Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
X-AspNet-Version
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
Permissions-Policy
X-UA-Device
X-Robots-Tag
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
P3p
X-Pingback
X-Page-Speed
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Clacks-Overhead
Cache-Tag
X-Url
Rating
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-CST
X-Daa-Tunnel
Cross-Origin-Opener-Policy
Nginx-Cache
X-Mcache
X-Browser-Type
X-Edge
X-Midtier
X-Server-Name
X-Powered-By-Plesk
X-Cnection
AR-ATIME
AR-Request-ID
AR-SID
AR-PoweredBy
Accept-Ch
X-ESI
X-Cache-TTL
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
X-D2id
Edge-Control
X-Kinja-Server
Verso
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-MS-InvokeApp
X-Upstream
X-Vcap-Request-Id
X-FastCGI-Cache
AR-CACHE
X-Ser
X-B3-TraceId
X-Abt-Application-Version
X-ECACHE
X-Navigation-Version
X-Dw-Request-Base-Id
X-ASPNET-VERSION
SPIisLatency
SPRequestDuration
Fastly-Restarts
X-Mod-Pagespeed
X-Webkit-Csp
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-NF-Request-ID
X-Kinsta-Cache
X-Edge-Location-Klb
X-Client-IP
X-Ratelimit-Limit
X-Goog-Hash
X-Mg-S
X-ARC
X-Powered-CMS
Edge-Cache-Tag
S
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Oneagent-Js-Injection
X-PDP-UNCACHING-HASH
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
RTSS
X-Cache-Key
X-TraceId
X-Content-Digest
X-Ratelimit-Remaining
X-Fastly-Request-ID
X-TTL
X-T
Cross-Origin-Resource-Policy
Realpath
X-Forwarded-For
X-Recruiting
X-Correlation-Id
X-Varnish-TTL
X-ORACLE-DMS-RID
Fastcgi-Cache
X-Cached
X-MSEdge-Ref
Front-End-Https
X-Shield-Request-Id
X-RateLimit-Remaining
MicrosoftSharePointTeamServices
MS-Author-Via
X-Protected-By
X-FTR-Backend-Server
X-FTR-Backend
Content-MD5
X-FTR-Cache-Status
X-Ua-Browser
X-FTR-Balancer
X-Country-Code-Real
X-HS-Content-Id
X-Forwarded-Proto
X-HS-Hub-Id
X-HS-Cache-Config
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
TP-Cache
X-Frontend
X-LLID
Payment
Server-Node
Arr-Disable-Session-Affinity
X-PressLabs-Stats
X-SRCache-Fetch-Status
X-TEC-API-ROOT
X-SRCache-Store-Status
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Ruxit-Js-Agent
X-HS-Combine-CSS
X-FTR-Expires
Count-Hit
X-GUploader-UploadID
X-Accel-Expires
X-Distributor
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Origin-Server
X-Server-ID
X-LB-Cache
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-NODE
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-Newrelic-App-Data
X-Aws-Lambda-Call-Status
X-Www-Served-By
X-Activity-Id
X-Az
X-Varnish-Server
X-AppVersion
X-App-Server
Accept-Charset
X-ORACLE-DMS-ECID
Host
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Cluster-Name
Cache-Tags
X-Varnish-Backend
Retry-After
X-Content-Security-Policy-Report-Only
X-Amz-Meta-S3cmd-Attrs
Cleartype
X-Ua-Device
Server-Name
X-Goog-Metageneration
Filterid
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Ttl
X-Unique-Id
X-Envoy-Decorator-Operation
X-Git-Hash
X-Azure-Ref
X-Hits
Access-Control-Allow-Method
X-CSRF-Token
X-Hostname
X-Load-Cache
X-Upgrade-Enabled
X-NGENIX-Cache
X-Debug
X-Geo-Country
X-Logged-In
TCN
TP-L2-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Proxy
Referer-Policy
X-Seen-By
X-FB-Debug
X-B
X-Id
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-TT
X-Hcs-Proxy-Type
X-B3-Sampled
Section-Io-Cache
X-Amzn-RequestId
X-Grace
X-Amz-Apigw-Id
X-Trace-Id
X-F-Cache
X-Cache-Control
X-Revision
DC
X-Request-Guid
X-Contextid
X-Time
X-Type
Surrogate-Key
Healthy
X-Fb-Rlafr
Viewport
X-DIS-Request-ID
X-Mobile
X-N
X-XRDS-LOCATION
Paypal-Debug-Id
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Fastly-SWR
Fastly-SIE
X-Page-Id
X-Debug-Info
Content-Disposition
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Px
X-Varnish-Ttl
X-Via-JSL
X-Origin-Cache
X-Varnish-Grace
Version
X-Whom
X-Magnolia-Registration
X-Webkit-CSP
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
X-Amz-Replication-Status
X-Template
Charset
X-Wix-Request-Id
X-RemovedCookies
X-UUID
X-G
X-ProcessESI
X-Debug-IsConnected
Ms-Operation-Id
MS-CV
X-Oracle-Dms-Ecid
X-Adobe-Content
X-Debug-IsPreview
X-App-Environment
X-Adobe-Loc
X-RTag
X-Node-Name
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-B-Cache
VIX-Pulpo-Upstream-Status
X-Yottaa-Optimizations
X-Datadog-Sampled
X-Yottaa-Metrics
X-Cache-Grace
X-Signature
NGB
X-Storage
SD-X-WS
VIX-Pulpo-Node
X-Rule
X-Hl-Ver
X-Source
ServerID
X-FW-Static
X-L-Path
X-Is-Bot
X-NYM-Debug-Backend
X-Region
X-Rendered-As
X-Instance
X-FW-Version
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Type
X-Environment-Context
X-Cacheable-TTL
X-EdgeConnect-Cache-Status
X-User-Agent
X-NWS-UUID-VERIFY
X-Status
X-Device-Type
X-Proxy-Cache-Info
GEO-INFO
X-Rid
Country
X-Cache-Hit
X-Backend-Name
X-Real-IP
X-ServerID
X-IPS-LoggedIn
Cross-Origin-Window-Policy
X-Ratelimit-Reset
Countrycode
X-URL
X-Cache-Age
X-B3-SpanId
X-Amzn-Remapped-Content-Length
Liferay-Portal
Akamai-GRN
X-Wormhole-Sdk
X-Language
X-WP-CF-Super-Cache-Active
X-RM-Cache-TTL
SRV
Front
X-Sucuri-Cache
X-Sucuri-ID
X-Framework
OT-Force-Account-Verify
X-Air-Pt
X-AB
X-Servername
Amp-Access-Control-Allow-Source-Origin
X-UA
From-Origin
X-VC-Cache
X-Oracle-Dms-Rid
X-WebKit-CSP-Report-Only
Xet-Cookie
X-Mode
X-Akamai-Request-ID2
X-Air-Hostname
X-Air-Trace-Id
X-Content-Powered-By
X-Air-Source
Backend
Upgrade-Insecure-Requests
X-VC
X-DataDome
X-Cache-Time
Refresh
X-Ismobilevalue
X-Handled-By
X-Xrds-Location
X-SRV
Accept-Language
X-INCAP-ABP
X-Endurance-Cache-Level
X-Origin-Cache-Key
Filters
X-RID
X-JoinUs
X-UPSTREAM-Address
X-Cache-Status-Check
X-Rewrite-Enabled
X-Rn-Rsrv
Cache
X-RCS-CacheZone
X-SaId
X-Xfnlog-Site
Access-Control-Request-Headers
Meta-Geo
X-Container-Uri
X-Cache-Operation
X-Edge-Location
X-Generated-By
X-Extlb
X-LJ-Flow-ID
X-AWS-Id
X-Cache-Rule
X-PHP-Host
Property-Id
X-Hosted-By
X-Varnish-Age
X-Cloudmap
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Cms-Context
X-Nginx-Cache
X-Tumblr-Pixel-2
X-HTML-Minification-Powered-By
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
X-S
ServedBy
X-Routing-Service
X-VWS-Id
X-Proxied
LB
X-Webstats-RespID
X-Git-Commit
X-Zipkin-Id
Webcakes-App-Name
Webcakes-Region
X-Lambda-Id
X-Provided-By
TWC-Privacy
X-Origin-Hint
X-Adobe-Source
X-Labrador-Cache-Channel
Webcakes-App-Version
X-Geo-Region
Atl-Traceid
X-Is-Desktop
X-Is-Tablet
X-Is-Supported-Browser
X-Logging-Id
X-Is-Mobile
X-Locale
X-Akamai-Edgescape
X-Tb
X-Site-Version
X-Cluster
X-Fastly-Request-Id
X-Web-Node
Url
Apigw-Requestid
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Tncms
X-Api-Version
X-Tcp-Rtt
Section-Io-Id
X-Restarts
X-Redis-Cache
X-Reqid
X-Forwarded-Host
Web-Mar-Node
X-Loop
X-Browser-Name
X-No-Session
X-Fetched-On
X-Skip-Cache
X-Served-From
X-Accel-Version
X-Origin-Date
X-Cache-Debug
X-Scope-Id
X-Frame-Option
X-Format
X-Httpd
X-Detected-As
X-Alternate-Cache-Key
X-Cache-Host
X-Director
Selected-Fe
X-Shopify-Stage
X-Upstream-Ht
X-Varnish-Beresp-Grace
X-Upstream-Ct
X-IPLB-Instance
X-ProxyCache-Key
Frame-Options
X-Proxy-Build
X-Timing-Wait
X-Varnish-Cache-Hits
X-Storefront-Renderer-Rendered
X-SayCDN-TTL
X-Soup
X-Say-TTL
X-ECache
X-Say-Cacheable
X-BYPASS-REASON
X-Origin
X-ProxyCache-Status
X-Azure-Ref-OriginShield
X-Ms-Request-Id
X-Ms-Version
X-IPLB-Request-ID
Xserver
X-GeoCode
X-Optimistic-Header
X-GeoCountry
Webserver
X-RateLimit-Limit
X-VCT
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Request-URI
X-Tt-Logid
WPO-Cache-Message
X-Drupal-Cache-Tags
X-Vcache
WPO-Cache-Status
X-Lagoon
Onion-Location
Thinkindot-CacheControl-Type
TDXMobile
X-Generation-Time
X-Shield-Cache-Expires
X-CMSURLCustom
X-Origin-CC
Thinkindot-CacheControl
X-Origin-TTL
X-Thinkindot-L3
Thinkindot-Control
X-Connection-Hash
Expiry
Protected
X-Drupal-Cache-Contexts
X-CDN-Forward
X-Cdn-Origin
Cache-Hits
X-RateLimit-Reset
X-TA-CDN-Provider
X-Mg-Request-UUID
X-WP-CF-Super-Cache-Cookies-Bypass
X-ID
Cdn-Requestid
X-Vcl-Version
X-Cache-Expired-At
Source
X-Worker
X-Vercel-Cache
X-Vercel-Id
X-Pass-Why
X-PHP-Backend
Priority
X-XRDS-Location
Azure-RegionName
Azure-SiteName
Azure-InstanceId
AMP-Access-Control-Allow-Source-Origin
Fastcgi-Useragent
X-Rocket-Nginx-Serving-Static
Azure-Version
Azure-SlotName
X-Buckets
Environment
Node
X-Cache-Action
X-Proxy-Cache-Status
X-GEO
X-Nf-Request-Id
X-App-Version
Uber-Trace-Id
Sid
CDN-Uid
CDN-RequestPullSuccess
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-CachedAt
CDN-Cache
X-Client-Ip
Cross-Origin-Embedder-Policy
CDN-RequestPullCode
X-Tumblr-Pixel-3
X-Cluster-Node
X-Urbn-Context-Path
Locale
X-Urbn-Site-Id
X-Aspnetmvc-Version
X-Server-W
Cache-Tv-Group
X-Cache-Server
X-FB-TRIP-ID
DB-Nickname
X-Auth-Group-Type
X-Fastcgi-Cache
CF-IPCountry
Alternate-Protocol
X-B3-Traceid
User-Cache-Control
X-Tx-Id
X-HITS
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
X-A
X-Pad
Fusion-Template-Id
X-Jobs
X-Vtex-Remote-Cache
X-Ig-Origin-Region
Origin
X-Block-Status
X-A-Dam
X-ND-Cache
X-D
X-Custom-Header
Rendered-Blocks
X-Aed
X-Service
Origin-Agent-Cluster
X-Level-Front-Cache
X-Hnp-Log
X-Viewer-Country
X-Via-Fastly
X-Ig-Push-State
Odigeo-Trace-Id
X-Ec-GeoHdr
X-Edge-Server
X-Ec-Fail
X-Gen-Mode
Cdn-Host
Cdn-Request-Time
Gannett-Cam-Experience-Id
Content-Secure-Policy
X-Esi-Check
X-Fastly-Backend
DCR-Processing-Time-Ms
DCR-Decision-By
X-Epic-Correlation-Id
X-Dispatcher-Server
Candidate-Md5Url
X-DefHash
Meta-Geo-Continent
X-DefElseHash
A
X-Gzip
Ngx.Var.Host
MD5-Digest
X-GeoIP-City
X-Device-Os
X-Generated-On
Lang
X-Developer
Magicmarker
X-Vdms-Version
X-Bl-Debug
X-Rojux
X-BCube-Filmed-By
X-SB
X-ScT
X-Varnish-CookieINHashed-On
T-Server
X-A-Dgt
Sslversion
X-Conf
X-A-Wwc
Surrogated-Key
X-Op-Id-All
X-Varnish-CookieHashed-On
X-Cache-TTL-Remaining
X-TIM-N
Wxu-Next-Region
X-UA-Device-Type
X-V-Cache
X-A-Ccd
X-A-Dcw
Wxu-Next-Hostname
X-Cache-NE
X-SRCache-Key
X-Cache-Id
Wxu-Next-Commit
Edge-Cache
X-Req
X-Core-Value
HostName
X-Content-Age
X-Bc-Bl
X-Origin-Expires
X-Varnish-Remaining-TTL
X-Org
X-DC
Mime-Version
X-LSADC-Cache
Is-Eu
Host-ID
Vix-Hermes-Req-Id
X-Debug-Cache-Fetch
V-Age
X-Cache-Info
Platform
X-B3-Trace-ID
Powered-By
Req-ID
Fastly-Backend-Name
Esi-Enabled
Producers
Fastly-SSL
X-Bip
Tube-Return
X-Ad-Load-Variation
X-DPWN-IS-SECURE
Tube-Got-Eval
Ssr
X-Acquia-Purge-Cdn-Unconfigured
X-AK-Request-ID
X-Debug-Cache-Store
X-Auto-Login
Sever-Int
X-Amz-Storage-Class
Server-Host
Server-Hostname
Server-Ext
Origin-CC
X-Clientip
RNT-Machine
X-App-Name
X-Cache-Bucket
Tube-Got-Results
Tube-Get-Contents
Origin-EX
NM-Fastcgi-Cache
X-Cdn-Srv
RNT-Time
PFcat
X-Loc
X-VG-WebCache
X-PAYTM-SRV-ID
X-Origin-Time
X-Fastly-Cache
X-VG-TLSProxy
X-VarnishDD-TTL
X-Powered-By-VTEX-Cache
X-Origin-Response-Time
X-Nyt-Route
X-VTEX-Cache-Time
X-Test
X-NMSegId
X-Node-Id
X-VTEX-Cache-Server
X-NodeID
X-Varnish-Hostname
X-RateLimit-Limit-Second
X-Sn-Servicetimems
X-Thanos
X-NGINX-Cache
X-SVT-ORM-RULES
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Server-IP
X-SD-PageType
X-Region-Sid
X-RateLimit-Remaining-Second
X-Dc
X-Varnish-Director
X-Scheme
X-Request-Time
X-WA-Info
X-Nginx-Cache-Key
Cdncip
Cdnsip
CDCHOST
Cache-Provider
X-Mly-Id
X-Geo-Header
X-Gdpr
Click-Count-Action-Start
Content-Style-Type
Country-Code
Content-Script-Type
X-Fmm-Version
Click-Count-Error
X-Forwarded-Site
X-GeoIP
C-Via
X-HS-Content-Campaign-Id
XM
X-Wikidot-Backend
X-Backend-Instance
X-Micro-Cache
X-Men
X-Wikidot-Static-Cache
X-HN
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GoCache-CacheStatus
AKAMAI
Adler-Geo
X-Aicache-OS
X-Cache-Aspx
X-Varnishpool
X-We-Are-Hiring
X-Var-Ttl
Yak-Timeinfo
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Policy
X-Location
X-Mvc-Supplant-Cachable
X-Date
X-CUA
X-Human
X-Hash
X-FC-Vary-Parameters
X-Ec-Custom-Error
X-Depends
X-Platform
X-Contensis-Viewer-Groups
X-Request-Start
X-Section
X-CacheTTL
X-Slack-Backend
X-Request-Host
X-Pubstack
X-Pool
X-Proto
X-Proxied-Request
X-Slack-Shared-Secret-Outcome
X-BBC-Edge-Cache-Status
Req-Svc-Chain
Release
Fastly-GeoIP-CountryCode
True-Client-Country-4JS
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Proxy-Firewall
Cluster
Machine
L
NGX
On-Server
Pramga
DSUID
Apple-News-Services-Host
Cache-Key
X-LiteSpeed-Cache-Control
X-Accel-Expires-Debug
Apple-News-Services-Handled
Web-Mar-Region
X-Access
X-Varnish-Beresp-Ttl
X-Eu-Site
Mail-Subject
X-MP-GENERATED-AT
L5d-Success-Class
X-Mvc-Supplant-OutputCached
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Zone
X-NCache
X-From
X-CGP
X-Up
We-Hiring
Canary
W
X-Csrf-Jwt
X-AIR-PT
X-Jungle-Id
X-Cache-FS-Status
X-Varnish-Hits
CDN-RequestId
WP-Super-Cache
X-Cache-Backend
X-Vdms-Path
X-LB-ID
Redirect-Candidate
X-Akamai-Transformed
X-Uri
X-Refresh
X-CACHE-AGE
Debug
CloudFront-Viewer-Country
Server-Info
X-Cs
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
SID
Fastly-Drupal-HTML
BehaviorPad-Version
X-Servedbyhost
X-Via-Poph
Pics-Label
X-Via-Popn
X-Nananana
X-HA-Backend
X-Via-Popv
X-Parent-Response-Time
X-Newrelic-Synthetics
X-ApacheServer
X-VHOST
X-APP
X-Render-Time
X-PERF
GeoIP-Latitude
X-Datadome
X-VC-TTL
X-M-Log
X-B3-Parentspanid
X-M-Reqid
X-SERVER-NAME
X-CS
Fastly-Drupal-Html
X-Response-Served-From
X-Original-Request-Id
X-CDN-Cache-Status
X-Content-Length
X-Cached-By
X-LB-NoCache
X-Nc
Locid
Resin-Trace
Datacenter
X-TT-LOGID
X-Litespeed-Tag
X-DynaTrace-JS-Agent
GeoIp-Country-Code
X-Wa
Server-ID
X-LiteSpeed-Tag
X-IAuth-Set-Uid
Cf-Ipcountry
X-Amz-Meta-Cb-Modifiedtime
Cdn
NtCoent-Length
Vc-Max-Age
X-Varnish-Beresp-TTL
X-ZONE
X-Dispatcher-Number
X-RequestId
X-Old-Content-Length
X-VCache
Ngx-Var-Key
Srv
Uri
True-Client-IP
X-Fpc
FSS-Cache
X-NewRelic-App-Data
X-TIME
Product
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
CDN
X-Vgn-Hpd-Reason
X-Nf-Language
Serverhost
X-Nf-Ats-Version
X-B3-Spanid
X-Nf-Country
X-Esi
X-CACHE-KEY
X-Srv
X-HostName
X-TX-ID
X-TH-Server
X-Moov-Xdn-Version
X-Ckpd-Fst-Backend
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Moov-T
True-Client-Ip
X-Cdn-Forward
X-Vc
X-FPC
X-HubSpot-Correlation-Id
ServerName
X-Dynatrace-Js-Agent
S-Rt
Tcn
X-Oracle-DMS-ECID
Cross-Origin-Embedder-Policy-Report-Only
GeoIP-Country-Code
Cf-Device-Type
X-Bug-Bounty
X-WA
Request-ID
CacheControlHeader
X-Dispatch
X-Destination
Server-Id
X-NC
X-User
X-Application
X-B-Cookie
X-S-Cookie
X-External-Request-Id
X-Cdn-Cache-Status
X-APP-VERSION
Hostname
X-Zen-Fury
X-COUNTRY
Geoip-Latitude
X-Sigma-Backend
X-FL-QIT-DEBUG
X-Sigma
X-Vmg-Version
X-Lb-Nocache
X-Rocket-Build-Number
X-Webkit-Csp-Report-Only
User-Agent
X-Akamai-Device-Characteristics
X-Cache-Date
X-Instance-Name
Srvid
X-Presslabs-Stats
X-Ha-Backend
X-Gamma-Serve
X-Info
ServerHost
X-VServer
X-Geo
Ohc-File-Size
X-API-Version
X-Via-PopV
X-Segment-20210421
X-Via-PopN
X-Via-PopH
Origin-Trial
X-ServedByHost
PICS-Label
Xc-Version
Cneonction
X-Branch-Name
X-VCL-Version
Epwk-X-Cache
Expect-Staple
Cloudfront-Viewer-Country
DataCenter
X-Hit
Load-Balancing
X-DataCenter
X-App
X-Akamai-Pragma-Client-IP
X-Amz-Meta-Opti
X-Correlation-ID
X-DynaTrace
X-Limited
X-Ua
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
X-MiniProfiler-Ids
Type
X-Lb-Id
Ohc-Cache-HIT
X-Check-Cacheable
X-Serial
X-V
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-Wp-Cf-Super-Cache
X-Platform-Server
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-New
X-Rollout
WZWS-RAY
N-Cache
Timeexpire
Cmstype
Cmsid
X-Sqd-Stime
Permission-Policy
X-Eligible
X-Acquia-Purge-Tags
X-Acquia-Site
X-Sqd-Ctime
X-Fastly-Backend-Reqs
Cross-Origin-Opener-Policy-Report-Only
X-Datacenter
X-MSEdge-Features
X-Irp-Debug
Warning
X-Owner
X-MSEdge-Flight
X-Web-Server
Sm-Log-Id
X-Service-Response-Time
WebServer
X-CSRF-TOKEN
CountryCode
X-LAGOON
X-Litespeed-Cache-Control
Servername
X-IN-APIGATEWAYSSL
Wpo-Cache-Message
X-Udemy-Cache-App-Namespace
X-Ramcache
X-Core-Mission
Wpo-Cache-Status
X-IN-APIGATEWAY
X-Amz-Meta-Sha256
X-Qloud-Router
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
Edge-Copy-Time
X-Amz-Meta-S3b-Last-Modified
X-Requestid
Cl-Cache
X-Snapshot-Date
X-RAMCache
X-Th-Server
X-Shopid
X-Shardid
X-Origin-Upstream-Status
X-Dw-Trace-Id
Ngx