Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Runtime
X-Check
X-AspNet-Version
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
Permissions-Policy
Host-Header
X-Via
EagleId
Keep-Alive
X-Cache-Group
Request-Context
X-Robots-Tag
X-Backend
X-UA-Device
X-Hacker
X-AH-Environment
X-Proxy-Cache
X-Turbo-Charged-By
X-Server
X-Rq
X-Age
X-Ws-Request-Id
Cf-Apo-Via
X-Vhost
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Cache-Lookup
EagleEye-TraceId
X-Backend-Server
X-Host
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Cf-Railgun
X-Dns-Prefetch-Control
X-Server-Id
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
X-Litespeed-Cache
Request-Id
X-Node
X-Cloud-Trace-Context
X-Country
X-Nginx-Cache-Status
Content-Location
X-Application-Context
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-TtlSet
X-PC
X-Vname
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Accept-Ch
Nginx-Cache
X-ESI
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Powered-By-Plesk
AR-SID
X-Cache-TTL
X-Cnection
X-Ac
X-D2id
X-GitHub-Request-Id
Edge-Control
X-Element-Page-Cache
Verso
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Cdn-Fetch
X-FTR-Request-ID
X-CST
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Dw-Request-Base-Id
Fastly-Restarts
X-Navigation-Version
X-Upstream
X-B3-TraceId
X-ECACHE
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Amz-Rid
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-ARC
X-FastCGI-Cache
X-Client-IP
X-Goog-Hash
X-SharePointHealthScore
SPRequestGuid
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Limit
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Powered-CMS
X-Oneagent-Js-Injection
X-Webkit-Csp
X-Mg-S
X-Amzn-Trace-Id
Edge-Cache-Tag
Cache-Status
X-Version
S
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-Ratelimit-Remaining
X-Forwarded-For
RTSS
Realpath
X-Cache-Key
X-T
Cross-Origin-Resource-Policy
X-NF-Request-ID
X-Server-ID
X-Content-Digest
Fastcgi-Cache
X-Cached
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-NODE
X-TTL
X-Shield-Request-Id
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-TraceId
X-PressLabs-Stats
Front-End-Https
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ruxit-Js-Agent
Public-Key-Pins
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-HS-Hub-Id
Payment
X-HS-Content-Id
TP-Cache
X-HS-Cache-Config
X-LLID
X-Request-Received
X-Request-Processing-Time
X-Ua-Browser
X-Frontend
Count-Hit
Server-Node
X-Protected-By
Surrogate-Key
X-Newrelic-App-Data
X-GUploader-UploadID
X-LB-Cache
MS-Author-Via
X-HS-Combine-CSS
X-Accel-Expires
X-Distributor
Content-MD5
X-RateLimit-Remaining
X-Origin-Server
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ezoic-Cdn
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ttl
X-Varnish-TTL
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
Accept-Charset
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
MRF-Tech
X-Activity-Id
X-Www-Served-By
X-B3-TraceId-Primal
Mrf-Cache-Status
X-AppVersion
X-App-Server
X-Az
X-Cluster-Name
X-Varnish-Server
X-Ua-Device
X-Varnish-Backend
Cleartype
X-Amz-Meta-S3cmd-Attrs
Host
Retry-After
Cache-Tags
Filterid
X-Goog-Metageneration
X-Varnish-Ttl
X-Unique-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Debug
X-Hits
X-Git-Hash
X-Logged-In
Access-Control-Allow-Method
X-FTR-Expires
X-Aspnet-Version
Server-Name
X-Load-Cache
X-Upgrade-Enabled
X-Id
X-Azure-Ref
TCN
X-FB-Debug
X-Hostname
X-Envoy-Decorator-Operation
X-CSRF-Token
X-Amzn-RequestId
X-NGENIX-Cache
X-Amz-Apigw-Id
X-Geo-Country
X-Proxy
X-TT
X-Tt-Trace-Tag
X-B
X-Tt-Trace-Host
Section-Io-Cache
X-Revision
X-Nf-Request-Id
X-Seen-By
X-Request-Guid
X-Grace
X-Cache-Control
X-Ratelimit-Reset
Viewport
X-Contextid
DC
Healthy
X-Fb-Rlafr
X-Trace-Id
X-B3-Sampled
TP-L2-Cache
X-Goog-Generation
X-Goog-Storage-Class
X-Type
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Fastly-SWR
Fastly-SIE
Content-Disposition
X-Time
X-F-Cache
X-N
X-Mobile
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Varnish-Grace
Paypal-Debug-Id
X-Amz-Replication-Status
X-Magnolia-Registration
Referer-Policy
X-Via-JSL
X-Webkit-CSP
X-XRDS-LOCATION
X-Ismobilevalue
X-Origin-Cache
X-DIS-Request-ID
X-Wormhole-Sdk
X-Page-Id
X-Debug-Info
X-Oracle-Dms-Ecid
Version
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-UUID
X-Content-Options
X-G
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Debug-IsConnected
X-Datadog-Sampling-Priority
X-Px
X-Debug-IsPreview
X-App-Environment
Amp-Access-Control-Allow-Source-Origin
X-Rule
X-Template
X-Adobe-Content
X-Adobe-Loc
X-Yottaa-Metrics
VIX-Pulpo-Upstream-Status
X-Datadog-Sampled
X-Yottaa-Optimizations
X-Storage
X-Hl-Ver
X-Node-Name
X-ProcessESI
X-RemovedCookies
Ms-Operation-Id
NGB
MS-CV
SD-X-WS
X-RTag
X-Source
Cross-Origin-Window-Policy
VIX-Pulpo-Node
X-Rid
X-Tumblr-Pixel
X-Rendered-As
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Region
X-Proxy-Cache-Info
X-Cacheable-TTL
X-Backend-Name
X-Device-Type
X-Instance
X-Is-Bot
X-User-Agent
X-NYM-Debug-Backend
X-Wix-Request-Id
X-L-Path
X-FW-Dynamic
X-FW-Hash
X-Environment-Context
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Version
X-FW-Serve
X-ServerID
X-Status
X-Whom
Country
GEO-INFO
X-Signature
X-Cache-Age
X-B-Cache
X-RM-Cache-TTL
Front
Countrycode
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
X-Fastly-Request-Id
Akamai-GRN
Charset
X-WP-CF-Super-Cache-Active
X-Framework
ServerID
X-EdgeConnect-Cache-Status
X-Real-IP
X-AB
X-Api-Version
X-Cache-Grace
X-ECache
SRV
X-Language
X-B3-SpanId
X-Air-Pt
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-Oracle-Dms-Rid
X-Content-Powered-By
X-Xrds-Location
X-Akamai-Request-ID2
X-Cache-Hit
X-DataDome
X-WebKit-CSP-Report-Only
Accept-Language
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-VC
OT-Force-Account-Verify
X-Mode
X-URL
X-Servername
X-UA
Backend
X-Sucuri-ID
LB
Xet-Cookie
X-Sucuri-Cache
X-VC-Cache
X-Cache-Status-Check
From-Origin
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
Webserver
X-Tt-Logid
X-SRV
X-Mg-Request-UUID
Refresh
X-Fastcgi-Cache
X-Nginx-Cache
X-Handled-By
X-SaId
X-Git-Commit
X-JoinUs
X-Container-Uri
Meta-Geo
X-Rn-Rsrv
Filters
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Vcl-Version
Upgrade-Insecure-Requests
X-PHP-Host
X-Provided-By
X-Generated-By
X-S
X-Hosted-By
X-Origin-Date
X-Webstats-RespID
X-Cms-Context
X-Request-URI
X-Cache-Time
X-Adobe-Source
X-RCS-CacheZone
X-Vcache
X-R9-Blue-Green-Version
X-Labrador-Cache-Channel
TWC-Locale-Group
X-Varnish-Age
Webcakes-App-Version
X-Accel-Version
X-Akamai-Edgescape
X-Origin-Hint
Webcakes-Region
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Connection-Speed
X-ProxyCache-Status
Onion-Location
X-Reqid
X-Restarts
Atl-Traceid
X-ProxyCache-Key
Property-Id
TWC-Device-Class
X-Shopify-Stage
X-Tncms
ServedBy
Section-Io-Id
TWC-GeoIP-Country
X-Alternate-Cache-Key
Xserver
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Desktop
X-Httpd
X-Scope-Id
X-Geo-Region
X-Is-Tablet
X-Tcp-Rtt
X-Tb
X-Storefront-Renderer-Rendered
X-Loop
X-Logging-Id
X-Lambda-Id
X-Locale
X-Forwarded-Host
X-Served-From
X-Cache-Debug
X-Web-Node
X-Cache-Host
X-BYPASS-REASON
X-Site-Version
Apigw-Requestid
X-Fetched-On
X-Browser-Name
Url
Web-Mar-Node
X-Proxy-Build
X-Origin
X-IPLB-Instance
X-Director
X-Format
Selected-Fe
X-IPLB-Request-ID
X-Cluster
Mn-Server-Ip
X-Detected-As
X-Frame-Option
X-Redis-Cache
X-SayCDN-TTL
X-Varnish-Beresp-Grace
X-Say-TTL
X-Say-Cacheable
X-Upstream-Ht
Cache
X-VCT
X-Xfnlog-Site
X-Soup
X-Skip-Cache
X-Timing-Wait
X-No-Session
X-Upstream-Ct
X-Varnish-Cache-Hits
X-AWS-Id
X-Sorting-Hat-PodId
X-Zipkin-Id
X-ShopId
X-VWS-Id
X-RID
X-Optimistic-Header
X-Cloudmap
X-Extlb
X-ShardId
X-Sorting-Hat-ShopId
X-Tumblr-Pixel-2
X-LJ-Flow-ID
X-Proxied
X-Routing-Service
X-Cache-Operation
X-Cache-Expired-At
X-Cache-Rule
X-Ms-Request-Id
X-Connection-Hash
X-Ms-Version
Expiry
X-Endurance-Cache-Level
X-Edge-Location
Priority
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
X-INCAP-ABP
CF-IPCountry
Frame-Options
Cdn-Requestid
Environment
Source
X-GeoCountry
X-GeoCode
Fastcgi-Useragent
WPO-Cache-Message
WPO-Cache-Status
X-Proxy-Cache-Status
Protected
X-Cache-Action
Uber-Trace-Id
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Generation-Time
X-Cluster-Node
X-Origin-TTL
X-Origin-CC
X-CMSURLCustom
X-Azure-Ref-OriginShield
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-PHP-Backend
X-CDN-Forward
Thinkindot-Control
TDXMobile
X-RateLimit-Limit
X-Cdn-Origin
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-ID
X-GEO
X-Rocket-Nginx-Serving-Static
X-Aspnetmvc-Version
X-Aws-Lambda-Call-Status
X-FB-TRIP-ID
X-App-Version
X-Buckets
X-CLOUD-TRACE-CONTEXT
X-Pass-Why
Azure-InstanceId
Azure-SlotName
Azure-Version
Azure-SiteName
Azure-RegionName
X-Worker
X-Auth-Group-Type
X-XRDS-Location
Cache-Tv-Group
Sid
Node
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-Uid
CDN-CachedAt
X-Server-W
X-B3-Traceid
X-Vercel-Id
X-Vercel-Cache
Cache-Hits
X-Pad
Alternate-Protocol
X-LiteSpeed-Cache-Control
AMP-Access-Control-Allow-Source-Origin
X-A
Cross-Origin-Embedder-Policy
X-LSADC-Cache
X-DC
X-Client-Ip
X-Tumblr-Pixel-3
T-Server
Sslversion
Server-Info
X-A-Ccd
Surrogated-Key
X-A-Dgt
X-Aed
Rendered-Blocks
X-A-Wwc
X-A-Dcw
X-A-Dam
Lang
Content-Secure-Policy
DB-Nickname
DCR-Decision-By
Cdn-Request-Time
Cdn-Host
A
Candidate-Md5Url
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Ngx.Var.Host
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
X-Bc-Bl
Magicmarker
Origin-Agent-Cluster
X-Core-Value
X-Origin-Expires
X-Rojux
X-ScT
X-Org
X-ND-Cache
X-Ig-Origin-Region
X-Ig-Push-State
X-Level-Front-Cache
X-SRCache-Key
X-TIM-N
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-V-Cache
X-Varnish-CookieHashed-On
X-Gzip
X-GeoIP-City
X-Content-Age
X-Custom-Header
X-DefElseHash
X-Conf
X-Cache-NE
X-Bl-Debug
X-Cache-Id
X-DefHash
X-Developer
X-Esi-Check
X-Fastly-Backend
X-Generated-On
X-Epic-Correlation-Id
X-Edge-Server
X-Ec-Fail
X-Ec-GeoHdr
X-BCube-Filmed-By
X-D
X-Tx-Id
Mime-Version
User-Cache-Control
X-TA-CDN-Provider
NM-Fastcgi-Cache
Platform
X-GeoIP-Region-Code
X-FC-Vary-Parameters
X-Fastly-Cache
X-GoCache-CacheStatus
X-GeoIP-Country-Code
X-GeoIP
X-Forwarded-Site
PFcat
X-Gdpr
X-HN
X-Gen-Mode
X-Fmm-Version
X-HS-Content-Campaign-Id
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Node-Id
Fastly-SSL
Fastly-Backend-Name
X-NodeID
X-App-Name
X-Mly-Id
X-Jobs
Producers
X-Loc
Is-Eu
X-Micro-Cache
X-Men
X-Hnp-Log
Req-ID
Wxu-Next-Region
X-Cache-Info
X-Cache-FS-Status
Wxu-Next-Hostname
Wxu-Next-Commit
X-CacheTTL
X-Cache-TTL-Remaining
X-Cache-Bucket
X-Block-Status
X-AK-Request-ID
X-B3-Trace-ID
X-Aicache-OS
X-Backend-Instance
X-Bip
X-Acquia-Purge-Cdn-Unconfigured
Vix-Hermes-Req-Id
V-Age
X-Debug-Cache-Store
Server-Host
RNT-Time
RNT-Machine
Esi-Enabled
X-Dispatcher-Server
X-Debug-Cache-Fetch
Ssr
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
X-Clientip
True-Client-Country-4JS
X-DPWN-IS-SECURE
X-Mvc-Supplant-Cachable
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Service
X-Sn-Servicetimems
Adler-Geo
Cache-Provider
X-Req
X-Request-Time
X-SD-PageType
X-Nyt-Route
X-Thanos
X-UA-Device-Type
X-Wikidot-Backend
X-Cache-Server
X-Wikidot-Static-Cache
XM
BehaviorPad-Version
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-VarnishDD-TTL
X-Varnish-Director
X-VG-TLSProxy
X-VG-WebCache
X-Via-Fastly
X-Region-Sid
X-Server-IP
Country-Code
Click-Count-Action-Start
X-Policy
X-Pubstack
Content-Style-Type
Click-Count-Error
X-Powered-By-VTEX-Cache
Content-Script-Type
X-Proto
Cdnsip
X-Platform
X-Op-Id-All
X-Origin-Time
X-Origin-Response-Time
Edge-Cache
Cdncip
X-HITS
X-Dc
X-Varnish-Beresp-Ttl
X-Auto-Login
X-Location
Yak-Timeinfo
HostName
X-Cdn-Srv
X-BBC-Edge-Cache-Status
X-PAYTM-SRV-ID
X-We-Are-Hiring
X-Nginx-Cache-Key
X-Varnish-Beresp-Status
X-Pool
X-Varnishpool
X-Cache-Aspx
X-Varnish-Hostname
X-Proxied-Request
X-Scheme
X-Eu-Site
X-Ec-Custom-Error
X-Section
X-SB
X-RateLimit-Limit-Second
X-Geo-Header
X-Request-Host
X-RateLimit-Remaining-Second
X-Request-Start
X-Depends
X-Slack-Backend
X-Csrf-Jwt
X-Contensis-Viewer-Groups
X-CGP
X-Var-Ttl
X-CUA
X-Cs
X-Slack-Shared-Secret-Outcome
X-Hash
X-Date
X-Varnish-Authentication
X-Human
Origin
Origin-CC
On-Server
NGX
L5d-Success-Class
Mail-Subject
Origin-EX
Powered-By
Server-Ext
Server-Hostname
Req-Svc-Chain
Release
Pramga
Proxy-Firewall
L
Host-ID
Apple-News-Services-Request-Url
C-Via
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
AKAMAI
Apple-News-Services-Handled
Cache-Key
Canary
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
Fastly-GeoIP-CountryCode
CDCHOST
DSUID
Sever-Int
Machine
We-Hiring
Web-Mar-Region
X-Access
X-Amz-Storage-Class
W
X-Accel-Expires-Debug
X-NGINX-Cache
Debug
Cluster
X-Newrelic-Synthetics
Fusion-Content-Id
Fusion-Component-Id
X-WA-Info
Fusion-Content-Source
X-AIR-PT
X-APP
X-Ah-Environment
Fusion-Template-Id
Fusion-Source
X-Ad-Load-Variation
Fusion-Deployment-Id
X-LB-ID
X-MP-GENERATED-AT
Redirect-Candidate
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-HA-Backend
SID
X-Via-Popv
Fastly-Drupal-HTML
GeoIP-Latitude
X-Via-Poph
X-Varnish-Hits
X-Via-Popn
X-Content-Length
X-Device-Os
X-Zone
CloudFront-Viewer-Country
Pics-Label
X-VHOST
X-Refresh
Vc-Max-Age
X-CACHE-AGE
X-NCache
X-Nananana
X-From
X-LiteSpeed-Tag
X-Dispatcher-Number
CDN-RequestId
X-Servedbyhost
X-B3-Parentspanid
X-Up
X-Litespeed-Tag
X-Parent-Response-Time
X-LB-NoCache
X-Akamai-Transformed
Product
X-Cache-Backend
X-Jungle-Id
X-Nc
X-ZONE
Fastly-Drupal-Html
X-RequestId
X-RateLimit-Reset
X-Vdms-Path
X-CACHE-KEY
X-CDN-Cache-Status
X-Ckpd-Fst-Backend
Resin-Trace
X-Wa
Server-ID
X-Cached-By
X-DynaTrace-JS-Agent
S-Rt
X-Uri
X-Bug-Bounty
Cdn
X-Datadome
X-B3-Spanid
WP-Super-Cache
Datacenter
X-VC-TTL
X-Amz-Meta-Cb-Modifiedtime
ServerName
X-M-Reqid
X-PERF
GeoIp-Country-Code
X-M-Log
X-Render-Time
X-CS
X-ApacheServer
X-HubSpot-Correlation-Id
X-IAuth-Set-Uid
FSS-Cache
Uri
NtCoent-Length
X-Fpc
X-Varnish-Beresp-TTL
True-Client-Ip
Serverhost
X-SERVER-NAME
X-TX-ID
True-Client-IP
Srv
Locid
X-Nf-Ats-Version
X-Vmg-Version
X-Nf-Country
X-Nf-Language
X-Cdn-Forward
X-Akamai-Device-Characteristics
GeoIP-Country-Code
X-Gamma-Serve
User-Agent
X-Dynatrace-Js-Agent
X-TT-LOGID
X-Info
ServerHost
X-Srv
X-TIME
X-Origin-Cache-Key
X-FPC
X-NewRelic-App-Data
X-Cdn-Cache-Status
Xc-Version
X-APP-VERSION
Request-ID
X-Hit
X-Webkit-Csp-Report-Only
X-Old-Content-Length
X-Vc
X-WA
X-HostName
Expect-Staple
CacheControlHeader
CDN
X-VCache
Server-Id
X-V
X-Amz-Meta-Opti
Tcn
Ngx-Var-Key
Hostname
X-COUNTRY
X-Moov-T
X-Original-Request-Id
X-Vgn-Hpd-Reason
X-Moov-Xdn-Version
X-NC
Srvid
X-FL-QIT-DEBUG
X-Response-Served-From
X-Presslabs-Stats
X-Lb-Nocache
X-Esi
X-Rollout
Permission-Policy
N-Cache
Cneonction
WZWS-RAY
X-Eligible
X-New
X-TH-Server
X-Platform-Server
X-Geo
Cloudfront-Viewer-Country
X-Dispatch
PICS-Label
X-Proxy-CacheRZ
XkeyRZ
X-ServedByHost
X-Limited
X-VCL-Version
Cf-Ipcountry
X-Oracle-DMS-ECID
Origin-Trial
X-Platform-Processor
X-Via-PopH
X-Ha-Backend
X-Via-PopN
X-Via-PopV
X-Platform-Router
Cf-Device-Type
Ohc-File-Size
Geoip-Latitude
X-Platform-Cluster
X-Internal-TTL
X-ElasticPress-Query
X-Ftr-Request-Id
X-S-Cookie
X-Destination
X-Akamai-Pragma-Client-IP
Cross-Origin-Embedder-Policy-Report-Only
X-EC-Lua
X-Ua
Cl-Cache
X-VTEX-Cache-Backend-Header-Time
X-Correlation-ID
X-B-Cookie
X-External-Request-Id
X-Application
X-App
X-Path
X-User
X-VTEX-Cache-Backend-Connect-Time
Rtss
X-Sqd-Ctime
X-Lb-Id
X-Sqd-Stime
X-Check-Cacheable
X-SIPLIST1
IsBot
X-Serial
X-Zen-Fury
X-Cambria-Cache-Control
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Edge-Copy-Time
X-Cdn-Request-ID
X-Via-CDN
X-DynaTrace
X-Via-SSL
Ohc-Cache-HIT
Timeexpire
X-Via-Edge
X-Irp-Debug
Pragrma
X-Fastly-Cache-Hits
X-Service-Response-Time
X-Web-Server
X-Acquia-Application-Trace
X-Instance-Name
X-Acquia-Purge-Tags
Epwk-X-Cache
Sm-Log-Id
X-MSEdge-Features
X-MSEdge-Flight
X-MiniProfiler-Ids
Cmstype
X-Acquia-Site
X-Acquia-Application-UUID
X-Cache-Date
X-Sigma-Backend
X-Sigma
Cmsid
X-Rocket-Build-Number
X-CDN-Origin
X-CSRF-TOKEN
Servername
X-Litespeed-Cache-Control
CountryCode
X-LAGOON
X-Segment-20210421
X-Ramcache
X-Snapshot-Date
X-Traceid
X-Th-Server
Akamai-Mon-Iucid-Del
X-AB-Test
X-RAMCache
X-VServer
X-Datacenter
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-IN-APIGATEWAY
X-Shopid
X-Shardid
X-Branch-Name
X-IN-APIGATEWAYSSL
X-Origin-Upstream-Status
X-Dw-Trace-Id
X-API-Version
X-Fastly-Backend-Reqs
Warning
Ngx
X-Amz-Meta-S3b-Last-Modified
Wpo-Cache-Status
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
Wpo-Cache-Message
Fl-Custom-Application