Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-DNS-Prefetch-Control
Accept-CH
X-Runtime
Accept-CH-Lifetime
X-AspNet-Version
X-Check
X-Drupal-Cache
X-Ua-Compatible
X-Generator
X-Cache-Status
Server-Timing
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Envoy-Upstream-Service-Time
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Feature-Policy
Access-Control-Expose-Headers
Content-Encoding
X-CDN
Upgrade
Status
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
Cf-Edge-Cache
X-Amz-Id-2
X-Via
Host-Header
Permissions-Policy
EagleId
Keep-Alive
Request-Context
X-Cache-Group
X-Backend
X-Robots-Tag
X-UA-Device
X-AH-Environment
X-Hacker
X-Server
X-Proxy-Cache
X-Turbo-Charged-By
X-Rq
X-Age
X-Ws-Request-Id
Xkey
X-Vhost
Cf-Apo-Via
X-Amz-Version-Id
X-Dispatcher
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Grace
X-Server-Powered-By
Allow
Ali-Swift-Global-Savetime
X-Varnish-Cache
P3p
X-OneAgent-JS-Injection
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Cache-Lookup
X-WebKit-CSP
EagleEye-TraceId
X-Host
Cf-Railgun
X-Backend-Server
X-Server-Id
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Dns-Prefetch-Control
X-Response-Time
X-Readtime
X-Ruxit-JS-Agent
Surrogate-Control
X-Akam-SW-Version
X-HW
X-Cloud-Trace-Context
Request-Id
X-Node
Content-Location
X-Country
X-Nginx-Cache-Status
X-Application-Context
X-Nginx-Upstream-Cache-Status
Accept-Ch-Lifetime
X-ASPNET-VERSION
X-NWS-LOG-UUID
X-Country-Code
Service-Worker-Allowed
X-Content-Type
X-Trace
X-Url
X-Litespeed-Cache
X-Clacks-Overhead
Cache-Tag
Rating
X-Amz-Server-Side-Encryption
X-Rack-Cache
X-Times
X-PC
X-Vname
X-TtlSet
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-FTR-Request-ID
X-Server-Name
X-Daa-Tunnel
Nginx-Cache
Accept-Ch
X-Powered-By-Plesk
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Cnection
X-Cache-TTL
X-CST
X-ESI
X-Ac
X-Element-Page-Cache
X-GitHub-Request-Id
X-D2id
Edge-Control
Verso
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-ECACHE
X-MS-InvokeApp
X-Ser
AR-CACHE
X-Vcap-Request-Id
X-Abt-Application-Version
X-Upstream
X-Navigation-Version
X-Dw-Request-Base-Id
X-B3-TraceId
X-Webkit-Csp
Fastly-Restarts
X-FastCGI-Cache
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
X-Amz-Rid
X-PDP-UNCACHING-HASH
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-SharePointHealthScore
SPRequestGuid
X-Client-IP
X-Goog-Hash
X-Kinsta-Cache
X-ARC
X-Edge-Location-Klb
X-Oneagent-Js-Injection
Display
X-Powered-CMS
X-Middleton-Display
X-Sol
Pagespeed
X-Mg-S
X-Ratelimit-Limit
S
X-NF-Request-ID
Edge-Cache-Tag
X-Amzn-Trace-Id
Cache-Status
X-Version
Access-Control-Request-Method
Response
X-Middleton-Response
X-VARITI-CCR
X-Ratelimit-Remaining
RTSS
X-Fastly-Request-ID
Realpath
X-Forwarded-For
X-Cache-Key
X-Content-Digest
X-T
Cross-Origin-Resource-Policy
X-TTL
X-Recruiting
X-TraceId
X-Correlation-Id
Fastcgi-Cache
X-Cached
X-ORACLE-DMS-RID
X-MSEdge-Ref
X-Varnish-TTL
X-Shield-Request-Id
Front-End-Https
MicrosoftSharePointTeamServices
X-Ua-Browser
X-Ruxit-Js-Agent
X-Request-Processing-Time
X-Forwarded-Proto
X-Request-Received
X-Protected-By
Payment
TP-Cache
X-Frontend
X-LLID
Server-Node
Arr-Disable-Session-Affinity
MS-Author-Via
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
Public-Key-Pins
Content-MD5
Count-Hit
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-RateLimit-Remaining
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Server-ID
X-TEC-API-VERSION
X-GUploader-UploadID
X-Accel-Expires
X-PressLabs-Stats
X-HS-Combine-CSS
X-Distributor
X-LB-Cache
X-Country-Code-Real
X-NODE
X-Origin-Server
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-FTR-Expires
X-Ezoic-Cdn
X-Newrelic-App-Data
X-HP-Trace-Id
X-Jurisdiction
X-HP-Webp
X-Microsite
X-Request-Handler-Origin-Region
X-Www-Served-By
X-Varnish-Server
X-App-Server
Host
X-Content-Security-Policy-Report-Only
Accept-Charset
X-Cluster-Name
X-Ua-Device
X-Amz-Meta-S3cmd-Attrs
MRF-Tech
X-B3-TraceId-Primal
X-Activity-Id
X-Az
Cache-Tags
Mrf-Cache-Status
X-AppVersion
Retry-After
X-Varnish-Backend
Cleartype
Surrogate-Key
X-ORACLE-DMS-ECID
X-Goog-Metageneration
X-Ttl
Filterid
X-Unique-Id
Server-Name
X-Hits
X-Git-Hash
X-Debug
Access-Control-Allow-Method
X-Logged-In
X-Load-Cache
X-Upgrade-Enabled
X-Envoy-Decorator-Operation
X-Azure-Ref
X-NGENIX-Cache
X-Geo-Country
X-CSRF-Token
X-Id
X-Hostname
X-FB-Debug
TCN
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proxy
X-Tt-Trace-Host
X-Tt-Trace-Tag
TP-L2-Cache
X-TT
X-Grace
Section-Io-Cache
X-B
X-Cache-Control
X-Time
X-Revision
X-Request-Guid
DC
X-Hcs-Proxy-Type
X-B3-Sampled
X-Contextid
Healthy
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Fb-Rlafr
X-Seen-By
X-Trace-Id
X-F-Cache
X-Type
Viewport
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Goog-Generation
X-Mobile
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Fastly-SIE
Fastly-SWR
Referer-Policy
X-N
Paypal-Debug-Id
Content-Disposition
X-Varnish-Ttl
X-WP-CF-Super-Cache
X-XRDS-LOCATION
X-WP-CF-Super-Cache-Cache-Control
X-DIS-Request-ID
X-Varnish-Grace
X-Page-Id
X-Webkit-CSP
X-Debug-Info
X-Ratelimit-Reset
X-Magnolia-Registration
X-Px
X-Via-JSL
X-Origin-Cache
X-Amz-Replication-Status
Version
X-Oracle-Dms-Ecid
X-Whom
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Datadog-Trace-Id
Amp-Access-Control-Allow-Source-Origin
X-Content-Options
X-ProcessESI
X-RemovedCookies
X-Rid
X-G
X-Wormhole-Sdk
X-UUID
X-Adobe-Content
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel
X-Adobe-Loc
X-Debug-IsConnected
X-Template
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Debug-IsPreview
X-Node-Name
X-Datadog-Sampled
X-Yottaa-Metrics
NGB
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
SD-X-WS
X-Hl-Ver
X-RTag
X-Storage
MS-CV
Ms-Operation-Id
X-Source
X-Yottaa-Optimizations
X-Backend-Name
X-Rendered-As
X-Signature
Cross-Origin-Window-Policy
X-B-Cache
X-Rule
X-Region
X-Proxy-Cache-Info
X-Is-Bot
X-Instance
X-Wix-Request-Id
Charset
X-Device-Type
X-NYM-Debug-Backend
X-Cacheable-TTL
X-User-Agent
Country
GEO-INFO
X-FW-Type
X-FW-Version
X-FW-Server
X-L-Path
X-ServerID
X-Status
X-FW-Serve
X-FW-Static
X-FW-Dynamic
X-Environment-Context
X-FW-Hash
Countrycode
X-Cache-Age
ServerID
X-Cache-Grace
X-IPS-LoggedIn
X-EdgeConnect-Cache-Status
SRV
X-Real-IP
X-NWS-UUID-VERIFY
Akamai-GRN
X-RM-Cache-TTL
Front
X-Cache-Hit
X-Ismobilevalue
X-Amzn-Remapped-Content-Length
Liferay-Portal
X-WP-CF-Super-Cache-Active
X-Framework
X-Aws-Lambda-Call-Status
X-Xrds-Location
X-Language
X-AB
X-B3-SpanId
X-Nf-Request-Id
X-Oracle-Dms-Rid
X-Air-Pt
X-Sucuri-ID
X-Sucuri-Cache
X-Akamai-Request-ID2
X-Content-Powered-By
X-Servername
OT-Force-Account-Verify
X-Air-Source
X-Air-Trace-Id
X-UA
X-Air-Hostname
Xet-Cookie
From-Origin
X-VC-Cache
X-VC
X-WebKit-CSP-Report-Only
Backend
X-URL
X-Mode
Accept-Language
Refresh
X-SRV
X-DataDome
X-Tt-Logid
X-Api-Version
Upgrade-Insecure-Requests
X-Handled-By
LB
X-Cache-Status-Check
X-Cache-Time
X-Nginx-Cache
Access-Control-Request-Headers
Webserver
X-HTML-Minification-Powered-By
X-Rewrite-Enabled
X-UPSTREAM-Address
Filters
X-RCS-CacheZone
X-SaId
Cache
X-Rn-Rsrv
Meta-Geo
X-JoinUs
X-Provided-By
Webcakes-App-Version
X-Xfnlog-Site
Webcakes-Region
X-Tumblr-Pixel-2
X-Adobe-Source
X-Varnish-Age
X-Hosted-By
X-Webstats-RespID
TWC-GeoIP-LatLong
TWC-Connection-Speed
ServedBy
TWC-Device-Class
TWC-GeoIP-Country
X-Generated-By
X-Labrador-Cache-Channel
Webcakes-App-Name
X-S
Property-Id
X-Cache-Operation
X-Cache-Rule
X-Origin-Date
X-R9-Blue-Green-Version
TWC-Locale-Group
TWC-Privacy
X-PHP-Host
X-Cms-Context
X-RateLimit-Limit
X-Origin-Hint
X-Locale
X-Lambda-Id
Atl-Traceid
X-Loop
X-Is-Tablet
X-ProxyCache-Status
X-No-Session
X-ProxyCache-Key
X-Logging-Id
X-Browser-Name
X-Redis-Cache
X-Git-Commit
X-Web-Node
X-Accel-Version
X-Tncms
X-Tcp-Rtt
Web-Mar-Node
X-BYPASS-REASON
X-Cache-Debug
X-Fetched-On
X-Forwarded-Host
X-Geo-Region
X-Container-Uri
X-Cluster
X-Request-URI
X-Tb
X-Akamai-Edgescape
X-Is-Mobile
X-Served-From
X-Scope-Id
Url
X-Is-Desktop
X-Httpd
X-Site-Version
X-Skip-Cache
X-Endurance-Cache-Level
Section-Io-Id
X-Is-Supported-Browser
X-Detected-As
X-Director
X-Format
X-Frame-Option
Apigw-Requestid
X-Optimistic-Header
X-Ms-Version
X-Ms-Request-Id
Selected-Fe
X-Alternate-Cache-Key
X-Origin
X-IPLB-Instance
X-Cache-Host
Mn-Server-Ip
X-IPLB-Request-ID
X-Upstream-Ht
X-SayCDN-TTL
X-Mg-Request-UUID
X-Say-TTL
X-Say-Cacheable
X-Restarts
X-Soup
X-Storefront-Renderer-Rendered
X-Varnish-Cache-Hits
X-VCT
X-Varnish-Beresp-Grace
X-Upstream-Ct
X-Timing-Wait
X-Reqid
X-Shopify-Stage
X-Edge-Location
X-Proxy-Build
X-INCAP-ABP
X-RID
X-AWS-Id
X-Zipkin-Id
X-Extlb
Xserver
X-Cloudmap
X-VWS-Id
X-Proxied
X-Routing-Service
X-LJ-Flow-ID
X-Sorting-Hat-PodId
X-ShardId
Onion-Location
X-ShopId
X-Sorting-Hat-ShopId
X-GeoCountry
X-GeoCode
X-Azure-Ref-OriginShield
X-Connection-Hash
Expiry
Frame-Options
X-Vcl-Version
X-Lagoon
Cdn-Requestid
WPO-Cache-Status
X-CDN-Forward
Source
X-Cache-Expired-At
WPO-Cache-Message
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Fastly-Request-Id
TDXMobile
X-CMSURLCustom
Thinkindot-Control
X-Shield-Cache-Expires
X-Generation-Time
X-Thinkindot-L3
Protected
X-WP-CF-Super-Cache-Cookies-Bypass
X-Vcache
X-Fastcgi-Cache
X-Drupal-Cache-Tags
X-Drupal-Cache-Contexts
X-ECache
Fastcgi-Useragent
X-Cdn-Origin
Environment
X-Origin-TTL
X-Origin-CC
X-Pass-Why
Priority
X-PHP-Backend
X-Proxy-Cache-Status
X-Cache-Action
Uber-Trace-Id
X-Vercel-Cache
X-App-Version
X-Vercel-Id
X-Worker
X-GEO
Cache-Hits
X-ID
X-Rocket-Nginx-Serving-Static
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-Version
Azure-SiteName
CF-IPCountry
Locale
X-Urbn-Context-Path
X-Cluster-Node
X-Urbn-Site-Id
Node
X-Aspnetmvc-Version
X-Buckets
Sid
X-XRDS-Location
CDN-RequestPullCode
CDN-RequestCountryCode
CDN-PullZone
X-TA-CDN-Provider
Cross-Origin-Embedder-Policy
CDN-Cache
CDN-EdgeStorageId
CDN-RequestPullSuccess
CDN-Uid
CDN-CachedAt
Cache-Tv-Group
X-FB-TRIP-ID
X-Auth-Group-Type
X-Tumblr-Pixel-3
X-B3-Traceid
X-Cache-Server
X-Server-W
DB-Nickname
X-Pad
Alternate-Protocol
X-Client-Ip
X-Tx-Id
X-DC
X-RateLimit-Reset
X-A
X-Dispatcher-Server
X-Service
X-DefHash
X-D
X-DefElseHash
A
X-Ec-Fail
X-Developer
X-Edge-Server
X-Fastly-Backend
X-Generated-On
X-Ig-Origin-Region
X-GeoIP-City
X-Custom-Header
X-Epic-Correlation-Id
X-Esi-Check
X-Ec-GeoHdr
X-Bc-Bl
Wxu-Next-Commit
Lang
Magicmarker
Wxu-Next-Hostname
Wxu-Next-Region
X-A-Dcw
X-A-Dam
X-A-Ccd
MD5-Digest
Meta-Geo-Continent
Origin-Agent-Cluster
Sslversion
Rendered-Blocks
Surrogated-Key
T-Server
Ngx.Var.Host
Odigeo-Trace-Id
X-A-Dgt
X-A-Wwc
Cdn-Host
Cdn-Request-Time
X-Cache-NE
X-Cache-TTL-Remaining
Candidate-Md5Url
X-Content-Age
X-Conf
X-Cache-Id
X-Bl-Debug
DCR-Processing-Time-Ms
X-Aed
Gannett-Cam-Experience-Id
DCR-Decision-By
X-Ig-Push-State
Content-Secure-Policy
X-BCube-Filmed-By
X-Core-Value
X-Gzip
X-Rojux
X-SRCache-Key
X-TIM-N
X-Req
X-Origin-Expires
X-Op-Id-All
X-Org
X-V-Cache
X-Varnish-CookieHashed-On
X-Viewer-Country
X-Vtex-Remote-Cache
X-Via-Fastly
X-Vdms-Version
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-ND-Cache
X-ScT
X-Level-Front-Cache
X-LiteSpeed-Cache-Control
HostName
Mime-Version
AMP-Access-Control-Allow-Source-Origin
User-Cache-Control
X-Acquia-Purge-Cdn-Unconfigured
X-UA-Device-Type
X-Ad-Load-Variation
X-LSADC-Cache
X-Varnish-Hostname
X-Varnish-Director
Producers
X-GeoIP-Region-Code
X-GoCache-CacheStatus
X-AK-Request-ID
X-B3-Trace-ID
X-Backend-Instance
X-Tb-Optimization-Total-Bytes-Saved
X-SVT-ORM-VERSION
X-Test
X-Thanos
X-HN
X-Amz-Storage-Class
X-App-Name
X-Aicache-OS
Vix-Hermes-Req-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
Ssr
X-VTEX-Cache-Time
Server-Host
RNT-Time
XM
Req-ID
RNT-Machine
Tube-Get-Contents
X-VTEX-Cache-Server
X-VG-WebCache
V-Age
X-VG-TLSProxy
X-SVT-ORM-RULES
Tube-Return
X-Hnp-Log
Tube-Got-Eval
Tube-Got-Results
X-Loc
X-VarnishDD-TTL
X-Men
X-Origin-Time
X-Origin-Response-Time
X-Mly-Id
X-Mvc-Supplant-Cachable
X-PAYTM-SRV-ID
X-Platform
X-Proto
X-DPWN-IS-SECURE
X-Powered-By-VTEX-Cache
X-Policy
X-Fastly-Cache
X-FC-Vary-Parameters
X-NodeID
X-Geo-Header
X-Node-Id
X-GeoIP
X-Nyt-Route
X-Gen-Mode
X-Fmm-Version
X-Forwarded-Site
X-Gdpr
X-Pubstack
X-RateLimit-Limit-Second
X-Sn-Servicetimems
X-Server-IP
X-SD-PageType
X-Jobs
X-Cache-Info
X-Cache-FS-Status
X-NMSegId
X-Block-Status
X-Cache-Bucket
X-Scheme
X-Cdn-Srv
X-Region-Sid
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-RateLimit-Remaining-Second
X-GeoIP-Country-Code
X-Request-Time
X-Clientip
X-SB
X-Micro-Cache
X-Bip
X-CacheTTL
Cdnsip
Click-Count-Action-Start
Cdncip
Host-ID
NM-Fastcgi-Cache
Is-Eu
Click-Count-Error
Fastly-SSL
Content-Style-Type
Country-Code
Content-Script-Type
Edge-Cache
Fastly-Backend-Name
Esi-Enabled
Origin
Cache-Provider
PFcat
Platform
Powered-By
AKAMAI
Adler-Geo
X-HITS
X-Varnish-Beresp-Ttl
Fusion-Deployment-Id
Apple-News-Services-Parsed-Url
X-Cache-Aspx
X-Depends
X-Location
Fusion-Content-Source
Cluster
Fusion-Source
X-Mvc-Supplant-OutputCached
X-Nginx-Cache-Key
X-BBC-Edge-Cache-Status
Fusion-Component-Id
Fusion-Template-Id
X-Eu-Site
X-Human
X-CUA
X-CGP
Canary
Cache-Key
X-Contensis-Viewer-Groups
X-Date
C-Via
X-Cs
X-Hash
Fusion-Content-Id
X-HS-Content-Campaign-Id
Apple-News-Services-Host
X-Csrf-Jwt
CDCHOST
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Request-Host
X-Varnish-Authentication
On-Server
Origin-CC
Sever-Int
True-Client-Country-4JS
X-Var-Ttl
Mail-Subject
X-Slack-Shared-Secret-Outcome
X-Dc
X-Varnish-Beresp-Status
Server-Hostname
X-We-Are-Hiring
Release
Yak-Timeinfo
Proxy-Firewall
Req-Svc-Chain
X-WA-Info
Origin-EX
Server-Ext
X-Varnishpool
Machine
L5d-Success-Class
X-Request-Start
Fastly-GeoIP-CountryCode
X-Access
X-Ec-Custom-Error
Pramga
X-Auto-Login
X-Proxied-Request
DSUID
X-Accel-Expires-Debug
X-Section
L
Web-Mar-Region
We-Hiring
W
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
X-Pool
X-Slack-Backend
X-NGINX-Cache
X-AIR-PT
NGX
X-Device-Os
Server-Info
X-Origin-Cache-Key
X-Varnish-Hits
BehaviorPad-Version
Debug
X-From
X-Zone
X-NCache
X-Up
X-LB-ID
Redirect-Candidate
X-Tec-Api-Version
X-Tec-Api-Root
X-Akamai-Transformed
X-Tec-Api-Origin
SID
X-Via-Popn
X-HA-Backend
X-Via-Poph
X-Via-Popv
Pics-Label
X-MP-GENERATED-AT
X-APP
X-Refresh
Fastly-Drupal-HTML
X-Jungle-Id
CDN-RequestId
X-Vdms-Path
CloudFront-Viewer-Country
X-Cache-Backend
X-VHOST
X-CACHE-AGE
X-Parent-Response-Time
WP-Super-Cache
X-Datadome
X-B3-Parentspanid
X-Servedbyhost
X-Content-Length
GeoIP-Latitude
X-Litespeed-Tag
X-Nc
X-Uri
X-LB-NoCache
X-Newrelic-Synthetics
X-VC-TTL
Datacenter
X-PERF
X-Nananana
X-Render-Time
X-ApacheServer
X-CACHE-KEY
X-LiteSpeed-Tag
Fastly-Drupal-Html
X-M-Log
X-M-Reqid
X-DynaTrace-JS-Agent
Vc-Max-Age
X-CDN-Cache-Status
Server-ID
X-Dispatcher-Number
X-Cached-By
X-Wa
Resin-Trace
X-ZONE
X-RequestId
Product
Cdn
NtCoent-Length
X-B3-Spanid
X-CS
X-VCache
GeoIp-Country-Code
X-Amz-Meta-Cb-Modifiedtime
Locid
X-Fpc
X-Ckpd-Fst-Backend
FSS-Cache
X-Varnish-Beresp-TTL
X-IAuth-Set-Uid
X-NewRelic-App-Data
True-Client-Ip
X-Response-Served-From
X-Bug-Bounty
Serverhost
X-Original-Request-Id
X-Esi
X-TX-ID
X-HostName
S-Rt
X-SERVER-NAME
X-Nf-Country
X-Nf-Ats-Version
X-Nf-Language
ServerName
X-Old-Content-Length
True-Client-IP
X-HubSpot-Correlation-Id
Uri
X-TT-LOGID
GeoIP-Country-Code
Tcn
Ngx-Var-Key
X-Srv
Cf-Ipcountry
X-Oracle-DMS-ECID
Srv
X-TIME
CDN
X-Cdn-Cache-Status
X-Dynatrace-Js-Agent
X-Presslabs-Stats
X-Cdn-Forward
X-Vgn-Hpd-Reason
X-FPC
Request-ID
X-Webkit-Csp-Report-Only
X-Vmg-Version
X-Moov-Xdn-Version
X-Vc
X-WA
X-Akamai-Device-Characteristics
X-TH-Server
CacheControlHeader
User-Agent
X-Moov-T
X-Platform-Cluster
X-Platform-Processor
X-Platform-Router
X-Info
X-Gamma-Serve
Server-Id
ServerHost
X-Dispatch
X-COUNTRY
Hostname
X-APP-VERSION
Xc-Version
Cf-Device-Type
Srvid
X-NC
X-FL-QIT-DEBUG
Geoip-Latitude
X-Hit
Cross-Origin-Embedder-Policy-Report-Only
X-Geo
X-B-Cookie
X-Destination
X-Application
X-External-Request-Id
Expect-Staple
X-Lb-Nocache
X-User
X-S-Cookie
Origin-Trial
X-Amz-Meta-Opti
Cneonction
X-Zen-Fury
X-ServedByHost
Cloudfront-Viewer-Country
X-API-Version
X-VCL-Version
X-Instance-Name
X-Cache-Date
X-Limited
X-Via-PopN
PICS-Label
Epwk-X-Cache
X-Sigma
X-Sigma-Backend
Ohc-File-Size
X-Rocket-Build-Number
X-Ha-Backend
X-Via-PopH
X-Via-PopV
X-V
X-App
N-Cache
WZWS-RAY
Permission-Policy
X-Eligible
X-Platform-Server
X-VServer
X-Segment-20210421
X-Akamai-Pragma-Client-IP
X-Rollout
X-Ua
X-Correlation-ID
X-New
X-Srcache-Store-Status
Rtss
X-Srcache-Fetch-Status
X-Branch-Name
X-Sqd-Stime
X-Lb-Id
X-Sqd-Ctime
X-MiniProfiler-Ids
X-Check-Cacheable
XkeyRZ
X-Serial
X-Proxy-CacheRZ
X-Wp-Cf-Super-Cache-Cache-Control
X-Wp-Cf-Super-Cache
Lb
X-ElasticPress-Query
X-Fastly-Backend-Reqs
X-Internal-TTL
Timeexpire
Cmstype
Cmsid
X-Ftr-Request-Id
X-Service-Response-Time
Sm-Log-Id
X-Acquia-Application-Trace
Ngx
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Site
X-MSEdge-Features
X-Datacenter
X-MSEdge-Flight
CountryCode
Servername
X-CSRF-TOKEN
X-LAGOON
X-Litespeed-Cache-Control
Fl-Custom-Application
X-IN-APIGATEWAY
X-Dw-Trace-Id
X-VTEX-Cache-Backend-Header-Time
X-RAMCache
X-VTEX-Cache-Backend-Connect-Time
X-IN-APIGATEWAYSSL
X-Requestid
X-Via-Edge
X-Via-SSL
X-Via-CDN
X-Traceid
Edge-Copy-Time
X-EC-Lua
X-Th-Server
X-Ramcache
X-Sorting-Hat-Podid
X-Shopid
Ohc-Cache-HIT
X-DataCenter
X-Amz-Meta-S3b-Last-Modified
X-Web-Server
X-Shardid
X-Origin-Upstream-Status
X-Udemy-Cache-App-Namespace
X-Snapshot-Date
X-Amz-Meta-Sha256
Warning
Wpo-Cache-Message
Wpo-Cache-Status
X-Sorting-Hat-Shopid