Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-Hacker
X-Server
X-AH-Environment
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Allow
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Device
EagleEye-TraceId
Cf-Railgun
X-WebKit-CSP
X-Host
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Country
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Litespeed-Cache
X-Content-Type
X-Trace
X-Clacks-Overhead
Cache-Tag
X-Url
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Mcache
X-Edge
X-Server-Name
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
AR-Request-ID
Accept-Ch
AR-PoweredBy
AR-SID
AR-ATIME
X-Element-Page-Cache
X-GitHub-Request-Id
Edge-Control
X-Ac
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja
Verso
X-D2id
X-MS-InvokeApp
X-Webkit-Csp
X-Cache-TTL
X-Upstream
X-Vcap-Request-Id
X-Ser
X-ECACHE
AR-CACHE
X-Abt-Application-Version
X-FastCGI-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-B3-TraceId
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
Fastly-Restarts
X-Mod-Pagespeed
X-NF-Request-ID
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Client-IP
X-Kinsta-Cache
X-Edge-Location-Klb
X-Mg-S
X-Goog-Hash
Edge-Cache-Tag
X-Powered-CMS
S
X-Middleton-Display
X-ARC
Display
Pagespeed
X-Sol
X-Ratelimit-Limit
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-PDP-UNCACHING-HASH
X-Cache-Key
RTSS
X-Content-Digest
X-Ratelimit-Remaining
X-TraceId
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
Realpath
X-Forwarded-For
X-T
X-Correlation-Id
X-ORACLE-DMS-RID
X-Recruiting
X-Ruxit-Js-Agent
X-TTL
Fastcgi-Cache
X-Cached
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
MS-Author-Via
X-Protected-By
X-Ua-Browser
Content-MD5
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-Frontend
X-Forwarded-Proto
Server-Node
X-Request-Processing-Time
X-Request-Received
MicrosoftSharePointTeamServices
Public-Key-Pins
Payment
TP-Cache
X-LLID
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-PressLabs-Stats
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Aws-Lambda-Call-Status
X-TEC-API-ROOT
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Combine-CSS
X-FTR-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Expires
X-Distributor
X-GUploader-UploadID
Count-Hit
X-Origin-Server
X-Server-ID
X-LB-Cache
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Microsite
X-Request-Handler-Origin-Region
X-AppVersion
X-Activity-Id
X-Az
X-Newrelic-App-Data
Host
X-Varnish-Server
X-Cluster-Name
Cache-Tags
X-Ttl
X-App-Server
Accept-Charset
X-Varnish-Backend
Mrf-Cache-Status
MRF-Tech
X-Www-Served-By
X-Pinterest-Rid
X-B3-TraceId-Primal
Pinterest-Generated-By
X-Amz-Meta-S3cmd-Attrs
Pinterest-Version
X-Content-Security-Policy-Report-Only
Retry-After
Cleartype
Server-Name
X-Ua-Device
X-Goog-Metageneration
X-Hits
Filterid
X-Envoy-Decorator-Operation
X-Unique-Id
X-ASPNET-VERSION
X-Git-Hash
X-Hostname
Access-Control-Allow-Method
X-CSRF-Token
X-Upgrade-Enabled
X-Geo-Country
X-Azure-Ref
X-Load-Cache
Referer-Policy
X-Varnish-Ttl
X-NGENIX-Cache
X-Debug
TP-L2-Cache
X-Logged-In
TCN
X-Seen-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Time
X-FB-Debug
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Proxy
X-Amz-Apigw-Id
X-B3-Sampled
X-Amzn-RequestId
X-Trace-Id
DC
Section-Io-Cache
X-Grace
X-Revision
X-Type
X-B
X-Cache-Control
X-F-Cache
X-TT
X-Id
X-Request-Guid
X-Fb-Rlafr
Healthy
X-DIS-Request-ID
Surrogate-Key
X-Contextid
Viewport
X-XRDS-LOCATION
Paypal-Debug-Id
X-Mobile
X-N
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Generation
X-WP-CF-Super-Cache
X-Goog-Storage-Class
X-Debug-Info
Fastly-SIE
Fastly-SWR
X-Page-Id
X-Px
Content-Disposition
X-Whom
X-Origin-Cache
X-Varnish-Grace
Version
X-Via-JSL
X-Webkit-CSP
X-Content-Options
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Magnolia-Registration
Charset
X-Amz-Replication-Status
X-Wix-Request-Id
X-RemovedCookies
X-Template
X-ProcessESI
X-Cache-Grace
X-App-Environment
X-Tumblr-Pixel-1
X-Tumblr-User
MS-CV
X-Tumblr-Pixel
X-RTag
X-Rule
X-Node-Name
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Cache-Age
X-Oracle-Dms-Ecid
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Source
X-Datadog-Sampled
VIX-Pulpo-Node
X-Yottaa-Metrics
X-G
X-Debug-IsPreview
SD-X-WS
X-Debug-IsConnected
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Environment-Context
X-Signature
ServerID
X-Cacheable-TTL
X-FW-Server
X-Instance
X-Adobe-Content
X-User-Agent
X-Adobe-Loc
X-Storage
X-UUID
X-Region
X-L-Path
X-FW-Type
X-FW-Version
X-Hl-Ver
X-B-Cache
X-FW-Static
X-Backend-Name
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
X-ServerID
X-Real-IP
GEO-INFO
X-Rid
X-Cache-Hit
X-Status
X-Proxy-Cache-Info
X-Rendered-As
X-NYM-Debug-Backend
X-Is-Bot
NGB
X-Device-Type
Country
Countrycode
X-IPS-LoggedIn
Cross-Origin-Window-Policy
SRV
X-Amzn-Remapped-Content-Length
X-Language
X-B3-SpanId
Akamai-GRN
X-URL
Liferay-Portal
X-WP-CF-Super-Cache-Active
Amp-Access-Control-Allow-Source-Origin
X-Wormhole-Sdk
X-RM-Cache-TTL
Front
X-Sucuri-ID
X-Sucuri-Cache
X-Origin-Cache-Key
OT-Force-Account-Verify
X-Framework
X-Ratelimit-Reset
X-Servername
X-Air-Pt
X-Xrds-Location
X-UA
From-Origin
X-Oracle-Dms-Rid
X-VC-Cache
X-AB
X-VC
Xet-Cookie
X-Mode
X-Content-Powered-By
X-Air-Source
Backend
X-Air-Hostname
X-Air-Trace-Id
X-Akamai-Request-ID2
X-RateLimit-Limit
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Refresh
X-Cache-Time
X-DataDome
X-INCAP-ABP
X-Nginx-Cache
X-Handled-By
Accept-Language
X-SRV
X-Endurance-Cache-Level
X-Rewrite-Enabled
X-RCS-CacheZone
X-Xfnlog-Site
X-JoinUs
X-Rn-Rsrv
X-UPSTREAM-Address
Filters
X-RID
Meta-Geo
X-Edge-Location
X-SaId
Webserver
X-Cache-Status-Check
X-LJ-Flow-ID
X-Lambda-Id
X-Labrador-Cache-Channel
Access-Control-Request-Headers
X-Origin-Date
X-Container-Uri
X-Cluster
TWC-Privacy
TWC-Locale-Group
X-Varnish-Age
X-Reqid
X-Generated-By
Cache
X-VWS-Id
X-Routing-Service
X-AWS-Id
X-Cloudmap
X-Webstats-RespID
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
X-Git-Commit
X-No-Session
X-Cache-Operation
X-Origin-Hint
TWC-Connection-Speed
ServedBy
Property-Id
X-Tumblr-Pixel-2
X-Extlb
X-PHP-Host
X-Zipkin-Id
TWC-GeoIP-Country
X-Cache-Rule
X-Proxied
X-Hosted-By
X-Provided-By
TWC-Device-Class
X-Served-From
LB
X-Logging-Id
X-Scope-Id
X-Loop
Section-Io-Id
Mn-Server-Ip
X-Tncms
X-Adobe-Source
X-Redis-Cache
X-Akamai-Edgescape
X-Web-Node
Web-Mar-Node
Url
X-Fetched-On
X-Tb
X-IPLB-Instance
X-Restarts
X-Forwarded-Host
X-R9-Blue-Green-Version
X-Cms-Context
X-HTML-Minification-Powered-By
X-Skip-Cache
X-Locale
X-Site-Version
Apigw-Requestid
X-IPLB-Request-ID
Atl-Traceid
X-Ismobilevalue
Frame-Options
X-Fastly-Request-Id
X-ProxyCache-Status
X-Is-Tablet
X-Format
X-Origin
X-RateLimit-Reset
X-Is-Mobile
X-Is-Supported-Browser
X-Director
X-Ms-Request-Id
X-Frame-Option
X-Cache-Host
X-Browser-Name
X-Tcp-Rtt
X-ProxyCache-Key
X-Ms-Version
X-BYPASS-REASON
Selected-Fe
X-Proxy-Build
X-Cache-Debug
X-Accel-Version
X-Geo-Region
X-Soup
X-Timing-Wait
X-Upstream-Ht
X-Upstream-Ct
X-SayCDN-TTL
X-Httpd
X-VCT
X-Azure-Ref-OriginShield
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Is-Desktop
X-Say-TTL
X-Say-Cacheable
X-Detected-As
X-S
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
Xserver
WPO-Cache-Message
WPO-Cache-Status
X-GeoCode
X-ECache
X-Shopify-Stage
X-GeoCountry
X-Optimistic-Header
X-Vcache
X-ShopId
X-Drupal-Cache-Tags
X-Origin-CC
X-ShardId
X-Origin-TTL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Request-URI
X-Thinkindot-L3
X-CMSURLCustom
X-CDN-Forward
X-Shield-Cache-Expires
X-Generation-Time
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-Control
Cache-Hits
X-Lagoon
X-Api-Version
Source
Onion-Location
Fastcgi-Useragent
X-Drupal-Cache-Contexts
X-Cdn-Origin
X-Connection-Hash
X-Tt-Logid
Expiry
Protected
X-WP-CF-Super-Cache-Cookies-Bypass
X-ID
Cdn-Requestid
X-Vercel-Cache
X-Worker
X-Vercel-Id
X-Buckets
X-TA-CDN-Provider
X-Cache-Expired-At
X-Vcl-Version
X-Mg-Request-UUID
X-Pass-Why
Azure-InstanceId
Azure-SiteName
X-Fastcgi-Cache
X-B3-Traceid
X-Rocket-Nginx-Serving-Static
X-PHP-Backend
Azure-Version
Azure-RegionName
Azure-SlotName
Node
X-GEO
Priority
X-Cache-Action
X-App-Version
Environment
Cross-Origin-Embedder-Policy
Uber-Trace-Id
X-Proxy-Cache-Status
CDN-Cache
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestPullCode
Sid
CDN-RequestPullSuccess
CDN-CachedAt
CDN-Uid
X-Tumblr-Pixel-3
X-Cluster-Node
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-XRDS-Location
X-Cache-Server
X-Server-W
DB-Nickname
Cache-Tv-Group
Alternate-Protocol
X-FB-TRIP-ID
CF-IPCountry
User-Cache-Control
X-Tx-Id
X-Auth-Group-Type
X-Jobs
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
HostName
Fusion-Template-Id
Fusion-Content-Id
X-Service
Sslversion
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Fastly-Backend
X-Gen-Mode
X-Gzip
X-GeoIP-City
X-Ec-Fail
X-Dispatcher-Server
X-Content-Age
X-Conf
X-Custom-Header
X-D
X-Device-Os
X-Developer
X-Hnp-Log
X-Ig-Origin-Region
X-TIM-N
X-SRCache-Key
X-UA-Device-Type
X-V-Cache
X-Vtex-Remote-Cache
X-Vdms-Version
X-ScT
X-SB
X-ND-Cache
X-Ig-Push-State
X-Op-Id-All
X-Org
X-Rojux
X-Origin-Expires
X-Cache-NE
X-Cache-Id
Meta-Geo-Continent
MD5-Digest
Ngx.Var.Host
Odigeo-Trace-Id
Origin-Agent-Cluster
Origin
Magicmarker
Lang
Content-Secure-Policy
Candidate-Md5Url
DCR-Decision-By
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Edge-Cache
Rendered-Blocks
Surrogated-Key
X-Aed
X-A-Wwc
X-Bc-Bl
X-BCube-Filmed-By
X-Block-Status
X-Bl-Debug
X-A-Dgt
X-A-Dcw
Wxu-Next-Hostname
T-Server
Wxu-Next-Region
X-A
X-A-Dam
X-A-Ccd
A
Wxu-Next-Commit
X-LSADC-Cache
X-Pad
X-DC
X-Client-Ip
X-Nf-Request-Id
X-Geo-Header
X-GeoIP
X-Forwarded-Site
X-Gdpr
X-FC-Vary-Parameters
X-Generated-On
X-GeoIP-Country-Code
X-GoCache-CacheStatus
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-NMSegId
X-Nyt-Route
X-Men
X-Loc
X-Fastly-Cache
X-HN
X-HS-Content-Campaign-Id
X-Level-Front-Cache
X-GeoIP-Region-Code
X-Cdn-Srv
Server-Hostname
Sever-Int
Ssr
V-Age
Server-Ext
Req-ID
Origin-EX
PFcat
Powered-By
Vix-Hermes-Req-Id
X-AK-Request-ID
X-Cache-Bucket
X-Cache-Info
X-CacheTTL
X-Origin-Response-Time
X-Bip
X-Backend-Instance
X-Amz-Storage-Class
X-App-Name
X-Auto-Login
X-Clientip
X-Platform
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
Cdn-Host
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-VarnishDD-TTL
X-VG-WebCache
X-Viewer-Country
Cdn-Request-Time
X-Cache-TTL-Remaining
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-Fastly
X-Varnish-CookieHashed-On
X-Req
X-DefElseHash
X-DefHash
X-Edge-Server
X-Varnish-Hostname
X-Varnish-Director
X-Pubstack
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Region-Sid
X-Proto
X-Powered-By-VTEX-Cache
X-PAYTM-SRV-ID
Origin-CC
X-Policy
X-Request-Time
X-Scheme
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Thanos
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SD-PageType
X-Server-IP
X-Sn-Servicetimems
X-Origin-Time
X-Node-Id
AKAMAI
Content-Style-Type
NM-Fastcgi-Cache
Cdnsip
Cdncip
C-Via
Cache-Provider
CDCHOST
Fastly-Backend-Name
Content-Script-Type
Fastly-SSL
Mime-Version
X-Dc
X-MP-GENERATED-AT
X-CUA
Apple-News-Services-Handled
Canary
X-Date
Cache-Key
X-Pool
X-Proxied-Request
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Csrf-Jwt
Apple-News-Services-Parsed-Url
X-NCache
X-Ec-Custom-Error
Tube-Got-Results
X-Hash
DSUID
X-Eu-Site
X-Depends
X-Location
X-Debug-Cache-Store
Fastly-GeoIP-CountryCode
X-Mvc-Supplant-OutputCached
Cluster
X-Debug-Cache-Fetch
X-WA-Info
Click-Count-Action-Start
Click-Count-Error
Country-Code
Adler-Geo
Yak-Timeinfo
X-We-Are-Hiring
X-Acquia-Purge-Cdn-Unconfigured
Esi-Enabled
Is-Eu
RNT-Time
Tube-Get-Contents
Tube-Got-Eval
RNT-Machine
Producers
Tube-Return
Platform
X-Ad-Load-Variation
X-B3-Trace-ID
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-NodeID
X-Section
X-VG-TLSProxy
X-Request-Start
X-Contensis-Viewer-Groups
X-Mly-Id
X-Micro-Cache
X-Fmm-Version
X-DPWN-IS-SECURE
X-Core-Value
X-Varnishpool
X-Varnish-Beresp-Status
X-Var-Ttl
X-Varnish-Authentication
X-Request-Host
X-Human
Machine
X-Aicache-OS
X-Accel-Expires-Debug
L5d-Success-Class
L
HA-Ipaddr
X-Cache-Aspx
Host-ID
Web-Mar-Region
We-Hiring
Proxy-Firewall
Pramga
On-Server
Release
Server-Host
W
Mail-Subject
True-Client-Country-4JS
Ha-Gx-Prefs
X-Access
X-CGP
Gh-Request-Id
X-Varnish-Beresp-Ttl
X-HITS
NGX
X-Jungle-Id
X-From
Req-Svc-Chain
X-LiteSpeed-Cache-Control
X-BBC-Edge-Cache-Status
X-Up
X-NGINX-Cache
X-AIR-PT
X-Zone
WP-Super-Cache
X-Vdms-Path
Debug
X-Cache-Backend
X-Uri
X-Cs
CDN-RequestId
X-Ah-Environment
X-Varnish-Hits
X-Akamai-Transformed
X-LB-ID
X-Cache-FS-Status
CloudFront-Viewer-Country
X-CACHE-GROUP
Redirect-Candidate
X-Tec-Api-Origin
X-Tec-Api-Root
SID
X-Newrelic-Synthetics
X-Tec-Api-Version
X-Via-Popv
X-Servedbyhost
Fastly-Drupal-HTML
X-Refresh
X-PERF
Server-Info
Pics-Label
X-HA-Backend
X-Via-Popn
X-Via-Poph
X-ApacheServer
X-Render-Time
X-Nananana
BehaviorPad-Version
GeoIP-Latitude
X-VHOST
X-Original-Request-Id
X-Response-Served-From
X-M-Log
X-B3-Parentspanid
X-VC-TTL
X-APP
X-M-Reqid
X-Datadome
Fastly-Drupal-Html
X-Parent-Response-Time
X-TT-LOGID
X-CACHE-AGE
Locid
X-LB-NoCache
X-Cached-By
Resin-Trace
X-CS
Datacenter
X-Content-Length
X-DynaTrace-JS-Agent
X-Litespeed-Tag
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-CDN-Cache-Status
X-Wa
X-Nc
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Cf-Ipcountry
X-IAuth-Set-Uid
GeoIp-Country-Code
Cdn
X-LiteSpeed-Tag
NtCoent-Length
Uri
X-Varnish-Beresp-TTL
Ngx-Var-Key
X-ZONE
X-Old-Content-Length
X-VCache
X-Platform-Processor
Vc-Max-Age
X-Platform-Cluster
X-Platform-Router
X-Dispatcher-Number
X-Vgn-Hpd-Reason
FSS-Cache
X-RequestId
X-Fpc
X-NewRelic-App-Data
CDN
True-Client-IP
True-Client-Ip
X-Esi
X-TH-Server
X-Moov-T
Product
X-Moov-Xdn-Version
Serverhost
X-SERVER-NAME
X-HostName
X-B3-Spanid
X-TX-ID
X-Srv
Srv
Cross-Origin-Embedder-Policy-Report-Only
GeoIP-Country-Code
X-Nf-Ats-Version
X-Ckpd-Fst-Backend
S-Rt
X-Nf-Country
X-Nf-Language
X-Dynatrace-Js-Agent
Tcn
X-FPC
X-Oracle-DMS-ECID
X-TIME
X-User
ServerName
X-S-Cookie
X-External-Request-Id
Cf-Device-Type
X-Cdn-Cache-Status
X-Application
X-B-Cookie
X-Destination
X-Cdn-Forward
X-Bug-Bounty
Request-ID
CacheControlHeader
X-NC
X-Dispatch
X-WA
X-Webkit-Csp-Report-Only
X-HubSpot-Correlation-Id
X-APP-VERSION
Server-Id
X-Vc
X-Zen-Fury
Hostname
X-CACHE-KEY
X-Instance-Name
X-Rocket-Build-Number
X-Cache-Date
X-API-Version
X-Sigma
X-Sigma-Backend
X-COUNTRY
Geoip-Latitude
X-FL-QIT-DEBUG
Srvid
X-VServer
X-Presslabs-Stats
X-Vmg-Version
User-Agent
X-Branch-Name
X-Geo
Ohc-File-Size
X-Akamai-Device-Characteristics
X-Ha-Backend
X-Lb-Nocache
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Segment-20210421
DataCenter
ServerHost
X-Gamma-Serve
Origin-Trial
Load-Balancing
X-ServedByHost
X-Info
X-DynaTrace
X-VCL-Version
PICS-Label
Epwk-X-Cache
X-DataCenter
Xc-Version
Cloudfront-Viewer-Country
Cneonction
X-Cache-Ttl
Type
Expect-Staple
X-Limited
X-App
X-Correlation-ID
X-Ua
X-Akamai-Pragma-Client-IP
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
X-Check-Cacheable
X-Amz-Meta-Opti
X-Lb-Id
Cross-Origin-Opener-Policy-Report-Only
X-Owner
X-Irp-Debug
X-Serial
Ohc-Cache-HIT
X-Hit
X-MiniProfiler-Ids
Lb
X-Qloud-Router
Cmstype
X-Via-CDN
X-Via-SSL
Warning
Sm-Log-Id
X-Acquia-Application-UUID
Timeexpire
X-Via-Edge
X-Service-Response-Time
X-Flags
X-MSEdge-Flight
X-Sqd-Stime
X-Acquia-Application-Trace
X-MSEdge-Features
X-Datacenter
X-Sqd-Ctime
Edge-Copy-Time
X-Route-Name
X-Web-Server
X-Aspnet-Duration-Ms
Cl-Cache
X-Core-Mission
X-Acquia-Site
X-Is-Crawler
Cmsid
X-Providence-Cookie
X-Acquia-Purge-Tags
Servername
CountryCode
X-LAGOON
X-Page-View
X-CSRF-TOKEN
X-Litespeed-Cache-Control
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Origin-Upstream-Status
X-Shardid
X-RAMCache
X-Requestid
X-Th-Server
X-Ramcache
X-Http-Reason
X-SIPLIST1
X-Sql-Duration-Ms
X-Sql-Count
X-Snapshot-Date
Ngx
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
IsBot
X-Amz-Meta-S3b-Last-Modified
X-IN-APIGATEWAYSSL