Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Allow
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
Cf-Railgun
X-Host
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Nginx-Cache-Status
X-Country
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Litespeed-Cache
X-Content-Type
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Url
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Server-Name
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
AR-ATIME
Accept-Ch
AR-PoweredBy
AR-Request-ID
AR-SID
X-Element-Page-Cache
X-D2id
X-GitHub-Request-Id
Edge-Control
X-Ac
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
Verso
X-MS-InvokeApp
X-Webkit-Csp
X-Cache-TTL
X-Upstream
X-Vcap-Request-Id
X-ECACHE
X-Ser
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-B3-TraceId
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-NF-Request-ID
Fastly-Restarts
SPRequestGuid
X-Amz-Rid
X-SharePointHealthScore
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Client-IP
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ratelimit-Limit
X-Mg-S
X-Goog-Hash
Edge-Cache-Tag
X-Powered-CMS
S
Pagespeed
X-Middleton-Display
Display
X-Sol
X-ARC
Cache-Status
X-Amzn-Trace-Id
Access-Control-Request-Method
X-Version
X-Middleton-Response
Response
X-VARITI-CCR
X-PDP-UNCACHING-HASH
X-Ratelimit-Remaining
X-Cache-Key
RTSS
X-Content-Digest
X-TraceId
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Forwarded-For
Realpath
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
Fastcgi-Cache
X-TTL
X-Cached
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
X-Protected-By
X-Ua-Browser
Content-MD5
Public-Key-Pins
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-FTR-Backend-Server
X-Frontend
X-Forwarded-Proto
Server-Node
X-Request-Processing-Time
MicrosoftSharePointTeamServices
Payment
X-Request-Received
X-LLID
TP-Cache
X-PressLabs-Stats
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-Aws-Lambda-Call-Status
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-FTR-Expires
X-RateLimit-Remaining
X-HS-Combine-CSS
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Distributor
Count-Hit
X-GUploader-UploadID
X-Accel-Expires
X-Origin-Server
X-LB-Cache
X-Server-ID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Newrelic-App-Data
X-AppVersion
X-Activity-Id
X-Az
X-Cluster-Name
X-Varnish-Server
Host
Cache-Tags
X-Ttl
X-Varnish-Backend
X-App-Server
X-Www-Served-By
X-B3-TraceId-Primal
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
Accept-Charset
MRF-Tech
X-Content-Security-Policy-Report-Only
Mrf-Cache-Status
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cleartype
Server-Name
X-Ua-Device
X-Goog-Metageneration
X-Hits
Filterid
X-Envoy-Decorator-Operation
X-Git-Hash
X-Unique-Id
X-ASPNET-VERSION
X-Hostname
X-CSRF-Token
Access-Control-Allow-Method
X-Upgrade-Enabled
X-Geo-Country
X-Azure-Ref
Referer-Policy
X-Load-Cache
X-Varnish-Ttl
X-NGENIX-Cache
X-Debug
TP-L2-Cache
TCN
X-Seen-By
X-Time
X-Logged-In
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-FB-Debug
X-Proxy
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-B3-Sampled
X-Grace
X-Amz-Apigw-Id
DC
X-Amzn-RequestId
X-Trace-Id
Section-Io-Cache
X-Revision
X-B
X-F-Cache
X-Request-Guid
X-TT
X-Type
X-Id
X-Fb-Rlafr
X-Cache-Control
Healthy
X-Contextid
X-DIS-Request-ID
Surrogate-Key
Viewport
X-XRDS-LOCATION
Paypal-Debug-Id
X-Mobile
X-N
X-WP-CF-Super-Cache
X-Goog-Stored-Content-Length
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Debug-Info
X-Page-Id
Fastly-SIE
Fastly-SWR
X-Px
Content-Disposition
X-Whom
X-Origin-Cache
X-Varnish-Grace
X-Via-JSL
Version
X-Content-Options
X-Webkit-CSP
X-Datadog-Trace-Id
X-Magnolia-Registration
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
Charset
X-Template
X-Amz-Replication-Status
X-Wix-Request-Id
X-RemovedCookies
X-App-Environment
X-ProcessESI
X-Cache-Grace
X-Tumblr-Pixel-1
X-Tumblr-User
X-UUID
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Node-Name
MS-CV
Ms-Operation-Id
X-Oracle-Dms-Ecid
X-RTag
X-Cache-Age
X-Debug-IsPreview
X-Source
X-Debug-IsConnected
X-G
X-Hl-Ver
X-Yottaa-Metrics
SD-X-WS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Signature
X-FW-Static
X-FW-Version
X-Instance
X-B-Cache
X-FW-Server
X-FW-Type
X-FW-Dynamic
X-Cacheable-TTL
X-Backend-Name
ServerID
X-Datadog-Sampled
X-Environment-Context
X-FW-Hash
X-L-Path
X-FW-Serve
X-NWS-UUID-VERIFY
X-User-Agent
X-Adobe-Loc
X-EdgeConnect-Cache-Status
X-Storage
X-Rule
X-Adobe-Content
X-Region
X-Is-Bot
X-Cache-Hit
X-NYM-Debug-Backend
X-Rendered-As
X-Proxy-Cache-Info
X-Rid
X-Device-Type
X-Status
X-ServerID
X-Real-IP
Country
GEO-INFO
NGB
X-IPS-LoggedIn
Cross-Origin-Window-Policy
SRV
Countrycode
X-URL
X-Language
Akamai-GRN
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-B3-SpanId
X-WP-CF-Super-Cache-Active
X-Wormhole-Sdk
Amp-Access-Control-Allow-Source-Origin
X-RM-Cache-TTL
Front
X-Origin-Cache-Key
X-Sucuri-ID
X-Sucuri-Cache
X-Ratelimit-Reset
X-Framework
OT-Force-Account-Verify
X-Servername
X-Xrds-Location
X-UA
X-Air-Pt
From-Origin
X-VC-Cache
X-Oracle-Dms-Rid
X-AB
X-VC
X-Mode
X-Content-Powered-By
Backend
X-Air-Hostname
X-Air-Trace-Id
X-Akamai-Request-ID2
X-Air-Source
Xet-Cookie
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-DataDome
Refresh
X-Cache-Time
X-Nginx-Cache
X-Handled-By
X-INCAP-ABP
X-SRV
Accept-Language
X-Rewrite-Enabled
X-Endurance-Cache-Level
Filters
X-UPSTREAM-Address
X-RID
X-Edge-Location
X-JoinUs
X-Xfnlog-Site
Meta-Geo
X-SaId
X-Rn-Rsrv
X-RCS-CacheZone
Cache
ServedBy
Webserver
X-Webstats-RespID
Access-Control-Request-Headers
X-Cloudmap
X-Proxied
X-Cache-Status-Check
X-LJ-Flow-ID
X-Cache-Rule
X-Git-Commit
X-Cluster
X-Routing-Service
X-Cache-Operation
X-Generated-By
X-Container-Uri
X-Zipkin-Id
Property-Id
X-Lambda-Id
X-VWS-Id
X-Hosted-By
X-AWS-Id
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Locale-Group
X-No-Session
X-Origin-Hint
TWC-Privacy
X-PHP-Host
Webcakes-App-Name
X-Labrador-Cache-Channel
X-Varnish-Age
X-Provided-By
Webcakes-Region
X-Tumblr-Pixel-2
X-Extlb
X-Origin-Date
Webcakes-App-Version
X-Served-From
X-Loop
Section-Io-Id
Url
X-Fastly-Request-Id
X-Accel-Version
LB
X-Web-Node
Web-Mar-Node
Frame-Options
X-Logging-Id
X-Adobe-Source
X-Forwarded-Host
X-IPLB-Request-ID
X-Ismobilevalue
X-Redis-Cache
X-Site-Version
X-Tb
Mn-Server-Ip
X-IPLB-Instance
Atl-Traceid
Apigw-Requestid
X-Fetched-On
X-Reqid
X-Restarts
X-Tncms
X-Skip-Cache
X-HTML-Minification-Powered-By
X-Locale
X-Akamai-Edgescape
X-Cms-Context
X-Is-Desktop
X-Origin
X-Proxy-Build
X-VCT
X-Frame-Option
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-BYPASS-REASON
X-Cache-Host
X-Is-Supported-Browser
X-Is-Mobile
X-Tcp-Rtt
X-Timing-Wait
X-Upstream-Ht
X-R9-Blue-Green-Version
X-Upstream-Ct
X-Format
X-RateLimit-Reset
X-Cache-Debug
X-Soup
X-Director
X-Azure-Ref-OriginShield
X-Geo-Region
X-Httpd
X-Scope-Id
X-Say-TTL
X-SayCDN-TTL
Selected-Fe
X-Browser-Name
X-Is-Tablet
X-ProxyCache-Status
X-ProxyCache-Key
X-Ms-Version
X-Ms-Request-Id
X-Say-Cacheable
WPO-Cache-Status
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-RateLimit-Limit
X-Detected-As
X-ECache
Xserver
X-GeoCountry
X-Shopify-Stage
X-GeoCode
WPO-Cache-Message
X-S
X-Optimistic-Header
X-Vcache
X-Sorting-Hat-PodId
X-ShardId
X-Origin-TTL
X-Sorting-Hat-ShopId
X-Request-URI
X-Origin-CC
X-ShopId
X-Drupal-Cache-Tags
Cache-Hits
X-Generation-Time
X-Lagoon
Source
X-Api-Version
X-CMSURLCustom
X-Cdn-Origin
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-Control
X-Drupal-Cache-Contexts
Fastcgi-Useragent
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
TDXMobile
Protected
Expiry
X-Connection-Hash
X-WP-CF-Super-Cache-Cookies-Bypass
Onion-Location
X-Tt-Logid
X-CDN-Forward
Cdn-Requestid
X-ID
X-Vercel-Cache
X-Worker
X-Vercel-Id
X-Cache-Expired-At
X-Buckets
X-Vcl-Version
X-TA-CDN-Provider
X-PHP-Backend
Azure-InstanceId
X-Rocket-Nginx-Serving-Static
Azure-SlotName
Azure-Version
Azure-RegionName
X-Mg-Request-UUID
X-Pass-Why
X-B3-Traceid
Azure-SiteName
X-Fastcgi-Cache
Node
X-GEO
Priority
X-Cache-Action
X-App-Version
Environment
Cross-Origin-Embedder-Policy
CDN-RequestPullSuccess
Sid
CDN-Cache
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
CDN-RequestCountryCode
X-Proxy-Cache-Status
Uber-Trace-Id
CDN-Uid
X-Tumblr-Pixel-3
X-Cluster-Node
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-XRDS-Location
X-Cache-Server
X-Server-W
DB-Nickname
Cache-Tv-Group
Alternate-Protocol
CF-IPCountry
X-FB-TRIP-ID
X-Tx-Id
X-Auth-Group-Type
X-Jobs
User-Cache-Control
HostName
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Deployment-Id
X-UA-Device-Type
X-Fastly-Backend
X-Origin-Expires
X-Org
X-Op-Id-All
Rendered-Blocks
X-V-Cache
Odigeo-Trace-Id
X-GeoIP-City
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Magicmarker
X-Hnp-Log
X-Gzip
X-Service
Lang
X-Rojux
X-SB
Origin-Agent-Cluster
X-SRCache-Key
X-Gen-Mode
Origin
X-Generated-On
Gannett-Cam-Experience-Id
X-ScT
X-Vdms-Version
X-TIM-N
X-Vtex-Remote-Cache
X-ND-Cache
X-D
DCR-Processing-Time-Ms
X-Custom-Header
X-Level-Front-Cache
Edge-Cache
X-A-Dgt
X-A-Wwc
A
X-Aed
DCR-Decision-By
Candidate-Md5Url
X-Conf
Content-Secure-Policy
X-Cache-Id
X-Cache-NE
X-Content-Age
X-LSADC-Cache
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
X-Block-Status
X-A-Dcw
X-Developer
X-Ec-GeoHdr
X-Ec-Fail
X-A-Dam
X-Ig-Push-State
X-Viewer-Country
X-Epic-Correlation-Id
T-Server
X-Ig-Origin-Region
Sslversion
X-Esi-Check
X-Dispatcher-Server
X-Device-Os
Surrogated-Key
Wxu-Next-Region
X-A
X-A-Ccd
Wxu-Next-Commit
Wxu-Next-Hostname
X-Nf-Request-Id
X-Client-Ip
X-Pad
X-DC
X-Men
Content-Script-Type
Fastly-Backend-Name
X-Loc
Content-Style-Type
X-HN
Fastly-SSL
Host-ID
Server-Host
X-Debug-Cache-Store
X-AK-Request-ID
X-Debug-Cache-Fetch
Vix-Hermes-Req-Id
V-Age
Sever-Int
Ssr
X-Amz-Storage-Class
X-App-Name
X-Cache-Info
X-CacheTTL
X-Cache-Bucket
X-Bip
X-Auto-Login
X-Backend-Instance
Server-Hostname
X-Mvc-Supplant-Cachable
X-Geo-Header
Origin-CC
NM-Fastcgi-Cache
X-GeoIP
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Origin-EX
PFcat
X-Fastly-Cache
Server-Ext
Req-ID
X-FC-Vary-Parameters
Powered-By
X-Forwarded-Site
X-GoCache-CacheStatus
X-Platform
X-Edge-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Thanos
X-DefHash
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Request-Time
X-Region-Sid
X-Scheme
X-SD-PageType
X-Sn-Servicetimems
X-Varnish-Director
X-Varnish-Hostname
X-Wikidot-Static-Cache
X-Wikidot-Backend
XM
Cdn-Host
Cdn-Request-Time
X-Cache-TTL-Remaining
X-VTEX-Cache-Time
X-DefElseHash
X-VarnishDD-TTL
X-Core-Value
X-VG-WebCache
X-VTEX-Cache-Server
X-RateLimit-Remaining-Second
X-Server-IP
X-Via-Fastly
X-Node-Id
AKAMAI
X-RateLimit-Limit-Second
X-PAYTM-SRV-ID
X-Varnish-Remaining-TTL
X-NMSegId
X-Nginx-Cache-Key
Cdncip
Cdnsip
CDCHOST
Cache-Provider
C-Via
X-Cdn-Srv
X-Origin-Response-Time
X-Pubstack
X-Varnish-CookieHashed-On
X-Req
X-Powered-By-VTEX-Cache
X-Policy
X-Varnish-CookieINHashed-On
X-MP-GENERATED-AT
X-Dc
Mime-Version
Tube-Return
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
X-DPWN-IS-SECURE
Tube-Got-Results
X-Depends
Tube-Get-Contents
Tube-Got-Eval
X-Clientip
X-NodeID
X-B3-Trace-ID
X-Fmm-Version
X-Contensis-Viewer-Groups
X-Mly-Id
RNT-Time
X-VG-TLSProxy
X-CGP
X-Date
X-CUA
X-WA-Info
X-Micro-Cache
X-Eu-Site
X-Request-Host
X-Proxied-Request
X-Proto
X-Request-Start
X-Section
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Pool
X-Hash
X-NCache
X-Location
X-Nyt-Route
X-Origin-Time
X-HS-Content-Campaign-Id
X-Human
X-Gdpr
X-Var-Ttl
Country-Code
Click-Count-Error
Click-Count-Action-Start
Esi-Enabled
Is-Eu
Producers
Platform
X-Ec-Custom-Error
Adler-Geo
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Varnishpool
X-Mvc-Supplant-OutputCached
Yak-Timeinfo
X-We-Are-Hiring
RNT-Machine
X-Csrf-Jwt
Cluster
DSUID
Release
Canary
True-Client-Country-4JS
HA-Ipaddr
Apple-News-Services-Request-Url
Cache-Key
Fastly-GeoIP-CountryCode
Proxy-Firewall
L5d-Success-Class
L
Ha-Gx-Prefs
Machine
Mail-Subject
Pramga
On-Server
Gh-Request-Id
We-Hiring
W
Apple-News-Services-Host
Apple-News-Services-Handled
Web-Mar-Region
Apple-News-Services-Parsed-Url
X-Aicache-OS
X-Accel-Expires-Debug
X-Cache-Aspx
X-Access
X-HITS
X-Varnish-Beresp-Ttl
X-Up
X-BBC-Edge-Cache-Status
X-From
NGX
X-LiteSpeed-Cache-Control
X-Jungle-Id
Req-Svc-Chain
X-Zone
X-NGINX-Cache
X-AIR-PT
WP-Super-Cache
X-Vdms-Path
Debug
X-Cache-Backend
X-Cs
X-Uri
CDN-RequestId
X-Cache-FS-Status
X-Varnish-Hits
X-LB-ID
X-Akamai-Transformed
Redirect-Candidate
CloudFront-Viewer-Country
X-CACHE-GROUP
X-Newrelic-Synthetics
SID
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-HA-Backend
Server-Info
X-PERF
X-Refresh
Pics-Label
Fastly-Drupal-HTML
X-Via-Popn
X-Via-Popv
X-Render-Time
X-Via-Poph
X-ApacheServer
X-Servedbyhost
GeoIP-Latitude
X-VHOST
X-Nananana
X-Original-Request-Id
X-Response-Served-From
BehaviorPad-Version
X-B3-Parentspanid
X-M-Log
X-Datadome
X-M-Reqid
X-APP
X-VC-TTL
X-Parent-Response-Time
X-TT-LOGID
Fastly-Drupal-Html
Locid
X-Cached-By
X-CACHE-AGE
X-LB-NoCache
X-Content-Length
Datacenter
X-CS
Resin-Trace
X-Litespeed-Tag
X-DynaTrace-JS-Agent
Server-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Nc
X-CDN-Cache-Status
X-Amz-Meta-Cb-Modifiedtime
X-Wa
Cf-Ipcountry
X-IAuth-Set-Uid
Cdn
X-LiteSpeed-Tag
GeoIp-Country-Code
NtCoent-Length
X-Varnish-Beresp-TTL
X-VCache
X-Old-Content-Length
X-ZONE
Uri
Ngx-Var-Key
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
FSS-Cache
X-Vgn-Hpd-Reason
X-Dispatcher-Number
X-Fpc
X-RequestId
X-NewRelic-App-Data
CDN
Vc-Max-Age
X-TH-Server
X-Moov-T
True-Client-Ip
X-Moov-Xdn-Version
True-Client-IP
X-Esi
Serverhost
Product
X-B3-Spanid
X-HostName
X-TX-ID
X-SERVER-NAME
X-Srv
Srv
Cross-Origin-Embedder-Policy-Report-Only
Tcn
X-Nf-Ats-Version
X-Nf-Language
X-Cdn-Forward
X-Ckpd-Fst-Backend
X-Nf-Country
X-FPC
GeoIP-Country-Code
S-Rt
X-TIME
X-Oracle-DMS-ECID
X-Destination
X-B-Cookie
X-Application
X-Cdn-Cache-Status
ServerName
X-S-Cookie
X-Dynatrace-Js-Agent
Cf-Device-Type
X-External-Request-Id
X-User
X-Bug-Bounty
Request-ID
X-HubSpot-Correlation-Id
X-WA
CacheControlHeader
X-NC
X-Dispatch
X-Webkit-Csp-Report-Only
X-Vc
X-APP-VERSION
X-Zen-Fury
Server-Id
X-CACHE-KEY
Hostname
X-Rocket-Build-Number
X-Sigma-Backend
X-Instance-Name
X-Cache-Date
X-API-Version
X-Sigma
X-COUNTRY
X-FL-QIT-DEBUG
Geoip-Latitude
Srvid
X-VServer
X-Presslabs-Stats
X-Ha-Backend
Ohc-File-Size
X-Via-PopV
User-Agent
X-Vmg-Version
X-Via-PopN
X-Akamai-Device-Characteristics
X-Geo
X-Lb-Nocache
X-Branch-Name
X-Segment-20210421
X-Via-PopH
DataCenter
ServerHost
Origin-Trial
X-Gamma-Serve
X-ServedByHost
X-Info
Load-Balancing
X-VCL-Version
X-DynaTrace
Cneonction
Xc-Version
Epwk-X-Cache
Cloudfront-Viewer-Country
X-DataCenter
PICS-Label
X-Cache-Ttl
X-Limited
X-App
Type
X-Akamai-Pragma-Client-IP
Expect-Staple
X-Correlation-ID
X-Ua
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Check-Cacheable
X-Serial
Cross-Origin-Opener-Policy-Report-Only
X-Irp-Debug
X-Hit
X-MiniProfiler-Ids
X-Lb-Id
Ohc-Cache-HIT
X-Owner
X-Amz-Meta-Opti
Lb
X-Via-CDN
X-Sqd-Ctime
Sm-Log-Id
Warning
X-Providence-Cookie
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Route-Name
X-Via-Edge
X-Service-Response-Time
X-Core-Mission
Timeexpire
Edge-Copy-Time
X-MSEdge-Features
X-Acquia-Application-Trace
X-MSEdge-Flight
X-Is-Crawler
Cmsid
Cmstype
X-Datacenter
X-Flags
X-Via-SSL
X-Web-Server
X-Aspnet-Duration-Ms
Cl-Cache
X-Qloud-Router
X-Sqd-Stime
X-CSRF-TOKEN
CountryCode
X-Page-View
X-Litespeed-Cache-Control
X-LAGOON
Servername
X-SIPLIST1
X-Requestid
X-Origin-Upstream-Status
X-Shardid
X-Sql-Duration-Ms
N-Cache
X-Sql-Count
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-RAMCache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
IsBot
X-Http-Reason
X-Th-Server
X-Ramcache
X-Snapshot-Date
Ngx
X-Udemy-Cache-App-Namespace