Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
X-Request-ID
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Server-Powered-By
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Host
X-WebKit-CSP
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-Rack-Cache
X-TtlSet
X-Vname
X-PC
Cross-Origin-Opener-Policy
X-Litespeed-Cache
X-Edge
X-Mcache
X-Midtier
X-FTR-Request-ID
X-Daa-Tunnel
X-Browser-Type
X-Server-Name
Nginx-Cache
Accept-Ch
X-Powered-By-Plesk
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
X-Cache-TTL
X-Cnection
X-CST
X-ESI
X-Ac
X-Element-Page-Cache
X-D2id
Edge-Control
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja
X-Exp-Variant
Verso
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-MS-InvokeApp
X-ECACHE
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-Navigation-Version
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-Webkit-Csp
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-B3-TraceId
X-Mod-Pagespeed
X-Amz-Rid
X-Server-Lifecycle-Phase
X-SharePointHealthScore
SPRequestGuid
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-PDP-UNCACHING-HASH
X-Client-IP
X-Edge-Location-Klb
X-ARC
X-Kinsta-Cache
X-Goog-Hash
X-Oneagent-Js-Injection
X-Sol
Display
X-Powered-CMS
Pagespeed
X-Middleton-Display
X-Ratelimit-Limit
X-Mg-S
S
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-NF-Request-ID
X-Middleton-Response
Response
X-VARITI-CCR
X-TTL
X-Ratelimit-Remaining
RTSS
X-Fastly-Request-ID
Realpath
X-Forwarded-For
X-Cache-Key
X-T
X-Content-Digest
Cross-Origin-Resource-Policy
X-Ruxit-Js-Agent
X-Recruiting
X-TraceId
X-Correlation-Id
X-Cached
Fastcgi-Cache
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Varnish-TTL
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
X-Frontend
X-Protected-By
X-PressLabs-Stats
X-HS-Cache-Config
X-HS-Content-Id
TP-Cache
Payment
X-Forwarded-Proto
X-HS-Hub-Id
Arr-Disable-Session-Affinity
X-LLID
Server-Node
MS-Author-Via
Public-Key-Pins
Content-MD5
Count-Hit
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-RateLimit-Remaining
X-Server-ID
X-Accel-Expires
X-HS-Combine-CSS
X-GUploader-UploadID
X-LB-Cache
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Distributor
X-Country-Code-Real
X-FTR-Cache-Status
X-NODE
X-Origin-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-FTR-Expires
X-Newrelic-App-Data
X-Ezoic-Cdn
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-Varnish-Server
X-AppVersion
X-Content-Security-Policy-Report-Only
X-Activity-Id
X-App-Server
Host
X-Az
X-Amz-Meta-S3cmd-Attrs
Mrf-Cache-Status
X-Cluster-Name
X-B3-TraceId-Primal
X-Ua-Device
Cache-Tags
MRF-Tech
Accept-Charset
Cleartype
X-Varnish-Backend
Retry-After
X-ORACLE-DMS-ECID
Surrogate-Key
X-Webkit-CSP
Filterid
X-Goog-Metageneration
X-Unique-Id
Server-Name
X-Hits
Access-Control-Allow-Method
X-Debug
X-Git-Hash
X-Azure-Ref
X-Envoy-Decorator-Operation
X-Logged-In
X-Load-Cache
X-Geo-Country
X-Id
X-Upgrade-Enabled
X-NGENIX-Cache
X-CSRF-Token
X-Ttl
X-Hostname
X-FB-Debug
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proxy
X-Tt-Trace-Tag
TP-L2-Cache
X-Tt-Trace-Host
X-TT
X-B
X-Grace
DC
X-Time
X-Request-Guid
X-Cache-Control
X-Revision
Section-Io-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Seen-By
X-Type
X-Fb-Rlafr
Viewport
X-B3-Sampled
Healthy
X-Contextid
X-F-Cache
X-Hcs-Proxy-Type
X-Trace-Id
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Mobile
Fastly-SIE
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
Fastly-SWR
X-N
Referer-Policy
Paypal-Debug-Id
Content-Disposition
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-XRDS-LOCATION
X-DIS-Request-ID
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Grace
X-Debug-Info
X-Page-Id
X-Magnolia-Registration
X-Ratelimit-Reset
X-Via-JSL
X-Px
X-Origin-Cache
X-Amz-Replication-Status
Version
X-Oracle-Dms-Ecid
X-Whom
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rid
X-ProcessESI
X-UUID
X-Wormhole-Sdk
X-RemovedCookies
Amp-Access-Control-Allow-Source-Origin
X-G
X-Content-Options
X-Debug-IsConnected
X-Tumblr-User
X-Debug-IsPreview
X-Adobe-Content
X-Node-Name
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Tumblr-Pixel
X-Rule
X-Hl-Ver
VIX-Pulpo-Node
SD-X-WS
VIX-Pulpo-Upstream-Status
Ms-Operation-Id
X-Datadog-Sampled
X-Source
X-Nf-Request-Id
X-App-Environment
X-RTag
X-Yottaa-Optimizations
MS-CV
X-Yottaa-Metrics
Cross-Origin-Window-Policy
X-Signature
X-Proxy-Cache-Info
X-B-Cache
X-NYM-Debug-Backend
Charset
X-Template
X-Device-Type
X-Storage
X-Region
X-Cacheable-TTL
X-Backend-Name
X-Rendered-As
X-Is-Bot
X-Instance
X-L-Path
X-Wix-Request-Id
X-User-Agent
X-Environment-Context
NGB
X-ServerID
Country
X-FW-Type
X-FW-Static
X-FW-Version
X-FW-Hash
GEO-INFO
X-Status
X-FW-Dynamic
X-FW-Server
X-FW-Serve
X-Cache-Age
Countrycode
ServerID
X-Real-IP
X-EdgeConnect-Cache-Status
X-IPS-LoggedIn
SRV
X-RM-Cache-TTL
X-Cache-Grace
X-NWS-UUID-VERIFY
Front
Akamai-GRN
X-Ismobilevalue
X-Amzn-Remapped-Content-Length
X-Framework
X-WP-CF-Super-Cache-Active
Liferay-Portal
X-Cache-Hit
X-Aws-Lambda-Call-Status
X-Language
X-AB
X-Oracle-Dms-Rid
X-Xrds-Location
X-Air-Pt
X-WebKit-CSP-Report-Only
X-Content-Powered-By
X-Sucuri-ID
X-Sucuri-Cache
X-Akamai-Request-ID2
X-Servername
X-B3-SpanId
OT-Force-Account-Verify
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-UA
Xet-Cookie
X-VC
From-Origin
X-VC-Cache
X-Api-Version
Backend
X-URL
X-Mode
Accept-Language
X-DataDome
X-Tt-Logid
Upgrade-Insecure-Requests
X-Handled-By
Refresh
X-Nginx-Cache
X-Cache-Time
LB
X-Cache-Status-Check
Access-Control-Request-Headers
Webserver
X-HTML-Minification-Powered-By
X-SaId
X-RCS-CacheZone
X-UPSTREAM-Address
Cache
X-Rewrite-Enabled
Filters
Meta-Geo
X-JoinUs
X-Rn-Rsrv
X-SRV
X-Xfnlog-Site
X-Cache-Operation
X-Generated-By
Webcakes-App-Name
X-Hosted-By
X-RateLimit-Limit
X-R9-Blue-Green-Version
TWC-Privacy
TWC-GeoIP-LatLong
X-Origin-Hint
X-Webstats-RespID
ServedBy
X-Origin-Date
Property-Id
X-Labrador-Cache-Channel
X-Adobe-Source
Webcakes-Region
X-Provided-By
TWC-GeoIP-Country
X-PHP-Host
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
X-Cache-Rule
X-Git-Commit
Webcakes-App-Version
X-S
X-Tumblr-Pixel-2
X-Container-Uri
X-Varnish-Age
X-Cms-Context
X-Akamai-Edgescape
X-Browser-Name
X-Request-URI
X-Endurance-Cache-Level
X-Skip-Cache
X-ProxyCache-Status
X-Tcp-Rtt
X-Is-Desktop
X-Cache-Debug
X-BYPASS-REASON
X-Site-Version
X-Is-Mobile
X-Httpd
X-Logging-Id
X-Locale
X-Lambda-Id
X-No-Session
Atl-Traceid
X-Is-Supported-Browser
X-Geo-Region
X-Served-From
X-Is-Tablet
X-ProxyCache-Key
X-Reqid
X-Forwarded-Host
X-Web-Node
X-Fetched-On
X-Cluster
Url
X-Ms-Version
X-Ms-Request-Id
X-Loop
X-Edge-Location
X-Restarts
X-Optimistic-Header
X-Tb
X-Shopify-Stage
X-Origin
X-Director
X-Detected-As
X-Timing-Wait
X-VCT
Mn-Server-Ip
X-Varnish-Cache-Hits
X-Format
X-IPLB-Instance
X-Alternate-Cache-Key
Selected-Fe
Section-Io-Id
Web-Mar-Node
Apigw-Requestid
X-Redis-Cache
X-Accel-Version
X-Say-TTL
X-Proxy-Build
X-Upstream-Ct
X-Soup
X-Scope-Id
X-IPLB-Request-ID
X-SayCDN-TTL
X-Storefront-Renderer-Rendered
X-Tncms
X-Say-Cacheable
X-Upstream-Ht
X-Varnish-Beresp-Grace
X-INCAP-ABP
X-Routing-Service
X-VWS-Id
X-Zipkin-Id
X-Extlb
X-Cache-Host
X-Mg-Request-UUID
X-RID
X-Cloudmap
X-AWS-Id
X-Frame-Option
X-Proxied
Xserver
X-LJ-Flow-ID
Onion-Location
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-Sorting-Hat-PodId
Expiry
X-Azure-Ref-OriginShield
X-Connection-Hash
Frame-Options
X-GeoCountry
X-GeoCode
Cdn-Requestid
X-Cache-Expired-At
Source
X-CDN-Forward
WPO-Cache-Status
WPO-Cache-Message
X-Generation-Time
X-CMSURLCustom
X-Shield-Cache-Expires
X-Lagoon
X-Fastly-Request-Id
Thinkindot-Control
X-WP-CF-Super-Cache-Cookies-Bypass
X-Thinkindot-L3
Protected
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
TDXMobile
X-Vcl-Version
X-Vcache
X-B3-Traceid
X-ECache
X-Origin-CC
X-Cdn-Origin
Environment
Fastcgi-Useragent
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Cache-Action
X-Drupal-Cache-Tags
X-PHP-Backend
Priority
X-Proxy-Cache-Status
X-Pass-Why
X-Worker
X-Rocket-Nginx-Serving-Static
X-Vercel-Id
X-Vercel-Cache
Uber-Trace-Id
Cache-Hits
X-GEO
X-App-Version
Sid
X-ID
Azure-Version
Azure-SiteName
Azure-InstanceId
CF-IPCountry
Azure-SlotName
Azure-RegionName
X-Aspnetmvc-Version
Node
X-Cluster-Node
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Buckets
X-XRDS-Location
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
Cross-Origin-Embedder-Policy
CDN-RequestPullCode
X-TA-CDN-Provider
CDN-CachedAt
CDN-PullZone
CDN-Cache
CDN-EdgeStorageId
X-Auth-Group-Type
X-Fastcgi-Cache
X-Tumblr-Pixel-3
X-FB-TRIP-ID
Cache-Tv-Group
X-Cache-Server
X-Server-W
X-Pad
DB-Nickname
Alternate-Protocol
X-RateLimit-Reset
X-A
X-DC
X-Client-Ip
X-Tx-Id
X-Ig-Origin-Region
X-Gzip
X-Generated-On
Candidate-Md5Url
X-GeoIP-City
A
X-Service
Wxu-Next-Hostname
X-Op-Id-All
X-Org
Cdn-Host
X-ND-Cache
X-Level-Front-Cache
X-Bl-Debug
Surrogated-Key
X-Ig-Push-State
X-Ec-Fail
X-Custom-Header
Origin-Agent-Cluster
X-Core-Value
X-D
Odigeo-Trace-Id
Meta-Geo-Continent
Ngx.Var.Host
X-Content-Age
X-Conf
X-Cache-Id
Sslversion
X-Cache-NE
X-Cache-TTL-Remaining
T-Server
Rendered-Blocks
MD5-Digest
X-DefElseHash
X-Esi-Check
X-Epic-Correlation-Id
X-Edge-Server
DCR-Processing-Time-Ms
DCR-Decision-By
Content-Secure-Policy
X-Fastly-Backend
Gannett-Cam-Experience-Id
X-Ec-GeoHdr
X-DefHash
Magicmarker
Lang
X-Developer
X-Origin-Expires
X-Dispatcher-Server
Cdn-Request-Time
Wxu-Next-Commit
X-Viewer-Country
X-Via-Fastly
X-BCube-Filmed-By
X-Rojux
X-A-Wwc
X-Req
X-A-Dgt
X-Vtex-Remote-Cache
X-Vdms-Version
X-Varnish-Remaining-TTL
X-Aed
X-V-Cache
X-TIM-N
X-SRCache-Key
X-Varnish-CookieHashed-On
X-Bc-Bl
X-Varnish-CookieINHashed-On
X-A-Dcw
X-ScT
Wxu-Next-Region
X-A-Ccd
X-A-Dam
AMP-Access-Control-Allow-Source-Origin
HostName
Mime-Version
User-Cache-Control
X-LiteSpeed-Cache-Control
Host-ID
Server-Host
X-DPWN-IS-SECURE
Is-Eu
Tube-Return
X-Varnish-Hostname
X-Varnish-Director
X-Ad-Load-Variation
X-Test
Vix-Hermes-Req-Id
X-UA-Device-Type
Ssr
Esi-Enabled
X-Thanos
Fastly-SSL
RNT-Time
X-Aicache-OS
X-Cache-Info
XM
Edge-Cache
RNT-Machine
X-VTEX-Cache-Time
X-Cache-Bucket
Tube-Get-Contents
Req-ID
PFcat
X-Amz-Storage-Class
X-Cache-FS-Status
Powered-By
X-Clientip
Platform
X-VTEX-Cache-Server
Origin
Tube-Got-Results
X-CacheTTL
Producers
X-AK-Request-ID
Tube-Got-Eval
X-VG-TLSProxy
X-Cdn-Srv
X-Fastly-Cache
X-VG-WebCache
NM-Fastcgi-Cache
X-VarnishDD-TTL
X-Fmm-Version
X-LSADC-Cache
X-Request-Time
X-Men
X-Bip
X-Mly-Id
X-Loc
X-Jobs
X-HS-Content-Campaign-Id
Country-Code
X-App-Name
X-Scheme
X-SB
X-Mvc-Supplant-Cachable
X-Region-Sid
X-Platform
X-Nyt-Route
X-PAYTM-SRV-ID
X-Origin-Response-Time
X-Origin-Time
X-NodeID
X-Policy
X-Proto
X-Pubstack
X-Powered-By-VTEX-Cache
X-NMSegId
X-Node-Id
X-SD-PageType
X-Hnp-Log
X-Gdpr
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-HN
Content-Style-Type
Content-Script-Type
Cdncip
Click-Count-Error
Click-Count-Action-Start
X-Forwarded-Site
Cdnsip
X-Sn-Servicetimems
X-Gen-Mode
Adler-Geo
AKAMAI
X-Server-IP
X-GoCache-CacheStatus
X-Block-Status
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Cache-Provider
X-Acquia-Purge-Cdn-Unconfigured
X-Geo-Header
X-GeoIP
X-FC-Vary-Parameters
X-HITS
X-Varnish-Beresp-Ttl
X-Cache-Aspx
X-Auto-Login
X-Backend-Instance
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Human
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Tb-Optimization-Total-Bytes-Saved
X-Section
X-Request-Start
X-RateLimit-Remaining-Second
X-Request-Host
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Wikidot-Static-Cache
Yak-Timeinfo
X-Wikidot-Backend
X-We-Are-Hiring
X-Varnishpool
X-WA-Info
X-RateLimit-Limit-Second
X-Proxied-Request
X-Debug-Cache-Store
X-Depends
X-Debug-Cache-Fetch
X-CUA
X-Contensis-Viewer-Groups
X-Csrf-Jwt
X-Ec-Custom-Error
X-Eu-Site
X-Nginx-Cache-Key
X-Pool
X-Mvc-Supplant-OutputCached
X-Micro-Cache
X-Hash
X-Location
X-Cs
X-CGP
DSUID
Fastly-GeoIP-CountryCode
Cluster
X-Dc
Canary
CDCHOST
Gh-Request-Id
Ha-Gx-Prefs
Machine
Origin-CC
L5d-Success-Class
L
HA-Ipaddr
C-Via
Apple-News-Services-Request-Url
Fusion-Component-Id
Fusion-Content-Id
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Fusion-Content-Source
Fusion-Deployment-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Fusion-Template-Id
Fusion-Source
Origin-EX
Fastly-Backend-Name
Req-Svc-Chain
V-Age
Release
True-Client-Country-4JS
Server-Ext
Server-Hostname
Sever-Int
X-Access
W
Pramga
X-AIR-PT
X-NGINX-Cache
Cache-Key
Web-Mar-Region
X-Var-Ttl
Mail-Subject
On-Server
Server-Info
We-Hiring
Proxy-Firewall
NGX
X-Accel-Expires-Debug
X-Date
X-Device-Os
X-Varnish-Hits
Debug
X-Origin-Cache-Key
BehaviorPad-Version
X-LB-ID
X-NCache
Redirect-Candidate
X-Zone
X-From
X-Up
X-Akamai-Transformed
Pics-Label
X-HA-Backend
X-Via-Popv
X-Jungle-Id
X-MP-GENERATED-AT
X-APP
X-Via-Popn
Fastly-Drupal-HTML
X-Via-Poph
X-Refresh
X-VHOST
CDN-RequestId
X-Cache-Backend
X-Vdms-Path
CloudFront-Viewer-Country
SID
X-Parent-Response-Time
X-CACHE-AGE
GeoIP-Latitude
X-LiteSpeed-Tag
X-B3-Parentspanid
X-Servedbyhost
X-Content-Length
WP-Super-Cache
X-Datadome
X-Nc
X-LB-NoCache
X-Uri
X-Newrelic-Synthetics
X-CACHE-KEY
X-Nananana
X-PERF
Fastly-Drupal-Html
X-M-Reqid
X-ApacheServer
X-M-Log
X-Render-Time
X-VC-TTL
Datacenter
X-Litespeed-Tag
X-B3-Spanid
X-DynaTrace-JS-Agent
Vc-Max-Age
X-CDN-Cache-Status
X-Wa
X-Cached-By
Server-ID
Resin-Trace
X-Dispatcher-Number
X-ZONE
NtCoent-Length
Cdn
Product
X-RequestId
X-CS
X-Amz-Meta-Cb-Modifiedtime
X-VCache
GeoIp-Country-Code
Locid
X-Fpc
X-Ckpd-Fst-Backend
FSS-Cache
X-Varnish-Beresp-TTL
X-NewRelic-App-Data
X-IAuth-Set-Uid
Serverhost
X-Bug-Bounty
X-Original-Request-Id
True-Client-Ip
X-Esi
X-Response-Served-From
X-SERVER-NAME
X-Srv
S-Rt
X-TX-ID
X-HostName
True-Client-IP
Uri
X-HubSpot-Correlation-Id
X-Nf-Language
X-Nf-Country
X-Nf-Ats-Version
ServerName
X-Old-Content-Length
X-TT-LOGID
GeoIP-Country-Code
Ngx-Var-Key
Tcn
X-Cdn-Cache-Status
CDN
X-TIME
Cf-Ipcountry
Srv
X-Oracle-DMS-ECID
X-Dynatrace-Js-Agent
X-Vgn-Hpd-Reason
X-FPC
X-Cdn-Forward
Request-ID
X-Moov-Xdn-Version
User-Agent
X-Moov-T
X-TH-Server
X-Vmg-Version
X-WA
X-Akamai-Device-Characteristics
CacheControlHeader
X-Vc
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Dispatch
X-Gamma-Serve
ServerHost
Server-Id
X-Info
X-APP-VERSION
Hostname
X-COUNTRY
X-FL-QIT-DEBUG
Srvid
Xc-Version
X-NC
X-VCL-Version
X-Webkit-Csp-Report-Only
Geoip-Latitude
Cf-Device-Type
X-Presslabs-Stats
X-Hit
X-User
X-Destination
Cross-Origin-Embedder-Policy-Report-Only
X-Application
X-Geo
Expect-Staple
X-S-Cookie
X-Lb-Nocache
X-External-Request-Id
X-B-Cookie
Cloudfront-Viewer-Country
Origin-Trial
X-ServedByHost
X-Amz-Meta-Opti
Cneonction
X-Zen-Fury
X-Via-PopN
Epwk-X-Cache
X-Via-PopV
X-Sigma-Backend
X-Sigma
X-Instance-Name
Ohc-File-Size
X-Ha-Backend
X-Limited
X-Rocket-Build-Number
PICS-Label
X-App
X-Via-PopH
X-Cache-Date
X-V
X-New
WZWS-RAY
X-Segment-20210421
X-Platform-Server
Permission-Policy
X-Rollout
X-Akamai-Pragma-Client-IP
N-Cache
X-Ua
X-Correlation-ID
X-VServer
X-Eligible
X-API-Version
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
XkeyRZ
X-Sqd-Ctime
X-Lb-Id
X-Branch-Name
X-Sqd-Stime
X-Serial
X-Proxy-CacheRZ
X-Check-Cacheable
X-MiniProfiler-Ids
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-MSEdge-Features
Cmstype
Cmsid
Ngx
X-Acquia-Site
X-Fastly-Backend-Reqs
X-Internal-TTL
X-Datacenter
X-Service-Response-Time
Sm-Log-Id
X-Ftr-Request-Id
X-ElasticPress-Query
X-MSEdge-Flight
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Timeexpire
X-CSRF-TOKEN
X-LAGOON
CountryCode
X-Litespeed-Cache-Control
Servername
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Traceid
Edge-Copy-Time
X-VTEX-Cache-Backend-Connect-Time
X-VTEX-Cache-Backend-Header-Time
Fl-Custom-Application
Wpo-Cache-Status
X-EC-Lua
X-Amz-Meta-S3b-Last-Modified
Warning
X-Web-Server
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Snapshot-Date
X-Ramcache
X-DataCenter
X-RAMCache
X-Th-Server
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Ohc-Cache-HIT
X-Shopid
X-Shardid
X-IN-APIGATEWAYSSL
X-Requestid
X-Origin-Upstream-Status
Wpo-Cache-Message