Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Accept-CH
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Request-ID
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
Permissions-Policy
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Robots-Tag
P3p
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Proxy-Cache
X-Server
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Backend-Server
Cf-Railgun
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
Surrogate-Control
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-HW
X-Node
Request-Id
X-Cloud-Trace-Context
X-Litespeed-Cache
X-Country
Content-Location
X-Nginx-Cache-Status
X-Application-Context
Accept-Ch-Lifetime
X-Nginx-Upstream-Cache-Status
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-Rack-Cache
X-PC
X-TtlSet
X-Vname
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
AR-Request-ID
AR-SID
AR-ATIME
AR-PoweredBy
X-Powered-By-Plesk
X-Cache-TTL
X-Cnection
X-FTR-Request-ID
X-ESI
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
X-D2id
Verso
Edge-Control
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-CST
AR-CACHE
X-MS-InvokeApp
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Dw-Request-Base-Id
X-Upstream
X-Navigation-Version
Fastly-Restarts
X-B3-TraceId
X-Webkit-Csp
X-ECACHE
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
X-Mod-Pagespeed
X-Amz-Rid
X-Instrumentation
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
X-ARC
X-Goog-Hash
X-Kinsta-Cache
X-Edge-Location-Klb
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Oneagent-Js-Injection
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
X-Amzn-Trace-Id
Edge-Cache-Tag
S
Cache-Status
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-Ratelimit-Remaining
X-NF-Request-ID
RTSS
Realpath
X-Forwarded-For
X-Cache-Key
X-T
Cross-Origin-Resource-Policy
X-Content-Digest
X-TTL
X-Cached
Fastcgi-Cache
X-Correlation-Id
X-Recruiting
X-ORACLE-DMS-RID
X-Fastly-Request-ID
X-MSEdge-Ref
X-Shield-Request-Id
X-TraceId
MicrosoftSharePointTeamServices
Front-End-Https
X-Ua-Browser
X-Forwarded-Proto
X-SRCache-Fetch-Status
X-Ruxit-Js-Agent
X-SRCache-Store-Status
X-Frontend
Arr-Disable-Session-Affinity
X-Request-Received
Payment
X-Request-Processing-Time
TP-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-LLID
Server-Node
Public-Key-Pins
X-Protected-By
Count-Hit
MS-Author-Via
X-PressLabs-Stats
X-Newrelic-App-Data
X-Server-ID
Content-MD5
X-GUploader-UploadID
X-LB-Cache
X-Accel-Expires
X-HS-Combine-CSS
X-RateLimit-Remaining
X-Varnish-TTL
X-Distributor
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Origin-Server
X-NODE
Surrogate-Key
X-Ezoic-Cdn
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-DMS-ECID
X-Microsite
X-Request-Handler-Origin-Region
X-Content-Security-Policy-Report-Only
X-HP-Webp
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-HP-Trace-Id
X-Jurisdiction
X-FTR-Backend
X-FTR-Backend-Server
Accept-Charset
X-Www-Served-By
X-App-Server
Mrf-Cache-Status
MRF-Tech
X-Az
X-Activity-Id
Host
X-B3-TraceId-Primal
X-AppVersion
X-Varnish-Server
X-Cluster-Name
X-Ua-Device
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
Cleartype
Retry-After
X-Varnish-Backend
X-Ttl
X-Goog-Metageneration
X-Unique-Id
Filterid
X-FTR-Expires
X-Hits
X-Debug
Server-Name
X-Git-Hash
Access-Control-Allow-Method
X-Aspnet-Version
X-Logged-In
X-Varnish-Ttl
X-Load-Cache
X-Upgrade-Enabled
X-Id
X-Azure-Ref
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-FB-Debug
X-CSRF-Token
X-Geo-Country
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Hostname
X-Tt-Trace-Tag
X-Tt-Trace-Host
Section-Io-Cache
X-Seen-By
X-B
X-TT
X-Proxy
TP-L2-Cache
DC
X-Type
Healthy
X-Grace
X-Cache-Control
Viewport
X-Request-Guid
X-Revision
X-Trace-Id
X-Fb-Rlafr
X-Contextid
X-B3-Sampled
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Fastly-SIE
X-Time
Fastly-SWR
X-F-Cache
X-N
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Ratelimit-Reset
Content-Disposition
X-Mobile
Paypal-Debug-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Nf-Request-Id
Referer-Policy
X-Varnish-Grace
X-Amz-Replication-Status
X-XRDS-LOCATION
X-Webkit-CSP
X-Magnolia-Registration
X-Origin-Cache
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Via-JSL
X-DIS-Request-ID
X-Wormhole-Sdk
X-Page-Id
X-Debug-Info
Version
X-Oracle-Dms-Ecid
X-Px
X-Ismobilevalue
Amp-Access-Control-Allow-Source-Origin
X-ProcessESI
X-Content-Options
X-RemovedCookies
X-G
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-UUID
X-Rid
X-Tumblr-Pixel
X-Source
X-Tumblr-User
X-Rule
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Adobe-Content
X-Node-Name
X-App-Environment
X-Template
X-Debug-IsPreview
X-Adobe-Loc
X-Debug-IsConnected
MS-CV
Cross-Origin-Window-Policy
X-Yottaa-Metrics
X-Yottaa-Optimizations
Ms-Operation-Id
X-Whom
X-Datadog-Sampled
X-Wix-Request-Id
X-Instance
X-Storage
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RTag
X-Region
SD-X-WS
X-Hl-Ver
X-NYM-Debug-Backend
NGB
GEO-INFO
X-Device-Type
X-Rendered-As
X-Proxy-Cache-Info
X-B-Cache
X-Is-Bot
X-Signature
X-Backend-Name
X-Cacheable-TTL
X-User-Agent
X-Status
X-L-Path
X-ServerID
X-FW-Version
X-FW-Dynamic
X-Environment-Context
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Server
Country
X-FW-Static
X-Cache-Age
Countrycode
Charset
X-RM-Cache-TTL
Akamai-GRN
SRV
X-IPS-LoggedIn
ServerID
Front
X-EdgeConnect-Cache-Status
X-NWS-UUID-VERIFY
X-Real-IP
X-Framework
X-WP-CF-Super-Cache-Active
X-Cache-Grace
X-AB
X-ECache
Liferay-Portal
X-Xrds-Location
X-Language
X-Amzn-Remapped-Content-Length
X-Cache-Hit
X-B3-SpanId
X-Oracle-Dms-Rid
X-Air-Pt
X-Content-Powered-By
X-Akamai-Request-ID2
X-Fastly-Request-Id
X-DataDome
X-Api-Version
X-Air-Hostname
X-Air-Trace-Id
X-WebKit-CSP-Report-Only
X-Air-Source
Accept-Language
X-VC
X-Servername
OT-Force-Account-Verify
X-Sucuri-Cache
X-Sucuri-ID
X-UA
Xet-Cookie
X-VC-Cache
X-Mode
From-Origin
X-URL
LB
Webserver
X-Tt-Logid
Access-Control-Request-Headers
X-SRV
X-Cache-Status-Check
Backend
Refresh
X-HTML-Minification-Powered-By
X-Nginx-Cache
X-Mg-Request-UUID
Upgrade-Insecure-Requests
X-Handled-By
X-Rewrite-Enabled
X-Container-Uri
X-Rn-Rsrv
X-Cache-Time
X-JoinUs
X-RCS-CacheZone
X-SaId
Meta-Geo
Filters
X-Git-Commit
X-UPSTREAM-Address
X-Cms-Context
TWC-GeoIP-Country
Property-Id
X-Webstats-RespID
X-Origin-Date
X-PHP-Host
X-Adobe-Source
Xserver
X-Tumblr-Pixel-2
TWC-GeoIP-LatLong
X-Origin-Hint
TWC-Connection-Speed
X-Provided-By
TWC-Device-Class
X-Forwarded-Host
X-Request-URI
X-Hosted-By
Webcakes-App-Name
X-Generated-By
X-Labrador-Cache-Channel
Webcakes-App-Version
X-S
X-RateLimit-Limit
X-R9-Blue-Green-Version
X-Varnish-Age
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
Url
X-Scope-Id
Atl-Traceid
Apigw-Requestid
X-Served-From
X-Akamai-Edgescape
Cache
Web-Mar-Node
X-Accel-Version
X-Format
X-Locale
X-ProxyCache-Status
X-Logging-Id
X-Redis-Cache
X-Reqid
X-Is-Tablet
X-Lambda-Id
Section-Io-Id
X-Loop
X-No-Session
X-ProxyCache-Key
Mn-Server-Ip
X-Tncms
X-Tcp-Rtt
X-Tb
X-Vcl-Version
X-Storefront-Renderer-Rendered
X-Is-Supported-Browser
X-Is-Mobile
X-Cache-Debug
X-Cache-Host
ServedBy
X-BYPASS-REASON
X-Browser-Name
X-Xfnlog-Site
X-Shopify-Stage
X-Web-Node
X-Site-Version
X-Httpd
X-Restarts
X-Is-Desktop
X-Geo-Region
X-Fetched-On
X-Alternate-Cache-Key
X-Skip-Cache
Selected-Fe
X-Cluster
X-Varnish-Beresp-Grace
X-Varnish-Cache-Hits
X-VCT
X-IPLB-Request-ID
X-Upstream-Ht
X-Upstream-Ct
X-Origin
X-Timing-Wait
X-Optimistic-Header
X-Soup
X-IPLB-Instance
X-Frame-Option
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Detected-As
Onion-Location
X-Director
X-Proxy-Build
X-Cloudmap
X-Extlb
X-LJ-Flow-ID
X-Proxied
X-AWS-Id
X-Vcache
X-Sorting-Hat-PodId
X-ShopId
X-Cache-Rule
X-Zipkin-Id
X-ShardId
X-VWS-Id
X-RID
X-Edge-Location
X-Cache-Operation
X-Routing-Service
X-Connection-Hash
X-Sorting-Hat-ShopId
Expiry
X-Cache-Expired-At
X-Ms-Request-Id
X-Ms-Version
X-INCAP-ABP
X-Endurance-Cache-Level
X-Aws-Lambda-Call-Status
X-Lagoon
Source
WPO-Cache-Message
WPO-Cache-Status
X-GeoCountry
Frame-Options
X-GeoCode
Cdn-Requestid
X-WP-CF-Super-Cache-Cookies-Bypass
Priority
X-Azure-Ref-OriginShield
X-CDN-Forward
X-Fastcgi-Cache
Environment
Protected
X-Proxy-Cache-Status
X-Cache-Action
CF-IPCountry
X-Generation-Time
Thinkindot-CacheControl-Type
Thinkindot-Control
X-CMSURLCustom
X-Shield-Cache-Expires
Thinkindot-CacheControl
Fastcgi-Useragent
TDXMobile
X-Thinkindot-L3
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Drupal-Cache-Tags
X-Origin-CC
X-PHP-Backend
Uber-Trace-Id
X-App-Version
X-Cdn-Origin
X-Cluster-Node
X-Pass-Why
X-Urbn-Site-Id
X-Urbn-Context-Path
X-ID
Locale
X-GEO
X-Worker
X-Rocket-Nginx-Serving-Static
X-Aspnetmvc-Version
Azure-Version
Azure-SiteName
Azure-InstanceId
X-Buckets
Azure-SlotName
Azure-RegionName
Node
X-XRDS-Location
X-FB-TRIP-ID
Cache-Tv-Group
Sid
X-Auth-Group-Type
X-Vercel-Cache
X-Vercel-Id
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-RequestPullSuccess
CDN-PullZone
CDN-CachedAt
Cache-Hits
CDN-Cache
CDN-Uid
CDN-EdgeStorageId
X-B3-Traceid
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-3
X-Server-W
X-Pad
X-TA-CDN-Provider
AMP-Access-Control-Allow-Source-Origin
Alternate-Protocol
X-DC
X-A
X-Cache-Server
X-Client-Ip
X-Tx-Id
Magicmarker
X-D
Cache-Provider
MD5-Digest
X-Epic-Correlation-Id
X-Service
X-Custom-Header
T-Server
X-Content-Age
Lang
Cdn-Host
Cdn-Request-Time
X-Req
Candidate-Md5Url
Sslversion
X-Esi-Check
Surrogated-Key
X-Core-Value
X-Ec-GeoHdr
X-Dispatcher-Server
X-Ig-Push-State
X-Level-Front-Cache
X-Developer
PFcat
X-Ig-Origin-Region
Origin-Agent-Cluster
X-LSADC-Cache
X-HN
Odigeo-Trace-Id
X-Gzip
A
X-DefHash
Rendered-Blocks
X-Op-Id-All
X-Org
X-Origin-Expires
X-NodeID
X-Edge-Server
Ngx.Var.Host
X-ND-Cache
X-DefElseHash
X-Rojux
Meta-Geo-Continent
Wxu-Next-Commit
X-Vdms-Version
X-Cache-TTL-Remaining
Gannett-Cam-Experience-Id
X-Via-Fastly
X-Generated-On
X-VarnishDD-TTL
X-Varnish-CookieINHashed-On
Content-Secure-Policy
X-Fastly-Backend
X-Varnish-Remaining-TTL
X-Viewer-Country
X-Cache-NE
Fastly-SSL
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
DCR-Processing-Time-Ms
DCR-Decision-By
DB-Nickname
X-Vtex-Remote-Cache
X-Cache-Id
X-Aed
X-Varnish-CookieHashed-On
X-SRCache-Key
X-A-Dam
X-A-Dcw
X-A-Ccd
Wxu-Next-Region
X-Conf
X-Ec-Fail
Wxu-Next-Hostname
X-A-Dgt
X-A-Wwc
X-GeoIP-City
X-V-Cache
X-ScT
X-TIM-N
X-LiteSpeed-Cache-Control
User-Cache-Control
Mime-Version
L
X-FC-Vary-Parameters
Fastly-Backend-Name
NM-Fastcgi-Cache
Ha-Gx-Prefs
L5d-Success-Class
HA-Ipaddr
Host-ID
X-Eu-Site
X-Fastly-Cache
Is-Eu
Ssr
X-CGP
X-Aicache-OS
X-AK-Request-ID
X-Acquia-Purge-Cdn-Unconfigured
X-Access
W
X-Clientip
X-Amz-Storage-Class
X-CacheTTL
X-Backend-Instance
X-Cache-Bucket
X-Bip
X-B3-Trace-ID
X-Cache-FS-Status
X-App-Name
X-Cache-Info
Vix-Hermes-Req-Id
V-Age
X-Debug-Cache-Fetch
Req-ID
RNT-Machine
X-Debug-Cache-Store
Producers
Platform
Powered-By
RNT-Time
Server-Host
Tube-Got-Eval
Tube-Got-Results
Tube-Return
Tube-Get-Contents
True-Client-Country-4JS
X-Csrf-Jwt
Esi-Enabled
X-DPWN-IS-SECURE
Apple-News-Services-Request-Url
X-Powered-By-VTEX-Cache
X-Fmm-Version
X-Wikidot-Backend
X-Proto
X-Pubstack
X-Region-Sid
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Policy
X-Platform
X-Nyt-Route
X-Varnish-Director
X-NMSegId
X-Origin-Response-Time
X-Wikidot-Static-Cache
X-PAYTM-SRV-ID
X-Origin-Time
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Test
X-Thanos
X-Varnish-Hostname
X-UA-Device-Type
X-Sn-Servicetimems
X-VG-TLSProxy
X-Scheme
X-SB
X-Request-Time
X-SD-PageType
X-VG-WebCache
X-Server-IP
X-Section
XM
X-Node-Id
Cdnsip
Click-Count-Action-Start
Click-Count-Error
Cdncip
CDCHOST
X-Mvc-Supplant-Cachable
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-GeoIP
X-Geo-Header
X-Gdpr
X-Forwarded-Site
Edge-Cache
X-Gen-Mode
Country-Code
Content-Script-Type
Content-Style-Type
X-Block-Status
X-GoCache-CacheStatus
X-Jobs
Server-Info
Apple-News-Services-Parsed-Url
X-Loc
X-Men
X-Mly-Id
X-Micro-Cache
X-Hnp-Log
X-HS-Content-Campaign-Id
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Adler-Geo
X-Varnish-Beresp-Ttl
X-Dc
HostName
X-HITS
X-Cdn-Srv
X-Mvc-Supplant-OutputCached
X-Varnishpool
X-We-Are-Hiring
BehaviorPad-Version
Yak-Timeinfo
X-CUA
X-Depends
X-Nginx-Cache-Key
X-Date
X-Location
X-Human
X-Hash
X-Ec-Custom-Error
X-Pool
X-Proxied-Request
X-Slack-Shared-Secret-Outcome
X-Var-Ttl
X-Varnish-Authentication
X-Slack-Backend
X-Contensis-Viewer-Groups
X-Request-Host
X-Request-Start
X-Varnish-Beresp-Status
X-Cache-Aspx
Origin-EX
Origin-CC
Origin
On-Server
X-Cs
Pramga
Server-Ext
Req-Svc-Chain
Release
NGX
Mail-Subject
Cache-Key
Canary
Cluster
C-Via
DSUID
Machine
Gh-Request-Id
Fastly-GeoIP-CountryCode
Server-Hostname
Proxy-Firewall
Web-Mar-Region
We-Hiring
Sever-Int
X-Accel-Expires-Debug
X-BBC-Edge-Cache-Status
X-Auto-Login
X-NGINX-Cache
X-AIR-PT
Debug
Fusion-Component-Id
Fusion-Template-Id
X-Ad-Load-Variation
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
X-WA-Info
Fusion-Content-Id
X-CLOUD-TRACE-CONTEXT
X-MP-GENERATED-AT
Redirect-Candidate
X-Newrelic-Synthetics
X-LB-ID
X-Device-Os
X-Varnish-Hits
SID
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Content-Length
X-Via-Popn
X-Via-Popv
X-HA-Backend
X-Via-Poph
Fastly-Drupal-HTML
GeoIP-Latitude
X-APP
Pics-Label
X-Zone
X-RateLimit-Reset
X-Up
X-NCache
X-Akamai-Transformed
CloudFront-Viewer-Country
X-From
X-VHOST
X-CACHE-AGE
CDN-RequestId
X-Nananana
X-Jungle-Id
X-B3-Parentspanid
X-Cache-Backend
X-Servedbyhost
X-Litespeed-Tag
X-LiteSpeed-Tag
Vc-Max-Age
X-Nc
X-Refresh
X-LB-NoCache
X-Vdms-Path
X-Dispatcher-Number
X-Parent-Response-Time
X-CACHE-KEY
Product
Fastly-Drupal-Html
X-RequestId
X-ZONE
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
Server-ID
X-Cached-By
X-Uri
X-Wa
WP-Super-Cache
X-ApacheServer
Datacenter
X-PERF
X-VC-TTL
X-Datadome
X-M-Log
X-M-Reqid
X-Render-Time
Cdn
X-Ckpd-Fst-Backend
Resin-Trace
S-Rt
X-B3-Spanid
X-Origin-Cache-Key
X-Bug-Bounty
GeoIp-Country-Code
X-Amz-Meta-Cb-Modifiedtime
NtCoent-Length
X-CS
X-IAuth-Set-Uid
X-Fpc
FSS-Cache
Uri
ServerName
X-Varnish-Beresp-TTL
X-HubSpot-Correlation-Id
Locid
True-Client-Ip
X-Esi
Serverhost
X-HostName
X-TX-ID
X-SERVER-NAME
True-Client-IP
X-Nf-Ats-Version
X-Nf-Country
X-Nf-Language
X-TT-LOGID
X-Akamai-Device-Characteristics
User-Agent
X-Vmg-Version
Tcn
Srv
GeoIP-Country-Code
X-VCache
X-TIME
X-Presslabs-Stats
X-Srv
X-Info
X-Gamma-Serve
X-Dynatrace-Js-Agent
ServerHost
X-Cdn-Cache-Status
X-NewRelic-App-Data
X-Old-Content-Length
X-FPC
CDN
X-Hit
X-Webkit-Csp-Report-Only
Request-ID
X-Cdn-Forward
CacheControlHeader
Ngx-Var-Key
X-WA
X-Vc
X-Original-Request-Id
X-Response-Served-From
Xc-Version
X-APP-VERSION
Expect-Staple
X-Moov-Xdn-Version
X-Vgn-Hpd-Reason
Server-Id
X-Moov-T
X-COUNTRY
Hostname
X-FL-QIT-DEBUG
Srvid
X-NC
Cneonction
X-TH-Server
X-Amz-Meta-Opti
X-V
Cf-Ipcountry
X-Geo
X-Dispatch
X-Lb-Nocache
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Rollout
Geoip-Latitude
Cf-Device-Type
Cloudfront-Viewer-Country
WZWS-RAY
N-Cache
PICS-Label
X-Platform-Server
Permission-Policy
X-ServedByHost
X-Eligible
X-New
X-Oracle-DMS-ECID
X-VCL-Version
X-B-Cookie
X-Limited
X-Via-PopN
Cross-Origin-Embedder-Policy-Report-Only
X-Ha-Backend
X-Via-PopH
X-S-Cookie
X-External-Request-Id
X-User
X-Proxy-CacheRZ
X-Destination
XkeyRZ
X-Via-PopV
X-Application
Origin-Trial
X-App
Ohc-File-Size
X-ElasticPress-Query
X-Internal-TTL
X-Akamai-Pragma-Client-IP
X-Ua
X-Correlation-ID
X-Ftr-Request-Id
X-Zen-Fury
X-API-Version
Rtss
X-Sqd-Stime
X-Rocket-Build-Number
X-Sqd-Ctime
X-Via-SSL
Epwk-X-Cache
X-EC-Lua
X-Sigma-Backend
X-Sigma
X-Lb-Id
X-Cache-Date
X-Path
Edge-Copy-Time
X-Check-Cacheable
X-MSEdge-Features
X-Serial
X-Instance-Name
X-VTEX-Cache-Backend-Connect-Time
X-MiniProfiler-Ids
X-Litespeed-Cache-Control
Cl-Cache
X-Via-CDN
X-Via-Edge
X-VTEX-Cache-Backend-Header-Time
X-MSEdge-Flight
Lb
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
X-SIPLIST1
IsBot
Timeexpire
X-Datacenter
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Service-Response-Time
Sm-Log-Id
X-Branch-Name
X-Segment-20210421
X-VServer
X-Acquia-Site
X-Web-Server
Cmsid
Cmstype
X-LAGOON
CountryCode
X-CDN-Origin
X-CSRF-TOKEN
Servername
X-Shopid
X-Sorting-Hat-Podid
X-RAMCache
X-Th-Server
X-Shardid
X-Traceid
X-Ramcache
X-Cdn-Request-ID
X-DynaTrace
X-Irp-Debug
Pragrma
Fl-Custom-Application
Wpo-Cache-Status
X-Udemy-Cache-App-Namespace
Wpo-Cache-Message
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Ohc-Cache-HIT
X-Fastly-Backend-Reqs
X-Amz-Meta-Sha256
Ngx
X-Dw-Trace-Id
Warning
X-Sorting-Hat-Shopid
X-Amz-Meta-S3b-Last-Modified
X-Origin-Upstream-Status
X-Snapshot-Date