Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
X-Node
X-Ac
Content-Location
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-ORACLE-DMS-ECID
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
X-Mod-Pagespeed
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-TTL
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-FTR-Request-ID
X-TtlSet
X-PC
Accept-Ch
Verso
X-ESI
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-GitHub-Request-Id
Edge-Cache-Tag
RTSS
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-Request-ID
X-Debug
X-Px
X-D2id
X-Abt-Application-Version
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
Charset
X-NF-Request-ID
X-Server-Name
X-Accel-Expires
X-Cached
X-Middleton-Display
X-Sol
Display
X-MSEdge-Ref
Response
X-Middleton-Response
Pagespeed
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Vcap-Request-Id
Arr-Disable-Session-Affinity
X-Amz-Rid
TCN
X-Powered-CMS
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-Trace
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
X-VARITI-CCR
Realpath
Cache-Tag
Public-Key-Pins
X-Client-IP
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
S
Nginx-Cache
X-DynaTrace-JS-Agent
X-Shard
X-Upstream
SPRequestDuration
SPIisLatency
X-Id
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Amzn-Trace-Id
X-Grace
X-Amz-Meta-S3cmd-Attrs
X-T
X-Edge-O15-RID
Nel
X-Recruiting
DynaTrace
X-Forwarded-For
X-Hits
Front-End-Https
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Server-ID
X-Node-Name
X-DIS-Request-ID
X-Mobile-URL
X-Dw-Request-Base-Id
X-Element-Page-Cache
MicrosoftSharePointTeamServices
NR-ENABLED
X-Content-Digest
X-Cache-TTL
X-Jurisdiction
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Powered
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Frontend
X-Goog-Stored-Content-Encoding
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
Server-Node
TP-L2-Cache
TP-Cache
Alternate-Protocol
Server-Name
X-Logged-In
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Upgrade-Insecure-Requests
Backend-Timing
X-Cache-Hit
X-Page-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Options
Refresh
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-F-Cache
X-Akamai-Edgescape
X-Revision
X-User-Agent
X-Rid
X-CST
X-Varnish-Grace
X-Type
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-B3-Sampled
X-Geo-Country
X-B
X-LB-Cache
X-URL
X-Shield-Request-Id
X-AppVersion
X-Az
X-Activity-Id
X-N
X-FTR-Cache-Host
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Kinsta-Cache
X-Webapp-Samesite-None-Activated-N
Cache-Status
X-Cache-Age
X-Pad
X-AOL-HN
X-Instance
X-WebKit-CSP-Report-Only
X-TT
X-Debug-Info
Paypal-Debug-Id
X-Signature
X-B-Cache
X-Request-Guid
Actual-Object-TTL
X-Time
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-Webkit-Csp
X-Tumblr-User
X-Jobs
X-Framework
X-Cache-Action
X-Tumblr-Pixel
DC
X-PHP-Backend
X-FB-Debug
X-App-Environment
X-Load-Cache
X-RateLimit-Remaining
X-Analytics
X-Cached-By
X-Git-Hash
X-Tt-Trace-Tag
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Erf-Bev-Bev
X-Varnish-Backend
Fastcgi-Useragent
X-Tt-Trace-Host
Host-Header
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
MS-CV
X-SS-Set-Cookie
X-ATG-Version
FilterID
X-WA-Info
Accept-CH
X-FastCGI-Cache
X-Cluster
Tracecode
X-Cache-Key
X-Accel-Buffering
X-Response-Served-From
X-Host-Name
Host
X-Mobile
X-Cache-NE
NGB
Payment
WPE-Backend
X-B3-Traceid
X-FW-Server
X-Cache-2
X-FW-Serve
X-Region
X-FW-Static
X-FW-Type
X-Hostname
Source
Frame-Options
X-Via-JSL
X-FW-Hash
X-Cache-Rule
X-Cache-Operation
X-Varnish-Server
Eomportal-Instance
X-Cacheable-TTL
X-Tumblr-Pixel-1
Xserver
Cache-Tv-Group
X-Srv
X-Rendered-As
X-Tumblr-Pixel-2
X-Is-Bot
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Hostname
X-ORACLE-APMCS-TAG
X-IPS-LoggedIn
X-Adobe-Content
X-Cache-Enabled
X-ORACLE-APMCS-REQUEST-ID
X-Adobe-Loc
X-TX-ID
X-GeoIP
Filters
X-Origin-Response-Time
X-NewRelic-App-Data
X-RequestSource
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-Seen-By
X-NWS-LOG-UUID
Retry-After
Cleartype
Accept-CH-Lifetime
X-Ruxit-Js-Agent
X-VCache
Server-Info
X-Cache-TTL-Remaining
X-ProcessESI
Cache
X-RemovedCookies
X-HTML-Minification-Powered-By
Liferay-Portal
Ms-Operation-Id
Datacenter
X-RTag
X-Source
X-UA
X-Ttl
X-Cache-Control
X-Dc
X-FireWall-Port
X-Environment-Context
X-L-Path
X-App-Server
X-Upgrade-Enabled
Healthy
X-Endurance-Cache-Level
From-Origin
X-Cache-Server
X-CACHE-KEY
X-Esi
X-APP-VERSION
X-Handled-By
X-PressLabs-Stats
X-RateLimit-Limit
X-Status
Version
X-Rule
X-Backend-Name
Meta-Geo
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-Path-Route
X-Wix-Request-Id
X-ES-SERVER
X-Access
OT-Force-Account-Verify
X-Tb
X-Section
X-Format
X-Request-Time
Azure-InstanceId
Azure-Version
X-Timing-Wait
Akamai-GRN
X-Origin
X-ProxyCache-Status
X-Proxy-Build
X-PCL
Azure-SlotName
X-ProxyCache-Key
Azure-SiteName
Azure-RegionName
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Human
X-Proto
Selected-Fe
X-OCL
X-Storage
X-Content-Age
X-Akamai-Request-ID
X-BYPASS-REASON
Cache-Tags
Srv
X-Viewer-Country
X-EIG-Tracking-Id
Ec-Rule-Version
X-Cache-Config
X-Hl-Ver
X-Hyper-Cache
X-JoinUs
X-NYM-Debug-Backend
X-FC-Vary-Parameters
Node
Decoy-Debug-Key
X-Web-Node
X-Time-Microsecs
X-Alternate-Cache-Key
X-Hosted-By
X-FW-Dynamic
S-Rt
X-UUID
NGX
X-Proxy-Cache-Status
DB-Nickname
X-ServerID
X-ShardId
X-ShopId
X-Proxy
X-Pubstack
X-Qloud-Router
X-Redis-Cache
Mn-Server-Ip
Now
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
Decoy-Debug-TTL
Decoy-Debug-Status
X-MP-GENERATED-AT
Origin-Edge-Control
X-Sorting-Hat-ShopId
Origin-Cache-Control
X-Sorting-Hat-PodId
X-SaId
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-Akamai-Request-ID2
X-VWS-Id
X-BCube-Filmed-By
X-Akamai-Transformed
X-Soup
X-Cluster-Node
X-Locale
X-Say-Cacheable
X-Debug-Cache
X-Detected-As
X-LJ-Flow-ID
X-Generated-By
X-Generated
X-CCM
X-Say-TTL
X-RCS-CacheZone
X-AWS-Id
X-IP
X-Site-Version
X-Cache-Host
X-SayCDN-TTL
X-Varnish-Hits
X-R9-Blue-Green-Version
X-Origin-Hint
TWC-Connection-Speed
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Property-Id
X-Www-Served-By
X-Amzn-Remapped-Content-Length
GEO-INFO
X-Loop
Accept-Charset
X-TNCMS
X-Xfnlog-Site
X-Yottaa-Optimizations
X-Yottaa-Metrics
L5d-Success-Class
X-FB-TRIP-ID
X-Unique-Id
X-CS
X-NCache
Viewport
Uber-Trace-Id
X-Drupal-Cache-Tags
Cache-Name
Webserver
Time
Cache-Key
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-UA-Device-Type
X-CDN-Forward
X-Backend-TTL
X-Cache-Remote
X-From
X-Mode
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Forwarded-Host
X-Origin-CC
X-Origin-TTL
X-UnsetCookies
Country
Accept-Language
X-Cluster-Name
Rt-Fastcgi-Cache
Mime-Version
X-Newrelic-Synthetics
X-Drupal-Cache-Contexts
X-B3-Spanid
Odigeo-Trace-Id
X-Microcachable
X-TT-TIMESTAMP
X-Info
X-Varnish-Cache-Hits
X-Edge-Location
X-Whom
X-NGENIX-Cache
X-CLOUD-TRACE-CONTEXT
X-PERF
X-ApacheServer
X-Magnolia-Registration
X-Geo
ServedBy
Content-Disposition
X-Daa-Tunnel
X-UPSTREAM-Address
X-EC-Lua
Ohc-File-Size
Ohc-Cache-HIT
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-No-Session
X-Via-Fastly
X-Device-Type
Proxy-Connection
Cf-Ipcountry
X-Uri
Mobile-Detection-Method
X-Rewrite-Enabled
X-Request-UUID
X-Rocket-Build-Number
X-Rojux
X-S-Cookie
X-S
X-Region-Sid
X-GeoIP-Country-Code
X-Destination
X-Date
X-DPWN-IS-SECURE
X-External-Request-Id
X-Geo-Header
X-G
X-ScT
X-Session-Fingerprint
X-VG-WebCache
X-VG-TLSProxy
X-VG-WebServer
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-Vdms-Version
X-Twitter-Response-Tags
X-Sigma-Backend
X-Sigma
X-SRCache-Key
X-Transaction
X-Trv-Group
X-D
X-Connection-Hash
Machine
GEO-REGION-INFO
MD5-Digest
Meta-Geo-Continent
T-Server
Rendered-Blocks
Fastcgi-X-Cache-Version
Content-Style-Type
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
AsisCache
Content-Script-Type
BehaviorPad-Version
Viewtype
VivaBuild
X-Application
X-Aed
X-ARC
X-B-Cookie
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Accel-Expires-Debug
X-A-Wwc
X-A
W
X-A-Ccd
X-A-Dam
X-A-Dcw
Apple-News-Services-Handled
X-A-Dgt
X-PHP-Host
X-Labrador-Cache-Channel
HitType
X-C
User-Cache-Control
X-Wikidot-Static-Cache
Gh-Request-Id
X-Wikidot-Backend
X-Bip
X-Logging-Id
X-Tumblr-Pixel-3
X-Real-IP
X-Backend-State
Server-Surrogate-Control
X-Eu-Site
Environment
Server-Cache-Control
Powered-By
X-Cache-Debug
X-Cache-ASPX
X-CGP
Fastly-Soc-X-Request-Id
X-Render-Time
X-Contensis-Viewer-Groups
X-Hit
Ha-Gx-Prefs
X-Varnish-Authentication
X-Thanos
X-Agile
IsBot
X-TrackingId
Locid
X-Developers
X-Distil-CS
X-Agile-Age
X-Agile-Id
HA-Ipaddr
CDCHOST
X-Auto-Login
Geo-Info
X-App-Name
X-VC-Cache
X-Epic-Correlation-Id
X-SIPLIST1
X-WebServer
Section-Io-Cache
X-GoCache-CacheStatus
X-Nc
X-Cache-Time
X-VServer
X-TH-Server
X-CUA
X-AK-Request-ID
X-We-Are-Hiring
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-FW-Version
Fastly-SIE
Countrycode
X-Core-Mission
X-Cache-Info
X-Cms-Context
X-Clara-WADP
X-Cache-URL
X-LI-UUID
X-LI-Proto
X-Cache-Bucket
X-Debug-Cache-Store
X-Block-Status
X-Li-Fabric
X-Li-Pop
X-Cache-Backend
X-Cdn-Srv
X-Gamma-Serve
X-Proxy-Upstream
X-Varnish-Beresp-Status
X-Request-URI
X-Owner
X-OVcl-Cache
X-Origin-Date
X-Origin-Expires
X-OVcl
X-WADP-Cache
X-Server-W
X-Urbn-Site-Id
X-Urbn-Context-Path
X-TT-LOGID
X-Trace-Id
X-Swa-Ws
X-Sucuri-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-NX-Host
X-NodeID
Fastly-SWR
X-Gen-Mode
X-Generated-In
X-Fastly-Cache
IBM-Web2-Location
X-Debug-Log
Memcached
X-Distributor
X-Generation-Time
X-GeoIP-City
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-Micro-Cache
X-Key
X-Hnp-Log
Fastly-SSL
X-Irp-Debug
X-Debug-Cookies
X-Azure-Ref
Cache-Host
Fastly-Backend-Name
Heartbleed
Request-EU
True-Client-Country-4JS
RNT-Machine
Cdncip
Country-Code
RNT-Time
Server-ID
Server-Int
Cdnsip
AKAMAI
Request-Country
X-Rebelmouse-Cache-Control
Web-Mar-Node
Locale
X-Servername
X-Rebelmouse-Surrogate-Control
X-Clientip
X-Varnish-Beresp-Grace
V-Age
X-Varnish-Beresp-Ttl
X-Oneagent-Js-Injection
Mail-Subject
FNAC-ModuleRouting
X-Fetched-On
X-Up
X-Variation
X-Dispatcher-Server
Kp-EeAlive
X-IN-APIGATEWAY
X-Req
X-Webstats-RespID
X-RateLimit-Remaining-Second
ServerName
X-Service
X-Thinkindot-L3
X-ServiceProvider
X-RateLimit-Limit-Second
Access-Control-Request-Headers
X-IN-APIGATEWAYSSL
X-TA-CDN-Provider
X-Generated-On
X-Instart-Isnd
X-Level-Front-Cache
X-Old-Content-Length
X-Matched-Rule
X-Nginx-Cache
X-Hash
X-BBXSRF
Adler-Geo
X-Reboot
X-Has-Esi
X-Internal-Host
Thinkindot-CacheControl-Type
We-Hiring
Platform
X-Cache-Tags
X-User
Thinkindot-Control
X-Is-Gdpr
Thinkindot-CacheControl
X-Core-Value
X-JWT-State
X-Platform-Server
Is-Eu
X-NU-AKA-ACS-Version
PFcat
Filterid
Cache-Hits
X-App-Version
X-S-Maxage
X-SERVER
Wxu-Next-Hostname
X-Response-By
Wxu-Next-Commit
Wxu-Next-Region
X-Location
X-Trafficlayer-App-Version
Server-Host
X-Lb-Id
RequestId
X-Air-Hostname
X-B3-Parentspanid
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Expired-At
X-Refresh
Pragrma
Group
X-CSRF-TOKEN
Memory
X-Tec-Api-Version
X-Tec-Api-Origin
S-Cnection
X-NC
X-Tec-Api-Root
X-Var-Ttl
ProcessTime
X-CF-Powered-By
Powered-By-ChinaCache
X-Wa
X-Ua
X-B3-SpanId
X-Cdn-Forward
User-Agent
X-BACKEND-TTL
X-Pjax-Url
Origin
X-Server-IP
X-CSRF-Token
X-Pf-Uncompressing
X-Sucuri-ID
SRV
X-Correlation-ID
PICS-Label
X-Varnish-Cacheable
TTL
X-Cdn-Request-ID
Geoip-Latitude
Media-Length
GeoIp-Country-Code
X-Vcl-Version
X-COUNTRY
X-FORWARDED-FOR
Geoip-City
X-NWS-UUID-VERIFY
X-NGINX-Cache
X-Unique-ID
X-Sucuri-Id
Dnion-Transfer-Encoding
X-Servedbyhost
X-Via-CDN
X-Developer
X-Cdn-Origin
X-LAGOON
X-Sn-Servicetimems
X-Ocache
X-Cache-Grace
SN
X-Webkit-CSP
X-Litespeed-Cache
X-Node-Id
X-Rocket-Nginx-Bypass
On-Server
M-TraceId
X-Reqid
X-Varnish-Ttl
X-Device-Os
X-Via-Ucdn
Esi-Enabled
X-AIR-PT
X-TIME
XServer
X-HS-Status
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Policy
X-Planisys-CDN-TTL
X-Request-Host
X-MSEdge-Flight
A
X-MSEdge-Features
X-Cache-Status-Check
Hostname
X-Request-Start
X-Fastly-Country-Code
X-Azure-Ref-OriginShield
HostName
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
Cloudfront-Viewer-Country
X-Beluga-Trace
Who
Resin-Trace
Rt-Proxy-Cache
Cdn
X-Beluga-Cache-Status
X-Cache-Ttl
X-Oss-Server-Time
X-Ftr-Cache-Host
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-VHOST
X-ServedByHost
CF-Cached-On
MIME-Version
Magicmarker
X-Ratelimit-Remaining
X-VCL-Version
X-Method
Host-ID
X-Varnish-URL
NtCoent-Length
Ttl
X-LiteSpeed-Cache-Control
GeoIP-Country-Code
Pics-Label
X-DC
X-Zone
X-Bc
X-APP
X-Oracle-Dms-Rid
Tcn
GeoIP-Latitude
X-Slack-Backend
X-Fastly-Backend-Reqs
Cteonnt-Length
X-Varnish-Url
Load-Balancing
X-PF-Uncompressing
Ohc-Response-Time
X-PJAX-URL
X-DI
X-DB
X-Action
X-RSL
X-DW
X-RPS
X-DSS
X-Newrelic-App-Data
X-VarnishDD-TTL
X-Svr
X-Be
GeoIP-City
X-RPM
X-FPC
Pramga
X-Cache-FS-Status
X-Ftr-Request-Id
X-PAYTM-SRV-ID
Arc-Country
X-Server-Time
X-Processor
X-Skip-Cache
X-Ratelimit-Limit
X-SRV
Amp-Access-Control-Allow-Source-Origin
Vix-Hermes-Req-Id
DSUID
WebServer
X-MServer
X-SERVER-NAME
CACHE
X-VCT
Release
Fastly-Drupal-HTML
X-Dynatrace
X-ABtesting
X-Dispatch
X-Hp-Ccpa-Warning
X-Tid
X-Swift-Error
Processtime
X-ND-Cache
X-BE
X-Hello
X-DevSite-Last-Modified
X-Flog
X-WR-MODIFICATION
Servername
X-Dynatrace-Js-Agent
X-ID
X-Edge-Server
X-Aicache-OS
Cache-Provider
X-Configured-By
X-HostName
X-Served-From
Cdn-Request-Time
X-LB-ID
Cdn-Host
X-Frame-Option
X-Bc-Bl
X-StackifyID
Dynatrace
X-Ftr-Dc
X-Amzn-Remapped-Date
X-WA
N-Cache
X-SD-PageType
X-Upstream-Ht
X-Amzn-Remapped-Connection
X-Upstream-Ct
X-Ftr-Realm
SD-X-WS
X-Fastly-Cache-Hits
Pagetype
X-Ftr-Backend
Requestid
X-Snapshot-Date
Lfy
CDN
X-Branch-Name
X-Ftr-Backend-Server
CF-IPCountry
X-Ftr-Balancer
X-CACHE-AGE
X-Request-Url
X-Cache-Id
X-ZONE
X-Varnish-Beresp-TTL
X-VC
L
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
Proxy-Firewall
X-SN
X-SB
X-Cc-Via
X-Apw-Access-Object
X-Cc-Req-Id
X-Edge-IP
D-Cc-Upstream
X-Compress-Hint
Warning
V-Cache
X-ElasticPress-Search
X-Via-NSCOPI
X-App
X-Fastly-Cache-Status
WZWS-RAY
X-Backend-Host
WP-Super-Cache
Correlation-Id
Backend-Name
X-ServerName
X-Check-Cacheable
X-Worker
X-Request-URL
X-Powered-Y
X-Release
Lb
X-BC