Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
EagleId
Keep-Alive
Permissions-Policy
Request-Context
X-Cache-Group
X-Backend
P3p
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
Xkey
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Grace
X-Server-Powered-By
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
Request-Id
X-Node
X-Cloud-Trace-Context
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Litespeed-Cache
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-PC
X-TtlSet
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
Nginx-Cache
Accept-Ch
X-CST
X-Powered-By-Plesk
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
X-Cnection
X-Cache-TTL
X-ESI
X-D2id
X-Element-Page-Cache
X-GitHub-Request-Id
X-Ac
Edge-Control
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
Verso
X-MS-InvokeApp
X-ECACHE
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Upstream
X-Abt-Application-Version
X-FastCGI-Cache
X-Navigation-Version
X-B3-TraceId
X-Dw-Request-Base-Id
X-Webkit-Csp
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Amz-Rid
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
SPRequestGuid
X-SharePointHealthScore
X-PDP-UNCACHING-HASH
X-Client-IP
X-NF-Request-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
X-Goog-Hash
X-Oneagent-Js-Injection
X-Powered-CMS
X-Mg-S
X-Middleton-Display
X-Sol
Pagespeed
X-Ratelimit-Limit
Display
Edge-Cache-Tag
S
X-Amzn-Trace-Id
Cache-Status
Access-Control-Request-Method
X-Version
X-Middleton-Response
X-VARITI-CCR
Response
RTSS
Realpath
X-Content-Digest
X-Forwarded-For
X-T
X-TraceId
X-Cache-Key
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Ratelimit-Remaining
X-TTL
X-Varnish-TTL
X-Recruiting
X-Correlation-Id
Fastcgi-Cache
X-Cached
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Shield-Request-Id
Front-End-Https
X-RateLimit-Remaining
X-HS-Content-Id
X-HS-Hub-Id
MicrosoftSharePointTeamServices
X-HS-Cache-Config
X-Ruxit-Js-Agent
Content-MD5
X-Request-Processing-Time
X-Request-Received
X-Protected-By
X-Ua-Browser
Server-Node
X-LLID
MS-Author-Via
Arr-Disable-Session-Affinity
TP-Cache
Payment
X-Forwarded-Proto
X-PressLabs-Stats
Public-Key-Pins
X-Frontend
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Count-Hit
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-HS-Combine-CSS
X-TEC-API-VERSION
X-Server-ID
X-Accel-Expires
X-GUploader-UploadID
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
X-Origin-Server
X-NODE
X-FTR-Expires
X-Ezoic-Cdn
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Newrelic-App-Data
X-Microsite
X-Request-Handler-Origin-Region
X-Az
X-Www-Served-By
X-AppVersion
X-Activity-Id
X-App-Server
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-Cluster-Name
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Ua-Device
X-Varnish-Backend
Accept-Charset
Host
Cleartype
Retry-After
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
X-ORACLE-DMS-ECID
X-Ttl
X-Goog-Metageneration
Server-Name
Filterid
X-Hits
X-Unique-Id
Surrogate-Key
X-Git-Hash
Access-Control-Allow-Method
X-Debug
X-Envoy-Decorator-Operation
X-Azure-Ref
X-Load-Cache
X-Logged-In
X-CSRF-Token
X-Geo-Country
X-Upgrade-Enabled
X-Id
X-Hostname
X-NGENIX-Cache
X-FB-Debug
X-Tt-Trace-Host
X-Tt-Trace-Tag
Pinterest-Generated-By
X-Proxy
TCN
Pinterest-Version
X-Amzn-RequestId
X-Pinterest-Rid
X-Amz-Apigw-Id
TP-L2-Cache
X-B
X-Time
X-Grace
Section-Io-Cache
X-TT
X-B3-Sampled
X-Trace-Id
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Revision
X-Cache-Control
X-Request-Guid
X-Seen-By
DC
X-CCDN-Origin-Time
X-Contextid
X-F-Cache
X-Fb-Rlafr
Viewport
Healthy
Referer-Policy
X-Type
X-XRDS-LOCATION
X-Mobile
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-N
X-Goog-Storage-Class
Fastly-SWR
Fastly-SIE
Paypal-Debug-Id
X-DIS-Request-ID
Content-Disposition
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Page-Id
X-Debug-Info
X-Varnish-Grace
X-Webkit-CSP
X-Px
X-Origin-Cache
X-Via-JSL
X-Magnolia-Registration
X-Aws-Lambda-Call-Status
X-Whom
Version
X-Amz-Replication-Status
X-Oracle-Dms-Ecid
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Ratelimit-Reset
X-Datadog-Sampling-Priority
X-Varnish-Ttl
X-Template
X-RemovedCookies
X-G
X-Content-Options
X-UUID
X-ProcessESI
X-Node-Name
X-Adobe-Content
Ms-Operation-Id
X-App-Environment
MS-CV
X-Adobe-Loc
Charset
X-RTag
X-Tumblr-Pixel-1
X-Tumblr-User
X-Debug-IsConnected
X-Rule
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Yottaa-Optimizations
NGB
X-Hl-Ver
VIX-Pulpo-Node
X-Source
X-Datadog-Sampled
VIX-Pulpo-Upstream-Status
X-Storage
SD-X-WS
X-FW-Dynamic
X-Device-Type
X-Wix-Request-Id
X-Is-Bot
X-L-Path
X-Environment-Context
X-Wormhole-Sdk
X-FW-Serve
X-Cacheable-TTL
X-FW-Version
X-Rendered-As
X-B-Cache
X-Backend-Name
X-FW-Type
X-FW-Static
X-Signature
X-FW-Hash
X-FW-Server
X-User-Agent
X-Proxy-Cache-Info
Country
X-Cache-Grace
X-Instance
Cross-Origin-Window-Policy
X-ServerID
X-NWS-UUID-VERIFY
X-Region
X-NYM-Debug-Backend
X-Cache-Age
ServerID
X-Status
GEO-INFO
Countrycode
X-EdgeConnect-Cache-Status
X-Real-IP
X-IPS-LoggedIn
X-Rid
X-Cache-Hit
X-RM-Cache-TTL
Akamai-GRN
Liferay-Portal
Front
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache-Active
X-Language
SRV
X-Framework
Amp-Access-Control-Allow-Source-Origin
X-B3-SpanId
X-Oracle-Dms-Rid
X-AB
X-Ismobilevalue
X-Sucuri-ID
X-Sucuri-Cache
OT-Force-Account-Verify
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Servername
X-Air-Pt
X-Akamai-Request-ID2
X-UA
X-Mode
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
From-Origin
X-VC-Cache
X-VC
Backend
Xet-Cookie
X-URL
X-Xrds-Location
Upgrade-Insecure-Requests
X-SRV
Refresh
X-Api-Version
X-Cache-Time
X-RID
Accept-Language
X-Handled-By
Access-Control-Request-Headers
X-Cache-Status-Check
LB
Webserver
X-HTML-Minification-Powered-By
X-UPSTREAM-Address
X-Fastly-Request-Id
Cache
X-Nf-Request-Id
X-SaId
X-JoinUs
Meta-Geo
X-Rn-Rsrv
X-Rewrite-Enabled
Filters
X-DataDome
X-Webstats-RespID
X-Lambda-Id
X-Xfnlog-Site
X-Labrador-Cache-Channel
X-Hosted-By
X-Generated-By
X-Extlb
ServedBy
X-Zipkin-Id
X-Container-Uri
X-Git-Commit
X-Endurance-Cache-Level
X-RCS-CacheZone
X-PHP-Host
X-AWS-Id
X-Proxied
X-Cloudmap
X-Provided-By
X-Adobe-Source
X-Origin-Date
X-RateLimit-Limit
X-R9-Blue-Green-Version
X-Cluster
X-No-Session
X-Cache-Operation
X-Cms-Context
X-LJ-Flow-ID
X-Cache-Rule
X-VWS-Id
X-Varnish-Age
X-Reqid
X-S
X-Routing-Service
X-Tumblr-Pixel-2
X-Site-Version
Atl-Traceid
X-Ms-Request-Id
X-Ms-Version
Apigw-Requestid
TWC-Privacy
X-Tcp-Rtt
Webcakes-App-Name
Webcakes-Region
X-Origin-Hint
X-Tb
X-Loop
X-Restarts
X-Skip-Cache
TWC-GeoIP-LatLong
X-IPLB-Request-ID
X-Is-Desktop
X-Is-Mobile
X-IPLB-Instance
X-Httpd
Property-Id
Section-Io-Id
X-Is-Supported-Browser
X-Is-Tablet
X-Locale
X-Tncms
X-Logging-Id
TWC-GeoIP-Country
TWC-Device-Class
X-Served-From
TWC-Connection-Speed
TWC-Locale-Group
Webcakes-App-Version
X-ProxyCache-Status
X-BYPASS-REASON
X-Browser-Name
X-INCAP-ABP
X-Cache-Debug
X-Redis-Cache
X-Fetched-On
X-Web-Node
X-Scope-Id
X-ProxyCache-Key
X-Akamai-Edgescape
X-Accel-Version
X-Geo-Region
X-Say-TTL
X-Say-Cacheable
X-VCT
Web-Mar-Node
X-Request-URI
X-Cache-Host
X-SayCDN-TTL
Selected-Fe
X-Frame-Option
Mn-Server-Ip
X-Director
X-Detected-As
X-Tt-Logid
X-Proxy-Build
X-Soup
X-Upstream-Ct
X-Origin
Url
X-Forwarded-Host
X-Nginx-Cache
X-Shopify-Stage
X-Upstream-Ht
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Timing-Wait
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Format
X-Edge-Location
X-Optimistic-Header
X-GeoCountry
X-GeoCode
X-ShopId
X-Sorting-Hat-PodId
Xserver
X-ShardId
X-Azure-Ref-OriginShield
X-Mg-Request-UUID
Frame-Options
X-Sorting-Hat-ShopId
Onion-Location
X-Connection-Hash
Expiry
X-Lagoon
X-Drupal-Cache-Tags
WPO-Cache-Status
X-Vcl-Version
WPO-Cache-Message
X-Vcache
X-CMSURLCustom
X-CDN-Forward
X-Thinkindot-L3
X-Generation-Time
X-WP-CF-Super-Cache-Cookies-Bypass
Thinkindot-CacheControl
TDXMobile
Source
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Shield-Cache-Expires
Protected
X-Drupal-Cache-Contexts
X-Cache-Expired-At
X-Origin-TTL
X-Origin-CC
X-Cdn-Origin
Cdn-Requestid
Fastcgi-Useragent
Environment
X-Pass-Why
Cache-Hits
X-PHP-Backend
X-ECache
Priority
X-Worker
X-Proxy-Cache-Status
X-Cache-Action
X-Vercel-Id
X-Vercel-Cache
X-TA-CDN-Provider
X-Rocket-Nginx-Serving-Static
Uber-Trace-Id
X-GEO
Azure-SlotName
Azure-InstanceId
Sid
Azure-RegionName
Azure-SiteName
Azure-Version
X-Buckets
X-ID
Node
X-App-Version
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Cluster-Node
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
CDN-Cache
CDN-CachedAt
CDN-Uid
CF-IPCountry
Cross-Origin-Embedder-Policy
X-XRDS-Location
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
X-RateLimit-Reset
X-Tumblr-Pixel-3
Cache-Tv-Group
X-Fastcgi-Cache
X-FB-TRIP-ID
X-Auth-Group-Type
X-B3-Traceid
X-Cache-Server
X-Server-W
DB-Nickname
X-Origin-Cache-Key
User-Cache-Control
Alternate-Protocol
X-Pad
X-Client-Ip
X-A
X-Bc-Bl
X-ND-Cache
X-Service
X-GeoIP-City
X-Gzip
X-Ig-Origin-Region
X-Ig-Push-State
X-Level-Front-Cache
X-Generated-On
DCR-Processing-Time-Ms
X-Hnp-Log
Rendered-Blocks
DCR-Decision-By
Edge-Cache
Gannett-Cam-Experience-Id
X-Edge-Server
X-D
X-Custom-Header
X-Cache-Id
X-DefElseHash
A
X-Core-Value
X-Content-Age
Candidate-Md5Url
Cdn-Request-Time
X-Cache-NE
X-Conf
X-DefHash
X-Developer
X-Block-Status
X-Fastly-Backend
X-Bl-Debug
X-BCube-Filmed-By
Content-Secure-Policy
X-Esi-Check
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
X-Aed
X-Gen-Mode
X-A-Dcw
Ngx.Var.Host
X-ScT
X-Vdms-Version
X-Varnish-Remaining-TTL
X-SB
X-NGINX-Cache
X-Via-Fastly
X-Req
Sslversion
X-Rojux
Odigeo-Trace-Id
X-SRCache-Key
X-TIM-N
X-UA-Device-Type
X-V-Cache
X-Varnish-CookieHashed-On
X-Dc
Origin-Agent-Cluster
Surrogated-Key
T-Server
Origin
X-Varnish-CookieINHashed-On
Meta-Geo-Continent
X-Vtex-Remote-Cache
Cdn-Host
X-A-Ccd
X-A-Dam
X-Viewer-Country
X-Org
Lang
HostName
MD5-Digest
X-A-Wwc
Magicmarker
X-A-Dgt
X-Origin-Expires
X-Tx-Id
Mime-Version
Req-ID
RNT-Machine
RNT-Time
Server-Ext
X-Cache-Info
Sever-Int
Server-Hostname
Server-Host
Ssr
X-Cache-Bucket
Tube-Return
X-Auto-Login
Wxu-Next-Region
Wxu-Next-Hostname
X-App-Name
X-Amz-Storage-Class
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-AK-Request-ID
Wxu-Next-Commit
X-B3-Trace-ID
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
X-Ad-Load-Variation
V-Age
Vix-Hermes-Req-Id
X-Backend-Instance
X-Bip
X-GeoIP-Region-Code
X-Request-Time
X-Region-Sid
X-Scheme
X-SD-PageType
X-Sn-Servicetimems
X-Server-IP
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-Pubstack
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-WA-Info
X-Wikidot-Backend
XM
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-Test
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
X-Varnish-Director
X-Varnish-Hostname
X-PAYTM-SRV-ID
X-Origin-Time
X-Forwarded-Site
X-Fmm-Version
X-Gdpr
X-Geo-Header
X-GeoIP-Country-Code
X-GeoIP
X-FC-Vary-Parameters
X-Fastly-Cache
X-Clientip
X-Cdn-Srv
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-DPWN-IS-SECURE
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
X-NMSegId
X-Nginx-Cache-Key
X-Node-Id
X-Nyt-Route
X-Origin-Response-Time
X-Op-Id-All
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Loc
X-Jobs
X-LSADC-Cache
X-Men
X-Micro-Cache
X-Cache-TTL-Remaining
X-CacheTTL
Click-Count-Action-Start
NM-Fastcgi-Cache
Cdnsip
Cdncip
C-Via
Click-Count-Error
Content-Script-Type
Fastly-Backend-Name
Host-ID
Esi-Enabled
Country-Code
Content-Style-Type
AKAMAI
Adler-Geo
Fusion-Content-Source
Fusion-Deployment-Id
Producers
Fusion-Content-Id
Fusion-Component-Id
Is-Eu
Platform
Origin-CC
Origin-EX
X-LiteSpeed-Cache-Control
Fusion-Source
Fusion-Template-Id
X-HITS
X-DC
PFcat
X-Ec-Custom-Error
CDCHOST
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-VarnishDD-TTL
X-Varnishpool
Proxy-Firewall
Cluster
Pramga
X-Cache-Aspx
Powered-By
Canary
X-Device-Os
On-Server
X-CUA
True-Client-Country-4JS
X-Varnish-Beresp-Status
X-Date
X-Varnish-Authentication
X-Depends
Cache-Provider
Cache-Key
X-Contensis-Viewer-Groups
X-Var-Ttl
Machine
Req-Svc-Chain
X-Cache-FS-Status
Gh-Request-Id
X-HN
Fastly-SSL
Fastly-GeoIP-CountryCode
X-Human
X-Accel-Expires-Debug
X-Mvc-Supplant-OutputCached
X-Location
Mail-Subject
Web-Mar-Region
X-NodeID
Yak-Timeinfo
We-Hiring
X-Request-Start
X-BBC-Edge-Cache-Status
Release
NGX
DSUID
X-Proxied-Request
X-Hash
X-We-Are-Hiring
X-Pool
X-Request-Host
X-AIR-PT
X-Eu-Site
X-Varnish-Beresp-Ttl
X-Section
Apple-News-Services-Handled
L
Apple-News-Services-Host
Ha-Gx-Prefs
L5d-Success-Class
X-Access
W
HA-Ipaddr
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Csrf-Jwt
X-CGP
X-Cs
X-From
X-Varnish-Hits
Server-Info
X-NCache
X-Up
CDN-RequestId
X-Akamai-Transformed
X-Jungle-Id
X-LB-ID
BehaviorPad-Version
X-Zone
Redirect-Candidate
X-MP-GENERATED-AT
Debug
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-APP
X-Datadome
X-Via-Poph
X-Via-Popn
X-Cache-Backend
X-Via-Popv
X-Vdms-Path
X-HA-Backend
X-Refresh
WP-Super-Cache
CloudFront-Viewer-Country
X-VHOST
Pics-Label
X-Parent-Response-Time
Fastly-Drupal-HTML
SID
X-CACHE-AGE
X-B3-Parentspanid
X-Uri
X-Servedbyhost
Fastly-Drupal-Html
X-Newrelic-Synthetics
X-Nananana
X-Content-Length
X-VC-TTL
X-PERF
X-Render-Time
X-M-Log
GeoIP-Latitude
X-ApacheServer
X-M-Reqid
X-CDN-Cache-Status
X-CACHE-KEY
Datacenter
X-LiteSpeed-Tag
X-LB-NoCache
X-Nc
X-Litespeed-Tag
X-DynaTrace-JS-Agent
Resin-Trace
X-Cached-By
X-ZONE
X-CS
Vc-Max-Age
Server-ID
X-Wa
NtCoent-Length
Locid
GeoIp-Country-Code
X-Dispatcher-Number
X-Amz-Meta-Cb-Modifiedtime
X-TT-LOGID
X-B3-Spanid
Cdn
X-VCache
X-Response-Served-From
X-Varnish-Beresp-TTL
X-RequestId
X-Original-Request-Id
Product
FSS-Cache
X-TX-ID
X-IAuth-Set-Uid
X-NewRelic-App-Data
X-Esi
X-Old-Content-Length
X-Fpc
X-Ckpd-Fst-Backend
True-Client-IP
X-HostName
Cf-Ipcountry
X-SERVER-NAME
Uri
Ngx-Var-Key
CDN
True-Client-Ip
X-Nf-Country
X-Nf-Language
X-Nf-Ats-Version
Serverhost
ServerName
X-Bug-Bounty
Srv
X-HubSpot-Correlation-Id
X-FPC
X-Vgn-Hpd-Reason
S-Rt
Tcn
X-Srv
X-TIME
X-Oracle-DMS-ECID
X-Cdn-Forward
X-Dynatrace-Js-Agent
GeoIP-Country-Code
X-Platform-Processor
X-Moov-T
X-WA
X-TH-Server
X-Platform-Cluster
X-Platform-Router
X-Moov-Xdn-Version
Request-ID
CacheControlHeader
X-Vc
X-Dispatch
X-Cdn-Cache-Status
Server-Id
X-APP-VERSION
X-CLOUD-TRACE-CONTEXT
ServerHost
Cf-Device-Type
X-Vmg-Version
X-NC
X-COUNTRY
Hostname
X-Lb-Nocache
Geoip-Latitude
X-Application
X-Info
Cross-Origin-Embedder-Policy-Report-Only
X-Akamai-Device-Characteristics
X-Gamma-Serve
User-Agent
X-User
X-Destination
X-B-Cookie
X-S-Cookie
Srvid
X-FL-QIT-DEBUG
X-Webkit-Csp-Report-Only
X-External-Request-Id
X-Presslabs-Stats
X-Geo
X-ServedByHost
X-Zen-Fury
Xc-Version
Ohc-File-Size
Expect-Staple
Cneonction
Cloudfront-Viewer-Country
X-Sigma-Backend
X-Cache-Date
X-Via-PopH
X-Via-PopN
X-Sigma
X-Rocket-Build-Number
X-Instance-Name
X-Ha-Backend
Origin-Trial
X-Via-PopV
X-VCL-Version
PICS-Label
Epwk-X-Cache
X-Amz-Meta-Opti
X-API-Version
X-Segment-20210421
X-VServer
X-V
X-Hit
X-Branch-Name
X-Ua
X-Limited
X-Akamai-Pragma-Client-IP
X-Correlation-ID
X-App
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Lb-Id
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Eligible
X-MiniProfiler-Ids
X-Rollout
X-Sqd-Stime
X-Sqd-Ctime
X-Check-Cacheable
X-Platform-Server
WZWS-RAY
X-New
X-Serial
N-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-Wp-Cf-Super-Cache
X-Proxy-CacheRZ
XkeyRZ
X-Acquia-Site
Permission-Policy
X-MSEdge-Flight
X-Requestid
Timeexpire
Cmstype
Cmsid
X-Acquia-Purge-Tags
X-MSEdge-Features
X-Acquia-Application-UUID
Sm-Log-Id
X-Service-Response-Time
X-Web-Server
X-Acquia-Application-Trace
Ohc-Cache-HIT
X-DataCenter
X-Datacenter
CountryCode
X-CSRF-TOKEN
Load-Balancing
DataCenter
Servername
X-Litespeed-Cache-Control
X-LAGOON
X-Snapshot-Date
X-Th-Server
X-Fastly-Backend-Reqs
X-Ramcache
X-VTEX-Cache-Backend-Connect-Time
X-Ftr-Request-Id
X-Internal-TTL
X-ElasticPress-Query
Fl-Custom-Application
Wpo-Cache-Status
X-VTEX-Cache-Backend-Header-Time
X-RAMCache
X-Shopid
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Udemy-Cache-App-Namespace
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-IN-APIGATEWAY
Type
X-DynaTrace
X-Sorting-Hat-Shopid
Ngx
X-Sorting-Hat-Podid
X-Shardid
Warning
X-Origin-Upstream-Status
Wpo-Cache-Message