Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Cache-Group
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Ws-Request-Id
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Country-Code
X-Instart-Request-ID
Allow
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
X-ESI
Verso
X-TTL
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Kinja
Edge-Cache-Tag
RTSS
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
AR-CACHE
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
X-NF-Request-ID
SPRequestGuid
Charset
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Powered-CMS
X-Vcache
Arr-Disable-Session-Affinity
X-Amz-Rid
Pagespeed
X-Middleton-Display
X-Sol
Display
Response
X-Navigation-Version
X-Vcap-Request-Id
X-Middleton-Response
X-Trace
Pinterest-Version
X-Pinterest-Rid
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
TCN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
X-Client-IP
X-Cdn
Cache-Tag
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
X-Upstream
S
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPRequestDuration
SPIisLatency
X-Id
Nginx-Cache
X-Hp-Webp
X-Ezoic-Cdn
X-Content-Type
X-Forwarded-For
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-T
DynaTrace
X-Grace
X-Amzn-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Recruiting
Front-End-Https
X-Hits
Nel
Fastcgi-Cache
X-Varnish-Age
X-Aspnet-Version
X-DIS-Request-ID
ServerID
X-Dw-Request-Base-Id
X-Edge-O15-RID
X-Mobile-URL
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
NR-ENABLED
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
Powered
X-Goog-Storage-Class
X-HS-Content-Id
X-Country-Code-Real
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-FTR-Expires
X-FTR-Cache-Status
X-Frontend
X-Cache-TTL
Server-Name
X-FTR-Backend
Alternate-Protocol
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
TP-Cache
TP-L2-Cache
X-Logged-In
Server-Node
X-Correlation-Id
X-Jurisdiction
X-XRDS-LOCATION
X-Webkit-Csp
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Content-Options
X-Origin-Server
X-Shield-Request-Id
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Revision
X-Rid
X-Akamai-Edgescape
Refresh
X-User-Agent
X-Varnish-Grace
X-Cache-Hit
X-F-Cache
X-Amz-Apigw-Id
X-Type
X-Server-ID
X-Amzn-RequestId
X-Webapp-Samesite-None-Activated-N
X-XRDS-Location
Fastly-Restarts
X-Zen-Fury
X-Content-Powered-By
X-Geo-Country
X-B3-Sampled
X-LB-Cache
X-Activity-Id
X-AppVersion
X-Az
X-Pad
X-B
X-URL
X-Analytics
X-FTR-Cache-Host
X-N
X-CST
X-Kinsta-Cache
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-RateLimit-Remaining
X-Ttl
Cache-Status
X-AOL-HN
X-Cache-Age
X-TT
X-Request-Guid
X-App-Environment
X-Framework
Paypal-Debug-Id
X-Ruxit-Js-Agent
Actual-Object-TTL
DC
X-Instance
X-Jobs
X-Tumblr-User
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Signature
X-B-Cache
X-Debug-Info
X-FB-Debug
X-PHP-Backend
Access-Control-Allow-Method
X-Cache-Action
X-Time
X-Load-Cache
X-Varnish-Backend
X-Git-Hash
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Erf-Bev-Bev
X-Cached-By
Host-Header
X-Tt-Trace-Tag
Fastcgi-Useragent
X-Contextid
X-IPLB-Instance
X-Amz-Replication-Status
X-FastCGI-Cache
MS-CV
X-Tt-Trace-Host
X-SS-Set-Cookie
FilterID
X-Cluster
X-ATG-Version
X-Cache-Key
Tracecode
X-Srv
NGB
X-Accel-Buffering
X-Response-Served-From
X-VCache
Frame-Options
WPE-Backend
X-Cache-NE
X-WA-Info
Host
Payment
X-Varnish-Server
Eomportal-Instance
X-FW-Type
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
X-Region
X-Mobile
X-Adobe-Loc
X-Kong-Upstream-Latency
X-Cache-Enabled
X-Adobe-Content
X-GeoIP
X-Cache-2
X-IPS-LoggedIn
Cache-Tv-Group
X-RequestSource
X-Varnish-Hostname
X-Cacheable-TTL
Filters
X-Tumblr-Pixel-1
X-Host-Name
X-Tumblr-Pixel-2
X-Kong-Proxy-Latency
Source
X-Rendered-As
X-Is-Bot
X-NewRelic-App-Data
Xserver
X-EdgeConnect-Cache-Status
X-TX-ID
Cleartype
X-Seen-By
X-Cache-Operation
X-Via-JSL
X-Cache-Rule
X-Oneagent-Js-Injection
X-Origin-Response-Time
X-Hostname
X-Cache-TTL-Remaining
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Presslabs-Stats
Cache
Retry-After
Healthy
X-Cache-Control
Server-Info
Datacenter
X-HTML-Minification-Powered-By
X-ProcessESI
X-RemovedCookies
X-Dc
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Accept-CH
X-B3-Traceid
X-UA
X-RTag
Ms-Operation-Id
X-NWS-LOG-UUID
Liferay-Portal
X-Source
X-RateLimit-Limit
X-PressLabs-Stats
X-Cache-Server
X-Environment-Context
X-FireWall-Port
X-Rule
X-L-Path
From-Origin
X-Wix-Request-Id
Version
X-Status
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-CACHE-KEY
X-Handled-By
Accept-CH-Lifetime
Meta-Geo
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-App-Server
X-ES-SERVER
X-Proxy-Build
OT-Force-Account-Verify
X-Timing-Wait
Selected-Fe
X-Content-Age
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Backend-Name
X-EIG-Tracking-Id
X-Sorting-Hat-PodId
X-ShardId
X-Section
X-Proto
X-ShopId
X-Shopify-Generated-Cart-Token
Azure-InstanceId
Azure-RegionName
X-Request-Time
X-Access
Mn-Server-Ip
Azure-Version
X-Format
Azure-SlotName
Akamai-GRN
Azure-SiteName
X-Sorting-Hat-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-UUID
X-Vgn-Hpd-Reason
Origin-Cache-Control
TWC-Locale-Group
X-Cache-Host
Cache-Tags
X-Generated-By
Origin-Edge-Control
Node
Webcakes-Region
Webcakes-App-Version
X-Web-Node
Webcakes-App-Name
TWC-Device-Class
X-SaId
X-Human
NGX
TWC-Privacy
X-Origin
X-Soup
X-Proxy
X-Hyper-Cache
X-FC-Vary-Parameters
S-Rt
X-Origin-Hint
X-FW-Dynamic
X-Tb
Property-Id
X-Hosted-By
Ec-Rule-Version
X-ServerID
TWC-GeoIP-LatLong
X-Redis-Cache
TWC-GeoIP-Country
X-Qloud-Router
X-JoinUs
X-Hl-Ver
TWC-Connection-Speed
Now
X-BYPASS-REASON
X-Generated
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-SayCDN-TTL
X-RCS-CacheZone
X-Proxy-Cache-Status
X-Pubstack
X-Say-TTL
X-OCL
X-ProxyCache-Key
X-ProxyCache-Status
X-PCL
X-Www-Served-By
X-VWS-Id
X-Locale
X-LJ-Flow-ID
X-CCM
X-Cluster-Node
X-Cache-Config
X-BCube-Filmed-By
X-AWS-Id
X-Debug-Cache
X-Detected-As
X-Site-Version
X-Time-Microsecs
X-IP
X-Say-Cacheable
X-Varnish-Hits
X-Akamai-Request-ID2
Decoy-Debug-TTL
DB-Nickname
X-APP-VERSION
Decoy-Debug-Key
Decoy-Debug-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-R9-Blue-Green-Version
X-Loop
X-Storage
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
X-TNCMS
Cross-Origin-Window-Policy
L5d-Success-Class
X-Akamai-Transformed
GEO-INFO
X-Viewer-Country
X-Xfnlog-Site
Cache-Name
Accept-Charset
Viewport
Srv
X-CS
Uber-Trace-Id
X-NCache
X-Unique-Id
X-Drupal-Cache-Tags
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Remote
X-Esi
X-From
Webserver
X-UA-Device-Type
Time
X-TT-TIMESTAMP
X-Cluster-Name
Cache-Key
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
X-Backend-TTL
X-Edge-Location
Accept-Language
X-CDN-Forward
Country
Mime-Version
Odigeo-Trace-Id
X-Mode
X-EC-Lua
X-Microcachable
Rt-Fastcgi-Cache
X-Forwarded-Host
X-B3-Spanid
X-Info
Ohc-Cache-HIT
Ohc-File-Size
X-Newrelic-Synthetics
X-Whom
X-UnsetCookies
X-CLOUD-TRACE-CONTEXT
X-Geo
X-Magnolia-Registration
X-PERF
X-ApacheServer
X-No-Session
X-UPSTREAM-Address
X-Varnish-Cache-Hits
Content-Disposition
ServedBy
X-PHP-Host
X-Labrador-Cache-Channel
Proxy-Connection
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Real-IP
X-Device-Type
X-Rojux
VivaBuild
X-GeoIP-Country-Code
Viewtype
X-S
X-Region-Sid
X-A-Ccd
T-Server
X-A-Dam
X-A
X-Request-UUID
BehaviorPad-Version
X-Accel-Expires-Debug
Machine
X-CF-Lambda-Fn
GEO-REGION-INFO
X-CF-Lambda-Version
X-A-Wwc
X-B-Cookie
MD5-Digest
X-Aed
Mobile-Detection-Method
Meta-Geo-Continent
X-Application
X-ARC
X-Connection-Hash
Fastcgi-X-Cache-Version
X-Destination
X-Date
AsisCache
X-DPWN-IS-SECURE
X-G
X-External-Request-Id
Content-Script-Type
Content-Style-Type
X-S-Cookie
X-A-Dgt
X-A-Dcw
X-D
Rendered-Blocks
X-Geo-Header
X-Rewrite-Enabled
X-Vdms-Version
X-VG-WebCache
X-Cache-Time
X-Trv-Group
X-Transaction
X-VG-WebServer
X-Vtex-Processado-Em
Xc-Version
X-ScT
X-Vtex-Remote-Cache
X-App-Version
X-NGENIX-Cache
X-Twitter-Response-Tags
X-SRCache-Key
Cf-Ipcountry
X-Session-Fingerprint
X-Uri
X-C
Fastly-SSL
X-Via-Fastly
W
X-Varnish-Authentication
X-Tumblr-Pixel-3
X-Bip
X-Wikidot-Backend
X-Developers
X-SIPLIST1
X-GoCache-CacheStatus
X-VG-TLSProxy
Gh-Request-Id
IsBot
Server-Cache-Control
X-VC-Cache
Server-Surrogate-Control
X-Cache-ASPX
X-Wikidot-Static-Cache
Apple-News-Services-Parsed-Url
X-Thanos
Apple-News-Services-Host
X-Logging-Id
X-CUA
Environment
X-Sigma
Access-Control-Request-Headers
X-Rocket-Build-Number
X-Auto-Login
Apple-News-Services-Handled
X-TrackingId
Fastly-Soc-X-Request-Id
X-Sigma-Backend
X-Contensis-Viewer-Groups
Apple-News-Services-Request-Url
X-Daa-Tunnel
X-Cache-Backend
User-Cache-Control
X-Agile
Ha-Gx-Prefs
HA-Ipaddr
X-Cdn-Srv
True-Client-Country-4JS
X-CGP
Wxu-Next-Hostname
X-Backend-State
Wxu-Next-Commit
X-Distil-CS
X-Epic-Correlation-Id
X-Render-Time
X-Hit
X-Eu-Site
X-App-Name
X-Sucuri-Cache
Wxu-Next-Region
X-Cache-Bucket
X-Cache-Debug
X-Cache-Info
X-BBXSRF
X-Core-Mission
X-Azure-Ref
X-Agile-Id
X-Agile-Age
X-Cache-URL
X-WebServer
X-TH-Server
X-Nginx-Cache-Key
X-NX-Host
X-Origin-Date
X-Micro-Cache
X-Trace-Id
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Location
X-Swa-Ws
X-Origin-Expires
X-Rebelmouse-Surrogate-Control
X-SVT-ORM-RULES
X-Request-URI
Server-Int
X-Rebelmouse-Cache-Control
X-Owner
X-SVT-ORM-VERSION
X-OVcl
X-OVcl-Cache
X-Li-Fabric
X-Key
X-Distributor
X-We-Are-Hiring
X-Fastly-Cache
X-FW-Version
X-Dispatcher-Server
X-Webstats-RespID
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Gamma-Serve
X-Generation-Time
X-TT-LOGID
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Irp-Debug
X-User
X-IN-APIGATEWAY
X-VServer
X-GeoIP-City
X-Hash
X-Debug-Cache-Expiry
X-Clientip
Fastly-SIE
X-Varnish-Beresp-Ttl
Fastly-Backend-Name
Memcached
Request-Country
Countrycode
Locid
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Heartbleed
IBM-Web2-Location
Kp-EeAlive
Fastly-SWR
Request-EU
Powered-By
AKAMAI
Section-Io-Cache
HitType
X-Tec-Api-Version
X-Tec-Api-Origin
Geo-Info
X-Tec-Api-Root
X-Reboot
X-Clara-WADP
X-Cms-Context
X-Gen-Mode
Cache-Host
X-Generated-In
FNAC-ModuleRouting
X-Hnp-Log
X-WADP-Cache
X-Generated-On
X-Up
X-Urbn-Site-Id
Server-ID
X-Is-Gdpr
Cdncip
Country-Code
Cdnsip
X-Core-Value
CDCHOST
X-JWT-State
X-Internal-Host
X-Level-Front-Cache
X-Urbn-Context-Path
X-Trafficlayer-App-Version
X-Thinkindot-L3
Web-Mar-Node
We-Hiring
Server-Host
RNT-Time
X-Cache-Tags
RNT-Machine
X-Platform-Server
X-Req
Thinkindot-CacheControl
Thinkindot-Control
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
V-Age
X-S-Maxage
X-Service
Locale
X-Ms-Version
X-Block-Status
X-Ms-Request-Id
X-Matched-Rule
X-Has-Esi
X-NodeID
X-NU-AKA-ACS-Version
PFcat
Thinkindot-CacheControl-Type
X-AK-Request-ID
Mail-Subject
X-Old-Content-Length
X-B3-Parentspanid
X-Nc
X-Variation
X-Response-By
X-ServiceProvider
X-Lb-Id
X-Refresh
Cache-Hits
X-Server-W
Is-Eu
Adler-Geo
Platform
ServerName
X-Fetched-On
X-CACHE-GROUP
X-TA-CDN-Provider
X-Nginx-Cache
Filterid
X-SERVER
X-Servername
RequestId
X-B3-SpanId
X-NC
X-Parent-Response-Time
X-Server-IP
X-CF-Powered-By
X-Cdn-Forward
X-CSRF-Token
X-Tb-Optimization-Total-Bytes-Saved
ProcessTime
X-CSRF-TOKEN
X-Pjax-Url
Origin
Memory
Media-Length
X-Air-Hostname
X-Wa
X-Var-Ttl
X-Cache-Expired-At
X-Cdn-Request-ID
User-Agent
X-BACKEND-TTL
Geoip-Latitude
X-Pf-Uncompressing
Group
Pragrma
S-Cnection
Powered-By-ChinaCache
TTL
GeoIp-Country-Code
X-Unique-ID
X-Ua
SRV
X-NGINX-Cache
X-Correlation-ID
X-Vcl-Version
X-Sucuri-Id
X-Sucuri-ID
X-Rocket-Nginx-Bypass
X-COUNTRY
Esi-Enabled
X-AIR-PT
SN
X-Reqid
PICS-Label
X-TIME
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Geoip-City
X-Varnish-Cacheable
X-Planisys-CDN-TTL
X-Policy
X-Request-Start
X-Azure-Ref-OriginShield
X-Via-CDN
X-Servedbyhost
X-Webkit-CSP
X-Litespeed-Cache
XServer
X-NWS-UUID-VERIFY
HostName
X-Developer
Rt-Proxy-Cache
X-Via-Ucdn
X-Device-Os
X-HS-Status
X-Sn-Servicetimems
X-Cdn-Origin
Dnion-Transfer-Encoding
X-Ocache
M-TraceId
X-Cache-Grace
X-Node-Id
X-FORWARDED-FOR
Magicmarker
Resin-Trace
X-Fastly-Country-Code
X-Method
X-LAGOON
Tcn
Cdn
X-Cache-Ttl
Who
Load-Balancing
A
X-MSEdge-Flight
X-MSEdge-Features
X-ServedByHost
X-Request-Host
On-Server
X-Ftr-Cache-Host
X-VHOST
Cloudfront-Viewer-Country
CF-Cached-On
X-Oss-Server-Time
X-Cache-Status-Check
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
DSUID
Ohc-Response-Time
X-Oss-Hash-Crc64ecma
Pics-Label
Release
NtCoent-Length
X-Be
X-Svr
Hostname
X-MServer
MIME-Version
X-VCT
X-APP
Vix-Hermes-Req-Id
GeoIP-Country-Code
X-Bc
X-VCL-Version
X-Beluga-Node
X-Zone
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Status
X-Oracle-Dms-Rid
X-Hp-Ccpa-Warning
X-Fastly-Backend-Reqs
X-Ratelimit-Remaining
Host-ID
X-VarnishDD-TTL
GeoIP-Latitude
Cteonnt-Length
WebServer
X-Varnish-Url
Ttl
X-LiteSpeed-Cache-Control
X-Varnish-Ttl
X-DC
GeoIP-City
X-Configured-By
X-Newrelic-App-Data
X-Varnish-URL
X-PF-Uncompressing
X-Slack-Backend
X-PJAX-URL
X-Upstream-Ct
SD-X-WS
X-SD-PageType
X-SRV
X-Ftr-Request-Id
X-Upstream-Ht
Servername
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-WR-MODIFICATION
X-SN
Processtime
X-Tid
X-Dynatrace
X-Cache-Id
X-DW
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
X-BE
X-Action
X-DB
X-Compress-Hint
X-Swift-Error
X-Aicache-OS
X-Ratelimit-Limit
X-Dynatrace-Js-Agent
Arc-Country
X-ID
Pramga
X-Dispatch
X-FPC
X-Release
L
X-Via-NSCOPI
Cache-Provider
CACHE
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Skip-Cache
X-Server-Time
X-Processor
X-Frame-Option
X-StackifyID
X-DevSite-Last-Modified
X-Hello
X-ND-Cache
LB
X-Flog
X-ServerName
CF-IPCountry
Pagetype
X-Fastly-Cache-Hits
Fastly-Drupal-HTML
X-ABtesting
Lfy
X-Branch-Name
X-Ftr-Backend-Server
X-Scheme
X-LB-ID
X-Ftr-Backend
Requestid
X-Snapshot-Date
X-Ftr-Balancer
CDN
X-Ftr-Dc
X-Ftr-Realm
Dynatrace
X-CACHE-AGE
X-ZONE
X-Served-From
X-Node-ID
X-Request-Url
X-Varnish-Beresp-TTL
X-Edge-Server
X-Apw-Access-Object
Cdn-Host
Cdn-Request-Time
N-Cache
X-Apw-Hits
X-Apw-Access-Token
X-SB
X-VC
X-Edge-IP
X-Cc-Via
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Proxy-Firewall
Cache-Cookie-Set-Idcheck
V-Cache
X-Apw-Access-Action
X-Cc-Req-Id
UCS
D-Cc-Upstream
Warning
NnCoection
Backend-Name
X-BC
X-Litespeed-Cache-Control
X-ElasticPress-Search
X-WA
WP-Super-Cache
X-Worker
X-Check-Cacheable
Lb
X-App
X-Fastly-Cache-Status
X-Request-URL
Correlation-Id
X-Powered-Y