Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-AH-Environment
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Ws-Request-Id
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Host
X-WebKit-CSP
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-OneAgent-JS-Injection
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
Accept-Ch
X-DynaTrace
X-Ruxit-JS-Agent
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-FTR-Request-ID
X-TTL
X-ESI
Accept-Ch-Lifetime
Verso
X-B3-TraceId
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Use-Magma
Edge-Cache-Tag
RTSS
AR-PoweredBy
X-Px
AR-CACHE
AR-Request-ID
Ar-Sid
AR-ATIME
X-D2id
X-Debug
X-Abt-Application-Version
X-NF-Request-ID
X-Server-Name
Charset
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Cached
X-Powered-CMS
X-MSEdge-Ref
X-Accel-Expires
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Middleton-Display
X-Sol
X-TEC-API-VERSION
Pagespeed
Display
X-Vcap-Request-Id
Response
X-Middleton-Response
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-SharePointHealthScore
X-Fastcgi-Cache
X-VARITI-CCR
X-Cdn
Realpath
Public-Key-Pins
TCN
X-Client-IP
Cache-Tag
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Upstream
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
X-Id
SPRequestDuration
SPIisLatency
X-Hp-Webp
X-Forwarded-For
Nginx-Cache
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-T
X-Amzn-Trace-Id
X-Recruiting
X-Grace
Front-End-Https
X-Hits
Fastcgi-Cache
X-Webkit-Csp
X-Varnish-Age
ServerID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Node-Name
NR-ENABLED
Nel
X-Content-Digest
X-Goog-Generation
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Edge-O15-RID
X-FTR-Cache-Status
X-Frontend
Powered
X-FTR-Expires
X-Country-Code-Real
Server-Name
Alternate-Protocol
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Logged-In
TP-L2-Cache
TP-Cache
X-Cache-TTL
Server-Node
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Jurisdiction
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
Upgrade-Insecure-Requests
X-Server-ID
X-XRDS-LOCATION
X-Shield-Request-Id
X-Origin-Server
X-Page-Id
X-Ruxit-Js-Agent
X-Webapp-Samesite-None-Activated-N
Refresh
X-Content-Security-Policy-Report-Only
X-Content-Options
X-User-Agent
X-Akamai-Edgescape
X-Cache-Hit
X-F-Cache
X-Rid
X-Revision
X-Varnish-Grace
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Type
X-XRDS-Location
Fastly-Restarts
X-Content-Powered-By
X-B3-Sampled
X-Zen-Fury
X-Analytics
X-URL
X-Pad
X-Geo-Country
X-Az
X-Activity-Id
X-AppVersion
X-LB-Cache
X-B
X-N
X-Kinsta-Cache
X-FTR-Cache-Host
PB-RID
X-Oneagent-Js-Injection
X-RateLimit-Remaining
PB-PID
X-CST
X-Cache-Age
X-TT
X-Mobile-Rewrite
Arc-Version
Cache-Status
X-Jobs
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Request-Guid
Actual-Object-TTL
X-Tumblr-User
X-App-Environment
DC
X-Framework
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-Instance
X-Signature
X-Tumblr-Pixel
X-B-Cache
Access-Control-Allow-Method
X-FB-Debug
X-PHP-Backend
X-Debug-Info
X-Load-Cache
X-Cache-Action
X-Time
X-Varnish-Backend
X-Erf-Bev-Bev
X-Ttl
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Git-Hash
Fastcgi-Useragent
FilterID
Host-Header
X-Cached-By
X-Tt-Trace-Tag
X-IPLB-Instance
X-Contextid
MS-CV
X-Amz-Replication-Status
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
Tracecode
X-ATG-Version
X-Cache-Key
X-FastCGI-Cache
X-Response-Served-From
X-Srv
Frame-Options
X-Accel-Buffering
NGB
X-WA-Info
X-FW-Hash
X-Cache-NE
X-RequestSource
X-FW-Serve
WPE-Backend
X-FW-Type
X-FW-Server
X-FW-Static
X-Region
Host
Xserver
Eomportal-Instance
Payment
X-Cache-2
X-Varnish-Hostname
X-TX-ID
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Is-Bot
X-Rendered-As
X-GeoIP
X-Host-Name
X-Varnish-Server
X-IPS-LoggedIn
Cache-Tv-Group
X-Adobe-Content
Source
Filters
X-Adobe-Loc
X-Cache-Enabled
X-Mobile
X-Cacheable-TTL
X-NewRelic-App-Data
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cleartype
X-Seen-By
X-Cache-TTL-Remaining
X-Origin-Response-Time
X-EdgeConnect-Cache-Status
X-Via-JSL
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Operation
X-VCache
X-Cache-Rule
X-ORACLE-APMCS-TAG
Cache
X-Cache-Control
X-Hostname
X-HTML-Minification-Powered-By
Healthy
X-PressLabs-Stats
Datacenter
Server-Info
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Retry-After
X-Dc
X-RemovedCookies
X-ProcessESI
Ms-Operation-Id
X-UA
X-RTag
X-Presslabs-Stats
Liferay-Portal
X-Rule
X-RateLimit-Limit
X-Source
X-L-Path
X-Environment-Context
X-Cache-Server
X-NWS-LOG-UUID
X-FireWall-Port
X-CACHE-KEY
X-Status
From-Origin
X-Wix-Request-Id
Version
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Path-Route
X-ES-SERVER
X-B3-Traceid
X-RN-RSRV
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-Handled-By
OT-Force-Account-Verify
Mn-Server-Ip
X-Timing-Wait
Selected-Fe
X-Proxy-Build
X-Content-Age
Azure-InstanceId
X-Proto
Azure-RegionName
Cache-Tags
Azure-Version
X-Storage
Azure-SlotName
X-ShardId
X-Sorting-Hat-PodId
Akamai-GRN
X-Origin-Hint
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-ShopId
TWC-Connection-Speed
X-AWS-Id
X-Backend-Name
X-Alternate-Cache-Key
X-Akamai-Request-ID
Webcakes-Region
X-App-Server
X-RCS-CacheZone
X-EIG-Tracking-Id
X-FW-Dynamic
X-Qloud-Router
X-Tb
X-Section
X-LJ-Flow-ID
X-Format
TWC-Device-Class
TWC-GeoIP-Country
Azure-SiteName
X-VWS-Id
Property-Id
Webcakes-App-Version
X-Access
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Proxy-Cache-Status
X-Proxy
X-Pubstack
Origin-Cache-Control
X-Hosted-By
X-Cache-Host
X-Cache-Config
X-Hyper-Cache
X-Cluster-Node
X-Hl-Ver
X-Generated-By
X-FC-Vary-Parameters
X-Debug-Cache
X-Akamai-Request-ID2
S-Rt
Ec-Rule-Version
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
NGX
Node
X-JoinUs
Origin-Edge-Control
Now
DB-Nickname
X-Yottaa-Optimizations
X-Vgn-Hpd-Reason
X-Soup
Accept-CH
X-ServerID
X-Viewer-Country
X-Web-Node
X-PCL
X-Origin
X-OCL
X-Xfnlog-Site
X-Request-Time
X-Time-Microsecs
X-Redis-Cache
X-SaId
X-Yottaa-Metrics
X-Varnish-Hits
X-BCube-Filmed-By
X-Locale
X-IP
X-Human
X-NYM-Debug-Backend
X-ProxyCache-Key
X-BYPASS-REASON
X-Www-Served-By
X-Generated
X-UUID
X-Say-Cacheable
X-Detected-As
X-SayCDN-TTL
Cross-Origin-Window-Policy
X-Say-TTL
X-CCM
X-ProxyCache-Status
X-Site-Version
L5d-Success-Class
X-MP-GENERATED-AT
X-Loop
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
X-FB-TRIP-ID
X-TNCMS
Cache-Name
Viewport
X-Akamai-Transformed
Srv
X-CS
Uber-Trace-Id
Accept-Charset
X-NCache
X-Esi
X-APP-VERSION
Webserver
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Tags
GEO-INFO
Accept-CH-Lifetime
Time
X-From
X-Cache-Remote
X-UA-Device-Type
X-Unique-Id
X-TT-TIMESTAMP
X-Cluster-Name
X-Edge-Location
X-Origin-TTL
Mime-Version
X-Drupal-Cache-Contexts
X-Origin-CC
Cache-Key
Accept-Language
X-Backend-TTL
X-Mode
Country
X-CDN-Forward
Odigeo-Trace-Id
X-EC-Lua
X-Microcachable
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-Info
X-Forwarded-Host
X-App-Version
X-Newrelic-Synthetics
Ohc-File-Size
Ohc-Cache-HIT
X-Geo
X-UnsetCookies
X-No-Session
X-ApacheServer
X-B3-Spanid
X-Magnolia-Registration
X-Whom
Proxy-Connection
X-PERF
X-Routing-Service
X-Varnish-Cache-Hits
X-Proxied
X-Zipkin-Id
Content-Disposition
ServedBy
X-UPSTREAM-Address
Geo-Info
X-Labrador-Cache-Channel
X-PHP-Host
Fastly-SSL
X-Real-IP
X-D
X-B-Cookie
IsBot
X-CF-Lambda-Fn
X-Connection-Hash
X-ARC
X-CF-Lambda-Version
AsisCache
Machine
X-A-Dcw
T-Server
Viewtype
VivaBuild
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Mobile-Detection-Method
X-A
X-A-Ccd
X-Accel-Expires-Debug
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Dam
Cf-Ipcountry
X-Application
X-External-Request-Id
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
Fastcgi-X-Cache-Version
Xc-Version
X-Date
X-SIPLIST1
X-SRCache-Key
Content-Style-Type
Content-Script-Type
X-Vtex-Processado-Em
X-Cache-Time
X-Vtex-Remote-Cache
X-VG-WebServer
X-VG-WebCache
BehaviorPad-Version
X-Vdms-Version
X-ScT
X-Session-Fingerprint
GEO-REGION-INFO
X-DPWN-IS-SECURE
X-Device-Type
X-G
X-GeoIP-Country-Code
X-Region-Sid
X-Geo-Header
X-Request-UUID
X-Destination
X-S-Cookie
X-S
X-Rewrite-Enabled
X-Rojux
X-C
User-Cache-Control
X-Via-Fastly
Powered-By
X-App-Name
Environment
Fastly-Backend-Name
FNAC-ModuleRouting
Locid
Fastly-Soc-X-Request-Id
Gh-Request-Id
X-Cache-Debug
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-Req
X-Nginx-Cache-Key
Apple-News-Services-Request-Url
X-Thanos
X-Wikidot-Static-Cache
X-WebServer
X-VC-Cache
X-Varnish-Authentication
X-Wikidot-Backend
X-TrackingId
X-Tumblr-Pixel-3
X-Logging-Id
X-Developers
Wxu-Next-Hostname
Wxu-Next-Region
Wxu-Next-Commit
Server-Int
RNT-Time
Server-Cache-Control
X-Auto-Login
W
X-Core-Mission
X-CUA
X-Contensis-Viewer-Groups
X-Cache-URL
X-Bip
X-Cache-ASPX
RNT-Machine
Server-Surrogate-Control
X-Sigma-Backend
X-Sigma
X-VG-TLSProxy
X-Rocket-Build-Number
Access-Control-Request-Headers
X-Uri
X-Cache-Backend
X-GoCache-CacheStatus
X-Key
X-WADP-Cache
X-Generation-Time
X-Generated-In
X-Gen-Mode
X-Irp-Debug
X-Gamma-Serve
X-GeoIP-City
X-Instart-Isnd
X-IN-APIGATEWAY
X-Hnp-Log
X-FW-Version
X-Internal-Host
X-Hash
X-IN-APIGATEWAYSSL
X-Dispatcher-Server
X-Cdn-Srv
X-Clara-WADP
X-Clientip
X-Cache-Info
X-Cache-Bucket
X-Azure-Ref
X-BBXSRF
X-Block-Status
X-Cms-Context
HA-Ipaddr
X-Debug-Log
X-Li-Fabric
X-Distributor
X-Debug-Cookies
AKAMAI
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Fastly-Cache
X-Location
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-NGENIX-Cache
X-Request-URI
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-TH-Server
X-Trace-Id
X-User
X-We-Are-Hiring
X-VServer
X-Urbn-Site-Id
X-Urbn-Context-Path
X-TT-LOGID
X-Webstats-RespID
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-AK-Request-ID
Ha-Gx-Prefs
X-LI-Proto
X-LI-UUID
CDCHOST
X-NodeID
X-OVcl-Cache
X-Owner
X-Proxy-Upstream
X-OVcl
X-Origin-Expires
X-NX-Host
X-Origin-Date
X-Li-Pop
X-Debug-Cache-Store
V-Age
X-Agile-Age
Kp-EeAlive
Locale
IBM-Web2-Location
Section-Io-Cache
X-Agile
X-Hit
Fastly-SWR
Mail-Subject
Memcached
Request-EU
Server-ID
X-Agile-Id
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Sucuri-Cache
True-Client-Country-4JS
Request-Country
Fastly-SIE
Heartbleed
Web-Mar-Node
X-Eu-Site
We-Hiring
Country-Code
Countrycode
Cdnsip
X-CGP
Cdncip
X-Backend-State
Cache-Host
X-Distil-CS
HitType
X-B3-Parentspanid
X-Nc
X-ServiceProvider
X-Service
X-Render-Time
Platform
X-Is-Gdpr
X-Variation
X-Has-Esi
Adler-Geo
X-S-Maxage
X-Generated-On
X-Reboot
X-JWT-State
PFcat
ServerName
X-Epic-Correlation-Id
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-Server-W
X-Trafficlayer-App-Version
X-Level-Front-Cache
X-Up
X-Platform-Server
Is-Eu
X-Thinkindot-L3
X-Matched-Rule
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Core-Value
Server-Host
X-Cache-Tags
X-Daa-Tunnel
X-B3-SpanId
X-TA-CDN-Provider
X-Fetched-On
X-Nginx-Cache
X-Lb-Id
X-Refresh
X-Response-By
Cache-Hits
X-SERVER
RequestId
X-Tb-Optimization-Total-Bytes-Saved
X-Servername
X-Server-IP
X-Cdn-Forward
X-CF-Powered-By
X-Parent-Response-Time
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
ProcessTime
X-CSRF-TOKEN
X-NC
X-Pjax-Url
X-Cdn-Request-ID
Origin
Media-Length
X-Air-Hostname
Memory
X-Unique-ID
X-BACKEND-TTL
X-CSRF-Token
User-Agent
X-Cache-Expired-At
X-Wa
Pragrma
Group
X-Var-Ttl
Filterid
X-Sucuri-Id
X-Pf-Uncompressing
TTL
Geoip-Latitude
SRV
X-Ua
X-Correlation-ID
GeoIp-Country-Code
X-Vcl-Version
S-Cnection
Powered-By-ChinaCache
Tcn
X-AIR-PT
Esi-Enabled
X-NGINX-Cache
X-Reqid
X-COUNTRY
X-Rocket-Nginx-Bypass
X-Varnish-Cacheable
X-TIME
X-Planisys-CDN-Cache
SN
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Sucuri-ID
Geoip-City
PICS-Label
X-Azure-Ref-OriginShield
X-Litespeed-Cache
X-Servedbyhost
X-Request-Start
X-Webkit-CSP
HostName
X-Via-Ucdn
X-Via-CDN
Rt-Proxy-Cache
XServer
M-TraceId
Dnion-Transfer-Encoding
X-Developer
X-HS-Status
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
X-LAGOON
X-Method
Magicmarker
X-Node-Id
X-Device-Os
X-Cache-Grace
X-Ocache
X-Fastly-Country-Code
X-Cdn-Origin
X-Sn-Servicetimems
Resin-Trace
X-ServedByHost
Load-Balancing
X-Cache-Ttl
Who
Cdn
On-Server
X-Ftr-Cache-Host
X-VHOST
X-MSEdge-Features
X-MSEdge-Flight
CF-Cached-On
Pics-Label
A
X-Request-Host
DSUID
Ohc-Response-Time
Cloudfront-Viewer-Country
Release
NtCoent-Length
X-Svr
X-Be
X-VCT
X-MServer
X-Zone
Vix-Hermes-Req-Id
X-Bc
X-Oss-Hash-Crc64ecma
GeoIP-Country-Code
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Cache-Status-Check
X-Beluga-Trace
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Record
X-Beluga-Status
X-VCL-Version
X-APP
MIME-Version
X-Oracle-Dms-Rid
Hostname
X-Hp-Ccpa-Warning
X-Fastly-Backend-Reqs
X-Varnish-URL
Ttl
GeoIP-Latitude
Cteonnt-Length
X-Varnish-Url
X-HostName
X-VarnishDD-TTL
X-DC
X-LiteSpeed-Cache-Control
X-Ratelimit-Remaining
X-PF-Uncompressing
GeoIP-City
X-Newrelic-App-Data
Host-ID
X-Configured-By
X-Upstream-Ct
SD-X-WS
X-SRV
X-SD-PageType
X-Ftr-Request-Id
WebServer
X-PJAX-URL
X-Upstream-Ht
CACHE
X-WR-MODIFICATION
X-BE
X-Dynatrace
Processtime
X-SN
X-Tid
X-Compress-Hint
X-Slack-Backend
X-Cache-Id
X-Aicache-OS
Servername
X-Dynatrace-Js-Agent
X-DI
L
Cache-Provider
X-ID
X-Swift-Error
X-RSL
X-Release
X-Via-NSCOPI
X-RPS
X-DSS
X-DW
X-Ratelimit-Limit
X-Action
X-DB
X-RPM
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
X-Server-Time
CF-IPCountry
X-Ftr-Backend-Server
X-Skip-Cache
X-StackifyID
X-Cache-FS-Status
Pramga
Arc-Country
X-Dispatch
X-FPC
X-PAYTM-SRV-ID
X-Scheme
X-Processor
X-Ftr-Backend
X-Snapshot-Date
LB
X-Branch-Name
CDN
X-Ftr-Balancer
X-ServerName
Dynatrace
X-LB-ID
X-Ftr-Dc
Lfy
Requestid
X-Fastly-Cache-Hits
Pagetype
X-Ftr-Realm
X-CACHE-AGE
D-Cc-Upstream
Cache-Cookie-Set-Lfrom
Warning
Cache-Cookie-Set-Idcheck
Proxy-Firewall
X-Cc-Req-Id
UCS
X-Apw-Access-Action
X-Cc-Via
X-Edge-IP
Cache-Cookie-Set-From
X-Flog
X-Node-ID
V-Cache
X-Request-Url
X-ND-Cache
X-Hello
X-ABtesting
X-Apw-Hits
X-Apw-Access-Object
X-SB
X-Apw-Access-Token
X-Varnish-Beresp-TTL
X-ZONE
X-VC
NnCoection
Cdn-Host
WP-Super-Cache
X-ElasticPress-Search
X-Worker
Cdn-Request-Time
N-Cache
X-WA
X-Served-From
X-Edge-Server
X-DevSite-Last-Modified
X-Litespeed-Cache-Control
Lb
X-Fastly-Cache-Status
X-App
Correlation-Id
X-Check-Cacheable
X-Request-URL
Fastly-Drupal-HTML
X-BC
X-Powered-Y
Backend-Name