Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Xss-Protection
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
CF-Ray
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
X-FRAME-OPTIONS
Status
Upgrade
X-Content-Security-Policy
X-CDN
Content-Encoding
Access-Control-Expose-Headers
X-Ua-Compatible
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
Xkey
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
X-Age
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Ws-Request-Id
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Device
X-Host
X-WebKit-CSP
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Node
X-Ac
Content-Location
Surrogate-Control
X-Vhost
X-Cloud-Trace-Context
X-Readtime
Request-Id
X-Backend-Server
X-Dispatcher
X-Dns-Prefetch-Control
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
NEL
X-DataDome
X-Mod-Pagespeed
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-TTL
X-Country-Code
Accept-Ch
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-FTR-Request-ID
X-TtlSet
X-Vname
X-PC
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
X-GoogleNews-Bot
RTSS
Edge-Cache-Tag
X-D2id
X-Debug
X-Server-Name
X-Px
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
X-Abt-Application-Version
Ar-Sid
X-Vcache
SPRequestGuid
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-Accel-Expires
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Response
X-Middleton-Response
X-MSEdge-Ref
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-Powered-CMS
X-SharePointHealthScore
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-VARITI-CCR
TCN
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
X-Cdn
X-Fastly-Request-ID
MS-Author-Via
Access-Control-Request-Method
X-Ser
Nginx-Cache
X-DynaTrace-JS-Agent
S
X-Shard
SPRequestDuration
SPIisLatency
X-Id
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Upstream
X-Edge-O15-RID
X-Content-Type
X-Ezoic-Cdn
X-Hp-Webp
X-Grace
X-Amzn-Trace-Id
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Hits
DynaTrace
X-Recruiting
Fastcgi-Cache
Nel
X-Aspnet-Version
X-Varnish-Age
X-Jurisdiction
ServerID
X-Cache-TTL
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Mobile-URL
X-Dw-Request-Base-Id
X-Content-Digest
X-DIS-Request-ID
X-Node-Name
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-Server-ID
NR-ENABLED
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Powered
X-GUploader-UploadID
X-Frontend
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
Server-Node
X-Webkit-Csp
TP-Cache
TP-L2-Cache
Alternate-Protocol
Server-Name
X-Logged-In
X-Correlation-Id
X-CST
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Request-Received
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Amz-Apigw-Id
X-Microsite
X-Amzn-RequestId
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Cache-Hit
X-Content-Options
X-Origin-Server
Refresh
X-Content-Security-Policy-Report-Only
X-F-Cache
X-User-Agent
X-Revision
X-Page-Id
X-Rid
X-Akamai-Edgescape
Fastly-Restarts
X-Type
X-Zen-Fury
X-Varnish-Grace
X-XRDS-Location
X-Content-Powered-By
X-LB-Cache
X-B3-Sampled
X-B
X-Geo-Country
X-Az
PB-PID
PB-RID
X-Activity-Id
X-AppVersion
X-FTR-Cache-Host
Arc-Version
X-Mobile-Rewrite
Cache-Status
X-URL
X-Shield-Request-Id
X-Kinsta-Cache
X-N
X-Pad
X-Cache-Age
X-TT
X-Instance
X-AOL-HN
X-Time
X-WebKit-CSP-Report-Only
X-Jobs
X-Tumblr-Pixel
X-Framework
X-B-Cache
X-Tumblr-User
Actual-Object-TTL
X-Signature
X-Cache-Action
X-Tumblr-Pixel-0
Paypal-Debug-Id
Access-Control-Allow-Method
X-App-Environment
X-Debug-Info
X-Request-Guid
X-FB-Debug
X-Load-Cache
DC
X-PHP-Backend
X-Cached-By
X-Git-Hash
X-RateLimit-Remaining
X-Webapp-Samesite-None-Activated-N
X-Varnish-Backend
X-Tt-Trace-Tag
Fastcgi-Useragent
X-Tt-Trace-Host
X-Erf-Bev-Bev-Is-Generated
X-Amz-Replication-Status
X-Erf-Bev-Bev
Surrogate-Key
X-Analytics
X-IPLB-Instance
FilterID
Host-Header
MS-CV
X-Contextid
X-ATG-Version
X-SS-Set-Cookie
X-Cache-Key
Host
X-WA-Info
X-Cluster
X-ORACLE-APMCS-TAG
X-NWS-LOG-UUID
X-Mobile
X-ORACLE-APMCS-REQUEST-ID
X-Response-Served-From
X-Accel-Buffering
NGB
Tracecode
X-Via-JSL
WPE-Backend
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-FastCGI-Cache
X-Cache-NE
Xserver
Payment
X-Host-Name
X-Cache-2
Source
Eomportal-Instance
X-Srv
X-FW-Hash
X-Region
X-FW-Type
X-FW-Serve
X-FW-Static
X-Varnish-Server
X-FW-Server
Cache-Tv-Group
X-Varnish-Hostname
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Filters
X-GeoIP
Frame-Options
X-Origin-Response-Time
X-Cacheable-TTL
X-Adobe-Loc
X-Cache-Enabled
X-Adobe-Content
X-Rendered-As
X-RequestSource
X-Cache-Operation
X-Is-Bot
X-Cache-Rule
X-Seen-By
X-TX-ID
X-EdgeConnect-Cache-Status
Retry-After
X-NewRelic-App-Data
X-Presslabs-Stats
Server-Info
Cleartype
X-Hostname
X-Cache-TTL-Remaining
X-RemovedCookies
X-ProcessESI
Liferay-Portal
X-VCache
X-UA
X-Dc
Accept-CH
Ms-Operation-Id
X-RTag
X-B3-Traceid
X-HTML-Minification-Powered-By
X-Environment-Context
Datacenter
X-L-Path
X-App-Server
X-Source
X-FireWall-Port
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Cache-Server
X-PressLabs-Stats
From-Origin
X-Handled-By
Cache
X-Cache-Control
Healthy
X-Backend-Name
Srv
X-CACHE-KEY
Accept-CH-Lifetime
X-Wix-Request-Id
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-Status
X-RN-RSRV
X-Path-Route
Version
X-Cache-Var
X-Section
OT-Force-Account-Verify
X-Proxy-Build
X-Access
X-Format
X-Timing-Wait
X-Tb
Selected-Fe
X-Storage
X-Akamai-Request-ID
X-PCL
X-Proto
X-Alternate-Cache-Key
X-RateLimit-Limit
X-Rule
X-ShardId
Azure-RegionName
X-Sorting-Hat-PodId
Mn-Server-Ip
Azure-SiteName
Azure-InstanceId
X-Sorting-Hat-ShopId
Akamai-GRN
X-Origin
X-UUID
X-OCL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShopId
X-Request-Time
X-EIG-Tracking-Id
X-Content-Age
Azure-SlotName
Azure-Version
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
Cache-Tags
X-Soup
X-Akamai-Request-ID2
X-AWS-Id
Decoy-Debug-Status
Now
Origin-Cache-Control
Origin-Edge-Control
X-Yottaa-Metrics
Node
NGX
Decoy-Debug-Key
X-Yottaa-Optimizations
Decoy-Debug-TTL
Ec-Rule-Version
DB-Nickname
X-Qloud-Router
X-ProxyCache-Status
X-Time-Microsecs
X-Hyper-Cache
X-Redis-Cache
X-LJ-Flow-ID
X-JoinUs
X-Human
X-FW-Dynamic
X-Generated-By
Accept-Charset
X-NYM-Debug-Backend
X-ProxyCache-Key
X-Hosted-By
X-Hl-Ver
X-Debug-Cache
X-FC-Vary-Parameters
X-Web-Node
X-Pubstack
X-SaId
X-VWS-Id
X-BYPASS-REASON
X-Proxy
X-Viewer-Country
X-Cluster-Node
X-Vgn-Hpd-Reason
X-Cache-Config
X-Proxy-Cache-Status
X-ServerID
X-MP-GENERATED-AT
X-Www-Served-By
X-Site-Version
X-Varnish-Hits
X-Say-Cacheable
TWC-Privacy
X-SayCDN-TTL
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-CCM
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-BCube-Filmed-By
X-Generated
X-Origin-Hint
TWC-Connection-Speed
X-Say-TTL
TWC-Device-Class
Property-Id
Cross-Origin-Window-Policy
X-APP-VERSION
X-Ruxit-Js-Agent
X-TNCMS
X-Locale
X-Cache-Host
X-Akamai-Transformed
S-Rt
X-Loop
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-FB-TRIP-ID
X-Amzn-Remapped-Content-Length
X-Detected-As
X-NCache
X-IP
GEO-INFO
L5d-Success-Class
X-Ttl
X-CS
X-Drupal-Cache-Tags
Cache-Name
Webserver
Viewport
Time
Uber-Trace-Id
Cache-Key
X-UA-Device-Type
X-Esi
X-Unique-Id
X-UnsetCookies
X-Cache-Remote
X-Mode
Mime-Version
Accept-Language
X-Forwarded-Host
X-Daa-Tunnel
X-Whom
Country
X-Info
X-Origin-TTL
X-Origin-CC
X-From
X-Trafficlayer-App-Scope
Rt-Fastcgi-Cache
X-Trafficlayer-App-Name
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Odigeo-Trace-Id
X-Varnish-Cache-Hits
X-Cluster-Name
X-NGENIX-Cache
X-Backend-TTL
X-PERF
X-Drupal-Cache-Contexts
X-ApacheServer
Content-Disposition
X-CDN-Forward
X-Microcachable
ServedBy
X-Newrelic-Synthetics
X-TT-TIMESTAMP
X-Magnolia-Registration
X-Geo
X-CLOUD-TRACE-CONTEXT
X-Zipkin-Id
X-Device-Type
X-Edge-Location
X-Routing-Service
Section-Io-Cache
X-B3-Spanid
Proxy-Connection
X-Proxied
Ohc-File-Size
X-Nc
Cf-Ipcountry
X-Via-Fastly
X-Uri
Geo-Info
X-EC-Lua
Ohc-Cache-HIT
X-No-Session
HitType
X-UPSTREAM-Address
Apple-News-Services-Handled
MD5-Digest
Xc-Version
Mobile-Detection-Method
Meta-Geo-Continent
Machine
Rendered-Blocks
X-Transaction
X-Vdms-Version
X-SRCache-Key
Fastcgi-X-Cache-Version
X-VG-TLSProxy
Content-Style-Type
Content-Script-Type
BehaviorPad-Version
AsisCache
GEO-REGION-INFO
Apple-News-Services-Request-Url
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Vtex-Processado-Em
Apple-News-Services-Parsed-Url
X-VG-WebCache
X-VG-WebServer
Apple-News-Services-Host
X-Accel-Expires-Debug
X-Geo-Header
X-Application
X-ARC
X-Session-Fingerprint
X-GeoIP-Country-Code
X-Date
X-S
X-D
X-G
X-B-Cookie
X-CF-Lambda-Version
X-Connection-Hash
X-ScT
X-CF-Lambda-Fn
X-Destination
X-External-Request-Id
X-S-Cookie
X-DPWN-IS-SECURE
X-Aed
X-Rojux
VivaBuild
X-Sigma
W
Viewtype
T-Server
X-Region-Sid
X-Request-UUID
X-Sigma-Backend
X-Rewrite-Enabled
X-A
X-Rocket-Build-Number
X-A-Dcw
X-A-Dam
X-A-Wwc
X-A-Ccd
X-Trv-Group
X-A-Dgt
Access-Control-Request-Headers
User-Cache-Control
X-App-Version
X-C
X-Developers
X-Hit
X-Logging-Id
X-Eu-Site
X-TrackingId
X-Distil-CS
Fastly-Soc-X-Request-Id
X-Agile-Age
X-Agile-Id
HA-Ipaddr
Ha-Gx-Prefs
X-Agile
IsBot
Server-Cache-Control
Server-Surrogate-Control
Powered-By
Locid
X-App-Name
X-Auto-Login
X-CGP
X-Thanos
Environment
X-Contensis-Viewer-Groups
X-Cache-Debug
X-Cache-ASPX
Gh-Request-Id
X-Bip
X-SIPLIST1
X-CUA
CDCHOST
X-VC-Cache
X-Wikidot-Static-Cache
X-WebServer
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Authentication
X-Wikidot-Backend
X-Tumblr-Pixel-3
X-Labrador-Cache-Channel
X-PHP-Host
X-Cache-Backend
X-GoCache-CacheStatus
X-TA-CDN-Provider
X-Render-Time
X-FW-Version
Fastly-SWR
X-Generated-In
X-Gen-Mode
Web-Mar-Node
V-Age
We-Hiring
X-IN-APIGATEWAY
X-Gamma-Serve
X-Generation-Time
X-Real-IP
X-Hnp-Log
Fastly-SIE
Countrycode
Server-ID
X-Fetched-On
Server-Int
X-GeoIP-City
True-Client-Country-4JS
X-Hash
X-RateLimit-Remaining-Second
X-Dispatcher-Server
X-Backend-State
X-BBXSRF
X-Cms-Context
X-Azure-Ref
X-Core-Mission
X-Server-W
X-Clara-WADP
X-Cache-URL
X-Cache-Time
X-Cache-Bucket
X-Cdn-Srv
X-Block-Status
X-TT-LOGID
X-Rebelmouse-Surrogate-Control
X-IN-APIGATEWAYSSL
X-Debug-Log
X-Distributor
X-Clientip
X-Epic-Correlation-Id
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-AK-Request-ID
X-Rebelmouse-Cache-Control
X-Debug-Cache-Fetch
X-Fastly-Cache
Request-Country
X-NodeID
X-Nginx-Cache-Key
X-Trace-Id
Country-Code
X-NX-Host
X-Ms-Version
X-Ms-Request-Id
RNT-Time
X-Proxy-Upstream
X-Micro-Cache
Fastly-SSL
Cdnsip
Cdncip
X-OVcl
X-Urbn-Context-Path
AKAMAI
X-OVcl-Cache
X-Owner
X-Urbn-Site-Id
X-Origin-Expires
X-Request-URI
Cache-Host
X-Origin-Date
X-User
X-VServer
X-RateLimit-Limit-Second
X-Cache-Info
Heartbleed
X-Webstats-RespID
Mail-Subject
X-SVT-ORM-VERSION
Memcached
X-Li-Fabric
X-Li-Pop
X-SVT-ORM-RULES
X-Irp-Debug
X-Swa-Ws
Request-EU
X-WADP-Cache
X-Instart-Isnd
RNT-Machine
IBM-Web2-Location
Kp-EeAlive
X-TH-Server
X-We-Are-Hiring
Locale
X-LI-UUID
X-Key
X-Old-Content-Length
X-Reboot
X-Matched-Rule
X-Generated-On
X-Core-Value
X-LI-Proto
X-Level-Front-Cache
X-Platform-Server
Platform
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
ServerName
X-Has-Esi
X-Req
X-Is-Gdpr
X-Internal-Host
Is-Eu
X-Thinkindot-L3
Server-Host
Adler-Geo
PFcat
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Fastly-Backend-Name
FNAC-ModuleRouting
Thinkindot-Control
X-JWT-State
X-Cache-Tags
X-Service
X-Nginx-Cache
X-Up
X-Trafficlayer-App-Version
X-ServiceProvider
X-NU-AKA-ACS-Version
X-Variation
X-S-Maxage
X-Servername
Cache-Hits
X-Air-Hostname
X-Lb-Id
X-Sucuri-Cache
Group
X-Location
X-Refresh
RequestId
X-Var-Ttl
X-Cache-Expired-At
X-Parent-Response-Time
X-Response-By
S-Cnection
X-SERVER
X-Cdn-Forward
Pragrma
X-Tb-Optimization-Total-Bytes-Saved
X-BACKEND-TTL
X-CF-Powered-By
ProcessTime
Memory
X-B3-SpanId
Powered-By-ChinaCache
Filterid
X-B3-Parentspanid
X-CSRF-Token
X-Tec-Api-Root
X-Tec-Api-Version
X-Pjax-Url
X-Tec-Api-Origin
X-CSRF-TOKEN
Origin
User-Agent
X-Sucuri-ID
X-Unique-ID
X-Pf-Uncompressing
X-Wa
X-Varnish-Cacheable
X-NC
X-Server-IP
TTL
Geoip-Latitude
X-NWS-UUID-VERIFY
GeoIp-Country-Code
X-Via-CDN
X-Vcl-Version
Geoip-City
X-Ua
X-Correlation-ID
Tcn
SRV
X-Developer
X-Node-Id
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-Grace
PICS-Label
X-Ocache
X-LAGOON
X-Device-Os
X-Cdn-Request-ID
X-COUNTRY
Media-Length
X-NGINX-Cache
On-Server
X-Cache-Status-Check
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Rocket-Nginx-Bypass
X-MSEdge-Flight
X-MSEdge-Features
X-Request-Host
Hostname
X-Webkit-CSP
X-Servedbyhost
A
Dnion-Transfer-Encoding
X-Sucuri-Id
X-Litespeed-Cache
Cloudfront-Viewer-Country
X-Varnish-Ttl
X-Via-Ucdn
SN
X-HS-Status
X-Oneagent-Js-Injection
XServer
X-TIME
M-TraceId
Cdn
X-Reqid
Esi-Enabled
X-AIR-PT
X-FORWARDED-FOR
X-Planisys-CDN-TTL
X-ServedByHost
Resin-Trace
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Policy
X-Ratelimit-Remaining
X-Request-Start
Host-ID
CF-Cached-On
X-Azure-Ref-OriginShield
Who
X-Cache-Ttl
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Status
X-Beluga-Node
X-Varnish-URL
X-Beluga-Trace
X-Beluga-Cache-Status
X-Fastly-Country-Code
HostName
X-VHOST
X-Ftr-Cache-Host
Rt-Proxy-Cache
Pics-Label
X-Slack-Backend
CACHE
NtCoent-Length
GeoIP-Country-Code
X-Method
X-VCL-Version
X-Bc
Magicmarker
X-Action
X-APP
X-Zone
X-HostName
MIME-Version
X-Oracle-Dms-Rid
Pramga
Arc-Country
X-Cache-FS-Status
X-Dispatch
X-RSL
X-DI
X-RPM
X-DW
X-DSS
X-RPS
X-DB
Ttl
X-Processor
X-Fastly-Backend-Reqs
X-Server-Time
X-Varnish-Url
GeoIP-Latitude
X-PAYTM-SRV-ID
Cteonnt-Length
X-DC
X-LiteSpeed-Cache-Control
X-Skip-Cache
X-ND-Cache
X-Flog
X-FPC
X-Hello
X-ABtesting
X-PF-Uncompressing
X-Ratelimit-Limit
X-Newrelic-App-Data
X-VarnishDD-TTL
GeoIP-City
Fastly-Drupal-HTML
X-Edge-Server
X-Ftr-Request-Id
X-SRV
Load-Balancing
Amp-Access-Control-Allow-Source-Origin
X-Served-From
Ohc-Response-Time
Cdn-Host
Cdn-Request-Time
X-Swift-Error
WebServer
X-Be
X-Svr
X-PJAX-URL
X-Dynatrace
Processtime
X-DevSite-Last-Modified
X-BE
X-Bc-Bl
Vix-Hermes-Req-Id
N-Cache
X-WA
X-MServer
DSUID
X-Dynatrace-Js-Agent
Servername
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Backend-Host
Section-Io-Id
X-Amzn-Remapped-Date
Cache-Provider
X-Amzn-Remapped-Connection
X-VCT
X-ID
Release
X-Aicache-OS
X-Frame-Option
X-Hp-Ccpa-Warning
X-WR-MODIFICATION
X-Tid
X-Ftr-Realm
Pagetype
WZWS-RAY
X-Configured-By
Lfy
X-Ftr-Dc
Dynatrace
X-StackifyID
Requestid
CDN
X-Ftr-Backend
X-ZONE
CF-IPCountry
X-Ftr-Backend-Server
X-LB-ID
X-Branch-Name
X-Fastly-Cache-Hits
X-Snapshot-Date
X-Ftr-Balancer
X-CACHE-AGE
FSS-Proxy
X-Fmm-Version
FSS-Cache
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cneonction
X-Apw-Access-Action
X-Apw-Access-Object
Proxy-Firewall
X-Cc-Via
X-Apw-Hits
X-BC
X-Upstream-Ht
X-Upstream-Ct
X-Edge-IP
X-SD-PageType
X-ServerName
SD-X-WS
X-Request-Url
X-Apw-Access-Token
D-Cc-Upstream
Warning
X-VC
X-Cc-Req-Id
X-SB
V-Cache
X-Litespeed-Cache-Control
X-SN
X-WPE-Loopback-Upstream-Addr
X-Li-Proto
X-Varnish-Beresp-TTL
Lb
X-Cache-Id
X-Compress-Hint
X-Check-Cacheable
X-Request-URL
X-Powered-Y
X-Worker
X-ElasticPress-Search
X-App
Correlation-Id
WP-Super-Cache
X-Fastly-Cache-Status
Backend-Name
L