Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
X-Cache-Group
Request-Context
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-TtlSet
X-FTR-Request-ID
X-PC
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
Nginx-Cache
X-CST
X-Server-Name
X-Powered-By-Plesk
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
X-Cnection
Accept-Ch
X-Cache-TTL
X-ESI
X-Element-Page-Cache
X-D2id
X-Ac
Edge-Control
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-GitHub-Request-Id
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
Verso
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-FastCGI-Cache
X-ECACHE
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
Fastly-Restarts
X-Webkit-Csp
X-Mod-Pagespeed
X-SharePointHealthScore
SPRequestGuid
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Amz-Rid
X-Instrumentation
X-Kraken-Loop-Name
X-Edge-Location-Klb
X-Kinsta-Cache
X-Client-IP
X-ARC
X-Ratelimit-Limit
X-Goog-Hash
X-PDP-UNCACHING-HASH
X-Mg-S
X-Powered-CMS
Edge-Cache-Tag
X-NF-Request-ID
Display
S
Pagespeed
X-Middleton-Display
X-Sol
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Middleton-Response
Response
RTSS
X-TraceId
X-Ratelimit-Remaining
Realpath
X-Varnish-TTL
X-Content-Digest
X-Cache-Key
X-T
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Forwarded-For
X-Correlation-Id
X-Recruiting
X-Ruxit-Js-Agent
X-ORACLE-DMS-RID
X-Cached
Fastcgi-Cache
X-TTL
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
Content-MD5
MicrosoftSharePointTeamServices
MS-Author-Via
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-FTR-Backend
X-Request-Received
X-Country-Code-Real
X-FTR-Backend-Server
X-Protected-By
X-Request-Processing-Time
X-FTR-Cache-Status
X-FTR-Balancer
X-LLID
TP-Cache
Server-Node
X-Forwarded-Proto
X-Frontend
Payment
Public-Key-Pins
X-PressLabs-Stats
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
Count-Hit
X-HS-Combine-CSS
X-FTR-Expires
X-Accel-Expires
X-Distributor
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LB-Cache
X-Origin-Server
X-Server-ID
X-NODE
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Ezoic-Cdn
X-Newrelic-App-Data
X-Request-Handler-Origin-Region
X-Microsite
X-Ttl
X-Varnish-Server
X-Content-Security-Policy-Report-Only
Accept-Charset
X-Cluster-Name
Host
X-Www-Served-By
X-Activity-Id
X-AppVersion
X-Az
MRF-Tech
Mrf-Cache-Status
X-App-Server
X-B3-TraceId-Primal
Cache-Tags
X-Varnish-Backend
Retry-After
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Ua-Device
X-Goog-Metageneration
X-ORACLE-DMS-ECID
Server-Name
Filterid
X-Unique-Id
X-Git-Hash
X-Hits
Access-Control-Allow-Method
X-Envoy-Decorator-Operation
X-Upgrade-Enabled
X-Debug
Surrogate-Key
X-Azure-Ref
X-Geo-Country
X-Load-Cache
X-CSRF-Token
X-Hostname
X-NGENIX-Cache
X-Logged-In
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-FB-Debug
X-Tt-Trace-Host
TP-L2-Cache
X-Tt-Trace-Tag
X-Proxy
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Id
TCN
X-Seen-By
X-B
Section-Io-Cache
X-B3-Sampled
X-Grace
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
DC
X-Request-Guid
X-TT
X-Revision
X-Aws-Lambda-Call-Status
X-Fb-Rlafr
X-Type
X-Trace-Id
Referer-Policy
X-F-Cache
X-Cache-Control
Healthy
Viewport
X-Contextid
X-Time
X-N
X-XRDS-LOCATION
X-Mobile
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Fastly-SIE
X-Goog-Storage-Class
Fastly-SWR
Paypal-Debug-Id
X-Goog-Generation
X-DIS-Request-ID
Content-Disposition
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Debug-Info
X-Page-Id
X-Varnish-Grace
X-Px
X-Oracle-Dms-Ecid
X-Via-JSL
X-Origin-Cache
Version
X-Magnolia-Registration
X-Webkit-CSP
X-Whom
X-Amz-Replication-Status
X-Datadog-Parent-Id
X-Content-Options
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Charset
X-RemovedCookies
X-G
X-ProcessESI
X-Template
X-UUID
MS-CV
X-Wix-Request-Id
X-Adobe-Loc
X-Adobe-Content
X-App-Environment
X-Tumblr-Pixel-0
X-RTag
X-Tumblr-User
Ms-Operation-Id
X-Rule
X-Node-Name
X-Tumblr-Pixel
X-Debug-IsConnected
X-Tumblr-Pixel-1
X-Debug-IsPreview
NGB
SD-X-WS
X-Source
X-Ratelimit-Reset
X-Storage
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-FW-Dynamic
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-L-Path
X-Is-Bot
X-Instance
X-Region
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-User-Agent
X-Signature
X-Varnish-Ttl
X-Hl-Ver
X-Datadog-Sampled
X-Cacheable-TTL
X-Backend-Name
X-B-Cache
X-Environment-Context
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Version
X-FW-Serve
X-FW-Type
X-Cache-Grace
X-Device-Type
X-Status
X-ServerID
X-Wormhole-Sdk
Country
X-Rid
Cross-Origin-Window-Policy
ServerID
GEO-INFO
X-IPS-LoggedIn
X-Real-IP
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-NWS-UUID-VERIFY
Akamai-GRN
X-Cache-Age
X-WP-CF-Super-Cache-Active
Countrycode
Amp-Access-Control-Allow-Source-Origin
Liferay-Portal
X-RM-Cache-TTL
X-Amzn-Remapped-Content-Length
SRV
Front
X-Language
X-Framework
X-B3-SpanId
X-Air-Pt
X-Sucuri-Cache
X-Sucuri-ID
OT-Force-Account-Verify
X-AB
X-Servername
X-WebKit-CSP-Report-Only
X-Content-Powered-By
X-Oracle-Dms-Rid
X-UA
X-Nf-Request-Id
X-Akamai-Request-ID2
X-Ismobilevalue
X-VC-Cache
From-Origin
X-Air-Trace-Id
X-Mode
Xet-Cookie
Backend
X-Air-Source
X-Air-Hostname
X-DataDome
X-VC
X-Cache-Time
Upgrade-Insecure-Requests
Refresh
X-URL
X-Xrds-Location
X-Handled-By
Webserver
X-SRV
Access-Control-Request-Headers
X-Api-Version
Accept-Language
X-UPSTREAM-Address
X-JoinUs
X-RID
Filters
X-SaId
LB
X-RCS-CacheZone
Cache
X-HTML-Minification-Powered-By
Meta-Geo
X-Rn-Rsrv
X-Xfnlog-Site
X-Rewrite-Enabled
Webcakes-App-Version
X-Cache-Status-Check
X-VWS-Id
X-LJ-Flow-ID
X-Hosted-By
X-Proxied
Webcakes-App-Name
X-Cms-Context
X-Container-Uri
X-Cloudmap
Webcakes-Region
X-R9-Blue-Green-Version
X-Cache-Rule
TWC-Privacy
X-Cache-Operation
X-Zipkin-Id
X-Endurance-Cache-Level
X-Adobe-Source
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
X-Tumblr-Pixel-2
X-Origin-Hint
X-Origin-Date
X-Reqid
X-No-Session
X-Provided-By
TWC-Connection-Speed
TWC-Locale-Group
X-Lambda-Id
X-Varnish-Age
X-INCAP-ABP
X-Labrador-Cache-Channel
X-AWS-Id
TWC-Device-Class
X-PHP-Host
X-Routing-Service
X-Generated-By
X-Cluster
X-Git-Commit
X-Extlb
X-Ms-Request-Id
Web-Mar-Node
ServedBy
X-Loop
X-Logging-Id
X-Webstats-RespID
X-Tt-Logid
X-Site-Version
X-Edge-Location
X-Nginx-Cache
Url
X-ProxyCache-Key
X-Httpd
X-Fastly-Request-Id
X-ECache
X-Redis-Cache
X-Akamai-Edgescape
X-S
X-BYPASS-REASON
X-Cache-Debug
Atl-Traceid
Apigw-Requestid
X-Ms-Version
X-Restarts
X-Fetched-On
X-Tb
X-IPLB-Instance
X-Forwarded-Host
X-ProxyCache-Status
X-IPLB-Request-ID
X-Locale
X-Skip-Cache
X-Accel-Version
X-Web-Node
X-Tncms
Mn-Server-Ip
X-Scope-Id
Section-Io-Id
X-Geo-Region
X-Cache-Host
X-Frame-Option
X-Detected-As
X-Director
X-Format
X-Browser-Name
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-Alternate-Cache-Key
X-Is-Tablet
X-Say-Cacheable
X-Storefront-Renderer-Rendered
X-Soup
X-Served-From
X-SayCDN-TTL
X-Tcp-Rtt
X-Upstream-Ct
X-VCT
X-Varnish-Cache-Hits
X-Upstream-Ht
X-Say-TTL
X-Shopify-Stage
X-Origin
Xserver
X-GeoCountry
X-Varnish-Beresp-Grace
X-Request-URI
Frame-Options
X-GeoCode
X-RateLimit-Limit
X-ShardId
X-Sorting-Hat-ShopId
X-Azure-Ref-OriginShield
X-Sorting-Hat-PodId
X-ShopId
Selected-Fe
X-Timing-Wait
X-Proxy-Build
X-Optimistic-Header
Onion-Location
X-Lagoon
X-Mg-Request-UUID
X-Vcl-Version
X-Vcache
X-WP-CF-Super-Cache-Cookies-Bypass
X-Connection-Hash
X-Drupal-Cache-Tags
Expiry
X-CMSURLCustom
X-Generation-Time
X-Thinkindot-L3
X-Origin-TTL
Thinkindot-CacheControl
X-CDN-Forward
X-Shield-Cache-Expires
Protected
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-Control
X-Origin-CC
WPO-Cache-Message
WPO-Cache-Status
Source
X-Drupal-Cache-Contexts
X-Cache-Expired-At
X-Cdn-Origin
Cdn-Requestid
Fastcgi-Useragent
X-ID
Cache-Hits
X-XRDS-Location
X-Vercel-Cache
X-Vercel-Id
X-Worker
X-Rocket-Nginx-Serving-Static
X-Pass-Why
Environment
X-Proxy-Cache-Status
X-TA-CDN-Provider
X-Cache-Action
X-PHP-Backend
X-GEO
Azure-SiteName
Azure-SlotName
Azure-RegionName
Priority
Azure-Version
Azure-InstanceId
X-Buckets
X-Origin-Cache-Key
X-RateLimit-Reset
Node
Uber-Trace-Id
X-App-Version
X-Cluster-Node
Sid
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
X-Urbn-Site-Id
CDN-RequestPullCode
X-Urbn-Context-Path
Locale
X-Client-Ip
CDN-RequestCountryCode
Cross-Origin-Embedder-Policy
CDN-Uid
CDN-RequestPullSuccess
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Tumblr-Pixel-3
Cache-Tv-Group
CF-IPCountry
X-FB-TRIP-ID
X-Cache-Server
X-Auth-Group-Type
X-Server-W
X-Pad
DB-Nickname
X-Fastcgi-Cache
User-Cache-Control
X-HITS
X-Tx-Id
X-B3-Traceid
Alternate-Protocol
X-A
Sslversion
X-A-Wwc
X-Aed
T-Server
X-A-Dgt
X-A-Dcw
Wxu-Next-Hostname
X-A-Ccd
Wxu-Next-Commit
X-A-Dam
Wxu-Next-Region
Edge-Cache
DCR-Decision-By
DCR-Processing-Time-Ms
X-Bc-Bl
Content-Secure-Policy
Cdn-Request-Time
A
Candidate-Md5Url
Cdn-Host
Gannett-Cam-Experience-Id
Lang
Odigeo-Trace-Id
Origin
Origin-Agent-Cluster
Ngx.Var.Host
Meta-Geo-Continent
Magicmarker
MD5-Digest
Rendered-Blocks
X-DefHash
X-Origin-Expires
X-Req
X-Rojux
X-SB
X-Org
X-Op-Id-All
X-Ig-Origin-Region
X-Ig-Push-State
X-Level-Front-Cache
X-ND-Cache
X-ScT
X-SRCache-Key
X-Vdms-Version
X-Via-Fastly
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-TIM-N
X-UA-Device-Type
X-V-Cache
X-Varnish-CookieHashed-On
X-Hnp-Log
X-Gzip
X-Content-Age
X-Core-Value
X-Custom-Header
X-D
X-Conf
X-Cache-TTL-Remaining
X-Bl-Debug
X-Block-Status
X-Cache-Id
X-Cache-NE
X-DefElseHash
X-Developer
X-Fastly-Backend
X-Gen-Mode
X-Generated-On
X-GeoIP-City
X-Esi-Check
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
X-Edge-Server
X-BCube-Filmed-By
Surrogated-Key
X-Service
X-Jobs
Mime-Version
X-DC
HostName
Producers
X-Men
X-LSADC-Cache
Powered-By
X-Request-Time
Platform
X-Backend-Instance
X-B3-Trace-ID
RNT-Time
Server-Ext
RNT-Machine
X-Mly-Id
X-Micro-Cache
PFcat
Origin-EX
X-HS-Content-Campaign-Id
X-Cache-Info
X-Acquia-Purge-Cdn-Unconfigured
X-HN
X-Ad-Load-Variation
X-Sn-Servicetimems
X-Cache-Bucket
NM-Fastcgi-Cache
X-Scheme
Origin-CC
X-SD-PageType
X-Loc
X-NMSegId
Server-Host
X-Aicache-OS
X-Amz-Storage-Class
X-Nginx-Cache-Key
X-App-Name
Vix-Hermes-Req-Id
X-Powered-By-VTEX-Cache
V-Age
X-Policy
X-Platform
X-Nyt-Route
X-NodeID
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-Proto
Tube-Return
X-RateLimit-Remaining-Second
Ssr
Sever-Int
X-CacheTTL
Server-Hostname
X-Region-Sid
X-RateLimit-Limit-Second
X-Pubstack
Tube-Got-Eval
Tube-Got-Results
Tube-Get-Contents
X-Mvc-Supplant-Cachable
X-Auto-Login
X-AK-Request-ID
X-SVT-ORM-RULES
X-DPWN-IS-SECURE
X-Gdpr
AKAMAI
Adler-Geo
X-VG-TLSProxy
X-VarnishDD-TTL
C-Via
Cache-Provider
Cdnsip
X-Cdn-Srv
Cdncip
X-Varnish-Hostname
X-Dc
CDCHOST
X-VG-WebCache
X-Fmm-Version
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Wikidot-Static-Cache
X-Fastly-Cache
XM
Fusion-Deployment-Id
Fusion-Source
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-WA-Info
X-FC-Vary-Parameters
Fusion-Template-Id
X-Wikidot-Backend
Click-Count-Action-Start
X-Varnish-Director
Click-Count-Error
X-GeoIP-Region-Code
X-NGINX-Cache
X-Clientip
Esi-Enabled
X-SVT-ORM-VERSION
Fastly-SSL
X-GoCache-CacheStatus
X-Tb-Optimization-Total-Bytes-Saved
Fastly-Backend-Name
X-Test
X-GeoIP-Country-Code
Is-Eu
Content-Script-Type
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Country-Code
Content-Style-Type
X-GeoIP
X-Geo-Header
Host-ID
X-Hash
X-Contensis-Viewer-Groups
X-Human
X-CGP
X-Forwarded-Site
X-Device-Os
X-Depends
X-Date
X-BBC-Edge-Cache-Status
X-Ec-Custom-Error
X-Csrf-Jwt
X-Mvc-Supplant-OutputCached
X-Location
X-Bip
X-Cache-Aspx
Req-Svc-Chain
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Fastly-GeoIP-CountryCode
L
L5d-Success-Class
NGX
X-Slack-Shared-Secret-Outcome
Mail-Subject
X-Access
DSUID
X-Thanos
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-We-Are-Hiring
Apple-News-Services-Request-Url
Cache-Key
X-Varnish-Authentication
Cluster
Canary
X-Slack-Backend
Machine
X-Eu-Site
Web-Mar-Region
X-Request-Host
True-Client-Country-4JS
X-Proxied-Request
We-Hiring
X-Pool
W
X-Node-Id
Req-ID
X-Server-IP
On-Server
X-Accel-Expires-Debug
Pramga
Proxy-Firewall
X-Section
X-Varnish-Beresp-Status
X-LiteSpeed-Cache-Control
Yak-Timeinfo
X-Request-Start
X-Var-Ttl
Release
X-Varnish-Beresp-Ttl
X-Varnishpool
X-Cache-FS-Status
X-CUA
X-AIR-PT
X-From
X-NCache
X-Up
X-Varnish-Hits
X-MP-GENERATED-AT
X-Akamai-Transformed
X-Zone
X-Jungle-Id
WP-Super-Cache
Server-Info
CDN-RequestId
Debug
Redirect-Candidate
CloudFront-Viewer-Country
X-CACHE-AGE
X-Vdms-Path
X-Cache-Backend
X-Refresh
X-Cs
BehaviorPad-Version
X-LB-ID
X-Tec-Api-Origin
SID
X-Tec-Api-Root
X-Tec-Api-Version
Pics-Label
Fastly-Drupal-HTML
X-Servedbyhost
X-HA-Backend
X-Via-Popv
X-Via-Popn
X-APP
X-Via-Poph
X-Parent-Response-Time
X-Uri
X-VHOST
X-Newrelic-Synthetics
GeoIP-Latitude
X-B3-Parentspanid
X-M-Log
X-PERF
X-ApacheServer
X-VC-TTL
X-Datadome
X-Render-Time
X-M-Reqid
X-Content-Length
X-Nananana
X-SERVER-NAME
Fastly-Drupal-Html
X-CS
X-CDN-Cache-Status
X-Nc
X-LB-NoCache
X-Litespeed-Tag
X-Cached-By
Datacenter
Resin-Trace
X-CACHE-KEY
X-DynaTrace-JS-Agent
X-Original-Request-Id
X-Response-Served-From
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
Locid
Server-ID
X-LiteSpeed-Tag
X-Wa
Vc-Max-Age
X-ZONE
Cdn
X-Dispatcher-Number
NtCoent-Length
X-RequestId
X-B3-Spanid
X-TT-LOGID
Product
X-VCache
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-IAuth-Set-Uid
FSS-Cache
True-Client-IP
X-Old-Content-Length
X-Fpc
Srv
X-NewRelic-App-Data
Ngx-Var-Key
X-TIME
X-Esi
X-Ckpd-Fst-Backend
Uri
X-TX-ID
X-Srv
X-HostName
CDN
X-Nf-Ats-Version
ServerName
X-Vgn-Hpd-Reason
X-Nf-Country
Serverhost
X-Bug-Bounty
X-Nf-Language
True-Client-Ip
X-HubSpot-Correlation-Id
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-TH-Server
X-Vc
S-Rt
Tcn
X-Moov-T
X-Moov-Xdn-Version
X-FPC
X-Oracle-DMS-ECID
X-WA
GeoIP-Country-Code
Request-ID
Server-Id
CacheControlHeader
Cf-Device-Type
X-APP-VERSION
X-Cdn-Cache-Status
X-Dispatch
Cross-Origin-Embedder-Policy-Report-Only
Hostname
X-Destination
X-B-Cookie
X-Application
X-External-Request-Id
X-User
X-Akamai-Device-Characteristics
User-Agent
X-S-Cookie
X-NC
X-Vmg-Version
X-COUNTRY
X-Zen-Fury
X-Info
X-FL-QIT-DEBUG
X-Gamma-Serve
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Geoip-Latitude
ServerHost
Srvid
X-Presslabs-Stats
Xc-Version
Cneonction
X-Cache-Date
X-Sigma-Backend
X-Via-PopH
X-Sigma
X-Geo
X-Rocket-Build-Number
Ohc-File-Size
X-Via-PopN
X-Ha-Backend
X-Via-PopV
X-Instance-Name
PICS-Label
X-API-Version
X-Hit
Expect-Staple
X-ServedByHost
Origin-Trial
X-VServer
X-Segment-20210421
X-VCL-Version
X-Amz-Meta-Opti
Cloudfront-Viewer-Country
Epwk-X-Cache
X-Branch-Name
X-V
X-Ua
X-Correlation-ID
X-Limited
X-App
X-Akamai-Pragma-Client-IP
X-Srcache-Store-Status
X-Srcache-Fetch-Status
CountryCode
Rtss
Ohc-Cache-HIT
X-DataCenter
X-MiniProfiler-Ids
WZWS-RAY
X-Eligible
X-New
X-Rollout
X-Platform-Server
DataCenter
Permission-Policy
X-Serial
Load-Balancing
X-Check-Cacheable
X-Lb-Id
N-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Lb
X-DynaTrace
X-Sqd-Ctime
X-Proxy-CacheRZ
X-VTEX-Cache-Backend-Connect-Time
X-Sqd-Stime
X-Datacenter
Type
Cmstype
X-Service-Response-Time
Warning
X-Acquia-Site
X-Acquia-Purge-Tags
X-MSEdge-Flight
Timeexpire
Sm-Log-Id
X-Web-Server
X-MSEdge-Features
XkeyRZ
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-VTEX-Cache-Backend-Header-Time
Cmsid
Servername
X-CSRF-TOKEN
X-LAGOON
X-Litespeed-Cache-Control
Wpo-Cache-Message
X-RAMCache
Wpo-Cache-Status
X-Requestid
X-Fastly-Backend-Reqs
X-Owner
X-Core-Mission
X-Irp-Debug
Fl-Custom-Application
X-Ramcache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
Cross-Origin-Opener-Policy-Report-Only
Ngx
X-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Origin-Upstream-Status
X-Snapshot-Date
X-Th-Server
X-Sorting-Hat-Shopid