Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Varnish-TTL
Accept-Ch
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-TTL
X-FTR-Request-ID
X-ESI
Accept-Ch-Lifetime
Verso
X-B3-TraceId
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Forwarded-Proto
X-Version
X-Url
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Id
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
Edge-Cache-Tag
RTSS
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-NF-Request-ID
Charset
X-Server-Name
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-Powered-CMS
X-Cached
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Sol
Pagespeed
X-Middleton-Display
Display
X-Vcache
X-Navigation-Version
Response
X-Vcap-Request-Id
X-Middleton-Response
Pinterest-Version
X-Trace
X-Pinterest-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-VARITI-CCR
X-Cdn
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Upstream
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Id
X-Shard
SPIisLatency
SPRequestDuration
X-Hp-Webp
Nginx-Cache
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Forwarded-For
Mrf-Cache-Status
X-Ezoic-Cdn
X-Content-Type
DynaTrace
X-T
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
X-Amzn-Trace-Id
X-Grace
Front-End-Https
Fastcgi-Cache
X-Hits
X-Varnish-Age
ServerID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Node-Name
NR-ENABLED
X-Content-Digest
Nel
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Frontend
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Edge-O15-RID
Powered
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Server-Name
Alternate-Protocol
X-FTR-Backend
X-Logged-In
X-Cache-TTL
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
TP-Cache
TP-L2-Cache
Server-Node
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
X-Jurisdiction
X-Correlation-Id
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
Upgrade-Insecure-Requests
X-Server-ID
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-Origin-Server
Refresh
X-User-Agent
X-Content-Options
X-URL
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Rid
X-F-Cache
X-Revision
X-Page-Id
X-Cache-Hit
X-Varnish-Grace
X-Type
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-LOCATION
Fastly-Restarts
X-Content-Powered-By
X-B3-Sampled
X-Zen-Fury
X-Geo-Country
X-Pad
X-Analytics
X-LB-Cache
X-Activity-Id
X-AppVersion
X-Az
X-B
X-N
X-RateLimit-Remaining
X-Kinsta-Cache
X-Ruxit-Js-Agent
PB-PID
PB-RID
X-CST
X-Mobile-Rewrite
Arc-Version
X-TT
X-Cache-Age
X-WebKit-CSP-Report-Only
X-AOL-HN
Cache-Status
X-Jobs
X-Request-Guid
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Paypal-Debug-Id
X-B-Cache
X-Framework
X-Signature
DC
Actual-Object-TTL
X-FTR-Cache-Host
X-Debug-Info
Access-Control-Allow-Method
X-App-Environment
X-FB-Debug
X-Load-Cache
X-PHP-Backend
X-Cache-Action
X-Time
X-Varnish-Backend
Fastcgi-Useragent
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ttl
X-Git-Hash
FilterID
X-Tt-Trace-Tag
X-Cached-By
Host-Header
X-IPLB-Instance
MS-CV
X-Contextid
X-Amz-Replication-Status
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
Tracecode
X-ATG-Version
X-VCache
X-FastCGI-Cache
Frame-Options
X-Response-Served-From
X-Accel-Buffering
X-Srv
NGB
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Type
X-Cache-NE
WPE-Backend
X-RequestSource
X-WA-Info
X-FW-Server
Xserver
X-Cache-2
Payment
Eomportal-Instance
X-Region
X-Varnish-Server
Host
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Hostname
X-GeoIP
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-TX-ID
X-Mobile
Filters
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Cache-Enabled
X-Host-Name
Source
X-Cacheable-TTL
X-Cache-Key
X-Oneagent-Js-Injection
X-NewRelic-App-Data
X-Rendered-As
X-Is-Bot
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-Seen-By
X-Cache-Rule
X-Cache-Operation
X-EdgeConnect-Cache-Status
X-Via-JSL
X-Cache-TTL-Remaining
X-Origin-Response-Time
X-Hostname
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-PressLabs-Stats
Cache
X-Cache-Control
Healthy
Datacenter
X-HTML-Minification-Powered-By
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Retry-After
Server-Info
X-RemovedCookies
X-Dc
X-ProcessESI
X-CACHE-KEY
Ms-Operation-Id
X-RTag
X-RateLimit-Limit
Liferay-Portal
X-Presslabs-Stats
X-Source
X-Rule
X-UA
X-Cache-Server
X-NWS-LOG-UUID
X-L-Path
X-Environment-Context
From-Origin
X-FireWall-Port
Version
X-Status
X-Endurance-Cache-Level
X-Wix-Request-Id
X-Upgrade-Enabled
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-B3-Traceid
Meta-Geo
X-Handled-By
X-ES-SERVER
Selected-Fe
X-Proxy-Build
X-Content-Age
X-RCS-CacheZone
OT-Force-Account-Verify
X-Timing-Wait
Mn-Server-Ip
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Storage
X-Alternate-Cache-Key
X-AWS-Id
Webcakes-App-Version
X-Backend-Name
Webcakes-Region
Webcakes-App-Name
TWC-GeoIP-Country
X-Akamai-Request-ID
TWC-Device-Class
TWC-Privacy
X-Shopify-Generated-Cart-Token
TWC-Connection-Speed
X-VWS-Id
X-Section
X-Tb
Azure-SiteName
Property-Id
X-Sorting-Hat-ShopId
X-Request-Time
Azure-RegionName
Cache-Tags
X-Format
Azure-Version
Azure-SlotName
Azure-InstanceId
Akamai-GRN
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Proto
X-Origin-Hint
X-Access
X-LJ-Flow-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Qloud-Router
X-ShardId
X-FW-Dynamic
X-EIG-Tracking-Id
X-ShopId
Origin-Cache-Control
Origin-Edge-Control
DB-Nickname
Decoy-Debug-Status
Ec-Rule-Version
Decoy-Debug-TTL
NGX
Node
Now
X-UUID
X-Web-Node
X-Xfnlog-Site
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Soup
X-Time-Microsecs
X-BYPASS-REASON
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-PCL
X-Origin
X-OCL
X-ServerID
X-SaId
X-Generated-By
X-Hl-Ver
X-FC-Vary-Parameters
X-Cluster-Node
X-Cache-Config
X-Cache-Host
X-Hosted-By
X-Hyper-Cache
X-Pubstack
X-Redis-Cache
X-Proxy-Cache-Status
X-Proxy
X-JoinUs
X-Akamai-Request-ID2
Decoy-Debug-Key
Accept-CH
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
S-Rt
X-BCube-Filmed-By
X-Locale
X-Debug-Cache
X-Generated
X-CCM
X-Say-Cacheable
X-SayCDN-TTL
Cross-Origin-Window-Policy
X-Varnish-Hits
X-Www-Served-By
X-Say-TTL
X-MP-GENERATED-AT
X-Site-Version
X-NYM-Debug-Backend
L5d-Success-Class
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
X-TNCMS
X-Loop
X-FB-TRIP-ID
Cache-Name
Viewport
X-CS
X-Detected-As
X-IP
Srv
X-Akamai-Transformed
Webserver
Uber-Trace-Id
Accept-Charset
X-NCache
X-Esi
Time
X-APP-VERSION
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Tags
VIX-Pulpo-Node
Accept-CH-Lifetime
GEO-INFO
X-UA-Device-Type
X-From
X-Cache-Remote
X-TT-TIMESTAMP
X-Unique-Id
Cache-Key
X-Cluster-Name
X-Origin-CC
Mime-Version
X-Edge-Location
X-Drupal-Cache-Contexts
X-Origin-TTL
Accept-Language
X-Mode
Country
X-Backend-TTL
Odigeo-Trace-Id
X-CDN-Forward
X-EC-Lua
X-Microcachable
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-Forwarded-Host
X-Newrelic-Synthetics
X-App-Version
X-Info
X-No-Session
X-UnsetCookies
Ohc-Cache-HIT
Ohc-File-Size
X-Geo
X-PERF
X-Magnolia-Registration
Proxy-Connection
X-ApacheServer
X-Whom
X-B3-Spanid
X-Routing-Service
X-Varnish-Cache-Hits
X-Zipkin-Id
Content-Disposition
X-Proxied
ServedBy
X-UPSTREAM-Address
X-PHP-Host
Geo-Info
X-Labrador-Cache-Channel
Fastly-SSL
Rendered-Blocks
VivaBuild
Mobile-Detection-Method
X-A
Content-Style-Type
Viewtype
X-CF-Lambda-Fn
X-Connection-Hash
MD5-Digest
Meta-Geo-Continent
X-CF-Lambda-Version
Machine
T-Server
Fastcgi-X-Cache-Version
BehaviorPad-Version
X-A-Wwc
X-A-Ccd
X-Device-Type
X-A-Dgt
X-A-Dam
X-A-Dcw
GEO-REGION-INFO
AsisCache
X-ARC
IsBot
X-Application
X-Aed
X-Accel-Expires-Debug
X-B-Cookie
X-Region-Sid
X-ScT
X-Session-Fingerprint
X-SIPLIST1
X-SRCache-Key
X-S-Cookie
X-S
X-Request-UUID
X-Rewrite-Enabled
X-Rojux
X-Transaction
Cf-Ipcountry
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Cache-Time
X-Vdms-Version
Content-Script-Type
X-Trv-Group
X-External-Request-Id
X-G
X-DPWN-IS-SECURE
X-Date
X-D
X-Geo-Header
X-Destination
X-GeoIP-Country-Code
X-C
User-Cache-Control
X-Real-IP
X-Via-Fastly
X-NGENIX-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Locid
X-Contensis-Viewer-Groups
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Gh-Request-Id
X-Sigma
X-Sigma-Backend
Environment
X-VG-TLSProxy
X-Rocket-Build-Number
Fastly-Backend-Name
Powered-By
X-App-Name
FNAC-ModuleRouting
Fastly-Soc-X-Request-Id
W
RNT-Machine
X-Auto-Login
X-Cache-Debug
X-Tumblr-Pixel-3
Access-Control-Request-Headers
X-TrackingId
Wxu-Next-Commit
X-Cache-ASPX
X-Thanos
Wxu-Next-Region
Wxu-Next-Hostname
X-Varnish-Authentication
Server-Surrogate-Control
X-Nginx-Cache-Key
RNT-Time
X-Bip
X-CUA
X-Logging-Id
X-Req
Server-Int
Server-Cache-Control
X-VC-Cache
X-Developers
X-Core-Mission
X-Cache-URL
X-Uri
X-Cache-Backend
X-GoCache-CacheStatus
X-AK-Request-ID
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Origin-Date
X-NX-Host
X-Micro-Cache
X-Azure-Ref
X-BBXSRF
X-LI-Proto
X-LI-UUID
X-Location
True-Client-Country-4JS
X-Origin-Expires
X-Rebelmouse-Cache-Control
X-Owner
We-Hiring
X-Proxy-Upstream
V-Age
X-RateLimit-Limit-Second
Web-Mar-Node
X-Varnish-Beresp-Ttl
X-OVcl
X-Li-Pop
X-OVcl-Cache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Fastly-Cache
X-Block-Status
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Gen-Mode
X-Generated-In
X-GeoIP-City
X-Generation-Time
X-Debug-Cache-Store
X-Debug-Cookies
X-Dispatcher-Server
X-Distributor
X-FW-Version
X-Gamma-Serve
X-Debug-Log
X-Hash
X-Hnp-Log
X-Irp-Debug
X-Internal-Host
X-Cache-Info
X-Cache-Bucket
X-Rebelmouse-Surrogate-Control
X-Cdn-Srv
X-Instart-Isnd
X-Cms-Context
X-IN-APIGATEWAY
X-Clientip
X-Clara-WADP
X-IN-APIGATEWAYSSL
X-Li-Fabric
X-RateLimit-Remaining-Second
X-Agile
Kp-EeAlive
X-Agile-Age
IBM-Web2-Location
X-Agile-Id
Heartbleed
HA-Ipaddr
Locale
X-We-Are-Hiring
Memcached
X-Webstats-RespID
CDCHOST
Ha-Gx-Prefs
X-CGP
Fastly-SWR
X-Render-Time
Country-Code
X-Sucuri-Cache
Cdnsip
Cdncip
Countrycode
X-Hit
Fastly-SIE
X-Distil-CS
AKAMAI
X-Epic-Correlation-Id
X-Eu-Site
X-WADP-Cache
Mail-Subject
Section-Io-Cache
Request-Country
X-SVT-ORM-VERSION
X-TT-LOGID
Request-EU
X-VServer
X-TH-Server
X-Trace-Id
X-Swa-Ws
X-SVT-ORM-RULES
X-Urbn-Context-Path
Cache-Host
X-Request-URI
Server-ID
X-User
X-Urbn-Site-Id
X-Nc
X-B3-Parentspanid
X-Server-W
X-Generated-On
X-Platform-Server
X-Service
X-ServiceProvider
X-Trafficlayer-App-Version
X-Level-Front-Cache
X-Key
X-Reboot
X-Matched-Rule
X-Variation
X-JWT-State
X-Is-Gdpr
X-Backend-State
X-Thinkindot-L3
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-Up
X-Has-Esi
X-S-Maxage
Thinkindot-CacheControl-Type
Is-Eu
X-Cache-Tags
Thinkindot-Control
PFcat
Server-Host
ServerName
Platform
Thinkindot-CacheControl
Adler-Geo
X-Core-Value
X-Nginx-Cache
X-TA-CDN-Provider
X-B3-SpanId
X-Daa-Tunnel
HitType
X-Lb-Id
Cache-Hits
X-Refresh
X-Fetched-On
X-SERVER
X-Response-By
X-Servername
RequestId
X-CSRF-TOKEN
X-Tb-Optimization-Total-Bytes-Saved
X-Server-IP
X-Cdn-Forward
X-CF-Powered-By
X-Tec-Api-Version
ProcessTime
X-Tec-Api-Origin
X-Parent-Response-Time
X-Correlation-ID
X-Tec-Api-Root
X-Air-Hostname
X-NC
Origin
X-Pjax-Url
X-Ua
X-Wa
Media-Length
X-Cdn-Request-ID
Memory
X-Unique-ID
X-BACKEND-TTL
User-Agent
Pragrma
X-Cache-Expired-At
X-Var-Ttl
Group
Filterid
TTL
X-Sucuri-Id
X-CSRF-Token
SRV
Powered-By-ChinaCache
Geoip-Latitude
X-Vcl-Version
S-Cnection
X-Pf-Uncompressing
X-Reqid
Esi-Enabled
GeoIp-Country-Code
X-COUNTRY
X-AIR-PT
X-NGINX-Cache
X-Rocket-Nginx-Bypass
X-Varnish-Cacheable
X-Servedbyhost
X-TIME
SN
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Sucuri-ID
PICS-Label
X-Litespeed-Cache
X-Webkit-CSP
X-Request-Start
X-Azure-Ref-OriginShield
HostName
X-Via-CDN
Geoip-City
X-Via-Ucdn
Rt-Proxy-Cache
X-Ftr-Cache-Host
XServer
X-Developer
Dnion-Transfer-Encoding
M-TraceId
X-HS-Status
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
X-Sn-Servicetimems
X-Ocache
X-LAGOON
Magicmarker
X-Fastly-Country-Code
X-Cache-Grace
X-Method
X-Node-Id
Tcn
X-Device-Os
X-Cdn-Origin
Load-Balancing
On-Server
X-Cache-Ttl
Resin-Trace
Cdn
Who
X-VHOST
X-Request-Host
Pics-Label
X-MSEdge-Flight
X-MSEdge-Features
A
X-ServedByHost
CF-Cached-On
DSUID
Ohc-Response-Time
Release
NtCoent-Length
X-Be
X-Svr
GeoIP-Country-Code
Cloudfront-Viewer-Country
X-MServer
X-VCT
X-VCL-Version
X-APP
X-Bc
GeoIP-Latitude
X-Cache-Status-Check
Vix-Hermes-Req-Id
X-Oss-Server-Time
X-Zone
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
MIME-Version
X-Oracle-Dms-Rid
Hostname
X-Hp-Ccpa-Warning
X-Varnish-URL
X-Varnish-Url
X-Beluga-Cache-Status
X-Beluga-Trace
Cteonnt-Length
X-VarnishDD-TTL
X-PF-Uncompressing
Ttl
GeoIP-City
X-Beluga-Response-Time
X-Fastly-Backend-Reqs
X-Beluga-Record
X-Beluga-Status
X-Beluga-Node
X-LiteSpeed-Cache-Control
X-DC
Host-ID
X-Configured-By
X-Newrelic-App-Data
X-Upstream-Ht
X-Ftr-Request-Id
SD-X-WS
X-PJAX-URL
X-SD-PageType
X-SRV
X-Upstream-Ct
X-WR-MODIFICATION
X-HostName
X-Ratelimit-Remaining
CACHE
X-Tid
X-Dynatrace
X-SN
X-Compress-Hint
Processtime
X-Cache-Id
X-Slack-Backend
X-BE
X-Aicache-OS
Servername
X-Dynatrace-Js-Agent
X-ID
X-Release
X-Swift-Error
X-Via-NSCOPI
L
X-Action
Cache-Provider
WebServer
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
X-StackifyID
X-DB
X-PAYTM-SRV-ID
X-Processor
X-Server-Time
X-Skip-Cache
X-DI
X-Cache-FS-Status
X-RPM
X-RPS
X-RSL
Pramga
X-DW
X-DSS
Arc-Country
Requestid
X-Dispatch
Pagetype
X-Ftr-Backend-Server
X-Scheme
Dynatrace
X-Fastly-Cache-Hits
Lfy
X-ServerName
X-Ftr-Realm
CF-IPCountry
X-Ftr-Dc
X-Ftr-Balancer
LB
X-Ftr-Backend
X-Ratelimit-Limit
X-LB-ID
X-Branch-Name
X-Snapshot-Date
CDN
X-CACHE-AGE
X-Cc-Req-Id
D-Cc-Upstream
X-Varnish-Beresp-TTL
Warning
X-Cc-Via
Cache-Cookie-Set-From
UCS
X-Node-ID
X-Apw-Access-Action
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Request-Url
Proxy-Firewall
V-Cache
X-ND-Cache
X-Apw-Access-Object
X-ABtesting
X-Flog
X-DevSite-Last-Modified
X-Apw-Hits
X-Apw-Access-Token
X-Edge-IP
X-SB
X-VC
X-Hello
X-FPC
X-ZONE
Fastly-Drupal-HTML
NnCoection
X-Served-From
X-Fpc
X-Check-Cacheable
X-ElasticPress-Search
X-App
X-BC
WP-Super-Cache
X-Worker
Correlation-Id
Backend-Name
X-Litespeed-Cache-Control
Lb
X-Request-URL
X-Powered-Y
X-Fastly-Cache-Status