Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Generator
X-Ua-Compatible
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
Upgrade
Status
X-CDN
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Proxy-Cache
X-Server
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-Backend-Server
Cf-Railgun
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-HW
X-Node
Request-Id
X-Cloud-Trace-Context
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Country-Code
X-ASPNET-VERSION
Service-Worker-Allowed
X-Content-Type
X-Url
X-Trace
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-Vname
X-PC
X-TtlSet
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
Accept-Ch
X-FTR-Request-ID
X-Ac
X-ESI
X-Element-Page-Cache
X-GitHub-Request-Id
X-D2id
Edge-Control
X-CST
Verso
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Upstream
X-Navigation-Version
X-B3-TraceId
Fastly-Restarts
X-ECACHE
X-FastCGI-Cache
SPIisLatency
SPRequestDuration
X-Webkit-Csp
X-Mod-Pagespeed
X-Amz-Rid
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-ARC
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Edge-Cache-Tag
S
Cache-Status
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
X-NF-Request-ID
RTSS
Realpath
X-Forwarded-For
X-Ratelimit-Remaining
X-TTL
X-Cache-Key
X-T
X-Content-Digest
Cross-Origin-Resource-Policy
X-ORACLE-DMS-RID
X-Recruiting
Fastcgi-Cache
X-Correlation-Id
X-Cached
X-Fastly-Request-ID
X-Server-ID
X-MSEdge-Ref
X-Shield-Request-Id
X-TraceId
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-Ua-Browser
X-PressLabs-Stats
X-SRCache-Store-Status
X-Request-Processing-Time
X-Request-Received
X-Forwarded-Proto
Arr-Disable-Session-Affinity
X-HS-Content-Id
Payment
X-HS-Hub-Id
TP-Cache
X-HS-Cache-Config
X-Frontend
X-Protected-By
Server-Node
X-LLID
X-RateLimit-Remaining
Public-Key-Pins
Count-Hit
X-Ruxit-Js-Agent
X-Varnish-TTL
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Content-MD5
X-TEC-API-ROOT
X-Accel-Expires
X-HS-Combine-CSS
X-Newrelic-App-Data
X-LB-Cache
X-GUploader-UploadID
MS-Author-Via
X-Distributor
X-Origin-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-ORACLE-DMS-ECID
Surrogate-Key
X-Ezoic-Cdn
X-NODE
X-HP-Trace-Id
X-Jurisdiction
X-Request-Handler-Origin-Region
X-Microsite
X-HP-Webp
X-Content-Security-Policy-Report-Only
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Www-Served-By
X-App-Server
X-Varnish-Server
Accept-Charset
X-Cluster-Name
X-AppVersion
Host
X-Az
X-Activity-Id
Cleartype
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
Retry-After
Mrf-Cache-Status
MRF-Tech
X-Varnish-Backend
X-B3-TraceId-Primal
Filterid
X-FTR-Expires
X-Goog-Metageneration
X-Unique-Id
X-Ua-Device
X-Debug
X-Ttl
Server-Name
Access-Control-Allow-Method
X-Git-Hash
X-Hits
X-Logged-In
X-Load-Cache
X-Id
X-Aspnet-Version
X-Azure-Ref
X-Upgrade-Enabled
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Geo-Country
X-CSRF-Token
X-Varnish-Ttl
X-FB-Debug
X-Hostname
X-Amz-Apigw-Id
TCN
X-Amzn-RequestId
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-TT
TP-L2-Cache
Section-Io-Cache
X-B
X-Request-Guid
X-Revision
X-Proxy
X-Seen-By
X-Grace
Viewport
DC
X-Cache-Control
X-Type
X-B3-Sampled
X-Trace-Id
X-Contextid
X-Fb-Rlafr
Healthy
X-Time
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-F-Cache
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Fastly-SWR
Fastly-SIE
X-CCDN-CacheTTL
X-N
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Mobile
Content-Disposition
X-XRDS-LOCATION
Paypal-Debug-Id
X-Ratelimit-Reset
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Referer-Policy
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Varnish-Grace
X-Origin-Cache
X-DIS-Request-ID
X-Magnolia-Registration
X-Amz-Replication-Status
X-Nf-Request-Id
X-Via-JSL
X-Page-Id
X-Debug-Info
X-Webkit-CSP
X-Px
X-Wormhole-Sdk
Version
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-UUID
X-G
X-ProcessESI
X-Oracle-Dms-Ecid
X-Whom
X-Node-Name
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Rule
X-RemovedCookies
X-Adobe-Loc
X-Adobe-Content
X-App-Environment
X-Content-Options
X-Debug-IsPreview
X-Debug-IsConnected
X-Datadog-Sampled
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Template
X-Source
X-Yottaa-Optimizations
X-Yottaa-Metrics
NGB
VIX-Pulpo-Node
X-Ismobilevalue
X-Storage
X-Instance
Cross-Origin-Window-Policy
X-NYM-Debug-Backend
X-Region
X-Wix-Request-Id
X-Proxy-Cache-Info
X-Backend-Name
MS-CV
X-Rendered-As
X-Signature
X-Device-Type
X-B-Cache
X-RTag
Ms-Operation-Id
X-User-Agent
X-Is-Bot
X-Hl-Ver
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-FW-Hash
X-Cacheable-TTL
X-Environment-Context
X-FW-Dynamic
Country
X-FW-Version
GEO-INFO
X-Status
Amp-Access-Control-Allow-Source-Origin
X-ServerID
X-Rid
X-L-Path
X-Cache-Age
Charset
Countrycode
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
X-IPS-LoggedIn
X-RM-Cache-TTL
ServerID
Front
X-Real-IP
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Cache-Grace
X-Framework
SRV
X-AB
X-Amzn-Remapped-Content-Length
X-B3-SpanId
Liferay-Portal
X-Cache-Hit
X-Language
X-ECache
X-Air-Pt
X-Akamai-Request-ID2
X-Content-Powered-By
X-Oracle-Dms-Rid
X-Api-Version
X-WebKit-CSP-Report-Only
X-Air-Trace-Id
X-VC
OT-Force-Account-Verify
X-Air-Source
X-Air-Hostname
X-Fastly-Request-Id
X-Servername
Xet-Cookie
X-Sucuri-ID
X-Sucuri-Cache
From-Origin
X-VC-Cache
X-DataDome
Accept-Language
X-Mode
X-SRV
Backend
X-UA
Access-Control-Request-Headers
Refresh
X-Cache-Status-Check
X-URL
X-HTML-Minification-Powered-By
X-Xrds-Location
X-Handled-By
Upgrade-Insecure-Requests
LB
X-Aws-Lambda-Call-Status
X-Tt-Logid
X-Cache-Time
Filters
Meta-Geo
Webserver
X-Mg-Request-UUID
X-RID
X-UPSTREAM-Address
X-JoinUs
X-Rewrite-Enabled
X-RCS-CacheZone
X-SaId
X-Rn-Rsrv
X-Generated-By
X-Labrador-Cache-Channel
X-S
X-Provided-By
TWC-Device-Class
Webcakes-App-Version
X-Hosted-By
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Connection-Speed
X-Request-URI
X-Nginx-Cache
Webcakes-App-Name
X-Origin-Hint
X-Cms-Context
X-Git-Commit
Property-Id
Webcakes-Region
X-PHP-Host
X-Adobe-Source
X-Container-Uri
X-Webstats-RespID
X-Varnish-Age
X-Tumblr-Pixel-2
X-Origin-Date
TWC-Privacy
X-Reqid
X-Browser-Name
X-Akamai-Edgescape
X-Accel-Version
X-Vcl-Version
X-Scope-Id
X-Web-Node
Atl-Traceid
X-Tb
X-Skip-Cache
X-Cache-Debug
X-BYPASS-REASON
Cache
X-Xfnlog-Site
ServedBy
Web-Mar-Node
Section-Io-Id
X-Is-Tablet
X-Tncms
X-Lambda-Id
X-No-Session
X-Loop
X-Tcp-Rtt
X-Logging-Id
X-Is-Supported-Browser
X-Forwarded-Host
X-Httpd
Url
X-Fetched-On
X-Geo-Region
X-Redis-Cache
X-Is-Desktop
X-Is-Mobile
X-ProxyCache-Key
X-ProxyCache-Status
Selected-Fe
X-Site-Version
X-Served-From
X-Cache-Host
X-Varnish-Cache-Hits
X-Alternate-Cache-Key
X-VCT
X-Varnish-Beresp-Grace
X-Upstream-Ht
Mn-Server-Ip
X-Cluster
X-Timing-Wait
X-Proxy-Build
X-IPLB-Request-ID
X-IPLB-Instance
X-Shopify-Stage
Apigw-Requestid
X-Origin
X-Optimistic-Header
X-Storefront-Renderer-Rendered
X-Locale
X-Upstream-Ct
X-Restarts
X-Format
X-Frame-Option
X-Say-Cacheable
X-Say-TTL
X-Detected-As
X-SayCDN-TTL
X-Director
X-AWS-Id
X-Cloudmap
X-Extlb
X-Proxied
X-LJ-Flow-ID
X-Routing-Service
X-VWS-Id
X-RateLimit-Limit
Onion-Location
Xserver
X-Cache-Operation
X-Soup
X-Cache-Rule
X-Zipkin-Id
X-Edge-Location
X-Sorting-Hat-PodId
X-Connection-Hash
X-ShardId
X-Ms-Request-Id
X-Sorting-Hat-ShopId
X-ShopId
Expiry
X-Ms-Version
X-INCAP-ABP
Frame-Options
X-Endurance-Cache-Level
X-Vcache
X-Lagoon
Priority
X-Azure-Ref-OriginShield
X-GeoCode
X-GeoCountry
X-Cache-Expired-At
X-CDN-Forward
X-WP-CF-Super-Cache-Cookies-Bypass
Protected
Source
WPO-Cache-Message
WPO-Cache-Status
Cdn-Requestid
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Cache-Action
X-Thinkindot-L3
X-Proxy-Cache-Status
Environment
X-Generation-Time
TDXMobile
X-CMSURLCustom
X-Shield-Cache-Expires
Thinkindot-CacheControl
Fastcgi-Useragent
X-XRDS-Location
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-Origin-TTL
CF-IPCountry
X-Origin-CC
X-PHP-Backend
X-Cdn-Origin
X-Fastcgi-Cache
X-Pass-Why
Uber-Trace-Id
X-GEO
X-Worker
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-App-Version
X-Rocket-Nginx-Serving-Static
X-Cluster-Node
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Sid
X-ID
X-Buckets
Node
X-Vercel-Id
X-Vercel-Cache
Cache-Tv-Group
X-FB-TRIP-ID
X-Cdn
X-Aspnetmvc-Version
Cache-Hits
X-Auth-Group-Type
CDN-RequestCountryCode
CDN-PullZone
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-Cache
CDN-Uid
CDN-CachedAt
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-3
AMP-Access-Control-Allow-Source-Origin
X-Server-W
X-TA-CDN-Provider
Alternate-Protocol
X-HITS
X-B3-Traceid
X-Pad
X-Cache-Server
X-A
DB-Nickname
X-Service
X-Ig-Origin-Region
X-Ig-Push-State
Content-Secure-Policy
X-BCube-Filmed-By
X-Bl-Debug
X-Cache-Id
X-GeoIP-City
X-Gzip
X-Bc-Bl
DCR-Decision-By
X-Aed
X-A-Wwc
X-A-Dgt
Gannett-Cam-Experience-Id
X-Origin-Expires
X-Conf
DCR-Processing-Time-Ms
X-ND-Cache
X-Op-Id-All
X-Cache-NE
Rendered-Blocks
X-DefElseHash
X-DefHash
X-Developer
X-Dispatcher-Server
X-D
X-Custom-Header
X-Content-Age
A
X-Core-Value
X-Cache-TTL-Remaining
X-Ec-Fail
Candidate-Md5Url
Cdn-Host
Cdn-Request-Time
X-Fastly-Backend
X-Esi-Check
X-Ec-GeoHdr
X-Edge-Server
X-Epic-Correlation-Id
X-A-Dcw
X-Org
X-ScT
Odigeo-Trace-Id
X-Varnish-Remaining-TTL
X-Vdms-Version
Origin-Agent-Cluster
T-Server
MD5-Digest
Meta-Geo-Continent
X-A-Dam
X-V-Cache
X-Varnish-CookieHashed-On
Ngx.Var.Host
X-SRCache-Key
X-Varnish-CookieINHashed-On
X-TIM-N
Magicmarker
Wxu-Next-Hostname
X-Req
Sslversion
Wxu-Next-Region
X-A-Ccd
X-LiteSpeed-Cache-Control
Lang
X-Via-Fastly
Wxu-Next-Commit
X-Viewer-Country
Surrogated-Key
X-Rojux
X-Vtex-Remote-Cache
X-LSADC-Cache
X-DC
X-Client-Ip
Mime-Version
X-Tx-Id
User-Cache-Control
X-Aicache-OS
Ssr
X-AK-Request-ID
X-CacheTTL
X-Acquia-Purge-Cdn-Unconfigured
RNT-Machine
Req-ID
RNT-Time
Server-Host
X-Amz-Storage-Class
X-Clientip
X-App-Name
X-Cache-Bucket
X-Block-Status
Tube-Got-Eval
X-Cache-Info
X-Cache-FS-Status
Tube-Return
V-Age
X-B3-Trace-ID
X-Backend-Instance
Tube-Get-Contents
Vix-Hermes-Req-Id
Tube-Got-Results
X-Gdpr
X-SD-PageType
X-Scheme
X-Server-IP
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SB
X-Request-Time
X-Proto
X-Powered-By-VTEX-Cache
X-Pubstack
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Wikidot-Static-Cache
X-Wikidot-Backend
Cache-Provider
Fastly-SSL
X-NodeID
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Varnish-Director
X-UA-Device-Type
X-Varnish-Hostname
X-VG-TLSProxy
X-VG-WebCache
X-Policy
X-Platform
X-GeoIP-Country-Code
X-GeoIP
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-Hnp-Log
X-Geo-Header
X-Generated-On
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-FC-Vary-Parameters
X-Fmm-Version
X-Forwarded-Site
X-HS-Content-Campaign-Id
X-Jobs
X-Nyt-Route
X-Node-Id
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-NMSegId
X-Mvc-Supplant-Cachable
X-Loc
X-Level-Front-Cache
X-Men
X-Micro-Cache
X-Mly-Id
X-Debug-Cache-Fetch
X-Gen-Mode
Click-Count-Action-Start
Platform
Click-Count-Error
Esi-Enabled
Cdnsip
NM-Fastcgi-Cache
X-NGINX-Cache
Cdncip
Edge-Cache
HostName
Fastly-Backend-Name
Country-Code
X-Dc
AKAMAI
Is-Eu
Producers
Powered-By
Adler-Geo
Host-ID
X-Slack-Backend
X-Cdn-Srv
HA-Ipaddr
PFcat
Cluster
X-Bip
L5d-Success-Class
X-Cache-Aspx
X-Hash
C-Via
L
Ha-Gx-Prefs
CDCHOST
X-Thanos
Release
X-Slack-Shared-Secret-Outcome
X-We-Are-Hiring
X-Var-Ttl
X-Ec-Custom-Error
X-Fastly-Cache
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Depends
Yak-Timeinfo
X-Cs
X-CUA
Content-Script-Type
Apple-News-Services-Request-Url
X-Date
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Contensis-Viewer-Groups
X-Auto-Login
XM
Server-Info
On-Server
NGX
Mail-Subject
Content-Style-Type
Web-Mar-Region
We-Hiring
Origin
Origin-CC
Req-Svc-Chain
Proxy-Firewall
X-Mvc-Supplant-OutputCached
Server-Ext
Server-Hostname
Origin-EX
Sever-Int
Gh-Request-Id
X-Proxied-Request
X-Access
X-CGP
X-Request-Host
W
True-Client-Country-4JS
X-BBC-Edge-Cache-Status
X-Request-Start
X-VarnishDD-TTL
X-Csrf-Jwt
X-Section
Fastly-GeoIP-CountryCode
X-Region-Sid
X-Accel-Expires-Debug
DSUID
X-Eu-Site
X-Human
X-HN
X-Varnish-Beresp-Ttl
X-Varnishpool
X-Pool
X-Location
X-Nginx-Cache-Key
Cache-Key
BehaviorPad-Version
Pramga
Machine
Canary
X-AIR-PT
X-Ad-Load-Variation
Debug
Fusion-Component-Id
X-WA-Info
Fusion-Content-Id
Fusion-Deployment-Id
X-RateLimit-Reset
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-LB-ID
Redirect-Candidate
X-APP
X-Device-Os
X-Varnish-Hits
X-Via-Popn
X-Via-Poph
X-Zone
X-MP-GENERATED-AT
X-Via-Popv
X-Newrelic-Synthetics
X-HA-Backend
X-CLOUD-TRACE-CONTEXT
SID
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
CDN-RequestId
GeoIP-Latitude
X-From
X-Up
X-NCache
Pics-Label
X-Content-Length
X-Akamai-Transformed
X-LiteSpeed-Tag
Fastly-Drupal-HTML
X-Jungle-Id
X-VHOST
X-B3-Parentspanid
CloudFront-Viewer-Country
X-CACHE-AGE
X-Nananana
X-Refresh
X-Cache-Backend
X-Servedbyhost
X-Vdms-Path
X-Litespeed-Tag
Fastly-Drupal-Html
Vc-Max-Age
X-Origin-Cache-Key
X-Parent-Response-Time
X-LB-NoCache
X-Dispatcher-Number
X-Nc
WP-Super-Cache
X-CDN-Cache-Status
X-Datadome
X-Uri
X-CACHE-KEY
X-ZONE
Product
X-RequestId
X-Cached-By
X-DynaTrace-JS-Agent
X-ApacheServer
X-VC-TTL
Datacenter
Server-ID
Resin-Trace
X-M-Log
X-PERF
X-M-Reqid
X-Render-Time
X-Wa
NtCoent-Length
X-Ckpd-Fst-Backend
Cdn
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
S-Rt
X-B3-Spanid
X-Bug-Bounty
X-CS
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
FSS-Cache
ServerName
Uri
X-Fpc
X-TX-ID
Locid
X-TT-LOGID
X-HubSpot-Correlation-Id
True-Client-Ip
X-Esi
True-Client-IP
X-VCache
Serverhost
X-SERVER-NAME
X-HostName
X-Nf-Language
Srv
X-Nf-Country
X-Nf-Ats-Version
CDN
GeoIP-Country-Code
X-Old-Content-Length
Tcn
X-Original-Request-Id
X-Dynatrace-Js-Agent
X-FPC
X-Vmg-Version
X-Akamai-Device-Characteristics
X-Response-Served-From
User-Agent
X-Srv
X-TIME
Ngx-Var-Key
X-Gamma-Serve
ServerHost
X-Info
X-NewRelic-App-Data
X-Cdn-Cache-Status
X-WA
X-Webkit-Csp-Report-Only
X-Hit
Request-ID
X-Cdn-Forward
X-Vgn-Hpd-Reason
X-Vc
Xc-Version
CacheControlHeader
X-APP-VERSION
Server-Id
Cf-Ipcountry
X-NC
X-Moov-Xdn-Version
X-Moov-T
X-TH-Server
Expect-Staple
X-COUNTRY
Hostname
X-Platform-Cluster
Cneonction
X-Platform-Router
Srvid
X-FL-QIT-DEBUG
X-Lb-Nocache
X-Amz-Meta-Opti
X-Dispatch
X-Platform-Processor
X-V
X-Presslabs-Stats
X-Geo
Cf-Device-Type
X-ServedByHost
Cloudfront-Viewer-Country
Geoip-Latitude
N-Cache
X-User
PICS-Label
X-Rollout
Cross-Origin-Embedder-Policy-Report-Only
Permission-Policy
X-Platform-Server
X-Application
X-Destination
X-External-Request-Id
X-S-Cookie
X-B-Cookie
X-New
WZWS-RAY
X-Eligible
X-VCL-Version
X-Oracle-DMS-ECID
XkeyRZ
X-Ha-Backend
X-Proxy-CacheRZ
X-Via-PopH
Origin-Trial
X-Limited
X-Via-PopN
X-Zen-Fury
X-Via-PopV
X-Correlation-ID
Ohc-File-Size
X-App
Epwk-X-Cache
X-Sigma-Backend
X-Cache-Date
X-Ftr-Request-Id
X-Ua
X-ElasticPress-Query
X-Sigma
X-Internal-TTL
X-Instance-Name
X-Rocket-Build-Number
X-Akamai-Pragma-Client-IP
Rtss
X-VTEX-Cache-Backend-Header-Time
Cl-Cache
X-Sqd-Stime
X-Sqd-Ctime
X-Via-SSL
X-Path
X-Via-CDN
X-Lb-Id
X-Via-Edge
X-EC-Lua
X-VTEX-Cache-Backend-Connect-Time
Edge-Copy-Time
X-MSEdge-Features
X-API-Version
X-MiniProfiler-Ids
X-MSEdge-Flight
X-Branch-Name
X-VServer
X-Segment-20210421
X-Litespeed-Cache-Control
X-Serial
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Ms-Author-Via
Lb
X-Acquia-Application-UUID
X-Datacenter
Cmstype
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Site
IsBot
Timeexpire
WebServer
X-SIPLIST1
Cmsid
Sm-Log-Id
X-Web-Server
X-Service-Response-Time
CountryCode
Servername
X-LAGOON
X-CDN-Origin
X-CSRF-TOKEN
X-Th-Server
X-Amz-Meta-S3b-Last-Modified
X-Snapshot-Date
X-IN-APIGATEWAYSSL
X-Origin-Upstream-Status
X-IN-APIGATEWAY
X-Ramcache
X-Traceid
X-Irp-Debug
X-DynaTrace
X-Amz-Meta-Sha256
X-Dw-Trace-Id
Wpo-Cache-Message
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
Warning
Ngx
X-Fastly-Backend-Reqs
X-RAMCache
X-Shopid
Wpo-Cache-Status
X-Shardid
Fl-Custom-Application
Ohc-Cache-HIT
X-Udemy-Cache-App-Namespace