Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
X-Frame-Options
Expires
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Accept-CH
Last-Modified
X-XSS-Protection
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Alt-Svc
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
Cf-Request-Id
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
Access-Control-Allow-Credentials
CF-Ray
Accept-CH-Lifetime
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Server-Timing
Permissions-Policy
X-Drupal-Cache
X-Generator
X-Envoy-Upstream-Service-Time
X-Cache-Status
X-Ua-Compatible
X-Cacheable
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
Timing-Allow-Origin
Feature-Policy
X-CONTENT-TYPE-OPTIONS
X-Content-Security-Policy
Xkey
Upgrade
Access-Control-Expose-Headers
Content-Encoding
X-CDN
X-XSS-PROTECTION
Status
X-AspNetMvc-Version
Accept-Ch
Access-Control-Max-Age
X-Request-ID
Host-Header
X-Age
X-Amz-Request-Id
X-Amz-Id-2
Request-Context
Cf-Edge-Cache
X-Backend
X-Robots-Tag
X-Hacker
X-Via
Cf-Apo-Via
X-Turbo-Charged-By
X-Rq
X-Amz-Version-Id
X-Vhost
Keep-Alive
X-AH-Environment
X-Dispatcher
X-Cache-Group
X-UA-Device
X-Server
X-Proxy-Cache
EagleId
X-Ws-Request-Id
CONTENT-SECURITY-POLICY
X-OneAgent-JS-Injection
X-Varnish-Cache
Pantheon-Trace-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
P3p
Grace
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Pingback
Allow
X-Page-Speed
X-WebKit-CSP
X-Swift-CacheTime
X-Swift-SaveTime
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Ali-Swift-Global-Savetime
X-Litespeed-Cache
X-FTR-Request-ID
X-Node
X-Device
EagleEye-TraceId
X-LiteSpeed-Cache
X-Host
X-Cache-Lookup
X-Backend-Server
X-Country-Code
Surrogate-Control
X-Server-Id
X-Ruxit-JS-Agent
X-Readtime
X-Akam-SW-Version
Cf-Railgun
X-Cloud-Trace-Context
X-HW
X-Response-Time
Cache-Tag
Content-Location
X-Amz-Server-Side-Encryption
Cross-Origin-Opener-Policy
X-Rack-Cache
X-Trace
X-Nginx-Upstream-Cache-Status
Service-Worker-Allowed
X-Nginx-Cache-Status
Request-Id
X-TraceId
X-Country
Fastly-Restarts
X-Clacks-Overhead
X-Content-Type
X-TtlSet
X-PC
X-Vname
X-Application-Context
X-Times
Rating
X-Cnection
X-Browser-Type
X-ESI
X-Cache-TTL
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-Midtier
X-Mcache
X-Edge
X-Vcap-Request-Id
Surrogate-Key
X-FTR-Expires
Accept-Ch-Lifetime
Origin-Trial
X-Ac
Edge-Control
X-Powered-By-Plesk
X-D2id
X-Abt-Application-Version
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Element-Page-Cache
X-NWS-LOG-UUID
Verso
X-Upstream
X-FastCGI-Cache
X-B3-TraceId
X-Nf-Request-Id
X-ORACLE-DMS-RID
X-Navigation-Version
X-Amz-Rid
Nginx-Cache
X-Mod-Pagespeed
X-Sol
X-Middleton-Display
Pagespeed
Display
Pinterest-Generated-By
Pinterest-Version
X-GitHub-Request-Id
X-Pinterest-Rid
X-ECACHE
X-Client-IP
X-Language
X-Middleton-Response
Response
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Envoy-Decorator-Operation
X-Ua-Device
S
Edge-Cache-Tag
X-Goog-Hash
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Resp-Is-Stale
X-MS-InvokeApp
X-ARC
X-Url
X-Ratelimit-Limit
Akamai-GRN
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ser
X-Distributor
X-Content-Digest
SPIisLatency
SPRequestDuration
SPRequestGuid
X-SharePointHealthScore
Access-Control-Request-Method
X-Cache-Key
X-Ezoic-Cdn
X-Dw-Request-Base-Id
Front-End-Https
X-Recruiting
X-NGENIX-Cache
X-Shield-Request-Id
RTSS
X-Amzn-Trace-Id
Cache-Status
X-Powered-CMS
X-Version
Public-Key-Pins
X-Ttl
X-Forwarded-For
X-T
X-Mg-S
X-MSEdge-Ref
Fastcgi-Cache
TP-Cache
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Daa-Tunnel
X-Varnish-TTL
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Correlation-Id
X-Ismobilevalue
Realpath
X-Server-Name
X-Cluster-Name
Cache-Tags
X-Cached
X-Id
AR-CACHE
X-Newrelic-App-Data
X-Fastly-Request-ID
X-CST
X-HS-Combine-CSS
X-Request-Received
X-Request-Processing-Time
Payment
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Content-Security-Policy-Report-Only
X-RateLimit-Remaining
X-DIS-Request-ID
Content-MD5
X-Ua-Browser
X-Xrds-Location
X-GUploader-UploadID
X-ORACLE-DMS-ECID
X-TTL
X-Oneagent-Js-Injection
X-Cambria-Cache-Control
X-HP-Trace-Id
X-HS-Prerendered
X-HS-CF-Cache-Status
X-HP-Webp
X-Jurisdiction
Content-Disposition
X-Webkit-Csp
Count-Hit
X-Azure-Ref
X-Amz-Replication-Status
X-Ratelimit-Remaining
X-Ruxit-Js-Agent
X-Px
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Page-Id
X-PressLabs-Stats
X-Ratelimit-Reset
Cross-Origin-Resource-Policy
X-Logged-In
Accept-Charset
Cleartype
X-Protected-By
X-Git-Hash
X-Az
X-Activity-Id
X-Microsite
X-Proxy
X-Unique-Id
X-Request-Handler-Origin-Region
X-FB-Debug
X-AppVersion
X-Rid
X-Origin-Server
X-Load-Cache
X-Www-Served-By
X-VARITI-CCR
Cross-Origin-Embedder-Policy
X-Hits
X-LLID
X-Goog-Metageneration
X-Varnish-Backend
YJS-ID
X-Template
MicrosoftSharePointTeamServices
X-Amz-Meta-S3cmd-Attrs
Server-Node
Version
X-Forwarded-Proto
Server-Name
X-Geo-Country
Ar-SID
X-Upgrade-Enabled
X-Amz-Apigw-Id
X-Amzn-RequestId
X-SERVER-NAME
X-Hostname
X-Frontend
AKAMAI-GRN
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Content-Options
Section-Io-Cache
X-Varnish-Server
X-URL
X-TT
X-App-Server
X-Varnish-Grace
X-Status
Viewport
Mrf-Cache-Status
X-Request-Device-Id
MRF-Tech
X-B3-TraceId-Primal
X-Device-Type
X-B3-Sampled
X-B
Fastly-SWR
Fastly-SIE
Alternate-Protocol
X-Fb-Rlafr
X-Grace
Access-Control-Allow-Method
X-Varnish-Ttl
X-Server-ID
X-Goog-Stored-Content-Length
X-Goog-Generation
TCN
X-NF-Request-ID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Upgrade-Insecure-Requests
Healthy
X-Request-Guid
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Magnolia-Registration
Host
X-Cache-Age
X-WebKit-CSP-Report-Only
Amp-Access-Control-Allow-Source-Origin
X-CSRF-Token
X-Buckets
DC
X-EdgeConnect-Cache-Status
Retry-After
X-Wormhole-Sdk
X-Amzn-Remapped-Content-Length
X-Debug
X-Meli-Trace-Bu
X-Meli-Trace-Platform
X-Meli-Trace-Site
X-Contextid
X-Cache-Control
X-Fastcgi-Cache
AR-SID
MS-Author-Via
X-Revision
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Original-Request-Id
X-WP-CF-Super-Cache
X-Response-Served-From
X-WP-CF-Super-Cache-Cache-Control
X-Yottaa-Optimizations
X-Seen-By
X-Rendered-As
X-Yottaa-Metrics
X-Instance
X-UUID
X-Is-Bot
X-Origin-CC
X-Origin-TTL
X-Adobe-Loc
X-Vcl-Version
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy-Report-Only
X-Adobe-Content
X-NYM-Debug-Backend
X-G
Section-Io-Id
X-Backend-Name
X-COUNTRY
Access-Control-Request-Headers
X-Akamai-Edgescape
X-Hl-Ver
X-Type
SD-X-WS
Charset
X-Mg-Request-UUID
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Content-Powered-By
X-Debug-IsConnected
X-Debug-IsPreview
X-Trace-Id
X-Tumblr-User
X-ServerID
X-Framework
X-Tumblr-Pixel-1
X-Mobile
X-Lambda-Id
X-Cache-Hit
NGB
X-Storage
Ms-Operation-Id
X-RTag
MS-CV
X-RM-Cache-TTL
X-Dc
X-Akamai-Request-ID2
X-AB
X-RemovedCookies
X-N
X-INCAP-ABP
X-Server-W
X-ProcessESI
X-Request-Platform
X-DataDome
X-Request-Site
X-Request-Bu
X-Cache-Status-Check
X-Cache-Time
Frame-Options
Filterid
Refresh
VIX-Pulpo-Node
X-App-Version
X-Time
VIX-Pulpo-Upstream-Status
Cache
Protected
Accept-Language
X-Real-IP
X-Region
X-B3-SpanId
X-Node-Name
Webserver
CDN-RequestId
Paypal-Debug-Id
SRV
Onion-Location
X-User-Agent
X-Hcs-Proxy-Type
X-Ms-Request-Id
X-Ms-Version
X-ECache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-CLOUD-TRACE-CONTEXT
Cross-Origin-Window-Policy
Liferay-Portal
X-LB-Cache
X-Datadog-Trace-Id
X-Whom
X-Datadog-Parent-Id
X-Datadog-Sampled
X-Datadog-Sampling-Priority
X-VC-Cache
X-F-Cache
X-Cache-Expired-At
X-IPS-LoggedIn
X-HTML-Minification-Powered-By
X-WP-CF-Super-Cache-Active
X-Rocket-Nginx-Serving-Static
Priority
X-Requestid
Backend
OT-Force-Account-Verify
Xet-Cookie
X-Mode
X-Oracle-Dms-Ecid
X-Pass-Why
X-HITS
X-VC
X-Proxy-Cache-Info
X-Tb
GEO-INFO
X-Cacheable-TTL
X-L-Path
X-App-Environment
X-Service
X-Environment-Context
X-JoinUs
X-Adobe-Source
X-Endurance-Cache-Level
X-Loop
X-Is-Desktop
Filters
ServerID
X-UPSTREAM-Address
X-Tncms
X-Geo-Region
X-MP-GENERATED-AT
X-Tcp-Rtt
X-Browser-Name
X-Is-Tablet
X-SaId
X-Rn-Rsrv
X-Vcache
X-Drupal-Cache-Tags
X-Handled-By
Meta-Geo
X-Rewrite-Enabled
Fastcgi-Useragent
X-Is-Mobile
X-Is-Supported-Browser
X-Debug-Info
X-Detected-As
X-FW-Server
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Dynamic
X-FW-Version
X-Varnish-Beresp-Grace
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Generation-Time
X-Cache-Host
X-Servername
Web-Mar-Node
X-IPLB-Request-ID
X-IPLB-Instance
X-Wix-Request-Id
X-Web-Node
Url
X-Origin-Date
X-Cdn-Origin
X-Rule
X-Locale
X-Director
Atl-Traceid
X-Shopify-Stage
Country
X-Hosted-By
X-Logging-Id
X-Restarts
Apigw-Requestid
TWC-Device-Class
TWC-GeoIP-City
TWC-GeoIP-DMA
TWC-GeoIP-Country
X-Httpd
X-Say-TTL
X-Redis-Cache
ServedBy
X-Forwarded-Host
X-Cms-Context
X-Skip-Cache
Property-Id
TWC-Connection-Speed
Uber-Trace-Id
Webcakes-App-Name
X-ProxyCache-Status
TWC-GeoIP-LatLong
X-Cache-Action
X-Scope-Id
Environment
X-Say-Cacheable
X-SayCDN-TTL
LB
X-BYPASS-REASON
X-ProxyCache-Key
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Region
X-Soup
Webcakes-Region
X-Origin-Hint
X-Format
X-Drupal-Cache-Contexts
X-Edge-Location
X-Cloudmap
X-Cluster
X-FB-TRIP-ID
X-Cluster-Node
X-Zipkin-Id
X-Proxied
X-Labrador-Cache-Channel
X-PHP-Host
X-RateLimit-Remaining-Second
X-Served-From
X-Extlb
X-S
X-Routing-Service
X-Mly-Id
X-RateLimit-Limit-Second
X-Urbn-Site-Id
X-Tumblr-Pixel-3
X-Tumblr-Pixel-2
X-Urbn-Context-Path
X-Fetched-On
X-Origin-Cache
X-R9-Blue-Green-Version
X-Proxy-Build
X-Auth-Group-Type
X-Timing-Wait
X-Origin
Locale
X-Connection-Hash
DB-Nickname
Expiry
X-Hit
Selected-Fe
Cache-Hits
Mn-Server-Ip
Countrycode
X-GEO
X-ShardId
X-ShopId
X-Sorting-Hat-ShopId
X-VCT
X-Sorting-Hat-PodId
X-No-Session
X-Cache-Debug
X-Varnish-Cache-Hits
YJS-CacheStatus
X-RCS-CacheZone
X-Source
X-Varnish-Age
X-Is-Modern-Browser
Front
X-SRV
X-Yandex-Req-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-Lagoon
WPO-Cache-Status
X-Api-Version
Node
X-XRDS-Location
Xserver
X-Provided-By
X-Webstats-RespID
X-Is-Mobile-Only
X-Site-Version
X-Cdn
Cache-Tv-Group
X-UA
X-Generated-By
X-Varnish-Beresp-Ttl
X-Platform
From-Origin
X-Ua
X-B3-Traceid
Referer-Policy
X-Fastly-Request-Id
X-Azure-Ref-OriginShield
X-TA-CDN-Provider
X-Accel-Version
X-NewRelic-App-Data
Cache-Provider
X-CDN-Forward
X-Xfnlog-Site
X-CDN-Cache-Status
X-VC-TTL
X-B-Cache
X-Signature
Request-ID
X-TT-LOGID
X-PHP-Backend
X-NWS-UUID-VERIFY
X-Sucuri-Cache
CF-IPCountry
WPO-Cache-Message
Location
CDN-Uid
AMP-Access-Control-Allow-Source-Origin
CDN-RequestCountryCode
CDN-RequestPullSuccess
X-Reqid
CDN-CachedAt
X-CACHE-AGE
CDN-RequestPullCode
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
X-Cache-Rule
X-Cache-Operation
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-ID
X-Optimistic-Header
X-IsAdmin
X-ScT
X-Cache-Aspx
X-A-Wwc
X-Varnish-Authentication
X-Cache-NE
X-Bl-Debug
X-BCube-Filmed-By
X-Application
X-AK-Request-ID
X-Action
X-Save-Cache
X-B-Cookie
X-Aed
X-Cms-Device
X-Vary-Devices
X-Varnish-Director
X-Vdms-Version
X-Depends
X-Developer
X-Destination
Lang
X-D
X-Conf
X-A-Dgt
X-Contensis-Viewer-Groups
X-Content-Age
X-Core-Value
X-Clientip
X-A-Dcw
Redirect-Candidate
Origin
Rendered-Blocks
Expect-Staple
X-Sigma
X-Slack-Shared-Secret-Outcome
Fl-Custom-Application
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
Ngx.Var.Host
X-Sigma-Backend
X-Slack-Backend
DCR-Processing-Time-Ms
DCR-Decision-By
Candidate-Md5Url
Time-Cloud-Cache
Web-Mar-Region
X-A
X-A-Dam
X-A-Ccd
Cdncip
Cdnsip
RNT-Time
RNT-Machine
X-SRCache-Key
Sslversion
Store-Cloud-Cache
X-Rojux
X-S-Cookie
X-Forwarded-Site
X-Request-URI
X-Air-Pt
X-Fmm-Version
X-VG-WebCache
X-Frame-Option
X-Tx-Id
X-Viewer-Country
X-Loc
X-GeoCountry
X-GeoCode
X-Vtex-Remote-Cache
X-Rocket-Build-Number
X-Micro-Cache
X-External-Request-Id
Xc-Version
X-Ec-Fail
X-Tt-Logid
X-Ec-GeoHdr
X-Ig-Origin-Region
X-Ee-Origin
X-Ee-Generated-By
X-HS-Content-Campaign-Id
X-Old-Content-Length
X-Ee-Request-Id
X-Ee-Request-Date
X-Ig-Push-State
X-Origin-Expires
X-VG-TLSProxy
X-Render-Time
Server-Host
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
X-Ion-Hop
X-Jungle-Id
X-Internal-TTL
X-Ion-Healthy
Thinkindot-CacheControl
TDXMobile
X-Moov-Xdn-Version
Nord-Request-ID
X-Nyt-Route
X-Pubstack
X-Origin-Time
X-Path
Log-Origin
X-Policy
X-Region-Sid
User-Cache-Control
RewriteTeamHook
RewriteTestHook
X-Men
Req-Svc-Chain
X-Moov-Xdn-Caching-Status
X-Moov-T
X-Level-Front-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-From
X-FC-Vary-Parameters
X-Fastly-Backend
X-Bug-Bounty
X-Block-Status
X-Gen-Mode
X-Gdpr
X-Epic-Correlation-Id
X-CUA
X-DefHash
X-Ec-Custom-Error
X-DefElseHash
X-Debug-Cache-Store
X-Date
X-Debug-Cache-Fetch
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
X-Access
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hash
X-Human
X-Hnp-Log
X-GeoIP-Country-Code
X-Aicache-OS
X-Section
X-Backend-Instance
X-Generated-On
X-Auto-Login
X-GeoIP-City
X-App-Name
V-Age
Origin-Agent-Cluster
X-Sn-Servicetimems
Country-Code
X-Up
X-Uri
Azure-Version
DSUID
X-Varnish-Beresp-Status
Host-ID
Azure-SlotName
Cache-Contol
X-Req
X-PAYTM-SRV-ID
X-V-Cache
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-PERF
X-ApacheServer
Cmstype
Cmsid
X-Varnish-Remaining-TTL
Azure-RegionName
Azure-SiteName
X-Thinkindot-L1
X-SD-PageType
X-Worker
Apple-News-Services-Handled
X-UA-Device-Type
X-Node-Id
X-Thinkindot-L3
X-We-Are-Hiring
Apple-News-Services-Host
Gh-Request-Id
X-Varnish-Hostname
Cluster
Azure-InstanceId
Apple-News-Services-Request-Url
XM
Gannett-Cam-Experience-Id
Apple-News-Services-Parsed-Url
Fastly-SSL
X-Presslabs-Stats
L5d-Success-Class
X-B3-Trace-ID
X-Cache-Date
X-Cache-FS-Status
X-Bip
X-Cache-Id
X-Vercel-Cache
X-Gzip
X-Wikidot-Static-Cache
X-LSADC-Cache
X-Via-Fastly
X-Gamma-Serve
X-Wikidot-Backend
X-Vmg-Version
X-NMSegId
X-Org
X-Mvc-Supplant-Cachable
N-Cache
X-Eu-Site
X-Esi-Check
X-Proto
X-Csrf-Jwt
X-Content-Length
X-Dispatcher-Server
X-Amz-Storage-Class
X-DPWN-IS-SECURE
X-Vercel-Id
Sid
X-Edge-Server
X-SB
X-CGP
X-CacheTTL
Platform
Tube-Get-Contents
Cdn-Host
Cdn-Request-Time
Tube-Got-Eval
Origin-Site
Origin-EX
Fastly-Backend-Name
Tube-Got-Results
Click-Count-Action-Start
Pragrma
Fastly-GeoIP-CountryCode
Release
Content-Script-Type
Content-Style-Type
X-SVT-ORM-RULES
ServerName
Producers
Click-Count-Error
X-SVT-ORM-VERSION
X-Server-IP
Tube-Return
X-SIPLIST1
CDCHOST
Ha-Gx-Prefs
L
Mail-Subject
X-Thanos
Machine
IsBot
NM-Fastcgi-Cache
X-Akamai-Device-Characteristics
We-Hiring
Origin-CC
CacheControlHeader
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-LJ-Flow-ID
X-AWS-Id
X-Parent-Response-Time
X-VWS-Id
X-VarnishDD-TTL
PFcat
X-Litespeed-Cache-Control
X-Mvc-Supplant-OutputCached
X-ElasticPress-Query
X-Location
X-Origin-Response-Time
X-AB-Test
C-Via
X-Op-Id-All
X-TH-Server
X-Proxied-Request
X-HN
Source
Canary
X-ZONE
X-Litespeed-Tag
X-Pad
S-Rt
NGX
X-Cs
Debug
Product
Fastly-Drupal-HTML
X-NGINX-Cache
Mime-Version
X-Cached-By
HA-Ipaddr
Powered-By
X-Amz-Meta-Cb-Modifiedtime
Vix-Hermes-Req-Id
X-Refresh
X-CACHE-GROUP
X-Upstream-Ht
X-Cdn-Forward
X-Upstream-Ct
X-Via-Popv
X-ND-Cache
X-Nananana
X-Cache-VC
X-APP
X-Via-Popn
X-Via-Poph
X-Ah-Environment
Pics-Label
CloudFront-Viewer-Country
Cookie
GeoIP-Latitude
X-Datadome
Edge-Cache
X-DynaTrace-JS-Agent
X-Servedbyhost
X-User
X-LB-ID
X-Varnish-Hits
X-HA-Backend
X-Nginx-Cache
X-AIR-PT
Server-ID
GeoIp-Country-Code
X-Webkit-CSP
X-LB-NoCache
HostName
Akamai-Mon-Iucid-Del
X-GeoIP
Surrogated-Key
WZWS-RAY
X-Request-Start
X-Wa
DataCenter
X-Srv
MIME-Version
X-B3-Parentspanid
Fastly-Drupal-Html
X-Nc
X-Fpc
X-Zone
X-Unity-Cache
X-Debug-Service
Resin-Trace
X-Scheme
SID
True-Client-Country-4JS
Server-Hostname
Server-Ext
X-RateLimit-Limit
Sever-Int
X-Nginx-Cache-Key
X-CS
Load-Balancing
Tcn
N1-Cache
X-Request-Host
X-NodeID
X-Pool
Show-Do-Not-Sell-Link
X-RequestId
X-VCL-Version
X-Lsadc-Cache
Cdn
X-Service-Response-Time
X-Cache-Backend
X-Cache-Grace
Sm-Log-Id
Wsr-Cache
X-DynaTrace
Lb
X-TX-ID
X-B3-Spanid
X-FORWARDED-FOR
Yjs-Id
Yak-Timeinfo
NtCoent-Length
X-DataCenter
X-Vgn-Hpd-Reason
Traceparent
X-Newrelic-Synthetics
Edge-Copy-Time
X-Via-SSL
X-LiteSpeed-Cache-Control
X-Via-Edge
X-HOST
X-Via-CDN
X-Datacenter
X-NODE
X-Vc
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Client-Ip
X-WA
X-Zen-Fury
X-Geolocation
CDN
Datacenter
X-API-Version
X-FPC
Cdn-Requestid
X-HubSpot-Correlation-Id
X-NC
X-Fastly-Backend-Reqs
X-CDN-Provider
X-Jobs
Req-ID
X-LiteSpeed-Tag
Hostname
X-ID
Server-Id
X-Proxy-CacheR9
X-Udemy-Cache-App-Namespace
X-Cdn-Srv
Uri
Serverhost
XkeyR9
X-Proxy-Cache-La3
Xkey-La3
Xkeylog
X-Akamai-Pragma-Client-IP
A
True-Client-IP
X-VTEX-Cache-Server
X-VTEX-Cache-Time
WP-Super-Cache
X-Powered-By-VTEX-Cache
X-Dynatrace-Js-Agent
X-Html-Minification-Powered-By
GeoIP-Country-Code
X-Varnish-Beresp-TTL
X-Lb-Id
ServerHost
X-TimeS
X-ServedByHost
Srv
X-Ez-Minify-Js
Proxy-Firewall
Geoip-Latitude
T-Server
On-Server
X-Stale
RATING
X-Webkit-Csp-Report-Only
Cloudfront-Viewer-Country
Esi-Enabled
X-Swift-Error
X-Via-JSL
From-Cache
X-Lb-Nocache
Coldstone-Viewer-Currency
X-WA-Info
Coldstone-Viewer-Country
Coldstone-Viewer-Country-Region-Name
WebServer
CountryCode
X-Oracle-DMS-ECID
X-CSRF-TOKEN
X-Ez-Minify-Html
X-Ha-Backend
X-VC-Age
Cs
X-App
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-LAGOON
FSS-Cache
BehaviorPad-Version
X-MSEdge-Features
Pramga
X-Ssense-Gql
X-Correlation-ID
X-Ssense-Shipping-Surcharge-Enabled
X-MSEdge-Flight
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Fastly-Cache
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Shardid
X-HA-Device-Type
X-Shopid
X-Sorting-Hat-Podid
X-Styx-Info
X-Styx-Origin-Id
X-Geo
X-Sorting-Hat-Shopid
X-HA-Bot-Classification
Content-Secure-Policy
X-Check-Cacheable
Cr
X-Web-Server
X-Cdn-Cache-Status
X-Var-Ttl
Ngx
X-TIM-N
X-HA-Application-Name
X-APP-VERSION
X-Th-Server
X-Proxy-Cache-LA2
X-Elasticpress-Query
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Serial
X-ATG-Version
X-DC
X-Wp-Cf-Super-Cache-Active
X-Request-Url
X-Sucuri-Id
Akamai-X-True-TTL
My-App
X-Request-Time
X-Nitro-Cache
Cf-Ipcountry
User-Agent
Xkey-G-Jp
Cl-Cache
X-Ramcache
W
True-Client-Ip
Bxuuid
X-Mg-Cache
Host-Name
X-Env
FSS-Proxy
Cneonction
X-Cache-TTL-Remaining
X-Fastly-Cache-Hits
X-Fastly-Cache-Status
Bxpunish