Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
CF-Cache-Status
X-XSS-Protection
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-Varnish-Cache
X-OneAgent-JS-Injection
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-CacheTime
X-Swift-SaveTime
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
X-LiteSpeed-Cache
Surrogate-Control
X-Server-Id
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
X-Amz-Server-Side-Encryption
P3p
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Clacks-Overhead
X-Application-Context
Rating
X-Times
X-TtlSet
X-Vname
X-PC
X-Country
X-Cnection
X-Ua-Device
X-Browser-Type
X-Mcache
X-Edge
X-Midtier
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-ESI
X-FTR-Cache-Status
X-Country-Code-Real
X-Cache-TTL
X-Vcap-Request-Id
X-FTR-Expires
Origin-Trial
X-Ac
X-FastCGI-Cache
Surrogate-Key
Edge-Control
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Element-Page-Cache
X-Abt-Application-Version
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Nf-Request-Id
X-Exp-Id
X-D2id
X-NWS-LOG-UUID
Verso
X-Upstream
X-B3-TraceId
X-ECACHE
X-Mod-Pagespeed
X-Navigation-Version
X-ORACLE-DMS-RID
Nginx-Cache
X-Amz-Rid
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Display
X-Middleton-Display
Pagespeed
X-Sol
X-GitHub-Request-Id
Akamai-GRN
X-Language
X-Erf-Bev-Bev
X-Instrumentation
X-Middleton-Response
Response
X-PDP-UNCACHING-HASH
X-Envoy-Decorator-Operation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Client-IP
X-Ratelimit-Limit
S
X-Oneagent-Js-Injection
AR-PoweredBy
AR-Request-ID
AR-ATIME
Edge-Cache-Tag
X-MS-InvokeApp
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
X-Resp-Is-Stale
X-ARC
X-Distributor
X-Ser
SPRequestDuration
SPIisLatency
X-Content-Digest
SPRequestGuid
X-SharePointHealthScore
X-NGENIX-Cache
X-Cache-Key
Access-Control-Request-Method
Front-End-Https
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-Varnish-TTL
X-Shield-Request-Id
X-Url
X-Recruiting
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Powered-CMS
Public-Key-Pins
X-Ruxit-Js-Agent
X-T
X-Mg-S
X-Ttl
X-MSEdge-Ref
TP-Cache
Fastcgi-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Daa-Tunnel
X-Correlation-Id
Realpath
X-Forwarded-For
X-Cluster-Name
X-Fastly-Request-ID
X-Cached
X-Ismobilevalue
Cache-Tags
X-Id
AR-CACHE
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-HS-Combine-CSS
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
Content-MD5
X-Newrelic-App-Data
X-Kong-Upstream-Latency
Payment
X-Ratelimit-Remaining
X-TTL
X-DIS-Request-ID
X-GUploader-UploadID
X-CST
X-HS-Prerendered
Content-Disposition
X-HS-CF-Cache-Status
X-Azure-Ref
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-Cambria-Cache-Control
X-Server-Name
X-Amz-Replication-Status
Count-Hit
X-RateLimit-Remaining
X-SERVER-NAME
X-Webkit-Csp
X-Px
YJS-ID
X-ORACLE-DMS-ECID
X-Page-Id
Cleartype
X-Ratelimit-Reset
X-Xrds-Location
Cross-Origin-Embedder-Policy
Accept-Charset
X-Unique-Id
X-SRCache-Fetch-Status
X-Origin-Server
Cross-Origin-Resource-Policy
X-SRCache-Store-Status
X-Activity-Id
X-Protected-By
X-AppVersion
X-Logged-In
X-Rid
X-Az
X-FB-Debug
X-Proxy
X-Www-Served-By
X-URL
X-Git-Hash
Ar-SID
X-Microsite
X-Template
X-Request-Handler-Origin-Region
X-VARITI-CCR
X-LLID
X-Load-Cache
X-Goog-Metageneration
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-Varnish-Backend
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Request-Device-Id
X-Forwarded-Proto
X-PressLabs-Stats
Version
Server-Node
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Upgrade-Enabled
X-Geo-Country
Server-Name
X-Hostname
X-COUNTRY
X-Content-Options
X-B3-Sampled
X-Hits
X-Frontend
Section-Io-Cache
Viewport
X-Varnish-Grace
X-Varnish-Server
X-TT
X-App-Server
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Meli-Trace-Bu
X-B
X-Status
X-Fb-Rlafr
X-Meli-Trace-Platform
Alternate-Protocol
X-Meli-Trace-Site
X-Device-Type
Fastly-SIE
Fastly-SWR
Access-Control-Allow-Method
X-Grace
Healthy
TCN
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Request-Guid
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
Host
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-Tt-Trace-Tag
DC
X-CSRF-Token
X-Tt-Trace-Host
X-Server-ID
X-Buckets
Retry-After
X-Debug
X-Contextid
X-Amzn-Remapped-Content-Length
MS-Author-Via
AKAMAI-GRN
X-Cache-Control
X-NF-Request-ID
X-Revision
X-Type
X-Vcl-Version
X-Instance
SD-X-WS
X-WP-CF-Super-Cache-Cache-Control
X-Original-Request-Id
X-Cache-Age
X-Seen-By
X-WP-CF-Super-Cache
X-Response-Served-From
X-Adobe-Loc
X-Tumblr-User
X-Yottaa-Optimizations
X-UUID
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Is-Bot
X-N
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
X-Hl-Ver
X-NYM-Debug-Backend
X-Rendered-As
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-App-Version
X-Debug-IsConnected
X-Debug-IsPreview
X-G
Access-Control-Request-Headers
X-Lambda-Id
Section-Io-Id
X-INCAP-ABP
X-Akamai-Edgescape
X-Storage
X-Varnish-Ttl
Charset
X-DataDome
X-HITS
X-Server-W
Ms-Operation-Id
X-Framework
X-RTag
X-Mobile
X-Origin-CC
X-Origin-TTL
NGB
X-Backend-Name
Frame-Options
X-Content-Powered-By
X-Mg-Request-UUID
X-Trace-Id
MS-CV
X-ServerID
X-Dc
X-RM-Cache-TTL
X-Akamai-Request-ID2
X-AB
AR-SID
X-Wormhole-Sdk
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Oracle-Dms-Ecid
X-Cache-Status-Check
X-Cache-Hit
Filterid
X-Cache-Time
X-Request-Bu
X-Request-Platform
Accept-Language
Cache
X-Request-Site
Refresh
X-B3-SpanId
X-Tec-Api-Origin
X-Tec-Api-Root
X-Requestid
X-Tec-Api-Version
X-Time
SRV
X-Node-Name
X-Real-IP
X-Region
Paypal-Debug-Id
Onion-Location
Protected
CDN-RequestId
X-XRDS-Location
Webserver
X-VC-Cache
X-Ms-Version
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Ms-Request-Id
X-CCDN-Origin-Time
X-F-Cache
X-User-Agent
Cross-Origin-Window-Policy
Liferay-Portal
X-Cache-Expired-At
X-Pass-Why
Priority
X-IPS-LoggedIn
X-Whom
X-WP-CF-Super-Cache-Active
X-HTML-Minification-Powered-By
X-LB-Cache
X-Rocket-Nginx-Serving-Static
Xet-Cookie
Backend
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Mode
X-L-Path
X-Environment-Context
GEO-INFO
OT-Force-Account-Verify
X-Tb
X-Service
X-Drupal-Cache-Tags
X-Fastcgi-Cache
X-Yandex-Req-Id
Url
X-Is-Supported-Browser
X-Is-Mobile
X-Zipkin-Id
Meta-Geo
Fastcgi-Useragent
X-Cacheable-TTL
LB
Filters
X-Proxy-Cache-Info
X-Wix-Request-Id
X-Vcache
X-Detected-As
X-Tcp-Rtt
X-Servername
X-Adobe-Source
ServerID
X-Extlb
X-UPSTREAM-Address
X-Tncms
Web-Mar-Node
X-Geo-Region
X-Cloudmap
X-Browser-Name
X-Is-Desktop
X-App-Environment
X-Is-Tablet
X-JoinUs
X-Rewrite-Enabled
X-MP-GENERATED-AT
X-Loop
X-Routing-Service
X-Rn-Rsrv
X-Proxied
X-Rule
X-SaId
TWC-GeoIP-LatLong
X-Forwarded-Host
X-Tumblr-Pixel-3
X-Restarts
X-Format
X-Handled-By
X-Director
X-Connection-Hash
X-Cdn-Origin
X-FW-Serve
X-FW-Hash
X-Cache-Host
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-FW-Version
X-Redis-Cache
X-Tumblr-Pixel-2
X-FW-Type
X-Cms-Context
X-Generation-Time
Atl-Traceid
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
X-Logging-Id
TWC-Privacy
X-Locale
Property-Id
Webcakes-Region
TWC-Connection-Speed
X-Shopify-Stage
X-Skip-Cache
X-Storefront-Renderer-Rendered
Expiry
Country
X-Hosted-By
X-Hit
TWC-GeoIP-Country
TWC-GeoIP-DMA
X-Alternate-Cache-Key
TWC-GeoIP-Region
TWC-Device-Class
X-Web-Node
TWC-GeoIP-City
TWC-Locale-Group
ServedBy
X-Origin-Date
Uber-Trace-Id
X-Soup
X-Endurance-Cache-Level
X-Say-TTL
X-SayCDN-TTL
Mn-Server-Ip
X-Scope-Id
X-Varnish-Beresp-Grace
X-Say-Cacheable
X-RateLimit-Remaining-Second
X-Debug-Info
X-Edge-Location
X-Cache-Action
X-RateLimit-Limit-Second
Apigw-Requestid
Environment
X-IPLB-Request-ID
X-IPLB-Instance
X-Labrador-Cache-Channel
X-BYPASS-REASON
X-ProxyCache-Status
X-ProxyCache-Key
X-PHP-Host
YJS-CacheStatus
X-Urbn-Site-Id
X-Drupal-Cache-Contexts
X-Cluster-Node
X-Httpd
X-FB-TRIP-ID
X-Urbn-Context-Path
X-Cluster
Locale
X-Origin
X-Served-From
X-Fetched-On
X-Proxy-Build
X-Auth-Group-Type
Selected-Fe
Cache-Hits
DB-Nickname
X-S
X-Timing-Wait
X-ECache
X-Mly-Id
X-No-Session
X-VCT
X-Is-Modern-Browser
X-RCS-CacheZone
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-GEO
X-Cache-Debug
X-Sorting-Hat-PodId
X-VC
X-Origin-Cache
X-CACHE-AGE
X-R9-Blue-Green-Version
X-UA
X-SRV
Front
X-WP-CF-Super-Cache-Cookies-Bypass
X-CDN-Forward
X-Varnish-Cache-Hits
X-Varnish-Age
X-NewRelic-App-Data
X-Provided-By
X-Lagoon
Xserver
X-Is-Mobile-Only
Node
Countrycode
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
X-Api-Version
Cache-Tv-Group
X-Generated-By
X-TA-CDN-Provider
X-Platform
X-Source
X-Site-Version
WPO-Cache-Status
X-Webstats-RespID
X-CDN-Cache-Status
X-Azure-Ref-OriginShield
X-Cdn
X-Presslabs-Stats
Cache-Provider
Referer-Policy
X-Signature
X-B-Cache
X-Accel-Version
X-B3-Traceid
From-Origin
X-NWS-UUID-VERIFY
X-Tt-Logid
X-VC-TTL
X-Optimistic-Header
Location
X-Tx-Id
X-Xfnlog-Site
X-PHP-Backend
X-Cache-Rule
Request-ID
CF-IPCountry
X-Cache-Operation
X-Ua
X-Sucuri-Cache
X-Worker
X-IsAdmin
CDN-Cache
X-Tb-Optimization-Total-Bytes-Saved
CDN-PullZone
X-Air-Pt
CDN-EdgeStorageId
CDN-RequestPullCode
X-Reqid
CDN-Uid
CDN-RequestCountryCode
CDN-CachedAt
CDN-RequestPullSuccess
AMP-Access-Control-Allow-Source-Origin
Lang
X-Ig-Origin-Region
X-Ig-Push-State
Host-ID
Log-Origin
X-ApacheServer
X-Application
X-Micro-Cache
X-Auto-Login
X-Loc
Expect-Staple
X-Destination
X-Depends
DCR-Decision-By
X-Developer
DCR-Processing-Time-Ms
X-Ec-GeoHdr
X-Ec-Fail
X-Cache-NE
Candidate-Md5Url
X-Clientip
X-D
Cluster
X-Core-Value
X-Contensis-Viewer-Groups
Cdnsip
X-Cms-Device
X-Conf
Cdncip
X-Ee-Generated-By
X-Ee-Origin
X-BCube-Filmed-By
X-Bl-Debug
X-Forwarded-Site
X-GeoCode
X-GeoCountry
X-HS-Content-Campaign-Id
Fl-Custom-Application
Fastly-SSL
X-Fmm-Version
X-External-Request-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Ee-Request-Date
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cache-Aspx
X-Ee-Request-Id
X-B-Cookie
X-PERF
WPO-Cache-Message
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A
X-Varnish-Authentication
Rendered-Blocks
Redirect-Candidate
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Node-Id
X-SRCache-Key
X-A-Dgt
X-A-Wwc
RNT-Machine
RNT-Time
X-VG-WebCache
XM
Store-Cloud-Cache
X-Viewer-Country
Xc-Version
X-Vtex-Remote-Cache
Sslversion
Time-Cloud-Cache
X-Varnish-Director
Web-Mar-Region
X-Varnish-Hostname
X-Vary-Devices
X-VG-TLSProxy
X-Vdms-Version
X-Sigma-Backend
X-Access
X-Fastly-Request-Id
X-Req
X-Aed
X-Request-URI
Odigeo-Trace-Id
Origin
X-Sigma
Ngx.Var.Host
X-Content-Age
MD5-Digest
X-Old-Content-Length
Meta-Geo-Continent
X-Origin-Expires
X-PAYTM-SRV-ID
X-AK-Request-ID
X-Rojux
X-Rocket-Build-Number
X-Sucuri-ID
X-Section
X-ScT
X-SD-PageType
X-S-Cookie
X-Action
X-Save-Cache
X-Frame-Option
X-TT-LOGID
X-LSADC-Cache
X-Bc-Bl
X-Acquia-Purge-Cdn-Unconfigured
X-Akamai-Device-Characteristics
X-Accel-Expires-Debug
Thinkindot-CacheControl-Type
X-AB-Test
X-BBC-Edge-Cache-Status
X-Backend-Instance
V-Age
User-Cache-Control
X-Block-Status
X-App-Name
X-Aicache-OS
X-Moov-Xdn-Caching-Status
X-Org
X-Shield-Cache-Expires
X-Sn-Servicetimems
X-GeoIP-City
X-Thinkindot-L3
X-Thinkindot-L1
X-SB
X-SIPLIST1
X-Path
X-Origin-Time
X-Region-Sid
X-Render-Time
X-V-Cache
X-UA-Device-Type
X-From
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
N-Cache
IsBot
X-We-Are-Hiring
X-Via-Fastly
X-Varnish-CookieINHashed-On
Wxu-Next-Commit
X-Up
Wxu-Next-Region
X-Uri
X-Varnish-CookieHashed-On
Wxu-Next-Hostname
Thinkindot-CacheControl
X-Op-Id-All
X-Fastly-Backend
X-Epic-Correlation-Id
X-Gdpr
X-Gen-Mode
X-GeoIP-Country-Code
X-Generated-On
X-Ec-Custom-Error
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Date
X-Debug-Cache-Store
X-DefElseHash
X-DefHash
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Men
X-Level-Front-Cache
X-Moov-T
X-Moov-Xdn-Version
X-Nyt-Route
X-Jungle-Id
X-Ion-Hop
X-Hnp-Log
X-HN
X-Human
X-Internal-TTL
X-Ion-Healthy
X-Content-Length
X-Amz-Storage-Class
Gannett-Cam-Experience-Id
PFcat
Azure-InstanceId
Azure-RegionName
Req-Svc-Chain
Origin-EX
Origin-CC
L
TDXMobile
Nord-Request-ID
Origin-Agent-Cluster
Cmstype
RewriteTeamHook
Cache-Contol
DSUID
CDCHOST
Country-Code
Cmsid
RewriteTestHook
ServerName
Azure-SiteName
Server-Host
Azure-SlotName
Azure-Version
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
CacheControlHeader
X-Gamma-Serve
X-Cache-Date
C-Via
Origin-Site
X-DPWN-IS-SECURE
Cdn-Host
Cdn-Request-Time
X-Csrf-Jwt
X-Vmg-Version
X-CUA
X-Hash
Click-Count-Action-Start
Click-Count-Error
Content-Style-Type
Content-Script-Type
X-Gzip
X-FC-Vary-Parameters
X-Varnish-Beresp-Status
X-SVT-ORM-RULES
X-Pubstack
X-Server-IP
X-Eu-Site
X-Esi-Check
X-Wikidot-Static-Cache
X-Edge-Server
X-Wikidot-Backend
X-Vercel-Id
X-ElasticPress-Query
X-Vercel-Cache
X-Policy
X-SVT-ORM-VERSION
X-Bug-Bounty
Platform
X-Cache-FS-Status
Tube-Get-Contents
Fastly-Backend-Name
Fastly-GeoIP-CountryCode
Ha-Gx-Prefs
Gh-Request-Id
L5d-Success-Class
Producers
X-B3-Trace-ID
X-CGP
Tube-Got-Results
X-Cache-Id
Tube-Return
Tube-Got-Eval
X-Parent-Response-Time
Fastly-Drupal-HTML
Source
S-Rt
X-Proxied-Request
X-Origin-Response-Time
NM-Fastcgi-Cache
We-Hiring
Machine
X-ZONE
X-Proto
X-Mvc-Supplant-Cachable
Powered-By
X-Thanos
X-CacheTTL
X-NMSegId
X-Location
X-Litespeed-Cache-Control
X-Bip
Release
Mail-Subject
Pragrma
X-Upstream-Ht
X-Upstream-Ct
X-Mvc-Supplant-OutputCached
X-NGINX-Cache
Debug
Vix-Hermes-Req-Id
Canary
X-Cs
X-Cached-By
Sid
CloudFront-Viewer-Country
X-Pad
NGX
X-Refresh
X-ND-Cache
Pics-Label
X-Nananana
X-APP
X-TH-Server
Product
X-Litespeed-Tag
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-HA-Backend
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-Servedbyhost
Mime-Version
HA-Ipaddr
X-FORWARDED-FOR
X-Cache-VC
Server-ID
Cookie
X-Varnish-Hits
X-Client-Ip
GeoIp-Country-Code
X-User
X-Datadome
MIME-Version
Edge-Cache
X-Nc
X-AIR-PT
X-DynaTrace-JS-Agent
X-Fpc
X-Wa
X-Cdn-Forward
SID
X-Webkit-CSP
X-LB-ID
X-Nginx-Cache
X-GeoIP
X-Debug-Service
X-B3-Parentspanid
X-LB-NoCache
WZWS-RAY
X-Srv
Akamai-Mon-Iucid-Del
True-Client-Country-4JS
X-Nginx-Cache-Key
Sever-Int
Server-Hostname
Server-Ext
Load-Balancing
X-Zone
X-Vc
Show-Do-Not-Sell-Link
Surrogated-Key
X-Scheme
X-Request-Start
Resin-Trace
HostName
DataCenter
X-Unity-Cache
Cdn
Fastly-Drupal-Html
X-Cache-Backend
Traceparent
X-Newrelic-Synthetics
X-CS
Tcn
X-LiteSpeed-Cache-Control
X-Lsadc-Cache
X-VCL-Version
Wsr-Cache
Lb
X-Service-Response-Time
X-Request-Host
Sm-Log-Id
X-Pool
X-NodeID
X-RequestId
X-B3-Spanid
N1-Cache
X-Cache-Grace
Yjs-Id
X-Vgn-Hpd-Reason
X-LiteSpeed-Tag
Datacenter
X-TX-ID
X-DataCenter
X-CDN-Provider
Hostname
X-API-Version
NtCoent-Length
X-HubSpot-Correlation-Id
Serverhost
X-HOST
X-DynaTrace
Yak-Timeinfo
X-Datacenter
X-Ez-Minify-Html
X-Proxy-Cache-La3
X-Udemy-Cache-App-Namespace
X-Proxy-CacheR9
Xkey-La3
Xkeylog
XkeyR9
X-Via-SSL
X-RateLimit-Limit
X-Via-CDN
Edge-Copy-Time
X-Via-Edge
X-Dynatrace-Js-Agent
X-Geolocation
X-Air-Trace-Id
X-Zen-Fury
X-Air-Source
CDN
X-WA
X-Air-Hostname
Cdn-Requestid
A
CountryCode
Req-ID
X-NC
X-Fastly-Backend-Reqs
X-Lb-Id
X-Jobs
X-ID
X-FPC
X-Akamai-Pragma-Client-IP
Cs
Uri
X-Cdn-Srv
Server-Id
WP-Super-Cache
X-Html-Minification-Powered-By
True-Client-IP
RATING
X-TimeS
X-Powered-By-VTEX-Cache
GeoIP-Country-Code
X-Stale
Geoip-Latitude
X-VC-Age
Proxy-Firewall
Esi-Enabled
T-Server
X-Via-JSL
X-Ez-Minify-Js
WebServer
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-VTEX-Cache-Time
X-VTEX-Cache-Server
On-Server
X-ServedByHost
X-Lb-Nocache
Srv
From-Cache
X-Varnish-Beresp-TTL
X-MSEdge-Flight
X-MSEdge-Features
ServerHost
X-Swift-Error
X-Oracle-DMS-ECID
X-TIM-N
Cloudfront-Viewer-Country
Content-Secure-Policy
X-App
Coldstone-Viewer-Currency
X-Styx-Origin-Id
X-Styx-Info
X-HA-Application-Name
X-Ha-Backend
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Country
X-HA-Bot-Classification
Pramga
X-WA-Info
X-HA-Device-Type
Cr
X-CSRF-TOKEN
X-Webkit-Csp-Report-Only
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
X-Correlation-ID
X-Ssense-Shipping-Surcharge-Enabled
X-Var-Ttl
X-Ssense-Gql
X-Fastly-Cache
X-Via-PopV
Ngx
X-Via-PopN
FSS-Cache
X-Via-PopH
W
BehaviorPad-Version
X-Sorting-Hat-Podid
X-Cdn-Cache-Status
X-Geo
X-Web-Server
X-Ramcache
Cl-Cache
X-Shardid
X-Check-Cacheable
X-Sorting-Hat-Shopid
X-Shopid
X-Sucuri-Id
X-Request-Url
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Proxy-Cache-LA2
X-Elasticpress-Query
X-Th-Server
X-Serial
X-Wp-Cf-Super-Cache-Active
Akamai-X-True-TTL
X-DC
X-ATG-Version
Cf-Ipcountry
Xkey-G-Jp
User-Agent
X-Cache-TTL-Remaining
X-Mg-Cache
X-Nitro-Cache
X-Request-Time
My-App
Cneonction
Host-Name
FSS-Proxy
X-Fastly-Cache-Hits
Bxuuid
Bxpunish
X-Env
X-Fastly-Cache-Status