Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-DNS-Prefetch-Control
X-Runtime
Accept-CH-Lifetime
X-Ua-Compatible
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-LiteSpeed-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Dns-Prefetch-Control
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Host
X-WebKit-CSP
Cf-Railgun
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
Accept-Ch-Lifetime
X-Response-Time
X-Readtime
X-ASPNET-VERSION
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Ruxit-JS-Agent
X-Node
Request-Id
X-Cloud-Trace-Context
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Url
X-Trace
X-Litespeed-Cache
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Times
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
X-FTR-Request-ID
Accept-Ch
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Powered-By-Plesk
AR-SID
X-Cache-TTL
X-Cnection
X-Webkit-Csp
X-Ac
X-D2id
X-Element-Page-Cache
X-ESI
X-GitHub-Request-Id
X-CST
Edge-Control
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
Verso
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-ECACHE
X-Upstream
X-Dw-Request-Base-Id
X-Navigation-Version
X-FastCGI-Cache
Fastly-Restarts
X-Oneagent-Js-Injection
SPIisLatency
SPRequestDuration
X-B3-TraceId
X-Mod-Pagespeed
X-Amz-Rid
X-Server-Lifecycle-Phase
X-PDP-UNCACHING-HASH
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
SPRequestGuid
X-SharePointHealthScore
X-Client-IP
X-ARC
X-Kinsta-Cache
X-Goog-Hash
X-Edge-Location-Klb
X-Middleton-Display
X-Sol
Pagespeed
Display
X-Powered-CMS
X-Mg-S
S
X-Amzn-Trace-Id
Edge-Cache-Tag
Cache-Status
X-Version
X-Ratelimit-Limit
Access-Control-Request-Method
X-Middleton-Response
X-NF-Request-ID
Response
X-VARITI-CCR
RTSS
Realpath
X-Forwarded-For
X-T
X-Cache-Key
Cross-Origin-Resource-Policy
X-Content-Digest
X-Ratelimit-Remaining
X-Fastly-Request-ID
X-TTL
X-Ruxit-Js-Agent
X-Recruiting
X-Cached
X-Correlation-Id
Fastcgi-Cache
X-MSEdge-Ref
X-TraceId
X-ORACLE-DMS-RID
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ua-Browser
X-Request-Received
X-RateLimit-Remaining
X-Request-Processing-Time
X-Forwarded-Proto
X-Varnish-TTL
X-Protected-By
X-LLID
X-Frontend
X-PressLabs-Stats
TP-Cache
X-HS-Content-Id
Server-Node
X-HS-Cache-Config
Payment
X-HS-Hub-Id
Arr-Disable-Session-Affinity
Public-Key-Pins
MS-Author-Via
Count-Hit
Content-MD5
X-Server-ID
X-Accel-Expires
X-GUploader-UploadID
X-HS-Combine-CSS
X-LB-Cache
X-Distributor
X-Newrelic-App-Data
X-NODE
X-Origin-Server
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ezoic-Cdn
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
X-ORACLE-DMS-ECID
Surrogate-Key
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-Request-Handler-Origin-Region
X-Microsite
X-FTR-Expires
X-Content-Security-Policy-Report-Only
X-Www-Served-By
X-App-Server
Cleartype
Host
X-Activity-Id
X-Varnish-Server
X-AppVersion
X-Az
MRF-Tech
X-Ua-Device
Mrf-Cache-Status
Cache-Tags
X-B3-TraceId-Primal
X-Cluster-Name
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Backend
Retry-After
X-Unique-Id
X-Goog-Metageneration
X-Ttl
Filterid
X-Debug
X-Hits
Server-Name
Access-Control-Allow-Method
X-Git-Hash
X-Logged-In
X-Azure-Ref
X-Load-Cache
X-Id
X-NGENIX-Cache
X-Upgrade-Enabled
X-Envoy-Decorator-Operation
X-CSRF-Token
X-FB-Debug
X-Geo-Country
X-Hostname
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proxy
X-B
Viewport
X-TT
X-Tt-Trace-Host
X-Tt-Trace-Tag
TP-L2-Cache
Section-Io-Cache
X-Revision
X-Grace
DC
X-Type
Healthy
X-Fb-Rlafr
X-B3-Sampled
X-Cache-Control
X-Varnish-Ttl
X-Contextid
X-Seen-By
X-Trace-Id
X-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-F-Cache
X-Request-Guid
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Fastly-SWR
Fastly-SIE
X-Goog-Storage-Class
X-Goog-Generation
X-Mobile
X-XRDS-LOCATION
X-N
Content-Disposition
Paypal-Debug-Id
Referer-Policy
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Magnolia-Registration
X-Ratelimit-Reset
X-Varnish-Grace
X-Webkit-CSP
X-DIS-Request-ID
X-Origin-Cache
X-Amz-Replication-Status
X-Via-JSL
X-Page-Id
X-Px
Version
X-Wormhole-Sdk
X-Oracle-Dms-Ecid
X-Debug-Info
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Rid
X-RemovedCookies
X-UUID
X-G
X-Whom
X-ProcessESI
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Rule
X-Content-Options
X-Nf-Request-Id
X-Tumblr-Pixel-1
X-Debug-IsConnected
X-App-Environment
X-Debug-IsPreview
Ms-Operation-Id
X-Node-Name
X-Adobe-Content
NGB
X-Datadog-Sampled
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
MS-CV
X-Adobe-Loc
X-Source
X-Storage
X-Hl-Ver
X-RTag
X-Yottaa-Optimizations
X-NYM-Debug-Backend
X-Region
X-Template
Cross-Origin-Window-Policy
X-Yottaa-Metrics
X-Device-Type
X-User-Agent
X-B-Cache
X-Signature
X-Proxy-Cache-Info
X-L-Path
X-FW-Serve
Country
X-Ismobilevalue
X-FW-Type
X-FW-Dynamic
X-FW-Hash
X-Environment-Context
SD-X-WS
X-Backend-Name
X-FW-Server
X-Cacheable-TTL
X-FW-Static
X-Instance
X-Status
X-FW-Version
X-Wix-Request-Id
X-Rendered-As
GEO-INFO
X-ServerID
X-Is-Bot
Charset
X-NWS-UUID-VERIFY
X-IPS-LoggedIn
Countrycode
X-Cache-Age
Amp-Access-Control-Allow-Source-Origin
X-RM-Cache-TTL
ServerID
X-EdgeConnect-Cache-Status
SRV
Akamai-GRN
Front
X-Real-IP
X-Cache-Grace
X-Framework
X-WP-CF-Super-Cache-Active
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-AB
X-Cache-Hit
X-Oracle-Dms-Rid
X-Language
X-WebKit-CSP-Report-Only
X-Air-Pt
X-Content-Powered-By
X-Akamai-Request-ID2
X-Api-Version
X-B3-SpanId
X-Air-Trace-Id
X-Air-Source
OT-Force-Account-Verify
X-Air-Hostname
X-Servername
X-UA
X-VC
X-VC-Cache
X-RateLimit-Limit
From-Origin
X-Sucuri-Cache
X-Sucuri-ID
Xet-Cookie
X-URL
X-Xrds-Location
X-Mode
X-Aws-Lambda-Call-Status
Accept-Language
Backend
Refresh
X-DataDome
Webserver
X-ECache
X-Cache-Status-Check
X-Tt-Logid
X-Nginx-Cache
Access-Control-Request-Headers
Upgrade-Insecure-Requests
X-HTML-Minification-Powered-By
X-Cache-Time
X-Handled-By
X-Fastly-Request-Id
X-JoinUs
Meta-Geo
X-Rn-Rsrv
Filters
X-Rewrite-Enabled
X-UPSTREAM-Address
X-SaId
LB
X-SRV
X-RCS-CacheZone
X-Provided-By
X-Origin-Hint
X-PHP-Host
X-Varnish-Age
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
Cache
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
TWC-Connection-Speed
X-S
X-Labrador-Cache-Channel
X-R9-Blue-Green-Version
X-Mg-Request-UUID
X-Tumblr-Pixel-2
Property-Id
ServedBy
X-Xfnlog-Site
X-Webstats-RespID
X-Lambda-Id
X-Is-Desktop
X-Accel-Version
X-Fetched-On
X-Adobe-Source
X-Akamai-Edgescape
X-BYPASS-REASON
X-Browser-Name
Section-Io-Id
X-Generated-By
X-Is-Supported-Browser
Atl-Traceid
X-Is-Mobile
X-Httpd
X-Geo-Region
X-Hosted-By
X-Is-Tablet
X-No-Session
X-ProxyCache-Status
X-Container-Uri
X-ProxyCache-Key
X-Cms-Context
X-Origin-Date
X-Tcp-Rtt
X-Request-URI
X-Git-Commit
X-Served-From
X-Skip-Cache
X-Scope-Id
X-Tb
X-Forwarded-Host
X-Cluster
X-Reqid
X-Locale
X-Logging-Id
X-Loop
X-Format
X-Redis-Cache
X-Alternate-Cache-Key
X-Cache-Rule
X-Varnish-Beresp-Grace
X-IPLB-Request-ID
X-Frame-Option
X-Upstream-Ct
Selected-Fe
X-Cache-Host
X-Shopify-Stage
X-Upstream-Ht
X-Proxy-Build
X-Restarts
X-IPLB-Instance
X-Varnish-Cache-Hits
X-Site-Version
Apigw-Requestid
X-Web-Node
Mn-Server-Ip
X-Optimistic-Header
X-Origin
X-Tncms
X-Storefront-Renderer-Rendered
X-Timing-Wait
X-Cache-Operation
Web-Mar-Node
X-VCT
Url
X-AWS-Id
X-Vcl-Version
X-RID
X-SayCDN-TTL
X-Say-TTL
X-Director
X-Extlb
X-Endurance-Cache-Level
X-Proxied
X-Zipkin-Id
X-Edge-Location
Onion-Location
X-Ms-Version
Xserver
X-VWS-Id
X-Ms-Request-Id
X-LJ-Flow-ID
X-Say-Cacheable
X-Soup
X-Cloudmap
X-Routing-Service
X-Sorting-Hat-ShopId
X-ShardId
X-INCAP-ABP
Expiry
X-ShopId
X-Sorting-Hat-PodId
X-Cache-Debug
X-Connection-Hash
X-Detected-As
X-GeoCountry
X-GeoCode
X-Azure-Ref-OriginShield
Frame-Options
X-Cache-Expired-At
Priority
Cdn-Requestid
X-Lagoon
X-Vcache
X-WP-CF-Super-Cache-Cookies-Bypass
Source
X-CDN-Forward
WPO-Cache-Status
WPO-Cache-Message
X-B3-Traceid
X-Generation-Time
X-Thinkindot-L3
X-CMSURLCustom
Protected
Environment
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
X-Drupal-Cache-Tags
X-Cdn-Origin
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Cache-Action
X-PHP-Backend
X-Origin-TTL
X-Origin-CC
X-Pass-Why
Uber-Trace-Id
CF-IPCountry
X-App-Version
Fastcgi-Useragent
X-Rocket-Nginx-Serving-Static
X-Worker
X-ID
Sid
X-Cluster-Node
X-Urbn-Context-Path
X-Aspnetmvc-Version
X-Urbn-Site-Id
Azure-Version
Locale
Azure-InstanceId
X-Vercel-Cache
X-Vercel-Id
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-GEO
Cache-Hits
Node
X-XRDS-Location
Cache-Tv-Group
X-Buckets
X-FB-TRIP-ID
CDN-PullZone
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-Uid
CDN-CachedAt
CDN-Cache
X-Auth-Group-Type
Cross-Origin-Embedder-Policy
CDN-EdgeStorageId
X-TA-CDN-Provider
AMP-Access-Control-Allow-Source-Origin
X-Fastcgi-Cache
X-Tumblr-Pixel-3
X-Server-W
X-Cache-Server
X-A
DB-Nickname
Alternate-Protocol
X-LiteSpeed-Cache-Control
X-Client-Ip
X-Bl-Debug
X-BCube-Filmed-By
X-Level-Front-Cache
X-Ig-Push-State
Cdn-Request-Time
X-Gzip
X-Ig-Origin-Region
X-Bc-Bl
X-Service
X-ND-Cache
X-A-Dgt
DCR-Decision-By
DCR-Processing-Time-Ms
X-A-Dam
X-A-Wwc
X-Aed
Content-Secure-Policy
X-Op-Id-All
X-Org
X-GeoIP-City
Cdn-Host
X-D
X-Cache-TTL-Remaining
X-DefElseHash
X-DefHash
X-Custom-Header
X-Core-Value
X-LSADC-Cache
X-Conf
A
X-Developer
X-Dispatcher-Server
X-Esi-Check
X-Cache-Id
X-Generated-On
Candidate-Md5Url
X-Epic-Correlation-Id
X-Edge-Server
X-Cache-NE
X-Ec-Fail
X-Ec-GeoHdr
X-A-Ccd
X-A-Dcw
Surrogated-Key
X-Dc
MD5-Digest
X-Pad
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
T-Server
X-TIM-N
Wxu-Next-Region
X-V-Cache
X-Varnish-Remaining-TTL
X-Vdms-Version
X-Vtex-Remote-Cache
Odigeo-Trace-Id
Origin-Agent-Cluster
Rendered-Blocks
Ngx.Var.Host
Sslversion
Meta-Geo-Continent
X-Via-Fastly
X-Viewer-Country
Lang
Magicmarker
X-ScT
Gannett-Cam-Experience-Id
Wxu-Next-Commit
X-Rojux
X-Req
Wxu-Next-Hostname
X-SRCache-Key
Mime-Version
Req-ID
X-Cdn-Srv
Producers
Server-Host
X-Acquia-Purge-Cdn-Unconfigured
X-CacheTTL
RNT-Time
RNT-Machine
Ssr
Tube-Got-Results
X-B3-Trace-ID
X-Bip
Tube-Got-Eval
Tube-Get-Contents
Tube-Return
X-Amz-Storage-Class
X-Cache-FS-Status
V-Age
X-Cache-Info
X-Aicache-OS
Vix-Hermes-Req-Id
X-Geo-Header
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Test
X-Thanos
X-UA-Device-Type
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Request-Time
X-Region-Sid
X-SB
X-Scheme
X-Server-IP
X-Varnish-Director
X-Varnish-Hostname
X-HN
PFcat
X-NodeID
X-VarnishDD-TTL
XM
Cache-Provider
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Backend
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-GoCache-CacheStatus
X-GeoIP
X-Jobs
X-Loc
X-Men
Powered-By
X-Fmm-Version
X-Debug-Cache-Fetch
X-Content-Age
X-Debug-Cache-Store
X-DPWN-IS-SECURE
X-Fastly-Backend
X-Micro-Cache
X-Mly-Id
X-Policy
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-Pubstack
X-PAYTM-SRV-ID
X-Origin-Time
X-NMSegId
X-Mvc-Supplant-Cachable
X-Node-Id
X-Nyt-Route
X-Origin-Expires
X-Clientip
X-Gdpr
Host-ID
Fastly-Backend-Name
Is-Eu
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Edge-Cache
Country-Code
Click-Count-Error
Click-Count-Action-Start
AKAMAI
Adler-Geo
HostName
X-Tx-Id
Esi-Enabled
Origin
Platform
NM-Fastcgi-Cache
User-Cache-Control
X-DC
X-HITS
X-Varnish-Beresp-Ttl
HA-Ipaddr
Apple-News-Services-Request-Url
X-Contensis-Viewer-Groups
Ha-Gx-Prefs
Fastly-SSL
L
Apple-News-Services-Parsed-Url
X-Depends
CDCHOST
X-SD-PageType
Cache-Key
Canary
Cdncip
True-Client-Country-4JS
X-Request-Start
X-Proxied-Request
Apple-News-Services-Host
X-Pool
C-Via
L5d-Success-Class
X-Fastly-Cache
X-HS-Content-Campaign-Id
X-Hnp-Log
X-Hash
X-Varnishpool
X-Nginx-Cache-Key
X-Mvc-Supplant-OutputCached
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Location
X-GeoIP-Region-Code
X-Cache-Bucket
X-Var-Ttl
X-Origin-Response-Time
Yak-Timeinfo
X-FC-Vary-Parameters
X-Forwarded-Site
X-GeoIP-Country-Code
X-Gen-Mode
X-We-Are-Hiring
Apple-News-Services-Handled
X-Date
On-Server
Cluster
Proxy-Firewall
Server-Info
DSUID
X-Eu-Site
Origin-EX
Fastly-GeoIP-CountryCode
X-Cs
X-Cache-Aspx
X-AK-Request-ID
Content-Script-Type
X-Accel-Expires-Debug
X-Section
NGX
We-Hiring
Content-Style-Type
Mail-Subject
X-BBC-Edge-Cache-Status
X-Backend-Instance
X-Access
Cdnsip
W
X-Block-Status
Machine
Release
X-Csrf-Jwt
Gh-Request-Id
X-App-Name
Req-Svc-Chain
X-Auto-Login
X-CGP
Origin-CC
X-NGINX-Cache
X-AIR-PT
Server-Ext
X-Human
Pramga
X-WA-Info
BehaviorPad-Version
Sever-Int
Web-Mar-Region
Server-Hostname
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-CUA
X-RateLimit-Reset
X-Ec-Custom-Error
Fusion-Deployment-Id
X-Request-Host
Debug
Fusion-Component-Id
X-Ad-Load-Variation
Fusion-Content-Id
X-Device-Os
X-Varnish-Hits
X-LB-ID
Redirect-Candidate
X-CLOUD-TRACE-CONTEXT
X-Up
X-NCache
X-Via-Popv
Pics-Label
X-From
X-Via-Popn
X-APP
X-HA-Backend
X-MP-GENERATED-AT
X-Via-Poph
X-Zone
X-Jungle-Id
X-LiteSpeed-Tag
X-VHOST
X-Content-Length
X-Akamai-Transformed
CloudFront-Viewer-Country
X-CACHE-AGE
CDN-RequestId
X-Parent-Response-Time
Fastly-Drupal-HTML
SID
X-Cache-Backend
X-Servedbyhost
X-B3-Parentspanid
X-Vdms-Path
X-Refresh
GeoIP-Latitude
X-Newrelic-Synthetics
X-Origin-Cache-Key
X-Datadome
X-Nananana
Fastly-Drupal-Html
X-LB-NoCache
Vc-Max-Age
X-CDN-Cache-Status
WP-Super-Cache
X-Uri
X-Nc
X-B3-Spanid
Resin-Trace
X-ZONE
X-CACHE-KEY
X-Litespeed-Tag
X-DynaTrace-JS-Agent
Datacenter
X-ApacheServer
X-M-Log
X-M-Reqid
X-VC-TTL
X-Render-Time
Product
Server-ID
X-RequestId
X-Dispatcher-Number
X-PERF
X-Wa
X-Cached-By
NtCoent-Length
Cdn
X-Ckpd-Fst-Backend
X-CS
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
S-Rt
Locid
FSS-Cache
X-Bug-Bounty
X-Fpc
X-TX-ID
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-Esi
Uri
ServerName
Serverhost
X-VCache
True-Client-Ip
X-HostName
X-HubSpot-Correlation-Id
X-Srv
X-SERVER-NAME
True-Client-IP
X-Nf-Country
X-Nf-Ats-Version
X-Nf-Language
X-TT-LOGID
Tcn
X-Original-Request-Id
X-Old-Content-Length
X-Response-Served-From
X-TIME
X-Akamai-Device-Characteristics
X-Vmg-Version
User-Agent
X-Dynatrace-Js-Agent
Ngx-Var-Key
X-FPC
X-NewRelic-App-Data
GeoIP-Country-Code
CDN
Srv
Request-ID
X-Cdn-Forward
X-Gamma-Serve
CacheControlHeader
ServerHost
X-WA
X-Vgn-Hpd-Reason
X-Cdn-Cache-Status
X-Vc
Cf-Ipcountry
Server-Id
X-Info
X-TH-Server
Xc-Version
X-Hit
X-Moov-Xdn-Version
X-Moov-T
X-APP-VERSION
Hostname
X-COUNTRY
X-Platform-Processor
X-Platform-Router
X-Dispatch
X-NC
X-Webkit-Csp-Report-Only
X-Platform-Cluster
Srvid
X-FL-QIT-DEBUG
X-Geo
X-Presslabs-Stats
Expect-Staple
X-Amz-Meta-Opti
Geoip-Latitude
X-Lb-Nocache
Cf-Device-Type
Cneonction
X-External-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
X-User
X-V
X-ServedByHost
X-Destination
X-Limited
Cloudfront-Viewer-Country
X-Application
X-S-Cookie
X-B-Cookie
X-VCL-Version
X-Oracle-DMS-ECID
X-Rollout
X-New
X-Platform-Server
X-Eligible
PICS-Label
X-Via-PopN
X-Via-PopH
X-Via-PopV
X-Ha-Backend
N-Cache
Permission-Policy
Origin-Trial
X-Zen-Fury
X-Akamai-Pragma-Client-IP
X-Correlation-ID
Epwk-X-Cache
X-Instance-Name
X-MSEdge-Features
X-Sigma
XkeyRZ
X-Proxy-CacheRZ
WZWS-RAY
X-Ua
X-Cache-Date
X-MSEdge-Flight
X-Sigma-Backend
X-Rocket-Build-Number
X-App
Ohc-File-Size
Rtss
X-Sqd-Ctime
X-Sqd-Stime
X-Lb-Id
X-Check-Cacheable
X-Segment-20210421
X-Internal-TTL
X-Ftr-Request-Id
X-Serial
X-ElasticPress-Query
X-VServer
X-API-Version
X-MiniProfiler-Ids
X-Branch-Name
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-VTEX-Cache-Backend-Connect-Time
Sm-Log-Id
X-Datacenter
Timeexpire
X-VTEX-Cache-Backend-Header-Time
Cmstype
X-EC-Lua
X-Acquia-Application-Trace
X-Service-Response-Time
X-Via-CDN
X-Via-Edge
X-Web-Server
X-Via-SSL
X-Acquia-Application-UUID
Edge-Copy-Time
Cl-Cache
X-Acquia-Purge-Tags
Cmsid
X-Acquia-Site
X-CSRF-TOKEN
X-LAGOON
X-Litespeed-Cache-Control
CountryCode
Servername
X-Path
IsBot
Fl-Custom-Application
Warning
X-SIPLIST1
X-Sorting-Hat-Podid
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Snapshot-Date
X-Ramcache
X-Th-Server
X-IN-APIGATEWAYSSL
X-RAMCache
Ngx
Wpo-Cache-Message
Wpo-Cache-Status
Ohc-Cache-HIT
X-Sorting-Hat-Shopid
X-Origin-Upstream-Status
X-Shardid
X-Shopid
X-Fastly-Backend-Reqs