Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Strict-Transport-Security
Content-Length
X-Content-Type-Options
Link
Last-Modified
Cf-Request-Id
CF-Cache-Status
ETag
CF-RAY
Expect-CT
Accept-Ranges
Pragma
X-Powered-By
X-XSS-Protection
X-Cache
Via
Age
Content-Security-Policy
Report-To
NEL
Alt-Svc
Referrer-Policy
Access-Control-Allow-Origin
Content-Language
X-Xss-Protection
X-Amz-Cf-Pop
X-Amz-Cf-Id
P3P
X-Cache-Hits
X-UA-Compatible
X-Served-By
X-Download-Options
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Varnish
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Access-Control-Allow-Credentials
Accept-CH
X-AspNet-Version
Content-Security-Policy-Report-Only
X-Runtime
Accept-CH-Lifetime
X-DNS-Prefetch-Control
X-Drupal-Cache
X-Check
X-Ua-Compatible
X-Cache-Status
X-Generator
Server-Timing
X-Request-ID
X-Cacheable
X-Envoy-Upstream-Service-Time
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Iinfo
X-Drupal-Dynamic-Cache
X-Content-Security-Policy
Access-Control-Expose-Headers
Feature-Policy
X-CDN
Content-Encoding
Status
Upgrade
X-AspNetMvc-Version
CF-Ray
Access-Control-Max-Age
X-Amz-Request-Id
X-Via
X-Amz-Id-2
Cf-Edge-Cache
Host-Header
EagleId
Keep-Alive
Request-Context
X-Backend
X-Cache-Group
X-UA-Device
X-AH-Environment
X-Robots-Tag
X-Server
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
Permissions-Policy
Xkey
X-Ws-Request-Id
X-Rq
X-Age
X-Vhost
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-Dispatcher
Cf-Apo-Via
Allow
X-Swift-CacheTime
X-Swift-SaveTime
X-Server-Powered-By
Grace
Ali-Swift-Global-Savetime
X-Varnish-Cache
X-LiteSpeed-Cache
X-Page-Speed
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Cache-Lookup
X-OneAgent-JS-Injection
X-Device
Cf-Railgun
X-Backend-Server
EagleEye-TraceId
X-Host
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Server-Id
X-WebKit-CSP
X-Response-Time
X-Readtime
X-Akam-SW-Version
Surrogate-Control
X-HW
Request-Id
X-Ruxit-JS-Agent
X-Cloud-Trace-Context
Content-Location
X-Node
X-Application-Context
P3p
X-Nginx-Upstream-Cache-Status
X-Nginx-Cache-Status
X-NWS-LOG-UUID
X-Litespeed-Cache
X-Country
Service-Worker-Allowed
X-Country-Code
X-CST
X-Content-Type
X-Clacks-Overhead
Cache-Tag
X-Trace
X-Url
X-Webkit-Csp
Rating
X-Rack-Cache
X-Amz-Server-Side-Encryption
X-Times
Nginx-Cache
X-FTR-Request-ID
X-PC
X-Vname
X-TtlSet
X-Oneagent-Js-Injection
X-Daa-Tunnel
X-Server-Name
Cross-Origin-Opener-Policy
X-Edge
X-Mcache
X-Midtier
X-Browser-Type
X-Powered-By-Plesk
X-ESI
X-Cnection
X-GitHub-Request-Id
X-Upstream
Edge-Control
Verso
X-Element-Page-Cache
X-D2id
X-Ac
X-MS-InvokeApp
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Kinja
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-SID
Accept-Ch-Lifetime
X-ECACHE
X-FastCGI-Cache
X-Vcap-Request-Id
X-Ser
X-Cache-TTL
X-Abt-Application-Version
X-Navigation-Version
X-B3-TraceId
AR-CACHE
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
X-Mod-Pagespeed
X-SharePointHealthScore
SPRequestGuid
X-Amz-Rid
Fastly-Restarts
X-Client-IP
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Aws-Lambda-Call-Status
Display
X-Middleton-Display
X-Sol
Pagespeed
Edge-Cache-Tag
X-Mg-S
X-Kinsta-Cache
X-Edge-Location-Klb
S
X-Powered-CMS
X-Goog-Hash
Response
X-Middleton-Response
Cache-Status
X-Version
Access-Control-Request-Method
X-Amzn-Trace-Id
X-VARITI-CCR
X-Ruxit-Js-Agent
X-ARC
X-Cache-Key
X-RateLimit-Remaining
RTSS
X-Fastly-Request-ID
X-Content-Digest
X-TraceId
Cross-Origin-Resource-Policy
X-Forwarded-For
X-T
X-Recruiting
X-Server-ID
Realpath
X-Ratelimit-Limit
X-Correlation-Id
X-PDP-UNCACHING-HASH
X-MSEdge-Ref
Fastcgi-Cache
Front-End-Https
X-Cached
MS-Author-Via
X-Varnish-TTL
Content-MD5
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Ua-Browser
X-FTR-Backend-Server
X-FTR-Backend
X-Protected-By
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-Request-Processing-Time
X-Request-Received
Public-Key-Pins
X-Shield-Request-Id
Payment
Server-Node
X-Ratelimit-Remaining
MicrosoftSharePointTeamServices
X-Forwarded-Proto
X-TTL
TP-Cache
X-Frontend
X-HS-Combine-CSS
X-LLID
Arr-Disable-Session-Affinity
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Ttl
X-Distributor
X-FTR-Expires
X-Jurisdiction
X-HP-Trace-Id
X-Accel-Expires
X-HP-Webp
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NODE
X-GUploader-UploadID
Count-Hit
X-Origin-Server
X-ORACLE-DMS-RID
X-LB-Cache
X-PressLabs-Stats
X-Ezoic-Cdn
X-Request-Handler-Origin-Region
X-Microsite
X-AppVersion
X-Activity-Id
X-Az
X-Content-Security-Policy-Report-Only
X-Www-Served-By
X-Ua-Device
X-TEC-API-ROOT
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Varnish-Backend
X-Cluster-Name
X-App-Server
Host
X-Varnish-Server
X-Hits
Retry-After
X-Amz-Meta-S3cmd-Attrs
Accept-Charset
Cache-Tags
Server-Name
Cleartype
X-ORACLE-DMS-ECID
X-Origin-Cache-Key
X-NGENIX-Cache
X-Hostname
X-Goog-Metageneration
X-Geo-Country
X-Envoy-Decorator-Operation
X-CSRF-Token
Referer-Policy
X-Newrelic-App-Data
X-Upgrade-Enabled
X-DIS-Request-ID
X-Git-Hash
TP-L2-Cache
Access-Control-Allow-Method
X-Id
X-Unique-Id
X-Seen-By
Filterid
TCN
X-Azure-Ref
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-Load-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Proxy
X-F-Cache
X-Varnish-Ttl
X-Revision
X-Request-Guid
X-Trace-Id
X-Grace
Healthy
Section-Io-Cache
X-Cache-Control
X-TT
X-B
DC
X-Amz-Apigw-Id
X-B3-Sampled
X-Amzn-RequestId
Paypal-Debug-Id
X-Logged-In
X-Contextid
X-Type
X-Debug-Info
X-Fb-Rlafr
X-FB-Debug
X-Mobile
X-Px
X-Page-Id
X-Debug
X-N
Viewport
X-WP-CF-Super-Cache-Cache-Control
X-WP-CF-Super-Cache
X-RateLimit-Limit
X-XRDS-LOCATION
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Oracle-Dms-Rid
Fastly-SIE
Fastly-SWR
X-Oracle-Dms-Ecid
X-Whom
X-Time
X-Via-JSL
Charset
X-Webkit-CSP
X-Datadog-Parent-Id
Content-Disposition
X-Template
X-Content-Options
X-Datadog-Sampling-Priority
X-Datadog-Trace-Id
Version
X-Cache-Grace
X-Magnolia-Registration
X-Origin-Cache
X-Wix-Request-Id
X-Varnish-Grace
X-App-Environment
X-EdgeConnect-Cache-Status
X-Signature
X-B-Cache
X-Language
X-RemovedCookies
X-Node-Name
X-ProcessESI
SRV
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Tumblr-User
X-Tumblr-Pixel-0
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-Rule
X-Amz-Replication-Status
Countrycode
MS-CV
X-Debug-IsConnected
VIX-Pulpo-Upstream-Status
SD-X-WS
X-RTag
Ms-Operation-Id
X-Debug-IsPreview
X-UUID
X-Datadog-Sampled
X-G
X-Hl-Ver
VIX-Pulpo-Node
X-FW-Hash
X-FW-Type
X-Adobe-Loc
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Version
X-Storage
ServerID
X-Adobe-Content
GEO-INFO
X-Backend-Name
X-FW-Dynamic
X-Instance
X-Device-Type
X-Is-Bot
X-Rendered-As
X-Proxy-Cache-Info
X-Cacheable-TTL
X-NYM-Debug-Backend
X-Amzn-Remapped-Content-Length
X-Cache-Age
NGB
Surrogate-Key
X-Cache-Hit
X-Status
Country
X-User-Agent
X-Region
X-B3-SpanId
Liferay-Portal
X-Environment-Context
X-L-Path
X-Real-IP
X-IPS-LoggedIn
X-Rid
X-NWS-UUID-VERIFY
X-RateLimit-Reset
X-Source
X-ServerID
X-Sucuri-Cache
X-WP-CF-Super-Cache-Active
Akamai-GRN
X-Sucuri-ID
Cross-Origin-Window-Policy
X-Xrds-Location
OT-Force-Account-Verify
X-Servername
X-UA
Amp-Access-Control-Allow-Source-Origin
From-Origin
X-RM-Cache-TTL
X-VC-Cache
X-WebKit-CSP-Report-Only
Front
X-Framework
Upgrade-Insecure-Requests
X-Air-Pt
Backend
X-Mode
X-INCAP-ABP
X-Wormhole-Sdk
X-Air-Hostname
X-Air-Source
X-URL
X-Air-Trace-Id
X-AB
X-Cache-Time
Refresh
X-Content-Powered-By
X-Akamai-Request-ID2
Xet-Cookie
X-Handled-By
X-RID
X-DataDome
X-Edge-Location
X-Endurance-Cache-Level
X-VC
Frame-Options
X-HTML-Minification-Powered-By
X-Timing-Wait
X-Rn-Rsrv
X-SaId
X-Rewrite-Enabled
X-Proxy-Build
X-RCS-CacheZone
X-UPSTREAM-Address
X-Xfnlog-Site
X-Origin-CC
X-Origin-TTL
Url
X-JoinUs
Filters
Selected-Fe
Meta-Geo
X-Webstats-RespID
X-LJ-Flow-ID
X-Logging-Id
X-No-Session
X-Origin
X-Labrador-Cache-Channel
X-Git-Commit
X-Cluster
X-Container-Uri
X-Origin-Date
X-Origin-Hint
X-Tumblr-Pixel-2
X-VWS-Id
X-Served-From
X-Reqid
X-PHP-Host
X-Provided-By
X-AWS-Id
Webcakes-Region
Accept-Language
Property-Id
ServedBy
Cache
X-Cache-Rule
WPO-Cache-Status
X-Cache-Operation
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
WPO-Cache-Message
Atl-Traceid
X-CDN-Forward
X-R9-Blue-Green-Version
Mn-Server-Ip
Section-Io-Id
X-Redis-Cache
X-Proxied
X-IPLB-Request-ID
X-Vcache
X-Scope-Id
X-Routing-Service
Cache-Hits
Web-Mar-Node
X-Accel-Version
X-Extlb
X-Fetched-On
X-Hosted-By
X-IPLB-Instance
X-Drupal-Cache-Tags
X-Cms-Context
X-Adobe-Source
X-Akamai-Edgescape
X-Cache-Debug
X-Cloudmap
X-Tb
X-Restarts
X-Azure-Ref-OriginShield
X-Site-Version
X-SRV
Access-Control-Request-Headers
X-VCT
X-Locale
X-Web-Node
X-Zipkin-Id
Webserver
X-Varnish-Cache-Hits
X-ProxyCache-Key
X-Format
X-Frame-Option
X-Generation-Time
X-Forwarded-Host
X-Tncms
X-Lambda-Id
X-ProxyCache-Status
Thinkindot-CacheControl-Type
X-Ms-Request-Id
X-Ms-Version
X-Loop
X-BYPASS-REASON
X-Buckets
X-CMSURLCustom
X-Director
TDXMobile
Thinkindot-CacheControl
Thinkindot-Control
X-Httpd
X-Drupal-Cache-Contexts
X-Varnish-Age
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Skip-Cache
X-Upstream-Ct
X-Thinkindot-L3
X-Nginx-Cache
X-Soup
X-S
X-Shield-Cache-Expires
X-Upstream-Ht
X-ShopId
X-Tcp-Rtt
X-ShardId
X-Sorting-Hat-ShopId
X-Shopify-Stage
Xserver
X-Detected-As
X-Alternate-Cache-Key
X-Is-Mobile
X-Browser-Name
X-Sorting-Hat-PodId
X-GeoCountry
X-Is-Supported-Browser
X-Varnish-Beresp-Grace
X-Is-Desktop
X-Is-Tablet
X-Storefront-Renderer-Rendered
Apigw-Requestid
X-Geo-Region
X-Generated-By
X-GeoCode
X-Ratelimit-Reset
X-Optimistic-Header
X-Cdn-Origin
X-Cache-Status-Check
X-Cache-Host
X-Lagoon
LB
X-Worker
X-Vercel-Id
Source
Fastcgi-Useragent
X-Request-URI
X-Vercel-Cache
Azure-InstanceId
X-WP-CF-Super-Cache-Cookies-Bypass
Azure-SlotName
Azure-Version
X-Fastly-Request-Id
Azure-RegionName
X-Rocket-Nginx-Serving-Static
Azure-SiteName
X-TA-CDN-Provider
Node
X-B3-Traceid
X-Pass-Why
Protected
CDN-RequestCountryCode
X-Connection-Hash
CDN-RequestPullSuccess
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
CDN-Uid
CDN-RequestPullCode
Expiry
X-Vcl-Version
Cross-Origin-Embedder-Policy
Onion-Location
X-App-Version
X-Tumblr-Pixel-3
X-Api-Version
X-ECache
X-GEO
X-Tec-Api-Origin
X-Cache-Expired-At
X-Tec-Api-Root
X-Tec-Api-Version
X-PHP-Backend
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Cache-Server
Alternate-Protocol
DB-Nickname
Sid
CDN-RequestId
Environment
X-Server-W
Priority
X-Erf-Stays-Pdp-Viaduct-Migration-Web-V2
Uber-Trace-Id
X-Proxy-Cache-Status
X-Fastcgi-Cache
Cdn-Requestid
X-Tt-Logid
X-ID
CF-IPCountry
X-Ismobilevalue
X-Jobs
X-Cluster-Node
X-Cache-Action
User-Cache-Control
Locale
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Mg-Request-UUID
X-LSADC-Cache
X-Tx-Id
X-MP-GENERATED-AT
HostName
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Cache-Tv-Group
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Magicmarker
DCR-Processing-Time-Ms
X-Ec-GeoHdr
Content-Secure-Policy
DCR-Decision-By
X-Ec-Fail
Meta-Geo-Continent
MD5-Digest
Sslversion
Edge-Cache
Gannett-Cam-Experience-Id
Surrogated-Key
Origin-Agent-Cluster
Ngx.Var.Host
Rendered-Blocks
Origin
X-Esi-Check
Req-ID
X-Epic-Correlation-Id
Candidate-Md5Url
A
X-Block-Status
X-Bl-Debug
X-Bip
X-BCube-Filmed-By
X-Developer
X-D
X-Clientip
X-Conf
X-Content-Age
X-Cache-NE
X-Cache-Id
X-Device-Os
X-Bc-Bl
Wxu-Next-Region
X-A
Wxu-Next-Hostname
Wxu-Next-Commit
T-Server
X-A-Ccd
X-A-Dam
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Dispatcher-Server
X-Ig-Origin-Region
X-Node-Id
X-Vdms-Version
X-Op-Id-All
X-Org
X-NCache
X-Viewer-Country
X-Ig-Push-State
X-Jungle-Id
X-Level-Front-Cache
X-Origin-Expires
X-Vdms-Path
X-SB
X-ScT
X-SRCache-Key
X-Rojux
X-Thanos
X-UA-Device-Type
X-FB-TRIP-ID
X-TIM-N
Lang
X-ND-Cache
X-Vtex-Remote-Cache
X-Forwarded-Site
X-GeoIP-City
X-Gen-Mode
X-Gzip
X-DC
X-Hnp-Log
X-Generated-On
X-Origin-Response-Time
X-Auth-Group-Type
X-Varnish-Director
X-V-Cache
NM-Fastcgi-Cache
X-Var-Ttl
X-Test
X-Region-Sid
X-SD-PageType
X-AK-Request-ID
Odigeo-Trace-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Hostname
Yak-Timeinfo
XM
Ssr
Server-Host
X-Amz-Storage-Class
Server-Hostname
Powered-By
Release
X-VTEX-Cache-Server
Server-Ext
X-Via-Fastly
X-VG-WebCache
X-VTEX-Cache-Time
X-Varnishpool
X-VarnishDD-TTL
X-WA-Info
Origin-EX
PFcat
Sever-Int
Vix-Hermes-Req-Id
X-Req
X-HS-Content-Campaign-Id
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-CUA
X-Core-Value
X-Nginx-Cache-Key
X-Mvc-Supplant-Cachable
X-Loc
X-HN
X-GeoIP-Region-Code
X-Fmm-Version
X-Fastly-Cache
X-FC-Vary-Parameters
X-Gdpr
X-Edge-Server
X-GeoIP-Country-Code
X-GeoIP
X-Geo-Header
X-NMSegId
X-Cdn-Srv
X-Cache-Bucket
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Request-Start
X-Request-Time
X-Auto-Login
X-Backend-Instance
X-Scheme
X-Pubstack
X-Proto
X-Origin-Time
X-Nyt-Route
X-Cache-TTL-Remaining
X-PAYTM-SRV-ID
X-Cache-Info
X-Powered-By-VTEX-Cache
X-Policy
X-Platform
X-App-Name
Origin-CC
X-Original-Request-Id
Cdnsip
Cdncip
X-Response-Served-From
Content-Script-Type
Fastly-Backend-Name
DSUID
Content-Style-Type
Cdn-Request-Time
Cdn-Host
X-NGINX-Cache
X-Zone
X-Uri
X-Service
AKAMAI
CDCHOST
Cache-Provider
Fastly-SSL
C-Via
Host-ID
X-Varnish-Beresp-Status
X-Cache-Backend
X-Cache-Aspx
X-VG-TLSProxy
X-Varnish-Authentication
Mail-Subject
X-Contensis-Viewer-Groups
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-CGP
Adler-Geo
Apple-News-Services-Host
Cache-Key
X-Aicache-OS
Canary
X-Ad-Load-Variation
Apple-News-Services-Request-Url
X-LiteSpeed-Cache-Control
X-Sn-Servicetimems
X-BBC-Edge-Cache-Status
Apple-News-Services-Parsed-Url
X-B3-Trace-ID
Apple-News-Services-Handled
X-Csrf-Jwt
L5d-Success-Class
X-Mvc-Supplant-OutputCached
X-NodeID
Machine
X-From
X-Mly-Id
X-GoCache-CacheStatus
X-Location
X-Human
X-Men
X-Micro-Cache
X-Varnish-Beresp-Ttl
X-Newrelic-Synthetics
X-Ec-Custom-Error
X-DPWN-IS-SECURE
X-Section
X-Server-IP
X-Request-Host
L
X-Pool
X-Fastly-Backend
X-Proxied-Request
X-Eu-Site
X-Acquia-Purge-Cdn-Unconfigured
Is-Eu
X-Wikidot-Static-Cache
Gh-Request-Id
Tube-Return
X-Custom-Header
Req-Svc-Chain
Esi-Enabled
W
V-Age
Tube-Got-Results
Tube-Got-Eval
RNT-Time
X-Access
Cluster
RNT-Machine
True-Client-Country-4JS
Tube-Get-Contents
On-Server
We-Hiring
Click-Count-Error
Fastly-GeoIP-CountryCode
Platform
Redirect-Candidate
Pramga
Producers
X-Dc
Ha-Gx-Prefs
Country-Code
HA-Ipaddr
X-Wikidot-Backend
Click-Count-Action-Start
X-We-Are-Hiring
Web-Mar-Region
X-AIR-PT
WP-Super-Cache
X-TT-LOGID
X-Date
X-Slack-Shared-Secret-Outcome
X-Accel-Expires-Debug
X-Hash
X-Slack-Backend
NGX
X-Render-Time
X-PERF
X-ApacheServer
X-CacheTTL
Proxy-Firewall
X-DefElseHash
Debug
X-Varnish-Hits
X-Varnish-CookieHashed-On
X-COUNTRY
X-DefHash
X-Varnish-Remaining-TTL
X-Up
X-Varnish-CookieINHashed-On
Mime-Version
X-Pad
X-CACHE-GROUP
X-Nananana
X-Client-Ip
X-Cs
X-LB-ID
X-Depends
X-Refresh
X-Nf-Request-Id
CloudFront-Viewer-Country
Pics-Label
Datacenter
Fastly-Drupal-HTML
SID
X-HA-Backend
X-Via-Poph
X-Via-Popv
X-Via-Popn
Locid
X-Servedbyhost
X-Akamai-Transformed
X-VHOST
X-Parent-Response-Time
X-Datadome
X-M-Reqid
GeoIP-Latitude
X-VC-TTL
X-Amz-Meta-Cb-Modifiedtime
X-M-Log
X-Cache-FS-Status
X-LB-NoCache
X-Platform-Cluster
X-CACHE-AGE
X-HITS
X-Cached-By
X-Platform-Processor
X-Platform-Router
X-NewRelic-App-Data
X-B3-Parentspanid
X-Old-Content-Length
X-CS
X-TIME
Fastly-Drupal-Html
Ngx-Var-Key
X-LiteSpeed-Tag
Server-Info
X-Litespeed-Tag
Resin-Trace
BehaviorPad-Version
X-CDN-Cache-Status
X-DynaTrace-JS-Agent
Cf-Ipcountry
X-TH-Server
GeoIp-Country-Code
X-APP
X-Moov-T
X-Moov-Xdn-Version
X-Nc
Server-ID
X-Wa
X-Vgn-Hpd-Reason
X-VCache
Cross-Origin-Embedder-Policy-Report-Only
Cdn
FSS-Cache
NtCoent-Length
X-IAuth-Set-Uid
X-Content-Length
X-ZONE
X-Varnish-Beresp-TTL
X-Fpc
X-B-Cookie
X-Application
True-Client-IP
X-S-Cookie
X-Esi
Cf-Device-Type
X-User
X-Destination
X-External-Request-Id
CDN
X-HostName
X-TX-ID
Uri
X-Presslabs-Stats
X-Srv
X-Zen-Fury
X-Vc
Serverhost
True-Client-Ip
X-Dynatrace-Js-Agent
X-Cache-Date
X-Dispatcher-Number
Tcn
X-Rocket-Build-Number
X-Instance-Name
X-Sigma
X-Sigma-Backend
Vc-Max-Age
X-Oracle-DMS-ECID
X-API-Version
Srv
X-B3-Spanid
X-VServer
GeoIP-Country-Code
X-RequestId
S-Rt
X-FPC
X-HOST
Load-Balancing
Request-ID
Product
X-Branch-Name
X-DynaTrace
X-Segment-20210421
X-NC
X-Dispatch
Hostname
X-WA
X-Cdn-Cache-Status
X-Route-Name
X-Providence-Cookie
X-Flags
X-CACHE-KEY
X-Cdn-Forward
X-Aspnet-Duration-Ms
X-Is-Crawler
Server-Id
X-APP-VERSION
Ohc-File-Size
Geoip-Latitude
X-DataCenter
X-Webkit-Csp-Report-Only
X-FL-QIT-DEBUG
Srvid
ServerName
X-Ckpd-Fst-Backend
X-Page-View
X-Lb-Nocache
Type
X-Geo
X-SERVER-NAME
X-Bug-Bounty
DataCenter
CacheControlHeader
X-Irp-Debug
X-ServedByHost
X-Sql-Duration-Ms
X-Sql-Count
X-Http-Reason
X-VCL-Version
X-Via-PopV
Cl-Cache
X-Via-PopN
X-Via-PopH
Epwk-X-Cache
Cloudfront-Viewer-Country
Origin-Trial
X-Ha-Backend
X-Cache-Ttl
X-Lb-Id
IsBot
X-Owner
X-Via-SSL
X-Correlation-ID
X-Via-CDN
X-App
X-Via-Edge
ServerHost
X-SIPLIST1
Edge-Copy-Time
PICS-Label
Cross-Origin-Opener-Policy-Report-Only
Ohc-Cache-HIT
X-Ua
X-Nf-Ats-Version
X-Nf-Language
Rtss
X-Nf-Country
X-HubSpot-Correlation-Id
X-Srcache-Store-Status
X-Srcache-Fetch-Status
X-Core-Mission
X-Proxy-CacheRZ
X-Akamai-Device-Characteristics
User-Agent
X-Vmg-Version
Cneonction
WZWS-RAY
X-MiniProfiler-Ids
MIME-Version
XkeyRZ
Lb
X-Acquia-Site
X-Qloud-Router
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Fastly-Country-Code
X-Sqd-Stime
X-Service-Response-Time
Sm-Log-Id
X-Sqd-Ctime
X-Acquia-Application-Trace
Cmsid
X-MSEdge-Flight
X-Info
X-MSEdge-Features
X-Datacenter
X-Web-Server
Warning
N-Cache
X-Gamma-Serve
X-Limited
Cmstype
X-Litespeed-Cache-Control
X-CSRF-TOKEN
X-LAGOON
Servername
X-Hit
X-IN-APIGATEWAYSSL
Xc-Version
X-IN-APIGATEWAY
X-Amz-Meta-Opti
X-Check-Cacheable
X-Serial
X-RAMCache
X-Akamai-Pragma-Client-IP
X-Requestid
X-Th-Server
X-Ramcache
X-Amz-Meta-Sha256
X-Udemy-Cache-App-Namespace
X-Amz-Meta-S3b-Last-Modified
Ngx
X-Snapshot-Date
X-Dw-Trace-Id