Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Ua-Compatible
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-UA-Device
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
X-Ws-Request-Id
Xkey
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dispatcher
Allow
Cf-Apo-Via
X-Dns-Prefetch-Control
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-WebKit-CSP
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Node
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
P3p
X-NWS-LOG-UUID
X-Country
X-CST
Service-Worker-Allowed
X-Country-Code
X-Litespeed-Cache
X-Content-Type
Cache-Tag
X-Clacks-Overhead
X-Trace
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Times
Nginx-Cache
X-Vname
X-PC
X-TtlSet
X-Server-Name
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Oneagent-Js-Injection
X-Mcache
X-Edge
X-Midtier
X-Webkit-Csp
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-ECACHE
X-GitHub-Request-Id
X-Upstream
Edge-Control
X-Element-Page-Cache
X-MS-InvokeApp
X-Ac
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
AR-SID
X-Cdn-Fetch
Verso
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Kinja-Build
X-D2id
X-Ser
X-Vcap-Request-Id
Accept-Ch-Lifetime
X-Cache-TTL
X-FastCGI-Cache
X-Abt-Application-Version
X-B3-TraceId
AR-CACHE
X-Navigation-Version
X-Mod-Pagespeed
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Aws-Lambda-Call-Status
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
X-Amz-Rid
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Client-IP
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Mg-S
Edge-Cache-Tag
X-Ruxit-Js-Agent
X-Edge-Location-Klb
X-Kinsta-Cache
S
X-Powered-CMS
Response
X-Middleton-Response
Cache-Status
X-Goog-Hash
Access-Control-Request-Method
X-Amzn-Trace-Id
X-Version
X-VARITI-CCR
X-Fastly-Request-ID
X-ARC
X-Cache-Key
RTSS
X-RateLimit-Remaining
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-T
X-Ratelimit-Limit
X-Recruiting
Realpath
X-Correlation-Id
X-MSEdge-Ref
Front-End-Https
X-Server-ID
X-Varnish-TTL
Fastcgi-Cache
X-Cached
MS-Author-Via
X-PDP-UNCACHING-HASH
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Ratelimit-Remaining
Content-MD5
X-Ttl
X-Country-Code-Real
X-FTR-Cache-Status
X-Ua-Browser
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Protected-By
X-Shield-Request-Id
X-HS-Content-Id
Server-Node
X-HS-Hub-Id
X-HS-Cache-Config
X-Request-Received
X-Request-Processing-Time
Payment
X-Forwarded-Proto
X-Frontend
Public-Key-Pins
X-LLID
X-SRCache-Fetch-Status
TP-Cache
X-SRCache-Store-Status
Arr-Disable-Session-Affinity
X-HS-Combine-CSS
MicrosoftSharePointTeamServices
X-Distributor
X-FTR-Expires
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
X-TTL
X-ORACLE-DMS-RID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Count-Hit
X-GUploader-UploadID
X-Origin-Server
X-LB-Cache
X-NODE
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Origin-Cache-Key
X-TEC-API-ROOT
X-Content-Security-Policy-Report-Only
Host
MRF-Tech
Mrf-Cache-Status
X-Az
X-B3-TraceId-Primal
X-AppVersion
X-Activity-Id
X-Www-Served-By
X-Cluster-Name
X-Hits
X-Varnish-Server
Cache-Tags
X-Varnish-Backend
Retry-After
X-App-Server
Accept-Charset
Server-Name
X-PressLabs-Stats
X-Ua-Device
X-Amz-Meta-S3cmd-Attrs
X-Newrelic-App-Data
X-Geo-Country
Cleartype
X-Hostname
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Goog-Metageneration
Referer-Policy
X-ORACLE-DMS-ECID
X-CSRF-Token
X-Upgrade-Enabled
X-DIS-Request-ID
X-Id
TP-L2-Cache
X-Git-Hash
Access-Control-Allow-Method
X-Azure-Ref
X-Seen-By
TCN
X-CCDN-Origin-Time
X-Unique-Id
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Tt-Trace-Host
X-Tt-Trace-Tag
Filterid
X-F-Cache
X-Proxy
X-Load-Cache
X-Amz-Apigw-Id
X-Revision
X-Amzn-RequestId
Healthy
X-Grace
X-Request-Guid
X-Cache-Control
X-Trace-Id
Section-Io-Cache
X-TT
X-Px
X-B
X-B3-Sampled
X-Contextid
X-Debug-Info
DC
X-Type
X-FB-Debug
X-Page-Id
X-Fb-Rlafr
Paypal-Debug-Id
X-Logged-In
X-Varnish-Ttl
X-Mobile
X-Debug
X-N
X-Oracle-Dms-Ecid
X-WP-CF-Super-Cache
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-RateLimit-Limit
X-Whom
Fastly-SIE
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Fastly-SWR
X-Goog-Generation
X-XRDS-LOCATION
X-Oracle-Dms-Rid
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Charset
X-Datadog-Parent-Id
X-Content-Options
X-Via-JSL
Content-Disposition
Version
X-Template
X-Time
X-Cache-Grace
X-Webkit-CSP
X-Varnish-Grace
X-Wix-Request-Id
X-Magnolia-Registration
X-App-Environment
X-EdgeConnect-Cache-Status
X-Language
X-Signature
X-B-Cache
X-Node-Name
X-B3-SpanId
X-Rid
X-Origin-Cache
X-RemovedCookies
SRV
X-ProcessESI
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Debug-IsPreview
X-Debug-IsConnected
X-Tumblr-Pixel-1
SD-X-WS
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-G
X-Amz-Replication-Status
X-Datadog-Sampled
X-FW-Hash
X-FW-Dynamic
Ms-Operation-Id
X-Adobe-Loc
X-FW-Serve
X-FW-Server
MS-CV
X-FW-Version
X-FW-Type
X-FW-Static
X-Hl-Ver
X-Rule
GEO-INFO
X-Backend-Name
X-Adobe-Content
X-Instance
X-RTag
X-Storage
X-Device-Type
X-Proxy-Cache-Info
X-Amzn-Remapped-Content-Length
X-UUID
ServerID
X-Is-Bot
Liferay-Portal
X-Rendered-As
X-Cacheable-TTL
NGB
X-NYM-Debug-Backend
X-RateLimit-Reset
X-User-Agent
X-L-Path
X-Region
X-IPS-LoggedIn
X-Environment-Context
X-Cache-Hit
Country
X-Status
X-Source
X-Real-IP
Countrycode
X-Cache-Age
Surrogate-Key
X-ServerID
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
Akamai-GRN
X-WP-CF-Super-Cache-Active
Cross-Origin-Window-Policy
X-Servername
X-Sucuri-ID
X-Sucuri-Cache
OT-Force-Account-Verify
X-UA
From-Origin
X-VC-Cache
X-Xrds-Location
X-RM-Cache-TTL
X-WebKit-CSP-Report-Only
Front
Backend
X-Framework
Upgrade-Insecure-Requests
X-Air-Pt
Refresh
X-INCAP-ABP
X-Mode
X-Wormhole-Sdk
X-AB
X-Cache-Time
X-Air-Hostname
X-Air-Trace-Id
X-Akamai-Request-ID2
X-Air-Source
X-Content-Powered-By
X-DataDome
X-URL
X-Nginx-Cache
X-HTML-Minification-Powered-By
X-Handled-By
Frame-Options
Xet-Cookie
X-Edge-Location
Url
X-Rn-Rsrv
X-SaId
X-SRV
X-Rewrite-Enabled
X-Xfnlog-Site
X-Webstats-RespID
X-RCS-CacheZone
Filters
X-UPSTREAM-Address
X-Endurance-Cache-Level
Selected-Fe
X-Vcache
X-Origin-CC
X-JoinUs
X-Origin-TTL
X-Proxy-Build
Meta-Geo
X-Timing-Wait
Atl-Traceid
X-Cache-Rule
X-Cluster
X-Cache-Operation
TWC-GeoIP-Country
TWC-Connection-Speed
X-AWS-Id
TWC-GeoIP-LatLong
X-Akamai-Edgescape
WPO-Cache-Message
Accept-Language
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Property-Id
TWC-Device-Class
Webcakes-Region
Webcakes-App-Version
WPO-Cache-Status
ServedBy
X-Origin
X-PHP-Host
X-LJ-Flow-ID
X-Labrador-Cache-Channel
X-Origin-Hint
X-Logging-Id
X-No-Session
X-Served-From
X-Origin-Date
Webserver
Access-Control-Request-Headers
X-VWS-Id
X-Drupal-Cache-Tags
X-Adobe-Source
X-Provided-By
X-VCT
X-Azure-Ref-OriginShield
X-Buckets
X-Web-Node
X-Site-Version
X-Zipkin-Id
X-Proxied
Cache
X-Restarts
X-Routing-Service
X-Tumblr-Pixel-2
X-Reqid
Web-Mar-Node
X-Drupal-Cache-Contexts
X-Redis-Cache
X-Varnish-Cache-Hits
X-Cloudmap
X-Git-Commit
Mn-Server-Ip
X-Hosted-By
X-IPLB-Instance
Section-Io-Id
X-IPLB-Request-ID
Cache-Hits
X-Container-Uri
X-Extlb
X-Cache-Debug
X-VC
X-Locale
X-Tb
X-Fetched-On
X-Cms-Context
X-Skip-Cache
X-Varnish-Age
TDXMobile
Thinkindot-CacheControl-Type
X-Upstream-Ct
Thinkindot-Control
Thinkindot-CacheControl
X-Upstream-Ht
X-Thinkindot-L3
X-Tncms
X-Shield-Cache-Expires
X-Tcp-Rtt
X-ProxyCache-Key
X-Is-Tablet
X-Is-Supported-Browser
X-Lambda-Id
X-CMSURLCustom
X-Loop
X-Director
X-Is-Mobile
X-Forwarded-Host
X-Geo-Region
X-Httpd
X-Is-Desktop
X-Ms-Request-Id
X-Ms-Version
X-Say-Cacheable
X-Accel-Version
X-Say-TTL
X-SayCDN-TTL
X-S
X-Browser-Name
X-Soup
X-BYPASS-REASON
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Scope-Id
Apigw-Requestid
X-CDN-Forward
X-Cache-Status-Check
X-Cache-Host
X-Alternate-Cache-Key
X-ShardId
X-GeoCountry
X-Format
X-Frame-Option
X-GeoCode
X-Detected-As
X-ShopId
X-Shopify-Stage
Xserver
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Generated-By
X-Generation-Time
X-Cdn-Origin
X-Optimistic-Header
X-Rocket-Nginx-Serving-Static
X-TA-CDN-Provider
X-RID
X-Lagoon
X-Worker
LB
X-Ratelimit-Reset
Source
Azure-Version
Azure-SlotName
Azure-InstanceId
X-Request-URI
Azure-SiteName
Azure-RegionName
X-WP-CF-Super-Cache-Cookies-Bypass
Node
X-XRDS-Location
X-Vercel-Id
X-Vercel-Cache
X-B3-Traceid
Protected
Fastcgi-Useragent
CDN-Cache
CDN-Uid
CDN-CachedAt
CDN-RequestPullCode
CDN-PullZone
CDN-EdgeStorageId
CDN-RequestPullSuccess
X-Fastcgi-Cache
CDN-RequestCountryCode
X-Pass-Why
Cross-Origin-Embedder-Policy
X-App-Version
X-Connection-Hash
Expiry
X-GEO
X-Vcl-Version
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Onion-Location
X-Cache-Expired-At
X-Tumblr-Pixel-3
Alternate-Protocol
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
CDN-RequestId
DB-Nickname
X-PHP-Backend
X-Jobs
X-Cache-Server
AMP-Access-Control-Allow-Source-Origin
X-Server-W
Priority
Environment
CF-IPCountry
X-Proxy-Cache-Status
X-Api-Version
Uber-Trace-Id
X-Cache-Action
X-Fastly-Request-Id
X-DC
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Cluster-Node
User-Cache-Control
Cdn-Requestid
X-ID
X-Tt-Logid
X-LSADC-Cache
X-Mg-Request-UUID
X-MP-GENERATED-AT
X-Tx-Id
Sid
X-Ismobilevalue
HostName
MD5-Digest
X-ND-Cache
X-Jungle-Id
X-Ig-Origin-Region
X-NCache
Edge-Cache
X-Hnp-Log
DCR-Decision-By
X-Aed
X-Block-Status
X-D
Vix-Hermes-Req-Id
Origin
X-Bc-Bl
X-VTEX-Cache-Server
Lang
DCR-Processing-Time-Ms
X-SRCache-Key
X-Bl-Debug
X-GeoIP-City
X-Forwarded-Site
A
X-A-Ccd
X-Dispatcher-Server
X-Original-Request-Id
X-FB-TRIP-ID
X-Ec-Fail
X-Epic-Correlation-Id
Candidate-Md5Url
X-Esi-Check
X-Ec-GeoHdr
X-Device-Os
X-A-Dam
X-BCube-Filmed-By
X-VTEX-Cache-Time
Content-Secure-Policy
Req-ID
X-Varnish-Beresp-Ttl
Rendered-Blocks
X-Response-Served-From
X-Gen-Mode
X-Developer
X-Varnish-Hostname
X-Gzip
X-Bip
X-Vdms-Path
Fusion-Content-Id
X-ScT
Fusion-Content-Source
Wxu-Next-Hostname
Fusion-Component-Id
X-Origin-Expires
X-Rojux
X-Vdms-Version
X-Vtex-Remote-Cache
Fusion-Deployment-Id
X-Cache-NE
Gannett-Cam-Experience-Id
Cache-Tv-Group
Wxu-Next-Commit
X-Conf
X-A-Wwc
Fusion-Template-Id
Fusion-Source
X-SB
X-Powered-By-VTEX-Cache
X-A-Dgt
X-A
X-UA-Device-Type
X-Cache-Id
Sslversion
T-Server
Surrogated-Key
X-Node-Id
X-Request-Start
X-Content-Age
Wxu-Next-Region
X-TIM-N
Magicmarker
X-Thanos
X-A-Dcw
X-Org
X-Op-Id-All
Origin-Agent-Cluster
Ngx.Var.Host
Meta-Geo-Continent
X-Uri
X-Zone
X-Client-Ip
X-Origin-Response-Time
Cdnsip
X-Cache-Info
X-Amz-Storage-Class
CDCHOST
X-Cache-TTL-Remaining
Cdncip
X-Cache-Bucket
Content-Script-Type
DSUID
X-Auto-Login
Fastly-SSL
X-CUA
PFcat
Content-Style-Type
NM-Fastcgi-Cache
X-Clientip
Origin-CC
Origin-EX
X-Backend-Instance
X-Auth-Group-Type
Powered-By
X-Nyt-Route
X-Req
X-Region-Sid
Sever-Int
X-Request-Time
X-Scheme
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Platform
Server-Host
Server-Hostname
X-Pubstack
X-SD-PageType
Ssr
X-WA-Info
X-Viewer-Country
XM
Yak-Timeinfo
X-Ig-Push-State
X-Via-Fastly
X-VG-WebCache
X-Var-Ttl
X-V-Cache
X-Varnish-Director
X-VarnishDD-TTL
X-Varnishpool
Cache-Provider
X-PAYTM-SRV-ID
X-Gdpr
X-Service
X-Generated-On
X-GeoIP
X-Origin-Time
Release
X-Fmm-Version
C-Via
X-AK-Request-ID
X-Fastly-Cache
X-FC-Vary-Parameters
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Server-Ext
X-Nginx-Cache-Key
X-NMSegId
X-HN
X-Mvc-Supplant-Cachable
X-Level-Front-Cache
X-Loc
X-TT-LOGID
X-Ad-Load-Variation
X-BBC-Edge-Cache-Status
Web-Mar-Region
X-Aicache-OS
X-B3-Trace-ID
X-Access
X-Acquia-Purge-Cdn-Unconfigured
X-App-Name
X-Micro-Cache
X-Section
X-Server-IP
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Request-Host
X-Proxied-Request
X-Mvc-Supplant-OutputCached
X-Pool
X-Proto
X-SVT-ORM-VERSION
X-Test
X-Wikidot-Static-Cache
X-Tb-Optimization-Total-Bytes-Saved
Odigeo-Trace-Id
X-Wikidot-Backend
X-We-Are-Hiring
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-Mly-Id
X-Men
X-Csrf-Jwt
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Value
X-Contensis-Viewer-Groups
X-Cache-Backend
X-Cdn-Srv
X-CGP
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
X-Human
X-Geo-Header
X-From
X-Edge-Server
X-Eu-Site
X-Fastly-Backend
X-Cache-Aspx
We-Hiring
Fastly-GeoIP-CountryCode
Ha-Gx-Prefs
Fastly-Backend-Name
Esi-Enabled
Country-Code
X-LiteSpeed-Cache-Control
HA-Ipaddr
Host-ID
Mail-Subject
WP-Super-Cache
Machine
L5d-Success-Class
Is-Eu
L
Cluster
Click-Count-Error
Apple-News-Services-Handled
Apple-News-Services-Host
AKAMAI
Adler-Geo
X-ECache
W
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cdn-Request-Time
Click-Count-Action-Start
Cdn-Host
Canary
Cache-Key
On-Server
Gh-Request-Id
RNT-Time
Req-Svc-Chain
Redirect-Candidate
Producers
True-Client-Country-4JS
Tube-Get-Contents
V-Age
Tube-Return
Tube-Got-Results
Tube-Got-Eval
Pramga
RNT-Machine
Platform
X-Custom-Header
X-PERF
X-Slack-Shared-Secret-Outcome
X-Date
X-Slack-Backend
X-Accel-Expires-Debug
NGX
Proxy-Firewall
X-Render-Time
X-NodeID
X-Up
X-ApacheServer
X-Hash
X-Location
X-CacheTTL
X-Newrelic-Synthetics
X-AIR-PT
SID
X-Varnish-Hits
X-LB-ID
X-NGINX-Cache
Debug
X-Cs
Fastly-Drupal-HTML
X-COUNTRY
X-Varnish-Remaining-TTL
X-Nananana
X-Varnish-CookieINHashed-On
X-DefHash
X-DefElseHash
X-Varnish-CookieHashed-On
X-Dc
Mime-Version
X-Pad
Pics-Label
X-Via-Poph
X-HA-Backend
X-Depends
Datacenter
X-CACHE-GROUP
CloudFront-Viewer-Country
X-Via-Popv
X-Via-Popn
X-Nf-Request-Id
X-Refresh
X-Akamai-Transformed
Locid
X-Servedbyhost
X-CACHE-AGE
GeoIP-Latitude
X-VHOST
X-Cache-FS-Status
X-VC-TTL
X-Amz-Meta-Cb-Modifiedtime
X-TIME
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-M-Log
X-Parent-Response-Time
X-LB-NoCache
X-Datadome
X-M-Reqid
X-Cached-By
Ngx-Var-Key
X-Old-Content-Length
X-HITS
X-Presslabs-Stats
X-LiteSpeed-Tag
X-B3-Parentspanid
X-Litespeed-Tag
Resin-Trace
Server-Info
X-CS
Server-ID
Cdn
BehaviorPad-Version
X-TH-Server
X-CDN-Cache-Status
X-Wa
X-Nc
X-Moov-Xdn-Version
X-Moov-T
Cf-Ipcountry
X-DynaTrace-JS-Agent
Fastly-Drupal-Html
Cross-Origin-Embedder-Policy-Report-Only
GeoIp-Country-Code
X-APP
X-Fpc
X-VCache
X-IAuth-Set-Uid
X-Vgn-Hpd-Reason
NtCoent-Length
X-User
X-External-Request-Id
X-S-Cookie
X-B-Cookie
X-ZONE
X-Application
X-Vc
X-Destination
X-NewRelic-App-Data
X-Content-Length
FSS-Cache
Cf-Device-Type
X-Zen-Fury
True-Client-IP
Serverhost
X-Esi
True-Client-Ip
Uri
X-HostName
X-TX-ID
CDN
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Varnish-Beresp-TTL
X-Cache-Date
X-Instance-Name
X-Srv
X-Dynatrace-Js-Agent
Load-Balancing
X-VServer
X-Is-Crawler
X-API-Version
X-Aspnet-Duration-Ms
Tcn
GeoIP-Country-Code
X-Dispatcher-Number
X-Flags
S-Rt
X-Providence-Cookie
X-Route-Name
X-DynaTrace
X-Oracle-DMS-ECID
Vc-Max-Age
X-Cdn-Cache-Status
X-RequestId
X-Segment-20210421
X-HOST
X-Branch-Name
Srv
X-Cdn-Forward
Hostname
Request-ID
X-FPC
X-NC
X-WA
Product
X-Dispatch
X-Page-View
Ohc-File-Size
X-CACHE-KEY
X-DataCenter
X-APP-VERSION
X-B3-Spanid
Geoip-Latitude
Server-Id
Srvid
Type
ServerName
X-Ckpd-Fst-Backend
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-Geo
X-SERVER-NAME
X-Sql-Count
X-Sql-Duration-Ms
X-Irp-Debug
X-Http-Reason
X-Lb-Nocache
X-Bug-Bounty
X-VCL-Version
Cl-Cache
CacheControlHeader
DataCenter
X-ServedByHost
Epwk-X-Cache
X-SIPLIST1
IsBot
X-Owner
X-Via-Edge
X-Via-CDN
Cloudfront-Viewer-Country
Ohc-Cache-HIT
X-Via-SSL
Edge-Copy-Time
Origin-Trial
X-Cache-Ttl
WZWS-RAY
Cross-Origin-Opener-Policy-Report-Only
X-Proxy-CacheRZ
XkeyRZ
X-Ua
MIME-Version
X-App
X-Correlation-ID
X-Core-Mission
PICS-Label
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Ha-Backend
X-Nf-Country
X-Nf-Ats-Version
X-Srcache-Store-Status
Rtss
X-HubSpot-Correlation-Id
X-Srcache-Fetch-Status
X-Nf-Language
X-CSRF-TOKEN
X-Qloud-Router
X-Lb-Id
N-Cache
X-MSEdge-Flight
Cneonction
X-Vmg-Version
X-Akamai-Device-Characteristics
User-Agent
ServerHost
X-MSEdge-Features
X-MiniProfiler-Ids
X-Hit
Lb
X-Sqd-Ctime
X-Sqd-Stime
X-Acquia-Site
X-Acquia-Application-UUID
X-Web-Server
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Datacenter
X-Gamma-Serve
X-Info
Cmstype
Cmsid
CountryCode
X-Limited
X-Fastly-Country-Code
Warning
Sm-Log-Id
X-Amz-Meta-Opti
X-Service-Response-Time
Servername
X-Litespeed-Cache-Control
X-LAGOON
Ngx
X-RAMCache
X-Ramcache
X-Check-Cacheable
X-Serial
X-Th-Server
X-Requestid
X-Snapshot-Date
X-IN-APIGATEWAY
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Proxy-Cache-La3
X-Akamai-Pragma-Client-IP
X-Dw-Trace-Id
Xkey-La3
Xkeylog
X-IN-APIGATEWAYSSL