Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-AH-Environment
P3p
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Ws-Request-Id
X-Age
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Allow
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
EagleEye-TraceId
Cf-Railgun
X-Host
X-Backend-Server
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-Country
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
Rating
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Server-Name
X-Webkit-Csp
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
AR-SID
X-ESI
Accept-Ch
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-GitHub-Request-Id
X-Element-Page-Cache
X-D2id
X-Ac
Edge-Control
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
Verso
X-MS-InvokeApp
X-Cache-TTL
X-Upstream
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-Dw-Request-Base-Id
X-ECACHE
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-NF-Request-ID
Fastly-Restarts
X-B3-TraceId
X-Amz-Rid
X-SharePointHealthScore
SPRequestGuid
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Instrumentation
X-Client-IP
X-Edge-Location-Klb
X-Kinsta-Cache
X-Ratelimit-Limit
X-Mg-S
X-Goog-Hash
Edge-Cache-Tag
X-Middleton-Display
X-Sol
Pagespeed
X-Powered-CMS
Display
S
X-ARC
Cache-Status
X-Amzn-Trace-Id
Access-Control-Request-Method
X-Version
X-Middleton-Response
Response
X-VARITI-CCR
X-PDP-UNCACHING-HASH
X-Cache-Key
RTSS
X-Content-Digest
X-Ratelimit-Remaining
X-TraceId
Cross-Origin-Resource-Policy
Realpath
X-Forwarded-For
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
X-Fastly-Request-ID
Fastcgi-Cache
X-TTL
X-Cached
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
MS-Author-Via
X-Protected-By
X-HS-Cache-Config
X-Ua-Browser
X-HS-Hub-Id
Content-MD5
X-HS-Content-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
X-Forwarded-Proto
X-Frontend
Public-Key-Pins
Server-Node
Payment
X-Request-Received
X-Request-Processing-Time
MicrosoftSharePointTeamServices
TP-Cache
X-LLID
X-Varnish-TTL
X-PressLabs-Stats
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Arr-Disable-Session-Affinity
X-Aws-Lambda-Call-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-HS-Combine-CSS
X-FTR-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Count-Hit
X-Accel-Expires
X-GUploader-UploadID
X-Distributor
X-Origin-Server
X-Server-ID
X-LB-Cache
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Activity-Id
X-AppVersion
X-Az
X-Varnish-Server
X-Cluster-Name
X-App-Server
X-Varnish-Backend
Host
X-Ttl
Mrf-Cache-Status
X-Pinterest-Rid
MRF-Tech
X-Amz-Meta-S3cmd-Attrs
X-B3-TraceId-Primal
Pinterest-Version
Pinterest-Generated-By
X-Content-Security-Policy-Report-Only
Cache-Tags
X-Www-Served-By
Accept-Charset
Retry-After
Cleartype
Server-Name
X-Ua-Device
X-Newrelic-App-Data
X-Goog-Metageneration
X-Hits
Filterid
X-Envoy-Decorator-Operation
X-Unique-Id
X-ASPNET-VERSION
X-Hostname
X-Git-Hash
Access-Control-Allow-Method
X-Geo-Country
X-Azure-Ref
X-Upgrade-Enabled
X-Load-Cache
Referer-Policy
X-Varnish-Ttl
X-CSRF-Token
X-NGENIX-Cache
X-Debug
X-Id
TP-L2-Cache
TCN
X-Logged-In
X-Time
X-Seen-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-FB-Debug
X-Proxy
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Amzn-RequestId
X-Amz-Apigw-Id
X-B3-Sampled
X-Grace
X-Trace-Id
Section-Io-Cache
X-Revision
X-F-Cache
X-Cache-Control
X-Fb-Rlafr
Healthy
DC
X-Request-Guid
X-B
X-DIS-Request-ID
X-Type
Surrogate-Key
X-Contextid
X-TT
Viewport
X-XRDS-LOCATION
Paypal-Debug-Id
X-Mobile
X-N
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-WP-CF-Super-Cache
X-Goog-Stored-Content-Length
X-Debug-Info
X-Page-Id
Fastly-SIE
Fastly-SWR
X-Px
Content-Disposition
X-Whom
X-Via-JSL
X-Varnish-Grace
X-Origin-Cache
Version
X-Datadog-Parent-Id
X-Webkit-CSP
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
X-Magnolia-Registration
Charset
X-Amz-Replication-Status
X-Template
X-Wix-Request-Id
X-ProcessESI
X-Cache-Grace
X-App-Environment
X-Cache-Age
X-RemovedCookies
MS-CV
X-Tumblr-Pixel-0
X-Node-Name
X-Tumblr-Pixel-1
X-Oracle-Dms-Ecid
X-Tumblr-User
X-UUID
Ms-Operation-Id
X-Rule
X-RTag
X-Tumblr-Pixel
X-Debug-IsConnected
X-G
X-Yottaa-Metrics
VIX-Pulpo-Upstream-Status
SD-X-WS
X-Hl-Ver
VIX-Pulpo-Node
X-Datadog-Sampled
X-Debug-IsPreview
X-Yottaa-Optimizations
X-EdgeConnect-Cache-Status
X-Adobe-Content
X-B-Cache
X-NWS-UUID-VERIFY
X-Backend-Name
X-Source
X-Signature
ServerID
X-Region
X-FW-Hash
X-FW-Dynamic
X-Instance
X-FW-Type
X-User-Agent
X-Adobe-Loc
X-FW-Version
X-Storage
X-FW-Static
X-FW-Server
X-FW-Serve
X-Rendered-As
X-Proxy-Cache-Info
GEO-INFO
X-Status
Country
X-Cacheable-TTL
X-Is-Bot
X-Device-Type
NGB
X-L-Path
X-Environment-Context
X-Real-IP
X-NYM-Debug-Backend
X-Cache-Hit
X-ServerID
X-IPS-LoggedIn
Countrycode
SRV
Cross-Origin-Window-Policy
X-Language
X-Amzn-Remapped-Content-Length
Akamai-GRN
Liferay-Portal
X-Rid
X-WP-CF-Super-Cache-Active
Amp-Access-Control-Allow-Source-Origin
X-RM-Cache-TTL
X-Sucuri-ID
X-Wormhole-Sdk
X-Sucuri-Cache
X-Origin-Cache-Key
Front
X-B3-SpanId
X-Ratelimit-Reset
OT-Force-Account-Verify
X-Framework
X-Servername
X-UA
X-Xrds-Location
X-Air-Pt
X-ECache
X-Oracle-Dms-Rid
From-Origin
X-VC-Cache
X-WebKit-CSP-Report-Only
X-VC
X-AB
Xet-Cookie
X-Content-Powered-By
X-Fastly-Request-Id
X-Mode
X-Air-Hostname
X-Akamai-Request-ID2
Backend
X-Air-Source
X-Air-Trace-Id
Upgrade-Insecure-Requests
X-RID
Refresh
X-DataDome
X-Cache-Time
X-INCAP-ABP
X-URL
X-Handled-By
Accept-Language
X-Endurance-Cache-Level
X-Edge-Location
X-RCS-CacheZone
X-SRV
X-Xfnlog-Site
X-JoinUs
X-SaId
Filters
Meta-Geo
X-Rn-Rsrv
X-Rewrite-Enabled
Cache
X-UPSTREAM-Address
X-No-Session
X-Reqid
Property-Id
X-Extlb
Webserver
X-Cache-Status-Check
X-Cache-Operation
X-Cache-Rule
X-Container-Uri
X-Proxied
X-B3-Traceid
X-Cluster
X-VWS-Id
X-Varnish-Age
X-Tumblr-Pixel-2
X-Hosted-By
X-Origin-Hint
TWC-Device-Class
X-Labrador-Cache-Channel
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
X-Provided-By
X-PHP-Host
TWC-Privacy
X-Origin-Date
X-AWS-Id
TWC-Connection-Speed
ServedBy
X-Cloudmap
X-Zipkin-Id
X-LJ-Flow-ID
X-Webstats-RespID
X-Lambda-Id
X-Routing-Service
Webcakes-Region
X-Git-Commit
Webcakes-App-Version
X-Generated-By
Access-Control-Request-Headers
X-IPLB-Instance
X-Served-From
X-Site-Version
LB
Web-Mar-Node
Url
X-HTML-Minification-Powered-By
X-Cms-Context
Section-Io-Id
Mn-Server-Ip
X-Tb
X-Locale
X-Redis-Cache
X-Loop
X-Restarts
X-Tncms
X-Akamai-Edgescape
X-Web-Node
X-Skip-Cache
X-R9-Blue-Green-Version
X-Fetched-On
X-Scope-Id
X-Accel-Version
X-Adobe-Source
X-Logging-Id
X-Forwarded-Host
X-IPLB-Request-ID
Atl-Traceid
Frame-Options
X-Ismobilevalue
X-Nginx-Cache
X-Varnish-Beresp-Grace
X-Upstream-Ht
X-Ms-Request-Id
X-Upstream-Ct
X-Varnish-Cache-Hits
X-VCT
X-Cache-Debug
X-BYPASS-REASON
X-Timing-Wait
X-Httpd
X-SayCDN-TTL
X-Director
X-Origin
X-Format
X-Frame-Option
X-RateLimit-Reset
X-Proxy-Build
X-Ms-Version
X-Say-TTL
X-Say-Cacheable
X-Soup
Selected-Fe
X-ProxyCache-Status
X-Azure-Ref-OriginShield
X-ProxyCache-Key
Apigw-Requestid
WPO-Cache-Status
X-GeoCode
X-GeoCountry
Xserver
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Tcp-Rtt
X-Alternate-Cache-Key
WPO-Cache-Message
X-Cache-Host
X-RateLimit-Limit
X-Geo-Region
X-Browser-Name
X-Detected-As
X-Is-Supported-Browser
X-Is-Desktop
X-Is-Mobile
X-Is-Tablet
X-S
X-Optimistic-Header
X-Api-Version
X-Vcache
X-Request-URI
X-Drupal-Cache-Tags
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Origin-CC
X-Origin-TTL
Thinkindot-CacheControl
TDXMobile
X-CMSURLCustom
Thinkindot-CacheControl-Type
Cache-Hits
X-Shield-Cache-Expires
X-Generation-Time
X-Lagoon
Thinkindot-Control
X-Thinkindot-L3
X-CDN-Forward
Source
X-Drupal-Cache-Contexts
X-Cdn-Origin
Fastcgi-Useragent
Onion-Location
X-Connection-Hash
Protected
X-WP-CF-Super-Cache-Cookies-Bypass
Expiry
X-Tt-Logid
Cdn-Requestid
X-Worker
X-Vercel-Id
X-Vercel-Cache
X-TA-CDN-Provider
X-Buckets
X-Vcl-Version
X-Cache-Expired-At
X-PHP-Backend
X-Rocket-Nginx-Serving-Static
Azure-InstanceId
X-Mg-Request-UUID
Azure-RegionName
Azure-SlotName
Azure-Version
X-Pass-Why
Azure-SiteName
Node
Sid
X-GEO
Priority
X-App-Version
Cross-Origin-Embedder-Policy
X-Cache-Action
Environment
CDN-PullZone
X-Proxy-Cache-Status
X-ID
CDN-RequestPullSuccess
CDN-Uid
CDN-CachedAt
Uber-Trace-Id
CDN-EdgeStorageId
CDN-Cache
CDN-RequestCountryCode
CDN-RequestPullCode
X-Tumblr-Pixel-3
AMP-Access-Control-Allow-Source-Origin
X-Cluster-Node
X-Aspnetmvc-Version
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-XRDS-Location
X-Server-W
X-Cache-Server
DB-Nickname
Cache-Tv-Group
X-Fastcgi-Cache
CF-IPCountry
Alternate-Protocol
X-FB-TRIP-ID
X-Auth-Group-Type
X-Tx-Id
User-Cache-Control
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-Dc
X-Jobs
X-V-Cache
X-TIM-N
X-Vdms-Version
X-UA-Device-Type
X-ScT
X-Rojux
X-Org
X-Service
X-Origin-Expires
X-Viewer-Country
X-SB
X-Op-Id-All
X-Vtex-Remote-Cache
X-Ig-Origin-Region
X-Ig-Push-State
X-Level-Front-Cache
X-ND-Cache
X-SRCache-Key
X-Generated-On
Surrogated-Key
Sslversion
T-Server
Wxu-Next-Commit
Wxu-Next-Hostname
Rendered-Blocks
Origin-Agent-Cluster
Ngx.Var.Host
Odigeo-Trace-Id
Origin
X-Content-Age
X-Conf
X-Cache-NE
X-A-Wwc
X-A-Dgt
X-Aed
X-Bl-Debug
X-Bc-Bl
X-A-Dcw
X-Block-Status
X-Cache-Id
X-A
X-A-Ccd
X-A-Dam
Meta-Geo-Continent
MD5-Digest
A
X-Epic-Correlation-Id
X-Ec-GeoHdr
Candidate-Md5Url
Content-Secure-Policy
X-Esi-Check
X-Fastly-Backend
X-Gzip
X-GeoIP-City
X-BCube-Filmed-By
X-Gen-Mode
X-Ec-Fail
X-Dispatcher-Server
X-D
X-Custom-Header
Lang
Magicmarker
X-Developer
Gannett-Cam-Experience-Id
DCR-Decision-By
X-Device-Os
DCR-Processing-Time-Ms
Edge-Cache
X-Hnp-Log
Wxu-Next-Region
X-Pad
HostName
X-LSADC-Cache
X-Nf-Request-Id
X-Client-Ip
X-Origin-Time
Cdn-Request-Time
X-Varnish-CookieINHashed-On
Ssr
V-Age
X-Nyt-Route
X-Node-Id
X-AK-Request-ID
X-Req
X-Varnish-CookieHashed-On
Sever-Int
Vix-Hermes-Req-Id
X-Origin-Response-Time
X-Varnish-Remaining-TTL
X-Powered-By-VTEX-Cache
X-Via-Fastly
Origin-CC
X-Proto
NM-Fastcgi-Cache
Cdn-Host
X-Pubstack
Origin-EX
PFcat
Server-Ext
Server-Host
Server-Hostname
X-Platform
Req-ID
Powered-By
X-Policy
X-NMSegId
X-Nginx-Cache-Key
X-Fastly-Cache
X-FC-Vary-Parameters
X-Forwarded-Site
X-Cache-TTL-Remaining
X-Core-Value
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Gdpr
X-Geo-Header
X-HN
X-HS-Content-Campaign-Id
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-GeoIP
X-GeoIP-Country-Code
X-DefElseHash
X-DefHash
X-VarnishDD-TTL
X-Bip
X-Cache-Bucket
X-Backend-Instance
X-Auto-Login
X-RateLimit-Limit-Second
X-App-Name
X-Mvc-Supplant-Cachable
X-Cache-Info
X-Men
X-Loc
X-Clientip
X-Cdn-Srv
X-Edge-Server
X-CacheTTL
X-Amz-Storage-Class
X-PAYTM-SRV-ID
X-SD-PageType
CDCHOST
Cache-Provider
C-Via
X-Server-IP
Cdncip
Cdnsip
X-Scheme
Content-Style-Type
Content-Script-Type
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Sn-Servicetimems
X-Thanos
X-VG-WebCache
X-Varnish-Director
X-Varnish-Hostname
X-Test
X-Tb-Optimization-Total-Bytes-Saved
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
XM
AKAMAI
Fastly-SSL
Fastly-Backend-Name
X-Request-Time
X-Region-Sid
X-RateLimit-Remaining-Second
Host-ID
Mime-Version
X-MP-GENERATED-AT
X-NGINX-Cache
X-Proxied-Request
X-DPWN-IS-SECURE
X-Csrf-Jwt
X-CUA
X-Date
X-Depends
X-Location
On-Server
Country-Code
X-Slack-Backend
Adler-Geo
Ha-Gx-Prefs
X-Slack-Shared-Secret-Outcome
Esi-Enabled
X-WA-Info
X-Ec-Custom-Error
X-CGP
HA-Ipaddr
X-Contensis-Viewer-Groups
X-Eu-Site
RNT-Time
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Var-Ttl
RNT-Machine
X-Hash
Producers
X-Human
Mail-Subject
Is-Eu
X-Varnishpool
Tube-Return
X-Fmm-Version
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
Tube-Got-Results
L
Tube-Get-Contents
Tube-Got-Eval
L5d-Success-Class
X-B3-Trace-ID
X-We-Are-Hiring
X-Access
Gh-Request-Id
X-Accel-Expires-Debug
X-NodeID
True-Client-Country-4JS
X-Aicache-OS
Platform
Fastly-GeoIP-CountryCode
X-Request-Start
Cluster
Web-Mar-Region
We-Hiring
X-Pool
Proxy-Firewall
Release
Canary
Click-Count-Action-Start
Pramga
Cache-Key
X-Request-Host
Machine
X-NCache
X-Micro-Cache
X-Section
X-Mvc-Supplant-OutputCached
Yak-Timeinfo
X-Cache-Aspx
DSUID
W
Apple-News-Services-Handled
X-Mly-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Click-Count-Error
Apple-News-Services-Host
X-VG-TLSProxy
X-HITS
X-DC
Req-Svc-Chain
NGX
X-BBC-Edge-Cache-Status
X-Up
X-LiteSpeed-Cache-Control
X-Jungle-Id
X-From
X-Zone
X-AIR-PT
Debug
WP-Super-Cache
X-Vdms-Path
X-Varnish-Beresp-Ttl
X-Cache-Backend
CDN-RequestId
X-Uri
X-Varnish-Hits
X-Cache-FS-Status
X-Akamai-Transformed
X-LB-ID
Redirect-Candidate
X-CACHE-GROUP
CloudFront-Viewer-Country
X-Cs
X-Tec-Api-Origin
X-Tec-Api-Version
X-Newrelic-Synthetics
X-Tec-Api-Root
X-PERF
X-Refresh
Pics-Label
X-Servedbyhost
Server-Info
X-Render-Time
X-ApacheServer
BehaviorPad-Version
GeoIP-Latitude
X-Via-Poph
X-Response-Served-From
Fastly-Drupal-Html
X-Nananana
X-HA-Backend
X-Via-Popn
X-VHOST
X-Original-Request-Id
X-Via-Popv
SID
Fastly-Drupal-HTML
X-VC-TTL
X-M-Reqid
X-Datadome
X-APP
X-B3-Parentspanid
X-M-Log
X-Parent-Response-Time
X-CS
X-TT-LOGID
Locid
X-LB-NoCache
X-CACHE-AGE
Datacenter
X-CDN-Cache-Status
X-Cached-By
Resin-Trace
X-Content-Length
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-NewRelic-App-Data
X-Amz-Meta-Cb-Modifiedtime
X-Nc
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Wa
GeoIp-Country-Code
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
Cf-Ipcountry
Cdn
Server-ID
X-LiteSpeed-Tag
NtCoent-Length
X-VCache
Uri
X-ZONE
Ngx-Var-Key
X-B3-Spanid
X-Old-Content-Length
X-Platform-Cluster
Vc-Max-Age
X-Platform-Processor
X-Platform-Router
X-Dispatcher-Number
X-RequestId
X-Vgn-Hpd-Reason
True-Client-IP
FSS-Cache
CDN
X-TH-Server
X-Moov-Xdn-Version
Product
X-Esi
X-Moov-T
X-Fpc
X-HostName
X-SERVER-NAME
X-TX-ID
True-Client-Ip
X-FPC
Srv
Serverhost
X-Srv
Cross-Origin-Embedder-Policy-Report-Only
X-Nf-Country
X-Nf-Ats-Version
X-Dynatrace-Js-Agent
Tcn
S-Rt
X-Nf-Language
X-Ckpd-Fst-Backend
X-Oracle-DMS-ECID
X-TIME
X-Application
X-Cdn-Forward
X-B-Cookie
X-External-Request-Id
Server-Id
GeoIP-Country-Code
X-Destination
ServerName
Cf-Device-Type
X-User
X-Bug-Bounty
X-S-Cookie
X-HubSpot-Correlation-Id
Request-ID
Hostname
CacheControlHeader
X-Zen-Fury
X-APP-VERSION
X-Dispatch
X-WA
X-Cdn-Cache-Status
X-NC
X-Vc
X-CACHE-KEY
X-Sigma-Backend
X-Sigma
X-Cache-Date
X-Rocket-Build-Number
X-Instance-Name
X-COUNTRY
X-API-Version
Srvid
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-Via-PopN
X-Via-PopV
Geoip-Latitude
X-VServer
X-Ha-Backend
X-Via-PopH
X-Presslabs-Stats
X-Lb-Nocache
ServerHost
X-Akamai-Device-Characteristics
Ohc-File-Size
User-Agent
X-Vmg-Version
X-Branch-Name
X-Geo
X-Segment-20210421
X-Gamma-Serve
Origin-Trial
X-ServedByHost
DataCenter
Load-Balancing
X-Info
X-VCL-Version
X-DynaTrace
X-Limited
Cneonction
Xc-Version
Cloudfront-Viewer-Country
PICS-Label
X-DataCenter
Epwk-X-Cache
X-Cache-Ttl
X-Correlation-ID
Type
X-Lb-Id
X-Ua
Expect-Staple
X-App
X-Srcache-Store-Status
Rtss
X-CSRF-TOKEN
X-Srcache-Fetch-Status
X-Irp-Debug
X-Serial
X-MiniProfiler-Ids
X-Hit
X-Owner
Timeexpire
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
Cross-Origin-Opener-Policy-Report-Only
X-Amz-Meta-Opti
Ohc-Cache-HIT
Lb
X-Qloud-Router
Sm-Log-Id
X-Via-CDN
X-Service-Response-Time
X-Acquia-Purge-Tags
X-Route-Name
X-Sqd-Stime
Cmstype
X-Via-SSL
X-Via-Edge
X-Sqd-Ctime
X-Acquia-Application-UUID
Cmsid
X-Acquia-Site
X-Acquia-Application-Trace
X-Providence-Cookie
X-Datacenter
X-MSEdge-Features
X-MSEdge-Flight
Warning
Edge-Copy-Time
X-Web-Server
Cl-Cache
X-Is-Crawler
X-Flags
X-Core-Mission
X-Aspnet-Duration-Ms
CountryCode
X-Litespeed-Cache-Control
Servername
X-LAGOON
X-Page-View
X-Origin-Upstream-Status
X-Requestid
X-Amz-Meta-S3b-Last-Modified
IsBot
X-Shardid
X-Shopid
X-IN-APIGATEWAY
Ngx
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-SIPLIST1
X-RAMCache
X-Http-Reason
X-Th-Server
X-Sql-Count
X-Sql-Duration-Ms
X-Dw-Trace-Id
X-Snapshot-Date
X-Ramcache
X-IN-APIGATEWAYSSL