Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
X-AspNet-Version
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
Permissions-Policy
X-UA-Device
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-CST
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Edge
X-Mcache
X-Browser-Type
X-Midtier
X-Litespeed-Cache
X-Server-Name
X-Powered-By-Plesk
X-Cnection
AR-PoweredBy
AR-SID
AR-ATIME
AR-Request-ID
Accept-Ch
X-ESI
X-Cache-TTL
X-D2id
X-Element-Page-Cache
X-Ac
Edge-Control
X-GoogleNews-Bot
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
Verso
X-MS-InvokeApp
X-Upstream
X-Vcap-Request-Id
X-FastCGI-Cache
AR-CACHE
X-Ser
X-Abt-Application-Version
X-B3-TraceId
X-ECACHE
X-Navigation-Version
X-ASPNET-VERSION
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
Fastly-Restarts
X-Mod-Pagespeed
X-Webkit-Csp
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-NF-Request-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Client-IP
X-Ratelimit-Limit
X-Mg-S
X-Goog-Hash
X-ARC
Edge-Cache-Tag
X-Powered-CMS
S
X-Sol
Display
X-Middleton-Display
Pagespeed
X-Oneagent-Js-Injection
X-PDP-UNCACHING-HASH
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-VARITI-CCR
Response
X-Middleton-Response
RTSS
X-Cache-Key
X-Content-Digest
X-TraceId
X-Ratelimit-Remaining
X-TTL
Realpath
Cross-Origin-Resource-Policy
X-T
X-Fastly-Request-ID
X-Forwarded-For
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
X-Varnish-TTL
Fastcgi-Cache
X-Cached
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
MS-Author-Via
X-Protected-By
X-FTR-Balancer
X-HS-Content-Id
X-HS-Hub-Id
X-Ua-Browser
X-HS-Cache-Config
X-FTR-Cache-Status
X-Country-Code-Real
Content-MD5
X-FTR-Backend
X-FTR-Backend-Server
X-Request-Received
X-Request-Processing-Time
X-Forwarded-Proto
Server-Node
TP-Cache
X-LLID
X-Frontend
Payment
Public-Key-Pins
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-HS-Combine-CSS
X-FTR-Expires
Count-Hit
X-Accel-Expires
X-Kong-Proxy-Latency
X-GUploader-UploadID
X-Distributor
X-Kong-Upstream-Latency
X-PressLabs-Stats
X-Origin-Server
X-Server-ID
X-LB-Cache
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-NODE
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Aws-Lambda-Call-Status
X-Varnish-Server
X-Az
X-AppVersion
X-Activity-Id
X-Cluster-Name
Host
Accept-Charset
X-Www-Served-By
MRF-Tech
X-Varnish-Backend
Mrf-Cache-Status
Cache-Tags
X-B3-TraceId-Primal
X-App-Server
X-Content-Security-Policy-Report-Only
X-Amz-Meta-S3cmd-Attrs
Retry-After
Cleartype
X-Newrelic-App-Data
X-ORACLE-DMS-ECID
X-Ua-Device
Server-Name
X-Goog-Metageneration
Filterid
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Unique-Id
X-Ttl
X-Git-Hash
X-Envoy-Decorator-Operation
X-Hostname
X-Hits
X-Azure-Ref
X-Upgrade-Enabled
Access-Control-Allow-Method
X-CSRF-Token
X-Load-Cache
X-Debug
X-NGENIX-Cache
X-Geo-Country
X-Logged-In
TP-L2-Cache
Surrogate-Key
X-Time
X-FB-Debug
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Seen-By
X-Proxy
Referer-Policy
TCN
X-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B
X-CCDN-CacheTTL
Section-Io-Cache
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Grace
X-B3-Sampled
X-Revision
X-Trace-Id
X-Request-Guid
X-F-Cache
X-TT
DC
X-Contextid
X-Type
X-Fb-Rlafr
X-Cache-Control
Healthy
Viewport
X-DIS-Request-ID
X-XRDS-LOCATION
X-N
Paypal-Debug-Id
X-Mobile
Fastly-SIE
Fastly-SWR
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Debug-Info
X-Page-Id
Content-Disposition
X-WP-CF-Super-Cache-Cache-Control
X-Px
X-WP-CF-Super-Cache
X-Varnish-Ttl
X-Varnish-Grace
X-Oracle-Dms-Ecid
X-Via-JSL
X-Origin-Cache
X-Whom
Version
X-Webkit-CSP
X-Magnolia-Registration
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
X-Amz-Replication-Status
X-Template
Charset
X-UUID
X-RemovedCookies
X-Wix-Request-Id
X-G
X-ProcessESI
X-Debug-IsConnected
X-Adobe-Loc
X-App-Environment
X-Adobe-Content
X-Debug-IsPreview
X-Node-Name
X-Rule
MS-CV
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
Ms-Operation-Id
X-RTag
SD-X-WS
X-B-Cache
X-Hl-Ver
X-Cache-Grace
VIX-Pulpo-Upstream-Status
NGB
X-Signature
VIX-Pulpo-Node
X-Source
X-Storage
ServerID
X-FW-Server
X-NYM-Debug-Backend
X-L-Path
X-Is-Bot
X-Region
X-Rendered-As
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-User-Agent
X-Instance
X-FW-Version
X-Environment-Context
X-Datadog-Sampled
X-Cacheable-TTL
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-FW-Static
X-FW-Serve
X-Backend-Name
X-Proxy-Cache-Info
X-EdgeConnect-Cache-Status
X-ServerID
X-Status
Country
X-Device-Type
X-NWS-UUID-VERIFY
X-Rid
X-Cache-Hit
GEO-INFO
X-Real-IP
Cross-Origin-Window-Policy
X-IPS-LoggedIn
X-Ratelimit-Reset
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-Cache-Age
Liferay-Portal
X-B3-SpanId
X-Wormhole-Sdk
X-Language
Countrycode
SRV
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
Front
X-Sucuri-ID
X-Sucuri-Cache
X-Framework
OT-Force-Account-Verify
X-Air-Pt
X-Servername
Amp-Access-Control-Allow-Source-Origin
X-UA
X-AB
X-VC-Cache
X-Oracle-Dms-Rid
From-Origin
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Air-Hostname
X-Mode
Xet-Cookie
X-Air-Source
X-Air-Trace-Id
Backend
Upgrade-Insecure-Requests
X-VC
X-DataDome
X-Cache-Time
X-Ismobilevalue
Refresh
X-URL
X-Handled-By
X-Xrds-Location
Accept-Language
X-SRV
X-INCAP-ABP
X-Origin-Cache-Key
X-Endurance-Cache-Level
Meta-Geo
X-RID
Filters
X-Rn-Rsrv
Webserver
X-Xfnlog-Site
X-Rewrite-Enabled
Cache
X-RCS-CacheZone
X-UPSTREAM-Address
X-Cache-Status-Check
X-JoinUs
X-SaId
X-PHP-Host
X-Cluster
X-Cloudmap
X-Provided-By
X-Origin-Hint
X-AWS-Id
X-Origin-Date
LB
X-Generated-By
X-Edge-Location
X-Cache-Operation
X-Reqid
X-Extlb
X-Cache-Rule
X-Container-Uri
X-R9-Blue-Green-Version
X-Cms-Context
X-Adobe-Source
Access-Control-Request-Headers
X-Git-Commit
TWC-Locale-Group
X-Hosted-By
TWC-GeoIP-LatLong
Property-Id
TWC-Device-Class
TWC-Connection-Speed
ServedBy
TWC-Privacy
X-Labrador-Cache-Channel
Webcakes-App-Version
X-HTML-Minification-Powered-By
Webcakes-Region
Webcakes-App-Name
X-No-Session
X-Lambda-Id
X-LJ-Flow-ID
TWC-GeoIP-Country
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Tumblr-Pixel-2
X-Varnish-Age
X-VWS-Id
X-Skip-Cache
Url
X-Scope-Id
X-Api-Version
X-Site-Version
X-ProxyCache-Key
X-Locale
Web-Mar-Node
Section-Io-Id
Mn-Server-Ip
X-IPLB-Request-ID
X-Ms-Request-Id
Apigw-Requestid
X-IPLB-Instance
X-Httpd
X-Tncms
X-Loop
X-ProxyCache-Status
X-Ms-Version
X-Tb
X-S
X-Nginx-Cache
X-Web-Node
X-Redis-Cache
X-Webstats-RespID
X-Fetched-On
X-Forwarded-Host
X-Restarts
X-Fastly-Request-Id
X-Cache-Debug
X-Akamai-Edgescape
X-BYPASS-REASON
X-Accel-Version
X-Is-Tablet
X-Is-Supported-Browser
X-Format
X-Detected-As
X-Director
X-Geo-Region
X-Is-Mobile
X-Soup
X-Is-Desktop
X-Varnish-Cache-Hits
X-Tcp-Rtt
X-Say-Cacheable
X-ECache
X-Cache-Host
X-Browser-Name
X-Varnish-Beresp-Grace
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Frame-Option
X-Nf-Request-Id
X-Say-TTL
Frame-Options
X-Upstream-Ct
X-Logging-Id
X-Served-From
X-Shopify-Stage
X-Azure-Ref-OriginShield
X-Upstream-Ht
X-SayCDN-TTL
X-Origin
Atl-Traceid
X-GeoCountry
X-GeoCode
Xserver
X-RateLimit-Limit
X-VCT
X-ShopId
X-Request-URI
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Timing-Wait
X-Tt-Logid
X-Proxy-Build
Selected-Fe
X-Drupal-Cache-Tags
X-Lagoon
X-Optimistic-Header
X-Vcache
X-Generation-Time
X-CMSURLCustom
Onion-Location
X-Shield-Cache-Expires
TDXMobile
X-Thinkindot-L3
X-Origin-CC
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Origin-TTL
Thinkindot-CacheControl
WPO-Cache-Status
WPO-Cache-Message
X-Connection-Hash
Expiry
X-Drupal-Cache-Contexts
X-CDN-Forward
Protected
X-TA-CDN-Provider
X-Cdn-Origin
X-WP-CF-Super-Cache-Cookies-Bypass
Cache-Hits
X-RateLimit-Reset
X-Mg-Request-UUID
Source
Cdn-Requestid
X-ID
X-Cache-Expired-At
X-Vcl-Version
X-Vercel-Cache
X-Vercel-Id
X-Worker
X-XRDS-Location
Priority
X-Pass-Why
Environment
Azure-Version
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Buckets
AMP-Access-Control-Allow-Source-Origin
X-Rocket-Nginx-Serving-Static
Fastcgi-Useragent
Azure-SiteName
X-Proxy-Cache-Status
X-GEO
X-Cache-Action
Node
X-PHP-Backend
Uber-Trace-Id
X-App-Version
Sid
CDN-CachedAt
CDN-Cache
CDN-PullZone
CDN-EdgeStorageId
Cross-Origin-Embedder-Policy
CDN-Uid
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
X-Cluster-Node
X-Client-Ip
X-Tumblr-Pixel-3
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Aspnetmvc-Version
X-Cache-Server
X-Server-W
Cache-Tv-Group
DB-Nickname
X-FB-TRIP-ID
X-Auth-Group-Type
CF-IPCountry
X-Fastcgi-Cache
X-Pad
X-B3-Traceid
X-HITS
Alternate-Protocol
User-Cache-Control
X-Tx-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-A
Fusion-Source
Fusion-Component-Id
X-Jobs
X-Fastly-Backend
X-Service
X-GeoIP-City
X-Hnp-Log
X-Aed
X-Ig-Origin-Region
X-Gzip
DCR-Processing-Time-Ms
X-Gen-Mode
X-Generated-On
DCR-Decision-By
Content-Secure-Policy
X-BCube-Filmed-By
X-Content-Age
X-Conf
X-Core-Value
X-Custom-Header
X-D
X-Cache-Id
X-Cache-TTL-Remaining
Cdn-Request-Time
Cdn-Host
X-Cache-NE
Candidate-Md5Url
X-Block-Status
X-Bl-Debug
X-Ec-Fail
X-Ig-Push-State
X-Ec-GeoHdr
X-Edge-Server
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Device-Os
A
X-DefElseHash
X-DefHash
X-Developer
X-Esi-Check
X-A-Dam
Surrogated-Key
T-Server
X-SRCache-Key
Ngx.Var.Host
Sslversion
Odigeo-Trace-Id
X-ScT
Meta-Geo-Continent
X-Req
Magicmarker
X-Level-Front-Cache
X-Rojux
X-SB
X-TIM-N
X-UA-Device-Type
X-Viewer-Country
X-Via-Fastly
HostName
X-Vtex-Remote-Cache
Rendered-Blocks
X-Vdms-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-V-Cache
X-Varnish-CookieINHashed-On
Origin
Origin-Agent-Cluster
Lang
MD5-Digest
Gannett-Cam-Experience-Id
X-A-Dcw
Wxu-Next-Region
X-Origin-Expires
X-A-Ccd
X-Org
X-Op-Id-All
Wxu-Next-Hostname
X-A-Dgt
Wxu-Next-Commit
Edge-Cache
X-ND-Cache
X-A-Wwc
X-LSADC-Cache
Mime-Version
X-DC
X-Wikidot-Static-Cache
X-Cache-Bucket
Tube-Get-Contents
Server-Host
V-Age
Tube-Return
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Eval
X-Ad-Load-Variation
RNT-Machine
RNT-Time
Server-Hostname
X-AK-Request-ID
X-Amz-Storage-Class
Tube-Got-Results
Ssr
X-App-Name
X-Cache-Info
X-B3-Trace-ID
Sever-Int
Vix-Hermes-Req-Id
X-Bc-Bl
X-Backend-Instance
X-Auto-Login
X-GeoIP
X-Request-Time
X-Region-Sid
X-Scheme
X-SD-PageType
X-Sn-Servicetimems
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-Pubstack
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
XM
X-VG-WebCache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Backend
X-VG-TLSProxy
X-VarnishDD-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Varnish-Director
X-Varnish-Hostname
X-PAYTM-SRV-ID
X-Origin-Time
X-Geo-Header
X-Gdpr
Producers
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Fmm-Version
X-FC-Vary-Parameters
X-Debug-Cache-Fetch
X-Cdn-Srv
X-Debug-Cache-Store
X-DPWN-IS-SECURE
X-Fastly-Cache
X-GoCache-CacheStatus
X-HN
X-NMSegId
X-Nginx-Cache-Key
X-NodeID
X-Nyt-Route
X-Origin-Response-Time
X-Mvc-Supplant-Cachable
X-Mly-Id
X-HS-Content-Campaign-Id
X-Loc
X-Men
X-Micro-Cache
X-CacheTTL
Server-Ext
Fastly-Backend-Name
Cache-Provider
Esi-Enabled
Fastly-SSL
C-Via
AKAMAI
X-Dc
Host-ID
CDCHOST
Cdncip
Click-Count-Error
Content-Style-Type
Content-Script-Type
Country-Code
X-NGINX-Cache
Cdnsip
Click-Count-Action-Start
Adler-Geo
Is-Eu
Platform
Powered-By
NM-Fastcgi-Cache
Origin-CC
PFcat
Origin-EX
Canary
X-Varnish-Authentication
X-Eu-Site
X-Pool
X-Varnish-Beresp-Status
X-Hash
X-BBC-Edge-Cache-Status
X-Human
Proxy-Firewall
X-Location
X-Bip
X-Forwarded-Site
Cache-Key
X-CGP
X-Date
Apple-News-Services-Handled
Cluster
X-Slack-Backend
X-Node-Id
X-Depends
X-Thanos
X-Ec-Custom-Error
Apple-News-Services-Host
X-Clientip
X-Aicache-OS
X-Contensis-Viewer-Groups
Apple-News-Services-Request-Url
X-Csrf-Jwt
Apple-News-Services-Parsed-Url
X-Mvc-Supplant-OutputCached
X-Cache-Aspx
L
L5d-Success-Class
Machine
W
We-Hiring
Ha-Gx-Prefs
HA-Ipaddr
Web-Mar-Region
Mail-Subject
X-Section
Req-Svc-Chain
Req-ID
Pramga
X-Server-IP
X-We-Are-Hiring
NGX
X-Slack-Shared-Secret-Outcome
On-Server
Gh-Request-Id
True-Client-Country-4JS
X-Access
X-Proxied-Request
X-Request-Host
X-LiteSpeed-Cache-Control
X-WA-Info
X-Accel-Expires-Debug
Fastly-GeoIP-CountryCode
X-Varnish-Beresp-Ttl
X-Request-Start
Yak-Timeinfo
X-Up
X-Varnishpool
X-From
X-Var-Ttl
X-MP-GENERATED-AT
Release
DSUID
X-CUA
X-NCache
X-AIR-PT
X-Zone
X-Varnish-Hits
X-Jungle-Id
X-Cache-FS-Status
WP-Super-Cache
X-Akamai-Transformed
CDN-RequestId
Redirect-Candidate
X-Vdms-Path
X-Cache-Backend
CloudFront-Viewer-Country
Debug
X-Cs
Server-Info
X-CACHE-AGE
X-Uri
X-LB-ID
X-Refresh
X-Tec-Api-Root
X-Tec-Api-Version
SID
X-Tec-Api-Origin
Fastly-Drupal-HTML
X-HA-Backend
BehaviorPad-Version
X-Servedbyhost
X-Via-Poph
Pics-Label
X-Nananana
X-Via-Popv
X-Via-Popn
X-Parent-Response-Time
X-PERF
X-Newrelic-Synthetics
X-VHOST
GeoIP-Latitude
X-APP
X-ApacheServer
X-Render-Time
X-Datadome
X-M-Log
X-M-Reqid
X-VC-TTL
X-B3-Parentspanid
X-CS
X-SERVER-NAME
Fastly-Drupal-Html
X-LB-NoCache
X-Response-Served-From
X-Cached-By
X-CDN-Cache-Status
X-Content-Length
X-Original-Request-Id
X-Nc
Locid
Resin-Trace
Datacenter
X-NewRelic-App-Data
X-DynaTrace-JS-Agent
X-TT-LOGID
X-Litespeed-Tag
X-Wa
X-LiteSpeed-Tag
GeoIp-Country-Code
Server-ID
X-IAuth-Set-Uid
Cf-Ipcountry
X-Amz-Meta-Cb-Modifiedtime
Cdn
Vc-Max-Age
X-RequestId
X-VCache
X-Varnish-Beresp-TTL
X-ZONE
X-Old-Content-Length
X-Dispatcher-Number
NtCoent-Length
Uri
Srv
True-Client-IP
Ngx-Var-Key
FSS-Cache
Product
X-Fpc
X-Nf-Language
X-Nf-Country
X-Nf-Ats-Version
X-Esi
X-Platform-Cluster
X-Platform-Router
X-CACHE-KEY
CDN
X-B3-Spanid
X-Platform-Processor
X-Vgn-Hpd-Reason
X-Srv
X-TX-ID
X-HostName
X-TH-Server
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Moov-Xdn-Version
Serverhost
X-Moov-T
True-Client-Ip
X-Ckpd-Fst-Backend
X-Cdn-Forward
X-HubSpot-Correlation-Id
X-FPC
X-Vc
Tcn
X-Bug-Bounty
S-Rt
X-Dynatrace-Js-Agent
ServerName
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-TIME
CacheControlHeader
Cf-Device-Type
Cross-Origin-Embedder-Policy-Report-Only
X-WA
GeoIP-Country-Code
Request-ID
X-Application
Server-Id
X-B-Cookie
X-S-Cookie
X-Destination
X-External-Request-Id
X-APP-VERSION
X-Cdn-Cache-Status
X-Dispatch
X-User
X-NC
Hostname
X-Zen-Fury
X-COUNTRY
Srvid
User-Agent
Geoip-Latitude
X-Akamai-Device-Characteristics
X-Vmg-Version
X-FL-QIT-DEBUG
X-Cache-Date
X-Lb-Nocache
X-Instance-Name
X-Rocket-Build-Number
X-Sigma-Backend
X-Webkit-Csp-Report-Only
X-Sigma
X-Ha-Backend
X-API-Version
X-Geo
X-VServer
X-Gamma-Serve
X-Info
X-Segment-20210421
ServerHost
X-Via-PopV
Ohc-File-Size
X-Via-PopH
X-Via-PopN
PICS-Label
Xc-Version
X-ServedByHost
X-Branch-Name
Origin-Trial
Cneonction
X-VCL-Version
Expect-Staple
Epwk-X-Cache
Cloudfront-Viewer-Country
DataCenter
X-Hit
Load-Balancing
X-Amz-Meta-Opti
X-Akamai-Pragma-Client-IP
X-App
X-DynaTrace
X-Ua
X-DataCenter
X-Correlation-ID
X-Limited
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
CountryCode
Ohc-Cache-HIT
X-Lb-Id
X-V
X-Check-Cacheable
Type
X-Serial
X-MiniProfiler-Ids
X-Wp-Cf-Super-Cache
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Owner
Cmsid
X-Irp-Debug
X-Acquia-Application-Trace
X-New
X-Acquia-Purge-Tags
X-Web-Server
X-Sqd-Ctime
X-Rollout
X-Eligible
X-Acquia-Site
X-Acquia-Application-UUID
WZWS-RAY
Permission-Policy
Warning
X-Sqd-Stime
N-Cache
Timeexpire
Cross-Origin-Opener-Policy-Report-Only
Cmstype
X-MSEdge-Flight
Sm-Log-Id
X-Platform-Server
X-Fastly-Backend-Reqs
X-Datacenter
X-MSEdge-Features
X-Service-Response-Time
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-LAGOON
Servername
X-RAMCache
Wpo-Cache-Message
Edge-Copy-Time
X-Th-Server
Cl-Cache
Wpo-Cache-Status
X-Via-SSL
X-Qloud-Router
X-Via-CDN
X-Via-Edge
X-Sorting-Hat-Shopid
X-Requestid
X-Core-Mission
X-Shopid
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-IN-APIGATEWAY
Ngx
X-Snapshot-Date
X-IN-APIGATEWAYSSL
X-Shardid
X-Origin-Upstream-Status
X-Ramcache
X-Sorting-Hat-Podid