Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
X-AspNet-Version
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
Permissions-Policy
X-UA-Device
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Clacks-Overhead
Cache-Tag
X-Url
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-CST
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
Nginx-Cache
X-Server-Name
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-ESI
Accept-Ch
X-Ac
X-Cache-TTL
X-Element-Page-Cache
X-D2id
X-GitHub-Request-Id
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
Verso
X-Cdn-Fetch
X-Kinja-Revision
Edge-Control
X-MS-InvokeApp
X-Upstream
X-Vcap-Request-Id
X-FastCGI-Cache
AR-CACHE
X-Ser
X-ECACHE
X-Abt-Application-Version
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
X-ASPNET-VERSION
SPRequestDuration
SPIisLatency
Fastly-Restarts
X-Mod-Pagespeed
X-Webkit-Csp
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Server-Lifecycle-Phase
X-NF-Request-ID
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Edge-Location-Klb
X-Kinsta-Cache
X-Client-IP
X-Ratelimit-Limit
X-Goog-Hash
X-Mg-S
X-ARC
Edge-Cache-Tag
S
X-Powered-CMS
Pagespeed
X-Sol
X-Middleton-Display
Display
X-Oneagent-Js-Injection
X-PDP-UNCACHING-HASH
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
RTSS
X-Cache-Key
X-TraceId
X-Ratelimit-Remaining
X-Content-Digest
X-TTL
X-Fastly-Request-ID
Realpath
X-Forwarded-For
Cross-Origin-Resource-Policy
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Varnish-TTL
Fastcgi-Cache
X-Cached
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
MS-Author-Via
X-Protected-By
X-FTR-Balancer
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-HS-Cache-Config
X-FTR-Cache-Status
Content-MD5
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-Request-Received
X-Forwarded-Proto
X-Request-Processing-Time
Server-Node
Public-Key-Pins
TP-Cache
Payment
X-Frontend
X-LLID
Arr-Disable-Session-Affinity
X-PressLabs-Stats
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ORIGIN
X-HS-Combine-CSS
X-TEC-API-ROOT
X-Ruxit-Js-Agent
X-TEC-API-VERSION
X-FTR-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
Count-Hit
X-Accel-Expires
X-Distributor
X-Origin-Server
X-LB-Cache
X-Server-ID
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-NODE
X-Ezoic-Cdn
X-Microsite
X-Newrelic-App-Data
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Aws-Lambda-Call-Status
X-AppVersion
X-Az
X-Www-Served-By
X-Activity-Id
X-Varnish-Server
X-B3-TraceId-Primal
X-Cluster-Name
X-App-Server
MRF-Tech
Accept-Charset
Mrf-Cache-Status
Host
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
Cache-Tags
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cleartype
X-Ua-Device
Server-Name
X-Goog-Metageneration
Pinterest-Version
X-Pinterest-Rid
Filterid
Pinterest-Generated-By
X-Unique-Id
X-Ttl
X-Git-Hash
X-Envoy-Decorator-Operation
Access-Control-Allow-Method
X-Hostname
X-Hits
X-Azure-Ref
X-CSRF-Token
X-Upgrade-Enabled
X-Load-Cache
X-NGENIX-Cache
X-Debug
X-Geo-Country
X-Logged-In
TCN
TP-L2-Cache
Surrogate-Key
X-FB-Debug
X-Tt-Trace-Tag
X-Tt-Trace-Host
Referer-Policy
X-Proxy
X-Seen-By
X-Id
X-B
X-TT
X-CCDN-Origin-Time
X-B3-Sampled
X-Hcs-Proxy-Type
X-Amz-Apigw-Id
X-CCDN-CacheTTL
Section-Io-Cache
X-Amzn-RequestId
X-Revision
X-Request-Guid
DC
X-Trace-Id
X-Grace
X-F-Cache
X-Type
X-Time
X-Cache-Control
X-Contextid
Healthy
X-Fb-Rlafr
Viewport
X-XRDS-LOCATION
X-Mobile
X-DIS-Request-ID
X-N
Paypal-Debug-Id
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Fastly-SWR
Fastly-SIE
X-Debug-Info
X-Page-Id
Content-Disposition
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Px
X-Varnish-Ttl
X-Varnish-Grace
X-Via-JSL
X-Origin-Cache
X-Whom
Version
X-Magnolia-Registration
X-Webkit-CSP
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Amz-Replication-Status
X-Content-Options
Charset
X-Template
X-UUID
X-G
X-Wix-Request-Id
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel
X-Debug-IsPreview
X-Tumblr-User
X-Tumblr-Pixel-1
MS-CV
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Rule
X-RTag
X-Debug-IsConnected
X-Oracle-Dms-Ecid
X-App-Environment
X-Adobe-Content
X-Adobe-Loc
X-Node-Name
X-Yottaa-Metrics
X-Hl-Ver
X-Storage
X-Datadog-Sampled
X-Cache-Grace
X-Source
X-B-Cache
X-Signature
X-Yottaa-Optimizations
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SD-X-WS
NGB
X-NYM-Debug-Backend
ServerID
X-Proxy-Cache-Info
X-Cacheable-TTL
X-Backend-Name
X-Device-Type
X-L-Path
X-Instance
X-FW-Server
X-FW-Version
X-FW-Type
X-Is-Bot
X-FW-Serve
X-Environment-Context
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-Rendered-As
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
X-Status
X-ServerID
X-Rid
X-Region
Country
GEO-INFO
X-User-Agent
X-Real-IP
X-Cache-Hit
Countrycode
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Ratelimit-Reset
Akamai-GRN
X-B3-SpanId
Liferay-Portal
X-Wormhole-Sdk
X-URL
X-Cache-Age
X-Amzn-Remapped-Content-Length
X-Language
X-WP-CF-Super-Cache-Active
SRV
Front
X-RM-Cache-TTL
X-Sucuri-ID
X-Sucuri-Cache
X-Framework
OT-Force-Account-Verify
X-Air-Pt
Amp-Access-Control-Allow-Source-Origin
X-Servername
X-AB
X-UA
X-VC-Cache
X-Oracle-Dms-Rid
X-WebKit-CSP-Report-Only
From-Origin
X-Content-Powered-By
X-Air-Trace-Id
X-Mode
X-Air-Source
Xet-Cookie
X-Air-Hostname
Backend
X-Akamai-Request-ID2
X-VC
Upgrade-Insecure-Requests
X-DataDome
X-Cache-Time
X-Ismobilevalue
Refresh
X-Xrds-Location
X-Handled-By
X-INCAP-ABP
X-Endurance-Cache-Level
Accept-Language
X-SRV
X-Origin-Cache-Key
X-HTML-Minification-Powered-By
X-Xfnlog-Site
X-Rn-Rsrv
Access-Control-Request-Headers
Filters
X-UPSTREAM-Address
X-RID
X-Rewrite-Enabled
Cache
X-RCS-CacheZone
X-Cache-Status-Check
Meta-Geo
X-JoinUs
X-SaId
X-Provided-By
X-Proxied
LB
X-S
X-Origin-Hint
X-Cluster
X-Origin-Date
X-Edge-Location
X-R9-Blue-Green-Version
X-Cache-Operation
X-Reqid
X-Cache-Rule
X-Extlb
X-Cms-Context
X-Container-Uri
X-Cloudmap
X-Generated-By
Property-Id
TWC-Locale-Group
TWC-Privacy
ServedBy
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
X-Git-Commit
X-Hosted-By
Webcakes-App-Version
Webcakes-Region
X-Adobe-Source
X-No-Session
X-Lambda-Id
Webcakes-App-Name
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
X-PHP-Host
X-Tumblr-Pixel-2
X-Webstats-RespID
X-Routing-Service
X-Zipkin-Id
X-Nginx-Cache
X-Varnish-Age
Web-Mar-Node
X-Locale
X-LJ-Flow-ID
Url
X-Logging-Id
Apigw-Requestid
X-AWS-Id
X-Browser-Name
X-Accel-Version
X-VWS-Id
Atl-Traceid
X-Loop
X-Is-Tablet
X-Geo-Region
X-Tncms
X-Fastly-Request-Id
Section-Io-Id
X-Site-Version
X-Web-Node
X-Httpd
X-IPLB-Instance
X-BYPASS-REASON
X-Api-Version
X-Is-Supported-Browser
X-Is-Mobile
X-IPLB-Request-ID
X-Is-Desktop
X-Skip-Cache
X-Served-From
X-Cache-Debug
X-ProxyCache-Status
X-Redis-Cache
X-Forwarded-Host
X-Scope-Id
X-ProxyCache-Key
X-Restarts
X-Tcp-Rtt
X-Tb
X-Say-TTL
Frame-Options
X-Fetched-On
X-SayCDN-TTL
X-Timing-Wait
X-Format
X-Storefront-Renderer-Rendered
X-Soup
Selected-Fe
X-Frame-Option
X-VCT
X-Director
X-Say-Cacheable
X-Azure-Ref-OriginShield
X-Shopify-Stage
X-Detected-As
Mn-Server-Ip
X-Upstream-Ht
X-Ms-Request-Id
X-Ms-Version
X-Proxy-Build
X-Origin
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Akamai-Edgescape
X-Cache-Host
X-Upstream-Ct
X-Varnish-Cache-Hits
X-ECache
Xserver
X-RateLimit-Limit
X-GeoCode
Webserver
X-GeoCountry
X-Optimistic-Header
X-Sorting-Hat-ShopId
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Request-URI
X-Tt-Logid
X-Drupal-Cache-Tags
X-Lagoon
WPO-Cache-Message
WPO-Cache-Status
X-Vcache
X-Origin-TTL
X-Generation-Time
X-Origin-CC
Thinkindot-CacheControl-Type
X-Shield-Cache-Expires
X-CMSURLCustom
X-Thinkindot-L3
Onion-Location
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
X-Connection-Hash
X-Drupal-Cache-Contexts
X-CDN-Forward
Expiry
Protected
Cache-Hits
X-TA-CDN-Provider
X-WP-CF-Super-Cache-Cookies-Bypass
X-RateLimit-Reset
X-Mg-Request-UUID
X-Cdn-Origin
Cdn-Requestid
X-ID
X-Cache-Expired-At
Source
X-Vcl-Version
X-Vercel-Id
X-Worker
X-Vercel-Cache
X-PHP-Backend
Priority
X-Pass-Why
X-XRDS-Location
Environment
Azure-Version
Azure-InstanceId
Azure-SlotName
Fastcgi-Useragent
Azure-RegionName
AMP-Access-Control-Allow-Source-Origin
Azure-SiteName
X-Buckets
X-Rocket-Nginx-Serving-Static
Node
X-Proxy-Cache-Status
X-GEO
X-Nf-Request-Id
X-Cache-Action
Uber-Trace-Id
X-App-Version
CDN-Cache
Cross-Origin-Embedder-Policy
X-Client-Ip
CDN-Uid
CDN-CachedAt
Sid
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
X-Cluster-Node
X-Aspnetmvc-Version
X-Urbn-Site-Id
X-Tumblr-Pixel-3
Locale
X-Urbn-Context-Path
X-Cache-Server
Cache-Tv-Group
X-FB-TRIP-ID
X-Auth-Group-Type
X-Server-W
CF-IPCountry
X-Fastcgi-Cache
X-Tx-Id
DB-Nickname
X-B3-Traceid
Alternate-Protocol
User-Cache-Control
X-HITS
X-Pad
Fusion-Component-Id
Fusion-Template-Id
X-A
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
X-Jobs
DCR-Decision-By
X-Generated-On
X-BCube-Filmed-By
X-Level-Front-Cache
Content-Secure-Policy
X-Gen-Mode
Candidate-Md5Url
X-Hnp-Log
X-Gzip
X-Ig-Origin-Region
X-Ig-Push-State
X-Bc-Bl
Cdn-Host
Rendered-Blocks
DCR-Processing-Time-Ms
X-Esi-Check
X-Developer
X-Device-Os
X-Dispatcher-Server
X-Cache-Id
A
X-Custom-Header
X-Cache-NE
X-D
X-DefElseHash
X-DefHash
X-Ec-Fail
X-Ec-GeoHdr
X-Content-Age
X-Service
X-Conf
X-Bl-Debug
X-Block-Status
X-Fastly-Backend
X-Core-Value
X-Edge-Server
X-Epic-Correlation-Id
X-Cache-TTL-Remaining
X-Org
Odigeo-Trace-Id
Ngx.Var.Host
T-Server
X-TIM-N
X-UA-Device-Type
X-SRCache-Key
Meta-Geo-Continent
X-Req
Magicmarker
X-Rojux
X-SB
MD5-Digest
X-V-Cache
X-Varnish-CookieHashed-On
X-Via-Fastly
Sslversion
X-Viewer-Country
X-Vtex-Remote-Cache
HostName
X-Vdms-Version
Surrogated-Key
X-Varnish-CookieINHashed-On
Origin
Origin-Agent-Cluster
X-Varnish-Remaining-TTL
Lang
X-ScT
Cdn-Request-Time
X-Origin-Expires
X-A-Dgt
X-A-Dcw
X-A-Wwc
Gannett-Cam-Experience-Id
Edge-Cache
X-Aed
X-ND-Cache
X-A-Dam
X-Op-Id-All
Wxu-Next-Commit
X-A-Ccd
Wxu-Next-Hostname
Wxu-Next-Region
X-LSADC-Cache
Mime-Version
X-DC
Server-Hostname
X-AK-Request-ID
X-Cache-Info
Req-ID
Server-Host
X-Amz-Storage-Class
RNT-Time
Vix-Hermes-Req-Id
RNT-Machine
X-CacheTTL
Server-Ext
X-Ad-Load-Variation
X-Backend-Instance
X-B3-Trace-ID
X-App-Name
Tube-Get-Contents
Tube-Got-Results
V-Age
X-Bip
Tube-Return
Tube-Got-Eval
X-Acquia-Purge-Cdn-Unconfigured
X-Auto-Login
Sever-Int
X-GeoIP-City
X-Scheme
X-Request-Time
X-SD-PageType
X-Server-IP
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Region-Sid
X-RateLimit-Remaining-Second
X-Powered-By-VTEX-Cache
X-Policy
X-Proto
X-Pubstack
X-RateLimit-Limit-Second
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-WA-Info
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
X-VTEX-Cache-Server
X-VG-WebCache
X-Varnish-Director
X-Thanos
X-Varnish-Hostname
X-VarnishDD-TTL
X-VG-TLSProxy
X-Platform
X-PAYTM-SRV-ID
X-Gdpr
X-Forwarded-Site
X-Geo-Header
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Fmm-Version
X-FC-Vary-Parameters
X-Debug-Cache-Fetch
X-Clientip
X-Debug-Cache-Store
X-DPWN-IS-SECURE
X-Fastly-Cache
X-GoCache-CacheStatus
X-HN
X-NodeID
X-Node-Id
X-Nyt-Route
X-Origin-Response-Time
X-Origin-Time
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Loc
X-HS-Content-Campaign-Id
X-Men
X-Micro-Cache
X-Mly-Id
X-Cdn-Srv
X-Cache-Bucket
Is-Eu
Cache-Provider
Host-ID
CDCHOST
Origin-CC
Adler-Geo
C-Via
Fastly-SSL
Click-Count-Error
Fastly-Backend-Name
X-Dc
Cdncip
Origin-EX
Producers
AKAMAI
Content-Style-Type
Content-Script-Type
Country-Code
Click-Count-Action-Start
X-NGINX-Cache
PFcat
Cdnsip
Platform
Powered-By
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-CUA
X-CGP
X-We-Are-Hiring
X-Cache-Aspx
X-Date
Canary
Cache-Key
X-Contensis-Viewer-Groups
X-Csrf-Jwt
X-Varnish-Beresp-Status
X-GeoIP
Release
X-Request-Host
X-Request-Start
X-Proxied-Request
X-Pool
X-Location
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Human
X-LiteSpeed-Cache-Control
X-Section
X-Var-Ttl
X-Varnish-Authentication
X-Depends
Apple-News-Services-Handled
X-Test
X-Ec-Custom-Error
X-Eu-Site
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Apple-News-Services-Host
X-Varnishpool
Web-Mar-Region
We-Hiring
W
L
HA-Ipaddr
X-Accel-Expires-Debug
Gh-Request-Id
Ha-Gx-Prefs
L5d-Success-Class
Machine
Pramga
Req-Svc-Chain
Proxy-Firewall
Ssr
On-Server
NGX
NM-Fastcgi-Cache
True-Client-Country-4JS
X-Access
Mail-Subject
Cluster
DSUID
X-Aicache-OS
Fastly-GeoIP-CountryCode
Yak-Timeinfo
X-BBC-Edge-Cache-Status
Esi-Enabled
X-Varnish-Beresp-Ttl
X-From
X-Hash
X-MP-GENERATED-AT
X-Up
X-NCache
X-Zone
X-AIR-PT
X-Varnish-Hits
X-Cache-FS-Status
X-Jungle-Id
CDN-RequestId
WP-Super-Cache
Redirect-Candidate
X-LB-ID
X-Cache-Backend
X-Vdms-Path
X-Akamai-Transformed
X-Cs
X-Uri
X-CACHE-AGE
X-Refresh
CloudFront-Viewer-Country
Debug
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Via-Popn
SID
X-HA-Backend
X-Nananana
BehaviorPad-Version
X-Via-Popv
Server-Info
Pics-Label
X-Via-Poph
X-Servedbyhost
Fastly-Drupal-HTML
X-Parent-Response-Time
X-APP
X-ApacheServer
GeoIP-Latitude
X-Newrelic-Synthetics
X-PERF
X-VHOST
X-Render-Time
X-B3-Parentspanid
X-VC-TTL
X-M-Log
X-M-Reqid
X-Datadome
X-CS
Fastly-Drupal-Html
X-Content-Length
X-LB-NoCache
X-Original-Request-Id
X-Response-Served-From
X-Cached-By
Datacenter
Locid
Resin-Trace
X-Nc
X-CDN-Cache-Status
X-TT-LOGID
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-LiteSpeed-Tag
Server-ID
X-Wa
Cf-Ipcountry
X-IAuth-Set-Uid
GeoIp-Country-Code
Cdn
NtCoent-Length
X-Amz-Meta-Cb-Modifiedtime
Vc-Max-Age
X-Dispatcher-Number
X-ZONE
X-RequestId
X-VCache
X-Old-Content-Length
X-Varnish-Beresp-TTL
X-Fpc
FSS-Cache
Product
Uri
Srv
Ngx-Var-Key
X-NewRelic-App-Data
X-CACHE-KEY
X-Platform-Cluster
True-Client-IP
X-Nf-Language
X-Vgn-Hpd-Reason
CDN
X-Esi
X-Platform-Router
X-TIME
X-B3-Spanid
Serverhost
X-Nf-Country
X-Platform-Processor
X-Nf-Ats-Version
X-HostName
X-SERVER-NAME
X-Srv
X-TX-ID
X-TH-Server
X-Moov-T
X-Ckpd-Fst-Backend
True-Client-Ip
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Moov-Xdn-Version
X-Cdn-Forward
X-Vc
X-HubSpot-Correlation-Id
S-Rt
X-Dynatrace-Js-Agent
Tcn
X-Bug-Bounty
ServerName
X-FPC
X-Oracle-DMS-ECID
Cross-Origin-Embedder-Policy-Report-Only
GeoIP-Country-Code
X-Cdn-Cache-Status
X-WA
Cf-Device-Type
Request-ID
X-Application
X-S-Cookie
X-APP-VERSION
X-NC
X-Dispatch
X-B-Cookie
CacheControlHeader
X-User
X-External-Request-Id
Server-Id
X-Destination
X-Zen-Fury
X-COUNTRY
Hostname
X-Webkit-Csp-Report-Only
X-Instance-Name
X-Vmg-Version
User-Agent
X-Rocket-Build-Number
Geoip-Latitude
Srvid
X-Cache-Date
X-Lb-Nocache
X-FL-QIT-DEBUG
X-Sigma-Backend
X-Akamai-Device-Characteristics
X-Sigma
X-Presslabs-Stats
X-Via-PopH
X-Via-PopN
Ohc-File-Size
ServerHost
X-Info
X-Geo
X-Via-PopV
X-Ha-Backend
X-Segment-20210421
X-VServer
X-Gamma-Serve
X-API-Version
Xc-Version
X-ServedByHost
Origin-Trial
X-Branch-Name
Cneonction
PICS-Label
X-VCL-Version
Expect-Staple
Epwk-X-Cache
Cloudfront-Viewer-Country
X-Hit
Load-Balancing
DataCenter
X-Akamai-Pragma-Client-IP
X-DataCenter
X-Correlation-ID
X-App
X-Amz-Meta-Opti
X-Limited
X-Ua
X-DynaTrace
X-Srcache-Fetch-Status
Rtss
X-Srcache-Store-Status
X-Lb-Id
X-Serial
Ohc-Cache-HIT
X-MiniProfiler-Ids
X-V
Type
X-Check-Cacheable
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-Acquia-Application-Trace
Timeexpire
X-Service-Response-Time
X-Owner
WebServer
X-Acquia-Application-UUID
X-Sqd-Ctime
Cmsid
Cmstype
X-Sqd-Stime
N-Cache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Irp-Debug
Sm-Log-Id
X-New
X-Eligible
X-MSEdge-Flight
X-Datacenter
X-MSEdge-Features
X-Fastly-Backend-Reqs
WZWS-RAY
X-Web-Server
X-Rollout
Permission-Policy
Cross-Origin-Opener-Policy-Report-Only
Warning
X-Platform-Server
CountryCode
X-CSRF-TOKEN
X-Litespeed-Cache-Control
X-LAGOON
Servername
X-Shardid
X-Sorting-Hat-Shopid
Wpo-Cache-Message
X-Sorting-Hat-Podid
Wpo-Cache-Status
X-Shopid
X-Origin-Upstream-Status
X-Dw-Trace-Id
Edge-Copy-Time
X-Core-Mission
X-Via-SSL
X-Requestid
Ngx
X-RAMCache
X-Ramcache
X-Snapshot-Date
X-Via-Edge
X-Via-CDN
X-Th-Server
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
Cl-Cache
X-Amz-Meta-S3b-Last-Modified
X-Qloud-Router