Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Cache-Group
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Ws-Request-Id
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Edge-Control
X-Rack-Cache
Rating
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-FTR-Request-ID
X-ESI
Verso
X-TTL
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
Edge-Cache-Tag
RTSS
AR-ATIME
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-CACHE
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
Charset
SPRequestGuid
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Powered-CMS
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Vcache
X-Middleton-Display
X-Sol
Pagespeed
Display
Response
X-Vcap-Request-Id
X-Middleton-Response
X-Navigation-Version
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
X-Client-IP
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
X-Upstream
S
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPIisLatency
X-Id
SPRequestDuration
Nginx-Cache
X-Hp-Webp
X-Ezoic-Cdn
X-Mrf-Section-Lastmod
X-Forwarded-For
X-Content-Type
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Amzn-Trace-Id
X-Grace
X-Recruiting
Front-End-Https
X-Hits
Fastcgi-Cache
Nel
X-Varnish-Age
X-Aspnet-Version
ServerID
X-DIS-Request-ID
X-Edge-O15-RID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
NR-ENABLED
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
Powered
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-FTR-Expires
X-Goog-Stored-Content-Encoding
X-FTR-Cache-Status
X-Country-Code-Real
X-Goog-Metageneration
Server-Name
X-Cache-TTL
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
Alternate-Protocol
X-FTR-Realm
X-FTR-DC
X-Logged-In
TP-L2-Cache
TP-Cache
Server-Node
X-Correlation-Id
X-Jurisdiction
X-XRDS-LOCATION
X-Webkit-Csp
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
Backend-Timing
X-ATS-Timestamp
Upgrade-Insecure-Requests
X-Page-Id
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-Content-Options
Refresh
X-Origin-Server
X-Revision
X-Rid
X-User-Agent
X-Cache-Hit
X-Akamai-Edgescape
X-F-Cache
X-Varnish-Grace
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Server-ID
X-Type
X-Webapp-Samesite-None-Activated-N
Fastly-Restarts
X-XRDS-Location
X-Content-Powered-By
X-Zen-Fury
X-Geo-Country
X-B3-Sampled
X-LB-Cache
X-Activity-Id
X-Az
X-AppVersion
X-B
X-Pad
X-URL
X-Analytics
X-FTR-Cache-Host
X-N
X-Kinsta-Cache
PB-PID
X-CST
PB-RID
Arc-Version
X-Mobile-Rewrite
X-RateLimit-Remaining
X-Ttl
Cache-Status
X-TT
X-AOL-HN
X-Cache-Age
X-WebKit-CSP-Report-Only
X-B-Cache
X-Framework
DC
X-Jobs
Actual-Object-TTL
X-Signature
X-Request-Guid
X-App-Environment
Paypal-Debug-Id
X-Tumblr-Pixel
X-Ruxit-Js-Agent
X-Instance
X-Tumblr-User
X-Tumblr-Pixel-0
X-Debug-Info
Access-Control-Allow-Method
X-FB-Debug
X-PHP-Backend
X-Cache-Action
X-Time
X-Load-Cache
X-Git-Hash
X-Varnish-Backend
X-Erf-Bev-Bev
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Cached-By
X-Tt-Trace-Tag
Host-Header
Fastcgi-Useragent
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
X-FastCGI-Cache
MS-CV
X-SS-Set-Cookie
X-Tt-Trace-Host
FilterID
X-Cluster
X-Cache-Key
X-ATG-Version
Tracecode
X-Srv
Frame-Options
NGB
X-Response-Served-From
X-Accel-Buffering
X-VCache
X-WA-Info
X-Cache-NE
WPE-Backend
X-FW-Hash
X-FW-Type
Payment
X-Varnish-Server
X-Mobile
X-Region
X-FW-Static
X-FW-Serve
Host
Eomportal-Instance
X-FW-Server
X-Adobe-Content
X-Cache-Enabled
X-Cacheable-TTL
Source
Filters
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tv-Group
X-GeoIP
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Cache-2
X-Tumblr-Pixel-1
X-RequestSource
X-Is-Bot
X-Rendered-As
X-Host-Name
X-Adobe-Loc
X-TX-ID
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
Xserver
Cleartype
X-Cache-Operation
X-Via-JSL
X-Cache-Rule
X-Seen-By
X-Hostname
X-Origin-Response-Time
X-Oneagent-Js-Injection
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cache-TTL-Remaining
X-Presslabs-Stats
Cache
Retry-After
Healthy
X-Cache-Control
X-HTML-Minification-Powered-By
Datacenter
Server-Info
X-UA
X-RemovedCookies
X-Dc
X-ProcessESI
Accept-CH
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-RTag
Ms-Operation-Id
X-B3-Traceid
X-NWS-LOG-UUID
Liferay-Portal
X-RateLimit-Limit
X-Source
X-Cache-Server
X-Environment-Context
X-Rule
X-L-Path
X-PressLabs-Stats
X-FireWall-Port
From-Origin
X-Endurance-Cache-Level
X-Wix-Request-Id
Version
X-Upgrade-Enabled
X-Status
X-CACHE-KEY
X-Handled-By
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-Path-Route
X-App-Server
X-RN-RSRV
Accept-CH-Lifetime
Meta-Geo
OT-Force-Account-Verify
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-Section
Azure-RegionName
X-Request-Time
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Mn-Server-Ip
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Storage
X-Backend-Name
Akamai-GRN
Cache-Tags
X-Tb
X-Content-Age
X-Shopify-Generated-Cart-Token
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-ShopId
X-Format
X-Proto
X-Access
Azure-Version
X-ShardId
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-Sorting-Hat-ShopId
Origin-Cache-Control
Origin-Edge-Control
Now
X-Vgn-Hpd-Reason
X-Pubstack
X-Proxy-Cache-Status
Property-Id
S-Rt
TWC-Connection-Speed
X-Viewer-Country
X-Qloud-Router
X-Proxy
NGX
Ec-Rule-Version
X-Soup
Decoy-Debug-TTL
DB-Nickname
Decoy-Debug-Status
TWC-Device-Class
X-ServerID
X-Redis-Cache
Decoy-Debug-Key
X-Time-Microsecs
X-SaId
Node
TWC-GeoIP-LatLong
X-OCL
X-FC-Vary-Parameters
X-FW-Dynamic
X-Generated-By
X-Human
X-AWS-Id
X-Origin
X-Cache-Config
X-Cluster-Node
X-ProxyCache-Key
X-VWS-Id
X-Debug-Cache
X-PCL
X-Cache-Host
X-Hl-Ver
X-Akamai-Request-ID2
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-Country
X-ProxyCache-Status
X-Web-Node
Webcakes-Region
X-BYPASS-REASON
X-Hosted-By
X-Hyper-Cache
X-JoinUs
X-LJ-Flow-ID
X-Origin-Hint
X-UUID
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-Hits
X-Site-Version
X-APP-VERSION
X-IP
X-Say-Cacheable
X-Locale
X-Xfnlog-Site
X-Www-Served-By
X-NYM-Debug-Backend
X-Detected-As
X-MP-GENERATED-AT
X-SayCDN-TTL
X-Say-TTL
Cross-Origin-Window-Policy
X-BCube-Filmed-By
X-RCS-CacheZone
X-CCM
X-Generated
X-FB-TRIP-ID
X-Loop
X-TNCMS
X-R9-Blue-Green-Version
X-Amzn-Remapped-Content-Length
GEO-INFO
Srv
X-Akamai-Transformed
L5d-Success-Class
Accept-Charset
Cache-Name
Viewport
X-CS
Uber-Trace-Id
X-NCache
X-Unique-Id
X-Drupal-Cache-Tags
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Esi
X-Cache-Remote
X-UA-Device-Type
X-From
Webserver
X-TT-TIMESTAMP
Time
Cache-Key
X-Cluster-Name
X-Origin-TTL
X-Origin-CC
Accept-Language
X-Backend-TTL
X-Drupal-Cache-Contexts
X-Edge-Location
X-CDN-Forward
Country
Mime-Version
Odigeo-Trace-Id
X-Mode
X-EC-Lua
Rt-Fastcgi-Cache
X-Microcachable
X-B3-Spanid
X-Info
X-Forwarded-Host
Ohc-Cache-HIT
Ohc-File-Size
X-Newrelic-Synthetics
X-Geo
X-UnsetCookies
X-CLOUD-TRACE-CONTEXT
X-Whom
X-Magnolia-Registration
X-No-Session
X-PERF
X-ApacheServer
Proxy-Connection
ServedBy
X-Varnish-Cache-Hits
Content-Disposition
X-UPSTREAM-Address
X-PHP-Host
X-Labrador-Cache-Channel
X-Device-Type
X-Zipkin-Id
X-Proxied
X-Real-IP
X-Routing-Service
Meta-Geo-Continent
X-Geo-Header
Machine
X-GeoIP-Country-Code
X-Region-Sid
MD5-Digest
X-G
X-Vdms-Version
X-NGENIX-Cache
Cf-Ipcountry
Rendered-Blocks
Mobile-Detection-Method
BehaviorPad-Version
X-S
X-ScT
X-Session-Fingerprint
AsisCache
Xc-Version
X-Via-Fastly
Content-Script-Type
Content-Style-Type
X-VG-WebCache
GEO-REGION-INFO
X-VG-WebServer
X-Vtex-Remote-Cache
Fastcgi-X-Cache-Version
X-App-Version
X-S-Cookie
X-ARC
X-Connection-Hash
X-SRCache-Key
X-Application
X-Rojux
X-Aed
X-Transaction
X-Vtex-Processado-Em
X-Rewrite-Enabled
X-Request-UUID
X-Trv-Group
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Destination
X-B-Cookie
X-Cache-Time
X-Accel-Expires-Debug
X-Twitter-Response-Tags
Viewtype
VivaBuild
X-A
X-D
X-DPWN-IS-SECURE
X-Date
T-Server
X-External-Request-Id
X-A-Wwc
X-A-Ccd
X-A-Dgt
X-A-Dam
X-A-Dcw
User-Cache-Control
X-Uri
Fastly-SSL
X-C
X-Sigma
X-Cache-Debug
X-CUA
X-Rocket-Build-Number
X-Contensis-Viewer-Groups
Environment
Locid
IsBot
W
X-Developers
Server-Surrogate-Control
Gh-Request-Id
Fastly-Soc-X-Request-Id
Access-Control-Request-Headers
X-Bip
X-Auto-Login
Server-Cache-Control
Apple-News-Services-Handled
X-Cache-ASPX
X-GoCache-CacheStatus
X-WebServer
Apple-News-Services-Request-Url
X-SIPLIST1
X-Tumblr-Pixel-3
Apple-News-Services-Parsed-Url
X-Wikidot-Static-Cache
X-VC-Cache
Apple-News-Services-Host
X-Wikidot-Backend
X-Varnish-Authentication
X-Logging-Id
X-VG-TLSProxy
X-Thanos
X-TrackingId
X-Sigma-Backend
X-CACHE-GROUP
X-Cache-Backend
X-Daa-Tunnel
Wxu-Next-Region
V-Age
X-Swa-Ws
X-Core-Mission
X-Agile
Wxu-Next-Hostname
X-We-Are-Hiring
We-Hiring
Web-Mar-Node
X-Dispatcher-Server
X-Owner
X-Trace-Id
Wxu-Next-Commit
X-Debug-Cache-Store
X-User
X-FW-Version
Section-Io-Cache
X-Agile-Age
X-Debug-Cache-Expiry
X-Location
X-Fastly-Cache
Server-Int
CDCHOST
X-Distributor
X-Origin-Date
X-Req
X-Urbn-Site-Id
X-Urbn-Context-Path
True-Client-Country-4JS
X-OVcl-Cache
X-Cache-Bucket
X-Tec-Api-Origin
X-Tec-Api-Root
X-Block-Status
X-TT-LOGID
X-Clientip
HA-Ipaddr
X-Clara-WADP
X-Cdn-Srv
X-NodeID
X-Debug-Cookies
X-Cache-URL
X-Cache-Info
X-Debug-Log
X-Tec-Api-Version
X-BBXSRF
X-TH-Server
Ha-Gx-Prefs
X-OVcl
X-Ms-Request-Id
X-Webstats-RespID
X-Micro-Cache
RNT-Time
X-AK-Request-ID
X-Cms-Context
X-Nginx-Cache-Key
X-Azure-Ref
X-Ms-Version
X-Origin-Expires
X-Request-URI
Request-Country
X-App-Name
X-Hnp-Log
Cache-Host
X-Backend-State
X-CGP
X-Rebelmouse-Cache-Control
AKAMAI
X-Li-Fabric
Cdncip
Countrycode
X-VServer
RNT-Machine
X-Li-Pop
Cdnsip
X-RateLimit-Remaining-Second
X-IN-APIGATEWAY
X-NX-Host
X-IN-APIGATEWAYSSL
X-Hit
X-Render-Time
X-Sucuri-Cache
X-Instart-Isnd
X-Debug-Cache-Fetch
X-Varnish-Beresp-Ttl
X-Eu-Site
X-Key
X-Distil-CS
X-Epic-Correlation-Id
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Fastly-Backend-Name
Country-Code
Memcached
X-Generation-Time
X-Proxy-Upstream
Mail-Subject
Locale
X-RateLimit-Limit-Second
X-WADP-Cache
X-Generated-In
X-Irp-Debug
Request-EU
X-Gamma-Serve
Powered-By
X-Gen-Mode
X-Agile-Id
X-GeoIP-City
FNAC-ModuleRouting
X-LI-Proto
Fastly-SWR
X-SVT-ORM-RULES
Fastly-SIE
X-LI-UUID
X-Hash
X-SVT-ORM-VERSION
Heartbleed
Kp-EeAlive
IBM-Web2-Location
HitType
Geo-Info
X-Is-Gdpr
X-Old-Content-Length
X-Internal-Host
X-Platform-Server
X-JWT-State
X-Level-Front-Cache
X-Generated-On
X-Has-Esi
X-NU-AKA-ACS-Version
X-Matched-Rule
Adler-Geo
X-Variation
PFcat
Platform
X-Reboot
X-Core-Value
X-S-Maxage
X-Service
X-ServiceProvider
Is-Eu
Server-Host
X-Up
X-Trafficlayer-App-Version
X-Thinkindot-L3
X-Cache-Tags
Thinkindot-Control
Server-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Nc
X-B3-Parentspanid
X-Fetched-On
ServerName
X-Refresh
X-Lb-Id
X-Server-W
Cache-Hits
X-Response-By
Filterid
X-Nginx-Cache
X-TA-CDN-Provider
X-Servername
X-SERVER
RequestId
X-B3-SpanId
X-Server-IP
X-NC
X-Parent-Response-Time
X-CF-Powered-By
X-Cdn-Forward
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Hostname
X-CSRF-Token
ProcessTime
X-CSRF-TOKEN
User-Agent
X-Wa
X-Pjax-Url
Pragrma
X-Cdn-Request-ID
Memory
Media-Length
Group
Origin
X-Var-Ttl
X-Cache-Expired-At
X-BACKEND-TTL
X-Pf-Uncompressing
Geoip-Latitude
S-Cnection
Powered-By-ChinaCache
GeoIp-Country-Code
TTL
SRV
X-NGINX-Cache
X-Unique-ID
X-Correlation-ID
X-Ua
X-Vcl-Version
X-Sucuri-Id
X-Sucuri-ID
X-Rocket-Nginx-Bypass
SN
Esi-Enabled
X-Reqid
PICS-Label
X-COUNTRY
X-AIR-PT
Geoip-City
X-TIME
X-Policy
X-Servedbyhost
X-Varnish-Cacheable
XServer
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Webkit-CSP
X-Litespeed-Cache
X-Request-Start
X-Via-CDN
X-Azure-Ref-OriginShield
X-NWS-UUID-VERIFY
HostName
X-Developer
Rt-Proxy-Cache
M-TraceId
X-Via-Ucdn
X-Ocache
X-Device-Os
X-Cdn-Origin
X-Node-Id
X-Sn-Servicetimems
Dnion-Transfer-Encoding
X-LAGOON
X-HS-Status
X-Cache-Grace
X-FORWARDED-FOR
Resin-Trace
Magicmarker
X-Method
X-Fastly-Country-Code
On-Server
Tcn
A
X-Cache-Ttl
Who
X-MSEdge-Features
Cdn
X-ServedByHost
X-Request-Host
X-MSEdge-Flight
Load-Balancing
X-Ftr-Cache-Host
X-VHOST
Cloudfront-Viewer-Country
CF-Cached-On
DSUID
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Cache-Status-Check
Ohc-Response-Time
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Cache-Status
Pics-Label
NtCoent-Length
MIME-Version
Hostname
X-VCL-Version
Release
X-Be
X-Svr
X-MServer
X-VCT
X-APP
GeoIP-Country-Code
Vix-Hermes-Req-Id
Ttl
X-Bc
X-Zone
X-Oracle-Dms-Rid
X-Hp-Ccpa-Warning
Cteonnt-Length
Host-ID
X-VarnishDD-TTL
X-Varnish-URL
WebServer
X-Varnish-Url
GeoIP-Latitude
X-Fastly-Backend-Reqs
X-Ratelimit-Remaining
X-LiteSpeed-Cache-Control
X-DC
X-Varnish-Ttl
X-Newrelic-App-Data
X-PJAX-URL
X-Configured-By
X-PF-Uncompressing
GeoIP-City
SD-X-WS
X-SD-PageType
X-SRV
X-Upstream-Ht
X-Upstream-Ct
X-Ftr-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-Slack-Backend
Servername
Processtime
X-HostName
X-WR-MODIFICATION
X-DW
X-Dynatrace
X-DSS
X-Action
X-Tid
X-DI
X-DB
X-BE
X-RPM
X-SN
X-RSL
X-Swift-Error
X-Compress-Hint
X-RPS
X-Cache-Id
X-Aicache-OS
X-Dynatrace-Js-Agent
X-Ratelimit-Limit
X-Server-Time
X-Processor
X-Skip-Cache
X-ID
L
Cache-Provider
X-PAYTM-SRV-ID
X-Release
Requestid
X-FPC
CACHE
Pramga
X-Cache-FS-Status
CDN
X-Via-NSCOPI
Arc-Country
X-Dispatch
X-Frame-Option
CF-IPCountry
X-Hello
X-ServerName
Fastly-Drupal-HTML
X-Flog
LB
X-DevSite-Last-Modified
X-ABtesting
X-StackifyID
X-Fastly-Cache-Hits
X-Ftr-Realm
Dynatrace
X-Branch-Name
X-Snapshot-Date
X-LB-ID
X-Ftr-Dc
X-Ftr-Balancer
Pagetype
X-ND-Cache
X-Scheme
X-Ftr-Backend
X-Ftr-Backend-Server
Lfy
X-CACHE-AGE
Cdn-Host
X-Node-ID
Cdn-Request-Time
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Access-Object
Proxy-Firewall
X-ZONE
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Varnish-Beresp-TTL
UCS
X-Edge-IP
Cache-Cookie-Set-Lfrom
X-Apw-Hits
Warning
N-Cache
V-Cache
X-VC
X-SB
X-Served-From
D-Cc-Upstream
X-Cc-Via
X-Cc-Req-Id
X-Edge-Server
X-Request-Url
NnCoection
Server-Id
Inserted-Into-Cache-At
X-Litespeed-Cache-Control
X-WA
Correlation-Id
WP-Super-Cache
X-ElasticPress-Search
X-Check-Cacheable
X-Powered-Y
X-Worker
X-BC
X-Fastly-Cache-Status
Backend-Name
X-Request-URL
X-App
Lb