Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Generator
X-Ua-Compatible
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Permissions-Policy
Host-Header
EagleId
Keep-Alive
X-Cache-Group
Request-Context
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Proxy-Cache
X-Server
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-Backend-Server
Cf-Railgun
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Node
Request-Id
X-Cloud-Trace-Context
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Litespeed-Cache
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
Cache-Tag
X-Url
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Daa-Tunnel
Nginx-Cache
X-Server-Name
AR-ATIME
AR-Request-ID
AR-SID
AR-PoweredBy
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
X-FTR-Request-ID
Accept-Ch
X-Ac
X-Element-Page-Cache
X-D2id
Edge-Control
X-ESI
X-GitHub-Request-Id
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-CST
Verso
AR-CACHE
X-Ser
X-MS-InvokeApp
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Navigation-Version
X-B3-TraceId
Fastly-Restarts
X-ECACHE
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-Mod-Pagespeed
X-Instrumentation
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-Client-IP
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
X-Oneagent-Js-Injection
Edge-Cache-Tag
X-Amzn-Trace-Id
S
X-Version
Cache-Status
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-NF-Request-ID
RTSS
X-Ratelimit-Remaining
Realpath
X-TTL
X-Cache-Key
X-T
X-Forwarded-For
X-Content-Digest
Cross-Origin-Resource-Policy
X-Recruiting
X-Cached
X-Correlation-Id
Fastcgi-Cache
X-ORACLE-DMS-RID
X-Fastly-Request-ID
X-MSEdge-Ref
X-Shield-Request-Id
X-TraceId
X-Varnish-TTL
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Browser
X-Request-Received
X-Request-Processing-Time
Arr-Disable-Session-Affinity
X-Frontend
X-PressLabs-Stats
X-LLID
TP-Cache
X-Forwarded-Proto
X-HS-Hub-Id
X-HS-Cache-Config
X-Protected-By
X-HS-Content-Id
X-RateLimit-Remaining
Server-Node
Payment
Count-Hit
Public-Key-Pins
MS-Author-Via
X-Ruxit-Js-Agent
Content-MD5
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Accel-Expires
X-HS-Combine-CSS
X-GUploader-UploadID
X-Distributor
X-LB-Cache
X-Origin-Server
X-Server-ID
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Newrelic-App-Data
X-Ezoic-Cdn
X-NODE
X-ORACLE-DMS-ECID
Surrogate-Key
X-HP-Webp
X-Request-Handler-Origin-Region
X-HP-Trace-Id
X-Microsite
X-Jurisdiction
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-Content-Security-Policy-Report-Only
X-Varnish-Server
X-Www-Served-By
Accept-Charset
Host
X-Activity-Id
X-Az
X-App-Server
X-AppVersion
Cleartype
Mrf-Cache-Status
MRF-Tech
X-Cluster-Name
X-B3-TraceId-Primal
Cache-Tags
X-Amz-Meta-S3cmd-Attrs
Retry-After
X-Varnish-Backend
X-FTR-Expires
Filterid
X-Goog-Metageneration
X-Unique-Id
X-Ua-Device
X-Debug
X-Ttl
Server-Name
X-Git-Hash
Access-Control-Allow-Method
X-Hits
X-Logged-In
X-Load-Cache
X-Aspnet-Version
X-Id
X-Azure-Ref
X-Upgrade-Enabled
X-Envoy-Decorator-Operation
X-Geo-Country
X-NGENIX-Cache
X-CSRF-Token
X-FB-Debug
X-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
TCN
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Proxy
TP-L2-Cache
X-B
Section-Io-Cache
X-Seen-By
X-TT
X-Request-Guid
X-Revision
DC
Viewport
X-B3-Sampled
X-Grace
X-Type
X-Cache-Control
X-Fb-Rlafr
X-Contextid
X-Trace-Id
Healthy
X-Time
X-Varnish-Ttl
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-F-Cache
X-CCDN-CacheTTL
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
Fastly-SIE
Fastly-SWR
X-N
X-Mobile
Content-Disposition
X-XRDS-LOCATION
X-Ratelimit-Reset
Paypal-Debug-Id
Referer-Policy
X-WP-CF-Super-Cache-Cache-Control
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-WP-CF-Super-Cache
X-Varnish-Grace
X-Nf-Request-Id
X-Amz-Replication-Status
X-DIS-Request-ID
X-Magnolia-Registration
X-Debug-Info
X-Page-Id
X-Via-JSL
X-Origin-Cache
X-Webkit-CSP
X-Wormhole-Sdk
X-Px
Version
X-RemovedCookies
X-Datadog-Parent-Id
X-G
X-ProcessESI
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-UUID
X-Node-Name
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Content-Options
X-Tumblr-Pixel
X-Whom
X-App-Environment
X-Tumblr-User
X-Debug-IsConnected
X-Debug-IsPreview
X-Adobe-Loc
X-Oracle-Dms-Ecid
X-Adobe-Content
X-RTag
X-Rule
VIX-Pulpo-Upstream-Status
X-Storage
X-Source
SD-X-WS
X-Template
NGB
VIX-Pulpo-Node
MS-CV
Ms-Operation-Id
X-Ismobilevalue
X-Rendered-As
X-Signature
X-B-Cache
X-Hl-Ver
X-Cacheable-TTL
X-Datadog-Sampled
X-Is-Bot
Cross-Origin-Window-Policy
X-NYM-Debug-Backend
X-Yottaa-Metrics
X-Wix-Request-Id
X-Instance
X-Region
X-Yottaa-Optimizations
X-FW-Version
X-Status
Amp-Access-Control-Allow-Source-Origin
X-Proxy-Cache-Info
X-FW-Hash
X-FW-Type
X-L-Path
X-User-Agent
X-Environment-Context
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Dynamic
X-Backend-Name
GEO-INFO
X-ServerID
X-Rid
Country
X-Device-Type
Charset
X-IPS-LoggedIn
X-RM-Cache-TTL
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
Front
ServerID
Akamai-GRN
Countrycode
X-URL
X-Cache-Age
X-WP-CF-Super-Cache-Active
X-Real-IP
X-Cache-Grace
X-Framework
SRV
X-Amzn-Remapped-Content-Length
X-B3-SpanId
Liferay-Portal
X-AB
X-Cache-Hit
X-Language
X-Air-Pt
X-ECache
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Content-Powered-By
X-Oracle-Dms-Rid
X-Api-Version
X-Servername
X-Air-Trace-Id
X-Fastly-Request-Id
X-Air-Source
OT-Force-Account-Verify
X-Air-Hostname
X-Sucuri-ID
X-DataDome
Xet-Cookie
X-Sucuri-Cache
X-UA
X-VC-Cache
Accept-Language
From-Origin
X-Mode
Backend
X-SRV
X-VC
Access-Control-Request-Headers
X-Xrds-Location
Refresh
LB
X-Aws-Lambda-Call-Status
X-Cache-Status-Check
X-Handled-By
X-HTML-Minification-Powered-By
Upgrade-Insecure-Requests
X-Cache-Time
X-Tt-Logid
X-SaId
X-Rn-Rsrv
X-Rewrite-Enabled
Meta-Geo
Filters
X-JoinUs
X-RCS-CacheZone
Webserver
X-RID
X-UPSTREAM-Address
Webcakes-Region
X-Varnish-Age
Webcakes-App-Version
X-Tumblr-Pixel-2
X-Adobe-Source
X-Container-Uri
Webcakes-App-Name
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-PHP-Host
TWC-Locale-Group
TWC-Device-Class
TWC-Privacy
X-Request-URI
Property-Id
X-Mg-Request-UUID
X-Origin-Hint
X-Generated-By
X-Provided-By
X-Cms-Context
X-Hosted-By
X-Labrador-Cache-Channel
X-Git-Commit
X-Origin-Date
X-R9-Blue-Green-Version
Cache
Section-Io-Id
Atl-Traceid
X-Loop
X-Redis-Cache
X-Locale
X-Forwarded-Host
X-Logging-Id
X-Lambda-Id
X-Web-Node
X-Skip-Cache
X-Cache-Debug
X-Xfnlog-Site
X-Nginx-Cache
X-Site-Version
X-Scope-Id
X-Fetched-On
X-S
X-Vcl-Version
X-Akamai-Edgescape
X-Tb
Url
X-Accel-Version
X-Tncms
X-Webstats-RespID
Web-Mar-Node
X-Geo-Region
X-Origin
X-Detected-As
X-Say-Cacheable
X-Director
X-No-Session
X-Is-Desktop
X-BYPASS-REASON
ServedBy
X-Is-Supported-Browser
X-Is-Tablet
X-Is-Mobile
X-Httpd
X-Browser-Name
X-Storefront-Renderer-Rendered
X-Reqid
Mn-Server-Ip
Apigw-Requestid
X-Cache-Host
X-Format
X-ProxyCache-Status
X-Restarts
X-Frame-Option
X-Varnish-Cache-Hits
X-Served-From
X-SayCDN-TTL
X-Say-TTL
X-Soup
X-Tcp-Rtt
X-Upstream-Ht
X-Upstream-Ct
X-ProxyCache-Key
X-Alternate-Cache-Key
X-Shopify-Stage
X-Proxied
Xserver
X-Varnish-Beresp-Grace
X-VWS-Id
X-Zipkin-Id
X-IPLB-Instance
X-Routing-Service
X-RateLimit-Limit
X-Extlb
X-Cluster
X-Cloudmap
X-AWS-Id
Onion-Location
X-IPLB-Request-ID
X-VCT
X-Cache-Operation
X-Cache-Rule
X-LJ-Flow-ID
X-ShardId
X-Sorting-Hat-PodId
X-ShopId
X-Ms-Request-Id
X-Ms-Version
X-Edge-Location
X-Endurance-Cache-Level
X-Connection-Hash
Expiry
X-Sorting-Hat-ShopId
X-Timing-Wait
X-INCAP-ABP
X-Optimistic-Header
X-Proxy-Build
Selected-Fe
Frame-Options
X-Vcache
X-Lagoon
X-GeoCountry
X-GeoCode
X-Azure-Ref-OriginShield
X-Cache-Expired-At
Priority
X-CDN-Forward
X-WP-CF-Super-Cache-Cookies-Bypass
Source
Protected
Environment
Cdn-Requestid
X-Generation-Time
X-Thinkindot-L3
X-Proxy-Cache-Status
X-Cache-Action
X-Shield-Cache-Expires
Fastcgi-Useragent
X-CMSURLCustom
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
WPO-Cache-Message
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
WPO-Cache-Status
X-XRDS-Location
X-Origin-CC
CF-IPCountry
X-Origin-TTL
X-Cdn-Origin
Uber-Trace-Id
X-Pass-Why
X-GEO
X-PHP-Backend
X-Worker
X-Rocket-Nginx-Serving-Static
X-App-Version
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cluster-Node
Sid
X-ID
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-RegionName
Azure-InstanceId
Node
X-Client-Ip
X-Buckets
Cache-Tv-Group
X-Vercel-Id
X-FB-TRIP-ID
X-Aspnetmvc-Version
X-Vercel-Cache
X-Auth-Group-Type
Cache-Hits
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
CDN-Cache
CDN-PullZone
CDN-RequestPullCode
CDN-RequestPullSuccess
AMP-Access-Control-Allow-Source-Origin
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
X-Server-W
X-Fastcgi-Cache
X-TA-CDN-Provider
Alternate-Protocol
X-HITS
X-B3-Traceid
X-Cache-Server
X-A
DB-Nickname
Wxu-Next-Hostname
X-A-Ccd
X-A-Dam
Wxu-Next-Commit
Wxu-Next-Region
DCR-Processing-Time-Ms
Content-Secure-Policy
DCR-Decision-By
Gannett-Cam-Experience-Id
Cdn-Request-Time
Cdn-Host
X-LSADC-Cache
A
Candidate-Md5Url
Lang
Magicmarker
Rendered-Blocks
Sslversion
Surrogated-Key
Origin-Agent-Cluster
Odigeo-Trace-Id
MD5-Digest
Meta-Geo-Continent
Ngx.Var.Host
T-Server
X-Content-Age
X-Op-Id-All
X-Org
X-Origin-Expires
X-Req
X-ND-Cache
X-Level-Front-Cache
X-GeoIP-City
X-Gzip
X-Ig-Origin-Region
X-Ig-Push-State
X-Rojux
X-ScT
X-Vdms-Version
X-Via-Fastly
X-Viewer-Country
X-Vtex-Remote-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-SRCache-Key
X-TIM-N
X-V-Cache
X-Varnish-CookieHashed-On
X-Generated-On
X-Fastly-Backend
X-Cache-Id
X-Cache-NE
X-Cache-TTL-Remaining
X-Conf
X-Bl-Debug
X-BCube-Filmed-By
X-A-Dgt
X-A-Wwc
X-Aed
X-Bc-Bl
X-Custom-Header
X-D
X-Ec-GeoHdr
X-Edge-Server
X-Epic-Correlation-Id
X-Esi-Check
X-Ec-Fail
X-Dispatcher-Server
X-DefElseHash
X-DefHash
X-Developer
X-A-Dcw
X-Core-Value
X-Pad
X-Service
X-LiteSpeed-Cache-Control
User-Cache-Control
Mime-Version
X-DC
X-Tx-Id
NM-Fastcgi-Cache
X-PAYTM-SRV-ID
X-Fastly-Cache
X-Block-Status
X-Origin-Time
X-Origin-Response-Time
X-NMSegId
Tube-Return
X-Nyt-Route
V-Age
X-Powered-By-VTEX-Cache
X-DPWN-IS-SECURE
X-Region-Sid
X-GeoIP
X-Request-Time
Fastly-Backend-Name
X-RateLimit-Remaining-Second
Host-ID
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
X-RateLimit-Limit-Second
Is-Eu
Platform
Powered-By
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Gdpr
Server-Host
X-Gen-Mode
Tube-Got-Eval
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GoCache-CacheStatus
Ssr
X-Dc
RNT-Time
X-Geo-Header
X-Fmm-Version
Producers
Tube-Got-Results
X-Mly-Id
X-Micro-Cache
RNT-Machine
X-Jobs
X-Loc
X-Men
Tube-Get-Contents
Esi-Enabled
X-VG-WebCache
X-VTEX-Cache-Server
X-Cache-FS-Status
X-VTEX-Cache-Time
X-VG-TLSProxy
Adler-Geo
X-Varnish-Director
X-Varnish-Hostname
X-SB
AKAMAI
X-NGINX-Cache
X-Wikidot-Backend
X-Backend-Instance
Fastly-SSL
X-Cache-Info
PFcat
Cache-Provider
X-HN
X-Wikidot-Static-Cache
X-NodeID
X-App-Name
X-Clientip
X-VarnishDD-TTL
X-Amz-Storage-Class
X-Sn-Servicetimems
Country-Code
Content-Style-Type
X-SVT-ORM-RULES
X-AK-Request-ID
X-Aicache-OS
Edge-Cache
X-Scheme
X-SD-PageType
X-Debug-Cache-Store
X-B3-Trace-ID
Content-Script-Type
Cdnsip
Cdncip
X-Debug-Cache-Fetch
X-UA-Device-Type
X-Cache-Bucket
X-Test
X-Tb-Optimization-Total-Bytes-Saved
Click-Count-Action-Start
Click-Count-Error
X-SVT-ORM-VERSION
X-Cache-Aspx
X-Date
X-Ec-Custom-Error
X-Depends
X-FC-Vary-Parameters
X-Forwarded-Site
X-Cdn-Srv
X-Contensis-Viewer-Groups
X-CacheTTL
X-Policy
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
HostName
X-We-Are-Hiring
CDCHOST
L
XM
Server-Info
X-Section
X-Access
True-Client-Country-4JS
X-Varnish-Authentication
X-Thanos
X-Platform
X-Pool
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Human
X-Location
X-Proto
X-Proxied-Request
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Server-IP
X-Request-Host
X-Pubstack
X-Hash
X-Node-Id
NGX
On-Server
Origin
Machine
Fastly-GeoIP-CountryCode
Cache-Key
Cluster
DSUID
Web-Mar-Region
Origin-CC
Server-Hostname
Req-Svc-Chain
Server-Ext
Req-ID
Sever-Int
Origin-EX
Pramga
Proxy-Firewall
C-Via
X-Accel-Expires-Debug
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Bip
X-Varnish-Beresp-Ttl
Mail-Subject
Gh-Request-Id
Ha-Gx-Prefs
X-Request-Start
W
X-CGP
X-Eu-Site
BehaviorPad-Version
Release
X-Mvc-Supplant-OutputCached
Debug
X-Csrf-Jwt
We-Hiring
L5d-Success-Class
X-Varnishpool
X-CUA
X-Cs
Canary
X-Varnish-Beresp-Status
X-Var-Ttl
Yak-Timeinfo
HA-Ipaddr
X-AIR-PT
Fusion-Component-Id
Fusion-Template-Id
X-WA-Info
X-Ad-Load-Variation
Fusion-Content-Id
Fusion-Deployment-Id
X-RateLimit-Reset
Fusion-Content-Source
Fusion-Source
X-Varnish-Hits
X-APP
Redirect-Candidate
X-Device-Os
X-LB-ID
X-MP-GENERATED-AT
X-Via-Popn
X-Via-Popv
X-CLOUD-TRACE-CONTEXT
X-Via-Poph
X-CACHE-AGE
X-Zone
X-HA-Backend
X-Newrelic-Synthetics
X-Tec-Api-Origin
SID
X-Tec-Api-Root
X-Tec-Api-Version
CDN-RequestId
X-Up
X-Content-Length
Fastly-Drupal-HTML
Pics-Label
X-NCache
X-From
GeoIP-Latitude
X-LiteSpeed-Tag
X-B3-Parentspanid
X-Akamai-Transformed
CloudFront-Viewer-Country
X-Jungle-Id
X-VHOST
X-Vdms-Path
X-Refresh
X-Servedbyhost
X-Cache-Backend
X-Nananana
X-Litespeed-Tag
X-Parent-Response-Time
Fastly-Drupal-Html
Vc-Max-Age
X-CDN-Cache-Status
X-Origin-Cache-Key
X-SERVER-NAME
X-LB-NoCache
X-Dispatcher-Number
X-Nc
WP-Super-Cache
X-RequestId
X-ZONE
X-CACHE-KEY
X-Datadome
X-Cached-By
X-Uri
X-DynaTrace-JS-Agent
Resin-Trace
Datacenter
X-VC-TTL
Product
X-M-Reqid
X-PERF
Server-ID
X-Wa
GeoIp-Country-Code
X-ApacheServer
X-M-Log
X-Render-Time
X-CS
X-Ckpd-Fst-Backend
Cdn
NtCoent-Length
X-Amz-Meta-Cb-Modifiedtime
S-Rt
X-B3-Spanid
X-Varnish-Beresp-TTL
X-NewRelic-App-Data
X-IAuth-Set-Uid
Locid
FSS-Cache
X-TX-ID
True-Client-IP
X-Bug-Bounty
ServerName
X-Fpc
Uri
X-TT-LOGID
X-Esi
X-VCache
X-HubSpot-Correlation-Id
X-HostName
True-Client-Ip
X-Nf-Ats-Version
X-Nf-Language
Srv
X-Nf-Country
Serverhost
X-Vmg-Version
X-FPC
X-Old-Content-Length
X-Response-Served-From
X-Original-Request-Id
X-Akamai-Device-Characteristics
User-Agent
CDN
X-Dynatrace-Js-Agent
Tcn
X-Vc
X-Srv
X-TIME
ServerHost
X-Info
X-Gamma-Serve
Ngx-Var-Key
GeoIP-Country-Code
X-WA
X-Hit
X-Cdn-Forward
Request-ID
X-Vgn-Hpd-Reason
X-Cdn-Cache-Status
CacheControlHeader
Server-Id
X-APP-VERSION
Xc-Version
Cf-Ipcountry
Hostname
X-Moov-T
X-Moov-Xdn-Version
Expect-Staple
X-TH-Server
X-NC
X-COUNTRY
X-Platform-Cluster
X-FL-QIT-DEBUG
X-Platform-Processor
Cneonction
X-Amz-Meta-Opti
X-Dispatch
X-Webkit-Csp-Report-Only
Srvid
X-Lb-Nocache
X-Platform-Router
X-Presslabs-Stats
X-V
Cloudfront-Viewer-Country
Geoip-Latitude
X-ServedByHost
Cf-Device-Type
X-Geo
X-New
X-Rollout
PICS-Label
X-S-Cookie
X-External-Request-Id
X-Destination
Permission-Policy
N-Cache
X-Platform-Server
X-Eligible
X-B-Cookie
X-Application
Cross-Origin-Embedder-Policy-Report-Only
WZWS-RAY
X-User
X-Oracle-DMS-ECID
X-VCL-Version
X-Zen-Fury
Origin-Trial
X-Ha-Backend
XkeyRZ
X-Via-PopV
X-Via-PopH
X-Proxy-CacheRZ
X-Limited
X-Via-PopN
X-ElasticPress-Query
X-Instance-Name
X-Ftr-Request-Id
Ohc-File-Size
X-Sigma-Backend
X-Ua
X-Correlation-ID
X-Sigma
X-Akamai-Pragma-Client-IP
Epwk-X-Cache
X-App
X-Rocket-Build-Number
X-Internal-TTL
X-Cache-Date
Rtss
X-Lb-Id
Edge-Copy-Time
Cl-Cache
X-Sqd-Ctime
X-Sqd-Stime
X-Path
X-Check-Cacheable
X-Serial
X-Branch-Name
X-API-Version
X-MSEdge-Flight
X-Litespeed-Cache-Control
X-Via-SSL
X-Via-Edge
X-VTEX-Cache-Backend-Connect-Time
X-MSEdge-Features
X-Segment-20210421
X-VServer
X-Via-CDN
X-MiniProfiler-Ids
X-VTEX-Cache-Backend-Header-Time
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Datacenter
X-EC-Lua
X-Service-Response-Time
Sm-Log-Id
X-SIPLIST1
IsBot
Timeexpire
X-Web-Server
X-Acquia-Application-Trace
Cmsid
Cmstype
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
Servername
CountryCode
X-CDN-Origin
X-CSRF-TOKEN
X-LAGOON
WebServer
Fl-Custom-Application
X-Traceid
X-Amz-Meta-Sha256
Warning
X-Amz-Meta-S3b-Last-Modified
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
Ngx
X-Snapshot-Date
X-RAMCache
X-Th-Server
X-Ramcache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Ohc-Cache-HIT
Wpo-Cache-Message
Wpo-Cache-Status
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Origin-Upstream-Status
X-Shardid
X-Shopid
X-Fastly-Backend-Reqs