Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Accept-CH
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Runtime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Generator
X-Ua-Compatible
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
Permissions-Policy
Host-Header
X-Via
EagleId
Keep-Alive
X-Cache-Group
Request-Context
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Proxy-Cache
X-Server
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Backend-Server
X-Server-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Litespeed-Cache
X-Node
Request-Id
X-Country
X-Nginx-Cache-Status
Content-Location
X-Application-Context
X-Cloud-Trace-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
X-ASPNET-VERSION
Service-Worker-Allowed
X-Content-Type
X-Url
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-TtlSet
X-PC
X-Vname
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
X-Cache-TTL
X-Powered-By-Plesk
X-Cnection
Accept-Ch
X-ESI
X-Ac
X-D2id
X-GitHub-Request-Id
X-Element-Page-Cache
Edge-Control
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
Verso
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-CST
X-FTR-Request-ID
AR-CACHE
X-MS-InvokeApp
X-Ser
X-Abt-Application-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Upstream
X-Navigation-Version
Fastly-Restarts
X-B3-TraceId
SPRequestDuration
SPIisLatency
X-Webkit-Csp
X-Mod-Pagespeed
X-ECACHE
X-Amz-Rid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-FastCGI-Cache
X-ARC
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
X-Amzn-Trace-Id
X-Oneagent-Js-Injection
Edge-Cache-Tag
Cache-Status
S
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
RTSS
X-Forwarded-For
Realpath
X-Cache-Key
X-T
Cross-Origin-Resource-Policy
X-Content-Digest
Fastcgi-Cache
X-Recruiting
X-Cached
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ratelimit-Remaining
X-MSEdge-Ref
X-NF-Request-ID
X-TTL
X-Shield-Request-Id
X-RateLimit-Remaining
X-TraceId
MicrosoftSharePointTeamServices
X-PressLabs-Stats
Front-End-Https
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Request-Processing-Time
X-Request-Received
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Browser
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-LLID
TP-Cache
Payment
X-Fastly-Request-ID
Server-Node
Public-Key-Pins
X-Frontend
Count-Hit
X-Protected-By
X-Ruxit-Js-Agent
MS-Author-Via
X-Newrelic-App-Data
X-GUploader-UploadID
X-LB-Cache
X-Accel-Expires
X-HS-Combine-CSS
X-TEC-API-ROOT
X-TEC-API-VERSION
Surrogate-Key
X-TEC-API-ORIGIN
Content-MD5
X-Distributor
X-Origin-Server
X-Server-ID
X-Ezoic-Cdn
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-TTL
X-ORACLE-DMS-ECID
X-NODE
X-Ttl
X-Microsite
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-Jurisdiction
X-Www-Served-By
X-HP-Webp
X-HP-Trace-Id
MRF-Tech
X-Activity-Id
X-App-Server
Accept-Charset
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Az
X-AppVersion
Host
X-Varnish-Server
X-Cluster-Name
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cleartype
X-Varnish-Backend
Cache-Tags
X-FTR-Backend-Server
X-Goog-Metageneration
Filterid
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-Hits
X-Unique-Id
X-Debug
X-Ua-Device
X-Varnish-Ttl
X-Git-Hash
X-FTR-Expires
Access-Control-Allow-Method
Server-Name
X-Logged-In
X-Load-Cache
X-Aspnet-Version
X-Upgrade-Enabled
X-Id
X-Azure-Ref
X-FB-Debug
X-Nf-Request-Id
X-Envoy-Decorator-Operation
X-CSRF-Token
X-NGENIX-Cache
X-Geo-Country
X-Amz-Apigw-Id
X-Amzn-RequestId
TCN
X-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-B
X-TT
Section-Io-Cache
X-Cache-Control
X-Revision
X-Request-Guid
X-Grace
DC
X-Seen-By
X-Proxy
Viewport
X-Fb-Rlafr
X-B3-Sampled
TP-L2-Cache
Healthy
X-Type
X-Contextid
X-XRDS-LOCATION
X-Trace-Id
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
Fastly-SIE
Fastly-SWR
X-Time
X-N
X-Ratelimit-Reset
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Content-Disposition
X-F-Cache
X-Mobile
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Paypal-Debug-Id
X-Varnish-Grace
X-Amz-Replication-Status
Referer-Policy
X-Magnolia-Registration
X-Via-JSL
X-Origin-Cache
X-DIS-Request-ID
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Webkit-CSP
X-Debug-Info
X-Page-Id
X-Ismobilevalue
X-Wormhole-Sdk
Version
X-Px
X-Datadog-Trace-Id
X-RemovedCookies
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-UUID
X-G
X-Fastly-Request-Id
X-ProcessESI
X-App-Environment
X-Rule
X-Oracle-Dms-Ecid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Adobe-Content
X-Source
X-Debug-IsPreview
X-Adobe-Loc
X-Debug-IsConnected
X-Content-Options
X-Node-Name
MS-CV
Ms-Operation-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
SD-X-WS
Cross-Origin-Window-Policy
X-Datadog-Sampled
X-Storage
VIX-Pulpo-Upstream-Status
X-RTag
X-Hl-Ver
VIX-Pulpo-Node
NGB
X-ECache
X-Template
X-Region
X-User-Agent
X-Wix-Request-Id
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-Cacheable-TTL
X-Backend-Name
X-Device-Type
X-Instance
X-Is-Bot
X-Whom
X-Rendered-As
X-ServerID
X-FW-Serve
X-FW-Version
X-Cache-Age
X-FW-Server
X-FW-Type
X-FW-Static
X-L-Path
X-Status
Country
GEO-INFO
X-FW-Dynamic
X-Environment-Context
X-FW-Hash
X-B-Cache
X-Signature
Countrycode
X-RM-Cache-TTL
Charset
Front
Akamai-GRN
X-IPS-LoggedIn
ServerID
X-EdgeConnect-Cache-Status
X-Framework
X-WP-CF-Super-Cache-Active
X-NWS-UUID-VERIFY
X-Real-IP
X-Rid
Amp-Access-Control-Allow-Source-Origin
X-AB
X-Cache-Grace
X-B3-SpanId
Liferay-Portal
X-WebKit-CSP-Report-Only
X-Amzn-Remapped-Content-Length
SRV
X-Language
X-Content-Powered-By
X-Akamai-Request-ID2
X-Cache-Hit
X-Api-Version
X-Air-Pt
X-Oracle-Dms-Rid
X-VC
Accept-Language
OT-Force-Account-Verify
X-Servername
X-Air-Trace-Id
X-Air-Source
X-UA
X-Air-Hostname
X-DataDome
X-RID
X-Sucuri-ID
X-VC-Cache
X-Sucuri-Cache
X-Mode
Backend
From-Origin
Xet-Cookie
Access-Control-Request-Headers
Webserver
X-Cache-Status-Check
X-SRV
X-HTML-Minification-Powered-By
LB
Refresh
X-URL
X-Xrds-Location
X-Mg-Request-UUID
X-Handled-By
X-CLOUD-TRACE-CONTEXT
Upgrade-Insecure-Requests
X-Container-Uri
X-Rn-Rsrv
X-SaId
X-Git-Commit
Meta-Geo
X-Cache-Time
X-Rewrite-Enabled
X-JoinUs
X-UPSTREAM-Address
Filters
X-Fastcgi-Cache
X-Vcl-Version
X-Tumblr-Pixel-2
X-Origin-Date
X-Adobe-Source
X-S
X-Labrador-Cache-Channel
X-Cms-Context
X-Generated-By
X-Hosted-By
X-Request-URI
X-RCS-CacheZone
X-PHP-Host
X-R9-Blue-Green-Version
X-Varnish-Age
X-Provided-By
X-Webstats-RespID
X-Scope-Id
TWC-Locale-Group
Webcakes-Region
X-Accel-Version
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-Privacy
X-Served-From
Section-Io-Id
X-Restarts
X-Lambda-Id
X-Reqid
X-Redis-Cache
X-ProxyCache-Key
X-ProxyCache-Status
Property-Id
X-Locale
TWC-Connection-Speed
TWC-Device-Class
X-Loop
Apigw-Requestid
X-Logging-Id
Atl-Traceid
TWC-GeoIP-Country
X-Akamai-Edgescape
X-No-Session
X-Origin-Hint
X-Is-Mobile
X-Is-Supported-Browser
X-Forwarded-Host
X-Is-Desktop
X-Skip-Cache
X-Geo-Region
X-Fetched-On
X-Site-Version
X-Tncms
X-Httpd
X-Tb
X-Tcp-Rtt
X-Alternate-Cache-Key
X-Shopify-Stage
X-Is-Tablet
X-Web-Node
X-Storefront-Renderer-Rendered
X-Browser-Name
Xserver
X-BYPASS-REASON
X-Cache-Host
X-Cache-Debug
X-Frame-Option
X-Origin
X-Proxy-Build
X-Soup
X-IPLB-Request-ID
X-IPLB-Instance
Mn-Server-Ip
X-Timing-Wait
X-Director
X-VCT
X-Upstream-Ht
X-SayCDN-TTL
Url
Web-Mar-Node
Cache
X-Upstream-Ct
X-Tt-Logid
X-Format
X-Say-TTL
Onion-Location
ServedBy
Selected-Fe
X-Varnish-Cache-Hits
X-Say-Cacheable
X-Detected-As
X-Varnish-Beresp-Grace
X-Cluster
X-Extlb
X-AWS-Id
X-Cloudmap
X-Proxied
X-Zipkin-Id
Expiry
X-RateLimit-Limit
X-ShopId
X-VWS-Id
X-Vcache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Optimistic-Header
X-LJ-Flow-ID
X-Connection-Hash
X-Xfnlog-Site
X-ShardId
X-Routing-Service
X-Cache-Operation
X-Cache-Rule
X-Ms-Request-Id
X-Cache-Expired-At
X-Ms-Version
X-Nginx-Cache
X-INCAP-ABP
X-Endurance-Cache-Level
X-Edge-Location
X-Lagoon
Priority
X-WP-CF-Super-Cache-Cookies-Bypass
Frame-Options
X-GeoCode
X-GeoCountry
WPO-Cache-Message
WPO-Cache-Status
X-Aws-Lambda-Call-Status
Environment
X-Azure-Ref-OriginShield
Protected
Source
CF-IPCountry
X-Cache-Action
X-Proxy-Cache-Status
X-Cdn-Origin
Fastcgi-Useragent
X-CDN-Forward
X-Generation-Time
TDXMobile
Thinkindot-Control
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-CMSURLCustom
Uber-Trace-Id
X-PHP-Backend
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Origin-CC
X-Cluster-Node
Sid
Cdn-Requestid
Locale
X-Urbn-Context-Path
X-Pass-Why
X-Urbn-Site-Id
X-GEO
AMP-Access-Control-Allow-Source-Origin
X-Rocket-Nginx-Serving-Static
X-Worker
X-ID
Azure-SiteName
X-FB-TRIP-ID
X-Buckets
Azure-InstanceId
Cache-Tv-Group
Azure-RegionName
Azure-SlotName
Azure-Version
X-Aspnetmvc-Version
X-Auth-Group-Type
Node
X-App-Version
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullSuccess
CDN-CachedAt
CDN-Cache
CDN-RequestPullCode
X-XRDS-Location
X-Vercel-Id
X-Vercel-Cache
Cache-Hits
X-Server-W
X-Tumblr-Pixel-3
X-Pad
X-NGINX-Cache
Alternate-Protocol
X-Dc
X-LiteSpeed-Cache-Control
X-B3-Traceid
Cross-Origin-Embedder-Policy
X-Cache-Server
X-A
X-Conf
X-Developer
A
Candidate-Md5Url
X-DefElseHash
X-Core-Value
X-Custom-Header
X-D
X-Content-Age
X-DefHash
X-Ec-Fail
X-Gzip
X-GeoIP-City
X-Ig-Origin-Region
X-Service
X-Ig-Push-State
X-Fastly-Backend
X-Esi-Check
X-Dispatcher-Server
X-Ec-GeoHdr
X-Edge-Server
X-Epic-Correlation-Id
X-LSADC-Cache
X-Cache-NE
MD5-Digest
Meta-Geo-Continent
Magicmarker
Lang
X-A-Dam
X-A-Ccd
Ngx.Var.Host
T-Server
Sslversion
Rendered-Blocks
Origin-Agent-Cluster
Surrogated-Key
Odigeo-Trace-Id
X-A-Dcw
X-A-Dgt
Content-Secure-Policy
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Id
Cdn-Request-Time
X-Level-Front-Cache
X-Bc-Bl
DB-Nickname
X-A-Wwc
Gannett-Cam-Experience-Id
X-Aed
DCR-Processing-Time-Ms
DCR-Decision-By
Cdn-Host
X-Generated-On
X-SRCache-Key
X-TIM-N
X-Rojux
X-Req
X-Origin-Expires
X-TA-CDN-Provider
X-V-Cache
X-Varnish-CookieHashed-On
X-Viewer-Country
X-Vtex-Remote-Cache
X-Via-Fastly
X-Vdms-Version
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Org
X-ScT
X-ND-Cache
Mime-Version
X-Client-Ip
User-Cache-Control
X-Node-Id
X-Acquia-Purge-Cdn-Unconfigured
X-UA-Device-Type
X-NMSegId
Wxu-Next-Region
X-Varnish-Hostname
X-Varnish-Director
Wxu-Next-Hostname
X-Aicache-OS
X-Tb-Optimization-Total-Bytes-Saved
X-Backend-Instance
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Test
X-Thanos
X-AK-Request-ID
X-Amz-Storage-Class
X-App-Name
X-B3-Trace-ID
Wxu-Next-Commit
V-Age
X-Micro-Cache
Ssr
X-Men
X-Wikidot-Backend
X-VTEX-Cache-Time
Server-Host
X-VTEX-Cache-Server
Req-ID
RNT-Machine
RNT-Time
X-Loc
True-Client-Country-4JS
X-VarnishDD-TTL
Tube-Return
X-Jobs
X-Bip
Tube-Got-Results
X-Mvc-Supplant-Cachable
X-VG-WebCache
Tube-Get-Contents
Tube-Got-Eval
X-VG-TLSProxy
Vix-Hermes-Req-Id
X-Sn-Servicetimems
X-Origin-Time
X-Origin-Response-Time
X-HN
X-Fastly-Cache
X-PAYTM-SRV-ID
X-Platform
X-Proto
X-Powered-By-VTEX-Cache
X-DPWN-IS-SECURE
X-Policy
X-FC-Vary-Parameters
X-Fmm-Version
X-Op-Id-All
X-GeoIP-Country-Code
X-GeoIP-Region-Code
Producers
X-GeoIP
X-Geo-Header
X-Forwarded-Site
X-Gdpr
X-Gen-Mode
X-Nyt-Route
X-Pubstack
X-RateLimit-Limit-Second
X-Cache-TTL-Remaining
X-CacheTTL
X-Mly-Id
X-Scheme
X-SD-PageType
X-Cache-Info
X-GoCache-CacheStatus
X-Block-Status
X-Cache-FS-Status
X-Server-IP
X-Clientip
X-SB
X-Debug-Cache-Store
Server-Info
X-RateLimit-Remaining-Second
X-Hnp-Log
X-Debug-Cache-Fetch
X-Wikidot-Static-Cache
X-Request-Time
X-NodeID
X-Region-Sid
X-HS-Content-Campaign-Id
X-Cache-Bucket
Esi-Enabled
Country-Code
Content-Style-Type
Fastly-Backend-Name
Fastly-SSL
Is-Eu
Host-ID
Content-Script-Type
Click-Count-Error
Cache-Provider
AKAMAI
Cdncip
Adler-Geo
Click-Count-Action-Start
Cdnsip
NM-Fastcgi-Cache
Edge-Cache
PFcat
Platform
X-Cs
HostName
Pramga
X-Proxied-Request
X-Pool
X-Varnish-Beresp-Status
X-Request-Start
Req-Svc-Chain
X-Ec-Custom-Error
X-Cache-Aspx
X-Varnish-Authentication
X-Request-Host
X-BBC-Edge-Cache-Status
Cluster
X-Human
Powered-By
Server-Ext
Release
Apple-News-Services-Parsed-Url
X-Date
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Depends
Proxy-Firewall
C-Via
X-CUA
Canary
CDCHOST
X-CGP
X-Contensis-Viewer-Groups
BehaviorPad-Version
X-Csrf-Jwt
Cache-Key
On-Server
X-Nginx-Cache-Key
Sever-Int
Origin-CC
Web-Mar-Region
HA-Ipaddr
Ha-Gx-Prefs
X-Tx-Id
Gh-Request-Id
We-Hiring
W
NGX
X-Location
X-Hash
Mail-Subject
Machine
L
L5d-Success-Class
X-Var-Ttl
X-Varnishpool
XM
X-Section
Yak-Timeinfo
DSUID
X-We-Are-Hiring
X-Eu-Site
X-Auto-Login
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Fastly-GeoIP-CountryCode
X-Accel-Expires-Debug
X-Mvc-Supplant-OutputCached
X-Access
Server-Hostname
Origin-EX
X-HITS
X-DC
Origin
X-Cdn-Srv
Debug
X-AIR-PT
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
CDN-RequestId
Fusion-Deployment-Id
X-MP-GENERATED-AT
X-APP
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-LB-ID
Redirect-Candidate
X-Ad-Load-Variation
Fusion-Content-Id
Fusion-Template-Id
X-WA-Info
X-LiteSpeed-Tag
X-Via-Popv
X-HA-Backend
X-Via-Poph
X-Device-Os
X-Zone
X-Via-Popn
X-Varnish-Hits
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Content-Length
GeoIP-Latitude
X-RateLimit-Reset
X-NCache
Fastly-Drupal-Html
X-Up
X-Refresh
X-Nananana
X-VHOST
Pics-Label
X-From
X-B3-Parentspanid
X-CACHE-AGE
Fastly-Drupal-HTML
X-Parent-Response-Time
SID
Vc-Max-Age
X-Akamai-Transformed
X-Dispatcher-Number
CloudFront-Viewer-Country
X-Cache-Backend
X-Jungle-Id
X-CDN-Cache-Status
Product
X-Vdms-Path
X-Servedbyhost
X-DynaTrace-JS-Agent
X-Datadome
X-RequestId
X-Nc
X-Cached-By
X-LB-NoCache
X-CACHE-KEY
X-ZONE
Resin-Trace
X-Litespeed-Tag
WP-Super-Cache
X-Uri
X-Ckpd-Fst-Backend
S-Rt
GeoIp-Country-Code
X-Varnish-Beresp-TTL
X-PERF
X-Render-Time
X-Bug-Bounty
Datacenter
X-Amz-Meta-Cb-Modifiedtime
X-VC-TTL
Server-ID
X-M-Reqid
X-M-Log
X-ApacheServer
X-Wa
X-B3-Spanid
X-TT-LOGID
X-TX-ID
X-IAuth-Set-Uid
X-CS
X-Origin-Cache-Key
Uri
NtCoent-Length
ServerName
Cdn
X-HubSpot-Correlation-Id
True-Client-IP
Srv
FSS-Cache
Locid
X-Esi
X-Fpc
X-HostName
X-SERVER-NAME
X-Nf-Country
X-Nf-Language
X-FPC
X-Nf-Ats-Version
Serverhost
X-Vmg-Version
ServerHost
True-Client-Ip
X-APP-VERSION
CDN
X-Info
X-VCache
X-Gamma-Serve
X-WA
User-Agent
X-Akamai-Device-Characteristics
Tcn
X-Cdn-Forward
X-Srv
X-TIME
X-Dynatrace-Js-Agent
GeoIP-Country-Code
Xc-Version
X-Old-Content-Length
Server-Id
X-NewRelic-App-Data
X-Hit
Request-ID
X-Response-Served-From
Ngx-Var-Key
X-Original-Request-Id
X-Cdn-Cache-Status
Expect-Staple
CacheControlHeader
X-Vc
X-NC
X-Amz-Meta-Opti
X-Moov-Xdn-Version
X-Moov-T
X-Lb-Nocache
X-Vgn-Hpd-Reason
X-V
Hostname
X-COUNTRY
X-Webkit-Csp-Report-Only
Cloudfront-Viewer-Country
X-TH-Server
Srvid
X-ServedByHost
X-FL-QIT-DEBUG
X-Presslabs-Stats
Cf-Ipcountry
X-Eligible
X-Platform-Server
X-Rollout
X-Dispatch
X-New
WZWS-RAY
Cneonction
X-Limited
PICS-Label
X-Geo
N-Cache
Permission-Policy
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
Geoip-Latitude
XkeyRZ
Cf-Device-Type
X-Proxy-CacheRZ
X-Oracle-DMS-ECID
X-VCL-Version
X-Via-PopV
X-Ha-Backend
X-Destination
X-Internal-TTL
X-Via-PopN
X-Via-PopH
Origin-Trial
X-S-Cookie
X-B-Cookie
Cross-Origin-Embedder-Policy-Report-Only
X-Application
X-Ftr-Request-Id
X-User
X-ElasticPress-Query
X-External-Request-Id
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
Cl-Cache
X-EC-Lua
X-Zen-Fury
X-Akamai-Pragma-Client-IP
X-Correlation-ID
X-Path
X-Ua
X-App
Ohc-File-Size
Rtss
X-MSEdge-Flight
X-Sqd-Stime
X-Sqd-Ctime
Epwk-X-Cache
X-Lb-Id
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-MSEdge-Features
X-Instance-Name
X-Serial
X-Check-Cacheable
X-MiniProfiler-Ids
X-Cache-Date
X-Wp-Cf-Super-Cache
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Via-Edge
X-Cdn-Request-ID
Timeexpire
Pragrma
X-SIPLIST1
X-Via-SSL
X-Irp-Debug
IsBot
Edge-Copy-Time
X-DynaTrace
X-Fastly-Cache-Hits
X-Via-CDN
X-Datacenter
X-Acquia-Site
Sm-Log-Id
X-Segment-20210421
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Service-Response-Time
X-Web-Server
X-Acquia-Application-Trace
X-Branch-Name
X-VServer
Cmstype
X-API-Version
Cmsid
Servername
X-LAGOON
X-Litespeed-Cache-Control
CountryCode
X-CSRF-TOKEN
Warning
X-RAMCache
X-Th-Server
Ngx
X-Ramcache
X-Snapshot-Date
X-Amz-Meta-Sha256
X-Origin-Upstream-Status
X-IN-APIGATEWAYSSL
Ohc-Cache-HIT
X-Shardid
X-Sorting-Hat-Podid
X-Shopid
X-IN-APIGATEWAY
Wpo-Cache-Message
X-Sorting-Hat-Shopid
X-Amz-Meta-S3b-Last-Modified
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
Wpo-Cache-Status
X-Dw-Trace-Id
Fl-Custom-Application