Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-TTL
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
Accept-Ch
Verso
X-ESI
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-GitHub-Request-Id
X-Cdn-Fetch
Edge-Cache-Tag
RTSS
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-D2id
X-Px
X-Debug
X-Abt-Application-Version
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
Charset
X-NF-Request-ID
X-Server-Name
X-Cached
X-Accel-Expires
Display
Response
X-Middleton-Display
X-Middleton-Response
Pagespeed
X-Sol
X-TEC-API-VERSION
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Amz-Rid
Arr-Disable-Session-Affinity
TCN
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-Trace
X-Fastcgi-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
S
X-DynaTrace-JS-Agent
Nginx-Cache
X-Shard
SPRequestDuration
SPIisLatency
X-Upstream
X-Id
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Amzn-Trace-Id
X-Grace
X-T
X-Edge-O15-RID
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
X-Recruiting
DynaTrace
X-Hits
X-Forwarded-For
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Server-ID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Node-Name
X-DIS-Request-ID
X-Mobile-URL
X-Cache-TTL
X-Element-Page-Cache
NR-ENABLED
X-Jurisdiction
X-FTR-Expires
X-FTR-Cache-Status
X-Content-Digest
X-Country-Code-Real
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Frontend
Powered
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
Server-Node
Alternate-Protocol
TP-L2-Cache
Server-Name
TP-Cache
X-Logged-In
X-Correlation-Id
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Cache-Hit
X-Amz-Apigw-Id
X-Content-Options
X-Page-Id
X-Origin-Server
X-Content-Security-Policy-Report-Only
Refresh
X-User-Agent
X-F-Cache
X-Rid
X-Akamai-Edgescape
X-Revision
X-Type
X-Varnish-Grace
X-CST
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-Geo-Country
X-LB-Cache
X-B3-Sampled
X-B
X-Shield-Request-Id
X-URL
X-AppVersion
X-Activity-Id
X-Az
X-FTR-Cache-Host
X-N
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-Kinsta-Cache
Cache-Status
X-Webapp-Samesite-None-Activated-N
X-Pad
X-TT
X-Cache-Age
X-Instance
X-Debug-Info
X-WebKit-CSP-Report-Only
X-AOL-HN
X-B-Cache
X-Tumblr-Pixel-0
X-Jobs
X-Signature
X-Request-Guid
X-Framework
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel
Paypal-Debug-Id
X-Time
Actual-Object-TTL
X-Webkit-Csp
X-Cache-Action
Access-Control-Allow-Method
X-PHP-Backend
X-FB-Debug
DC
X-RateLimit-Remaining
X-Analytics
X-Load-Cache
X-Cached-By
X-Git-Hash
X-Varnish-Backend
X-Tt-Trace-Tag
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Fastcgi-Useragent
Host-Header
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
MS-CV
X-ATG-Version
X-SS-Set-Cookie
Accept-CH
FilterID
X-WA-Info
X-FastCGI-Cache
X-Cluster
X-Cache-Key
Tracecode
NGB
Host
X-Accel-Buffering
X-Response-Served-From
X-Mobile
X-B3-Traceid
X-Host-Name
WPE-Backend
Payment
X-Kong-Upstream-Latency
X-Varnish-Server
X-Kong-Proxy-Latency
Source
X-Cache-NE
X-Cache-2
X-FW-Server
X-FW-Static
Frame-Options
X-Region
X-FW-Hash
Eomportal-Instance
X-Hostname
X-Cache-Operation
X-Cache-Rule
Xserver
X-FW-Serve
X-FW-Type
X-Srv
X-Via-JSL
X-Varnish-Hostname
X-Tumblr-Pixel-2
Cache-Tv-Group
X-ORACLE-APMCS-TAG
X-Cacheable-TTL
X-ORACLE-APMCS-REQUEST-ID
Filters
X-Tumblr-Pixel-1
X-GeoIP
X-IPS-LoggedIn
X-Is-Bot
X-Cache-Enabled
X-Rendered-As
X-Adobe-Content
X-Adobe-Loc
X-TX-ID
X-Origin-Response-Time
X-RequestSource
X-NewRelic-App-Data
X-Presslabs-Stats
X-NWS-LOG-UUID
X-EdgeConnect-Cache-Status
Accept-CH-Lifetime
X-Seen-By
Cleartype
Retry-After
X-Ruxit-Js-Agent
X-Cache-TTL-Remaining
Server-Info
X-VCache
X-RemovedCookies
X-ProcessESI
Cache
Liferay-Portal
X-HTML-Minification-Powered-By
X-RTag
Datacenter
Ms-Operation-Id
X-Source
X-Cache-Control
X-UA
X-Ttl
X-L-Path
X-FireWall-Port
X-Environment-Context
X-Dc
X-App-Server
Healthy
X-Upgrade-Enabled
From-Origin
X-Endurance-Cache-Level
X-Cache-Server
X-CACHE-KEY
X-Esi
X-PressLabs-Stats
X-APP-VERSION
X-Handled-By
X-RateLimit-Limit
X-Rule
X-Backend-Name
X-Status
Version
X-ES-SERVER
X-Wix-Request-Id
X-Path-Route
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
Meta-Geo
X-Access
Selected-Fe
X-Request-Time
X-Section
X-Timing-Wait
X-Tb
OT-Force-Account-Verify
X-Format
X-Proxy-Build
X-Storage
X-ProxyCache-Status
X-ProxyCache-Key
X-Sorting-Hat-ShopId
Cache-Tags
X-ShardId
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-BYPASS-REASON
X-Human
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Alternate-Cache-Key
Mn-Server-Ip
X-Proto
Akamai-GRN
Azure-InstanceId
X-PCL
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ShopId
X-Origin
Srv
X-Akamai-Request-ID
X-Content-Age
X-OCL
X-Cluster-Node
X-Akamai-Request-ID2
X-Debug-Cache
Origin-Edge-Control
X-AWS-Id
X-Cache-Host
X-Pubstack
Decoy-Debug-Key
X-JoinUs
X-Hyper-Cache
X-LJ-Flow-ID
X-MP-GENERATED-AT
X-Proxy
DB-Nickname
Decoy-Debug-Status
Now
X-Generated-By
NGX
X-Hl-Ver
Decoy-Debug-TTL
Origin-Cache-Control
X-ServerID
X-Qloud-Router
X-Soup
X-FC-Vary-Parameters
X-Hosted-By
X-SaId
X-NYM-Debug-Backend
X-Web-Node
X-Viewer-Country
X-VWS-Id
X-Vgn-Hpd-Reason
X-UUID
Ec-Rule-Version
X-Proxy-Cache-Status
Node
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Config
S-Rt
X-FW-Dynamic
X-Time-Microsecs
X-Redis-Cache
Property-Id
TWC-Device-Class
X-SayCDN-TTL
X-Www-Served-By
X-Say-TTL
TWC-GeoIP-Country
X-Generated
X-Say-Cacheable
Cross-Origin-Window-Policy
TWC-Connection-Speed
X-Locale
X-CCM
X-Site-Version
X-RCS-CacheZone
X-Akamai-Transformed
X-Detected-As
X-BCube-Filmed-By
X-Origin-Hint
Webcakes-Region
X-IP
X-Varnish-Hits
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Xfnlog-Site
X-Loop
X-FB-TRIP-ID
X-R9-Blue-Green-Version
GEO-INFO
X-TNCMS
X-Amzn-Remapped-Content-Length
Accept-Charset
L5d-Success-Class
X-CS
X-Unique-Id
X-NCache
Cache-Name
Uber-Trace-Id
Viewport
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Drupal-Cache-Tags
Time
Webserver
Cache-Key
X-UA-Device-Type
X-Backend-TTL
X-UnsetCookies
X-CDN-Forward
X-Cache-Remote
X-Mode
X-From
X-Origin-TTL
X-Origin-CC
Accept-Language
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Forwarded-Host
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
Country
X-Cluster-Name
X-Newrelic-Synthetics
Mime-Version
X-B3-Spanid
X-Info
Odigeo-Trace-Id
X-Microcachable
X-Whom
X-TT-TIMESTAMP
X-Edge-Location
X-Varnish-Cache-Hits
X-NGENIX-Cache
X-Magnolia-Registration
X-CLOUD-TRACE-CONTEXT
X-ApacheServer
X-PERF
ServedBy
X-Daa-Tunnel
Content-Disposition
X-Geo
X-UPSTREAM-Address
X-EC-Lua
Proxy-Connection
Ohc-File-Size
Ohc-Cache-HIT
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Device-Type
Cf-Ipcountry
X-No-Session
X-Via-Fastly
X-Uri
Mobile-Detection-Method
Rendered-Blocks
W
X-A-Ccd
X-A-Dam
X-A
Meta-Geo-Continent
Viewtype
VivaBuild
T-Server
Content-Style-Type
Apple-News-Services-Request-Url
X-A-Dcw
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AsisCache
BehaviorPad-Version
Machine
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Content-Script-Type
MD5-Digest
X-CF-Lambda-Version
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Session-Fingerprint
X-ScT
X-Rojux
X-S
X-S-Cookie
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Vdms-Version
X-VG-TLSProxy
X-Rocket-Build-Number
X-Rewrite-Enabled
X-B-Cookie
X-CF-Lambda-Fn
X-Connection-Hash
X-ARC
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-D
X-Date
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Geo-Header
X-External-Request-Id
X-Destination
X-DPWN-IS-SECURE
X-A-Dgt
X-G
User-Cache-Control
X-Labrador-Cache-Channel
X-PHP-Host
X-C
HitType
Geo-Info
HA-Ipaddr
IsBot
Locid
Powered-By
X-Thanos
X-Tumblr-Pixel-3
Ha-Gx-Prefs
Gh-Request-Id
X-WebServer
X-Wikidot-Backend
CDCHOST
Environment
Section-Io-Cache
X-Varnish-Authentication
X-VC-Cache
Fastly-Soc-X-Request-Id
X-Epic-Correlation-Id
Server-Cache-Control
X-Backend-State
X-Auto-Login
X-App-Name
X-Bip
X-Cache-ASPX
X-CGP
X-Hit
X-Cache-Debug
X-Agile-Id
X-Agile-Age
Server-Surrogate-Control
X-Wikidot-Static-Cache
X-Contensis-Viewer-Groups
X-Render-Time
X-Real-IP
X-Agile
X-Logging-Id
X-SIPLIST1
X-TrackingId
X-CUA
X-Eu-Site
X-Developers
X-Distil-CS
X-Cache-Time
X-GoCache-CacheStatus
X-Nc
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache-Key
X-NodeID
X-NX-Host
X-Micro-Cache
X-Debug-Log
X-Cms-Context
X-Dispatcher-Server
Cache-Host
Fastly-SSL
X-Generated-In
X-Origin-Date
X-Proxy-Upstream
V-Age
X-RateLimit-Limit-Second
True-Client-Country-4JS
X-RateLimit-Remaining-Second
X-Owner
X-OVcl-Cache
Web-Mar-Node
We-Hiring
X-Origin-Expires
X-OVcl
X-AK-Request-ID
X-Rebelmouse-Cache-Control
X-Varnish-Beresp-Status
X-Cache-Info
X-Varnish-Beresp-Ttl
X-Cache-Bucket
X-Cache-Backend
X-Cache-URL
X-Hash
X-Varnish-Beresp-Grace
X-Generation-Time
X-GeoIP-City
X-Cdn-Srv
X-Distributor
X-Block-Status
X-Azure-Ref
X-Instart-Isnd
X-Rebelmouse-Surrogate-Control
X-Irp-Debug
X-Key
X-IN-APIGATEWAYSSL
X-Servername
Access-Control-Request-Headers
X-Hnp-Log
X-IN-APIGATEWAY
X-BBXSRF
X-Webstats-RespID
X-Debug-Cookies
X-Urbn-Site-Id
Locale
Kp-EeAlive
X-User
Heartbleed
X-VServer
X-Urbn-Context-Path
X-TT-LOGID
X-Gamma-Serve
Mail-Subject
X-Fetched-On
X-We-Are-Hiring
X-TH-Server
Cdncip
X-FW-Version
AKAMAI
X-WADP-Cache
Country-Code
Memcached
X-Li-Fabric
Fastly-Backend-Name
X-LI-UUID
X-LI-Proto
X-Li-Pop
Cdnsip
X-Clara-WADP
X-Trace-Id
X-Gen-Mode
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
RNT-Time
RNT-Machine
X-Server-W
Server-ID
X-Request-URI
IBM-Web2-Location
X-Clientip
Server-Int
X-Fastly-Cache
Fastly-SWR
X-SVT-ORM-VERSION
X-Swa-Ws
Countrycode
X-Core-Mission
X-Debug-Cache-Store
Fastly-SIE
Request-Country
Request-EU
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Oneagent-Js-Injection
X-Generated-On
X-Nginx-Cache
X-Is-Gdpr
X-Internal-Host
X-Has-Esi
X-Cache-Tags
X-JWT-State
X-NU-AKA-ACS-Version
X-Variation
X-Up
X-Platform-Server
Platform
Is-Eu
X-Service
X-Old-Content-Length
X-Matched-Rule
X-ServiceProvider
X-Thinkindot-L3
Adler-Geo
X-Reboot
X-Trafficlayer-App-Version
X-Level-Front-Cache
X-Req
Wxu-Next-Region
PFcat
ServerName
Thinkindot-CacheControl
Thinkindot-Control
Server-Host
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
X-Core-Value
FNAC-ModuleRouting
X-TA-CDN-Provider
Wxu-Next-Commit
Filterid
X-Response-By
X-App-Version
X-S-Maxage
X-Location
X-SERVER
Cache-Hits
X-Air-Hostname
X-Lb-Id
RequestId
X-B3-Parentspanid
Pragrma
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Expired-At
X-Refresh
X-Parent-Response-Time
X-Var-Ttl
Group
X-CSRF-TOKEN
Memory
X-Tec-Api-Root
ProcessTime
X-Tec-Api-Version
X-Tec-Api-Origin
S-Cnection
X-NC
Powered-By-ChinaCache
X-CF-Powered-By
X-Wa
X-Ua
X-B3-SpanId
X-Cdn-Forward
X-Server-IP
X-Pjax-Url
User-Agent
Origin
X-BACKEND-TTL
X-CSRF-Token
X-Pf-Uncompressing
SRV
X-Sucuri-ID
X-Correlation-ID
PICS-Label
X-Cdn-Request-ID
X-Varnish-Cacheable
Media-Length
Geoip-Latitude
TTL
X-NWS-UUID-VERIFY
X-NGINX-Cache
GeoIp-Country-Code
X-Vcl-Version
X-COUNTRY
X-Via-CDN
Geoip-City
X-FORWARDED-FOR
X-Sucuri-Id
X-Unique-ID
Dnion-Transfer-Encoding
X-Servedbyhost
X-Developer
X-Ocache
X-Cdn-Origin
X-Cache-Grace
X-Webkit-CSP
X-Sn-Servicetimems
X-Device-Os
X-Node-Id
SN
X-LAGOON
X-Rocket-Nginx-Bypass
X-Litespeed-Cache
On-Server
X-AIR-PT
X-Reqid
X-Via-Ucdn
X-Varnish-Ttl
Esi-Enabled
M-TraceId
X-TIME
XServer
A
X-Planisys-CDN-Rules
X-Policy
X-Request-Host
X-Planisys-CDN-TTL
X-HS-Status
X-MSEdge-Flight
X-Planisys-CDN-Cache
X-MSEdge-Features
X-Cache-Status-Check
X-Fastly-Country-Code
X-Azure-Ref-OriginShield
X-Request-Start
Hostname
HostName
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Who
Cloudfront-Viewer-Country
X-Beluga-Node
Rt-Proxy-Cache
X-Cache-Ttl
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Cache-Status
Resin-Trace
Cdn
X-Ftr-Cache-Host
X-VHOST
X-ServedByHost
X-Ratelimit-Remaining
Host-ID
GeoIP-Country-Code
NtCoent-Length
MIME-Version
X-Method
X-VCL-Version
CF-Cached-On
X-Varnish-URL
Magicmarker
X-DC
X-LiteSpeed-Cache-Control
GeoIP-Latitude
Ttl
X-APP
Pics-Label
X-Zone
X-Bc
X-Oracle-Dms-Rid
Tcn
X-Fastly-Backend-Reqs
X-Varnish-Url
Cteonnt-Length
X-Slack-Backend
GeoIP-City
Load-Balancing
X-DW
X-DSS
X-RPM
X-RPS
X-RSL
X-Action
X-PF-Uncompressing
X-Be
X-DB
X-VarnishDD-TTL
X-Svr
Ohc-Response-Time
X-Newrelic-App-Data
X-DI
X-PJAX-URL
X-SERVER-NAME
Vix-Hermes-Req-Id
Arc-Country
X-SRV
DSUID
X-Swift-Error
Amp-Access-Control-Allow-Source-Origin
Pramga
X-Cache-FS-Status
X-Server-Time
X-Skip-Cache
X-Processor
X-PAYTM-SRV-ID
X-Dispatch
X-FPC
X-Ratelimit-Limit
WebServer
X-Ftr-Request-Id
X-MServer
Release
CACHE
X-VCT
X-Hello
Processtime
X-ABtesting
X-Hp-Ccpa-Warning
Fastly-Drupal-HTML
X-Flog
X-DevSite-Last-Modified
X-ND-Cache
X-Tid
X-Dynatrace
X-BE
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
Servername
Cdn-Host
X-Configured-By
X-LB-ID
X-Aicache-OS
Cdn-Request-Time
N-Cache
X-HostName
Cache-Provider
X-Served-From
X-Edge-Server
X-ID
X-Frame-Option
Lfy
CF-IPCountry
X-Ftr-Realm
Dynatrace
X-Fastly-Cache-Hits
X-SD-PageType
X-StackifyID
X-Ftr-Dc
X-Upstream-Ht
X-Amzn-Remapped-Connection
X-Snapshot-Date
SD-X-WS
X-Branch-Name
CDN
X-Bc-Bl
X-Amzn-Remapped-Date
Requestid
X-WA
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Backend
X-Upstream-Ct
Pagetype
X-CACHE-AGE
X-Backend-Host
Proxy-Firewall
X-Compress-Hint
X-Apw-Access-Object
X-Apw-Access-Action
X-SB
X-Cache-Id
X-SN
X-Apw-Hits
L
X-Varnish-Beresp-TTL
X-Edge-IP
X-ZONE
X-Request-Url
X-VC
V-Cache
X-Cc-Via
Warning
X-Apw-Access-Token
D-Cc-Upstream
X-Cc-Req-Id
Lb
X-ServerName
CloudFront-Viewer-Country
WZWS-RAY
X-WPE-Loopback-Upstream-Addr
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-Worker
X-Via-NSCOPI
X-Request-URL
X-Release
X-BC
Correlation-Id
X-Powered-Y
X-Fastly-Cache-Status
WP-Super-Cache
X-ElasticPress-Search
X-App
X-Check-Cacheable
Backend-Name