Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
X-Powered-By
Pragma
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Request-ID
X-Robots-Tag
X-Hacker
Keep-Alive
X-Amz-Version-Id
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-AH-Environment
X-Rq
X-Vhost
X-Cache-Group
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Litespeed-Cache
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Device
X-Node
X-Cache-Lookup
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Accept-Ch-Lifetime
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
P3p
X-Amz-Server-Side-Encryption
Cf-Request-Id
X-LiteSpeed-Cache
X-Ua-Device
Content-Location
Cross-Origin-Opener-Policy
X-Content-Type
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Request-Id
Service-Worker-Allowed
X-TraceId
X-Application-Context
Fastly-Restarts
X-Times
X-PC
X-Vname
X-TtlSet
X-Nf-Request-Id
Rating
X-Clacks-Overhead
X-Cnection
X-Element-Page-Cache
X-Mcache
X-Midtier
X-Edge
X-D2id
X-Vcap-Request-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-Browser-Type
X-FTR-Balancer
X-FTR-Expires
X-ESI
Origin-Trial
Edge-Control
X-Cache-TTL
X-FastCGI-Cache
Surrogate-Key
X-Oneagent-Js-Injection
X-Kinja-Server
X-NWS-LOG-UUID
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Powered-By-Plesk
X-Country
X-Navigation-Version
X-Abt-Application-Version
X-Ac
X-Upstream
X-Mod-Pagespeed
Verso
X-Amz-Rid
X-ORACLE-DMS-RID
X-B3-TraceId
X-Url
Akamai-GRN
Nginx-Cache
X-Language
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-GitHub-Request-Id
X-Middleton-Display
X-ECACHE
X-Sol
Display
Pagespeed
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
S
X-Envoy-Decorator-Operation
X-MS-InvokeApp
X-Middleton-Response
Response
AR-PoweredBy
AR-Request-ID
AR-ATIME
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Distributor
SPIisLatency
X-Ser
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-Resp-Is-Stale
X-Amzn-Trace-Id
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
X-Ttl
X-Ruxit-Js-Agent
Access-Control-Request-Method
X-NGENIX-Cache
X-Client-IP
X-T
X-Dw-Request-Base-Id
X-Shield-Request-Id
Front-End-Https
X-Content-Digest
X-Ezoic-Cdn
X-Recruiting
RTSS
X-Cache-Key
X-Varnish-TTL
Cache-Status
X-Version
X-Mg-S
X-Powered-CMS
X-Request-Device-Id
Public-Key-Pins
TP-Cache
X-HS-Content-Id
X-MSEdge-Ref
Fastcgi-Cache
X-HS-Hub-Id
X-HS-Cache-Config
X-Ismobilevalue
X-Accel-Expires
X-Request-Received
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Daa-Tunnel
Cache-Tags
AR-CACHE
X-Cached
X-Cluster-Name
X-Correlation-Id
Realpath
X-Id
Content-MD5
X-Meli-Trace-Bu
X-Content-Security-Policy-Report-Only
X-Meli-Trace-Site
X-Meli-Trace-Platform
X-Forwarded-For
X-HS-Combine-CSS
Ar-SID
X-Amz-Replication-Status
YJS-ID
X-Fastly-Request-ID
Payment
X-Ua-Browser
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-Newrelic-App-Data
X-HP-Webp
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Jurisdiction
X-Azure-Ref
X-COUNTRY
X-GUploader-UploadID
X-Xrds-Location
X-HS-Prerendered
X-HS-CF-Cache-Status
X-RateLimit-Remaining
X-Webkit-Csp
Content-Disposition
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-SRCache-Store-Status
X-Protected-By
X-SRCache-Fetch-Status
X-Ratelimit-Reset
MicrosoftSharePointTeamServices
X-Px
X-Az
X-Origin-Server
X-Unique-Id
X-Activity-Id
X-AppVersion
X-Page-Id
X-ORACLE-DMS-ECID
X-Amzn-RequestId
X-Rid
X-Logged-In
X-Amz-Apigw-Id
Cleartype
X-SERVER-NAME
X-Git-Hash
Cross-Origin-Resource-Policy
X-Amz-Meta-S3cmd-Attrs
X-Request-Handler-Origin-Region
Accept-Charset
X-Microsite
X-FB-Debug
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-Proxy
X-Www-Served-By
X-TTL
X-Load-Cache
Version
X-TEC-API-ROOT
X-LLID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Goog-Metageneration
X-Geo-Country
X-Forwarded-Proto
X-Template
X-Varnish-Backend
X-CST
X-PressLabs-Stats
X-Upgrade-Enabled
X-Hits
Server-Node
Server-Name
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-App-Server
X-Hostname
X-Content-Options
Healthy
X-Frontend
Access-Control-Allow-Method
Section-Io-Cache
Viewport
X-Varnish-Grace
X-Grace
X-Fb-Rlafr
X-Device-Type
X-TT
Fastly-SIE
Fastly-SWR
Alternate-Protocol
X-Varnish-Server
X-B
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Request-Guid
X-Status
X-Goog-Generation
TCN
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Contextid
Upgrade-Insecure-Requests
DC
Retry-After
X-Magnolia-Registration
AKAMAI-GRN
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
Host
X-Requestid
X-ProcessESI
X-RemovedCookies
X-Cache-Control
MS-Author-Via
X-Cache-Age
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-Hl-Ver
X-CSRF-Token
Frame-Options
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Origin-TTL
X-Origin-CC
X-Buckets
X-Varnish-Ttl
X-Debug
X-Revision
X-Type
X-Original-Request-Id
X-Response-Served-From
SD-X-WS
X-Oracle-Dms-Ecid
X-Mobile
X-Seen-By
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-ServerID
X-INCAP-ABP
X-Instance
X-G
X-Backend-Name
X-UUID
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Tumblr-User
X-NYM-Debug-Backend
X-Cache-Status-Check
X-Adobe-Loc
X-Adobe-Content
X-Is-Bot
X-N
X-Rendered-As
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-Akamai-Edgescape
Ms-Operation-Id
NGB
Section-Io-Id
X-AB
MS-CV
Access-Control-Request-Headers
X-Lambda-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Trace-Id
X-Akamai-Request-ID2
X-Content-Powered-By
X-Framework
X-Mg-Request-UUID
X-RTag
X-Debug-IsConnected
X-Debug-IsPreview
X-Server-W
X-RM-Cache-TTL
X-Storage
Charset
X-Vcl-Version
Cache
X-Dc
X-ECache
Webserver
Filterid
X-Yandex-Req-Id
X-DataDome
Paypal-Debug-Id
X-Request-Site
X-B3-SpanId
X-Request-Platform
Accept-Language
X-Request-Bu
X-Cache-Time
Refresh
X-Cache-Hit
X-URL
X-VC-Cache
X-Ms-Version
X-Tec-Api-Root
Xet-Cookie
X-Tec-Api-Origin
SRV
X-Tec-Api-Version
X-HITS
Onion-Location
X-Ms-Request-Id
X-Time
X-Node-Name
X-User-Agent
X-Region
X-F-Cache
X-Real-IP
YJS-CacheStatus
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
Liferay-Portal
CDN-RequestId
Priority
X-Fastcgi-Cache
X-HTML-Minification-Powered-By
GEO-INFO
X-IPS-LoggedIn
X-Mode
X-LB-Cache
X-Environment-Context
X-L-Path
X-VC
X-Service
X-Cacheable-TTL
Cross-Origin-Window-Policy
X-Pass-Why
X-Datadog-Parent-Id
X-Rule
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
X-Cache-Expired-At
X-Tb
X-Drupal-Cache-Tags
Country
X-SaId
Meta-Geo
X-Rewrite-Enabled
X-Rn-Rsrv
X-Origin
Backend
Protected
X-UPSTREAM-Address
X-JoinUs
X-Is-Mobile-Only
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Desktop
X-Geo-Region
X-Handled-By
X-Is-Tablet
X-Tcp-Rtt
X-Whom
X-Browser-Name
X-VCT
X-Wix-Request-Id
X-Origin-Cache
X-Adobe-Source
X-Is-Modern-Browser
Mn-Server-Ip
Apigw-Requestid
X-Generation-Time
X-Web-Node
X-Provided-By
X-Connection-Hash
X-Zipkin-Id
X-RateLimit-Remaining-Second
X-Extlb
X-RateLimit-Limit-Second
X-Proxied
X-Detected-As
X-FB-TRIP-ID
X-Cloudmap
Uber-Trace-Id
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Region
Url
Web-Mar-Node
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-DMA
Property-Id
X-Origin-Hint
X-Tncms
Fastcgi-Useragent
X-Proxy-Cache-Info
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-City
TWC-Device-Class
Expiry
X-WP-CF-Super-Cache-Active
X-Varnish-Beresp-Grace
X-Vcache
X-Servername
X-Routing-Service
X-Loop
X-Httpd
ServerID
X-RCS-CacheZone
X-Origin-Date
X-Skip-Cache
X-Shopify-Stage
X-Cdn-Origin
X-Soup
OT-Force-Account-Verify
X-Alternate-Cache-Key
X-Cluster
DB-Nickname
X-Logging-Id
X-Auth-Group-Type
X-Redis-Cache
X-Cache-Action
LB
X-Cms-Context
X-Locale
ServedBy
X-Storefront-Renderer-Rendered
X-App-Environment
X-Mly-Id
X-Hit
X-Forwarded-Host
X-Director
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Format
X-Fetched-On
X-MP-GENERATED-AT
X-Hosted-By
Atl-Traceid
X-FW-Type
X-FW-Serve
X-Say-TTL
X-FW-Server
X-Say-Cacheable
X-Restarts
X-Api-Version
X-FW-Static
X-FW-Hash
X-FW-Version
X-FW-Dynamic
X-SayCDN-TTL
X-Served-From
X-Scope-Id
X-Cache-Host
X-NewRelic-App-Data
Environment
Locale
X-Cluster-Node
X-Edge-Location
X-Endurance-Cache-Level
X-Debug-Info
Cache-Hits
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Drupal-Cache-Contexts
X-Labrador-Cache-Channel
X-Cache-Debug
X-S
X-PHP-Host
Filters
X-Server-ID
X-IPLB-Instance
X-IPLB-Request-ID
X-R9-Blue-Green-Version
Node
X-XRDS-Location
Front
X-Platform
AR-SID
Countrycode
X-GEO
X-CDN-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Optimistic-Header
X-No-Session
X-CDN-Forward
X-Tt-Logid
Xserver
X-UA
X-ShardId
X-Varnish-Age
WPO-Cache-Status
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-Fastly-Request-Id
X-Lagoon
X-Varnish-Beresp-Ttl
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Tv-Group
X-Varnish-Cache-Hits
X-Generated-By
X-Presslabs-Stats
X-Wormhole-Sdk
X-SRV
X-B3-Traceid
X-NWS-UUID-VERIFY
X-Signature
X-B-Cache
X-CACHE-AGE
AMP-Access-Control-Allow-Source-Origin
Referer-Policy
X-Webstats-RespID
X-Client-Ip
X-Site-Version
X-Azure-Ref-OriginShield
From-Origin
Request-ID
X-Ua
X-Cache-Operation
X-Cache-Rule
Cache-Provider
X-PHP-Backend
X-IsAdmin
Expect-Staple
X-Accel-Version
X-Clientip
X-SRCache-Key
X-VWS-Id
X-Auto-Login
X-LJ-Flow-ID
X-AWS-Id
X-NF-Request-ID
X-Worker
Location
We-Hiring
Mail-Subject
Fl-Custom-Application
X-TA-CDN-Provider
X-VC-TTL
X-Bc-Bl
X-Tx-Id
X-Upstream-Ct
X-Upstream-Ht
Host-ID
X-B-Cookie
CloudFront-Viewer-Country
X-Application
S-Rt
Lang
X-A-Dgt
DCR-Processing-Time-Ms
X-A-Dcw
X-ApacheServer
X-A-Dam
X-A-Ccd
MD5-Digest
X-D
Sid
N-Cache
X-BCube-Filmed-By
X-Cache-NE
Pragrma
X-A
WPO-Cache-Message
Redirect-Candidate
X-Bl-Debug
Sslversion
Rendered-Blocks
X-A-Wwc
Candidate-Md5Url
Ngx.Var.Host
Source
X-Tb-Optimization-Total-Bytes-Saved
Origin
X-Aed
Origin-Agent-Cluster
X-Conf
X-Content-Age
Meta-Geo-Continent
X-Destination
X-Ig-Push-State
X-Vtex-Remote-Cache
X-Loc
X-External-Request-Id
X-Ig-Origin-Region
X-Vdms-Version
X-ScT
X-GeoCountry
X-Org
X-PERF
X-Server-IP
X-Developer
DCR-Decision-By
X-Ec-Fail
X-Ec-GeoHdr
Xc-Version
X-Rojux
X-S-Cookie
X-GeoCode
X-Litespeed-Cache-Control
X-Xfnlog-Site
X-Sigma-Backend
Web-Mar-Region
Wxu-Next-Commit
Time-Cloud-Cache
Store-Cloud-Cache
X-SIPLIST1
Ha-Gx-Prefs
Gh-Request-Id
Wxu-Next-Hostname
X-SD-PageType
Fastly-SSL
X-ND-Cache
X-Section
X-Sigma
Wxu-Next-Region
Gannett-Cam-Experience-Id
ServerName
RNT-Time
X-Varnish-Authentication
X-VG-TLSProxy
Log-Origin
X-Varnish-Beresp-Status
Odigeo-Trace-Id
X-Varnish-Director
X-Vary-Devices
Origin-Site
Powered-By
RNT-Machine
L5d-Success-Class
IsBot
X-Slack-Backend
X-VG-WebCache
X-V-Cache
X-Slack-Shared-Secret-Outcome
X-Varnish-Hostname
X-Origin-Expires
X-CGP
X-Fmm-Version
X-Cms-Device
X-FC-Vary-Parameters
X-Forwarded-Site
X-From
X-Cache-Aspx
X-Cache-FS-Status
X-Gamma-Serve
X-Contensis-Viewer-Groups
X-Eu-Site
X-Csrf-Jwt
X-Ee-Generated-By
X-CUA
X-Ee-Origin
X-Ee-Request-Date
X-Core-Value
X-Epic-Correlation-Id
X-Ee-Request-Id
X-Bug-Bounty
X-GeoIP-City
X-Old-Content-Length
X-Node-Id
X-Mvc-Supplant-Cachable
X-Depends
X-PAYTM-SRV-ID
X-Rocket-Build-Number
X-Req
X-Policy
X-Micro-Cache
X-Access
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Hash
X-HS-Content-Campaign-Id
X-Aicache-OS
X-AK-Request-ID
X-Internal-TTL
X-Save-Cache
X-Action
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullSuccess
CDN-Uid
Cdncip
CF-IPCountry
CDN-EdgeStorageId
CDN-CachedAt
Apple-News-Services-Handled
X-Sucuri-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
CDN-Cache
Canary
Cdnsip
Apple-News-Services-Request-Url
Cluster
X-Reqid
X-Parent-Response-Time
X-NGINX-Cache
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Nyt-Route
X-Debug-Cache-Store
X-Men
X-Acquia-Purge-Cdn-Unconfigured
X-DefHash
X-Accel-Expires-Debug
X-AB-Test
X-DefElseHash
X-Origin-Time
X-Debug-Cache-Fetch
User-Cache-Control
X-Pubstack
X-Region-Sid
X-Render-Time
V-Age
Vix-Hermes-Req-Id
X-Path
X-Level-Front-Cache
X-Proto
Content-Script-Type
Content-Style-Type
X-Op-Id-All
X-Ion-Hop
X-Gdpr
X-Block-Status
X-Bip
X-Gen-Mode
X-Generated-On
X-Frame-Option
X-FORWARDED-FOR
X-Fastly-Backend
X-Ec-Custom-Error
X-Cs
X-Cache-Date
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Human
X-Akamai-Device-Characteristics
X-Ion-Healthy
X-Request-URI
X-Air-Pt
X-Amz-Storage-Class
X-Dispatcher-Server
X-App-Name
X-HN
X-Hnp-Log
X-Jungle-Id
X-CacheTTL
Cmstype
NM-Fastcgi-Cache
X-Varnish-CookieHashed-On
X-Wikidot-Static-Cache
DSUID
Nord-Request-ID
X-Uri
Origin-EX
Origin-CC
CDCHOST
X-Up
X-Varnish-CookieINHashed-On
X-Wikidot-Backend
X-Vmg-Version
X-VarnishDD-TTL
X-Viewer-Country
X-Via-Fastly
X-Date
Fastly-Backend-Name
L
Machine
X-Varnish-Remaining-TTL
X-We-Are-Hiring
Cmsid
Country-Code
PFcat
X-Shield-Cache-Expires
Azure-RegionName
Server-Host
Azure-SiteName
Azure-SlotName
X-SB
Azure-InstanceId
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Content-Length
RewriteTestHook
RewriteTeamHook
Cache-Contol
X-Thinkindot-L1
X-Thinkindot-L3
X-UA-Device-Type
Pics-Label
X-Thanos
X-SVT-ORM-VERSION
X-Sn-Servicetimems
Req-Svc-Chain
X-SVT-ORM-RULES
Release
Azure-Version
X-DPWN-IS-SECURE
X-Edge-Server
X-Proxied-Request
X-Vercel-Id
X-ZONE
X-Vercel-Cache
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Esi-Check
X-Gzip
X-Location
X-ElasticPress-Query
X-Moov-T
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
Tube-Return
X-Cache-Id
X-B3-Trace-ID
C-Via
Producers
Click-Count-Error
Fastly-GeoIP-CountryCode
Click-Count-Action-Start
Cdn-Request-Time
CacheControlHeader
Platform
X-LSADC-Cache
Cdn-Host
X-Source
Mime-Version
X-Origin-Response-Time
XM
Fastly-Drupal-HTML
X-Sucuri-ID
X-Pad
NGX
Load-Balancing
X-Cached-By
Debug
X-Refresh
Cookie
X-APP
X-Varnish-Hits
X-Nginx-Cache-Key
X-Via-Popv
X-Datadome
X-Servedbyhost
X-Debug-Service
GeoIP-Latitude
X-Via-Popn
X-Via-Poph
GeoIp-Country-Code
True-Client-Country-4JS
X-DynaTrace-JS-Agent
Server-ID
X-TH-Server
X-Srv
X-Nananana
Product
X-HA-Backend
HA-Ipaddr
X-AIR-PT
Server-Ext
Sever-Int
Server-Hostname
X-Webkit-CSP
X-TT-LOGID
X-Litespeed-Tag
Cdn
Show-Do-Not-Sell-Link
X-Amz-Meta-Cb-Modifiedtime
Traceparent
X-Cdn-Forward
X-Fpc
X-Nc
X-Zone
X-Wa
X-Cache-Backend
X-Ez-Minify-Html
X-Cache-VC
WZWS-RAY
X-GeoIP
X-Newrelic-Synthetics
X-LB-ID
X-Unity-Cache
X-User
HostName
DataCenter
Edge-Cache
X-B3-Parentspanid
Fastly-Drupal-Html
MIME-Version
SID
Tcn
X-VCL-Version
X-Lsadc-Cache
X-Request-Start
Resin-Trace
Lb
X-CDN-Provider
X-LB-NoCache
X-AC
Akamai-Mon-Iucid-Del
X-Vc
Yjs-Id
X-B3-Spanid
X-Nginx-Cache
X-Service-Response-Time
X-Proxy-Cache-La3
X-Scheme
Serverhost
Xkey-La3
Xkeylog
XkeyR9
A
X-Proxy-CacheR9
Sm-Log-Id
Wsr-Cache
X-TX-ID
X-Datacenter
CountryCode
X-LiteSpeed-Tag
X-HOST
Cs
Surrogated-Key
X-Lb-Id
X-Pool
Hostname
X-RateLimit-Limit
NtCoent-Length
X-Request-Host
X-CS
X-LiteSpeed-Cache-Control
X-Dynatrace-Js-Agent
X-WA
Esi-Enabled
X-Akamai-Pragma-Client-IP
CDN
Datacenter
Cdn-Requestid
X-NodeID
Uri
X-HubSpot-Correlation-Id
X-RequestId
X-API-Version
X-Fastly-Backend-Reqs
X-FPC
X-Cache-Grace
X-Udemy-Cache-App-Namespace
X-Vgn-Hpd-Reason
X-Aspnet-Version
X-NC
X-ID
X-VC-Age
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Styx-Info
Cr
X-DynaTrace
Yak-Timeinfo
X-Styx-Origin-Id
Pramga
X-Stale
X-Via-JSL
Server-Id
X-HA-Application-Name
Proxy-Firewall
Content-Secure-Policy
X-DataCenter
X-HA-Bot-Classification
X-Html-Minification-Powered-By
X-HA-Device-Type
X-TIM-N
N1-Cache
X-CSRF-TOKEN
X-TimeS
X-Srcache-Store-Status
X-Ez-Minify-Js
T-Server
Geoip-Latitude
ServerHost
X-Via-Edge
RATING
Edge-Copy-Time
X-Var-Ttl
X-Via-CDN
GeoIP-Country-Code
X-Via-SSL
X-Srcache-Fetch-Status
X-Lb-Nocache
W
Srv
From-Cache
X-ServedByHost
X-Varnish-Beresp-TTL
Req-ID
X-Swift-Error
X-Jobs
X-Zen-Fury
X-Geolocation
X-Ha-Backend
X-Aspnetmvc-Version
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Oracle-DMS-ECID
X-MSEdge-Flight
X-App
X-MSEdge-Features
X-Via-PopV
X-Via-PopN
True-Client-IP
X-CACHE-KEY
WP-Super-Cache
X-Via-PopH
Cloudfront-Viewer-Country
X-LAGOON
X-Shopid
X-Sorting-Hat-Shopid
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-Sorting-Hat-Podid
X-Shardid
X-Proxy-Cache-LA2
On-Server
X-Cdn-Srv
X-ByteArk-Cache
X-Correlation-ID
X-ByteArk-ReqID
X-Ssense-Gql
Ohc-File-Size
Ohc-Cache-HIT
X-Ramcache
FSS-Cache
X-VServer
X-Ssense-Shipping-Surcharge-Enabled
X-Key
Cl-Cache
X-Elasticpress-Query
CF-Cached-On
X-Powered-By-VTEX-Cache
Ngx
X-Cdn-Cache-Status
X-Sucuri-Id
X-Web-Server
X-Webkit-Csp-Report-Only
X-VTEX-Cache-Time
X-Check-Cacheable
X-VTEX-Cache-Server
X-Geo
X-Fastly-Cache
X-Serial
X-DC
WebServer
X-Th-Server
X-ATG-Version
X-PageType
Akamai-X-True-TTL
X-NODE
X-Iplb-Instance
X-Iplb-Request-Id
Cf-Ipcountry
X-MiniProfiler-Ids
My-App
Warning
Xkey-G-Jp
X-Beacon
X-Limited
Coldstone-Viewer-Currency
X-Fastly-Cache-Status
X-WA-Info
Coldstone-Viewer-Country-Region-Name
X-Mg-Cache
X-Env
Coldstone-Viewer-Country
FSS-Proxy
Cneonction
X-Request-Url
Host-Name
User-Agent