Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
CF-Ray
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
Status
X-CDN
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-AH-Environment
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Pingback
X-Dns-Prefetch-Control
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-Node
X-FTR-Request-ID
X-Device
X-LiteSpeed-Cache
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Server-Id
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
P3p
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Application-Context
X-Clacks-Overhead
X-TtlSet
X-PC
X-Times
Rating
X-Vname
X-Country
X-Cnection
X-Ua-Device
X-Edge
X-Mcache
X-ESI
X-Midtier
X-Browser-Type
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Cache-TTL
X-Country-Code-Real
X-FTR-Backend
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Surrogate-Key
Edge-Control
X-FastCGI-Cache
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Element-Page-Cache
X-Abt-Application-Version
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Nf-Request-Id
X-D2id
X-NWS-LOG-UUID
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Middleton-Display
Pagespeed
Display
X-Sol
Akamai-GRN
X-GitHub-Request-Id
X-Language
X-Envoy-Decorator-Operation
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Middleton-Response
Response
X-Client-IP
S
X-Oneagent-Js-Injection
Edge-Cache-Tag
X-Ratelimit-Limit
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-MS-InvokeApp
X-Goog-Hash
X-ARC
X-Resp-Is-Stale
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
X-Cache-Key
Access-Control-Request-Method
X-NGENIX-Cache
X-Varnish-TTL
Front-End-Https
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-Url
X-Shield-Request-Id
X-Recruiting
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
Public-Key-Pins
X-Ruxit-Js-Agent
X-Ttl
X-T
X-Mg-S
Fastcgi-Cache
X-MSEdge-Ref
TP-Cache
Arr-Disable-Session-Affinity
X-Accel-Expires
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Daa-Tunnel
X-Correlation-Id
X-Ismobilevalue
X-Forwarded-For
X-Cluster-Name
Realpath
Cache-Tags
X-Fastly-Request-ID
X-Cached
X-Id
AR-CACHE
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Content-Security-Policy-Report-Only
X-Ua-Browser
Payment
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Content-MD5
X-Newrelic-App-Data
X-DIS-Request-ID
X-TTL
X-Ratelimit-Remaining
X-Server-Name
X-GUploader-UploadID
X-CST
X-HS-Prerendered
X-Cambria-Cache-Control
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-HS-CF-Cache-Status
Content-Disposition
X-Azure-Ref
X-Amz-Replication-Status
Count-Hit
X-RateLimit-Remaining
X-Webkit-Csp
X-Px
X-ORACLE-DMS-ECID
YJS-ID
Cleartype
X-Page-Id
Accept-Charset
Cross-Origin-Embedder-Policy
X-Xrds-Location
X-Unique-Id
X-Rid
X-FB-Debug
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Logged-In
Cross-Origin-Resource-Policy
X-Ratelimit-Reset
X-Proxy
X-Origin-Server
X-Git-Hash
X-URL
X-AppVersion
X-Az
X-Www-Served-By
Ar-SID
X-Protected-By
X-Activity-Id
X-SERVER-NAME
X-VARITI-CCR
X-Template
X-Request-Handler-Origin-Region
X-Microsite
X-Goog-Metageneration
X-LLID
X-Load-Cache
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-Varnish-Backend
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-PressLabs-Stats
X-Request-Device-Id
X-Forwarded-Proto
Version
Server-Node
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-Geo-Country
Server-Name
X-Hostname
X-COUNTRY
X-Content-Options
X-Frontend
X-B3-Sampled
X-Hits
X-Varnish-Grace
Section-Io-Cache
Viewport
X-Varnish-Server
X-TT
X-App-Server
X-Device-Type
X-Fb-Rlafr
Alternate-Protocol
Access-Control-Allow-Method
X-Cdn
Mrf-Cache-Status
X-B
MRF-Tech
X-B3-TraceId-Primal
X-Grace
Fastly-SWR
X-Status
Fastly-SIE
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Meli-Trace-Platform
TCN
Healthy
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Upgrade-Insecure-Requests
X-Request-Guid
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
Host
X-Server-ID
Amp-Access-Control-Allow-Source-Origin
DC
X-WebKit-CSP-Report-Only
X-Tt-Trace-Tag
X-CSRF-Token
X-Tt-Trace-Host
X-Buckets
X-Contextid
X-Amzn-Remapped-Content-Length
Retry-After
X-Debug
MS-Author-Via
X-Cache-Control
AKAMAI-GRN
X-NF-Request-ID
X-Revision
X-Type
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Original-Request-Id
X-Seen-By
X-Response-Served-From
X-Vcl-Version
X-Instance
X-Cache-Age
SD-X-WS
X-Yottaa-Metrics
X-NYM-Debug-Backend
X-ProcessESI
X-RemovedCookies
X-Adobe-Content
Cross-Origin-Embedder-Policy-Report-Only
X-Rendered-As
Cross-Origin-Opener-Policy-Report-Only
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-UUID
X-Yottaa-Optimizations
X-Is-Bot
X-N
X-Adobe-Loc
X-Tumblr-Pixel-0
X-App-Version
X-Hl-Ver
Section-Io-Id
X-Backend-Name
Access-Control-Request-Headers
X-G
X-Akamai-Edgescape
X-Debug-IsPreview
X-Lambda-Id
X-Debug-IsConnected
X-Mg-Request-UUID
X-Mobile
X-Framework
Charset
X-Content-Powered-By
X-Storage
X-Varnish-Ttl
X-INCAP-ABP
X-Trace-Id
X-ServerID
X-RM-Cache-TTL
X-HITS
X-Akamai-Request-ID2
X-DataDome
Frame-Options
X-Origin-TTL
X-Origin-CC
NGB
X-Server-W
X-RTag
X-Dc
Ms-Operation-Id
MS-CV
X-AB
X-Cache-Status-Check
AR-SID
X-Wormhole-Sdk
X-Oracle-Dms-Ecid
X-Cache-Hit
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Filterid
X-Cache-Time
X-Request-Bu
Cache
Accept-Language
X-Request-Site
X-Request-Platform
Refresh
X-B3-SpanId
X-Tec-Api-Root
X-Time
X-Tec-Api-Version
X-Tec-Api-Origin
SRV
X-Requestid
Paypal-Debug-Id
X-Node-Name
X-Region
X-Real-IP
X-XRDS-Location
Onion-Location
Protected
X-Ms-Version
Webserver
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Ms-Request-Id
X-CCDN-CacheTTL
CDN-RequestId
X-VC-Cache
X-User-Agent
X-F-Cache
Liferay-Portal
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-IPS-LoggedIn
X-LB-Cache
X-WP-CF-Super-Cache-Active
X-HTML-Minification-Powered-By
X-Whom
X-Pass-Why
X-Datadog-Sampled
X-Datadog-Parent-Id
Priority
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
Backend
Xet-Cookie
X-Mode
X-Environment-Context
GEO-INFO
X-L-Path
OT-Force-Account-Verify
X-Tb
X-Service
X-Handled-By
X-Drupal-Cache-Tags
X-Proxy-Cache-Info
X-Fastcgi-Cache
X-Rule
X-Cacheable-TTL
X-Loop
X-Zipkin-Id
X-App-Environment
X-Proxied
X-Detected-As
X-JoinUs
LB
X-Tncms
X-Is-Tablet
X-Tcp-Rtt
X-SaId
X-Vcache
X-Extlb
X-Geo-Region
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
ServerID
X-UPSTREAM-Address
X-Wix-Request-Id
X-MP-GENERATED-AT
Filters
X-Rn-Rsrv
X-Adobe-Source
X-Browser-Name
X-Servername
Web-Mar-Node
Url
Fastcgi-Useragent
X-Routing-Service
Meta-Geo
X-Yandex-Req-Id
X-Rewrite-Enabled
Country
X-Cloudmap
X-IPLB-Instance
ServedBy
Uber-Trace-Id
X-FW-Dynamic
X-Varnish-Beresp-Grace
X-Format
X-Cdn-Origin
Expiry
X-Forwarded-Host
X-IPLB-Request-ID
X-Tumblr-Pixel-2
Atl-Traceid
X-Director
X-Cache-Host
X-Cms-Context
X-Tumblr-Pixel-3
X-Connection-Hash
X-Origin-Date
TWC-GeoIP-City
X-Alternate-Cache-Key
X-Logging-Id
X-Hosted-By
TWC-Connection-Speed
X-Redis-Cache
X-Restarts
Property-Id
TWC-Locale-Group
Webcakes-App-Name
X-Generation-Time
X-Storefront-Renderer-Rendered
X-Skip-Cache
TWC-GeoIP-LatLong
TWC-GeoIP-DMA
TWC-GeoIP-Country
TWC-Device-Class
X-Locale
X-Shopify-Stage
TWC-GeoIP-Region
Webcakes-App-Version
TWC-Privacy
X-Origin-Hint
X-FW-Server
X-Web-Node
X-FW-Serve
X-Hit
X-FW-Hash
X-FW-Version
X-FW-Static
Webcakes-Region
X-FW-Type
X-Say-TTL
X-SayCDN-TTL
X-RateLimit-Remaining-Second
Mn-Server-Ip
X-Debug-Info
X-Say-Cacheable
X-Scope-Id
X-Endurance-Cache-Level
X-ProxyCache-Status
X-ProxyCache-Key
X-Cluster
X-Edge-Location
X-Cluster-Node
X-BYPASS-REASON
X-RateLimit-Limit-Second
X-Cache-Action
X-Httpd
Apigw-Requestid
X-Served-From
X-Soup
X-FB-TRIP-ID
X-Labrador-Cache-Channel
Locale
X-S
X-Urbn-Context-Path
X-PHP-Host
YJS-CacheStatus
X-Drupal-Cache-Contexts
X-Urbn-Site-Id
Environment
X-Origin
X-VC
Selected-Fe
DB-Nickname
X-Timing-Wait
X-Fetched-On
X-Proxy-Build
X-Auth-Group-Type
X-ECache
X-Mly-Id
Cache-Hits
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-VCT
X-No-Session
X-Origin-Cache
X-Is-Modern-Browser
X-Cache-Debug
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-UA
X-GEO
X-Sorting-Hat-PodId
X-CACHE-AGE
Front
X-SRV
X-WP-CF-Super-Cache-Cookies-Bypass
X-Varnish-Age
X-CDN-Forward
X-Varnish-Cache-Hits
X-Provided-By
X-NewRelic-App-Data
X-Lagoon
Xserver
Node
Countrycode
X-Is-Mobile-Only
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
WPO-Cache-Status
X-TA-CDN-Provider
Cache-Tv-Group
X-Api-Version
X-Generated-By
X-Platform
X-Source
X-CDN-Cache-Status
X-Site-Version
X-Webstats-RespID
Referer-Policy
X-Presslabs-Stats
X-Azure-Ref-OriginShield
Cache-Provider
From-Origin
X-B-Cache
X-Signature
X-Accel-Version
X-B3-Traceid
X-Tt-Logid
X-VC-TTL
X-NWS-UUID-VERIFY
X-Optimistic-Header
X-Xfnlog-Site
X-PHP-Backend
Location
X-Tx-Id
X-Cache-Rule
X-Sucuri-Cache
CF-IPCountry
X-Cache-Operation
Request-ID
X-Ua
X-IsAdmin
X-Worker
CDN-RequestPullSuccess
WPO-Cache-Message
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
CDN-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Reqid
X-Air-Pt
AMP-Access-Control-Allow-Source-Origin
Candidate-Md5Url
X-A-Wwc
X-Action
Cluster
X-ApacheServer
XM
X-AK-Request-ID
Xc-Version
DCR-Decision-By
Cdncip
X-Aed
Cdnsip
X-Access
DCR-Processing-Time-Ms
Odigeo-Trace-Id
Ngx.Var.Host
Expect-Staple
Origin
Redirect-Candidate
Meta-Geo-Continent
MD5-Digest
Host-ID
Lang
Fastly-SSL
Log-Origin
Rendered-Blocks
RNT-Machine
Fl-Custom-Application
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
Web-Mar-Region
Time-Cloud-Cache
RNT-Time
Sslversion
X-Auto-Login
Store-Cloud-Cache
X-A-Dgt
X-Cache-NE
X-Ig-Origin-Region
X-Slack-Shared-Secret-Outcome
X-Ig-Push-State
X-Slack-Backend
X-Sigma-Backend
X-Loc
X-HS-Content-Campaign-Id
X-GeoCountry
X-Varnish-Authentication
X-Varnish-Director
X-Forwarded-Site
X-SRCache-Key
X-GeoCode
X-Sigma
X-Micro-Cache
X-S-Cookie
X-Save-Cache
X-Rojux
X-PERF
X-Request-URI
X-Req
X-PAYTM-SRV-ID
X-Origin-Expires
X-Node-Id
X-Section
X-SD-PageType
X-Old-Content-Length
X-ScT
X-Fmm-Version
X-External-Request-Id
X-Clientip
X-Rocket-Build-Number
X-Cms-Device
X-Conf
X-Vdms-Version
X-Contensis-Viewer-Groups
X-Cache-Aspx
X-Bl-Debug
X-B-Cookie
X-Viewer-Country
X-BCube-Filmed-By
X-VG-WebCache
X-VG-TLSProxy
X-Content-Age
X-Core-Value
X-Ee-Origin
X-Ee-Generated-By
X-Ee-Request-Date
X-Ee-Request-Id
X-Varnish-Hostname
X-Vary-Devices
X-Ec-GeoHdr
X-Ec-Fail
X-Depends
X-D
X-Destination
Apple-News-Services-Request-Url
X-Developer
X-Vtex-Remote-Cache
X-Application
X-Fastly-Request-Id
Apple-News-Services-Parsed-Url
X-Sucuri-ID
Apple-News-Services-Host
Apple-News-Services-Handled
X-Frame-Option
X-LSADC-Cache
X-TT-LOGID
X-Eu-Site
X-Dispatcher-Server
X-Ec-Custom-Error
X-Epic-Correlation-Id
X-FC-Vary-Parameters
X-Fastly-Backend
X-Gen-Mode
X-HN
X-Human
X-Internal-TTL
X-Ion-Healthy
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-DefHash
X-Generated-On
X-GeoIP-Country-Code
X-Gdpr
X-Debug-Cache-Fetch
X-Amz-Storage-Class
X-App-Name
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Akamai-Device-Characteristics
X-Aicache-OS
X-AB-Test
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Bc-Bl
X-Block-Status
X-Date
X-Ion-Hop
X-Debug-Cache-Store
X-CUA
X-Csrf-Jwt
X-Bug-Bounty
X-CGP
X-Content-Length
X-DefElseHash
X-Men
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Via-Fastly
X-We-Are-Hiring
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Up
X-Uri
X-Varnish-Beresp-Status
IsBot
Wxu-Next-Commit
X-Org
X-SIPLIST1
X-V-Cache
X-Hash
X-GeoIP-City
Wxu-Next-Hostname
Wxu-Next-Region
X-From
X-UA-Device-Type
X-Thinkindot-L3
X-Nyt-Route
Azure-InstanceId
X-Op-Id-All
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Level-Front-Cache
V-Age
X-Moov-T
X-Origin-Time
X-Path
X-Shield-Cache-Expires
X-Sn-Servicetimems
X-Thinkindot-L1
X-SB
X-Render-Time
X-Policy
X-Pubstack
X-Region-Sid
X-Jungle-Id
X-Hnp-Log
Azure-SlotName
Azure-RegionName
Azure-Version
User-Cache-Control
PFcat
Req-Svc-Chain
RewriteTeamHook
TDXMobile
ServerName
Server-Host
RewriteTestHook
Origin-EX
Origin-CC
Ha-Gx-Prefs
Gh-Request-Id
CDCHOST
Gannett-Cam-Experience-Id
L
L5d-Success-Class
Origin-Agent-Cluster
Nord-Request-ID
DSUID
Cache-Contol
Cmsid
Azure-SiteName
Country-Code
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Cmstype
X-AWS-Id
X-VWS-Id
X-LJ-Flow-ID
Tube-Got-Eval
X-Gamma-Serve
X-Esi-Check
X-SVT-ORM-RULES
Tube-Return
Tube-Got-Results
We-Hiring
Platform
Tube-Get-Contents
X-DPWN-IS-SECURE
Producers
X-NMSegId
X-Mvc-Supplant-Cachable
X-Edge-Server
Cdn-Host
C-Via
CacheControlHeader
Mail-Subject
Machine
Fastly-Backend-Name
X-Thanos
X-Proto
N-Cache
NM-Fastcgi-Cache
X-SVT-ORM-VERSION
X-Wikidot-Backend
Fastly-GeoIP-CountryCode
Release
X-Gzip
X-Wikidot-Static-Cache
X-ElasticPress-Query
X-Vercel-Cache
X-Cache-FS-Status
X-Cache-Id
X-CacheTTL
Cdn-Request-Time
X-Bip
Click-Count-Error
X-B3-Trace-ID
Click-Count-Action-Start
Pragrma
X-Vercel-Id
X-Server-IP
Source
X-Parent-Response-Time
Content-Script-Type
S-Rt
X-Vmg-Version
X-Proxied-Request
Origin-Site
Fastly-Drupal-HTML
Content-Style-Type
Powered-By
X-Cache-Date
X-Mvc-Supplant-OutputCached
X-Origin-Response-Time
X-Litespeed-Cache-Control
X-ZONE
X-Upstream-Ht
X-Upstream-Ct
X-Pad
Debug
X-Cs
X-Location
Canary
X-NGINX-Cache
Vix-Hermes-Req-Id
X-Cached-By
Sid
NGX
X-ND-Cache
CloudFront-Viewer-Country
Pics-Label
X-Refresh
X-Via-Popv
X-TH-Server
X-Nananana
Product
X-Via-Popn
X-Litespeed-Tag
X-APP
X-Via-Poph
Mime-Version
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-HA-Backend
HA-Ipaddr
X-Servedbyhost
X-FORWARDED-FOR
X-Client-Ip
X-Cache-VC
Cookie
X-Varnish-Hits
Server-ID
Edge-Cache
X-User
X-Datadome
MIME-Version
GeoIp-Country-Code
X-Fpc
X-AIR-PT
X-DynaTrace-JS-Agent
X-Wa
X-GeoIP
X-LB-ID
X-Nc
X-Webkit-CSP
X-Cdn-Forward
SID
X-Nginx-Cache
X-B3-Parentspanid
X-Debug-Service
X-Nginx-Cache-Key
X-Srv
Server-Ext
Akamai-Mon-Iucid-Del
WZWS-RAY
Sever-Int
X-LB-NoCache
Server-Hostname
HostName
True-Client-Country-4JS
Load-Balancing
X-Zone
DataCenter
Show-Do-Not-Sell-Link
Surrogated-Key
Resin-Trace
Cdn
X-Unity-Cache
X-Request-Start
X-Scheme
Fastly-Drupal-Html
X-Cache-Backend
X-Vc
Traceparent
X-Newrelic-Synthetics
X-CS
X-LiteSpeed-Cache-Control
Tcn
X-VCL-Version
X-Lsadc-Cache
Lb
Wsr-Cache
X-Request-Host
X-Service-Response-Time
X-NodeID
Sm-Log-Id
X-Pool
X-RequestId
X-B3-Spanid
N1-Cache
X-Cache-Grace
X-Vgn-Hpd-Reason
Yjs-Id
X-LiteSpeed-Tag
X-API-Version
X-CDN-Provider
X-HOST
X-DynaTrace
X-HubSpot-Correlation-Id
NtCoent-Length
Datacenter
X-TX-ID
Yak-Timeinfo
X-Datacenter
X-DataCenter
Serverhost
X-Ez-Minify-Html
Hostname
X-Via-CDN
X-Proxy-Cache-La3
X-Udemy-Cache-App-Namespace
X-Proxy-CacheR9
Xkey-La3
X-RateLimit-Limit
Xkeylog
X-Via-SSL
XkeyR9
Edge-Copy-Time
X-Via-Edge
X-Dynatrace-Js-Agent
X-Geolocation
A
X-Air-Source
X-Zen-Fury
X-Air-Trace-Id
Cdn-Requestid
X-WA
CDN
X-Air-Hostname
CountryCode
X-ID
X-NC
X-Jobs
X-Fastly-Backend-Reqs
X-FPC
X-Lb-Id
Req-ID
Cs
WP-Super-Cache
X-Html-Minification-Powered-By
GeoIP-Country-Code
Esi-Enabled
X-Cdn-Srv
Server-Id
X-Akamai-Pragma-Client-IP
True-Client-IP
X-Via-JSL
Uri
X-Webkit-Csp-Report-Only
WebServer
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Stale
X-TimeS
X-VC-Age
RATING
On-Server
T-Server
X-Powered-By-VTEX-Cache
X-Srcache-Fetch-Status
Geoip-Latitude
Proxy-Firewall
X-Srcache-Store-Status
X-Ez-Minify-Js
X-Styx-Origin-Id
Srv
X-Styx-Info
X-Lb-Nocache
X-MSEdge-Features
X-MSEdge-Flight
X-ServedByHost
X-Varnish-Beresp-TTL
ServerHost
X-HA-Application-Name
X-Swift-Error
X-HA-Bot-Classification
Cr
From-Cache
X-HA-Device-Type
Pramga
X-Oracle-DMS-ECID
Coldstone-Viewer-Currency
X-TIM-N
X-Var-Ttl
X-CSRF-TOKEN
Cloudfront-Viewer-Country
Coldstone-Viewer-Country-Region-Name
X-WA-Info
Content-Secure-Policy
X-App
Coldstone-Viewer-Country
X-Ha-Backend
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
X-Wp-Cf-Super-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Fastly-Cache
Ngx
X-Correlation-ID
X-Via-PopH
W
FSS-Cache
X-Via-PopV
X-Via-PopN
X-Cdn-Cache-Status
X-Sorting-Hat-Podid
X-Shardid
X-Check-Cacheable
X-Sorting-Hat-Shopid
X-Geo
X-Shopid
X-Web-Server
X-Ramcache
Cl-Cache
BehaviorPad-Version
X-Serial
X-Proxy-Cache-LA2
X-Sucuri-Id
X-Elasticpress-Query
Akamai-X-True-TTL
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-ATG-Version
X-Wp-Cf-Super-Cache-Active
X-DC
X-Request-Url
X-Th-Server
Cf-Ipcountry
X-Env
User-Agent
Cneonction
X-Fastly-Cache-Hits
Host-Name
X-Key
Xkey-G-Jp
Bxpunish
Bxuuid
X-Nitro-Cache
My-App
X-Mg-Cache
FSS-Proxy
X-Request-Time
X-Cache-TTL-Remaining
X-Fastly-Cache-Status