Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
Pragma
CF-RAY
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Varnish
CF-Ray
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH-Lifetime
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Cf-Request-Id
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Amz-Version-Id
X-Rq
X-AH-Environment
X-Request-ID
X-Cache-Group
X-Vhost
X-Server
X-Dispatcher
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-UA-Device
Pantheon-Trace-Id
X-Varnish-Cache
Grace
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Litespeed-Cache
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-FTR-Request-ID
X-Node
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Server-Id
X-Host
X-Country-Code
X-Backend-Server
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-LiteSpeed-Cache
X-Response-Time
X-Ruxit-JS-Agent
Cache-Tag
X-Amz-Server-Side-Encryption
P3p
Content-Location
X-Ua-Device
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
X-Nginx-Cache-Status
Request-Id
Service-Worker-Allowed
X-TraceId
Fastly-Restarts
X-Application-Context
X-Content-Type
X-Clacks-Overhead
Rating
X-Times
X-Vname
X-TtlSet
X-PC
X-Cnection
X-Oneagent-Js-Injection
X-ESI
X-FTR-Cache-Status
X-Edge
X-FTR-Balancer
X-Mcache
X-Midtier
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Browser-Type
X-Nf-Request-Id
X-FTR-Expires
Edge-Control
X-Cache-TTL
X-Vcap-Request-Id
Origin-Trial
Surrogate-Key
X-Country
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Abt-Application-Version
X-Cdn-Fetch
X-Element-Page-Cache
X-Exp-Id
X-Ac
X-D2id
Verso
X-Upstream
X-B3-TraceId
X-Mod-Pagespeed
X-ECACHE
X-ORACLE-DMS-RID
X-Amz-Rid
X-Navigation-Version
Nginx-Cache
Akamai-GRN
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Language
X-Sol
Pagespeed
X-Middleton-Display
Display
X-GitHub-Request-Id
X-Ruxit-Js-Agent
X-Url
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
S
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-MS-InvokeApp
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Resp-Is-Stale
X-Ttl
X-Distributor
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
X-Ser
SPRequestGuid
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
X-Client-IP
X-NGENIX-Cache
Access-Control-Request-Method
X-Content-Digest
Front-End-Https
X-Shield-Request-Id
X-Ezoic-Cdn
X-Dw-Request-Base-Id
RTSS
X-Recruiting
X-Cache-Key
X-Amzn-Trace-Id
X-Varnish-TTL
X-Version
Cache-Status
X-Powered-CMS
X-Mg-S
Public-Key-Pins
X-T
X-MSEdge-Ref
Fastcgi-Cache
TP-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Daa-Tunnel
X-Accel-Expires
X-Ismobilevalue
Arr-Disable-Session-Affinity
Realpath
X-Cluster-Name
Cache-Tags
AR-CACHE
X-Correlation-Id
X-Id
X-Cached
X-Fastly-Request-ID
X-Content-Security-Policy-Report-Only
Content-MD5
X-HS-Combine-CSS
X-Newrelic-App-Data
X-Request-Processing-Time
X-Request-Received
Payment
X-Kong-Proxy-Latency
X-DIS-Request-ID
X-Kong-Upstream-Latency
X-Forwarded-For
X-Ua-Browser
X-GUploader-UploadID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
YJS-ID
X-Cambria-Cache-Control
X-HS-Prerendered
X-HS-CF-Cache-Status
Ar-SID
X-Azure-Ref
X-RateLimit-Remaining
X-Ratelimit-Remaining
Content-Disposition
X-Amz-Replication-Status
X-COUNTRY
Count-Hit
X-Xrds-Location
X-Server-Name
X-Webkit-Csp
X-SERVER-NAME
X-Request-Device-Id
X-Px
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Origin-Server
X-Unique-Id
Cross-Origin-Resource-Policy
X-Page-Id
Cleartype
Accept-Charset
X-FB-Debug
X-Ratelimit-Reset
X-VARITI-CCR
Cross-Origin-Embedder-Policy
X-Logged-In
X-Rid
X-Proxy
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
X-Activity-Id
X-Az
X-AppVersion
X-Protected-By
X-CST
X-Www-Served-By
X-Load-Cache
X-LLID
MicrosoftSharePointTeamServices
X-Goog-Metageneration
X-Request-Handler-Origin-Region
X-Microsite
X-Template
Version
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Backend
X-ORACLE-DMS-ECID
X-Geo-Country
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Forwarded-Proto
X-TEC-API-VERSION
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-TTL
X-Meli-Trace-Site
Server-Node
X-Upgrade-Enabled
X-Hits
Server-Name
X-Hostname
X-B3-Sampled
X-Content-Options
X-PressLabs-Stats
Section-Io-Cache
X-TT
X-App-Server
Viewport
X-Grace
X-Device-Type
X-Varnish-Grace
Fastly-SIE
X-Frontend
Fastly-SWR
X-Fb-Rlafr
Alternate-Protocol
X-Varnish-Server
Access-Control-Allow-Method
X-B
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Status
X-WebKit-CSP-Report-Only
Healthy
X-Request-Guid
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
TCN
Upgrade-Insecure-Requests
X-Magnolia-Registration
DC
X-Contextid
X-CSRF-Token
Host
X-Oracle-Dms-Ecid
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Content-Length
X-Tt-Trace-Tag
Retry-After
X-Tt-Trace-Host
X-Cache-Control
MS-Author-Via
X-EdgeConnect-Cache-Status
X-URL
X-Buckets
X-Varnish-Ttl
X-Debug
AKAMAI-GRN
X-Cache-Age
X-App-Version
X-Revision
X-Type
Frame-Options
X-Vcl-Version
X-Original-Request-Id
X-Requestid
X-Instance
X-Response-Served-From
X-Backend-Name
X-Adobe-Content
X-Yottaa-Optimizations
X-Rendered-As
X-Adobe-Loc
X-NYM-Debug-Backend
X-Akamai-Edgescape
X-Seen-By
X-Is-Bot
X-Cache-Status-Check
X-N
X-Yottaa-Metrics
X-INCAP-ABP
Cross-Origin-Embedder-Policy-Report-Only
Access-Control-Request-Headers
Section-Io-Id
Cross-Origin-Opener-Policy-Report-Only
X-WP-CF-Super-Cache
SD-X-WS
X-WP-CF-Super-Cache-Cache-Control
X-G
X-Trace-Id
X-Content-Powered-By
X-Akamai-Request-ID2
X-Origin-CC
X-Origin-TTL
X-Lambda-Id
X-Mg-Request-UUID
X-ServerID
X-Tumblr-Pixel
X-Hl-Ver
X-RM-Cache-TTL
X-Framework
X-Debug-IsPreview
X-Tumblr-User
Charset
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Server-W
X-Debug-IsConnected
X-Storage
NGB
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-AB
X-Dc
MS-CV
Ms-Operation-Id
X-RemovedCookies
X-ProcessESI
X-RTag
X-DataDome
X-Mobile
Webserver
X-B3-SpanId
Filterid
Cache
X-Request-Site
X-Request-Bu
X-Request-Platform
Accept-Language
X-Cache-Time
X-Tec-Api-Version
X-Cache-Hit
Refresh
X-Tec-Api-Root
X-HITS
X-Tec-Api-Origin
SRV
X-Fastcgi-Cache
X-Time
X-Server-ID
Paypal-Debug-Id
X-Ms-Request-Id
X-Ms-Version
X-VC-Cache
X-Region
Onion-Location
X-Real-IP
X-F-Cache
X-User-Agent
X-Node-Name
X-Yandex-Req-Id
Priority
CDN-RequestId
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Protected
X-Pass-Why
X-XRDS-Location
Xet-Cookie
Liferay-Portal
X-HTML-Minification-Powered-By
X-Environment-Context
X-LB-Cache
X-L-Path
GEO-INFO
AR-SID
YJS-CacheStatus
X-Mode
X-Whom
X-Rocket-Nginx-Serving-Static
X-Wormhole-Sdk
X-Drupal-Cache-Tags
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Backend
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Cache-Expired-At
Country
X-NF-Request-ID
X-Adobe-Source
X-Service
X-Handled-By
X-Tb
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
X-Geo-Region
X-IPLB-Request-ID
X-IPLB-Instance
X-Detected-As
X-FB-TRIP-ID
X-MP-GENERATED-AT
X-Rn-Rsrv
X-Tcp-Rtt
TWC-Locale-Group
X-Routing-Service
X-Rewrite-Enabled
TWC-Privacy
Url
Meta-Geo
X-UPSTREAM-Address
X-Tncms
Property-Id
ServedBy
TWC-GeoIP-DMA
TWC-Device-Class
TWC-GeoIP-City
TWC-GeoIP-Country
TWC-Connection-Speed
X-Servername
TWC-GeoIP-Region
TWC-GeoIP-LatLong
X-SaId
X-Varnish-Beresp-Grace
X-Vcache
X-Is-Supported-Browser
X-Is-Tablet
X-JoinUs
ServerID
X-Is-Modern-Browser
X-Is-Mobile
X-Cloudmap
X-App-Environment
LB
X-Is-Desktop
X-Loop
X-Origin-Date
X-Zipkin-Id
Webcakes-App-Version
Webcakes-App-Name
Web-Mar-Node
Webcakes-Region
X-Extlb
X-Origin-Hint
X-Browser-Name
X-Proxied
X-Proxy-Cache-Info
X-BYPASS-REASON
X-Alternate-Cache-Key
DB-Nickname
Mn-Server-Ip
Atl-Traceid
X-Cache-Action
X-Cluster-Node
X-Cluster
X-Cache-Host
X-Director
X-Rule
X-ProxyCache-Key
X-Fetched-On
X-Httpd
X-Hosted-By
X-ProxyCache-Status
X-Wix-Request-Id
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Restarts
X-Web-Node
X-Hit
X-Logging-Id
X-Format
X-Forwarded-Host
X-Urbn-Context-Path
X-Redis-Cache
Locale
X-Urbn-Site-Id
Uber-Trace-Id
X-Soup
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Edge-Location
X-Skip-Cache
X-FW-Version
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-Cacheable-TTL
X-Cdn-Origin
X-Generation-Time
X-FW-Type
X-Locale
Apigw-Requestid
X-FW-Hash
X-RCS-CacheZone
X-Cms-Context
X-FW-Serve
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Drupal-Cache-Contexts
X-Scope-Id
X-S
X-Labrador-Cache-Channel
X-PHP-Host
Environment
X-Presslabs-Stats
Fastcgi-Useragent
Filters
X-Timing-Wait
X-Endurance-Cache-Level
X-Debug-Info
X-Connection-Hash
X-Tumblr-Pixel-2
X-Served-From
X-VCT
Selected-Fe
Cache-Hits
X-Tumblr-Pixel-3
X-Proxy-Build
X-Origin
Expiry
X-Auth-Group-Type
X-Origin-Cache
X-Cache-Debug
X-Provided-By
X-ECache
X-Is-Mobile-Only
X-GEO
X-Mly-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-VC
X-Platform
X-UA
X-R9-Blue-Green-Version
Front
X-No-Session
Xserver
Node
X-CDN-Forward
X-CDN-Cache-Status
X-NewRelic-App-Data
X-Lagoon
X-Varnish-Cache-Hits
X-Varnish-Beresp-Ttl
Cache-Tv-Group
X-WP-CF-Super-Cache-Cookies-Bypass
X-SRV
X-Generated-By
WPO-Cache-Status
X-CLOUD-TRACE-CONTEXT
X-Varnish-Age
X-Api-Version
X-Tt-Logid
X-CACHE-AGE
X-B-Cache
X-Optimistic-Header
X-NWS-UUID-VERIFY
Countrycode
X-Signature
Referer-Policy
X-Webstats-RespID
From-Origin
X-Site-Version
Cache-Provider
X-B3-Traceid
X-Azure-Ref-OriginShield
X-Client-Ip
X-Accel-Version
X-Cache-Rule
X-Cache-Operation
X-IsAdmin
X-PHP-Backend
X-Tx-Id
X-Ua
X-VC-TTL
Request-ID
X-Worker
X-FORWARDED-FOR
Location
X-Auto-Login
X-Sucuri-Cache
X-Tb-Optimization-Total-Bytes-Saved
CF-IPCountry
X-Source
X-Xfnlog-Site
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-TA-CDN-Provider
S-Rt
AMP-Access-Control-Allow-Source-Origin
Source
X-Litespeed-Cache-Control
Gh-Request-Id
Fl-Custom-Application
CDN-RequestPullCode
Fastly-SSL
Ha-Gx-Prefs
X-A-Dam
CDN-RequestCountryCode
IsBot
Host-ID
Expect-Staple
DCR-Processing-Time-Ms
Cdnsip
Cdncip
CDN-Uid
CDN-Cache
CDN-CachedAt
DCR-Decision-By
CDN-RequestPullSuccess
CDN-EdgeStorageId
X-A-Dcw
Lang
Origin
Odigeo-Trace-Id
Web-Mar-Region
Wxu-Next-Commit
Pragrma
Redirect-Candidate
RNT-Time
RNT-Machine
Rendered-Blocks
Sslversion
Ngx.Var.Host
Wxu-Next-Hostname
X-A
X-A-Ccd
MD5-Digest
Log-Origin
Wxu-Next-Region
X-A-Dgt
N-Cache
Meta-Geo-Continent
CDN-PullZone
L5d-Success-Class
X-Conf
X-Request-URI
X-Pubstack
X-Policy
X-Rocket-Build-Number
X-Rojux
X-ScT
X-S-Cookie
X-PERF
X-Origin-Expires
X-Ig-Origin-Region
X-HS-Content-Campaign-Id
X-Ig-Push-State
X-Loc
X-Old-Content-Length
X-Micro-Cache
X-Section
X-Sigma
X-Vdms-Version
X-Varnish-Director
X-VG-TLSProxy
X-VG-WebCache
Xc-Version
X-Vtex-Remote-Cache
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-SIPLIST1
X-Sigma-Backend
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-V-Cache
X-SRCache-Key
X-Hash
X-GeoIP-City
X-Cache-Aspx
X-Bug-Bounty
X-Cache-NE
X-CGP
X-Contensis-Viewer-Groups
Candidate-Md5Url
X-Bl-Debug
X-BCube-Filmed-By
X-Aed
X-Action
X-AK-Request-ID
X-ApacheServer
X-B-Cookie
X-Application
X-Content-Age
X-Csrf-Jwt
X-Fmm-Version
X-FC-Vary-Parameters
X-Forwarded-Site
X-From
X-GeoCountry
X-GeoCode
X-External-Request-Id
X-Eu-Site
X-Depends
X-D
X-Destination
X-Developer
X-Ec-GeoHdr
X-Ec-Fail
X-A-Wwc
X-Access
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Origin-Agent-Cluster
X-Fastly-Request-Id
Apple-News-Services-Request-Url
WPO-Cache-Message
Apple-News-Services-Host
X-Reqid
Store-Cloud-Cache
X-GoCache-CacheStatus
X-GeoIP-Region-Code
Time-Cloud-Cache
X-NGINX-Cache
User-Cache-Control
V-Age
X-Generated-On
X-Air-Pt
X-Hnp-Log
X-GeoIP-Country-Code
X-Internal-TTL
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Mvc-Supplant-Cachable
X-NMSegId
Origin-EX
Origin-Site
Release
X-Moov-T
We-Hiring
X-Human
X-Level-Front-Cache
X-Men
Req-Svc-Chain
ServerName
X-Fastly-Backend
X-Core-Value
X-Backend-Instance
X-Date
X-App-Name
X-DefElseHash
X-BBC-Edge-Cache-Status
X-Bc-Bl
X-Clientip
X-CacheTTL
X-Block-Status
X-Cms-Device
X-Content-Length
X-DefHash
X-Akamai-Device-Characteristics
X-Ee-Request-Id
X-Ee-Request-Date
X-Epic-Correlation-Id
Origin-CC
X-Gamma-Serve
X-Ee-Origin
X-Accel-Expires-Debug
X-Aicache-OS
X-Ec-Custom-Error
X-Acquia-Purge-Cdn-Unconfigured
X-Ee-Generated-By
X-Gen-Mode
X-Node-Id
X-Varnish-Remaining-TTL
DSUID
X-Vary-Devices
Country-Code
X-Viewer-Country
X-Varnish-Hostname
X-Varnish-CookieHashed-On
Gannett-Cam-Experience-Id
X-UA-Device-Type
X-Up
X-Uri
Cmstype
Cmsid
Azure-Version
Powered-By
CDCHOST
X-CUA
Azure-SlotName
Azure-SiteName
Cluster
X-We-Are-Hiring
Azure-InstanceId
Azure-RegionName
X-Sn-Servicetimems
X-Varnish-CookieINHashed-On
X-Req
X-Save-Cache
X-PAYTM-SRV-ID
NM-Fastcgi-Cache
X-Org
X-Path
L
Mail-Subject
X-SD-PageType
X-Frame-Option
X-Debug-Cache-Fetch
X-Mvc-Supplant-OutputCached
X-SVT-ORM-VERSION
X-Thinkindot-L1
X-Debug-Cache-Store
X-Dispatcher-Server
X-Proto
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Cache-FS-Status
X-HN
X-Nyt-Route
X-Server-IP
Vix-Hermes-Req-Id
X-Origin-Time
X-Proxied-Request
Machine
X-SVT-ORM-RULES
X-Cache-Id
X-Region-Sid
CacheControlHeader
X-VarnishDD-TTL
X-Esi-Check
X-Ion-Hop
X-Gdpr
X-Shield-Cache-Expires
X-Op-Id-All
X-Ion-Healthy
X-Thinkindot-L3
X-Vercel-Cache
X-Edge-Server
X-Render-Time
X-SB
X-Vmg-Version
X-Gzip
X-Vercel-Id
X-Via-Fastly
X-DPWN-IS-SECURE
X-Jungle-Id
Cdn-Host
Tube-Get-Contents
Thinkindot-CacheControl-Type
TDXMobile
Click-Count-Action-Start
Cdn-Request-Time
Tube-Got-Eval
Tube-Got-Results
Cache-Contol
Canary
C-Via
X-Cs
Tube-Return
Server-Host
X-Upstream-Ct
Content-Style-Type
Content-Script-Type
Nord-Request-ID
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
PFcat
Platform
RewriteTestHook
Click-Count-Error
RewriteTeamHook
X-Upstream-Ht
Producers
X-AB-Test
Thinkindot-CacheControl
X-B3-Trace-ID
X-Amz-Storage-Class
X-Cache-Date
X-Parent-Response-Time
Fastly-Drupal-HTML
X-LSADC-Cache
XM
X-Origin-Response-Time
X-Sucuri-ID
X-Location
X-ND-Cache
X-Bip
X-ElasticPress-Query
Pics-Label
X-Thanos
NGX
CloudFront-Viewer-Country
X-Pad
X-ZONE
Sid
Mime-Version
X-TT-LOGID
X-Cached-By
X-Via-Popv
X-Via-Poph
X-APP
X-Via-Popn
Debug
X-HA-Backend
GeoIP-Latitude
X-Refresh
X-Varnish-Hits
X-Servedbyhost
Server-ID
X-TH-Server
Product
GeoIp-Country-Code
HA-Ipaddr
X-Nananana
Cookie
X-AIR-PT
Load-Balancing
X-Datadome
X-Debug-Service
X-Nginx-Cache-Key
X-Amz-Meta-Cb-Modifiedtime
True-Client-Country-4JS
X-Litespeed-Tag
X-DynaTrace-JS-Agent
X-Nc
X-Wa
X-Fpc
X-Srv
X-Cache-VC
Sever-Int
X-GeoIP
Server-Hostname
Server-Ext
X-Cdn-Forward
X-Webkit-CSP
SID
Edge-Cache
X-User
X-Zone
Show-Do-Not-Sell-Link
Cdn
X-B3-Parentspanid
Traceparent
X-Cache-Backend
HostName
MIME-Version
WZWS-RAY
X-LB-ID
X-Vc
X-Ez-Minify-Html
DataCenter
X-Unity-Cache
Fastly-Drupal-Html
X-Newrelic-Synthetics
X-LB-NoCache
Akamai-Mon-Iucid-Del
Resin-Trace
X-Request-Start
Tcn
X-Scheme
X-Nginx-Cache
X-Lsadc-Cache
X-VCL-Version
Surrogated-Key
Lb
Wsr-Cache
Serverhost
X-CDN-Provider
X-AC
CountryCode
X-B3-Spanid
Sm-Log-Id
X-Pool
X-Service-Response-Time
Yjs-Id
Xkeylog
XkeyR9
X-Proxy-CacheR9
Xkey-La3
X-Proxy-Cache-La3
X-CS
X-API-Version
X-HOST
X-TX-ID
NtCoent-Length
Hostname
X-Datacenter
X-Request-Host
A
X-NodeID
X-Udemy-Cache-App-Namespace
X-RequestId
X-HubSpot-Correlation-Id
Datacenter
X-Vgn-Hpd-Reason
X-LiteSpeed-Tag
Uri
X-Cache-Grace
X-RateLimit-Limit
Cs
X-Lb-Id
N1-Cache
X-Dynatrace-Js-Agent
X-Akamai-Pragma-Client-IP
X-WA
X-DynaTrace
Cdn-Requestid
CDN
Esi-Enabled
Yak-Timeinfo
X-DataCenter
X-LiteSpeed-Cache-Control
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Fastly-Backend-Reqs
X-NC
X-Via-Edge
Edge-Copy-Time
X-ID
X-Via-CDN
X-FPC
X-Via-SSL
X-HA-Bot-Classification
X-HA-Application-Name
X-HA-Device-Type
X-Styx-Info
Server-Id
X-Styx-Origin-Id
X-Html-Minification-Powered-By
GeoIP-Country-Code
X-Geolocation
X-Zen-Fury
X-Stale
X-Via-JSL
X-VC-Age
X-Jobs
Cr
Pramga
T-Server
RATING
X-TimeS
Content-Secure-Policy
Proxy-Firewall
X-TIM-N
X-Var-Ttl
Geoip-Latitude
True-Client-IP
Req-ID
X-Ez-Minify-Js
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Varnish-Beresp-TTL
On-Server
W
X-Lb-Nocache
Srv
X-ServedByHost
X-Webkit-Csp-Report-Only
From-Cache
WP-Super-Cache
X-Swift-Error
ServerHost
X-Cdn-Srv
X-Oracle-DMS-ECID
X-App
X-Ramcache
X-Proxy-Cache-LA2
X-CACHE-KEY
X-MSEdge-Flight
X-MSEdge-Features
X-Ha-Backend
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-CSRF-TOKEN
X-VTEX-Cache-Server
Cloudfront-Viewer-Country
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
X-Fastly-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Sucuri-Id
FSS-Cache
X-Via-PopV
X-Correlation-ID
X-Ssense-Gql
X-Via-PopN
X-Via-PopH
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Wp-Cf-Super-Cache-Active
X-Elasticpress-Query
X-Sorting-Hat-Shopid
X-Geo
CF-Cached-On
X-Shopid
X-Shardid
Cl-Cache
X-Sorting-Hat-Podid
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
X-Web-Server
X-WA-Info
X-VServer
Ohc-File-Size
Ohc-Cache-HIT
X-Key
X-Check-Cacheable
Ngx
Coldstone-Viewer-Country
X-Cdn-Cache-Status
Akamai-X-True-TTL
WebServer
X-DC
X-ATG-Version
X-Serial
X-Th-Server
X-PageType
Cf-Ipcountry
Xkey-G-Jp
Warning
Cneonction
FSS-Proxy
X-Fastly-Cache-Hits
BehaviorPad-Version
X-Mg-Cache
Host-Name
X-Request-Url
X-Fastly-Cache-Status
X-Env
User-Agent