Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-XSS-Protection
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Varnish
X-Request-Id
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Request-ID
X-Check
X-Ua-Compatible
X-Cache-Status
X-Generator
Server-Timing
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-AH-Environment
X-Robots-Tag
X-Server
X-UA-Device
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
Cf-Apo-Via
X-Dispatcher
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-OneAgent-JS-Injection
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Cloud-Trace-Context
X-Ruxit-JS-Agent
Content-Location
X-Node
X-Application-Context
P3p
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Litespeed-Cache
Service-Worker-Allowed
X-Country-Code
X-Country
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Oneagent-Js-Injection
X-Url
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-FTR-Request-ID
Nginx-Cache
X-Times
X-TtlSet
X-Vname
X-PC
X-Daa-Tunnel
X-Server-Name
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-GitHub-Request-Id
X-ECACHE
X-Upstream
Edge-Control
X-D2id
Verso
X-Element-Page-Cache
X-MS-InvokeApp
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-SID
X-Ac
X-Exp-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
Accept-Ch-Lifetime
X-B3-TraceId
X-FastCGI-Cache
X-Vcap-Request-Id
X-Cache-TTL
X-Ser
X-Abt-Application-Version
X-Navigation-Version
AR-CACHE
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
SPRequestGuid
X-SharePointHealthScore
X-Amz-Rid
Fastly-Restarts
X-Client-IP
X-Erf-Bev-Bev-Is-Generated
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Instrumentation
X-Aws-Lambda-Call-Status
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Mg-S
X-Edge-Location-Klb
X-Kinsta-Cache
S
X-Powered-CMS
X-Goog-Hash
Cache-Status
X-Middleton-Response
Response
X-Version
Access-Control-Request-Method
X-Amzn-Trace-Id
X-VARITI-CCR
X-Fastly-Request-ID
X-Cache-Key
X-ARC
RTSS
X-Content-Digest
X-Ratelimit-Limit
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-RateLimit-Remaining
X-Ua-Device
X-Recruiting
X-T
Realpath
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-MSEdge-Ref
X-Varnish-TTL
Fastcgi-Cache
Front-End-Https
X-Cached
X-Ratelimit-Remaining
MS-Author-Via
X-TTL
Content-MD5
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Ua-Browser
X-FTR-Backend-Server
X-FTR-Backend
X-Shield-Request-Id
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-Request-Processing-Time
Payment
X-Request-Received
Server-Node
X-Forwarded-Proto
MicrosoftSharePointTeamServices
Public-Key-Pins
X-Protected-By
X-LLID
X-HS-Combine-CSS
TP-Cache
Arr-Disable-Session-Affinity
X-Frontend
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Distributor
X-FTR-Expires
X-Server-ID
X-Accel-Expires
X-Jurisdiction
X-HP-Webp
X-HP-Trace-Id
Count-Hit
X-Kong-Proxy-Latency
X-NODE
X-Kong-Upstream-Latency
X-GUploader-UploadID
X-Origin-Server
X-ORACLE-DMS-RID
X-LB-Cache
X-Ttl
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-Content-Security-Policy-Report-Only
X-Az
Host
X-AppVersion
X-Activity-Id
X-PressLabs-Stats
X-Www-Served-By
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Cluster-Name
X-Varnish-Backend
X-App-Server
Retry-After
X-Varnish-Server
Cache-Tags
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
Server-Name
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Origin-Cache-Key
X-TEC-API-VERSION
Cleartype
X-Hits
X-Hostname
X-CSRF-Token
X-NGENIX-Cache
X-Goog-Metageneration
X-Geo-Country
X-Envoy-Decorator-Operation
Referer-Policy
X-Newrelic-App-Data
X-ORACLE-DMS-ECID
X-Upgrade-Enabled
X-Git-Hash
X-DIS-Request-ID
TP-L2-Cache
X-Unique-Id
X-Seen-By
X-Id
Access-Control-Allow-Method
TCN
X-Azure-Ref
X-Hcs-Proxy-Type
Filterid
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-F-Cache
X-Proxy
X-Load-Cache
X-Revision
X-Trace-Id
X-Grace
Healthy
X-Request-Guid
Section-Io-Cache
X-Cache-Control
X-Amzn-RequestId
X-Amz-Apigw-Id
X-TT
X-Logged-In
X-Type
X-B
X-Contextid
Paypal-Debug-Id
DC
X-Px
X-Debug-Info
X-B3-Sampled
X-Mobile
X-Page-Id
X-N
X-Fb-Rlafr
X-Oracle-Dms-Ecid
X-FB-Debug
X-Debug
Viewport
X-WP-CF-Super-Cache
X-WP-CF-Super-Cache-Cache-Control
X-XRDS-LOCATION
X-Varnish-Ttl
X-Oracle-Dms-Rid
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Fastly-SIE
Fastly-SWR
X-Whom
X-Time
X-Webkit-CSP
Charset
X-Datadog-Sampling-Priority
X-Via-JSL
X-Template
X-Datadog-Trace-Id
X-Datadog-Parent-Id
X-Content-Options
Content-Disposition
X-Cache-Grace
X-RateLimit-Limit
X-Varnish-Grace
X-Magnolia-Registration
X-Origin-Cache
X-Wix-Request-Id
Version
X-App-Environment
X-Signature
X-B-Cache
X-EdgeConnect-Cache-Status
X-Language
SRV
X-ProcessESI
X-RemovedCookies
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Debug-IsConnected
X-Debug-IsPreview
X-Amz-Replication-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-B3-SpanId
X-Rule
X-Node-Name
X-Datadog-Sampled
X-Hl-Ver
SD-X-WS
X-G
Countrycode
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-FW-Version
X-Backend-Name
MS-CV
GEO-INFO
Ms-Operation-Id
ServerID
X-Adobe-Loc
X-Adobe-Content
X-Device-Type
X-FW-Serve
X-RTag
X-UUID
X-Instance
X-Storage
X-Rendered-As
X-Proxy-Cache-Info
X-Amzn-Remapped-Content-Length
X-NYM-Debug-Backend
X-Is-Bot
NGB
X-Cacheable-TTL
X-IPS-LoggedIn
Liferay-Portal
Country
X-Status
X-User-Agent
X-Cache-Hit
X-NWS-UUID-VERIFY
X-Region
X-Environment-Context
Surrogate-Key
X-L-Path
X-Real-IP
X-Rid
X-ServerID
X-RateLimit-Reset
X-Source
X-Cache-Age
Akamai-GRN
X-WP-CF-Super-Cache-Active
X-Sucuri-Cache
X-Sucuri-ID
Cross-Origin-Window-Policy
OT-Force-Account-Verify
Amp-Access-Control-Allow-Source-Origin
X-Servername
X-UA
X-RM-Cache-TTL
X-VC-Cache
From-Origin
X-WebKit-CSP-Report-Only
Front
X-Framework
Upgrade-Insecure-Requests
X-Air-Pt
X-INCAP-ABP
X-Wormhole-Sdk
Backend
X-AB
X-Xrds-Location
X-Mode
X-Air-Hostname
X-URL
X-Air-Trace-Id
X-Air-Source
X-Akamai-Request-ID2
Refresh
X-Content-Powered-By
X-Cache-Time
X-RID
X-Handled-By
Xet-Cookie
X-Edge-Location
Frame-Options
X-Endurance-Cache-Level
X-DataDome
X-HTML-Minification-Powered-By
X-Proxy-Build
X-Webstats-RespID
X-Xfnlog-Site
Accept-Language
Selected-Fe
X-Timing-Wait
X-JoinUs
X-UPSTREAM-Address
Meta-Geo
X-Origin-CC
X-Origin-TTL
X-RCS-CacheZone
X-Rewrite-Enabled
X-Rn-Rsrv
Filters
X-SaId
TWC-GeoIP-Country
TWC-Locale-Group
ServedBy
TWC-GeoIP-LatLong
X-Provided-By
X-Cluster
X-Logging-Id
Webcakes-App-Name
X-Akamai-Edgescape
Property-Id
X-LJ-Flow-ID
X-Origin
Webcakes-App-Version
X-AWS-Id
Webcakes-Region
TWC-Privacy
X-Labrador-Cache-Channel
X-Origin-Hint
X-Reqid
X-Cache-Operation
X-Cache-Rule
TWC-Device-Class
X-PHP-Host
WPO-Cache-Status
X-Served-From
X-Git-Commit
X-No-Session
X-Container-Uri
X-Origin-Date
X-Tumblr-Pixel-2
WPO-Cache-Message
X-VWS-Id
TWC-Connection-Speed
Atl-Traceid
Url
X-CDN-Forward
X-SRV
X-Scope-Id
X-Cms-Context
X-Cache-Debug
X-Drupal-Cache-Tags
X-Azure-Ref-OriginShield
Cache
X-IPLB-Instance
X-IPLB-Request-ID
Section-Io-Id
X-R9-Blue-Green-Version
X-Restarts
X-Redis-Cache
X-Fetched-On
X-Tb
X-Locale
Web-Mar-Node
Webserver
X-VCT
X-Accel-Version
X-Site-Version
X-Web-Node
X-Varnish-Cache-Hits
X-Adobe-Source
Mn-Server-Ip
X-Generation-Time
X-Frame-Option
X-Geo-Region
X-Hosted-By
X-Is-Desktop
TDXMobile
X-Httpd
Apigw-Requestid
Thinkindot-CacheControl
Thinkindot-Control
X-Is-Mobile
X-Cloudmap
X-BYPASS-REASON
X-Browser-Name
X-CMSURLCustom
X-Director
Cache-Hits
X-Format
X-Extlb
X-Drupal-Cache-Contexts
Thinkindot-CacheControl-Type
X-Vcache
X-Soup
X-Tcp-Rtt
X-Shield-Cache-Expires
X-Is-Supported-Browser
X-Nginx-Cache
Access-Control-Request-Headers
X-Thinkindot-L3
X-Buckets
X-Zipkin-Id
X-VC
X-Upstream-Ht
X-Upstream-Ct
X-Say-TTL
X-SayCDN-TTL
X-Is-Tablet
X-Say-Cacheable
X-Ms-Version
X-Ms-Request-Id
X-Proxied
X-ProxyCache-Key
X-S
X-Routing-Service
X-ProxyCache-Status
Xserver
X-Generated-By
X-Loop
X-Lambda-Id
X-Varnish-Age
X-GeoCode
X-Detected-As
X-Skip-Cache
X-Cache-Host
X-GeoCountry
X-Tncms
X-Forwarded-Host
X-Shopify-Stage
X-Ratelimit-Reset
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Varnish-Beresp-Grace
X-Sorting-Hat-ShopId
X-Optimistic-Header
X-Cache-Status-Check
LB
X-Lagoon
X-Cdn-Origin
X-Worker
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Rocket-Nginx-Serving-Static
Fastcgi-Useragent
X-Request-URI
Source
X-Vercel-Id
X-Vercel-Cache
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Azure-Version
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-SlotName
X-XRDS-Location
Node
X-TA-CDN-Provider
Protected
X-Pass-Why
CDN-EdgeStorageId
CDN-Cache
CDN-PullZone
CDN-CachedAt
CDN-Uid
CDN-RequestCountryCode
X-Connection-Hash
Expiry
CDN-RequestPullSuccess
CDN-RequestPullCode
X-Vcl-Version
Cross-Origin-Embedder-Policy
Onion-Location
X-App-Version
X-GEO
X-Api-Version
X-Cache-Expired-At
X-Tumblr-Pixel-3
X-PHP-Backend
AMP-Access-Control-Allow-Source-Origin
X-Cache-Server
Alternate-Protocol
DB-Nickname
Environment
X-COUNTRY
CDN-RequestId
X-Server-W
X-Fastly-Request-Id
Uber-Trace-Id
X-Proxy-Cache-Status
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
X-Jobs
X-Tt-Logid
X-Cache-Action
X-Fastcgi-Cache
Cdn-Requestid
CF-IPCountry
X-ID
X-B3-Traceid
Locale
X-Ismobilevalue
X-Cluster-Node
Sid
X-Urbn-Site-Id
X-Urbn-Context-Path
Priority
User-Cache-Control
X-DC
X-Mg-Request-UUID
X-LSADC-Cache
X-Tx-Id
HostName
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Cache-Tv-Group
Fusion-Component-Id
Fusion-Content-Id
X-Varnish-Hostname
Origin
X-UA-Device-Type
Content-Secure-Policy
DCR-Processing-Time-Ms
Edge-Cache
X-VTEX-Cache-Time
DCR-Decision-By
Candidate-Md5Url
X-Vtex-Remote-Cache
A
X-VTEX-Cache-Server
Gannett-Cam-Experience-Id
Meta-Geo-Continent
X-Vdms-Version
Ngx.Var.Host
MD5-Digest
Magicmarker
X-Viewer-Country
Lang
X-Vdms-Path
X-Origin-Expires
X-BCube-Filmed-By
X-Bc-Bl
X-Bip
X-Bl-Debug
X-Gen-Mode
X-Generated-On
X-Aed
X-GeoIP-City
X-Ig-Origin-Region
X-Ig-Push-State
X-Hnp-Log
X-Gzip
X-A-Wwc
X-Forwarded-Site
X-Block-Status
X-Developer
X-D
X-Device-Os
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Ec-GeoHdr
X-Content-Age
X-Conf
X-FB-TRIP-ID
X-Cache-Id
X-Esi-Check
X-Cache-NE
X-Clientip
X-Jungle-Id
X-Level-Front-Cache
X-Rojux
Sslversion
X-Request-Start
Surrogated-Key
T-Server
X-Powered-By-VTEX-Cache
X-SB
X-ScT
Rendered-Blocks
X-Thanos
Req-ID
X-SRCache-Key
Server-Host
X-Ec-Fail
X-Org
X-ND-Cache
X-A-Ccd
X-A-Dam
X-NCache
X-A-Dgt
X-A-Dcw
X-Node-Id
X-Op-Id-All
Wxu-Next-Commit
Vix-Hermes-Req-Id
Wxu-Next-Hostname
Wxu-Next-Region
X-A
X-TIM-N
Origin-Agent-Cluster
X-MP-GENERATED-AT
X-Origin-Response-Time
X-NGINX-Cache
X-Auth-Group-Type
X-CUA
X-Debug-Cache-Fetch
X-Cache-Info
X-Core-Value
X-Cdn-Srv
X-Cache-TTL-Remaining
X-Debug-Cache-Store
X-Gdpr
X-Geo-Header
X-GeoIP
X-Fmm-Version
X-FC-Vary-Parameters
X-Edge-Server
X-Fastly-Cache
X-Cache-Bucket
X-Auto-Login
PFcat
Powered-By
Release
Origin-EX
Origin-CC
X-Uri
NM-Fastcgi-Cache
Server-Ext
X-ECache
X-Amz-Storage-Class
X-App-Name
X-GeoIP-Region-Code
X-AK-Request-ID
Ssr
Server-Hostname
Sever-Int
X-Backend-Instance
X-HS-Content-Campaign-Id
X-Varnish-Director
X-VarnishDD-TTL
X-Varnishpool
X-Var-Ttl
X-Test
X-SD-PageType
X-Tb-Optimization-Total-Bytes-Saved
X-VG-WebCache
X-Via-Fastly
Yak-Timeinfo
Odigeo-Trace-Id
X-Region-Sid
XM
X-WA-Info
X-Original-Request-Id
X-Response-Served-From
X-Scheme
X-Request-Time
X-NMSegId
X-Nyt-Route
X-Origin-Time
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Varnish-Beresp-Ttl
X-Loc
X-PAYTM-SRV-ID
X-Platform
X-RateLimit-Remaining-Second
X-Req
X-RateLimit-Limit-Second
X-Pubstack
X-Policy
X-Proto
X-HN
X-GeoIP-Country-Code
Cdn-Request-Time
Cache-Provider
Content-Style-Type
AKAMAI
X-Zone
Fastly-Backend-Name
C-Via
Content-Script-Type
CDCHOST
Fastly-SSL
Host-ID
Cdncip
Cdn-Host
DSUID
Cdnsip
X-Request-Host
X-Contensis-Viewer-Groups
X-Section
X-Csrf-Jwt
Esi-Enabled
Adler-Geo
X-CGP
X-LiteSpeed-Cache-Control
X-Varnish-Beresp-Status
X-Aicache-OS
X-Ad-Load-Variation
X-Acquia-Purge-Cdn-Unconfigured
X-Varnish-Authentication
X-V-Cache
X-Cache-Aspx
Fastly-GeoIP-CountryCode
X-B3-Trace-ID
X-Cache-Backend
X-Ec-Custom-Error
Canary
X-Service
Click-Count-Action-Start
Click-Count-Error
X-NodeID
X-Human
X-Location
X-Micro-Cache
X-Mly-Id
X-Mvc-Supplant-OutputCached
X-From
Cache-Key
Apple-News-Services-Host
X-Access
X-DPWN-IS-SECURE
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Proxied-Request
Cluster
X-Pool
Apple-News-Services-Request-Url
X-Eu-Site
X-Newrelic-Synthetics
X-BBC-Edge-Cache-Status
Ha-Gx-Prefs
X-Custom-Header
Is-Eu
RNT-Time
X-We-Are-Hiring
True-Client-Country-4JS
Tube-Got-Results
Tube-Got-Eval
Tube-Get-Contents
RNT-Machine
Req-Svc-Chain
Platform
Machine
On-Server
Mail-Subject
L5d-Success-Class
Pramga
L
Redirect-Candidate
Producers
Tube-Return
HA-Ipaddr
W
X-VG-TLSProxy
Gh-Request-Id
Web-Mar-Region
We-Hiring
X-TT-LOGID
X-AIR-PT
WP-Super-Cache
X-Render-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Fastly-Backend
NGX
X-Men
X-GoCache-CacheStatus
X-PERF
Country-Code
X-ApacheServer
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Server-IP
V-Age
X-SVT-ORM-VERSION
X-Up
X-DefElseHash
X-Accel-Expires-Debug
X-DefHash
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-Hash
X-Slack-Shared-Secret-Outcome
X-Dc
Proxy-Firewall
X-Varnish-Hits
Debug
X-Date
X-CacheTTL
X-Slack-Backend
Mime-Version
X-Pad
X-Nananana
X-Client-Ip
X-Refresh
X-Depends
X-LB-ID
X-Cs
X-CACHE-GROUP
Fastly-Drupal-HTML
X-Nf-Request-Id
X-HITS
SID
Pics-Label
CloudFront-Viewer-Country
Datacenter
X-CACHE-AGE
X-Akamai-Transformed
X-HA-Backend
X-Servedbyhost
X-Via-Popn
X-VHOST
Locid
X-Via-Popv
X-Via-Poph
X-Cache-FS-Status
X-Parent-Response-Time
X-M-Reqid
X-VC-TTL
GeoIP-Latitude
X-M-Log
X-Datadome
X-Amz-Meta-Cb-Modifiedtime
X-LB-NoCache
X-Cached-By
X-Platform-Router
X-Platform-Cluster
X-Platform-Processor
X-NewRelic-App-Data
Server-Info
X-Old-Content-Length
X-CS
X-TIME
Ngx-Var-Key
X-Litespeed-Tag
X-LiteSpeed-Tag
X-B3-Parentspanid
X-CDN-Cache-Status
BehaviorPad-Version
Resin-Trace
Fastly-Drupal-Html
X-DynaTrace-JS-Agent
Cf-Ipcountry
GeoIp-Country-Code
X-TH-Server
Server-ID
X-Moov-Xdn-Version
X-Moov-T
Cdn
X-Nc
X-APP
X-Wa
X-Presslabs-Stats
X-Vgn-Hpd-Reason
Cross-Origin-Embedder-Policy-Report-Only
X-VCache
X-Content-Length
NtCoent-Length
X-ZONE
FSS-Cache
X-Vc
X-Application
X-S-Cookie
X-User
X-B-Cookie
X-Destination
X-External-Request-Id
X-IAuth-Set-Uid
True-Client-IP
X-Esi
Cf-Device-Type
X-Fpc
X-TX-ID
CDN
X-HostName
Serverhost
X-Varnish-Beresp-TTL
True-Client-Ip
X-Zen-Fury
Uri
X-Srv
X-Dynatrace-Js-Agent
X-Cache-Date
X-Instance-Name
X-Sigma-Backend
X-Sigma
Tcn
X-Rocket-Build-Number
X-Oracle-DMS-ECID
Vc-Max-Age
X-Dispatcher-Number
X-RequestId
X-HOST
Srv
X-VServer
GeoIP-Country-Code
X-API-Version
Load-Balancing
Request-ID
X-WA
X-NC
X-FPC
S-Rt
X-Segment-20210421
X-Cdn-Cache-Status
Product
X-Dispatch
Hostname
X-DynaTrace
X-Branch-Name
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Aspnet-Duration-Ms
X-Flags
X-Cdn-Forward
X-CACHE-KEY
X-B3-Spanid
Ohc-File-Size
X-APP-VERSION
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
ServerName
X-DataCenter
Geoip-Latitude
X-Ckpd-Fst-Backend
Srvid
Server-Id
X-Page-View
X-Lb-Nocache
X-Bug-Bounty
X-SERVER-NAME
X-Geo
Type
DataCenter
X-Irp-Debug
CacheControlHeader
X-ServedByHost
X-Sql-Count
X-VCL-Version
X-Sql-Duration-Ms
X-Http-Reason
Origin-Trial
Cl-Cache
Epwk-X-Cache
Cloudfront-Viewer-Country
X-Cache-Ttl
X-Via-SSL
X-Ha-Backend
X-SIPLIST1
X-Correlation-ID
X-Via-PopV
IsBot
X-App
X-Owner
X-Lb-Id
X-Ua
ServerHost
Ohc-Cache-HIT
Edge-Copy-Time
X-Via-CDN
PICS-Label
X-Via-PopH
X-Via-Edge
X-Via-PopN
Cross-Origin-Opener-Policy-Report-Only
X-Nf-Country
Rtss
X-Nf-Ats-Version
X-HubSpot-Correlation-Id
X-Srcache-Fetch-Status
X-Nf-Language
X-Srcache-Store-Status
User-Agent
X-Proxy-CacheRZ
X-Vmg-Version
Cneonction
MIME-Version
X-MiniProfiler-Ids
X-Core-Mission
XkeyRZ
X-Akamai-Device-Characteristics
WZWS-RAY
Lb
X-Acquia-Site
X-Service-Response-Time
X-Acquia-Application-Trace
X-Sqd-Ctime
X-Acquia-Purge-Tags
X-Sqd-Stime
Sm-Log-Id
X-Acquia-Application-UUID
X-MSEdge-Features
X-Limited
X-Datacenter
X-Info
X-Web-Server
Warning
X-MSEdge-Flight
N-Cache
X-Fastly-Country-Code
X-Qloud-Router
Servername
X-Litespeed-Cache-Control
X-Hit
X-LAGOON
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Cmsid
Cmstype
X-Gamma-Serve
Xc-Version
X-Akamai-Pragma-Client-IP
X-Check-Cacheable
X-Serial
X-RAMCache
X-Requestid
X-Amz-Meta-Opti
X-Th-Server
X-Ramcache
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
Ngx
X-Snapshot-Date
X-Dw-Trace-Id