Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
X-AspNet-Version
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Request-ID
Server-Timing
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Via
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
Permissions-Policy
X-Robots-Tag
X-AH-Environment
X-UA-Device
X-Server
X-Hacker
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Allow
X-Server-Powered-By
X-LiteSpeed-Cache
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
Cf-Railgun
EagleEye-TraceId
X-Host
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Nginx-Cache-Status
X-Country
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Litespeed-Cache
Rating
X-CST
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-Webkit-Csp
X-Daa-Tunnel
Nginx-Cache
Cross-Origin-Opener-Policy
X-Server-Name
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
Accept-Ch
X-Powered-By-Plesk
X-Cnection
X-ESI
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Element-Page-Cache
X-GitHub-Request-Id
X-D2id
X-Ac
Edge-Control
X-Exp-Variant
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
Verso
X-MS-InvokeApp
X-ECACHE
X-Upstream
X-Cache-TTL
X-Vcap-Request-Id
X-Abt-Application-Version
AR-CACHE
X-Ser
X-Navigation-Version
X-FastCGI-Cache
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-B3-TraceId
X-Mod-Pagespeed
Fastly-Restarts
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Client-IP
X-Kinsta-Cache
X-Edge-Location-Klb
X-Mg-S
Edge-Cache-Tag
X-Goog-Hash
X-Sol
X-Middleton-Display
Display
Pagespeed
S
X-Powered-CMS
X-ARC
X-Ratelimit-Limit
Cache-Status
X-Version
Access-Control-Request-Method
X-Amzn-Trace-Id
X-Middleton-Response
Response
X-VARITI-CCR
X-PDP-UNCACHING-HASH
X-Cache-Key
X-TTL
X-Fastly-Request-ID
RTSS
X-Content-Digest
X-TraceId
X-Ua-Device
Cross-Origin-Resource-Policy
Realpath
X-T
X-Forwarded-For
X-Ruxit-Js-Agent
X-Ratelimit-Remaining
X-Recruiting
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-RateLimit-Remaining
Front-End-Https
X-Correlation-Id
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
Content-MD5
X-Varnish-TTL
X-Protected-By
X-HS-Hub-Id
X-Forwarded-Proto
X-Ua-Browser
X-HS-Content-Id
X-HS-Cache-Config
Public-Key-Pins
X-FTR-Balancer
X-Aws-Lambda-Call-Status
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-Request-Processing-Time
X-Request-Received
X-Frontend
Server-Node
Payment
MicrosoftSharePointTeamServices
TP-Cache
X-LLID
X-PressLabs-Stats
Arr-Disable-Session-Affinity
X-HS-Combine-CSS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-FTR-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Server-ID
X-Distributor
X-Accel-Expires
Count-Hit
X-GUploader-UploadID
X-Origin-Server
X-NODE
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-LB-Cache
X-Ezoic-Cdn
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Request-Handler-Origin-Region
X-Microsite
X-Az
X-AppVersion
X-Activity-Id
X-Varnish-Server
X-Cluster-Name
X-ORACLE-DMS-ECID
Host
X-App-Server
X-Varnish-Backend
Cache-Tags
Retry-After
X-Www-Served-By
X-Amz-Meta-S3cmd-Attrs
X-Newrelic-App-Data
X-Content-Security-Policy-Report-Only
Accept-Charset
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Server-Name
Cleartype
X-Goog-Metageneration
X-ASPNET-VERSION
X-Hits
Filterid
X-Envoy-Decorator-Operation
X-Unique-Id
X-CSRF-Token
X-Git-Hash
X-Hostname
Access-Control-Allow-Method
X-Azure-Ref
Referer-Policy
X-Upgrade-Enabled
X-Geo-Country
X-Load-Cache
X-NGENIX-Cache
X-Ttl
TP-L2-Cache
X-Debug
X-Tt-Trace-Host
X-Logged-In
X-Seen-By
X-Id
X-Tt-Trace-Tag
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Time
X-Proxy
X-CCDN-Origin-Time
X-FB-Debug
X-Varnish-Ttl
X-B3-Sampled
X-Grace
X-F-Cache
DC
X-Amz-Apigw-Id
X-B
X-Request-Guid
X-XRDS-LOCATION
X-Trace-Id
Section-Io-Cache
X-Revision
X-Amzn-RequestId
X-DIS-Request-ID
Healthy
X-Type
X-Cache-Control
X-TT
X-Fb-Rlafr
TCN
X-Contextid
Viewport
Paypal-Debug-Id
X-Mobile
Surrogate-Key
X-N
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-WP-CF-Super-Cache
X-Goog-Stored-Content-Length
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Storage-Class
X-Debug-Info
Fastly-SIE
X-Page-Id
Fastly-SWR
X-Px
Content-Disposition
X-Whom
X-Webkit-CSP
X-Via-JSL
Version
X-Origin-Cache
X-Varnish-Grace
X-Datadog-Trace-Id
X-Content-Options
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Template
X-Magnolia-Registration
Charset
X-Oracle-Dms-Ecid
X-Cache-Grace
X-Wix-Request-Id
X-Cache-Age
X-Amz-Replication-Status
X-ProcessESI
X-App-Environment
X-RemovedCookies
X-Tumblr-Pixel
X-RTag
X-Node-Name
MS-CV
Ms-Operation-Id
X-Tumblr-Pixel-0
X-Rule
X-Tumblr-Pixel-1
X-Tumblr-User
X-UUID
X-Signature
SD-X-WS
X-Debug-IsPreview
X-G
VIX-Pulpo-Upstream-Status
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-B-Cache
X-Source
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Debug-IsConnected
X-Datadog-Sampled
VIX-Pulpo-Node
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-Environment-Context
X-Cacheable-TTL
ServerID
X-NWS-UUID-VERIFY
X-Backend-Name
X-FW-Server
X-FW-Type
X-Adobe-Content
X-Adobe-Loc
X-Storage
X-User-Agent
X-Region
X-FW-Version
X-Instance
X-L-Path
SRV
X-FW-Static
X-Proxy-Cache-Info
X-Cache-Hit
X-Rendered-As
X-Language
X-ServerID
X-NYM-Debug-Backend
X-Is-Bot
X-Status
X-Real-IP
NGB
X-Device-Type
Country
GEO-INFO
X-B3-SpanId
X-IPS-LoggedIn
Countrycode
X-Rid
X-Amzn-Remapped-Content-Length
Liferay-Portal
Cross-Origin-Window-Policy
X-Origin-Cache-Key
Akamai-GRN
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
X-RM-Cache-TTL
X-Wormhole-Sdk
Front
OT-Force-Account-Verify
X-Oracle-Dms-Rid
X-Framework
X-Servername
X-UA
X-Ratelimit-Reset
From-Origin
X-VC-Cache
X-RateLimit-Limit
X-AB
X-WebKit-CSP-Report-Only
X-Mode
X-Air-Hostname
X-VC
X-Air-Trace-Id
X-Air-Source
Amp-Access-Control-Allow-Source-Origin
Backend
Xet-Cookie
X-Content-Powered-By
X-Akamai-Request-ID2
Upgrade-Insecure-Requests
X-Nginx-Cache
X-URL
X-Xrds-Location
X-Air-Pt
X-INCAP-ABP
X-Cache-Time
Refresh
X-RID
X-Handled-By
X-Edge-Location
Accept-Language
X-Endurance-Cache-Level
Meta-Geo
X-Xfnlog-Site
X-Rn-Rsrv
Filters
Cache
X-SaId
X-RCS-CacheZone
X-RateLimit-Reset
X-Rewrite-Enabled
X-JoinUs
X-SRV
X-UPSTREAM-Address
X-DataDome
X-Cache-Operation
X-Cache-Rule
X-No-Session
X-Lambda-Id
X-PHP-Host
Property-Id
X-Provided-By
X-Origin-Date
Webcakes-App-Version
Webcakes-Region
X-AWS-Id
X-Webstats-RespID
Webcakes-App-Name
X-Routing-Service
X-Tumblr-Pixel-2
X-Reqid
X-Hosted-By
X-Cloudmap
X-Cluster
X-Origin-Hint
X-Generated-By
X-Git-Commit
X-Proxied
X-Extlb
X-Container-Uri
X-Zipkin-Id
X-VWS-Id
X-Varnish-Age
TWC-Privacy
X-LJ-Flow-ID
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-GeoIP-Country
X-Labrador-Cache-Channel
ServedBy
X-Cache-Status-Check
X-Cache-Debug
Access-Control-Request-Headers
Apigw-Requestid
X-Locale
Webserver
X-Adobe-Source
X-Fetched-On
X-Skip-Cache
X-Served-From
X-Forwarded-Host
X-Web-Node
X-Logging-Id
X-Redis-Cache
X-Tncms
Web-Mar-Node
Url
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Restarts
X-Tb
X-IPLB-Instance
X-Scope-Id
X-Akamai-Edgescape
Section-Io-Id
X-Loop
X-Accel-Version
X-IPLB-Request-ID
X-Site-Version
X-Cms-Context
X-HTML-Minification-Powered-By
Atl-Traceid
WPO-Cache-Message
Frame-Options
WPO-Cache-Status
X-Cache-Host
X-Origin
X-ProxyCache-Key
X-Proxy-Build
X-Tcp-Rtt
X-Azure-Ref-OriginShield
X-Say-TTL
X-Say-Cacheable
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
Selected-Fe
X-Geo-Region
X-Httpd
X-BYPASS-REASON
X-Browser-Name
X-SayCDN-TTL
X-ProxyCache-Status
X-Shopify-Stage
X-Ms-Version
X-Upstream-Ct
X-Ms-Request-Id
X-Is-Mobile
X-Upstream-Ht
X-Is-Desktop
X-VCT
X-Varnish-Beresp-Grace
X-Frame-Option
X-Is-Supported-Browser
X-Format
X-Director
X-Is-Tablet
X-Soup
X-Varnish-Cache-Hits
X-Timing-Wait
X-Detected-As
X-GeoCode
X-S
X-GeoCountry
Xserver
Cache-Hits
X-Origin-TTL
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-Api-Version
X-Origin-CC
X-ShardId
X-Drupal-Cache-Tags
X-Optimistic-Header
X-Ismobilevalue
LB
X-Drupal-Cache-Contexts
X-CMSURLCustom
Thinkindot-CacheControl-Type
X-Request-URI
X-Generation-Time
X-Thinkindot-L3
Thinkindot-CacheControl
TDXMobile
X-Shield-Cache-Expires
Thinkindot-Control
X-CDN-Forward
X-Lagoon
Source
X-Vcache
X-Cdn-Origin
Fastcgi-Useragent
Onion-Location
X-Connection-Hash
Expiry
Protected
X-Fastly-Request-Id
X-WP-CF-Super-Cache-Cookies-Bypass
X-Buckets
X-TA-CDN-Provider
X-B3-Traceid
X-Vercel-Cache
X-Vercel-Id
X-Worker
X-Fastcgi-Cache
Cdn-Requestid
X-Tt-Logid
AMP-Access-Control-Allow-Source-Origin
Azure-SiteName
Azure-SlotName
Azure-Version
X-PHP-Backend
Azure-InstanceId
Azure-RegionName
X-Pass-Why
X-Rocket-Nginx-Serving-Static
X-Cache-Expired-At
X-Vcl-Version
Node
X-Mg-Request-UUID
X-App-Version
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-Cache
CDN-Uid
X-ECache
X-ID
CDN-CachedAt
CDN-EdgeStorageId
Sid
Cross-Origin-Embedder-Policy
X-Cache-Action
X-Aspnetmvc-Version
Priority
Environment
X-Tumblr-Pixel-3
X-GEO
Uber-Trace-Id
X-Proxy-Cache-Status
X-XRDS-Location
X-Cluster-Node
Locale
X-Cache-Server
X-Server-W
X-Urbn-Context-Path
X-Urbn-Site-Id
DB-Nickname
Cache-Tv-Group
Alternate-Protocol
HostName
CF-IPCountry
X-Jobs
User-Cache-Control
X-FB-TRIP-ID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Auth-Group-Type
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
X-Nf-Request-Id
X-Client-Ip
X-AIR-PT
X-Service
A
Wxu-Next-Hostname
X-Generated-On
X-Gen-Mode
X-Fastly-Backend
X-GeoIP-City
X-Gzip
X-Ig-Origin-Region
X-Hnp-Log
X-Esi-Check
X-Epic-Correlation-Id
X-Developer
X-D
X-Device-Os
X-Dispatcher-Server
X-Ec-GeoHdr
X-Ec-Fail
X-Ig-Push-State
X-Level-Front-Cache
X-UA-Device-Type
X-TIM-N
X-SRCache-Key
X-V-Cache
X-Vdms-Version
X-Vtex-Remote-Cache
X-Viewer-Country
X-ScT
X-SB
X-ND-Cache
X-NCache
X-Op-Id-All
X-Org
X-Rojux
X-Origin-Expires
X-Custom-Header
X-Content-Age
Odigeo-Trace-Id
Ngx.Var.Host
Meta-Geo-Continent
Origin
Origin-Agent-Cluster
Sslversion
Rendered-Blocks
MD5-Digest
Magicmarker
DCR-Decision-By
Content-Secure-Policy
DCR-Processing-Time-Ms
Edge-Cache
Lang
Gannett-Cam-Experience-Id
Surrogated-Key
T-Server
X-Bl-Debug
X-BCube-Filmed-By
X-Bc-Bl
X-Block-Status
X-Cache-Id
X-Conf
X-Cache-NE
X-Aed
X-A-Wwc
Wxu-Next-Region
Wxu-Next-Commit
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Dcw
Candidate-Md5Url
X-A
X-LSADC-Cache
X-Dc
X-MP-GENERATED-AT
X-Pad
X-Tx-Id
X-Geo-Header
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-GeoIP
X-Gdpr
X-Fastly-Cache
X-FC-Vary-Parameters
X-Forwarded-Site
X-GoCache-CacheStatus
X-HS-Content-Campaign-Id
X-Men
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Loc
X-Node-Id
X-NMSegId
X-Debug-Cache-Store
X-HN
X-Clientip
V-Age
Vix-Hermes-Req-Id
X-AK-Request-ID
Ssr
Sever-Int
Server-Ext
Server-Host
Server-Hostname
X-Amz-Storage-Class
X-App-Name
X-CacheTTL
X-Cdn-Srv
X-Nyt-Route
X-Cache-Info
X-Cache-Bucket
X-Auto-Login
X-Backend-Instance
X-Bip
X-Debug-Cache-Fetch
X-Origin-Time
XM
Cdn-Host
Cdn-Request-Time
Country-Code
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VG-WebCache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Cache-TTL-Remaining
X-Core-Value
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Via-Fastly
X-Req
X-Fmm-Version
X-DefElseHash
X-DefHash
X-Edge-Server
X-VarnishDD-TTL
X-Varnish-Hostname
X-Pubstack
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Region-Sid
X-Proto
X-Powered-By-VTEX-Cache
X-PAYTM-SRV-ID
X-Platform
X-Policy
X-Request-Time
X-Scheme
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Thanos
X-Varnish-Director
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SD-PageType
X-Server-IP
X-Sn-Servicetimems
Req-ID
X-Origin-Response-Time
Fastly-SSL
CDCHOST
X-Tec-Api-Root
Cache-Provider
Origin-EX
Fastly-Backend-Name
X-Tec-Api-Origin
Origin-CC
C-Via
PFcat
NM-Fastcgi-Cache
Content-Script-Type
Content-Style-Type
X-Tec-Api-Version
AKAMAI
Cdnsip
Powered-By
Cdncip
Host-ID
X-HITS
Mime-Version
X-Varnish-Beresp-Ttl
X-DC
X-Mvc-Supplant-OutputCached
X-Up
HA-Ipaddr
Ha-Gx-Prefs
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-Ec-Custom-Error
X-VG-TLSProxy
X-Eu-Site
Tube-Return
Gh-Request-Id
X-Mly-Id
X-Jungle-Id
Fastly-GeoIP-CountryCode
X-From
X-DPWN-IS-SECURE
Tube-Got-Results
X-Hash
X-Location
X-B3-Trace-ID
X-BBC-Edge-Cache-Status
X-Micro-Cache
DSUID
X-Human
X-Pool
X-Slack-Shared-Secret-Outcome
Apple-News-Services-Host
Click-Count-Action-Start
X-Slack-Backend
Click-Count-Error
Is-Eu
Esi-Enabled
Adler-Geo
Apple-News-Services-Handled
X-Varnish-Beresp-Status
X-Varnishpool
X-Varnish-Authentication
X-Var-Ttl
Yak-Timeinfo
X-We-Are-Hiring
Apple-News-Services-Parsed-Url
X-Section
X-WA-Info
X-Proxied-Request
RNT-Machine
Cluster
Tube-Get-Contents
RNT-Time
Req-Svc-Chain
Canary
Platform
Apple-News-Services-Request-Url
Producers
Cache-Key
X-Request-Host
X-Request-Start
Tube-Got-Eval
X-NodeID
True-Client-Country-4JS
W
X-CGP
Machine
Pramga
We-Hiring
Web-Mar-Region
On-Server
X-Csrf-Jwt
X-Accel-Expires-Debug
X-CUA
X-Contensis-Viewer-Groups
Proxy-Firewall
Mail-Subject
Release
X-Cache-Backend
X-Cache-Aspx
X-LiteSpeed-Cache-Control
X-Depends
X-Aicache-OS
L5d-Success-Class
X-Date
X-Access
L
X-Zone
NGX
X-Vdms-Path
CDN-RequestId
X-Uri
X-Cs
Debug
X-LB-ID
WP-Super-Cache
X-Newrelic-Synthetics
X-Varnish-Hits
Redirect-Candidate
X-Cache-FS-Status
X-NGINX-Cache
X-CACHE-GROUP
X-Akamai-Transformed
X-Via-Popn
X-Render-Time
X-Refresh
X-PERF
X-Via-Popv
X-ApacheServer
Pics-Label
X-Via-Poph
X-Datadome
X-HA-Backend
CloudFront-Viewer-Country
Server-Info
X-VHOST
X-Nananana
X-Original-Request-Id
X-Response-Served-From
Fastly-Drupal-HTML
SID
X-Servedbyhost
X-VC-TTL
X-M-Log
X-M-Reqid
BehaviorPad-Version
Fastly-Drupal-Html
X-TT-LOGID
X-Parent-Response-Time
GeoIP-Latitude
X-LB-NoCache
X-CACHE-AGE
X-B3-Parentspanid
X-APP
Locid
X-Cached-By
Datacenter
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-VCache
Resin-Trace
X-Content-Length
X-CDN-Cache-Status
X-Amz-Meta-Cb-Modifiedtime
Server-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-CS
Cf-Ipcountry
GeoIp-Country-Code
X-LiteSpeed-Tag
X-IAuth-Set-Uid
NtCoent-Length
X-Old-Content-Length
X-Wa
X-Nc
Ngx-Var-Key
Cdn
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-ZONE
Uri
X-Vgn-Hpd-Reason
X-TX-ID
Tcn
FSS-Cache
X-Varnish-Beresp-TTL
X-NewRelic-App-Data
CDN
Vc-Max-Age
X-Fpc
True-Client-Ip
X-Dispatcher-Number
X-TH-Server
X-Esi
X-Moov-T
X-Moov-Xdn-Version
X-HostName
X-SERVER-NAME
Serverhost
Product
True-Client-IP
X-Srv
X-RequestId
Cross-Origin-Embedder-Policy-Report-Only
X-FPC
X-TIME
X-Oracle-DMS-ECID
X-Cdn-Forward
X-Dynatrace-Js-Agent
Srv
S-Rt
X-S-Cookie
X-WA
Cf-Device-Type
X-User
X-External-Request-Id
X-Destination
GeoIP-Country-Code
X-Application
X-B3-Spanid
X-Ckpd-Fst-Backend
X-B-Cookie
X-NC
Request-ID
X-Nf-Language
ServerName
X-Vc
X-Nf-Country
X-Nf-Ats-Version
X-Cdn-Cache-Status
X-Zen-Fury
X-Dispatch
X-Bug-Bounty
X-CACHE-KEY
X-Instance-Name
X-Rocket-Build-Number
Geoip-Latitude
X-Sigma-Backend
CacheControlHeader
X-Sigma
Server-Id
X-Cache-Date
X-APP-VERSION
X-HubSpot-Correlation-Id
X-Geo
Hostname
X-COUNTRY
X-Correlation-ID
Ohc-File-Size
X-Webkit-Csp-Report-Only
X-VServer
X-API-Version
X-FL-QIT-DEBUG
Srvid
X-Presslabs-Stats
X-Lb-Nocache
X-ServedByHost
X-Segment-20210421
X-Branch-Name
Origin-Trial
Cloudfront-Viewer-Country
Load-Balancing
X-Ha-Backend
X-Via-PopV
X-Via-PopN
X-Via-PopH
X-Akamai-Device-Characteristics
X-Vmg-Version
DataCenter
ServerHost
User-Agent
X-DynaTrace
X-VCL-Version
X-Info
X-Gamma-Serve
Epwk-X-Cache
X-DataCenter
Lb
X-Cache-Ttl
X-App
Cneonction
X-Limited
Xc-Version
Type
X-Ua
PICS-Label
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
X-MiniProfiler-Ids
X-Irp-Debug
Ohc-Cache-HIT
Cross-Origin-Opener-Policy-Report-Only
Expect-Staple
X-Owner
X-Web-Server
Sm-Log-Id
X-Core-Mission
X-Lb-Id
X-Datacenter
X-Service-Response-Time
X-Acquia-Application-Trace
X-Via-SSL
Cmsid
X-Sqd-Ctime
X-Sqd-Stime
Warning
Cmstype
X-Acquia-Site
X-Via-Edge
X-Aspnet-Duration-Ms
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Via-CDN
Cl-Cache
X-Is-Crawler
X-Amz-Meta-Opti
X-MSEdge-Flight
Edge-Copy-Time
X-Serial
X-Qloud-Router
X-Route-Name
X-Providence-Cookie
Timeexpire
X-Akamai-Pragma-Client-IP
X-Requestid
X-Flags
X-MSEdge-Features
X-Check-Cacheable
X-CSRF-TOKEN
X-LAGOON
Servername
X-Page-View
X-Litespeed-Cache-Control
CountryCode
X-Sorting-Hat-Podid
X-Origin-Upstream-Status
X-Shardid
X-Shopid
X-Sorting-Hat-Shopid
X-Sql-Count
X-Ramcache
X-Snapshot-Date
X-Th-Server
X-Http-Reason
IsBot
X-RAMCache
Ngx
X-SIPLIST1
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Sql-Duration-Ms
X-Amz-Meta-S3b-Last-Modified
X-IN-APIGATEWAYSSL