Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-DNS-Prefetch-Control
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Generator
X-Ua-Compatible
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
Upgrade
Status
X-CDN
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Proxy-Cache
X-Server
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Server-Powered-By
X-LiteSpeed-Cache
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Device
X-Cache-Lookup
X-WebKit-CSP
EagleEye-TraceId
X-Host
X-Backend-Server
Cf-Railgun
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Response-Time
X-Readtime
Surrogate-Control
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-HW
X-Node
Request-Id
X-Cloud-Trace-Context
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Country-Code
X-ASPNET-VERSION
Service-Worker-Allowed
X-Content-Type
X-Trace
Cache-Tag
X-Url
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
AR-SID
AR-PoweredBy
AR-ATIME
AR-Request-ID
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
Accept-Ch
X-FTR-Request-ID
X-ESI
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
Edge-Control
X-D2id
Verso
X-CST
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Upstream
X-FastCGI-Cache
X-Navigation-Version
Fastly-Restarts
X-B3-TraceId
X-ECACHE
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-Mod-Pagespeed
X-Amz-Rid
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-ARC
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Edge-Cache-Tag
S
Cache-Status
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
X-NF-Request-ID
RTSS
Realpath
X-Forwarded-For
X-Cache-Key
X-TTL
X-Ratelimit-Remaining
X-T
X-Content-Digest
Cross-Origin-Resource-Policy
X-Recruiting
X-ORACLE-DMS-RID
X-Cached
Fastcgi-Cache
X-Correlation-Id
X-Fastly-Request-ID
X-Server-ID
X-MSEdge-Ref
X-Shield-Request-Id
X-TraceId
X-Varnish-TTL
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-Ua-Browser
X-SRCache-Store-Status
X-PressLabs-Stats
X-Forwarded-Proto
X-Request-Received
Arr-Disable-Session-Affinity
X-Request-Processing-Time
X-HS-Content-Id
Payment
X-Frontend
X-HS-Hub-Id
X-HS-Cache-Config
TP-Cache
Server-Node
X-Protected-By
X-RateLimit-Remaining
Public-Key-Pins
X-LLID
Count-Hit
MS-Author-Via
X-Ruxit-Js-Agent
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Content-MD5
X-Accel-Expires
X-Newrelic-App-Data
X-HS-Combine-CSS
X-GUploader-UploadID
X-LB-Cache
X-Distributor
X-Origin-Server
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-DMS-ECID
Surrogate-Key
X-Ezoic-Cdn
X-NODE
X-HP-Webp
X-Jurisdiction
X-Request-Handler-Origin-Region
X-Microsite
X-HP-Trace-Id
X-Content-Security-Policy-Report-Only
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Www-Served-By
X-App-Server
Accept-Charset
X-Varnish-Server
Host
X-Cluster-Name
X-AppVersion
X-Activity-Id
X-Az
X-Amz-Meta-S3cmd-Attrs
Cleartype
Cache-Tags
Retry-After
Mrf-Cache-Status
MRF-Tech
X-Varnish-Backend
X-B3-TraceId-Primal
Filterid
X-FTR-Expires
X-Goog-Metageneration
X-Unique-Id
X-Ua-Device
X-Debug
X-Ttl
X-Git-Hash
Server-Name
Access-Control-Allow-Method
X-Hits
X-Logged-In
X-Load-Cache
X-Aspnet-Version
X-Id
X-Upgrade-Enabled
X-Azure-Ref
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Geo-Country
X-CSRF-Token
X-FB-Debug
X-Amz-Apigw-Id
TCN
X-Amzn-RequestId
X-Hostname
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-TT
TP-L2-Cache
X-Proxy
X-B
Section-Io-Cache
X-Seen-By
X-Revision
X-Grace
DC
Viewport
X-Cache-Control
X-Request-Guid
X-Type
Healthy
X-Contextid
X-B3-Sampled
X-Fb-Rlafr
X-Trace-Id
X-Time
X-Goog-Storage-Class
X-F-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Varnish-Ttl
Fastly-SWR
Fastly-SIE
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Mobile
Content-Disposition
X-N
X-XRDS-LOCATION
Paypal-Debug-Id
X-Ratelimit-Reset
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Referer-Policy
Pinterest-Generated-By
X-Pinterest-Rid
X-Varnish-Grace
Pinterest-Version
X-Origin-Cache
X-Amz-Replication-Status
X-DIS-Request-ID
X-Magnolia-Registration
X-Nf-Request-Id
X-Via-JSL
X-Debug-Info
X-Page-Id
X-Webkit-CSP
X-Px
X-Wormhole-Sdk
Version
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-UUID
X-G
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Node-Name
X-Content-Options
X-Adobe-Content
X-Debug-IsPreview
X-Rule
X-App-Environment
X-Adobe-Loc
X-Whom
X-Oracle-Dms-Ecid
X-Source
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Storage
SD-X-WS
X-Template
VIX-Pulpo-Node
X-Hl-Ver
X-Ismobilevalue
NGB
X-Datadog-Sampled
X-Rendered-As
X-RTag
X-Backend-Name
X-B-Cache
X-Wix-Request-Id
X-Proxy-Cache-Info
X-Is-Bot
X-Region
X-Instance
Cross-Origin-Window-Policy
X-Cacheable-TTL
X-Signature
X-User-Agent
Ms-Operation-Id
X-Device-Type
MS-CV
X-NYM-Debug-Backend
Country
X-FW-Dynamic
Amp-Access-Control-Allow-Source-Origin
X-L-Path
X-FW-Version
X-ServerID
X-Rid
X-Status
GEO-INFO
X-FW-Type
X-FW-Static
X-Environment-Context
X-FW-Hash
X-FW-Serve
X-FW-Server
Charset
Countrycode
X-RM-Cache-TTL
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
ServerID
Akamai-GRN
Front
X-URL
X-Real-IP
X-Cache-Age
X-Framework
X-Cache-Grace
X-WP-CF-Super-Cache-Active
SRV
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-AB
X-B3-SpanId
X-Cache-Hit
X-Language
X-Air-Pt
X-ECache
X-Akamai-Request-ID2
X-Content-Powered-By
X-Oracle-Dms-Rid
X-Api-Version
X-WebKit-CSP-Report-Only
X-Air-Source
X-Servername
X-Fastly-Request-Id
X-VC
X-Air-Trace-Id
X-Air-Hostname
OT-Force-Account-Verify
X-Sucuri-ID
X-Sucuri-Cache
Xet-Cookie
X-UA
X-DataDome
From-Origin
X-VC-Cache
Accept-Language
X-Mode
Backend
X-SRV
X-Cache-Status-Check
Refresh
Access-Control-Request-Headers
LB
X-Xrds-Location
X-HTML-Minification-Powered-By
X-Aws-Lambda-Call-Status
Upgrade-Insecure-Requests
X-Handled-By
X-Tt-Logid
X-Cache-Time
X-SaId
X-Rewrite-Enabled
X-RCS-CacheZone
X-Mg-Request-UUID
Meta-Geo
X-JoinUs
Webserver
X-RID
Filters
X-Rn-Rsrv
X-UPSTREAM-Address
X-Git-Commit
X-Generated-By
X-Varnish-Age
X-R9-Blue-Green-Version
X-Adobe-Source
Property-Id
X-Cms-Context
X-Origin-Date
X-Tumblr-Pixel-2
X-PHP-Host
X-Nginx-Cache
X-Provided-By
X-Origin-Hint
X-Webstats-RespID
X-Container-Uri
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-S
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Labrador-Cache-Channel
TWC-Device-Class
X-Hosted-By
TWC-Connection-Speed
X-Request-URI
Webcakes-Region
X-Web-Node
X-Lambda-Id
X-Locale
X-Forwarded-Host
X-Logging-Id
Section-Io-Id
X-Akamai-Edgescape
X-Accel-Version
Web-Mar-Node
X-Browser-Name
X-BYPASS-REASON
X-Fetched-On
X-Cache-Debug
Url
X-Geo-Region
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Desktop
X-Httpd
ServedBy
X-Xfnlog-Site
Atl-Traceid
X-Loop
X-ProxyCache-Status
X-No-Session
X-Site-Version
X-Served-From
X-Scope-Id
X-Redis-Cache
X-Vcl-Version
X-ProxyCache-Key
X-Reqid
X-Skip-Cache
X-Tncms
X-Tb
Cache
X-Tcp-Rtt
X-IPLB-Request-ID
Selected-Fe
X-Shopify-Stage
X-IPLB-Instance
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-SayCDN-TTL
X-Cluster
X-Upstream-Ct
X-Frame-Option
X-Detected-As
X-Director
Mn-Server-Ip
X-Alternate-Cache-Key
X-Timing-Wait
X-Say-Cacheable
X-Say-TTL
X-Upstream-Ht
X-Storefront-Renderer-Rendered
Apigw-Requestid
X-Restarts
X-Format
X-Proxy-Build
X-Origin
X-VCT
X-Optimistic-Header
X-Cache-Host
X-VWS-Id
Onion-Location
X-Extlb
X-Cloudmap
X-RateLimit-Limit
X-Cache-Rule
X-LJ-Flow-ID
X-AWS-Id
X-Soup
X-Cache-Operation
X-Routing-Service
Xserver
X-Zipkin-Id
X-Proxied
Expiry
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Ms-Request-Id
X-Connection-Hash
X-Sorting-Hat-PodId
X-Endurance-Cache-Level
X-Edge-Location
X-Ms-Version
X-INCAP-ABP
X-Vcache
Frame-Options
Priority
X-Lagoon
X-GeoCountry
X-Azure-Ref-OriginShield
X-GeoCode
X-Cache-Expired-At
X-CDN-Forward
X-WP-CF-Super-Cache-Cookies-Bypass
Source
Protected
Cdn-Requestid
WPO-Cache-Status
WPO-Cache-Message
X-Thinkindot-L3
X-Shield-Cache-Expires
X-Generation-Time
Fastcgi-Useragent
TDXMobile
Thinkindot-CacheControl-Type
X-Proxy-Cache-Status
X-Cache-Action
Environment
Thinkindot-Control
Thinkindot-CacheControl
X-CMSURLCustom
X-Drupal-Cache-Tags
X-XRDS-Location
X-Drupal-Cache-Contexts
X-Origin-CC
CF-IPCountry
X-Cdn-Origin
X-Origin-TTL
Uber-Trace-Id
X-PHP-Backend
X-Pass-Why
X-GEO
X-App-Version
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Rocket-Nginx-Serving-Static
X-Cluster-Node
X-Worker
Sid
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-SiteName
X-ID
Node
X-Buckets
X-Vercel-Id
X-Vercel-Cache
X-Cdn
Cache-Tv-Group
X-FB-TRIP-ID
X-Aspnetmvc-Version
Cache-Hits
X-Auth-Group-Type
CDN-Uid
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullCode
X-Tumblr-Pixel-3
AMP-Access-Control-Allow-Source-Origin
Cross-Origin-Embedder-Policy
X-Server-W
X-Fastcgi-Cache
X-TA-CDN-Provider
Alternate-Protocol
X-HITS
X-B3-Traceid
X-Pad
X-Cache-Server
X-A
DB-Nickname
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
Wxu-Next-Region
T-Server
Wxu-Next-Commit
Wxu-Next-Hostname
X-A-Wwc
X-Aed
X-Cache-NE
X-Cache-TTL-Remaining
X-Conf
X-Cache-Id
X-Bl-Debug
X-Bc-Bl
X-BCube-Filmed-By
Surrogated-Key
Sslversion
Content-Secure-Policy
DCR-Decision-By
DCR-Processing-Time-Ms
Cdn-Request-Time
Cdn-Host
A
Candidate-Md5Url
Gannett-Cam-Experience-Id
Lang
Odigeo-Trace-Id
Origin-Agent-Cluster
Rendered-Blocks
Ngx.Var.Host
Meta-Geo-Continent
Magicmarker
MD5-Digest
X-Content-Age
X-Core-Value
X-Rojux
X-ScT
X-SRCache-Key
X-Req
X-Origin-Expires
X-Op-Id-All
X-Org
X-TIM-N
X-V-Cache
X-Via-Fastly
X-Viewer-Country
X-Vtex-Remote-Cache
X-Vdms-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-ND-Cache
X-Level-Front-Cache
X-Developer
X-Dispatcher-Server
X-Ec-Fail
X-DefHash
X-DefElseHash
X-Custom-Header
X-D
X-Ec-GeoHdr
X-Edge-Server
X-Gzip
X-Ig-Origin-Region
X-Ig-Push-State
X-GeoIP-City
X-Fastly-Backend
X-Epic-Correlation-Id
X-Esi-Check
X-LSADC-Cache
X-Generated-On
X-LiteSpeed-Cache-Control
X-Service
X-Client-Ip
Mime-Version
X-DC
X-Tx-Id
User-Cache-Control
X-Fmm-Version
X-Forwarded-Site
X-FC-Vary-Parameters
X-DPWN-IS-SECURE
X-Gdpr
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-GeoIP
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Dc
X-Jobs
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Geo-Header
X-Clientip
X-GeoIP-Country-Code
X-Gen-Mode
X-CacheTTL
V-Age
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
Tube-Return
Tube-Got-Results
Ssr
Tube-Get-Contents
Tube-Got-Eval
X-AK-Request-ID
X-Amz-Storage-Class
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Info
X-NGINX-Cache
X-Block-Status
X-Bip
X-App-Name
X-B3-Trace-ID
X-Backend-Instance
X-Loc
X-Micro-Cache
HostName
X-Varnish-Director
X-Varnish-Hostname
X-VG-TLSProxy
X-UA-Device-Type
X-Thanos
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-VG-WebCache
X-VTEX-Cache-Server
PFcat
X-HN
X-NodeID
X-VarnishDD-TTL
Fastly-SSL
Cache-Provider
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Sn-Servicetimems
X-Server-IP
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform
X-Node-Id
X-NMSegId
Server-Host
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Policy
X-Powered-By-VTEX-Cache
X-Request-Time
X-SB
X-Scheme
X-SD-PageType
X-Region-Sid
X-RateLimit-Remaining-Second
X-Proto
X-Pubstack
X-RateLimit-Limit-Second
X-Men
X-Nyt-Route
Country-Code
Producers
Click-Count-Error
Click-Count-Action-Start
Cdnsip
Edge-Cache
Platform
Is-Eu
NM-Fastcgi-Cache
Host-ID
Fastly-Backend-Name
Esi-Enabled
Cdncip
Powered-By
Adler-Geo
AKAMAI
RNT-Time
Req-ID
RNT-Machine
L5d-Success-Class
L
Ha-Gx-Prefs
X-Slack-Backend
Gh-Request-Id
X-Slack-Shared-Secret-Outcome
X-Fastly-Cache
True-Client-Country-4JS
Server-Ext
X-Access
Mail-Subject
X-Date
X-CUA
X-Eu-Site
X-Csrf-Jwt
X-Depends
W
CDCHOST
X-CGP
X-Ec-Custom-Error
Fastly-GeoIP-CountryCode
X-Mvc-Supplant-OutputCached
Content-Style-Type
X-We-Are-Hiring
X-Human
Content-Script-Type
Cluster
C-Via
X-Request-Host
X-Request-Start
DSUID
X-Varnish-Beresp-Status
X-Var-Ttl
Apple-News-Services-Host
X-Proxied-Request
Apple-News-Services-Parsed-Url
X-Varnish-Authentication
Apple-News-Services-Handled
X-Hash
X-Contensis-Viewer-Groups
Yak-Timeinfo
Apple-News-Services-Request-Url
HA-Ipaddr
Origin-CC
Server-Hostname
X-Auto-Login
Origin
On-Server
X-BBC-Edge-Cache-Status
Origin-EX
Sever-Int
Release
Req-Svc-Chain
Proxy-Firewall
We-Hiring
Web-Mar-Region
X-Cache-Aspx
X-Accel-Expires-Debug
Server-Info
NGX
X-Section
X-Cdn-Srv
XM
X-Varnish-Beresp-Ttl
Machine
Debug
X-Pool
X-Varnishpool
X-Nginx-Cache-Key
X-Cs
Pramga
X-Location
BehaviorPad-Version
Canary
Cache-Key
X-AIR-PT
Fusion-Component-Id
X-RateLimit-Reset
Fusion-Deployment-Id
X-Ad-Load-Variation
X-WA-Info
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Varnish-Hits
X-LB-ID
Redirect-Candidate
X-APP
X-Device-Os
X-Zone
X-Via-Popn
X-Newrelic-Synthetics
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Via-Poph
X-Via-Popv
X-MP-GENERATED-AT
X-HA-Backend
SID
X-Tec-Api-Root
CDN-RequestId
X-Tec-Api-Version
X-Tec-Api-Origin
X-NCache
X-Akamai-Transformed
X-Content-Length
Pics-Label
X-Up
X-From
GeoIP-Latitude
X-LiteSpeed-Tag
Fastly-Drupal-HTML
X-B3-Parentspanid
X-VHOST
CloudFront-Viewer-Country
X-Jungle-Id
X-Cache-Backend
X-Servedbyhost
X-Refresh
X-Nananana
X-Vdms-Path
X-Parent-Response-Time
X-Origin-Cache-Key
X-Litespeed-Tag
Vc-Max-Age
Fastly-Drupal-Html
X-Nc
X-LB-NoCache
X-Dispatcher-Number
X-CDN-Cache-Status
WP-Super-Cache
Product
X-CACHE-KEY
X-Cached-By
X-RequestId
X-ZONE
X-Uri
X-Datadome
X-DynaTrace-JS-Agent
Resin-Trace
Datacenter
X-VC-TTL
X-ApacheServer
Server-ID
X-M-Reqid
X-M-Log
X-Render-Time
X-PERF
X-Wa
X-CS
NtCoent-Length
Cdn
GeoIp-Country-Code
X-Ckpd-Fst-Backend
X-Amz-Meta-Cb-Modifiedtime
X-B3-Spanid
S-Rt
X-Bug-Bounty
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
FSS-Cache
ServerName
X-TX-ID
X-Fpc
Locid
Uri
X-HubSpot-Correlation-Id
X-TT-LOGID
X-VCache
True-Client-IP
Serverhost
X-Esi
True-Client-Ip
X-HostName
X-SERVER-NAME
Srv
X-Nf-Country
X-Nf-Language
X-Nf-Ats-Version
User-Agent
X-Akamai-Device-Characteristics
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Vmg-Version
X-Original-Request-Id
X-FPC
Tcn
X-Response-Served-From
X-Old-Content-Length
CDN
X-Srv
X-TIME
X-WA
Ngx-Var-Key
X-Info
ServerHost
X-NewRelic-App-Data
X-Gamma-Serve
X-Cdn-Cache-Status
X-Cdn-Forward
X-Webkit-Csp-Report-Only
X-Hit
Request-ID
CacheControlHeader
X-Vgn-Hpd-Reason
Xc-Version
X-Vc
X-APP-VERSION
Server-Id
Cf-Ipcountry
X-Moov-Xdn-Version
Expect-Staple
X-TH-Server
X-NC
X-Moov-T
X-COUNTRY
Hostname
Srvid
X-FL-QIT-DEBUG
X-Dispatch
Cneonction
X-Amz-Meta-Opti
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Lb-Nocache
X-Presslabs-Stats
X-V
Geoip-Latitude
Cloudfront-Viewer-Country
Cf-Device-Type
X-ServedByHost
X-Geo
PICS-Label
Permission-Policy
X-B-Cookie
N-Cache
X-Rollout
X-Platform-Server
X-New
X-Eligible
WZWS-RAY
X-Application
X-S-Cookie
X-Destination
X-User
Cross-Origin-Embedder-Policy-Report-Only
X-External-Request-Id
X-Oracle-DMS-ECID
X-VCL-Version
Origin-Trial
X-Ha-Backend
X-Via-PopH
X-Zen-Fury
X-Limited
X-Via-PopV
XkeyRZ
X-Via-PopN
X-Proxy-CacheRZ
Epwk-X-Cache
X-Ftr-Request-Id
X-Internal-TTL
X-ElasticPress-Query
X-Rocket-Build-Number
X-Ua
X-Sigma
X-Sigma-Backend
X-Instance-Name
X-Akamai-Pragma-Client-IP
X-Correlation-ID
X-Cache-Date
Ohc-File-Size
X-App
Rtss
X-Lb-Id
X-EC-Lua
X-MSEdge-Flight
X-Path
X-MiniProfiler-Ids
X-VTEX-Cache-Backend-Connect-Time
X-VServer
Edge-Copy-Time
Cl-Cache
X-Branch-Name
X-Check-Cacheable
X-VTEX-Cache-Backend-Header-Time
X-Serial
X-API-Version
X-Segment-20210421
X-Litespeed-Cache-Control
X-MSEdge-Features
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Sqd-Stime
X-Sqd-Ctime
X-Wp-Cf-Super-Cache
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Acquia-Application-UUID
Timeexpire
X-Web-Server
WebServer
X-Acquia-Application-Trace
Sm-Log-Id
X-Service-Response-Time
Cmsid
X-SIPLIST1
IsBot
Cmstype
X-Acquia-Site
X-Acquia-Purge-Tags
X-Datacenter
X-CSRF-TOKEN
X-LAGOON
Servername
CountryCode
X-CDN-Origin
X-Traceid
X-Snapshot-Date
X-Ramcache
X-DynaTrace
Fl-Custom-Application
X-Irp-Debug
X-Sorting-Hat-Shopid
X-IN-APIGATEWAYSSL
X-Th-Server
Warning
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Origin-Upstream-Status
X-Shardid
Wpo-Cache-Status
Ngx
X-Fastly-Backend-Reqs
Wpo-Cache-Message
Ohc-Cache-HIT
X-Shopid
X-Sorting-Hat-Podid
X-RAMCache