Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Permissions-Policy
Keep-Alive
X-Cache-Group
Request-Context
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
EagleEye-TraceId
X-Host
X-WebKit-CSP
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
X-ASPNET-VERSION
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Litespeed-Cache
X-Mcache
X-Edge
X-Daa-Tunnel
X-Midtier
X-Browser-Type
X-Server-Name
Nginx-Cache
X-CST
Accept-Ch
X-Powered-By-Plesk
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Cnection
X-Cache-TTL
X-ESI
X-Ac
X-D2id
X-Element-Page-Cache
Edge-Control
X-GitHub-Request-Id
X-Exp-Id
X-Cdn-Fetch
Verso
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-MS-InvokeApp
X-ECACHE
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Upstream
X-Abt-Application-Version
X-Navigation-Version
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-Webkit-Csp
SPIisLatency
SPRequestDuration
Fastly-Restarts
X-B3-TraceId
X-Mod-Pagespeed
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Client-IP
X-PDP-UNCACHING-HASH
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-Goog-Hash
X-Oneagent-Js-Injection
X-Powered-CMS
X-Ratelimit-Limit
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Mg-S
Edge-Cache-Tag
S
X-NF-Request-ID
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
Response
X-Middleton-Response
X-Ratelimit-Remaining
X-TTL
RTSS
X-Fastly-Request-ID
X-TraceId
Realpath
X-T
X-Content-Digest
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Cache-Key
X-Correlation-Id
X-Recruiting
Fastcgi-Cache
X-Cached
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Varnish-TTL
Front-End-Https
X-Shield-Request-Id
MicrosoftSharePointTeamServices
Content-MD5
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ruxit-Js-Agent
X-Request-Received
X-Ua-Browser
X-FTR-Backend-Server
X-FTR-Backend
X-Protected-By
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Request-Processing-Time
X-Forwarded-Proto
Server-Node
MS-Author-Via
X-Frontend
Payment
TP-Cache
X-PressLabs-Stats
Arr-Disable-Session-Affinity
X-LLID
Public-Key-Pins
X-RateLimit-Remaining
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Count-Hit
X-HS-Combine-CSS
X-FTR-Expires
X-Server-ID
X-Accel-Expires
X-GUploader-UploadID
X-Kong-Upstream-Latency
X-Distributor
X-Kong-Proxy-Latency
X-LB-Cache
X-Origin-Server
X-NODE
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Jurisdiction
X-HP-Trace-Id
X-Ezoic-Cdn
X-HP-Webp
X-Newrelic-App-Data
X-Microsite
X-Request-Handler-Origin-Region
X-Activity-Id
X-Az
X-Www-Served-By
X-Varnish-Server
X-AppVersion
Mrf-Cache-Status
X-App-Server
X-B3-TraceId-Primal
X-Content-Security-Policy-Report-Only
X-Cluster-Name
MRF-Tech
Host
Cache-Tags
X-Varnish-Backend
X-Ua-Device
Accept-Charset
Retry-After
X-Amz-Meta-S3cmd-Attrs
X-ORACLE-DMS-ECID
Cleartype
X-Webkit-CSP
X-Goog-Metageneration
Server-Name
Filterid
X-Unique-Id
X-Hits
Surrogate-Key
X-Git-Hash
Access-Control-Allow-Method
X-Debug
X-Envoy-Decorator-Operation
X-Load-Cache
X-Logged-In
X-CSRF-Token
X-Azure-Ref
X-NGENIX-Cache
X-Geo-Country
X-Upgrade-Enabled
X-Id
X-Hostname
X-Ttl
X-FB-Debug
TCN
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amzn-RequestId
X-Amz-Apigw-Id
TP-L2-Cache
X-Pinterest-Rid
Pinterest-Version
X-Proxy
Pinterest-Generated-By
X-Time
X-B
X-TT
X-Grace
X-B3-Sampled
X-Hcs-Proxy-Type
X-Trace-Id
Section-Io-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Seen-By
X-Cache-Control
X-Request-Guid
X-Revision
X-Type
X-Fb-Rlafr
X-Contextid
X-F-Cache
DC
Healthy
Viewport
Referer-Policy
X-Mobile
X-N
X-Goog-Generation
Fastly-SWR
X-Goog-Storage-Class
Fastly-SIE
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Paypal-Debug-Id
X-DIS-Request-ID
Content-Disposition
X-WP-CF-Super-Cache
X-XRDS-LOCATION
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Ttl
X-Debug-Info
X-Page-Id
X-Varnish-Grace
X-Origin-Cache
X-Px
X-Via-JSL
X-Magnolia-Registration
X-Aws-Lambda-Call-Status
Version
X-Amz-Replication-Status
X-Whom
X-Oracle-Dms-Ecid
X-Ratelimit-Reset
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Content-Options
X-RemovedCookies
X-Rid
X-ProcessESI
X-UUID
X-G
X-Tumblr-Pixel-1
X-Template
Charset
X-Debug-IsPreview
X-Debug-IsConnected
X-Tumblr-User
X-Node-Name
X-Adobe-Loc
Ms-Operation-Id
MS-CV
X-RTag
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Rule
X-Adobe-Content
X-App-Environment
VIX-Pulpo-Upstream-Status
X-Hl-Ver
VIX-Pulpo-Node
X-Wormhole-Sdk
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Datadog-Sampled
SD-X-WS
X-Device-Type
X-Environment-Context
X-Region
X-Signature
X-Backend-Name
X-B-Cache
X-Storage
X-Source
X-Wix-Request-Id
X-NYM-Debug-Backend
X-L-Path
X-Cacheable-TTL
NGB
Country
X-Proxy-Cache-Info
X-FW-Dynamic
X-Rendered-As
X-NWS-UUID-VERIFY
X-User-Agent
X-FW-Static
Cross-Origin-Window-Policy
X-FW-Server
X-FW-Serve
X-Is-Bot
X-FW-Type
X-Instance
X-ServerID
X-FW-Version
X-FW-Hash
GEO-INFO
X-Cache-Age
X-Status
ServerID
X-Cache-Grace
Amp-Access-Control-Allow-Source-Origin
Countrycode
X-Real-IP
X-EdgeConnect-Cache-Status
SRV
X-IPS-LoggedIn
X-RM-Cache-TTL
X-WP-CF-Super-Cache-Active
X-Language
Akamai-GRN
X-Cache-Hit
Front
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-Framework
X-Xrds-Location
X-Nf-Request-Id
X-AB
X-Oracle-Dms-Rid
X-Sucuri-ID
X-Ismobilevalue
X-Sucuri-Cache
OT-Force-Account-Verify
X-Air-Pt
X-Servername
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-B3-SpanId
X-Akamai-Request-ID2
X-Air-Hostname
X-Air-Trace-Id
From-Origin
X-VC
X-Air-Source
X-UA
X-Mode
X-VC-Cache
Xet-Cookie
Backend
X-URL
X-DataDome
Upgrade-Insecure-Requests
X-Api-Version
X-Cache-Time
X-Handled-By
Accept-Language
Refresh
X-Nginx-Cache
X-Cache-Status-Check
X-Tt-Logid
Access-Control-Request-Headers
LB
X-Xfnlog-Site
Webserver
X-RCS-CacheZone
Filters
Meta-Geo
X-SaId
X-Rewrite-Enabled
X-Rn-Rsrv
Cache
X-UPSTREAM-Address
X-JoinUs
X-SRV
X-HTML-Minification-Powered-By
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Lambda-Id
X-RateLimit-Limit
X-No-Session
X-Zipkin-Id
X-Extlb
X-Origin-Date
X-PHP-Host
X-Origin-Hint
X-Cache-Rule
X-Provided-By
X-R9-Blue-Green-Version
X-Webstats-RespID
X-Endurance-Cache-Level
X-Cache-Operation
X-VWS-Id
X-Varnish-Age
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Property-Id
ServedBy
TWC-Device-Class
Webcakes-App-Version
Webcakes-Region
X-Cms-Context
X-S
X-Container-Uri
X-Cluster
X-Cloudmap
X-Adobe-Source
X-AWS-Id
X-Routing-Service
X-Git-Commit
TWC-Connection-Speed
X-Reqid
X-Generated-By
X-Tumblr-Pixel-2
X-Proxied
X-Hosted-By
X-Fetched-On
X-Cache-Debug
X-BYPASS-REASON
X-Browser-Name
X-Locale
X-Is-Supported-Browser
X-Logging-Id
X-Is-Desktop
X-Is-Mobile
X-Ms-Request-Id
Apigw-Requestid
X-IPLB-Instance
X-Httpd
X-Is-Tablet
Atl-Traceid
Url
X-Akamai-Edgescape
Mn-Server-Ip
X-Ms-Version
X-IPLB-Request-ID
X-Geo-Region
X-Edge-Location
X-Web-Node
X-Skip-Cache
X-Tcp-Rtt
X-INCAP-ABP
X-Restarts
X-Forwarded-Host
X-Served-From
X-Site-Version
X-ProxyCache-Status
X-ProxyCache-Key
Section-Io-Id
X-Upstream-Ct
Selected-Fe
X-Say-Cacheable
X-Proxy-Build
X-Tncms
X-Say-TTL
X-Detected-As
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Accel-Version
X-Alternate-Cache-Key
Web-Mar-Node
X-Upstream-Ht
X-Scope-Id
X-Soup
X-SayCDN-TTL
X-Tb
X-Timing-Wait
X-Varnish-Beresp-Grace
X-Loop
X-Request-URI
X-Varnish-Cache-Hits
X-Format
X-VCT
X-Redis-Cache
X-Optimistic-Header
X-Origin
X-Frame-Option
X-Cache-Host
X-GeoCode
X-Director
X-RID
X-GeoCountry
Xserver
Frame-Options
X-ShardId
X-ShopId
X-Azure-Ref-OriginShield
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Onion-Location
X-Mg-Request-UUID
X-Connection-Hash
Expiry
WPO-Cache-Message
WPO-Cache-Status
Cdn-Requestid
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-WP-CF-Super-Cache-Cookies-Bypass
X-CMSURLCustom
Source
X-Generation-Time
X-CDN-Forward
X-Shield-Cache-Expires
Thinkindot-Control
Protected
X-Thinkindot-L3
X-Cache-Expired-At
X-Lagoon
X-Fastly-Request-Id
X-Vcache
X-Drupal-Cache-Tags
X-Origin-TTL
X-Cdn-Origin
X-B3-Traceid
X-Origin-CC
Fastcgi-Useragent
X-Drupal-Cache-Contexts
X-Vcl-Version
X-ECache
X-Pass-Why
X-PHP-Backend
Environment
Cache-Hits
X-Proxy-Cache-Status
X-Vercel-Id
X-Cache-Action
X-Worker
X-Vercel-Cache
X-Rocket-Nginx-Serving-Static
Priority
X-TA-CDN-Provider
Uber-Trace-Id
X-GEO
Azure-RegionName
X-App-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
X-Buckets
X-ID
Azure-Version
Sid
Node
X-Cluster-Node
X-Aspnetmvc-Version
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
CDN-Cache
CDN-CachedAt
X-XRDS-Location
CF-IPCountry
CDN-Uid
CDN-EdgeStorageId
Cross-Origin-Embedder-Policy
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-PullZone
X-RateLimit-Reset
X-Tumblr-Pixel-3
X-Fastcgi-Cache
Cache-Tv-Group
X-Auth-Group-Type
AMP-Access-Control-Allow-Source-Origin
X-FB-TRIP-ID
X-Cache-Server
X-Server-W
DB-Nickname
X-Origin-Cache-Key
User-Cache-Control
X-Pad
X-Tx-Id
X-Client-Ip
Alternate-Protocol
X-A
X-DC
Lang
X-Esi-Check
Rendered-Blocks
Odigeo-Trace-Id
X-Fastly-Backend
A
X-Cache-NE
Candidate-Md5Url
Cdn-Host
Edge-Cache
Cdn-Request-Time
X-Cache-Id
X-Varnish-Remaining-TTL
Origin-Agent-Cluster
X-Service
X-Dispatcher-Server
Meta-Geo-Continent
X-TIM-N
MD5-Digest
X-Cache-TTL-Remaining
X-DefHash
X-DefElseHash
X-UA-Device-Type
X-Edge-Server
X-Epic-Correlation-Id
X-SB
X-Varnish-CookieHashed-On
X-Ec-GeoHdr
X-V-Cache
Magicmarker
Origin
X-Ec-Fail
X-Varnish-CookieINHashed-On
X-GeoIP-City
X-Level-Front-Cache
X-Origin-Expires
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Ig-Origin-Region
X-Ig-Push-State
X-A-Wwc
Content-Secure-Policy
HostName
DCR-Decision-By
DCR-Processing-Time-Ms
X-Core-Value
X-ND-Cache
X-Aed
Ngx.Var.Host
X-Org
X-Op-Id-All
X-Content-Age
Gannett-Cam-Experience-Id
X-Hnp-Log
X-Via-Fastly
T-Server
X-Rojux
X-Viewer-Country
Surrogated-Key
X-Developer
X-Gen-Mode
X-Generated-On
X-Vdms-Version
Sslversion
X-Bl-Debug
X-D
X-Req
X-Vtex-Remote-Cache
X-BCube-Filmed-By
X-Bc-Bl
X-SRCache-Key
X-Gzip
X-ScT
X-Conf
X-Custom-Header
X-Block-Status
Mime-Version
X-Cdn-Srv
X-SD-PageType
Fastly-SSL
Esi-Enabled
X-Clientip
Host-ID
X-NodeID
X-CacheTTL
Is-Eu
X-Proto
RNT-Machine
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Tube-Get-Contents
X-Bip
Sever-Int
Ssr
Vix-Hermes-Req-Id
X-Auto-Login
X-Region-Sid
X-Amz-Storage-Class
X-AK-Request-ID
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
Server-Hostname
Server-Host
PFcat
X-Request-Time
Origin-EX
Origin-CC
X-Scheme
X-Cache-Info
Platform
Powered-By
RNT-Time
Server-Ext
X-Pubstack
Req-ID
Producers
X-Cache-Bucket
NM-Fastcgi-Cache
Fusion-Template-Id
X-VG-WebCache
X-Geo-Header
X-VG-TLSProxy
X-GeoIP
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-VTEX-Cache-Server
X-Gdpr
X-VarnishDD-TTL
X-FC-Vary-Parameters
X-Varnish-Director
X-Platform
X-Fmm-Version
X-Forwarded-Site
X-Varnish-Hostname
X-PAYTM-SRV-ID
X-VTEX-Cache-Time
X-GoCache-CacheStatus
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Men
X-Nyt-Route
X-Nginx-Cache-Key
X-Node-Id
X-NMSegId
X-LSADC-Cache
X-Loc
X-HN
X-WA-Info
X-Origin-Time
X-HS-Content-Campaign-Id
XM
X-Jobs
X-Origin-Response-Time
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Sn-Servicetimems
X-Powered-By-VTEX-Cache
X-SVT-ORM-RULES
Cdncip
Fusion-Source
X-App-Name
X-Server-IP
Adler-Geo
C-Via
Cache-Provider
X-Thanos
Click-Count-Error
AKAMAI
Click-Count-Action-Start
Fusion-Deployment-Id
Cdnsip
X-Test
Country-Code
CDCHOST
Content-Script-Type
Content-Style-Type
X-Policy
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-SVT-ORM-VERSION
X-HITS
X-Varnish-Beresp-Ttl
X-Location
X-CGP
X-Mvc-Supplant-OutputCached
X-RateLimit-Remaining-Second
X-Contensis-Viewer-Groups
X-CUA
X-Micro-Cache
X-RateLimit-Limit-Second
X-Debug-Cache-Store
X-Csrf-Jwt
X-Device-Os
X-Eu-Site
X-Cache-Aspx
X-Ec-Custom-Error
X-Proxied-Request
X-Pool
X-Depends
X-Backend-Instance
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Debug-Cache-Fetch
X-Hash
X-Human
L5d-Success-Class
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Slack-Backend
Canary
Cluster
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
DSUID
X-Section
X-Slack-Shared-Secret-Outcome
X-Tb-Optimization-Total-Bytes-Saved
X-Wikidot-Static-Cache
X-Wikidot-Backend
Yak-Timeinfo
X-Dc
X-Cache-FS-Status
X-LiteSpeed-Cache-Control
X-Varnishpool
X-Varnish-Authentication
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Gh-Request-Id
X-Varnish-Beresp-Status
X-Access
Release
V-Age
Ha-Gx-Prefs
W
Pramga
Req-Svc-Chain
NGX
HA-Ipaddr
X-Request-Host
L
Machine
True-Client-Country-4JS
X-Request-Start
X-AIR-PT
X-NGINX-Cache
X-Var-Ttl
X-Accel-Expires-Debug
Web-Mar-Region
X-We-Are-Hiring
Mail-Subject
We-Hiring
On-Server
X-Date
Proxy-Firewall
Cache-Key
X-Cs
X-Akamai-Transformed
X-From
X-Up
Server-Info
X-NCache
X-Varnish-Hits
Debug
Redirect-Candidate
X-LB-ID
X-MP-GENERATED-AT
X-Jungle-Id
X-Zone
BehaviorPad-Version
X-Via-Popv
X-HA-Backend
X-Via-Poph
X-Via-Popn
Pics-Label
X-Vdms-Path
X-Cache-Backend
CloudFront-Viewer-Country
Fastly-Drupal-HTML
X-Refresh
CDN-RequestId
WP-Super-Cache
X-VHOST
X-Servedbyhost
X-APP
X-Parent-Response-Time
SID
X-CACHE-AGE
X-Datadome
X-Content-Length
GeoIP-Latitude
X-Uri
X-B3-Parentspanid
X-Nc
X-Render-Time
X-LB-NoCache
X-Nananana
X-PERF
X-ApacheServer
X-Newrelic-Synthetics
X-VC-TTL
X-M-Reqid
X-M-Log
Datacenter
Fastly-Drupal-Html
Resin-Trace
X-CACHE-KEY
X-B3-Spanid
X-Litespeed-Tag
X-DynaTrace-JS-Agent
X-Wa
Server-ID
X-Cached-By
X-CDN-Cache-Status
X-LiteSpeed-Tag
X-ZONE
X-CS
Vc-Max-Age
NtCoent-Length
X-RequestId
Locid
X-Dispatcher-Number
Cdn
X-Amz-Meta-Cb-Modifiedtime
Product
GeoIp-Country-Code
X-Original-Request-Id
X-VCache
X-Response-Served-From
FSS-Cache
X-Fpc
X-NewRelic-App-Data
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-TT-LOGID
Serverhost
X-Ckpd-Fst-Backend
X-Old-Content-Length
X-Esi
True-Client-Ip
X-SERVER-NAME
X-Srv
Cf-Ipcountry
X-TX-ID
X-HostName
X-Nf-Ats-Version
X-Nf-Language
X-Nf-Country
Ngx-Var-Key
Uri
X-Bug-Bounty
True-Client-IP
ServerName
X-HubSpot-Correlation-Id
Srv
X-Vgn-Hpd-Reason
CDN
Tcn
S-Rt
GeoIP-Country-Code
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
X-TIME
X-Cdn-Forward
X-FPC
X-Dynatrace-Js-Agent
X-Moov-Xdn-Version
X-Platform-Processor
X-Platform-Router
X-Moov-T
X-Platform-Cluster
X-TH-Server
Request-ID
X-Dispatch
X-WA
X-Vc
CacheControlHeader
Server-Id
User-Agent
X-Akamai-Device-Characteristics
X-Vmg-Version
Cf-Device-Type
Hostname
X-APP-VERSION
X-COUNTRY
X-VCL-Version
X-Webkit-Csp-Report-Only
ServerHost
X-B-Cookie
X-Gamma-Serve
X-NC
Geoip-Latitude
Srvid
X-Application
X-S-Cookie
X-External-Request-Id
X-Destination
X-Info
X-FL-QIT-DEBUG
Cross-Origin-Embedder-Policy-Report-Only
X-User
X-Presslabs-Stats
X-Geo
X-Lb-Nocache
X-Zen-Fury
Xc-Version
Cneonction
Expect-Staple
Ohc-File-Size
X-ServedByHost
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Instance-Name
X-Hit
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Ha-Backend
X-Cache-Date
Origin-Trial
Cloudfront-Viewer-Country
Epwk-X-Cache
PICS-Label
X-VServer
X-App
X-Amz-Meta-Opti
X-API-Version
X-Segment-20210421
X-V
X-Branch-Name
X-Ua
X-Akamai-Pragma-Client-IP
X-Limited
X-Correlation-ID
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
X-Sqd-Stime
N-Cache
WZWS-RAY
X-Serial
X-Eligible
X-New
X-Platform-Server
X-Rollout
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Lb-Id
X-Check-Cacheable
X-MiniProfiler-Ids
X-Sqd-Ctime
Permission-Policy
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Acquia-Site
X-Acquia-Purge-Tags
Timeexpire
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Acquia-Application-UUID
Cmstype
Cmsid
X-DataCenter
X-MSEdge-Flight
Ohc-Cache-HIT
X-Service-Response-Time
Sm-Log-Id
X-Web-Server
X-MSEdge-Features
X-Datacenter
X-Acquia-Application-Trace
DataCenter
X-CSRF-TOKEN
CountryCode
Load-Balancing
Servername
X-LAGOON
X-Litespeed-Cache-Control
X-Requestid
Fl-Custom-Application
X-ElasticPress-Query
XkeyRZ
Wpo-Cache-Status
X-Fastly-Backend-Reqs
X-DynaTrace
X-Proxy-CacheRZ
Wpo-Cache-Message
X-Shardid
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
Type
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
Warning
Ngx
X-Origin-Upstream-Status
X-Shopid
X-Sorting-Hat-Podid
X-RAMCache
X-Th-Server
X-Snapshot-Date
X-Ramcache
X-Sorting-Hat-Shopid