Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-XSS-Protection
X-Cache
X-Powered-By
Via
Pragma
CF-RAY
Age
Content-Security-Policy
Report-To
Alt-Svc
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Request-Id
X-Timer
CF-Ray
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Envoy-Upstream-Service-Time
X-Generator
X-FRAME-OPTIONS
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-CONTENT-TYPE-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Accept-Ch
Timing-Allow-Origin
X-XSS-PROTECTION
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Age
Request-Context
X-Backend
Cf-Edge-Cache
X-Amz-Version-Id
X-Hacker
X-Robots-Tag
Keep-Alive
Cf-Apo-Via
X-Via
X-Turbo-Charged-By
CONTENT-SECURITY-POLICY
X-Vhost
X-AH-Environment
X-Rq
X-Server
X-Dispatcher
X-Request-ID
X-Cache-Group
X-Proxy-Cache
X-Ws-Request-Id
EagleId
X-UA-Device
X-Varnish-Cache
X-Litespeed-Cache
Pantheon-Trace-Id
Grace
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Page-Speed
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Device
X-FTR-Request-ID
Ali-Swift-Global-Savetime
X-Node
X-Host
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
P3p
Cf-Railgun
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
X-HW
X-Response-Time
Cache-Tag
X-Amz-Server-Side-Encryption
Accept-Ch-Lifetime
X-Ua-Device
Content-Location
X-Content-Type
X-LiteSpeed-Cache
Cross-Origin-Opener-Policy
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
Request-Id
X-Rack-Cache
X-Trace
X-Application-Context
X-Element-Page-Cache
Service-Worker-Allowed
X-TraceId
X-D2id
Fastly-Restarts
X-Oneagent-Js-Injection
X-Nf-Request-Id
X-Times
X-PC
X-TtlSet
X-Vname
Rating
X-Clacks-Overhead
X-Navigation-Version
X-Cnection
X-Country
X-Edge
X-Midtier
X-Mcache
X-Vcap-Request-Id
X-Browser-Type
Origin-Trial
Edge-Control
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-ESI
X-FTR-Expires
X-Cache-TTL
X-Url
Surrogate-Key
X-NWS-LOG-UUID
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-FastCGI-Cache
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Upstream
X-Mod-Pagespeed
X-ECACHE
X-Amz-Rid
Verso
X-B3-TraceId
X-ORACLE-DMS-RID
X-Request-Device-Id
X-Language
X-MS-InvokeApp
X-Pinterest-Rid
Nginx-Cache
Pinterest-Generated-By
Pinterest-Version
X-GitHub-Request-Id
X-Sol
X-Middleton-Display
Pagespeed
Display
S
X-Amzn-Trace-Id
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
Akamai-GRN
X-Erf-Bev-Bev-Is-Generated
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Envoy-Decorator-Operation
X-T
X-SharePointHealthScore
SPRequestDuration
SPRequestGuid
Response
AR-ATIME
SPIisLatency
AR-Request-ID
AR-PoweredBy
X-Middleton-Response
Edge-Cache-Tag
X-Distributor
X-Ruxit-Js-Agent
X-Goog-Hash
X-Ratelimit-Limit
X-Resp-Is-Stale
X-Ser
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
Access-Control-Request-Method
X-NGENIX-Cache
Front-End-Https
X-Shield-Request-Id
X-Request-Processing-Time
X-Request-Received
X-Dw-Request-Base-Id
RTSS
X-Client-IP
X-Ezoic-Cdn
X-Content-Digest
X-Recruiting
X-Cache-Key
Cache-Status
X-Varnish-TTL
Ar-SID
YJS-ID
X-Version
X-Mg-S
X-Ttl
X-Amz-Replication-Status
X-Newrelic-App-Data
X-Ismobilevalue
Public-Key-Pins
X-Powered-CMS
X-Accel-Expires
X-HS-Cache-Config
X-HS-Content-Id
TP-Cache
X-HS-Hub-Id
X-MSEdge-Ref
Fastcgi-Cache
AR-CACHE
X-Fastly-Request-ID
X-Correlation-Id
Cache-Tags
X-Cached
X-Cluster-Name
Arr-Disable-Session-Affinity
Realpath
X-Id
X-Content-Security-Policy-Report-Only
X-Daa-Tunnel
Content-MD5
X-Server-Name
X-RateLimit-Remaining
X-HS-Combine-CSS
X-Azure-Ref
X-Cambria-Cache-Control
Payment
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Ua-Browser
X-DIS-Request-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TTL
X-Xrds-Location
X-HS-CF-Cache-Status
X-HS-Prerendered
MicrosoftSharePointTeamServices
X-GUploader-UploadID
X-Forwarded-For
X-Amzn-RequestId
X-Amz-Apigw-Id
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Content-Disposition
X-Px
X-Protected-By
Count-Hit
X-Ratelimit-Reset
X-Az
X-AppVersion
X-Unique-Id
X-Activity-Id
X-Page-Id
X-Logged-In
X-Rid
Cross-Origin-Resource-Policy
X-Origin-Server
Cleartype
X-Proxy
Accept-Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Amz-Meta-S3cmd-Attrs
X-Git-Hash
X-TEC-API-ORIGIN
X-VARITI-CCR
X-FB-Debug
X-Request-Handler-Origin-Region
X-Microsite
Cross-Origin-Embedder-Policy
X-Www-Served-By
X-Hits
X-Ratelimit-Remaining
Version
X-ORACLE-DMS-ECID
X-Load-Cache
X-Geo-Country
X-LLID
X-Goog-Metageneration
X-Forwarded-Proto
X-Template
X-COUNTRY
X-Varnish-Backend
X-Upgrade-Enabled
X-PressLabs-Stats
X-WebKit-CSP-Report-Only
AKAMAI-GRN
Server-Node
X-B3-Sampled
X-App-Server
X-Requestid
Server-Name
X-Hostname
Healthy
X-Content-Options
Access-Control-Allow-Method
X-TT
X-Frontend
X-Varnish-Grace
X-Grace
Section-Io-Cache
X-B
X-RemovedCookies
Viewport
X-ProcessESI
X-Fb-Rlafr
Fastly-SWR
X-Device-Type
X-Request-Guid
Fastly-SIE
X-Varnish-Server
Alternate-Protocol
X-Contextid
X-Cache-Age
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Status
X-CSRF-Token
X-Hl-Ver
DC
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-SERVER-NAME
X-Amzn-Remapped-Content-Length
Upgrade-Insecure-Requests
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-CST
TCN
X-App-Version
MS-Author-Via
X-Cache-Control
Frame-Options
Host
X-Yandex-Req-Id
Retry-After
X-Varnish-Ttl
X-Oracle-Dms-Ecid
Xet-Cookie
X-Origin-CC
X-Origin-TTL
X-Type
X-Response-Served-From
X-Revision
X-Original-Request-Id
X-G
X-AB
X-ServerID
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Debug
SD-X-WS
X-Mobile
X-Buckets
X-N
X-Akamai-Edgescape
X-Instance
X-Adobe-Content
X-Seen-By
X-Backend-Name
X-INCAP-ABP
X-UUID
X-Adobe-Loc
X-Lambda-Id
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Request-ID2
X-NYM-Debug-Backend
X-Rendered-As
Access-Control-Request-Headers
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Yottaa-Optimizations
X-Is-Bot
Cross-Origin-Embedder-Policy-Report-Only
X-Tumblr-User
X-Cache-Status-Check
X-Yottaa-Metrics
X-Debug-IsPreview
X-Debug-IsConnected
Cache
X-Tumblr-Pixel-1
MS-CV
Section-Io-Id
X-Trace-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-WP-CF-Super-Cache
Ms-Operation-Id
X-WP-CF-Super-Cache-Cache-Control
NGB
X-Framework
X-Mg-Request-UUID
X-RM-Cache-TTL
X-RTag
X-Server-W
Amp-Access-Control-Allow-Source-Origin
X-Content-Powered-By
X-Storage
Charset
X-Dc
YJS-CacheStatus
X-Cacheable-TTL
X-Fastcgi-Cache
Paypal-Debug-Id
X-Proxy-Build
X-B3-SpanId
Selected-Fe
X-Timing-Wait
Webserver
X-BYPASS-REASON
Filterid
X-VC-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-Ms-Request-Id
Onion-Location
Accept-Language
X-Ms-Version
X-Vcl-Version
X-Cache-Time
X-DataDome
X-User-Agent
Refresh
Front
SRV
X-Cache-Hit
X-F-Cache
X-VC
X-Time
X-Tec-Api-Version
X-Tec-Api-Origin
Apigw-Requestid
X-Tec-Api-Root
X-Node-Name
X-Server-ID
X-Region
X-Real-IP
X-Origin-Cache
Priority
Liferay-Portal
X-Environment-Context
X-Request-Platform
X-L-Path
X-Request-Site
X-Request-Bu
GEO-INFO
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Service
X-CCDN-CacheTTL
X-Mly-Id
X-Mode
X-HTML-Minification-Powered-By
X-LB-Cache
X-Rocket-Nginx-Serving-Static
X-Origin
X-Optimistic-Header
X-Webkit-Csp
X-Rule
CDN-RequestId
X-CLOUD-TRACE-CONTEXT
X-Rewrite-Enabled
X-Drupal-Cache-Tags
Meta-Geo
X-Tt-Logid
Country
X-SaId
X-Tb
X-Rn-Rsrv
X-UPSTREAM-Address
X-VCT
X-JoinUs
X-Api-Version
X-IPS-LoggedIn
Backend
X-Datadog-Parent-Id
X-Is-Mobile
X-Datadog-Sampling-Priority
X-Tcp-Rtt
X-Datadog-Trace-Id
X-Is-Tablet
X-Cache-Expired-At
X-Is-Mobile-Only
X-Is-Supported-Browser
X-Handled-By
X-Geo-Region
X-Is-Modern-Browser
X-Datadog-Sampled
X-Adobe-Source
X-Browser-Name
X-Is-Desktop
X-Wix-Request-Id
X-Whom
X-Web-Node
X-Pass-Why
X-Generation-Time
Cross-Origin-Window-Policy
X-Provided-By
Mn-Server-Ip
X-Detected-As
X-Origin-Date
TWC-GeoIP-LatLong
X-Shopify-Stage
X-Alternate-Cache-Key
Webcakes-App-Version
Uber-Trace-Id
X-Origin-Hint
Webcakes-App-Name
Url
Web-Mar-Node
TWC-Connection-Speed
X-Servername
X-Loop
X-Cache-Action
X-WP-CF-Super-Cache-Active
TWC-GeoIP-DMA
X-Cloudmap
X-Cdn-Origin
X-Platform
X-Proxy-Cache-Info
X-Zipkin-Id
X-S
X-Tncms
Expiry
X-RateLimit-Limit-Second
X-Connection-Hash
TWC-GeoIP-City
X-Routing-Service
X-RCS-CacheZone
X-RateLimit-Remaining-Second
X-Varnish-Beresp-Grace
X-Vcache
TWC-GeoIP-Region
OT-Force-Account-Verify
X-Storefront-Renderer-Rendered
TWC-GeoIP-Country
Fastcgi-Useragent
X-Forwarded-Host
X-Proxied
TWC-Privacy
X-FB-TRIP-ID
ServerID
Property-Id
X-Hit
Webcakes-Region
TWC-Device-Class
X-HITS
X-Httpd
TWC-Locale-Group
X-Extlb
X-Skip-Cache
X-Tumblr-Pixel-2
X-Soup
X-Redis-Cache
X-MP-GENERATED-AT
X-Tumblr-Pixel-3
X-Urbn-Context-Path
Node
X-Cms-Context
X-Urbn-Site-Id
X-Logging-Id
X-Locale
X-Cache-Host
X-Cache-Debug
X-Auth-Group-Type
X-Cluster
X-Director
X-Hosted-By
X-Format
X-Fetched-On
X-App-Environment
DB-Nickname
Environment
Countrycode
Cache-Hits
Atl-Traceid
Locale
Protected
AMP-Access-Control-Allow-Source-Origin
ServedBy
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-Cluster-Node
X-Debug-Info
X-Edge-Location
X-Endurance-Cache-Level
X-FW-Static
X-FW-Version
X-SayCDN-TTL
X-Served-From
X-Restarts
X-PHP-Host
X-XRDS-Location
X-Scope-Id
X-Say-Cacheable
X-Labrador-Cache-Channel
X-Say-TTL
X-FW-Type
X-IPLB-Instance
X-Drupal-Cache-Contexts
X-IPLB-Request-ID
Filters
X-CDN-Forward
LB
X-R9-Blue-Green-Version
Xserver
WPO-Cache-Status
X-GEO
X-Client-Ip
X-CDN-Cache-Status
Request-ID
X-No-Session
X-NWS-UUID-VERIFY
X-Presslabs-Stats
X-ECache
X-Ua
X-WP-CF-Super-Cache-Cookies-Bypass
X-ShardId
X-Varnish-Age
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-Varnish-Beresp-Ttl
X-Varnish-Cache-Hits
X-Generated-By
X-Signature
X-SRCache-Key
X-Lagoon
Expect-Staple
Cache-Tv-Group
X-Clientip
X-B-Cache
X-Upstream-Ct
X-Upstream-Ht
We-Hiring
Referer-Policy
Mail-Subject
X-Cache-FS-Status
X-TA-CDN-Provider
CloudFront-Viewer-Country
X-Azure-Ref-OriginShield
X-PHP-Backend
X-SRV
X-IsAdmin
X-B3-Traceid
X-Cache-Rule
X-Cache-Operation
X-Webstats-RespID
X-FORWARDED-FOR
X-UA
X-Cs
X-Site-Version
From-Origin
X-Auto-Login
Location
X-Worker
X-LSADC-Cache
X-Bc-Bl
Cache-Provider
X-Server-IP
Fl-Custom-Application
DCR-Decision-By
S-Rt
X-Tb-Optimization-Total-Bytes-Saved
Origin-Agent-Cluster
Candidate-Md5Url
Source
DCR-Processing-Time-Ms
Host-ID
X-A-Dcw
X-External-Request-Id
X-GeoCode
X-GeoCountry
X-Ig-Origin-Region
X-Ec-GeoHdr
X-Ec-Fail
X-D
X-Destination
X-Developer
X-Ig-Push-State
X-Loc
X-ScT
X-Vdms-Version
X-Vtex-Remote-Cache
Xc-Version
X-S-Cookie
X-Rojux
X-ND-Cache
X-Org
X-PERF
X-Content-Age
X-Conf
Pragrma
Redirect-Candidate
Rendered-Blocks
Sslversion
Origin
Ngx.Var.Host
MD5-Digest
Meta-Geo-Continent
N-Cache
X-A
X-A-Ccd
X-B-Cookie
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-NE
X-Application
X-ApacheServer
X-A-Dam
X-A-Wwc
X-Aed
Lang
X-A-Dgt
Mime-Version
X-VWS-Id
X-AWS-Id
WPO-Cache-Message
X-LJ-Flow-ID
X-Accel-Version
Sid
X-Xfnlog-Site
X-Cms-Device
X-Contensis-Viewer-Groups
X-CGP
X-Cache-Aspx
X-Core-Value
X-Bug-Bounty
X-AK-Request-ID
X-CacheTTL
X-DefElseHash
X-Ee-Request-Date
X-Ee-Request-Id
X-Epic-Correlation-Id
X-Eu-Site
X-Ee-Origin
X-Ee-Generated-By
X-CUA
X-Aicache-OS
X-DefHash
X-Depends
X-Csrf-Jwt
Wxu-Next-Region
Origin-Site
Powered-By
X-Litespeed-Cache-Control
RNT-Machine
Odigeo-Trace-Id
NM-Fastcgi-Cache
Ha-Gx-Prefs
IsBot
L5d-Success-Class
Log-Origin
RNT-Time
Server-Host
Wxu-Next-Commit
Wxu-Next-Hostname
X-Fastly-Backend
X-Access
Web-Mar-Region
Vix-Hermes-Req-Id
ServerName
Store-Cloud-Cache
Time-Cloud-Cache
X-Action
X-Gamma-Serve
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Up
X-SIPLIST1
X-Sigma-Backend
X-Save-Cache
X-SD-PageType
X-Section
X-Sigma
X-V-Cache
X-Varnish-Authentication
X-Varnish-Remaining-TTL
X-Vary-Devices
X-VG-TLSProxy
X-VG-WebCache
X-Varnish-Hostname
X-Varnish-Director
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Rocket-Build-Number
X-Req
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hash
X-GeoIP-City
Gh-Request-Id
X-Fmm-Version
X-Forwarded-Site
X-From
X-HS-Content-Campaign-Id
X-Internal-TTL
X-Old-Content-Length
X-Origin-Expires
X-PAYTM-SRV-ID
X-Policy
X-Node-Id
X-NMSegId
X-Men
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-Dispatcher-Server
CDN-RequestPullSuccess
Load-Balancing
Cdnsip
CDN-Cache
CDN-Uid
Apple-News-Services-Request-Url
X-VC-TTL
Cluster
Canary
Cdncip
CDN-CachedAt
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-PullZone
Apple-News-Services-Handled
Country-Code
Gannett-Cam-Experience-Id
Apple-News-Services-Host
CDN-RequestCountryCode
Fastly-SSL
Apple-News-Services-Parsed-Url
X-Tx-Id
X-Cached-By
X-Parent-Response-Time
X-CACHE-AGE
Azure-Version
Azure-SlotName
X-Frame-Option
Azure-InstanceId
X-Esi-Check
Azure-RegionName
Azure-SiteName
X-Date
X-Cache-Id
Cdn-Host
X-Content-Length
X-Cache-Date
Cdn-Request-Time
X-Bip
X-Block-Status
CDCHOST
X-Gdpr
X-DPWN-IS-SECURE
X-Ec-Custom-Error
Cache-Contol
CacheControlHeader
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Edge-Server
X-HN
X-Thinkindot-L3
X-UA-Device-Type
X-Uri
X-ZONE
X-Thinkindot-L1
X-Thanos
X-Sucuri-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-URL
X-VarnishDD-TTL
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Via-Fastly
X-We-Are-Hiring
X-Vmg-Version
X-Vercel-Cache
X-Vercel-Id
X-Viewer-Country
X-Shield-Cache-Expires
X-SB
X-Ion-Healthy
X-Ion-Hop
X-Level-Front-Cache
X-Mvc-Supplant-OutputCached
X-Human
X-Hnp-Log
X-Generated-On
X-Gzip
X-BBC-Edge-Cache-Status
X-Nyt-Route
X-Op-Id-All
X-Render-Time
X-Reqid
X-Request-URI
X-Region-Sid
X-Pubstack
X-Origin-Time
X-Path
X-Proto
X-Gen-Mode
X-Jungle-Id
X-Accel-Expires-Debug
RewriteTeamHook
X-AB-Test
Content-Script-Type
X-Acquia-Purge-Cdn-Unconfigured
X-Akamai-Device-Characteristics
L
RewriteTestHook
TDXMobile
User-Cache-Control
Cmstype
V-Age
Content-Style-Type
Cmsid
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
DSUID
Req-Svc-Chain
X-App-Name
PFcat
Pics-Label
Fastly-Backend-Name
Nord-Request-ID
Origin-EX
X-Backend-Instance
Origin-CC
Machine
Platform
Producers
Release
X-Amz-Storage-Class
X-NF-Request-ID
X-NewRelic-App-Data
X-Moov-Xdn-Version
Fastly-GeoIP-CountryCode
X-Proxied-Request
Tube-Return
Tube-Got-Results
CF-IPCountry
X-Location
X-Moov-T
Cookie
Click-Count-Action-Start
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
X-Moov-Xdn-Caching-Status
X-B3-Trace-ID
C-Via
X-NGINX-Cache
X-ElasticPress-Query
X-Fastly-Request-Id
X-Pad
X-Via-Poph
X-Origin-Response-Time
XM
X-Datadome
X-Via-Popn
X-Debug-Service
X-Sucuri-ID
X-Via-Popv
X-Nginx-Cache-Key
Fastly-Drupal-HTML
True-Client-Country-4JS
X-AIR-PT
NGX
Server-Hostname
X-Varnish-Hits
Server-Ext
Sever-Int
X-Srv
X-HA-Backend
X-Webkit-CSP
Show-Do-Not-Sell-Link
AR-SID
X-Refresh
Debug
X-Air-Pt
Traceparent
X-APP
X-Ez-Minify-Html
X-Cache-Backend
X-Nananana
X-Servedbyhost
X-TH-Server
HostName
X-Unity-Cache
Server-ID
GeoIP-Latitude
GeoIp-Country-Code
X-DynaTrace-JS-Agent
X-LB-ID
X-Fpc
WZWS-RAY
DataCenter
HA-Ipaddr
Product
X-B3-Parentspanid
Tcn
X-Amz-Meta-Cb-Modifiedtime
X-Zone
Fastly-Drupal-Html
Cdn
X-Cdn-Forward
X-Wormhole-Sdk
X-Litespeed-Tag
X-VCL-Version
X-Cache-VC
Lb
X-AC
X-CDN-Provider
X-Nc
X-Wa
X-Newrelic-Synthetics
X-GeoIP
X-Nginx-Cache
X-Source
SID
A
X-User
Xkey-La3
Serverhost
X-Proxy-Cache-La3
X-Proxy-CacheR9
Edge-Cache
Xkeylog
XkeyR9
X-Datacenter
CountryCode
X-TX-ID
X-Vc
Cs
X-RateLimit-Limit
Resin-Trace
X-B3-Spanid
NtCoent-Length
X-Request-Start
X-WA
X-LB-NoCache
Esi-Enabled
CDN
Sm-Log-Id
X-LiteSpeed-Tag
Cdn-Requestid
X-Service-Response-Time
Akamai-Mon-Iucid-Del
X-API-Version
X-LiteSpeed-Cache-Control
X-TT-LOGID
MIME-Version
X-Aspnet-Version
X-NC
X-ID
X-Dynatrace-Js-Agent
Wsr-Cache
X-HubSpot-Correlation-Id
X-VC-Age
X-Scheme
X-Lsadc-Cache
Content-Secure-Policy
X-TIM-N
X-Styx-Origin-Id
Proxy-Firewall
X-Udemy-Cache-App-Namespace
Uri
Datacenter
X-FPC
Cr
X-Styx-Info
X-HA-Application-Name
X-Html-Minification-Powered-By
X-HA-Device-Type
X-HA-Bot-Classification
Pramga
X-Lb-Id
Yjs-Id
X-Srcache-Fetch-Status
Geoip-Latitude
Hostname
X-Srcache-Store-Status
X-Request-Host
X-Ez-Minify-Js
ServerHost
X-Var-Ttl
Server-Id
RATING
GeoIP-Country-Code
X-Via-JSL
X-NodeID
X-Fastly-Backend-Reqs
X-Pool
X-TimeS
Cloudfront-Viewer-Country
From-Cache
Srv
X-Akamai-Pragma-Client-IP
X-ServedByHost
X-Stale
X-Lb-Nocache
W
X-Wp-Cf-Super-Cache-Cache-Control
Surrogated-Key
X-Oracle-DMS-ECID
X-RequestId
X-Aspnetmvc-Version
X-Wp-Cf-Super-Cache
X-NODE
X-MSEdge-Flight
X-CS
X-Vgn-Hpd-Reason
X-Swift-Error
X-CACHE-KEY
X-MSEdge-Features
X-Cache-Grace
X-DynaTrace
X-App
T-Server
X-LAGOON
X-Air-Trace-Id
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shardid
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Air-Hostname
X-Wp-Cf-Super-Cache-Active
X-Varnish-Beresp-TTL
X-Air-Source
X-Shopid
X-ByteArk-Cache
Ohc-Cache-HIT
Ohc-File-Size
X-Key
X-VServer
Yak-Timeinfo
X-Proxy-Cache-LA2
X-Correlation-ID
X-DataCenter
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-ByteArk-ReqID
X-Ramcache
Edge-Copy-Time
X-Elasticpress-Query
Ngx
X-Via-CDN
X-Jobs
CF-Cached-On
X-Ha-Backend
Cl-Cache
X-Webkit-Csp-Report-Only
N1-Cache
X-Via-SSL
X-Cdn-Cache-Status
Req-ID
X-Via-Edge
X-Geo
X-CSRF-TOKEN
X-Sucuri-Id
X-PageType
X-Web-Server
WebServer
X-Via-PopH
X-Via-PopN
X-Geolocation
X-DC
X-Check-Cacheable
X-Zen-Fury
X-Via-PopV
Akamai-X-True-TTL
X-ATG-Version
X-Th-Server
X-Iplb-Instance
X-Iplb-Request-Id
Cf-Ipcountry
X-Limited
FSS-Cache
Warning
True-Client-IP
My-App
X-MiniProfiler-Ids
X-Beacon
X-Serial
Host-Name
X-Env
X-Request-Url
X-Mg-Cache
User-Agent
Xkey-G-Jp
X-Fastly-Cache-Status
WP-Super-Cache