Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
X-Runtime
Accept-CH
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Via
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
Permissions-Policy
X-Robots-Tag
X-AH-Environment
X-UA-Device
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Allow
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
Cf-Railgun
EagleEye-TraceId
X-Host
X-WebKit-CSP
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Country
X-Application-Context
X-Nginx-Cache-Status
Accept-Ch
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
X-CST
X-Daa-Tunnel
X-Litespeed-Cache
Nginx-Cache
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Server-Name
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-Webkit-Csp
X-ESI
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Ac
X-GitHub-Request-Id
X-Cache-TTL
X-D2id
X-Element-Page-Cache
Edge-Control
Verso
X-MS-InvokeApp
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-ECACHE
X-Upstream
X-Vcap-Request-Id
X-Ser
AR-CACHE
X-B3-TraceId
X-Navigation-Version
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-NF-Request-ID
Fastly-Restarts
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Client-IP
X-Edge-Location-Klb
X-Kinsta-Cache
X-Oneagent-Js-Injection
X-Goog-Hash
X-Mg-S
Edge-Cache-Tag
S
X-Powered-CMS
Display
Pagespeed
X-Sol
X-Middleton-Display
X-ARC
X-Amzn-Trace-Id
X-Ratelimit-Limit
Cache-Status
X-Version
Access-Control-Request-Method
X-PDP-UNCACHING-HASH
Response
X-VARITI-CCR
X-Middleton-Response
X-Cache-Key
X-Fastly-Request-ID
X-TTL
RTSS
X-Content-Digest
X-TraceId
X-T
Realpath
Cross-Origin-Resource-Policy
X-Forwarded-For
X-Ratelimit-Remaining
X-Recruiting
X-Ua-Device
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-Varnish-TTL
X-Correlation-Id
X-RateLimit-Remaining
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
X-Protected-By
Content-MD5
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
X-HS-Cache-Config
X-HS-Content-Id
X-Ua-Browser
X-HS-Hub-Id
X-FTR-Balancer
X-Request-Received
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Request-Processing-Time
Payment
X-Forwarded-Proto
Public-Key-Pins
X-Frontend
Server-Node
X-LLID
TP-Cache
X-PressLabs-Stats
Arr-Disable-Session-Affinity
X-HS-Combine-CSS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-FTR-Expires
Count-Hit
X-Server-ID
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Accel-Expires
X-Kong-Upstream-Latency
X-Distributor
X-NODE
X-TEC-API-ROOT
X-Origin-Server
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-LB-Cache
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Ezoic-Cdn
X-Aws-Lambda-Call-Status
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Server
X-Www-Served-By
X-Activity-Id
X-Az
X-AppVersion
X-B3-TraceId-Primal
Accept-Charset
MRF-Tech
X-Newrelic-App-Data
X-App-Server
Mrf-Cache-Status
Host
X-ORACLE-DMS-ECID
X-Cluster-Name
Cache-Tags
X-Amz-Meta-S3cmd-Attrs
Retry-After
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
Cleartype
Server-Name
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Goog-Metageneration
X-ASPNET-VERSION
X-Hits
Filterid
X-Unique-Id
X-Envoy-Decorator-Operation
X-Git-Hash
Access-Control-Allow-Method
X-CSRF-Token
X-NGENIX-Cache
X-Hostname
X-Azure-Ref
X-Upgrade-Enabled
X-Geo-Country
X-Load-Cache
X-Ttl
X-Logged-In
Referer-Policy
X-Debug
X-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Time
TP-L2-Cache
X-FB-Debug
X-Proxy
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Seen-By
X-CCDN-CacheTTL
X-B
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Control
X-B3-Sampled
X-Trace-Id
X-F-Cache
X-TT
X-Revision
X-Request-Guid
DC
X-Grace
Section-Io-Cache
X-Type
X-XRDS-LOCATION
X-Fb-Rlafr
Healthy
X-Contextid
Surrogate-Key
TCN
Viewport
X-Mobile
X-DIS-Request-ID
Paypal-Debug-Id
X-N
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastly-SIE
Fastly-SWR
X-Page-Id
X-Varnish-Ttl
X-Debug-Info
X-Px
Content-Disposition
X-Webkit-CSP
X-Varnish-Grace
X-Via-JSL
X-Whom
Version
X-Origin-Cache
X-Magnolia-Registration
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Content-Options
X-Template
X-Oracle-Dms-Ecid
Charset
X-Amz-Replication-Status
X-Cache-Grace
X-UUID
MS-CV
X-Wix-Request-Id
X-App-Environment
Ms-Operation-Id
X-Rule
X-RemovedCookies
X-Node-Name
X-RTag
X-ProcessESI
X-Tumblr-User
X-Datadog-Sampled
X-Signature
X-Adobe-Content
VIX-Pulpo-Upstream-Status
X-Storage
X-Tumblr-Pixel
X-B-Cache
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Debug-IsPreview
VIX-Pulpo-Node
X-NWS-UUID-VERIFY
X-G
X-Hl-Ver
SD-X-WS
NGB
X-Source
X-Adobe-Loc
X-Debug-IsConnected
X-Region
X-Rendered-As
X-Proxy-Cache-Info
X-L-Path
ServerID
X-Backend-Name
X-User-Agent
X-Yottaa-Metrics
X-Environment-Context
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Is-Bot
X-Cacheable-TTL
X-Instance
GEO-INFO
X-FW-Static
X-NYM-Debug-Backend
X-FW-Version
X-FW-Server
Country
X-FW-Type
X-ServerID
X-Status
X-Cache-Hit
X-Real-IP
X-FW-Dynamic
X-Device-Type
X-FW-Hash
X-FW-Serve
X-Cache-Age
X-IPS-LoggedIn
Cross-Origin-Window-Policy
X-Language
X-B3-SpanId
Countrycode
SRV
X-Rid
X-Amzn-Remapped-Content-Length
Liferay-Portal
Akamai-GRN
X-Ratelimit-Reset
X-Wormhole-Sdk
X-WP-CF-Super-Cache-Active
X-Sucuri-Cache
Front
X-Sucuri-ID
X-RM-Cache-TTL
OT-Force-Account-Verify
X-Oracle-Dms-Rid
X-Framework
X-Servername
X-AB
X-UA
X-RateLimit-Limit
From-Origin
X-Content-Powered-By
X-VC-Cache
X-VC
Amp-Access-Control-Allow-Source-Origin
X-Mode
Xet-Cookie
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
Backend
X-Air-Pt
X-Xrds-Location
Upgrade-Insecure-Requests
X-URL
Refresh
X-Cache-Time
X-Origin-Cache-Key
X-SRV
X-Handled-By
X-RID
X-Nginx-Cache
X-Endurance-Cache-Level
X-Ismobilevalue
Accept-Language
X-Rn-Rsrv
X-INCAP-ABP
X-RCS-CacheZone
X-Rewrite-Enabled
X-UPSTREAM-Address
X-JoinUs
Cache
Meta-Geo
Filters
X-SaId
X-Xfnlog-Site
X-HTML-Minification-Powered-By
X-Routing-Service
X-Origin-Hint
TWC-Privacy
X-Cache-Rule
TWC-Locale-Group
X-R9-Blue-Green-Version
X-Varnish-Age
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Git-Commit
ServedBy
Property-Id
X-Tumblr-Pixel-2
X-Hosted-By
TWC-Device-Class
TWC-Connection-Speed
X-Cache-Operation
X-Provided-By
Webserver
X-VWS-Id
X-LJ-Flow-ID
X-Reqid
X-No-Session
X-Cache-Status-Check
X-Extlb
X-Container-Uri
X-Cms-Context
LB
X-Proxied
X-AWS-Id
X-Cloudmap
X-Cluster
X-Zipkin-Id
X-Lambda-Id
X-S
X-Origin-Date
X-PHP-Host
Access-Control-Request-Headers
X-IPLB-Request-ID
Web-Mar-Node
X-Accel-Version
Url
Mn-Server-Ip
X-Httpd
X-Adobe-Source
X-Geo-Region
X-Generated-By
X-Cache-Debug
X-BYPASS-REASON
X-Browser-Name
X-IPLB-Instance
X-Is-Desktop
X-Loop
X-Ms-Request-Id
X-Ms-Version
Atl-Traceid
X-Logging-Id
X-Locale
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Labrador-Cache-Channel
Apigw-Requestid
X-DataDome
X-Redis-Cache
X-Served-From
X-Tcp-Rtt
X-Tncms
X-Restarts
X-Api-Version
X-Webstats-RespID
X-ProxyCache-Status
X-ProxyCache-Key
X-Edge-Location
X-Skip-Cache
X-Site-Version
X-Upstream-Ct
Selected-Fe
X-Tb
X-Storefront-Renderer-Rendered
X-Forwarded-Host
X-Proxy-Build
Section-Io-Id
X-VCT
X-Director
X-Detected-As
X-Frame-Option
X-Fetched-On
X-Format
X-Web-Node
X-Cache-Host
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Soup
X-Akamai-Edgescape
X-Alternate-Cache-Key
X-Upstream-Ht
X-Timing-Wait
X-Scope-Id
X-Origin
X-Shopify-Stage
Frame-Options
WPO-Cache-Message
X-Say-TTL
WPO-Cache-Status
X-Say-Cacheable
X-Optimistic-Header
X-Azure-Ref-OriginShield
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Request-URI
X-Sorting-Hat-PodId
Xserver
X-Drupal-Cache-Tags
X-Generation-Time
X-Origin-CC
X-GeoCode
X-Vcache
X-RateLimit-Reset
X-Tt-Logid
X-GeoCountry
Cache-Hits
X-Origin-TTL
X-Lagoon
Cdn-Requestid
Onion-Location
X-Drupal-Cache-Contexts
Source
X-Thinkindot-L3
Thinkindot-CacheControl-Type
X-CMSURLCustom
Thinkindot-Control
X-Shield-Cache-Expires
Expiry
TDXMobile
Protected
X-CDN-Forward
X-Connection-Hash
Thinkindot-CacheControl
X-WP-CF-Super-Cache-Cookies-Bypass
X-Fastly-Request-Id
X-Cdn-Origin
AMP-Access-Control-Allow-Source-Origin
X-Vcl-Version
Fastcgi-Useragent
X-Fastcgi-Cache
X-Buckets
X-Pass-Why
X-Cache-Expired-At
X-PHP-Backend
X-Mg-Request-UUID
X-TA-CDN-Provider
X-Vercel-Cache
X-Vercel-Id
X-Worker
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-RegionName
X-Rocket-Nginx-Serving-Static
Azure-Version
X-ECache
Environment
X-App-Version
Node
X-ID
Sid
X-Proxy-Cache-Status
X-Cache-Action
Priority
CDN-CachedAt
X-Aspnetmvc-Version
Uber-Trace-Id
CDN-EdgeStorageId
CDN-Cache
CDN-Uid
CDN-PullZone
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
CDN-RequestCountryCode
CDN-RequestPullCode
X-GEO
X-Tumblr-Pixel-3
X-Cluster-Node
X-XRDS-Location
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Server-W
X-Cache-Server
Cache-Tv-Group
X-B3-Traceid
DB-Nickname
X-FB-TRIP-ID
HostName
User-Cache-Control
Alternate-Protocol
CF-IPCountry
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Auth-Group-Type
X-Client-Ip
X-Jobs
X-Pad
X-Nf-Request-Id
X-Level-Front-Cache
X-Generated-On
DCR-Decision-By
Rendered-Blocks
X-Gen-Mode
X-Bl-Debug
X-Gzip
X-BCube-Filmed-By
Content-Secure-Policy
X-Bc-Bl
Candidate-Md5Url
X-Ig-Origin-Region
X-Hnp-Log
X-Ig-Push-State
X-Ec-GeoHdr
A
X-Cache-TTL-Remaining
X-Content-Age
X-Conf
X-Core-Value
Cdn-Request-Time
X-Custom-Header
X-D
Cdn-Host
X-Developer
X-Cache-NE
X-Fastly-Backend
X-Service
X-Cache-Id
X-Esi-Check
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Ec-Fail
X-Edge-Server
X-Block-Status
X-Org
X-Rojux
DCR-Processing-Time-Ms
X-SB
Magicmarker
X-ScT
X-Req
Lang
Wxu-Next-Hostname
Wxu-Next-Commit
X-Via-Fastly
Sslversion
X-Vdms-Version
MD5-Digest
X-V-Cache
Ngx.Var.Host
Surrogated-Key
Odigeo-Trace-Id
T-Server
X-TIM-N
X-Dc
X-SRCache-Key
Meta-Geo-Continent
Origin-Agent-Cluster
Origin
X-Viewer-Country
X-Vtex-Remote-Cache
Gannett-Cam-Experience-Id
X-A-Dgt
Wxu-Next-Region
X-A-Wwc
X-A-Dcw
X-Aed
X-ND-Cache
X-A
Edge-Cache
X-A-Ccd
X-A-Dam
X-Op-Id-All
Mime-Version
X-AIR-PT
X-Tx-Id
Req-ID
RNT-Machine
Sever-Int
Server-Hostname
X-CacheTTL
Server-Ext
Server-Host
RNT-Time
Tube-Return
X-B3-Trace-ID
X-Backend-Instance
X-Acquia-Purge-Cdn-Unconfigured
X-Amz-Storage-Class
X-Auto-Login
X-App-Name
X-Cdn-Srv
X-Bip
Tube-Got-Eval
Tube-Get-Contents
V-Age
X-Cache-Info
X-Cache-Bucket
Vix-Hermes-Req-Id
Ssr
X-GeoIP-City
X-Scheme
X-Request-Time
X-SD-PageType
X-Server-IP
X-Thanos
X-Test
X-Region-Sid
X-RateLimit-Remaining-Second
X-Powered-By-VTEX-Cache
X-Policy
X-Proto
X-Pubstack
X-RateLimit-Limit-Second
X-UA-Device-Type
X-Varnish-CookieHashed-On
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-WA-Info
X-Wikidot-Backend
XM
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-Varnish-Director
X-Varnish-CookieINHashed-On
X-Varnish-Hostname
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Platform
X-PAYTM-SRV-ID
X-Forwarded-Site
X-Fmm-Version
X-Gdpr
X-Geo-Header
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-FC-Vary-Parameters
X-Fastly-Cache
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-DefElseHash
X-DefHash
X-Device-Os
X-GoCache-CacheStatus
X-HN
X-NodeID
X-Node-Id
X-Nyt-Route
X-Origin-Expires
X-Origin-Time
X-Origin-Response-Time
X-NMSegId
X-Nginx-Cache-Key
X-Men
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Clientip
Tube-Got-Results
Esi-Enabled
C-Via
Cache-Provider
NM-Fastcgi-Cache
Fastly-Backend-Name
Click-Count-Error
AKAMAI
Host-ID
Fastly-SSL
PFcat
CDCHOST
Country-Code
Click-Count-Action-Start
Content-Style-Type
Content-Script-Type
X-HITS
X-DC
X-Tec-Api-Origin
X-LSADC-Cache
X-Tec-Api-Version
X-Tec-Api-Root
X-Varnish-Beresp-Ttl
Apple-News-Services-Host
X-CUA
X-Var-Ttl
X-Csrf-Jwt
Apple-News-Services-Parsed-Url
Cache-Key
Cdncip
Cdnsip
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Up
X-CGP
Apple-News-Services-Request-Url
X-SVT-ORM-RULES
X-Proxied-Request
X-Hash
X-We-Are-Hiring
X-GeoIP
X-From
X-Pool
X-Human
X-NCache
X-Mvc-Supplant-OutputCached
X-Location
X-Loc
X-Request-Host
X-Request-Start
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Sn-Servicetimems
Adler-Geo
Apple-News-Services-Handled
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-LiteSpeed-Cache-Control
X-Section
X-Eu-Site
X-Aicache-OS
X-Date
Canary
L
L5d-Success-Class
X-MP-GENERATED-AT
Machine
W
We-Hiring
Ha-Gx-Prefs
HA-Ipaddr
Is-Eu
Web-Mar-Region
NGX
On-Server
Req-Svc-Chain
Producers
Proxy-Firewall
Release
Pramga
Powered-By
Origin-CC
Origin-EX
Platform
Gh-Request-Id
Mail-Subject
X-AK-Request-ID
X-Varnish-Beresp-Status
X-BBC-Edge-Cache-Status
Cluster
X-Ad-Load-Variation
DSUID
Fastly-GeoIP-CountryCode
X-Varnishpool
X-Accel-Expires-Debug
X-Access
X-NGINX-Cache
X-Jungle-Id
X-Varnish-Authentication
True-Client-Country-4JS
Yak-Timeinfo
X-Depends
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-Zone
X-Cs
X-LB-ID
X-Varnish-Hits
X-Cache-Backend
X-Vdms-Path
X-Cache-FS-Status
X-Akamai-Transformed
WP-Super-Cache
X-Uri
Debug
CDN-RequestId
X-Datadome
X-Via-Popv
X-Refresh
Server-Info
Pics-Label
Redirect-Candidate
X-HA-Backend
X-Via-Popn
X-Via-Poph
X-Newrelic-Synthetics
CloudFront-Viewer-Country
X-ApacheServer
X-Nananana
X-VHOST
BehaviorPad-Version
X-PERF
X-Render-Time
Fastly-Drupal-HTML
SID
X-Servedbyhost
X-M-Log
X-M-Reqid
X-VC-TTL
X-CACHE-AGE
X-APP
X-Parent-Response-Time
GeoIP-Latitude
X-Original-Request-Id
Fastly-Drupal-Html
X-LB-NoCache
X-Response-Served-From
X-B3-Parentspanid
Locid
X-Content-Length
X-Cached-By
Datacenter
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-TT-LOGID
X-CDN-Cache-Status
Server-ID
Resin-Trace
Cf-Ipcountry
X-CS
X-Amz-Meta-Cb-Modifiedtime
X-Wa
X-Nc
X-LiteSpeed-Tag
GeoIp-Country-Code
X-IAuth-Set-Uid
NtCoent-Length
X-Old-Content-Length
X-ZONE
X-VCache
Cdn
X-Dispatcher-Number
FSS-Cache
Uri
X-TX-ID
Ngx-Var-Key
X-Varnish-Beresp-TTL
Tcn
X-NewRelic-App-Data
Vc-Max-Age
X-Vgn-Hpd-Reason
X-Platform-Cluster
True-Client-Ip
X-RequestId
X-Fpc
X-Esi
Product
X-Platform-Processor
X-Platform-Router
X-HostName
X-SERVER-NAME
Serverhost
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Moov-T
X-Moov-Xdn-Version
Srv
CDN
True-Client-IP
X-TH-Server
X-Cdn-Forward
X-Nf-Ats-Version
X-Nf-Country
X-Nf-Language
X-Ckpd-Fst-Backend
X-B3-Spanid
X-Srv
X-TIME
X-Oracle-DMS-ECID
Cross-Origin-Embedder-Policy-Report-Only
GeoIP-Country-Code
Cf-Device-Type
ServerName
X-Dynatrace-Js-Agent
X-FPC
S-Rt
X-HubSpot-Correlation-Id
Request-ID
X-WA
X-Vc
X-Cdn-Cache-Status
X-Application
X-Bug-Bounty
X-Dispatch
CacheControlHeader
X-External-Request-Id
X-S-Cookie
X-B-Cookie
X-Destination
X-NC
X-User
X-CACHE-KEY
X-Zen-Fury
Server-Id
Geoip-Latitude
X-Geo
Hostname
X-COUNTRY
X-APP-VERSION
X-Instance-Name
X-Sigma
Srvid
X-FL-QIT-DEBUG
X-Cache-Date
X-Sigma-Backend
X-Rocket-Build-Number
X-Webkit-Csp-Report-Only
X-Presslabs-Stats
X-Correlation-ID
X-Lb-Nocache
User-Agent
X-API-Version
X-VServer
Ohc-File-Size
X-Segment-20210421
X-Gamma-Serve
Origin-Trial
X-Info
X-Akamai-Device-Characteristics
ServerHost
X-ServedByHost
X-Vmg-Version
X-Branch-Name
X-Via-PopN
X-Ha-Backend
X-Via-PopV
X-Via-PopH
X-VCL-Version
PICS-Label
Epwk-X-Cache
Cneonction
Cloudfront-Viewer-Country
Load-Balancing
DataCenter
Xc-Version
X-DynaTrace
X-DataCenter
Expect-Staple
X-Limited
X-Ua
X-App
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-MiniProfiler-Ids
Type
X-Hit
X-MSEdge-Flight
X-Amz-Meta-Opti
X-Lb-Id
X-Akamai-Pragma-Client-IP
Ohc-Cache-HIT
X-Serial
X-Check-Cacheable
X-MSEdge-Features
Lb
X-Acquia-Site
X-Acquia-Application-UUID
X-Service-Response-Time
Sm-Log-Id
X-Sqd-Ctime
X-Acquia-Purge-Tags
X-Sqd-Stime
X-Irp-Debug
Warning
Timeexpire
X-Web-Server
X-Datacenter
X-Owner
Cmsid
X-Acquia-Application-Trace
Cmstype
Cross-Origin-Opener-Policy-Report-Only
CountryCode
Servername
X-CSRF-TOKEN
X-LAGOON
X-Litespeed-Cache-Control
X-Origin-Upstream-Status
X-Shardid
X-Via-SSL
X-RAMCache
X-Via-Edge
X-Shopid
N-Cache
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Via-CDN
X-Requestid
X-Core-Mission
X-Ramcache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
Cl-Cache
Edge-Copy-Time
X-Th-Server
X-Udemy-Cache-App-Namespace
X-Snapshot-Date
Ngx
X-Qloud-Router