Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
Content-Language
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Request-ID
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Amz-Version-Id
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Vhost
X-Cache-Group
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Litespeed-Cache
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Dns-Prefetch-Control
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Node
X-Device
X-Cache-Lookup
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
P3p
Cf-Request-Id
X-Amz-Server-Side-Encryption
X-LiteSpeed-Cache
X-Ua-Device
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
X-Content-Type
Request-Id
X-TraceId
Fastly-Restarts
X-Application-Context
X-Times
X-TtlSet
X-PC
X-Vname
X-Nf-Request-Id
X-Clacks-Overhead
Rating
X-Cnection
X-Edge
X-Mcache
X-Midtier
X-Vcap-Request-Id
X-Browser-Type
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-ESI
Origin-Trial
Edge-Control
X-Element-Page-Cache
X-Cache-TTL
X-D2id
X-FastCGI-Cache
Surrogate-Key
X-Oneagent-Js-Injection
X-Exp-Id
X-Cdn-Fetch
X-NWS-LOG-UUID
X-Powered-By-Plesk
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Country
X-Abt-Application-Version
X-Ac
X-Navigation-Version
X-Upstream
Verso
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-B3-TraceId
X-Amz-Rid
X-Url
Akamai-GRN
Nginx-Cache
X-Language
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-GitHub-Request-Id
Pagespeed
X-Sol
Display
X-Middleton-Display
X-ECACHE
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
S
X-Envoy-Decorator-Operation
X-Middleton-Response
X-MS-InvokeApp
Response
AR-Request-ID
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Distributor
X-Ser
X-Resp-Is-Stale
SPRequestGuid
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-Ttl
X-Amzn-Trace-Id
Access-Control-Request-Method
X-Ruxit-Js-Agent
X-NGENIX-Cache
X-Client-IP
X-Dw-Request-Base-Id
X-Shield-Request-Id
Front-End-Https
X-Content-Digest
X-Ezoic-Cdn
RTSS
X-Recruiting
X-T
X-Cache-Key
X-Varnish-TTL
Cache-Status
X-Version
X-Mg-S
X-Powered-CMS
Public-Key-Pins
TP-Cache
X-MSEdge-Ref
X-HS-Content-Id
X-HS-Hub-Id
Fastcgi-Cache
X-HS-Cache-Config
X-Accel-Expires
X-Ismobilevalue
Arr-Disable-Session-Affinity
X-Daa-Tunnel
X-Request-Device-Id
Cache-Tags
AR-CACHE
X-Cached
X-Cluster-Name
X-Correlation-Id
X-Request-Received
X-Request-Processing-Time
Realpath
X-Id
Content-MD5
X-Content-Security-Policy-Report-Only
X-HS-Combine-CSS
X-Forwarded-For
Ar-SID
YJS-ID
X-Fastly-Request-ID
X-Ua-Browser
X-Meli-Trace-Bu
X-Meli-Trace-Platform
Payment
X-Meli-Trace-Site
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DIS-Request-ID
X-Amz-Replication-Status
X-Newrelic-App-Data
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Cambria-Cache-Control
X-Azure-Ref
X-COUNTRY
X-GUploader-UploadID
X-Xrds-Location
X-RateLimit-Remaining
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Webkit-Csp
Content-Disposition
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-Protected-By
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ratelimit-Reset
X-Activity-Id
X-Px
X-AppVersion
X-Unique-Id
X-Az
X-Origin-Server
MicrosoftSharePointTeamServices
X-Page-Id
X-ORACLE-DMS-ECID
X-Rid
X-Logged-In
X-Amz-Meta-S3cmd-Attrs
X-Git-Hash
Cleartype
Cross-Origin-Resource-Policy
X-SERVER-NAME
X-FB-Debug
X-VARITI-CCR
X-Request-Handler-Origin-Region
Cross-Origin-Embedder-Policy
Accept-Charset
X-Proxy
X-Microsite
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Www-Served-By
X-TTL
X-Load-Cache
Version
X-TEC-API-ORIGIN
X-LLID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Goog-Metageneration
X-Geo-Country
X-Forwarded-Proto
X-Template
X-Varnish-Backend
X-CST
X-PressLabs-Stats
X-Upgrade-Enabled
Server-Node
X-Hits
Server-Name
X-B3-Sampled
X-Hostname
X-WebKit-CSP-Report-Only
X-App-Server
X-Content-Options
Healthy
X-Frontend
Access-Control-Allow-Method
Viewport
X-Varnish-Grace
Section-Io-Cache
X-Fb-Rlafr
X-Device-Type
X-Grace
X-TT
Fastly-SIE
Fastly-SWR
Alternate-Protocol
X-B
X-Varnish-Server
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Status
X-Request-Guid
X-Goog-Stored-Content-Length
X-Goog-Generation
TCN
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Contextid
DC
Upgrade-Insecure-Requests
Retry-After
AKAMAI-GRN
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
Host
X-Requestid
X-Cache-Age
MS-Author-Via
X-Cache-Control
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-RemovedCookies
X-CSRF-Token
X-ProcessESI
X-Tt-Trace-Host
Frame-Options
X-Tt-Trace-Tag
X-Hl-Ver
X-Varnish-Ttl
X-Origin-CC
X-Debug
X-Buckets
X-Origin-TTL
X-Response-Served-From
X-Type
X-Revision
X-Original-Request-Id
SD-X-WS
X-Oracle-Dms-Ecid
X-Mobile
X-Seen-By
VIX-Pulpo-Upstream-Status
X-UUID
X-ServerID
X-Backend-Name
X-G
VIX-Pulpo-Node
X-Instance
X-INCAP-ABP
X-Tumblr-Pixel-0
X-N
X-Tumblr-Pixel
X-Cache-Status-Check
X-Tumblr-Pixel-1
X-Tumblr-User
X-NYM-Debug-Backend
X-Yottaa-Metrics
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Rendered-As
X-Akamai-Edgescape
X-Yottaa-Optimizations
X-Adobe-Loc
X-Is-Bot
X-Adobe-Content
X-RTag
X-Akamai-Request-ID2
Access-Control-Request-Headers
Section-Io-Id
MS-CV
Ms-Operation-Id
X-AB
X-WP-CF-Super-Cache-Cache-Control
X-Debug-IsConnected
X-Content-Powered-By
X-WP-CF-Super-Cache
X-Debug-IsPreview
X-Framework
NGB
X-Mg-Request-UUID
X-Trace-Id
X-Lambda-Id
X-Storage
X-RM-Cache-TTL
X-Server-W
X-Vcl-Version
Charset
Cache
X-Dc
X-ECache
Webserver
Filterid
X-Yandex-Req-Id
X-DataDome
Paypal-Debug-Id
X-Request-Platform
X-Request-Site
X-B3-SpanId
Accept-Language
X-Request-Bu
X-Cache-Time
Refresh
X-VC-Cache
X-Cache-Hit
X-URL
SRV
Onion-Location
X-Tec-Api-Origin
X-Tec-Api-Root
X-HITS
X-Tec-Api-Version
X-Ms-Request-Id
X-Ms-Version
X-Time
X-Node-Name
X-Region
X-User-Agent
X-Real-IP
Xet-Cookie
X-F-Cache
YJS-CacheStatus
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
Liferay-Portal
Priority
CDN-RequestId
X-Fastcgi-Cache
X-HTML-Minification-Powered-By
GEO-INFO
X-Proxy-Build
X-Environment-Context
X-Mode
X-Timing-Wait
X-L-Path
X-IPS-LoggedIn
Selected-Fe
X-LB-Cache
X-ProxyCache-Key
X-Service
Cross-Origin-Window-Policy
X-Pass-Why
X-ProxyCache-Status
X-BYPASS-REASON
X-Rule
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rocket-Nginx-Serving-Static
X-Datadog-Sampled
X-Datadog-Parent-Id
X-SaId
X-Cache-Expired-At
Protected
X-VC
X-Rn-Rsrv
Backend
X-JoinUs
X-UPSTREAM-Address
X-Origin
Country
X-Cacheable-TTL
Meta-Geo
X-Rewrite-Enabled
X-Drupal-Cache-Tags
X-Tb
X-Is-Desktop
X-Is-Mobile
X-Browser-Name
X-Is-Supported-Browser
X-Adobe-Source
X-Handled-By
X-Whom
X-Is-Modern-Browser
X-Is-Mobile-Only
X-VCT
X-Geo-Region
X-Tcp-Rtt
X-Is-Tablet
X-Wix-Request-Id
X-Origin-Cache
X-Provided-By
Mn-Server-Ip
Apigw-Requestid
X-Generation-Time
X-Web-Node
X-Loop
Property-Id
X-Vcache
X-WP-CF-Super-Cache-Active
ServerID
TWC-Connection-Speed
X-Routing-Service
X-RCS-CacheZone
X-Cloudmap
X-Tncms
X-Extlb
X-Connection-Hash
X-Zipkin-Id
X-Detected-As
X-FB-TRIP-ID
Expiry
Fastcgi-Useragent
X-Origin-Hint
X-Origin-Date
TWC-Device-Class
X-Proxied
X-Proxy-Cache-Info
Webcakes-App-Version
Webcakes-App-Name
Web-Mar-Node
X-RateLimit-Limit-Second
Webcakes-Region
X-Varnish-Beresp-Grace
X-Servername
X-RateLimit-Remaining-Second
Uber-Trace-Id
Url
TWC-GeoIP-LatLong
TWC-GeoIP-DMA
TWC-GeoIP-Country
TWC-GeoIP-City
X-Httpd
TWC-GeoIP-Region
TWC-Locale-Group
TWC-Privacy
X-Cdn-Origin
X-Cache-Action
Atl-Traceid
X-Locale
X-Auth-Group-Type
X-Alternate-Cache-Key
X-Cms-Context
X-Logging-Id
ServedBy
OT-Force-Account-Verify
X-Director
DB-Nickname
X-Cluster
X-Fetched-On
X-Hosted-By
X-Hit
LB
X-Storefront-Renderer-Rendered
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-App-Environment
X-Shopify-Stage
X-Skip-Cache
X-Redis-Cache
X-Soup
X-Forwarded-Host
X-MP-GENERATED-AT
X-Format
X-Urbn-Context-Path
X-Debug-Info
X-Api-Version
X-Scope-Id
X-Endurance-Cache-Level
Cache-Hits
X-Served-From
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
Environment
X-Edge-Location
X-Urbn-Site-Id
X-NewRelic-App-Data
X-FW-Server
X-Restarts
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-Cluster-Node
X-FW-Version
X-FW-Type
Locale
X-Cache-Host
X-Labrador-Cache-Channel
X-PHP-Host
X-Drupal-Cache-Contexts
X-S
X-Mly-Id
X-Cache-Debug
Filters
X-IPLB-Request-ID
X-Server-ID
X-IPLB-Instance
X-XRDS-Location
X-R9-Blue-Green-Version
Node
Front
X-Platform
X-GEO
AR-SID
X-CDN-Cache-Status
X-Optimistic-Header
X-CLOUD-TRACE-CONTEXT
X-CDN-Forward
X-No-Session
Xserver
Countrycode
X-Tt-Logid
WPO-Cache-Status
X-ShopId
X-Varnish-Age
X-Sorting-Hat-PodId
X-ShardId
X-UA
X-Sorting-Hat-ShopId
X-Fastly-Request-Id
Cache-Tv-Group
X-Varnish-Beresp-Ttl
X-Lagoon
X-Varnish-Cache-Hits
X-WP-CF-Super-Cache-Cookies-Bypass
X-Wormhole-Sdk
X-Presslabs-Stats
X-Generated-By
X-B3-Traceid
X-SRV
X-B-Cache
X-Signature
X-NWS-UUID-VERIFY
X-CACHE-AGE
Referer-Policy
X-Webstats-RespID
X-Client-Ip
X-Azure-Ref-OriginShield
AMP-Access-Control-Allow-Source-Origin
X-Site-Version
X-Ua
From-Origin
Request-ID
Cache-Provider
X-Cache-Rule
X-PHP-Backend
X-Cache-Operation
X-IsAdmin
X-Accel-Version
X-NF-Request-ID
X-AWS-Id
X-VWS-Id
X-Worker
Location
X-LJ-Flow-ID
X-Auto-Login
X-Clientip
X-VC-TTL
X-TA-CDN-Provider
Fl-Custom-Application
Expect-Staple
X-SRCache-Key
X-Bc-Bl
X-Upstream-Ct
X-Upstream-Ht
X-Tx-Id
Host-ID
X-Destination
X-Server-IP
X-Developer
X-Ig-Push-State
X-Tb-Optimization-Total-Bytes-Saved
X-Conf
X-PERF
X-Ec-GeoHdr
X-Ec-Fail
WPO-Cache-Message
Source
Sid
X-Content-Age
X-Org
X-A
X-D
Xc-Version
DCR-Decision-By
DCR-Processing-Time-Ms
X-Aed
X-Loc
X-A-Ccd
Pragrma
X-BCube-Filmed-By
Redirect-Candidate
X-Vtex-Remote-Cache
X-GeoCode
Origin
X-A-Dcw
Origin-Agent-Cluster
X-A-Dgt
Rendered-Blocks
X-Vdms-Version
Sslversion
X-External-Request-Id
Candidate-Md5Url
X-A-Wwc
X-B-Cookie
X-Application
X-ApacheServer
S-Rt
X-Bl-Debug
X-A-Dam
MD5-Digest
Meta-Geo-Continent
Mail-Subject
X-S-Cookie
Lang
X-Rojux
N-Cache
X-ScT
X-GeoCountry
X-Cache-NE
We-Hiring
Ngx.Var.Host
X-Ig-Origin-Region
X-Litespeed-Cache-Control
X-Xfnlog-Site
X-FC-Vary-Parameters
X-Ee-Request-Id
Canary
X-Epic-Correlation-Id
X-Eu-Site
Cdnsip
X-Ee-Generated-By
CDN-CachedAt
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
Cdncip
CDN-Cache
X-Ee-Origin
CDN-Uid
X-Ee-Request-Date
Gh-Request-Id
Origin-Site
Powered-By
RNT-Machine
X-Bug-Bounty
X-Cache-Aspx
X-Cache-FS-Status
Odigeo-Trace-Id
RNT-Time
X-Access
Store-Cloud-Cache
X-Aicache-OS
X-AK-Request-ID
X-Action
ServerName
Time-Cloud-Cache
X-CGP
Log-Origin
X-Core-Value
Fastly-SSL
Wxu-Next-Region
X-Csrf-Jwt
X-CUA
X-Depends
Wxu-Next-Commit
Web-Mar-Region
Gannett-Cam-Experience-Id
L5d-Success-Class
X-Fmm-Version
X-Cms-Device
IsBot
Ha-Gx-Prefs
X-Contensis-Viewer-Groups
Cluster
X-Internal-TTL
X-Varnish-Beresp-Status
X-Origin-Expires
X-Varnish-Authentication
X-PAYTM-SRV-ID
X-Policy
X-Old-Content-Length
X-Node-Id
X-Vary-Devices
X-VG-TLSProxy
X-Micro-Cache
X-Varnish-Hostname
X-Varnish-Director
X-V-Cache
X-Sucuri-Cache
X-Sigma-Backend
X-Sigma
X-SIPLIST1
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Section
X-SD-PageType
X-Req
X-Forwarded-Site
X-Rocket-Build-Number
X-Save-Cache
X-VG-WebCache
X-Mvc-Supplant-Cachable
X-GeoIP-Country-Code
X-GeoIP-City
X-GoCache-CacheStatus
X-Hash
CF-IPCountry
X-Gamma-Serve
Apple-News-Services-Handled
X-From
X-ND-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-HS-Content-Campaign-Id
X-GeoIP-Region-Code
Wxu-Next-Hostname
X-Parent-Response-Time
X-NGINX-Cache
X-Reqid
X-VarnishDD-TTL
X-Vmg-Version
X-BBC-Edge-Cache-Status
X-We-Are-Hiring
X-Varnish-Remaining-TTL
X-AB-Test
X-Thinkindot-L1
X-Thanos
X-Thinkindot-L3
X-Accel-Expires-Debug
X-UA-Device-Type
X-Viewer-Country
X-Fastly-Backend
X-Varnish-CookieINHashed-On
X-App-Name
X-Wikidot-Static-Cache
X-Akamai-Device-Characteristics
X-Wikidot-Backend
X-Varnish-CookieHashed-On
X-Via-Fastly
X-Uri
X-CacheTTL
X-Amz-Storage-Class
Country-Code
X-SVT-ORM-VERSION
X-Backend-Instance
X-Up
X-Request-URI
X-Jungle-Id
X-Ion-Hop
X-Dispatcher-Server
X-Level-Front-Cache
X-DefHash
X-Men
X-Debug-Cache-Store
X-DefElseHash
X-Ec-Custom-Error
X-Ion-Healthy
X-Gen-Mode
X-Gdpr
X-Frame-Option
X-Generated-On
X-HN
X-Human
X-Hnp-Log
X-Debug-Cache-Fetch
X-Date
X-SB
X-Render-Time
X-Region-Sid
X-Shield-Cache-Expires
X-Cache-Date
X-SVT-ORM-RULES
X-Block-Status
X-Sn-Servicetimems
X-Pubstack
X-Proto
X-Nyt-Route
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Op-Id-All
X-Content-Length
X-Path
X-Origin-Time
X-Bip
X-Acquia-Purge-Cdn-Unconfigured
L
NM-Fastcgi-Cache
X-FORWARDED-FOR
Fastly-Backend-Name
DSUID
X-Air-Pt
Nord-Request-ID
Pics-Label
PFcat
Origin-EX
Origin-CC
Content-Style-Type
Content-Script-Type
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-Version
X-Cs
Cmstype
Cmsid
CDCHOST
Cache-Contol
Release
Machine
TDXMobile
RewriteTeamHook
RewriteTestHook
Server-Host
Req-Svc-Chain
Thinkindot-CacheControl-Type
User-Cache-Control
Vix-Hermes-Req-Id
Thinkindot-CacheControl
V-Age
Click-Count-Error
Click-Count-Action-Start
X-LSADC-Cache
X-Edge-Server
X-DPWN-IS-SECURE
Cdn-Request-Time
X-Moov-T
X-Moov-Xdn-Caching-Status
CacheControlHeader
C-Via
Tube-Got-Results
Tube-Return
X-Gzip
Tube-Got-Eval
X-Esi-Check
X-Location
Tube-Get-Contents
X-ElasticPress-Query
X-Vercel-Id
Cdn-Host
X-Moov-Xdn-Version
Platform
X-Cache-Id
Producers
X-Vercel-Cache
X-B3-Trace-ID
Fastly-GeoIP-CountryCode
CloudFront-Viewer-Country
X-Proxied-Request
X-ZONE
Mime-Version
Fastly-Drupal-HTML
X-Origin-Response-Time
X-Source
XM
X-Sucuri-ID
X-Pad
Load-Balancing
NGX
X-Cached-By
Debug
X-Refresh
Cookie
X-APP
X-Varnish-Hits
X-Via-Popv
X-Nginx-Cache-Key
X-Datadome
X-Via-Popn
X-Via-Poph
X-Debug-Service
X-Servedbyhost
GeoIP-Latitude
GeoIp-Country-Code
True-Client-Country-4JS
X-TH-Server
Server-ID
X-HA-Backend
Server-Ext
X-DynaTrace-JS-Agent
X-AIR-PT
Product
HA-Ipaddr
Server-Hostname
X-Srv
X-Nananana
Sever-Int
X-TT-LOGID
X-Webkit-CSP
X-Litespeed-Tag
X-Amz-Meta-Cb-Modifiedtime
Cdn
Show-Do-Not-Sell-Link
Traceparent
X-Cdn-Forward
X-Cache-VC
X-Wa
X-Nc
X-Ez-Minify-Html
X-GeoIP
X-Fpc
X-Cache-Backend
X-Zone
WZWS-RAY
X-Newrelic-Synthetics
X-Unity-Cache
X-B3-Parentspanid
Edge-Cache
X-User
HostName
X-LB-ID
DataCenter
Fastly-Drupal-Html
MIME-Version
Tcn
SID
X-Lsadc-Cache
X-VCL-Version
X-Request-Start
Resin-Trace
X-CDN-Provider
Akamai-Mon-Iucid-Del
Lb
X-AC
X-LB-NoCache
X-Vc
Yjs-Id
X-B3-Spanid
X-Nginx-Cache
X-Service-Response-Time
X-Scheme
X-Proxy-Cache-La3
Wsr-Cache
Xkeylog
A
Sm-Log-Id
Xkey-La3
XkeyR9
X-Proxy-CacheR9
Serverhost
X-LiteSpeed-Tag
X-HOST
X-Datacenter
CountryCode
X-TX-ID
Cs
Surrogated-Key
X-RateLimit-Limit
X-Lb-Id
NtCoent-Length
X-Request-Host
X-LiteSpeed-Cache-Control
X-Pool
Hostname
X-CS
X-Akamai-Pragma-Client-IP
Uri
Esi-Enabled
X-WA
Cdn-Requestid
CDN
X-NodeID
X-HubSpot-Correlation-Id
Datacenter
X-Dynatrace-Js-Agent
X-RequestId
X-API-Version
X-FPC
X-Aspnet-Version
X-Fastly-Backend-Reqs
X-VC-Age
X-Udemy-Cache-App-Namespace
X-ID
X-NC
X-Cache-Grace
X-Vgn-Hpd-Reason
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Yak-Timeinfo
Content-Secure-Policy
X-DataCenter
X-TIM-N
Proxy-Firewall
X-DynaTrace
Server-Id
Pramga
X-Via-JSL
X-Stale
Cr
X-Html-Minification-Powered-By
X-HA-Bot-Classification
X-HA-Device-Type
X-Styx-Info
X-HA-Application-Name
X-Styx-Origin-Id
N1-Cache
X-CSRF-TOKEN
X-Ez-Minify-Js
X-Srcache-Fetch-Status
T-Server
ServerHost
Geoip-Latitude
GeoIP-Country-Code
X-Var-Ttl
X-Via-CDN
X-Srcache-Store-Status
RATING
Edge-Copy-Time
X-TimeS
X-Via-Edge
X-Via-SSL
Cloudfront-Viewer-Country
W
X-Zen-Fury
From-Cache
X-ServedByHost
Srv
X-Jobs
X-Lb-Nocache
X-Geolocation
X-Ha-Backend
Req-ID
X-Swift-Error
X-Varnish-Beresp-TTL
X-Aspnetmvc-Version
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Oracle-DMS-ECID
X-Via-PopV
True-Client-IP
X-Via-PopH
WP-Super-Cache
X-Via-PopN
X-MSEdge-Flight
X-App
X-MSEdge-Features
X-CACHE-KEY
X-LAGOON
X-Shardid
X-Sorting-Hat-Podid
X-Shopid
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sorting-Hat-Shopid
X-Wp-Cf-Super-Cache-Active
X-Key
X-Ssense-Gql
X-VServer
X-Ssense-Shipping-Surcharge-Enabled
On-Server
X-Proxy-Cache-LA2
X-Correlation-ID
X-ByteArk-Cache
X-ByteArk-ReqID
X-Cdn-Srv
X-Ramcache
Ohc-File-Size
Ohc-Cache-HIT
FSS-Cache
Ngx
Cl-Cache
X-Elasticpress-Query
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Check-Cacheable
X-Powered-By-VTEX-Cache
X-Cdn-Cache-Status
CF-Cached-On
X-Geo
X-Sucuri-Id
X-Webkit-Csp-Report-Only
X-Web-Server
X-ATG-Version
X-DC
X-Th-Server
X-Fastly-Cache
Akamai-X-True-TTL
WebServer
X-Serial
X-PageType
X-Iplb-Request-Id
X-Iplb-Instance
Cf-Ipcountry
X-NODE
X-Env
X-MiniProfiler-Ids
Warning
My-App
X-Beacon
Host-Name
X-Limited
User-Agent
X-WA-Info
Cneonction
FSS-Proxy
X-Fastly-Cache-Status
X-Mg-Cache
X-Request-Url
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Currency
Xkey-G-Jp