Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
X-XSS-Protection
Accept-Ranges
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Xss-Protection
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
X-DNS-Prefetch-Control
Accept-CH
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-Check
X-AspNet-Version
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Request-ID
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
Permissions-Policy
Host-Header
X-Via
EagleId
Keep-Alive
X-Cache-Group
Request-Context
X-Robots-Tag
X-Backend
X-UA-Device
X-AH-Environment
X-Hacker
X-Proxy-Cache
X-Server
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Cf-Apo-Via
X-Vhost
X-Amz-Version-Id
Xkey
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
Grace
X-Server-Powered-By
Ali-Swift-Global-Savetime
Allow
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
EagleEye-TraceId
X-WebKit-CSP
X-Host
X-Backend-Server
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Cf-Railgun
X-Server-Id
Accept-Ch-Lifetime
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-Ruxit-JS-Agent
X-Litespeed-Cache
X-HW
X-Node
Request-Id
X-Dns-Prefetch-Control
X-Country
X-Nginx-Cache-Status
Content-Location
X-Application-Context
X-Cloud-Trace-Context
X-Nginx-Upstream-Cache-Status
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Url
X-Trace
Cache-Tag
X-Clacks-Overhead
X-Amz-Server-Side-Encryption
Rating
X-Times
X-PC
X-TtlSet
X-Vname
X-Rack-Cache
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Server-Name
X-Daa-Tunnel
Accept-Ch
Nginx-Cache
AR-ATIME
AR-SID
AR-PoweredBy
X-ESI
AR-Request-ID
X-Cache-TTL
X-Powered-By-Plesk
X-Cnection
X-D2id
X-Ac
X-GitHub-Request-Id
X-Element-Page-Cache
X-Cdn-Fetch
X-Kinja
Edge-Control
Verso
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-CST
X-FTR-Request-ID
AR-CACHE
X-MS-InvokeApp
X-Ser
X-Abt-Application-Version
X-Vcap-Request-Id
X-Dw-Request-Base-Id
X-Navigation-Version
Fastly-Restarts
X-Upstream
X-Webkit-Csp
X-B3-TraceId
X-ECACHE
SPIisLatency
SPRequestDuration
X-FastCGI-Cache
X-Mod-Pagespeed
X-Amz-Rid
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-ARC
X-Client-IP
X-Goog-Hash
SPRequestGuid
X-SharePointHealthScore
X-Kinsta-Cache
X-Edge-Location-Klb
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Powered-CMS
X-Oneagent-Js-Injection
X-Ratelimit-Limit
X-Mg-S
X-Amzn-Trace-Id
Edge-Cache-Tag
Cache-Status
S
X-Version
Access-Control-Request-Method
X-Middleton-Response
Response
X-VARITI-CCR
X-Forwarded-For
RTSS
Realpath
X-Cache-Key
X-T
X-Ratelimit-Remaining
Cross-Origin-Resource-Policy
X-TTL
X-NF-Request-ID
Fastcgi-Cache
X-Content-Digest
X-Cached
X-Recruiting
X-Correlation-Id
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Shield-Request-Id
X-Fastly-Request-ID
MicrosoftSharePointTeamServices
X-TraceId
Front-End-Https
X-RateLimit-Remaining
X-PressLabs-Stats
X-SRCache-Store-Status
X-Ruxit-Js-Agent
X-SRCache-Fetch-Status
X-Request-Processing-Time
X-Request-Received
X-Forwarded-Proto
X-Ua-Browser
Public-Key-Pins
Arr-Disable-Session-Affinity
X-HS-Cache-Config
TP-Cache
X-HS-Content-Id
X-LLID
X-HS-Hub-Id
Payment
Count-Hit
X-Frontend
Server-Node
X-Protected-By
Surrogate-Key
X-Newrelic-App-Data
X-GUploader-UploadID
X-LB-Cache
X-Server-ID
X-Varnish-TTL
MS-Author-Via
X-Accel-Expires
X-HS-Combine-CSS
Content-MD5
X-Distributor
X-NODE
X-Origin-Server
X-Ezoic-Cdn
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Content-Security-Policy-Report-Only
X-ORACLE-DMS-ECID
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
Accept-Charset
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
Mrf-Cache-Status
X-Activity-Id
X-App-Server
X-Az
X-B3-TraceId-Primal
MRF-Tech
X-AppVersion
X-Ua-Device
X-Amz-Meta-S3cmd-Attrs
Host
Cleartype
X-Cluster-Name
X-Varnish-Server
Retry-After
X-Varnish-Backend
Cache-Tags
X-Goog-Metageneration
Filterid
X-Ttl
X-Unique-Id
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Debug
X-Country-Code-Real
X-Hits
X-Git-Hash
Access-Control-Allow-Method
X-Logged-In
X-Aspnet-Version
X-FTR-Expires
Server-Name
X-Load-Cache
X-Varnish-Ttl
X-Upgrade-Enabled
X-Id
X-FB-Debug
X-Hostname
TCN
X-Azure-Ref
X-Envoy-Decorator-Operation
X-NGENIX-Cache
X-CSRF-Token
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Geo-Country
X-Proxy
X-TT
X-B
X-Tt-Trace-Host
Section-Io-Cache
X-Tt-Trace-Tag
Viewport
DC
X-Grace
X-Cache-Control
X-Revision
X-Seen-By
X-Request-Guid
X-Ratelimit-Reset
X-Nf-Request-Id
X-Trace-Id
X-Contextid
X-Fb-Rlafr
Healthy
X-Type
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-B3-Sampled
X-Goog-Stored-Content-Encoding
TP-L2-Cache
X-Goog-Generation
Fastly-SIE
Fastly-SWR
Content-Disposition
X-Time
X-F-Cache
X-XRDS-LOCATION
X-N
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Mobile
X-Hcs-Proxy-Type
Paypal-Debug-Id
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Grace
X-Magnolia-Registration
X-Amz-Replication-Status
Referer-Policy
X-Via-JSL
X-Webkit-CSP
X-Origin-Cache
X-Ismobilevalue
X-Wormhole-Sdk
X-Debug-Info
X-DIS-Request-ID
X-Page-Id
X-Oracle-Dms-Ecid
Pinterest-Version
Version
Pinterest-Generated-By
X-Pinterest-Rid
X-UUID
X-Rid
X-ProcessESI
X-RemovedCookies
X-G
X-Content-Options
X-Source
X-Rule
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Datadog-Parent-Id
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Template
X-App-Environment
X-Debug-IsPreview
X-Px
X-Node-Name
X-Adobe-Content
X-Debug-IsConnected
X-Hl-Ver
X-RTag
VIX-Pulpo-Upstream-Status
Cross-Origin-Window-Policy
SD-X-WS
X-Yottaa-Optimizations
X-Yottaa-Metrics
NGB
VIX-Pulpo-Node
X-Datadog-Sampled
Ms-Operation-Id
MS-CV
X-Storage
X-NYM-Debug-Backend
X-Is-Bot
X-Wix-Request-Id
X-Instance
X-User-Agent
X-Cacheable-TTL
X-Region
X-Backend-Name
X-Proxy-Cache-Info
X-Rendered-As
Country
X-Device-Type
X-FW-Version
X-L-Path
X-ServerID
X-Status
X-FW-Type
X-FW-Static
X-Environment-Context
X-FW-Hash
X-FW-Serve
X-FW-Server
GEO-INFO
X-FW-Dynamic
X-Whom
X-B-Cache
X-Cache-Age
X-Signature
X-RM-Cache-TTL
Countrycode
Front
X-Fastly-Request-Id
X-IPS-LoggedIn
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
ServerID
Akamai-GRN
Charset
X-EdgeConnect-Cache-Status
X-Framework
X-WP-CF-Super-Cache-Active
X-Real-IP
X-AB
SRV
X-Cache-Grace
X-ECache
X-Api-Version
X-WebKit-CSP-Report-Only
X-Language
X-Air-Pt
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-Akamai-Request-ID2
X-B3-SpanId
X-Content-Powered-By
X-Oracle-Dms-Rid
X-Cache-Hit
Accept-Language
X-VC
X-Air-Trace-Id
X-Air-Source
OT-Force-Account-Verify
X-Air-Hostname
X-DataDome
X-UA
X-URL
X-Mode
X-Servername
X-Xrds-Location
Access-Control-Request-Headers
X-Sucuri-Cache
X-Sucuri-ID
X-Cache-Status-Check
Xet-Cookie
LB
From-Origin
Webserver
Backend
X-HTML-Minification-Powered-By
X-VC-Cache
X-Tt-Logid
Refresh
X-CLOUD-TRACE-CONTEXT
X-Mg-Request-UUID
X-Nginx-Cache
X-Handled-By
X-SaId
X-SRV
Filters
X-Vcl-Version
X-Rn-Rsrv
X-Rewrite-Enabled
Meta-Geo
X-JoinUs
Upgrade-Insecure-Requests
X-UPSTREAM-Address
X-PHP-Host
X-Request-URI
X-S
X-Cms-Context
X-Cache-Time
X-Adobe-Source
X-Vcache
X-Varnish-Age
X-Labrador-Cache-Channel
X-RCS-CacheZone
X-Tumblr-Pixel-2
X-Origin-Date
X-Hosted-By
X-Provided-By
X-Generated-By
X-R9-Blue-Green-Version
X-Cache-Host
X-Origin-Hint
X-BYPASS-REASON
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-Country
X-Browser-Name
X-Served-From
Webcakes-App-Version
X-Scope-Id
TWC-Locale-Group
X-Cache-Debug
TWC-GeoIP-LatLong
X-Geo-Region
Webcakes-Region
X-Accel-Version
X-Reqid
X-Restarts
X-Alternate-Cache-Key
X-Lambda-Id
X-Redis-Cache
X-Fetched-On
X-ProxyCache-Key
X-ProxyCache-Status
X-Akamai-Edgescape
X-Locale
Atl-Traceid
ServedBy
TWC-Connection-Speed
TWC-Device-Class
Section-Io-Id
Property-Id
Apigw-Requestid
X-Httpd
X-Is-Tablet
Onion-Location
X-Is-Supported-Browser
X-No-Session
X-Site-Version
X-Tcp-Rtt
X-Storefront-Renderer-Rendered
X-Tncms
X-Logging-Id
X-Is-Desktop
X-Webstats-RespID
X-Shopify-Stage
X-Skip-Cache
X-RateLimit-Limit
X-Loop
Xserver
X-Is-Mobile
Mn-Server-Ip
X-Forwarded-Host
X-VCT
X-Varnish-Cache-Hits
X-Format
X-Proxy-Build
X-Director
X-Varnish-Beresp-Grace
Web-Mar-Node
X-Upstream-Ht
X-Upstream-Ct
X-Soup
Url
X-Cluster
Selected-Fe
X-Detected-As
X-Tb
X-Container-Uri
X-Timing-Wait
X-Frame-Option
X-Origin
X-Xfnlog-Site
X-Web-Node
X-IPLB-Request-ID
X-Say-Cacheable
X-Say-TTL
X-Git-Commit
X-SayCDN-TTL
Cache
Expiry
X-IPLB-Instance
X-Connection-Hash
X-Cloudmap
X-Zipkin-Id
X-Optimistic-Header
X-Sorting-Hat-ShopId
X-RID
X-LJ-Flow-ID
X-AWS-Id
X-Routing-Service
X-VWS-Id
X-Proxied
X-Extlb
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Cache-Expired-At
X-Cache-Operation
X-Cache-Rule
X-Ms-Request-Id
X-Ms-Version
X-Edge-Location
X-Endurance-Cache-Level
Priority
X-Lagoon
X-INCAP-ABP
CF-IPCountry
Frame-Options
X-WP-CF-Super-Cache-Cookies-Bypass
Cdn-Requestid
Source
Environment
WPO-Cache-Status
WPO-Cache-Message
X-GeoCountry
Fastcgi-Useragent
X-GeoCode
Protected
X-Proxy-Cache-Status
X-Cache-Action
X-Fastcgi-Cache
Uber-Trace-Id
X-CDN-Forward
X-Origin-CC
X-Thinkindot-L3
X-Cluster-Node
X-Generation-Time
Thinkindot-CacheControl
X-Azure-Ref-OriginShield
X-PHP-Backend
X-Shield-Cache-Expires
X-Origin-TTL
X-CMSURLCustom
Thinkindot-CacheControl-Type
Thinkindot-Control
TDXMobile
X-Drupal-Cache-Tags
X-Cdn-Origin
X-Drupal-Cache-Contexts
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Pass-Why
X-ID
Sid
X-Aws-Lambda-Call-Status
X-Worker
X-Rocket-Nginx-Serving-Static
X-Aspnetmvc-Version
X-App-Version
Cache-Tv-Group
X-GEO
X-Buckets
X-FB-TRIP-ID
X-XRDS-Location
X-Auth-Group-Type
AMP-Access-Control-Allow-Source-Origin
Azure-InstanceId
Azure-Version
Azure-RegionName
Azure-SlotName
Azure-SiteName
Node
CDN-Uid
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
CDN-RequestPullSuccess
CDN-CachedAt
CDN-Cache
CDN-RequestPullCode
X-B3-Traceid
X-Vercel-Id
X-Vercel-Cache
X-Server-W
X-Pad
Cache-Hits
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-3
Alternate-Protocol
X-LiteSpeed-Cache-Control
X-A
X-LSADC-Cache
X-Client-Ip
X-Dc
X-Gzip
Content-Secure-Policy
X-Bc-Bl
X-Org
X-Service
X-BCube-Filmed-By
X-Ig-Push-State
X-A-Wwc
X-Aed
X-ND-Cache
DCR-Processing-Time-Ms
X-A-Dgt
DCR-Decision-By
X-Ig-Origin-Region
X-Level-Front-Cache
DB-Nickname
X-A-Dcw
X-Cache-NE
X-DefHash
A
X-Developer
X-Dispatcher-Server
Candidate-Md5Url
X-DefElseHash
X-D
X-Conf
X-Content-Age
X-Core-Value
X-Custom-Header
X-Ec-Fail
X-Ec-GeoHdr
Cdn-Request-Time
X-Cache-Id
X-Generated-On
X-GeoIP-City
Cdn-Host
X-Origin-Expires
X-Edge-Server
X-Epic-Correlation-Id
X-Esi-Check
X-Fastly-Backend
X-Bl-Debug
X-A-Ccd
X-TIM-N
Sslversion
X-V-Cache
X-Varnish-CookieHashed-On
Meta-Geo-Continent
MD5-Digest
T-Server
Magicmarker
X-SRCache-Key
X-A-Dam
X-Varnish-CookieINHashed-On
Ngx.Var.Host
X-Vtex-Remote-Cache
Origin-Agent-Cluster
Rendered-Blocks
X-Cache-Server
X-Viewer-Country
X-Via-Fastly
X-Varnish-Remaining-TTL
Server-Info
X-Vdms-Version
Odigeo-Trace-Id
X-ScT
Surrogated-Key
Gannett-Cam-Experience-Id
X-Req
X-Rojux
Lang
User-Cache-Control
Mime-Version
X-TA-CDN-Provider
Wxu-Next-Commit
X-Aicache-OS
Server-Host
RNT-Time
Wxu-Next-Hostname
X-Acquia-Purge-Cdn-Unconfigured
Producers
X-CacheTTL
Wxu-Next-Region
Req-ID
X-Cache-TTL-Remaining
RNT-Machine
X-Amz-Storage-Class
X-Block-Status
X-Cache-Bucket
X-Cache-FS-Status
X-Backend-Instance
Tube-Get-Contents
True-Client-Country-4JS
X-Bip
Tube-Got-Eval
Ssr
X-App-Name
V-Age
Tube-Return
X-B3-Trace-ID
Tube-Got-Results
X-Cache-Info
Vix-Hermes-Req-Id
X-GeoIP-Country-Code
X-Request-Time
X-Region-Sid
X-SB
X-Scheme
X-Server-IP
X-SD-PageType
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform
X-PAYTM-SRV-ID
X-Policy
X-Powered-By-VTEX-Cache
X-Pubstack
X-Proto
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VTEX-Cache-Time
X-VTEX-Cache-Server
X-Wikidot-Backend
X-Wikidot-Static-Cache
BehaviorPad-Version
XM
X-VG-WebCache
X-VG-TLSProxy
X-Thanos
X-Test
X-UA-Device-Type
X-Varnish-Director
X-VarnishDD-TTL
X-Origin-Time
X-Origin-Response-Time
X-Geo-Header
X-Gen-Mode
X-GeoIP
Platform
X-GoCache-CacheStatus
X-GeoIP-Region-Code
X-Gdpr
X-Forwarded-Site
X-DPWN-IS-SECURE
X-Debug-Cache-Store
X-Fastly-Cache
X-FC-Vary-Parameters
X-Fmm-Version
X-HN
X-Hnp-Log
X-NMSegId
X-Mvc-Supplant-OutputCached
X-Node-Id
X-NodeID
X-Op-Id-All
X-Nyt-Route
X-Mvc-Supplant-Cachable
X-Mly-Id
X-Jobs
X-HS-Content-Campaign-Id
X-Loc
X-Men
X-Micro-Cache
X-Clientip
X-Debug-Cache-Fetch
Is-Eu
Adler-Geo
AKAMAI
Content-Script-Type
NM-Fastcgi-Cache
Edge-Cache
X-Tx-Id
Host-ID
Esi-Enabled
Cache-Provider
Fastly-Backend-Name
PFcat
Content-Style-Type
Fastly-SSL
Click-Count-Error
Country-Code
Click-Count-Action-Start
X-Tec-Api-Root
X-DC
X-Tec-Api-Version
X-Varnish-Beresp-Ttl
X-Tec-Api-Origin
X-HITS
X-CUA
Apple-News-Services-Host
X-Csrf-Jwt
Apple-News-Services-Request-Url
CDCHOST
Cdncip
Cdnsip
Cluster
Canary
X-Cdn-Srv
Apple-News-Services-Handled
C-Via
Cache-Key
X-CGP
Apple-News-Services-Parsed-Url
X-Hash
X-Var-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-Sn-Servicetimems
X-Slack-Shared-Secret-Outcome
X-Varnish-Beresp-Status
X-Varnish-Hostname
Yak-Timeinfo
X-We-Are-Hiring
HostName
X-Varnishpool
X-Slack-Backend
X-Section
X-Human
X-Eu-Site
X-Ec-Custom-Error
X-Cs
X-Location
X-Nginx-Cache-Key
X-Request-Start
X-Proxied-Request
X-Pool
X-Date
X-Request-Host
Web-Mar-Region
Server-Ext
X-AK-Request-ID
Gh-Request-Id
X-BBC-Edge-Cache-Status
Proxy-Firewall
DSUID
On-Server
Fastly-GeoIP-CountryCode
Powered-By
Pramga
X-Accel-Expires-Debug
X-Access
Req-Svc-Chain
Server-Hostname
L
L5d-Success-Class
X-Auto-Login
HA-Ipaddr
Ha-Gx-Prefs
Machine
Mail-Subject
Sever-Int
We-Hiring
NGX
W
Release
Origin
X-NGINX-Cache
X-Varnish-Authentication
Origin-EX
X-Cache-Aspx
X-Depends
Origin-CC
X-Contensis-Viewer-Groups
Debug
X-Newrelic-Synthetics
X-Ad-Load-Variation
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Content-Source
X-MP-GENERATED-AT
X-Varnish-Hits
Redirect-Candidate
X-WA-Info
X-AIR-PT
X-LB-ID
Fusion-Component-Id
X-APP
X-Device-Os
X-HA-Backend
X-Via-Popn
X-Via-Popv
X-Via-Poph
X-Content-Length
X-LiteSpeed-Tag
X-Zone
Pics-Label
X-VHOST
CloudFront-Viewer-Country
GeoIP-Latitude
Vc-Max-Age
X-CACHE-AGE
SID
Fastly-Drupal-HTML
X-Nananana
X-From
X-Up
X-Refresh
CDN-RequestId
X-Dispatcher-Number
X-NCache
Fastly-Drupal-Html
X-Parent-Response-Time
X-B3-Parentspanid
X-Servedbyhost
X-Akamai-Transformed
X-Cache-Backend
X-LB-NoCache
Product
X-Jungle-Id
X-CDN-Cache-Status
X-Datadome
X-Nc
X-RateLimit-Reset
X-ZONE
X-CACHE-KEY
X-RequestId
X-Vdms-Path
X-DynaTrace-JS-Agent
X-Litespeed-Tag
Resin-Trace
X-Cached-By
S-Rt
Server-ID
X-Ckpd-Fst-Backend
GeoIp-Country-Code
X-Wa
X-Uri
X-Bug-Bounty
X-B3-Spanid
WP-Super-Cache
X-Render-Time
X-CS
X-Amz-Meta-Cb-Modifiedtime
X-M-Log
X-VC-TTL
Cdn
ServerName
X-M-Reqid
Datacenter
X-PERF
X-ApacheServer
X-IAuth-Set-Uid
X-HubSpot-Correlation-Id
X-TX-ID
NtCoent-Length
FSS-Cache
Uri
X-Varnish-Beresp-TTL
X-Fpc
True-Client-Ip
X-SERVER-NAME
X-Srv
X-Vmg-Version
ServerHost
X-Nf-Language
Locid
Srv
Serverhost
X-Nf-Country
X-Nf-Ats-Version
True-Client-IP
X-Akamai-Device-Characteristics
User-Agent
X-Cdn-Forward
X-TT-LOGID
X-Gamma-Serve
X-Info
X-TIME
X-Origin-Cache-Key
X-NewRelic-App-Data
X-FPC
Xc-Version
X-WA
GeoIP-Country-Code
CDN
X-Dynatrace-Js-Agent
X-Hit
X-APP-VERSION
Request-ID
X-Old-Content-Length
X-Cdn-Cache-Status
X-VCache
X-Vc
CacheControlHeader
Expect-Staple
X-HostName
X-V
X-Amz-Meta-Opti
X-NC
Tcn
Server-Id
Ngx-Var-Key
Hostname
X-COUNTRY
X-Geo
X-FL-QIT-DEBUG
Srvid
Cneonction
X-Response-Served-From
X-Moov-T
X-Moov-Xdn-Version
X-Original-Request-Id
X-Webkit-Csp-Report-Only
X-Vgn-Hpd-Reason
X-Presslabs-Stats
N-Cache
X-Eligible
X-Rollout
X-Platform-Server
X-New
WZWS-RAY
X-Lb-Nocache
X-Esi
X-TH-Server
Origin-Trial
X-Dispatch
XkeyRZ
Geoip-Latitude
PICS-Label
Permission-Policy
X-ServedByHost
Cloudfront-Viewer-Country
X-Limited
X-Proxy-CacheRZ
X-Oracle-DMS-ECID
X-VCL-Version
Cf-Ipcountry
Ohc-File-Size
X-Via-PopV
X-Platform-Processor
X-Via-PopN
X-Platform-Cluster
X-Ha-Backend
X-Platform-Router
Cf-Device-Type
X-Via-PopH
X-ElasticPress-Query
X-Ftr-Request-Id
X-Correlation-ID
X-EC-Lua
X-User
Cl-Cache
X-B-Cookie
X-Path
Cross-Origin-Embedder-Policy-Report-Only
X-Akamai-Pragma-Client-IP
X-Application
X-Ua
X-Internal-TTL
X-Destination
X-S-Cookie
X-App
X-External-Request-Id
Rtss
X-Check-Cacheable
X-Sqd-Stime
X-Sqd-Ctime
X-Lb-Id
X-VTEX-Cache-Backend-Connect-Time
X-Serial
X-VTEX-Cache-Backend-Header-Time
X-SIPLIST1
X-Zen-Fury
IsBot
Lb
X-Cambria-Cache-Control
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Ohc-Cache-HIT
Edge-Copy-Time
Timeexpire
X-Cache-Date
Cmstype
Cmsid
X-Service-Response-Time
X-Sigma
X-MiniProfiler-Ids
X-Sigma-Backend
Sm-Log-Id
Epwk-X-Cache
X-Rocket-Build-Number
X-MSEdge-Features
X-Instance-Name
X-Irp-Debug
X-Web-Server
X-DynaTrace
X-Acquia-Purge-Tags
X-Acquia-Site
X-Via-Edge
X-Via-CDN
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Cdn-Request-ID
Pragrma
X-Via-SSL
X-MSEdge-Flight
Servername
X-Litespeed-Cache-Control
X-LAGOON
CountryCode
X-CSRF-TOKEN
Xkeylog
Xkey-La3
X-Proxy-Cache-La3
Fl-Custom-Application
X-Fastly-Cache-Hits
Akamai-Mon-Iucid-Del
Trailer
X-AB-Test
X-Dw-Trace-Id
Warning
Ngx
X-Datacenter
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-RAMCache
X-Snapshot-Date
X-VServer
X-Segment-20210421
X-Th-Server
X-Ramcache
X-Udemy-Cache-App-Namespace
X-API-Version
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Wpo-Cache-Message
Wpo-Cache-Status
X-Shopid
X-Shardid
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Branch-Name
X-Origin-Upstream-Status
X-Fastly-Backend-Reqs