Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-XSS-Protection
X-Powered-By
Pragma
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
Accept-Ch
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-FRAME-OPTIONS
X-Cacheable
X-Iinfo
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
X-XSS-PROTECTION
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Keep-Alive
X-Amz-Version-Id
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Vhost
X-Cache-Group
X-Server
X-Dispatcher
X-Proxy-Cache
CONTENT-SECURITY-POLICY
X-Ws-Request-Id
EagleId
X-Request-ID
X-UA-Device
X-Varnish-Cache
X-Litespeed-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Device
X-Node
X-Cache-Lookup
X-Host
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Country-Code
Surrogate-Control
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
Cf-Railgun
X-Akam-SW-Version
X-HW
X-Response-Time
P3p
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
X-LiteSpeed-Cache
Cross-Origin-Opener-Policy
X-Ua-Device
X-Content-Type
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Rack-Cache
Service-Worker-Allowed
Request-Id
X-Trace
X-TraceId
X-Application-Context
Fastly-Restarts
X-Nf-Request-Id
X-Times
X-TtlSet
X-PC
X-Vname
Rating
X-Clacks-Overhead
X-Cnection
X-Element-Page-Cache
X-D2id
X-Midtier
X-Mcache
X-Edge
X-Vcap-Request-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Expires
X-Browser-Type
X-ESI
Origin-Trial
Edge-Control
X-Cache-TTL
X-Oneagent-Js-Injection
X-Country
X-FastCGI-Cache
Surrogate-Key
X-NWS-LOG-UUID
X-Navigation-Version
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Upstream
X-Url
Verso
X-Mod-Pagespeed
X-Amz-Rid
X-ORACLE-DMS-RID
X-B3-TraceId
X-Language
Akamai-GRN
Nginx-Cache
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-GitHub-Request-Id
X-Middleton-Display
X-Sol
Pagespeed
Display
X-ECACHE
X-Erf-Bev-Bev
S
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Envoy-Decorator-Operation
X-MS-InvokeApp
Response
X-Middleton-Response
AR-Request-ID
AR-PoweredBy
AR-ATIME
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Distributor
SPRequestGuid
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
X-Resp-Is-Stale
X-Amzn-Trace-Id
X-Ser
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
Access-Control-Request-Method
X-NGENIX-Cache
X-T
X-Ttl
Front-End-Https
X-Client-IP
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Content-Digest
X-Ezoic-Cdn
X-Recruiting
X-Cache-Key
RTSS
Cache-Status
X-Varnish-TTL
X-Request-Device-Id
X-Ruxit-Js-Agent
X-Version
X-Mg-S
X-Powered-CMS
X-HS-Cache-Config
Public-Key-Pins
TP-Cache
X-HS-Content-Id
X-HS-Hub-Id
Fastcgi-Cache
X-Ismobilevalue
X-MSEdge-Ref
X-Accel-Expires
X-Request-Processing-Time
X-Request-Received
AR-CACHE
Arr-Disable-Session-Affinity
X-Meli-Trace-Site
X-Meli-Trace-Bu
Cache-Tags
X-Meli-Trace-Platform
X-Cached
X-Cluster-Name
X-Daa-Tunnel
X-Correlation-Id
Realpath
X-Id
Content-MD5
Ar-SID
X-Content-Security-Policy-Report-Only
YJS-ID
X-HS-Combine-CSS
X-Amz-Replication-Status
X-Newrelic-App-Data
X-Forwarded-For
X-Ua-Browser
X-Xrds-Location
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Fastly-Request-ID
X-RateLimit-Remaining
X-DIS-Request-ID
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Azure-Ref
X-Webkit-Csp
X-HS-CF-Cache-Status
X-HS-Prerendered
X-GUploader-UploadID
X-Server-Name
Content-Disposition
X-COUNTRY
X-ORACLE-DMS-ECID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
Count-Hit
X-Protected-By
X-Px
X-Ratelimit-Reset
X-Origin-Server
X-Az
X-Unique-Id
X-Activity-Id
X-AppVersion
X-TTL
X-Page-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Rid
X-Logged-In
X-Git-Hash
Cross-Origin-Resource-Policy
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-Proxy
X-FB-Debug
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-Load-Cache
Version
X-LLID
X-Goog-Metageneration
X-SERVER-NAME
X-Forwarded-Proto
X-Geo-Country
X-PressLabs-Stats
X-Template
X-Hits
X-Varnish-Backend
X-Upgrade-Enabled
Server-Node
Server-Name
X-CST
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-App-Server
X-Hostname
Healthy
Access-Control-Allow-Method
X-Content-Options
X-Frontend
Viewport
Section-Io-Cache
X-Varnish-Grace
X-Grace
X-Device-Type
X-Fb-Rlafr
X-TT
X-B
Fastly-SWR
Fastly-SIE
Alternate-Protocol
X-Varnish-Server
X-Request-Guid
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Status
X-Goog-Stored-Content-Encoding
X-Contextid
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
TCN
AKAMAI-GRN
DC
Upgrade-Insecure-Requests
X-Requestid
Retry-After
X-Cache-Age
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
Host
X-ProcessESI
X-RemovedCookies
MS-Author-Via
X-App-Version
X-Cache-Control
X-Varnish-Ttl
X-Hl-Ver
Frame-Options
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
X-Buckets
X-Tt-Trace-Tag
X-Original-Request-Id
X-Type
X-Revision
X-Tt-Trace-Host
X-Origin-CC
X-Debug
X-Origin-TTL
SD-X-WS
X-Mobile
X-Backend-Name
X-G
X-INCAP-ABP
X-Seen-By
X-Instance
X-UUID
X-ServerID
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Lambda-Id
X-ECache
X-NYM-Debug-Backend
X-Adobe-Loc
X-Is-Bot
X-N
X-Akamai-Edgescape
X-Adobe-Content
X-Cache-Status-Check
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Cross-Origin-Embedder-Policy-Report-Only
X-Tumblr-Pixel-1
Cross-Origin-Opener-Policy-Report-Only
X-AB
X-WP-CF-Super-Cache
Section-Io-Id
Ms-Operation-Id
MS-CV
Access-Control-Request-Headers
X-WP-CF-Super-Cache-Cache-Control
NGB
X-Framework
X-RTag
X-Trace-Id
X-Akamai-Request-ID2
X-Mg-Request-UUID
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-Yandex-Req-Id
X-Storage
X-Server-W
X-RM-Cache-TTL
Cache
Charset
X-Oracle-Dms-Ecid
X-Dc
X-Vcl-Version
Webserver
Filterid
X-DataDome
Paypal-Debug-Id
X-B3-SpanId
Accept-Language
Xet-Cookie
Refresh
X-Cache-Time
X-VC-Cache
X-Ms-Request-Id
X-Request-Site
X-Ms-Version
Onion-Location
X-Request-Platform
X-Cache-Hit
X-Request-Bu
YJS-CacheStatus
SRV
X-User-Agent
X-Time
X-Region
X-Node-Name
X-F-Cache
X-Real-IP
X-Tec-Api-Root
X-Fastcgi-Cache
X-Tec-Api-Version
X-Tec-Api-Origin
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-HITS
X-CCDN-Origin-Time
X-Proxy-Build
Priority
Selected-Fe
X-Timing-Wait
X-ProxyCache-Status
X-VC
Liferay-Portal
X-BYPASS-REASON
X-ProxyCache-Key
GEO-INFO
X-HTML-Minification-Powered-By
CDN-RequestId
X-L-Path
X-Mode
X-Environment-Context
X-Cacheable-TTL
X-IPS-LoggedIn
X-Origin-Cache
X-LB-Cache
X-URL
X-Service
Backend
X-Pass-Why
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Rule
X-Datadog-Sampled
X-Datadog-Trace-Id
Cross-Origin-Window-Policy
X-SaId
Meta-Geo
X-Rewrite-Enabled
X-Tb
X-VCT
X-UPSTREAM-Address
X-Rn-Rsrv
Country
X-Rocket-Nginx-Serving-Static
Apigw-Requestid
X-JoinUs
X-Cache-Expired-At
X-Drupal-Cache-Tags
X-Origin
X-Adobe-Source
X-Whom
X-Browser-Name
X-Wix-Request-Id
X-Geo-Region
X-Is-Mobile-Only
X-Is-Modern-Browser
X-Is-Tablet
X-Is-Mobile
X-Handled-By
X-Tcp-Rtt
X-Is-Supported-Browser
X-Is-Desktop
X-Generation-Time
X-Web-Node
Mn-Server-Ip
X-Provided-By
Protected
Expiry
X-Varnish-Beresp-Grace
TWC-GeoIP-LatLong
TWC-GeoIP-Region
X-RateLimit-Limit-Second
X-Vcache
X-Zipkin-Id
TWC-GeoIP-DMA
ServerID
X-RateLimit-Remaining-Second
X-Proxy-Cache-Info
X-RCS-CacheZone
Web-Mar-Node
X-Tncms
Url
Uber-Trace-Id
Webcakes-App-Name
Webcakes-App-Version
X-WP-CF-Super-Cache-Active
TWC-Locale-Group
Webcakes-Region
TWC-GeoIP-Country
X-Cloudmap
Property-Id
X-Origin-Hint
TWC-Privacy
X-Httpd
X-Origin-Date
X-Server-ID
Fastcgi-Useragent
X-Loop
X-Servername
X-Routing-Service
X-Proxied
X-Connection-Hash
TWC-Device-Class
TWC-GeoIP-City
X-FB-TRIP-ID
X-Detected-As
X-Extlb
TWC-Connection-Speed
ServedBy
X-Locale
OT-Force-Account-Verify
X-Auth-Group-Type
X-Hit
X-Forwarded-Host
X-Format
X-Hosted-By
X-MP-GENERATED-AT
X-Logging-Id
X-Mly-Id
X-Fetched-On
X-Director
X-App-Environment
X-Alternate-Cache-Key
X-Cache-Action
X-Cdn-Origin
X-Cms-Context
X-Cluster
X-Redis-Cache
X-Api-Version
X-Skip-Cache
X-Shopify-Stage
X-Soup
X-Storefront-Renderer-Rendered
X-Tumblr-Pixel-2
Atl-Traceid
X-Tumblr-Pixel-3
DB-Nickname
LB
X-FW-Version
X-FW-Type
X-Urbn-Site-Id
X-Say-Cacheable
X-Restarts
X-FW-Hash
X-Cache-Host
Environment
X-Edge-Location
X-Endurance-Cache-Level
X-FW-Server
Front
X-Debug-Info
X-Cache-Debug
X-Cluster-Node
X-FW-Static
X-SayCDN-TTL
X-Urbn-Context-Path
Cache-Hits
Locale
X-Scope-Id
X-FW-Dynamic
X-Say-TTL
X-FW-Serve
X-Served-From
X-S
X-PHP-Host
X-IPLB-Instance
X-IPLB-Request-ID
X-Drupal-Cache-Contexts
X-Labrador-Cache-Channel
Filters
Node
X-Optimistic-Header
X-CLOUD-TRACE-CONTEXT
X-Platform
X-R9-Blue-Green-Version
X-CDN-Cache-Status
X-Tt-Logid
Countrycode
X-GEO
X-NewRelic-App-Data
Xserver
X-No-Session
X-Fastly-Request-Id
X-CDN-Forward
X-Varnish-Age
WPO-Cache-Status
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-WP-CF-Super-Cache-Cookies-Bypass
X-XRDS-Location
X-Lagoon
X-B3-Traceid
X-UA
X-Varnish-Beresp-Ttl
X-Varnish-Cache-Hits
Cache-Tv-Group
X-Generated-By
AR-SID
AMP-Access-Control-Allow-Source-Origin
X-Signature
X-B-Cache
X-NWS-UUID-VERIFY
X-Client-Ip
X-SRV
Referer-Policy
Request-ID
X-Ua
X-Presslabs-Stats
X-Webstats-RespID
X-Site-Version
X-Azure-Ref-OriginShield
X-PHP-Backend
X-IsAdmin
X-Cache-Rule
X-Cache-Operation
X-CACHE-AGE
From-Origin
Cache-Provider
Expect-Staple
X-Clientip
X-SRCache-Key
X-Upstream-Ct
X-Upstream-Ht
X-AWS-Id
X-Accel-Version
Location
X-Worker
X-LJ-Flow-ID
X-Auto-Login
X-Wormhole-Sdk
X-VWS-Id
X-Server-IP
Sid
X-Bc-Bl
Fl-Custom-Application
Mail-Subject
We-Hiring
X-TA-CDN-Provider
X-VC-TTL
X-Org
Redirect-Candidate
Rendered-Blocks
X-GeoCode
Xc-Version
X-Destination
Pragrma
X-A
X-Loc
X-ApacheServer
X-A-Wwc
S-Rt
X-A-Dgt
Host-ID
X-D
X-A-Dcw
WPO-Cache-Message
X-Developer
MD5-Digest
Meta-Geo-Continent
N-Cache
X-PERF
Lang
X-A-Ccd
X-Ec-GeoHdr
Source
Ngx.Var.Host
Origin
X-A-Dam
X-Tb-Optimization-Total-Bytes-Saved
X-Ec-Fail
X-ND-Cache
X-GeoCountry
X-Vtex-Remote-Cache
Sslversion
X-Cache-NE
X-ScT
Candidate-Md5Url
X-Vdms-Version
X-Bl-Debug
X-External-Request-Id
X-Cache-FS-Status
X-Rojux
X-BCube-Filmed-By
X-S-Cookie
X-Content-Age
X-Ig-Push-State
X-Ig-Origin-Region
DCR-Decision-By
X-Conf
Origin-Agent-Cluster
X-B-Cookie
DCR-Processing-Time-Ms
X-Application
X-Tx-Id
X-Aed
X-Xfnlog-Site
X-Litespeed-Cache-Control
IsBot
X-HS-Content-Campaign-Id
Cluster
Cdnsip
L5d-Success-Class
Country-Code
Cdncip
X-Ee-Origin
CDN-RequestPullSuccess
Gh-Request-Id
X-GeoIP-Region-Code
CDN-RequestPullCode
CDN-RequestCountryCode
Ha-Gx-Prefs
X-GoCache-CacheStatus
Gannett-Cam-Experience-Id
CDN-PullZone
X-GeoIP-Country-Code
CDN-Uid
X-Ee-Generated-By
Fastly-SSL
X-Hash
RNT-Machine
Web-Mar-Region
X-Forwarded-Site
X-FC-Vary-Parameters
X-Fastly-Backend
X-Bug-Bounty
X-From
X-Eu-Site
X-Cache-Aspx
X-Fmm-Version
X-AK-Request-ID
X-Action
X-Access
CDN-EdgeStorageId
Wxu-Next-Region
X-Aicache-OS
Wxu-Next-Commit
Wxu-Next-Hostname
X-Gamma-Serve
Time-Cloud-Cache
X-Depends
RNT-Time
X-CUA
Powered-By
Origin-Site
X-GeoIP-City
Odigeo-Trace-Id
X-Ee-Request-Id
ServerName
X-Csrf-Jwt
X-CGP
X-Epic-Correlation-Id
X-CacheTTL
X-Cms-Device
X-Contensis-Viewer-Groups
Store-Cloud-Cache
X-Core-Value
Log-Origin
X-Cs
X-Internal-TTL
X-Vary-Devices
X-Sigma
X-Varnish-Beresp-Status
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
X-Varnish-Authentication
X-Old-Content-Length
X-V-Cache
X-SIPLIST1
X-FORWARDED-FOR
X-Node-Id
X-Mvc-Supplant-Cachable
X-Slack-Backend
X-Micro-Cache
X-Policy
X-Slack-Shared-Secret-Outcome
X-Req
X-Origin-Expires
X-Varnish-Hostname
X-Sigma-Backend
X-VG-WebCache
X-Ee-Request-Date
X-Varnish-Director
Canary
CDN-CachedAt
CDN-Cache
X-SD-PageType
X-Rocket-Build-Number
X-Save-Cache
X-PAYTM-SRV-ID
X-Section
X-Sucuri-Cache
X-Parent-Response-Time
CF-IPCountry
CloudFront-Viewer-Country
Vix-Hermes-Req-Id
Thinkindot-CacheControl-Type
X-NGINX-Cache
V-Age
Thinkindot-CacheControl
X-VarnishDD-TTL
X-Frame-Option
X-Content-Length
X-SVT-ORM-VERSION
X-Vmg-Version
X-Varnish-Remaining-TTL
User-Cache-Control
X-Proto
X-Request-URI
X-Bip
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Shield-Cache-Expires
X-Block-Status
X-Cache-Date
X-Via-Fastly
X-Thinkindot-L3
X-Thinkindot-L1
X-UA-Device-Type
X-SB
X-Thanos
X-Reqid
X-Uri
X-Up
TDXMobile
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-Akamai-Device-Characteristics
X-Viewer-Country
X-Render-Time
X-App-Name
X-Region-Sid
X-Amz-Storage-Class
X-Pubstack
X-AB-Test
RewriteTeamHook
Fastly-Backend-Name
X-Ec-Custom-Error
Azure-InstanceId
X-HN
X-Hnp-Log
DSUID
X-Sn-Servicetimems
X-Ion-Healthy
L
X-Men
X-Level-Front-Cache
X-Jungle-Id
X-Ion-Hop
Azure-RegionName
Azure-SiteName
Cache-Contol
X-Wikidot-Backend
X-SVT-ORM-RULES
CDCHOST
X-Wikidot-Static-Cache
X-Human
X-We-Are-Hiring
Cmsid
Azure-Version
Azure-SlotName
Content-Style-Type
Content-Script-Type
Cmstype
X-Varnish-CookieINHashed-On
X-Dispatcher-Server
Req-Svc-Chain
RewriteTestHook
X-Generated-On
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Release
X-Origin-Time
X-Path
X-Gdpr
X-Varnish-CookieHashed-On
X-Date
X-Gen-Mode
Server-Host
Machine
X-DefElseHash
X-NMSegId
X-LSADC-Cache
Nord-Request-ID
NM-Fastcgi-Cache
X-Mvc-Supplant-OutputCached
Origin-CC
X-Nyt-Route
X-DefHash
X-Op-Id-All
Origin-EX
Pics-Label
PFcat
X-DPWN-IS-SECURE
X-Edge-Server
X-ElasticPress-Query
Tube-Get-Contents
X-Moov-T
X-Location
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Producers
Platform
X-Gzip
Fastly-GeoIP-CountryCode
CacheControlHeader
Cdn-Request-Time
Click-Count-Action-Start
Click-Count-Error
C-Via
X-Esi-Check
Mime-Version
X-Vercel-Id
X-Proxied-Request
X-B3-Trace-ID
X-Cache-Id
X-Vercel-Cache
Tube-Return
Cdn-Host
Tube-Got-Results
Tube-Got-Eval
X-ZONE
X-Air-Pt
Load-Balancing
XM
X-Origin-Response-Time
Fastly-Drupal-HTML
X-Sucuri-ID
X-Cached-By
X-Pad
NGX
X-NF-Request-ID
X-Refresh
Debug
Cookie
X-Source
X-Varnish-Hits
X-Via-Popv
X-Nginx-Cache-Key
X-Datadome
X-Via-Popn
X-Via-Poph
X-APP
X-Debug-Service
True-Client-Country-4JS
X-DynaTrace-JS-Agent
X-Srv
GeoIp-Country-Code
X-AIR-PT
X-Servedbyhost
X-HA-Backend
Server-Ext
Server-Hostname
Sever-Int
GeoIP-Latitude
X-Webkit-CSP
X-Nananana
HA-Ipaddr
X-TH-Server
Server-ID
Show-Do-Not-Sell-Link
Product
X-Cdn-Forward
Traceparent
X-Litespeed-Tag
X-Ez-Minify-Html
X-Cache-Backend
X-Zone
X-Amz-Meta-Cb-Modifiedtime
Cdn
WZWS-RAY
DataCenter
X-Nc
X-TT-LOGID
X-B3-Parentspanid
X-GeoIP
X-LB-ID
HostName
X-Unity-Cache
X-Wa
X-Fpc
X-Cache-VC
Fastly-Drupal-Html
X-User
X-Newrelic-Synthetics
Edge-Cache
Tcn
X-VCL-Version
X-CDN-Provider
Lb
X-AC
X-Nginx-Cache
MIME-Version
X-B3-Spanid
SID
X-Request-Start
Serverhost
XkeyR9
A
Resin-Trace
Akamai-Mon-Iucid-Del
X-Lsadc-Cache
X-LB-NoCache
X-Proxy-Cache-La3
Xkey-La3
X-Proxy-CacheR9
Xkeylog
Yjs-Id
X-Scheme
CountryCode
Wsr-Cache
X-LiteSpeed-Tag
X-Service-Response-Time
X-Datacenter
X-TX-ID
Sm-Log-Id
X-Vc
Cs
NtCoent-Length
X-RateLimit-Limit
X-LiteSpeed-Cache-Control
X-Pool
Hostname
X-WA
Esi-Enabled
X-Lb-Id
Cdn-Requestid
CDN
X-Request-Host
Surrogated-Key
Uri
X-CS
X-API-Version
X-ID
X-NodeID
X-Dynatrace-Js-Agent
X-FPC
X-Udemy-Cache-App-Namespace
X-HubSpot-Correlation-Id
Datacenter
X-Akamai-Pragma-Client-IP
X-NC
X-Aspnet-Version
X-Fastly-Backend-Reqs
X-VC-Age
X-RequestId
Pramga
X-Via-JSL
Proxy-Firewall
X-Styx-Info
X-TIM-N
X-Vgn-Hpd-Reason
X-Stale
X-HA-Application-Name
X-HA-Bot-Classification
X-HA-Device-Type
Cr
X-Html-Minification-Powered-By
Content-Secure-Policy
X-Styx-Origin-Id
X-Cache-Grace
Server-Id
X-CSRF-TOKEN
Geoip-Latitude
X-Var-Ttl
ServerHost
RATING
Yak-Timeinfo
GeoIP-Country-Code
T-Server
X-Srcache-Store-Status
X-Air-Source
X-Ez-Minify-Js
X-DynaTrace
X-Air-Hostname
X-Srcache-Fetch-Status
X-TimeS
X-DataCenter
X-Air-Trace-Id
Cloudfront-Viewer-Country
X-Lb-Nocache
Srv
X-ServedByHost
N1-Cache
X-Varnish-Beresp-TTL
X-Via-CDN
X-Ha-Backend
W
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
From-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Aspnetmvc-Version
X-Oracle-DMS-ECID
X-Wp-Cf-Super-Cache
Req-ID
X-MSEdge-Flight
X-Geolocation
X-Jobs
X-MSEdge-Features
X-App
X-Swift-Error
X-Via-PopN
X-Zen-Fury
X-Via-PopV
X-Via-PopH
X-CACHE-KEY
X-Shardid
X-LAGOON
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-Shopid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
WP-Super-Cache
X-Proxy-Cache-LA2
True-Client-IP
X-Ramcache
X-ByteArk-ReqID
FSS-Cache
X-Key
X-VServer
X-ByteArk-Cache
Ohc-File-Size
Ohc-Cache-HIT
X-Ssense-Shipping-Surcharge-Enabled
X-Correlation-ID
X-Ssense-Gql
X-Elasticpress-Query
X-Cdn-Srv
Cl-Cache
On-Server
Ngx
X-Check-Cacheable
X-Cdn-Cache-Status
X-Web-Server
X-Webkit-Csp-Report-Only
X-Geo
X-Sucuri-Id
CF-Cached-On
X-PageType
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-Th-Server
X-DC
WebServer
Akamai-X-True-TTL
X-NODE
X-VTEX-Cache-Server
X-Serial
X-ATG-Version
Cf-Ipcountry
X-Iplb-Request-Id
X-Iplb-Instance
Warning
X-MiniProfiler-Ids
X-Beacon
X-Mg-Cache
My-App
X-Limited
User-Agent
X-Request-Url
Cneonction
FSS-Proxy
X-Env
X-Fastly-Cache
Host-Name
X-Fastly-Cache-Status
Xkey-G-Jp