Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-DNS-Prefetch-Control
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
P3p
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Device
EagleEye-TraceId
X-WebKit-CSP
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Mcache
X-Edge
X-Midtier
X-Server-Name
X-Browser-Type
Nginx-Cache
X-CST
X-Powered-By-Plesk
AR-PoweredBy
AR-ATIME
AR-SID
AR-Request-ID
X-Cnection
Accept-Ch
X-Cache-TTL
X-ESI
X-Ac
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
Edge-Control
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Kinja-Server
Verso
X-Webkit-Csp
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Upstream
X-Abt-Application-Version
X-FastCGI-Cache
X-Navigation-Version
X-Dw-Request-Base-Id
X-ECACHE
X-B3-TraceId
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Client-IP
X-NF-Request-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Goog-Hash
X-ARC
X-PDP-UNCACHING-HASH
X-Ratelimit-Limit
X-Mg-S
X-Powered-CMS
Edge-Cache-Tag
X-Middleton-Display
S
X-Sol
Display
Pagespeed
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Middleton-Response
Response
RTSS
X-TraceId
Realpath
X-Forwarded-For
X-Content-Digest
X-Cache-Key
X-T
Cross-Origin-Resource-Policy
X-Correlation-Id
X-Recruiting
X-Fastly-Request-ID
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Ratelimit-Remaining
Fastcgi-Cache
X-Cached
X-TTL
X-RateLimit-Remaining
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
Content-MD5
MicrosoftSharePointTeamServices
X-HS-Content-Id
X-Ua-Browser
X-HS-Hub-Id
MS-Author-Via
X-HS-Cache-Config
X-Request-Received
X-Country-Code-Real
X-Protected-By
X-FTR-Backend
X-FTR-Cache-Status
X-Request-Processing-Time
X-FTR-Backend-Server
X-FTR-Balancer
X-Forwarded-Proto
X-LLID
TP-Cache
X-Frontend
Server-Node
Payment
Arr-Disable-Session-Affinity
X-PressLabs-Stats
Public-Key-Pins
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ruxit-Js-Agent
Count-Hit
X-HS-Combine-CSS
X-FTR-Expires
X-Accel-Expires
X-GUploader-UploadID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Distributor
X-LB-Cache
X-Origin-Server
X-Server-ID
X-NODE
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Ttl
X-Az
X-AppVersion
X-Www-Served-By
X-Activity-Id
X-ORACLE-DMS-ECID
X-Cluster-Name
MRF-Tech
Mrf-Cache-Status
Accept-Charset
X-Content-Security-Policy-Report-Only
X-App-Server
X-B3-TraceId-Primal
X-Varnish-Server
Host
Cache-Tags
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cleartype
X-Newrelic-App-Data
X-Ua-Device
X-Goog-Metageneration
Server-Name
X-Hits
Filterid
X-Unique-Id
X-Git-Hash
Access-Control-Allow-Method
X-Envoy-Decorator-Operation
Surrogate-Key
X-Debug
X-Upgrade-Enabled
X-Azure-Ref
X-NGENIX-Cache
X-Load-Cache
X-Hostname
X-Id
X-Geo-Country
X-Logged-In
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-CSRF-Token
TCN
X-FB-Debug
X-Tt-Trace-Host
X-Tt-Trace-Tag
TP-L2-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Proxy
X-Seen-By
X-B
Section-Io-Cache
X-B3-Sampled
X-Grace
X-Revision
X-Request-Guid
X-Trace-Id
X-Aws-Lambda-Call-Status
X-CCDN-Origin-Time
X-Cache-Control
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-TT
Referer-Policy
X-Contextid
Healthy
DC
X-F-Cache
X-Fb-Rlafr
X-Time
Viewport
X-Type
X-Mobile
X-N
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-XRDS-LOCATION
Fastly-SWR
Paypal-Debug-Id
Fastly-SIE
X-DIS-Request-ID
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Content-Disposition
X-Page-Id
X-Debug-Info
X-Px
X-Varnish-Grace
X-Varnish-Ttl
X-Via-JSL
X-Origin-Cache
X-Magnolia-Registration
X-Webkit-CSP
X-Whom
Version
X-Amz-Replication-Status
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
Charset
X-RemovedCookies
X-ProcessESI
X-G
X-UUID
X-Template
Ms-Operation-Id
X-Rule
MS-CV
X-Wix-Request-Id
X-Adobe-Content
X-Node-Name
X-RTag
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Tumblr-User
X-App-Environment
X-Oracle-Dms-Ecid
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Source
X-Yottaa-Metrics
VIX-Pulpo-Node
SD-X-WS
X-Datadog-Sampled
X-Storage
NGB
X-Ratelimit-Reset
X-Hl-Ver
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
X-FW-Server
X-Proxy-Cache-Info
X-FW-Static
X-FW-Version
X-User-Agent
X-FW-Serve
X-FW-Hash
X-Device-Type
X-Region
X-Signature
X-FW-Dynamic
X-Backend-Name
X-B-Cache
X-FW-Type
X-Instance
X-NYM-Debug-Backend
X-Rendered-As
X-Is-Bot
GEO-INFO
X-Cache-Grace
X-L-Path
Country
X-Cache-Age
X-Status
X-Wormhole-Sdk
X-Environment-Context
X-ServerID
X-Cacheable-TTL
Cross-Origin-Window-Policy
ServerID
Countrycode
X-Real-IP
X-IPS-LoggedIn
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
X-Cache-Hit
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
X-Amzn-Remapped-Content-Length
Liferay-Portal
Amp-Access-Control-Allow-Source-Origin
X-Rid
SRV
X-Language
Front
X-Framework
OT-Force-Account-Verify
X-Air-Pt
X-Sucuri-Cache
X-Sucuri-ID
X-AB
X-Xrds-Location
X-ECache
X-B3-SpanId
X-Servername
X-WebKit-CSP-Report-Only
X-UA
X-Content-Powered-By
X-Oracle-Dms-Rid
Xet-Cookie
X-VC-Cache
X-Akamai-Request-ID2
X-VC
X-Ismobilevalue
Backend
X-Air-Hostname
X-Air-Trace-Id
X-Fastly-Request-Id
X-Mode
From-Origin
X-Air-Source
X-RID
X-DataDome
Upgrade-Insecure-Requests
Refresh
X-Cache-Time
X-URL
X-Handled-By
Webserver
X-Api-Version
Accept-Language
X-HTML-Minification-Powered-By
X-Cache-Status-Check
X-SRV
X-Rn-Rsrv
X-Xfnlog-Site
X-RCS-CacheZone
LB
X-SaId
X-Rewrite-Enabled
Filters
Meta-Geo
X-UPSTREAM-Address
X-JoinUs
Access-Control-Request-Headers
Cache
X-Cache-Rule
X-Cache-Operation
X-Endurance-Cache-Level
X-R9-Blue-Green-Version
X-No-Session
X-Origin-Date
X-Origin-Hint
X-LJ-Flow-ID
X-PHP-Host
X-Provided-By
X-Lambda-Id
X-Proxied
X-Labrador-Cache-Channel
X-Git-Commit
X-VWS-Id
X-Container-Uri
X-Cms-Context
X-Extlb
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Webstats-RespID
X-Cluster
X-Cloudmap
Webcakes-App-Name
X-Tumblr-Pixel-2
Webcakes-App-Version
Webcakes-Region
X-Adobe-Source
X-Varnish-Age
X-Generated-By
X-AWS-Id
TWC-GeoIP-Country
X-Zipkin-Id
X-Hosted-By
ServedBy
X-INCAP-ABP
X-S
TWC-Connection-Speed
TWC-Device-Class
X-Routing-Service
X-Reqid
Property-Id
X-Browser-Name
X-Akamai-Edgescape
X-BYPASS-REASON
X-Web-Node
Mn-Server-Ip
X-Scope-Id
X-Cache-Debug
X-Locale
X-Restarts
X-Tncms
X-Ms-Request-Id
Atl-Traceid
X-Loop
X-Httpd
X-Accel-Version
Web-Mar-Node
X-Served-From
X-Logging-Id
X-Tcp-Rtt
X-Tt-Logid
X-Geo-Region
X-Is-Desktop
X-ProxyCache-Status
X-Is-Mobile
X-Is-Supported-Browser
Url
X-Fetched-On
X-IPLB-Instance
X-IPLB-Request-ID
X-Site-Version
X-Skip-Cache
X-Is-Tablet
X-Redis-Cache
X-Edge-Location
X-ProxyCache-Key
X-Ms-Version
Section-Io-Id
X-Forwarded-Host
X-Tb
X-Frame-Option
Selected-Fe
X-Detected-As
X-Director
X-Alternate-Cache-Key
X-Say-Cacheable
X-Nf-Request-Id
X-Shopify-Stage
X-Upstream-Ht
X-Upstream-Ct
X-Format
X-Soup
X-Storefront-Renderer-Rendered
X-Timing-Wait
X-Varnish-Beresp-Grace
X-Proxy-Build
X-VCT
X-Optimistic-Header
Apigw-Requestid
X-Say-TTL
X-SayCDN-TTL
X-Origin
X-Varnish-Cache-Hits
X-GeoCountry
X-GeoCode
X-Cache-Host
Xserver
X-RateLimit-Limit
X-Request-URI
Frame-Options
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Azure-Ref-OriginShield
X-Nginx-Cache
X-Mg-Request-UUID
X-Lagoon
Onion-Location
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vcl-Version
X-Drupal-Cache-Tags
Expiry
WPO-Cache-Status
WPO-Cache-Message
X-Connection-Hash
X-Vcache
TDXMobile
X-CDN-Forward
Protected
Thinkindot-Control
X-Origin-CC
X-Shield-Cache-Expires
X-CMSURLCustom
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Origin-TTL
X-Thinkindot-L3
X-Generation-Time
X-Drupal-Cache-Contexts
Source
Cdn-Requestid
X-Cdn-Origin
X-Cache-Expired-At
Fastcgi-Useragent
Cache-Hits
X-Vercel-Id
X-Worker
X-B3-Traceid
X-Vercel-Cache
Environment
X-Rocket-Nginx-Serving-Static
X-PHP-Backend
X-Pass-Why
Sid
X-TA-CDN-Provider
X-Proxy-Cache-Status
Priority
X-GEO
X-Cache-Action
Azure-RegionName
Azure-Version
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Uber-Trace-Id
X-Origin-Cache-Key
X-Buckets
X-RateLimit-Reset
Node
X-App-Version
X-ID
X-Cluster-Node
CDN-EdgeStorageId
CDN-PullZone
CDN-Cache
CDN-RequestCountryCode
CDN-CachedAt
CDN-Uid
CDN-RequestPullCode
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
Cross-Origin-Embedder-Policy
CDN-RequestPullSuccess
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Tumblr-Pixel-3
CF-IPCountry
Cache-Tv-Group
X-XRDS-Location
X-FB-TRIP-ID
X-Cache-Server
X-Server-W
X-Auth-Group-Type
DB-Nickname
X-Fastcgi-Cache
X-Pad
X-NGINX-Cache
X-Tx-Id
User-Cache-Control
Alternate-Protocol
X-Dc
X-A
Rendered-Blocks
Wxu-Next-Hostname
Origin-Agent-Cluster
Wxu-Next-Region
Surrogated-Key
Origin
Wxu-Next-Commit
T-Server
Sslversion
Candidate-Md5Url
Cdn-Request-Time
Content-Secure-Policy
Cdn-Host
A
X-Service
X-SRCache-Key
DCR-Decision-By
DCR-Processing-Time-Ms
MD5-Digest
Ngx.Var.Host
Magicmarker
Lang
Edge-Cache
Gannett-Cam-Experience-Id
Odigeo-Trace-Id
X-Cache-Id
X-Esi-Check
X-Fastly-Backend
X-Gen-Mode
X-Generated-On
X-Epic-Correlation-Id
X-Edge-Server
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
X-GeoIP-City
X-Gzip
X-ND-Cache
X-Op-Id-All
X-Org
X-Origin-Expires
X-Level-Front-Cache
X-Req
X-Hnp-Log
X-Ig-Origin-Region
X-Ig-Push-State
X-Developer
X-Rojux
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
X-Block-Status
X-Aed
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-ScT
X-Cache-NE
X-Custom-Header
X-D
X-DefElseHash
X-DefHash
X-Core-Value
X-SB
X-Cache-TTL-Remaining
X-Conf
X-Content-Age
X-A-Ccd
Meta-Geo-Continent
X-Varnish-Remaining-TTL
X-Vdms-Version
X-Vtex-Remote-Cache
X-Via-Fastly
X-V-Cache
X-Viewer-Country
X-TIM-N
X-UA-Device-Type
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Mime-Version
HostName
X-Client-Ip
X-App-Name
X-Region-Sid
X-Auto-Login
V-Age
Vix-Hermes-Req-Id
X-Amz-Storage-Class
X-Varnish-Hostname
Tube-Return
X-Ad-Load-Variation
X-Mvc-Supplant-Cachable
X-Acquia-Purge-Cdn-Unconfigured
X-AK-Request-ID
X-VarnishDD-TTL
X-Aicache-OS
Tube-Get-Contents
Powered-By
Producers
Req-ID
RNT-Machine
Platform
X-NMSegId
Origin-CC
Origin-EX
PFcat
RNT-Time
Server-Ext
X-Server-IP
X-SD-PageType
Tube-Got-Eval
X-Varnish-Director
X-Nginx-Cache-Key
Server-Host
Server-Hostname
Sever-Int
Tube-Got-Results
X-Men
X-Forwarded-Site
X-Request-Time
X-Gdpr
X-Fmm-Version
X-FC-Vary-Parameters
X-VTEX-Cache-Time
X-WA-Info
X-Fastly-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-HN
X-HS-Content-Campaign-Id
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Geo-Header
X-GeoIP
XM
X-DPWN-IS-SECURE
X-VTEX-Cache-Server
X-LSADC-Cache
X-Cache-Bucket
X-Scheme
X-Node-Id
X-Bip
X-Backend-Instance
X-Mly-Id
X-Micro-Cache
X-Cache-Info
X-VG-TLSProxy
X-Jobs
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Loc
X-VG-WebCache
X-CacheTTL
X-Cdn-Srv
X-Clientip
X-B3-Trace-ID
Ssr
C-Via
Cache-Provider
CDCHOST
AKAMAI
Adler-Geo
X-Origin-Time
X-Origin-Response-Time
Cdncip
X-Sn-Servicetimems
Country-Code
Esi-Enabled
Fastly-Backend-Name
Content-Style-Type
Content-Script-Type
Click-Count-Action-Start
Click-Count-Error
X-PAYTM-SRV-ID
Fusion-Template-Id
X-Test
X-Thanos
X-SVT-ORM-VERSION
X-Powered-By-VTEX-Cache
X-Proto
X-Pubstack
X-Tb-Optimization-Total-Bytes-Saved
X-Policy
X-SVT-ORM-RULES
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-Platform
Fusion-Component-Id
Fastly-SSL
Cdnsip
X-RateLimit-Remaining-Second
NM-Fastcgi-Cache
X-RateLimit-Limit-Second
X-Nyt-Route
X-NodeID
Is-Eu
Host-ID
L
Machine
L5d-Success-Class
X-Date
Apple-News-Services-Handled
X-CUA
X-Csrf-Jwt
X-CGP
Cache-Key
Canary
X-Var-Ttl
X-Location
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Depends
X-Contensis-Viewer-Groups
Mail-Subject
X-Request-Start
X-Slack-Backend
X-Pool
X-Hash
X-Proxied-Request
X-Human
Yak-Timeinfo
NGX
Pramga
X-Request-Host
Req-Svc-Chain
X-Ec-Custom-Error
X-Eu-Site
X-We-Are-Hiring
Proxy-Firewall
Release
X-Device-Os
Apple-News-Services-Parsed-Url
X-Mvc-Supplant-OutputCached
X-Slack-Shared-Secret-Outcome
W
Fastly-GeoIP-CountryCode
X-Section
Ha-Gx-Prefs
X-Varnish-Authentication
DSUID
X-Varnish-Beresp-Status
Web-Mar-Region
X-Varnishpool
X-Accel-Expires-Debug
We-Hiring
X-Access
Cluster
Gh-Request-Id
True-Client-Country-4JS
X-BBC-Edge-Cache-Status
HA-Ipaddr
X-Cache-Aspx
On-Server
X-HITS
X-DC
X-LiteSpeed-Cache-Control
X-Cache-FS-Status
X-AIR-PT
X-Up
X-From
X-NCache
X-Varnish-Beresp-Ttl
X-Varnish-Hits
X-Akamai-Transformed
X-MP-GENERATED-AT
X-Zone
Server-Info
Redirect-Candidate
CDN-RequestId
X-Jungle-Id
Debug
WP-Super-Cache
X-Cache-Backend
X-Vdms-Path
X-Cs
CloudFront-Viewer-Country
X-Refresh
BehaviorPad-Version
X-LB-ID
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-APP
X-Servedbyhost
Pics-Label
X-Parent-Response-Time
X-Uri
X-B3-Parentspanid
X-Via-Popn
X-Via-Poph
Fastly-Drupal-Html
X-Via-Popv
X-HA-Backend
X-VHOST
X-Newrelic-Synthetics
GeoIP-Latitude
X-CACHE-AGE
SID
Fastly-Drupal-HTML
X-M-Reqid
X-M-Log
X-Content-Length
X-Render-Time
X-Nananana
X-Datadome
X-ApacheServer
X-PERF
X-VC-TTL
X-CDN-Cache-Status
X-CS
X-LB-NoCache
X-Nc
X-CACHE-KEY
Datacenter
Resin-Trace
X-B3-Spanid
X-Cached-By
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-NewRelic-App-Data
X-Original-Request-Id
Locid
X-Wa
X-LiteSpeed-Tag
X-Response-Served-From
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
NtCoent-Length
X-ZONE
Vc-Max-Age
X-Varnish-Beresp-TTL
X-Dispatcher-Number
X-RequestId
Server-ID
Cdn
X-TT-LOGID
X-VCache
Product
Cf-Ipcountry
X-IAuth-Set-Uid
True-Client-IP
FSS-Cache
X-Old-Content-Length
Srv
X-Fpc
X-TIME
X-Ckpd-Fst-Backend
X-Esi
Ngx-Var-Key
Uri
X-SERVER-NAME
X-TX-ID
CDN
X-Srv
X-HostName
X-FPC
X-Bug-Bounty
Serverhost
ServerName
X-Nf-Ats-Version
X-Vgn-Hpd-Reason
X-Nf-Language
X-Nf-Country
True-Client-Ip
X-HubSpot-Correlation-Id
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
S-Rt
X-Cdn-Forward
X-Dynatrace-Js-Agent
X-Moov-Xdn-Version
X-Moov-T
Tcn
X-TH-Server
X-Oracle-DMS-ECID
GeoIP-Country-Code
X-WA
Server-Id
Request-ID
X-Vc
CacheControlHeader
X-Dispatch
Cf-Device-Type
X-APP-VERSION
X-Cdn-Cache-Status
Hostname
Cross-Origin-Embedder-Policy-Report-Only
X-Vmg-Version
ServerHost
X-S-Cookie
X-User
X-Destination
X-External-Request-Id
X-B-Cookie
X-Akamai-Device-Characteristics
X-Application
User-Agent
X-NC
X-COUNTRY
X-Webkit-Csp-Report-Only
X-Info
X-Zen-Fury
X-Gamma-Serve
X-Lb-Nocache
X-Via-PopH
Geoip-Latitude
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Ha-Backend
X-FL-QIT-DEBUG
Srvid
X-Via-PopN
X-Via-PopV
X-Presslabs-Stats
Cneonction
Xc-Version
X-Cache-Date
X-Sigma
X-Rocket-Build-Number
X-Instance-Name
Ohc-File-Size
X-Sigma-Backend
X-Geo
PICS-Label
Expect-Staple
X-Hit
Origin-Trial
X-API-Version
X-Segment-20210421
X-ServedByHost
X-VServer
X-VCL-Version
Epwk-X-Cache
X-Branch-Name
Cloudfront-Viewer-Country
X-Amz-Meta-Opti
X-V
X-Ua
X-Lb-Id
X-CSRF-TOKEN
X-App
X-Correlation-ID
X-Akamai-Pragma-Client-IP
X-Limited
X-Srcache-Fetch-Status
Rtss
X-Srcache-Store-Status
WZWS-RAY
X-Eligible
X-Check-Cacheable
N-Cache
X-DataCenter
X-MiniProfiler-Ids
DataCenter
Load-Balancing
X-New
Permission-Policy
X-Serial
Ohc-Cache-HIT
X-Rollout
X-Platform-Server
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-Wp-Cf-Super-Cache
X-DynaTrace
Cmstype
Cmsid
X-MSEdge-Features
XkeyRZ
X-MSEdge-Flight
X-Proxy-CacheRZ
X-Web-Server
X-Sqd-Ctime
Timeexpire
X-Datacenter
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Sqd-Stime
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Warning
X-Acquia-Purge-Tags
Sm-Log-Id
Type
X-Service-Response-Time
Servername
CountryCode
X-LAGOON
X-Litespeed-Cache-Control
Wpo-Cache-Status
Wpo-Cache-Message
Cross-Origin-Opener-Policy-Report-Only
X-Ramcache
Ngx
X-Core-Mission
X-Th-Server
X-Fastly-Backend-Reqs
X-Shopid
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Dw-Trace-Id
X-Irp-Debug
X-IN-APIGATEWAY
X-Snapshot-Date
X-Amz-Meta-S3b-Last-Modified
X-Requestid
X-IN-APIGATEWAYSSL
X-Sorting-Hat-Podid
X-Shardid
X-Origin-Upstream-Status
X-RAMCache
X-Owner
X-Sorting-Hat-Shopid