Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-AspNet-Version
X-DNS-Prefetch-Control
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-Dns-Prefetch-Control
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-OneAgent-JS-Injection
P3p
X-Server-Powered-By
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-SaveTime
X-Swift-CacheTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Server-Id
X-Cache-Lookup
X-Backend-Server
X-Country-Code
X-LiteSpeed-Cache
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Ruxit-JS-Agent
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
X-Ua-Device
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Clacks-Overhead
X-Application-Context
Rating
X-Vname
X-Times
X-PC
X-TtlSet
X-Cnection
X-Country
X-Edge
X-Mcache
X-ESI
X-Browser-Type
X-Midtier
X-Country-Code-Real
X-Cache-TTL
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Surrogate-Key
Edge-Control
X-FastCGI-Cache
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Element-Page-Cache
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Abt-Application-Version
X-D2id
X-Nf-Request-Id
X-NWS-LOG-UUID
Verso
X-Oneagent-Js-Injection
X-Upstream
X-B3-TraceId
X-ECACHE
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-GitHub-Request-Id
Akamai-GRN
X-Language
Response
X-Middleton-Response
X-Envoy-Decorator-Operation
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
S
X-Ratelimit-Limit
AR-Request-ID
Edge-Cache-Tag
AR-PoweredBy
AR-ATIME
X-MS-InvokeApp
X-Goog-Hash
X-Client-IP
X-Kinsta-Cache
X-ARC
X-Edge-Location-Klb
X-Resp-Is-Stale
X-Ser
X-Distributor
X-Ruxit-Js-Agent
SPRequestDuration
SPIisLatency
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
X-Cache-Key
Access-Control-Request-Method
X-NGENIX-Cache
X-Ezoic-Cdn
Front-End-Https
X-Varnish-TTL
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Url
X-Recruiting
RTSS
X-Ttl
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Version
Public-Key-Pins
X-Mg-S
X-T
TP-Cache
X-MSEdge-Ref
Fastcgi-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Daa-Tunnel
X-Ismobilevalue
X-Correlation-Id
X-Fastly-Request-ID
X-Cluster-Name
Realpath
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Forwarded-For
X-Request-Processing-Time
X-Request-Received
X-HS-Combine-CSS
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-Kong-Upstream-Latency
Content-MD5
Payment
X-Kong-Proxy-Latency
X-Newrelic-App-Data
X-DIS-Request-ID
X-Ratelimit-Remaining
X-GUploader-UploadID
X-CST
X-HS-Prerendered
X-Cambria-Cache-Control
X-HP-Webp
X-HS-CF-Cache-Status
X-Jurisdiction
X-HP-Trace-Id
Content-Disposition
X-Azure-Ref
X-Server-Name
X-TTL
X-Amz-Replication-Status
Count-Hit
X-RateLimit-Remaining
X-SERVER-NAME
X-Webkit-Csp
YJS-ID
X-Px
X-Page-Id
Cleartype
X-Ratelimit-Reset
X-Xrds-Location
Accept-Charset
Cross-Origin-Embedder-Policy
X-Unique-Id
X-SRCache-Store-Status
X-FB-Debug
X-Proxy
Cross-Origin-Resource-Policy
X-Logged-In
X-Rid
X-Origin-Server
X-SRCache-Fetch-Status
X-AppVersion
Ar-SID
X-Az
X-Activity-Id
X-URL
X-Protected-By
X-Git-Hash
X-Www-Served-By
X-VARITI-CCR
X-Microsite
X-Request-Handler-Origin-Region
X-ORACLE-DMS-ECID
X-Template
X-Goog-Metageneration
X-COUNTRY
X-LLID
X-Load-Cache
X-Amz-Meta-S3cmd-Attrs
MicrosoftSharePointTeamServices
X-Varnish-Backend
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Request-Device-Id
Version
X-Forwarded-Proto
Server-Node
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-Geo-Country
Server-Name
X-PressLabs-Stats
X-Hostname
X-Content-Options
X-Frontend
X-Hits
X-B3-Sampled
Viewport
Section-Io-Cache
X-Varnish-Grace
X-App-Server
X-Varnish-Server
X-TT
X-B3-TraceId-Primal
X-Meli-Trace-Platform
X-Fb-Rlafr
X-Meli-Trace-Site
MRF-Tech
Mrf-Cache-Status
X-Device-Type
X-Meli-Trace-Bu
X-B
Fastly-SWR
Alternate-Protocol
Access-Control-Allow-Method
X-Status
X-Grace
Fastly-SIE
TCN
Healthy
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-WebKit-CSP-Report-Only
X-Request-Guid
Upgrade-Insecure-Requests
X-Magnolia-Registration
Host
X-EdgeConnect-Cache-Status
Amp-Access-Control-Allow-Source-Origin
DC
X-CSRF-Token
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Buckets
X-Contextid
Retry-After
X-Amzn-Remapped-Content-Length
X-Debug
MS-Author-Via
X-Cache-Control
AKAMAI-GRN
X-NF-Request-ID
X-Oracle-Dms-Ecid
X-Revision
X-Type
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Instance
X-Seen-By
X-Cache-Age
SD-X-WS
X-Original-Request-Id
X-Response-Served-From
X-Vcl-Version
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
X-UUID
X-RemovedCookies
X-Tumblr-Pixel-1
X-Rendered-As
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-NYM-Debug-Backend
X-ProcessESI
X-Is-Bot
Cross-Origin-Embedder-Policy-Report-Only
X-N
X-Hl-Ver
X-Adobe-Loc
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-App-Version
X-Akamai-Edgescape
X-Debug-IsPreview
Access-Control-Request-Headers
X-Debug-IsConnected
Section-Io-Id
X-G
X-Backend-Name
X-Lambda-Id
Charset
X-INCAP-ABP
X-Framework
X-Mobile
X-DataDome
X-Mg-Request-UUID
X-ServerID
X-Varnish-Ttl
X-Content-Powered-By
X-Storage
X-Trace-Id
X-HITS
X-RTag
X-Origin-TTL
X-RM-Cache-TTL
MS-CV
Ms-Operation-Id
X-Akamai-Request-ID2
X-Origin-CC
Frame-Options
NGB
X-Server-W
X-Dc
X-AB
X-Cache-Status-Check
AR-SID
X-Wormhole-Sdk
VIX-Pulpo-Node
X-Cache-Hit
VIX-Pulpo-Upstream-Status
Filterid
X-Cache-Time
Cache
Refresh
X-Request-Platform
Accept-Language
X-Request-Site
X-Request-Bu
X-B3-SpanId
X-Server-ID
X-Tec-Api-Origin
X-Requestid
X-Time
X-Tec-Api-Root
X-Tec-Api-Version
SRV
Webserver
Paypal-Debug-Id
X-Region
X-Node-Name
X-Real-IP
X-XRDS-Location
Onion-Location
Protected
X-Ms-Version
X-Hcs-Proxy-Type
CDN-RequestId
X-CCDN-CacheTTL
X-VC-Cache
X-Ms-Request-Id
X-CCDN-Origin-Time
X-User-Agent
X-F-Cache
Liferay-Portal
Cross-Origin-Window-Policy
X-Cache-Expired-At
Priority
X-LB-Cache
X-WP-CF-Super-Cache-Active
X-IPS-LoggedIn
X-Whom
X-Datadog-Trace-Id
X-Pass-Why
X-HTML-Minification-Powered-By
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Sampled
Backend
Xet-Cookie
X-Rocket-Nginx-Serving-Static
X-Mode
X-L-Path
X-Environment-Context
GEO-INFO
OT-Force-Account-Verify
X-Rule
X-Service
X-Tb
X-Yandex-Req-Id
X-Drupal-Cache-Tags
X-Proxy-Cache-Info
X-Fastcgi-Cache
Meta-Geo
X-Vcache
X-UPSTREAM-Address
X-Rn-Rsrv
Filters
X-Rewrite-Enabled
X-Routing-Service
X-Wix-Request-Id
X-Zipkin-Id
X-Proxied
X-Servername
X-SaId
Fastcgi-Useragent
X-Tcp-Rtt
Web-Mar-Node
X-Handled-By
X-Is-Tablet
ServerID
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Tncms
X-Extlb
X-JoinUs
X-Geo-Region
X-Adobe-Source
Url
X-Loop
X-Browser-Name
X-Cacheable-TTL
X-Detected-As
X-Cloudmap
X-MP-GENERATED-AT
Country
X-App-Environment
LB
X-Storefront-Renderer-Rendered
X-Skip-Cache
X-Tumblr-Pixel-2
X-Shopify-Stage
X-Restarts
X-Redis-Cache
X-Tumblr-Pixel-3
Atl-Traceid
X-Web-Node
TWC-GeoIP-City
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Expiry
Property-Id
X-Cms-Context
X-Logging-Id
X-Alternate-Cache-Key
X-Format
X-Director
X-Cache-Host
X-Connection-Hash
X-Cdn-Origin
X-Forwarded-Host
X-Generation-Time
ServedBy
TWC-GeoIP-DMA
X-Locale
Uber-Trace-Id
X-Hit
X-Hosted-By
X-Origin-Date
X-Varnish-Beresp-Grace
X-FW-Static
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
X-FW-Server
X-FW-Serve
TWC-GeoIP-LatLong
X-FW-Dynamic
X-FW-Hash
X-FW-Type
Webcakes-App-Version
X-IPLB-Instance
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Region
X-FW-Version
X-IPLB-Request-ID
X-Soup
X-ProxyCache-Status
X-RateLimit-Remaining-Second
X-ProxyCache-Key
X-Cluster-Node
X-Cluster
Environment
X-Debug-Info
X-Edge-Location
X-Endurance-Cache-Level
X-BYPASS-REASON
X-RateLimit-Limit-Second
X-SayCDN-TTL
Mn-Server-Ip
X-Httpd
X-Cache-Action
Apigw-Requestid
X-Scope-Id
X-Say-Cacheable
X-Say-TTL
X-Labrador-Cache-Channel
YJS-CacheStatus
X-Urbn-Site-Id
Locale
X-PHP-Host
X-S
X-Served-From
X-FB-TRIP-ID
X-Drupal-Cache-Contexts
X-Urbn-Context-Path
Cache-Hits
Selected-Fe
DB-Nickname
X-Auth-Group-Type
X-Fetched-On
X-Proxy-Build
X-Origin
X-Timing-Wait
X-ECache
X-Mly-Id
X-VCT
X-RCS-CacheZone
X-No-Session
X-Is-Modern-Browser
X-R9-Blue-Green-Version
X-Origin-Cache
X-ShardId
X-GEO
X-Cache-Debug
X-UA
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-CACHE-AGE
X-VC
X-SRV
X-WP-CF-Super-Cache-Cookies-Bypass
Front
X-Varnish-Age
X-CDN-Forward
X-Varnish-Cache-Hits
X-NewRelic-App-Data
X-Provided-By
X-Presslabs-Stats
X-Lagoon
Xserver
X-Is-Mobile-Only
Node
X-Varnish-Beresp-Ttl
X-CLOUD-TRACE-CONTEXT
WPO-Cache-Status
Cache-Tv-Group
X-Generated-By
X-Api-Version
X-Platform
X-TA-CDN-Provider
Countrycode
X-Source
X-Webstats-RespID
X-CDN-Cache-Status
X-Site-Version
X-Azure-Ref-OriginShield
Cache-Provider
X-Cdn
Referer-Policy
From-Origin
X-Accel-Version
X-Signature
X-B-Cache
X-B3-Traceid
X-Tt-Logid
X-VC-TTL
X-NWS-UUID-VERIFY
X-Optimistic-Header
Location
X-Xfnlog-Site
X-PHP-Backend
X-Tx-Id
X-Ua
Request-ID
X-Cache-Rule
X-Cache-Operation
CF-IPCountry
X-Sucuri-Cache
X-IsAdmin
X-Worker
X-Air-Pt
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-Uid
WPO-Cache-Message
X-Reqid
CDN-RequestPullCode
CDN-Cache
CDN-EdgeStorageId
CDN-CachedAt
X-Tb-Optimization-Total-Bytes-Saved
AMP-Access-Control-Allow-Source-Origin
X-A-Wwc
X-Access
Web-Mar-Region
X-Action
X-SRCache-Key
X-A-Dgt
X-A-Ccd
X-Varnish-Authentication
X-A-Dam
X-A
X-A-Dcw
Redirect-Candidate
DCR-Processing-Time-Ms
DCR-Decision-By
Expect-Staple
Fastly-SSL
Fl-Custom-Application
X-Viewer-Country
X-Vtex-Remote-Cache
Candidate-Md5Url
Xc-Version
Cdncip
Cdnsip
Cluster
Host-ID
Lang
RNT-Machine
Rendered-Blocks
RNT-Time
Sslversion
Store-Cloud-Cache
X-Aed
Origin
MD5-Digest
Log-Origin
Meta-Geo-Continent
Ngx.Var.Host
Odigeo-Trace-Id
Time-Cloud-Cache
X-Origin-Expires
X-Cache-NE
X-GeoCode
X-Forwarded-Site
X-VG-TLSProxy
X-Fmm-Version
X-Clientip
X-GeoCountry
X-VG-WebCache
X-BCube-Filmed-By
X-Vdms-Version
X-Bl-Debug
X-Cache-Aspx
Apple-News-Services-Request-Url
X-External-Request-Id
X-Ee-Request-Id
X-Ec-GeoHdr
X-Ee-Generated-By
X-Ec-Fail
X-Developer
X-D
X-Destination
X-Core-Value
X-Content-Age
X-Conf
X-Cms-Device
X-Contensis-Viewer-Groups
X-Ee-Request-Date
X-Ee-Origin
X-HS-Content-Campaign-Id
X-Ig-Origin-Region
X-S-Cookie
X-Save-Cache
X-Rojux
X-Rocket-Build-Number
X-Varnish-Hostname
X-Request-URI
X-ScT
X-SD-PageType
X-Sigma-Backend
X-Slack-Backend
X-Sigma
X-Varnish-Director
X-Section
X-Req
X-PERF
X-Vary-Devices
X-Auto-Login
X-Micro-Cache
X-B-Cookie
X-Ig-Push-State
X-Loc
X-Node-Id
X-Application
X-Depends
X-PAYTM-SRV-ID
X-Old-Content-Length
X-AK-Request-ID
X-ApacheServer
X-Slack-Shared-Secret-Outcome
Apple-News-Services-Handled
Apple-News-Services-Host
X-Sucuri-ID
Apple-News-Services-Parsed-Url
XM
X-Fastly-Request-Id
X-TT-LOGID
X-Frame-Option
X-LSADC-Cache
X-Generated-On
X-From
X-Gen-Mode
Thinkindot-CacheControl-Type
User-Cache-Control
X-Eu-Site
X-Via-Fastly
X-Fastly-Backend
V-Age
X-FC-Vary-Parameters
Thinkindot-CacheControl
X-Gdpr
Wxu-Next-Region
RewriteTeamHook
RewriteTestHook
Req-Svc-Chain
X-Org
X-Human
X-Hnp-Log
Wxu-Next-Hostname
Server-Host
X-Epic-Correlation-Id
X-GeoIP-Country-Code
X-GeoIP-Region-Code
ServerName
X-GoCache-CacheStatus
TDXMobile
X-Ec-Custom-Error
X-Block-Status
X-Bug-Bounty
X-GeoIP-City
X-Debug-Cache-Fetch
X-Bc-Bl
X-Debug-Cache-Store
X-Hash
X-Date
X-CGP
X-Content-Length
Azure-InstanceId
X-Csrf-Jwt
X-CUA
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Internal-TTL
X-Akamai-Device-Characteristics
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-Accel-Expires-Debug
X-Amz-Storage-Class
X-Dispatcher-Server
X-DefHash
X-DefElseHash
X-SIPLIST1
X-V-Cache
X-App-Name
X-AB-Test
X-HN
X-Varnish-CookieHashed-On
X-Ion-Healthy
X-Varnish-Beresp-Status
X-Uri
X-Pubstack
X-Varnish-Remaining-TTL
X-Policy
Azure-SlotName
X-Varnish-CookieINHashed-On
X-Thinkindot-L3
IsBot
Azure-Version
X-Region-Sid
DSUID
X-Sn-Servicetimems
Country-Code
CDCHOST
X-We-Are-Hiring
Cmstype
X-Shield-Cache-Expires
X-Up
Cache-Contol
X-Render-Time
X-UA-Device-Type
X-SB
X-Thinkindot-L1
N-Cache
Nord-Request-ID
Wxu-Next-Commit
X-Level-Front-Cache
X-Men
X-Moov-T
Azure-RegionName
X-Jungle-Id
PFcat
X-Ion-Hop
Origin-EX
Origin-CC
Origin-Agent-Cluster
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
Ha-Gx-Prefs
X-Origin-Time
Gh-Request-Id
X-Path
Gannett-Cam-Experience-Id
X-Op-Id-All
L
Azure-SiteName
X-VarnishDD-TTL
X-Nyt-Route
L5d-Success-Class
Cmsid
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
X-Vercel-Id
Pragrma
X-ElasticPress-Query
X-Proto
X-Esi-Check
X-Mvc-Supplant-Cachable
X-Gzip
X-Edge-Server
X-Vmg-Version
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Server-IP
X-DPWN-IS-SECURE
X-Vercel-Cache
X-Thanos
X-CacheTTL
Tube-Got-Results
NM-Fastcgi-Cache
Machine
Content-Style-Type
Tube-Get-Contents
Mail-Subject
Content-Script-Type
Source
Fastly-GeoIP-CountryCode
X-Cache-Date
Fastly-Backend-Name
Producers
Platform
Tube-Return
Origin-Site
Click-Count-Error
Click-Count-Action-Start
X-Cache-Id
C-Via
X-NMSegId
X-Wikidot-Backend
X-Wikidot-Static-Cache
Tube-Got-Eval
Release
X-Cache-FS-Status
Cdn-Request-Time
X-Gamma-Serve
Cdn-Host
X-B3-Trace-ID
X-Bip
CacheControlHeader
We-Hiring
Fastly-Drupal-HTML
X-Client-Ip
X-NGINX-Cache
X-Parent-Response-Time
X-FORWARDED-FOR
X-Litespeed-Cache-Control
X-Mvc-Supplant-OutputCached
Powered-By
X-ZONE
X-Location
X-Origin-Response-Time
Canary
X-Proxied-Request
S-Rt
X-Upstream-Ct
X-Upstream-Ht
X-Pad
Debug
X-Cs
Vix-Hermes-Req-Id
Sid
X-Cached-By
CloudFront-Viewer-Country
NGX
X-Refresh
X-ND-Cache
Pics-Label
X-Litespeed-Tag
X-APP
X-Via-Poph
X-TH-Server
X-Via-Popn
Product
X-Via-Popv
X-Nananana
GeoIP-Latitude
Mime-Version
X-HA-Backend
HA-Ipaddr
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
X-Cache-VC
Cookie
X-Varnish-Hits
Server-ID
Edge-Cache
MIME-Version
X-Datadome
X-User
X-Fpc
X-DynaTrace-JS-Agent
X-Wa
X-AIR-PT
X-GeoIP
X-Nc
SID
X-Webkit-CSP
X-Cdn-Forward
X-Debug-Service
X-B3-Parentspanid
X-LB-ID
X-Nginx-Cache-Key
True-Client-Country-4JS
Server-Ext
Server-Hostname
WZWS-RAY
X-Nginx-Cache
X-LB-NoCache
X-Srv
Load-Balancing
Akamai-Mon-Iucid-Del
Sever-Int
X-Vc
X-Zone
Show-Do-Not-Sell-Link
DataCenter
HostName
X-Request-Start
X-Unity-Cache
Cdn
Surrogated-Key
X-Scheme
Resin-Trace
Fastly-Drupal-Html
X-Cache-Backend
Traceparent
X-CS
X-Newrelic-Synthetics
X-LiteSpeed-Cache-Control
Tcn
X-Lsadc-Cache
X-VCL-Version
X-Pool
Wsr-Cache
Sm-Log-Id
X-NodeID
X-Service-Response-Time
Lb
X-Request-Host
N1-Cache
X-RequestId
X-B3-Spanid
X-Cache-Grace
Yjs-Id
X-Vgn-Hpd-Reason
X-LiteSpeed-Tag
X-HubSpot-Correlation-Id
X-CDN-Provider
Hostname
Yak-Timeinfo
X-TX-ID
X-HOST
X-Ez-Minify-Html
NtCoent-Length
X-Datacenter
X-API-Version
Serverhost
Datacenter
X-DataCenter
X-DynaTrace
CountryCode
X-Proxy-CacheR9
X-Via-CDN
Xkey-La3
X-Proxy-Cache-La3
X-RateLimit-Limit
Edge-Copy-Time
X-Via-SSL
X-Via-Edge
XkeyR9
Xkeylog
X-Udemy-Cache-App-Namespace
X-Dynatrace-Js-Agent
X-Air-Hostname
X-WA
CDN
X-Air-Source
A
X-Air-Trace-Id
X-Zen-Fury
X-Lb-Id
X-Geolocation
Cdn-Requestid
X-Jobs
X-FPC
X-NC
Req-ID
X-Fastly-Backend-Reqs
X-ID
Cs
Uri
True-Client-IP
X-Akamai-Pragma-Client-IP
Server-Id
X-Html-Minification-Powered-By
X-Cdn-Srv
X-Via-JSL
WP-Super-Cache
Proxy-Firewall
X-TimeS
Esi-Enabled
X-VC-Age
X-VTEX-Cache-Server
Geoip-Latitude
X-VTEX-Cache-Time
On-Server
GeoIP-Country-Code
X-Powered-By-VTEX-Cache
X-Srcache-Fetch-Status
T-Server
X-Stale
X-Ez-Minify-Js
X-Srcache-Store-Status
RATING
Cr
Pramga
X-Styx-Origin-Id
X-Lb-Nocache
X-HA-Application-Name
X-MSEdge-Features
Srv
ServerHost
X-HA-Bot-Classification
X-Styx-Info
From-Cache
X-HA-Device-Type
X-MSEdge-Flight
X-ServedByHost
X-Swift-Error
X-Varnish-Beresp-TTL
WebServer
X-Oracle-DMS-ECID
X-Ha-Backend
Cloudfront-Viewer-Country
X-Var-Ttl
Coldstone-Viewer-Currency
X-App
X-TIM-N
X-CSRF-TOKEN
Coldstone-Viewer-Country-Region-Name
Coldstone-Viewer-Country
X-WA-Info
Content-Secure-Policy
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-LAGOON
X-Webkit-Csp-Report-Only
FSS-Cache
X-Ssense-Gql
X-Correlation-ID
Ngx
X-Ssense-Shipping-Surcharge-Enabled
X-Via-PopN
X-Via-PopH
W
X-Fastly-Cache
X-Via-PopV
X-Shopid
X-Shardid
Cl-Cache
X-Sorting-Hat-Shopid
X-Check-Cacheable
X-Web-Server
BehaviorPad-Version
X-Cdn-Cache-Status
X-Sorting-Hat-Podid
X-Geo
X-Ramcache
X-Elasticpress-Query
X-DC
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Request-Url
X-Proxy-Cache-LA2
X-Wp-Cf-Super-Cache-Active
Akamai-X-True-TTL
X-ATG-Version
X-Sucuri-Id
X-Serial
X-Th-Server
Cf-Ipcountry
User-Agent
Xkey-G-Jp
My-App
X-Nitro-Cache
X-Cache-TTL-Remaining
X-Fastly-Cache-Hits
X-Mg-Cache
Cneonction
FSS-Proxy
X-Request-Time
Host-Name
Bxpunish
X-Fastly-Cache-Status
X-Env
Bxuuid