Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
X-XSS-Protection
Last-Modified
Cf-Request-Id
CF-Cache-Status
CF-RAY
ETag
Accept-Ranges
Expect-CT
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
X-Served-By
P3P
X-Download-Options
X-Request-Id
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
X-FRAME-OPTIONS
Access-Control-Allow-Credentials
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Runtime
P3p
X-DNS-Prefetch-Control
Accept-CH
X-Cache-Status
X-Drupal-Cache
Accept-CH-Lifetime
X-Check
X-Generator
X-Ua-Compatible
X-Cacheable
Server-Timing
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-Iinfo
X-Drupal-Dynamic-Cache
Access-Control-Expose-Headers
Feature-Policy
Content-Encoding
X-Content-Security-Policy
X-Request-ID
X-CDN
Status
Upgrade
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
X-Amz-Request-Id
X-Amz-Id-2
Host-Header
CF-Ray
X-Backend
Allow
X-Cache-Group
Cf-Edge-Cache
Request-Context
X-Robots-Tag
X-Server
Keep-Alive
X-Hacker
X-UA-Device
X-AH-Environment
X-Turbo-Charged-By
X-Ws-Request-Id
X-Vhost
X-Proxy-Cache
X-Rq
X-Age
Xkey
EagleId
X-Dispatcher
X-Server-Powered-By
X-Amz-Version-Id
X-Varnish-Cache
Grace
X-LiteSpeed-Cache
Cf-Apo-Via
X-Page-Speed
Cf-Railgun
X-Pingback
EagleEye-TraceId
X-Device
X-Swift-CacheTime
X-Swift-SaveTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Aws-Lambda-Call-Status
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-CST
X-OneAgent-JS-Injection
X-Backend-Server
Permissions-Policy
X-Server-Id
X-Readtime
X-Host
X-Response-Time
X-Akam-SW-Version
Surrogate-Control
Request-Id
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Nginx-Upstream-Cache-Status
X-HW
X-Cloud-Trace-Context
X-Node
X-Nginx-Cache-Status
Accept-Ch-Lifetime
X-Application-Context
X-Country-Code
X-Trace
X-Oneagent-Js-Injection
Content-Location
X-Cache-Lookup
Service-Worker-Allowed
X-Url
X-Ruxit-JS-Agent
X-Country
X-Content-Type
X-Clacks-Overhead
X-ECACHE
X-Edge
X-Litespeed-Cache
X-Mod-Pagespeed
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Origin-Cache-Key
X-Midtier
Cache-Tag
X-FTR-Request-ID
Cross-Origin-Opener-Policy
Accept-Ch
X-MS-InvokeApp
X-Mcache
X-Powered-By-Plesk
X-Upstream
Nginx-Cache
X-Vname
X-TtlSet
X-PC
Rating
X-ESI
Edge-Control
X-Ruxit-Js-Agent
X-D2id
X-Kinja-Server
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja-Build
X-Kinja-Revision
X-Browser-Type
X-Element-Page-Cache
Verso
X-Times
X-Ac
X-Server-Name
X-Cnection
SPRequestDuration
SPIisLatency
X-Vcap-Request-Id
AR-SID
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Navigation-Version
X-Abt-Application-Version
X-RateLimit-Remaining
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-B3-TraceId
X-Ser
X-VARITI-CCR
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
Origin-Trial
X-GitHub-Request-Id
AR-CACHE
RTSS
S
X-Cache-Key
X-Cache-TTL
X-Mg-S
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
X-Goog-Hash
X-Amz-Rid
X-Ttl
Display
X-Middleton-Display
X-Sol
Pagespeed
Fastly-Restarts
X-Amzn-Trace-Id
X-Varnish-TTL
X-Powered-CMS
X-NWS-LOG-UUID
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev-Is-Generated
X-Version
X-Kraken-Loop-Name
X-ARC
X-Erf-Bev-Bev
X-Instrumentation
X-Kinsta-Cache
X-Edge-Location-Klb
Access-Control-Request-Method
X-Recruiting
X-Client-IP
X-Server-ID
Cache-Status
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Content-Digest
Arr-Disable-Session-Affinity
X-T
X-MSEdge-Ref
Content-MD5
X-Forwarded-For
X-Middleton-Response
Response
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Ua-Device
X-TraceId
X-Hits
TP-Cache
X-RateLimit-Limit
X-Shield-Request-Id
X-Cached
Public-Key-Pins
X-WebKit-CSP-Report-Only
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-Frontend
X-Request-Processing-Time
X-FTR-Backend
X-FTR-Cache-Status
X-Country-Code-Real
X-Request-Received
Server-Node
X-FTR-Expires
X-Ua-Browser
X-HS-Cache-Config
X-HS-Content-Id
X-Kinja-CCPA
X-HS-Combine-CSS
X-HS-Hub-Id
Payment
MS-Author-Via
X-Fastcgi-Cache
X-DIS-Request-ID
X-Webkit-Csp
Front-End-Https
X-LLID
Cross-Origin-Resource-Policy
X-Jurisdiction
X-HP-Trace-Id
X-Forwarded-Proto
X-HP-Webp
X-GUploader-UploadID
X-ORACLE-DMS-RID
Cache-Tags
X-FastCGI-Cache
TP-L2-Cache
X-LB-Cache
Realpath
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Protected-By
X-Origin-Server
X-PressLabs-Stats
X-Distributor
Count-Hit
X-Daa-Tunnel
X-Microsite
X-Request-Handler-Origin-Region
X-F-Cache
MRF-Tech
X-B3-TraceId-Primal
X-Cluster-Name
X-Page-Id
Mrf-Cache-Status
Accept-Charset
X-Az
X-Correlation-Id
X-Varnish-Backend
X-AppVersion
X-Activity-Id
X-TTL
X-Www-Served-By
X-NGENIX-Cache
X-Geo-Country
X-App-Server
X-Rid
Referer-Policy
X-Hostname
X-FB-Debug
X-Debug-Info
X-Varnish-Server
X-Goog-Metageneration
X-Kong-Upstream-Latency
Host
X-Kong-Proxy-Latency
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Fastcgi-Cache
X-TEC-API-VERSION
X-Envoy-Decorator-Operation
X-Git-Hash
Access-Control-Allow-Method
X-ORACLE-DMS-ECID
X-RateLimit-Reset
Retry-After
X-Px
Server-Name
X-Content-Options
X-Tt-Trace-Host
DC
X-Tt-Trace-Tag
X-B3-Sampled
X-Oracle-Dms-Ecid
X-Fastly-Request-ID
X-Load-Cache
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Flags
X-Is-Crawler
X-Contextid
X-Revision
X-Signature
Cleartype
X-App-Environment
X-B-Cache
X-Mobile
X-Origin-Cache
Paypal-Debug-Id
X-Trace-Id
TCN
X-Type
X-TT
X-Language
Charset
X-Fb-Rlafr
X-Grace
X-B
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Amz-Meta-S3cmd-Attrs
Section-Io-Cache
X-Logged-In
Frame-Options
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Cache-Control
X-Goog-Generation
X-Amz-Replication-Status
X-Seen-By
Filterid
X-ASPNET-VERSION
X-XRDS-LOCATION
X-Whom
X-EdgeConnect-Cache-Status
X-Ratelimit-Limit
X-Magnolia-Registration
X-Ezoic-Cdn
X-Wix-Request-Id
X-Newrelic-App-Data
X-Upgrade-Enabled
Healthy
X-App-Version
X-Azure-Ref
Content-Disposition
X-CSRF-Token
X-Node-Name
X-Oracle-Dms-Rid
X-B3-Traceid
Backend
X-Proxy
X-N
Akamai-GRN
X-Air-Pt
Upgrade-Insecure-Requests
X-Template
X-Fastly-Request-Id
X-XRDS-Location
NGB
X-Use-Magma
X-Proxy-Cache-Info
X-B3-SpanId
Refresh
X-Varnish-Ttl
X-Original-Request-Id
X-Response-Served-From
X-Is-Bot
X-Rendered-As
X-Servername
X-Unique-Id
VIX-Pulpo-Node
X-Tumblr-Pixel-0
VIX-Pulpo-Upstream-Status
Ms-Operation-Id
SD-X-WS
MS-CV
Url
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-RTag
Liferay-Portal
X-Page-View
X-ProcessESI
X-RemovedCookies
X-Cacheable-TTL
X-Cache-Grace
Viewport
X-Debug-IsConnected
X-Adobe-Content
X-Adobe-Loc
X-Instance
X-UUID
X-L-Path
X-Debug-IsPreview
X-Jobs
X-Environment-Context
X-Datadog-Sampled
X-Varnish-Grace
X-Amzn-Remapped-Content-Length
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Region
X-IPS-LoggedIn
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-FW-Server
X-FW-Version
X-FW-Type
X-G
X-FW-Static
X-User-Agent
X-Debug
X-Cache-Hit
X-Hosted-By
Fastly-SWR
From-Origin
Fastly-SIE
X-NYM-Debug-Backend
X-Status
Country
X-Rule
Amp-Access-Control-Allow-Source-Origin
X-Device-Type
Surrogate-Key
X-Ratelimit-Remaining
X-Air-Hostname
X-Air-Source
X-Air-Trace-Id
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Hl-Ver
Protected
ServerID
X-Backend-Name
X-Http-Reason
X-Content-Powered-By
X-Origin-CC
X-Akamai-Request-ID2
X-Origin-TTL
X-Webkit-CSP
Alternate-Protocol
Version
X-VC-Cache
X-Cache-Status-Check
X-NODE
X-CCDN-CacheTTL
X-Akamai-Edgescape
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Age
X-CDN-Forward
X-Rocket-Nginx-Serving-Static
X-Framework
X-Nginx-Cache
CF-IPCountry
X-Edge-Location
X-HTML-Minification-Powered-By
X-INCAP-ABP
X-Time
Front
X-Cache-Rule
X-Source
CDN-RequestId
SRV
Access-Control-Request-Headers
Countrycode
GEO-INFO
X-Storage
X-Httpd
X-Endurance-Cache-Level
X-Mode
X-Via-JSL
X-Accel-Version
X-WP-CF-Super-Cache-Active
X-UPSTREAM-Address
X-Upstream-Ht
Xet-Cookie
Webserver
X-Upstream-Ct
X-Cache-Operation
X-Rewrite-Enabled
Meta-Geo
X-Rn-Rsrv
X-Xfnlog-Site
Filters
X-Tec-Api-Version
X-Lambda-Id
X-Varnish-Age
X-Cache-Time
X-Loop
X-Tncms
X-Real-IP
X-Tumblr-Pixel-3
X-Detected-As
X-Soup
X-JoinUs
X-Director
X-Cache-Debug
X-Tec-Api-Origin
X-Tumblr-Pixel-2
X-Tec-Api-Root
X-Vcache
Accept-Language
X-SaId
X-Say-Cacheable
X-SayCDN-TTL
Apigw-Requestid
X-Redis-Cache
X-Cms-Context
X-Say-TTL
X-Skip-Cache
Xserver
X-Use-Mantle
X-Sql-Duration-Ms
OT-Force-Account-Verify
X-Adobe-Source
X-Varnish-Cache-Hits
X-Sql-Count
X-Served-From
X-Format
TWC-Privacy
Web-Mar-Node
TWC-Connection-Speed
Azure-Version
X-Cache-Host
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
DB-Nickname
Webcakes-Region
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
Webcakes-App-Version
Property-Id
TWC-Locale-Group
X-Origin-Hint
X-ProxyCache-Status
X-Uri
X-PHP-Host
X-Logging-Id
X-ProxyCache-Key
Webcakes-App-Name
ServedBy
X-Restarts
X-BYPASS-REASON
X-Handled-By
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
X-GeoCode
X-GeoCountry
X-Tb
Selected-Fe
X-Is-Desktop
X-Is-Mobile
X-AB
X-Proxy-Build
X-Git-Commit
X-Routing-Service
X-Forwarded-Host
X-Geo-Region
X-Zipkin-Id
X-RM-Cache-TTL
X-No-Session
X-Browser-Name
X-Proxied
X-Worker
X-Extlb
X-Is-Supported-Browser
X-Container-Uri
X-Origin
X-Vercel-Cache
X-Vercel-Id
X-Server-W
X-S
X-Tcp-Rtt
X-Timing-Wait
X-Generation-Time
X-RCS-CacheZone
X-Is-Tablet
Mn-Server-Ip
X-Cache-Server
X-DynaTrace
X-Fetched-On
X-IPLB-Instance
X-Provided-By
X-AWS-Id
Priority
X-VWS-Id
X-VCT
X-IPLB-Request-ID
X-Frame-Option
X-ServerID
Cache-Tv-Group
X-LJ-Flow-ID
X-COUNTRY
X-Reqid
X-Cluster
Node
X-R9-Blue-Green-Version
X-FB-TRIP-ID
X-VC
X-Ms-Version
X-Ms-Request-Id
Section-Io-Id
X-Site-Version
Content-Secure-Policy
X-Locale
X-Platform-Router
X-Platform-Processor
X-Platform-Cluster
Fastcgi-Useragent
X-MP-GENERATED-AT
Source
X-Vcl-Version
Onion-Location
X-SRV
AMP-Access-Control-Allow-Source-Origin
S-Rt
X-Drupal-Cache-Contexts
WZWS-RAY
WP-Super-Cache
X-Drupal-Cache-Tags
X-Ua
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Content-Age
X-Webstats-RespID
X-Web-Node
CDN-CachedAt
X-Shopify-Stage
CDN-Cache
X-Storefront-Renderer-Rendered
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestPullCode
X-Alternate-Cache-Key
CDN-RequestPullSuccess
CDN-Uid
CDN-RequestCountryCode
X-Generated-By
X-Origin-Date
Cross-Origin-Embedder-Policy
X-Sorting-Hat-PodId
X-ShardId
X-Pass-Why
X-ShopId
X-Cache-Action
X-Sorting-Hat-ShopId
X-Varnish-Beresp-Ttl
X-Cluster-Node
X-Proxy-Cache-Status
X-Cdn-Origin
X-Mg-Request-UUID
X-Sucuri-Cache
X-Sucuri-ID
X-DataDome
X-Buckets
Fastly-Drupal-HTML
Cross-Origin-Window-Policy
X-TT-LOGID
X-Cache-Expired-At
X-Newrelic-Synthetics
Sid
X-Request-URI
X-Client-Ip
Cache
X-CMSURLCustom
X-Xrds-Location
Thinkindot-CacheControl
TDXMobile
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-GEO
X-Shield-Cache-Expires
X-Scope-Id
X-LSADC-Cache
DCR-Decision-By
Cross-Origin-Embedder-Policy-Report-Only
CDCHOST
Candidate-Md5Url
Origin-Agent-Cluster
X-Ec-Fail
X-Ec-Custom-Error
X-Ec-GeoHdr
X-Epic-Correlation-Id
X-External-Request-Id
X-Developer
X-Destination
X-Bl-Debug
X-Cache-NE
X-Conf
X-D
X-Men
X-PAYTM-SRV-ID
X-Vdms-Path
X-Up
X-Vdms-Version
X-Viewer-Country
X-Vtex-Remote-Cache
X-TIM-N
X-SRCache-Key
X-Rojux
X-S-Cookie
X-Scheme
X-ScT
X-BCube-Filmed-By
X-Bc-Bl
Origin
Ngx.Var.Host
Redirect-Candidate
Rendered-Blocks
Sslversion
Ngx-Var-Key
Meta-Geo-Continent
Environment
Gannett-Cam-Experience-Id
Lang
MD5-Digest
Surrogated-Key
T-Server
X-A-Wwc
X-A-Dgt
X-Aed
X-Application
X-B-Cookie
X-A-Dcw
X-A-Dam
Type
V-Age
X-A
X-A-Ccd
DCR-Processing-Time-Ms
X-Cache-Bucket
X-DC
X-Service
X-Aspnetmvc-Version
X-BBC-Edge-Cache-Status
X-Cache-Info
X-B3-Trace-ID
X-Aicache-OS
X-VCache
X-Core-Mission
X-Core-Value
X-Fastly-Backend
X-Debug-Cache-Store
X-Fastly-Cache
X-Acquia-Purge-Cdn-Unconfigured
X-Debug-Cache-Fetch
X-Dispatcher-Server
Vix-Hermes-Req-Id
Magicmarker
X-Correlation-ID
L
Host-ID
Fastly-GeoIP-CountryCode
Fastly-SSL
Pramga
Req-Svc-Chain
Ssr
X-Gdpr
Sever-Int
Server-Hostname
Server-Ext
Server-Host
X-Access
X-GeoIP-Country-Code
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Sigma-Backend
X-Sigma
X-SD-PageType
X-Section
X-V-Cache
X-Varnish-Director
X-VServer
X-We-Are-Hiring
X-VG-WebCache
X-VG-TLSProxy
X-Varnish-Hostname
X-SB
X-Rocket-Build-Number
X-Level-Front-Cache
X-Loc
X-Instance-Name
X-Human
Country-Code
X-GeoIP-Region-Code
X-Mly-Id
X-Nyt-Route
X-Req
X-Request-Time
X-Proxied-Request
X-Pool
X-Op-Id-All
X-Generated-On
X-Origin-Time
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Via-SSL
X-Parent-Response-Time
X-Via-Edge
X-Datadome
X-TimeS
X-Tt-Logid
X-Optimistic-Header
HostName
X-Via-CDN
Edge-Copy-Time
X-GoCache-CacheStatus
X-Gzip
Web-Mar-Region
X-HA-Backend
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Bip
Tube-Got-Eval
Tube-Get-Contents
True-Client-Country-4JS
X-Clientip
Tube-Got-Results
Tube-Return
X-HS-Content-Campaign-Id
User-Cache-Control
X-GeoIP-City
X-Hnp-Log
X-Fmm-Version
X-Server-IP
X-Cache-Date
X-Pubstack
X-Block-Status
X-Cache-Id
X-Thanos
X-Varnish-Beresp-Status
X-Cache-TTL-Remaining
LB
X-Device-Os
X-DPWN-IS-SECURE
X-Ad-Load-Variation
Adler-Geo
X-From
X-Gen-Mode
X-Hash
X-ApacheServer
X-Platform
X-Auto-Login
X-Esi-Check
X-Geo-Header
X-Micro-Cache
X-Via-Poph
Click-Count-Action-Start
X-WA-Info
X-Request-Host
X-RateLimit-Remaining-Second
X-Sn-Servicetimems
X-RateLimit-Limit-Second
DSUID
Machine
Click-Count-Error
X-Slack-Shared-Secret-Outcome
Is-Eu
X-Slack-Backend
X-TH-Server
X-Zen-Fury
X-UA-Device-Type
X-Via-Popn
On-Server
X-Org
X-PERF
Release
X-Old-Content-Length
X-Nginx-Cache-Key
X-NCache
X-Via-Popv
X-Origin-Response-Time
Cache-Provider
Platform
Proxy-Firewall
Producers
C-Via
X-WP-CF-Super-Cache-Cookies-Bypass
X-Forwarded-Site
X-Policy
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Date
X-Var-Ttl
Atl-Traceid
X-GeoIP
NM-Fastcgi-Cache
Mail-Subject
Gh-Request-Id
X-Owner
X-CacheTTL
Datacenter
Uber-Trace-Id
Esi-Enabled
Canary
X-SIPLIST1
X-Edge-Server
X-Mvc-Supplant-OutputCached
X-Mvc-Supplant-Cachable
X-Irp-Debug
X-FC-Vary-Parameters
We-Hiring
X-NMSegId
Req-ID
Cdn-Host
X-Accel-Expires-Debug
Expect-Staple
IsBot
Cdn-Request-Time
X-App-Name
AKAMAI
Cf-Device-Type
X-Varnishpool
N-Cache
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Node-Id
X-Cdn-Srv
X-Request-Start
X-TA-CDN-Provider
Pics-Label
SID
Fastly-Backend-Name
X-Forwarded-Path
X-Shop-Environment
W
Xc-Version
X-Orig-Expires
X-Tenant
NGX
X-Test
X-Proto
X-Qloud-Router
X-ZONE
X-Amz-Meta-Cb-Modifiedtime
X-Cache-Type
X-LB-NoCache
X-Tx-Id
Ha-Gx-Prefs
HA-Ipaddr
Cluster
X-Eu-Site
X-CGP
X-Ah-Environment
X-Gamma-Serve
L5d-Success-Class
X-Csrf-Jwt
X-Connection-Hash
Expiry
Server-ID
Cmsid
Cmstype
A
X-Contensis-Viewer-Groups
Content-Style-Type
X-Moov-T
X-TIME
X-Branch-Name
X-Cache-Aspx
X-Varnish-Authentication
Content-Script-Type
X-Moov-Xdn-Version
X-Dc
Cdn
X-Refresh
X-Wa
CPC-Age
X-Vmg-Version
CPC-Cache
X-Varnish-Hits
X-URL
X-Servedbyhost
X-LB-ID
Cache-Key
X-Nc
Locid
X-NGINX-Cache
X-Api-Version
RNT-Time
RNT-Machine
X-Ratelimit-Reset
X-LAGOON
X-Fpc
X-Nf-Request-Id
X-Cdn-Diag
X-CACHE-AGE
X-AK-Request-ID
Cdnsip
Yak-Timeinfo
X-Region-Sid
Cdncip
X-ND-Cache
X-VHOST
X-CDN-Cache-Status
X-HN
NtCoent-Length
RATING
PFcat
X-Amz-Storage-Class
X-MCACHE
X-Tb-Optimization-Total-Bytes-Saved
X-VarnishDD-TTL
X-CSRF-TOKEN
GeoIp-Country-Code
Cdn-Requestid
X-DynaTrace-JS-Agent
X-Nananana
CloudFront-Viewer-Country
X-Backend-Instance
X-Akamai-Transformed
X-Via-Fastly
X-Azure-Ref-OriginShield
X-B3-Parentspanid
Resin-Trace
XM
X-Variation
CacheControlHeader
X-Srv
X-Hit
X-Origin-Expires
X-API-Version
X-Cache-Backend
X-TX-ID
Uri
X-Vc
X-Zone
MIME-Version
VNS-Cache
VNS-Age
X-LiteSpeed-Tag
User-Agent
X-Fastly-Country-Code
Cache-Name
X-Lagoon
XkeyRZ
Hostname
X-LiteSpeed-Cache-Control
X-Proxy-CacheRZ
X-NewRelic-App-Data
X-Info
X-Dynatrace-Js-Agent
Cross-Origin-Opener-Policy-Report-Only
X-DataCenter
X-Amz-Meta-Opti
Tcn
True-Client-Ip
X-Dispatcher-Number
Lb
True-Client-IP
X-Datacenter
X-HostName
GeoIP-Latitude
X-Geo
X-Cached-By
X-Esi
X-UA
X-Ig-Origin-Region
Mime-Version
X-Traceid
DataCenter
X-Location
Cache-Hits
X-B3-Spanid
X-NWS-UUID-VERIFY
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
X-Mid
Fastly-Drupal-Html
Powered-By
Cf-Ipcountry
X-AIR-PT
X-Presslabs-Stats
BehaviorPad-Version
X-Cdn-Forward
X-Webkit-Csp-Report-Only
CountryCode
Origin-EX
X-Cloudmap
X-CUA
X-CS
X-IAuth-Set-Uid
X-Jungle-Id
Origin-CC
Srv
X-User
X-Segment-20210421
Ohc-File-Size
X-Varnish-Beresp-TTL
X-ECache
X-Cache-Enabled
Server-Info
Location
X-Dispatch
Debug
GeoIP-Country-Code
X-Internal-Host
X-FPC
X-Cdn-Cache-Status
X-Wp-Cf-Super-Cache-Cache-Control
X-Render-Time
Cl-Cache
X-Wp-Cf-Super-Cache
X-Litespeed-Tag
My-App
X-Oracle-DMS-ECID
CF-Ctrl
Ohc-Cache-HIT
X-Wormhole-Sdk
CDN
Wpo-Cache-Message
Wpo-Cache-Status
X-VTEX-Cache-Time
Section-Origin-Responded
X-ServedByHost
Section-Io-Origin-Status
X-WA
X-Powered-By-VTEX-Cache
Section-Io-Origin-Time-Seconds
X-VTEX-Cache-Server
X-NC
X-Lb-Id
X-Snapshot-Date
YJS-ID
X-App
X-Fastly-Backend-Reqs
Server-Id
X-Nitro-Cache
X-Cs
Load-Balancing
X-Akamai-Pragma-Client-IP
X-Auth-Group-Type
X-MSEdge-Flight
X-MSEdge-Features
Edge-Cache
X-Cache-FS-Status
X-Lb-Nocache
X-Litespeed-Cache-Control
X-ID
Ms-Author-Via
X-VCL-Version
X-Proxy-Cache-La3
X-Cdn-Request-ID
X-Nitro-Rev
X-Nitro-Cache-From
CF-Cached-On
Xkeylog
Xkey-La3
X-MiniProfiler-Ids
X-Dw-Trace-Id
X-RID
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
OriginIP
X-Serial
X-Th-Server
X-DefElseHash
X-Acquia-Site
X-DefHash
X-NodeID
Time
Memory
Memcached
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-APP-VERSION
X-Ig-Push-State
Srvid
X-Varnish-CookieHashed-On
Ngx
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Acquia-Application-Trace
FSS-Cache
X-Check-Cacheable
X-FL-EDGE
X-FL-QIT-DEBUG
X-Cache-Version
X-Shardid
X-Shopid
X-Sorting-Hat-Podid
X-Sorting-Hat-Shopid
Akamai-Cache-Status
X-Mg-Cache
X-Fastly-Cache-Hits
X-Vary
X-Te-Duration-Ms
X-Te-Count
X-Pad
X-Http-Duration-Ms
Inserted-Into-Cache-At
X-Via-PopV
X-Via-PopN
X-Lsadc-Cache
X-Ha-Backend
X-Http-Count
X-Sucuri-Id
X-Via-PopH
Sm-Log-Id
X-Service-Response-Time
Yjs-Id
X-Udemy-Cache-App-Namespace
X-Wp-Cf-Super-Cache-Cookies-Bypass
Geoip-Latitude
X-RequestId
X-Web-Server