Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
EagleId
Permissions-Policy
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
Xkey
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-ASPNET-VERSION
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Litespeed-Cache
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
Nginx-Cache
Accept-Ch
X-CST
X-Powered-By-Plesk
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
X-Cnection
X-Cache-TTL
X-ESI
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
X-D2id
Edge-Control
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
Verso
X-Cdn-Fetch
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Upstream
X-Abt-Application-Version
X-FastCGI-Cache
X-ECACHE
X-Navigation-Version
X-B3-TraceId
X-Dw-Request-Base-Id
X-Webkit-Csp
SPIisLatency
SPRequestDuration
Fastly-Restarts
X-Mod-Pagespeed
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Client-IP
X-PDP-UNCACHING-HASH
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-ARC
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-Powered-CMS
X-Mg-S
X-Sol
Pagespeed
Display
X-Middleton-Display
Edge-Cache-Tag
S
X-NF-Request-ID
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
Response
X-VARITI-CCR
X-Middleton-Response
RTSS
Realpath
X-Forwarded-For
X-Content-Digest
X-T
X-TraceId
X-Cache-Key
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Varnish-TTL
X-Ratelimit-Remaining
X-TTL
X-Recruiting
X-Correlation-Id
Fastcgi-Cache
X-Cached
X-ORACLE-DMS-RID
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ua-Browser
X-Ruxit-Js-Agent
Content-MD5
X-Protected-By
X-Request-Processing-Time
X-Forwarded-Proto
MS-Author-Via
X-Request-Received
X-Frontend
Server-Node
X-LLID
TP-Cache
Payment
X-PressLabs-Stats
Arr-Disable-Session-Affinity
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
Count-Hit
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-HS-Combine-CSS
X-Server-ID
X-GUploader-UploadID
X-Accel-Expires
X-Distributor
X-LB-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NODE
X-Origin-Server
X-FTR-Expires
X-Jurisdiction
X-Ezoic-Cdn
X-HP-Webp
X-HP-Trace-Id
X-Newrelic-App-Data
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Server
X-Az
X-Www-Served-By
X-AppVersion
X-Activity-Id
X-App-Server
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Accept-Charset
Host
X-Content-Security-Policy-Report-Only
X-Varnish-Backend
X-Ua-Device
X-Cluster-Name
Cache-Tags
Retry-After
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-ORACLE-DMS-ECID
X-Ttl
X-Goog-Metageneration
Filterid
Server-Name
X-Hits
X-Unique-Id
Surrogate-Key
X-Git-Hash
Access-Control-Allow-Method
X-Debug
X-Envoy-Decorator-Operation
X-Azure-Ref
X-Logged-In
X-Load-Cache
X-Upgrade-Enabled
X-NGENIX-Cache
X-CSRF-Token
X-Id
X-Geo-Country
X-Hostname
X-FB-Debug
TCN
Pinterest-Version
X-Pinterest-Rid
TP-L2-Cache
Pinterest-Generated-By
X-Tt-Trace-Tag
X-Proxy
X-Tt-Trace-Host
X-B
X-Amz-Apigw-Id
X-Time
X-Amzn-RequestId
X-Grace
X-TT
X-Seen-By
Section-Io-Cache
X-Request-Guid
X-Revision
X-Trace-Id
X-CCDN-CacheTTL
X-Cache-Control
DC
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Fb-Rlafr
Healthy
X-Type
X-Contextid
X-B3-Sampled
X-F-Cache
Viewport
Referer-Policy
X-XRDS-LOCATION
X-Mobile
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-N
X-Goog-Storage-Class
Fastly-SWR
Fastly-SIE
Paypal-Debug-Id
X-DIS-Request-ID
Content-Disposition
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Page-Id
X-Debug-Info
X-Varnish-Grace
X-Webkit-CSP
X-Px
X-Via-JSL
X-Origin-Cache
X-Magnolia-Registration
X-Aws-Lambda-Call-Status
Version
X-Amz-Replication-Status
X-Whom
X-Oracle-Dms-Ecid
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Ratelimit-Reset
X-Datadog-Parent-Id
X-Varnish-Ttl
X-Template
X-Content-Options
X-ProcessESI
X-G
X-UUID
X-RemovedCookies
X-App-Environment
X-Node-Name
X-RTag
Charset
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Ms-Operation-Id
X-Adobe-Content
X-Adobe-Loc
X-Rule
MS-CV
X-Tumblr-User
X-Debug-IsPreview
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Hl-Ver
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Yottaa-Metrics
NGB
X-Datadog-Sampled
VIX-Pulpo-Node
X-Wix-Request-Id
X-Source
X-Storage
X-FW-Version
X-User-Agent
X-Backend-Name
X-Instance
X-Rendered-As
X-Is-Bot
X-Wormhole-Sdk
X-FW-Type
X-FW-Static
X-Environment-Context
X-Device-Type
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-Proxy-Cache-Info
X-FW-Server
X-FW-Serve
X-Signature
X-B-Cache
X-L-Path
X-NYM-Debug-Backend
X-Region
X-Status
GEO-INFO
Cross-Origin-Window-Policy
X-Cache-Grace
X-NWS-UUID-VERIFY
Country
X-ServerID
X-Cache-Age
ServerID
X-IPS-LoggedIn
Countrycode
X-Real-IP
X-EdgeConnect-Cache-Status
X-Rid
X-Cache-Hit
Akamai-GRN
X-RM-Cache-TTL
Front
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-Language
SRV
X-WP-CF-Super-Cache-Active
X-Framework
Amp-Access-Control-Allow-Source-Origin
X-B3-SpanId
X-Oracle-Dms-Rid
X-Nf-Request-Id
X-AB
X-Ismobilevalue
X-Sucuri-Cache
X-Sucuri-ID
X-Air-Pt
OT-Force-Account-Verify
X-Servername
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-UA
X-VC-Cache
X-Air-Hostname
X-Air-Source
X-VC
X-Air-Trace-Id
From-Origin
Backend
Xet-Cookie
X-URL
X-Xrds-Location
X-Mode
X-SRV
Refresh
X-DataDome
X-Api-Version
Upgrade-Insecure-Requests
X-RID
X-Handled-By
Accept-Language
X-Cache-Time
X-ECache
X-Fastly-Request-Id
X-HTML-Minification-Powered-By
LB
Webserver
Access-Control-Request-Headers
X-Cache-Status-Check
Meta-Geo
X-UPSTREAM-Address
Filters
Cache
X-Tt-Logid
X-JoinUs
X-RCS-CacheZone
X-Xfnlog-Site
X-Rewrite-Enabled
X-Rn-Rsrv
X-SaId
X-Origin-Hint
X-Varnish-Age
TWC-Device-Class
X-Cluster
TWC-Connection-Speed
Webcakes-Region
X-Cms-Context
X-Origin-Date
X-R9-Blue-Green-Version
X-Endurance-Cache-Level
TWC-GeoIP-Country
X-No-Session
TWC-Locale-Group
X-Container-Uri
X-Adobe-Source
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Reqid
Property-Id
X-Cache-Rule
X-Webstats-RespID
X-Provided-By
X-Git-Commit
X-Hosted-By
X-Cache-Operation
X-PHP-Host
X-Generated-By
Webcakes-App-Name
X-S
X-Tumblr-Pixel-2
ServedBy
X-RateLimit-Limit
TWC-Privacy
X-Labrador-Cache-Channel
Url
X-Ms-Request-Id
X-Is-Desktop
X-Is-Mobile
X-Is-Supported-Browser
X-Is-Tablet
X-IPLB-Request-ID
X-IPLB-Instance
Mn-Server-Ip
Section-Io-Id
X-Httpd
X-Lambda-Id
X-LJ-Flow-ID
Atl-Traceid
Apigw-Requestid
X-Restarts
X-Ms-Version
X-Edge-Location
X-Locale
X-Logging-Id
X-Loop
X-INCAP-ABP
X-Scope-Id
X-Cache-Debug
X-Tncms
X-BYPASS-REASON
X-Browser-Name
X-Akamai-Edgescape
X-AWS-Id
X-Redis-Cache
X-Tcp-Rtt
X-Fetched-On
X-Forwarded-Host
X-Site-Version
X-Skip-Cache
X-Tb
X-Served-From
X-VWS-Id
X-Geo-Region
X-Accel-Version
Web-Mar-Node
X-ProxyCache-Status
X-ProxyCache-Key
X-Web-Node
X-Timing-Wait
X-Detected-As
X-Storefront-Renderer-Rendered
X-Request-URI
X-Director
X-Proxy-Build
X-Format
X-Shopify-Stage
X-SayCDN-TTL
Selected-Fe
X-Soup
X-Frame-Option
X-Alternate-Cache-Key
X-Say-TTL
X-Nginx-Cache
X-Optimistic-Header
X-Origin
X-Say-Cacheable
X-Upstream-Ct
X-Cache-Host
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-VCT
X-Upstream-Ht
X-Proxied
X-Routing-Service
X-Cloudmap
X-Extlb
Xserver
X-Zipkin-Id
X-GeoCode
X-Mg-Request-UUID
X-GeoCountry
X-Azure-Ref-OriginShield
X-ShardId
X-Sorting-Hat-ShopId
X-ShopId
Frame-Options
X-Sorting-Hat-PodId
Onion-Location
X-Connection-Hash
Expiry
X-Lagoon
X-Drupal-Cache-Tags
WPO-Cache-Message
X-Vcl-Version
WPO-Cache-Status
Source
TDXMobile
X-Generation-Time
X-Thinkindot-L3
X-Shield-Cache-Expires
Protected
Thinkindot-CacheControl
X-CMSURLCustom
X-Vcache
Thinkindot-CacheControl-Type
Thinkindot-Control
X-CDN-Forward
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Expired-At
X-Drupal-Cache-Contexts
X-Origin-TTL
X-Cdn-Origin
X-Origin-CC
Cdn-Requestid
Fastcgi-Useragent
Cache-Hits
Environment
X-Pass-Why
X-PHP-Backend
X-Worker
X-Proxy-Cache-Status
X-Cache-Action
X-Vercel-Id
X-Vercel-Cache
Priority
X-TA-CDN-Provider
X-Rocket-Nginx-Serving-Static
X-GEO
Uber-Trace-Id
Azure-SlotName
Azure-InstanceId
Sid
Azure-RegionName
Azure-SiteName
Azure-Version
X-Buckets
X-ID
Node
AMP-Access-Control-Allow-Source-Origin
X-App-Version
X-Aspnetmvc-Version
X-Cluster-Node
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
CDN-Cache
CDN-CachedAt
CF-IPCountry
CDN-Uid
Cross-Origin-Embedder-Policy
X-XRDS-Location
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
X-RateLimit-Reset
Cache-Tv-Group
X-Tumblr-Pixel-3
X-Fastcgi-Cache
X-FB-TRIP-ID
X-B3-Traceid
X-Auth-Group-Type
X-Cache-Server
X-Server-W
DB-Nickname
Alternate-Protocol
User-Cache-Control
X-Pad
X-Origin-Cache-Key
X-Client-Ip
X-A
X-Service
X-BCube-Filmed-By
DCR-Decision-By
X-GeoIP-City
Gannett-Cam-Experience-Id
X-Ig-Origin-Region
X-Ig-Push-State
X-Bc-Bl
Edge-Cache
DCR-Processing-Time-Ms
X-Hnp-Log
X-Gzip
X-Level-Front-Cache
Rendered-Blocks
X-ND-Cache
X-Esi-Check
X-DefElseHash
X-D
X-DefHash
X-Developer
X-Dispatcher-Server
X-Custom-Header
X-Core-Value
Cdn-Host
X-Conf
Candidate-Md5Url
X-Content-Age
A
X-Cache-TTL-Remaining
X-Block-Status
X-Cache-Id
X-Gen-Mode
X-Generated-On
Content-Secure-Policy
X-Cache-NE
X-Fastly-Backend
X-Ec-Fail
X-Ec-GeoHdr
X-Edge-Server
X-Epic-Correlation-Id
X-Bl-Debug
X-A-Wwc
X-Aed
X-ScT
Odigeo-Trace-Id
X-SRCache-Key
X-Viewer-Country
Ngx.Var.Host
X-NGINX-Cache
X-Varnish-Remaining-TTL
Wxu-Next-Commit
X-Rojux
X-SB
X-Via-Fastly
Sslversion
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
T-Server
Surrogated-Key
X-V-Cache
X-UA-Device-Type
X-Vdms-Version
Origin-Agent-Cluster
X-TIM-N
X-Dc
Wxu-Next-Hostname
X-Req
Meta-Geo-Continent
X-A-Dgt
X-A-Dcw
HostName
X-Vtex-Remote-Cache
X-Org
X-Op-Id-All
Cdn-Request-Time
X-Origin-Expires
X-A-Dam
Wxu-Next-Region
MD5-Digest
Magicmarker
X-A-Ccd
Lang
X-Tx-Id
Mime-Version
Req-ID
RNT-Machine
RNT-Time
Server-Host
Server-Hostname
X-Cdn-Srv
X-Clientip
Sever-Int
Ssr
Server-Ext
V-Age
X-Amz-Storage-Class
X-App-Name
X-B3-Trace-ID
X-AK-Request-ID
X-Aicache-OS
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-Backend-Instance
X-Bip
Tube-Get-Contents
X-Cache-Bucket
Tube-Got-Eval
Tube-Got-Results
Vix-Hermes-Req-Id
Tube-Return
X-Cache-Info
X-HN
X-Scheme
X-Request-Time
X-SD-PageType
X-Server-IP
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Region-Sid
X-RateLimit-Remaining-Second
X-Powered-By-VTEX-Cache
X-Policy
X-Proto
X-Pubstack
X-RateLimit-Limit-Second
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-WA-Info
X-Wikidot-Backend
XM
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-Thanos
X-Test
X-Varnish-Director
X-Varnish-Hostname
X-VarnishDD-TTL
X-Platform
X-PAYTM-SRV-ID
X-GeoIP
X-Geo-Header
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-Gdpr
X-Forwarded-Site
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Fastly-Cache
X-FC-Vary-Parameters
X-Fmm-Version
X-Jobs
X-Loc
X-NodeID
X-Node-Id
X-Nyt-Route
X-Origin-Response-Time
X-Origin-Time
X-NMSegId
X-Nginx-Cache-Key
X-Men
X-LSADC-Cache
X-Micro-Cache
X-Mly-Id
X-Mvc-Supplant-Cachable
X-Debug-Cache-Fetch
X-CacheTTL
Content-Script-Type
Click-Count-Error
Click-Count-Action-Start
Cdncip
Content-Style-Type
Country-Code
Host-ID
Fastly-SSL
Fastly-Backend-Name
Esi-Enabled
CDCHOST
Cache-Provider
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
C-Via
AKAMAI
Adler-Geo
X-LiteSpeed-Cache-Control
Is-Eu
Cdnsip
Origin-EX
Powered-By
NM-Fastcgi-Cache
Producers
PFcat
Platform
Origin
Origin-CC
X-DC
X-HITS
Apple-News-Services-Request-Url
We-Hiring
Apple-News-Services-Handled
X-Depends
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-CUA
X-Contensis-Viewer-Groups
True-Client-Country-4JS
Canary
X-Csrf-Jwt
Cache-Key
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Ec-Custom-Error
X-Proxied-Request
Release
X-Request-Host
X-Hash
X-Pool
X-Mvc-Supplant-OutputCached
X-Location
X-Human
X-Request-Start
Req-Svc-Chain
X-Slack-Shared-Secret-Outcome
X-CGP
X-Var-Ttl
X-Slack-Backend
X-Eu-Site
Proxy-Firewall
Pramga
X-Section
X-Device-Os
X-Date
Web-Mar-Region
X-Access
X-Accel-Expires-Debug
W
X-Cache-FS-Status
X-Auto-Login
X-We-Are-Hiring
Ha-Gx-Prefs
Gh-Request-Id
Yak-Timeinfo
HA-Ipaddr
Fastly-GeoIP-CountryCode
DSUID
X-BBC-Edge-Cache-Status
Mail-Subject
NGX
X-Varnishpool
X-Cache-Aspx
Cluster
L5d-Success-Class
Machine
On-Server
L
X-AIR-PT
X-Varnish-Beresp-Ttl
X-Cs
X-NCache
X-Varnish-Hits
X-From
Server-Info
X-Up
CDN-RequestId
X-Akamai-Transformed
X-Zone
BehaviorPad-Version
Redirect-Candidate
Debug
X-MP-GENERATED-AT
X-LB-ID
X-Jungle-Id
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Vdms-Path
X-Refresh
X-Cache-Backend
X-Via-Popv
X-Via-Poph
X-HA-Backend
X-Via-Popn
X-APP
WP-Super-Cache
Pics-Label
X-VHOST
CloudFront-Viewer-Country
X-Parent-Response-Time
X-CACHE-AGE
SID
Fastly-Drupal-HTML
GeoIP-Latitude
X-Uri
X-B3-Parentspanid
X-Servedbyhost
X-Content-Length
X-Datadome
Fastly-Drupal-Html
X-VC-TTL
X-Newrelic-Synthetics
X-Nananana
X-PERF
X-Render-Time
X-M-Log
X-ApacheServer
X-M-Reqid
X-CDN-Cache-Status
Datacenter
X-CACHE-KEY
X-Nc
X-LB-NoCache
X-LiteSpeed-Tag
X-DynaTrace-JS-Agent
X-Litespeed-Tag
Resin-Trace
X-Cached-By
Vc-Max-Age
X-ZONE
X-CS
X-Wa
Server-ID
X-RequestId
X-Dispatcher-Number
NtCoent-Length
Locid
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
X-B3-Spanid
X-VCache
X-Response-Served-From
X-Varnish-Beresp-TTL
X-Original-Request-Id
Product
Cdn
FSS-Cache
X-TX-ID
X-TT-LOGID
X-NewRelic-App-Data
X-IAuth-Set-Uid
Srv
X-Esi
X-Old-Content-Length
True-Client-IP
X-Fpc
X-Ckpd-Fst-Backend
Cf-Ipcountry
X-SERVER-NAME
X-HostName
Serverhost
X-Nf-Language
CDN
Uri
X-Nf-Ats-Version
True-Client-Ip
Ngx-Var-Key
X-Nf-Country
X-Bug-Bounty
X-HubSpot-Correlation-Id
Tcn
S-Rt
ServerName
X-FPC
X-Vgn-Hpd-Reason
X-Cdn-Forward
X-TIME
X-Srv
X-Oracle-DMS-ECID
X-Platform-Router
X-Platform-Processor
X-WA
X-Moov-Xdn-Version
X-Moov-T
X-Platform-Cluster
X-TH-Server
X-CLOUD-TRACE-CONTEXT
GeoIP-Country-Code
X-Dynatrace-Js-Agent
Request-ID
X-Cdn-Cache-Status
Server-Id
X-APP-VERSION
X-Vc
X-Dispatch
CacheControlHeader
Cf-Device-Type
User-Agent
ServerHost
X-NC
X-Vmg-Version
X-Akamai-Device-Characteristics
X-COUNTRY
Hostname
X-Info
X-B-Cookie
X-S-Cookie
X-Application
X-Lb-Nocache
X-Destination
Cross-Origin-Embedder-Policy-Report-Only
X-User
X-Gamma-Serve
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-External-Request-Id
Srvid
Geoip-Latitude
X-Presslabs-Stats
X-ServedByHost
Xc-Version
X-Geo
X-Zen-Fury
Cneonction
PICS-Label
Ohc-File-Size
Expect-Staple
Cloudfront-Viewer-Country
X-Via-PopN
X-Via-PopV
X-Cache-Date
X-Sigma-Backend
X-Via-PopH
X-Instance-Name
X-Hit
X-Rocket-Build-Number
X-Sigma
Origin-Trial
X-Ha-Backend
X-VCL-Version
X-Amz-Meta-Opti
X-VServer
Epwk-X-Cache
X-Segment-20210421
X-API-Version
X-V
X-Ua
X-Branch-Name
X-Limited
X-Akamai-Pragma-Client-IP
X-App
X-Correlation-ID
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
WZWS-RAY
X-New
Permission-Policy
X-Eligible
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Platform-Server
X-Rollout
X-MiniProfiler-Ids
X-Lb-Id
X-Sqd-Ctime
N-Cache
X-Serial
X-Check-Cacheable
X-Sqd-Stime
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
Ohc-Cache-HIT
X-Acquia-Purge-Tags
X-Datacenter
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Cmsid
X-Web-Server
Timeexpire
X-Proxy-CacheRZ
XkeyRZ
X-MSEdge-Features
Cmstype
X-DataCenter
Sm-Log-Id
X-Service-Response-Time
X-MSEdge-Flight
X-LAGOON
X-CSRF-TOKEN
DataCenter
Load-Balancing
CountryCode
X-Litespeed-Cache-Control
Servername
Wpo-Cache-Message
X-Internal-TTL
Wpo-Cache-Status
Fl-Custom-Application
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
X-Fastly-Backend-Reqs
X-ElasticPress-Query
X-Ftr-Request-Id
X-Amz-Meta-S3b-Last-Modified
Ngx
X-DynaTrace
Warning
X-Snapshot-Date
X-Ramcache
Type
X-RAMCache
X-Th-Server
X-Requestid
X-Amz-Meta-Sha256
X-Shardid
X-Shopid
X-Sorting-Hat-Podid
X-Origin-Upstream-Status
X-IN-APIGATEWAYSSL
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Sorting-Hat-Shopid