Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-XSS-Protection
X-Cache
Via
X-Powered-By
Pragma
CF-RAY
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
CF-Ray
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Envoy-Upstream-Service-Time
X-Generator
X-FRAME-OPTIONS
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-CONTENT-TYPE-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Accept-Ch
Timing-Allow-Origin
X-XSS-PROTECTION
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Status
Content-Encoding
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Age
Request-Context
X-Backend
X-Amz-Version-Id
Cf-Edge-Cache
X-Hacker
X-Robots-Tag
Keep-Alive
Cf-Apo-Via
X-Via
X-Turbo-Charged-By
CONTENT-SECURITY-POLICY
X-Vhost
X-AH-Environment
X-Server
X-Rq
X-Dispatcher
X-Request-ID
X-Cache-Group
X-Proxy-Cache
X-Ws-Request-Id
EagleId
X-Varnish-Cache
X-UA-Device
X-Litespeed-Cache
Grace
Pantheon-Trace-Id
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Page-Speed
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Device
X-FTR-Request-ID
Ali-Swift-Global-Savetime
X-Node
X-Host
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
P3p
Cf-Railgun
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
X-HW
Cache-Tag
X-Response-Time
X-Amz-Server-Side-Encryption
Accept-Ch-Lifetime
X-Ua-Device
X-Content-Type
Content-Location
X-LiteSpeed-Cache
Cross-Origin-Opener-Policy
X-Nginx-Cache-Status
X-Element-Page-Cache
X-Nginx-Upstream-Cache-Status
X-D2id
Request-Id
X-Rack-Cache
X-Application-Context
X-Trace
Service-Worker-Allowed
X-TraceId
Fastly-Restarts
X-Oneagent-Js-Injection
X-Nf-Request-Id
X-Times
X-Vname
X-TtlSet
X-PC
X-Navigation-Version
Rating
X-Clacks-Overhead
X-Cnection
X-Country
X-Mcache
X-Edge
X-Midtier
X-Vcap-Request-Id
X-Browser-Type
Origin-Trial
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
Edge-Control
X-FTR-Expires
X-ESI
X-Cache-TTL
X-Url
Surrogate-Key
X-NWS-LOG-UUID
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-FastCGI-Cache
X-Exp-Id
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Amz-Rid
X-Mod-Pagespeed
X-Upstream
X-ECACHE
X-Request-Device-Id
Verso
X-B3-TraceId
X-ORACLE-DMS-RID
X-Language
X-MS-InvokeApp
X-Meli-Trace-Bu
Nginx-Cache
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Meli-Trace-Site
X-Meli-Trace-Platform
X-Amzn-Trace-Id
X-GitHub-Request-Id
X-Middleton-Display
Display
X-Sol
Pagespeed
S
X-T
Akamai-GRN
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Envoy-Decorator-Operation
SPIisLatency
AR-ATIME
SPRequestDuration
AR-PoweredBy
AR-Request-ID
SPRequestGuid
X-SharePointHealthScore
Response
X-Middleton-Response
Edge-Cache-Tag
X-Distributor
X-Ruxit-Js-Agent
X-Goog-Hash
X-Ratelimit-Limit
X-Resp-Is-Stale
X-Ser
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
Access-Control-Request-Method
X-Request-Processing-Time
X-Request-Received
Front-End-Https
X-NGENIX-Cache
X-Shield-Request-Id
X-Dw-Request-Base-Id
RTSS
X-Client-IP
X-Ezoic-Cdn
X-Content-Digest
X-Recruiting
X-Cache-Key
X-Varnish-TTL
Cache-Status
Ar-SID
X-Amz-Replication-Status
X-Version
YJS-ID
X-Mg-S
X-Ttl
X-Newrelic-App-Data
X-Ismobilevalue
Public-Key-Pins
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Accel-Expires
TP-Cache
X-Powered-CMS
X-Correlation-Id
Fastcgi-Cache
X-MSEdge-Ref
X-Fastly-Request-ID
Cache-Tags
AR-CACHE
X-Cached
X-Cluster-Name
Arr-Disable-Session-Affinity
Realpath
X-Id
X-Daa-Tunnel
X-Content-Security-Policy-Report-Only
Content-MD5
X-Server-Name
X-RateLimit-Remaining
X-HS-Combine-CSS
X-Azure-Ref
X-Jurisdiction
X-Ua-Browser
Payment
X-Cambria-Cache-Control
X-HP-Webp
X-HP-Trace-Id
X-DIS-Request-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TTL
X-Xrds-Location
X-HS-CF-Cache-Status
X-HS-Prerendered
X-Amz-Apigw-Id
X-GUploader-UploadID
X-Amzn-RequestId
MicrosoftSharePointTeamServices
X-Forwarded-For
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-Disposition
X-Px
X-Protected-By
Count-Hit
X-Ratelimit-Reset
X-Unique-Id
X-AppVersion
X-Activity-Id
X-Az
X-Page-Id
X-Origin-Server
Cross-Origin-Resource-Policy
X-Logged-In
X-Rid
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
X-TEC-API-ORIGIN
Cleartype
X-Git-Hash
X-TEC-API-VERSION
X-Proxy
X-TEC-API-ROOT
X-VARITI-CCR
X-FB-Debug
Cross-Origin-Embedder-Policy
X-Microsite
X-Request-Handler-Origin-Region
X-Www-Served-By
X-Hits
X-Ratelimit-Remaining
Version
X-Load-Cache
X-ORACLE-DMS-ECID
X-Geo-Country
X-LLID
X-Goog-Metageneration
X-Forwarded-Proto
X-Template
X-COUNTRY
X-Varnish-Backend
X-Upgrade-Enabled
X-PressLabs-Stats
X-WebKit-CSP-Report-Only
X-B3-Sampled
Server-Node
AKAMAI-GRN
X-Requestid
X-App-Server
X-RemovedCookies
Server-Name
X-ProcessESI
X-Hostname
Healthy
Access-Control-Allow-Method
X-Content-Options
X-TT
X-Frontend
X-Varnish-Grace
Viewport
X-B
X-Grace
Section-Io-Cache
Fastly-SWR
X-Fb-Rlafr
X-Device-Type
X-Request-Guid
Fastly-SIE
Alternate-Protocol
X-Varnish-Server
X-Cache-Age
X-Contextid
X-Hl-Ver
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Status
X-CSRF-Token
DC
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-SERVER-NAME
Upgrade-Insecure-Requests
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-CST
X-EdgeConnect-Cache-Status
TCN
MS-Author-Via
X-App-Version
Xet-Cookie
X-Cache-Control
Frame-Options
Host
X-Yandex-Req-Id
Retry-After
X-Varnish-Ttl
X-Oracle-Dms-Ecid
X-Origin-TTL
X-Origin-CC
X-Type
X-Revision
X-Original-Request-Id
X-Response-Served-From
VIX-Pulpo-Node
X-AB
VIX-Pulpo-Upstream-Status
SD-X-WS
X-G
X-Debug
X-ServerID
X-Mobile
X-Buckets
X-Adobe-Content
X-Seen-By
X-Adobe-Loc
X-UUID
X-Akamai-Edgescape
X-Backend-Name
X-INCAP-ABP
X-Instance
X-N
X-Akamai-Request-ID2
X-Is-Bot
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Status-Check
X-Lambda-Id
X-NYM-Debug-Backend
Access-Control-Request-Headers
X-Tumblr-Pixel
Cache
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Debug-IsPreview
X-Tumblr-User
X-Tumblr-Pixel-0
X-Rendered-As
X-Tumblr-Pixel-1
X-Cacheable-TTL
X-Debug-IsConnected
X-RM-Cache-TTL
Ms-Operation-Id
X-WP-CF-Super-Cache-Cache-Control
X-Tt-Trace-Tag
X-Mg-Request-UUID
X-Tt-Trace-Host
MS-CV
X-RTag
X-Trace-Id
X-Framework
X-Content-Powered-By
X-WP-CF-Super-Cache
Amp-Access-Control-Allow-Source-Origin
NGB
Section-Io-Id
X-Server-W
X-Storage
Selected-Fe
Charset
X-Proxy-Build
X-Timing-Wait
X-Dc
YJS-CacheStatus
X-Fastcgi-Cache
Paypal-Debug-Id
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-B3-SpanId
Webserver
Filterid
X-VC-Cache
X-Vcl-Version
Onion-Location
Accept-Language
X-Ms-Version
X-Ms-Request-Id
Front
X-Cache-Time
X-DataDome
X-VC
Refresh
X-User-Agent
X-F-Cache
X-Cache-Hit
Apigw-Requestid
SRV
X-Time
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Node-Name
X-Region
X-Real-IP
X-Server-ID
Priority
Liferay-Portal
X-Origin-Cache
X-Mly-Id
X-Request-Site
X-Environment-Context
X-L-Path
X-Request-Bu
GEO-INFO
X-Request-Platform
X-Service
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Api-Version
X-Mode
X-HTML-Minification-Powered-By
X-CLOUD-TRACE-CONTEXT
X-Rocket-Nginx-Serving-Static
CDN-RequestId
X-Rule
X-Origin
X-LB-Cache
X-Optimistic-Header
X-Webkit-Csp
X-Rn-Rsrv
X-Tb
X-Rewrite-Enabled
X-UPSTREAM-Address
Backend
Country
X-VCT
X-SaId
X-Tt-Logid
Meta-Geo
X-IPS-LoggedIn
X-JoinUs
X-Drupal-Cache-Tags
X-Geo-Region
X-Adobe-Source
X-Is-Desktop
X-Browser-Name
X-Handled-By
X-Is-Supported-Browser
X-Is-Mobile-Only
X-Is-Modern-Browser
X-Wix-Request-Id
X-Tcp-Rtt
X-Cache-Expired-At
X-Is-Tablet
X-Datadog-Trace-Id
X-Is-Mobile
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Whom
Countrycode
X-Provided-By
Cross-Origin-Window-Policy
X-Web-Node
Mn-Server-Ip
X-Pass-Why
X-Generation-Time
TWC-Connection-Speed
X-Cdn-Origin
X-Shopify-Stage
X-Detected-As
X-Connection-Hash
X-WP-CF-Super-Cache-Active
Webcakes-Region
X-HITS
X-Cloudmap
X-S
Webcakes-App-Name
X-RateLimit-Remaining-Second
Webcakes-App-Version
X-RCS-CacheZone
X-Alternate-Cache-Key
TWC-GeoIP-DMA
X-Platform
X-Routing-Service
Web-Mar-Node
X-Servername
X-Cache-Action
TWC-Device-Class
Uber-Trace-Id
Url
X-Proxy-Cache-Info
X-Varnish-Beresp-Grace
X-Tncms
X-Httpd
TWC-Locale-Group
X-Vcache
TWC-GeoIP-Country
OT-Force-Account-Verify
TWC-GeoIP-LatLong
TWC-GeoIP-Region
X-Loop
X-Origin-Date
X-Origin-Hint
X-Hit
X-Proxied
X-Extlb
X-FB-TRIP-ID
Expiry
X-RateLimit-Limit-Second
TWC-GeoIP-City
ServerID
Property-Id
X-Forwarded-Host
TWC-Privacy
X-Zipkin-Id
Fastcgi-Useragent
X-Storefront-Renderer-Rendered
X-Skip-Cache
X-Tumblr-Pixel-2
X-Soup
X-Redis-Cache
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Urbn-Context-Path
Node
X-Cms-Context
X-Urbn-Site-Id
X-Logging-Id
X-Locale
X-Cache-Host
X-Cache-Debug
X-Auth-Group-Type
X-Cluster
X-Director
X-Hosted-By
X-Format
X-Fetched-On
X-App-Environment
DB-Nickname
Protected
Atl-Traceid
Environment
Locale
Cache-Hits
AMP-Access-Control-Allow-Source-Origin
ServedBy
X-Say-TTL
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-Debug-Info
X-Edge-Location
X-Endurance-Cache-Level
X-FW-Hash
X-FW-Serve
X-Labrador-Cache-Channel
X-Scope-Id
X-SayCDN-TTL
X-Say-Cacheable
X-Restarts
X-Served-From
X-Cluster-Node
X-XRDS-Location
X-PHP-Host
X-FW-Version
X-FW-Type
X-IPLB-Instance
X-Drupal-Cache-Contexts
X-IPLB-Request-ID
Filters
X-CDN-Forward
LB
X-R9-Blue-Green-Version
Xserver
WPO-Cache-Status
X-GEO
X-Client-Ip
X-CDN-Cache-Status
Request-ID
X-No-Session
X-NWS-UUID-VERIFY
X-ECache
X-Presslabs-Stats
X-Ua
X-WP-CF-Super-Cache-Cookies-Bypass
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Ttl
X-ShardId
X-Varnish-Age
X-ShopId
X-Sorting-Hat-PodId
Expect-Staple
CloudFront-Viewer-Country
X-Clientip
X-SRCache-Key
X-Varnish-Cache-Hits
X-Generated-By
X-Lagoon
We-Hiring
Mail-Subject
X-Signature
Cache-Tv-Group
X-Cache-FS-Status
X-B-Cache
X-Upstream-Ht
X-Upstream-Ct
Referer-Policy
X-TA-CDN-Provider
X-Azure-Ref-OriginShield
X-PHP-Backend
X-B3-Traceid
X-IsAdmin
X-SRV
X-Cache-Rule
X-Cache-Operation
X-FORWARDED-FOR
X-Webstats-RespID
X-Cs
X-UA
X-Auto-Login
X-Site-Version
Location
From-Origin
X-Worker
X-LSADC-Cache
Fl-Custom-Application
Cache-Provider
X-Server-IP
X-Bc-Bl
DCR-Decision-By
S-Rt
X-Tb-Optimization-Total-Bytes-Saved
Origin-Agent-Cluster
Candidate-Md5Url
Source
DCR-Processing-Time-Ms
Host-ID
X-A-Dcw
X-External-Request-Id
X-GeoCode
X-GeoCountry
X-Ig-Origin-Region
X-Ec-GeoHdr
X-Ec-Fail
X-D
X-Destination
X-Developer
X-Ig-Push-State
X-Loc
X-ScT
X-Vdms-Version
X-Vtex-Remote-Cache
Xc-Version
X-S-Cookie
X-Rojux
X-ND-Cache
X-Org
X-PERF
X-Content-Age
X-Conf
Pragrma
Redirect-Candidate
Rendered-Blocks
Sslversion
Origin
Ngx.Var.Host
MD5-Digest
Meta-Geo-Continent
N-Cache
X-A
X-A-Ccd
X-B-Cookie
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-NE
X-Application
X-ApacheServer
X-A-Dam
X-A-Dgt
X-Aed
Lang
X-A-Wwc
Mime-Version
X-VWS-Id
X-AWS-Id
WPO-Cache-Message
X-LJ-Flow-ID
X-Accel-Version
Sid
X-Xfnlog-Site
X-CGP
X-Cms-Device
X-Contensis-Viewer-Groups
X-CacheTTL
X-Cache-Aspx
X-Bug-Bounty
X-AK-Request-ID
X-Core-Value
X-DefElseHash
X-Ee-Origin
X-Ee-Request-Date
X-Ee-Request-Id
X-Epic-Correlation-Id
X-Ee-Generated-By
X-Dispatcher-Server
X-CUA
X-Aicache-OS
X-DefHash
X-Depends
X-Csrf-Jwt
Wxu-Next-Region
Origin-Site
Powered-By
X-Litespeed-Cache-Control
RNT-Machine
Odigeo-Trace-Id
NM-Fastcgi-Cache
Ha-Gx-Prefs
IsBot
L5d-Success-Class
Log-Origin
RNT-Time
Server-Host
Wxu-Next-Commit
Wxu-Next-Hostname
X-Eu-Site
X-Access
Web-Mar-Region
Vix-Hermes-Req-Id
ServerName
Store-Cloud-Cache
Time-Cloud-Cache
X-Action
X-Gamma-Serve
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Up
X-SIPLIST1
X-Sigma-Backend
X-Save-Cache
X-SD-PageType
X-Section
X-Sigma
X-V-Cache
X-Varnish-Authentication
X-Varnish-Remaining-TTL
X-Vary-Devices
X-VG-TLSProxy
X-VG-WebCache
X-Varnish-Hostname
X-Varnish-Director
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Rocket-Build-Number
X-Req
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hash
X-GeoIP-City
Gh-Request-Id
X-Fmm-Version
X-Forwarded-Site
X-From
X-HS-Content-Campaign-Id
X-Internal-TTL
X-Old-Content-Length
X-Origin-Expires
X-PAYTM-SRV-ID
X-Policy
X-Node-Id
X-NMSegId
X-Men
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-Fastly-Backend
Cluster
CDN-CachedAt
CDN-EdgeStorageId
X-VC-TTL
Apple-News-Services-Request-Url
CDN-RequestPullSuccess
Cdncip
CDN-Cache
CDN-Uid
Canary
Fastly-SSL
CDN-RequestCountryCode
Apple-News-Services-Handled
Gannett-Cam-Experience-Id
Load-Balancing
Country-Code
CDN-RequestPullCode
CDN-PullZone
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cdnsip
X-CACHE-AGE
X-Parent-Response-Time
X-Tx-Id
X-Cached-By
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
X-Esi-Check
X-Via-Fastly
Azure-InstanceId
X-Date
Cdn-Host
X-Content-Length
X-Cache-Id
X-Cache-Date
X-Block-Status
Cdn-Request-Time
CDCHOST
X-Frame-Option
X-DPWN-IS-SECURE
X-Ec-Custom-Error
Cache-Contol
X-Uri
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Edge-Server
X-HN
X-Vercel-Cache
X-Request-URI
X-SB
X-VarnishDD-TTL
X-Reqid
X-Vercel-Id
X-Pubstack
X-Region-Sid
X-Render-Time
X-URL
X-Shield-Cache-Expires
X-Thinkindot-L1
X-Thinkindot-L3
X-UA-Device-Type
X-Thanos
X-SVT-ORM-VERSION
X-ZONE
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Proto
X-Path
X-Human
X-Ion-Healthy
X-Ion-Hop
X-Jungle-Id
X-Hnp-Log
X-Bip
X-Gen-Mode
X-Generated-On
X-Gzip
X-Level-Front-Cache
X-Wikidot-Static-Cache
X-Op-Id-All
X-Viewer-Country
X-Origin-Time
X-Vmg-Version
X-Nyt-Route
X-Mvc-Supplant-OutputCached
X-Wikidot-Backend
X-We-Are-Hiring
X-Gdpr
CacheControlHeader
User-Cache-Control
Thinkindot-CacheControl-Type
PFcat
Thinkindot-CacheControl
V-Age
Content-Script-Type
X-AB-Test
Cmsid
Cmstype
Producers
TDXMobile
Machine
Fastly-Backend-Name
Origin-CC
Origin-EX
Release
Req-Svc-Chain
Nord-Request-ID
Pics-Label
DSUID
RewriteTestHook
RewriteTeamHook
X-Accel-Expires-Debug
Content-Style-Type
X-Backend-Instance
X-Akamai-Device-Characteristics
L
X-App-Name
X-Amz-Storage-Class
X-BBC-Edge-Cache-Status
X-Acquia-Purge-Cdn-Unconfigured
Platform
X-NF-Request-ID
X-NewRelic-App-Data
Tube-Return
X-Moov-Xdn-Version
X-Proxied-Request
Tube-Got-Results
Click-Count-Error
X-Location
X-Moov-T
X-Moov-Xdn-Caching-Status
CF-IPCountry
Fastly-GeoIP-CountryCode
Tube-Get-Contents
Click-Count-Action-Start
Tube-Got-Eval
X-B3-Trace-ID
C-Via
X-NGINX-Cache
X-ElasticPress-Query
Cookie
X-Fastly-Request-Id
X-Pad
X-Datadome
X-Via-Poph
X-Via-Popn
X-Debug-Service
X-Sucuri-ID
X-Nginx-Cache-Key
XM
X-Origin-Response-Time
X-Via-Popv
Fastly-Drupal-HTML
True-Client-Country-4JS
X-Srv
NGX
Sever-Int
Server-Hostname
Server-Ext
X-AIR-PT
X-HA-Backend
X-Varnish-Hits
X-Webkit-CSP
Show-Do-Not-Sell-Link
AR-SID
Debug
X-Refresh
Traceparent
X-Air-Pt
X-Ez-Minify-Html
X-Cache-Backend
X-APP
Server-ID
X-Unity-Cache
X-Nananana
GeoIP-Latitude
X-TH-Server
X-Servedbyhost
GeoIp-Country-Code
X-LB-ID
X-DynaTrace-JS-Agent
HostName
DataCenter
Product
HA-Ipaddr
X-Fpc
WZWS-RAY
Tcn
Cdn
X-Amz-Meta-Cb-Modifiedtime
X-B3-Parentspanid
X-Zone
Fastly-Drupal-Html
X-Cdn-Forward
X-Wormhole-Sdk
X-Litespeed-Tag
X-VCL-Version
X-Newrelic-Synthetics
X-AC
X-Wa
X-Nc
X-GeoIP
X-Cache-VC
X-CDN-Provider
Lb
X-Nginx-Cache
X-Source
SID
Xkeylog
Serverhost
A
X-User
XkeyR9
Xkey-La3
X-Proxy-CacheR9
Edge-Cache
X-Proxy-Cache-La3
X-TX-ID
CountryCode
X-Vc
X-Datacenter
Cs
X-B3-Spanid
NtCoent-Length
X-RateLimit-Limit
X-Request-Start
Resin-Trace
Cdn-Requestid
X-LB-NoCache
X-WA
Esi-Enabled
Akamai-Mon-Iucid-Del
X-Service-Response-Time
X-LiteSpeed-Tag
Sm-Log-Id
CDN
X-API-Version
X-LiteSpeed-Cache-Control
X-TT-LOGID
X-VC-Age
X-Aspnet-Version
X-NC
X-HubSpot-Correlation-Id
X-Dynatrace-Js-Agent
MIME-Version
X-ID
X-Scheme
Wsr-Cache
X-Lsadc-Cache
X-HA-Application-Name
X-HA-Bot-Classification
Pramga
X-HA-Device-Type
Cr
X-Html-Minification-Powered-By
Proxy-Firewall
X-TIM-N
Datacenter
Uri
X-Styx-Origin-Id
Content-Secure-Policy
X-Udemy-Cache-App-Namespace
X-FPC
X-Styx-Info
Server-Id
GeoIP-Country-Code
ServerHost
X-Via-JSL
Yjs-Id
Geoip-Latitude
X-Fastly-Backend-Reqs
X-Srcache-Fetch-Status
RATING
X-TimeS
X-NodeID
X-Lb-Id
X-Var-Ttl
X-Request-Host
Hostname
X-Srcache-Store-Status
X-Pool
X-Ez-Minify-Js
X-Stale
W
X-ServedByHost
X-NODE
Srv
X-Akamai-Pragma-Client-IP
From-Cache
X-Lb-Nocache
X-RequestId
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Surrogated-Key
X-Oracle-DMS-ECID
X-Aspnetmvc-Version
X-MSEdge-Flight
X-MSEdge-Features
X-Vgn-Hpd-Reason
X-Swift-Error
T-Server
X-CS
X-CACHE-KEY
X-DynaTrace
Cloudfront-Viewer-Country
X-App
X-Cache-Grace
X-Wp-Cf-Super-Cache-Active
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shardid
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Air-Hostname
X-Varnish-Beresp-TTL
X-Air-Source
X-Air-Trace-Id
X-LAGOON
X-Shopid
X-Correlation-ID
X-ByteArk-ReqID
X-Proxy-Cache-LA2
X-ByteArk-Cache
X-Ssense-Gql
Ohc-Cache-HIT
Ohc-File-Size
X-Key
Yak-Timeinfo
X-Ramcache
X-Ssense-Shipping-Surcharge-Enabled
X-DataCenter
X-VServer
X-Via-SSL
X-Elasticpress-Query
X-Geo
Cl-Cache
Ngx
X-Cdn-Cache-Status
X-Via-CDN
X-Via-Edge
N1-Cache
X-Webkit-Csp-Report-Only
CF-Cached-On
X-Ha-Backend
Req-ID
X-Jobs
Edge-Copy-Time
X-CSRF-TOKEN
X-Geolocation
X-Sucuri-Id
X-Th-Server
WebServer
X-PageType
X-DC
X-Check-Cacheable
Akamai-X-True-TTL
X-Web-Server
X-Via-PopH
X-Via-PopN
X-ATG-Version
X-Zen-Fury
X-Via-PopV
X-Iplb-Request-Id
Cf-Ipcountry
X-Iplb-Instance
X-Mg-Cache
Warning
FSS-Cache
My-App
X-MiniProfiler-Ids
X-Beacon
X-Limited
X-Request-Url
True-Client-IP
User-Agent
X-Fastly-Cache-Status
Host-Name
X-Serial
X-Env
Xkey-G-Jp
WP-Super-Cache