Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Ua-Compatible
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-LiteSpeed-Cache
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-Page-Speed
X-Pingback
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Content-Location
X-Node
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Litespeed-Cache
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
Nginx-Cache
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Daa-Tunnel
X-Oneagent-Js-Injection
X-Server-Name
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
X-GitHub-Request-Id
X-Upstream
Edge-Control
X-D2id
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-Ac
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
Accept-Ch-Lifetime
X-ECACHE
X-FastCGI-Cache
X-B3-TraceId
X-Vcap-Request-Id
X-Cache-TTL
X-Ser
X-Abt-Application-Version
X-Navigation-Version
AR-CACHE
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
Fastly-Restarts
X-Amz-Rid
X-NF-Request-ID
X-Client-IP
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Aws-Lambda-Call-Status
X-Middleton-Display
Pagespeed
X-Sol
Display
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
X-Goog-Hash
X-Middleton-Response
Response
Cache-Status
X-Version
Access-Control-Request-Method
X-Amzn-Trace-Id
X-VARITI-CCR
X-Ruxit-Js-Agent
X-ARC
X-RateLimit-Remaining
RTSS
X-Fastly-Request-ID
X-Content-Digest
X-Cache-Key
X-Ratelimit-Limit
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-Recruiting
X-T
Realpath
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-Varnish-TTL
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
X-Cached
MS-Author-Via
Content-MD5
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Ua-Browser
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Shield-Request-Id
X-Protected-By
X-Country-Code-Real
X-FTR-Backend
X-Request-Processing-Time
Public-Key-Pins
X-Request-Received
Server-Node
Payment
X-Forwarded-Proto
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-TTL
TP-Cache
X-HS-Combine-CSS
X-Frontend
X-LLID
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-Ttl
X-Distributor
X-Server-ID
X-FTR-Expires
X-Jurisdiction
X-Accel-Expires
X-HP-Trace-Id
X-HP-Webp
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Count-Hit
X-NODE
X-GUploader-UploadID
X-ORACLE-DMS-RID
X-Origin-Server
X-LB-Cache
X-PressLabs-Stats
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-AppVersion
X-Activity-Id
X-Az
X-Content-Security-Policy-Report-Only
Host
X-Ua-Device
Mrf-Cache-Status
MRF-Tech
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Www-Served-By
X-B3-TraceId-Primal
X-Varnish-Backend
X-App-Server
X-Hits
X-Varnish-Server
X-Cluster-Name
Cache-Tags
Retry-After
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
Server-Name
X-Newrelic-App-Data
X-ASPNET-VERSION
Cleartype
X-ORACLE-DMS-ECID
X-Origin-Cache-Key
X-CSRF-Token
X-Hostname
X-Goog-Metageneration
X-NGENIX-Cache
X-Geo-Country
X-Envoy-Decorator-Operation
Referer-Policy
X-Upgrade-Enabled
X-Id
Access-Control-Allow-Method
TP-L2-Cache
X-Git-Hash
X-DIS-Request-ID
X-Azure-Ref
X-Seen-By
X-Unique-Id
Filterid
TCN
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Tt-Trace-Tag
X-Load-Cache
X-Tt-Trace-Host
X-Proxy
X-F-Cache
X-Revision
X-Request-Guid
X-Trace-Id
X-Cache-Control
Healthy
Section-Io-Cache
X-XRDS-LOCATION
X-Grace
X-B
X-Amzn-RequestId
X-Amz-Apigw-Id
DC
X-B3-Sampled
X-TT
Paypal-Debug-Id
X-Type
X-Contextid
X-Debug-Info
X-Fb-Rlafr
X-Px
X-FB-Debug
X-Logged-In
X-Mobile
X-Page-Id
X-N
X-Debug
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Ttl
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
X-Goog-Storage-Class
X-Oracle-Dms-Ecid
X-Whom
Fastly-SIE
Fastly-SWR
X-Time
X-Datadog-Sampling-Priority
X-Webkit-CSP
Charset
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Via-JSL
X-Template
Content-Disposition
X-Content-Options
Version
X-Cache-Grace
X-RateLimit-Limit
X-Magnolia-Registration
X-Varnish-Grace
X-Origin-Cache
X-Wix-Request-Id
X-App-Environment
X-Signature
X-Language
X-EdgeConnect-Cache-Status
X-B-Cache
X-Node-Name
X-RemovedCookies
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-ProcessESI
X-Yottaa-Metrics
X-Amz-Replication-Status
X-Yottaa-Optimizations
X-Datadog-Sampled
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-User
X-Rule
X-Tumblr-Pixel-0
SD-X-WS
Countrycode
Ms-Operation-Id
MS-CV
X-RTag
X-UUID
X-G
X-Hl-Ver
X-FW-Version
ServerID
X-Storage
X-Instance
GEO-INFO
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-Adobe-Content
X-Cache-Age
X-Device-Type
X-Backend-Name
X-Adobe-Loc
X-NYM-Debug-Backend
X-Amzn-Remapped-Content-Length
X-Cacheable-TTL
X-Proxy-Cache-Info
X-Is-Bot
NGB
SRV
X-Rendered-As
X-Cache-Hit
X-B3-SpanId
X-Region
Country
X-Status
Liferay-Portal
X-User-Agent
Surrogate-Key
X-Environment-Context
X-L-Path
X-IPS-LoggedIn
X-Real-IP
X-NWS-UUID-VERIFY
X-Rid
X-Source
X-ServerID
X-RateLimit-Reset
X-WP-CF-Super-Cache-Active
X-Sucuri-Cache
Akamai-GRN
Cross-Origin-Window-Policy
X-Sucuri-ID
OT-Force-Account-Verify
X-Servername
From-Origin
X-UA
X-RM-Cache-TTL
X-VC-Cache
X-WebKit-CSP-Report-Only
Front
X-Framework
Upgrade-Insecure-Requests
Backend
X-Air-Pt
Amp-Access-Control-Allow-Source-Origin
X-Wormhole-Sdk
X-INCAP-ABP
X-Mode
X-Xrds-Location
X-AB
X-Air-Source
X-Air-Hostname
X-URL
X-Air-Trace-Id
Refresh
X-Cache-Time
X-Akamai-Request-ID2
Xet-Cookie
X-Content-Powered-By
X-Handled-By
X-RID
X-DataDome
X-Edge-Location
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
Frame-Options
X-VC
X-Origin-CC
X-UPSTREAM-Address
X-JoinUs
X-RCS-CacheZone
X-Origin-TTL
X-Rn-Rsrv
X-Rewrite-Enabled
Selected-Fe
Meta-Geo
X-SaId
Filters
X-Timing-Wait
X-Webstats-RespID
Url
X-Xfnlog-Site
Accept-Language
X-Proxy-Build
X-AWS-Id
X-SRV
X-Cluster
Cache
X-Cache-Operation
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Rule
X-Akamai-Edgescape
X-Git-Commit
X-Container-Uri
Webcakes-App-Version
X-Origin
X-Origin-Date
X-Origin-Hint
TWC-GeoIP-LatLong
X-No-Session
TWC-Locale-Group
X-Reqid
X-Provided-By
Property-Id
ServedBy
X-Served-From
X-Tumblr-Pixel-2
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
X-PHP-Host
Webcakes-Region
X-Labrador-Cache-Channel
Atl-Traceid
X-LJ-Flow-ID
Webcakes-App-Name
X-Logging-Id
X-VWS-Id
X-R9-Blue-Green-Version
X-IPLB-Instance
Webserver
X-Web-Node
X-Azure-Ref-OriginShield
X-IPLB-Request-ID
X-Varnish-Cache-Hits
X-Cloudmap
X-Cache-Debug
X-Hosted-By
X-Scope-Id
X-VCT
X-Cms-Context
X-Adobe-Source
Section-Io-Id
X-Zipkin-Id
X-Redis-Cache
X-Proxied
X-Drupal-Cache-Tags
X-Extlb
X-Accel-Version
X-Fetched-On
X-Tb
Mn-Server-Ip
X-Routing-Service
Access-Control-Request-Headers
Web-Mar-Node
X-Locale
X-Vcache
X-Restarts
X-Site-Version
Cache-Hits
Thinkindot-CacheControl
X-Browser-Name
Thinkindot-Control
Thinkindot-CacheControl-Type
TDXMobile
X-Is-Mobile
X-ProxyCache-Status
X-Skip-Cache
X-Tncms
X-Thinkindot-L3
X-ProxyCache-Key
X-Soup
X-Tcp-Rtt
X-Shield-Cache-Expires
X-Upstream-Ct
X-Say-Cacheable
X-S
X-Say-TTL
X-SayCDN-TTL
X-Upstream-Ht
X-Varnish-Age
X-Ms-Version
X-Ms-Request-Id
X-Forwarded-Host
X-Frame-Option
X-Format
X-Drupal-Cache-Contexts
X-CMSURLCustom
X-Director
X-Generation-Time
X-Geo-Region
X-Lambda-Id
X-Loop
X-Is-Tablet
X-Is-Supported-Browser
X-Httpd
X-Is-Desktop
X-BYPASS-REASON
Apigw-Requestid
X-Buckets
X-Nginx-Cache
X-GeoCountry
X-Cache-Host
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Detected-As
X-CDN-Forward
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Varnish-Beresp-Grace
X-Generated-By
Xserver
X-GeoCode
X-Ratelimit-Reset
X-Cdn-Origin
X-Optimistic-Header
X-Cache-Status-Check
X-Lagoon
LB
X-Rocket-Nginx-Serving-Static
X-Worker
X-Vercel-Id
X-Request-URI
X-Vercel-Cache
Fastcgi-Useragent
Source
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-SiteName
Azure-SlotName
X-Fastly-Request-Id
Azure-RegionName
Azure-Version
Azure-InstanceId
X-TA-CDN-Provider
Node
X-Pass-Why
Protected
AMP-Access-Control-Allow-Source-Origin
X-Connection-Hash
Expiry
X-Vcl-Version
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullCode
CDN-PullZone
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
Onion-Location
X-GEO
X-Cache-Expired-At
X-Tec-Api-Root
X-ECache
X-Tumblr-Pixel-3
X-Tec-Api-Origin
X-Api-Version
X-Tec-Api-Version
X-PHP-Backend
CDN-RequestId
X-App-Version
Alternate-Protocol
X-XRDS-Location
X-Cache-Server
DB-Nickname
Environment
Sid
X-Server-W
X-Jobs
Priority
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Uber-Trace-Id
X-Tt-Logid
X-Cache-Action
X-Proxy-Cache-Status
CF-IPCountry
X-Fastcgi-Cache
X-ID
X-Urbn-Site-Id
X-Urbn-Context-Path
X-B3-Traceid
Locale
X-Ismobilevalue
X-Cluster-Node
HostName
User-Cache-Control
X-Mg-Request-UUID
X-LSADC-Cache
Cdn-Requestid
X-Tx-Id
X-Nf-Request-Id
X-MP-GENERATED-AT
Fusion-Deployment-Id
Cache-Tv-Group
X-Zone
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-Generated-On
A
Server-Host
X-Epic-Correlation-Id
X-Forwarded-Site
X-FB-TRIP-ID
X-ND-Cache
X-Esi-Check
X-Node-Id
Candidate-Md5Url
X-Gen-Mode
Content-Secure-Policy
X-Ig-Push-State
Edge-Cache
X-A
X-Hnp-Log
Sslversion
X-Gzip
X-Ec-Fail
X-Ec-GeoHdr
X-GeoIP-City
DCR-Decision-By
DCR-Processing-Time-Ms
X-Dispatcher-Server
X-Ig-Origin-Region
T-Server
X-A-Ccd
X-Device-Os
X-Developer
Surrogated-Key
Gannett-Cam-Experience-Id
X-Jungle-Id
X-Level-Front-Cache
X-A-Dam
X-NCache
X-Org
X-ScT
X-Cache-NE
X-D
X-Cache-Id
Origin
X-SB
X-Rojux
X-Vtex-Remote-Cache
X-A-Dgt
X-Request-Start
X-Block-Status
Req-ID
Origin-Agent-Cluster
X-SRCache-Key
X-UA-Device-Type
X-TIM-N
X-Viewer-Country
X-DC
X-BCube-Filmed-By
X-Thanos
X-VTEX-Cache-Server
X-A-Wwc
Vix-Hermes-Req-Id
X-A-Dcw
X-VTEX-Cache-Time
Ngx.Var.Host
X-Aed
X-Bip
X-Content-Age
Lang
Wxu-Next-Hostname
X-Vdms-Path
X-Origin-Expires
Rendered-Blocks
X-Op-Id-All
X-Vdms-Version
Magicmarker
Wxu-Next-Region
MD5-Digest
X-Bl-Debug
X-Clientip
X-Bc-Bl
X-Varnish-Hostname
X-Powered-By-VTEX-Cache
Meta-Geo-Continent
Wxu-Next-Commit
X-Conf
X-Auth-Group-Type
X-Origin-Response-Time
X-NGINX-Cache
Cdnsip
Powered-By
X-Edge-Server
X-Fastly-Cache
Content-Style-Type
Content-Script-Type
Server-Hostname
Release
X-Cache-Info
X-Backend-Instance
X-Core-Value
Fastly-SSL
Cdncip
X-Debug-Cache-Store
Host-ID
X-Debug-Cache-Fetch
X-CUA
X-Cdn-Srv
X-Cache-TTL-Remaining
Origin-CC
Origin-EX
PFcat
DSUID
Server-Ext
Fastly-Backend-Name
NM-Fastcgi-Cache
X-Cache-Bucket
Yak-Timeinfo
X-Pubstack
X-Proto
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-WA-Info
X-Req
X-AK-Request-ID
X-Policy
Cdn-Request-Time
X-Uri
X-PAYTM-SRV-ID
XM
X-Platform
X-Request-Time
X-Scheme
X-Via-Fastly
X-Varnish-Director
X-VarnishDD-TTL
X-Varnishpool
X-VG-WebCache
X-Response-Served-From
X-Original-Request-Id
X-Tb-Optimization-Total-Bytes-Saved
X-SD-PageType
X-Test
X-V-Cache
X-Var-Ttl
X-Nyt-Route
X-Origin-Time
AKAMAI
X-Gdpr
X-Geo-Header
X-GeoIP
X-Service
X-GeoIP-Country-Code
X-Auto-Login
C-Via
CDCHOST
Cdn-Host
X-FC-Vary-Parameters
Cache-Provider
X-Fmm-Version
X-Amz-Storage-Class
X-GeoIP-Region-Code
Sever-Int
X-HS-Content-Campaign-Id
Odigeo-Trace-Id
X-Loc
Ssr
X-Mvc-Supplant-Cachable
X-App-Name
X-HN
X-Region-Sid
X-NMSegId
X-Nginx-Cache-Key
X-BBC-Edge-Cache-Status
X-Aicache-OS
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-B3-Trace-ID
X-Mly-Id
X-Server-IP
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Section
X-Request-Host
X-Pool
X-Proxied-Request
X-SVT-ORM-VERSION
X-Varnish-Authentication
X-Wikidot-Static-Cache
X-Custom-Header
X-Wikidot-Backend
X-We-Are-Hiring
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-NodeID
X-Mvc-Supplant-OutputCached
X-DPWN-IS-SECURE
X-Ec-Custom-Error
X-Csrf-Jwt
X-Contensis-Viewer-Groups
X-Cache-Backend
X-CGP
X-Eu-Site
X-Fastly-Backend
X-Men
X-Micro-Cache
X-Location
X-Human
X-From
X-GoCache-CacheStatus
X-Cache-Aspx
W
Esi-Enabled
Pramga
Platform
Web-Mar-Region
Producers
Country-Code
RNT-Machine
Req-Svc-Chain
Redirect-Candidate
On-Server
X-Newrelic-Synthetics
Is-Eu
L
Mail-Subject
Machine
HA-Ipaddr
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
X-Varnish-Beresp-Ttl
Gh-Request-Id
L5d-Success-Class
RNT-Time
Tube-Get-Contents
Apple-News-Services-Host
Cluster
Tube-Got-Eval
Tube-Got-Results
V-Age
Apple-News-Services-Handled
Tube-Return
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Action-Start
We-Hiring
Click-Count-Error
X-Dc
X-LiteSpeed-Cache-Control
Cache-Key
Canary
True-Client-Country-4JS
Adler-Geo
X-AIR-PT
WP-Super-Cache
X-TT-LOGID
X-Date
X-Hash
NGX
X-Up
Proxy-Firewall
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-CacheTTL
X-Render-Time
X-Accel-Expires-Debug
X-PERF
X-ApacheServer
Debug
X-DefElseHash
X-DefHash
X-Varnish-Hits
X-Varnish-CookieINHashed-On
X-LB-ID
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-COUNTRY
Mime-Version
X-Pad
X-CACHE-GROUP
X-Cs
X-Depends
X-Refresh
X-Client-Ip
X-Nananana
CloudFront-Viewer-Country
Datacenter
SID
Fastly-Drupal-HTML
X-HA-Backend
X-Servedbyhost
X-Via-Popn
X-VHOST
X-Via-Popv
X-Akamai-Transformed
X-Via-Poph
Locid
X-Cache-FS-Status
Pics-Label
X-Parent-Response-Time
X-Amz-Meta-Cb-Modifiedtime
X-Datadome
X-VC-TTL
X-M-Log
GeoIP-Latitude
X-M-Reqid
X-Platform-Router
X-Cached-By
X-Platform-Cluster
X-HITS
X-Platform-Processor
X-CACHE-AGE
Ngx-Var-Key
X-Old-Content-Length
Server-Info
X-TIME
Fastly-Drupal-Html
X-LiteSpeed-Tag
X-LB-NoCache
X-CS
X-B3-Parentspanid
X-Litespeed-Tag
X-DynaTrace-JS-Agent
Resin-Trace
BehaviorPad-Version
X-CDN-Cache-Status
Cf-Ipcountry
GeoIp-Country-Code
X-TH-Server
X-APP
X-Nc
X-Moov-T
Server-ID
X-Moov-Xdn-Version
X-VCache
X-Wa
X-Vgn-Hpd-Reason
Cdn
Cross-Origin-Embedder-Policy-Report-Only
FSS-Cache
NtCoent-Length
X-IAuth-Set-Uid
X-NewRelic-App-Data
X-Content-Length
X-Varnish-Beresp-TTL
CDN
X-S-Cookie
X-Destination
X-Fpc
X-B-Cookie
X-CACHE-KEY
X-Application
X-User
X-Esi
X-External-Request-Id
True-Client-IP
Cf-Device-Type
X-HostName
X-ZONE
X-TX-ID
X-Srv
Uri
X-Vc
Srv
X-Zen-Fury
True-Client-Ip
X-Presslabs-Stats
Serverhost
X-Dispatcher-Number
X-Sigma
X-Instance-Name
Tcn
X-Cache-Date
X-Sigma-Backend
X-Rocket-Build-Number
X-Oracle-DMS-ECID
Vc-Max-Age
X-Dynatrace-Js-Agent
X-API-Version
GeoIP-Country-Code
X-RequestId
X-FPC
X-HOST
X-WA
S-Rt
X-VServer
X-Cdn-Forward
X-B3-Spanid
Load-Balancing
Request-ID
X-APP-VERSION
X-Dispatch
X-Branch-Name
Product
X-Cdn-Cache-Status
X-Segment-20210421
X-DynaTrace
X-NC
X-Aspnet-Duration-Ms
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Flags
Hostname
Server-Id
Ohc-File-Size
X-FL-QIT-DEBUG
X-Lb-Nocache
Geoip-Latitude
Srvid
X-DataCenter
X-Ckpd-Fst-Backend
ServerName
X-Webkit-Csp-Report-Only
X-Page-View
X-SERVER-NAME
X-Bug-Bounty
Type
X-Geo
CacheControlHeader
X-ServedByHost
DataCenter
X-Irp-Debug
X-Http-Reason
X-Sql-Count
X-Sql-Duration-Ms
X-VCL-Version
Epwk-X-Cache
PICS-Label
Origin-Trial
Cloudfront-Viewer-Country
Cl-Cache
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-Via-PopN
X-Cache-Ttl
Edge-Copy-Time
X-Via-SSL
X-Via-CDN
Ohc-Cache-HIT
X-Ua
X-SIPLIST1
X-App
Cross-Origin-Opener-Policy-Report-Only
ServerHost
IsBot
X-Via-Edge
X-Correlation-ID
X-Owner
X-HubSpot-Correlation-Id
X-Nf-Ats-Version
X-Srcache-Fetch-Status
X-Nf-Country
X-Nf-Language
Rtss
X-Srcache-Store-Status
X-Lb-Id
WZWS-RAY
X-Vmg-Version
MIME-Version
X-Akamai-Device-Characteristics
X-Core-Mission
User-Agent
X-Proxy-CacheRZ
X-MiniProfiler-Ids
XkeyRZ
Cneonction
Lb
X-Sqd-Ctime
X-Acquia-Application-UUID
X-Service-Response-Time
X-Acquia-Purge-Tags
X-Sqd-Stime
Sm-Log-Id
X-Acquia-Application-Trace
X-Acquia-Site
X-Gamma-Serve
X-Datacenter
N-Cache
X-Fastly-Country-Code
X-Web-Server
X-MSEdge-Features
X-MSEdge-Flight
X-Limited
X-Qloud-Router
Warning
X-Info
X-LAGOON
X-Litespeed-Cache-Control
Servername
X-Hit
X-IN-APIGATEWAYSSL
Cmsid
Cmstype
X-IN-APIGATEWAY
Xc-Version
X-Th-Server
X-Check-Cacheable
X-Serial
X-RAMCache
X-Akamai-Pragma-Client-IP
X-Requestid
X-Ramcache
X-Snapshot-Date
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Opti
Ngx
X-Dw-Trace-Id