Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-UA-Compatible
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
P3p
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Ws-Request-Id
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Host
X-WebKit-CSP
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Dispatcher
X-Cloud-Trace-Context
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Country-Code
Allow
X-Instart-Request-ID
X-PC
X-Vname
X-Goog-Hash
X-TtlSet
X-FTR-Request-ID
X-TTL
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Exp-Variant
Edge-Cache-Tag
AR-Request-ID
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
RTSS
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
Charset
SPRequestGuid
X-Vcache
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Powered-CMS
Arr-Disable-Session-Affinity
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Display
Pagespeed
X-Sol
X-Middleton-Display
Response
X-Middleton-Response
X-Vcap-Request-Id
X-Navigation-Version
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
X-Client-IP
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
X-Upstream
S
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPIisLatency
SPRequestDuration
X-Id
X-Hp-Webp
Nginx-Cache
X-Ezoic-Cdn
X-Forwarded-For
X-Content-Type
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Amzn-Trace-Id
X-Recruiting
X-Grace
Front-End-Https
X-Hits
Nel
Fastcgi-Cache
X-Varnish-Age
X-Aspnet-Version
X-DIS-Request-ID
ServerID
X-Edge-O15-RID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
NR-ENABLED
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-FTR-Expires
X-Frontend
X-FTR-Cache-Status
X-Country-Code-Real
Powered
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Cache-TTL
Server-Name
X-FTR-Backend-Server
X-FTR-Backend
Alternate-Protocol
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Logged-In
TP-Cache
TP-L2-Cache
Server-Node
X-Correlation-Id
X-Jurisdiction
X-XRDS-LOCATION
X-Webkit-Csp
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Page-Id
X-Origin-Server
X-Content-Options
Refresh
X-Rid
X-F-Cache
X-Cache-Hit
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-User-Agent
X-Revision
X-Shield-Request-Id
X-Amz-Apigw-Id
X-Varnish-Grace
X-Amzn-RequestId
X-Type
X-Server-ID
X-Webapp-Samesite-None-Activated-N
X-XRDS-Location
Fastly-Restarts
X-Content-Powered-By
X-Zen-Fury
X-Geo-Country
X-B3-Sampled
X-LB-Cache
X-AppVersion
X-B
X-Az
X-Activity-Id
X-Pad
X-Analytics
X-URL
X-FTR-Cache-Host
X-N
PB-RID
PB-PID
X-Kinsta-Cache
X-CST
Arc-Version
X-Mobile-Rewrite
X-RateLimit-Remaining
X-TT
Cache-Status
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Cache-Age
DC
X-Request-Guid
X-Signature
X-Tumblr-Pixel-0
X-Tumblr-User
X-Jobs
X-Framework
X-Ruxit-Js-Agent
Paypal-Debug-Id
X-App-Environment
X-B-Cache
Actual-Object-TTL
X-Tumblr-Pixel
X-Debug-Info
Access-Control-Allow-Method
X-Instance
X-FB-Debug
X-PHP-Backend
X-Time
X-Cache-Action
X-Load-Cache
X-Varnish-Backend
X-Git-Hash
X-Erf-Bev-Bev
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Cached-By
X-Tt-Trace-Tag
Fastcgi-Useragent
Host-Header
X-Ttl
X-IPLB-Instance
X-Amz-Replication-Status
X-Contextid
MS-CV
X-FastCGI-Cache
X-Tt-Trace-Host
X-SS-Set-Cookie
FilterID
X-Cluster
X-ATG-Version
Tracecode
X-Accel-Buffering
Frame-Options
X-Response-Served-From
NGB
X-Srv
X-WA-Info
X-Cache-Key
Xserver
X-Cache-NE
X-Mobile
X-FW-Static
Payment
WPE-Backend
Eomportal-Instance
X-FW-Server
X-FW-Type
X-Varnish-Server
X-FW-Hash
X-FW-Serve
X-Tumblr-Pixel-2
X-RequestSource
Filters
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Kong-Proxy-Latency
X-Cacheable-TTL
X-Cache-2
X-Kong-Upstream-Latency
X-Varnish-Hostname
Host
X-GeoIP
X-Cache-Enabled
X-Host-Name
X-Adobe-Content
X-IPS-LoggedIn
X-Region
X-Adobe-Loc
X-Is-Bot
X-Rendered-As
X-TX-ID
X-NewRelic-App-Data
Source
X-EdgeConnect-Cache-Status
X-Seen-By
X-Cache-Rule
X-Cache-Operation
X-Via-JSL
Cleartype
X-Oneagent-Js-Injection
X-Origin-Response-Time
X-ORACLE-APMCS-REQUEST-ID
X-Cache-TTL-Remaining
X-ORACLE-APMCS-TAG
X-Hostname
X-Presslabs-Stats
Cache
Retry-After
X-HTML-Minification-Powered-By
Healthy
X-Cache-Control
X-VCache
Server-Info
Datacenter
X-Dc
X-ProcessESI
X-RemovedCookies
Accept-CH
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-UA
Ms-Operation-Id
X-RTag
X-B3-Traceid
X-CACHE-KEY
X-NWS-LOG-UUID
Liferay-Portal
X-Source
X-RateLimit-Limit
X-FireWall-Port
X-PressLabs-Stats
X-Rule
X-Cache-Server
From-Origin
X-Environment-Context
X-Endurance-Cache-Level
X-L-Path
X-Upgrade-Enabled
X-Status
X-Wix-Request-Id
X-CLOUD-TRACE-CONTEXT
Version
X-Handled-By
X-Cache-Var-Map
X-RN-RSRV
Meta-Geo
Accept-CH-Lifetime
X-Cache-Var
X-App-Server
X-Path-Route
X-ES-SERVER
X-Timing-Wait
Selected-Fe
X-Proxy-Build
OT-Force-Account-Verify
X-Shopify-Stage
X-Content-Age
X-Shopify-Generated-Cart-Token
X-ShopId
X-Storage
X-Sorting-Hat-PodId
Azure-RegionName
X-Akamai-Request-ID
X-ShardId
X-Alternate-Cache-Key
X-Backend-Name
X-Proto
Azure-InstanceId
X-Access
X-Sorting-Hat-ShopId
X-EIG-Tracking-Id
Cache-Tags
X-Tb
X-Format
Mn-Server-Ip
Azure-SiteName
Azure-Version
Azure-SlotName
X-Request-Time
X-Section
TWC-Privacy
TWC-GeoIP-LatLong
Decoy-Debug-Key
Origin-Edge-Control
TWC-Locale-Group
Decoy-Debug-Status
Origin-Cache-Control
Webcakes-App-Name
DB-Nickname
Now
Node
TWC-Device-Class
TWC-Connection-Speed
Ec-Rule-Version
S-Rt
TWC-GeoIP-Country
X-BYPASS-REASON
Property-Id
X-LJ-Flow-ID
X-Human
X-OCL
X-Origin
X-ServerID
X-SaId
X-Qloud-Router
X-Redis-Cache
X-PCL
X-ProxyCache-Key
X-UUID
X-Time-Microsecs
X-Soup
X-Vgn-Hpd-Reason
X-Viewer-Country
X-ProxyCache-Status
X-VWS-Id
X-Pubstack
X-Proxy-Cache-Status
X-Cluster-Node
X-Debug-Cache
X-FC-Vary-Parameters
X-Cache-Config
X-AWS-Id
Webcakes-Region
X-Akamai-Request-ID2
X-FW-Dynamic
X-Generated-By
X-JoinUs
X-Origin-Hint
X-Proxy
X-Hyper-Cache
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hl-Ver
Webcakes-App-Version
Decoy-Debug-TTL
Akamai-GRN
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Web-Node
X-BCube-Filmed-By
X-Xfnlog-Site
X-Varnish-Hits
X-Www-Served-By
X-Detected-As
X-APP-VERSION
X-Locale
X-IP
X-Site-Version
NGX
X-Generated
X-CCM
X-Cache-Host
X-NYM-Debug-Backend
X-MP-GENERATED-AT
Cross-Origin-Window-Policy
X-RCS-CacheZone
X-TNCMS
X-Say-TTL
X-Say-Cacheable
X-Amzn-Remapped-Content-Length
X-SayCDN-TTL
X-FB-TRIP-ID
X-Loop
X-R9-Blue-Green-Version
X-Akamai-Transformed
GEO-INFO
L5d-Success-Class
Cache-Name
Accept-Charset
X-CS
Viewport
Uber-Trace-Id
Srv
X-NCache
X-Unique-Id
X-Drupal-Cache-Tags
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Esi
X-Cache-Remote
X-UA-Device-Type
Webserver
X-From
X-TT-TIMESTAMP
Time
Mime-Version
X-Origin-TTL
X-Origin-CC
X-Cluster-Name
Cache-Key
Accept-Language
X-Backend-TTL
X-Drupal-Cache-Contexts
X-Edge-Location
Country
X-CDN-Forward
Odigeo-Trace-Id
X-EC-Lua
X-Microcachable
Rt-Fastcgi-Cache
X-Mode
X-Info
X-Forwarded-Host
X-B3-Spanid
Ohc-File-Size
X-Newrelic-Synthetics
X-Geo
Ohc-Cache-HIT
X-Magnolia-Registration
X-ApacheServer
X-Whom
X-PERF
X-UnsetCookies
X-No-Session
Content-Disposition
X-Varnish-Cache-Hits
Proxy-Connection
ServedBy
X-Webkit-CSP
X-UPSTREAM-Address
X-Labrador-Cache-Channel
X-PHP-Host
X-Proxied
X-Device-Type
X-Zipkin-Id
X-Real-IP
X-Routing-Service
X-CF-Lambda-Version
X-VG-WebCache
X-Twitter-Response-Tags
X-VG-WebServer
X-Trv-Group
X-Transaction
X-CF-Lambda-Fn
X-Vdms-Version
X-Aed
Viewtype
Machine
X-S
X-S-Cookie
VivaBuild
GEO-REGION-INFO
X-ScT
MD5-Digest
X-Rojux
T-Server
Rendered-Blocks
X-Request-UUID
Mobile-Detection-Method
Meta-Geo-Continent
X-Region-Sid
X-Rewrite-Enabled
X-A
X-A-Ccd
BehaviorPad-Version
X-Session-Fingerprint
X-Application
AsisCache
X-ARC
X-Via-Fastly
X-SRCache-Key
X-Connection-Hash
X-Accel-Expires-Debug
X-A-Dcw
X-A-Dam
Fastcgi-X-Cache-Version
X-A-Dgt
Content-Style-Type
X-A-Wwc
Content-Script-Type
X-B-Cookie
X-Date
X-External-Request-Id
X-G
X-DPWN-IS-SECURE
Cf-Ipcountry
Xc-Version
X-Destination
X-App-Version
X-D
X-NGENIX-Cache
X-Vtex-Remote-Cache
X-GeoIP-Country-Code
X-Cache-Time
X-Geo-Header
X-Vtex-Processado-Em
Fastly-SSL
X-C
User-Cache-Control
X-Uri
X-Bip
X-Auto-Login
X-GoCache-CacheStatus
X-CUA
X-TrackingId
Server-Surrogate-Control
IsBot
X-VG-TLSProxy
X-Contensis-Viewer-Groups
X-Wikidot-Backend
Locid
X-VC-Cache
Gh-Request-Id
X-Logging-Id
X-Thanos
X-Varnish-Authentication
W
Fastly-Soc-X-Request-Id
X-Rocket-Build-Number
X-Tumblr-Pixel-3
Apple-News-Services-Handled
X-Sigma
X-Sigma-Backend
Access-Control-Request-Headers
X-Wikidot-Static-Cache
X-Cache-Debug
Apple-News-Services-Host
X-WebServer
Server-Cache-Control
X-Developers
X-SIPLIST1
X-Cache-ASPX
Apple-News-Services-Request-Url
Environment
Apple-News-Services-Parsed-Url
We-Hiring
Wxu-Next-Region
X-Rebelmouse-Surrogate-Control
Wxu-Next-Hostname
X-Li-Pop
Wxu-Next-Commit
Web-Mar-Node
X-OVcl
Server-ID
X-Origin-Expires
True-Client-Country-4JS
X-NodeID
Section-Io-Cache
X-Request-URI
X-Req
X-Ms-Version
X-Ms-Request-Id
X-OVcl-Cache
X-LI-UUID
X-LI-Proto
X-Location
V-Age
X-Micro-Cache
X-Li-Fabric
X-Core-Mission
X-AK-Request-ID
X-Clientip
X-Proxy-Upstream
X-Clara-WADP
X-Fastly-Cache
X-RateLimit-Limit-Second
X-FW-Version
X-BBXSRF
X-Block-Status
X-Distributor
X-Debug-Cache-Store
X-Cache-URL
X-Cdn-Srv
X-Debug-Cache-Fetch
X-Cache-Bucket
X-Dispatcher-Server
X-Debug-Cache-Expiry
X-RateLimit-Remaining-Second
RNT-Time
X-Hnp-Log
X-Rebelmouse-Cache-Control
X-Hash
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Instart-Isnd
X-GeoIP-City
X-Owner
X-Cms-Context
X-Gamma-Serve
X-Azure-Ref
X-Gen-Mode
X-Generation-Time
X-Generated-In
X-Key
X-SVT-ORM-VERSION
X-User
X-Urbn-Site-Id
X-Urbn-Context-Path
RNT-Machine
X-VServer
X-We-Are-Hiring
X-WADP-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
AKAMAI
Cache-Host
X-SVT-ORM-RULES
X-Origin-Date
X-TT-LOGID
X-TH-Server
X-Webstats-RespID
CDCHOST
X-Epic-Correlation-Id
X-Distil-CS
X-Eu-Site
X-Hit
X-Sucuri-Cache
X-Render-Time
X-CGP
X-Backend-State
HA-Ipaddr
Ha-Gx-Prefs
X-Agile
X-Agile-Age
X-App-Name
X-Agile-Id
Cdncip
X-Varnish-Beresp-Grace
Fastly-SIE
Request-Country
Heartbleed
Memcached
Fastly-SWR
IBM-Web2-Location
Powered-By
FNAC-ModuleRouting
Fastly-Backend-Name
Request-EU
Country-Code
Cdnsip
Mail-Subject
Countrycode
Locale
X-Cache-Backend
Geo-Info
HitType
X-Daa-Tunnel
X-Service
X-NU-AKA-ACS-Version
X-Debug-Log
X-Debug-Cookies
PFcat
X-Nginx-Cache-Key
X-Internal-Host
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-Has-Esi
Server-Host
Server-Int
X-Generated-On
X-NX-Host
Platform
X-Reboot
X-Cache-Info
X-Cache-Tags
X-Up
X-S-Maxage
X-Platform-Server
X-Old-Content-Length
X-ServiceProvider
Adler-Geo
X-Swa-Ws
X-Trace-Id
X-Variation
X-Trafficlayer-App-Version
Kp-EeAlive
Is-Eu
X-Core-Value
X-B3-Parentspanid
X-Nc
X-Server-W
ServerName
X-Fetched-On
X-Lb-Id
Thinkindot-CacheControl
X-Thinkindot-L3
X-Matched-Rule
Thinkindot-Control
X-Refresh
Thinkindot-CacheControl-Type
X-Nginx-Cache
Filterid
X-TA-CDN-Provider
X-Response-By
X-SERVER
X-Servername
RequestId
Cache-Hits
X-B3-SpanId
X-NC
X-Parent-Response-Time
X-Server-IP
ProcessTime
X-Cdn-Forward
X-CF-Powered-By
X-Air-Hostname
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Root
X-Tec-Api-Origin
X-CSRF-Token
X-Tec-Api-Version
X-CSRF-TOKEN
Pragrma
X-Cache-Expired-At
X-Var-Ttl
X-Wa
X-Cdn-Request-ID
Memory
User-Agent
Group
Media-Length
X-BACKEND-TTL
SRV
Geoip-Latitude
X-Pf-Uncompressing
TTL
Origin
GeoIp-Country-Code
S-Cnection
Powered-By-ChinaCache
X-Vcl-Version
X-NGINX-Cache
X-Unique-ID
X-Ua
X-Correlation-ID
X-Sucuri-Id
X-Sucuri-ID
X-Rocket-Nginx-Bypass
SN
Esi-Enabled
X-Reqid
PICS-Label
X-COUNTRY
X-AIR-PT
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Geoip-City
HostName
X-Policy
X-Planisys-CDN-TTL
X-TIME
X-Varnish-Cacheable
X-Request-Start
X-Via-CDN
X-Servedbyhost
X-Azure-Ref-OriginShield
X-Litespeed-Cache
X-Via-Ucdn
X-NWS-UUID-VERIFY
Rt-Proxy-Cache
X-Developer
XServer
M-TraceId
X-HS-Status
Dnion-Transfer-Encoding
X-LAGOON
X-Device-Os
X-Node-Id
X-Cache-Grace
X-Cdn-Origin
X-Ocache
X-Sn-Servicetimems
X-FORWARDED-FOR
X-Method
X-Fastly-Country-Code
On-Server
X-ServedByHost
Cdn
Resin-Trace
Magicmarker
Tcn
X-Cache-Ttl
X-Request-Host
Who
X-MSEdge-Features
X-MSEdge-Flight
A
Load-Balancing
X-VHOST
X-Ftr-Cache-Host
Cloudfront-Viewer-Country
CF-Cached-On
DSUID
Ohc-Response-Time
X-Oss-Server-Time
X-Cache-Status-Check
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
NtCoent-Length
X-Be
Pics-Label
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Node
Release
X-Beluga-Status
X-Beluga-Trace
X-Svr
X-Beluga-Response-Time
X-MServer
X-VCT
GeoIP-Country-Code
Vix-Hermes-Req-Id
X-VCL-Version
X-Varnish-Url
X-Zone
X-APP
X-Bc
Hostname
MIME-Version
X-Oracle-Dms-Rid
X-Hp-Ccpa-Warning
Cteonnt-Length
Ttl
X-Ratelimit-Remaining
Host-ID
X-VarnishDD-TTL
WebServer
X-Fastly-Backend-Reqs
GeoIP-Latitude
X-LiteSpeed-Cache-Control
X-DC
X-Varnish-Ttl
GeoIP-City
X-Varnish-URL
X-Newrelic-App-Data
X-Configured-By
X-PF-Uncompressing
X-SRV
Servername
X-Ftr-Request-Id
X-SD-PageType
X-Slack-Backend
X-Upstream-Ct
X-Upstream-Ht
SD-X-WS
X-PJAX-URL
Amp-Access-Control-Allow-Source-Origin
X-WR-MODIFICATION
X-HostName
X-Dynatrace
X-Aicache-OS
X-BE
X-Tid
X-Swift-Error
X-SN
X-Compress-Hint
X-Cache-Id
Processtime
X-Ratelimit-Limit
X-Dynatrace-Js-Agent
X-ID
Cache-Provider
X-Release
X-DI
X-Via-NSCOPI
X-Dispatch
X-Cache-FS-Status
Pramga
X-FPC
X-PAYTM-SRV-ID
X-Skip-Cache
X-Server-Time
X-Processor
Arc-Country
X-RSL
X-DB
X-Action
L
X-DSS
X-DW
X-RPS
CACHE
X-RPM
X-Frame-Option
X-Ftr-Dc
X-DevSite-Last-Modified
X-StackifyID
X-ABtesting
X-Flog
X-Ftr-Backend
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Hello
Requestid
Pagetype
CDN
X-LB-ID
X-Ftr-Realm
Dynatrace
X-ND-Cache
Lfy
X-Fastly-Cache-Hits
X-Snapshot-Date
X-Branch-Name
LB
CF-IPCountry
Fastly-Drupal-HTML
X-Scheme
X-ServerName
X-CACHE-AGE
X-Node-ID
X-Edge-Server
X-Apw-Access-Action
X-Served-From
N-Cache
Proxy-Firewall
X-ZONE
X-Cc-Via
X-Edge-IP
X-Varnish-Beresp-TTL
Warning
Cdn-Host
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Request-Url
UCS
V-Cache
X-Cc-Req-Id
X-Request-URL
X-Apw-Access-Token
D-Cc-Upstream
X-SB
X-Apw-Hits
X-VC
Cdn-Request-Time
X-Apw-Access-Object
NnCoection
X-WA
WP-Super-Cache
X-App
Correlation-Id
Backend-Name
Lb
X-BC
X-Worker
X-Check-Cacheable
X-Powered-Y
X-Litespeed-Cache-Control
X-ElasticPress-Search
X-Fastly-Cache-Status