Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Content-Security-Policy-Report-Only
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
P3p
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-LiteSpeed-Cache
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
Cf-Railgun
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-Litespeed-Cache
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-TtlSet
X-Vname
X-PC
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
X-FTR-Request-ID
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
X-Ac
X-Element-Page-Cache
X-ESI
X-GitHub-Request-Id
X-D2id
Edge-Control
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Build
X-CST
Verso
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-ECACHE
X-Navigation-Version
X-Dw-Request-Base-Id
X-B3-TraceId
Fastly-Restarts
X-Webkit-Csp
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
X-Mod-Pagespeed
X-Amz-Rid
X-Erf-Bev-Bev-Is-Generated
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-ARC
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
Display
Pagespeed
X-Middleton-Display
X-Oneagent-Js-Injection
X-Sol
X-Powered-CMS
X-Mg-S
X-Ratelimit-Limit
S
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-NF-Request-ID
X-Middleton-Response
Response
X-VARITI-CCR
X-Ratelimit-Remaining
RTSS
Realpath
X-Forwarded-For
X-Cache-Key
X-T
X-Content-Digest
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-TTL
X-Recruiting
X-Cached
X-Correlation-Id
Fastcgi-Cache
X-MSEdge-Ref
X-ORACLE-DMS-RID
X-TraceId
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ua-Browser
X-Ruxit-Js-Agent
X-Varnish-TTL
X-Forwarded-Proto
X-Request-Received
X-Request-Processing-Time
Payment
X-Protected-By
X-LLID
X-HS-Cache-Config
X-Frontend
Arr-Disable-Session-Affinity
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
Server-Node
Public-Key-Pins
MS-Author-Via
Count-Hit
Content-MD5
X-PressLabs-Stats
X-Server-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-GUploader-UploadID
X-HS-Combine-CSS
X-Accel-Expires
X-LB-Cache
X-RateLimit-Remaining
X-Newrelic-App-Data
X-Distributor
X-Origin-Server
X-NODE
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Ezoic-Cdn
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-ORACLE-DMS-ECID
X-Jurisdiction
X-HP-Trace-Id
Surrogate-Key
X-HP-Webp
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-FTR-Expires
X-Www-Served-By
Accept-Charset
X-Varnish-Server
X-Az
X-Activity-Id
Cleartype
X-AppVersion
Host
X-App-Server
MRF-Tech
X-Ua-Device
X-B3-TraceId-Primal
Mrf-Cache-Status
Cache-Tags
X-Cluster-Name
X-Amz-Meta-S3cmd-Attrs
Retry-After
X-Varnish-Backend
X-Goog-Metageneration
X-Ttl
Filterid
X-Unique-Id
X-Hits
Server-Name
X-Debug
X-Git-Hash
Access-Control-Allow-Method
X-Logged-In
X-Load-Cache
X-Azure-Ref
X-Envoy-Decorator-Operation
X-Id
X-Upgrade-Enabled
X-NGENIX-Cache
X-CSRF-Token
X-FB-Debug
X-Geo-Country
X-Hostname
TCN
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Proxy
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Varnish-Ttl
Section-Io-Cache
X-B
X-TT
TP-L2-Cache
Viewport
X-Revision
X-Seen-By
X-Request-Guid
DC
X-Grace
X-Cache-Control
X-Trace-Id
X-Type
X-B3-Sampled
Healthy
X-Contextid
X-Fb-Rlafr
X-Time
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-F-Cache
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Fastly-SWR
Fastly-SIE
X-Mobile
X-N
Content-Disposition
Paypal-Debug-Id
Referer-Policy
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Ratelimit-Reset
X-Varnish-Grace
X-XRDS-LOCATION
X-Magnolia-Registration
X-DIS-Request-ID
X-Origin-Cache
X-Webkit-CSP
X-Amz-Replication-Status
X-Debug-Info
X-Page-Id
X-Via-JSL
X-Px
X-Oracle-Dms-Ecid
Version
X-Wormhole-Sdk
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rid
X-UUID
X-ProcessESI
X-Whom
X-G
X-RemovedCookies
Amp-Access-Control-Allow-Source-Origin
X-Tumblr-User
X-Content-Options
X-Rule
X-Adobe-Content
X-App-Environment
X-Tumblr-Pixel-0
X-Nf-Request-Id
X-Tumblr-Pixel-1
X-Node-Name
X-Tumblr-Pixel
X-Debug-IsConnected
X-Adobe-Loc
X-Debug-IsPreview
VIX-Pulpo-Node
SD-X-WS
X-Datadog-Sampled
X-Storage
X-Hl-Ver
X-RTag
NGB
VIX-Pulpo-Upstream-Status
Ms-Operation-Id
X-Yottaa-Optimizations
X-Source
X-Yottaa-Metrics
MS-CV
X-Cacheable-TTL
X-B-Cache
X-Backend-Name
X-Rendered-As
X-Region
X-Wix-Request-Id
X-Signature
X-NYM-Debug-Backend
X-Instance
X-Is-Bot
Cross-Origin-Window-Policy
X-Device-Type
X-User-Agent
X-Template
X-Proxy-Cache-Info
GEO-INFO
X-Environment-Context
X-Status
Country
X-FW-Server
X-FW-Dynamic
X-ServerID
X-L-Path
X-FW-Serve
X-FW-Version
X-FW-Hash
X-FW-Type
X-Ismobilevalue
X-FW-Static
Charset
X-NWS-UUID-VERIFY
X-Cache-Age
X-IPS-LoggedIn
Countrycode
X-RM-Cache-TTL
SRV
ServerID
X-Real-IP
Akamai-GRN
Front
X-Cache-Grace
X-WP-CF-Super-Cache-Active
X-EdgeConnect-Cache-Status
X-Framework
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-Cache-Hit
X-AB
X-Xrds-Location
X-B3-SpanId
X-Language
X-Oracle-Dms-Rid
X-Content-Powered-By
X-Akamai-Request-ID2
X-Air-Pt
X-Sucuri-ID
X-Air-Source
X-Air-Hostname
OT-Force-Account-Verify
X-Sucuri-Cache
X-Servername
X-Air-Trace-Id
X-VC
X-DataDome
X-WebKit-CSP-Report-Only
X-UA
X-Api-Version
From-Origin
Xet-Cookie
X-VC-Cache
X-URL
X-Mode
Accept-Language
X-Aws-Lambda-Call-Status
Backend
X-SRV
X-Tt-Logid
Refresh
Access-Control-Request-Headers
X-ECache
Webserver
X-Cache-Status-Check
LB
Upgrade-Insecure-Requests
X-Handled-By
X-HTML-Minification-Powered-By
X-Nginx-Cache
X-Fastly-Request-Id
X-Cache-Time
X-Rewrite-Enabled
X-JoinUs
Meta-Geo
Filters
X-Rn-Rsrv
Cache
X-SaId
X-RCS-CacheZone
X-UPSTREAM-Address
X-Origin-Date
X-Origin-Hint
Property-Id
TWC-Connection-Speed
ServedBy
X-PHP-Host
X-Mg-Request-UUID
X-Request-URI
X-Varnish-Age
X-R9-Blue-Green-Version
X-Tumblr-Pixel-2
TWC-Device-Class
TWC-GeoIP-Country
X-Adobe-Source
X-Labrador-Cache-Channel
X-Cms-Context
X-Generated-By
X-Hosted-By
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Webstats-RespID
X-Provided-By
X-Container-Uri
X-RateLimit-Limit
X-Git-Commit
X-Xfnlog-Site
X-S
X-ProxyCache-Status
X-Is-Tablet
X-Served-From
X-Is-Supported-Browser
X-No-Session
X-Cluster
Web-Mar-Node
X-ProxyCache-Key
X-BYPASS-REASON
X-Site-Version
Atl-Traceid
X-Akamai-Edgescape
X-Accel-Version
X-Tcp-Rtt
X-Browser-Name
X-Cache-Debug
X-Tncms
X-Forwarded-Host
X-Httpd
X-Redis-Cache
X-Lambda-Id
X-Scope-Id
X-Is-Mobile
X-Fetched-On
X-Geo-Region
Section-Io-Id
X-Web-Node
Url
X-Is-Desktop
X-Logging-Id
X-Locale
X-Loop
X-Skip-Cache
X-Reqid
X-Tb
Selected-Fe
X-Alternate-Cache-Key
X-Optimistic-Header
X-Cache-Host
X-Say-Cacheable
X-Origin
X-Timing-Wait
X-Format
X-SayCDN-TTL
X-Say-TTL
X-IPLB-Request-ID
X-Director
X-Detected-As
X-Soup
X-Frame-Option
X-Varnish-Cache-Hits
X-Storefront-Renderer-Rendered
Apigw-Requestid
X-IPLB-Instance
X-VCT
Mn-Server-Ip
X-Cache-Operation
X-Upstream-Ct
X-Proxy-Build
X-Restarts
X-Cache-Rule
X-Upstream-Ht
X-Varnish-Beresp-Grace
X-Shopify-Stage
X-RID
X-Cloudmap
X-Extlb
X-AWS-Id
X-Ms-Request-Id
X-Proxied
Onion-Location
X-LJ-Flow-ID
Xserver
X-Edge-Location
X-Zipkin-Id
X-Vcl-Version
X-Endurance-Cache-Level
X-VWS-Id
X-Routing-Service
X-Ms-Version
X-Connection-Hash
X-INCAP-ABP
X-ShopId
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Expiry
X-GeoCountry
X-Vcache
X-GeoCode
X-Lagoon
Frame-Options
X-Azure-Ref-OriginShield
Priority
X-Cache-Expired-At
X-WP-CF-Super-Cache-Cookies-Bypass
Cdn-Requestid
Source
X-CDN-Forward
Protected
WPO-Cache-Message
WPO-Cache-Status
X-Fastcgi-Cache
X-Generation-Time
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Thinkindot-L3
Environment
X-Shield-Cache-Expires
TDXMobile
X-CMSURLCustom
X-Cache-Action
X-Proxy-Cache-Status
Fastcgi-Useragent
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Origin-TTL
X-Origin-CC
X-PHP-Backend
X-Pass-Why
CF-IPCountry
Uber-Trace-Id
X-Cdn-Origin
X-App-Version
X-Rocket-Nginx-Serving-Static
X-ID
X-GEO
X-Worker
X-Vercel-Cache
X-Vercel-Id
Locale
X-Cluster-Node
X-Urbn-Context-Path
X-Urbn-Site-Id
Azure-SlotName
Azure-SiteName
Azure-Version
X-Aspnetmvc-Version
Azure-InstanceId
Azure-RegionName
Cache-Hits
Node
Sid
X-XRDS-Location
X-FB-TRIP-ID
X-Buckets
Cache-Tv-Group
CDN-PullZone
CDN-CachedAt
Cross-Origin-Embedder-Policy
CDN-Cache
X-Auth-Group-Type
CDN-EdgeStorageId
CDN-Uid
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
X-TA-CDN-Provider
X-B3-Traceid
X-Tumblr-Pixel-3
X-Server-W
Alternate-Protocol
X-Pad
X-Cache-Server
X-A
DB-Nickname
X-LiteSpeed-Cache-Control
X-Client-Ip
X-Tx-Id
X-DC
X-SRCache-Key
X-TIM-N
Ngx.Var.Host
X-Op-Id-All
X-GeoIP-City
Cdn-Request-Time
Cdn-Host
Odigeo-Trace-Id
X-Fastly-Backend
A
X-Origin-Expires
X-Esi-Check
Wxu-Next-Commit
Origin-Agent-Cluster
Rendered-Blocks
X-Conf
X-Generated-On
X-LSADC-Cache
X-ND-Cache
X-Service
X-Req
X-ScT
Surrogated-Key
T-Server
X-Ec-Fail
Sslversion
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Org
X-Edge-Server
X-Rojux
Candidate-Md5Url
X-Varnish-CookieINHashed-On
X-Level-Front-Cache
X-Custom-Header
X-Bc-Bl
X-BCube-Filmed-By
X-D
Lang
Magicmarker
X-V-Cache
X-DefElseHash
Content-Secure-Policy
X-Bl-Debug
DCR-Decision-By
X-Cache-NE
X-Cache-TTL-Remaining
X-Gzip
Gannett-Cam-Experience-Id
X-Ig-Origin-Region
X-Cache-Id
X-Core-Value
DCR-Processing-Time-Ms
X-Content-Age
X-Ig-Push-State
MD5-Digest
X-DefHash
X-A-Wwc
X-Vtex-Remote-Cache
X-A-Dam
X-A-Ccd
X-Varnish-Remaining-TTL
AMP-Access-Control-Allow-Source-Origin
X-Varnish-CookieHashed-On
X-A-Dcw
X-A-Dgt
X-Vdms-Version
X-Dispatcher-Server
X-Viewer-Country
X-Developer
X-Aed
Wxu-Next-Hostname
X-Via-Fastly
Wxu-Next-Region
Meta-Geo-Continent
Mime-Version
User-Cache-Control
X-GeoIP-Country-Code
X-Gen-Mode
X-Hnp-Log
Platform
NM-Fastcgi-Cache
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-GeoIP
Is-Eu
Origin
X-Geo-Header
Host-ID
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-B3-Trace-ID
X-App-Name
X-Amz-Storage-Class
X-Acquia-Purge-Cdn-Unconfigured
X-Aicache-OS
X-AK-Request-ID
X-Backend-Instance
X-Bip
X-CacheTTL
X-Cdn-Srv
X-Clientip
X-Cache-Info
X-Cache-FS-Status
X-Block-Status
X-Cache-Bucket
X-HS-Content-Campaign-Id
Vix-Hermes-Req-Id
X-FC-Vary-Parameters
Req-ID
X-Fastly-Cache
X-Fmm-Version
X-Forwarded-Site
X-Gdpr
Producers
RNT-Machine
RNT-Time
Tube-Got-Results
Tube-Return
V-Age
Tube-Got-Eval
Tube-Get-Contents
Server-Host
Ssr
Powered-By
X-Origin-Response-Time
X-SVT-ORM-VERSION
Fastly-Backend-Name
X-Sn-Servicetimems
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-UA-Device-Type
X-Thanos
X-Server-IP
X-SD-PageType
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Region-Sid
X-Request-Time
X-Scheme
X-SB
X-Varnish-Director
X-Varnish-Hostname
X-HN
PFcat
X-NodeID
HostName
XM
X-VarnishDD-TTL
Fastly-SSL
Cache-Provider
X-VG-WebCache
X-VG-TLSProxy
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Pubstack
X-SVT-ORM-RULES
Cdncip
Cdnsip
X-Men
X-Micro-Cache
X-Mly-Id
AKAMAI
X-Mvc-Supplant-Cachable
Click-Count-Error
X-Loc
Edge-Cache
Esi-Enabled
X-Jobs
Country-Code
Content-Script-Type
Content-Style-Type
Adler-Geo
Click-Count-Action-Start
X-Origin-Time
X-Node-Id
X-PAYTM-SRV-ID
X-Platform
X-Policy
X-Powered-By-VTEX-Cache
X-Nyt-Route
X-NMSegId
X-Proto
X-Varnish-Beresp-Ttl
X-HITS
W
X-CUA
True-Client-Country-4JS
L5d-Success-Class
HA-Ipaddr
L
X-Access
Server-Info
X-Csrf-Jwt
X-Pool
X-Contensis-Viewer-Groups
X-Section
Ha-Gx-Prefs
X-Human
X-Hash
X-Eu-Site
X-CGP
Apple-News-Services-Parsed-Url
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Varnishpool
X-Proxied-Request
X-Var-Ttl
X-Slack-Backend
X-Nginx-Cache-Key
X-Ec-Custom-Error
X-Slack-Shared-Secret-Outcome
X-We-Are-Hiring
X-Location
Apple-News-Services-Request-Url
X-Request-Start
CDCHOST
X-Mvc-Supplant-OutputCached
Apple-News-Services-Host
X-Depends
Yak-Timeinfo
Apple-News-Services-Handled
X-Request-Host
X-Date
Cluster
Req-Svc-Chain
Release
Canary
Server-Ext
Sever-Int
Cache-Key
Server-Hostname
Proxy-Firewall
DSUID
Gh-Request-Id
Machine
NGX
On-Server
Origin-CC
Fastly-GeoIP-CountryCode
Pramga
Origin-EX
Mail-Subject
C-Via
X-Auto-Login
X-BBC-Edge-Cache-Status
We-Hiring
X-Cs
X-Cache-Aspx
X-Dc
X-Accel-Expires-Debug
Web-Mar-Region
X-NGINX-Cache
X-AIR-PT
X-WA-Info
BehaviorPad-Version
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Debug
Fusion-Component-Id
X-RateLimit-Reset
Fusion-Content-Source
X-Ad-Load-Variation
X-Device-Os
X-Varnish-Hits
X-LB-ID
Redirect-Candidate
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
SID
X-Up
Fastly-Drupal-HTML
X-APP
X-NCache
X-HA-Backend
Pics-Label
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-From
X-MP-GENERATED-AT
X-Zone
X-VHOST
GeoIP-Latitude
CloudFront-Viewer-Country
X-Jungle-Id
X-Akamai-Transformed
X-Newrelic-Synthetics
X-Content-Length
X-CACHE-AGE
CDN-RequestId
X-Parent-Response-Time
X-Cache-Backend
X-B3-Parentspanid
X-Vdms-Path
X-Refresh
X-Servedbyhost
X-LiteSpeed-Tag
X-Origin-Cache-Key
X-LB-NoCache
X-Nananana
X-Nc
X-Litespeed-Tag
WP-Super-Cache
Vc-Max-Age
X-Datadome
X-Uri
Fastly-Drupal-Html
X-CACHE-KEY
X-ZONE
X-Dispatcher-Number
Resin-Trace
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
X-PERF
Datacenter
X-Render-Time
X-M-Log
X-RequestId
X-M-Reqid
X-Cached-By
X-Wa
X-VC-TTL
X-ApacheServer
Product
Server-ID
NtCoent-Length
Cdn
X-B3-Spanid
GeoIp-Country-Code
X-Ckpd-Fst-Backend
X-CS
X-Amz-Meta-Cb-Modifiedtime
X-Fpc
Locid
S-Rt
X-Bug-Bounty
FSS-Cache
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-Esi
X-VCache
Serverhost
ServerName
True-Client-Ip
Uri
X-HostName
X-HubSpot-Correlation-Id
X-TX-ID
X-SERVER-NAME
X-Nf-Language
X-Nf-Ats-Version
X-Nf-Country
True-Client-IP
X-TT-LOGID
GeoIP-Country-Code
X-Original-Request-Id
X-Response-Served-From
X-CLOUD-TRACE-CONTEXT
Tcn
X-Old-Content-Length
X-TIME
X-Srv
X-Presslabs-Stats
X-Dynatrace-Js-Agent
X-NewRelic-App-Data
X-FPC
CDN
User-Agent
Srv
X-Akamai-Device-Characteristics
X-Cdn-Cache-Status
X-Vmg-Version
Ngx-Var-Key
X-Webkit-Csp-Report-Only
X-Cdn-Forward
Request-ID
ServerHost
CacheControlHeader
X-Vc
X-Gamma-Serve
X-Info
X-WA
X-Vgn-Hpd-Reason
Cf-Ipcountry
X-Moov-T
X-Moov-Xdn-Version
X-Hit
Xc-Version
X-TH-Server
Server-Id
X-COUNTRY
Hostname
X-APP-VERSION
X-NC
Srvid
X-Dispatch
X-FL-QIT-DEBUG
Expect-Staple
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
Geoip-Latitude
X-Amz-Meta-Opti
X-Lb-Nocache
X-Geo
Cf-Device-Type
X-Application
X-Destination
Cneonction
Cross-Origin-Embedder-Policy-Report-Only
X-V
X-User
Cloudfront-Viewer-Country
X-External-Request-Id
X-Limited
X-S-Cookie
X-B-Cookie
X-ServedByHost
X-Oracle-DMS-ECID
X-VCL-Version
Permission-Policy
X-Via-PopV
PICS-Label
N-Cache
X-App
WZWS-RAY
X-Via-PopN
X-Eligible
X-Platform-Server
X-Ha-Backend
X-Via-PopH
X-Rollout
X-New
Origin-Trial
X-Zen-Fury
X-API-Version
X-MSEdge-Flight
XkeyRZ
X-Ua
X-Correlation-ID
X-Proxy-CacheRZ
X-Rocket-Build-Number
X-Akamai-Pragma-Client-IP
X-Cache-Date
X-MSEdge-Features
X-Sigma-Backend
Ohc-File-Size
Epwk-X-Cache
X-Instance-Name
X-Sigma
Rtss
X-Segment-20210421
X-Sqd-Ctime
X-Sqd-Stime
X-Serial
X-Internal-TTL
X-Branch-Name
X-Ftr-Request-Id
X-Web-Server
X-MiniProfiler-Ids
X-Check-Cacheable
X-ElasticPress-Query
X-Lb-Id
X-VServer
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Cmstype
Cmsid
Edge-Copy-Time
X-Service-Response-Time
X-Via-CDN
X-Via-Edge
Sm-Log-Id
X-SIPLIST1
X-Path
X-Datacenter
X-EC-Lua
IsBot
Timeexpire
Cl-Cache
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Via-SSL
X-LAGOON
Servername
CountryCode
X-CSRF-TOKEN
X-Litespeed-Cache-Control
X-CDN-Origin
X-VTEX-Cache-Backend-Header-Time
Fl-Custom-Application
X-Traceid
X-VTEX-Cache-Backend-Connect-Time
X-Amz-Meta-Sha256
Warning
X-Amz-Meta-S3b-Last-Modified
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
Ngx
X-Snapshot-Date
X-RAMCache
X-Th-Server
X-Ramcache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Ohc-Cache-HIT
Wpo-Cache-Message
Wpo-Cache-Status
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Origin-Upstream-Status
X-Shardid
X-Shopid
X-Fastly-Backend-Reqs