Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-XSS-Protection
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Cache-Status
X-Generator
X-Request-ID
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
Permissions-Policy
X-Turbo-Charged-By
X-Proxy-Cache
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-LiteSpeed-Cache
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Dns-Prefetch-Control
P3p
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-WebKit-CSP
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Node
Content-Location
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Country
X-NWS-LOG-UUID
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-CST
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Litespeed-Cache
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
Nginx-Cache
X-Daa-Tunnel
X-Oneagent-Js-Injection
Cross-Origin-Opener-Policy
X-Server-Name
X-Browser-Type
X-Mcache
X-Edge
X-Midtier
X-Powered-By-Plesk
X-Cnection
X-ESI
X-GitHub-Request-Id
X-Webkit-Csp
X-ECACHE
Edge-Control
X-D2id
X-Element-Page-Cache
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
Verso
X-Ac
X-Upstream
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-MS-InvokeApp
X-GoogleNews-Bot
Accept-Ch-Lifetime
X-Cache-TTL
X-FastCGI-Cache
X-Vcap-Request-Id
X-Abt-Application-Version
X-Navigation-Version
X-Ser
AR-CACHE
X-B3-TraceId
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
X-Amz-Rid
X-NF-Request-ID
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kraken-Loop-Name
X-Instrumentation
X-Client-IP
X-Ruxit-Js-Agent
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Mg-S
X-Kinsta-Cache
Edge-Cache-Tag
X-Edge-Location-Klb
S
X-Powered-CMS
X-Goog-Hash
Response
X-Middleton-Response
Access-Control-Request-Method
X-Version
Cache-Status
X-VARITI-CCR
X-Aws-Lambda-Call-Status
X-Amzn-Trace-Id
X-ARC
X-Fastly-Request-ID
X-Cache-Key
RTSS
X-Content-Digest
X-Ratelimit-Limit
X-TraceId
Cross-Origin-Resource-Policy
X-RateLimit-Remaining
X-PDP-UNCACHING-HASH
X-Forwarded-For
X-T
Realpath
X-Recruiting
X-Correlation-Id
Front-End-Https
X-MSEdge-Ref
Fastcgi-Cache
X-Cached
X-Ratelimit-Remaining
X-TTL
MS-Author-Via
X-Varnish-TTL
Content-MD5
X-Ua-Browser
X-HS-Cache-Config
X-Shield-Request-Id
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-Request-Received
X-Request-Processing-Time
Server-Node
X-Protected-By
MicrosoftSharePointTeamServices
Payment
Public-Key-Pins
TP-Cache
X-Frontend
X-ORACLE-DMS-RID
X-LLID
X-HS-Combine-CSS
X-Forwarded-Proto
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Distributor
X-FTR-Expires
X-Server-ID
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Count-Hit
X-NODE
X-GUploader-UploadID
X-Origin-Server
X-LB-Cache
X-PressLabs-Stats
X-Ttl
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Az
X-AppVersion
X-Content-Security-Policy-Report-Only
Host
X-Activity-Id
X-Ua-Device
X-Varnish-Backend
MRF-Tech
X-Www-Served-By
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Cluster-Name
X-Varnish-Server
X-Newrelic-App-Data
X-TEC-API-ROOT
X-App-Server
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
Retry-After
Accept-Charset
Server-Name
Cleartype
X-ORACLE-DMS-ECID
X-Hits
X-CSRF-Token
X-Goog-Metageneration
X-Hostname
X-Envoy-Decorator-Operation
X-Geo-Country
Referer-Policy
X-NGENIX-Cache
X-Git-Hash
X-Upgrade-Enabled
Filterid
X-Unique-Id
X-Azure-Ref
TP-L2-Cache
Access-Control-Allow-Method
X-Seen-By
X-DIS-Request-ID
X-Hcs-Proxy-Type
X-Tt-Trace-Tag
X-Tt-Trace-Host
TCN
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Load-Cache
X-Proxy
X-F-Cache
X-Origin-Cache-Key
X-Revision
X-Id
X-Varnish-Ttl
X-XRDS-LOCATION
X-Request-Guid
X-Grace
Section-Io-Cache
X-Logged-In
X-Trace-Id
X-Cache-Control
Healthy
DC
X-B3-Sampled
X-B
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Debug
X-TT
X-Contextid
X-FB-Debug
X-Type
Paypal-Debug-Id
X-Fb-Rlafr
X-Debug-Info
X-N
X-Mobile
X-Px
X-Page-Id
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Time
Fastly-SWR
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
Fastly-SIE
X-Oracle-Dms-Ecid
X-Whom
X-Webkit-CSP
X-Via-JSL
Content-Disposition
X-Datadog-Parent-Id
X-Datadog-Trace-Id
Charset
X-Datadog-Sampling-Priority
X-Template
X-Content-Options
X-Varnish-Grace
X-RateLimit-Limit
Version
X-Origin-Cache
X-Magnolia-Registration
X-Cache-Grace
Surrogate-Key
X-Wix-Request-Id
X-Oracle-Dms-Rid
X-App-Environment
X-Language
VIX-Pulpo-Upstream-Status
X-ProcessESI
X-Rid
X-B-Cache
X-RemovedCookies
VIX-Pulpo-Node
X-Signature
X-Node-Name
X-Rule
X-Tumblr-Pixel-1
SRV
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Debug-IsPreview
X-Amz-Replication-Status
X-Debug-IsConnected
X-Tumblr-User
X-Datadog-Sampled
X-UUID
X-Hl-Ver
X-RTag
SD-X-WS
X-EdgeConnect-Cache-Status
X-G
X-Yottaa-Metrics
X-Yottaa-Optimizations
MS-CV
Ms-Operation-Id
X-FW-Dynamic
X-FW-Type
X-FW-Version
X-Instance
X-Storage
X-FW-Static
X-FW-Serve
X-Adobe-Content
X-Adobe-Loc
X-Backend-Name
X-FW-Hash
ServerID
X-FW-Server
X-Cache-Age
X-NYM-Debug-Backend
X-Rendered-As
X-Cacheable-TTL
X-Device-Type
X-Is-Bot
NGB
GEO-INFO
Country
X-Cache-Hit
X-Proxy-Cache-Info
X-NWS-UUID-VERIFY
X-B3-SpanId
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-Environment-Context
X-Region
X-Status
X-L-Path
X-User-Agent
X-ServerID
Liferay-Portal
Countrycode
X-Real-IP
X-Source
X-WP-CF-Super-Cache-Active
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Sucuri-ID
Akamai-GRN
OT-Force-Account-Verify
X-Servername
X-RM-Cache-TTL
X-RateLimit-Reset
X-VC-Cache
Front
From-Origin
X-Framework
X-UA
X-WebKit-CSP-Report-Only
X-Air-Pt
X-Wormhole-Sdk
Upgrade-Insecure-Requests
Amp-Access-Control-Allow-Source-Origin
X-Mode
Backend
X-Air-Trace-Id
X-Xrds-Location
X-AB
X-Air-Hostname
X-INCAP-ABP
X-Air-Source
X-Nginx-Cache
X-URL
X-Content-Powered-By
X-Akamai-Request-ID2
X-Cache-Time
Xet-Cookie
Refresh
X-Handled-By
X-Edge-Location
X-VC
Accept-Language
X-Ratelimit-Reset
X-Endurance-Cache-Level
X-Xfnlog-Site
X-SaId
X-RCS-CacheZone
X-Rn-Rsrv
X-JoinUs
X-Rewrite-Enabled
X-UPSTREAM-Address
Frame-Options
Meta-Geo
Filters
TWC-GeoIP-LatLong
X-Container-Uri
Webcakes-App-Name
X-AWS-Id
X-Provided-By
Webcakes-App-Version
X-Origin-Date
X-Origin-Hint
X-Origin-TTL
X-Origin-CC
X-Tumblr-Pixel-2
TWC-Privacy
X-PHP-Host
X-Webstats-RespID
X-Cluster
TWC-Locale-Group
TWC-GeoIP-Country
TWC-Device-Class
Cache
X-Labrador-Cache-Channel
X-LJ-Flow-ID
X-Cache-Rule
X-Cache-Operation
X-HTML-Minification-Powered-By
X-Git-Commit
X-Akamai-Edgescape
X-Reqid
TWC-Connection-Speed
Url
X-No-Session
ServedBy
Webcakes-Region
X-VWS-Id
Property-Id
Web-Mar-Node
X-Redis-Cache
WPO-Cache-Message
WPO-Cache-Status
X-Azure-Ref-OriginShield
X-Restarts
X-Cache-Debug
X-R9-Blue-Green-Version
X-Cloudmap
X-Logging-Id
Section-Io-Id
X-Site-Version
X-Accel-Version
X-Locale
X-IPLB-Request-ID
X-Routing-Service
X-Proxied
X-Adobe-Source
X-IPLB-Instance
X-Hosted-By
Mn-Server-Ip
Cache-Hits
X-Scope-Id
X-Zipkin-Id
X-Fetched-On
X-Varnish-Cache-Hits
X-Served-From
Atl-Traceid
X-Extlb
X-Cms-Context
X-Web-Node
X-Format
Selected-Fe
X-Ms-Request-Id
X-ProxyCache-Status
X-Proxy-Build
X-BYPASS-REASON
X-Ms-Version
X-ProxyCache-Key
X-Frame-Option
X-Say-TTL
X-Soup
X-Generated-By
X-Forwarded-Host
X-Lambda-Id
Webserver
X-Varnish-Age
X-Loop
Apigw-Requestid
X-Skip-Cache
X-Tncms
X-Director
X-VCT
X-Drupal-Cache-Tags
X-Tb
X-Say-Cacheable
X-DataDome
X-SayCDN-TTL
X-Upstream-Ht
X-Upstream-Ct
X-Timing-Wait
X-Sorting-Hat-ShopId
Access-Control-Request-Headers
X-Shopify-Stage
TDXMobile
X-Sorting-Hat-PodId
X-Tcp-Rtt
X-CMSURLCustom
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Storefront-Renderer-Rendered
Thinkindot-CacheControl
X-Varnish-Beresp-Grace
X-ShardId
X-Browser-Name
X-Geo-Region
X-Shield-Cache-Expires
X-Cache-Host
X-Alternate-Cache-Key
X-Is-Supported-Browser
Xserver
X-S
X-Is-Desktop
X-Httpd
X-RID
X-ShopId
X-Detected-As
X-GeoCountry
X-GeoCode
X-Is-Mobile
X-Origin
X-Is-Tablet
X-Drupal-Cache-Contexts
X-Thinkindot-L3
X-Generation-Time
X-SRV
X-Cache-Status-Check
X-CDN-Forward
X-Cdn-Origin
X-Buckets
X-Vcache
X-Lagoon
X-Optimistic-Header
X-Request-URI
X-Worker
Source
X-TA-CDN-Provider
Fastcgi-Useragent
X-WP-CF-Super-Cache-Cookies-Bypass
X-Rocket-Nginx-Serving-Static
LB
X-Vercel-Cache
X-Vercel-Id
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Azure-Version
Azure-SlotName
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Connection-Hash
Onion-Location
X-Api-Version
X-Pass-Why
Expiry
Protected
Node
X-Vcl-Version
CDN-RequestPullSuccess
X-App-Version
CDN-Uid
CDN-CachedAt
CDN-Cache
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
Cross-Origin-Embedder-Policy
X-Cache-Expired-At
X-ID
X-Tumblr-Pixel-3
X-Ismobilevalue
X-PHP-Backend
X-Tec-Api-Version
X-GEO
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tt-Logid
Cdn-Requestid
Environment
X-XRDS-Location
Sid
X-Cache-Server
X-Proxy-Cache-Status
X-Server-W
X-Fastly-Request-Id
Uber-Trace-Id
Alternate-Protocol
DB-Nickname
Priority
X-Cache-Action
X-Mg-Request-UUID
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Fastcgi-Cache
X-Cluster-Node
CF-IPCountry
X-Jobs
User-Cache-Control
HostName
CDN-RequestId
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Cache-Tv-Group
X-LSADC-Cache
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
X-FB-TRIP-ID
X-Nf-Request-Id
X-Client-Ip
X-MP-GENERATED-AT
X-Developer
X-Device-Os
X-D
X-Content-Age
Rendered-Blocks
Gannett-Cam-Experience-Id
Origin-Agent-Cluster
Magicmarker
X-Dispatcher-Server
X-Conf
X-Esi-Check
X-Epic-Correlation-Id
X-Ec-Fail
Ngx.Var.Host
Meta-Geo-Continent
X-Ec-GeoHdr
X-A-Dam
Odigeo-Trace-Id
MD5-Digest
Origin
Server-Host
X-Auth-Group-Type
X-BCube-Filmed-By
T-Server
Surrogated-Key
Sslversion
Wxu-Next-Hostname
A
Wxu-Next-Commit
X-Aed
X-Bc-Bl
X-A-Dgt
Vix-Hermes-Req-Id
X-Bl-Debug
X-Block-Status
X-A-Dcw
X-Cache-NE
DCR-Decision-By
Candidate-Md5Url
DCR-Processing-Time-Ms
X-A-Wwc
Content-Secure-Policy
Wxu-Next-Region
X-A
X-A-Ccd
X-Cache-Id
Edge-Cache
X-Gen-Mode
X-Ig-Push-State
X-DC
X-Jungle-Id
X-Vdms-Version
X-Ig-Origin-Region
X-Hnp-Log
X-Powered-By-VTEX-Cache
X-Level-Front-Cache
X-Varnish-Hostname
X-Org
X-UA-Device-Type
X-TIM-N
X-Origin-Expires
X-NCache
X-ND-Cache
X-Op-Id-All
X-SRCache-Key
X-Generated-On
X-VTEX-Cache-Server
Lang
X-SB
X-Rojux
X-Vtex-Remote-Cache
X-GeoIP-City
X-VTEX-Cache-Time
X-Gzip
X-Viewer-Country
X-ScT
X-Origin-Response-Time
X-Tx-Id
X-Varnish-Beresp-Ttl
X-Request-Time
X-Request-Start
X-SD-PageType
X-Test
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
X-Scheme
X-Vdms-Path
X-Via-Fastly
Origin-EX
PFcat
Origin-CC
NM-Fastcgi-Cache
X-V-Cache
X-Custom-Header
XM
Powered-By
X-VG-WebCache
Server-Hostname
X-Varnish-Director
Sever-Int
X-VarnishDD-TTL
X-Req
Req-ID
Server-Ext
Ssr
X-Proto
X-HN
X-Core-Value
X-GeoIP-Region-Code
X-HS-Content-Campaign-Id
X-Clientip
X-Loc
X-Cache-TTL-Remaining
X-Cdn-Srv
X-GeoIP-Country-Code
X-Debug-Cache-Fetch
X-Forwarded-Site
X-Fastly-Cache
X-Fmm-Version
X-Gdpr
X-Edge-Server
X-Debug-Cache-Store
X-GeoIP
X-Geo-Header
X-Mvc-Supplant-Cachable
X-Cache-Info
X-RateLimit-Limit-Second
X-Pubstack
X-FC-Vary-Parameters
X-RateLimit-Remaining-Second
X-Backend-Instance
X-Amz-Storage-Class
X-Region-Sid
X-Auto-Login
X-Policy
X-Platform
X-Node-Id
X-NMSegId
X-Nginx-Cache-Key
X-Cache-Bucket
X-Nyt-Route
X-PAYTM-SRV-ID
X-Origin-Time
X-Bip
X-AK-Request-ID
X-App-Name
Cdncip
Cdn-Request-Time
Cdnsip
Content-Script-Type
Fastly-Backend-Name
Content-Style-Type
Cdn-Host
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Zone
X-ECache
X-Service
AKAMAI
Cache-Provider
C-Via
Fastly-SSL
CDCHOST
Host-ID
Yak-Timeinfo
X-We-Are-Hiring
Country-Code
Adler-Geo
X-WA-Info
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-Varnishpool
X-Cache-Backend
X-Cache-Aspx
X-BBC-Edge-Cache-Status
V-Age
X-SVT-ORM-VERSION
Apple-News-Services-Request-Url
Gh-Request-Id
Is-Eu
Apple-News-Services-Parsed-Url
X-SVT-ORM-RULES
X-Varnish-Authentication
Apple-News-Services-Handled
X-GoCache-CacheStatus
Apple-News-Services-Host
X-B3-Trace-ID
Mail-Subject
X-Micro-Cache
X-Location
X-Mly-Id
X-Mvc-Supplant-OutputCached
X-NodeID
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Eu-Site
X-From
Machine
X-Human
L
X-Pool
X-CGP
X-Dc
X-Section
X-Var-Ttl
L5d-Success-Class
X-Contensis-Viewer-Groups
X-CUA
X-Csrf-Jwt
X-Proxied-Request
X-LiteSpeed-Cache-Control
X-Ad-Load-Variation
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
Pramga
Cluster
Click-Count-Error
Click-Count-Action-Start
Tube-Get-Contents
X-Sn-Servicetimems
True-Client-Country-4JS
Ha-Gx-Prefs
Producers
Req-Svc-Chain
DSUID
Esi-Enabled
X-Men
RNT-Machine
X-Fastly-Backend
Redirect-Candidate
RNT-Time
Tube-Got-Eval
Tube-Got-Results
HA-Ipaddr
Release
On-Server
Canary
X-Access
Cache-Key
Web-Mar-Region
X-Wikidot-Backend
Platform
Fastly-GeoIP-CountryCode
Tube-Return
W
We-Hiring
X-Wikidot-Static-Cache
X-Uri
X-AIR-PT
X-Newrelic-Synthetics
X-Slack-Shared-Secret-Outcome
X-Server-IP
X-Slack-Backend
X-Date
X-Up
X-DefHash
X-Request-Host
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
Proxy-Firewall
X-DefElseHash
X-Response-Served-From
X-Pad
X-CacheTTL
X-Accel-Expires-Debug
X-Hash
X-Original-Request-Id
NGX
X-Cs
Mime-Version
X-Varnish-Hits
X-LB-ID
X-ApacheServer
X-Render-Time
Debug
WP-Super-Cache
X-PERF
X-Depends
X-TT-LOGID
X-Nananana
X-CACHE-GROUP
X-Refresh
X-HITS
Fastly-Drupal-HTML
X-NGINX-Cache
X-Cache-FS-Status
X-Via-Popv
X-HA-Backend
Pics-Label
X-Datadome
CloudFront-Viewer-Country
X-Via-Popn
X-Via-Poph
SID
X-Servedbyhost
X-Akamai-Transformed
X-VHOST
X-Parent-Response-Time
Locid
Datacenter
X-VC-TTL
X-M-Reqid
X-M-Log
X-CACHE-AGE
X-LB-NoCache
Server-Info
X-Amz-Meta-Cb-Modifiedtime
GeoIP-Latitude
BehaviorPad-Version
X-B3-Parentspanid
X-Cached-By
X-Platform-Cluster
X-Platform-Router
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-Platform-Processor
X-VCache
X-Old-Content-Length
Ngx-Var-Key
Server-ID
X-LiteSpeed-Tag
X-CDN-Cache-Status
X-APP
Fastly-Drupal-Html
Cf-Ipcountry
X-Nc
X-Wa
Resin-Trace
Cdn
X-CS
GeoIp-Country-Code
X-TIME
X-Vgn-Hpd-Reason
X-Content-Length
X-Moov-Xdn-Version
X-TH-Server
X-Moov-T
X-COUNTRY
X-IAuth-Set-Uid
X-Srv
Cross-Origin-Embedder-Policy-Report-Only
X-TX-ID
FSS-Cache
X-Fpc
NtCoent-Length
True-Client-Ip
X-Esi
Serverhost
Uri
X-Presslabs-Stats
CDN
X-ZONE
X-SERVER-NAME
X-HostName
X-Dispatcher-Number
True-Client-IP
Cf-Device-Type
X-B-Cookie
X-Application
X-Varnish-Beresp-TTL
X-Destination
X-S-Cookie
X-External-Request-Id
X-Vc
X-User
Vc-Max-Age
X-RequestId
Tcn
X-NewRelic-App-Data
X-Zen-Fury
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
X-Cache-Date
Srv
X-B3-Spanid
S-Rt
GeoIP-Country-Code
X-Sigma-Backend
X-Cdn-Forward
X-HOST
X-Instance-Name
Product
X-Rocket-Build-Number
X-Sigma
Request-ID
X-NC
X-Cdn-Cache-Status
X-Dispatch
X-FPC
X-WA
X-API-Version
X-VServer
X-CACHE-KEY
X-Segment-20210421
Geoip-Latitude
X-Branch-Name
Load-Balancing
X-Ckpd-Fst-Backend
X-Geo
X-DynaTrace
Hostname
X-APP-VERSION
X-FL-QIT-DEBUG
X-Webkit-Csp-Report-Only
ServerName
Srvid
X-Bug-Bounty
Server-Id
X-Route-Name
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-DataCenter
X-Flags
Ohc-File-Size
X-Is-Crawler
CacheControlHeader
X-Lb-Nocache
Origin-Trial
DataCenter
X-ServedByHost
Type
X-Ua
X-Page-View
X-VCL-Version
X-Nf-Language
X-Nf-Ats-Version
X-HubSpot-Correlation-Id
X-Nf-Country
Epwk-X-Cache
Cloudfront-Viewer-Country
X-Irp-Debug
X-Cache-Ttl
Lb
X-Sql-Duration-Ms
PICS-Label
X-Via-PopV
X-Sql-Count
X-App
X-Via-PopN
X-Http-Reason
Cl-Cache
X-Correlation-ID
X-Ha-Backend
X-Akamai-Device-Characteristics
X-Vmg-Version
User-Agent
Cross-Origin-Opener-Policy-Report-Only
X-Via-PopH
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
ServerHost
X-Gamma-Serve
Cmstype
Cmsid
X-SIPLIST1
Cneonction
X-MiniProfiler-Ids
X-Owner
IsBot
X-Via-CDN
Ohc-Cache-HIT
X-Info
X-Via-SSL
X-Via-Edge
Edge-Copy-Time
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
X-Sqd-Stime
Sm-Log-Id
X-Service-Response-Time
X-Sqd-Ctime
X-Acquia-Application-Trace
X-MSEdge-Flight
X-Lb-Id
X-Limited
Warning
MIME-Version
X-Qloud-Router
Xc-Version
X-Web-Server
XkeyRZ
X-MSEdge-Features
X-Datacenter
X-Core-Mission
X-Proxy-CacheRZ
CountryCode
WZWS-RAY
X-LAGOON
X-Litespeed-Cache-Control
Servername
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Check-Cacheable
X-Serial
X-Th-Server
X-RAMCache
X-Akamai-Pragma-Client-IP
N-Cache
X-Requestid
X-Ramcache
X-Snapshot-Date
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
X-Fastly-Country-Code
Ngx
X-Dw-Trace-Id