Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
X-Cache-Group
Request-Context
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
EagleEye-TraceId
X-WebKit-CSP
X-Host
Cf-Railgun
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Litespeed-Cache
X-ASPNET-VERSION
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-PC
X-FTR-Request-ID
X-TtlSet
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Daa-Tunnel
X-Server-Name
X-Browser-Type
Nginx-Cache
X-CST
X-Powered-By-Plesk
AR-PoweredBy
AR-SID
AR-Request-ID
AR-ATIME
X-Cnection
Accept-Ch
X-ESI
X-GitHub-Request-Id
X-Cache-TTL
X-Element-Page-Cache
Edge-Control
X-Ac
X-D2id
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
Verso
X-Webkit-Csp
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Upstream
X-FastCGI-Cache
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-B3-TraceId
X-ECACHE
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Amz-Rid
X-Instrumentation
X-SharePointHealthScore
X-Erf-Bev-Bev
SPRequestGuid
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Client-IP
X-NF-Request-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-ARC
X-PDP-UNCACHING-HASH
X-Mg-S
X-Powered-CMS
Edge-Cache-Tag
Display
X-Sol
X-Middleton-Display
Pagespeed
S
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Middleton-Response
Response
RTSS
X-TraceId
X-Content-Digest
X-Forwarded-For
X-Cache-Key
Realpath
X-T
Cross-Origin-Resource-Policy
X-Correlation-Id
X-ORACLE-DMS-RID
X-Fastly-Request-ID
X-Recruiting
X-Varnish-TTL
Fastcgi-Cache
X-Ratelimit-Remaining
X-RateLimit-Remaining
X-TTL
X-Cached
X-MSEdge-Ref
X-Server-ID
X-Shield-Request-Id
Front-End-Https
Content-MD5
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-Ua-Browser
X-HS-Content-Id
X-HS-Cache-Config
MS-Author-Via
X-Protected-By
X-Country-Code-Real
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Frontend
X-Forwarded-Proto
Public-Key-Pins
Arr-Disable-Session-Affinity
X-PressLabs-Stats
Payment
X-Request-Processing-Time
X-Request-Received
Server-Node
X-LLID
TP-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ruxit-Js-Agent
Count-Hit
X-FTR-Expires
X-HS-Combine-CSS
X-GUploader-UploadID
X-Accel-Expires
X-Distributor
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-LB-Cache
X-Origin-Server
X-HP-Trace-Id
X-NODE
X-Jurisdiction
X-HP-Webp
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Ttl
X-ORACLE-DMS-ECID
X-AppVersion
X-Az
X-Varnish-Server
X-Activity-Id
X-Www-Served-By
X-Content-Security-Policy-Report-Only
X-Cluster-Name
X-Varnish-Backend
Host
X-B3-TraceId-Primal
X-App-Server
MRF-Tech
Accept-Charset
Mrf-Cache-Status
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
Retry-After
Cleartype
X-Newrelic-App-Data
X-Ua-Device
X-Goog-Metageneration
Server-Name
X-Hits
Filterid
X-Unique-Id
X-Git-Hash
Access-Control-Allow-Method
X-Envoy-Decorator-Operation
X-Debug
X-Upgrade-Enabled
Surrogate-Key
X-Load-Cache
X-NGENIX-Cache
X-Hostname
X-Azure-Ref
X-Geo-Country
X-Logged-In
X-Id
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-CSRF-Token
TCN
X-FB-Debug
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Apigw-Id
X-Amzn-RequestId
TP-L2-Cache
X-Proxy
X-Seen-By
X-B3-Sampled
X-CCDN-Origin-Time
X-Grace
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Trace-Id
X-Aws-Lambda-Call-Status
DC
Section-Io-Cache
X-Type
X-B
X-Fb-Rlafr
X-Cache-Control
X-Request-Guid
X-TT
Healthy
X-Revision
X-Contextid
Viewport
X-Time
Referer-Policy
X-F-Cache
X-Mobile
X-Goog-Stored-Content-Encoding
X-XRDS-LOCATION
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-N
X-Goog-Generation
X-DIS-Request-ID
Paypal-Debug-Id
Fastly-SWR
Fastly-SIE
Content-Disposition
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Debug-Info
X-Page-Id
X-Px
X-Via-JSL
X-Varnish-Grace
X-Varnish-Ttl
X-Origin-Cache
Version
X-Webkit-CSP
X-Magnolia-Registration
X-Amz-Replication-Status
X-Whom
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Content-Options
Charset
X-Template
X-ProcessESI
X-RemovedCookies
X-Rule
X-UUID
X-App-Environment
X-Tumblr-Pixel
X-RTag
Ms-Operation-Id
X-Tumblr-Pixel-1
X-Tumblr-User
MS-CV
X-Wix-Request-Id
X-Node-Name
X-Tumblr-Pixel-0
X-Oracle-Dms-Ecid
X-Ratelimit-Reset
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Hl-Ver
X-G
SD-X-WS
NGB
X-User-Agent
X-Debug-IsConnected
X-Device-Type
X-NYM-Debug-Backend
X-Datadog-Sampled
X-Debug-IsPreview
X-Adobe-Content
X-Storage
X-Region
X-Is-Bot
X-FW-Dynamic
X-Source
X-Adobe-Loc
X-Cacheable-TTL
X-Backend-Name
X-FW-Type
X-FW-Serve
X-Rendered-As
X-FW-Static
X-FW-Version
X-FW-Hash
X-FW-Server
X-Instance
Country
X-Environment-Context
X-Wormhole-Sdk
X-Status
X-L-Path
X-Proxy-Cache-Info
VIX-Pulpo-Node
GEO-INFO
X-Cache-Grace
VIX-Pulpo-Upstream-Status
Cross-Origin-Window-Policy
X-Cache-Age
X-Signature
X-B-Cache
ServerID
X-ServerID
X-Real-IP
Countrycode
X-EdgeConnect-Cache-Status
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
X-Cache-Hit
X-WP-CF-Super-Cache-Active
Akamai-GRN
X-Amzn-Remapped-Content-Length
X-Rid
Liferay-Portal
X-RM-Cache-TTL
Amp-Access-Control-Allow-Source-Origin
X-Language
Front
SRV
X-Framework
X-Sucuri-ID
X-Sucuri-Cache
X-Air-Pt
X-ECache
X-Servername
X-B3-SpanId
X-Xrds-Location
X-AB
X-WebKit-CSP-Report-Only
OT-Force-Account-Verify
X-UA
X-Content-Powered-By
X-Oracle-Dms-Rid
X-VC
X-Ismobilevalue
From-Origin
Xet-Cookie
X-Air-Hostname
X-Air-Source
X-Akamai-Request-ID2
X-Air-Trace-Id
X-Fastly-Request-Id
Backend
X-VC-Cache
X-Mode
X-RID
X-RateLimit-Limit
X-DataDome
Upgrade-Insecure-Requests
Refresh
X-Handled-By
X-URL
X-Cache-Time
X-HTML-Minification-Powered-By
X-Api-Version
Access-Control-Request-Headers
Webserver
X-Cache-Status-Check
X-SRV
X-JoinUs
Accept-Language
Cache
Meta-Geo
Filters
X-SaId
X-Xfnlog-Site
X-UPSTREAM-Address
LB
X-Rewrite-Enabled
X-Rn-Rsrv
X-RCS-CacheZone
X-Proxied
X-Endurance-Cache-Level
X-Origin-Date
X-No-Session
X-Origin-Hint
X-Cache-Rule
X-Provided-By
X-LJ-Flow-ID
X-Lambda-Id
X-Cache-Operation
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
X-Varnish-Age
X-Extlb
TWC-Device-Class
TWC-GeoIP-LatLong
X-Cloudmap
Webcakes-App-Name
X-Tumblr-Pixel-2
X-AWS-Id
X-Reqid
X-Generated-By
Webcakes-App-Version
Webcakes-Region
TWC-Connection-Speed
X-Cluster
X-Routing-Service
ServedBy
X-Webstats-RespID
X-INCAP-ABP
X-VWS-Id
X-Git-Commit
X-Hosted-By
X-Container-Uri
X-Cms-Context
X-Zipkin-Id
Property-Id
X-Logging-Id
X-Forwarded-Host
X-Web-Node
X-PHP-Host
X-Adobe-Source
X-BYPASS-REASON
X-Tt-Logid
X-Loop
X-Fetched-On
Apigw-Requestid
X-Edge-Location
Atl-Traceid
X-Tncms
Section-Io-Id
X-Site-Version
X-Accel-Version
X-IPLB-Request-ID
X-Served-From
X-Scope-Id
X-Redis-Cache
X-Restarts
X-IPLB-Instance
Mn-Server-Ip
Url
X-Skip-Cache
X-Locale
Web-Mar-Node
X-ProxyCache-Key
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Tb
X-Labrador-Cache-Channel
X-Ms-Version
X-Httpd
X-Akamai-Edgescape
X-Frame-Option
X-Format
Selected-Fe
X-Cache-Host
X-Cache-Debug
X-Ms-Request-Id
X-Detected-As
X-Director
X-Say-Cacheable
X-Upstream-Ct
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Say-TTL
X-Upstream-Ht
X-Proxy-Build
X-Nf-Request-Id
X-Optimistic-Header
X-Timing-Wait
X-Soup
X-VCT
Frame-Options
X-Storefront-Renderer-Rendered
X-GeoCountry
X-Shopify-Stage
X-Request-URI
Xserver
X-Alternate-Cache-Key
X-GeoCode
X-S
X-Varnish-Cache-Hits
X-Origin
X-Azure-Ref-OriginShield
X-Browser-Name
X-Is-Tablet
X-Geo-Region
X-Tcp-Rtt
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Desktop
X-Mg-Request-UUID
X-Sorting-Hat-PodId
X-Nginx-Cache
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Lagoon
X-Drupal-Cache-Tags
Onion-Location
WPO-Cache-Message
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vcl-Version
X-Vcache
Expiry
X-Connection-Hash
WPO-Cache-Status
X-CMSURLCustom
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Shield-Cache-Expires
X-Origin-TTL
X-Origin-CC
TDXMobile
X-Generation-Time
Source
Protected
X-Cdn-Origin
X-Cache-Expired-At
Fastcgi-Useragent
X-CDN-Forward
X-Drupal-Cache-Contexts
Cdn-Requestid
Cache-Hits
X-Worker
X-Vercel-Id
X-PHP-Backend
X-Vercel-Cache
X-Rocket-Nginx-Serving-Static
Sid
X-Cache-Action
X-TA-CDN-Provider
Priority
X-B3-Traceid
X-Proxy-Cache-Status
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-Version
X-Pass-Why
Environment
Uber-Trace-Id
X-Buckets
X-Origin-Cache-Key
X-RateLimit-Reset
Node
X-GEO
X-ID
X-Cluster-Node
X-App-Version
Cross-Origin-Embedder-Policy
X-Urbn-Site-Id
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Urbn-Context-Path
Locale
CDN-Cache
CDN-RequestCountryCode
CDN-CachedAt
X-Tumblr-Pixel-3
CDN-Uid
CDN-RequestPullSuccess
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestPullCode
Cache-Tv-Group
CF-IPCountry
X-XRDS-Location
X-FB-TRIP-ID
X-Cache-Server
X-Auth-Group-Type
X-Server-W
X-Fastcgi-Cache
X-Pad
DB-Nickname
User-Cache-Control
X-Tx-Id
X-NGINX-Cache
X-Dc
X-A
X-Rojux
X-Bl-Debug
X-Generated-On
X-Content-Age
A
Content-Secure-Policy
X-Aed
X-SB
X-Block-Status
Candidate-Md5Url
X-Level-Front-Cache
X-GeoIP-City
Odigeo-Trace-Id
Ngx.Var.Host
X-ScT
Meta-Geo-Continent
X-Custom-Header
DCR-Decision-By
Gannett-Cam-Experience-Id
X-Cache-NE
DCR-Processing-Time-Ms
X-Bc-Bl
X-Org
X-Op-Id-All
Edge-Cache
X-Service
X-BCube-Filmed-By
X-Conf
MD5-Digest
X-Origin-Expires
Magicmarker
Lang
X-ND-Cache
X-Hnp-Log
X-Req
X-D
X-Vdms-Version
Sslversion
X-Via-Fastly
X-Viewer-Country
X-Developer
Wxu-Next-Commit
Wxu-Next-Region
Rendered-Blocks
Wxu-Next-Hostname
Surrogated-Key
X-Ec-Fail
X-Ig-Push-State
X-Fastly-Backend
X-Ig-Origin-Region
Alternate-Protocol
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Vtex-Remote-Cache
T-Server
X-A-Ccd
X-Jobs
X-A-Dgt
X-UA-Device-Type
Origin
X-SRCache-Key
Origin-Agent-Cluster
X-V-Cache
X-A-Dam
X-TIM-N
X-Gen-Mode
X-A-Dcw
X-A-Wwc
HostName
Mime-Version
X-Client-Ip
Origin-CC
Tube-Got-Eval
X-Acquia-Purge-Cdn-Unconfigured
Tube-Get-Contents
X-HS-Content-Campaign-Id
X-Bip
Content-Script-Type
X-Loc
X-Forwarded-Site
V-Age
Cdnsip
Cdncip
Click-Count-Action-Start
Click-Count-Error
Content-Style-Type
Origin-EX
Tube-Return
X-Mvc-Supplant-Cachable
Tube-Got-Results
X-GeoIP-Region-Code
X-Gzip
RNT-Machine
X-Auto-Login
X-GoCache-CacheStatus
X-App-Name
Host-ID
X-Aicache-OS
X-AK-Request-ID
X-Amz-Storage-Class
X-HN
RNT-Time
Cdn-Request-Time
Fastly-SSL
Fastly-Backend-Name
X-B3-Trace-ID
X-Backend-Instance
X-LSADC-Cache
Ssr
Server-Ext
Server-Hostname
Sever-Int
Powered-By
PFcat
X-Origin-Response-Time
X-Server-IP
X-Wikidot-Static-Cache
XM
X-Wikidot-Backend
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SD-PageType
Cdn-Host
X-RateLimit-Remaining-Second
X-Dispatcher-Server
X-Region-Sid
X-Core-Value
X-Scheme
X-Request-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Varnish-Director
X-Varnish-CookieINHashed-On
X-Gdpr
X-Varnish-Remaining-TTL
X-VG-WebCache
X-VarnishDD-TTL
X-Varnish-CookieHashed-On
X-DefHash
X-Thanos
X-Esi-Check
X-Edge-Server
X-Debug-Cache-Fetch
X-DefElseHash
X-Debug-Cache-Store
X-Clientip
X-RateLimit-Limit-Second
X-Nginx-Cache-Key
X-Cache-Info
X-Node-Id
X-Cache-TTL-Remaining
Fusion-Source
Fusion-Template-Id
X-Cache-Id
AKAMAI
Cache-Provider
CDCHOST
X-GeoIP-Country-Code
C-Via
X-GeoIP
X-Cache-Bucket
X-Pubstack
Fusion-Deployment-Id
X-FC-Vary-Parameters
Fusion-Content-Source
X-CacheTTL
X-Cdn-Srv
X-Fastly-Cache
X-Proto
X-Geo-Header
X-Policy
X-PAYTM-SRV-ID
X-Nyt-Route
Fusion-Content-Id
X-Origin-Time
Fusion-Component-Id
X-DPWN-IS-SECURE
X-Fmm-Version
X-Ec-Custom-Error
W
X-Eu-Site
X-Ad-Load-Variation
X-Contensis-Viewer-Groups
X-Csrf-Jwt
X-CGP
X-Hash
X-Cache-Aspx
Vix-Hermes-Req-Id
X-CUA
X-Access
Web-Mar-Region
X-Device-Os
X-Depends
X-Date
X-Accel-Expires-Debug
We-Hiring
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Human
X-NodeID
X-Platform
X-Powered-By-VTEX-Cache
X-Pool
Apple-News-Services-Handled
Apple-News-Services-Host
Cluster
Country-Code
Canary
Cache-Key
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Proxied-Request
X-Request-Host
X-VTEX-Cache-Server
X-VG-TLSProxy
X-VTEX-Cache-Time
X-WA-Info
Yak-Timeinfo
X-We-Are-Hiring
X-Varnishpool
X-Varnish-Hostname
X-Slack-Backend
X-Section
X-Slack-Shared-Secret-Outcome
X-Var-Ttl
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Mly-Id
Adler-Geo
X-Location
Platform
NM-Fastcgi-Cache
Mail-Subject
Machine
Pramga
Producers
Server-Host
True-Client-Country-4JS
Req-ID
Release
Proxy-Firewall
L5d-Success-Class
On-Server
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
X-Micro-Cache
HA-Ipaddr
Esi-Enabled
L
Is-Eu
Gh-Request-Id
DSUID
X-Men
X-DC
X-HITS
X-BBC-Edge-Cache-Status
Req-Svc-Chain
X-LiteSpeed-Cache-Control
X-Request-Start
NGX
X-AIR-PT
X-Varnish-Beresp-Ttl
X-NCache
X-Cache-FS-Status
X-Varnish-Hits
X-From
X-Up
X-MP-GENERATED-AT
X-Akamai-Transformed
X-Zone
CDN-RequestId
Server-Info
WP-Super-Cache
Debug
Redirect-Candidate
X-Jungle-Id
BehaviorPad-Version
X-Refresh
X-Vdms-Path
X-LB-ID
X-Cache-Backend
X-Cs
CloudFront-Viewer-Country
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Servedbyhost
X-APP
X-Uri
X-Parent-Response-Time
X-HA-Backend
X-Via-Popn
X-Via-Poph
Pics-Label
X-VHOST
GeoIP-Latitude
X-Via-Popv
X-B3-Parentspanid
Fastly-Drupal-Html
X-Newrelic-Synthetics
Fastly-Drupal-HTML
X-CACHE-AGE
SID
X-Render-Time
X-VC-TTL
X-PERF
X-M-Log
X-Nananana
X-M-Reqid
X-Datadome
X-Content-Length
X-ApacheServer
X-CS
X-CDN-Cache-Status
X-Cached-By
X-Nc
X-LB-NoCache
X-B3-Spanid
X-LiteSpeed-Tag
Resin-Trace
Datacenter
X-CACHE-KEY
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-Original-Request-Id
X-Response-Served-From
X-NewRelic-App-Data
Locid
X-Wa
X-Amz-Meta-Cb-Modifiedtime
NtCoent-Length
GeoIp-Country-Code
X-Varnish-Beresp-TTL
Vc-Max-Age
X-RequestId
X-Dispatcher-Number
Server-ID
X-ZONE
X-TT-LOGID
X-VCache
Cdn
Cf-Ipcountry
X-IAuth-Set-Uid
FSS-Cache
True-Client-IP
X-Old-Content-Length
Product
Srv
Uri
X-Ckpd-Fst-Backend
X-Esi
X-Fpc
Ngx-Var-Key
X-TIME
X-HostName
X-TX-ID
CDN
X-SERVER-NAME
X-FPC
Serverhost
X-Bug-Bounty
ServerName
True-Client-Ip
X-Vgn-Hpd-Reason
X-Nf-Language
X-Nf-Country
X-Nf-Ats-Version
X-HubSpot-Correlation-Id
X-Srv
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
X-Cdn-Forward
X-TH-Server
S-Rt
Tcn
X-Moov-T
X-Moov-Xdn-Version
X-Oracle-DMS-ECID
X-WA
GeoIP-Country-Code
X-Dynatrace-Js-Agent
Server-Id
Request-ID
X-Cdn-Cache-Status
X-Dispatch
X-Vc
CacheControlHeader
Cf-Device-Type
X-APP-VERSION
Hostname
Cross-Origin-Embedder-Policy-Report-Only
X-External-Request-Id
X-Destination
X-NC
X-Vmg-Version
X-B-Cookie
X-Application
X-User
X-S-Cookie
User-Agent
ServerHost
X-Akamai-Device-Characteristics
X-COUNTRY
X-Zen-Fury
X-Gamma-Serve
Geoip-Latitude
X-Info
Srvid
X-FL-QIT-DEBUG
X-Via-PopH
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Ha-Backend
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-Via-PopN
X-Via-PopV
X-Presslabs-Stats
Ohc-File-Size
X-Sigma
X-Rocket-Build-Number
X-Geo
X-Instance-Name
Xc-Version
X-Sigma-Backend
X-Cache-Date
Cneonction
Expect-Staple
X-Segment-20210421
X-API-Version
PICS-Label
X-ServedByHost
Origin-Trial
X-VServer
X-Hit
X-VCL-Version
Epwk-X-Cache
Cloudfront-Viewer-Country
X-Branch-Name
X-Amz-Meta-Opti
X-V
X-Limited
X-App
X-Correlation-ID
X-Lb-Id
X-Ua
X-Akamai-Pragma-Client-IP
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
WZWS-RAY
X-MiniProfiler-Ids
X-Eligible
Ohc-Cache-HIT
X-Rollout
X-Serial
X-Check-Cacheable
DataCenter
X-New
X-DataCenter
Permission-Policy
N-Cache
X-Platform-Server
Load-Balancing
X-DynaTrace
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-CSRF-TOKEN
Lb
Sm-Log-Id
X-MSEdge-Flight
Cmstype
X-Sqd-Ctime
Cmsid
X-Proxy-CacheRZ
X-Web-Server
X-Sqd-Stime
X-Acquia-Site
X-Acquia-Application-UUID
Warning
Type
X-Service-Response-Time
Timeexpire
XkeyRZ
X-Acquia-Application-Trace
X-MSEdge-Features
X-Datacenter
X-Acquia-Purge-Tags
X-Litespeed-Cache-Control
X-LAGOON
CountryCode
Servername
X-Fastly-Backend-Reqs
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
Wpo-Cache-Message
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
Wpo-Cache-Status
X-Amz-Meta-Sha256
X-Snapshot-Date
Ngx
Cross-Origin-Opener-Policy-Report-Only
X-Ramcache
X-Owner
X-Requestid
X-RAMCache
X-Th-Server
X-Irp-Debug
X-Amz-Meta-S3b-Last-Modified
X-Core-Mission
X-Origin-Upstream-Status
X-Shardid
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-Shopid