Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Accept-CH
Content-Security-Policy-Report-Only
Accept-CH-Lifetime
X-Runtime
X-Check
X-AspNet-Version
X-Drupal-Cache
X-Generator
X-Ua-Compatible
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
Permissions-Policy
X-Amz-Id-2
Host-Header
X-Via
EagleId
Keep-Alive
X-Cache-Group
Request-Context
X-Robots-Tag
X-Backend
P3p
X-AH-Environment
X-Hacker
X-UA-Device
X-Proxy-Cache
X-Turbo-Charged-By
X-Server
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
Xkey
X-Swift-CacheTime
X-Swift-SaveTime
Grace
X-Server-Powered-By
Allow
X-Varnish-Cache
Ali-Swift-Global-Savetime
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Cache-Lookup
EagleEye-TraceId
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Backend-Server
X-Host
X-Server-Id
Cf-Railgun
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Ruxit-JS-Agent
X-Litespeed-Cache
X-Node
Request-Id
X-Cloud-Trace-Context
X-Country
X-Dns-Prefetch-Control
X-Nginx-Cache-Status
Content-Location
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-NWS-LOG-UUID
X-ASPNET-VERSION
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Url
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-Vname
X-PC
X-TtlSet
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
AR-Request-ID
AR-PoweredBy
AR-ATIME
Nginx-Cache
AR-SID
X-ESI
X-Cache-TTL
X-Powered-By-Plesk
X-Cnection
Accept-Ch
X-D2id
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
Edge-Control
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
Verso
X-CST
AR-CACHE
X-Ser
X-MS-InvokeApp
X-Abt-Application-Version
X-Vcap-Request-Id
X-FTR-Request-ID
X-Dw-Request-Base-Id
Fastly-Restarts
X-Navigation-Version
X-Upstream
X-FastCGI-Cache
SPRequestDuration
X-B3-TraceId
SPIisLatency
X-Mod-Pagespeed
X-ECACHE
X-Amz-Rid
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-ARC
X-Client-IP
X-Goog-Hash
X-Kinsta-Cache
Pagespeed
Display
X-Middleton-Display
X-Edge-Location-Klb
X-Sol
SPRequestGuid
X-SharePointHealthScore
X-Powered-CMS
X-Ratelimit-Limit
X-Mg-S
X-Amzn-Trace-Id
X-Oneagent-Js-Injection
Cache-Status
Edge-Cache-Tag
S
X-Webkit-Csp
X-Version
X-Middleton-Response
Response
Access-Control-Request-Method
X-VARITI-CCR
RTSS
X-Forwarded-For
X-Ratelimit-Remaining
Realpath
X-Cache-Key
X-NF-Request-ID
X-T
Cross-Origin-Resource-Policy
Fastcgi-Cache
X-Ua-Device
X-Cached
X-Content-Digest
X-Recruiting
X-ORACLE-DMS-RID
X-TTL
X-Correlation-Id
X-Ruxit-Js-Agent
X-MSEdge-Ref
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-PressLabs-Stats
Front-End-Https
Public-Key-Pins
X-Forwarded-Proto
Arr-Disable-Session-Affinity
X-Ua-Browser
X-TraceId
X-Request-Received
X-Request-Processing-Time
Surrogate-Key
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Server-Node
X-Frontend
Payment
X-Fastly-Request-ID
TP-Cache
Count-Hit
X-LLID
X-Newrelic-App-Data
X-RateLimit-Remaining
X-Protected-By
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-LB-Cache
X-GUploader-UploadID
X-Accel-Expires
X-HS-Combine-CSS
X-Distributor
MS-Author-Via
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Content-MD5
X-Origin-Server
X-Server-ID
X-Ezoic-Cdn
X-Varnish-TTL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NODE
X-ORACLE-DMS-ECID
X-Ttl
X-Content-Security-Policy-Report-Only
X-Microsite
X-Request-Handler-Origin-Region
X-Www-Served-By
X-AppVersion
Accept-Charset
X-Activity-Id
X-Az
X-App-Server
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
MRF-Tech
Host
X-Amz-Meta-S3cmd-Attrs
X-B3-TraceId-Primal
X-Cluster-Name
Cleartype
Mrf-Cache-Status
X-Varnish-Server
Cache-Tags
X-Varnish-Backend
Retry-After
X-Goog-Metageneration
Filterid
X-Debug
X-Unique-Id
X-Hits
X-Git-Hash
X-Varnish-Ttl
X-FTR-Cache-Status
X-FTR-Balancer
Access-Control-Allow-Method
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-Logged-In
Server-Name
X-Load-Cache
X-Upgrade-Enabled
X-Aspnet-Version
X-FTR-Expires
X-Id
X-Azure-Ref
X-FB-Debug
X-Hostname
X-Envoy-Decorator-Operation
X-Geo-Country
X-Amz-Apigw-Id
X-Amzn-RequestId
X-NGENIX-Cache
X-CSRF-Token
TCN
X-TT
X-Ratelimit-Reset
X-Tt-Trace-Tag
X-Proxy
X-Tt-Trace-Host
X-Grace
X-Seen-By
DC
X-Cache-Control
X-Revision
X-B
X-Request-Guid
Viewport
Section-Io-Cache
X-Fb-Rlafr
X-Contextid
Healthy
X-Trace-Id
X-B3-Sampled
X-Type
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-XRDS-LOCATION
X-Goog-Generation
Fastly-SWR
Fastly-SIE
TP-L2-Cache
Content-Disposition
X-Nf-Request-Id
X-N
X-Time
X-Mobile
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-F-Cache
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Amz-Replication-Status
Paypal-Debug-Id
X-Varnish-Grace
X-Via-JSL
X-Magnolia-Registration
X-Origin-Cache
X-Ismobilevalue
Referer-Policy
X-Wormhole-Sdk
X-Webkit-CSP
X-DIS-Request-ID
X-Page-Id
X-Debug-Info
X-Content-Options
Version
X-Fastly-Request-Id
X-G
X-RemovedCookies
X-UUID
X-ProcessESI
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Template
X-Tumblr-User
X-App-Environment
X-Adobe-Loc
Pinterest-Version
X-ECache
X-Pinterest-Rid
X-Node-Name
X-Tumblr-Pixel
X-Source
X-Rule
X-Tumblr-Pixel-1
Pinterest-Generated-By
X-Adobe-Content
X-Oracle-Dms-Ecid
X-Tumblr-Pixel-0
Ms-Operation-Id
MS-CV
Cross-Origin-Window-Policy
X-Hl-Ver
X-RTag
X-Debug-IsPreview
X-Yottaa-Optimizations
VIX-Pulpo-Node
X-Yottaa-Metrics
SD-X-WS
NGB
X-Datadog-Sampled
VIX-Pulpo-Upstream-Status
X-Debug-IsConnected
X-Px
X-NYM-Debug-Backend
X-Rendered-As
X-Storage
X-Is-Bot
X-Instance
X-Backend-Name
X-Cacheable-TTL
X-Device-Type
X-User-Agent
X-Region
X-Wix-Request-Id
X-FW-Static
X-FW-Type
X-FW-Version
Amp-Access-Control-Allow-Source-Origin
X-L-Path
X-FW-Server
X-FW-Hash
X-Environment-Context
GEO-INFO
X-FW-Dynamic
Country
X-ServerID
X-FW-Serve
X-Proxy-Cache-Info
X-Status
X-Cache-Age
X-RM-Cache-TTL
X-Whom
Countrycode
Front
X-NWS-UUID-VERIFY
X-B-Cache
X-IPS-LoggedIn
X-Signature
Akamai-GRN
X-Framework
ServerID
X-WP-CF-Super-Cache-Active
Charset
X-EdgeConnect-Cache-Status
X-AB
X-Rid
X-Real-IP
X-WebKit-CSP-Report-Only
X-Api-Version
X-Language
X-Cache-Grace
X-Amzn-Remapped-Content-Length
X-Content-Powered-By
X-Akamai-Request-ID2
Liferay-Portal
SRV
X-Cache-Hit
X-Air-Pt
X-B3-SpanId
X-Oracle-Dms-Rid
Accept-Language
X-VC
X-DataDome
X-RID
X-Air-Source
X-Air-Hostname
Webserver
X-Cache-Status-Check
Access-Control-Request-Headers
X-Servername
X-UA
X-Air-Trace-Id
X-Mode
OT-Force-Account-Verify
Xet-Cookie
From-Origin
X-SRV
Backend
LB
X-VC-Cache
X-HTML-Minification-Powered-By
X-Sucuri-ID
X-Mg-Request-UUID
X-Sucuri-Cache
Refresh
X-Xrds-Location
X-URL
X-Vcl-Version
X-Tt-Logid
Filters
X-JoinUs
Upgrade-Insecure-Requests
X-Rn-Rsrv
X-Rewrite-Enabled
X-SaId
Meta-Geo
X-Handled-By
X-UPSTREAM-Address
X-Varnish-Age
X-PHP-Host
X-Cms-Context
X-S
X-Tumblr-Pixel-2
X-Adobe-Source
X-Hosted-By
X-Labrador-Cache-Channel
X-Generated-By
X-Origin-Date
X-Vcache
X-RCS-CacheZone
X-Request-URI
X-Webstats-RespID
X-Cache-Time
X-Provided-By
TWC-Connection-Speed
ServedBy
X-Is-Tablet
X-Reqid
X-R9-Blue-Green-Version
X-Is-Supported-Browser
X-Redis-Cache
X-Locale
X-Scope-Id
X-No-Session
X-Served-From
X-ProxyCache-Key
X-ProxyCache-Status
Property-Id
Onion-Location
Section-Io-Id
X-Logging-Id
X-Loop
X-Lambda-Id
X-Is-Desktop
X-Browser-Name
X-BYPASS-REASON
X-Cache-Host
Webcakes-App-Name
Webcakes-App-Version
Atl-Traceid
Webcakes-Region
Apigw-Requestid
X-Akamai-Edgescape
TWC-Privacy
TWC-Locale-Group
X-Restarts
X-Geo-Region
TWC-Device-Class
X-Accel-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Origin-Hint
X-Fetched-On
X-Forwarded-Host
X-Is-Mobile
Xserver
X-Web-Node
X-Tb
X-Tcp-Rtt
X-Tncms
X-Site-Version
X-Skip-Cache
X-Timing-Wait
X-Alternate-Cache-Key
X-Cache-Debug
X-Cluster
X-Detected-As
X-Storefront-Renderer-Rendered
X-Soup
Mn-Server-Ip
Selected-Fe
Url
X-SayCDN-TTL
X-Director
X-Format
X-Upstream-Ct
X-Varnish-Beresp-Grace
X-Upstream-Ht
X-Origin
X-Varnish-Cache-Hits
X-VCT
X-Frame-Option
X-Httpd
X-IPLB-Instance
X-IPLB-Request-ID
X-Proxy-Build
Web-Mar-Node
Expiry
X-Xfnlog-Site
X-Shopify-Stage
X-Say-TTL
X-Connection-Hash
X-Say-Cacheable
X-LJ-Flow-ID
X-AWS-Id
X-Optimistic-Header
X-Routing-Service
X-Cloudmap
X-Proxied
X-Extlb
Cache
X-VWS-Id
X-Zipkin-Id
X-Sorting-Hat-ShopId
X-RateLimit-Limit
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Cache-Expired-At
X-Container-Uri
X-Cache-Operation
X-Nginx-Cache
X-Git-Commit
X-Cache-Rule
X-Ms-Request-Id
Frame-Options
X-Ms-Version
X-Edge-Location
X-Lagoon
Priority
X-INCAP-ABP
X-WP-CF-Super-Cache-Cookies-Bypass
X-Endurance-Cache-Level
CF-IPCountry
Cdn-Requestid
Fastcgi-Useragent
Environment
X-Proxy-Cache-Status
WPO-Cache-Message
X-Cache-Action
Source
WPO-Cache-Status
X-GeoCode
X-GeoCountry
Protected
Uber-Trace-Id
X-Azure-Ref-OriginShield
X-Cluster-Node
X-Cdn-Origin
X-Fastcgi-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-Shield-Cache-Expires
X-CDN-Forward
X-Origin-CC
X-PHP-Backend
X-Origin-TTL
X-Generation-Time
X-Thinkindot-L3
X-CMSURLCustom
X-Drupal-Cache-Tags
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-B3-Traceid
X-Pass-Why
Sid
X-Drupal-Cache-Contexts
X-Buckets
X-Worker
Cache-Tv-Group
X-FB-TRIP-ID
X-ID
X-GEO
X-Rocket-Nginx-Serving-Static
X-Auth-Group-Type
Azure-SlotName
Azure-InstanceId
Azure-SiteName
X-Aws-Lambda-Call-Status
Azure-RegionName
X-Aspnetmvc-Version
Azure-Version
X-App-Version
X-CLOUD-TRACE-CONTEXT
Node
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-Server-W
X-Pad
Alternate-Protocol
CDN-RequestPullSuccess
CDN-RequestCountryCode
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-Uid
CDN-PullZone
X-Vercel-Cache
X-NGINX-Cache
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
X-Vercel-Id
Cache-Hits
X-LiteSpeed-Cache-Control
X-Dc
X-LSADC-Cache
X-A
X-A-Dcw
X-A-Dam
T-Server
X-A-Dgt
X-A-Ccd
X-A-Wwc
Surrogated-Key
X-Bl-Debug
X-Bc-Bl
X-BCube-Filmed-By
X-Aed
X-Cache-Id
Ngx.Var.Host
DB-Nickname
DCR-Decision-By
DCR-Processing-Time-Ms
Content-Secure-Policy
Cdn-Request-Time
A
Candidate-Md5Url
Cdn-Host
Gannett-Cam-Experience-Id
Lang
Origin-Agent-Cluster
Rendered-Blocks
Server-Info
Odigeo-Trace-Id
X-Cache-NE
Magicmarker
MD5-Digest
Meta-Geo-Continent
Sslversion
X-DefHash
X-Req
X-Rojux
X-ScT
X-Origin-Expires
X-Org
X-Level-Front-Cache
X-ND-Cache
X-TIM-N
X-V-Cache
X-Via-Fastly
X-Viewer-Country
X-Vtex-Remote-Cache
X-Vdms-Version
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Ig-Push-State
X-Ig-Origin-Region
X-Developer
X-Dispatcher-Server
X-Ec-Fail
X-D
X-Custom-Header
X-Content-Age
X-Core-Value
X-Ec-GeoHdr
X-Edge-Server
X-GeoIP-City
X-Gzip
X-Generated-On
X-Fastly-Backend
X-Epic-Correlation-Id
X-Esi-Check
X-Conf
X-DefElseHash
X-Cache-Server
X-Service
User-Cache-Control
X-Tx-Id
Mime-Version
X-Client-Ip
X-Clientip
X-Debug-Cache-Fetch
X-CacheTTL
X-Debug-Cache-Store
X-Cache-Info
X-Bip
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
X-DPWN-IS-SECURE
X-FC-Vary-Parameters
X-Gen-Mode
X-GeoIP-Region-Code
X-Geo-Header
X-GeoIP-Country-Code
X-Gdpr
X-Forwarded-Site
X-GeoIP
X-Backend-Instance
X-GoCache-CacheStatus
X-Fastly-Cache
X-Amz-Storage-Class
True-Client-Country-4JS
Tube-Get-Contents
Tube-Got-Eval
Tube-Got-Results
Ssr
Server-Host
Producers
Req-ID
RNT-Machine
RNT-Time
Tube-Return
V-Age
X-Aicache-OS
X-AK-Request-ID
X-HN
X-App-Name
X-Acquia-Purge-Cdn-Unconfigured
Wxu-Next-Region
Vix-Hermes-Req-Id
Wxu-Next-Commit
Wxu-Next-Hostname
X-B3-Trace-ID
X-Loc
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Tb-Optimization-Total-Bytes-Saved
X-Test
X-Sn-Servicetimems
X-Server-IP
X-Request-Time
X-SB
X-Scheme
X-SD-PageType
X-Thanos
X-UA-Device-Type
X-Wikidot-Backend
X-Wikidot-Static-Cache
XM
BehaviorPad-Version
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Varnish-Director
X-VarnishDD-TTL
X-VG-TLSProxy
X-VG-WebCache
X-Region-Sid
X-RateLimit-Remaining-Second
X-Mvc-Supplant-OutputCached
X-NMSegId
X-Node-Id
X-NodeID
X-Mvc-Supplant-Cachable
X-Mly-Id
X-HS-Content-Campaign-Id
Platform
X-Men
X-Micro-Cache
X-Nyt-Route
X-Op-Id-All
X-Powered-By-VTEX-Cache
X-Proto
X-Pubstack
X-RateLimit-Limit-Second
X-Policy
X-Platform
X-Origin-Response-Time
X-Origin-Time
X-PAYTM-SRV-ID
X-Hnp-Log
X-Jobs
Click-Count-Error
Content-Script-Type
Click-Count-Action-Start
Cdncip
Cache-Provider
NM-Fastcgi-Cache
Content-Style-Type
Country-Code
Fastly-Backend-Name
Fastly-SSL
Host-ID
Is-Eu
Esi-Enabled
AKAMAI
Cdnsip
PFcat
Adler-Geo
X-TA-CDN-Provider
X-Depends
X-Date
Edge-Cache
X-Varnish-Beresp-Status
X-Eu-Site
X-Fmm-Version
DSUID
X-CUA
X-Ec-Custom-Error
X-Varnishpool
X-Cdn-Srv
Fastly-GeoIP-CountryCode
X-Cache-TTL-Remaining
X-Cache-Aspx
X-CGP
Yak-Timeinfo
X-Csrf-Jwt
X-Contensis-Viewer-Groups
X-We-Are-Hiring
X-Varnish-Authentication
X-Var-Ttl
C-Via
Cache-Key
X-Proxied-Request
X-Request-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Pool
Apple-News-Services-Handled
Apple-News-Services-Host
Canary
CDCHOST
X-Human
X-Slack-Shared-Secret-Outcome
Cluster
X-Hash
X-Slack-Backend
X-Location
X-Nginx-Cache-Key
X-Section
Gh-Request-Id
X-SRCache-Key
X-Request-Start
Mail-Subject
W
HA-Ipaddr
Sever-Int
Server-Hostname
We-Hiring
Web-Mar-Region
X-Access
L5d-Success-Class
X-Accel-Expires-Debug
Machine
L
On-Server
X-Auto-Login
Proxy-Firewall
Release
Server-Ext
Origin-EX
Origin-CC
Powered-By
Origin
Pramga
Ha-Gx-Prefs
X-DC
X-HITS
X-Varnish-Beresp-Ttl
Req-Svc-Chain
X-Cs
X-Varnish-Hostname
NGX
X-BBC-Edge-Cache-Status
Debug
HostName
X-Newrelic-Synthetics
X-AIR-PT
X-Varnish-Hits
X-APP
Redirect-Candidate
X-MP-GENERATED-AT
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Content-Length
Fusion-Component-Id
X-Ad-Load-Variation
X-LiteSpeed-Tag
X-LB-ID
X-WA-Info
Fusion-Source
Fusion-Content-Id
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Via-Poph
X-Device-Os
X-Via-Popn
X-Via-Popv
GeoIP-Latitude
X-HA-Backend
X-Zone
Vc-Max-Age
Fastly-Drupal-Html
X-Dispatcher-Number
X-VHOST
Pics-Label
CloudFront-Viewer-Country
Fastly-Drupal-HTML
SID
X-CACHE-AGE
X-NCache
X-From
X-Up
X-Nananana
CDN-RequestId
X-Refresh
X-Servedbyhost
Product
X-ZONE
X-CDN-Cache-Status
X-Akamai-Transformed
X-LB-NoCache
X-Cache-Backend
X-B3-Parentspanid
X-Nc
X-Jungle-Id
X-DynaTrace-JS-Agent
X-Parent-Response-Time
X-Cached-By
X-Datadome
Resin-Trace
X-Vdms-Path
X-RateLimit-Reset
X-Ckpd-Fst-Backend
S-Rt
X-CACHE-KEY
X-RequestId
X-Litespeed-Tag
X-B3-Spanid
Server-ID
X-Bug-Bounty
X-Wa
GeoIp-Country-Code
WP-Super-Cache
X-CS
X-Amz-Meta-Cb-Modifiedtime
ServerName
X-Uri
X-HubSpot-Correlation-Id
Cdn
Datacenter
X-Varnish-Beresp-TTL
X-M-Reqid
X-ApacheServer
X-M-Log
X-VC-TTL
X-Render-Time
X-PERF
X-IAuth-Set-Uid
X-TX-ID
FSS-Cache
Srv
Uri
NtCoent-Length
True-Client-IP
ServerHost
X-TT-LOGID
X-Fpc
X-Vmg-Version
X-SERVER-NAME
X-FPC
Serverhost
X-Nf-Ats-Version
X-Gamma-Serve
X-Nf-Country
True-Client-Ip
X-Nf-Language
Locid
X-Info
User-Agent
X-Akamai-Device-Characteristics
X-APP-VERSION
Xc-Version
X-Hit
CDN
X-Cdn-Forward
X-Srv
X-TIME
X-Origin-Cache-Key
Tcn
Expect-Staple
GeoIP-Country-Code
X-NewRelic-App-Data
X-WA
X-Dynatrace-Js-Agent
Request-ID
X-V
X-VCache
X-Vc
X-Old-Content-Length
X-HostName
X-Amz-Meta-Opti
Server-Id
CacheControlHeader
X-Cdn-Cache-Status
Hostname
X-NC
Ngx-Var-Key
Cneonction
X-Geo
X-COUNTRY
Srvid
X-Rollout
X-Platform-Server
X-Eligible
X-New
X-FL-QIT-DEBUG
N-Cache
WZWS-RAY
X-Vgn-Hpd-Reason
X-Webkit-Csp-Report-Only
X-Moov-Xdn-Version
X-Moov-T
X-Response-Served-From
X-Original-Request-Id
X-Presslabs-Stats
X-ServedByHost
XkeyRZ
X-Proxy-CacheRZ
X-Lb-Nocache
X-TH-Server
Cloudfront-Viewer-Country
Origin-Trial
PICS-Label
X-Esi
X-Ha-Backend
X-Via-PopH
Geoip-Latitude
X-Dispatch
Ohc-File-Size
X-Limited
X-Via-PopN
X-Internal-TTL
X-Ftr-Request-Id
X-ElasticPress-Query
Permission-Policy
X-Via-PopV
Cf-Ipcountry
X-Oracle-DMS-ECID
X-VCL-Version
X-Cambria-Cache-Control
X-Path
Cf-Device-Type
X-Platform-Processor
Cl-Cache
X-Platform-Router
X-Platform-Cluster
X-Akamai-Pragma-Client-IP
X-Correlation-ID
X-Lb-Id
Cross-Origin-Embedder-Policy-Report-Only
X-SIPLIST1
X-Ua
X-App
X-Destination
X-EC-Lua
X-User
X-External-Request-Id
X-S-Cookie
X-B-Cookie
IsBot
X-Application
Rtss
X-VTEX-Cache-Backend-Connect-Time
X-Irp-Debug
X-VTEX-Cache-Backend-Header-Time
Ohc-Cache-HIT
X-Sqd-Stime
X-Fastly-Backend-Reqs
Pragrma
X-DynaTrace
X-Sqd-Ctime
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Serial
X-Zen-Fury
X-Check-Cacheable
Lb
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
X-Rocket-Build-Number
X-Cdn-Request-ID
Epwk-X-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-Acquia-Purge-Tags
X-Acquia-Site
X-Via-SSL
X-Via-Edge
X-Cache-Date
Edge-Copy-Time
X-Sigma-Backend
X-Sigma
X-Via-CDN
X-Acquia-Application-Trace
X-MiniProfiler-Ids
Timeexpire
X-Instance-Name
Akamai-Mon-Iucid-Del
Sm-Log-Id
X-Web-Server
Xkey-La3
Xkeylog
Cmsid
Cmstype
X-Acquia-Application-UUID
X-Service-Response-Time
X-AB-Test
X-Proxy-Cache-La3
Trailer
CountryCode
Servername
X-LAGOON
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-ORCA-Accelerator
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Fastly-Cache-Hits
X-Requestid
X-Branch-Name
X-Segment-20210421
X-Shopid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Warning
X-Shardid
X-Origin-Upstream-Status
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-RAMCache
Wpo-Cache-Message
X-Snapshot-Date
X-Ramcache
Fl-Custom-Application
X-Th-Server
X-Datacenter
Ngx
Wpo-Cache-Status
X-API-Version
X-VServer
X-IN-APIGATEWAYSSL