Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Ua-Compatible
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-OneAgent-JS-Injection
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Edge-Control
X-Rack-Cache
Rating
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Accept-Ch
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-PC
X-Vname
X-Goog-Hash
X-TtlSet
X-FTR-Request-ID
X-TTL
X-ESI
Accept-Ch-Lifetime
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
Edge-Cache-Tag
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-Request-ID
RTSS
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
Charset
SPRequestGuid
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Powered-CMS
X-Amz-Rid
Pagespeed
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
Response
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-Trace
X-SharePointHealthScore
TCN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastcgi-Cache
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
X-Fastly-Request-ID
S
X-Ser
X-Upstream
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPRequestDuration
X-Id
SPIisLatency
Nginx-Cache
X-Ezoic-Cdn
X-Hp-Webp
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Content-Type
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
Nel
X-Grace
DynaTrace
X-Recruiting
Front-End-Https
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
X-Server-ID
ServerID
X-Edge-O15-RID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-Frontend
X-FTR-Expires
Powered
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Cache-TTL
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Server-Name
Alternate-Protocol
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
TP-Cache
Server-Node
X-Logged-In
TP-L2-Cache
X-Jurisdiction
X-Correlation-Id
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Upgrade-Insecure-Requests
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Content-Options
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Cache-Hit
Refresh
X-Origin-Server
X-Rid
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Revision
X-User-Agent
X-F-Cache
X-Type
X-Varnish-Grace
X-Akamai-Edgescape
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
Fastly-Restarts
X-XRDS-LOCATION
X-Zen-Fury
X-Content-Powered-By
X-Geo-Country
X-LB-Cache
X-URL
X-B3-Sampled
X-Activity-Id
X-AppVersion
X-Az
X-B
X-Pad
X-RateLimit-Remaining
X-N
X-CST
X-Analytics
X-FTR-Cache-Host
X-Kinsta-Cache
PB-PID
PB-RID
X-Ruxit-Js-Agent
X-Mobile-Rewrite
X-Webkit-Csp
Arc-Version
Cache-Status
X-TT
X-Cache-Age
X-Debug-Info
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Tumblr-Pixel-0
X-Time
X-Tumblr-User
Actual-Object-TTL
DC
X-Instance
X-Jobs
Paypal-Debug-Id
X-Request-Guid
X-Tumblr-Pixel
X-Framework
X-B-Cache
X-Signature
X-App-Environment
Access-Control-Allow-Method
X-PHP-Backend
X-FB-Debug
X-Cache-Action
X-Load-Cache
Surrogate-Key
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Ttl
X-Erf-Bev-Bev
X-Git-Hash
X-Cached-By
X-Tt-Trace-Tag
Host-Header
Fastcgi-Useragent
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
MS-CV
X-Tt-Trace-Host
FilterID
X-SS-Set-Cookie
X-Cluster
X-ATG-Version
X-FastCGI-Cache
Tracecode
X-Response-Served-From
X-WA-Info
X-Accel-Buffering
NGB
WPE-Backend
Frame-Options
X-Srv
X-Varnish-Server
Payment
X-Cache-NE
X-Region
X-FW-Serve
Xserver
X-FW-Hash
X-Cache-2
X-FW-Static
X-FW-Server
Eomportal-Instance
X-FW-Type
X-Mobile
Host
X-Host-Name
X-GeoIP
X-Adobe-Content
X-Adobe-Loc
X-Cache-Enabled
X-Cacheable-TTL
Source
Filters
X-IPS-LoggedIn
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tv-Group
X-Is-Bot
X-Rendered-As
X-Cache-Rule
X-Tumblr-Pixel-1
X-Varnish-Hostname
X-RequestSource
X-Cache-Operation
X-Tumblr-Pixel-2
X-Oneagent-Js-Injection
X-TX-ID
X-NewRelic-App-Data
X-Cache-Key
X-EdgeConnect-Cache-Status
Cleartype
X-Seen-By
X-Origin-Response-Time
X-Hostname
X-Via-JSL
X-ORACLE-APMCS-TAG
X-Cache-TTL-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-VCache
Cache
Retry-After
X-Presslabs-Stats
Server-Info
X-B3-Traceid
X-HTML-Minification-Powered-By
X-Cache-Control
X-ProcessESI
X-RemovedCookies
Healthy
Datacenter
X-CACHE-KEY
X-RTag
Ms-Operation-Id
X-PressLabs-Stats
X-NWS-LOG-UUID
X-RateLimit-Limit
Liferay-Portal
X-Dc
X-Source
X-UA
X-FireWall-Port
From-Origin
X-Cache-Server
X-Rule
X-Endurance-Cache-Level
X-Trafficlayer-App-Scope
X-Upgrade-Enabled
X-Trafficlayer-App-Name
X-L-Path
X-Environment-Context
Version
X-Wix-Request-Id
X-Status
X-App-Server
X-Handled-By
X-Path-Route
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
X-Section
X-Tb
Selected-Fe
X-Proxy-Build
X-Timing-Wait
OT-Force-Account-Verify
X-Format
X-Request-Time
X-Access
X-Backend-Name
X-Akamai-Request-ID
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Storage
X-Human
X-Origin
Mn-Server-Ip
X-OCL
X-Shopify-Generated-Cart-Token
X-ProxyCache-Status
X-ShardId
X-ProxyCache-Key
X-PCL
Cache-Tags
X-Proto
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-EIG-Tracking-Id
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
Accept-CH
X-Sorting-Hat-PodId
Decoy-Debug-TTL
Decoy-Debug-Status
Origin-Cache-Control
TWC-Privacy
Azure-Version
TWC-Connection-Speed
S-Rt
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-Country
Property-Id
Node
TWC-GeoIP-LatLong
Now
Webcakes-App-Name
Origin-Edge-Control
NGX
Decoy-Debug-Key
X-SaId
X-RCS-CacheZone
X-Redis-Cache
Azure-SlotName
X-Qloud-Router
X-Pubstack
X-Proxy
X-Proxy-Cache-Status
X-ServerID
X-Soup
X-VWS-Id
X-Web-Node
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-UUID
X-Origin-Hint
X-NYM-Debug-Backend
X-Cache-Host
X-Cluster-Node
X-Debug-Cache
X-Cache-Config
X-AWS-Id
Webcakes-Region
X-Akamai-Request-ID2
X-FC-Vary-Parameters
X-FW-Dynamic
X-LJ-Flow-ID
X-MP-GENERATED-AT
X-JoinUs
X-Hosted-By
X-Generated-By
X-Hl-Ver
Webcakes-App-Version
Ec-Rule-Version
Azure-SiteName
X-Yottaa-Metrics
Akamai-GRN
Azure-InstanceId
X-Yottaa-Optimizations
Azure-RegionName
X-BCube-Filmed-By
X-IP
X-CCM
X-Generated
X-Hyper-Cache
X-Say-Cacheable
X-Locale
X-SayCDN-TTL
X-Varnish-Hits
X-Www-Served-By
X-Xfnlog-Site
Cross-Origin-Window-Policy
DB-Nickname
X-Detected-As
X-Site-Version
X-Say-TTL
X-Amzn-Remapped-Content-Length
L5d-Success-Class
X-TNCMS
X-R9-Blue-Green-Version
X-Loop
X-FB-TRIP-ID
Srv
X-APP-VERSION
Cache-Name
X-Akamai-Transformed
Viewport
Accept-Charset
Uber-Trace-Id
X-CS
X-NCache
GEO-INFO
X-Esi
X-Drupal-Cache-Tags
Accept-CH-Lifetime
Webserver
X-UA-Device-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Remote
X-From
Cache-Key
Time
Mime-Version
X-Unique-Id
X-Drupal-Cache-Contexts
X-Cluster-Name
X-Origin-TTL
X-TT-TIMESTAMP
X-Origin-CC
X-Edge-Location
Accept-Language
X-Backend-TTL
Country
Odigeo-Trace-Id
X-Mode
X-Forwarded-Host
X-CDN-Forward
X-Microcachable
Rt-Fastcgi-Cache
X-EC-Lua
X-CLOUD-TRACE-CONTEXT
X-UnsetCookies
X-Info
X-Newrelic-Synthetics
X-B3-Spanid
X-Whom
X-Geo
X-Varnish-Cache-Hits
X-Magnolia-Registration
Ohc-File-Size
X-PERF
Ohc-Cache-HIT
X-ApacheServer
Proxy-Connection
ServedBy
Content-Disposition
X-No-Session
X-UPSTREAM-Address
X-App-Version
Geo-Info
X-NGENIX-Cache
X-Proxied
X-Device-Type
X-PHP-Host
X-Zipkin-Id
X-Routing-Service
X-Labrador-Cache-Channel
Cf-Ipcountry
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Content-Style-Type
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Meta-Geo-Continent
MD5-Digest
Machine
Apple-News-Services-Host
Apple-News-Services-Handled
X-Via-Fastly
X-VG-WebServer
Apple-News-Services-Parsed-Url
Xc-Version
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
Content-Script-Type
X-CF-Lambda-Fn
X-G
X-Geo-Header
X-GeoIP-Country-Code
X-Transaction
X-External-Request-Id
X-DPWN-IS-SECURE
X-Date
X-Twitter-Response-Tags
X-Trv-Group
X-Destination
X-Region-Sid
X-Request-UUID
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Sigma
X-S
X-SRCache-Key
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Rojux
X-Vdms-Version
X-VG-TLSProxy
X-A
X-VG-WebCache
X-A-Ccd
X-A-Dam
W
VivaBuild
Rendered-Blocks
T-Server
Viewtype
X-A-Dcw
X-A-Dgt
X-Sigma-Backend
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-ARC
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
Mobile-Detection-Method
X-B-Cookie
X-Real-IP
X-C
X-Uri
X-Cache-Time
X-Nc
User-Cache-Control
X-Epic-Correlation-Id
X-Bip
X-VC-Cache
X-Eu-Site
CDCHOST
X-Varnish-Authentication
IsBot
X-Distil-CS
X-Render-Time
X-Auto-Login
X-Backend-State
Environment
Gh-Request-Id
X-Tumblr-Pixel-3
Ha-Gx-Prefs
HA-Ipaddr
X-CGP
X-Contensis-Viewer-Groups
Locid
X-Cache-Debug
X-Cache-ASPX
X-Wikidot-Static-Cache
X-CUA
Fastly-Soc-X-Request-Id
X-Developers
Powered-By
X-Sucuri-Cache
X-App-Name
Server-Cache-Control
X-Logging-Id
X-TrackingId
X-Wikidot-Backend
X-SIPLIST1
Server-Surrogate-Control
Fastly-SSL
X-WebServer
X-Agile
X-Agile-Id
X-Hit
X-Thanos
X-Agile-Age
Access-Control-Request-Headers
X-GoCache-CacheStatus
HitType
We-Hiring
Web-Mar-Node
Wxu-Next-Commit
X-Urbn-Context-Path
X-Cache-Info
X-Cache-URL
X-Webstats-RespID
X-AK-Request-ID
X-BBXSRF
X-Cdn-Srv
X-VServer
X-User
X-Block-Status
X-Owner
X-We-Are-Hiring
Wxu-Next-Region
X-Cache-Backend
X-Azure-Ref
X-WADP-Cache
Wxu-Next-Hostname
X-Cache-Bucket
X-Urbn-Site-Id
X-Debug-Cache-Expiry
X-Instart-Isnd
X-Irp-Debug
X-Key
X-Li-Fabric
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hash
X-Hnp-Log
X-Origin-Date
X-Li-Pop
X-LI-Proto
X-Nginx-Cache-Key
X-Trace-Id
X-NodeID
X-NX-Host
X-Ms-Version
X-Ms-Request-Id
X-LI-UUID
X-Location
X-Micro-Cache
X-GeoIP-City
X-Generation-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-TT-LOGID
X-Core-Mission
X-Clara-WADP
X-Clientip
X-Cms-Context
X-Dispatcher-Server
X-Distributor
X-Gamma-Serve
X-Gen-Mode
X-Generated-In
X-FW-Version
X-Origin-Expires
X-OVcl-Cache
X-OVcl
X-Fastly-Cache
X-Daa-Tunnel
V-Age
Cdnsip
Memcached
X-RateLimit-Remaining-Second
Mail-Subject
Cdncip
Cache-Host
Request-Country
X-Request-URI
AKAMAI
X-Req
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Kp-EeAlive
FNAC-ModuleRouting
IBM-Web2-Location
Heartbleed
Fastly-SWR
Fastly-SIE
Country-Code
Locale
Countrycode
Fastly-Backend-Name
X-TH-Server
X-RateLimit-Limit-Second
X-SVT-ORM-VERSION
RNT-Time
RNT-Machine
X-Proxy-Upstream
Section-Io-Cache
Server-ID
X-SVT-ORM-RULES
Server-Int
X-Swa-Ws
X-Varnish-Beresp-Ttl
Request-EU
True-Client-Country-4JS
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Service
X-Nginx-Cache
X-NU-AKA-ACS-Version
X-ServiceProvider
X-Matched-Rule
X-Thinkindot-L3
X-Is-Gdpr
X-Trafficlayer-App-Version
X-Has-Esi
X-Up
X-Generated-On
Adler-Geo
X-Internal-Host
X-Level-Front-Cache
X-JWT-State
ServerName
X-Core-Value
X-Fetched-On
PFcat
Thinkindot-CacheControl-Type
X-Variation
X-Old-Content-Length
Platform
Thinkindot-CacheControl
X-Platform-Server
Server-Host
Thinkindot-Control
X-Reboot
X-Server-W
Is-Eu
X-Cache-Tags
X-B3-Parentspanid
X-Lb-Id
X-SERVER
Cache-Hits
X-Response-By
X-Refresh
X-S-Maxage
X-Servername
X-TA-CDN-Provider
RequestId
X-CSRF-TOKEN
X-B3-SpanId
X-CF-Powered-By
X-Cdn-Forward
Filterid
X-Tec-Api-Origin
X-Server-IP
X-Tec-Api-Version
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Root
X-Air-Hostname
X-Parent-Response-Time
X-Cache-Expired-At
Pragrma
X-Pjax-Url
X-Wa
X-Var-Ttl
X-BACKEND-TTL
X-Ua
Group
X-Unique-ID
X-Sucuri-Id
User-Agent
Media-Length
X-NC
Memory
X-Cdn-Request-ID
Origin
S-Cnection
Powered-By-ChinaCache
TTL
X-CSRF-Token
X-Correlation-ID
SRV
Geoip-Latitude
X-Pf-Uncompressing
X-COUNTRY
GeoIp-Country-Code
X-NGINX-Cache
X-Vcl-Version
X-Reqid
X-AIR-PT
X-Rocket-Nginx-Bypass
X-Servedbyhost
PICS-Label
X-Varnish-Cacheable
SN
Esi-Enabled
X-Sucuri-ID
X-Via-CDN
X-Webkit-CSP
Geoip-City
X-Policy
X-Litespeed-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-NWS-UUID-VERIFY
X-HS-Status
X-Request-Start
X-Developer
X-Via-Ucdn
X-Azure-Ref-OriginShield
M-TraceId
X-TIME
HostName
XServer
X-Node-Id
X-Cache-Grace
X-Cdn-Origin
X-Ocache
X-Device-Os
X-LAGOON
Dnion-Transfer-Encoding
Rt-Proxy-Cache
X-Sn-Servicetimems
X-FORWARDED-FOR
X-Fastly-Country-Code
On-Server
Tcn
X-MSEdge-Flight
X-Request-Host
Who
Cdn
A
X-MSEdge-Features
X-Method
Resin-Trace
Magicmarker
X-Cache-Ttl
X-VHOST
X-Ftr-Cache-Host
CF-Cached-On
Pics-Label
Cloudfront-Viewer-Country
X-ServedByHost
X-Cache-Status-Check
Load-Balancing
Hostname
X-VCL-Version
X-Beluga-Record
X-Beluga-Trace
GeoIP-Country-Code
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Beluga-Node
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-DC
X-Oss-Request-Id
X-Oss-Object-Type
GeoIP-Latitude
DSUID
Ohc-Response-Time
X-Zone
X-APP
NtCoent-Length
X-Be
X-Bc
X-Svr
Release
MIME-Version
X-VCT
X-Oracle-Dms-Rid
X-MServer
Cteonnt-Length
Host-ID
GeoIP-City
X-Varnish-URL
X-PF-Uncompressing
X-Fastly-Backend-Reqs
X-Varnish-Url
Ttl
X-VarnishDD-TTL
Vix-Hermes-Req-Id
X-Hp-Ccpa-Warning
X-LiteSpeed-Cache-Control
X-Varnish-Ttl
X-Newrelic-App-Data
X-Ftr-Request-Id
X-PJAX-URL
WebServer
X-Slack-Backend
X-SRV
X-Configured-By
Amp-Access-Control-Allow-Source-Origin
CACHE
X-HostName
X-DW
X-DSS
X-RPM
X-BE
X-Aicache-OS
X-RPS
Processtime
X-RSL
X-DI
X-Action
X-Ratelimit-Remaining
SD-X-WS
X-Upstream-Ct
X-Upstream-Ht
X-DB
X-SD-PageType
X-Swift-Error
X-Dynatrace
X-Dynatrace-Js-Agent
Servername
X-WR-MODIFICATION
L
X-SN
X-Tid
X-ID
X-Compress-Hint
Arc-Country
X-Processor
X-Server-Time
X-Skip-Cache
X-PAYTM-SRV-ID
X-Dispatch
Pramga
X-Cache-FS-Status
X-Cache-Id
Cache-Provider
X-Frame-Option
X-Ftr-Backend
X-StackifyID
X-Ftr-Backend-Server
X-ServerName
X-Release
Pagetype
X-Branch-Name
X-Hello
X-Flog
X-ABtesting
X-FPC
X-Ftr-Realm
Dynatrace
X-DevSite-Last-Modified
CDN
X-Ratelimit-Limit
Fastly-Drupal-HTML
X-ND-Cache
Lfy
X-Via-NSCOPI
Requestid
X-Snapshot-Date
X-LB-ID
X-Ftr-Balancer
CF-IPCountry
X-Ftr-Dc
X-Fastly-Cache-Hits
X-CACHE-AGE
X-Edge-IP
X-Cc-Via
X-Varnish-Beresp-TTL
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
Proxy-Firewall
X-Request-Url
X-Cc-Req-Id
X-Apw-Access-Action
LB
D-Cc-Upstream
X-VC
X-SB
X-Served-From
Cdn-Host
N-Cache
X-Scheme
Cdn-Request-Time
Warning
V-Cache
X-Edge-Server
X-ZONE
X-Fpc
X-WA
Inserted-Into-Cache-At
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Bc-Bl
X-Powered-Y
Backend-Name
X-Worker
Cache-Cookie-Set-Lfrom
Correlation-Id
Cache-Cookie-Set-Idcheck
X-BC
X-App
WP-Super-Cache
X-ElasticPress-Search
Lb
UCS
X-Check-Cacheable
X-Request-URL
X-Node-ID
Cache-Cookie-Set-From
X-Fastly-Cache-Status