Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
X-XSS-Protection
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Xss-Protection
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-AspNet-Version
X-DNS-Prefetch-Control
X-Cache-Status
Accept-CH
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-Content-Security-Policy
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
X-Backend
Allow
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
X-Server
Keep-Alive
X-Hacker
X-AH-Environment
X-Turbo-Charged-By
X-UA-Device
X-Ws-Request-Id
X-Vhost
X-Proxy-Cache
X-Rq
X-Age
Xkey
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-Dns-Prefetch-Control
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Swift-SaveTime
X-Swift-CacheTime
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
Surrogate-Control
Request-Id
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
Accept-Ch
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Country-Code
X-Ruxit-JS-Agent
X-Trace
Content-Location
X-Url
X-Cache-Lookup
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Litespeed-Cache
X-Edge
X-Mod-Pagespeed
X-Amz-Server-Side-Encryption
X-Origin-Cache-Key
X-Midtier
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-MS-InvokeApp
X-Mcache
X-Upstream
X-ESI
X-Vname
X-TtlSet
X-PC
X-Powered-By-Plesk
Nginx-Cache
Rating
Edge-Control
X-D2id
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Element-Page-Cache
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-Browser-Type
Verso
X-Times
X-Ac
X-Server-Name
X-Cnection
SPIisLatency
SPRequestDuration
X-Ruxit-Js-Agent
X-Vcap-Request-Id
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Navigation-Version
X-Abt-Application-Version
SPRequestGuid
X-RateLimit-Remaining
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-B3-TraceId
X-VARITI-CCR
X-NF-Request-ID
Pinterest-Generated-By
Pinterest-Version
X-GitHub-Request-Id
X-Pinterest-Rid
X-Ser
Origin-Trial
AR-CACHE
S
RTSS
X-Cache-Key
X-Mg-S
X-Cache-TTL
X-Ua-Device
Edge-Cache-Tag
X-Goog-Hash
X-Amz-Rid
X-Content-Security-Policy-Report-Only
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Amzn-Trace-Id
Fastly-Restarts
X-Powered-CMS
X-Client-IP
X-Varnish-TTL
X-Ttl
X-NWS-LOG-UUID
X-Server-ID
X-Version
Access-Control-Request-Method
X-Edge-Location-Klb
X-Kinsta-Cache
X-Server-Lifecycle-Phase
X-ARC
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Cache-Status
X-Recruiting
X-Webkit-Csp
X-Content-Digest
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-T
X-MSEdge-Ref
X-Forwarded-For
Content-MD5
X-TraceId
X-Middleton-Response
Response
MicrosoftSharePointTeamServices
X-Accel-Expires
TP-Cache
X-Hits
X-Cached
X-Shield-Request-Id
X-RateLimit-Limit
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Public-Key-Pins
X-Fastcgi-Cache
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-Id
X-FTR-Balancer
X-Frontend
X-FTR-Expires
X-Request-Received
Server-Node
X-Request-Processing-Time
X-Ua-Browser
Payment
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
MS-Author-Via
X-WebKit-CSP-Report-Only
X-DIS-Request-ID
X-Kinja-CCPA
X-ORACLE-DMS-RID
Front-End-Https
X-Forwarded-Proto
X-LLID
Cross-Origin-Resource-Policy
X-GUploader-UploadID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Cache-Tags
TP-L2-Cache
X-LB-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Realpath
X-Protected-By
X-FastCGI-Cache
X-Origin-Server
X-PressLabs-Stats
Count-Hit
X-Distributor
X-TTL
X-Daa-Tunnel
X-Request-Handler-Origin-Region
X-Microsite
X-ORACLE-DMS-ECID
X-Page-Id
X-F-Cache
X-Az
MRF-Tech
X-AppVersion
X-Activity-Id
X-Cluster-Name
X-Varnish-Backend
Mrf-Cache-Status
X-B3-TraceId-Primal
Accept-Charset
X-Www-Served-By
X-NGENIX-Cache
X-App-Server
X-Geo-Country
X-Correlation-Id
X-FB-Debug
Referer-Policy
X-Debug-Info
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-Kong-Upstream-Latency
X-Varnish-Server
Host
Fastcgi-Cache
X-Envoy-Decorator-Operation
Access-Control-Allow-Method
X-Rid
X-Hostname
X-Git-Hash
X-RateLimit-Reset
Retry-After
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-XRDS-LOCATION
Server-Name
X-Tt-Trace-Host
X-Px
X-Tt-Trace-Tag
DC
X-Content-Options
X-B3-Sampled
X-Load-Cache
X-Request-Guid
X-Fastly-Request-ID
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Contextid
X-Aspnet-Duration-Ms
X-Flags
X-Mobile
X-Revision
X-Grace
X-Type
X-Trace-Id
X-App-Environment
X-B-Cache
Cleartype
X-Signature
X-Language
X-Origin-Cache
Paypal-Debug-Id
X-Fb-Rlafr
Charset
X-TT
X-ASPNET-VERSION
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-B
X-Datadog-Parent-Id
X-Cache-Control
X-CSRF-Token
X-Amz-Meta-S3cmd-Attrs
Section-Io-Cache
Frame-Options
X-Ratelimit-Limit
X-Goog-Stored-Content-Length
X-Amz-Replication-Status
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Logged-In
X-Seen-By
Filterid
TCN
X-Newrelic-App-Data
X-Whom
X-Upgrade-Enabled
X-Magnolia-Registration
X-Ezoic-Cdn
X-Wix-Request-Id
Healthy
X-Oracle-Dms-Ecid
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-App-Version
X-Node-Name
Content-Disposition
X-Proxy
Backend
X-N
X-Fastly-Request-Id
Akamai-GRN
X-Oracle-Dms-Rid
X-Template
X-Varnish-Ttl
Upgrade-Insecure-Requests
X-Proxy-Cache-Info
Refresh
NGB
X-Original-Request-Id
X-B3-SpanId
X-Response-Served-From
X-Air-Pt
X-Is-Bot
X-Servername
X-Rendered-As
Url
X-Datadog-Sampled
Ms-Operation-Id
X-RTag
MS-CV
Liferay-Portal
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
X-Unique-Id
X-Page-View
X-ProcessESI
X-B3-Traceid
X-RemovedCookies
Viewport
X-Adobe-Content
X-Cacheable-TTL
X-Debug-IsConnected
X-Cache-Grace
X-Amzn-Remapped-Content-Length
X-Debug-IsPreview
X-Adobe-Loc
X-Environment-Context
X-Instance
X-Yottaa-Metrics
X-L-Path
X-Varnish-Grace
X-UUID
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-User-Agent
X-Tumblr-Pixel-0
X-Region
From-Origin
X-Ratelimit-Remaining
X-FW-Dynamic
Fastly-SWR
Fastly-SIE
X-Debug
X-Jobs
X-FW-Type
X-FW-Server
X-FW-Serve
X-FW-Static
X-IPS-LoggedIn
X-FW-Version
X-FW-Hash
X-G
X-Device-Type
X-Cache-Hit
Country
X-Use-Magma
X-NYM-Debug-Backend
X-Status
Surrogate-Key
X-Rule
X-Hosted-By
X-Air-Trace-Id
X-Air-Hostname
X-Backend-Name
X-Air-Source
X-Hl-Ver
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Webkit-CSP
X-Cache-Age
ServerID
X-Content-Powered-By
Protected
X-Http-Reason
X-Akamai-Request-ID2
X-XRDS-Location
X-Cache-Status-Check
X-Time
X-VC-Cache
Version
X-Origin-TTL
Amp-Access-Control-Allow-Source-Origin
X-Origin-CC
X-NODE
Alternate-Protocol
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-HTML-Minification-Powered-By
X-Tec-Api-Root
X-Akamai-Edgescape
X-Tec-Api-Version
X-Tec-Api-Origin
WPO-Cache-Message
Countrycode
WPO-Cache-Status
X-Framework
X-Rocket-Nginx-Serving-Static
X-Nginx-Cache
X-CDN-Forward
X-INCAP-ABP
CF-IPCountry
Front
GEO-INFO
SRV
X-Source
X-Via-JSL
X-Edge-Location
X-Cache-Rule
Access-Control-Request-Headers
X-Storage
X-Httpd
X-Mode
X-Accel-Version
X-Endurance-Cache-Level
X-WP-CF-Super-Cache-Active
X-Use-Mantle
Webserver
X-VC
X-Upstream-Ct
OT-Force-Account-Verify
Accept-Language
X-Cache-Operation
X-Xfnlog-Site
X-Upstream-Ht
Filters
X-Rn-Rsrv
X-Rewrite-Enabled
CDN-RequestId
Meta-Geo
X-UPSTREAM-Address
X-JoinUs
X-Director
X-Lambda-Id
X-Proxy-Build
X-Cache-Time
Selected-Fe
X-Real-IP
X-Tumblr-Pixel-3
X-Cache-Debug
Xet-Cookie
X-Timing-Wait
X-Detected-As
X-Tncms
X-Varnish-Age
X-Served-From
X-SaId
X-Soup
X-Loop
X-Tumblr-Pixel-2
X-Redis-Cache
X-SayCDN-TTL
ServedBy
X-Say-TTL
AMP-Access-Control-Allow-Source-Origin
Apigw-Requestid
X-Cms-Context
X-Sql-Count
X-Handled-By
X-BYPASS-REASON
X-Say-Cacheable
X-Sql-Duration-Ms
X-Varnish-Cache-Hits
X-Skip-Cache
X-ProxyCache-Key
X-Adobe-Source
X-ProxyCache-Status
X-Varnish-Beresp-Grace
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Cache-Host
Azure-Version
Webcakes-App-Name
Web-Mar-Node
Webcakes-App-Version
Webcakes-Region
DB-Nickname
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Format
Property-Id
X-RM-Cache-TTL
X-COUNTRY
X-S
Xserver
X-No-Session
X-Logging-Id
X-Worker
X-Server-W
X-GeoCountry
X-Restarts
X-Uri
X-PHP-Host
X-GeoCode
X-Origin-Hint
X-Labrador-Cache-Channel
X-Routing-Service
X-Tcp-Rtt
X-VCT
X-AWS-Id
X-Browser-Name
X-VWS-Id
X-Zipkin-Id
X-Tb
X-RCS-CacheZone
X-ServerID
X-Origin
X-Git-Commit
X-IPLB-Instance
X-IPLB-Request-ID
X-DynaTrace
X-Geo-Region
X-Generation-Time
X-Extlb
X-Is-Desktop
X-Is-Mobile
X-Cache-Server
X-Forwarded-Host
X-Container-Uri
X-LJ-Flow-ID
X-Is-Supported-Browser
X-Is-Tablet
X-Proxied
Mn-Server-Ip
X-AB
X-Ms-Request-Id
X-Provided-By
X-Fetched-On
X-Vercel-Cache
X-Reqid
X-Ms-Version
X-Vercel-Id
Cache-Tv-Group
X-Cluster
Node
X-Frame-Option
X-R9-Blue-Green-Version
X-FB-TRIP-ID
Section-Io-Id
Priority
Content-Secure-Policy
X-Site-Version
X-Vcache
X-Locale
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Webstats-RespID
Fastcgi-Useragent
X-MP-GENERATED-AT
Source
X-Web-Node
X-Drupal-Cache-Contexts
X-Vcl-Version
X-Drupal-Cache-Tags
Onion-Location
S-Rt
WP-Super-Cache
WZWS-RAY
X-Alternate-Cache-Key
X-Origin-Date
Locale
X-Content-Age
X-Urbn-Site-Id
Cross-Origin-Embedder-Policy
X-Urbn-Context-Path
X-Ua
X-Shopify-Stage
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
X-Storefront-Renderer-Rendered
CDN-CachedAt
X-SRV
X-Generated-By
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Action
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-Pass-Why
X-Cdn-Origin
X-Sucuri-Cache
Sid
X-Proxy-Cache-Status
X-Buckets
X-Mg-Request-UUID
X-Sucuri-ID
X-Newrelic-Synthetics
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-Xrds-Location
X-VCache
X-Datadome
X-TT-LOGID
Fastly-Drupal-HTML
Cache
X-Request-URI
X-Scope-Id
X-Shield-Cache-Expires
HostName
X-CMSURLCustom
Cross-Origin-Embedder-Policy-Report-Only
X-DataDome
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Thinkindot-L3
X-LSADC-Cache
X-Aspnetmvc-Version
Origin-Agent-Cluster
MD5-Digest
Lang
X-Developer
X-Vtex-Remote-Cache
X-B-Cookie
X-Viewer-Country
X-Ec-Fail
X-Application
Ngx-Var-Key
X-Vdms-Version
Ngx.Var.Host
X-BCube-Filmed-By
Origin
X-Bc-Bl
Meta-Geo-Continent
X-Ec-Custom-Error
X-Ec-GeoHdr
X-Conf
X-Destination
Rendered-Blocks
DCR-Decision-By
X-D
CDCHOST
T-Server
Sslversion
Candidate-Md5Url
DCR-Processing-Time-Ms
Environment
X-External-Request-Id
X-Epic-Correlation-Id
Surrogated-Key
Gannett-Cam-Experience-Id
Type
Redirect-Candidate
X-Men
V-Age
X-Cache-NE
X-Correlation-ID
X-A-Ccd
X-A-Wwc
X-A
X-SRCache-Key
X-A-Dam
X-ScT
X-Cache-Bucket
X-Scheme
X-S-Cookie
X-Rojux
X-A-Dcw
X-Aed
X-A-Dgt
X-Vdms-Path
X-TIM-N
X-Up
X-PAYTM-SRV-ID
X-Bl-Debug
X-Via-Edge
X-Optimistic-Header
X-Service
Edge-Copy-Time
X-GEO
X-TimeS
X-Via-CDN
X-Via-SSL
X-SD-PageType
X-Section
Server-Hostname
Server-Host
Server-Ext
X-Generated-On
X-Server-IP
Apple-News-Services-Request-Url
X-Dispatcher-Server
Sever-Int
Apple-News-Services-Parsed-Url
X-GeoIP-Country-Code
Apple-News-Services-Host
X-Core-Value
X-GeoIP-Region-Code
X-Gdpr
Fastly-SSL
Fastly-GeoIP-CountryCode
X-Fastly-Backend
X-Fastly-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-Thanos
X-Aicache-OS
L
Pramga
Host-ID
X-Access
Magicmarker
Country-Code
X-Sigma
X-Debug-Cache-Store
X-Tt-Logid
X-V-Cache
Req-Svc-Chain
Release
Apple-News-Services-Handled
X-Sigma-Backend
X-Debug-Cache-Fetch
X-Hash
Ssr
X-Varnish-Beresp-Status
X-We-Are-Hiring
X-Varnish-Hostname
Vix-Hermes-Req-Id
X-Pubstack
X-Proxied-Request
X-Nyt-Route
X-Pool
X-Bip
X-VG-TLSProxy
X-Cache-Info
X-Origin-Time
X-VG-WebCache
X-BBC-Edge-Cache-Status
X-Platform
X-B3-Trace-ID
X-Varnish-Director
X-Op-Id-All
X-Req
X-Instance-Name
X-Rocket-Build-Number
X-Human
X-SB
X-Level-Front-Cache
X-Request-Time
X-Loc
X-Mly-Id
User-Cache-Control
X-Parent-Response-Time
Wxu-Next-Hostname
X-Core-Mission
X-Block-Status
NM-Fastcgi-Cache
Wxu-Next-Commit
On-Server
X-ApacheServer
Web-Mar-Region
True-Client-Country-4JS
X-Cache-TTL-Remaining
X-CacheTTL
X-Ad-Load-Variation
X-Cache-Date
X-Clientip
Tube-Got-Eval
Tube-Got-Results
Uber-Trace-Id
We-Hiring
Tube-Get-Contents
Tube-Return
X-Auto-Login
Producers
Proxy-Firewall
Wxu-Next-Region
Platform
X-NMSegId
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Request-Host
X-Slack-Backend
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-PERF
X-Origin-Response-Time
X-Nginx-Cache-Key
X-NCache
X-Cache-Id
X-Old-Content-Length
Atl-Traceid
X-Device-Os
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Forwarded-Site
Req-ID
X-Node-Id
X-Request-Start
X-Varnishpool
X-TH-Server
X-Zen-Fury
X-WA-Info
X-Var-Ttl
X-UA-Device-Type
X-Via-Poph
X-Via-Popn
X-VServer
X-Via-Popv
X-Mvc-Supplant-OutputCached
X-Org
X-Gen-Mode
X-From
X-Fmm-Version
Click-Count-Error
Click-Count-Action-Start
X-GeoIP
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
DSUID
Machine
Mail-Subject
X-DPWN-IS-SECURE
Is-Eu
X-Esi-Check
Esi-Enabled
Gh-Request-Id
X-GeoIP-City
X-Geo-Header
X-HA-Backend
Adler-Geo
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Irp-Debug
X-GoCache-CacheStatus
X-Gzip
Cache-Provider
C-Via
Canary
X-DC
X-WP-CF-Super-Cache-Cookies-Bypass
X-Edge-Server
X-SIPLIST1
X-Date
X-CF-Lambda-Fn
X-Cdn-Srv
X-Owner
X-Test
X-Wikidot-Backend
X-Proto
X-Wikidot-Static-Cache
X-CF-Lambda-Version
X-App-Name
Cdn-Request-Time
Cdn-Host
X-ZONE
Cf-Device-Type
Expect-Staple
Pics-Label
N-Cache
IsBot
W
AKAMAI
X-Accel-Expires-Debug
X-TA-CDN-Provider
LB
X-Dc
HA-Ipaddr
Ha-Gx-Prefs
Xc-Version
L5d-Success-Class
Cluster
X-Eu-Site
Fastly-Backend-Name
X-Ah-Environment
X-Shop-Environment
X-Tenant
X-Forwarded-Path
X-Qloud-Router
NGX
X-Orig-Expires
X-CGP
X-Amz-Meta-Cb-Modifiedtime
X-Csrf-Jwt
X-Cache-Type
X-Connection-Hash
Expiry
Datacenter
A
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Gamma-Serve
X-Cache-Aspx
Content-Script-Type
X-Branch-Name
Content-Style-Type
X-LB-NoCache
RNT-Time
X-Moov-T
RNT-Machine
X-NGINX-Cache
X-LB-ID
Cache-Key
Cdn-Requestid
Locid
X-Moov-Xdn-Version
Server-ID
Cmsid
Cmstype
X-Ratelimit-Reset
SID
Cdn
X-ND-Cache
X-Cdn-Diag
X-Vmg-Version
X-Refresh
X-Nf-Request-Id
X-Tx-Id
X-Region-Sid
CPC-Age
X-Varnish-Hits
Cdnsip
CPC-Cache
Cdncip
X-AK-Request-ID
X-VHOST
X-Api-Version
X-DynaTrace-JS-Agent
X-HN
NtCoent-Length
X-Wa
X-Amz-Storage-Class
X-LAGOON
X-Tb-Optimization-Total-Bytes-Saved
X-MCACHE
Yak-Timeinfo
X-Client-Ip
X-Servedbyhost
X-CDN-Cache-Status
RATING
PFcat
X-Nc
X-VarnishDD-TTL
GeoIp-Country-Code
X-Backend-Instance
X-Fpc
X-TX-ID
XM
CacheControlHeader
X-Azure-Ref-OriginShield
X-Nananana
X-B3-Parentspanid
X-Hit
X-Akamai-Transformed
X-Srv
X-TIME
X-Origin-Expires
X-Cache-Backend
CloudFront-Viewer-Country
X-Via-Fastly
Resin-Trace
X-Variation
X-API-Version
X-CACHE-AGE
X-LiteSpeed-Tag
Uri
Tcn
User-Agent
X-Lagoon
X-HostName
X-CSRF-TOKEN
VNS-Age
X-URL
X-Zone
VNS-Cache
XkeyRZ
X-LiteSpeed-Cache-Control
X-Fastly-Country-Code
X-Proxy-CacheRZ
Cache-Name
MIME-Version
X-Datacenter
True-Client-Ip
X-Amz-Meta-Opti
X-Info
Cross-Origin-Opener-Policy-Report-Only
X-Geo
X-Vc
Lb
DataCenter
Mime-Version
True-Client-IP
X-Dispatcher-Number
X-DataCenter
X-NewRelic-App-Data
Hostname
X-Dynatrace-Js-Agent
X-UA
X-AIR-PT
X-Ig-Origin-Region
GeoIP-Latitude
X-Cached-By
X-Location
X-B3-Spanid
Cache-Hits
Fastly-Drupal-Html
Fusion-Template-Id
X-NWS-UUID-VERIFY
X-Mid
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-Presslabs-Stats
Cf-Ipcountry
X-Webkit-Csp-Report-Only
X-Cdn-Forward
BehaviorPad-Version
Powered-By
X-Cloudmap
Origin-EX
X-Jungle-Id
Origin-CC
X-IAuth-Set-Uid
X-CUA
Srv
X-User
X-Segment-20210421
X-Traceid
CountryCode
X-ECache
X-CS
X-Varnish-Beresp-TTL
X-Cache-Enabled
Debug
Ohc-File-Size
X-FPC
GeoIP-Country-Code
X-Esi
X-Dispatch
CDN
X-Cdn-Cache-Status
My-App
X-ServedByHost
X-Cs
X-WA
X-Oracle-DMS-ECID
X-NC
Location
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Server-Info
X-Render-Time
Cl-Cache
Wpo-Cache-Message
X-RID
Ohc-Cache-HIT
Wpo-Cache-Status
X-Wormhole-Sdk
X-Lb-Id
Server-Id
X-Internal-Host
X-Snapshot-Date
YJS-ID
CF-Ctrl
X-Litespeed-Tag
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-VTEX-Cache-Server
Load-Balancing
X-Auth-Group-Type
Edge-Cache
X-MSEdge-Features
X-MSEdge-Flight
Section-Origin-Responded
X-Nitro-Cache
Section-Io-Origin-Status
X-App
Section-Io-Origin-Time-Seconds
X-Lb-Nocache
X-Fastly-Backend-Reqs
X-Litespeed-Cache-Control
X-VCL-Version
X-ID
Ms-Author-Via
Xkeylog
X-Cdn-Request-ID
X-Nitro-Cache-From
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
Xkey-La3
X-Proxy-Cache-La3
CF-Cached-On
X-Nitro-Rev
X-Cache-FS-Status
X-Dw-Trace-Id
OriginIP
X-IN-APIGATEWAY
Memcached
Memory
X-Acquia-Purge-Tags
X-Ig-Push-State
X-NodeID
X-APP-VERSION
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Time
X-IN-APIGATEWAYSSL
X-FL-QIT-DEBUG
X-Th-Server
Geoip-Latitude
FSS-Cache
X-FL-EDGE
Ngx
Srvid
X-Shardid
X-Cache-Version
X-Shopid
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Pad
Yjs-Id
X-Ha-Backend
X-Varnish-CookieINHashed-On
X-Mg-Cache
X-Http-Count
X-Te-Duration-Ms
X-Te-Count
Akamai-Cache-Status
X-Http-Duration-Ms
X-Via-PopH
X-Lsadc-Cache
X-Via-PopV
X-Service-Response-Time
X-Web-Server
X-Vary
X-Serial
X-Check-Cacheable
X-DefHash
Sm-Log-Id
X-Udemy-Cache-App-Namespace
X-DefElseHash
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Sucuri-Id
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-Fastly-Cache-Hits
X-RequestId
X-Via-PopN