Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Accept-CH
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Drupal-Cache
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
CF-Ray
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-UA-Device
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
X-Rq
Permissions-Policy
X-Age
X-Vhost
X-Amz-Version-Id
Allow
X-Dispatcher
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
P3p
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-Host
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
X-Litespeed-Cache
X-Node
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-CST
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Url
X-Clacks-Overhead
Cache-Tag
X-Trace
Rating
X-Oneagent-Js-Injection
X-Rack-Cache
X-Webkit-Csp
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Vname
X-FTR-Request-ID
X-Server-Name
X-PC
X-TtlSet
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-Upstream
X-GitHub-Request-Id
X-D2id
X-MS-InvokeApp
Edge-Control
Verso
X-Element-Page-Cache
X-Ac
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
AR-PoweredBy
AR-Request-ID
AR-SID
X-Kinja-Server
AR-ATIME
X-Aws-Lambda-Call-Status
X-FastCGI-Cache
X-Ser
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-Cache-TTL
X-Navigation-Version
X-B3-TraceId
X-Mod-Pagespeed
X-Abt-Application-Version
AR-CACHE
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Ruxit-Js-Agent
Fastly-Restarts
X-Amz-Rid
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Client-IP
Edge-Cache-Tag
X-Mg-S
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-RateLimit-Remaining
X-Powered-CMS
X-Middleton-Response
Response
X-Amzn-Trace-Id
Cache-Status
X-Cache-Key
Access-Control-Request-Method
X-Goog-Hash
X-Version
X-VARITI-CCR
X-Fastly-Request-ID
X-ARC
RTSS
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-T
X-Varnish-TTL
Realpath
X-MSEdge-Ref
X-Ua-Device
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Front-End-Https
MS-Author-Via
X-Correlation-Id
Fastcgi-Cache
X-Cached
X-Ratelimit-Limit
Content-MD5
X-HS-Hub-Id
X-Ttl
X-HS-Cache-Config
X-HS-Content-Id
X-Ua-Browser
Payment
Server-Node
X-Protected-By
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
Public-Key-Pins
X-Request-Received
X-FTR-Backend
X-FTR-Backend-Server
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-Shield-Request-Id
X-Frontend
X-Forwarded-Proto
X-LLID
X-PDP-UNCACHING-HASH
X-SRCache-Store-Status
TP-Cache
X-SRCache-Fetch-Status
X-Distributor
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
X-FTR-Expires
X-Origin-Cache-Key
X-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Count-Hit
X-Server-ID
X-GUploader-UploadID
X-Origin-Server
X-ORACLE-DMS-RID
X-LB-Cache
X-NODE
X-Ezoic-Cdn
X-Ratelimit-Remaining
X-Hits
X-Microsite
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-AppVersion
X-PressLabs-Stats
X-Az
X-Activity-Id
Host
X-Www-Served-By
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Varnish-Backend
X-Cluster-Name
X-Varnish-Server
Retry-After
X-App-Server
Cache-Tags
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Server-Name
X-Hostname
X-Geo-Country
Cleartype
X-NGENIX-Cache
X-Newrelic-App-Data
X-Envoy-Decorator-Operation
X-Id
Referer-Policy
X-Goog-Metageneration
X-DIS-Request-ID
X-RateLimit-Limit
X-Upgrade-Enabled
TP-L2-Cache
X-CSRF-Token
Access-Control-Allow-Method
Accept-Ch
X-Seen-By
X-ORACLE-DMS-ECID
X-Git-Hash
X-Azure-Ref
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Amz-Apigw-Id
X-F-Cache
X-Amzn-RequestId
X-Tt-Trace-Tag
X-Unique-Id
X-Tt-Trace-Host
X-Proxy
X-Load-Cache
X-Oracle-Dms-Ecid
Filterid
X-Revision
Healthy
TCN
X-Cache-Control
X-Px
X-Request-Guid
X-Grace
X-Trace-Id
X-FB-Debug
X-B
Section-Io-Cache
X-Debug-Info
DC
Paypal-Debug-Id
X-TT
X-Type
X-B3-Sampled
X-Contextid
X-Fb-Rlafr
X-Page-Id
X-Logged-In
X-XRDS-LOCATION
X-N
X-Mobile
X-Oracle-Dms-Rid
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Debug
X-Whom
X-Template
X-Language
Charset
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Fastly-SIE
X-Datadog-Trace-Id
Fastly-SWR
X-Varnish-Ttl
X-Content-Options
X-Cache-Grace
Version
X-Via-JSL
Content-Disposition
X-Time
X-EdgeConnect-Cache-Status
X-Magnolia-Registration
X-Webkit-CSP
X-App-Environment
X-Varnish-Grace
X-Wix-Request-Id
X-B-Cache
X-Signature
X-RateLimit-Reset
X-Node-Name
SRV
X-B3-SpanId
VIX-Pulpo-Upstream-Status
X-Origin-Cache
VIX-Pulpo-Node
X-RemovedCookies
X-ProcessESI
X-Rule
X-Datadog-Sampled
X-Yottaa-Optimizations
Ms-Operation-Id
X-Yottaa-Metrics
X-RTag
X-UUID
MS-CV
X-Tumblr-Pixel
X-Tumblr-User
X-Debug-IsConnected
X-Tumblr-Pixel-1
X-Debug-IsPreview
X-Hl-Ver
X-Backend-Name
X-Tumblr-Pixel-0
SD-X-WS
X-Amzn-Remapped-Content-Length
GEO-INFO
X-Storage
X-Proxy-Cache-Info
ServerID
X-Amz-Replication-Status
X-Instance
X-FW-Type
Liferay-Portal
X-FW-Server
X-FW-Static
X-FW-Hash
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
NGB
X-Device-Type
X-FW-Version
X-FW-Dynamic
X-FW-Serve
X-G
X-Is-Bot
X-Rendered-As
Country
X-NYM-Debug-Backend
X-L-Path
X-Status
X-Cache-Hit
X-Environment-Context
X-Region
X-Rid
X-IPS-LoggedIn
X-User-Agent
X-Real-IP
X-Source
X-ServerID
X-NWS-UUID-VERIFY
Countrycode
X-Cache-Age
Surrogate-Key
Akamai-GRN
X-Servername
X-Sucuri-Cache
X-Sucuri-ID
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
Cross-Origin-Window-Policy
X-UA
From-Origin
X-WebKit-CSP-Report-Only
X-VC-Cache
Amp-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-RM-Cache-TTL
Backend
Front
X-Air-Pt
X-Framework
X-INCAP-ABP
X-Mode
Refresh
X-AB
X-Air-Trace-Id
Frame-Options
X-Air-Source
X-Content-Powered-By
X-Cache-Time
X-Air-Hostname
X-Akamai-Request-ID2
Xet-Cookie
X-Xrds-Location
X-HTML-Minification-Powered-By
X-Buckets
X-Nginx-Cache
X-Wormhole-Sdk
X-Handled-By
Url
X-Edge-Location
X-Endurance-Cache-Level
Webserver
X-DataDome
X-Timing-Wait
X-UPSTREAM-Address
X-Reqid
X-JoinUs
Access-Control-Request-Headers
X-Rewrite-Enabled
X-No-Session
X-RCS-CacheZone
X-Proxy-Build
Selected-Fe
X-Rn-Rsrv
Filters
X-SaId
Meta-Geo
X-Cluster
X-Xfnlog-Site
X-Git-Commit
X-Cache-Rule
TWC-Device-Class
WPO-Cache-Status
Webcakes-App-Name
WPO-Cache-Message
TWC-Connection-Speed
X-LJ-Flow-ID
TWC-GeoIP-LatLong
Webcakes-App-Version
TWC-Locale-Group
X-Container-Uri
TWC-Privacy
Webcakes-Region
Atl-Traceid
Property-Id
X-SRV
X-AWS-Id
TWC-GeoIP-Country
X-Cache-Operation
X-Origin-TTL
X-Logging-Id
X-Served-From
X-Origin-CC
X-R9-Blue-Green-Version
ServedBy
X-Webstats-RespID
X-VCT
X-VWS-Id
X-Tumblr-Pixel-2
X-Provided-By
X-RID
X-Origin
X-Origin-Date
X-Origin-Hint
X-Proxied
X-Extlb
X-Generation-Time
X-Httpd
Cache
X-Varnish-Cache-Hits
X-Accel-Version
X-Drupal-Cache-Tags
X-Akamai-Edgescape
X-BYPASS-REASON
X-Ms-Version
X-Ms-Request-Id
Web-Mar-Node
Mn-Server-Ip
X-CDN-Forward
X-Cms-Context
X-Zipkin-Id
X-Cloudmap
X-Cache-Debug
X-Site-Version
X-Hosted-By
X-Locale
X-Redis-Cache
X-Restarts
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-Routing-Service
X-VC
X-Cache-Status-Check
X-ProxyCache-Status
X-PHP-Host
X-Format
X-S
X-Shield-Cache-Expires
X-Fetched-On
X-Frame-Option
X-Geo-Region
X-Varnish-Age
X-Skip-Cache
X-Drupal-Cache-Contexts
X-Azure-Ref-OriginShield
X-Vcache
X-Is-Mobile
X-Lambda-Id
X-CMSURLCustom
X-Director
X-Upstream-Ht
X-Adobe-Source
Apigw-Requestid
X-Loop
X-Tcp-Rtt
X-Scope-Id
X-Web-Node
TDXMobile
X-Is-Desktop
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Tb
Section-Io-Id
X-Is-Supported-Browser
Accept-Language
Thinkindot-Control
X-Upstream-Ct
X-Soup
X-Tncms
X-Thinkindot-L3
X-Is-Tablet
X-Browser-Name
X-Cache-Host
X-Say-Cacheable
X-ShardId
X-IPLB-Request-ID
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-SayCDN-TTL
X-IPLB-Instance
X-ShopId
X-Forwarded-Host
Cache-Hits
X-Varnish-Beresp-Grace
X-Say-TTL
X-Alternate-Cache-Key
X-Detected-As
Xserver
X-Cdn-Origin
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Optimistic-Header
X-Generated-By
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-GeoCountry
X-GeoCode
X-Vercel-Cache
X-Vercel-Id
X-Worker
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-XRDS-Location
Source
Node
X-Tec-Api-Version
X-Tec-Api-Origin
X-WP-CF-Super-Cache-Cookies-Bypass
X-Request-URI
X-Tec-Api-Root
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-B3-Traceid
CDN-CachedAt
CDN-RequestCountryCode
Protected
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-Uid
X-App-Version
Cross-Origin-Embedder-Policy
X-Vcl-Version
X-Pass-Why
X-Ratelimit-Reset
CDN-RequestId
LB
X-URL
X-Tumblr-Pixel-3
X-Connection-Hash
AMP-Access-Control-Allow-Source-Origin
Expiry
Fastcgi-Useragent
Alternate-Protocol
Onion-Location
X-Cache-Server
X-GEO
DB-Nickname
X-Jobs
X-Cache-Expired-At
Priority
X-Server-W
CF-IPCountry
X-TA-CDN-Provider
X-PHP-Backend
X-Api-Version
Environment
Uber-Trace-Id
Sid
X-Fastly-Request-Id
X-Proxy-Cache-Status
X-Cluster-Node
X-Cache-Action
User-Cache-Control
X-Uri
Locale
X-Response-Served-From
X-Fastcgi-Cache
X-MP-GENERATED-AT
X-Original-Request-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LSADC-Cache
X-DC
HostName
X-FB-TRIP-ID
X-TT-LOGID
X-Node-Id
DCR-Decision-By
Fusion-Component-Id
X-Gzip
X-Conf
X-Op-Id-All
X-Mg-Request-UUID
Fusion-Content-Id
DCR-Processing-Time-Ms
X-Gen-Mode
X-D
A
X-Generated-On
X-Forwarded-Site
Fusion-Content-Source
X-FC-Vary-Parameters
X-Org
X-Content-Age
X-Aed
Fusion-Template-Id
Sslversion
Fusion-Source
X-Ig-Origin-Region
X-Level-Front-Cache
Server-Host
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-Cachable
X-NCache
X-ND-Cache
X-Jungle-Id
Gannett-Cam-Experience-Id
X-Hnp-Log
Wxu-Next-Commit
Fusion-Deployment-Id
X-Developer
Meta-Geo-Continent
X-Vdms-Path
Origin-Agent-Cluster
X-Vdms-Version
X-A-Ccd
X-Bl-Debug
X-Block-Status
Origin
X-Varnish-Hostname
X-Cache-Id
X-Clientip
Ngx.Var.Host
X-Dispatcher-Server
Req-ID
X-Esi-Check
X-Viewer-Country
X-Tt-Logid
X-BCube-Filmed-By
X-Bip
X-Bc-Bl
Rendered-Blocks
Wxu-Next-Hostname
X-Ec-GeoHdr
Vix-Hermes-Req-Id
Wxu-Next-Region
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Vtex-Remote-Cache
X-Epic-Correlation-Id
X-A
X-Thanos
X-TIM-N
Lang
X-Ec-Fail
Content-Secure-Policy
Magicmarker
MD5-Digest
Cdn-Requestid
T-Server
X-Proto
Cache-Tv-Group
X-Tx-Id
X-Platform
Surrogated-Key
X-Powered-By-VTEX-Cache
X-Request-Start
Candidate-Md5Url
Edge-Cache
X-SRCache-Key
X-A-Dcw
X-A-Dam
X-A-Wwc
X-A-Dgt
X-Cache-NE
X-ScT
X-Rojux
X-SB
WP-Super-Cache
X-Origin-Response-Time
X-Debug-Cache-Fetch
X-Device-Os
Content-Style-Type
X-App-Name
X-Debug-Cache-Store
DSUID
Content-Script-Type
L5d-Success-Class
X-Cache-Info
X-Cache-TTL-Remaining
Mail-Subject
NM-Fastcgi-Cache
X-Cache-Bucket
Release
X-Backend-Instance
PFcat
X-Auth-Group-Type
X-Cdn-Srv
X-Core-Value
Fastly-Backend-Name
X-Csrf-Jwt
Fastly-SSL
Ha-Gx-Prefs
X-CGP
Host-ID
HA-Ipaddr
X-CUA
X-Mvc-Supplant-OutputCached
X-Request-Time
X-Req
X-Scheme
X-SD-PageType
X-LiteSpeed-Cache-Control
X-Test
X-Region-Sid
X-RateLimit-Remaining-Second
X-Origin-Time
X-Origin-Expires
X-PAYTM-SRV-ID
Ssr
X-RateLimit-Limit-Second
X-UA-Device-Type
X-V-Cache
Yak-Timeinfo
XM
W
X-Policy
We-Hiring
X-Pubstack
X-WA-Info
X-Via-Fastly
X-Varnish-Director
X-Var-Ttl
X-VarnishDD-TTL
X-Varnishpool
X-VG-WebCache
X-Edge-Server
X-Client-Ip
X-Fmm-Version
X-Fastly-Cache
AKAMAI
X-Amz-Storage-Class
X-Geo-Header
X-Gdpr
C-Via
X-Eu-Site
Cdn-Host
Cdn-Request-Time
CDCHOST
Canary
Cache-Provider
X-Nyt-Route
X-Service
X-Nginx-Cache-Key
X-Auto-Login
X-HS-Content-Campaign-Id
Server-Hostname
X-HN
X-NMSegId
X-GeoIP-City
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Server-Ext
Sever-Int
X-ApacheServer
X-Access
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-Human
X-Server-IP
X-SVT-ORM-RULES
X-Section
X-Request-Host
X-Proxied-Request
X-Render-Time
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Ig-Push-State
Gh-Request-Id
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-Wikidot-Backend
X-Pool
X-PERF
X-Fastly-Backend
X-From
X-Ec-Custom-Error
X-CacheTTL
X-BBC-Edge-Cache-Status
X-Cache-Backend
X-GeoIP
X-GoCache-CacheStatus
X-Micro-Cache
X-Mly-Id
X-Men
X-Location
X-Loc
X-B3-Trace-ID
X-AK-Request-ID
Origin-CC
On-Server
Apple-News-Services-Handled
Apple-News-Services-Host
Origin-EX
X-Zone
X-ID
X-ECache
Fastly-GeoIP-CountryCode
Powered-By
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Error
Cluster
Country-Code
Esi-Enabled
L
Click-Count-Action-Start
Cache-Key
Cdncip
Machine
Cdnsip
Redirect-Candidate
Pramga
RNT-Time
RNT-Machine
Req-Svc-Chain
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
Web-Mar-Region
Tube-Return
X-Ismobilevalue
V-Age
X-Newrelic-Synthetics
X-Accel-Expires-Debug
Odigeo-Trace-Id
X-Contensis-Viewer-Groups
X-Date
X-Varnish-Authentication
Is-Eu
X-Dc
X-DPWN-IS-SECURE
NGX
X-Slack-Backend
X-Hash
Platform
Producers
Proxy-Firewall
X-Cache-Aspx
X-Slack-Shared-Secret-Outcome
X-Up
X-Ad-Load-Variation
X-Tb-Optimization-Total-Bytes-Saved
X-Sn-Servicetimems
Adler-Geo
True-Client-Country-4JS
X-AIR-PT
X-NGINX-Cache
X-Custom-Header
Debug
X-Varnish-Hits
X-LB-ID
X-NodeID
X-Cs
Datacenter
X-COUNTRY
X-Nananana
SID
X-Refresh
Pics-Label
X-CACHE-GROUP
X-HA-Backend
Fastly-Drupal-HTML
X-Akamai-Transformed
X-Via-Popn
Locid
X-Via-Popv
X-Via-Poph
Mime-Version
X-Nf-Request-Id
X-Pad
X-Datadome
X-Varnish-Remaining-TTL
X-Platform-Router
X-Varnish-CookieINHashed-On
X-Platform-Cluster
X-Varnish-CookieHashed-On
X-LiteSpeed-Tag
X-DefElseHash
X-DefHash
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Processor
CloudFront-Viewer-Country
X-VC-TTL
X-VHOST
X-Depends
X-CACHE-AGE
X-Servedbyhost
X-TIME
X-Cache-FS-Status
X-Cached-By
X-LB-NoCache
X-Parent-Response-Time
X-M-Log
GeoIP-Latitude
X-Old-Content-Length
Ngx-Var-Key
X-M-Reqid
X-CS
X-Moov-Xdn-Version
Server-ID
X-TH-Server
X-CDN-Cache-Status
X-B3-Parentspanid
X-Moov-T
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
Cross-Origin-Embedder-Policy-Report-Only
X-VCache
Server-Info
Resin-Trace
GeoIp-Country-Code
Cdn
Cf-Ipcountry
NtCoent-Length
BehaviorPad-Version
X-Wa
X-Nc
X-Litespeed-Tag
X-ZONE
X-Presslabs-Stats
X-Vgn-Hpd-Reason
X-Destination
X-Application
X-User
X-External-Request-Id
X-APP
Cf-Device-Type
X-S-Cookie
X-IAuth-Set-Uid
X-B-Cookie
X-HITS
X-TX-ID
Uri
X-NewRelic-App-Data
X-Zen-Fury
X-Vc
FSS-Cache
X-Fpc
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Route-Name
Tcn
X-Providence-Cookie
True-Client-IP
X-Sigma
True-Client-Ip
X-Instance-Name
X-Cache-Date
X-Esi
X-Rocket-Build-Number
X-Content-Length
X-Sigma-Backend
CDN
X-HostName
X-Dynatrace-Js-Agent
X-DynaTrace
X-Varnish-Beresp-TTL
X-Srv
X-VServer
X-API-Version
Load-Balancing
S-Rt
X-Segment-20210421
X-Branch-Name
Serverhost
X-Page-View
X-Oracle-DMS-ECID
Hostname
X-Cdn-Forward
GeoIP-Country-Code
Srv
X-HOST
X-Dispatcher-Number
Ohc-File-Size
Request-ID
X-NC
X-Dispatch
X-DataCenter
Vc-Max-Age
X-FPC
X-Cdn-Cache-Status
X-WA
Product
X-RequestId
Geoip-Latitude
Type
X-APP-VERSION
X-Sql-Count
X-Http-Reason
X-B3-Spanid
ServerName
X-Geo
X-Sql-Duration-Ms
Srvid
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
Server-Id
X-Irp-Debug
Cl-Cache
X-Lb-Nocache
X-Ckpd-Fst-Backend
X-Correlation-ID
IsBot
WZWS-RAY
Edge-Copy-Time
X-ServedByHost
X-Bug-Bounty
CacheControlHeader
X-Via-SSL
X-SIPLIST1
X-Owner
X-CSRF-TOKEN
X-Via-CDN
DataCenter
X-Via-Edge
X-VCL-Version
Epwk-X-Cache
MIME-Version
Cross-Origin-Opener-Policy-Report-Only
X-Core-Mission
Cloudfront-Viewer-Country
X-Proxy-CacheRZ
Origin-Trial
X-CACHE-KEY
Ohc-Cache-HIT
XkeyRZ
Lb
X-Cache-Ttl
X-Hit
X-App
N-Cache
CountryCode
X-Qloud-Router
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-Via-PopV
X-Ua
PICS-Label
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MSEdge-Flight
X-MiniProfiler-Ids
X-Lb-Id
X-MSEdge-Features
X-Amz-Meta-Opti
ServerHost
X-Fastly-Country-Code
X-Acquia-Site
X-Acquia-Application-UUID
X-Service-Response-Time
Sm-Log-Id
X-Acquia-Application-Trace
Warning
X-Acquia-Purge-Tags
X-Vmg-Version
X-Sqd-Ctime
X-Akamai-Device-Characteristics
X-Limited
X-Web-Server
Cneonction
User-Agent
X-Sqd-Stime
X-Datacenter
X-LAGOON
X-Litespeed-Cache-Control
X-Iplb-Request-Id
X-Iplb-Instance
X-HubSpot-Correlation-Id
X-Amz-Meta-Sha256
X-IN-APIGATEWAY
X-Gamma-Serve
X-IN-APIGATEWAYSSL
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Snapshot-Date
X-CF-Lambda-Version
X-Requestid
X-Akamai-Pragma-Client-IP
X-RAMCache
X-Shop-Environment
X-CF-Lambda-Fn
X-Cache-Type
Expect-Staple
X-Tenant
X-Check-Cacheable
X-Serial
Xkey-La3
X-Orig-Expires
X-Forwarded-Path
Akamai-Cache-Status
Ngx
Xkeylog
X-Th-Server
X-Ramcache
X-Cdn-Request-ID
X-Proxy-Cache-La3