Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Accept-CH
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
X-XSS-Protection
X-Powered-By
Pragma
X-Cache
CF-RAY
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
X-Amz-Cf-Pop
X-Amz-Cf-Id
Content-Language
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Xss-Protection
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
CF-Ray
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-AspNet-Version
Accept-Ch
X-Runtime
Permissions-Policy
X-Drupal-Cache
Server-Timing
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-FRAME-OPTIONS
X-Cacheable
X-Iinfo
X-Ua-Compatible
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
X-CONTENT-TYPE-OPTIONS
Feature-Policy
X-Content-Security-Policy
Xkey
Upgrade
X-XSS-PROTECTION
Access-Control-Expose-Headers
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
X-Age
Request-Context
X-Backend
Cf-Edge-Cache
X-Robots-Tag
X-Hacker
X-Amz-Version-Id
Keep-Alive
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-AH-Environment
X-Vhost
X-Rq
X-Server
X-Cache-Group
X-Dispatcher
X-Proxy-Cache
CONTENT-SECURITY-POLICY
X-Ws-Request-Id
EagleId
X-Request-ID
X-UA-Device
X-Varnish-Cache
X-Litespeed-Cache
Pantheon-Trace-Id
Grace
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Powered-By
X-OneAgent-JS-Injection
X-Pingback
X-Dns-Prefetch-Control
Allow
X-Page-Speed
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-FTR-Request-ID
X-Device
X-Node
X-Cache-Lookup
X-Host
X-Server-Id
EagleEye-TraceId
X-Backend-Server
X-Country-Code
Surrogate-Control
Accept-Ch-Lifetime
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Readtime
Cf-Railgun
X-Akam-SW-Version
X-HW
X-Response-Time
P3p
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
X-LiteSpeed-Cache
Cross-Origin-Opener-Policy
X-Ua-Device
X-Content-Type
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Rack-Cache
Request-Id
Service-Worker-Allowed
X-Trace
X-TraceId
X-Application-Context
Fastly-Restarts
X-Nf-Request-Id
X-Times
X-TtlSet
X-PC
X-Vname
Rating
X-Clacks-Overhead
X-Element-Page-Cache
X-D2id
X-Cnection
X-Edge
X-Mcache
X-Midtier
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-Vcap-Request-Id
X-Browser-Type
X-FTR-Expires
X-ESI
Origin-Trial
Edge-Control
X-Cache-TTL
X-Oneagent-Js-Injection
X-Navigation-Version
X-Country
X-FastCGI-Cache
Surrogate-Key
X-NWS-LOG-UUID
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Powered-By-Plesk
X-Ac
X-Abt-Application-Version
X-Upstream
X-Url
Verso
X-Mod-Pagespeed
X-Amz-Rid
X-ORACLE-DMS-RID
X-B3-TraceId
Akamai-GRN
X-Language
Nginx-Cache
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-GitHub-Request-Id
X-Middleton-Display
Display
Pagespeed
X-Sol
X-ECACHE
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
S
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-MS-InvokeApp
X-Envoy-Decorator-Operation
Response
X-Middleton-Response
AR-Request-ID
AR-ATIME
AR-PoweredBy
Edge-Cache-Tag
X-Ratelimit-Limit
X-Goog-Hash
X-Amzn-Trace-Id
X-Distributor
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
SPIisLatency
X-Resp-Is-Stale
X-Ser
X-Kinsta-Cache
X-Edge-Location-Klb
X-T
X-ARC
Access-Control-Request-Method
X-NGENIX-Cache
X-Ttl
X-Client-IP
Front-End-Https
X-Request-Device-Id
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Content-Digest
X-Ezoic-Cdn
X-Recruiting
X-Cache-Key
RTSS
Cache-Status
X-Ruxit-Js-Agent
X-Varnish-TTL
X-Version
X-Mg-S
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Request-Processing-Time
X-Request-Received
X-Powered-CMS
X-HS-Content-Id
X-HS-Cache-Config
TP-Cache
X-HS-Hub-Id
Public-Key-Pins
Fastcgi-Cache
X-Ismobilevalue
X-MSEdge-Ref
X-Accel-Expires
AR-CACHE
Arr-Disable-Session-Affinity
Cache-Tags
X-Daa-Tunnel
X-Correlation-Id
X-Cached
X-Cluster-Name
Realpath
X-Id
Content-MD5
X-Content-Security-Policy-Report-Only
Ar-SID
X-Amz-Replication-Status
YJS-ID
X-HS-Combine-CSS
X-Newrelic-App-Data
X-Forwarded-For
X-Xrds-Location
X-Ua-Browser
Payment
X-Kong-Proxy-Latency
X-Fastly-Request-ID
X-RateLimit-Remaining
X-Kong-Upstream-Latency
X-DIS-Request-ID
X-HP-Trace-Id
X-Azure-Ref
X-HP-Webp
X-Cambria-Cache-Control
X-Webkit-Csp
X-Jurisdiction
X-HS-CF-Cache-Status
X-HS-Prerendered
X-GUploader-UploadID
X-Server-Name
Content-Disposition
X-COUNTRY
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-ORACLE-DMS-ECID
Count-Hit
X-Ratelimit-Remaining
X-Protected-By
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Origin-Server
X-Ratelimit-Reset
X-Px
X-Az
X-Unique-Id
X-AppVersion
X-Activity-Id
X-Page-Id
X-TTL
X-Rid
X-Logged-In
X-Git-Hash
X-TEC-API-ORIGIN
X-Amz-Meta-S3cmd-Attrs
Cross-Origin-Resource-Policy
Accept-Charset
X-TEC-API-VERSION
Cleartype
X-TEC-API-ROOT
X-VARITI-CCR
X-Proxy
X-Microsite
X-Request-Handler-Origin-Region
X-FB-Debug
Cross-Origin-Embedder-Policy
X-Www-Served-By
X-Load-Cache
Version
X-LLID
X-Goog-Metageneration
X-SERVER-NAME
X-Geo-Country
X-Forwarded-Proto
X-Template
X-PressLabs-Stats
X-Hits
X-Varnish-Backend
X-Upgrade-Enabled
Server-Node
Server-Name
X-CST
X-B3-Sampled
X-WebKit-CSP-Report-Only
X-Hostname
X-App-Server
Healthy
X-Content-Options
Access-Control-Allow-Method
X-Frontend
Section-Io-Cache
Viewport
X-Varnish-Grace
X-TT
X-Grace
X-Device-Type
X-Fb-Rlafr
X-B
Fastly-SWR
Fastly-SIE
X-Varnish-Server
Alternate-Protocol
X-Request-Guid
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Status
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Contextid
X-Goog-Generation
X-Goog-Stored-Content-Encoding
TCN
AKAMAI-GRN
DC
Upgrade-Insecure-Requests
X-Requestid
Retry-After
X-RemovedCookies
X-ProcessESI
X-Cache-Age
X-Magnolia-Registration
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
Host
X-Hl-Ver
X-Cache-Control
MS-Author-Via
X-App-Version
X-Varnish-Ttl
Frame-Options
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
X-Response-Served-From
X-Revision
X-Original-Request-Id
X-Buckets
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Type
X-Origin-TTL
X-Origin-CC
X-Debug
SD-X-WS
X-Mobile
X-G
X-ServerID
VIX-Pulpo-Node
X-Backend-Name
VIX-Pulpo-Upstream-Status
X-Seen-By
X-INCAP-ABP
X-UUID
X-Instance
X-Adobe-Loc
X-NYM-Debug-Backend
X-Yottaa-Metrics
X-Adobe-Content
X-Is-Bot
X-Tumblr-User
X-Yottaa-Optimizations
X-Cache-Status-Check
X-Lambda-Id
X-N
X-Akamai-Edgescape
X-Rendered-As
X-Tumblr-Pixel-1
X-ECache
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-WP-CF-Super-Cache
X-Mg-Request-UUID
NGB
MS-CV
X-WP-CF-Super-Cache-Cache-Control
Section-Io-Id
X-Trace-Id
X-Debug-IsConnected
Access-Control-Request-Headers
X-Akamai-Request-ID2
X-AB
X-Content-Powered-By
X-Framework
Ms-Operation-Id
X-RTag
X-Debug-IsPreview
X-Server-W
X-Yandex-Req-Id
X-Storage
X-RM-Cache-TTL
Charset
Cache
X-Dc
X-Oracle-Dms-Ecid
X-Vcl-Version
Xet-Cookie
Webserver
Filterid
X-DataDome
Paypal-Debug-Id
Accept-Language
X-B3-SpanId
X-VC-Cache
X-Cache-Time
Refresh
X-Cache-Hit
X-Ms-Version
X-Ms-Request-Id
X-Request-Bu
Onion-Location
X-Request-Site
X-Request-Platform
SRV
YJS-CacheStatus
X-User-Agent
X-Time
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-F-Cache
X-Region
X-Node-Name
X-ProxyCache-Key
X-BYPASS-REASON
X-Real-IP
X-ProxyCache-Status
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Fastcgi-Cache
X-Cacheable-TTL
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Priority
X-CCDN-Origin-Time
X-HITS
X-VC
Liferay-Portal
X-HTML-Minification-Powered-By
CDN-RequestId
GEO-INFO
X-Environment-Context
X-L-Path
X-IPS-LoggedIn
X-Mode
X-Origin-Cache
X-URL
X-LB-Cache
X-Service
Apigw-Requestid
Backend
X-Rule
X-Datadog-Trace-Id
Cross-Origin-Window-Policy
X-Pass-Why
X-Datadog-Sampling-Priority
X-Datadog-Sampled
X-Datadog-Parent-Id
Meta-Geo
X-Origin
X-VCT
X-Rocket-Nginx-Serving-Static
X-Rn-Rsrv
X-Rewrite-Enabled
X-SaId
X-UPSTREAM-Address
X-Cache-Expired-At
X-JoinUs
X-Tb
X-Drupal-Cache-Tags
Country
X-Geo-Region
X-Wix-Request-Id
X-Whom
X-Browser-Name
X-Tcp-Rtt
X-Is-Desktop
X-Adobe-Source
X-Handled-By
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-Is-Mobile-Only
X-Is-Modern-Browser
X-Api-Version
X-Generation-Time
X-Mly-Id
X-Web-Node
Mn-Server-Ip
X-Provided-By
Protected
TWC-GeoIP-City
Front
TWC-GeoIP-Country
Property-Id
TWC-Device-Class
TWC-Connection-Speed
Expiry
X-Vcache
TWC-GeoIP-DMA
X-Zipkin-Id
TWC-Locale-Group
X-FB-TRIP-ID
X-Extlb
X-Httpd
TWC-Privacy
X-Loop
X-Detected-As
X-Connection-Hash
X-Cloudmap
Webcakes-App-Version
Webcakes-App-Name
Web-Mar-Node
Uber-Trace-Id
X-Origin-Date
X-Origin-Hint
X-Servername
X-Routing-Service
X-Tncms
TWC-GeoIP-Region
TWC-GeoIP-LatLong
X-RCS-CacheZone
X-RateLimit-Remaining-Second
Url
X-Proxied
X-Proxy-Cache-Info
Webcakes-Region
X-RateLimit-Limit-Second
X-Varnish-Beresp-Grace
Fastcgi-Useragent
X-Server-ID
X-WP-CF-Super-Cache-Active
ServerID
X-Alternate-Cache-Key
X-Shopify-Stage
X-Skip-Cache
DB-Nickname
X-Cms-Context
X-Cluster
ServedBy
X-Fetched-On
X-Cdn-Origin
OT-Force-Account-Verify
X-Soup
X-Cache-Action
X-Redis-Cache
X-Storefront-Renderer-Rendered
X-Locale
X-Director
X-Forwarded-Host
X-App-Environment
X-Format
X-Hit
X-Hosted-By
X-MP-GENERATED-AT
X-Logging-Id
Atl-Traceid
X-Auth-Group-Type
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-Say-Cacheable
LB
X-Cache-Host
X-FW-Server
X-Restarts
X-FW-Version
X-FW-Static
X-FW-Type
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
Cache-Hits
X-Debug-Info
X-Cache-Debug
X-Endurance-Cache-Level
X-Edge-Location
X-Say-TTL
X-FW-Dynamic
X-Scope-Id
X-SayCDN-TTL
X-Served-From
X-FW-Serve
X-Cluster-Node
Environment
X-FW-Hash
X-Drupal-Cache-Contexts
X-S
X-IPLB-Instance
Filters
X-PHP-Host
X-IPLB-Request-ID
X-Labrador-Cache-Channel
Node
X-R9-Blue-Green-Version
X-CLOUD-TRACE-CONTEXT
X-Optimistic-Header
X-Platform
Countrycode
X-Tt-Logid
X-CDN-Cache-Status
X-GEO
X-Fastly-Request-Id
X-NewRelic-App-Data
Xserver
X-No-Session
X-CDN-Forward
X-Varnish-Age
WPO-Cache-Status
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-WP-CF-Super-Cache-Cookies-Bypass
X-XRDS-Location
X-Lagoon
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Varnish-Beresp-Ttl
X-UA
X-Varnish-Cache-Hits
Cache-Tv-Group
AR-SID
X-Generated-By
X-Signature
X-B-Cache
X-NWS-UUID-VERIFY
X-Client-Ip
Referer-Policy
X-SRV
X-Presslabs-Stats
X-Ua
Request-ID
X-Webstats-RespID
Expect-Staple
X-Site-Version
X-Clientip
X-Azure-Ref-OriginShield
X-SRCache-Key
X-PHP-Backend
X-CACHE-AGE
From-Origin
X-IsAdmin
X-Cache-Rule
X-Cache-Operation
Cache-Provider
We-Hiring
Mail-Subject
X-Worker
X-LJ-Flow-ID
CloudFront-Viewer-Country
Location
X-Upstream-Ht
X-Upstream-Ct
X-Wormhole-Sdk
X-AWS-Id
X-Accel-Version
X-VWS-Id
X-Auto-Login
Sid
X-Bc-Bl
X-Server-IP
Fl-Custom-Application
X-TA-CDN-Provider
X-Cache-FS-Status
X-VC-TTL
X-A-Dcw
X-Content-Age
X-Bl-Debug
Xc-Version
X-Conf
X-A-Ccd
WPO-Cache-Message
N-Cache
X-A-Dam
MD5-Digest
X-ND-Cache
X-Tb-Optimization-Total-Bytes-Saved
Ngx.Var.Host
X-Loc
X-A-Dgt
Meta-Geo-Continent
X-Ig-Origin-Region
S-Rt
X-GeoCode
X-Developer
X-Vtex-Remote-Cache
Origin-Agent-Cluster
Pragrma
Candidate-Md5Url
X-Ec-Fail
X-Cache-NE
X-External-Request-Id
X-Destination
X-GeoCountry
X-Ig-Push-State
X-D
Host-ID
Rendered-Blocks
X-Ec-GeoHdr
Redirect-Candidate
DCR-Decision-By
DCR-Processing-Time-Ms
Origin
Source
Lang
X-BCube-Filmed-By
X-Application
X-S-Cookie
X-A-Wwc
X-PERF
Sslversion
X-Vdms-Version
X-B-Cookie
X-ScT
X-Org
X-Tx-Id
X-ApacheServer
X-Aed
X-A
X-Rojux
X-Xfnlog-Site
X-Litespeed-Cache-Control
Cdncip
Cdnsip
X-Ee-Origin
CDN-Uid
CDN-PullZone
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Eu-Site
Canary
X-Fastly-Backend
X-FC-Vary-Parameters
X-Fmm-Version
X-Access
X-Epic-Correlation-Id
X-Ee-Generated-By
CDN-CachedAt
CDN-Cache
X-Ee-Request-Id
X-Ee-Request-Date
X-Action
Gh-Request-Id
Ha-Gx-Prefs
X-CUA
Gannett-Cam-Experience-Id
X-Section
X-Csrf-Jwt
X-Core-Value
X-Aicache-OS
L5d-Success-Class
Odigeo-Trace-Id
IsBot
Fastly-SSL
X-SD-PageType
X-Forwarded-Site
Country-Code
X-Rocket-Build-Number
X-AK-Request-ID
X-Save-Cache
X-Depends
Time-Cloud-Cache
X-CGP
X-CacheTTL
Origin-Site
Cluster
Apple-News-Services-Host
X-Cms-Device
X-Vary-Devices
ServerName
X-Contensis-Viewer-Groups
X-Origin-Expires
X-Internal-TTL
Wxu-Next-Commit
X-Bug-Bounty
X-Varnish-Hostname
X-HS-Content-Campaign-Id
X-Slack-Backend
X-SIPLIST1
X-Sigma
RNT-Time
Wxu-Next-Hostname
X-Node-Id
Wxu-Next-Region
X-Sigma-Backend
RNT-Machine
X-Mvc-Supplant-Cachable
X-Cs
X-VG-TLSProxy
X-VG-WebCache
X-Micro-Cache
X-Old-Content-Length
X-Hash
X-Cache-Aspx
X-Req
X-FORWARDED-FOR
Store-Cloud-Cache
X-V-Cache
Powered-By
X-Gamma-Serve
Apple-News-Services-Request-Url
X-From
Apple-News-Services-Parsed-Url
Log-Origin
Apple-News-Services-Handled
X-GeoIP-City
X-Varnish-Authentication
X-GeoIP-Region-Code
Web-Mar-Region
X-Slack-Shared-Secret-Outcome
X-Varnish-Director
X-GoCache-CacheStatus
X-PAYTM-SRV-ID
X-Varnish-Beresp-Status
X-Policy
X-GeoIP-Country-Code
X-Sucuri-Cache
CF-IPCountry
X-Parent-Response-Time
X-Amz-Storage-Class
X-Akamai-Device-Characteristics
X-Cache-Date
X-Backend-Instance
X-Bip
X-BBC-Edge-Cache-Status
X-Block-Status
X-AB-Test
X-App-Name
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Nyt-Route
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Thanos
X-Thinkindot-L1
X-Thinkindot-L3
X-Sn-Servicetimems
X-Shield-Cache-Expires
X-Render-Time
X-Region-Sid
X-Reqid
X-Request-URI
X-SB
X-UA-Device-Type
X-Up
X-Vmg-Version
X-Viewer-Country
X-We-Are-Hiring
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Via-Fastly
X-VarnishDD-TTL
X-Uri
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Pubstack
X-Proto
X-Frame-Option
X-Ec-Custom-Error
X-Gdpr
X-Gen-Mode
X-Generated-On
X-Dispatcher-Server
X-DefHash
X-Date
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DefElseHash
X-HN
X-Hnp-Log
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Op-Id-All
X-Origin-Time
X-Path
X-Men
X-Level-Front-Cache
X-Human
X-Ion-Healthy
X-Ion-Hop
X-Jungle-Id
X-Content-Length
Thinkindot-CacheControl-Type
Machine
NM-Fastcgi-Cache
L
Fastly-Backend-Name
DSUID
Nord-Request-ID
Origin-CC
Release
Pics-Label
PFcat
Origin-EX
Content-Style-Type
Content-Script-Type
Azure-RegionName
Azure-InstanceId
X-LSADC-Cache
X-NGINX-Cache
Azure-SiteName
Azure-SlotName
Cmstype
Cmsid
CDCHOST
Cache-Contol
Req-Svc-Chain
Azure-Version
Vix-Hermes-Req-Id
V-Age
User-Cache-Control
TDXMobile
Thinkindot-CacheControl
Server-Host
RewriteTeamHook
RewriteTestHook
Tube-Got-Eval
X-Esi-Check
CacheControlHeader
X-DPWN-IS-SECURE
Click-Count-Error
Click-Count-Action-Start
Cdn-Request-Time
Cdn-Host
X-Edge-Server
Tube-Get-Contents
Tube-Return
X-Vercel-Id
X-Vercel-Cache
Mime-Version
X-Location
X-Moov-T
X-Moov-Xdn-Caching-Status
C-Via
X-Proxied-Request
X-Gzip
X-Moov-Xdn-Version
Tube-Got-Results
X-ElasticPress-Query
X-B3-Trace-ID
Fastly-GeoIP-CountryCode
Platform
Producers
X-Cache-Id
X-ZONE
X-Air-Pt
Load-Balancing
X-Origin-Response-Time
XM
X-Pad
X-Cached-By
Fastly-Drupal-HTML
X-Sucuri-ID
NGX
X-NF-Request-ID
Cookie
X-Varnish-Hits
Debug
X-Source
X-Refresh
X-Via-Poph
X-Debug-Service
X-Via-Popv
X-Via-Popn
X-APP
X-Datadome
X-Nginx-Cache-Key
True-Client-Country-4JS
X-DynaTrace-JS-Agent
GeoIP-Latitude
Server-Ext
X-Srv
Server-Hostname
X-AIR-PT
GeoIp-Country-Code
Sever-Int
X-HA-Backend
X-Servedbyhost
X-Webkit-CSP
X-TH-Server
Product
HA-Ipaddr
Show-Do-Not-Sell-Link
Server-ID
X-Nananana
X-Cdn-Forward
Traceparent
X-Litespeed-Tag
X-Amz-Meta-Cb-Modifiedtime
WZWS-RAY
X-Ez-Minify-Html
X-Zone
X-Cache-Backend
Cdn
X-Nc
X-TT-LOGID
X-LB-ID
X-GeoIP
HostName
X-Unity-Cache
X-B3-Parentspanid
X-Cache-VC
DataCenter
X-Fpc
X-Wa
Fastly-Drupal-Html
X-Newrelic-Synthetics
X-User
Edge-Cache
Tcn
X-VCL-Version
X-CDN-Provider
Lb
X-AC
X-Nginx-Cache
X-B3-Spanid
SID
MIME-Version
A
X-Proxy-Cache-La3
X-Vc
X-Request-Start
X-Lsadc-Cache
Akamai-Mon-Iucid-Del
X-LB-NoCache
X-Proxy-CacheR9
Resin-Trace
XkeyR9
Xkeylog
Xkey-La3
Serverhost
Yjs-Id
Wsr-Cache
CountryCode
X-Service-Response-Time
X-Datacenter
X-LiteSpeed-Tag
X-Scheme
Sm-Log-Id
X-TX-ID
Cs
X-LiteSpeed-Cache-Control
NtCoent-Length
X-RateLimit-Limit
Esi-Enabled
Surrogated-Key
Cdn-Requestid
CDN
Hostname
X-Request-Host
X-WA
X-Lb-Id
Uri
X-Pool
X-API-Version
X-CS
X-Akamai-Pragma-Client-IP
X-NodeID
X-Fastly-Backend-Reqs
Datacenter
X-VC-Age
X-Aspnet-Version
X-NC
X-HubSpot-Correlation-Id
X-FPC
X-Udemy-Cache-App-Namespace
X-ID
X-Dynatrace-Js-Agent
X-RequestId
X-Vgn-Hpd-Reason
X-Html-Minification-Powered-By
X-TIM-N
X-Via-JSL
Server-Id
X-Cache-Grace
X-Styx-Info
X-Styx-Origin-Id
Content-Secure-Policy
Cr
Pramga
Proxy-Firewall
X-HA-Application-Name
X-HA-Device-Type
X-Stale
X-HA-Bot-Classification
X-CSRF-TOKEN
X-Air-Hostname
X-TimeS
X-Air-Source
T-Server
X-Ez-Minify-Js
RATING
Yak-Timeinfo
X-Var-Ttl
Geoip-Latitude
X-Air-Trace-Id
X-Srcache-Fetch-Status
X-Srcache-Store-Status
GeoIP-Country-Code
ServerHost
X-DynaTrace
X-DataCenter
From-Cache
W
Edge-Copy-Time
X-ServedByHost
X-Lb-Nocache
X-Varnish-Beresp-TTL
X-Via-CDN
X-Via-Edge
X-Via-SSL
Srv
N1-Cache
X-Ha-Backend
X-Wp-Cf-Super-Cache
X-Oracle-DMS-ECID
X-Aspnetmvc-Version
X-Wp-Cf-Super-Cache-Cache-Control
X-Via-PopV
X-Via-PopN
Expect-Ct
X-MSEdge-Flight
X-Via-PopH
X-Swift-Error
X-Jobs
Req-ID
X-CACHE-KEY
X-MSEdge-Features
X-App
Cloudfront-Viewer-Country
X-Geolocation
X-Zen-Fury
X-Sorting-Hat-Shopid
X-Shopid
X-Sorting-Hat-Podid
X-LAGOON
X-Shardid
X-Wp-Cf-Super-Cache-Active
X-Wp-Cf-Super-Cache-Cookies-Bypass
Ohc-Cache-HIT
WP-Super-Cache
X-VServer
X-Proxy-Cache-LA2
X-Ramcache
FSS-Cache
X-Correlation-ID
True-Client-IP
X-ByteArk-ReqID
Ohc-File-Size
X-ByteArk-Cache
X-Key
X-Ssense-Shipping-Surcharge-Enabled
X-Ssense-Gql
X-NODE
X-Geo
X-Cdn-Srv
Cl-Cache
X-Elasticpress-Query
Ngx
On-Server
X-Web-Server
X-Sucuri-Id
CF-Cached-On
X-Webkit-Csp-Report-Only
X-Cdn-Cache-Status
X-Check-Cacheable
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-Serial
X-VTEX-Cache-Server
X-PageType
Akamai-X-True-TTL
X-ATG-Version
WebServer
X-DC
X-Th-Server
Cf-Ipcountry
X-Iplb-Instance
X-Iplb-Request-Id
My-App
Warning
X-Limited
X-MiniProfiler-Ids
X-Mg-Cache
X-Beacon
Host-Name
Cneonction
FSS-Proxy
User-Agent
X-Fastly-Cache-Status
Xkey-G-Jp
X-Env
X-Fastly-Cache
X-Request-Url