Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-AH-Environment
P3p
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Allow
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
Cf-Railgun
X-Host
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
Rating
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Edge
X-Mcache
X-Midtier
X-Server-Name
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
AR-Request-ID
AR-SID
AR-PoweredBy
AR-ATIME
Accept-Ch
X-GitHub-Request-Id
X-D2id
X-Element-Page-Cache
Edge-Control
X-Ac
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Server
Verso
X-MS-InvokeApp
X-Webkit-Csp
X-Cache-TTL
X-Upstream
X-Vcap-Request-Id
X-Ser
X-ECACHE
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-B3-TraceId
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-NF-Request-ID
Fastly-Restarts
X-Amz-Rid
SPRequestGuid
X-SharePointHealthScore
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Client-IP
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ratelimit-Limit
X-Mg-S
X-Goog-Hash
Edge-Cache-Tag
Display
X-Sol
Pagespeed
X-Powered-CMS
S
X-Middleton-Display
X-ARC
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-PDP-UNCACHING-HASH
X-Ratelimit-Remaining
X-Cache-Key
RTSS
X-Content-Digest
X-TraceId
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Forwarded-For
Realpath
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
X-Server-ID
Fastcgi-Cache
X-TTL
X-Cached
X-MSEdge-Ref
Front-End-Https
X-NODE
X-Shield-Request-Id
MS-Author-Via
X-Protected-By
X-HS-Content-Id
X-Ua-Browser
X-HS-Hub-Id
Content-MD5
X-HS-Cache-Config
X-FTR-Balancer
X-FTR-Backend
Public-Key-Pins
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-Frontend
X-Forwarded-Proto
Payment
Server-Node
MicrosoftSharePointTeamServices
X-LLID
TP-Cache
X-Request-Processing-Time
X-Request-Received
Arr-Disable-Session-Affinity
X-PressLabs-Stats
X-Varnish-TTL
X-Aws-Lambda-Call-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Combine-CSS
X-FTR-Expires
X-RateLimit-Remaining
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-GUploader-UploadID
X-Distributor
Count-Hit
X-Accel-Expires
X-Origin-Server
X-LB-Cache
X-Jurisdiction
X-HP-Trace-Id
X-HP-Webp
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-Newrelic-App-Data
X-AppVersion
X-Az
Host
X-Cluster-Name
X-Varnish-Server
Cache-Tags
X-App-Server
X-Varnish-Backend
Accept-Charset
Pinterest-Generated-By
X-Content-Security-Policy-Report-Only
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Amz-Meta-S3cmd-Attrs
Pinterest-Version
X-Ttl
X-Www-Served-By
X-Pinterest-Rid
Retry-After
Cleartype
Server-Name
X-Ua-Device
X-Goog-Metageneration
X-Hits
Filterid
X-Unique-Id
X-Envoy-Decorator-Operation
X-Git-Hash
X-ASPNET-VERSION
X-Hostname
X-CSRF-Token
Access-Control-Allow-Method
X-Azure-Ref
X-Upgrade-Enabled
X-Geo-Country
X-Load-Cache
Referer-Policy
X-Varnish-Ttl
X-NGENIX-Cache
X-Debug
X-Logged-In
TP-L2-Cache
TCN
X-Tt-Trace-Host
X-Time
X-Seen-By
X-Tt-Trace-Tag
X-Proxy
X-FB-Debug
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-B3-Sampled
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Revision
X-Grace
X-Trace-Id
DC
Section-Io-Cache
Healthy
X-F-Cache
X-B
X-Request-Guid
X-Id
X-Cache-Control
X-TT
X-Fb-Rlafr
X-Type
X-Contextid
X-DIS-Request-ID
Surrogate-Key
Viewport
X-XRDS-LOCATION
Paypal-Debug-Id
X-Mobile
X-N
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-WP-CF-Super-Cache
X-Debug-Info
Fastly-SWR
X-Page-Id
Fastly-SIE
X-Px
Content-Disposition
X-Whom
X-Origin-Cache
Version
X-Varnish-Grace
X-Via-JSL
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Webkit-CSP
X-Content-Options
X-Magnolia-Registration
Charset
X-Amz-Replication-Status
X-Template
X-Wix-Request-Id
X-App-Environment
X-Cache-Grace
Ms-Operation-Id
MS-CV
X-Node-Name
X-Rule
X-Cache-Age
X-RTag
X-RemovedCookies
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Oracle-Dms-Ecid
X-Tumblr-User
X-Tumblr-Pixel-0
X-UUID
X-Source
VIX-Pulpo-Upstream-Status
X-G
VIX-Pulpo-Node
X-Debug-IsPreview
X-Datadog-Sampled
SD-X-WS
X-Debug-IsConnected
X-Hl-Ver
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Backend-Name
X-Adobe-Loc
X-User-Agent
X-B-Cache
X-FW-Dynamic
X-Signature
X-Cacheable-TTL
X-Region
X-FW-Serve
ServerID
X-FW-Hash
X-FW-Static
X-FW-Type
X-L-Path
X-FW-Version
X-Adobe-Content
X-Instance
X-NWS-UUID-VERIFY
X-Storage
X-Environment-Context
X-FW-Server
Country
X-Cache-Hit
GEO-INFO
X-Real-IP
NGB
X-Device-Type
X-Proxy-Cache-Info
X-Rid
X-NYM-Debug-Backend
X-ServerID
X-Rendered-As
X-Status
X-Is-Bot
Countrycode
X-IPS-LoggedIn
SRV
Cross-Origin-Window-Policy
X-Amzn-Remapped-Content-Length
X-Language
Akamai-GRN
X-B3-SpanId
Liferay-Portal
X-WP-CF-Super-Cache-Active
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-ID
X-RM-Cache-TTL
X-Sucuri-Cache
X-Wormhole-Sdk
X-Origin-Cache-Key
Front
X-Ratelimit-Reset
OT-Force-Account-Verify
X-Framework
X-Servername
X-UA
X-Air-Pt
X-Xrds-Location
From-Origin
X-VC-Cache
X-Oracle-Dms-Rid
X-AB
X-VC
X-Content-Powered-By
Xet-Cookie
X-Mode
X-Air-Source
Backend
X-Akamai-Request-ID2
X-Air-Hostname
X-Air-Trace-Id
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Refresh
X-DataDome
X-Cache-Time
X-Handled-By
X-INCAP-ABP
X-URL
X-Nginx-Cache
X-Endurance-Cache-Level
Accept-Language
X-SRV
Meta-Geo
Filters
X-JoinUs
X-Edge-Location
X-Rn-Rsrv
X-Rewrite-Enabled
X-RCS-CacheZone
X-RID
X-SaId
X-Xfnlog-Site
Cache
X-UPSTREAM-Address
X-Provided-By
X-Proxied
X-PHP-Host
X-Origin-Hint
X-No-Session
X-Origin-Date
X-Cache-Rule
X-Tumblr-Pixel-2
X-Webstats-RespID
X-Routing-Service
X-VWS-Id
X-Varnish-Age
TWC-GeoIP-Country
X-Cache-Operation
X-Zipkin-Id
X-Reqid
X-LJ-Flow-ID
ServedBy
Webcakes-App-Version
Webcakes-Region
X-AWS-Id
Webcakes-App-Name
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
X-Lambda-Id
X-Cloudmap
X-Hosted-By
X-Git-Commit
Access-Control-Request-Headers
X-Cache-Status-Check
X-Labrador-Cache-Channel
X-Cluster
X-Generated-By
Property-Id
X-Container-Uri
X-Extlb
Webserver
LB
Apigw-Requestid
X-IPLB-Instance
X-Adobe-Source
X-Web-Node
X-Cms-Context
X-Restarts
X-Redis-Cache
X-Tncms
X-Tb
X-Served-From
X-Site-Version
X-Scope-Id
X-Skip-Cache
X-R9-Blue-Green-Version
X-Loop
X-Accel-Version
X-Akamai-Edgescape
Web-Mar-Node
Url
Section-Io-Id
X-Fetched-On
X-Forwarded-Host
X-Logging-Id
X-Locale
X-IPLB-Request-ID
X-HTML-Minification-Powered-By
Mn-Server-Ip
Atl-Traceid
X-Fastly-Request-Id
Frame-Options
X-Ismobilevalue
X-Cache-Host
X-Is-Desktop
X-Frame-Option
X-Geo-Region
X-Is-Mobile
X-Director
X-Format
X-Is-Tablet
X-ProxyCache-Status
Selected-Fe
X-ProxyCache-Key
X-Ms-Version
X-Cache-Debug
X-Ms-Request-Id
X-Is-Supported-Browser
X-Browser-Name
X-Soup
X-Varnish-Cache-Hits
X-Varnish-Beresp-Grace
X-Timing-Wait
X-Upstream-Ht
X-Upstream-Ct
X-VCT
X-SayCDN-TTL
X-Origin
X-Tcp-Rtt
X-RateLimit-Reset
X-Proxy-Build
X-Say-TTL
X-Say-Cacheable
X-BYPASS-REASON
X-Httpd
X-Azure-Ref-OriginShield
X-Detected-As
X-ECache
X-RateLimit-Limit
X-GeoCode
X-GeoCountry
Xserver
WPO-Cache-Message
X-Alternate-Cache-Key
X-S
WPO-Cache-Status
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Api-Version
X-Optimistic-Header
X-Vcache
X-Origin-CC
X-Origin-TTL
X-Drupal-Cache-Tags
X-Sorting-Hat-PodId
X-Request-URI
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Thinkindot-L3
X-CMSURLCustom
X-Generation-Time
X-Lagoon
X-CDN-Forward
X-Shield-Cache-Expires
Cache-Hits
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Source
Onion-Location
X-Drupal-Cache-Contexts
Fastcgi-Useragent
X-Cdn-Origin
X-Connection-Hash
X-WP-CF-Super-Cache-Cookies-Bypass
Protected
X-Tt-Logid
Expiry
X-ID
Cdn-Requestid
X-Vercel-Id
X-Worker
X-Vercel-Cache
X-Cache-Expired-At
X-Buckets
X-Vcl-Version
X-TA-CDN-Provider
X-Pass-Why
X-Rocket-Nginx-Serving-Static
X-PHP-Backend
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-InstanceId
X-B3-Traceid
Azure-SiteName
X-Fastcgi-Cache
X-Mg-Request-UUID
Node
X-GEO
Priority
X-Cache-Action
X-App-Version
Environment
Cross-Origin-Embedder-Policy
CDN-Cache
CDN-CachedAt
Uber-Trace-Id
CDN-Uid
Sid
X-Proxy-Cache-Status
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullCode
X-Tumblr-Pixel-3
X-Cluster-Node
AMP-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Server-W
X-XRDS-Location
X-Cache-Server
DB-Nickname
Alternate-Protocol
X-FB-TRIP-ID
CF-IPCountry
Cache-Tv-Group
X-Jobs
X-Auth-Group-Type
User-Cache-Control
X-Tx-Id
Fusion-Template-Id
HostName
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Service
Surrogated-Key
X-Gen-Mode
X-Fastly-Backend
X-Esi-Check
X-Generated-On
X-GeoIP-City
X-Hnp-Log
X-Gzip
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-D
X-Custom-Header
X-Developer
X-Device-Os
X-Ec-Fail
X-Dispatcher-Server
X-Ig-Origin-Region
X-Ig-Push-State
X-UA-Device-Type
X-TIM-N
X-SRCache-Key
X-V-Cache
X-Vdms-Version
X-Vtex-Remote-Cache
X-Viewer-Country
X-ScT
X-SB
X-ND-Cache
X-Level-Front-Cache
X-Op-Id-All
X-Org
X-Rojux
X-Origin-Expires
X-Content-Age
X-Conf
Ngx.Var.Host
Meta-Geo-Continent
MD5-Digest
Odigeo-Trace-Id
Origin
Rendered-Blocks
Origin-Agent-Cluster
Magicmarker
Lang
Content-Secure-Policy
Candidate-Md5Url
DCR-Decision-By
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
Edge-Cache
Sslversion
T-Server
X-BCube-Filmed-By
X-Bc-Bl
X-Aed
X-Bl-Debug
X-Block-Status
X-Cache-NE
X-Cache-Id
X-A-Wwc
X-A-Dgt
Wxu-Next-Region
Wxu-Next-Commit
X-A
X-A-Ccd
X-A-Dcw
X-A-Dam
A
Wxu-Next-Hostname
X-LSADC-Cache
X-Pad
X-Client-Ip
X-DC
X-Nf-Request-Id
X-Cache-TTL-Remaining
X-Core-Value
X-Clientip
X-Cache-Info
X-CacheTTL
X-Cdn-Srv
X-Debug-Cache-Fetch
X-DefElseHash
X-Fastly-Cache
X-GeoIP
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Geo-Header
X-Gdpr
X-DefHash
X-FC-Vary-Parameters
X-Forwarded-Site
X-Debug-Cache-Store
X-Bip
Server-Hostname
X-Varnish-Remaining-TTL
Sever-Int
Ssr
Server-Host
Server-Ext
Powered-By
X-Via-Fastly
Req-ID
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Auto-Login
X-GoCache-CacheStatus
X-Edge-Server
X-App-Name
X-Amz-Storage-Class
V-Age
Vix-Hermes-Req-Id
X-AK-Request-ID
X-Cache-Bucket
X-Loc
X-SD-PageType
X-Server-IP
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Scheme
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-Region-Sid
X-Request-Time
X-Sn-Servicetimems
X-VG-WebCache
X-VarnishDD-TTL
X-Varnish-Hostname
X-Varnish-Director
X-Thanos
X-Test
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-RateLimit-Limit-Second
X-Wikidot-Static-Cache
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-NMSegId
X-Node-Id
Cdn-Host
Cdn-Request-Time
X-HS-Content-Campaign-Id
PFcat
X-Men
X-Nyt-Route
X-Origin-Response-Time
X-Powered-By-VTEX-Cache
X-Proto
X-Pubstack
X-Policy
X-Platform
X-Origin-Time
XM
X-PAYTM-SRV-ID
X-HN
X-Backend-Instance
Content-Style-Type
Content-Script-Type
Origin-EX
Fastly-Backend-Name
Host-ID
Cdnsip
Cdncip
AKAMAI
C-Via
Cache-Provider
CDCHOST
NM-Fastcgi-Cache
Fastly-SSL
Origin-CC
Mime-Version
X-Dc
X-MP-GENERATED-AT
Tube-Get-Contents
X-Eu-Site
Tube-Got-Results
RNT-Time
Tube-Got-Eval
RNT-Machine
X-Var-Ttl
Producers
X-Pool
Tube-Return
X-Proxied-Request
X-VG-TLSProxy
X-Acquia-Purge-Cdn-Unconfigured
X-Csrf-Jwt
On-Server
X-Contensis-Viewer-Groups
Fastly-GeoIP-CountryCode
X-Date
DSUID
Cluster
X-Ad-Load-Variation
X-B3-Trace-ID
X-Depends
X-Ec-Custom-Error
X-Varnish-Authentication
X-NCache
X-Mvc-Supplant-OutputCached
Pramga
Cache-Key
Adler-Geo
Apple-News-Services-Request-Url
Yak-Timeinfo
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Proxy-Firewall
Canary
Is-Eu
Release
X-CGP
X-Hash
X-Human
Esi-Enabled
X-Location
Click-Count-Action-Start
Click-Count-Error
Country-Code
Platform
X-CUA
X-Slack-Shared-Secret-Outcome
X-Micro-Cache
Mail-Subject
L5d-Success-Class
L
X-Varnish-Beresp-Status
HA-Ipaddr
X-Varnishpool
X-Fmm-Version
W
We-Hiring
Machine
X-Slack-Backend
X-NodeID
X-Mly-Id
X-Accel-Expires-Debug
Web-Mar-Region
X-Aicache-OS
X-Access
X-We-Are-Hiring
X-Section
True-Client-Country-4JS
X-Req
Ha-Gx-Prefs
Gh-Request-Id
X-Request-Host
X-Request-Start
X-WA-Info
X-Cache-Aspx
X-DPWN-IS-SECURE
X-HITS
X-Varnish-Beresp-Ttl
X-Jungle-Id
NGX
X-LiteSpeed-Cache-Control
X-Up
Req-Svc-Chain
X-From
X-BBC-Edge-Cache-Status
X-AIR-PT
X-Zone
X-NGINX-Cache
X-Cache-Backend
Debug
X-Vdms-Path
WP-Super-Cache
CDN-RequestId
X-Uri
X-Cs
X-Akamai-Transformed
X-LB-ID
X-Cache-FS-Status
X-Varnish-Hits
X-CACHE-GROUP
Redirect-Candidate
CloudFront-Viewer-Country
X-Tec-Api-Version
SID
X-Newrelic-Synthetics
X-Tec-Api-Origin
X-Tec-Api-Root
Server-Info
X-Refresh
Fastly-Drupal-HTML
X-Via-Poph
X-HA-Backend
Pics-Label
X-Via-Popn
X-PERF
X-Servedbyhost
X-Render-Time
X-Via-Popv
X-ApacheServer
BehaviorPad-Version
X-VHOST
X-Original-Request-Id
GeoIP-Latitude
X-Response-Served-From
X-Nananana
X-M-Reqid
X-B3-Parentspanid
X-VC-TTL
X-Datadome
X-APP
X-M-Log
X-TT-LOGID
X-Parent-Response-Time
Fastly-Drupal-Html
X-CACHE-AGE
X-Cached-By
Locid
X-LB-NoCache
X-Content-Length
Datacenter
X-CS
Resin-Trace
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Amz-Meta-Cb-Modifiedtime
X-Nc
X-CDN-Cache-Status
Server-ID
X-Wa
X-IAuth-Set-Uid
Cf-Ipcountry
X-LiteSpeed-Tag
GeoIp-Country-Code
NtCoent-Length
Cdn
Ngx-Var-Key
X-ZONE
Uri
X-VCache
X-Old-Content-Length
X-Varnish-Beresp-TTL
X-Platform-Processor
X-Platform-Cluster
Vc-Max-Age
X-Platform-Router
X-Fpc
FSS-Cache
X-RequestId
X-Vgn-Hpd-Reason
X-Dispatcher-Number
CDN
X-NewRelic-App-Data
X-Moov-T
Product
Serverhost
True-Client-IP
True-Client-Ip
X-Esi
X-Moov-Xdn-Version
X-TH-Server
X-SERVER-NAME
X-B3-Spanid
X-TX-ID
X-HostName
X-Srv
Srv
Cross-Origin-Embedder-Policy-Report-Only
X-Dynatrace-Js-Agent
S-Rt
Tcn
X-FPC
GeoIP-Country-Code
X-Nf-Ats-Version
X-Nf-Country
X-Nf-Language
X-Ckpd-Fst-Backend
X-TIME
X-Oracle-DMS-ECID
X-External-Request-Id
X-Cdn-Cache-Status
X-Destination
X-Application
X-User
X-S-Cookie
X-Bug-Bounty
X-B-Cookie
X-Cdn-Forward
ServerName
Cf-Device-Type
Request-ID
X-HubSpot-Correlation-Id
X-Vc
Server-Id
CacheControlHeader
X-Webkit-Csp-Report-Only
X-Zen-Fury
X-Dispatch
X-APP-VERSION
X-WA
X-NC
Hostname
X-CACHE-KEY
X-Sigma-Backend
X-Instance-Name
X-Rocket-Build-Number
X-Sigma
X-Cache-Date
X-COUNTRY
Srvid
Geoip-Latitude
X-VServer
X-FL-QIT-DEBUG
X-API-Version
X-Presslabs-Stats
X-Lb-Nocache
X-Branch-Name
X-Ha-Backend
User-Agent
X-Via-PopN
X-Geo
X-Via-PopV
X-Akamai-Device-Characteristics
Ohc-File-Size
X-Segment-20210421
X-Vmg-Version
X-Via-PopH
X-ServedByHost
Origin-Trial
Load-Balancing
ServerHost
X-Gamma-Serve
X-Info
DataCenter
X-VCL-Version
X-DynaTrace
Cneonction
Epwk-X-Cache
PICS-Label
Xc-Version
Cloudfront-Viewer-Country
X-DataCenter
X-Cache-Ttl
Type
X-Limited
X-Correlation-ID
X-Ua
Expect-Staple
X-Akamai-Pragma-Client-IP
X-App
X-Srcache-Fetch-Status
Rtss
X-Srcache-Store-Status
Ohc-Cache-HIT
X-Owner
X-Irp-Debug
X-Serial
X-Check-Cacheable
X-MiniProfiler-Ids
X-Hit
X-Lb-Id
X-Amz-Meta-Opti
Cross-Origin-Opener-Policy-Report-Only
Lb
Cmstype
X-Qloud-Router
X-Service-Response-Time
Sm-Log-Id
Timeexpire
X-Acquia-Application-Trace
X-Via-CDN
Cl-Cache
X-Sqd-Stime
X-Via-Edge
Cmsid
X-Sqd-Ctime
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Via-SSL
X-Route-Name
X-Datacenter
X-MSEdge-Features
X-MSEdge-Flight
Warning
Edge-Copy-Time
X-Core-Mission
X-Providence-Cookie
X-Web-Server
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
CountryCode
X-CSRF-TOKEN
X-LAGOON
X-Page-View
Servername
X-Litespeed-Cache-Control
X-Origin-Upstream-Status
Ngx
IsBot
X-Amz-Meta-S3b-Last-Modified
X-Shardid
X-Sorting-Hat-Podid
X-Requestid
X-Http-Reason
X-Sorting-Hat-Shopid
X-Sql-Duration-Ms
X-Shopid
X-Amz-Meta-Sha256
X-RAMCache
X-Th-Server
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Ramcache
X-Snapshot-Date
X-Dw-Trace-Id
X-Udemy-Cache-App-Namespace
X-SIPLIST1
X-Sql-Count