Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Accept-Ch
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-FTR-Request-ID
X-ESI
Accept-Ch-Lifetime
Verso
X-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
Edge-Cache-Tag
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
Ar-Sid
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
RTSS
X-Px
X-D2id
X-Debug
X-Server-Name
Charset
SPRequestGuid
X-Abt-Application-Version
X-NF-Request-ID
X-Vcache
X-Amz-Server-Side-Encryption
X-Cached
X-Accel-Expires
X-MSEdge-Ref
X-Amz-Rid
X-Powered-CMS
Response
Display
X-Middleton-Display
Pagespeed
X-Sol
X-Middleton-Response
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Fastcgi-Cache
X-Navigation-Version
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
X-SRCache-Store-Status
X-Trace
X-SRCache-Fetch-Status
X-Cdn
X-VARITI-CCR
Realpath
TCN
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
S
X-Upstream
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPIisLatency
X-Id
SPRequestDuration
Nginx-Cache
X-Hp-Webp
X-Ezoic-Cdn
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Content-Type
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Grace
Nel
X-Amzn-Trace-Id
X-Recruiting
Front-End-Https
X-ASPNET-VERSION
X-Hits
X-Aspnet-Version
Fastcgi-Cache
X-Varnish-Age
ServerID
X-Edge-O15-RID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Frontend
Powered
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Cache-TTL
Server-Name
Alternate-Protocol
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
Server-Node
X-Logged-In
TP-L2-Cache
TP-Cache
X-Jurisdiction
X-Correlation-Id
X-Request-Processing-Time
X-Request-Received
X-Webkit-Csp
X-Microsite
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
Upgrade-Insecure-Requests
X-Server-ID
X-Page-Id
X-XRDS-LOCATION
X-Cache-Hit
Refresh
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Akamai-Edgescape
X-Revision
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Type
X-F-Cache
X-Rid
X-User-Agent
X-Shield-Request-Id
X-Varnish-Grace
X-XRDS-Location
X-Webapp-Samesite-None-Activated-N
Fastly-Restarts
X-Zen-Fury
X-Content-Powered-By
X-Geo-Country
X-B3-Sampled
X-LB-Cache
X-URL
X-Activity-Id
X-AppVersion
X-B
X-Az
X-Pad
X-N
X-RateLimit-Remaining
X-Analytics
X-Ttl
X-CST
X-FTR-Cache-Host
X-Kinsta-Cache
PB-RID
PB-PID
X-Ruxit-Js-Agent
Cache-Status
Arc-Version
X-Mobile-Rewrite
X-TT
X-Cache-Age
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Instance
X-Framework
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Jobs
X-Debug-Info
DC
X-App-Environment
Actual-Object-TTL
Paypal-Debug-Id
X-Signature
X-B-Cache
X-Time
X-FB-Debug
X-PHP-Backend
Access-Control-Allow-Method
X-Cache-Action
X-Load-Cache
Surrogate-Key
X-Git-Hash
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Varnish-Backend
X-Cached-By
Fastcgi-Useragent
Host-Header
X-Tt-Trace-Tag
X-IPLB-Instance
X-Contextid
X-Amz-Replication-Status
MS-CV
FilterID
X-Tt-Trace-Host
X-SS-Set-Cookie
X-ATG-Version
X-Cluster
Tracecode
X-Cache-Key
X-Accel-Buffering
X-Response-Served-From
X-WA-Info
NGB
Frame-Options
WPE-Backend
X-Srv
X-Cache-NE
X-Varnish-Server
Payment
Xserver
X-Mobile
X-FW-Static
Host
X-FW-Server
Eomportal-Instance
X-Region
X-FW-Serve
X-Cache-2
X-FW-Hash
X-FW-Type
X-Adobe-Loc
X-Rendered-As
X-Cache-Enabled
X-Host-Name
X-Is-Bot
X-IPS-LoggedIn
X-RequestSource
Filters
Source
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Kong-Upstream-Latency
X-GeoIP
X-Kong-Proxy-Latency
X-Adobe-Content
X-Varnish-Hostname
X-Cacheable-TTL
X-Cache-Rule
X-Oneagent-Js-Injection
X-Cache-Operation
Cache-Tv-Group
X-NewRelic-App-Data
X-TX-ID
X-EdgeConnect-Cache-Status
Cleartype
X-Seen-By
X-Cache-TTL-Remaining
X-ORACLE-APMCS-TAG
X-Origin-Response-Time
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-FastCGI-Cache
X-VCache
Cache
X-Hostname
Retry-After
X-Presslabs-Stats
Server-Info
X-Cache-Control
X-B3-Traceid
X-HTML-Minification-Powered-By
Healthy
Datacenter
X-RemovedCookies
X-ProcessESI
X-UA
X-Dc
X-RTag
X-PressLabs-Stats
Ms-Operation-Id
X-RateLimit-Limit
X-NWS-LOG-UUID
Liferay-Portal
X-Source
X-Environment-Context
From-Origin
X-Cache-Server
X-L-Path
X-FireWall-Port
X-Trafficlayer-App-Name
X-Rule
X-Trafficlayer-App-Scope
X-Upgrade-Enabled
X-CACHE-KEY
X-Endurance-Cache-Level
Version
X-Wix-Request-Id
X-Status
X-App-Server
Meta-Geo
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
X-Path-Route
X-Access
X-Proxy-Build
X-Handled-By
X-Section
OT-Force-Account-Verify
X-Timing-Wait
X-Format
Selected-Fe
X-Tb
X-Shopify-Generated-Cart-Token
X-ShopId
X-Human
X-ShardId
X-Sorting-Hat-PodId
X-PCL
X-OCL
X-Origin
Mn-Server-Ip
Akamai-GRN
X-Request-Time
X-Proto
X-Shopify-Stage
Azure-SlotName
X-Backend-Name
X-Sorting-Hat-ShopId
Cache-Tags
X-BYPASS-REASON
Azure-SiteName
Azure-InstanceId
X-Content-Age
Azure-RegionName
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-Version
X-ProxyCache-Key
Accept-CH
X-Alternate-Cache-Key
X-ProxyCache-Status
Property-Id
Origin-Edge-Control
Decoy-Debug-Key
X-Origin-Hint
TWC-Connection-Speed
TWC-Device-Class
Origin-Cache-Control
Ec-Rule-Version
Decoy-Debug-Status
X-VWS-Id
NGX
DB-Nickname
Now
X-Proxy
X-LJ-Flow-ID
X-Vgn-Hpd-Reason
X-Viewer-Country
X-Hosted-By
X-UUID
X-Hyper-Cache
X-Akamai-Request-ID2
X-Hl-Ver
X-AWS-Id
X-Debug-Cache
X-Cluster-Node
X-Cache-Host
X-FC-Vary-Parameters
X-Generated-By
X-FW-Dynamic
X-ServerID
X-SaId
X-Qloud-Router
Webcakes-App-Name
X-Pubstack
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-JoinUs
X-Akamai-Request-ID
X-Redis-Cache
X-RCS-CacheZone
X-MP-GENERATED-AT
TWC-GeoIP-Country
Decoy-Debug-TTL
X-Storage
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-IP
X-Generated
X-Cache-Config
S-Rt
X-Locale
X-Detected-As
X-Www-Served-By
X-Time-Microsecs
X-Soup
X-Site-Version
X-Proxy-Cache-Status
X-Varnish-Hits
X-NYM-Debug-Backend
X-Web-Node
X-Xfnlog-Site
X-CCM
Cross-Origin-Window-Policy
X-Say-TTL
X-R9-Blue-Green-Version
X-SayCDN-TTL
X-Say-Cacheable
L5d-Success-Class
X-Amzn-Remapped-Content-Length
X-TNCMS
Srv
X-FB-TRIP-ID
X-Loop
Node
X-APP-VERSION
X-Akamai-Transformed
X-BCube-Filmed-By
Cache-Name
X-CS
Accept-Charset
Viewport
Uber-Trace-Id
GEO-INFO
X-NCache
X-Esi
Accept-CH-Lifetime
X-Drupal-Cache-Tags
Webserver
VIX-Pulpo-Node
X-UA-Device-Type
Time
VIX-Pulpo-Upstream-Status
X-From
X-Cache-Remote
Cache-Key
Mime-Version
X-Unique-Id
X-Origin-TTL
X-Cluster-Name
X-Origin-CC
X-TT-TIMESTAMP
Accept-Language
X-Backend-TTL
X-Drupal-Cache-Contexts
Country
Odigeo-Trace-Id
X-Edge-Location
X-Mode
X-CDN-Forward
X-Forwarded-Host
Rt-Fastcgi-Cache
X-Microcachable
X-UnsetCookies
X-Info
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
X-Newrelic-Synthetics
X-B3-Spanid
X-Geo
X-Varnish-Cache-Hits
X-Whom
X-Magnolia-Registration
X-ApacheServer
X-PERF
Proxy-Connection
Ohc-File-Size
Ohc-Cache-HIT
ServedBy
X-No-Session
X-UPSTREAM-Address
Content-Disposition
Geo-Info
X-App-Version
X-NGENIX-Cache
X-Zipkin-Id
X-Device-Type
X-Routing-Service
Cf-Ipcountry
X-Proxied
X-CF-Lambda-Fn
X-Aed
BehaviorPad-Version
Apple-News-Services-Request-Url
AsisCache
Apple-News-Services-Parsed-Url
Mobile-Detection-Method
Machine
X-DPWN-IS-SECURE
X-Accel-Expires-Debug
MD5-Digest
X-External-Request-Id
X-GeoIP-Country-Code
X-Via-Fastly
Meta-Geo-Continent
X-B-Cookie
Apple-News-Services-Host
X-Application
Viewtype
Apple-News-Services-Handled
X-Geo-Header
X-ARC
Rendered-Blocks
X-A-Ccd
X-VG-WebCache
X-VG-TLSProxy
X-A-Wwc
Content-Script-Type
VivaBuild
T-Server
X-G
X-Connection-Hash
X-A
X-Transaction
X-Trv-Group
X-D
X-Vtex-Processado-Em
X-Date
Fastcgi-X-Cache-Version
X-Vdms-Version
Content-Style-Type
W
X-Twitter-Response-Tags
GEO-REGION-INFO
X-SRCache-Key
X-Real-IP
X-A-Dam
X-Request-UUID
X-Rewrite-Enabled
X-A-Dcw
X-Destination
X-A-Dgt
Xc-Version
X-Region-Sid
X-Rocket-Build-Number
X-Rojux
X-Sigma
X-Sigma-Backend
X-CF-Lambda-Version
X-Session-Fingerprint
X-VG-WebServer
X-S
X-S-Cookie
X-ScT
X-Vtex-Remote-Cache
X-C
X-Labrador-Cache-Channel
X-Nc
X-PHP-Host
X-Cache-Time
X-Uri
User-Cache-Control
X-CUA
X-Contensis-Viewer-Groups
Fastly-Soc-X-Request-Id
IsBot
HA-Ipaddr
CDCHOST
X-CGP
X-Developers
X-Distil-CS
Ha-Gx-Prefs
Environment
X-Epic-Correlation-Id
Gh-Request-Id
X-Eu-Site
X-Render-Time
X-SIPLIST1
X-Sucuri-Cache
Server-Surrogate-Control
Server-Cache-Control
X-Agile
X-App-Name
X-Agile-Id
X-Thanos
X-TrackingId
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
Fastly-SSL
X-VC-Cache
X-Tumblr-Pixel-3
X-Varnish-Authentication
Powered-By
X-Agile-Age
X-Cache-ASPX
X-Logging-Id
Locid
X-Cache-Debug
X-Bip
X-Hit
X-Auto-Login
X-Backend-State
X-GoCache-CacheStatus
HitType
X-Cache-Bucket
We-Hiring
X-Clara-WADP
X-Cdn-Srv
X-Cache-URL
X-AK-Request-ID
Wxu-Next-Commit
Wxu-Next-Region
X-Block-Status
X-BBXSRF
X-Cache-Info
Wxu-Next-Hostname
X-Cms-Context
X-Cache-Backend
Web-Mar-Node
X-Micro-Cache
X-Owner
X-OVcl-Cache
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-OVcl
X-Origin-Expires
X-Nginx-Cache-Key
X-Ms-Version
X-NodeID
X-NX-Host
X-Origin-Date
X-Req
X-Request-URI
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VServer
X-WADP-Cache
X-Webstats-RespID
X-TT-LOGID
X-Trace-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-TH-Server
X-Ms-Request-Id
X-Location
X-FW-Version
X-Fastly-Cache
X-Gamma-Serve
X-Gen-Mode
X-Generated-In
X-Distributor
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Generation-Time
X-GeoIP-City
X-Li-Fabric
X-Key
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Irp-Debug
X-Instart-Isnd
X-Hash
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Core-Mission
X-Azure-Ref
AKAMAI
Cache-Host
Cdncip
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Heartbleed
X-Varnish-Beresp-Grace
Memcached
Cdnsip
FNAC-ModuleRouting
Kp-EeAlive
IBM-Web2-Location
Fastly-Backend-Name
Locale
Mail-Subject
Country-Code
Request-EU
Request-Country
Server-Int
V-Age
X-Daa-Tunnel
True-Client-Country-4JS
Section-Io-Cache
Server-ID
RNT-Machine
RNT-Time
Access-Control-Request-Headers
X-Rebelmouse-Cache-Control
X-Core-Value
X-User
Fastly-SIE
X-We-Are-Hiring
X-Server-W
X-Clientip
X-Fetched-On
Countrycode
Fastly-SWR
X-Old-Content-Length
ServerName
X-Generated-On
X-Service
X-Reboot
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
X-Thinkindot-L3
X-Level-Front-Cache
X-Matched-Rule
X-Trafficlayer-App-Version
X-Nginx-Cache
Thinkindot-CacheControl-Type
Server-Host
Thinkindot-Control
Thinkindot-CacheControl
PFcat
X-B3-Parentspanid
X-Is-Gdpr
Platform
X-JWT-State
X-Has-Esi
X-Lb-Id
X-Internal-Host
X-Refresh
X-Up
X-Variation
X-S-Maxage
X-Response-By
X-NU-AKA-ACS-Version
Adler-Geo
X-SERVER
X-Platform-Server
Is-Eu
Cache-Hits
X-Cache-Tags
X-TA-CDN-Provider
X-Servername
RequestId
X-B3-SpanId
Filterid
X-Cdn-Forward
X-CF-Powered-By
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tb-Optimization-Total-Bytes-Saved
X-Server-IP
X-Air-Hostname
ProcessTime
X-Tec-Api-Version
X-CSRF-TOKEN
X-Parent-Response-Time
Memory
X-BACKEND-TTL
Group
X-Cache-Expired-At
X-Pjax-Url
X-Var-Ttl
X-Unique-ID
Pragrma
User-Agent
Origin
X-Sucuri-Id
X-NC
X-Wa
Media-Length
X-CSRF-Token
X-Cdn-Request-ID
S-Cnection
Powered-By-ChinaCache
Geoip-Latitude
X-Pf-Uncompressing
TTL
X-Ua
SRV
X-Correlation-ID
X-Vcl-Version
GeoIp-Country-Code
X-COUNTRY
X-NGINX-Cache
X-Reqid
X-Rocket-Nginx-Bypass
Geoip-City
X-AIR-PT
Esi-Enabled
PICS-Label
X-Varnish-Cacheable
SN
Tcn
X-Sucuri-ID
X-Litespeed-Cache
X-Webkit-CSP
X-Policy
X-Servedbyhost
X-Via-CDN
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-NWS-UUID-VERIFY
X-Via-Ucdn
X-Request-Start
Dnion-Transfer-Encoding
X-Developer
X-Azure-Ref-OriginShield
X-HS-Status
M-TraceId
X-TIME
XServer
HostName
Rt-Proxy-Cache
X-Device-Os
X-Cache-Grace
X-Cdn-Origin
X-Ocache
X-Node-Id
X-Sn-Servicetimems
X-LAGOON
X-FORWARDED-FOR
On-Server
X-Fastly-Country-Code
X-MSEdge-Flight
X-Request-Host
X-Cache-Ttl
Magicmarker
X-Method
Cdn
X-MSEdge-Features
Who
Resin-Trace
A
X-VHOST
X-Ftr-Cache-Host
Pics-Label
Cloudfront-Viewer-Country
CF-Cached-On
X-ServedByHost
X-Cache-Status-Check
Load-Balancing
Hostname
X-Beluga-Status
X-Beluga-Trace
X-APP
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Ohc-Response-Time
X-Svr
X-VCL-Version
X-Zone
NtCoent-Length
DSUID
X-Bc
X-Be
GeoIP-Country-Code
Release
MIME-Version
X-Oracle-Dms-Rid
X-VCT
X-MServer
Vix-Hermes-Req-Id
X-Varnish-Url
Ttl
X-Varnish-URL
Host-ID
X-Fastly-Backend-Reqs
GeoIP-Latitude
Cteonnt-Length
X-VarnishDD-TTL
X-DC
X-Hp-Ccpa-Warning
X-LiteSpeed-Cache-Control
X-Varnish-Ttl
X-HostName
X-Newrelic-App-Data
X-PF-Uncompressing
GeoIP-City
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
X-Slack-Backend
WebServer
X-Ftr-Request-Id
X-Configured-By
X-SRV
CACHE
X-RPS
X-Aicache-OS
X-RPM
X-Dynatrace
Processtime
SD-X-WS
X-BE
X-RSL
X-Upstream-Ht
X-Swift-Error
X-DI
X-SD-PageType
X-Ratelimit-Remaining
X-Action
X-Upstream-Ct
X-DSS
X-DB
X-DW
Servername
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
Cache-Provider
X-Tid
L
X-ID
X-Compress-Hint
X-Cache-Id
X-Server-Time
Pramga
Arc-Country
X-SN
X-Cache-FS-Status
X-Processor
X-ServerName
X-Dispatch
X-PAYTM-SRV-ID
X-Frame-Option
X-Flog
X-ND-Cache
Lfy
X-Hello
Fastly-Drupal-HTML
X-Via-NSCOPI
X-Skip-Cache
X-FPC
Pagetype
CF-IPCountry
X-StackifyID
X-Fastly-Cache-Hits
X-ABtesting
X-Ratelimit-Limit
X-Branch-Name
X-Ftr-Realm
X-Snapshot-Date
X-Release
Requestid
Dynatrace
X-LB-ID
CDN
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
X-CACHE-AGE
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
X-Apw-Hits
X-ZONE
X-Varnish-Beresp-TTL
X-Edge-IP
X-Scheme
Warning
X-Served-From
X-Apw-Access-Action
V-Cache
Cdn-Request-Time
X-Edge-Server
Proxy-Firewall
Cdn-Host
X-Apw-Access-Object
LB
X-Apw-Access-Token
N-Cache
X-VC
X-SB
X-DevSite-Last-Modified
X-Request-Url
X-Bc-Bl
X-WA
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Node-ID
X-App
X-BC
X-Worker
Correlation-Id
Backend-Name
UCS
Lb
WP-Super-Cache
X-ElasticPress-Search
X-Request-URL
X-Check-Cacheable
X-Powered-Y
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fastly-Cache-Status