Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-AH-Environment
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Powered-By
X-Dns-Prefetch-Control
Allow
X-Pingback
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-Device
X-FTR-Request-ID
EagleEye-TraceId
X-Host
X-Server-Id
X-Cache-Lookup
X-LiteSpeed-Cache
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
P3p
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Application-Context
X-Clacks-Overhead
X-TtlSet
X-Vname
X-Times
X-PC
Rating
X-Country
X-Cnection
X-Ua-Device
X-Mcache
X-Midtier
X-Edge
X-Browser-Type
X-Cache-TTL
X-ESI
X-Vcap-Request-Id
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Ac
X-FTR-Expires
Origin-Trial
Surrogate-Key
Edge-Control
X-FastCGI-Cache
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Element-Page-Cache
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Abt-Application-Version
X-Kinja-Revision
X-GoogleNews-Bot
X-D2id
X-Nf-Request-Id
X-NWS-LOG-UUID
Verso
X-Upstream
X-ECACHE
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-Navigation-Version
X-B3-TraceId
X-Amz-Rid
Nginx-Cache
X-Sol
Pagespeed
Display
X-Middleton-Display
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-GitHub-Request-Id
Akamai-GRN
X-Language
X-Envoy-Decorator-Operation
Response
X-Middleton-Response
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Client-IP
S
X-Ratelimit-Limit
X-Oneagent-Js-Injection
Edge-Cache-Tag
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-MS-InvokeApp
X-Goog-Hash
X-Kinsta-Cache
X-ARC
X-Edge-Location-Klb
X-Resp-Is-Stale
X-Ser
X-Url
X-Distributor
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
Access-Control-Request-Method
X-Cache-Key
X-Content-Digest
X-NGENIX-Cache
Front-End-Https
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Recruiting
RTSS
X-Amzn-Trace-Id
X-Varnish-TTL
Cache-Status
X-Version
X-Powered-CMS
X-Ruxit-Js-Agent
Public-Key-Pins
X-Ttl
X-Mg-S
TP-Cache
X-T
Fastcgi-Cache
X-MSEdge-Ref
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Daa-Tunnel
X-Ismobilevalue
X-Correlation-Id
X-Forwarded-For
Realpath
X-Cluster-Name
Cache-Tags
X-Cached
X-Fastly-Request-ID
X-Id
AR-CACHE
X-HS-Combine-CSS
X-Request-Processing-Time
X-Request-Received
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Content-MD5
Payment
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-Newrelic-App-Data
X-TTL
X-DIS-Request-ID
X-GUploader-UploadID
X-Server-Name
X-RateLimit-Remaining
X-CST
X-Cambria-Cache-Control
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-HS-CF-Cache-Status
X-HS-Prerendered
Content-Disposition
X-Azure-Ref
X-Ratelimit-Remaining
X-Amz-Replication-Status
Count-Hit
X-Xrds-Location
X-Webkit-Csp
YJS-ID
X-ORACLE-DMS-ECID
X-Px
Cross-Origin-Embedder-Policy
X-Unique-Id
X-Ratelimit-Reset
X-Page-Id
X-Logged-In
Cross-Origin-Resource-Policy
Accept-Charset
X-Proxy
X-Protected-By
Cleartype
X-FB-Debug
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Origin-Server
X-Rid
X-Git-Hash
X-Az
X-AppVersion
Ar-SID
X-Activity-Id
X-VARITI-CCR
X-Www-Served-By
X-SERVER-NAME
X-Request-Handler-Origin-Region
X-Microsite
X-Template
X-LLID
X-Goog-Metageneration
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-Load-Cache
X-Varnish-Backend
X-Request-Device-Id
Version
X-PressLabs-Stats
X-Forwarded-Proto
X-Amz-Apigw-Id
X-Amzn-RequestId
Server-Node
Server-Name
X-URL
X-Upgrade-Enabled
X-Geo-Country
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Hits
X-Hostname
X-COUNTRY
X-Frontend
X-Content-Options
X-B3-Sampled
X-Varnish-Grace
Section-Io-Cache
X-TT
X-B3-TraceId-Primal
X-Fb-Rlafr
X-Device-Type
MRF-Tech
X-Meli-Trace-Platform
X-App-Server
Mrf-Cache-Status
X-Varnish-Server
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-B
Access-Control-Allow-Method
Viewport
Fastly-SWR
Fastly-SIE
Alternate-Protocol
X-Grace
X-Status
TCN
Healthy
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Request-Guid
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Host
X-Magnolia-Registration
Amp-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-CSRF-Token
DC
X-Buckets
X-Amzn-Remapped-Content-Length
X-Contextid
X-Varnish-Ttl
Retry-After
X-Debug
X-Cache-Age
X-Cache-Control
AKAMAI-GRN
MS-Author-Via
X-NF-Request-ID
X-Revision
X-WP-CF-Super-Cache-Cache-Control
X-Type
X-WP-CF-Super-Cache
X-Response-Served-From
SD-X-WS
X-Original-Request-Id
X-Yottaa-Metrics
X-Adobe-Loc
X-Adobe-Content
X-Seen-By
X-ProcessESI
X-Yottaa-Optimizations
X-UUID
X-RemovedCookies
X-Hl-Ver
Access-Control-Request-Headers
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Lambda-Id
X-N
X-Instance
X-Debug-IsPreview
X-Debug-IsConnected
X-G
X-Is-Bot
X-NYM-Debug-Backend
X-Rendered-As
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Akamai-Edgescape
X-Tumblr-Pixel-0
X-ServerID
X-Framework
Section-Io-Id
X-App-Version
Frame-Options
X-Mobile
X-Backend-Name
X-Content-Powered-By
X-Trace-Id
X-Storage
X-Tec-Api-Origin
X-Tec-Api-Root
Charset
Ms-Operation-Id
X-Origin-CC
X-INCAP-ABP
X-Origin-TTL
X-Tec-Api-Version
X-Akamai-Request-ID2
X-Mg-Request-UUID
X-DataDome
X-RTag
X-RM-Cache-TTL
MS-CV
X-Vcl-Version
X-AB
X-Dc
X-Server-W
NGB
X-Cache-Status-Check
X-Wormhole-Sdk
AR-SID
VIX-Pulpo-Node
X-Oracle-Dms-Ecid
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Request-Site
X-Request-Platform
X-Cache-Hit
Accept-Language
X-Request-Bu
X-Server-ID
Filterid
Cache
X-Requestid
X-Time
SRV
X-HITS
Refresh
X-Region
X-Node-Name
Webserver
X-Real-IP
X-B3-SpanId
Paypal-Debug-Id
Protected
X-Hcs-Proxy-Type
Onion-Location
X-CCDN-Origin-Time
X-CCDN-CacheTTL
CDN-RequestId
X-Ms-Version
X-Ms-Request-Id
X-VC-Cache
X-User-Agent
X-F-Cache
Cross-Origin-Window-Policy
X-LB-Cache
X-Cache-Expired-At
Priority
X-Pass-Why
X-Datadog-Sampling-Priority
X-WP-CF-Super-Cache-Active
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Rocket-Nginx-Serving-Static
Backend
Liferay-Portal
X-IPS-LoggedIn
Xet-Cookie
X-Mode
X-L-Path
X-XRDS-Location
X-Environment-Context
X-Whom
GEO-INFO
OT-Force-Account-Verify
X-HTML-Minification-Powered-By
X-Service
X-Yandex-Req-Id
X-Proxy-Cache-Info
X-Fastcgi-Cache
X-Tb
X-Rule
X-Adobe-Source
X-Is-Mobile
X-MP-GENERATED-AT
X-Cacheable-TTL
X-Browser-Name
LB
X-Is-Supported-Browser
X-Cloudmap
X-Detected-As
X-Extlb
X-Is-Desktop
X-Routing-Service
X-Handled-By
X-Tcp-Rtt
Country
X-Is-Tablet
X-Servername
X-Wix-Request-Id
X-Zipkin-Id
X-JoinUs
Url
X-SaId
Fastcgi-Useragent
Filters
Meta-Geo
X-Proxied
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Geo-Region
X-Rn-Rsrv
X-Hosted-By
X-Hit
ServedBy
Expiry
Uber-Trace-Id
X-Tncms
Atl-Traceid
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Skip-Cache
Web-Mar-Node
X-Origin-Date
X-Loop
X-Forwarded-Host
X-Connection-Hash
X-Cms-Context
X-Alternate-Cache-Key
X-Cdn-Origin
X-Logging-Id
X-Web-Node
X-App-Environment
X-Vcache
X-Varnish-Beresp-Grace
TWC-Locale-Group
X-ProxyCache-Status
TWC-GeoIP-Region
Mn-Server-Ip
X-ProxyCache-Key
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Privacy
X-Say-TTL
X-Redis-Cache
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-City
X-Say-Cacheable
TWC-GeoIP-Country
X-Drupal-Cache-Tags
Property-Id
TWC-GeoIP-DMA
Apigw-Requestid
X-SayCDN-TTL
X-BYPASS-REASON
X-Httpd
X-Format
X-Endurance-Cache-Level
X-Origin-Hint
X-Soup
X-Tumblr-Pixel-3
Environment
X-Tumblr-Pixel-2
X-IPLB-Request-ID
X-IPLB-Instance
X-Cache-Action
X-Restarts
X-Locale
X-Cluster
X-Cluster-Node
X-Director
X-Debug-Info
X-Cache-Host
X-Labrador-Cache-Channel
X-Urbn-Site-Id
X-PHP-Host
X-Edge-Location
X-Urbn-Context-Path
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Locale
X-Scope-Id
X-Served-From
YJS-CacheStatus
ServerID
X-S
X-FW-Hash
X-FW-Serve
X-Auth-Group-Type
X-FW-Dynamic
X-Fetched-On
X-FW-Server
X-Origin
Cache-Hits
X-Proxy-Build
Selected-Fe
X-FW-Version
X-Timing-Wait
X-FB-TRIP-ID
X-FW-Static
X-Generation-Time
X-FW-Type
X-VC
DB-Nickname
X-Mly-Id
X-ECache
X-Drupal-Cache-Contexts
X-RCS-CacheZone
X-No-Session
X-Is-Modern-Browser
X-R9-Blue-Green-Version
X-VCT
X-Origin-Cache
X-GEO
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-B3-Traceid
X-Cache-Debug
Front
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Cache-Hits
X-Varnish-Age
X-CDN-Forward
X-NewRelic-App-Data
Xserver
X-UA
Countrycode
X-Is-Mobile-Only
X-Provided-By
Node
X-SRV
X-Varnish-Beresp-Ttl
X-Api-Version
X-Platform
X-CLOUD-TRACE-CONTEXT
X-Generated-By
X-CACHE-AGE
X-Lagoon
WPO-Cache-Status
X-Source
X-TA-CDN-Provider
X-Webstats-RespID
X-CDN-Cache-Status
Cache-Tv-Group
X-Site-Version
X-Webkit-CSP
X-Presslabs-Stats
Cache-Provider
X-Cdn
X-Azure-Ref-OriginShield
From-Origin
Referer-Policy
X-B-Cache
X-Signature
X-Accel-Version
X-Ua
X-VC-TTL
X-NWS-UUID-VERIFY
X-Tt-Logid
X-Optimistic-Header
X-Xfnlog-Site
Location
X-PHP-Backend
X-Tx-Id
CF-IPCountry
Request-ID
X-Cache-Rule
X-Cache-Operation
X-IsAdmin
X-Worker
CDN-RequestCountryCode
CDN-RequestPullCode
WPO-Cache-Message
CDN-Uid
X-Reqid
CDN-RequestPullSuccess
CDN-PullZone
CDN-CachedAt
CDN-Cache
X-Sucuri-Cache
CDN-EdgeStorageId
AMP-Access-Control-Allow-Source-Origin
X-A-Wwc
Apple-News-Services-Host
X-A-Dgt
X-Application
Cdncip
X-A-Dam
X-A-Dcw
Apple-News-Services-Handled
DCR-Processing-Time-Ms
Cdnsip
X-Aed
DCR-Decision-By
X-ApacheServer
Fastly-SSL
X-AK-Request-ID
X-Access
Expect-Staple
Apple-News-Services-Parsed-Url
Origin
Redirect-Candidate
Host-ID
Odigeo-Trace-Id
Ngx.Var.Host
X-B-Cookie
Lang
Meta-Geo-Continent
Candidate-Md5Url
Rendered-Blocks
Time-Cloud-Cache
MD5-Digest
X-A
Apple-News-Services-Request-Url
Store-Cloud-Cache
Sslversion
Fl-Custom-Application
X-A-Ccd
X-Ec-Fail
X-SD-PageType
X-ScT
X-Section
X-Sigma
X-Sigma-Backend
X-Save-Cache
X-S-Cookie
X-Req
X-PERF
X-Request-URI
X-Rocket-Build-Number
X-Rojux
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Viewer-Country
X-VG-WebCache
X-Vtex-Remote-Cache
Xc-Version
XM
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Varnish-Director
X-Varnish-Hostname
X-Vary-Devices
X-PAYTM-SRV-ID
X-Origin-Expires
X-Destination
X-D
X-Developer
X-Ec-GeoHdr
X-Ee-Generated-By
X-Core-Value
X-Conf
X-Bl-Debug
X-Cache-NE
X-Clientip
X-Cms-Device
X-Ee-Origin
X-Ee-Request-Date
X-Ig-Push-State
X-Ig-Origin-Region
X-Loc
X-Node-Id
X-Old-Content-Length
X-GeoCountry
X-GeoCode
X-Ee-Request-Id
X-External-Request-Id
X-Fmm-Version
X-Forwarded-Site
X-BCube-Filmed-By
X-Content-Age
X-Fastly-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Pt
X-LSADC-Cache
X-Frame-Option
X-TT-LOGID
X-Via-Fastly
X-CGP
X-Bug-Bounty
X-Block-Status
X-VarnishDD-TTL
X-Cache-Aspx
X-Varnish-Remaining-TTL
X-CUA
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Csrf-Jwt
X-Varnish-CookieINHashed-On
X-Bc-Bl
X-Content-Length
X-Contensis-Viewer-Groups
X-Auto-Login
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
IsBot
ServerName
RNT-Machine
RNT-Time
Server-Host
User-Cache-Control
Web-Mar-Region
X-Akamai-Device-Characteristics
X-Amz-Storage-Class
X-DefElseHash
X-Pubstack
X-Action
X-AB-Test
X-Acquia-Purge-Cdn-Unconfigured
X-BBC-Edge-Cache-Status
X-Depends
X-Level-Front-Cache
X-Men
X-Micro-Cache
X-Shield-Cache-Expires
X-Sn-Servicetimems
X-HS-Content-Campaign-Id
X-Human
X-Internal-TTL
X-Moov-T
X-Moov-Xdn-Caching-Status
X-Render-Time
X-Region-Sid
X-Policy
X-Op-Id-All
X-Sucuri-ID
X-Moov-Xdn-Version
X-SB
X-Hnp-Log
X-HN
X-Up
X-UA-Device-Type
X-Epic-Correlation-Id
X-Uri
X-Ec-Custom-Error
Req-Svc-Chain
X-Varnish-Authentication
X-Dispatcher-Server
X-Eu-Site
X-Fastly-Backend
X-Generated-On
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Gen-Mode
X-Thinkindot-L1
X-FC-Vary-Parameters
X-Thinkindot-L3
X-DefHash
X-Aicache-OS
X-V-Cache
X-SIPLIST1
Country-Code
Log-Origin
Wxu-Next-Region
L5d-Success-Class
Cluster
X-Org
CDCHOST
Cmstype
Cmsid
Wxu-Next-Hostname
X-Hash
Wxu-Next-Commit
X-GeoIP-City
DSUID
Origin-Agent-Cluster
X-From
N-Cache
Ha-Gx-Prefs
PFcat
Origin-EX
L
Gannett-Cam-Experience-Id
Origin-CC
X-VWS-Id
X-AWS-Id
X-LJ-Flow-ID
X-Path
X-Cache-Date
Fastly-GeoIP-CountryCode
X-Origin-Time
Source
X-Gamma-Serve
X-Debug-Cache-Fetch
X-Proto
X-Debug-Cache-Store
X-Date
X-DPWN-IS-SECURE
X-Gdpr
Azure-SiteName
Azure-RegionName
Azure-SlotName
X-Jungle-Id
X-Ion-Hop
X-Server-IP
Azure-InstanceId
X-Nyt-Route
X-Mvc-Supplant-Cachable
Pragrma
X-Vmg-Version
X-Ion-Healthy
Azure-Version
X-Vercel-Cache
X-Thanos
X-NMSegId
Click-Count-Action-Start
X-Esi-Check
Cache-Contol
X-GoCache-CacheStatus
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
C-Via
X-Gzip
Click-Count-Error
Fastly-Backend-Name
Content-Script-Type
Content-Style-Type
Origin-Site
Release
Nord-Request-ID
X-App-Name
Gh-Request-Id
X-Accel-Expires-Debug
V-Age
Tube-Return
NM-Fastcgi-Cache
RewriteTestHook
RewriteTeamHook
Producers
Platform
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
Machine
X-We-Are-Hiring
X-Cache-FS-Status
X-Bip
X-Backend-Instance
X-CacheTTL
X-Cache-Id
X-Vercel-Id
Fastly-Drupal-HTML
X-Parent-Response-Time
X-ZONE
Cdn-Host
X-B3-Trace-ID
X-Mvc-Supplant-OutputCached
S-Rt
Powered-By
Canary
We-Hiring
X-Wikidot-Static-Cache
CacheControlHeader
X-Wikidot-Backend
X-ElasticPress-Query
Mail-Subject
Cdn-Request-Time
X-Edge-Server
X-Proxied-Request
X-Litespeed-Cache-Control
X-Origin-Response-Time
Sid
X-Pad
X-Location
X-Upstream-Ht
X-Upstream-Ct
X-Cs
Debug
X-NGINX-Cache
Vix-Hermes-Req-Id
CloudFront-Viewer-Country
X-Cached-By
Pics-Label
NGX
X-Refresh
X-ND-Cache
Product
X-Via-Popn
X-Via-Popv
X-Nananana
X-Litespeed-Tag
Mime-Version
X-Via-Poph
X-TH-Server
X-Servedbyhost
X-HA-Backend
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-APP
HA-Ipaddr
X-FORWARDED-FOR
Server-ID
X-Client-Ip
Cookie
X-Cache-VC
X-Varnish-Hits
X-AIR-PT
Edge-Cache
GeoIp-Country-Code
X-DynaTrace-JS-Agent
X-Datadome
X-User
X-Wa
X-GeoIP
X-Nc
X-LB-ID
X-Fpc
X-Srv
X-Cdn-Forward
MIME-Version
X-Nginx-Cache
X-Nginx-Cache-Key
X-Debug-Service
X-B3-Parentspanid
Load-Balancing
SID
Sever-Int
HostName
X-LB-NoCache
True-Client-Country-4JS
WZWS-RAY
Akamai-Mon-Iucid-Del
Server-Ext
DataCenter
Server-Hostname
X-Zone
Cdn
Show-Do-Not-Sell-Link
X-Scheme
Surrogated-Key
X-Unity-Cache
X-Request-Start
Resin-Trace
Fastly-Drupal-Html
X-VCL-Version
Traceparent
X-B3-Spanid
X-Vc
X-CS
Tcn
X-Cache-Backend
X-LiteSpeed-Cache-Control
X-Lsadc-Cache
X-Newrelic-Synthetics
Lb
X-NodeID
X-Service-Response-Time
Sm-Log-Id
Wsr-Cache
X-Pool
X-Request-Host
X-RequestId
N1-Cache
X-Cache-Grace
X-Vgn-Hpd-Reason
Yjs-Id
X-HOST
NtCoent-Length
Yak-Timeinfo
X-LiteSpeed-Tag
X-Datacenter
X-HubSpot-Correlation-Id
X-CDN-Provider
Serverhost
X-TX-ID
X-DynaTrace
X-DataCenter
X-Ez-Minify-Html
X-Via-CDN
Datacenter
X-RateLimit-Limit
Edge-Copy-Time
Hostname
X-Udemy-Cache-App-Namespace
X-Via-Edge
X-Via-SSL
X-API-Version
X-Proxy-Cache-La3
Xkeylog
Cdn-Requestid
XkeyR9
CDN
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-Geolocation
X-WA
X-Proxy-CacheR9
X-Zen-Fury
A
Xkey-La3
X-Html-Minification-Powered-By
X-Dynatrace-Js-Agent
CountryCode
X-NC
X-Lb-Id
Req-ID
X-Jobs
X-Fastly-Backend-Reqs
X-Akamai-Pragma-Client-IP
X-FPC
X-ID
Cs
Uri
True-Client-IP
WP-Super-Cache
Esi-Enabled
Server-Id
GeoIP-Country-Code
X-Via-JSL
X-Cdn-Srv
X-TimeS
X-Srcache-Store-Status
X-VTEX-Cache-Time
X-Srcache-Fetch-Status
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
X-Ez-Minify-Js
RATING
On-Server
Proxy-Firewall
X-Stale
Geoip-Latitude
T-Server
X-VC-Age
X-ServedByHost
X-HA-Application-Name
Srv
X-Styx-Info
From-Cache
X-HA-Bot-Classification
X-Varnish-Beresp-TTL
X-HA-Device-Type
X-Styx-Origin-Id
Cr
X-Lb-Nocache
X-Swift-Error
Pramga
ServerHost
X-Oracle-DMS-ECID
WebServer
X-App
X-MSEdge-Flight
X-MSEdge-Features
Content-Secure-Policy
Cloudfront-Viewer-Country
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
X-Ha-Backend
X-TIM-N
X-WA-Info
X-CSRF-TOKEN
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Webkit-Csp-Report-Only
X-LAGOON
X-Ssense-Gql
Ngx
X-Correlation-ID
X-Ssense-Shipping-Surcharge-Enabled
W
X-Via-PopV
X-Var-Ttl
FSS-Cache
X-Via-PopN
X-Via-PopH
X-Fastly-Cache
X-Elasticpress-Query
X-Sorting-Hat-Shopid
BehaviorPad-Version
X-Shopid
X-Check-Cacheable
X-Cdn-Cache-Status
Cl-Cache
X-Web-Server
X-Ramcache
X-Sorting-Hat-Podid
X-Geo
X-Shardid
X-Wp-Cf-Super-Cache-Active
X-DC
X-Proxy-Cache-LA2
X-Wp-Cf-Super-Cache-Cookies-Bypass
Akamai-X-True-TTL
X-Serial
X-Sucuri-Id
X-Th-Server
X-Request-Url
X-ATG-Version
Cf-Ipcountry
X-Key
Xkey-G-Jp
User-Agent
X-Request-Time
Bxuuid
Bxpunish
X-Cache-TTL-Remaining
My-App
X-Nitro-Cache
X-Fastly-Cache-Hits
Cneonction
X-Env
Host-Name
X-Mg-Cache
FSS-Proxy
X-Fastly-Cache-Status