Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
X-XSS-Protection
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
Content-Language
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
X-Xss-Protection
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
X-Runtime
Accept-Ch
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Ua-Compatible
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
X-CDN
X-XSS-PROTECTION
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Age
Request-Context
Cf-Edge-Cache
X-Backend
X-Request-ID
X-Robots-Tag
X-Hacker
Keep-Alive
X-Via
Cf-Apo-Via
X-Amz-Version-Id
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Vhost
X-Cache-Group
X-Server
X-Dispatcher
X-Proxy-Cache
X-Ws-Request-Id
EagleId
CONTENT-SECURITY-POLICY
X-UA-Device
X-Varnish-Cache
Pantheon-Trace-Id
Grace
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Litespeed-Cache
X-OneAgent-JS-Injection
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Dns-Prefetch-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Node
X-Device
X-Cache-Lookup
X-Server-Id
EagleEye-TraceId
X-Host
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
P3p
Cf-Request-Id
X-Amz-Server-Side-Encryption
X-LiteSpeed-Cache
X-Ua-Device
Content-Location
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Trace
Service-Worker-Allowed
Request-Id
X-Content-Type
X-TraceId
X-Application-Context
Fastly-Restarts
X-Times
X-PC
X-TtlSet
X-Vname
X-Nf-Request-Id
X-Clacks-Overhead
Rating
X-Cnection
X-Mcache
X-Midtier
X-Edge
X-Vcap-Request-Id
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Browser-Type
X-FTR-Expires
X-ESI
Origin-Trial
Edge-Control
X-Cache-TTL
X-D2id
X-Element-Page-Cache
X-FastCGI-Cache
Surrogate-Key
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-Exp-Variant
X-Kinja
X-NWS-LOG-UUID
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Country
X-Abt-Application-Version
X-Ac
X-Navigation-Version
X-Upstream
Verso
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-B3-TraceId
X-Url
X-Amz-Rid
Akamai-GRN
Nginx-Cache
X-Language
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-GitHub-Request-Id
Pagespeed
Display
X-ECACHE
X-Sol
X-Middleton-Display
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
S
X-Envoy-Decorator-Operation
X-Middleton-Response
Response
X-MS-InvokeApp
AR-Request-ID
AR-PoweredBy
AR-ATIME
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Distributor
X-Ser
X-Resp-Is-Stale
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-Ttl
Access-Control-Request-Method
X-Amzn-Trace-Id
X-Ruxit-Js-Agent
X-NGENIX-Cache
X-Client-IP
X-Dw-Request-Base-Id
X-Shield-Request-Id
Front-End-Https
X-Content-Digest
X-Ezoic-Cdn
X-Recruiting
RTSS
X-Cache-Key
X-Varnish-TTL
Cache-Status
X-T
X-Version
X-Mg-S
X-Powered-CMS
Public-Key-Pins
TP-Cache
Fastcgi-Cache
X-MSEdge-Ref
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Ismobilevalue
X-Accel-Expires
Arr-Disable-Session-Affinity
X-Daa-Tunnel
Cache-Tags
X-Request-Device-Id
AR-CACHE
X-Cached
X-Cluster-Name
X-Correlation-Id
Realpath
X-Id
X-Request-Processing-Time
Content-MD5
X-Request-Received
X-Content-Security-Policy-Report-Only
X-Forwarded-For
X-HS-Combine-CSS
Ar-SID
YJS-ID
X-Fastly-Request-ID
Payment
X-Meli-Trace-Platform
X-Meli-Trace-Bu
X-Ua-Browser
X-Meli-Trace-Site
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DIS-Request-ID
X-Newrelic-App-Data
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Amz-Replication-Status
X-Azure-Ref
X-COUNTRY
X-GUploader-UploadID
X-Xrds-Location
X-HS-CF-Cache-Status
X-RateLimit-Remaining
X-HS-Prerendered
X-Webkit-Csp
Content-Disposition
X-Ratelimit-Remaining
X-Server-Name
Count-Hit
X-Protected-By
X-Ratelimit-Reset
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Origin-Server
X-AppVersion
X-Az
X-Activity-Id
X-Px
X-Unique-Id
X-Page-Id
MicrosoftSharePointTeamServices
X-ORACLE-DMS-ECID
X-Rid
X-Logged-In
X-SERVER-NAME
Cross-Origin-Resource-Policy
X-Git-Hash
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Microsite
X-Proxy
X-Request-Handler-Origin-Region
X-VARITI-CCR
Accept-Charset
X-FB-Debug
Cross-Origin-Embedder-Policy
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Www-Served-By
X-TTL
Version
X-Load-Cache
X-TEC-API-ROOT
X-TEC-API-VERSION
X-LLID
X-TEC-API-ORIGIN
X-Goog-Metageneration
X-Forwarded-Proto
X-Geo-Country
X-Template
X-Varnish-Backend
X-CST
X-PressLabs-Stats
X-Upgrade-Enabled
Server-Node
X-Hits
Server-Name
X-B3-Sampled
X-App-Server
X-Hostname
X-WebKit-CSP-Report-Only
X-Content-Options
Healthy
Access-Control-Allow-Method
X-Frontend
X-Varnish-Grace
Viewport
Section-Io-Cache
X-Device-Type
X-Fb-Rlafr
X-TT
X-Grace
Fastly-SWR
Fastly-SIE
X-Varnish-Server
Alternate-Protocol
X-B
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Request-Guid
X-Status
X-Goog-Generation
TCN
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Contextid
DC
Upgrade-Insecure-Requests
Retry-After
AKAMAI-GRN
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
Host
X-Requestid
X-Cache-Age
MS-Author-Via
X-Cache-Control
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-ProcessESI
X-CSRF-Token
X-RemovedCookies
Frame-Options
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Origin-CC
X-Origin-TTL
X-Varnish-Ttl
X-Hl-Ver
X-Buckets
X-Debug
X-Type
X-Revision
X-Response-Served-From
X-Original-Request-Id
SD-X-WS
X-Mobile
X-Oracle-Dms-Ecid
VIX-Pulpo-Upstream-Status
X-INCAP-ABP
X-G
X-Backend-Name
X-Seen-By
VIX-Pulpo-Node
X-UUID
X-Instance
X-ServerID
X-N
X-Tumblr-Pixel-1
X-Adobe-Content
X-Rendered-As
X-Yottaa-Optimizations
X-NYM-Debug-Backend
X-Is-Bot
X-Cache-Status-Check
X-Adobe-Loc
X-Tumblr-User
X-Yottaa-Metrics
X-Tumblr-Pixel-0
Cross-Origin-Embedder-Policy-Report-Only
X-Akamai-Edgescape
X-Tumblr-Pixel
Cross-Origin-Opener-Policy-Report-Only
X-Debug-IsPreview
X-Framework
X-Debug-IsConnected
Access-Control-Request-Headers
X-Content-Powered-By
X-Akamai-Request-ID2
X-WP-CF-Super-Cache-Cache-Control
Ms-Operation-Id
X-Mg-Request-UUID
X-Lambda-Id
X-WP-CF-Super-Cache
NGB
X-AB
X-Trace-Id
MS-CV
X-RTag
Section-Io-Id
X-Server-W
X-Storage
X-RM-Cache-TTL
X-Vcl-Version
Charset
Cache
X-ECache
X-Dc
Webserver
X-DataDome
X-Yandex-Req-Id
Filterid
Paypal-Debug-Id
X-Request-Site
X-Request-Bu
Accept-Language
X-B3-SpanId
X-Request-Platform
X-Cache-Time
Refresh
X-Cache-Hit
X-VC-Cache
X-URL
X-HITS
X-Tec-Api-Origin
SRV
X-Tec-Api-Version
X-Tec-Api-Root
X-Ms-Request-Id
Onion-Location
X-Ms-Version
X-Time
X-Node-Name
X-Real-IP
X-User-Agent
X-Region
X-F-Cache
Xet-Cookie
YJS-CacheStatus
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
CDN-RequestId
Priority
Liferay-Portal
X-HTML-Minification-Powered-By
X-Fastcgi-Cache
GEO-INFO
X-Timing-Wait
X-L-Path
X-Environment-Context
Selected-Fe
X-IPS-LoggedIn
X-Proxy-Build
X-LB-Cache
X-Mode
X-Pass-Why
X-Service
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
Cross-Origin-Window-Policy
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rule
X-Rocket-Nginx-Serving-Static
X-Origin
X-Rn-Rsrv
X-UPSTREAM-Address
X-Rewrite-Enabled
Country
X-Cache-Expired-At
X-VC
X-Tb
X-Drupal-Cache-Tags
X-Cacheable-TTL
Meta-Geo
X-JoinUs
X-SaId
Protected
Backend
X-Geo-Region
X-Is-Desktop
X-Is-Mobile
X-Browser-Name
X-Handled-By
X-Adobe-Source
X-Origin-Cache
X-Is-Mobile-Only
X-Is-Modern-Browser
X-Wix-Request-Id
X-VCT
X-Whom
X-Tcp-Rtt
X-Is-Tablet
X-Is-Supported-Browser
Apigw-Requestid
Mn-Server-Ip
X-Web-Node
X-Provided-By
X-Generation-Time
X-Proxy-Cache-Info
Fastcgi-Useragent
X-Proxied
X-Origin-Hint
Property-Id
X-Origin-Date
Expiry
X-RateLimit-Limit-Second
X-Servername
X-WP-CF-Super-Cache-Active
X-Routing-Service
X-Httpd
X-RateLimit-Remaining-Second
X-RCS-CacheZone
X-Loop
TWC-Connection-Speed
Url
Uber-Trace-Id
Web-Mar-Node
Webcakes-App-Name
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-City
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-DMA
TWC-GeoIP-Region
TWC-GeoIP-LatLong
X-Connection-Hash
X-Cloudmap
X-Detected-As
X-FB-TRIP-ID
X-Vcache
X-Tncms
X-Varnish-Beresp-Grace
X-Extlb
ServerID
X-Zipkin-Id
X-Auth-Group-Type
X-Cache-Action
X-Format
X-Forwarded-Host
Atl-Traceid
X-Fetched-On
X-Director
OT-Force-Account-Verify
ServedBy
X-Locale
X-Alternate-Cache-Key
X-Tumblr-Pixel-3
X-App-Environment
DB-Nickname
X-Tumblr-Pixel-2
X-Storefront-Renderer-Rendered
X-Soup
X-Cms-Context
X-Hit
LB
X-Shopify-Stage
X-Skip-Cache
X-Redis-Cache
X-MP-GENERATED-AT
X-Hosted-By
X-Cdn-Origin
X-Logging-Id
X-Cluster
X-FW-Version
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Type
X-NewRelic-App-Data
Environment
X-Say-Cacheable
X-Restarts
X-Urbn-Context-Path
X-Say-TTL
X-SayCDN-TTL
X-Cluster-Node
X-Served-From
X-Scope-Id
X-Cache-Host
Cache-Hits
Locale
X-Edge-Location
X-Urbn-Site-Id
X-Endurance-Cache-Level
X-Api-Version
X-Debug-Info
X-Labrador-Cache-Channel
X-Drupal-Cache-Contexts
Filters
X-S
X-Mly-Id
X-IPLB-Request-ID
X-PHP-Host
X-Cache-Debug
X-IPLB-Instance
X-Server-ID
X-R9-Blue-Green-Version
Node
X-XRDS-Location
Front
X-Platform
X-GEO
X-CDN-Cache-Status
AR-SID
X-No-Session
X-CDN-Forward
X-Optimistic-Header
X-CLOUD-TRACE-CONTEXT
Xserver
Countrycode
X-Tt-Logid
X-Varnish-Age
X-Sorting-Hat-ShopId
X-ShopId
X-UA
X-Sorting-Hat-PodId
X-ShardId
WPO-Cache-Status
X-Fastly-Request-Id
Cache-Tv-Group
X-Lagoon
X-Varnish-Cache-Hits
X-Varnish-Beresp-Ttl
X-WP-CF-Super-Cache-Cookies-Bypass
X-Generated-By
X-Wormhole-Sdk
X-Presslabs-Stats
X-B3-Traceid
X-SRV
X-Signature
X-B-Cache
X-NWS-UUID-VERIFY
Referer-Policy
X-CACHE-AGE
X-Client-Ip
X-Webstats-RespID
X-Site-Version
X-Azure-Ref-OriginShield
AMP-Access-Control-Allow-Source-Origin
Request-ID
X-Ua
From-Origin
X-PHP-Backend
X-Cache-Rule
Cache-Provider
X-Cache-Operation
X-IsAdmin
X-Accel-Version
X-Worker
X-AWS-Id
X-NF-Request-ID
Location
X-VWS-Id
X-LJ-Flow-ID
X-Auto-Login
Expect-Staple
X-Clientip
X-VC-TTL
X-SRCache-Key
Fl-Custom-Application
X-Bc-Bl
X-TA-CDN-Provider
X-Upstream-Ct
X-Upstream-Ht
X-Tx-Id
X-Loc
Xc-Version
Redirect-Candidate
Sid
X-Cache-NE
Rendered-Blocks
Ngx.Var.Host
X-D
Sslversion
X-External-Request-Id
X-S-Cookie
MD5-Digest
Source
Pragrma
Candidate-Md5Url
Origin
X-Content-Age
X-Org
WPO-Cache-Message
X-Conf
N-Cache
Meta-Geo-Continent
X-Vtex-Remote-Cache
X-Ec-GeoHdr
X-Destination
X-BCube-Filmed-By
X-Bl-Debug
X-A-Ccd
Lang
X-A-Wwc
X-Aed
Origin-Agent-Cluster
S-Rt
DCR-Decision-By
X-ScT
X-Ig-Push-State
DCR-Processing-Time-Ms
X-A-Dam
X-A-Dcw
Host-ID
X-Ig-Origin-Region
X-A-Dgt
X-Rojux
X-Server-IP
X-Vdms-Version
X-Developer
X-A
X-PERF
X-Ec-Fail
X-GeoCode
X-B-Cookie
X-ApacheServer
X-GeoCountry
X-Tb-Optimization-Total-Bytes-Saved
X-Application
X-Litespeed-Cache-Control
X-Xfnlog-Site
X-GeoIP-City
Ha-Gx-Prefs
Gh-Request-Id
Cluster
Gannett-Cam-Experience-Id
X-HS-Content-Campaign-Id
Cdnsip
X-Hash
Fastly-SSL
X-GoCache-CacheStatus
X-GeoIP-Region-Code
Cdncip
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
X-GeoIP-Country-Code
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-CachedAt
X-CGP
X-CUA
X-Forwarded-Site
X-Ee-Generated-By
Wxu-Next-Region
ServerName
RNT-Time
X-Action
X-Access
RNT-Machine
Store-Cloud-Cache
X-Ee-Origin
X-Depends
We-Hiring
X-Fmm-Version
CDN-Cache
Web-Mar-Region
X-FC-Vary-Parameters
Wxu-Next-Hostname
Time-Cloud-Cache
Wxu-Next-Commit
X-Aicache-OS
X-AK-Request-ID
X-Contensis-Viewer-Groups
Odigeo-Trace-Id
Origin-Site
Powered-By
X-Core-Value
X-Csrf-Jwt
L5d-Success-Class
Log-Origin
Mail-Subject
X-Cms-Device
X-Ee-Request-Date
X-From
X-Epic-Correlation-Id
X-Eu-Site
X-Gamma-Serve
X-Bug-Bounty
X-Ee-Request-Id
X-Cache-FS-Status
X-Cache-Aspx
IsBot
X-PAYTM-SRV-ID
X-SIPLIST1
X-Old-Content-Length
X-Sigma-Backend
X-Origin-Expires
X-Sigma
X-Node-Id
X-Slack-Backend
X-VG-TLSProxy
X-VG-WebCache
X-Micro-Cache
X-Slack-Shared-Secret-Outcome
X-Vary-Devices
X-Section
X-SD-PageType
X-Req
X-Sucuri-Cache
X-Varnish-Beresp-Status
X-Varnish-Hostname
X-Policy
X-Rocket-Build-Number
X-Varnish-Authentication
X-V-Cache
X-Save-Cache
CF-IPCountry
X-Varnish-Director
X-Internal-TTL
X-Mvc-Supplant-Cachable
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-ND-Cache
Apple-News-Services-Handled
Canary
Apple-News-Services-Parsed-Url
X-Reqid
X-Parent-Response-Time
X-NGINX-Cache
CloudFront-Viewer-Country
X-DefElseHash
X-We-Are-Hiring
X-DefHash
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Date
X-Accel-Expires-Debug
X-AB-Test
X-Wikidot-Backend
X-SB
X-Render-Time
Country-Code
X-Ec-Custom-Error
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
X-Pubstack
X-Region-Sid
X-Dispatcher-Server
X-Request-URI
X-CacheTTL
X-Acquia-Purge-Cdn-Unconfigured
X-Wikidot-Static-Cache
X-VarnishDD-TTL
X-Block-Status
X-Sn-Servicetimems
X-Bip
X-Proto
X-BBC-Edge-Cache-Status
X-Cache-Date
X-Thinkindot-L3
X-Via-Fastly
X-Thinkindot-L1
X-Thanos
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Backend-Instance
X-Viewer-Country
X-UA-Device-Type
X-Amz-Storage-Class
X-Akamai-Device-Characteristics
X-Varnish-Remaining-TTL
X-Fastly-Backend
X-FORWARDED-FOR
X-Uri
X-Content-Length
X-Up
X-Vmg-Version
X-App-Name
X-Shield-Cache-Expires
TDXMobile
X-Men
L
X-Level-Front-Cache
X-Jungle-Id
Fastly-Backend-Name
X-Ion-Hop
X-NMSegId
Machine
NM-Fastcgi-Cache
Nord-Request-ID
X-Generated-On
X-Cs
X-Nyt-Route
X-Ion-Healthy
DSUID
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
CDCHOST
Cache-Contol
Cmsid
Cmstype
Content-Script-Type
Content-Style-Type
X-HN
X-Hnp-Log
Azure-InstanceId
X-Op-Id-All
X-Mvc-Supplant-OutputCached
RewriteTeamHook
RewriteTestHook
Req-Svc-Chain
X-Varnish-CookieINHashed-On
X-Gdpr
X-Gen-Mode
X-Varnish-CookieHashed-On
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Human
X-Air-Pt
X-Frame-Option
X-Path
Release
PFcat
Origin-EX
Origin-CC
X-Origin-Time
Pics-Label
X-Esi-Check
Tube-Return
Click-Count-Action-Start
Click-Count-Error
X-LSADC-Cache
X-Vercel-Id
Tube-Got-Results
C-Via
Cdn-Host
Tube-Get-Contents
Cdn-Request-Time
X-DPWN-IS-SECURE
Tube-Got-Eval
CacheControlHeader
X-ElasticPress-Query
X-Vercel-Cache
Fastly-GeoIP-CountryCode
X-Moov-Xdn-Version
X-ZONE
X-Moov-Xdn-Caching-Status
X-Cache-Id
X-Edge-Server
Producers
X-Moov-T
X-Location
X-B3-Trace-ID
Platform
X-Proxied-Request
X-Gzip
XM
X-Origin-Response-Time
Fastly-Drupal-HTML
Mime-Version
X-Sucuri-ID
X-Source
X-Pad
NGX
Load-Balancing
X-Cached-By
Debug
X-Refresh
Cookie
X-Varnish-Hits
X-APP
X-Debug-Service
GeoIp-Country-Code
X-Datadome
X-Via-Popn
X-Servedbyhost
X-Nginx-Cache-Key
X-Via-Popv
GeoIP-Latitude
X-Via-Poph
True-Client-Country-4JS
X-Srv
X-HA-Backend
X-TH-Server
Server-Ext
X-Nananana
X-DynaTrace-JS-Agent
Sever-Int
Server-Hostname
Server-ID
X-AIR-PT
Product
HA-Ipaddr
X-Litespeed-Tag
X-Webkit-CSP
X-TT-LOGID
Cdn
Show-Do-Not-Sell-Link
X-Amz-Meta-Cb-Modifiedtime
Traceparent
X-Cdn-Forward
X-Fpc
WZWS-RAY
X-Cache-VC
X-Ez-Minify-Html
X-Nc
X-Wa
X-Zone
X-GeoIP
X-Cache-Backend
X-Newrelic-Synthetics
X-User
X-B3-Parentspanid
HostName
DataCenter
Edge-Cache
X-LB-ID
X-Unity-Cache
Fastly-Drupal-Html
Tcn
MIME-Version
SID
X-VCL-Version
X-Lsadc-Cache
X-AC
Lb
X-Request-Start
X-CDN-Provider
Akamai-Mon-Iucid-Del
X-LB-NoCache
Resin-Trace
Yjs-Id
X-Vc
X-B3-Spanid
X-Nginx-Cache
X-Proxy-Cache-La3
Sm-Log-Id
X-Service-Response-Time
Xkeylog
Wsr-Cache
A
X-Scheme
Xkey-La3
X-Proxy-CacheR9
XkeyR9
Serverhost
X-TX-ID
X-Datacenter
X-LiteSpeed-Tag
CountryCode
X-HOST
Cs
Surrogated-Key
NtCoent-Length
Hostname
X-Lb-Id
X-CS
X-RateLimit-Limit
X-Pool
X-LiteSpeed-Cache-Control
X-Request-Host
X-WA
X-Dynatrace-Js-Agent
X-NodeID
X-HubSpot-Correlation-Id
X-Akamai-Pragma-Client-IP
Datacenter
Esi-Enabled
CDN
Uri
Cdn-Requestid
X-RequestId
X-API-Version
X-Udemy-Cache-App-Namespace
X-Vgn-Hpd-Reason
X-Aspnet-Version
X-NC
X-FPC
X-Cache-Grace
X-Fastly-Backend-Reqs
X-VC-Age
X-ID
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
Yak-Timeinfo
X-Styx-Origin-Id
Content-Secure-Policy
X-Via-JSL
X-HA-Device-Type
X-Stale
X-Styx-Info
Cr
Server-Id
X-Html-Minification-Powered-By
X-TIM-N
Pramga
Proxy-Firewall
X-DataCenter
X-HA-Bot-Classification
X-DynaTrace
X-HA-Application-Name
X-CSRF-TOKEN
N1-Cache
GeoIP-Country-Code
ServerHost
X-Var-Ttl
T-Server
Geoip-Latitude
X-Srcache-Fetch-Status
X-Via-SSL
X-Via-Edge
X-Srcache-Store-Status
X-Ez-Minify-Js
Edge-Copy-Time
X-Via-CDN
X-TimeS
RATING
W
X-Lb-Nocache
X-Varnish-Beresp-TTL
X-ServedByHost
Srv
X-Jobs
X-Swift-Error
X-Geolocation
From-Cache
Req-ID
X-Ha-Backend
X-Zen-Fury
X-Aspnetmvc-Version
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-Oracle-DMS-ECID
X-Via-PopN
WP-Super-Cache
X-Via-PopV
X-MSEdge-Features
X-MSEdge-Flight
X-CACHE-KEY
X-App
Cloudfront-Viewer-Country
X-Via-PopH
True-Client-IP
X-Sorting-Hat-Shopid
X-Wp-Cf-Super-Cache-Active
X-LAGOON
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-Key
Ohc-Cache-HIT
X-Cdn-Srv
On-Server
Ohc-File-Size
X-VServer
X-Ramcache
X-Proxy-Cache-LA2
X-ByteArk-Cache
Expect-Ct
X-Ssense-Shipping-Surcharge-Enabled
X-ByteArk-ReqID
X-Correlation-ID
X-Ssense-Gql
FSS-Cache
X-Elasticpress-Query
CF-Cached-On
X-Webkit-Csp-Report-Only
X-VTEX-Cache-Server
X-Web-Server
X-VTEX-Cache-Time
X-Sucuri-Id
Ngx
X-Geo
X-Cdn-Cache-Status
X-Check-Cacheable
X-Powered-By-VTEX-Cache
Cl-Cache
X-Fastly-Cache
X-DC
X-PageType
Akamai-X-True-TTL
X-ATG-Version
X-Th-Server
WebServer
X-Serial
X-Iplb-Request-Id
Cf-Ipcountry
X-Iplb-Instance
X-Limited
X-MiniProfiler-Ids
Xkey-G-Jp
My-App
X-Beacon
Warning
Host-Name
X-Mg-Cache
X-WA-Info
FSS-Proxy
Cneonction
X-Env
X-Fastly-Cache-Status
X-Request-Url
Coldstone-Viewer-Currency
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Country
User-Agent