Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-Runtime
Accept-CH
X-AspNet-Version
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Device
EagleEye-TraceId
X-WebKit-CSP
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
Accept-Ch-Lifetime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
Accept-Ch
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Country
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Mcache
X-Edge
X-Midtier
X-Server-Name
X-Browser-Type
Nginx-Cache
X-CST
X-Powered-By-Plesk
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Cnection
X-ESI
X-Cache-TTL
X-GitHub-Request-Id
X-Ac
X-D2id
Edge-Control
X-Element-Page-Cache
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
Verso
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Cdn-Fetch
X-Webkit-Csp
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Upstream
X-FastCGI-Cache
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-ECACHE
X-B3-TraceId
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Client-IP
X-NF-Request-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Ratelimit-Limit
X-PDP-UNCACHING-HASH
X-ARC
X-Mg-S
X-Powered-CMS
Edge-Cache-Tag
S
Display
X-Sol
Pagespeed
X-Middleton-Display
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Middleton-Response
Response
RTSS
X-TraceId
X-Ratelimit-Remaining
Realpath
X-Forwarded-For
X-Content-Digest
X-T
X-Varnish-TTL
X-Cache-Key
Cross-Origin-Resource-Policy
X-Correlation-Id
X-Recruiting
X-Fastly-Request-ID
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-TTL
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
MicrosoftSharePointTeamServices
Content-MD5
X-RateLimit-Remaining
X-Ua-Browser
X-HS-Content-Id
MS-Author-Via
X-HS-Hub-Id
X-HS-Cache-Config
X-Request-Received
X-Country-Code-Real
X-Protected-By
X-Forwarded-Proto
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Request-Processing-Time
X-FTR-Backend-Server
Payment
X-LLID
TP-Cache
Server-Node
X-Frontend
X-PressLabs-Stats
Public-Key-Pins
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ruxit-Js-Agent
Count-Hit
X-HS-Combine-CSS
X-FTR-Expires
X-Accel-Expires
X-GUploader-UploadID
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LB-Cache
X-Origin-Server
X-Server-ID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-NODE
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-ORACLE-DMS-ECID
X-Varnish-Server
X-Ttl
X-AppVersion
X-Az
X-Activity-Id
MRF-Tech
X-B3-TraceId-Primal
X-Cluster-Name
Accept-Charset
Mrf-Cache-Status
Host
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-App-Server
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cache-Tags
Cleartype
X-Newrelic-App-Data
X-Ua-Device
X-Goog-Metageneration
Server-Name
Filterid
X-Unique-Id
X-Git-Hash
Access-Control-Allow-Method
X-Envoy-Decorator-Operation
X-Hits
Surrogate-Key
X-Debug
X-Upgrade-Enabled
X-Id
X-NGENIX-Cache
X-Load-Cache
X-Azure-Ref
X-Hostname
X-Geo-Country
X-Logged-In
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-CSRF-Token
TCN
TP-L2-Cache
X-FB-Debug
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B
X-Seen-By
X-TT
Section-Io-Cache
X-Grace
X-B3-Sampled
X-Hcs-Proxy-Type
DC
X-CCDN-Origin-Time
X-Revision
X-Cache-Control
X-Trace-Id
X-CCDN-CacheTTL
X-Request-Guid
X-Aws-Lambda-Call-Status
X-F-Cache
X-Contextid
Healthy
Referer-Policy
X-Type
X-Fb-Rlafr
Viewport
X-Time
X-Mobile
X-N
X-XRDS-LOCATION
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-DIS-Request-ID
Fastly-SWR
Fastly-SIE
Paypal-Debug-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Content-Disposition
X-Page-Id
X-Debug-Info
X-Px
X-Varnish-Grace
X-Via-JSL
X-Origin-Cache
X-Magnolia-Registration
Version
X-Webkit-CSP
X-Whom
X-Amz-Replication-Status
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Content-Options
Charset
X-ProcessESI
X-G
X-Template
X-UUID
X-RemovedCookies
X-Debug-IsConnected
X-Adobe-Content
X-Adobe-Loc
X-App-Environment
X-Oracle-Dms-Ecid
X-Debug-IsPreview
X-Node-Name
Ms-Operation-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Rule
MS-CV
X-Wix-Request-Id
X-RTag
X-Tumblr-Pixel-1
NGB
SD-X-WS
VIX-Pulpo-Node
X-Hl-Ver
X-Source
X-Storage
X-Ratelimit-Reset
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Datadog-Sampled
VIX-Pulpo-Upstream-Status
X-Environment-Context
X-L-Path
X-Is-Bot
X-Instance
X-FW-Version
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-User-Agent
X-Signature
X-Rendered-As
X-Region
X-FW-Static
X-FW-Type
X-Backend-Name
X-B-Cache
X-Varnish-Ttl
X-Cacheable-TTL
X-Device-Type
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Cache-Grace
GEO-INFO
X-Wormhole-Sdk
X-ServerID
Country
ServerID
Cross-Origin-Window-Policy
X-Status
X-Real-IP
Countrycode
X-IPS-LoggedIn
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
X-Cache-Hit
X-Cache-Age
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
X-Amzn-Remapped-Content-Length
Liferay-Portal
Amp-Access-Control-Allow-Source-Origin
SRV
Front
X-Rid
X-Language
X-Framework
X-Sucuri-Cache
X-Air-Pt
X-Sucuri-ID
OT-Force-Account-Verify
X-AB
X-Xrds-Location
X-ECache
X-WebKit-CSP-Report-Only
X-B3-SpanId
X-Servername
X-Oracle-Dms-Rid
X-UA
X-Content-Powered-By
Xet-Cookie
X-Akamai-Request-ID2
X-VC
From-Origin
X-Ismobilevalue
X-VC-Cache
X-Mode
X-Air-Hostname
Backend
X-Air-Trace-Id
X-Air-Source
X-Fastly-Request-Id
X-RID
X-DataDome
Upgrade-Insecure-Requests
X-Cache-Time
Refresh
X-Handled-By
X-URL
Webserver
X-Cache-Status-Check
X-SRV
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
Accept-Language
X-Api-Version
X-Rn-Rsrv
Cache
X-RCS-CacheZone
Filters
LB
X-Xfnlog-Site
Meta-Geo
X-JoinUs
X-Rewrite-Enabled
X-UPSTREAM-Address
X-SaId
X-Tumblr-Pixel-2
X-No-Session
X-PHP-Host
X-Origin-Hint
X-Cache-Rule
X-Cache-Operation
X-Labrador-Cache-Channel
X-Adobe-Source
X-Proxied
X-R9-Blue-Green-Version
X-Endurance-Cache-Level
X-Lambda-Id
Webcakes-Region
X-Origin-Date
Webcakes-App-Version
X-Provided-By
X-LJ-Flow-ID
X-AWS-Id
TWC-Privacy
X-Cloudmap
X-VWS-Id
TWC-Device-Class
X-Varnish-Age
X-Cluster
Webcakes-App-Name
X-S
X-Routing-Service
X-Git-Commit
X-Container-Uri
X-Cms-Context
TWC-Locale-Group
X-INCAP-ABP
X-Extlb
ServedBy
TWC-Connection-Speed
X-Generated-By
X-Webstats-RespID
TWC-GeoIP-LatLong
X-Zipkin-Id
Property-Id
TWC-GeoIP-Country
X-Reqid
X-Tt-Logid
X-Is-Tablet
X-Edge-Location
X-Ms-Version
X-Geo-Region
Section-Io-Id
X-Loop
X-Locale
X-Served-From
X-Scope-Id
Mn-Server-Ip
X-Site-Version
X-Web-Node
X-Is-Mobile
X-Ms-Request-Id
X-Cache-Debug
Atl-Traceid
X-Tb
X-Hosted-By
X-Accel-Version
X-Tncms
X-Logging-Id
X-Fetched-On
X-Redis-Cache
X-Browser-Name
X-BYPASS-REASON
X-Httpd
X-Tcp-Rtt
Apigw-Requestid
X-Is-Supported-Browser
X-Restarts
X-Akamai-Edgescape
Web-Mar-Node
X-Is-Desktop
X-IPLB-Request-ID
X-Forwarded-Host
X-IPLB-Instance
X-ProxyCache-Status
X-ProxyCache-Key
Url
X-Director
X-Cache-Host
X-Alternate-Cache-Key
X-Frame-Option
X-Detected-As
X-Format
Selected-Fe
X-Say-Cacheable
X-Storefront-Renderer-Rendered
X-Soup
X-Skip-Cache
X-SayCDN-TTL
X-Timing-Wait
X-Upstream-Ct
X-VCT
X-Varnish-Cache-Hits
X-Upstream-Ht
X-Nf-Request-Id
X-Say-TTL
X-Shopify-Stage
X-Proxy-Build
X-Origin
X-Optimistic-Header
X-GeoCode
X-RateLimit-Limit
Xserver
X-Request-URI
X-GeoCountry
X-Varnish-Beresp-Grace
Frame-Options
X-Sorting-Hat-PodId
X-ShopId
X-Sorting-Hat-ShopId
X-ShardId
X-Azure-Ref-OriginShield
X-Mg-Request-UUID
X-Nginx-Cache
X-Lagoon
Onion-Location
WPO-Cache-Message
X-Connection-Hash
X-Vcache
X-Drupal-Cache-Tags
X-WP-CF-Super-Cache-Cookies-Bypass
WPO-Cache-Status
Expiry
X-Vcl-Version
Thinkindot-Control
TDXMobile
X-Origin-CC
X-CMSURLCustom
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Protected
X-Origin-TTL
X-Shield-Cache-Expires
X-Generation-Time
X-Thinkindot-L3
X-CDN-Forward
X-Drupal-Cache-Contexts
Source
X-Cdn-Origin
Cdn-Requestid
X-Cache-Expired-At
Fastcgi-Useragent
Cache-Hits
X-Vercel-Id
X-Vercel-Cache
X-B3-Traceid
X-PHP-Backend
X-Pass-Why
Environment
X-Worker
X-Rocket-Nginx-Serving-Static
X-Cache-Action
X-Proxy-Cache-Status
Sid
X-TA-CDN-Provider
X-GEO
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-InstanceId
Azure-SiteName
Priority
X-RateLimit-Reset
X-Buckets
X-Origin-Cache-Key
Uber-Trace-Id
Node
X-App-Version
X-ID
X-Cluster-Node
CDN-PullZone
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-EdgeStorageId
Locale
X-Urbn-Site-Id
CDN-RequestPullCode
Cross-Origin-Embedder-Policy
X-Urbn-Context-Path
CDN-RequestPullSuccess
CDN-Uid
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Tumblr-Pixel-3
Cache-Tv-Group
X-XRDS-Location
CF-IPCountry
X-FB-TRIP-ID
X-Server-W
X-Cache-Server
X-Auth-Group-Type
X-Pad
X-Fastcgi-Cache
DB-Nickname
X-NGINX-Cache
X-Tx-Id
User-Cache-Control
X-Dc
X-HITS
Alternate-Protocol
X-A
DCR-Processing-Time-Ms
X-V-Cache
X-Level-Front-Cache
DCR-Decision-By
X-Ig-Origin-Region
X-Ig-Push-State
X-Via-Fastly
X-DefElseHash
X-Cache-NE
Gannett-Cam-Experience-Id
X-Epic-Correlation-Id
X-Aed
X-ND-Cache
X-DefHash
X-Hnp-Log
A
Edge-Cache
X-Gzip
X-Bl-Debug
X-Ec-GeoHdr
X-Ec-Fail
X-Vtex-Remote-Cache
X-Block-Status
X-Edge-Server
X-Esi-Check
X-Fastly-Backend
X-Cache-Id
X-BCube-Filmed-By
X-Gen-Mode
X-Dispatcher-Server
X-Developer
Sslversion
X-GeoIP-City
Content-Secure-Policy
X-Generated-On
X-Bc-Bl
X-Viewer-Country
Rendered-Blocks
Cdn-Request-Time
X-Varnish-CookieINHashed-On
X-ScT
X-Content-Age
X-Conf
Meta-Geo-Continent
X-Core-Value
X-A-Wwc
X-Rojux
X-SB
Ngx.Var.Host
X-SRCache-Key
Surrogated-Key
X-TIM-N
X-UA-Device-Type
X-Varnish-CookieHashed-On
T-Server
X-Jobs
Cdn-Host
X-Cache-TTL-Remaining
Odigeo-Trace-Id
X-Req
MD5-Digest
X-A-Dam
X-A-Ccd
Origin
Wxu-Next-Region
X-A-Dcw
Origin-Agent-Cluster
X-Vdms-Version
X-A-Dgt
Candidate-Md5Url
X-Origin-Expires
X-Org
X-Op-Id-All
X-D
Magicmarker
X-Custom-Header
X-Varnish-Remaining-TTL
Lang
Wxu-Next-Hostname
Wxu-Next-Commit
Mime-Version
HostName
X-Client-Ip
RNT-Machine
Req-ID
X-Cache-Info
X-Amz-Storage-Class
V-Age
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
Ssr
Tube-Return
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
Sever-Int
X-Aicache-OS
Server-Hostname
Server-Host
Server-Ext
X-Bip
X-Backend-Instance
X-B3-Trace-ID
X-AK-Request-ID
X-App-Name
X-Auto-Login
RNT-Time
X-HN
X-Scheme
X-Request-Time
X-SD-PageType
X-Server-IP
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Region-Sid
X-RateLimit-Remaining-Second
X-Policy
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-RateLimit-Limit-Second
X-Pubstack
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-WA-Info
X-Wikidot-Backend
XM
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-Thanos
X-Test
X-Varnish-Director
X-Varnish-Hostname
X-VarnishDD-TTL
X-PAYTM-SRV-ID
X-Origin-Time
X-Forwarded-Site
X-Fmm-Version
X-Gdpr
X-Geo-Header
X-GeoIP-Country-Code
X-GeoIP
X-FC-Vary-Parameters
X-Fastly-Cache
X-Clientip
X-Cdn-Srv
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DPWN-IS-SECURE
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-NMSegId
X-Nginx-Cache-Key
X-Node-Id
X-NodeID
X-Origin-Response-Time
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Loc
X-HS-Content-Campaign-Id
X-LSADC-Cache
X-Men
X-Micro-Cache
X-CacheTTL
X-Cache-Bucket
Content-Style-Type
Content-Script-Type
Click-Count-Error
Click-Count-Action-Start
Country-Code
Fusion-Component-Id
Host-ID
Fastly-SSL
Fastly-Backend-Name
X-Service
Fusion-Content-Id
Fusion-Content-Source
Cache-Provider
C-Via
AKAMAI
Adler-Geo
CDCHOST
Cdncip
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Cdnsip
Is-Eu
Esi-Enabled
PFcat
Platform
Powered-By
Producers
NM-Fastcgi-Cache
Origin-EX
Origin-CC
Cluster
Pramga
X-Ec-Custom-Error
X-Eu-Site
X-Proxied-Request
Canary
X-Pool
X-Cache-Aspx
On-Server
X-CGP
Apple-News-Services-Handled
Apple-News-Services-Host
X-Depends
X-Date
Release
X-Request-Host
X-CUA
X-Csrf-Jwt
Cache-Key
X-Section
X-Contensis-Viewer-Groups
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Device-Os
Req-Svc-Chain
X-BBC-Edge-Cache-Status
HA-Ipaddr
X-Location
Ha-Gx-Prefs
Gh-Request-Id
X-Accel-Expires-Debug
X-Varnish-Beresp-Status
X-Var-Ttl
L
W
Machine
X-Varnish-Authentication
We-Hiring
L5d-Success-Class
Web-Mar-Region
X-Access
NGX
X-Varnishpool
X-We-Are-Hiring
Yak-Timeinfo
True-Client-Country-4JS
X-Hash
DSUID
Fastly-GeoIP-CountryCode
Mail-Subject
X-Mvc-Supplant-OutputCached
X-Request-Start
X-Human
X-DC
X-Slack-Backend
X-Varnish-Beresp-Ttl
X-Slack-Shared-Secret-Outcome
X-LiteSpeed-Cache-Control
X-Cache-FS-Status
Proxy-Firewall
X-AIR-PT
X-From
X-Varnish-Hits
X-Up
X-NCache
X-MP-GENERATED-AT
X-Zone
X-Akamai-Transformed
CDN-RequestId
Redirect-Candidate
WP-Super-Cache
X-Jungle-Id
Server-Info
Debug
BehaviorPad-Version
X-Cache-Backend
X-Cs
X-Refresh
CloudFront-Viewer-Country
X-Vdms-Path
X-LB-ID
X-Tec-Api-Origin
X-CACHE-AGE
X-Tec-Api-Version
X-Tec-Api-Root
X-Servedbyhost
X-APP
Pics-Label
Fastly-Drupal-HTML
X-Uri
X-Parent-Response-Time
X-HA-Backend
X-Via-Poph
GeoIP-Latitude
X-Via-Popn
X-Via-Popv
X-Newrelic-Synthetics
X-B3-Parentspanid
X-VHOST
SID
X-Datadome
X-Nananana
X-PERF
X-M-Reqid
X-M-Log
X-ApacheServer
X-Render-Time
X-Content-Length
X-VC-TTL
X-CS
Fastly-Drupal-Html
X-CDN-Cache-Status
X-Nc
X-LB-NoCache
X-Litespeed-Tag
Resin-Trace
Datacenter
X-B3-Spanid
X-Cached-By
X-CACHE-KEY
X-NewRelic-App-Data
X-DynaTrace-JS-Agent
X-Amz-Meta-Cb-Modifiedtime
X-LiteSpeed-Tag
X-Wa
X-Response-Served-From
X-Original-Request-Id
NtCoent-Length
GeoIp-Country-Code
Locid
Vc-Max-Age
X-ZONE
X-COUNTRY
Cdn
Server-ID
X-RequestId
X-TT-LOGID
X-Dispatcher-Number
X-VCache
X-Varnish-Beresp-TTL
Product
Cf-Ipcountry
X-IAuth-Set-Uid
True-Client-IP
FSS-Cache
X-Old-Content-Length
Srv
X-Fpc
X-Ckpd-Fst-Backend
X-TIME
X-Esi
Ngx-Var-Key
Uri
X-SERVER-NAME
CDN
X-TX-ID
X-Srv
X-HostName
X-Nf-Ats-Version
Serverhost
X-Bug-Bounty
X-Vgn-Hpd-Reason
X-Nf-Language
ServerName
X-FPC
True-Client-Ip
X-Nf-Country
X-HubSpot-Correlation-Id
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Cdn-Forward
X-Dynatrace-Js-Agent
S-Rt
X-Moov-T
X-TH-Server
X-Moov-Xdn-Version
Tcn
X-Oracle-DMS-ECID
GeoIP-Country-Code
X-WA
Request-ID
X-Dispatch
X-Cdn-Cache-Status
X-Vc
X-APP-VERSION
Cf-Device-Type
Server-Id
CacheControlHeader
Hostname
Cross-Origin-Embedder-Policy-Report-Only
X-External-Request-Id
X-User
X-NC
X-Application
User-Agent
ServerHost
X-Akamai-Device-Characteristics
X-Vmg-Version
X-B-Cookie
X-S-Cookie
X-Destination
X-Zen-Fury
X-Gamma-Serve
Geoip-Latitude
Srvid
X-Info
X-FL-QIT-DEBUG
X-Via-PopV
X-Via-PopH
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-Ha-Backend
X-Via-PopN
X-Presslabs-Stats
X-Instance-Name
X-Geo
Ohc-File-Size
X-Sigma
Cneonction
X-Sigma-Backend
X-Rocket-Build-Number
X-Cache-Date
Xc-Version
Origin-Trial
X-VServer
PICS-Label
X-Hit
X-ServedByHost
X-API-Version
X-Segment-20210421
Expect-Staple
X-VCL-Version
X-Branch-Name
Cloudfront-Viewer-Country
Epwk-X-Cache
X-Amz-Meta-Opti
X-V
X-Limited
X-Lb-Id
X-Correlation-ID
X-App
X-Akamai-Pragma-Client-IP
X-CSRF-TOKEN
X-Ua
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
Ohc-Cache-HIT
N-Cache
X-Platform-Server
X-Rollout
X-New
X-Eligible
WZWS-RAY
Permission-Policy
X-MiniProfiler-Ids
X-DataCenter
DataCenter
Load-Balancing
X-Serial
X-Check-Cacheable
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-DynaTrace
X-Datacenter
X-MSEdge-Features
X-Sqd-Ctime
X-Sqd-Stime
Cmsid
Timeexpire
X-Web-Server
Cmstype
Type
X-Acquia-Site
X-MSEdge-Flight
X-Service-Response-Time
Sm-Log-Id
X-Proxy-CacheRZ
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
XkeyRZ
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Warning
Servername
X-Litespeed-Cache-Control
CountryCode
X-LAGOON
Wpo-Cache-Message
Wpo-Cache-Status
X-Irp-Debug
X-Fastly-Backend-Reqs
X-Owner
X-Sorting-Hat-Shopid
X-Core-Mission
Cross-Origin-Opener-Policy-Report-Only
X-RAMCache
X-Amz-Meta-S3b-Last-Modified
X-Th-Server
X-Ramcache
Ngx
X-Snapshot-Date
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Origin-Upstream-Status
X-Shardid
X-Shopid
X-Requestid
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Sorting-Hat-Podid