Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
X-XSS-Protection
Accept-Ranges
X-Powered-By
Pragma
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
Accept-Ch
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-FRAME-OPTIONS
X-Cacheable
X-Iinfo
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
X-XSS-PROTECTION
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Keep-Alive
X-Amz-Version-Id
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Vhost
X-Cache-Group
X-Server
X-Dispatcher
X-Proxy-Cache
CONTENT-SECURITY-POLICY
X-Ws-Request-Id
EagleId
X-Request-ID
X-UA-Device
X-Varnish-Cache
X-Litespeed-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Device
X-Node
X-Cache-Lookup
X-Host
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Country-Code
Surrogate-Control
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
Cf-Railgun
X-Akam-SW-Version
X-HW
X-Response-Time
P3p
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
X-LiteSpeed-Cache
Cross-Origin-Opener-Policy
X-Ua-Device
X-Content-Type
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Rack-Cache
Service-Worker-Allowed
Request-Id
X-Trace
X-TraceId
X-Application-Context
Fastly-Restarts
X-Nf-Request-Id
X-Times
X-TtlSet
X-PC
X-Vname
Rating
X-Clacks-Overhead
X-Cnection
X-Element-Page-Cache
X-D2id
X-Midtier
X-Mcache
X-Edge
X-Vcap-Request-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
X-Browser-Type
X-ESI
Origin-Trial
Edge-Control
X-Cache-TTL
X-Oneagent-Js-Injection
X-Country
X-FastCGI-Cache
Surrogate-Key
X-NWS-LOG-UUID
X-Navigation-Version
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Upstream
X-Url
Verso
X-Mod-Pagespeed
X-Amz-Rid
X-ORACLE-DMS-RID
X-B3-TraceId
X-Language
Akamai-GRN
Nginx-Cache
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-GitHub-Request-Id
X-Middleton-Display
X-Sol
Pagespeed
Display
X-ECACHE
X-Erf-Bev-Bev
S
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Envoy-Decorator-Operation
X-MS-InvokeApp
Response
X-Middleton-Response
AR-Request-ID
AR-PoweredBy
AR-ATIME
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Distributor
SPRequestGuid
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
X-Resp-Is-Stale
X-Amzn-Trace-Id
X-Ser
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
Access-Control-Request-Method
X-NGENIX-Cache
X-T
X-Ttl
Front-End-Https
X-Client-IP
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Content-Digest
X-Ezoic-Cdn
X-Recruiting
X-Cache-Key
RTSS
Cache-Status
X-Varnish-TTL
X-Request-Device-Id
X-Ruxit-Js-Agent
X-Version
X-Mg-S
X-Powered-CMS
X-HS-Cache-Config
Public-Key-Pins
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
Fastcgi-Cache
X-Ismobilevalue
X-MSEdge-Ref
X-Accel-Expires
X-Request-Processing-Time
X-Request-Received
AR-CACHE
Arr-Disable-Session-Affinity
X-Meli-Trace-Site
X-Meli-Trace-Bu
Cache-Tags
X-Meli-Trace-Platform
X-Cached
X-Cluster-Name
X-Daa-Tunnel
X-Correlation-Id
Realpath
X-Id
Content-MD5
Ar-SID
X-Content-Security-Policy-Report-Only
YJS-ID
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Newrelic-App-Data
X-Forwarded-For
X-Ua-Browser
X-Xrds-Location
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Fastly-Request-ID
X-RateLimit-Remaining
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Azure-Ref
X-Webkit-Csp
X-HS-CF-Cache-Status
X-HS-Prerendered
X-GUploader-UploadID
X-Server-Name
Content-Disposition
X-COUNTRY
X-ORACLE-DMS-ECID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
Count-Hit
X-Protected-By
X-Px
X-Ratelimit-Reset
X-Origin-Server
X-Az
X-Unique-Id
X-Activity-Id
X-AppVersion
X-TTL
X-Page-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Rid
X-Logged-In
X-Git-Hash
Cross-Origin-Resource-Policy
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-Proxy
X-FB-Debug
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-Load-Cache
Version
X-LLID
X-Goog-Metageneration
X-SERVER-NAME
X-Forwarded-Proto
X-Geo-Country
X-PressLabs-Stats
X-Template
X-Hits
X-Varnish-Backend
X-Upgrade-Enabled
Server-Node
Server-Name
X-CST
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-App-Server
X-Hostname
Healthy
Access-Control-Allow-Method
X-Content-Options
X-Frontend
Viewport
Section-Io-Cache
X-Varnish-Grace
X-Grace
X-Device-Type
X-Fb-Rlafr
X-TT
X-B
Fastly-SWR
Fastly-SIE
Alternate-Protocol
X-Varnish-Server
X-Request-Guid
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Status
X-Goog-Stored-Content-Encoding
X-Contextid
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
TCN
AKAMAI-GRN
DC
Upgrade-Insecure-Requests
X-Requestid
Retry-After
X-Cache-Age
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
Host
X-ProcessESI
X-RemovedCookies
MS-Author-Via
X-App-Version
X-Cache-Control
X-Varnish-Ttl
X-Hl-Ver
Frame-Options
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
X-Buckets
X-Tt-Trace-Tag
X-Original-Request-Id
X-Type
X-Revision
X-Tt-Trace-Host
X-Origin-CC
X-Debug
X-Origin-TTL
SD-X-WS
X-Mobile
X-Backend-Name
X-G
X-INCAP-ABP
X-Seen-By
X-Instance
X-UUID
X-ServerID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Lambda-Id
X-ECache
X-NYM-Debug-Backend
X-Adobe-Loc
X-Is-Bot
X-N
X-Akamai-Edgescape
X-Adobe-Content
X-Cache-Status-Check
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Cross-Origin-Embedder-Policy-Report-Only
X-Tumblr-Pixel-1
Cross-Origin-Opener-Policy-Report-Only
X-AB
X-WP-CF-Super-Cache
Section-Io-Id
Ms-Operation-Id
MS-CV
Access-Control-Request-Headers
X-WP-CF-Super-Cache-Cache-Control
NGB
X-Framework
X-RTag
X-Trace-Id
X-Akamai-Request-ID2
X-Mg-Request-UUID
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-Yandex-Req-Id
X-Storage
X-Server-W
X-RM-Cache-TTL
Cache
Charset
X-Oracle-Dms-Ecid
X-Dc
X-Vcl-Version
Webserver
Filterid
X-DataDome
Paypal-Debug-Id
X-B3-SpanId
Accept-Language
Xet-Cookie
Refresh
X-Cache-Time
X-VC-Cache
X-Ms-Request-Id
X-Request-Site
X-Ms-Version
Onion-Location
X-Request-Platform
X-Cache-Hit
X-Request-Bu
YJS-CacheStatus
SRV
X-User-Agent
X-Time
X-Region
X-Node-Name
X-F-Cache
X-Real-IP
X-Tec-Api-Root
X-Fastcgi-Cache
X-Tec-Api-Version
X-Tec-Api-Origin
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-HITS
X-CCDN-Origin-Time
X-Proxy-Build
Priority
Selected-Fe
X-Timing-Wait
X-ProxyCache-Status
X-VC
Liferay-Portal
X-BYPASS-REASON
X-ProxyCache-Key
GEO-INFO
X-HTML-Minification-Powered-By
CDN-RequestId
X-L-Path
X-Mode
X-Environment-Context
X-Cacheable-TTL
X-IPS-LoggedIn
X-Origin-Cache
X-LB-Cache
X-URL
X-Service
Backend
X-Pass-Why
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Rule
X-Datadog-Sampled
X-Datadog-Trace-Id
Cross-Origin-Window-Policy
X-SaId
Meta-Geo
X-Rewrite-Enabled
X-Tb
X-VCT
X-UPSTREAM-Address
X-Rn-Rsrv
Country
X-Rocket-Nginx-Serving-Static
Apigw-Requestid
X-JoinUs
X-Cache-Expired-At
X-Drupal-Cache-Tags
X-Origin
X-Adobe-Source
X-Whom
X-Browser-Name
X-Wix-Request-Id
X-Geo-Region
X-Is-Mobile-Only
X-Is-Modern-Browser
X-Is-Tablet
X-Is-Mobile
X-Handled-By
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Desktop
X-Generation-Time
X-Web-Node
Mn-Server-Ip
X-Provided-By
Protected
Expiry
X-Varnish-Beresp-Grace
TWC-GeoIP-LatLong
TWC-GeoIP-Region
X-RateLimit-Limit-Second
X-Vcache
X-Zipkin-Id
TWC-GeoIP-DMA
ServerID
X-RateLimit-Remaining-Second
X-Proxy-Cache-Info
X-RCS-CacheZone
Web-Mar-Node
X-Tncms
Url
Uber-Trace-Id
Webcakes-App-Name
Webcakes-App-Version
X-WP-CF-Super-Cache-Active
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-Country
X-Cloudmap
Property-Id
X-Origin-Hint
TWC-Privacy
X-Httpd
X-Origin-Date
X-Server-ID
Fastcgi-Useragent
X-Loop
X-Servername
X-Routing-Service
X-Proxied
X-Connection-Hash
TWC-Device-Class
TWC-GeoIP-City
X-FB-TRIP-ID
X-Detected-As
X-Extlb
TWC-Connection-Speed
ServedBy
X-Locale
OT-Force-Account-Verify
X-Auth-Group-Type
X-Hit
X-Forwarded-Host
X-Format
X-Hosted-By
X-MP-GENERATED-AT
X-Logging-Id
X-Mly-Id
X-Fetched-On
X-Director
X-App-Environment
X-Alternate-Cache-Key
X-Cache-Action
X-Cdn-Origin
X-Cms-Context
X-Cluster
X-Redis-Cache
X-Api-Version
X-Skip-Cache
X-Shopify-Stage
X-Soup
X-Storefront-Renderer-Rendered
X-Tumblr-Pixel-2
Atl-Traceid
X-Tumblr-Pixel-3
DB-Nickname
LB
X-FW-Version
X-FW-Type
X-Urbn-Site-Id
X-Say-Cacheable
X-Restarts
X-FW-Hash
X-Cache-Host
Environment
X-Edge-Location
X-Endurance-Cache-Level
X-FW-Server
Front
X-Debug-Info
X-Cache-Debug
X-Cluster-Node
X-FW-Static
X-SayCDN-TTL
X-Urbn-Context-Path
Cache-Hits
Locale
X-Scope-Id
X-FW-Dynamic
X-Say-TTL
X-FW-Serve
X-Served-From
X-S
X-PHP-Host
X-IPLB-Instance
X-IPLB-Request-ID
X-Drupal-Cache-Contexts
X-Labrador-Cache-Channel
Filters
Node
X-Optimistic-Header
X-CLOUD-TRACE-CONTEXT
X-Platform
X-R9-Blue-Green-Version
X-CDN-Cache-Status
X-Tt-Logid
Countrycode
X-GEO
X-NewRelic-App-Data
Xserver
X-No-Session
X-Fastly-Request-Id
X-CDN-Forward
X-Varnish-Age
WPO-Cache-Status
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-WP-CF-Super-Cache-Cookies-Bypass
X-XRDS-Location
X-Lagoon
X-B3-Traceid
X-UA
X-Varnish-Beresp-Ttl
X-Varnish-Cache-Hits
Cache-Tv-Group
AR-SID
X-Generated-By
X-B-Cache
X-Signature
X-Client-Ip
X-NWS-UUID-VERIFY
AMP-Access-Control-Allow-Source-Origin
Referer-Policy
X-SRV
X-Ua
X-Presslabs-Stats
Request-ID
X-Webstats-RespID
X-Site-Version
X-Azure-Ref-OriginShield
X-PHP-Backend
X-IsAdmin
X-Cache-Rule
X-Cache-Operation
X-CACHE-AGE
From-Origin
Cache-Provider
Expect-Staple
X-Clientip
X-SRCache-Key
X-LJ-Flow-ID
X-AWS-Id
X-Upstream-Ct
X-Upstream-Ht
X-Worker
X-VWS-Id
Location
X-Wormhole-Sdk
X-Auto-Login
X-Accel-Version
X-Server-IP
X-Bc-Bl
X-TA-CDN-Provider
Fl-Custom-Application
We-Hiring
Sid
Mail-Subject
X-VC-TTL
S-Rt
Source
Ngx.Var.Host
CloudFront-Viewer-Country
X-ND-Cache
Sslversion
N-Cache
Origin-Agent-Cluster
Lang
Host-ID
MD5-Digest
Meta-Geo-Continent
X-Content-Age
X-D
Origin
X-Conf
Redirect-Candidate
X-Org
Xc-Version
X-GeoCountry
X-Developer
X-Destination
Pragrma
X-Vtex-Remote-Cache
X-Ec-GeoHdr
X-Loc
X-Tb-Optimization-Total-Bytes-Saved
X-GeoCode
Rendered-Blocks
X-Ec-Fail
WPO-Cache-Message
X-Tx-Id
X-Application
DCR-Processing-Time-Ms
X-B-Cookie
X-BCube-Filmed-By
X-Bl-Debug
DCR-Decision-By
X-ApacheServer
Candidate-Md5Url
X-Vdms-Version
X-Ig-Origin-Region
X-A
X-Aed
X-Rojux
X-A-Wwc
X-ScT
X-S-Cookie
X-A-Dcw
X-PERF
X-A-Dam
X-Ig-Push-State
X-External-Request-Id
X-Cache-NE
X-Cache-FS-Status
X-A-Dgt
X-A-Ccd
X-Xfnlog-Site
X-Litespeed-Cache-Control
X-Ee-Origin
L5d-Success-Class
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
Country-Code
X-GeoIP-Region-Code
IsBot
Gannett-Cam-Experience-Id
X-Hash
Ha-Gx-Prefs
Gh-Request-Id
Fastly-SSL
X-HS-Content-Campaign-Id
Cdnsip
Cdncip
X-Ee-Request-Date
Cluster
X-GoCache-CacheStatus
CDN-Uid
RNT-Machine
X-Fastly-Backend
X-From
Wxu-Next-Commit
X-Bug-Bounty
X-Cache-Aspx
X-Gamma-Serve
Web-Mar-Region
X-Eu-Site
X-FC-Vary-Parameters
X-Fmm-Version
X-Action
X-Access
CDN-PullZone
X-Aicache-OS
X-AK-Request-ID
X-Forwarded-Site
Wxu-Next-Hostname
Wxu-Next-Region
Time-Cloud-Cache
X-CacheTTL
Powered-By
X-Depends
RNT-Time
Origin-Site
X-GeoIP-City
Log-Origin
X-GeoIP-Country-Code
Odigeo-Trace-Id
X-Epic-Correlation-Id
ServerName
X-Contensis-Viewer-Groups
X-Cms-Device
X-CGP
X-Core-Value
X-Csrf-Jwt
X-CUA
Store-Cloud-Cache
X-Ee-Generated-By
X-Cs
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Slack-Shared-Secret-Outcome
X-FORWARDED-FOR
X-PAYTM-SRV-ID
X-Origin-Expires
X-Req
Apple-News-Services-Handled
X-Internal-TTL
X-V-Cache
X-Varnish-Authentication
X-Micro-Cache
X-Varnish-Beresp-Status
X-SIPLIST1
X-Vary-Devices
X-Sigma
X-Old-Content-Length
X-Policy
X-Mvc-Supplant-Cachable
X-Varnish-Director
X-Sigma-Backend
X-Section
X-Node-Id
X-SD-PageType
CDN-CachedAt
CDN-Cache
Canary
CDN-EdgeStorageId
X-Save-Cache
X-Ee-Request-Id
X-VG-TLSProxy
X-Varnish-Hostname
X-Slack-Backend
X-Rocket-Build-Number
X-VG-WebCache
CF-IPCountry
X-Parent-Response-Time
X-Sucuri-Cache
X-Vmg-Version
X-Content-Length
X-Varnish-Remaining-TTL
X-SVT-ORM-VERSION
X-Date
X-Gdpr
User-Cache-Control
V-Age
X-VarnishDD-TTL
X-Frame-Option
Vix-Hermes-Req-Id
X-NGINX-Cache
X-Proto
X-Bip
X-Request-URI
X-Shield-Cache-Expires
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Block-Status
X-Cache-Date
X-Thinkindot-L3
X-Via-Fastly
X-UA-Device-Type
X-Thinkindot-L1
X-SB
X-Thanos
X-Reqid
X-Uri
X-Akamai-Device-Characteristics
Thinkindot-CacheControl-Type
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-Up
X-Viewer-Country
X-App-Name
X-Render-Time
X-Region-Sid
X-Pubstack
X-Amz-Storage-Class
X-AB-Test
RewriteTestHook
X-Sn-Servicetimems
Azure-InstanceId
Fastly-Backend-Name
Azure-RegionName
X-Hnp-Log
X-HN
X-Ec-Custom-Error
X-Ion-Healthy
L
X-Men
X-Level-Front-Cache
X-Jungle-Id
X-Ion-Hop
DSUID
Azure-SiteName
Cache-Contol
Cmsid
X-Wikidot-Backend
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
CDCHOST
Cmstype
Content-Script-Type
Azure-Version
Azure-SlotName
X-Human
X-We-Are-Hiring
Content-Style-Type
Thinkindot-CacheControl
Machine
X-Origin-Time
X-Path
RewriteTeamHook
Req-Svc-Chain
Release
X-Debug-Cache-Store
Server-Host
X-Generated-On
X-Varnish-CookieINHashed-On
TDXMobile
X-Varnish-CookieHashed-On
X-Gen-Mode
X-Debug-Cache-Fetch
X-DefElseHash
X-LSADC-Cache
Nord-Request-ID
X-NMSegId
NM-Fastcgi-Cache
X-Mvc-Supplant-OutputCached
X-Dispatcher-Server
Origin-EX
Origin-CC
X-Op-Id-All
Pics-Label
PFcat
X-Nyt-Route
X-DefHash
X-ElasticPress-Query
X-Edge-Server
X-DPWN-IS-SECURE
Tube-Got-Eval
X-Moov-T
X-Location
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Producers
Platform
X-Gzip
Fastly-GeoIP-CountryCode
CacheControlHeader
Cdn-Request-Time
Click-Count-Action-Start
Click-Count-Error
C-Via
X-Esi-Check
Mime-Version
X-Vercel-Id
X-Proxied-Request
X-B3-Trace-ID
X-Cache-Id
X-Vercel-Cache
Tube-Return
Tube-Get-Contents
Tube-Got-Results
Cdn-Host
X-ZONE
X-Air-Pt
XM
Load-Balancing
X-Origin-Response-Time
Fastly-Drupal-HTML
X-Sucuri-ID
X-Cached-By
X-Pad
NGX
X-NF-Request-ID
X-Varnish-Hits
X-Refresh
X-Source
Debug
Cookie
X-Nginx-Cache-Key
X-Via-Popv
X-Via-Popn
X-Debug-Service
X-Via-Poph
X-APP
X-Datadome
True-Client-Country-4JS
GeoIp-Country-Code
GeoIP-Latitude
X-DynaTrace-JS-Agent
X-Servedbyhost
Sever-Int
X-AIR-PT
X-HA-Backend
X-Srv
Server-Ext
Server-Hostname
X-Webkit-CSP
X-TH-Server
X-Nananana
Show-Do-Not-Sell-Link
HA-Ipaddr
Product
Server-ID
X-Cdn-Forward
X-Litespeed-Tag
Traceparent
X-Cache-Backend
X-Ez-Minify-Html
Cdn
X-Amz-Meta-Cb-Modifiedtime
WZWS-RAY
X-Zone
X-B3-Parentspanid
HostName
X-Cache-VC
X-TT-LOGID
X-GeoIP
X-Fpc
X-Unity-Cache
X-Wa
DataCenter
X-LB-ID
X-Nc
Fastly-Drupal-Html
X-Newrelic-Synthetics
Edge-Cache
X-User
Tcn
X-VCL-Version
X-CDN-Provider
X-AC
Lb
MIME-Version
SID
X-Nginx-Cache
X-B3-Spanid
Xkey-La3
XkeyR9
A
Akamai-Mon-Iucid-Del
X-Request-Start
Xkeylog
X-Lsadc-Cache
X-Proxy-Cache-La3
Resin-Trace
X-LB-NoCache
X-Proxy-CacheR9
Serverhost
Yjs-Id
X-Scheme
CountryCode
Wsr-Cache
X-TX-ID
X-LiteSpeed-Tag
Sm-Log-Id
X-Vc
X-Service-Response-Time
X-Datacenter
Cs
X-RateLimit-Limit
NtCoent-Length
X-LiteSpeed-Cache-Control
Hostname
Esi-Enabled
Uri
X-Pool
CDN
X-WA
X-Request-Host
Surrogated-Key
Cdn-Requestid
X-Lb-Id
X-CS
X-API-Version
X-NC
Datacenter
X-Dynatrace-Js-Agent
X-HubSpot-Correlation-Id
X-Akamai-Pragma-Client-IP
X-Fastly-Backend-Reqs
X-NodeID
X-VC-Age
X-FPC
X-ID
X-Aspnet-Version
X-Udemy-Cache-App-Namespace
X-RequestId
X-Vgn-Hpd-Reason
X-Via-JSL
Cr
X-Stale
Server-Id
X-TIM-N
Pramga
X-Cache-Grace
Content-Secure-Policy
X-Html-Minification-Powered-By
Proxy-Firewall
X-Styx-Info
X-HA-Device-Type
X-Styx-Origin-Id
X-HA-Application-Name
X-HA-Bot-Classification
X-CSRF-TOKEN
X-Var-Ttl
T-Server
ServerHost
GeoIP-Country-Code
Geoip-Latitude
Yak-Timeinfo
X-Srcache-Fetch-Status
X-Air-Source
X-DynaTrace
X-Air-Hostname
X-Ez-Minify-Js
X-Srcache-Store-Status
RATING
X-Air-Trace-Id
X-TimeS
X-DataCenter
X-Lb-Nocache
W
X-ServedByHost
N1-Cache
Edge-Copy-Time
X-Ha-Backend
From-Cache
Srv
X-Varnish-Beresp-TTL
X-Via-SSL
X-Via-CDN
X-Via-Edge
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Aspnetmvc-Version
X-Oracle-DMS-ECID
X-MSEdge-Features
X-Zen-Fury
X-Geolocation
X-MSEdge-Flight
X-Via-PopV
X-Swift-Error
X-App
Req-ID
X-Via-PopN
X-CACHE-KEY
X-Jobs
Cloudfront-Viewer-Country
X-Via-PopH
X-Sorting-Hat-Shopid
X-Shopid
X-Sorting-Hat-Podid
X-LAGOON
X-Shardid
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
True-Client-IP
X-Proxy-Cache-LA2
X-ByteArk-ReqID
X-Ssense-Shipping-Surcharge-Enabled
X-Ramcache
Ohc-File-Size
FSS-Cache
X-ByteArk-Cache
X-Key
X-Ssense-Gql
WP-Super-Cache
X-Correlation-ID
X-VServer
Ohc-Cache-HIT
X-Elasticpress-Query
X-Cdn-Srv
On-Server
CF-Cached-On
Cl-Cache
X-Geo
X-Sucuri-Id
X-Webkit-Csp-Report-Only
X-Web-Server
X-Cdn-Cache-Status
X-Check-Cacheable
Ngx
X-Powered-By-VTEX-Cache
X-ATG-Version
X-PageType
X-Th-Server
WebServer
X-VTEX-Cache-Time
X-DC
Akamai-X-True-TTL
X-NODE
X-Serial
X-VTEX-Cache-Server
Cf-Ipcountry
X-Iplb-Request-Id
X-Iplb-Instance
My-App
X-MiniProfiler-Ids
X-Limited
X-Beacon
Warning
User-Agent
X-Env
FSS-Proxy
Cneonction
X-Request-Url
Host-Name
Xkey-G-Jp
X-Fastly-Cache-Status
X-Fastly-Cache
X-Mg-Cache