Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
X-DataDome
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
Accept-Ch
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-TTL
Verso
X-ESI
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
Edge-Cache-Tag
RTSS
AR-Request-ID
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
Charset
SPRequestGuid
X-NF-Request-ID
X-Vcache
X-Amz-Server-Side-Encryption
X-Server-Name
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Powered-CMS
X-Amz-Rid
Response
X-Middleton-Response
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
Pagespeed
X-Sol
Display
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Middleton-Display
X-Vcap-Request-Id
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-Trace
X-SharePointHealthScore
TCN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Fastcgi-Cache
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
S
X-Upstream
MS-Author-Via
X-DynaTrace-JS-Agent
X-Shard
SPIisLatency
X-Id
SPRequestDuration
Nginx-Cache
X-Ezoic-Cdn
X-Hp-Webp
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Content-Type
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
DynaTrace
X-Grace
Nel
X-Recruiting
Front-End-Https
X-Forwarded-For
X-Hits
X-Aspnet-Version
Fastcgi-Cache
X-Varnish-Age
ServerID
X-Edge-O15-RID
X-DIS-Request-ID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Frontend
Powered
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Cache-TTL
Server-Name
Alternate-Protocol
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-Logged-In
Server-Node
TP-Cache
TP-L2-Cache
X-Jurisdiction
X-Correlation-Id
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
Upgrade-Insecure-Requests
AMP-Access-Control-Allow-Source-Origin
X-Server-ID
X-Content-Options
X-Page-Id
X-Cache-Hit
X-Origin-Server
Refresh
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
X-Rid
X-F-Cache
X-Amz-Apigw-Id
X-Akamai-Edgescape
X-Amzn-RequestId
X-Varnish-Grace
X-Type
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
Fastly-Restarts
X-XRDS-LOCATION
X-Zen-Fury
X-Geo-Country
X-Content-Powered-By
X-LB-Cache
X-B3-Sampled
X-URL
X-B
X-Az
X-AppVersion
X-Activity-Id
X-Pad
X-Analytics
X-RateLimit-Remaining
X-CST
X-FTR-Cache-Host
X-Kinsta-Cache
X-N
PB-PID
PB-RID
X-Ruxit-Js-Agent
Arc-Version
X-Mobile-Rewrite
X-Webkit-Csp
Cache-Status
X-TT
X-Cache-Age
X-WebKit-CSP-Report-Only
X-Debug-Info
X-Instance
X-AOL-HN
Actual-Object-TTL
X-Time
DC
X-App-Environment
X-Signature
X-Tumblr-Pixel
X-Tumblr-User
X-Request-Guid
X-Jobs
X-B-Cache
X-Framework
Paypal-Debug-Id
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-FB-Debug
X-PHP-Backend
X-Cache-Action
X-Load-Cache
X-Git-Hash
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Ttl
X-Varnish-Backend
X-Cached-By
X-Tt-Trace-Tag
Host-Header
Fastcgi-Useragent
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
X-Tt-Trace-Host
MS-CV
FilterID
X-SS-Set-Cookie
X-ATG-Version
X-Cluster
X-FastCGI-Cache
Tracecode
X-Cache-Key
NGB
X-Accel-Buffering
X-Response-Served-From
X-WA-Info
X-Srv
WPE-Backend
X-B3-Traceid
Frame-Options
X-Varnish-Server
Payment
X-Cache-NE
X-Host-Name
X-FW-Hash
Host
X-FW-Serve
X-Mobile
Xserver
Eomportal-Instance
X-Region
X-FW-Server
X-FW-Type
X-Cache-2
X-FW-Static
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Source
X-RequestSource
X-Rendered-As
X-Is-Bot
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Rule
X-Cache-Operation
X-Varnish-Hostname
Cache-Tv-Group
X-GeoIP
X-Adobe-Content
Filters
X-Cache-Enabled
X-Adobe-Loc
X-Cacheable-TTL
X-TX-ID
X-Oneagent-Js-Injection
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-Origin-Response-Time
X-Hostname
Cleartype
X-Via-JSL
X-Seen-By
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cache-TTL-Remaining
Cache
X-VCache
Accept-CH
Retry-After
Server-Info
X-Presslabs-Stats
X-HTML-Minification-Powered-By
X-Cache-Control
X-ProcessESI
Healthy
X-RemovedCookies
Datacenter
X-PressLabs-Stats
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-NWS-LOG-UUID
Liferay-Portal
X-Source
X-Dc
X-UA
X-Cache-Server
X-L-Path
X-FireWall-Port
From-Origin
X-Environment-Context
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Endurance-Cache-Level
X-Rule
Accept-CH-Lifetime
X-Upgrade-Enabled
X-CACHE-KEY
X-Esi
Version
X-Wix-Request-Id
X-Status
X-Handled-By
X-App-Server
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
X-Path-Route
Meta-Geo
X-Cache-Var-Map
X-Proxy-Build
X-APP-VERSION
OT-Force-Account-Verify
X-Section
X-Tb
X-Timing-Wait
X-Format
Selected-Fe
X-Access
X-Request-Time
Akamai-GRN
Azure-SlotName
X-Backend-Name
X-BYPASS-REASON
Mn-Server-Ip
Azure-SiteName
X-ShardId
Azure-Version
X-Alternate-Cache-Key
X-Storage
X-Akamai-Request-ID
X-Proto
X-Origin
X-OCL
X-Shopify-Stage
X-EIG-Tracking-Id
X-Shopify-Generated-Cart-Token
Azure-RegionName
Cache-Tags
X-PCL
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ProxyCache-Key
X-ProxyCache-Status
Azure-InstanceId
X-Content-Age
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Human
Origin-Edge-Control
TWC-Locale-Group
TWC-Privacy
Decoy-Debug-TTL
Property-Id
S-Rt
Decoy-Debug-Status
TWC-Connection-Speed
TWC-Device-Class
Now
Node
Webcakes-App-Name
Origin-Cache-Control
TWC-GeoIP-Country
NGX
TWC-GeoIP-LatLong
X-SaId
X-Qloud-Router
X-RCS-CacheZone
X-Redis-Cache
X-Pubstack
X-Proxy-Cache-Status
X-Origin-Hint
X-Proxy
Decoy-Debug-Key
X-ServerID
X-Viewer-Country
X-VWS-Id
X-Web-Node
X-Vgn-Hpd-Reason
X-UUID
X-Soup
X-Time-Microsecs
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-Cache-Host
X-Cluster-Node
X-Debug-Cache
X-Cache-Config
X-AWS-Id
Webcakes-Region
X-Akamai-Request-ID2
X-FC-Vary-Parameters
X-FW-Dynamic
X-JoinUs
X-LJ-Flow-ID
X-Hyper-Cache
X-Hosted-By
X-Generated-By
X-Hl-Ver
Webcakes-App-Version
Ec-Rule-Version
X-Yottaa-Optimizations
DB-Nickname
X-Yottaa-Metrics
X-Detected-As
X-CCM
X-Xfnlog-Site
X-Varnish-Hits
X-Www-Served-By
X-Generated
X-Locale
X-Say-Cacheable
X-IP
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
X-BCube-Filmed-By
Cross-Origin-Window-Policy
L5d-Success-Class
X-TNCMS
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-Loop
Srv
X-Akamai-Transformed
Cache-Name
X-CS
Accept-Charset
Viewport
Uber-Trace-Id
GEO-INFO
X-NCache
X-Drupal-Cache-Tags
X-Unique-Id
Webserver
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UA-Device-Type
X-Cache-Remote
X-Backend-TTL
X-From
Cache-Key
Time
X-CDN-Forward
X-Origin-CC
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Cluster-Name
X-TT-TIMESTAMP
Accept-Language
X-Edge-Location
Mime-Version
Country
Odigeo-Trace-Id
X-Forwarded-Host
X-Mode
X-B3-Spanid
X-Microcachable
Rt-Fastcgi-Cache
X-CLOUD-TRACE-CONTEXT
X-UnsetCookies
X-EC-Lua
X-Info
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-Geo
X-Whom
X-PERF
X-ApacheServer
Ohc-File-Size
Ohc-Cache-HIT
X-Magnolia-Registration
X-No-Session
ServedBy
Content-Disposition
Proxy-Connection
X-UPSTREAM-Address
X-NGENIX-Cache
Geo-Info
X-Proxied
X-Device-Type
X-Routing-Service
X-Zipkin-Id
X-PHP-Host
X-Labrador-Cache-Channel
Cf-Ipcountry
X-Rewrite-Enabled
X-Request-UUID
X-Via-Fastly
X-Rojux
X-S
X-Region-Sid
X-Rocket-Build-Number
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-S-Cookie
X-Geo-Header
Apple-News-Services-Handled
X-Session-Fingerprint
X-VG-WebCache
X-VG-TLSProxy
X-VG-WebServer
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Vdms-Version
X-Twitter-Response-Tags
X-Sigma
BehaviorPad-Version
X-Sigma-Backend
X-SRCache-Key
X-Trv-Group
X-Transaction
X-ScT
Content-Script-Type
X-A-Dgt
X-A-Wwc
X-A-Dcw
X-Date
X-A-Ccd
X-A-Dam
X-Accel-Expires-Debug
X-Aed
X-Connection-Hash
X-CF-Lambda-Fn
X-D
X-B-Cookie
X-Application
X-ARC
X-A
W
Machine
MD5-Digest
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Content-Style-Type
X-G
Meta-Geo-Continent
Rendered-Blocks
Viewtype
VivaBuild
T-Server
X-Destination
X-External-Request-Id
X-DPWN-IS-SECURE
X-CF-Lambda-Version
Mobile-Detection-Method
X-Real-IP
User-Cache-Control
X-Uri
X-Cache-Time
X-C
CDCHOST
X-Eu-Site
Locid
X-GoCache-CacheStatus
X-Distil-CS
X-Epic-Correlation-Id
IsBot
HA-Ipaddr
X-Logging-Id
X-Hit
Gh-Request-Id
X-Developers
Ha-Gx-Prefs
Environment
Powered-By
X-Auto-Login
X-Backend-State
X-App-Name
X-Agile-Id
X-Agile
X-Agile-Age
Server-Surrogate-Control
X-Bip
X-CGP
X-Contensis-Viewer-Groups
X-Cache-Debug
Server-Cache-Control
X-Cache-ASPX
X-CUA
Fastly-Soc-X-Request-Id
X-SIPLIST1
X-VC-Cache
X-Render-Time
X-Sucuri-Cache
X-Tumblr-Pixel-3
X-Thanos
X-TrackingId
Fastly-SSL
X-Varnish-Authentication
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WebServer
X-App-Version
Access-Control-Request-Headers
HitType
Web-Mar-Node
Wxu-Next-Hostname
Wxu-Next-Region
X-Urbn-Context-Path
X-Cms-Context
X-Core-Mission
X-Dispatcher-Server
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Clientip
X-Debug-Log
Wxu-Next-Commit
X-TT-LOGID
X-Daa-Tunnel
X-Webstats-RespID
X-VServer
X-Block-Status
X-BBXSRF
X-Azure-Ref
X-We-Are-Hiring
X-WADP-Cache
X-Cache-Backend
X-Cache-Bucket
X-AK-Request-ID
X-Urbn-Site-Id
X-Cdn-Srv
X-User
X-Trace-Id
X-Cache-Info
X-Clara-WADP
X-TH-Server
X-Rebelmouse-Surrogate-Control
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-Location
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Nginx-Cache-Key
X-NodeID
X-Owner
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-OVcl-Cache
X-OVcl
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-Req
X-Key
X-SVT-ORM-VERSION
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-Gamma-Serve
X-FW-Version
X-Rebelmouse-Cache-Control
X-Swa-Ws
X-Fastly-Cache
X-SVT-ORM-RULES
X-GeoIP-City
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Irp-Debug
We-Hiring
X-IN-APIGATEWAY
X-Hash
X-Request-URI
X-Hnp-Log
X-Distributor
X-Cache-URL
Mail-Subject
Memcached
Locale
Kp-EeAlive
IBM-Web2-Location
Request-Country
Request-EU
Server-ID
Section-Io-Cache
RNT-Time
RNT-Machine
Heartbleed
FNAC-ModuleRouting
AKAMAI
Cache-Host
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Cdncip
Country-Code
Fastly-SWR
Fastly-SIE
Fastly-Backend-Name
Countrycode
Server-Int
Cdnsip
True-Client-Country-4JS
V-Age
X-Nc
X-Core-Value
X-Thinkindot-L3
X-Nginx-Cache
PFcat
X-Trafficlayer-App-Version
X-Server-W
X-Platform-Server
Platform
X-Reboot
X-Service
X-Generated-On
Is-Eu
X-ServiceProvider
X-Has-Esi
X-Internal-Host
Thinkindot-Control
Adler-Geo
ServerName
X-Is-Gdpr
Thinkindot-CacheControl
X-NU-AKA-ACS-Version
X-Old-Content-Length
Server-Host
X-Level-Front-Cache
X-Cache-Tags
Thinkindot-CacheControl-Type
X-Fetched-On
X-Variation
X-Matched-Rule
X-JWT-State
X-Up
X-B3-Parentspanid
X-Response-By
Cache-Hits
X-Servername
X-SERVER
X-S-Maxage
X-Refresh
X-TA-CDN-Provider
RequestId
X-Lb-Id
X-CSRF-TOKEN
X-CF-Powered-By
Filterid
X-Air-Hostname
X-Server-IP
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Root
ProcessTime
X-NC
X-Parent-Response-Time
X-B3-SpanId
X-Wa
X-Cache-Expired-At
X-Var-Ttl
Group
X-Ua
Pragrma
X-Cdn-Forward
X-Cdn-Request-ID
X-Pjax-Url
Media-Length
Origin
User-Agent
Memory
S-Cnection
X-CSRF-Token
X-Pf-Uncompressing
Powered-By-ChinaCache
X-BACKEND-TTL
X-Correlation-ID
SRV
X-Unique-ID
X-Sucuri-Id
TTL
Geoip-Latitude
SN
X-COUNTRY
X-Vcl-Version
PICS-Label
X-FORWARDED-FOR
GeoIp-Country-Code
X-Sucuri-ID
X-NGINX-Cache
X-Servedbyhost
Esi-Enabled
X-AIR-PT
X-Varnish-Cacheable
X-Reqid
X-Rocket-Nginx-Bypass
X-Policy
X-Litespeed-Cache
X-Webkit-CSP
X-Via-CDN
X-Planisys-CDN-TTL
Geoip-City
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-NWS-UUID-VERIFY
X-Azure-Ref-OriginShield
X-Request-Start
X-Via-Ucdn
M-TraceId
X-HS-Status
X-Developer
X-TIME
XServer
HostName
Rt-Proxy-Cache
X-Sn-Servicetimems
X-Node-Id
X-Ocache
X-Cache-Grace
Dnion-Transfer-Encoding
X-Device-Os
X-LAGOON
X-Cdn-Origin
On-Server
Tcn
X-Fastly-Country-Code
X-MSEdge-Flight
A
Magicmarker
X-MSEdge-Features
Resin-Trace
X-Cache-Ttl
Who
X-Method
X-Request-Host
X-VHOST
X-Ftr-Cache-Host
Cdn
CF-Cached-On
X-ServedByHost
Load-Balancing
X-Cache-Status-Check
X-Beluga-Status
GeoIP-Country-Code
X-Beluga-Record
MIME-Version
X-Beluga-Cache-Status
Cloudfront-Viewer-Country
X-VCL-Version
Pics-Label
X-Beluga-Response-Time
X-Beluga-Trace
Hostname
X-Beluga-Node
X-Oss-Storage-Class
X-Oss-Server-Time
X-DC
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
NtCoent-Length
GeoIP-Latitude
DSUID
Ohc-Response-Time
X-Be
X-APP
Ttl
X-Svr
X-VCT
Release
X-Oracle-Dms-Rid
X-MServer
GeoIP-City
Cteonnt-Length
X-Varnish-Url
X-Zone
X-Fastly-Backend-Reqs
Host-ID
X-Varnish-URL
X-Bc
Vix-Hermes-Req-Id
X-LiteSpeed-Cache-Control
X-Varnish-Ttl
X-Hp-Ccpa-Warning
X-SERVER-NAME
X-PF-Uncompressing
X-VarnishDD-TTL
X-Newrelic-App-Data
X-PJAX-URL
X-SRV
X-Slack-Backend
X-Configured-By
WebServer
Amp-Access-Control-Allow-Source-Origin
X-Ftr-Request-Id
X-HostName
X-Action
Processtime
X-Swift-Error
X-BE
X-Dynatrace
X-Ratelimit-Remaining
X-DB
SD-X-WS
X-DI
X-RSL
X-Upstream-Ct
X-SD-PageType
X-Aicache-OS
X-RPS
X-DSS
X-Upstream-Ht
X-DW
X-RPM
X-WR-MODIFICATION
Servername
X-Dynatrace-Js-Agent
Pramga
X-Skip-Cache
Arc-Country
CACHE
Cache-Provider
X-Server-Time
X-FPC
X-PAYTM-SRV-ID
X-Cache-FS-Status
X-Processor
X-Dispatch
X-ID
X-Tid
X-Compress-Hint
L
CDN
X-Cache-Id
X-LB-ID
X-SN
X-Frame-Option
Pagetype
Dynatrace
X-Ftr-Realm
X-DevSite-Last-Modified
X-Hello
X-Fastly-Cache-Hits
X-ND-Cache
X-StackifyID
Lfy
X-Ftr-Dc
X-Flog
X-Ftr-Balancer
X-ABtesting
Requestid
Fastly-Drupal-HTML
CF-IPCountry
X-ServerName
X-Branch-Name
X-Via-NSCOPI
X-Snapshot-Date
X-Ftr-Backend-Server
X-Ftr-Backend
X-Release
X-Ratelimit-Limit
X-CACHE-AGE
X-Cc-Req-Id
X-Cc-Via
X-Scheme
X-ZONE
X-Edge-IP
D-Cc-Upstream
X-Varnish-Beresp-TTL
Proxy-Firewall
X-Apw-Access-Action
Warning
X-Apw-Hits
V-Cache
X-Edge-Server
X-Request-Url
X-Served-From
X-Apw-Access-Token
LB
X-Apw-Access-Object
X-VC
X-SB
Cdn-Host
N-Cache
Cdn-Request-Time
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-WA
CloudFront-Viewer-Country
Inserted-Into-Cache-At
X-Check-Cacheable
Cache-Cookie-Set-Lfrom
WP-Super-Cache
X-ElasticPress-Search
Cache-Cookie-Set-Idcheck
X-BC
X-Worker
Cache-Cookie-Set-From
X-Powered-Y
X-Request-URL
X-Node-ID
Lb
UCS
Backend-Name
X-App
Correlation-Id
X-Fastly-Cache-Status