paypal-Debug-Id
Protected
Onion-Location
X-HITS
X-User-Agent
X-Ms-Version
CDN-RequestId
X-Ms-Request-Id
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-VC-Cache
Liferay-Portal
Cross-Origin-Window-Policy
X-F-Cache
X-Cache-Expired-At
X-Datadog-Parent-Id
X-Datadog-Sampled
X-IPS-LoggedIn
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Priority
X-Whom
X-Pass-Why
X-LB-Cache
X-WP-CF-Super-Cache-Active
X-Rocket-Nginx-Serving-Static
X-HTML-Minification-Powered-By
X-Mode
Xet-Cookie
Backend
X-Fastcgi-Cache
GEO-INFO
X-L-Path
OT-Force-Account-Verify
X-Environment-Context
X-Service
X-Tb
X-Drupal-Cache-Tags
X-Rule
X-Proxy-Cache-Info
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Is-Tablet
X-JoinUs
X-Proxied
X-MP-GENERATED-AT
X-Loop
X-Adobe-Source
X-Tcp-Rtt
X-Cacheable-TTL
X-Handled-By
X-Cloudmap
X-Browser-Name
X-Detected-As
ServerID
Web-Mar-Node
X-Geo-Region
X-Extlb
X-App-Environment
X-Tncms
X-Zipkin-Id
Fastcgi-Useragent
X-Routing-Service
Meta-Geo
Filters
Url
X-Servername
X-Rn-Rsrv
X-SaId
X-Vcache
X-Rewrite-Enabled
X-UPSTREAM-Address
X-Wix-Request-Id
X-Storefront-Renderer-Rendered
TWC-GeoIP-Region
TWC-GeoIP-LatLong
Webcakes-App-Version
Expiry
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Alternate-Cache-Key
X-IPLB-Instance
X-IPLB-Request-ID
TWC-Device-Class
ServedBy
Webcakes-Region
Property-Id
X-Tumblr-Pixel-3
Uber-Trace-Id
X-Tumblr-Pixel-2
X-Varnish-Beresp-Grace
TWC-Connection-Speed
TWC-GeoIP-Country
Atl-Traceid
TWC-GeoIP-City
X-Shopify-Stage
Country
TWC-GeoIP-DMA
X-Debug-Info
X-Origin-Date
X-Redis-Cache
X-Skip-Cache
X-Locale
X-Hit
X-Hosted-By
X-Restarts
X-FW-Version
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Generation-Time
X-Logging-Id
X-Origin-Hint
X-Forwarded-Host
X-Cms-Context
X-VC
X-Cache-Host
X-Cdn-Origin
X-Web-Node
X-Connection-Hash
X-Director
X-Endurance-Cache-Level
X-Format
X-Edge-Location
X-Cluster-Node
X-BYPASS-REASON
X-Cluster
X-Scope-Id
X-ProxyCache-Status
X-RateLimit-Remaining-Second
X-ProxyCache-Key
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-RateLimit-Limit-Second
Apigw-Requestid
X-Cache-Action
Mn-Server-Ip
X-Httpd
X-Soup
Environment
X-ECache
X-Yandex-Req-Id
X-FB-TRIP-ID
X-Urbn-Context-Path
Locale
X-PHP-Host
X-Urbn-Site-Id
X-Drupal-Cache-Contexts
X-Served-From
X-S
X-XRDS-Location
X-Labrador-Cache-Channel
X-Proxy-Build
X-Timing-Wait
X-Auth-Group-Type
X-Fetched-On
Selected-Fe
X-Mly-Id
DB-Nickname
X-Origin
Request-ID
YJS-CacheStatus
Cache-Hits
X-Origin-Cache
X-R9-Blue-Green-Version
X-No-Session
LB
X-VCT
X-Is-Modern-Browser
X-RCS-CacheZone
X-ShopId
X-ShardId
X-Cache-Debug
X-GEO
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Webkit-CSP
X-NewRelic-App-Data
Countrycode
Front
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Age
X-Varnish-Cache-Hits
X-SRV
X-Provided-By
X-CLOUD-TRACE-CONTEXT
Xserver
Node
X-Lagoon
X-Api-Version
X-Is-Mobile-Only
X-Source
Cache-Tv-Group
X-UA
WPO-Cache-Status
X-CDN-Forward
X-Platform
X-Generated-By
X-Site-Version
X-Cdn
X-Webstats-RespID
X-TA-CDN-Provider
X-Varnish-Beresp-Ttl
X-CDN-Cache-Status
Cache-Provider
Referer-Policy
X-Ua
From-Origin
X-Fastly-Request-Id
X-B3-Traceid
X-Azure-Ref-OriginShield
X-CACHE-AGE
X-Accel-Version
AMP-Access-Control-Allow-Source-Origin
X-Signature
X-B-Cache
X-VC-TTL
X-NWS-UUID-VERIFY
X-Xfnlog-Site
X-Presslabs-Stats
X-PHP-Backend
X-Optimistic-Header
Location
X-TT-LOGID
X-Sucuri-Cache
CF-IPCountry
X-Cache-Rule
X-Cache-Operation
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-Uid
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-Cache
X-Worker
X-IsAdmin
X-Reqid
X-Tb-Optimization-Total-Bytes-Saved
CDN-CachedAt
CDN-PullZone
WPO-Cache-Message
X-Tt-Logid
X-Tx-Id
X-Loc
X-Cache-NE
X-GeoCode
X-Cache-Aspx
Fl-Custom-Application
Origin
X-Auto-Login
X-Micro-Cache
X-GeoCountry
X-Forwarded-Site
Fastly-SSL
X-Bl-Debug
Meta-Geo-Continent
Ngx.Var.Host
MD5-Digest
X-BCube-Filmed-By
X-Ig-Push-State
Log-Origin
X-B-Cookie
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
Odigeo-Trace-Id
Lang
Host-ID
Apple-News-Services-Parsed-Url
X-Destination
X-Depends
X-Developer
Candidate-Md5Url
X-Contensis-Viewer-Groups
X-Content-Age
Cdncip
Cdnsip
X-Core-Value
X-D
DCR-Decision-By
Cluster
DCR-Processing-Time-Ms
X-Ec-Fail
X-Ec-GeoHdr
X-Application
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Clientip
X-Cms-Device
X-External-Request-Id
Expect-Staple
X-Ee-Origin
X-Ee-Generated-By
X-Ee-Request-Date
X-Ee-Request-Id
X-Conf
X-Fmm-Version
X-ApacheServer
X-Sigma
X-Sigma-Backend
X-A-Dgt
X-Section
X-ScT
X-SD-PageType
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Access
RNT-Time
X-A-Wwc
Sslversion
Store-Cloud-Cache
X-SRCache-Key
X-A-Dcw
X-A-Dam
X-A-Ccd
Time-Cloud-Cache
X-Sucuri-ID
X-A
X-PERF
Web-Mar-Region
X-Req
X-Request-URI
X-S-Cookie
X-Save-Cache
X-PAYTM-SRV-ID
X-Rojux
X-Rocket-Build-Number
RNT-Machine
X-Varnish-Authentication
X-Vtex-Remote-Cache
Redirect-Candidate
X-Viewer-Country
X-Origin-Expires
X-VG-WebCache
X-Old-Content-Length
X-AK-Request-ID
X-Litespeed-Cache-Control
XM
X-Node-Id
Xc-Version
X-VG-TLSProxy
Rendered-Blocks
X-Action
X-Varnish-Director
X-Varnish-Hostname
X-Vary-Devices
X-Aed
X-Vdms-Version
X-Frame-Option
X-CGP
X-Content-Length
X-App-Name
X-CUA
X-Akamai-Device-Characteristics
X-Csrf-Jwt
V-Age
X-Amz-Storage-Class
X-BBC-Edge-Cache-Status
X-Bug-Bounty
X-Aicache-OS
X-Block-Status
X-Acquia-Purge-Cdn-Unconfigured
X-Bc-Bl
X-V-Cache
X-Accel-Expires-Debug
X-AB-Test
X-Backend-Instance
X-Org
X-Via-Fastly
X-Op-Id-All
X-Origin-Time
X-VarnishDD-TTL
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-We-Are-Hiring
X-Nyt-Route
N-Cache
X-Men
IsBot
X-Moov-T
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Render-Time
X-Path
X-Region-Sid
User-Cache-Control
X-Policy
X-Pubstack
X-SB
X-Shield-Cache-Expires
X-Up
X-Uri
X-UA-Device-Type
X-Thinkindot-L3
X-Sn-Servicetimems
X-Thinkindot-L1
X-Level-Front-Cache
X-Jungle-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Gdpr
X-Gen-Mode
X-Hash
X-SIPLIST1
X-Eu-Site
X-Epic-Correlation-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-DefElseHash
X-DefHash
X-Ec-Custom-Error
X-Dispatcher-Server
X-Generated-On
X-GeoIP-Country-Code
Wxu-Next-Hostname
Wxu-Next-Region
X-Internal-TTL
X-Ion-Healthy
Wxu-Next-Commit
X-Ion-Hop
X-From
X-GeoIP-City
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-HN
X-Hnp-Log
X-Human
X-Date
L
Azure-Version
Azure-SlotName
PFcat
DSUID
Azure-InstanceId
X-Air-Pt
Origin-EX
Origin-CC
Gannett-Cam-Experience-Id
Azure-RegionName
Azure-SiteName
L5d-Success-Class
Origin-Agent-Cluster
Nord-Request-ID
Req-Svc-Chain
Country-Code
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Gh-Request-Id
CDCHOST
Cmsid
Cmstype
RewriteTeamHook
TDXMobile
Ha-Gx-Prefs
Server-Host
Cache-Contol
RewriteTestHook
ServerName
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-Gzip
X-Edge-Server
CacheControlHeader
Cdn-Host
X-DPWN-IS-SECURE
C-Via
X-ElasticPress-Query
X-Esi-Check
X-SVT-ORM-VERSION
Release
Origin-Site
NM-Fastcgi-Cache
Content-Style-Type
X-Cache-Date
X-Gamma-Serve
Pragrma
X-Vmg-Version
X-NMSegId
Content-Script-Type
X-Wikidot-Static-Cache
X-SVT-ORM-RULES
Tube-Return
X-Proto
Sid
Cdn-Request-Time
X-Thanos
X-Wikidot-Backend
X-Vercel-Id
X-Vercel-Cache
X-Mvc-Supplant-Cachable
X-Server-IP
X-CacheTTL
Producers
Tube-Get-Contents
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
X-Cache-Id
X-Bip
Machine
Mail-Subject
X-B3-Trace-ID
Click-Count-Action-Start
Tube-Got-Eval
Platform
We-Hiring
Tube-Got-Results
Click-Count-Error
X-Cache-FS-Status
X-Parent-Response-Time
Source
X-LSADC-Cache
Powered-By
X-Mvc-Supplant-OutputCached
X-Proxied-Request
X-Location
S-Rt
X-Origin-Response-Time
Canary
X-NGINX-Cache
X-ZONE
X-Litespeed-Tag
X-Pad
X-Upstream-Ct
X-Cs
Debug
Vix-Hermes-Req-Id
X-Upstream-Ht
Fastly-Drupal-HTML
X-Cached-By
Mime-Version
X-ND-Cache
X-TH-Server
Pics-Label
X-Refresh
NGX
Product
X-Datadome
HA-Ipaddr
X-Nananana
X-Via-Popn
X-Varnish-Hits
X-Amz-Meta-Cb-Modifiedtime
X-Via-Popv
X-Via-Poph
X-APP
CloudFront-Viewer-Country
Cookie
X-Cache-VC
X-HA-Backend
X-DynaTrace-JS-Agent
X-AIR-PT
X-Cdn-Forward
X-User
X-Servedbyhost
Edge-Cache
GeoIP-Latitude
GeoIp-Country-Code
Server-ID
X-LB-ID
X-GeoIP
Akamai-Mon-Iucid-Del
DataCenter
X-Srv
WZWS-RAY
X-Nc
X-B3-Parentspanid
MIME-Version
HostName
X-Wa
X-LB-NoCache
X-Debug-Service
X-Fpc
Fastly-Drupal-Html
X-FORWARDED-FOR
X-Nginx-Cache
X-Nginx-Cache-Key
Tcn
X-Zone
True-Client-Country-4JS
Server-Hostname
Sever-Int
X-Request-Start
Surrogated-Key
Resin-Trace
X-Scheme
X-Unity-Cache
Server-Ext
X-Client-Ip
SID
Load-Balancing
Lb
X-Lsadc-Cache
Show-Do-Not-Sell-Link
X-RateLimit-Limit
X-CS
X-Cache-Backend
Cdn
X-Newrelic-Synthetics
X-VCL-Version
X-NodeID
X-Request-Host
Sm-Log-Id
X-Pool
Traceparent
Wsr-Cache
X-Service-Response-Time
X-Vc
N1-Cache
X-RequestId
X-B3-Spanid
X-TX-ID
Yjs-Id
NtCoent-Length
X-Cache-Grace
X-Vgn-Hpd-Reason
Yak-Timeinfo
X-DataCenter
X-Datacenter
X-DynaTrace
X-HOST
X-WA
X-Via-SSL
CDN
Edge-Copy-Time
X-LiteSpeed-Cache-Control
X-CDN-Provider
X-HubSpot-Correlation-Id
X-Via-CDN
X-Via-Edge
X-Udemy-Cache-App-Namespace
Datacenter
Hostname
X-NC
X-FPC
X-API-Version
X-Air-Source
X-Air-Hostname
X-Proxy-CacheR9
X-Air-Trace-Id
Xkey-La3
Cdn-Requestid
X-Geolocation
X-Zen-Fury
Xkeylog
XkeyR9
X-Proxy-Cache-La3
Serverhost
X-LiteSpeed-Tag
X-ID
Req-ID
X-Fastly-Backend-Reqs
X-Jobs
Server-Id
A
X-Ez-Minify-Html
X-Dynatrace-Js-Agent
Geoip-Latitude
True-Client-IP
X-Cdn-Srv
WP-Super-Cache
X-Html-Minification-Powered-By
Uri
X-Lb-Id
X-Akamai-Pragma-Client-IP
CountryCode
X-Varnish-Beresp-TTL
RATING
X-TimeS
X-Stale
X-Via-JSL
Cs
Proxy-Firewall
X-VTEX-Cache-Time
X-Srcache-Store-Status
X-VTEX-Cache-Server
GeoIP-Country-Code
X-Srcache-Fetch-Status
Esi-Enabled
X-ServedByHost
X-Ez-Minify-Js
X-Powered-By-VTEX-Cache
On-Server
T-Server
ServerHost
Cloudfront-Viewer-Country
X-Esi
X-VC-Age
Srv
X-Swift-Error
X-Lb-Nocache
From-Cache
WebServer
X-Oracle-DMS-ECID
X-Styx-Info
X-MSEdge-Features
Pramga
X-HA-Application-Name
Cr
X-HA-Bot-Classification
X-WA-Info
X-CSRF-TOKEN
X-MSEdge-Flight
X-App
X-Ha-Backend
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
X-Styx-Origin-Id
X-HA-Device-Type
Coldstone-Viewer-Currency
X-Webkit-Csp-Report-Only
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
X-Wp-Cf-Super-Cache
X-CACHE-KEY
X-Ssense-Gql
X-Ssense-Shipping-Surcharge-Enabled
Ngx
Content-Secure-Policy
X-TIM-N
FSS-Cache
X-Correlation-ID
X-Fastly-Cache
X-Via-PopH
X-Var-Ttl
X-Via-PopV
X-Via-PopN
X-Shardid
X-Cdn-Cache-Status
W
X-Shopid
X-Geo
X-Sorting-Hat-Shopid
X-Check-Cacheable
BehaviorPad-Version
X-Web-Server
X-Sorting-Hat-Podid
X-Proxy-Cache-LA2
X-Elasticpress-Query
Cl-Cache
X-Th-Server
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Serial
X-ATG-Version
X-Wp-Cf-Super-Cache-Active
X-DC
X-Sucuri-Id
X-Request-Url
Akamai-X-True-TTL
Cf-Ipcountry
Bxpunish
Bxuuid
User-Agent
My-App
X-Env
X-Ramcache
Xkey-G-Jp
X-Nitro-Cache
Cneonction
FSS-Proxy
X-Mg-Cache
X-Fastly-Cache-Hits
Host-Name
X-Cache-TTL-Remaining
X-Request-Time
X-Fastly-Cache-Status