Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Via
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-AH-Environment
P3p
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Allow
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Varnish-Cache
X-Page-Speed
X-OneAgent-JS-Injection
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
Cf-Railgun
X-WebKit-CSP
X-Host
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Country
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Litespeed-Cache
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Edge
X-Mcache
X-Midtier
X-Server-Name
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
Accept-Ch
X-ESI
X-D2id
X-Ac
X-GitHub-Request-Id
X-Oneagent-Js-Injection
X-Element-Page-Cache
Edge-Control
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Revision
Verso
X-MS-InvokeApp
X-Webkit-Csp
X-Cache-TTL
X-Upstream
X-Vcap-Request-Id
X-ECACHE
X-Ser
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-FastCGI-Cache
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
Fastly-Restarts
X-B3-TraceId
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-NF-Request-ID
X-Client-IP
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Kinsta-Cache
X-Mg-S
X-Goog-Hash
Edge-Cache-Tag
S
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Powered-CMS
X-ARC
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-Middleton-Response
X-VARITI-CCR
Response
X-PDP-UNCACHING-HASH
X-Ruxit-Js-Agent
X-Ratelimit-Remaining
X-Cache-Key
RTSS
X-Content-Digest
X-TraceId
X-Fastly-Request-ID
X-TTL
Cross-Origin-Resource-Policy
X-Forwarded-For
Realpath
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
X-Protected-By
Content-MD5
Public-Key-Pins
X-FTR-Backend
X-Ua-Browser
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-FTR-Cache-Status
X-Forwarded-Proto
X-Frontend
MicrosoftSharePointTeamServices
Server-Node
Payment
X-LLID
X-Varnish-TTL
TP-Cache
X-Aws-Lambda-Call-Status
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Request-Processing-Time
X-Request-Received
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-PressLabs-Stats
X-SRCache-Fetch-Status
X-FTR-Expires
X-RateLimit-Remaining
X-HS-Combine-CSS
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Distributor
Count-Hit
X-GUploader-UploadID
X-Accel-Expires
X-LB-Cache
X-Server-ID
X-Origin-Server
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
Host
X-Az
X-Newrelic-App-Data
X-Activity-Id
X-AppVersion
Cache-Tags
X-Varnish-Server
X-Cluster-Name
Accept-Charset
X-Varnish-Backend
Pinterest-Generated-By
MRF-Tech
X-B3-TraceId-Primal
X-Pinterest-Rid
Pinterest-Version
Mrf-Cache-Status
X-Content-Security-Policy-Report-Only
X-App-Server
X-Www-Served-By
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cleartype
Server-Name
X-Ua-Device
X-Goog-Metageneration
X-Hits
X-Ttl
X-Envoy-Decorator-Operation
Filterid
X-Git-Hash
X-Unique-Id
X-ASPNET-VERSION
X-CSRF-Token
X-Hostname
Access-Control-Allow-Method
X-Azure-Ref
X-Geo-Country
X-Upgrade-Enabled
Referer-Policy
X-Load-Cache
X-Varnish-Ttl
X-NGENIX-Cache
X-Id
X-Debug
TP-L2-Cache
X-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
TCN
X-Logged-In
X-Proxy
X-FB-Debug
X-Seen-By
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-B3-Sampled
X-Revision
X-Amzn-RequestId
X-Amz-Apigw-Id
Section-Io-Cache
X-Grace
X-TT
DC
X-Request-Guid
X-Fb-Rlafr
Healthy
X-Trace-Id
X-B
X-Cache-Control
X-F-Cache
X-DIS-Request-ID
X-Contextid
X-Type
Surrogate-Key
Viewport
X-XRDS-LOCATION
Paypal-Debug-Id
X-Mobile
X-N
X-WP-CF-Super-Cache
X-Goog-Stored-Content-Encoding
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Debug-Info
X-Page-Id
Fastly-SIE
Fastly-SWR
X-Px
Content-Disposition
X-Origin-Cache
X-Whom
X-Via-JSL
X-Varnish-Grace
Version
X-Webkit-CSP
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Magnolia-Registration
X-Content-Options
X-Datadog-Parent-Id
Charset
X-Template
X-Wix-Request-Id
X-Amz-Replication-Status
X-App-Environment
X-ProcessESI
X-RemovedCookies
X-Cache-Grace
X-Cache-Age
X-Oracle-Dms-Ecid
X-RTag
Ms-Operation-Id
MS-CV
X-Node-Name
X-UUID
X-Tumblr-User
X-Yottaa-Optimizations
SD-X-WS
X-Yottaa-Metrics
X-G
X-Hl-Ver
VIX-Pulpo-Node
X-Debug-IsConnected
VIX-Pulpo-Upstream-Status
X-Source
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Tumblr-Pixel-1
X-Environment-Context
X-Adobe-Content
X-Adobe-Loc
X-Rule
X-Cacheable-TTL
X-Datadog-Sampled
X-User-Agent
X-Storage
X-L-Path
X-EdgeConnect-Cache-Status
X-Region
X-Rendered-As
X-Proxy-Cache-Info
GEO-INFO
X-Is-Bot
X-Device-Type
ServerID
X-FW-Hash
X-FW-Type
X-FW-Version
X-Instance
X-Real-IP
X-FW-Static
X-FW-Server
X-Cache-Hit
X-FW-Dynamic
NGB
X-FW-Serve
X-Backend-Name
X-ServerID
X-B-Cache
X-Signature
X-NWS-UUID-VERIFY
Country
X-Status
X-NYM-Debug-Backend
X-Rid
X-IPS-LoggedIn
Countrycode
Cross-Origin-Window-Policy
SRV
X-Language
Liferay-Portal
X-B3-SpanId
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
Amp-Access-Control-Allow-Source-Origin
Front
X-Origin-Cache-Key
X-Wormhole-Sdk
X-Sucuri-Cache
X-Sucuri-ID
X-Ratelimit-Reset
OT-Force-Account-Verify
X-Framework
X-Servername
X-UA
X-Xrds-Location
X-Air-Pt
From-Origin
X-AB
X-Oracle-Dms-Rid
X-VC-Cache
X-VC
X-WebKit-CSP-Report-Only
X-Mode
X-Content-Powered-By
Backend
X-Akamai-Request-ID2
X-Air-Source
X-Air-Trace-Id
Upgrade-Insecure-Requests
Xet-Cookie
X-Air-Hostname
Refresh
X-DataDome
X-Cache-Time
X-Nginx-Cache
X-URL
X-Handled-By
Accept-Language
X-INCAP-ABP
X-UPSTREAM-Address
X-RCS-CacheZone
X-RID
X-Rn-Rsrv
X-SaId
X-Edge-Location
Cache
Filters
X-Rewrite-Enabled
Meta-Geo
X-Xfnlog-Site
X-JoinUs
X-Cloudmap
X-Cluster
X-Zipkin-Id
X-LJ-Flow-ID
X-AWS-Id
Access-Control-Request-Headers
X-Cache-Status-Check
X-Routing-Service
X-Extlb
X-Webstats-RespID
X-Cache-Operation
X-Hosted-By
X-Labrador-Cache-Channel
X-Cache-Rule
X-Lambda-Id
Webserver
X-Generated-By
X-VWS-Id
X-No-Session
X-PHP-Host
X-Proxied
ServedBy
X-Origin-Date
X-Forwarded-Host
X-Reqid
X-Redis-Cache
X-Fetched-On
TWC-Connection-Speed
X-Served-From
X-Git-Commit
Property-Id
X-Site-Version
X-HTML-Minification-Powered-By
X-Origin-Hint
LB
Section-Io-Id
X-Provided-By
TWC-Device-Class
Apigw-Requestid
Webcakes-Region
Mn-Server-Ip
TWC-Privacy
Webcakes-App-Version
Url
Webcakes-App-Name
TWC-Locale-Group
X-Accel-Version
Atl-Traceid
TWC-GeoIP-Country
X-Container-Uri
X-Logging-Id
TWC-GeoIP-LatLong
X-Akamai-Edgescape
X-Loop
Web-Mar-Node
X-Skip-Cache
X-Tumblr-Pixel-2
X-B3-Traceid
X-Adobe-Source
X-Ismobilevalue
X-Cms-Context
X-Varnish-Age
X-Tb
Frame-Options
X-Tncms
X-Fastly-Request-Id
X-Endurance-Cache-Level
X-Web-Node
X-Ms-Version
X-RateLimit-Reset
X-BYPASS-REASON
X-Upstream-Ct
X-Cache-Debug
X-Ms-Request-Id
X-Is-Supported-Browser
X-Restarts
X-Is-Tablet
X-Proxy-Build
X-ProxyCache-Status
X-Locale
X-Tcp-Rtt
X-Director
X-IPLB-Instance
X-IPLB-Request-ID
X-Cache-Host
X-VCT
X-ProxyCache-Key
X-Upstream-Ht
Selected-Fe
X-R9-Blue-Green-Version
X-Varnish-Beresp-Grace
X-Origin
X-Browser-Name
X-Httpd
X-Say-Cacheable
X-Azure-Ref-OriginShield
X-Say-TTL
X-SRV
X-Scope-Id
X-SayCDN-TTL
X-Geo-Region
X-Is-Desktop
X-Soup
X-Timing-Wait
X-Is-Mobile
X-RateLimit-Limit
WPO-Cache-Status
WPO-Cache-Message
X-ECache
X-Varnish-Cache-Hits
X-Alternate-Cache-Key
X-Detected-As
X-Shopify-Stage
X-Frame-Option
X-Format
X-S
X-Storefront-Renderer-Rendered
Xserver
X-GeoCode
X-GeoCountry
X-Vcache
X-Optimistic-Header
X-Origin-CC
X-Sorting-Hat-ShopId
X-Origin-TTL
X-ShardId
X-Request-URI
X-Sorting-Hat-PodId
X-ShopId
X-Drupal-Cache-Tags
Cache-Hits
X-Generation-Time
X-Lagoon
X-Api-Version
Source
X-Cdn-Origin
X-Thinkindot-L3
Fastcgi-Useragent
X-CMSURLCustom
Thinkindot-CacheControl-Type
X-Drupal-Cache-Contexts
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl
X-Shield-Cache-Expires
X-CDN-Forward
X-Tt-Logid
X-WP-CF-Super-Cache-Cookies-Bypass
Protected
X-Connection-Hash
Expiry
Cdn-Requestid
X-Worker
Onion-Location
X-Cache-Expired-At
X-TA-CDN-Provider
X-Buckets
X-Mg-Request-UUID
X-Pass-Why
X-PHP-Backend
X-Vercel-Cache
X-Vercel-Id
X-Rocket-Nginx-Serving-Static
X-Fastcgi-Cache
Node
X-Vcl-Version
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
Priority
Sid
X-GEO
X-Cache-Action
X-App-Version
Environment
Cross-Origin-Embedder-Policy
X-Nf-Request-Id
X-ID
CDN-Cache
CDN-CachedAt
CDN-Uid
Uber-Trace-Id
CDN-RequestPullSuccess
X-Proxy-Cache-Status
CDN-RequestPullCode
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
X-Cluster-Node
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Tumblr-Pixel-3
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Server-W
X-XRDS-Location
DB-Nickname
X-Cache-Server
Cache-Tv-Group
Alternate-Protocol
X-FB-TRIP-ID
X-Jobs
User-Cache-Control
X-Auth-Group-Type
X-Tx-Id
CF-IPCountry
Fusion-Content-Id
Fusion-Source
HostName
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
Wxu-Next-Hostname
Sslversion
Surrogated-Key
Wxu-Next-Commit
T-Server
X-Service
Origin
Edge-Cache
Gannett-Cam-Experience-Id
Lang
DCR-Processing-Time-Ms
DCR-Decision-By
Candidate-Md5Url
Wxu-Next-Region
Magicmarker
A
Content-Secure-Policy
Origin-Agent-Cluster
Odigeo-Trace-Id
Ngx.Var.Host
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
X-A-Wwc
X-Level-Front-Cache
X-ND-Cache
X-Op-Id-All
X-Org
X-Ig-Push-State
X-Ig-Origin-Region
X-Generated-On
X-GeoIP-City
X-Gzip
X-Hnp-Log
X-Origin-Expires
X-Rojux
X-V-Cache
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-UA-Device-Type
X-TIM-N
X-SB
X-ScT
X-SRCache-Key
X-Gen-Mode
X-Fastly-Backend
X-BCube-Filmed-By
X-Bl-Debug
X-Block-Status
X-Cache-Id
X-Bc-Bl
X-Aed
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Cache-NE
X-Conf
X-Ec-Fail
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Esi-Check
X-Dispatcher-Server
X-Device-Os
X-Content-Age
X-Custom-Header
X-Developer
X-A
X-D
X-LSADC-Cache
X-Client-Ip
X-DC
X-Pad
X-Backend-Instance
Host-ID
XM
X-Loc
X-Varnish-Remaining-TTL
X-HN
X-Varnish-CookieINHashed-On
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Men
X-Wikidot-Static-Cache
X-Node-Id
X-NMSegId
X-Via-Fastly
X-Mvc-Supplant-Cachable
X-Wikidot-Backend
Content-Style-Type
NM-Fastcgi-Cache
Fastly-SSL
X-CacheTTL
X-Varnish-CookieHashed-On
Server-Hostname
Server-Host
Server-Ext
Req-ID
X-Forwarded-Site
Sever-Int
X-Fastly-Cache
Ssr
X-FC-Vary-Parameters
X-GeoIP
X-GeoIP-Country-Code
X-GeoIP-Region-Code
V-Age
Content-Script-Type
X-Req
Origin-CC
Powered-By
PFcat
Origin-EX
Vix-Hermes-Req-Id
X-Nginx-Cache-Key
X-VarnishDD-TTL
X-Request-Time
X-Varnish-Hostname
X-Varnish-Director
X-Scheme
X-Amz-Storage-Class
X-Region-Sid
X-AK-Request-ID
X-VTEX-Cache-Time
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SD-PageType
X-Bip
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Core-Value
X-Sn-Servicetimems
X-DefElseHash
X-Server-IP
X-Cache-TTL-Remaining
X-DefHash
X-Thanos
X-Cache-Bucket
X-Pubstack
Cache-Provider
X-VG-WebCache
X-PAYTM-SRV-ID
X-Platform
X-Cache-Info
CDCHOST
X-VTEX-Cache-Server
X-Origin-Response-Time
Cdnsip
Cdncip
X-Policy
C-Via
X-Powered-By-VTEX-Cache
X-Dc
X-MP-GENERATED-AT
Mime-Version
X-Eu-Site
X-Cdn-Srv
X-CUA
Tube-Return
X-Date
X-Csrf-Jwt
X-CGP
Tube-Got-Results
Tube-Get-Contents
X-Clientip
X-Ad-Load-Variation
X-Ec-Custom-Error
X-B3-Trace-ID
Tube-Got-Eval
X-Acquia-Purge-Cdn-Unconfigured
Producers
Cdn-Request-Time
X-Proto
X-Proxied-Request
X-Request-Host
X-Pool
X-Origin-Time
X-We-Are-Hiring
X-Nyt-Route
X-Request-Start
X-Varnishpool
X-Slack-Shared-Secret-Outcome
X-Test
X-Slack-Backend
X-Var-Ttl
X-Section
X-Varnish-Beresp-Status
X-NCache
X-Mvc-Supplant-OutputCached
Esi-Enabled
Country-Code
X-GoCache-CacheStatus
X-Geo-Header
Is-Eu
X-Gdpr
X-Hash
Click-Count-Error
Adler-Geo
Yak-Timeinfo
Cdn-Host
X-Human
X-HS-Content-Campaign-Id
Click-Count-Action-Start
Platform
X-Auto-Login
Pramga
Proxy-Firewall
On-Server
Mail-Subject
L5d-Success-Class
Machine
Release
X-NodeID
W
We-Hiring
X-Micro-Cache
True-Client-Country-4JS
X-Mly-Id
X-VG-TLSProxy
HA-Ipaddr
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Cache-Key
Canary
Fastly-GeoIP-CountryCode
Ha-Gx-Prefs
Fastly-Backend-Name
DSUID
X-WA-Info
Web-Mar-Region
L
X-Access
X-Aicache-OS
X-DPWN-IS-SECURE
X-Fmm-Version
X-Edge-Server
X-Accel-Expires-Debug
X-App-Name
X-HITS
X-Varnish-Beresp-Ttl
RNT-Time
X-LiteSpeed-Cache-Control
X-Contensis-Viewer-Groups
X-Jungle-Id
Gh-Request-Id
X-Up
X-Location
Cluster
X-Cache-Aspx
RNT-Machine
Req-Svc-Chain
X-BBC-Edge-Cache-Status
X-From
NGX
X-Depends
X-Varnish-Authentication
X-Zone
X-AIR-PT
X-NGINX-Cache
WP-Super-Cache
X-Vdms-Path
X-Cache-Backend
Debug
X-Cs
CDN-RequestId
X-Uri
X-Akamai-Transformed
X-Cache-FS-Status
X-LB-ID
X-Varnish-Hits
CloudFront-Viewer-Country
Redirect-Candidate
X-CACHE-GROUP
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Newrelic-Synthetics
X-Render-Time
X-Refresh
Fastly-Drupal-HTML
X-Via-Poph
X-HA-Backend
X-Servedbyhost
X-Via-Popv
Pics-Label
X-Via-Popn
X-PERF
X-ApacheServer
Server-Info
X-Response-Served-From
BehaviorPad-Version
X-VHOST
X-Original-Request-Id
GeoIP-Latitude
X-Nananana
SID
X-VC-TTL
X-M-Log
X-M-Reqid
X-B3-Parentspanid
X-Datadome
X-Parent-Response-Time
Fastly-Drupal-Html
X-TT-LOGID
X-LB-NoCache
Locid
X-Cached-By
X-CACHE-AGE
X-APP
Resin-Trace
X-CS
X-Content-Length
Datacenter
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-Wa
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Server-ID
X-Amz-Meta-Cb-Modifiedtime
X-CDN-Cache-Status
X-Nc
Cf-Ipcountry
X-IAuth-Set-Uid
GeoIp-Country-Code
Cdn
NtCoent-Length
X-LiteSpeed-Tag
Ngx-Var-Key
Uri
X-Old-Content-Length
X-Varnish-Beresp-TTL
X-VCache
X-ZONE
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-RequestId
X-Vgn-Hpd-Reason
X-Fpc
X-Dispatcher-Number
FSS-Cache
X-NewRelic-App-Data
Vc-Max-Age
CDN
X-Srv
True-Client-IP
X-Moov-Xdn-Version
Product
X-Moov-T
X-Esi
Serverhost
X-TH-Server
True-Client-Ip
X-TX-ID
X-SERVER-NAME
X-B3-Spanid
X-HostName
Srv
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Forward
S-Rt
X-FPC
GeoIP-Country-Code
Tcn
X-Nf-Ats-Version
X-Nf-Country
X-Ckpd-Fst-Backend
X-Nf-Language
X-Oracle-DMS-ECID
X-TIME
ServerName
X-Dynatrace-Js-Agent
X-Bug-Bounty
X-User
X-B-Cookie
X-S-Cookie
X-Destination
X-Cdn-Cache-Status
X-Application
Cf-Device-Type
X-External-Request-Id
Request-ID
X-HubSpot-Correlation-Id
X-WA
X-Zen-Fury
Server-Id
X-NC
X-Vc
X-APP-VERSION
X-Dispatch
CacheControlHeader
X-CACHE-KEY
Hostname
X-Rocket-Build-Number
X-Instance-Name
X-Sigma
X-Cache-Date
X-Sigma-Backend
X-COUNTRY
X-FL-QIT-DEBUG
Geoip-Latitude
X-Webkit-Csp-Report-Only
X-VServer
X-API-Version
Srvid
X-Presslabs-Stats
Ohc-File-Size
X-Segment-20210421
X-Lb-Nocache
X-Ha-Backend
X-Akamai-Device-Characteristics
X-Branch-Name
X-Via-PopN
X-Via-PopV
X-Vmg-Version
X-Geo
X-Via-PopH
X-VCL-Version
Origin-Trial
Load-Balancing
X-ServedByHost
DataCenter
X-Gamma-Serve
User-Agent
ServerHost
X-Info
X-DynaTrace
PICS-Label
X-DataCenter
Epwk-X-Cache
Xc-Version
Cloudfront-Viewer-Country
Cneonction
X-Cache-Ttl
Type
X-Ua
Expect-Staple
X-Limited
X-App
X-Correlation-ID
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Serial
X-Amz-Meta-Opti
X-Lb-Id
X-Check-Cacheable
Cross-Origin-Opener-Policy-Report-Only
X-Hit
Ohc-Cache-HIT
X-Irp-Debug
X-MiniProfiler-Ids
X-Owner
X-Akamai-Pragma-Client-IP
Lb
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Core-Mission
X-Is-Crawler
X-Service-Response-Time
X-Providence-Cookie
X-Sqd-Stime
Cmsid
Cmstype
X-Qloud-Router
Timeexpire
X-Via-CDN
X-Via-Edge
X-Sqd-Ctime
Sm-Log-Id
X-Via-SSL
X-Acquia-Site
X-Route-Name
X-Datacenter
Cl-Cache
X-Flags
X-MSEdge-Flight
X-MSEdge-Features
Warning
X-Web-Server
Edge-Copy-Time
X-Aspnet-Duration-Ms
X-Page-View
X-CSRF-TOKEN
CountryCode
X-LAGOON
Servername
X-Litespeed-Cache-Control
X-SIPLIST1
N-Cache
X-Sql-Count
X-Sql-Duration-Ms
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-Origin-Upstream-Status
X-Sorting-Hat-Shopid
X-Http-Reason
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
X-RAMCache
IsBot
Ngx
X-Dw-Trace-Id
X-Snapshot-Date
X-Ramcache
X-Requestid
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Th-Server