Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
Permissions-Policy
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
X-Litespeed-Cache
Service-Worker-Allowed
X-ASPNET-VERSION
X-Content-Type
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Url
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-Vname
X-FTR-Request-ID
X-TtlSet
Cross-Origin-Opener-Policy
X-Daa-Tunnel
X-Edge
X-Mcache
X-Midtier
X-Server-Name
X-Browser-Type
Nginx-Cache
X-CST
X-Powered-By-Plesk
AR-Request-ID
AR-PoweredBy
AR-SID
AR-ATIME
X-Cnection
Accept-Ch
X-ESI
X-Cache-TTL
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
X-D2id
Edge-Control
X-Exp-Id
X-GoogleNews-Bot
Verso
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Upstream
X-ECACHE
X-Abt-Application-Version
X-B3-TraceId
X-Navigation-Version
X-Dw-Request-Base-Id
X-FastCGI-Cache
SPRequestDuration
Fastly-Restarts
SPIisLatency
X-Webkit-Csp
X-Mod-Pagespeed
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Client-IP
X-NF-Request-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-ARC
X-Goog-Hash
X-Ratelimit-Limit
X-PDP-UNCACHING-HASH
X-Mg-S
X-Powered-CMS
Display
Edge-Cache-Tag
Pagespeed
X-Middleton-Display
X-Sol
S
X-Oneagent-Js-Injection
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-Middleton-Response
Response
RTSS
X-TraceId
X-Ratelimit-Remaining
Realpath
X-Forwarded-For
X-Content-Digest
X-Fastly-Request-ID
X-Cache-Key
X-T
Cross-Origin-Resource-Policy
X-Correlation-Id
X-Recruiting
X-Varnish-TTL
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-TTL
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
Content-MD5
X-HS-Hub-Id
MS-Author-Via
X-HS-Content-Id
X-Ua-Browser
X-HS-Cache-Config
X-FTR-Balancer
X-Request-Received
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-Forwarded-Proto
X-Request-Processing-Time
X-Protected-By
X-FTR-Backend
X-Frontend
Payment
Server-Node
TP-Cache
X-LLID
X-PressLabs-Stats
Public-Key-Pins
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Ruxit-Js-Agent
Count-Hit
X-HS-Combine-CSS
X-FTR-Expires
X-Accel-Expires
X-GUploader-UploadID
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-LB-Cache
X-Origin-Server
X-Server-ID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-NODE
X-Ezoic-Cdn
X-Newrelic-App-Data
X-Microsite
X-Request-Handler-Origin-Region
X-Ttl
X-Www-Served-By
X-Varnish-Server
X-ORACLE-DMS-ECID
X-B3-TraceId-Primal
X-Az
X-Content-Security-Policy-Report-Only
MRF-Tech
Mrf-Cache-Status
X-Activity-Id
Accept-Charset
X-Cluster-Name
Host
X-AppVersion
X-App-Server
Cache-Tags
X-Varnish-Backend
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cleartype
X-Ua-Device
X-Goog-Metageneration
X-Hits
Server-Name
Filterid
X-Unique-Id
X-Git-Hash
Access-Control-Allow-Method
Surrogate-Key
X-Envoy-Decorator-Operation
X-Debug
X-CSRF-Token
X-NGENIX-Cache
X-Azure-Ref
X-Upgrade-Enabled
X-Load-Cache
X-Geo-Country
X-Hostname
X-Logged-In
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-FB-Debug
TCN
X-Tt-Trace-Tag
TP-L2-Cache
X-Tt-Trace-Host
X-Id
X-Amz-Apigw-Id
X-Proxy
X-Amzn-RequestId
X-Time
X-Seen-By
X-B
X-TT
Section-Io-Cache
X-Grace
X-B3-Sampled
DC
X-Cache-Control
X-Revision
X-Trace-Id
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Request-Guid
X-Aws-Lambda-Call-Status
Healthy
X-Contextid
X-Fb-Rlafr
Referer-Policy
X-Type
X-F-Cache
Viewport
X-N
X-Mobile
X-XRDS-LOCATION
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Stored-Content-Length
Fastly-SWR
Fastly-SIE
Paypal-Debug-Id
X-DIS-Request-ID
Content-Disposition
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Page-Id
X-Debug-Info
X-Px
X-Varnish-Grace
X-Via-JSL
X-Origin-Cache
X-Varnish-Ttl
X-Magnolia-Registration
Version
X-Whom
X-Webkit-CSP
X-Amz-Replication-Status
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
Charset
X-G
X-ProcessESI
X-RemovedCookies
X-UUID
X-Tumblr-Pixel-1
X-Tumblr-User
X-Node-Name
X-Debug-IsPreview
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Rule
X-Adobe-Content
X-Wix-Request-Id
X-App-Environment
X-Oracle-Dms-Ecid
X-Adobe-Loc
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Ratelimit-Reset
X-Storage
NGB
Ms-Operation-Id
X-Hl-Ver
MS-CV
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Source
X-Template
X-RTag
VIX-Pulpo-Node
X-Datadog-Sampled
X-FW-Hash
X-L-Path
X-Is-Bot
X-B-Cache
X-Instance
X-NYM-Debug-Backend
X-Signature
X-Rendered-As
X-Region
X-Proxy-Cache-Info
X-FW-Version
X-FW-Type
X-Environment-Context
X-Device-Type
X-Cacheable-TTL
X-Backend-Name
X-FW-Dynamic
X-FW-Serve
X-User-Agent
X-FW-Server
X-FW-Static
X-Cache-Grace
X-Status
X-ServerID
X-Wormhole-Sdk
GEO-INFO
X-Cache-Age
X-Rid
Country
ServerID
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Real-IP
Countrycode
X-URL
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
X-Cache-Hit
X-WP-CF-Super-Cache-Active
Akamai-GRN
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-RM-Cache-TTL
Amp-Access-Control-Allow-Source-Origin
Front
SRV
X-Language
X-Framework
X-B3-SpanId
OT-Force-Account-Verify
X-Sucuri-ID
X-AB
X-Sucuri-Cache
X-Air-Pt
X-Xrds-Location
X-Servername
X-UA
X-Content-Powered-By
X-Oracle-Dms-Rid
X-Akamai-Request-ID2
X-VC-Cache
From-Origin
X-Ismobilevalue
X-VC
X-Mode
Backend
Xet-Cookie
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-WebKit-CSP-Report-Only
X-DataDome
Upgrade-Insecure-Requests
X-Cache-Time
Refresh
X-Handled-By
Accept-Language
X-HTML-Minification-Powered-By
X-SRV
Access-Control-Request-Headers
X-Cache-Status-Check
Webserver
X-JoinUs
X-UPSTREAM-Address
Meta-Geo
X-RID
LB
X-SaId
Cache
Filters
X-Xfnlog-Site
X-Rn-Rsrv
X-Rewrite-Enabled
X-RCS-CacheZone
TWC-Connection-Speed
X-Adobe-Source
X-Git-Commit
X-Labrador-Cache-Channel
X-S
TWC-Device-Class
X-Cache-Operation
X-R9-Blue-Green-Version
X-AWS-Id
Webcakes-Region
TWC-GeoIP-Country
X-No-Session
ServedBy
X-Cache-Rule
X-Tumblr-Pixel-2
Property-Id
Webcakes-App-Version
X-Proxied
TWC-Privacy
X-Lambda-Id
X-Container-Uri
X-INCAP-ABP
X-Zipkin-Id
X-Origin-Hint
X-Generated-By
X-Routing-Service
Webcakes-App-Name
TWC-Locale-Group
X-Origin-Date
X-VWS-Id
X-Cms-Context
TWC-GeoIP-LatLong
X-Webstats-RespID
X-Reqid
X-Provided-By
X-Nginx-Cache
X-Hosted-By
X-Varnish-Age
X-Cloudmap
X-Cluster
X-Extlb
X-PHP-Host
X-LJ-Flow-ID
X-Ms-Request-Id
Apigw-Requestid
X-Logging-Id
X-Tt-Logid
X-Edge-Location
Atl-Traceid
X-Ms-Version
X-Is-Tablet
X-ProxyCache-Key
X-Locale
X-Browser-Name
X-Fetched-On
Url
X-Fastly-Request-Id
Web-Mar-Node
X-Tb
X-Is-Supported-Browser
X-Tcp-Rtt
X-Skip-Cache
X-Loop
X-Site-Version
X-Api-Version
Section-Io-Id
X-Served-From
X-Web-Node
Mn-Server-Ip
X-Cache-Debug
X-Restarts
X-Geo-Region
X-Httpd
X-Tncms
X-IPLB-Instance
X-IPLB-Request-ID
X-Is-Mobile
X-Is-Desktop
X-ProxyCache-Status
X-Forwarded-Host
X-Accel-Version
X-Redis-Cache
X-ECache
X-BYPASS-REASON
X-Akamai-Edgescape
Selected-Fe
X-Detected-As
X-Director
X-Alternate-Cache-Key
X-Format
X-Frame-Option
X-Cache-Host
X-Say-TTL
X-Soup
X-Storefront-Renderer-Rendered
X-Scope-Id
X-SayCDN-TTL
X-Say-Cacheable
X-Timing-Wait
X-Upstream-Ct
X-Varnish-Cache-Hits
X-VCT
X-Varnish-Beresp-Grace
X-Nf-Request-Id
X-Upstream-Ht
X-Endurance-Cache-Level
X-Shopify-Stage
X-Optimistic-Header
X-Origin
X-Proxy-Build
X-GeoCountry
X-GeoCode
X-RateLimit-Limit
X-Request-URI
Frame-Options
Xserver
X-ShopId
X-Sorting-Hat-ShopId
X-Azure-Ref-OriginShield
X-ShardId
X-Sorting-Hat-PodId
X-Mg-Request-UUID
Onion-Location
X-Lagoon
X-WP-CF-Super-Cache-Cookies-Bypass
Expiry
X-Connection-Hash
X-Vcache
X-Drupal-Cache-Tags
WPO-Cache-Status
X-Vcl-Version
WPO-Cache-Message
X-Generation-Time
X-Origin-CC
Source
Protected
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Shield-Cache-Expires
X-CMSURLCustom
X-ID
X-Cdn-Origin
X-Cache-Expired-At
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Cdn-Requestid
TDXMobile
X-Thinkindot-L3
Fastcgi-Useragent
X-CDN-Forward
Cache-Hits
Environment
X-Fastcgi-Cache
X-Vercel-Id
X-Worker
X-PHP-Backend
X-Vercel-Cache
X-Pass-Why
X-Rocket-Nginx-Serving-Static
X-TA-CDN-Provider
Priority
X-Proxy-Cache-Status
X-Cache-Action
X-GEO
Azure-SlotName
Azure-RegionName
Azure-Version
Azure-InstanceId
Azure-SiteName
X-Origin-Cache-Key
X-RateLimit-Reset
Uber-Trace-Id
Node
X-Buckets
X-App-Version
X-Cluster-Node
Sid
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-RequestCountryCode
CDN-PullZone
Locale
X-Urbn-Context-Path
CDN-RequestPullCode
Cross-Origin-Embedder-Policy
X-Urbn-Site-Id
CDN-RequestPullSuccess
CDN-Uid
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Tumblr-Pixel-3
CF-IPCountry
X-XRDS-Location
Cache-Tv-Group
X-FB-TRIP-ID
X-Server-W
X-Auth-Group-Type
X-Cache-Server
DB-Nickname
X-Pad
X-B3-Traceid
X-Tx-Id
User-Cache-Control
Alternate-Protocol
HostName
X-A
Rendered-Blocks
X-Dispatcher-Server
Odigeo-Trace-Id
X-Varnish-CookieINHashed-On
X-Via-Fastly
Content-Secure-Policy
X-Ig-Origin-Region
X-Ig-Push-State
DCR-Decision-By
X-Developer
Edge-Cache
X-DefHash
Candidate-Md5Url
X-ND-Cache
X-Aed
X-Hnp-Log
Origin
DCR-Processing-Time-Ms
X-Ec-Fail
X-Vtex-Remote-Cache
X-Block-Status
X-Epic-Correlation-Id
X-Esi-Check
Cdn-Request-Time
X-Fastly-Backend
X-Cache-Id
Cdn-Host
X-Service
X-Edge-Server
X-GeoIP-City
X-Bc-Bl
X-A-Dgt
X-BCube-Filmed-By
X-Ec-GeoHdr
X-Gen-Mode
X-Bl-Debug
Origin-Agent-Cluster
X-Gzip
X-A-Wwc
X-ScT
X-Varnish-Remaining-TTL
X-Content-Age
MD5-Digest
Magicmarker
X-SB
X-Op-Id-All
X-Rojux
X-Varnish-CookieHashed-On
Meta-Geo-Continent
X-SRCache-Key
X-V-Cache
X-Jobs
X-TIM-N
Surrogated-Key
Sslversion
X-Conf
T-Server
Ngx.Var.Host
X-Core-Value
X-Req
X-Cache-NE
X-Vdms-Version
X-A-Dam
X-A-Dcw
Gannett-Cam-Experience-Id
X-Org
X-Origin-Expires
X-DefElseHash
X-UA-Device-Type
X-A-Ccd
A
X-Custom-Header
Lang
Wxu-Next-Region
X-D
X-Cache-TTL-Remaining
Wxu-Next-Commit
Wxu-Next-Hostname
X-Client-Ip
Mime-Version
X-DC
X-Cache-Info
Req-ID
X-CacheTTL
X-AK-Request-ID
Vix-Hermes-Req-Id
Sever-Int
X-Cdn-Srv
Server-Hostname
V-Age
Tube-Return
Ssr
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
X-Bip
Server-Host
Server-Ext
RNT-Time
X-Backend-Instance
X-B3-Trace-ID
X-Aicache-OS
X-Amz-Storage-Class
X-App-Name
X-Auto-Login
RNT-Machine
X-GeoIP-Region-Code
X-Scheme
X-Request-Time
X-SD-PageType
X-Server-IP
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Region-Sid
X-RateLimit-Remaining-Second
X-Policy
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-RateLimit-Limit-Second
X-Pubstack
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-WA-Info
X-Wikidot-Backend
XM
X-Wikidot-Static-Cache
X-Viewer-Country
X-VG-WebCache
X-Thanos
X-Test
X-Varnish-Director
X-Varnish-Hostname
X-VG-TLSProxy
X-VarnishDD-TTL
X-PAYTM-SRV-ID
X-Origin-Time
X-Geo-Header
X-Generated-On
X-GeoIP
X-GeoIP-Country-Code
X-GoCache-CacheStatus
Producers
X-Gdpr
X-Forwarded-Site
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-DPWN-IS-SECURE
X-Fastly-Cache
X-Fmm-Version
X-FC-Vary-Parameters
X-HN
X-HS-Content-Campaign-Id
X-NMSegId
X-Nginx-Cache-Key
X-Node-Id
X-NodeID
X-Origin-Response-Time
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Loc
X-Level-Front-Cache
X-LSADC-Cache
X-Men
X-Micro-Cache
X-Clientip
X-Cache-Bucket
Content-Style-Type
Country-Code
Is-Eu
X-NGINX-Cache
Cache-Provider
Fusion-Template-Id
Content-Script-Type
C-Via
Cdnsip
X-Dc
Fastly-SSL
Fastly-Backend-Name
AKAMAI
Esi-Enabled
Host-ID
Adler-Geo
Fusion-Deployment-Id
Fusion-Source
Platform
PFcat
Fusion-Content-Source
Powered-By
Click-Count-Error
Cdncip
Click-Count-Action-Start
Origin-CC
Origin-EX
Fusion-Component-Id
Fusion-Content-Id
CDCHOST
NM-Fastcgi-Cache
Apple-News-Services-Host
Canary
Apple-News-Services-Parsed-Url
X-Varnish-Beresp-Status
Cache-Key
Apple-News-Services-Request-Url
X-CGP
X-Varnish-Authentication
X-Var-Ttl
X-Slack-Backend
X-Proxied-Request
Pramga
X-Eu-Site
X-Ec-Custom-Error
X-Pool
X-Mvc-Supplant-OutputCached
X-Human
X-Location
X-Hash
X-Device-Os
X-Request-Host
X-CUA
X-Csrf-Jwt
Apple-News-Services-Handled
X-Slack-Shared-Secret-Outcome
X-Date
X-Depends
X-Request-Start
X-Section
X-Contensis-Viewer-Groups
X-Cache-Aspx
We-Hiring
Yak-Timeinfo
W
Web-Mar-Region
HA-Ipaddr
Gh-Request-Id
Ha-Gx-Prefs
L
L5d-Success-Class
Req-Svc-Chain
Release
Proxy-Firewall
On-Server
True-Client-Country-4JS
Mail-Subject
NGX
Fastly-GeoIP-CountryCode
Machine
X-BBC-Edge-Cache-Status
X-Varnishpool
X-We-Are-Hiring
DSUID
Cluster
X-Accel-Expires-Debug
X-Access
X-HITS
X-Varnish-Beresp-Ttl
X-LiteSpeed-Cache-Control
X-Cache-FS-Status
X-AIR-PT
X-From
X-Varnish-Hits
X-Up
X-NCache
X-Akamai-Transformed
X-MP-GENERATED-AT
X-Cs
X-Zone
WP-Super-Cache
CDN-RequestId
Server-Info
Redirect-Candidate
Debug
X-Jungle-Id
X-LB-ID
BehaviorPad-Version
X-Refresh
X-Vdms-Path
X-Cache-Backend
CloudFront-Viewer-Country
X-Tec-Api-Version
SID
X-Tec-Api-Origin
X-Tec-Api-Root
Fastly-Drupal-HTML
X-Via-Popv
X-HA-Backend
X-APP
X-Servedbyhost
X-Via-Popn
X-Via-Poph
Pics-Label
X-Uri
X-Parent-Response-Time
GeoIP-Latitude
X-B3-Parentspanid
X-Newrelic-Synthetics
X-VHOST
X-CACHE-AGE
X-M-Reqid
X-M-Log
X-Datadome
X-Render-Time
X-PERF
X-Nananana
X-Content-Length
X-VC-TTL
X-ApacheServer
Fastly-Drupal-Html
X-Nc
X-LB-NoCache
X-Litespeed-Tag
Resin-Trace
X-CS
Datacenter
X-Cached-By
X-CDN-Cache-Status
X-CACHE-KEY
X-DynaTrace-JS-Agent
NtCoent-Length
X-Wa
X-LiteSpeed-Tag
X-Amz-Meta-Cb-Modifiedtime
X-Response-Served-From
Locid
X-Original-Request-Id
Server-ID
X-ZONE
GeoIp-Country-Code
X-RequestId
Cdn
X-Dispatcher-Number
X-TT-LOGID
Vc-Max-Age
X-B3-Spanid
Product
X-VCache
X-Varnish-Beresp-TTL
Cf-Ipcountry
X-IAuth-Set-Uid
X-Fpc
X-Old-Content-Length
FSS-Cache
Srv
X-NewRelic-App-Data
Ngx-Var-Key
Serverhost
True-Client-Ip
True-Client-IP
X-Esi
X-Ckpd-Fst-Backend
Uri
X-SERVER-NAME
X-HostName
CDN
X-TX-ID
X-Srv
X-Bug-Bounty
X-Nf-Country
X-Nf-Language
ServerName
X-Cdn-Forward
X-Nf-Ats-Version
X-Vgn-Hpd-Reason
X-Platform-Router
X-HubSpot-Correlation-Id
X-Platform-Cluster
X-Platform-Processor
X-TH-Server
GeoIP-Country-Code
X-Moov-Xdn-Version
Tcn
X-FPC
S-Rt
X-Moov-T
X-Cdn-Cache-Status
X-Oracle-DMS-ECID
X-TIME
X-Dynatrace-Js-Agent
X-WA
X-Webkit-Csp-Report-Only
Request-ID
CacheControlHeader
X-Vc
Server-Id
X-APP-VERSION
X-Dispatch
Cf-Device-Type
Cross-Origin-Embedder-Policy-Report-Only
X-Vmg-Version
X-Akamai-Device-Characteristics
X-Destination
User-Agent
X-NC
X-External-Request-Id
X-B-Cookie
X-User
X-Application
X-S-Cookie
X-COUNTRY
Hostname
X-Gamma-Serve
ServerHost
Srvid
X-Info
X-Lb-Nocache
X-FL-QIT-DEBUG
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Geoip-Latitude
X-Zen-Fury
X-API-Version
X-Presslabs-Stats
Ohc-File-Size
Cneonction
Xc-Version
X-Via-PopH
X-Ha-Backend
X-Via-PopN
X-Rocket-Build-Number
X-Via-PopV
X-Geo
X-Instance-Name
X-Cache-Date
X-Sigma-Backend
X-Sigma
X-Segment-20210421
X-VServer
X-ServedByHost
Expect-Staple
PICS-Label
Origin-Trial
X-Hit
X-VCL-Version
X-Branch-Name
X-Amz-Meta-Opti
Epwk-X-Cache
Cloudfront-Viewer-Country
X-V
X-App
X-Correlation-ID
X-Limited
X-Ua
X-Akamai-Pragma-Client-IP
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MiniProfiler-Ids
Load-Balancing
WZWS-RAY
X-Eligible
DataCenter
N-Cache
Ohc-Cache-HIT
X-Lb-Id
X-Rollout
X-Serial
X-Check-Cacheable
X-Platform-Server
Permission-Policy
X-DataCenter
X-New
X-DynaTrace
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Sqd-Ctime
X-Acquia-Site
Type
X-Web-Server
Timeexpire
Warning
X-Acquia-Purge-Tags
Cmsid
Cmstype
X-Sqd-Stime
XkeyRZ
Sm-Log-Id
X-Datacenter
X-VTEX-Cache-Backend-Connect-Time
X-Acquia-Application-UUID
X-MSEdge-Features
X-Service-Response-Time
X-VTEX-Cache-Backend-Header-Time
X-Acquia-Application-Trace
X-MSEdge-Flight
X-Proxy-CacheRZ
X-CSRF-TOKEN
CountryCode
Servername
X-Litespeed-Cache-Control
X-LAGOON
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Wpo-Cache-Message
Wpo-Cache-Status
Fl-Custom-Application
X-Fastly-Backend-Reqs
Cross-Origin-Opener-Policy-Report-Only
X-Th-Server
X-Ramcache
X-Snapshot-Date
X-RAMCache
X-Requestid
X-Irp-Debug
X-Owner
X-Core-Mission
Ngx
X-Amz-Meta-S3b-Last-Modified
X-IN-APIGATEWAYSSL
X-Origin-Upstream-Status
X-Shardid
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Shopid