Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
EagleId
Keep-Alive
X-Cache-Group
Request-Context
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Url
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
Nginx-Cache
X-CST
X-Server-Name
X-Powered-By-Plesk
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Cnection
Accept-Ch
X-Cache-TTL
X-ESI
X-GitHub-Request-Id
X-Ac
X-Element-Page-Cache
Edge-Control
X-D2id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
Verso
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Upstream
X-Vcap-Request-Id
X-Abt-Application-Version
X-FastCGI-Cache
X-ECACHE
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
Fastly-Restarts
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-Mod-Pagespeed
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-NF-Request-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Client-IP
X-Goog-Hash
X-Ratelimit-Limit
X-ARC
X-PDP-UNCACHING-HASH
X-Mg-S
X-Powered-CMS
X-Sol
Display
Pagespeed
X-Middleton-Display
S
Edge-Cache-Tag
X-Oneagent-Js-Injection
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
RTSS
X-TraceId
X-Ratelimit-Remaining
X-TTL
Realpath
X-Fastly-Request-ID
X-Forwarded-For
X-Content-Digest
X-Varnish-TTL
X-T
X-Cache-Key
Cross-Origin-Resource-Policy
X-Correlation-Id
X-Recruiting
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Cached
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
Content-MD5
MicrosoftSharePointTeamServices
X-Ua-Browser
MS-Author-Via
X-Country-Code-Real
X-HS-Hub-Id
X-Request-Processing-Time
X-Forwarded-Proto
X-Request-Received
X-HS-Cache-Config
X-FTR-Backend-Server
X-Protected-By
X-FTR-Balancer
X-FTR-Cache-Status
X-HS-Content-Id
X-FTR-Backend
X-LLID
X-Frontend
TP-Cache
Payment
Public-Key-Pins
Arr-Disable-Session-Affinity
Server-Node
X-PressLabs-Stats
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ruxit-Js-Agent
Count-Hit
X-FTR-Expires
X-Accel-Expires
X-HS-Combine-CSS
X-GUploader-UploadID
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
X-Origin-Server
X-Server-ID
X-NODE
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Ezoic-Cdn
X-Newrelic-App-Data
X-Microsite
X-Request-Handler-Origin-Region
X-AppVersion
X-Activity-Id
X-Az
X-Varnish-Server
X-Www-Served-By
X-ORACLE-DMS-ECID
X-App-Server
Mrf-Cache-Status
X-Content-Security-Policy-Report-Only
Accept-Charset
MRF-Tech
Host
X-B3-TraceId-Primal
X-Cluster-Name
Cache-Tags
Retry-After
X-Varnish-Backend
Cleartype
X-Amz-Meta-S3cmd-Attrs
X-Ua-Device
X-Goog-Metageneration
Server-Name
Filterid
X-Unique-Id
X-Ttl
X-Git-Hash
Access-Control-Allow-Method
X-Envoy-Decorator-Operation
X-Hits
X-Debug
X-Azure-Ref
X-CSRF-Token
X-NGENIX-Cache
X-Upgrade-Enabled
X-Load-Cache
X-Geo-Country
X-Logged-In
X-Hostname
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Surrogate-Key
TCN
X-FB-Debug
TP-L2-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Proxy
X-Id
X-Seen-By
X-B
X-B3-Sampled
X-TT
Section-Io-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Grace
X-Hcs-Proxy-Type
X-Aws-Lambda-Call-Status
DC
X-Cache-Control
X-Trace-Id
X-Request-Guid
X-Revision
Referer-Policy
X-Type
X-Contextid
X-F-Cache
X-Fb-Rlafr
X-Time
Viewport
Healthy
X-Mobile
X-N
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-XRDS-LOCATION
X-Goog-Generation
Fastly-SIE
Fastly-SWR
Paypal-Debug-Id
X-DIS-Request-ID
Content-Disposition
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Page-Id
X-Debug-Info
X-Px
X-Via-JSL
X-Varnish-Grace
X-Origin-Cache
Version
X-Magnolia-Registration
X-Whom
X-Webkit-CSP
X-Amz-Replication-Status
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
Charset
X-ProcessESI
X-Template
X-RemovedCookies
X-G
X-UUID
X-Adobe-Content
X-Adobe-Loc
X-Tumblr-User
X-Node-Name
X-App-Environment
X-Wix-Request-Id
X-Rule
X-Tumblr-Pixel-1
X-Debug-IsConnected
MS-CV
Ms-Operation-Id
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Oracle-Dms-Ecid
X-RTag
VIX-Pulpo-Upstream-Status
X-Yottaa-Metrics
X-Source
VIX-Pulpo-Node
X-Yottaa-Optimizations
NGB
X-Ratelimit-Reset
SD-X-WS
X-Storage
X-Datadog-Sampled
X-Hl-Ver
X-B-Cache
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-Environment-Context
X-Cacheable-TTL
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Version
X-Instance
X-User-Agent
X-NYM-Debug-Backend
X-Signature
X-Varnish-Ttl
X-Region
X-Is-Bot
X-Rendered-As
X-L-Path
X-Wormhole-Sdk
X-Proxy-Cache-Info
X-Device-Type
GEO-INFO
X-Cache-Grace
X-Status
X-Backend-Name
ServerID
X-Rid
Cross-Origin-Window-Policy
Country
X-ServerID
X-Real-IP
X-IPS-LoggedIn
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-NWS-UUID-VERIFY
Countrycode
X-WP-CF-Super-Cache-Active
X-Cache-Age
Akamai-GRN
X-URL
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-RM-Cache-TTL
SRV
Front
X-Language
X-Framework
X-B3-SpanId
OT-Force-Account-Verify
X-Sucuri-ID
X-AB
X-Sucuri-Cache
X-Air-Pt
X-Servername
X-WebKit-CSP-Report-Only
X-UA
X-Content-Powered-By
X-Oracle-Dms-Rid
X-VC-Cache
X-Ismobilevalue
From-Origin
X-Akamai-Request-ID2
X-Mode
X-Air-Source
X-Air-Trace-Id
Xet-Cookie
X-Air-Hostname
Backend
X-VC
X-DataDome
Upgrade-Insecure-Requests
Refresh
X-Cache-Time
X-Xrds-Location
X-Handled-By
X-SRV
X-Api-Version
X-Cache-Status-Check
Access-Control-Request-Headers
Accept-Language
X-HTML-Minification-Powered-By
Filters
LB
Cache
X-Xfnlog-Site
X-RID
X-Rewrite-Enabled
X-JoinUs
Meta-Geo
X-Rn-Rsrv
X-UPSTREAM-Address
X-RCS-CacheZone
X-SaId
X-Container-Uri
X-Cms-Context
X-Cloudmap
X-Generated-By
X-Hosted-By
X-Extlb
X-Tumblr-Pixel-2
X-Endurance-Cache-Level
X-Varnish-Age
X-Lambda-Id
X-Cache-Operation
X-AWS-Id
Webcakes-App-Version
X-Cache-Rule
Webcakes-Region
X-LJ-Flow-ID
X-Adobe-Source
X-VWS-Id
X-Zipkin-Id
TWC-Device-Class
TWC-GeoIP-Country
X-S
X-Labrador-Cache-Channel
X-Nginx-Cache
TWC-Connection-Speed
X-Routing-Service
X-Git-Commit
Property-Id
ServedBy
TWC-GeoIP-LatLong
X-INCAP-ABP
Webcakes-App-Name
X-Provided-By
X-Webstats-RespID
X-Proxied
X-PHP-Host
TWC-Privacy
X-Origin-Hint
TWC-Locale-Group
X-Tt-Logid
X-Is-Tablet
X-No-Session
Atl-Traceid
X-Origin-Date
X-Is-Mobile
X-Logging-Id
X-Is-Supported-Browser
X-Loop
Apigw-Requestid
X-Locale
X-Edge-Location
X-Scope-Id
X-Tcp-Rtt
X-Cluster
X-Tb
X-Fetched-On
X-Is-Desktop
X-Fastly-Request-Id
X-Cache-Debug
X-ECache
X-Accel-Version
X-Tncms
X-Forwarded-Host
X-Geo-Region
X-Browser-Name
X-Akamai-Edgescape
Url
Web-Mar-Node
X-Restarts
Mn-Server-Ip
X-Reqid
X-Redis-Cache
X-R9-Blue-Green-Version
X-Skip-Cache
X-Web-Node
X-Served-From
Section-Io-Id
X-Site-Version
X-Httpd
X-Ms-Request-Id
X-Format
X-IPLB-Request-ID
X-IPLB-Instance
X-Alternate-Cache-Key
Selected-Fe
X-Director
X-Detected-As
X-Cache-Host
X-BYPASS-REASON
X-Frame-Option
X-Say-TTL
X-Storefront-Renderer-Rendered
X-Nf-Request-Id
X-ProxyCache-Status
X-Soup
X-Shopify-Stage
X-Ms-Version
X-SayCDN-TTL
X-Say-Cacheable
X-ProxyCache-Key
X-Timing-Wait
X-Upstream-Ht
X-Varnish-Cache-Hits
Webserver
X-Optimistic-Header
X-Origin
X-Proxy-Build
X-Varnish-Beresp-Grace
X-Upstream-Ct
X-GeoCountry
Frame-Options
X-GeoCode
X-Request-URI
X-VCT
X-RateLimit-Limit
Xserver
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Azure-Ref-OriginShield
X-Mg-Request-UUID
X-Lagoon
Onion-Location
WPO-Cache-Status
X-Vcache
X-WP-CF-Super-Cache-Cookies-Bypass
X-Connection-Hash
X-Vcl-Version
X-Drupal-Cache-Tags
Expiry
WPO-Cache-Message
X-Thinkindot-L3
X-Generation-Time
X-CMSURLCustom
X-CDN-Forward
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl-Type
Source
Protected
X-Shield-Cache-Expires
X-Origin-CC
X-Origin-TTL
Thinkindot-CacheControl
X-Drupal-Cache-Contexts
X-ID
X-Cdn-Origin
Cdn-Requestid
X-Cache-Expired-At
Fastcgi-Useragent
Cache-Hits
X-Vercel-Cache
X-Vercel-Id
X-Worker
X-XRDS-Location
X-Rocket-Nginx-Serving-Static
X-Pass-Why
Environment
X-PHP-Backend
X-Cache-Action
X-TA-CDN-Provider
Priority
X-Proxy-Cache-Status
X-GEO
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-Version
Azure-InstanceId
X-Buckets
X-Origin-Cache-Key
X-RateLimit-Reset
Node
Uber-Trace-Id
X-App-Version
X-Client-Ip
Sid
Locale
CDN-Cache
CDN-EdgeStorageId
X-Urbn-Context-Path
X-Cluster-Node
X-Urbn-Site-Id
CDN-CachedAt
CDN-RequestPullSuccess
CDN-PullZone
Cross-Origin-Embedder-Policy
CDN-RequestPullCode
CDN-Uid
CDN-RequestCountryCode
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Tumblr-Pixel-3
Cache-Tv-Group
CF-IPCountry
X-FB-TRIP-ID
X-Auth-Group-Type
X-Cache-Server
X-Server-W
X-Fastcgi-Cache
DB-Nickname
X-B3-Traceid
X-HITS
X-Tx-Id
User-Cache-Control
X-Pad
Alternate-Protocol
X-A
X-Bc-Bl
Wxu-Next-Commit
T-Server
Sslversion
X-Aed
X-A-Dgt
X-A-Dcw
X-A-Ccd
Wxu-Next-Region
X-A-Dam
X-A-Wwc
Wxu-Next-Hostname
Edge-Cache
Content-Secure-Policy
DCR-Decision-By
DCR-Processing-Time-Ms
Cdn-Request-Time
Cdn-Host
A
Candidate-Md5Url
Gannett-Cam-Experience-Id
Lang
Odigeo-Trace-Id
Origin
Origin-Agent-Cluster
Ngx.Var.Host
Meta-Geo-Continent
Magicmarker
MD5-Digest
Rendered-Blocks
X-DefElseHash
X-Origin-Expires
X-Req
X-Rojux
X-SB
X-Org
X-Op-Id-All
X-Ig-Origin-Region
X-Ig-Push-State
X-Level-Front-Cache
X-ND-Cache
X-ScT
X-SRCache-Key
X-Vdms-Version
X-Via-Fastly
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TIM-N
X-UA-Device-Type
X-V-Cache
X-Varnish-CookieHashed-On
X-Hnp-Log
X-Gzip
X-Content-Age
X-Core-Value
X-Custom-Header
X-D
X-Conf
X-Cache-TTL-Remaining
X-Bl-Debug
X-Block-Status
X-Cache-Id
X-Cache-NE
X-DefHash
X-Developer
X-Fastly-Backend
X-Gen-Mode
X-Generated-On
X-GeoIP-City
X-Esi-Check
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
X-Edge-Server
X-BCube-Filmed-By
Surrogated-Key
X-Jobs
X-Service
HostName
Mime-Version
X-DC
X-NGINX-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Backend-Instance
X-Cdn-Srv
X-Bip
X-DPWN-IS-SECURE
X-Cache-Info
X-Cache-Bucket
X-Fmm-Version
X-Geo-Header
X-GeoIP
X-GeoIP-Region-Code
X-Dc
X-Gdpr
X-GeoIP-Country-Code
X-B3-Trace-ID
X-Forwarded-Site
X-Fastly-Cache
X-Amz-Storage-Class
Server-Hostname
Sever-Int
Ssr
Tube-Get-Contents
Server-Host
Server-Ext
Req-ID
RNT-Machine
RNT-Time
Tube-Got-Eval
Tube-Got-Results
X-Aicache-OS
X-AK-Request-ID
X-GoCache-CacheStatus
X-App-Name
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
V-Age
Vix-Hermes-Req-Id
X-Auto-Login
X-Loc
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Thanos
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Scheme
X-SD-PageType
X-Server-IP
X-Varnish-Director
X-Varnish-Hostname
X-WA-Info
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-VarnishDD-TTL
X-VG-TLSProxy
X-VG-WebCache
X-Request-Time
X-Region-Sid
X-Mly-Id
X-Nginx-Cache-Key
X-NMSegId
X-Node-Id
X-Micro-Cache
X-Men
X-HS-Content-Campaign-Id
Producers
X-LSADC-Cache
X-NodeID
X-Nyt-Route
X-Powered-By-VTEX-Cache
X-Pubstack
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Policy
X-Platform
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-HN
X-Clientip
Adler-Geo
Fusion-Content-Id
Cache-Provider
Country-Code
Content-Script-Type
Click-Count-Error
Fusion-Component-Id
NM-Fastcgi-Cache
AKAMAI
Fusion-Content-Source
Fusion-Deployment-Id
Is-Eu
Host-ID
C-Via
Fastly-SSL
Fusion-Template-Id
Esi-Enabled
Fastly-Backend-Name
Fusion-Source
Click-Count-Action-Start
Content-Style-Type
Cdncip
Origin-CC
Powered-By
Origin-EX
CDCHOST
PFcat
Platform
Cdnsip
X-Cache-Aspx
X-FC-Vary-Parameters
Yak-Timeinfo
Req-Svc-Chain
X-Varnishpool
X-Slack-Shared-Secret-Outcome
Fastly-GeoIP-CountryCode
X-BBC-Edge-Cache-Status
Cache-Key
L
X-Ec-Custom-Error
Gh-Request-Id
X-Contensis-Viewer-Groups
X-Date
X-Var-Ttl
X-CUA
Apple-News-Services-Request-Url
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Device-Os
X-Pool
X-CacheTTL
X-Depends
Proxy-Firewall
Release
X-Slack-Backend
X-Location
Apple-News-Services-Handled
Apple-News-Services-Host
X-Proto
X-Section
Web-Mar-Region
Cluster
X-Request-Start
On-Server
X-Mvc-Supplant-Cachable
True-Client-Country-4JS
X-We-Are-Hiring
Machine
Apple-News-Services-Parsed-Url
NGX
X-Hash
Pramga
DSUID
X-Access
X-Human
X-Proxied-Request
X-Accel-Expires-Debug
X-Request-Host
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-OutputCached
Ha-Gx-Prefs
Canary
X-LiteSpeed-Cache-Control
X-Eu-Site
X-Cache-FS-Status
X-Csrf-Jwt
Mail-Subject
W
We-Hiring
HA-Ipaddr
L5d-Success-Class
X-CGP
X-AIR-PT
X-From
X-Up
X-Varnish-Hits
X-NCache
X-Zone
X-MP-GENERATED-AT
X-Akamai-Transformed
Redirect-Candidate
X-LB-ID
Debug
X-Jungle-Id
WP-Super-Cache
Server-Info
CDN-RequestId
X-Vdms-Path
CloudFront-Viewer-Country
X-Refresh
X-CACHE-AGE
X-Cs
BehaviorPad-Version
X-Cache-Backend
X-Tec-Api-Origin
SID
X-Tec-Api-Root
X-Tec-Api-Version
X-Via-Popv
X-Via-Poph
Fastly-Drupal-HTML
Pics-Label
X-Servedbyhost
X-APP
X-HA-Backend
X-Via-Popn
X-Parent-Response-Time
X-Uri
X-Newrelic-Synthetics
X-B3-Parentspanid
GeoIP-Latitude
X-VHOST
X-Nananana
X-M-Reqid
X-M-Log
X-Datadome
X-PERF
X-Render-Time
X-ApacheServer
X-Content-Length
X-VC-TTL
Fastly-Drupal-Html
X-CDN-Cache-Status
X-SERVER-NAME
X-CS
X-Nc
X-LB-NoCache
X-Litespeed-Tag
X-CACHE-KEY
X-Cached-By
Resin-Trace
Datacenter
X-DynaTrace-JS-Agent
Locid
X-Wa
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
X-Original-Request-Id
X-Response-Served-From
Server-ID
X-LiteSpeed-Tag
NtCoent-Length
Vc-Max-Age
X-ZONE
X-RequestId
X-Dispatcher-Number
Cdn
X-TT-LOGID
X-B3-Spanid
X-VCache
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
Cf-Ipcountry
Product
X-Fpc
X-Old-Content-Length
FSS-Cache
True-Client-IP
X-NewRelic-App-Data
Srv
Serverhost
X-Esi
X-TIME
Ngx-Var-Key
Uri
X-Ckpd-Fst-Backend
CDN
X-Srv
X-TX-ID
X-HostName
X-Nf-Country
True-Client-Ip
X-Vgn-Hpd-Reason
X-Bug-Bounty
X-Nf-Ats-Version
ServerName
X-Nf-Language
X-Platform-Processor
X-HubSpot-Correlation-Id
X-Platform-Cluster
X-Platform-Router
X-Dynatrace-Js-Agent
X-TH-Server
Tcn
X-FPC
X-Moov-T
X-Moov-Xdn-Version
X-Vc
S-Rt
X-Cdn-Forward
X-Oracle-DMS-ECID
X-WA
GeoIP-Country-Code
Request-ID
CacheControlHeader
Cf-Device-Type
X-Dispatch
X-Cdn-Cache-Status
Server-Id
X-APP-VERSION
Cross-Origin-Embedder-Policy-Report-Only
Hostname
X-Application
X-User
X-Akamai-Device-Characteristics
X-Vmg-Version
X-External-Request-Id
X-S-Cookie
X-B-Cookie
X-Destination
User-Agent
X-NC
X-COUNTRY
X-Lb-Nocache
X-Webkit-Csp-Report-Only
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-FL-QIT-DEBUG
X-Gamma-Serve
Geoip-Latitude
X-Info
X-Zen-Fury
Srvid
ServerHost
X-Presslabs-Stats
Xc-Version
Cneonction
X-Cache-Date
X-Via-PopH
X-Sigma-Backend
X-Sigma
X-Instance-Name
X-Rocket-Build-Number
X-Geo
X-Via-PopN
Ohc-File-Size
X-Via-PopV
X-Ha-Backend
X-API-Version
X-VServer
X-Hit
X-ServedByHost
X-Segment-20210421
Origin-Trial
PICS-Label
Expect-Staple
X-VCL-Version
X-Amz-Meta-Opti
Cloudfront-Viewer-Country
X-Branch-Name
Epwk-X-Cache
X-V
X-App
X-Ua
X-Limited
X-Correlation-ID
X-Akamai-Pragma-Client-IP
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
DataCenter
Permission-Policy
N-Cache
Ohc-Cache-HIT
Load-Balancing
X-Lb-Id
X-Eligible
X-Check-Cacheable
WZWS-RAY
X-Rollout
X-MiniProfiler-Ids
X-DataCenter
X-Serial
X-Platform-Server
X-New
X-Wp-Cf-Super-Cache-Cache-Control
X-DynaTrace
Lb
X-Wp-Cf-Super-Cache
X-Acquia-Site
X-Acquia-Purge-Tags
Cmstype
X-Sqd-Stime
X-Web-Server
XkeyRZ
X-Acquia-Application-UUID
X-Sqd-Ctime
Cmsid
X-MSEdge-Features
X-Proxy-CacheRZ
Timeexpire
Warning
Type
Sm-Log-Id
X-Service-Response-Time
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-Datacenter
X-MSEdge-Flight
X-Acquia-Application-Trace
X-LAGOON
Servername
CountryCode
WebServer
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-Ramcache
X-Th-Server
X-Fastly-Backend-Reqs
X-Snapshot-Date
Ngx
X-Core-Mission
X-RAMCache
Fl-Custom-Application
X-Requestid
X-Owner
X-Irp-Debug
Wpo-Cache-Status
Wpo-Cache-Message
X-Shardid
X-Shopid
X-Origin-Upstream-Status
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Cross-Origin-Opener-Policy-Report-Only
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified