Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Ua-Compatible
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
Allow
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Content-Location
X-Node
X-Application-Context
P3p
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-Daa-Tunnel
X-Oneagent-Js-Injection
X-Server-Name
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Browser-Type
X-Midtier
X-Powered-By-Plesk
X-ESI
X-Cnection
X-GitHub-Request-Id
X-Upstream
Edge-Control
X-D2id
X-Element-Page-Cache
Verso
X-Ac
X-MS-InvokeApp
X-Exp-Variant
AR-Request-ID
AR-SID
X-GoogleNews-Bot
X-Exp-Id
AR-PoweredBy
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
AR-ATIME
X-Kinja
X-Kinja-Server
Accept-Ch-Lifetime
X-ECACHE
X-FastCGI-Cache
X-B3-TraceId
X-Vcap-Request-Id
X-Cache-TTL
X-Ser
X-Abt-Application-Version
X-Navigation-Version
AR-CACHE
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-NF-Request-ID
X-Client-IP
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Aws-Lambda-Call-Status
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Mg-S
Edge-Cache-Tag
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
X-Goog-Hash
Response
X-Middleton-Response
Cache-Status
X-Version
Access-Control-Request-Method
X-Amzn-Trace-Id
X-VARITI-CCR
X-Ruxit-Js-Agent
X-ARC
X-Cache-Key
X-RateLimit-Remaining
RTSS
X-Fastly-Request-ID
X-Ratelimit-Limit
X-Content-Digest
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-Recruiting
X-T
Realpath
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-Varnish-TTL
X-MSEdge-Ref
Fastcgi-Cache
Front-End-Https
X-Cached
MS-Author-Via
Content-MD5
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-Shield-Request-Id
X-Protected-By
X-Ua-Browser
Payment
Public-Key-Pins
Server-Node
X-Request-Processing-Time
X-Request-Received
X-Ratelimit-Remaining
X-Forwarded-Proto
MicrosoftSharePointTeamServices
X-HS-Combine-CSS
TP-Cache
X-LLID
X-TTL
X-Frontend
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Distributor
X-Ttl
X-FTR-Expires
X-Server-ID
X-Accel-Expires
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Count-Hit
X-GUploader-UploadID
X-NODE
X-ORACLE-DMS-RID
X-Origin-Server
X-LB-Cache
X-PressLabs-Stats
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-AppVersion
X-Activity-Id
X-Az
X-Content-Security-Policy-Report-Only
Host
X-TEC-API-VERSION
X-Ua-Device
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Www-Served-By
X-Varnish-Backend
X-Cluster-Name
X-App-Server
X-Varnish-Server
X-Hits
Retry-After
Cache-Tags
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Newrelic-App-Data
X-Origin-Cache-Key
X-ORACLE-DMS-ECID
Cleartype
X-CSRF-Token
X-Hostname
X-NGENIX-Cache
X-Goog-Metageneration
X-Geo-Country
X-Envoy-Decorator-Operation
Referer-Policy
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Git-Hash
TP-L2-Cache
X-DIS-Request-ID
X-Id
X-Azure-Ref
X-Seen-By
X-Unique-Id
Filterid
TCN
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Load-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-F-Cache
X-Proxy
X-Revision
X-Grace
X-XRDS-LOCATION
Healthy
Section-Io-Cache
X-Trace-Id
X-Cache-Control
X-Request-Guid
X-B3-Sampled
X-B
DC
X-TT
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Type
X-Contextid
X-Logged-In
Paypal-Debug-Id
X-Px
X-Debug-Info
X-FB-Debug
X-Fb-Rlafr
X-Page-Id
X-Mobile
X-Debug
X-N
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Varnish-Ttl
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
X-Goog-Generation
X-Goog-Storage-Class
Fastly-SIE
Fastly-SWR
X-Whom
X-Oracle-Dms-Ecid
X-Time
X-Datadog-Sampling-Priority
X-Webkit-CSP
X-Via-JSL
X-Datadog-Parent-Id
Charset
X-Datadog-Trace-Id
X-Content-Options
Content-Disposition
X-Template
Version
X-RateLimit-Limit
X-Cache-Grace
X-Varnish-Grace
X-Magnolia-Registration
X-Wix-Request-Id
X-Origin-Cache
X-App-Environment
X-EdgeConnect-Cache-Status
X-Language
X-Signature
X-B-Cache
X-ProcessESI
VIX-Pulpo-Upstream-Status
X-B3-SpanId
VIX-Pulpo-Node
X-Node-Name
X-RemovedCookies
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Yottaa-Metrics
X-Datadog-Sampled
X-Debug-IsConnected
X-Amz-Replication-Status
X-Rule
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Debug-IsPreview
X-UUID
X-Hl-Ver
SD-X-WS
Ms-Operation-Id
MS-CV
X-G
Countrycode
X-RTag
X-Instance
GEO-INFO
X-Cache-Age
X-Backend-Name
X-Device-Type
X-Adobe-Loc
X-FW-Dynamic
X-FW-Version
X-FW-Hash
X-Adobe-Content
X-Storage
X-FW-Type
X-FW-Server
X-FW-Static
ServerID
X-FW-Serve
X-Rendered-As
NGB
X-Proxy-Cache-Info
X-Is-Bot
X-NYM-Debug-Backend
X-Amzn-Remapped-Content-Length
X-Cacheable-TTL
SRV
X-L-Path
X-Environment-Context
X-Cache-Hit
X-Region
X-Status
Surrogate-Key
Country
X-User-Agent
Liferay-Portal
X-IPS-LoggedIn
X-Real-IP
X-ServerID
X-NWS-UUID-VERIFY
X-Rid
X-Source
X-RateLimit-Reset
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Sucuri-ID
X-Sucuri-Cache
Cross-Origin-Window-Policy
OT-Force-Account-Verify
X-Servername
From-Origin
X-RM-Cache-TTL
X-VC-Cache
X-WebKit-CSP-Report-Only
Front
X-Framework
X-UA
Upgrade-Insecure-Requests
Amp-Access-Control-Allow-Source-Origin
Backend
X-Air-Pt
X-Wormhole-Sdk
X-INCAP-ABP
X-Mode
X-AB
X-Xrds-Location
X-URL
X-Air-Trace-Id
X-Air-Hostname
X-Air-Source
Refresh
X-Cache-Time
X-Akamai-Request-ID2
X-Content-Powered-By
Xet-Cookie
X-Handled-By
X-RID
X-Edge-Location
Frame-Options
X-DataDome
X-VC
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
Accept-Language
X-Xfnlog-Site
X-Proxy-Build
X-RCS-CacheZone
Selected-Fe
X-SaId
X-Rewrite-Enabled
X-Rn-Rsrv
Filters
X-JoinUs
X-Webstats-RespID
Meta-Geo
X-Origin-CC
X-Timing-Wait
X-UPSTREAM-Address
X-Origin-TTL
X-Origin
X-Container-Uri
WPO-Cache-Message
Webcakes-Region
X-No-Session
Atl-Traceid
X-Logging-Id
WPO-Cache-Status
X-VWS-Id
X-Cluster
X-Labrador-Cache-Channel
X-Git-Commit
X-AWS-Id
X-SRV
X-LJ-Flow-ID
X-Akamai-Edgescape
X-Cache-Operation
X-Served-From
TWC-GeoIP-Country
X-Origin-Date
TWC-Locale-Group
Url
TWC-Device-Class
ServedBy
X-Tumblr-Pixel-2
Property-Id
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Provided-By
X-PHP-Host
X-Origin-Hint
Cache
Webcakes-App-Name
X-Reqid
X-Cache-Rule
X-VCT
X-Hosted-By
X-Fetched-On
X-Web-Node
X-Azure-Ref-OriginShield
X-Varnish-Cache-Hits
X-IPLB-Instance
X-Drupal-Cache-Tags
X-Locale
X-Restarts
X-Routing-Service
X-Redis-Cache
X-R9-Blue-Green-Version
Web-Mar-Node
X-Scope-Id
Webserver
X-Tb
Access-Control-Request-Headers
Section-Io-Id
X-Zipkin-Id
Mn-Server-Ip
X-Extlb
X-Proxied
X-Accel-Version
Cache-Hits
X-Cache-Debug
X-Cloudmap
X-Cms-Context
X-Site-Version
X-IPLB-Request-ID
X-Vcache
X-Adobe-Source
TDXMobile
Thinkindot-CacheControl-Type
X-CMSURLCustom
X-Drupal-Cache-Contexts
Apigw-Requestid
X-Director
X-Browser-Name
X-BYPASS-REASON
Thinkindot-Control
X-Is-Desktop
X-ProxyCache-Status
X-Upstream-Ct
X-S
X-ProxyCache-Key
X-Ms-Version
X-Format
X-Loop
X-Ms-Request-Id
X-Say-Cacheable
X-Say-TTL
X-Tcp-Rtt
X-Tncms
X-Thinkindot-L3
X-Soup
X-Skip-Cache
X-SayCDN-TTL
X-Shield-Cache-Expires
Thinkindot-CacheControl
X-Upstream-Ht
X-Is-Mobile
X-Is-Supported-Browser
X-Httpd
X-Varnish-Age
X-Geo-Region
X-Generation-Time
X-Buckets
X-Forwarded-Host
X-Lambda-Id
X-Is-Tablet
X-Frame-Option
X-Nginx-Cache
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-GeoCode
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Grace
Xserver
X-Cache-Host
X-Alternate-Cache-Key
X-Generated-By
X-GeoCountry
X-Detected-As
X-ShardId
X-ShopId
X-Shopify-Stage
X-CDN-Forward
X-Cache-Status-Check
X-Ratelimit-Reset
X-Optimistic-Header
X-Cdn-Origin
X-Lagoon
X-Worker
X-Rocket-Nginx-Serving-Static
X-Vercel-Cache
X-Vercel-Id
Source
X-Request-URI
Fastcgi-Useragent
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-Version
X-Fastly-Request-Id
Azure-RegionName
LB
X-TA-CDN-Provider
Node
Protected
X-Pass-Why
AMP-Access-Control-Allow-Source-Origin
X-Vcl-Version
Expiry
CDN-Uid
CDN-Cache
CDN-RequestPullCode
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullSuccess
X-Connection-Hash
Cross-Origin-Embedder-Policy
Onion-Location
X-GEO
X-Tumblr-Pixel-3
X-Api-Version
X-Cache-Expired-At
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
CDN-RequestId
X-ECache
X-PHP-Backend
X-App-Version
X-XRDS-Location
Alternate-Protocol
X-Cache-Server
Environment
DB-Nickname
Sid
X-Server-W
X-Proxy-Cache-Status
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Uber-Trace-Id
Priority
X-Jobs
X-ID
X-Cache-Action
CF-IPCountry
X-Fastcgi-Cache
X-Urbn-Context-Path
X-Ismobilevalue
X-Urbn-Site-Id
X-Cluster-Node
Locale
X-B3-Traceid
HostName
User-Cache-Control
X-LSADC-Cache
X-Mg-Request-UUID
Cdn-Requestid
X-MP-GENERATED-AT
X-Tt-Logid
Cache-Tv-Group
X-Zone
X-Nf-Request-Id
Fusion-Content-Source
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-Ig-Origin-Region
Fusion-Source
X-ScT
X-Origin-Expires
Fusion-Deployment-Id
Wxu-Next-Hostname
X-Org
X-A-Ccd
X-A-Dgt
X-SRCache-Key
Fusion-Component-Id
X-A-Wwc
X-Aed
X-Vtex-Remote-Cache
X-A-Dcw
Wxu-Next-Region
X-A
X-Ig-Push-State
X-A-Dam
X-VTEX-Cache-Time
T-Server
A
Server-Host
MD5-Digest
Sslversion
X-Request-Start
Req-ID
Rendered-Blocks
Ngx.Var.Host
X-Powered-By-VTEX-Cache
X-Level-Front-Cache
Origin-Agent-Cluster
Candidate-Md5Url
Magicmarker
X-Hnp-Log
Gannett-Cam-Experience-Id
Edge-Cache
X-SB
Meta-Geo-Continent
Fusion-Template-Id
DCR-Processing-Time-Ms
X-Rojux
Content-Secure-Policy
Lang
Surrogated-Key
DCR-Decision-By
X-Jungle-Id
X-VTEX-Cache-Server
X-Conf
X-Clientip
X-NCache
X-Vdms-Path
X-Vdms-Version
X-DC
X-ND-Cache
X-Block-Status
X-TIM-N
X-GeoIP-City
X-Cache-Id
X-Cache-NE
X-Generated-On
X-D
X-Esi-Check
X-Epic-Correlation-Id
X-Gen-Mode
X-FB-TRIP-ID
X-Forwarded-Site
X-Thanos
X-Ec-GeoHdr
X-Developer
X-Device-Os
X-Dispatcher-Server
X-Ec-Fail
X-Bl-Debug
X-Content-Age
Fusion-Content-Id
X-BCube-Filmed-By
X-Bc-Bl
X-UA-Device-Type
X-Gzip
X-Node-Id
X-Bip
X-Op-Id-All
X-Varnish-Hostname
X-Viewer-Country
X-TT-LOGID
X-Origin-Response-Time
X-Auth-Group-Type
X-NGINX-Cache
X-Tx-Id
X-AK-Request-ID
X-Proto
X-GeoIP-Region-Code
X-Amz-Storage-Class
X-App-Name
NM-Fastcgi-Cache
Origin
X-Policy
X-Debug-Cache-Store
X-Gdpr
X-FC-Vary-Parameters
X-Fmm-Version
X-Debug-Cache-Fetch
X-RateLimit-Limit-Second
X-Pubstack
X-Mvc-Supplant-Cachable
X-Edge-Server
X-HN
X-Fastly-Cache
Host-ID
Release
X-Backend-Instance
Ssr
X-HS-Content-Campaign-Id
X-GeoIP-Country-Code
X-Core-Value
X-GeoIP
X-Cache-Info
X-Loc
X-NMSegId
X-Cache-Bucket
X-Nginx-Cache-Key
X-Geo-Header
Sever-Int
Powered-By
X-Origin-Time
PFcat
X-Nyt-Route
Origin-EX
X-CUA
X-Auto-Login
X-PAYTM-SRV-ID
Server-Hostname
Server-Ext
X-Platform
Origin-CC
Cdnsip
CDCHOST
Cache-Provider
X-Uri
C-Via
X-Req
Cdn-Host
X-Varnishpool
X-Tb-Optimization-Total-Bytes-Saved
Cdncip
Cdn-Request-Time
X-Response-Served-From
Fastly-SSL
X-Via-Fastly
X-WA-Info
X-SD-PageType
X-Var-Ttl
X-Scheme
X-Service
AKAMAI
X-VG-WebCache
X-Request-Time
Yak-Timeinfo
X-Test
X-Original-Request-Id
Content-Style-Type
X-V-Cache
X-Region-Sid
X-RateLimit-Remaining-Second
DSUID
Odigeo-Trace-Id
Content-Script-Type
X-Varnish-Director
X-VarnishDD-TTL
Fastly-Backend-Name
X-We-Are-Hiring
X-Cdn-Srv
X-Ad-Load-Variation
X-CGP
X-Acquia-Purge-Cdn-Unconfigured
X-Access
X-Human
X-Contensis-Viewer-Groups
X-Section
X-Fastly-Backend
X-Server-IP
X-Eu-Site
X-Aicache-OS
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-GoCache-CacheStatus
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-OutputCached
X-BBC-Edge-Cache-Status
Web-Mar-Region
X-B3-Trace-ID
X-LiteSpeed-Cache-Control
X-Cache-Backend
X-Newrelic-Synthetics
X-SVT-ORM-VERSION
XM
X-DPWN-IS-SECURE
X-NodeID
X-Men
X-Cache-Aspx
X-Wikidot-Backend
X-Location
X-Cache-TTL-Remaining
X-Ec-Custom-Error
X-Custom-Header
X-Wikidot-Static-Cache
X-Varnish-Authentication
Tube-Get-Contents
X-VG-TLSProxy
Click-Count-Action-Start
Click-Count-Error
X-Proxied-Request
X-Dc
X-Pool
We-Hiring
Platform
Canary
On-Server
Cluster
Mail-Subject
Ha-Gx-Prefs
Gh-Request-Id
Esi-Enabled
Fastly-GeoIP-CountryCode
HA-Ipaddr
Is-Eu
Machine
L5d-Success-Class
L
Country-Code
Producers
Pramga
Tube-Got-Eval
X-Csrf-Jwt
True-Client-Country-4JS
X-From
Tube-Got-Results
Tube-Return
W
X-Varnish-Beresp-Status
V-Age
X-Mly-Id
Adler-Geo
X-Request-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Cache-Key
Req-Svc-Chain
Apple-News-Services-Request-Url
Redirect-Candidate
Apple-News-Services-Host
RNT-Machine
X-Micro-Cache
RNT-Time
X-AIR-PT
WP-Super-Cache
X-Up
X-Date
X-Hash
X-Accel-Expires-Debug
X-PERF
X-Slack-Backend
Proxy-Firewall
X-Render-Time
NGX
X-ApacheServer
X-Slack-Shared-Secret-Outcome
X-CacheTTL
X-Cs
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-COUNTRY
Debug
X-DefElseHash
X-LB-ID
X-DefHash
X-Varnish-CookieHashed-On
X-Pad
Mime-Version
X-Client-Ip
X-Varnish-Hits
X-CACHE-GROUP
X-Depends
X-Nananana
X-Refresh
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-HA-Backend
Datacenter
SID
Fastly-Drupal-HTML
CloudFront-Viewer-Country
X-Akamai-Transformed
Locid
Pics-Label
X-Cache-FS-Status
X-VHOST
X-Parent-Response-Time
X-Amz-Meta-Cb-Modifiedtime
X-Datadome
X-VC-TTL
X-Servedbyhost
GeoIP-Latitude
X-M-Reqid
X-M-Log
X-CACHE-AGE
X-Cached-By
X-HITS
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Old-Content-Length
X-LB-NoCache
X-LiteSpeed-Tag
Server-Info
Fastly-Drupal-Html
Ngx-Var-Key
X-B3-Parentspanid
X-TIME
X-Litespeed-Tag
X-DynaTrace-JS-Agent
Resin-Trace
BehaviorPad-Version
X-CDN-Cache-Status
Cf-Ipcountry
X-CS
Server-ID
GeoIp-Country-Code
X-TH-Server
X-Moov-Xdn-Version
X-APP
X-Moov-T
Cdn
X-Nc
Cross-Origin-Embedder-Policy-Report-Only
X-VCache
X-Wa
X-Vgn-Hpd-Reason
X-TX-ID
NtCoent-Length
X-IAuth-Set-Uid
X-Content-Length
FSS-Cache
X-NewRelic-App-Data
X-Varnish-Beresp-TTL
CDN
X-Destination
True-Client-IP
X-User
Cf-Device-Type
X-S-Cookie
X-Application
X-Fpc
X-External-Request-Id
X-B-Cookie
X-Esi
X-ZONE
X-HostName
Serverhost
X-Presslabs-Stats
Uri
True-Client-Ip
Srv
X-Srv
X-Zen-Fury
X-Vc
Tcn
X-Sigma-Backend
X-Instance-Name
X-Dispatcher-Number
X-Sigma
X-Rocket-Build-Number
X-Cache-Date
X-Oracle-DMS-ECID
Vc-Max-Age
X-Dynatrace-Js-Agent
S-Rt
X-HOST
GeoIP-Country-Code
X-Cdn-Forward
X-API-Version
X-WA
X-VServer
X-FPC
X-NC
Request-ID
X-CLOUD-TRACE-CONTEXT
Load-Balancing
X-Segment-20210421
X-APP-VERSION
X-RequestId
X-Dispatch
X-DynaTrace
X-Branch-Name
Product
X-Cdn-Cache-Status
X-Aspnet-Duration-Ms
X-CACHE-KEY
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Route-Name
Server-Id
Hostname
Ohc-File-Size
X-B3-Spanid
X-FL-QIT-DEBUG
Srvid
X-DataCenter
X-Lb-Nocache
ServerName
X-Webkit-Csp-Report-Only
Geoip-Latitude
X-Ckpd-Fst-Backend
X-Page-View
X-SERVER-NAME
X-Geo
Type
X-Bug-Bounty
X-ServedByHost
DataCenter
X-Irp-Debug
Cloudfront-Viewer-Country
X-Ua
CacheControlHeader
X-Sql-Count
X-Sql-Duration-Ms
X-Http-Reason
X-VCL-Version
PICS-Label
Epwk-X-Cache
Cl-Cache
X-Cache-Ttl
Lb
Origin-Trial
Ohc-Cache-HIT
Edge-Copy-Time
IsBot
X-Via-Edge
X-Via-CDN
X-App
ServerHost
X-Via-SSL
X-SIPLIST1
X-Via-PopN
X-Via-PopV
X-Via-PopH
X-Ha-Backend
X-Owner
Cross-Origin-Opener-Policy-Report-Only
X-Correlation-ID
X-Nf-Language
X-HubSpot-Correlation-Id
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Nf-Ats-Version
X-Nf-Country
User-Agent
X-Akamai-Device-Characteristics
XkeyRZ
MIME-Version
X-MiniProfiler-Ids
WZWS-RAY
X-Core-Mission
Cneonction
X-Vmg-Version
X-Lb-Id
X-Proxy-CacheRZ
Warning
X-Acquia-Application-Trace
X-Qloud-Router
X-Gamma-Serve
X-Info
X-Service-Response-Time
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Sqd-Stime
Cmsid
X-Sqd-Ctime
X-Acquia-Site
X-Limited
Cmstype
Sm-Log-Id
X-Datacenter
X-Fastly-Country-Code
X-MSEdge-Flight
X-MSEdge-Features
N-Cache
X-Web-Server
Servername
X-Litespeed-Cache-Control
X-Hit
X-LAGOON
X-Check-Cacheable
X-Amz-Meta-Opti
X-Akamai-Pragma-Client-IP
Xc-Version
X-Serial
X-RAMCache
X-IN-APIGATEWAY
X-Udemy-Cache-App-Namespace
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
X-Requestid
Ngx
X-Snapshot-Date
X-Ramcache
X-IN-APIGATEWAYSSL
X-Dw-Trace-Id
X-Th-Server