Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-AspNet-Version
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-Ua-Compatible
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-CDN
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Amz-Id-2
Cf-Edge-Cache
X-Via
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
Permissions-Policy
X-Robots-Tag
X-AH-Environment
P3p
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
Xkey
X-Rq
X-Age
X-Ws-Request-Id
X-Vhost
X-Amz-Version-Id
Cf-Apo-Via
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Allow
X-LiteSpeed-Cache
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
Cf-Railgun
X-Host
X-Backend-Server
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Server-Id
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-HW
Request-Id
X-Cloud-Trace-Context
X-Node
Content-Location
X-Application-Context
X-Country
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
Accept-Ch-Lifetime
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Clacks-Overhead
Cache-Tag
Rating
X-Litespeed-Cache
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-CST
X-Times
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-Daa-Tunnel
Nginx-Cache
Cross-Origin-Opener-Policy
X-Server-Name
X-Mcache
X-Edge
X-Browser-Type
X-Midtier
X-Powered-By-Plesk
X-Cnection
X-ESI
Accept-Ch
AR-Request-ID
AR-ATIME
AR-SID
AR-PoweredBy
X-Element-Page-Cache
X-Ac
X-D2id
Edge-Control
Verso
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja-Build
X-MS-InvokeApp
X-Webkit-Csp
X-Cache-TTL
X-Upstream
X-Vcap-Request-Id
X-ECACHE
X-Ser
AR-CACHE
X-Abt-Application-Version
X-Navigation-Version
X-FastCGI-Cache
X-Dw-Request-Base-Id
X-B3-TraceId
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Mod-Pagespeed
X-NF-Request-ID
Fastly-Restarts
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Instrumentation
X-Client-IP
X-Ratelimit-Limit
X-Kinsta-Cache
X-Edge-Location-Klb
X-Mg-S
X-Goog-Hash
Edge-Cache-Tag
S
X-Powered-CMS
X-ARC
X-Middleton-Display
Pagespeed
Display
X-Sol
Cache-Status
X-Amzn-Trace-Id
Access-Control-Request-Method
X-Version
X-VARITI-CCR
X-Middleton-Response
Response
X-PDP-UNCACHING-HASH
X-Ratelimit-Remaining
X-Cache-Key
RTSS
X-Content-Digest
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
Realpath
X-Fastly-Request-ID
X-T
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-Ruxit-Js-Agent
X-Server-ID
Fastcgi-Cache
X-TTL
X-Cached
Front-End-Https
X-MSEdge-Ref
X-Shield-Request-Id
MS-Author-Via
X-HS-Hub-Id
X-HS-Content-Id
Content-MD5
X-Protected-By
X-HS-Cache-Config
X-Ua-Browser
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
Public-Key-Pins
X-FTR-Backend-Server
X-Frontend
X-Forwarded-Proto
X-Request-Processing-Time
MicrosoftSharePointTeamServices
Payment
X-Request-Received
Server-Node
TP-Cache
X-PressLabs-Stats
X-Varnish-TTL
X-Aws-Lambda-Call-Status
Arr-Disable-Session-Affinity
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-HS-Combine-CSS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-RateLimit-Remaining
X-FTR-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-GUploader-UploadID
X-Distributor
Count-Hit
X-Accel-Expires
X-Origin-Server
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-LB-Cache
X-NODE
X-Ezoic-Cdn
X-ORACLE-DMS-ECID
X-Microsite
X-Request-Handler-Origin-Region
X-Az
X-Varnish-Server
X-Activity-Id
X-AppVersion
X-Cluster-Name
X-Newrelic-App-Data
X-App-Server
X-Varnish-Backend
Host
Cache-Tags
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
X-Www-Served-By
Retry-After
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Content-Security-Policy-Report-Only
MRF-Tech
X-Ttl
Cleartype
X-Ua-Device
Server-Name
X-Goog-Metageneration
Filterid
X-Envoy-Decorator-Operation
X-ASPNET-VERSION
X-Hostname
X-Unique-Id
X-CSRF-Token
X-Git-Hash
Access-Control-Allow-Method
X-Geo-Country
X-Azure-Ref
X-Hits
X-Load-Cache
X-Upgrade-Enabled
Referer-Policy
X-NGENIX-Cache
X-Varnish-Ttl
X-Debug
TCN
X-Logged-In
TP-L2-Cache
X-Seen-By
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Time
X-FB-Debug
X-Proxy
X-Amz-Apigw-Id
X-Amzn-RequestId
X-B3-Sampled
Section-Io-Cache
X-Trace-Id
X-Grace
X-Type
X-Request-Guid
X-Id
X-Cache-Control
X-TT
X-B
X-Revision
X-F-Cache
X-CCDN-Origin-Time
Healthy
X-Hcs-Proxy-Type
X-DIS-Request-ID
Surrogate-Key
DC
X-CCDN-CacheTTL
X-Contextid
X-Fb-Rlafr
Viewport
X-XRDS-LOCATION
Paypal-Debug-Id
X-N
X-Mobile
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Stored-Content-Length
X-WP-CF-Super-Cache
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Debug-Info
X-Page-Id
Fastly-SWR
Fastly-SIE
X-Px
Content-Disposition
X-Whom
Version
X-Via-JSL
X-Origin-Cache
X-Varnish-Grace
X-Datadog-Parent-Id
X-Webkit-CSP
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
X-Content-Options
X-Magnolia-Registration
Charset
X-Template
X-Wix-Request-Id
X-Amz-Replication-Status
X-App-Environment
X-Cache-Grace
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Rule
X-Oracle-Dms-Ecid
X-RemovedCookies
X-UUID
X-Tumblr-Pixel
X-ProcessESI
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Datadog-Sampled
X-Node-Name
X-RTag
X-G
X-Cache-Age
X-Source
Ms-Operation-Id
MS-CV
SD-X-WS
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-FW-Type
X-FW-Static
X-FW-Version
X-L-Path
X-Signature
X-B-Cache
X-Instance
X-FW-Serve
X-Environment-Context
X-Backend-Name
X-FW-Dynamic
X-FW-Hash
X-FW-Server
ServerID
X-EdgeConnect-Cache-Status
X-Hl-Ver
X-Adobe-Content
X-Debug-IsConnected
X-Adobe-Loc
X-NWS-UUID-VERIFY
X-Debug-IsPreview
X-User-Agent
X-Region
X-Status
X-Cacheable-TTL
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-Device-Type
X-Rendered-As
X-Real-IP
Country
X-Storage
NGB
GEO-INFO
X-Cache-Hit
X-ServerID
X-Is-Bot
X-Rid
Countrycode
X-IPS-LoggedIn
SRV
Cross-Origin-Window-Policy
X-Amzn-Remapped-Content-Length
X-Language
Liferay-Portal
X-B3-SpanId
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Sucuri-Cache
X-Sucuri-ID
X-RM-Cache-TTL
X-Wormhole-Sdk
Amp-Access-Control-Allow-Source-Origin
Front
X-Origin-Cache-Key
X-Ratelimit-Reset
OT-Force-Account-Verify
X-Framework
X-Servername
X-Air-Pt
From-Origin
X-VC-Cache
X-AB
X-Oracle-Dms-Rid
X-UA
X-Content-Powered-By
X-Mode
X-VC
Xet-Cookie
Backend
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Akamai-Request-ID2
Upgrade-Insecure-Requests
X-WebKit-CSP-Report-Only
Refresh
X-Cache-Time
X-URL
X-DataDome
X-INCAP-ABP
X-Handled-By
X-Xrds-Location
X-Nginx-Cache
Accept-Language
X-SRV
X-Rewrite-Enabled
X-Edge-Location
X-SaId
Cache
X-Rn-Rsrv
Meta-Geo
X-RID
X-UPSTREAM-Address
X-Xfnlog-Site
X-JoinUs
Filters
X-Endurance-Cache-Level
X-Tumblr-Pixel-2
X-Cache-Operation
Access-Control-Request-Headers
X-Cluster
X-Cloudmap
X-Labrador-Cache-Channel
X-AWS-Id
X-Container-Uri
X-Extlb
X-Hosted-By
X-Git-Commit
X-Generated-By
X-Lambda-Id
ServedBy
X-Proxied
X-Reqid
X-Cache-Status-Check
X-Provided-By
X-PHP-Host
X-LJ-Flow-ID
X-No-Session
X-Origin-Date
X-Routing-Service
X-Cache-Rule
X-Zipkin-Id
X-Webstats-RespID
X-VWS-Id
X-Varnish-Age
Section-Io-Id
Mn-Server-Ip
Property-Id
TWC-Device-Class
X-Tb
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Web-Node
TWC-Connection-Speed
X-Loop
X-Redis-Cache
X-Adobe-Source
X-Scope-Id
X-Restarts
Apigw-Requestid
Atl-Traceid
TWC-Privacy
X-Ismobilevalue
X-Origin-Hint
X-Logging-Id
TWC-Locale-Group
X-Fastly-Request-Id
Url
X-IPLB-Request-ID
X-Cms-Context
X-Forwarded-Host
X-Tncms
X-IPLB-Instance
X-Akamai-Edgescape
X-HTML-Minification-Powered-By
Webcakes-App-Version
Web-Mar-Node
X-R9-Blue-Green-Version
Webcakes-Region
Webcakes-App-Name
X-Accel-Version
X-VCT
X-Tcp-Rtt
X-Varnish-Cache-Hits
Frame-Options
X-Varnish-Beresp-Grace
X-Locale
X-Director
X-Fetched-On
X-Origin
X-Format
X-Cache-Host
X-Is-Tablet
X-Frame-Option
X-RCS-CacheZone
X-Site-Version
X-ProxyCache-Key
X-BYPASS-REASON
X-RateLimit-Reset
X-Geo-Region
X-Cache-Debug
X-Skip-Cache
X-Azure-Ref-OriginShield
X-Is-Desktop
X-Say-Cacheable
X-Httpd
X-Is-Mobile
X-Upstream-Ct
X-Browser-Name
X-Upstream-Ht
X-ProxyCache-Status
X-Ms-Request-Id
X-Is-Supported-Browser
LB
X-Served-From
X-SayCDN-TTL
X-Say-TTL
X-Ms-Version
X-Soup
WPO-Cache-Message
X-Shopify-Stage
Xserver
Selected-Fe
X-ECache
X-Detected-As
X-RateLimit-Limit
WPO-Cache-Status
X-S
X-Proxy-Build
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-GeoCountry
X-Timing-Wait
X-GeoCode
X-Api-Version
Webserver
X-Optimistic-Header
X-Vcache
X-Origin-TTL
X-Origin-CC
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Drupal-Cache-Tags
X-ShardId
X-Request-URI
X-ShopId
X-Generation-Time
X-CMSURLCustom
X-Lagoon
Thinkindot-CacheControl
TDXMobile
Cache-Hits
Thinkindot-CacheControl-Type
X-Shield-Cache-Expires
Thinkindot-Control
X-Thinkindot-L3
X-CDN-Forward
Onion-Location
Fastcgi-Useragent
X-Drupal-Cache-Contexts
X-Cdn-Origin
Source
Protected
X-Tt-Logid
X-WP-CF-Super-Cache-Cookies-Bypass
X-ID
Cdn-Requestid
X-Worker
X-Vercel-Cache
X-Vercel-Id
X-TA-CDN-Provider
X-Buckets
X-Vcl-Version
X-Connection-Hash
X-XRDS-Location
Expiry
X-Cache-Expired-At
X-PHP-Backend
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Rocket-Nginx-Serving-Static
Azure-Version
Azure-SlotName
X-B3-Traceid
X-Mg-Request-UUID
X-Pass-Why
Node
X-Fastcgi-Cache
X-GEO
X-Cache-Action
Priority
X-App-Version
CDN-Cache
CDN-PullZone
Sid
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestPullSuccess
X-Proxy-Cache-Status
CDN-RequestCountryCode
Environment
CDN-Uid
CDN-RequestPullCode
X-Tumblr-Pixel-3
Cross-Origin-Embedder-Policy
Uber-Trace-Id
X-Aspnetmvc-Version
AMP-Access-Control-Allow-Source-Origin
X-Cluster-Node
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Server-W
X-Cache-Server
Cache-Tv-Group
Alternate-Protocol
CF-IPCountry
DB-Nickname
X-HITS
X-Tx-Id
User-Cache-Control
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
HostName
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Template-Id
X-Auth-Group-Type
X-FB-TRIP-ID
X-Jobs
X-UA-Device-Type
Odigeo-Trace-Id
Ngx.Var.Host
X-Rojux
X-SB
X-TIM-N
X-ScT
X-Ec-GeoHdr
X-Esi-Check
Candidate-Md5Url
X-Epic-Correlation-Id
X-Fastly-Backend
Rendered-Blocks
Origin-Agent-Cluster
Origin
X-Gzip
DCR-Decision-By
DCR-Processing-Time-Ms
X-Origin-Expires
X-Ig-Origin-Region
A
X-ND-Cache
X-Ig-Push-State
Content-Secure-Policy
X-Hnp-Log
Edge-Cache
X-Gen-Mode
Magicmarker
MD5-Digest
Lang
X-GeoIP-City
Gannett-Cam-Experience-Id
X-Ec-Fail
X-Service
Meta-Geo-Continent
X-SRCache-Key
X-A-Wwc
X-Custom-Header
X-Aed
X-A-Dgt
X-A-Dcw
X-D
X-A
X-A-Dam
X-Content-Age
X-Conf
X-Block-Status
X-Cache-Id
X-Pad
X-Bl-Debug
X-Cache-NE
X-Bc-Bl
X-BCube-Filmed-By
X-Developer
X-A-Ccd
X-Dispatcher-Server
T-Server
Sslversion
X-Viewer-Country
X-Vdms-Version
Surrogated-Key
X-Vtex-Remote-Cache
X-Client-Ip
X-Nf-Request-Id
X-DC
X-CacheTTL
X-Cdn-Srv
X-App-Name
X-Backend-Instance
X-Clientip
X-HS-Content-Campaign-Id
X-Auto-Login
Sever-Int
X-Men
X-Loc
Cdnsip
Cdncip
CDCHOST
X-Level-Front-Cache
Server-Host
X-AK-Request-ID
Req-ID
X-Cache-Info
Server-Hostname
Ssr
Fastly-SSL
X-Device-Os
X-Forwarded-Site
Wxu-Next-Commit
X-Gdpr
Wxu-Next-Hostname
X-Debug-Cache-Fetch
Vix-Hermes-Req-Id
X-FC-Vary-Parameters
X-Debug-Cache-Store
NM-Fastcgi-Cache
V-Age
Wxu-Next-Region
X-Generated-On
Origin-EX
X-GeoIP-Region-Code
X-GoCache-CacheStatus
Powered-By
X-GeoIP-Country-Code
Origin-CC
X-Geo-Header
X-GeoIP
Server-Ext
Host-ID
Fastly-Backend-Name
X-Org
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Tb-Optimization-Total-Bytes-Saved
X-Mvc-Supplant-Cachable
X-Varnish-Director
X-V-Cache
X-Sn-Servicetimems
X-Req
X-RateLimit-Limit-Second
X-LSADC-Cache
X-RateLimit-Remaining-Second
X-SD-PageType
X-Server-IP
X-Varnish-Hostname
X-VG-WebCache
X-Core-Value
XM
X-Cache-TTL-Remaining
Cdn-Host
Cdn-Request-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Edge-Server
X-DefHash
X-DefElseHash
X-Pubstack
X-Test
X-Varnish-Remaining-TTL
C-Via
X-Varnish-CookieINHashed-On
X-Policy
X-Platform
X-Via-Fastly
X-Cache-Bucket
X-Origin-Time
X-Origin-Response-Time
Cache-Provider
X-Powered-By-VTEX-Cache
X-Node-Id
X-Nyt-Route
X-Varnish-CookieHashed-On
X-Proto
X-Op-Id-All
X-NMSegId
X-MP-GENERATED-AT
X-Dc
Mime-Version
X-WA-Info
X-CUA
X-NCache
X-Nginx-Cache-Key
Yak-Timeinfo
Click-Count-Action-Start
Adler-Geo
X-Mvc-Supplant-OutputCached
X-CGP
Tube-Get-Contents
RNT-Time
RNT-Machine
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
Tube-Return
Tube-Got-Eval
X-B3-Trace-ID
Producers
Country-Code
X-Contensis-Viewer-Groups
Esi-Enabled
Is-Eu
Platform
X-We-Are-Hiring
Click-Count-Error
X-Depends
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-Eu-Site
X-VG-TLSProxy
X-Thanos
X-Hash
X-Fastly-Cache
X-Section
X-Request-Host
X-Region-Sid
X-Request-Start
X-Request-Time
X-Scheme
X-Ec-Custom-Error
X-Var-Ttl
X-Proxied-Request
X-Mly-Id
X-Micro-Cache
X-Fmm-Version
X-Date
X-DPWN-IS-SECURE
Tube-Got-Results
X-VarnishDD-TTL
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-HN
X-PAYTM-SRV-ID
X-NodeID
X-Human
X-Csrf-Jwt
Release
Cluster
Proxy-Firewall
PFcat
True-Client-Country-4JS
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Gh-Request-Id
Apple-News-Services-Parsed-Url
On-Server
Content-Script-Type
Fastly-GeoIP-CountryCode
HA-Ipaddr
Ha-Gx-Prefs
L
L5d-Success-Class
Content-Style-Type
DSUID
Mail-Subject
W
Apple-News-Services-Host
We-Hiring
X-Cache-Aspx
X-Amz-Storage-Class
X-Bip
X-Aicache-OS
X-Access
AKAMAI
Web-Mar-Region
X-Accel-Expires-Debug
X-Varnish-Beresp-Ttl
NGX
Machine
Req-Svc-Chain
X-From
X-Up
X-LiteSpeed-Cache-Control
X-BBC-Edge-Cache-Status
Pramga
X-Location
Canary
Cache-Key
X-Pool
X-Jungle-Id
X-Varnishpool
X-Zone
X-AIR-PT
X-NGINX-Cache
WP-Super-Cache
X-Vdms-Path
X-Cache-Backend
CDN-RequestId
X-Uri
X-Varnish-Hits
X-Cs
X-Cache-FS-Status
X-LB-ID
X-Akamai-Transformed
Debug
Redirect-Candidate
X-CACHE-GROUP
CloudFront-Viewer-Country
SID
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Newrelic-Synthetics
X-HA-Backend
X-Via-Poph
X-Via-Popn
X-ApacheServer
X-Servedbyhost
X-Via-Popv
X-Refresh
X-PERF
X-Render-Time
Pics-Label
Server-Info
Fastly-Drupal-HTML
BehaviorPad-Version
X-VHOST
X-Response-Served-From
GeoIP-Latitude
X-Original-Request-Id
X-Nananana
X-M-Reqid
X-M-Log
X-VC-TTL
X-B3-Parentspanid
X-APP
X-Datadome
Fastly-Drupal-Html
X-TT-LOGID
X-Parent-Response-Time
X-LB-NoCache
X-CACHE-AGE
X-Cached-By
Locid
Resin-Trace
X-Content-Length
X-CS
Datacenter
X-Litespeed-Tag
X-DynaTrace-JS-Agent
X-Nc
X-Amz-Meta-Cb-Modifiedtime
X-CDN-Cache-Status
X-Wa
Server-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-IAuth-Set-Uid
Cf-Ipcountry
GeoIp-Country-Code
X-LiteSpeed-Tag
NtCoent-Length
Cdn
X-VCache
Ngx-Var-Key
X-Old-Content-Length
X-ZONE
Uri
X-Varnish-Beresp-TTL
Vc-Max-Age
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
FSS-Cache
X-Fpc
X-RequestId
X-Dispatcher-Number
X-Vgn-Hpd-Reason
CDN
X-NewRelic-App-Data
X-Moov-T
X-Moov-Xdn-Version
True-Client-IP
True-Client-Ip
X-Esi
Serverhost
X-TH-Server
Product
X-B3-Spanid
X-SERVER-NAME
X-TX-ID
X-HostName
Srv
X-Srv
Cross-Origin-Embedder-Policy-Report-Only
GeoIP-Country-Code
X-Dynatrace-Js-Agent
X-Ckpd-Fst-Backend
S-Rt
Tcn
X-FPC
X-Nf-Ats-Version
X-Nf-Country
X-TIME
X-Nf-Language
X-Oracle-DMS-ECID
X-S-Cookie
X-Cdn-Forward
X-User
X-Bug-Bounty
X-Cdn-Cache-Status
ServerName
X-External-Request-Id
X-Destination
Cf-Device-Type
X-B-Cookie
X-Application
Request-ID
X-HubSpot-Correlation-Id
X-Vc
X-Zen-Fury
X-NC
Server-Id
CacheControlHeader
X-Dispatch
X-WA
X-APP-VERSION
Hostname
X-Webkit-Csp-Report-Only
X-CACHE-KEY
X-Cache-Date
X-Sigma-Backend
X-Rocket-Build-Number
X-Instance-Name
X-Sigma
X-COUNTRY
X-VServer
X-API-Version
X-FL-QIT-DEBUG
Srvid
Geoip-Latitude
X-Presslabs-Stats
X-Ha-Backend
X-Branch-Name
X-Geo
Ohc-File-Size
X-Via-PopH
X-Segment-20210421
X-Lb-Nocache
User-Agent
X-Akamai-Device-Characteristics
X-Via-PopV
X-Via-PopN
ServerHost
X-Info
X-ServedByHost
Origin-Trial
X-Gamma-Serve
X-Vmg-Version
Load-Balancing
DataCenter
X-VCL-Version
X-DynaTrace
Cneonction
X-DataCenter
Epwk-X-Cache
PICS-Label
Xc-Version
Cloudfront-Viewer-Country
X-Cache-Ttl
Type
X-Correlation-ID
X-App
X-Ua
Expect-Staple
X-Limited
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-Amz-Meta-Opti
Cross-Origin-Opener-Policy-Report-Only
X-Lb-Id
X-Irp-Debug
X-Serial
X-Check-Cacheable
X-Owner
X-Hit
Ohc-Cache-HIT
X-Akamai-Pragma-Client-IP
X-MiniProfiler-Ids
Lb
X-Via-Edge
X-Service-Response-Time
Sm-Log-Id
X-Qloud-Router
Warning
X-Via-CDN
X-Acquia-Application-Trace
X-Acquia-Site
X-Is-Crawler
Cmstype
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Flags
X-Route-Name
X-Aspnet-Duration-Ms
Edge-Copy-Time
Cl-Cache
Timeexpire
X-Via-SSL
X-Datacenter
X-MSEdge-Flight
X-MSEdge-Features
WebServer
X-Providence-Cookie
X-Sqd-Stime
X-Sqd-Ctime
X-Web-Server
Cmsid
X-Core-Mission
X-Litespeed-Cache-Control
Servername
X-LAGOON
CountryCode
X-CSRF-TOKEN
X-Page-View
X-Origin-Upstream-Status
X-Sorting-Hat-Shopid
X-Sorting-Hat-Podid
X-Shopid
X-Shardid
X-SIPLIST1
X-Requestid
X-Http-Reason
IsBot
Ngx
X-Snapshot-Date
X-Th-Server
X-Ramcache
X-RAMCache
X-Amz-Meta-S3b-Last-Modified
X-IN-APIGATEWAYSSL
X-Sql-Count
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Sql-Duration-Ms