Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Xss-Protection
X-Cache-Hits
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-Robots-Tag
X-Server
X-AH-Environment
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
X-Ws-Request-Id
Xkey
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dispatcher
Allow
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
X-Litespeed-Cache
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
P3p
X-Node
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country
X-CST
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Server-Name
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Oneagent-Js-Injection
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Webkit-Csp
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-GitHub-Request-Id
X-Upstream
Edge-Control
X-D2id
X-MS-InvokeApp
X-Ac
Verso
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Element-Page-Cache
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Ser
X-Vcap-Request-Id
X-Cache-TTL
X-FastCGI-Cache
X-Abt-Application-Version
X-Navigation-Version
X-B3-TraceId
AR-CACHE
X-Mod-Pagespeed
X-Dw-Request-Base-Id
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Aws-Lambda-Call-Status
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Client-IP
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Mg-S
Edge-Cache-Tag
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ruxit-Js-Agent
S
X-Powered-CMS
Response
X-Middleton-Response
Cache-Status
X-Amzn-Trace-Id
X-Goog-Hash
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Fastly-Request-ID
X-ARC
X-Cache-Key
RTSS
X-RateLimit-Remaining
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-T
X-Ratelimit-Limit
Realpath
X-Correlation-Id
X-Server-ID
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
X-Varnish-TTL
X-Cached
MS-Author-Via
X-PDP-UNCACHING-HASH
X-NODE
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Ratelimit-Remaining
Content-MD5
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Ua-Browser
X-FTR-Cache-Status
X-Ttl
X-Protected-By
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-Request-Received
Payment
Public-Key-Pins
X-Shield-Request-Id
X-Request-Processing-Time
Server-Node
X-Forwarded-Proto
X-HS-Combine-CSS
X-LLID
X-Frontend
TP-Cache
X-SRCache-Store-Status
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
X-Distributor
X-FTR-Expires
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-TTL
X-Accel-Expires
X-Kong-Upstream-Latency
X-ORACLE-DMS-RID
X-Kong-Proxy-Latency
Count-Hit
X-GUploader-UploadID
X-Origin-Server
X-LB-Cache
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-TEC-API-VERSION
X-Origin-Cache-Key
X-TEC-API-ORIGIN
X-Content-Security-Policy-Report-Only
X-TEC-API-ROOT
X-PressLabs-Stats
X-Activity-Id
X-AppVersion
X-Az
Host
Mrf-Cache-Status
X-Www-Served-By
X-B3-TraceId-Primal
MRF-Tech
X-Hits
X-Cluster-Name
X-App-Server
X-Varnish-Server
X-Varnish-Backend
Retry-After
Cache-Tags
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Ua-Device
X-Newrelic-App-Data
Cleartype
X-Geo-Country
X-Hostname
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Goog-Metageneration
X-ORACLE-DMS-ECID
Referer-Policy
X-CSRF-Token
X-Upgrade-Enabled
X-DIS-Request-ID
TP-L2-Cache
X-Git-Hash
X-Seen-By
Access-Control-Allow-Method
TCN
X-Azure-Ref
X-Unique-Id
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Filterid
X-Tt-Trace-Host
X-F-Cache
X-Tt-Trace-Tag
X-Load-Cache
X-Proxy
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Id
X-Revision
Section-Io-Cache
Healthy
X-Request-Guid
X-Grace
X-Trace-Id
X-Cache-Control
X-B
X-B3-Sampled
X-Px
DC
X-TT
X-Debug-Info
Paypal-Debug-Id
X-Contextid
X-Type
X-Page-Id
X-Logged-In
X-FB-Debug
X-Fb-Rlafr
X-Varnish-Ttl
X-Mobile
X-N
X-Debug
X-Oracle-Dms-Ecid
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-RateLimit-Limit
X-Whom
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
Fastly-SWR
X-Goog-Stored-Content-Encoding
Fastly-SIE
X-XRDS-LOCATION
X-Oracle-Dms-Rid
X-Datadog-Parent-Id
Charset
X-Template
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
Version
X-Via-JSL
Content-Disposition
X-Time
X-Cache-Grace
X-Varnish-Grace
X-Wix-Request-Id
X-Magnolia-Registration
X-Webkit-CSP
X-App-Environment
X-EdgeConnect-Cache-Status
X-Language
X-Signature
X-B-Cache
X-Origin-Cache
X-B3-SpanId
X-Rid
X-Node-Name
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-ProcessESI
SRV
X-RemovedCookies
X-Amz-Replication-Status
X-Debug-IsPreview
X-Debug-IsConnected
X-Datadog-Sampled
X-Rule
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-UUID
X-RTag
X-Tumblr-User
X-Tumblr-Pixel-0
X-Hl-Ver
X-G
Ms-Operation-Id
X-Tumblr-Pixel-1
X-Tumblr-Pixel
MS-CV
X-FW-Version
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
ServerID
GEO-INFO
X-Backend-Name
X-FW-Type
X-Storage
X-FW-Dynamic
X-Instance
X-Amzn-Remapped-Content-Length
X-FW-Static
X-FW-Server
X-FW-Serve
X-Cacheable-TTL
SD-X-WS
Liferay-Portal
X-Device-Type
X-NYM-Debug-Backend
X-Is-Bot
X-Rendered-As
NGB
X-Proxy-Cache-Info
X-Region
X-Environment-Context
X-Status
Country
X-Cache-Hit
X-RateLimit-Reset
X-User-Agent
X-IPS-LoggedIn
X-L-Path
Surrogate-Key
Countrycode
X-Real-IP
X-Cache-Age
X-Source
X-ServerID
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
Akamai-GRN
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Sucuri-ID
X-WP-CF-Super-Cache-Active
OT-Force-Account-Verify
X-Servername
X-UA
From-Origin
X-VC-Cache
X-Xrds-Location
X-RM-Cache-TTL
Front
Upgrade-Insecure-Requests
X-Framework
X-Air-Pt
Backend
X-WebKit-CSP-Report-Only
X-INCAP-ABP
X-Mode
X-Wormhole-Sdk
Refresh
X-AB
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Akamai-Request-ID2
X-Cache-Time
X-Content-Powered-By
X-DataDome
Xet-Cookie
X-Handled-By
X-Nginx-Cache
X-URL
X-HTML-Minification-Powered-By
X-Edge-Location
Frame-Options
X-Endurance-Cache-Level
Url
X-RCS-CacheZone
X-JoinUs
X-Timing-Wait
X-Origin-TTL
X-Rewrite-Enabled
X-SaId
X-Rn-Rsrv
X-Vcache
X-Origin-CC
X-UPSTREAM-Address
X-Webstats-RespID
X-SRV
X-Xfnlog-Site
Selected-Fe
X-Proxy-Build
Meta-Geo
Filters
X-CDN-Forward
WPO-Cache-Status
X-Container-Uri
X-Origin
X-No-Session
X-Git-Commit
X-LJ-Flow-ID
X-Logging-Id
X-Drupal-Cache-Tags
WPO-Cache-Message
Accept-Language
Atl-Traceid
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
ServedBy
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
X-Cluster
Cache
X-Cache-Rule
X-AWS-Id
X-Akamai-Edgescape
Webcakes-App-Version
Webcakes-Region
X-Origin-Date
X-Cache-Operation
X-Labrador-Cache-Channel
Webserver
X-Origin-Hint
X-VWS-Id
X-Reqid
X-Provided-By
X-Served-From
Access-Control-Request-Headers
X-PHP-Host
X-Tumblr-Pixel-2
X-Routing-Service
Web-Mar-Node
X-Adobe-Source
X-Azure-Ref-OriginShield
X-Drupal-Cache-Contexts
X-Buckets
X-Restarts
X-Scope-Id
X-Cloudmap
X-Cache-Debug
X-Tb
X-Shield-Cache-Expires
X-Redis-Cache
X-CMSURLCustom
X-Thinkindot-L3
X-Site-Version
X-Fetched-On
TDXMobile
Thinkindot-CacheControl
Cache-Hits
Thinkindot-CacheControl-Type
X-Web-Node
Section-Io-Id
X-Zipkin-Id
Mn-Server-Ip
X-Locale
X-Proxied
X-Extlb
X-IPLB-Request-ID
X-VCT
X-Varnish-Cache-Hits
X-Accel-Version
X-IPLB-Instance
X-R9-Blue-Green-Version
X-Hosted-By
Thinkindot-Control
X-Soup
X-Upstream-Ht
X-Tncms
X-Tcp-Rtt
X-Upstream-Ct
X-SayCDN-TTL
X-Is-Tablet
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Desktop
X-ProxyCache-Status
X-ProxyCache-Key
X-Ms-Version
X-Ms-Request-Id
X-Loop
X-Lambda-Id
X-Httpd
X-Generation-Time
X-Say-TTL
X-Cms-Context
X-BYPASS-REASON
X-Browser-Name
X-Say-Cacheable
X-S
X-Frame-Option
X-Forwarded-Host
X-Format
X-Director
X-Skip-Cache
X-Geo-Region
X-VC
Apigw-Requestid
X-Cache-Status-Check
X-Varnish-Age
X-Varnish-Beresp-Grace
X-Alternate-Cache-Key
X-Cache-Host
X-Detected-As
X-GeoCode
X-Storefront-Renderer-Rendered
X-ShopId
X-ShardId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-GeoCountry
Xserver
X-Cdn-Origin
X-Generated-By
X-Optimistic-Header
X-Lagoon
X-Rocket-Nginx-Serving-Static
X-RID
X-TA-CDN-Provider
LB
X-Ratelimit-Reset
X-Vercel-Id
Source
X-Vercel-Cache
Azure-SiteName
Azure-Version
X-Worker
X-Request-URI
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Node
X-XRDS-Location
X-B3-Traceid
Protected
Fastcgi-Useragent
X-WP-CF-Super-Cache-Cookies-Bypass
CDN-EdgeStorageId
X-Fastcgi-Cache
X-Vcl-Version
CDN-RequestPullSuccess
CDN-PullZone
CDN-RequestPullCode
CDN-Uid
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
Cross-Origin-Embedder-Policy
X-App-Version
Expiry
X-Connection-Hash
X-Pass-Why
X-GEO
Onion-Location
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Cache-Expired-At
Alternate-Protocol
X-Tumblr-Pixel-3
X-ID
X-Cache-Server
X-Tec-Api-Version
CDN-RequestId
X-Tec-Api-Root
X-Tec-Api-Origin
X-Api-Version
X-PHP-Backend
DB-Nickname
X-Jobs
AMP-Access-Control-Allow-Source-Origin
X-Server-W
Environment
Priority
CF-IPCountry
Uber-Trace-Id
X-Proxy-Cache-Status
X-DC
X-Cache-Action
X-Fastly-Request-Id
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Cluster-Node
Locale
X-LSADC-Cache
User-Cache-Control
Cdn-Requestid
X-Tt-Logid
X-Mg-Request-UUID
X-Ismobilevalue
X-MP-GENERATED-AT
Sid
X-Tx-Id
HostName
Candidate-Md5Url
X-A-Dcw
X-Developer
X-Content-Age
X-D
Cache-Tv-Group
X-Device-Os
X-A-Dgt
Origin-Agent-Cluster
X-NCache
Fusion-Deployment-Id
Fusion-Source
X-A-Dam
X-Forwarded-Site
Fusion-Content-Source
Fusion-Template-Id
Gannett-Cam-Experience-Id
X-Conf
X-Ec-Fail
X-ND-Cache
X-Ec-GeoHdr
X-Dispatcher-Server
X-Level-Front-Cache
Meta-Geo-Continent
MD5-Digest
X-Bl-Debug
Ngx.Var.Host
X-Block-Status
X-GeoIP-City
Magicmarker
X-Bc-Bl
A
X-BCube-Filmed-By
X-Bip
X-Gzip
X-Hnp-Log
X-Aed
X-A-Wwc
X-Jungle-Id
X-Clientip
X-Gen-Mode
X-Generated-On
X-Cache-Id
Origin
X-Ig-Origin-Region
X-Cache-NE
X-Origin-Expires
X-Op-Id-All
Req-ID
X-Vdms-Version
X-Vdms-Path
Wxu-Next-Region
X-Epic-Correlation-Id
Rendered-Blocks
X-TIM-N
X-Response-Served-From
X-A-Ccd
Server-Host
T-Server
DCR-Processing-Time-Ms
Surrogated-Key
Vix-Hermes-Req-Id
X-Request-Start
Wxu-Next-Hostname
DCR-Decision-By
Wxu-Next-Commit
X-A
X-Viewer-Country
X-Vtex-Remote-Cache
X-Esi-Check
Sslversion
X-Thanos
Fusion-Component-Id
X-Varnish-Beresp-Ttl
X-Rojux
Fusion-Content-Id
Lang
X-ScT
X-Original-Request-Id
X-VTEX-Cache-Server
X-UA-Device-Type
X-VTEX-Cache-Time
X-Powered-By-VTEX-Cache
X-SRCache-Key
X-FB-TRIP-ID
Content-Secure-Policy
X-Client-Ip
X-Uri
X-Zone
X-Origin-Response-Time
X-App-Name
X-Auth-Group-Type
Server-Ext
Origin-EX
Powered-By
X-Ig-Push-State
PFcat
Sever-Int
Release
Origin-CC
NM-Fastcgi-Cache
X-AK-Request-ID
Ssr
Server-Hostname
X-Amz-Storage-Class
X-Edge-Server
X-Platform
X-Policy
X-PAYTM-SRV-ID
X-Origin-Time
X-Org
X-Fmm-Version
X-FC-Vary-Parameters
X-Req
X-Region-Sid
X-Pubstack
X-Proto
X-Nyt-Route
X-Node-Id
X-GeoIP-Region-Code
X-HN
X-Geo-Header
X-GeoIP
X-GeoIP-Country-Code
X-HS-Content-Campaign-Id
X-Loc
X-Gdpr
X-NMSegId
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Request-Time
X-SB
X-Debug-Cache-Fetch
X-CUA
X-Debug-Cache-Store
Yak-Timeinfo
XM
X-Core-Value
X-Cdn-Srv
X-Backend-Instance
X-Cache-Bucket
X-Cache-Info
X-Cache-TTL-Remaining
X-WA-Info
X-Via-Fastly
X-V-Cache
X-Test
X-Scheme
X-Fastly-Cache
X-Var-Ttl
X-Varnish-Director
X-VG-WebCache
X-Varnishpool
X-VarnishDD-TTL
X-Varnish-Hostname
X-Auto-Login
Cdn-Host
C-Via
DSUID
AKAMAI
Content-Style-Type
Fastly-SSL
Content-Script-Type
Fastly-Backend-Name
Edge-Cache
Cdn-Request-Time
Cache-Provider
Cdncip
CDCHOST
Cdnsip
X-TT-LOGID
X-SVT-ORM-VERSION
Apple-News-Services-Handled
X-BBC-Edge-Cache-Status
Adler-Geo
X-B3-Trace-ID
Apple-News-Services-Parsed-Url
WP-Super-Cache
Cache-Key
X-Acquia-Purge-Cdn-Unconfigured
X-Access
Canary
X-Aicache-OS
X-VG-TLSProxy
X-Varnish-Authentication
X-SVT-ORM-RULES
X-Varnish-Beresp-Status
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Sn-Servicetimems
X-Ec-Custom-Error
X-Men
X-DPWN-IS-SECURE
X-Micro-Cache
X-Mvc-Supplant-OutputCached
X-Mly-Id
X-Location
X-Human
X-GoCache-CacheStatus
X-From
X-Fastly-Backend
L5d-Success-Class
X-Eu-Site
X-ECache
X-Csrf-Jwt
X-Section
X-SD-PageType
X-Server-IP
X-Cache-Backend
X-Cache-Aspx
X-Request-Host
X-RateLimit-Remaining-Second
X-Proxied-Request
X-Pool
X-Contensis-Viewer-Groups
X-RateLimit-Limit-Second
X-CGP
X-Service
X-Ad-Load-Variation
Producers
Pramga
Platform
X-LiteSpeed-Cache-Control
Redirect-Candidate
Esi-Enabled
X-Wikidot-Static-Cache
RNT-Time
RNT-Machine
Req-Svc-Chain
X-Tb-Optimization-Total-Bytes-Saved
Gh-Request-Id
Is-Eu
Mail-Subject
L
Machine
Host-ID
HA-Ipaddr
Ha-Gx-Prefs
On-Server
Odigeo-Trace-Id
X-Wikidot-Backend
Fastly-GeoIP-CountryCode
V-Age
Country-Code
Tube-Got-Results
Click-Count-Error
W
Click-Count-Action-Start
Web-Mar-Region
We-Hiring
Tube-Got-Eval
Tube-Return
True-Client-Country-4JS
Tube-Get-Contents
X-We-Are-Hiring
Cluster
Proxy-Firewall
X-Slack-Shared-Secret-Outcome
X-Custom-Header
NGX
X-Hash
X-Up
X-Accel-Expires-Debug
X-PERF
X-Date
X-Render-Time
X-Slack-Backend
X-NodeID
X-CacheTTL
X-ApacheServer
X-AIR-PT
SID
X-Newrelic-Synthetics
X-LB-ID
Debug
X-NGINX-Cache
X-Cs
Fastly-Drupal-HTML
X-DefElseHash
X-Varnish-CookieHashed-On
X-DefHash
X-Varnish-CookieINHashed-On
X-Varnish-Hits
X-Dc
X-COUNTRY
X-Ah-Environment
X-Nananana
X-Varnish-Remaining-TTL
Mime-Version
X-Pad
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Depends
X-CACHE-GROUP
X-HA-Backend
Datacenter
Pics-Label
CloudFront-Viewer-Country
X-Nf-Request-Id
X-Servedbyhost
X-Akamai-Transformed
X-Refresh
Locid
X-CACHE-AGE
X-VHOST
X-Amz-Meta-Cb-Modifiedtime
X-Cache-FS-Status
X-VC-TTL
GeoIP-Latitude
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-TIME
X-Datadome
X-M-Log
X-LB-NoCache
X-M-Reqid
X-Parent-Response-Time
X-B3-Parentspanid
X-Old-Content-Length
X-Cached-By
Ngx-Var-Key
X-LiteSpeed-Tag
X-HITS
X-Litespeed-Tag
Server-Info
Resin-Trace
Server-ID
X-CS
Cdn
X-TH-Server
X-CDN-Cache-Status
X-Moov-Xdn-Version
X-Moov-T
BehaviorPad-Version
X-Wa
X-Nc
Cf-Ipcountry
X-DynaTrace-JS-Agent
Fastly-Drupal-Html
X-APP
Cross-Origin-Embedder-Policy-Report-Only
GeoIp-Country-Code
X-Presslabs-Stats
X-IAuth-Set-Uid
NtCoent-Length
X-Fpc
X-Vgn-Hpd-Reason
X-VCache
X-S-Cookie
X-User
X-B-Cookie
Cf-Device-Type
X-NewRelic-App-Data
X-Application
X-Content-Length
FSS-Cache
X-Vc
X-ZONE
X-External-Request-Id
X-Destination
X-Esi
Uri
True-Client-Ip
True-Client-IP
Serverhost
X-Zen-Fury
X-TX-ID
CDN
X-HostName
X-Dynatrace-Js-Agent
X-Srv
X-Cache-Date
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Instance-Name
X-Varnish-Beresp-TTL
X-Dispatcher-Number
Load-Balancing
X-API-Version
X-Aspnet-Duration-Ms
X-Flags
S-Rt
X-VServer
Tcn
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
GeoIP-Country-Code
Vc-Max-Age
X-DynaTrace
X-Oracle-DMS-ECID
X-Segment-20210421
X-Branch-Name
X-Cdn-Cache-Status
Srv
X-HOST
X-RequestId
Hostname
Request-ID
X-FPC
X-NC
X-Webkit-Csp-Report-Only
Product
X-WA
X-Dispatch
X-CACHE-KEY
X-Cdn-Forward
Ohc-File-Size
X-Page-View
X-DataCenter
X-B3-Spanid
X-APP-VERSION
Srvid
Server-Id
X-FL-QIT-DEBUG
Geoip-Latitude
ServerName
X-Ckpd-Fst-Backend
Type
X-Bug-Bounty
X-Lb-Nocache
X-Http-Reason
X-Geo
X-Sql-Count
X-Sql-Duration-Ms
X-SERVER-NAME
X-Irp-Debug
DataCenter
X-ServedByHost
CacheControlHeader
Cl-Cache
X-VCL-Version
X-Via-CDN
X-Via-Edge
IsBot
Ohc-Cache-HIT
Epwk-X-Cache
X-Via-SSL
Cloudfront-Viewer-Country
X-SIPLIST1
Origin-Trial
Edge-Copy-Time
X-Owner
WZWS-RAY
X-Cache-Ttl
X-App
X-Proxy-CacheRZ
X-Correlation-ID
X-Ua
X-Core-Mission
MIME-Version
XkeyRZ
Cross-Origin-Opener-Policy-Report-Only
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Ha-Backend
PICS-Label
X-Nf-Language
X-HubSpot-Correlation-Id
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Nf-Ats-Version
X-Nf-Country
Cneonction
X-Akamai-Device-Characteristics
N-Cache
X-Hit
X-Lb-Id
X-CSRF-TOKEN
X-Qloud-Router
ServerHost
User-Agent
X-MiniProfiler-Ids
X-MSEdge-Features
X-MSEdge-Flight
X-Vmg-Version
Lb
X-Web-Server
Cmstype
X-Fastly-Country-Code
X-Gamma-Serve
X-Acquia-Application-Trace
X-Info
X-Acquia-Purge-Tags
X-Service-Response-Time
Cmsid
X-Sqd-Stime
X-Sqd-Ctime
X-Limited
X-Acquia-Site
X-Acquia-Application-UUID
CountryCode
X-Amz-Meta-Opti
Warning
X-Datacenter
Sm-Log-Id
X-LAGOON
Servername
X-Litespeed-Cache-Control
X-Serial
X-Check-Cacheable
X-RAMCache
X-Requestid
X-Proxy-Cache-La3
X-Akamai-Pragma-Client-IP
X-Th-Server
X-IN-APIGATEWAY
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
Xkey-La3
Xkeylog
X-Udemy-Cache-App-Namespace
Ngx
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Snapshot-Date
X-Ramcache