Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HW
X-Application-Context
X-DataDome
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-DynaTrace
X-Varnish-TTL
Accept-Ch
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-TTL
X-FTR-Request-ID
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
Edge-Cache-Tag
RTSS
X-Px
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
AR-Request-ID
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
X-Server-Name
SPRequestGuid
X-Vcache
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Navigation-Version
Response
X-Middleton-Response
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
X-Fastcgi-Cache
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Client-IP
S
X-Fastly-Request-ID
X-Upstream
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPRequestDuration
X-Id
SPIisLatency
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
X-Forwarded-For
Nginx-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
MRF-Tech
X-Content-Type
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Recruiting
Front-End-Https
X-Grace
Nel
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Node-Name
X-Element-Page-Cache
X-Content-Digest
X-Edge-O15-RID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Goog-Generation
X-Frontend
Powered
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Server-Name
Alternate-Protocol
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Logged-In
X-FTR-Realm
X-FTR-DC
X-Cache-TTL
TP-Cache
TP-L2-Cache
Server-Node
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-Request-Processing-Time
X-Webkit-Csp
X-Request-Received
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Jurisdiction
X-Webapp-Samesite-None-Activated-N
Upgrade-Insecure-Requests
Refresh
X-Origin-Server
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Revision
X-Rid
X-Akamai-Edgescape
X-User-Agent
X-Varnish-Grace
Backend-Timing
X-ATS-Timestamp
X-Amz-Apigw-Id
X-Cache-Hit
X-F-Cache
X-Amzn-RequestId
X-Server-ID
X-Type
X-XRDS-Location
Fastly-Restarts
X-Pad
X-Content-Powered-By
X-Geo-Country
X-Zen-Fury
X-Az
X-LB-Cache
X-B3-Sampled
X-AppVersion
X-Activity-Id
X-B
X-N
X-Analytics
X-URL
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-PID
PB-RID
X-TT
X-WebKit-CSP-Report-Only
Arc-Version
X-Mobile-Rewrite
X-Cache-Age
X-AOL-HN
X-Tumblr-Pixel-0
X-Instance
X-App-Environment
X-Request-Guid
X-Jobs
X-Tumblr-User
X-Tumblr-Pixel
Actual-Object-TTL
X-Ruxit-Js-Agent
X-CST
Paypal-Debug-Id
X-Framework
DC
X-B-Cache
Cache-Status
Access-Control-Allow-Method
X-Signature
X-Debug-Info
X-PHP-Backend
X-FB-Debug
X-Load-Cache
X-Cache-Action
X-Varnish-Backend
X-Erf-Bev-Bev
X-Git-Hash
Fastcgi-Useragent
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Time
Host-Header
X-Cached-By
X-Ttl
X-Tt-Trace-Tag
FilterID
X-IPLB-Instance
MS-CV
X-Amz-Replication-Status
X-Contextid
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-ATG-Version
X-Srv
Tracecode
Frame-Options
X-Response-Served-From
X-Accel-Buffering
NGB
X-Cache-Key
WPE-Backend
X-FastCGI-Cache
Payment
X-Varnish-Server
Eomportal-Instance
X-WA-Info
Xserver
Source
X-GeoIP
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Cacheable-TTL
X-Cache-Enabled
Filters
X-Adobe-Content
X-Adobe-Loc
Host
X-Cache-NE
X-Region
X-RequestSource
X-Cache-2
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Server
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Host-Name
X-Rendered-As
X-Is-Bot
X-TX-ID
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-Seen-By
X-NewRelic-App-Data
X-Oneagent-Js-Injection
X-Cache-Operation
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Hostname
X-Via-JSL
X-Cache-TTL-Remaining
Cache
X-Origin-Response-Time
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Presslabs-Stats
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Control
Datacenter
X-VCache
X-HTML-Minification-Powered-By
X-Dc
Retry-After
Server-Info
X-ProcessESI
X-UA
X-RemovedCookies
Ms-Operation-Id
X-RTag
X-B3-Traceid
Accept-CH
X-CACHE-KEY
X-Rule
Liferay-Portal
X-Cache-Server
X-NWS-LOG-UUID
X-RateLimit-Limit
X-PressLabs-Stats
X-L-Path
From-Origin
X-Environment-Context
X-FireWall-Port
Version
X-Status
X-Source
X-Wix-Request-Id
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-ES-SERVER
X-Handled-By
X-Cache-Var
X-RN-RSRV
X-Proxy-Build
Selected-Fe
X-Timing-Wait
OT-Force-Account-Verify
X-Shopify-Generated-Cart-Token
X-Storage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Alternate-Cache-Key
X-Backend-Name
X-ShopId
X-UUID
X-Content-Age
X-Sorting-Hat-PodId
X-ShardId
Accept-CH-Lifetime
X-Shopify-Stage
X-Proto
X-EIG-Tracking-Id
X-Hyper-Cache
X-Tb
X-Sorting-Hat-ShopId
Azure-RegionName
Node
X-OCL
Azure-InstanceId
X-PCL
X-Proxy
NGX
X-Akamai-Request-ID2
X-Yottaa-Metrics
X-Origin
X-Yottaa-Optimizations
Webcakes-App-Version
X-Debug-Cache
X-Generated-By
X-Hl-Ver
X-FC-Vary-Parameters
Decoy-Debug-TTL
Decoy-Debug-Key
DB-Nickname
X-Hosted-By
X-Cache-Host
Webcakes-Region
X-JoinUs
X-Akamai-Request-ID
X-Section
Webcakes-App-Name
X-Human
Ec-Rule-Version
X-Request-Time
X-Redis-Cache
Origin-Edge-Control
TWC-Connection-Speed
X-FW-Dynamic
Property-Id
Origin-Cache-Control
Cache-Tags
X-Origin-Hint
X-Cache-Config
TWC-Device-Class
TWC-Locale-Group
X-Time-Microsecs
TWC-GeoIP-LatLong
X-Qloud-Router
X-ServerID
X-LJ-Flow-ID
TWC-GeoIP-Country
Decoy-Debug-Status
X-VWS-Id
Azure-Version
Azure-SlotName
X-Access
S-Rt
TWC-Privacy
X-Soup
X-Pubstack
X-AWS-Id
X-Format
X-ProxyCache-Status
X-SaId
Akamai-GRN
X-Web-Node
X-Viewer-Country
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-BYPASS-REASON
Now
Azure-SiteName
X-CCM
X-BCube-Filmed-By
Mn-Server-Ip
X-Varnish-Hits
X-Site-Version
X-Proxy-Cache-Status
X-Www-Served-By
X-Xfnlog-Site
X-RCS-CacheZone
X-Cluster-Node
X-SayCDN-TTL
X-Say-TTL
X-MP-GENERATED-AT
X-App-Server
X-IP
X-NYM-Debug-Backend
X-Generated
X-Locale
X-Say-Cacheable
X-Amzn-Remapped-Content-Length
X-TNCMS
X-FB-TRIP-ID
X-Detected-As
Cross-Origin-Window-Policy
X-Loop
L5d-Success-Class
X-APP-VERSION
Cache-Name
X-R9-Blue-Green-Version
GEO-INFO
Viewport
X-CS
Uber-Trace-Id
Accept-Charset
Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Transformed
Webserver
X-Drupal-Cache-Tags
X-Unique-Id
X-NCache
X-Cache-Remote
X-From
X-Esi
X-UA-Device-Type
Srv
X-Edge-Location
X-TT-TIMESTAMP
X-Cluster-Name
Mime-Version
Cache-Key
X-Drupal-Cache-Contexts
X-Origin-CC
X-Backend-TTL
X-Origin-TTL
Accept-Language
Country
X-CDN-Forward
X-EC-Lua
X-Mode
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-Microcachable
X-B3-Spanid
Rt-Fastcgi-Cache
Ohc-Cache-HIT
Ohc-File-Size
X-Forwarded-Host
X-Info
X-Geo
X-No-Session
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-Whom
X-Magnolia-Registration
X-UPSTREAM-Address
X-UnsetCookies
X-Zipkin-Id
X-Proxied
X-PHP-Host
ServedBy
X-Varnish-Cache-Hits
X-Labrador-Cache-Channel
Content-Disposition
X-Routing-Service
X-PERF
X-Real-IP
X-ApacheServer
Cf-Ipcountry
Fastly-SSL
X-Cache-Time
Powered-By
X-Region-Sid
X-G
Content-Script-Type
X-Request-UUID
X-S-Cookie
X-ScT
X-Rojux
X-Geo-Header
X-SRCache-Key
X-Rewrite-Enabled
X-S
X-Session-Fingerprint
Content-Style-Type
GEO-REGION-INFO
X-External-Request-Id
AsisCache
X-Date
Machine
Rendered-Blocks
X-DPWN-IS-SECURE
X-Destination
BehaviorPad-Version
X-Device-Type
X-Accel-Expires-Debug
Meta-Geo-Continent
Mobile-Detection-Method
X-GeoIP-Country-Code
X-D
MD5-Digest
Fastcgi-X-Cache-Version
X-Connection-Hash
X-Trv-Group
Xc-Version
X-B-Cookie
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
VivaBuild
X-App-Version
X-ARC
X-Application
X-Vdms-Version
Viewtype
X-Twitter-Response-Tags
X-Aed
X-CF-Lambda-Fn
X-A-Dgt
X-A-Wwc
X-CF-Lambda-Version
X-A-Dcw
X-A-Dam
T-Server
X-A
X-A-Ccd
X-Transaction
X-VG-WebCache
User-Cache-Control
X-Via-Fastly
Access-Control-Request-Headers
X-Bip
Environment
X-SIPLIST1
X-Uri
W
Gh-Request-Id
IsBot
X-Auto-Login
X-Logging-Id
Server-Surrogate-Control
X-Varnish-Authentication
Server-Cache-Control
X-CUA
X-VG-TLSProxy
X-Cache-Backend
X-Contensis-Viewer-Groups
X-Cache-Debug
X-Rocket-Build-Number
X-Sigma-Backend
X-WebServer
X-Thanos
X-Sigma
X-Cache-ASPX
X-TrackingId
X-VC-Cache
X-Tumblr-Pixel-3
X-NGENIX-Cache
ServerName
X-C
X-Cdn-Srv
X-Gamma-Serve
X-BBXSRF
X-Cache-Info
X-Debug-Cookies
X-Fastly-Cache
X-CGP
X-Debug-Cache-Fetch
X-Clara-WADP
X-Block-Status
X-FW-Version
X-Agile
X-Debug-Cache-Store
X-Eu-Site
X-Dispatcher-Server
X-Agile-Id
X-Backend-State
X-Distil-CS
X-AK-Request-ID
X-Cms-Context
X-Clientip
X-Debug-Log
X-Cache-Bucket
X-Agile-Age
X-Epic-Correlation-Id
X-Distributor
X-OVcl
Fastly-Backend-Name
X-Webstats-RespID
X-We-Are-Hiring
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
RNT-Machine
Locid
X-WADP-Cache
X-VServer
X-Trace-Id
X-TH-Server
X-TT-LOGID
X-Urbn-Context-Path
X-User
X-Urbn-Site-Id
RNT-Time
Server-Int
X-App-Name
X-Wikidot-Static-Cache
X-Wikidot-Backend
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Req
X-Nginx-Cache-Key
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Cache-URL
X-Developers
X-Core-Mission
X-Swa-Ws
X-SVT-ORM-VERSION
X-Irp-Debug
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Key
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-IN-APIGATEWAY
X-Hnp-Log
X-Generation-Time
X-Generated-In
X-GeoIP-City
X-GoCache-CacheStatus
X-Hit
X-Hash
X-LI-UUID
X-Location
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Render-Time
X-Request-URI
X-SVT-ORM-RULES
X-Sucuri-Cache
X-Owner
X-OVcl-Cache
X-Ms-Version
X-Ms-Request-Id
X-NodeID
X-NX-Host
X-Origin-Expires
X-Origin-Date
X-Gen-Mode
X-Debug-Cache-Expiry
IBM-Web2-Location
Heartbleed
HA-Ipaddr
Kp-EeAlive
Locale
Request-Country
Memcached
Mail-Subject
Ha-Gx-Prefs
Countrycode
AKAMAI
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Cache-Host
CDCHOST
Country-Code
Cdnsip
Cdncip
Request-EU
X-Varnish-Beresp-Ttl
V-Age
Server-ID
Web-Mar-Node
We-Hiring
Section-Io-Cache
True-Client-Country-4JS
Geo-Info
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Generated-On
X-Old-Content-Length
X-Service
X-Variation
X-ServiceProvider
X-Rebelmouse-Surrogate-Control
X-Azure-Ref
X-JWT-State
X-Is-Gdpr
X-Level-Front-Cache
X-Micro-Cache
X-Rebelmouse-Cache-Control
X-Thinkindot-L3
X-Internal-Host
Thinkindot-Control
X-Has-Esi
X-Trafficlayer-App-Version
Adler-Geo
X-Up
X-Platform-Server
PFcat
X-Core-Value
Server-Host
Thinkindot-CacheControl-Type
X-Daa-Tunnel
X-Cache-Tags
Platform
X-Reboot
Fastly-SIE
Is-Eu
Fastly-SWR
Thinkindot-CacheControl
X-S-Maxage
HitType
X-B3-Parentspanid
X-Nc
X-TA-CDN-Provider
Cache-Hits
X-Lb-Id
X-Server-W
X-Refresh
X-Response-By
X-Fetched-On
RequestId
X-Servername
X-SERVER
X-Server-IP
X-Tb-Optimization-Total-Bytes-Saved
X-Nginx-Cache
X-Parent-Response-Time
X-B3-SpanId
Memory
ProcessTime
X-NC
Filterid
X-Cdn-Forward
X-CF-Powered-By
Media-Length
X-Tec-Api-Version
X-Tec-Api-Root
X-Cdn-Request-ID
X-Tec-Api-Origin
X-CSRF-Token
SRV
X-Pjax-Url
X-CSRF-TOKEN
Origin
X-Wa
User-Agent
X-Air-Hostname
Geoip-Latitude
X-Var-Ttl
X-BACKEND-TTL
Group
Pragrma
TTL
X-Pf-Uncompressing
X-Cache-Expired-At
X-NGINX-Cache
X-Vcl-Version
GeoIp-Country-Code
X-TIME
X-Unique-ID
X-Ua
X-Correlation-ID
Powered-By-ChinaCache
X-Rocket-Nginx-Bypass
X-Sucuri-Id
Esi-Enabled
S-Cnection
X-Reqid
X-AIR-PT
X-Sucuri-ID
HostName
X-Planisys-CDN-Rules
PICS-Label
X-COUNTRY
X-Policy
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Varnish-Cacheable
X-Request-Start
X-Servedbyhost
Rt-Proxy-Cache
X-HS-Status
X-Litespeed-Cache
SN
X-Webkit-CSP
X-Azure-Ref-OriginShield
M-TraceId
Geoip-City
X-Fastly-Country-Code
X-Via-CDN
X-Via-Ucdn
Dnion-Transfer-Encoding
XServer
X-Method
X-Developer
Magicmarker
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
Load-Balancing
X-Device-Os
X-Ocache
X-Node-Id
Resin-Trace
Tcn
X-Sn-Servicetimems
X-Cache-Grace
X-ServedByHost
X-Cdn-Origin
X-LAGOON
On-Server
Who
DSUID
X-Cache-Ttl
Ohc-Response-Time
Release
X-VHOST
X-Ftr-Cache-Host
Cdn
X-Request-Host
X-MSEdge-Features
X-MSEdge-Flight
X-MServer
A
X-VCT
NtCoent-Length
X-Svr
X-Be
CF-Cached-On
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
Vix-Hermes-Req-Id
X-Hp-Ccpa-Warning
X-Bc
Pics-Label
Cloudfront-Viewer-Country
X-APP
X-Zone
X-LiteSpeed-Cache-Control
X-Beluga-Cache-Status
X-Ratelimit-Remaining
X-Cache-Status-Check
X-Varnish-Url
X-Beluga-Trace
X-VCL-Version
GeoIP-Country-Code
X-Beluga-Record
X-Beluga-Node
Cteonnt-Length
X-Fastly-Backend-Reqs
X-Beluga-Status
X-Beluga-Response-Time
MIME-Version
X-Oracle-Dms-Rid
GeoIP-Latitude
X-Configured-By
X-VarnishDD-TTL
Ttl
X-DC
SD-X-WS
Host-ID
X-Varnish-Ttl
X-Varnish-URL
Hostname
X-PF-Uncompressing
GeoIP-City
X-Newrelic-App-Data
X-SD-PageType
X-WR-MODIFICATION
WebServer
X-Upstream-Ct
X-SN
X-SRV
X-PJAX-URL
X-Compress-Hint
X-Ftr-Request-Id
X-Upstream-Ht
X-Cache-Id
X-Tid
X-HostName
X-Via-NSCOPI
X-BE
L
Processtime
X-Slack-Backend
X-Dynatrace
X-Ratelimit-Limit
X-Release
X-Aicache-OS
X-Dynatrace-Js-Agent
X-DB
LB
X-ID
X-RPM
X-Swift-Error
CACHE
X-DSS
X-DW
X-RPS
X-DI
X-Action
X-Scheme
Cache-Provider
X-RSL
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
Dynatrace
X-FPC
Pramga
X-PAYTM-SRV-ID
X-Processor
X-Ftr-Balancer
Arc-Country
X-Ftr-Realm
X-Ftr-Dc
UCS
X-StackifyID
X-Dispatch
X-Ftr-Backend-Server
CDN
CF-IPCountry
X-Ftr-Backend
X-ServerName
X-Cache-FS-Status
Lfy
Pagetype
X-Fastly-Cache-Hits
Cache-Cookie-Set-From
Servername
X-Branch-Name
X-Server-Time
Cache-Cookie-Set-Lfrom
X-Skip-Cache
Requestid
X-LB-ID
X-Snapshot-Date
Cache-Cookie-Set-Idcheck
X-CACHE-AGE
X-VC
D-Cc-Upstream
Warning
X-Cc-Req-Id
X-Cc-Via
X-Apw-Access-Object
X-Flog
X-Edge-IP
X-ZONE
X-Varnish-Beresp-TTL
X-Node-ID
X-ND-Cache
X-Hello
Proxy-Firewall
X-DevSite-Last-Modified
X-Apw-Hits
V-Cache
X-SB
X-Apw-Access-Token
X-Apw-Access-Action
X-ABtesting
Fastly-Drupal-HTML
NnCoection
X-Fastly-Cache-Status
X-BC
Backend-Name
Correlation-Id
Lb
X-Litespeed-Cache-Control
WZWS-RAY
X-App
X-Worker
X-Powered-Y
X-Request-URL
X-ElasticPress-Search
WP-Super-Cache
X-Request-Url
X-Check-Cacheable