Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Ua-Compatible
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
Permissions-Policy
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
Allow
X-Dispatcher
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Litespeed-Cache
Content-Location
X-Application-Context
X-Node
X-Nginx-Cache-Status
P3p
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
X-CST
X-Country
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Url
X-Clacks-Overhead
Cache-Tag
X-Trace
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-FTR-Request-ID
X-PC
X-TtlSet
X-Vname
X-Daa-Tunnel
X-Oneagent-Js-Injection
Cross-Origin-Opener-Policy
X-Webkit-Csp
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-Upstream
X-ECACHE
X-GitHub-Request-Id
X-D2id
X-MS-InvokeApp
Edge-Control
X-Element-Page-Cache
X-Ac
Verso
X-Kinja
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
AR-PoweredBy
AR-Request-ID
AR-SID
AR-ATIME
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
X-Cache-TTL
X-Navigation-Version
X-Abt-Application-Version
X-B3-TraceId
X-Aws-Lambda-Call-Status
AR-CACHE
SPRequestDuration
X-Mod-Pagespeed
SPIisLatency
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
X-NF-Request-ID
Fastly-Restarts
X-Client-IP
X-Instrumentation
X-Erf-Bev-Bev
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Mg-S
X-Edge-Location-Klb
S
X-Kinsta-Cache
X-Powered-CMS
X-Middleton-Response
Response
X-RateLimit-Remaining
Cache-Status
X-Amzn-Trace-Id
Access-Control-Request-Method
X-Goog-Hash
X-Cache-Key
X-Version
X-VARITI-CCR
X-ARC
RTSS
X-Fastly-Request-ID
X-Content-Digest
X-Forwarded-For
X-TraceId
Cross-Origin-Resource-Policy
X-Recruiting
X-T
Realpath
X-Ratelimit-Limit
X-Varnish-TTL
X-Correlation-Id
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
Pinterest-Version
MS-Author-Via
X-Pinterest-Rid
Pinterest-Generated-By
X-Cached
X-PDP-UNCACHING-HASH
X-Ttl
Content-MD5
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
Payment
X-Protected-By
X-FTR-Backend
Server-Node
X-Country-Code-Real
X-Request-Processing-Time
X-Request-Received
X-Ua-Browser
Public-Key-Pins
X-Shield-Request-Id
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-HS-Combine-CSS
X-Frontend
Arr-Disable-Session-Affinity
TP-Cache
X-LLID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Distributor
X-Jurisdiction
X-FTR-Expires
X-Server-ID
X-HP-Trace-Id
X-HP-Webp
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-ORACLE-DMS-RID
X-NODE
Count-Hit
X-GUploader-UploadID
X-Origin-Server
X-Ratelimit-Remaining
X-TTL
X-LB-Cache
X-Origin-Cache-Key
X-Ezoic-Cdn
X-Hits
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-Activity-Id
X-PressLabs-Stats
X-AppVersion
X-Az
Host
X-Cluster-Name
X-Ua-Device
X-B3-TraceId-Primal
X-Varnish-Backend
MRF-Tech
Mrf-Cache-Status
X-Www-Served-By
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-App-Server
Cache-Tags
X-Varnish-Server
X-TEC-API-ROOT
Retry-After
Accept-Charset
X-Amz-Meta-S3cmd-Attrs
Server-Name
X-Hostname
Cleartype
X-Geo-Country
X-NGENIX-Cache
X-Newrelic-App-Data
X-Envoy-Decorator-Operation
X-Id
Referer-Policy
X-Goog-Metageneration
X-CSRF-Token
X-ORACLE-DMS-ECID
X-DIS-Request-ID
X-Upgrade-Enabled
TP-L2-Cache
X-Seen-By
X-Git-Hash
Access-Control-Allow-Method
X-Azure-Ref
TCN
X-Unique-Id
X-Hcs-Proxy-Type
X-Load-Cache
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-F-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
Filterid
X-Amzn-RequestId
X-Proxy
X-Amz-Apigw-Id
X-Revision
X-Trace-Id
Healthy
X-Grace
X-Cache-Control
X-XRDS-LOCATION
X-Request-Guid
Section-Io-Cache
X-Px
X-TT
X-B3-Sampled
Paypal-Debug-Id
DC
X-Debug-Info
X-B
X-Contextid
X-Type
X-Fb-Rlafr
X-Oracle-Dms-Ecid
X-Page-Id
X-FB-Debug
X-Logged-In
X-Mobile
X-N
X-RateLimit-Limit
X-Debug
X-WP-CF-Super-Cache-Cache-Control
Viewport
X-WP-CF-Super-Cache
X-Varnish-Ttl
X-Oracle-Dms-Rid
X-Whom
X-Goog-Generation
X-Template
Fastly-SIE
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Fastly-SWR
X-Goog-Stored-Content-Encoding
X-Time
Charset
X-Language
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
X-Cache-Grace
X-Webkit-CSP
X-Via-JSL
Version
Content-Disposition
X-Magnolia-Registration
X-Wix-Request-Id
X-Varnish-Grace
X-App-Environment
X-EdgeConnect-Cache-Status
X-B-Cache
X-Signature
X-Node-Name
X-Origin-Cache
X-ProcessESI
X-B3-SpanId
X-Rule
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-RemovedCookies
X-Hl-Ver
X-Datadog-Sampled
X-Tumblr-Pixel
X-Yottaa-Optimizations
X-Tumblr-Pixel-0
X-Backend-Name
X-Debug-IsPreview
X-Tumblr-User
X-Debug-IsConnected
X-Tumblr-Pixel-1
X-RateLimit-Reset
X-Yottaa-Metrics
X-Amz-Replication-Status
X-Amzn-Remapped-Content-Length
X-G
MS-CV
Ms-Operation-Id
SD-X-WS
X-UUID
X-RTag
GEO-INFO
X-Adobe-Content
X-Instance
X-FW-Static
X-Adobe-Loc
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-Proxy-Cache-Info
X-FW-Serve
X-FW-Type
X-Cache-Age
ServerID
X-Storage
X-Device-Type
X-FW-Version
X-User-Agent
X-Is-Bot
X-Rendered-As
SRV
NGB
Liferay-Portal
X-Cacheable-TTL
Countrycode
X-NYM-Debug-Backend
Country
X-IPS-LoggedIn
X-L-Path
X-Environment-Context
X-Region
X-Cache-Hit
X-Status
Surrogate-Key
X-Real-IP
X-NWS-UUID-VERIFY
X-Source
X-ServerID
X-Rid
X-Sucuri-ID
X-Sucuri-Cache
Akamai-GRN
OT-Force-Account-Verify
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Active
X-Servername
X-VC-Cache
From-Origin
X-UA
X-WebKit-CSP-Report-Only
X-RM-Cache-TTL
Upgrade-Insecure-Requests
Backend
X-Framework
Front
Amp-Access-Control-Allow-Source-Origin
X-INCAP-ABP
X-Air-Pt
X-Mode
X-Xrds-Location
Refresh
X-AB
X-Wormhole-Sdk
X-Cache-Time
X-Air-Source
X-Air-Trace-Id
X-Content-Powered-By
X-Air-Hostname
X-Akamai-Request-ID2
X-Handled-By
X-HTML-Minification-Powered-By
Frame-Options
X-RID
Xet-Cookie
X-Edge-Location
X-VC
X-Endurance-Cache-Level
X-Buckets
ServedBy
X-Cluster
Meta-Geo
Selected-Fe
X-No-Session
X-RCS-CacheZone
X-Reqid
X-Proxy-Build
X-Origin-Date
X-Origin-TTL
X-Origin-CC
X-Rn-Rsrv
X-SaId
X-UPSTREAM-Address
X-Timing-Wait
Filters
X-Webstats-RespID
X-Xfnlog-Site
X-JoinUs
X-Rewrite-Enabled
Webserver
Url
TWC-Privacy
Webcakes-App-Version
WPO-Cache-Status
WPO-Cache-Message
X-Cache-Status-Check
X-Cache-Operation
X-Served-From
X-R9-Blue-Green-Version
Cache
X-Cache-Rule
X-Azure-Ref-OriginShield
X-Labrador-Cache-Channel
X-VWS-Id
X-VCT
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Device-Class
Cache-Hits
TWC-Connection-Speed
X-Container-Uri
X-Git-Commit
X-SRV
X-Akamai-Edgescape
Access-Control-Request-Headers
X-Tumblr-Pixel-2
X-Vcache
Webcakes-Region
Webcakes-App-Name
X-LJ-Flow-ID
X-Logging-Id
X-Origin
X-AWS-Id
X-Drupal-Cache-Tags
X-Provided-By
X-PHP-Host
X-Origin-Hint
Atl-Traceid
Property-Id
X-DataDome
X-Scope-Id
Accept-Language
X-Thinkindot-L3
X-BYPASS-REASON
X-Cache-Debug
X-Zipkin-Id
X-Adobe-Source
X-Shield-Cache-Expires
Web-Mar-Node
X-Accel-Version
X-Generation-Time
X-Fetched-On
X-Ms-Version
X-Extlb
X-Site-Version
X-ProxyCache-Key
X-Proxied
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Locale
X-Tb
Section-Io-Id
TDXMobile
X-Ms-Request-Id
X-Varnish-Cache-Hits
X-ProxyCache-Status
X-CMSURLCustom
Thinkindot-Control
X-Web-Node
X-Cms-Context
X-Cloudmap
Mn-Server-Ip
X-Routing-Service
X-Httpd
X-Redis-Cache
X-Drupal-Cache-Contexts
X-Restarts
X-Hosted-By
X-Skip-Cache
X-Soup
X-Say-Cacheable
X-Lambda-Id
X-Loop
X-Forwarded-Host
X-Format
X-Is-Tablet
X-Is-Supported-Browser
X-Frame-Option
X-Is-Desktop
X-Is-Mobile
X-S
X-Director
X-Upstream-Ht
X-Upstream-Ct
X-Browser-Name
X-Tncms
X-Varnish-Age
X-Varnish-Beresp-Grace
X-Geo-Region
X-Say-TTL
X-SayCDN-TTL
X-Tcp-Rtt
Apigw-Requestid
X-CDN-Forward
X-Shopify-Stage
Xserver
X-Detected-As
X-Cdn-Origin
X-Alternate-Cache-Key
X-Cache-Host
X-GeoCode
X-GeoCountry
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Nginx-Cache
X-IPLB-Instance
X-IPLB-Request-ID
X-ShardId
X-ShopId
X-Generated-By
X-Optimistic-Header
X-Worker
X-Rocket-Nginx-Serving-Static
X-Lagoon
X-Vercel-Id
Source
X-Vercel-Cache
Azure-RegionName
Azure-SiteName
X-B3-Traceid
Azure-Version
Azure-InstanceId
Azure-SlotName
X-Request-URI
X-Fastly-Request-Id
Node
X-Ratelimit-Reset
X-WP-CF-Super-Cache-Cookies-Bypass
X-TA-CDN-Provider
AMP-Access-Control-Allow-Source-Origin
X-URL
X-Pass-Why
CDN-RequestId
Protected
CDN-Uid
CDN-RequestPullSuccess
CDN-RequestPullCode
Fastcgi-Useragent
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-Cache
CDN-PullZone
CDN-CachedAt
X-Vcl-Version
LB
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Cross-Origin-Embedder-Policy
X-Connection-Hash
Expiry
X-GEO
X-Tumblr-Pixel-3
X-Tec-Api-Version
Onion-Location
X-Tec-Api-Origin
X-Tec-Api-Root
Alternate-Protocol
X-XRDS-Location
X-Cache-Expired-At
X-App-Version
X-Cache-Server
X-Aspnetmvc-Version
X-Api-Version
Priority
DB-Nickname
X-PHP-Backend
X-Jobs
Sid
X-Server-W
Environment
Uber-Trace-Id
CF-IPCountry
X-Fastcgi-Cache
X-Proxy-Cache-Status
X-Cluster-Node
X-Cache-Action
User-Cache-Control
HostName
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-LSADC-Cache
X-Mg-Request-UUID
X-TT-LOGID
X-MP-GENERATED-AT
X-Uri
X-Response-Served-From
X-Original-Request-Id
X-Nf-Request-Id
X-Block-Status
X-Bl-Debug
X-Cache-Id
A
X-Clientip
X-Cache-NE
X-Bip
X-BCube-Filmed-By
X-A-Wwc
X-A-Dgt
X-Aed
Candidate-Md5Url
X-Bc-Bl
Cache-Tv-Group
X-Conf
X-Vtex-Remote-Cache
X-Dispatcher-Server
X-Device-Os
X-Varnish-Hostname
X-Ec-Fail
X-Epic-Correlation-Id
X-Ec-GeoHdr
X-Developer
X-D
X-VTEX-Cache-Time
X-Content-Age
X-VTEX-Cache-Server
X-Viewer-Country
X-Vdms-Path
X-Org
X-A-Dcw
X-A-Dam
Gannett-Cam-Experience-Id
Server-Host
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Req-ID
Rendered-Blocks
MD5-Digest
Meta-Geo-Continent
Origin
Magicmarker
Lang
Origin-Agent-Cluster
Fusion-Content-Id
Fusion-Component-Id
Wxu-Next-Hostname
Wxu-Next-Commit
Content-Secure-Policy
Wxu-Next-Region
X-A-Ccd
X-A
DCR-Decision-By
DCR-Processing-Time-Ms
Surrogated-Key
Sslversion
T-Server
Edge-Cache
Vix-Hermes-Req-Id
X-Esi-Check
X-Vdms-Version
X-DC
X-Request-Start
Ngx.Var.Host
X-Hnp-Log
X-Pubstack
X-Forwarded-Site
X-Proto
X-Gen-Mode
X-Generated-On
X-ScT
X-GeoIP-City
X-SB
X-Rojux
X-Thanos
X-Gzip
X-SRCache-Key
X-TIM-N
X-FB-TRIP-ID
X-NCache
X-Mvc-Supplant-Cachable
X-ND-Cache
X-Node-Id
X-Origin-Expires
X-Op-Id-All
X-Powered-By-VTEX-Cache
X-FC-Vary-Parameters
X-Policy
X-Platform
X-Level-Front-Cache
X-Jungle-Id
X-UA-Device-Type
X-Ig-Origin-Region
X-NGINX-Cache
X-Origin-Response-Time
X-Tx-Id
X-V-Cache
X-VarnishDD-TTL
X-PAYTM-SRV-ID
X-Loc
X-Var-Ttl
Server-Hostname
X-Mvc-Supplant-OutputCached
X-Debug-Cache-Store
Sever-Int
X-VG-WebCache
X-Via-Fastly
X-Fmm-Version
X-Debug-Cache-Fetch
X-Varnishpool
Ssr
X-Varnish-Director
Server-Ext
X-Origin-Time
X-Fastly-Cache
X-Nyt-Route
X-Edge-Server
NM-Fastcgi-Cache
X-Eu-Site
X-NMSegId
Origin-CC
X-Nginx-Cache-Key
X-Varnish-Beresp-Status
Release
Powered-By
Origin-EX
PFcat
W
X-RateLimit-Limit-Second
X-GeoIP-Region-Code
X-GeoIP-Country-Code
X-Backend-Instance
Yak-Timeinfo
XM
X-Auto-Login
X-Scheme
X-Ig-Push-State
X-GeoIP
X-CGP
X-Cache-Info
X-Geo-Header
X-SD-PageType
X-Cache-Bucket
X-Auth-Group-Type
X-App-Name
X-Req
X-Csrf-Jwt
X-CUA
X-HS-Content-Campaign-Id
X-RateLimit-Remaining-Second
X-Region-Sid
X-Gdpr
X-Request-Time
X-AK-Request-ID
X-Amz-Storage-Class
X-WA-Info
X-Test
X-HN
X-Core-Value
X-Cdn-Srv
We-Hiring
Host-ID
HA-Ipaddr
Cdnsip
Cdncip
Cdn-Request-Time
X-Tt-Logid
Ha-Gx-Prefs
Content-Script-Type
Gh-Request-Id
Fastly-Backend-Name
Cdn-Requestid
DSUID
Content-Style-Type
X-Ismobilevalue
Cdn-Host
X-Service
AKAMAI
X-ID
WP-Super-Cache
X-ECache
Mail-Subject
C-Via
X-LiteSpeed-Cache-Control
CDCHOST
Fastly-SSL
Canary
Cache-Provider
L5d-Success-Class
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Cache-Backend
X-Cache-Aspx
Apple-News-Services-Host
Apple-News-Services-Handled
On-Server
X-CacheTTL
X-Cache-TTL-Remaining
Adler-Geo
Apple-News-Services-Parsed-Url
X-Render-Time
X-Section
X-VG-TLSProxy
Platform
X-B3-Trace-ID
L
Machine
Cache-Key
X-BBC-Edge-Cache-Status
X-Contensis-Viewer-Groups
X-Server-IP
X-Fastly-Backend
X-Wikidot-Backend
X-We-Are-Hiring
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-SVT-ORM-VERSION
X-From
X-Sn-Servicetimems
X-Human
X-Ec-Custom-Error
Odigeo-Trace-Id
X-Micro-Cache
X-Mly-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Men
X-DPWN-IS-SECURE
X-Location
X-SVT-ORM-RULES
Is-Eu
Apple-News-Services-Request-Url
X-Pool
RNT-Time
V-Age
X-Proxied-Request
X-ApacheServer
Country-Code
Cluster
Req-Svc-Chain
RNT-Machine
X-Dc
Tube-Return
Esi-Enabled
Fastly-GeoIP-CountryCode
X-Request-Host
X-Varnish-Authentication
True-Client-Country-4JS
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
X-PERF
Web-Mar-Region
X-Aicache-OS
Click-Count-Action-Start
Redirect-Candidate
X-Ad-Load-Variation
X-Access
X-Acquia-Purge-Cdn-Unconfigured
Producers
Click-Count-Error
Pramga
X-AIR-PT
X-Zone
X-Up
X-Slack-Shared-Secret-Outcome
X-Hash
Proxy-Firewall
X-NodeID
X-Slack-Backend
NGX
X-Date
X-Accel-Expires-Debug
X-Custom-Header
X-Cs
X-COUNTRY
X-Varnish-Hits
Debug
X-LB-ID
X-Pad
X-Nananana
X-Varnish-CookieHashed-On
X-DefHash
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-CACHE-GROUP
X-DefElseHash
Datacenter
X-Client-Ip
Mime-Version
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-HA-Backend
X-Datadome
Locid
X-Depends
X-Refresh
X-Akamai-Transformed
SID
Fastly-Drupal-HTML
CloudFront-Viewer-Country
X-VC-TTL
Pics-Label
X-Amz-Meta-Cb-Modifiedtime
X-VHOST
X-Platform-Router
X-Platform-Cluster
X-LiteSpeed-Tag
X-Platform-Processor
X-Servedbyhost
GeoIP-Latitude
X-Cache-FS-Status
X-M-Log
X-M-Reqid
X-Cached-By
X-Old-Content-Length
X-Parent-Response-Time
Ngx-Var-Key
X-CACHE-AGE
X-B3-Parentspanid
X-LB-NoCache
X-TIME
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
X-CDN-Cache-Status
Server-Info
X-TH-Server
X-Moov-T
X-Moov-Xdn-Version
Resin-Trace
Cf-Ipcountry
X-CS
Server-ID
BehaviorPad-Version
X-Litespeed-Tag
GeoIp-Country-Code
Cross-Origin-Embedder-Policy-Report-Only
Cdn
X-ZONE
X-Presslabs-Stats
X-Wa
X-HITS
X-VCache
X-Vgn-Hpd-Reason
NtCoent-Length
X-Nc
X-APP
FSS-Cache
X-TX-ID
X-Destination
X-S-Cookie
X-NewRelic-App-Data
X-User
X-External-Request-Id
X-Application
X-IAuth-Set-Uid
X-B-Cookie
Cf-Device-Type
X-Varnish-Beresp-TTL
CDN
X-Content-Length
True-Client-IP
X-Esi
X-Fpc
X-Zen-Fury
Uri
X-HostName
X-Sigma-Backend
X-Cache-Date
X-Sigma
X-Vc
True-Client-Ip
X-Rocket-Build-Number
X-Instance-Name
X-Srv
Srv
X-VServer
Load-Balancing
Serverhost
Tcn
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-API-Version
X-Route-Name
X-Dynatrace-Js-Agent
X-DynaTrace
X-Oracle-DMS-ECID
S-Rt
X-HOST
X-NC
X-Branch-Name
X-WA
X-FPC
X-CLOUD-TRACE-CONTEXT
X-Dispatcher-Number
X-Segment-20210421
GeoIP-Country-Code
X-Cdn-Forward
Request-ID
Vc-Max-Age
X-APP-VERSION
Product
X-Cdn-Cache-Status
X-Dispatch
Ohc-File-Size
Hostname
X-Page-View
X-RequestId
Server-Id
X-DataCenter
ServerName
X-B3-Spanid
Type
X-FL-QIT-DEBUG
Srvid
Geoip-Latitude
X-Lb-Nocache
X-Webkit-Csp-Report-Only
X-Geo
X-Bug-Bounty
X-ServedByHost
X-Ckpd-Fst-Backend
X-Irp-Debug
X-Http-Reason
X-Sql-Count
X-Sql-Duration-Ms
CacheControlHeader
Cloudfront-Viewer-Country
Cl-Cache
DataCenter
X-VCL-Version
PICS-Label
X-Owner
X-SIPLIST1
IsBot
Epwk-X-Cache
X-Via-Edge
Origin-Trial
X-Via-SSL
X-Via-CDN
Edge-Copy-Time
X-CACHE-KEY
Ohc-Cache-HIT
WZWS-RAY
Lb
X-Cache-Ttl
X-Ua
X-Ha-Backend
X-Core-Mission
Cross-Origin-Opener-Policy-Report-Only
X-App
XkeyRZ
X-Correlation-ID
ServerHost
X-Proxy-CacheRZ
X-Via-PopV
X-Via-PopN
X-Via-PopH
MIME-Version
Rtss
X-Srcache-Fetch-Status
X-Srcache-Store-Status
X-MSEdge-Features
X-CSRF-TOKEN
X-Hit
X-Qloud-Router
X-Lb-Id
N-Cache
X-MSEdge-Flight
X-MiniProfiler-Ids
X-Acquia-Application-Trace
X-Akamai-Device-Characteristics
X-Limited
X-Acquia-Application-UUID
X-Vmg-Version
User-Agent
X-Acquia-Purge-Tags
Cneonction
X-Acquia-Site
X-Service-Response-Time
Sm-Log-Id
X-Sqd-Ctime
X-Sqd-Stime
X-Datacenter
Warning
CountryCode
X-Fastly-Country-Code
X-Amz-Meta-Opti
X-Web-Server
X-Litespeed-Cache-Control
X-Iplb-Instance
X-Iplb-Request-Id
X-LAGOON
X-IN-APIGATEWAYSSL
X-Ramcache
X-Snapshot-Date
X-Info
X-HubSpot-Correlation-Id
X-Gamma-Serve
Xkeylog
X-IN-APIGATEWAY
X-Dw-Trace-Id
Xkey-La3
X-Amz-Meta-S3b-Last-Modified
X-Akamai-Pragma-Client-IP
X-RAMCache
X-Proxy-Cache-La3
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Th-Server
X-Serial
Ngx
X-Requestid
X-Check-Cacheable