Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Xss-Protection
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-Ua-Compatible
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
X-Rq
X-Age
Permissions-Policy
X-Vhost
X-Amz-Version-Id
Allow
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
Cf-Railgun
X-OneAgent-JS-Injection
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-WebKit-CSP
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Litespeed-Cache
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-CST
X-NWS-LOG-UUID
X-Ruxit-JS-Agent
X-Country
Service-Worker-Allowed
X-Country-Code
X-Oneagent-Js-Injection
X-Url
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Webkit-Csp
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-Vname
X-PC
X-TtlSet
X-FTR-Request-ID
X-Daa-Tunnel
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
X-Upstream
Edge-Control
X-GitHub-Request-Id
X-D2id
X-MS-InvokeApp
X-Element-Page-Cache
Verso
X-Kinja-Revision
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Ac
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Kinja-Server
X-Aws-Lambda-Call-Status
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-SID
X-Ruxit-Js-Agent
X-ECACHE
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Ser
X-Vcap-Request-Id
X-Navigation-Version
X-Abt-Application-Version
X-Mod-Pagespeed
AR-CACHE
SPRequestDuration
SPIisLatency
X-Dw-Request-Base-Id
X-NF-Request-ID
X-Cache-TTL
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId
X-Amz-Rid
Fastly-Restarts
X-Client-IP
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Instrumentation
Pagespeed
X-Middleton-Display
Display
X-Sol
Edge-Cache-Tag
X-Mg-S
X-Edge-Location-Klb
S
X-Kinsta-Cache
X-Cache-Key
X-Powered-CMS
Response
X-Amzn-Trace-Id
X-Middleton-Response
X-RateLimit-Remaining
Cache-Status
X-VARITI-CCR
Access-Control-Request-Method
X-Goog-Hash
X-Version
X-ARC
RTSS
X-Content-Digest
X-Fastly-Request-ID
X-Forwarded-For
X-TraceId
X-Recruiting
Cross-Origin-Resource-Policy
X-T
Realpath
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Ttl
X-Correlation-Id
X-MSEdge-Ref
MS-Author-Via
X-Ratelimit-Limit
Fastcgi-Cache
Front-End-Https
X-Cached
X-Varnish-TTL
Content-MD5
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Ua-Browser
X-Protected-By
Server-Node
Public-Key-Pins
X-PDP-UNCACHING-HASH
X-Country-Code-Real
X-FTR-Balancer
Arr-Disable-Session-Affinity
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Cache-Status
Payment
X-Shield-Request-Id
X-HS-Combine-CSS
X-Frontend
X-Request-Received
X-Origin-Cache-Key
X-Forwarded-Proto
X-Request-Processing-Time
X-SRCache-Fetch-Status
X-LLID
X-SRCache-Store-Status
MicrosoftSharePointTeamServices
TP-Cache
X-Distributor
X-HP-Webp
X-Accel-Expires
X-HP-Trace-Id
X-Jurisdiction
X-Server-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FTR-Expires
Count-Hit
X-GUploader-UploadID
X-Hits
X-Origin-Server
X-Ratelimit-Remaining
X-LB-Cache
X-Ezoic-Cdn
X-ORACLE-DMS-RID
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-Microsite
X-Az
X-AppVersion
X-Activity-Id
Host
X-TEC-API-VERSION
X-TTL
X-Cluster-Name
X-Ua-Device
X-Varnish-Backend
X-PressLabs-Stats
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Www-Served-By
X-Varnish-Server
Cache-Tags
MRF-Tech
X-App-Server
X-B3-TraceId-Primal
Retry-After
Mrf-Cache-Status
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
X-Hostname
Server-Name
X-Id
X-NGENIX-Cache
X-Geo-Country
Cleartype
X-NODE
X-DIS-Request-ID
X-Newrelic-App-Data
X-Envoy-Decorator-Operation
Referer-Policy
X-Goog-Metageneration
X-Upgrade-Enabled
TP-L2-Cache
X-Seen-By
X-CSRF-Token
X-Azure-Ref
X-Amz-Apigw-Id
X-Oracle-Dms-Ecid
Access-Control-Allow-Method
X-Amzn-RequestId
X-Git-Hash
X-RateLimit-Limit
TCN
X-CCDN-Origin-Time
X-Load-Cache
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-F-Cache
X-Proxy
X-Unique-Id
X-ORACLE-DMS-ECID
X-Debug-Info
X-Revision
X-Grace
X-Px
Healthy
Filterid
X-XRDS-LOCATION
X-Varnish-Ttl
X-Cache-Control
X-Trace-Id
Paypal-Debug-Id
X-FB-Debug
DC
X-Request-Guid
X-B3-Sampled
Section-Io-Cache
X-Type
X-B
X-Fb-Rlafr
X-Contextid
X-TT
X-Oracle-Dms-Rid
X-Page-Id
X-N
X-Logged-In
X-Mobile
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
Viewport
X-Whom
X-Debug
X-Template
Charset
X-Goog-Generation
X-Goog-Storage-Class
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Goog-Stored-Content-Length
X-Datadog-Trace-Id
X-Goog-Stored-Content-Encoding
Fastly-SIE
Fastly-SWR
X-Cache-Grace
X-Time
X-Content-Options
X-Language
X-Webkit-CSP
Version
X-Via-JSL
X-RateLimit-Reset
Content-Disposition
X-Wix-Request-Id
X-Magnolia-Registration
X-App-Environment
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-B-Cache
X-Node-Name
X-Signature
X-Origin-Cache
VIX-Pulpo-Node
X-ProcessESI
X-RemovedCookies
VIX-Pulpo-Upstream-Status
X-Amzn-Remapped-Content-Length
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
SRV
X-Tumblr-Pixel
X-Tumblr-User
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Rule
X-Datadog-Sampled
X-Debug-IsConnected
X-Amz-Replication-Status
X-Debug-IsPreview
MS-CV
SD-X-WS
Ms-Operation-Id
X-G
X-Hl-Ver
X-RTag
X-Backend-Name
X-FW-Version
X-Instance
ServerID
X-UUID
X-Device-Type
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
GEO-INFO
X-FW-Static
X-User-Agent
X-Region
Country
NGB
X-Proxy-Cache-Info
X-Storage
X-Cacheable-TTL
X-Cache-Age
X-IPS-LoggedIn
X-Adobe-Content
X-Is-Bot
X-NYM-Debug-Backend
X-Environment-Context
X-Status
X-Cache-Hit
X-Rendered-As
X-L-Path
X-B3-SpanId
Liferay-Portal
X-Adobe-Loc
X-Real-IP
X-NWS-UUID-VERIFY
X-Source
Countrycode
X-ServerID
X-Rid
Akamai-GRN
Surrogate-Key
X-Sucuri-Cache
X-Servername
X-Sucuri-ID
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Active
From-Origin
Amp-Access-Control-Allow-Source-Origin
OT-Force-Account-Verify
X-VC-Cache
X-UA
X-WebKit-CSP-Report-Only
Upgrade-Insecure-Requests
X-RM-Cache-TTL
Backend
X-Framework
X-INCAP-ABP
Front
X-Mode
Refresh
X-Xrds-Location
Frame-Options
X-Air-Pt
X-AB
X-Cache-Time
Xet-Cookie
X-DataDome
X-Akamai-Request-ID2
X-HTML-Minification-Powered-By
X-Content-Powered-By
X-Buckets
X-Air-Source
X-Air-Hostname
X-RID
X-Air-Trace-Id
Url
X-B3-Traceid
X-Edge-Location
X-Handled-By
X-VC
Webserver
X-Wormhole-Sdk
X-Endurance-Cache-Level
Access-Control-Request-Headers
X-No-Session
X-Vcache
X-UPSTREAM-Address
X-Cluster
X-JoinUs
X-Xfnlog-Site
X-AWS-Id
X-Akamai-Edgescape
Filters
X-VWS-Id
X-Timing-Wait
X-Webstats-RespID
Selected-Fe
X-Proxy-Build
X-LJ-Flow-ID
X-RCS-CacheZone
X-Origin-Date
X-Reqid
X-Origin-TTL
Meta-Geo
X-Rewrite-Enabled
X-Nginx-Cache
X-Azure-Ref-OriginShield
X-Rn-Rsrv
X-Origin-CC
X-SaId
X-Tumblr-Pixel-2
X-Generation-Time
X-Drupal-Cache-Tags
X-Logging-Id
X-Cache-Operation
WPO-Cache-Status
X-Container-Uri
X-Git-Commit
WPO-Cache-Message
X-IPLB-Instance
X-Labrador-Cache-Channel
X-Cache-Rule
X-Fetched-On
X-IPLB-Request-ID
X-VCT
Property-Id
Webcakes-Region
TWC-GeoIP-Country
Mn-Server-Ip
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
X-Served-From
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
ServedBy
X-Origin
X-Provided-By
Atl-Traceid
X-PHP-Host
X-Zipkin-Id
X-CDN-Forward
Cache
Web-Mar-Node
X-Cms-Context
X-Thinkindot-L3
X-Extlb
X-Routing-Service
X-R9-Blue-Green-Version
X-Tb
X-Redis-Cache
X-Proxied
X-Restarts
X-Accel-Version
X-Scope-Id
X-Cache-Status-Check
X-Ms-Request-Id
Thinkindot-Control
X-CMSURLCustom
X-Ms-Version
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Hosted-By
X-Locale
X-Shield-Cache-Expires
X-Cloudmap
Section-Io-Id
X-Web-Node
TDXMobile
X-Site-Version
X-Varnish-Cache-Hits
X-Frame-Option
X-Director
X-Cache-Debug
X-Cdn-Origin
X-BYPASS-REASON
X-Drupal-Cache-Contexts
X-Format
X-Forwarded-Host
X-Varnish-Age
X-Upstream-Ht
X-Skip-Cache
X-Upstream-Ct
X-Soup
X-Lambda-Id
X-Loop
X-Adobe-Source
X-Say-TTL
X-SayCDN-TTL
X-S
X-ProxyCache-Status
X-ProxyCache-Key
Apigw-Requestid
X-Httpd
X-Say-Cacheable
X-Tncms
X-Varnish-Beresp-Grace
Cache-Hits
Xserver
X-GeoCode
X-Cache-Host
X-Is-Desktop
X-Is-Mobile
Accept-Language
X-GeoCountry
X-Geo-Region
X-Is-Tablet
X-Is-Supported-Browser
X-Browser-Name
X-Tcp-Rtt
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Detected-As
X-SRV
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Generated-By
X-Worker
X-Lagoon
X-Vercel-Id
X-Vercel-Cache
X-Rocket-Nginx-Serving-Static
X-Optimistic-Header
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-Version
Source
Node
X-Fastly-Request-Id
CDN-RequestId
X-WP-CF-Super-Cache-Cookies-Bypass
X-Request-URI
LB
Cross-Origin-Embedder-Policy
Fastcgi-Useragent
CDN-PullZone
CDN-CachedAt
Protected
CDN-Cache
X-Vcl-Version
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-Uid
CDN-RequestPullCode
X-Pass-Why
X-Tumblr-Pixel-3
Alternate-Protocol
X-App-Version
X-XRDS-Location
X-GEO
X-Connection-Hash
Expiry
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Cache-Server
X-ECache
X-Ratelimit-Reset
X-Cache-Expired-At
X-Jobs
X-TA-CDN-Provider
DB-Nickname
AMP-Access-Control-Allow-Source-Origin
Onion-Location
X-Server-W
Sid
CF-IPCountry
X-PHP-Backend
X-Original-Request-Id
X-Response-Served-From
Uber-Trace-Id
Environment
X-Fastcgi-Cache
X-Api-Version
Priority
X-LSADC-Cache
X-Cluster-Node
User-Cache-Control
X-Cache-Action
X-Uri
X-MP-GENERATED-AT
X-Proxy-Cache-Status
X-Urbn-Site-Id
X-TT-LOGID
X-Urbn-Context-Path
Locale
X-LiteSpeed-Cache-Control
HostName
X-Tx-Id
X-Mg-Request-UUID
X-FB-TRIP-ID
WP-Super-Cache
X-BCube-Filmed-By
X-Bc-Bl
X-Ig-Origin-Region
Vix-Hermes-Req-Id
X-Generated-On
X-Bip
Candidate-Md5Url
X-Forwarded-Site
T-Server
Cache-Tv-Group
Wxu-Next-Commit
X-Gen-Mode
X-Jungle-Id
X-GeoIP-City
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-A-Dam
X-Gzip
X-A
X-A-Wwc
A
X-GeoIP
X-Aed
Wxu-Next-Region
X-FC-Vary-Parameters
Wxu-Next-Hostname
DCR-Decision-By
Magicmarker
MD5-Digest
Meta-Geo-Continent
Lang
X-D
Gannett-Cam-Experience-Id
X-Device-Os
X-Developer
X-Content-Age
Ngx.Var.Host
Origin
Origin-Agent-Cluster
X-Cache-NE
X-Clientip
X-Conf
X-Cache-Id
Req-ID
NM-Fastcgi-Cache
Fusion-Template-Id
X-Block-Status
X-Ec-GeoHdr
Surrogated-Key
X-Ec-Fail
Edge-Cache
DCR-Processing-Time-Ms
X-Esi-Check
X-Epic-Correlation-Id
Rendered-Blocks
X-Dispatcher-Server
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Server-Host
X-Bl-Debug
Fusion-Content-Source
Sslversion
Fusion-Content-Id
Content-Secure-Policy
X-Hnp-Log
X-SB
X-ScT
X-Level-Front-Cache
X-Test
X-Rojux
X-Request-Start
X-Origin-Expires
X-Platform
X-Powered-By-VTEX-Cache
X-Proto
X-Thanos
X-TIM-N
X-Viewer-Country
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Vtex-Remote-Cache
X-Vdms-Version
X-Vdms-Path
X-UA-Device-Type
X-DC
X-Varnish-Hostname
X-Org
X-SRCache-Key
X-NMSegId
X-NCache
X-Node-Id
X-Mvc-Supplant-Cachable
X-ND-Cache
X-Op-Id-All
X-URL
X-Origin-Response-Time
X-Cdn-Srv
X-CGP
PFcat
X-Debug-Cache-Store
Powered-By
Release
X-Cache-Info
Host-ID
Origin-EX
Origin-CC
X-Csrf-Jwt
X-Debug-Cache-Fetch
L5d-Success-Class
X-Mvc-Supplant-OutputCached
X-HN
X-Varnish-Director
X-Var-Ttl
X-V-Cache
X-CUA
X-Varnishpool
W
We-Hiring
X-ApacheServer
X-App-Name
X-Auth-Group-Type
X-Amz-Storage-Class
XM
X-AK-Request-ID
X-Pubstack
X-Policy
Yak-Timeinfo
X-Auto-Login
X-Backend-Instance
Server-Hostname
X-VG-WebCache
Server-Ext
X-Cache-Bucket
HA-Ipaddr
Sever-Int
X-Via-Fastly
X-Loc
X-Tt-Logid
X-HS-Content-Campaign-Id
Ssr
X-VarnishDD-TTL
Mail-Subject
Cdncip
Cdnsip
Cdn-Request-Time
Cdn-Host
CDCHOST
Ha-Gx-Prefs
X-Eu-Site
X-RateLimit-Remaining-Second
X-Region-Sid
Content-Style-Type
X-RateLimit-Limit-Second
Content-Script-Type
X-Service
Canary
AKAMAI
X-PAYTM-SRV-ID
X-Origin-Time
X-GeoIP-Country-Code
X-Zone
X-Geo-Header
X-PERF
Cache-Provider
C-Via
X-Gdpr
X-Nyt-Route
X-Render-Time
X-Fastly-Cache
X-Newrelic-Synthetics
Fastly-Backend-Name
X-Scheme
Fastly-SSL
X-Nginx-Cache-Key
X-Request-Time
X-SD-PageType
DSUID
X-GeoIP-Region-Code
X-Edge-Server
Cdn-Requestid
X-From
X-GoCache-CacheStatus
X-Tb-Optimization-Total-Bytes-Saved
X-WA-Info
X-SVT-ORM-VERSION
X-Ig-Push-State
X-Aicache-OS
X-We-Are-Hiring
Gh-Request-Id
X-Section
X-Server-IP
X-SVT-ORM-RULES
X-Wikidot-Static-Cache
X-Varnish-Beresp-Status
X-Wikidot-Backend
X-Sn-Servicetimems
X-Human
X-Cache-Backend
X-Cache-Aspx
X-Ad-Load-Variation
X-Fastly-Backend
X-Varnish-Authentication
X-CacheTTL
X-Cache-TTL-Remaining
X-Request-Host
X-Proxied-Request
X-Men
X-Location
X-Req
X-Pool
X-Core-Value
X-Contensis-Viewer-Groups
X-Fmm-Version
X-Ec-Custom-Error
X-Hash
X-B3-Trace-ID
Tube-Got-Results
Is-Eu
Fastly-GeoIP-CountryCode
Esi-Enabled
Machine
On-Server
Redirect-Candidate
Pramga
Platform
Cluster
Click-Count-Error
Apple-News-Services-Handled
Adler-Geo
X-Varnish-Beresp-Ttl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Click-Count-Action-Start
Cache-Key
Apple-News-Services-Request-Url
True-Client-Country-4JS
L
Tube-Got-Eval
V-Age
Tube-Return
Tube-Get-Contents
Web-Mar-Region
X-Access
X-Dc
X-AIR-PT
X-NGINX-Cache
X-VG-TLSProxy
X-BBC-Edge-Cache-Status
Country-Code
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Accel-Expires-Debug
RNT-Machine
RNT-Time
X-Mly-Id
X-Micro-Cache
Odigeo-Trace-Id
Req-Svc-Chain
X-Acquia-Purge-Cdn-Unconfigured
Producers
Proxy-Firewall
X-DPWN-IS-SECURE
X-Date
Datacenter
X-COUNTRY
Debug
X-Up
X-Varnish-Hits
X-Custom-Header
NGX
X-Ismobilevalue
X-Akamai-Transformed
Locid
X-ID
X-Refresh
X-Cs
X-NodeID
X-CACHE-GROUP
X-LB-ID
X-Pad
X-Nf-Request-Id
X-Platform-Router
X-Client-Ip
X-Amz-Meta-Cb-Modifiedtime
CloudFront-Viewer-Country
X-LiteSpeed-Tag
X-Platform-Processor
X-Platform-Cluster
X-Nananana
SID
Fastly-Drupal-HTML
X-DefHash
X-Depends
X-HA-Backend
X-Via-Popv
X-DefElseHash
X-Via-Poph
X-Varnish-CookieHashed-On
X-M-Reqid
X-M-Log
Pics-Label
X-Varnish-Remaining-TTL
X-Servedbyhost
X-VHOST
X-Varnish-CookieINHashed-On
X-Via-Popn
Mime-Version
X-Datadome
X-Old-Content-Length
X-Cached-By
Ngx-Var-Key
X-VC-TTL
GeoIP-Latitude
X-Cache-FS-Status
X-Parent-Response-Time
X-Moov-Xdn-Version
X-CS
X-TH-Server
X-CACHE-AGE
X-CDN-Cache-Status
X-Moov-T
X-LB-NoCache
Fastly-Drupal-Html
X-B3-Parentspanid
X-TIME
Cross-Origin-Embedder-Policy-Report-Only
X-DynaTrace-JS-Agent
Resin-Trace
GeoIp-Country-Code
Cf-Ipcountry
X-Nc
NtCoent-Length
Server-ID
Server-Info
X-Presslabs-Stats
Cdn
X-External-Request-Id
X-User
X-S-Cookie
Cf-Device-Type
X-Application
X-B-Cookie
BehaviorPad-Version
X-Vgn-Hpd-Reason
X-Wa
X-VCache
Uri
X-Destination
X-Litespeed-Tag
X-Zen-Fury
X-IAuth-Set-Uid
True-Client-IP
X-APP
FSS-Cache
X-NewRelic-App-Data
X-Aspnet-Duration-Ms
X-Srv
X-Varnish-Beresp-TTL
X-Flags
X-Route-Name
X-Is-Crawler
X-Providence-Cookie
X-ZONE
CDN
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Fpc
X-Instance-Name
X-Esi
X-Cache-Date
X-HostName
X-TX-ID
X-VServer
X-DynaTrace
X-Content-Length
X-Vc
X-API-Version
True-Client-Ip
Tcn
X-Dynatrace-Js-Agent
X-HITS
X-Branch-Name
Load-Balancing
X-Segment-20210421
X-Page-View
X-Oracle-DMS-ECID
Serverhost
S-Rt
X-HOST
GeoIP-Country-Code
X-FPC
X-B3-Spanid
Srv
X-APP-VERSION
Ohc-File-Size
Request-ID
Hostname
X-Dispatcher-Number
X-NC
X-Dispatch
X-Cdn-Cache-Status
X-WA
X-Cache-Ttl
X-DataCenter
X-Cdn-Forward
Type
X-RequestId
Server-Id
Vc-Max-Age
X-Sql-Duration-Ms
X-Http-Reason
X-Sql-Count
X-FL-QIT-DEBUG
Srvid
X-Irp-Debug
Product
X-Webkit-Csp-Report-Only
Geoip-Latitude
X-Geo
Cl-Cache
X-Lb-Nocache
ServerName
X-Bug-Bounty
X-Via-SSL
WZWS-RAY
X-Ckpd-Fst-Backend
X-Via-CDN
X-Owner
DataCenter
IsBot
X-Via-Edge
X-CSRF-TOKEN
X-SIPLIST1
X-ServedByHost
Edge-Copy-Time
X-VCL-Version
Cloudfront-Viewer-Country
X-Via-PopH
Epwk-X-Cache
X-Via-PopV
X-Via-PopN
MIME-Version
Cross-Origin-Opener-Policy-Report-Only
X-Ha-Backend
X-Proxy-CacheRZ
X-Cst
CacheControlHeader
XkeyRZ
X-Core-Mission
Ohc-Cache-HIT
Origin-Trial
X-Hit
ServerHost
X-Correlation-ID
X-Qloud-Router
CountryCode
X-Ua
X-App
N-Cache
PICS-Label
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MiniProfiler-Ids
X-Amz-Meta-Opti
X-Lb-Id
X-MSEdge-Features
X-Fastly-Country-Code
X-MSEdge-Flight
Lb
X-Service-Response-Time
X-Sqd-Ctime
X-Acquia-Site
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Sqd-Stime
Warning
X-Web-Server
Sm-Log-Id
X-Datacenter
X-LAGOON
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
Akamai-Cache-Status
X-IN-APIGATEWAY
X-Akamai-Device-Characteristics
X-Limited
X-Vmg-Version
User-Agent
Cneonction
X-Dw-Trace-Id
X-IN-APIGATEWAYSSL
X-Udemy-Cache-App-Namespace
X-CF-Lambda-Fn
X-Proxy-Cache-La3
X-Check-Cacheable
X-Tenant
X-Serial
X-RAMCache
X-Akamai-Pragma-Client-IP
X-Requestid
Xkeylog
Xkey-La3
X-Th-Server
X-Ramcache
X-CF-Lambda-Version
X-Cdn-Request-ID
X-Cache-Type
X-Forwarded-Path
X-Orig-Expires
X-Snapshot-Date
X-Shop-Environment
Ngx
Expect-Staple