Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-Ua-Compatible
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
Expect-Ct
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-UA-Device
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
X-Rq
X-Age
Permissions-Policy
X-Vhost
X-Amz-Version-Id
Allow
X-Dispatcher
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Litespeed-Cache
X-Node
Content-Location
X-Application-Context
X-Ruxit-JS-Agent
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-CST
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-Url
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Daa-Tunnel
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-Upstream
Edge-Control
X-ECACHE
X-MS-InvokeApp
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
Verso
X-Ac
X-ESI
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Aws-Lambda-Call-Status
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Ser
X-Vcap-Request-Id
X-Navigation-Version
X-Cache-TTL
X-Mod-Pagespeed
X-Abt-Application-Version
X-B3-TraceId
SPIisLatency
SPRequestDuration
AR-CACHE
X-Ruxit-Js-Agent
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-Client-IP
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Pagespeed
X-Middleton-Display
X-Sol
Display
Edge-Cache-Tag
X-RateLimit-Remaining
X-Mg-S
S
X-Cache-Key
X-Edge-Location-Klb
X-Kinsta-Cache
X-Powered-CMS
X-Amzn-Trace-Id
X-Middleton-Response
Response
Cache-Status
X-VARITI-CCR
X-Version
Access-Control-Request-Method
X-Goog-Hash
X-Fastly-Request-ID
X-ARC
RTSS
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-T
Realpath
X-Varnish-TTL
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Correlation-Id
X-MSEdge-Ref
MS-Author-Via
Front-End-Https
Fastcgi-Cache
X-Cached
X-Ttl
Content-MD5
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ratelimit-Limit
X-Ua-Browser
X-FTR-Backend-Server
X-FTR-Backend
Server-Node
Payment
X-FTR-Balancer
X-Country-Code-Real
X-Protected-By
X-FTR-Cache-Status
Public-Key-Pins
X-Request-Processing-Time
X-PDP-UNCACHING-HASH
Arr-Disable-Session-Affinity
X-Request-Received
X-Forwarded-Proto
X-HS-Combine-CSS
X-Frontend
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-LLID
TP-Cache
X-Origin-Cache-Key
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Distributor
X-Accel-Expires
X-FTR-Expires
X-Server-ID
X-HP-Webp
X-Jurisdiction
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-HP-Trace-Id
Count-Hit
X-GUploader-UploadID
X-Hits
X-TTL
X-Origin-Server
X-LB-Cache
X-Ezoic-Cdn
X-ORACLE-DMS-RID
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-Az
X-AppVersion
Host
X-TEC-API-ORIGIN
X-PressLabs-Stats
X-Cluster-Name
X-TEC-API-VERSION
X-Ua-Device
X-TEC-API-ROOT
X-Varnish-Backend
X-Www-Served-By
Mrf-Cache-Status
Cache-Tags
X-Varnish-Server
Retry-After
X-B3-TraceId-Primal
MRF-Tech
X-App-Server
X-Ratelimit-Remaining
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Hostname
Server-Name
X-NGENIX-Cache
X-Geo-Country
Cleartype
X-RateLimit-Limit
X-NODE
X-Envoy-Decorator-Operation
X-Newrelic-App-Data
Referer-Policy
X-DIS-Request-ID
X-Goog-Metageneration
X-Upgrade-Enabled
TP-L2-Cache
X-CSRF-Token
X-Seen-By
Access-Control-Allow-Method
X-Git-Hash
X-Oracle-Dms-Ecid
X-Amz-Apigw-Id
X-Azure-Ref
X-Amzn-RequestId
X-F-Cache
X-Hcs-Proxy-Type
X-Load-Cache
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-Unique-Id
X-ORACLE-DMS-ECID
X-Grace
Filterid
X-Debug-Info
X-Revision
X-Cache-Control
Healthy
X-XRDS-LOCATION
X-Px
X-Trace-Id
TCN
X-Request-Guid
Section-Io-Cache
Paypal-Debug-Id
X-B
X-FB-Debug
X-TT
X-B3-Sampled
DC
X-Type
X-Page-Id
X-Contextid
X-Fb-Rlafr
X-Oracle-Dms-Rid
X-Logged-In
X-N
X-Mobile
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Viewport
X-Varnish-Ttl
X-Whom
X-Debug
Charset
X-Template
Fastly-SIE
Fastly-SWR
X-Datadog-Trace-Id
X-Language
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Goog-Stored-Content-Encoding
X-Time
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Cache-Grace
X-Content-Options
X-Webkit-CSP
Version
X-Magnolia-Registration
X-Via-JSL
X-Wix-Request-Id
Content-Disposition
X-RateLimit-Reset
X-EdgeConnect-Cache-Status
X-App-Environment
X-Varnish-Grace
X-B-Cache
X-Signature
X-Node-Name
SRV
X-Origin-Cache
X-RemovedCookies
X-Amzn-Remapped-Content-Length
X-B3-SpanId
X-ProcessESI
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-User
X-Tumblr-Pixel-0
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-Rule
X-Yottaa-Metrics
X-Debug-IsPreview
X-Debug-IsConnected
X-Tumblr-Pixel-1
X-Datadog-Sampled
X-Hl-Ver
X-Amz-Replication-Status
MS-CV
X-Backend-Name
Ms-Operation-Id
SD-X-WS
X-G
X-RTag
X-UUID
X-Adobe-Loc
X-FW-Type
X-FW-Server
X-Proxy-Cache-Info
GEO-INFO
X-Instance
X-FW-Version
X-FW-Static
X-Adobe-Content
X-FW-Dynamic
X-FW-Hash
X-Storage
X-FW-Serve
X-Device-Type
X-Cache-Age
X-Region
X-NYM-Debug-Backend
NGB
Liferay-Portal
Country
X-IPS-LoggedIn
X-Is-Bot
X-Rendered-As
ServerID
X-User-Agent
X-Cacheable-TTL
X-Cache-Hit
X-L-Path
X-Status
X-Environment-Context
X-Real-IP
X-ServerID
X-NWS-UUID-VERIFY
Countrycode
X-Source
X-Rid
Akamai-GRN
Surrogate-Key
X-Sucuri-ID
X-Sucuri-Cache
X-Servername
X-WP-CF-Super-Cache-Active
Cross-Origin-Window-Policy
From-Origin
OT-Force-Account-Verify
X-VC-Cache
X-UA
X-WebKit-CSP-Report-Only
X-RM-Cache-TTL
Backend
Upgrade-Insecure-Requests
Amp-Access-Control-Allow-Source-Origin
X-INCAP-ABP
X-Framework
Front
X-Mode
X-Xrds-Location
Refresh
Frame-Options
X-AB
X-Cache-Time
Xet-Cookie
X-Content-Powered-By
X-Akamai-Request-ID2
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-HTML-Minification-Powered-By
X-RID
X-Buckets
X-Edge-Location
X-Handled-By
Url
X-VC
Webserver
X-Air-Pt
X-Endurance-Cache-Level
X-Wormhole-Sdk
X-Cluster
X-LJ-Flow-ID
Meta-Geo
X-JoinUs
Filters
X-AWS-Id
X-Azure-Ref-OriginShield
X-Akamai-Edgescape
Selected-Fe
X-No-Session
Access-Control-Request-Headers
X-Rn-Rsrv
X-SaId
X-Origin-CC
X-Origin-TTL
X-Reqid
X-DataDome
X-Timing-Wait
X-Xfnlog-Site
X-Webstats-RespID
X-VWS-Id
X-Origin-Date
X-UPSTREAM-Address
X-Rewrite-Enabled
X-RCS-CacheZone
X-Proxy-Build
X-Cache-Rule
X-IPLB-Request-ID
TWC-Privacy
Webcakes-App-Name
X-IPLB-Instance
X-VCT
X-Labrador-Cache-Channel
X-Tumblr-Pixel-2
Webcakes-Region
Webcakes-App-Version
WPO-Cache-Status
WPO-Cache-Message
TWC-Locale-Group
X-Git-Commit
TWC-GeoIP-Country
Mn-Server-Ip
TWC-Device-Class
TWC-Connection-Speed
Property-Id
X-Container-Uri
X-Logging-Id
X-Generation-Time
X-Fetched-On
TWC-GeoIP-LatLong
X-Drupal-Cache-Tags
Atl-Traceid
X-Cache-Operation
X-Provided-By
X-SRV
X-R9-Blue-Green-Version
X-Origin
X-Served-From
X-Ms-Request-Id
X-Origin-Hint
X-PHP-Host
X-Ms-Version
TDXMobile
X-Drupal-Cache-Contexts
X-Tb
Cache
X-Redis-Cache
X-Cache-Debug
Section-Io-Id
X-Routing-Service
Thinkindot-Control
X-Varnish-Cache-Hits
X-Thinkindot-L3
X-Httpd
X-Scope-Id
Thinkindot-CacheControl-Type
X-Extlb
Thinkindot-CacheControl
X-Hosted-By
X-ProxyCache-Status
X-Cloudmap
X-BYPASS-REASON
X-Cache-Status-Check
X-CDN-Forward
X-Zipkin-Id
X-Accel-Version
X-Locale
X-Site-Version
X-Web-Node
X-Adobe-Source
X-Restarts
X-ProxyCache-Key
X-Shield-Cache-Expires
X-CMSURLCustom
X-Cms-Context
Web-Mar-Node
X-Proxied
X-Cdn-Origin
X-Format
X-Director
X-Upstream-Ht
X-Forwarded-Host
X-Frame-Option
X-Tcp-Rtt
X-Is-Tablet
X-Is-Supported-Browser
X-Soup
X-Skip-Cache
X-Browser-Name
X-Tncms
X-Lambda-Id
X-Loop
X-Is-Mobile
X-Say-Cacheable
X-Varnish-Age
X-S
X-Say-TTL
X-SayCDN-TTL
X-Is-Desktop
X-Upstream-Ct
X-Geo-Region
X-Nginx-Cache
X-GeoCountry
Apigw-Requestid
Accept-Language
X-Cache-Host
Xserver
X-Varnish-Beresp-Grace
Cache-Hits
X-GeoCode
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Vcache
ServedBy
X-Detected-As
X-ShopId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Worker
X-Generated-By
X-Vercel-Cache
X-Optimistic-Header
X-Rocket-Nginx-Serving-Static
X-Vercel-Id
X-Lagoon
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-Version
CDN-RequestId
Azure-RegionName
X-B3-Traceid
Node
Source
X-WP-CF-Super-Cache-Cookies-Bypass
X-App-Version
X-Request-URI
X-Pass-Why
AMP-Access-Control-Allow-Source-Origin
Protected
Cross-Origin-Embedder-Policy
Fastcgi-Useragent
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-RequestPullCode
X-Vcl-Version
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
X-Tumblr-Pixel-3
Alternate-Protocol
Expiry
X-XRDS-Location
X-Connection-Hash
X-GEO
LB
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Ratelimit-Reset
X-Cache-Server
DB-Nickname
X-Jobs
Onion-Location
X-Cache-Expired-At
X-TA-CDN-Provider
X-Server-W
Sid
X-Fastly-Request-Id
CF-IPCountry
X-TT-LOGID
X-PHP-Backend
Environment
X-Original-Request-Id
Priority
X-Api-Version
X-Fastcgi-Cache
X-Response-Served-From
Uber-Trace-Id
X-Proxy-Cache-Status
X-LSADC-Cache
User-Cache-Control
X-Cluster-Node
X-Cache-Action
X-Uri
HostName
X-MP-GENERATED-AT
X-Urbn-Context-Path
Locale
X-LiteSpeed-Cache-Control
X-Urbn-Site-Id
X-Mg-Request-UUID
X-FB-TRIP-ID
X-AIR-PT
WP-Super-Cache
X-A-Dam
Vix-Hermes-Req-Id
X-SB
X-A-Dcw
X-Powered-By-VTEX-Cache
X-A-Ccd
Wxu-Next-Hostname
X-A-Dgt
Wxu-Next-Region
X-Rojux
A
X-Aed
X-A
X-A-Wwc
X-Request-Start
Wxu-Next-Commit
X-Forwarded-Site
X-Proto
Cache-Tv-Group
X-Op-Id-All
Magicmarker
Lang
MD5-Digest
X-Org
DCR-Processing-Time-Ms
Meta-Geo-Continent
Edge-Cache
Fusion-Component-Id
Fusion-Content-Id
Gannett-Cam-Experience-Id
X-Node-Id
X-NMSegId
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
DCR-Decision-By
X-Origin-Expires
X-Level-Front-Cache
X-Mvc-Supplant-Cachable
Candidate-Md5Url
Server-Host
Sslversion
X-Platform
Surrogated-Key
Req-ID
Rendered-Blocks
Content-Secure-Policy
X-NCache
X-ND-Cache
Ngx.Var.Host
NM-Fastcgi-Cache
Origin-Agent-Cluster
Origin
T-Server
X-ScT
X-Test
X-Thanos
X-TIM-N
X-UA-Device-Type
X-DC
X-Block-Status
X-Content-Age
X-GeoIP-City
X-D
X-Hnp-Log
X-Cache-Id
X-Clientip
X-Varnish-Hostname
X-Gzip
X-Conf
X-Viewer-Country
X-Cache-NE
X-Vtex-Remote-Cache
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-SRCache-Key
X-Bl-Debug
X-Developer
X-GeoIP
X-Gen-Mode
X-Esi-Check
X-Jungle-Id
X-Device-Os
X-Ec-Fail
X-Ec-GeoHdr
X-Dispatcher-Server
X-Vdms-Path
X-Ig-Origin-Region
X-FC-Vary-Parameters
X-Epic-Correlation-Id
X-Generated-On
X-Bc-Bl
X-Vdms-Version
X-Bip
X-BCube-Filmed-By
X-Origin-Response-Time
X-Tx-Id
X-NGINX-Cache
X-URL
X-Newrelic-Synthetics
X-CGP
Origin-CC
X-CUA
X-Debug-Cache-Fetch
X-Debug-Cache-Store
L5d-Success-Class
Origin-EX
Mail-Subject
X-Core-Value
X-Csrf-Jwt
X-Nginx-Cache-Key
X-GeoIP-Country-Code
X-Geo-Header
We-Hiring
X-Gdpr
X-Fastly-Cache
X-HS-Content-Campaign-Id
W
X-Cache-Bucket
Host-ID
X-Fmm-Version
X-App-Name
X-ApacheServer
X-AK-Request-ID
X-Auth-Group-Type
X-Backend-Instance
X-Auto-Login
X-Cache-Info
X-Edge-Server
X-Cdn-Srv
X-Eu-Site
X-GeoIP-Region-Code
Release
X-Mvc-Supplant-OutputCached
Powered-By
Server-Ext
X-HN
X-Cache-TTL-Remaining
X-Loc
Ssr
X-Amz-Storage-Class
Server-Hostname
Sever-Int
PFcat
Cdncip
Cache-Provider
X-VarnishDD-TTL
C-Via
X-Varnish-Director
X-Var-Ttl
X-Varnishpool
HA-Ipaddr
X-VG-WebCache
X-Via-Fastly
Cdn-Request-Time
Cdn-Host
CDCHOST
X-V-Cache
AKAMAI
X-Scheme
X-Region-Sid
X-Request-Time
X-Render-Time
X-Req
X-SD-PageType
X-RateLimit-Remaining-Second
X-ECache
X-Zone
X-Service
X-RateLimit-Limit-Second
X-WA-Info
Canary
Fastly-Backend-Name
Content-Script-Type
X-Pubstack
Fastly-SSL
Content-Style-Type
Esi-Enabled
X-Policy
DSUID
X-From
X-Nyt-Route
Yak-Timeinfo
X-Origin-Time
X-PERF
Cdnsip
Ha-Gx-Prefs
X-PAYTM-SRV-ID
X-B3-Trace-ID
X-Aicache-OS
X-Request-Host
X-Human
X-Varnish-Beresp-Ttl
X-Server-IP
X-Fastly-Backend
X-Varnish-Beresp-Status
X-Section
X-Ig-Push-State
X-Cache-Aspx
X-GoCache-CacheStatus
XM
X-CacheTTL
X-Wikidot-Static-Cache
X-VG-TLSProxy
X-Contensis-Viewer-Groups
X-We-Are-Hiring
X-Wikidot-Backend
Gh-Request-Id
X-Hash
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
X-Ec-Custom-Error
X-Varnish-Authentication
X-DPWN-IS-SECURE
X-BBC-Edge-Cache-Status
X-Ad-Load-Variation
RNT-Time
X-Acquia-Purge-Cdn-Unconfigured
RNT-Machine
Req-Svc-Chain
Redirect-Candidate
Cache-Key
X-Micro-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Producers
Pramga
Fastly-GeoIP-CountryCode
Machine
L
Is-Eu
Country-Code
Cluster
Platform
Click-Count-Action-Start
Click-Count-Error
On-Server
True-Client-Country-4JS
X-Mly-Id
Adler-Geo
X-Location
V-Age
X-Pool
X-Access
Web-Mar-Region
Tube-Return
X-Proxied-Request
X-Men
Tube-Got-Eval
Tube-Get-Contents
Tube-Got-Results
X-Dc
X-Cache-Backend
X-Up
X-Accel-Expires-Debug
NGX
X-Tt-Logid
X-Date
Odigeo-Trace-Id
Cdn-Requestid
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Proxy-Firewall
Datacenter
X-Cs
X-Varnish-Hits
X-LB-ID
X-COUNTRY
X-NodeID
Debug
X-Custom-Header
X-Ismobilevalue
X-Akamai-Transformed
X-CACHE-GROUP
Locid
X-ID
X-Nananana
X-Refresh
X-Nf-Request-Id
X-Pad
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-HA-Backend
X-Varnish-CookieINHashed-On
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-DefElseHash
X-DefHash
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Router
X-Client-Ip
X-Platform-Processor
X-Platform-Cluster
X-LiteSpeed-Tag
Pics-Label
X-Datadome
Fastly-Drupal-HTML
Mime-Version
SID
X-Depends
CloudFront-Viewer-Country
X-M-Reqid
X-M-Log
X-VHOST
X-Old-Content-Length
X-Servedbyhost
Ngx-Var-Key
X-Cached-By
X-VC-TTL
X-Esi
GeoIP-Latitude
X-Parent-Response-Time
X-Cache-FS-Status
X-Moov-Xdn-Version
X-B3-Parentspanid
X-TH-Server
X-CDN-Cache-Status
X-Moov-T
X-LB-NoCache
X-CACHE-AGE
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
X-TIME
Cross-Origin-Embedder-Policy-Report-Only
Resin-Trace
GeoIp-Country-Code
X-VCache
X-CS
Cf-Ipcountry
NtCoent-Length
Server-ID
Server-Info
X-Presslabs-Stats
Cdn
X-Wa
X-User
X-Vgn-Hpd-Reason
Uri
X-External-Request-Id
X-Destination
X-S-Cookie
X-B-Cookie
X-Application
X-Nc
Cf-Device-Type
BehaviorPad-Version
X-Litespeed-Tag
Tcn
X-NewRelic-App-Data
FSS-Cache
X-Zen-Fury
X-APP
X-ZONE
True-Client-IP
X-TX-ID
X-Flags
CDN
X-Providence-Cookie
X-Route-Name
X-Varnish-Beresp-TTL
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Sigma
X-Cache-Date
X-Fpc
X-Sigma-Backend
X-Rocket-Build-Number
X-Instance-Name
X-IAuth-Set-Uid
X-HostName
X-Vc
X-VServer
X-DynaTrace
X-API-Version
X-Srv
True-Client-Ip
X-Content-Length
X-Dynatrace-Js-Agent
X-Segment-20210421
X-HITS
X-Branch-Name
Load-Balancing
X-Page-View
X-Oracle-DMS-ECID
X-FPC
X-Cdn-Forward
GeoIP-Country-Code
X-NC
Serverhost
X-HOST
X-WA
Srv
S-Rt
Ohc-File-Size
Request-ID
X-Dispatch
X-Cdn-Cache-Status
X-Dispatcher-Number
X-DataCenter
Hostname
Product
Vc-Max-Age
Type
Server-Id
Geoip-Latitude
X-Sql-Duration-Ms
X-Sql-Count
X-Http-Reason
X-B3-Spanid
X-APP-VERSION
X-Lb-Nocache
X-Irp-Debug
X-FL-QIT-DEBUG
X-Webkit-Csp-Report-Only
X-RequestId
Srvid
Cl-Cache
ServerName
X-Geo
X-ServedByHost
X-Ckpd-Fst-Backend
WZWS-RAY
Cloudfront-Viewer-Country
X-Bug-Bounty
X-Via-SSL
X-CSRF-TOKEN
X-Owner
Edge-Copy-Time
DataCenter
X-SIPLIST1
X-Via-CDN
IsBot
X-Via-Edge
X-VCL-Version
X-Core-Mission
CacheControlHeader
X-Proxy-CacheRZ
XkeyRZ
MIME-Version
Epwk-X-Cache
Origin-Trial
Cross-Origin-Opener-Policy-Report-Only
Ohc-Cache-HIT
X-Hit
X-Cache-Ttl
Lb
X-Qloud-Router
X-Correlation-ID
X-Via-PopN
N-Cache
X-App
X-Ua
ServerHost
CountryCode
X-Via-PopV
X-Via-PopH
X-Ha-Backend
PICS-Label
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
X-MSEdge-Features
X-Fastly-Country-Code
X-Amz-Meta-Opti
X-MiniProfiler-Ids
X-Lb-Id
X-MSEdge-Flight
X-Sqd-Stime
X-Acquia-Site
X-Sqd-Ctime
X-Acquia-Purge-Tags
X-Service-Response-Time
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Warning
X-Requestid
X-Web-Server
X-Datacenter
Sm-Log-Id
Servedby
X-LAGOON
X-Forwarded-Path
X-Dw-Trace-Id
X-CF-Lambda-Version
X-Shop-Environment
X-Udemy-Cache-App-Namespace
X-IN-APIGATEWAY
X-Tenant
X-IN-APIGATEWAYSSL
X-Akamai-Device-Characteristics
X-Limited
X-Vmg-Version
User-Agent
Cneonction
Xkeylog
Xkey-La3
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Serial
X-Orig-Expires
X-Th-Server
Expect-Staple
X-Ramcache
Ngx
X-Check-Cacheable
X-RAMCache
X-Cdn-Request-ID
X-CF-Lambda-Fn
X-Proxy-Cache-La3
Akamai-Cache-Status
X-Akamai-Pragma-Client-IP
X-Cache-Type
X-Snapshot-Date