Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-Ua-Compatible
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-UA-Device
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
X-Rq
X-Age
Permissions-Policy
X-Vhost
X-Amz-Version-Id
Allow
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Litespeed-Cache
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Ruxit-JS-Agent
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-CST
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-Url
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Daa-Tunnel
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-Upstream
Edge-Control
X-ECACHE
X-MS-InvokeApp
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
X-Ac
Verso
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-GoogleNews-Bot
X-Aws-Lambda-Call-Status
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Ser
X-Vcap-Request-Id
X-Navigation-Version
X-Cache-TTL
X-B3-TraceId
X-Abt-Application-Version
X-Mod-Pagespeed
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
AR-CACHE
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-NF-Request-ID
X-Client-IP
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
Pagespeed
X-Middleton-Display
Display
X-Sol
X-RateLimit-Remaining
Edge-Cache-Tag
X-Mg-S
S
X-Edge-Location-Klb
X-Cache-Key
X-Kinsta-Cache
X-Powered-CMS
X-Middleton-Response
X-Amzn-Trace-Id
Response
Cache-Status
X-VARITI-CCR
Access-Control-Request-Method
X-Version
X-Goog-Hash
X-ARC
RTSS
X-Content-Digest
X-Fastly-Request-ID
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-T
Realpath
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Ttl
X-Varnish-TTL
X-Correlation-Id
X-MSEdge-Ref
MS-Author-Via
Front-End-Https
X-Ratelimit-Limit
X-Cached
Fastcgi-Cache
Content-MD5
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
Payment
Server-Node
X-Protected-By
X-FTR-Cache-Status
X-FTR-Backend
Arr-Disable-Session-Affinity
X-Request-Received
X-PDP-UNCACHING-HASH
Public-Key-Pins
X-Ua-Browser
X-Request-Processing-Time
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-Frontend
X-Shield-Request-Id
X-LLID
X-HS-Combine-CSS
X-Origin-Cache-Key
TP-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Distributor
X-Accel-Expires
X-Server-ID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Kong-Proxy-Latency
X-FTR-Expires
X-Kong-Upstream-Latency
Count-Hit
X-GUploader-UploadID
X-Hits
X-Origin-Server
X-LB-Cache
X-Ezoic-Cdn
X-ORACLE-DMS-RID
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-Az
X-AppVersion
Host
X-B3-TraceId-Primal
X-TEC-API-ORIGIN
X-PressLabs-Stats
X-TEC-API-VERSION
X-Www-Served-By
X-Ua-Device
X-TEC-API-ROOT
Mrf-Cache-Status
MRF-Tech
X-Varnish-Backend
X-TTL
X-Cluster-Name
Cache-Tags
X-Varnish-Server
Retry-After
X-App-Server
X-Ratelimit-Remaining
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Hostname
Server-Name
X-NGENIX-Cache
X-Geo-Country
X-NODE
Cleartype
X-Envoy-Decorator-Operation
Referer-Policy
X-DIS-Request-ID
X-Newrelic-App-Data
X-Goog-Metageneration
X-Upgrade-Enabled
TP-L2-Cache
X-Seen-By
X-CSRF-Token
X-Amz-Apigw-Id
X-Git-Hash
Access-Control-Allow-Method
X-Amzn-RequestId
X-Oracle-Dms-Ecid
X-Azure-Ref
TCN
X-RateLimit-Limit
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Load-Cache
X-F-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-Grace
X-ORACLE-DMS-ECID
Healthy
X-Unique-Id
X-Cache-Control
X-Revision
X-Debug-Info
Filterid
X-Px
Paypal-Debug-Id
X-XRDS-LOCATION
Section-Io-Cache
X-Request-Guid
X-Trace-Id
X-B
X-B3-Sampled
X-FB-Debug
X-TT
DC
X-Type
X-Page-Id
X-Contextid
X-Fb-Rlafr
X-Oracle-Dms-Rid
X-N
X-Logged-In
X-Mobile
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Viewport
X-Debug
X-Whom
X-Varnish-Ttl
X-Template
Charset
Fastly-SIE
X-Language
Fastly-SWR
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Time
X-Datadog-Trace-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Cache-Grace
X-Content-Options
X-Webkit-CSP
Version
X-Magnolia-Registration
X-Via-JSL
Content-Disposition
X-RateLimit-Reset
X-Wix-Request-Id
X-App-Environment
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-B-Cache
X-Signature
X-Node-Name
X-Origin-Cache
X-B3-SpanId
X-Amzn-Remapped-Content-Length
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-RemovedCookies
X-ProcessESI
X-Yottaa-Optimizations
X-Tumblr-User
X-Tumblr-Pixel
X-Rule
X-Datadog-Sampled
X-Debug-IsConnected
X-Debug-IsPreview
X-Yottaa-Metrics
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
MS-CV
SD-X-WS
X-Amz-Replication-Status
Ms-Operation-Id
X-G
X-UUID
X-RTag
X-Hl-Ver
X-Backend-Name
ServerID
X-Instance
X-Adobe-Content
GEO-INFO
X-Storage
X-Adobe-Loc
X-Proxy-Cache-Info
X-FW-Version
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Server
X-Device-Type
X-FW-Type
X-Cache-Age
Liferay-Portal
SRV
Country
X-User-Agent
X-IPS-LoggedIn
X-Cacheable-TTL
NGB
X-Rendered-As
X-Is-Bot
X-Region
X-NYM-Debug-Backend
X-L-Path
X-Status
X-Environment-Context
X-Cache-Hit
X-Source
X-Real-IP
X-ServerID
Countrycode
X-Rid
X-NWS-UUID-VERIFY
Surrogate-Key
Akamai-GRN
X-Sucuri-ID
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
From-Origin
OT-Force-Account-Verify
Cross-Origin-Window-Policy
X-Servername
X-VC-Cache
X-UA
X-WebKit-CSP-Report-Only
X-RM-Cache-TTL
Upgrade-Insecure-Requests
Backend
Amp-Access-Control-Allow-Source-Origin
X-Framework
Front
X-INCAP-ABP
X-Mode
Refresh
X-Air-Pt
X-Xrds-Location
X-AB
Frame-Options
X-Cache-Time
X-Akamai-Request-ID2
X-Air-Source
X-HTML-Minification-Powered-By
X-Buckets
Xet-Cookie
X-Air-Trace-Id
X-Air-Hostname
X-Content-Powered-By
X-RID
X-Handled-By
X-Edge-Location
X-Endurance-Cache-Level
X-VC
Url
Webserver
X-No-Session
X-UPSTREAM-Address
Meta-Geo
X-Azure-Ref-OriginShield
X-JoinUs
Filters
Selected-Fe
X-Webstats-RespID
X-LJ-Flow-ID
X-Cluster
X-Akamai-Edgescape
Access-Control-Request-Headers
X-VWS-Id
X-Wormhole-Sdk
X-Rn-Rsrv
X-Vcache
X-DataDome
X-SaId
X-Origin-Date
X-AWS-Id
X-Timing-Wait
X-Proxy-Build
X-Origin-CC
X-Rewrite-Enabled
X-Reqid
X-Origin-TTL
Webcakes-Region
Webcakes-App-Version
X-Fetched-On
X-Logging-Id
X-IPLB-Request-ID
X-Labrador-Cache-Channel
X-Container-Uri
X-IPLB-Instance
WPO-Cache-Message
WPO-Cache-Status
X-Git-Commit
X-VCT
Atl-Traceid
X-Cache-Rule
X-Cache-Operation
X-Tumblr-Pixel-2
X-Drupal-Cache-Tags
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
X-Served-From
Mn-Server-Ip
X-Origin
X-Xfnlog-Site
X-Ms-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
X-R9-Blue-Green-Version
X-PHP-Host
X-RCS-CacheZone
X-Origin-Hint
TWC-Privacy
Webcakes-App-Name
X-Ms-Request-Id
TWC-Connection-Speed
X-Generation-Time
X-Provided-By
X-SRV
X-CDN-Forward
X-Proxied
Web-Mar-Node
Cache
X-Drupal-Cache-Contexts
X-Routing-Service
X-Extlb
X-Tb
X-ProxyCache-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Cache-Debug
X-Hosted-By
X-Site-Version
X-Redis-Cache
X-Httpd
X-Restarts
X-Adobe-Source
X-CMSURLCustom
X-Locale
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Cms-Context
X-Web-Node
X-Zipkin-Id
Section-Io-Id
Thinkindot-Control
X-Thinkindot-L3
X-Scope-Id
X-Cache-Status-Check
X-Cloudmap
X-Accel-Version
X-Varnish-Cache-Hits
X-Shield-Cache-Expires
X-Frame-Option
X-Forwarded-Host
X-Director
X-Browser-Name
X-Cdn-Origin
X-Format
X-Upstream-Ht
X-Geo-Region
X-Tcp-Rtt
X-Varnish-Age
X-Lambda-Id
X-Loop
X-Skip-Cache
X-S
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Upstream-Ct
X-Soup
X-Is-Mobile
Apigw-Requestid
X-Tncms
X-Is-Desktop
X-Is-Tablet
X-Is-Supported-Browser
ServedBy
X-ShopId
X-Varnish-Beresp-Grace
X-Nginx-Cache
X-ShardId
X-GeoCode
X-GeoCountry
Accept-Language
Cache-Hits
X-Shopify-Stage
X-Alternate-Cache-Key
X-Detected-As
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Host
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Xserver
X-Worker
X-Generated-By
X-Lagoon
CDN-RequestId
X-Vercel-Id
X-Vercel-Cache
X-Rocket-Nginx-Serving-Static
X-Optimistic-Header
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-RegionName
X-B3-Traceid
Node
Source
X-WP-CF-Super-Cache-Cookies-Bypass
X-Fastly-Request-Id
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Request-URI
CDN-RequestPullCode
CDN-Cache
CDN-CachedAt
CDN-RequestPullSuccess
CDN-Uid
X-Pass-Why
Fastcgi-Useragent
Protected
AMP-Access-Control-Allow-Source-Origin
Cross-Origin-Embedder-Policy
X-Vcl-Version
X-Tumblr-Pixel-3
X-App-Version
Alternate-Protocol
X-Connection-Hash
X-XRDS-Location
Expiry
LB
X-GEO
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Ratelimit-Reset
X-Cache-Server
X-Jobs
X-TA-CDN-Provider
X-Cache-Expired-At
DB-Nickname
Onion-Location
X-Server-W
Sid
CF-IPCountry
Environment
X-TT-LOGID
X-PHP-Backend
X-Fastcgi-Cache
X-Response-Served-From
X-Api-Version
Priority
Uber-Trace-Id
X-Original-Request-Id
X-LSADC-Cache
X-Proxy-Cache-Status
User-Cache-Control
X-Cache-Action
X-Cluster-Node
HostName
X-Uri
X-MP-GENERATED-AT
X-LiteSpeed-Cache-Control
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Mg-Request-UUID
X-FB-TRIP-ID
WP-Super-Cache
X-Nf-Request-Id
X-Proto
X-FC-Vary-Parameters
X-Powered-By-VTEX-Cache
X-Forwarded-Site
Surrogated-Key
Sslversion
A
X-Platform
X-Level-Front-Cache
T-Server
X-Generated-On
X-A-Dcw
X-A-Dam
X-Request-Start
X-Epic-Correlation-Id
X-Rojux
X-A-Dgt
X-A-Ccd
X-Esi-Check
Vix-Hermes-Req-Id
Server-Host
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Gen-Mode
Rendered-Blocks
Lang
Fusion-Component-Id
X-Op-Id-All
Edge-Cache
DCR-Processing-Time-Ms
Magicmarker
Fusion-Content-Id
Fusion-Content-Source
X-Node-Id
X-NMSegId
Gannett-Cam-Experience-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
DCR-Decision-By
X-Org
Origin-Agent-Cluster
Origin
X-Mvc-Supplant-Cachable
Candidate-Md5Url
X-A-Wwc
Cache-Tv-Group
NM-Fastcgi-Cache
Ngx.Var.Host
Meta-Geo-Continent
MD5-Digest
Content-Secure-Policy
X-ND-Cache
X-Origin-Expires
X-NCache
Req-ID
X-A
X-Bl-Debug
X-UA-Device-Type
X-Block-Status
X-D
X-Cache-Id
X-Hnp-Log
X-TIM-N
X-SB
X-Bc-Bl
X-SRCache-Key
X-BCube-Filmed-By
X-Bip
X-Test
X-Cache-NE
X-Gzip
X-Content-Age
X-Conf
X-VTEX-Cache-Server
X-Viewer-Country
X-GeoIP-City
X-Clientip
X-VTEX-Cache-Time
X-Varnish-Hostname
X-Vtex-Remote-Cache
X-Vdms-Path
X-Vdms-Version
X-DC
X-GeoIP
X-Thanos
X-Developer
X-Jungle-Id
X-Ec-GeoHdr
X-Dispatcher-Server
X-Device-Os
X-Ig-Origin-Region
X-Ec-Fail
X-Aed
X-ScT
X-Tx-Id
X-NGINX-Cache
X-Origin-Response-Time
X-URL
Mail-Subject
X-GeoIP-Region-Code
X-App-Name
We-Hiring
X-Cache-Info
X-Core-Value
X-Cdn-Srv
X-Nginx-Cache-Key
X-ApacheServer
X-Amz-Storage-Class
X-AK-Request-ID
X-Edge-Server
X-CGP
HA-Ipaddr
L5d-Success-Class
X-Csrf-Jwt
Host-ID
X-GeoIP-Country-Code
X-Mvc-Supplant-OutputCached
Ssr
X-Geo-Header
Sever-Int
Server-Hostname
Server-Ext
Ha-Gx-Prefs
X-Fmm-Version
X-HS-Content-Campaign-Id
X-Debug-Cache-Fetch
X-Gdpr
X-Debug-Cache-Store
X-Backend-Instance
X-Fastly-Cache
Release
X-Eu-Site
Origin-CC
X-Cache-Bucket
X-Loc
X-HN
Origin-EX
PFcat
X-Auto-Login
Powered-By
X-Auth-Group-Type
W
X-CUA
Cdn-Request-Time
X-Varnish-Director
X-VarnishDD-TTL
X-Var-Ttl
X-PERF
AKAMAI
Fastly-SSL
C-Via
X-WA-Info
X-Via-Fastly
Cache-Provider
X-VG-WebCache
X-Newrelic-Synthetics
X-V-Cache
X-Req
X-Render-Time
X-SD-PageType
X-Request-Time
X-Scheme
X-Region-Sid
X-Zone
X-Service
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-ECache
Canary
X-Varnishpool
X-Nyt-Route
Content-Style-Type
Fastly-Backend-Name
X-Origin-Time
Esi-Enabled
X-Pubstack
DSUID
Yak-Timeinfo
XM
X-Policy
Content-Script-Type
Cdn-Host
CDCHOST
Cdncip
X-From
Cdnsip
X-PAYTM-SRV-ID
X-B3-Trace-ID
X-Sn-Servicetimems
X-Human
X-Ec-Custom-Error
X-Varnish-Beresp-Status
X-Fastly-Backend
X-Ad-Load-Variation
X-Aicache-OS
X-Ig-Push-State
X-Section
X-Server-IP
X-Cache-Aspx
X-CacheTTL
X-Hash
X-Cache-TTL-Remaining
X-GoCache-CacheStatus
X-Wikidot-Static-Cache
X-We-Are-Hiring
X-Contensis-Viewer-Groups
X-VG-TLSProxy
X-Dc
X-Varnish-Authentication
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Cache-Backend
Gh-Request-Id
X-DPWN-IS-SECURE
X-BBC-Edge-Cache-Status
X-Acquia-Purge-Cdn-Unconfigured
RNT-Machine
X-Access
X-Mly-Id
Req-Svc-Chain
Cache-Key
X-Micro-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Men
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Redirect-Candidate
Producers
Machine
Country-Code
L
Is-Eu
Fastly-GeoIP-CountryCode
Cluster
Click-Count-Error
Pramga
Platform
On-Server
Click-Count-Action-Start
Adler-Geo
RNT-Time
X-Proxied-Request
Tube-Return
Tube-Got-Results
V-Age
X-Pool
X-Varnish-Beresp-Ttl
X-Request-Host
Tube-Got-Eval
Web-Mar-Region
X-Location
Tube-Get-Contents
True-Client-Country-4JS
X-AIR-PT
X-Accel-Expires-Debug
X-Date
X-Tt-Logid
NGX
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Up
Proxy-Firewall
Cdn-Requestid
Odigeo-Trace-Id
X-Cs
Datacenter
X-LB-ID
Debug
X-Varnish-Hits
X-COUNTRY
X-Custom-Header
X-NodeID
X-Ismobilevalue
X-Akamai-Transformed
X-Nananana
X-ID
X-CACHE-GROUP
Locid
X-Refresh
X-Pad
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-HA-Backend
X-DefElseHash
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-DefHash
X-Amz-Meta-Cb-Modifiedtime
X-Datadome
X-LiteSpeed-Tag
X-Platform-Processor
X-Platform-Cluster
X-Client-Ip
X-Platform-Router
SID
Mime-Version
Fastly-Drupal-HTML
X-M-Log
X-Depends
Pics-Label
X-M-Reqid
X-VHOST
CloudFront-Viewer-Country
X-VC-TTL
X-Servedbyhost
Ngx-Var-Key
GeoIP-Latitude
X-Old-Content-Length
X-Cached-By
X-Cache-FS-Status
X-Parent-Response-Time
X-Moov-T
X-CACHE-AGE
X-Moov-Xdn-Version
X-TH-Server
X-LB-NoCache
Fastly-Drupal-Html
X-B3-Parentspanid
X-CDN-Cache-Status
Cross-Origin-Embedder-Policy-Report-Only
X-DynaTrace-JS-Agent
X-TIME
GeoIp-Country-Code
Resin-Trace
Cf-Ipcountry
X-CS
Server-Info
Server-ID
NtCoent-Length
Cdn
X-Presslabs-Stats
X-B-Cookie
X-External-Request-Id
X-VCache
X-Destination
Cf-Device-Type
X-User
X-Vgn-Hpd-Reason
X-Wa
X-Nc
X-S-Cookie
X-Application
BehaviorPad-Version
Uri
X-Litespeed-Tag
X-TX-ID
X-NewRelic-App-Data
X-ZONE
X-APP
FSS-Cache
X-Zen-Fury
True-Client-IP
X-Route-Name
CDN
X-Providence-Cookie
X-Flags
X-Varnish-Beresp-TTL
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Rocket-Build-Number
X-Esi
X-Cache-Date
X-IAuth-Set-Uid
X-Fpc
X-Sigma
X-Sigma-Backend
X-Instance-Name
X-HostName
X-Srv
X-DynaTrace
Srv
X-API-Version
True-Client-Ip
X-Vc
X-Content-Length
X-VServer
X-Segment-20210421
Load-Balancing
Tcn
X-Dynatrace-Js-Agent
X-HITS
X-Branch-Name
X-Oracle-DMS-ECID
X-Page-View
X-HOST
S-Rt
X-FPC
X-WA
X-Cdn-Forward
GeoIP-Country-Code
X-NC
Serverhost
X-APP-VERSION
Ohc-File-Size
X-CLOUD-TRACE-CONTEXT
Request-ID
X-Cdn-Cache-Status
X-Dispatch
X-Dispatcher-Number
X-DataCenter
Hostname
Type
Product
Server-Id
Vc-Max-Age
X-Http-Reason
X-B3-Spanid
X-Sql-Duration-Ms
X-Sql-Count
X-RequestId
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-Irp-Debug
Geoip-Latitude
X-Lb-Nocache
Srvid
Cl-Cache
X-Geo
ServerName
X-ServedByHost
Cloudfront-Viewer-Country
X-Ckpd-Fst-Backend
X-Bug-Bounty
WZWS-RAY
X-Via-Edge
X-SIPLIST1
X-CSRF-TOKEN
X-Via-SSL
X-Via-CDN
DataCenter
X-Owner
IsBot
Edge-Copy-Time
X-VCL-Version
CacheControlHeader
X-Core-Mission
MIME-Version
PICS-Label
Epwk-X-Cache
Cross-Origin-Opener-Policy-Report-Only
X-Proxy-CacheRZ
Origin-Trial
Ohc-Cache-HIT
XkeyRZ
X-Cache-Ttl
X-Hit
Lb
X-Qloud-Router
N-Cache
X-Via-PopV
X-Via-PopN
ServerHost
X-Ua
X-Via-PopH
X-App
X-Ha-Backend
CountryCode
X-Correlation-ID
X-Srcache-Fetch-Status
Rtss
X-Srcache-Store-Status
X-Lb-Id
X-MSEdge-Flight
X-MiniProfiler-Ids
X-Fastly-Country-Code
X-Amz-Meta-Opti
X-MSEdge-Features
X-Datacenter
X-Acquia-Application-UUID
X-Web-Server
Sm-Log-Id
X-Service-Response-Time
Warning
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Sqd-Stime
X-Acquia-Site
X-Sqd-Ctime
X-LAGOON
Servedby
Cneonction
X-IN-APIGATEWAYSSL
User-Agent
X-IN-APIGATEWAY
X-Forwarded-Path
X-Amz-Meta-S3b-Last-Modified
X-Limited
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Vmg-Version
X-Dw-Trace-Id
X-Orig-Expires
X-Requestid
X-Proxy-Cache-La3
X-Akamai-Pragma-Client-IP
X-RAMCache
Akamai-Cache-Status
X-Shop-Environment
Xkey-La3
Xkeylog
X-Tenant
Expect-Staple
X-Check-Cacheable
X-Cache-Type
X-Cdn-Request-ID
X-CF-Lambda-Fn
Ngx
X-Snapshot-Date
X-Serial
X-Th-Server
X-Ramcache
X-CF-Lambda-Version