Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Xss-Protection
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
X-Ws-Request-Id
Xkey
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dispatcher
Allow
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-WebKit-CSP
X-Host
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Node
X-Application-Context
X-Litespeed-Cache
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
P3p
X-NWS-LOG-UUID
X-Country
X-CST
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Clacks-Overhead
X-Trace
Cache-Tag
Rating
X-Rack-Cache
X-Url
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Times
Nginx-Cache
X-PC
X-Vname
X-TtlSet
X-Server-Name
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Oneagent-Js-Injection
X-Edge
X-Mcache
X-Midtier
X-Webkit-Csp
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-GitHub-Request-Id
X-Upstream
Edge-Control
X-MS-InvokeApp
X-Element-Page-Cache
X-Ac
Verso
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-D2id
X-Ser
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-Cache-TTL
X-FastCGI-Cache
X-Abt-Application-Version
X-B3-TraceId
AR-CACHE
X-Navigation-Version
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
SPIisLatency
X-NF-Request-ID
X-Aws-Lambda-Call-Status
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Client-IP
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Mg-S
Edge-Cache-Tag
X-Edge-Location-Klb
X-Ruxit-Js-Agent
X-Kinsta-Cache
S
X-Powered-CMS
X-Middleton-Response
Cache-Status
Response
X-Goog-Hash
X-Amzn-Trace-Id
Access-Control-Request-Method
X-Version
X-VARITI-CCR
X-Fastly-Request-ID
X-Cache-Key
X-ARC
RTSS
X-RateLimit-Remaining
X-Content-Digest
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-T
X-Recruiting
X-Ratelimit-Limit
Realpath
X-Correlation-Id
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
X-Cached
X-Varnish-TTL
MS-Author-Via
X-PDP-UNCACHING-HASH
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Ratelimit-Remaining
Content-MD5
X-Ua-Browser
X-Ttl
X-FTR-Backend
X-HS-Hub-Id
X-FTR-Backend-Server
X-Protected-By
X-HS-Content-Id
X-FTR-Balancer
X-Country-Code-Real
X-Shield-Request-Id
X-FTR-Cache-Status
X-HS-Cache-Config
X-Request-Processing-Time
X-Request-Received
Server-Node
Payment
X-Forwarded-Proto
X-LLID
X-Frontend
Public-Key-Pins
TP-Cache
X-HS-Combine-CSS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Distributor
X-FTR-Expires
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
X-Jurisdiction
X-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-DMS-RID
Count-Hit
X-GUploader-UploadID
X-Server-ID
X-Origin-Server
X-LB-Cache
X-NODE
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-TEC-API-ROOT
X-Origin-Cache-Key
X-Content-Security-Policy-Report-Only
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-PressLabs-Stats
Host
X-Activity-Id
X-AppVersion
X-Az
X-Www-Served-By
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Hits
X-App-Server
X-Cluster-Name
X-Varnish-Server
Retry-After
X-Varnish-Backend
Cache-Tags
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Ua-Device
Server-Name
Cleartype
X-Newrelic-App-Data
X-Geo-Country
X-Hostname
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Goog-Metageneration
Referer-Policy
X-ORACLE-DMS-ECID
X-CSRF-Token
X-Upgrade-Enabled
X-DIS-Request-ID
TP-L2-Cache
Access-Control-Allow-Method
X-Git-Hash
X-Seen-By
X-Azure-Ref
TCN
X-Hcs-Proxy-Type
Filterid
X-Unique-Id
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Tt-Trace-Host
X-F-Cache
X-Tt-Trace-Tag
X-Load-Cache
X-Amz-Apigw-Id
X-Id
X-Amzn-RequestId
X-Proxy
X-Revision
Section-Io-Cache
X-Grace
X-Request-Guid
X-Trace-Id
X-Cache-Control
Healthy
X-TT
DC
X-B3-Sampled
X-Px
X-B
X-Type
X-Debug-Info
X-Contextid
Paypal-Debug-Id
X-Page-Id
X-Logged-In
X-FB-Debug
X-Fb-Rlafr
X-Varnish-Ttl
X-Mobile
X-N
X-Debug
X-Oracle-Dms-Ecid
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-RateLimit-Limit
X-Whom
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Fastly-SWR
Fastly-SIE
X-XRDS-LOCATION
X-Datadog-Trace-Id
X-Oracle-Dms-Rid
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Charset
X-Content-Options
Version
X-Via-JSL
Content-Disposition
X-Template
X-Time
X-Cache-Grace
X-Webkit-CSP
X-Wix-Request-Id
X-Magnolia-Registration
X-Varnish-Grace
X-App-Environment
X-Language
X-EdgeConnect-Cache-Status
X-Rid
X-Signature
X-B-Cache
X-B3-SpanId
X-Node-Name
X-Origin-Cache
X-ProcessESI
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RemovedCookies
SRV
X-Yottaa-Optimizations
X-Amz-Replication-Status
X-Tumblr-User
X-Rule
X-Tumblr-Pixel-1
X-Datadog-Sampled
X-Debug-IsPreview
X-Yottaa-Metrics
X-Debug-IsConnected
X-Tumblr-Pixel
X-Tumblr-Pixel-0
SD-X-WS
X-G
GEO-INFO
MS-CV
Ms-Operation-Id
X-Storage
X-FW-Static
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Type
X-FW-Version
X-RTag
X-Instance
ServerID
X-FW-Dynamic
X-Hl-Ver
X-Amzn-Remapped-Content-Length
X-Adobe-Content
X-Backend-Name
X-Adobe-Loc
X-Cacheable-TTL
NGB
X-Rendered-As
X-Is-Bot
X-UUID
Liferay-Portal
X-Proxy-Cache-Info
X-Device-Type
X-NYM-Debug-Backend
X-Region
X-Status
X-User-Agent
X-L-Path
X-RateLimit-Reset
X-Cache-Hit
X-IPS-LoggedIn
Country
X-Environment-Context
Countrycode
Surrogate-Key
X-Source
X-Real-IP
X-Cache-Age
X-ServerID
X-URL
X-NWS-UUID-VERIFY
Akamai-GRN
Amp-Access-Control-Allow-Source-Origin
X-WP-CF-Super-Cache-Active
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Sucuri-ID
OT-Force-Account-Verify
X-Servername
X-UA
X-VC-Cache
From-Origin
X-Xrds-Location
X-RM-Cache-TTL
Front
X-Air-Pt
Backend
Upgrade-Insecure-Requests
X-Framework
X-WebKit-CSP-Report-Only
X-INCAP-ABP
Refresh
X-Mode
X-Wormhole-Sdk
X-AB
X-Air-Hostname
X-Air-Trace-Id
X-Air-Source
X-Akamai-Request-ID2
X-Cache-Time
X-Content-Powered-By
X-DataDome
X-Handled-By
Xet-Cookie
X-Nginx-Cache
Frame-Options
X-Edge-Location
X-HTML-Minification-Powered-By
Url
X-SaId
Filters
X-Rn-Rsrv
X-Rewrite-Enabled
X-Xfnlog-Site
X-RCS-CacheZone
X-Endurance-Cache-Level
X-Webstats-RespID
Selected-Fe
X-Timing-Wait
X-UPSTREAM-Address
Meta-Geo
X-SRV
X-JoinUs
X-Origin-CC
X-Origin-TTL
X-Vcache
X-Proxy-Build
WPO-Cache-Status
X-Labrador-Cache-Channel
X-AWS-Id
X-Akamai-Edgescape
X-Origin
X-Logging-Id
Accept-Language
X-VWS-Id
X-Provided-By
Access-Control-Request-Headers
X-PHP-Host
X-Origin-Hint
X-Cache-Operation
X-Drupal-Cache-Tags
Webserver
X-Tumblr-Pixel-2
Webcakes-Region
X-Cache-Rule
Webcakes-App-Version
ServedBy
TWC-Connection-Speed
X-Origin-Date
X-Git-Commit
X-Container-Uri
Property-Id
X-LJ-Flow-ID
X-Reqid
X-No-Session
WPO-Cache-Message
TWC-Device-Class
X-Served-From
X-Cluster
Webcakes-App-Name
Atl-Traceid
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
X-Azure-Ref-OriginShield
X-IPLB-Request-ID
X-Adobe-Source
X-Locale
Section-Io-Id
Mn-Server-Ip
Cache-Hits
X-Zipkin-Id
X-Cloudmap
X-Cache-Debug
Web-Mar-Node
Cache
X-Cms-Context
X-Fetched-On
X-R9-Blue-Green-Version
X-Varnish-Cache-Hits
X-Extlb
X-Tb
X-Site-Version
X-Redis-Cache
X-Restarts
X-Routing-Service
X-Hosted-By
X-IPLB-Instance
X-Proxied
X-Buckets
X-VC
X-Drupal-Cache-Contexts
X-Web-Node
X-VCT
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Generation-Time
X-Forwarded-Host
X-Frame-Option
X-Scope-Id
X-ProxyCache-Key
Thinkindot-CacheControl-Type
X-ProxyCache-Status
X-Ms-Version
X-CMSURLCustom
X-Geo-Region
X-S
X-Format
Thinkindot-CacheControl
TDXMobile
Thinkindot-Control
X-Skip-Cache
X-Loop
X-Tncms
X-BYPASS-REASON
X-Browser-Name
X-Upstream-Ct
X-Upstream-Ht
X-Is-Supported-Browser
X-Varnish-Age
X-Is-Tablet
X-Lambda-Id
X-Thinkindot-L3
X-Accel-Version
X-Ms-Request-Id
X-Is-Desktop
X-Soup
X-Is-Mobile
X-Httpd
X-Tcp-Rtt
X-Director
X-Shield-Cache-Expires
Apigw-Requestid
X-CDN-Forward
X-Cache-Status-Check
Xserver
X-GeoCode
X-Cache-Host
X-Detected-As
X-Varnish-Beresp-Grace
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-GeoCountry
X-Cdn-Origin
X-Generated-By
X-Optimistic-Header
X-Lagoon
X-TA-CDN-Provider
X-Rocket-Nginx-Serving-Static
X-RID
LB
X-Worker
Source
X-Ratelimit-Reset
X-Vercel-Cache
X-Vercel-Id
X-Request-URI
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-Version
X-WP-CF-Super-Cache-Cookies-Bypass
X-XRDS-Location
Node
X-B3-Traceid
Fastcgi-Useragent
Protected
X-Vcl-Version
X-Pass-Why
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullSuccess
X-Fastcgi-Cache
CDN-PullZone
CDN-CachedAt
Expiry
X-Connection-Hash
Cross-Origin-Embedder-Policy
X-App-Version
X-GEO
Onion-Location
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Tumblr-Pixel-3
X-Cache-Expired-At
X-ID
Alternate-Protocol
X-Tec-Api-Root
X-Cache-Server
X-Tec-Api-Version
CDN-RequestId
X-Tec-Api-Origin
DB-Nickname
X-PHP-Backend
Priority
AMP-Access-Control-Allow-Source-Origin
X-Server-W
X-Jobs
Environment
CF-IPCountry
X-Proxy-Cache-Status
Uber-Trace-Id
X-Api-Version
X-Fastly-Request-Id
X-DC
X-Cache-Action
X-Urbn-Context-Path
X-Cluster-Node
Locale
X-Urbn-Site-Id
Cdn-Requestid
X-LSADC-Cache
X-Tt-Logid
User-Cache-Control
Sid
X-Mg-Request-UUID
X-MP-GENERATED-AT
X-Ismobilevalue
X-Tx-Id
HostName
X-ND-Cache
X-NCache
X-Gzip
X-Epic-Correlation-Id
X-GeoIP-City
Candidate-Md5Url
Sslversion
X-Gen-Mode
X-Org
X-Hnp-Log
X-Ig-Origin-Region
X-Varnish-Beresp-Ttl
X-FB-TRIP-ID
X-Ec-Fail
X-Esi-Check
X-Ec-GeoHdr
Cache-Tv-Group
X-Origin-Expires
X-BCube-Filmed-By
X-Node-Id
Wxu-Next-Commit
X-Op-Id-All
X-Jungle-Id
Req-ID
A
X-Forwarded-Site
Content-Secure-Policy
X-SB
Meta-Geo-Continent
X-Varnish-Hostname
X-Cache-Id
X-Vdms-Path
X-A-Dam
X-Vdms-Version
X-Response-Served-From
MD5-Digest
X-Cache-NE
Magicmarker
X-A-Dgt
X-A-Dcw
X-Original-Request-Id
Ngx.Var.Host
X-Bc-Bl
Origin
X-A
Origin-Agent-Cluster
X-Bip
Wxu-Next-Hostname
Wxu-Next-Region
Vix-Hermes-Req-Id
X-A-Ccd
X-VTEX-Cache-Server
X-Block-Status
X-VTEX-Cache-Time
X-Vtex-Remote-Cache
X-Bl-Debug
X-UA-Device-Type
X-TIM-N
Fusion-Component-Id
Rendered-Blocks
Fusion-Content-Id
Fusion-Content-Source
T-Server
Fusion-Deployment-Id
Surrogated-Key
X-Developer
DCR-Processing-Time-Ms
DCR-Decision-By
X-Device-Os
Edge-Cache
X-Powered-By-VTEX-Cache
X-Request-Start
Fusion-Source
X-Conf
X-SRCache-Key
X-Clientip
X-A-Wwc
X-Thanos
Lang
X-Content-Age
X-D
Fusion-Template-Id
X-Rojux
X-ScT
Gannett-Cam-Experience-Id
X-Aed
X-Dispatcher-Server
X-Uri
X-Origin-Response-Time
X-Client-Ip
X-Zone
X-Scheme
X-Request-Time
X-Cdn-Srv
X-SD-PageType
X-CUA
X-Backend-Instance
X-Req
X-Auto-Login
X-RateLimit-Remaining-Second
X-Pubstack
X-Proto
Ssr
DSUID
Fastly-Backend-Name
Release
X-Test
X-RateLimit-Limit-Second
Fastly-SSL
X-Region-Sid
X-V-Cache
XM
X-WA-Info
X-Viewer-Country
X-Via-Fastly
Yak-Timeinfo
Origin-CC
PFcat
X-Ig-Push-State
Origin-EX
NM-Fastcgi-Cache
X-VG-WebCache
X-Varnish-Director
X-Var-Ttl
X-Geo-Header
X-VarnishDD-TTL
X-Cache-Info
Powered-By
X-Cache-Bucket
X-Varnishpool
X-Cache-TTL-Remaining
X-Policy
X-App-Name
C-Via
X-Amz-Storage-Class
Cache-Provider
Server-Hostname
X-GeoIP-Region-Code
X-Platform
Server-Ext
X-Fastly-Cache
X-FC-Vary-Parameters
X-Level-Front-Cache
Server-Host
X-HS-Content-Campaign-Id
X-Gdpr
X-AK-Request-ID
AKAMAI
X-Fmm-Version
X-Loc
X-Service
X-GeoIP-Country-Code
X-Auth-Group-Type
X-NMSegId
X-Nginx-Cache-Key
X-Nyt-Route
Content-Script-Type
X-PAYTM-SRV-ID
X-Origin-Time
Content-Style-Type
X-Edge-Server
X-Mvc-Supplant-Cachable
CDCHOST
Sever-Int
X-Generated-On
X-GeoIP
Cdn-Host
Cdnsip
Cdncip
Cdn-Request-Time
X-HN
X-TT-LOGID
X-B3-Trace-ID
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-Access
X-BBC-Edge-Cache-Status
X-Men
X-Server-IP
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Section
X-Request-Host
X-Pool
X-Proxied-Request
X-SVT-ORM-VERSION
X-Varnish-Authentication
X-Wikidot-Static-Cache
X-Tb-Optimization-Total-Bytes-Saved
Odigeo-Trace-Id
X-Wikidot-Backend
X-We-Are-Hiring
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-Mvc-Supplant-OutputCached
X-Mly-Id
X-Csrf-Jwt
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Value
X-Contensis-Viewer-Groups
X-Cache-Backend
X-CGP
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Human
X-Location
X-Micro-Cache
X-GoCache-CacheStatus
X-From
X-Eu-Site
X-Fastly-Backend
X-Cache-Aspx
We-Hiring
Ha-Gx-Prefs
HA-Ipaddr
Gh-Request-Id
X-LiteSpeed-Cache-Control
Fastly-GeoIP-CountryCode
Is-Eu
L
WP-Super-Cache
On-Server
Mail-Subject
Machine
L5d-Success-Class
Esi-Enabled
Country-Code
Apple-News-Services-Handled
Apple-News-Services-Host
Adler-Geo
Web-Mar-Region
X-ECache
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Error
Cluster
Click-Count-Action-Start
Canary
Cache-Key
Platform
Host-ID
Tube-Got-Results
RNT-Machine
W
Tube-Return
Req-Svc-Chain
Tube-Get-Contents
Pramga
True-Client-Country-4JS
Producers
Tube-Got-Eval
V-Age
RNT-Time
Redirect-Candidate
X-Up
X-ApacheServer
X-Date
X-Render-Time
Proxy-Firewall
X-Hash
X-NodeID
X-Slack-Backend
NGX
X-PERF
X-CacheTTL
X-Custom-Header
X-Accel-Expires-Debug
X-Slack-Shared-Secret-Outcome
X-AIR-PT
SID
X-Newrelic-Synthetics
Debug
X-Varnish-Hits
X-NGINX-Cache
X-LB-ID
X-Cs
Fastly-Drupal-HTML
X-Nananana
X-COUNTRY
X-Varnish-CookieINHashed-On
X-DefElseHash
X-Varnish-Remaining-TTL
X-DefHash
X-Dc
X-Varnish-CookieHashed-On
Mime-Version
X-Pad
X-Via-Popn
X-Via-Popv
Datacenter
X-CACHE-GROUP
Pics-Label
X-Depends
X-HA-Backend
X-Via-Poph
CloudFront-Viewer-Country
X-Nf-Request-Id
X-Refresh
X-Akamai-Transformed
Locid
X-Servedbyhost
X-CACHE-AGE
X-VHOST
X-Cache-FS-Status
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-VC-TTL
X-TIME
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-M-Log
X-Parent-Response-Time
X-M-Reqid
X-LB-NoCache
X-Datadome
X-HITS
X-LiteSpeed-Tag
X-Litespeed-Tag
Ngx-Var-Key
X-Cached-By
X-Old-Content-Length
X-B3-Parentspanid
Server-ID
Server-Info
X-CS
Resin-Trace
Cdn
BehaviorPad-Version
X-TH-Server
X-CDN-Cache-Status
X-Wa
X-Moov-Xdn-Version
X-Nc
X-Moov-T
Cf-Ipcountry
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
GeoIp-Country-Code
Cross-Origin-Embedder-Policy-Report-Only
X-APP
X-Presslabs-Stats
X-Fpc
NtCoent-Length
X-Vgn-Hpd-Reason
X-VCache
X-IAuth-Set-Uid
X-External-Request-Id
X-B-Cookie
X-S-Cookie
X-ZONE
X-Content-Length
FSS-Cache
X-User
Cf-Device-Type
X-Vc
X-NewRelic-App-Data
X-Application
X-Destination
Uri
True-Client-Ip
X-Esi
Serverhost
True-Client-IP
X-Zen-Fury
X-TX-ID
X-HostName
CDN
X-API-Version
X-Sigma-Backend
X-Srv
X-Instance-Name
X-Cache-Date
X-Varnish-Beresp-TTL
X-Sigma
X-Rocket-Build-Number
X-Dynatrace-Js-Agent
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
Tcn
GeoIP-Country-Code
X-Dispatcher-Number
Load-Balancing
X-Providence-Cookie
X-Route-Name
S-Rt
X-VServer
X-Oracle-DMS-ECID
X-DynaTrace
Vc-Max-Age
Srv
X-Cdn-Cache-Status
X-RequestId
X-Branch-Name
X-HOST
X-Segment-20210421
Hostname
X-Cdn-Forward
Request-ID
X-NC
X-FPC
X-WA
Product
X-Webkit-Csp-Report-Only
X-Dispatch
X-Page-View
Ohc-File-Size
X-CACHE-KEY
X-DataCenter
X-B3-Spanid
X-APP-VERSION
X-Ckpd-Fst-Backend
Server-Id
ServerName
Type
Srvid
X-FL-QIT-DEBUG
Geoip-Latitude
X-Lb-Nocache
X-Geo
X-Http-Reason
X-Bug-Bounty
X-Sql-Duration-Ms
X-Irp-Debug
X-SERVER-NAME
X-Sql-Count
Cl-Cache
CacheControlHeader
X-ServedByHost
DataCenter
X-VCL-Version
Cloudfront-Viewer-Country
Epwk-X-Cache
Origin-Trial
X-Owner
X-Via-CDN
IsBot
Edge-Copy-Time
X-SIPLIST1
X-Via-SSL
X-Via-Edge
Ohc-Cache-HIT
WZWS-RAY
X-Cache-Ttl
X-Correlation-ID
MIME-Version
X-Ua
X-Proxy-CacheRZ
X-Via-PopH
X-Core-Mission
X-App
Cross-Origin-Opener-Policy-Report-Only
X-Ha-Backend
PICS-Label
XkeyRZ
X-Via-PopV
X-Via-PopN
X-Srcache-Fetch-Status
Rtss
X-Nf-Language
X-Srcache-Store-Status
X-Nf-Country
X-Nf-Ats-Version
X-HubSpot-Correlation-Id
X-Vmg-Version
X-CSRF-TOKEN
X-Akamai-Device-Characteristics
ServerHost
X-Lb-Id
Cneonction
User-Agent
X-MSEdge-Features
N-Cache
X-MSEdge-Flight
X-Qloud-Router
X-Hit
X-MiniProfiler-Ids
Lb
X-Acquia-Application-UUID
X-Acquia-Site
X-Service-Response-Time
Sm-Log-Id
X-Acquia-Purge-Tags
Cmstype
X-Gamma-Serve
Warning
X-Info
X-Amz-Meta-Opti
X-Fastly-Country-Code
X-Web-Server
X-Acquia-Application-Trace
X-Limited
X-Sqd-Stime
CountryCode
Cmsid
X-Datacenter
X-Sqd-Ctime
X-LAGOON
X-Litespeed-Cache-Control
Servername
X-Check-Cacheable
X-Serial
X-Th-Server
X-RAMCache
X-Akamai-Pragma-Client-IP
X-Requestid
Xkeylog
X-Ramcache
Xkey-La3
Ngx
X-Proxy-Cache-La3
X-Amz-Meta-S3b-Last-Modified
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Amz-Meta-Sha256
X-IN-APIGATEWAYSSL
X-Snapshot-Date