Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-OneAgent-JS-Injection
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Varnish-TTL
Accept-Ch
X-DynaTrace
X-Ruxit-JS-Agent
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
Accept-Ch-Lifetime
X-ESI
Verso
X-FTR-Request-ID
X-TTL
X-B3-TraceId
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja
X-Kinja-Build
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
Edge-Cache-Tag
RTSS
X-Px
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
Ar-Sid
X-D2id
X-Debug
X-Abt-Application-Version
X-NF-Request-ID
Charset
X-Server-Name
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-MSEdge-Ref
X-Powered-CMS
X-Cached
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Middleton-Display
Pagespeed
X-Navigation-Version
Display
X-Sol
X-Vcache
X-Middleton-Response
X-Vcap-Request-Id
Response
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Fetch-Status
X-Trace
X-SRCache-Store-Status
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-VARITI-CCR
X-Cdn
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Ser
X-Upstream
X-DynaTrace-JS-Agent
MS-Author-Via
X-Id
X-Shard
SPIisLatency
SPRequestDuration
X-Hp-Webp
Nginx-Cache
X-Ezoic-Cdn
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Forwarded-For
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Content-Type
DynaTrace
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Grace
X-Recruiting
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
ServerID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Node-Name
Nel
NR-ENABLED
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-Edge-O15-RID
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Frontend
X-Content-Digest
Powered
X-GUploader-UploadID
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Server-Name
Alternate-Protocol
X-Cache-TTL
TP-Cache
X-Logged-In
TP-L2-Cache
Server-Node
X-Correlation-Id
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-Webkit-Csp
X-FTR-Balancer
X-FTR-Backend-Server
AMP-Access-Control-Allow-Source-Origin
X-Jurisdiction
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
X-XRDS-Location
X-ATS-Timestamp
Backend-Timing
X-Server-ID
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-Origin-Server
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
X-User-Agent
Refresh
X-Revision
X-Akamai-Edgescape
X-F-Cache
X-Page-Id
X-Rid
X-Cache-Hit
X-Amzn-RequestId
X-Type
X-Amz-Apigw-Id
X-Varnish-Grace
X-XRDS-LOCATION
Fastly-Restarts
X-B3-Sampled
X-Content-Powered-By
X-Zen-Fury
X-Pad
X-URL
X-Analytics
X-Geo-Country
X-Activity-Id
X-Az
X-AppVersion
X-B
X-LB-Cache
X-N
X-RateLimit-Remaining
X-Ttl
X-Kinsta-Cache
PB-PID
PB-RID
X-CST
Arc-Version
X-Oneagent-Js-Injection
X-Cache-Age
X-TT
X-Mobile-Rewrite
X-WebKit-CSP-Report-Only
X-AOL-HN
Cache-Status
X-Jobs
X-Tumblr-User
X-Signature
X-Framework
X-Tumblr-Pixel
Actual-Object-TTL
Paypal-Debug-Id
X-B-Cache
X-Tumblr-Pixel-0
X-App-Environment
X-FTR-Cache-Host
X-Debug-Info
DC
Access-Control-Allow-Method
X-Instance
X-FB-Debug
X-Request-Guid
X-PHP-Backend
X-Load-Cache
X-Cache-Action
X-Time
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Surrogate-Key
X-Git-Hash
FilterID
X-Cached-By
X-Tt-Trace-Tag
Fastcgi-Useragent
X-IPLB-Instance
Host-Header
X-Contextid
X-Amz-Replication-Status
MS-CV
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-ATG-Version
X-FastCGI-Cache
Tracecode
X-VCache
X-Response-Served-From
X-Accel-Buffering
X-Srv
NGB
Frame-Options
WPE-Backend
X-RequestSource
X-Cache-NE
Xserver
X-FW-Type
X-Cache-2
X-FW-Hash
Host
X-FW-Serve
Eomportal-Instance
X-FW-Static
X-FW-Server
X-Varnish-Server
X-Region
X-WA-Info
X-Varnish-Hostname
Payment
X-Tumblr-Pixel-2
X-Mobile
Cache-Tv-Group
Filters
X-Tumblr-Pixel-1
X-Adobe-Content
X-TX-ID
X-IPS-LoggedIn
X-Adobe-Loc
X-GeoIP
Source
X-Cacheable-TTL
X-Host-Name
X-Cache-Enabled
X-Cache-Key
X-Rendered-As
X-NewRelic-App-Data
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Is-Bot
Cleartype
X-Cache-Rule
X-Cache-Operation
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Via-JSL
X-EdgeConnect-Cache-Status
X-Seen-By
X-Hostname
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Cache-Control
Cache
X-PressLabs-Stats
Datacenter
Healthy
X-Trafficlayer-App-Name
Retry-After
X-Trafficlayer-App-Scope
X-Dc
X-HTML-Minification-Powered-By
X-CACHE-KEY
X-ProcessESI
X-RemovedCookies
Server-Info
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-UA
X-Presslabs-Stats
X-Source
X-Rule
Liferay-Portal
X-L-Path
X-Cache-Server
X-Environment-Context
X-NWS-LOG-UUID
From-Origin
X-Endurance-Cache-Level
X-FireWall-Port
Version
X-Status
X-Upgrade-Enabled
X-Wix-Request-Id
X-Path-Route
X-Cache-Var
X-Handled-By
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-B3-Traceid
X-Cache-Var-Map
Selected-Fe
Mn-Server-Ip
X-Content-Age
X-RCS-CacheZone
X-Timing-Wait
X-Proxy-Build
X-Akamai-Request-ID
Webcakes-Region
X-Storage
Property-Id
Azure-Version
Cache-Tags
X-Tb
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
OT-Force-Account-Verify
Akamai-GRN
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Backend-Name
X-ShopId
X-ShardId
X-Qloud-Router
X-Format
X-EIG-Tracking-Id
X-Access
X-AWS-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin-Hint
X-Request-Time
X-Alternate-Cache-Key
X-Section
X-LJ-Flow-ID
X-VWS-Id
X-Hl-Ver
X-Proto
X-FW-Dynamic
X-Xfnlog-Site
X-Proxy
Node
NGX
X-Pubstack
Decoy-Debug-Status
X-Proxy-Cache-Status
DB-Nickname
X-Generated-By
X-Hyper-Cache
Decoy-Debug-TTL
Now
X-JoinUs
X-Cluster-Node
X-Soup
X-Time-Microsecs
X-ProxyCache-Key
X-PCL
X-ProxyCache-Status
X-Web-Node
X-Vgn-Hpd-Reason
X-UUID
X-Akamai-Request-ID2
X-Origin
X-OCL
X-SaId
X-BYPASS-REASON
Origin-Edge-Control
Origin-Cache-Control
X-Viewer-Country
X-ServerID
X-Human
X-Cache-Config
X-Cache-Host
X-Redis-Cache
Decoy-Debug-Key
X-Yottaa-Optimizations
X-Yottaa-Metrics
Accept-CH
X-Varnish-Hits
X-Www-Served-By
X-Generated
X-Debug-Cache
X-FC-Vary-Parameters
X-BCube-Filmed-By
X-CCM
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
S-Rt
X-Hosted-By
X-App-Server
X-NYM-Debug-Backend
X-MP-GENERATED-AT
Cross-Origin-Window-Policy
X-FB-TRIP-ID
X-Locale
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
L5d-Success-Class
X-Loop
X-TNCMS
Ec-Rule-Version
Cache-Name
X-Detected-As
Viewport
Srv
X-CS
X-IP
X-Akamai-Transformed
Uber-Trace-Id
Webserver
Accept-Charset
X-APP-VERSION
X-Esi
X-NCache
VIX-Pulpo-Node
X-Drupal-Cache-Tags
VIX-Pulpo-Upstream-Status
GEO-INFO
Accept-CH-Lifetime
Time
X-From
X-Cache-Remote
X-UA-Device-Type
X-TT-TIMESTAMP
X-Unique-Id
X-Cluster-Name
Cache-Key
Mime-Version
X-Drupal-Cache-Contexts
X-Origin-TTL
X-Edge-Location
X-Origin-CC
Accept-Language
X-Mode
X-Backend-TTL
Country
X-EC-Lua
Odigeo-Trace-Id
X-CDN-Forward
X-Microcachable
X-CLOUD-TRACE-CONTEXT
X-Newrelic-Synthetics
X-Info
Rt-Fastcgi-Cache
X-Forwarded-Host
X-App-Version
X-No-Session
X-UnsetCookies
X-Geo
Ohc-File-Size
Ohc-Cache-HIT
X-ApacheServer
X-Magnolia-Registration
X-PERF
X-B3-Spanid
X-Whom
Proxy-Connection
X-Zipkin-Id
Content-Disposition
X-Routing-Service
X-Proxied
X-Varnish-Cache-Hits
X-UPSTREAM-Address
ServedBy
X-PHP-Host
X-Labrador-Cache-Channel
Geo-Info
X-G
X-S
X-S-Cookie
X-B-Cookie
X-Application
X-Rewrite-Enabled
X-Aed
X-Rojux
MD5-Digest
X-External-Request-Id
X-ARC
X-CF-Lambda-Version
X-Destination
X-Session-Fingerprint
X-SIPLIST1
X-SRCache-Key
X-Date
X-D
X-Accel-Expires-Debug
X-DPWN-IS-SECURE
X-Connection-Hash
X-ScT
X-CF-Lambda-Fn
X-A-Dgt
GEO-REGION-INFO
X-Geo-Header
Viewtype
VivaBuild
T-Server
X-GeoIP-Country-Code
Fastcgi-X-Cache-Version
Content-Script-Type
BehaviorPad-Version
AsisCache
X-Device-Type
IsBot
Meta-Geo-Continent
X-A-Dam
X-A-Dcw
Content-Style-Type
X-Region-Sid
X-A-Ccd
Rendered-Blocks
X-A
Machine
Mobile-Detection-Method
X-A-Wwc
X-Request-UUID
Xc-Version
X-Trv-Group
X-Transaction
Cf-Ipcountry
X-Vtex-Processado-Em
X-Twitter-Response-Tags
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Cache-Time
X-Vtex-Remote-Cache
X-C
Fastly-SSL
User-Cache-Control
X-Real-IP
X-NGENIX-Cache
X-Via-Fastly
X-Cache-Debug
Apple-News-Services-Handled
X-Wikidot-Static-Cache
X-App-Name
X-Wikidot-Backend
Wxu-Next-Region
X-WebServer
X-Cache-ASPX
Environment
Locid
X-Uri
X-Logging-Id
RNT-Machine
Access-Control-Request-Headers
X-Nginx-Cache-Key
X-Bip
X-Auto-Login
Gh-Request-Id
W
Wxu-Next-Hostname
X-TrackingId
X-CUA
Powered-By
X-Core-Mission
X-Contensis-Viewer-Groups
Server-Cache-Control
X-VG-TLSProxy
FNAC-ModuleRouting
RNT-Time
Fastly-Soc-X-Request-Id
Apple-News-Services-Request-Url
X-Thanos
X-Cache-URL
X-Sigma-Backend
X-Rocket-Build-Number
Wxu-Next-Commit
Apple-News-Services-Host
X-Varnish-Authentication
X-VC-Cache
Server-Surrogate-Control
Apple-News-Services-Parsed-Url
X-Tumblr-Pixel-3
X-Developers
X-Req
X-Sigma
Server-Int
X-Cache-Backend
X-Generated-In
We-Hiring
X-GoCache-CacheStatus
Server-ID
X-Hash
X-Hnp-Log
X-IN-APIGATEWAY
CDCHOST
Ha-Gx-Prefs
V-Age
X-Generation-Time
True-Client-Country-4JS
X-GeoIP-City
HA-Ipaddr
X-Gamma-Serve
X-Clientip
X-Cms-Context
X-Clara-WADP
X-Cdn-Srv
X-Cache-Info
X-Render-Time
X-Distributor
X-Dispatcher-Server
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Sucuri-Cache
X-Debug-Cache-Expiry
X-Fastly-Cache
X-Cache-Bucket
X-Distil-CS
X-Gen-Mode
X-CGP
X-Agile-Id
X-Agile
X-Agile-Age
X-AK-Request-ID
X-Epic-Correlation-Id
X-Hit
X-Block-Status
X-BBXSRF
X-Eu-Site
X-Azure-Ref
Web-Mar-Node
Mail-Subject
X-IN-APIGATEWAYSSL
X-NodeID
X-WADP-Cache
AKAMAI
X-NX-Host
X-Ms-Version
Cache-Host
Cdnsip
X-We-Are-Hiring
X-Varnish-Beresp-Status
Cdncip
X-Ms-Request-Id
X-Varnish-Beresp-Ttl
X-Origin-Date
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Rebelmouse-Surrogate-Control
X-User
X-Urbn-Site-Id
X-Proxy-Upstream
X-Urbn-Context-Path
X-Origin-Expires
X-Request-URI
X-OVcl
X-OVcl-Cache
X-Owner
X-Rebelmouse-Cache-Control
Country-Code
Countrycode
Locale
Request-EU
X-Trace-Id
X-SVT-ORM-RULES
Request-Country
X-SVT-ORM-VERSION
X-Swa-Ws
X-Internal-Host
X-Irp-Debug
Kp-EeAlive
Fastly-Backend-Name
X-Webstats-RespID
X-Micro-Cache
X-Instart-Isnd
Fastly-SIE
X-TT-LOGID
Heartbleed
X-Varnish-Beresp-Grace
Fastly-SWR
X-B3-Parentspanid
X-Server-W
X-Thinkindot-L3
X-S-Maxage
X-Trafficlayer-App-Version
X-Up
X-TH-Server
X-Service
X-ServiceProvider
X-NU-AKA-ACS-Version
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Level-Front-Cache
X-Key
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-Generated-On
X-LI-UUID
X-VServer
X-FW-Version
X-Platform-Server
X-Old-Content-Length
X-Backend-State
X-Location
X-Matched-Rule
X-Variation
X-Cache-Tags
Section-Io-Cache
Platform
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
PFcat
Memcached
ServerName
X-Core-Value
Adler-Geo
IBM-Web2-Location
Is-Eu
Thinkindot-Control
X-Nc
X-B3-SpanId
X-Daa-Tunnel
HitType
X-TA-CDN-Provider
X-Nginx-Cache
X-Refresh
X-Lb-Id
X-Fetched-On
Cache-Hits
X-Reboot
X-SERVER
X-Response-By
RequestId
X-Server-IP
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-TOKEN
X-Servername
X-CF-Powered-By
X-Cdn-Forward
X-Tec-Api-Root
X-Parent-Response-Time
X-Tec-Api-Version
ProcessTime
X-Tec-Api-Origin
X-NC
X-Cdn-Request-ID
X-Pjax-Url
X-Wa
Memory
Origin
X-Air-Hostname
Media-Length
X-BACKEND-TTL
X-Unique-ID
User-Agent
Pragrma
X-Cache-Expired-At
Group
X-Var-Ttl
Filterid
X-Sucuri-Id
X-CSRF-Token
TTL
SRV
X-Correlation-ID
X-Ua
S-Cnection
X-Pf-Uncompressing
Geoip-Latitude
X-Vcl-Version
Powered-By-ChinaCache
X-COUNTRY
X-AIR-PT
X-NGINX-Cache
X-Reqid
Esi-Enabled
GeoIp-Country-Code
X-Rocket-Nginx-Bypass
X-TIME
X-Servedbyhost
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Varnish-Cacheable
X-Planisys-CDN-TTL
X-Policy
SN
X-Sucuri-ID
X-Webkit-CSP
X-Litespeed-Cache
X-Azure-Ref-OriginShield
X-Request-Start
PICS-Label
HostName
X-Via-CDN
Rt-Proxy-Cache
Geoip-City
X-Via-Ucdn
XServer
X-Ftr-Cache-Host
X-HS-Status
X-Developer
Dnion-Transfer-Encoding
M-TraceId
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
X-Device-Os
X-LAGOON
X-Cache-Grace
X-Ocache
X-Sn-Servicetimems
X-Cdn-Origin
Magicmarker
X-Fastly-Country-Code
X-Method
Tcn
On-Server
Cdn
X-Ftr-Request-Id
X-Cache-Ttl
X-Node-Id
Who
Load-Balancing
Resin-Trace
X-VHOST
X-ServedByHost
Pics-Label
A
CF-Cached-On
X-MSEdge-Flight
X-MSEdge-Features
X-Request-Host
Ohc-Response-Time
DSUID
X-Svr
X-Be
NtCoent-Length
Cloudfront-Viewer-Country
Release
X-VCT
X-MServer
X-Oss-Request-Id
X-Oss-Object-Type
X-APP
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
Vix-Hermes-Req-Id
GeoIP-Country-Code
X-VCL-Version
X-Bc
X-Cache-Status-Check
X-Zone
MIME-Version
X-Hp-Ccpa-Warning
Hostname
X-Oracle-Dms-Rid
X-Beluga-Cache-Status
X-Varnish-Url
X-Fastly-Backend-Reqs
GeoIP-Latitude
X-VarnishDD-TTL
Cteonnt-Length
X-Beluga-Trace
X-Beluga-Response-Time
Ttl
X-Varnish-URL
X-Beluga-Record
X-Beluga-Status
X-Beluga-Node
X-LiteSpeed-Cache-Control
X-DC
X-Configured-By
GeoIP-City
Host-ID
X-PF-Uncompressing
X-Newrelic-App-Data
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Dc
SD-X-WS
X-PJAX-URL
X-SRV
X-Ftr-Backend-Server
X-SD-PageType
X-Ftr-Backend
X-Upstream-Ct
X-Upstream-Ht
X-HostName
X-WR-MODIFICATION
X-Ratelimit-Remaining
CACHE
X-Compress-Hint
X-BE
X-Slack-Backend
X-Tid
Processtime
X-SN
X-Dynatrace
X-Aicache-OS
X-Cache-Id
Servername
X-Dynatrace-Js-Agent
X-Swift-Error
X-Release
L
X-ID
X-Via-NSCOPI
WebServer
Cache-Provider
X-Action
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
X-Ratelimit-Limit
X-Skip-Cache
Dynatrace
X-StackifyID
Requestid
X-Scheme
CF-IPCountry
X-Dispatch
X-Fastly-Cache-Hits
X-DW
LB
Lfy
X-ServerName
Pagetype
X-RPM
X-PAYTM-SRV-ID
X-Cache-FS-Status
Pramga
Arc-Country
X-RPS
X-RSL
X-DSS
X-DI
X-Server-Time
X-Snapshot-Date
CDN
X-Branch-Name
X-DB
X-LB-ID
X-Processor
X-CACHE-AGE
X-VC
Warning
X-Cc-Via
X-SB
X-Cc-Req-Id
D-Cc-Upstream
X-Request-Url
Cache-Cookie-Set-From
X-FPC
Proxy-Firewall
X-ND-Cache
Cache-Cookie-Set-Idcheck
X-ZONE
Cache-Cookie-Set-Lfrom
X-Node-ID
X-Edge-IP
X-Hello
X-Apw-Access-Action
X-DevSite-Last-Modified
X-Varnish-Beresp-TTL
X-ABtesting
Fastly-Drupal-HTML
X-Flog
UCS
X-Apw-Access-Object
V-Cache
X-Apw-Access-Token
X-Apw-Hits
NnCoection
X-Fpc
X-Served-From
Backend-Name
X-App
X-BC
Correlation-Id
X-Litespeed-Cache-Control
Lb
X-Worker
WP-Super-Cache
X-Check-Cacheable
X-Request-URL
X-Powered-Y
X-ElasticPress-Search
X-Fastly-Cache-Status