Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Accept-Ranges
CF-RAY
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-DNS-Prefetch-Control
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
CF-Ray
X-Generator
X-Cache-Status
Server-Timing
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Expect-Ct
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
P3p
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
Cf-Railgun
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-Id
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Request-Id
X-Node
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Litespeed-Cache
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Url
X-Trace
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-PC
X-Vname
X-TtlSet
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
X-FTR-Request-ID
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
X-Ac
X-D2id
X-GitHub-Request-Id
Edge-Control
X-ESI
X-Element-Page-Cache
X-CST
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
Verso
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-ECACHE
X-Dw-Request-Base-Id
X-Navigation-Version
X-Upstream
X-Oneagent-Js-Injection
Fastly-Restarts
X-Webkit-Csp
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
X-B3-TraceId
X-Mod-Pagespeed
X-Amz-Rid
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Goog-Hash
X-ARC
X-Edge-Location-Klb
X-Kinsta-Cache
Pagespeed
X-Sol
Display
X-Middleton-Display
X-Powered-CMS
X-Mg-S
X-Ratelimit-Limit
S
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
X-Ratelimit-Remaining
X-TTL
X-NF-Request-ID
RTSS
Realpath
X-Forwarded-For
X-Cache-Key
X-Content-Digest
Cross-Origin-Resource-Policy
X-Fastly-Request-ID
X-T
X-Ruxit-Js-Agent
X-Recruiting
X-Correlation-Id
X-Cached
Fastcgi-Cache
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-TraceId
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Browser
X-Varnish-TTL
X-Forwarded-Proto
X-Protected-By
X-LLID
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-PressLabs-Stats
X-HS-Cache-Config
Arr-Disable-Session-Affinity
TP-Cache
Payment
Server-Node
X-Request-Received
X-Request-Processing-Time
Public-Key-Pins
Count-Hit
MS-Author-Via
Content-MD5
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Server-ID
X-TEC-API-VERSION
X-HS-Combine-CSS
X-Accel-Expires
X-GUploader-UploadID
X-LB-Cache
X-RateLimit-Remaining
X-Distributor
X-Newrelic-App-Data
X-NODE
X-Kong-Upstream-Latency
X-Origin-Server
X-Kong-Proxy-Latency
X-FTR-Backend
X-Ezoic-Cdn
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-ORACLE-DMS-ECID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
Surrogate-Key
X-Request-Handler-Origin-Region
X-Microsite
X-FTR-Expires
X-Activity-Id
X-AppVersion
Cleartype
X-Content-Security-Policy-Report-Only
Accept-Charset
X-Www-Served-By
X-Az
Host
Cache-Tags
X-Ua-Device
X-Varnish-Server
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Retry-After
X-App-Server
X-Cluster-Name
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
X-Goog-Metageneration
X-Unique-Id
Filterid
Server-Name
X-Hits
X-Debug
X-Git-Hash
Access-Control-Allow-Method
X-Load-Cache
X-Logged-In
X-Azure-Ref
X-Id
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Upgrade-Enabled
X-Ttl
X-CSRF-Token
X-FB-Debug
X-Geo-Country
X-Hostname
X-Amzn-RequestId
X-Amz-Apigw-Id
TCN
X-Tt-Trace-Tag
X-Proxy
X-Tt-Trace-Host
X-B
Viewport
X-Varnish-Ttl
X-TT
Section-Io-Cache
X-Revision
TP-L2-Cache
X-Request-Guid
X-Cache-Control
X-Seen-By
Healthy
X-Grace
X-Fb-Rlafr
X-B3-Sampled
X-Contextid
DC
X-Trace-Id
X-Type
X-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-F-Cache
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Fastly-SWR
Fastly-SIE
X-Mobile
X-N
Content-Disposition
Referer-Policy
Pinterest-Version
Paypal-Debug-Id
X-Pinterest-Rid
Pinterest-Generated-By
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Ratelimit-Reset
X-Varnish-Grace
X-XRDS-LOCATION
X-Nf-Request-Id
X-Magnolia-Registration
X-Origin-Cache
X-Webkit-CSP
X-DIS-Request-ID
X-Debug-Info
X-Page-Id
X-Via-JSL
X-Amz-Replication-Status
X-Px
Version
X-Oracle-Dms-Ecid
X-Wormhole-Sdk
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Whom
Amp-Access-Control-Allow-Source-Origin
X-ProcessESI
X-UUID
X-RemovedCookies
X-G
X-Content-Options
X-App-Environment
X-Rid
X-Debug-IsConnected
X-Debug-IsPreview
X-Adobe-Content
X-Adobe-Loc
X-Rule
X-Node-Name
X-Yottaa-Metrics
X-RTag
NGB
X-Source
X-Hl-Ver
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Storage
X-Yottaa-Optimizations
X-Tumblr-User
VIX-Pulpo-Node
Ms-Operation-Id
VIX-Pulpo-Upstream-Status
X-Datadog-Sampled
SD-X-WS
X-Tumblr-Pixel-1
MS-CV
Cross-Origin-Window-Policy
X-Template
X-Wix-Request-Id
X-Rendered-As
X-Region
X-Proxy-Cache-Info
X-Cacheable-TTL
X-Is-Bot
X-Device-Type
X-User-Agent
X-Backend-Name
X-Environment-Context
X-ServerID
X-Instance
GEO-INFO
X-NYM-Debug-Backend
X-Signature
X-B-Cache
X-L-Path
X-Ismobilevalue
X-FW-Server
X-Status
X-FW-Dynamic
X-NWS-UUID-VERIFY
X-FW-Type
X-Cache-Age
X-FW-Version
X-FW-Serve
Country
Charset
X-FW-Hash
X-FW-Static
Countrycode
X-IPS-LoggedIn
SRV
X-RM-Cache-TTL
X-Real-IP
X-Cache-Grace
Front
ServerID
Akamai-GRN
X-EdgeConnect-Cache-Status
X-WP-CF-Super-Cache-Active
X-Framework
X-Cache-Hit
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-AB
X-Xrds-Location
X-B3-SpanId
X-Language
X-Oracle-Dms-Rid
X-Content-Powered-By
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Air-Pt
X-Sucuri-ID
OT-Force-Account-Verify
X-Servername
X-Api-Version
X-Sucuri-Cache
X-Air-Trace-Id
X-Air-Hostname
X-UA
X-Air-Source
X-VC
X-DataDome
From-Origin
X-VC-Cache
Accept-Language
X-Mode
X-URL
Xet-Cookie
X-Aws-Lambda-Call-Status
Backend
Refresh
X-Tt-Logid
Access-Control-Request-Headers
X-ECache
Webserver
X-Cache-Status-Check
LB
X-Nginx-Cache
Upgrade-Insecure-Requests
X-HTML-Minification-Powered-By
X-Fastly-Request-Id
X-Handled-By
X-Cache-Time
X-RCS-CacheZone
X-SRV
X-Rewrite-Enabled
X-Rn-Rsrv
Cache
Meta-Geo
Filters
X-UPSTREAM-Address
X-JoinUs
X-SaId
X-Container-Uri
X-Cms-Context
X-R9-Blue-Green-Version
X-Request-URI
X-Hosted-By
X-Webstats-RespID
X-Mg-Request-UUID
X-Labrador-Cache-Channel
X-S
ServedBy
X-Generated-By
X-RateLimit-Limit
X-Adobe-Source
X-PHP-Host
X-Xfnlog-Site
X-Origin-Date
X-Git-Commit
X-Cache-Debug
X-Varnish-Age
X-BYPASS-REASON
X-Is-Mobile
X-Browser-Name
X-ProxyCache-Key
X-Forwarded-Host
X-Is-Desktop
Property-Id
X-Cluster
X-Fetched-On
X-Tncms
X-Geo-Region
Atl-Traceid
X-Tumblr-Pixel-2
X-Site-Version
X-Skip-Cache
X-Tcp-Rtt
X-Httpd
Section-Io-Id
TWC-Connection-Speed
X-Loop
Webcakes-App-Name
Web-Mar-Node
X-Is-Supported-Browser
X-Akamai-Edgescape
X-Logging-Id
Webcakes-App-Version
Webcakes-Region
X-Served-From
X-No-Session
X-Accel-Version
X-Tb
X-Reqid
X-Redis-Cache
X-Scope-Id
X-Lambda-Id
X-ProxyCache-Status
TWC-GeoIP-Country
X-Web-Node
X-Is-Tablet
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Url
X-Origin-Hint
X-Provided-By
X-Shopify-Stage
X-SayCDN-TTL
X-Proxy-Build
Selected-Fe
X-Soup
X-Timing-Wait
X-Detected-As
X-Director
Mn-Server-Ip
X-Cache-Host
X-Varnish-Beresp-Grace
Apigw-Requestid
X-VCT
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Locale
X-Say-Cacheable
X-Optimistic-Header
X-Origin
X-Say-TTL
X-Cache-Rule
X-Cache-Operation
X-IPLB-Request-ID
X-AWS-Id
X-Routing-Service
X-IPLB-Instance
X-LJ-Flow-ID
X-Ms-Version
X-Zipkin-Id
X-Ms-Request-Id
X-Proxied
X-Format
Xserver
X-Varnish-Cache-Hits
X-VWS-Id
X-Extlb
X-Frame-Option
X-Restarts
X-Cloudmap
X-RID
X-Endurance-Cache-Level
X-Edge-Location
Onion-Location
X-Connection-Hash
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Expiry
X-ShopId
X-ShardId
X-Upstream-Ct
X-Upstream-Ht
X-Lagoon
X-GeoCode
X-GeoCountry
X-Vcache
Priority
X-Azure-Ref-OriginShield
X-INCAP-ABP
Frame-Options
Cdn-Requestid
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Expired-At
X-Vcl-Version
X-CDN-Forward
Source
WPO-Cache-Message
WPO-Cache-Status
Protected
X-Shield-Cache-Expires
X-Thinkindot-L3
Environment
TDXMobile
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-CMSURLCustom
Thinkindot-Control
X-Generation-Time
X-Cache-Action
X-Drupal-Cache-Tags
X-Proxy-Cache-Status
X-B3-Traceid
X-Fastcgi-Cache
Fastcgi-Useragent
X-Drupal-Cache-Contexts
X-Origin-CC
X-Origin-TTL
X-PHP-Backend
X-Cdn-Origin
X-Pass-Why
Uber-Trace-Id
X-App-Version
CF-IPCountry
X-ID
X-Rocket-Nginx-Serving-Static
X-Worker
X-GEO
Sid
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cluster-Node
Locale
X-Vercel-Cache
X-Vercel-Id
X-Aspnetmvc-Version
Node
Cache-Hits
Azure-SlotName
Azure-RegionName
X-XRDS-Location
Azure-InstanceId
Azure-SiteName
Azure-Version
Cache-Tv-Group
X-FB-TRIP-ID
X-Buckets
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestPullCode
X-Auth-Group-Type
CDN-CachedAt
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-Cache
Cross-Origin-Embedder-Policy
X-TA-CDN-Provider
X-Tumblr-Pixel-3
X-Server-W
X-Pad
Alternate-Protocol
X-LiteSpeed-Cache-Control
X-Tx-Id
X-Client-Ip
X-A
X-DC
DB-Nickname
DCR-Decision-By
DCR-Processing-Time-Ms
X-Ec-GeoHdr
X-Conf
X-Origin-Expires
X-Op-Id-All
X-Org
X-Ec-Fail
X-Cache-NE
X-Generated-On
AMP-Access-Control-Allow-Source-Origin
X-A-Dgt
X-A-Wwc
X-Content-Age
A
X-Aed
X-Epic-Correlation-Id
X-Bc-Bl
X-Service
X-Gzip
X-Level-Front-Cache
X-Ig-Push-State
X-Ig-Origin-Region
Candidate-Md5Url
X-Cache-Id
X-Fastly-Backend
X-Bl-Debug
Content-Secure-Policy
X-BCube-Filmed-By
X-GeoIP-City
X-Req
Rendered-Blocks
X-Esi-Check
X-ND-Cache
X-A-Dcw
X-Via-Fastly
X-Viewer-Country
X-DefElseHash
X-Vtex-Remote-Cache
Ngx.Var.Host
X-DefHash
X-Developer
X-Varnish-Remaining-TTL
X-Vdms-Version
Odigeo-Trace-Id
X-Core-Value
Sslversion
X-LSADC-Cache
X-D
X-Custom-Header
X-Cache-Server
T-Server
Origin-Agent-Cluster
Surrogated-Key
Gannett-Cam-Experience-Id
Meta-Geo-Continent
Wxu-Next-Region
Wxu-Next-Hostname
X-SRCache-Key
X-A-Ccd
X-ScT
X-Rojux
X-Cache-TTL-Remaining
X-A-Dam
X-Varnish-CookieINHashed-On
Lang
MD5-Digest
X-V-Cache
X-Varnish-CookieHashed-On
Wxu-Next-Commit
X-TIM-N
Magicmarker
X-Dispatcher-Server
Mime-Version
User-Cache-Control
X-Clientip
X-CacheTTL
X-Aicache-OS
Tube-Got-Results
Tube-Return
V-Age
Tube-Got-Eval
Tube-Get-Contents
Req-ID
Server-Host
Ssr
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
X-Bip
X-Backend-Instance
X-AK-Request-ID
X-Amz-Storage-Class
X-B3-Trace-ID
X-Cache-Info
X-GeoIP-Region-Code
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tb-Optimization-Total-Bytes-Saved
X-Thanos
X-Varnish-Director
X-UA-Device-Type
X-Sn-Servicetimems
X-Server-IP
X-Request-Time
X-Region-Sid
X-SB
X-Scheme
X-SD-PageType
X-Varnish-Hostname
X-VG-TLSProxy
X-HN
PFcat
X-NodeID
X-VarnishDD-TTL
XM
Fastly-SSL
Cache-Provider
X-VTEX-Cache-Server
X-VG-WebCache
X-VTEX-Cache-Time
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-GeoIP-Country-Code
X-GeoIP
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Jobs
X-Gen-Mode
X-Forwarded-Site
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Edge-Server
X-Fastly-Cache
X-FC-Vary-Parameters
X-Loc
X-Men
X-Policy
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-Pubstack
X-PAYTM-SRV-ID
X-Origin-Response-Time
X-Mly-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-NMSegId
X-Node-Id
X-Debug-Cache-Fetch
X-Fmm-Version
Country-Code
HostName
Origin
Content-Style-Type
Content-Script-Type
NM-Fastcgi-Cache
Is-Eu
Esi-Enabled
Edge-Cache
Fastly-Backend-Name
Cdn-Host
Host-ID
Platform
Adler-Geo
Producers
Cdnsip
Click-Count-Action-Start
Click-Count-Error
Cdncip
Powered-By
Cdn-Request-Time
X-HITS
X-Varnish-Beresp-Ttl
X-CGP
X-Gdpr
X-Cs
X-Eu-Site
X-Csrf-Jwt
X-Section
X-Geo-Header
X-Dc
X-GoCache-CacheStatus
Cache-Key
C-Via
AKAMAI
Canary
X-Date
X-CUA
Server-Info
Proxy-Firewall
X-Cdn-Srv
True-Client-Country-4JS
X-Request-Host
X-Request-Start
Apple-News-Services-Request-Url
X-Test
X-Proxied-Request
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-We-Are-Hiring
Yak-Timeinfo
Apple-News-Services-Handled
CDCHOST
X-Pool
X-Mvc-Supplant-OutputCached
L5d-Success-Class
W
X-Access
X-Human
X-Nginx-Cache-Key
X-Nyt-Route
X-Origin-Time
Ha-Gx-Prefs
HA-Ipaddr
L
X-Hash
X-Ec-Custom-Error
We-Hiring
Mail-Subject
NGX
X-Varnishpool
Web-Mar-Region
Machine
X-Varnish-Beresp-Status
DSUID
X-Accel-Expires-Debug
On-Server
Origin-CC
RNT-Machine
Req-Svc-Chain
Pramga
Release
RNT-Time
Server-Ext
Origin-EX
Sever-Int
Server-Hostname
X-App-Name
Fastly-GeoIP-CountryCode
X-Var-Ttl
X-BBC-Edge-Cache-Status
X-NGINX-Cache
X-AIR-PT
X-Contensis-Viewer-Groups
BehaviorPad-Version
Cluster
X-Cache-Aspx
X-Ad-Load-Variation
Debug
Gh-Request-Id
X-Location
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-RateLimit-Reset
X-Varnish-Authentication
X-Auto-Login
X-Depends
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
X-WA-Info
X-Varnish-Hits
X-Device-Os
X-LB-ID
Redirect-Candidate
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-From
X-MP-GENERATED-AT
X-Via-Popv
Pics-Label
X-APP
X-HA-Backend
X-NCache
Fastly-Drupal-HTML
X-Via-Poph
X-Via-Popn
X-Up
X-Zone
X-VHOST
X-Akamai-Transformed
X-Newrelic-Synthetics
CloudFront-Viewer-Country
GeoIP-Latitude
X-Content-Length
X-Jungle-Id
CDN-RequestId
SID
X-LiteSpeed-Tag
X-CACHE-AGE
X-Parent-Response-Time
X-Refresh
X-Cache-Backend
X-Vdms-Path
X-B3-Parentspanid
X-Servedbyhost
X-Origin-Cache-Key
X-Nc
X-LB-NoCache
X-Nananana
WP-Super-Cache
Vc-Max-Age
X-Uri
X-ZONE
X-Datadome
X-Dispatcher-Number
Resin-Trace
X-CACHE-KEY
Fastly-Drupal-Html
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-Cached-By
X-ApacheServer
X-Wa
X-RequestId
Server-ID
X-M-Log
X-PERF
X-Render-Time
Product
Datacenter
X-M-Reqid
X-VC-TTL
Cdn
NtCoent-Length
X-B3-Spanid
GeoIp-Country-Code
X-CS
X-Ckpd-Fst-Backend
FSS-Cache
X-Amz-Meta-Cb-Modifiedtime
X-Fpc
S-Rt
Locid
X-Bug-Bounty
X-IAuth-Set-Uid
X-Varnish-Beresp-TTL
Serverhost
X-VCache
ServerName
True-Client-Ip
Uri
X-Esi
X-TX-ID
X-HostName
X-SERVER-NAME
X-HubSpot-Correlation-Id
X-Srv
X-Nf-Country
True-Client-IP
X-Nf-Ats-Version
X-Nf-Language
X-TT-LOGID
Tcn
X-CLOUD-TRACE-CONTEXT
X-Original-Request-Id
GeoIP-Country-Code
X-Response-Served-From
X-Old-Content-Length
X-TIME
CDN
X-Dynatrace-Js-Agent
Ngx-Var-Key
X-Cdn-Cache-Status
X-Akamai-Device-Characteristics
X-NewRelic-App-Data
Srv
X-FPC
X-Vmg-Version
Request-ID
X-Cdn-Forward
X-Info
X-WA
X-Vc
ServerHost
User-Agent
X-Gamma-Serve
CacheControlHeader
X-Vgn-Hpd-Reason
Cf-Ipcountry
X-TH-Server
Xc-Version
X-Moov-T
X-Hit
Server-Id
X-Moov-Xdn-Version
X-COUNTRY
Hostname
X-APP-VERSION
X-Platform-Cluster
X-Dispatch
X-FL-QIT-DEBUG
X-Webkit-Csp-Report-Only
Srvid
X-NC
Expect-Staple
X-Platform-Router
X-Platform-Processor
X-Presslabs-Stats
X-VCL-Version
X-Geo
Geoip-Latitude
X-Lb-Nocache
X-Amz-Meta-Opti
Cf-Device-Type
Cneonction
X-Limited
X-Destination
Cloudfront-Viewer-Country
X-B-Cookie
X-Application
X-V
Cross-Origin-Embedder-Policy-Report-Only
X-User
X-S-Cookie
X-ServedByHost
X-External-Request-Id
X-Oracle-DMS-ECID
X-Via-PopN
X-Via-PopV
PICS-Label
X-Via-PopH
Origin-Trial
X-Zen-Fury
X-Ha-Backend
N-Cache
X-App
X-New
X-Platform-Server
X-Rollout
X-Eligible
Permission-Policy
WZWS-RAY
X-Correlation-ID
X-Ua
X-Sigma-Backend
X-Sigma
X-Proxy-CacheRZ
X-Cache-Date
X-Rocket-Build-Number
XkeyRZ
Epwk-X-Cache
X-Instance-Name
X-Akamai-Pragma-Client-IP
Ohc-File-Size
Rtss
X-Check-Cacheable
X-ElasticPress-Query
X-Sqd-Stime
X-Internal-TTL
X-Sqd-Ctime
X-VServer
X-Lb-Id
X-Ftr-Request-Id
X-Segment-20210421
X-Branch-Name
X-MSEdge-Flight
X-Web-Server
X-MiniProfiler-Ids
X-API-Version
X-Serial
X-MSEdge-Features
X-Wp-Cf-Super-Cache
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-SIPLIST1
X-Datacenter
X-Path
IsBot
X-EC-Lua
Cl-Cache
X-Acquia-Purge-Tags
Timeexpire
X-Acquia-Site
X-Acquia-Application-UUID
Cmstype
X-Service-Response-Time
Cmsid
X-Acquia-Application-Trace
Sm-Log-Id
CountryCode
X-LAGOON
X-CSRF-TOKEN
X-CDN-Origin
Servername
X-Litespeed-Cache-Control
X-Th-Server
X-Via-SSL
X-Traceid
X-RAMCache
Fl-Custom-Application
X-Via-Edge
X-Via-CDN
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Edge-Copy-Time
X-Dw-Trace-Id
X-VTEX-Cache-Backend-Header-Time
X-Fastly-Backend-Reqs
X-Sorting-Hat-Shopid
Warning
Ohc-Cache-HIT
X-Sorting-Hat-Podid
X-Shopid
X-Origin-Upstream-Status
X-Shardid
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-Snapshot-Date
X-Ramcache
X-Udemy-Cache-App-Namespace
Ngx
Wpo-Cache-Message
Wpo-Cache-Status
X-VTEX-Cache-Backend-Connect-Time