Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
Cf-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Permissions-Policy
Server-Timing
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-Iinfo
X-FRAME-OPTIONS
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-Content-Security-Policy
X-CONTENT-TYPE-OPTIONS
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
X-XSS-PROTECTION
X-AspNetMvc-Version
Access-Control-Max-Age
Accept-Ch
Host-Header
X-Amz-Request-Id
X-Age
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Request-ID
Keep-Alive
X-Turbo-Charged-By
X-Rq
X-AH-Environment
X-Amz-Version-Id
X-Cache-Group
X-Vhost
X-Dispatcher
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
X-UA-Device
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Grace
X-Server-Powered-By
X-Pingback
X-Dns-Prefetch-Control
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Litespeed-Cache
Ali-Swift-Global-Savetime
X-Node
X-FTR-Request-ID
X-Device
EagleEye-TraceId
X-Host
X-Server-Id
X-Cache-Lookup
X-Backend-Server
X-Country-Code
X-LiteSpeed-Cache
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Ruxit-JS-Agent
X-HW
X-Response-Time
Cache-Tag
X-Amz-Server-Side-Encryption
Content-Location
P3p
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Nginx-Upstream-Cache-Status
X-Trace
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
Fastly-Restarts
X-Content-Type
X-Clacks-Overhead
X-Application-Context
X-TtlSet
X-PC
X-Vname
Rating
X-Times
X-Country
X-Cnection
X-Ua-Device
X-ESI
X-Midtier
X-Mcache
X-Edge
X-Browser-Type
X-FTR-Backend
X-Cache-TTL
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Vcap-Request-Id
X-FTR-Expires
X-Ac
Origin-Trial
Surrogate-Key
Edge-Control
X-FastCGI-Cache
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Element-Page-Cache
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Abt-Application-Version
X-Kinja-Build
X-D2id
X-Nf-Request-Id
X-NWS-LOG-UUID
Verso
X-Upstream
X-ECACHE
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-Navigation-Version
X-Amz-Rid
X-B3-TraceId
Nginx-Cache
X-Pinterest-Rid
X-Sol
X-Middleton-Display
Pagespeed
Display
Pinterest-Version
Pinterest-Generated-By
X-GitHub-Request-Id
Akamai-GRN
X-Language
Response
X-Middleton-Response
X-Envoy-Decorator-Operation
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Client-IP
S
X-Ratelimit-Limit
AR-PoweredBy
AR-Request-ID
Edge-Cache-Tag
X-Oneagent-Js-Injection
AR-ATIME
X-MS-InvokeApp
X-Goog-Hash
X-Resp-Is-Stale
X-ARC
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ser
X-Url
X-Distributor
SPIisLatency
SPRequestDuration
X-SharePointHealthScore
SPRequestGuid
X-Content-Digest
X-Cache-Key
Access-Control-Request-Method
X-NGENIX-Cache
Front-End-Https
X-Ezoic-Cdn
X-Dw-Request-Base-Id
X-Shield-Request-Id
X-Recruiting
RTSS
X-Amzn-Trace-Id
X-Varnish-TTL
Cache-Status
X-Powered-CMS
X-Version
X-Ruxit-Js-Agent
Public-Key-Pins
X-Ttl
X-T
X-Mg-S
X-MSEdge-Ref
TP-Cache
Fastcgi-Cache
X-Accel-Expires
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Daa-Tunnel
X-Forwarded-For
X-Ismobilevalue
X-Correlation-Id
Realpath
X-Cluster-Name
X-Fastly-Request-ID
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-Ua-Browser
X-Content-Security-Policy-Report-Only
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Payment
X-Newrelic-App-Data
Content-MD5
X-TTL
X-DIS-Request-ID
X-Server-Name
X-GUploader-UploadID
X-RateLimit-Remaining
X-CST
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-HS-Prerendered
X-HS-CF-Cache-Status
X-Cambria-Cache-Control
Content-Disposition
X-Azure-Ref
X-Ratelimit-Remaining
X-Amz-Replication-Status
X-Xrds-Location
Count-Hit
X-Webkit-Csp
YJS-ID
X-ORACLE-DMS-ECID
X-Px
Cleartype
X-Page-Id
Accept-Charset
Cross-Origin-Embedder-Policy
X-Unique-Id
X-Ratelimit-Reset
X-SRCache-Store-Status
X-FB-Debug
X-Proxy
Cross-Origin-Resource-Policy
X-Rid
X-Logged-In
X-SRCache-Fetch-Status
X-Origin-Server
X-Git-Hash
X-Az
X-AppVersion
X-Activity-Id
X-Protected-By
Ar-SID
X-Www-Served-By
X-VARITI-CCR
X-SERVER-NAME
X-Microsite
X-Request-Handler-Origin-Region
X-Template
X-Goog-Metageneration
X-LLID
X-Load-Cache
X-Varnish-Backend
MicrosoftSharePointTeamServices
X-Amz-Meta-S3cmd-Attrs
X-PressLabs-Stats
Version
X-Request-Device-Id
X-Forwarded-Proto
Server-Node
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Upgrade-Enabled
X-URL
X-Geo-Country
Server-Name
X-Hits
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Hostname
X-COUNTRY
X-Content-Options
X-B3-Sampled
X-Frontend
X-Varnish-Grace
Section-Io-Cache
Viewport
X-TT
X-App-Server
X-Varnish-Server
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Meli-Trace-Platform
X-Device-Type
X-Fb-Rlafr
X-Meli-Trace-Bu
X-Meli-Trace-Site
Fastly-SIE
X-B
X-Grace
Alternate-Protocol
Fastly-SWR
Access-Control-Allow-Method
X-Status
TCN
Healthy
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-Request-Guid
X-Magnolia-Registration
Host
Amp-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-CSRF-Token
X-Buckets
X-Amzn-Remapped-Content-Length
X-Contextid
X-Varnish-Ttl
Retry-After
X-Debug
MS-Author-Via
X-Cache-Control
X-Cache-Age
AKAMAI-GRN
X-NF-Request-ID
X-Revision
X-Type
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Response-Served-From
X-Instance
X-Original-Request-Id
X-Seen-By
SD-X-WS
X-Hl-Ver
X-Adobe-Loc
X-N
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
X-Adobe-Content
X-NYM-Debug-Backend
X-Is-Bot
X-Tumblr-User
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Version
X-Rendered-As
X-Yottaa-Optimizations
X-ProcessESI
X-Yottaa-Metrics
X-RemovedCookies
X-Akamai-Edgescape
Section-Io-Id
Access-Control-Request-Headers
X-Backend-Name
X-Lambda-Id
X-Debug-IsPreview
X-G
X-Debug-IsConnected
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-INCAP-ABP
X-Mobile
X-Mg-Request-UUID
X-ServerID
Charset
X-Content-Powered-By
X-Trace-Id
X-Framework
X-Storage
Frame-Options
MS-CV
X-Origin-TTL
Ms-Operation-Id
X-Akamai-Request-ID2
X-RM-Cache-TTL
X-Server-W
X-RTag
X-Origin-CC
X-DataDome
NGB
X-Dc
X-Vcl-Version
X-AB
X-Cache-Status-Check
X-Wormhole-Sdk
AR-SID
X-Cache-Hit
X-Oracle-Dms-Ecid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Filterid
X-Cache-Time
Accept-Language
X-Request-Platform
Refresh
X-Request-Bu
Cache
X-Request-Site
X-Server-ID
X-Requestid
X-Time
SRV
X-HITS
Webserver
X-Real-IP
X-Node-Name
Paypal-Debug-Id
X-Region
X-B3-SpanId
Onion-Location
Protected
CDN-RequestId
X-Ms-Version
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Ms-Request-Id
X-VC-Cache
X-CCDN-CacheTTL
X-User-Agent
X-F-Cache
Liferay-Portal
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-LB-Cache
X-Whom
X-Datadog-Trace-Id
X-IPS-LoggedIn
X-WP-CF-Super-Cache-Active
X-Rocket-Nginx-Serving-Static
X-Datadog-Sampling-Priority
X-Pass-Why
X-Datadog-Parent-Id
Priority
X-Datadog-Sampled
Backend
Xet-Cookie
X-Mode
X-L-Path
X-Environment-Context
GEO-INFO
X-XRDS-Location
X-HTML-Minification-Powered-By
OT-Force-Account-Verify
X-Service
X-Tb
X-Handled-By
X-Rule
X-Proxy-Cache-Info
X-Drupal-Cache-Tags
X-Fastcgi-Cache
X-Yandex-Req-Id
LB
X-Wix-Request-Id
X-MP-GENERATED-AT
X-App-Environment
X-Zipkin-Id
Fastcgi-Useragent
X-Loop
X-Extlb
X-UPSTREAM-Address
X-Proxied
X-Cloudmap
X-Tncms
X-Tcp-Rtt
ServerID
X-Browser-Name
Url
Web-Mar-Node
X-Cacheable-TTL
X-Vcache
X-Is-Desktop
Filters
X-SaId
X-Is-Mobile
Country
X-Rewrite-Enabled
X-Rn-Rsrv
X-Servername
X-Adobe-Source
X-Is-Tablet
X-Detected-As
Meta-Geo
X-JoinUs
X-Routing-Service
X-Is-Supported-Browser
X-Geo-Region
X-Storefront-Renderer-Rendered
X-Restarts
Expiry
X-Redis-Cache
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
Uber-Trace-Id
X-Cms-Context
TWC-Device-Class
X-Shopify-Stage
ServedBy
X-Skip-Cache
X-Connection-Hash
X-IPLB-Instance
X-IPLB-Request-ID
TWC-Connection-Speed
X-Director
Atl-Traceid
Property-Id
TWC-GeoIP-LatLong
TWC-GeoIP-DMA
X-Cache-Host
X-Locale
TWC-GeoIP-Region
X-Origin-Date
Webcakes-Region
X-Origin-Hint
X-Hit
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-City
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Logging-Id
X-FW-Server
X-FW-Static
X-Cdn-Origin
X-FW-Version
X-FW-Type
Webcakes-App-Version
X-Hosted-By
X-Forwarded-Host
X-Generation-Time
X-Varnish-Beresp-Grace
X-Format
TWC-Privacy
Webcakes-App-Name
X-Alternate-Cache-Key
X-Web-Node
X-Cache-Action
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Httpd
X-Soup
X-Cluster-Node
X-Endurance-Cache-Level
Mn-Server-Ip
X-BYPASS-REASON
X-Debug-Info
X-ProxyCache-Key
X-ProxyCache-Status
X-Cluster
X-Edge-Location
Environment
Apigw-Requestid
X-SayCDN-TTL
X-Scope-Id
X-Say-Cacheable
X-Say-TTL
X-FB-TRIP-ID
X-S
X-PHP-Host
X-Served-From
X-Urbn-Context-Path
YJS-CacheStatus
X-Urbn-Site-Id
Locale
X-Labrador-Cache-Channel
X-Drupal-Cache-Contexts
X-Origin
Selected-Fe
Cache-Hits
X-Proxy-Build
X-Auth-Group-Type
X-Fetched-On
X-Timing-Wait
X-VC
DB-Nickname
X-ECache
X-Origin-Cache
X-Mly-Id
X-Is-Modern-Browser
X-RCS-CacheZone
X-No-Session
X-VCT
X-R9-Blue-Green-Version
X-Sorting-Hat-ShopId
X-GEO
X-B3-Traceid
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Cache-Debug
Front
X-WP-CF-Super-Cache-Cookies-Bypass
X-Webkit-CSP
X-Varnish-Cache-Hits
X-Varnish-Age
X-CDN-Forward
X-Provided-By
X-NewRelic-App-Data
Node
X-Api-Version
Xserver
Countrycode
X-UA
X-Is-Mobile-Only
X-Varnish-Beresp-Ttl
X-SRV
X-Platform
X-CLOUD-TRACE-CONTEXT
X-TA-CDN-Provider
WPO-Cache-Status
X-Generated-By
Cache-Tv-Group
X-Lagoon
X-CACHE-AGE
X-Source
X-CDN-Cache-Status
X-Site-Version
X-Webstats-RespID
X-Presslabs-Stats
X-Azure-Ref-OriginShield
From-Origin
Referer-Policy
Cache-Provider
X-Cdn
X-B-Cache
X-Accel-Version
X-Signature
X-Ua
X-Tt-Logid
X-NWS-UUID-VERIFY
X-VC-TTL
X-Optimistic-Header
X-Tx-Id
X-Xfnlog-Site
X-PHP-Backend
Location
X-Cache-Rule
Request-ID
CF-IPCountry
X-Cache-Operation
X-Sucuri-Cache
X-Worker
X-IsAdmin
X-Tb-Optimization-Total-Bytes-Saved
CDN-RequestPullCode
X-Reqid
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-PullZone
CDN-Uid
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
WPO-Cache-Message
AMP-Access-Control-Allow-Source-Origin
X-Cache-Aspx
X-Developer
X-Ig-Origin-Region
X-Ig-Push-State
X-Destination
Lang
DCR-Processing-Time-Ms
Meta-Geo-Continent
X-D
X-BCube-Filmed-By
X-Node-Id
X-Old-Content-Length
Ngx.Var.Host
DCR-Decision-By
X-Micro-Cache
X-Depends
Log-Origin
X-HS-Content-Campaign-Id
X-Bl-Debug
MD5-Digest
X-Loc
Cluster
X-GeoCode
X-External-Request-Id
Expect-Staple
X-Content-Age
X-Contensis-Viewer-Groups
Apple-News-Services-Request-Url
X-Fmm-Version
X-Ee-Request-Id
X-Ee-Request-Date
Candidate-Md5Url
X-Ec-Fail
X-Ec-GeoHdr
X-Ee-Generated-By
X-Ee-Origin
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Cdnsip
Cdncip
X-Cms-Device
X-Clientip
X-Cache-NE
X-GeoCountry
X-Core-Value
X-Forwarded-Site
Apple-News-Services-Handled
Fastly-SSL
Fl-Custom-Application
X-Conf
Host-ID
X-Request-URI
X-Aed
X-Varnish-Authentication
RNT-Machine
RNT-Time
X-Varnish-Hostname
X-Varnish-Director
X-A-Dgt
X-AK-Request-ID
X-SRCache-Key
X-A-Dcw
Redirect-Candidate
Rendered-Blocks
Time-Cloud-Cache
X-Action
X-Vary-Devices
Xc-Version
X-A-Wwc
XM
Sslversion
Store-Cloud-Cache
X-Vtex-Remote-Cache
X-Viewer-Country
X-VG-TLSProxy
X-Vdms-Version
X-Sucuri-ID
X-VG-WebCache
X-Access
X-A-Dam
X-Slack-Shared-Secret-Outcome
X-Req
X-Application
Web-Mar-Region
X-Rocket-Build-Number
X-Rojux
X-Auto-Login
X-B-Cookie
Odigeo-Trace-Id
X-Origin-Expires
Origin
X-PAYTM-SRV-ID
X-PERF
X-S-Cookie
X-Fastly-Request-Id
X-ApacheServer
X-Save-Cache
X-Sigma
X-Sigma-Backend
X-Slack-Backend
X-SD-PageType
X-Section
X-ScT
X-A
X-A-Ccd
X-Air-Pt
X-TT-LOGID
X-Frame-Option
X-LSADC-Cache
X-Csrf-Jwt
X-AB-Test
X-CUA
X-Akamai-Device-Characteristics
X-Block-Status
X-App-Name
X-Date
X-Backend-Instance
X-Bc-Bl
X-Bug-Bounty
X-CGP
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-BBC-Edge-Cache-Status
X-Amz-Storage-Class
X-Accel-Expires-Debug
X-Ion-Hop
X-UA-Device-Type
X-Thinkindot-L3
X-Up
X-Uri
X-Varnish-CookieHashed-On
X-Varnish-Beresp-Status
X-Thinkindot-L1
X-Sn-Servicetimems
X-Pubstack
X-Policy
X-Region-Sid
X-Render-Time
X-Shield-Cache-Expires
X-SB
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-GeoIP-City
X-From
X-Hash
X-Org
X-V-Cache
X-SIPLIST1
Wxu-Next-Region
Wxu-Next-Hostname
X-Via-Fastly
X-VarnishDD-TTL
X-We-Are-Hiring
IsBot
Wxu-Next-Commit
N-Cache
X-Path
X-Origin-Time
X-Gdpr
X-FC-Vary-Parameters
X-Gen-Mode
X-Generated-On
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Fastly-Backend
X-Eu-Site
X-DefElseHash
X-Debug-Cache-Store
X-DefHash
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Ec-Custom-Error
X-GoCache-CacheStatus
X-HN
X-Moov-T
X-Men
X-Moov-Xdn-Caching-Status
X-Moov-Xdn-Version
X-Op-Id-All
X-Nyt-Route
X-Level-Front-Cache
X-Jungle-Id
X-Human
X-Hnp-Log
X-Internal-TTL
X-Ion-Healthy
V-Age
X-Debug-Cache-Fetch
X-Content-Length
Nord-Request-ID
Cmsid
Cmstype
Origin-Agent-Cluster
Origin-CC
CDCHOST
PFcat
L5d-Success-Class
L
Gannett-Cam-Experience-Id
DSUID
Gh-Request-Id
Ha-Gx-Prefs
Azure-RegionName
Country-Code
Cache-Contol
Origin-EX
ServerName
Azure-SlotName
Azure-InstanceId
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
Azure-Version
Req-Svc-Chain
RewriteTeamHook
User-Cache-Control
Azure-SiteName
RewriteTestHook
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-SVT-ORM-VERSION
X-Esi-Check
X-Server-IP
X-Proto
X-SVT-ORM-RULES
Source
X-Thanos
Cdn-Host
CacheControlHeader
X-Edge-Server
X-Mvc-Supplant-Cachable
X-DPWN-IS-SECURE
Click-Count-Error
Click-Count-Action-Start
Cdn-Request-Time
X-Gzip
C-Via
X-Wikidot-Backend
X-Cache-Date
X-Gamma-Serve
Release
Producers
Platform
Origin-Site
X-NMSegId
X-Vmg-Version
Tube-Return
Pragrma
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
NM-Fastcgi-Cache
X-B3-Trace-ID
X-Cache-Id
X-Wikidot-Static-Cache
X-Vercel-Id
X-CacheTTL
We-Hiring
X-Vercel-Cache
Fastly-Backend-Name
X-Cache-FS-Status
Content-Script-Type
Content-Style-Type
X-Bip
Mail-Subject
Machine
Fastly-GeoIP-CountryCode
X-Parent-Response-Time
Fastly-Drupal-HTML
X-Location
X-Litespeed-Cache-Control
X-Mvc-Supplant-OutputCached
X-ZONE
X-Proxied-Request
X-ElasticPress-Query
Canary
X-Origin-Response-Time
Powered-By
Sid
S-Rt
X-Upstream-Ct
X-Pad
X-Upstream-Ht
X-NGINX-Cache
Vix-Hermes-Req-Id
Debug
X-Cs
X-Cached-By
CloudFront-Viewer-Country
Pics-Label
NGX
X-ND-Cache
X-Refresh
Mime-Version
X-Litespeed-Tag
X-Nananana
X-Via-Popn
X-TH-Server
X-Via-Popv
X-Via-Poph
Product
HA-Ipaddr
X-APP
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
X-HA-Backend
GeoIP-Latitude
X-FORWARDED-FOR
X-Client-Ip
Cookie
X-Varnish-Hits
X-Cache-VC
Server-ID
X-AIR-PT
X-User
Edge-Cache
X-Datadome
GeoIp-Country-Code
X-DynaTrace-JS-Agent
X-Nc
X-Fpc
X-LB-ID
X-GeoIP
X-Wa
X-Srv
X-Nginx-Cache
MIME-Version
X-Cdn-Forward
X-Nginx-Cache-Key
X-Debug-Service
X-B3-Parentspanid
X-LB-NoCache
SID
True-Client-Country-4JS
Load-Balancing
Sever-Int
Akamai-Mon-Iucid-Del
HostName
Server-Ext
DataCenter
WZWS-RAY
Server-Hostname
X-Zone
Resin-Trace
X-Scheme
X-Unity-Cache
Show-Do-Not-Sell-Link
Surrogated-Key
X-Request-Start
Cdn
X-VCL-Version
Fastly-Drupal-Html
X-Cache-Backend
X-B3-Spanid
X-Vc
X-CS
Traceparent
Tcn
X-LiteSpeed-Cache-Control
X-Newrelic-Synthetics
X-Lsadc-Cache
Lb
Sm-Log-Id
Wsr-Cache
X-Pool
X-Service-Response-Time
X-NodeID
X-Request-Host
N1-Cache
X-RequestId
Yjs-Id
X-Cache-Grace
X-Vgn-Hpd-Reason
X-Datacenter
X-DynaTrace
NtCoent-Length
X-Ez-Minify-Html
Yak-Timeinfo
X-LiteSpeed-Tag
X-DataCenter
X-HOST
X-HubSpot-Correlation-Id
X-TX-ID
X-CDN-Provider
Serverhost
Hostname
X-Proxy-CacheR9
Datacenter
Edge-Copy-Time
X-Udemy-Cache-App-Namespace
X-Via-CDN
Xkey-La3
Xkeylog
X-Via-Edge
X-RateLimit-Limit
X-Proxy-Cache-La3
X-Via-SSL
XkeyR9
X-API-Version
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-Geolocation
X-Zen-Fury
X-Html-Minification-Powered-By
X-WA
CDN
Cdn-Requestid
A
X-Dynatrace-Js-Agent
CountryCode
X-Akamai-Pragma-Client-IP
X-Lb-Id
X-FPC
X-ID
X-NC
X-Jobs
X-Fastly-Backend-Reqs
Req-ID
Cs
X-Via-JSL
WP-Super-Cache
X-Stale
True-Client-IP
GeoIP-Country-Code
Uri
Esi-Enabled
X-Cdn-Srv
Server-Id
T-Server
X-Srcache-Fetch-Status
X-VTEX-Cache-Server
Proxy-Firewall
X-VC-Age
X-Powered-By-VTEX-Cache
X-TimeS
X-Srcache-Store-Status
RATING
X-VTEX-Cache-Time
Geoip-Latitude
X-Ez-Minify-Js
On-Server
X-HA-Device-Type
Srv
X-Varnish-Beresp-TTL
X-Styx-Info
X-ServedByHost
X-Lb-Nocache
Pramga
From-Cache
X-App
Cr
ServerHost
X-Styx-Origin-Id
X-HA-Application-Name
X-HA-Bot-Classification
X-LAGOON
X-Swift-Error
WebServer
X-Oracle-DMS-ECID
Coldstone-Viewer-Country
Coldstone-Viewer-Currency
X-WA-Info
X-MSEdge-Features
X-MSEdge-Flight
Cloudfront-Viewer-Country
X-Ha-Backend
X-CSRF-TOKEN
Coldstone-Viewer-Country-Region-Name
X-Var-Ttl
Content-Secure-Policy
X-TIM-N
X-Webkit-Csp-Report-Only
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Ssense-Shipping-Surcharge-Enabled
X-Via-PopH
X-Ssense-Gql
FSS-Cache
W
X-Correlation-ID
Ngx
X-Via-PopV
X-Fastly-Cache
X-Via-PopN
X-Geo
X-Elasticpress-Query
X-Cdn-Cache-Status
X-Sorting-Hat-Shopid
X-Check-Cacheable
X-Web-Server
BehaviorPad-Version
X-Ramcache
X-Shopid
Cl-Cache
X-Proxy-Cache-LA2
X-Sorting-Hat-Podid
X-Shardid
X-Th-Server
X-DC
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Request-Url
X-Serial
X-Sucuri-Id
X-Wp-Cf-Super-Cache-Active
Akamai-X-True-TTL
X-ATG-Version
Cf-Ipcountry
X-Key
X-Nitro-Cache
URI
User-Agent
Xkey-G-Jp
Cneonction
FSS-Proxy
Bxuuid
Bxpunish
X-Cache-TTL-Remaining
X-Request-Time
X-Fastly-Cache-Status
X-Env
My-App
X-Mg-Cache
Host-Name
X-Fastly-Cache-Hits