Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Id-2
X-Server-Powered-By
X-Amz-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
Content-Location
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HW
X-DataDome
X-Application-Context
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-ORACLE-DMS-RID
Fusion-Content-Source
NEL
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
Accept-Ch
X-TTL
X-FTR-Request-ID
X-ESI
Verso
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
Edge-Cache-Tag
RTSS
X-Px
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
SPRequestGuid
X-Server-Name
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Vcache
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Navigation-Version
X-Middleton-Response
Response
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-VARITI-CCR
Realpath
X-Cdn
Public-Key-Pins
Cache-Tag
Access-Control-Request-Method
X-Client-IP
S
X-Upstream
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Ser
MS-Author-Via
X-Shard
SPRequestDuration
SPIisLatency
X-Id
X-Hp-Webp
DynaTrace
X-Forwarded-For
X-Ezoic-Cdn
MRF-Tech
X-Mrf-Section-Lastmod
X-Aspnet-Version
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-T
X-Content-Type
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Recruiting
Front-End-Https
X-Grace
Fastcgi-Cache
X-Hits
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Node-Name
X-Element-Page-Cache
Nel
X-Content-Digest
Powered
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Frontend
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-HS-Cache-Config
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Server-Name
X-Edge-O15-RID
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Alternate-Protocol
X-Logged-In
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
TP-Cache
TP-L2-Cache
Server-Node
X-Correlation-Id
X-Cache-TTL
X-Webkit-Csp
X-Webapp-Samesite-None-Activated-N
X-Shield-Request-Id
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
X-Server-ID
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Jurisdiction
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-Content-Options
Refresh
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Revision
X-Akamai-Edgescape
X-Rid
X-User-Agent
X-Varnish-Grace
X-Cache-Hit
Backend-Timing
X-Amzn-RequestId
X-F-Cache
X-Amz-Apigw-Id
X-ATS-Timestamp
X-XRDS-Location
X-Type
Fastly-Restarts
X-Pad
X-Content-Powered-By
X-Analytics
X-URL
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Az
X-N
X-B3-Sampled
X-LB-Cache
X-Zen-Fury
X-B
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-RID
X-Cache-Age
X-TT
PB-PID
X-AOL-HN
X-WebKit-CSP-Report-Only
X-App-Environment
X-Tumblr-Pixel
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Request-Guid
X-Jobs
Arc-Version
X-Framework
X-Mobile-Rewrite
DC
Actual-Object-TTL
Paypal-Debug-Id
X-Debug-Info
X-Signature
X-B-Cache
Access-Control-Allow-Method
X-FB-Debug
Cache-Status
X-PHP-Backend
X-CST
X-Load-Cache
X-Cache-Action
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Surrogate-Key
X-Git-Hash
X-Ttl
X-Varnish-Backend
Fastcgi-Useragent
FilterID
Host-Header
X-Time
X-Cached-By
X-IPLB-Instance
X-Tt-Trace-Tag
MS-CV
X-Contextid
X-Amz-Replication-Status
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-ATG-Version
X-FastCGI-Cache
X-Cache-Key
Accept-CH
Tracecode
Frame-Options
X-Srv
NGB
X-Response-Served-From
X-Accel-Buffering
WPE-Backend
Eomportal-Instance
Payment
X-Varnish-Server
Source
X-Region
X-FW-Static
Xserver
X-FW-Type
X-FW-Server
X-Cache-2
X-RequestSource
X-Cache-NE
Filters
X-GeoIP
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Adobe-Content
X-Cache-Enabled
X-Adobe-Loc
X-IPS-LoggedIn
X-Cacheable-TTL
X-Varnish-Hostname
X-FW-Serve
X-FW-Hash
X-WA-Info
X-Tumblr-Pixel-1
Host
X-Rendered-As
X-Mobile
X-Oneagent-Js-Injection
X-Host-Name
X-TX-ID
X-Is-Bot
Cleartype
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Seen-By
X-NewRelic-App-Data
X-Cache-Rule
X-Cache-Operation
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Cache
X-EdgeConnect-Cache-Status
X-Via-JSL
X-Origin-Response-Time
X-Hostname
X-Cache-TTL-Remaining
X-VCache
X-Cache-Control
Healthy
Accept-CH-Lifetime
Datacenter
X-HTML-Minification-Powered-By
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Presslabs-Stats
X-B3-Traceid
X-Dc
Retry-After
X-ProcessESI
Server-Info
X-RTag
X-RemovedCookies
Ms-Operation-Id
X-UA
X-Rule
X-PressLabs-Stats
X-RateLimit-Limit
X-Cache-Server
From-Origin
X-Status
X-CACHE-KEY
X-Wix-Request-Id
Version
Liferay-Portal
X-L-Path
X-FireWall-Port
X-Environment-Context
X-Source
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Endurance-Cache-Level
X-ES-SERVER
X-Cache-Var
Meta-Geo
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-Handled-By
Selected-Fe
X-Timing-Wait
OT-Force-Account-Verify
X-Proxy-Build
X-Alternate-Cache-Key
X-UUID
X-Proto
X-Storage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-Backend-Name
X-ShardId
X-Content-Age
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Tb
X-ShopId
X-Shopify-Stage
X-Hyper-Cache
TWC-Privacy
Azure-Version
Azure-SlotName
TWC-Connection-Speed
X-Generated-By
Property-Id
Cache-Tags
X-Debug-Cache
X-FC-Vary-Parameters
X-Hl-Ver
X-Human
Azure-RegionName
X-JoinUs
X-Hosted-By
Azure-SiteName
Webcakes-App-Version
TWC-Device-Class
Webcakes-Region
Webcakes-App-Name
Decoy-Debug-Key
TWC-Locale-Group
Now
Node
Origin-Cache-Control
Origin-Edge-Control
S-Rt
X-Akamai-Request-ID2
TWC-GeoIP-LatLong
NGX
TWC-GeoIP-Country
Azure-InstanceId
DB-Nickname
X-Cache-Config
Decoy-Debug-Status
Decoy-Debug-TTL
X-Section
Ec-Rule-Version
X-BYPASS-REASON
X-Cache-Host
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-ProxyCache-Key
X-VWS-Id
X-Time-Microsecs
X-Soup
X-Qloud-Router
X-Access
X-ProxyCache-Status
X-Request-Time
X-Web-Node
X-Pubstack
X-Vgn-Hpd-Reason
Akamai-GRN
X-Format
X-Viewer-Country
X-Redis-Cache
X-ServerID
X-Origin-Hint
X-AWS-Id
X-Akamai-Request-ID
X-SaId
X-Origin
X-OCL
X-Proxy
X-FW-Dynamic
X-LJ-Flow-ID
X-PCL
X-Varnish-Hits
X-Say-Cacheable
X-BCube-Filmed-By
X-Say-TTL
X-Site-Version
X-SayCDN-TTL
X-CCM
X-NYM-Debug-Backend
X-IP
X-MP-GENERATED-AT
X-Locale
X-Cluster-Node
X-Generated
X-Www-Served-By
X-Xfnlog-Site
Mn-Server-Ip
X-Proxy-Cache-Status
X-RCS-CacheZone
L5d-Success-Class
X-Amzn-Remapped-Content-Length
X-Detected-As
X-FB-TRIP-ID
Cache-Name
X-TNCMS
X-App-Server
Cross-Origin-Window-Policy
X-Loop
X-R9-Blue-Green-Version
Viewport
X-CS
Srv
X-APP-VERSION
Uber-Trace-Id
GEO-INFO
Webserver
Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Esi
X-Akamai-Transformed
Accept-Charset
X-NCache
X-Drupal-Cache-Tags
X-Cache-Remote
X-From
X-Unique-Id
X-UA-Device-Type
X-TT-TIMESTAMP
X-Cluster-Name
X-Edge-Location
X-Drupal-Cache-Contexts
X-Origin-CC
Mime-Version
X-Origin-TTL
Cache-Key
X-EC-Lua
Accept-Language
Country
X-Mode
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-Microcachable
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-Backend-TTL
Ohc-File-Size
Ohc-Cache-HIT
X-B3-Spanid
X-Forwarded-Host
X-Geo
X-No-Session
X-Info
X-CDN-Forward
Proxy-Connection
X-UPSTREAM-Address
X-PHP-Host
X-Magnolia-Registration
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Whom
X-App-Version
ServedBy
Content-Disposition
X-UnsetCookies
X-Varnish-Cache-Hits
X-Routing-Service
X-Proxied
X-Real-IP
X-ApacheServer
X-PERF
X-Cache-Time
Fastly-SSL
Cf-Ipcountry
X-A-Dam
X-ARC
X-Application
X-A-Ccd
X-Aed
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
X-A-Dcw
Fastcgi-X-Cache-Version
X-B-Cookie
GEO-REGION-INFO
Machine
Content-Style-Type
Content-Script-Type
AsisCache
BehaviorPad-Version
MD5-Digest
Meta-Geo-Continent
Viewtype
VivaBuild
T-Server
Rendered-Blocks
Mobile-Detection-Method
Powered-By
X-A
X-External-Request-Id
X-Rojux
X-S
X-VG-WebServer
X-Rewrite-Enabled
X-Region-Sid
X-Request-UUID
X-S-Cookie
X-ScT
X-Transaction
X-Trv-Group
X-Vdms-Version
X-SRCache-Key
X-VG-WebCache
X-Session-Fingerprint
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Connection-Hash
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
Xc-Version
X-Destination
X-Date
X-Vtex-Remote-Cache
X-GeoIP-Country-Code
X-G
X-Geo-Header
X-DPWN-IS-SECURE
Access-Control-Request-Headers
X-Device-Type
User-Cache-Control
X-SIPLIST1
X-Varnish-Authentication
IsBot
X-WebServer
X-VG-TLSProxy
X-Via-Fastly
X-VC-Cache
Gh-Request-Id
W
Server-Surrogate-Control
Server-Cache-Control
X-Contensis-Viewer-Groups
X-Cache-Debug
X-Bip
X-Cache-ASPX
X-Logging-Id
X-Rocket-Build-Number
X-Thanos
X-TrackingId
Environment
X-Sigma-Backend
X-Auto-Login
X-Sigma
X-Tumblr-Pixel-3
X-CUA
X-Cache-Backend
Geo-Info
X-Uri
X-C
X-Hnp-Log
X-Hit
X-Hash
X-GeoIP-City
X-Gamma-Serve
X-FW-Version
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-GoCache-CacheStatus
X-IN-APIGATEWAYSSL
X-LI-UUID
X-Location
X-Ms-Request-Id
X-Ms-Version
X-LI-Proto
X-Li-Pop
X-Instart-Isnd
X-Irp-Debug
X-Key
X-Li-Fabric
X-IN-APIGATEWAY
X-Eu-Site
X-Cache-Info
X-Cache-Bucket
X-Cdn-Srv
X-CGP
X-Clara-WADP
X-Block-Status
X-BBXSRF
X-Agile-Age
X-Agile-Id
X-AK-Request-ID
X-Backend-State
X-Clientip
X-Cms-Context
X-Distil-CS
X-Distributor
X-Epic-Correlation-Id
X-NodeID
X-Dispatcher-Server
X-Debug-Log
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-Fastly-Cache
X-Origin-Date
Server-Int
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
RNT-Time
RNT-Machine
Fastly-Backend-Name
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
Locid
X-Cache-URL
X-Core-Mission
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-App-Name
Apple-News-Services-Handled
X-Wikidot-Static-Cache
X-Developers
X-Nginx-Cache-Key
X-Req
X-Wikidot-Backend
X-Webstats-RespID
X-We-Are-Hiring
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Render-Time
X-Sucuri-Cache
X-Proxy-Upstream
X-Owner
X-Agile
X-Origin-Expires
X-OVcl
X-OVcl-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Urbn-Site-Id
X-User
X-VServer
X-WADP-Cache
X-Urbn-Context-Path
X-NGENIX-Cache
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-TT-LOGID
X-NX-Host
X-Request-URI
Cdnsip
Request-Country
Web-Mar-Node
X-Varnish-Beresp-Ttl
Section-Io-Cache
Countrycode
We-Hiring
Kp-EeAlive
Country-Code
AKAMAI
X-Varnish-Beresp-Grace
Request-EU
X-Varnish-Beresp-Status
Cdncip
V-Age
HA-Ipaddr
Heartbleed
IBM-Web2-Location
Mail-Subject
Ha-Gx-Prefs
Locale
Cache-Host
True-Client-Country-4JS
Memcached
ServerName
CDCHOST
Server-ID
X-B3-Parentspanid
X-S-Maxage
Server-Host
X-Generated-On
X-Up
X-Thinkindot-L3
X-Level-Front-Cache
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-JWT-State
X-Is-Gdpr
Thinkindot-CacheControl-Type
X-Has-Esi
Platform
X-Trafficlayer-App-Version
PFcat
X-Variation
Thinkindot-CacheControl
X-Platform-Server
X-Azure-Ref
X-Reboot
X-Service
X-Cache-Tags
X-Internal-Host
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Micro-Cache
X-Core-Value
Adler-Geo
X-ServiceProvider
Fastly-SWR
Fastly-SIE
Is-Eu
Thinkindot-Control
X-TA-CDN-Provider
HitType
X-Nginx-Cache
Cache-Hits
X-SERVER
X-Daa-Tunnel
X-Refresh
X-Response-By
X-Lb-Id
X-Server-W
X-Cdn-Forward
X-Nc
RequestId
X-Fetched-On
X-Server-IP
X-Servername
X-B3-SpanId
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-NC
X-CF-Powered-By
X-Tec-Api-Version
X-Tec-Api-Root
Media-Length
X-Tec-Api-Origin
X-Cdn-Request-ID
X-BACKEND-TTL
ProcessTime
Memory
X-CSRF-TOKEN
X-Pjax-Url
X-CSRF-Token
User-Agent
Origin
X-Air-Hostname
Filterid
Pragrma
Group
X-Var-Ttl
X-Wa
Geoip-Latitude
TTL
X-Pf-Uncompressing
X-Cache-Expired-At
X-Correlation-ID
X-TIME
X-Unique-ID
X-Ua
X-Reqid
X-Vcl-Version
X-AIR-PT
GeoIp-Country-Code
Esi-Enabled
X-Sucuri-Id
S-Cnection
X-Rocket-Nginx-Bypass
Powered-By-ChinaCache
X-Policy
X-Planisys-CDN-TTL
X-COUNTRY
X-Planisys-CDN-Cache
SRV
X-Planisys-CDN-Rules
X-NGINX-Cache
X-Sucuri-ID
PICS-Label
X-Request-Start
HostName
X-Webkit-CSP
SN
X-Servedbyhost
Rt-Proxy-Cache
X-Litespeed-Cache
X-Varnish-Cacheable
X-Azure-Ref-OriginShield
M-TraceId
Geoip-City
X-Via-Ucdn
X-Varnish-Ttl
X-HS-Status
XServer
Magicmarker
X-Via-CDN
Dnion-Transfer-Encoding
X-Method
X-Fastly-Country-Code
X-FORWARDED-FOR
Load-Balancing
Tcn
X-Developer
X-NWS-UUID-VERIFY
Ohc-Response-Time
Who
X-Cache-Ttl
Resin-Trace
DSUID
X-ServedByHost
X-Node-Id
X-Ocache
X-Sn-Servicetimems
X-Cache-Grace
X-Device-Os
X-LAGOON
X-Cdn-Origin
X-VHOST
X-Ftr-Cache-Host
Release
X-Be
X-VCT
On-Server
Cdn
NtCoent-Length
X-MServer
CF-Cached-On
X-Svr
X-Hp-Ccpa-Warning
X-Bc
Vix-Hermes-Req-Id
X-MSEdge-Features
X-Zone
X-Request-Host
X-APP
A
X-MSEdge-Flight
Pics-Label
X-Oss-Server-Time
X-Ratelimit-Remaining
GeoIP-Country-Code
X-VCL-Version
X-Oss-Storage-Class
X-Oss-Request-Id
Cteonnt-Length
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
Cloudfront-Viewer-Country
MIME-Version
X-Oracle-Dms-Rid
X-Beluga-Trace
X-Beluga-Cache-Status
X-Beluga-Node
X-Varnish-Url
X-Fastly-Backend-Reqs
GeoIP-Latitude
X-VarnishDD-TTL
Ttl
X-Configured-By
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
X-LiteSpeed-Cache-Control
X-DC
X-WR-MODIFICATION
X-Cache-Status-Check
Amp-Access-Control-Allow-Source-Origin
X-Newrelic-App-Data
X-SD-PageType
X-Varnish-URL
GeoIP-City
Hostname
SD-X-WS
X-PF-Uncompressing
X-Cache-Id
Host-ID
X-SRV
X-Tid
X-Compress-Hint
X-Upstream-Ct
X-SN
X-PJAX-URL
X-Ftr-Request-Id
X-Upstream-Ht
X-HostName
Processtime
X-BE
X-Aicache-OS
X-Via-NSCOPI
L
X-Ratelimit-Limit
X-Release
X-Dynatrace
X-Dynatrace-Js-Agent
X-Swift-Error
WebServer
Cache-Provider
X-ID
CACHE
LB
X-Scheme
X-Slack-Backend
X-Frame-Option
Cache-Cookie-Set-Idcheck
X-RPS
Cache-Cookie-Set-From
Dynatrace
X-RSL
X-Ftr-Dc
Lfy
UCS
X-RPM
X-Action
Requestid
X-StackifyID
X-DB
X-DI
X-DW
X-DSS
Cache-Cookie-Set-Lfrom
X-Ftr-Realm
CDN
X-LB-ID
X-Snapshot-Date
X-ServerName
X-Ftr-Balancer
Pagetype
X-Ftr-Backend-Server
CF-IPCountry
X-Branch-Name
X-Ftr-Backend
Servername
X-Fastly-Cache-Hits
X-CACHE-AGE
X-Apw-Access-Token
D-Cc-Upstream
Warning
X-Fastly-Cache-Status
X-Cache-FS-Status
X-Apw-Hits
Pramga
Arc-Country
X-VC
X-Cc-Via
X-Cc-Req-Id
Proxy-Firewall
X-Apw-Access-Action
X-Apw-Access-Object
X-PAYTM-SRV-ID
V-Cache
X-Dispatch
X-SB
X-Server-Time
X-Node-ID
X-Varnish-Beresp-TTL
X-Processor
X-FPC
X-Skip-Cache
X-Edge-IP
X-ZONE
NnCoection
X-WA
X-ND-Cache
X-Flog
X-DevSite-Last-Modified
Fastly-Drupal-HTML
X-ABtesting
X-Hello
Lb
Correlation-Id
X-App
Backend-Name
WZWS-RAY
X-Litespeed-Cache-Control
X-BC
X-Worker
X-Powered-Y
X-Request-URL
X-ElasticPress-Search
WP-Super-Cache
X-Request-Url
X-Check-Cacheable