Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
X-UA-Device
X-Ws-Request-Id
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
Accept-Ch
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-TTL
X-FTR-Request-ID
Verso
X-ESI
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-Forwarded-Proto
X-Version
X-B3-TraceId
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
Edge-Cache-Tag
RTSS
AR-ATIME
X-Px
AR-Request-ID
Ar-Sid
AR-CACHE
AR-PoweredBy
X-D2id
X-Debug
X-Abt-Application-Version
X-NF-Request-ID
Charset
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-Powered-CMS
X-MSEdge-Ref
X-Server-Name
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Middleton-Response
X-Vcap-Request-Id
Response
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-SharePointHealthScore
TCN
X-VARITI-CCR
X-Cdn
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
X-Fastcgi-Cache
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Upstream
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
X-Id
SPRequestDuration
SPIisLatency
X-Hp-Webp
Nginx-Cache
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Content-Type
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Amzn-Trace-Id
X-Recruiting
X-Grace
X-Forwarded-For
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
ServerID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
Nel
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-Frontend
Powered
X-GUploader-UploadID
X-Edge-O15-RID
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
Server-Name
Alternate-Protocol
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-Cache-TTL
X-Logged-In
TP-L2-Cache
TP-Cache
Server-Node
X-Correlation-Id
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
X-Jurisdiction
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Server-ID
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-Origin-Server
X-Page-Id
X-User-Agent
X-Content-Security-Policy-Report-Only
Refresh
X-Content-Options
X-F-Cache
X-Rid
X-Revision
X-Cache-Hit
X-Akamai-Edgescape
X-Varnish-Grace
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Type
X-XRDS-LOCATION
Fastly-Restarts
X-B3-Sampled
X-Content-Powered-By
X-Zen-Fury
X-Analytics
X-Pad
X-URL
X-Geo-Country
X-LB-Cache
X-AppVersion
X-Activity-Id
X-Az
X-B
X-N
X-RateLimit-Remaining
X-Kinsta-Cache
X-FTR-Cache-Host
X-Ruxit-Js-Agent
PB-RID
PB-PID
X-CST
X-Cache-Age
X-TT
Arc-Version
X-Mobile-Rewrite
X-WebKit-CSP-Report-Only
X-Request-Guid
Cache-Status
X-Jobs
X-AOL-HN
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-User
X-Signature
X-Framework
X-App-Environment
X-Tumblr-Pixel-0
X-B-Cache
X-Instance
DC
X-Tumblr-Pixel
X-Debug-Info
Access-Control-Allow-Method
X-FB-Debug
X-PHP-Backend
X-Load-Cache
X-Cache-Action
X-Time
X-Varnish-Backend
Surrogate-Key
X-Git-Hash
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Ttl
X-FastCGI-Cache
Host-Header
X-Tt-Trace-Tag
X-Cached-By
X-Contextid
X-IPLB-Instance
X-Amz-Replication-Status
MS-CV
X-SS-Set-Cookie
FilterID
X-Tt-Trace-Host
X-Cluster
Tracecode
X-ATG-Version
X-Cache-Key
Frame-Options
NGB
X-Accel-Buffering
X-Response-Served-From
X-Srv
X-FW-Server
X-RequestSource
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Cache-NE
X-WA-Info
WPE-Backend
Payment
X-Varnish-Server
X-Cache-2
Eomportal-Instance
Host
X-Region
Xserver
X-Varnish-Hostname
X-TX-ID
X-Rendered-As
X-Cache-Enabled
X-IPS-LoggedIn
X-Is-Bot
X-GeoIP
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cacheable-TTL
Source
X-Adobe-Content
X-Adobe-Loc
Filters
X-Mobile
Cache-Tv-Group
X-Host-Name
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-NewRelic-App-Data
Cleartype
X-Seen-By
X-Cache-Operation
X-EdgeConnect-Cache-Status
X-Cache-Rule
X-Cache-TTL-Remaining
X-Origin-Response-Time
X-Via-JSL
X-Hostname
Cache
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-VCache
X-B3-Traceid
Accept-CH
X-Cache-Control
X-PressLabs-Stats
X-HTML-Minification-Powered-By
Healthy
Datacenter
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Server-Info
Retry-After
X-ProcessESI
X-RemovedCookies
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-Presslabs-Stats
Liferay-Portal
X-Dc
X-Source
X-Rule
X-NWS-LOG-UUID
X-Cache-Server
X-Environment-Context
X-L-Path
X-UA
X-FireWall-Port
X-CACHE-KEY
From-Origin
Version
X-Status
X-Endurance-Cache-Level
X-Esi
Accept-CH-Lifetime
X-Wix-Request-Id
X-Upgrade-Enabled
X-Cache-Var-Map
Meta-Geo
X-Handled-By
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-Cache-Var
X-Proxy-Build
X-RCS-CacheZone
OT-Force-Account-Verify
Selected-Fe
Mn-Server-Ip
X-Content-Age
X-Timing-Wait
Webcakes-Region
Azure-SiteName
Webcakes-App-Name
X-Origin-Hint
X-Akamai-Request-ID
Webcakes-App-Version
X-Alternate-Cache-Key
X-Storage
Azure-Version
Azure-SlotName
X-AWS-Id
X-LJ-Flow-ID
TWC-Privacy
TWC-GeoIP-LatLong
Property-Id
X-Qloud-Router
X-Proto
Akamai-GRN
X-Tb
X-Format
TWC-Connection-Speed
Azure-RegionName
TWC-GeoIP-Country
TWC-Device-Class
Azure-InstanceId
TWC-Locale-Group
X-Backend-Name
X-Access
X-Shopify-Generated-Cart-Token
X-ShopId
X-Request-Time
X-ShardId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-VWS-Id
X-Section
Cache-Tags
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-Sorting-Hat-ShopId
X-FW-Dynamic
Origin-Cache-Control
Now
X-Proxy
Origin-Edge-Control
X-Vgn-Hpd-Reason
X-Cluster-Node
X-Debug-Cache
X-Soup
X-Time-Microsecs
DB-Nickname
Decoy-Debug-Status
Decoy-Debug-TTL
NGX
X-UUID
Ec-Rule-Version
Node
X-Viewer-Country
X-Hosted-By
X-Hyper-Cache
X-SaId
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Origin
X-FC-Vary-Parameters
X-OCL
X-Human
X-JoinUs
X-Cache-Host
X-ServerID
X-Hl-Ver
X-Web-Node
X-ProxyCache-Status
X-Cache-Config
S-Rt
X-ProxyCache-Key
X-Generated-By
X-Proxy-Cache-Status
X-Redis-Cache
X-Xfnlog-Site
X-PCL
X-Pubstack
Decoy-Debug-Key
X-App-Server
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-CCM
X-Generated
X-Www-Served-By
X-Detected-As
Cross-Origin-Window-Policy
X-MP-GENERATED-AT
X-Locale
X-NYM-Debug-Backend
X-Varnish-Hits
X-Site-Version
X-BCube-Filmed-By
X-Say-TTL
X-SayCDN-TTL
X-Say-Cacheable
X-IP
X-FB-TRIP-ID
X-Amzn-Remapped-Content-Length
L5d-Success-Class
X-Loop
X-R9-Blue-Green-Version
X-TNCMS
X-APP-VERSION
Cache-Name
X-CS
Viewport
Srv
X-Akamai-Transformed
Webserver
Uber-Trace-Id
Accept-Charset
Time
X-NCache
X-Unique-Id
X-Drupal-Cache-Tags
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
GEO-INFO
X-UA-Device-Type
X-From
X-Cache-Remote
X-TT-TIMESTAMP
X-Backend-TTL
X-CDN-Forward
X-Cluster-Name
Cache-Key
X-Drupal-Cache-Contexts
X-Edge-Location
X-Origin-CC
Accept-Language
X-Origin-TTL
X-Mode
Country
Odigeo-Trace-Id
X-EC-Lua
Mime-Version
X-Newrelic-Synthetics
X-Microcachable
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-B3-Spanid
X-Forwarded-Host
X-Info
Ohc-Cache-HIT
Ohc-File-Size
X-Geo
X-No-Session
X-UnsetCookies
X-Whom
X-PERF
X-ApacheServer
X-Magnolia-Registration
Proxy-Connection
X-Proxied
X-UPSTREAM-Address
ServedBy
Content-Disposition
X-Routing-Service
X-Zipkin-Id
X-Varnish-Cache-Hits
X-Labrador-Cache-Channel
X-App-Version
Geo-Info
X-PHP-Host
Fastly-SSL
X-Real-IP
Content-Style-Type
AsisCache
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
T-Server
MD5-Digest
BehaviorPad-Version
Machine
IsBot
Fastcgi-X-Cache-Version
Content-Script-Type
X-Device-Type
GEO-REGION-INFO
X-CF-Lambda-Version
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-SIPLIST1
X-S
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-SRCache-Key
X-Transaction
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-GeoIP-Country-Code
X-Geo-Header
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-A-Dam
VivaBuild
X-A
X-A-Ccd
X-Application
X-ARC
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Destination
X-Date
X-B-Cookie
X-Connection-Hash
X-D
Viewtype
X-CF-Lambda-Fn
X-Cache-Time
Cf-Ipcountry
X-C
X-NGENIX-Cache
X-Via-Fastly
User-Cache-Control
Server-Surrogate-Control
Server-Int
X-VC-Cache
X-Contensis-Viewer-Groups
X-Thanos
X-TrackingId
X-CUA
X-Varnish-Authentication
X-Developers
X-Uri
X-Core-Mission
X-Req
Gh-Request-Id
FNAC-ModuleRouting
X-Nginx-Cache-Key
Locid
Powered-By
Fastly-Soc-X-Request-Id
RNT-Machine
Server-Cache-Control
X-WebServer
Environment
RNT-Time
Fastly-Backend-Name
X-Logging-Id
X-Tumblr-Pixel-3
Wxu-Next-Region
X-Cache-Debug
Wxu-Next-Hostname
Wxu-Next-Commit
W
X-Cache-ASPX
X-Bip
X-Auto-Login
X-VG-TLSProxy
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-Cache-URL
X-App-Name
Apple-News-Services-Parsed-Url
Access-Control-Request-Headers
X-Wikidot-Static-Cache
X-Wikidot-Backend
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cache-Backend
X-GeoIP-City
X-Generated-In
X-Azure-Ref
X-Generation-Time
X-GoCache-CacheStatus
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Hnp-Log
X-Cms-Context
X-Gen-Mode
X-Hash
X-Clara-WADP
X-Block-Status
X-Debug-Cache-Fetch
X-Dispatcher-Server
X-Internal-Host
X-Cache-Info
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Clientip
X-Distributor
X-Cdn-Srv
X-Gamma-Serve
X-Cache-Bucket
X-FW-Version
X-Fastly-Cache
X-Debug-Cache-Expiry
X-BBXSRF
X-Origin-Expires
X-We-Are-Hiring
X-WADP-Cache
X-Webstats-RespID
CDCHOST
Ha-Gx-Prefs
X-VServer
X-User
X-Trace-Id
X-TT-LOGID
X-Urbn-Context-Path
X-Urbn-Site-Id
HA-Ipaddr
X-Agile
X-Eu-Site
X-Hit
X-Render-Time
X-Sucuri-Cache
X-Epic-Correlation-Id
X-Distil-CS
X-Agile-Age
X-Agile-Id
X-Backend-State
X-CGP
X-TH-Server
X-Swa-Ws
X-Ms-Request-Id
X-Micro-Cache
X-Ms-Version
X-NodeID
X-NX-Host
X-Location
X-LI-UUID
X-Key
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-Origin-Date
X-AK-Request-ID
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-OVcl
X-OVcl-Cache
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Irp-Debug
X-Owner
Country-Code
Countrycode
Request-EU
Cdnsip
Cdncip
Cache-Host
We-Hiring
V-Age
Fastly-SIE
Locale
True-Client-Country-4JS
IBM-Web2-Location
Heartbleed
Fastly-SWR
Mail-Subject
Kp-EeAlive
Web-Mar-Node
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Request-Country
X-Varnish-Beresp-Grace
Section-Io-Cache
Server-ID
AKAMAI
Memcached
HitType
X-B3-Parentspanid
X-Generated-On
Platform
X-JWT-State
PFcat
X-Has-Esi
X-Is-Gdpr
X-Level-Front-Cache
X-Platform-Server
X-Trafficlayer-App-Version
Adler-Geo
X-Up
X-Variation
X-Server-W
ServerName
X-Thinkindot-L3
X-ServiceProvider
X-NU-AKA-ACS-Version
Is-Eu
X-Old-Content-Length
X-Reboot
X-Service
X-Matched-Rule
X-S-Maxage
Thinkindot-CacheControl-Type
Server-Host
Thinkindot-CacheControl
X-Core-Value
Thinkindot-Control
X-Cache-Tags
X-Nginx-Cache
X-TA-CDN-Provider
X-Daa-Tunnel
X-Fetched-On
X-Refresh
Cache-Hits
X-SERVER
X-Response-By
X-Nc
X-Servername
X-Lb-Id
RequestId
X-B3-SpanId
X-NC
X-CSRF-TOKEN
X-Tb-Optimization-Total-Bytes-Saved
X-Server-IP
X-CF-Powered-By
Filterid
X-Parent-Response-Time
X-Tec-Api-Origin
X-Tec-Api-Version
Memory
ProcessTime
X-Tec-Api-Root
X-Ua
X-Wa
X-Cdn-Request-ID
X-Air-Hostname
Origin
Media-Length
X-Cdn-Forward
Group
X-Cache-Expired-At
User-Agent
X-Var-Ttl
Pragrma
X-Pjax-Url
X-CSRF-Token
X-Pf-Uncompressing
SRV
X-Unique-ID
X-Correlation-ID
X-BACKEND-TTL
X-Sucuri-Id
Powered-By-ChinaCache
S-Cnection
TTL
Geoip-Latitude
X-FORWARDED-FOR
X-Reqid
X-COUNTRY
Esi-Enabled
X-Vcl-Version
X-AIR-PT
X-NGINX-Cache
GeoIp-Country-Code
X-Sucuri-ID
X-Rocket-Nginx-Bypass
X-TIME
X-Servedbyhost
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Varnish-Cacheable
PICS-Label
X-Policy
X-Planisys-CDN-Cache
X-Webkit-CSP
X-Azure-Ref-OriginShield
X-Litespeed-Cache
SN
X-Request-Start
HostName
X-Via-Ucdn
Rt-Proxy-Cache
Dnion-Transfer-Encoding
Geoip-City
X-Via-CDN
XServer
X-Fastly-Country-Code
X-HS-Status
M-TraceId
X-Developer
X-NWS-UUID-VERIFY
X-Sn-Servicetimems
X-Cache-Grace
X-Node-Id
X-Cdn-Origin
X-Ocache
X-LAGOON
Magicmarker
X-Method
Tcn
X-Device-Os
Who
X-Cache-Ttl
On-Server
Resin-Trace
Load-Balancing
X-Ftr-Cache-Host
X-VHOST
CF-Cached-On
X-MSEdge-Flight
X-Request-Host
X-ServedByHost
A
Cdn
X-MSEdge-Features
DSUID
Ohc-Response-Time
X-VCL-Version
X-Be
GeoIP-Country-Code
MIME-Version
X-Svr
Release
Pics-Label
NtCoent-Length
X-MServer
X-DC
X-VCT
Ttl
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Record
X-APP
X-Beluga-Cache-Status
GeoIP-Latitude
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
Cloudfront-Viewer-Country
X-Bc
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Zone
X-Cache-Status-Check
X-Beluga-Node
Vix-Hermes-Req-Id
X-Hp-Ccpa-Warning
X-Oracle-Dms-Rid
Hostname
GeoIP-City
X-Varnish-URL
X-VarnishDD-TTL
X-Varnish-Url
Cteonnt-Length
X-Fastly-Backend-Reqs
X-LiteSpeed-Cache-Control
X-PJAX-URL
X-Configured-By
Host-ID
X-Newrelic-App-Data
X-PF-Uncompressing
X-SERVER-NAME
X-Ftr-Request-Id
X-SD-PageType
X-SRV
SD-X-WS
X-Upstream-Ht
X-Upstream-Ct
X-HostName
X-Ratelimit-Remaining
X-WR-MODIFICATION
X-BE
X-Aicache-OS
X-Slack-Backend
X-Compress-Hint
X-Dynatrace
X-SN
X-Cache-Id
X-Tid
Processtime
Servername
X-Dynatrace-Js-Agent
X-RPS
Cache-Provider
X-DW
X-RPM
X-DI
X-DSS
X-LB-ID
X-RSL
X-DB
X-Action
WebServer
L
X-Swift-Error
X-Via-NSCOPI
CACHE
X-Release
X-ID
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
Pramga
X-Ftr-Backend-Server
Arc-Country
X-Skip-Cache
X-ServerName
CF-IPCountry
X-Cache-FS-Status
X-Dispatch
X-Scheme
X-PAYTM-SRV-ID
X-Ftr-Backend
X-FPC
X-Processor
X-Branch-Name
CDN
Lfy
X-Ftr-Dc
X-Snapshot-Date
X-Ftr-Realm
Dynatrace
X-Fastly-Cache-Hits
Pagetype
X-Server-Time
X-Ratelimit-Limit
X-StackifyID
LB
X-Ftr-Balancer
Requestid
X-CACHE-AGE
X-SB
X-Cc-Req-Id
UCS
X-Cc-Via
D-Cc-Upstream
Warning
X-VC
Cache-Cookie-Set-Idcheck
Proxy-Firewall
X-Hello
X-Request-Url
X-ZONE
X-ND-Cache
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
Fastly-Drupal-HTML
X-Edge-IP
X-Flog
X-Node-ID
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
V-Cache
X-Varnish-Beresp-TTL
X-DevSite-Last-Modified
X-ABtesting
NnCoection
CloudFront-Viewer-Country
N-Cache
X-Litespeed-Cache-Control
X-Worker
Lb
Backend-Name
Correlation-Id
X-App
WP-Super-Cache
X-ElasticPress-Search
X-Check-Cacheable
X-Request-URL
X-Powered-Y
X-BC
X-Fastly-Cache-Status