Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-UA-Device
X-Robots-Tag
X-AH-Environment
X-Cache-Group
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Dispatcher
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Cache-Lookup
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-WebKit-CSP
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Node
X-Application-Context
P3p
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
X-Country
X-Litespeed-Cache
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
X-Trace
Cache-Tag
X-Url
X-Oneagent-Js-Injection
X-Webkit-Csp
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Daa-Tunnel
X-Server-Name
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-Cnection
X-ESI
X-GitHub-Request-Id
X-Upstream
Edge-Control
X-D2id
X-Element-Page-Cache
Verso
X-MS-InvokeApp
AR-PoweredBy
AR-ATIME
AR-SID
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Ac
AR-Request-ID
X-Kinja-Revision
X-Kinja-Server
Accept-Ch-Lifetime
X-ECACHE
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
X-Navigation-Version
X-Abt-Application-Version
X-B3-TraceId
AR-CACHE
X-Cache-TTL
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Server-Lifecycle-Phase
X-Client-IP
X-Erf-Bev-Bev-Is-Generated
X-Aws-Lambda-Call-Status
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Ruxit-Js-Agent
X-Mg-S
Edge-Cache-Tag
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
X-Goog-Hash
Response
X-Middleton-Response
Cache-Status
X-Amzn-Trace-Id
X-Version
Access-Control-Request-Method
X-VARITI-CCR
X-ARC
X-Cache-Key
RTSS
X-Fastly-Request-ID
X-Content-Digest
X-Ratelimit-Limit
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-RateLimit-Remaining
X-Recruiting
X-T
Realpath
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-MSEdge-Ref
Fastcgi-Cache
Front-End-Https
X-Ratelimit-Remaining
X-Cached
MS-Author-Via
X-Varnish-TTL
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Content-MD5
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Ua-Browser
X-Shield-Request-Id
X-Protected-By
X-Country-Code-Real
Public-Key-Pins
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
Payment
Server-Node
X-TTL
X-HS-Combine-CSS
X-Forwarded-Proto
X-Request-Received
X-Request-Processing-Time
X-Frontend
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-LLID
TP-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Distributor
X-Ttl
X-Server-ID
X-HP-Webp
X-Jurisdiction
X-HP-Trace-Id
X-FTR-Expires
X-Accel-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Count-Hit
X-NODE
X-GUploader-UploadID
X-ORACLE-DMS-RID
X-Origin-Server
X-LB-Cache
X-PressLabs-Stats
X-Ezoic-Cdn
X-Microsite
X-Request-Handler-Origin-Region
X-Az
X-Content-Security-Policy-Report-Only
X-Activity-Id
X-AppVersion
Host
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Ua-Device
X-TEC-API-ORIGIN
X-Www-Served-By
X-Varnish-Backend
X-Cluster-Name
X-Varnish-Server
X-Hits
Mrf-Cache-Status
Cache-Tags
MRF-Tech
X-App-Server
X-B3-TraceId-Primal
X-Amz-Meta-S3cmd-Attrs
Retry-After
Accept-Charset
Server-Name
X-Newrelic-App-Data
Cleartype
X-Origin-Cache-Key
X-ORACLE-DMS-ECID
X-CSRF-Token
X-NGENIX-Cache
X-Goog-Metageneration
X-Hostname
X-Geo-Country
X-Envoy-Decorator-Operation
Referer-Policy
X-Upgrade-Enabled
Access-Control-Allow-Method
X-DIS-Request-ID
X-Git-Hash
X-Azure-Ref
X-Unique-Id
TP-L2-Cache
X-Seen-By
Filterid
X-Id
TCN
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Load-Cache
X-Proxy
X-Revision
X-F-Cache
X-Varnish-Ttl
Healthy
X-Trace-Id
X-XRDS-LOCATION
X-Amz-Apigw-Id
DC
X-Grace
X-B3-Sampled
X-Amzn-RequestId
X-Cache-Control
Section-Io-Cache
X-Request-Guid
Paypal-Debug-Id
X-Type
X-Debug-Info
X-Logged-In
X-TT
X-Contextid
X-Fb-Rlafr
X-FB-Debug
X-Px
X-Mobile
X-B
X-Page-Id
X-N
X-Debug
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
X-Goog-Generation
X-Oracle-Dms-Ecid
X-Whom
Fastly-SIE
Fastly-SWR
X-Time
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Webkit-CSP
Charset
X-Datadog-Parent-Id
X-Via-JSL
Content-Disposition
X-Content-Options
X-Template
Version
X-RateLimit-Limit
X-Cache-Grace
X-Varnish-Grace
X-Origin-Cache
X-Wix-Request-Id
X-Magnolia-Registration
X-App-Environment
X-EdgeConnect-Cache-Status
X-Language
X-RemovedCookies
VIX-Pulpo-Node
X-ProcessESI
X-Node-Name
VIX-Pulpo-Upstream-Status
SRV
X-Datadog-Sampled
X-Yottaa-Optimizations
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Amz-Replication-Status
X-Yottaa-Metrics
X-Rule
X-Signature
X-B-Cache
X-Tumblr-Pixel
X-RTag
SD-X-WS
X-Debug-IsPreview
MS-CV
Ms-Operation-Id
X-Hl-Ver
Countrycode
X-Debug-IsConnected
ServerID
GEO-INFO
X-Backend-Name
X-FW-Hash
X-FW-Dynamic
X-Instance
X-FW-Static
X-FW-Server
X-FW-Type
X-Cache-Age
X-UUID
X-FW-Serve
X-Device-Type
X-FW-Version
X-G
X-Amzn-Remapped-Content-Length
NGB
X-Storage
X-Cacheable-TTL
X-Rendered-As
X-B3-SpanId
X-Status
X-User-Agent
Country
X-Proxy-Cache-Info
X-Region
X-Environment-Context
X-NYM-Debug-Backend
X-Adobe-Content
X-Adobe-Loc
X-Cache-Hit
X-IPS-LoggedIn
X-L-Path
X-Is-Bot
Surrogate-Key
X-Real-IP
Liferay-Portal
X-NWS-UUID-VERIFY
X-Source
X-ServerID
X-Rid
X-RateLimit-Reset
X-Sucuri-Cache
X-Sucuri-ID
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Active
Akamai-GRN
X-Servername
OT-Force-Account-Verify
X-UA
X-CACHE-GROUP
From-Origin
Amp-Access-Control-Allow-Source-Origin
X-VC-Cache
X-RM-Cache-TTL
X-WebKit-CSP-Report-Only
X-Framework
Front
Upgrade-Insecure-Requests
Backend
X-Wormhole-Sdk
X-Air-Pt
X-INCAP-ABP
X-Mode
X-Xrds-Location
X-AB
X-URL
X-Air-Hostname
X-Air-Source
Refresh
X-Content-Powered-By
X-Air-Trace-Id
X-Akamai-Request-ID2
X-Cache-Time
Xet-Cookie
X-RID
X-Handled-By
X-Edge-Location
X-DataDome
X-HTML-Minification-Powered-By
X-VC
X-Nginx-Cache
X-Endurance-Cache-Level
Frame-Options
Meta-Geo
X-JoinUs
Selected-Fe
X-Xfnlog-Site
Filters
Accept-Language
X-UPSTREAM-Address
X-Webstats-RespID
X-Timing-Wait
X-Rn-Rsrv
Url
X-Origin-TTL
X-Rewrite-Enabled
X-RCS-CacheZone
X-Proxy-Build
X-SaId
X-Origin-CC
TWC-Device-Class
ServedBy
WPO-Cache-Status
X-Provided-By
X-Tumblr-Pixel-2
X-LJ-Flow-ID
TWC-GeoIP-Country
X-Logging-Id
Webcakes-Region
X-Cache-Operation
X-Cache-Rule
X-Container-Uri
X-Cluster
Property-Id
X-Git-Commit
Atl-Traceid
Cache
X-Reqid
TWC-Connection-Speed
TWC-GeoIP-LatLong
WPO-Cache-Message
Webcakes-App-Name
X-Akamai-Edgescape
X-AWS-Id
TWC-Privacy
X-Origin-Hint
X-No-Session
X-Served-From
X-VWS-Id
Webcakes-App-Version
TWC-Locale-Group
X-Origin-Date
X-Vcache
X-Locale
X-Labrador-Cache-Channel
X-Routing-Service
Webserver
Access-Control-Request-Headers
X-Azure-Ref-OriginShield
X-Scope-Id
X-Web-Node
X-PHP-Host
X-Origin
X-Restarts
Cache-Hits
X-Site-Version
X-Drupal-Cache-Tags
X-IPLB-Instance
X-Cloudmap
Mn-Server-Ip
X-Proxied
X-Tb
Section-Io-Id
X-VCT
X-Varnish-Cache-Hits
X-Cms-Context
X-IPLB-Request-ID
X-Zipkin-Id
X-Extlb
X-Fetched-On
X-Hosted-By
X-Accel-Version
X-Redis-Cache
Web-Mar-Node
Apigw-Requestid
X-Forwarded-Host
X-Cache-Debug
X-CMSURLCustom
Thinkindot-CacheControl
TDXMobile
Thinkindot-CacheControl-Type
X-Director
X-Frame-Option
X-Format
Thinkindot-Control
X-Generation-Time
X-Buckets
X-Upstream-Ct
X-Loop
X-Say-Cacheable
X-R9-Blue-Green-Version
X-Skip-Cache
X-Upstream-Ht
X-Varnish-Age
X-Soup
X-Thinkindot-L3
X-SayCDN-TTL
X-Say-TTL
X-Tncms
X-Lambda-Id
X-Shield-Cache-Expires
X-Adobe-Source
X-Varnish-Beresp-Grace
X-Ms-Version
X-ProxyCache-Status
X-CDN-Forward
X-Is-Desktop
X-Cache-Host
X-Httpd
X-Tcp-Rtt
X-Is-Mobile
X-GeoCountry
X-Geo-Region
X-BYPASS-REASON
X-Browser-Name
X-Generated-By
X-GeoCode
X-Is-Supported-Browser
X-Is-Tablet
X-Ms-Request-Id
Xserver
X-ProxyCache-Key
X-Optimistic-Header
X-Ratelimit-Reset
X-SRV
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-ShopId
X-Cdn-Origin
X-Cache-Status-Check
X-Detected-As
X-Drupal-Cache-Contexts
X-Shopify-Stage
X-ShardId
X-S
X-Lagoon
LB
X-Worker
X-Rocket-Nginx-Serving-Static
X-Request-URI
Fastcgi-Useragent
X-Vercel-Id
X-Vercel-Cache
Source
Azure-SiteName
Azure-RegionName
X-WP-CF-Super-Cache-Cookies-Bypass
X-Fastly-Request-Id
Azure-SlotName
Azure-Version
Azure-InstanceId
X-TA-CDN-Provider
Node
X-B3-Traceid
X-Vcl-Version
Protected
X-Connection-Hash
Expiry
X-Pass-Why
Cross-Origin-Embedder-Policy
CDN-Cache
X-GEO
CDN-CachedAt
CDN-RequestPullSuccess
Onion-Location
CDN-EdgeStorageId
CDN-RequestPullCode
CDN-Uid
CDN-PullZone
CDN-RequestCountryCode
X-Tec-Api-Origin
X-Tec-Api-Root
X-Api-Version
X-Tec-Api-Version
X-ECache
X-Cache-Expired-At
X-Tumblr-Pixel-3
X-PHP-Backend
AMP-Access-Control-Allow-Source-Origin
X-App-Version
X-Cache-Server
X-XRDS-Location
DB-Nickname
Sid
CDN-RequestId
Environment
X-Server-W
Alternate-Protocol
X-Jobs
Priority
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Uber-Trace-Id
CF-IPCountry
X-Proxy-Cache-Status
X-Fastcgi-Cache
X-Tt-Logid
X-ID
X-Cache-Action
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cluster-Node
X-Ismobilevalue
Cdn-Requestid
Locale
User-Cache-Control
X-LSADC-Cache
X-Mg-Request-UUID
X-MP-GENERATED-AT
X-Tx-Id
HostName
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Cache-Tv-Group
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
T-Server
Wxu-Next-Commit
Surrogated-Key
Sslversion
Vix-Hermes-Req-Id
Edge-Cache
DCR-Processing-Time-Ms
Gannett-Cam-Experience-Id
DCR-Decision-By
Content-Secure-Policy
A
Candidate-Md5Url
Lang
Magicmarker
Origin-Agent-Cluster
Rendered-Blocks
Origin
Ngx.Var.Host
MD5-Digest
Meta-Geo-Continent
Server-Host
X-Clientip
X-Org
X-Op-Id-All
X-Origin-Expires
X-Powered-By-VTEX-Cache
X-Request-Start
X-Node-Id
X-ND-Cache
X-Ig-Push-State
X-Ig-Origin-Region
X-Jungle-Id
X-Level-Front-Cache
X-NCache
X-Rojux
X-SB
X-Viewer-Country
X-Vdms-Version
X-VTEX-Cache-Server
X-VTEX-Cache-Time
X-Vtex-Remote-Cache
X-Vdms-Path
X-Varnish-Hostname
X-SRCache-Key
X-ScT
X-Thanos
X-TIM-N
X-UA-Device-Type
X-Hnp-Log
X-GeoIP-City
X-BCube-Filmed-By
X-Bc-Bl
X-Bip
X-Bl-Debug
X-Block-Status
X-A-Wwc
X-A-Dgt
X-A
Wxu-Next-Region
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Cache-NE
X-Conf
X-FB-TRIP-ID
X-Epic-Correlation-Id
X-Forwarded-Site
X-Gen-Mode
X-Generated-On
X-Ec-GeoHdr
X-Ec-Fail
X-Content-Age
X-D
X-Developer
X-Device-Os
Wxu-Next-Hostname
X-Aed
X-DC
X-Origin-Response-Time
X-Auth-Group-Type
X-Debug-Cache-Fetch
X-CUA
X-Cdn-Srv
X-Cache-Info
X-Cache-Id
X-Debug-Cache-Store
X-Dispatcher-Server
X-Geo-Header
X-GeoIP-Country-Code
X-Gdpr
X-FC-Vary-Parameters
X-Esi-Check
X-Fastly-Cache
X-Cache-Bucket
X-Auto-Login
Release
Req-ID
Server-Ext
Powered-By
PFcat
Origin-CC
Origin-EX
Server-Hostname
Sever-Int
X-App-Name
X-GeoIP-Region-Code
X-Amz-Storage-Class
X-AK-Request-ID
Ssr
X-Uri
X-Backend-Instance
X-HN
X-V-Cache
X-Var-Ttl
X-Varnish-Director
X-Test
X-Tb-Optimization-Total-Bytes-Saved
X-Scheme
X-SD-PageType
X-VarnishDD-TTL
X-Varnishpool
Odigeo-Trace-Id
X-Region-Sid
Yak-Timeinfo
XM
X-VG-WebCache
X-Via-Fastly
X-Request-Time
X-RateLimit-Remaining-Second
X-Mvc-Supplant-Cachable
X-Response-Served-From
X-Loc
X-Original-Request-Id
X-Zone
X-HS-Content-Campaign-Id
X-Nginx-Cache-Key
X-Nyt-Route
X-Pubstack
X-RateLimit-Limit-Second
X-Proto
X-Policy
X-Origin-Time
X-PAYTM-SRV-ID
X-Gzip
X-GeoIP
Content-Script-Type
AKAMAI
C-Via
Cdnsip
Fastly-SSL
Content-Style-Type
Cache-Provider
X-Service
Host-ID
DSUID
CDCHOST
Cdncip
Fastly-Backend-Name
X-Edge-Server
X-Eu-Site
X-Fmm-Version
Cdn-Request-Time
X-LiteSpeed-Cache-Control
X-Fastly-Backend
Click-Count-Error
X-Cache-Backend
X-Cache-TTL-Remaining
X-Cache-Aspx
X-Newrelic-Synthetics
X-Aicache-OS
X-B3-Trace-ID
X-CGP
X-Contensis-Viewer-Groups
Cdn-Host
Click-Count-Action-Start
Cluster
X-Csrf-Jwt
X-Core-Value
X-Ec-Custom-Error
X-Human
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sn-Servicetimems
X-Server-IP
X-Section
X-Varnish-Authentication
X-Varnish-Beresp-Status
X-Wikidot-Static-Cache
X-Custom-Header
X-Wikidot-Backend
X-We-Are-Hiring
X-WA-Info
X-Request-Host
X-Req
X-Location
Apple-News-Services-Request-Url
Cache-Key
X-Access
Canary
X-Mvc-Supplant-OutputCached
Apple-News-Services-Parsed-Url
X-Pool
X-Proxied-Request
X-Platform
Apple-News-Services-Handled
X-NMSegId
X-GoCache-CacheStatus
Apple-News-Services-Host
We-Hiring
Redirect-Candidate
Pramga
Tube-Got-Eval
Ha-Gx-Prefs
Gh-Request-Id
W
V-Age
Tube-Get-Contents
Tube-Got-Results
Tube-Return
True-Client-Country-4JS
Fastly-GeoIP-CountryCode
X-Varnish-Beresp-Ttl
HA-Ipaddr
Web-Mar-Region
Machine
On-Server
Mail-Subject
NM-Fastcgi-Cache
L
L5d-Success-Class
X-AIR-PT
WP-Super-Cache
X-Dc
X-TT-LOGID
X-From
X-VG-TLSProxy
Esi-Enabled
X-NGINX-Cache
Is-Eu
X-Date
RNT-Time
X-DPWN-IS-SECURE
Req-Svc-Chain
X-Mly-Id
X-Micro-Cache
X-PERF
Adler-Geo
X-NodeID
X-Men
X-Render-Time
X-Hash
X-Slack-Shared-Secret-Outcome
X-Slack-Backend
Proxy-Firewall
Producers
RNT-Machine
Platform
X-CacheTTL
X-BBC-Edge-Cache-Status
X-Accel-Expires-Debug
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
Country-Code
X-ApacheServer
X-COUNTRY
NGX
Debug
X-Varnish-Hits
X-Up
X-Pad
X-Client-Ip
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Depends
X-Varnish-CookieHashed-On
X-DefElseHash
X-Cs
X-Refresh
X-DefHash
X-LB-ID
X-Nf-Request-Id
Mime-Version
X-Nananana
CloudFront-Viewer-Country
SID
Datacenter
Fastly-Drupal-HTML
X-Akamai-Transformed
X-VHOST
Pics-Label
X-HA-Backend
X-Servedbyhost
X-Cache-FS-Status
X-Via-Poph
Locid
X-Via-Popv
X-Via-Popn
X-Parent-Response-Time
X-Datadome
X-M-Reqid
X-VC-TTL
GeoIP-Latitude
X-Amz-Meta-Cb-Modifiedtime
X-M-Log
X-Cached-By
X-Platform-Router
X-CACHE-AGE
X-HITS
X-Platform-Cluster
X-Platform-Processor
X-Old-Content-Length
X-LiteSpeed-Tag
Fastly-Drupal-Html
X-B3-Parentspanid
Ngx-Var-Key
X-TIME
X-CS
X-LB-NoCache
Server-Info
X-Litespeed-Tag
BehaviorPad-Version
X-CDN-Cache-Status
Resin-Trace
Cf-Ipcountry
X-DynaTrace-JS-Agent
X-Moov-T
X-APP
X-Moov-Xdn-Version
X-TH-Server
Server-ID
X-Nc
GeoIp-Country-Code
Cdn
X-Wa
X-VCache
Cross-Origin-Embedder-Policy-Report-Only
X-Vgn-Hpd-Reason
X-IAuth-Set-Uid
X-Content-Length
NtCoent-Length
FSS-Cache
X-NewRelic-App-Data
X-ZONE
X-Srv
X-Varnish-Beresp-TTL
CDN
X-S-Cookie
X-Fpc
X-User
X-Application
X-Esi
Cf-Device-Type
X-B-Cookie
X-External-Request-Id
X-Destination
True-Client-IP
X-HostName
X-TX-ID
X-Zen-Fury
True-Client-Ip
Uri
X-Presslabs-Stats
Serverhost
X-Vc
X-Sigma-Backend
Tcn
X-Dispatcher-Number
X-Rocket-Build-Number
X-Sigma
X-Instance-Name
X-Cache-Date
Vc-Max-Age
X-Dynatrace-Js-Agent
X-Oracle-DMS-ECID
X-B3-Spanid
X-RequestId
X-API-Version
X-HOST
X-FPC
GeoIP-Country-Code
Srv
X-VServer
S-Rt
Request-ID
Load-Balancing
Hostname
X-Dispatch
X-Cache-Ttl
X-DynaTrace
X-NC
X-Cdn-Cache-Status
X-APP-VERSION
X-WA
X-Segment-20210421
X-Branch-Name
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Is-Crawler
X-CACHE-KEY
X-Cdn-Forward
X-Route-Name
Server-Id
Product
Ohc-File-Size
X-FL-QIT-DEBUG
Srvid
X-Ckpd-Fst-Backend
ServerName
X-DataCenter
Geoip-Latitude
X-Webkit-Csp-Report-Only
X-Page-View
Type
X-Bug-Bounty
X-Lb-Nocache
X-Geo
X-SERVER-NAME
X-Irp-Debug
X-ServedByHost
DataCenter
CacheControlHeader
X-Sql-Count
X-VCL-Version
X-Http-Reason
X-Sql-Duration-Ms
X-Via-PopV
X-Via-PopN
Epwk-X-Cache
Origin-Trial
X-Via-PopH
Cloudfront-Viewer-Country
Cl-Cache
X-Ha-Backend
X-App
ServerHost
X-Ua
PICS-Label
Ohc-Cache-HIT
X-SIPLIST1
IsBot
X-Lb-Id
Edge-Copy-Time
X-Correlation-ID
X-Via-CDN
X-Owner
Cross-Origin-Opener-Policy-Report-Only
X-Via-SSL
X-Via-Edge
X-HubSpot-Correlation-Id
Rtss
X-Srcache-Store-Status
X-Srcache-Fetch-Status
XkeyRZ
X-Vmg-Version
X-Akamai-Device-Characteristics
User-Agent
Cneonction
WZWS-RAY
X-Proxy-CacheRZ
X-Core-Mission
MIME-Version
X-MiniProfiler-Ids
X-Nf-Language
X-Nf-Country
X-Nf-Ats-Version
Lb
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Info
Sm-Log-Id
X-Acquia-Site
X-Service-Response-Time
X-Sqd-Ctime
X-Limited
Cmsid
X-Qloud-Router
X-Gamma-Serve
X-Sqd-Stime
Cmstype
X-Datacenter
X-Fastly-Country-Code
Warning
X-MSEdge-Flight
N-Cache
X-Web-Server
X-MSEdge-Features
X-LAGOON
X-Hit
Servername
X-Litespeed-Cache-Control
X-Ramcache
X-Th-Server
Xc-Version
X-Check-Cacheable
X-Serial
X-Snapshot-Date
X-RAMCache
X-IN-APIGATEWAY
X-Amz-Meta-S3b-Last-Modified
X-Requestid
X-Akamai-Pragma-Client-IP
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-IN-APIGATEWAYSSL
X-Amz-Meta-Opti
X-Dw-Trace-Id
Ngx