Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
Permissions-Policy
X-Robots-Tag
X-AH-Environment
X-Hacker
X-UA-Device
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Amz-Version-Id
Cf-Apo-Via
X-Vhost
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Allow
X-LiteSpeed-Cache
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
Cf-Railgun
X-Host
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Server-Id
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Litespeed-Cache
X-Clacks-Overhead
Cache-Tag
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-CST
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Edge
X-Mcache
X-Server-Name
X-Browser-Type
X-Midtier
X-Powered-By-Plesk
Accept-Ch
X-Cnection
AR-ATIME
AR-SID
AR-PoweredBy
AR-Request-ID
X-ESI
X-Ac
X-Cache-TTL
X-Element-Page-Cache
X-GitHub-Request-Id
X-D2id
Edge-Control
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
Verso
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Vcap-Request-Id
X-Ser
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Webkit-Csp
SPIisLatency
SPRequestDuration
X-B3-TraceId
X-Mod-Pagespeed
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-NF-Request-ID
X-Client-IP
X-Edge-Location-Klb
X-Kinsta-Cache
X-Oneagent-Js-Injection
X-Goog-Hash
X-Mg-S
X-Ratelimit-Limit
Edge-Cache-Tag
S
X-Powered-CMS
X-ARC
X-Sol
Pagespeed
X-Middleton-Display
Display
X-PDP-UNCACHING-HASH
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
Response
X-VARITI-CCR
X-Middleton-Response
X-Cache-Key
X-Ratelimit-Remaining
X-TTL
X-Fastly-Request-ID
RTSS
X-TraceId
X-Content-Digest
Realpath
Cross-Origin-Resource-Policy
X-T
X-Ua-Device
X-Forwarded-For
X-Server-ID
X-Recruiting
X-Correlation-Id
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Cached
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
X-Varnish-TTL
Content-MD5
X-Country-Code-Real
X-Protected-By
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
X-Request-Received
X-Forwarded-Proto
X-Request-Processing-Time
Server-Node
Public-Key-Pins
X-Frontend
X-LLID
Payment
TP-Cache
X-RateLimit-Remaining
Arr-Disable-Session-Affinity
X-PressLabs-Stats
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Combine-CSS
X-FTR-Expires
Count-Hit
X-Distributor
X-Kong-Proxy-Latency
X-Accel-Expires
X-Kong-Upstream-Latency
X-GUploader-UploadID
X-Origin-Server
X-NODE
X-LB-Cache
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Ezoic-Cdn
X-Aws-Lambda-Call-Status
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-Www-Served-By
X-Varnish-Server
X-Newrelic-App-Data
X-AppVersion
X-Az
Accept-Charset
X-Cluster-Name
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-App-Server
Host
X-ORACLE-DMS-ECID
Cache-Tags
X-Varnish-Backend
X-Content-Security-Policy-Report-Only
Retry-After
X-Amz-Meta-S3cmd-Attrs
Cleartype
Server-Name
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Goog-Metageneration
X-ASPNET-VERSION
Filterid
X-Hits
X-Unique-Id
X-Envoy-Decorator-Operation
X-Git-Hash
X-CSRF-Token
Access-Control-Allow-Method
X-Hostname
X-NGENIX-Cache
X-Azure-Ref
X-Geo-Country
X-Upgrade-Enabled
Referer-Policy
X-Load-Cache
X-Debug
X-Logged-In
X-Ttl
X-Id
TP-L2-Cache
TCN
X-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-Seen-By
X-FB-Debug
X-Hcs-Proxy-Type
X-B
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-B3-Sampled
X-Amz-Apigw-Id
X-Varnish-Ttl
X-Amzn-RequestId
X-TT
X-Grace
Section-Io-Cache
X-Cache-Control
X-Request-Guid
Surrogate-Key
X-Trace-Id
X-F-Cache
X-Revision
X-Type
X-Contextid
X-Fb-Rlafr
DC
Healthy
X-DIS-Request-ID
Viewport
X-Mobile
X-N
Paypal-Debug-Id
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Fastly-SIE
X-WP-CF-Super-Cache-Cache-Control
Fastly-SWR
X-WP-CF-Super-Cache
X-Debug-Info
X-XRDS-LOCATION
X-Page-Id
Content-Disposition
X-Px
X-Origin-Cache
X-Webkit-CSP
X-Varnish-Grace
X-Via-JSL
Version
X-Whom
X-Magnolia-Registration
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
X-Template
X-Oracle-Dms-Ecid
Charset
X-Amz-Replication-Status
X-Cache-Grace
X-Wix-Request-Id
X-UUID
X-ProcessESI
X-G
X-RemovedCookies
X-Rid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-App-Environment
X-Adobe-Content
X-Rule
X-Adobe-Loc
X-RTag
X-Tumblr-User
MS-CV
X-Debug-IsPreview
X-Node-Name
Ms-Operation-Id
X-Debug-IsConnected
X-B-Cache
X-Signature
X-Datadog-Sampled
X-NWS-UUID-VERIFY
X-Hl-Ver
X-Storage
X-Yottaa-Optimizations
SD-X-WS
NGB
X-Yottaa-Metrics
VIX-Pulpo-Node
X-Cache-Age
VIX-Pulpo-Upstream-Status
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Server
ServerID
X-Backend-Name
X-Cacheable-TTL
X-Device-Type
X-Environment-Context
X-FW-Type
X-Region
X-NYM-Debug-Backend
X-FW-Static
X-Source
X-User-Agent
X-EdgeConnect-Cache-Status
X-L-Path
X-Rendered-As
X-FW-Version
X-Is-Bot
X-Instance
Country
X-ServerID
GEO-INFO
X-Status
X-Real-IP
X-Cache-Hit
X-Proxy-Cache-Info
X-B3-SpanId
Cross-Origin-Window-Policy
Countrycode
X-IPS-LoggedIn
X-Language
SRV
Liferay-Portal
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-Wormhole-Sdk
X-Ratelimit-Reset
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
Front
X-Sucuri-ID
X-Sucuri-Cache
X-Xrds-Location
Amp-Access-Control-Allow-Source-Origin
X-Framework
OT-Force-Account-Verify
X-Oracle-Dms-Rid
X-Servername
X-AB
X-Air-Pt
X-UA
X-VC-Cache
From-Origin
X-Content-Powered-By
X-VC
X-Air-Hostname
Xet-Cookie
X-Air-Trace-Id
X-WebKit-CSP-Report-Only
X-Air-Source
X-Mode
X-Akamai-Request-ID2
Backend
Upgrade-Insecure-Requests
X-URL
Refresh
X-Cache-Time
X-Origin-Cache-Key
X-Handled-By
X-DataDome
X-INCAP-ABP
X-Nginx-Cache
X-VHOST
X-Endurance-Cache-Level
X-Ismobilevalue
Accept-Language
X-Rn-Rsrv
X-Edge-Location
X-SRV
Filters
X-Rewrite-Enabled
X-JoinUs
X-Xfnlog-Site
Meta-Geo
Cache
X-RCS-CacheZone
X-SaId
X-UPSTREAM-Address
X-Origin-Date
Access-Control-Request-Headers
X-Origin-Hint
Webserver
X-No-Session
X-Labrador-Cache-Channel
X-Lambda-Id
X-LJ-Flow-ID
X-PHP-Host
X-Provided-By
X-Cache-Rule
X-Cache-Operation
X-Tumblr-Pixel-2
X-Zipkin-Id
X-R9-Blue-Green-Version
X-Proxied
X-Webstats-RespID
LB
X-Hosted-By
X-Git-Commit
X-Cloudmap
X-AWS-Id
X-Adobe-Source
Webcakes-Region
X-Cluster
X-Cms-Context
X-Extlb
X-Generated-By
X-Container-Uri
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
ServedBy
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Reqid
X-Cache-Status-Check
X-VWS-Id
X-S
X-Varnish-Age
X-Routing-Service
X-RateLimit-Limit
X-Is-Supported-Browser
X-Is-Tablet
X-Site-Version
X-Is-Desktop
X-IPLB-Instance
X-IPLB-Request-ID
X-Tcp-Rtt
X-Locale
Atl-Traceid
Apigw-Requestid
X-Ms-Version
X-Ms-Request-Id
X-Logging-Id
X-Loop
X-Httpd
X-HTML-Minification-Powered-By
X-Web-Node
X-Accel-Version
X-Akamai-Edgescape
X-Browser-Name
X-Cache-Debug
X-BYPASS-REASON
Web-Mar-Node
Url
Mn-Server-Ip
X-Scope-Id
X-Forwarded-Host
Section-Io-Id
X-Fetched-On
X-Tncms
X-Geo-Region
X-Is-Mobile
X-ProxyCache-Status
X-ProxyCache-Key
X-Tb
X-Skip-Cache
X-Redis-Cache
X-Restarts
X-Served-From
X-Api-Version
X-VCT
Selected-Fe
X-Shopify-Stage
X-Upstream-Ht
X-Timing-Wait
X-SayCDN-TTL
X-Varnish-Cache-Hits
X-Say-Cacheable
X-Alternate-Cache-Key
X-Say-TTL
X-Proxy-Build
X-Azure-Ref-OriginShield
X-Origin
X-Storefront-Renderer-Rendered
Frame-Options
X-Soup
X-Detected-As
X-Upstream-Ct
X-Format
X-Varnish-Beresp-Grace
X-Frame-Option
Xserver
X-GeoCode
X-Optimistic-Header
X-GeoCountry
WPO-Cache-Status
X-Cache-Host
X-RID
WPO-Cache-Message
X-Director
X-Request-URI
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Drupal-Cache-Tags
X-Generation-Time
X-CMSURLCustom
X-Thinkindot-L3
Thinkindot-CacheControl
X-Lagoon
X-Vcache
X-RateLimit-Reset
X-Origin-TTL
X-Origin-CC
X-Shield-Cache-Expires
Cache-Hits
TDXMobile
X-Tt-Logid
Thinkindot-CacheControl-Type
Thinkindot-Control
Onion-Location
Cdn-Requestid
Source
X-Drupal-Cache-Contexts
Fastcgi-Useragent
X-CDN-Forward
X-Cdn-Origin
Protected
Expiry
X-Connection-Hash
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-B3-Traceid
X-Mg-Request-UUID
X-Fastcgi-Cache
X-Vercel-Cache
X-Worker
X-Cache-Expired-At
X-Vercel-Id
X-Buckets
X-TA-CDN-Provider
X-Pass-Why
X-PHP-Backend
Azure-SiteName
Azure-RegionName
X-Nf-Request-Id
Azure-InstanceId
Azure-SlotName
X-Rocket-Nginx-Serving-Static
Azure-Version
X-Vcl-Version
X-ECache
Environment
Node
X-App-Version
Sid
X-GEO
X-Proxy-Cache-Status
X-ID
X-Cache-Action
Priority
CDN-Cache
CDN-CachedAt
AMP-Access-Control-Allow-Source-Origin
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
X-Aspnetmvc-Version
Uber-Trace-Id
CDN-Uid
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
X-Cluster-Node
X-Tumblr-Pixel-3
X-XRDS-Location
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Server-W
X-Cache-Server
DB-Nickname
Cache-Tv-Group
HostName
X-Auth-Group-Type
User-Cache-Control
Alternate-Protocol
CF-IPCountry
X-FB-TRIP-ID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Tx-Id
X-Pad
Fusion-Source
Fusion-Template-Id
X-Jobs
X-Client-Ip
X-DC
X-Op-Id-All
X-Gzip
X-Origin-Expires
X-Fastly-Backend
Rendered-Blocks
X-Bc-Bl
X-Ig-Push-State
X-BCube-Filmed-By
X-Service
X-D
X-A-Dgt
X-Custom-Header
X-Org
A
Lang
X-Cache-Id
Content-Secure-Policy
Magicmarker
Meta-Geo-Continent
MD5-Digest
DCR-Decision-By
DCR-Processing-Time-Ms
X-Generated-On
Gannett-Cam-Experience-Id
X-Gen-Mode
X-Cache-TTL-Remaining
Edge-Cache
X-Cache-NE
X-Level-Front-Cache
Ngx.Var.Host
X-Core-Value
X-Content-Age
X-GeoIP-City
X-Aed
X-Block-Status
X-ND-Cache
Origin-Agent-Cluster
X-Conf
Cdn-Request-Time
Odigeo-Trace-Id
Cdn-Host
Origin
Candidate-Md5Url
X-Bl-Debug
X-Ig-Origin-Region
X-Hnp-Log
X-SRCache-Key
Wxu-Next-Region
X-Varnish-CookieINHashed-On
X-DefHash
X-Ec-GeoHdr
X-Varnish-Remaining-TTL
X-DefElseHash
X-Edge-Server
X-Varnish-CookieHashed-On
X-Ec-Fail
X-UA-Device-Type
X-Developer
X-Device-Os
X-V-Cache
X-Dispatcher-Server
Wxu-Next-Hostname
Wxu-Next-Commit
X-TIM-N
X-A-Ccd
X-A
X-Vdms-Version
X-Req
Surrogated-Key
X-ScT
X-A-Dam
Sslversion
X-Viewer-Country
X-Via-Fastly
X-A-Dcw
X-A-Wwc
T-Server
X-Vtex-Remote-Cache
X-SB
X-Epic-Correlation-Id
X-Esi-Check
X-Rojux
X-LSADC-Cache
Mime-Version
X-Cache-Info
X-Geo-Header
Origin-EX
Origin-CC
X-GeoIP
Host-ID
X-GeoIP-Region-Code
Is-Eu
NM-Fastcgi-Cache
X-Cache-Bucket
X-GeoIP-Country-Code
X-Backend-Instance
X-AK-Request-ID
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
X-Ad-Load-Variation
X-Amz-Storage-Class
X-Loc
Req-ID
Server-Ext
Server-Hostname
Sever-Int
RNT-Time
Ssr
RNT-Machine
X-Acquia-Purge-Cdn-Unconfigured
Tube-Get-Contents
Producers
X-B3-Trace-ID
Server-Host
X-Auto-Login
Platform
Powered-By
Vix-Hermes-Req-Id
V-Age
X-Bip
Tube-Got-Eval
Tube-Got-Results
Tube-Return
X-HN
X-App-Name
PFcat
X-NodeID
X-Gdpr
X-Forwarded-Site
X-RateLimit-Remaining-Second
X-Region-Sid
X-WA-Info
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-RateLimit-Limit-Second
X-Pubstack
X-Platform
X-PAYTM-SRV-ID
X-Policy
X-Powered-By-VTEX-Cache
X-CacheTTL
X-Proto
X-Request-Time
X-Scheme
X-Thanos
X-Test
X-VG-WebCache
X-DPWN-IS-SECURE
X-VG-TLSProxy
X-Varnish-Hostname
X-Varnish-Director
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SD-PageType
X-VTEX-Cache-Time
X-Server-IP
X-VTEX-Cache-Server
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Origin-Time
X-Origin-Response-Time
X-FC-Vary-Parameters
Content-Script-Type
Content-Style-Type
X-Mvc-Supplant-Cachable
Click-Count-Error
X-Clientip
Click-Count-Action-Start
Country-Code
X-Mly-Id
Fastly-Backend-Name
Fastly-SSL
Esi-Enabled
X-Men
X-Micro-Cache
X-Cdn-Srv
X-Fmm-Version
Cdnsip
Adler-Geo
AKAMAI
X-Nginx-Cache-Key
X-NMSegId
X-Nyt-Route
X-Node-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Fastly-Cache
Cdncip
CDCHOST
Cache-Provider
C-Via
XM
X-VarnishDD-TTL
X-Varnish-Beresp-Ttl
X-HITS
X-Contensis-Viewer-Groups
X-Csrf-Jwt
X-Cache-Aspx
X-CGP
X-CUA
X-Date
X-From
X-Depends
X-Eu-Site
X-Ec-Custom-Error
X-BBC-Edge-Cache-Status
X-NCache
X-Pool
Apple-News-Services-Handled
X-Proxied-Request
X-Request-Host
X-Request-Start
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Mvc-Supplant-OutputCached
Canary
X-Hash
Apple-News-Services-Request-Url
X-Section
X-Slack-Backend
X-Varnishpool
X-Dc
X-MP-GENERATED-AT
Yak-Timeinfo
X-Aicache-OS
X-Varnish-Beresp-Status
X-LiteSpeed-Cache-Control
X-Slack-Shared-Secret-Outcome
X-Up
X-Var-Ttl
X-Varnish-Authentication
Cluster
Cache-Key
X-Human
Req-Svc-Chain
Release
DSUID
True-Client-Country-4JS
W
X-Access
X-Accel-Expires-Debug
Web-Mar-Region
We-Hiring
Pramga
Proxy-Firewall
HA-Ipaddr
L
Machine
Ha-Gx-Prefs
Gh-Request-Id
Fastly-GeoIP-CountryCode
X-Location
Mail-Subject
L5d-Success-Class
NGX
X-AIR-PT
X-NGINX-Cache
X-Jungle-Id
On-Server
X-We-Are-Hiring
X-Cs
X-Zone
X-Cache-FS-Status
X-LB-ID
X-Varnish-Hits
X-Vdms-Path
X-Cache-Backend
Debug
X-Akamai-Transformed
WP-Super-Cache
X-Uri
X-Tec-Api-Root
X-Tec-Api-Version
CDN-RequestId
X-Tec-Api-Origin
Fastly-Drupal-HTML
Redirect-Candidate
X-Refresh
X-Via-Poph
CloudFront-Viewer-Country
X-Via-Popn
X-Via-Popv
Server-Info
X-HA-Backend
Pics-Label
X-Nananana
X-Servedbyhost
BehaviorPad-Version
X-Render-Time
X-ApacheServer
X-Newrelic-Synthetics
X-PERF
SID
GeoIP-Latitude
X-Datadome
X-VC-TTL
X-M-Reqid
X-M-Log
X-Parent-Response-Time
X-APP
X-LB-NoCache
X-Original-Request-Id
X-CACHE-AGE
X-B3-Parentspanid
X-Response-Served-From
Locid
X-Cached-By
X-Content-Length
Fastly-Drupal-Html
Datacenter
X-TT-LOGID
X-DynaTrace-JS-Agent
X-Litespeed-Tag
Server-ID
X-Nc
X-Wa
Resin-Trace
Cf-Ipcountry
X-CS
X-CDN-Cache-Status
X-LiteSpeed-Tag
Cdn
X-Amz-Meta-Cb-Modifiedtime
X-IAuth-Set-Uid
X-VCache
NtCoent-Length
GeoIp-Country-Code
X-ZONE
X-Old-Content-Length
Vc-Max-Age
Ngx-Var-Key
X-RequestId
X-Dispatcher-Number
X-Fpc
Uri
FSS-Cache
X-Varnish-Beresp-TTL
X-NewRelic-App-Data
X-Platform-Cluster
Product
X-Esi
Serverhost
True-Client-Ip
X-Vgn-Hpd-Reason
X-Platform-Router
X-Platform-Processor
X-HostName
X-TX-ID
X-Srv
X-SERVER-NAME
Srv
X-TH-Server
CDN
X-Moov-T
X-Moov-Xdn-Version
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
True-Client-IP
X-Cdn-Forward
GeoIP-Country-Code
X-Nf-Language
X-Nf-Ats-Version
Tcn
X-Ckpd-Fst-Backend
X-Nf-Country
X-B3-Spanid
X-TIME
X-Oracle-DMS-ECID
X-Bug-Bounty
Cross-Origin-Embedder-Policy-Report-Only
X-Cdn-Cache-Status
X-FPC
Cf-Device-Type
S-Rt
ServerName
X-Dynatrace-Js-Agent
X-HubSpot-Correlation-Id
Request-ID
X-Dispatch
X-B-Cookie
X-Application
X-WA
X-External-Request-Id
X-Destination
CacheControlHeader
X-NC
X-User
X-Vc
X-S-Cookie
X-CACHE-KEY
X-Zen-Fury
Server-Id
Hostname
X-COUNTRY
X-APP-VERSION
X-Rocket-Build-Number
X-Cache-Date
Geoip-Latitude
X-Sigma
X-FL-QIT-DEBUG
X-Webkit-Csp-Report-Only
Srvid
X-Instance-Name
X-Sigma-Backend
X-Presslabs-Stats
X-Geo
X-VCL-Version
X-API-Version
X-Akamai-Device-Characteristics
X-Lb-Nocache
X-Vmg-Version
User-Agent
X-Segment-20210421
X-VServer
Ohc-File-Size
X-ServedByHost
X-Info
ServerHost
X-Ha-Backend
X-Gamma-Serve
X-Branch-Name
X-Via-PopV
Origin-Trial
X-Via-PopH
X-Via-PopN
Cneonction
X-App
Xc-Version
PICS-Label
Cloudfront-Viewer-Country
Epwk-X-Cache
Load-Balancing
DataCenter
Expect-Staple
X-DataCenter
X-Limited
X-Correlation-ID
X-DynaTrace
X-Ua
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Lb-Id
X-Hit
Type
X-Amz-Meta-Opti
X-Akamai-Pragma-Client-IP
X-MSEdge-Features
X-MSEdge-Flight
X-Check-Cacheable
X-Serial
X-MiniProfiler-Ids
Ohc-Cache-HIT
Lb
Cmstype
X-Web-Server
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
Cmsid
X-Irp-Debug
X-Sqd-Stime
X-Sqd-Ctime
Warning
Timeexpire
X-Datacenter
Cross-Origin-Opener-Policy-Report-Only
Sm-Log-Id
X-Owner
X-Service-Response-Time
X-LAGOON
X-Litespeed-Cache-Control
Servername
X-CSRF-TOKEN
CountryCode
X-Origin-Upstream-Status
X-Sorting-Hat-Shopid
X-Shardid
N-Cache
X-Sorting-Hat-Podid
X-Shopid
Permission-Policy
X-Via-Edge
X-Core-Mission
X-Requestid
X-RAMCache
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
Cl-Cache
X-Qloud-Router
X-Th-Server
X-Ramcache
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Snapshot-Date
Ngx
X-IN-APIGATEWAYSSL