Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
X-AspNet-Version
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
Permissions-Policy
X-UA-Device
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Clacks-Overhead
Cache-Tag
X-Url
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-CST
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Server-Name
X-Midtier
Nginx-Cache
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
X-ESI
Accept-Ch
X-Cache-TTL
X-Ac
X-Element-Page-Cache
X-D2id
X-GitHub-Request-Id
Edge-Control
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
Verso
X-MS-InvokeApp
X-Upstream
X-Vcap-Request-Id
X-FastCGI-Cache
X-Ser
AR-CACHE
X-ECACHE
X-Abt-Application-Version
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
X-ASPNET-VERSION
SPRequestDuration
SPIisLatency
Fastly-Restarts
X-Mod-Pagespeed
X-Webkit-Csp
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-NF-Request-ID
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Kinsta-Cache
X-Edge-Location-Klb
X-Client-IP
X-Ratelimit-Limit
X-Goog-Hash
X-Mg-S
X-ARC
Edge-Cache-Tag
S
X-Powered-CMS
Display
Pagespeed
X-Sol
X-Middleton-Display
X-Oneagent-Js-Injection
X-PDP-UNCACHING-HASH
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
RTSS
X-Cache-Key
X-TraceId
X-Content-Digest
X-Ratelimit-Remaining
X-TTL
X-Fastly-Request-ID
Realpath
Cross-Origin-Resource-Policy
X-T
X-Forwarded-For
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Varnish-TTL
Fastcgi-Cache
X-Server-ID
X-Cached
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
MS-Author-Via
Content-MD5
X-Protected-By
X-Ua-Browser
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-Request-Received
X-Forwarded-Proto
X-Request-Processing-Time
X-Frontend
Server-Node
Payment
Public-Key-Pins
TP-Cache
X-LLID
X-PressLabs-Stats
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-SRCache-Store-Status
X-TEC-API-ORIGIN
X-SRCache-Fetch-Status
X-TEC-API-ROOT
X-Ruxit-Js-Agent
X-HS-Combine-CSS
X-FTR-Expires
Count-Hit
X-Accel-Expires
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Distributor
X-Kong-Proxy-Latency
X-Origin-Server
X-LB-Cache
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Newrelic-App-Data
X-Microsite
X-Request-Handler-Origin-Region
X-Activity-Id
X-Www-Served-By
X-AppVersion
X-Az
X-Varnish-Server
X-B3-TraceId-Primal
Accept-Charset
X-App-Server
MRF-Tech
Host
X-Aws-Lambda-Call-Status
X-Cluster-Name
Mrf-Cache-Status
Cache-Tags
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
Retry-After
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Ua-Device
Server-Name
X-Goog-Metageneration
Filterid
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Unique-Id
X-Ttl
X-Git-Hash
X-Envoy-Decorator-Operation
Access-Control-Allow-Method
X-Azure-Ref
X-Hits
X-Hostname
X-CSRF-Token
X-Upgrade-Enabled
X-Load-Cache
X-NGENIX-Cache
X-Debug
X-Geo-Country
X-Logged-In
TCN
Surrogate-Key
TP-L2-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-FB-Debug
X-Seen-By
X-Proxy
Referer-Policy
X-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-B
X-TT
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Grace
X-CCDN-Origin-Time
Section-Io-Cache
X-B3-Sampled
X-Request-Guid
X-Revision
X-Trace-Id
DC
X-F-Cache
X-Cache-Control
X-Type
X-Time
Healthy
X-Contextid
X-Fb-Rlafr
Viewport
X-DIS-Request-ID
X-N
X-Mobile
X-XRDS-LOCATION
Paypal-Debug-Id
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Fastly-SWR
Fastly-SIE
X-Debug-Info
X-Page-Id
Content-Disposition
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Px
X-Varnish-Ttl
X-Varnish-Grace
X-Via-JSL
X-Origin-Cache
X-Whom
Version
X-Magnolia-Registration
X-Webkit-CSP
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Content-Options
X-Amz-Replication-Status
Charset
X-Template
X-UUID
X-G
X-Wix-Request-Id
X-RemovedCookies
X-ProcessESI
X-Debug-IsPreview
X-Tumblr-Pixel-1
X-Rule
X-Tumblr-User
Ms-Operation-Id
X-Node-Name
X-Tumblr-Pixel
X-Adobe-Content
X-RTag
X-Debug-IsConnected
X-Oracle-Dms-Ecid
X-Tumblr-Pixel-0
X-Adobe-Loc
MS-CV
X-Hl-Ver
X-B-Cache
X-Yottaa-Metrics
X-Storage
X-Datadog-Sampled
X-Cache-Grace
X-Source
X-Signature
X-Yottaa-Optimizations
NGB
VIX-Pulpo-Upstream-Status
SD-X-WS
VIX-Pulpo-Node
ServerID
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-Cacheable-TTL
X-Backend-Name
X-App-Environment
X-Region
X-L-Path
X-FW-Serve
X-FW-Version
X-FW-Type
X-FW-Server
X-Instance
X-Is-Bot
X-Device-Type
X-Environment-Context
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-Rendered-As
X-User-Agent
X-EdgeConnect-Cache-Status
X-Rid
X-ServerID
X-Status
Country
GEO-INFO
X-NWS-UUID-VERIFY
X-Cache-Hit
X-Real-IP
Cross-Origin-Window-Policy
X-IPS-LoggedIn
Countrycode
X-Ratelimit-Reset
X-URL
X-Cache-Age
Liferay-Portal
Akamai-GRN
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-Wormhole-Sdk
X-Language
SRV
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
Front
X-Sucuri-Cache
X-Sucuri-ID
X-Framework
OT-Force-Account-Verify
X-Air-Pt
X-Servername
Amp-Access-Control-Allow-Source-Origin
X-AB
X-UA
From-Origin
X-Oracle-Dms-Rid
X-VC-Cache
X-WebKit-CSP-Report-Only
X-Content-Powered-By
X-Mode
Xet-Cookie
X-Akamai-Request-ID2
Backend
X-Air-Source
X-Air-Hostname
X-Air-Trace-Id
X-VC
Upgrade-Insecure-Requests
X-DataDome
X-Cache-Time
X-Ismobilevalue
Refresh
X-Xrds-Location
X-Handled-By
X-INCAP-ABP
X-Endurance-Cache-Level
Accept-Language
X-SRV
X-Origin-Cache-Key
X-Xfnlog-Site
X-UPSTREAM-Address
X-Rn-Rsrv
X-Rewrite-Enabled
Filters
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
Cache
X-RCS-CacheZone
X-RID
X-Cache-Status-Check
Meta-Geo
X-JoinUs
X-SaId
X-S
X-Provided-By
X-Proxied
X-Origin-Hint
X-Origin-Date
X-Cloudmap
X-Cluster
LB
X-R9-Blue-Green-Version
X-Cache-Rule
X-Cache-Operation
X-Reqid
X-Extlb
X-Container-Uri
X-AWS-Id
X-Cms-Context
X-Edge-Location
X-Generated-By
Property-Id
TWC-Privacy
Webcakes-App-Name
ServedBy
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
X-Git-Commit
X-Hosted-By
X-Adobe-Source
X-LJ-Flow-ID
X-No-Session
Webcakes-Region
X-Lambda-Id
Webcakes-App-Version
X-Labrador-Cache-Channel
TWC-Locale-Group
X-PHP-Host
X-Webstats-RespID
X-Nginx-Cache
X-Zipkin-Id
X-Varnish-Age
X-VWS-Id
X-Routing-Service
X-Tumblr-Pixel-2
X-Is-Tablet
X-Skip-Cache
X-Is-Supported-Browser
X-Is-Desktop
X-IPLB-Request-ID
X-Locale
X-Is-Mobile
X-Logging-Id
Atl-Traceid
Apigw-Requestid
X-Ms-Version
X-Browser-Name
X-IPLB-Instance
X-Loop
X-Scope-Id
X-Httpd
X-Web-Node
X-Accel-Version
X-Cache-Debug
X-Site-Version
Url
X-BYPASS-REASON
X-Fastly-Request-Id
Section-Io-Id
X-Api-Version
Web-Mar-Node
X-Tncms
X-Akamai-Edgescape
X-Geo-Region
Mn-Server-Ip
X-Served-From
X-Ms-Request-Id
X-Tb
X-Forwarded-Host
X-ProxyCache-Key
X-Tcp-Rtt
X-Redis-Cache
X-Restarts
X-ProxyCache-Status
X-Fetched-On
X-Varnish-Cache-Hits
X-Upstream-Ht
X-Say-TTL
X-ECache
Frame-Options
X-Detected-As
X-Storefront-Renderer-Rendered
X-VCT
X-Format
X-Say-Cacheable
X-Alternate-Cache-Key
X-Azure-Ref-OriginShield
X-Shopify-Stage
X-Cache-Host
Selected-Fe
X-Timing-Wait
X-Director
X-Frame-Option
X-Origin
X-Varnish-Beresp-Grace
X-Upstream-Ct
X-SayCDN-TTL
X-Proxy-Build
X-Soup
Xserver
X-RateLimit-Limit
X-Optimistic-Header
X-GeoCountry
X-GeoCode
Webserver
X-ShopId
X-Request-URI
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Tt-Logid
X-Drupal-Cache-Tags
WPO-Cache-Status
X-Lagoon
WPO-Cache-Message
X-Vcache
X-Thinkindot-L3
X-Generation-Time
X-Shield-Cache-Expires
Onion-Location
Thinkindot-CacheControl
TDXMobile
X-CMSURLCustom
X-Origin-TTL
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Origin-CC
X-CDN-Forward
X-Connection-Hash
Protected
Expiry
X-Drupal-Cache-Contexts
X-Cdn-Origin
X-TA-CDN-Provider
X-Mg-Request-UUID
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Hits
X-RateLimit-Reset
Cdn-Requestid
X-ID
X-Vcl-Version
X-Cache-Expired-At
Source
X-Vercel-Cache
X-XRDS-Location
X-Worker
X-Vercel-Id
X-PHP-Backend
Priority
X-Pass-Why
Environment
Azure-Version
Azure-RegionName
Fastcgi-Useragent
AMP-Access-Control-Allow-Source-Origin
Azure-SiteName
X-Rocket-Nginx-Serving-Static
Azure-SlotName
X-Buckets
Azure-InstanceId
X-GEO
Node
X-Proxy-Cache-Status
X-Cache-Action
X-Nf-Request-Id
Uber-Trace-Id
X-App-Version
CDN-CachedAt
CDN-Cache
X-Client-Ip
Sid
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-PullZone
Cross-Origin-Embedder-Policy
CDN-Uid
CDN-RequestPullCode
CDN-RequestCountryCode
X-Cluster-Node
X-Aspnetmvc-Version
Locale
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-Urbn-Site-Id
Cache-Tv-Group
X-Server-W
X-Cache-Server
DB-Nickname
X-FB-TRIP-ID
X-Fastcgi-Cache
CF-IPCountry
X-Auth-Group-Type
X-B3-Traceid
X-HITS
X-Tx-Id
User-Cache-Control
Alternate-Protocol
X-Pad
X-A
HostName
X-Jobs
X-Developer
X-Level-Front-Cache
Cdn-Request-Time
Cdn-Host
Content-Secure-Policy
A
X-Ec-GeoHdr
Gannett-Cam-Experience-Id
X-Ig-Origin-Region
X-Ig-Push-State
Edge-Cache
DCR-Processing-Time-Ms
DCR-Decision-By
X-Op-Id-All
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-Service
X-Dispatcher-Server
Fusion-Source
Fusion-Template-Id
X-Device-Os
X-Ec-Fail
X-Edge-Server
X-Epic-Correlation-Id
Lang
X-ND-Cache
X-Esi-Check
X-Fastly-Backend
X-Generated-On
X-Gen-Mode
X-Bc-Bl
X-Aed
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-DefElseHash
X-BCube-Filmed-By
X-D
X-Cache-TTL-Remaining
X-Conf
X-Content-Age
X-Cache-NE
X-Cache-Id
X-Bl-Debug
X-Custom-Header
X-Block-Status
X-A-Dam
X-A-Ccd
Odigeo-Trace-Id
Origin
Origin-Agent-Cluster
Ngx.Var.Host
X-DefHash
MD5-Digest
X-Core-Value
Meta-Geo-Continent
X-Hnp-Log
Rendered-Blocks
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-GeoIP-City
T-Server
X-Gzip
Sslversion
Surrogated-Key
Magicmarker
Candidate-Md5Url
X-Rojux
X-SB
X-Vtex-Remote-Cache
X-Req
X-UA-Device-Type
X-TIM-N
X-SRCache-Key
X-Varnish-CookieINHashed-On
X-Viewer-Country
X-Via-Fastly
X-Varnish-CookieHashed-On
X-ScT
X-Vdms-Version
X-Varnish-Remaining-TTL
X-Org
X-V-Cache
X-Origin-Expires
X-LSADC-Cache
Mime-Version
X-DC
X-Fmm-Version
X-HS-Content-Campaign-Id
X-SVT-ORM-RULES
Tube-Return
X-SVT-ORM-VERSION
Tube-Got-Eval
X-Forwarded-Site
X-Cache-Bucket
NM-Fastcgi-Cache
X-GeoIP-Country-Code
Tube-Got-Results
V-Age
X-FC-Vary-Parameters
X-VG-WebCache
Is-Eu
Host-ID
X-CacheTTL
X-VG-TLSProxy
X-Gdpr
Vix-Hermes-Req-Id
X-B3-Trace-ID
X-Sn-Servicetimems
X-Cache-Info
X-Tb-Optimization-Total-Bytes-Saved
Origin-EX
RNT-Time
X-NGINX-Cache
Tube-Get-Contents
RNT-Machine
X-VarnishDD-TTL
Server-Ext
Server-Host
X-GeoIP-Region-Code
Ssr
Sever-Int
X-GoCache-CacheStatus
Server-Hostname
X-App-Name
Req-ID
X-Varnish-Hostname
Platform
PFcat
X-Backend-Instance
Origin-CC
Powered-By
Producers
X-Thanos
X-Bip
X-HN
X-Cdn-Srv
X-Test
Fastly-Backend-Name
X-AK-Request-ID
X-DPWN-IS-SECURE
X-Region-Sid
X-RateLimit-Remaining-Second
X-Pubstack
X-RateLimit-Limit-Second
X-Wikidot-Static-Cache
X-Mvc-Supplant-Cachable
X-Wikidot-Backend
Adler-Geo
X-Men
X-Micro-Cache
X-Mly-Id
XM
X-Proto
X-Platform
X-Policy
X-PAYTM-SRV-ID
X-Nyt-Route
X-Origin-Response-Time
X-Origin-Time
X-Ad-Load-Variation
X-NodeID
X-Nginx-Cache-Key
X-Powered-By-VTEX-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-NMSegId
X-Node-Id
AKAMAI
X-GeoIP
X-Scheme
X-VTEX-Cache-Server
Country-Code
Content-Style-Type
X-VTEX-Cache-Time
Content-Script-Type
X-SD-PageType
Esi-Enabled
X-Server-IP
X-Clientip
Fastly-SSL
X-Geo-Header
X-Auto-Login
Click-Count-Error
Click-Count-Action-Start
Cache-Provider
X-Debug-Cache-Fetch
X-Debug-Cache-Store
C-Via
X-Amz-Storage-Class
X-WA-Info
X-Varnish-Director
CDCHOST
Cdnsip
X-Loc
Cdncip
X-Request-Time
X-Fastly-Cache
X-Dc
X-CGP
X-We-Are-Hiring
X-Depends
X-Ec-Custom-Error
Yak-Timeinfo
X-Aicache-OS
X-Date
X-CUA
X-Varnishpool
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-Csrf-Jwt
X-BBC-Edge-Cache-Status
Proxy-Firewall
X-Section
Fastly-GeoIP-CountryCode
DSUID
Cluster
X-Location
X-Slack-Backend
X-Human
L
HA-Ipaddr
X-Access
Gh-Request-Id
X-Request-Start
X-Eu-Site
X-Request-Host
X-Mvc-Supplant-OutputCached
X-Proxied-Request
X-Pool
Apple-News-Services-Handled
Apple-News-Services-Host
Canary
Cache-Key
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
L5d-Success-Class
Ha-Gx-Prefs
X-Slack-Shared-Secret-Outcome
X-Hash
Req-Svc-Chain
Release
True-Client-Country-4JS
W
Web-Mar-Region
X-Var-Ttl
We-Hiring
X-Varnish-Authentication
X-Varnish-Beresp-Status
NGX
Mail-Subject
Machine
On-Server
X-Accel-Expires-Debug
Pramga
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-Ttl
X-NCache
X-Zone
X-Up
X-MP-GENERATED-AT
X-From
X-AIR-PT
X-Cache-FS-Status
X-Jungle-Id
X-Varnish-Hits
CDN-RequestId
WP-Super-Cache
X-Vdms-Path
X-LB-ID
X-Cache-Backend
Redirect-Candidate
X-Akamai-Transformed
CloudFront-Viewer-Country
Debug
Server-Info
X-Uri
X-Cs
X-CACHE-AGE
X-Refresh
X-Tec-Api-Origin
X-Tec-Api-Version
SID
X-Tec-Api-Root
Pics-Label
X-Via-Popn
X-Via-Popv
Fastly-Drupal-HTML
X-Servedbyhost
X-HA-Backend
X-Via-Poph
X-Nananana
BehaviorPad-Version
X-Parent-Response-Time
X-Render-Time
X-ApacheServer
X-APP
X-Newrelic-Synthetics
X-PERF
X-VHOST
GeoIP-Latitude
X-M-Reqid
X-M-Log
X-Datadome
X-B3-Parentspanid
X-VC-TTL
Fastly-Drupal-Html
X-CS
X-Content-Length
X-Response-Served-From
X-LB-NoCache
X-Original-Request-Id
X-Cached-By
Resin-Trace
X-Nc
Datacenter
Locid
X-CDN-Cache-Status
X-TT-LOGID
X-Litespeed-Tag
X-DynaTrace-JS-Agent
X-Wa
Server-ID
X-LiteSpeed-Tag
X-IAuth-Set-Uid
Cf-Ipcountry
X-Amz-Meta-Cb-Modifiedtime
NtCoent-Length
GeoIp-Country-Code
Cdn
Vc-Max-Age
X-Dispatcher-Number
X-RequestId
X-Varnish-Beresp-TTL
X-VCache
X-Old-Content-Length
X-ZONE
X-Fpc
Product
Uri
Srv
Ngx-Var-Key
FSS-Cache
X-NewRelic-App-Data
X-TIME
True-Client-Ip
X-Vgn-Hpd-Reason
X-Platform-Cluster
CDN
X-Platform-Router
X-Nf-Language
Serverhost
X-Nf-Ats-Version
X-Nf-Country
X-B3-Spanid
X-Platform-Processor
X-Esi
X-CACHE-KEY
True-Client-IP
X-SERVER-NAME
X-HostName
X-Srv
X-TX-ID
X-Ckpd-Fst-Backend
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-TH-Server
X-Moov-T
X-Moov-Xdn-Version
X-Cdn-Forward
GeoIP-Country-Code
X-HubSpot-Correlation-Id
S-Rt
ServerName
X-Dynatrace-Js-Agent
X-Bug-Bounty
X-Vc
Tcn
X-FPC
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
X-WA
Cf-Device-Type
Cross-Origin-Embedder-Policy-Report-Only
Request-ID
X-Application
X-APP-VERSION
Server-Id
X-NC
X-Destination
X-Dispatch
X-B-Cookie
X-External-Request-Id
CacheControlHeader
X-S-Cookie
X-User
X-Zen-Fury
Hostname
X-COUNTRY
X-FL-QIT-DEBUG
X-Cache-Date
Srvid
X-Vmg-Version
X-Lb-Nocache
X-Instance-Name
Geoip-Latitude
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Akamai-Device-Characteristics
X-Webkit-Csp-Report-Only
User-Agent
X-Presslabs-Stats
X-Via-PopV
X-Segment-20210421
X-Via-PopH
X-Via-PopN
X-Ha-Backend
X-Info
Ohc-File-Size
X-Geo
ServerHost
X-VServer
X-API-Version
Origin-Trial
X-ServedByHost
X-Branch-Name
PICS-Label
X-Gamma-Serve
Xc-Version
Cneonction
X-VCL-Version
Epwk-X-Cache
Expect-Staple
Cloudfront-Viewer-Country
DataCenter
Load-Balancing
X-Hit
X-Amz-Meta-Opti
X-App
X-DataCenter
X-Ua
X-Correlation-ID
X-Akamai-Pragma-Client-IP
X-Limited
X-DynaTrace
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
Type
X-MiniProfiler-Ids
X-V
X-Lb-Id
Ohc-Cache-HIT
X-Serial
X-Check-Cacheable
X-Wp-Cf-Super-Cache
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Acquia-Site
X-Acquia-Purge-Tags
X-Owner
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Irp-Debug
Cmsid
Cmstype
Cross-Origin-Opener-Policy-Report-Only
X-Service-Response-Time
X-Sqd-Stime
X-Rollout
X-Sqd-Ctime
WZWS-RAY
X-MSEdge-Flight
N-Cache
X-Web-Server
X-Fastly-Backend-Reqs
WebServer
X-MSEdge-Features
Timeexpire
X-Datacenter
X-New
Sm-Log-Id
Warning
X-Eligible
Permission-Policy
X-Platform-Server
X-LAGOON
CountryCode
X-Litespeed-Cache-Control
X-CSRF-TOKEN
Servername
X-Origin-Upstream-Status
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
X-Shopid
Wpo-Cache-Status
X-Shardid
Wpo-Cache-Message
Edge-Copy-Time
Cl-Cache
X-Requestid
X-RAMCache
X-Core-Mission
X-Via-SSL
X-Qloud-Router
X-Via-CDN
X-Via-Edge
X-Th-Server
X-Ramcache
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Snapshot-Date
Ngx
X-IN-APIGATEWAYSSL