Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-XSS-Protection
X-Powered-By
X-Cache
Pragma
Via
CF-RAY
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
CF-Ray
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Generator
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Timing-Allow-Origin
Accept-Ch
Feature-Policy
X-XSS-PROTECTION
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Age
Request-Context
X-Backend
Cf-Edge-Cache
X-Amz-Version-Id
X-Robots-Tag
X-Hacker
Keep-Alive
Cf-Apo-Via
X-Via
X-Turbo-Charged-By
X-Vhost
X-AH-Environment
X-Rq
CONTENT-SECURITY-POLICY
X-Server
X-Dispatcher
X-Cache-Group
X-Proxy-Cache
X-Request-ID
X-Ws-Request-Id
EagleId
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Litespeed-Cache
X-Server-Powered-By
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Pingback
X-Page-Speed
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-SaveTime
X-Swift-CacheTime
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Device
X-Node
X-Host
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Cf-Railgun
X-Readtime
X-Akam-SW-Version
P3p
X-HW
X-Response-Time
Cache-Tag
X-Amz-Server-Side-Encryption
X-LiteSpeed-Cache
X-Ua-Device
Accept-Ch-Lifetime
Content-Location
Cross-Origin-Opener-Policy
X-Content-Type
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Rack-Cache
Request-Id
Service-Worker-Allowed
X-Trace
X-TraceId
X-Application-Context
Fastly-Restarts
X-Nf-Request-Id
X-D2id
X-Element-Page-Cache
X-Times
X-PC
X-Vname
X-TtlSet
X-Oneagent-Js-Injection
Rating
X-Clacks-Overhead
X-Country
X-Cnection
X-Navigation-Version
X-Mcache
X-Edge
X-Midtier
X-Vcap-Request-Id
X-FTR-Cache-Status
X-FTR-Backend-Server
Origin-Trial
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-Browser-Type
X-FTR-Expires
Edge-Control
X-ESI
X-Cache-TTL
X-Url
Surrogate-Key
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Upstream
X-Mod-Pagespeed
X-Amz-Rid
Verso
X-ORACLE-DMS-RID
X-ECACHE
X-Language
X-B3-TraceId
Nginx-Cache
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Akamai-GRN
X-GitHub-Request-Id
X-MS-InvokeApp
Pagespeed
Display
X-Middleton-Display
X-Sol
S
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Server-Lifecycle-Phase
X-Envoy-Decorator-Operation
X-Request-Device-Id
AR-PoweredBy
AR-Request-ID
Response
X-Middleton-Response
AR-ATIME
Edge-Cache-Tag
X-Amzn-Trace-Id
SPIisLatency
SPRequestGuid
SPRequestDuration
X-SharePointHealthScore
X-Distributor
X-Goog-Hash
X-T
X-Ratelimit-Limit
X-Resp-Is-Stale
X-Meli-Trace-Platform
X-Ser
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-Ruxit-Js-Agent
Access-Control-Request-Method
X-NGENIX-Cache
Front-End-Https
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Client-IP
X-Content-Digest
X-Ezoic-Cdn
RTSS
X-Recruiting
X-Cache-Key
Cache-Status
X-Ttl
X-Request-Processing-Time
X-Request-Received
X-Version
X-Mg-S
X-Varnish-TTL
Ar-SID
X-Ismobilevalue
YJS-ID
X-HS-Content-Id
Public-Key-Pins
X-HS-Cache-Config
X-Powered-CMS
X-HS-Hub-Id
TP-Cache
X-Accel-Expires
Fastcgi-Cache
X-MSEdge-Ref
AR-CACHE
Cache-Tags
Arr-Disable-Session-Affinity
X-Newrelic-App-Data
X-Cluster-Name
X-Cached
X-Daa-Tunnel
X-Amz-Replication-Status
X-Correlation-Id
Realpath
X-RateLimit-Remaining
X-Content-Security-Policy-Report-Only
X-Fastly-Request-ID
X-Id
Content-MD5
X-HS-Combine-CSS
X-Server-Name
X-Azure-Ref
Payment
X-Ua-Browser
X-HP-Trace-Id
X-Cambria-Cache-Control
X-HP-Webp
X-Jurisdiction
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-Kong-Proxy-Latency
X-Forwarded-For
X-Xrds-Location
X-HS-Prerendered
X-HS-CF-Cache-Status
X-GUploader-UploadID
X-TTL
MicrosoftSharePointTeamServices
Content-Disposition
X-Amzn-RequestId
X-Amz-Apigw-Id
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Protected-By
X-Px
X-Ratelimit-Reset
Count-Hit
X-Unique-Id
X-Az
X-AppVersion
X-Activity-Id
X-Page-Id
X-Origin-Server
X-Hits
X-Rid
X-Logged-In
X-ORACLE-DMS-ECID
X-Git-Hash
Cleartype
Cross-Origin-Resource-Policy
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Request-Handler-Origin-Region
X-FB-Debug
Cross-Origin-Embedder-Policy
X-VARITI-CCR
X-Microsite
X-Proxy
X-Www-Served-By
Version
X-Load-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-LLID
X-Goog-Metageneration
X-Geo-Country
X-Ratelimit-Remaining
X-Forwarded-Proto
X-Template
X-Varnish-Backend
X-PressLabs-Stats
X-Upgrade-Enabled
X-COUNTRY
Server-Node
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-App-Server
Server-Name
Healthy
X-Hostname
X-Content-Options
Access-Control-Allow-Method
AKAMAI-GRN
X-SERVER-NAME
X-Frontend
X-Varnish-Grace
X-Requestid
Viewport
Section-Io-Cache
X-Device-Type
X-TT
X-Fb-Rlafr
X-Grace
X-Cache-Age
X-B
X-Request-Guid
Fastly-SWR
Fastly-SIE
X-Varnish-Server
Alternate-Protocol
X-Contextid
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-ProcessESI
X-Status
X-RemovedCookies
X-Goog-Stored-Content-Encoding
DC
X-Goog-Generation
X-Varnish-Ttl
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-CST
X-Hl-Ver
Upgrade-Insecure-Requests
X-CSRF-Token
TCN
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-App-Version
Retry-After
X-Webkit-Csp
MS-Author-Via
X-Cache-Control
Host
Frame-Options
X-Origin-CC
X-Yandex-Req-Id
X-Origin-TTL
X-Revision
X-Original-Request-Id
X-Type
X-Response-Served-From
X-Oracle-Dms-Ecid
X-Debug
SD-X-WS
X-Buckets
X-Mobile
X-G
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Seen-By
X-Backend-Name
X-INCAP-ABP
X-Instance
X-UUID
X-Tt-Trace-Tag
X-ServerID
X-Tt-Trace-Host
X-Yottaa-Metrics
X-Cache-Status-Check
X-Rendered-As
Amp-Access-Control-Allow-Source-Origin
X-Is-Bot
X-Lambda-Id
X-Akamai-Edgescape
X-Adobe-Loc
X-NYM-Debug-Backend
X-Tumblr-Pixel
X-N
X-Tumblr-Pixel-1
X-Tumblr-User
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Tumblr-Pixel-0
X-Adobe-Content
X-Yottaa-Optimizations
Ms-Operation-Id
NGB
X-Debug-IsPreview
Cache
X-Akamai-Request-ID2
Section-Io-Id
Access-Control-Request-Headers
X-Debug-IsConnected
MS-CV
X-Mg-Request-UUID
X-Trace-Id
X-WP-CF-Super-Cache-Cache-Control
X-AB
X-RTag
X-Content-Powered-By
X-WP-CF-Super-Cache
X-Framework
X-Server-W
Xet-Cookie
X-RM-Cache-TTL
X-Storage
Charset
X-Dc
YJS-CacheStatus
Paypal-Debug-Id
Webserver
X-Vcl-Version
Filterid
X-DataDome
X-Fastcgi-Cache
X-VC-Cache
Accept-Language
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Selected-Fe
Onion-Location
X-Ms-Request-Id
X-B3-SpanId
X-Timing-Wait
X-Proxy-Build
X-Ms-Version
X-Cacheable-TTL
X-BYPASS-REASON
X-Cache-Time
X-ProxyCache-Key
X-ProxyCache-Status
Refresh
X-Cache-Hit
X-User-Agent
X-F-Cache
SRV
X-Time
X-Region
X-VC
X-Node-Name
X-Real-IP
X-Request-Bu
X-Request-Platform
X-Origin-Cache
Priority
X-Request-Site
Liferay-Portal
X-Hcs-Proxy-Type
Apigw-Requestid
X-CCDN-Origin-Time
X-CCDN-CacheTTL
GEO-INFO
Front
X-Server-ID
X-Environment-Context
X-L-Path
CDN-RequestId
X-Service
X-HTML-Minification-Powered-By
X-Mode
X-IPS-LoggedIn
X-Rule
X-LB-Cache
X-Rocket-Nginx-Serving-Static
X-Rewrite-Enabled
X-JoinUs
X-Mly-Id
X-SaId
X-VCT
X-UPSTREAM-Address
X-Tb
X-Rn-Rsrv
Country
X-Drupal-Cache-Tags
X-Origin
Meta-Geo
Backend
X-Cache-Expired-At
X-ECache
X-Is-Desktop
X-Is-Mobile
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Is-Mobile-Only
X-Datadog-Trace-Id
X-Tcp-Rtt
X-Pass-Why
X-Handled-By
X-Is-Tablet
X-Is-Supported-Browser
X-Datadog-Parent-Id
X-Is-Modern-Browser
X-Api-Version
X-Wix-Request-Id
X-Browser-Name
X-Adobe-Source
X-Geo-Region
Cross-Origin-Window-Policy
X-Optimistic-Header
X-Provided-By
X-CLOUD-TRACE-CONTEXT
Mn-Server-Ip
X-Generation-Time
X-Web-Node
Fastcgi-Useragent
ServerID
X-Origin-Hint
X-Proxied
X-RateLimit-Limit-Second
X-Proxy-Cache-Info
X-Origin-Date
X-Forwarded-Host
X-FB-TRIP-ID
X-Httpd
X-RateLimit-Remaining-Second
Property-Id
X-Detected-As
X-Extlb
TWC-Connection-Speed
X-Loop
X-WP-CF-Super-Cache-Active
TWC-Device-Class
TWC-GeoIP-City
TWC-GeoIP-Region
Webcakes-App-Version
X-Varnish-Beresp-Grace
Webcakes-App-Name
X-RCS-CacheZone
X-Storefront-Renderer-Rendered
X-Vcache
X-Zipkin-Id
X-Cdn-Origin
X-Cloudmap
X-Connection-Hash
X-Alternate-Cache-Key
Webcakes-Region
Web-Mar-Node
X-Tncms
X-Tt-Logid
Expiry
X-Routing-Service
TWC-GeoIP-DMA
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-Shopify-Stage
Url
X-Whom
Uber-Trace-Id
X-Servername
X-Fetched-On
X-Cache-Debug
X-Auth-Group-Type
X-Director
ServedBy
X-App-Environment
X-Cms-Context
X-Logging-Id
X-MP-GENERATED-AT
X-Cluster
X-Locale
X-Tumblr-Pixel-2
X-Redis-Cache
DB-Nickname
X-Soup
X-Skip-Cache
X-Tumblr-Pixel-3
OT-Force-Account-Verify
X-Hosted-By
X-Cache-Action
X-Hit
Atl-Traceid
X-Format
Cache-Hits
Node
X-Debug-Info
Environment
X-Cache-Host
X-Urbn-Context-Path
X-Cluster-Node
Locale
X-Urbn-Site-Id
X-Say-TTL
X-FW-Server
X-FW-Static
X-Endurance-Cache-Level
X-FW-Hash
X-FW-Dynamic
X-Edge-Location
X-FW-Type
X-SayCDN-TTL
X-Scope-Id
X-Say-Cacheable
X-Restarts
X-FW-Version
X-Served-From
X-FW-Serve
Protected
X-PHP-Host
X-S
X-Labrador-Cache-Channel
X-HITS
Countrycode
Filters
X-Platform
X-CDN-Forward
X-Drupal-Cache-Contexts
X-IPLB-Instance
X-IPLB-Request-ID
AMP-Access-Control-Allow-Source-Origin
LB
X-R9-Blue-Green-Version
X-XRDS-Location
X-CDN-Cache-Status
X-B3-Traceid
Xserver
WPO-Cache-Status
X-GEO
X-No-Session
X-Varnish-Age
X-ShopId
X-Sorting-Hat-PodId
X-WP-CF-Super-Cache-Cookies-Bypass
X-ShardId
X-Client-Ip
X-NWS-UUID-VERIFY
X-Sorting-Hat-ShopId
X-Presslabs-Stats
Request-ID
X-Ua
X-Varnish-Beresp-Ttl
Cache-Tv-Group
X-Generated-By
X-Lagoon
X-Varnish-Cache-Hits
X-B-Cache
X-Signature
Referer-Policy
Expect-Staple
X-Clientip
X-Upstream-Ht
X-Upstream-Ct
X-UA
X-URL
X-TA-CDN-Provider
CloudFront-Viewer-Country
X-SRCache-Key
X-Azure-Ref-OriginShield
X-IsAdmin
X-Cache-Rule
X-Cache-Operation
X-Webstats-RespID
X-SRV
Mail-Subject
X-PHP-Backend
X-Cache-FS-Status
X-Site-Version
We-Hiring
X-NewRelic-App-Data
Location
From-Origin
X-Worker
X-Auto-Login
Cache-Provider
X-FORWARDED-FOR
X-Bc-Bl
X-Server-IP
X-Cs
Fl-Custom-Application
X-Accel-Version
X-Fastly-Request-Id
X-LJ-Flow-ID
X-AWS-Id
X-VWS-Id
X-Loc
X-Ec-GeoHdr
X-BCube-Filmed-By
S-Rt
Xc-Version
X-Ec-Fail
X-Vtex-Remote-Cache
X-Developer
Source
X-Destination
X-B-Cookie
X-Content-Age
Sid
X-GeoCountry
X-Tb-Optimization-Total-Bytes-Saved
Origin-Agent-Cluster
X-D
WPO-Cache-Message
X-Ig-Origin-Region
X-Ig-Push-State
Sslversion
X-ND-Cache
X-Aed
X-LSADC-Cache
Candidate-Md5Url
Rendered-Blocks
X-Rojux
X-Bl-Debug
X-S-Cookie
Origin
Host-ID
X-PERF
X-A-Ccd
Ngx.Var.Host
X-ScT
X-Application
X-A
Lang
Meta-Geo-Continent
X-Cache-NE
N-Cache
X-Conf
X-ApacheServer
X-A-Dcw
X-External-Request-Id
X-Org
Redirect-Candidate
X-A-Dgt
Pragrma
DCR-Processing-Time-Ms
X-GeoCode
X-Vdms-Version
MD5-Digest
X-A-Dam
DCR-Decision-By
X-A-Wwc
X-Xfnlog-Site
X-Litespeed-Cache-Control
X-VC-TTL
X-AK-Request-ID
Ha-Gx-Prefs
RNT-Machine
Powered-By
Wxu-Next-Commit
Origin-Site
RNT-Time
ServerName
Web-Mar-Region
Time-Cloud-Cache
Store-Cloud-Cache
Wxu-Next-Hostname
Wxu-Next-Region
X-Access
X-Action
Fastly-SSL
Gannett-Cam-Experience-Id
Gh-Request-Id
Log-Origin
L5d-Success-Class
IsBot
X-Aicache-OS
X-From
X-Rocket-Build-Number
X-Req
X-Save-Cache
X-SD-PageType
X-Section
X-Policy
X-PAYTM-SRV-ID
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Node-Id
X-Old-Content-Length
X-Origin-Expires
X-Sigma
X-Sigma-Backend
X-Varnish-Hostname
X-Varnish-Director
X-Vary-Devices
X-VG-TLSProxy
X-VG-WebCache
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Slack-Backend
X-SIPLIST1
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-V-Cache
X-Internal-TTL
X-HS-Content-Campaign-Id
X-Depends
X-CUA
X-Ee-Generated-By
X-Ee-Origin
X-Ee-Request-Date
X-Csrf-Jwt
X-Core-Value
X-CacheTTL
X-Cache-Aspx
X-CGP
X-Cms-Device
X-Contensis-Viewer-Groups
X-Ee-Request-Id
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-GeoIP-City
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hash
X-Gamma-Serve
X-Forwarded-Site
X-Eu-Site
X-Fastly-Backend
X-FC-Vary-Parameters
X-Fmm-Version
X-Bug-Bounty
Odigeo-Trace-Id
Cluster
Canary
CDN-RequestCountryCode
Apple-News-Services-Request-Url
CDN-RequestPullCode
Cdnsip
CDN-Uid
CDN-RequestPullSuccess
Cdncip
CDN-PullZone
CDN-EdgeStorageId
Apple-News-Services-Host
Mime-Version
Apple-News-Services-Parsed-Url
X-Tx-Id
CDN-Cache
Apple-News-Services-Handled
CDN-CachedAt
Country-Code
X-Parent-Response-Time
X-BBC-Edge-Cache-Status
X-App-Name
X-Mvc-Supplant-OutputCached
X-Op-Id-All
X-Nyt-Route
X-Backend-Instance
X-Path
X-AB-Test
X-Accel-Expires-Debug
X-Pubstack
X-Region-Sid
X-Reqid
X-Render-Time
X-Acquia-Purge-Cdn-Unconfigured
X-Proto
X-Bip
X-Amz-Storage-Class
X-Dispatcher-Server
X-Akamai-Device-Characteristics
X-DefElseHash
X-DefHash
X-Origin-Time
X-Ion-Hop
X-Gen-Mode
X-Viewer-Country
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Date
X-Gdpr
X-Ec-Custom-Error
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Frame-Option
X-Up
X-Generated-On
X-NMSegId
X-Ion-Healthy
X-Men
X-Jungle-Id
X-Level-Front-Cache
X-Cache-Date
Load-Balancing
AR-SID
X-HN
X-Hnp-Log
X-Content-Length
X-Human
X-Block-Status
Azure-InstanceId
Req-Svc-Chain
Content-Style-Type
Release
X-Uri
X-Thanos
X-SVT-ORM-VERSION
X-VarnishDD-TTL
L
RewriteTestHook
X-Wikidot-Static-Cache
RewriteTeamHook
Pics-Label
PFcat
Content-Script-Type
Machine
Cmsid
Cmstype
X-UA-Device-Type
X-Thinkindot-L3
Origin-EX
Origin-CC
X-Thinkindot-L1
Nord-Request-ID
X-Wikidot-Backend
X-SVT-ORM-RULES
Fastly-Backend-Name
Server-Host
X-Vmg-Version
X-SB
X-Via-Fastly
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
Azure-RegionName
X-Request-URI
Azure-SiteName
Azure-SlotName
CDCHOST
DSUID
NM-Fastcgi-Cache
Cache-Contol
X-We-Are-Hiring
TDXMobile
X-Sucuri-Cache
Azure-Version
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cached-By
X-CACHE-AGE
CF-IPCountry
Cdn-Host
CacheControlHeader
X-Location
Platform
X-DPWN-IS-SECURE
X-Cache-Id
Producers
X-Proxied-Request
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Esi-Check
X-Gzip
X-Vercel-Cache
X-Edge-Server
X-Moov-T
Cdn-Request-Time
X-ZONE
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
Click-Count-Error
C-Via
Click-Count-Action-Start
Tube-Return
X-NGINX-Cache
X-ElasticPress-Query
X-Vercel-Id
Fastly-GeoIP-CountryCode
X-B3-Trace-ID
X-Pad
X-NF-Request-ID
XM
X-Origin-Response-Time
Cookie
X-Sucuri-ID
X-Via-Poph
X-Via-Popv
X-Debug-Service
X-Nginx-Cache-Key
X-Via-Popn
X-Varnish-Hits
X-Datadome
NGX
Fastly-Drupal-HTML
True-Client-Country-4JS
Server-Hostname
X-Srv
Debug
X-Air-Pt
Sever-Int
X-AIR-PT
X-Refresh
Server-Ext
X-HA-Backend
X-Webkit-CSP
X-Wormhole-Sdk
Show-Do-Not-Sell-Link
X-APP
Traceparent
X-Ez-Minify-Html
X-Cache-Backend
X-Servedbyhost
GeoIp-Country-Code
GeoIP-Latitude
WZWS-RAY
DataCenter
HA-Ipaddr
HostName
Product
Server-ID
X-Nananana
X-Unity-Cache
X-DynaTrace-JS-Agent
X-TH-Server
X-LB-ID
Fastly-Drupal-Html
X-Zone
X-Litespeed-Tag
X-Amz-Meta-Cb-Modifiedtime
X-B3-Parentspanid
X-Fpc
Cdn
X-Source
X-Wa
X-Cache-VC
X-GeoIP
Tcn
X-Newrelic-Synthetics
X-Nc
X-VCL-Version
X-Cdn-Forward
Lb
Edge-Cache
X-CDN-Provider
X-AC
X-User
X-B3-Spanid
X-Nginx-Cache
SID
A
XkeyR9
Xkeylog
X-Proxy-CacheR9
Xkey-La3
Serverhost
X-Proxy-Cache-La3
X-TT-LOGID
X-Vc
Resin-Trace
X-Datacenter
X-TX-ID
CountryCode
Cs
NtCoent-Length
Akamai-Mon-Iucid-Del
X-RateLimit-Limit
X-Request-Start
X-LB-NoCache
Yjs-Id
MIME-Version
X-Lsadc-Cache
CDN
X-WA
Cdn-Requestid
Wsr-Cache
X-LiteSpeed-Tag
Sm-Log-Id
X-Scheme
X-Service-Response-Time
Esi-Enabled
X-LiteSpeed-Cache-Control
X-API-Version
X-VC-Age
X-NC
X-ID
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-HubSpot-Correlation-Id
X-Aspnet-Version
X-FPC
Uri
Cr
Pramga
Datacenter
X-Request-Host
X-Pool
X-Lb-Id
X-Html-Minification-Powered-By
Server-Id
Hostname
Proxy-Firewall
X-HA-Device-Type
X-Styx-Info
X-Styx-Origin-Id
X-TIM-N
X-HA-Bot-Classification
Content-Secure-Policy
X-HA-Application-Name
X-Stale
X-Var-Ttl
X-TimeS
X-Via-JSL
X-Ez-Minify-Js
X-NodeID
ServerHost
Surrogated-Key
X-Akamai-Pragma-Client-IP
GeoIP-Country-Code
RATING
X-Fastly-Backend-Reqs
X-Srcache-Fetch-Status
Geoip-Latitude
X-Srcache-Store-Status
X-RequestId
X-CS
X-Varnish-Beresp-TTL
X-ServedByHost
W
X-Lb-Nocache
X-Vgn-Hpd-Reason
Srv
T-Server
From-Cache
X-Cache-Grace
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Aspnetmvc-Version
X-Oracle-DMS-ECID
X-MSEdge-Flight
X-App
X-Swift-Error
X-MSEdge-Features
X-DynaTrace
X-CACHE-KEY
X-DataCenter
Cloudfront-Viewer-Country
Yak-Timeinfo
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Air-Hostname
X-Air-Trace-Id
X-Shopid
X-Wp-Cf-Super-Cache-Active
X-Air-Source
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Shardid
X-LAGOON
Ohc-Cache-HIT
X-Correlation-ID
X-Proxy-Cache-LA2
X-VServer
X-Ramcache
X-Via-Edge
X-Via-CDN
Ohc-File-Size
X-Ha-Backend
X-Via-SSL
X-Key
X-ByteArk-ReqID
X-ByteArk-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
Edge-Copy-Time
Ngx
X-NODE
X-Webkit-Csp-Report-Only
N1-Cache
X-Zen-Fury
X-Elasticpress-Query
X-Web-Server
X-Geo
X-Geolocation
X-Jobs
CF-Cached-On
X-Via-PopH
X-Cdn-Cache-Status
X-Via-PopN
X-Via-PopV
Cl-Cache
Req-ID
X-CSRF-TOKEN
X-PageType
X-Sucuri-Id
WebServer
True-Client-IP
WP-Super-Cache
X-DC
Akamai-X-True-TTL
X-Th-Server
X-ATG-Version
X-Check-Cacheable
FSS-Cache
Cf-Ipcountry
X-Iplb-Instance
X-Iplb-Request-Id
My-App
Warning
X-Beacon
X-MiniProfiler-Ids
X-Mg-Cache
X-Cdn-Srv
X-Limited
Host-Name
X-Fastly-Cache-Status
User-Agent
X-Env
Xkey-G-Jp
X-Request-Url
On-Server
X-Serial