Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-UA-Device
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
X-Rq
Permissions-Policy
X-Age
X-Vhost
X-Amz-Version-Id
Allow
X-Dispatcher
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-WebKit-CSP
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Litespeed-Cache
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
X-Node
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-CST
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Url
Cache-Tag
X-Clacks-Overhead
X-Trace
Rating
X-Rack-Cache
X-Oneagent-Js-Injection
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Webkit-Csp
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-MS-InvokeApp
Edge-Control
X-GitHub-Request-Id
X-Upstream
X-Element-Page-Cache
X-Ac
Verso
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-D2id
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Aws-Lambda-Call-Status
X-Ser
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Abt-Application-Version
X-Cache-TTL
X-B3-TraceId
X-Navigation-Version
X-Mod-Pagespeed
AR-CACHE
SPIisLatency
SPRequestDuration
X-NF-Request-ID
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Ruxit-Js-Agent
Fastly-Restarts
X-Amz-Rid
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Client-IP
Edge-Cache-Tag
X-Mg-S
S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Powered-CMS
X-Middleton-Response
Response
X-Amzn-Trace-Id
Cache-Status
X-Cache-Key
Access-Control-Request-Method
X-Goog-Hash
X-Version
X-VARITI-CCR
X-RateLimit-Remaining
X-Fastly-Request-ID
X-ARC
RTSS
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-T
Realpath
X-Correlation-Id
X-MSEdge-Ref
X-Server-ID
X-Ttl
X-Varnish-TTL
X-Ratelimit-Limit
Pinterest-Version
Front-End-Https
X-Pinterest-Rid
Pinterest-Generated-By
MS-Author-Via
X-Cached
Fastcgi-Cache
Content-MD5
X-HS-Cache-Config
X-FTR-Cache-Status
X-Country-Code-Real
Server-Node
X-PDP-UNCACHING-HASH
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-HS-Content-Id
X-Protected-By
X-HS-Hub-Id
X-Ua-Browser
Payment
X-Request-Received
X-Request-Processing-Time
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Forwarded-Proto
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
Public-Key-Pins
X-SRCache-Fetch-Status
X-Frontend
X-LLID
X-HS-Combine-CSS
TP-Cache
X-Distributor
X-Accel-Expires
X-FTR-Expires
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Ratelimit-Remaining
X-Origin-Cache-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Count-Hit
X-GUploader-UploadID
X-Origin-Server
X-LB-Cache
X-ORACLE-DMS-RID
X-NODE
X-Ezoic-Cdn
X-Hits
X-TTL
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Host
X-Az
X-B3-TraceId-Primal
X-AppVersion
MRF-Tech
Mrf-Cache-Status
X-Cluster-Name
X-Activity-Id
X-Varnish-Backend
X-Www-Served-By
Cache-Tags
X-Varnish-Server
Accept-Charset
Retry-After
X-App-Server
X-Amz-Meta-S3cmd-Attrs
X-PressLabs-Stats
X-Ua-Device
Server-Name
X-Hostname
X-Geo-Country
Cleartype
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Newrelic-App-Data
X-Id
Referer-Policy
X-Goog-Metageneration
X-DIS-Request-ID
X-Upgrade-Enabled
TP-L2-Cache
X-Git-Hash
Access-Control-Allow-Method
X-CSRF-Token
X-Seen-By
X-Azure-Ref
X-ORACLE-DMS-ECID
TCN
X-Hcs-Proxy-Type
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-F-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Load-Cache
X-Unique-Id
X-Oracle-Dms-Ecid
X-Proxy
Filterid
X-RateLimit-Limit
X-Revision
Healthy
X-Grace
Section-Io-Cache
X-Request-Guid
X-Debug-Info
X-Trace-Id
X-Cache-Control
X-Px
Paypal-Debug-Id
X-B3-Sampled
X-FB-Debug
X-TT
X-B
X-Fb-Rlafr
X-Contextid
DC
X-Type
X-Page-Id
X-Varnish-Ttl
X-Logged-In
X-N
X-Mobile
X-Oracle-Dms-Rid
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Debug
Viewport
X-Whom
X-Language
X-Goog-Storage-Class
X-Goog-Generation
X-Template
Fastly-SWR
X-XRDS-LOCATION
Fastly-SIE
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Charset
X-Cache-Grace
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
Version
X-Time
Content-Disposition
X-Via-JSL
X-Wix-Request-Id
X-Magnolia-Registration
X-EdgeConnect-Cache-Status
X-Webkit-CSP
X-App-Environment
X-Varnish-Grace
X-B-Cache
X-Signature
X-Rid
X-RateLimit-Reset
X-Node-Name
X-B3-SpanId
X-Origin-Cache
VIX-Pulpo-Upstream-Status
X-RemovedCookies
VIX-Pulpo-Node
X-ProcessESI
SRV
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Debug-IsPreview
X-Debug-IsConnected
X-Yottaa-Optimizations
X-G
X-Datadog-Sampled
X-Backend-Name
X-Amzn-Remapped-Content-Length
SD-X-WS
X-Hl-Ver
X-FW-Static
X-FW-Version
X-RTag
X-FW-Dynamic
GEO-INFO
X-Device-Type
X-Rule
X-FW-Hash
X-Proxy-Cache-Info
X-FW-Serve
X-FW-Server
X-FW-Type
X-Instance
X-Adobe-Loc
ServerID
X-Adobe-Content
Ms-Operation-Id
MS-CV
X-Amz-Replication-Status
X-Storage
Country
X-Rendered-As
X-NYM-Debug-Backend
X-UUID
X-Is-Bot
NGB
Liferay-Portal
X-Cacheable-TTL
X-L-Path
X-Region
X-IPS-LoggedIn
X-Environment-Context
X-Cache-Hit
X-User-Agent
X-Status
X-Cache-Age
X-Source
X-Real-IP
X-NWS-UUID-VERIFY
X-ServerID
Countrycode
Surrogate-Key
Amp-Access-Control-Allow-Source-Origin
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Servername
OT-Force-Account-Verify
X-Sucuri-ID
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-VC-Cache
From-Origin
X-UA
X-WebKit-CSP-Report-Only
X-Xrds-Location
X-RM-Cache-TTL
Backend
Upgrade-Insecure-Requests
Front
X-Framework
X-INCAP-ABP
X-Air-Pt
X-Mode
Refresh
X-AB
X-Content-Powered-By
Frame-Options
X-DataDome
X-Cache-Time
X-HTML-Minification-Powered-By
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Xet-Cookie
X-Akamai-Request-ID2
X-Buckets
X-Handled-By
X-Nginx-Cache
X-Edge-Location
X-Wormhole-Sdk
Url
Webserver
X-Vcache
X-JoinUs
Filters
Meta-Geo
X-Rn-Rsrv
X-Cluster
X-SaId
X-Endurance-Cache-Level
X-SRV
X-Timing-Wait
X-Xfnlog-Site
Selected-Fe
X-No-Session
X-Proxy-Build
Access-Control-Request-Headers
X-Origin-Date
X-RCS-CacheZone
X-UPSTREAM-Address
X-Rewrite-Enabled
X-Webstats-RespID
X-Logging-Id
TWC-Locale-Group
X-IPLB-Instance
Atl-Traceid
X-Drupal-Cache-Tags
Property-Id
X-IPLB-Request-ID
X-Azure-Ref-OriginShield
WPO-Cache-Status
X-Cache-Operation
X-Cache-Rule
WPO-Cache-Message
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
X-Akamai-Edgescape
TWC-Privacy
X-LJ-Flow-ID
X-Labrador-Cache-Channel
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-AWS-Id
X-Origin-CC
X-VCT
X-Origin-TTL
X-Served-From
X-Tumblr-Pixel-2
ServedBy
X-Reqid
X-VWS-Id
X-Origin-Hint
X-Origin
X-PHP-Host
X-Zipkin-Id
Mn-Server-Ip
X-Cloudmap
X-Cache-Debug
Section-Io-Id
X-Web-Node
X-Provided-By
X-Site-Version
X-Tb
X-Fetched-On
X-Hosted-By
X-Container-Uri
X-Drupal-Cache-Contexts
X-Httpd
X-Cms-Context
X-Extlb
X-Ms-Request-Id
X-Git-Commit
X-Ms-Version
X-ProxyCache-Status
X-Restarts
X-Routing-Service
X-R9-Blue-Green-Version
X-VC
X-Redis-Cache
X-Adobe-Source
X-BYPASS-REASON
X-ProxyCache-Key
X-CDN-Forward
Web-Mar-Node
X-Varnish-Cache-Hits
X-Cache-Status-Check
X-Proxied
X-Locale
X-Director
X-Forwarded-Host
X-Format
X-CMSURLCustom
X-Cdn-Origin
Thinkindot-CacheControl-Type
X-Varnish-Age
Thinkindot-Control
X-Tncms
Thinkindot-CacheControl
TDXMobile
X-Accel-Version
X-Geo-Region
X-Browser-Name
X-Upstream-Ct
Accept-Language
X-Is-Supported-Browser
X-Scope-Id
X-Shield-Cache-Expires
X-Skip-Cache
X-Is-Desktop
Cache
X-SayCDN-TTL
X-Say-TTL
X-Upstream-Ht
X-Lambda-Id
X-Is-Tablet
X-S
X-Say-Cacheable
X-Soup
X-Is-Mobile
Apigw-Requestid
X-Thinkindot-L3
X-Tcp-Rtt
X-Loop
X-Detected-As
X-ShardId
X-Varnish-Beresp-Grace
X-GeoCountry
X-Generation-Time
X-Frame-Option
X-GeoCode
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Cache-Host
Xserver
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
Cache-Hits
X-Generated-By
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-RID
X-Worker
X-Optimistic-Header
X-Vercel-Cache
X-Vercel-Id
Source
Azure-SlotName
Azure-SiteName
Azure-Version
X-XRDS-Location
Azure-RegionName
Azure-InstanceId
Node
LB
X-WP-CF-Super-Cache-Cookies-Bypass
X-Request-URI
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
X-Fastcgi-Cache
X-B3-Traceid
Protected
X-App-Version
Fastcgi-Useragent
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
Cross-Origin-Embedder-Policy
X-Pass-Why
CDN-RequestId
X-Tumblr-Pixel-3
X-Connection-Hash
Expiry
X-URL
X-Ratelimit-Reset
X-GEO
X-Vcl-Version
Alternate-Protocol
X-Cache-Server
Onion-Location
X-Cache-Expired-At
X-Tec-Api-Origin
DB-Nickname
X-Tec-Api-Version
X-Jobs
X-Tec-Api-Root
Priority
X-Server-W
CF-IPCountry
X-TA-CDN-Provider
AMP-Access-Control-Allow-Source-Origin
Environment
X-PHP-Backend
Uber-Trace-Id
X-Fastly-Request-Id
X-Proxy-Cache-Status
X-DC
X-LSADC-Cache
X-Cluster-Node
X-Cache-Action
User-Cache-Control
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Response-Served-From
X-Uri
X-MP-GENERATED-AT
X-Api-Version
X-Original-Request-Id
Sid
X-Mg-Request-UUID
X-Tx-Id
HostName
X-TT-LOGID
X-FB-TRIP-ID
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-A
X-A-Ccd
X-SRCache-Key
X-Varnish-Beresp-Ttl
Vix-Hermes-Req-Id
X-NCache
T-Server
X-Rojux
X-SB
X-ScT
Surrogated-Key
Origin-Agent-Cluster
Gannett-Cam-Experience-Id
Fusion-Template-Id
DCR-Decision-By
Content-Secure-Policy
X-Origin-Expires
X-Powered-By-VTEX-Cache
Lang
DCR-Processing-Time-Ms
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-Platform
Fusion-Deployment-Id
Edge-Cache
Magicmarker
MD5-Digest
Rendered-Blocks
X-A-Dam
A
Req-ID
X-Request-Start
X-ND-Cache
Origin
X-Node-Id
X-Org
Meta-Geo-Continent
X-Op-Id-All
Candidate-Md5Url
Cache-Tv-Group
Ngx.Var.Host
Sslversion
X-Thanos
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-LiteSpeed-Cache-Control
X-Vtex-Remote-Cache
X-Content-Age
X-Conf
X-A-Dcw
X-Hnp-Log
X-Cache-Id
X-Vdms-Version
X-Cache-NE
X-Jungle-Id
X-Ig-Origin-Region
X-D
X-Gzip
X-FC-Vary-Parameters
X-Esi-Check
X-Forwarded-Site
X-GeoIP-City
X-Gen-Mode
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Device-Os
X-Developer
X-Dispatcher-Server
X-Ec-Fail
X-Tt-Logid
X-Vdms-Path
Cdn-Requestid
X-Varnish-Hostname
X-Bip
X-Bc-Bl
X-Mvc-Supplant-Cachable
X-UA-Device-Type
X-TIM-N
X-Bl-Debug
X-BCube-Filmed-By
X-A-Wwc
X-Block-Status
X-Aed
X-A-Dgt
WP-Super-Cache
X-Origin-Response-Time
X-ApacheServer
Fastly-SSL
L5d-Success-Class
We-Hiring
W
X-Generated-On
X-Amz-Storage-Class
Mail-Subject
HA-Ipaddr
X-Auth-Group-Type
X-AK-Request-ID
X-Fastly-Cache
X-GeoIP-Country-Code
X-Eu-Site
Ha-Gx-Prefs
X-Fmm-Version
X-PAYTM-SRV-ID
X-GeoIP-Region-Code
X-Auto-Login
Server-Ext
Server-Host
X-Nginx-Cache-Key
X-HN
X-NMSegId
Ssr
X-Cache-TTL-Remaining
Sever-Int
X-Level-Front-Cache
X-Cache-Info
Server-Hostname
X-Backend-Instance
X-Loc
X-Mvc-Supplant-OutputCached
X-Clientip
X-Cache-Bucket
NM-Fastcgi-Cache
X-Csrf-Jwt
Origin-CC
Origin-EX
X-CGP
Release
Powered-By
PFcat
X-CUA
X-Proto
CDCHOST
X-Varnishpool
X-VarnishDD-TTL
X-Client-Ip
X-Region-Sid
X-GeoIP
Cdnsip
Cdncip
Canary
Cache-Provider
X-Req
X-Request-Time
X-Var-Ttl
X-Varnish-Director
C-Via
X-Render-Time
Yak-Timeinfo
X-V-Cache
XM
X-Pubstack
X-RateLimit-Remaining-Second
X-SD-PageType
DSUID
X-Viewer-Country
X-WA-Info
X-PERF
Content-Style-Type
X-Policy
X-Via-Fastly
X-VG-WebCache
X-Service
X-RateLimit-Limit-Second
X-Scheme
Content-Script-Type
X-Debug-Cache-Fetch
X-Ad-Load-Variation
X-Aicache-OS
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Debug-Cache-Store
Gh-Request-Id
X-Server-IP
X-Zone
X-ECache
X-Access
Fastly-GeoIP-CountryCode
X-SVT-ORM-VERSION
X-Acquia-Purge-Cdn-Unconfigured
X-B3-Trace-ID
X-Core-Value
X-VG-TLSProxy
X-Wikidot-Static-Cache
X-Cache-Backend
X-Contensis-Viewer-Groups
X-CacheTTL
X-Wikidot-Backend
X-Cdn-Srv
X-HS-Content-Campaign-Id
X-Human
X-Cache-Aspx
X-Ismobilevalue
X-Micro-Cache
X-ID
X-Test
X-Mly-Id
X-App-Name
X-Men
X-BBC-Edge-Cache-Status
X-Varnish-Authentication
Web-Mar-Region
X-Location
X-Tb-Optimization-Total-Bytes-Saved
Tube-Get-Contents
X-From
X-Nyt-Route
Cdn-Host
Cdn-Request-Time
Machine
Cache-Key
On-Server
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Action-Start
Click-Count-Error
X-Pool
Country-Code
X-Geo-Header
Esi-Enabled
Fastly-Backend-Name
X-Origin-Time
Cluster
L
X-Gdpr
Is-Eu
Host-ID
X-Section
X-Fastly-Backend
X-Edge-Server
X-Varnish-Beresp-Status
X-Ig-Push-State
X-Request-Host
Platform
X-DPWN-IS-SECURE
True-Client-Country-4JS
Tube-Got-Results
Tube-Got-Eval
X-We-Are-Hiring
X-Ec-Custom-Error
RNT-Time
RNT-Machine
Producers
Pramga
V-Age
X-Proxied-Request
X-GoCache-CacheStatus
Redirect-Candidate
Req-Svc-Chain
Adler-Geo
AKAMAI
Tube-Return
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Date
X-Hash
X-Accel-Expires-Debug
X-Up
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
NGX
Proxy-Firewall
Datacenter
X-AIR-PT
SID
X-Custom-Header
X-Varnish-Hits
X-NGINX-Cache
Debug
X-LB-ID
X-NodeID
Fastly-Drupal-HTML
X-Cs
X-Nananana
X-Dc
X-COUNTRY
X-Pad
X-HA-Backend
X-Varnish-CookieHashed-On
X-DefHash
X-Via-Poph
CloudFront-Viewer-Country
X-Via-Popn
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Refresh
Locid
Pics-Label
X-Via-Popv
X-CACHE-GROUP
Mime-Version
X-Nf-Request-Id
X-Servedbyhost
X-Depends
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Cluster
X-Akamai-Transformed
X-Platform-Router
X-Platform-Processor
X-VHOST
GeoIP-Latitude
X-VC-TTL
X-CACHE-AGE
X-TIME
X-LiteSpeed-Tag
Ngx-Var-Key
X-Cache-FS-Status
X-Parent-Response-Time
X-Datadome
X-LB-NoCache
X-M-Log
X-Old-Content-Length
X-M-Reqid
X-Cached-By
X-Presslabs-Stats
X-B3-Parentspanid
X-Moov-T
X-Moov-Xdn-Version
X-CS
X-TH-Server
Server-ID
X-Litespeed-Tag
Cross-Origin-Embedder-Policy-Report-Only
Cdn
X-Nc
X-CDN-Cache-Status
X-Wa
Resin-Trace
Server-Info
X-DynaTrace-JS-Agent
Cf-Ipcountry
Fastly-Drupal-Html
BehaviorPad-Version
GeoIp-Country-Code
NtCoent-Length
X-ZONE
X-External-Request-Id
X-VCache
X-IAuth-Set-Uid
X-Destination
X-B-Cookie
X-S-Cookie
X-Vgn-Hpd-Reason
Cf-Device-Type
X-User
X-HITS
X-Application
X-Fpc
Uri
FSS-Cache
X-NewRelic-App-Data
X-Vc
X-Zen-Fury
X-APP
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Route-Name
X-Flags
X-Is-Crawler
True-Client-IP
X-Instance-Name
X-Cache-Date
X-Sigma
X-API-Version
X-Sigma-Backend
True-Client-Ip
X-Esi
X-Rocket-Build-Number
X-Content-Length
X-HostName
X-TX-ID
CDN
X-DynaTrace
X-VServer
Serverhost
X-Srv
X-Dynatrace-Js-Agent
X-Varnish-Beresp-TTL
GeoIP-Country-Code
Load-Balancing
X-Branch-Name
Tcn
S-Rt
X-Segment-20210421
X-Page-View
X-Oracle-DMS-ECID
X-Dispatcher-Number
X-Cdn-Cache-Status
Hostname
Srv
X-HOST
X-Cdn-Forward
Request-ID
Ohc-File-Size
X-Dispatch
Vc-Max-Age
X-NC
X-FPC
X-RequestId
X-WA
X-DataCenter
Product
Type
X-APP-VERSION
ServerName
X-B3-Spanid
X-Sql-Count
X-Sql-Duration-Ms
X-Http-Reason
X-Irp-Debug
Geoip-Latitude
Server-Id
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
Srvid
Cl-Cache
X-Ckpd-Fst-Backend
X-Bug-Bounty
X-Geo
X-Lb-Nocache
X-VCL-Version
IsBot
X-ServedByHost
X-Owner
CacheControlHeader
Edge-Copy-Time
WZWS-RAY
X-Via-SSL
X-SIPLIST1
X-Via-Edge
X-CSRF-TOKEN
DataCenter
X-Via-CDN
XkeyRZ
Cloudfront-Viewer-Country
X-CACHE-KEY
MIME-Version
Epwk-X-Cache
Ohc-Cache-HIT
Cross-Origin-Opener-Policy-Report-Only
X-Core-Mission
X-Proxy-CacheRZ
Origin-Trial
X-Cache-Ttl
X-Hit
X-Ua
X-Correlation-ID
N-Cache
X-App
X-Qloud-Router
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-Via-PopV
PICS-Label
CountryCode
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-MiniProfiler-Ids
X-Amz-Meta-Opti
X-Lb-Id
X-MSEdge-Features
X-Fastly-Country-Code
ServerHost
X-MSEdge-Flight
Lb
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Sm-Log-Id
X-Acquia-Application-Trace
X-Service-Response-Time
X-Akamai-Device-Characteristics
Warning
User-Agent
X-Web-Server
X-Limited
X-Vmg-Version
Cneonction
X-Sqd-Ctime
X-Datacenter
X-Sqd-Stime
X-Litespeed-Cache-Control
X-LAGOON
X-Gamma-Serve
Akamai-Cache-Status
X-Amz-Meta-S3b-Last-Modified
X-Dw-Trace-Id
X-IN-APIGATEWAYSSL
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-IN-APIGATEWAY
X-Cdn-Request-ID
Xkey-La3
X-Cache-Type
X-Akamai-Pragma-Client-IP
X-RAMCache
X-Requestid
Xkeylog
Expect-Staple
X-Orig-Expires
X-Shop-Environment
X-Proxy-Cache-La3
X-Tenant
X-CF-Lambda-Fn
Ngx
X-CF-Lambda-Version
X-Snapshot-Date
X-Ramcache
X-Check-Cacheable
X-Serial
X-Th-Server
X-Forwarded-Path