Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Accept-Ranges
Expect-CT
X-XSS-Protection
Pragma
X-Powered-By
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Xss-Protection
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-Drupal-Cache
X-DNS-Prefetch-Control
X-Check
X-Cache-Status
X-Ua-Compatible
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
X-AspNetMvc-Version
Upgrade
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Dns-Prefetch-Control
X-Turbo-Charged-By
X-Proxy-Cache
X-Ws-Request-Id
Xkey
Permissions-Policy
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
Allow
X-Dispatcher
Cf-Apo-Via
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Cache-Lookup
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-Server-Id
X-WebKit-CSP
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
X-Litespeed-Cache
Content-Location
X-Application-Context
X-Node
P3p
X-Nginx-Cache-Status
X-Nginx-Upstream-Cache-Status
X-NWS-LOG-UUID
X-CST
X-Country
Service-Worker-Allowed
X-Country-Code
X-Content-Type
X-Url
X-Clacks-Overhead
Cache-Tag
X-Trace
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
Nginx-Cache
X-Times
X-Server-Name
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-Daa-Tunnel
X-Oneagent-Js-Injection
X-Webkit-Csp
Cross-Origin-Opener-Policy
X-Mcache
X-Edge
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-Upstream
X-GitHub-Request-Id
X-D2id
Edge-Control
X-MS-InvokeApp
X-Element-Page-Cache
X-Ac
Verso
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-SID
X-ECACHE
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
X-Cache-TTL
X-Navigation-Version
X-Abt-Application-Version
X-B3-TraceId
X-Aws-Lambda-Call-Status
AR-CACHE
SPIisLatency
SPRequestDuration
X-Mod-Pagespeed
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
X-NF-Request-ID
Fastly-Restarts
X-Client-IP
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Instrumentation
Pagespeed
X-Middleton-Display
Display
X-Sol
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Mg-S
S
X-Edge-Location-Klb
X-Kinsta-Cache
X-Powered-CMS
X-Middleton-Response
Response
X-Amzn-Trace-Id
Cache-Status
X-RateLimit-Remaining
X-Goog-Hash
X-Cache-Key
Access-Control-Request-Method
X-Version
X-VARITI-CCR
X-ARC
RTSS
X-Fastly-Request-ID
X-Content-Digest
X-TraceId
X-Forwarded-For
Cross-Origin-Resource-Policy
X-Recruiting
X-T
Realpath
X-Ratelimit-Limit
X-Varnish-TTL
X-Correlation-Id
X-MSEdge-Ref
Front-End-Https
Fastcgi-Cache
MS-Author-Via
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Cached
X-PDP-UNCACHING-HASH
X-Ttl
Content-MD5
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Ua-Browser
Payment
Server-Node
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
X-Protected-By
Public-Key-Pins
X-Request-Processing-Time
X-Shield-Request-Id
X-Request-Received
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-HS-Combine-CSS
Arr-Disable-Session-Affinity
TP-Cache
X-Frontend
X-LLID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Distributor
X-HP-Webp
X-FTR-Expires
X-HP-Trace-Id
X-Jurisdiction
X-Server-ID
X-Accel-Expires
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-ORACLE-DMS-RID
Count-Hit
X-NODE
X-GUploader-UploadID
X-Origin-Server
X-Ratelimit-Remaining
X-LB-Cache
X-TTL
X-Origin-Cache-Key
X-Ezoic-Cdn
X-Hits
X-Content-Security-Policy-Report-Only
X-Request-Handler-Origin-Region
X-Microsite
X-AppVersion
X-PressLabs-Stats
X-Az
X-Activity-Id
Host
MRF-Tech
X-B3-TraceId-Primal
X-Www-Served-By
X-Varnish-Backend
Mrf-Cache-Status
X-Cluster-Name
X-Ua-Device
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-App-Server
Cache-Tags
X-Varnish-Server
Retry-After
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
Server-Name
X-Hostname
Cleartype
X-Geo-Country
X-NGENIX-Cache
X-Newrelic-App-Data
X-Id
X-Envoy-Decorator-Operation
Referer-Policy
X-Goog-Metageneration
X-CSRF-Token
X-DIS-Request-ID
X-ORACLE-DMS-ECID
X-Upgrade-Enabled
TP-L2-Cache
Access-Control-Allow-Method
X-Seen-By
X-Git-Hash
X-Azure-Ref
TCN
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Load-Cache
X-CCDN-CacheTTL
X-Unique-Id
X-F-Cache
X-Proxy
Filterid
X-Tt-Trace-Tag
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Tt-Trace-Host
X-Grace
Healthy
X-Trace-Id
X-Revision
X-XRDS-LOCATION
X-Px
X-Request-Guid
Section-Io-Cache
X-Cache-Control
X-Debug-Info
X-B3-Sampled
Paypal-Debug-Id
DC
X-TT
X-B
X-Contextid
X-Oracle-Dms-Ecid
X-Type
X-FB-Debug
X-Fb-Rlafr
X-Page-Id
X-Logged-In
X-Mobile
X-N
X-RateLimit-Limit
Viewport
X-Debug
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-Varnish-Ttl
X-Whom
X-Oracle-Dms-Rid
X-Template
Fastly-SWR
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Fastly-SIE
X-Goog-Stored-Content-Encoding
X-Time
X-Language
Charset
X-Datadog-Trace-Id
X-Datadog-Sampling-Priority
X-Datadog-Parent-Id
X-Content-Options
X-Cache-Grace
X-Webkit-CSP
Version
X-Via-JSL
Content-Disposition
X-Magnolia-Registration
X-Varnish-Grace
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-App-Environment
X-B-Cache
X-Signature
X-Origin-Cache
X-Node-Name
VIX-Pulpo-Node
X-ProcessESI
VIX-Pulpo-Upstream-Status
X-B3-SpanId
X-RemovedCookies
X-Rule
X-Datadog-Sampled
X-Debug-IsConnected
X-Yottaa-Optimizations
X-Backend-Name
X-RateLimit-Reset
X-Tumblr-User
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Hl-Ver
X-Debug-IsPreview
X-Amz-Replication-Status
X-RTag
SD-X-WS
X-G
X-UUID
X-Amzn-Remapped-Content-Length
MS-CV
Ms-Operation-Id
X-FW-Server
X-Device-Type
X-FW-Hash
X-FW-Dynamic
X-FW-Static
ServerID
X-FW-Serve
X-Adobe-Content
X-Proxy-Cache-Info
GEO-INFO
X-Instance
X-Storage
X-Cache-Age
X-Adobe-Loc
X-FW-Version
X-FW-Type
X-Cacheable-TTL
SRV
X-NYM-Debug-Backend
Countrycode
X-Is-Bot
X-Rendered-As
Country
NGB
Liferay-Portal
X-User-Agent
X-Region
X-Cache-Hit
X-IPS-LoggedIn
X-L-Path
X-Environment-Context
X-Status
Surrogate-Key
X-Real-IP
X-NWS-UUID-VERIFY
X-Source
X-Rid
X-ServerID
X-Sucuri-Cache
X-Sucuri-ID
Akamai-GRN
OT-Force-Account-Verify
X-Servername
Cross-Origin-Window-Policy
X-WP-CF-Super-Cache-Active
From-Origin
X-VC-Cache
X-UA
X-WebKit-CSP-Report-Only
X-RM-Cache-TTL
Upgrade-Insecure-Requests
Front
X-Framework
Backend
Amp-Access-Control-Allow-Source-Origin
X-INCAP-ABP
X-Mode
X-Air-Pt
Refresh
X-Xrds-Location
X-Wormhole-Sdk
X-AB
X-Air-Trace-Id
X-Content-Powered-By
X-Cache-Time
X-Air-Source
X-Air-Hostname
X-Handled-By
X-Akamai-Request-ID2
X-HTML-Minification-Powered-By
X-RID
X-DataDome
Xet-Cookie
Frame-Options
X-Edge-Location
X-Buckets
X-Endurance-Cache-Level
Url
X-VC
Meta-Geo
Filters
X-JoinUs
Selected-Fe
X-No-Session
X-Origin-Date
X-Proxy-Build
X-Reqid
X-UPSTREAM-Address
X-Timing-Wait
X-Rn-Rsrv
X-Origin-CC
Webserver
X-RCS-CacheZone
X-Rewrite-Enabled
X-Origin-TTL
X-SaId
X-Webstats-RespID
X-Logging-Id
Webcakes-App-Version
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
X-Akamai-Edgescape
TWC-GeoIP-Country
X-Xfnlog-Site
TWC-GeoIP-LatLong
X-Cluster
X-Drupal-Cache-Tags
X-Git-Commit
X-Container-Uri
X-Labrador-Cache-Channel
X-AWS-Id
X-LJ-Flow-ID
X-Tumblr-Pixel-2
TWC-Locale-Group
X-R9-Blue-Green-Version
X-Provided-By
Cache-Hits
Cache
X-Cache-Rule
WPO-Cache-Message
WPO-Cache-Status
X-Cache-Operation
X-Served-From
X-Azure-Ref-OriginShield
ServedBy
TWC-Connection-Speed
X-Origin
X-Origin-Hint
X-PHP-Host
X-VCT
Property-Id
X-VWS-Id
TWC-Device-Class
Atl-Traceid
X-Cache-Status-Check
X-Vcache
Access-Control-Request-Headers
X-SRV
X-Generation-Time
X-Extlb
X-Drupal-Cache-Contexts
X-Fetched-On
X-Hosted-By
X-Ms-Version
X-Ms-Request-Id
Mn-Server-Ip
X-Httpd
Accept-Language
X-Cms-Context
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
TDXMobile
Section-Io-Id
Web-Mar-Node
X-Accel-Version
X-Cloudmap
X-Proxied
X-Cache-Debug
X-BYPASS-REASON
X-Adobe-Source
X-CMSURLCustom
X-Locale
X-Thinkindot-L3
X-Site-Version
X-Tb
X-ProxyCache-Key
X-Shield-Cache-Expires
X-Scope-Id
X-Restarts
X-Routing-Service
X-Varnish-Cache-Hits
X-Redis-Cache
X-Web-Node
X-Zipkin-Id
X-ProxyCache-Status
X-Soup
X-Skip-Cache
X-Tcp-Rtt
X-Varnish-Age
X-Varnish-Beresp-Grace
X-Upstream-Ct
X-Browser-Name
X-Upstream-Ht
X-Format
X-Is-Mobile
X-Is-Desktop
X-Is-Supported-Browser
X-Is-Tablet
X-Loop
X-Lambda-Id
X-Geo-Region
X-S
X-Forwarded-Host
X-SayCDN-TTL
X-Frame-Option
X-Say-TTL
X-Say-Cacheable
X-Director
X-Tncms
X-CDN-Forward
Apigw-Requestid
X-GeoCountry
X-IPLB-Instance
X-GeoCode
X-Cache-Host
X-Detected-As
X-IPLB-Request-ID
X-Cdn-Origin
X-Nginx-Cache
X-Storefront-Renderer-Rendered
Xserver
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Shopify-Stage
X-Generated-By
X-Optimistic-Header
X-Worker
X-Lagoon
X-Rocket-Nginx-Serving-Static
Source
X-Vercel-Cache
X-Vercel-Id
Azure-Version
Azure-SlotName
X-B3-Traceid
Azure-RegionName
Azure-SiteName
Azure-InstanceId
X-Fastly-Request-Id
X-Request-URI
Node
X-TA-CDN-Provider
X-WP-CF-Super-Cache-Cookies-Bypass
X-Ratelimit-Reset
CDN-RequestPullSuccess
CDN-Cache
CDN-CachedAt
X-URL
Protected
Fastcgi-Useragent
AMP-Access-Control-Allow-Source-Origin
CDN-RequestPullCode
CDN-RequestId
X-Pass-Why
CDN-RequestCountryCode
CDN-PullZone
CDN-EdgeStorageId
CDN-Uid
X-Vcl-Version
LB
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Expiry
X-Connection-Hash
Cross-Origin-Embedder-Policy
X-Tumblr-Pixel-3
X-GEO
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
Onion-Location
X-XRDS-Location
X-Cache-Expired-At
X-App-Version
X-ECache
Alternate-Protocol
X-Cache-Server
X-PHP-Backend
X-Api-Version
Priority
DB-Nickname
Sid
X-Server-W
X-Jobs
Environment
Uber-Trace-Id
CF-IPCountry
X-Proxy-Cache-Status
X-Fastcgi-Cache
X-Cache-Action
X-Cluster-Node
User-Cache-Control
HostName
X-LSADC-Cache
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
X-Mg-Request-UUID
X-Uri
X-MP-GENERATED-AT
X-Response-Served-From
X-Nf-Request-Id
X-Original-Request-Id
X-Tt-Logid
X-ND-Cache
X-Node-Id
Fusion-Source
Content-Secure-Policy
X-NCache
Fusion-Deployment-Id
X-FB-TRIP-ID
X-Mvc-Supplant-Cachable
Origin-Agent-Cluster
X-FC-Vary-Parameters
Fusion-Content-Source
X-Origin-Expires
X-Esi-Check
Edge-Cache
Fusion-Component-Id
Fusion-Template-Id
DCR-Processing-Time-Ms
Fusion-Content-Id
DCR-Decision-By
X-Org
X-Op-Id-All
X-Ec-GeoHdr
A
MD5-Digest
X-GeoIP-City
Magicmarker
Meta-Geo-Continent
X-Device-Os
X-Developer
X-Gzip
Ngx.Var.Host
X-Ig-Origin-Region
X-Dispatcher-Server
X-Generated-On
Candidate-Md5Url
X-Hnp-Log
X-D
Gannett-Cam-Experience-Id
X-Ec-Fail
Cache-Tv-Group
X-Jungle-Id
X-Level-Front-Cache
Lang
X-Gen-Mode
X-Forwarded-Site
Req-ID
X-Proto
X-BCube-Filmed-By
X-Cache-Id
X-Vtex-Remote-Cache
X-Vdms-Version
Server-Host
X-Powered-By-VTEX-Cache
X-UA-Device-Type
X-Request-Start
X-Cache-NE
X-SB
X-Pubstack
X-TIM-N
X-Vdms-Path
X-VTEX-Cache-Server
X-Block-Status
X-Bl-Debug
X-Viewer-Country
T-Server
X-VTEX-Cache-Time
Sslversion
X-Bip
X-Content-Age
Surrogated-Key
X-Epic-Correlation-Id
X-ScT
X-A-Ccd
X-A-Dam
X-SRCache-Key
X-A
Rendered-Blocks
X-Platform
X-A-Dcw
X-A-Dgt
X-Varnish-Hostname
X-Conf
X-Clientip
X-Rojux
Wxu-Next-Region
Wxu-Next-Commit
Vix-Hermes-Req-Id
X-DC
X-Bc-Bl
X-Thanos
Wxu-Next-Hostname
X-Policy
X-Aed
X-A-Wwc
X-Origin-Response-Time
X-NGINX-Cache
X-Tx-Id
X-TT-LOGID
X-Edge-Server
X-Backend-Instance
X-Auto-Login
Fastly-SSL
We-Hiring
W
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Host-ID
Ssr
Origin-EX
Release
Origin-CC
X-Cache-TTL-Remaining
X-App-Name
X-Core-Value
X-Cdn-Srv
PFcat
Powered-By
X-CGP
X-AK-Request-ID
Origin
X-Auth-Group-Type
X-Debug-Cache-Fetch
Sever-Int
X-Debug-Cache-Store
X-Cache-Bucket
Mail-Subject
Server-Hostname
Server-Ext
X-Csrf-Jwt
X-CUA
NM-Fastcgi-Cache
X-Cache-Info
L5d-Success-Class
X-Mvc-Supplant-OutputCached
X-PAYTM-SRV-ID
X-Origin-Time
X-Ismobilevalue
WP-Super-Cache
Fastly-Backend-Name
X-Req
X-Nyt-Route
X-NMSegId
X-Loc
X-RateLimit-Remaining-Second
X-Via-Fastly
X-Varnish-Beresp-Status
X-Nginx-Cache-Key
X-Amz-Storage-Class
X-Ig-Push-State
X-WA-Info
X-LiteSpeed-Cache-Control
X-Scheme
Cdn-Requestid
X-RateLimit-Limit-Second
X-SD-PageType
X-Varnishpool
XM
Yak-Timeinfo
X-Request-Time
X-VarnishDD-TTL
X-Region-Sid
X-HS-Content-Campaign-Id
X-Test
Cdnsip
X-Gdpr
Cdncip
Cdn-Request-Time
CDCHOST
Cdn-Host
X-ID
X-Fmm-Version
DSUID
X-Eu-Site
X-VG-WebCache
X-Fastly-Cache
Content-Script-Type
Content-Style-Type
Canary
X-Var-Ttl
X-GeoIP-Country-Code
X-Service
X-GeoIP-Region-Code
X-Varnish-Director
X-HN
X-GeoIP
AKAMAI
X-Geo-Header
Cache-Provider
C-Via
X-V-Cache
X-Newrelic-Synthetics
X-Varnish-Beresp-Ttl
X-VG-TLSProxy
X-BBC-Edge-Cache-Status
X-SVT-ORM-RULES
X-ApacheServer
X-Varnish-Authentication
X-B3-Trace-ID
X-SVT-ORM-VERSION
X-Server-IP
X-Sn-Servicetimems
X-Section
X-PERF
X-Location
X-Men
X-Micro-Cache
X-Mly-Id
X-Human
X-GoCache-CacheStatus
X-Fastly-Backend
X-From
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Contensis-Viewer-Groups
Odigeo-Trace-Id
X-Proxied-Request
X-Render-Time
X-Cache-Backend
X-Cache-Aspx
X-We-Are-Hiring
X-Wikidot-Backend
X-Tb-Optimization-Total-Bytes-Saved
X-CacheTTL
X-Pool
X-Wikidot-Static-Cache
X-Request-Host
Platform
Machine
L
Is-Eu
Fastly-GeoIP-CountryCode
On-Server
Pramga
RNT-Machine
Req-Svc-Chain
Redirect-Candidate
Producers
Esi-Enabled
Country-Code
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Adler-Geo
X-Dc
Apple-News-Services-Request-Url
Cache-Key
Cluster
Click-Count-Error
Click-Count-Action-Start
RNT-Time
Apple-News-Services-Host
Tube-Got-Results
X-Acquia-Purge-Cdn-Unconfigured
X-Ad-Load-Variation
X-Access
Web-Mar-Region
Tube-Return
V-Age
X-Aicache-OS
Tube-Got-Eval
Tube-Get-Contents
True-Client-Country-4JS
X-AIR-PT
X-Zone
X-Slack-Backend
X-Slack-Shared-Secret-Outcome
X-Accel-Expires-Debug
X-Up
X-Custom-Header
X-Hash
NGX
X-NodeID
Proxy-Firewall
X-Date
X-Cs
X-LB-ID
Debug
X-COUNTRY
X-Varnish-Hits
X-Pad
X-Varnish-CookieINHashed-On
X-CACHE-GROUP
X-Nananana
X-DefElseHash
X-DefHash
Datacenter
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Client-Ip
Mime-Version
X-Refresh
Locid
X-Via-Poph
X-HA-Backend
X-Via-Popn
X-Via-Popv
X-Depends
Fastly-Drupal-HTML
SID
X-Akamai-Transformed
X-VC-TTL
X-Amz-Meta-Cb-Modifiedtime
Pics-Label
X-VHOST
CloudFront-Viewer-Country
X-LiteSpeed-Tag
X-Platform-Processor
X-Platform-Router
X-Platform-Cluster
X-Cache-FS-Status
X-M-Log
X-M-Reqid
GeoIP-Latitude
X-Servedbyhost
X-Datadome
Ngx-Var-Key
X-Parent-Response-Time
X-Cached-By
X-Old-Content-Length
X-CACHE-AGE
Fastly-Drupal-Html
X-LB-NoCache
X-B3-Parentspanid
X-TIME
X-DynaTrace-JS-Agent
Server-Info
Resin-Trace
X-TH-Server
X-CDN-Cache-Status
X-Moov-T
X-Moov-Xdn-Version
X-CS
Cf-Ipcountry
BehaviorPad-Version
GeoIp-Country-Code
X-Litespeed-Tag
Cross-Origin-Embedder-Policy-Report-Only
Server-ID
X-Presslabs-Stats
Cdn
X-ZONE
X-APP
X-Wa
X-Vgn-Hpd-Reason
X-VCache
X-Nc
NtCoent-Length
X-HITS
X-Application
X-TX-ID
X-NewRelic-App-Data
X-IAuth-Set-Uid
X-Destination
Cf-Device-Type
X-B-Cookie
FSS-Cache
X-External-Request-Id
X-User
X-S-Cookie
X-Varnish-Beresp-TTL
CDN
X-Fpc
X-Content-Length
X-Zen-Fury
X-Esi
Uri
True-Client-IP
X-HostName
Srv
X-Rocket-Build-Number
X-Instance-Name
True-Client-Ip
X-Srv
X-Vc
X-Cache-Date
X-Sigma-Backend
X-Sigma
X-Aspnet-Duration-Ms
X-VServer
X-Flags
Load-Balancing
X-Route-Name
Serverhost
X-Providence-Cookie
Tcn
X-API-Version
X-Is-Crawler
X-Oracle-DMS-ECID
X-DynaTrace
X-Dynatrace-Js-Agent
X-CLOUD-TRACE-CONTEXT
X-Branch-Name
X-WA
X-NC
X-FPC
S-Rt
X-Cdn-Forward
X-HOST
X-Dispatcher-Number
GeoIP-Country-Code
X-Segment-20210421
Request-ID
Vc-Max-Age
X-Cdn-Cache-Status
X-RequestId
X-Dispatch
Product
X-APP-VERSION
Ohc-File-Size
X-Page-View
Hostname
X-DataCenter
Server-Id
ServerName
X-B3-Spanid
Srvid
Type
X-FL-QIT-DEBUG
Geoip-Latitude
X-Webkit-Csp-Report-Only
X-Lb-Nocache
X-ServedByHost
X-Bug-Bounty
X-Ckpd-Fst-Backend
X-Irp-Debug
X-Sql-Duration-Ms
X-Http-Reason
X-Sql-Count
X-Geo
CacheControlHeader
Cloudfront-Viewer-Country
Cl-Cache
DataCenter
X-VCL-Version
X-Via-CDN
Origin-Trial
Edge-Copy-Time
Ohc-Cache-HIT
X-Via-Edge
IsBot
PICS-Label
X-Via-SSL
X-SIPLIST1
X-Owner
X-CACHE-KEY
Epwk-X-Cache
Lb
WZWS-RAY
X-Cache-Ttl
ServerHost
X-Core-Mission
X-App
X-Via-PopH
Cross-Origin-Opener-Policy-Report-Only
X-Proxy-CacheRZ
X-Correlation-ID
XkeyRZ
X-Ha-Backend
X-Ua
MIME-Version
X-Via-PopV
X-Via-PopN
X-Srcache-Fetch-Status
X-Srcache-Store-Status
Rtss
X-CSRF-TOKEN
N-Cache
X-MSEdge-Features
X-MSEdge-Flight
X-Qloud-Router
X-Hit
X-MiniProfiler-Ids
X-Lb-Id
X-Acquia-Application-Trace
X-Acquia-Application-UUID
CountryCode
X-Acquia-Site
X-Amz-Meta-Opti
X-Sqd-Ctime
Sm-Log-Id
X-Service-Response-Time
X-Akamai-Device-Characteristics
X-Web-Server
X-Sqd-Stime
X-Datacenter
X-Fastly-Country-Code
X-Limited
X-Vmg-Version
Cneonction
User-Agent
X-Acquia-Purge-Tags
Warning
X-Iplb-Instance
X-Iplb-Request-Id
X-Litespeed-Cache-Control
X-LAGOON
X-Gamma-Serve
X-IN-APIGATEWAYSSL
X-HubSpot-Correlation-Id
X-Dw-Trace-Id
X-IN-APIGATEWAY
X-Info
Ngx
Xkey-La3
X-Check-Cacheable
Xkeylog
X-RAMCache
X-Requestid
X-Akamai-Pragma-Client-IP
X-Serial
X-Th-Server
X-Amz-Meta-S3b-Last-Modified
X-Amz-Meta-Sha256
X-Proxy-Cache-La3
X-Snapshot-Date
X-Ramcache
X-Udemy-Cache-App-Namespace