Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
X-XSS-Protection
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
Expect-Ct
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
P3p
Permissions-Policy
X-UA-Device
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Allow
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
Cf-Railgun
X-Host
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-CST
X-Daa-Tunnel
X-Litespeed-Cache
Cross-Origin-Opener-Policy
Nginx-Cache
X-Edge
X-Mcache
X-Browser-Type
X-Server-Name
X-Midtier
X-Powered-By-Plesk
Accept-Ch
X-Cnection
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-SID
X-ESI
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
X-Cache-TTL
X-D2id
Edge-Control
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Kinja-Build
Verso
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Vcap-Request-Id
X-FastCGI-Cache
X-Ser
AR-CACHE
X-Abt-Application-Version
X-Oneagent-Js-Injection
X-Navigation-Version
X-Dw-Request-Base-Id
X-Webkit-Csp
SPIisLatency
SPRequestDuration
X-B3-TraceId
X-NF-Request-ID
X-Mod-Pagespeed
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Client-IP
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-Mg-S
Edge-Cache-Tag
S
X-ARC
X-Powered-CMS
Display
X-Sol
X-Middleton-Display
Pagespeed
X-PDP-UNCACHING-HASH
Cache-Status
X-Amzn-Trace-Id
X-Ratelimit-Limit
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-Cache-Key
X-Fastly-Request-ID
RTSS
X-Content-Digest
X-TraceId
Realpath
X-Ruxit-Js-Agent
Cross-Origin-Resource-Policy
X-T
X-Forwarded-For
X-Ratelimit-Remaining
X-TTL
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-RateLimit-Remaining
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
X-Varnish-TTL
Content-MD5
X-Protected-By
X-FTR-Backend
X-FTR-Backend-Server
X-HS-Cache-Config
X-FTR-Cache-Status
X-FTR-Balancer
X-HS-Hub-Id
X-Country-Code-Real
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
X-Forwarded-Proto
X-Frontend
TP-Cache
Payment
Server-Node
X-LLID
Public-Key-Pins
X-PressLabs-Stats
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Combine-CSS
X-FTR-Expires
Count-Hit
X-Server-ID
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
X-Distributor
X-Origin-Server
X-NODE
X-LB-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Ezoic-Cdn
X-Aws-Lambda-Call-Status
X-Microsite
X-Request-Handler-Origin-Region
X-Newrelic-App-Data
X-Varnish-Server
X-Activity-Id
X-Az
X-AppVersion
X-Www-Served-By
Mrf-Cache-Status
X-B3-TraceId-Primal
Host
X-App-Server
Accept-Charset
MRF-Tech
X-Cluster-Name
X-ORACLE-DMS-ECID
Cache-Tags
X-Ua-Device
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
X-Content-Security-Policy-Report-Only
Retry-After
Cleartype
Server-Name
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Ttl
X-Goog-Metageneration
X-ASPNET-VERSION
X-Hits
Filterid
X-Unique-Id
X-Envoy-Decorator-Operation
X-Git-Hash
X-CSRF-Token
Access-Control-Allow-Method
X-Hostname
X-Azure-Ref
X-NGENIX-Cache
X-Upgrade-Enabled
X-Geo-Country
X-Load-Cache
X-Id
X-Debug
Referer-Policy
X-Logged-In
TP-L2-Cache
TCN
X-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-Seen-By
X-FB-Debug
X-Hcs-Proxy-Type
X-B
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-B3-Sampled
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Grace
X-TT
Section-Io-Cache
X-Varnish-Ttl
Surrogate-Key
X-Request-Guid
X-Revision
DC
X-Trace-Id
X-F-Cache
X-Cache-Control
X-Contextid
Healthy
X-XRDS-LOCATION
X-Fb-Rlafr
X-Type
Viewport
X-DIS-Request-ID
X-Mobile
X-N
Paypal-Debug-Id
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Fastly-SIE
Fastly-SWR
X-Page-Id
X-Debug-Info
X-Px
Content-Disposition
X-Webkit-CSP
X-Via-JSL
X-Origin-Cache
X-Whom
X-Varnish-Grace
Version
X-Magnolia-Registration
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Content-Options
X-Template
X-Oracle-Dms-Ecid
X-Amz-Replication-Status
Charset
X-G
X-Wix-Request-Id
X-Cache-Grace
X-Rid
X-ProcessESI
X-UUID
X-RemovedCookies
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Tumblr-Pixel-1
X-Debug-IsPreview
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel
MS-CV
X-Adobe-Content
X-Rule
Ms-Operation-Id
X-RTag
X-Debug-IsConnected
X-Node-Name
VIX-Pulpo-Upstream-Status
X-B-Cache
X-Datadog-Sampled
X-Cache-Age
X-Storage
X-NWS-UUID-VERIFY
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Source
X-Hl-Ver
X-Signature
VIX-Pulpo-Node
SD-X-WS
NGB
ServerID
X-FW-Type
X-NYM-Debug-Backend
X-L-Path
X-Is-Bot
X-Proxy-Cache-Info
X-Region
X-User-Agent
X-Rendered-As
X-Instance
X-FW-Version
X-FW-Dynamic
X-Device-Type
X-Cacheable-TTL
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-Backend-Name
X-Environment-Context
X-EdgeConnect-Cache-Status
X-Real-IP
X-Cache-Hit
GEO-INFO
Country
X-Status
X-ServerID
Countrycode
X-Language
X-IPS-LoggedIn
Cross-Origin-Window-Policy
SRV
Liferay-Portal
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-Wormhole-Sdk
X-B3-SpanId
X-Ratelimit-Reset
X-RM-Cache-TTL
X-WP-CF-Super-Cache-Active
X-Sucuri-Cache
Front
X-Sucuri-ID
OT-Force-Account-Verify
X-Framework
X-Oracle-Dms-Rid
X-Servername
X-AB
X-Air-Pt
X-UA
X-VC-Cache
X-RateLimit-Limit
From-Origin
X-Content-Powered-By
X-WebKit-CSP-Report-Only
Xet-Cookie
X-VC
Amp-Access-Control-Allow-Source-Origin
X-Air-Hostname
X-Mode
X-Air-Trace-Id
X-Air-Source
X-Akamai-Request-ID2
Backend
X-URL
Upgrade-Insecure-Requests
X-Xrds-Location
Refresh
X-Origin-Cache-Key
X-Cache-Time
X-Handled-By
X-INCAP-ABP
X-Nginx-Cache
X-Endurance-Cache-Level
X-Ismobilevalue
Accept-Language
X-Rewrite-Enabled
X-Rn-Rsrv
X-JoinUs
X-Xfnlog-Site
Filters
Meta-Geo
Cache
X-Edge-Location
X-SaId
X-UPSTREAM-Address
X-SRV
X-RCS-CacheZone
X-VWS-Id
TWC-Connection-Speed
X-Container-Uri
X-PHP-Host
TWC-Locale-Group
X-Tumblr-Pixel-2
X-Zipkin-Id
X-Provided-By
Webcakes-App-Version
X-S
Webcakes-App-Name
X-Lambda-Id
X-LJ-Flow-ID
X-Reqid
X-Labrador-Cache-Channel
LB
X-Generated-By
X-Cluster
X-Webstats-RespID
X-Cloudmap
X-Proxied
X-Cache-Operation
Property-Id
TWC-GeoIP-LatLong
Webserver
Access-Control-Request-Headers
Webcakes-Region
X-HTML-Minification-Powered-By
X-No-Session
TWC-Device-Class
TWC-Privacy
X-AWS-Id
ServedBy
X-R9-Blue-Green-Version
X-Varnish-Age
X-Origin-Hint
X-Cms-Context
X-Adobe-Source
TWC-GeoIP-Country
X-Hosted-By
X-Git-Commit
X-Origin-Date
X-Cache-Rule
X-Routing-Service
X-Extlb
X-Cache-Status-Check
X-Accel-Version
X-Loop
X-Ms-Request-Id
X-Ms-Version
Apigw-Requestid
Atl-Traceid
X-Scope-Id
X-Skip-Cache
X-ProxyCache-Status
X-ProxyCache-Key
X-Site-Version
X-Api-Version
X-Is-Tablet
X-Forwarded-Host
X-DataDome
X-Httpd
X-Fetched-On
Web-Mar-Node
X-Tcp-Rtt
X-BYPASS-REASON
X-Tb
Section-Io-Id
Url
X-Cache-Debug
Mn-Server-Ip
X-IPLB-Instance
X-IPLB-Request-ID
X-Redis-Cache
X-Restarts
X-Akamai-Edgescape
X-Locale
X-Logging-Id
X-Served-From
X-Web-Node
X-Is-Desktop
X-Tncms
X-Browser-Name
X-Is-Mobile
X-Geo-Region
X-Is-Supported-Browser
Selected-Fe
X-VCT
X-Varnish-Beresp-Grace
X-Upstream-Ht
X-Varnish-Cache-Hits
X-Timing-Wait
X-Format
X-Origin
X-Cache-Host
X-Frame-Option
X-Shopify-Stage
X-Upstream-Ct
X-Say-Cacheable
X-Alternate-Cache-Key
X-Proxy-Build
X-SayCDN-TTL
X-Say-TTL
X-Storefront-Renderer-Rendered
X-Director
X-Soup
Frame-Options
X-Azure-Ref-OriginShield
X-Detected-As
X-GeoCountry
Xserver
WPO-Cache-Status
WPO-Cache-Message
X-RID
X-Optimistic-Header
X-GeoCode
X-Sorting-Hat-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Request-URI
X-Drupal-Cache-Tags
X-CMSURLCustom
X-Generation-Time
X-RateLimit-Reset
X-Vcache
X-Tt-Logid
X-Shield-Cache-Expires
Thinkindot-Control
X-Thinkindot-L3
X-Origin-CC
Cache-Hits
X-Origin-TTL
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Lagoon
Onion-Location
Source
X-Drupal-Cache-Contexts
Cdn-Requestid
Expiry
X-Connection-Hash
X-Cdn-Origin
X-CDN-Forward
Fastcgi-Useragent
Protected
X-WP-CF-Super-Cache-Cookies-Bypass
X-Fastly-Request-Id
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Mg-Request-UUID
X-Buckets
X-Cache-Expired-At
X-Worker
X-Vcl-Version
X-Vercel-Id
X-Vercel-Cache
X-TA-CDN-Provider
X-Pass-Why
X-PHP-Backend
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
X-Rocket-Nginx-Serving-Static
Environment
X-App-Version
Node
X-ECache
X-Proxy-Cache-Status
Sid
Priority
X-Cache-Action
X-ID
X-Aspnetmvc-Version
CDN-Cache
Cross-Origin-Embedder-Policy
Uber-Trace-Id
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-GEO
X-XRDS-Location
X-Cluster-Node
X-Tumblr-Pixel-3
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Server-W
X-Cache-Server
X-Fastcgi-Cache
Cache-Tv-Group
DB-Nickname
HostName
X-FB-TRIP-ID
Alternate-Protocol
CF-IPCountry
User-Cache-Control
X-Auth-Group-Type
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-Pad
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-Client-Ip
X-Nf-Request-Id
X-Jobs
Edge-Cache
X-Gzip
X-Hnp-Log
Cdn-Host
X-Bl-Debug
X-Block-Status
DCR-Processing-Time-Ms
X-GeoIP-City
X-D
X-BCube-Filmed-By
X-Ig-Origin-Region
X-Core-Value
X-Content-Age
X-Conf
X-Bc-Bl
X-Custom-Header
Cdn-Request-Time
X-Ig-Push-State
X-Level-Front-Cache
Candidate-Md5Url
DCR-Decision-By
A
X-Cache-Id
X-Ec-GeoHdr
Content-Secure-Policy
X-Edge-Server
X-Fastly-Backend
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-Fail
X-Cache-TTL-Remaining
X-Generated-On
X-DefHash
X-DefElseHash
X-Developer
X-Service
X-Dispatcher-Server
X-Gen-Mode
X-Device-Os
X-Cache-NE
X-Op-Id-All
Gannett-Cam-Experience-Id
X-ScT
Odigeo-Trace-Id
Wxu-Next-Hostname
Origin
Wxu-Next-Region
X-SB
X-A
X-Req
Ngx.Var.Host
X-Rojux
X-SRCache-Key
Origin-Agent-Cluster
X-Varnish-CookieHashed-On
X-V-Cache
X-Varnish-CookieINHashed-On
X-Vdms-Version
T-Server
X-UA-Device-Type
X-TIM-N
Wxu-Next-Commit
X-Via-Fastly
X-Dc
Surrogated-Key
X-Varnish-Remaining-TTL
X-A-Ccd
X-Viewer-Country
Meta-Geo-Continent
X-Origin-Expires
Sslversion
X-Aed
X-ND-Cache
Rendered-Blocks
X-Vtex-Remote-Cache
X-A-Wwc
X-Org
MD5-Digest
X-A-Dcw
Magicmarker
X-A-Dam
X-A-Dgt
Lang
Mime-Version
X-Tx-Id
X-LSADC-Cache
Server-Ext
Server-Hostname
Server-Host
Ssr
X-Cdn-Srv
X-CacheTTL
Sever-Int
X-Cache-Info
X-Amz-Storage-Class
X-AK-Request-ID
X-Ad-Load-Variation
X-App-Name
X-Backend-Instance
X-B3-Trace-ID
X-Auto-Login
X-Clientip
X-Bip
Tube-Return
Tube-Got-Results
V-Age
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Cache-Bucket
Tube-Get-Contents
X-GeoIP-Country-Code
X-SD-PageType
X-Scheme
X-Server-IP
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Request-Time
X-Region-Sid
X-Proto
X-Powered-By-VTEX-Cache
X-Pubstack
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-WA-Info
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
X-VTEX-Cache-Server
X-VG-WebCache
X-Varnish-Director
X-Thanos
X-Varnish-Hostname
X-VarnishDD-TTL
X-VG-TLSProxy
X-Policy
X-Platform
X-GeoIP
X-Geo-Header
RNT-Time
X-GeoIP-Region-Code
X-HN
X-GoCache-CacheStatus
X-Gdpr
X-Forwarded-Site
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Fastly-Cache
X-FC-Vary-Parameters
X-Fmm-Version
X-HS-Content-Campaign-Id
X-Loc
X-Nyt-Route
X-NodeID
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-Node-Id
X-NMSegId
X-Micro-Cache
X-Men
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Debug-Cache-Fetch
Tube-Got-Eval
Esi-Enabled
Country-Code
Content-Style-Type
Content-Script-Type
Fastly-SSL
Host-ID
Origin-CC
NM-Fastcgi-Cache
Is-Eu
Click-Count-Error
Click-Count-Action-Start
AKAMAI
Adler-Geo
RNT-Machine
C-Via
Cache-Provider
Cdnsip
Cdncip
CDCHOST
Origin-EX
Fastly-Backend-Name
Producers
Req-ID
Platform
Powered-By
PFcat
X-Tec-Api-Version
X-Tec-Api-Origin
X-HITS
X-Tec-Api-Root
X-DC
X-Varnish-Beresp-Ttl
X-CUA
X-We-Are-Hiring
Release
X-NCache
X-Csrf-Jwt
Cluster
X-CGP
Pramga
Web-Mar-Region
X-Date
X-Contensis-Viewer-Groups
Proxy-Firewall
Yak-Timeinfo
X-Aicache-OS
Req-Svc-Chain
X-Ec-Custom-Error
X-Location
X-Eu-Site
X-Hash
X-Human
Apple-News-Services-Handled
Apple-News-Services-Host
We-Hiring
Cache-Key
On-Server
X-Depends
X-Mvc-Supplant-OutputCached
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Canary
True-Client-Country-4JS
Ha-Gx-Prefs
HA-Ipaddr
X-Varnishpool
X-Varnish-Authentication
Gh-Request-Id
X-MP-GENERATED-AT
X-Var-Ttl
X-Access
X-Accel-Expires-Debug
NGX
X-Varnish-Beresp-Status
Mail-Subject
Machine
L
L5d-Success-Class
X-Slack-Shared-Secret-Outcome
X-Up
X-Request-Host
X-Slack-Backend
X-Cache-Aspx
X-Proxied-Request
W
X-Pool
DSUID
X-Request-Start
X-BBC-Edge-Cache-Status
Fastly-GeoIP-CountryCode
X-Section
X-From
X-LiteSpeed-Cache-Control
X-AIR-PT
X-NGINX-Cache
X-Jungle-Id
X-Cs
X-Zone
X-Vdms-Path
X-Varnish-Hits
X-Cache-FS-Status
X-LB-ID
X-Cache-Backend
X-Akamai-Transformed
WP-Super-Cache
X-Uri
Debug
CDN-RequestId
X-Datadome
Server-Info
X-Via-Popn
Redirect-Candidate
CloudFront-Viewer-Country
X-HA-Backend
Pics-Label
X-Refresh
X-Via-Poph
X-Via-Popv
Fastly-Drupal-HTML
BehaviorPad-Version
X-ApacheServer
X-Newrelic-Synthetics
X-Servedbyhost
X-PERF
X-Render-Time
X-Nananana
X-VHOST
SID
X-VC-TTL
X-M-Reqid
X-M-Log
X-APP
X-Parent-Response-Time
X-LB-NoCache
X-Original-Request-Id
X-Response-Served-From
X-B3-Parentspanid
GeoIP-Latitude
X-CACHE-AGE
Locid
X-Cached-By
X-Content-Length
Datacenter
Fastly-Drupal-Html
X-TT-LOGID
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-CDN-Cache-Status
X-Nc
X-Wa
Server-ID
Resin-Trace
Cf-Ipcountry
X-CS
X-LiteSpeed-Tag
GeoIp-Country-Code
X-Amz-Meta-Cb-Modifiedtime
Cdn
X-IAuth-Set-Uid
X-Old-Content-Length
X-ZONE
X-VCache
NtCoent-Length
Vc-Max-Age
FSS-Cache
Ngx-Var-Key
Uri
X-Fpc
X-Dispatcher-Number
X-RequestId
X-TX-ID
X-NewRelic-App-Data
X-Varnish-Beresp-TTL
Serverhost
X-Platform-Cluster
X-Platform-Processor
X-Vgn-Hpd-Reason
X-Platform-Router
Product
X-B3-Spanid
True-Client-Ip
X-Esi
X-SERVER-NAME
X-Srv
X-HostName
X-TH-Server
X-Moov-Xdn-Version
Srv
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
True-Client-IP
CDN
X-Moov-T
X-Cdn-Forward
X-Ckpd-Fst-Backend
X-Nf-Language
X-Nf-Country
Tcn
X-Nf-Ats-Version
X-Oracle-DMS-ECID
X-TIME
Cross-Origin-Embedder-Policy-Report-Only
X-Dynatrace-Js-Agent
ServerName
S-Rt
Cf-Device-Type
GeoIP-Country-Code
X-FPC
X-Bug-Bounty
X-HubSpot-Correlation-Id
Request-ID
X-B-Cookie
X-S-Cookie
X-Vc
X-Cdn-Cache-Status
X-Destination
X-NC
X-User
X-Dispatch
X-External-Request-Id
CacheControlHeader
X-WA
X-Application
X-CACHE-KEY
X-Zen-Fury
Server-Id
Geoip-Latitude
X-APP-VERSION
Hostname
X-COUNTRY
X-Geo
X-Cache-Date
X-Rocket-Build-Number
X-FL-QIT-DEBUG
X-Instance-Name
X-Sigma
Srvid
X-Webkit-Csp-Report-Only
X-Sigma-Backend
X-Presslabs-Stats
X-Segment-20210421
X-Akamai-Device-Characteristics
User-Agent
X-Lb-Nocache
X-API-Version
X-Vmg-Version
Ohc-File-Size
X-VServer
X-Info
Origin-Trial
X-Gamma-Serve
ServerHost
X-ServedByHost
X-Branch-Name
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Ha-Backend
X-VCL-Version
PICS-Label
Cloudfront-Viewer-Country
Epwk-X-Cache
Xc-Version
Cneonction
Load-Balancing
DataCenter
X-Correlation-ID
X-Ua
X-DynaTrace
X-Limited
X-App
X-DataCenter
Expect-Staple
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
Type
X-Hit
X-Check-Cacheable
X-MiniProfiler-Ids
X-Amz-Meta-Opti
X-Lb-Id
Ohc-Cache-HIT
X-MSEdge-Flight
X-MSEdge-Features
X-Akamai-Pragma-Client-IP
X-Serial
Lb
X-Acquia-Application-UUID
X-Sqd-Ctime
X-Service-Response-Time
Sm-Log-Id
X-Acquia-Purge-Tags
X-Acquia-Site
Cmsid
X-Owner
X-Datacenter
X-Web-Server
Warning
X-Irp-Debug
Cmstype
Cross-Origin-Opener-Policy-Report-Only
Timeexpire
X-Acquia-Application-Trace
X-Sqd-Stime
Servername
CountryCode
X-CSRF-TOKEN
X-LAGOON
X-Litespeed-Cache-Control
X-Origin-Upstream-Status
X-Shardid
X-Via-SSL
X-Via-Edge
X-RAMCache
X-Shopid
N-Cache
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Via-CDN
X-Core-Mission
X-Requestid
X-Ramcache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
Cl-Cache
Edge-Copy-Time
X-Th-Server
X-Udemy-Cache-App-Namespace
X-Snapshot-Date
Ngx
X-Qloud-Router