Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-DNS-Prefetch-Control
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-Request-ID
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-Robots-Tag
Permissions-Policy
X-Server
X-Hacker
X-AH-Environment
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Allow
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
P3p
X-Page-Speed
X-OneAgent-JS-Injection
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
Cf-Railgun
EagleEye-TraceId
X-Backend-Server
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Litespeed-Cache
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-Country
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Clacks-Overhead
Cache-Tag
X-CST
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Daa-Tunnel
Nginx-Cache
Cross-Origin-Opener-Policy
X-Server-Name
X-Mcache
X-Edge
X-Midtier
X-Webkit-Csp
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-GitHub-Request-Id
Edge-Control
X-Element-Page-Cache
X-Ac
Verso
X-Cdn-Fetch
X-Exp-Id
X-MS-InvokeApp
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Oneagent-Js-Injection
X-D2id
X-Upstream
X-ECACHE
X-Cache-TTL
X-Vcap-Request-Id
X-Abt-Application-Version
X-Ser
AR-CACHE
X-FastCGI-Cache
X-Navigation-Version
X-B3-TraceId
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-NF-Request-ID
Fastly-Restarts
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Client-IP
X-Edge-Location-Klb
X-Kinsta-Cache
X-Mg-S
Edge-Cache-Tag
Pagespeed
X-Middleton-Display
Display
X-Sol
S
X-Powered-CMS
X-Goog-Hash
X-ARC
Cache-Status
Access-Control-Request-Method
X-Amzn-Trace-Id
X-Version
X-Middleton-Response
Response
X-VARITI-CCR
X-Ratelimit-Limit
X-Cache-Key
X-Ruxit-Js-Agent
X-PDP-UNCACHING-HASH
RTSS
X-Content-Digest
X-TraceId
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-T
Realpath
X-Forwarded-For
X-Aws-Lambda-Call-Status
X-Recruiting
X-Correlation-Id
X-Ratelimit-Remaining
X-RateLimit-Remaining
X-TTL
X-Cached
Fastcgi-Cache
Front-End-Https
X-MSEdge-Ref
X-ORACLE-DMS-RID
MS-Author-Via
X-Shield-Request-Id
Content-MD5
X-Protected-By
X-Ua-Browser
X-Forwarded-Proto
X-HS-Cache-Config
X-HS-Content-Id
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-HS-Hub-Id
X-Request-Received
X-Request-Processing-Time
Server-Node
Payment
TP-Cache
Public-Key-Pins
MicrosoftSharePointTeamServices
X-LLID
X-Frontend
X-Varnish-TTL
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Combine-CSS
X-FTR-Expires
X-Distributor
X-Accel-Expires
X-Kong-Upstream-Latency
Count-Hit
X-Kong-Proxy-Latency
X-PressLabs-Stats
X-GUploader-UploadID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Origin-Server
X-TEC-API-ROOT
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Server-ID
X-LB-Cache
X-NODE
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Az
X-AppVersion
X-Activity-Id
X-Ttl
Accept-Ch
X-Varnish-Server
X-Content-Security-Policy-Report-Only
X-Cluster-Name
Host
X-App-Server
X-B3-TraceId-Primal
X-Www-Served-By
MRF-Tech
Mrf-Cache-Status
Cache-Tags
Retry-After
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
Accept-Charset
Server-Name
X-ORACLE-DMS-ECID
X-Ua-Device
Cleartype
X-Newrelic-App-Data
X-Goog-Metageneration
X-Hits
X-Envoy-Decorator-Operation
X-Hostname
Filterid
X-ASPNET-VERSION
X-Unique-Id
X-Git-Hash
X-Upgrade-Enabled
X-CSRF-Token
Referer-Policy
Access-Control-Allow-Method
X-NGENIX-Cache
X-Azure-Ref
X-Geo-Country
X-Varnish-Ttl
X-Load-Cache
TP-L2-Cache
X-Seen-By
TCN
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Debug
X-Logged-In
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Proxy
X-DIS-Request-ID
X-F-Cache
X-FB-Debug
X-Grace
X-B
Section-Io-Cache
X-Request-Guid
X-Amz-Apigw-Id
X-Revision
X-Trace-Id
X-Amzn-RequestId
DC
X-Cache-Control
X-B3-Sampled
Healthy
X-Contextid
X-Type
X-TT
X-Time
X-Fb-Rlafr
X-Id
Viewport
Paypal-Debug-Id
X-Mobile
X-N
X-Debug-Info
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Page-Id
Surrogate-Key
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Px
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Fastly-SWR
Fastly-SIE
X-XRDS-LOCATION
Content-Disposition
X-Whom
X-Oracle-Dms-Ecid
X-Via-JSL
X-Origin-Cache
Version
X-Varnish-Grace
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Content-Options
X-Origin-Cache-Key
Charset
X-Webkit-CSP
X-Magnolia-Registration
X-Wix-Request-Id
X-Cache-Grace
X-Amz-Replication-Status
X-App-Environment
X-Template
X-RemovedCookies
X-ProcessESI
X-Node-Name
X-Signature
X-B-Cache
MS-CV
X-Rule
X-Tumblr-User
X-Tumblr-Pixel
Ms-Operation-Id
X-Tumblr-Pixel-0
X-RTag
X-Tumblr-Pixel-1
VIX-Pulpo-Upstream-Status
X-Debug-IsConnected
SD-X-WS
SRV
X-G
X-Yottaa-Optimizations
VIX-Pulpo-Node
X-Datadog-Sampled
X-Yottaa-Metrics
X-Debug-IsPreview
X-EdgeConnect-Cache-Status
X-FW-Version
X-FW-Static
X-FW-Serve
ServerID
X-FW-Hash
X-FW-Dynamic
X-Backend-Name
X-Hl-Ver
X-FW-Server
X-Adobe-Content
X-UUID
X-Adobe-Loc
X-Storage
X-FW-Type
X-Instance
X-Cache-Age
X-Proxy-Cache-Info
X-NYM-Debug-Backend
GEO-INFO
X-Device-Type
X-Rendered-As
X-Cacheable-TTL
X-Region
X-Rid
NGB
X-User-Agent
X-Is-Bot
X-Environment-Context
X-Cache-Hit
X-Status
X-Real-IP
X-Source
Country
X-L-Path
X-B3-SpanId
Countrycode
X-Language
X-IPS-LoggedIn
X-ServerID
X-NWS-UUID-VERIFY
Liferay-Portal
X-Xrds-Location
X-Amzn-Remapped-Content-Length
Cross-Origin-Window-Policy
X-URL
X-Oracle-Dms-Rid
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-RateLimit-Limit
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-ID
X-Sucuri-Cache
X-RM-Cache-TTL
OT-Force-Account-Verify
Front
X-Wormhole-Sdk
X-UA
X-Framework
X-Air-Pt
X-Servername
From-Origin
X-VC-Cache
X-AB
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
X-Ratelimit-Reset
X-Content-Powered-By
X-Mode
Upgrade-Insecure-Requests
Backend
Xet-Cookie
X-Akamai-Request-ID2
X-WebKit-CSP-Report-Only
X-VC
Refresh
X-INCAP-ABP
X-Cache-Time
X-RateLimit-Reset
X-Handled-By
X-Nginx-Cache
X-Edge-Location
X-DataDome
X-Endurance-Cache-Level
Accept-Language
X-SRV
X-JoinUs
X-SaId
X-Xfnlog-Site
X-RCS-CacheZone
Filters
X-UPSTREAM-Address
X-RID
Meta-Geo
X-Rewrite-Enabled
X-Rn-Rsrv
X-AWS-Id
X-Origin-Date
X-Cluster
X-Container-Uri
X-No-Session
TWC-Device-Class
X-Cache-Rule
Cache
X-Reqid
X-Cache-Operation
X-Provided-By
X-Origin-Hint
X-PHP-Host
Frame-Options
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Git-Commit
X-Webstats-RespID
TWC-Connection-Speed
ServedBy
TWC-Locale-Group
X-VWS-Id
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-LJ-Flow-ID
X-Labrador-Cache-Channel
TWC-Privacy
X-Tumblr-Pixel-2
Property-Id
LB
X-HTML-Minification-Powered-By
X-Redis-Cache
Webserver
Section-Io-Id
X-IPLB-Instance
X-Web-Node
X-R9-Blue-Green-Version
Mn-Server-Ip
WPO-Cache-Message
Url
Web-Mar-Node
X-Restarts
WPO-Cache-Status
X-Tb
Atl-Traceid
X-Fetched-On
X-Served-From
X-Cache-Debug
X-Scope-Id
X-Locale
X-Logging-Id
X-Hosted-By
X-Generated-By
X-Akamai-Edgescape
X-Proxied
X-Routing-Service
X-Varnish-Age
X-Cloudmap
X-IPLB-Request-ID
X-Zipkin-Id
X-Extlb
X-Site-Version
X-Adobe-Source
X-Cms-Context
X-Fastly-Request-Id
X-Lambda-Id
X-Ms-Version
X-Cache-Status-Check
X-Httpd
X-Origin
X-Proxy-Build
X-ProxyCache-Status
X-ProxyCache-Key
X-Ms-Request-Id
X-Say-Cacheable
X-Accel-Version
Apigw-Requestid
Selected-Fe
X-Forwarded-Host
X-Loop
X-Skip-Cache
X-BYPASS-REASON
X-Vcache
X-VCT
X-Timing-Wait
X-Soup
X-Upstream-Ct
X-Upstream-Ht
X-CDN-Forward
X-Varnish-Cache-Hits
X-Tncms
X-SayCDN-TTL
X-Director
X-Azure-Ref-OriginShield
X-Format
X-Frame-Option
X-Say-TTL
X-Geo-Region
X-Is-Tablet
X-Is-Desktop
X-Is-Mobile
X-GeoCountry
X-GeoCode
X-Alternate-Cache-Key
X-Browser-Name
Xserver
X-Detected-As
Cache-Hits
X-Storefront-Renderer-Rendered
X-Is-Supported-Browser
X-Varnish-Beresp-Grace
X-Shopify-Stage
Access-Control-Request-Headers
X-S
X-Cache-Host
X-Tcp-Rtt
X-Drupal-Cache-Tags
X-Origin-CC
X-Origin-TTL
X-ShopId
X-Drupal-Cache-Contexts
X-CMSURLCustom
X-Thinkindot-L3
X-Sorting-Hat-PodId
X-Optimistic-Header
X-Generation-Time
X-Sorting-Hat-ShopId
X-Shield-Cache-Expires
X-ShardId
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
X-Request-URI
X-Lagoon
Source
X-Ismobilevalue
X-Cdn-Origin
Fastcgi-Useragent
X-WP-CF-Super-Cache-Cookies-Bypass
Onion-Location
X-TA-CDN-Provider
X-Buckets
Protected
X-Worker
X-Vercel-Cache
X-Api-Version
X-ID
X-Vercel-Id
X-Connection-Hash
Expiry
X-Pass-Why
X-Vcl-Version
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-Rocket-Nginx-Serving-Static
Azure-Version
Azure-SlotName
X-B3-Traceid
Cdn-Requestid
X-Fastcgi-Cache
Node
X-Tt-Logid
X-Cache-Expired-At
X-App-Version
CDN-CachedAt
X-GEO
CDN-EdgeStorageId
CDN-Cache
CDN-Uid
CDN-PullZone
X-PHP-Backend
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
Cross-Origin-Embedder-Policy
X-Mg-Request-UUID
X-Tumblr-Pixel-3
X-ECache
Environment
Priority
Uber-Trace-Id
X-Proxy-Cache-Status
X-Cache-Action
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-Server-W
X-Cache-Server
X-Cluster-Node
Sid
DB-Nickname
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-XRDS-Location
Alternate-Protocol
CF-IPCountry
Cache-Tv-Group
X-FB-TRIP-ID
User-Cache-Control
X-Tx-Id
X-Jobs
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
X-DC
X-Auth-Group-Type
HostName
X-LSADC-Cache
X-Content-Age
Origin
X-Custom-Header
Gannett-Cam-Experience-Id
X-Conf
Ngx.Var.Host
X-Cache-NE
Edge-Cache
X-D
Odigeo-Trace-Id
Magicmarker
X-Cache-Id
Meta-Geo-Continent
X-Dispatcher-Server
X-Developer
X-Ec-Fail
X-Ec-GeoHdr
MD5-Digest
X-Esi-Check
X-Epic-Correlation-Id
X-Device-Os
Sslversion
X-A-Dgt
X-A-Wwc
Wxu-Next-Commit
X-Aed
Candidate-Md5Url
X-A-Dcw
Wxu-Next-Region
X-A-Ccd
Wxu-Next-Hostname
X-A-Dam
A
T-Server
Content-Secure-Policy
Origin-Agent-Cluster
X-Block-Status
DCR-Decision-By
Rendered-Blocks
X-A
Surrogated-Key
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
DCR-Processing-Time-Ms
X-Generated-On
X-Vdms-Version
X-UA-Device-Type
X-NCache
X-SRCache-Key
X-Gzip
X-Op-Id-All
X-Ig-Origin-Region
X-Level-Front-Cache
X-TIM-N
X-Hnp-Log
X-GeoIP-City
X-ND-Cache
X-Gen-Mode
X-Origin-Expires
X-SB
X-Org
X-ScT
X-Rojux
X-V-Cache
X-Vtex-Remote-Cache
Lang
X-Ig-Push-State
X-Client-Ip
X-Origin-Response-Time
X-MP-GENERATED-AT
X-Nf-Request-Id
X-SD-PageType
X-Scheme
X-SVT-ORM-RULES
X-Varnish-Director
V-Age
X-Thanos
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
Vix-Hermes-Req-Id
X-Test
X-VarnishDD-TTL
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Viewer-Country
X-Via-Fastly
NM-Fastcgi-Cache
X-Wikidot-Backend
X-Fastly-Backend
XM
X-Wikidot-Static-Cache
X-VG-WebCache
Origin-CC
Server-Ext
Server-Hostname
Sever-Int
X-Varnish-Hostname
Req-ID
X-AK-Request-ID
Origin-EX
PFcat
Powered-By
Ssr
X-RateLimit-Limit-Second
X-HS-Content-Campaign-Id
X-HN
X-GoCache-CacheStatus
X-Clientip
X-Cdn-Srv
X-Mvc-Supplant-Cachable
X-Cache-TTL-Remaining
X-Loc
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Fmm-Version
X-Gdpr
X-Forwarded-Site
X-FC-Vary-Parameters
X-Fastly-Cache
X-Edge-Server
X-GeoIP
X-Geo-Header
X-Cache-Info
X-Nginx-Cache-Key
X-RateLimit-Remaining-Second
X-Pubstack
X-Proto
X-Region-Sid
X-Req
X-App-Name
X-Auto-Login
X-Request-Time
X-Powered-By-VTEX-Cache
X-Policy
X-Node-Id
X-Cache-Bucket
X-NMSegId
X-Nyt-Route
X-Origin-Time
X-Platform
X-Bip
X-PAYTM-SRV-ID
X-Amz-Storage-Class
X-Backend-Instance
Cdn-Request-Time
Cdn-Host
Fastly-Backend-Name
Cdncip
Country-Code
Content-Script-Type
Cdnsip
Content-Style-Type
Fastly-SSL
X-Service
CDCHOST
C-Via
Cache-Provider
AKAMAI
X-Varnish-Beresp-Ttl
X-Ad-Load-Variation
X-CUA
X-Acquia-Purge-Cdn-Unconfigured
X-Debug-Cache-Fetch
X-Eu-Site
X-From
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Access
X-Csrf-Jwt
X-Aicache-OS
X-Cache-Aspx
X-BBC-Edge-Cache-Status
Adler-Geo
X-Cache-Backend
X-Human
X-Core-Value
X-Contensis-Viewer-Groups
X-CGP
X-B3-Trace-ID
X-Mly-Id
Yak-Timeinfo
X-CacheTTL
X-We-Are-Hiring
X-WA-Info
X-Varnishpool
X-VG-TLSProxy
X-Men
X-Server-IP
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-DefHash
X-Sn-Servicetimems
X-DefElseHash
X-Pad
X-Varnish-Beresp-Status
X-NodeID
CDN-RequestId
X-Mvc-Supplant-OutputCached
Apple-News-Services-Handled
X-Location
X-Micro-Cache
X-Pool
X-Proxied-Request
X-Var-Ttl
X-Varnish-Authentication
X-Section
X-LiteSpeed-Cache-Control
X-Request-Host
X-Request-Start
X-Jungle-Id
X-Zone
True-Client-Country-4JS
DSUID
Apple-News-Services-Host
RNT-Machine
Esi-Enabled
Tube-Get-Contents
Machine
Mail-Subject
Tube-Got-Results
Tube-Got-Eval
On-Server
Click-Count-Action-Start
Platform
Release
Pramga
Producers
Cluster
RNT-Time
Req-Svc-Chain
Server-Host
Click-Count-Error
Tube-Return
Fastly-GeoIP-CountryCode
HA-Ipaddr
Ha-Gx-Prefs
Host-ID
Is-Eu
W
Gh-Request-Id
Web-Mar-Region
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Cache-Key
Canary
L
We-Hiring
L5d-Success-Class
X-HITS
Mime-Version
X-Tec-Api-Version
X-Vdms-Path
X-Hash
X-Depends
Proxy-Firewall
X-Date
X-Slack-Shared-Secret-Outcome
NGX
X-Tec-Api-Origin
X-Tec-Api-Root
X-Slack-Backend
X-Up
X-Dc
X-Accel-Expires-Debug
WP-Super-Cache
X-AIR-PT
X-Newrelic-Synthetics
X-Uri
Debug
X-NGINX-Cache
X-Ah-Environment
X-Cs
X-Varnish-Hits
SID
X-LB-ID
Redirect-Candidate
X-Refresh
X-PERF
X-Cache-FS-Status
Pics-Label
CloudFront-Viewer-Country
X-Original-Request-Id
X-Render-Time
X-Response-Served-From
X-CACHE-GROUP
X-ApacheServer
X-Akamai-Transformed
Fastly-Drupal-HTML
X-Via-Popv
X-Nananana
X-Via-Popn
X-HA-Backend
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Servedbyhost
X-Via-Poph
X-TT-LOGID
GeoIP-Latitude
X-VHOST
Server-Info
X-CACHE-AGE
BehaviorPad-Version
X-Datadome
X-VC-TTL
Locid
X-M-Log
X-LB-NoCache
X-Litespeed-Tag
X-M-Reqid
X-Parent-Response-Time
Datacenter
X-APP
X-B3-Parentspanid
X-CS
X-Amz-Meta-Cb-Modifiedtime
X-Cached-By
Fastly-Drupal-Html
Cdn
X-Wa
X-Nc
Server-ID
X-Content-Length
X-IAuth-Set-Uid
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
Cf-Ipcountry
GeoIp-Country-Code
Resin-Trace
X-Platform-Processor
X-Platform-Cluster
Ngx-Var-Key
X-LiteSpeed-Tag
X-NewRelic-App-Data
X-Old-Content-Length
X-Platform-Router
NtCoent-Length
X-COUNTRY
X-VCache
X-Vgn-Hpd-Reason
X-Moov-Xdn-Version
Uri
FSS-Cache
X-TH-Server
X-ZONE
X-Fpc
X-Moov-T
Vc-Max-Age
X-Varnish-Beresp-TTL
Serverhost
True-Client-IP
Cross-Origin-Embedder-Policy-Report-Only
X-TIME
True-Client-Ip
X-Dispatcher-Number
X-RequestId
X-Esi
CDN
X-SERVER-NAME
X-TX-ID
X-HostName
X-Srv
Product
X-Dynatrace-Js-Agent
X-S-Cookie
S-Rt
X-External-Request-Id
X-Destination
X-B-Cookie
X-Application
X-User
Cf-Device-Type
GeoIP-Country-Code
Tcn
X-Vc
X-Oracle-DMS-ECID
X-Cdn-Cache-Status
X-Ckpd-Fst-Backend
X-FPC
X-Zen-Fury
Srv
X-HOST
X-B3-Spanid
X-Presslabs-Stats
Request-ID
X-Nf-Country
X-API-Version
X-NC
X-Nf-Language
X-Sigma
X-Nf-Ats-Version
X-Rocket-Build-Number
X-Instance-Name
X-Bug-Bounty
X-Sigma-Backend
ServerName
X-WA
X-Dispatch
X-Webkit-Csp-Report-Only
X-Cache-Date
Hostname
X-Cdn-Forward
X-CACHE-KEY
CacheControlHeader
X-VServer
Server-Id
X-APP-VERSION
X-HubSpot-Correlation-Id
Geoip-Latitude
Srvid
X-FL-QIT-DEBUG
X-Segment-20210421
X-Branch-Name
Load-Balancing
X-DynaTrace
Ohc-File-Size
X-Lb-Nocache
X-Geo
DataCenter
Origin-Trial
X-ServedByHost
X-Via-PopH
X-Vmg-Version
X-Akamai-Device-Characteristics
X-DataCenter
User-Agent
X-Via-PopV
X-Ha-Backend
X-Via-PopN
X-VCL-Version
ServerHost
Epwk-X-Cache
Type
Cloudfront-Viewer-Country
X-Info
X-Gamma-Serve
X-Cache-Ttl
X-Flags
X-Route-Name
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Is-Crawler
PICS-Label
X-Irp-Debug
X-App
X-Limited
X-Correlation-ID
Xc-Version
X-Ua
Cross-Origin-Opener-Policy-Report-Only
X-Srcache-Fetch-Status
Rtss
X-Srcache-Store-Status
X-Page-View
X-Via-SSL
X-Lb-Id
Ohc-Cache-HIT
Edge-Copy-Time
Expect-Staple
X-Via-CDN
X-Owner
X-MiniProfiler-Ids
Cneonction
Cl-Cache
X-Via-Edge
X-Http-Reason
X-Sql-Duration-Ms
Lb
X-Sql-Count
X-Service-Response-Time
Sm-Log-Id
X-Core-Mission
X-Sqd-Stime
X-SIPLIST1
X-Sqd-Ctime
X-Acquia-Site
X-Acquia-Purge-Tags
Cmsid
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Cmstype
X-Qloud-Router
IsBot
Warning
Timeexpire
X-MSEdge-Flight
X-MSEdge-Features
X-Datacenter
X-Amz-Meta-Opti
X-Web-Server
X-CSRF-TOKEN
X-LAGOON
Servername
X-Litespeed-Cache-Control
CountryCode
X-Sorting-Hat-Shopid
X-Shardid
X-Origin-Upstream-Status
X-Shopid
X-Sorting-Hat-Podid
X-Proxy-CacheRZ
X-RAMCache
X-Check-Cacheable
X-Serial
X-Akamai-Pragma-Client-IP
X-Requestid
MIME-Version
XkeyRZ
X-Th-Server
X-Ramcache
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Snapshot-Date
Ngx
X-IN-APIGATEWAYSSL