Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Request-ID
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
Permissions-Policy
X-Turbo-Charged-By
X-Proxy-Cache
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dispatcher
Cf-Apo-Via
X-Dns-Prefetch-Control
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Server-Id
X-Host
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
X-Node
Content-Location
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
P3p
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Url
Rating
X-Litespeed-Cache
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
X-Times
X-Vname
X-TtlSet
X-PC
Nginx-Cache
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Oneagent-Js-Injection
X-Browser-Type
X-Webkit-Csp
X-Edge
X-Mcache
X-Midtier
X-Server-Name
X-Powered-By-Plesk
X-Cnection
X-ESI
X-ECACHE
Edge-Control
X-D2id
X-GitHub-Request-Id
X-Element-Page-Cache
X-Upstream
X-MS-InvokeApp
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Ac
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Kinja-Build
Verso
X-FastCGI-Cache
X-B3-TraceId
X-Cache-TTL
Accept-Ch-Lifetime
X-Vcap-Request-Id
X-Ser
X-Abt-Application-Version
X-Navigation-Version
AR-CACHE
SPRequestDuration
X-Dw-Request-Base-Id
SPIisLatency
X-Mod-Pagespeed
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Fastly-Restarts
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Ruxit-Js-Agent
X-NF-Request-ID
X-Sol
X-Middleton-Display
X-Aws-Lambda-Call-Status
Pagespeed
Display
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
X-Edge-Location-Klb
X-Client-IP
S
X-Powered-CMS
X-Middleton-Response
X-Goog-Hash
Response
X-VARITI-CCR
Access-Control-Request-Method
X-Version
Cache-Status
X-Amzn-Trace-Id
X-Fastly-Request-ID
X-ARC
X-Cache-Key
RTSS
X-Ratelimit-Limit
X-Content-Digest
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-T
X-Recruiting
Realpath
X-Varnish-TTL
X-PDP-UNCACHING-HASH
X-RateLimit-Remaining
X-Correlation-Id
X-Ratelimit-Remaining
X-TTL
Front-End-Https
X-MSEdge-Ref
Fastcgi-Cache
X-Cached
MS-Author-Via
Content-MD5
X-Ua-Browser
X-HS-Cache-Config
X-Shield-Request-Id
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Request-Processing-Time
Server-Node
X-Request-Received
MicrosoftSharePointTeamServices
X-Protected-By
X-HS-Combine-CSS
Public-Key-Pins
X-Frontend
Payment
TP-Cache
X-LLID
Pinterest-Version
Pinterest-Generated-By
X-SRCache-Store-Status
X-Pinterest-Rid
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
X-Forwarded-Proto
X-Distributor
X-FTR-Expires
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Accel-Expires
X-ORACLE-DMS-RID
Count-Hit
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Server-ID
X-GUploader-UploadID
X-LB-Cache
X-NODE
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-Ttl
X-Content-Security-Policy-Report-Only
Host
X-AppVersion
X-Az
X-Activity-Id
X-Varnish-Server
X-TEC-API-ORIGIN
X-Cluster-Name
X-Varnish-Backend
X-TEC-API-VERSION
X-TEC-API-ROOT
Cache-Tags
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Www-Served-By
X-App-Server
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Retry-After
X-Ua-Device
X-PressLabs-Stats
Server-Name
X-Newrelic-App-Data
Cleartype
X-Hostname
X-CSRF-Token
X-Goog-Metageneration
X-Envoy-Decorator-Operation
X-Geo-Country
X-Origin-Cache-Key
X-Hits
Referer-Policy
X-NGENIX-Cache
X-Upgrade-Enabled
X-Git-Hash
TP-L2-Cache
Filterid
X-Unique-Id
X-Azure-Ref
X-DIS-Request-ID
X-Seen-By
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
Access-Control-Allow-Method
X-ORACLE-DMS-ECID
X-Tt-Trace-Tag
X-Load-Cache
X-Tt-Trace-Host
X-F-Cache
TCN
X-Proxy
X-Oracle-Dms-Ecid
X-Revision
X-Request-Guid
Section-Io-Cache
X-Grace
X-Trace-Id
X-Logged-In
DC
X-B
X-B3-Sampled
Healthy
X-Type
X-Amzn-RequestId
X-Contextid
X-Amz-Apigw-Id
X-Cache-Control
X-FB-Debug
Paypal-Debug-Id
X-Fb-Rlafr
X-TT
X-Debug
X-Debug-Info
X-Page-Id
X-Px
X-N
X-Id
X-Mobile
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Fastly-SIE
Fastly-SWR
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Time
X-Whom
X-XRDS-LOCATION
X-Varnish-Ttl
X-Oracle-Dms-Rid
Content-Disposition
X-Content-Options
Charset
X-Via-JSL
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Version
X-Varnish-Grace
X-Template
X-Webkit-CSP
X-Cache-Grace
X-Wix-Request-Id
X-Origin-Cache
X-Magnolia-Registration
X-App-Environment
X-RateLimit-Limit
X-B-Cache
X-B3-SpanId
X-Rid
X-Signature
VIX-Pulpo-Node
SRV
VIX-Pulpo-Upstream-Status
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel
X-Debug-IsPreview
X-EdgeConnect-Cache-Status
X-Tumblr-User
X-Rule
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Debug-IsConnected
X-Node-Name
SD-X-WS
X-Amz-Replication-Status
X-Hl-Ver
X-UUID
X-RTag
Ms-Operation-Id
MS-CV
X-G
X-FW-Serve
ServerID
X-FW-Type
X-FW-Version
X-Instance
X-FW-Static
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-Datadog-Sampled
X-Storage
X-Backend-Name
Surrogate-Key
X-Language
X-Adobe-Content
X-Yottaa-Optimizations
X-Adobe-Loc
X-Yottaa-Metrics
X-Is-Bot
X-Cacheable-TTL
X-NYM-Debug-Backend
NGB
X-Rendered-As
X-IPS-LoggedIn
X-Device-Type
GEO-INFO
Country
X-User-Agent
X-Environment-Context
X-Amzn-Remapped-Content-Length
X-L-Path
X-Cache-Hit
X-Region
X-Status
Liferay-Portal
X-Proxy-Cache-Info
X-Source
X-ServerID
X-NWS-UUID-VERIFY
X-Real-IP
Countrycode
Akamai-GRN
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
X-RateLimit-Reset
X-Sucuri-Cache
Amp-Access-Control-Allow-Source-Origin
OT-Force-Account-Verify
X-Cache-Age
X-Servername
X-UA
X-RM-Cache-TTL
X-VC-Cache
From-Origin
Front
X-WebKit-CSP-Report-Only
X-Framework
X-Air-Pt
X-Wormhole-Sdk
Upgrade-Insecure-Requests
Backend
X-Mode
X-INCAP-ABP
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Akamai-Request-ID2
X-AB
X-Content-Powered-By
Xet-Cookie
X-Cache-Time
X-Xrds-Location
X-Handled-By
Refresh
X-DataDome
X-URL
X-Nginx-Cache
X-Edge-Location
Accept-Language
X-Endurance-Cache-Level
X-JoinUs
Url
X-Origin-CC
Frame-Options
X-Origin-TTL
X-Rn-Rsrv
Meta-Geo
X-Xfnlog-Site
Filters
X-SaId
X-Rewrite-Enabled
X-UPSTREAM-Address
X-RCS-CacheZone
X-SRV
Property-Id
X-Cache-Rule
X-AWS-Id
X-Akamai-Edgescape
X-Tumblr-Pixel-2
Webcakes-App-Version
Webcakes-Region
Cache
X-VWS-Id
X-Origin-Date
X-Labrador-Cache-Channel
X-LJ-Flow-ID
TWC-Privacy
X-No-Session
Webcakes-App-Name
TWC-GeoIP-LatLong
X-PHP-Host
X-CDN-Forward
TWC-Connection-Speed
X-Origin-Hint
ServedBy
X-Cluster
X-Container-Uri
X-Reqid
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
X-Vcache
X-Cache-Operation
X-HTML-Minification-Powered-By
X-Git-Commit
X-Provided-By
Section-Io-Id
X-Routing-Service
Web-Mar-Node
X-Varnish-Cache-Hits
X-Accel-Version
X-Adobe-Source
X-Ratelimit-Reset
X-Proxied
Cache-Hits
X-R9-Blue-Green-Version
X-Fetched-On
X-Cache-Debug
X-Cms-Context
X-Restarts
X-Extlb
X-Web-Node
X-Hosted-By
X-Cloudmap
X-Zipkin-Id
X-IPLB-Request-ID
Webserver
Mn-Server-Ip
X-Webstats-RespID
X-Redis-Cache
X-Scope-Id
X-IPLB-Instance
X-XRDS-Location
X-Ms-Version
X-Say-TTL
Apigw-Requestid
X-Varnish-Age
X-Say-Cacheable
X-Frame-Option
X-ProxyCache-Status
X-BYPASS-REASON
X-Forwarded-Host
X-Format
X-Director
X-Drupal-Cache-Tags
X-ProxyCache-Key
X-SayCDN-TTL
X-Served-From
X-Loop
X-Ms-Request-Id
X-Upstream-Ct
X-Logging-Id
X-Tncms
X-Lambda-Id
X-Skip-Cache
X-Soup
X-Upstream-Ht
Atl-Traceid
WPO-Cache-Status
WPO-Cache-Message
X-Azure-Ref-OriginShield
X-Tb
Xserver
X-Storefront-Renderer-Rendered
X-Generation-Time
X-GeoCode
Thinkindot-CacheControl-Type
X-Varnish-Beresp-Grace
X-Thinkindot-L3
X-Detected-As
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
X-Cache-Host
X-VCT
X-GeoCountry
X-Sorting-Hat-ShopId
X-Generated-By
X-Shield-Cache-Expires
X-ShardId
X-Site-Version
TDXMobile
Thinkindot-Control
X-Alternate-Cache-Key
X-CMSURLCustom
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShopId
X-Locale
Thinkindot-CacheControl
X-Cache-Status-Check
X-Geo-Region
X-Is-Supported-Browser
X-Is-Tablet
X-S
X-Browser-Name
X-Is-Mobile
X-Tcp-Rtt
X-Httpd
X-Is-Desktop
X-VC
X-Buckets
X-Proxy-Build
X-Timing-Wait
LB
X-Cdn-Origin
Selected-Fe
X-Origin
X-Lagoon
X-RID
X-Worker
X-Rocket-Nginx-Serving-Static
Fastcgi-Useragent
Source
X-Request-URI
X-Vercel-Cache
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vercel-Id
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Optimistic-Header
Azure-RegionName
X-ID
Node
Protected
X-Connection-Hash
X-Pass-Why
Expiry
X-Vcl-Version
Onion-Location
CDN-PullZone
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-CachedAt
CDN-Uid
CDN-Cache
X-TA-CDN-Provider
CDN-RequestPullSuccess
X-App-Version
X-Api-Version
X-GEO
Cross-Origin-Embedder-Policy
X-Cache-Expired-At
X-Tumblr-Pixel-3
X-Tec-Api-Origin
X-Nf-Request-Id
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Server
X-Ismobilevalue
Environment
X-Client-Ip
Alternate-Protocol
X-Server-W
AMP-Access-Control-Allow-Source-Origin
DB-Nickname
Cdn-Requestid
Uber-Trace-Id
X-Proxy-Cache-Status
X-Tt-Logid
X-Jobs
CF-IPCountry
X-Cache-Action
Priority
X-PHP-Backend
X-DC
X-Fastly-Request-Id
X-Cluster-Node
X-Urbn-Site-Id
CDN-RequestId
X-Urbn-Context-Path
Locale
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Mg-Request-UUID
X-Fastcgi-Cache
User-Cache-Control
X-B3-Traceid
Sid
X-LSADC-Cache
X-Tx-Id
Fusion-Template-Id
Cache-Tv-Group
Fusion-Content-Source
Fusion-Deployment-Id
X-MP-GENERATED-AT
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Vtex-Remote-Cache
X-Bl-Debug
X-UA-Device-Type
X-Conf
X-Content-Age
X-D
X-Developer
X-Jungle-Id
X-Cache-NE
X-Vdms-Version
X-BCube-Filmed-By
X-Block-Status
X-Cache-Id
X-Varnish-Hostname
X-Viewer-Country
X-Aed
Content-Secure-Policy
Origin
Origin-Agent-Cluster
Rendered-Blocks
Sslversion
Server-Host
DCR-Decision-By
DCR-Processing-Time-Ms
Magicmarker
Lang
MD5-Digest
Edge-Cache
Ngx.Var.Host
Meta-Geo-Continent
Surrogated-Key
T-Server
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-TIM-N
A
X-A-Ccd
X-A
Vix-Hermes-Req-Id
Candidate-Md5Url
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Auth-Group-Type
HostName
X-NCache
X-GeoIP-City
X-FB-TRIP-ID
X-Rojux
X-Varnish-Beresp-Ttl
X-ScT
X-SB
X-ND-Cache
Gannett-Cam-Experience-Id
X-Generated-On
X-Powered-By-VTEX-Cache
X-Gen-Mode
X-Origin-Expires
X-Op-Id-All
X-Org
X-Gzip
X-Esi-Check
X-Ec-Fail
X-Ig-Push-State
X-SRCache-Key
X-Ig-Origin-Region
X-Level-Front-Cache
X-Ec-GeoHdr
X-Hnp-Log
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Device-Os
X-Origin-Response-Time
X-Geo-Header
X-Nginx-Cache-Key
X-Nyt-Route
X-PAYTM-SRV-ID
X-Platform
Host-ID
X-Origin-Time
X-NMSegId
Server-Hostname
Origin-EX
X-HN
Origin-CC
X-GeoIP-Country-Code
X-Mvc-Supplant-Cachable
X-GeoIP-Region-Code
X-Policy
X-HS-Content-Campaign-Id
NM-Fastcgi-Cache
X-GeoIP
Server-Ext
X-Loc
PFcat
Powered-By
Ssr
X-Gdpr
X-Cache-Bucket
X-SD-PageType
X-Cache-Info
X-VarnishDD-TTL
X-Vdms-Path
X-VG-WebCache
X-Scheme
X-Varnish-Director
X-Cache-TTL-Remaining
X-Core-Value
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Tb-Optimization-Total-Bytes-Saved
X-Edge-Server
X-Cdn-Srv
X-V-Cache
X-Via-Fastly
X-Bc-Bl
X-Test
X-AK-Request-ID
X-Request-Time
X-Req
X-RateLimit-Remaining-Second
X-Pubstack
X-RateLimit-Limit-Second
X-Amz-Storage-Class
X-App-Name
X-Auto-Login
X-Backend-Instance
X-Fastly-Cache
X-FC-Vary-Parameters
X-Fmm-Version
Odigeo-Trace-Id
XM
X-Proto
Sever-Int
Cdn-Host
AKAMAI
Fastly-Backend-Name
Cdn-Request-Time
Content-Style-Type
Cdnsip
Fastly-SSL
Cdncip
Content-Script-Type
CDCHOST
X-Service
Cache-Provider
C-Via
X-Newrelic-Synthetics
X-SVT-ORM-RULES
X-Thanos
X-BBC-Edge-Cache-Status
X-SVT-ORM-VERSION
X-Section
X-Aicache-OS
X-B3-Trace-ID
X-Sn-Servicetimems
Adler-Geo
X-Uri
Cache-Key
Web-Mar-Region
We-Hiring
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-Response-Served-From
Apple-News-Services-Handled
X-Ad-Load-Variation
X-Cache-Aspx
X-Ec-Custom-Error
X-Human
X-DPWN-IS-SECURE
X-Location
X-Men
X-Zone
X-GoCache-CacheStatus
X-HITS
X-Fastly-Backend
X-ECache
X-Forwarded-Site
X-Eu-Site
X-From
X-Micro-Cache
X-Mly-Id
X-Proxied-Request
X-Pool
X-Cache-Backend
W
X-Bip
X-Request-Start
X-CGP
X-Clientip
X-Csrf-Jwt
X-Mvc-Supplant-OutputCached
X-Node-Id
X-Contensis-Viewer-Groups
X-NodeID
X-Original-Request-Id
Apple-News-Services-Request-Url
Canary
X-Wikidot-Backend
X-Wikidot-Static-Cache
Cluster
On-Server
Platform
Click-Count-Action-Start
X-We-Are-Hiring
Redirect-Candidate
Producers
Pramga
Country-Code
X-Custom-Header
Fastly-GeoIP-CountryCode
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Is-Eu
L
Mail-Subject
Esi-Enabled
Machine
L5d-Success-Class
Req-ID
Click-Count-Error
X-VG-TLSProxy
RNT-Machine
X-Varnish-Beresp-Status
True-Client-Country-4JS
RNT-Time
Tube-Got-Eval
Tube-Get-Contents
V-Age
X-Varnish-Authentication
Req-Svc-Chain
Tube-Return
Tube-Got-Results
X-Varnishpool
X-Accel-Expires-Debug
X-Region-Sid
X-CUA
X-Slack-Shared-Secret-Outcome
DSUID
X-Var-Ttl
X-Hash
X-Date
NGX
Yak-Timeinfo
X-WA-Info
Proxy-Firewall
Release
X-Slack-Backend
X-LiteSpeed-Cache-Control
X-Up
X-CacheTTL
X-TT-LOGID
WP-Super-Cache
SID
X-AIR-PT
X-Varnish-CookieHashed-On
X-ApacheServer
X-Server-IP
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-NGINX-Cache
Debug
X-Request-Host
X-DefElseHash
X-CACHE-AGE
X-Render-Time
X-PERF
X-DefHash
X-Varnish-Hits
Mime-Version
Fastly-Drupal-HTML
X-Pad
X-Dc
X-Refresh
X-Depends
X-Nananana
X-COUNTRY
Pics-Label
X-LB-ID
X-CACHE-GROUP
X-Via-Popv
X-Cs
X-Via-Poph
X-Via-Popn
X-HA-Backend
CloudFront-Viewer-Country
X-Akamai-Transformed
X-Parent-Response-Time
X-Servedbyhost
X-Cache-FS-Status
Datacenter
X-VHOST
Locid
GeoIP-Latitude
X-LB-NoCache
X-VC-TTL
X-Datadome
X-M-Log
X-M-Reqid
X-Amz-Meta-Cb-Modifiedtime
X-Presslabs-Stats
X-Platform-Cluster
X-SERVER-NAME
X-B3-Parentspanid
X-Platform-Router
X-Cached-By
X-Platform-Processor
Server-Info
X-CS
Server-ID
X-TIME
X-Old-Content-Length
BehaviorPad-Version
X-CDN-Cache-Status
Ngx-Var-Key
X-Litespeed-Tag
Cdn
X-LiteSpeed-Tag
Resin-Trace
GeoIp-Country-Code
X-APP
X-Wa
X-Nc
Cf-Ipcountry
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
X-Vc
X-TH-Server
X-Moov-T
X-Moov-Xdn-Version
Cross-Origin-Embedder-Policy-Report-Only
X-Vgn-Hpd-Reason
X-IAuth-Set-Uid
X-Fpc
X-Content-Length
X-VCache
FSS-Cache
X-NewRelic-App-Data
NtCoent-Length
True-Client-IP
Uri
X-S-Cookie
X-Application
X-B-Cookie
X-User
Cf-Device-Type
X-Destination
X-External-Request-Id
X-Esi
CDN
X-Dynatrace-Js-Agent
X-ZONE
X-HostName
X-TX-ID
X-Srv
X-Varnish-Beresp-TTL
True-Client-Ip
X-Zen-Fury
X-Dispatcher-Number
Serverhost
Vc-Max-Age
S-Rt
X-RequestId
X-Sigma
Tcn
X-Cache-Date
X-Rocket-Build-Number
X-Sigma-Backend
X-Instance-Name
X-Oracle-DMS-ECID
X-VServer
GeoIP-Country-Code
Hostname
X-HOST
Product
X-API-Version
Srv
Request-ID
Load-Balancing
X-WA
X-Branch-Name
X-Dispatch
X-FPC
X-DynaTrace
X-NC
X-Segment-20210421
X-Cdn-Cache-Status
X-Flags
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-CACHE-KEY
X-Cdn-Forward
X-Route-Name
X-Ckpd-Fst-Backend
X-B3-Spanid
Ohc-File-Size
X-APP-VERSION
X-Bug-Bounty
Geoip-Latitude
Srvid
X-FL-QIT-DEBUG
X-DataCenter
X-Webkit-Csp-Report-Only
Server-Id
X-Page-View
CacheControlHeader
X-Lb-Nocache
X-Geo
ServerName
Type
X-ServedByHost
X-Irp-Debug
DataCenter
Origin-Trial
X-Sql-Count
X-VCL-Version
X-Nf-Language
X-Nf-Country
X-Nf-Ats-Version
X-HubSpot-Correlation-Id
X-Sql-Duration-Ms
X-Http-Reason
Epwk-X-Cache
Cloudfront-Viewer-Country
Cl-Cache
X-Cache-Ttl
Cneonction
X-Correlation-ID
X-Akamai-Device-Characteristics
X-Vmg-Version
User-Agent
X-App
PICS-Label
Ohc-Cache-HIT
Cross-Origin-Opener-Policy-Report-Only
X-Ha-Backend
X-Ua
X-Via-SSL
X-SIPLIST1
X-Owner
X-Via-CDN
X-Via-PopH
X-Via-Edge
Edge-Copy-Time
X-Via-PopV
IsBot
X-Via-PopN
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
X-Lb-Id
X-Gamma-Serve
MIME-Version
Cmsid
Cmstype
ServerHost
X-Info
X-Proxy-CacheRZ
WZWS-RAY
CountryCode
X-Core-Mission
X-MiniProfiler-Ids
XkeyRZ
Lb
X-Service-Response-Time
Sm-Log-Id
X-Acquia-Purge-Tags
X-MSEdge-Features
X-Acquia-Application-UUID
X-Sqd-Stime
X-Acquia-Application-Trace
X-Datacenter
X-MSEdge-Flight
X-Qloud-Router
Warning
X-Acquia-Site
X-Sqd-Ctime
Xc-Version
X-Fastly-Country-Code
N-Cache
X-Web-Server
X-Limited
X-LAGOON
X-Hit
Servername
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Amz-Meta-Opti
X-Serial
X-Th-Server
X-Check-Cacheable
X-RAMCache
X-Akamai-Pragma-Client-IP
X-Ramcache
X-Snapshot-Date
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
X-Requestid
Ngx
X-Dw-Trace-Id