Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
Access-Control-Max-Age
CF-Ray
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
X-Rq
Permissions-Policy
X-Age
X-Vhost
X-Amz-Version-Id
Allow
X-Dispatcher
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
P3p
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-WebKit-CSP
X-Host
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
Content-Location
X-Application-Context
X-Litespeed-Cache
X-Node
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Ruxit-JS-Agent
X-CST
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Oneagent-Js-Injection
X-Url
X-Clacks-Overhead
Cache-Tag
X-Trace
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-Vname
X-FTR-Request-ID
X-TtlSet
X-PC
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Webkit-Csp
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-Upstream
Edge-Control
X-MS-InvokeApp
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
X-Ac
Verso
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-FastCGI-Cache
X-Aws-Lambda-Call-Status
X-Ser
X-Ruxit-Js-Agent
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-Navigation-Version
X-Cache-TTL
X-Abt-Application-Version
X-Mod-Pagespeed
AR-CACHE
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-NF-Request-ID
Fastly-Restarts
X-Amz-Rid
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Client-IP
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
S
X-Edge-Location-Klb
X-Powered-CMS
X-RateLimit-Remaining
X-Middleton-Response
Response
X-Amzn-Trace-Id
Cache-Status
X-Cache-Key
X-Goog-Hash
Access-Control-Request-Method
X-VARITI-CCR
X-Version
X-Fastly-Request-ID
X-ARC
RTSS
X-Content-Digest
X-Forwarded-For
X-TraceId
Cross-Origin-Resource-Policy
X-Recruiting
X-T
Realpath
X-MSEdge-Ref
X-Varnish-TTL
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Ttl
Front-End-Https
MS-Author-Via
X-Correlation-Id
Fastcgi-Cache
X-Cached
X-Ratelimit-Limit
Content-MD5
X-PDP-UNCACHING-HASH
X-HS-Cache-Config
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
Payment
Server-Node
X-Protected-By
X-Shield-Request-Id
Public-Key-Pins
X-Request-Received
X-Request-Processing-Time
X-Country-Code-Real
X-FTR-Balancer
X-Forwarded-Proto
X-FTR-Backend
Arr-Disable-Session-Affinity
X-FTR-Backend-Server
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
TP-Cache
X-Frontend
X-LLID
X-HS-Combine-CSS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Distributor
X-Accel-Expires
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-FTR-Expires
X-Kong-Proxy-Latency
X-Origin-Cache-Key
X-Kong-Upstream-Latency
Count-Hit
X-Server-ID
X-GUploader-UploadID
X-Origin-Server
X-LB-Cache
X-ORACLE-DMS-RID
X-NODE
X-Ezoic-Cdn
X-Ratelimit-Remaining
X-Hits
X-TTL
X-Microsite
X-Request-Handler-Origin-Region
X-Content-Security-Policy-Report-Only
X-Activity-Id
X-AppVersion
X-Az
Host
X-PressLabs-Stats
X-Cluster-Name
X-B3-TraceId-Primal
X-Www-Served-By
X-Varnish-Backend
Mrf-Cache-Status
MRF-Tech
X-Varnish-Server
X-App-Server
Cache-Tags
Retry-After
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ua-Device
X-TEC-API-ORIGIN
Server-Name
X-Hostname
X-Geo-Country
Cleartype
X-NGENIX-Cache
X-Id
X-Envoy-Decorator-Operation
X-Newrelic-App-Data
X-Goog-Metageneration
Referer-Policy
X-DIS-Request-ID
X-Upgrade-Enabled
TP-L2-Cache
X-RateLimit-Limit
Access-Control-Allow-Method
X-CSRF-Token
X-Seen-By
TCN
X-Git-Hash
X-Azure-Ref
X-ORACLE-DMS-ECID
X-F-Cache
X-Load-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hcs-Proxy-Type
X-Tt-Trace-Tag
X-Unique-Id
X-Tt-Trace-Host
X-Proxy
Filterid
X-Oracle-Dms-Ecid
X-Grace
Healthy
X-Revision
Section-Io-Cache
X-Px
X-Trace-Id
Paypal-Debug-Id
X-B
DC
X-B3-Sampled
X-Cache-Control
X-FB-Debug
X-TT
X-Request-Guid
X-Fb-Rlafr
X-Type
X-Debug-Info
X-Contextid
X-Logged-In
X-Page-Id
X-N
X-Mobile
X-XRDS-LOCATION
X-Varnish-Ttl
X-Oracle-Dms-Rid
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-Debug
X-WP-CF-Super-Cache
X-Whom
X-Language
X-Template
Fastly-SWR
X-Goog-Stored-Content-Length
Charset
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Fastly-SIE
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
X-Cache-Grace
Version
Content-Disposition
X-Time
X-Via-JSL
X-Magnolia-Registration
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-App-Environment
X-Webkit-CSP
X-Signature
X-B-Cache
X-Varnish-Grace
X-Rid
X-RateLimit-Reset
X-Node-Name
X-Origin-Cache
VIX-Pulpo-Node
SRV
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-ProcessESI
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Debug-IsPreview
X-Yottaa-Optimizations
X-Rule
X-Debug-IsConnected
X-Datadog-Sampled
X-Amz-Replication-Status
X-Amzn-Remapped-Content-Length
MS-CV
Ms-Operation-Id
X-G
X-RTag
X-Hl-Ver
X-UUID
X-Proxy-Cache-Info
X-Device-Type
X-FW-Version
ServerID
X-Backend-Name
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Server
X-Storage
X-FW-Dynamic
X-Adobe-Loc
X-Adobe-Content
X-NYM-Debug-Backend
NGB
X-B3-SpanId
X-Instance
Country
SD-X-WS
GEO-INFO
X-User-Agent
Liferay-Portal
X-Status
X-L-Path
X-Cacheable-TTL
X-Environment-Context
X-Region
X-IPS-LoggedIn
X-Rendered-As
X-Cache-Hit
X-Is-Bot
X-Cache-Age
X-Source
Countrycode
X-Real-IP
X-ServerID
Surrogate-Key
X-NWS-UUID-VERIFY
Akamai-GRN
X-Servername
OT-Force-Account-Verify
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
Cross-Origin-Window-Policy
X-VC-Cache
From-Origin
X-WebKit-CSP-Report-Only
X-UA
Amp-Access-Control-Allow-Source-Origin
X-RM-Cache-TTL
Upgrade-Insecure-Requests
Backend
X-Framework
X-Air-Pt
X-INCAP-ABP
Front
X-Mode
Refresh
X-AB
X-Content-Powered-By
X-Air-Hostname
Frame-Options
X-Air-Source
X-Cache-Time
X-Air-Trace-Id
X-HTML-Minification-Powered-By
X-Xrds-Location
Xet-Cookie
X-Akamai-Request-ID2
X-Nginx-Cache
X-Wormhole-Sdk
X-Buckets
X-Handled-By
X-Edge-Location
X-DataDome
Url
X-B3-Traceid
Webserver
X-Endurance-Cache-Level
X-Webstats-RespID
X-Xfnlog-Site
X-Timing-Wait
Meta-Geo
X-Cluster
X-UPSTREAM-Address
X-No-Session
Filters
X-SaId
X-Rn-Rsrv
X-Rewrite-Enabled
X-RCS-CacheZone
X-Reqid
X-JoinUs
Access-Control-Request-Headers
Selected-Fe
X-Proxy-Build
X-Origin-Date
X-VWS-Id
X-Tumblr-Pixel-2
X-Azure-Ref-OriginShield
WPO-Cache-Message
Atl-Traceid
X-Labrador-Cache-Channel
X-AWS-Id
X-Logging-Id
X-Git-Commit
X-Cache-Rule
X-Akamai-Edgescape
X-VCT
X-Cache-Operation
WPO-Cache-Status
X-LJ-Flow-ID
Webcakes-Region
X-Container-Uri
X-Served-From
X-Origin-Hint
TWC-Device-Class
TWC-GeoIP-Country
Property-Id
Webcakes-App-Version
TWC-Connection-Speed
X-Origin-CC
X-Origin-TTL
X-Origin
Webcakes-App-Name
X-PHP-Host
X-Provided-By
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
ServedBy
X-Drupal-Cache-Tags
Thinkindot-Control
Section-Io-Id
X-Extlb
X-Httpd
X-Fetched-On
X-Hosted-By
X-Generation-Time
X-Drupal-Cache-Contexts
X-CMSURLCustom
Thinkindot-CacheControl
TDXMobile
Mn-Server-Ip
X-Cloudmap
Thinkindot-CacheControl-Type
X-Locale
X-Tb
X-Ms-Request-Id
X-BYPASS-REASON
X-Thinkindot-L3
X-Scope-Id
X-Shield-Cache-Expires
X-Ms-Version
X-Web-Node
X-Site-Version
X-Accel-Version
X-Routing-Service
X-CDN-Forward
X-ProxyCache-Key
X-Varnish-Cache-Hits
X-Redis-Cache
X-VC
X-Restarts
X-Proxied
X-Cache-Status-Check
X-Zipkin-Id
Web-Mar-Node
X-ProxyCache-Status
X-Forwarded-Host
X-Frame-Option
X-Skip-Cache
X-Format
X-Say-TTL
X-S
X-Vcache
X-Say-Cacheable
X-Upstream-Ct
X-SayCDN-TTL
X-Cms-Context
X-Geo-Region
X-Is-Mobile
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Desktop
X-Browser-Name
Cache
X-Cache-Debug
X-Varnish-Age
X-Upstream-Ht
X-Is-Tablet
Apigw-Requestid
X-Lambda-Id
X-Adobe-Source
X-Cdn-Origin
X-ShardId
X-Cache-Host
X-Tncms
X-Loop
X-ShopId
Xserver
Accept-Language
Cache-Hits
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-GeoCountry
X-SRV
X-Soup
X-Director
X-Shopify-Stage
X-GeoCode
X-Storefront-Renderer-Rendered
X-IPLB-Instance
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-IPLB-Request-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Worker
X-Generated-By
X-RID
X-Rocket-Nginx-Serving-Static
X-Optimistic-Header
X-Detected-As
X-Lagoon
X-Vercel-Cache
X-Vercel-Id
Source
Azure-Version
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-XRDS-Location
Node
X-Tec-Api-Root
X-Tec-Api-Origin
X-Request-URI
X-Tec-Api-Version
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
CDN-Cache
CDN-RequestPullCode
X-App-Version
X-WP-CF-Super-Cache-Cookies-Bypass
CDN-CachedAt
CDN-Uid
Fastcgi-Useragent
CDN-RequestPullSuccess
Protected
X-Vcl-Version
X-Pass-Why
Cross-Origin-Embedder-Policy
LB
CDN-RequestId
X-URL
AMP-Access-Control-Allow-Source-Origin
X-Tumblr-Pixel-3
Expiry
X-Connection-Hash
Onion-Location
X-Cache-Server
X-GEO
X-Ratelimit-Reset
Alternate-Protocol
X-Cache-Expired-At
X-Jobs
DB-Nickname
Priority
X-Server-W
X-TA-CDN-Provider
CF-IPCountry
X-Api-Version
Environment
X-PHP-Backend
Sid
Uber-Trace-Id
X-Proxy-Cache-Status
X-Fastly-Request-Id
X-Cluster-Node
X-LSADC-Cache
User-Cache-Control
X-Fastcgi-Cache
X-Uri
X-Cache-Action
X-Response-Served-From
X-Original-Request-Id
X-MP-GENERATED-AT
Locale
X-Mg-Request-UUID
X-Urbn-Site-Id
X-Urbn-Context-Path
X-DC
HostName
X-FB-TRIP-ID
X-TT-LOGID
X-Epic-Correlation-Id
Content-Secure-Policy
X-Esi-Check
X-Ig-Origin-Region
X-Level-Front-Cache
X-A-Ccd
X-Ec-GeoHdr
X-Ec-Fail
X-Gen-Mode
A
X-GeoIP-City
X-Gzip
X-Dispatcher-Server
X-Generated-On
X-Hnp-Log
Candidate-Md5Url
Cache-Tv-Group
X-Forwarded-Site
X-FC-Vary-Parameters
X-Clientip
X-Bc-Bl
Server-Host
Sslversion
Surrogated-Key
X-BCube-Filmed-By
Req-ID
X-Block-Status
X-Bl-Debug
X-Bip
Rendered-Blocks
T-Server
X-Aed
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-A
X-A-Dam
Vix-Hermes-Req-Id
X-A-Wwc
X-A-Dgt
X-A-Dcw
Origin-Agent-Cluster
Origin
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-D
Edge-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
X-Developer
Fusion-Source
Fusion-Template-Id
Meta-Geo-Continent
X-Cache-NE
Ngx.Var.Host
X-Cache-Id
MD5-Digest
Magicmarker
Gannett-Cam-Experience-Id
X-Conf
Lang
X-Device-Os
X-Jungle-Id
X-Rojux
X-SB
X-ScT
X-Thanos
X-Request-Start
X-Tx-Id
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-TIM-N
Cdn-Requestid
X-VTEX-Cache-Server
X-Tt-Logid
X-VTEX-Cache-Time
X-Vtex-Remote-Cache
X-Viewer-Country
X-Vdms-Version
X-UA-Device-Type
X-Varnish-Hostname
X-Vdms-Path
X-Nf-Request-Id
X-SRCache-Key
X-Op-Id-All
X-Origin-Expires
X-ND-Cache
X-Node-Id
X-NCache
X-Mvc-Supplant-Cachable
X-Varnish-Beresp-Ttl
X-Org
X-Origin-Response-Time
WP-Super-Cache
X-Cache-Info
X-VarnishDD-TTL
X-Var-Ttl
X-Cdn-Srv
Mail-Subject
NM-Fastcgi-Cache
X-Cache-TTL-Remaining
X-Varnish-Director
X-CGP
HA-Ipaddr
Ha-Gx-Prefs
X-Content-Age
X-Core-Value
X-PAYTM-SRV-ID
X-Nginx-Cache-Key
X-Varnishpool
X-V-Cache
L5d-Success-Class
X-LiteSpeed-Cache-Control
PFcat
X-Amz-Storage-Class
X-WA-Info
Ssr
X-App-Name
XM
Yak-Timeinfo
X-Pubstack
X-Policy
We-Hiring
W
X-Auth-Group-Type
X-Auto-Login
Powered-By
X-Cache-Bucket
X-Test
Origin-EX
X-Mvc-Supplant-OutputCached
X-VG-WebCache
X-Loc
X-Via-Fastly
Release
Origin-CC
Host-ID
CDCHOST
X-Region-Sid
Canary
Cache-Provider
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Req
X-Eu-Site
X-Fastly-Cache
X-Fmm-Version
C-Via
X-GeoIP
X-Client-Ip
X-Origin-Time
X-Service
X-HN
X-Geo-Header
X-RateLimit-Limit-Second
X-Gdpr
AKAMAI
X-Nyt-Route
X-RateLimit-Remaining-Second
X-NMSegId
DSUID
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Csrf-Jwt
X-Scheme
X-Request-Time
Fastly-Backend-Name
X-Wikidot-Backend
X-ApacheServer
X-Ad-Load-Variation
X-Aicache-OS
X-We-Are-Hiring
X-Acquia-Purge-Cdn-Unconfigured
X-Micro-Cache
X-GeoIP-Country-Code
X-CUA
X-GeoIP-Region-Code
X-SVT-ORM-VERSION
X-GoCache-CacheStatus
X-Varnish-Beresp-Status
X-SVT-ORM-RULES
X-Ig-Push-State
X-PERF
X-Tb-Optimization-Total-Bytes-Saved
X-Wikidot-Static-Cache
X-Human
X-Pool
Gh-Request-Id
X-Access
X-B3-Trace-ID
X-SD-PageType
X-Section
X-Cache-Backend
X-Mly-Id
X-Render-Time
X-HS-Content-Campaign-Id
X-Varnish-Authentication
X-Request-Host
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-CacheTTL
X-Proxied-Request
X-Sn-Servicetimems
X-Location
X-VG-TLSProxy
X-Server-IP
X-From
X-Men
X-AK-Request-ID
Redirect-Candidate
Click-Count-Error
Producers
Cluster
Req-Svc-Chain
Click-Count-Action-Start
Cdnsip
RNT-Time
RNT-Machine
Content-Script-Type
Platform
Fastly-SSL
Is-Eu
L
Fastly-GeoIP-CountryCode
Esi-Enabled
Content-Style-Type
Country-Code
On-Server
Cdncip
Cache-Key
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
X-Zone
Tube-Return
X-ID
V-Age
Web-Mar-Region
X-Ismobilevalue
X-ECache
Adler-Geo
Apple-News-Services-Request-Url
Server-Hostname
Server-Ext
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
True-Client-Country-4JS
Sever-Int
Machine
X-Newrelic-Synthetics
Pramga
Odigeo-Trace-Id
X-Date
Proxy-Firewall
X-Dc
X-Hash
X-Up
X-Accel-Expires-Debug
NGX
X-Ec-Custom-Error
X-AIR-PT
X-Varnish-Hits
X-NodeID
X-NGINX-Cache
Debug
X-Custom-Header
X-LB-ID
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Cs
Datacenter
Fastly-Drupal-HTML
X-COUNTRY
X-Nananana
SID
X-Pad
X-HA-Backend
X-Via-Poph
X-Refresh
X-CACHE-GROUP
X-Via-Popv
X-Varnish-CookieHashed-On
X-DefElseHash
X-Via-Popn
Locid
Pics-Label
CloudFront-Viewer-Country
X-DefHash
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Mime-Version
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
X-Depends
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Akamai-Transformed
X-Datadome
X-LiteSpeed-Tag
X-CACHE-AGE
GeoIP-Latitude
X-VC-TTL
X-VHOST
X-TIME
X-Cache-FS-Status
X-M-Log
X-M-Reqid
X-LB-NoCache
X-Cached-By
Ngx-Var-Key
X-Old-Content-Length
X-Parent-Response-Time
X-B3-Parentspanid
X-Moov-T
X-CDN-Cache-Status
X-Moov-Xdn-Version
X-CS
X-TH-Server
Server-ID
X-DynaTrace-JS-Agent
Cross-Origin-Embedder-Policy-Report-Only
Cdn
Server-Info
X-Wa
X-Nc
Resin-Trace
X-VCache
Fastly-Drupal-Html
Cf-Ipcountry
GeoIp-Country-Code
NtCoent-Length
BehaviorPad-Version
X-Litespeed-Tag
X-Presslabs-Stats
X-ZONE
X-External-Request-Id
X-Application
X-User
X-Fpc
X-S-Cookie
X-B-Cookie
Cf-Device-Type
X-HITS
X-Vgn-Hpd-Reason
X-Destination
X-IAuth-Set-Uid
X-Zen-Fury
X-TX-ID
X-Vc
X-Srv
X-NewRelic-App-Data
FSS-Cache
Uri
X-APP
X-Route-Name
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Content-Length
X-Sigma
X-Sigma-Backend
True-Client-Ip
X-Instance-Name
True-Client-IP
X-Esi
X-Cache-Date
X-Rocket-Build-Number
X-HostName
CDN
X-VServer
X-DynaTrace
Serverhost
X-API-Version
X-Dynatrace-Js-Agent
X-Varnish-Beresp-TTL
X-Segment-20210421
X-Branch-Name
S-Rt
Tcn
GeoIP-Country-Code
Load-Balancing
X-Oracle-DMS-ECID
X-Page-View
Srv
Hostname
X-B3-Spanid
X-HOST
X-Cdn-Forward
Request-ID
Ohc-File-Size
Vc-Max-Age
X-RequestId
X-DataCenter
X-Dispatcher-Number
X-NC
Product
X-Dispatch
X-WA
X-FPC
X-Cdn-Cache-Status
Type
X-APP-VERSION
X-Http-Reason
X-Sql-Duration-Ms
ServerName
X-Sql-Count
X-Webkit-Csp-Report-Only
Server-Id
X-Geo
Geoip-Latitude
X-Correlation-ID
X-FL-QIT-DEBUG
Srvid
X-Irp-Debug
X-Ckpd-Fst-Backend
Cl-Cache
X-Lb-Nocache
X-Bug-Bounty
X-Via-CDN
WZWS-RAY
CacheControlHeader
X-Via-Edge
Edge-Copy-Time
X-CSRF-TOKEN
X-Owner
DataCenter
X-SIPLIST1
X-ServedByHost
IsBot
X-Via-SSL
X-VCL-Version
XkeyRZ
X-Proxy-CacheRZ
MIME-Version
Ohc-Cache-HIT
Cloudfront-Viewer-Country
Epwk-X-Cache
Cross-Origin-Opener-Policy-Report-Only
Origin-Trial
X-Core-Mission
X-CACHE-KEY
X-Cache-Ttl
X-Hit
X-App
N-Cache
PICS-Label
X-Via-PopH
X-Ua
X-Qloud-Router
X-Ha-Backend
X-Via-PopN
X-Via-PopV
CountryCode
X-Srcache-Fetch-Status
Lb
Rtss
X-Srcache-Store-Status
X-Amz-Meta-Opti
X-MiniProfiler-Ids
ServerHost
X-MSEdge-Flight
X-Fastly-Country-Code
X-MSEdge-Features
X-Lb-Id
X-Acquia-Application-UUID
X-Sqd-Ctime
X-Akamai-Device-Characteristics
X-Acquia-Site
X-Acquia-Application-Trace
X-Limited
X-Service-Response-Time
Sm-Log-Id
Warning
X-Vmg-Version
X-Acquia-Purge-Tags
X-Datacenter
X-Sqd-Stime
X-Web-Server
Cneonction
User-Agent
X-Litespeed-Cache-Control
X-LAGOON
X-Iplb-Request-Id
X-Iplb-Instance
X-IN-APIGATEWAYSSL
X-Amz-Meta-S3b-Last-Modified
X-Gamma-Serve
X-Udemy-Cache-App-Namespace
X-Shop-Environment
X-Amz-Meta-Sha256
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Ramcache
Xkey-La3
X-Proxy-Cache-La3
X-Cdn-Request-ID
X-Requestid
Xkeylog
Expect-Staple
X-Cache-Type
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Akamai-Pragma-Client-IP
X-RAMCache
Ngx
X-Forwarded-Path
Akamai-Cache-Status
X-Snapshot-Date
X-Orig-Expires
X-Check-Cacheable
X-Serial
X-Th-Server
X-Tenant