Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
X-Ua-Compatible
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
X-Rq
X-Age
Permissions-Policy
X-Vhost
X-Amz-Version-Id
Allow
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Litespeed-Cache
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Ruxit-JS-Agent
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-CST
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-Url
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Oneagent-Js-Injection
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Daa-Tunnel
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
X-Upstream
Edge-Control
X-ECACHE
X-MS-InvokeApp
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
X-Ac
Verso
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Aws-Lambda-Call-Status
AR-SID
AR-PoweredBy
AR-Request-ID
AR-ATIME
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Ser
X-Vcap-Request-Id
X-Navigation-Version
X-Cache-TTL
X-B3-TraceId
X-Abt-Application-Version
X-Mod-Pagespeed
SPRequestDuration
SPIisLatency
X-Ruxit-Js-Agent
AR-CACHE
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Fastly-Restarts
X-NF-Request-ID
X-Client-IP
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
Pagespeed
X-Middleton-Display
Display
X-Sol
X-RateLimit-Remaining
Edge-Cache-Tag
X-Mg-S
S
X-Cache-Key
X-Kinsta-Cache
X-Edge-Location-Klb
X-Powered-CMS
X-Amzn-Trace-Id
X-Middleton-Response
Response
Cache-Status
X-VARITI-CCR
Access-Control-Request-Method
X-Version
X-Goog-Hash
X-ARC
RTSS
X-Content-Digest
X-Fastly-Request-ID
X-TraceId
X-Forwarded-For
X-Recruiting
Cross-Origin-Resource-Policy
X-T
Realpath
X-Varnish-TTL
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Ttl
X-Correlation-Id
X-MSEdge-Ref
MS-Author-Via
Front-End-Https
X-Ratelimit-Limit
X-Cached
Fastcgi-Cache
Content-MD5
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ua-Browser
X-FTR-Backend-Server
Payment
Server-Node
X-Protected-By
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-Request-Processing-Time
X-PDP-UNCACHING-HASH
Public-Key-Pins
X-Request-Received
Arr-Disable-Session-Affinity
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-LLID
X-Shield-Request-Id
X-Frontend
X-Forwarded-Proto
X-Origin-Cache-Key
X-SRCache-Store-Status
TP-Cache
X-SRCache-Fetch-Status
X-Distributor
X-Accel-Expires
X-Jurisdiction
X-HP-Webp
X-Kong-Upstream-Latency
X-HP-Trace-Id
X-Kong-Proxy-Latency
X-FTR-Expires
X-Server-ID
Count-Hit
X-GUploader-UploadID
X-Hits
X-Origin-Server
X-LB-Cache
X-Ezoic-Cdn
X-ORACLE-DMS-RID
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-Az
X-AppVersion
Host
X-B3-TraceId-Primal
X-TEC-API-ORIGIN
X-PressLabs-Stats
X-TEC-API-VERSION
X-Www-Served-By
X-Ua-Device
X-TEC-API-ROOT
Mrf-Cache-Status
MRF-Tech
X-Varnish-Backend
X-TTL
X-Cluster-Name
Cache-Tags
X-Varnish-Server
Retry-After
X-App-Server
X-Ratelimit-Remaining
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Id
X-Hostname
Server-Name
X-NGENIX-Cache
X-Geo-Country
Cleartype
X-NODE
X-Envoy-Decorator-Operation
Referer-Policy
X-DIS-Request-ID
X-Newrelic-App-Data
X-Goog-Metageneration
X-Upgrade-Enabled
TP-L2-Cache
X-CSRF-Token
X-Seen-By
X-Amz-Apigw-Id
X-Git-Hash
Access-Control-Allow-Method
X-Amzn-RequestId
X-Oracle-Dms-Ecid
X-Azure-Ref
TCN
X-RateLimit-Limit
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Load-Cache
X-F-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Unique-Id
X-Proxy
X-ORACLE-DMS-ECID
X-Grace
X-Cache-Control
Healthy
X-Revision
X-Debug-Info
Filterid
X-Px
Section-Io-Cache
Paypal-Debug-Id
X-XRDS-LOCATION
X-Request-Guid
X-Trace-Id
DC
X-TT
X-B
X-B3-Sampled
X-FB-Debug
X-Page-Id
X-Type
X-Contextid
X-Fb-Rlafr
X-Oracle-Dms-Rid
X-N
X-Logged-In
X-Mobile
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
Viewport
X-Debug
X-Whom
X-Varnish-Ttl
X-Template
Charset
Fastly-SIE
X-Language
Fastly-SWR
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Time
X-Datadog-Trace-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Cache-Grace
X-Content-Options
X-Webkit-CSP
Version
X-Magnolia-Registration
X-Via-JSL
Content-Disposition
X-RateLimit-Reset
X-Wix-Request-Id
X-App-Environment
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-B-Cache
X-Signature
X-Node-Name
X-Origin-Cache
X-B3-SpanId
X-Amzn-Remapped-Content-Length
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-RemovedCookies
X-ProcessESI
X-Yottaa-Optimizations
X-Tumblr-User
X-Tumblr-Pixel
X-Rule
X-Datadog-Sampled
X-Debug-IsConnected
X-Debug-IsPreview
X-Yottaa-Metrics
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
MS-CV
SD-X-WS
X-Amz-Replication-Status
Ms-Operation-Id
X-G
X-UUID
X-RTag
X-Hl-Ver
X-Backend-Name
ServerID
X-Instance
X-Adobe-Content
GEO-INFO
X-Storage
X-Adobe-Loc
X-Proxy-Cache-Info
X-FW-Version
X-FW-Dynamic
X-FW-Hash
X-FW-Static
X-FW-Serve
X-FW-Server
X-Device-Type
X-FW-Type
X-Cache-Age
Liferay-Portal
SRV
Country
X-User-Agent
X-Is-Bot
X-Cacheable-TTL
NGB
X-Rendered-As
X-Region
X-NYM-Debug-Backend
X-L-Path
X-Status
X-IPS-LoggedIn
X-Environment-Context
X-Cache-Hit
X-Source
X-Real-IP
X-ServerID
Countrycode
X-Rid
X-NWS-UUID-VERIFY
Surrogate-Key
Akamai-GRN
X-Sucuri-ID
X-Servername
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
From-Origin
OT-Force-Account-Verify
Cross-Origin-Window-Policy
X-VC-Cache
X-UA
X-WebKit-CSP-Report-Only
X-RM-Cache-TTL
Backend
Upgrade-Insecure-Requests
Amp-Access-Control-Allow-Source-Origin
X-Framework
Front
X-INCAP-ABP
X-Mode
X-Air-Pt
X-Xrds-Location
Refresh
Frame-Options
X-AB
X-Cache-Time
X-HTML-Minification-Powered-By
X-Buckets
X-Air-Hostname
X-Content-Powered-By
X-Air-Source
X-Air-Trace-Id
X-Akamai-Request-ID2
Xet-Cookie
X-RID
X-Edge-Location
Url
X-Handled-By
X-Wormhole-Sdk
X-VC
X-Endurance-Cache-Level
Webserver
X-JoinUs
Meta-Geo
X-UPSTREAM-Address
Selected-Fe
Access-Control-Request-Headers
X-Azure-Ref-OriginShield
X-Webstats-RespID
X-No-Session
X-Origin-Date
X-Akamai-Edgescape
X-Origin-CC
X-Rewrite-Enabled
X-Origin-TTL
X-Reqid
Filters
X-Proxy-Build
X-RCS-CacheZone
X-Vcache
X-Rn-Rsrv
X-SaId
X-DataDome
X-VWS-Id
X-Xfnlog-Site
X-Timing-Wait
X-Cluster
X-LJ-Flow-ID
X-AWS-Id
X-Logging-Id
Webcakes-App-Version
X-Cache-Operation
X-Fetched-On
X-IPLB-Instance
X-Git-Commit
Atl-Traceid
X-Generation-Time
X-IPLB-Request-ID
X-Drupal-Cache-Tags
X-Container-Uri
X-Tumblr-Pixel-2
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Rule
X-Labrador-Cache-Channel
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
X-VCT
TWC-Connection-Speed
X-Ms-Request-Id
X-Ms-Version
X-Served-From
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
X-PHP-Host
X-Origin-Hint
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-SRV
X-Origin
X-Provided-By
Mn-Server-Ip
Webcakes-Region
Web-Mar-Node
X-BYPASS-REASON
X-Extlb
X-Proxied
X-CDN-Forward
Cache
X-Drupal-Cache-Contexts
X-Restarts
X-ProxyCache-Status
X-ProxyCache-Key
X-Cache-Debug
X-Hosted-By
X-Httpd
X-Adobe-Source
X-Tb
X-Redis-Cache
X-Routing-Service
X-Cache-Status-Check
X-CMSURLCustom
Thinkindot-CacheControl
X-Locale
TDXMobile
X-Zipkin-Id
X-Cms-Context
Section-Io-Id
X-Accel-Version
X-Web-Node
Thinkindot-CacheControl-Type
X-Varnish-Cache-Hits
X-Thinkindot-L3
X-Scope-Id
Thinkindot-Control
X-Shield-Cache-Expires
X-Site-Version
X-Cloudmap
X-Frame-Option
X-Forwarded-Host
X-Director
X-Cdn-Origin
X-Browser-Name
X-Format
X-Upstream-Ht
X-Geo-Region
X-Tcp-Rtt
X-Varnish-Age
X-Lambda-Id
X-Loop
X-Skip-Cache
X-S
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Upstream-Ct
X-Soup
X-Is-Mobile
Apigw-Requestid
X-Tncms
X-Is-Desktop
X-Is-Tablet
X-Is-Supported-Browser
ServedBy
X-ShopId
X-Varnish-Beresp-Grace
X-Nginx-Cache
X-ShardId
X-GeoCode
X-GeoCountry
Accept-Language
Cache-Hits
X-Shopify-Stage
X-Alternate-Cache-Key
X-Detected-As
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-Host
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Xserver
X-Worker
X-Generated-By
X-Lagoon
CDN-RequestId
X-Vercel-Id
X-Vercel-Cache
X-Rocket-Nginx-Serving-Static
X-Optimistic-Header
Azure-RegionName
Azure-SlotName
Azure-SiteName
Azure-Version
Azure-InstanceId
X-B3-Traceid
Node
Source
X-WP-CF-Super-Cache-Cookies-Bypass
X-Fastly-Request-Id
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
X-Request-URI
CDN-RequestPullCode
CDN-Cache
CDN-CachedAt
CDN-RequestPullSuccess
CDN-Uid
X-Pass-Why
Fastcgi-Useragent
Protected
AMP-Access-Control-Allow-Source-Origin
Cross-Origin-Embedder-Policy
X-Vcl-Version
X-Tumblr-Pixel-3
X-App-Version
Alternate-Protocol
X-Connection-Hash
X-XRDS-Location
Expiry
LB
X-GEO
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Ratelimit-Reset
X-Cache-Server
X-Jobs
X-TA-CDN-Provider
X-Cache-Expired-At
DB-Nickname
Onion-Location
X-Server-W
Sid
CF-IPCountry
Environment
X-TT-LOGID
X-PHP-Backend
X-Fastcgi-Cache
X-Response-Served-From
X-Api-Version
Priority
Uber-Trace-Id
X-Original-Request-Id
X-LSADC-Cache
X-Proxy-Cache-Status
User-Cache-Control
X-Cache-Action
X-Cluster-Node
HostName
X-Uri
X-MP-GENERATED-AT
X-LiteSpeed-Cache-Control
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Nf-Request-Id
X-Mg-Request-UUID
WP-Super-Cache
X-FB-TRIP-ID
X-Proto
X-FC-Vary-Parameters
X-Powered-By-VTEX-Cache
X-Forwarded-Site
T-Server
Surrogated-Key
A
X-Platform
Vix-Hermes-Req-Id
X-Level-Front-Cache
X-Generated-On
X-A-Dgt
X-A-Dcw
X-Request-Start
X-Epic-Correlation-Id
X-Rojux
X-A-Wwc
X-A-Dam
X-Esi-Check
Wxu-Next-Commit
Sslversion
Wxu-Next-Hostname
Wxu-Next-Region
X-A
X-Gen-Mode
Req-ID
Magicmarker
Lang
Fusion-Component-Id
X-Op-Id-All
Edge-Cache
DCR-Processing-Time-Ms
MD5-Digest
Fusion-Content-Id
Fusion-Content-Source
X-Node-Id
X-NMSegId
Gannett-Cam-Experience-Id
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
DCR-Decision-By
X-Org
X-Mvc-Supplant-Cachable
Origin-Agent-Cluster
Candidate-Md5Url
Cache-Tv-Group
X-Aed
Rendered-Blocks
Origin
NM-Fastcgi-Cache
X-ND-Cache
Meta-Geo-Continent
Content-Secure-Policy
X-NCache
X-Origin-Expires
Ngx.Var.Host
Server-Host
X-A-Ccd
X-Block-Status
X-Varnish-Hostname
X-Vtex-Remote-Cache
X-GeoIP
X-Hnp-Log
X-Vdms-Path
X-TIM-N
X-Developer
X-Vdms-Version
X-SRCache-Key
X-Bc-Bl
X-UA-Device-Type
X-SB
X-Thanos
X-Cache-NE
X-Test
X-Gzip
X-BCube-Filmed-By
X-Bip
X-Bl-Debug
X-Dispatcher-Server
X-Device-Os
X-Jungle-Id
X-Conf
X-Clientip
X-Content-Age
X-VTEX-Cache-Server
X-GeoIP-City
X-Viewer-Country
X-ScT
X-Ec-GeoHdr
X-Ig-Origin-Region
X-Cache-Id
X-DC
X-Ec-Fail
X-VTEX-Cache-Time
X-D
X-Tx-Id
X-NGINX-Cache
X-Origin-Response-Time
X-URL
X-Cache-Info
X-Csrf-Jwt
X-Mvc-Supplant-OutputCached
X-CUA
Mail-Subject
X-Nginx-Cache-Key
Host-ID
X-CGP
L5d-Success-Class
X-GeoIP-Country-Code
X-Cdn-Srv
X-GeoIP-Region-Code
X-HN
X-Cache-TTL-Remaining
Server-Hostname
W
We-Hiring
X-Auto-Login
X-Fastly-Cache
X-Geo-Header
X-HS-Content-Campaign-Id
X-Eu-Site
X-Auth-Group-Type
X-AK-Request-ID
X-Edge-Server
X-Amz-Storage-Class
X-ApacheServer
X-App-Name
X-Core-Value
X-Fmm-Version
HA-Ipaddr
Release
Server-Ext
Powered-By
PFcat
Origin-CC
Origin-EX
Sever-Int
Ssr
X-Debug-Cache-Store
X-Gdpr
X-Debug-Cache-Fetch
X-Loc
X-Backend-Instance
X-Cache-Bucket
Cdn-Request-Time
X-Var-Ttl
X-Varnish-Director
X-Newrelic-Synthetics
X-PERF
AKAMAI
C-Via
X-VarnishDD-TTL
X-Via-Fastly
X-WA-Info
Canary
Cache-Provider
X-VG-WebCache
X-V-Cache
X-Service
X-Req
X-Render-Time
X-Scheme
X-Request-Time
Ha-Gx-Prefs
X-Region-Sid
X-SD-PageType
X-RateLimit-Limit-Second
X-ECache
X-RateLimit-Remaining-Second
X-Zone
CDCHOST
X-Varnishpool
DSUID
X-Policy
Content-Style-Type
Yak-Timeinfo
Esi-Enabled
X-Pubstack
Fastly-SSL
Fastly-Backend-Name
X-Nyt-Route
XM
Content-Script-Type
X-From
Cdncip
Cdnsip
X-PAYTM-SRV-ID
X-Origin-Time
Cdn-Host
X-We-Are-Hiring
X-Varnish-Beresp-Ttl
X-Server-IP
X-Ec-Custom-Error
X-Human
X-Aicache-OS
X-Section
X-Varnish-Beresp-Status
X-B3-Trace-ID
X-Contensis-Viewer-Groups
X-Fastly-Backend
X-Ig-Push-State
X-Sn-Servicetimems
X-Varnish-Authentication
X-Ad-Load-Variation
Gh-Request-Id
X-Dc
X-Hash
X-CacheTTL
X-Wikidot-Static-Cache
X-DPWN-IS-SECURE
X-Cache-Backend
X-SVT-ORM-RULES
X-BBC-Edge-Cache-Status
X-GoCache-CacheStatus
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Aspx
X-Wikidot-Backend
X-VG-TLSProxy
X-Acquia-Purge-Cdn-Unconfigured
X-Mly-Id
X-Access
Req-Svc-Chain
Cache-Key
Redirect-Candidate
RNT-Time
X-Micro-Cache
Apple-News-Services-Host
X-Men
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Producers
Pramga
Machine
L
Fastly-GeoIP-CountryCode
Is-Eu
Country-Code
Cluster
Platform
On-Server
Click-Count-Action-Start
Click-Count-Error
Apple-News-Services-Handled
RNT-Machine
Tube-Return
Tube-Got-Results
X-Pool
V-Age
X-Proxied-Request
Web-Mar-Region
X-Request-Host
Tube-Got-Eval
True-Client-Country-4JS
X-Location
Tube-Get-Contents
Adler-Geo
X-AIR-PT
X-Slack-Backend
NGX
X-Tt-Logid
X-Date
Odigeo-Trace-Id
X-Slack-Shared-Secret-Outcome
X-Up
Cdn-Requestid
X-Accel-Expires-Debug
Proxy-Firewall
Datacenter
X-Cs
X-NodeID
X-LB-ID
X-COUNTRY
X-Custom-Header
Debug
X-Varnish-Hits
X-Ismobilevalue
X-Akamai-Transformed
Locid
X-Refresh
X-CACHE-GROUP
X-Nananana
X-ID
X-Pad
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-HA-Backend
X-Varnish-CookieINHashed-On
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-DefElseHash
X-DefHash
X-Amz-Meta-Cb-Modifiedtime
X-Datadome
X-LiteSpeed-Tag
X-Platform-Router
X-Client-Ip
X-Platform-Processor
X-Platform-Cluster
SID
Fastly-Drupal-HTML
Mime-Version
X-M-Reqid
CloudFront-Viewer-Country
X-M-Log
Pics-Label
X-VHOST
X-Depends
X-Old-Content-Length
X-VC-TTL
X-Servedbyhost
X-Cached-By
Ngx-Var-Key
GeoIP-Latitude
X-Cache-FS-Status
X-Parent-Response-Time
X-Moov-Xdn-Version
Fastly-Drupal-Html
X-CACHE-AGE
X-CDN-Cache-Status
X-Moov-T
X-B3-Parentspanid
X-TH-Server
X-LB-NoCache
X-TIME
X-DynaTrace-JS-Agent
Cross-Origin-Embedder-Policy-Report-Only
Resin-Trace
GeoIp-Country-Code
X-CS
Cf-Ipcountry
Server-ID
NtCoent-Length
Server-Info
X-Presslabs-Stats
Cdn
Uri
X-User
X-B-Cookie
Cf-Device-Type
X-Wa
X-Nc
BehaviorPad-Version
X-S-Cookie
X-Vgn-Hpd-Reason
X-VCache
X-Application
X-Destination
X-External-Request-Id
X-Litespeed-Tag
FSS-Cache
True-Client-IP
X-TX-ID
X-NewRelic-App-Data
X-ZONE
X-APP
X-Zen-Fury
X-Is-Crawler
X-Route-Name
X-Providence-Cookie
X-Flags
X-Aspnet-Duration-Ms
CDN
X-Varnish-Beresp-TTL
X-Esi
X-Sigma
X-Rocket-Build-Number
X-Fpc
X-Cache-Date
X-Sigma-Backend
X-Instance-Name
X-IAuth-Set-Uid
X-HostName
X-Srv
Srv
X-Vc
X-DynaTrace
X-API-Version
X-Content-Length
X-VServer
True-Client-Ip
X-Branch-Name
X-Dynatrace-Js-Agent
Load-Balancing
Tcn
X-Segment-20210421
X-HITS
X-Oracle-DMS-ECID
X-Page-View
X-WA
S-Rt
X-NC
X-FPC
Serverhost
GeoIP-Country-Code
X-Cdn-Forward
X-HOST
X-CLOUD-TRACE-CONTEXT
Ohc-File-Size
Request-ID
X-APP-VERSION
X-Dispatch
X-Dispatcher-Number
X-Cdn-Cache-Status
Hostname
X-DataCenter
Product
Vc-Max-Age
X-RequestId
Server-Id
Type
X-Http-Reason
X-B3-Spanid
X-Sql-Count
X-Sql-Duration-Ms
X-Irp-Debug
Srvid
X-Webkit-Csp-Report-Only
Geoip-Latitude
X-FL-QIT-DEBUG
X-Lb-Nocache
Cl-Cache
X-Geo
X-ServedByHost
ServerName
WZWS-RAY
X-Owner
X-Via-CDN
X-SIPLIST1
DataCenter
X-Via-SSL
X-Via-Edge
Cloudfront-Viewer-Country
Edge-Copy-Time
X-Ckpd-Fst-Backend
IsBot
X-Bug-Bounty
X-CSRF-TOKEN
X-VCL-Version
X-Proxy-CacheRZ
PICS-Label
MIME-Version
Cross-Origin-Opener-Policy-Report-Only
CacheControlHeader
X-Core-Mission
Epwk-X-Cache
XkeyRZ
Origin-Trial
Ohc-Cache-HIT
Lb
X-Hit
X-Cache-Ttl
ServerHost
N-Cache
X-Ha-Backend
X-Via-PopN
X-Via-PopV
CountryCode
X-Ua
X-App
X-Via-PopH
X-Correlation-ID
X-Qloud-Router
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Amz-Meta-Opti
X-Fastly-Country-Code
X-MSEdge-Flight
X-MSEdge-Features
X-MiniProfiler-Ids
X-Lb-Id
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Datacenter
X-Acquia-Application-Trace
Warning
X-Sqd-Stime
X-Web-Server
X-Acquia-Site
X-Service-Response-Time
X-Sqd-Ctime
Sm-Log-Id
Servedby
X-LAGOON
X-Vmg-Version
X-Akamai-Device-Characteristics
X-Limited
User-Agent
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Dw-Trace-Id
Cneonction
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
X-Th-Server
Xkey-La3
X-Proxy-Cache-La3
X-Tenant
X-Requestid
Expect-Staple
Xkeylog
X-Shop-Environment
Akamai-Cache-Status
X-Orig-Expires
X-Akamai-Pragma-Client-IP
X-RAMCache
Ngx
X-Cdn-Request-ID
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Cache-Type
X-Snapshot-Date
X-Check-Cacheable
X-Serial
X-Ramcache
X-Forwarded-Path