Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Ua-Compatible
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
X-LiteSpeed-Cache
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Content-Location
X-Node
X-Application-Context
P3p
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Litespeed-Cache
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Daa-Tunnel
X-Oneagent-Js-Injection
X-Server-Name
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-GitHub-Request-Id
X-ECACHE
X-Upstream
Edge-Control
X-D2id
X-Element-Page-Cache
Verso
X-MS-InvokeApp
X-Ac
X-ESI
AR-Request-ID
X-Kinja
AR-ATIME
AR-PoweredBy
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
AR-SID
Accept-Ch-Lifetime
X-FastCGI-Cache
X-B3-TraceId
X-Vcap-Request-Id
X-Cache-TTL
X-Ser
X-Abt-Application-Version
X-Navigation-Version
AR-CACHE
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Fastly-Restarts
X-Client-IP
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Aws-Lambda-Call-Status
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Mg-S
Edge-Cache-Tag
X-Edge-Location-Klb
X-Kinsta-Cache
S
X-Powered-CMS
X-Goog-Hash
X-Middleton-Response
Response
Cache-Status
X-Version
Access-Control-Request-Method
X-Amzn-Trace-Id
X-VARITI-CCR
X-Fastly-Request-ID
X-Ruxit-Js-Agent
X-ARC
X-Cache-Key
X-RateLimit-Remaining
RTSS
X-Content-Digest
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-T
X-Recruiting
Realpath
X-Ratelimit-Limit
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-Varnish-TTL
X-MSEdge-Ref
Fastcgi-Cache
Front-End-Https
X-Cached
MS-Author-Via
X-TTL
Content-MD5
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-HS-Cache-Config
X-Ua-Browser
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Cache-Status
X-FTR-Balancer
X-Protected-By
X-Country-Code-Real
X-FTR-Backend
X-Shield-Request-Id
X-FTR-Backend-Server
Public-Key-Pins
X-Request-Processing-Time
X-Request-Received
Server-Node
Payment
X-Forwarded-Proto
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-Frontend
X-LLID
TP-Cache
X-HS-Combine-CSS
Arr-Disable-Session-Affinity
X-Distributor
X-Server-ID
X-FTR-Expires
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Count-Hit
X-GUploader-UploadID
X-NODE
X-Origin-Server
X-ORACLE-DMS-RID
X-LB-Cache
X-PressLabs-Stats
X-Ttl
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Az
X-Activity-Id
X-AppVersion
X-Content-Security-Policy-Report-Only
Host
X-TEC-API-ROOT
X-B3-TraceId-Primal
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Mrf-Cache-Status
X-Ua-Device
X-Www-Served-By
MRF-Tech
X-Varnish-Backend
X-Varnish-Server
X-Hits
X-App-Server
X-Cluster-Name
Cache-Tags
Retry-After
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Newrelic-App-Data
Cleartype
X-ORACLE-DMS-ECID
X-Origin-Cache-Key
X-CSRF-Token
X-Hostname
X-NGENIX-Cache
X-Goog-Metageneration
X-Envoy-Decorator-Operation
X-Geo-Country
Referer-Policy
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Id
TP-L2-Cache
X-DIS-Request-ID
X-Git-Hash
X-Seen-By
X-Azure-Ref
X-Unique-Id
Filterid
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Tt-Trace-Host
X-Load-Cache
X-Tt-Trace-Tag
X-F-Cache
X-Proxy
X-Revision
X-Trace-Id
Healthy
Section-Io-Cache
X-Request-Guid
X-Cache-Control
X-XRDS-LOCATION
X-Grace
TCN
DC
X-Amzn-RequestId
X-TT
X-Amz-Apigw-Id
X-B3-Sampled
X-B
X-Type
X-Logged-In
Paypal-Debug-Id
X-Contextid
X-Fb-Rlafr
X-FB-Debug
X-Debug-Info
X-Px
X-Page-Id
X-Mobile
X-N
X-Debug
Viewport
X-WP-CF-Super-Cache
X-RateLimit-Limit
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Ttl
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Oracle-Dms-Rid
Fastly-SIE
Fastly-SWR
X-Whom
X-Oracle-Dms-Ecid
X-Time
X-Via-JSL
Charset
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Webkit-CSP
Content-Disposition
X-Content-Options
X-Template
Version
X-Cache-Grace
X-Varnish-Grace
X-Magnolia-Registration
X-Origin-Cache
X-Wix-Request-Id
X-App-Environment
X-EdgeConnect-Cache-Status
X-Language
X-B-Cache
X-Signature
X-ProcessESI
X-B3-SpanId
VIX-Pulpo-Upstream-Status
X-RemovedCookies
VIX-Pulpo-Node
SRV
X-Node-Name
X-Debug-IsPreview
X-Tumblr-Pixel-1
X-Rule
X-Datadog-Sampled
X-Yottaa-Optimizations
X-Debug-IsConnected
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Amz-Replication-Status
X-Yottaa-Metrics
X-Hl-Ver
X-G
MS-CV
Ms-Operation-Id
SD-X-WS
X-UUID
X-RTag
Countrycode
X-Adobe-Loc
X-Cache-Age
X-Storage
X-FW-Static
X-Backend-Name
X-Instance
ServerID
X-Adobe-Content
X-FW-Type
GEO-INFO
X-FW-Hash
X-Device-Type
X-FW-Serve
X-FW-Dynamic
X-FW-Server
X-FW-Version
X-Proxy-Cache-Info
X-Cacheable-TTL
X-Rendered-As
NGB
X-Is-Bot
X-Amzn-Remapped-Content-Length
X-NYM-Debug-Backend
Country
X-User-Agent
Liferay-Portal
X-Cache-Hit
X-L-Path
X-IPS-LoggedIn
X-Environment-Context
X-Status
X-Region
Surrogate-Key
X-Real-IP
X-ServerID
X-Source
X-NWS-UUID-VERIFY
X-Rid
X-RateLimit-Reset
Akamai-GRN
Cross-Origin-Window-Policy
X-Sucuri-ID
X-WP-CF-Super-Cache-Active
X-Sucuri-Cache
OT-Force-Account-Verify
X-Servername
X-VC-Cache
X-RM-Cache-TTL
From-Origin
Front
X-WebKit-CSP-Report-Only
X-UA
X-Framework
Upgrade-Insecure-Requests
Amp-Access-Control-Allow-Source-Origin
Backend
X-Wormhole-Sdk
X-Mode
X-INCAP-ABP
X-Xrds-Location
X-AB
X-Air-Source
Refresh
X-Air-Trace-Id
X-URL
X-Air-Hostname
X-Cache-Time
X-Content-Powered-By
X-Akamai-Request-ID2
Xet-Cookie
X-Air-Pt
X-Handled-By
X-RID
X-Edge-Location
X-HTML-Minification-Powered-By
X-VC
X-Endurance-Cache-Level
Frame-Options
Accept-Language
Filters
X-Rewrite-Enabled
X-Rn-Rsrv
Selected-Fe
X-UPSTREAM-Address
X-Proxy-Build
Url
X-Timing-Wait
X-RCS-CacheZone
X-SaId
X-Webstats-RespID
X-Xfnlog-Site
X-Origin-TTL
X-Origin-CC
X-JoinUs
Meta-Geo
TWC-GeoIP-LatLong
X-Cache-Operation
ServedBy
X-SRV
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Locale-Group
TWC-Device-Class
Property-Id
Cache
X-Cluster
WPO-Cache-Message
X-Container-Uri
X-AWS-Id
X-Akamai-Edgescape
WPO-Cache-Status
X-Cache-Rule
Atl-Traceid
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
X-No-Session
X-VWS-Id
X-LJ-Flow-ID
X-Served-From
X-Reqid
X-Logging-Id
X-Origin
X-Origin-Date
X-Labrador-Cache-Channel
X-Provided-By
X-Git-Commit
X-PHP-Host
X-Tumblr-Pixel-2
X-Origin-Hint
X-Cloudmap
X-Cache-Debug
X-R9-Blue-Green-Version
X-Proxied
X-Restarts
X-Routing-Service
X-Zipkin-Id
X-Varnish-Cache-Hits
Web-Mar-Node
Cache-Hits
Section-Io-Id
Mn-Server-Ip
X-Tb
X-VCT
X-Accel-Version
X-DataDome
X-Locale
X-Web-Node
X-Scope-Id
X-Adobe-Source
X-Site-Version
X-Redis-Cache
X-Fetched-On
X-Extlb
X-Cms-Context
X-IPLB-Instance
Access-Control-Request-Headers
X-IPLB-Request-ID
Webserver
X-Drupal-Cache-Tags
X-Hosted-By
X-Azure-Ref-OriginShield
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Age
X-Geo-Region
X-Soup
X-Generation-Time
X-Shield-Cache-Expires
X-Tcp-Rtt
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Skip-Cache
X-Is-Desktop
X-Thinkindot-L3
X-Tncms
X-Httpd
TDXMobile
X-Is-Supported-Browser
X-Ms-Request-Id
X-Loop
X-Director
X-Drupal-Cache-Contexts
X-Frame-Option
X-Ms-Version
X-CMSURLCustom
X-ProxyCache-Key
X-ProxyCache-Status
X-S
X-Say-Cacheable
X-SayCDN-TTL
X-Is-Tablet
X-Is-Mobile
X-Format
X-Say-TTL
X-BYPASS-REASON
X-Browser-Name
X-Lambda-Id
X-Forwarded-Host
Apigw-Requestid
X-Nginx-Cache
X-Buckets
X-GeoCountry
X-CDN-Forward
X-Storefront-Renderer-Rendered
X-Generated-By
X-Cache-Host
X-Detected-As
Xserver
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Stage
X-ShardId
X-Varnish-Beresp-Grace
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-GeoCode
X-Ratelimit-Reset
X-Optimistic-Header
X-Cache-Status-Check
X-Cdn-Origin
X-Vcache
X-Lagoon
X-Worker
X-Rocket-Nginx-Serving-Static
X-Vercel-Cache
X-Request-URI
Fastcgi-Useragent
Source
X-Vercel-Id
Azure-SlotName
Azure-RegionName
Azure-Version
Azure-SiteName
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-InstanceId
Node
X-TA-CDN-Provider
LB
X-Pass-Why
Protected
AMP-Access-Control-Allow-Source-Origin
X-Vcl-Version
CDN-RequestPullCode
CDN-PullZone
CDN-CachedAt
Expiry
CDN-RequestCountryCode
CDN-Cache
CDN-EdgeStorageId
CDN-Uid
X-Connection-Hash
CDN-RequestPullSuccess
Cross-Origin-Embedder-Policy
Onion-Location
X-App-Version
X-GEO
X-Tec-Api-Origin
X-Tumblr-Pixel-3
X-Tec-Api-Version
X-Api-Version
X-Cache-Expired-At
X-Tec-Api-Root
X-PHP-Backend
CDN-RequestId
X-XRDS-Location
Alternate-Protocol
X-Cache-Server
Sid
Environment
DB-Nickname
X-Server-W
X-Fastly-Request-Id
Uber-Trace-Id
Priority
X-Jobs
X-Proxy-Cache-Status
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Fastcgi-Cache
CF-IPCountry
X-ID
X-Cache-Action
X-Urbn-Context-Path
X-B3-Traceid
Locale
X-Urbn-Site-Id
X-Ismobilevalue
X-Cluster-Node
User-Cache-Control
HostName
X-Mg-Request-UUID
X-LSADC-Cache
X-Tt-Logid
X-MP-GENERATED-AT
Cdn-Requestid
X-AIR-PT
X-Zone
Cache-Tv-Group
T-Server
Req-ID
Surrogated-Key
Server-Host
Sslversion
Origin-Agent-Cluster
Lang
Magicmarker
Fusion-Component-Id
Edge-Cache
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Gannett-Cam-Experience-Id
Fusion-Deployment-Id
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Content-Secure-Policy
Candidate-Md5Url
Fusion-Source
DCR-Decision-By
Ngx.Var.Host
DCR-Processing-Time-Ms
Origin
A
X-Clientip
X-Node-Id
X-ND-Cache
X-Op-Id-All
X-Org
X-Powered-By-VTEX-Cache
X-Origin-Expires
X-NCache
X-Level-Front-Cache
X-Gzip
X-GeoIP-City
X-Hnp-Log
X-Ig-Origin-Region
X-Jungle-Id
X-Ig-Push-State
X-Request-Start
X-Rojux
X-Vdms-Version
X-Vdms-Path
X-Viewer-Country
X-VTEX-Cache-Server
X-Vtex-Remote-Cache
X-VTEX-Cache-Time
X-Varnish-Hostname
X-UA-Device-Type
X-ScT
X-SB
X-SRCache-Key
X-Thanos
X-TIM-N
X-Generated-On
X-Gen-Mode
X-Aed
X-A-Wwc
X-Bc-Bl
X-BCube-Filmed-By
X-Bl-Debug
X-Bip
X-A-Dgt
X-A-Dcw
Wxu-Next-Region
Wxu-Next-Hostname
X-A
X-A-Ccd
X-A-Dam
X-Block-Status
X-Cache-Id
X-Ec-GeoHdr
X-Ec-Fail
X-Epic-Correlation-Id
X-Esi-Check
X-Forwarded-Site
X-FB-TRIP-ID
X-Dispatcher-Server
X-Device-Os
X-Conf
X-Cache-NE
X-Content-Age
X-D
X-Developer
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-DC
X-NGINX-Cache
X-Tx-Id
X-Origin-Response-Time
X-TT-LOGID
X-Auth-Group-Type
X-CUA
X-Geo-Header
X-GeoIP
X-Core-Value
X-Cache-TTL-Remaining
X-Cdn-Srv
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Fmm-Version
X-Fastly-Cache
X-Edge-Server
X-Cache-Info
X-Gdpr
X-FC-Vary-Parameters
X-Backend-Instance
Powered-By
Release
X-Uri
PFcat
Origin-EX
NM-Fastcgi-Cache
Origin-CC
Server-Ext
Server-Hostname
X-App-Name
X-Auto-Login
X-Service
X-Amz-Storage-Class
X-AK-Request-ID
Sever-Int
Ssr
X-Cache-Bucket
X-ECache
X-Test
X-V-Cache
X-Var-Ttl
X-Tb-Optimization-Total-Bytes-Saved
X-SD-PageType
X-Req
X-Request-Time
X-Scheme
X-Varnish-Director
X-VarnishDD-TTL
XM
Yak-Timeinfo
Odigeo-Trace-Id
X-WA-Info
X-Via-Fastly
X-Varnishpool
X-VG-WebCache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Response-Served-From
X-Loc
X-Mvc-Supplant-Cachable
X-Original-Request-Id
X-HS-Content-Campaign-Id
X-Region-Sid
X-HN
X-Nginx-Cache-Key
X-NMSegId
X-Policy
X-Proto
X-Pubstack
X-Platform
X-PAYTM-SRV-ID
X-Nyt-Route
X-Origin-Time
X-GeoIP-Region-Code
X-GeoIP-Country-Code
Fastly-SSL
Cdn-Request-Time
DSUID
Cdn-Host
CDCHOST
C-Via
Cache-Provider
Fastly-Backend-Name
AKAMAI
Cdncip
Host-ID
Content-Style-Type
Content-Script-Type
Cdnsip
Click-Count-Error
X-Human
X-From
Country-Code
X-GoCache-CacheStatus
Cluster
X-LiteSpeed-Cache-Control
X-Eu-Site
X-Cache-Aspx
X-Cache-Backend
X-Newrelic-Synthetics
X-BBC-Edge-Cache-Status
Gh-Request-Id
X-B3-Trace-ID
X-CGP
X-Contensis-Viewer-Groups
Esi-Enabled
Click-Count-Action-Start
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Csrf-Jwt
Fastly-GeoIP-CountryCode
X-Fastly-Backend
X-Mvc-Supplant-OutputCached
Apple-News-Services-Handled
Adler-Geo
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Server-IP
X-Sn-Servicetimems
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Wikidot-Static-Cache
X-Custom-Header
X-Wikidot-Backend
X-We-Are-Hiring
X-VG-TLSProxy
X-Section
Apple-News-Services-Host
Ha-Gx-Prefs
X-NodeID
X-Mly-Id
X-Micro-Cache
X-Men
X-Pool
X-Proxied-Request
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Request-Host
Cache-Key
Canary
X-Location
X-Dc
Tube-Got-Eval
Tube-Get-Contents
True-Client-Country-4JS
Is-Eu
On-Server
Tube-Got-Results
Web-Mar-Region
We-Hiring
W
Tube-Return
L
L5d-Success-Class
Mail-Subject
Redirect-Candidate
Producers
Pramga
Platform
X-Varnish-Beresp-Ttl
RNT-Time
RNT-Machine
Req-Svc-Chain
Machine
X-Access
V-Age
X-Aicache-OS
HA-Ipaddr
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
WP-Super-Cache
X-Render-Time
NGX
X-Date
X-Hash
X-Up
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
X-ApacheServer
X-Accel-Expires-Debug
X-CacheTTL
Proxy-Firewall
X-PERF
X-Cs
Debug
X-DefElseHash
X-Varnish-Hits
X-LB-ID
X-DefHash
X-Varnish-CookieINHashed-On
X-COUNTRY
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
Mime-Version
X-Pad
X-Client-Ip
X-Nananana
X-Refresh
X-CACHE-GROUP
X-Depends
X-Nf-Request-Id
X-Via-Poph
X-Via-Popn
X-Datadome
Pics-Label
X-HA-Backend
X-Via-Popv
Datacenter
SID
Fastly-Drupal-HTML
X-VHOST
Locid
X-Cache-FS-Status
CloudFront-Viewer-Country
X-Akamai-Transformed
X-Parent-Response-Time
X-M-Reqid
X-M-Log
X-VC-TTL
X-Servedbyhost
X-Amz-Meta-Cb-Modifiedtime
X-Esi
X-CACHE-AGE
GeoIP-Latitude
X-HITS
X-Cached-By
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-TIME
X-LB-NoCache
X-B3-Parentspanid
Fastly-Drupal-Html
X-LiteSpeed-Tag
Ngx-Var-Key
X-Old-Content-Length
Server-Info
X-Litespeed-Tag
X-DynaTrace-JS-Agent
BehaviorPad-Version
X-CDN-Cache-Status
X-VCache
Resin-Trace
Cf-Ipcountry
X-CS
Server-ID
GeoIp-Country-Code
X-Moov-T
X-APP
X-Moov-Xdn-Version
X-TH-Server
Cdn
Cross-Origin-Embedder-Policy-Report-Only
X-Nc
X-Vgn-Hpd-Reason
X-Wa
X-Content-Length
NtCoent-Length
FSS-Cache
X-IAuth-Set-Uid
X-TX-ID
Tcn
X-NewRelic-App-Data
X-Varnish-Beresp-TTL
CDN
X-External-Request-Id
X-Destination
X-B-Cookie
X-Fpc
True-Client-IP
Cf-Device-Type
X-Application
X-User
X-S-Cookie
X-ZONE
X-HostName
X-Zen-Fury
X-Vc
X-Presslabs-Stats
True-Client-Ip
X-Srv
Serverhost
Uri
X-Sigma-Backend
X-Dispatcher-Number
X-Sigma
X-Cache-Date
X-Rocket-Build-Number
X-Instance-Name
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
Vc-Max-Age
X-HOST
X-Cdn-Forward
X-NC
X-WA
X-VServer
X-API-Version
GeoIP-Country-Code
Srv
S-Rt
X-FPC
Load-Balancing
Request-ID
X-Segment-20210421
X-RequestId
Product
X-Branch-Name
X-Dispatch
X-DynaTrace
X-Cdn-Cache-Status
X-Aspnet-Duration-Ms
X-Flags
X-Providence-Cookie
X-CACHE-KEY
X-Route-Name
X-Is-Crawler
Hostname
Geoip-Latitude
Server-Id
X-B3-Spanid
X-APP-VERSION
Ohc-File-Size
X-FL-QIT-DEBUG
X-Ckpd-Fst-Backend
X-Lb-Nocache
Srvid
ServerName
X-Webkit-Csp-Report-Only
X-DataCenter
X-Page-View
X-Srcache-Fetch-Status
X-Bug-Bounty
X-SERVER-NAME
X-Srcache-Store-Status
Type
X-Geo
X-ServedByHost
CacheControlHeader
Cloudfront-Viewer-Country
DataCenter
X-Irp-Debug
X-Ua
X-VCL-Version
X-Sql-Count
X-Http-Reason
X-Sql-Duration-Ms
Cl-Cache
Epwk-X-Cache
X-Cache-Ttl
Lb
X-Via-SSL
Ohc-Cache-HIT
ServerHost
X-Via-CDN
Origin-Trial
IsBot
X-Via-Edge
X-SIPLIST1
X-Via-PopV
PICS-Label
X-Via-PopN
X-Via-PopH
X-Ha-Backend
Cross-Origin-Opener-Policy-Report-Only
X-Correlation-ID
Edge-Copy-Time
X-App
X-Owner
X-Nf-Country
Rtss
X-HubSpot-Correlation-Id
X-Nf-Ats-Version
X-Nf-Language
XkeyRZ
MIME-Version
X-Lb-Id
X-Proxy-CacheRZ
Cneonction
X-Akamai-Device-Characteristics
User-Agent
X-Core-Mission
X-Vmg-Version
WZWS-RAY
X-MiniProfiler-Ids
X-MSEdge-Features
X-Qloud-Router
X-Service-Response-Time
Sm-Log-Id
X-MSEdge-Flight
X-Sqd-Stime
X-Acquia-Site
X-Sqd-Ctime
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Datacenter
X-Limited
Cmstype
X-Gamma-Serve
X-Info
X-Web-Server
Cmsid
X-Requestid
N-Cache
Warning
X-Fastly-Country-Code
X-Hit
X-LAGOON
Servername
X-Litespeed-Cache-Control
X-IN-APIGATEWAYSSL
Xc-Version
X-Amz-Meta-S3b-Last-Modified
X-Snapshot-Date
Ngx
X-Ramcache
X-Th-Server
X-Serial
X-Amz-Meta-Opti
X-RAMCache
X-Udemy-Cache-App-Namespace
X-Dw-Trace-Id
X-Amz-Meta-Sha256
X-Check-Cacheable
X-Akamai-Pragma-Client-IP
X-IN-APIGATEWAY