Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
CF-Ray
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-LiteSpeed-Cache
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Host
X-WebKit-CSP
Cf-Railgun
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Request-Id
X-Node
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-Litespeed-Cache
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Url
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Rack-Cache
X-Times
X-Vname
X-PC
X-TtlSet
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
X-FTR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
AR-Request-ID
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
X-ESI
X-Element-Page-Cache
X-D2id
X-Ac
X-GitHub-Request-Id
Edge-Control
X-Cdn-Fetch
Verso
X-CST
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Exp-Id
X-MS-InvokeApp
AR-CACHE
X-Vcap-Request-Id
X-Ser
X-Abt-Application-Version
X-ECACHE
X-Upstream
X-Dw-Request-Base-Id
X-Navigation-Version
X-FastCGI-Cache
X-Webkit-Csp
Fastly-Restarts
SPIisLatency
SPRequestDuration
X-B3-TraceId
X-Mod-Pagespeed
X-Amz-Rid
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-ARC
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Oneagent-Js-Injection
X-Powered-CMS
X-Ratelimit-Limit
S
X-Mg-S
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
X-Ratelimit-Remaining
X-TTL
X-NF-Request-ID
RTSS
Realpath
X-Forwarded-For
X-T
X-Cache-Key
Cross-Origin-Resource-Policy
X-Content-Digest
X-Fastly-Request-ID
X-Ruxit-Js-Agent
X-Recruiting
X-Cached
Fastcgi-Cache
X-MSEdge-Ref
X-TraceId
X-ORACLE-DMS-RID
X-Correlation-Id
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-PressLabs-Stats
X-Request-Processing-Time
X-Request-Received
X-Varnish-TTL
X-Ua-Browser
X-HS-Hub-Id
X-Forwarded-Proto
X-HS-Content-Id
TP-Cache
Payment
Arr-Disable-Session-Affinity
X-Frontend
X-HS-Cache-Config
X-Protected-By
Server-Node
X-LLID
Public-Key-Pins
Count-Hit
MS-Author-Via
Content-MD5
X-Server-ID
X-HS-Combine-CSS
X-Accel-Expires
X-GUploader-UploadID
X-Newrelic-App-Data
X-LB-Cache
X-RateLimit-Remaining
X-Origin-Server
X-Distributor
X-NODE
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Ezoic-Cdn
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
Surrogate-Key
X-Microsite
X-Request-Handler-Origin-Region
X-ORACLE-DMS-ECID
X-Content-Security-Policy-Report-Only
X-Www-Served-By
X-FTR-Expires
X-App-Server
X-Az
X-AppVersion
X-Varnish-Server
X-Activity-Id
Host
X-Ua-Device
Accept-Charset
MRF-Tech
X-Cluster-Name
X-Amz-Meta-S3cmd-Attrs
Cleartype
Cache-Tags
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Varnish-Backend
Retry-After
X-Webkit-CSP
X-Goog-Metageneration
Filterid
X-Unique-Id
Server-Name
X-Hits
X-Debug
Access-Control-Allow-Method
X-Git-Hash
X-Logged-In
X-Load-Cache
X-Azure-Ref
X-Id
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Ttl
X-Upgrade-Enabled
X-CSRF-Token
X-Geo-Country
X-FB-Debug
X-Hostname
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proxy
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-B
X-Varnish-Ttl
X-TT
TP-L2-Cache
X-Request-Guid
X-Cache-Control
Viewport
DC
X-Grace
Section-Io-Cache
X-Trace-Id
X-Type
Healthy
X-Seen-By
X-Contextid
X-Revision
X-B3-Sampled
X-Fb-Rlafr
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Time
X-Hcs-Proxy-Type
X-F-Cache
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Fastly-SWR
Fastly-SIE
X-Mobile
X-N
X-Aspnetmvc-Version
Content-Disposition
Paypal-Debug-Id
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Ratelimit-Reset
Referer-Policy
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Nf-Request-Id
X-Varnish-Grace
X-XRDS-LOCATION
X-Magnolia-Registration
X-DIS-Request-ID
X-Origin-Cache
X-Amz-Replication-Status
X-Debug-Info
X-Via-JSL
X-Page-Id
X-Px
X-Oracle-Dms-Ecid
Version
X-Wormhole-Sdk
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-ProcessESI
X-Rid
X-G
X-UUID
Amp-Access-Control-Allow-Source-Origin
X-RemovedCookies
X-Whom
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Debug-IsConnected
X-Node-Name
X-Content-Options
X-Adobe-Content
X-Adobe-Loc
X-Tumblr-User
X-Debug-IsPreview
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Datadog-Sampled
X-Hl-Ver
X-RTag
X-Rule
MS-CV
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Source
X-Yottaa-Metrics
Ms-Operation-Id
X-NYM-Debug-Backend
X-B-Cache
X-App-Environment
X-Region
X-Device-Type
X-Storage
X-Signature
X-Proxy-Cache-Info
Cross-Origin-Window-Policy
X-Cacheable-TTL
X-Backend-Name
X-Rendered-As
X-Instance
Country
NGB
X-Environment-Context
X-Is-Bot
X-ServerID
X-L-Path
X-Ismobilevalue
X-Wix-Request-Id
X-User-Agent
X-Template
X-FW-Serve
X-Cache-Age
X-NWS-UUID-VERIFY
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Type
X-Status
Charset
X-FW-Version
GEO-INFO
Countrycode
SRV
X-IPS-LoggedIn
Front
X-RM-Cache-TTL
X-Real-IP
Akamai-GRN
X-EdgeConnect-Cache-Status
X-Cache-Grace
ServerID
X-WP-CF-Super-Cache-Active
X-Framework
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-AB
X-Cache-Hit
X-Oracle-Dms-Rid
X-Xrds-Location
X-WebKit-CSP-Report-Only
X-Air-Pt
X-Language
X-Content-Powered-By
X-Akamai-Request-ID2
X-Api-Version
X-B3-SpanId
X-Sucuri-ID
X-Sucuri-Cache
X-Servername
OT-Force-Account-Verify
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-VC
X-DataDome
From-Origin
X-UA
Xet-Cookie
X-Mode
X-VC-Cache
Accept-Language
X-URL
X-Aws-Lambda-Call-Status
Backend
X-Tt-Logid
Refresh
LB
X-ECache
Access-Control-Request-Headers
X-Cache-Status-Check
Upgrade-Insecure-Requests
X-Handled-By
Webserver
X-Nginx-Cache
X-HTML-Minification-Powered-By
X-Cache-Time
X-Fastly-Request-Id
X-RCS-CacheZone
X-UPSTREAM-Address
X-Rewrite-Enabled
Meta-Geo
Cache
X-Rn-Rsrv
Filters
X-SRV
X-JoinUs
X-SaId
X-S
Property-Id
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Generated-By
X-Xfnlog-Site
TWC-Connection-Speed
TWC-Device-Class
ServedBy
X-RateLimit-Limit
Webcakes-Region
X-Origin-Date
X-Request-URI
X-Origin-Hint
X-Webstats-RespID
X-Tumblr-Pixel-2
X-Cms-Context
X-Adobe-Source
X-Container-Uri
X-Varnish-Age
X-R9-Blue-Green-Version
X-Git-Commit
X-Reqid
X-Mg-Request-UUID
X-Browser-Name
X-BYPASS-REASON
X-Cache-Debug
X-Akamai-Edgescape
X-Lambda-Id
X-Is-Desktop
Url
X-Locale
X-Labrador-Cache-Channel
X-Cluster
X-Is-Mobile
X-PHP-Host
X-ProxyCache-Key
X-Is-Supported-Browser
X-Is-Tablet
X-No-Session
X-Fetched-On
X-ProxyCache-Status
X-Skip-Cache
X-Httpd
X-Hosted-By
X-Tcp-Rtt
X-Geo-Region
X-Forwarded-Host
X-Web-Node
X-Site-Version
X-Served-From
X-Varnish-Cache-Hits
Section-Io-Id
X-VCT
X-Logging-Id
X-Optimistic-Header
X-Origin
X-Upstream-Ct
X-Loop
Selected-Fe
X-Upstream-Ht
X-Cache-Rule
Apigw-Requestid
X-Restarts
X-Format
X-Detected-As
X-Director
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-IPLB-Request-ID
Mn-Server-Ip
Web-Mar-Node
X-Accel-Version
X-IPLB-Instance
X-Tncms
X-Varnish-Beresp-Grace
X-SayCDN-TTL
X-Soup
X-Proxy-Build
X-Scope-Id
X-Cache-Operation
X-Tb
X-Say-TTL
X-Timing-Wait
Atl-Traceid
X-Say-Cacheable
X-Redis-Cache
X-Frame-Option
X-Routing-Service
X-Cloudmap
X-RID
X-Edge-Location
X-Endurance-Cache-Level
Xserver
X-Zipkin-Id
X-Proxied
X-AWS-Id
Onion-Location
X-LJ-Flow-ID
X-Ms-Request-Id
X-VWS-Id
X-Cache-Host
X-Provided-By
X-Extlb
X-Ms-Version
X-Sorting-Hat-ShopId
X-Connection-Hash
X-ShopId
X-Vcl-Version
X-ShardId
X-Sorting-Hat-PodId
X-INCAP-ABP
Expiry
X-GeoCode
Frame-Options
X-Azure-Ref-OriginShield
X-GeoCountry
X-Cache-Expired-At
Cdn-Requestid
X-Vcache
Priority
X-WP-CF-Super-Cache-Cookies-Bypass
X-CDN-Forward
Source
Protected
WPO-Cache-Status
WPO-Cache-Message
X-Lagoon
X-Generation-Time
X-Shield-Cache-Expires
X-CMSURLCustom
Environment
TDXMobile
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-B3-Traceid
X-Cache-Action
X-Proxy-Cache-Status
X-PHP-Backend
Fastcgi-Useragent
X-Origin-CC
X-Origin-TTL
X-Drupal-Cache-Tags
Uber-Trace-Id
X-Pass-Why
X-Cdn-Origin
CF-IPCountry
X-Drupal-Cache-Contexts
X-Worker
X-Rocket-Nginx-Serving-Static
Sid
X-GEO
X-ID
X-App-Version
X-Cluster-Node
X-Urbn-Site-Id
Locale
X-Urbn-Context-Path
X-Vercel-Cache
X-Vercel-Id
Azure-InstanceId
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
Node
Cache-Hits
X-XRDS-Location
Cache-Tv-Group
X-FB-TRIP-ID
CDN-RequestPullSuccess
CDN-Uid
X-Auth-Group-Type
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
CDN-EdgeStorageId
Cross-Origin-Embedder-Policy
CDN-PullZone
X-Fastcgi-Cache
X-TA-CDN-Provider
X-Buckets
X-Tumblr-Pixel-3
X-Server-W
X-Pad
X-Cache-Server
X-Client-Ip
DB-Nickname
Alternate-Protocol
X-Tx-Id
X-A
X-Ec-GeoHdr
X-Org
T-Server
X-ND-Cache
X-Req
X-Origin-Expires
X-V-Cache
Odigeo-Trace-Id
DCR-Decision-By
Origin-Agent-Cluster
X-Generated-On
X-TIM-N
X-GeoIP-City
Lang
X-Service
MD5-Digest
A
X-Fastly-Backend
X-LSADC-Cache
Meta-Geo-Continent
Ngx.Var.Host
X-ScT
Candidate-Md5Url
X-SRCache-Key
X-Op-Id-All
Sslversion
Surrogated-Key
X-Edge-Server
X-Epic-Correlation-Id
X-Rojux
Magicmarker
Rendered-Blocks
AMP-Access-Control-Allow-Source-Origin
Gannett-Cam-Experience-Id
X-D
X-Custom-Header
X-Core-Value
X-DefElseHash
X-DefHash
X-Dispatcher-Server
X-Ec-Fail
X-Aed
X-Ig-Origin-Region
X-Bc-Bl
X-Level-Front-Cache
DCR-Processing-Time-Ms
X-Cache-TTL-Remaining
Content-Secure-Policy
X-Conf
X-BCube-Filmed-By
X-Bl-Debug
X-Ig-Push-State
X-A-Wwc
X-Developer
X-Vdms-Version
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-A-Dgt
X-Cache-NE
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Cdn-Host
Cdn-Request-Time
X-Viewer-Country
X-Via-Fastly
X-A-Dcw
X-A-Dam
X-Vtex-Remote-Cache
X-A-Ccd
X-LiteSpeed-Cache-Control
User-Cache-Control
X-Dc
Edge-Cache
Is-Eu
X-Jobs
Host-ID
X-HS-Content-Campaign-Id
X-Gzip
Esi-Enabled
X-Hnp-Log
NM-Fastcgi-Cache
X-GoCache-CacheStatus
Tube-Got-Results
X-Aicache-OS
X-AK-Request-ID
X-Amz-Storage-Class
X-Acquia-Purge-Cdn-Unconfigured
X-DPWN-IS-SECURE
Tube-Return
Vix-Hermes-Req-Id
X-App-Name
X-Content-Age
X-CacheTTL
X-Cache-FS-Status
X-Cache-Id
X-Cdn-Srv
X-Clientip
X-Bip
X-Block-Status
Tube-Got-Eval
Tube-Get-Contents
X-Gen-Mode
Producers
X-Gdpr
Powered-By
Platform
Origin
X-Geo-Header
X-Forwarded-Site
Req-ID
Server-Host
X-Esi-Check
Ssr
RNT-Time
RNT-Machine
X-FC-Vary-Parameters
X-Fastly-Cache
X-GeoIP
X-Platform
X-Varnish-Hostname
X-Proto
X-Pubstack
X-Region-Sid
X-VG-TLSProxy
X-PAYTM-SRV-ID
X-SVT-ORM-RULES
X-Origin-Response-Time
X-Origin-Time
X-UA-Device-Type
X-Request-Time
X-Loc
X-Test
X-Sn-Servicetimems
X-SVT-ORM-VERSION
X-Server-IP
X-SD-PageType
X-Thanos
X-SB
X-Scheme
Fastly-SSL
X-Nyt-Route
HostName
Click-Count-Error
Click-Count-Action-Start
X-Mly-Id
X-VarnishDD-TTL
X-Men
XM
Country-Code
Content-Style-Type
Content-Script-Type
X-NodeID
Cdnsip
AKAMAI
Adler-Geo
X-NMSegId
X-Node-Id
PFcat
X-HN
Cdncip
X-DC
X-Tec-Api-Root
X-Tec-Api-Version
X-HITS
X-Tec-Api-Origin
Mime-Version
X-Varnish-Beresp-Ttl
X-GeoIP-Region-Code
L
L5d-Success-Class
X-CUA
X-Nginx-Cache-Key
HA-Ipaddr
X-Debug-Cache-Store
X-Depends
CDCHOST
X-GeoIP-Country-Code
Ha-Gx-Prefs
True-Client-Country-4JS
X-Contensis-Viewer-Groups
X-Human
X-Section
X-Micro-Cache
X-Location
Server-Info
X-Hash
X-Mvc-Supplant-Cachable
X-Access
W
X-CGP
X-Csrf-Jwt
X-Eu-Site
Cache-Provider
Apple-News-Services-Parsed-Url
X-Powered-By-VTEX-Cache
X-RateLimit-Limit-Second
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Varnish-Director
X-RateLimit-Remaining-Second
X-Request-Host
X-Slack-Shared-Secret-Outcome
X-Tb-Optimization-Total-Bytes-Saved
X-Slack-Backend
X-Fmm-Version
X-Request-Start
X-Ec-Custom-Error
X-Pool
X-Wikidot-Static-Cache
X-Wikidot-Backend
Yak-Timeinfo
Apple-News-Services-Handled
Apple-News-Services-Host
X-We-Are-Hiring
X-VTEX-Cache-Time
X-Varnishpool
X-Policy
X-VG-WebCache
X-VTEX-Cache-Server
Apple-News-Services-Request-Url
X-Debug-Cache-Fetch
V-Age
Sever-Int
Fastly-Backend-Name
X-Cache-Info
Cluster
Origin-CC
Server-Hostname
Gh-Request-Id
Pramga
Origin-EX
NGX
Release
Server-Ext
Req-Svc-Chain
Canary
DSUID
C-Via
X-Cs
X-B3-Trace-ID
X-Backend-Instance
X-BBC-Edge-Cache-Status
X-Auto-Login
X-Cache-Aspx
X-Cache-Bucket
X-NGINX-Cache
X-AIR-PT
Fusion-Source
Fusion-Template-Id
On-Server
Fusion-Deployment-Id
Machine
Mail-Subject
Fastly-GeoIP-CountryCode
Fusion-Component-Id
X-Mvc-Supplant-OutputCached
X-Proxied-Request
Fusion-Content-Source
Cache-Key
X-RateLimit-Reset
X-Var-Ttl
Fusion-Content-Id
Proxy-Firewall
We-Hiring
Web-Mar-Region
X-Accel-Expires-Debug
X-Ad-Load-Variation
X-WA-Info
X-Date
BehaviorPad-Version
X-Varnish-Hits
X-Device-Os
Debug
X-LB-ID
Redirect-Candidate
X-APP
Fastly-Drupal-HTML
Pics-Label
X-MP-GENERATED-AT
X-NCache
X-Up
X-HA-Backend
X-Via-Poph
X-From
X-Via-Popv
X-Via-Popn
X-Zone
X-Akamai-Transformed
CloudFront-Viewer-Country
X-Content-Length
GeoIP-Latitude
X-Newrelic-Synthetics
X-Jungle-Id
X-VHOST
X-LiteSpeed-Tag
SID
X-Parent-Response-Time
X-CACHE-AGE
CDN-RequestId
X-Vdms-Path
X-Refresh
X-B3-Parentspanid
X-Cache-Backend
X-Servedbyhost
X-Origin-Cache-Key
X-Nc
X-Nananana
X-LB-NoCache
Vc-Max-Age
WP-Super-Cache
X-ZONE
X-CACHE-KEY
X-Dispatcher-Number
Resin-Trace
X-Datadome
X-Uri
Fastly-Drupal-Html
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
X-Litespeed-Tag
Datacenter
X-Cached-By
X-Wa
X-M-Reqid
X-RequestId
X-PERF
X-ApacheServer
X-VC-TTL
Product
X-B3-Spanid
Server-ID
X-Render-Time
X-M-Log
Cdn
NtCoent-Length
X-CS
GeoIp-Country-Code
X-Amz-Meta-Cb-Modifiedtime
X-Ckpd-Fst-Backend
FSS-Cache
X-Fpc
X-Bug-Bounty
Locid
S-Rt
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-VCache
ServerName
Serverhost
X-Esi
Uri
True-Client-Ip
X-Srv
X-TX-ID
X-HubSpot-Correlation-Id
X-HostName
X-SERVER-NAME
True-Client-IP
X-Nf-Ats-Version
X-Nf-Country
X-Nf-Language
X-TT-LOGID
GeoIP-Country-Code
X-Original-Request-Id
X-Response-Served-From
X-CLOUD-TRACE-CONTEXT
Tcn
X-Old-Content-Length
X-TIME
X-Dynatrace-Js-Agent
Srv
Ngx-Var-Key
X-Akamai-Device-Characteristics
X-Vmg-Version
X-FPC
User-Agent
CDN
X-NewRelic-App-Data
X-Cdn-Forward
Request-ID
X-Cdn-Cache-Status
CacheControlHeader
X-Gamma-Serve
X-Vc
ServerHost
X-Vgn-Hpd-Reason
X-WA
Cf-Ipcountry
X-TH-Server
X-Hit
Server-Id
X-Moov-T
X-Moov-Xdn-Version
Xc-Version
X-Info
X-APP-VERSION
X-COUNTRY
Hostname
X-Webkit-Csp-Report-Only
X-Dispatch
X-Platform-Cluster
X-FL-QIT-DEBUG
X-Platform-Processor
X-NC
Srvid
X-Platform-Router
Expect-Staple
X-Presslabs-Stats
X-Correlation-ID
X-Amz-Meta-Opti
Geoip-Latitude
X-Geo
X-Lb-Nocache
Cf-Device-Type
X-V
X-Limited
X-S-Cookie
Cneonction
X-Application
X-External-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
X-User
X-B-Cookie
X-Destination
X-ServedByHost
Cloudfront-Viewer-Country
X-Oracle-DMS-ECID
X-VCL-Version
Origin-Trial
X-New
X-App
X-Platform-Server
X-Eligible
X-Rollout
N-Cache
X-Via-PopN
X-Via-PopH
X-Zen-Fury
X-Ha-Backend
WZWS-RAY
X-Via-PopV
Permission-Policy
PICS-Label
X-Sigma
X-Ua
X-Rocket-Build-Number
Ohc-File-Size
X-Cache-Date
X-MSEdge-Features
X-Sigma-Backend
X-MSEdge-Flight
X-Instance-Name
Epwk-X-Cache
X-Akamai-Pragma-Client-IP
Rtss
X-Lb-Id
X-Sqd-Ctime
X-Check-Cacheable
X-Serial
X-Sqd-Stime
X-Branch-Name
X-Web-Server
X-Ftr-Request-Id
X-Proxy-CacheRZ
X-Internal-TTL
X-VServer
X-Segment-20210421
XkeyRZ
X-ElasticPress-Query
X-API-Version
X-MiniProfiler-Ids
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Lb
X-Via-CDN
X-Via-SSL
X-SIPLIST1
X-Via-Edge
Cl-Cache
Edge-Copy-Time
IsBot
X-EC-Lua
Timeexpire
X-Service-Response-Time
Cmstype
Cmsid
X-Acquia-Application-UUID
X-Acquia-Site
X-Datacenter
Sm-Log-Id
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
CountryCode
Servername
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-CDN-Origin
X-LAGOON
Fl-Custom-Application
Warning
X-Ramcache
X-RAMCache
X-Traceid
X-Th-Server
X-Path
X-Snapshot-Date
X-VTEX-Cache-Backend-Header-Time
Ngx
X-Udemy-Cache-App-Namespace
Ohc-Cache-HIT
X-IN-APIGATEWAYSSL
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shardid
X-Shopid
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Origin-Upstream-Status
X-Fastly-Backend-Reqs
Wpo-Cache-Message
Wpo-Cache-Status
X-VTEX-Cache-Backend-Connect-Time