Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Request-ID
X-Generator
X-Cache-Status
X-Ua-Compatible
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
EagleId
Permissions-Policy
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
P3p
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Grace
X-Server-Powered-By
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
X-Litespeed-Cache
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-Vname
X-TtlSet
X-PC
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Daa-Tunnel
X-Midtier
X-FTR-Request-ID
X-Browser-Type
Nginx-Cache
X-Server-Name
X-Powered-By-Plesk
X-CST
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Cnection
X-Cache-TTL
Accept-Ch
X-ESI
X-Element-Page-Cache
X-D2id
X-Ac
Edge-Control
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Exp-Id
Verso
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-ECACHE
X-FastCGI-Cache
X-Navigation-Version
X-B3-TraceId
X-Dw-Request-Base-Id
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-Webkit-Csp
X-Mod-Pagespeed
X-Server-Lifecycle-Phase
X-Amz-Rid
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Kraken-Loop-Name
SPRequestGuid
X-SharePointHealthScore
X-PDP-UNCACHING-HASH
X-Edge-Location-Klb
X-Kinsta-Cache
X-ARC
X-Client-IP
X-Goog-Hash
X-Ratelimit-Limit
X-Mg-S
X-Powered-CMS
X-Sol
Display
X-Middleton-Display
Pagespeed
Edge-Cache-Tag
X-Oneagent-Js-Injection
S
X-Amzn-Trace-Id
X-Version
Cache-Status
X-NF-Request-ID
Access-Control-Request-Method
X-VARITI-CCR
Response
X-Middleton-Response
RTSS
X-Ratelimit-Remaining
X-Varnish-TTL
X-Cache-Key
Realpath
X-TTL
X-T
X-Content-Digest
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Forwarded-For
X-Recruiting
X-TraceId
X-Correlation-Id
X-Cached
Fastcgi-Cache
X-MSEdge-Ref
X-ORACLE-DMS-RID
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
X-Forwarded-Proto
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
X-Protected-By
TP-Cache
MS-Author-Via
X-LLID
X-HS-Hub-Id
Server-Node
Payment
X-PressLabs-Stats
Arr-Disable-Session-Affinity
Public-Key-Pins
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ruxit-Js-Agent
Count-Hit
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-HS-Combine-CSS
X-Accel-Expires
X-GUploader-UploadID
X-Distributor
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-LB-Cache
X-FTR-Backend-Server
X-Country-Code-Real
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Server-ID
X-NODE
X-FTR-Expires
X-HP-Trace-Id
X-Ezoic-Cdn
X-Jurisdiction
X-HP-Webp
X-Request-Handler-Origin-Region
X-Microsite
X-Newrelic-App-Data
X-Varnish-Server
X-Www-Served-By
Accept-Charset
Host
X-Cluster-Name
X-AppVersion
X-Activity-Id
X-App-Server
X-Content-Security-Policy-Report-Only
X-Az
MRF-Tech
Mrf-Cache-Status
Cache-Tags
X-B3-TraceId-Primal
Cleartype
Retry-After
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
X-Ua-Device
Filterid
Surrogate-Key
X-Goog-Metageneration
X-Unique-Id
X-ORACLE-DMS-ECID
Server-Name
X-Ttl
X-Git-Hash
X-Debug
Access-Control-Allow-Method
X-Hits
X-Azure-Ref
X-Envoy-Decorator-Operation
X-Load-Cache
X-Upgrade-Enabled
X-Geo-Country
X-Logged-In
X-NGENIX-Cache
X-CSRF-Token
X-Hostname
X-FB-Debug
X-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
TCN
TP-L2-Cache
X-Proxy
X-Tt-Trace-Host
X-Tt-Trace-Tag
Section-Io-Cache
X-Grace
X-B
X-Seen-By
X-Request-Guid
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-TT
DC
X-Revision
X-B3-Sampled
X-F-Cache
Viewport
Healthy
X-Type
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Cache-Control
X-Trace-Id
X-Contextid
X-Fb-Rlafr
X-Time
Referer-Policy
X-N
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Mobile
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Fastly-SIE
Fastly-SWR
X-XRDS-LOCATION
Paypal-Debug-Id
X-DIS-Request-ID
Content-Disposition
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Varnish-Grace
X-Debug-Info
X-Page-Id
X-Px
X-Magnolia-Registration
X-Via-JSL
X-Oracle-Dms-Ecid
X-Origin-Cache
X-Webkit-CSP
Version
X-Amz-Replication-Status
X-Ratelimit-Reset
X-Whom
X-Aws-Lambda-Call-Status
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Content-Options
X-ProcessESI
X-UUID
X-G
X-RemovedCookies
X-Template
X-App-Environment
X-Node-Name
X-Tumblr-Pixel-0
X-Adobe-Content
X-Adobe-Loc
X-Debug-IsConnected
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Debug-IsPreview
Charset
VIX-Pulpo-Upstream-Status
X-Rule
VIX-Pulpo-Node
X-Storage
SD-X-WS
X-Wix-Request-Id
X-Source
Ms-Operation-Id
X-RTag
X-Wormhole-Sdk
MS-CV
NGB
X-Datadog-Sampled
X-B-Cache
X-Cacheable-TTL
X-Proxy-Cache-Info
X-Hl-Ver
X-Signature
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rendered-As
X-Varnish-Ttl
X-Is-Bot
X-Region
X-NYM-Debug-Backend
X-Instance
Country
Amp-Access-Control-Allow-Source-Origin
X-Backend-Name
X-FW-Version
X-ServerID
X-Device-Type
X-Status
X-User-Agent
X-Rid
Cross-Origin-Window-Policy
X-FW-Type
X-L-Path
X-FW-Hash
X-FW-Dynamic
X-Environment-Context
X-FW-Static
X-FW-Serve
X-FW-Server
X-Nf-Request-Id
GEO-INFO
X-Cache-Grace
X-IPS-LoggedIn
ServerID
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
X-Real-IP
Akamai-GRN
X-RM-Cache-TTL
X-Cache-Age
Countrycode
Front
X-Oracle-Dms-Rid
X-Cache-Hit
Liferay-Portal
X-Amzn-Remapped-Content-Length
SRV
X-WP-CF-Super-Cache-Active
X-B3-SpanId
X-Framework
X-Language
X-Ismobilevalue
X-AB
X-Air-Pt
OT-Force-Account-Verify
X-Sucuri-ID
X-Sucuri-Cache
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Servername
X-UA
X-Content-Powered-By
X-VC-Cache
X-Air-Trace-Id
X-Air-Source
From-Origin
X-Air-Hostname
Backend
Xet-Cookie
X-Mode
X-SRV
X-DataDome
X-VC
X-Api-Version
Accept-Language
X-URL
X-Cache-Time
X-Xrds-Location
Refresh
Upgrade-Insecure-Requests
Webserver
X-Handled-By
Access-Control-Request-Headers
X-Tt-Logid
LB
Cache
Meta-Geo
X-HTML-Minification-Powered-By
X-Rewrite-Enabled
X-RCS-CacheZone
X-JoinUs
X-UPSTREAM-Address
X-SaId
X-RID
X-Cache-Status-Check
Filters
X-Rn-Rsrv
X-Xfnlog-Site
Webcakes-Region
X-Origin-Hint
X-R9-Blue-Green-Version
X-ECache
X-Adobe-Source
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
X-Provided-By
X-PHP-Host
X-Cache-Operation
X-Cache-Rule
X-Labrador-Cache-Channel
X-Varnish-Age
TWC-GeoIP-LatLong
TWC-Privacy
X-Origin-Date
X-Git-Commit
TWC-Device-Class
TWC-GeoIP-Country
X-Hosted-By
X-Generated-By
Property-Id
X-Container-Uri
X-Cms-Context
X-Tumblr-Pixel-2
X-Lambda-Id
X-Ms-Request-Id
X-Akamai-Edgescape
X-Logging-Id
X-Accel-Version
X-Loop
Section-Io-Id
Atl-Traceid
ServedBy
X-Locale
X-No-Session
X-Httpd
Web-Mar-Node
X-ProxyCache-Status
X-Ms-Version
X-ProxyCache-Key
X-Site-Version
X-Web-Node
X-Tncms
X-S
X-BYPASS-REASON
X-Cluster
X-Forwarded-Host
X-Scope-Id
X-Nginx-Cache
X-Cache-Debug
Url
X-Webstats-RespID
X-Fetched-On
X-Redis-Cache
X-Tb
X-Fastly-Request-Id
X-Reqid
X-Skip-Cache
X-Endurance-Cache-Level
X-Is-Tablet
X-Is-Supported-Browser
X-Upstream-Ht
X-Upstream-Ct
X-Tcp-Rtt
Apigw-Requestid
X-Varnish-Cache-Hits
X-Director
X-Detected-As
X-Geo-Region
X-Format
X-Request-URI
X-Frame-Option
Mn-Server-Ip
X-IPLB-Request-ID
X-Is-Desktop
X-IPLB-Instance
X-Soup
X-VCT
X-Is-Mobile
X-Storefront-Renderer-Rendered
X-SayCDN-TTL
X-Served-From
X-Alternate-Cache-Key
X-Cache-Host
X-Say-TTL
X-Edge-Location
X-Browser-Name
X-Restarts
X-INCAP-ABP
X-Shopify-Stage
X-Say-Cacheable
X-Origin
X-Cloudmap
X-RateLimit-Limit
X-Extlb
X-Routing-Service
X-VWS-Id
X-Proxied
X-AWS-Id
X-LJ-Flow-ID
X-Zipkin-Id
Xserver
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
Frame-Options
X-Sorting-Hat-PodId
X-Mg-Request-UUID
X-ShopId
X-ShardId
Onion-Location
X-Optimistic-Header
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-GeoCode
X-Vcl-Version
X-GeoCountry
X-Azure-Ref-OriginShield
Expiry
X-Connection-Hash
X-Lagoon
X-CDN-Forward
X-Vcache
X-CMSURLCustom
X-Generation-Time
X-Shield-Cache-Expires
X-Cache-Expired-At
X-WP-CF-Super-Cache-Cookies-Bypass
X-Thinkindot-L3
Protected
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl-Type
Source
Thinkindot-CacheControl
Cdn-Requestid
WPO-Cache-Message
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
WPO-Cache-Status
X-ID
X-Cdn-Origin
X-Origin-TTL
Fastcgi-Useragent
X-Origin-CC
Environment
X-XRDS-Location
X-Cache-Action
X-Proxy-Cache-Status
X-Pass-Why
X-Worker
X-Vercel-Cache
X-Vercel-Id
Priority
X-PHP-Backend
X-GEO
Uber-Trace-Id
Cache-Hits
X-Rocket-Nginx-Serving-Static
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-Version
Azure-RegionName
X-TA-CDN-Provider
Node
X-App-Version
X-Cluster-Node
X-Urbn-Context-Path
X-Urbn-Site-Id
Sid
X-Buckets
Locale
X-Client-Ip
CF-IPCountry
X-Aspnetmvc-Version
CDN-Cache
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
CDN-CachedAt
CDN-RequestPullCode
CDN-Uid
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-PullZone
X-Tumblr-Pixel-3
Cache-Tv-Group
X-FB-TRIP-ID
X-Auth-Group-Type
X-RateLimit-Reset
X-Cache-Server
X-Fastcgi-Cache
AMP-Access-Control-Allow-Source-Origin
X-B3-Traceid
DB-Nickname
X-HITS
Alternate-Protocol
X-Server-W
X-Tx-Id
X-Pad
X-A
Cdn-Host
Cdn-Request-Time
X-Bc-Bl
Rendered-Blocks
X-BCube-Filmed-By
X-Fastly-Backend
X-Via-Fastly
X-Service
Candidate-Md5Url
X-Generated-On
Origin-Agent-Cluster
X-Ig-Push-State
Content-Secure-Policy
Ngx.Var.Host
X-Origin-Cache-Key
X-Ig-Origin-Region
X-Varnish-CookieHashed-On
X-Viewer-Country
X-Gzip
X-Vdms-Version
X-GeoIP-City
X-Vtex-Remote-Cache
X-Core-Value
X-Custom-Header
X-D
X-DefElseHash
X-Content-Age
A
X-Cache-TTL-Remaining
X-Cache-Id
X-Conf
X-DefHash
X-Developer
X-Edge-Server
X-Epic-Correlation-Id
X-Esi-Check
X-Level-Front-Cache
User-Cache-Control
X-Ec-GeoHdr
X-Dispatcher-Server
X-Bl-Debug
X-Ec-Fail
Odigeo-Trace-Id
X-Aed
Wxu-Next-Commit
X-Req
X-Rojux
T-Server
Gannett-Cam-Experience-Id
Wxu-Next-Region
X-Org
X-Varnish-CookieINHashed-On
X-Origin-Expires
X-ScT
Surrogated-Key
X-TIM-N
Meta-Geo-Continent
X-V-Cache
MD5-Digest
Sslversion
Lang
X-SRCache-Key
Magicmarker
X-Cache-NE
Wxu-Next-Hostname
DCR-Processing-Time-Ms
X-A-Dcw
X-A-Dgt
X-Op-Id-All
X-ND-Cache
DCR-Decision-By
X-Varnish-Remaining-TTL
X-A-Ccd
X-A-Wwc
X-A-Dam
X-DC
Mime-Version
X-Cache-Info
RNT-Machine
X-Acquia-Purge-Cdn-Unconfigured
PFcat
X-Cache-Bucket
X-Aicache-OS
Ssr
Platform
X-Block-Status
X-Amz-Storage-Class
Producers
X-App-Name
X-Ad-Load-Variation
X-B3-Trace-ID
Server-Host
X-Backend-Instance
Vix-Hermes-Req-Id
Powered-By
Tube-Got-Eval
Tube-Get-Contents
RNT-Time
Tube-Got-Results
V-Age
Tube-Return
X-AK-Request-ID
X-GeoIP-Region-Code
X-Scheme
X-SB
X-SD-PageType
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Request-Time
X-Region-Sid
X-Powered-By-VTEX-Cache
X-PAYTM-SRV-ID
X-Proto
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
X-VG-WebCache
X-VG-TLSProxy
X-UA-Device-Type
X-Test
X-Varnish-Director
X-Varnish-Hostname
X-VarnishDD-TTL
X-Origin-Time
X-Origin-Response-Time
X-Gen-Mode
X-Gdpr
X-Geo-Header
X-GeoIP
X-GeoIP-Country-Code
X-Fmm-Version
X-FC-Vary-Parameters
X-Debug-Cache-Fetch
X-Clientip
X-Debug-Cache-Store
X-DPWN-IS-SECURE
X-Fastly-Cache
X-GoCache-CacheStatus
X-HN
X-Mvc-Supplant-Cachable
X-Mly-Id
X-NMSegId
X-NodeID
X-Nyt-Route
X-Micro-Cache
X-Men
X-HS-Content-Campaign-Id
X-Hnp-Log
X-Jobs
X-Loc
X-LSADC-Cache
X-CacheTTL
X-Cdn-Srv
Country-Code
Content-Style-Type
Content-Script-Type
Edge-Cache
Esi-Enabled
Host-ID
Fastly-SSL
Fastly-Backend-Name
X-LiteSpeed-Cache-Control
Click-Count-Error
AKAMAI
Adler-Geo
HostName
X-Dc
Cache-Provider
Click-Count-Action-Start
Cdncip
Is-Eu
Cdnsip
X-NGINX-Cache
Origin
NM-Fastcgi-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Mvc-Supplant-OutputCached
X-CGP
C-Via
Apple-News-Services-Handled
X-Nginx-Cache-Key
Canary
X-Bip
CDCHOST
Pramga
X-Request-Host
X-Node-Id
X-Pubstack
On-Server
X-Cache-Aspx
X-Contensis-Viewer-Groups
X-Thanos
X-Human
X-We-Are-Hiring
X-Eu-Site
Fusion-Component-Id
X-WA-Info
X-Forwarded-Site
X-Hash
X-Varnish-Authentication
Origin-EX
Fusion-Content-Id
X-Ec-Custom-Error
Fusion-Template-Id
X-Location
X-Date
X-Csrf-Jwt
X-Depends
X-Cache-FS-Status
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
X-BBC-Edge-Cache-Status
Cache-Key
W
X-Policy
X-Pool
We-Hiring
Web-Mar-Region
Origin-CC
Fastly-GeoIP-CountryCode
Server-Ext
Ha-Gx-Prefs
HA-Ipaddr
Machine
Mail-Subject
Sever-Int
L5d-Success-Class
L
Server-Hostname
X-Proxied-Request
True-Client-Country-4JS
Req-Svc-Chain
X-Platform
X-Server-IP
X-Section
Proxy-Firewall
Req-ID
Cluster
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
DSUID
X-Auto-Login
X-Accel-Expires-Debug
X-Access
Gh-Request-Id
X-Request-Start
NGX
Yak-Timeinfo
X-Device-Os
X-Varnish-Beresp-Status
X-CUA
X-Var-Ttl
X-Varnishpool
X-Varnish-Beresp-Ttl
Release
X-AIR-PT
X-Varnish-Hits
Server-Info
X-Cs
X-Akamai-Transformed
X-Zone
BehaviorPad-Version
X-NCache
Debug
Redirect-Candidate
X-From
X-Up
CDN-RequestId
X-MP-GENERATED-AT
X-LB-ID
X-Jungle-Id
X-APP
X-Refresh
SID
X-Tec-Api-Origin
X-CACHE-AGE
X-Tec-Api-Version
X-Tec-Api-Root
X-HA-Backend
X-Vdms-Path
X-Via-Popv
X-Cache-Backend
Pics-Label
CloudFront-Viewer-Country
Fastly-Drupal-HTML
X-Via-Popn
X-Via-Poph
X-Parent-Response-Time
WP-Super-Cache
X-B3-Parentspanid
GeoIP-Latitude
X-VHOST
X-Servedbyhost
X-Content-Length
X-CDN-Cache-Status
X-Datadome
X-Uri
X-SERVER-NAME
Fastly-Drupal-Html
X-Litespeed-Tag
X-Nananana
X-Newrelic-Synthetics
X-LB-NoCache
X-Render-Time
X-ApacheServer
X-VC-TTL
X-Nc
X-PERF
X-M-Log
X-M-Reqid
X-NewRelic-App-Data
X-LiteSpeed-Tag
X-Cached-By
Datacenter
X-CS
X-CACHE-KEY
Vc-Max-Age
X-DynaTrace-JS-Agent
X-RequestId
GeoIp-Country-Code
Server-ID
X-Wa
X-Dispatcher-Number
Resin-Trace
X-ZONE
NtCoent-Length
Cdn
X-Amz-Meta-Cb-Modifiedtime
Locid
Product
X-B3-Spanid
X-Original-Request-Id
X-VCache
X-Response-Served-From
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-Ckpd-Fst-Backend
X-Fpc
FSS-Cache
True-Client-IP
X-TT-LOGID
Srv
X-Old-Content-Length
Uri
X-TIME
X-Esi
X-HostName
Cf-Ipcountry
S-Rt
X-TX-ID
ServerName
CDN
X-Bug-Bounty
True-Client-Ip
X-Nf-Language
Ngx-Var-Key
X-Nf-Country
X-Nf-Ats-Version
Serverhost
X-HubSpot-Correlation-Id
X-Vgn-Hpd-Reason
X-Vc
X-Dynatrace-Js-Agent
Tcn
X-FPC
X-Srv
X-Oracle-DMS-ECID
X-Cdn-Forward
X-WA
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-Moov-Xdn-Version
GeoIP-Country-Code
X-TH-Server
X-Moov-T
Request-ID
CacheControlHeader
X-Cdn-Cache-Status
X-Vmg-Version
X-Dispatch
User-Agent
X-APP-VERSION
X-Akamai-Device-Characteristics
Server-Id
Hostname
X-Gamma-Serve
Cf-Device-Type
ServerHost
X-NC
X-Info
X-COUNTRY
X-B-Cookie
X-Destination
Cross-Origin-Embedder-Policy-Report-Only
X-S-Cookie
Geoip-Latitude
X-Lb-Nocache
X-External-Request-Id
Srvid
Xc-Version
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-User
X-Application
X-Presslabs-Stats
X-Hit
Expect-Staple
X-Geo
X-Zen-Fury
X-Cache-Date
X-Rocket-Build-Number
PICS-Label
Ohc-File-Size
X-ServedByHost
X-Via-PopV
X-Amz-Meta-Opti
X-Via-PopH
Cneonction
X-Instance-Name
X-Sigma
X-Sigma-Backend
X-Via-PopN
X-Ha-Backend
Origin-Trial
Cloudfront-Viewer-Country
X-VCL-Version
X-API-Version
Epwk-X-Cache
X-Segment-20210421
X-VServer
X-V
X-Rollout
X-Platform-Server
WZWS-RAY
X-Limited
X-App
N-Cache
Permission-Policy
X-Eligible
X-New
X-Akamai-Pragma-Client-IP
X-Correlation-ID
X-Branch-Name
X-Ua
X-Srcache-Store-Status
X-Srcache-Fetch-Status
CountryCode
Rtss
X-Proxy-CacheRZ
XkeyRZ
X-Sqd-Stime
X-Lb-Id
X-Sqd-Ctime
X-MiniProfiler-Ids
X-Check-Cacheable
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Serial
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Cmsid
Cmstype
X-Fastly-Backend-Reqs
X-Internal-TTL
X-Ftr-Request-Id
X-ElasticPress-Query
Timeexpire
X-Web-Server
X-DataCenter
Ohc-Cache-HIT
X-Acquia-Application-Trace
X-Service-Response-Time
X-MSEdge-Flight
X-MSEdge-Features
Sm-Log-Id
X-Datacenter
X-Acquia-Application-UUID
Ngx
X-Acquia-Site
X-Acquia-Purge-Tags
Servername
X-Litespeed-Cache-Control
X-LAGOON
Load-Balancing
DataCenter
X-CSRF-TOKEN
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-RAMCache
Warning
X-VTEX-Cache-Backend-Header-Time
X-Ramcache
Edge-Copy-Time
Type
Fl-Custom-Application
X-Traceid
X-Th-Server
X-VTEX-Cache-Backend-Connect-Time
X-Requestid
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Snapshot-Date
X-DynaTrace
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Amz-Meta-S3b-Last-Modified
X-Origin-Upstream-Status
X-Dw-Trace-Id
Wpo-Cache-Message
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
Wpo-Cache-Status