Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-AH-Environment
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
X-UA-Device
X-Ws-Request-Id
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
X-Dns-Prefetch-Control
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-WebKit-CSP
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-OneAgent-JS-Injection
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
X-Rack-Cache
Rating
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
Accept-Ch
X-DynaTrace
X-Ruxit-JS-Agent
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
Accept-Ch-Lifetime
X-ESI
Verso
X-TTL
X-B3-TraceId
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-GitHub-Request-Id
Edge-Cache-Tag
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Revision
RTSS
X-Px
Ar-Sid
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
X-D2id
X-Debug
X-NF-Request-ID
X-Server-Name
Charset
SPRequestGuid
X-Abt-Application-Version
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Powered-CMS
X-Amz-Rid
Arr-Disable-Session-Affinity
Pagespeed
Display
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Sol
X-Middleton-Display
X-TEC-API-VERSION
Response
X-Middleton-Response
X-Vcap-Request-Id
X-Navigation-Version
Pinterest-Version
X-Pinterest-Rid
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-Fastcgi-Cache
X-VARITI-CCR
X-Cdn
Realpath
Public-Key-Pins
TCN
X-Client-IP
Cache-Tag
Access-Control-Request-Method
S
X-Upstream
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
X-Id
SPIisLatency
SPRequestDuration
X-Hp-Webp
Nginx-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Forwarded-For
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Ezoic-Cdn
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
X-T
DynaTrace
X-Recruiting
X-Amzn-Trace-Id
X-Grace
Front-End-Https
X-ASPNET-VERSION
X-Hits
Fastcgi-Cache
X-Webkit-Csp
X-Varnish-Age
ServerID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Element-Page-Cache
NR-ENABLED
X-Node-Name
X-Content-Digest
Nel
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Edge-O15-RID
X-Goog-Generation
X-GUploader-UploadID
Powered
X-Frontend
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
Server-Name
Alternate-Protocol
X-FTR-DC
X-Cache-TTL
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
TP-Cache
X-Logged-In
TP-L2-Cache
Server-Node
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Jurisdiction
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Server-ID
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-XRDS-LOCATION
X-Page-Id
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
Refresh
X-Origin-Server
X-Revision
X-Cache-Hit
X-User-Agent
X-Akamai-Edgescape
X-Content-Options
X-Rid
X-F-Cache
X-Varnish-Grace
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Type
X-XRDS-Location
Fastly-Restarts
X-B3-Sampled
X-Zen-Fury
X-Content-Powered-By
X-Pad
X-Analytics
X-URL
X-LB-Cache
X-Activity-Id
X-AppVersion
X-Az
X-Geo-Country
X-B
X-N
X-Ttl
X-RateLimit-Remaining
X-Kinsta-Cache
X-FTR-Cache-Host
X-Oneagent-Js-Injection
PB-RID
PB-PID
X-TT
X-Cache-Age
X-CST
Arc-Version
X-AOL-HN
X-Request-Guid
X-Jobs
Cache-Status
X-WebKit-CSP-Report-Only
X-Mobile-Rewrite
X-Tumblr-Pixel
Actual-Object-TTL
DC
X-Instance
X-Framework
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Tumblr-User
X-App-Environment
X-B-Cache
X-Signature
X-Debug-Info
X-FB-Debug
Access-Control-Allow-Method
X-PHP-Backend
X-Load-Cache
X-Cache-Action
X-Time
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Erf-Bev-Bev
X-Git-Hash
Fastcgi-Useragent
FilterID
Host-Header
X-Cached-By
X-Tt-Trace-Tag
X-Contextid
X-IPLB-Instance
X-Amz-Replication-Status
MS-CV
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
Tracecode
X-ATG-Version
X-FastCGI-Cache
X-Cache-Key
NGB
X-Accel-Buffering
X-Srv
X-Response-Served-From
Frame-Options
X-FW-Static
X-RequestSource
X-FW-Type
X-FW-Serve
WPE-Backend
X-FW-Hash
X-FW-Server
X-Cache-NE
X-WA-Info
Payment
Xserver
X-Region
Eomportal-Instance
Host
X-Varnish-Server
X-Cache-2
Filters
X-GeoIP
X-Tumblr-Pixel-2
X-Adobe-Loc
X-IPS-LoggedIn
X-Is-Bot
X-Tumblr-Pixel-1
X-Rendered-As
X-Adobe-Content
X-Cache-Enabled
X-Mobile
X-Varnish-Hostname
Source
X-TX-ID
Cache-Tv-Group
X-Host-Name
X-Cacheable-TTL
X-NewRelic-App-Data
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-Seen-By
X-Cache-TTL-Remaining
X-Cache-Rule
X-Cache-Operation
X-EdgeConnect-Cache-Status
X-Origin-Response-Time
X-Via-JSL
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-VCache
X-Cache-Control
X-PressLabs-Stats
Cache
X-HTML-Minification-Powered-By
Healthy
X-Hostname
Retry-After
Datacenter
Server-Info
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Dc
X-ProcessESI
X-RemovedCookies
X-RTag
Ms-Operation-Id
X-UA
X-RateLimit-Limit
X-Presslabs-Stats
Liferay-Portal
X-Rule
X-Source
X-L-Path
X-Cache-Server
X-Environment-Context
X-NWS-LOG-UUID
X-CACHE-KEY
From-Origin
X-FireWall-Port
X-Wix-Request-Id
Version
X-Endurance-Cache-Level
X-Status
X-Upgrade-Enabled
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
X-B3-Traceid
X-Path-Route
X-Cache-Var-Map
Mn-Server-Ip
X-RCS-CacheZone
X-Handled-By
OT-Force-Account-Verify
X-Timing-Wait
X-Content-Age
X-Proxy-Build
Selected-Fe
X-Section
X-Request-Time
X-Tb
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
Azure-InstanceId
Webcakes-Region
X-Sorting-Hat-ShopId
Webcakes-App-Version
X-Sorting-Hat-PodId
Webcakes-App-Name
X-Shopify-Stage
X-AWS-Id
X-Access
X-VWS-Id
X-Qloud-Router
Azure-RegionName
X-ShardId
X-EIG-Tracking-Id
X-FW-Dynamic
X-LJ-Flow-ID
X-Origin-Hint
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShopId
X-Backend-Name
Azure-Version
Azure-SlotName
Azure-SiteName
Akamai-GRN
X-Format
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
Cache-Tags
Now
Ec-Rule-Version
Origin-Edge-Control
Decoy-Debug-Key
DB-Nickname
NGX
Decoy-Debug-TTL
Origin-Cache-Control
Node
X-UUID
X-Viewer-Country
X-Xfnlog-Site
X-Vgn-Hpd-Reason
X-ServerID
X-SaId
X-BYPASS-REASON
X-Human
X-ProxyCache-Key
X-ProxyCache-Status
X-PCL
X-Origin
X-OCL
X-Redis-Cache
X-Pubstack
X-Debug-Cache
X-FC-Vary-Parameters
X-Cluster-Node
X-Cache-Host
X-Akamai-Request-ID2
X-Generated-By
X-Hl-Ver
X-Proxy
X-JoinUs
X-Hyper-Cache
X-Hosted-By
X-Akamai-Request-ID
Decoy-Debug-Status
X-Storage
Accept-CH
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-App-Server
X-Detected-As
X-Site-Version
X-Varnish-Hits
S-Rt
X-Generated
X-CCM
X-Locale
X-Time-Microsecs
X-MP-GENERATED-AT
X-IP
X-Soup
X-Www-Served-By
X-Web-Node
Cross-Origin-Window-Policy
X-Proxy-Cache-Status
X-BCube-Filmed-By
X-Cache-Config
X-SayCDN-TTL
L5d-Success-Class
X-Say-Cacheable
X-Say-TTL
X-NYM-Debug-Backend
X-R9-Blue-Green-Version
X-Loop
X-Amzn-Remapped-Content-Length
Cache-Name
X-TNCMS
X-FB-TRIP-ID
X-CS
Viewport
X-Akamai-Transformed
Srv
Uber-Trace-Id
Accept-Charset
X-APP-VERSION
X-Esi
X-NCache
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Webserver
Time
GEO-INFO
Accept-CH-Lifetime
X-Drupal-Cache-Tags
X-Cache-Remote
X-From
X-UA-Device-Type
X-Unique-Id
X-TT-TIMESTAMP
X-Cluster-Name
Cache-Key
X-Origin-TTL
Mime-Version
X-Origin-CC
Accept-Language
X-Backend-TTL
Country
X-Drupal-Cache-Contexts
X-Edge-Location
X-Mode
X-EC-Lua
Odigeo-Trace-Id
X-CDN-Forward
X-Microcachable
Rt-Fastcgi-Cache
X-CLOUD-TRACE-CONTEXT
X-Info
X-Forwarded-Host
X-Newrelic-Synthetics
X-App-Version
X-Geo
Ohc-Cache-HIT
Ohc-File-Size
X-No-Session
X-UnsetCookies
X-ApacheServer
Proxy-Connection
X-Magnolia-Registration
X-B3-Spanid
X-Whom
X-PERF
ServedBy
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Varnish-Cache-Hits
X-UPSTREAM-Address
X-PHP-Host
X-Labrador-Cache-Channel
Geo-Info
Content-Disposition
Fastly-SSL
X-Real-IP
X-Region-Sid
X-A-Dcw
X-Rewrite-Enabled
X-Rojux
X-Request-UUID
Fastcgi-X-Cache-Version
X-B-Cookie
X-ARC
X-Application
T-Server
Rendered-Blocks
Mobile-Detection-Method
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
Viewtype
X-A
X-A-Ccd
X-A-Dam
X-A-Dgt
X-A-Wwc
VivaBuild
X-Accel-Expires-Debug
Meta-Geo-Continent
X-Connection-Hash
X-G
Content-Script-Type
Content-Style-Type
X-Geo-Header
BehaviorPad-Version
X-GeoIP-Country-Code
AsisCache
X-External-Request-Id
X-DPWN-IS-SECURE
Machine
X-D
MD5-Digest
X-Date
IsBot
GEO-REGION-INFO
X-Destination
X-Device-Type
X-S
X-Transaction
X-Vdms-Version
X-VG-WebCache
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-Trv-Group
X-Cache-Time
X-S-Cookie
Xc-Version
X-SRCache-Key
X-Vtex-Remote-Cache
Cf-Ipcountry
X-Session-Fingerprint
X-SIPLIST1
X-VG-WebServer
X-ScT
User-Cache-Control
X-Via-Fastly
X-NGENIX-Cache
X-C
Gh-Request-Id
Locid
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Environment
X-Wikidot-Static-Cache
X-WebServer
X-CUA
Apple-News-Services-Handled
FNAC-ModuleRouting
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
X-Developers
Powered-By
X-Rocket-Build-Number
X-Auto-Login
Server-Surrogate-Control
Server-Int
X-Sigma
Wxu-Next-Commit
X-VG-TLSProxy
X-Sigma-Backend
Wxu-Next-Region
Wxu-Next-Hostname
X-Bip
Server-Cache-Control
X-Cache-URL
X-App-Name
W
X-Contensis-Viewer-Groups
Access-Control-Request-Headers
RNT-Machine
X-Cache-ASPX
X-Cache-Debug
RNT-Time
X-Core-Mission
X-Wikidot-Backend
X-Tumblr-Pixel-3
X-Nginx-Cache-Key
X-TrackingId
X-Req
X-Thanos
X-Varnish-Authentication
X-VC-Cache
X-Uri
X-Logging-Id
X-Cache-Backend
X-GoCache-CacheStatus
X-Ms-Version
X-Origin-Expires
X-Block-Status
X-OVcl
X-Agile-Age
X-Cache-Bucket
X-Origin-Date
X-OVcl-Cache
X-Cache-Info
X-Agile-Id
X-NodeID
X-NX-Host
X-Trace-Id
X-Cdn-Srv
X-BBXSRF
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Render-Time
X-Hit
X-SVT-ORM-VERSION
X-RateLimit-Remaining-Second
X-Request-URI
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Eu-Site
X-Epic-Correlation-Id
X-CGP
X-Clara-WADP
X-Backend-State
X-Azure-Ref
X-Swa-Ws
X-AK-Request-ID
X-Owner
X-Distil-CS
X-TH-Server
HA-Ipaddr
X-IN-APIGATEWAYSSL
X-Fastly-Cache
X-IN-APIGATEWAY
X-Instart-Isnd
X-Irp-Debug
X-Distributor
X-Li-Fabric
X-Key
X-Webstats-RespID
X-FW-Version
X-WADP-Cache
X-GeoIP-City
X-VServer
X-Generation-Time
X-Generated-In
X-Hnp-Log
X-Gamma-Serve
X-Gen-Mode
X-Dispatcher-Server
X-Li-Pop
X-TT-LOGID
X-Urbn-Context-Path
CDCHOST
Ha-Gx-Prefs
X-Micro-Cache
X-Agile
X-Ms-Request-Id
X-Hash
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-LI-UUID
X-Urbn-Site-Id
X-LI-Proto
X-Debug-Log
X-Debug-Cookies
X-Location
X-Debug-Cache-Store
X-Cms-Context
Request-Country
Server-ID
AKAMAI
Cdncip
Mail-Subject
Cdnsip
Section-Io-Cache
IBM-Web2-Location
Memcached
Request-EU
X-Varnish-Beresp-Ttl
Cache-Host
Kp-EeAlive
V-Age
Web-Mar-Node
We-Hiring
Heartbleed
Locale
X-Varnish-Beresp-Status
True-Client-Country-4JS
X-Varnish-Beresp-Grace
Country-Code
HitType
X-Nc
X-B3-Parentspanid
Fastly-SIE
X-Generated-On
Fastly-SWR
X-User
ServerName
X-Old-Content-Length
X-S-Maxage
X-Reboot
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Matched-Rule
X-Service
X-Server-W
X-Thinkindot-L3
X-Internal-Host
X-Level-Front-Cache
X-ServiceProvider
X-Trafficlayer-App-Version
Countrycode
X-Clientip
PFcat
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-We-Are-Hiring
X-Core-Value
Server-Host
X-Daa-Tunnel
X-B3-SpanId
X-TA-CDN-Provider
X-Nginx-Cache
X-Fetched-On
X-Cache-Tags
Is-Eu
X-JWT-State
Adler-Geo
X-Is-Gdpr
X-Lb-Id
X-Response-By
X-Has-Esi
X-Platform-Server
X-Refresh
X-Variation
X-SERVER
X-NU-AKA-ACS-Version
Platform
Cache-Hits
X-Up
RequestId
X-Server-IP
X-Servername
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Powered-By
X-Cdn-Forward
X-Tec-Api-Origin
ProcessTime
X-Parent-Response-Time
X-Tec-Api-Version
X-Tec-Api-Root
X-CSRF-TOKEN
Memory
Media-Length
X-Pjax-Url
X-Air-Hostname
X-NC
Origin
X-Cdn-Request-ID
X-BACKEND-TTL
X-Unique-ID
X-Wa
Group
User-Agent
X-Cache-Expired-At
X-CSRF-Token
X-Var-Ttl
Filterid
Pragrma
X-Sucuri-Id
X-Pf-Uncompressing
Geoip-Latitude
TTL
X-Correlation-ID
X-Ua
SRV
GeoIp-Country-Code
X-Vcl-Version
Powered-By-ChinaCache
S-Cnection
X-NGINX-Cache
X-COUNTRY
Esi-Enabled
X-Reqid
X-AIR-PT
X-Rocket-Nginx-Bypass
X-TIME
X-Planisys-CDN-TTL
X-Policy
SN
X-Varnish-Cacheable
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Tcn
X-Sucuri-ID
PICS-Label
Geoip-City
X-Request-Start
X-Azure-Ref-OriginShield
X-Litespeed-Cache
X-Webkit-CSP
X-Servedbyhost
HostName
X-Via-CDN
Rt-Proxy-Cache
X-Via-Ucdn
XServer
Dnion-Transfer-Encoding
X-Developer
X-HS-Status
M-TraceId
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
X-Device-Os
X-Node-Id
Magicmarker
X-Cache-Grace
X-Cdn-Origin
X-Method
X-LAGOON
X-Fastly-Country-Code
X-Sn-Servicetimems
X-Ocache
Load-Balancing
X-Cache-Ttl
On-Server
Resin-Trace
Cdn
Who
X-Ftr-Cache-Host
X-VHOST
Pics-Label
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
X-ServedByHost
CF-Cached-On
A
Ohc-Response-Time
DSUID
NtCoent-Length
X-Svr
X-Be
Release
Cloudfront-Viewer-Country
X-VCT
X-MServer
X-Bc
X-APP
Vix-Hermes-Req-Id
GeoIP-Country-Code
X-Cache-Status-Check
X-Oss-Request-Id
X-VCL-Version
X-Beluga-Node
X-Beluga-Trace
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Zone
X-Oss-Object-Type
X-Beluga-Status
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Hp-Ccpa-Warning
X-Oracle-Dms-Rid
MIME-Version
Hostname
X-Varnish-URL
Cteonnt-Length
GeoIP-Latitude
X-VarnishDD-TTL
X-Fastly-Backend-Reqs
X-Varnish-Url
Ttl
X-LiteSpeed-Cache-Control
X-DC
X-HostName
GeoIP-City
X-Newrelic-App-Data
X-Configured-By
Host-ID
X-PF-Uncompressing
SD-X-WS
X-PJAX-URL
X-Ftr-Request-Id
X-SRV
X-SD-PageType
X-Upstream-Ct
X-Upstream-Ht
WebServer
CACHE
X-WR-MODIFICATION
X-Ratelimit-Remaining
Processtime
X-Slack-Backend
X-BE
X-Cache-Id
X-Compress-Hint
X-Dynatrace
X-SN
X-Tid
X-Aicache-OS
Servername
X-Dynatrace-Js-Agent
X-Release
X-Swift-Error
Cache-Provider
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-Action
X-DB
X-DI
X-Via-NSCOPI
X-ID
X-ServerName
L
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
Dynatrace
X-StackifyID
X-Ratelimit-Limit
X-Ftr-Dc
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Realm
Pagetype
X-Cache-FS-Status
X-Dispatch
X-PAYTM-SRV-ID
Pramga
Arc-Country
X-Server-Time
X-Processor
X-Fastly-Cache-Hits
Lfy
X-Ftr-Backend-Server
LB
X-Snapshot-Date
Requestid
CF-IPCountry
X-LB-ID
CDN
X-Scheme
X-Branch-Name
X-CACHE-AGE
X-Apw-Access-Object
Fastly-Drupal-HTML
X-Cc-Req-Id
Warning
D-Cc-Upstream
X-ND-Cache
Proxy-Firewall
X-Node-ID
X-Skip-Cache
X-Apw-Access-Action
X-Cc-Via
X-VC
X-Flog
X-Apw-Access-Token
X-Hello
X-Apw-Hits
V-Cache
X-Edge-IP
X-ZONE
X-FPC
Cache-Cookie-Set-From
X-Request-Url
X-Varnish-Beresp-TTL
X-SB
UCS
X-ABtesting
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
NnCoection
X-Served-From
N-Cache
X-DevSite-Last-Modified
X-Powered-Y
WP-Super-Cache
Lb
X-Litespeed-Cache-Control
X-Worker
X-BC
X-ElasticPress-Search
X-Request-URL
Backend-Name
Correlation-Id
X-App
X-Check-Cacheable
X-Fastly-Cache-Status