Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
X-UA-Device
X-Ws-Request-Id
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
Accept-Ch
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-TTL
X-FTR-Request-ID
Verso
X-ESI
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-Forwarded-Proto
X-Version
X-B3-TraceId
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
Edge-Cache-Tag
RTSS
AR-ATIME
X-Px
AR-Request-ID
Ar-Sid
AR-CACHE
AR-PoweredBy
X-D2id
X-Debug
X-Abt-Application-Version
X-NF-Request-ID
Charset
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-Powered-CMS
X-MSEdge-Ref
X-Server-Name
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Middleton-Response
X-Vcap-Request-Id
Response
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-SharePointHealthScore
TCN
X-VARITI-CCR
X-Cdn
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
X-Fastcgi-Cache
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Upstream
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
X-Id
SPRequestDuration
SPIisLatency
X-Hp-Webp
Nginx-Cache
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Content-Type
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Amzn-Trace-Id
X-Recruiting
X-Grace
X-Forwarded-For
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
ServerID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
Nel
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Frontend
Powered
X-GUploader-UploadID
X-Edge-O15-RID
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Server-Name
Alternate-Protocol
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-Cache-TTL
X-Logged-In
TP-L2-Cache
TP-Cache
Server-Node
X-Correlation-Id
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
X-Jurisdiction
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Server-ID
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-Origin-Server
X-Page-Id
X-User-Agent
X-Content-Security-Policy-Report-Only
Refresh
X-Content-Options
X-F-Cache
X-Rid
X-Revision
X-Cache-Hit
X-Akamai-Edgescape
X-Varnish-Grace
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Type
X-XRDS-LOCATION
Fastly-Restarts
X-B3-Sampled
X-Content-Powered-By
X-Zen-Fury
X-Analytics
X-Pad
X-URL
X-Geo-Country
X-LB-Cache
X-AppVersion
X-Activity-Id
X-Az
X-B
X-N
X-RateLimit-Remaining
X-Kinsta-Cache
X-FTR-Cache-Host
X-Ruxit-Js-Agent
PB-RID
PB-PID
X-CST
X-Cache-Age
X-TT
Arc-Version
X-Mobile-Rewrite
X-WebKit-CSP-Report-Only
X-Request-Guid
Cache-Status
X-Jobs
X-AOL-HN
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-User
X-Signature
X-Framework
X-App-Environment
X-Tumblr-Pixel-0
X-B-Cache
X-Instance
DC
X-Tumblr-Pixel
X-Debug-Info
Access-Control-Allow-Method
X-FB-Debug
X-PHP-Backend
X-Load-Cache
X-Cache-Action
X-Time
X-Varnish-Backend
Surrogate-Key
X-Git-Hash
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Ttl
X-FastCGI-Cache
Host-Header
X-Tt-Trace-Tag
X-Cached-By
X-Contextid
X-IPLB-Instance
X-Amz-Replication-Status
MS-CV
X-SS-Set-Cookie
FilterID
X-Tt-Trace-Host
X-Cluster
Tracecode
X-ATG-Version
X-Cache-Key
Frame-Options
NGB
X-Accel-Buffering
X-Response-Served-From
X-Srv
X-FW-Server
X-RequestSource
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Cache-NE
X-WA-Info
WPE-Backend
Payment
X-Varnish-Server
X-Cache-2
Eomportal-Instance
Host
X-Region
Xserver
X-Varnish-Hostname
X-TX-ID
X-Rendered-As
X-Cache-Enabled
X-IPS-LoggedIn
X-Is-Bot
X-GeoIP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cacheable-TTL
Source
X-Adobe-Content
X-Adobe-Loc
Filters
X-Mobile
Cache-Tv-Group
X-Host-Name
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NewRelic-App-Data
Cleartype
X-Seen-By
X-Cache-Operation
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-Cache-TTL-Remaining
X-Origin-Response-Time
X-Via-JSL
X-Hostname
Cache
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-VCache
X-B3-Traceid
Accept-CH
X-Cache-Control
X-PressLabs-Stats
X-HTML-Minification-Powered-By
Healthy
Datacenter
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Server-Info
Retry-After
X-ProcessESI
X-RemovedCookies
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-Presslabs-Stats
Liferay-Portal
X-Dc
X-Source
X-Rule
X-NWS-LOG-UUID
X-Cache-Server
X-Environment-Context
X-L-Path
X-UA
X-FireWall-Port
X-CACHE-KEY
From-Origin
Version
X-Status
X-Endurance-Cache-Level
X-Esi
Accept-CH-Lifetime
X-Wix-Request-Id
X-Upgrade-Enabled
X-Cache-Var-Map
Meta-Geo
X-Handled-By
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-Cache-Var
X-Proxy-Build
X-RCS-CacheZone
OT-Force-Account-Verify
Selected-Fe
Mn-Server-Ip
X-Content-Age
X-Timing-Wait
Webcakes-Region
Azure-SlotName
Webcakes-App-Name
X-Origin-Hint
X-Akamai-Request-ID
Webcakes-App-Version
X-Alternate-Cache-Key
X-Storage
X-Tb
Azure-Version
X-AWS-Id
X-LJ-Flow-ID
TWC-Privacy
TWC-GeoIP-LatLong
Property-Id
X-Qloud-Router
X-Proto
Azure-InstanceId
Akamai-GRN
X-Format
TWC-Connection-Speed
Azure-SiteName
TWC-GeoIP-Country
TWC-Device-Class
Azure-RegionName
TWC-Locale-Group
X-Backend-Name
X-Access
X-Shopify-Generated-Cart-Token
X-ShopId
X-Request-Time
X-ShardId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FW-Dynamic
X-VWS-Id
X-EIG-Tracking-Id
X-Section
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Cache-Tags
Origin-Cache-Control
Now
Origin-Edge-Control
X-Proxy
X-Vgn-Hpd-Reason
X-Cluster-Node
Decoy-Debug-Key
X-Debug-Cache
X-Soup
X-Time-Microsecs
Decoy-Debug-Status
Decoy-Debug-TTL
NGX
X-UUID
Ec-Rule-Version
Node
X-Viewer-Country
X-Hosted-By
X-Hyper-Cache
X-SaId
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Origin
X-FC-Vary-Parameters
X-OCL
X-Human
X-JoinUs
X-Cache-Host
X-ServerID
X-Hl-Ver
X-Web-Node
X-ProxyCache-Status
X-Cache-Config
S-Rt
X-ProxyCache-Key
X-Generated-By
X-Proxy-Cache-Status
X-Redis-Cache
X-Xfnlog-Site
X-PCL
X-Pubstack
DB-Nickname
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Www-Served-By
X-CCM
X-BCube-Filmed-By
X-Detected-As
X-MP-GENERATED-AT
X-Varnish-Hits
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Locale
X-IP
X-Site-Version
X-Generated
X-NYM-Debug-Backend
Cross-Origin-Window-Policy
X-FB-TRIP-ID
X-TNCMS
X-Loop
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
L5d-Success-Class
X-APP-VERSION
Cache-Name
Viewport
Srv
X-CS
X-Akamai-Transformed
Webserver
Uber-Trace-Id
Accept-Charset
Time
X-Unique-Id
X-NCache
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Tags
GEO-INFO
X-UA-Device-Type
X-Cache-Remote
X-From
X-TT-TIMESTAMP
X-Cluster-Name
Cache-Key
X-Backend-TTL
X-CDN-Forward
X-Edge-Location
X-Drupal-Cache-Contexts
Accept-Language
X-Origin-TTL
X-Origin-CC
X-Mode
Country
Odigeo-Trace-Id
Mime-Version
X-EC-Lua
X-Newrelic-Synthetics
X-Microcachable
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-B3-Spanid
X-Forwarded-Host
X-Info
Ohc-Cache-HIT
Ohc-File-Size
X-No-Session
X-Geo
X-UnsetCookies
Proxy-Connection
X-PERF
X-ApacheServer
X-Magnolia-Registration
X-Whom
X-Zipkin-Id
X-Varnish-Cache-Hits
ServedBy
X-Proxied
X-Routing-Service
Content-Disposition
X-UPSTREAM-Address
X-App-Version
Geo-Info
X-Labrador-Cache-Channel
X-PHP-Host
X-Real-IP
Fastly-SSL
X-External-Request-Id
X-Request-UUID
X-Rewrite-Enabled
VivaBuild
X-Rojux
GEO-REGION-INFO
X-Region-Sid
X-ARC
X-S
X-B-Cookie
X-SRCache-Key
X-DPWN-IS-SECURE
X-SIPLIST1
X-Session-Fingerprint
X-G
X-S-Cookie
Viewtype
Fastcgi-X-Cache-Version
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Wwc
X-Accel-Expires-Debug
X-Device-Type
X-Aed
X-A-Ccd
X-A
Content-Script-Type
Content-Style-Type
IsBot
X-Geo-Header
X-GeoIP-Country-Code
AsisCache
BehaviorPad-Version
X-Application
X-ScT
Meta-Geo-Continent
X-VG-WebServer
X-CF-Lambda-Fn
X-Trv-Group
X-CF-Lambda-Version
X-VG-WebCache
X-Vdms-Version
Xc-Version
X-D
Mobile-Detection-Method
X-Twitter-Response-Tags
X-Transaction
X-Date
X-Cache-Time
X-Vtex-Processado-Em
MD5-Digest
X-Destination
T-Server
Rendered-Blocks
Machine
X-Vtex-Remote-Cache
Cf-Ipcountry
X-Connection-Hash
User-Cache-Control
X-C
X-NGENIX-Cache
X-Via-Fastly
RNT-Time
Wxu-Next-Region
X-Core-Mission
Powered-By
X-Uri
X-Contensis-Viewer-Groups
Fastly-Backend-Name
Server-Surrogate-Control
Gh-Request-Id
Server-Int
RNT-Machine
X-Cache-Debug
X-Bip
X-Cache-ASPX
Locid
X-Auto-Login
FNAC-ModuleRouting
Environment
Wxu-Next-Commit
X-CUA
X-Developers
Server-Cache-Control
Fastly-Soc-X-Request-Id
X-Cache-URL
Wxu-Next-Hostname
X-Req
X-VC-Cache
W
Apple-News-Services-Handled
X-Varnish-Authentication
X-Nginx-Cache-Key
X-WebServer
X-Wikidot-Backend
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Wikidot-Static-Cache
Apple-News-Services-Request-Url
X-Thanos
X-App-Name
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
X-Logging-Id
X-TrackingId
Access-Control-Request-Headers
X-VG-TLSProxy
X-Tumblr-Pixel-3
X-Cache-Backend
X-TT-LOGID
X-Clara-WADP
X-Webstats-RespID
X-Cms-Context
X-Urbn-Context-Path
X-Urbn-Site-Id
X-VServer
X-WADP-Cache
X-User
X-We-Are-Hiring
X-Clientip
HA-Ipaddr
X-Distil-CS
X-CGP
X-Backend-State
X-Epic-Correlation-Id
X-Eu-Site
X-Sucuri-Cache
X-Render-Time
X-Hit
X-Agile-Id
X-Agile-Age
X-Debug-Cache-Expiry
Ha-Gx-Prefs
CDCHOST
X-Cache-Bucket
X-Block-Status
X-Azure-Ref
X-BBXSRF
X-Agile
X-Cache-Info
X-Debug-Cache-Store
X-Hash
X-GoCache-CacheStatus
X-Hnp-Log
X-IN-APIGATEWAY
X-NodeID
X-NX-Host
X-GeoIP-City
X-OVcl
X-Origin-Expires
X-Generation-Time
X-Origin-Date
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Key
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Location
X-Micro-Cache
X-Ms-Version
X-Internal-Host
X-Ms-Request-Id
X-Irp-Debug
X-Generated-In
X-Gen-Mode
X-SVT-ORM-VERSION
X-Dispatcher-Server
X-Distributor
X-SVT-ORM-RULES
X-Swa-Ws
X-TH-Server
X-LI-UUID
X-Debug-Cookies
X-Trace-Id
X-Debug-Log
X-Request-URI
X-AK-Request-ID
X-Proxy-Upstream
X-Owner
X-Gamma-Serve
X-OVcl-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Fastly-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-FW-Version
X-Debug-Cache-Fetch
X-Cdn-Srv
Kp-EeAlive
IBM-Web2-Location
Heartbleed
Locale
Mail-Subject
Request-EU
Request-Country
Memcached
Fastly-SWR
Fastly-SIE
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
AKAMAI
Cache-Host
Countrycode
Country-Code
Cdnsip
Section-Io-Cache
Cdncip
Server-ID
Web-Mar-Node
We-Hiring
True-Client-Country-4JS
V-Age
HitType
X-B3-Parentspanid
Is-Eu
X-JWT-State
X-Is-Gdpr
X-Level-Front-Cache
Thinkindot-Control
X-NU-AKA-ACS-Version
Adler-Geo
X-Has-Esi
X-Old-Content-Length
X-Generated-On
X-Server-W
Thinkindot-CacheControl-Type
X-Matched-Rule
Thinkindot-CacheControl
X-Reboot
X-Cache-Tags
X-Trafficlayer-App-Version
Server-Host
X-Variation
X-Up
ServerName
Platform
X-Core-Value
X-Platform-Server
X-Thinkindot-L3
X-ServiceProvider
X-Service
PFcat
X-S-Maxage
X-TA-CDN-Provider
X-Daa-Tunnel
X-Nginx-Cache
X-Fetched-On
X-Response-By
Cache-Hits
X-Refresh
X-SERVER
X-Nc
X-Servername
X-Lb-Id
RequestId
X-B3-SpanId
X-Server-IP
X-Tb-Optimization-Total-Bytes-Saved
X-NC
X-CSRF-TOKEN
X-CF-Powered-By
Filterid
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Parent-Response-Time
ProcessTime
Memory
X-Cdn-Request-ID
Media-Length
X-Wa
X-Ua
Origin
X-Air-Hostname
X-Cdn-Forward
User-Agent
X-Var-Ttl
Pragrma
X-Pjax-Url
Group
X-Cache-Expired-At
X-CSRF-Token
X-Pf-Uncompressing
X-BACKEND-TTL
X-Correlation-ID
X-Unique-ID
SRV
Powered-By-ChinaCache
TTL
X-Sucuri-Id
S-Cnection
Geoip-Latitude
X-COUNTRY
X-AIR-PT
X-Vcl-Version
X-FORWARDED-FOR
X-Reqid
X-NGINX-Cache
Esi-Enabled
GeoIp-Country-Code
X-Rocket-Nginx-Bypass
X-Sucuri-ID
X-Planisys-CDN-Rules
X-Policy
X-Planisys-CDN-Cache
PICS-Label
X-TIME
X-Planisys-CDN-TTL
X-Varnish-Cacheable
X-Servedbyhost
X-Azure-Ref-OriginShield
X-Webkit-CSP
X-Request-Start
X-Litespeed-Cache
SN
HostName
Rt-Proxy-Cache
X-Via-Ucdn
Geoip-City
Dnion-Transfer-Encoding
X-Via-CDN
XServer
M-TraceId
X-HS-Status
X-Fastly-Country-Code
X-Developer
X-NWS-UUID-VERIFY
X-Ocache
X-Method
X-Cache-Grace
X-Node-Id
Tcn
X-Sn-Servicetimems
X-LAGOON
X-Device-Os
X-Cdn-Origin
Magicmarker
Load-Balancing
On-Server
Resin-Trace
X-Cache-Ttl
Who
X-VHOST
X-Ftr-Cache-Host
X-MSEdge-Flight
A
X-Request-Host
Cdn
X-MSEdge-Features
X-ServedByHost
CF-Cached-On
Ohc-Response-Time
DSUID
X-VCL-Version
NtCoent-Length
Pics-Label
GeoIP-Country-Code
X-Be
MIME-Version
Release
X-Svr
X-MServer
X-DC
X-VCT
X-APP
X-Oss-Server-Time
X-Oss-Storage-Class
Cloudfront-Viewer-Country
X-Beluga-Record
X-Bc
Vix-Hermes-Req-Id
X-Beluga-Status
X-Beluga-Response-Time
GeoIP-Latitude
X-Oss-Object-Type
X-Beluga-Trace
X-Oss-Request-Id
X-Beluga-Node
Ttl
X-Oss-Hash-Crc64ecma
X-Zone
X-Beluga-Cache-Status
X-Cache-Status-Check
X-Hp-Ccpa-Warning
Hostname
X-Oracle-Dms-Rid
X-VarnishDD-TTL
X-Varnish-Url
Cteonnt-Length
X-Varnish-URL
GeoIP-City
X-Fastly-Backend-Reqs
X-LiteSpeed-Cache-Control
X-Configured-By
Host-ID
X-Newrelic-App-Data
X-PJAX-URL
X-PF-Uncompressing
X-SERVER-NAME
X-Ftr-Request-Id
X-SD-PageType
X-SRV
X-Upstream-Ct
X-Upstream-Ht
SD-X-WS
X-HostName
X-Ratelimit-Remaining
X-WR-MODIFICATION
X-BE
Processtime
X-SN
X-Aicache-OS
X-Dynatrace
X-Tid
X-Compress-Hint
X-Cache-Id
X-Slack-Backend
X-Dynatrace-Js-Agent
Servername
X-RSL
X-RPS
X-LB-ID
X-RPM
X-Swift-Error
X-Release
X-ID
X-DW
X-DB
CACHE
L
X-Action
Cache-Provider
WebServer
X-Via-NSCOPI
X-DI
X-DSS
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
X-Processor
X-Server-Time
X-Skip-Cache
X-PAYTM-SRV-ID
Pramga
X-StackifyID
Arc-Country
X-Cache-FS-Status
X-Dispatch
X-FPC
X-Ftr-Realm
X-ServerName
X-Ratelimit-Limit
Requestid
Pagetype
X-Fastly-Cache-Hits
Dynatrace
X-Ftr-Dc
X-Scheme
CF-IPCountry
X-Ftr-Backend
X-Ftr-Backend-Server
X-Ftr-Balancer
Lfy
LB
X-Branch-Name
X-Snapshot-Date
CDN
X-CACHE-AGE
X-Cc-Via
X-Cc-Req-Id
D-Cc-Upstream
X-Apw-Hits
X-Flog
X-Hello
X-Node-ID
X-ND-Cache
Cache-Cookie-Set-Idcheck
X-DevSite-Last-Modified
X-Request-Url
Warning
X-Apw-Access-Object
X-Apw-Access-Token
X-ZONE
X-Apw-Access-Action
Proxy-Firewall
X-ABtesting
Fastly-Drupal-HTML
V-Cache
UCS
X-VC
X-Varnish-Beresp-TTL
Cache-Cookie-Set-From
X-SB
X-Edge-IP
Cache-Cookie-Set-Lfrom
NnCoection
CloudFront-Viewer-Country
X-Check-Cacheable
X-BC
X-App
X-ElasticPress-Search
WP-Super-Cache
X-Worker
Correlation-Id
Backend-Name
X-Litespeed-Cache-Control
Lb
X-Request-URL
X-Powered-Y
X-Fastly-Cache-Status