Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
P3p
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-OneAgent-JS-Injection
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
X-DataDome
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Accept-Ch
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
X-FTR-Request-ID
X-TTL
X-ESI
Accept-Ch-Lifetime
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
Edge-Cache-Tag
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
RTSS
AR-Request-ID
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-Server-Name
SPRequestGuid
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Powered-CMS
X-Amz-Rid
X-Sol
Arr-Disable-Session-Affinity
X-Middleton-Display
Pagespeed
Response
X-Middleton-Response
Display
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Fastcgi-Cache
X-Navigation-Version
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TCN
X-Trace
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
Access-Control-Request-Method
X-Ser
S
X-Fastly-Request-ID
MS-Author-Via
X-Upstream
X-DynaTrace-JS-Agent
X-Shard
SPIisLatency
SPRequestDuration
X-Id
X-Ezoic-Cdn
X-Hp-Webp
Nginx-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Content-Type
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Grace
DynaTrace
Nel
X-Recruiting
Front-End-Https
X-Aspnet-Version
X-Hits
Fastcgi-Cache
X-Varnish-Age
ServerID
X-Server-ID
X-DIS-Request-ID
X-Edge-O15-RID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-FTR-Cache-Status
X-Frontend
X-FTR-Expires
X-Country-Code-Real
Powered
X-Goog-Generation
X-Cache-TTL
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
Server-Name
Alternate-Protocol
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-Logged-In
TP-L2-Cache
Server-Node
TP-Cache
X-Jurisdiction
X-XRDS-Location
X-Correlation-Id
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-ATS-Timestamp
Upgrade-Insecure-Requests
Backend-Timing
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Origin-Server
Refresh
X-Amzn-RequestId
X-User-Agent
X-Akamai-Edgescape
X-Amz-Apigw-Id
X-Cache-Hit
X-F-Cache
X-Revision
X-Type
X-Varnish-Grace
X-Rid
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-XRDS-LOCATION
Fastly-Restarts
X-Zen-Fury
X-Geo-Country
X-Content-Powered-By
X-URL
X-B3-Sampled
X-AppVersion
X-Az
X-Activity-Id
X-B
X-LB-Cache
X-Pad
X-CST
X-N
X-Analytics
X-RateLimit-Remaining
X-FTR-Cache-Host
X-Kinsta-Cache
PB-PID
PB-RID
X-Ruxit-Js-Agent
X-Mobile-Rewrite
X-Webkit-Csp
Arc-Version
Cache-Status
X-Cache-Age
X-TT
X-Debug-Info
X-Instance
X-AOL-HN
X-WebKit-CSP-Report-Only
X-B-Cache
X-Framework
X-Signature
X-Jobs
X-App-Environment
Paypal-Debug-Id
DC
X-Tumblr-Pixel
X-Request-Guid
Access-Control-Allow-Method
Actual-Object-TTL
X-Time
X-Tumblr-Pixel-0
X-Tumblr-User
X-FB-Debug
X-PHP-Backend
X-Cache-Action
X-Load-Cache
X-Git-Hash
Surrogate-Key
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ttl
X-Cached-By
X-Tt-Trace-Tag
Host-Header
Fastcgi-Useragent
X-IPLB-Instance
X-Amz-Replication-Status
X-Contextid
X-Tt-Trace-Host
FilterID
MS-CV
X-SS-Set-Cookie
X-Cluster
X-ATG-Version
Tracecode
X-Accel-Buffering
NGB
X-Response-Served-From
X-WA-Info
WPE-Backend
X-Srv
Frame-Options
X-Cache-NE
Payment
X-Varnish-Server
Eomportal-Instance
X-Cache-2
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Host-Name
X-FW-Static
Xserver
X-FW-Type
X-Region
Host
X-Mobile
X-Varnish-Hostname
X-Kong-Upstream-Latency
X-Is-Bot
X-Adobe-Loc
X-GeoIP
X-Kong-Proxy-Latency
X-Cache-Enabled
Source
Filters
X-Cacheable-TTL
X-Adobe-Content
X-Cache-Operation
Cache-Tv-Group
X-RequestSource
X-Cache-Rule
X-Rendered-As
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-NewRelic-App-Data
X-TX-ID
X-Cache-Key
X-Oneagent-Js-Injection
X-IPS-LoggedIn
X-EdgeConnect-Cache-Status
X-Hostname
Cleartype
X-Origin-Response-Time
X-Via-JSL
X-Seen-By
X-Cache-TTL-Remaining
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-FastCGI-Cache
X-VCache
Cache
X-Presslabs-Stats
Retry-After
Server-Info
X-HTML-Minification-Powered-By
X-B3-Traceid
Healthy
X-RemovedCookies
X-ProcessESI
X-CACHE-KEY
X-Cache-Control
Datacenter
X-PressLabs-Stats
Ms-Operation-Id
X-RTag
X-Dc
X-NWS-LOG-UUID
X-RateLimit-Limit
Liferay-Portal
X-Source
X-UA
X-FireWall-Port
From-Origin
X-Cache-Server
X-Environment-Context
X-L-Path
X-Trafficlayer-App-Name
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Trafficlayer-App-Scope
X-Rule
X-Wix-Request-Id
X-Status
Version
X-App-Server
X-Handled-By
X-Cache-Var
X-Path-Route
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-Cache-Var-Map
X-Access
OT-Force-Account-Verify
X-Request-Time
X-Proxy-Build
X-Timing-Wait
X-Format
X-Tb
Selected-Fe
X-Section
Cache-Tags
X-ShopId
X-Alternate-Cache-Key
X-ShardId
Akamai-GRN
X-Origin
X-Proto
X-ProxyCache-Key
X-ProxyCache-Status
Azure-RegionName
Azure-InstanceId
Azure-SiteName
X-Storage
Azure-SlotName
X-Shopify-Generated-Cart-Token
X-Akamai-Request-ID
Azure-Version
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Backend-Name
X-BYPASS-REASON
X-EIG-Tracking-Id
X-Content-Age
Accept-CH
X-Human
Mn-Server-Ip
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
TWC-Locale-Group
S-Rt
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
Node
NGX
Now
TWC-Connection-Speed
X-Web-Node
Property-Id
DB-Nickname
X-Cluster-Node
X-ServerID
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-Time-Microsecs
X-Soup
X-OCL
X-SaId
X-Pubstack
X-Qloud-Router
X-Proxy-Cache-Status
X-RCS-CacheZone
X-Origin-Hint
X-PCL
X-UUID
X-Vgn-Hpd-Reason
X-Cache-Config
X-Cache-Host
X-AWS-Id
X-Akamai-Request-ID2
Webcakes-App-Version
Webcakes-Region
X-Debug-Cache
X-FW-Dynamic
X-Viewer-Country
X-JoinUs
X-VWS-Id
X-Hyper-Cache
X-Hl-Ver
X-Hosted-By
Webcakes-App-Name
Ec-Rule-Version
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Generated-By
X-IP
X-Locale
X-FC-Vary-Parameters
Origin-Edge-Control
X-BCube-Filmed-By
X-CCM
X-Detected-As
Decoy-Debug-TTL
Origin-Cache-Control
X-Proxy
X-Redis-Cache
X-SayCDN-TTL
Decoy-Debug-Status
X-Www-Served-By
X-Say-TTL
Cross-Origin-Window-Policy
X-Xfnlog-Site
Decoy-Debug-Key
X-Say-Cacheable
X-Varnish-Hits
X-Site-Version
X-TNCMS
X-Amzn-Remapped-Content-Length
X-Generated
X-FB-TRIP-ID
X-Loop
X-R9-Blue-Green-Version
L5d-Success-Class
Srv
X-APP-VERSION
X-CS
Accept-Charset
Cache-Name
X-Akamai-Transformed
Uber-Trace-Id
Viewport
GEO-INFO
X-Esi
X-NCache
X-Drupal-Cache-Tags
Webserver
Accept-CH-Lifetime
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Time
X-UA-Device-Type
X-Cache-Remote
Cache-Key
X-From
Mime-Version
X-Unique-Id
X-Cluster-Name
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
X-TT-TIMESTAMP
Accept-Language
X-Edge-Location
X-Backend-TTL
Country
X-CDN-Forward
X-Forwarded-Host
Odigeo-Trace-Id
X-Mode
X-Microcachable
Rt-Fastcgi-Cache
X-EC-Lua
X-CLOUD-TRACE-CONTEXT
X-UnsetCookies
X-B3-Spanid
X-Newrelic-Synthetics
X-Info
X-Varnish-Cache-Hits
X-Whom
X-Magnolia-Registration
Ohc-File-Size
X-PERF
Ohc-Cache-HIT
X-ApacheServer
ServedBy
Content-Disposition
X-No-Session
Proxy-Connection
X-UPSTREAM-Address
X-Geo
X-App-Version
Geo-Info
X-NGENIX-Cache
X-PHP-Host
Cf-Ipcountry
X-Routing-Service
X-Zipkin-Id
X-Device-Type
X-Proxied
X-Labrador-Cache-Channel
X-Destination
Content-Style-Type
Content-Script-Type
Meta-Geo-Continent
X-ARC
X-Application
Mobile-Detection-Method
X-DPWN-IS-SECURE
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
X-Via-Fastly
Apple-News-Services-Handled
X-GeoIP-Country-Code
X-G
Apple-News-Services-Host
BehaviorPad-Version
Machine
Apple-News-Services-Parsed-Url
X-Geo-Header
X-B-Cookie
MD5-Digest
X-Date
X-D
GEO-REGION-INFO
AsisCache
X-External-Request-Id
X-CF-Lambda-Fn
X-Real-IP
X-A-Ccd
X-A
X-Transaction
X-Trv-Group
X-A-Dcw
X-A-Dgt
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Twitter-Response-Tags
Viewtype
X-Vtex-Remote-Cache
W
T-Server
VivaBuild
X-Vtex-Processado-Em
X-VG-WebServer
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebCache
X-Session-Fingerprint
X-A-Dam
Xc-Version
X-Region-Sid
Rendered-Blocks
X-Request-UUID
X-Aed
X-Rojux
X-Rewrite-Enabled
X-Connection-Hash
X-ScT
X-Accel-Expires-Debug
X-S
X-A-Wwc
X-Rocket-Build-Number
X-S-Cookie
X-Uri
X-C
X-Cache-Time
X-Nc
X-Varnish-Authentication
X-Eu-Site
X-VC-Cache
X-Epic-Correlation-Id
X-Render-Time
Gh-Request-Id
X-Developers
X-Agile
Powered-By
X-WebServer
Fastly-Soc-X-Request-Id
X-CGP
Fastly-SSL
X-App-Name
Server-Surrogate-Control
X-Agile-Id
X-Distil-CS
X-Tumblr-Pixel-3
X-Hit
IsBot
Ha-Gx-Prefs
CDCHOST
Environment
X-Auto-Login
X-Bip
X-Sucuri-Cache
X-Contensis-Viewer-Groups
Locid
X-Thanos
X-CUA
HA-Ipaddr
X-Logging-Id
X-SIPLIST1
X-Backend-State
X-Agile-Age
X-Cache-Debug
Server-Cache-Control
X-Cache-ASPX
HitType
Access-Control-Request-Headers
User-Cache-Control
X-GoCache-CacheStatus
V-Age
X-Cms-Context
Wxu-Next-Region
X-Cache-Bucket
X-Cache-Backend
X-AK-Request-ID
X-Cache-URL
Wxu-Next-Hostname
X-Clara-WADP
We-Hiring
Wxu-Next-Commit
X-Clientip
X-NodeID
X-Req
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Origin-Expires
X-Origin-Date
X-Owner
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Swa-Ws
X-TH-Server
X-We-Are-Hiring
X-WADP-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-User
X-TrackingId
X-Trace-Id
X-TT-LOGID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-NX-Host
True-Client-Country-4JS
X-Gamma-Serve
X-FW-Version
X-Generated-In
X-Generation-Time
X-GeoIP-City
X-Distributor
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Hash
X-IN-APIGATEWAY
X-Micro-Cache
X-Location
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-LI-UUID
X-LI-Proto
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Key
X-Li-Fabric
X-Li-Pop
X-Core-Mission
X-Azure-Ref
Request-Country
Cache-Host
Request-EU
X-Varnish-Beresp-Status
RNT-Machine
AKAMAI
Cdncip
Cdnsip
Memcached
X-Varnish-Beresp-Grace
X-Daa-Tunnel
Countrycode
Country-Code
Fastly-Backend-Name
Mail-Subject
RNT-Time
Locale
Fastly-SIE
X-Varnish-Beresp-Ttl
IBM-Web2-Location
Kp-EeAlive
Heartbleed
Server-Int
Fastly-SWR
Section-Io-Cache
FNAC-ModuleRouting
Server-ID
X-Cache-Tags
X-Cdn-Srv
X-Matched-Rule
X-OVcl
X-Level-Front-Cache
X-Has-Esi
X-Hnp-Log
X-Fastly-Cache
X-Generated-On
ServerName
X-Internal-Host
X-Irp-Debug
X-Cache-Info
Adler-Geo
X-JWT-State
X-Is-Gdpr
X-Core-Value
X-Platform-Server
X-Up
X-Variation
Platform
X-OVcl-Cache
PFcat
X-Thinkindot-L3
Server-Host
Web-Mar-Node
Thinkindot-Control
X-Server-W
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Fetched-On
X-Nginx-Cache
X-Trafficlayer-App-Version
X-ServiceProvider
X-Gen-Mode
X-BBXSRF
Is-Eu
X-Reboot
X-Block-Status
X-Service
X-B3-Parentspanid
X-NU-AKA-ACS-Version
X-Refresh
X-Old-Content-Length
X-Lb-Id
X-S-Maxage
X-SERVER
X-Servername
X-Response-By
Cache-Hits
X-TA-CDN-Provider
RequestId
X-CSRF-TOKEN
X-B3-SpanId
X-Cdn-Forward
X-CF-Powered-By
Filterid
X-Tec-Api-Version
ProcessTime
X-Correlation-ID
X-Tec-Api-Root
X-Tec-Api-Origin
X-Server-IP
X-Air-Hostname
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-Cache-Expired-At
X-Var-Ttl
X-Wa
X-Ua
X-BACKEND-TTL
Pragrma
X-Pjax-Url
Group
X-Unique-ID
Origin
Memory
X-Sucuri-Id
X-Cdn-Request-ID
X-NC
Media-Length
User-Agent
S-Cnection
Powered-By-ChinaCache
TTL
X-CSRF-Token
SRV
X-Vcl-Version
Geoip-Latitude
X-Pf-Uncompressing
X-COUNTRY
GeoIp-Country-Code
X-NGINX-Cache
Esi-Enabled
PICS-Label
X-Varnish-Cacheable
X-Servedbyhost
X-AIR-PT
SN
X-Reqid
X-Sucuri-ID
X-Policy
X-Rocket-Nginx-Bypass
X-Via-CDN
Geoip-City
X-Webkit-CSP
X-Litespeed-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-NWS-UUID-VERIFY
X-Developer
X-Request-Start
M-TraceId
X-HS-Status
X-Via-Ucdn
X-Azure-Ref-OriginShield
HostName
X-TIME
XServer
Rt-Proxy-Cache
X-Device-Os
Dnion-Transfer-Encoding
X-LAGOON
X-Node-Id
X-Ocache
X-Sn-Servicetimems
X-Cache-Grace
X-Cdn-Origin
X-FORWARDED-FOR
X-Fastly-Country-Code
Tcn
On-Server
X-Method
X-Cache-Ttl
A
X-Request-Host
X-MSEdge-Features
X-MSEdge-Flight
Who
Magicmarker
Cdn
Resin-Trace
X-VHOST
X-Ftr-Cache-Host
CF-Cached-On
Cloudfront-Viewer-Country
X-ServedByHost
Pics-Label
X-Cache-Status-Check
Load-Balancing
Hostname
X-Beluga-Trace
GeoIP-Country-Code
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
DSUID
X-Be
X-Bc
X-APP
NtCoent-Length
X-Zone
GeoIP-Latitude
X-VCL-Version
X-Svr
Ohc-Response-Time
Release
X-MServer
X-Oracle-Dms-Rid
MIME-Version
X-VCT
Ttl
GeoIP-City
X-Varnish-URL
Cteonnt-Length
X-Varnish-Url
X-Fastly-Backend-Reqs
X-PF-Uncompressing
Vix-Hermes-Req-Id
X-VarnishDD-TTL
Host-ID
X-Hp-Ccpa-Warning
X-Varnish-Ttl
X-LiteSpeed-Cache-Control
X-DC
X-Newrelic-App-Data
X-PJAX-URL
X-Slack-Backend
WebServer
X-Configured-By
X-Ftr-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-SRV
X-HostName
CACHE
X-DB
X-Dynatrace
X-Action
X-BE
Processtime
X-RSL
X-Swift-Error
X-DW
X-DSS
X-RPM
X-Aicache-OS
X-RPS
X-DI
X-SD-PageType
X-Upstream-Ht
X-Upstream-Ct
X-Ratelimit-Remaining
SD-X-WS
X-Dynatrace-Js-Agent
Servername
X-WR-MODIFICATION
X-Dispatch
X-Processor
X-PAYTM-SRV-ID
L
X-Compress-Hint
Cache-Provider
X-Cache-Id
Arc-Country
Pramga
X-Cache-FS-Status
X-ID
X-Server-Time
X-Skip-Cache
X-SN
X-Tid
X-Frame-Option
X-Branch-Name
Fastly-Drupal-HTML
X-ServerName
X-LB-ID
X-Flog
X-Fastly-Cache-Hits
X-Via-NSCOPI
X-ABtesting
CF-IPCountry
X-StackifyID
X-Ratelimit-Limit
Pagetype
X-Snapshot-Date
Lfy
X-Ftr-Backend
X-DevSite-Last-Modified
Requestid
X-FPC
X-Hello
CDN
X-Ftr-Balancer
X-ND-Cache
X-Release
X-Ftr-Backend-Server
Dynatrace
X-Ftr-Realm
X-Ftr-Dc
X-CACHE-AGE
X-Served-From
D-Cc-Upstream
X-Cc-Req-Id
X-Edge-Server
Cdn-Host
N-Cache
Cdn-Request-Time
X-Cc-Via
V-Cache
X-Scheme
X-Request-Url
Proxy-Firewall
LB
Warning
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-App
X-ZONE
X-SB
X-Edge-IP
X-VC
X-Varnish-Beresp-TTL
X-GEO
X-WA
UCS
X-Fpc
X-Bc-Bl
Correlation-Id
Backend-Name
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Worker
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Powered-Y
X-Request-URL
X-Check-Cacheable
Cache-Cookie-Set-Lfrom
X-Node-ID
X-Fastly-Cache-Status
WP-Super-Cache
X-ElasticPress-Search
Lb
X-BC