Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
Accept-CH
X-DNS-Prefetch-Control
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-LiteSpeed-Cache
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Dns-Prefetch-Control
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-Host
X-WebKit-CSP
Cf-Railgun
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-Id
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Node
X-Cloud-Trace-Context
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Litespeed-Cache
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-Rack-Cache
X-TtlSet
X-Vname
X-PC
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
X-FTR-Request-ID
Accept-Ch
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Powered-By-Plesk
X-Cache-TTL
X-Webkit-Csp
X-Cnection
X-Ac
X-ESI
X-Element-Page-Cache
X-D2id
X-GitHub-Request-Id
Edge-Control
X-CST
Verso
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-ECACHE
X-Dw-Request-Base-Id
X-Upstream
X-Abt-Application-Version
X-Navigation-Version
X-FastCGI-Cache
X-Oneagent-Js-Injection
Fastly-Restarts
SPIisLatency
SPRequestDuration
X-B3-TraceId
X-Mod-Pagespeed
X-Amz-Rid
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-ARC
X-Goog-Hash
X-Edge-Location-Klb
X-Kinsta-Cache
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Powered-CMS
X-Mg-S
Edge-Cache-Tag
S
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
X-Ratelimit-Limit
X-NF-Request-ID
X-Middleton-Response
Response
X-VARITI-CCR
X-TTL
RTSS
Realpath
X-Forwarded-For
X-T
X-Content-Digest
X-Cache-Key
Cross-Origin-Resource-Policy
X-Fastly-Request-ID
X-Ratelimit-Remaining
X-Ruxit-Js-Agent
X-Recruiting
Fastcgi-Cache
X-Correlation-Id
X-Cached
X-ORACLE-DMS-RID
X-TraceId
X-MSEdge-Ref
X-Varnish-TTL
X-Shield-Request-Id
Front-End-Https
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ua-Browser
X-Request-Processing-Time
X-Request-Received
X-PressLabs-Stats
X-Forwarded-Proto
X-Frontend
X-Protected-By
Payment
X-HS-Hub-Id
Arr-Disable-Session-Affinity
X-HS-Cache-Config
X-HS-Content-Id
X-LLID
Server-Node
TP-Cache
Public-Key-Pins
MS-Author-Via
Count-Hit
Content-MD5
X-Server-ID
X-HS-Combine-CSS
X-GUploader-UploadID
X-Accel-Expires
X-Newrelic-App-Data
X-LB-Cache
X-Distributor
X-Origin-Server
X-NODE
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Ezoic-Cdn
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-ORACLE-DMS-ECID
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
Surrogate-Key
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-Www-Served-By
X-FTR-Expires
Host
Cleartype
X-Varnish-Server
X-App-Server
Accept-Charset
X-AppVersion
X-Activity-Id
X-Az
X-B3-TraceId-Primal
MRF-Tech
Cache-Tags
Mrf-Cache-Status
X-Amz-Meta-S3cmd-Attrs
X-Cluster-Name
X-Ua-Device
Retry-After
X-Varnish-Backend
X-Goog-Metageneration
Filterid
X-Unique-Id
X-Hits
Server-Name
X-Debug
X-Git-Hash
Access-Control-Allow-Method
X-Logged-In
X-Load-Cache
X-Azure-Ref
X-Upgrade-Enabled
X-Id
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-Ttl
X-CSRF-Token
X-Geo-Country
X-FB-Debug
X-Hostname
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Proxy
X-B
Viewport
Section-Io-Cache
X-TT
X-Seen-By
X-Request-Guid
X-Revision
DC
X-Cache-Control
X-Fb-Rlafr
X-Grace
Healthy
X-Trace-Id
X-Contextid
X-B3-Sampled
TP-L2-Cache
X-Type
X-Time
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-F-Cache
X-Hcs-Proxy-Type
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-XRDS-LOCATION
Fastly-SWR
X-Mobile
Fastly-SIE
X-N
Content-Disposition
Referer-Policy
Paypal-Debug-Id
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-WP-CF-Super-Cache
X-Ratelimit-Reset
X-Varnish-Ttl
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Grace
X-Magnolia-Registration
X-DIS-Request-ID
X-Webkit-CSP
X-Amz-Replication-Status
X-Origin-Cache
X-Page-Id
X-Via-JSL
X-Debug-Info
X-Px
Version
X-Wormhole-Sdk
X-Oracle-Dms-Ecid
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-UUID
X-G
X-ProcessESI
X-RemovedCookies
X-Whom
X-Rid
X-App-Environment
X-Adobe-Loc
X-Rule
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Adobe-Content
X-Content-Options
X-Debug-IsConnected
X-Nf-Request-Id
X-Tumblr-Pixel
X-Tumblr-User
X-Debug-IsPreview
X-Node-Name
MS-CV
NGB
VIX-Pulpo-Node
X-Datadog-Sampled
VIX-Pulpo-Upstream-Status
X-Source
X-Hl-Ver
Ms-Operation-Id
X-RTag
SD-X-WS
X-Storage
X-Template
X-User-Agent
X-Signature
X-B-Cache
X-Proxy-Cache-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Wix-Request-Id
X-Region
X-Instance
Cross-Origin-Window-Policy
X-Is-Bot
X-Rendered-As
X-Device-Type
X-Cacheable-TTL
X-Backend-Name
GEO-INFO
X-Environment-Context
X-NYM-Debug-Backend
X-L-Path
X-Status
Country
X-ServerID
X-Ismobilevalue
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Version
X-Cache-Age
Charset
X-NWS-UUID-VERIFY
Countrycode
X-IPS-LoggedIn
SRV
Amp-Access-Control-Allow-Source-Origin
ServerID
Front
X-RM-Cache-TTL
X-Cache-Grace
X-Real-IP
X-EdgeConnect-Cache-Status
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Framework
Liferay-Portal
X-Cache-Hit
X-Amzn-Remapped-Content-Length
X-AB
X-Oracle-Dms-Rid
X-Language
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Content-Powered-By
X-Air-Pt
X-RateLimit-Limit
X-B3-SpanId
X-Api-Version
X-Air-Trace-Id
X-Air-Source
X-Sucuri-ID
OT-Force-Account-Verify
X-Servername
X-Sucuri-Cache
X-Air-Hostname
X-UA
X-VC
From-Origin
X-VC-Cache
Xet-Cookie
X-Xrds-Location
X-Mode
X-URL
Accept-Language
X-Aws-Lambda-Call-Status
Backend
Refresh
X-DataDome
X-Tt-Logid
Access-Control-Request-Headers
X-ECache
Webserver
X-Cache-Status-Check
LB
Upgrade-Insecure-Requests
X-HTML-Minification-Powered-By
X-Handled-By
X-Nginx-Cache
X-Cache-Time
X-Fastly-Request-Id
X-RCS-CacheZone
X-UPSTREAM-Address
X-SaId
Filters
X-SRV
Meta-Geo
X-Rn-Rsrv
X-Rewrite-Enabled
X-JoinUs
X-Xfnlog-Site
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Container-Uri
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Varnish-Age
X-Provided-By
X-Origin-Hint
X-Tumblr-Pixel-2
X-Webstats-RespID
Cache
ServedBy
Property-Id
X-Origin-Date
X-Git-Commit
Webcakes-Region
X-R9-Blue-Green-Version
X-S
X-Cms-Context
X-Hosted-By
X-Request-URI
X-Adobe-Source
X-Is-Supported-Browser
X-Labrador-Cache-Channel
Atl-Traceid
X-Is-Tablet
X-Tncms
X-Lambda-Id
X-Skip-Cache
X-Forwarded-Host
X-Web-Node
X-No-Session
X-ProxyCache-Key
X-Loop
X-Logging-Id
X-Scope-Id
X-Locale
X-Is-Desktop
X-BYPASS-REASON
X-Cache-Debug
X-Site-Version
Url
X-Browser-Name
X-Akamai-Edgescape
Web-Mar-Node
X-Cluster
X-Fetched-On
X-Accel-Version
X-Is-Mobile
X-Httpd
X-Geo-Region
Section-Io-Id
X-Generated-By
X-PHP-Host
X-Mg-Request-UUID
X-ProxyCache-Status
X-Redis-Cache
X-Tcp-Rtt
X-Tb
X-Served-From
X-Reqid
X-Director
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-Restarts
Mn-Server-Ip
X-Frame-Option
Selected-Fe
X-Alternate-Cache-Key
X-Cache-Host
Apigw-Requestid
X-Upstream-Ht
X-Detected-As
X-Cache-Operation
X-Timing-Wait
X-Origin
X-IPLB-Request-ID
X-Upstream-Ct
X-Storefront-Renderer-Rendered
X-Soup
X-Cache-Rule
X-Format
X-Optimistic-Header
X-VCT
X-Shopify-Stage
X-Proxy-Build
X-IPLB-Instance
X-LJ-Flow-ID
X-Proxied
X-Zipkin-Id
X-VWS-Id
X-Extlb
X-Say-Cacheable
X-Endurance-Cache-Level
X-Say-TTL
X-RID
X-Cloudmap
X-Routing-Service
X-Vcl-Version
X-AWS-Id
X-Edge-Location
X-Ms-Request-Id
Onion-Location
X-Ms-Version
X-SayCDN-TTL
Xserver
X-ShopId
Expiry
X-Connection-Hash
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-INCAP-ABP
Frame-Options
X-GeoCountry
X-Azure-Ref-OriginShield
X-Vcache
X-Lagoon
X-GeoCode
Cdn-Requestid
Priority
X-WP-CF-Super-Cache-Cookies-Bypass
X-Cache-Expired-At
Source
X-CDN-Forward
Protected
WPO-Cache-Status
WPO-Cache-Message
X-Generation-Time
Thinkindot-CacheControl
TDXMobile
X-B3-Traceid
X-Shield-Cache-Expires
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cdn-Origin
X-Thinkindot-L3
Environment
X-CMSURLCustom
X-Cache-Action
Fastcgi-Useragent
X-Drupal-Cache-Contexts
X-Proxy-Cache-Status
X-Drupal-Cache-Tags
X-Origin-TTL
X-PHP-Backend
X-Origin-CC
X-Pass-Why
CF-IPCountry
Uber-Trace-Id
X-App-Version
X-ID
X-Rocket-Nginx-Serving-Static
Sid
X-Cluster-Node
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Vercel-Id
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Vercel-Cache
Azure-SlotName
Azure-Version
X-Aspnetmvc-Version
X-Worker
Node
X-GEO
Cache-Hits
X-XRDS-Location
X-Buckets
X-FB-TRIP-ID
Cache-Tv-Group
CDN-Uid
CDN-RequestPullCode
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullSuccess
X-Auth-Group-Type
CDN-Cache
CDN-CachedAt
AMP-Access-Control-Allow-Source-Origin
CDN-EdgeStorageId
Cross-Origin-Embedder-Policy
X-TA-CDN-Provider
X-Fastcgi-Cache
X-Tumblr-Pixel-3
X-Server-W
X-Pad
Alternate-Protocol
X-Cache-Server
X-A
DB-Nickname
X-Client-Ip
X-LiteSpeed-Cache-Control
Cdn-Host
Gannett-Cam-Experience-Id
X-D
X-Bc-Bl
X-BCube-Filmed-By
X-Op-Id-All
X-Org
X-Origin-Expires
X-Fastly-Backend
X-Esi-Check
Lang
X-Aed
X-Req
X-Edge-Server
X-Epic-Correlation-Id
Cdn-Request-Time
X-Rojux
Magicmarker
X-Bl-Debug
X-Ig-Origin-Region
X-Ig-Push-State
X-Generated-On
X-Cache-NE
Content-Secure-Policy
X-Conf
X-Cache-TTL-Remaining
X-Gzip
X-Level-Front-Cache
X-Cache-Id
X-Core-Value
X-ND-Cache
X-Custom-Header
DCR-Processing-Time-Ms
DCR-Decision-By
X-Content-Age
X-Service
X-GeoIP-City
X-Ec-GeoHdr
X-Viewer-Country
X-Dispatcher-Server
X-Developer
X-Via-Fastly
X-Ec-Fail
X-Varnish-Remaining-TTL
X-Vdms-Version
Wxu-Next-Commit
X-Vtex-Remote-Cache
X-LSADC-Cache
X-DefElseHash
Sslversion
Candidate-Md5Url
Surrogated-Key
Rendered-Blocks
A
X-DefHash
T-Server
X-Dc
Wxu-Next-Hostname
Ngx.Var.Host
X-A-Dcw
X-A-Dam
X-SRCache-Key
X-A-Dgt
X-ScT
Meta-Geo-Continent
X-A-Wwc
MD5-Digest
Odigeo-Trace-Id
X-V-Cache
X-Varnish-CookieHashed-On
X-A-Ccd
Wxu-Next-Region
X-TIM-N
Origin-Agent-Cluster
X-Varnish-CookieINHashed-On
Mime-Version
User-Cache-Control
X-Clientip
X-B3-Trace-ID
Tube-Return
V-Age
Vix-Hermes-Req-Id
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Results
Tube-Got-Eval
Server-Host
Ssr
Tube-Get-Contents
X-Aicache-OS
X-AK-Request-ID
X-Cache-Bucket
X-Cache-FS-Status
X-Cache-Info
X-CacheTTL
X-Block-Status
X-Bip
X-Amz-Storage-Class
X-App-Name
X-Backend-Instance
X-Cdn-Srv
X-GeoIP
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-UA-Device-Type
X-Thanos
X-Sn-Servicetimems
X-Server-IP
X-Region-Sid
X-RateLimit-Remaining-Second
X-Request-Time
X-SB
X-SD-PageType
X-Scheme
X-Varnish-Director
X-Varnish-Hostname
PFcat
Fastly-SSL
X-HN
X-NodeID
XM
X-VarnishDD-TTL
Cache-Provider
X-Wikidot-Static-Cache
X-VG-WebCache
X-VG-TLSProxy
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Wikidot-Backend
X-RateLimit-Limit-Second
X-Pubstack
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GoCache-CacheStatus
X-Hnp-Log
X-Jobs
X-HS-Content-Campaign-Id
RNT-Time
X-Geo-Header
X-Fastly-Cache
X-Debug-Cache-Store
X-FC-Vary-Parameters
X-Fmm-Version
X-Gdpr
X-Forwarded-Site
X-Loc
X-Men
X-PAYTM-SRV-ID
X-Origin-Time
X-Platform
X-Policy
X-Proto
X-Powered-By-VTEX-Cache
X-Origin-Response-Time
X-Nyt-Route
X-Mly-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-NMSegId
X-Node-Id
X-Debug-Cache-Fetch
X-Gen-Mode
Edge-Cache
Powered-By
Cdncip
X-Tec-Api-Origin
Host-ID
Esi-Enabled
Click-Count-Error
Origin
NM-Fastcgi-Cache
Fastly-Backend-Name
HostName
X-Tec-Api-Root
X-Tx-Id
Content-Style-Type
Country-Code
RNT-Machine
Content-Script-Type
X-Tec-Api-Version
AKAMAI
Cdnsip
Req-ID
Click-Count-Action-Start
X-Varnish-Beresp-Ttl
X-DC
X-HITS
Cache-Key
Canary
X-Date
Apple-News-Services-Handled
X-Cs
Cluster
C-Via
X-Contensis-Viewer-Groups
Yak-Timeinfo
X-Request-Start
X-Pool
X-Location
X-Proxied-Request
Server-Info
X-Mvc-Supplant-OutputCached
X-Access
W
X-Nginx-Cache-Key
X-Human
X-Hash
X-DPWN-IS-SECURE
X-Varnishpool
X-Depends
X-Ec-Custom-Error
Apple-News-Services-Host
X-Section
X-Request-Host
X-We-Are-Hiring
Adler-Geo
X-CUA
Release
L
NGX
X-Eu-Site
X-Accel-Expires-Debug
Req-Svc-Chain
Machine
Sever-Int
Mail-Subject
HA-Ipaddr
X-CGP
Pramga
Platform
We-Hiring
Web-Mar-Region
Origin-EX
Origin-CC
Proxy-Firewall
Producers
On-Server
L5d-Success-Class
X-Var-Ttl
Ha-Gx-Prefs
X-Auto-Login
Apple-News-Services-Parsed-Url
DSUID
Apple-News-Services-Request-Url
CDCHOST
X-BBC-Edge-Cache-Status
X-Varnish-Authentication
Server-Ext
X-Cache-Aspx
X-Csrf-Jwt
Is-Eu
X-Varnish-Beresp-Status
X-Slack-Backend
Gh-Request-Id
Fastly-GeoIP-CountryCode
X-Slack-Shared-Secret-Outcome
Server-Hostname
X-AIR-PT
X-NGINX-Cache
X-RateLimit-Reset
Debug
X-WA-Info
True-Client-Country-4JS
Fusion-Source
Fusion-Component-Id
BehaviorPad-Version
X-Ad-Load-Variation
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Device-Os
X-Varnish-Hits
Redirect-Candidate
X-CLOUD-TRACE-CONTEXT
X-APP
X-LB-ID
X-NCache
X-From
X-Via-Popv
Pics-Label
X-HA-Backend
X-Up
X-Via-Popn
X-MP-GENERATED-AT
X-Via-Poph
X-Zone
X-VHOST
X-LiteSpeed-Tag
X-Newrelic-Synthetics
X-Jungle-Id
CloudFront-Viewer-Country
X-Akamai-Transformed
X-Content-Length
Fastly-Drupal-HTML
CDN-RequestId
SID
X-CACHE-AGE
X-Parent-Response-Time
GeoIP-Latitude
X-Servedbyhost
X-Vdms-Path
X-Cache-Backend
X-B3-Parentspanid
X-Datadome
X-Refresh
Fastly-Drupal-Html
X-Origin-Cache-Key
X-Nananana
X-LB-NoCache
Vc-Max-Age
WP-Super-Cache
X-CDN-Cache-Status
X-ZONE
X-CACHE-KEY
X-Nc
X-Dispatcher-Number
X-B3-Spanid
X-Uri
Resin-Trace
X-Litespeed-Tag
X-DynaTrace-JS-Agent
X-ApacheServer
X-Cached-By
Datacenter
X-RequestId
Product
Server-ID
X-Render-Time
X-PERF
X-VC-TTL
X-M-Reqid
X-M-Log
GeoIp-Country-Code
X-Wa
NtCoent-Length
X-CS
Cdn
X-Amz-Meta-Cb-Modifiedtime
X-Ckpd-Fst-Backend
X-TX-ID
FSS-Cache
Locid
X-Fpc
S-Rt
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-VCache
True-Client-Ip
ServerName
X-Bug-Bounty
Uri
X-Esi
X-HostName
X-HubSpot-Correlation-Id
X-SERVER-NAME
X-Srv
X-Nf-Country
Serverhost
X-Nf-Ats-Version
True-Client-IP
X-Nf-Language
X-TT-LOGID
X-Original-Request-Id
X-Response-Served-From
X-Old-Content-Length
Tcn
X-TIME
X-FPC
Ngx-Var-Key
X-Vmg-Version
X-Akamai-Device-Characteristics
GeoIP-Country-Code
X-Dynatrace-Js-Agent
User-Agent
Srv
X-WA
X-NewRelic-App-Data
CDN
X-Cdn-Forward
Request-ID
X-Info
X-Vgn-Hpd-Reason
X-Gamma-Serve
CacheControlHeader
ServerHost
X-Cdn-Cache-Status
X-Vc
Cf-Ipcountry
Xc-Version
X-Moov-Xdn-Version
X-Moov-T
X-TH-Server
X-Hit
X-NC
Server-Id
X-Geo
Hostname
X-COUNTRY
X-APP-VERSION
X-Webkit-Csp-Report-Only
X-Dispatch
X-FL-QIT-DEBUG
Srvid
Geoip-Latitude
X-Platform-Processor
X-Platform-Cluster
X-Platform-Router
X-Presslabs-Stats
X-Lb-Nocache
Expect-Staple
Cf-Device-Type
Cneonction
X-Amz-Meta-Opti
Cross-Origin-Embedder-Policy-Report-Only
X-ServedByHost
X-V
Cloudfront-Viewer-Country
X-External-Request-Id
X-Destination
X-User
X-Application
X-S-Cookie
X-Limited
X-B-Cookie
X-Oracle-DMS-ECID
X-VCL-Version
X-Via-PopH
X-Eligible
X-Ha-Backend
Origin-Trial
X-Platform-Server
X-New
X-Via-PopN
X-Via-PopV
PICS-Label
X-Zen-Fury
Permission-Policy
WZWS-RAY
N-Cache
X-Rollout
Ohc-File-Size
X-Ua
X-Cache-Date
Epwk-X-Cache
X-Proxy-CacheRZ
X-Rocket-Build-Number
X-Akamai-Pragma-Client-IP
XkeyRZ
X-Instance-Name
X-Sigma
X-MSEdge-Features
X-MSEdge-Flight
X-App
X-Sigma-Backend
X-Correlation-ID
Rtss
X-Sqd-Stime
X-Internal-TTL
X-Lb-Id
X-ElasticPress-Query
X-Ftr-Request-Id
X-API-Version
X-Sqd-Ctime
X-Branch-Name
X-Serial
X-VServer
X-Segment-20210421
X-MiniProfiler-Ids
X-Check-Cacheable
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Lb
Edge-Copy-Time
Cl-Cache
X-VTEX-Cache-Backend-Header-Time
X-VTEX-Cache-Backend-Connect-Time
X-EC-Lua
X-Datacenter
Timeexpire
IsBot
X-Acquia-Application-Trace
X-Via-CDN
X-SIPLIST1
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Via-Edge
X-Acquia-Site
X-Path
Cmsid
X-Service-Response-Time
Sm-Log-Id
X-Via-SSL
X-Web-Server
Cmstype
CountryCode
X-CSRF-TOKEN
X-Litespeed-Cache-Control
Servername
X-LAGOON
Fl-Custom-Application
X-RAMCache
X-Snapshot-Date
Warning
X-Origin-Upstream-Status
X-Shardid
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Udemy-Cache-App-Namespace
X-Shopid
X-Sorting-Hat-Podid
X-Th-Server
Wpo-Cache-Message
Wpo-Cache-Status
X-Ramcache
X-Dw-Trace-Id
X-Sorting-Hat-Shopid
Ngx
Ohc-Cache-HIT
X-Fastly-Backend-Reqs