Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
X-Dns-Prefetch-Control
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
X-Mod-Pagespeed
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-Country-Code
X-DynaTrace
Accept-Ch
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-FTR-Request-ID
Verso
X-ESI
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
Edge-Cache-Tag
RTSS
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-D2id
X-Px
Ar-Sid
X-Debug
X-Abt-Application-Version
SPRequestGuid
X-Server-Name
X-Vcache
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
X-TEC-API-ROOT
X-Middleton-Response
X-MSEdge-Ref
Display
Pagespeed
X-Sol
Response
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Middleton-Display
X-Amz-Rid
X-Vcap-Request-Id
Arr-Disable-Session-Affinity
TCN
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
X-Trace
X-Fastcgi-Cache
X-SRCache-Store-Status
Pinterest-Version
X-SRCache-Fetch-Status
X-Pinterest-Rid
X-Cdn
X-VARITI-CCR
Public-Key-Pins
X-Client-IP
Cache-Tag
Realpath
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
S
X-DynaTrace-JS-Agent
Nginx-Cache
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
X-Id
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Amzn-Trace-Id
X-Grace
X-Edge-O15-RID
X-Amz-Meta-S3cmd-Attrs
X-T
Nel
Front-End-Https
DynaTrace
X-Recruiting
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Server-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Node-Name
X-Cache-TTL
X-DIS-Request-ID
X-Mobile-URL
X-Element-Page-Cache
NR-ENABLED
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-Content-Digest
X-Jurisdiction
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Frontend
X-Goog-Storage-Class
Powered
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
Server-Node
Alternate-Protocol
TP-L2-Cache
Server-Name
TP-Cache
X-Logged-In
X-Correlation-Id
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Upgrade-Insecure-Requests
Backend-Timing
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Content-Options
X-Page-Id
X-Cache-Hit
Refresh
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-F-Cache
X-Origin-Server
X-Rid
X-User-Agent
X-Revision
X-Type
X-Varnish-Grace
X-CST
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-Geo-Country
X-B3-Sampled
X-LB-Cache
X-URL
X-Shield-Request-Id
X-B
X-Az
X-Activity-Id
X-AppVersion
X-FTR-Cache-Host
X-N
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Kinsta-Cache
X-Webapp-Samesite-None-Activated-N
Cache-Status
X-Pad
X-Cache-Age
X-TT
X-Instance
X-Debug-Info
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Jobs
X-App-Environment
X-Tumblr-User
X-Request-Guid
X-Signature
X-Time
X-B-Cache
Actual-Object-TTL
X-Cache-Action
Access-Control-Allow-Method
X-Framework
X-Webkit-Csp
X-FB-Debug
Paypal-Debug-Id
X-RateLimit-Remaining
X-PHP-Backend
X-Analytics
X-Load-Cache
DC
X-Cached-By
X-Git-Hash
X-Varnish-Backend
X-Tt-Trace-Tag
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Erf-Bev-Bev
Fastcgi-Useragent
X-Tt-Trace-Host
Host-Header
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
MS-CV
X-SS-Set-Cookie
X-ATG-Version
FilterID
X-FastCGI-Cache
X-WA-Info
X-Cluster
Tracecode
X-Cache-Key
X-Accel-Buffering
X-Response-Served-From
Host
WPE-Backend
X-Host-Name
X-B3-Traceid
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Payment
X-Varnish-Server
NGB
Source
X-Cache-NE
X-Via-JSL
X-Cache-Rule
Eomportal-Instance
Xserver
X-Cache-Operation
X-FW-Static
X-FW-Server
X-FW-Type
X-Hostname
Frame-Options
X-Srv
X-Mobile
X-FW-Hash
X-Region
X-FW-Serve
X-Is-Bot
X-Cache-2
X-Rendered-As
Filters
Cache-Tv-Group
X-Cache-Enabled
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-GeoIP
X-Tumblr-Pixel-1
X-Adobe-Content
X-Cacheable-TTL
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Ttl
X-IPS-LoggedIn
X-Adobe-Loc
X-TX-ID
X-Origin-Response-Time
X-RequestSource
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-Presslabs-Stats
X-NWS-LOG-UUID
X-Seen-By
Cleartype
Retry-After
X-Ruxit-Js-Agent
Server-Info
X-VCache
X-Cache-TTL-Remaining
Accept-CH
X-ProcessESI
Cache
X-RemovedCookies
X-HTML-Minification-Powered-By
Liferay-Portal
X-RTag
Datacenter
Ms-Operation-Id
X-Source
X-UA
X-Cache-Control
X-L-Path
X-Dc
X-Environment-Context
X-FireWall-Port
X-Upgrade-Enabled
Healthy
X-App-Server
X-Endurance-Cache-Level
X-Cache-Server
X-CACHE-KEY
From-Origin
Accept-CH-Lifetime
X-APP-VERSION
X-PressLabs-Stats
X-Esi
X-Handled-By
X-RateLimit-Limit
Version
X-Backend-Name
X-Rule
X-Status
X-Wix-Request-Id
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-Path-Route
X-ES-SERVER
OT-Force-Account-Verify
X-Proxy-Build
X-Section
Selected-Fe
X-Timing-Wait
X-Request-Time
X-Access
X-Tb
X-Format
X-BYPASS-REASON
X-Storage
X-EIG-Tracking-Id
X-ProxyCache-Status
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-Version
X-PCL
Cache-Tags
X-Akamai-Request-ID
X-Alternate-Cache-Key
Mn-Server-Ip
X-Content-Age
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Proto
X-Origin
X-ProxyCache-Key
X-ShopId
X-OCL
Azure-InstanceId
Azure-SiteName
Azure-SlotName
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
Srv
Akamai-GRN
Azure-RegionName
X-ShardId
X-Debug-Cache
X-Time-Microsecs
X-Hyper-Cache
X-Proxy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-MP-GENERATED-AT
Decoy-Debug-TTL
X-Akamai-Request-ID2
X-Proxy-Cache-Status
X-Web-Node
X-JoinUs
Decoy-Debug-Key
Decoy-Debug-Status
DB-Nickname
X-LJ-Flow-ID
X-Cache-Host
X-Human
X-Cache-Config
Ec-Rule-Version
Node
X-Redis-Cache
X-ServerID
X-NYM-Debug-Backend
X-FC-Vary-Parameters
X-UUID
X-Generated-By
X-Vgn-Hpd-Reason
X-Viewer-Country
X-VWS-Id
X-AWS-Id
S-Rt
X-SaId
NGX
Now
X-Hl-Ver
X-Hosted-By
X-FW-Dynamic
X-Cluster-Node
TWC-Device-Class
Origin-Edge-Control
Property-Id
TWC-GeoIP-Country
X-CCM
TWC-Connection-Speed
Cross-Origin-Window-Policy
X-Detected-As
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
Webcakes-Region
X-Generated
TWC-Locale-Group
Origin-Cache-Control
X-IP
TWC-GeoIP-LatLong
X-Soup
X-Varnish-Hits
X-RCS-CacheZone
X-BCube-Filmed-By
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Qloud-Router
X-Www-Served-By
X-Origin-Hint
X-Pubstack
Accept-Charset
X-Loop
X-Amzn-Remapped-Content-Length
X-TNCMS
X-Xfnlog-Site
X-FB-TRIP-ID
GEO-INFO
X-Akamai-Transformed
X-R9-Blue-Green-Version
X-Site-Version
L5d-Success-Class
X-Locale
X-CS
X-NCache
X-Unique-Id
Cache-Name
Uber-Trace-Id
Viewport
X-Trafficlayer-App-Name
X-Drupal-Cache-Tags
X-Trafficlayer-App-Scope
Time
Webserver
Cache-Key
X-UA-Device-Type
X-Backend-TTL
X-Cache-Remote
X-UnsetCookies
X-CDN-Forward
X-From
X-Mode
Mime-Version
X-Forwarded-Host
X-Origin-CC
VIX-Pulpo-Upstream-Status
Accept-Language
X-Origin-TTL
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
Rt-Fastcgi-Cache
Country
X-Cluster-Name
X-B3-Spanid
X-Info
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-Whom
X-TT-TIMESTAMP
X-Microcachable
X-Edge-Location
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-NGENIX-Cache
X-PERF
X-ApacheServer
Content-Disposition
X-Geo
X-Daa-Tunnel
ServedBy
X-EC-Lua
X-UPSTREAM-Address
Proxy-Connection
X-Proxied
X-Zipkin-Id
X-Device-Type
Ohc-Cache-HIT
X-Routing-Service
Ohc-File-Size
X-No-Session
X-Via-Fastly
Cf-Ipcountry
X-Uri
X-SRCache-Key
X-Trv-Group
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Transaction
Apple-News-Services-Host
Apple-News-Services-Handled
X-G
X-S
X-Request-UUID
X-Rewrite-Enabled
X-Region-Sid
X-Geo-Header
X-A-Dgt
X-GeoIP-Country-Code
X-Rocket-Build-Number
X-Rojux
X-Session-Fingerprint
X-Sigma
X-ScT
X-S-Cookie
X-Twitter-Response-Tags
X-Sigma-Backend
X-VG-TLSProxy
T-Server
X-B-Cookie
X-ARC
X-Application
X-CF-Lambda-Fn
X-CF-Lambda-Version
Mobile-Detection-Method
X-Connection-Hash
Rendered-Blocks
Viewtype
VivaBuild
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
X-A-Wwc
W
X-Aed
X-Accel-Expires-Debug
AsisCache
Meta-Geo-Continent
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
X-Vdms-Version
Content-Script-Type
BehaviorPad-Version
X-External-Request-Id
X-DPWN-IS-SECURE
MD5-Digest
X-Vtex-Remote-Cache
Xc-Version
Machine
X-D
X-Date
GEO-REGION-INFO
Content-Style-Type
Fastcgi-X-Cache-Version
X-Destination
X-C
User-Cache-Control
HitType
X-PHP-Host
X-Labrador-Cache-Channel
Geo-Info
X-Distil-CS
Environment
X-WebServer
X-Wikidot-Backend
Fastly-Soc-X-Request-Id
X-Developers
X-Varnish-Authentication
X-Eu-Site
X-Tumblr-Pixel-3
CDCHOST
X-Epic-Correlation-Id
Ha-Gx-Prefs
X-VC-Cache
HA-Ipaddr
Server-Surrogate-Control
Server-Cache-Control
X-Cache-ASPX
X-Backend-State
X-Auto-Login
Section-Io-Cache
X-App-Name
X-Cache-Debug
X-CGP
Locid
IsBot
X-Wikidot-Static-Cache
X-CUA
Powered-By
X-Contensis-Viewer-Groups
X-TrackingId
Gh-Request-Id
X-Hit
X-Render-Time
X-SIPLIST1
X-Real-IP
X-GoCache-CacheStatus
X-Cache-Time
X-Nc
X-Block-Status
X-Hnp-Log
X-Bip
X-BBXSRF
X-LI-UUID
X-Nginx-Cache-Key
X-IN-APIGATEWAY
X-NX-Host
X-Li-Pop
X-Li-Fabric
X-Hash
X-LI-Proto
X-Cdn-Srv
X-TH-Server
X-Cache-Info
X-Cache-URL
X-Cache-Bucket
X-IN-APIGATEWAYSSL
Fastly-SWR
X-Agile
X-Agile-Age
X-Key
X-Clientip
X-Servername
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Fastly-SIE
X-Agile-Id
X-VServer
X-User
X-Origin-Date
X-Irp-Debug
X-AK-Request-ID
Countrycode
X-We-Are-Hiring
X-Azure-Ref
X-Origin-Expires
X-Dispatcher-Server
X-Server-W
X-WADP-Cache
X-Request-URI
X-Generated-In
X-Debug-Log
X-Webstats-RespID
X-Generation-Time
X-Distributor
X-Gen-Mode
X-Fetched-On
X-TT-LOGID
X-Fastly-Cache
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Sucuri-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Logging-Id
X-GeoIP-City
IBM-Web2-Location
X-OVcl
Fastly-SSL
X-Core-Mission
Memcached
X-Cms-Context
X-Thanos
X-FW-Version
Access-Control-Request-Headers
X-OVcl-Cache
X-RateLimit-Limit-Second
X-Debug-Cookies
X-RateLimit-Remaining-Second
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Proxy-Upstream
X-Debug-Cache-Expiry
X-Clara-WADP
X-Gamma-Serve
RNT-Time
Country-Code
Cdnsip
Cdncip
AKAMAI
RNT-Machine
Fastly-Backend-Name
Locale
Mail-Subject
Kp-EeAlive
Request-Country
Request-EU
Server-Int
Server-ID
We-Hiring
Web-Mar-Node
True-Client-Country-4JS
V-Age
X-Oneagent-Js-Injection
Heartbleed
X-Varnish-Beresp-Grace
FNAC-ModuleRouting
X-Varnish-Beresp-Status
X-Nginx-Cache
X-Instart-Isnd
X-Up
X-Cache-Tags
X-Internal-Host
X-Varnish-Beresp-Ttl
X-Has-Esi
X-Ms-Version
ServerName
Cache-Host
X-Core-Value
X-Ms-Request-Id
X-Micro-Cache
X-Old-Content-Length
X-Owner
X-NodeID
X-Matched-Rule
Is-Eu
X-Trace-Id
Thinkindot-CacheControl
X-Thinkindot-L3
X-Swa-Ws
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
Wxu-Next-Commit
Wxu-Next-Hostname
Adler-Geo
X-Variation
X-Trafficlayer-App-Version
X-Req
X-Reboot
PFcat
X-TA-CDN-Provider
Wxu-Next-Region
Platform
X-Is-Gdpr
X-Cache-Backend
X-JWT-State
X-Platform-Server
X-NU-AKA-ACS-Version
X-ServiceProvider
X-Response-By
X-S-Maxage
X-Level-Front-Cache
X-Service
Filterid
X-App-Version
X-SERVER
X-Location
Cache-Hits
X-Generated-On
X-Lb-Id
X-Air-Hostname
RequestId
X-B3-Parentspanid
X-Refresh
X-CSRF-TOKEN
X-Var-Ttl
X-Parent-Response-Time
Pragrma
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Expired-At
Group
X-Tec-Api-Origin
X-NC
ProcessTime
X-Tec-Api-Version
X-Tec-Api-Root
Memory
S-Cnection
X-CF-Powered-By
X-Wa
Powered-By-ChinaCache
X-Ua
X-B3-SpanId
X-Cdn-Forward
X-Pjax-Url
Origin
X-BACKEND-TTL
X-Server-IP
User-Agent
X-Pf-Uncompressing
X-CSRF-Token
X-Correlation-ID
SRV
X-Cdn-Request-ID
X-Varnish-Cacheable
TTL
Geoip-Latitude
Media-Length
PICS-Label
X-Sucuri-ID
X-NWS-UUID-VERIFY
GeoIp-Country-Code
Geoip-City
X-COUNTRY
X-Vcl-Version
X-Via-CDN
X-NGINX-Cache
X-Unique-ID
X-Sucuri-Id
X-Developer
Dnion-Transfer-Encoding
X-Servedbyhost
X-Oracle-Dms-Rid
X-Sn-Servicetimems
X-Cdn-Origin
X-LAGOON
SN
X-Cache-Grace
X-Webkit-CSP
X-Device-Os
X-Rocket-Nginx-Bypass
X-Litespeed-Cache
X-Node-Id
X-AIR-PT
X-Via-Ucdn
X-Reqid
Esi-Enabled
X-Varnish-Ttl
M-TraceId
On-Server
X-Ocache
XServer
X-TIME
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Policy
X-HS-Status
X-MSEdge-Features
X-Request-Host
X-MSEdge-Flight
A
X-Planisys-CDN-Rules
X-Cache-Status-Check
X-FORWARDED-FOR
X-Request-Start
X-Azure-Ref-OriginShield
Hostname
X-Oss-Object-Type
HostName
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Beluga-Record
X-Beluga-Cache-Status
X-Beluga-Node
Resin-Trace
Rt-Proxy-Cache
X-Beluga-Response-Time
X-Beluga-Status
Cloudfront-Viewer-Country
X-Beluga-Trace
Cdn
Who
X-Cache-Ttl
X-Fastly-Country-Code
X-Ftr-Cache-Host
X-VHOST
X-ServedByHost
X-Varnish-URL
NtCoent-Length
Host-ID
X-VCL-Version
X-Ratelimit-Remaining
GeoIP-Country-Code
Magicmarker
X-Method
CF-Cached-On
X-DC
GeoIP-Latitude
Ttl
X-Zone
X-APP
X-Bc
Pics-Label
X-LiteSpeed-Cache-Control
MIME-Version
Tcn
GeoIP-City
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Slack-Backend
Cteonnt-Length
Load-Balancing
X-DW
X-DSS
X-VarnishDD-TTL
X-Newrelic-App-Data
X-RPS
X-RPM
Ohc-Response-Time
X-DI
X-RSL
X-Be
X-PF-Uncompressing
X-Action
X-DB
X-Svr
X-FPC
X-Cache-FS-Status
Arc-Country
X-PJAX-URL
X-Ftr-Request-Id
X-Ratelimit-Limit
Vix-Hermes-Req-Id
X-PAYTM-SRV-ID
X-Swift-Error
Amp-Access-Control-Allow-Source-Origin
X-Dispatch
DSUID
WebServer
X-Processor
X-SRV
X-Server-Time
X-Skip-Cache
Release
X-MServer
CACHE
X-VCT
Processtime
X-Hp-Ccpa-Warning
X-ND-Cache
Pramga
Fastly-Drupal-HTML
X-Tid
X-Dynatrace
X-ABtesting
X-Hello
X-DevSite-Last-Modified
X-BE
X-Flog
Servername
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
Cache-Provider
X-Configured-By
X-Aicache-OS
N-Cache
Cdn-Request-Time
Cdn-Host
X-ID
X-HostName
X-Edge-Server
X-Frame-Option
X-Served-From
X-WA
X-Bc-Bl
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
SD-X-WS
X-StackifyID
CF-IPCountry
X-Ftr-Backend
X-Ftr-Backend-Server
CDN
X-Branch-Name
X-Snapshot-Date
X-LB-ID
X-Ftr-Dc
X-Ftr-Realm
X-Fastly-Cache-Hits
Pagetype
X-Upstream-Ht
X-Upstream-Ct
Dynatrace
Lfy
X-SD-PageType
X-Ftr-Balancer
Requestid
X-CACHE-AGE
Proxy-Firewall
X-Compress-Hint
X-ZONE
V-Cache
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Access-Object
L
X-Backend-Host
X-Varnish-Beresp-TTL
X-Cc-Via
X-Cc-Req-Id
Warning
D-Cc-Upstream
X-Request-Url
X-VC
X-Edge-IP
X-SN
X-SB
X-Cache-Id
Section-Io-Origin-Status
WZWS-RAY
X-WPE-Loopback-Upstream-Addr
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Lb
X-ServerName
X-App
WP-Super-Cache
X-Request-URL
X-BC
X-Release
X-Check-Cacheable
X-Fastly-Cache-Status
X-Worker
X-ElasticPress-Search
X-Powered-Y
Backend-Name
Correlation-Id
X-Via-NSCOPI