Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Content-Location
X-Node
X-Application-Context
P3p
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
Nginx-Cache
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-Daa-Tunnel
X-Oneagent-Js-Injection
X-Server-Name
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-GitHub-Request-Id
X-Upstream
Edge-Control
X-D2id
Verso
X-Element-Page-Cache
X-Ac
X-MS-InvokeApp
AR-SID
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
Accept-Ch-Lifetime
X-ECACHE
X-FastCGI-Cache
X-B3-TraceId
X-Vcap-Request-Id
X-Cache-TTL
X-Ser
X-Abt-Application-Version
X-Navigation-Version
AR-CACHE
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Fastly-Restarts
X-NF-Request-ID
X-Client-IP
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Aws-Lambda-Call-Status
X-Middleton-Display
Pagespeed
X-Sol
Display
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
X-Goog-Hash
X-Middleton-Response
Response
Cache-Status
X-Version
Access-Control-Request-Method
X-Amzn-Trace-Id
X-VARITI-CCR
X-Ruxit-Js-Agent
X-ARC
X-RateLimit-Remaining
RTSS
X-Fastly-Request-ID
X-Content-Digest
X-Cache-Key
X-Ratelimit-Limit
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-Recruiting
X-T
Realpath
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-Varnish-TTL
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
X-Cached
MS-Author-Via
Content-MD5
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Ua-Browser
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Shield-Request-Id
X-FTR-Backend
X-Protected-By
X-Country-Code-Real
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
Server-Node
Payment
X-Forwarded-Proto
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-TTL
TP-Cache
X-HS-Combine-CSS
X-Frontend
X-LLID
X-SRCache-Fetch-Status
Arr-Disable-Session-Affinity
X-SRCache-Store-Status
X-Ttl
X-Distributor
X-Server-ID
X-FTR-Expires
X-Jurisdiction
X-Accel-Expires
X-HP-Trace-Id
X-HP-Webp
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Count-Hit
X-NODE
X-GUploader-UploadID
X-ORACLE-DMS-RID
X-Origin-Server
X-LB-Cache
X-PressLabs-Stats
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Activity-Id
X-Content-Security-Policy-Report-Only
X-AppVersion
X-Az
Host
X-Ua-Device
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
MRF-Tech
X-Varnish-Backend
X-App-Server
X-Cluster-Name
X-Hits
X-Varnish-Server
Retry-After
Cache-Tags
X-Www-Served-By
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Newrelic-App-Data
Cleartype
X-ORACLE-DMS-ECID
X-Origin-Cache-Key
X-ASPNET-VERSION
X-CSRF-Token
X-Hostname
X-Goog-Metageneration
X-Envoy-Decorator-Operation
X-Geo-Country
X-NGENIX-Cache
Referer-Policy
X-Upgrade-Enabled
X-Id
Access-Control-Allow-Method
TP-L2-Cache
X-Git-Hash
X-DIS-Request-ID
X-Azure-Ref
X-Seen-By
X-Unique-Id
Filterid
TCN
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Load-Cache
X-Tt-Trace-Host
X-Proxy
X-F-Cache
X-Tt-Trace-Tag
X-Revision
X-Request-Guid
X-Trace-Id
X-Cache-Control
Healthy
Section-Io-Cache
X-XRDS-LOCATION
X-Grace
X-B
X-Amzn-RequestId
X-Amz-Apigw-Id
DC
X-B3-Sampled
X-TT
Paypal-Debug-Id
X-Logged-In
X-Type
X-Contextid
X-Fb-Rlafr
X-FB-Debug
X-Px
X-Debug-Info
X-Page-Id
X-Mobile
X-Debug
X-N
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Ttl
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
X-Goog-Generation
X-Oracle-Dms-Ecid
Fastly-SWR
X-Whom
Fastly-SIE
X-Time
Charset
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Via-JSL
X-Webkit-CSP
X-Template
X-Content-Options
Content-Disposition
Version
X-RateLimit-Limit
X-Cache-Grace
X-Magnolia-Registration
X-Varnish-Grace
X-Origin-Cache
X-Wix-Request-Id
X-App-Environment
X-Signature
X-Language
X-EdgeConnect-Cache-Status
X-B-Cache
VIX-Pulpo-Upstream-Status
X-Node-Name
VIX-Pulpo-Node
X-ProcessESI
X-RemovedCookies
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Debug-IsPreview
X-Datadog-Sampled
X-Debug-IsConnected
X-Yottaa-Metrics
X-Rule
X-Amz-Replication-Status
X-Yottaa-Optimizations
X-Tumblr-User
X-Hl-Ver
X-RTag
Countrycode
X-UUID
Ms-Operation-Id
SD-X-WS
MS-CV
X-G
X-Adobe-Content
ServerID
GEO-INFO
X-Adobe-Loc
X-Backend-Name
X-FW-Hash
X-FW-Static
X-FW-Server
X-FW-Type
X-FW-Version
X-Storage
X-FW-Serve
X-Instance
X-FW-Dynamic
X-Cacheable-TTL
X-Rendered-As
X-Is-Bot
X-Cache-Age
X-NYM-Debug-Backend
X-Amzn-Remapped-Content-Length
X-Device-Type
SRV
X-Proxy-Cache-Info
Country
X-Status
X-Region
Liferay-Portal
X-L-Path
X-Cache-Hit
X-B3-SpanId
Surrogate-Key
X-Environment-Context
X-User-Agent
X-IPS-LoggedIn
X-Real-IP
NGB
X-ServerID
X-Source
X-Rid
X-RateLimit-Reset
X-NWS-UUID-VERIFY
X-WP-CF-Super-Cache-Active
X-Sucuri-Cache
Akamai-GRN
X-Sucuri-ID
Cross-Origin-Window-Policy
OT-Force-Account-Verify
X-Servername
From-Origin
X-VC-Cache
X-RM-Cache-TTL
X-WebKit-CSP-Report-Only
Front
X-UA
X-Framework
Upgrade-Insecure-Requests
Backend
Amp-Access-Control-Allow-Source-Origin
X-Air-Pt
X-INCAP-ABP
X-Wormhole-Sdk
X-Mode
X-AB
X-Xrds-Location
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
X-URL
X-Cache-Time
Refresh
X-Content-Powered-By
X-Akamai-Request-ID2
Xet-Cookie
X-RID
X-Handled-By
X-DataDome
X-VC
Frame-Options
X-Edge-Location
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-Xfnlog-Site
X-Webstats-RespID
X-Proxy-Build
X-RCS-CacheZone
X-JoinUs
Accept-Language
Selected-Fe
X-Rewrite-Enabled
Filters
X-UPSTREAM-Address
X-Timing-Wait
Meta-Geo
Url
X-SaId
X-Origin-TTL
X-Rn-Rsrv
X-Origin-CC
X-SRV
Webcakes-App-Name
X-Cluster
X-No-Session
X-Cache-Operation
X-Tumblr-Pixel-2
X-Reqid
Atl-Traceid
ServedBy
Webcakes-App-Version
TWC-Locale-Group
X-Served-From
X-Labrador-Cache-Channel
X-VWS-Id
TWC-Privacy
X-Akamai-Edgescape
X-Logging-Id
TWC-GeoIP-LatLong
X-AWS-Id
X-Origin-Date
X-Cache-Rule
X-PHP-Host
Webcakes-Region
TWC-GeoIP-Country
Cache
TWC-Device-Class
X-LJ-Flow-ID
X-Provided-By
X-Origin
TWC-Connection-Speed
X-Git-Commit
X-Container-Uri
X-Origin-Hint
Property-Id
X-Drupal-Cache-Tags
X-Extlb
WPO-Cache-Message
X-Azure-Ref-OriginShield
WPO-Cache-Status
X-Routing-Service
X-Cache-Debug
X-Cloudmap
Web-Mar-Node
X-Adobe-Source
Mn-Server-Ip
X-IPLB-Instance
X-Site-Version
X-Locale
X-Proxied
X-Zipkin-Id
Cache-Hits
X-Redis-Cache
X-Restarts
X-Vcache
X-IPLB-Request-ID
Access-Control-Request-Headers
Webserver
X-Hosted-By
X-Tb
Section-Io-Id
X-Varnish-Cache-Hits
X-VCT
X-Fetched-On
X-Scope-Id
X-R9-Blue-Green-Version
X-Accel-Version
X-Web-Node
X-Browser-Name
Thinkindot-Control
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
X-Is-Mobile
X-ProxyCache-Status
X-Skip-Cache
X-Tncms
X-Thinkindot-L3
X-ProxyCache-Key
X-Soup
X-Tcp-Rtt
X-Shield-Cache-Expires
X-Upstream-Ct
X-Say-Cacheable
X-S
X-Say-TTL
X-SayCDN-TTL
X-Upstream-Ht
X-Varnish-Age
X-Ms-Version
X-Ms-Request-Id
X-Format
X-Forwarded-Host
X-Frame-Option
X-Drupal-Cache-Contexts
X-Director
X-Cms-Context
X-CMSURLCustom
X-Generation-Time
X-Geo-Region
X-Lambda-Id
X-Loop
X-Is-Tablet
X-Is-Supported-Browser
X-Httpd
X-Is-Desktop
X-BYPASS-REASON
Apigw-Requestid
X-Buckets
X-Nginx-Cache
X-GeoCode
X-GeoCountry
X-ShardId
Xserver
X-Cache-Host
X-Detected-As
X-Varnish-Beresp-Grace
X-CDN-Forward
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-ShopId
X-Generated-By
X-Cache-Status-Check
X-Ratelimit-Reset
X-Cdn-Origin
X-Optimistic-Header
X-Lagoon
LB
X-Worker
X-Rocket-Nginx-Serving-Static
X-Vercel-Id
Source
X-Request-URI
Fastcgi-Useragent
X-Vercel-Cache
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Fastly-Request-Id
X-TA-CDN-Provider
Node
X-Pass-Why
AMP-Access-Control-Allow-Source-Origin
Protected
CDN-RequestCountryCode
CDN-Cache
CDN-RequestPullCode
CDN-Uid
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-PullZone
CDN-CachedAt
Expiry
Onion-Location
X-Connection-Hash
Cross-Origin-Embedder-Policy
X-Vcl-Version
X-GEO
X-Api-Version
X-ECache
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Tumblr-Pixel-3
X-Cache-Expired-At
CDN-RequestId
X-PHP-Backend
X-App-Version
X-Cache-Server
Alternate-Protocol
X-XRDS-Location
Sid
DB-Nickname
Environment
X-Server-W
X-Jobs
Uber-Trace-Id
Priority
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Proxy-Cache-Status
CF-IPCountry
X-Fastcgi-Cache
X-Cache-Action
X-ID
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Ismobilevalue
X-Cluster-Node
X-Tt-Logid
X-B3-Traceid
HostName
User-Cache-Control
X-LSADC-Cache
X-Mg-Request-UUID
Cdn-Requestid
X-Nf-Request-Id
X-Tx-Id
X-MP-GENERATED-AT
Cache-Tv-Group
X-Zone
Ngx.Var.Host
X-Vdms-Version
X-Level-Front-Cache
X-Vdms-Path
X-Jungle-Id
X-Ig-Push-State
X-Clientip
Fusion-Content-Source
Fusion-Content-Id
X-Ig-Origin-Region
X-Forwarded-Site
X-Cache-NE
X-Dispatcher-Server
X-ND-Cache
X-Varnish-Hostname
Candidate-Md5Url
X-NCache
Origin-Agent-Cluster
Fusion-Component-Id
X-Cache-Id
Origin
X-A
Meta-Geo-Continent
X-Hnp-Log
A
X-D
X-Generated-On
Fusion-Deployment-Id
Fusion-Source
X-Developer
Fusion-Template-Id
Gannett-Cam-Experience-Id
X-GeoIP-City
X-Device-Os
X-Gen-Mode
X-Content-Age
X-VTEX-Cache-Time
MD5-Digest
X-VTEX-Cache-Server
X-Viewer-Country
X-Vtex-Remote-Cache
X-Gzip
Lang
Magicmarker
X-Conf
X-Block-Status
Edge-Cache
X-Epic-Correlation-Id
X-ScT
X-Aed
X-A-Wwc
X-Esi-Check
T-Server
X-SRCache-Key
Sslversion
Content-Secure-Policy
Surrogated-Key
X-SB
X-A-Dgt
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Request-Start
X-A-Ccd
X-A-Dam
X-Rojux
X-Powered-By-VTEX-Cache
Vix-Hermes-Req-Id
X-A-Dcw
DCR-Decision-By
X-Ec-GeoHdr
Req-ID
X-BCube-Filmed-By
X-Op-Id-All
X-Bc-Bl
Rendered-Blocks
X-FB-TRIP-ID
X-Node-Id
X-Bl-Debug
X-Bip
X-Ec-Fail
X-DC
X-Origin-Expires
DCR-Processing-Time-Ms
Server-Host
X-TIM-N
X-Thanos
X-Org
X-UA-Device-Type
X-NGINX-Cache
X-Auth-Group-Type
X-Origin-Response-Time
Content-Style-Type
Fastly-Backend-Name
DSUID
Fastly-SSL
X-Cache-Info
X-Auto-Login
Server-Ext
X-Backend-Instance
Release
Powered-By
Server-Hostname
X-App-Name
X-AK-Request-ID
X-Amz-Storage-Class
Ssr
Sever-Int
X-Cache-Bucket
PFcat
X-Core-Value
X-CUA
Host-ID
X-Debug-Cache-Fetch
X-Cdn-Srv
X-Cache-TTL-Remaining
Origin-EX
Origin-CC
Content-Script-Type
NM-Fastcgi-Cache
X-Debug-Cache-Store
X-Fmm-Version
X-HN
X-Policy
X-HS-Content-Campaign-Id
X-Original-Request-Id
X-SD-PageType
X-WA-Info
X-Test
X-Scheme
X-Service
X-V-Cache
X-GeoIP-Region-Code
X-Uri
X-Platform
X-VG-WebCache
X-Origin-Time
X-Mvc-Supplant-Cachable
X-Varnishpool
X-VarnishDD-TTL
X-Nginx-Cache-Key
X-PAYTM-SRV-ID
X-Edge-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Loc
X-Response-Served-From
X-NMSegId
X-Varnish-Director
X-Nyt-Route
CDCHOST
Cdn-Host
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-FC-Vary-Parameters
Cdn-Request-Time
Cdncip
X-Request-Time
X-Req
X-Fastly-Cache
Cdnsip
Cache-Provider
X-Pubstack
X-Region-Sid
X-GeoIP
Odigeo-Trace-Id
Yak-Timeinfo
XM
X-GeoIP-Country-Code
X-Proto
C-Via
X-Var-Ttl
X-Gdpr
X-Geo-Header
AKAMAI
X-SVT-ORM-VERSION
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-Pool
X-Proxied-Request
X-Ad-Load-Variation
X-Aicache-OS
X-Sn-Servicetimems
X-Server-IP
X-Section
X-SVT-ORM-RULES
X-Micro-Cache
X-Csrf-Jwt
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-We-Are-Hiring
X-Contensis-Viewer-Groups
X-Custom-Header
X-From
X-Fastly-Backend
X-Eu-Site
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Request-Host
X-GoCache-CacheStatus
X-Via-Fastly
X-Cache-Aspx
X-Cache-Backend
X-Varnish-Beresp-Status
X-NodeID
X-Varnish-Authentication
X-Mvc-Supplant-OutputCached
X-Mly-Id
X-Human
X-CGP
X-VG-TLSProxy
X-Location
X-Men
X-BBC-Edge-Cache-Status
W
Is-Eu
L
Ha-Gx-Prefs
Gh-Request-Id
X-LiteSpeed-Cache-Control
X-Dc
L5d-Success-Class
Platform
Pramga
On-Server
Mail-Subject
Machine
Fastly-GeoIP-CountryCode
Esi-Enabled
Adler-Geo
Apple-News-Services-Handled
Web-Mar-Region
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Cluster
Country-Code
Canary
Cache-Key
Apple-News-Services-Request-Url
Producers
HA-Ipaddr
True-Client-Country-4JS
V-Age
RNT-Machine
RNT-Time
Req-Svc-Chain
We-Hiring
Redirect-Candidate
X-TT-LOGID
WP-Super-Cache
X-AIR-PT
Tube-Get-Contents
X-Accel-Expires-Debug
Tube-Return
X-Date
X-Up
X-B3-Trace-ID
X-Render-Time
X-Hash
Click-Count-Error
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Tube-Got-Results
Tube-Got-Eval
Click-Count-Action-Start
X-CacheTTL
NGX
Proxy-Firewall
X-PERF
X-ApacheServer
X-Varnish-Remaining-TTL
Debug
X-Varnish-Hits
X-Varnish-CookieINHashed-On
X-COUNTRY
X-DefHash
X-DefElseHash
X-Varnish-CookieHashed-On
X-LB-ID
X-Pad
Mime-Version
X-CACHE-GROUP
X-Nananana
X-Refresh
X-Depends
X-Client-Ip
X-Cs
CloudFront-Viewer-Country
Fastly-Drupal-HTML
Datacenter
SID
X-Via-Poph
Locid
X-Via-Popn
Pics-Label
X-VHOST
X-Akamai-Transformed
X-Via-Popv
X-HA-Backend
X-Servedbyhost
X-Parent-Response-Time
X-Datadome
X-VC-TTL
X-Amz-Meta-Cb-Modifiedtime
GeoIP-Latitude
X-M-Log
X-M-Reqid
X-Cache-FS-Status
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-CACHE-AGE
X-Cached-By
X-HITS
X-LiteSpeed-Tag
X-Old-Content-Length
Fastly-Drupal-Html
X-CS
X-TIME
X-LB-NoCache
X-B3-Parentspanid
Ngx-Var-Key
X-DynaTrace-JS-Agent
X-Litespeed-Tag
Server-Info
BehaviorPad-Version
Resin-Trace
X-CDN-Cache-Status
Cf-Ipcountry
GeoIp-Country-Code
X-Moov-T
Server-ID
X-APP
X-Moov-Xdn-Version
X-TH-Server
Cdn
Cross-Origin-Embedder-Policy-Report-Only
X-Vgn-Hpd-Reason
X-Wa
X-Nc
X-VCache
X-NewRelic-App-Data
FSS-Cache
X-Content-Length
X-IAuth-Set-Uid
NtCoent-Length
X-Varnish-Beresp-TTL
CDN
X-External-Request-Id
X-S-Cookie
X-User
X-Fpc
X-Destination
X-B-Cookie
X-Application
X-Esi
Cf-Device-Type
True-Client-IP
X-TX-ID
X-ZONE
X-CACHE-KEY
X-HostName
Serverhost
Srv
True-Client-Ip
Uri
X-Vc
X-Zen-Fury
X-Srv
X-Presslabs-Stats
X-Dispatcher-Number
X-Cache-Date
X-Sigma
X-Instance-Name
X-Rocket-Build-Number
Tcn
X-Sigma-Backend
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
Vc-Max-Age
X-WA
GeoIP-Country-Code
X-VServer
X-HOST
X-FPC
X-API-Version
X-RequestId
X-Cdn-Forward
S-Rt
Request-ID
Load-Balancing
X-B3-Spanid
X-Cdn-Cache-Status
X-Branch-Name
X-Dispatch
Product
X-NC
X-DynaTrace
X-Segment-20210421
X-APP-VERSION
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Flags
X-Aspnet-Duration-Ms
Hostname
Server-Id
Ohc-File-Size
X-Webkit-Csp-Report-Only
Geoip-Latitude
Srvid
X-FL-QIT-DEBUG
X-Ckpd-Fst-Backend
X-DataCenter
ServerName
X-Lb-Nocache
X-Page-View
Type
X-SERVER-NAME
X-Geo
X-Bug-Bounty
X-ServedByHost
X-Ua
CacheControlHeader
X-Irp-Debug
DataCenter
X-Sql-Count
X-Http-Reason
X-Sql-Duration-Ms
X-VCL-Version
Cloudfront-Viewer-Country
Epwk-X-Cache
Cl-Cache
PICS-Label
X-Via-PopN
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-Cache-Ttl
X-Via-Edge
X-Via-SSL
Ohc-Cache-HIT
X-Via-CDN
X-App
Edge-Copy-Time
IsBot
Origin-Trial
ServerHost
X-Owner
X-SIPLIST1
X-Correlation-ID
Cross-Origin-Opener-Policy-Report-Only
Rtss
X-Srcache-Store-Status
X-HubSpot-Correlation-Id
X-Nf-Language
X-Srcache-Fetch-Status
X-Nf-Ats-Version
X-Nf-Country
XkeyRZ
X-Lb-Id
Cneonction
X-Akamai-Device-Characteristics
X-Core-Mission
User-Agent
MIME-Version
X-Vmg-Version
WZWS-RAY
X-MiniProfiler-Ids
X-Proxy-CacheRZ
Lb
X-Service-Response-Time
X-Fastly-Country-Code
Sm-Log-Id
Cmstype
X-Web-Server
X-Sqd-Ctime
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Gamma-Serve
X-Sqd-Stime
X-Qloud-Router
X-Acquia-Site
X-MSEdge-Flight
X-MSEdge-Features
X-Limited
N-Cache
X-Info
Cmsid
X-Datacenter
Warning
X-LAGOON
X-Hit
X-Litespeed-Cache-Control
Servername
X-IN-APIGATEWAYSSL
Xc-Version
X-IN-APIGATEWAY
X-Amz-Meta-Opti
X-Check-Cacheable
X-Serial
X-RAMCache
X-Akamai-Pragma-Client-IP
X-Requestid
X-Th-Server
X-Ramcache
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
Ngx
X-Snapshot-Date
X-Dw-Trace-Id