Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
Permissions-Policy
X-Turbo-Charged-By
X-Proxy-Cache
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Dns-Prefetch-Control
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-Id
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Node
Content-Location
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
P3p
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Url
Rating
X-Litespeed-Cache
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Times
X-TtlSet
X-Vname
X-PC
Nginx-Cache
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Oneagent-Js-Injection
X-Server-Name
X-Browser-Type
X-Edge
X-Mcache
X-Midtier
X-Webkit-Csp
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-GitHub-Request-Id
Edge-Control
X-D2id
X-Upstream
X-Element-Page-Cache
AR-Request-ID
AR-ATIME
X-Ac
X-MS-InvokeApp
AR-PoweredBy
AR-SID
Verso
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-B3-TraceId
X-Cache-TTL
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-Ser
X-Abt-Application-Version
X-FastCGI-Cache
X-Navigation-Version
AR-CACHE
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
X-NF-Request-ID
X-Amz-Rid
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Client-IP
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Aws-Lambda-Call-Status
X-Mg-S
Edge-Cache-Tag
X-Edge-Location-Klb
X-Kinsta-Cache
S
X-Ruxit-Js-Agent
X-Powered-CMS
X-Goog-Hash
X-Middleton-Response
Response
X-Version
Cache-Status
Access-Control-Request-Method
X-VARITI-CCR
X-Amzn-Trace-Id
X-Fastly-Request-ID
X-ARC
X-Cache-Key
RTSS
X-Ratelimit-Limit
X-Content-Digest
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-T
X-Recruiting
Realpath
X-PDP-UNCACHING-HASH
X-RateLimit-Remaining
X-Correlation-Id
X-Ratelimit-Remaining
X-Server-ID
Front-End-Https
X-MSEdge-Ref
Fastcgi-Cache
X-Cached
X-Varnish-TTL
MS-Author-Via
X-TTL
Content-MD5
X-HS-Cache-Config
X-HS-Hub-Id
X-Shield-Request-Id
X-HS-Content-Id
X-Ua-Browser
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-Protected-By
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
Server-Node
Payment
X-HS-Combine-CSS
X-Frontend
TP-Cache
X-LLID
X-Forwarded-Proto
X-Pinterest-Rid
X-SRCache-Store-Status
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
Pinterest-Generated-By
Pinterest-Version
X-FTR-Expires
X-Distributor
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
X-HP-Trace-Id
X-ORACLE-DMS-RID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Count-Hit
X-GUploader-UploadID
X-Origin-Server
X-Ttl
X-LB-Cache
X-NODE
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
X-AppVersion
X-Activity-Id
X-Az
Host
X-Varnish-Server
X-Www-Served-By
X-Varnish-Backend
X-Cluster-Name
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-App-Server
Cache-Tags
Retry-After
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
X-Ua-Device
X-Newrelic-App-Data
Server-Name
X-Hits
Cleartype
X-Hostname
X-CSRF-Token
X-Goog-Metageneration
X-Geo-Country
X-Origin-Cache-Key
X-Envoy-Decorator-Operation
X-ORACLE-DMS-ECID
Referer-Policy
X-NGENIX-Cache
X-Upgrade-Enabled
X-Git-Hash
X-Unique-Id
Filterid
TP-L2-Cache
Access-Control-Allow-Method
X-DIS-Request-ID
X-Seen-By
X-Azure-Ref
X-Tt-Trace-Tag
X-Load-Cache
TCN
X-Tt-Trace-Host
X-F-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Proxy
X-Revision
X-Grace
X-Trace-Id
X-Request-Guid
Section-Io-Cache
X-B
X-B3-Sampled
X-Cache-Control
Healthy
X-Logged-In
DC
X-Type
X-Contextid
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TT
X-Fb-Rlafr
X-FB-Debug
Paypal-Debug-Id
X-Debug
X-Debug-Info
X-Varnish-Ttl
X-Px
X-Page-Id
X-Id
X-N
X-Mobile
Viewport
X-Oracle-Dms-Ecid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Goog-Generation
Fastly-SIE
Fastly-SWR
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Time
X-Whom
X-XRDS-LOCATION
X-Oracle-Dms-Rid
Content-Disposition
X-Via-JSL
Charset
X-Datadog-Sampling-Priority
X-Content-Options
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Origin-Cache
Version
X-Template
X-Varnish-Grace
X-Webkit-CSP
X-Cache-Grace
X-Magnolia-Registration
X-Wix-Request-Id
X-App-Environment
Surrogate-Key
X-RateLimit-Limit
X-Signature
X-B-Cache
X-Rid
X-B3-SpanId
VIX-Pulpo-Node
SRV
VIX-Pulpo-Upstream-Status
X-Debug-IsPreview
X-RemovedCookies
X-Rule
X-Debug-IsConnected
X-ProcessESI
X-Node-Name
X-EdgeConnect-Cache-Status
X-Amz-Replication-Status
X-Datadog-Sampled
X-Tumblr-Pixel
X-UUID
X-RTag
Ms-Operation-Id
X-G
X-Hl-Ver
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel-0
SD-X-WS
X-Tumblr-Pixel-1
X-Tumblr-User
MS-CV
X-FW-Hash
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Type
X-FW-Serve
X-Adobe-Loc
X-Instance
X-Language
X-Storage
X-Adobe-Content
X-Backend-Name
ServerID
X-FW-Version
NGB
GEO-INFO
X-NYM-Debug-Backend
X-Is-Bot
X-Cacheable-TTL
X-Device-Type
X-Rendered-As
X-Status
X-IPS-LoggedIn
X-Environment-Context
Country
X-Amzn-Remapped-Content-Length
X-Cache-Hit
X-L-Path
X-User-Agent
X-Region
X-Proxy-Cache-Info
Liferay-Portal
Countrycode
X-Real-IP
X-Cache-Age
X-ServerID
X-NWS-UUID-VERIFY
X-Source
Akamai-GRN
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Active
X-RateLimit-Reset
X-Sucuri-Cache
X-Sucuri-ID
OT-Force-Account-Verify
Amp-Access-Control-Allow-Source-Origin
X-Servername
X-UA
X-RM-Cache-TTL
X-VC-Cache
From-Origin
Front
X-Framework
X-Air-Pt
X-Xrds-Location
Upgrade-Insecure-Requests
X-Wormhole-Sdk
X-WebKit-CSP-Report-Only
Backend
X-Mode
X-INCAP-ABP
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-AB
X-Akamai-Request-ID2
X-Content-Powered-By
X-Cache-Time
Xet-Cookie
X-Nginx-Cache
X-DataDome
Refresh
X-URL
X-Handled-By
X-Edge-Location
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-RCS-CacheZone
Accept-Language
X-SaId
Filters
X-Rewrite-Enabled
X-HTML-Minification-Powered-By
X-SRV
X-Xfnlog-Site
X-Origin-CC
X-Origin-TTL
X-JoinUs
Meta-Geo
Url
Frame-Options
X-Rn-Rsrv
Cache
X-Cache-Operation
X-Cache-Rule
TWC-Connection-Speed
X-CDN-Forward
X-AWS-Id
X-Webstats-RespID
X-Origin-Hint
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-Labrador-Cache-Channel
X-PHP-Host
X-Container-Uri
X-Provided-By
X-Git-Commit
X-VWS-Id
X-Cluster
X-Reqid
X-Origin-Date
X-Akamai-Edgescape
ServedBy
X-Vcache
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
TWC-Device-Class
X-LJ-Flow-ID
TWC-Locale-Group
TWC-Privacy
X-Varnish-Cache-Hits
X-Routing-Service
Cache-Hits
Section-Io-Id
WPO-Cache-Status
X-Fetched-On
X-Served-From
X-Proxied
Mn-Server-Ip
X-Tumblr-Pixel-2
X-R9-Blue-Green-Version
X-Extlb
X-Scope-Id
X-Hosted-By
X-Accel-Version
X-Adobe-Source
WPO-Cache-Message
X-Zipkin-Id
X-No-Session
X-Logging-Id
X-Web-Node
X-Cache-Debug
Web-Mar-Node
X-Cms-Context
X-IPLB-Instance
X-Cloudmap
X-IPLB-Request-ID
X-Restarts
Atl-Traceid
Webserver
X-Ratelimit-Reset
X-VC
X-Loop
X-Lambda-Id
X-Ms-Request-Id
X-Ms-Version
X-Proxy-Build
X-Frame-Option
X-Forwarded-Host
X-BYPASS-REASON
X-Drupal-Cache-Tags
X-Format
X-ProxyCache-Key
Selected-Fe
X-Director
X-ProxyCache-Status
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Age
X-VCT
X-Site-Version
X-Locale
X-Timing-Wait
X-Tb
X-Say-Cacheable
X-Redis-Cache
X-Say-TTL
X-SayCDN-TTL
X-Soup
Access-Control-Request-Headers
X-Tncms
Apigw-Requestid
X-Skip-Cache
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Shield-Cache-Expires
X-Tcp-Rtt
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-Varnish-Beresp-Grace
X-Browser-Name
X-Httpd
X-Storefront-Renderer-Rendered
X-ShardId
X-Geo-Region
X-Generation-Time
X-GeoCode
X-GeoCountry
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-S
X-Cache-Host
X-CMSURLCustom
X-Detected-As
X-Origin
X-Drupal-Cache-Contexts
TDXMobile
X-Thinkindot-L3
Xserver
X-Generated-By
X-Azure-Ref-OriginShield
X-Cache-Status-Check
X-Buckets
X-Cdn-Origin
LB
X-Lagoon
X-RID
X-Optimistic-Header
X-Request-URI
X-Worker
Fastcgi-Useragent
Source
X-Rocket-Nginx-Serving-Static
X-Vercel-Cache
X-Vercel-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-ID
Azure-InstanceId
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
X-XRDS-Location
Protected
Node
Onion-Location
X-Pass-Why
Expiry
X-Vcl-Version
X-Connection-Hash
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-EdgeStorageId
CDN-Uid
CDN-RequestCountryCode
X-TA-CDN-Provider
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Api-Version
X-App-Version
X-Fastcgi-Cache
Cross-Origin-Embedder-Policy
X-GEO
X-Cache-Expired-At
X-Tumblr-Pixel-3
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Alternate-Protocol
Environment
X-Ismobilevalue
X-PHP-Backend
X-Server-W
DB-Nickname
AMP-Access-Control-Allow-Source-Origin
Uber-Trace-Id
X-Proxy-Cache-Status
Cdn-Requestid
X-Tt-Logid
X-Cache-Server
Priority
X-Cache-Action
X-Jobs
CF-IPCountry
X-Urbn-Context-Path
CDN-RequestId
X-Cluster-Node
X-Urbn-Site-Id
X-Fastly-Request-Id
Locale
X-DC
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Mg-Request-UUID
User-Cache-Control
Sid
X-B3-Traceid
X-LSADC-Cache
X-Tx-Id
X-MP-GENERATED-AT
Cache-Tv-Group
HostName
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-A-Ccd
X-A
X-Ig-Origin-Region
X-Hnp-Log
X-Ig-Push-State
X-A-Dam
Wxu-Next-Hostname
X-Content-Age
Gannett-Cam-Experience-Id
X-Varnish-Hostname
X-Vdms-Version
X-Level-Front-Cache
X-Conf
X-Jungle-Id
Wxu-Next-Region
DCR-Decision-By
X-FB-TRIP-ID
A
X-Device-Os
X-Auth-Group-Type
X-Ec-Fail
X-Esi-Check
Candidate-Md5Url
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Developer
Content-Secure-Policy
X-D
Wxu-Next-Commit
Edge-Cache
X-GeoIP-City
Vix-Hermes-Req-Id
X-Gen-Mode
X-Generated-On
DCR-Processing-Time-Ms
X-Gzip
X-A-Dcw
X-SB
X-Bl-Debug
X-Rojux
X-Aed
X-Op-Id-All
X-Block-Status
Meta-Geo-Continent
X-SRCache-Key
X-A-Wwc
X-ScT
Server-Host
X-Org
X-Origin-Expires
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Viewer-Country
X-Powered-By-VTEX-Cache
X-Vtex-Remote-Cache
Origin-Agent-Cluster
X-BCube-Filmed-By
X-Bc-Bl
Origin
Rendered-Blocks
Sslversion
Ngx.Var.Host
MD5-Digest
X-Cache-Id
Magicmarker
X-A-Dgt
X-ND-Cache
Lang
X-Varnish-Beresp-Ttl
X-UA-Device-Type
X-Cache-NE
X-NCache
T-Server
X-TIM-N
Surrogated-Key
X-Origin-Response-Time
X-Nf-Request-Id
X-Client-Ip
X-Dispatcher-Server
X-Cache-TTL-Remaining
Powered-By
Origin-EX
Host-ID
Origin-CC
X-Amz-Storage-Class
Fastly-Backend-Name
X-App-Name
Cdn-Host
X-Backend-Instance
X-Auto-Login
PFcat
Cdn-Request-Time
Cdncip
Sever-Int
Cdnsip
X-Clientip
X-Debug-Cache-Store
Content-Style-Type
Req-ID
X-Bip
CDCHOST
Server-Ext
NM-Fastcgi-Cache
Ssr
X-Debug-Cache-Fetch
Server-Hostname
X-Cdn-Srv
X-AK-Request-ID
X-Cache-Info
Content-Script-Type
Fastly-SSL
X-Core-Value
X-Cache-Bucket
X-Mvc-Supplant-Cachable
X-Proto
X-Policy
X-Pubstack
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Platform
X-Origin-Time
X-NMSegId
X-Nginx-Cache-Key
X-Node-Id
X-Edge-Server
X-Nyt-Route
X-Req
X-Request-Start
X-V-Cache
X-Thanos
X-Varnish-Director
X-VarnishDD-TTL
X-Vdms-Path
X-Test
X-Tb-Optimization-Total-Bytes-Saved
X-VG-WebCache
X-Request-Time
X-Scheme
X-SD-PageType
Odigeo-Trace-Id
XM
X-Service
X-Gdpr
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-HN
X-Forwarded-Site
X-Fmm-Version
C-Via
Cache-Provider
X-Fastly-Cache
AKAMAI
X-FC-Vary-Parameters
X-HS-Content-Campaign-Id
X-GeoIP
X-Loc
X-Mly-Id
X-Section
X-SVT-ORM-RULES
X-VG-TLSProxy
X-Sn-Servicetimems
X-Custom-Header
X-Mvc-Supplant-OutputCached
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-SVT-ORM-VERSION
X-DPWN-IS-SECURE
X-Micro-Cache
X-Eu-Site
X-Varnishpool
Web-Mar-Region
X-Men
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Ec-Custom-Error
X-CGP
X-Fastly-Backend
X-Var-Ttl
X-Aicache-OS
X-Region-Sid
X-We-Are-Hiring
X-CUA
X-PAYTM-SRV-ID
X-GoCache-CacheStatus
X-Wikidot-Backend
X-Csrf-Jwt
X-Cache-Backend
X-Cache-Aspx
X-Human
X-Wikidot-Static-Cache
X-WA-Info
We-Hiring
Yak-Timeinfo
X-Location
X-From
X-Via-Fastly
X-Geo-Header
X-B3-Trace-ID
X-Pool
X-BBC-Edge-Cache-Status
X-Proxied-Request
X-Contensis-Viewer-Groups
X-NodeID
Release
L5d-Success-Class
Machine
L
Is-Eu
Ha-Gx-Prefs
HA-Ipaddr
Mail-Subject
X-Zone
X-Original-Request-Id
On-Server
Click-Count-Action-Start
X-Uri
X-Response-Served-From
Gh-Request-Id
Adler-Geo
Cache-Key
Country-Code
Cluster
Canary
Click-Count-Error
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fastly-GeoIP-CountryCode
Apple-News-Services-Handled
Esi-Enabled
Apple-News-Services-Host
DSUID
Platform
X-ECache
Tube-Got-Results
Tube-Get-Contents
W
Redirect-Candidate
Pramga
Req-Svc-Chain
True-Client-Country-4JS
Tube-Got-Eval
RNT-Time
RNT-Machine
Tube-Return
X-Newrelic-Synthetics
V-Age
Producers
X-Slack-Shared-Secret-Outcome
X-Accel-Expires-Debug
X-Server-IP
X-Date
X-Request-Host
X-LiteSpeed-Cache-Control
X-Up
X-Slack-Backend
Proxy-Firewall
X-CacheTTL
NGX
X-Hash
WP-Super-Cache
SID
X-AIR-PT
X-TT-LOGID
X-Varnish-CookieINHashed-On
X-Varnish-Hits
X-PERF
X-Render-Time
X-DefElseHash
X-Varnish-Remaining-TTL
X-DefHash
X-NGINX-Cache
X-Varnish-CookieHashed-On
Debug
X-ApacheServer
Fastly-Drupal-HTML
X-Cs
X-Pad
Mime-Version
X-Depends
X-Refresh
X-COUNTRY
X-Dc
X-LB-ID
X-Nananana
X-HA-Backend
X-CACHE-GROUP
CloudFront-Viewer-Country
X-Via-Popv
X-Via-Popn
X-Via-Poph
Pics-Label
X-HITS
X-Akamai-Transformed
X-Cache-FS-Status
X-CACHE-AGE
X-Servedbyhost
X-Parent-Response-Time
Datacenter
Locid
X-VHOST
GeoIP-Latitude
X-VC-TTL
X-M-Reqid
X-M-Log
X-LB-NoCache
X-Datadome
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Cluster
X-B3-Parentspanid
Server-Info
X-Platform-Processor
X-Platform-Router
X-Cached-By
BehaviorPad-Version
Server-ID
X-TIME
Ngx-Var-Key
X-Old-Content-Length
X-CS
X-Litespeed-Tag
Cdn
X-Nc
Resin-Trace
X-CDN-Cache-Status
X-Wa
X-LiteSpeed-Tag
X-APP
X-DynaTrace-JS-Agent
Fastly-Drupal-Html
Cf-Ipcountry
X-Presslabs-Stats
X-TH-Server
X-Moov-Xdn-Version
X-Moov-T
GeoIp-Country-Code
X-VCache
X-IAuth-Set-Uid
X-Vgn-Hpd-Reason
X-Fpc
Cross-Origin-Embedder-Policy-Report-Only
X-Content-Length
NtCoent-Length
FSS-Cache
X-Vc
X-ZONE
X-NewRelic-App-Data
Uri
X-S-Cookie
X-User
Serverhost
X-External-Request-Id
True-Client-Ip
X-Application
X-B-Cookie
Cf-Device-Type
X-Destination
True-Client-IP
X-Esi
X-SERVER-NAME
X-TX-ID
X-HostName
X-Dynatrace-Js-Agent
CDN
X-Dispatcher-Number
X-Srv
X-Varnish-Beresp-TTL
X-Zen-Fury
Vc-Max-Age
GeoIP-Country-Code
X-RequestId
X-Rocket-Build-Number
X-Sigma
Tcn
X-Instance-Name
X-Cache-Date
X-Sigma-Backend
X-Oracle-DMS-ECID
X-VServer
X-HOST
Srv
Product
X-Cdn-Cache-Status
S-Rt
X-API-Version
Load-Balancing
Request-ID
X-Branch-Name
X-Webkit-Csp-Report-Only
X-Dispatch
X-FPC
X-NC
X-WA
X-DynaTrace
Hostname
X-Segment-20210421
X-Aspnet-Duration-Ms
X-Cdn-Forward
X-CACHE-KEY
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Ckpd-Fst-Backend
Ohc-File-Size
X-APP-VERSION
X-B3-Spanid
Server-Id
X-Bug-Bounty
Srvid
ServerName
X-FL-QIT-DEBUG
X-DataCenter
Geoip-Latitude
X-Page-View
X-Geo
X-Lb-Nocache
CacheControlHeader
Type
Origin-Trial
X-ServedByHost
X-Irp-Debug
DataCenter
X-Nf-Ats-Version
X-VCL-Version
X-HubSpot-Correlation-Id
X-Nf-Country
X-Nf-Language
X-Http-Reason
X-Sql-Count
X-Sql-Duration-Ms
Cl-Cache
Cloudfront-Viewer-Country
Epwk-X-Cache
X-Cache-Ttl
X-Owner
IsBot
Edge-Copy-Time
X-Akamai-Device-Characteristics
X-Via-SSL
Cneonction
User-Agent
X-Ua
X-Via-PopV
X-App
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-Via-CDN
PICS-Label
X-Via-Edge
X-Vmg-Version
X-SIPLIST1
X-Correlation-ID
Ohc-Cache-HIT
Cross-Origin-Opener-Policy-Report-Only
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
MIME-Version
ServerHost
X-Core-Mission
WZWS-RAY
X-Proxy-CacheRZ
X-Gamma-Serve
Cmsid
X-Info
X-MiniProfiler-Ids
Cmstype
X-Lb-Id
XkeyRZ
Lb
Sm-Log-Id
Xc-Version
X-Limited
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Sqd-Ctime
X-Sqd-Stime
X-Acquia-Site
X-Acquia-Application-Trace
X-Service-Response-Time
N-Cache
X-Web-Server
X-Datacenter
X-MSEdge-Features
X-MSEdge-Flight
Warning
X-Fastly-Country-Code
X-Qloud-Router
X-Litespeed-Cache-Control
X-LAGOON
Servername
CountryCode
X-Hit
X-Requestid
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Th-Server
X-Serial
X-Ramcache
X-Snapshot-Date
Ngx
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-Akamai-Pragma-Client-IP
X-Amz-Meta-Opti
X-RAMCache
X-Check-Cacheable
X-Udemy-Cache-App-Namespace
X-IN-APIGATEWAY