Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
CF-RAY
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
Alt-Svc
P3P
X-Cache-Hits
X-UA-Compatible
X-Xss-Protection
X-Served-By
CF-Ray
X-Download-Options
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
Access-Control-Allow-Credentials
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
X-Drupal-Cache
X-Generator
X-Cache-Status
X-Check
X-Cacheable
X-Envoy-Upstream-Service-Time
X-Request-ID
X-FRAME-OPTIONS
Timing-Allow-Origin
X-Dns-Prefetch-Control
X-DNS-Prefetch-Control
X-Iinfo
X-Drupal-Dynamic-Cache
Feature-Policy
X-Content-Security-Policy
Content-Encoding
Access-Control-Expose-Headers
Upgrade
Status
X-CDN
X-AspNetMvc-Version
Server-Timing
X-XSS-PROTECTION
Access-Control-Max-Age
X-Amz-Request-Id
Request-Context
X-Amz-Id-2
X-Turbo-Charged-By
X-Via
X-AH-Environment
X-Robots-Tag
X-Backend
X-Cache-Group
Cf-Edge-Cache
Keep-Alive
Host-Header
X-UA-Device
X-Proxy-Cache
X-Hacker
X-Server
X-Rq
X-Server-Powered-By
Allow
X-Age
X-Vhost
X-Varnish-Cache
X-Ws-Request-Id
X-Dispatcher
EagleId
X-Amz-Version-Id
Grace
X-LiteSpeed-Cache
P3p
Cf-Apo-Via
Nel
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Page-Speed
X-Device
Cf-Railgun
EagleEye-TraceId
X-Aws-Lambda-Call-Status
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
Ali-Swift-Global-Savetime
Accept-CH
X-Pingback
X-Host
X-Node
X-Server-Id
X-OneAgent-JS-Injection
X-Backend-Server
Surrogate-Control
X-CST
X-Nginx-Cache-Status
X-Readtime
X-Cache-Lookup
X-Akam-SW-Version
Permissions-Policy
X-Content-Security-Policy-Report-Only
Request-Id
X-Application-Context
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Nginx-Upstream-Cache-Status
X-Cloud-Trace-Context
X-Trace
Accept-Ch-Lifetime
X-Response-Time
X-Edge
X-HW
X-Ua-Compatible
Content-Location
X-Clacks-Overhead
X-Mod-Pagespeed
Accept-CH-Lifetime
X-Url
X-Oneagent-Js-Injection
X-Midtier
X-ECACHE
Rating
X-ESI
X-Ruxit-JS-Agent
X-Amz-Server-Side-Encryption
X-Mcache
Xkey
X-Country
X-Litespeed-Cache
X-Upstream
X-Vname
X-TtlSet
X-PC
X-Vcap-Request-Id
Cache-Tag
X-D2id
X-MS-InvokeApp
X-Ruxit-Js-Agent
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Rack-Cache
X-Element-Page-Cache
Verso
Edge-Control
RTSS
Fastly-Restarts
X-Powered-By-Plesk
X-Cache-TTL
X-VARITI-CCR
Origin-Trial
X-Ac
X-Navigation-Version
Accept-Ch
X-Abt-Application-Version
X-Goog-Hash
X-Ttl
X-Cached
X-Content-Type
Service-Worker-Allowed
X-Country-Code
X-GitHub-Request-Id
X-Sol
Display
X-Amz-Rid
Pagespeed
X-Middleton-Display
X-WebKit-CSP-Report-Only
X-Browser-Type
X-Mg-S
X-Varnish-TTL
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Server-Name
Cross-Origin-Opener-Policy
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
Arr-Disable-Session-Affinity
X-Erf-Bev-Bev
X-Powered-CMS
X-Amzn-Trace-Id
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
Response
X-Middleton-Response
SPIisLatency
SPRequestDuration
X-Cache-Key
X-B3-TraceId
AR-CACHE
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Version
X-Fastly-Request-ID
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Cnection
X-Accel-Expires
X-Times
Cache-Status
Cache-Tags
Front-End-Https
X-T
X-Fastcgi-Cache
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Client-IP
Edge-Cache-Tag
X-MSEdge-Ref
X-B3-Traceid
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-NF-Request-ID
X-Px
X-Hits
X-Ser
Nginx-Cache
X-NWS-LOG-UUID
Public-Key-Pins
X-Kinja-CCPA
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Recruiting
X-LLID
X-Frontend
Server-Node
Payment
X-Ua-Browser
X-Shield-Request-Id
X-Request-Processing-Time
X-Request-Received
X-Webkit-CSP
X-Erf-Stays-Pdp-Viaduct-Migration-Web
X-DIS-Request-ID
Access-Control-Request-Method
TP-Cache
X-RateLimit-Remaining
X-Webkit-CSP-Report-Only
X-Ratelimit-Remaining
S
X-Goog-Metageneration
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
MicrosoftSharePointTeamServices
X-LB-Cache
TP-L2-Cache
X-FastCGI-Cache
Content-MD5
X-Distributor
X-Content-Digest
X-PressLabs-Stats
X-Microsite
X-Request-Handler-Origin-Region
Realpath
X-RateLimit-Limit
X-Page-Id
X-Hostname
Access-Control-Allow-Method
X-Forwarded-For
X-FB-Debug
X-Geo-Country
X-GUploader-UploadID
Accept-Charset
X-Ezoic-Cdn
Fastcgi-Cache
X-Protected-By
X-Correlation-Id
X-Amzn-RequestId
X-Cluster-Name
X-Amz-Apigw-Id
X-Rid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ratelimit-Limit
X-Seen-By
X-Envoy-Decorator-Operation
X-B3-Sampled
Cleartype
TCN
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Referer-Policy
DC
X-Newrelic-App-Data
X-Mobile
X-Origin-Cache
X-Debug-Info
X-XRDS-Location
Cross-Origin-Resource-Policy
X-Webkit-Csp
X-Origin-Server
X-Aspnet-Version
X-Varnish-Backend
X-Git-Hash
X-Ua-Device
X-Logged-In
X-Varnish-Grace
X-Azure-Ref
X-Server-ID
X-Contextid
X-Content-Options
X-Amz-Replication-Status
X-Request-Guid
X-Fb-Rlafr
X-Flags
X-Aspnet-Duration-Ms
Surrogate-Key
X-Is-Crawler
X-Providence-Cookie
X-Revision
X-Route-Name
X-App-Environment
X-Kinsta-Cache
X-Grace
X-IPS-LoggedIn
X-Edge-Location-Klb
Count-Hit
X-TT
Alternate-Protocol
Healthy
X-Amz-Meta-S3cmd-Attrs
X-App-Server
X-Forwarded-Proto
X-Wix-Request-Id
X-Hosted-By
Frame-Options
X-Whom
X-TTL
Charset
WPO-Cache-Message
WPO-Cache-Status
X-Akamai-Edgescape
MS-Author-Via
Viewport
X-Daa-Tunnel
X-Magnolia-Registration
X-Oracle-Dms-Ecid
Retry-After
Filterid
X-Client-Ip
X-Oracle-Dms-Rid
X-B
Section-Io-Cache
X-Backend-Name
Paypal-Debug-Id
SRV
X-F-Cache
X-Id
Amp-Access-Control-Allow-Source-Origin
X-Cache-Age
X-AppVersion
X-Activity-Id
X-Az
X-Proxy-Cache-Info
X-Kong-Upstream-Latency
X-Cache-Control
X-Kong-Proxy-Latency
X-Trace-Id
Server-Name
X-Www-Served-By
X-Time
X-App-Version
X-Response-Served-From
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Http-Reason
SD-X-WS
X-Cache-Rule
Host
X-Original-Request-Id
X-Rule
X-Varnish-Server
X-Type
X-Cache-Grace
X-Edge-Location
X-Proxy
Front
X-Instance
X-RateLimit-Reset
X-Status
X-EdgeConnect-Cache-Status
Refresh
X-Akamai-Request-ID2
X-UUID
X-User-Agent
Akamai-GRN
X-ARC
From-Origin
X-N
Fastly-SIE
Fastly-SWR
Protected
X-Environment-Context
X-Rendered-As
X-Rocket-Nginx-Serving-Static
X-Unique-Id
X-Varnish-Age
X-Region
X-Page-View
X-COUNTRY
X-Framework
X-Jobs
X-L-Path
X-Cacheable-TTL
X-Is-Bot
X-FW-Hash
X-Adobe-Loc
X-Adobe-Content
X-FW-Serve
X-FW-Server
X-FW-Version
X-FW-Type
X-FW-Static
Access-Control-Request-Headers
X-FW-Dynamic
X-Load-Cache
X-Cache-Time
X-ProcessESI
X-RemovedCookies
X-G
Version
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
ServerID
X-Language
X-Nf-Request-Id
X-Datadog-Trace-Id
X-Source
X-Datadog-Parent-Id
Country
X-Datadog-Sampling-Priority
X-Vcache
X-CDN-Forward
Content-Disposition
X-Drupal-Cache-Tags
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Upgrade-Enabled
X-Mg-Request-UUID
X-Datadog-Sampled
X-DataDome
X-HTML-Minification-Powered-By
Accept-Language
X-Debug-IsPreview
X-Debug-IsConnected
Countrycode
X-Amzn-Remapped-Content-Length
X-DynaTrace
X-ID
X-Xrds-Location
X-Tt-Trace-Host
X-Generated-By
X-Tt-Trace-Tag
Backend
Xet-Cookie
X-DynaTrace-JS-Agent
X-ECache
X-Varnish-Ttl
X-B-Cache
X-Signature
CF-IPCountry
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Nginx-Cache
X-B3-SpanId
Xserver
X-Mode
X-Httpd
Liferay-Portal
X-Erf-Web-Scheduler
Webserver
X-Servername
Url
X-Device-Type
X-Tt-Logid
X-Drupal-Cache-Contexts
X-NYM-Debug-Backend
X-Content-Powered-By
X-Content-Age
X-Zen-Fury
X-UPSTREAM-Address
GEO-INFO
X-Git-Commit
X-Urbn-Context-Path
X-Proto
Load-Balancing
X-Say-Cacheable
X-Rewrite-Enabled
X-SaId
Meta-Geo
X-Director
X-Tb
X-Say-TTL
S-Rt
X-GeoCountry
X-Cache-Action
X-Cache-Operation
X-JoinUs
X-LAGOON
Fastcgi-Useragent
X-ServerID
X-Urbn-Site-Id
X-SayCDN-TTL
Locale
Filters
X-Container-Uri
X-GeoCode
X-Varnish-Cache-Hits
X-PHP-Host
X-Labrador-Cache-Channel
X-Forwarded-Host
X-Cluster-Node
Uber-Trace-Id
Azure-SlotName
Azure-RegionName
Onion-Location
X-Soup
Azure-Version
X-RM-Cache-TTL
Azure-InstanceId
Azure-SiteName
X-VC-Cache
X-Sucuri-Cache
X-Varnish-Hostname
X-Sucuri-ID
X-Ms-Request-Id
X-VCT
X-Adobe-Source
X-Ms-Version
X-Served-From
X-Logging-Id
CDN-RequestId
Web-Mar-Node
X-Sql-Count
X-Detected-As
X-Storage
X-Sql-Duration-Ms
Node
Mn-Server-Ip
DB-Nickname
X-Extlb
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Routing-Service
X-Proxied
X-Skip-Cache
X-Zipkin-Id
X-Cache-Server
Selected-Fe
TWC-Privacy
X-Lambda-Id
Webcakes-Region
X-Uri
Property-Id
X-Debug
TWC-Locale-Group
Webcakes-App-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
X-Timing-Wait
X-Proxy-Build
X-Origin-Hint
TWC-Connection-Speed
TWC-Device-Class
X-Fetched-On
X-LSADC-Cache
TWC-GeoIP-Country
X-Template
X-Tumblr-Pixel-3
X-Generation-Time
X-Format
X-Tumblr-Pixel-2
OT-Force-Account-Verify
X-Ratelimit-Reset
Source
Fastly-Drupal-HTML
X-XRDS-LOCATION
X-Origin-Date
X-MP-GENERATED-AT
X-Tncms
X-Loop
X-MCACHE
X-Cache-Hit
X-Srv
X-Tec-Api-Origin
X-Pass-Why
X-Tec-Api-Version
X-Tec-Api-Root
X-Cache-Expired-At
X-Varnish-Hits
X-Endurance-Cache-Level
X-Redis-Cache
Content-Secure-Policy
X-UA-Device-Type
Cross-Origin-Window-Policy
X-Cache-TTL-Remaining
Upgrade-Insecure-Requests
X-Real-IP
X-Fastly-Request-Id
X-Via-JSL
Section-Origin-Responded
X-Pubstack
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Ua
X-Origin-CC
X-Origin-TTL
X-CCDN-CacheTTL
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-NGENIX-Cache
X-AIR-PT
X-Node-Name
X-Server-W
X-Rn-Rsrv
X-GEO
X-S
X-TimeS
NGB
Cache-Hits
Cache-Provider
X-CSRF-Token
CDN-CachedAt
CDN-Cache
Ms-Operation-Id
X-Cache-Host
MS-CV
X-URL
CDN-EdgeStorageId
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-RTag
X-PHP-Backend
X-Akamai-Transformed
Cache-Name
X-Datadome
X-Aspnetmvc-Version
X-Newrelic-Synthetics
X-Hl-Ver
X-Xfnlog-Site
X-Reqid
X-Optimistic-Header
X-Cms-Context
Apigw-Requestid
X-CACHE-AGE
X-Restarts
X-IPLB-Instance
X-IPLB-Request-ID
X-Parent-Response-Time
X-No-Session
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
X-Cache-Type
X-Destination
X-D
Fastly-Backend-Name
X-Developer
X-Dispatcher-Number
Fastly-SSL
Canary
Candidate-Md5Url
Ngx.Var.Host
Fastly-GeoIP-CountryCode
CPC-Age
X-Debug-Cache-Store
DCR-Processing-Time-Ms
X-CacheTTL
X-Cache-NE
X-Cache-Info
DCR-Decision-By
X-Date
Odigeo-Trace-Id
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cdn-Diag
CPC-Cache
X-CGP
Gannett-Cam-Experience-Id
X-Conf
Lang
X-GeoIP-Country-Code
X-GeoIP-Region-Code
X-Epic-Correlation-Id
X-Csrf-Jwt
X-Eu-Site
X-External-Request-Id
L5d-Success-Class
L
Ha-Gx-Prefs
X-FC-Vary-Parameters
X-Fastly-Backend
Magicmarker
X-Has-Esi
X-Ec-Fail
Meta-Geo-Continent
X-A-Dam
X-Ec-Custom-Error
N-Cache
HA-Ipaddr
X-JWT-State
X-Is-Gdpr
Mail-Subject
BehaviorPad-Version
MD5-Digest
X-Ec-GeoHdr
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Cache-Bucket
X-A-Dgt
T-Server
X-SRCache-Key
X-A-Wwc
X-VG-WebCache
X-Viewer-Country
X-Vtex-Remote-Cache
X-A-Dcw
X-B-Cookie
X-A
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
Surrogated-Key
X-Application
X-Accel-Buffering
VNS-Age
Vix-Hermes-Req-Id
X-Var-Ttl
We-Hiring
W
X-Aed
Web-Mar-Region
X-App
True-Client-Country-4JS
X-Vdms-Version
X-Vdms-Path
X-Accel-Expires-Debug
VNS-Cache
Sslversion
X-Debug-Cache-Fetch
X-We-Are-Hiring
X-RateLimit-Limit-Second
X-Wikidot-Backend
Redirect-Candidate
X-Worker
X-A-Ccd
X-Wix-Viewer-Type
X-Wikidot-Static-Cache
Rendered-Blocks
X-RateLimit-Remaining-Second
X-Request-Host
X-ScT
X-SD-PageType
X-BCube-Filmed-By
X-Bc-Bl
Xc-Version
X-Bl-Debug
Server-Host
X-Rojux
X-S-Cookie
X-Policy
X-AWS-Id
X-LJ-Flow-ID
X-VWS-Id
X-Handled-By
X-Cluster
Expect-Staple
Environment
Thinkindot-Control
X-Clara-WADP
X-Cache-Debug
X-Bip
X-BBC-Edge-Cache-Status
X-Clientip
X-Cdn-Origin
Origin
Producers
Release
Req-Svc-Chain
X-Cache-Id
X-CMSURLCustom
Memcached
X-Core-Mission
X-Alternate-Cache-Key
Is-Eu
Host-ID
Gh-Request-Id
X-App-Name
Machine
TDXMobile
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Platform
X-Core-Value
X-Mid
X-Shop-Environment
X-ShardId
X-Server-IP
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Sn-Servicetimems
X-S-Maxage
X-Request-Time
Datacenter
X-Origin-Response-Time
X-Orig-Expires
X-Owner
X-PAYTM-SRV-ID
X-Qloud-Router
X-Pool
X-Platform
X-Section
X-Storefront-Renderer-Rendered
X-Varnishpool
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-VG-TLSProxy
X-Vmg-Version
X-Access
X-WADP-Cache
X-VServer
X-Varnish-CookieHashed-On
X-Variation
X-Tenant
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Test
X-Thanos
X-Up
X-Thinkindot-L3
X-Org
X-Origin-Time
Adler-Geo
X-Hash
AKAMAI
X-Human
X-Level-Front-Cache
X-Esi-Check
X-Gzip
X-Geo-Header
X-Forwarded-Path
X-Forwarded-Site
ServedBy
X-Gdpr
X-Generated-On
X-Fmm-Version
X-DPWN-IS-SECURE
X-Loc
X-Nitro-Cache
Cmsid
X-Nyt-Route
X-DefHash
Cmstype
X-Mly-Id
X-Old-Content-Length
X-DefElseHash
X-Node-Id
X-Proxy-Cache-Status
User-Cache-Control
X-Via-Fastly
X-Tx-Id
X-Device-Os
X-Dispatcher-Server
X-TIM-N
X-Akamai-Device-Characteristics
X-WA-Info
X-GeoIP
X-Nginx-Cache-Key
X-Nananana
X-PERF
X-NodeID
X-Origin
X-Cdn-Srv
X-Mvc-Supplant-OutputCached
X-Scale
X-Gen-Mode
X-From
X-Auto-Login
X-Hnp-Log
X-INCAP-ABP
X-ApacheServer
X-Block-Status
Country-Code
CloudFront-Viewer-Country
DSUID
NM-Fastcgi-Cache
Server-Hostname
Server-Ext
X-Presslabs-Stats
X-TA-CDN-Provider
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
CDCHOST
Sever-Int
Esi-Enabled
Wxu-Next-Region
X-Refresh
Origin-CC
X-Cache-Enabled
Pics-Label
Origin-EX
X-LB-NoCache
X-Instance-Name
WP-Super-Cache
C-Via
Wxu-Next-Hostname
Ssr
X-Op-Id-All
Wxu-Next-Commit
Server-Info
X-NCache
X-TIME
X-Cs
X-Cache-Status-Check
Memory
Time
X-Vcl-Version
Hostname
X-Air-Source
X-Air-Trace-Id
Server-ID
X-Air-Hostname
X-Web-Node
X-HA-Backend
Cf-Device-Type
Origin-Agent-Cluster
X-Azure-Ref-OriginShield
X-Amz-Meta-Cb-Modifiedtime
X-API-Version
X-ZONE
NGX
GeoIP-Latitude
X-Tb-Optimization-Total-Bytes-Saved
AMP-Access-Control-Allow-Source-Origin
X-VHOST
X-Platform-Processor
X-Platform-Cluster
X-Microcachable
X-Correlation-ID
Cache-Host
X-Origin-Expires
X-Platform-Router
X-CACHE-GROUP
X-DC
X-Varnish-Beresp-Grace
X-Dc
XM
X-Varnish-Beresp-Ttl
X-Wp-Cf-Super-Cache-Active
X-Micro-Cache
X-Fpc
X-HN
X-Internal-Host
X-VarnishDD-TTL
X-Site-Version
X-Locale
PFcat
X-Webkit-Csp-Report-Only
Resin-Trace
X-Vgn-Hpd-Reason
YJS-ID
X-Ad-Defer-Variation
Edge-Copy-Time
X-Via-CDN
A
Srvid
X-Via-Edge
X-Via-SSL
Locid
X-FL-EDGE
X-FL-QIT-DEBUG
X-AB
Cdn-Requestid
X-WP-CF-Super-Cache-Active
X-TraceId
X-Zone
X-Github-Request-Id
X-LiteSpeed-Cache-Control
X-Pod-Name
Location
X-B3-Spanid
X-Buckets
X-Moov-T
X-Geo-Region
Sid
User-Agent
X-DataCenter
Uri
X-Moov-Xdn-Version
X-B3-Parentspanid
X-Cached-By
X-Contensis-Viewer-Groups
X-FireWall-Port
X-Cache-ASPX
X-ATG-Version
True-Client-Ip
X-Upstream-Ht
X-Upstream-Ct
Cache-Key
X-FTR-Request-ID
GeoIP-Country-Code
X-SIPLIST1
IsBot
X-Varnish-Authentication
X-Backend-Instance
X-Info
X-Accel-Version
CF-Ctrl
X-NGINX-Cache
X-Nitro-Rev
X-Nitro-Cache-From
X-Is-Tablet
X-Is-Desktop
X-Is-Supported-Browser
X-Tcp-Rtt
X-Is-Mobile
X-Browser-Name
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Platform-Server
GeoIp-Country-Code
Cdn
X-MSEdge-Flight
X-HS-Content-Campaign-Id
X-MSEdge-Features
State
X-Planisys-CDN-TTL
X-VCache
X-LiteSpeed-Tag
SID
X-Release
X-Fastly-Cache
X-Datacenter
XServer
X-CS
NtCoent-Length
X-Provided-By
X-CSRF-TOKEN
X-VC
X-Cache-Ttl
X-NewRelic-App-Data
X-Sigma
X-Cache-Remote
X-Rocket-Build-Number
Path
Epwk-X-Cache
Lb
X-Hyper-Cache
X-Sigma-Backend
True-Client-IP
X-RN-RSRV
X-Geo
X-TRACE-ID
X-Vgn-Hpd-Cached
X-Vgn-Hpd-Ssi
X-HS-Status
Cache
X-Vgn-Hpd-Variations-Key
X-Scheme
Fastly-Drupal-Html
X-Webstats-RespID
X-GeoIP-City
X-Gamma-Serve
X-UA
X-Frame-Option
X-FPC
X-Service
X-Api-Version
X-Generated-In
X-HostName
Tcn
X-SRV
WebServer
X-GoCache-CacheStatus
X-Rebelmouse-Surrogate-Control
Cf-Ipcountry
X-Rebelmouse-Cache-Control
Serverid
X-APP-VERSION
CountryCode
X-Air-Pt
Ohc-File-Size
X-Pad
Cdnsip
Cdncip
X-AK-Request-ID
X-Esi
X-Amz-Meta-Opti
Cache-Tv-Group
X-Guploader-Uploadid
X-Edge-Server
Cdn-Request-Time
X-Origin-Cache-Key
X-Wp-Cf-Super-Cache-Cache-Control
X-Branch-Name
Kp-EeAlive
X-Wp-Cf-Super-Cache
Cdn-Host
X-Traceid
X-EC-Lua
LB
X-VCL-Version
X-Wp-Cf-Super-Cache-Cookies-Bypass
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Expires
Req-ID
X-Country-Code-Real
Env
X-FTR-Backend
X-FTR-Backend-Server
X-NMSegId
Proxy-Connection
WZWS-RAY
Yak-Timeinfo
X-Location
X-Mobile-URL
X-Vercel-Id
X-Vercel-Cache
M-TraceId
X-Vc
XkeyRZ
X-Proxy-CacheRZ
X-Cdn-Cache-Status
X-CACHE-KEY
HostName
X-Cdn-Request-ID
CDN
CacheControlHeader
X-Edge-Pop
X-NWS-UUID-VERIFY
X-Men
X-Akamai-Pragma-Client-IP
Ohc-Cache-HIT
X-Aicache-OS
X-Ad-Load-Variation
X-Cache-Tags
Geoip-Latitude
On-Server
X-Region-Sid
X-Developers
Srv
Ngx
X-Cdn-Forward
X-Lb-Cache
Tube-Got-Eval
Click-Count-Action-Start
X-Ha-Backend
Tube-Get-Contents
Content-Style-Type
V-Age
Content-Script-Type
Tube-Return
Tube-Got-Results
RNT-Time
X-M-Log
X-M-Reqid
X-CDN-Cache-Status
Mime-Version
X-Via-Popv
Server-Id
X-Acquia-Purge-Cdn-Unconfigured
RNT-Machine
X-Cache-FS-Status
Click-Count-Error
X-B3-Trace-ID
Cluster
X-Nc
X-Servedbyhost
X-Minions-Version
X-V-Cache
X-SB
X-Req
X-WP-CF-Super-Cache-Cookies-Bypass
X-TX-ID
X-Scope-Id
X-Via-Popn
X-Wa
X-Via-Poph
Pramga
CF-Cached-On
X-LB-ID
X-Request-Start
X-TT-LOGID
X-Check-Cacheable
X-Shield-Cache-Expires
X-Request-URI
X-Qnm-Cache
WWW-Authenticate
X-Tim-N
X-Varnish-Beresp-Status
X-MiniProfiler-Ids
X-Acquia-Site
X-Edge-POP
X-IN-APIGATEWAY
X-Via-Ucdn
X-Fastly-Country-Code
X-IN-APIGATEWAYSSL
X-Snapshot-Date
X-Dw-Trace-Id
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Lb-Nocache
ENV
PICS-Label
X-Acquia-Purge-Tags
Yjs-Id
X-Fastly-Cache-Hits
Inserted-Into-Cache-At
X-Iauth-Set-Uid
Edge-Cache
CACHE-MISS-TO-ORIGIN
X-Cache-Date
X-Fastly-Backend-Reqs
Cneonction
X-User
X-Miniprofiler-Ids
Log-Origin
X-RAMCache
X-Cached-Since
X-ElasticPress-Query
X-Litespeed-Cache-Control
Vha6-Origin