Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Ua-Compatible
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
Permissions-Policy
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
Allow
X-Dispatcher
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Cache-Lookup
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
X-Nginx-Cache-Status
X-Node
P3p
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
X-CST
X-Country
X-Litespeed-Cache
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Url
X-Clacks-Overhead
Cache-Tag
X-Trace
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Daa-Tunnel
X-Oneagent-Js-Injection
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-GitHub-Request-Id
X-Upstream
X-ECACHE
Edge-Control
X-MS-InvokeApp
X-D2id
X-Element-Page-Cache
X-Ac
X-ESI
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja
X-Kinja-Build
Verso
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-SID
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
X-Cache-TTL
X-Navigation-Version
X-Abt-Application-Version
X-Aws-Lambda-Call-Status
X-B3-TraceId
SPIisLatency
AR-CACHE
SPRequestDuration
X-Mod-Pagespeed
X-NF-Request-ID
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Fastly-Restarts
X-Client-IP
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
Response
X-Middleton-Response
X-Amzn-Trace-Id
X-RateLimit-Remaining
Cache-Status
X-Cache-Key
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Goog-Hash
X-Fastly-Request-ID
X-ARC
RTSS
X-Content-Digest
X-TraceId
X-Forwarded-For
X-Recruiting
Cross-Origin-Resource-Policy
X-T
Realpath
X-Varnish-TTL
X-Correlation-Id
Front-End-Https
X-MSEdge-Ref
Fastcgi-Cache
Pinterest-Generated-By
X-Ratelimit-Limit
Pinterest-Version
X-Pinterest-Rid
X-Cached
MS-Author-Via
X-PDP-UNCACHING-HASH
Content-MD5
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Ua-Browser
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Backend
X-FTR-Cache-Status
X-Request-Processing-Time
X-Request-Received
X-Protected-By
Payment
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Forwarded-Proto
Server-Node
X-LLID
TP-Cache
X-HS-Combine-CSS
Public-Key-Pins
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TTL
X-Frontend
X-Distributor
X-Ttl
X-Jurisdiction
X-FTR-Expires
X-Server-ID
X-HP-Webp
X-HP-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Expires
X-ORACLE-DMS-RID
X-NODE
X-GUploader-UploadID
Count-Hit
X-Ratelimit-Remaining
X-LB-Cache
X-Origin-Server
X-Origin-Cache-Key
X-Ezoic-Cdn
X-Hits
X-Microsite
X-Request-Handler-Origin-Region
X-Az
X-Activity-Id
X-AppVersion
X-Content-Security-Policy-Report-Only
X-PressLabs-Stats
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Varnish-Backend
X-Ua-Device
X-Www-Served-By
Host
X-Cluster-Name
X-Varnish-Server
X-App-Server
Retry-After
Cache-Tags
X-TEC-API-VERSION
X-Amz-Meta-S3cmd-Attrs
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Accept-Charset
Server-Name
X-Hostname
Cleartype
X-NGENIX-Cache
X-Newrelic-App-Data
X-Geo-Country
Referer-Policy
X-Envoy-Decorator-Operation
X-Id
X-CSRF-Token
X-Goog-Metageneration
X-DIS-Request-ID
X-ORACLE-DMS-ECID
X-Upgrade-Enabled
TP-L2-Cache
X-Seen-By
Access-Control-Allow-Method
X-Azure-Ref
X-Git-Hash
X-CCDN-Origin-Time
X-Load-Cache
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Unique-Id
Filterid
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-RateLimit-Limit
X-Proxy
X-Amz-Apigw-Id
X-Amzn-RequestId
X-F-Cache
X-Grace
X-XRDS-LOCATION
Healthy
X-Request-Guid
X-Px
X-Cache-Control
X-Trace-Id
TCN
X-Debug-Info
X-Revision
X-B3-Sampled
Paypal-Debug-Id
Section-Io-Cache
X-B
DC
X-TT
X-Page-Id
X-Oracle-Dms-Ecid
X-FB-Debug
X-Contextid
X-Type
X-Fb-Rlafr
X-Logged-In
X-N
X-Mobile
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Debug
X-Varnish-Ttl
X-Oracle-Dms-Rid
X-Whom
X-Template
Fastly-SWR
X-Language
Fastly-SIE
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Time
X-Datadog-Trace-Id
X-Webkit-CSP
X-Cache-Grace
X-Via-JSL
X-Content-Options
Version
Charset
Content-Disposition
X-Varnish-Grace
X-Wix-Request-Id
X-Magnolia-Registration
X-App-Environment
X-EdgeConnect-Cache-Status
X-B-Cache
X-Origin-Cache
X-Node-Name
X-Signature
X-ProcessESI
X-RemovedCookies
SRV
X-B3-SpanId
X-Rule
X-RateLimit-Reset
X-Tumblr-User
X-Datadog-Sampled
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-Pixel
X-Backend-Name
VIX-Pulpo-Node
X-RTag
MS-CV
X-UUID
SD-X-WS
Ms-Operation-Id
X-Yottaa-Optimizations
X-Hl-Ver
X-G
X-Amz-Replication-Status
VIX-Pulpo-Upstream-Status
X-Amzn-Remapped-Content-Length
X-Yottaa-Metrics
ServerID
X-FW-Server
X-FW-Static
X-FW-Version
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Type
GEO-INFO
X-Instance
X-Cache-Age
X-Adobe-Loc
X-Adobe-Content
X-Proxy-Cache-Info
X-Device-Type
X-Rendered-As
X-Storage
X-NYM-Debug-Backend
Liferay-Portal
X-Is-Bot
X-User-Agent
NGB
Countrycode
X-Cacheable-TTL
X-Status
Country
X-IPS-LoggedIn
Surrogate-Key
X-NWS-UUID-VERIFY
X-Environment-Context
X-Cache-Hit
X-Region
X-L-Path
X-Real-IP
X-ServerID
X-Source
X-Rid
X-Sucuri-ID
Akamai-GRN
X-Sucuri-Cache
Cross-Origin-Window-Policy
X-Servername
OT-Force-Account-Verify
X-WP-CF-Super-Cache-Active
From-Origin
X-VC-Cache
X-UA
X-RM-Cache-TTL
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-Framework
Backend
Front
Amp-Access-Control-Allow-Source-Origin
X-INCAP-ABP
X-Mode
X-Xrds-Location
X-AB
Refresh
X-Wormhole-Sdk
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Akamai-Request-ID2
X-Handled-By
X-Content-Powered-By
X-Cache-Time
X-HTML-Minification-Powered-By
Xet-Cookie
X-Buckets
X-RID
X-Air-Pt
X-Edge-Location
X-Endurance-Cache-Level
Url
X-VC
Frame-Options
Selected-Fe
Meta-Geo
Filters
X-Origin-TTL
X-RCS-CacheZone
X-Timing-Wait
X-Cluster
X-Xfnlog-Site
X-SaId
X-Origin-CC
X-Origin-Date
X-Rn-Rsrv
X-JoinUs
X-Reqid
X-Proxy-Build
X-UPSTREAM-Address
X-Webstats-RespID
X-Rewrite-Enabled
X-No-Session
X-R9-Blue-Green-Version
WPO-Cache-Message
X-Labrador-Cache-Channel
X-SRV
X-Tumblr-Pixel-2
Property-Id
X-VWS-Id
X-Cache-Operation
X-Cache-Rule
X-LJ-Flow-ID
X-Git-Commit
Cache
X-Azure-Ref-OriginShield
X-Origin
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Webserver
TWC-GeoIP-Country
X-Akamai-Edgescape
X-AWS-Id
X-Drupal-Cache-Tags
X-DataDome
WPO-Cache-Status
X-Cache-Status-Check
X-Origin-Hint
X-PHP-Host
Cache-Hits
X-Container-Uri
X-Provided-By
ServedBy
Mn-Server-Ip
Accept-Language
X-Hosted-By
X-Redis-Cache
X-VCT
X-Zipkin-Id
X-Proxied
X-Ms-Request-Id
X-Ms-Version
X-Restarts
X-Routing-Service
X-Scope-Id
X-Served-From
X-Shield-Cache-Expires
X-Site-Version
X-Thinkindot-L3
X-Tb
X-Logging-Id
X-Locale
X-Adobe-Source
X-Cache-Debug
Web-Mar-Node
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Cloudmap
X-Cms-Context
X-Generation-Time
X-Httpd
X-Fetched-On
X-Extlb
X-CMSURLCustom
X-Drupal-Cache-Contexts
TDXMobile
Atl-Traceid
Access-Control-Request-Headers
X-Is-Supported-Browser
X-Is-Mobile
X-Is-Tablet
X-CDN-Forward
X-ProxyCache-Status
X-Is-Desktop
X-Loop
X-Geo-Region
X-Browser-Name
X-Accel-Version
X-BYPASS-REASON
Section-Io-Id
X-Forwarded-Host
X-S
X-ProxyCache-Key
X-Varnish-Age
X-Upstream-Ht
X-Tcp-Rtt
Apigw-Requestid
X-Tncms
X-Varnish-Cache-Hits
X-Upstream-Ct
X-Web-Node
X-Format
X-Director
X-Detected-As
X-Cache-Host
Xserver
X-Nginx-Cache
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Cdn-Origin
X-IPLB-Instance
X-Say-Cacheable
X-Skip-Cache
X-SayCDN-TTL
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-IPLB-Request-ID
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Lambda-Id
X-Soup
X-Frame-Option
X-Say-TTL
X-Vcache
X-GeoCode
X-GeoCountry
X-Generated-By
X-Optimistic-Header
X-Worker
X-Lagoon
X-Vercel-Id
Source
X-Rocket-Nginx-Serving-Static
X-Vercel-Cache
X-B3-Traceid
Node
Azure-RegionName
Azure-SiteName
Azure-Version
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-InstanceId
X-Ratelimit-Reset
Azure-SlotName
Fastcgi-Useragent
CDN-PullZone
Protected
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-Uid
CDN-RequestPullSuccess
X-Pass-Why
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-URL
AMP-Access-Control-Allow-Source-Origin
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Cross-Origin-Embedder-Policy
X-Request-URI
LB
X-Vcl-Version
Expiry
X-App-Version
CDN-RequestId
X-Connection-Hash
X-Tumblr-Pixel-3
X-TA-CDN-Provider
Onion-Location
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-GEO
X-Cache-Expired-At
X-XRDS-Location
Alternate-Protocol
X-Cache-Server
X-Api-Version
X-PHP-Backend
DB-Nickname
X-Jobs
Priority
Sid
X-Server-W
X-Fastly-Request-Id
Environment
Uber-Trace-Id
CF-IPCountry
X-Fastcgi-Cache
X-Cache-Action
X-Cluster-Node
X-Proxy-Cache-Status
HostName
Locale
User-Cache-Control
X-LSADC-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Mg-Request-UUID
X-MP-GENERATED-AT
X-Uri
X-TT-LOGID
X-Response-Served-From
X-Original-Request-Id
X-AIR-PT
X-SB
X-Esi-Check
X-SRCache-Key
X-Epic-Correlation-Id
X-FC-Vary-Parameters
Cache-Tv-Group
Candidate-Md5Url
X-A-Dgt
X-UA-Device-Type
X-ScT
X-A-Dam
Magicmarker
X-A-Ccd
X-A-Dcw
X-FB-TRIP-ID
X-D
X-Bl-Debug
X-Bip
X-Clientip
X-Conf
X-Thanos
X-TIM-N
X-Block-Status
X-Cache-Id
X-Cache-NE
X-Content-Age
X-BCube-Filmed-By
X-Device-Os
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
X-Developer
X-A-Wwc
X-Bc-Bl
A
X-Aed
Lang
X-Forwarded-Site
X-Level-Front-Cache
X-Jungle-Id
X-Mvc-Supplant-Cachable
Rendered-Blocks
X-NCache
X-Ig-Origin-Region
DCR-Processing-Time-Ms
X-Proto
X-Gzip
X-Powered-By-VTEX-Cache
DCR-Decision-By
X-Hnp-Log
X-ND-Cache
X-Policy
X-Origin-Expires
Fusion-Content-Id
X-Org
X-Vdms-Path
Fusion-Component-Id
Origin
X-Platform
Origin-Agent-Cluster
Edge-Cache
X-Varnish-Hostname
X-Node-Id
Fusion-Content-Source
Req-ID
Content-Secure-Policy
Wxu-Next-Hostname
X-VTEX-Cache-Server
X-Gen-Mode
Wxu-Next-Commit
Meta-Geo-Continent
X-Op-Id-All
Wxu-Next-Region
X-DC
X-Vtex-Remote-Cache
X-Rojux
MD5-Digest
X-VTEX-Cache-Time
X-Generated-On
X-Request-Start
Fusion-Template-Id
Gannett-Cam-Experience-Id
Fusion-Source
Fusion-Deployment-Id
X-GeoIP-City
Ngx.Var.Host
Server-Host
T-Server
Surrogated-Key
Sslversion
X-Vdms-Version
X-A
X-Tx-Id
X-Nginx-Cache-Key
Powered-By
PFcat
Origin-EX
X-NMSegId
Origin-CC
X-Mvc-Supplant-OutputCached
X-HS-Content-Campaign-Id
X-GeoIP-Country-Code
L5d-Success-Class
Server-Ext
X-GeoIP-Region-Code
X-HN
X-Nyt-Route
X-Varnishpool
X-Var-Ttl
X-Req
X-V-Cache
Mail-Subject
X-Test
X-SD-PageType
NM-Fastcgi-Cache
X-Region-Sid
X-VarnishDD-TTL
X-Origin-Time
X-Pubstack
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Server-Hostname
X-GeoIP
X-App-Name
X-Auto-Login
X-AK-Request-ID
X-Debug-Cache-Fetch
X-Edge-Server
X-Debug-Cache-Store
X-Backend-Instance
X-CUA
X-Cdn-Srv
X-Cache-TTL-Remaining
X-CGP
X-Core-Value
X-Csrf-Jwt
X-Eu-Site
X-Fastly-Cache
W
We-Hiring
Vix-Hermes-Req-Id
X-Geo-Header
X-Via-Fastly
X-Viewer-Country
X-Gdpr
Yak-Timeinfo
X-Ig-Push-State
XM
X-WA-Info
X-Fmm-Version
X-Cache-Bucket
Sever-Int
Canary
X-ID
CDCHOST
Fastly-Backend-Name
Fastly-SSL
Cdn-Host
AKAMAI
Cache-Provider
X-LiteSpeed-Cache-Control
X-Ismobilevalue
Content-Style-Type
Content-Script-Type
X-NGINX-Cache
X-ECache
Cdn-Request-Time
Gh-Request-Id
HA-Ipaddr
Host-ID
Cdnsip
X-Service
Ha-Gx-Prefs
WP-Super-Cache
X-Tt-Logid
Cdn-Requestid
Cdncip
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Origin-Response-Time
V-Age
X-PAYTM-SRV-ID
C-Via
Cache-Key
Web-Mar-Region
X-PERF
X-Location
X-Fastly-Backend
X-From
Adler-Geo
X-DPWN-IS-SECURE
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-Cache-Info
X-Cache-Backend
X-B3-Trace-ID
X-GoCache-CacheStatus
X-Men
X-Micro-Cache
X-Aicache-OS
X-Amz-Storage-Class
X-ApacheServer
X-Auth-Group-Type
X-Loc
X-Ad-Load-Variation
X-Request-Time
X-Render-Time
Producers
Pramga
Redirect-Candidate
Release
X-Wikidot-Backend
Country-Code
DSUID
Platform
X-Wikidot-Static-Cache
X-VG-WebCache
X-Dc
Esi-Enabled
X-Varnish-Director
X-Varnish-Authentication
X-Varnish-Beresp-Status
RNT-Machine
X-SVT-ORM-VERSION
RNT-Time
Ssr
X-Server-IP
X-Request-Host
X-Scheme
True-Client-Country-4JS
Machine
Odigeo-Trace-Id
Is-Eu
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-RULES
Cluster
X-Sn-Servicetimems
X-CacheTTL
X-Zone
X-Ec-Custom-Error
X-Custom-Header
X-NodeID
X-Date
X-Up
X-Slack-Backend
X-Section
X-Pool
X-Proxied-Request
X-Slack-Shared-Secret-Outcome
L
X-VG-TLSProxy
X-Hash
X-Mly-Id
X-We-Are-Hiring
X-Human
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
Click-Count-Error
Click-Count-Action-Start
Apple-News-Services-Request-Url
X-Accel-Expires-Debug
Apple-News-Services-Host
Apple-News-Services-Handled
X-BBC-Edge-Cache-Status
Apple-News-Services-Parsed-Url
X-Access
X-Acquia-Purge-Cdn-Unconfigured
Proxy-Firewall
Req-Svc-Chain
On-Server
Fastly-GeoIP-CountryCode
X-Cs
X-COUNTRY
X-Varnish-Hits
Debug
X-LB-ID
NGX
X-Pad
X-DefHash
X-Varnish-CookieHashed-On
X-DefElseHash
Datacenter
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Nananana
X-CACHE-GROUP
Mime-Version
X-Nf-Request-Id
X-Client-Ip
X-Refresh
X-HA-Backend
Pics-Label
X-Via-Poph
X-Via-Popn
X-Via-Popv
X-Depends
X-Datadome
Locid
X-Akamai-Transformed
SID
Fastly-Drupal-HTML
X-VC-TTL
CloudFront-Viewer-Country
X-VHOST
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-LiteSpeed-Tag
X-M-Log
X-Servedbyhost
X-M-Reqid
X-Cache-FS-Status
X-Cached-By
X-Old-Content-Length
GeoIP-Latitude
X-Parent-Response-Time
Ngx-Var-Key
X-CACHE-AGE
X-Esi
X-TIME
Fastly-Drupal-Html
X-LB-NoCache
X-B3-Parentspanid
X-DynaTrace-JS-Agent
X-Moov-Xdn-Version
X-TH-Server
X-CDN-Cache-Status
Server-Info
X-VCache
X-Moov-T
Resin-Trace
Cf-Ipcountry
X-CS
GeoIp-Country-Code
Cross-Origin-Embedder-Policy-Report-Only
Server-ID
X-Litespeed-Tag
BehaviorPad-Version
Cdn
X-ZONE
X-Presslabs-Stats
X-Wa
X-Vgn-Hpd-Reason
X-Nc
NtCoent-Length
X-APP
X-HITS
X-S-Cookie
X-External-Request-Id
X-User
Cf-Device-Type
X-IAuth-Set-Uid
X-NewRelic-App-Data
FSS-Cache
Tcn
X-TX-ID
X-Application
X-Destination
X-B-Cookie
CDN
Uri
X-Fpc
X-Varnish-Beresp-TTL
X-Zen-Fury
X-Content-Length
X-HostName
X-Vc
X-Sigma-Backend
X-Instance-Name
X-Cache-Date
X-Sigma
X-Rocket-Build-Number
X-Srv
True-Client-Ip
True-Client-IP
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
Load-Balancing
X-Providence-Cookie
X-API-Version
X-VServer
Serverhost
X-Route-Name
X-DynaTrace
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
X-Cdn-Forward
X-NC
X-WA
X-FPC
X-Branch-Name
S-Rt
X-Segment-20210421
X-HOST
Srv
GeoIP-Country-Code
X-Dispatcher-Number
Vc-Max-Age
Request-ID
X-Dispatch
X-Cdn-Cache-Status
Product
Ohc-File-Size
X-Page-View
Hostname
X-DataCenter
Geoip-Latitude
X-RequestId
X-B3-Spanid
ServerName
X-APP-VERSION
Type
Srvid
X-Webkit-Csp-Report-Only
Server-Id
X-FL-QIT-DEBUG
X-Lb-Nocache
X-Bug-Bounty
X-Geo
X-Http-Reason
X-Sql-Count
X-Sql-Duration-Ms
X-ServedByHost
X-Irp-Debug
X-Ckpd-Fst-Backend
DataCenter
Cloudfront-Viewer-Country
CacheControlHeader
Cl-Cache
X-VCL-Version
X-CACHE-KEY
Epwk-X-Cache
X-Owner
X-Via-SSL
Origin-Trial
Ohc-Cache-HIT
IsBot
X-Via-Edge
X-SIPLIST1
X-Via-CDN
Edge-Copy-Time
Lb
WZWS-RAY
X-Cache-Ttl
X-Correlation-ID
XkeyRZ
ServerHost
X-App
X-Ua
X-Ha-Backend
MIME-Version
X-Core-Mission
Cross-Origin-Opener-Policy-Report-Only
X-Via-PopH
X-Via-PopN
X-Proxy-CacheRZ
X-Via-PopV
PICS-Label
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
X-MiniProfiler-Ids
X-CSRF-TOKEN
X-Hit
N-Cache
X-Qloud-Router
X-MSEdge-Features
X-MSEdge-Flight
X-Lb-Id
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Sm-Log-Id
X-Requestid
X-Acquia-Site
X-Amz-Meta-Opti
X-Acquia-Application-Trace
X-Sqd-Ctime
X-Vmg-Version
Warning
X-Web-Server
X-Datacenter
X-Limited
X-Fastly-Country-Code
CountryCode
X-Sqd-Stime
User-Agent
X-Akamai-Device-Characteristics
X-Service-Response-Time
X-Iplb-Request-Id
X-Iplb-Instance
X-LAGOON
X-Litespeed-Cache-Control
Xkey-La3
Cneonction
X-Check-Cacheable
Xkeylog
X-Akamai-Pragma-Client-IP
X-Info
X-HubSpot-Correlation-Id
X-Gamma-Serve
X-Serial
X-RAMCache
X-IN-APIGATEWAY
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Proxy-Cache-La3
Ngx
X-Snapshot-Date
X-Dw-Trace-Id
X-Th-Server
X-Ramcache
X-IN-APIGATEWAYSSL