Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
X-Request-ID
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Litespeed-Cache
X-Clacks-Overhead
Cache-Tag
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-TtlSet
X-PC
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-FTR-Request-ID
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
X-Powered-By-Plesk
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Cache-TTL
X-Cnection
X-CST
X-Ac
X-D2id
X-ESI
X-Element-Page-Cache
Edge-Control
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-Exp-Id
Verso
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Cdn-Fetch
X-MS-InvokeApp
X-GitHub-Request-Id
X-ECACHE
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-Navigation-Version
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Oneagent-Js-Injection
X-Webkit-Csp
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-B3-TraceId
X-Amz-Rid
X-Mod-Pagespeed
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Kinsta-Cache
X-ARC
X-Edge-Location-Klb
X-Goog-Hash
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Powered-CMS
X-Mg-S
S
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
X-Ratelimit-Limit
Access-Control-Request-Method
X-NF-Request-ID
Response
X-Middleton-Response
X-VARITI-CCR
RTSS
Realpath
X-Forwarded-For
X-T
X-Content-Digest
X-Cache-Key
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Ruxit-Js-Agent
X-Ratelimit-Remaining
X-TTL
X-Recruiting
X-TraceId
Fastcgi-Cache
X-Cached
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Varnish-TTL
X-Correlation-Id
X-Shield-Request-Id
Front-End-Https
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-Ua-Browser
X-Forwarded-Proto
X-Request-Processing-Time
X-Request-Received
X-Frontend
TP-Cache
X-Protected-By
X-LLID
X-PressLabs-Stats
Server-Node
X-HS-Content-Id
MS-Author-Via
Payment
X-HS-Cache-Config
Arr-Disable-Session-Affinity
X-HS-Hub-Id
Public-Key-Pins
Content-MD5
Count-Hit
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Server-ID
X-Accel-Expires
X-HS-Combine-CSS
X-GUploader-UploadID
X-Distributor
X-LB-Cache
X-Origin-Server
X-Country-Code-Real
X-NODE
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-FTR-Expires
X-Ezoic-Cdn
X-Newrelic-App-Data
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-App-Server
Host
X-Az
X-AppVersion
X-Varnish-Server
X-Activity-Id
X-Content-Security-Policy-Report-Only
X-Amz-Meta-S3cmd-Attrs
Mrf-Cache-Status
Accept-Charset
MRF-Tech
X-Cluster-Name
Cache-Tags
X-Ua-Device
X-B3-TraceId-Primal
Cleartype
X-Varnish-Backend
Retry-After
Surrogate-Key
X-ORACLE-DMS-ECID
X-Ttl
X-Goog-Metageneration
Filterid
X-Unique-Id
Server-Name
X-Hits
X-Git-Hash
X-Debug
Access-Control-Allow-Method
X-Load-Cache
X-Upgrade-Enabled
X-Logged-In
X-Azure-Ref
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Id
X-Geo-Country
X-CSRF-Token
X-Hostname
X-FB-Debug
TCN
X-Amz-Apigw-Id
X-Proxy
TP-L2-Cache
X-Amzn-RequestId
X-TT
X-Tt-Trace-Tag
X-Grace
Section-Io-Cache
X-Tt-Trace-Host
X-B
X-Revision
Viewport
X-Time
DC
X-F-Cache
Healthy
X-Hcs-Proxy-Type
X-Seen-By
X-CCDN-CacheTTL
X-Type
X-Fb-Rlafr
X-B3-Sampled
X-CCDN-Origin-Time
X-Contextid
X-Cache-Control
X-Trace-Id
X-Request-Guid
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Mobile
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Fastly-SIE
X-XRDS-LOCATION
Fastly-SWR
Referer-Policy
X-Goog-Generation
X-Goog-Storage-Class
X-N
Paypal-Debug-Id
Content-Disposition
X-DIS-Request-ID
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Webkit-CSP
X-Varnish-Grace
X-Magnolia-Registration
X-Px
X-Debug-Info
X-Page-Id
X-Via-JSL
X-Origin-Cache
X-Amz-Replication-Status
X-Ratelimit-Reset
Version
X-Oracle-Dms-Ecid
X-Whom
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-UUID
X-Content-Options
X-ProcessESI
X-Rid
X-RemovedCookies
X-Wormhole-Sdk
X-G
X-Rule
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Template
X-Tumblr-User
X-Node-Name
X-App-Environment
X-Nf-Request-Id
MS-CV
X-Datadog-Sampled
X-RTag
X-Hl-Ver
NGB
X-Source
X-Storage
Ms-Operation-Id
X-Adobe-Loc
X-Adobe-Content
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-B-Cache
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-User-Agent
X-NYM-Debug-Backend
X-Device-Type
X-Signature
X-Region
X-Proxy-Cache-Info
X-Backend-Name
Charset
Cross-Origin-Window-Policy
X-Environment-Context
X-Cacheable-TTL
X-FW-Server
X-FW-Serve
X-FW-Hash
X-Wix-Request-Id
X-FW-Dynamic
X-Instance
X-L-Path
X-Status
X-FW-Static
X-FW-Version
Country
X-FW-Type
SD-X-WS
X-Is-Bot
GEO-INFO
X-ServerID
X-Rendered-As
X-Cache-Age
X-IPS-LoggedIn
ServerID
Countrycode
Amp-Access-Control-Allow-Source-Origin
X-RM-Cache-TTL
X-Cache-Grace
Akamai-GRN
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
SRV
X-Real-IP
X-Ismobilevalue
Front
X-Framework
Liferay-Portal
X-WP-CF-Super-Cache-Active
X-Amzn-Remapped-Content-Length
X-Aws-Lambda-Call-Status
X-Cache-Hit
X-Language
X-AB
X-Oracle-Dms-Rid
X-WebKit-CSP-Report-Only
X-Air-Pt
X-Content-Powered-By
X-Akamai-Request-ID2
OT-Force-Account-Verify
X-B3-SpanId
X-Sucuri-Cache
X-Air-Source
X-Sucuri-ID
X-Air-Hostname
X-UA
X-Servername
X-Air-Trace-Id
X-VC
From-Origin
X-VC-Cache
Backend
Xet-Cookie
X-Api-Version
X-RateLimit-Limit
X-URL
X-Mode
X-Xrds-Location
Accept-Language
Refresh
Upgrade-Insecure-Requests
X-Tt-Logid
X-Nginx-Cache
Webserver
Access-Control-Request-Headers
X-Cache-Status-Check
X-Cache-Time
X-Handled-By
X-HTML-Minification-Powered-By
X-Rewrite-Enabled
X-SRV
X-RCS-CacheZone
X-DataDome
Filters
Meta-Geo
X-UPSTREAM-Address
X-SaId
X-Fastly-Request-Id
X-Rn-Rsrv
X-JoinUs
X-Webstats-RespID
Webcakes-App-Name
X-Cache-Rule
X-Cache-Operation
X-S
TWC-Privacy
X-Generated-By
X-Hosted-By
Cache
X-R9-Blue-Green-Version
X-Provided-By
Webcakes-Region
X-PHP-Host
Webcakes-App-Version
X-Origin-Hint
TWC-Locale-Group
LB
X-Tumblr-Pixel-2
X-Origin-Date
X-Xfnlog-Site
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
X-Varnish-Age
X-Labrador-Cache-Channel
TWC-Device-Class
ServedBy
TWC-GeoIP-Country
Section-Io-Id
X-Akamai-Edgescape
X-Served-From
X-Scope-Id
X-Tb
X-Tcp-Rtt
X-Adobe-Source
X-Web-Node
X-Browser-Name
X-ProxyCache-Key
X-ProxyCache-Status
X-Lambda-Id
Atl-Traceid
X-Skip-Cache
X-Httpd
X-Is-Desktop
X-No-Session
X-Geo-Region
X-Cluster
X-Forwarded-Host
X-Endurance-Cache-Level
X-Cms-Context
X-Container-Uri
X-Fetched-On
X-Git-Commit
X-Is-Tablet
X-Reqid
X-Is-Supported-Browser
X-Logging-Id
X-Is-Mobile
X-Accel-Version
X-BYPASS-REASON
X-Locale
X-IPLB-Instance
Apigw-Requestid
X-IPLB-Request-ID
X-Alternate-Cache-Key
X-Frame-Option
X-Loop
X-Ms-Request-Id
Url
X-Cache-Debug
X-Cache-Host
X-Ms-Version
Web-Mar-Node
X-Mg-Request-UUID
X-Origin
X-Optimistic-Header
X-Format
Selected-Fe
Mn-Server-Ip
X-Upstream-Ct
X-Tncms
X-Timing-Wait
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Upstream-Ht
X-Varnish-Beresp-Grace
X-Request-URI
X-VCT
X-Varnish-Cache-Hits
X-Restarts
X-Site-Version
X-Proxy-Build
X-Redis-Cache
X-Edge-Location
X-VWS-Id
X-AWS-Id
X-INCAP-ABP
X-RID
X-Zipkin-Id
Xserver
X-Extlb
X-Director
X-Cloudmap
X-Proxied
X-SayCDN-TTL
X-Soup
X-Say-TTL
X-Say-Cacheable
X-LJ-Flow-ID
X-Routing-Service
X-Sorting-Hat-PodId
Onion-Location
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-GeoCountry
X-Connection-Hash
X-Azure-Ref-OriginShield
Frame-Options
X-GeoCode
Expiry
X-Detected-As
X-Vcl-Version
Cdn-Requestid
X-Lagoon
Source
WPO-Cache-Message
X-Cache-Expired-At
WPO-Cache-Status
X-CDN-Forward
X-CMSURLCustom
X-Thinkindot-L3
X-Shield-Cache-Expires
Thinkindot-Control
Thinkindot-CacheControl
TDXMobile
X-Generation-Time
Thinkindot-CacheControl-Type
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-B3-Traceid
X-Vcache
X-WP-CF-Super-Cache-Cookies-Bypass
Protected
Environment
Fastcgi-Useragent
X-Origin-CC
X-Origin-TTL
Priority
X-ECache
X-Cdn-Origin
X-Pass-Why
X-PHP-Backend
X-Proxy-Cache-Status
X-Cache-Action
Uber-Trace-Id
X-Rocket-Nginx-Serving-Static
X-App-Version
X-Worker
X-Vercel-Cache
X-Vercel-Id
Sid
X-ID
Cache-Hits
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-Cluster-Node
CF-IPCountry
X-Aspnetmvc-Version
Node
X-Urbn-Site-Id
X-GEO
X-Urbn-Context-Path
Locale
X-Buckets
X-XRDS-Location
CDN-Cache
X-TA-CDN-Provider
CDN-CachedAt
CDN-RequestPullSuccess
CDN-Uid
Cross-Origin-Embedder-Policy
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
Cache-Tv-Group
X-FB-TRIP-ID
X-Auth-Group-Type
X-Tumblr-Pixel-3
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-Cache-Server
DB-Nickname
X-Pad
X-Server-W
X-Client-Ip
X-RateLimit-Reset
Alternate-Protocol
X-A
DCR-Decision-By
X-Esi-Check
X-Epic-Correlation-Id
DCR-Processing-Time-Ms
X-Ec-GeoHdr
X-Dispatcher-Server
X-Ec-Fail
Content-Secure-Policy
Gannett-Cam-Experience-Id
X-Edge-Server
A
X-ND-Cache
X-Level-Front-Cache
X-Service
X-Op-Id-All
X-Org
X-Ig-Push-State
X-Ig-Origin-Region
Cdn-Host
Candidate-Md5Url
X-Generated-On
X-Gzip
Cdn-Request-Time
X-Developer
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Bl-Debug
T-Server
Sslversion
Surrogated-Key
X-A-Ccd
X-A-Dam
X-Bc-Bl
X-Aed
X-BCube-Filmed-By
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-Cache-Id
X-Cache-NE
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
Magicmarker
X-DefElseHash
X-DefHash
Lang
Odigeo-Trace-Id
X-D
Rendered-Blocks
X-Cache-TTL-Remaining
X-Conf
X-Core-Value
X-Custom-Header
Origin-Agent-Cluster
X-Origin-Expires
X-GeoIP-City
X-SRCache-Key
X-Via-Fastly
X-Viewer-Country
X-Varnish-Remaining-TTL
X-LiteSpeed-Cache-Control
X-Vtex-Remote-Cache
X-Vdms-Version
X-Req
X-ScT
X-Dc
X-V-Cache
X-Varnish-CookieHashed-On
X-Rojux
X-TIM-N
X-Varnish-CookieINHashed-On
Mime-Version
HostName
X-Thanos
Platform
Powered-By
PFcat
X-Content-Age
X-UA-Device-Type
Origin
X-Test
X-SVT-ORM-RULES
X-Scheme
Host-ID
X-SB
X-Request-Time
Esi-Enabled
Fastly-Backend-Name
Is-Eu
X-Server-IP
X-Debug-Cache-Fetch
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
Producers
X-Sn-Servicetimems
X-Debug-Cache-Store
NM-Fastcgi-Cache
RNT-Time
X-VG-WebCache
X-Acquia-Purge-Cdn-Unconfigured
X-VG-TLSProxy
X-VarnishDD-TTL
X-Varnish-Hostname
X-Bip
X-Ad-Load-Variation
X-VTEX-Cache-Server
X-Backend-Instance
X-B3-Trace-ID
X-Amz-Storage-Class
X-AK-Request-ID
X-Aicache-OS
Vix-Hermes-Req-Id
V-Age
Server-Host
X-Cache-Info
RNT-Machine
X-CacheTTL
X-Cdn-Srv
Req-ID
X-Cache-FS-Status
Ssr
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
X-Varnish-Director
X-Clientip
X-DPWN-IS-SECURE
Adler-Geo
AKAMAI
X-Wikidot-Static-Cache
X-Pubstack
X-GoCache-CacheStatus
X-Wikidot-Backend
X-VTEX-Cache-Time
Cache-Provider
X-LSADC-Cache
X-Geo-Header
X-GeoIP
Edge-Cache
XM
X-Jobs
X-Micro-Cache
X-Policy
X-Men
X-Loc
X-Powered-By-VTEX-Cache
X-Proto
X-Mvc-Supplant-Cachable
X-HN
X-Platform
X-Mly-Id
X-Gdpr
X-PAYTM-SRV-ID
X-Tx-Id
Country-Code
Content-Style-Type
X-NodeID
X-Node-Id
X-Nyt-Route
X-Fastly-Cache
X-Origin-Time
X-Region-Sid
X-RateLimit-Remaining-Second
X-Fastly-Backend
X-Fmm-Version
Content-Script-Type
X-NMSegId
Cdnsip
Cdncip
X-RateLimit-Limit-Second
Click-Count-Action-Start
Click-Count-Error
X-Tec-Api-Origin
X-Tec-Api-Version
X-Varnish-Beresp-Ttl
X-DC
User-Cache-Control
X-HITS
X-Tec-Api-Root
X-Nginx-Cache-Key
X-Auto-Login
X-Varnishpool
X-Mvc-Supplant-OutputCached
X-We-Are-Hiring
X-Block-Status
X-BBC-Edge-Cache-Status
X-Proxied-Request
X-Date
X-Forwarded-Site
X-Gen-Mode
X-Csrf-Jwt
X-Contensis-Viewer-Groups
X-FC-Vary-Parameters
X-Section
X-Request-Start
X-Eu-Site
X-Origin-Response-Time
X-SD-PageType
X-Depends
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-App-Name
X-HS-Content-Campaign-Id
X-Pool
X-Cache-Bucket
X-Cache-Aspx
X-Hnp-Log
X-Varnish-Beresp-Status
X-Var-Ttl
Yak-Timeinfo
X-Varnish-Authentication
X-Hash
X-WA-Info
X-Location
X-CGP
Fastly-SSL
Gh-Request-Id
Fastly-GeoIP-CountryCode
DSUID
CDCHOST
Cluster
HA-Ipaddr
L
On-Server
Origin-CC
Mail-Subject
Machine
L5d-Success-Class
Canary
Cache-Key
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-Cs
Fusion-Source
Fusion-Template-Id
Apple-News-Services-Request-Url
C-Via
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Origin-EX
Ha-Gx-Prefs
Proxy-Firewall
True-Client-Country-4JS
Release
Req-Svc-Chain
W
X-Access
We-Hiring
X-Accel-Expires-Debug
X-AIR-PT
X-NGINX-Cache
Sever-Int
Server-Ext
Server-Info
Web-Mar-Region
X-Human
X-Ec-Custom-Error
Server-Hostname
NGX
X-Slack-Shared-Secret-Outcome
X-Device-Os
X-Request-Host
Pramga
X-Slack-Backend
X-CUA
X-Origin-Cache-Key
X-Varnish-Hits
BehaviorPad-Version
Debug
Redirect-Candidate
X-NCache
X-Zone
X-From
X-LB-ID
X-Up
X-Akamai-Transformed
X-Via-Poph
X-HA-Backend
X-MP-GENERATED-AT
X-APP
Pics-Label
X-Via-Popv
Fastly-Drupal-HTML
X-Jungle-Id
X-Via-Popn
X-Datadome
CloudFront-Viewer-Country
X-Cache-Backend
X-Vdms-Path
X-Refresh
X-VHOST
CDN-RequestId
X-LiteSpeed-Tag
SID
X-Parent-Response-Time
X-CACHE-AGE
X-B3-Parentspanid
GeoIP-Latitude
X-Servedbyhost
X-Content-Length
WP-Super-Cache
X-Newrelic-Synthetics
X-Uri
X-CDN-Cache-Status
X-Nc
X-LB-NoCache
X-CACHE-KEY
Datacenter
X-B3-Spanid
X-Nananana
X-PERF
X-VC-TTL
X-M-Log
X-M-Reqid
X-Render-Time
X-ApacheServer
Fastly-Drupal-Html
X-Litespeed-Tag
Vc-Max-Age
X-DynaTrace-JS-Agent
X-Wa
Server-ID
Resin-Trace
X-ZONE
NtCoent-Length
X-RequestId
Product
X-Dispatcher-Number
Cdn
X-Cached-By
X-CS
X-Amz-Meta-Cb-Modifiedtime
X-VCache
Locid
GeoIp-Country-Code
X-Ckpd-Fst-Backend
X-Fpc
FSS-Cache
X-IAuth-Set-Uid
X-NewRelic-App-Data
X-TX-ID
X-Varnish-Beresp-TTL
X-Esi
X-Original-Request-Id
True-Client-Ip
X-Bug-Bounty
Serverhost
X-Response-Served-From
S-Rt
X-HostName
X-SERVER-NAME
X-Srv
True-Client-IP
Uri
X-Nf-Country
X-Old-Content-Length
ServerName
X-Nf-Ats-Version
X-Nf-Language
X-HubSpot-Correlation-Id
X-TT-LOGID
Ngx-Var-Key
Tcn
GeoIP-Country-Code
X-Oracle-DMS-ECID
CDN
X-TIME
Srv
Cf-Ipcountry
X-FPC
X-Dynatrace-Js-Agent
X-Vgn-Hpd-Reason
X-Cdn-Forward
Request-ID
X-Moov-Xdn-Version
X-TH-Server
X-Vc
X-WA
X-Moov-T
X-Cdn-Cache-Status
User-Agent
CacheControlHeader
X-Akamai-Device-Characteristics
X-Vmg-Version
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Dispatch
ServerHost
X-Info
X-Gamma-Serve
Server-Id
Hostname
X-APP-VERSION
X-COUNTRY
X-Geo
Srvid
X-Correlation-ID
Xc-Version
X-NC
X-FL-QIT-DEBUG
Geoip-Latitude
X-Webkit-Csp-Report-Only
Cf-Device-Type
X-Hit
X-Presslabs-Stats
Expect-Staple
X-Application
Cross-Origin-Embedder-Policy-Report-Only
X-External-Request-Id
X-B-Cookie
X-Destination
X-S-Cookie
X-User
X-Lb-Nocache
X-ServedByHost
Cloudfront-Viewer-Country
X-Amz-Meta-Opti
Origin-Trial
X-Zen-Fury
Cneonction
X-VCL-Version
X-Github-Request-Id
X-Limited
Ohc-File-Size
X-Sigma-Backend
X-Via-PopH
X-Instance-Name
Epwk-X-Cache
X-Via-PopV
X-Rocket-Build-Number
X-Sigma
X-Cache-Date
X-Ha-Backend
PICS-Label
X-Via-PopN
X-V
X-API-Version
N-Cache
X-App
WZWS-RAY
X-Platform-Server
X-Rollout
X-Akamai-Pragma-Client-IP
X-Segment-20210421
X-New
X-Eligible
X-VServer
X-Ua
Permission-Policy
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
XkeyRZ
X-Branch-Name
X-Sqd-Ctime
X-Check-Cacheable
X-Sqd-Stime
X-MiniProfiler-Ids
X-Proxy-CacheRZ
X-Serial
X-Lb-Id
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-Wp-Cf-Super-Cache
Timeexpire
X-Internal-TTL
Cmsid
X-Fastly-Backend-Reqs
Cmstype
X-ElasticPress-Query
X-Ftr-Request-Id
X-Acquia-Site
X-Service-Response-Time
Ngx
Sm-Log-Id
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-MSEdge-Flight
X-Acquia-Purge-Tags
X-MSEdge-Features
X-Datacenter
X-Litespeed-Cache-Control
CountryCode
X-CSRF-TOKEN
Servername
X-LAGOON
Fl-Custom-Application
X-Udemy-Cache-App-Namespace
X-RAMCache
X-VTEX-Cache-Backend-Header-Time
X-Amz-Meta-Sha256
X-VTEX-Cache-Backend-Connect-Time
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Via-Edge
X-Via-SSL
X-Via-CDN
X-Traceid
Edge-Copy-Time
X-EC-Lua
X-Amz-Meta-S3b-Last-Modified
X-Th-Server
X-Shopid
Warning
Ohc-Cache-HIT
X-Sorting-Hat-Podid
X-Web-Server
X-Requestid
X-DataCenter
X-IN-APIGATEWAYSSL
X-Ramcache
X-Origin-Upstream-Status
X-Snapshot-Date
X-Shardid
Wpo-Cache-Message
Wpo-Cache-Status
X-Sorting-Hat-Shopid