Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-Ua-Compatible
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
P3p
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
CF-Ray
X-AH-Environment
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Ws-Request-Id
X-Varnish-Cache
Feature-Policy
Server-Timing
X-Dns-Prefetch-Control
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
Content-Location
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-DataDome
X-Application-Context
NEL
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Accept-Ch
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-TTL
X-FTR-Request-ID
Verso
X-ESI
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Use-Magma
Edge-Cache-Tag
X-Px
RTSS
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-CACHE
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
SPRequestGuid
X-Server-Name
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Vcache
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Vcap-Request-Id
Display
X-Sol
X-Navigation-Version
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
TCN
X-Cdn
Realpath
X-VARITI-CCR
Public-Key-Pins
Cache-Tag
X-Fastcgi-Cache
Access-Control-Request-Method
X-Client-IP
S
X-Upstream
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Ser
MS-Author-Via
SPRequestDuration
SPIisLatency
X-Id
X-Shard
X-Hp-Webp
X-Forwarded-For
X-Ezoic-Cdn
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
DynaTrace
X-Mrf-Item-Lastmod
Nginx-Cache
X-T
X-Amz-Meta-S3cmd-Attrs
X-Content-Type
X-Amzn-Trace-Id
X-Recruiting
X-Grace
Front-End-Https
Fastcgi-Cache
X-Hits
X-Varnish-Age
X-DIS-Request-ID
ServerID
X-Server-ID
MicrosoftSharePointTeamServices
X-Mobile-URL
NR-ENABLED
X-Dw-Request-Base-Id
X-Node-Name
X-Content-Digest
X-Element-Page-Cache
X-Frontend
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-HS-Content-Id
X-HS-Cache-Config
X-Goog-Stored-Content-Length
X-HS-Combine-CSS
X-Goog-Stored-Content-Encoding
Powered
X-HS-Hub-Id
X-Goog-Storage-Class
Server-Name
X-FTR-Cache-Status
X-FTR-Expires
X-Edge-O15-RID
X-Country-Code-Real
Alternate-Protocol
X-Logged-In
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
TP-L2-Cache
TP-Cache
Server-Node
X-Correlation-Id
X-Cache-TTL
X-Webkit-Csp
X-Webapp-Samesite-None-Activated-N
X-Shield-Request-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
Nel
Upgrade-Insecure-Requests
X-Jurisdiction
X-Page-Id
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Content-Options
X-User-Agent
X-Revision
Refresh
X-Rid
X-Akamai-Edgescape
X-Amz-Apigw-Id
X-Amzn-RequestId
X-F-Cache
X-Varnish-Grace
X-Cache-Hit
Backend-Timing
X-ATS-Timestamp
X-Type
X-XRDS-LOCATION
Fastly-Restarts
X-Pad
X-Content-Powered-By
X-Geo-Country
X-Analytics
X-URL
X-Activity-Id
X-AppVersion
X-N
X-Az
X-LB-Cache
X-Zen-Fury
X-B
X-B3-Sampled
X-RateLimit-Remaining
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-Cache-Age
X-TT
PB-PID
X-WebKit-CSP-Report-Only
X-AOL-HN
PB-RID
DC
Actual-Object-TTL
X-Framework
X-App-Environment
Paypal-Debug-Id
X-Instance
X-Tumblr-User
X-Jobs
X-Request-Guid
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Mobile-Rewrite
Access-Control-Allow-Method
X-Signature
Arc-Version
X-B-Cache
X-Debug-Info
X-CST
X-PHP-Backend
X-FB-Debug
Cache-Status
X-Load-Cache
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cache-Action
Surrogate-Key
X-Git-Hash
X-Ttl
Fastcgi-Useragent
X-Varnish-Backend
X-FastCGI-Cache
FilterID
Host-Header
X-Time
X-IPLB-Instance
X-Cached-By
X-Tt-Trace-Tag
MS-CV
X-Contextid
X-SS-Set-Cookie
X-Amz-Replication-Status
X-Tt-Trace-Host
X-Cluster
X-Cache-Key
X-ATG-Version
Tracecode
Frame-Options
X-Srv
X-Response-Served-From
NGB
X-Accel-Buffering
WPE-Backend
X-B3-Traceid
Payment
X-Varnish-Server
Source
Eomportal-Instance
X-GeoIP
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-Cache-Enabled
X-WA-Info
Cache-Tv-Group
Filters
X-Adobe-Loc
X-Varnish-Hostname
Host
X-FW-Type
X-Region
X-RequestSource
X-Cache-2
X-FW-Static
X-FW-Server
X-Cache-NE
X-FW-Hash
X-FW-Serve
Xserver
X-Adobe-Content
X-Oneagent-Js-Injection
X-Host-Name
X-Mobile
X-Rendered-As
X-Is-Bot
X-TX-ID
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cleartype
X-Seen-By
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Cache-Rule
X-Cache-Operation
Cache
X-Via-JSL
X-EdgeConnect-Cache-Status
X-Origin-Response-Time
X-NewRelic-App-Data
X-VCache
Healthy
X-Cache-Control
X-Hostname
X-Cache-TTL-Remaining
X-PressLabs-Stats
X-HTML-Minification-Powered-By
Datacenter
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Accept-CH
Retry-After
X-RTag
Ms-Operation-Id
Server-Info
X-RateLimit-Limit
X-ProcessESI
X-RemovedCookies
X-Rule
X-Dc
X-Presslabs-Stats
From-Origin
Liferay-Portal
X-CACHE-KEY
Version
X-Status
X-Cache-Server
X-Wix-Request-Id
X-UA
X-Esi
X-Environment-Context
X-Source
X-FireWall-Port
X-L-Path
X-Endurance-Cache-Level
X-NWS-LOG-UUID
X-Upgrade-Enabled
Accept-CH-Lifetime
X-Aspnetmvc-Version
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-Path-Route
X-Cache-Var
X-RN-RSRV
X-Handled-By
OT-Force-Account-Verify
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-UUID
X-ShopId
X-Tb
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Storage
X-Sorting-Hat-ShopId
X-Content-Age
X-ShardId
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-Proto
X-Shopify-Stage
X-Hyper-Cache
X-Backend-Name
X-Alternate-Cache-Key
X-EIG-Tracking-Id
X-Hl-Ver
Decoy-Debug-Status
Decoy-Debug-Key
Ec-Rule-Version
L5d-Success-Class
X-Debug-Cache
Origin-Edge-Control
X-BYPASS-REASON
X-Akamai-Request-ID2
Now
S-Rt
X-Cache-Config
X-Cache-Host
X-FC-Vary-Parameters
NGX
Node
Origin-Cache-Control
X-Generated-By
X-Origin
X-Format
X-SaId
X-ServerID
X-Web-Node
Akamai-GRN
X-Pubstack
Azure-SlotName
X-Viewer-Country
X-ProxyCache-Key
X-ProxyCache-Status
TWC-Connection-Speed
X-Soup
TWC-GeoIP-Country
X-Section
TWC-GeoIP-LatLong
X-Request-Time
Property-Id
X-Time-Microsecs
TWC-Locale-Group
X-FW-Dynamic
TWC-Device-Class
TWC-Privacy
Cache-Tags
X-Origin-Hint
Azure-SiteName
X-Qloud-Router
X-VWS-Id
X-OCL
Webcakes-App-Version
X-LJ-Flow-ID
X-Human
Webcakes-Region
X-JoinUs
Azure-RegionName
DB-Nickname
Azure-InstanceId
X-PCL
Azure-Version
X-Proxy
X-Akamai-Request-ID
X-Access
X-AWS-Id
Webcakes-App-Name
X-Vgn-Hpd-Reason
X-Hosted-By
Decoy-Debug-TTL
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-IP
X-Locale
Mn-Server-Ip
X-CCM
X-MP-GENERATED-AT
X-BCube-Filmed-By
X-NYM-Debug-Backend
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
X-Say-Cacheable
X-Varnish-Hits
X-Www-Served-By
X-Redis-Cache
X-RCS-CacheZone
X-Generated
X-Xfnlog-Site
X-Cluster-Node
X-Proxy-Cache-Status
X-Amzn-Remapped-Content-Length
X-TNCMS
X-Detected-As
X-FB-TRIP-ID
Webserver
Cache-Name
X-Loop
Cross-Origin-Window-Policy
X-App-Server
X-R9-Blue-Green-Version
Srv
X-CS
Uber-Trace-Id
Viewport
VIX-Pulpo-Node
Time
VIX-Pulpo-Upstream-Status
X-Akamai-Transformed
X-Drupal-Cache-Tags
Accept-Charset
X-NCache
X-APP-VERSION
X-From
X-Cache-Remote
X-Unique-Id
X-UA-Device-Type
GEO-INFO
X-TT-TIMESTAMP
X-Cluster-Name
X-Edge-Location
X-Drupal-Cache-Contexts
Mime-Version
X-Origin-CC
Cache-Key
X-Origin-TTL
Accept-Language
X-EC-Lua
X-Backend-TTL
Country
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-CDN-Forward
X-Microcachable
X-Mode
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
Ohc-File-Size
X-B3-Spanid
Ohc-Cache-HIT
X-No-Session
X-Forwarded-Host
X-Geo
X-Info
X-App-Version
Proxy-Connection
X-Magnolia-Registration
X-UPSTREAM-Address
X-PHP-Host
X-Labrador-Cache-Channel
X-Whom
ServedBy
Content-Disposition
X-UnsetCookies
X-Real-IP
Geo-Info
X-Varnish-Cache-Hits
X-Zipkin-Id
X-Routing-Service
Cf-Ipcountry
X-ApacheServer
Fastly-SSL
X-Proxied
X-PERF
X-Cache-Time
X-Region-Sid
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-Date
X-B-Cookie
X-ARC
X-Application
T-Server
X-CF-Lambda-Fn
Rendered-Blocks
X-CF-Lambda-Version
Viewtype
VivaBuild
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
X-A-Ccd
X-Aed
X-A
Powered-By
X-Connection-Hash
X-G
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Content-Style-Type
Content-Script-Type
BehaviorPad-Version
X-GeoIP-Country-Code
X-External-Request-Id
X-DPWN-IS-SECURE
X-D
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
X-Rojux
X-Destination
Machine
AsisCache
X-Request-UUID
X-VG-WebCache
X-Vdms-Version
X-Trv-Group
X-VG-WebServer
X-S
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Transaction
X-Twitter-Response-Tags
X-ScT
X-SRCache-Key
X-S-Cookie
X-Session-Fingerprint
X-Device-Type
Access-Control-Request-Headers
User-Cache-Control
X-Cache-ASPX
Server-Cache-Control
X-Bip
X-Tumblr-Pixel-3
X-Rocket-Build-Number
Server-Surrogate-Control
X-Varnish-Authentication
X-Cache-Backend
X-Sigma
X-WebServer
X-CUA
IsBot
Gh-Request-Id
X-Contensis-Viewer-Groups
X-VG-TLSProxy
X-Logging-Id
X-Geo-Header
Environment
X-Cache-Debug
W
X-Thanos
X-TrackingId
X-Auto-Login
X-Sigma-Backend
X-SIPLIST1
X-Varnish-Beresp-Grace
X-Uri
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-C
X-Ah-Environment
Locid
X-Agile
X-Agile-Id
RNT-Machine
X-Wikidot-Backend
X-Agile-Age
Apple-News-Services-Handled
X-Debug-Cache-Store
Apple-News-Services-Parsed-Url
X-Debug-Cookies
X-Debug-Log
Apple-News-Services-Host
X-Debug-Cache-Fetch
FNAC-ModuleRouting
X-Debug-Cache-Expiry
RNT-Time
Fastly-Soc-X-Request-Id
X-Wikidot-Static-Cache
Wxu-Next-Commit
Apple-News-Services-Request-Url
X-Cache-Info
X-Core-Mission
X-Nginx-Cache-Key
X-Cache-Bucket
X-Block-Status
X-Backend-State
X-Developers
Fastly-Backend-Name
X-Cache-URL
X-Req
X-App-Name
X-AK-Request-ID
X-Clientip
X-Cms-Context
X-BBXSRF
X-Clara-WADP
Wxu-Next-Region
X-CGP
Wxu-Next-Hostname
Server-Int
X-Generated-In
X-Trace-Id
X-NodeID
X-NX-Host
X-Origin-Date
X-TH-Server
X-Ms-Version
X-Ms-Request-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-TT-LOGID
X-LI-UUID
X-Location
X-Origin-Expires
X-OVcl
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Sucuri-Cache
X-Render-Time
X-Request-URI
X-SVT-ORM-RULES
X-Proxy-Upstream
X-OVcl-Cache
X-Swa-Ws
X-SVT-ORM-VERSION
X-Owner
X-LI-Proto
X-Li-Pop
X-WADP-Cache
X-FW-Version
X-Gamma-Serve
X-Gen-Mode
X-Generation-Time
X-Fastly-Cache
X-We-Are-Hiring
X-Distributor
X-Distil-CS
X-Epic-Correlation-Id
X-Eu-Site
X-Webstats-RespID
X-VServer
X-GoCache-CacheStatus
X-VC-Cache
X-Irp-Debug
X-Key
X-Li-Fabric
X-User
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Hash
X-Hit
X-Hnp-Log
X-IN-APIGATEWAY
X-Dispatcher-Server
X-Cdn-Srv
AKAMAI
Kp-EeAlive
X-NGENIX-Cache
Section-Io-Cache
Server-ID
Cache-Host
CDCHOST
Cdncip
Cdnsip
Countrycode
Request-Country
Request-EU
Country-Code
Memcached
Heartbleed
Locale
V-Age
IBM-Web2-Location
We-Hiring
HA-Ipaddr
Web-Mar-Node
Mail-Subject
Ha-Gx-Prefs
ServerName
True-Client-Country-4JS
X-B3-Parentspanid
X-Via-Fastly
X-Old-Content-Length
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-ServiceProvider
X-Has-Esi
X-Matched-Rule
X-Level-Front-Cache
X-Reboot
X-Platform-Server
X-NU-AKA-ACS-Version
X-JWT-State
X-Is-Gdpr
X-GeoIP-City
X-Service
Adler-Geo
X-S-Maxage
X-Generated-On
Is-Eu
X-Azure-Ref
X-Cache-Tags
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Micro-Cache
X-Internal-Host
Thinkindot-CacheControl
Server-Host
X-Rebelmouse-Surrogate-Control
X-Up
Fastly-SWR
Platform
Fastly-SIE
X-Core-Value
X-Rebelmouse-Cache-Control
PFcat
X-Variation
HitType
X-TA-CDN-Provider
X-Nginx-Cache
X-Daa-Tunnel
X-Server-W
X-SERVER
X-Lb-Id
X-Response-By
X-Refresh
X-NC
Cache-Hits
RequestId
X-Fetched-On
X-Servername
X-Server-IP
X-B3-SpanId
X-CSRF-TOKEN
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Nc
X-CF-Powered-By
X-Cdn-Forward
Memory
Media-Length
X-Tec-Api-Origin
ProcessTime
X-Tec-Api-Root
X-Tec-Api-Version
X-Cdn-Request-ID
X-Pjax-Url
X-Ua
X-Wa
X-Air-Hostname
X-BACKEND-TTL
User-Agent
Origin
Filterid
X-Cache-Expired-At
X-Var-Ttl
Group
Pragrma
X-CSRF-Token
X-Sucuri-Id
X-TIME
X-Unique-ID
X-Correlation-ID
Geoip-Latitude
X-AIR-PT
X-Pf-Uncompressing
TTL
X-Reqid
Esi-Enabled
X-Planisys-CDN-Rules
S-Cnection
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
Powered-By-ChinaCache
SRV
X-Vcl-Version
X-Policy
GeoIp-Country-Code
X-COUNTRY
X-NGINX-Cache
PICS-Label
X-Request-Start
X-Rocket-Nginx-Bypass
X-Servedbyhost
SN
X-Sucuri-ID
HostName
Rt-Proxy-Cache
X-Varnish-Cacheable
X-Azure-Ref-OriginShield
X-Webkit-CSP
X-Litespeed-Cache
M-TraceId
X-Via-Ucdn
X-HS-Status
XServer
Geoip-City
X-Method
X-Via-CDN
Magicmarker
X-Fastly-Country-Code
X-FORWARDED-FOR
Load-Balancing
X-NWS-UUID-VERIFY
Dnion-Transfer-Encoding
Tcn
X-Developer
X-Cdn-Origin
X-Cache-Ttl
DSUID
X-Ocache
X-LAGOON
X-Node-Id
Resin-Trace
X-Device-Os
X-Cache-Grace
X-Sn-Servicetimems
Ohc-Response-Time
Who
Release
X-VHOST
X-Ftr-Cache-Host
X-Svr
X-Be
CF-Cached-On
X-ServedByHost
Cdn
NtCoent-Length
On-Server
X-MServer
X-VCT
X-Request-Host
GeoIP-Country-Code
X-VCL-Version
A
X-MSEdge-Features
X-Hp-Ccpa-Warning
X-MSEdge-Flight
Pics-Label
Vix-Hermes-Req-Id
X-Bc
X-APP
X-Zone
X-Newrelic-App-Data
X-DC
GeoIP-Latitude
X-Oss-Server-Time
X-Oss-Storage-Class
Cloudfront-Viewer-Country
X-VarnishDD-TTL
Cteonnt-Length
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
Ttl
MIME-Version
X-Oracle-Dms-Rid
X-Beluga-Trace
X-Beluga-Record
X-Beluga-Response-Time
GeoIP-City
X-WR-MODIFICATION
X-Varnish-URL
X-Fastly-Backend-Reqs
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Status
X-Configured-By
X-LiteSpeed-Cache-Control
X-Varnish-Url
X-SD-PageType
X-PF-Uncompressing
X-Varnish-Ttl
X-Cache-Status-Check
Hostname
SD-X-WS
X-Ratelimit-Remaining
X-SRV
X-SN
X-Ftr-Request-Id
X-Tid
X-Upstream-Ct
X-Compress-Hint
X-PJAX-URL
X-Cache-Id
Host-ID
X-Upstream-Ht
X-HostName
X-Aicache-OS
Processtime
X-Via-NSCOPI
X-Dynatrace
X-BE
X-Release
L
X-Dynatrace-Js-Agent
X-ID
X-Scheme
Cache-Provider
LB
X-Slack-Backend
CACHE
X-Fastly-Cache-Hits
X-Swift-Error
X-Frame-Option
X-Ratelimit-Limit
Amp-Access-Control-Allow-Source-Origin
X-DB
X-DI
X-Action
Requestid
X-DSS
X-DW
X-RPS
X-RSL
X-RPM
Servername
CF-IPCountry
X-StackifyID
Cache-Cookie-Set-Lfrom
X-Ftr-Backend-Server
X-Ftr-Backend
Pagetype
X-Ftr-Dc
X-Ftr-Realm
UCS
Dynatrace
X-ServerName
Lfy
X-Ftr-Balancer
X-Branch-Name
CDN
X-LB-ID
X-Snapshot-Date
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-CACHE-AGE
X-VC
X-Fastly-Cache-Status
X-SB
X-Varnish-Beresp-TTL
D-Cc-Upstream
WebServer
X-Node-ID
X-Cc-Via
X-Cc-Req-Id
Arc-Country
Warning
X-PAYTM-SRV-ID
X-Apw-Hits
Proxy-Firewall
X-Apw-Access-Object
V-Cache
X-Apw-Access-Action
X-Apw-Access-Token
X-Processor
X-ZONE
X-Edge-IP
X-Server-Time
NnCoection
X-Hello
Pramga
X-Skip-Cache
X-Dispatch
X-FPC
X-Cache-FS-Status
X-ABtesting
X-Flog
X-Check-Cacheable
Backend-Name
X-BC
Correlation-Id
X-App
X-ElasticPress-Search
Lb
X-Powered-Y
X-Request-Url
WZWS-RAY
WP-Super-Cache
X-Worker
X-Request-URL
X-Litespeed-Cache-Control