Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Xss-Protection
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Request-ID
X-Cache-Status
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
X-Ws-Request-Id
Xkey
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dispatcher
Allow
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-WebKit-CSP
X-Host
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Node
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
P3p
X-NWS-LOG-UUID
X-Country
X-CST
Service-Worker-Allowed
X-Country-Code
X-Litespeed-Cache
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
Rating
X-Rack-Cache
X-Url
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Server-Name
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Oneagent-Js-Injection
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Webkit-Csp
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-GitHub-Request-Id
X-Upstream
X-D2id
X-MS-InvokeApp
X-Element-Page-Cache
Edge-Control
X-Ac
Verso
AR-SID
AR-Request-ID
AR-PoweredBy
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
AR-ATIME
X-Exp-Variant
X-Exp-Id
X-FastCGI-Cache
X-Ser
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-Cache-TTL
X-Abt-Application-Version
X-Navigation-Version
X-B3-TraceId
AR-CACHE
X-Mod-Pagespeed
X-NF-Request-ID
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Aws-Lambda-Call-Status
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Middleton-Display
Pagespeed
X-Sol
Display
Edge-Cache-Tag
X-Mg-S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-Client-IP
S
X-Powered-CMS
Response
X-Middleton-Response
X-Goog-Hash
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Fastly-Request-ID
X-ARC
RTSS
X-Cache-Key
X-RateLimit-Remaining
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-Ratelimit-Limit
X-T
X-Varnish-TTL
Realpath
X-Correlation-Id
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
X-Cached
MS-Author-Via
X-PDP-UNCACHING-HASH
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Ratelimit-Remaining
Content-MD5
X-TTL
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Ua-Browser
X-FTR-Cache-Status
X-Shield-Request-Id
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-Protected-By
X-Request-Processing-Time
Server-Node
Payment
X-Request-Received
Public-Key-Pins
X-Forwarded-Proto
X-HS-Combine-CSS
TP-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Arr-Disable-Session-Affinity
X-Frontend
X-LLID
MicrosoftSharePointTeamServices
X-Distributor
X-FTR-Expires
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
X-ORACLE-DMS-RID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ttl
X-Server-ID
Count-Hit
X-Origin-Server
X-GUploader-UploadID
X-LB-Cache
X-NODE
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-TEC-API-VERSION
X-Content-Security-Policy-Report-Only
X-TEC-API-ROOT
X-Origin-Cache-Key
X-TEC-API-ORIGIN
X-Activity-Id
X-PressLabs-Stats
X-AppVersion
X-Az
Host
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Www-Served-By
X-Cluster-Name
X-App-Server
X-Varnish-Backend
X-Varnish-Server
Retry-After
Cache-Tags
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Ua-Device
X-Hits
Cleartype
X-Newrelic-App-Data
X-Geo-Country
X-Hostname
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Goog-Metageneration
X-ORACLE-DMS-ECID
Referer-Policy
X-CSRF-Token
X-Upgrade-Enabled
X-DIS-Request-ID
TP-L2-Cache
X-Git-Hash
X-Seen-By
Access-Control-Allow-Method
X-Azure-Ref
TCN
X-Unique-Id
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Tt-Trace-Tag
Filterid
X-Tt-Trace-Host
X-F-Cache
X-Load-Cache
X-Proxy
X-Id
X-Revision
X-Amz-Apigw-Id
X-Amzn-RequestId
Section-Io-Cache
X-Trace-Id
Healthy
X-Request-Guid
X-Grace
X-B
X-Cache-Control
DC
X-Px
X-B3-Sampled
X-TT
X-Contextid
X-Type
Paypal-Debug-Id
X-Debug-Info
X-Page-Id
X-FB-Debug
X-Fb-Rlafr
X-Logged-In
X-N
X-Mobile
X-Debug
X-Oracle-Dms-Ecid
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-RateLimit-Limit
X-Whom
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
Fastly-SIE
X-XRDS-LOCATION
Fastly-SWR
X-Varnish-Ttl
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Charset
X-Oracle-Dms-Rid
X-Datadog-Trace-Id
X-Template
X-Content-Options
Version
X-Via-JSL
Content-Disposition
X-Cache-Grace
X-Varnish-Grace
X-Wix-Request-Id
X-Webkit-CSP
X-Magnolia-Registration
X-App-Environment
X-EdgeConnect-Cache-Status
X-Origin-Cache
X-Language
X-B-Cache
X-Rid
X-Signature
X-Node-Name
X-Time
X-B3-SpanId
SRV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-ProcessESI
X-RemovedCookies
X-Rule
X-Tumblr-Pixel
X-Debug-IsConnected
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Datadog-Sampled
X-Yottaa-Optimizations
X-RTag
X-UUID
Ms-Operation-Id
SD-X-WS
MS-CV
X-G
X-Amz-Replication-Status
X-Hl-Ver
GEO-INFO
X-Storage
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
X-Instance
ServerID
X-FW-Dynamic
X-FW-Version
X-Adobe-Loc
X-Adobe-Content
X-Backend-Name
NGB
X-Amzn-Remapped-Content-Length
X-Device-Type
X-NYM-Debug-Backend
X-Rendered-As
X-Proxy-Cache-Info
X-Is-Bot
X-Cacheable-TTL
Liferay-Portal
X-Cache-Hit
X-RateLimit-Reset
X-Status
X-L-Path
Country
X-Environment-Context
Countrycode
X-User-Agent
X-Region
Surrogate-Key
X-IPS-LoggedIn
X-Source
X-Real-IP
X-ServerID
X-URL
X-NWS-UUID-VERIFY
Akamai-GRN
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-Cache
X-Sucuri-ID
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
X-Cache-Age
Cross-Origin-Window-Policy
X-Servername
X-UA
X-VC-Cache
From-Origin
X-WebKit-CSP-Report-Only
X-RM-Cache-TTL
Front
X-Framework
Backend
X-Air-Pt
Upgrade-Insecure-Requests
X-INCAP-ABP
Refresh
X-Wormhole-Sdk
X-Mode
X-Air-Trace-Id
X-AB
X-Air-Hostname
X-Air-Source
X-Cache-Time
X-Content-Powered-By
X-DataDome
X-Xrds-Location
X-Handled-By
X-Akamai-Request-ID2
Xet-Cookie
X-Nginx-Cache
X-HTML-Minification-Powered-By
X-Edge-Location
Frame-Options
Url
X-Endurance-Cache-Level
Meta-Geo
X-SaId
Filters
X-Rn-Rsrv
X-Rewrite-Enabled
X-Xfnlog-Site
X-UPSTREAM-Address
X-SRV
X-Webstats-RespID
X-RCS-CacheZone
Selected-Fe
X-Timing-Wait
X-Origin-TTL
X-Origin-CC
X-Vcache
X-Proxy-Build
X-CDN-Forward
X-JoinUs
X-No-Session
X-Origin
ServedBy
WPO-Cache-Message
Access-Control-Request-Headers
WPO-Cache-Status
X-Origin-Date
Property-Id
X-PHP-Host
X-Provided-By
X-Drupal-Cache-Tags
X-Origin-Hint
X-Container-Uri
X-Cache-Operation
X-Cache-Rule
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Privacy
TWC-Locale-Group
Atl-Traceid
Webcakes-Region
Accept-Language
X-Logging-Id
Cache
Webserver
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
X-Cluster
X-Labrador-Cache-Channel
X-Served-From
X-Reqid
X-Tumblr-Pixel-2
X-Git-Commit
Cache-Hits
X-Site-Version
X-R9-Blue-Green-Version
Thinkindot-Control
X-Azure-Ref-OriginShield
X-Tb
X-Routing-Service
Thinkindot-CacheControl-Type
X-Cloudmap
X-Zipkin-Id
X-Accel-Version
Web-Mar-Node
X-Scope-Id
X-Locale
X-Adobe-Source
X-Akamai-Edgescape
X-Shield-Cache-Expires
X-IPLB-Request-ID
X-AWS-Id
X-Cache-Debug
Thinkindot-CacheControl
X-Extlb
X-LJ-Flow-ID
X-Varnish-Cache-Hits
X-Buckets
X-Drupal-Cache-Contexts
X-XRDS-Location
X-Web-Node
X-VCT
Section-Io-Id
X-VWS-Id
X-Proxied
X-Thinkindot-L3
X-Restarts
TDXMobile
X-IPLB-Instance
X-Hosted-By
X-Redis-Cache
X-CMSURLCustom
X-Cms-Context
X-Lambda-Id
Mn-Server-Ip
X-ProxyCache-Status
X-Geo-Region
X-S
X-ProxyCache-Key
X-Say-Cacheable
X-Say-TTL
X-Is-Supported-Browser
X-Fetched-On
X-Tcp-Rtt
X-Is-Desktop
X-Soup
X-Director
X-Tncms
X-Upstream-Ht
X-Varnish-Age
X-Httpd
X-Loop
X-Skip-Cache
X-Is-Tablet
X-Browser-Name
X-Frame-Option
X-Generation-Time
X-BYPASS-REASON
X-Upstream-Ct
X-Is-Mobile
X-Format
X-Forwarded-Host
X-SayCDN-TTL
Apigw-Requestid
X-ShopId
X-Shopify-Stage
X-GeoCountry
X-Sorting-Hat-ShopId
X-ShardId
X-Alternate-Cache-Key
X-Cache-Status-Check
X-Ms-Request-Id
X-Ms-Version
X-GeoCode
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Varnish-Beresp-Grace
Xserver
X-Detected-As
X-Cache-Host
X-Generated-By
X-Cdn-Origin
X-Optimistic-Header
X-VC
X-RID
X-Lagoon
X-Rocket-Nginx-Serving-Static
X-TA-CDN-Provider
X-Worker
X-Ratelimit-Reset
LB
Source
X-Vercel-Id
X-Vercel-Cache
Azure-SlotName
Azure-Version
X-Request-URI
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Node
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-Traceid
Fastcgi-Useragent
Protected
CDN-CachedAt
X-Pass-Why
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
CDN-Cache
X-Vcl-Version
CDN-RequestPullSuccess
CDN-Uid
Expiry
X-Connection-Hash
Cross-Origin-Embedder-Policy
X-App-Version
Onion-Location
X-GEO
X-Tumblr-Pixel-3
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Cache-Expired-At
Alternate-Protocol
X-ID
CDN-RequestId
X-Client-Ip
X-Cache-Server
X-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
DB-Nickname
X-PHP-Backend
AMP-Access-Control-Allow-Source-Origin
Priority
X-Jobs
Environment
X-Server-W
CF-IPCountry
X-Proxy-Cache-Status
Uber-Trace-Id
X-DC
X-Fastly-Request-Id
X-Cache-Action
Locale
X-Urbn-Site-Id
X-Cluster-Node
X-Urbn-Context-Path
X-LSADC-Cache
X-Fastcgi-Cache
Cdn-Requestid
User-Cache-Control
X-Tt-Logid
X-Tx-Id
X-MP-GENERATED-AT
X-Mg-Request-UUID
X-Ismobilevalue
Sid
DCR-Decision-By
X-Gzip
X-Device-Os
X-Dispatcher-Server
Content-Secure-Policy
X-Developer
Fusion-Content-Id
HostName
Fusion-Component-Id
X-D
X-Ec-Fail
Edge-Cache
DCR-Processing-Time-Ms
X-Epic-Correlation-Id
X-GeoIP-City
X-SRCache-Key
X-Thanos
X-Gen-Mode
X-Vdms-Path
X-Generated-On
X-Forwarded-Site
X-FB-TRIP-ID
X-Vdms-Version
Candidate-Md5Url
Cache-Tv-Group
Fusion-Content-Source
X-Esi-Check
X-Ec-GeoHdr
Fusion-Source
Sslversion
Surrogated-Key
T-Server
X-Aed
Server-Host
X-Bc-Bl
Rendered-Blocks
Req-ID
X-A-Wwc
X-A-Dgt
Vix-Hermes-Req-Id
Wxu-Next-Region
Wxu-Next-Hostname
X-A
X-A-Ccd
X-A-Dcw
X-A-Dam
X-BCube-Filmed-By
Origin-Agent-Cluster
X-Clientip
Lang
Magicmarker
X-Conf
X-Content-Age
X-Hnp-Log
Fusion-Template-Id
Gannett-Cam-Experience-Id
X-Cache-NE
MD5-Digest
X-Bl-Debug
X-Bip
Origin
X-Block-Status
Ngx.Var.Host
Meta-Geo-Continent
X-Cache-Id
Fusion-Deployment-Id
A
X-Op-Id-All
X-Org
X-Viewer-Country
X-VTEX-Cache-Server
X-Response-Served-From
X-Node-Id
X-Varnish-Hostname
X-ND-Cache
X-Varnish-Beresp-Ttl
X-VTEX-Cache-Time
X-Origin-Expires
X-Rojux
X-SB
X-ScT
X-TIM-N
X-Request-Start
X-Vtex-Remote-Cache
X-UA-Device-Type
X-Powered-By-VTEX-Cache
X-NCache
X-Original-Request-Id
Wxu-Next-Commit
X-Level-Front-Cache
X-Jungle-Id
X-Ig-Origin-Region
X-Uri
X-Origin-Response-Time
X-Zone
Server-Hostname
X-Var-Ttl
Host-ID
Server-Ext
X-Origin-Time
X-GeoIP-Region-Code
X-Cdn-Srv
X-RateLimit-Remaining-Second
Sever-Int
Ssr
Fastly-SSL
X-WA-Info
X-Varnishpool
X-GeoIP-Country-Code
X-Cache-TTL-Remaining
X-CUA
X-VG-WebCache
X-Core-Value
XM
PFcat
Origin-EX
Origin-CC
X-Proto
X-Pubstack
Release
X-Auth-Group-Type
X-Backend-Instance
Powered-By
X-HN
X-RateLimit-Limit-Second
X-Cache-Bucket
X-Cache-Info
Fastly-Backend-Name
X-PAYTM-SRV-ID
X-AK-Request-ID
X-Platform
X-App-Name
X-Policy
X-Amz-Storage-Class
X-V-Cache
X-Debug-Cache-Store
X-Gdpr
Cache-Provider
C-Via
X-Via-Fastly
X-Geo-Header
Cdn-Host
CDCHOST
X-Debug-Cache-Fetch
X-Fastly-Cache
X-Request-Time
X-Ig-Push-State
X-VarnishDD-TTL
X-Scheme
X-Mvc-Supplant-Cachable
X-Fmm-Version
AKAMAI
X-FC-Vary-Parameters
Cdn-Request-Time
Cdncip
Content-Style-Type
Content-Script-Type
X-HS-Content-Campaign-Id
Yak-Timeinfo
X-Req
DSUID
X-Nyt-Route
X-Region-Sid
X-Nginx-Cache-Key
X-SD-PageType
Cdnsip
X-Edge-Server
X-Loc
X-Service
X-Varnish-Director
X-Auto-Login
X-TT-LOGID
X-Wikidot-Backend
X-VG-TLSProxy
X-Request-Host
X-Ad-Load-Variation
X-SVT-ORM-RULES
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-Aicache-OS
X-We-Are-Hiring
X-Tb-Optimization-Total-Bytes-Saved
X-Contensis-Viewer-Groups
X-Location
X-Eu-Site
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-GeoIP
X-NMSegId
X-Fastly-Backend
X-Mvc-Supplant-OutputCached
X-Men
X-Test
X-Micro-Cache
X-Mly-Id
X-Section
X-Sn-Servicetimems
X-Varnish-Beresp-Status
X-Human
X-Cache-Aspx
X-Cache-Backend
X-Wikidot-Static-Cache
X-Pool
X-BBC-Edge-Cache-Status
X-Proxied-Request
X-GoCache-CacheStatus
X-CGP
X-Server-IP
X-Varnish-Authentication
X-Csrf-Jwt
X-SVT-ORM-VERSION
Odigeo-Trace-Id
X-B3-Trace-ID
Web-Mar-Region
Is-Eu
L
Ha-Gx-Prefs
Gh-Request-Id
Fastly-GeoIP-CountryCode
L5d-Success-Class
Machine
On-Server
Platform
WP-Super-Cache
NM-Fastcgi-Cache
Mail-Subject
X-LiteSpeed-Cache-Control
Country-Code
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Adler-Geo
X-ECache
We-Hiring
Apple-News-Services-Request-Url
Click-Count-Error
Cluster
Click-Count-Action-Start
Canary
Cache-Key
Pramga
HA-Ipaddr
V-Age
Tube-Return
RNT-Machine
Redirect-Candidate
Req-Svc-Chain
Tube-Got-Eval
Tube-Got-Results
Producers
Tube-Get-Contents
True-Client-Country-4JS
W
RNT-Time
X-Date
X-Slack-Backend
X-ApacheServer
X-From
Esi-Enabled
X-Up
X-CacheTTL
Proxy-Firewall
X-Custom-Header
X-NodeID
X-Accel-Expires-Debug
NGX
X-PERF
X-Render-Time
X-Slack-Shared-Secret-Outcome
X-AIR-PT
X-Newrelic-Synthetics
SID
Debug
X-Varnish-Hits
X-NGINX-Cache
X-Hash
X-LB-ID
X-CACHE-AGE
Fastly-Drupal-HTML
X-Nananana
X-COUNTRY
X-Varnish-CookieINHashed-On
X-Dc
X-DefElseHash
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-TIME
Mime-Version
X-Pad
X-HITS
X-Via-Poph
X-Via-Popn
X-Cs
CloudFront-Viewer-Country
X-HA-Backend
X-Depends
Datacenter
X-CACHE-GROUP
X-Via-Popv
Pics-Label
X-Nf-Request-Id
X-Refresh
Locid
X-Servedbyhost
X-Akamai-Transformed
X-VHOST
X-VC-TTL
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-Cache-FS-Status
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Parent-Response-Time
X-M-Log
X-LB-NoCache
X-M-Reqid
X-Datadome
X-CS
X-Old-Content-Length
X-LiteSpeed-Tag
X-B3-Parentspanid
Ngx-Var-Key
X-Cached-By
X-Litespeed-Tag
Server-ID
Resin-Trace
Server-Info
Cdn
X-CDN-Cache-Status
X-Moov-Xdn-Version
X-Moov-T
X-TH-Server
BehaviorPad-Version
X-Wa
X-Nc
Cf-Ipcountry
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
X-Vc
Cross-Origin-Embedder-Policy-Report-Only
GeoIp-Country-Code
X-APP
X-Presslabs-Stats
X-Fpc
NtCoent-Length
X-Vgn-Hpd-Reason
X-VCache
X-IAuth-Set-Uid
X-S-Cookie
X-NewRelic-App-Data
X-Destination
X-External-Request-Id
X-ZONE
X-User
Cf-Device-Type
X-Content-Length
X-Application
X-B-Cookie
FSS-Cache
X-CACHE-KEY
Serverhost
X-Esi
True-Client-IP
X-Zen-Fury
Uri
X-Dynatrace-Js-Agent
CDN
X-HostName
X-TX-ID
X-Instance-Name
X-Sigma
X-Sigma-Backend
X-Varnish-Beresp-TTL
X-Srv
X-Rocket-Build-Number
True-Client-Ip
X-Cache-Date
Load-Balancing
Vc-Max-Age
X-VServer
X-Aspnet-Duration-Ms
Tcn
X-API-Version
S-Rt
X-Flags
X-Dispatcher-Number
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
Hostname
X-DynaTrace
X-Oracle-DMS-ECID
Srv
X-Branch-Name
X-RequestId
X-Segment-20210421
GeoIP-Country-Code
X-HOST
Request-ID
X-WA
X-FPC
X-Cdn-Cache-Status
X-NC
Product
X-Dispatch
Ohc-File-Size
X-Page-View
X-Cdn-Forward
X-DataCenter
X-APP-VERSION
X-B3-Spanid
X-FL-QIT-DEBUG
Geoip-Latitude
X-Ckpd-Fst-Backend
Server-Id
Type
X-Webkit-Csp-Report-Only
ServerName
Srvid
X-Geo
X-Bug-Bounty
X-Lb-Nocache
X-Sql-Duration-Ms
X-Irp-Debug
X-Sql-Count
X-SERVER-NAME
X-Http-Reason
DataCenter
X-ServedByHost
Cl-Cache
CacheControlHeader
X-VCL-Version
Cloudfront-Viewer-Country
X-Owner
Origin-Trial
IsBot
Edge-Copy-Time
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-SIPLIST1
Epwk-X-Cache
Ohc-Cache-HIT
WZWS-RAY
X-Cache-Ttl
X-Ua
X-Via-PopV
MIME-Version
X-Via-PopN
X-Proxy-CacheRZ
X-App
X-Core-Mission
X-Ha-Backend
Cross-Origin-Opener-Policy-Report-Only
X-Correlation-ID
X-Via-PopH
XkeyRZ
PICS-Label
X-HubSpot-Correlation-Id
X-Nf-Country
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Nf-Ats-Version
Rtss
X-Nf-Language
X-Hit
X-CSRF-TOKEN
X-MSEdge-Flight
X-Limited
X-Vmg-Version
X-Akamai-Device-Characteristics
User-Agent
X-MSEdge-Features
Cneonction
ServerHost
X-Qloud-Router
X-Lb-Id
X-MiniProfiler-Ids
N-Cache
Lb
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
X-Datacenter
Sm-Log-Id
X-Sqd-Stime
X-Fastly-Country-Code
X-Service-Response-Time
X-Sqd-Ctime
Warning
Cmstype
X-Gamma-Serve
CountryCode
X-Info
Cmsid
X-Web-Server
X-Acquia-Application-Trace
X-Amz-Meta-Opti
X-LAGOON
X-Litespeed-Cache-Control
Servername
Xkeylog
X-Dw-Trace-Id
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Xkey-La3
X-Ramcache
X-Snapshot-Date
X-Th-Server
X-Serial
X-Check-Cacheable
Ngx
X-RAMCache
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-Requestid
X-Proxy-Cache-La3
X-Akamai-Pragma-Client-IP
X-Udemy-Cache-App-Namespace