Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Xss-Protection
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Ws-Request-Id
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
Content-Location
X-Response-Time
X-Origin-Cache
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-ORACLE-DMS-ECID
X-Cnection
X-HW
NEL
X-DataDome
X-Application-Context
X-ORACLE-DMS-RID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
X-Rack-Cache
Rating
X-Country
Pinterest-Generated-By
X-Akam-SW-Version
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-DynaTrace
X-Country-Code
X-Varnish-TTL
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-TTL
X-FTR-Request-ID
Accept-Ch
Verso
X-ESI
X-Url
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
Accept-Ch-Lifetime
X-GitHub-Request-Id
X-Exp-Id
X-Cdn-Fetch
Edge-Cache-Tag
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-B3-TraceId
RTSS
X-Px
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Powered-CMS
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Server-Name
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Vcap-Request-Id
Pagespeed
Display
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
X-Navigation-Version
X-Trace
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
TCN
X-VARITI-CCR
Public-Key-Pins
Realpath
X-Fastcgi-Cache
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Client-IP
X-Upstream
S
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Ser
MS-Author-Via
X-Shard
SPIisLatency
SPRequestDuration
X-Id
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-T
X-Recruiting
Nginx-Cache
Front-End-Https
X-Grace
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Goog-Generation
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Frontend
X-HS-Hub-Id
X-Goog-Storage-Class
X-HS-Combine-CSS
Powered
X-HS-Content-Id
Server-Name
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Edge-O15-RID
Alternate-Protocol
X-Logged-In
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Correlation-Id
TP-Cache
TP-L2-Cache
Server-Node
X-Cache-TTL
X-Webapp-Samesite-None-Activated-N
X-Shield-Request-Id
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
Upgrade-Insecure-Requests
X-XRDS-Location
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Content-Options
Refresh
X-Page-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Rid
X-Revision
X-Akamai-Edgescape
X-User-Agent
X-F-Cache
X-Varnish-Grace
Backend-Timing
Nel
X-Cache-Hit
X-Server-ID
X-ATS-Timestamp
X-XRDS-LOCATION
X-Jurisdiction
X-Type
Fastly-Restarts
X-Pad
X-Geo-Country
X-Content-Powered-By
X-Analytics
X-Activity-Id
X-Az
X-N
X-AppVersion
X-B3-Sampled
X-LB-Cache
X-Zen-Fury
X-URL
X-B
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
X-TT
PB-RID
PB-PID
X-Cache-Age
X-WebKit-CSP-Report-Only
X-AOL-HN
X-App-Environment
DC
X-Mobile-Rewrite
Actual-Object-TTL
X-Instance
X-Ruxit-Js-Agent
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Request-Guid
Arc-Version
X-Framework
Paypal-Debug-Id
X-Jobs
Access-Control-Allow-Method
X-Debug-Info
X-Signature
X-B-Cache
X-PHP-Backend
X-FB-Debug
Cache-Status
X-CST
X-Load-Cache
X-Cache-Action
X-Varnish-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
Surrogate-Key
X-Git-Hash
FilterID
Accept-CH
Host-Header
X-Ttl
X-FastCGI-Cache
X-Cached-By
X-IPLB-Instance
X-Tt-Trace-Tag
X-SS-Set-Cookie
MS-CV
X-B3-Traceid
X-Amz-Replication-Status
X-Contextid
X-Time
X-Cluster
X-Cache-Key
X-Tt-Trace-Host
X-Srv
X-ATG-Version
Frame-Options
X-Accel-Buffering
NGB
X-Response-Served-From
Tracecode
Accept-CH-Lifetime
WPE-Backend
Source
Xserver
Payment
X-Varnish-Server
X-Trafficlayer-App-Scope
Host
X-Trafficlayer-App-Name
Eomportal-Instance
Cache-Tv-Group
Filters
X-Cache-2
X-IPS-LoggedIn
X-GeoIP
X-FW-Type
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-Adobe-Content
X-FW-Static
X-FW-Server
X-Cache-Enabled
X-Varnish-Hostname
X-Adobe-Loc
X-Cache-NE
X-Cacheable-TTL
X-Region
X-FW-Serve
X-FW-Hash
X-TX-ID
X-Mobile
X-WA-Info
X-Rendered-As
X-Host-Name
X-Is-Bot
X-Kong-Upstream-Latency
Cleartype
X-Kong-Proxy-Latency
X-Seen-By
X-Oneagent-Js-Injection
Cache
Healthy
X-Cache-Rule
X-Cache-Operation
X-Via-JSL
X-Hostname
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
X-Origin-Response-Time
X-Cache-Control
X-Cache-TTL-Remaining
Datacenter
X-VCache
X-HTML-Minification-Powered-By
X-PressLabs-Stats
Retry-After
X-ProcessESI
X-RemovedCookies
Ms-Operation-Id
X-Presslabs-Stats
X-RTag
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Rule
Server-Info
X-Dc
X-RateLimit-Limit
X-Cache-Server
X-UA
From-Origin
X-Wix-Request-Id
X-Status
Version
Liferay-Portal
X-Upgrade-Enabled
X-FireWall-Port
X-Environment-Context
X-L-Path
X-Endurance-Cache-Level
X-NWS-LOG-UUID
X-Source
X-Esi
X-CACHE-KEY
X-RN-RSRV
Meta-Geo
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
Selected-Fe
OT-Force-Account-Verify
X-UUID
X-Hyper-Cache
X-Proxy-Build
X-Timing-Wait
X-Tb
X-Proto
X-Handled-By
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Backend-Name
X-ShopId
X-ShardId
X-Storage
X-EIG-Tracking-Id
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
TWC-Connection-Speed
Azure-RegionName
Azure-InstanceId
TWC-GeoIP-Country
TWC-Device-Class
Azure-SiteName
TWC-GeoIP-LatLong
NGX
L5d-Success-Class
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Ec-Rule-Version
Node
Now
Azure-Version
Azure-SlotName
Property-Id
Origin-Edge-Control
X-Web-Node
Origin-Cache-Control
S-Rt
X-Akamai-Request-ID
X-Human
X-Cache-Host
X-Soup
X-Debug-Cache
X-Cache-Config
X-BYPASS-REASON
X-Section
X-ServerID
X-AWS-Id
X-FC-Vary-Parameters
X-Time-Microsecs
X-Generated-By
X-Hl-Ver
X-VWS-Id
X-FW-Dynamic
X-Hosted-By
X-Format
X-Vgn-Hpd-Reason
X-Viewer-Country
Akamai-GRN
X-JoinUs
Webcakes-Region
X-ProxyCache-Key
X-Access
Webcakes-App-Version
X-Pubstack
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
X-Proxy
X-PCL
X-SaId
X-OCL
X-LJ-Flow-ID
X-Request-Time
X-Origin
X-Akamai-Request-ID2
X-Redis-Cache
X-Origin-Hint
X-ProxyCache-Status
Cache-Tags
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Locale
X-CCM
X-BCube-Filmed-By
X-Qloud-Router
X-IP
X-RCS-CacheZone
X-Varnish-Hits
X-Www-Served-By
X-Xfnlog-Site
X-Site-Version
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
Mn-Server-Ip
X-Generated
X-Proxy-Cache-Status
Webserver
X-Loop
X-TNCMS
X-Amzn-Remapped-Content-Length
X-Cluster-Node
X-APP-VERSION
Cache-Name
Viewport
X-FB-TRIP-ID
X-App-Server
Cross-Origin-Window-Policy
X-Detected-As
Uber-Trace-Id
X-R9-Blue-Green-Version
X-CS
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Srv
Time
X-Akamai-Transformed
X-Unique-Id
Accept-Charset
X-Drupal-Cache-Tags
X-From
GEO-INFO
X-NCache
X-Cache-Remote
X-UA-Device-Type
X-Edge-Location
X-TT-TIMESTAMP
X-Cluster-Name
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
Cache-Key
X-EC-Lua
Country
Accept-Language
Mime-Version
X-Newrelic-Synthetics
X-Mode
Odigeo-Trace-Id
X-B3-Spanid
X-Microcachable
X-Backend-TTL
Ohc-File-Size
Ohc-Cache-HIT
X-CDN-Forward
X-Geo
X-No-Session
Rt-Fastcgi-Cache
X-Info
X-Forwarded-Host
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-PHP-Host
X-Labrador-Cache-Channel
X-UPSTREAM-Address
X-Magnolia-Registration
X-Real-IP
Content-Disposition
X-Zipkin-Id
X-Whom
X-Varnish-Cache-Hits
Fastly-SSL
Cf-Ipcountry
X-Routing-Service
X-Cache-Time
X-Proxied
ServedBy
X-PERF
X-ApacheServer
Xc-Version
X-External-Request-Id
X-Aed
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Application
X-G
X-ScT
X-S-Cookie
X-Session-Fingerprint
X-SRCache-Key
X-Trv-Group
X-Transaction
X-S
X-Rojux
X-Geo-Header
X-UnsetCookies
X-GeoIP-Country-Code
X-Region-Sid
X-Rewrite-Enabled
X-Request-UUID
X-Vdms-Version
BehaviorPad-Version
X-D
X-Connection-Hash
X-A-Dcw
X-A-Dam
X-A-Ccd
VivaBuild
X-A
X-A-Dgt
X-VG-WebServer
X-Accel-Expires-Debug
X-CF-Lambda-Fn
X-Twitter-Response-Tags
X-A-Wwc
X-CF-Lambda-Version
X-VG-WebCache
Viewtype
T-Server
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
X-Destination
X-DPWN-IS-SECURE
X-B-Cookie
Access-Control-Request-Headers
GEO-REGION-INFO
Machine
Powered-By
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
X-Date
AsisCache
X-ARC
Geo-Info
X-App-Version
X-Cache-Backend
User-Cache-Control
X-Device-Type
X-Sigma
Environment
Gh-Request-Id
X-Via-Fastly
X-Rocket-Build-Number
X-Logging-Id
X-Sigma-Backend
X-SIPLIST1
Server-Surrogate-Control
X-Bip
X-Cache-ASPX
X-Cache-Debug
X-Auto-Login
X-Contensis-Viewer-Groups
X-Thanos
W
X-CUA
Server-Cache-Control
IsBot
X-VG-TLSProxy
X-TrackingId
X-Varnish-Authentication
X-WebServer
X-VC-Cache
X-Tumblr-Pixel-3
X-Uri
X-C
RNT-Time
X-Cms-Context
X-GoCache-CacheStatus
RNT-Machine
X-User
Server-Int
X-WADP-Cache
Server-ID
X-Generation-Time
Section-Io-Cache
Request-EU
X-GeoIP-City
X-Hit
Memcached
X-Clientip
X-Clara-WADP
X-Key
X-Li-Fabric
Mail-Subject
X-Irp-Debug
X-We-Are-Hiring
X-App-Name
X-Hash
X-Hnp-Log
X-IN-APIGATEWAY
X-Instart-Isnd
X-IN-APIGATEWAYSSL
Request-Country
True-Client-Country-4JS
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Log
X-Developers
X-Distil-CS
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-VServer
X-AK-Request-ID
X-Agile-Id
X-Agile-Age
X-Agile
Wxu-Next-Region
Wxu-Next-Hostname
X-FW-Version
X-Fastly-Cache
X-Li-Pop
X-Gamma-Serve
X-Gen-Mode
V-Age
X-Eu-Site
Web-Mar-Node
Wxu-Next-Commit
We-Hiring
X-Distributor
X-Epic-Correlation-Id
X-Generated-In
X-LI-UUID
AKAMAI
Apple-News-Services-Handled
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Render-Time
X-Block-Status
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Owner
X-OVcl-Cache
X-Webstats-RespID
X-Proxy-Upstream
Apple-News-Services-Request-Url
X-Req
X-Request-URI
X-Sucuri-Cache
X-Trace-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TH-Server
X-Swa-Ws
X-Cache-Info
X-Cache-URL
X-Wikidot-Backend
X-TT-LOGID
ServerName
X-Cache-Bucket
X-Wikidot-Static-Cache
X-OVcl
X-Origin-Expires
Ha-Gx-Prefs
HA-Ipaddr
X-Urbn-Context-Path
X-Backend-State
X-Ms-Version
X-Ms-Request-Id
X-Urbn-Site-Id
IBM-Web2-Location
X-LI-Proto
Locale
X-Core-Mission
Kp-EeAlive
X-Location
FNAC-ModuleRouting
Fastly-Soc-X-Request-Id
X-NX-Host
Country-Code
X-Cdn-Srv
Cdnsip
CDCHOST
Cdncip
Locid
Countrycode
X-Nginx-Cache-Key
Fastly-Backend-Name
X-NodeID
X-BBXSRF
X-CGP
X-Origin-Date
X-B3-Parentspanid
X-Is-Gdpr
X-Reboot
X-Platform-Server
X-Old-Content-Length
X-NGENIX-Cache
X-S-Maxage
X-Trafficlayer-App-Version
X-ServiceProvider
X-Service
X-NU-AKA-ACS-Version
X-Up
X-Has-Esi
X-Variation
X-Generated-On
X-Internal-Host
X-Thinkindot-L3
X-Matched-Rule
X-Cache-Tags
X-JWT-State
X-Core-Value
X-Level-Front-Cache
X-Varnish-Beresp-Status
Server-Host
X-Varnish-Beresp-Ttl
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Varnish-Beresp-Grace
Thinkindot-Control
Platform
PFcat
Adler-Geo
Cache-Host
Heartbleed
X-Azure-Ref
Is-Eu
X-Daa-Tunnel
Cache-Hits
X-Response-By
Fastly-SIE
X-Refresh
X-NC
X-Micro-Cache
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
HitType
X-Nginx-Cache
X-TA-CDN-Provider
X-Server-IP
X-Server-W
X-Lb-Id
RequestId
X-Servername
X-SERVER
X-Cdn-Forward
X-Fetched-On
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Powered-By
X-B3-SpanId
X-CSRF-TOKEN
X-Cdn-Request-ID
Memory
X-Parent-Response-Time
Media-Length
ProcessTime
X-Nc
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Origin
X-BACKEND-TTL
X-TIME
X-Ua
X-Pjax-Url
User-Agent
X-CSRF-Token
X-Pf-Uncompressing
X-Wa
X-Air-Hostname
Geoip-Latitude
X-Var-Ttl
Esi-Enabled
X-Cache-Expired-At
Pragrma
TTL
Group
X-Reqid
Filterid
X-AIR-PT
X-Correlation-ID
X-Unique-ID
SRV
X-Planisys-CDN-Rules
X-Sucuri-ID
X-Planisys-CDN-TTL
X-Sucuri-Id
X-Policy
X-NGINX-Cache
GeoIp-Country-Code
X-Vcl-Version
X-Planisys-CDN-Cache
X-Rocket-Nginx-Bypass
X-Request-Start
S-Cnection
Powered-By-ChinaCache
X-COUNTRY
PICS-Label
HostName
X-Azure-Ref-OriginShield
Rt-Proxy-Cache
SN
X-Servedbyhost
X-Litespeed-Cache
X-Webkit-CSP
X-Varnish-Cacheable
X-Via-Ucdn
X-Method
Magicmarker
Load-Balancing
M-TraceId
X-HS-Status
XServer
X-Varnish-Ttl
Geoip-City
X-Fastly-Country-Code
X-Via-CDN
X-NWS-UUID-VERIFY
DSUID
Ohc-Response-Time
X-FORWARDED-FOR
Tcn
Dnion-Transfer-Encoding
Release
X-Developer
X-VCT
X-MServer
X-Device-Os
X-Be
Resin-Trace
Who
X-Cache-Ttl
X-Node-Id
X-Svr
X-Cdn-Origin
NtCoent-Length
X-LAGOON
X-ServedByHost
X-Sn-Servicetimems
X-Cache-Grace
X-Zone
X-Hp-Ccpa-Warning
X-Ftr-Cache-Host
X-VHOST
CF-Cached-On
Vix-Hermes-Req-Id
X-Ocache
Cdn
On-Server
X-MSEdge-Flight
X-Bc
X-MSEdge-Features
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-VCL-Version
GeoIP-Country-Code
X-Ratelimit-Remaining
X-Request-Host
Cteonnt-Length
X-APP
Pics-Label
MIME-Version
A
X-Newrelic-App-Data
X-DC
GeoIP-Latitude
Ttl
X-Configured-By
X-VarnishDD-TTL
X-Oracle-Dms-Rid
Cloudfront-Viewer-Country
X-Beluga-Cache-Status
X-Beluga-Node
X-WR-MODIFICATION
X-Varnish-URL
GeoIP-City
X-Fastly-Backend-Reqs
X-SD-PageType
SD-X-WS
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Trace
X-LiteSpeed-Cache-Control
X-Cache-Status-Check
X-Varnish-Url
X-Upstream-Ht
X-SN
X-PJAX-URL
X-Compress-Hint
X-Cache-Id
X-Upstream-Ct
Hostname
X-PF-Uncompressing
X-SERVER-NAME
X-SRV
X-Via-NSCOPI
Host-ID
L
X-Tid
X-Release
X-Ftr-Request-Id
X-Ratelimit-Limit
X-HostName
X-Dynatrace
Processtime
X-BE
LB
X-Scheme
X-Aicache-OS
X-Dynatrace-Js-Agent
CDN
X-Fastly-Cache-Hits
UCS
X-Swift-Error
X-ID
Cache-Provider
CACHE
Cache-Cookie-Set-Lfrom
X-Slack-Backend
X-LB-ID
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
X-Ftr-Backend
X-ServerName
X-Varnish-Beresp-TTL
X-DSS
X-DW
X-RPM
X-RPS
X-DI
X-DB
X-StackifyID
Dynatrace
X-Action
Requestid
X-RSL
X-Ftr-Realm
Servername
X-Ftr-Balancer
X-Ftr-Dc
Lfy
CF-IPCountry
Pagetype
X-Branch-Name
X-Snapshot-Date
X-Ftr-Backend-Server
X-CACHE-AGE
Warning
Arc-Country
X-VC
X-Skip-Cache
X-SB
X-Apw-Hits
D-Cc-Upstream
X-Apw-Access-Action
X-Server-Time
X-Cc-Via
X-Cc-Req-Id
X-PAYTM-SRV-ID
X-Apw-Access-Object
X-Apw-Access-Token
WebServer
V-Cache
X-ZONE
X-Edge-IP
X-Dispatch
Proxy-Firewall
WZWS-RAY
X-Node-ID
X-Cache-FS-Status
X-FPC
X-Processor
X-Fastly-Cache-Status
NnCoection
CloudFront-Viewer-Country
Pramga
X-Flog
X-Hello
X-ABtesting
Lb
Correlation-Id
X-App
Backend-Name
X-Amzn-Remapped-Date
X-Litespeed-Cache-Control
X-Amzn-Remapped-Connection
X-BC
X-Worker
X-Powered-Y
X-Request-URL
X-ElasticPress-Search
WP-Super-Cache
X-Request-Url
X-Check-Cacheable