Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
X-Cache-Group
Request-Context
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Url
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Edge
X-Mcache
X-Midtier
X-Server-Name
X-Browser-Type
X-CST
Nginx-Cache
X-Powered-By-Plesk
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
X-Cnection
Accept-Ch
X-ESI
X-Cache-TTL
X-Ac
X-D2id
X-Element-Page-Cache
X-GitHub-Request-Id
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
Verso
Edge-Control
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Upstream
X-ECACHE
X-FastCGI-Cache
X-Abt-Application-Version
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
Fastly-Restarts
X-Webkit-Csp
X-Mod-Pagespeed
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-NF-Request-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Client-IP
X-ARC
X-Goog-Hash
X-Ratelimit-Limit
X-PDP-UNCACHING-HASH
X-Mg-S
Edge-Cache-Tag
Pagespeed
Display
X-Sol
X-Powered-CMS
X-Middleton-Display
S
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
RTSS
X-TraceId
X-Ratelimit-Remaining
Realpath
X-Varnish-TTL
X-Forwarded-For
X-Fastly-Request-ID
X-TTL
X-T
X-Cache-Key
X-Content-Digest
Cross-Origin-Resource-Policy
X-Correlation-Id
X-Recruiting
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
MS-Author-Via
Content-MD5
X-HS-Content-Id
X-Ua-Browser
X-HS-Hub-Id
X-HS-Cache-Config
X-Request-Processing-Time
X-Country-Code-Real
X-Request-Received
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Forwarded-Proto
X-Protected-By
Payment
Server-Node
TP-Cache
X-LLID
X-PressLabs-Stats
Public-Key-Pins
Arr-Disable-Session-Affinity
X-Frontend
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ruxit-Js-Agent
X-TEC-API-VERSION
X-FTR-Expires
X-HS-Combine-CSS
Count-Hit
X-Accel-Expires
X-Distributor
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
X-Origin-Server
X-Server-ID
X-HP-Trace-Id
X-NODE
X-HP-Webp
X-Jurisdiction
X-Ezoic-Cdn
X-Newrelic-App-Data
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-Activity-Id
X-ORACLE-DMS-ECID
X-AppVersion
X-Az
X-Varnish-Server
Accept-Charset
Mrf-Cache-Status
X-Content-Security-Policy-Report-Only
Host
X-B3-TraceId-Primal
X-Cluster-Name
MRF-Tech
X-App-Server
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
Cleartype
Retry-After
X-Ua-Device
Server-Name
X-Goog-Metageneration
Filterid
X-Unique-Id
X-Ttl
X-Git-Hash
Access-Control-Allow-Method
X-Hits
X-Envoy-Decorator-Operation
X-Debug
Surrogate-Key
X-NGENIX-Cache
X-CSRF-Token
X-Upgrade-Enabled
X-Azure-Ref
X-Load-Cache
X-Hostname
X-Geo-Country
X-Logged-In
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
TCN
X-FB-Debug
X-Tt-Trace-Tag
TP-L2-Cache
X-Tt-Trace-Host
X-Id
X-Proxy
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Seen-By
X-B
X-TT
X-B3-Sampled
Section-Io-Cache
X-Hcs-Proxy-Type
X-Grace
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Trace-Id
DC
X-Revision
X-Request-Guid
X-Aws-Lambda-Call-Status
X-Cache-Control
X-Fb-Rlafr
X-F-Cache
Healthy
X-Contextid
Referer-Policy
X-Type
Viewport
X-Time
X-N
X-Mobile
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-XRDS-LOCATION
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Paypal-Debug-Id
X-DIS-Request-ID
Fastly-SWR
Fastly-SIE
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Content-Disposition
X-Page-Id
X-Debug-Info
X-Varnish-Grace
X-Px
X-Via-JSL
X-Origin-Cache
X-Magnolia-Registration
Version
X-Webkit-CSP
X-Whom
X-Amz-Replication-Status
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
X-UUID
Charset
X-G
X-RemovedCookies
X-Template
X-ProcessESI
X-Rule
X-App-Environment
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Oracle-Dms-Ecid
X-Tumblr-Pixel
X-Adobe-Content
X-RTag
X-Tumblr-Pixel-1
X-Tumblr-User
MS-CV
X-Node-Name
X-Wix-Request-Id
X-Debug-IsConnected
X-Debug-IsPreview
Ms-Operation-Id
NGB
VIX-Pulpo-Node
SD-X-WS
X-Yottaa-Metrics
X-Ratelimit-Reset
X-Hl-Ver
X-Datadog-Sampled
X-Source
X-Storage
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Device-Type
X-Is-Bot
X-Instance
X-FW-Version
X-FW-Static
X-L-Path
X-NYM-Debug-Backend
X-Signature
X-Rendered-As
X-Proxy-Cache-Info
X-FW-Server
X-FW-Type
X-FW-Serve
X-B-Cache
X-Varnish-Ttl
X-Cacheable-TTL
X-Backend-Name
X-FW-Dynamic
X-FW-Hash
X-Environment-Context
X-User-Agent
X-Cache-Grace
X-Status
X-ServerID
X-Region
X-Wormhole-Sdk
GEO-INFO
Country
X-Rid
ServerID
X-Real-IP
Countrycode
Cross-Origin-Window-Policy
X-EdgeConnect-Cache-Status
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
X-Cache-Hit
X-Cache-Age
Akamai-GRN
X-URL
X-WP-CF-Super-Cache-Active
Liferay-Portal
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Content-Length
Front
X-RM-Cache-TTL
SRV
X-Language
X-B3-SpanId
X-Framework
X-Air-Pt
OT-Force-Account-Verify
X-Sucuri-Cache
X-Sucuri-ID
X-AB
X-WebKit-CSP-Report-Only
X-Servername
X-Oracle-Dms-Rid
X-Content-Powered-By
X-UA
X-Ismobilevalue
X-VC-Cache
Xet-Cookie
X-Mode
X-Air-Source
Backend
X-Air-Hostname
X-Air-Trace-Id
X-Akamai-Request-ID2
From-Origin
X-DataDome
X-VC
Upgrade-Insecure-Requests
X-Cache-Time
Refresh
X-Xrds-Location
X-Handled-By
X-SRV
X-Api-Version
Access-Control-Request-Headers
Accept-Language
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-SaId
X-Rewrite-Enabled
X-RCS-CacheZone
Filters
Meta-Geo
Cache
X-JoinUs
LB
X-Xfnlog-Site
X-Rn-Rsrv
X-UPSTREAM-Address
X-RID
TWC-Device-Class
X-Origin-Date
X-Lambda-Id
X-Tumblr-Pixel-2
X-Labrador-Cache-Channel
Webcakes-Region
TWC-Connection-Speed
X-Cache-Rule
X-Cache-Operation
TWC-GeoIP-Country
X-Provided-By
X-Proxied
X-PHP-Host
X-R9-Blue-Green-Version
X-Hosted-By
Webcakes-App-Name
X-Origin-Hint
X-Endurance-Cache-Level
Webcakes-App-Version
X-Reqid
X-Cluster
X-Zipkin-Id
Property-Id
X-Cloudmap
X-Generated-By
X-Cms-Context
X-Container-Uri
X-Webstats-RespID
X-Routing-Service
X-No-Session
X-Adobe-Source
X-Nginx-Cache
X-INCAP-ABP
TWC-Privacy
ServedBy
X-S
X-Git-Commit
X-Extlb
TWC-GeoIP-LatLong
X-Varnish-Age
TWC-Locale-Group
X-ProxyCache-Status
Url
X-Geo-Region
Apigw-Requestid
X-Web-Node
X-Scope-Id
Atl-Traceid
X-Loop
X-Fastly-Request-Id
X-VWS-Id
X-Is-Tablet
X-Skip-Cache
X-Tt-Logid
X-Edge-Location
X-ProxyCache-Key
X-Is-Desktop
X-Site-Version
X-ECache
X-Tncms
X-BYPASS-REASON
X-Cache-Debug
X-Restarts
X-Browser-Name
X-Accel-Version
X-Served-From
X-LJ-Flow-ID
X-AWS-Id
Web-Mar-Node
X-Locale
X-Logging-Id
X-IPLB-Request-ID
X-Is-Mobile
X-Is-Supported-Browser
X-IPLB-Instance
X-Redis-Cache
X-Httpd
Section-Io-Id
X-Tcp-Rtt
X-Tb
X-Forwarded-Host
X-Akamai-Edgescape
Selected-Fe
Mn-Server-Ip
X-Ms-Request-Id
X-Director
X-Detected-As
X-Cache-Host
X-Fetched-On
X-Frame-Option
X-Alternate-Cache-Key
X-Say-TTL
X-Timing-Wait
X-Upstream-Ct
X-Storefront-Renderer-Rendered
X-Soup
X-SayCDN-TTL
X-Format
X-Upstream-Ht
X-VCT
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Nf-Request-Id
X-Say-Cacheable
X-Shopify-Stage
Webserver
X-Optimistic-Header
X-Ms-Version
X-Origin
X-Proxy-Build
X-RateLimit-Limit
X-Request-URI
X-GeoCountry
X-GeoCode
Xserver
Frame-Options
X-ShardId
X-Sorting-Hat-ShopId
X-Azure-Ref-OriginShield
X-Sorting-Hat-PodId
X-ShopId
X-Mg-Request-UUID
X-Lagoon
Onion-Location
X-WP-CF-Super-Cache-Cookies-Bypass
Expiry
X-Connection-Hash
X-Vcache
WPO-Cache-Status
X-Drupal-Cache-Tags
X-Vcl-Version
WPO-Cache-Message
X-Shield-Cache-Expires
Protected
Thinkindot-CacheControl
X-CDN-Forward
X-CMSURLCustom
X-Generation-Time
X-Origin-TTL
X-Origin-CC
Source
TDXMobile
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Drupal-Cache-Contexts
X-ID
Cdn-Requestid
X-Cdn-Origin
X-Cache-Expired-At
Fastcgi-Useragent
Cache-Hits
Environment
X-Vercel-Id
X-Vercel-Cache
X-PHP-Backend
X-Pass-Why
X-Worker
X-Rocket-Nginx-Serving-Static
X-XRDS-Location
X-Proxy-Cache-Status
X-TA-CDN-Provider
Priority
X-Cache-Action
X-GEO
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Azure-Version
Azure-RegionName
X-RateLimit-Reset
Uber-Trace-Id
X-Buckets
X-Origin-Cache-Key
Node
X-App-Version
X-Cluster-Node
Sid
X-Client-Ip
CDN-EdgeStorageId
CDN-CachedAt
X-Urbn-Context-Path
Locale
CDN-PullZone
CDN-Cache
CDN-RequestPullSuccess
CDN-RequestCountryCode
Cross-Origin-Embedder-Policy
X-Urbn-Site-Id
CDN-RequestPullCode
CDN-Uid
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Tumblr-Pixel-3
Cache-Tv-Group
CF-IPCountry
X-FB-TRIP-ID
X-Cache-Server
X-Auth-Group-Type
X-Pad
X-Fastcgi-Cache
User-Cache-Control
X-B3-Traceid
X-Tx-Id
X-Server-W
X-HITS
Alternate-Protocol
DB-Nickname
X-A
Rendered-Blocks
T-Server
X-A-Wwc
Sslversion
X-A-Dgt
X-A-Dam
X-A-Ccd
Wxu-Next-Hostname
X-A-Dcw
Wxu-Next-Commit
Wxu-Next-Region
DCR-Processing-Time-Ms
Content-Secure-Policy
DCR-Decision-By
X-Aed
Cdn-Request-Time
Cdn-Host
A
Candidate-Md5Url
Edge-Cache
Gannett-Cam-Experience-Id
Ngx.Var.Host
Odigeo-Trace-Id
Origin
Meta-Geo-Continent
MD5-Digest
Lang
Magicmarker
Origin-Agent-Cluster
X-DefElseHash
X-Origin-Expires
X-Req
X-Rojux
X-SB
X-Org
X-Op-Id-All
X-Ig-Origin-Region
X-Ig-Push-State
X-Level-Front-Cache
X-ND-Cache
X-ScT
X-SRCache-Key
X-Vdms-Version
X-Via-Fastly
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TIM-N
X-UA-Device-Type
X-V-Cache
X-Varnish-CookieHashed-On
X-Hnp-Log
X-Gzip
X-Conf
X-Content-Age
X-Core-Value
X-Custom-Header
X-Cache-TTL-Remaining
X-Cache-NE
X-BCube-Filmed-By
X-Bl-Debug
X-Block-Status
X-Cache-Id
X-D
X-DefHash
X-Esi-Check
X-Fastly-Backend
X-Gen-Mode
X-Generated-On
X-Epic-Correlation-Id
X-Edge-Server
X-Developer
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
X-Bc-Bl
Surrogated-Key
X-Service
X-Jobs
X-DC
Mime-Version
HostName
X-HN
X-GoCache-CacheStatus
Producers
Powered-By
X-HS-Content-Campaign-Id
X-GeoIP-Region-Code
Req-ID
Server-Host
Server-Hostname
Server-Ext
RNT-Time
X-GeoIP-City
RNT-Machine
X-GeoIP-Country-Code
PFcat
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-B3-Trace-ID
X-NodeID
X-Origin-Response-Time
X-Nyt-Route
X-Mly-Id
X-Micro-Cache
Origin-EX
Sever-Int
Origin-CC
X-Loc
X-Men
X-LSADC-Cache
Platform
X-Geo-Header
X-Ad-Load-Variation
X-CacheTTL
X-Acquia-Purge-Cdn-Unconfigured
X-Cdn-Srv
X-NGINX-Cache
X-Clientip
X-Aicache-OS
X-AK-Request-ID
X-Bip
X-Auto-Login
X-App-Name
X-Cache-Bucket
X-Cache-Info
X-Amz-Storage-Class
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-FC-Vary-Parameters
Tube-Get-Contents
X-Fmm-Version
X-Forwarded-Site
X-Origin-Time
X-Gdpr
Tube-Got-Eval
Tube-Got-Results
Vix-Hermes-Req-Id
X-DPWN-IS-SECURE
V-Age
X-Dc
Tube-Return
X-Fastly-Cache
X-Backend-Instance
X-Node-Id
X-Thanos
C-Via
AKAMAI
Adler-Geo
X-Varnish-Hostname
X-Varnish-Director
Cache-Provider
X-Tb-Optimization-Total-Bytes-Saved
Cdncip
Cdnsip
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-PAYTM-SRV-ID
CDCHOST
X-VarnishDD-TTL
X-VG-TLSProxy
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Wikidot-Backend
XM
X-Wikidot-Static-Cache
Fusion-Deployment-Id
Fusion-Source
X-VTEX-Cache-Server
X-VG-WebCache
X-VTEX-Cache-Time
X-WA-Info
Fusion-Template-Id
Click-Count-Action-Start
X-SVT-ORM-VERSION
X-Policy
X-Pubstack
Fastly-SSL
X-Request-Time
Click-Count-Error
X-Powered-By-VTEX-Cache
Fastly-Backend-Name
X-RateLimit-Remaining-Second
X-Region-Sid
Host-ID
X-Scheme
X-Platform
Content-Script-Type
X-Server-IP
X-Proto
Is-Eu
X-SD-PageType
Country-Code
Content-Style-Type
X-RateLimit-Limit-Second
X-Proxied-Request
X-Contensis-Viewer-Groups
X-We-Are-Hiring
X-BBC-Edge-Cache-Status
Yak-Timeinfo
X-Cache-Aspx
X-Csrf-Jwt
X-NMSegId
X-Pool
X-Mvc-Supplant-OutputCached
X-Device-Os
X-Human
X-Var-Ttl
X-Varnish-Authentication
X-Test
X-Section
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-GeoIP
X-Varnish-Beresp-Status
X-Request-Start
X-Varnishpool
X-Location
X-Date
X-Depends
X-Ec-Custom-Error
X-Request-Host
X-Eu-Site
X-CUA
X-CGP
Web-Mar-Region
We-Hiring
Machine
Mail-Subject
L5d-Success-Class
L
Esi-Enabled
Fastly-GeoIP-CountryCode
Gh-Request-Id
HA-Ipaddr
NGX
W
Req-Svc-Chain
Pramga
Release
Proxy-Firewall
Apple-News-Services-Handled
Ssr
NM-Fastcgi-Cache
On-Server
True-Client-Country-4JS
DSUID
Ha-Gx-Prefs
Cache-Key
X-Accel-Expires-Debug
Canary
X-Access
Apple-News-Services-Request-Url
Cluster
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Varnish-Beresp-Ttl
X-Cache-FS-Status
X-Hash
X-LiteSpeed-Cache-Control
X-AIR-PT
X-From
X-Varnish-Hits
X-NCache
X-Up
X-MP-GENERATED-AT
X-Zone
X-Akamai-Transformed
Debug
X-LB-ID
WP-Super-Cache
CDN-RequestId
X-Jungle-Id
Redirect-Candidate
X-Vdms-Path
X-Cs
CloudFront-Viewer-Country
Server-Info
X-Cache-Backend
X-Refresh
X-CACHE-AGE
BehaviorPad-Version
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Via-Poph
SID
X-HA-Backend
X-APP
X-Via-Popn
X-Servedbyhost
Pics-Label
X-Via-Popv
Fastly-Drupal-HTML
X-Parent-Response-Time
X-Uri
X-VHOST
X-Newrelic-Synthetics
X-B3-Parentspanid
GeoIP-Latitude
X-Content-Length
X-M-Reqid
X-Nananana
X-Render-Time
X-ApacheServer
X-M-Log
X-Datadome
X-PERF
X-VC-TTL
X-CS
Fastly-Drupal-Html
X-Nc
X-LB-NoCache
X-Litespeed-Tag
X-Cached-By
Datacenter
X-CDN-Cache-Status
X-CACHE-KEY
Resin-Trace
X-DynaTrace-JS-Agent
X-Original-Request-Id
X-Amz-Meta-Cb-Modifiedtime
X-Response-Served-From
X-Wa
Server-ID
X-LiteSpeed-Tag
Locid
NtCoent-Length
Vc-Max-Age
X-ZONE
X-RequestId
GeoIp-Country-Code
Cdn
X-Dispatcher-Number
X-B3-Spanid
X-TT-LOGID
X-Varnish-Beresp-TTL
Product
X-VCache
X-IAuth-Set-Uid
Cf-Ipcountry
X-Old-Content-Length
FSS-Cache
X-Fpc
Srv
X-NewRelic-App-Data
X-TIME
X-Esi
X-Ckpd-Fst-Backend
Ngx-Var-Key
Serverhost
Uri
True-Client-IP
X-TX-ID
X-HostName
CDN
X-Srv
X-SERVER-NAME
ServerName
True-Client-Ip
X-Bug-Bounty
X-Nf-Country
X-Nf-Language
X-Vgn-Hpd-Reason
X-Nf-Ats-Version
X-Platform-Cluster
X-Platform-Processor
X-HubSpot-Correlation-Id
X-Platform-Router
X-TH-Server
X-Vc
X-Cdn-Forward
Tcn
X-Moov-Xdn-Version
X-FPC
X-Dynatrace-Js-Agent
X-Moov-T
S-Rt
X-Oracle-DMS-ECID
X-WA
GeoIP-Country-Code
X-Cdn-Cache-Status
Request-ID
CacheControlHeader
X-Dispatch
Server-Id
X-APP-VERSION
Cf-Device-Type
Cross-Origin-Embedder-Policy-Report-Only
X-NC
User-Agent
X-Akamai-Device-Characteristics
X-Destination
X-Application
X-B-Cookie
X-Vmg-Version
X-External-Request-Id
X-S-Cookie
X-User
Hostname
X-COUNTRY
X-FL-QIT-DEBUG
Srvid
X-Gamma-Serve
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
ServerHost
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-Zen-Fury
Geoip-Latitude
X-Info
X-Presslabs-Stats
Xc-Version
Cneonction
X-Cache-Date
X-Ha-Backend
X-Sigma-Backend
Ohc-File-Size
X-Rocket-Build-Number
X-Instance-Name
X-Via-PopH
X-Sigma
X-Via-PopV
X-Geo
X-Via-PopN
X-API-Version
Expect-Staple
X-Hit
X-VServer
PICS-Label
Origin-Trial
X-Segment-20210421
X-ServedByHost
X-VCL-Version
X-Branch-Name
X-Amz-Meta-Opti
Epwk-X-Cache
Cloudfront-Viewer-Country
X-V
X-Correlation-ID
X-Ua
X-App
X-Limited
X-Akamai-Pragma-Client-IP
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Ohc-Cache-HIT
Permission-Policy
X-MiniProfiler-Ids
X-Lb-Id
X-Check-Cacheable
X-Platform-Server
Load-Balancing
X-Serial
X-Eligible
DataCenter
WZWS-RAY
X-New
X-Rollout
N-Cache
X-DataCenter
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-DynaTrace
Sm-Log-Id
Warning
Cmstype
Cmsid
X-Sqd-Stime
Type
Timeexpire
X-MSEdge-Flight
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
XkeyRZ
X-Proxy-CacheRZ
X-Web-Server
X-MSEdge-Features
X-Datacenter
X-Sqd-Ctime
WebServer
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Application-UUID
X-Service-Response-Time
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-LAGOON
CountryCode
Servername
Wpo-Cache-Status
Wpo-Cache-Message
X-Amz-Meta-S3b-Last-Modified
X-Irp-Debug
Fl-Custom-Application
X-Amz-Meta-Sha256
X-Requestid
X-Owner
X-Fastly-Backend-Reqs
X-Sorting-Hat-Shopid
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Ramcache
X-Snapshot-Date
Cross-Origin-Opener-Policy-Report-Only
Ngx
X-Th-Server
X-Core-Mission
X-IN-APIGATEWAYSSL
X-Udemy-Cache-App-Namespace
X-Sorting-Hat-Podid
X-Shopid
X-Origin-Upstream-Status
X-Shardid
X-RAMCache