Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
X-Cache-Hits
P3P
X-Served-By
X-UA-Compatible
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-Ua-Compatible
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
X-Ws-Request-Id
Xkey
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Dispatcher
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
P3p
X-Page-Speed
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
X-Ruxit-JS-Agent
Request-Id
X-Cloud-Trace-Context
Content-Location
X-Node
X-Application-Context
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-FTR-Request-ID
X-TtlSet
X-PC
X-Vname
X-Daa-Tunnel
X-Oneagent-Js-Injection
X-Server-Name
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Browser-Type
X-Midtier
X-Powered-By-Plesk
X-Cnection
X-ESI
X-GitHub-Request-Id
X-ECACHE
X-Upstream
Edge-Control
X-D2id
X-Element-Page-Cache
Verso
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Id
X-MS-InvokeApp
X-GoogleNews-Bot
AR-ATIME
AR-PoweredBy
X-Ac
AR-Request-ID
AR-SID
Accept-Ch-Lifetime
X-FastCGI-Cache
X-B3-TraceId
X-Vcap-Request-Id
X-Cache-TTL
X-Ser
X-Abt-Application-Version
X-Navigation-Version
AR-CACHE
X-Dw-Request-Base-Id
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Fastly-Restarts
X-Kraken-Loop-Name
X-Server-Lifecycle-Phase
X-Erf-Bev-Bev
X-Instrumentation
X-Erf-Bev-Bev-Is-Generated
X-Client-IP
X-Aws-Lambda-Call-Status
X-Sol
Pagespeed
X-Middleton-Display
Display
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
X-Goog-Hash
Response
Cache-Status
X-Middleton-Response
X-Version
X-Amzn-Trace-Id
Access-Control-Request-Method
X-VARITI-CCR
X-Ruxit-Js-Agent
X-ARC
X-Cache-Key
X-RateLimit-Remaining
RTSS
X-Fastly-Request-ID
X-Content-Digest
X-Ratelimit-Limit
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-Recruiting
X-T
Realpath
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-Varnish-TTL
X-MSEdge-Ref
Fastcgi-Cache
Front-End-Https
X-Cached
MS-Author-Via
Content-MD5
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Ua-Browser
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Shield-Request-Id
X-Protected-By
X-Country-Code-Real
Server-Node
X-FTR-Backend
X-FTR-Backend-Server
X-Request-Received
Public-Key-Pins
X-Request-Processing-Time
X-FTR-Balancer
X-FTR-Cache-Status
X-Ratelimit-Remaining
Payment
X-TTL
X-LLID
X-HS-Combine-CSS
X-Forwarded-Proto
TP-Cache
MicrosoftSharePointTeamServices
Arr-Disable-Session-Affinity
X-Frontend
X-Distributor
X-Ttl
X-Server-ID
X-HP-Webp
X-HP-Trace-Id
X-Accel-Expires
X-Jurisdiction
X-FTR-Expires
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Count-Hit
X-NODE
X-GUploader-UploadID
X-ORACLE-DMS-RID
X-Origin-Server
X-LB-Cache
X-PressLabs-Stats
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-Activity-Id
X-AppVersion
X-Az
X-Www-Served-By
Host
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Ua-Device
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Hits
X-App-Server
X-Varnish-Backend
X-Cluster-Name
X-Varnish-Server
Retry-After
X-Amz-Meta-S3cmd-Attrs
Cache-Tags
Accept-Charset
Server-Name
Cleartype
X-Newrelic-App-Data
X-ORACLE-DMS-ECID
X-Origin-Cache-Key
X-CSRF-Token
X-Goog-Metageneration
X-Hostname
X-NGENIX-Cache
X-Envoy-Decorator-Operation
X-Geo-Country
Referer-Policy
X-Upgrade-Enabled
X-DIS-Request-ID
X-Git-Hash
Access-Control-Allow-Method
TP-L2-Cache
X-Azure-Ref
X-Id
Filterid
X-Seen-By
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Unique-Id
TCN
X-CCDN-Origin-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Load-Cache
X-Proxy
X-F-Cache
X-Revision
X-Cache-Control
X-Request-Guid
X-XRDS-LOCATION
X-Trace-Id
Section-Io-Cache
X-Grace
X-Amz-Apigw-Id
X-Amzn-RequestId
X-TT
X-B
X-B3-Sampled
Healthy
DC
X-Logged-In
X-Contextid
Paypal-Debug-Id
X-FB-Debug
X-Debug-Info
X-Fb-Rlafr
X-Type
X-Px
X-Mobile
X-Page-Id
X-Debug
X-N
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-Varnish-Ttl
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Encoding
X-Oracle-Dms-Ecid
X-Whom
Fastly-SWR
Fastly-SIE
X-Time
X-Via-JSL
X-Webkit-CSP
X-Datadog-Parent-Id
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
Charset
Content-Disposition
X-Template
X-Content-Options
X-RateLimit-Limit
Version
X-Cache-Grace
X-Magnolia-Registration
X-Varnish-Grace
X-Origin-Cache
X-App-Environment
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-Signature
X-B-Cache
X-Language
X-RemovedCookies
VIX-Pulpo-Upstream-Status
X-Node-Name
X-B3-SpanId
VIX-Pulpo-Node
X-ProcessESI
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Debug-IsConnected
X-Datadog-Sampled
X-Debug-IsPreview
X-Rule
X-Tumblr-Pixel-1
X-Amz-Replication-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tumblr-User
MS-CV
Countrycode
X-Hl-Ver
X-G
Ms-Operation-Id
SD-X-WS
X-UUID
X-RTag
ServerID
X-Adobe-Loc
X-FW-Version
X-FW-Static
X-FW-Type
X-Device-Type
X-FW-Serve
X-FW-Server
X-Storage
X-Backend-Name
X-Adobe-Content
X-FW-Hash
X-Cache-Age
X-FW-Dynamic
X-Cacheable-TTL
X-Amzn-Remapped-Content-Length
NGB
GEO-INFO
X-Instance
X-Rendered-As
X-Proxy-Cache-Info
SRV
X-Is-Bot
X-User-Agent
Surrogate-Key
X-IPS-LoggedIn
X-Environment-Context
Liferay-Portal
X-NYM-Debug-Backend
X-Cache-Hit
Country
X-L-Path
X-Real-IP
X-Status
X-Region
X-NWS-UUID-VERIFY
X-Rid
X-ServerID
X-Source
X-RateLimit-Reset
X-Sucuri-ID
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
Cross-Origin-Window-Policy
OT-Force-Account-Verify
Akamai-GRN
X-Servername
X-RM-Cache-TTL
From-Origin
X-VC-Cache
X-WebKit-CSP-Report-Only
Front
X-Framework
X-UA
Upgrade-Insecure-Requests
Amp-Access-Control-Allow-Source-Origin
Backend
X-Mode
X-INCAP-ABP
X-Xrds-Location
X-Air-Pt
X-Wormhole-Sdk
X-AB
X-Air-Source
X-Air-Trace-Id
X-Air-Hostname
X-URL
X-Cache-Time
Refresh
X-Content-Powered-By
Xet-Cookie
X-Akamai-Request-ID2
X-RID
X-Handled-By
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-VC
X-Edge-Location
Frame-Options
X-SaId
Meta-Geo
X-JoinUs
Selected-Fe
X-Timing-Wait
X-UPSTREAM-Address
X-Proxy-Build
X-Webstats-RespID
Url
X-Rewrite-Enabled
X-Rn-Rsrv
X-Origin-CC
X-Origin-TTL
Filters
X-Akamai-Edgescape
X-Xfnlog-Site
Accept-Language
X-AWS-Id
X-No-Session
X-Provided-By
ServedBy
X-Logging-Id
X-RCS-CacheZone
X-Tumblr-Pixel-2
X-LJ-Flow-ID
X-Reqid
Atl-Traceid
X-SRV
X-PHP-Host
X-Cache-Rule
X-Labrador-Cache-Channel
X-Cluster
X-Origin-Date
X-Origin
X-Served-From
X-Cache-Operation
Cache
X-VWS-Id
WPO-Cache-Message
TWC-Device-Class
Section-Io-Id
TWC-GeoIP-Country
X-Scope-Id
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-Connection-Speed
Webserver
TWC-Locale-Group
Cache-Hits
X-Azure-Ref-OriginShield
Property-Id
WPO-Cache-Status
X-Site-Version
X-Origin-Hint
X-Routing-Service
X-Proxied
Webcakes-App-Version
X-Cloudmap
X-Locale
X-Cms-Context
TWC-Privacy
X-IPLB-Request-ID
X-VCT
X-Cache-Debug
X-Container-Uri
X-IPLB-Instance
X-Zipkin-Id
X-Git-Commit
X-Fetched-On
X-Extlb
X-Drupal-Cache-Tags
X-Web-Node
X-Varnish-Cache-Hits
X-DataDome
Access-Control-Request-Headers
X-Tb
Webcakes-Region
Webcakes-App-Name
X-Accel-Version
X-Redis-Cache
X-Adobe-Source
X-Hosted-By
Web-Mar-Node
X-Geo-Region
X-Httpd
Thinkindot-Control
X-Frame-Option
X-Lambda-Id
Apigw-Requestid
X-Generation-Time
X-Director
X-Is-Desktop
Thinkindot-CacheControl
X-Is-Supported-Browser
TDXMobile
X-BYPASS-REASON
Mn-Server-Ip
X-CMSURLCustom
X-Is-Tablet
X-Browser-Name
X-Is-Mobile
Thinkindot-CacheControl-Type
X-Drupal-Cache-Contexts
X-Buckets
X-Tcp-Rtt
X-Skip-Cache
X-S
X-Shield-Cache-Expires
X-Say-TTL
X-Nginx-Cache
X-Soup
X-Ms-Version
X-SayCDN-TTL
X-Varnish-Age
X-Upstream-Ct
X-Vcache
X-Tncms
X-ProxyCache-Status
X-Say-Cacheable
X-Ms-Request-Id
X-Loop
X-ProxyCache-Key
X-Restarts
X-Upstream-Ht
X-Thinkindot-L3
X-Varnish-Beresp-Grace
X-ShardId
X-Storefront-Renderer-Rendered
X-Generated-By
X-Forwarded-Host
X-Format
X-CDN-Forward
X-ShopId
X-GeoCountry
X-GeoCode
X-Alternate-Cache-Key
X-Shopify-Stage
X-Detected-As
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Ratelimit-Reset
X-Cdn-Origin
X-Cache-Status-Check
X-Cache-Host
X-Optimistic-Header
Xserver
X-Lagoon
X-Rocket-Nginx-Serving-Static
X-Worker
Fastcgi-Useragent
X-Vercel-Id
Source
X-Vercel-Cache
X-Request-URI
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-Version
X-Fastly-Request-Id
LB
Node
X-TA-CDN-Provider
X-Pass-Why
Protected
CDN-CachedAt
CDN-RequestPullSuccess
CDN-RequestPullCode
CDN-Uid
CDN-RequestCountryCode
Expiry
CDN-EdgeStorageId
X-Connection-Hash
AMP-Access-Control-Allow-Source-Origin
X-Vcl-Version
CDN-PullZone
CDN-Cache
Onion-Location
Cross-Origin-Embedder-Policy
X-GEO
X-Tumblr-Pixel-3
X-Tec-Api-Version
X-Tec-Api-Origin
X-Api-Version
X-Tec-Api-Root
X-PHP-Backend
X-Cache-Expired-At
CDN-RequestId
X-App-Version
X-Cache-Server
X-XRDS-Location
Alternate-Protocol
Environment
Sid
DB-Nickname
X-Server-W
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Proxy-Cache-Status
X-Jobs
Priority
Uber-Trace-Id
X-Fastcgi-Cache
CF-IPCountry
X-ID
X-Cache-Action
X-Ismobilevalue
X-B3-Traceid
User-Cache-Control
X-Urbn-Context-Path
X-Urbn-Site-Id
Locale
X-Cluster-Node
HostName
X-LSADC-Cache
X-Mg-Request-UUID
X-Tt-Logid
Cdn-Requestid
Cache-Tv-Group
X-Zone
X-Esi-Check
X-FB-TRIP-ID
Vix-Hermes-Req-Id
T-Server
X-Epic-Correlation-Id
X-A
X-Device-Os
X-Dispatcher-Server
X-Ec-Fail
X-Ec-GeoHdr
Lang
X-Forwarded-Site
Sslversion
X-Bip
Content-Secure-Policy
X-Varnish-Hostname
X-MP-GENERATED-AT
X-Generated-On
Surrogated-Key
X-Gen-Mode
X-Vdms-Version
X-Vdms-Path
X-Developer
X-A-Ccd
X-Vtex-Remote-Cache
X-Cache-NE
X-VTEX-Cache-Time
X-Aed
X-Cache-Id
X-Bc-Bl
X-Bl-Debug
A
X-Block-Status
X-BCube-Filmed-By
X-VTEX-Cache-Server
X-Viewer-Country
X-A-Dgt
X-A-Dcw
X-D
X-A-Dam
X-Content-Age
X-Conf
Candidate-Md5Url
X-Clientip
X-A-Wwc
X-Gzip
X-GeoIP-City
Fusion-Component-Id
Fusion-Content-Id
DCR-Decision-By
X-Origin-Expires
X-Org
Meta-Geo-Continent
X-DC
Ngx.Var.Host
Fusion-Content-Source
Fusion-Deployment-Id
Gannett-Cam-Experience-Id
Origin-Agent-Cluster
Origin
X-UA-Device-Type
Fusion-Template-Id
X-Powered-By-VTEX-Cache
X-Thanos
Fusion-Source
X-Request-Start
X-Node-Id
X-Ig-Push-State
X-SRCache-Key
X-Jungle-Id
X-Ig-Origin-Region
DCR-Processing-Time-Ms
X-ScT
Magicmarker
X-Hnp-Log
X-Level-Front-Cache
Server-Host
Rendered-Blocks
X-Rojux
MD5-Digest
X-ND-Cache
Req-ID
X-SB
Edge-Cache
X-TIM-N
X-Auth-Group-Type
X-NGINX-Cache
X-Origin-Response-Time
X-TT-LOGID
X-Tx-Id
Release
Server-Ext
Server-Hostname
Sever-Int
Ssr
X-Backend-Instance
X-App-Name
Origin-CC
Wxu-Next-Region
NM-Fastcgi-Cache
Origin-EX
Wxu-Next-Hostname
X-Amz-Storage-Class
X-AK-Request-ID
X-Auto-Login
X-Debug-Cache-Store
X-Nyt-Route
X-NMSegId
X-Op-Id-All
X-Origin-Time
X-PAYTM-SRV-ID
X-Nginx-Cache-Key
X-Var-Ttl
X-HS-Content-Campaign-Id
X-Loc
X-Mvc-Supplant-Cachable
X-NCache
X-Platform
X-Policy
X-Req
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Time
X-Scheme
X-Test
X-RateLimit-Remaining-Second
X-Proto
X-V-Cache
X-Pubstack
X-RateLimit-Limit-Second
X-Varnish-Director
X-GeoIP-Region-Code
X-Cdn-Srv
X-Cache-TTL-Remaining
X-Via-Fastly
X-Core-Value
X-CUA
X-Cache-Info
X-WA-Info
X-Cache-Bucket
Odigeo-Trace-Id
Yak-Timeinfo
XM
X-Debug-Cache-Fetch
X-SD-PageType
X-Geo-Header
X-GeoIP
X-Varnishpool
X-GeoIP-Country-Code
X-Gdpr
X-Fmm-Version
X-VG-WebCache
X-Edge-Server
X-Fastly-Cache
X-FC-Vary-Parameters
X-Region-Sid
Wxu-Next-Commit
DSUID
X-Uri
X-ECache
Fastly-Backend-Name
C-Via
Cdnsip
Cdn-Host
Cdn-Request-Time
Cdncip
Content-Script-Type
Content-Style-Type
X-Original-Request-Id
X-Service
X-Response-Served-From
Host-ID
AKAMAI
Click-Count-Action-Start
V-Age
CDCHOST
X-From
Tube-Return
X-Varnish-Authentication
X-Newrelic-Synthetics
Web-Mar-Region
X-Varnish-Beresp-Status
We-Hiring
X-VG-TLSProxy
X-VarnishDD-TTL
Cache-Provider
Adler-Geo
X-LiteSpeed-Cache-Control
X-BBC-Edge-Cache-Status
X-Proxied-Request
X-Server-IP
X-Cache-Aspx
X-Request-Host
X-Dc
X-Cache-Backend
X-B3-Trace-ID
X-Contensis-Viewer-Groups
Tube-Got-Results
X-Aicache-OS
Canary
X-Ad-Load-Variation
X-SVT-ORM-VERSION
Cache-Key
X-Pool
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Acquia-Purge-Cdn-Unconfigured
Tube-Got-Eval
Machine
PFcat
Fastly-GeoIP-CountryCode
Fastly-SSL
X-Wikidot-Static-Cache
Platform
Pramga
Powered-By
Tube-Get-Contents
X-Custom-Header
X-Location
X-Varnish-Beresp-Ttl
X-Fastly-Backend
X-HN
Mail-Subject
X-Human
Is-Eu
On-Server
Gh-Request-Id
Producers
X-Men
X-Ec-Custom-Error
Click-Count-Error
RNT-Time
Country-Code
X-DPWN-IS-SECURE
X-GoCache-CacheStatus
Cluster
RNT-Machine
X-We-Are-Hiring
Esi-Enabled
Redirect-Candidate
X-Mvc-Supplant-OutputCached
X-Wikidot-Backend
Req-Svc-Chain
X-Mly-Id
X-Micro-Cache
WP-Super-Cache
X-AIR-PT
L
X-Render-Time
X-Hash
X-NodeID
X-Csrf-Jwt
X-Date
X-PERF
X-CGP
X-Eu-Site
X-CacheTTL
X-Access
X-Section
W
X-Accel-Expires-Debug
X-Up
Proxy-Firewall
Ha-Gx-Prefs
L5d-Success-Class
HA-Ipaddr
NGX
X-ApacheServer
True-Client-Country-4JS
Apple-News-Services-Parsed-Url
X-Slack-Backend
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Slack-Shared-Secret-Outcome
Apple-News-Services-Handled
X-Cs
X-DefElseHash
X-DefHash
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-LB-ID
X-Varnish-CookieINHashed-On
Debug
X-Varnish-Hits
X-COUNTRY
X-Pad
Mime-Version
X-CACHE-GROUP
X-Refresh
X-Client-Ip
X-Depends
X-Nf-Request-Id
X-Via-Poph
X-Via-Popn
X-Datadome
X-Via-Popv
X-Nananana
X-HA-Backend
Datacenter
SID
Fastly-Drupal-HTML
CloudFront-Viewer-Country
X-Cache-FS-Status
X-Akamai-Transformed
Locid
Pics-Label
X-VHOST
X-Parent-Response-Time
X-M-Reqid
X-VC-TTL
X-M-Log
X-Amz-Meta-Cb-Modifiedtime
X-Servedbyhost
X-Platform-Cluster
X-CACHE-AGE
X-Platform-Processor
X-Platform-Router
GeoIP-Latitude
X-Cached-By
X-HITS
X-LiteSpeed-Tag
X-TIME
Server-Info
X-B3-Parentspanid
Ngx-Var-Key
X-Old-Content-Length
Fastly-Drupal-Html
X-LB-NoCache
X-DynaTrace-JS-Agent
X-Litespeed-Tag
X-CDN-Cache-Status
BehaviorPad-Version
Resin-Trace
X-CS
Cf-Ipcountry
X-TH-Server
Server-ID
X-Moov-T
GeoIp-Country-Code
X-APP
X-Moov-Xdn-Version
X-VCache
X-Nc
Cross-Origin-Embedder-Policy-Report-Only
X-Wa
Cdn
X-Vgn-Hpd-Reason
FSS-Cache
NtCoent-Length
X-NewRelic-App-Data
X-IAuth-Set-Uid
X-TX-ID
X-Varnish-Beresp-TTL
CDN
X-B-Cookie
Cf-Device-Type
X-Application
X-Esi
X-S-Cookie
X-User
X-Fpc
X-Content-Length
X-External-Request-Id
True-Client-IP
X-Destination
X-HostName
X-ZONE
Serverhost
X-Zen-Fury
X-Srv
X-Presslabs-Stats
Uri
True-Client-Ip
X-Vc
X-Cache-Date
Tcn
X-Sigma-Backend
X-Rocket-Build-Number
X-Sigma
Srv
X-Dispatcher-Number
X-Instance-Name
X-Oracle-DMS-ECID
Vc-Max-Age
X-Dynatrace-Js-Agent
GeoIP-Country-Code
S-Rt
X-VServer
X-FPC
X-WA
X-Cdn-Forward
X-HOST
X-API-Version
X-NC
Request-ID
Load-Balancing
X-Dispatch
X-Cdn-Cache-Status
X-RequestId
Product
X-DynaTrace
X-Branch-Name
X-Segment-20210421
X-Route-Name
X-CACHE-KEY
X-APP-VERSION
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
Hostname
X-CLOUD-TRACE-CONTEXT
Server-Id
Ohc-File-Size
X-B3-Spanid
X-Webkit-Csp-Report-Only
X-Ckpd-Fst-Backend
Geoip-Latitude
X-Lb-Nocache
X-DataCenter
ServerName
Srvid
X-FL-QIT-DEBUG
X-Page-View
X-ServedByHost
Type
X-Srcache-Store-Status
X-Bug-Bounty
X-SERVER-NAME
X-Geo
X-Srcache-Fetch-Status
X-Irp-Debug
CacheControlHeader
Cloudfront-Viewer-Country
DataCenter
X-Ua
X-Http-Reason
X-Sql-Duration-Ms
X-VCL-Version
X-Sql-Count
Epwk-X-Cache
Cl-Cache
Lb
X-Cache-Ttl
Origin-Trial
IsBot
X-SIPLIST1
X-Via-CDN
X-Via-Edge
X-App
X-Owner
X-Correlation-ID
ServerHost
X-Via-SSL
Edge-Copy-Time
X-Via-PopV
PICS-Label
X-Via-PopN
X-Via-PopH
Cross-Origin-Opener-Policy-Report-Only
X-Ha-Backend
Ohc-Cache-HIT
X-Nf-Language
X-Nf-Ats-Version
X-Nf-Country
Rtss
X-HubSpot-Correlation-Id
X-Core-Mission
X-Lb-Id
MIME-Version
X-Vmg-Version
Cneonction
X-Proxy-CacheRZ
WZWS-RAY
XkeyRZ
X-MiniProfiler-Ids
X-Acquia-Site
X-Sqd-Ctime
X-Sqd-Stime
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-MSEdge-Features
X-Fastly-Country-Code
X-Acquia-Application-Trace
Warning
User-Agent
Cmstype
X-Gamma-Serve
X-Info
Cmsid
X-Requestid
X-Akamai-Device-Characteristics
X-Limited
X-Service-Response-Time
X-Datacenter
X-Web-Server
Sm-Log-Id
X-Qloud-Router
N-Cache
X-MSEdge-Flight
Servername
X-Litespeed-Cache-Control
X-LAGOON
X-Hit
X-Check-Cacheable
Xc-Version
X-Snapshot-Date
X-Akamai-Pragma-Client-IP
X-Serial
X-Th-Server
X-Ramcache
X-Amz-Meta-Opti
X-IN-APIGATEWAYSSL
X-Amz-Meta-S3b-Last-Modified
X-RAMCache
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-IN-APIGATEWAY
X-Dw-Trace-Id
Ngx