Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
X-Request-ID
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
Cf-Apo-Via
X-Amz-Version-Id
X-Vhost
X-Dispatcher
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Server-Id
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-PC
X-TtlSet
Cross-Origin-Opener-Policy
X-Litespeed-Cache
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-FTR-Request-ID
X-Daa-Tunnel
X-Server-Name
Nginx-Cache
Accept-Ch
X-Powered-By-Plesk
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Cache-TTL
X-Cnection
X-CST
X-Ac
X-ESI
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
Edge-Control
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
Verso
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-ECACHE
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-Navigation-Version
X-Dw-Request-Base-Id
X-Webkit-Csp
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-FastCGI-Cache
X-B3-TraceId
X-Amz-Rid
X-Mod-Pagespeed
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Goog-Hash
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Oneagent-Js-Injection
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
S
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-Middleton-Response
X-NF-Request-ID
Response
X-VARITI-CCR
X-TTL
X-Ratelimit-Remaining
RTSS
X-Fastly-Request-ID
Realpath
X-Forwarded-For
X-Ua-Device
X-Cache-Key
X-Content-Digest
X-T
Cross-Origin-Resource-Policy
X-Ruxit-Js-Agent
X-Server-ID
X-Recruiting
X-Correlation-Id
X-TraceId
Fastcgi-Cache
X-Cached
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Varnish-TTL
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
TP-Cache
X-HS-Hub-Id
X-Protected-By
X-Frontend
X-LLID
X-HS-Content-Id
X-HS-Cache-Config
Payment
X-PressLabs-Stats
MS-Author-Via
Server-Node
Arr-Disable-Session-Affinity
Public-Key-Pins
Content-MD5
X-SRCache-Fetch-Status
Count-Hit
X-SRCache-Store-Status
X-RateLimit-Remaining
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-HS-Combine-CSS
X-Accel-Expires
X-GUploader-UploadID
X-LB-Cache
X-Distributor
X-FTR-Backend
X-FTR-Cache-Status
X-Origin-Server
X-NODE
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Newrelic-App-Data
X-Ezoic-Cdn
X-FTR-Expires
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Microsite
X-Request-Handler-Origin-Region
X-Www-Served-By
Host
X-Activity-Id
Accept-Charset
X-Content-Security-Policy-Report-Only
X-App-Server
X-Az
X-AppVersion
X-Varnish-Server
X-B3-TraceId-Primal
Cache-Tags
X-Cluster-Name
X-Amz-Meta-S3cmd-Attrs
Mrf-Cache-Status
MRF-Tech
Cleartype
X-Varnish-Backend
Retry-After
X-ORACLE-DMS-ECID
Surrogate-Key
X-Goog-Metageneration
Filterid
X-Unique-Id
Server-Name
X-Hits
X-Git-Hash
Access-Control-Allow-Method
X-Debug
X-Logged-In
X-Load-Cache
X-Upgrade-Enabled
X-Azure-Ref
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Id
X-Geo-Country
X-CSRF-Token
X-Ttl
X-Hostname
X-FB-Debug
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
TP-L2-Cache
X-Tt-Trace-Host
X-Proxy
X-Tt-Trace-Tag
X-Grace
X-TT
X-B
Section-Io-Cache
X-Time
X-Revision
DC
X-Request-Guid
X-Seen-By
X-Cache-Control
Healthy
X-CCDN-CacheTTL
Viewport
X-Hcs-Proxy-Type
X-Trace-Id
X-Type
X-Fb-Rlafr
X-CCDN-Origin-Time
X-F-Cache
X-Contextid
X-B3-Sampled
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Mobile
X-Goog-Stored-Content-Length
Fastly-SIE
Fastly-SWR
X-N
Referer-Policy
Paypal-Debug-Id
Content-Disposition
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-XRDS-LOCATION
X-DIS-Request-ID
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Grace
X-Webkit-CSP
X-Page-Id
X-Debug-Info
X-Magnolia-Registration
X-Ratelimit-Reset
X-Via-JSL
X-Px
X-Amz-Replication-Status
X-Origin-Cache
Version
X-Oracle-Dms-Ecid
X-Whom
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-ProcessESI
X-G
X-RemovedCookies
X-Content-Options
X-Rid
X-UUID
Amp-Access-Control-Allow-Source-Origin
X-Wormhole-Sdk
X-Adobe-Loc
X-Adobe-Content
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Node-Name
X-Tumblr-User
X-Rule
X-Debug-IsConnected
X-Template
SD-X-WS
X-Yottaa-Metrics
Ms-Operation-Id
X-Hl-Ver
MS-CV
NGB
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Datadog-Sampled
X-Storage
X-Source
X-RTag
X-Yottaa-Optimizations
X-Nf-Request-Id
Cross-Origin-Window-Policy
X-Wix-Request-Id
X-Proxy-Cache-Info
X-Region
X-Signature
X-Device-Type
X-Is-Bot
X-NYM-Debug-Backend
X-B-Cache
X-Backend-Name
Charset
X-Cacheable-TTL
X-Rendered-As
X-Environment-Context
X-Instance
GEO-INFO
X-L-Path
Country
X-User-Agent
X-ServerID
X-Status
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Version
Countrycode
X-Cache-Age
ServerID
X-EdgeConnect-Cache-Status
X-IPS-LoggedIn
X-Real-IP
SRV
X-RM-Cache-TTL
Akamai-GRN
X-NWS-UUID-VERIFY
X-Cache-Grace
Front
X-Ismobilevalue
X-Cache-Hit
X-WP-CF-Super-Cache-Active
X-Amzn-Remapped-Content-Length
X-Framework
Liferay-Portal
X-Aws-Lambda-Call-Status
X-Language
X-AB
X-B3-SpanId
X-Oracle-Dms-Rid
X-WebKit-CSP-Report-Only
X-Air-Pt
X-Akamai-Request-ID2
X-Sucuri-Cache
X-Sucuri-ID
X-Content-Powered-By
X-Servername
OT-Force-Account-Verify
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-VC
From-Origin
Xet-Cookie
X-VC-Cache
X-UA
X-Api-Version
Backend
X-URL
X-Mode
X-Xrds-Location
Accept-Language
Refresh
X-Tt-Logid
X-DataDome
X-VHOST
Upgrade-Insecure-Requests
X-Handled-By
X-Cache-Status-Check
Access-Control-Request-Headers
X-Nginx-Cache
Webserver
X-Cache-Time
LB
X-HTML-Minification-Powered-By
X-SRV
X-Rn-Rsrv
X-SaId
Cache
Meta-Geo
X-JoinUs
Filters
X-UPSTREAM-Address
X-Rewrite-Enabled
X-RCS-CacheZone
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-Region
X-Xfnlog-Site
X-Provided-By
X-PHP-Host
Webcakes-App-Version
TWC-Connection-Speed
X-Origin-Date
X-Labrador-Cache-Channel
X-Cache-Operation
Property-Id
X-Origin-Hint
X-Cache-Rule
X-R9-Blue-Green-Version
ServedBy
TWC-Device-Class
TWC-Privacy
X-Generated-By
X-S
X-Git-Commit
X-Cms-Context
X-Tumblr-Pixel-2
X-RateLimit-Limit
X-Hosted-By
X-Varnish-Age
X-Webstats-RespID
X-Adobe-Source
X-Container-Uri
X-Accel-Version
X-Httpd
X-Fetched-On
X-Skip-Cache
X-Lambda-Id
X-Endurance-Cache-Level
X-No-Session
X-Served-From
X-Forwarded-Host
X-Site-Version
X-Scope-Id
X-Logging-Id
X-ProxyCache-Status
X-Reqid
X-Locale
X-Is-Tablet
X-Is-Desktop
X-Browser-Name
X-BYPASS-REASON
X-Web-Node
Url
X-Is-Supported-Browser
X-Akamai-Edgescape
X-Is-Mobile
X-Tb
X-Cache-Debug
X-Tcp-Rtt
Atl-Traceid
X-ProxyCache-Key
X-Cluster
Section-Io-Id
X-Geo-Region
X-Request-URI
Apigw-Requestid
X-Frame-Option
X-Detected-As
Selected-Fe
Mn-Server-Ip
X-IPLB-Request-ID
X-Alternate-Cache-Key
Web-Mar-Node
X-IPLB-Instance
X-Director
X-Ms-Version
X-Optimistic-Header
X-Ms-Request-Id
X-Loop
X-Format
X-Origin
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Say-Cacheable
X-Varnish-Cache-Hits
X-Restarts
X-Edge-Location
X-Tncms
X-Varnish-Beresp-Grace
X-Upstream-Ct
X-Soup
X-Mg-Request-UUID
X-Upstream-Ht
X-Redis-Cache
X-SayCDN-TTL
X-VCT
X-Timing-Wait
X-Say-TTL
X-Proxy-Build
X-Cloudmap
X-Routing-Service
X-AWS-Id
X-VWS-Id
X-RID
X-Cache-Host
X-Proxied
Xserver
X-Zipkin-Id
X-INCAP-ABP
X-LJ-Flow-ID
X-Extlb
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Onion-Location
X-ShopId
Frame-Options
Expiry
X-Azure-Ref-OriginShield
X-Connection-Hash
X-GeoCode
X-GeoCountry
X-Lagoon
Cdn-Requestid
WPO-Cache-Status
X-CDN-Forward
X-Cache-Expired-At
WPO-Cache-Message
Source
X-CMSURLCustom
Thinkindot-CacheControl
TDXMobile
X-Thinkindot-L3
Protected
X-Generation-Time
Thinkindot-CacheControl-Type
X-WP-CF-Super-Cache-Cookies-Bypass
Thinkindot-Control
X-Shield-Cache-Expires
X-Fastly-Request-Id
X-Fastcgi-Cache
X-Vcache
X-B3-Traceid
X-XRDS-Location
X-Vcl-Version
Fastcgi-Useragent
X-ECache
X-Origin-TTL
X-Cdn-Origin
X-Origin-CC
Environment
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-PHP-Backend
Priority
X-Proxy-Cache-Status
X-Cache-Action
X-Pass-Why
X-Rocket-Nginx-Serving-Static
Uber-Trace-Id
X-Vercel-Id
X-Worker
X-Vercel-Cache
Cache-Hits
Sid
X-ID
X-App-Version
X-GEO
Azure-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
CF-IPCountry
X-Aspnetmvc-Version
X-Cluster-Node
Locale
X-Urbn-Site-Id
Node
X-Urbn-Context-Path
X-Buckets
CDN-Cache
X-TA-CDN-Provider
CDN-EdgeStorageId
CDN-CachedAt
CDN-Uid
Cross-Origin-Embedder-Policy
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-PullZone
CDN-RequestCountryCode
Cache-Tv-Group
X-Tumblr-Pixel-3
X-FB-TRIP-ID
X-Auth-Group-Type
X-Cache-Server
X-Server-W
Alternate-Protocol
DB-Nickname
X-Pad
X-RateLimit-Reset
X-Client-Ip
X-DC
X-Tx-Id
X-A
Wxu-Next-Region
X-A-Ccd
Wxu-Next-Hostname
Wxu-Next-Commit
T-Server
Candidate-Md5Url
X-A-Dam
X-A-Wwc
X-Aed
A
X-A-Dgt
X-A-Dcw
Surrogated-Key
Sslversion
Gannett-Cam-Experience-Id
Lang
DCR-Processing-Time-Ms
DCR-Decision-By
X-Bc-Bl
Content-Secure-Policy
Magicmarker
MD5-Digest
Origin-Agent-Cluster
Rendered-Blocks
Odigeo-Trace-Id
Ngx.Var.Host
Meta-Geo-Continent
Cdn-Host
Cdn-Request-Time
X-DefElseHash
X-Origin-Expires
X-Req
X-Rojux
X-ScT
X-Org
X-Op-Id-All
X-Ig-Push-State
X-Level-Front-Cache
X-ND-Cache
X-SRCache-Key
X-TIM-N
X-Via-Fastly
X-Viewer-Country
X-Vtex-Remote-Cache
X-Vdms-Version
X-Varnish-Remaining-TTL
X-V-Cache
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Ig-Origin-Region
X-Gzip
X-Core-Value
X-Custom-Header
X-D
X-DefHash
X-Content-Age
X-Cache-TTL-Remaining
X-Bl-Debug
X-Cache-Id
X-Cache-NE
X-Developer
X-Dispatcher-Server
X-Fastly-Backend
X-Generated-On
X-GeoIP-City
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-Fail
X-Ec-GeoHdr
X-Edge-Server
X-BCube-Filmed-By
X-Conf
X-Service
X-LiteSpeed-Cache-Control
User-Cache-Control
Mime-Version
HostName
AMP-Access-Control-Allow-Source-Origin
NM-Fastcgi-Cache
X-Men
X-Cdn-Srv
X-LSADC-Cache
Origin
PFcat
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Clientip
X-CacheTTL
X-Jobs
X-Loc
X-B3-Trace-ID
X-Nyt-Route
Host-ID
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
Is-Eu
X-NodeID
Platform
X-Mvc-Supplant-Cachable
X-Acquia-Purge-Cdn-Unconfigured
X-NMSegId
X-Node-Id
X-Mly-Id
X-GoCache-CacheStatus
Tube-Get-Contents
Tube-Got-Eval
X-Fastly-Cache
Ssr
X-FC-Vary-Parameters
Tube-Got-Results
Tube-Return
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
Vix-Hermes-Req-Id
V-Age
X-Fmm-Version
X-Forwarded-Site
X-GeoIP-Country-Code
Req-ID
X-GeoIP-Region-Code
Producers
X-HN
X-GeoIP
X-Geo-Header
Server-Host
X-Gdpr
X-Gen-Mode
RNT-Time
RNT-Machine
Powered-By
X-Platform
Adler-Geo
AKAMAI
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-UA-Device-Type
X-Thanos
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Cache-Provider
X-Cache-FS-Status
X-Amz-Storage-Class
X-Cache-Bucket
X-Sn-Servicetimems
X-Block-Status
X-App-Name
X-Wikidot-Backend
X-VTEX-Cache-Time
X-Wikidot-Static-Cache
XM
X-Backend-Instance
X-VTEX-Cache-Server
X-VG-WebCache
X-Varnish-Hostname
X-Varnish-Director
X-VarnishDD-TTL
X-Bip
X-VG-TLSProxy
X-SD-PageType
X-Server-IP
X-Cache-Info
X-Proto
X-Pubstack
X-RateLimit-Limit-Second
X-Scheme
Country-Code
X-Powered-By-VTEX-Cache
Edge-Cache
X-Policy
Fastly-SSL
Fastly-Backend-Name
Esi-Enabled
X-Ad-Load-Variation
X-RateLimit-Remaining-Second
Content-Style-Type
Cdnsip
Cdncip
X-Request-Time
X-SB
Click-Count-Action-Start
X-AK-Request-ID
X-Region-Sid
Content-Script-Type
Click-Count-Error
X-Aicache-OS
X-HITS
X-Varnish-Beresp-Ttl
X-Cs
X-CUA
X-CGP
X-Csrf-Jwt
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-BBC-Edge-Cache-Status
X-Mvc-Supplant-OutputCached
X-Var-Ttl
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Section
X-Varnish-Authentication
X-Varnish-Beresp-Status
Yak-Timeinfo
X-We-Are-Hiring
X-WA-Info
X-Varnishpool
X-Request-Start
X-Request-Host
X-Human
X-Hash
X-Eu-Site
X-Ec-Custom-Error
X-Dc
X-Location
X-Proxied-Request
X-Pool
X-Nginx-Cache-Key
X-Micro-Cache
X-Depends
X-Date
CDCHOST
Canary
Cluster
DSUID
Fastly-GeoIP-CountryCode
Sever-Int
True-Client-Country-4JS
Cache-Key
Apple-News-Services-Host
We-Hiring
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
W
Gh-Request-Id
Server-Hostname
L5d-Success-Class
L
Origin-EX
Origin-CC
Mail-Subject
Machine
Pramga
Proxy-Firewall
Ha-Gx-Prefs
Server-Ext
Req-Svc-Chain
Release
HA-Ipaddr
Apple-News-Services-Handled
C-Via
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-Auto-Login
X-Accel-Expires-Debug
Fusion-Content-Source
X-Access
Fusion-Deployment-Id
X-NGINX-Cache
X-AIR-PT
On-Server
NGX
X-Device-Os
Web-Mar-Region
Server-Info
X-Varnish-Hits
BehaviorPad-Version
Debug
X-Origin-Cache-Key
X-NCache
X-Up
Redirect-Candidate
X-LB-ID
X-Zone
X-From
X-Tec-Api-Root
X-Akamai-Transformed
X-Tec-Api-Origin
X-Tec-Api-Version
X-HA-Backend
X-Via-Popn
X-APP
X-Via-Poph
Pics-Label
X-Via-Popv
X-MP-GENERATED-AT
Fastly-Drupal-HTML
X-Jungle-Id
X-Vdms-Path
CDN-RequestId
CloudFront-Viewer-Country
X-Cache-Backend
X-Refresh
X-CACHE-AGE
SID
X-Parent-Response-Time
WP-Super-Cache
X-B3-Parentspanid
X-Servedbyhost
GeoIP-Latitude
X-Content-Length
X-LiteSpeed-Tag
X-Datadome
X-Uri
X-Newrelic-Synthetics
X-LB-NoCache
X-Nc
Datacenter
X-M-Log
X-Render-Time
Fastly-Drupal-Html
X-ApacheServer
X-VC-TTL
X-PERF
X-CACHE-KEY
X-Nananana
X-M-Reqid
X-CDN-Cache-Status
X-Litespeed-Tag
X-DynaTrace-JS-Agent
Vc-Max-Age
X-Wa
X-Dispatcher-Number
Resin-Trace
X-Cached-By
Server-ID
X-ZONE
X-RequestId
Product
NtCoent-Length
Cdn
X-B3-Spanid
X-Amz-Meta-Cb-Modifiedtime
X-CS
GeoIp-Country-Code
Locid
X-VCache
FSS-Cache
X-Ckpd-Fst-Backend
X-Fpc
X-IAuth-Set-Uid
X-NewRelic-App-Data
X-Varnish-Beresp-TTL
X-Response-Served-From
Serverhost
X-Bug-Bounty
True-Client-Ip
X-Esi
X-Original-Request-Id
X-HostName
S-Rt
X-SERVER-NAME
X-Srv
X-TX-ID
X-Nf-Country
X-Nf-Ats-Version
X-Old-Content-Length
Uri
X-HubSpot-Correlation-Id
X-Nf-Language
True-Client-IP
ServerName
X-TT-LOGID
Ngx-Var-Key
Tcn
GeoIP-Country-Code
Cf-Ipcountry
Srv
X-TIME
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
CDN
X-Cdn-Forward
X-Vgn-Hpd-Reason
X-Dynatrace-Js-Agent
X-FPC
Request-ID
User-Agent
X-Moov-T
X-WA
CacheControlHeader
X-Akamai-Device-Characteristics
X-TH-Server
X-Vmg-Version
X-Moov-Xdn-Version
X-Vc
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
ServerHost
Server-Id
X-Gamma-Serve
X-Info
X-Dispatch
X-APP-VERSION
X-COUNTRY
Hostname
X-VCL-Version
Srvid
Xc-Version
Geoip-Latitude
Cf-Device-Type
X-NC
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-Presslabs-Stats
X-Hit
X-Geo
X-Destination
Cross-Origin-Embedder-Policy-Report-Only
X-Application
X-B-Cookie
X-User
Expect-Staple
X-S-Cookie
X-Lb-Nocache
X-External-Request-Id
Origin-Trial
X-Zen-Fury
Cloudfront-Viewer-Country
X-ServedByHost
Cneonction
X-Amz-Meta-Opti
X-Ha-Backend
X-App
X-Limited
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Instance-Name
Ohc-File-Size
Epwk-X-Cache
PICS-Label
X-Cache-Date
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-V
X-Platform-Server
X-Rollout
X-Ua
X-New
X-API-Version
Permission-Policy
WZWS-RAY
X-Eligible
N-Cache
X-Correlation-ID
X-VServer
X-Akamai-Pragma-Client-IP
X-Segment-20210421
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
X-Sqd-Stime
XkeyRZ
X-MiniProfiler-Ids
X-Check-Cacheable
X-Proxy-CacheRZ
X-Sqd-Ctime
X-Serial
X-Lb-Id
X-Branch-Name
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-MSEdge-Features
Cmstype
Cmsid
X-Acquia-Application-UUID
Timeexpire
X-Acquia-Application-Trace
X-Service-Response-Time
X-MSEdge-Flight
X-Internal-TTL
X-Datacenter
X-Acquia-Site
X-ElasticPress-Query
X-Ftr-Request-Id
X-Fastly-Backend-Reqs
Sm-Log-Id
Ngx
X-Acquia-Purge-Tags
X-CSRF-TOKEN
X-Litespeed-Cache-Control
Servername
CountryCode
X-LAGOON
Fl-Custom-Application
X-IN-APIGATEWAYSSL
X-Requestid
X-VTEX-Cache-Backend-Header-Time
Warning
X-VTEX-Cache-Backend-Connect-Time
X-IN-APIGATEWAY
Edge-Copy-Time
X-Via-Edge
X-Via-SSL
X-Via-CDN
X-Traceid
X-Ramcache
X-EC-Lua
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
Ohc-Cache-HIT
X-DataCenter
X-Origin-Upstream-Status
X-Shardid
X-Sorting-Hat-Shopid
X-Shopid
X-Th-Server
X-Web-Server
X-Amz-Meta-Sha256
X-Sorting-Hat-Podid
X-Amz-Meta-S3b-Last-Modified
X-RAMCache
Wpo-Cache-Message
Wpo-Cache-Status
X-Snapshot-Date