Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
X-Ua-Compatible
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Allow
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
Cf-Railgun
EagleEye-TraceId
X-Host
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
Rating
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Server-Name
X-Mcache
X-Edge
X-Browser-Type
X-Midtier
X-Powered-By-Plesk
X-Cnection
X-ESI
Accept-Ch
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-D2id
X-Element-Page-Cache
X-GitHub-Request-Id
X-Ac
Edge-Control
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
Verso
X-MS-InvokeApp
X-Webkit-Csp
X-Cache-TTL
X-Upstream
X-Vcap-Request-Id
X-Ser
X-ECACHE
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-B3-TraceId
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Mod-Pagespeed
Fastly-Restarts
X-NF-Request-ID
X-SharePointHealthScore
X-Amz-Rid
SPRequestGuid
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Client-IP
X-Kinsta-Cache
X-Edge-Location-Klb
X-Ratelimit-Limit
X-Mg-S
X-Goog-Hash
Edge-Cache-Tag
Display
X-Sol
X-Powered-CMS
X-Middleton-Display
Pagespeed
X-ARC
S
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-PDP-UNCACHING-HASH
X-Ratelimit-Remaining
X-Cache-Key
RTSS
X-Content-Digest
X-TraceId
X-Fastly-Request-ID
Cross-Origin-Resource-Policy
X-Forwarded-For
Realpath
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
X-Server-ID
Fastcgi-Cache
X-TTL
X-Cached
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
MS-Author-Via
X-Protected-By
Content-MD5
X-HS-Cache-Config
X-Ua-Browser
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Backend
X-FTR-Backend-Server
Public-Key-Pins
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-Frontend
X-Forwarded-Proto
Payment
MicrosoftSharePointTeamServices
Server-Node
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-LLID
Arr-Disable-Session-Affinity
X-Varnish-TTL
X-PressLabs-Stats
X-TEC-API-ORIGIN
X-Aws-Lambda-Call-Status
X-TEC-API-ROOT
X-TEC-API-VERSION
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Combine-CSS
X-RateLimit-Remaining
X-FTR-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Count-Hit
X-GUploader-UploadID
X-Accel-Expires
X-Distributor
X-Origin-Server
X-LB-Cache
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Microsite
X-Request-Handler-Origin-Region
X-AppVersion
X-Newrelic-App-Data
X-Az
X-Activity-Id
X-Varnish-Server
X-Cluster-Name
X-App-Server
X-Varnish-Backend
Cache-Tags
X-Ttl
Host
X-Www-Served-By
MRF-Tech
X-Content-Security-Policy-Report-Only
Accept-Charset
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Amz-Meta-S3cmd-Attrs
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
Retry-After
Cleartype
Server-Name
X-Ua-Device
X-Goog-Metageneration
X-Hits
Filterid
X-Unique-Id
X-Git-Hash
X-ASPNET-VERSION
X-Envoy-Decorator-Operation
X-Hostname
Access-Control-Allow-Method
X-CSRF-Token
X-Geo-Country
X-Upgrade-Enabled
X-Load-Cache
X-Azure-Ref
Referer-Policy
X-Varnish-Ttl
X-NGENIX-Cache
X-Debug
TP-L2-Cache
X-Logged-In
X-Tt-Trace-Host
X-Time
X-Tt-Trace-Tag
TCN
X-Seen-By
X-Proxy
X-FB-Debug
X-Amzn-RequestId
X-B3-Sampled
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-Amz-Apigw-Id
X-CCDN-CacheTTL
X-Trace-Id
Section-Io-Cache
X-Grace
X-Revision
DC
X-Cache-Control
X-B
X-Id
Healthy
X-F-Cache
X-Type
X-TT
X-Request-Guid
X-Fb-Rlafr
Surrogate-Key
X-Contextid
X-DIS-Request-ID
X-XRDS-LOCATION
Viewport
X-Mobile
Paypal-Debug-Id
X-N
X-Goog-Generation
X-WP-CF-Super-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-WP-CF-Super-Cache-Cache-Control
X-Debug-Info
Fastly-SIE
X-Page-Id
Fastly-SWR
X-Px
Content-Disposition
X-Origin-Cache
X-Whom
X-Varnish-Grace
X-Via-JSL
Version
X-Content-Options
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Webkit-CSP
X-Datadog-Parent-Id
X-Magnolia-Registration
Charset
X-Template
X-Amz-Replication-Status
X-Wix-Request-Id
X-Cache-Grace
X-App-Environment
X-Oracle-Dms-Ecid
X-Node-Name
X-Rule
X-UUID
X-RTag
X-RemovedCookies
X-ProcessESI
MS-CV
Ms-Operation-Id
X-Cache-Age
SD-X-WS
X-Tumblr-Pixel-1
VIX-Pulpo-Node
X-Tumblr-User
VIX-Pulpo-Upstream-Status
X-Yottaa-Metrics
X-G
X-Debug-IsPreview
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Tumblr-Pixel-0
X-Datadog-Sampled
X-Tumblr-Pixel
X-Hl-Ver
X-Instance
X-User-Agent
X-Adobe-Content
X-Adobe-Loc
X-Storage
X-Region
X-Source
X-L-Path
X-FW-Version
ServerID
X-Signature
X-Environment-Context
X-FW-Serve
X-FW-Dynamic
X-Cacheable-TTL
X-Backend-Name
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-NWS-UUID-VERIFY
X-EdgeConnect-Cache-Status
X-B-Cache
X-Device-Type
X-NYM-Debug-Backend
X-Proxy-Cache-Info
X-Status
X-Cache-Hit
Country
GEO-INFO
NGB
X-Rendered-As
X-Is-Bot
X-ServerID
X-Real-IP
X-Rid
Countrycode
X-IPS-LoggedIn
SRV
Cross-Origin-Window-Policy
X-Language
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-B3-SpanId
Liferay-Portal
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
X-RM-Cache-TTL
X-Wormhole-Sdk
X-Sucuri-Cache
Amp-Access-Control-Allow-Source-Origin
X-Origin-Cache-Key
Front
X-Ratelimit-Reset
OT-Force-Account-Verify
X-Framework
X-Servername
X-Air-Pt
X-UA
From-Origin
X-Xrds-Location
X-VC-Cache
X-Oracle-Dms-Rid
X-AB
X-VC
X-Content-Powered-By
Xet-Cookie
X-Mode
X-Air-Trace-Id
X-Air-Source
X-Air-Hostname
Backend
X-Akamai-Request-ID2
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
X-DataDome
X-Cache-Time
Refresh
X-Nginx-Cache
X-INCAP-ABP
X-Handled-By
X-URL
Accept-Language
X-SRV
X-Endurance-Cache-Level
Meta-Geo
X-SaId
Cache
X-RID
X-UPSTREAM-Address
X-RCS-CacheZone
Filters
X-Xfnlog-Site
X-JoinUs
X-Edge-Location
X-Rewrite-Enabled
X-Rn-Rsrv
X-Labrador-Cache-Channel
X-Cache-Operation
X-Lambda-Id
Webserver
X-Cache-Rule
Access-Control-Request-Headers
X-Cache-Status-Check
TWC-GeoIP-Country
X-Routing-Service
X-Webstats-RespID
X-Generated-By
X-VWS-Id
X-Varnish-Age
X-Cloudmap
X-Container-Uri
X-Extlb
X-Git-Commit
X-Zipkin-Id
X-Hosted-By
X-Origin-Hint
X-Origin-Date
X-PHP-Host
X-Provided-By
X-Reqid
X-Proxied
X-AWS-Id
X-Cluster
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-App-Name
ServedBy
TWC-Connection-Speed
TWC-Privacy
Property-Id
TWC-Locale-Group
X-LJ-Flow-ID
X-Adobe-Source
X-Loop
X-IPLB-Request-ID
X-Cms-Context
X-R9-Blue-Green-Version
X-HTML-Minification-Powered-By
LB
Section-Io-Id
X-IPLB-Instance
X-Restarts
X-No-Session
X-Forwarded-Host
X-Tncms
X-Logging-Id
X-Akamai-Edgescape
X-Tb
X-Skip-Cache
X-Served-From
Apigw-Requestid
X-Accel-Version
Mn-Server-Ip
X-Web-Node
Web-Mar-Node
X-Scope-Id
X-Fetched-On
X-Locale
X-Tumblr-Pixel-2
X-Site-Version
Url
Atl-Traceid
X-Fastly-Request-Id
Frame-Options
X-Ismobilevalue
X-Say-TTL
X-SayCDN-TTL
X-Soup
X-Upstream-Ct
X-Timing-Wait
X-Say-Cacheable
X-Proxy-Build
X-Director
X-Cache-Host
X-Format
X-Frame-Option
X-Upstream-Ht
X-RateLimit-Reset
X-Redis-Cache
X-Varnish-Beresp-Grace
X-Ms-Request-Id
X-Is-Tablet
X-Is-Supported-Browser
X-Ms-Version
X-ProxyCache-Key
X-Tcp-Rtt
X-ProxyCache-Status
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
X-VCT
X-Varnish-Cache-Hits
X-BYPASS-REASON
X-Cache-Debug
X-Httpd
X-Geo-Region
Selected-Fe
X-Origin
WPO-Cache-Message
X-GeoCode
WPO-Cache-Status
X-S
X-Shopify-Stage
X-GeoCountry
X-Alternate-Cache-Key
X-RateLimit-Limit
X-Azure-Ref-OriginShield
X-ECache
Xserver
X-Storefront-Renderer-Rendered
X-Detected-As
X-Optimistic-Header
X-Api-Version
X-Vcache
X-Request-URI
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Drupal-Cache-Tags
X-Sorting-Hat-ShopId
X-Origin-CC
X-Origin-TTL
X-CDN-Forward
Cache-Hits
Thinkindot-Control
X-Generation-Time
TDXMobile
X-Lagoon
Thinkindot-CacheControl
X-CMSURLCustom
Thinkindot-CacheControl-Type
X-Shield-Cache-Expires
X-Thinkindot-L3
Source
X-Drupal-Cache-Contexts
Fastcgi-Useragent
Onion-Location
X-Cdn-Origin
Protected
Expiry
X-Connection-Hash
X-Tt-Logid
X-WP-CF-Super-Cache-Cookies-Bypass
Cdn-Requestid
X-ID
X-Vercel-Cache
X-Worker
X-Vercel-Id
X-TA-CDN-Provider
X-Buckets
X-Vcl-Version
X-Cache-Expired-At
X-Pass-Why
Azure-InstanceId
Azure-RegionName
Azure-SlotName
X-B3-Traceid
X-PHP-Backend
X-Mg-Request-UUID
Azure-Version
X-Rocket-Nginx-Serving-Static
Azure-SiteName
Node
X-Fastcgi-Cache
X-GEO
Priority
X-Cache-Action
Environment
Cross-Origin-Embedder-Policy
X-App-Version
CDN-RequestPullCode
Uber-Trace-Id
CDN-Cache
CDN-CachedAt
Sid
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-Uid
X-Proxy-Cache-Status
X-Tumblr-Pixel-3
AMP-Access-Control-Allow-Source-Origin
X-Cluster-Node
X-Aspnetmvc-Version
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Server-W
X-XRDS-Location
DB-Nickname
Cache-Tv-Group
X-Cache-Server
CF-IPCountry
X-FB-TRIP-ID
Alternate-Protocol
X-Tx-Id
X-Auth-Group-Type
X-Jobs
User-Cache-Control
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
HostName
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Content-Id
X-D
X-Custom-Header
X-Content-Age
X-Developer
X-Device-Os
X-Vtex-Remote-Cache
X-Dispatcher-Server
X-Conf
Candidate-Md5Url
X-Cache-Id
X-Block-Status
X-V-Cache
X-Vdms-Version
X-Op-Id-All
X-Cache-NE
X-Viewer-Country
X-Ec-Fail
Content-Secure-Policy
X-Generated-On
X-Service
X-Gen-Mode
X-GeoIP-City
X-Gzip
X-Ig-Origin-Region
X-Hnp-Log
X-Fastly-Backend
X-Ig-Push-State
X-Level-Front-Cache
X-Org
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-Origin-Expires
X-Esi-Check
X-ND-Cache
X-UA-Device-Type
DCR-Processing-Time-Ms
Origin-Agent-Cluster
Edge-Cache
Rendered-Blocks
Sslversion
T-Server
Surrogated-Key
Origin
Gannett-Cam-Experience-Id
Lang
X-SB
Magicmarker
Meta-Geo-Continent
X-ScT
Odigeo-Trace-Id
Ngx.Var.Host
Wxu-Next-Hostname
Wxu-Next-Region
X-Bc-Bl
X-Aed
X-SRCache-Key
A
X-BCube-Filmed-By
X-TIM-N
X-Bl-Debug
X-A-Wwc
DCR-Decision-By
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Rojux
MD5-Digest
Wxu-Next-Commit
X-Pad
X-LSADC-Cache
X-Client-Ip
X-DC
X-Nf-Request-Id
X-Fastly-Cache
X-Forwarded-Site
X-FC-Vary-Parameters
X-Varnish-CookieHashed-On
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Varnish-CookieINHashed-On
X-Gdpr
X-Req
X-GeoIP-Country-Code
X-HS-Content-Campaign-Id
X-Loc
X-Men
X-HN
X-GoCache-CacheStatus
X-Varnish-Remaining-TTL
X-GeoIP-Region-Code
X-GeoIP
X-Cache-Info
Server-Hostname
Sever-Int
Ssr
V-Age
Server-Host
Server-Ext
PFcat
Powered-By
Req-ID
Vix-Hermes-Req-Id
X-AK-Request-ID
X-Cache-Bucket
X-Mvc-Supplant-Cachable
X-Cdn-Srv
X-Bip
X-Backend-Instance
X-Amz-Storage-Class
X-App-Name
X-Auto-Login
X-Clientip
X-Node-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Thanos
X-Varnish-Director
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-SD-PageType
X-Server-IP
X-Sn-Servicetimems
X-Varnish-Hostname
X-VarnishDD-TTL
XM
Cdn-Host
Cdn-Request-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VG-WebCache
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Scheme
X-Cache-TTL-Remaining
X-Origin-Time
X-PAYTM-SRV-ID
X-Platform
X-Policy
X-Origin-Response-Time
X-Edge-Server
X-NMSegId
Origin-EX
X-Nyt-Route
X-Powered-By-VTEX-Cache
X-Proto
X-Request-Time
X-DefElseHash
X-Core-Value
X-Region-Sid
X-RateLimit-Remaining-Second
X-Pubstack
X-DefHash
X-RateLimit-Limit-Second
X-Nginx-Cache-Key
X-CacheTTL
Host-ID
Cdnsip
Content-Script-Type
Content-Style-Type
Origin-CC
Fastly-Backend-Name
Fastly-SSL
Cdncip
C-Via
Cache-Provider
AKAMAI
CDCHOST
NM-Fastcgi-Cache
X-Dc
X-MP-GENERATED-AT
Mime-Version
X-Depends
X-Ec-Custom-Error
X-Eu-Site
X-NCache
X-Date
Canary
Cache-Key
X-CUA
Gh-Request-Id
X-Mvc-Supplant-OutputCached
X-Csrf-Jwt
X-Location
X-Hash
X-DPWN-IS-SECURE
DSUID
X-NodeID
Fastly-GeoIP-CountryCode
X-Micro-Cache
Cluster
X-Fmm-Version
X-Human
X-Geo-Header
Apple-News-Services-Host
X-Varnishpool
RNT-Machine
Producers
X-Varnish-Beresp-Status
X-Varnish-Authentication
RNT-Time
X-Var-Ttl
Platform
Is-Eu
Adler-Geo
Click-Count-Error
Yak-Timeinfo
Country-Code
Esi-Enabled
X-We-Are-Hiring
Tube-Get-Contents
Tube-Got-Eval
X-Proxied-Request
X-Request-Host
X-Request-Start
Apple-News-Services-Handled
X-Pool
Apple-News-Services-Parsed-Url
X-VG-TLSProxy
X-Section
X-B3-Trace-ID
Tube-Return
Tube-Got-Results
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
Apple-News-Services-Request-Url
X-Mly-Id
Web-Mar-Region
X-WA-Info
We-Hiring
W
Click-Count-Action-Start
X-Accel-Expires-Debug
X-Access
L5d-Success-Class
X-Cache-Aspx
Machine
Mail-Subject
X-Aicache-OS
True-Client-Country-4JS
L
Proxy-Firewall
X-CGP
HA-Ipaddr
Pramga
Ha-Gx-Prefs
X-Contensis-Viewer-Groups
X-Via-Fastly
On-Server
Release
X-HITS
X-Varnish-Beresp-Ttl
X-Jungle-Id
X-LiteSpeed-Cache-Control
X-From
Req-Svc-Chain
X-Up
X-BBC-Edge-Cache-Status
NGX
X-NGINX-Cache
X-Zone
X-AIR-PT
X-Cache-Backend
X-Vdms-Path
Debug
WP-Super-Cache
X-Uri
X-Cs
CDN-RequestId
X-Cache-FS-Status
X-Varnish-Hits
X-Akamai-Transformed
X-LB-ID
CloudFront-Viewer-Country
Redirect-Candidate
X-CACHE-GROUP
X-Tec-Api-Version
X-Tec-Api-Root
X-Newrelic-Synthetics
X-Tec-Api-Origin
SID
Server-Info
X-Servedbyhost
Fastly-Drupal-HTML
X-PERF
X-Via-Popv
X-Refresh
X-Render-Time
Pics-Label
X-Via-Popn
X-Via-Poph
X-HA-Backend
X-ApacheServer
GeoIP-Latitude
X-Nananana
X-Response-Served-From
X-Original-Request-Id
X-VHOST
BehaviorPad-Version
X-B3-Parentspanid
X-M-Log
X-APP
X-M-Reqid
X-VC-TTL
X-Datadome
X-TT-LOGID
X-Parent-Response-Time
Fastly-Drupal-Html
X-Cached-By
Locid
X-LB-NoCache
X-CACHE-AGE
X-Content-Length
Resin-Trace
Datacenter
X-CS
X-Litespeed-Tag
X-DynaTrace-JS-Agent
X-Wa
X-Amz-Meta-Cb-Modifiedtime
Server-ID
X-Nc
X-CDN-Cache-Status
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-IAuth-Set-Uid
Cf-Ipcountry
X-LiteSpeed-Tag
NtCoent-Length
GeoIp-Country-Code
Cdn
X-ZONE
Ngx-Var-Key
Uri
X-Old-Content-Length
X-Varnish-Beresp-TTL
X-VCache
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Vc-Max-Age
X-Fpc
X-RequestId
FSS-Cache
X-Dispatcher-Number
X-Vgn-Hpd-Reason
CDN
X-NewRelic-App-Data
Serverhost
X-Moov-T
X-Moov-Xdn-Version
X-TH-Server
X-Esi
True-Client-IP
Product
True-Client-Ip
X-B3-Spanid
X-TX-ID
X-HostName
X-SERVER-NAME
Srv
X-Srv
Cross-Origin-Embedder-Policy-Report-Only
X-Dynatrace-Js-Agent
X-Ckpd-Fst-Backend
X-FPC
Tcn
X-Nf-Ats-Version
X-Nf-Country
GeoIP-Country-Code
X-Nf-Language
X-TIME
X-Oracle-DMS-ECID
ServerName
X-Bug-Bounty
X-Cdn-Cache-Status
X-Cdn-Forward
X-Destination
X-User
X-External-Request-Id
X-S-Cookie
X-Application
X-B-Cookie
Cf-Device-Type
S-Rt
Request-ID
X-HubSpot-Correlation-Id
X-NC
X-Vc
Server-Id
X-Dispatch
X-APP-VERSION
X-WA
X-Zen-Fury
X-Webkit-Csp-Report-Only
CacheControlHeader
X-CACHE-KEY
Hostname
X-Sigma-Backend
X-Cache-Date
X-Sigma
X-Instance-Name
X-Rocket-Build-Number
X-COUNTRY
Geoip-Latitude
X-VServer
X-API-Version
X-FL-QIT-DEBUG
Srvid
X-Presslabs-Stats
Ohc-File-Size
X-Vmg-Version
X-Branch-Name
X-Via-PopH
User-Agent
X-Akamai-Device-Characteristics
X-Via-PopV
X-Via-PopN
X-Lb-Nocache
X-Geo
X-Ha-Backend
X-Segment-20210421
DataCenter
Origin-Trial
X-Info
X-ServedByHost
Load-Balancing
X-Gamma-Serve
ServerHost
X-VCL-Version
X-DynaTrace
Xc-Version
X-DataCenter
Epwk-X-Cache
Cneonction
Cloudfront-Viewer-Country
PICS-Label
X-Cache-Ttl
X-App
X-Akamai-Pragma-Client-IP
X-Limited
Type
X-Ua
Expect-Staple
X-Correlation-ID
X-Srcache-Fetch-Status
Rtss
X-Srcache-Store-Status
X-Owner
X-Serial
X-Hit
X-Lb-Id
Cross-Origin-Opener-Policy-Report-Only
X-Irp-Debug
X-Amz-Meta-Opti
X-Check-Cacheable
X-MiniProfiler-Ids
Ohc-Cache-HIT
Lb
X-Service-Response-Time
X-Acquia-Site
X-Sqd-Stime
X-Acquia-Purge-Tags
Cl-Cache
Sm-Log-Id
X-Sqd-Ctime
X-Acquia-Application-UUID
X-Web-Server
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Qloud-Router
Timeexpire
X-Via-SSL
X-Via-Edge
X-Via-CDN
X-Flags
X-Aspnet-Duration-Ms
X-MSEdge-Flight
Cmstype
Edge-Copy-Time
X-MSEdge-Features
X-Datacenter
X-Core-Mission
Warning
X-Acquia-Application-Trace
Cmsid
X-Page-View
Servername
CountryCode
X-CSRF-TOKEN
X-LAGOON
X-Litespeed-Cache-Control
X-Origin-Upstream-Status
X-SIPLIST1
X-Http-Reason
X-Requestid
X-Shardid
X-Sql-Duration-Ms
X-Sorting-Hat-Podid
X-RAMCache
X-Sorting-Hat-Shopid
X-Sql-Count
X-Shopid
X-Ramcache
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-IN-APIGATEWAYSSL
Ngx
X-Th-Server
X-Udemy-Cache-App-Namespace
X-Snapshot-Date
IsBot