Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-AH-Environment
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
Content-Location
X-Origin-Cache
X-Response-Time
X-OneAgent-JS-Injection
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-ORACLE-DMS-ECID
X-Cnection
X-HW
X-DataDome
X-Application-Context
X-ORACLE-DMS-RID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
NEL
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-DynaTrace
X-Varnish-TTL
X-Country-Code
Accept-Ch
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-TTL
X-FTR-Request-ID
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Server
X-Exp-Variant
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Cdn-Fetch
Edge-Cache-Tag
RTSS
X-Px
AR-ATIME
Ar-Sid
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-D2id
X-Abt-Application-Version
X-Debug
Charset
X-NF-Request-ID
SPRequestGuid
X-Server-Name
X-Amz-Server-Side-Encryption
X-Vcache
X-Powered-CMS
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Middleton-Display
Display
X-Sol
Pagespeed
Response
X-Middleton-Response
X-Navigation-Version
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-VARITI-CCR
Realpath
X-Cdn
Public-Key-Pins
Cache-Tag
Access-Control-Request-Method
X-Client-IP
S
X-Upstream
X-Fastly-Request-ID
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
X-Id
SPIisLatency
SPRequestDuration
X-Hp-Webp
DynaTrace
X-Forwarded-For
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Content-Type
X-T
X-Amz-Meta-S3cmd-Attrs
Nginx-Cache
X-Amzn-Trace-Id
X-Recruiting
Front-End-Https
X-Grace
Fastcgi-Cache
X-Hits
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
X-Node-Name
NR-ENABLED
X-Element-Page-Cache
X-Content-Digest
X-Frontend
X-Goog-Generation
Powered
X-Goog-Metageneration
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-GUploader-UploadID
X-HS-Cache-Config
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Nel
X-Edge-O15-RID
Server-Name
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
Alternate-Protocol
X-Logged-In
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
TP-L2-Cache
TP-Cache
X-Correlation-Id
Server-Node
X-Cache-TTL
X-Webkit-Csp
X-Webapp-Samesite-None-Activated-N
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Shield-Request-Id
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
X-Server-ID
X-XRDS-LOCATION
X-Jurisdiction
Upgrade-Insecure-Requests
Refresh
X-Page-Id
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Rid
X-Revision
X-Akamai-Edgescape
X-User-Agent
X-Origin-Server
X-Varnish-Grace
X-ATS-Timestamp
X-Cache-Hit
X-Amz-Apigw-Id
Backend-Timing
X-Amzn-RequestId
X-F-Cache
X-XRDS-Location
X-Type
Fastly-Restarts
X-Pad
X-Content-Powered-By
X-Geo-Country
X-Analytics
X-URL
X-Az
X-N
X-AppVersion
X-Activity-Id
X-B3-Sampled
X-LB-Cache
X-B
X-Zen-Fury
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-PID
X-TT
PB-RID
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Cache-Age
X-Jobs
X-Tumblr-Pixel
X-Request-Guid
X-Tumblr-Pixel-0
X-Mobile-Rewrite
X-Tumblr-User
Arc-Version
Actual-Object-TTL
X-App-Environment
X-Framework
X-Instance
DC
Paypal-Debug-Id
X-Debug-Info
Access-Control-Allow-Method
X-B-Cache
X-FB-Debug
X-PHP-Backend
X-Signature
Cache-Status
X-CST
X-Load-Cache
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Cache-Action
X-Erf-Bev-Bev
X-Varnish-Backend
Fastcgi-Useragent
X-Ttl
X-Git-Hash
FilterID
Host-Header
X-Time
X-Cached-By
X-IPLB-Instance
X-Tt-Trace-Tag
X-Contextid
MS-CV
X-Amz-Replication-Status
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-Cache-Key
X-ATG-Version
Tracecode
X-FastCGI-Cache
X-Srv
Frame-Options
X-Accel-Buffering
X-Response-Served-From
NGB
WPE-Backend
Eomportal-Instance
X-Varnish-Server
Source
Cache-Tv-Group
X-FW-Hash
X-FW-Serve
Xserver
Host
Filters
X-Varnish-Hostname
X-Cache-NE
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Payment
X-Adobe-Content
X-Adobe-Loc
X-Region
X-FW-Server
X-RequestSource
X-GeoIP
X-IPS-LoggedIn
X-FW-Type
X-Cache-2
X-FW-Static
X-Cacheable-TTL
X-Cache-Enabled
X-TX-ID
X-WA-Info
X-Rendered-As
X-Is-Bot
X-Mobile
X-Host-Name
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
Cleartype
X-Kong-Upstream-Latency
X-NewRelic-App-Data
X-Seen-By
X-Trafficlayer-App-Scope
X-Cache-Operation
X-Cache-Rule
X-Trafficlayer-App-Name
X-EdgeConnect-Cache-Status
Cache
X-Hostname
X-Origin-Response-Time
X-Via-JSL
X-VCache
Healthy
X-Cache-TTL-Remaining
X-Cache-Control
X-HTML-Minification-Powered-By
Datacenter
X-Presslabs-Stats
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-B3-Traceid
Accept-CH
Retry-After
Server-Info
X-Dc
Ms-Operation-Id
X-RemovedCookies
X-ProcessESI
X-RTag
X-UA
X-Rule
X-PressLabs-Stats
X-RateLimit-Limit
X-Cache-Server
Version
X-CACHE-KEY
X-Wix-Request-Id
From-Origin
X-Environment-Context
Liferay-Portal
X-FireWall-Port
X-L-Path
X-Status
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-Source
X-Endurance-Cache-Level
Accept-CH-Lifetime
Meta-Geo
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
X-Path-Route
X-Cache-Var-Map
X-Proxy-Build
Selected-Fe
X-Timing-Wait
X-Handled-By
OT-Force-Account-Verify
X-Storage
X-Tb
X-UUID
X-Backend-Name
X-Proto
X-Hyper-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proxy
X-Hosted-By
Ec-Rule-Version
X-Section
X-BYPASS-REASON
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
NGX
Node
X-Akamai-Request-ID2
S-Rt
X-Alternate-Cache-Key
Origin-Edge-Control
Now
Origin-Cache-Control
DB-Nickname
X-Cache-Config
X-JoinUs
X-Human
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Origin
X-OCL
X-ProxyCache-Key
X-Hl-Ver
X-Debug-Cache
X-Cache-Host
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Generated-By
X-PCL
X-ShardId
X-Access
X-ProxyCache-Status
X-VWS-Id
Akamai-GRN
X-Format
TWC-Privacy
X-Viewer-Country
X-Web-Node
Webcakes-App-Name
X-Qloud-Router
X-Content-Age
X-AWS-Id
X-Akamai-Request-ID
Webcakes-Region
X-FW-Dynamic
Webcakes-App-Version
X-Origin-Hint
X-LJ-Flow-ID
Cache-Tags
X-Vgn-Hpd-Reason
X-ServerID
X-ShopId
X-Shopify-Generated-Cart-Token
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
X-Pubstack
X-Redis-Cache
X-SaId
TWC-GeoIP-LatLong
X-Time-Microsecs
X-Shopify-Stage
X-Soup
TWC-Connection-Speed
X-Sorting-Hat-ShopId
Property-Id
X-Sorting-Hat-PodId
Azure-RegionName
Mn-Server-Ip
Azure-SiteName
X-BCube-Filmed-By
Azure-SlotName
Azure-Version
X-Xfnlog-Site
X-Site-Version
X-MP-GENERATED-AT
X-Locale
X-NYM-Debug-Backend
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
X-Varnish-Hits
X-IP
X-Proxy-Cache-Status
X-CCM
X-Cluster-Node
X-Generated
X-Www-Served-By
X-Request-Time
X-RCS-CacheZone
Azure-InstanceId
L5d-Success-Class
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
X-FB-TRIP-ID
Cache-Name
Cross-Origin-Window-Policy
X-Detected-As
X-App-Server
Viewport
X-APP-VERSION
X-R9-Blue-Green-Version
Uber-Trace-Id
X-CS
Webserver
VIX-Pulpo-Upstream-Status
Time
GEO-INFO
VIX-Pulpo-Node
Accept-Charset
X-Akamai-Transformed
X-Esi
Srv
X-NCache
X-Drupal-Cache-Tags
X-From
X-Cache-Remote
X-Unique-Id
X-UA-Device-Type
X-Cluster-Name
X-Edge-Location
X-TT-TIMESTAMP
X-Drupal-Cache-Contexts
X-Origin-CC
X-Origin-TTL
Cache-Key
Mime-Version
X-EC-Lua
Accept-Language
Country
X-Backend-TTL
X-Mode
Odigeo-Trace-Id
X-CDN-Forward
X-Newrelic-Synthetics
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-B3-Spanid
X-Microcachable
Ohc-Cache-HIT
Ohc-File-Size
X-Info
X-Geo
X-No-Session
X-Forwarded-Host
Proxy-Connection
X-UPSTREAM-Address
X-Magnolia-Registration
X-PHP-Host
X-Labrador-Cache-Channel
X-UnsetCookies
X-App-Version
Content-Disposition
ServedBy
X-Varnish-Cache-Hits
X-Whom
X-Real-IP
X-Routing-Service
X-Zipkin-Id
X-Proxied
Fastly-SSL
X-Cache-Time
Cf-Ipcountry
X-ApacheServer
X-PERF
X-A-Dcw
X-A-Dgt
X-A-Dam
Content-Script-Type
Content-Style-Type
X-A-Wwc
X-Accel-Expires-Debug
X-Application
Meta-Geo-Continent
BehaviorPad-Version
X-Aed
X-ARC
Fastcgi-X-Cache-Version
VivaBuild
MD5-Digest
Viewtype
T-Server
Rendered-Blocks
Machine
Mobile-Detection-Method
Powered-By
X-A-Ccd
X-A
GEO-REGION-INFO
AsisCache
X-Geo-Header
X-S-Cookie
X-ScT
X-S
X-Rojux
X-Vdms-Version
X-Vtex-Remote-Cache
X-Session-Fingerprint
X-Vtex-Processado-Em
X-Trv-Group
X-Twitter-Response-Tags
X-Transaction
X-VG-WebCache
X-SRCache-Key
X-VG-WebServer
X-Request-UUID
X-Rewrite-Enabled
X-D
X-Region-Sid
X-Connection-Hash
X-CF-Lambda-Version
X-B-Cookie
X-CF-Lambda-Fn
X-Destination
X-Date
X-G
Xc-Version
X-External-Request-Id
X-GeoIP-Country-Code
X-DPWN-IS-SECURE
Access-Control-Request-Headers
X-Device-Type
User-Cache-Control
X-VG-TLSProxy
IsBot
X-WebServer
X-SIPLIST1
Environment
X-Rocket-Build-Number
Gh-Request-Id
X-Logging-Id
X-Cache-Debug
X-Bip
X-Auto-Login
X-Sigma
X-Via-Fastly
X-Tumblr-Pixel-3
X-TrackingId
X-Thanos
X-Sigma-Backend
X-VC-Cache
X-CUA
X-Cache-Backend
Geo-Info
X-C
X-Uri
X-GeoIP-City
X-Fastly-Cache
X-Hash
X-Eu-Site
X-Generation-Time
X-Generated-In
X-Gamma-Serve
X-Hit
X-Gen-Mode
X-FW-Version
X-IN-APIGATEWAY
X-LI-UUID
X-LI-Proto
X-Location
X-Ms-Request-Id
X-Ms-Version
X-Li-Pop
X-Li-Fabric
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Irp-Debug
X-Key
X-Hnp-Log
X-Distil-CS
X-Cache-Bucket
X-Cache-ASPX
X-Cache-Info
X-Cdn-Srv
X-CGP
X-Block-Status
X-BBXSRF
X-Agile-Age
X-Agile-Id
X-AK-Request-ID
X-Backend-State
X-Clara-WADP
X-Clientip
X-Debug-Log
X-Dispatcher-Server
X-NodeID
X-Distributor
X-Debug-Cookies
X-Debug-Cache-Store
X-Cms-Context
X-Contensis-Viewer-Groups
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Epic-Correlation-Id
X-Origin-Expires
Server-Int
RNT-Time
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
RNT-Machine
Locid
X-Webstats-RespID
Fastly-Backend-Name
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
X-Cache-URL
X-Core-Mission
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-App-Name
Apple-News-Services-Handled
X-Wikidot-Static-Cache
X-Developers
X-Nginx-Cache-Key
X-Req
X-Wikidot-Backend
X-We-Are-Hiring
X-WADP-Cache
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Render-Time
X-Request-URI
X-Sucuri-Cache
X-Proxy-Upstream
X-Owner
X-Origin-Date
X-Agile
X-OVcl
X-OVcl-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Urbn-Site-Id
X-User
X-Varnish-Authentication
X-VServer
X-Urbn-Context-Path
X-TT-LOGID
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-NGENIX-Cache
X-NX-Host
X-GoCache-CacheStatus
Cdnsip
True-Client-Country-4JS
Server-Surrogate-Control
Server-ID
Locale
V-Age
IBM-Web2-Location
Kp-EeAlive
X-Varnish-Beresp-Grace
Mail-Subject
Server-Cache-Control
Request-EU
Request-Country
Cache-Host
CDCHOST
Memcached
Section-Io-Cache
Cdncip
AKAMAI
W
ServerName
X-Varnish-Beresp-Status
Heartbleed
Ha-Gx-Prefs
HA-Ipaddr
X-Varnish-Beresp-Ttl
Web-Mar-Node
Countrycode
We-Hiring
Country-Code
X-B3-Parentspanid
X-Thinkindot-L3
X-Reboot
X-Platform-Server
Server-Host
X-Is-Gdpr
X-S-Maxage
Platform
X-Has-Esi
X-Generated-On
PFcat
X-JWT-State
X-ServiceProvider
X-Service
X-Level-Front-Cache
Thinkindot-CacheControl
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-Cache-Tags
X-Internal-Host
Is-Eu
X-Micro-Cache
X-Variation
X-Trafficlayer-App-Version
X-Up
Thinkindot-Control
X-Core-Value
Thinkindot-CacheControl-Type
Adler-Geo
X-Azure-Ref
X-Matched-Rule
X-TA-CDN-Provider
HitType
X-Refresh
X-Lb-Id
X-Response-By
Cache-Hits
X-Daa-Tunnel
Fastly-SWR
Fastly-SIE
X-SERVER
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Server-W
X-Nc
X-Fetched-On
X-Server-IP
X-Nginx-Cache
X-Servername
RequestId
X-B3-SpanId
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-Cdn-Forward
X-NC
X-CF-Powered-By
X-Tec-Api-Origin
X-Tec-Api-Root
ProcessTime
Memory
X-Tec-Api-Version
X-Cdn-Request-ID
Media-Length
X-CSRF-TOKEN
X-Pjax-Url
X-CSRF-Token
X-BACKEND-TTL
Origin
X-Air-Hostname
Filterid
Geoip-Latitude
X-Wa
Pragrma
X-Cache-Expired-At
Group
User-Agent
SRV
TTL
X-Pf-Uncompressing
X-Correlation-ID
X-TIME
X-Ua
X-Unique-ID
X-Sucuri-Id
X-Vcl-Version
GeoIp-Country-Code
X-Reqid
X-Var-Ttl
X-AIR-PT
Esi-Enabled
X-NGINX-Cache
S-Cnection
Powered-By-ChinaCache
X-COUNTRY
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Policy
X-Rocket-Nginx-Bypass
X-Planisys-CDN-TTL
X-Sucuri-ID
PICS-Label
X-Request-Start
HostName
X-Servedbyhost
SN
X-Webkit-CSP
Rt-Proxy-Cache
X-Varnish-Cacheable
X-Azure-Ref-OriginShield
X-Litespeed-Cache
X-Via-Ucdn
Geoip-City
M-TraceId
X-HS-Status
XServer
X-Fastly-Country-Code
Dnion-Transfer-Encoding
Magicmarker
X-Method
X-Via-CDN
Load-Balancing
X-FORWARDED-FOR
X-NWS-UUID-VERIFY
X-Developer
Tcn
Ohc-Response-Time
X-LAGOON
Resin-Trace
X-Device-Os
X-Node-Id
X-Cache-Grace
Who
X-Sn-Servicetimems
X-Cdn-Origin
X-Ocache
X-Cache-Ttl
DSUID
X-ServedByHost
X-Ftr-Cache-Host
Release
X-VHOST
On-Server
CF-Cached-On
X-Be
NtCoent-Length
X-VCT
Cdn
X-MServer
X-Svr
X-Bc
X-Zone
X-APP
X-Request-Host
Vix-Hermes-Req-Id
A
Pics-Label
X-Hp-Ccpa-Warning
X-MSEdge-Features
X-Ratelimit-Remaining
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-VCL-Version
X-Oss-Object-Type
X-MSEdge-Flight
Cteonnt-Length
Cloudfront-Viewer-Country
X-Oss-Storage-Class
GeoIP-Country-Code
MIME-Version
X-Oracle-Dms-Rid
X-Beluga-Status
GeoIP-Latitude
X-VarnishDD-TTL
X-Fastly-Backend-Reqs
X-Configured-By
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Record
Ttl
X-Varnish-Url
X-DC
X-LiteSpeed-Cache-Control
X-Cache-Status-Check
X-PF-Uncompressing
GeoIP-City
X-SD-PageType
X-Varnish-Ttl
X-Newrelic-App-Data
Hostname
X-Varnish-URL
SD-X-WS
X-WR-MODIFICATION
X-SRV
X-PJAX-URL
X-Ftr-Request-Id
X-Compress-Hint
Host-ID
X-Upstream-Ht
X-SN
X-Upstream-Ct
X-Tid
X-Cache-Id
X-HostName
X-BE
Processtime
X-Release
X-Dynatrace
L
X-Ratelimit-Limit
X-Aicache-OS
X-Via-NSCOPI
X-Dynatrace-Js-Agent
CACHE
WebServer
X-Scheme
Cache-Provider
X-Slack-Backend
X-Swift-Error
LB
X-ID
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
UCS
X-Fastly-Cache-Hits
X-Ftr-Backend-Server
X-Ftr-Backend
X-StackifyID
X-Ftr-Balancer
Servername
X-DW
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
Lfy
X-Action
X-DB
X-Ftr-Dc
Pagetype
X-LB-ID
X-Branch-Name
CDN
X-ServerName
Requestid
X-Ftr-Realm
CF-IPCountry
Dynatrace
X-Snapshot-Date
X-CACHE-AGE
X-Apw-Access-Token
D-Cc-Upstream
X-Apw-Hits
X-Cc-Req-Id
X-Cc-Via
Arc-Country
X-PAYTM-SRV-ID
X-Processor
X-Server-Time
X-Skip-Cache
X-FPC
X-Dispatch
X-Node-ID
Pramga
X-Cache-FS-Status
X-Edge-IP
Warning
X-Varnish-Beresp-TTL
X-Apw-Access-Action
V-Cache
X-Apw-Access-Object
X-ZONE
X-VC
Proxy-Firewall
X-SB
NnCoection
WP-Super-Cache
X-ElasticPress-Search
X-Request-Url
Fastly-Drupal-HTML
X-ABtesting
X-ND-Cache
X-Hello
X-Flog
X-DevSite-Last-Modified
X-Request-URL
X-Fastly-Cache-Status
X-BC
Lb
Correlation-Id
X-Litespeed-Cache-Control
X-Worker
X-Check-Cacheable
X-Powered-Y
WZWS-RAY
X-App
Backend-Name