Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
X-XSS-Protection
Accept-Ranges
X-Powered-By
Pragma
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
Accept-Ch
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-FRAME-OPTIONS
X-Cacheable
X-Iinfo
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
X-XSS-PROTECTION
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Age
Request-Context
X-Backend
Cf-Edge-Cache
X-Robots-Tag
X-Hacker
X-Amz-Version-Id
Keep-Alive
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-AH-Environment
X-Rq
X-Vhost
X-Server
X-Cache-Group
X-Dispatcher
X-Proxy-Cache
CONTENT-SECURITY-POLICY
X-Ws-Request-Id
EagleId
X-Request-ID
X-UA-Device
X-Varnish-Cache
X-Litespeed-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Dns-Prefetch-Control
Allow
X-Page-Speed
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Device
X-Node
X-Cache-Lookup
X-Host
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Country-Code
Surrogate-Control
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
Cf-Railgun
X-Akam-SW-Version
X-HW
X-Response-Time
P3p
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
X-LiteSpeed-Cache
Cross-Origin-Opener-Policy
X-Ua-Device
X-Content-Type
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Rack-Cache
Request-Id
Service-Worker-Allowed
X-Trace
X-TraceId
X-Application-Context
Fastly-Restarts
X-Nf-Request-Id
X-Times
X-PC
X-TtlSet
X-Vname
Rating
X-Clacks-Overhead
X-Element-Page-Cache
X-D2id
X-Cnection
X-Edge
X-Midtier
X-Mcache
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-Vcap-Request-Id
X-FTR-Cache-Status
X-Browser-Type
X-FTR-Expires
Origin-Trial
X-ESI
Edge-Control
X-Cache-TTL
X-Oneagent-Js-Injection
X-Country
X-Navigation-Version
X-FastCGI-Cache
Surrogate-Key
X-NWS-LOG-UUID
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Powered-By-Plesk
X-Abt-Application-Version
X-Ac
X-Upstream
X-Url
Verso
X-Mod-Pagespeed
X-Amz-Rid
X-ORACLE-DMS-RID
X-B3-TraceId
Akamai-GRN
X-Language
Nginx-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-GitHub-Request-Id
X-Sol
Pagespeed
X-Middleton-Display
Display
X-ECACHE
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
S
X-Instrumentation
X-Kraken-Loop-Name
X-MS-InvokeApp
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
AR-Request-ID
AR-PoweredBy
AR-ATIME
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Amzn-Trace-Id
X-Distributor
SPIisLatency
SPRequestGuid
SPRequestDuration
X-SharePointHealthScore
X-Resp-Is-Stale
X-Ser
X-Kinsta-Cache
X-Edge-Location-Klb
X-T
X-ARC
Access-Control-Request-Method
X-NGENIX-Cache
X-Ttl
Front-End-Https
X-Client-IP
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Content-Digest
X-Request-Device-Id
X-Ezoic-Cdn
X-Recruiting
X-Cache-Key
RTSS
Cache-Status
X-Varnish-TTL
X-Ruxit-Js-Agent
X-Version
X-Mg-S
X-Request-Processing-Time
X-Request-Received
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Powered-CMS
TP-Cache
Public-Key-Pins
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-MSEdge-Ref
X-Ismobilevalue
Fastcgi-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
AR-CACHE
Cache-Tags
X-Daa-Tunnel
X-Cached
X-Correlation-Id
X-Cluster-Name
Realpath
X-Id
Content-MD5
X-Content-Security-Policy-Report-Only
X-Amz-Replication-Status
Ar-SID
YJS-ID
X-HS-Combine-CSS
X-Newrelic-App-Data
X-Forwarded-For
Payment
X-Ua-Browser
X-Xrds-Location
X-Kong-Proxy-Latency
X-Fastly-Request-ID
X-Kong-Upstream-Latency
X-RateLimit-Remaining
X-DIS-Request-ID
X-Jurisdiction
X-HP-Webp
X-Webkit-Csp
X-Azure-Ref
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HS-CF-Cache-Status
X-HS-Prerendered
X-GUploader-UploadID
X-Server-Name
Content-Disposition
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-COUNTRY
X-ORACLE-DMS-ECID
MicrosoftSharePointTeamServices
X-Ratelimit-Remaining
X-Protected-By
Count-Hit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Ratelimit-Reset
X-Px
X-Unique-Id
X-Activity-Id
X-Az
X-AppVersion
X-Page-Id
X-TTL
X-Logged-In
X-Rid
Accept-Charset
X-TEC-API-VERSION
Cleartype
X-Amz-Meta-S3cmd-Attrs
Cross-Origin-Resource-Policy
X-Git-Hash
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Microsite
X-Request-Handler-Origin-Region
X-FB-Debug
X-VARITI-CCR
X-Proxy
Cross-Origin-Embedder-Policy
X-Www-Served-By
X-Load-Cache
Version
X-LLID
X-Goog-Metageneration
X-SERVER-NAME
X-Forwarded-Proto
X-Geo-Country
X-PressLabs-Stats
X-Template
X-Hits
X-Varnish-Backend
X-Upgrade-Enabled
Server-Node
X-CST
Server-Name
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-Hostname
X-App-Server
Healthy
X-Content-Options
Access-Control-Allow-Method
X-Frontend
X-Varnish-Grace
Section-Io-Cache
Viewport
X-TT
X-Device-Type
X-Grace
X-Fb-Rlafr
Fastly-SIE
Fastly-SWR
X-B
Alternate-Protocol
X-Varnish-Server
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Request-Guid
MRF-Tech
X-Status
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Contextid
X-Goog-Stored-Content-Length
X-Goog-Generation
TCN
AKAMAI-GRN
DC
Upgrade-Insecure-Requests
X-Requestid
X-RemovedCookies
Retry-After
X-ProcessESI
X-Cache-Age
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
Host
X-Hl-Ver
X-App-Version
MS-Author-Via
X-Cache-Control
X-Varnish-Ttl
Frame-Options
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
X-Buckets
X-Original-Request-Id
X-Type
X-Revision
X-Tt-Trace-Tag
X-Response-Served-From
X-Tt-Trace-Host
X-Origin-TTL
X-Origin-CC
X-Debug
SD-X-WS
X-Mobile
X-G
X-Seen-By
X-ServerID
X-UUID
X-Instance
X-INCAP-ABP
VIX-Pulpo-Upstream-Status
X-Backend-Name
VIX-Pulpo-Node
X-Cache-Status-Check
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rendered-As
X-NYM-Debug-Backend
X-Adobe-Content
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Loc
X-Akamai-Edgescape
X-Lambda-Id
X-Is-Bot
Cross-Origin-Embedder-Policy-Report-Only
X-N
X-ECache
X-Akamai-Request-ID2
X-Content-Powered-By
X-AB
X-WP-CF-Super-Cache-Cache-Control
Access-Control-Request-Headers
NGB
MS-CV
Section-Io-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Trace-Id
X-WP-CF-Super-Cache
Ms-Operation-Id
X-RTag
X-Framework
X-Mg-Request-UUID
X-Storage
X-Server-W
X-Yandex-Req-Id
X-RM-Cache-TTL
Charset
Cache
X-Dc
X-Vcl-Version
X-Oracle-Dms-Ecid
Webserver
Xet-Cookie
Filterid
X-DataDome
Paypal-Debug-Id
Accept-Language
X-B3-SpanId
X-VC-Cache
X-Cache-Time
Refresh
X-Request-Bu
X-Ms-Version
X-Request-Platform
X-Request-Site
X-Cache-Hit
Onion-Location
X-Ms-Request-Id
YJS-CacheStatus
SRV
X-User-Agent
X-Time
X-F-Cache
X-Proxy-Build
X-Timing-Wait
X-Node-Name
X-Region
Selected-Fe
X-BYPASS-REASON
X-Real-IP
X-ProxyCache-Status
X-ProxyCache-Key
X-Tec-Api-Root
X-Tec-Api-Origin
X-Fastcgi-Cache
X-Tec-Api-Version
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-HITS
Priority
X-CCDN-CacheTTL
X-VC
X-Cacheable-TTL
Liferay-Portal
CDN-RequestId
GEO-INFO
X-HTML-Minification-Powered-By
X-Environment-Context
X-IPS-LoggedIn
X-Mode
X-L-Path
X-Service
X-Origin-Cache
X-URL
X-LB-Cache
X-Pass-Why
X-Datadog-Parent-Id
Cross-Origin-Window-Policy
Backend
X-Rule
X-Datadog-Trace-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
Country
X-JoinUs
Meta-Geo
X-Drupal-Cache-Tags
Apigw-Requestid
X-Origin
X-VCT
X-Rocket-Nginx-Serving-Static
X-Tb
X-Rewrite-Enabled
X-Rn-Rsrv
X-Cache-Expired-At
X-SaId
X-UPSTREAM-Address
X-Geo-Region
X-Is-Modern-Browser
X-Wix-Request-Id
X-Is-Supported-Browser
X-Is-Tablet
X-Adobe-Source
X-Is-Desktop
X-Is-Mobile-Only
X-Handled-By
X-Tcp-Rtt
X-Is-Mobile
X-Whom
X-Browser-Name
X-Provided-By
X-Mly-Id
X-Web-Node
Protected
X-Generation-Time
Mn-Server-Ip
Expiry
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-City
TWC-Device-Class
TWC-Connection-Speed
Uber-Trace-Id
X-Httpd
X-Proxied
X-Routing-Service
X-RCS-CacheZone
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Servername
X-Tncms
X-Zipkin-Id
X-Loop
X-Origin-Date
X-Vcache
X-Varnish-Beresp-Grace
X-Origin-Hint
X-FB-TRIP-ID
X-Extlb
Url
Web-Mar-Node
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Region
Webcakes-App-Name
Webcakes-App-Version
X-Detected-As
X-Proxy-Cache-Info
X-Connection-Hash
X-Cloudmap
Webcakes-Region
TWC-GeoIP-DMA
Fastcgi-Useragent
ServerID
X-WP-CF-Super-Cache-Active
X-Server-ID
X-Storefront-Renderer-Rendered
X-Locale
X-Cms-Context
DB-Nickname
ServedBy
X-Logging-Id
X-Director
X-Fetched-On
OT-Force-Account-Verify
X-Hit
X-Hosted-By
X-Format
X-Tumblr-Pixel-3
X-Forwarded-Host
X-MP-GENERATED-AT
X-Skip-Cache
X-Soup
X-App-Environment
X-Shopify-Stage
X-Auth-Group-Type
X-Api-Version
X-Cdn-Origin
X-Alternate-Cache-Key
X-Redis-Cache
Atl-Traceid
X-Cache-Action
X-Tumblr-Pixel-2
X-Cluster
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Endurance-Cache-Level
X-Cluster-Node
X-FW-Server
X-Debug-Info
X-Edge-Location
X-Cache-Debug
LB
X-Urbn-Site-Id
X-Say-TTL
X-SayCDN-TTL
X-FW-Static
X-Say-Cacheable
Cache-Hits
Environment
X-Scope-Id
Locale
X-FW-Version
X-FW-Type
Front
X-Cache-Host
X-Served-From
X-Urbn-Context-Path
X-Restarts
X-S
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-IPLB-Instance
X-Drupal-Cache-Contexts
Filters
X-PHP-Host
Node
X-R9-Blue-Green-Version
X-CLOUD-TRACE-CONTEXT
Countrycode
X-Optimistic-Header
X-Platform
X-Tt-Logid
X-CDN-Cache-Status
X-GEO
X-No-Session
X-Fastly-Request-Id
Xserver
X-NewRelic-App-Data
X-Varnish-Age
WPO-Cache-Status
X-CDN-Forward
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-XRDS-Location
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Tv-Group
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Varnish-Beresp-Ttl
X-Varnish-Cache-Hits
X-Lagoon
X-UA
AR-SID
X-Generated-By
X-Client-Ip
X-NWS-UUID-VERIFY
X-Signature
X-B-Cache
Referer-Policy
X-SRV
X-Ua
Request-ID
X-Presslabs-Stats
X-Webstats-RespID
X-Clientip
Expect-Staple
X-SRCache-Key
X-Site-Version
X-Azure-Ref-OriginShield
X-IsAdmin
X-CACHE-AGE
X-PHP-Backend
X-Cache-Rule
From-Origin
X-Cache-Operation
Cache-Provider
We-Hiring
Mail-Subject
CloudFront-Viewer-Country
X-AWS-Id
X-Upstream-Ht
X-Wormhole-Sdk
X-Accel-Version
X-Upstream-Ct
X-Worker
X-LJ-Flow-ID
X-VWS-Id
X-Auto-Login
Location
X-Server-IP
X-TA-CDN-Provider
X-Bc-Bl
Sid
Fl-Custom-Application
X-VC-TTL
X-Destination
X-Ig-Origin-Region
Host-ID
DCR-Decision-By
X-Ig-Push-State
WPO-Cache-Message
X-Ec-Fail
X-Tb-Optimization-Total-Bytes-Saved
Lang
X-ND-Cache
X-Loc
X-Org
X-Tx-Id
X-D
X-Content-Age
X-Ec-GeoHdr
Source
X-A-Dgt
DCR-Processing-Time-Ms
X-Cache-NE
X-PERF
X-B-Cookie
X-A-Ccd
X-A-Dam
X-BCube-Filmed-By
Redirect-Candidate
X-Bl-Debug
Rendered-Blocks
X-Vtex-Remote-Cache
X-Application
X-Aed
X-A-Wwc
X-Vdms-Version
Candidate-Md5Url
X-External-Request-Id
Sslversion
X-A
X-ApacheServer
Pragrma
X-A-Dcw
X-GeoCountry
X-GeoCode
Origin
Ngx.Var.Host
X-Conf
MD5-Digest
Meta-Geo-Continent
N-Cache
X-S-Cookie
X-Rojux
X-ScT
S-Rt
X-Cache-FS-Status
X-Developer
Xc-Version
Origin-Agent-Cluster
X-Litespeed-Cache-Control
X-Xfnlog-Site
Canary
Cluster
X-Ee-Request-Id
CDN-RequestCountryCode
CDN-RequestPullCode
Cdnsip
CDN-RequestPullSuccess
Cdncip
CDN-Uid
X-Ee-Generated-By
CDN-PullZone
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
X-Ee-Origin
X-Ee-Request-Date
X-Cms-Device
RNT-Time
ServerName
Store-Cloud-Cache
RNT-Machine
X-Bug-Bounty
X-Cache-Aspx
Powered-By
Time-Cloud-Cache
X-AK-Request-ID
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
Web-Mar-Region
X-Access
X-Aicache-OS
X-Action
Origin-Site
X-CacheTTL
X-Csrf-Jwt
Gh-Request-Id
Ha-Gx-Prefs
X-CUA
Gannett-Cam-Experience-Id
X-Depends
Fastly-SSL
X-Core-Value
IsBot
Odigeo-Trace-Id
X-CGP
X-Epic-Correlation-Id
X-Contensis-Viewer-Groups
L5d-Success-Class
Log-Origin
Country-Code
X-Node-Id
X-Old-Content-Length
X-Varnish-Authentication
X-Origin-Expires
X-V-Cache
X-PAYTM-SRV-ID
X-Varnish-Beresp-Status
X-Mvc-Supplant-Cachable
X-Vary-Devices
X-Varnish-Hostname
X-Varnish-Director
X-Micro-Cache
X-Policy
X-FORWARDED-FOR
X-Sigma-Backend
X-Sigma
X-SIPLIST1
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Section
X-SD-PageType
X-Eu-Site
X-Req
X-Rocket-Build-Number
X-Save-Cache
X-Internal-TTL
X-Cs
X-From
Apple-News-Services-Handled
Apple-News-Services-Host
X-Gamma-Serve
X-GeoIP-City
X-GoCache-CacheStatus
X-Hash
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-VG-WebCache
X-Fmm-Version
X-FC-Vary-Parameters
X-HS-Content-Campaign-Id
X-VG-TLSProxy
X-Forwarded-Site
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Fastly-Backend
X-Parent-Response-Time
X-Sucuri-Cache
CF-IPCountry
X-Varnish-Remaining-TTL
X-Acquia-Purge-Cdn-Unconfigured
X-Thanos
X-Bip
X-Varnish-CookieINHashed-On
X-BBC-Edge-Cache-Status
X-Wikidot-Static-Cache
X-SVT-ORM-RULES
X-AB-Test
X-Accel-Expires-Debug
X-VarnishDD-TTL
X-Thinkindot-L1
X-SVT-ORM-VERSION
X-Backend-Instance
X-Uri
X-Vmg-Version
X-Viewer-Country
X-Amz-Storage-Class
X-Varnish-CookieHashed-On
X-We-Are-Hiring
X-Up
X-Thinkindot-L3
X-Akamai-Device-Characteristics
X-UA-Device-Type
X-Via-Fastly
X-Wikidot-Backend
X-App-Name
X-Pubstack
X-Debug-Cache-Store
X-DefElseHash
X-DefHash
X-Debug-Cache-Fetch
X-Ion-Healthy
X-Jungle-Id
X-Ion-Hop
X-Date
X-Human
X-Hnp-Log
X-Gen-Mode
X-Gdpr
X-Frame-Option
X-Generated-On
X-Ec-Custom-Error
X-HN
X-Dispatcher-Server
X-Level-Front-Cache
X-Men
X-Request-URI
X-Reqid
X-Render-Time
X-SB
X-Cache-Date
X-Block-Status
X-Shield-Cache-Expires
X-Region-Sid
X-Proto
X-Nyt-Route
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Content-Length
X-Op-Id-All
X-Path
X-Origin-Time
X-Sn-Servicetimems
Thinkindot-CacheControl
Machine
L
Fastly-Backend-Name
DSUID
NM-Fastcgi-Cache
Nord-Request-ID
Pics-Label
PFcat
Origin-EX
Origin-CC
Content-Style-Type
Content-Script-Type
Azure-RegionName
Azure-InstanceId
X-LSADC-Cache
X-NGINX-Cache
Azure-SiteName
Azure-Version
Cmstype
Cmsid
CDCHOST
Cache-Contol
Release
Azure-SlotName
Server-Host
V-Age
TDXMobile
Thinkindot-CacheControl-Type
RewriteTestHook
User-Cache-Control
Req-Svc-Chain
Vix-Hermes-Req-Id
RewriteTeamHook
Cdn-Host
Tube-Got-Eval
CacheControlHeader
Cdn-Request-Time
Click-Count-Action-Start
X-DPWN-IS-SECURE
Tube-Get-Contents
Click-Count-Error
X-Esi-Check
X-Edge-Server
X-Location
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Vercel-Id
X-Vercel-Cache
X-Moov-Xdn-Version
X-Gzip
C-Via
Tube-Return
X-Proxied-Request
Mime-Version
Tube-Got-Results
X-ElasticPress-Query
X-Cache-Id
Fastly-GeoIP-CountryCode
Platform
Producers
X-B3-Trace-ID
X-Air-Pt
X-ZONE
X-Origin-Response-Time
XM
Load-Balancing
X-Pad
X-Cached-By
X-Sucuri-ID
Fastly-Drupal-HTML
NGX
X-NF-Request-ID
X-Source
X-Varnish-Hits
Cookie
Debug
X-Refresh
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-Debug-Service
X-APP
X-Nginx-Cache-Key
X-Datadome
True-Client-Country-4JS
GeoIP-Latitude
X-Srv
X-HA-Backend
Sever-Int
X-AIR-PT
Server-Hostname
Server-Ext
X-Servedbyhost
X-DynaTrace-JS-Agent
GeoIp-Country-Code
X-Webkit-CSP
HA-Ipaddr
Product
X-Nananana
Show-Do-Not-Sell-Link
Server-ID
X-TH-Server
X-Cdn-Forward
Traceparent
X-Litespeed-Tag
X-Ez-Minify-Html
X-Cache-Backend
X-Zone
WZWS-RAY
Cdn
X-Amz-Meta-Cb-Modifiedtime
X-Nc
X-TT-LOGID
X-GeoIP
HostName
DataCenter
X-B3-Parentspanid
X-Fpc
X-Unity-Cache
X-Cache-VC
X-LB-ID
X-Wa
Fastly-Drupal-Html
X-User
Edge-Cache
X-Newrelic-Synthetics
Tcn
X-VCL-Version
X-CDN-Provider
X-AC
Lb
X-B3-Spanid
SID
X-Nginx-Cache
MIME-Version
X-Proxy-CacheR9
Xkey-La3
X-Request-Start
X-Lsadc-Cache
A
Serverhost
Akamai-Mon-Iucid-Del
X-Proxy-Cache-La3
Resin-Trace
Xkeylog
X-LB-NoCache
XkeyR9
Yjs-Id
X-Vc
CountryCode
Wsr-Cache
X-Datacenter
X-Service-Response-Time
X-LiteSpeed-Tag
X-Scheme
X-TX-ID
Sm-Log-Id
Cs
NtCoent-Length
X-RateLimit-Limit
X-LiteSpeed-Cache-Control
X-WA
Uri
X-Pool
Hostname
Surrogated-Key
X-Request-Host
X-Lb-Id
CDN
Esi-Enabled
Cdn-Requestid
X-API-Version
X-CS
X-VC-Age
X-NodeID
X-Aspnet-Version
X-FPC
X-HubSpot-Correlation-Id
X-NC
X-Udemy-Cache-App-Namespace
Datacenter
X-ID
X-Fastly-Backend-Reqs
X-Dynatrace-Js-Agent
X-Akamai-Pragma-Client-IP
X-RequestId
Proxy-Firewall
Pramga
Server-Id
Cr
X-Html-Minification-Powered-By
X-Cache-Grace
X-Stale
X-Via-JSL
X-Vgn-Hpd-Reason
X-HA-Device-Type
X-TIM-N
Content-Secure-Policy
X-Styx-Origin-Id
X-HA-Bot-Classification
X-Styx-Info
X-HA-Application-Name
X-CSRF-TOKEN
X-Air-Trace-Id
X-Air-Source
T-Server
X-Air-Hostname
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Var-Ttl
X-Ez-Minify-Js
GeoIP-Country-Code
ServerHost
X-DataCenter
Yak-Timeinfo
X-DynaTrace
Geoip-Latitude
X-TimeS
RATING
X-Varnish-Beresp-TTL
N1-Cache
X-Via-SSL
Edge-Copy-Time
X-Lb-Nocache
W
X-Via-Edge
Srv
From-Cache
X-Ha-Backend
X-ServedByHost
X-Via-CDN
X-Aspnetmvc-Version
X-Oracle-DMS-ECID
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-MSEdge-Flight
Cloudfront-Viewer-Country
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Jobs
X-CACHE-KEY
X-MSEdge-Features
X-Zen-Fury
X-Swift-Error
X-App
Req-ID
X-Geolocation
X-Sorting-Hat-Shopid
X-LAGOON
Expect-Ct
X-Shardid
X-Shopid
X-Sorting-Hat-Podid
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Correlation-ID
True-Client-IP
X-ByteArk-Cache
X-Proxy-Cache-LA2
FSS-Cache
WP-Super-Cache
X-ByteArk-ReqID
X-Ramcache
Ohc-File-Size
X-Key
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
Ohc-Cache-HIT
X-VServer
X-Sucuri-Id
X-Cdn-Cache-Status
X-NODE
CF-Cached-On
X-Elasticpress-Query
X-Web-Server
X-Geo
X-Cdn-Srv
Cl-Cache
On-Server
X-Webkit-Csp-Report-Only
Ngx
X-Check-Cacheable
X-DC
X-PageType
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Time
WebServer
X-VTEX-Cache-Server
X-ATG-Version
X-Th-Server
Akamai-X-True-TTL
X-Serial
X-Iplb-Instance
Cf-Ipcountry
X-Iplb-Request-Id
Warning
X-Beacon
X-MiniProfiler-Ids
X-Limited
X-Mg-Cache
My-App
X-Env
X-Fastly-Cache
X-Request-Url
X-Fastly-Cache-Status
Cneonction
User-Agent
Xkey-G-Jp
FSS-Proxy
Host-Name