Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
X-Cache-Hits
X-UA-Compatible
P3P
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-FRAME-OPTIONS
X-Dns-Prefetch-Control
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Server-Timing
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-AH-Environment
X-Via
X-Robots-Tag
X-Backend
X-Cache-Group
P3p
Cf-Edge-Cache
Keep-Alive
Host-Header
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Server
X-Rq
X-Server-Powered-By
X-Age
Allow
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
EagleId
X-Dispatcher
X-Amz-Version-Id
X-LiteSpeed-Cache
Grace
Cf-Apo-Via
Nel
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
Cf-Railgun
X-Device
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Pingback
X-WebKit-CSP
X-Host
X-Node
Accept-CH
X-Server-Id
X-OneAgent-JS-Injection
X-Backend-Server
Surrogate-Control
X-CST
X-Nginx-Cache-Status
X-Readtime
X-Akam-SW-Version
X-Cache-Lookup
Permissions-Policy
X-Content-Security-Policy-Report-Only
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Request-Id
X-Application-Context
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
X-Response-Time
X-Edge
Accept-Ch-Lifetime
X-HW
Accept-CH-Lifetime
X-Ua-Compatible
Content-Location
X-Mod-Pagespeed
X-Clacks-Overhead
X-Url
X-Ruxit-JS-Agent
X-Midtier
X-ECACHE
Rating
X-ESI
X-Oneagent-Js-Injection
X-Amz-Server-Side-Encryption
X-Mcache
Xkey
X-Country
X-Upstream
X-Litespeed-Cache
X-Vcap-Request-Id
X-PC
X-TtlSet
X-Vname
X-D2id
Cache-Tag
X-Rack-Cache
X-MS-InvokeApp
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Exp-Id
X-Element-Page-Cache
X-Kinja-Server
Verso
X-Use-Magma
X-Cdn-Fetch
Accept-Ch
Edge-Control
X-Cache-TTL
Fastly-Restarts
RTSS
X-Powered-By-Plesk
X-Ruxit-Js-Agent
X-VARITI-CCR
Origin-Trial
X-Ac
X-Navigation-Version
X-Abt-Application-Version
X-Content-Type
X-Cached
X-Goog-Hash
Service-Worker-Allowed
X-Country-Code
X-GitHub-Request-Id
X-Amz-Rid
X-Middleton-Display
Pagespeed
Display
X-Sol
X-WebKit-CSP-Report-Only
X-Browser-Type
X-Ttl
X-Mg-S
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Server-Name
X-Varnish-TTL
X-B3-TraceId
Cross-Origin-Opener-Policy
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
Arr-Disable-Session-Affinity
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Powered-CMS
Response
X-Amzn-Trace-Id
X-Middleton-Response
AR-SID
AR-Request-ID
AR-PoweredBy
AR-ATIME
SPIisLatency
SPRequestDuration
X-Cache-Key
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Version
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Cnection
X-ORACLE-DMS-RID
X-ORACLE-DMS-ECID
X-Accel-Expires
Cache-Tags
X-T
Cache-Status
X-Webkit-CSP
Front-End-Https
X-Client-IP
Edge-Cache-Tag
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-NF-Request-ID
X-Px
X-MSEdge-Ref
X-Fastcgi-Cache
X-Ser
X-Hits
X-Times
Nginx-Cache
X-NWS-LOG-UUID
Public-Key-Pins
X-Recruiting
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-RateLimit-Remaining
X-LLID
X-Request-Received
X-Request-Processing-Time
X-Frontend
Server-Node
X-Ua-Browser
X-Kinja-CCPA
X-Ua-Device
Payment
X-Shield-Request-Id
X-B3-Traceid
Access-Control-Request-Method
X-DIS-Request-ID
X-Erf-Stays-Pdp-Viaduct-Migration-Web
TP-Cache
X-RateLimit-Limit
X-FastCGI-Cache
S
X-Goog-Metageneration
MicrosoftSharePointTeamServices
X-Webkit-CSP-Report-Only
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
TP-L2-Cache
X-LB-Cache
X-Content-Digest
X-PressLabs-Stats
X-Distributor
Content-MD5
Realpath
X-Microsite
X-Request-Handler-Origin-Region
X-Forwarded-For
X-Ezoic-Cdn
X-Page-Id
X-Geo-Country
Access-Control-Allow-Method
Accept-Charset
X-FB-Debug
Fastcgi-Cache
X-GUploader-UploadID
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cluster-Name
X-Protected-By
X-Rid
X-Hostname
X-Seen-By
X-Ratelimit-Remaining
X-Envoy-Decorator-Operation
X-Correlation-Id
X-B3-Sampled
Cleartype
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TTL
DC
TCN
X-Newrelic-App-Data
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
Referer-Policy
X-Origin-Server
X-Mobile
X-Origin-Cache
X-Debug-Info
X-Ratelimit-Limit
X-Varnish-Backend
Cross-Origin-Resource-Policy
X-Logged-In
X-Git-Hash
X-XRDS-Location
X-Webkit-Csp
X-Varnish-Grace
X-Edge-Location-Klb
X-Azure-Ref
X-Contextid
X-Kinsta-Cache
X-Aspnet-Version
Surrogate-Key
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Amz-Replication-Status
X-App-Environment
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Grace
X-Revision
Alternate-Protocol
X-Fb-Rlafr
X-Content-Options
X-TT
Count-Hit
X-Amz-Meta-S3cmd-Attrs
X-IPS-LoggedIn
Healthy
X-Server-ID
X-Wix-Request-Id
X-Forwarded-Proto
X-App-Server
X-Whom
X-Hosted-By
Frame-Options
WPO-Cache-Status
WPO-Cache-Message
Charset
X-Akamai-Edgescape
MS-Author-Via
Viewport
X-Daa-Tunnel
Filterid
X-Id
Paypal-Debug-Id
Retry-After
X-B
X-Backend-Name
X-Magnolia-Registration
Section-Io-Cache
X-Cache-Age
X-F-Cache
X-Client-Ip
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
SRV
X-Az
X-AppVersion
X-Trace-Id
X-Activity-Id
X-Cache-Control
X-Proxy-Cache-Info
X-Www-Served-By
Server-Name
X-App-Version
X-Type
X-RateLimit-Reset
X-Time
X-Varnish-Server
X-Rule
VIX-Pulpo-Upstream-Status
X-Http-Reason
SD-X-WS
X-Instance
X-Original-Request-Id
X-Response-Served-From
X-Proxy
Host
X-ARC
Refresh
Akamai-GRN
VIX-Pulpo-Node
X-Akamai-Request-ID2
X-Cache-Grace
Protected
X-UUID
X-User-Agent
X-Varnish-Age
X-Status
X-Edge-Location
X-Rocket-Nginx-Serving-Static
From-Origin
X-Framework
Front
X-Jobs
Amp-Access-Control-Allow-Source-Origin
X-Is-Bot
X-L-Path
Fastly-SWR
X-Cache-Rule
X-Unique-Id
X-Rendered-As
X-Page-View
Fastly-SIE
X-FW-Version
Version
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Dynamic
X-FW-Static
X-FW-Hash
X-Environment-Context
X-Adobe-Loc
X-Region
X-Cacheable-TTL
X-EdgeConnect-Cache-Status
X-N
X-Adobe-Content
X-Oracle-Dms-Ecid
X-ProcessESI
X-Oracle-Dms-Rid
X-G
X-RemovedCookies
X-Tumblr-Pixel-0
X-Cache-Time
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-1
X-Language
X-Load-Cache
Access-Control-Request-Headers
ServerID
X-COUNTRY
Country
X-Source
X-Datadog-Trace-Id
Content-Disposition
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-CDN-Forward
X-Nf-Request-Id
X-Upgrade-Enabled
X-Varnish-Ttl
X-Drupal-Cache-Tags
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Vcache
X-Datadog-Sampled
X-HTML-Minification-Powered-By
X-Mg-Request-UUID
Countrycode
Accept-Language
X-Amzn-Remapped-Content-Length
X-Debug-IsConnected
X-Debug-IsPreview
X-DynaTrace
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Generated-By
Backend
X-DynaTrace-JS-Agent
X-B-Cache
X-Signature
X-ID
Xet-Cookie
X-Xrds-Location
Liferay-Portal
Xserver
X-DataDome
Webserver
X-ECache
CF-IPCountry
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Httpd
X-Mode
X-NYM-Debug-Backend
X-Servername
X-Device-Type
X-Nginx-Cache
X-Drupal-Cache-Contexts
Url
X-Content-Powered-By
X-B3-SpanId
X-Content-Age
X-Tt-Logid
X-Zen-Fury
X-Erf-Web-Scheduler
X-JoinUs
X-Tb
Filters
Fastcgi-Useragent
X-Git-Commit
X-Proto
S-Rt
GEO-INFO
X-LAGOON
Load-Balancing
Meta-Geo
X-Container-Uri
Onion-Location
Locale
X-ServerID
X-Urbn-Site-Id
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-UPSTREAM-Address
X-Sucuri-Cache
X-SaId
X-Cache-Action
X-Urbn-Context-Path
X-Rewrite-Enabled
X-Sucuri-ID
Azure-InstanceId
X-Forwarded-Host
X-GeoCode
X-Labrador-Cache-Channel
Azure-RegionName
X-VC-Cache
X-Cluster-Node
Uber-Trace-Id
X-Varnish-Cache-Hits
X-XRDS-LOCATION
X-Varnish-Hostname
Azure-SlotName
Azure-Version
X-Director
Azure-SiteName
X-GeoCountry
X-RM-Cache-TTL
X-PHP-Host
X-Soup
X-Generation-Time
X-Sql-Duration-Ms
X-VCT
X-Sql-Count
X-Detected-As
Web-Mar-Node
X-Ms-Request-Id
X-Adobe-Source
X-Cache-Server
X-Ms-Version
Mn-Server-Ip
X-Served-From
X-Routing-Service
X-R9-Blue-Green-Version
X-Debug
DB-Nickname
X-Origin-Hint
X-FB-TRIP-ID
TWC-Device-Class
X-RCS-CacheZone
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
Property-Id
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Node
X-Extlb
X-Storage
X-Proxied
X-Zipkin-Id
X-Cache-Operation
X-Logging-Id
X-Timing-Wait
X-Fetched-On
X-Uri
X-Proxy-Build
Selected-Fe
X-Format
X-Skip-Cache
X-Tumblr-Pixel-2
X-Tumblr-Pixel-3
X-LSADC-Cache
X-Template
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Lambda-Id
X-TimeS
OT-Force-Account-Verify
Source
X-MP-GENERATED-AT
CDN-RequestId
X-Origin-Date
Fastly-Drupal-HTML
X-Tncms
X-Ratelimit-Reset
X-Cache-Expired-At
X-Cache-Hit
X-Loop
X-MCACHE
X-Varnish-Hits
X-Pass-Why
X-Endurance-Cache-Level
X-Srv
X-Redis-Cache
Content-Secure-Policy
X-Ua
X-UA-Device-Type
X-Cache-TTL-Remaining
Upgrade-Insecure-Requests
X-Via-JSL
X-NGENIX-Cache
Cross-Origin-Window-Policy
X-Datadome
X-Real-IP
X-Pubstack
X-AIR-PT
X-Origin-CC
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Node-Name
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Hcs-Proxy-Type
X-Origin-TTL
X-Server-W
X-Fastly-Request-Id
X-S
NGB
X-Rn-Rsrv
Cache-Hits
X-CSRF-Token
Cache-Provider
X-Cache-Host
CDN-RequestPullSuccess
CDN-Uid
X-PHP-Backend
CDN-EdgeStorageId
CDN-Cache
Ms-Operation-Id
CDN-CachedAt
X-RTag
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullCode
MS-CV
Cache-Name
Apigw-Requestid
X-Akamai-Transformed
X-Cache-Type
X-Cms-Context
X-Reqid
X-IPLB-Instance
X-Restarts
X-Xfnlog-Site
X-IPLB-Request-ID
X-Optimistic-Header
X-Hl-Ver
X-URL
X-GEO
X-No-Session
X-Newrelic-Synthetics
X-Parent-Response-Time
X-Aspnetmvc-Version
We-Hiring
Vix-Hermes-Req-Id
VNS-Cache
X-Accel-Buffering
W
VNS-Age
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-A-Dam
Canary
Candidate-Md5Url
CPC-Age
X-A
X-A-Ccd
BehaviorPad-Version
Web-Mar-Region
CPC-Cache
DCR-Processing-Time-Ms
Lang
Magicmarker
Mail-Subject
MD5-Digest
L5d-Success-Class
HA-Ipaddr
Fastly-GeoIP-CountryCode
Fastly-SSL
Gh-Request-Id
Ha-Gx-Prefs
Meta-Geo-Continent
X-Accel-Expires-Debug
Server-Host
Rendered-Blocks
Sslversion
Surrogated-Key
T-Server
Redirect-Candidate
Odigeo-Trace-Id
N-Cache
Ngx.Var.Host
DCR-Decision-By
Fastly-Backend-Name
True-Client-Country-4JS
X-Csrf-Jwt
X-RateLimit-Limit-Second
X-Policy
X-Origin-Time
X-RateLimit-Remaining-Second
X-Request-Host
X-S-Cookie
X-Rojux
X-Orig-Expires
X-Nyt-Route
X-Has-Esi
X-GeoIP-Region-Code
X-Irp-Debug
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-JWT-State
X-ScT
X-SD-PageType
X-Viewer-Country
X-VG-WebCache
X-Vtex-Remote-Cache
X-Wikidot-Backend
X-Wix-Viewer-Type
X-Wikidot-Static-Cache
X-Vdms-Version
X-Vdms-Path
X-Slack-Backend
X-Shop-Environment
X-Slack-Shared-Secret-Outcome
X-SRCache-Key
X-Var-Ttl
X-Tenant
X-GeoIP-Country-Code
X-Gdpr
X-CF-Lambda-Fn
X-Cdn-Diag
X-CF-Lambda-Version
X-CGP
X-Worker
X-Conf
X-CacheTTL
X-Cache-NE
X-B-Cookie
X-Application
X-Bc-Bl
X-BCube-Filmed-By
X-Cache-Info
X-Bl-Debug
X-Handled-By
X-D
X-Eu-Site
X-Ec-GeoHdr
X-External-Request-Id
X-Fastly-Backend
X-Forwarded-Path
X-FC-Vary-Parameters
X-Ec-Fail
Xc-Version
X-Debug-Cache-Fetch
X-Date
X-Debug-Cache-Store
X-Destination
X-Dispatcher-Number
X-Developer
X-Aed
X-Cache-Bucket
X-ProxyCache-Key
X-Via-Fastly
X-VWS-Id
X-ProxyCache-Status
X-BYPASS-REASON
X-CACHE-AGE
X-LJ-Flow-ID
X-Cluster
X-AWS-Id
X-Section
X-Access
X-Thinkindot-L3
X-Up
X-Bip
X-TA-CDN-Provider
X-Cache-Debug
X-BBC-Edge-Cache-Status
X-Cache-Id
X-Cdn-Origin
Req-Svc-Chain
X-Storefront-Renderer-Rendered
X-SVT-ORM-RULES
X-Test
X-SVT-ORM-VERSION
X-Thanos
X-Auto-Login
X-Varnish-Remaining-TTL
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-VG-TLSProxy
X-Varnishpool
TDXMobile
X-VServer
X-App-Name
X-Vmg-Version
X-ApacheServer
X-Sorting-Hat-ShopId
X-Varnish-CookieINHashed-On
X-Alternate-Cache-Key
X-Variation
X-Clientip
X-INCAP-ABP
ServedBy
X-Level-Front-Cache
X-Hash
X-Gzip
X-Generated-On
X-Geo-Header
X-Qloud-Router
X-Loc
X-Mid
X-Org
X-PERF
X-Owner
X-Old-Content-Length
X-Node-Id
X-Platform
X-Nitro-Cache
X-Forwarded-Site
X-Fmm-Version
X-Core-Value
X-Shopify-Stage
X-DefElseHash
X-Core-Mission
X-Sn-Servicetimems
X-Clara-WADP
Release
X-CMSURLCustom
X-DefHash
X-ShopId
X-Epic-Correlation-Id
X-Esi-Check
X-S-Maxage
X-Server-IP
X-Ec-Custom-Error
X-ShardId
X-DPWN-IS-SECURE
X-Sorting-Hat-PodId
X-Varnish-CookieHashed-On
Gannett-Cam-Experience-Id
Origin
Memcached
Adler-Geo
Environment
X-WADP-Cache
AKAMAI
Cmstype
Expect-Staple
X-We-Are-Hiring
Datacenter
X-App
Host-ID
Is-Eu
Producers
Platform
L
Cmsid
Machine
User-Cache-Control
X-Dispatcher-Server
X-PAYTM-SRV-ID
X-Hnp-Log
NM-Fastcgi-Cache
DSUID
X-Akamai-Device-Characteristics
X-Human
X-Device-Os
X-Cdn-Srv
CloudFront-Viewer-Country
X-GeoIP
X-Gen-Mode
CDCHOST
X-From
AMP-Access-Control-Allow-Source-Origin
X-Block-Status
X-TIM-N
X-Proxy-Cache-Status
X-Request-Time
X-Scale
Country-Code
Apple-News-Services-Request-Url
X-Mly-Id
Apple-News-Services-Handled
Apple-News-Services-Host
X-Mvc-Supplant-OutputCached
X-Nananana
X-NodeID
Sever-Int
X-WA-Info
X-Nginx-Cache-Key
Apple-News-Services-Parsed-Url
X-Origin-Response-Time
Esi-Enabled
X-Origin
Server-Ext
Server-Hostname
X-Pool
X-Vcl-Version
X-Tx-Id
X-Op-Id-All
Server-Info
X-Cache-Enabled
Origin-CC
WP-Super-Cache
X-Cs
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-LB-NoCache
X-Instance-Name
X-Presslabs-Stats
Pics-Label
X-NCache
Origin-EX
X-Refresh
X-Air-Source
X-Air-Hostname
X-Correlation-ID
X-Air-Trace-Id
Time
Ssr
Server-ID
X-Cache-Status-Check
Memory
X-Web-Node
X-Amz-Meta-Cb-Modifiedtime
C-Via
X-TIME
X-HA-Backend
X-Azure-Ref-OriginShield
X-ZONE
Hostname
X-API-Version
Cf-Device-Type
NGX
X-Dc
X-Tb-Optimization-Total-Bytes-Saved
X-Platform-Cluster
X-Platform-Processor
X-Microcachable
Cache-Host
X-Origin-Expires
X-Platform-Router
GeoIP-Latitude
Origin-Agent-Cluster
X-VHOST
XM
X-CACHE-GROUP
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Locale
Cdn-Requestid
X-Site-Version
X-VarnishDD-TTL
X-HN
PFcat
X-Wp-Cf-Super-Cache-Active
X-Ad-Defer-Variation
Resin-Trace
X-Micro-Cache
X-Vgn-Hpd-Reason
X-DC
X-Fpc
Edge-Copy-Time
X-Webkit-Csp-Report-Only
X-Via-SSL
X-Internal-Host
YJS-ID
X-Via-Edge
Locid
Srvid
X-Via-CDN
X-FL-EDGE
X-FL-QIT-DEBUG
A
X-TraceId
X-B3-Spanid
Sid
X-WP-CF-Super-Cache-Active
X-Zone
X-AB
X-Pod-Name
X-Contensis-Viewer-Groups
X-Github-Request-Id
X-Upstream-Ct
X-FireWall-Port
X-Upstream-Ht
X-Cached-By
X-Cache-ASPX
X-ATG-Version
X-LiteSpeed-Cache-Control
Location
X-Buckets
X-Moov-Xdn-Version
X-Moov-T
Uri
True-Client-Ip
Cache-Key
User-Agent
X-DataCenter
X-B3-Parentspanid
X-Geo-Region
X-Varnish-Authentication
X-Backend-Instance
X-SIPLIST1
X-Info
IsBot
X-NGINX-Cache
X-FTR-Request-ID
GeoIP-Country-Code
X-VCache
X-Accel-Version
X-LiteSpeed-Tag
X-Planisys-CDN-Cache
X-Datacenter
X-Nitro-Cache-From
X-Nitro-Rev
GeoIp-Country-Code
X-HS-Content-Campaign-Id
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Platform-Server
State
CF-Ctrl
X-Geo
X-Provided-By
X-Is-Mobile
X-Is-Desktop
X-Browser-Name
Lb
X-Is-Supported-Browser
X-Is-Tablet
X-Tcp-Rtt
NtCoent-Length
X-Fastly-Cache
X-Release
X-MSEdge-Flight
X-VC
X-MSEdge-Features
SID
X-Cache-Remote
X-Sigma-Backend
X-CS
X-Sigma
X-Rocket-Build-Number
Cdn
XServer
X-RN-RSRV
X-NewRelic-App-Data
X-CSRF-TOKEN
X-HostName
Tcn
Epwk-X-Cache
X-Vgn-Hpd-Ssi
True-Client-IP
X-Vgn-Hpd-Variations-Key
X-Vgn-Hpd-Cached
Path
Cache
X-Hyper-Cache
X-Api-Version
Fastly-Drupal-Html
X-GeoIP-City
X-SRV
X-Generated-In
X-TRACE-ID
X-HS-Status
X-Scheme
X-Gamma-Serve
X-FPC
X-Service
X-CLOUD-TRACE-CONTEXT
X-Webstats-RespID
X-Frame-Option
Cf-Ipcountry
X-CACHE-KEY
X-GoCache-CacheStatus
Ohc-File-Size
Cache-Tv-Group
Serverid
X-Rebelmouse-Surrogate-Control
X-APP-VERSION
CountryCode
X-UA
X-Rebelmouse-Cache-Control
Cdnsip
X-Air-Pt
X-Wp-Cf-Super-Cache-Cache-Control
X-AK-Request-ID
Kp-EeAlive
X-Pad
X-Wp-Cf-Super-Cache
Cdncip
X-EC-Lua
X-Esi
X-Amz-Meta-Opti
X-Guploader-Uploadid
Srv
Cdn-Host
X-Branch-Name
HostName
X-Mobile-URL
X-Vercel-Cache
WebServer
X-Traceid
X-Edge-Server
X-Vercel-Id
Cdn-Request-Time
X-Cache-Ttl
X-Location
X-Origin-Cache-Key
X-Wp-Cf-Super-Cache-Cookies-Bypass
Env
X-Cache-Tags
WZWS-RAY
Ohc-Cache-HIT
XkeyRZ
X-Country-Code-Real
X-Men
X-Cdn-Cache-Status
M-TraceId
Proxy-Connection
Req-ID
X-Vc
X-Developers
X-NMSegId
CacheControlHeader
X-Proxy-CacheRZ
X-FTR-Balancer
Geoip-Latitude
Yak-Timeinfo
X-Aicache-OS
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-Backend
X-Region-Sid
On-Server
X-TX-ID
X-VCL-Version
CDN
X-Cdn-Request-ID
Click-Count-Action-Start
Click-Count-Error
Cluster
X-Ad-Load-Variation
X-Akamai-Pragma-Client-IP
LB
X-NWS-UUID-VERIFY
RNT-Time
Tube-Get-Contents
RNT-Machine
X-Wa
X-Edge-Pop
Mime-Version
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Eval
X-Via-Popv
X-Via-Popn
X-CDN-Cache-Status
X-Servedbyhost
X-SB
X-Cdn-Forward
X-Req
X-LB-ID
X-B3-Trace-ID
X-V-Cache
Tube-Return
V-Age
X-Cache-FS-Status
Tube-Got-Results
X-Minions-Version
Ngx
X-Nc
X-Via-Poph
X-Lb-Cache
X-TT-LOGID
WWW-Authenticate
X-M-Reqid
X-M-Log
X-Ha-Backend
Server-Id
X-Fastly-Country-Code
ENV
Content-Style-Type
CF-Cached-On
X-WP-CF-Super-Cache-Cookies-Bypass
X-Scope-Id
Content-Script-Type
X-Request-Start
Pramga
X-Lb-Nocache
X-Varnish-Beresp-Status
X-Request-URI
X-User
X-Qnm-Cache
X-Shield-Cache-Expires
X-Tim-N
X-Acquia-Purge-Tags
X-IN-APIGATEWAYSSL
X-Acquia-Application-Trace
X-MiniProfiler-Ids
PICS-Label
X-Check-Cacheable
X-Dw-Trace-Id
X-Acquia-Application-UUID
X-IN-APIGATEWAY
X-Snapshot-Date
X-Acquia-Site
X-Edge-POP
X-Via-Ucdn
Yjs-Id
X-Iauth-Set-Uid
Inserted-Into-Cache-At
X-Fastly-Cache-Hits
X-Fastly-Backend-Reqs
CACHE-MISS-TO-ORIGIN
X-ElasticPress-Query
X-TH-Server
X-Miniprofiler-Ids
X-APP
X-RAMCache
Log-Origin
Cneonction
Vha6-Origin
X-Cached-Since
X-Litespeed-Cache-Control
X-Ckpd-Fst-Backend
X-Processor