Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-DNS-Prefetch-Control
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Ws-Request-Id
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Ua-Compatible
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Server-Id
X-Host
X-Device
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Node
X-Ac
Content-Location
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dns-Prefetch-Control
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-ORACLE-DMS-ECID
X-Cache-Lookup
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
X-ORACLE-DMS-RID
X-DataDome
NEL
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-DynaTrace
Accept-Ch
X-Instart-Request-ID
X-Varnish-TTL
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Content-MD5
Service-Worker-Allowed
X-Url
X-B3-TraceId
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-GitHub-Request-Id
RTSS
Edge-Cache-Tag
X-Abt-Application-Version
X-D2id
X-Debug
AR-PoweredBy
X-Px
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
X-Server-Name
X-Vcache
SPRequestGuid
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Cached
X-Accel-Expires
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Sol
Response
Pagespeed
X-Middleton-Response
X-Middleton-Display
Display
X-Fastcgi-Cache
X-Vcap-Request-Id
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Amz-Rid
X-Navigation-Version
TCN
X-Powered-CMS
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
X-Fastly-Request-ID
Access-Control-Request-Method
X-Ser
MS-Author-Via
X-Server-ID
Nginx-Cache
X-DynaTrace-JS-Agent
S
X-Shard
X-Edge-O15-RID
X-Upstream
SPRequestDuration
SPIisLatency
X-Id
X-Mrf-Item-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Ezoic-Cdn
X-Content-Type
X-Hp-Webp
X-Amzn-Trace-Id
X-Forwarded-For
X-Grace
X-T
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
Fastcgi-Cache
X-Recruiting
X-Hits
DynaTrace
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Jurisdiction
X-Cache-TTL
X-Node-Name
X-Country-Code-Real
X-Element-Page-Cache
X-FTR-Expires
MicrosoftSharePointTeamServices
X-DIS-Request-ID
X-FTR-Cache-Status
X-Dw-Request-Base-Id
X-Content-Digest
X-Mobile-URL
NR-ENABLED
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Powered
X-Frontend
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Server-Node
TP-L2-Cache
TP-Cache
Alternate-Protocol
Server-Name
X-Logged-In
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
X-Correlation-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-Microsite
X-Amz-Apigw-Id
X-CST
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Cache-Hit
X-Content-Options
X-Origin-Server
X-Page-Id
X-Rid
Refresh
X-F-Cache
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Akamai-Edgescape
X-Revision
X-Varnish-Grace
X-Type
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-LB-Cache
X-B3-Sampled
X-B
X-Geo-Country
X-URL
X-FTR-Cache-Host
X-AppVersion
X-Activity-Id
X-Az
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Shield-Request-Id
Cache-Status
X-N
X-Kinsta-Cache
X-Pad
X-Cache-Age
X-TT
X-Instance
X-Request-Guid
Access-Control-Allow-Method
X-Time
X-Signature
X-B-Cache
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Cache-Action
X-Jobs
X-Framework
Paypal-Debug-Id
X-App-Environment
X-Tumblr-Pixel-0
Actual-Object-TTL
X-Debug-Info
X-Tumblr-User
X-Tumblr-Pixel
X-Webkit-Csp
X-Load-Cache
X-PHP-Backend
X-FB-Debug
X-Webapp-Samesite-None-Activated-N
DC
X-Git-Hash
X-Cached-By
Fastcgi-Useragent
X-Tt-Trace-Tag
X-Varnish-Backend
X-RateLimit-Remaining
X-Analytics
X-Tt-Trace-Host
X-Erf-Bev-Bev-Is-Generated
Host-Header
Surrogate-Key
X-Erf-Bev-Bev
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
MS-CV
X-ATG-Version
X-SS-Set-Cookie
X-WA-Info
FilterID
X-Cluster
Tracecode
Host
NGB
X-Accel-Buffering
X-Mobile
X-Response-Served-From
X-Host-Name
Payment
X-Kong-Upstream-Latency
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Kong-Proxy-Latency
WPE-Backend
X-FW-Type
X-FW-Server
X-Cache-NE
X-NWS-LOG-UUID
X-FW-Hash
X-FW-Serve
X-FW-Static
Source
X-Hostname
X-Region
X-Cache-2
Xserver
X-Cacheable-TTL
X-Varnish-Server
Frame-Options
Cache-Tv-Group
Eomportal-Instance
X-Rendered-As
X-IPS-LoggedIn
X-Is-Bot
X-Varnish-Hostname
X-Cache-Enabled
X-Cache-Operation
X-Cache-Rule
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-GeoIP
Filters
X-Cache-Key
X-Origin-Response-Time
X-Srv
X-Adobe-Loc
X-Adobe-Content
X-TX-ID
X-RequestSource
X-Seen-By
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
Retry-After
X-Presslabs-Stats
X-FastCGI-Cache
Server-Info
Cleartype
X-Cache-TTL-Remaining
X-VCache
X-RemovedCookies
X-ProcessESI
Accept-CH
Liferay-Portal
X-B3-Traceid
X-HTML-Minification-Powered-By
X-CACHE-KEY
X-Dc
X-RTag
Ms-Operation-Id
X-Source
X-App-Server
Datacenter
X-UA
X-Environment-Context
X-L-Path
X-FireWall-Port
Cache
X-Cache-Server
X-Handled-By
X-Upgrade-Enabled
X-Endurance-Cache-Level
From-Origin
X-Cache-Control
Healthy
Accept-CH-Lifetime
X-PressLabs-Stats
X-Backend-Name
X-Wix-Request-Id
OT-Force-Account-Verify
X-Cache-Var
Version
X-Cache-Var-Map
X-ES-SERVER
Ec-Rule-Version
Meta-Geo
Node
X-Status
X-RN-RSRV
X-Path-Route
Srv
X-Tb
X-BCube-Filmed-By
X-Timing-Wait
X-Section
X-Storage
Selected-Fe
X-Proto
X-APP-VERSION
X-Ruxit-Js-Agent
X-Proxy-Build
X-Akamai-Request-ID
X-Access
X-Format
X-Request-Time
X-Rule
X-Content-Age
Azure-SlotName
Azure-SiteName
Azure-Version
Cache-Tags
Mn-Server-Ip
X-TNCMS
Azure-RegionName
Azure-InstanceId
X-Alternate-Cache-Key
X-EIG-Tracking-Id
S-Rt
X-UUID
Akamai-GRN
X-FW-Dynamic
X-Origin
X-ShardId
X-Cache-Config
X-FC-Vary-Parameters
X-RateLimit-Limit
X-Proxy-Cache-Status
X-NYM-Debug-Backend
X-ShopId
X-Web-Node
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Soup
X-Shopify-Generated-Cart-Token
X-Time-Microsecs
X-PCL
X-Loop
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OCL
X-JoinUs
Decoy-Debug-Key
Decoy-Debug-Status
X-ServerID
Accept-Charset
Decoy-Debug-TTL
X-SaId
DB-Nickname
X-LJ-Flow-ID
Now
X-Viewer-Country
X-VWS-Id
X-Hyper-Cache
X-Vgn-Hpd-Reason
X-Human
X-Hl-Ver
Origin-Cache-Control
Origin-Edge-Control
X-Akamai-Request-ID2
X-ProxyCache-Key
X-ProxyCache-Status
X-Pubstack
NGX
X-Cluster-Node
X-Proxy
X-Generated-By
X-Debug-Cache
X-Qloud-Router
X-Yottaa-Metrics
X-Say-Cacheable
X-SayCDN-TTL
X-AWS-Id
X-Redis-Cache
X-BYPASS-REASON
X-Yottaa-Optimizations
X-MP-GENERATED-AT
X-Say-TTL
X-Varnish-Hits
X-Site-Version
X-Generated
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
Webcakes-App-Name
X-FB-TRIP-ID
X-Locale
X-Detected-As
X-CCM
X-Cache-Host
TWC-Privacy
X-Amzn-Remapped-Content-Length
TWC-Connection-Speed
X-IP
X-Www-Served-By
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
Cross-Origin-Window-Policy
X-R9-Blue-Green-Version
GEO-INFO
X-Akamai-Transformed
X-RCS-CacheZone
X-Xfnlog-Site
X-NCache
X-Ttl
L5d-Success-Class
X-CS
Time
X-Drupal-Cache-Tags
Cache-Name
Uber-Trace-Id
Viewport
X-Esi
Webserver
X-Unique-Id
Cache-Key
X-UA-Device-Type
X-UnsetCookies
X-Cache-Remote
Mime-Version
X-Mode
Rt-Fastcgi-Cache
X-Forwarded-Host
Accept-Language
X-Origin-CC
X-From
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Trafficlayer-App-Scope
X-Backend-TTL
X-Whom
X-Trafficlayer-App-Name
X-NGENIX-Cache
Country
X-Info
VIX-Pulpo-Upstream-Status
X-Newrelic-Synthetics
VIX-Pulpo-Node
X-Daa-Tunnel
Odigeo-Trace-Id
X-CDN-Forward
X-Cluster-Name
Content-Disposition
X-Varnish-Cache-Hits
X-CLOUD-TRACE-CONTEXT
X-ApacheServer
X-PERF
X-TT-TIMESTAMP
X-Magnolia-Registration
X-Microcachable
X-B3-Spanid
X-Edge-Location
ServedBy
X-Geo
X-Zipkin-Id
X-Routing-Service
Proxy-Connection
X-Device-Type
X-Proxied
Ohc-File-Size
X-EC-Lua
X-UPSTREAM-Address
Cf-Ipcountry
Section-Io-Cache
X-Nc
X-Via-Fastly
X-Uri
Ohc-Cache-HIT
X-No-Session
HitType
X-Rewrite-Enabled
Content-Script-Type
X-Request-UUID
Content-Style-Type
X-S-Cookie
X-ScT
X-A
X-Session-Fingerprint
X-GeoIP-Country-Code
X-S
X-Rocket-Build-Number
X-Rojux
Rendered-Blocks
Apple-News-Services-Host
X-D
X-Date
X-ARC
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
T-Server
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
BehaviorPad-Version
W
VivaBuild
Viewtype
Apple-News-Services-Request-Url
AsisCache
X-Region-Sid
X-Geo-Header
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-VG-TLSProxy
X-B-Cookie
GEO-REGION-INFO
X-G
Geo-Info
X-Vtex-Remote-Cache
Mobile-Detection-Method
MD5-Digest
Xc-Version
X-Application
X-DPWN-IS-SECURE
Machine
X-External-Request-Id
Meta-Geo-Continent
X-Twitter-Response-Tags
X-Vdms-Version
X-Trv-Group
X-SRCache-Key
Fastcgi-X-Cache-Version
X-Destination
X-Accel-Expires-Debug
X-Transaction
X-A-Wwc
X-A-Dgt
X-Aed
X-A-Dcw
X-Sigma-Backend
X-A-Dam
X-A-Ccd
X-Sigma
X-Labrador-Cache-Channel
Access-Control-Request-Headers
X-C
X-PHP-Host
User-Cache-Control
X-GoCache-CacheStatus
X-LI-UUID
X-Distil-CS
Powered-By
X-LI-Proto
X-Li-Pop
X-Eu-Site
Locid
Fastly-Soc-X-Request-Id
Gh-Request-Id
Ha-Gx-Prefs
X-FW-Version
CDCHOST
X-Hit
HA-Ipaddr
X-Developers
IsBot
X-CUA
Fastly-SSL
Environment
IBM-Web2-Location
X-Li-Fabric
X-Varnish-Beresp-Status
X-Agile
X-Tumblr-Pixel-3
X-Rebelmouse-Cache-Control
X-Agile-Age
X-Agile-Id
X-TrackingId
X-Thanos
X-Logging-Id
Fastly-SWR
X-SIPLIST1
X-TH-Server
X-User
X-Varnish-Authentication
X-Wikidot-Backend
X-App-Name
X-Wikidot-Static-Cache
Countrycode
Fastly-SIE
X-Auto-Login
X-VC-Cache
X-VServer
X-We-Are-Hiring
X-WebServer
X-Backend-State
X-Rebelmouse-Surrogate-Control
X-Clientip
X-Varnish-Beresp-Ttl
Memcached
X-CGP
Server-Surrogate-Control
Server-Cache-Control
X-Contensis-Viewer-Groups
X-Varnish-Beresp-Grace
X-Cache-Debug
X-Cache-ASPX
X-Bip
X-Real-IP
X-App-Version
X-Cache-Backend
X-Dispatcher-Server
X-Block-Status
X-Debug-Cache-Store
X-Debug-Cookies
X-Clara-WADP
X-Core-Mission
X-Cdn-Srv
X-Debug-Log
X-Debug-Cache-Fetch
X-Cache-Bucket
X-BBXSRF
X-Cache-Info
X-Debug-Cache-Expiry
X-Cache-URL
X-Cache-Time
X-Azure-Ref
X-Ms-Request-Id
Is-Eu
X-Request-URI
X-Servername
X-Server-W
X-Has-Esi
X-Render-Time
X-Reboot
Platform
X-Variation
X-RateLimit-Limit-Second
X-Up
X-RateLimit-Remaining-Second
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-WADP-Cache
X-NU-AKA-ACS-Version
X-Webstats-RespID
X-Is-Gdpr
Adler-Geo
X-Urbn-Site-Id
X-Platform-Server
X-Internal-Host
X-Swa-Ws
X-Trace-Id
X-TT-LOGID
X-Urbn-Context-Path
X-Proxy-Upstream
X-Owner
X-Hash
X-GeoIP-City
X-Hnp-Log
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Generation-Time
X-Generated-In
X-Fastly-Cache
X-Epic-Correlation-Id
X-Fetched-On
X-Gamma-Serve
X-Gen-Mode
X-Instart-Isnd
X-Irp-Debug
X-Origin-Date
X-Cache-Tags
X-Origin-Expires
X-OVcl
X-OVcl-Cache
X-NX-Host
X-NodeID
X-Micro-Cache
X-Key
X-JWT-State
X-Ms-Version
X-Nginx-Cache-Key
X-Distributor
X-Cms-Context
RNT-Machine
Cdncip
RNT-Time
Cache-Host
Server-ID
AKAMAI
Request-EU
Request-Country
Heartbleed
Kp-EeAlive
Mail-Subject
Fastly-Backend-Name
Cdnsip
Country-Code
Locale
Server-Int
V-Age
We-Hiring
Web-Mar-Node
X-AK-Request-ID
True-Client-Country-4JS
X-TA-CDN-Provider
PFcat
Wxu-Next-Hostname
X-Thinkindot-L3
Wxu-Next-Commit
X-Generated-On
Wxu-Next-Region
Thinkindot-Control
X-Trafficlayer-App-Version
FNAC-ModuleRouting
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
X-Service
X-Level-Front-Cache
X-Matched-Rule
ServerName
X-ServiceProvider
X-Sucuri-Cache
X-Core-Value
X-Old-Content-Length
X-Req
Filterid
X-Nginx-Cache
Cache-Hits
X-SERVER
X-Air-Hostname
X-S-Maxage
X-Lb-Id
X-Response-By
X-Location
X-Refresh
RequestId
Group
X-VHOST
X-Var-Ttl
Pragrma
X-Cache-Expired-At
X-Parent-Response-Time
S-Cnection
X-Tb-Optimization-Total-Bytes-Saved
Memory
X-CSRF-TOKEN
X-B3-Parentspanid
X-Cdn-Forward
X-BACKEND-TTL
X-Tec-Api-Root
X-Tec-Api-Origin
Powered-By-ChinaCache
X-Tec-Api-Version
X-CF-Powered-By
X-Correlation-ID
ProcessTime
X-B3-SpanId
X-Pjax-Url
X-Wa
X-Ua
X-Server-IP
X-NC
Origin
User-Agent
X-Sucuri-ID
X-CSRF-Token
TTL
X-Varnish-Cacheable
X-Pf-Uncompressing
Geoip-Latitude
X-NWS-UUID-VERIFY
X-Unique-ID
SRV
X-Vcl-Version
X-Via-CDN
Geoip-City
GeoIp-Country-Code
Media-Length
X-NGINX-Cache
X-Developer
X-Cdn-Request-ID
PICS-Label
X-COUNTRY
X-Node-Id
X-Cache-Grace
X-LAGOON
X-Device-Os
X-Cdn-Origin
X-Ocache
X-Sn-Servicetimems
X-Servedbyhost
X-Webkit-CSP
X-Sucuri-Id
Dnion-Transfer-Encoding
X-Litespeed-Cache
On-Server
X-Rocket-Nginx-Bypass
X-MSEdge-Features
A
X-Cache-Status-Check
X-Varnish-Ttl
X-MSEdge-Flight
SN
X-Via-Ucdn
X-Request-Host
X-Oss-Storage-Class
X-Oneagent-Js-Injection
X-Oss-Server-Time
X-Oss-Request-Id
X-TIME
XServer
X-Oss-Hash-Crc64ecma
Hostname
X-Oss-Object-Type
Esi-Enabled
M-TraceId
Cloudfront-Viewer-Country
X-Reqid
X-HS-Status
X-AIR-PT
X-FORWARDED-FOR
Cdn
X-Planisys-CDN-Cache
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Ratelimit-Remaining
X-Fastly-Country-Code
X-Cache-Ttl
X-ServedByHost
Resin-Trace
X-Beluga-Trace
X-Azure-Ref-OriginShield
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
Who
X-Request-Start
X-Beluga-Node
X-Ftr-Cache-Host
HostName
Host-ID
CF-Cached-On
Tcn
X-Varnish-URL
Rt-Proxy-Cache
GeoIP-Country-Code
Pics-Label
NtCoent-Length
X-Slack-Backend
X-VCL-Version
GeoIP-Latitude
Magicmarker
X-Method
X-APP
CACHE
MIME-Version
X-Oracle-Dms-Rid
X-RSL
X-RPS
X-PF-Uncompressing
X-Varnish-Url
X-RPM
X-DSS
X-DW
X-Zone
X-DI
X-DB
X-Action
GeoIP-City
Ttl
X-Bc
Cteonnt-Length
X-Fastly-Backend-Reqs
X-DC
X-LiteSpeed-Cache-Control
Arc-Country
Pramga
X-Ratelimit-Limit
X-Newrelic-App-Data
X-Dispatch
X-VarnishDD-TTL
X-Cache-FS-Status
X-Skip-Cache
X-Processor
X-Server-Time
X-PAYTM-SRV-ID
X-Svr
X-Swift-Error
Amp-Access-Control-Allow-Source-Origin
X-ND-Cache
WebServer
X-Be
X-Flog
Ohc-Response-Time
X-PJAX-URL
X-ABtesting
X-FPC
X-Hello
Load-Balancing
X-Ftr-Request-Id
X-SRV
X-Served-From
X-Dynatrace
Cdn-Host
Vix-Hermes-Req-Id
N-Cache
Fastly-Drupal-HTML
Cdn-Request-Time
X-DevSite-Last-Modified
X-BE
Processtime
X-HostName
X-Edge-Server
DSUID
X-Dynatrace-Js-Agent
X-MServer
Servername
X-Bc-Bl
X-Amzn-Remapped-Date
X-Aicache-OS
X-VCT
Cache-Provider
X-WA
X-Amzn-Remapped-Connection
Release
X-ID
X-Frame-Option
X-Hp-Ccpa-Warning
X-WR-MODIFICATION
Pagetype
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Realm
X-ZONE
X-Backend-Host
Lfy
X-Ftr-Balancer
X-Configured-By
X-StackifyID
X-Fastly-Cache-Hits
X-Branch-Name
X-Tid
X-LB-ID
X-Snapshot-Date
CDN
CF-IPCountry
Requestid
Dynatrace
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-CACHE-AGE
Section-Io-Id
X-Upstream-Ht
X-SB
Proxy-Firewall
X-Apw-Access-Object
X-Apw-Hits
X-Request-Url
X-Upstream-Ct
WZWS-RAY
X-VC
X-Apw-Access-Token
X-Cc-Via
X-Cc-Req-Id
X-SD-PageType
D-Cc-Upstream
X-Apw-Access-Action
X-BC
X-Edge-IP
Warning
V-Cache
SD-X-WS
X-Litespeed-Cache-Control
Cache-Cookie-Set-From
FSS-Proxy
X-Fmm-Version
X-Fpc
FSS-Cache
Cneonction
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-WPE-Loopback-Upstream-Addr
X-Check-Cacheable
X-ElasticPress-Search
X-ServerName
X-App
X-SN
X-Cache-Id
X-Worker
WP-Super-Cache
X-Compress-Hint
X-Powered-Y
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
L
Backend-Name
X-Request-URL
Correlation-Id
Lb