Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-XSS-PROTECTION
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Ws-Request-Id
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-OneAgent-JS-Injection
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
X-DataDome
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Accept-Ch
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-TTL
Accept-Ch-Lifetime
Verso
X-ESI
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
Edge-Cache-Tag
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
RTSS
X-Px
AR-Request-ID
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
Charset
SPRequestGuid
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Amz-Rid
X-Powered-CMS
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Display
Pagespeed
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-Navigation-Version
X-Trace
X-SharePointHealthScore
X-SRCache-Fetch-Status
TCN
X-SRCache-Store-Status
Pinterest-Version
X-Fastcgi-Cache
X-Pinterest-Rid
X-Cdn
X-VARITI-CCR
Public-Key-Pins
Cache-Tag
X-Client-IP
Realpath
Access-Control-Request-Method
S
X-Ser
X-Fastly-Request-ID
X-Upstream
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPIisLatency
X-Id
SPRequestDuration
Nginx-Cache
X-Hp-Webp
X-Ezoic-Cdn
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Content-Type
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-T
DynaTrace
X-Grace
Nel
X-Recruiting
Front-End-Https
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-DIS-Request-ID
X-Edge-O15-RID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Element-Page-Cache
X-Node-Name
NR-ENABLED
X-Content-Digest
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-Frontend
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
Powered
X-Goog-Stored-Content-Encoding
X-Cache-TTL
Server-Name
Alternate-Protocol
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
X-FTR-Backend
TP-Cache
TP-L2-Cache
X-Logged-In
Server-Node
X-Jurisdiction
X-Correlation-Id
X-Request-Processing-Time
X-Request-Received
X-XRDS-Location
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
Upgrade-Insecure-Requests
X-ATS-Timestamp
AMP-Access-Control-Allow-Source-Origin
X-Server-ID
X-Content-Options
X-Page-Id
X-Content-Security-Policy-Report-Only
Refresh
X-User-Agent
X-Origin-Server
X-Rid
X-F-Cache
X-Amzn-RequestId
X-Akamai-Edgescape
X-Cache-Hit
X-Amz-Apigw-Id
X-Type
X-Varnish-Grace
X-Revision
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-XRDS-LOCATION
Fastly-Restarts
X-Zen-Fury
X-Geo-Country
X-Content-Powered-By
X-LB-Cache
X-URL
X-B3-Sampled
X-AppVersion
X-Activity-Id
X-Az
X-B
X-Pad
X-RateLimit-Remaining
X-Analytics
X-FTR-Cache-Host
X-N
X-CST
X-Kinsta-Cache
PB-PID
PB-RID
X-Ruxit-Js-Agent
X-Mobile-Rewrite
Arc-Version
X-Webkit-Csp
Cache-Status
X-TT
X-Cache-Age
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Instance
X-Debug-Info
X-Tumblr-Pixel
X-Time
X-Tumblr-Pixel-0
X-App-Environment
X-Signature
X-Request-Guid
X-B-Cache
X-Tumblr-User
X-Jobs
Actual-Object-TTL
Access-Control-Allow-Method
X-Framework
Paypal-Debug-Id
DC
X-FB-Debug
X-Cache-Action
X-PHP-Backend
X-Load-Cache
Surrogate-Key
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Ttl
X-Git-Hash
X-Erf-Bev-Bev
X-Cached-By
X-Tt-Trace-Tag
Host-Header
Fastcgi-Useragent
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
X-Tt-Trace-Host
MS-CV
FilterID
X-SS-Set-Cookie
X-Cluster
X-ATG-Version
X-FastCGI-Cache
Tracecode
X-Cache-Key
X-Accel-Buffering
X-WA-Info
X-Response-Served-From
X-B3-Traceid
WPE-Backend
X-Srv
Frame-Options
NGB
Payment
X-Cache-NE
X-Varnish-Server
X-FW-Hash
Host
X-Host-Name
Xserver
Eomportal-Instance
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Type
X-Region
X-Adobe-Content
X-Cache-Rule
X-Adobe-Loc
X-Cache-2
X-Cache-Enabled
Source
Filters
X-Rendered-As
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cache-Tv-Group
X-Varnish-Hostname
X-Cache-Operation
X-Tumblr-Pixel-2
X-GeoIP
X-Tumblr-Pixel-1
X-Is-Bot
X-RequestSource
X-Oneagent-Js-Injection
X-Cacheable-TTL
X-Mobile
X-IPS-LoggedIn
X-TX-ID
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-Origin-Response-Time
Cleartype
X-Hostname
X-Via-JSL
X-Seen-By
X-Cache-TTL-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Cache
X-VCache
Retry-After
Server-Info
X-Presslabs-Stats
X-HTML-Minification-Powered-By
X-Cache-Control
Healthy
Datacenter
X-ProcessESI
X-RemovedCookies
X-RTag
Ms-Operation-Id
X-PressLabs-Stats
X-RateLimit-Limit
X-NWS-LOG-UUID
Liferay-Portal
X-Source
X-Dc
X-UA
X-L-Path
X-Environment-Context
X-Cache-Server
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-Rule
From-Origin
X-FireWall-Port
X-CACHE-KEY
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Status
Version
X-Esi
X-Wix-Request-Id
X-App-Server
Meta-Geo
X-Cache-Var-Map
X-Handled-By
X-Cache-Var
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-Request-Time
X-Format
X-Tb
Selected-Fe
X-Timing-Wait
X-Access
X-Section
X-APP-VERSION
X-Proxy-Build
OT-Force-Account-Verify
Azure-InstanceId
X-Storage
X-Alternate-Cache-Key
Mn-Server-Ip
X-BYPASS-REASON
X-Backend-Name
Cache-Tags
Azure-Version
X-Content-Age
X-Akamai-Request-ID
Azure-SiteName
Azure-SlotName
X-EIG-Tracking-Id
Akamai-GRN
Azure-RegionName
Accept-CH
X-OCL
X-ProxyCache-Key
X-ProxyCache-Status
X-Origin
X-Sorting-Hat-ShopId
X-Proto
X-PCL
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Generated-Cart-Token
X-ShardId
X-ShopId
Webcakes-App-Name
Ec-Rule-Version
Webcakes-App-Version
Property-Id
X-ServerID
TWC-Privacy
Webcakes-Region
X-Akamai-Request-ID2
TWC-GeoIP-LatLong
TWC-Device-Class
X-Viewer-Country
TWC-Connection-Speed
X-VWS-Id
Decoy-Debug-Key
DB-Nickname
TWC-GeoIP-Country
X-Vgn-Hpd-Reason
S-Rt
X-SaId
X-Time-Microsecs
X-UUID
Decoy-Debug-TTL
TWC-Locale-Group
X-RCS-CacheZone
X-LJ-Flow-ID
X-JoinUs
X-MP-GENERATED-AT
X-NYM-Debug-Backend
Node
X-Origin-Hint
X-Hyper-Cache
X-FC-Vary-Parameters
X-Generated-By
X-FW-Dynamic
X-Hl-Ver
X-Hosted-By
X-Human
Now
X-Debug-Cache
X-Proxy
X-Cache-Config
X-Yottaa-Optimizations
X-Web-Node
Decoy-Debug-Status
X-Redis-Cache
X-AWS-Id
X-Yottaa-Metrics
X-Cluster-Node
X-Cache-Host
NGX
X-Proxy-Cache-Status
Origin-Edge-Control
Origin-Cache-Control
X-Xfnlog-Site
X-Say-Cacheable
X-Qloud-Router
X-Pubstack
X-CCM
X-Detected-As
X-BCube-Filmed-By
X-Generated
X-Soup
X-SayCDN-TTL
X-Say-TTL
X-Varnish-Hits
X-IP
Cross-Origin-Window-Policy
X-TNCMS
X-FB-TRIP-ID
X-Loop
X-Amzn-Remapped-Content-Length
L5d-Success-Class
X-R9-Blue-Green-Version
Srv
X-Www-Served-By
X-Akamai-Transformed
X-Locale
X-Site-Version
X-CS
Accept-Charset
Cache-Name
Viewport
Uber-Trace-Id
GEO-INFO
X-NCache
X-Drupal-Cache-Tags
X-Unique-Id
Webserver
Accept-CH-Lifetime
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-UA-Device-Type
X-Cache-Remote
X-Backend-TTL
Cache-Key
X-From
X-Origin-CC
Time
X-Origin-TTL
X-Cluster-Name
X-CDN-Forward
X-Drupal-Cache-Contexts
Mime-Version
X-TT-TIMESTAMP
X-Edge-Location
Accept-Language
Country
X-Mode
X-Forwarded-Host
X-B3-Spanid
Odigeo-Trace-Id
Rt-Fastcgi-Cache
X-Microcachable
X-CLOUD-TRACE-CONTEXT
X-UnsetCookies
X-EC-Lua
X-Info
X-Geo
X-Varnish-Cache-Hits
X-Whom
X-Newrelic-Synthetics
X-Magnolia-Registration
Ohc-Cache-HIT
Ohc-File-Size
X-ApacheServer
X-No-Session
Content-Disposition
Proxy-Connection
X-PERF
ServedBy
X-UPSTREAM-Address
Geo-Info
Cf-Ipcountry
X-Zipkin-Id
X-PHP-Host
X-Proxied
X-Device-Type
X-Labrador-Cache-Channel
X-Routing-Service
X-NGENIX-Cache
X-Geo-Header
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
X-GeoIP-Country-Code
X-Via-Fastly
X-ScT
GEO-REGION-INFO
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
AsisCache
Apple-News-Services-Request-Url
BehaviorPad-Version
MD5-Digest
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Aed
X-Application
X-CF-Lambda-Fn
Xc-Version
X-CF-Lambda-Version
X-B-Cookie
X-ARC
X-A
W
Mobile-Detection-Method
X-Destination
Meta-Geo-Continent
X-DPWN-IS-SECURE
X-External-Request-Id
Machine
Rendered-Blocks
X-Date
Viewtype
VivaBuild
X-Connection-Hash
T-Server
X-D
X-G
Apple-News-Services-Handled
X-Rojux
X-Rocket-Build-Number
X-Rewrite-Enabled
X-S
X-VG-TLSProxy
X-S-Cookie
X-Region-Sid
X-Sigma
X-VG-WebCache
X-Twitter-Response-Tags
X-SRCache-Key
X-Request-UUID
X-VG-WebServer
X-Vtex-Processado-Em
X-Transaction
X-Sigma-Backend
X-Trv-Group
X-Real-IP
X-Session-Fingerprint
X-Vdms-Version
X-Vtex-Remote-Cache
X-Cache-Time
X-C
User-Cache-Control
X-Uri
X-Cache-Debug
X-TrackingId
CDCHOST
Ha-Gx-Prefs
Gh-Request-Id
Fastly-SSL
X-Contensis-Viewer-Groups
Server-Cache-Control
X-Developers
X-SIPLIST1
X-Wikidot-Backend
Fastly-Soc-X-Request-Id
X-Tumblr-Pixel-3
X-Varnish-Authentication
X-Epic-Correlation-Id
X-Hit
X-Wikidot-Static-Cache
X-GoCache-CacheStatus
X-Eu-Site
X-App-Name
IsBot
X-VC-Cache
Server-Surrogate-Control
Locid
X-Backend-State
Environment
X-Auto-Login
X-Cache-ASPX
X-CGP
X-Distil-CS
Powered-By
X-WebServer
HA-Ipaddr
X-CUA
X-Render-Time
X-App-Version
Access-Control-Request-Headers
HitType
X-VServer
Request-EU
X-Debug-Cookies
Request-Country
X-Sucuri-Cache
X-Debug-Log
X-Debug-Cache-Store
Server-ID
X-Debug-Cache-Expiry
Section-Io-Cache
X-Debug-Cache-Fetch
RNT-Time
RNT-Machine
X-Dispatcher-Server
We-Hiring
X-Clara-WADP
X-BBXSRF
X-Azure-Ref
X-Cache-URL
X-Clientip
X-AK-Request-ID
X-Bip
X-Block-Status
X-Cache-Info
X-Cdn-Srv
X-We-Are-Hiring
X-Cache-Bucket
X-WADP-Cache
X-Cms-Context
X-Agile-Id
X-RateLimit-Limit-Second
X-Distributor
V-Age
True-Client-Country-4JS
X-Core-Mission
Web-Mar-Node
Wxu-Next-Commit
X-Agile
X-Agile-Age
X-Proxy-Upstream
Wxu-Next-Region
Wxu-Next-Hostname
Server-Int
IBM-Web2-Location
X-Urbn-Context-Path
X-Key
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-LI-Proto
X-Irp-Debug
X-OVcl-Cache
X-TT-LOGID
X-Req
X-Hash
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-Urbn-Site-Id
X-User
X-Rebelmouse-Surrogate-Control
X-Webstats-RespID
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-RateLimit-Remaining-Second
X-Nginx-Cache-Key
X-Location
X-OVcl
X-Logging-Id
X-Rebelmouse-Cache-Control
X-Daa-Tunnel
X-GeoIP-City
X-IN-APIGATEWAY
Fastly-SIE
Fastly-SWR
Fastly-Backend-Name
X-Fastly-Cache
Locale
FNAC-ModuleRouting
X-Generation-Time
X-FW-Version
Kp-EeAlive
X-Thanos
X-Gamma-Serve
X-Gen-Mode
X-TH-Server
X-Generated-In
Country-Code
Mail-Subject
Cdnsip
Cdncip
X-Request-URI
Countrycode
Memcached
X-Nc
X-SVT-ORM-RULES
X-Ms-Request-Id
X-ServiceProvider
X-Swa-Ws
X-Micro-Cache
X-Ms-Version
X-NodeID
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-Thinkindot-L3
X-SVT-ORM-VERSION
X-Instart-Isnd
X-Trace-Id
X-Core-Value
X-Trafficlayer-App-Version
X-Has-Esi
X-Up
X-Internal-Host
X-Reboot
X-Matched-Rule
X-Owner
X-JWT-State
X-Platform-Server
X-Is-Gdpr
X-Variation
X-Varnish-Beresp-Ttl
PFcat
X-Varnish-Beresp-Grace
Platform
Server-Host
Thinkindot-CacheControl
X-Varnish-Beresp-Status
Heartbleed
ServerName
X-Nginx-Cache
Adler-Geo
AKAMAI
Cache-Host
Thinkindot-CacheControl-Type
Is-Eu
X-Server-W
X-Fetched-On
Thinkindot-Control
X-Cache-Backend
X-Cache-Tags
X-B3-Parentspanid
X-Generated-On
X-S-Maxage
X-Refresh
X-Level-Front-Cache
X-SERVER
X-Service
X-Response-By
X-Servername
Cache-Hits
X-TA-CDN-Provider
RequestId
X-Lb-Id
X-CSRF-TOKEN
Filterid
X-CF-Powered-By
X-Tb-Optimization-Total-Bytes-Saved
ProcessTime
X-Server-IP
X-NC
X-Air-Hostname
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Parent-Response-Time
X-B3-SpanId
Pragrma
X-Wa
X-Var-Ttl
X-Cache-Expired-At
X-Ua
X-Cdn-Forward
X-Cdn-Request-ID
User-Agent
X-Pjax-Url
Group
Media-Length
Origin
Memory
S-Cnection
X-CSRF-Token
Powered-By-ChinaCache
X-Sucuri-Id
X-Pf-Uncompressing
X-BACKEND-TTL
X-Correlation-ID
SRV
X-Unique-ID
Geoip-Latitude
TTL
PICS-Label
X-COUNTRY
X-Vcl-Version
X-NGINX-Cache
GeoIp-Country-Code
SN
X-Servedbyhost
Esi-Enabled
X-Reqid
X-Rocket-Nginx-Bypass
X-AIR-PT
X-Varnish-Cacheable
X-Oracle-Dms-Rid
X-Sucuri-ID
X-Litespeed-Cache
X-Webkit-CSP
Geoip-City
X-Via-CDN
X-Planisys-CDN-Rules
X-Policy
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-NWS-UUID-VERIFY
M-TraceId
X-Via-Ucdn
X-Request-Start
X-HS-Status
X-Developer
X-Azure-Ref-OriginShield
HostName
XServer
X-TIME
X-Cdn-Origin
Dnion-Transfer-Encoding
X-Cache-Grace
Rt-Proxy-Cache
X-Node-Id
X-Sn-Servicetimems
X-LAGOON
X-Device-Os
X-FORWARDED-FOR
X-Fastly-Country-Code
Tcn
On-Server
X-Ocache
X-Cache-Ttl
Resin-Trace
X-MSEdge-Features
A
Magicmarker
Who
X-Method
X-MSEdge-Flight
X-Request-Host
X-VHOST
X-Ftr-Cache-Host
X-ServedByHost
Cdn
CF-Cached-On
X-Cache-Status-Check
Load-Balancing
X-Beluga-Cache-Status
Cloudfront-Viewer-Country
X-Beluga-Record
X-Beluga-Node
X-VCL-Version
Hostname
X-Beluga-Response-Time
GeoIP-Country-Code
Pics-Label
X-Beluga-Status
X-Beluga-Trace
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-DC
X-APP
GeoIP-Latitude
Ttl
DSUID
Ohc-Response-Time
X-Be
X-Svr
NtCoent-Length
MIME-Version
X-MServer
Release
X-VCT
X-Bc
Vix-Hermes-Req-Id
X-Fastly-Backend-Reqs
X-Varnish-URL
X-Zone
Cteonnt-Length
GeoIP-City
X-Varnish-Url
Host-ID
X-Varnish-Ttl
X-LiteSpeed-Cache-Control
X-Hp-Ccpa-Warning
X-VarnishDD-TTL
X-Newrelic-App-Data
X-PF-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
WebServer
X-Configured-By
X-Slack-Backend
X-SRV
X-Ftr-Request-Id
X-HostName
X-DW
X-Upstream-Ct
X-Aicache-OS
X-Action
X-BE
X-Swift-Error
X-RSL
X-Ratelimit-Remaining
X-DSS
X-Upstream-Ht
X-DI
X-Dynatrace
SD-X-WS
X-DB
X-SD-PageType
X-RPS
X-RPM
Processtime
X-Dynatrace-Js-Agent
Servername
X-WR-MODIFICATION
X-Tid
X-SN
CACHE
X-Dispatch
X-Skip-Cache
Arc-Country
Cache-Provider
L
X-Compress-Hint
X-ID
X-Processor
X-Server-Time
X-PAYTM-SRV-ID
X-FPC
X-Cache-FS-Status
X-Cache-Id
X-Frame-Option
X-StackifyID
X-Ftr-Realm
Dynatrace
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Dc
X-Ftr-Backend
CF-IPCountry
X-Flog
X-ABtesting
Pagetype
X-Hello
X-ND-Cache
X-Via-NSCOPI
X-ServerName
X-Release
X-Fastly-Cache-Hits
X-DevSite-Last-Modified
Fastly-Drupal-HTML
Requestid
X-LB-ID
X-Snapshot-Date
X-Branch-Name
CDN
Lfy
X-Ratelimit-Limit
Pramga
X-CACHE-AGE
D-Cc-Upstream
X-Cc-Req-Id
Cdn-Request-Time
Cdn-Host
N-Cache
X-Edge-Server
X-Cc-Via
X-Request-Url
X-Scheme
Warning
X-ZONE
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Varnish-Beresp-TTL
V-Cache
X-VC
LB
X-SB
X-Edge-IP
Proxy-Firewall
X-Apw-Access-Action
Lb
X-Node-ID
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Inserted-Into-Cache-At
X-WA
X-Served-From
UCS
Correlation-Id
X-ElasticPress-Search
WP-Super-Cache
X-Powered-Y
X-Request-URL
X-Check-Cacheable
X-Worker
X-BC
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Backend-Name
X-App
X-Fastly-Cache-Status
Cache-Cookie-Set-Lfrom