Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-XSS-Protection
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-AspNet-Version
Accept-CH
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Cache-Status
X-Generator
X-Request-ID
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-UA-Device
X-Hacker
Permissions-Policy
X-Turbo-Charged-By
X-Proxy-Cache
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Dispatcher
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-LiteSpeed-Cache
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Page-Speed
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
P3p
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-CST
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Litespeed-Cache
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
Nginx-Cache
X-Daa-Tunnel
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Server-Name
X-Browser-Type
X-Mcache
X-Edge
X-Midtier
X-Powered-By-Plesk
X-Cnection
X-ESI
X-Oneagent-Js-Injection
X-GitHub-Request-Id
X-ECACHE
Edge-Control
X-D2id
X-Element-Page-Cache
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Upstream
Verso
X-Ac
X-Kinja-Revision
X-MS-InvokeApp
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
Accept-Ch-Lifetime
X-Cache-TTL
X-Vcap-Request-Id
X-B3-TraceId
X-Abt-Application-Version
X-Navigation-Version
X-Ser
AR-CACHE
X-FastCGI-Cache
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
X-NF-Request-ID
X-Amz-Rid
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Client-IP
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Mg-S
Edge-Cache-Tag
X-Edge-Location-Klb
X-Kinsta-Cache
S
X-Powered-CMS
X-Goog-Hash
X-Middleton-Response
Response
X-Version
Cache-Status
Access-Control-Request-Method
X-Aws-Lambda-Call-Status
X-VARITI-CCR
X-Amzn-Trace-Id
X-ARC
X-Fastly-Request-ID
X-Ruxit-Js-Agent
X-Cache-Key
RTSS
X-Content-Digest
X-Ratelimit-Limit
X-TraceId
Cross-Origin-Resource-Policy
X-Ua-Device
X-PDP-UNCACHING-HASH
X-RateLimit-Remaining
X-Forwarded-For
X-T
Realpath
X-Recruiting
X-TTL
X-Correlation-Id
X-Varnish-TTL
Front-End-Https
Fastcgi-Cache
X-MSEdge-Ref
X-Ratelimit-Remaining
X-Cached
MS-Author-Via
Content-MD5
X-Ua-Browser
X-HS-Content-Id
X-Shield-Request-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Balancer
X-FTR-Cache-Status
X-Request-Received
X-Request-Processing-Time
X-Protected-By
Server-Node
Payment
Public-Key-Pins
TP-Cache
X-LLID
X-Frontend
MicrosoftSharePointTeamServices
X-ORACLE-DMS-RID
X-HS-Combine-CSS
X-Forwarded-Proto
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
X-FTR-Expires
X-Distributor
X-Server-ID
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-HP-Trace-Id
X-Accel-Expires
X-Jurisdiction
X-HP-Webp
Count-Hit
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-NODE
X-GUploader-UploadID
X-Origin-Server
Accept-Ch
X-LB-Cache
X-PressLabs-Stats
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
Host
X-Content-Security-Policy-Report-Only
X-Az
X-Activity-Id
X-AppVersion
X-B3-TraceId-Primal
X-Varnish-Server
X-Varnish-Backend
MRF-Tech
Mrf-Cache-Status
X-Cluster-Name
X-Newrelic-App-Data
X-Www-Served-By
X-App-Server
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
X-TEC-API-ROOT
Retry-After
Accept-Charset
Server-Name
X-Ttl
Cleartype
X-ORACLE-DMS-ECID
X-Hits
X-CSRF-Token
X-Goog-Metageneration
X-Hostname
X-Envoy-Decorator-Operation
X-NGENIX-Cache
Referer-Policy
X-Geo-Country
X-Upgrade-Enabled
Filterid
X-Git-Hash
X-Unique-Id
X-Azure-Ref
Access-Control-Allow-Method
TP-L2-Cache
X-Seen-By
X-DIS-Request-ID
X-Hcs-Proxy-Type
X-Tt-Trace-Tag
X-CCDN-Origin-Time
X-Tt-Trace-Host
X-CCDN-CacheTTL
X-Proxy
X-Load-Cache
X-F-Cache
X-Revision
X-Origin-Cache-Key
X-Id
X-Grace
Section-Io-Cache
X-Request-Guid
X-XRDS-LOCATION
X-Trace-Id
X-Logged-In
X-Cache-Control
X-B3-Sampled
DC
Healthy
X-B
TCN
X-FB-Debug
X-TT
X-Type
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Contextid
Paypal-Debug-Id
X-Fb-Rlafr
X-Debug
X-Mobile
X-Debug-Info
X-N
X-Px
X-Page-Id
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Time
X-Varnish-Ttl
Fastly-SIE
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
Fastly-SWR
X-Whom
X-Oracle-Dms-Ecid
X-Via-JSL
X-Webkit-CSP
Content-Disposition
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
Charset
X-Datadog-Trace-Id
X-Template
X-Content-Options
X-RateLimit-Limit
X-Varnish-Grace
X-Origin-Cache
Version
X-Cache-Grace
Surrogate-Key
X-Magnolia-Registration
X-Oracle-Dms-Rid
X-Wix-Request-Id
X-App-Environment
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-ProcessESI
X-RemovedCookies
X-Node-Name
X-B-Cache
X-Language
X-Signature
X-Amz-Replication-Status
SRV
X-B3-SpanId
X-Debug-IsPreview
X-Debug-IsConnected
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-EdgeConnect-Cache-Status
X-Rule
X-Tumblr-Pixel-0
X-Hl-Ver
SD-X-WS
X-G
X-Yottaa-Metrics
X-RTag
X-UUID
X-Datadog-Sampled
Ms-Operation-Id
MS-CV
X-Yottaa-Optimizations
X-Instance
X-Backend-Name
X-Adobe-Loc
X-Adobe-Content
ServerID
X-FW-Dynamic
X-FW-Hash
X-FW-Version
X-FW-Type
X-FW-Static
X-FW-Server
X-Storage
X-FW-Serve
X-Cache-Age
X-Is-Bot
X-NYM-Debug-Backend
X-Device-Type
X-Rendered-As
NGB
GEO-INFO
X-Cacheable-TTL
X-Status
Country
X-Cache-Hit
X-NWS-UUID-VERIFY
X-User-Agent
X-Amzn-Remapped-Content-Length
X-IPS-LoggedIn
X-Environment-Context
X-Proxy-Cache-Info
X-Region
X-L-Path
Countrycode
Liferay-Portal
X-ServerID
X-Real-IP
X-Source
X-Rid
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
Akamai-GRN
X-Sucuri-Cache
OT-Force-Account-Verify
X-RM-Cache-TTL
X-Servername
X-RateLimit-Reset
X-VC-Cache
Front
From-Origin
X-Framework
X-UA
X-WebKit-CSP-Report-Only
X-Wormhole-Sdk
Upgrade-Insecure-Requests
Amp-Access-Control-Allow-Source-Origin
X-Mode
Backend
X-INCAP-ABP
X-Xrds-Location
X-Air-Hostname
X-AB
X-Air-Trace-Id
X-Air-Source
X-Nginx-Cache
X-URL
X-Akamai-Request-ID2
X-Content-Powered-By
X-Cache-Time
Xet-Cookie
X-Air-Pt
Refresh
X-RID
X-Handled-By
X-Edge-Location
X-Ratelimit-Reset
X-VC
Accept-Language
X-Endurance-Cache-Level
X-Rewrite-Enabled
X-RCS-CacheZone
Filters
Frame-Options
X-Xfnlog-Site
X-UPSTREAM-Address
Meta-Geo
X-SaId
X-JoinUs
X-Rn-Rsrv
Cache
X-Cache-Operation
X-Akamai-Edgescape
X-Cache-Rule
X-PHP-Host
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Url
ServedBy
Property-Id
X-Origin-Date
X-Origin-Hint
X-Cluster
X-Provided-By
X-No-Session
X-LJ-Flow-ID
X-AWS-Id
X-Git-Commit
X-Labrador-Cache-Channel
X-Reqid
X-SRV
X-VWS-Id
X-Tumblr-Pixel-2
X-HTML-Minification-Powered-By
X-Container-Uri
X-Webstats-RespID
X-Accel-Version
X-Site-Version
X-Restarts
X-Cache-Debug
X-Hosted-By
X-Extlb
X-Azure-Ref-OriginShield
WPO-Cache-Message
WPO-Cache-Status
X-Redis-Cache
X-R9-Blue-Green-Version
Section-Io-Id
Atl-Traceid
X-Routing-Service
X-Logging-Id
X-Proxied
X-Adobe-Source
Mn-Server-Ip
X-IPLB-Instance
X-IPLB-Request-ID
X-Locale
X-Varnish-Cache-Hits
X-Cms-Context
X-Cloudmap
Web-Mar-Node
Cache-Hits
X-Origin-CC
X-Origin-TTL
X-Fetched-On
X-Zipkin-Id
X-Served-From
X-Web-Node
X-Scope-Id
X-Proxy-Build
X-ProxyCache-Key
X-Tncms
X-Skip-Cache
Selected-Fe
Apigw-Requestid
X-Upstream-Ct
X-Ms-Version
Webserver
X-Loop
X-Lambda-Id
X-Director
X-Ms-Request-Id
X-Varnish-Age
X-Generated-By
X-DataDome
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Timing-Wait
X-Upstream-Ht
X-VCT
X-Frame-Option
X-Format
X-BYPASS-REASON
X-Say-TTL
X-SayCDN-TTL
X-Soup
X-Say-Cacheable
X-ProxyCache-Status
X-Tb
X-Varnish-Beresp-Grace
TDXMobile
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Tcp-Rtt
Thinkindot-CacheControl
X-CMSURLCustom
X-ShopId
X-S
Xserver
X-Is-Tablet
X-Cache-Host
X-Is-Desktop
X-Shield-Cache-Expires
X-Geo-Region
X-Browser-Name
X-Alternate-Cache-Key
X-Is-Supported-Browser
X-Is-Mobile
X-Thinkindot-L3
X-GeoCountry
X-GeoCode
X-Generation-Time
Access-Control-Request-Headers
X-Detected-As
X-Drupal-Cache-Contexts
X-ShardId
X-Origin
X-Httpd
X-Shopify-Stage
X-CDN-Forward
X-Cache-Status-Check
X-Cdn-Origin
X-Buckets
X-Vcache
X-Lagoon
X-Optimistic-Header
X-Request-URI
X-Worker
Source
X-TA-CDN-Provider
Fastcgi-Useragent
X-WP-CF-Super-Cache-Cookies-Bypass
X-Rocket-Nginx-Serving-Static
LB
X-Vercel-Cache
X-Vercel-Id
Azure-SiteName
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-Version
X-Fastcgi-Cache
X-Pass-Why
X-Api-Version
AMP-Access-Control-Allow-Source-Origin
Onion-Location
Protected
Expiry
Node
X-Connection-Hash
X-Vcl-Version
CDN-CachedAt
X-App-Version
CDN-EdgeStorageId
CDN-Cache
CDN-RequestPullCode
CDN-PullZone
CDN-Uid
CDN-RequestCountryCode
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
X-Cache-Expired-At
X-ID
X-Ismobilevalue
X-Tumblr-Pixel-3
X-PHP-Backend
X-Tec-Api-Root
X-Tec-Api-Version
X-GEO
X-Tec-Api-Origin
X-Tt-Logid
Environment
Cdn-Requestid
X-XRDS-Location
Sid
X-Cache-Server
Alternate-Protocol
X-Server-W
X-Proxy-Cache-Status
Uber-Trace-Id
DB-Nickname
X-Fastly-Request-Id
X-Cache-Action
Priority
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Mg-Request-UUID
X-Cluster-Node
X-Jobs
CF-IPCountry
X-B3-Traceid
User-Cache-Control
HostName
CDN-RequestId
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Cache-Tv-Group
Fusion-Component-Id
X-LSADC-Cache
X-MP-GENERATED-AT
X-FB-TRIP-ID
X-Nf-Request-Id
X-Client-Ip
X-AIR-PT
X-A-Dam
T-Server
X-Ec-GeoHdr
X-Vtex-Remote-Cache
X-Epic-Correlation-Id
Surrogated-Key
Sslversion
X-Ec-Fail
X-A-Dgt
Gannett-Cam-Experience-Id
X-A-Dcw
Server-Host
X-Block-Status
X-Bl-Debug
Lang
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Esi-Check
Magicmarker
X-A-Ccd
X-A
X-BCube-Filmed-By
MD5-Digest
X-A-Wwc
Meta-Geo-Continent
X-Auth-Group-Type
X-Developer
Content-Secure-Policy
DCR-Decision-By
Origin-Agent-Cluster
X-Conf
A
Candidate-Md5Url
X-D
X-VTEX-Cache-Time
X-VTEX-Cache-Server
Origin
X-Bc-Bl
Rendered-Blocks
X-Dispatcher-Server
X-Gen-Mode
X-Cache-Id
Ngx.Var.Host
X-Aed
Edge-Cache
Odigeo-Trace-Id
DCR-Processing-Time-Ms
X-Cache-NE
X-Device-Os
X-Content-Age
X-Viewer-Country
X-Ig-Push-State
X-Jungle-Id
X-Vdms-Version
X-Ig-Origin-Region
X-SB
X-Gzip
X-Hnp-Log
X-Generated-On
X-Rojux
X-Op-Id-All
X-Org
X-Origin-Expires
X-Powered-By-VTEX-Cache
X-ND-Cache
X-DC
X-NCache
X-ScT
X-Level-Front-Cache
X-GeoIP-City
X-UA-Device-Type
X-TIM-N
X-Varnish-Hostname
X-SRCache-Key
X-Origin-Response-Time
X-Varnish-Beresp-Ttl
X-Tx-Id
X-Vdms-Path
X-Bip
Host-ID
X-Origin-Time
XM
X-Pubstack
X-Backend-Instance
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proto
X-Cache-Bucket
Fastly-Backend-Name
X-Cache-Info
X-Policy
X-Cache-TTL-Remaining
X-Region-Sid
X-Thanos
X-PAYTM-SRV-ID
Fastly-SSL
X-Platform
X-Test
X-AK-Request-ID
Sever-Int
X-Amz-Storage-Class
PFcat
Server-Hostname
Powered-By
X-SD-PageType
Req-ID
Server-Ext
X-VarnishDD-TTL
Origin-EX
Origin-CC
X-Tb-Optimization-Total-Bytes-Saved
X-Scheme
X-Auto-Login
X-Custom-Header
X-Request-Start
NM-Fastcgi-Cache
Ssr
X-Varnish-Director
X-App-Name
X-Request-Time
X-Req
X-Cdn-Srv
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Geo-Header
X-GeoIP
X-ECache
X-NMSegId
X-Debug-Cache-Store
AKAMAI
X-Node-Id
Content-Style-Type
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Edge-Server
X-Service
X-HN
X-HS-Content-Campaign-Id
X-VG-WebCache
X-GeoIP-Region-Code
X-Loc
X-V-Cache
X-GeoIP-Country-Code
X-Fastly-Cache
X-Debug-Cache-Fetch
Cdn-Request-Time
Cdn-Host
X-Gdpr
CDCHOST
Cdncip
Cdnsip
Content-Script-Type
X-Clientip
X-Core-Value
X-Forwarded-Site
X-Zone
X-Via-Fastly
C-Via
X-Nyt-Route
Cache-Provider
X-FC-Vary-Parameters
X-Fmm-Version
X-Access
X-Varnish-Authentication
X-Acquia-Purge-Cdn-Unconfigured
X-Varnish-Beresp-Status
X-Eu-Site
X-From
X-Section
We-Hiring
Web-Mar-Region
X-Location
X-Proxied-Request
X-CUA
X-NodeID
X-BBC-Edge-Cache-Status
X-Csrf-Jwt
X-Cache-Aspx
X-CGP
X-Contensis-Viewer-Groups
X-Pool
X-Cache-Backend
X-B3-Trace-ID
X-WA-Info
X-VG-TLSProxy
X-Ec-Custom-Error
X-Aicache-OS
X-Human
X-DPWN-IS-SECURE
X-Varnishpool
X-Mvc-Supplant-OutputCached
X-Mly-Id
X-Micro-Cache
X-We-Are-Hiring
X-Ad-Load-Variation
Is-Eu
Cluster
DSUID
Click-Count-Error
X-Dc
Cache-Key
Canary
Esi-Enabled
Fastly-GeoIP-CountryCode
X-Var-Ttl
X-GoCache-CacheStatus
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
W
X-Wikidot-Static-Cache
X-Fastly-Backend
X-Men
X-Sn-Servicetimems
X-LiteSpeed-Cache-Control
X-Wikidot-Backend
Apple-News-Services-Handled
Apple-News-Services-Host
Adler-Geo
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
L
Click-Count-Action-Start
Req-Svc-Chain
RNT-Machine
Release
Redirect-Candidate
Pramga
Producers
RNT-Time
L5d-Success-Class
Tube-Got-Results
Tube-Return
Tube-Got-Eval
Tube-Get-Contents
Yak-Timeinfo
Platform
True-Client-Country-4JS
On-Server
Machine
Mail-Subject
V-Age
Country-Code
X-Uri
X-CacheTTL
NGX
X-DefHash
X-Up
X-Accel-Expires-Debug
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Proxy-Firewall
X-Varnish-Remaining-TTL
X-Original-Request-Id
X-Response-Served-From
X-Server-IP
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Newrelic-Synthetics
X-Request-Host
X-Hash
X-Pad
X-DefElseHash
X-Date
X-Cs
Mime-Version
X-Varnish-Hits
X-LB-ID
Debug
X-Render-Time
WP-Super-Cache
X-PERF
X-Depends
X-ApacheServer
X-TT-LOGID
X-CACHE-GROUP
X-Nananana
X-Refresh
X-HITS
X-NGINX-Cache
X-Via-Poph
Pics-Label
X-Via-Popv
X-Cache-FS-Status
X-Datadome
X-HA-Backend
X-Via-Popn
SID
Fastly-Drupal-HTML
X-VHOST
X-Akamai-Transformed
X-Parent-Response-Time
CloudFront-Viewer-Country
X-VC-TTL
Locid
X-M-Reqid
X-Servedbyhost
Datacenter
X-M-Log
X-CACHE-AGE
GeoIP-Latitude
Server-Info
X-LB-NoCache
X-Amz-Meta-Cb-Modifiedtime
X-Cached-By
Fastly-Drupal-Html
BehaviorPad-Version
X-Platform-Cluster
X-Litespeed-Tag
X-Platform-Processor
X-Platform-Router
X-DynaTrace-JS-Agent
X-APP
X-VCache
X-CDN-Cache-Status
Server-ID
X-B3-Parentspanid
X-Old-Content-Length
X-LiteSpeed-Tag
Resin-Trace
Ngx-Var-Key
Cf-Ipcountry
GeoIp-Country-Code
X-CS
X-TIME
X-Wa
Cdn
X-Vgn-Hpd-Reason
X-Nc
X-Moov-Xdn-Version
X-Moov-T
X-TH-Server
X-Content-Length
X-COUNTRY
FSS-Cache
NtCoent-Length
Cross-Origin-Embedder-Policy-Report-Only
X-TX-ID
Tcn
X-IAuth-Set-Uid
CDN
True-Client-Ip
X-Fpc
X-Esi
Uri
X-HostName
X-ZONE
X-Presslabs-Stats
X-SERVER-NAME
X-Dispatcher-Number
Serverhost
X-Application
X-Srv
X-Varnish-Beresp-TTL
X-External-Request-Id
X-User
X-S-Cookie
X-Vc
True-Client-IP
Cf-Device-Type
X-Destination
X-B-Cookie
Vc-Max-Age
X-Zen-Fury
X-NewRelic-App-Data
X-Oracle-DMS-ECID
X-Dynatrace-Js-Agent
X-HOST
X-NC
GeoIP-Country-Code
Product
X-Cdn-Forward
X-RequestId
S-Rt
Srv
X-FPC
X-WA
X-Rocket-Build-Number
X-Instance-Name
X-Sigma
X-Cache-Date
X-Sigma-Backend
Request-ID
X-Cdn-Cache-Status
X-VServer
X-API-Version
X-Dispatch
X-CACHE-KEY
X-Branch-Name
X-Ckpd-Fst-Backend
X-Segment-20210421
Geoip-Latitude
Load-Balancing
X-APP-VERSION
Hostname
X-Geo
X-DynaTrace
X-B3-Spanid
X-Bug-Bounty
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
Srvid
Server-Id
ServerName
X-Is-Crawler
X-ServedByHost
X-Flags
Ohc-File-Size
CacheControlHeader
X-Lb-Nocache
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-DataCenter
Origin-Trial
DataCenter
Cloudfront-Viewer-Country
Type
X-Ua
X-Nf-Country
X-VCL-Version
X-Nf-Language
X-HubSpot-Correlation-Id
X-Page-View
X-Nf-Ats-Version
X-Irp-Debug
Epwk-X-Cache
Lb
X-Cache-Ttl
X-Sql-Count
X-Sql-Duration-Ms
ServerHost
X-Http-Reason
X-Vmg-Version
Cl-Cache
X-App
Cross-Origin-Opener-Policy-Report-Only
X-Akamai-Device-Characteristics
X-Correlation-ID
X-Via-PopN
X-Via-PopV
X-Via-PopH
User-Agent
X-Ha-Backend
PICS-Label
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-SIPLIST1
X-MiniProfiler-Ids
Cneonction
Cmstype
Cmsid
X-Via-CDN
X-Gamma-Serve
IsBot
Edge-Copy-Time
X-Info
X-Via-Edge
X-Via-SSL
X-Owner
Ohc-Cache-HIT
X-Acquia-Purge-Tags
Xc-Version
X-Acquia-Application-UUID
X-Acquia-Site
X-Sqd-Stime
X-Acquia-Application-Trace
Sm-Log-Id
X-Limited
X-Service-Response-Time
X-Sqd-Ctime
X-Proxy-CacheRZ
X-Lb-Id
X-Requestid
X-Datacenter
Warning
X-Qloud-Router
MIME-Version
XkeyRZ
X-Core-Mission
X-MSEdge-Features
X-Web-Server
X-MSEdge-Flight
X-Litespeed-Cache-Control
CountryCode
WZWS-RAY
Servername
X-LAGOON
X-Ramcache
X-Snapshot-Date
X-Origin-Upstream-Status
Expect-Staple
N-Cache
X-Th-Server
X-Serial
X-RAMCache
X-Akamai-Pragma-Client-IP
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
Ngx
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Check-Cacheable
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Fastly-Country-Code