Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Permissions-Policy
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-LiteSpeed-Cache
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Pingback
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Server-Id
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
X-ASPNET-VERSION
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Litespeed-Cache
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Daa-Tunnel
X-Midtier
X-Browser-Type
X-Server-Name
Nginx-Cache
X-CST
Accept-Ch
X-Powered-By-Plesk
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
X-Cnection
X-Cache-TTL
X-ESI
X-Ac
X-D2id
X-Element-Page-Cache
X-GitHub-Request-Id
Edge-Control
X-Kinja-Revision
X-Exp-Id
Verso
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-MS-InvokeApp
X-ECACHE
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-Navigation-Version
X-B3-TraceId
X-Dw-Request-Base-Id
X-Webkit-Csp
Fastly-Restarts
SPRequestDuration
X-FastCGI-Cache
SPIisLatency
X-Mod-Pagespeed
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Client-IP
X-PDP-UNCACHING-HASH
X-NF-Request-ID
X-Edge-Location-Klb
X-Kinsta-Cache
X-Goog-Hash
X-ARC
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-Mg-S
X-Sol
Display
X-Powered-CMS
X-Middleton-Display
Pagespeed
Edge-Cache-Tag
S
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Middleton-Response
Response
X-Ratelimit-Remaining
X-Fastly-Request-ID
RTSS
X-TraceId
Realpath
X-Content-Digest
X-Forwarded-For
X-T
X-Cache-Key
Cross-Origin-Resource-Policy
X-TTL
X-Server-ID
X-Correlation-Id
X-Recruiting
Fastcgi-Cache
X-Cached
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Varnish-TTL
Front-End-Https
X-Shield-Request-Id
MicrosoftSharePointTeamServices
Content-MD5
X-HS-Hub-Id
X-Ruxit-Js-Agent
X-HS-Cache-Config
X-HS-Content-Id
X-Request-Received
X-Ua-Browser
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-Request-Processing-Time
X-Protected-By
X-FTR-Backend-Server
MS-Author-Via
X-FTR-Backend
X-Forwarded-Proto
Payment
Server-Node
X-Frontend
X-LLID
TP-Cache
Arr-Disable-Session-Affinity
Public-Key-Pins
X-RateLimit-Remaining
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Count-Hit
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-HS-Combine-CSS
X-FTR-Expires
X-GUploader-UploadID
X-Accel-Expires
X-PressLabs-Stats
X-Distributor
X-Kong-Upstream-Latency
X-LB-Cache
X-Kong-Proxy-Latency
X-Origin-Server
X-NODE
X-Ezoic-Cdn
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Newrelic-App-Data
X-Request-Handler-Origin-Region
X-Microsite
X-Az
X-Activity-Id
X-AppVersion
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Www-Served-By
MRF-Tech
Host
Accept-Charset
X-Varnish-Server
X-Cluster-Name
Cache-Tags
X-Varnish-Backend
X-Ua-Device
X-Content-Security-Policy-Report-Only
X-App-Server
X-Amz-Meta-S3cmd-Attrs
Cleartype
Retry-After
X-ORACLE-DMS-ECID
X-Ttl
X-Goog-Metageneration
Server-Name
Filterid
X-Unique-Id
X-Hits
Surrogate-Key
X-Git-Hash
Access-Control-Allow-Method
X-Debug
X-Envoy-Decorator-Operation
X-Azure-Ref
X-NGENIX-Cache
X-Logged-In
X-Upgrade-Enabled
X-CSRF-Token
X-Load-Cache
X-Geo-Country
X-Id
X-Hostname
X-FB-Debug
X-Tt-Trace-Tag
TCN
X-Tt-Trace-Host
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Amz-Apigw-Id
X-Proxy
X-Amzn-RequestId
X-Time
TP-L2-Cache
X-B
X-Seen-By
Section-Io-Cache
X-TT
X-Grace
X-B3-Sampled
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Revision
X-Request-Guid
X-Cache-Control
X-Trace-Id
Healthy
DC
X-F-Cache
X-Contextid
Viewport
X-Fb-Rlafr
X-Type
Referer-Policy
X-Mobile
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Fastly-SIE
X-N
Fastly-SWR
Paypal-Debug-Id
X-DIS-Request-ID
Content-Disposition
X-XRDS-LOCATION
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Page-Id
X-Debug-Info
X-Varnish-Grace
X-Origin-Cache
X-Webkit-CSP
X-Px
X-Via-JSL
X-Aws-Lambda-Call-Status
X-Magnolia-Registration
Version
X-Whom
X-Amz-Replication-Status
X-Oracle-Dms-Ecid
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Ratelimit-Reset
X-Datadog-Sampling-Priority
X-Template
X-Content-Options
X-UUID
X-Rid
X-ProcessESI
X-RemovedCookies
X-G
X-Adobe-Loc
X-App-Environment
MS-CV
X-Adobe-Content
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Node-Name
X-Rule
X-Debug-IsPreview
X-RTag
X-Debug-IsConnected
X-Yottaa-Metrics
NGB
X-Yottaa-Optimizations
SD-X-WS
VIX-Pulpo-Upstream-Status
X-Source
X-Wix-Request-Id
X-Hl-Ver
X-Storage
VIX-Pulpo-Node
X-Datadog-Sampled
Charset
X-Wormhole-Sdk
X-Signature
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Version
X-Is-Bot
X-Rendered-As
X-NYM-Debug-Backend
X-L-Path
X-Proxy-Cache-Info
X-Instance
X-Region
X-FW-Hash
X-FW-Serve
X-Cacheable-TTL
X-User-Agent
X-B-Cache
X-Device-Type
X-Backend-Name
X-Environment-Context
X-FW-Dynamic
Country
GEO-INFO
X-NWS-UUID-VERIFY
X-Cache-Grace
X-ServerID
Cross-Origin-Window-Policy
ServerID
X-Cache-Age
X-Status
Amp-Access-Control-Allow-Source-Origin
Countrycode
X-IPS-LoggedIn
X-Real-IP
SRV
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-RM-Cache-TTL
X-Amzn-Remapped-Content-Length
X-Language
Front
Liferay-Portal
X-WP-CF-Super-Cache-Active
Akamai-GRN
X-Framework
X-Xrds-Location
X-B3-SpanId
X-AB
X-Oracle-Dms-Rid
X-Sucuri-Cache
X-Sucuri-ID
X-Ismobilevalue
OT-Force-Account-Verify
X-Content-Powered-By
X-Air-Pt
X-Servername
X-UA
X-Akamai-Request-ID2
X-WebKit-CSP-Report-Only
X-VC
X-VC-Cache
From-Origin
X-Mode
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Xet-Cookie
Backend
X-URL
X-DataDome
Refresh
Upgrade-Insecure-Requests
Accept-Language
X-Cache-Time
X-Handled-By
X-Nginx-Cache
X-Cache-Status-Check
LB
X-Tt-Logid
Webserver
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Api-Version
X-Nf-Request-Id
X-SRV
X-UPSTREAM-Address
X-Rewrite-Enabled
Meta-Geo
Filters
X-RCS-CacheZone
X-Rn-Rsrv
X-JoinUs
X-Xfnlog-Site
Cache
X-SaId
TWC-Connection-Speed
ServedBy
Property-Id
X-Varnish-Age
TWC-GeoIP-Country
X-No-Session
X-Origin-Date
TWC-GeoIP-LatLong
X-Endurance-Cache-Level
X-LJ-Flow-ID
X-Proxied
X-R9-Blue-Green-Version
TWC-Locale-Group
X-Cache-Operation
X-Labrador-Cache-Channel
X-Hosted-By
X-Reqid
X-Cache-Rule
X-PHP-Host
X-Lambda-Id
X-Origin-Hint
TWC-Device-Class
X-Extlb
X-Routing-Service
X-VWS-Id
X-Adobe-Source
Webcakes-Region
X-Container-Uri
X-Cms-Context
X-Cloudmap
X-Cluster
X-Webstats-RespID
X-AWS-Id
X-Zipkin-Id
X-RateLimit-Limit
Webcakes-App-Name
X-Git-Commit
X-S
Webcakes-App-Version
X-Generated-By
TWC-Privacy
X-Tumblr-Pixel-2
X-Scope-Id
X-Is-Supported-Browser
X-ProxyCache-Status
X-Served-From
X-ProxyCache-Key
X-Is-Mobile
X-Is-Tablet
X-Loop
Apigw-Requestid
X-Forwarded-Host
X-Logging-Id
X-Locale
X-Is-Desktop
X-Ms-Request-Id
X-Fetched-On
Atl-Traceid
X-Provided-By
X-IPLB-Request-ID
Mn-Server-Ip
X-Ms-Version
X-Skip-Cache
Web-Mar-Node
X-Redis-Cache
X-Akamai-Edgescape
Section-Io-Id
X-Restarts
X-Accel-Version
X-Tcp-Rtt
X-Httpd
X-IPLB-Instance
Url
X-Site-Version
X-Geo-Region
X-Edge-Location
X-Cache-Debug
X-BYPASS-REASON
X-Browser-Name
X-INCAP-ABP
X-Web-Node
X-Tncms
X-Tb
X-Detected-As
X-Cache-Host
X-Alternate-Cache-Key
X-Director
X-Format
Selected-Fe
X-Storefront-Renderer-Rendered
X-VCT
X-Upstream-Ct
X-Varnish-Beresp-Grace
X-Soup
X-Shopify-Stage
X-Say-Cacheable
X-Request-URI
X-Upstream-Ht
X-Say-TTL
X-Proxy-Build
X-Timing-Wait
X-SayCDN-TTL
X-Optimistic-Header
X-Varnish-Cache-Hits
X-Origin
X-GeoCode
X-RID
X-GeoCountry
X-Frame-Option
Xserver
X-Azure-Ref-OriginShield
X-ShopId
Frame-Options
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Mg-Request-UUID
Onion-Location
X-Connection-Hash
Expiry
X-Lagoon
X-Drupal-Cache-Tags
WPO-Cache-Status
WPO-Cache-Message
Cdn-Requestid
X-Thinkindot-L3
X-Shield-Cache-Expires
Protected
X-Vcache
X-CDN-Forward
X-WP-CF-Super-Cache-Cookies-Bypass
Source
TDXMobile
Thinkindot-Control
X-CMSURLCustom
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Drupal-Cache-Contexts
X-Cache-Expired-At
X-Fastly-Request-Id
X-Origin-CC
X-Generation-Time
X-Cdn-Origin
X-Origin-TTL
X-Fastcgi-Cache
Fastcgi-Useragent
Cache-Hits
X-Pass-Why
X-Vcl-Version
X-PHP-Backend
Environment
X-ECache
X-Vercel-Cache
X-Rocket-Nginx-Serving-Static
X-Worker
Priority
X-Vercel-Id
X-Proxy-Cache-Status
X-Cache-Action
X-TA-CDN-Provider
X-App-Version
X-GEO
Uber-Trace-Id
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Buckets
Azure-InstanceId
X-ID
Node
X-Cluster-Node
X-Aspnetmvc-Version
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
CF-IPCountry
CDN-CachedAt
X-XRDS-Location
CDN-EdgeStorageId
Sid
CDN-Cache
CDN-Uid
CDN-PullZone
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
CDN-RequestCountryCode
CDN-RequestPullCode
X-RateLimit-Reset
Cache-Tv-Group
X-Tumblr-Pixel-3
X-FB-TRIP-ID
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
X-Auth-Group-Type
X-Cache-Server
X-Server-W
DB-Nickname
X-Origin-Cache-Key
User-Cache-Control
X-Pad
X-Tx-Id
X-A
X-Client-Ip
X-DC
Alternate-Protocol
X-DefElseHash
X-ScT
X-Epic-Correlation-Id
Candidate-Md5Url
X-V-Cache
X-Custom-Header
X-D
X-Ec-GeoHdr
Content-Secure-Policy
A
X-Ec-Fail
X-Service
DCR-Decision-By
X-SRCache-Key
X-TIM-N
X-Developer
X-UA-Device-Type
X-DefHash
Ngx.Var.Host
X-Bl-Debug
X-BCube-Filmed-By
X-Bc-Bl
X-Block-Status
T-Server
X-Req
Sslversion
Surrogated-Key
Wxu-Next-Commit
Wxu-Next-Hostname
X-A-Dgt
X-A-Wwc
X-Aed
X-A-Dcw
X-A-Dam
Wxu-Next-Region
X-A-Ccd
Rendered-Blocks
X-Cache-Id
Lang
Magicmarker
MD5-Digest
X-Conf
X-Content-Age
Edge-Cache
X-Core-Value
Gannett-Cam-Experience-Id
Meta-Geo-Continent
X-SB
X-Cache-NE
Origin
Origin-Agent-Cluster
X-Cache-TTL-Remaining
Odigeo-Trace-Id
X-Esi-Check
X-Rojux
DCR-Processing-Time-Ms
X-Dispatcher-Server
X-Origin-Expires
X-ND-Cache
X-Viewer-Country
X-Varnish-Remaining-TTL
X-Level-Front-Cache
HostName
X-Generated-On
X-Op-Id-All
X-Ig-Push-State
X-Via-Fastly
X-Gen-Mode
X-Gzip
X-Hnp-Log
X-Ig-Origin-Region
X-Varnish-CookieHashed-On
X-Vdms-Version
X-Vtex-Remote-Cache
X-Varnish-CookieINHashed-On
X-GeoIP-City
X-Org
X-Fastly-Backend
Mime-Version
Platform
Powered-By
X-Jobs
RNT-Machine
Req-ID
X-Cache-Bucket
X-Proto
Producers
X-Request-Time
X-Powered-By-VTEX-Cache
X-Wikidot-Backend
X-WA-Info
X-CacheTTL
X-Node-Id
X-HN
NM-Fastcgi-Cache
X-Wikidot-Static-Cache
Origin-EX
PFcat
Origin-CC
X-HS-Content-Campaign-Id
XM
RNT-Time
X-Cache-Info
Ssr
X-Backend-Instance
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
X-Nginx-Cache-Key
X-NodeID
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Ad-Load-Variation
X-NMSegId
X-Pubstack
X-Auto-Login
X-Amz-Storage-Class
X-RateLimit-Remaining-Second
X-Aicache-OS
X-AK-Request-ID
X-Mly-Id
X-Micro-Cache
X-Loc
X-LSADC-Cache
X-Men
Is-Eu
Sever-Int
Server-Host
Server-Hostname
Tube-Get-Contents
Tube-Got-Eval
V-Age
Vix-Hermes-Req-Id
X-Bip
X-Region-Sid
Tube-Got-Results
Tube-Return
Server-Ext
X-VTEX-Cache-Time
X-Varnish-Hostname
X-Sn-Servicetimems
X-Platform
X-RateLimit-Limit-Second
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
X-VarnishDD-TTL
X-Server-IP
X-Debug-Cache-Fetch
C-Via
Host-ID
X-GeoIP
X-Policy
Adler-Geo
Fusion-Content-Source
Fusion-Content-Id
X-Thanos
X-FC-Vary-Parameters
X-Fmm-Version
X-Fastly-Cache
X-Varnish-Director
X-Edge-Server
X-PAYTM-SRV-ID
X-Forwarded-Site
X-Origin-Time
X-SVT-ORM-RULES
Fusion-Component-Id
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-DPWN-IS-SECURE
X-Gdpr
Cache-Provider
X-Debug-Cache-Store
Country-Code
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Content-Script-Type
X-VG-TLSProxy
X-VG-WebCache
X-GoCache-CacheStatus
Esi-Enabled
X-Origin-Response-Time
X-Clientip
X-Scheme
X-VTEX-Cache-Server
Fastly-SSL
Click-Count-Error
Content-Style-Type
Cdncip
Click-Count-Action-Start
Cdn-Request-Time
CDCHOST
Cdn-Host
X-SD-PageType
Cdnsip
X-Varnish-Beresp-Ttl
X-HITS
X-Pool
X-Eu-Site
X-Contensis-Viewer-Groups
X-Ec-Custom-Error
X-Date
X-CGP
X-Hash
X-Cdn-Srv
X-CUA
X-Human
X-Proxied-Request
X-Location
X-Device-Os
X-BBC-Edge-Cache-Status
X-Geo-Header
X-Csrf-Jwt
X-Depends
X-Mvc-Supplant-OutputCached
X-Cache-Aspx
L
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Cache-Key
Canary
Fastly-GeoIP-CountryCode
Fastly-Backend-Name
DSUID
Cluster
X-Section
X-Slack-Backend
X-We-Are-Hiring
X-LiteSpeed-Cache-Control
Yak-Timeinfo
X-Dc
X-Cache-FS-Status
X-Varnishpool
X-Varnish-Beresp-Status
X-Slack-Shared-Secret-Outcome
X-Test
X-App-Name
X-Varnish-Authentication
Gh-Request-Id
X-Var-Ttl
Release
Ha-Gx-Prefs
W
Proxy-Firewall
Req-Svc-Chain
X-Access
Web-Mar-Region
X-Accel-Expires-Debug
True-Client-Country-4JS
X-Request-Host
Pramga
L5d-Success-Class
HA-Ipaddr
We-Hiring
Machine
Mail-Subject
X-Request-Start
On-Server
NGX
X-AIR-PT
X-NGINX-Cache
X-Cs
X-Up
X-NCache
Server-Info
X-Varnish-Hits
X-Akamai-Transformed
X-From
X-MP-GENERATED-AT
X-LB-ID
X-Jungle-Id
BehaviorPad-Version
X-Zone
Redirect-Candidate
Debug
X-Tec-Api-Origin
SID
X-Tec-Api-Root
WP-Super-Cache
X-Tec-Api-Version
X-HA-Backend
CloudFront-Viewer-Country
X-Via-Poph
Fastly-Drupal-HTML
X-Refresh
Pics-Label
X-Via-Popv
X-Vdms-Path
X-Cache-Backend
X-Via-Popn
CDN-RequestId
X-APP
X-VHOST
X-Servedbyhost
X-CACHE-AGE
X-Parent-Response-Time
X-Uri
X-Content-Length
X-Datadome
X-B3-Parentspanid
GeoIP-Latitude
X-Nananana
X-LB-NoCache
X-Nc
X-VC-TTL
X-Render-Time
X-Newrelic-Synthetics
X-PERF
X-ApacheServer
X-M-Log
X-M-Reqid
X-Litespeed-Tag
Resin-Trace
Datacenter
Fastly-Drupal-Html
X-CACHE-KEY
X-DynaTrace-JS-Agent
X-Wa
Server-ID
X-Cached-By
X-CDN-Cache-Status
X-CS
X-ZONE
Vc-Max-Age
X-Amz-Meta-Cb-Modifiedtime
Locid
NtCoent-Length
X-RequestId
X-Dispatcher-Number
Cdn
X-LiteSpeed-Tag
X-B3-Spanid
Product
X-VCache
X-Original-Request-Id
GeoIp-Country-Code
X-Response-Served-From
X-Fpc
FSS-Cache
X-TT-LOGID
X-Varnish-Beresp-TTL
X-NewRelic-App-Data
X-IAuth-Set-Uid
Serverhost
X-Esi
X-Old-Content-Length
True-Client-Ip
X-Ckpd-Fst-Backend
X-Srv
Cf-Ipcountry
X-SERVER-NAME
X-HostName
X-TX-ID
X-Nf-Ats-Version
ServerName
X-Bug-Bounty
X-Nf-Language
Ngx-Var-Key
Uri
X-Nf-Country
True-Client-IP
X-HubSpot-Correlation-Id
GeoIP-Country-Code
Srv
X-Vgn-Hpd-Reason
CDN
S-Rt
Tcn
X-TIME
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-Cdn-Forward
X-Platform-Cluster
X-Dynatrace-Js-Agent
X-Moov-Xdn-Version
X-Moov-T
X-Platform-Router
X-FPC
X-Platform-Processor
X-TH-Server
Request-ID
X-Vc
X-WA
CacheControlHeader
X-Dispatch
User-Agent
X-Vmg-Version
Cf-Device-Type
X-Akamai-Device-Characteristics
Server-Id
X-COUNTRY
Hostname
X-APP-VERSION
X-Info
Geoip-Latitude
X-Application
X-NC
X-Gamma-Serve
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-S-Cookie
X-B-Cookie
X-Destination
X-External-Request-Id
Srvid
ServerHost
Cross-Origin-Embedder-Policy-Report-Only
X-User
X-VCL-Version
X-Lb-Nocache
Xc-Version
X-Geo
X-Zen-Fury
Cneonction
X-API-Version
X-Via-PopH
X-Via-PopN
Expect-Staple
X-Cache-Date
X-Sigma
Ohc-File-Size
X-Rocket-Build-Number
X-Via-PopV
Origin-Trial
X-ServedByHost
X-Hit
X-Sigma-Backend
X-Instance-Name
X-Ha-Backend
Cloudfront-Viewer-Country
X-VServer
X-Amz-Meta-Opti
Epwk-X-Cache
X-App
PICS-Label
X-Segment-20210421
X-V
X-Limited
X-Correlation-ID
X-Ua
X-Branch-Name
X-Akamai-Pragma-Client-IP
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
X-Sqd-Ctime
X-Sqd-Stime
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Lb-Id
X-Eligible
WZWS-RAY
X-New
X-Platform-Server
X-Rollout
X-MiniProfiler-Ids
Permission-Policy
X-Check-Cacheable
N-Cache
X-Serial
X-Wp-Cf-Super-Cache
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Acquia-Purge-Tags
X-Proxy-CacheRZ
X-Acquia-Site
X-VTEX-Cache-Backend-Connect-Time
XkeyRZ
Cmsid
X-VTEX-Cache-Backend-Header-Time
Timeexpire
Cmstype
Sm-Log-Id
X-MSEdge-Features
X-Service-Response-Time
X-MSEdge-Flight
X-DataCenter
X-Acquia-Application-UUID
X-Datacenter
Ohc-Cache-HIT
X-Acquia-Application-Trace
X-Web-Server
CountryCode
Servername
X-Litespeed-Cache-Control
X-LAGOON
DataCenter
Load-Balancing
X-CSRF-TOKEN
Wpo-Cache-Status
Wpo-Cache-Message
X-ElasticPress-Query
X-Requestid
X-Th-Server
X-Fastly-Backend-Reqs
Fl-Custom-Application
X-RAMCache
X-Shopid
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
Type
X-Udemy-Cache-App-Namespace
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-DynaTrace
Warning
X-Sorting-Hat-Shopid
X-Snapshot-Date
X-Sorting-Hat-Podid
X-Shardid
Ngx
X-Origin-Upstream-Status
X-Ramcache