Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
X-XSS-Protection
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Xss-Protection
X-FRAME-OPTIONS
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
P3p
X-Runtime
X-AspNet-Version
Accept-CH
X-DNS-Prefetch-Control
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
Timing-Allow-Origin
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-Content-Security-Policy
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
CF-Ray
X-Amz-Id-2
Host-Header
X-Backend
Allow
Cf-Edge-Cache
X-Cache-Group
Request-Context
X-Robots-Tag
X-Server
Keep-Alive
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Vhost
X-Proxy-Cache
X-Rq
X-Age
Xkey
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-Dns-Prefetch-Control
Cf-Apo-Via
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
Cf-Railgun
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-CST
X-WebKit-CSP
X-Backend-Server
X-OneAgent-JS-Injection
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Request-Id
Surrogate-Control
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
Accept-Ch-Lifetime
X-Nginx-Cache-Status
X-Node
X-Application-Context
X-Oneagent-Js-Injection
X-Country-Code
X-Trace
Content-Location
X-Cache-Lookup
X-Url
X-Ruxit-JS-Agent
Service-Worker-Allowed
X-Content-Type
X-Country
X-Clacks-Overhead
X-ECACHE
X-Litespeed-Cache
X-Edge
X-Mod-Pagespeed
Accept-Ch
X-Amz-Server-Side-Encryption
X-Origin-Cache-Key
X-Midtier
X-Rack-Cache
Cache-Tag
Cross-Origin-Opener-Policy
X-FTR-Request-ID
X-MS-InvokeApp
X-Mcache
X-Powered-By-Plesk
X-Vname
X-TtlSet
X-PC
X-Upstream
X-ESI
Nginx-Cache
Rating
Edge-Control
X-Ruxit-Js-Agent
X-D2id
X-Element-Page-Cache
X-Browser-Type
Verso
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Times
X-Ac
X-Server-Name
X-Cnection
SPIisLatency
SPRequestDuration
X-Vcap-Request-Id
AR-ATIME
AR-Request-ID
AR-SID
AR-PoweredBy
X-Navigation-Version
X-RateLimit-Remaining
SPRequestGuid
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-Abt-Application-Version
X-VARITI-CCR
X-NF-Request-ID
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-GitHub-Request-Id
X-Ser
X-B3-TraceId
Origin-Trial
AR-CACHE
S
RTSS
X-Cache-Key
X-Cache-TTL
X-Mg-S
Edge-Cache-Tag
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Goog-Hash
X-Amz-Rid
X-Content-Security-Policy-Report-Only
X-Amzn-Trace-Id
Fastly-Restarts
X-Powered-CMS
X-Client-IP
X-Ttl
X-Varnish-TTL
X-NWS-LOG-UUID
X-Server-ID
X-Version
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Kinsta-Cache
Access-Control-Request-Method
X-ARC
Cache-Status
X-Recruiting
X-Webkit-Csp
Arr-Disable-Session-Affinity
X-Content-Digest
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-T
X-MSEdge-Ref
X-Forwarded-For
X-Ua-Device
Content-MD5
Response
X-TraceId
X-Middleton-Response
MicrosoftSharePointTeamServices
X-Accel-Expires
X-Hits
X-Shield-Request-Id
TP-Cache
X-Cached
X-RateLimit-Limit
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Public-Key-Pins
X-Fastcgi-Cache
X-Frontend
X-Id
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend-Server
Server-Node
X-FTR-Cache-Status
X-Request-Received
X-Request-Processing-Time
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Expires
Payment
X-HS-Cache-Config
X-Ua-Browser
MS-Author-Via
X-WebKit-CSP-Report-Only
X-DIS-Request-ID
X-Kinja-CCPA
Front-End-Https
X-ORACLE-DMS-RID
Cross-Origin-Resource-Policy
X-GUploader-UploadID
X-Forwarded-Proto
X-LLID
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Cache-Tags
X-LB-Cache
TP-L2-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
Realpath
X-Protected-By
X-FastCGI-Cache
X-Origin-Server
Count-Hit
X-Daa-Tunnel
X-PressLabs-Stats
X-Distributor
X-TTL
X-Request-Handler-Origin-Region
X-Microsite
X-ORACLE-DMS-ECID
X-Page-Id
X-F-Cache
X-Cluster-Name
X-Activity-Id
X-AppVersion
Accept-Charset
X-B3-TraceId-Primal
X-Az
MRF-Tech
Mrf-Cache-Status
X-Varnish-Backend
X-Www-Served-By
X-NGENIX-Cache
X-Correlation-Id
X-Geo-Country
X-App-Server
X-Rid
Referer-Policy
X-Hostname
X-FB-Debug
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Goog-Metageneration
X-Varnish-Server
X-Debug-Info
Host
X-Envoy-Decorator-Operation
Fastcgi-Cache
Access-Control-Allow-Method
X-Git-Hash
X-RateLimit-Reset
Retry-After
X-XRDS-LOCATION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Server-Name
X-Px
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Content-Options
DC
X-B3-Sampled
X-Load-Cache
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Request-Guid
X-Fastly-Request-ID
X-Route-Name
X-Contextid
X-Mobile
X-Revision
Cleartype
X-Signature
X-Language
X-Trace-Id
X-Type
TCN
X-App-Environment
X-B-Cache
Charset
X-Grace
X-Origin-Cache
X-TT
Paypal-Debug-Id
X-Fb-Rlafr
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-B
X-ASPNET-VERSION
X-Datadog-Parent-Id
X-Cache-Control
X-CSRF-Token
Frame-Options
X-Amz-Meta-S3cmd-Attrs
Section-Io-Cache
X-Goog-Storage-Class
X-Ratelimit-Limit
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Amz-Replication-Status
X-Goog-Generation
X-Logged-In
X-Upgrade-Enabled
Filterid
X-Newrelic-App-Data
X-Seen-By
X-Whom
X-Magnolia-Registration
X-Ezoic-Cdn
X-EdgeConnect-Cache-Status
X-Oracle-Dms-Ecid
Healthy
X-Wix-Request-Id
X-Azure-Ref
X-App-Version
X-Node-Name
Content-Disposition
X-B3-Traceid
X-Proxy
Backend
X-N
X-Fastly-Request-Id
X-Oracle-Dms-Rid
Akamai-GRN
X-Varnish-Ttl
X-Template
Upgrade-Insecure-Requests
X-Proxy-Cache-Info
Refresh
NGB
X-Response-Served-From
X-Air-Pt
X-Original-Request-Id
X-Servername
X-Rendered-As
X-Is-Bot
Url
X-Datadog-Sampled
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
Ms-Operation-Id
MS-CV
X-RTag
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Unique-Id
X-Tumblr-User
X-Page-View
X-Tumblr-Pixel-0
Liferay-Portal
X-UUID
X-Debug-IsPreview
X-Debug-IsConnected
X-Varnish-Grace
X-Adobe-Content
X-Cache-Grace
X-Cacheable-TTL
X-Environment-Context
X-User-Agent
X-Jobs
X-Region
X-L-Path
Viewport
X-Adobe-Loc
X-Instance
X-Amzn-Remapped-Content-Length
X-G
X-Yottaa-Optimizations
From-Origin
X-Yottaa-Metrics
X-IPS-LoggedIn
X-Ratelimit-Remaining
X-Debug
Country
Fastly-SWR
Fastly-SIE
X-Use-Magma
X-FW-Server
X-FW-Static
X-FW-Version
X-B3-SpanId
X-FW-Serve
X-FW-Type
X-FW-Hash
X-Device-Type
X-FW-Dynamic
X-Cache-Hit
X-Status
X-NYM-Debug-Backend
X-Rule
Surrogate-Key
X-Hosted-By
X-Hl-Ver
X-Air-Trace-Id
X-Backend-Name
X-Air-Source
X-Air-Hostname
X-Webkit-CSP
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
ServerID
X-Cache-Age
X-Content-Powered-By
X-Http-Reason
Protected
X-XRDS-Location
X-Time
X-Akamai-Request-ID2
X-Cache-Status-Check
X-VC-Cache
X-Origin-TTL
X-NODE
Amp-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-Origin-CC
Version
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Tec-Api-Origin
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
X-Tec-Api-Root
X-Tec-Api-Version
WPO-Cache-Status
Countrycode
WPO-Cache-Message
X-Rocket-Nginx-Serving-Static
X-INCAP-ABP
X-Framework
X-Nginx-Cache
X-CDN-Forward
X-Edge-Location
Front
CF-IPCountry
GEO-INFO
X-Source
X-Via-JSL
SRV
Access-Control-Request-Headers
X-Cache-Rule
X-Storage
X-Httpd
X-Mode
X-Accel-Version
X-Endurance-Cache-Level
X-WP-CF-Super-Cache-Active
X-Use-Mantle
X-Upstream-Ht
CDN-RequestId
X-Cache-Operation
X-Xfnlog-Site
X-Rewrite-Enabled
X-Upstream-Ct
X-VC
Meta-Geo
Accept-Language
Filters
X-Rn-Rsrv
OT-Force-Account-Verify
Webserver
X-UPSTREAM-Address
X-JoinUs
Selected-Fe
X-Tumblr-Pixel-2
X-Lambda-Id
X-Cache-Debug
X-Detected-As
X-SaId
X-Director
X-Real-IP
Xet-Cookie
X-Timing-Wait
X-Tncms
X-Proxy-Build
X-Loop
X-Soup
X-Varnish-Age
X-Tumblr-Pixel-3
X-Served-From
X-Cache-Time
X-Cms-Context
X-ProxyCache-Status
Apigw-Requestid
X-Skip-Cache
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-BYPASS-REASON
X-Adobe-Source
X-Redis-Cache
X-Handled-By
X-Sql-Count
X-Sql-Duration-Ms
ServedBy
AMP-Access-Control-Allow-Source-Origin
X-ProxyCache-Key
X-Format
Property-Id
X-SayCDN-TTL
Azure-SiteName
X-Server-W
DB-Nickname
X-Origin-Hint
Azure-Version
X-Say-TTL
Azure-InstanceId
Azure-RegionName
TWC-Connection-Speed
X-Say-Cacheable
X-Uri
Azure-SlotName
X-S
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
TWC-Device-Class
Web-Mar-Node
X-No-Session
TWC-Privacy
TWC-Locale-Group
X-COUNTRY
X-Logging-Id
X-Cache-Host
Webcakes-Region
TWC-GeoIP-LatLong
X-Restarts
X-DynaTrace
X-Container-Uri
X-Cache-Server
X-Is-Tablet
X-Origin
X-RCS-CacheZone
X-LJ-Flow-ID
Xserver
X-Labrador-Cache-Channel
X-Worker
X-Zipkin-Id
X-VWS-Id
X-ServerID
X-Proxied
X-Browser-Name
X-VCT
X-Vercel-Id
X-Vercel-Cache
X-RM-Cache-TTL
X-Routing-Service
X-Geo-Region
X-Git-Commit
X-PHP-Host
X-Generation-Time
X-Fetched-On
X-Forwarded-Host
X-Tb
X-Tcp-Rtt
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Desktop
X-IPLB-Request-ID
X-IPLB-Instance
X-Extlb
Mn-Server-Ip
X-AWS-Id
X-AB
X-Cluster
X-Reqid
Cache-Tv-Group
X-Frame-Option
X-Ms-Version
Node
X-Provided-By
X-Ms-Request-Id
X-R9-Blue-Green-Version
X-GeoCode
X-GeoCountry
Section-Io-Id
X-FB-TRIP-ID
X-Locale
Priority
Content-Secure-Policy
X-Vcache
X-Site-Version
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Source
X-MP-GENERATED-AT
X-Webstats-RespID
Fastcgi-Useragent
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Web-Node
WZWS-RAY
X-Vcl-Version
Onion-Location
WP-Super-Cache
S-Rt
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Ua
Cross-Origin-Embedder-Policy
X-Shopify-Stage
CDN-RequestCountryCode
X-Alternate-Cache-Key
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestPullSuccess
Locale
X-Content-Age
CDN-Uid
CDN-CachedAt
CDN-PullZone
CDN-Cache
X-Origin-Date
X-Storefront-Renderer-Rendered
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-SRV
X-Cluster-Node
X-Varnish-Beresp-Ttl
X-Cache-Action
X-Generated-By
X-Sucuri-Cache
X-Cdn-Origin
X-Pass-Why
Sid
X-Proxy-Cache-Status
X-Buckets
X-Mg-Request-UUID
X-Sucuri-ID
X-Newrelic-Synthetics
Cross-Origin-Window-Policy
X-Cache-Expired-At
X-Xrds-Location
X-VCache
Fastly-Drupal-HTML
X-TT-LOGID
X-Datadome
TDXMobile
X-Scope-Id
X-Shield-Cache-Expires
X-Thinkindot-L3
Cache
X-CMSURLCustom
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Request-URI
X-DataDome
X-LSADC-Cache
HostName
Cross-Origin-Embedder-Policy-Report-Only
X-Aspnetmvc-Version
V-Age
X-Epic-Correlation-Id
X-Cache-NE
X-Bl-Debug
X-Ec-Custom-Error
X-Ec-Fail
X-Men
Type
X-B-Cookie
Origin-Agent-Cluster
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
MD5-Digest
Meta-Geo-Continent
X-Correlation-ID
X-SRCache-Key
X-Ec-GeoHdr
DCR-Processing-Time-Ms
DCR-Decision-By
X-D
Rendered-Blocks
Environment
Redirect-Candidate
Gannett-Cam-Experience-Id
X-External-Request-Id
X-Conf
CDCHOST
X-Up
X-Bc-Bl
X-TIM-N
X-BCube-Filmed-By
T-Server
Candidate-Md5Url
Sslversion
Surrogated-Key
X-Vtex-Remote-Cache
Lang
Origin
X-Vdms-Version
X-Aed
X-Rojux
X-S-Cookie
X-Application
X-Destination
X-Cache-Bucket
X-Vdms-Path
X-ScT
Ngx.Var.Host
X-PAYTM-SRV-ID
X-Developer
Ngx-Var-Key
X-Viewer-Country
X-Scheme
X-Via-SSL
X-TimeS
X-Service
Edge-Copy-Time
X-GEO
X-Optimistic-Header
X-Via-CDN
X-Via-Edge
Ssr
X-Hash
Sever-Int
X-Varnish-Director
X-V-Cache
Apple-News-Services-Host
Apple-News-Services-Handled
Pramga
Apple-News-Services-Parsed-Url
X-GeoIP-Region-Code
Apple-News-Services-Request-Url
X-GeoIP-Country-Code
X-Core-Mission
X-Rocket-Build-Number
X-Request-Time
X-Fastly-Cache
Release
X-Fastly-Backend
Fastly-SSL
Fastly-GeoIP-CountryCode
X-SB
Req-Svc-Chain
Country-Code
Server-Ext
X-Generated-On
Server-Host
X-Req
Host-ID
X-Core-Value
X-Gdpr
Server-Hostname
X-SVT-ORM-VERSION
X-Platform
X-Debug-Cache-Fetch
X-Cache-Info
X-Op-Id-All
X-Bip
Vix-Hermes-Req-Id
X-Nyt-Route
X-VG-WebCache
X-Aicache-OS
X-Debug-Cache-Store
X-Access
X-Sigma-Backend
X-Sigma
X-VServer
X-Dispatcher-Server
Magicmarker
X-Server-IP
X-Acquia-Purge-Cdn-Unconfigured
X-Tt-Logid
X-VG-TLSProxy
X-BBC-Edge-Cache-Status
X-SVT-ORM-RULES
X-Human
X-Thanos
X-Origin-Time
X-SD-PageType
X-Pubstack
X-Proxied-Request
X-Instance-Name
X-Section
L
X-Varnish-Beresp-Status
X-B3-Trace-ID
X-Mly-Id
X-Varnish-Hostname
X-Level-Front-Cache
X-Loc
X-Pool
X-We-Are-Hiring
X-Parent-Response-Time
User-Cache-Control
Tube-Return
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Web-Mar-Region
X-Cache-Id
X-Cache-Date
X-Varnishpool
X-Block-Status
X-ApacheServer
We-Hiring
X-Auto-Login
Tube-Got-Eval
Tube-Get-Contents
X-Clientip
Tube-Got-Results
Uber-Trace-Id
On-Server
X-Cache-TTL-Remaining
X-CacheTTL
Proxy-Firewall
X-HA-Backend
X-TH-Server
Atl-Traceid
X-Request-Start
X-Node-Id
Req-ID
X-Forwarded-Site
X-Org
X-Old-Content-Length
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Mvc-Supplant-OutputCached
NM-Fastcgi-Cache
X-NMSegId
X-Nginx-Cache-Key
X-WA-Info
X-Origin-Response-Time
X-Slack-Backend
X-Request-Host
X-Slack-Shared-Secret-Outcome
X-Sn-Servicetimems
X-Var-Ttl
X-UA-Device-Type
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-PERF
X-Policy
X-Irp-Debug
X-NCache
Click-Count-Action-Start
Click-Count-Error
X-HS-Content-Campaign-Id
Machine
X-Gen-Mode
X-From
X-Fmm-Version
X-Esi-Check
Gh-Request-Id
Esi-Enabled
DSUID
X-FC-Vary-Parameters
X-GeoIP
X-Geo-Header
X-GeoIP-City
X-GoCache-CacheStatus
Cache-Provider
Mail-Subject
X-Device-Os
Canary
X-Gzip
X-Hnp-Log
C-Via
X-WP-CF-Super-Cache-Cookies-Bypass
X-DC
X-SIPLIST1
X-Edge-Server
X-DPWN-IS-SECURE
X-Test
X-Date
X-Wikidot-Backend
X-CF-Lambda-Fn
X-Cdn-Srv
X-CF-Lambda-Version
X-Zen-Fury
X-Owner
X-Wikidot-Static-Cache
X-Proto
X-App-Name
IsBot
Is-Eu
N-Cache
Pics-Label
Producers
Platform
Expect-Staple
Cf-Device-Type
X-ZONE
X-TA-CDN-Provider
LB
Adler-Geo
Cdn-Request-Time
AKAMAI
True-Client-Country-4JS
Cdn-Host
W
X-Accel-Expires-Debug
X-Ad-Load-Variation
X-Dc
Ha-Gx-Prefs
X-Ah-Environment
L5d-Success-Class
X-Eu-Site
X-Cache-Type
X-Forwarded-Path
Cluster
X-Shop-Environment
Xc-Version
NGX
Fastly-Backend-Name
HA-Ipaddr
X-Orig-Expires
X-Csrf-Jwt
X-Qloud-Router
X-CGP
X-Amz-Meta-Cb-Modifiedtime
X-Tenant
Datacenter
Expiry
X-Connection-Hash
Content-Style-Type
Content-Script-Type
X-Gamma-Serve
X-Branch-Name
A
X-LB-NoCache
X-Cache-Aspx
X-Moov-T
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Moov-Xdn-Version
Server-ID
Cmstype
Cache-Key
Locid
X-NGINX-Cache
RNT-Time
Cmsid
Cdn-Requestid
RNT-Machine
X-LB-ID
X-Ratelimit-Reset
Cdn
SID
X-Tx-Id
X-Varnish-Hits
X-Refresh
X-Vmg-Version
X-Nf-Request-Id
X-ND-Cache
X-Cdn-Diag
CPC-Age
CPC-Cache
Yak-Timeinfo
X-Region-Sid
X-Servedbyhost
X-VHOST
X-DynaTrace-JS-Agent
X-Api-Version
Cdncip
X-HN
X-CDN-Cache-Status
RATING
X-Amz-Storage-Class
PFcat
X-AK-Request-ID
Cdnsip
X-Nc
X-Fpc
X-MCACHE
X-Tb-Optimization-Total-Bytes-Saved
NtCoent-Length
X-VarnishDD-TTL
X-LAGOON
X-Wa
X-Client-Ip
GeoIp-Country-Code
X-Srv
X-Backend-Instance
X-TX-ID
XM
X-Azure-Ref-OriginShield
CacheControlHeader
CloudFront-Viewer-Country
X-B3-Parentspanid
X-Nananana
X-TIME
X-Akamai-Transformed
X-Hit
X-Origin-Expires
Resin-Trace
X-Variation
X-Cache-Backend
X-API-Version
X-Via-Fastly
X-LiteSpeed-Tag
X-CACHE-AGE
Uri
User-Agent
X-Lagoon
VNS-Age
X-CSRF-TOKEN
X-Proxy-CacheRZ
X-LiteSpeed-Cache-Control
X-Fastly-Country-Code
VNS-Cache
XkeyRZ
X-URL
X-Zone
Cache-Name
X-Info
Cross-Origin-Opener-Policy-Report-Only
X-Datacenter
MIME-Version
True-Client-Ip
X-Amz-Meta-Opti
Tcn
X-Geo
X-B3-Spanid
Lb
X-Vc
X-HostName
DataCenter
Mime-Version
X-Dispatcher-Number
X-Dynatrace-Js-Agent
True-Client-IP
X-DataCenter
Hostname
X-NewRelic-App-Data
X-AIR-PT
X-UA
X-Location
GeoIP-Latitude
X-Ig-Origin-Region
X-Cached-By
Fastly-Drupal-Html
Cache-Hits
X-NWS-UUID-VERIFY
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
X-Mid
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
X-Presslabs-Stats
Cf-Ipcountry
Powered-By
X-Cdn-Forward
X-Webkit-Csp-Report-Only
Origin-CC
X-CUA
X-IAuth-Set-Uid
X-Jungle-Id
Origin-EX
X-Cloudmap
BehaviorPad-Version
Srv
X-User
X-Traceid
X-Varnish-Beresp-TTL
CountryCode
X-ECache
X-CS
X-Segment-20210421
Ohc-File-Size
X-Esi
Debug
GeoIP-Country-Code
X-Dispatch
X-Cache-Enabled
X-NC
X-WA
My-App
Location
Server-Info
X-FPC
X-Cs
X-Render-Time
X-Wp-Cf-Super-Cache
X-Cdn-Cache-Status
Cl-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Oracle-DMS-ECID
Ohc-Cache-HIT
CDN
Wpo-Cache-Status
Wpo-Cache-Message
X-Snapshot-Date
Server-Id
X-Litespeed-Tag
X-VTEX-Cache-Time
X-ServedByHost
X-Wormhole-Sdk
CF-Ctrl
YJS-ID
X-Powered-By-VTEX-Cache
X-Lb-Id
X-VTEX-Cache-Server
X-Internal-Host
Load-Balancing
X-Nitro-Cache
Edge-Cache
X-Fastly-Backend-Reqs
Section-Origin-Responded
X-Auth-Group-Type
Section-Io-Origin-Status
X-MSEdge-Features
X-App
Section-Io-Origin-Time-Seconds
X-MSEdge-Flight
X-Lb-Nocache
X-ID
Ms-Author-Via
X-VCL-Version
X-Litespeed-Cache-Control
Xkeylog
X-Proxy-Cache-La3
Xkey-La3
X-Cdn-Request-ID
X-Cache-FS-Status
X-Nitro-Cache-From
CF-Cached-On
X-Nitro-Rev
X-MiniProfiler-Ids
X-Akamai-Pragma-Client-IP
X-RID
X-Dw-Trace-Id
OriginIP
X-NodeID
X-IN-APIGATEWAY
Memcached
Memory
X-Th-Server
Time
X-Acquia-Application-Trace
X-IN-APIGATEWAYSSL
X-APP-VERSION
Geoip-Latitude
X-FL-EDGE
X-Acquia-Purge-Tags
Ngx
X-Acquia-Site
X-Ig-Push-State
X-FL-QIT-DEBUG
X-Acquia-Application-UUID
Srvid
FSS-Cache
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-Cache-Version
Akamai-Cache-Status
X-Mg-Cache
X-Vary
X-Pad
X-Http-Duration-Ms
X-Te-Count
X-Te-Duration-Ms
X-Ha-Backend
X-Http-Count
Yjs-Id
X-DefHash
X-DefElseHash
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-PopH
X-Via-PopN
Sm-Log-Id
X-Udemy-Cache-App-Namespace
X-Check-Cacheable
X-Serial
X-Service-Response-Time
X-RequestId
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-Via-PopV
X-Fastly-Cache-Hits
X-Lsadc-Cache
X-Sucuri-Id
X-Web-Server