Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
Permissions-Policy
X-Robots-Tag
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Allow
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
Cf-Railgun
X-Host
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-CST
X-Daa-Tunnel
X-Litespeed-Cache
Cross-Origin-Opener-Policy
Nginx-Cache
X-Mcache
X-Edge
X-Server-Name
X-Browser-Type
X-Midtier
X-Powered-By-Plesk
Accept-Ch
X-Cnection
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-ESI
X-Ac
X-Element-Page-Cache
X-D2id
X-GitHub-Request-Id
X-Cache-TTL
Edge-Control
X-Exp-Variant
X-Cdn-Fetch
Verso
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Vcap-Request-Id
X-FastCGI-Cache
X-Ser
AR-CACHE
X-Abt-Application-Version
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
X-Webkit-Csp
SPIisLatency
SPRequestDuration
X-NF-Request-ID
X-Mod-Pagespeed
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Client-IP
X-Kinsta-Cache
X-Edge-Location-Klb
X-Oneagent-Js-Injection
X-Goog-Hash
X-Mg-S
Edge-Cache-Tag
S
X-Powered-CMS
X-ARC
X-Sol
X-Middleton-Display
Pagespeed
Display
X-PDP-UNCACHING-HASH
Cache-Status
X-Ratelimit-Limit
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
Response
X-VARITI-CCR
X-Middleton-Response
X-Cache-Key
X-Fastly-Request-ID
X-TTL
RTSS
X-TraceId
X-Content-Digest
Realpath
X-Ua-Device
X-T
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Ratelimit-Remaining
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-Varnish-TTL
Front-End-Https
X-RateLimit-Remaining
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
MicrosoftSharePointTeamServices
X-Protected-By
Content-MD5
X-Country-Code-Real
X-Ua-Browser
X-FTR-Balancer
X-FTR-Cache-Status
X-Ruxit-Js-Agent
X-FTR-Backend
X-FTR-Backend-Server
X-HS-Cache-Config
X-Request-Processing-Time
X-HS-Content-Id
X-HS-Hub-Id
X-Forwarded-Proto
X-Request-Received
TP-Cache
X-LLID
X-Frontend
Payment
Server-Node
Public-Key-Pins
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-SRCache-Store-Status
X-FTR-Expires
X-TEC-API-VERSION
X-TEC-API-ROOT
X-HS-Combine-CSS
X-TEC-API-ORIGIN
X-Server-ID
Count-Hit
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
X-Distributor
X-NODE
X-Origin-Server
X-LB-Cache
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Ezoic-Cdn
X-Aws-Lambda-Call-Status
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Server
X-Activity-Id
X-Az
X-AppVersion
X-Newrelic-App-Data
X-Www-Served-By
X-B3-TraceId-Primal
Accept-Charset
Host
Mrf-Cache-Status
X-App-Server
MRF-Tech
X-ORACLE-DMS-ECID
X-Cluster-Name
X-Varnish-Backend
Cache-Tags
Retry-After
X-Content-Security-Policy-Report-Only
X-Amz-Meta-S3cmd-Attrs
Cleartype
Server-Name
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Goog-Metageneration
X-ASPNET-VERSION
Filterid
X-Hits
X-Unique-Id
X-Envoy-Decorator-Operation
Access-Control-Allow-Method
X-CSRF-Token
X-Git-Hash
X-Hostname
X-Azure-Ref
X-NGENIX-Cache
X-Upgrade-Enabled
X-Load-Cache
X-Geo-Country
Referer-Policy
X-Id
X-Debug
X-Ttl
X-Logged-In
TP-L2-Cache
X-Time
X-Seen-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-B
X-FB-Debug
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Section-Io-Cache
X-TT
X-B3-Sampled
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Grace
Surrogate-Key
X-Cache-Control
X-Trace-Id
X-Request-Guid
X-F-Cache
DC
X-Revision
X-Type
Healthy
X-Contextid
X-XRDS-LOCATION
X-Fb-Rlafr
TCN
Viewport
X-DIS-Request-ID
X-Mobile
X-N
Paypal-Debug-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Fastly-SWR
Fastly-SIE
X-Varnish-Ttl
X-Page-Id
X-Debug-Info
Content-Disposition
X-Px
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Webkit-CSP
X-Origin-Cache
X-Via-JSL
X-Varnish-Grace
X-Whom
Version
X-Magnolia-Registration
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Content-Options
X-Template
X-Oracle-Dms-Ecid
Charset
X-Amz-Replication-Status
X-UUID
X-Wix-Request-Id
X-ProcessESI
X-G
X-RemovedCookies
X-Cache-Grace
X-App-Environment
X-Tumblr-Pixel
X-Rule
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-RTag
X-Node-Name
Ms-Operation-Id
X-Adobe-Content
X-Adobe-Loc
X-Debug-IsConnected
MS-CV
X-Debug-IsPreview
X-NWS-UUID-VERIFY
VIX-Pulpo-Node
X-EdgeConnect-Cache-Status
X-Datadog-Sampled
X-Signature
X-Hl-Ver
X-B-Cache
VIX-Pulpo-Upstream-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Storage
NGB
X-Source
SD-X-WS
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Environment-Context
X-Backend-Name
X-Cacheable-TTL
ServerID
X-Device-Type
X-FW-Server
X-FW-Version
X-Proxy-Cache-Info
X-FW-Static
X-Region
X-Rendered-As
X-User-Agent
X-NYM-Debug-Backend
X-L-Path
X-FW-Type
X-Instance
X-Is-Bot
GEO-INFO
X-Status
X-Cache-Hit
Country
X-ServerID
X-Real-IP
X-B3-SpanId
X-Cache-Age
Countrycode
X-Language
Cross-Origin-Window-Policy
X-IPS-LoggedIn
SRV
X-Rid
Liferay-Portal
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-Wormhole-Sdk
X-Ratelimit-Reset
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
X-Sucuri-Cache
X-Sucuri-ID
Front
X-Framework
OT-Force-Account-Verify
X-Oracle-Dms-Rid
X-Servername
X-AB
X-UA
From-Origin
X-VC-Cache
X-RateLimit-Limit
X-Content-Powered-By
X-Air-Hostname
Amp-Access-Control-Allow-Source-Origin
Xet-Cookie
X-VC
X-Air-Source
X-Mode
X-WebKit-CSP-Report-Only
X-Air-Trace-Id
X-Akamai-Request-ID2
Backend
X-Air-Pt
X-Xrds-Location
X-URL
Upgrade-Insecure-Requests
Refresh
X-Cache-Time
X-Origin-Cache-Key
X-SRV
X-Handled-By
X-INCAP-ABP
X-RID
X-Endurance-Cache-Level
Accept-Language
X-Ismobilevalue
X-JoinUs
X-Edge-Location
X-Xfnlog-Site
Filters
Meta-Geo
X-SaId
Cache
X-Rn-Rsrv
X-Rewrite-Enabled
X-UPSTREAM-Address
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Generated-By
X-Adobe-Source
X-Origin-Hint
TWC-Privacy
TWC-Locale-Group
X-Git-Commit
X-Hosted-By
X-Labrador-Cache-Channel
Property-Id
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
ServedBy
X-LJ-Flow-ID
X-Cluster
X-PHP-Host
LB
X-Provided-By
X-Proxied
X-Origin-Date
X-No-Session
X-HTML-Minification-Powered-By
Webcakes-App-Name
X-Cache-Status-Check
Webcakes-App-Version
Webcakes-Region
X-Zipkin-Id
X-Webstats-RespID
X-Tumblr-Pixel-2
X-Varnish-Age
X-Container-Uri
X-AWS-Id
X-Cloudmap
X-Cms-Context
X-VWS-Id
X-S
X-Extlb
X-Reqid
X-Routing-Service
X-Tcp-Rtt
X-Lambda-Id
Web-Mar-Node
X-Akamai-Edgescape
Url
X-Browser-Name
Atl-Traceid
X-Is-Supported-Browser
X-Forwarded-Host
X-Is-Tablet
X-Site-Version
X-Locale
Webserver
X-Api-Version
X-Ms-Request-Id
Apigw-Requestid
Access-Control-Request-Headers
X-Redis-Cache
X-Logging-Id
X-Ms-Version
X-Loop
X-Is-Desktop
X-Is-Mobile
X-DataDome
Mn-Server-Ip
X-IPLB-Request-ID
X-Restarts
Section-Io-Id
X-Fetched-On
X-Web-Node
X-Cache-Debug
X-Tncms
X-Tb
X-Scope-Id
X-Geo-Region
X-Skip-Cache
X-Httpd
X-IPLB-Instance
X-Nginx-Cache
X-Frame-Option
Selected-Fe
X-Alternate-Cache-Key
X-Served-From
X-Say-Cacheable
X-Detected-As
X-Say-TTL
X-SayCDN-TTL
Frame-Options
X-Upstream-Ht
X-Timing-Wait
X-Proxy-Build
X-Varnish-Beresp-Grace
X-Storefront-Renderer-Rendered
X-Accel-Version
X-Upstream-Ct
X-Soup
X-Azure-Ref-OriginShield
X-ProxyCache-Status
X-Varnish-Cache-Hits
X-ProxyCache-Key
X-Origin
X-VCT
X-Cache-Host
X-BYPASS-REASON
X-Director
X-Shopify-Stage
X-Format
WPO-Cache-Status
WPO-Cache-Message
Xserver
X-GeoCode
X-Optimistic-Header
X-Cache-Operation
X-Cache-Rule
X-GeoCountry
X-Sorting-Hat-ShopId
X-Request-URI
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Drupal-Cache-Tags
X-CMSURLCustom
Thinkindot-Control
X-RateLimit-Reset
X-Shield-Cache-Expires
X-Vcache
Thinkindot-CacheControl-Type
X-Origin-CC
X-Thinkindot-L3
Cache-Hits
X-Origin-TTL
X-Generation-Time
Thinkindot-CacheControl
X-Lagoon
TDXMobile
X-Drupal-Cache-Contexts
Onion-Location
Cdn-Requestid
X-Cdn-Origin
Protected
Source
X-Connection-Hash
Expiry
X-CDN-Forward
X-Fastly-Request-Id
X-TA-CDN-Provider
X-WP-CF-Super-Cache-Cookies-Bypass
X-Tt-Logid
X-Mg-Request-UUID
X-Buckets
X-Cache-Expired-At
AMP-Access-Control-Allow-Source-Origin
X-Vcl-Version
X-Vercel-Id
X-Vercel-Cache
Fastcgi-Useragent
X-Worker
X-Pass-Why
X-PHP-Backend
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Rocket-Nginx-Serving-Static
Azure-SlotName
Azure-Version
Node
X-ECache
Environment
X-App-Version
Sid
X-Cache-Action
X-ID
X-Proxy-Cache-Status
Priority
CDN-Cache
CDN-CachedAt
X-Aspnetmvc-Version
Uber-Trace-Id
CDN-EdgeStorageId
Cross-Origin-Embedder-Policy
CDN-PullZone
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-RequestPullCode
X-GEO
X-Cluster-Node
X-Tumblr-Pixel-3
X-XRDS-Location
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Fastcgi-Cache
X-Server-W
X-Cache-Server
DB-Nickname
X-B3-Traceid
Cache-Tv-Group
HostName
X-FB-TRIP-ID
X-Auth-Group-Type
User-Cache-Control
Alternate-Protocol
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
CF-IPCountry
X-Pad
X-Nf-Request-Id
X-Jobs
X-Client-Ip
X-A
Magicmarker
Sslversion
X-Vdms-Version
X-ND-Cache
Cdn-Host
Surrogated-Key
X-Dc
X-Edge-Server
Cdn-Request-Time
X-Custom-Header
Lang
X-Esi-Check
X-GeoIP-City
X-Origin-Expires
X-Org
X-D
X-Op-Id-All
X-Service
T-Server
MD5-Digest
X-Hnp-Log
Ngx.Var.Host
X-Ec-Fail
X-Dispatcher-Server
Odigeo-Trace-Id
Origin
A
X-Ig-Origin-Region
X-Ig-Push-State
X-Level-Front-Cache
X-Gzip
X-Device-Os
Meta-Geo-Continent
Candidate-Md5Url
X-Viewer-Country
X-Core-Value
X-DefElseHash
X-DefHash
X-Developer
Rendered-Blocks
X-Vtex-Remote-Cache
X-Ec-GeoHdr
X-Via-Fastly
X-Content-Age
X-Generated-On
X-Gen-Mode
X-SRCache-Key
X-Cache-Id
DCR-Processing-Time-Ms
X-AIR-PT
DCR-Decision-By
X-Cache-TTL-Remaining
X-Cache-NE
Edge-Cache
X-Bc-Bl
Gannett-Cam-Experience-Id
X-Bl-Debug
X-Varnish-CookieHashed-On
X-Block-Status
X-V-Cache
X-BCube-Filmed-By
X-Varnish-CookieINHashed-On
X-TIM-N
X-UA-Device-Type
Origin-Agent-Cluster
X-ScT
X-A-Dam
X-A-Dcw
X-Req
X-A-Ccd
Wxu-Next-Region
Wxu-Next-Commit
X-Varnish-Remaining-TTL
Wxu-Next-Hostname
X-A-Wwc
X-A-Dgt
X-Conf
X-Rojux
X-SB
X-Fastly-Backend
X-Aed
Content-Secure-Policy
X-Tx-Id
X-LSADC-Cache
Mime-Version
X-NGINX-Cache
Is-Eu
Host-ID
X-FC-Vary-Parameters
X-Epic-Correlation-Id
X-Forwarded-Site
X-Fastly-Cache
NM-Fastcgi-Cache
X-Fmm-Version
Sever-Int
X-Clientip
X-Ad-Load-Variation
X-AK-Request-ID
Vix-Hermes-Req-Id
V-Age
Tube-Got-Results
Tube-Return
X-Cdn-Srv
X-CacheTTL
X-Backend-Instance
X-Cache-Bucket
X-Bip
X-B3-Trace-ID
X-Auto-Login
X-App-Name
X-Cache-Info
Tube-Got-Eval
Tube-Get-Contents
Powered-By
Producers
Req-ID
Platform
X-DPWN-IS-SECURE
Origin-EX
PFcat
RNT-Machine
RNT-Time
X-Debug-Cache-Fetch
Fastly-SSL
Server-Hostname
Server-Host
X-Debug-Cache-Store
Server-Ext
Origin-CC
Cdnsip
X-Origin-Time
X-Nyt-Route
X-NodeID
X-PAYTM-SRV-ID
X-Platform
X-VarnishDD-TTL
X-Policy
X-Node-Id
X-NMSegId
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Micro-Cache
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-VG-TLSProxy
X-VG-WebCache
X-Powered-By-VTEX-Cache
X-Proto
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Server-IP
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
X-Test
X-SD-PageType
X-Scheme
X-RateLimit-Limit-Second
X-Pubstack
X-RateLimit-Remaining-Second
X-Region-Sid
X-Varnish-Director
X-Varnish-Hostname
X-Men
X-Nginx-Cache-Key
X-GeoIP
C-Via
X-HN
Content-Script-Type
AKAMAI
X-HS-Content-Campaign-Id
Click-Count-Error
Cache-Provider
X-GeoIP-Country-Code
Click-Count-Action-Start
X-GeoIP-Region-Code
Cdncip
X-GoCache-CacheStatus
CDCHOST
Adler-Geo
Content-Style-Type
X-Loc
Esi-Enabled
XM
X-Wikidot-Static-Cache
X-WA-Info
X-Wikidot-Backend
X-Gdpr
Fastly-Backend-Name
X-Geo-Header
Country-Code
X-DC
X-HITS
X-Varnish-Beresp-Ttl
X-CGP
X-Request-Start
X-Slack-Shared-Secret-Outcome
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Eu-Site
X-Slack-Backend
X-Up
X-Var-Ttl
X-Section
X-Request-Time
X-Contensis-Viewer-Groups
X-Location
X-From
X-Aicache-OS
X-NCache
Yak-Timeinfo
X-We-Are-Hiring
X-Cache-Aspx
X-Mvc-Supplant-OutputCached
X-Date
X-Origin-Response-Time
X-Pool
X-Depends
X-Proxied-Request
X-Hash
X-Csrf-Jwt
X-Varnishpool
X-Ec-Custom-Error
X-CUA
X-Request-Host
True-Client-Country-4JS
Machine
L5d-Success-Class
L
HA-Ipaddr
Mail-Subject
NGX
Req-Svc-Chain
Release
Proxy-Firewall
On-Server
Ha-Gx-Prefs
Gh-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Key
Canary
Fastly-GeoIP-CountryCode
DSUID
Cluster
Ssr
Pramga
X-Accel-Expires-Debug
Web-Mar-Region
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-MP-GENERATED-AT
X-Amz-Storage-Class
W
We-Hiring
X-BBC-Edge-Cache-Status
X-LiteSpeed-Cache-Control
X-Jungle-Id
X-Human
X-Cs
X-Zone
X-LB-ID
X-Vdms-Path
X-Cache-Backend
X-Cache-FS-Status
X-Varnish-Hits
WP-Super-Cache
X-Akamai-Transformed
Debug
X-Uri
X-Datadome
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
CDN-RequestId
X-HA-Backend
X-Via-Popv
Pics-Label
X-Refresh
Redirect-Candidate
X-Via-Poph
Server-Info
X-Via-Popn
X-Newrelic-Synthetics
X-Render-Time
X-Nananana
X-PERF
X-VHOST
BehaviorPad-Version
CloudFront-Viewer-Country
X-ApacheServer
Fastly-Drupal-HTML
SID
X-CACHE-AGE
X-M-Log
X-Servedbyhost
X-VC-TTL
X-M-Reqid
X-APP
Fastly-Drupal-Html
X-Parent-Response-Time
X-LB-NoCache
X-B3-Parentspanid
GeoIP-Latitude
X-TT-LOGID
X-Response-Served-From
X-Original-Request-Id
Locid
X-Content-Length
X-Cached-By
Datacenter
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
X-Litespeed-Tag
Resin-Trace
Server-ID
X-CS
Cf-Ipcountry
X-Amz-Meta-Cb-Modifiedtime
X-Nc
GeoIp-Country-Code
X-LiteSpeed-Tag
X-Wa
X-IAuth-Set-Uid
X-VCache
X-ZONE
NtCoent-Length
Cdn
X-Old-Content-Length
Vc-Max-Age
Tcn
Ngx-Var-Key
FSS-Cache
Uri
X-Dispatcher-Number
X-TX-ID
X-NewRelic-App-Data
X-Varnish-Beresp-TTL
X-Esi
True-Client-IP
X-Platform-Router
X-Fpc
X-Vgn-Hpd-Reason
X-RequestId
CDN
Product
X-Platform-Cluster
X-Platform-Processor
X-SERVER-NAME
X-HostName
X-TH-Server
Srv
True-Client-Ip
X-Moov-T
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Serverhost
X-Moov-Xdn-Version
X-Cdn-Forward
X-Nf-Country
X-Nf-Ats-Version
X-Nf-Language
X-FPC
X-Ckpd-Fst-Backend
X-Srv
X-B3-Spanid
X-TIME
X-Oracle-DMS-ECID
Cf-Device-Type
Cross-Origin-Embedder-Policy-Report-Only
S-Rt
X-Bug-Bounty
X-NC
X-Dynatrace-Js-Agent
ServerName
GeoIP-Country-Code
X-WA
X-HubSpot-Correlation-Id
Request-ID
X-S-Cookie
X-External-Request-Id
X-Dispatch
X-Cdn-Cache-Status
X-Destination
X-Vc
X-Application
X-B-Cookie
CacheControlHeader
X-User
X-CACHE-KEY
X-Zen-Fury
Geoip-Latitude
Server-Id
X-APP-VERSION
X-Geo
X-COUNTRY
Hostname
X-Cache-Date
X-Sigma-Backend
X-Rocket-Build-Number
Srvid
X-Sigma
X-FL-QIT-DEBUG
X-Instance-Name
X-Webkit-Csp-Report-Only
X-Presslabs-Stats
X-Segment-20210421
X-Vmg-Version
X-API-Version
User-Agent
ServerHost
X-VServer
X-Akamai-Device-Characteristics
X-Lb-Nocache
Ohc-File-Size
X-ServedByHost
Origin-Trial
X-Gamma-Serve
X-Info
X-Branch-Name
X-Via-PopN
X-Via-PopH
X-Ha-Backend
Cloudfront-Viewer-Country
X-Via-PopV
X-VCL-Version
PICS-Label
Epwk-X-Cache
Xc-Version
Load-Balancing
DataCenter
X-Ua
Cneonction
X-DataCenter
X-Limited
X-App
Expect-Staple
X-Correlation-ID
X-DynaTrace
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Hit
Type
X-Serial
Ohc-Cache-HIT
X-Amz-Meta-Opti
X-Check-Cacheable
X-MSEdge-Features
X-Lb-Id
X-MiniProfiler-Ids
X-MSEdge-Flight
X-Akamai-Pragma-Client-IP
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Timeexpire
X-Service-Response-Time
X-Acquia-Purge-Tags
Cmstype
Cmsid
X-Sqd-Stime
X-Sqd-Ctime
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Application-Trace
Sm-Log-Id
X-Web-Server
X-Requestid
X-Irp-Debug
X-Owner
X-Datacenter
Cross-Origin-Opener-Policy-Report-Only
Warning
CountryCode
Servername
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-LAGOON
X-Core-Mission
WZWS-RAY
X-Platform-Server
X-Via-Edge
X-Shardid
N-Cache
X-Via-SSL
X-Via-CDN
X-Sorting-Hat-Shopid
X-Shopid
X-Sorting-Hat-Podid
X-Origin-Upstream-Status
X-Th-Server
Cl-Cache
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Ramcache
X-RAMCache
X-Snapshot-Date
Edge-Copy-Time
Ngx
X-Qloud-Router