Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-XSS-Protection
X-Cache
X-Powered-By
Via
Pragma
CF-RAY
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Xss-Protection
X-Request-Id
X-Timer
CF-Ray
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Envoy-Upstream-Service-Time
X-Generator
X-FRAME-OPTIONS
X-Cache-Status
X-Cacheable
X-Ua-Compatible
X-Iinfo
X-Drupal-Dynamic-Cache
X-CONTENT-TYPE-OPTIONS
Timing-Allow-Origin
Accept-Ch
Feature-Policy
X-XSS-PROTECTION
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Age
Request-Context
X-Backend
Cf-Edge-Cache
X-Amz-Version-Id
X-Robots-Tag
X-Hacker
Keep-Alive
Cf-Apo-Via
X-Via
X-Turbo-Charged-By
X-Vhost
X-AH-Environment
X-Rq
X-Dispatcher
X-Server
CONTENT-SECURITY-POLICY
X-Cache-Group
X-Proxy-Cache
X-Request-ID
X-Ws-Request-Id
EagleId
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Litespeed-Cache
X-Server-Powered-By
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Dns-Prefetch-Control
X-Pingback
X-Page-Speed
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-CacheTime
X-Swift-SaveTime
X-Cache-Lookup
Ali-Swift-Global-Savetime
X-Device
X-FTR-Request-ID
X-Node
X-Host
X-Server-Id
X-Backend-Server
EagleEye-TraceId
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Cf-Railgun
X-Readtime
X-Akam-SW-Version
X-HW
P3p
X-Response-Time
Cache-Tag
X-Amz-Server-Side-Encryption
X-LiteSpeed-Cache
Accept-Ch-Lifetime
X-Ua-Device
Content-Location
X-Content-Type
Cross-Origin-Opener-Policy
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Rack-Cache
Request-Id
Service-Worker-Allowed
X-Trace
X-TraceId
X-Element-Page-Cache
X-Application-Context
X-D2id
Fastly-Restarts
X-Nf-Request-Id
X-Times
X-Vname
X-TtlSet
X-PC
X-Oneagent-Js-Injection
Rating
X-Clacks-Overhead
X-Navigation-Version
X-Country
X-Cnection
X-Mcache
X-Midtier
X-Edge
X-Vcap-Request-Id
Origin-Trial
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
Edge-Control
X-Browser-Type
X-FTR-Expires
X-ESI
X-Cache-TTL
Surrogate-Key
X-Url
X-NWS-LOG-UUID
X-FastCGI-Cache
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Upstream
X-Mod-Pagespeed
X-Amz-Rid
Verso
X-ORACLE-DMS-RID
X-ECACHE
X-Language
X-B3-TraceId
Nginx-Cache
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-MS-InvokeApp
X-Request-Device-Id
Akamai-GRN
X-GitHub-Request-Id
Display
X-Middleton-Display
Pagespeed
X-Sol
S
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Amzn-Trace-Id
X-Envoy-Decorator-Operation
X-T
AR-PoweredBy
Response
AR-ATIME
X-Middleton-Response
AR-Request-ID
Edge-Cache-Tag
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-Meli-Trace-Platform
SPIisLatency
X-Meli-Trace-Site
X-Meli-Trace-Bu
X-Distributor
X-Goog-Hash
X-Ratelimit-Limit
X-Resp-Is-Stale
X-Ser
X-Ruxit-Js-Agent
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
Access-Control-Request-Method
X-NGENIX-Cache
Front-End-Https
X-Shield-Request-Id
X-Dw-Request-Base-Id
X-Request-Processing-Time
X-Request-Received
X-Client-IP
X-Content-Digest
X-Ezoic-Cdn
RTSS
X-Recruiting
X-Cache-Key
Cache-Status
X-Ttl
X-Version
X-Mg-S
X-Varnish-TTL
X-Amz-Replication-Status
Ar-SID
YJS-ID
X-Ismobilevalue
TP-Cache
X-HS-Content-Id
X-Powered-CMS
Public-Key-Pins
X-HS-Hub-Id
X-HS-Cache-Config
X-Accel-Expires
X-MSEdge-Ref
Fastcgi-Cache
X-Correlation-Id
AR-CACHE
Cache-Tags
X-Newrelic-App-Data
Arr-Disable-Session-Affinity
X-Cluster-Name
X-Cached
X-Daa-Tunnel
Realpath
X-Content-Security-Policy-Report-Only
X-Fastly-Request-ID
X-RateLimit-Remaining
X-Id
Content-MD5
X-HS-Combine-CSS
X-Server-Name
X-Azure-Ref
X-Ua-Browser
Payment
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Cambria-Cache-Control
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DIS-Request-ID
X-Forwarded-For
X-Xrds-Location
X-HS-Prerendered
X-HS-CF-Cache-Status
X-GUploader-UploadID
MicrosoftSharePointTeamServices
X-TTL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Content-Disposition
X-Protected-By
X-Px
X-Ratelimit-Reset
Count-Hit
X-Unique-Id
X-Az
X-Activity-Id
X-AppVersion
X-Origin-Server
X-Page-Id
X-Logged-In
X-Hits
X-Rid
Cleartype
Accept-Charset
X-Git-Hash
X-ORACLE-DMS-ECID
Cross-Origin-Resource-Policy
X-Amz-Meta-S3cmd-Attrs
X-Request-Handler-Origin-Region
X-VARITI-CCR
X-Proxy
X-Microsite
Cross-Origin-Embedder-Policy
X-FB-Debug
X-Www-Served-By
X-Load-Cache
Version
X-LLID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Geo-Country
X-Goog-Metageneration
X-Ratelimit-Remaining
X-Forwarded-Proto
X-Template
X-Varnish-Backend
X-PressLabs-Stats
X-Upgrade-Enabled
Server-Node
X-COUNTRY
X-B3-Sampled
X-WebKit-CSP-Report-Only
Server-Name
X-App-Server
X-Hostname
Healthy
AKAMAI-GRN
Access-Control-Allow-Method
X-Content-Options
X-SERVER-NAME
X-Frontend
Section-Io-Cache
X-Requestid
X-Varnish-Grace
Viewport
X-RemovedCookies
X-TT
X-Fb-Rlafr
X-Grace
X-Device-Type
X-ProcessESI
X-Request-Guid
Fastly-SIE
X-B
Fastly-SWR
X-Cache-Age
Alternate-Protocol
X-Varnish-Server
MRF-Tech
X-B3-TraceId-Primal
X-Contextid
Mrf-Cache-Status
X-Status
X-Varnish-Ttl
DC
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Hl-Ver
X-Goog-Storage-Class
X-CST
Upgrade-Insecure-Requests
X-CSRF-Token
TCN
X-Amzn-Remapped-Content-Length
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
Retry-After
X-App-Version
X-Webkit-Csp
Host
MS-Author-Via
X-Cache-Control
Frame-Options
X-Yandex-Req-Id
X-Origin-TTL
X-Origin-CC
X-Response-Served-From
X-Type
X-Revision
X-Original-Request-Id
Xet-Cookie
X-Oracle-Dms-Ecid
X-Debug
SD-X-WS
X-Buckets
X-Mobile
X-ServerID
X-Instance
X-UUID
X-Seen-By
X-G
X-Backend-Name
X-INCAP-ABP
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-NYM-Debug-Backend
X-Adobe-Content
X-Is-Bot
X-Lambda-Id
X-Akamai-Edgescape
X-N
X-Rendered-As
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Adobe-Loc
Cross-Origin-Embedder-Policy-Report-Only
Amp-Access-Control-Allow-Source-Origin
X-Yottaa-Optimizations
X-Cache-Status-Check
Cross-Origin-Opener-Policy-Report-Only
X-Debug-IsConnected
X-Trace-Id
X-Debug-IsPreview
Cache
X-AB
X-Akamai-Request-ID2
X-WP-CF-Super-Cache
X-RTag
MS-CV
X-WP-CF-Super-Cache-Cache-Control
Ms-Operation-Id
Access-Control-Request-Headers
X-Mg-Request-UUID
Section-Io-Id
NGB
X-Framework
X-Content-Powered-By
X-RM-Cache-TTL
X-Server-W
X-Storage
Charset
X-Dc
YJS-CacheStatus
Webserver
Paypal-Debug-Id
Filterid
X-Cacheable-TTL
X-Vcl-Version
X-Timing-Wait
X-Proxy-Build
Selected-Fe
X-DataDome
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
Accept-Language
X-Tec-Api-Root
X-VC-Cache
X-Tec-Api-Version
X-Fastcgi-Cache
X-Tec-Api-Origin
Onion-Location
X-B3-SpanId
X-Ms-Version
X-Ms-Request-Id
Refresh
X-Cache-Time
X-User-Agent
X-Cache-Hit
X-F-Cache
X-VC
SRV
X-Time
X-Node-Name
X-Region
Apigw-Requestid
X-Request-Site
X-Real-IP
Priority
X-Origin-Cache
X-Request-Platform
Front
X-Request-Bu
Liferay-Portal
GEO-INFO
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-L-Path
X-Environment-Context
X-Server-ID
X-Mode
CDN-RequestId
X-Service
X-HTML-Minification-Powered-By
X-Api-Version
X-Mly-Id
X-Rule
X-LB-Cache
X-IPS-LoggedIn
X-Tb
X-Drupal-Cache-Tags
Country
X-Rocket-Nginx-Serving-Static
X-Origin
X-VCT
X-Rn-Rsrv
X-SaId
X-JoinUs
X-UPSTREAM-Address
X-Rewrite-Enabled
Meta-Geo
X-ECache
Backend
X-Cache-Expired-At
X-Tcp-Rtt
X-Pass-Why
X-Wix-Request-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Is-Tablet
X-Is-Supported-Browser
X-Geo-Region
X-Adobe-Source
X-Is-Desktop
X-Is-Mobile
X-Is-Modern-Browser
X-Is-Mobile-Only
X-Datadog-Sampled
X-Handled-By
X-Browser-Name
Cross-Origin-Window-Policy
X-Datadog-Parent-Id
X-Optimistic-Header
X-Provided-By
X-Generation-Time
X-CLOUD-TRACE-CONTEXT
X-Web-Node
Mn-Server-Ip
X-Origin-Hint
TWC-GeoIP-DMA
X-FB-TRIP-ID
X-Origin-Date
X-Forwarded-Host
X-RateLimit-Limit-Second
Expiry
X-Proxied
X-Loop
X-Connection-Hash
TWC-GeoIP-Country
X-Extlb
X-Httpd
TWC-Connection-Speed
X-Cloudmap
X-Cdn-Origin
ServerID
Property-Id
TWC-GeoIP-City
TWC-Device-Class
X-WP-CF-Super-Cache-Active
X-Proxy-Cache-Info
X-Storefront-Renderer-Rendered
X-Tncms
Webcakes-App-Version
X-Tt-Logid
X-RateLimit-Remaining-Second
Webcakes-Region
X-Detected-As
X-Zipkin-Id
X-Alternate-Cache-Key
X-Vcache
X-Varnish-Beresp-Grace
Webcakes-App-Name
X-Whom
TWC-Privacy
TWC-GeoIP-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Routing-Service
Uber-Trace-Id
Url
X-RCS-CacheZone
X-Shopify-Stage
X-Servername
Web-Mar-Node
Fastcgi-Useragent
X-Format
X-Fetched-On
X-App-Environment
X-Director
X-Cms-Context
X-Auth-Group-Type
X-Cache-Debug
ServedBy
X-Cluster
X-Locale
X-MP-GENERATED-AT
X-Logging-Id
Countrycode
X-Redis-Cache
DB-Nickname
X-Soup
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Skip-Cache
X-Hosted-By
Atl-Traceid
X-Cache-Action
X-Hit
OT-Force-Account-Verify
X-Urbn-Site-Id
Node
X-Urbn-Context-Path
Cache-Hits
X-Cache-Host
X-Debug-Info
Environment
Locale
X-Say-TTL
X-Endurance-Cache-Level
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Dynamic
X-FW-Hash
X-Edge-Location
X-FW-Version
X-SayCDN-TTL
X-Scope-Id
X-Say-Cacheable
X-Restarts
X-Cluster-Node
X-Served-From
X-FW-Server
AMP-Access-Control-Allow-Source-Origin
Protected
Filters
X-Labrador-Cache-Channel
X-IPLB-Instance
X-S
X-HITS
X-PHP-Host
X-IPLB-Request-ID
X-Platform
X-CDN-Forward
X-Drupal-Cache-Contexts
LB
X-XRDS-Location
X-R9-Blue-Green-Version
X-CDN-Cache-Status
X-B3-Traceid
Xserver
WPO-Cache-Status
X-GEO
X-No-Session
X-WP-CF-Super-Cache-Cookies-Bypass
X-NWS-UUID-VERIFY
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Varnish-Age
X-Sorting-Hat-PodId
X-Client-Ip
Request-ID
X-Presslabs-Stats
X-Ua
X-Varnish-Beresp-Ttl
Cache-Tv-Group
X-Generated-By
X-Varnish-Cache-Hits
X-Lagoon
X-B-Cache
X-SRCache-Key
Expect-Staple
X-Signature
X-Clientip
CloudFront-Viewer-Country
Referer-Policy
We-Hiring
Mail-Subject
X-UA
X-Upstream-Ct
X-Upstream-Ht
X-URL
X-Cache-FS-Status
X-Azure-Ref-OriginShield
X-TA-CDN-Provider
X-Cache-Rule
X-Webstats-RespID
X-Cache-Operation
X-IsAdmin
X-SRV
X-Site-Version
X-PHP-Backend
From-Origin
X-NewRelic-App-Data
X-Worker
X-Auto-Login
Location
X-Bc-Bl
Cache-Provider
X-Cs
Fl-Custom-Application
X-Server-IP
X-FORWARDED-FOR
X-Fastly-Request-Id
X-VWS-Id
X-LJ-Flow-ID
X-Accel-Version
X-AWS-Id
X-Vtex-Remote-Cache
X-BCube-Filmed-By
X-Ec-GeoHdr
X-Ec-Fail
X-Developer
X-B-Cookie
Source
X-Application
X-Aed
X-Tb-Optimization-Total-Bytes-Saved
WPO-Cache-Message
X-D
X-Vdms-Version
Origin-Agent-Cluster
X-LSADC-Cache
X-Destination
X-Cache-NE
X-Bl-Debug
X-ApacheServer
X-Conf
X-Content-Age
S-Rt
Xc-Version
X-A-Ccd
Origin
X-PERF
X-GeoCode
Pragrma
X-Rojux
X-S-Cookie
Meta-Geo-Continent
N-Cache
X-ScT
X-Org
Redirect-Candidate
X-Ig-Origin-Region
Sslversion
Sid
X-GeoCountry
X-Ig-Push-State
Candidate-Md5Url
Rendered-Blocks
X-ND-Cache
X-Loc
X-A
Ngx.Var.Host
DCR-Decision-By
X-A-Dam
DCR-Processing-Time-Ms
X-A-Dcw
X-A-Wwc
X-A-Dgt
Host-ID
X-External-Request-Id
Lang
MD5-Digest
X-VC-TTL
X-Xfnlog-Site
X-Litespeed-Cache-Control
ServerName
Fastly-SSL
Log-Origin
X-Aicache-OS
IsBot
Store-Cloud-Cache
Web-Mar-Region
X-Action
Gannett-Cam-Experience-Id
Time-Cloud-Cache
RNT-Time
Gh-Request-Id
Powered-By
Ha-Gx-Prefs
L5d-Success-Class
Wxu-Next-Region
X-AK-Request-ID
RNT-Machine
Wxu-Next-Hostname
X-Access
Origin-Site
Wxu-Next-Commit
X-From
X-Rocket-Build-Number
X-Req
X-Save-Cache
X-SD-PageType
X-Section
X-Policy
X-PAYTM-SRV-ID
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Node-Id
X-Old-Content-Length
X-Origin-Expires
X-Sigma
X-Sigma-Backend
X-Varnish-Hostname
X-Varnish-Director
X-Vary-Devices
X-VG-TLSProxy
X-VG-WebCache
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Slack-Backend
X-SIPLIST1
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-V-Cache
X-Internal-TTL
X-HS-Content-Campaign-Id
X-Depends
X-CUA
X-Ee-Generated-By
X-Ee-Origin
X-Ee-Request-Date
X-Csrf-Jwt
X-Core-Value
X-CacheTTL
X-Cache-Aspx
X-CGP
X-Cms-Device
X-Contensis-Viewer-Groups
X-Ee-Request-Id
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-GeoIP-City
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hash
X-Gamma-Serve
X-Forwarded-Site
X-Eu-Site
X-Fastly-Backend
X-FC-Vary-Parameters
X-Fmm-Version
X-Bug-Bounty
Odigeo-Trace-Id
Cluster
Canary
CDN-RequestCountryCode
Apple-News-Services-Request-Url
CDN-RequestPullCode
Cdnsip
CDN-Uid
CDN-RequestPullSuccess
Cdncip
CDN-PullZone
CDN-EdgeStorageId
Apple-News-Services-Host
Mime-Version
Apple-News-Services-Parsed-Url
X-Tx-Id
CDN-Cache
Apple-News-Services-Handled
CDN-CachedAt
Country-Code
X-Parent-Response-Time
X-BBC-Edge-Cache-Status
X-App-Name
X-Mvc-Supplant-OutputCached
X-Op-Id-All
X-Nyt-Route
X-Backend-Instance
X-Path
X-AB-Test
X-Accel-Expires-Debug
X-Pubstack
X-Region-Sid
X-Reqid
X-Render-Time
X-Acquia-Purge-Cdn-Unconfigured
X-Proto
X-Bip
X-Amz-Storage-Class
X-Dispatcher-Server
X-Akamai-Device-Characteristics
X-DefElseHash
X-DefHash
X-Origin-Time
X-Ion-Hop
X-Gen-Mode
X-Viewer-Country
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Date
X-Gdpr
X-Ec-Custom-Error
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Frame-Option
X-Up
X-Generated-On
X-NMSegId
X-Ion-Healthy
X-Men
X-Jungle-Id
X-Level-Front-Cache
X-Cache-Date
Load-Balancing
AR-SID
X-HN
X-Hnp-Log
X-Content-Length
X-Human
X-Block-Status
Azure-InstanceId
Req-Svc-Chain
Content-Style-Type
Release
X-Uri
X-Thanos
X-SVT-ORM-VERSION
X-VarnishDD-TTL
L
RewriteTestHook
X-Wikidot-Static-Cache
RewriteTeamHook
Pics-Label
PFcat
Content-Script-Type
Machine
Cmsid
Cmstype
X-UA-Device-Type
X-Thinkindot-L3
Origin-EX
Origin-CC
X-Thinkindot-L1
Nord-Request-ID
X-Wikidot-Backend
X-SVT-ORM-RULES
Fastly-Backend-Name
Server-Host
X-Vmg-Version
X-SB
X-Via-Fastly
User-Cache-Control
V-Age
Vix-Hermes-Req-Id
Azure-RegionName
X-Request-URI
Azure-SiteName
Azure-SlotName
CDCHOST
DSUID
NM-Fastcgi-Cache
Cache-Contol
X-We-Are-Hiring
TDXMobile
X-Sucuri-Cache
Azure-Version
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cached-By
X-CACHE-AGE
CF-IPCountry
Cdn-Host
CacheControlHeader
X-Location
Platform
X-DPWN-IS-SECURE
X-Cache-Id
Producers
X-Proxied-Request
X-Moov-Xdn-Version
X-Moov-Xdn-Caching-Status
X-Esi-Check
X-Gzip
X-Vercel-Cache
X-Edge-Server
X-Moov-T
Cdn-Request-Time
X-ZONE
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
Click-Count-Error
C-Via
Click-Count-Action-Start
Tube-Return
X-NGINX-Cache
X-ElasticPress-Query
X-Vercel-Id
Fastly-GeoIP-CountryCode
X-B3-Trace-ID
X-Pad
X-NF-Request-ID
XM
X-Origin-Response-Time
Cookie
X-Sucuri-ID
X-Via-Poph
X-Via-Popv
X-Debug-Service
X-Nginx-Cache-Key
X-Via-Popn
X-Varnish-Hits
X-Datadome
NGX
Fastly-Drupal-HTML
True-Client-Country-4JS
Server-Hostname
X-Srv
Debug
X-Air-Pt
Sever-Int
X-AIR-PT
X-Refresh
Server-Ext
X-HA-Backend
X-Webkit-CSP
X-Wormhole-Sdk
Show-Do-Not-Sell-Link
X-APP
Traceparent
X-Ez-Minify-Html
X-Cache-Backend
X-Servedbyhost
GeoIp-Country-Code
GeoIP-Latitude
WZWS-RAY
DataCenter
HA-Ipaddr
HostName
Product
Server-ID
X-Nananana
X-Unity-Cache
X-DynaTrace-JS-Agent
X-TH-Server
X-LB-ID
Fastly-Drupal-Html
X-Zone
X-Litespeed-Tag
X-Amz-Meta-Cb-Modifiedtime
X-B3-Parentspanid
X-Fpc
Cdn
X-Source
X-Wa
X-Cache-VC
X-GeoIP
Tcn
X-Newrelic-Synthetics
X-Nc
X-VCL-Version
X-Cdn-Forward
Lb
Edge-Cache
X-CDN-Provider
X-AC
X-User
X-B3-Spanid
X-Nginx-Cache
SID
A
XkeyR9
Xkeylog
X-Proxy-CacheR9
Xkey-La3
Serverhost
X-Proxy-Cache-La3
X-TT-LOGID
X-Vc
Resin-Trace
X-Datacenter
X-TX-ID
CountryCode
Cs
NtCoent-Length
Akamai-Mon-Iucid-Del
X-RateLimit-Limit
X-Request-Start
X-LB-NoCache
Yjs-Id
MIME-Version
X-Lsadc-Cache
CDN
X-WA
Cdn-Requestid
Wsr-Cache
X-LiteSpeed-Tag
Sm-Log-Id
X-Scheme
X-Service-Response-Time
Esi-Enabled
X-LiteSpeed-Cache-Control
X-API-Version
X-VC-Age
X-NC
X-ID
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-HubSpot-Correlation-Id
X-Aspnet-Version
X-FPC
Uri
Cr
Pramga
Datacenter
X-Request-Host
Hostname
X-Lb-Id
Server-Id
X-Html-Minification-Powered-By
X-Pool
Proxy-Firewall
X-HA-Device-Type
X-Styx-Info
Content-Secure-Policy
X-TIM-N
X-HA-Bot-Classification
X-Styx-Origin-Id
X-HA-Application-Name
X-Via-JSL
X-Stale
X-Akamai-Pragma-Client-IP
X-Ez-Minify-Js
Surrogated-Key
ServerHost
X-NodeID
GeoIP-Country-Code
X-Var-Ttl
X-Fastly-Backend-Reqs
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-TimeS
Geoip-Latitude
RATING
X-CS
X-RequestId
W
X-ServedByHost
X-Cache-Grace
X-Varnish-Beresp-TTL
From-Cache
Srv
X-Vgn-Hpd-Reason
T-Server
X-Lb-Nocache
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Oracle-DMS-ECID
X-Aspnetmvc-Version
X-NODE
X-Swift-Error
X-App
X-MSEdge-Flight
X-MSEdge-Features
X-DynaTrace
Yak-Timeinfo
X-DataCenter
X-CACHE-KEY
Cloudfront-Viewer-Country
X-Sorting-Hat-Podid
X-Shopid
X-Sorting-Hat-Shopid
X-Air-Hostname
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Air-Source
X-Air-Trace-Id
X-LAGOON
X-Wp-Cf-Super-Cache-Active
X-Shardid
Edge-Copy-Time
Ohc-Cache-HIT
X-Ramcache
Ohc-File-Size
X-Via-CDN
X-ByteArk-ReqID
X-VServer
X-Via-SSL
X-Proxy-Cache-LA2
X-Correlation-ID
X-ByteArk-Cache
X-Key
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Via-Edge
X-Ha-Backend
X-Webkit-Csp-Report-Only
X-Elasticpress-Query
X-Web-Server
X-Zen-Fury
Ngx
X-Jobs
N1-Cache
X-Geo
X-Cdn-Cache-Status
X-Via-PopV
X-Via-PopH
X-Geolocation
Cl-Cache
X-Via-PopN
CF-Cached-On
Req-ID
X-CSRF-TOKEN
X-PageType
X-Sucuri-Id
WebServer
True-Client-IP
WP-Super-Cache
X-DC
Akamai-X-True-TTL
X-Th-Server
X-ATG-Version
X-Check-Cacheable
FSS-Cache
Cf-Ipcountry
X-Iplb-Instance
X-Iplb-Request-Id
X-Cdn-Srv
Warning
My-App
X-MiniProfiler-Ids
X-Mg-Cache
X-Limited
X-Beacon
Host-Name
X-Fastly-Cache-Status
User-Agent
X-Env
Xkey-G-Jp
X-Request-Url
On-Server
X-Serial