Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
X-Cache-Group
Request-Context
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
EagleEye-TraceId
X-WebKit-CSP
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Country
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
Nginx-Cache
X-CST
X-Server-Name
X-Powered-By-Plesk
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Cnection
X-ESI
Accept-Ch
X-Cache-TTL
X-GitHub-Request-Id
Edge-Control
X-D2id
X-Element-Page-Cache
X-Ac
Verso
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-MS-InvokeApp
X-Webkit-Csp
X-Ser
AR-CACHE
X-Upstream
X-Abt-Application-Version
X-ECACHE
X-B3-TraceId
X-Vcap-Request-Id
X-FastCGI-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
Fastly-Restarts
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Client-IP
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Limit
X-PDP-UNCACHING-HASH
X-Goog-Hash
X-ARC
X-Mg-S
X-Powered-CMS
Edge-Cache-Tag
S
X-NF-Request-ID
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
Response
X-Middleton-Response
RTSS
X-TraceId
X-Ratelimit-Remaining
Realpath
X-Forwarded-For
X-Fastly-Request-ID
X-Content-Digest
X-Cache-Key
X-T
X-Varnish-TTL
Cross-Origin-Resource-Policy
X-Correlation-Id
X-Recruiting
X-Ruxit-Js-Agent
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-TTL
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
MicrosoftSharePointTeamServices
Content-MD5
X-RateLimit-Remaining
MS-Author-Via
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
Payment
Server-Node
X-Forwarded-Proto
X-LLID
TP-Cache
Arr-Disable-Session-Affinity
Public-Key-Pins
X-Frontend
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Count-Hit
X-FTR-Expires
X-HS-Combine-CSS
X-PressLabs-Stats
X-Accel-Expires
X-Distributor
X-GUploader-UploadID
X-TEC-API-VERSION
X-LB-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Origin-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Server-ID
X-HP-Trace-Id
X-HP-Webp
X-NODE
X-Jurisdiction
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-Ttl
X-Www-Served-By
X-Az
X-B3-TraceId-Primal
Host
Mrf-Cache-Status
X-Activity-Id
X-AppVersion
MRF-Tech
X-Varnish-Server
X-Content-Security-Policy-Report-Only
Accept-Charset
X-Cluster-Name
X-Varnish-Backend
Cache-Tags
X-App-Server
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Newrelic-App-Data
Retry-After
X-Ua-Device
X-ORACLE-DMS-ECID
Server-Name
X-Goog-Metageneration
Filterid
X-Unique-Id
X-Git-Hash
Access-Control-Allow-Method
X-Hits
X-Debug
X-Envoy-Decorator-Operation
X-Upgrade-Enabled
X-Id
Surrogate-Key
X-NGENIX-Cache
X-Hostname
X-CSRF-Token
X-Geo-Country
X-Azure-Ref
X-Load-Cache
X-Logged-In
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
TCN
TP-L2-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Apigw-Id
X-Amzn-RequestId
X-FB-Debug
X-Proxy
X-Seen-By
X-Grace
X-B
Section-Io-Cache
X-TT
X-Aws-Lambda-Call-Status
X-CCDN-Origin-Time
X-Cache-Control
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Trace-Id
DC
X-Revision
X-Request-Guid
X-Contextid
X-F-Cache
Healthy
X-B3-Sampled
Referer-Policy
X-Type
Viewport
X-Time
X-Fb-Rlafr
X-N
X-Mobile
X-XRDS-LOCATION
Fastly-SIE
X-Goog-Stored-Content-Length
X-Goog-Generation
Fastly-SWR
Paypal-Debug-Id
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-DIS-Request-ID
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Content-Disposition
X-Page-Id
X-Debug-Info
X-Varnish-Grace
X-Px
X-Via-JSL
X-Origin-Cache
X-Oracle-Dms-Ecid
X-Magnolia-Registration
X-Webkit-CSP
X-Whom
X-Amz-Replication-Status
Version
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Content-Options
Charset
X-ProcessESI
X-G
X-RemovedCookies
X-Template
X-Wix-Request-Id
X-App-Environment
X-Adobe-Loc
X-Adobe-Content
X-Rule
X-Tumblr-Pixel
X-UUID
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Tumblr-Pixel-1
X-Tumblr-User
Ms-Operation-Id
MS-CV
X-Ratelimit-Reset
X-Storage
NGB
VIX-Pulpo-Node
X-RTag
VIX-Pulpo-Upstream-Status
X-Hl-Ver
X-Yottaa-Optimizations
X-Yottaa-Metrics
SD-X-WS
X-Source
X-FW-Static
X-Device-Type
X-Environment-Context
X-Datadog-Sampled
X-B-Cache
X-Backend-Name
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-Instance
X-FW-Server
X-FW-Serve
X-FW-Version
X-Node-Name
X-NYM-Debug-Backend
X-Signature
X-Rendered-As
X-Varnish-Ttl
X-Cacheable-TTL
X-Is-Bot
X-L-Path
X-Region
X-Cache-Grace
GEO-INFO
X-User-Agent
X-Wormhole-Sdk
X-ServerID
X-Proxy-Cache-Info
X-Status
Country
X-Rid
ServerID
X-IPS-LoggedIn
X-Real-IP
Cross-Origin-Window-Policy
Countrycode
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
X-Cache-Hit
X-Cache-Age
X-WP-CF-Super-Cache-Active
Akamai-GRN
X-RM-Cache-TTL
X-Amzn-Remapped-Content-Length
Amp-Access-Control-Allow-Source-Origin
SRV
Liferay-Portal
Front
X-Language
X-Framework
X-B3-SpanId
X-Air-Pt
X-Sucuri-ID
OT-Force-Account-Verify
X-Sucuri-Cache
X-AB
X-WebKit-CSP-Report-Only
X-UA
X-Content-Powered-By
X-Servername
X-Oracle-Dms-Rid
X-Akamai-Request-ID2
X-VC-Cache
X-Ismobilevalue
X-Nf-Request-Id
From-Origin
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
Xet-Cookie
X-Mode
Backend
X-VC
Upgrade-Insecure-Requests
X-DataDome
X-Cache-Time
Refresh
X-URL
X-Xrds-Location
X-Handled-By
X-SRV
X-Api-Version
Access-Control-Request-Headers
Accept-Language
X-HTML-Minification-Powered-By
Webserver
X-Rewrite-Enabled
X-Xfnlog-Site
X-UPSTREAM-Address
X-Cache-Status-Check
LB
X-JoinUs
X-RID
X-RCS-CacheZone
Meta-Geo
X-SaId
Filters
X-Rn-Rsrv
X-S
X-AWS-Id
X-Container-Uri
X-Git-Commit
X-Generated-By
X-No-Session
X-Cluster
X-Cache-Rule
X-Tumblr-Pixel-2
X-Endurance-Cache-Level
Webcakes-Region
X-R9-Blue-Green-Version
Webcakes-App-Version
X-Cache-Operation
X-LJ-Flow-ID
Webcakes-App-Name
X-Adobe-Source
Cache
X-Cms-Context
TWC-GeoIP-Country
X-Origin-Date
TWC-GeoIP-LatLong
TWC-Device-Class
X-Reqid
X-INCAP-ABP
ServedBy
TWC-Connection-Speed
X-Provided-By
X-Webstats-RespID
X-Labrador-Cache-Channel
X-Origin-Hint
X-VWS-Id
X-PHP-Host
TWC-Locale-Group
Property-Id
TWC-Privacy
X-Edge-Location
X-Is-Supported-Browser
X-Is-Mobile
Atl-Traceid
X-Is-Tablet
X-Ms-Version
X-Tt-Logid
X-Logging-Id
X-Proxied
Apigw-Requestid
X-Lambda-Id
X-Web-Node
X-Tcp-Rtt
Web-Mar-Node
X-ProxyCache-Key
X-Fastly-Request-Id
X-Ms-Request-Id
X-Extlb
X-Zipkin-Id
X-Akamai-Edgescape
X-Varnish-Age
X-BYPASS-REASON
X-Cloudmap
X-ECache
X-Browser-Name
X-Fetched-On
Section-Io-Id
X-Redis-Cache
X-Restarts
X-IPLB-Instance
X-IPLB-Request-ID
X-ProxyCache-Status
X-Is-Desktop
X-Cache-Debug
X-Accel-Version
Mn-Server-Ip
X-Geo-Region
X-Routing-Service
X-Served-From
X-Scope-Id
X-Hosted-By
X-Loop
X-Format
Url
Selected-Fe
X-Httpd
X-Director
X-Detected-As
X-Locale
X-Frame-Option
X-Forwarded-Host
X-Cache-Host
X-Say-Cacheable
X-Upstream-Ct
X-Say-TTL
X-Upstream-Ht
X-Varnish-Cache-Hits
X-SayCDN-TTL
X-Tb
X-Proxy-Build
X-Tncms
X-Soup
X-Timing-Wait
X-Optimistic-Header
X-Site-Version
X-VCT
X-Skip-Cache
X-Storefront-Renderer-Rendered
X-GeoCode
X-Request-URI
X-Alternate-Cache-Key
X-Shopify-Stage
X-GeoCountry
Xserver
Frame-Options
X-Varnish-Beresp-Grace
X-RateLimit-Limit
X-Azure-Ref-OriginShield
X-ShardId
X-Origin
X-Mg-Request-UUID
X-Nginx-Cache
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Lagoon
Onion-Location
X-Connection-Hash
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vcl-Version
Expiry
X-Drupal-Cache-Tags
WPO-Cache-Status
WPO-Cache-Message
X-Thinkindot-L3
X-CMSURLCustom
X-Generation-Time
X-Origin-CC
TDXMobile
X-Vcache
X-Shield-Cache-Expires
X-Origin-TTL
Protected
X-CDN-Forward
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Drupal-Cache-Contexts
Source
Cdn-Requestid
X-Cache-Expired-At
Fastcgi-Useragent
Cache-Hits
X-Cdn-Origin
X-Vercel-Cache
X-Vercel-Id
X-Worker
X-XRDS-Location
X-Pass-Why
X-Rocket-Nginx-Serving-Static
Environment
X-Proxy-Cache-Status
X-Cache-Action
X-TA-CDN-Provider
X-GEO
X-PHP-Backend
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-InstanceId
X-Origin-Cache-Key
X-RateLimit-Reset
X-Buckets
Uber-Trace-Id
Node
X-App-Version
Priority
Sid
X-Cluster-Node
X-ID
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-Cache
Cross-Origin-Embedder-Policy
X-Urbn-Site-Id
Locale
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Urbn-Context-Path
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Tumblr-Pixel-3
CF-IPCountry
Cache-Tv-Group
X-FB-TRIP-ID
X-Auth-Group-Type
X-Server-W
X-Cache-Server
DB-Nickname
X-Fastcgi-Cache
X-Pad
X-B3-Traceid
User-Cache-Control
X-NGINX-Cache
X-Tx-Id
X-HITS
Alternate-Protocol
X-A
X-Aed
X-Gen-Mode
X-Generated-On
X-Edge-Server
X-Esi-Check
Origin
X-Epic-Correlation-Id
X-A-Wwc
X-Gzip
DCR-Decision-By
X-Vdms-Version
X-Ig-Push-State
X-Hnp-Log
X-A-Dam
X-GeoIP-City
X-A-Dgt
X-A-Dcw
Content-Secure-Policy
X-Vtex-Remote-Cache
X-Core-Value
X-Block-Status
X-Custom-Header
X-D
X-Cache-Id
X-Content-Age
X-Cache-TTL-Remaining
Candidate-Md5Url
X-Cache-NE
X-Conf
Cdn-Host
Cdn-Request-Time
X-Level-Front-Cache
X-BCube-Filmed-By
Origin-Agent-Cluster
A
X-Ec-Fail
X-Dispatcher-Server
X-DefElseHash
X-DefHash
X-Developer
X-Bl-Debug
X-Ec-GeoHdr
X-Ig-Origin-Region
X-Rojux
X-SB
X-ScT
MD5-Digest
Magicmarker
X-Req
Surrogated-Key
DCR-Processing-Time-Ms
Lang
X-Jobs
X-SRCache-Key
X-Varnish-CookieINHashed-On
Rendered-Blocks
X-Varnish-Remaining-TTL
Odigeo-Trace-Id
X-Varnish-CookieHashed-On
Ngx.Var.Host
Meta-Geo-Continent
X-TIM-N
X-UA-Device-Type
T-Server
Sslversion
Wxu-Next-Commit
X-Viewer-Country
X-Op-Id-All
X-Via-Fastly
X-ND-Cache
Wxu-Next-Hostname
X-A-Ccd
Wxu-Next-Region
Edge-Cache
X-Org
Gannett-Cam-Experience-Id
X-Origin-Expires
Mime-Version
X-Client-Ip
HostName
X-Auto-Login
X-Ad-Load-Variation
X-AK-Request-ID
RNT-Machine
RNT-Time
X-Backend-Instance
Tube-Get-Contents
Req-ID
X-B3-Trace-ID
Vix-Hermes-Req-Id
Tube-Got-Eval
X-Amz-Storage-Class
X-Bc-Bl
Server-Host
X-Acquia-Purge-Cdn-Unconfigured
X-App-Name
Powered-By
Sever-Int
PFcat
Ssr
Tube-Got-Results
Tube-Return
Platform
Producers
Server-Ext
X-Aicache-OS
Server-Hostname
X-GeoIP
X-RateLimit-Limit-Second
X-Pubstack
X-RateLimit-Remaining-Second
X-Request-Time
X-Scheme
X-Proto
X-Powered-By-VTEX-Cache
X-Origin-Time
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-Platform
X-Policy
X-SD-PageType
X-Tb-Optimization-Total-Bytes-Saved
X-VTEX-Cache-Server
X-VG-WebCache
X-VTEX-Cache-Time
X-WA-Info
XM
X-VG-TLSProxy
X-VarnishDD-TTL
X-Thanos
X-Test
X-V-Cache
X-Varnish-Director
X-Varnish-Hostname
X-Nyt-Route
X-NodeID
X-FC-Vary-Parameters
X-Fastly-Cache
X-Fmm-Version
X-Forwarded-Site
X-Gdpr
X-Fastly-Backend
X-DPWN-IS-SECURE
X-Cdn-Srv
X-Cache-Info
X-Clientip
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Geo-Header
Origin-EX
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Nginx-Cache-Key
X-NMSegId
X-Node-Id
X-Micro-Cache
X-LSADC-Cache
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-HN
X-HS-Content-Campaign-Id
X-Loc
X-Bip
X-Cache-Bucket
Cdnsip
Cdncip
Origin-CC
Cache-Provider
Click-Count-Action-Start
Click-Count-Error
Fastly-Backend-Name
Esi-Enabled
Content-Style-Type
Content-Script-Type
C-Via
X-DC
Fusion-Content-Id
Fusion-Component-Id
X-Dc
X-Service
Fusion-Content-Source
Fusion-Deployment-Id
AKAMAI
Adler-Geo
Fusion-Template-Id
Fusion-Source
Fastly-SSL
CDCHOST
NM-Fastcgi-Cache
Host-ID
Is-Eu
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-CacheTTL
X-CGP
X-Contensis-Viewer-Groups
X-SVT-ORM-VERSION
X-Var-Ttl
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Cache-Key
X-BBC-Edge-Cache-Status
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Location
X-Men
Req-Svc-Chain
X-SVT-ORM-RULES
On-Server
X-Ec-Custom-Error
X-Section
X-Request-Start
X-Eu-Site
X-Proxied-Request
X-Pool
X-Region-Sid
X-Device-Os
X-Server-IP
X-Csrf-Jwt
X-GoCache-CacheStatus
X-Sn-Servicetimems
X-CUA
Release
X-Depends
Pramga
NGX
X-Cache-Aspx
Canary
Ha-Gx-Prefs
Web-Mar-Region
DSUID
X-Wikidot-Static-Cache
X-Access
Country-Code
We-Hiring
Yak-Timeinfo
X-Human
X-Mvc-Supplant-OutputCached
Gh-Request-Id
True-Client-Country-4JS
V-Age
W
Fastly-GeoIP-CountryCode
Cluster
HA-Ipaddr
X-Wikidot-Backend
Machine
L5d-Success-Class
Mail-Subject
X-Varnishpool
L
X-We-Are-Hiring
X-Slack-Backend
X-Cache-FS-Status
X-Hash
X-Request-Host
X-Varnish-Beresp-Ttl
X-LiteSpeed-Cache-Control
X-Tec-Api-Root
X-Tec-Api-Origin
X-Slack-Shared-Secret-Outcome
X-Date
Proxy-Firewall
X-Tec-Api-Version
X-Accel-Expires-Debug
X-AIR-PT
X-Zone
X-NCache
X-Varnish-Hits
X-Up
X-From
X-MP-GENERATED-AT
X-Akamai-Transformed
CDN-RequestId
Debug
WP-Super-Cache
Redirect-Candidate
X-Jungle-Id
Server-Info
X-Cs
X-LB-ID
X-Cache-Backend
BehaviorPad-Version
CloudFront-Viewer-Country
X-Vdms-Path
X-Refresh
X-CACHE-AGE
Pics-Label
X-APP
X-Servedbyhost
Fastly-Drupal-HTML
SID
X-Uri
X-Parent-Response-Time
X-Via-Poph
X-Via-Popn
X-VHOST
GeoIP-Latitude
X-Via-Popv
X-HA-Backend
X-Newrelic-Synthetics
X-VC-TTL
X-Content-Length
X-PERF
X-Nananana
X-M-Reqid
X-M-Log
X-Render-Time
X-Datadome
X-B3-Parentspanid
X-ApacheServer
X-CDN-Cache-Status
Fastly-Drupal-Html
X-SERVER-NAME
X-Nc
X-LB-NoCache
X-CS
X-Litespeed-Tag
X-CACHE-KEY
X-Cached-By
Resin-Trace
Datacenter
X-NewRelic-App-Data
X-DynaTrace-JS-Agent
Locid
X-Wa
X-LiteSpeed-Tag
X-Response-Served-From
X-Original-Request-Id
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
Vc-Max-Age
X-COUNTRY
NtCoent-Length
Server-ID
X-RequestId
Cdn
X-B3-Spanid
X-TT-LOGID
X-Varnish-Beresp-TTL
X-VCache
X-ZONE
Product
X-Dispatcher-Number
Cf-Ipcountry
X-IAuth-Set-Uid
X-Old-Content-Length
FSS-Cache
True-Client-IP
Srv
X-Ckpd-Fst-Backend
Ngx-Var-Key
X-Fpc
X-TIME
X-Esi
Uri
X-Srv
X-HostName
X-TX-ID
CDN
True-Client-Ip
X-Bug-Bounty
Serverhost
X-Vgn-Hpd-Reason
X-Nf-Language
X-Nf-Ats-Version
X-Nf-Country
X-Platform-Processor
X-Platform-Cluster
X-HubSpot-Correlation-Id
X-Platform-Router
X-Cdn-Forward
X-FPC
X-Moov-T
ServerName
Tcn
X-Moov-Xdn-Version
X-Dynatrace-Js-Agent
X-TH-Server
X-Vc
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-WA
GeoIP-Country-Code
S-Rt
Request-ID
Server-Id
X-Cdn-Cache-Status
Cf-Device-Type
X-Dispatch
CacheControlHeader
X-APP-VERSION
Cross-Origin-Embedder-Policy-Report-Only
Hostname
X-Vmg-Version
X-Application
ServerHost
X-Destination
X-External-Request-Id
X-NC
User-Agent
X-User
X-B-Cookie
X-S-Cookie
X-Akamai-Device-Characteristics
X-Info
X-Zen-Fury
X-Lb-Nocache
X-FL-QIT-DEBUG
Srvid
X-Webkit-Csp-Report-Only
Geoip-Latitude
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Ohc-File-Size
X-Instance-Name
Xc-Version
X-Sigma
X-Geo
X-Via-PopH
X-Cache-Date
X-Via-PopV
X-Via-PopN
X-Ha-Backend
Cneonction
X-Rocket-Build-Number
X-Sigma-Backend
X-Gamma-Serve
X-Hit
X-Segment-20210421
X-API-Version
Expect-Staple
Origin-Trial
X-ServedByHost
X-VServer
PICS-Label
X-VCL-Version
Epwk-X-Cache
X-Amz-Meta-Opti
Cloudfront-Viewer-Country
X-Branch-Name
X-V
X-Ua
X-App
X-Correlation-ID
X-Limited
X-Lb-Id
X-Akamai-Pragma-Client-IP
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
X-DataCenter
X-Rollout
X-New
X-Platform-Server
DataCenter
X-Check-Cacheable
Permission-Policy
N-Cache
X-Serial
WZWS-RAY
Load-Balancing
X-MiniProfiler-Ids
X-Eligible
Ohc-Cache-HIT
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-DynaTrace
X-Wp-Cf-Super-Cache
Timeexpire
XkeyRZ
X-Sqd-Ctime
Cmsid
X-Sqd-Stime
X-VTEX-Cache-Backend-Header-Time
X-Acquia-Site
X-VTEX-Cache-Backend-Connect-Time
X-Proxy-CacheRZ
Cmstype
X-Web-Server
Warning
X-MSEdge-Features
X-MSEdge-Flight
Type
X-Datacenter
X-Acquia-Purge-Tags
X-Service-Response-Time
Sm-Log-Id
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-LAGOON
CountryCode
X-Litespeed-Cache-Control
X-CSRF-TOKEN
Servername
X-Requestid
X-Owner
Wpo-Cache-Status
X-Fastly-Backend-Reqs
Cross-Origin-Opener-Policy-Report-Only
X-Core-Mission
Wpo-Cache-Message
X-Shardid
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Irp-Debug
X-Udemy-Cache-App-Namespace
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-IN-APIGATEWAY
Ngx
X-Snapshot-Date
X-Shopid
X-Sorting-Hat-Podid
X-Origin-Upstream-Status
X-RAMCache
X-Ramcache
X-Th-Server
X-Sorting-Hat-Shopid