Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Allow
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Dns-Prefetch-Control
X-Device
X-WebKit-CSP
Cf-Railgun
EagleEye-TraceId
X-Host
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Clacks-Overhead
Cache-Tag
X-Url
Rating
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-Vname
X-PC
X-TtlSet
X-FTR-Request-ID
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Edge
X-Server-Name
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
Accept-Ch
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
X-Ac
Edge-Control
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Server
Verso
X-MS-InvokeApp
X-Webkit-Csp
X-Cache-TTL
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
X-ECACHE
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-B3-TraceId
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-NF-Request-ID
Fastly-Restarts
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kinsta-Cache
X-Ratelimit-Limit
X-Edge-Location-Klb
X-Client-IP
X-Mg-S
Edge-Cache-Tag
X-Goog-Hash
X-Middleton-Display
Display
Pagespeed
S
X-Sol
X-Powered-CMS
X-ARC
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-PDP-UNCACHING-HASH
X-Ratelimit-Remaining
X-Cache-Key
RTSS
X-Content-Digest
X-TraceId
X-Fastly-Request-ID
X-TTL
Cross-Origin-Resource-Policy
X-Forwarded-For
Realpath
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
X-Server-ID
Fastcgi-Cache
X-Cached
Front-End-Https
X-MSEdge-Ref
X-Varnish-TTL
X-Shield-Request-Id
MS-Author-Via
X-Protected-By
X-Ua-Browser
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Content-MD5
Public-Key-Pins
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Frontend
X-Forwarded-Proto
MicrosoftSharePointTeamServices
Payment
Server-Node
X-Request-Processing-Time
X-Request-Received
TP-Cache
X-LLID
Arr-Disable-Session-Affinity
X-PressLabs-Stats
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Aws-Lambda-Call-Status
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Combine-CSS
X-RateLimit-Remaining
X-FTR-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-GUploader-UploadID
Count-Hit
X-Distributor
X-Accel-Expires
X-Origin-Server
X-LB-Cache
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-AppVersion
X-Az
X-Newrelic-App-Data
X-Cluster-Name
Host
X-Varnish-Server
X-Varnish-Backend
Cache-Tags
X-App-Server
X-B3-TraceId-Primal
X-Www-Served-By
MRF-Tech
X-Pinterest-Rid
Pinterest-Version
Mrf-Cache-Status
Pinterest-Generated-By
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Retry-After
X-Content-Security-Policy-Report-Only
Cleartype
X-Ua-Device
Server-Name
X-Goog-Metageneration
Filterid
X-Ttl
X-Envoy-Decorator-Operation
X-ASPNET-VERSION
X-Hostname
X-Git-Hash
X-CSRF-Token
Access-Control-Allow-Method
X-Unique-Id
X-Hits
X-Azure-Ref
X-Geo-Country
X-Upgrade-Enabled
X-Load-Cache
Referer-Policy
X-NGENIX-Cache
X-Debug
TP-L2-Cache
TCN
X-Logged-In
X-Seen-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
X-FB-Debug
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Amz-Apigw-Id
X-Amzn-RequestId
X-B3-Sampled
X-Revision
Section-Io-Cache
DC
X-Trace-Id
X-Grace
X-Request-Guid
X-Cache-Control
X-Type
X-Fb-Rlafr
X-F-Cache
X-TT
X-B
X-Id
Healthy
Surrogate-Key
X-Contextid
X-DIS-Request-ID
X-Time
Viewport
X-Varnish-Ttl
X-XRDS-LOCATION
Paypal-Debug-Id
X-Mobile
X-N
X-Goog-Stored-Content-Length
X-WP-CF-Super-Cache
X-Goog-Storage-Class
X-Goog-Generation
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Stored-Content-Encoding
X-Debug-Info
X-Page-Id
Fastly-SIE
Fastly-SWR
X-Px
Content-Disposition
X-Whom
X-Varnish-Grace
X-Via-JSL
X-Origin-Cache
Version
X-Content-Options
X-Datadog-Sampling-Priority
X-Webkit-CSP
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Magnolia-Registration
Charset
X-Template
X-Amz-Replication-Status
X-Wix-Request-Id
X-ProcessESI
X-App-Environment
X-RemovedCookies
X-Cache-Grace
X-Tumblr-Pixel-1
Ms-Operation-Id
X-UUID
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Node-Name
MS-CV
X-Rule
X-Oracle-Dms-Ecid
X-RTag
X-Hl-Ver
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Source
X-Debug-IsPreview
X-Datadog-Sampled
SD-X-WS
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-G
X-FW-Serve
X-FW-Server
X-FW-Static
X-B-Cache
X-FW-Version
X-FW-Type
X-FW-Dynamic
X-Signature
X-Backend-Name
ServerID
X-Environment-Context
X-Cacheable-TTL
X-FW-Hash
X-L-Path
X-Instance
X-Adobe-Loc
X-Storage
X-User-Agent
X-Adobe-Content
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
X-Region
X-Proxy-Cache-Info
X-Rendered-As
Country
GEO-INFO
X-NYM-Debug-Backend
X-Cache-Hit
X-Status
X-ServerID
X-Real-IP
X-Device-Type
X-Rid
X-Is-Bot
NGB
X-Cache-Age
Countrycode
X-IPS-LoggedIn
SRV
Cross-Origin-Window-Policy
X-Amzn-Remapped-Content-Length
X-URL
X-Language
Liferay-Portal
X-B3-SpanId
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Wormhole-Sdk
X-RM-Cache-TTL
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-Cache
X-Sucuri-ID
Front
X-Origin-Cache-Key
X-Ratelimit-Reset
OT-Force-Account-Verify
X-Framework
X-Servername
X-UA
X-Air-Pt
From-Origin
X-Oracle-Dms-Rid
X-AB
X-VC-Cache
X-Mode
X-VC
X-Content-Powered-By
Xet-Cookie
Backend
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-Akamai-Request-ID2
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Refresh
X-DataDome
X-Cache-Time
X-Xrds-Location
X-Nginx-Cache
X-Handled-By
X-INCAP-ABP
Accept-Language
X-SRV
X-Endurance-Cache-Level
X-UPSTREAM-Address
Filters
Cache
Meta-Geo
X-Edge-Location
X-Xfnlog-Site
X-Rewrite-Enabled
X-JoinUs
X-SaId
X-Rn-Rsrv
X-RID
TWC-Device-Class
TWC-Connection-Speed
X-Cache-Operation
ServedBy
TWC-GeoIP-Country
X-Cache-Rule
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Origin-Hint
X-Routing-Service
X-Origin-Date
X-Proxied
X-No-Session
X-VWS-Id
X-Zipkin-Id
X-LJ-Flow-ID
X-RCS-CacheZone
X-Provided-By
Property-Id
X-Webstats-RespID
Webcakes-App-Name
X-Cache-Status-Check
X-Reqid
X-Container-Uri
X-Cluster
X-Extlb
X-Varnish-Age
X-Hosted-By
X-Git-Commit
X-Generated-By
X-Cloudmap
X-Tumblr-Pixel-2
Access-Control-Request-Headers
X-Labrador-Cache-Channel
X-Lambda-Id
X-AWS-Id
X-PHP-Host
Webcakes-App-Version
Webcakes-Region
X-Restarts
X-Skip-Cache
LB
X-Redis-Cache
X-Served-From
X-Fastly-Request-Id
Apigw-Requestid
Atl-Traceid
X-Scope-Id
X-Site-Version
X-R9-Blue-Green-Version
X-Accel-Version
X-Akamai-Edgescape
X-Ismobilevalue
X-Cms-Context
X-HTML-Minification-Powered-By
X-Tncms
X-IPLB-Request-ID
X-Adobe-Source
X-IPLB-Instance
X-Forwarded-Host
X-Fetched-On
Url
Web-Mar-Node
Frame-Options
X-Tb
X-Logging-Id
X-Loop
X-Locale
X-Web-Node
Section-Io-Id
Mn-Server-Ip
X-Frame-Option
X-Origin
X-Director
Selected-Fe
X-Cache-Host
X-Proxy-Build
X-Format
X-Say-Cacheable
X-Ms-Version
X-ProxyCache-Key
X-ProxyCache-Status
X-Browser-Name
X-BYPASS-REASON
X-Upstream-Ht
X-Httpd
X-Upstream-Ct
X-Ms-Request-Id
X-Is-Mobile
X-VCT
X-Varnish-Cache-Hits
X-Is-Supported-Browser
X-Timing-Wait
X-Varnish-Beresp-Grace
X-Geo-Region
X-Is-Tablet
X-Is-Desktop
X-Soup
X-Tcp-Rtt
X-Say-TTL
X-SayCDN-TTL
X-Azure-Ref-OriginShield
X-Cache-Debug
X-RateLimit-Reset
X-Shopify-Stage
X-S
X-Detected-As
X-ECache
X-RateLimit-Limit
X-Alternate-Cache-Key
X-GeoCode
X-GeoCountry
WPO-Cache-Message
Xserver
WPO-Cache-Status
X-Storefront-Renderer-Rendered
X-Optimistic-Header
Webserver
X-Vcache
X-Api-Version
X-ShopId
X-Sorting-Hat-ShopId
X-Origin-TTL
X-Origin-CC
X-ShardId
X-Request-URI
X-Sorting-Hat-PodId
X-Drupal-Cache-Tags
X-Generation-Time
X-CMSURLCustom
X-Lagoon
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-Thinkindot-L3
Cache-Hits
X-Shield-Cache-Expires
X-CDN-Forward
Thinkindot-CacheControl
Source
X-Cdn-Origin
Onion-Location
X-Drupal-Cache-Contexts
Fastcgi-Useragent
Expiry
X-WP-CF-Super-Cache-Cookies-Bypass
X-Tt-Logid
Protected
X-Connection-Hash
X-ID
Cdn-Requestid
X-Vercel-Id
X-Vercel-Cache
X-Worker
X-Vcl-Version
X-Buckets
X-TA-CDN-Provider
X-XRDS-Location
X-Cache-Expired-At
X-PHP-Backend
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Rocket-Nginx-Serving-Static
Azure-SiteName
Azure-RegionName
X-Pass-Why
X-Mg-Request-UUID
X-B3-Traceid
Node
Priority
X-GEO
X-Cache-Action
Cross-Origin-Embedder-Policy
Environment
X-App-Version
CDN-RequestPullSuccess
CDN-Uid
X-Proxy-Cache-Status
Uber-Trace-Id
X-Client-Ip
CDN-RequestPullCode
CDN-Cache
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
Sid
CDN-CachedAt
X-Tumblr-Pixel-3
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Cluster-Node
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Cache-Server
X-Server-W
Cache-Tv-Group
X-Fastcgi-Cache
DB-Nickname
X-FB-TRIP-ID
Alternate-Protocol
CF-IPCountry
X-Tx-Id
User-Cache-Control
X-Jobs
X-Auth-Group-Type
X-HITS
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
HostName
Origin-Agent-Cluster
X-Level-Front-Cache
X-ND-Cache
Candidate-Md5Url
Edge-Cache
DCR-Processing-Time-Ms
X-Ig-Push-State
Rendered-Blocks
X-TIM-N
X-Gen-Mode
DCR-Decision-By
X-SRCache-Key
X-UA-Device-Type
X-Generated-On
X-Op-Id-All
X-Hnp-Log
X-Origin-Expires
MD5-Digest
Meta-Geo-Continent
Magicmarker
X-Service
X-Gzip
Lang
X-V-Cache
X-Org
A
Origin
X-ScT
X-Ig-Origin-Region
X-SB
X-Rojux
X-GeoIP-City
Ngx.Var.Host
Odigeo-Trace-Id
Gannett-Cam-Experience-Id
X-Fastly-Backend
X-A-Dgt
X-A-Dam
X-A-Wwc
X-Device-Os
X-Developer
X-A-Ccd
X-A
X-Dispatcher-Server
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Aed
X-Pad
X-LSADC-Cache
X-Content-Age
X-Conf
X-Cache-Id
X-Cache-NE
X-Block-Status
X-Bl-Debug
X-D
X-Custom-Header
X-Bc-Bl
X-BCube-Filmed-By
X-Ec-Fail
X-A-Dcw
X-Esi-Check
X-Viewer-Country
T-Server
X-Vtex-Remote-Cache
Sslversion
X-Epic-Correlation-Id
Content-Secure-Policy
Surrogated-Key
X-Vdms-Version
X-Ec-GeoHdr
X-Nf-Request-Id
X-DC
X-Forwarded-Site
Server-Hostname
X-Cache-Bucket
Fastly-SSL
X-HS-Content-Campaign-Id
X-Gdpr
Sever-Int
X-GeoIP
X-Bip
Req-ID
Fastly-Backend-Name
X-Clientip
X-CacheTTL
X-Men
Content-Style-Type
X-Loc
X-Fastly-Cache
Server-Host
Server-Ext
X-Cache-Info
X-Backend-Instance
X-HN
Ssr
X-GeoIP-Country-Code
X-AK-Request-ID
X-GoCache-CacheStatus
Powered-By
Origin-CC
X-FC-Vary-Parameters
PFcat
X-GeoIP-Region-Code
X-Debug-Cache-Store
X-Amz-Storage-Class
Vix-Hermes-Req-Id
X-Auto-Login
NM-Fastcgi-Cache
X-App-Name
X-Debug-Cache-Fetch
Host-ID
X-Geo-Header
V-Age
Origin-EX
X-Platform
X-Test
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
X-Edge-Server
X-Varnish-Hostname
X-Varnish-Director
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Scheme
X-Request-Time
X-SD-PageType
X-Req
X-Sn-Servicetimems
X-VarnishDD-TTL
Content-Script-Type
Cdn-Host
X-DefElseHash
X-Core-Value
Cdn-Request-Time
X-Cache-TTL-Remaining
XM
X-Wikidot-Static-Cache
X-VTEX-Cache-Server
X-VG-WebCache
X-VTEX-Cache-Time
X-DefHash
X-Wikidot-Backend
X-Region-Sid
X-Server-IP
X-Origin-Response-Time
AKAMAI
X-Origin-Time
Cdncip
X-Varnish-Remaining-TTL
X-PAYTM-SRV-ID
X-RateLimit-Remaining-Second
X-Nyt-Route
CDCHOST
X-Nginx-Cache-Key
C-Via
X-NMSegId
X-Node-Id
Cache-Provider
X-Cdn-Srv
X-Proto
X-Varnish-CookieHashed-On
X-Pubstack
X-RateLimit-Limit-Second
X-Policy
X-Mvc-Supplant-Cachable
X-Varnish-CookieINHashed-On
Cdnsip
X-Powered-By-VTEX-Cache
X-Via-Fastly
X-MP-GENERATED-AT
X-Dc
Mime-Version
X-B3-Trace-ID
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Results
X-Depends
Tube-Return
X-CGP
X-Ad-Load-Variation
X-Date
X-VG-TLSProxy
X-NodeID
Tube-Got-Eval
X-Contensis-Viewer-Groups
X-Mly-Id
X-Micro-Cache
X-CUA
X-DPWN-IS-SECURE
X-Fmm-Version
X-WA-Info
X-Varnishpool
X-Section
X-Request-Start
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Varnish-Authentication
X-Var-Ttl
X-Request-Host
X-Proxied-Request
X-NCache
X-Mvc-Supplant-OutputCached
X-Location
X-Human
X-Pool
X-Hash
X-Varnish-Beresp-Status
X-We-Are-Hiring
Is-Eu
Esi-Enabled
Platform
Producers
RNT-Time
RNT-Machine
Country-Code
Click-Count-Error
Yak-Timeinfo
X-Eu-Site
Adler-Geo
X-Ec-Custom-Error
Click-Count-Action-Start
Tube-Get-Contents
X-Csrf-Jwt
L5d-Success-Class
L
HA-Ipaddr
Ha-Gx-Prefs
Machine
Mail-Subject
Release
Proxy-Firewall
On-Server
Gh-Request-Id
Fastly-GeoIP-CountryCode
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Cache-Key
DSUID
Cluster
Canary
True-Client-Country-4JS
Pramga
We-Hiring
X-Accel-Expires-Debug
X-Access
X-Aicache-OS
X-Cache-Aspx
Web-Mar-Region
W
X-Varnish-Beresp-Ttl
X-Jungle-Id
X-BBC-Edge-Cache-Status
X-From
X-LiteSpeed-Cache-Control
Req-Svc-Chain
X-Up
NGX
X-Zone
X-NGINX-Cache
X-AIR-PT
X-Vdms-Path
Debug
X-Cache-Backend
WP-Super-Cache
X-Uri
CDN-RequestId
X-LB-ID
X-Akamai-Transformed
X-Cache-FS-Status
X-Varnish-Hits
CloudFront-Viewer-Country
X-CACHE-GROUP
X-Cs
Redirect-Candidate
X-Newrelic-Synthetics
X-Tec-Api-Version
X-Tec-Api-Origin
SID
X-Tec-Api-Root
Server-Info
X-Via-Popn
Fastly-Drupal-HTML
X-Refresh
X-Render-Time
X-Via-Poph
X-Servedbyhost
Pics-Label
X-Via-Popv
X-PERF
X-HA-Backend
X-ApacheServer
X-VHOST
GeoIP-Latitude
X-Response-Served-From
BehaviorPad-Version
X-Original-Request-Id
X-Nananana
X-CACHE-AGE
X-M-Log
X-M-Reqid
X-APP
X-VC-TTL
X-B3-Parentspanid
X-Datadome
X-Parent-Response-Time
X-TT-LOGID
Fastly-Drupal-Html
X-CS
Locid
X-Cached-By
X-LB-NoCache
X-Content-Length
Resin-Trace
Datacenter
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-Amz-Meta-Cb-Modifiedtime
X-CDN-Cache-Status
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Nc
X-Wa
Server-ID
Cf-Ipcountry
X-IAuth-Set-Uid
GeoIp-Country-Code
X-LiteSpeed-Tag
Cdn
NtCoent-Length
X-ZONE
Ngx-Var-Key
X-Varnish-Beresp-TTL
X-Old-Content-Length
Uri
X-VCache
Vc-Max-Age
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Fpc
X-RequestId
X-Vgn-Hpd-Reason
X-Dispatcher-Number
FSS-Cache
CDN
X-TIME
X-NewRelic-App-Data
X-Moov-T
X-Moov-Xdn-Version
True-Client-Ip
X-TH-Server
Serverhost
True-Client-IP
X-Esi
Product
X-B3-Spanid
X-TX-ID
X-HostName
X-SERVER-NAME
Srv
X-Srv
Cross-Origin-Embedder-Policy-Report-Only
S-Rt
X-Nf-Ats-Version
X-Nf-Country
GeoIP-Country-Code
X-Nf-Language
Tcn
X-FPC
X-Ckpd-Fst-Backend
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
X-Cdn-Forward
X-Bug-Bounty
X-User
X-Destination
Cf-Device-Type
X-S-Cookie
X-External-Request-Id
X-Cdn-Cache-Status
X-B-Cookie
X-Application
ServerName
Request-ID
X-HubSpot-Correlation-Id
X-Dispatch
X-Vc
X-NC
CacheControlHeader
X-APP-VERSION
X-WA
X-Zen-Fury
Server-Id
X-Webkit-Csp-Report-Only
X-CACHE-KEY
Hostname
X-Sigma-Backend
X-Rocket-Build-Number
X-Sigma
X-Instance-Name
X-Cache-Date
X-COUNTRY
Srvid
X-FL-QIT-DEBUG
Geoip-Latitude
X-VServer
X-API-Version
X-Presslabs-Stats
X-Geo
Ohc-File-Size
X-Segment-20210421
X-Branch-Name
X-Via-PopN
X-Via-PopV
User-Agent
X-Lb-Nocache
X-Ha-Backend
X-Via-PopH
X-Vmg-Version
X-Akamai-Device-Characteristics
X-ServedByHost
DataCenter
X-Info
Load-Balancing
ServerHost
Origin-Trial
X-Gamma-Serve
X-VCL-Version
X-DynaTrace
X-DataCenter
Epwk-X-Cache
Cneonction
Xc-Version
Cloudfront-Viewer-Country
PICS-Label
X-Cache-Ttl
X-Ua
X-Correlation-ID
X-App
Expect-Staple
Type
X-Limited
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
X-Check-Cacheable
X-Amz-Meta-Opti
X-Irp-Debug
Cross-Origin-Opener-Policy-Report-Only
X-Hit
X-Serial
X-Owner
X-Lb-Id
X-MiniProfiler-Ids
Ohc-Cache-HIT
X-Akamai-Pragma-Client-IP
Lb
WebServer
Sm-Log-Id
X-Is-Crawler
X-Flags
X-Web-Server
X-Service-Response-Time
X-Acquia-Application-UUID
X-Acquia-Site
X-Route-Name
X-Core-Mission
X-Providence-Cookie
X-Sqd-Ctime
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Datacenter
X-Via-Edge
X-Via-CDN
X-MSEdge-Features
Cmstype
X-MSEdge-Flight
Warning
X-Qloud-Router
Cmsid
X-Aspnet-Duration-Ms
Edge-Copy-Time
Timeexpire
Cl-Cache
X-Via-SSL
X-Sqd-Stime
CountryCode
Servername
X-CSRF-TOKEN
X-LAGOON
X-Page-View
X-Litespeed-Cache-Control
X-SIPLIST1
X-Requestid
X-Sql-Count
X-Shardid
X-Sql-Duration-Ms
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Origin-Upstream-Status
X-RAMCache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
IsBot
X-Http-Reason
X-Th-Server
X-Ramcache
X-Snapshot-Date
Ngx
X-Udemy-Cache-App-Namespace