Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
Cf-Request-Id
X-Served-By
X-UA-Compatible
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
X-Drupal-Cache
Permissions-Policy
X-Ua-Compatible
CF-Ray
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Drupal-Dynamic-Cache
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
Host-Header
X-Age
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
Cf-Apo-Via
X-Via
X-Request-ID
X-Turbo-Charged-By
X-UA-Device
X-Rq
X-Vhost
X-Cache-Group
X-Amz-Version-Id
X-Dispatcher
X-AH-Environment
Keep-Alive
EagleId
X-Proxy-Cache
X-Server
X-Ws-Request-Id
X-OneAgent-JS-Injection
CONTENT-SECURITY-POLICY
X-Varnish-Cache
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
Grace
P3p
Pantheon-Trace-Id
X-Server-Powered-By
Allow
X-Dns-Prefetch-Control
X-Pingback
X-Page-Speed
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-Host
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Backend-Server
Surrogate-Control
X-Country-Code
X-Litespeed-Cache
X-Readtime
X-Cloud-Trace-Context
X-Server-Id
X-Akam-SW-Version
Cf-Railgun
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Country
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Fastly-Restarts
X-TraceId
Request-Id
X-Content-Type
X-Clacks-Overhead
X-Vname
X-PC
Rating
X-TtlSet
X-Application-Context
X-Times
X-Cnection
X-Cache-TTL
X-ESI
Surrogate-Key
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Browser-Type
X-Edge
X-Mcache
X-Country-Code-Real
X-FTR-Backend-Server
X-Midtier
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Accept-Ch-Lifetime
X-Powered-By-Plesk
Edge-Control
X-NWS-LOG-UUID
X-Abt-Application-Version
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Cdn-Fetch
X-Element-Page-Cache
Verso
X-D2id
X-ORACLE-DMS-RID
X-B3-TraceId
X-ECACHE
X-Upstream
X-Client-IP
X-Mod-Pagespeed
X-Amz-Rid
Nginx-Cache
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Navigation-Version
X-GitHub-Request-Id
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-FastCGI-Cache
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Instrumentation
Response
X-Middleton-Response
X-Language
X-Envoy-Decorator-Operation
X-Goog-Hash
X-Ratelimit-Limit
X-Nf-Request-Id
X-ARC
X-MS-InvokeApp
AR-ATIME
S
AR-PoweredBy
AR-Request-ID
Edge-Cache-Tag
X-Resp-Is-Stale
Akamai-GRN
X-Ser
X-Edge-Location-Klb
X-Kinsta-Cache
X-Content-Digest
SPIisLatency
SPRequestDuration
X-Url
X-Distributor
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
Access-Control-Request-Method
Front-End-Https
X-Cache-Key
X-NGENIX-Cache
X-Ezoic-Cdn
X-Recruiting
X-Forwarded-For
X-Shield-Request-Id
Cache-Status
RTSS
X-Amzn-Trace-Id
X-Powered-CMS
X-Ttl
X-Version
X-Server-Name
Public-Key-Pins
X-MSEdge-Ref
X-T
Arr-Disable-Session-Affinity
Fastcgi-Cache
TP-Cache
X-Mg-S
X-Daa-Tunnel
X-Accel-Expires
X-Correlation-Id
X-Id
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ua-Device
X-Ismobilevalue
Realpath
X-Fastly-Request-ID
X-CST
X-Cluster-Name
Cache-Tags
X-Cached
X-ORACLE-DMS-ECID
X-Xrds-Location
AR-CACHE
X-Varnish-TTL
X-Newrelic-App-Data
X-Request-Processing-Time
X-Request-Received
Payment
X-DIS-Request-ID
X-Kong-Upstream-Latency
X-HS-Combine-CSS
X-Kong-Proxy-Latency
X-Ua-Browser
X-GUploader-UploadID
Content-MD5
X-Content-Security-Policy-Report-Only
X-HP-Trace-Id
X-HP-Webp
X-Cambria-Cache-Control
X-Jurisdiction
X-RateLimit-Remaining
X-HS-CF-Cache-Status
X-HS-Prerendered
Count-Hit
X-TTL
X-Server-ID
X-Ratelimit-Remaining
Content-Disposition
X-Azure-Ref
X-Webkit-Csp
X-Amz-Replication-Status
X-PressLabs-Stats
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Microsite
X-Hits
Cross-Origin-Resource-Policy
X-Px
X-Request-Handler-Origin-Region
X-Page-Id
Accept-Charset
X-NF-Request-ID
Cleartype
X-Unique-Id
X-Logged-In
X-FB-Debug
X-Ratelimit-Reset
X-Git-Hash
X-Protected-By
X-Load-Cache
X-Proxy
X-Goog-Metageneration
X-Rid
X-VARITI-CCR
X-Origin-Server
X-AppVersion
X-Activity-Id
X-LLID
X-Www-Served-By
X-Az
X-Varnish-Backend
X-Template
Cross-Origin-Embedder-Policy
MicrosoftSharePointTeamServices
Server-Node
Version
X-Forwarded-Proto
X-Varnish-Ttl
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Server-Name
X-URL
YJS-ID
X-Upgrade-Enabled
X-Amz-Meta-S3cmd-Attrs
X-Geo-Country
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Frontend
X-Varnish-Server
X-Hostname
X-Fastcgi-Cache
X-Content-Options
Section-Io-Cache
X-B3-Sampled
X-Wormhole-Sdk
X-TT
X-Device-Type
X-App-Server
X-Varnish-Grace
Fastly-SWR
MRF-Tech
Viewport
X-B
X-Grace
Mrf-Cache-Status
X-B3-TraceId-Primal
Fastly-SIE
X-Fb-Rlafr
X-Status
X-Cache-Age
TCN
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Ruxit-Js-Agent
Access-Control-Allow-Method
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Ar-SID
Alternate-Protocol
AKAMAI-GRN
Upgrade-Insecure-Requests
AR-SID
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Oneagent-Js-Injection
Healthy
X-SERVER-NAME
X-Magnolia-Registration
Host
X-Request-Guid
Amp-Access-Control-Allow-Source-Origin
X-Buckets
X-CSRF-Token
X-Debug
X-EdgeConnect-Cache-Status
Retry-After
DC
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-WebKit-CSP-Report-Only
X-Contextid
X-Amzn-Remapped-Content-Length
X-Cache-Control
X-Revision
X-Request-Device-Id
X-Response-Served-From
X-Original-Request-Id
X-Instance
X-Rendered-As
X-Origin-CC
X-Origin-TTL
X-Type
X-Adobe-Content
X-Adobe-Loc
X-Yottaa-Metrics
X-Cache-Hit
X-NYM-Debug-Backend
X-Is-Bot
X-Yottaa-Optimizations
X-Akamai-Edgescape
X-Backend-Name
X-G
MS-Author-Via
X-Lambda-Id
Section-Io-Id
Access-Control-Request-Headers
X-Content-Powered-By
Cross-Origin-Embedder-Policy-Report-Only
X-Trace-Id
Cross-Origin-Opener-Policy-Report-Only
X-ServerID
X-Mg-Request-UUID
SD-X-WS
X-Framework
NGB
X-RM-Cache-TTL
X-Debug-IsPreview
Charset
X-Debug-IsConnected
X-UUID
X-Mobile
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Storage
X-Dc
X-Seen-By
X-Server-W
X-Tumblr-Pixel
X-Vcl-Version
X-Hl-Ver
X-Tumblr-User
X-Cache-Time
X-DataDome
X-INCAP-ABP
X-AB
X-Akamai-Request-ID2
X-N
MS-CV
Ms-Operation-Id
X-RTag
Refresh
Protected
Filterid
X-RemovedCookies
X-ProcessESI
X-Cache-Status-Check
X-Time
X-Request-Bu
X-Request-Site
X-Request-Platform
X-App-Version
X-Region
X-Real-IP
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
SRV
VIX-Pulpo-Node
X-LB-Cache
X-Node-Name
VIX-Pulpo-Upstream-Status
Frame-Options
Accept-Language
Cache
X-B3-SpanId
Webserver
X-Meli-Trace-Bu
X-Meli-Trace-Site
X-Meli-Trace-Platform
CDN-RequestId
Cross-Origin-Window-Policy
X-User-Agent
X-Whom
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-WP-CF-Super-Cache-Active
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Ms-Request-Id
X-Ms-Version
Paypal-Debug-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
Onion-Location
Priority
X-HTML-Minification-Powered-By
X-F-Cache
Liferay-Portal
X-IPS-LoggedIn
X-Cache-Expired-At
X-VC
OT-Force-Account-Verify
X-COUNTRY
X-VC-Cache
X-Mode
Backend
X-Proxy-Cache-Info
X-Rocket-Nginx-Serving-Static
X-App-Environment
X-Tb
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Serve
Xet-Cookie
X-FW-Version
X-FW-Hash
X-Cacheable-TTL
X-FW-Dynamic
X-Environment-Context
X-Drupal-Cache-Tags
X-Source
X-L-Path
GEO-INFO
X-Debug-Info
X-Pass-Why
X-Zipkin-Id
X-Vcache
X-Adobe-Source
X-Proxied
X-Detected-As
X-Rewrite-Enabled
ServerID
X-JoinUs
Web-Mar-Node
X-Handled-By
Url
X-Loop
X-MP-GENERATED-AT
X-Rn-Rsrv
X-Extlb
X-UPSTREAM-Address
X-Cloudmap
X-Routing-Service
X-SaId
Fastcgi-Useragent
X-Servername
X-Tncms
X-Alternate-Cache-Key
X-IPLB-Request-ID
ServedBy
X-Storefront-Renderer-Rendered
Country
X-IPLB-Instance
X-Restarts
X-Forwarded-Host
X-Hit
Atl-Traceid
X-Hosted-By
X-Shopify-Stage
X-Logging-Id
X-Director
X-Origin-Date
X-Varnish-Beresp-Grace
X-Format
X-Web-Node
LB
X-Cache-Host
Mn-Server-Ip
X-Cluster-Node
Property-Id
Apigw-Requestid
X-BYPASS-REASON
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-Region
TWC-Device-Class
X-Cache-Action
X-Cluster
TWC-Connection-Speed
TWC-GeoIP-City
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Service
TWC-GeoIP-DMA
TWC-Privacy
X-ProxyCache-Status
X-Browser-Name
X-Say-TTL
X-Say-Cacheable
Webcakes-Region
X-Geo-Region
X-Is-Desktop
X-Tcp-Rtt
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-ProxyCache-Key
X-SayCDN-TTL
X-Origin-Hint
X-Httpd
X-Locale
X-Skip-Cache
X-PHP-Host
X-Cdn-Origin
X-Mly-Id
Meta-Geo
X-Soup
X-FB-TRIP-ID
Uber-Trace-Id
X-Cms-Context
Environment
X-Labrador-Cache-Channel
Filters
X-Drupal-Cache-Contexts
X-R9-Blue-Green-Version
X-Redis-Cache
X-Edge-Location
X-S
X-RateLimit-Remaining-Second
X-Origin
X-RateLimit-Limit-Second
Countrycode
DB-Nickname
X-Wix-Request-Id
X-Served-From
X-Scope-Id
X-Rule
X-Proxy-Build
X-Generation-Time
X-ECache
X-Endurance-Cache-Level
Selected-Fe
X-Requestid
X-Fetched-On
Cache-Hits
X-Auth-Group-Type
X-Timing-Wait
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Varnish-Cache-Hits
X-Sorting-Hat-ShopId
X-Tumblr-Pixel-2
X-Connection-Hash
X-GEO
X-Tumblr-Pixel-3
Expiry
X-Origin-Cache
X-VCT
X-WP-CF-Super-Cache-Cookies-Bypass
Front
X-RCS-CacheZone
Request-ID
WPO-Cache-Status
X-SRV
X-Oracle-Dms-Ecid
X-Varnish-Age
X-Cache-Debug
X-HITS
X-No-Session
X-UA
X-Lagoon
X-Varnish-Beresp-Ttl
X-Webstats-RespID
X-CLOUD-TRACE-CONTEXT
YJS-CacheStatus
X-Api-Version
X-Is-Modern-Browser
Xserver
Node
X-Site-Version
X-CDN-Forward
From-Origin
X-TT-LOGID
Cache-Provider
X-Generated-By
X-Platform
X-TA-CDN-Provider
X-Xfnlog-Site
X-Yandex-Req-Id
X-Azure-Ref-OriginShield
Referer-Policy
X-Cdn
X-Accel-Version
X-B3-Traceid
X-Provided-By
Cache-Tv-Group
X-Is-Mobile-Only
X-NewRelic-App-Data
WPO-Cache-Message
X-VC-TTL
X-B-Cache
CF-IPCountry
X-Signature
X-Sucuri-Cache
X-Reqid
X-XRDS-Location
X-Ua
X-CDN-Cache-Status
X-Sucuri-ID
CDN-Uid
X-Tx-Id
X-Tb-Optimization-Total-Bytes-Saved
CDN-RequestPullSuccess
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-Cache
CDN-EdgeStorageId
X-PHP-Backend
X-Content-Age
AMP-Access-Control-Allow-Source-Origin
X-Cache-Rule
X-Ec-GeoHdr
X-Air-Pt
X-A-Wwc
X-Access
Log-Origin
X-A-Dgt
X-Vtex-Remote-Cache
X-Ec-Fail
X-A-Dcw
Lang
X-VG-WebCache
X-VG-TLSProxy
X-S-Cookie
X-Developer
X-Rojux
X-Action
X-Old-Content-Length
X-Request-URI
X-Rocket-Build-Number
X-Frame-Option
X-A-Dam
X-A
Rendered-Blocks
Redirect-Candidate
Ngx.Var.Host
RNT-Machine
RNT-Time
X-IsAdmin
X-Loc
Location
Origin
X-GeoCountry
Odigeo-Trace-Id
X-Forwarded-Site
Apple-News-Services-Handled
Apple-News-Services-Request-Url
MD5-Digest
Web-Mar-Region
X-ScT
X-External-Request-Id
Apple-News-Services-Parsed-Url
X-Fmm-Version
X-Micro-Cache
Sslversion
Apple-News-Services-Host
X-A-Ccd
X-Origin-Expires
Expect-Staple
X-Bl-Debug
X-Ig-Origin-Region
X-Fastly-Request-Id
X-Ig-Push-State
X-NWS-UUID-VERIFY
X-BCube-Filmed-By
Cdncip
Cdnsip
Fl-Custom-Application
Fastly-SSL
X-GeoCode
X-Varnish-Director
X-Cache-Operation
Xc-Version
DCR-Processing-Time-Ms
DCR-Decision-By
X-Varnish-Authentication
X-Cache-NE
X-Cache-Aspx
XM
X-Contensis-Viewer-Groups
X-Conf
X-D
X-B-Cookie
X-Sigma
X-Sigma-Backend
X-Slack-Shared-Secret-Outcome
X-AK-Request-ID
X-Depends
X-Destination
X-Aed
X-Section
Candidate-Md5Url
X-Slack-Backend
X-Vdms-Version
X-Application
X-Auto-Login
X-SRCache-Key
Gannett-Cam-Experience-Id
L
X-Gen-Mode
X-Human
IsBot
X-Hnp-Log
Origin-Agent-Cluster
DSUID
Ha-Gx-Prefs
Meta-Geo-Continent
X-HS-Content-Campaign-Id
L5d-Success-Class
Gh-Request-Id
X-Accel-Expires-Debug
X-CUA
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-We-Are-Hiring
X-GeoIP-Country-Code
X-Date
X-Akamai-Device-Characteristics
X-Bc-Bl
X-Csrf-Jwt
X-Clientip
X-CGP
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Content-Length
X-Block-Status
X-Bug-Bounty
X-Internal-TTL
X-DefElseHash
ServerName
X-FC-Vary-Parameters
X-Fastly-Backend
X-Hash
Req-Svc-Chain
Origin-CC
Origin-EX
User-Cache-Control
V-Age
X-GeoIP-City
X-Aicache-OS
X-DefHash
X-Acquia-Purge-Cdn-Unconfigured
X-Ec-Custom-Error
X-Eu-Site
X-Epic-Correlation-Id
X-From
Azure-RegionName
X-Litespeed-Tag
X-Uri
Azure-SiteName
Azure-SlotName
X-UA-Device-Type
Azure-Version
Azure-InstanceId
Country-Code
X-Policy
X-Path
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-Beresp-Status
X-Varnish-CookieHashed-On
X-Sn-Servicetimems
X-Up
X-Moov-Xdn-Caching-Status
X-Men
Cmsid
Cmstype
X-Pubstack
X-Moov-Xdn-Version
X-Moov-T
CDCHOST
X-SIPLIST1
X-Optimistic-Header
X-LSADC-Cache
Wxu-Next-Hostname
X-Vercel-Cache
X-Wikidot-Backend
Tube-Return
X-Gzip
X-Origin-Time
X-Vercel-Id
X-Nyt-Route
X-Mvc-Supplant-Cachable
We-Hiring
Wxu-Next-Commit
X-App-Name
X-Node-Id
Wxu-Next-Region
X-Cache-Id
X-DPWN-IS-SECURE
X-SD-PageType
X-Server-IP
X-Req
X-Esi-Check
X-Gdpr
X-Gamma-Serve
X-Region-Sid
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Hostname
X-Viewer-Country
X-B3-Trace-ID
X-Cache-FS-Status
Tube-Got-Results
X-Core-Value
X-CacheTTL
X-V-Cache
X-PAYTM-SRV-ID
X-NMSegId
Platform
Click-Count-Action-Start
Pragrma
Producers
Fastly-GeoIP-CountryCode
CacheControlHeader
C-Via
Mail-Subject
X-Worker
Machine
Tube-Got-Eval
NM-Fastcgi-Cache
Release
Click-Count-Error
Cluster
X-Wikidot-Static-Cache
Tube-Get-Contents
X-Tt-Logid
X-Parent-Response-Time
X-Thanos
Host-ID
X-Debug-Cache-Fetch
Content-Script-Type
Cache-Contol
X-TH-Server
X-Via-Fastly
X-Proto
X-Generated-On
Content-Style-Type
X-Ion-Hop
X-Presslabs-Stats
X-Debug-Cache-Store
Cdn-Request-Time
X-Edge-Server
X-Save-Cache
X-Cs
X-ElasticPress-Query
X-Ee-Request-Date
Fastly-Backend-Name
X-Render-Time
X-Vary-Devices
X-Jungle-Id
X-Proxied-Request
X-Ee-Request-Id
X-Ion-Healthy
Fastly-Drupal-HTML
X-Dispatcher-Server
X-SB
Cdn-Host
TDXMobile
X-Op-Id-All
X-Thinkindot-L3
X-AB-Test
X-Org
X-Nginx-Cache
X-Origin-Response-Time
Product
X-Thinkindot-L1
X-HN
X-Mvc-Supplant-OutputCached
Store-Cloud-Cache
Server-Host
Time-Cloud-Cache
RewriteTestHook
RewriteTeamHook
X-Ee-Origin
X-Ee-Generated-By
X-Cms-Device
X-CACHE-AGE
X-Amz-Storage-Class
X-Level-Front-Cache
X-VarnishDD-TTL
X-Bip
Thinkindot-CacheControl
Nord-Request-ID
N-Cache
NGX
X-Cache-Date
X-ApacheServer
Thinkindot-CacheControl-Type
X-PERF
X-Shield-Cache-Expires
PFcat
X-Vmg-Version
X-Amz-Meta-Cb-Modifiedtime
Origin-Site
Canary
X-Refresh
Source
X-Litespeed-Cache-Control
HA-Ipaddr
X-Location
X-AWS-Id
X-VWS-Id
Sid
X-Cached-By
X-LJ-Flow-ID
X-ZONE
Debug
X-Pad
X-Via-Popn
Mime-Version
Powered-By
X-Via-Popv
S-Rt
X-Via-Poph
X-Cache-VC
CloudFront-Viewer-Country
Vix-Hermes-Req-Id
X-LB-ID
X-User
X-Servedbyhost
X-HA-Backend
X-APP
X-Nananana
X-AIR-PT
GeoIP-Latitude
Edge-Cache
Pics-Label
X-Varnish-Hits
X-ND-Cache
Server-ID
X-Ah-Environment
Cookie
X-Cdn-Forward
X-NGINX-Cache
Surrogated-Key
HostName
X-Datadome
X-GeoIP
X-LB-NoCache
Akamai-Mon-Iucid-Del
X-Upstream-Ht
X-Upstream-Ct
X-Request-Start
X-Fpc
X-Wa
X-Nc
X-DynaTrace-JS-Agent
SID
X-Webkit-CSP
MIME-Version
X-Zone
X-Scheme
X-Srv
N1-Cache
GeoIp-Country-Code
WZWS-RAY
DataCenter
X-LiteSpeed-Cache-Control
X-Request-Host
X-NodeID
X-Pool
Resin-Trace
X-RequestId
X-VCL-Version
Fastly-Drupal-Html
X-Unity-Cache
X-Cache-Grace
X-B3-Parentspanid
X-Nginx-Cache-Key
X-Debug-Service
X-CS
Yak-Timeinfo
True-Client-Country-4JS
Server-Ext
X-DataCenter
Tcn
Server-Hostname
X-Vgn-Hpd-Reason
Sever-Int
X-Lsadc-Cache
X-DynaTrace
Wsr-Cache
Cdn
X-Air-Hostname
Lb
X-Air-Trace-Id
X-Air-Source
Show-Do-Not-Sell-Link
X-Via-CDN
X-Via-Edge
X-Via-SSL
Edge-Copy-Time
X-Newrelic-Synthetics
Load-Balancing
X-B3-Spanid
X-Cache-Backend
Yjs-Id
X-Service-Response-Time
X-Zen-Fury
Sm-Log-Id
X-Geolocation
X-TX-ID
NtCoent-Length
X-LiteSpeed-Tag
X-Jobs
X-HOST
X-Datacenter
Req-ID
Traceparent
X-NODE
X-RateLimit-Limit
GeoIP-Country-Code
X-Cdn-Srv
Uri
X-Powered-By-VTEX-Cache
X-Udemy-Cache-App-Namespace
Cdn-Requestid
X-HubSpot-Correlation-Id
CDN
X-WA
X-API-Version
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Vc
X-FORWARDED-FOR
Serverhost
Datacenter
X-CDN-Provider
X-NC
X-FPC
WP-Super-Cache
X-Fastly-Backend-Reqs
X-Webkit-Csp-Report-Only
X-Akamai-Pragma-Client-IP
Coldstone-Viewer-Country-Region-Name
X-Proxy-Cache-La3
Coldstone-Viewer-Country
X-WA-Info
X-Html-Minification-Powered-By
Hostname
Coldstone-Viewer-Currency
X-Stale
X-Proxy-CacheR9
True-Client-IP
Server-Id
X-Dynatrace-Js-Agent
XkeyR9
Xkeylog
Xkey-La3
X-Ez-Minify-Js
X-TimeS
RATING
T-Server
On-Server
A
Geoip-Latitude
X-Swift-Error
X-Lb-Nocache
X-Lb-Id
X-ServedByHost
Srv
Proxy-Firewall
From-Cache
X-Varnish-Beresp-TTL
ServerHost
BehaviorPad-Version
X-Client-Ip
WebServer
X-Oracle-DMS-ECID
X-Via-JSL
Esi-Enabled
X-App
Cloudfront-Viewer-Country
X-Ha-Backend
X-CSRF-TOKEN
X-LAGOON
X-ID
X-MSEdge-Features
X-MSEdge-Flight
X-Nitro-Cache
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-Correlation-ID
X-Request-Time
X-Via-PopV
X-Via-PopN
X-Fastly-Cache
FSS-Cache
X-Via-PopH
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Cs
CountryCode
X-VC-Age
X-Sorting-Hat-Podid
X-Cdn-Cache-Status
X-Styx-Info
X-Styx-Origin-Id
X-Shardid
X-Geo
Cr
X-Shopid
X-HA-Device-Type
X-HA-Bot-Classification
True-Client-Ip
X-HA-Application-Name
X-Sorting-Hat-Shopid
X-Check-Cacheable
X-Web-Server
My-App
Ohc-Cache-HIT
Pramga
Ohc-File-Size
X-Var-Ttl
X-Proxy-Cache-LA2
X-ATG-Version
X-Th-Server
X-TIM-N
X-Fastly-Cache-Status
Ngx
X-Platform-Server
X-VServer
X-Request-Url
X-Serial
X-Wp-Cf-Super-Cache
Content-Secure-Policy
Akamai-X-True-TTL
X-Wp-Cf-Super-Cache-Cache-Control
X-DC
Ms-Author-Via
Cf-Ipcountry
X-Elasticpress-Query
X-Sucuri-Id
Bxuuid
X-Cache-TTL-Remaining
Bxpunish
X-Beacon
Warning
X-Fastly-Cache-Hits
Cneonction
X-Env
Host-Name
X-Mg-Cache
FSS-Proxy
X-Snapshot-Date