Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Ua-Compatible
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
Permissions-Policy
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
Allow
X-Dispatcher
Cf-Apo-Via
X-Swift-SaveTime
X-Swift-CacheTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Application-Context
X-Node
X-Nginx-Cache-Status
P3p
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
X-CST
X-Country
X-Litespeed-Cache
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Url
X-Clacks-Overhead
Cache-Tag
X-Trace
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Server-Name
X-Times
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Daa-Tunnel
X-Oneagent-Js-Injection
Cross-Origin-Opener-Policy
X-Webkit-Csp
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ECACHE
X-Upstream
X-GitHub-Request-Id
X-D2id
Edge-Control
X-MS-InvokeApp
X-Element-Page-Cache
X-Ac
Verso
X-ESI
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Kinja-Server
AR-SID
AR-ATIME
AR-Request-ID
AR-PoweredBy
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
X-Cache-TTL
X-Navigation-Version
X-Abt-Application-Version
X-B3-TraceId
X-Aws-Lambda-Call-Status
AR-CACHE
SPRequestDuration
X-Mod-Pagespeed
SPIisLatency
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-Client-IP
X-Erf-Bev-Bev
X-Instrumentation
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Middleton-Display
Display
X-Sol
Pagespeed
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
Response
X-Middleton-Response
X-RateLimit-Remaining
Cache-Status
X-Amzn-Trace-Id
X-Goog-Hash
X-Cache-Key
Access-Control-Request-Method
X-VARITI-CCR
X-Version
X-Fastly-Request-ID
X-ARC
RTSS
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-T
Realpath
X-Varnish-TTL
X-Correlation-Id
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Ratelimit-Limit
X-Cached
X-PDP-UNCACHING-HASH
Content-MD5
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Ua-Browser
Server-Node
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Protected-By
Payment
Public-Key-Pins
X-Shield-Request-Id
X-Request-Processing-Time
X-Request-Received
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-HS-Combine-CSS
X-LLID
X-TTL
TP-Cache
X-Frontend
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ttl
X-Distributor
X-HP-Webp
X-HP-Trace-Id
X-Jurisdiction
X-FTR-Expires
X-Server-ID
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-DMS-RID
X-NODE
Count-Hit
X-GUploader-UploadID
X-Origin-Server
X-Ratelimit-Remaining
X-LB-Cache
X-Origin-Cache-Key
X-Ezoic-Cdn
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-Az
X-PressLabs-Stats
X-AppVersion
X-Activity-Id
Host
X-Ua-Device
Mrf-Cache-Status
X-Www-Served-By
MRF-Tech
X-B3-TraceId-Primal
X-Cluster-Name
X-Varnish-Backend
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Cache-Tags
X-Varnish-Server
X-App-Server
Retry-After
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
Server-Name
X-Hostname
Cleartype
X-Geo-Country
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Id
X-Newrelic-App-Data
X-Goog-Metageneration
Referer-Policy
X-CSRF-Token
X-ORACLE-DMS-ECID
X-DIS-Request-ID
X-Upgrade-Enabled
TP-L2-Cache
X-Git-Hash
X-Seen-By
Access-Control-Allow-Method
X-Azure-Ref
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Load-Cache
X-Hcs-Proxy-Type
X-Unique-Id
X-Tt-Trace-Host
X-RateLimit-Limit
X-F-Cache
X-Tt-Trace-Tag
X-Amzn-RequestId
X-Proxy
Filterid
X-Amz-Apigw-Id
Healthy
X-Trace-Id
X-Revision
X-Grace
X-Request-Guid
Section-Io-Cache
X-Px
X-XRDS-LOCATION
X-Cache-Control
TCN
X-TT
X-B3-Sampled
Paypal-Debug-Id
X-Debug-Info
DC
X-Contextid
X-B
X-Page-Id
X-Fb-Rlafr
X-FB-Debug
X-Type
X-Oracle-Dms-Ecid
X-Logged-In
X-Mobile
X-N
X-Debug
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Ttl
X-Oracle-Dms-Rid
X-Whom
X-Template
X-Goog-Stored-Content-Encoding
Fastly-SIE
Fastly-SWR
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Language
X-Goog-Generation
Charset
X-Time
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Webkit-CSP
X-Content-Options
X-Cache-Grace
Version
X-Via-JSL
Content-Disposition
X-Magnolia-Registration
X-Wix-Request-Id
X-Varnish-Grace
X-EdgeConnect-Cache-Status
X-App-Environment
X-B-Cache
X-Signature
X-Origin-Cache
X-Node-Name
X-ProcessESI
X-Rule
VIX-Pulpo-Node
X-B3-SpanId
X-RemovedCookies
SRV
VIX-Pulpo-Upstream-Status
X-Backend-Name
X-Debug-IsConnected
X-Datadog-Sampled
X-Debug-IsPreview
X-Yottaa-Optimizations
X-Hl-Ver
X-RateLimit-Reset
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Yottaa-Metrics
X-G
SD-X-WS
X-Amz-Replication-Status
X-UUID
MS-CV
X-Amzn-Remapped-Content-Length
Ms-Operation-Id
X-RTag
X-Storage
X-FW-Static
X-FW-Type
X-Adobe-Loc
X-FW-Version
X-FW-Hash
X-Instance
GEO-INFO
X-FW-Dynamic
ServerID
X-FW-Server
X-Adobe-Content
X-FW-Serve
X-Proxy-Cache-Info
X-Cache-Age
X-Device-Type
X-Cacheable-TTL
Countrycode
Country
X-User-Agent
Liferay-Portal
X-Rendered-As
X-NYM-Debug-Backend
NGB
X-Is-Bot
X-Status
X-IPS-LoggedIn
X-Region
X-Cache-Hit
X-L-Path
X-Environment-Context
X-NWS-UUID-VERIFY
X-Real-IP
Surrogate-Key
X-Source
X-ServerID
X-Rid
Akamai-GRN
X-Sucuri-Cache
X-Sucuri-ID
OT-Force-Account-Verify
X-WP-CF-Super-Cache-Active
X-Servername
Cross-Origin-Window-Policy
X-VC-Cache
From-Origin
X-WebKit-CSP-Report-Only
X-UA
X-RM-Cache-TTL
Upgrade-Insecure-Requests
Backend
X-Framework
Front
Amp-Access-Control-Allow-Source-Origin
X-INCAP-ABP
X-Mode
X-Xrds-Location
Refresh
X-AB
X-Wormhole-Sdk
X-Cache-Time
X-Content-Powered-By
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-Handled-By
X-HTML-Minification-Powered-By
X-Akamai-Request-ID2
Frame-Options
Xet-Cookie
X-Buckets
X-RID
X-Air-Pt
X-Edge-Location
Url
X-Endurance-Cache-Level
X-VC
X-Rewrite-Enabled
X-Timing-Wait
X-Cluster
X-Origin-CC
X-Origin-TTL
ServedBy
X-JoinUs
X-UPSTREAM-Address
Meta-Geo
X-Origin-Date
Webserver
X-SaId
X-Rn-Rsrv
Selected-Fe
X-Webstats-RespID
X-No-Session
X-Xfnlog-Site
Filters
X-RCS-CacheZone
X-Proxy-Build
X-Reqid
TWC-Connection-Speed
X-Labrador-Cache-Channel
TWC-Device-Class
X-Container-Uri
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Akamai-Edgescape
X-Git-Commit
TWC-GeoIP-LatLong
X-Drupal-Cache-Tags
X-AWS-Id
TWC-GeoIP-Country
X-VCT
Cache
X-R9-Blue-Green-Version
X-Served-From
X-Cache-Rule
X-Cache-Operation
X-Azure-Ref-OriginShield
WPO-Cache-Message
WPO-Cache-Status
X-Provided-By
X-PHP-Host
Property-Id
X-Origin
X-Logging-Id
X-VWS-Id
Cache-Hits
X-Origin-Hint
X-Tumblr-Pixel-2
X-LJ-Flow-ID
Atl-Traceid
Access-Control-Request-Headers
X-DataDome
X-Cache-Status-Check
X-SRV
X-Httpd
X-Locale
Mn-Server-Ip
X-Ms-Request-Id
X-Hosted-By
X-Proxied
X-Cloudmap
X-Routing-Service
X-Scope-Id
X-Redis-Cache
X-ProxyCache-Status
Section-Io-Id
X-ProxyCache-Key
X-Ms-Version
Thinkindot-CacheControl
X-Adobe-Source
X-Accel-Version
X-CMSURLCustom
X-BYPASS-REASON
X-Cms-Context
X-Cache-Debug
X-Drupal-Cache-Contexts
X-Extlb
Thinkindot-CacheControl-Type
X-Shield-Cache-Expires
Thinkindot-Control
X-Generation-Time
Web-Mar-Node
X-Fetched-On
TDXMobile
X-Restarts
X-Tb
X-Varnish-Cache-Hits
X-Web-Node
X-Zipkin-Id
X-Site-Version
X-Thinkindot-L3
Accept-Language
X-Upstream-Ct
X-Upstream-Ht
X-Is-Desktop
X-Is-Mobile
X-Lambda-Id
X-Is-Tablet
X-Is-Supported-Browser
X-Varnish-Age
X-Varnish-Beresp-Grace
X-Format
X-Director
X-Browser-Name
X-Forwarded-Host
X-Frame-Option
X-CDN-Forward
X-Geo-Region
X-Tcp-Rtt
X-Tncms
X-Skip-Cache
Apigw-Requestid
X-Say-TTL
X-Loop
X-Soup
X-S
X-Say-Cacheable
X-SayCDN-TTL
X-GeoCountry
X-Detected-As
X-Alternate-Cache-Key
X-ShardId
X-Shopify-Stage
X-GeoCode
X-ShopId
X-Nginx-Cache
X-IPLB-Instance
X-IPLB-Request-ID
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Cdn-Origin
X-Sorting-Hat-PodId
X-Cache-Host
Xserver
X-Generated-By
X-Vcache
X-Optimistic-Header
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-Worker
X-Vercel-Cache
Source
X-Vercel-Id
Azure-InstanceId
Azure-Version
X-B3-Traceid
Azure-SiteName
Azure-SlotName
Azure-RegionName
Node
X-Request-URI
X-WP-CF-Super-Cache-Cookies-Bypass
X-Ratelimit-Reset
X-TA-CDN-Provider
Fastcgi-Useragent
X-URL
X-Pass-Why
CDN-RequestPullCode
CDN-EdgeStorageId
AMP-Access-Control-Allow-Source-Origin
CDN-Cache
CDN-RequestPullSuccess
CDN-RequestId
Protected
CDN-PullZone
CDN-CachedAt
CDN-Uid
CDN-RequestCountryCode
Cross-Origin-Embedder-Policy
LB
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Vcl-Version
Expiry
X-App-Version
X-Connection-Hash
X-Tumblr-Pixel-3
X-GEO
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Onion-Location
X-XRDS-Location
X-Cache-Expired-At
Alternate-Protocol
X-Cache-Server
Priority
DB-Nickname
X-PHP-Backend
X-Api-Version
Sid
X-Jobs
X-Server-W
Environment
X-Fastly-Request-Id
Uber-Trace-Id
CF-IPCountry
X-Fastcgi-Cache
X-Proxy-Cache-Status
X-Cluster-Node
X-Cache-Action
HostName
User-Cache-Control
X-LSADC-Cache
X-Urbn-Context-Path
X-TT-LOGID
X-Uri
Locale
X-Urbn-Site-Id
X-Mg-Request-UUID
X-MP-GENERATED-AT
X-Response-Served-From
X-Original-Request-Id
X-AIR-PT
X-Esi-Check
Edge-Cache
DCR-Processing-Time-Ms
Fusion-Component-Id
X-Epic-Correlation-Id
Fusion-Source
Fusion-Deployment-Id
Gannett-Cam-Experience-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
DCR-Decision-By
Candidate-Md5Url
X-SRCache-Key
X-Hnp-Log
X-Gzip
X-Ig-Origin-Region
X-Jungle-Id
X-ScT
X-Level-Front-Cache
A
X-GeoIP-City
X-FC-Vary-Parameters
Content-Secure-Policy
X-Forwarded-Site
X-Gen-Mode
Cache-Tv-Group
X-Ec-GeoHdr
X-FB-TRIP-ID
Magicmarker
X-BCube-Filmed-By
X-Bc-Bl
Vix-Hermes-Req-Id
X-Bip
X-Bl-Debug
T-Server
X-Cache-Id
X-Block-Status
Wxu-Next-Commit
Wxu-Next-Hostname
X-A-Dgt
X-A-Wwc
X-Aed
X-A-Dcw
X-A-Dam
Wxu-Next-Region
X-A
X-A-Ccd
Surrogated-Key
Sslversion
X-Developer
Ngx.Var.Host
X-D
X-Device-Os
X-Dispatcher-Server
Lang
MD5-Digest
Meta-Geo-Continent
Origin
Origin-Agent-Cluster
Req-ID
X-Cache-NE
Server-Host
Rendered-Blocks
X-Clientip
X-Content-Age
X-Conf
X-Ec-Fail
X-Generated-On
X-Node-Id
X-Proto
X-Op-Id-All
X-Origin-Expires
X-VTEX-Cache-Time
X-Thanos
X-Pubstack
X-Viewer-Country
X-VTEX-Cache-Server
X-DC
X-Rojux
X-Powered-By-VTEX-Cache
X-Vdms-Version
X-Vdms-Path
X-Org
X-Varnish-Hostname
X-Policy
X-TIM-N
X-Mvc-Supplant-Cachable
X-UA-Device-Type
X-SB
X-NCache
X-Platform
X-Vtex-Remote-Cache
X-ND-Cache
X-Request-Start
X-Origin-Response-Time
X-NGINX-Cache
X-Tx-Id
Origin-EX
X-V-Cache
X-Core-Value
PFcat
X-Csrf-Jwt
X-CUA
Origin-CC
X-Debug-Cache-Store
X-WA-Info
X-LiteSpeed-Cache-Control
L5d-Success-Class
X-Scheme
Mail-Subject
Cdn-Requestid
NM-Fastcgi-Cache
X-Tt-Logid
Powered-By
X-Debug-Cache-Fetch
X-Cache-TTL-Remaining
X-ID
X-RateLimit-Limit-Second
X-Request-Time
X-Varnish-Director
W
We-Hiring
X-RateLimit-Remaining-Second
X-Region-Sid
X-App-Name
X-AK-Request-ID
X-Req
X-Auth-Group-Type
X-Backend-Instance
X-Auto-Login
X-VarnishDD-TTL
X-Varnishpool
X-VG-WebCache
X-Cdn-Srv
X-ECache
Release
X-Var-Ttl
X-CGP
Host-ID
Server-Ext
X-Cache-Bucket
X-Varnish-Beresp-Status
Ssr
Sever-Int
Server-Hostname
X-Cache-Info
X-Via-Fastly
HA-Ipaddr
X-Ig-Push-State
CDCHOST
Canary
X-Ismobilevalue
Cache-Provider
Cdn-Host
Cdn-Request-Time
X-Gdpr
X-SD-PageType
Cdnsip
Cdncip
WP-Super-Cache
C-Via
X-Nyt-Route
X-HN
X-NMSegId
X-Service
X-HS-Content-Campaign-Id
X-GeoIP-Region-Code
AKAMAI
X-Geo-Header
X-GeoIP
X-Nginx-Cache-Key
X-GeoIP-Country-Code
X-Mvc-Supplant-OutputCached
X-Origin-Time
Yak-Timeinfo
X-Eu-Site
DSUID
Fastly-SSL
X-Amz-Storage-Class
Ha-Gx-Prefs
Gh-Request-Id
X-Edge-Server
X-Fastly-Cache
Fastly-Backend-Name
XM
X-PAYTM-SRV-ID
X-Loc
Content-Script-Type
Content-Style-Type
X-Test
X-Fmm-Version
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
X-BBC-Edge-Cache-Status
X-Section
X-ApacheServer
X-Server-IP
X-Human
X-Men
X-Request-Host
X-B3-Trace-ID
X-Location
X-SVT-ORM-RULES
X-Mly-Id
X-Micro-Cache
X-Sn-Servicetimems
X-VG-TLSProxy
X-Pool
X-Fastly-Backend
X-PERF
X-From
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-We-Are-Hiring
X-Contensis-Viewer-Groups
X-CacheTTL
Odigeo-Trace-Id
X-Cache-Backend
X-Cache-Aspx
X-GoCache-CacheStatus
X-Varnish-Authentication
X-SVT-ORM-VERSION
X-Render-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Proxied-Request
Platform
On-Server
Adler-Geo
Apple-News-Services-Handled
Apple-News-Services-Host
Pramga
Producers
RNT-Machine
Country-Code
Redirect-Candidate
Apple-News-Services-Parsed-Url
Machine
Fastly-GeoIP-CountryCode
Esi-Enabled
Click-Count-Error
Cluster
Click-Count-Action-Start
Cache-Key
L
Apple-News-Services-Request-Url
Is-Eu
RNT-Time
Req-Svc-Chain
Tube-Return
X-Ad-Load-Variation
X-Dc
V-Age
Web-Mar-Region
X-Acquia-Purge-Cdn-Unconfigured
X-Access
Tube-Got-Results
X-Aicache-OS
Tube-Get-Contents
Tube-Got-Eval
X-Zone
X-Slack-Shared-Secret-Outcome
X-NodeID
NGX
X-Accel-Expires-Debug
X-Up
X-Slack-Backend
X-Custom-Header
X-Date
Proxy-Firewall
X-Hash
True-Client-Country-4JS
X-Cs
X-Varnish-Hits
X-COUNTRY
X-LB-ID
Debug
X-Pad
Datacenter
X-Varnish-CookieINHashed-On
X-CACHE-GROUP
X-DefElseHash
X-Nananana
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-DefHash
Mime-Version
X-Nf-Request-Id
X-Client-Ip
X-Refresh
Pics-Label
X-HA-Backend
X-Depends
X-Via-Poph
Locid
X-Datadome
X-Via-Popv
X-Via-Popn
SID
X-Akamai-Transformed
Fastly-Drupal-HTML
X-VHOST
X-VC-TTL
CloudFront-Viewer-Country
X-Amz-Meta-Cb-Modifiedtime
X-Platform-Cluster
X-LiteSpeed-Tag
X-Platform-Processor
X-Platform-Router
X-M-Reqid
X-M-Log
X-Cache-FS-Status
X-Servedbyhost
X-Esi
GeoIP-Latitude
X-Old-Content-Length
Ngx-Var-Key
X-Cached-By
X-Parent-Response-Time
X-CACHE-AGE
X-TIME
X-B3-Parentspanid
Fastly-Drupal-Html
X-LB-NoCache
X-DynaTrace-JS-Agent
X-TH-Server
X-VCache
X-Moov-Xdn-Version
X-CDN-Cache-Status
Resin-Trace
Server-Info
X-Moov-T
Cf-Ipcountry
X-CS
Server-ID
BehaviorPad-Version
X-Litespeed-Tag
GeoIp-Country-Code
Cross-Origin-Embedder-Policy-Report-Only
X-ZONE
Cdn
X-Presslabs-Stats
X-Nc
X-HITS
NtCoent-Length
X-Wa
X-APP
X-Vgn-Hpd-Reason
X-B-Cookie
X-External-Request-Id
FSS-Cache
Cf-Device-Type
X-Application
Tcn
X-User
X-S-Cookie
X-NewRelic-App-Data
X-TX-ID
X-IAuth-Set-Uid
X-Destination
CDN
X-Varnish-Beresp-TTL
X-Fpc
Uri
X-Content-Length
True-Client-IP
X-Zen-Fury
X-HostName
X-Sigma-Backend
X-Vc
X-Cache-Date
X-Srv
True-Client-Ip
X-Sigma
X-Rocket-Build-Number
X-Instance-Name
X-Flags
X-Is-Crawler
X-VServer
X-Aspnet-Duration-Ms
X-API-Version
X-Route-Name
X-Providence-Cookie
Load-Balancing
Serverhost
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
X-DynaTrace
X-Cdn-Forward
Srv
X-Segment-20210421
X-WA
GeoIP-Country-Code
X-FPC
X-Branch-Name
X-Dispatcher-Number
X-HOST
S-Rt
X-NC
Request-ID
Vc-Max-Age
X-Cdn-Cache-Status
Product
X-Dispatch
Ohc-File-Size
X-Page-View
Hostname
X-DataCenter
X-RequestId
Geoip-Latitude
Server-Id
X-B3-Spanid
X-APP-VERSION
ServerName
Srvid
Type
X-Lb-Nocache
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
X-ServedByHost
X-Sql-Duration-Ms
X-Http-Reason
X-Ckpd-Fst-Backend
X-Sql-Count
X-Bug-Bounty
X-Irp-Debug
X-Geo
CacheControlHeader
Cl-Cache
Cloudfront-Viewer-Country
DataCenter
X-VCL-Version
Epwk-X-Cache
X-Owner
IsBot
Edge-Copy-Time
X-CACHE-KEY
Ohc-Cache-HIT
X-Via-CDN
X-SIPLIST1
Origin-Trial
X-Via-SSL
X-Via-Edge
Lb
WZWS-RAY
X-Cache-Ttl
MIME-Version
X-Core-Mission
X-Via-PopH
Cross-Origin-Opener-Policy-Report-Only
X-Correlation-ID
ServerHost
X-Ua
X-Proxy-CacheRZ
X-Ha-Backend
PICS-Label
X-Via-PopV
X-Via-PopN
XkeyRZ
X-App
X-Srcache-Store-Status
X-Srcache-Fetch-Status
Rtss
X-Hit
X-Qloud-Router
N-Cache
X-MSEdge-Flight
X-CSRF-TOKEN
X-MSEdge-Features
X-Lb-Id
X-MiniProfiler-Ids
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Web-Server
Sm-Log-Id
Warning
X-Acquia-Site
X-Sqd-Stime
X-Limited
X-Vmg-Version
X-Akamai-Device-Characteristics
User-Agent
Cneonction
X-Sqd-Ctime
X-Service-Response-Time
X-Amz-Meta-Opti
CountryCode
X-Datacenter
X-Fastly-Country-Code
X-Requestid
X-LAGOON
X-Iplb-Request-Id
X-Iplb-Instance
X-Litespeed-Cache-Control
Xkeylog
X-Serial
X-Check-Cacheable
X-HubSpot-Correlation-Id
X-Info
X-IN-APIGATEWAYSSL
X-Gamma-Serve
X-Akamai-Pragma-Client-IP
X-RAMCache
X-Ramcache
X-Amz-Meta-Sha256
X-Amz-Meta-S3b-Last-Modified
Ngx
Xkey-La3
X-Udemy-Cache-App-Namespace
X-Snapshot-Date
X-Dw-Trace-Id
X-Th-Server
X-Proxy-Cache-La3
X-IN-APIGATEWAY