Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
Expect-CT
Accept-Ranges
CF-RAY
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
P3P
X-Xss-Protection
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Request-ID
CF-Ray
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-SaveTime
X-Swift-CacheTime
X-LiteSpeed-Cache
Grace
X-Server-Powered-By
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Litespeed-Cache
Cache-Tag
X-Clacks-Overhead
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-TtlSet
X-Vname
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Server-Name
X-FTR-Request-ID
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
X-Powered-By-Plesk
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Cache-TTL
X-Cnection
X-CST
X-ESI
X-Ac
X-D2id
X-Element-Page-Cache
X-GitHub-Request-Id
Edge-Control
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
Verso
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-ECACHE
X-MS-InvokeApp
AR-CACHE
X-Ser
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-Navigation-Version
X-Dw-Request-Base-Id
X-B3-TraceId
X-Webkit-Csp
Fastly-Restarts
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-Amz-Rid
X-Mod-Pagespeed
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-PDP-UNCACHING-HASH
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Kinsta-Cache
X-ARC
X-Goog-Hash
X-Edge-Location-Klb
X-Oneagent-Js-Injection
X-Middleton-Display
X-Powered-CMS
X-Sol
Display
Pagespeed
X-Mg-S
X-Ratelimit-Limit
S
X-NF-Request-ID
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
RTSS
X-Ratelimit-Remaining
X-Fastly-Request-ID
Realpath
X-Forwarded-For
X-Cache-Key
X-T
X-Content-Digest
Cross-Origin-Resource-Policy
X-TTL
X-Recruiting
X-TraceId
X-Correlation-Id
X-Cached
Fastcgi-Cache
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Varnish-TTL
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
X-Request-Received
X-Forwarded-Proto
X-Request-Processing-Time
X-Ua-Browser
X-HS-Content-Id
X-Protected-By
X-HS-Hub-Id
X-LLID
X-Frontend
X-HS-Cache-Config
Payment
MS-Author-Via
TP-Cache
Arr-Disable-Session-Affinity
Server-Node
Public-Key-Pins
Content-MD5
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Count-Hit
X-RateLimit-Remaining
X-Server-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Accel-Expires
X-HS-Combine-CSS
X-PressLabs-Stats
X-GUploader-UploadID
X-Distributor
X-LB-Cache
X-Origin-Server
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-NODE
X-FTR-Backend
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Ezoic-Cdn
X-FTR-Expires
X-Newrelic-App-Data
X-HP-Trace-Id
X-HP-Webp
X-Jurisdiction
X-Request-Handler-Origin-Region
X-Microsite
X-Www-Served-By
X-Activity-Id
Accept-Charset
X-Az
X-AppVersion
Host
X-Content-Security-Policy-Report-Only
Cleartype
Cache-Tags
X-Ua-Device
X-App-Server
X-B3-TraceId-Primal
X-Amz-Meta-S3cmd-Attrs
MRF-Tech
Mrf-Cache-Status
X-Varnish-Server
X-Cluster-Name
Retry-After
X-Varnish-Backend
X-ORACLE-DMS-ECID
Surrogate-Key
X-Ttl
X-Goog-Metageneration
Filterid
X-Unique-Id
Server-Name
X-Hits
X-Git-Hash
X-Debug
Access-Control-Allow-Method
X-Azure-Ref
X-Envoy-Decorator-Operation
X-Upgrade-Enabled
X-Logged-In
X-Load-Cache
X-Geo-Country
X-NGENIX-Cache
X-Id
X-CSRF-Token
X-Hostname
X-FB-Debug
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proxy
X-Tt-Trace-Tag
X-Tt-Trace-Host
Section-Io-Cache
X-B
X-Grace
X-TT
TP-L2-Cache
DC
Viewport
X-Seen-By
X-Revision
X-Cache-Control
X-Time
X-Request-Guid
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-B3-Sampled
X-Type
X-Trace-Id
X-Fb-Rlafr
X-F-Cache
X-Contextid
Healthy
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Mobile
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Fastly-SIE
Referer-Policy
Fastly-SWR
X-N
Paypal-Debug-Id
Content-Disposition
X-Varnish-Ttl
X-XRDS-LOCATION
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-DIS-Request-ID
X-Varnish-Grace
X-Page-Id
X-Webkit-CSP
X-Debug-Info
X-Ratelimit-Reset
X-Magnolia-Registration
X-Px
X-Via-JSL
X-Origin-Cache
X-Amz-Replication-Status
Version
X-Oracle-Dms-Ecid
X-Whom
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-G
X-ProcessESI
X-UUID
X-Wormhole-Sdk
Amp-Access-Control-Allow-Source-Origin
X-RemovedCookies
X-Content-Options
X-Rid
X-Adobe-Content
X-App-Environment
X-Tumblr-Pixel-0
X-Adobe-Loc
X-Debug-IsPreview
X-Node-Name
X-Debug-IsConnected
X-Tumblr-User
X-Tumblr-Pixel
X-Template
X-Rule
X-Tumblr-Pixel-1
X-Hl-Ver
X-Storage
X-Source
NGB
X-RTag
X-Yottaa-Optimizations
Ms-Operation-Id
MS-CV
SD-X-WS
X-Datadog-Sampled
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Yottaa-Metrics
X-Instance
X-Backend-Name
X-User-Agent
X-B-Cache
X-Is-Bot
X-Wix-Request-Id
X-Cacheable-TTL
X-Proxy-Cache-Info
X-NYM-Debug-Backend
X-Signature
X-Rendered-As
Cross-Origin-Window-Policy
X-Device-Type
Charset
X-Region
X-L-Path
Country
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
GEO-INFO
X-ServerID
X-Environment-Context
X-FW-Version
X-FW-Type
X-FW-Static
X-Status
ServerID
X-IPS-LoggedIn
Countrycode
X-Cache-Grace
X-Cache-Age
X-Real-IP
X-EdgeConnect-Cache-Status
SRV
Akamai-GRN
X-NWS-UUID-VERIFY
X-RM-Cache-TTL
Front
X-Cache-Hit
X-Ismobilevalue
Liferay-Portal
X-Amzn-Remapped-Content-Length
X-WP-CF-Super-Cache-Active
X-Framework
X-Aws-Lambda-Call-Status
X-Xrds-Location
X-Language
X-B3-SpanId
X-AB
X-Oracle-Dms-Rid
X-Nf-Request-Id
X-Air-Pt
X-Content-Powered-By
X-Sucuri-ID
X-WebKit-CSP-Report-Only
X-Akamai-Request-ID2
X-Sucuri-Cache
X-Servername
OT-Force-Account-Verify
X-Air-Trace-Id
X-UA
X-Air-Source
X-Air-Hostname
X-VC-Cache
Xet-Cookie
From-Origin
X-VC
Backend
X-URL
X-Mode
Accept-Language
X-SRV
Refresh
X-Tt-Logid
X-Api-Version
X-DataDome
X-Handled-By
Upgrade-Insecure-Requests
LB
X-Nginx-Cache
Access-Control-Request-Headers
X-Cache-Time
X-Cache-Status-Check
Webserver
X-HTML-Minification-Powered-By
Filters
Meta-Geo
X-Rn-Rsrv
X-UPSTREAM-Address
X-JoinUs
Cache
X-Rewrite-Enabled
X-RCS-CacheZone
X-SaId
X-Origin-Hint
X-Origin-Date
X-Hosted-By
X-Labrador-Cache-Channel
X-Git-Commit
X-Xfnlog-Site
X-Cache-Operation
X-Cache-Rule
X-RateLimit-Limit
X-R9-Blue-Green-Version
X-PHP-Host
X-S
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-Device-Class
TWC-Connection-Speed
Property-Id
ServedBy
X-Adobe-Source
Webcakes-Region
X-Webstats-RespID
X-Generated-By
Webcakes-App-Version
X-Tumblr-Pixel-2
X-Container-Uri
X-Varnish-Age
X-Cms-Context
X-Loop
X-Tcp-Rtt
X-Tb
Atl-Traceid
X-No-Session
X-Request-URI
X-ProxyCache-Status
X-Browser-Name
X-Geo-Region
X-ProxyCache-Key
X-Provided-By
X-Logging-Id
X-Endurance-Cache-Level
X-Is-Tablet
X-Accel-Version
X-Skip-Cache
X-Site-Version
X-Cluster
Web-Mar-Node
Url
Section-Io-Id
X-Akamai-Edgescape
X-Served-From
X-Lambda-Id
X-Is-Supported-Browser
X-Httpd
X-Is-Desktop
X-Is-Mobile
X-Locale
X-Tncms
X-Cache-Debug
X-Scope-Id
X-Fetched-On
X-Reqid
X-Redis-Cache
X-BYPASS-REASON
X-Web-Node
X-Forwarded-Host
X-Storefront-Renderer-Rendered
X-Ms-Version
X-Shopify-Stage
X-Varnish-Beresp-Grace
X-Ms-Request-Id
X-VCT
X-Cache-Host
X-Format
X-Varnish-Cache-Hits
X-IPLB-Instance
X-Director
X-Detected-As
Selected-Fe
X-Restarts
X-Soup
Mn-Server-Ip
X-IPLB-Request-ID
X-Optimistic-Header
X-Alternate-Cache-Key
X-Timing-Wait
X-Origin
X-SayCDN-TTL
X-Proxy-Build
X-Edge-Location
X-Say-Cacheable
X-Mg-Request-UUID
X-Say-TTL
Apigw-Requestid
X-Upstream-Ht
X-Upstream-Ct
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Frame-Option
X-AWS-Id
X-INCAP-ABP
X-RID
X-LJ-Flow-ID
X-Cloudmap
X-VWS-Id
X-Extlb
Xserver
X-Sorting-Hat-PodId
X-ShopId
Onion-Location
X-Sorting-Hat-ShopId
X-ShardId
Expiry
X-GeoCode
X-Connection-Hash
X-Azure-Ref-OriginShield
Frame-Options
X-GeoCountry
X-Lagoon
Cdn-Requestid
WPO-Cache-Message
X-Cache-Expired-At
WPO-Cache-Status
X-CDN-Forward
Source
X-CMSURLCustom
X-Shield-Cache-Expires
X-Vcache
Thinkindot-Control
X-Thinkindot-L3
X-WP-CF-Super-Cache-Cookies-Bypass
X-Fastly-Request-Id
TDXMobile
Thinkindot-CacheControl
Protected
Thinkindot-CacheControl-Type
X-Drupal-Cache-Contexts
X-Vcl-Version
X-Drupal-Cache-Tags
X-Fastcgi-Cache
Fastcgi-Useragent
X-ECache
X-Origin-CC
Environment
X-Origin-TTL
X-Cdn-Origin
X-Generation-Time
Priority
X-Cache-Action
X-PHP-Backend
X-Proxy-Cache-Status
X-Pass-Why
X-Worker
X-Vercel-Cache
X-App-Version
X-Vercel-Id
Uber-Trace-Id
X-Rocket-Nginx-Serving-Static
X-GEO
Cache-Hits
X-ID
Azure-Version
Azure-SiteName
Azure-RegionName
CF-IPCountry
Azure-SlotName
Azure-InstanceId
X-Aspnetmvc-Version
Node
X-Cluster-Node
Locale
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Buckets
X-XRDS-Location
Sid
CDN-RequestPullSuccess
CDN-PullZone
X-TA-CDN-Provider
Cross-Origin-Embedder-Policy
CDN-RequestPullCode
CDN-Uid
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
CDN-RequestCountryCode
X-FB-TRIP-ID
Cache-Tv-Group
X-Tumblr-Pixel-3
X-Auth-Group-Type
X-B3-Traceid
X-Cache-Server
X-Pad
X-Server-W
DB-Nickname
Alternate-Protocol
X-A
X-RateLimit-Reset
X-DC
X-Client-Ip
X-Tx-Id
Wxu-Next-Region
A
X-GeoIP-City
Wxu-Next-Commit
X-Ig-Origin-Region
X-Gzip
Wxu-Next-Hostname
X-A-Dcw
X-Service
X-Op-Id-All
X-Org
X-Generated-On
X-ND-Cache
X-Level-Front-Cache
X-A-Ccd
X-Ig-Push-State
X-Dispatcher-Server
X-Custom-Header
X-Core-Value
X-Content-Age
Origin-Agent-Cluster
X-D
Ngx.Var.Host
Odigeo-Trace-Id
X-Conf
Rendered-Blocks
T-Server
X-Cache-Id
Surrogated-Key
Sslversion
X-Cache-TTL-Remaining
X-Cache-NE
Meta-Geo-Continent
MD5-Digest
X-Esi-Check
X-Epic-Correlation-Id
Gannett-Cam-Experience-Id
DCR-Processing-Time-Ms
DCR-Decision-By
Content-Secure-Policy
X-Fastly-Backend
X-Ec-GeoHdr
X-Ec-Fail
Magicmarker
X-DefElseHash
X-DefHash
Lang
X-Origin-Expires
X-Developer
Candidate-Md5Url
X-A-Dam
X-ScT
X-Vdms-Version
X-Aed
X-Viewer-Country
X-Rojux
X-Vtex-Remote-Cache
X-Bl-Debug
X-Bc-Bl
X-Varnish-Remaining-TTL
X-V-Cache
X-TIM-N
X-BCube-Filmed-By
X-Varnish-CookieHashed-On
X-SRCache-Key
X-Varnish-CookieINHashed-On
X-Req
X-Via-Fastly
X-A-Wwc
X-A-Dgt
AMP-Access-Control-Allow-Source-Origin
HostName
Mime-Version
X-LiteSpeed-Cache-Control
User-Cache-Control
Is-Eu
X-Cache-Bucket
X-Wikidot-Static-Cache
X-Varnish-Director
X-Cache-Info
X-VarnishDD-TTL
X-Varnish-Hostname
Host-ID
Ssr
XM
X-UA-Device-Type
Edge-Cache
X-B3-Trace-ID
X-Thanos
Esi-Enabled
Fastly-Backend-Name
X-DPWN-IS-SECURE
X-AK-Request-ID
Fastly-SSL
X-Edge-Server
X-Amz-Storage-Class
X-Debug-Cache-Fetch
Powered-By
X-VTEX-Cache-Time
Platform
X-VTEX-Cache-Server
PFcat
Producers
Tube-Got-Results
Req-ID
Tube-Got-Eval
X-Clientip
RNT-Machine
RNT-Time
Tube-Return
X-CacheTTL
X-VG-TLSProxy
Vix-Hermes-Req-Id
NM-Fastcgi-Cache
X-Wikidot-Backend
Tube-Get-Contents
X-VG-WebCache
Origin
V-Age
Server-Host
X-Block-Status
X-Backend-Instance
X-Debug-Cache-Store
X-Fastly-Cache
X-Micro-Cache
X-Men
X-Bip
X-Mly-Id
X-Cache-FS-Status
X-Mvc-Supplant-Cachable
X-LSADC-Cache
X-Request-Time
X-SD-PageType
X-HS-Content-Campaign-Id
X-Scheme
X-SB
X-Loc
X-Jobs
X-Region-Sid
X-RateLimit-Remaining-Second
X-Policy
X-Nyt-Route
X-Platform
X-Origin-Response-Time
X-PAYTM-SRV-ID
X-Origin-Time
X-NodeID
X-Powered-By-VTEX-Cache
X-Pubstack
X-RateLimit-Limit-Second
X-Proto
X-NMSegId
X-Node-Id
X-Aicache-OS
X-Acquia-Purge-Cdn-Unconfigured
Content-Style-Type
Cdn-Request-Time
Cdn-Host
X-Forwarded-Site
X-Hnp-Log
Country-Code
Cdncip
Cdnsip
X-FC-Vary-Parameters
X-Tb-Optimization-Total-Bytes-Saved
Click-Count-Error
Click-Count-Action-Start
X-Fmm-Version
X-SVT-ORM-VERSION
X-Gdpr
X-GoCache-CacheStatus
Adler-Geo
X-Ad-Load-Variation
X-Server-IP
X-HN
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Gen-Mode
Cache-Provider
X-SVT-ORM-RULES
X-GeoIP
X-Sn-Servicetimems
Content-Script-Type
X-HITS
X-Varnish-Beresp-Ttl
X-BBC-Edge-Cache-Status
X-Cache-Aspx
X-Human
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Section
X-Request-Start
X-Proxied-Request
X-Request-Host
X-Test
X-Var-Ttl
X-We-Are-Hiring
Yak-Timeinfo
X-WA-Info
X-Varnishpool
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Pool
X-Nginx-Cache-Key
X-Date
X-Depends
X-CUA
X-Csrf-Jwt
X-Cs
X-Contensis-Viewer-Groups
X-Ec-Custom-Error
X-Eu-Site
X-Location
X-Mvc-Supplant-OutputCached
X-Auto-Login
X-Hash
X-Geo-Header
X-Cdn-Srv
X-CGP
Gh-Request-Id
Ha-Gx-Prefs
Fastly-GeoIP-CountryCode
DSUID
Canary
Cluster
HA-Ipaddr
L
On-Server
Origin-CC
Mail-Subject
Machine
L5d-Success-Class
Cache-Key
C-Via
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Dc
Fusion-Template-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AKAMAI
Origin-EX
CDCHOST
True-Client-Country-4JS
Sever-Int
X-App-Name
Server-Ext
X-Access
W
X-Accel-Expires-Debug
Web-Mar-Region
We-Hiring
Req-Svc-Chain
Server-Hostname
Pramga
Release
Proxy-Firewall
X-AIR-PT
X-NGINX-Cache
Server-Info
X-Device-Os
NGX
Debug
X-Varnish-Hits
X-Origin-Cache-Key
BehaviorPad-Version
X-From
X-Zone
X-LB-ID
Redirect-Candidate
X-NCache
X-Up
X-Tec-Api-Root
SID
X-Tec-Api-Version
X-Tec-Api-Origin
X-Akamai-Transformed
X-HA-Backend
X-Refresh
X-MP-GENERATED-AT
Fastly-Drupal-HTML
X-APP
X-Jungle-Id
X-Via-Poph
Pics-Label
X-Via-Popv
X-Via-Popn
X-Cache-Backend
CloudFront-Viewer-Country
X-Vdms-Path
CDN-RequestId
X-VHOST
X-CACHE-AGE
X-Parent-Response-Time
WP-Super-Cache
X-Servedbyhost
X-Datadome
GeoIP-Latitude
X-Content-Length
X-B3-Parentspanid
X-Litespeed-Tag
X-Nc
X-Uri
X-LB-NoCache
X-Newrelic-Synthetics
X-VC-TTL
X-Render-Time
X-M-Log
X-Nananana
X-LiteSpeed-Tag
Fastly-Drupal-Html
X-CACHE-KEY
Datacenter
X-PERF
X-ApacheServer
X-M-Reqid
X-DynaTrace-JS-Agent
Vc-Max-Age
X-CDN-Cache-Status
Server-ID
Resin-Trace
X-Dispatcher-Number
X-Cached-By
X-Wa
X-ZONE
Product
NtCoent-Length
Cdn
X-RequestId
X-B3-Spanid
X-VCache
X-Amz-Meta-Cb-Modifiedtime
GeoIp-Country-Code
Locid
X-CS
FSS-Cache
X-Ckpd-Fst-Backend
X-Fpc
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-NewRelic-App-Data
X-Response-Served-From
X-Esi
True-Client-Ip
Serverhost
X-Original-Request-Id
X-Bug-Bounty
X-TX-ID
S-Rt
X-HostName
X-SERVER-NAME
X-Nf-Language
X-Nf-Country
X-Old-Content-Length
ServerName
X-HubSpot-Correlation-Id
X-Nf-Ats-Version
Uri
True-Client-IP
X-TT-LOGID
Tcn
GeoIP-Country-Code
Ngx-Var-Key
X-Oracle-DMS-ECID
CDN
X-Presslabs-Stats
X-Cdn-Cache-Status
X-Srv
Cf-Ipcountry
Srv
X-TIME
X-Dynatrace-Js-Agent
X-Vgn-Hpd-Reason
X-Cdn-Forward
X-FPC
Request-ID
X-Moov-Xdn-Version
X-Akamai-Device-Characteristics
X-Vc
X-Vmg-Version
X-WA
CacheControlHeader
X-Moov-T
User-Agent
X-TH-Server
X-Platform-Cluster
X-Platform-Router
X-Platform-Processor
X-Gamma-Serve
X-Dispatch
ServerHost
X-Info
Server-Id
X-APP-VERSION
Hostname
X-COUNTRY
Xc-Version
Geoip-Latitude
Srvid
X-FL-QIT-DEBUG
Cf-Device-Type
X-Webkit-Csp-Report-Only
X-NC
X-Hit
X-VCL-Version
X-Lb-Nocache
X-S-Cookie
Expect-Staple
X-Geo
X-B-Cookie
X-User
X-Destination
X-Application
X-External-Request-Id
Cross-Origin-Embedder-Policy-Report-Only
X-Zen-Fury
X-ServedByHost
Origin-Trial
Cloudfront-Viewer-Country
Cneonction
X-Amz-Meta-Opti
X-API-Version
X-Limited
X-Instance-Name
Ohc-File-Size
X-Sigma
X-Sigma-Backend
PICS-Label
X-Ha-Backend
X-App
X-Cache-Date
X-Via-PopN
X-Via-PopH
X-Via-PopV
Epwk-X-Cache
X-Rocket-Build-Number
X-V
X-Correlation-ID
X-Rollout
X-Segment-20210421
X-Platform-Server
X-Eligible
X-Akamai-Pragma-Client-IP
X-New
X-Ua
N-Cache
WZWS-RAY
Permission-Policy
X-VServer
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
XkeyRZ
X-Sqd-Stime
X-Proxy-CacheRZ
X-Lb-Id
X-Sqd-Ctime
X-Check-Cacheable
X-Branch-Name
X-MiniProfiler-Ids
X-Serial
X-Wp-Cf-Super-Cache
X-Wp-Cf-Super-Cache-Cache-Control
Lb
X-MSEdge-Flight
X-Internal-TTL
Cmstype
X-Ftr-Request-Id
Timeexpire
Cmsid
X-ElasticPress-Query
X-Fastly-Backend-Reqs
X-Datacenter
X-MSEdge-Features
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Sm-Log-Id
X-Service-Response-Time
Ngx
X-Acquia-Site
Servername
CountryCode
X-LAGOON
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-VTEX-Cache-Backend-Connect-Time
X-Requestid
Fl-Custom-Application
X-Via-CDN
X-Via-Edge
X-Via-SSL
X-Traceid
X-EC-Lua
X-Udemy-Cache-App-Namespace
Edge-Copy-Time
X-VTEX-Cache-Backend-Header-Time
Wpo-Cache-Message
X-RAMCache
X-Origin-Upstream-Status
X-Shardid
Warning
X-Th-Server
X-DataCenter
X-Snapshot-Date
X-Ramcache
X-Shopid
X-Sorting-Hat-Podid
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Wpo-Cache-Status
X-Amz-Meta-S3b-Last-Modified
Ohc-Cache-HIT
X-Sorting-Hat-Shopid
X-Amz-Meta-Sha256
X-Web-Server
X-Dw-Trace-Id