Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
X-Request-ID
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-AH-Environment
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Pingback
X-Dns-Prefetch-Control
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
X-LiteSpeed-Cache
Surrogate-Control
X-Server-Id
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
P3p
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Application-Context
X-Clacks-Overhead
X-TtlSet
X-PC
X-Times
Rating
X-Vname
X-Country
X-Cnection
X-Ua-Device
X-Edge
X-Mcache
X-ESI
X-Midtier
X-Browser-Type
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Cache-TTL
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Surrogate-Key
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Element-Page-Cache
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Abt-Application-Version
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-D2id
X-FastCGI-Cache
X-Nf-Request-Id
X-NWS-LOG-UUID
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
Pinterest-Version
Pinterest-Generated-By
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Pinterest-Rid
X-GitHub-Request-Id
Akamai-GRN
X-Language
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
S
X-Client-IP
X-Ratelimit-Limit
X-Oneagent-Js-Injection
Edge-Cache-Tag
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-MS-InvokeApp
X-Goog-Hash
X-Kinsta-Cache
X-ARC
X-Edge-Location-Klb
X-Resp-Is-Stale
X-Ser
X-Distributor
X-Url
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
X-Cache-Key
Access-Control-Request-Method
X-NGENIX-Cache
X-Ezoic-Cdn
Front-End-Https
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Recruiting
RTSS
X-Ttl
X-Amzn-Trace-Id
X-Varnish-TTL
Cache-Status
X-Version
X-Powered-CMS
Public-Key-Pins
X-Ruxit-Js-Agent
X-T
X-Mg-S
X-MSEdge-Ref
TP-Cache
Fastcgi-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Daa-Tunnel
X-Ismobilevalue
X-Forwarded-For
X-Correlation-Id
X-Cluster-Name
Realpath
X-Fastly-Request-ID
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Content-Security-Policy-Report-Only
X-Ua-Browser
X-Kong-Upstream-Latency
Payment
X-Kong-Proxy-Latency
Content-MD5
X-Newrelic-App-Data
X-DIS-Request-ID
X-Server-Name
X-GUploader-UploadID
X-RateLimit-Remaining
X-CST
X-HS-CF-Cache-Status
X-HS-Prerendered
X-Jurisdiction
X-HP-Webp
X-Cambria-Cache-Control
X-HP-Trace-Id
Content-Disposition
X-Azure-Ref
X-Ratelimit-Remaining
X-TTL
X-Amz-Replication-Status
Count-Hit
X-Xrds-Location
X-Webkit-Csp
X-Px
X-ORACLE-DMS-ECID
YJS-ID
X-Page-Id
Cleartype
Accept-Charset
X-Unique-Id
X-Ratelimit-Reset
Cross-Origin-Embedder-Policy
X-Logged-In
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Rid
X-Origin-Server
X-Proxy
X-FB-Debug
Cross-Origin-Resource-Policy
X-Activity-Id
X-Git-Hash
X-Az
X-AppVersion
X-Protected-By
Ar-SID
X-Www-Served-By
X-VARITI-CCR
X-SERVER-NAME
X-Request-Handler-Origin-Region
X-Microsite
X-Template
X-LLID
X-Goog-Metageneration
X-Load-Cache
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-Varnish-Backend
X-TEC-API-ROOT
X-TEC-API-VERSION
X-PressLabs-Stats
X-Request-Device-Id
X-TEC-API-ORIGIN
Version
X-Forwarded-Proto
Server-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Upgrade-Enabled
X-URL
X-Geo-Country
Server-Name
X-Hits
X-Hostname
X-COUNTRY
X-Content-Options
X-B3-Sampled
X-Frontend
X-Varnish-Grace
Section-Io-Cache
Viewport
X-App-Server
X-Varnish-Server
X-TT
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Meli-Trace-Platform
X-Fb-Rlafr
X-Meli-Trace-Bu
X-Device-Type
X-Meli-Trace-Site
X-Grace
X-B
Access-Control-Allow-Method
Alternate-Protocol
X-Status
Fastly-SWR
Fastly-SIE
TCN
Healthy
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Upgrade-Insecure-Requests
X-Request-Guid
Host
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Server-ID
DC
X-WebKit-CSP-Report-Only
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-CSRF-Token
X-Buckets
X-Varnish-Ttl
Retry-After
X-Contextid
X-Amzn-Remapped-Content-Length
X-Debug
MS-Author-Via
X-Cache-Control
X-Cache-Age
AKAMAI-GRN
X-NF-Request-ID
X-Revision
X-Type
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Instance
X-Original-Request-Id
X-Vcl-Version
X-Response-Served-From
X-Seen-By
SD-X-WS
X-NYM-Debug-Backend
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Adobe-Loc
X-Rendered-As
X-Tumblr-Pixel-1
X-RemovedCookies
X-Adobe-Content
X-ProcessESI
X-Tumblr-User
Cross-Origin-Opener-Policy-Report-Only
X-Yottaa-Optimizations
X-Hl-Ver
X-Is-Bot
X-Yottaa-Metrics
X-UUID
X-N
X-App-Version
Cross-Origin-Embedder-Policy-Report-Only
X-Debug-IsPreview
X-G
X-Debug-IsConnected
X-Akamai-Edgescape
X-Lambda-Id
Access-Control-Request-Headers
Section-Io-Id
X-Backend-Name
X-Framework
X-Mobile
X-Content-Powered-By
X-Mg-Request-UUID
X-Storage
X-Trace-Id
Charset
X-INCAP-ABP
Frame-Options
X-ServerID
X-Origin-CC
X-Akamai-Request-ID2
X-DataDome
MS-CV
NGB
X-Origin-TTL
X-Server-W
X-RTag
X-RM-Cache-TTL
Ms-Operation-Id
X-AB
X-Dc
X-Cache-Status-Check
X-Wormhole-Sdk
AR-SID
VIX-Pulpo-Node
X-Oracle-Dms-Ecid
VIX-Pulpo-Upstream-Status
X-Cache-Hit
X-Cache-Time
Filterid
Refresh
Cache
Accept-Language
X-Request-Site
X-Request-Platform
X-Request-Bu
X-B3-SpanId
X-Tec-Api-Root
X-Requestid
X-Time
X-Fastcgi-Cache
X-Tec-Api-Origin
X-Tec-Api-Version
SRV
X-HITS
Webserver
X-Node-Name
X-Region
Paypal-Debug-Id
X-Real-IP
Onion-Location
Protected
X-Ms-Version
X-Ms-Request-Id
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
CDN-RequestId
X-VC-Cache
X-User-Agent
X-F-Cache
Liferay-Portal
Cross-Origin-Window-Policy
Priority
X-Cache-Expired-At
X-HTML-Minification-Powered-By
X-Pass-Why
X-Whom
X-WP-CF-Super-Cache-Active
X-IPS-LoggedIn
X-Datadog-Trace-Id
X-LB-Cache
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Rocket-Nginx-Serving-Static
Backend
Xet-Cookie
X-Mode
X-XRDS-Location
X-L-Path
GEO-INFO
X-Environment-Context
OT-Force-Account-Verify
X-Tb
X-Service
X-Drupal-Cache-Tags
X-Yandex-Req-Id
X-Handled-By
X-Proxy-Cache-Info
X-Rule
X-App-Environment
X-Cacheable-TTL
X-Proxied
X-Detected-As
Filters
X-MP-GENERATED-AT
X-Is-Tablet
X-Geo-Region
X-Tncms
X-Zipkin-Id
ServerID
X-Is-Desktop
X-SaId
X-Vcache
X-Extlb
X-Tcp-Rtt
X-UPSTREAM-Address
X-Is-Mobile
X-Wix-Request-Id
X-Is-Supported-Browser
LB
X-Loop
X-Rewrite-Enabled
X-Browser-Name
X-JoinUs
X-Rn-Rsrv
Web-Mar-Node
X-Adobe-Source
Url
Meta-Geo
X-Cloudmap
Fastcgi-Useragent
Country
X-Servername
X-Routing-Service
X-Generation-Time
X-IPLB-Instance
X-Forwarded-Host
X-Varnish-Beresp-Grace
X-Format
ServedBy
Uber-Trace-Id
Expiry
X-Director
X-Connection-Hash
X-Cdn-Origin
X-Origin-Date
X-Cms-Context
Atl-Traceid
X-Locale
X-Alternate-Cache-Key
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Cache-Host
X-IPLB-Request-ID
X-Hosted-By
X-FW-Type
X-FW-Version
X-Shopify-Stage
X-Skip-Cache
X-Storefront-Renderer-Rendered
TWC-Privacy
TWC-Locale-Group
Property-Id
X-Redis-Cache
TWC-Connection-Speed
TWC-GeoIP-DMA
TWC-GeoIP-Country
TWC-GeoIP-City
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Region
X-Restarts
Webcakes-App-Name
X-FW-Static
X-FW-Server
X-FW-Hash
X-Origin-Hint
X-FW-Serve
X-Hit
X-Web-Node
Webcakes-Region
Webcakes-App-Version
X-FW-Dynamic
X-Logging-Id
X-Scope-Id
X-RateLimit-Limit-Second
X-Say-TTL
X-Say-Cacheable
X-BYPASS-REASON
X-Endurance-Cache-Level
X-SayCDN-TTL
X-Edge-Location
X-Cluster-Node
X-ProxyCache-Key
X-RateLimit-Remaining-Second
X-Debug-Info
X-Cache-Action
X-Cluster
Mn-Server-Ip
X-ProxyCache-Status
X-Httpd
X-Soup
Apigw-Requestid
Environment
X-FB-TRIP-ID
X-Labrador-Cache-Channel
X-Urbn-Site-Id
X-Drupal-Cache-Contexts
X-Urbn-Context-Path
X-Served-From
YJS-CacheStatus
Locale
X-S
X-PHP-Host
X-VC
X-Origin
X-Auth-Group-Type
Cache-Hits
DB-Nickname
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-Fetched-On
X-ECache
X-Mly-Id
X-Origin-Cache
X-VCT
X-R9-Blue-Green-Version
X-No-Session
X-Is-Modern-Browser
X-RCS-CacheZone
X-UA
X-Cache-Debug
X-Sorting-Hat-ShopId
X-GEO
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-SRV
Front
X-WP-CF-Super-Cache-Cookies-Bypass
X-CDN-Forward
X-Varnish-Cache-Hits
X-Varnish-Age
X-Provided-By
X-NewRelic-App-Data
Node
Xserver
X-Is-Mobile-Only
Countrycode
X-Lagoon
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Cache-Tv-Group
WPO-Cache-Status
X-Generated-By
X-Api-Version
X-CACHE-AGE
X-Platform
X-Source
X-TA-CDN-Provider
X-Site-Version
X-Webstats-RespID
X-CDN-Cache-Status
Referer-Policy
From-Origin
Cache-Provider
X-Azure-Ref-OriginShield
X-Cdn
X-Presslabs-Stats
X-B-Cache
X-Accel-Version
X-Signature
X-B3-Traceid
X-Tt-Logid
X-NWS-UUID-VERIFY
X-VC-TTL
X-Optimistic-Header
X-PHP-Backend
X-Tx-Id
X-Xfnlog-Site
Location
CF-IPCountry
Request-ID
X-Cache-Rule
X-Cache-Operation
X-Ua
X-Sucuri-Cache
X-IsAdmin
X-Worker
WPO-Cache-Message
CDN-RequestCountryCode
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-CachedAt
X-Tb-Optimization-Total-Bytes-Saved
X-Reqid
AMP-Access-Control-Allow-Source-Origin
X-A-Dcw
X-AK-Request-ID
X-Viewer-Country
X-Aed
X-ApacheServer
X-Vtex-Remote-Cache
X-Access
X-A-Wwc
X-Action
X-A-Dgt
Sslversion
Fl-Custom-Application
Fastly-SSL
Host-ID
Lang
MD5-Digest
Log-Origin
Expect-Staple
DCR-Processing-Time-Ms
Cdncip
Candidate-Md5Url
Cdnsip
Cluster
DCR-Decision-By
Meta-Geo-Continent
Ngx.Var.Host
Time-Cloud-Cache
Store-Cloud-Cache
Web-Mar-Region
X-A
X-A-Dam
X-A-Ccd
RNT-Time
XM
Origin
Odigeo-Trace-Id
Redirect-Candidate
Rendered-Blocks
RNT-Machine
Xc-Version
X-BCube-Filmed-By
X-GeoCode
X-Forwarded-Site
X-Section
X-GeoCountry
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Sigma
X-Fmm-Version
X-Ee-Request-Id
X-Slack-Shared-Secret-Outcome
X-External-Request-Id
X-Slack-Backend
X-Sigma-Backend
X-Ig-Push-State
X-SD-PageType
X-Rocket-Build-Number
X-Old-Content-Length
X-Origin-Expires
X-PAYTM-SRV-ID
X-Request-URI
X-PERF
X-Rojux
X-S-Cookie
X-ScT
X-Loc
X-Save-Cache
X-Micro-Cache
X-Node-Id
X-SRCache-Key
X-Ee-Request-Date
X-Clientip
X-Cache-NE
X-Cms-Device
X-Conf
X-Content-Age
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-Bl-Debug
X-VG-TLSProxy
X-Auto-Login
X-Vdms-Version
X-B-Cookie
X-Req
X-Core-Value
X-Vary-Devices
X-Ec-Fail
X-Developer
X-Ec-GeoHdr
X-Ee-Generated-By
X-Ee-Origin
X-Varnish-Authentication
X-Destination
X-D
X-Varnish-Hostname
X-Depends
X-Varnish-Director
Apple-News-Services-Request-Url
X-VG-WebCache
X-Application
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Sucuri-ID
X-Fastly-Request-Id
X-TT-LOGID
X-Frame-Option
X-LSADC-Cache
X-Air-Pt
X-Fastly-Backend
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-Eu-Site
X-FC-Vary-Parameters
X-Gen-Mode
X-HN
X-Human
X-Internal-TTL
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Dispatcher-Server
X-Generated-On
X-GeoIP-Country-Code
X-Gdpr
X-Debug-Cache-Store
X-Amz-Storage-Class
X-App-Name
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Akamai-Device-Characteristics
X-Aicache-OS
X-AB-Test
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Bc-Bl
X-Block-Status
X-Date
X-Debug-Cache-Fetch
X-Ion-Healthy
X-DefElseHash
X-CUA
X-Csrf-Jwt
X-Bug-Bounty
X-CGP
X-Content-Length
X-DefHash
X-Men
X-VarnishDD-TTL
X-Via-Fastly
X-We-Are-Hiring
IsBot
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Uri
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
N-Cache
Wxu-Next-Commit
X-Org
X-SIPLIST1
X-V-Cache
X-Hash
X-GeoIP-City
Wxu-Next-Hostname
Wxu-Next-Region
X-From
X-Up
X-UA-Device-Type
X-Moov-Xdn-Version
X-Nyt-Route
X-Op-Id-All
X-Origin-Time
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Jungle-Id
X-Level-Front-Cache
V-Age
X-Path
X-Policy
X-Sn-Servicetimems
X-Thinkindot-L1
X-Thinkindot-L3
X-Shield-Cache-Expires
X-SB
X-Pubstack
X-Region-Sid
X-Render-Time
X-Ion-Hop
X-Hnp-Log
Azure-RegionName
Azure-InstanceId
Gannett-Cam-Experience-Id
TDXMobile
Azure-SiteName
User-Cache-Control
Thinkindot-CacheControl
L5d-Success-Class
CDCHOST
ServerName
RewriteTestHook
Server-Host
L
Ha-Gx-Prefs
Gh-Request-Id
Req-Svc-Chain
RewriteTeamHook
Cache-Contol
Thinkindot-CacheControl-Type
DSUID
Origin-CC
Cmsid
Cmstype
Origin-Agent-Cluster
Country-Code
Nord-Request-ID
PFcat
Origin-EX
Azure-Version
Azure-SlotName
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
Machine
X-Gamma-Serve
X-NMSegId
CacheControlHeader
Platform
Release
NM-Fastcgi-Cache
Mail-Subject
X-Esi-Check
X-Gzip
C-Via
X-Edge-Server
X-SVT-ORM-RULES
X-DPWN-IS-SECURE
Origin-Site
Producers
X-Vmg-Version
X-Mvc-Supplant-Cachable
Cdn-Request-Time
Tube-Get-Contents
Click-Count-Action-Start
X-Vercel-Cache
X-Vercel-Id
X-Proto
Cdn-Host
Click-Count-Error
Tube-Got-Eval
X-SVT-ORM-VERSION
We-Hiring
X-Thanos
X-Server-IP
Tube-Got-Results
Tube-Return
Pragrma
Fastly-Backend-Name
X-Wikidot-Static-Cache
X-B3-Trace-ID
X-Cache-Id
Content-Script-Type
X-Cache-Date
X-Cache-FS-Status
X-Wikidot-Backend
Content-Style-Type
Fastly-GeoIP-CountryCode
Source
X-CacheTTL
X-Bip
Fastly-Drupal-HTML
X-Parent-Response-Time
X-Proxied-Request
X-Origin-Response-Time
X-Mvc-Supplant-OutputCached
X-Litespeed-Cache-Control
X-ZONE
Canary
Powered-By
X-Location
S-Rt
X-ElasticPress-Query
X-Upstream-Ht
X-Pad
X-Upstream-Ct
Debug
Vix-Hermes-Req-Id
X-NGINX-Cache
X-Cs
CloudFront-Viewer-Country
X-Cached-By
Sid
Pics-Label
X-ND-Cache
X-Refresh
NGX
X-Nananana
X-TH-Server
X-Via-Popn
X-Via-Popv
X-APP
X-Litespeed-Tag
Product
X-Via-Poph
X-HA-Backend
X-Servedbyhost
Mime-Version
HA-Ipaddr
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-FORWARDED-FOR
X-Cache-VC
Server-ID
X-Client-Ip
X-Varnish-Hits
Cookie
X-AIR-PT
X-User
X-DynaTrace-JS-Agent
Edge-Cache
X-Datadome
GeoIp-Country-Code
MIME-Version
X-GeoIP
X-Wa
X-Fpc
X-LB-ID
X-Nc
X-Cdn-Forward
X-Nginx-Cache
X-Webkit-CSP
SID
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Debug-Service
HostName
X-Srv
DataCenter
True-Client-Country-4JS
Load-Balancing
Server-Ext
Sever-Int
X-LB-NoCache
Server-Hostname
Akamai-Mon-Iucid-Del
WZWS-RAY
X-Zone
Resin-Trace
Surrogated-Key
X-Unity-Cache
Show-Do-Not-Sell-Link
Cdn
X-Request-Start
X-Scheme
Fastly-Drupal-Html
X-Cache-Backend
X-CS
Traceparent
X-Vc
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
Tcn
X-Lsadc-Cache
X-VCL-Version
X-Pool
Sm-Log-Id
Wsr-Cache
Lb
X-Service-Response-Time
X-NodeID
X-Request-Host
X-RequestId
N1-Cache
X-B3-Spanid
X-Vgn-Hpd-Reason
X-Cache-Grace
Yjs-Id
X-LiteSpeed-Tag
X-Ez-Minify-Html
Yak-Timeinfo
NtCoent-Length
Serverhost
X-API-Version
X-HOST
X-DynaTrace
X-HubSpot-Correlation-Id
X-Datacenter
X-TX-ID
X-DataCenter
X-CDN-Provider
XkeyR9
Hostname
X-RateLimit-Limit
Xkeylog
X-Via-CDN
X-Proxy-CacheR9
Datacenter
Xkey-La3
X-Via-Edge
X-Proxy-Cache-La3
X-Udemy-Cache-App-Namespace
Edge-Copy-Time
X-Via-SSL
Cdn-Requestid
X-WA
X-Zen-Fury
CDN
X-Geolocation
A
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
CountryCode
X-Dynatrace-Js-Agent
X-Jobs
X-ID
Req-ID
X-Fastly-Backend-Reqs
X-Akamai-Pragma-Client-IP
X-Lb-Id
X-FPC
X-NC
Cs
X-Via-JSL
True-Client-IP
Server-Id
X-Cdn-Srv
WP-Super-Cache
GeoIP-Country-Code
Uri
Esi-Enabled
X-Html-Minification-Powered-By
X-Webkit-Csp-Report-Only
X-VTEX-Cache-Server
X-Powered-By-VTEX-Cache
T-Server
X-VTEX-Cache-Time
X-TimeS
X-VC-Age
X-Srcache-Store-Status
X-Ez-Minify-Js
X-Stale
RATING
On-Server
Geoip-Latitude
Proxy-Firewall
X-Srcache-Fetch-Status
ServerHost
X-Lb-Nocache
X-Varnish-Beresp-TTL
X-MSEdge-Flight
X-MSEdge-Features
X-ServedByHost
Cr
X-HA-Application-Name
Pramga
X-HA-Bot-Classification
X-HA-Device-Type
X-Styx-Info
X-Styx-Origin-Id
Srv
X-Swift-Error
From-Cache
X-Oracle-DMS-ECID
WebServer
Cloudfront-Viewer-Country
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
X-CSRF-TOKEN
X-App
X-Var-Ttl
X-TIM-N
Content-Secure-Policy
X-Ha-Backend
X-WA-Info
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
X-Wp-Cf-Super-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Fastly-Cache
Ngx
X-Correlation-ID
X-Via-PopH
W
FSS-Cache
X-Via-PopN
X-Via-PopV
X-Shardid
X-Cdn-Cache-Status
X-Check-Cacheable
X-Elasticpress-Query
X-Geo
X-Sorting-Hat-Podid
X-Shopid
X-Sorting-Hat-Shopid
X-Ramcache
Cl-Cache
BehaviorPad-Version
X-Web-Server
Akamai-X-True-TTL
X-Request-Url
X-ATG-Version
X-Proxy-Cache-LA2
X-Serial
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Th-Server
X-DC
Cf-Ipcountry
X-Env
User-Agent
Cneonction
X-Fastly-Cache-Hits
Host-Name
X-Key
Xkey-G-Jp
Bxpunish
Bxuuid
X-Nitro-Cache
My-App
X-Mg-Cache
FSS-Proxy
X-Request-Time
X-Cache-TTL-Remaining
X-Fastly-Cache-Status