Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Accept-CH
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Runtime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Generator
X-Ua-Compatible
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Request-ID
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
Permissions-Policy
Host-Header
X-Via
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Proxy-Cache
X-Server
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Backend-Server
X-Server-Id
Cf-Railgun
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Litespeed-Cache
X-Node
Request-Id
X-Country
X-Nginx-Cache-Status
Content-Location
X-Application-Context
X-Cloud-Trace-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
X-ASPNET-VERSION
Service-Worker-Allowed
X-Content-Type
X-Url
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-Vname
X-TtlSet
X-Rack-Cache
X-PC
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
AR-ATIME
AR-SID
AR-Request-ID
AR-PoweredBy
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
Accept-Ch
X-ESI
X-D2id
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
Edge-Control
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
Verso
X-CST
X-FTR-Request-ID
AR-CACHE
X-MS-InvokeApp
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Upstream
Fastly-Restarts
X-Navigation-Version
X-B3-TraceId
SPRequestDuration
SPIisLatency
X-Webkit-Csp
X-Mod-Pagespeed
X-ECACHE
X-Amz-Rid
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-FastCGI-Cache
X-ARC
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
X-Amzn-Trace-Id
X-Oneagent-Js-Injection
Edge-Cache-Tag
Cache-Status
S
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
RTSS
X-Forwarded-For
Realpath
X-Cache-Key
X-T
Cross-Origin-Resource-Policy
X-Content-Digest
Fastcgi-Cache
X-Cached
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ratelimit-Remaining
X-NF-Request-ID
X-MSEdge-Ref
X-TTL
X-Shield-Request-Id
X-RateLimit-Remaining
X-TraceId
MicrosoftSharePointTeamServices
X-PressLabs-Stats
Front-End-Https
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Request-Processing-Time
X-Ua-Browser
X-Request-Received
X-HS-Cache-Config
X-HS-Content-Id
X-LLID
TP-Cache
X-HS-Hub-Id
Payment
X-Fastly-Request-ID
Server-Node
X-Frontend
Public-Key-Pins
Count-Hit
X-Protected-By
X-Ruxit-Js-Agent
X-Newrelic-App-Data
MS-Author-Via
X-GUploader-UploadID
X-LB-Cache
X-HS-Combine-CSS
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Surrogate-Key
Content-MD5
X-Distributor
X-Origin-Server
X-Server-ID
X-Ezoic-Cdn
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-TTL
X-NODE
X-ORACLE-DMS-ECID
X-Ttl
X-Microsite
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Www-Served-By
X-B3-TraceId-Primal
X-Az
Accept-Charset
MRF-Tech
X-App-Server
X-AppVersion
X-Activity-Id
Mrf-Cache-Status
X-Amz-Meta-S3cmd-Attrs
X-Cluster-Name
X-Varnish-Server
Cleartype
Host
Retry-After
X-Varnish-Backend
Cache-Tags
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
Filterid
X-Country-Code-Real
X-Goog-Metageneration
X-Hits
X-Unique-Id
X-Ua-Device
X-Debug
X-Varnish-Ttl
X-FTR-Expires
X-Git-Hash
Access-Control-Allow-Method
Server-Name
X-Logged-In
X-Load-Cache
X-Id
X-Aspnet-Version
X-Upgrade-Enabled
X-Azure-Ref
X-Envoy-Decorator-Operation
X-FB-Debug
X-Nf-Request-Id
X-NGENIX-Cache
X-CSRF-Token
X-Geo-Country
X-Amz-Apigw-Id
X-Amzn-RequestId
TCN
X-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
Section-Io-Cache
X-B
X-TT
X-Proxy
Viewport
X-Seen-By
X-Cache-Control
DC
X-Grace
X-Revision
X-Request-Guid
X-Type
X-Contextid
Healthy
X-Trace-Id
X-B3-Sampled
TP-L2-Cache
X-XRDS-LOCATION
X-Fb-Rlafr
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Fastly-SIE
Fastly-SWR
X-Time
X-Ratelimit-Reset
X-N
Content-Disposition
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-F-Cache
X-Mobile
Paypal-Debug-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Varnish-Grace
X-Amz-Replication-Status
X-Magnolia-Registration
Referer-Policy
X-Via-JSL
X-Origin-Cache
X-DIS-Request-ID
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Webkit-CSP
X-Page-Id
X-Debug-Info
X-Ismobilevalue
X-Wormhole-Sdk
Version
X-Px
X-ProcessESI
X-RemovedCookies
X-Datadog-Parent-Id
X-G
X-Datadog-Sampling-Priority
X-UUID
X-Datadog-Trace-Id
X-Fastly-Request-Id
X-Source
X-Tumblr-User
X-Tumblr-Pixel
X-Rule
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-App-Environment
X-Adobe-Loc
X-Oracle-Dms-Ecid
X-Adobe-Content
X-Content-Options
X-Debug-IsConnected
X-ECache
X-Debug-IsPreview
X-Node-Name
X-RTag
X-Yottaa-Metrics
X-Yottaa-Optimizations
MS-CV
Ms-Operation-Id
Cross-Origin-Window-Policy
VIX-Pulpo-Node
X-Datadog-Sampled
X-Hl-Ver
X-Storage
VIX-Pulpo-Upstream-Status
SD-X-WS
NGB
X-Template
X-Proxy-Cache-Info
X-Rendered-As
X-User-Agent
X-Wix-Request-Id
X-NYM-Debug-Backend
X-Is-Bot
X-Backend-Name
X-Cacheable-TTL
X-Device-Type
X-Instance
X-Whom
X-Region
X-L-Path
X-FW-Version
X-FW-Dynamic
X-Cache-Age
GEO-INFO
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Serve
Country
X-FW-Server
X-ServerID
X-Environment-Context
X-Status
X-B-Cache
X-Signature
Countrycode
X-RM-Cache-TTL
Front
Charset
X-IPS-LoggedIn
Akamai-GRN
ServerID
X-Framework
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Active
X-Real-IP
X-Rid
Amp-Access-Control-Allow-Source-Origin
X-Cache-Grace
X-AB
X-B3-SpanId
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-WebKit-CSP-Report-Only
X-Language
SRV
X-Content-Powered-By
X-Akamai-Request-ID2
X-Cache-Hit
X-Api-Version
X-Air-Pt
X-Oracle-Dms-Rid
X-VC
Accept-Language
OT-Force-Account-Verify
X-DataDome
X-Air-Hostname
X-Air-Trace-Id
X-UA
X-Servername
X-Air-Source
X-RID
X-Sucuri-Cache
X-Mode
Backend
From-Origin
X-Sucuri-ID
X-VC-Cache
Xet-Cookie
Webserver
X-Cache-Status-Check
X-SRV
Access-Control-Request-Headers
LB
Refresh
X-HTML-Minification-Powered-By
X-Xrds-Location
X-URL
X-Mg-Request-UUID
X-Handled-By
Upgrade-Insecure-Requests
X-CLOUD-TRACE-CONTEXT
X-Rewrite-Enabled
X-Container-Uri
X-UPSTREAM-Address
X-JoinUs
Meta-Geo
Filters
X-Git-Commit
X-Rn-Rsrv
X-Fastcgi-Cache
X-Cache-Time
X-SaId
X-Vcl-Version
X-Tumblr-Pixel-2
X-Origin-Date
X-Adobe-Source
X-Varnish-Age
X-PHP-Host
X-Request-URI
X-Cms-Context
X-Generated-By
X-R9-Blue-Green-Version
X-Hosted-By
X-S
X-Labrador-Cache-Channel
X-Webstats-RespID
X-Provided-By
X-RCS-CacheZone
X-No-Session
Section-Io-Id
Property-Id
X-ProxyCache-Key
X-ProxyCache-Status
X-Reqid
Apigw-Requestid
X-Lambda-Id
X-Locale
X-Loop
ServedBy
X-Logging-Id
X-Restarts
X-Redis-Cache
Webcakes-App-Version
X-Fetched-On
X-Forwarded-Host
X-Origin-Hint
X-Cache-Host
X-Cache-Debug
X-Geo-Region
X-Httpd
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-BYPASS-REASON
X-Browser-Name
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Webcakes-App-Name
Webcakes-Region
X-Alternate-Cache-Key
X-Akamai-Edgescape
X-Accel-Version
X-Scope-Id
TWC-Connection-Speed
Atl-Traceid
X-Web-Node
X-Tcp-Rtt
X-Skip-Cache
X-Site-Version
X-Tncms
X-Tb
X-Shopify-Stage
Xserver
X-Storefront-Renderer-Rendered
X-Served-From
X-Proxy-Build
Cache
Web-Mar-Node
X-Varnish-Cache-Hits
Selected-Fe
Mn-Server-Ip
X-Cluster
X-Format
X-IPLB-Request-ID
X-Soup
X-Xfnlog-Site
X-Origin
X-IPLB-Instance
X-Frame-Option
X-Detected-As
X-Director
X-Upstream-Ct
X-Timing-Wait
Url
X-Varnish-Beresp-Grace
X-Say-TTL
X-Say-Cacheable
Onion-Location
X-Tt-Logid
X-SayCDN-TTL
X-Upstream-Ht
X-VCT
X-AWS-Id
X-Extlb
X-Vcache
X-VWS-Id
X-Zipkin-Id
Expiry
X-Routing-Service
X-Cloudmap
X-ShopId
X-ShardId
X-LJ-Flow-ID
X-Proxied
X-Connection-Hash
X-RateLimit-Limit
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Optimistic-Header
X-Cache-Operation
X-Cache-Rule
X-Cache-Expired-At
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache
Priority
X-INCAP-ABP
X-Lagoon
X-Endurance-Cache-Level
X-Edge-Location
Frame-Options
X-WP-CF-Super-Cache-Cookies-Bypass
WPO-Cache-Message
WPO-Cache-Status
X-GeoCountry
X-GeoCode
Protected
X-Aws-Lambda-Call-Status
Environment
X-Azure-Ref-OriginShield
Source
X-Cache-Action
X-Proxy-Cache-Status
X-Cdn-Origin
CF-IPCountry
Fastcgi-Useragent
X-CDN-Forward
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Generation-Time
TDXMobile
X-Shield-Cache-Expires
X-Thinkindot-L3
Thinkindot-CacheControl
Uber-Trace-Id
X-CMSURLCustom
X-Drupal-Cache-Contexts
X-PHP-Backend
X-Origin-TTL
X-Drupal-Cache-Tags
X-Origin-CC
X-Cluster-Node
Sid
Cdn-Requestid
X-GEO
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Pass-Why
AMP-Access-Control-Allow-Source-Origin
X-Worker
X-Rocket-Nginx-Serving-Static
X-ID
X-FB-TRIP-ID
Azure-Version
Azure-InstanceId
Azure-RegionName
Cache-Tv-Group
X-Buckets
Azure-SiteName
Azure-SlotName
X-App-Version
X-Auth-Group-Type
X-Aspnetmvc-Version
Node
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullSuccess
CDN-CachedAt
CDN-Cache
CDN-RequestPullCode
X-XRDS-Location
X-Vercel-Id
X-Vercel-Cache
Cache-Hits
X-Server-W
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-3
X-Pad
X-B3-Traceid
X-Dc
X-NGINX-Cache
Alternate-Protocol
X-LiteSpeed-Cache-Control
X-A
X-Cache-Server
X-LSADC-Cache
Content-Secure-Policy
X-Bl-Debug
X-ND-Cache
X-Gzip
X-Custom-Header
X-Aed
X-Origin-Expires
DCR-Processing-Time-Ms
X-Ig-Origin-Region
X-Bc-Bl
X-Cache-Id
X-BCube-Filmed-By
DB-Nickname
X-Service
X-Level-Front-Cache
X-Ig-Push-State
DCR-Decision-By
X-Generated-On
X-Developer
X-Dispatcher-Server
A
Candidate-Md5Url
X-DefHash
X-DefElseHash
X-D
X-Core-Value
X-Content-Age
X-Ec-Fail
X-Ec-GeoHdr
Cdn-Host
Cdn-Request-Time
Gannett-Cam-Experience-Id
X-Cache-NE
X-Conf
X-Fastly-Backend
X-Edge-Server
X-Epic-Correlation-Id
X-Esi-Check
X-GeoIP-City
X-Org
Surrogated-Key
X-ScT
MD5-Digest
Origin-Agent-Cluster
Magicmarker
X-Varnish-Remaining-TTL
X-Rojux
Meta-Geo-Continent
X-Varnish-CookieINHashed-On
Ngx.Var.Host
X-TIM-N
Odigeo-Trace-Id
T-Server
X-SRCache-Key
X-Varnish-CookieHashed-On
X-V-Cache
X-Req
Lang
X-Viewer-Country
X-A-Ccd
Rendered-Blocks
X-A-Dgt
X-Vtex-Remote-Cache
X-A-Dcw
X-A-Dam
X-Via-Fastly
X-Vdms-Version
Sslversion
X-TA-CDN-Provider
X-A-Wwc
X-Client-Ip
User-Cache-Control
Mime-Version
True-Client-Country-4JS
RNT-Time
X-Clientip
Server-Host
Ssr
RNT-Machine
Req-ID
X-Block-Status
X-B3-Trace-ID
X-Backend-Instance
Wxu-Next-Region
Wxu-Next-Hostname
X-App-Name
X-Amz-Storage-Class
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-AK-Request-ID
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Cache-Info
Tube-Got-Eval
Tube-Get-Contents
X-Cache-TTL-Remaining
Tube-Got-Results
X-Cache-FS-Status
V-Age
Tube-Return
X-Bip
X-CacheTTL
X-Geo-Header
X-Request-Time
XM
X-SB
X-Scheme
X-Server-IP
X-SD-PageType
Server-Info
X-Region-Sid
X-Powered-By-VTEX-Cache
X-Policy
X-Proto
X-Pubstack
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-VG-WebCache
X-VG-TLSProxy
X-Wikidot-Static-Cache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Backend
X-VarnishDD-TTL
X-Varnish-Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Test
X-Thanos
X-Varnish-Director
X-UA-Device-Type
X-Platform
X-PAYTM-SRV-ID
X-GeoIP-Country-Code
X-GeoIP
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-HN
Producers
X-Gen-Mode
X-Gdpr
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Fastly-Cache
X-FC-Vary-Parameters
X-Forwarded-Site
X-Fmm-Version
X-Hnp-Log
X-HS-Content-Campaign-Id
X-NodeID
X-Node-Id
X-Nyt-Route
X-Op-Id-All
X-Origin-Time
X-Origin-Response-Time
X-NMSegId
X-Mvc-Supplant-Cachable
X-Loc
X-Jobs
X-Men
X-Micro-Cache
X-Mly-Id
X-Debug-Cache-Fetch
X-Cache-Bucket
Cdncip
Fastly-SSL
Fastly-Backend-Name
Cache-Provider
Host-ID
Adler-Geo
NM-Fastcgi-Cache
Is-Eu
PFcat
Esi-Enabled
Content-Script-Type
Content-Style-Type
Country-Code
Edge-Cache
Click-Count-Error
Cdnsip
Platform
Click-Count-Action-Start
AKAMAI
X-Cs
HostName
X-Human
X-Request-Host
X-Nginx-Cache-Key
X-Hash
Proxy-Firewall
X-CGP
X-Cdn-Srv
X-We-Are-Hiring
Yak-Timeinfo
X-Tx-Id
X-Section
BehaviorPad-Version
X-Mvc-Supplant-OutputCached
X-Location
X-Cache-Aspx
Cluster
CDCHOST
Apple-News-Services-Request-Url
X-Date
X-BBC-Edge-Cache-Status
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Depends
Apple-News-Services-Handled
C-Via
Cache-Key
X-Eu-Site
Canary
X-Contensis-Viewer-Groups
X-Csrf-Jwt
X-CUA
X-Proxied-Request
X-Pool
X-Ec-Custom-Error
X-Request-Start
Machine
L5d-Success-Class
Mail-Subject
NGX
X-Var-Ttl
W
We-Hiring
Ha-Gx-Prefs
HA-Ipaddr
L
Web-Mar-Region
On-Server
Origin-CC
Req-Svc-Chain
Powered-By
Pramga
Release
X-Varnish-Beresp-Status
Server-Ext
Origin-EX
Sever-Int
X-Varnish-Authentication
Server-Hostname
Gh-Request-Id
Origin
X-Varnishpool
DSUID
X-Slack-Shared-Secret-Outcome
X-Auto-Login
Fastly-GeoIP-CountryCode
X-Slack-Backend
X-Accel-Expires-Debug
X-Access
X-HITS
X-DC
Debug
X-AIR-PT
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
CDN-RequestId
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Deployment-Id
X-Varnish-Hits
X-Ad-Load-Variation
X-WA-Info
Fusion-Source
X-MP-GENERATED-AT
X-LB-ID
Redirect-Candidate
X-APP
X-LiteSpeed-Tag
X-Via-Popn
X-Via-Poph
X-HA-Backend
X-Via-Popv
X-Zone
X-Device-Os
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Content-Length
GeoIP-Latitude
X-RateLimit-Reset
X-Up
X-Refresh
X-NCache
X-From
X-Nananana
X-B3-Parentspanid
Pics-Label
Fastly-Drupal-Html
X-VHOST
X-Parent-Response-Time
SID
Vc-Max-Age
Fastly-Drupal-HTML
X-CACHE-AGE
X-Akamai-Transformed
X-Dispatcher-Number
X-Jungle-Id
X-Cache-Backend
CloudFront-Viewer-Country
X-CDN-Cache-Status
X-Vdms-Path
X-Servedbyhost
Product
X-DynaTrace-JS-Agent
X-RequestId
X-ZONE
X-Cached-By
X-Datadome
X-LB-NoCache
Resin-Trace
X-Nc
X-CACHE-KEY
X-Litespeed-Tag
GeoIp-Country-Code
X-Uri
X-Ckpd-Fst-Backend
S-Rt
WP-Super-Cache
X-Varnish-Beresp-TTL
X-Render-Time
X-M-Reqid
X-ApacheServer
X-Amz-Meta-Cb-Modifiedtime
X-VC-TTL
Datacenter
X-Bug-Bounty
X-Wa
X-PERF
Server-ID
X-M-Log
X-TX-ID
X-TT-LOGID
X-IAuth-Set-Uid
X-B3-Spanid
X-CS
ServerName
Cdn
NtCoent-Length
Uri
X-Origin-Cache-Key
X-HubSpot-Correlation-Id
True-Client-IP
FSS-Cache
Srv
Locid
X-Esi
X-Fpc
X-SERVER-NAME
X-HostName
X-Nf-Country
X-Nf-Language
X-Vmg-Version
Serverhost
ServerHost
X-Nf-Ats-Version
X-FPC
True-Client-Ip
CDN
X-APP-VERSION
X-VCache
X-Akamai-Device-Characteristics
X-WA
X-Cdn-Forward
X-Gamma-Serve
X-Info
Tcn
User-Agent
X-Srv
X-TIME
GeoIP-Country-Code
X-Dynatrace-Js-Agent
Xc-Version
X-Old-Content-Length
Server-Id
X-NewRelic-App-Data
X-Hit
Request-ID
X-Vc
X-NC
Ngx-Var-Key
CacheControlHeader
X-Response-Served-From
X-Cdn-Cache-Status
Expect-Staple
X-Original-Request-Id
X-Moov-Xdn-Version
X-Lb-Nocache
X-Moov-T
X-Amz-Meta-Opti
X-V
X-Vgn-Hpd-Reason
Hostname
X-COUNTRY
X-TH-Server
X-FL-QIT-DEBUG
X-Webkit-Csp-Report-Only
Srvid
Cloudfront-Viewer-Country
X-ServedByHost
X-Presslabs-Stats
Cf-Ipcountry
X-Eligible
X-Dispatch
X-New
X-Platform-Server
X-Rollout
WZWS-RAY
PICS-Label
X-Limited
X-Geo
N-Cache
Cneonction
Permission-Policy
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Proxy-CacheRZ
XkeyRZ
Geoip-Latitude
Cf-Device-Type
X-Oracle-DMS-ECID
X-VCL-Version
X-Destination
X-Via-PopN
X-Via-PopV
X-Internal-TTL
X-Ha-Backend
X-Via-PopH
Origin-Trial
X-User
X-B-Cookie
Cross-Origin-Embedder-Policy-Report-Only
X-Application
X-External-Request-Id
X-ElasticPress-Query
X-S-Cookie
X-Ftr-Request-Id
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
Cl-Cache
Ohc-File-Size
X-Correlation-ID
X-EC-Lua
X-Zen-Fury
X-Path
X-Ua
X-App
X-Akamai-Pragma-Client-IP
Rtss
X-Sqd-Ctime
X-Sqd-Stime
X-MSEdge-Flight
X-SIPLIST1
X-Lb-Id
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
Epwk-X-Cache
X-MSEdge-Features
X-Cache-Date
X-Instance-Name
IsBot
X-Serial
X-MiniProfiler-Ids
X-Check-Cacheable
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
Pragrma
Timeexpire
X-Via-Edge
X-Fastly-Cache-Hits
Edge-Copy-Time
X-Via-SSL
X-Irp-Debug
X-DynaTrace
X-Via-CDN
X-Cdn-Request-ID
X-Datacenter
X-Acquia-Site
Sm-Log-Id
X-Segment-20210421
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Service-Response-Time
X-Web-Server
X-Acquia-Application-Trace
X-Branch-Name
X-VServer
Cmstype
X-API-Version
Cmsid
Servername
X-LAGOON
X-Litespeed-Cache-Control
CountryCode
X-CSRF-TOKEN
Warning
X-RAMCache
X-Th-Server
Ngx
X-Ramcache
X-Snapshot-Date
X-Amz-Meta-Sha256
X-Origin-Upstream-Status
X-IN-APIGATEWAYSSL
Ohc-Cache-HIT
X-Shardid
X-Sorting-Hat-Podid
X-Shopid
X-IN-APIGATEWAY
Wpo-Cache-Message
X-Sorting-Hat-Shopid
X-Amz-Meta-S3b-Last-Modified
X-Udemy-Cache-App-Namespace
X-Fastly-Backend-Reqs
Wpo-Cache-Status
X-Dw-Trace-Id
Fl-Custom-Application