Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
X-LiteSpeed-Cache
Surrogate-Control
X-Server-Id
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
P3p
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
Fastly-Restarts
X-TraceId
X-Content-Type
X-Clacks-Overhead
X-Application-Context
X-TtlSet
X-Vname
Rating
X-Times
X-PC
X-Country
X-Cnection
X-Ua-Device
X-ESI
X-Browser-Type
X-Mcache
X-Midtier
X-Edge
X-Cache-TTL
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Surrogate-Key
X-FastCGI-Cache
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Element-Page-Cache
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Abt-Application-Version
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-D2id
X-Nf-Request-Id
X-NWS-LOG-UUID
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
Pinterest-Version
Pinterest-Generated-By
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Pinterest-Rid
X-GitHub-Request-Id
Akamai-GRN
X-Language
X-Middleton-Response
X-Envoy-Decorator-Operation
Response
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Client-IP
S
X-Ratelimit-Limit
AR-Request-ID
X-Oneagent-Js-Injection
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
X-MS-InvokeApp
X-Goog-Hash
X-Resp-Is-Stale
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
X-Cache-Key
Access-Control-Request-Method
X-NGENIX-Cache
Front-End-Https
X-Ezoic-Cdn
X-Varnish-TTL
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Url
X-Recruiting
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
X-Ruxit-Js-Agent
Public-Key-Pins
X-Mg-S
X-T
X-Ttl
TP-Cache
Fastcgi-Cache
X-MSEdge-Ref
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Ismobilevalue
X-Daa-Tunnel
X-Correlation-Id
X-Cluster-Name
X-Fastly-Request-ID
X-Forwarded-For
Realpath
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Ua-Browser
X-Content-Security-Policy-Report-Only
Payment
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Content-MD5
X-Newrelic-App-Data
X-DIS-Request-ID
X-TTL
X-Ratelimit-Remaining
X-Server-Name
X-GUploader-UploadID
X-CST
X-HS-Prerendered
X-HS-CF-Cache-Status
X-HP-Webp
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Jurisdiction
Content-Disposition
X-Azure-Ref
X-Amz-Replication-Status
Count-Hit
X-Webkit-Csp
X-RateLimit-Remaining
X-ORACLE-DMS-ECID
YJS-ID
X-Px
Cleartype
X-Page-Id
X-Xrds-Location
X-Ratelimit-Reset
Cross-Origin-Embedder-Policy
Accept-Charset
X-FB-Debug
Cross-Origin-Resource-Policy
X-Logged-In
X-Rid
X-SRCache-Store-Status
X-Proxy
X-Origin-Server
X-SRCache-Fetch-Status
X-URL
X-Protected-By
X-Az
X-AppVersion
X-Activity-Id
X-Unique-Id
X-Git-Hash
Ar-SID
X-Www-Served-By
X-VARITI-CCR
X-SERVER-NAME
X-Template
X-Request-Handler-Origin-Region
X-Microsite
X-Goog-Metageneration
X-LLID
X-Load-Cache
MicrosoftSharePointTeamServices
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
X-Request-Device-Id
X-PressLabs-Stats
Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Forwarded-Proto
Server-Node
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-Geo-Country
Server-Name
X-Hostname
X-COUNTRY
X-Content-Options
X-B3-Sampled
X-Hits
X-Frontend
Viewport
Section-Io-Cache
X-Varnish-Grace
X-TT
X-Varnish-Server
X-App-Server
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Fb-Rlafr
X-Device-Type
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Fastly-SIE
Fastly-SWR
Access-Control-Allow-Method
Alternate-Protocol
X-B
X-Grace
X-Status
TCN
Healthy
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Upgrade-Insecure-Requests
X-Request-Guid
Host
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Server-ID
X-WebKit-CSP-Report-Only
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-CSRF-Token
X-Buckets
X-Amzn-Remapped-Content-Length
Retry-After
X-Contextid
X-Debug
X-Cache-Control
MS-Author-Via
AKAMAI-GRN
X-NF-Request-ID
X-Revision
X-Type
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Original-Request-Id
X-Seen-By
X-Cache-Age
SD-X-WS
X-Instance
X-Vcl-Version
X-Response-Served-From
X-Tumblr-Pixel
X-ProcessESI
X-Tumblr-Pixel-0
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Loc
X-Is-Bot
Cross-Origin-Embedder-Policy-Report-Only
X-Hl-Ver
X-Rendered-As
X-RemovedCookies
X-Tumblr-Pixel-1
X-NYM-Debug-Backend
X-Adobe-Content
X-App-Version
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-UUID
X-Tumblr-User
X-N
X-Akamai-Edgescape
X-G
X-Debug-IsPreview
X-Lambda-Id
Section-Io-Id
X-Debug-IsConnected
Access-Control-Request-Headers
X-Backend-Name
X-Framework
X-Trace-Id
X-Varnish-Ttl
X-Mobile
Frame-Options
X-Mg-Request-UUID
X-DataDome
Charset
X-Content-Powered-By
X-ServerID
X-Storage
X-INCAP-ABP
X-RTag
NGB
X-Server-W
X-HITS
X-RM-Cache-TTL
X-Akamai-Request-ID2
X-Origin-TTL
MS-CV
X-Origin-CC
Ms-Operation-Id
X-AB
X-Dc
X-Cache-Status-Check
AR-SID
X-Wormhole-Sdk
X-Cache-Hit
X-Oracle-Dms-Ecid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Filterid
X-Cache-Time
Accept-Language
Cache
X-Request-Bu
X-Request-Site
X-Request-Platform
Refresh
X-B3-SpanId
X-Tec-Api-Root
X-Requestid
X-Tec-Api-Version
X-Time
X-Tec-Api-Origin
SRV
X-Real-IP
X-Region
X-Node-Name
Paypal-Debug-Id
X-XRDS-Location
Protected
Onion-Location
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
CDN-RequestId
X-VC-Cache
X-Ms-Version
X-Ms-Request-Id
Webserver
X-User-Agent
X-F-Cache
Liferay-Portal
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-Datadog-Trace-Id
X-Whom
X-WP-CF-Super-Cache-Active
X-HTML-Minification-Powered-By
X-Pass-Why
X-Datadog-Sampling-Priority
X-IPS-LoggedIn
Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
Xet-Cookie
X-LB-Cache
Backend
X-Rocket-Nginx-Serving-Static
X-Mode
X-Environment-Context
GEO-INFO
X-L-Path
OT-Force-Account-Verify
X-Tb
X-Service
X-Drupal-Cache-Tags
X-Yandex-Req-Id
X-Handled-By
X-Rule
X-Fastcgi-Cache
X-Proxy-Cache-Info
X-Routing-Service
Filters
X-Rn-Rsrv
X-Rewrite-Enabled
X-SaId
X-Tcp-Rtt
X-Vcache
X-UPSTREAM-Address
X-Wix-Request-Id
X-Servername
Fastcgi-Useragent
X-Proxied
X-Zipkin-Id
Meta-Geo
X-Is-Supported-Browser
ServerID
X-Is-Tablet
X-Is-Mobile
X-Is-Desktop
X-Geo-Region
X-Tncms
X-Detected-As
X-Extlb
X-Cloudmap
Url
X-JoinUs
X-Loop
Web-Mar-Node
X-Adobe-Source
X-Browser-Name
X-Cacheable-TTL
X-MP-GENERATED-AT
Country
LB
X-Storefront-Renderer-Rendered
X-IPLB-Instance
X-IPLB-Request-ID
X-Alternate-Cache-Key
X-Skip-Cache
X-Restarts
X-Shopify-Stage
X-Director
Expiry
X-Tumblr-Pixel-3
Atl-Traceid
X-Cms-Context
X-Cdn-Origin
X-Web-Node
X-Cache-Host
ServedBy
X-Connection-Hash
X-Varnish-Beresp-Grace
X-Tumblr-Pixel-2
X-Redis-Cache
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-Locale
X-FW-Version
X-FW-Type
X-Hosted-By
X-Logging-Id
X-Hit
X-Forwarded-Host
X-Format
X-Generation-Time
X-Origin-Date
Uber-Trace-Id
X-Say-TTL
Mn-Server-Ip
X-ProxyCache-Status
TWC-Connection-Speed
Property-Id
Apigw-Requestid
X-SayCDN-TTL
X-BYPASS-REASON
X-Scope-Id
TWC-Device-Class
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
TWC-Privacy
X-Debug-Info
TWC-GeoIP-City
Webcakes-Region
Webcakes-App-Version
X-Httpd
X-Origin-Hint
Environment
X-Endurance-Cache-Level
X-Edge-Location
X-Soup
Webcakes-App-Name
X-ProxyCache-Key
X-Say-Cacheable
TWC-GeoIP-DMA
X-Cluster
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Cluster-Node
TWC-Locale-Group
TWC-GeoIP-Region
X-Served-From
X-PHP-Host
X-Labrador-Cache-Channel
X-Cache-Action
X-App-Environment
X-Urbn-Site-Id
Locale
X-Drupal-Cache-Contexts
X-Urbn-Context-Path
YJS-CacheStatus
X-S
X-Origin
Cache-Hits
X-Proxy-Build
X-Timing-Wait
X-Auth-Group-Type
Selected-Fe
X-Mly-Id
X-Fetched-On
X-VC
X-ECache
X-R9-Blue-Green-Version
X-No-Session
X-FB-TRIP-ID
X-Is-Modern-Browser
X-VCT
X-Origin-Cache
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-UA
X-Cache-Debug
X-GEO
DB-Nickname
X-RCS-CacheZone
X-Sorting-Hat-PodId
X-CACHE-AGE
X-SRV
X-WP-CF-Super-Cache-Cookies-Bypass
Front
X-CDN-Forward
X-Varnish-Age
X-Varnish-Cache-Hits
X-Provided-By
X-NewRelic-App-Data
Xserver
X-Lagoon
Node
X-Is-Mobile-Only
Countrycode
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
Cache-Tv-Group
X-Api-Version
WPO-Cache-Status
X-Generated-By
X-Platform
X-TA-CDN-Provider
X-Source
X-CDN-Cache-Status
X-Webstats-RespID
X-Site-Version
Cache-Provider
Referer-Policy
From-Origin
X-Azure-Ref-OriginShield
X-Cdn
X-Presslabs-Stats
X-Accel-Version
X-B-Cache
X-Signature
X-B3-Traceid
X-NWS-UUID-VERIFY
X-Tt-Logid
X-VC-TTL
X-Optimistic-Header
X-PHP-Backend
Location
X-Tx-Id
X-Xfnlog-Site
CF-IPCountry
X-Sucuri-Cache
Request-ID
X-Cache-Rule
X-Ua
X-Cache-Operation
X-IsAdmin
X-Worker
CDN-PullZone
CDN-EdgeStorageId
X-Air-Pt
CDN-Cache
X-Tb-Optimization-Total-Bytes-Saved
CDN-RequestCountryCode
CDN-CachedAt
X-Reqid
CDN-RequestPullCode
WPO-Cache-Message
CDN-Uid
CDN-RequestPullSuccess
AMP-Access-Control-Allow-Source-Origin
Apple-News-Services-Parsed-Url
X-Cache-Aspx
X-Bl-Debug
X-VG-TLSProxy
Apple-News-Services-Request-Url
X-Cache-NE
X-Clientip
X-Cms-Device
Xc-Version
X-D
X-Rocket-Build-Number
X-Save-Cache
X-Rojux
X-Varnish-Authentication
X-Depends
X-Core-Value
X-Content-Age
X-Conf
Apple-News-Services-Handled
X-BCube-Filmed-By
XM
X-Contensis-Viewer-Groups
Apple-News-Services-Host
DCR-Processing-Time-Ms
X-VG-WebCache
Web-Mar-Region
MD5-Digest
Meta-Geo-Continent
Log-Origin
Lang
Host-ID
X-A-Ccd
X-A
Ngx.Var.Host
Time-Cloud-Cache
Redirect-Candidate
Rendered-Blocks
RNT-Time
RNT-Machine
X-Request-URI
Sslversion
Odigeo-Trace-Id
Origin
Store-Cloud-Cache
X-A-Dam
X-A-Dcw
Cluster
X-ApacheServer
X-Vtex-Remote-Cache
X-Viewer-Country
X-Application
X-Auto-Login
X-B-Cookie
Cdncip
Cdnsip
X-AK-Request-ID
DCR-Decision-By
Fl-Custom-Application
X-A-Wwc
X-A-Dgt
Fastly-SSL
X-Access
X-Aed
X-Action
Expect-Staple
Candidate-Md5Url
X-Ec-Fail
X-Origin-Expires
X-Ig-Origin-Region
X-Ig-Push-State
X-Old-Content-Length
X-SRCache-Key
X-PAYTM-SRV-ID
X-Varnish-Hostname
X-SD-PageType
X-Section
X-External-Request-Id
X-HS-Content-Campaign-Id
X-S-Cookie
X-Node-Id
X-Micro-Cache
X-Sucuri-ID
X-Forwarded-Site
X-Fmm-Version
X-Sigma
X-Sigma-Backend
X-Destination
X-Slack-Shared-Secret-Outcome
X-Loc
X-Slack-Backend
X-GeoCode
X-PERF
X-Vary-Devices
X-Req
X-Varnish-Director
X-GeoCountry
X-Ec-GeoHdr
X-ScT
X-Ee-Origin
X-Ee-Generated-By
X-Ee-Request-Id
X-Fastly-Request-Id
X-Developer
X-Vdms-Version
X-Ee-Request-Date
X-TT-LOGID
X-Frame-Option
X-LSADC-Cache
X-GoCache-CacheStatus
Server-Host
X-GeoIP-Country-Code
X-Men
X-Gdpr
X-AB-Test
X-Accel-Expires-Debug
ServerName
X-Level-Front-Cache
X-Ion-Healthy
X-Acquia-Purge-Cdn-Unconfigured
V-Age
User-Cache-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Hnp-Log
X-Human
TDXMobile
X-HN
X-Ion-Hop
X-Gen-Mode
X-Generated-On
X-Internal-TTL
X-Jungle-Id
X-Moov-Xdn-Version
X-Render-Time
X-Epic-Correlation-Id
X-Content-Length
X-Region-Sid
X-Eu-Site
X-Path
X-Policy
X-Pubstack
X-Csrf-Jwt
X-CUA
X-Ec-Custom-Error
X-DefHash
X-Dispatcher-Server
X-DefElseHash
X-GeoIP-Region-Code
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Origin-Time
X-CGP
X-Amz-Storage-Class
X-App-Name
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Akamai-Device-Characteristics
X-Aicache-OS
X-FC-Vary-Parameters
X-Fastly-Backend
X-VarnishDD-TTL
X-Backend-Instance
X-Block-Status
X-Bug-Bounty
X-Op-Id-All
X-Nyt-Route
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-Varnish-Remaining-TTL
RewriteTestHook
N-Cache
Cmstype
Cmsid
RewriteTeamHook
X-SB
Country-Code
X-Thinkindot-L1
Gh-Request-Id
X-From
Gannett-Cam-Experience-Id
X-Shield-Cache-Expires
CDCHOST
Cache-Contol
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Varnish-CookieHashed-On
Azure-SlotName
X-Varnish-CookieINHashed-On
X-We-Are-Hiring
IsBot
X-Sn-Servicetimems
Azure-Version
Ha-Gx-Prefs
DSUID
X-Thinkindot-L3
X-UA-Device-Type
X-Org
Nord-Request-ID
X-Up
X-SIPLIST1
Origin-CC
Origin-EX
X-V-Cache
Origin-Agent-Cluster
Req-Svc-Chain
L5d-Success-Class
L
X-Hash
X-Via-Fastly
X-Uri
X-Varnish-Beresp-Status
PFcat
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
NM-Fastcgi-Cache
Source
X-Mvc-Supplant-Cachable
X-Vercel-Cache
Content-Style-Type
X-Server-IP
Wxu-Next-Commit
Content-Script-Type
X-Edge-Server
X-NMSegId
X-ElasticPress-Query
X-GeoIP-City
X-Esi-Check
X-Cache-Date
X-Vmg-Version
X-Gzip
Release
X-DPWN-IS-SECURE
Wxu-Next-Hostname
Wxu-Next-Region
Origin-Site
X-Cache-Id
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Machine
X-Proto
X-Vercel-Id
Click-Count-Error
X-SVT-ORM-VERSION
Mail-Subject
We-Hiring
Platform
Producers
Tube-Get-Contents
Tube-Got-Eval
Tube-Return
Tube-Got-Results
Click-Count-Action-Start
X-Thanos
C-Via
X-Wikidot-Static-Cache
X-Bip
CacheControlHeader
Cdn-Host
X-B3-Trace-ID
X-Wikidot-Backend
X-CacheTTL
Cdn-Request-Time
X-Cache-FS-Status
X-SVT-ORM-RULES
X-Parent-Response-Time
Fastly-Drupal-HTML
X-Gamma-Serve
Pragrma
Canary
X-Location
X-Mvc-Supplant-OutputCached
X-ZONE
X-Proxied-Request
X-Origin-Response-Time
Powered-By
S-Rt
X-Litespeed-Cache-Control
X-Upstream-Ht
X-Upstream-Ct
X-Pad
X-Cs
Debug
X-NGINX-Cache
Vix-Hermes-Req-Id
X-Cached-By
Sid
CloudFront-Viewer-Country
Pics-Label
X-Refresh
NGX
X-ND-Cache
X-TH-Server
X-APP
X-Via-Popv
X-Via-Popn
Product
X-Via-Poph
X-Nananana
X-Litespeed-Tag
GeoIP-Latitude
HA-Ipaddr
X-HA-Backend
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
Mime-Version
X-FORWARDED-FOR
X-Client-Ip
Server-ID
X-Cache-VC
X-Varnish-Hits
Cookie
Edge-Cache
GeoIp-Country-Code
MIME-Version
X-User
X-Datadome
X-LB-ID
X-AIR-PT
X-Fpc
X-Nc
X-Wa
X-GeoIP
X-DynaTrace-JS-Agent
X-Webkit-CSP
X-Nginx-Cache
SID
X-Cdn-Forward
X-Debug-Service
X-B3-Parentspanid
X-Nginx-Cache-Key
Akamai-Mon-Iucid-Del
Server-Hostname
Server-Ext
True-Client-Country-4JS
Sever-Int
WZWS-RAY
X-Srv
X-LB-NoCache
Load-Balancing
X-Zone
HostName
X-Request-Start
Cdn
DataCenter
Show-Do-Not-Sell-Link
Surrogated-Key
X-Scheme
Resin-Trace
X-Unity-Cache
Fastly-Drupal-Html
X-Cache-Backend
X-Vc
Traceparent
X-CS
X-Newrelic-Synthetics
X-LiteSpeed-Cache-Control
Tcn
X-VCL-Version
X-Lsadc-Cache
X-Pool
Wsr-Cache
Sm-Log-Id
X-Service-Response-Time
X-NodeID
Lb
X-Request-Host
N1-Cache
X-B3-Spanid
X-RequestId
X-Cache-Grace
X-Vgn-Hpd-Reason
Yjs-Id
X-LiteSpeed-Tag
X-API-Version
X-CDN-Provider
X-TX-ID
Serverhost
X-HOST
X-HubSpot-Correlation-Id
Yak-Timeinfo
NtCoent-Length
X-Ez-Minify-Html
X-Datacenter
Datacenter
X-DataCenter
X-DynaTrace
X-Via-Edge
X-Udemy-Cache-App-Namespace
X-Via-CDN
Hostname
X-RateLimit-Limit
X-Proxy-Cache-La3
X-Via-SSL
X-Proxy-CacheR9
Xkey-La3
Edge-Copy-Time
Xkeylog
XkeyR9
X-Dynatrace-Js-Agent
Cdn-Requestid
X-WA
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
CDN
A
X-Geolocation
X-Zen-Fury
CountryCode
X-Jobs
X-FPC
Req-ID
X-ID
X-Fastly-Backend-Reqs
X-NC
X-Lb-Id
Cs
X-Html-Minification-Powered-By
X-Akamai-Pragma-Client-IP
WP-Super-Cache
Uri
X-Cdn-Srv
Esi-Enabled
X-Via-JSL
GeoIP-Country-Code
Server-Id
True-Client-IP
X-Traceid
WebServer
X-Powered-By-VTEX-Cache
X-Webkit-Csp-Report-Only
X-Stale
Geoip-Latitude
T-Server
X-VTEX-Cache-Time
X-TimeS
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-VC-Age
On-Server
X-Ez-Minify-Js
Proxy-Firewall
RATING
X-VTEX-Cache-Server
X-Styx-Origin-Id
ServerHost
From-Cache
Srv
X-Lb-Nocache
Pramga
X-HA-Device-Type
X-MSEdge-Features
X-MSEdge-Flight
X-HA-Bot-Classification
X-HA-Application-Name
Cr
X-Styx-Info
X-ServedByHost
X-Swift-Error
X-Varnish-Beresp-TTL
X-Oracle-DMS-ECID
Content-Secure-Policy
X-WA-Info
X-Ha-Backend
X-TIM-N
Cloudfront-Viewer-Country
Coldstone-Viewer-Currency
Coldstone-Viewer-Country
X-Var-Ttl
X-App
Coldstone-Viewer-Country-Region-Name
X-CSRF-TOKEN
X-Wp-Cf-Super-Cache
X-LAGOON
X-Wp-Cf-Super-Cache-Cache-Control
X-Ssense-Gql
X-Via-PopN
X-Ssense-Shipping-Surcharge-Enabled
X-Via-PopV
Ngx
X-Correlation-ID
W
FSS-Cache
X-Via-PopH
X-Fastly-Cache
X-Web-Server
X-Cdn-Cache-Status
X-Geo
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Ramcache
X-Shardid
X-Check-Cacheable
X-Shopid
Cl-Cache
BehaviorPad-Version
X-Elasticpress-Query
X-Proxy-Cache-LA2
X-Serial
X-Th-Server
X-DC
X-Wp-Cf-Super-Cache-Active
X-Request-Url
Akamai-X-True-TTL
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-ATG-Version
Cf-Ipcountry
X-Mg-Cache
User-Agent
X-Fastly-Cache-Hits
Cneonction
FSS-Proxy
X-Key
Xkey-G-Jp
X-Request-Time
Host-Name
X-Fastly-Cache-Status
Bxpunish
X-Cache-TTL-Remaining
X-Env
X-Nitro-Cache
My-App
Bxuuid