Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Request-ID
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Id-2
X-Server-Powered-By
X-Amz-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Rq
X-Server-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
Content-Location
X-Response-Time
X-OneAgent-JS-Injection
X-Origin-Cache
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
NEL
X-DataDome
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
X-Clacks-Overhead
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
Accept-Ch
X-ESI
X-FTR-Request-ID
Verso
X-TTL
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-Forwarded-Proto
Accept-Ch-Lifetime
X-B3-TraceId
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
Edge-Cache-Tag
X-Px
RTSS
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
Ar-Sid
X-Abt-Application-Version
X-Debug
Charset
X-NF-Request-ID
SPRequestGuid
X-D2id
X-Server-Name
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Vcache
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-Sol
Display
Pagespeed
X-Middleton-Display
X-Middleton-Response
Response
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Fetch-Status
X-Trace
X-SRCache-Store-Status
X-SharePointHealthScore
X-Navigation-Version
X-Fastcgi-Cache
TCN
Realpath
X-Cdn
X-VARITI-CCR
Public-Key-Pins
Cache-Tag
X-Client-IP
S
Access-Control-Request-Method
X-Upstream
X-Fastly-Request-ID
X-Ser
MS-Author-Via
X-DynaTrace-JS-Agent
SPRequestDuration
SPIisLatency
X-Shard
X-Id
X-Hp-Webp
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
X-Forwarded-For
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
DynaTrace
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-Content-Type
X-T
X-Recruiting
X-Amzn-Trace-Id
X-Grace
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Server-ID
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Node-Name
X-Element-Page-Cache
X-HS-Combine-CSS
X-HS-Content-Id
Powered
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
Server-Name
X-Content-Digest
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Edge-O15-RID
Alternate-Protocol
X-Logged-In
X-FTR-Backend
TP-Cache
X-FTR-DC
X-FTR-Realm
TP-L2-Cache
X-FTR-Balancer
X-FTR-Backend-Server
X-Correlation-Id
Server-Node
X-Webkit-Csp
X-Cache-TTL
X-Webapp-Samesite-None-Activated-N
AMP-Access-Control-Allow-Source-Origin
X-Shield-Request-Id
X-Request-Received
X-XRDS-Location
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
Nel
Upgrade-Insecure-Requests
X-Jurisdiction
X-Page-Id
X-Origin-Server
X-Revision
X-Rid
Refresh
X-Content-Options
X-User-Agent
X-Content-Security-Policy-Report-Only
Backend-Timing
X-Varnish-Grace
X-ATS-Timestamp
X-F-Cache
X-Akamai-Edgescape
X-Cache-Hit
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Type
X-XRDS-LOCATION
Fastly-Restarts
X-Pad
X-Geo-Country
X-URL
X-Analytics
X-Content-Powered-By
X-LB-Cache
X-Zen-Fury
X-N
X-B3-Sampled
X-Az
X-Activity-Id
X-AppVersion
X-B
X-RateLimit-Remaining
X-Ttl
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-Cache-Age
X-FTR-Cache-Host
X-TT
X-App-Environment
X-Jobs
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Tumblr-User
Actual-Object-TTL
X-Tumblr-Pixel
X-Request-Guid
PB-RID
X-Instance
X-Framework
PB-PID
X-Tumblr-Pixel-0
X-Signature
X-Debug-Info
X-B-Cache
Access-Control-Allow-Method
Paypal-Debug-Id
DC
X-CST
Cache-Status
Arc-Version
X-Mobile-Rewrite
X-FB-Debug
X-PHP-Backend
X-Erf-Bev-Bev
X-Cache-Action
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
Surrogate-Key
X-Git-Hash
Fastcgi-Useragent
X-Varnish-Backend
FilterID
Host-Header
X-Time
X-Tt-Trace-Tag
X-Cached-By
X-IPLB-Instance
X-Contextid
MS-CV
X-SS-Set-Cookie
X-Amz-Replication-Status
X-Cluster
X-Tt-Trace-Host
Tracecode
X-FastCGI-Cache
X-Srv
X-ATG-Version
Frame-Options
X-Accel-Buffering
NGB
X-Response-Served-From
WPE-Backend
Payment
X-Varnish-Server
Source
Xserver
Eomportal-Instance
X-WA-Info
X-RequestSource
X-Adobe-Loc
X-IPS-LoggedIn
Host
X-FW-Serve
X-FW-Hash
X-Adobe-Content
X-Cache-NE
X-FW-Server
X-Cacheable-TTL
X-Varnish-Hostname
X-FW-Type
X-FW-Static
X-Cache-Enabled
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Region
X-Cache-Key
X-Cache-2
X-Oneagent-Js-Injection
X-Rendered-As
X-Is-Bot
X-TX-ID
X-GeoIP
Filters
X-Mobile
X-Host-Name
Cache-Tv-Group
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
Accept-CH
X-Seen-By
X-Cache-Operation
X-Cache-Rule
Cache
X-Via-JSL
X-Origin-Response-Time
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-NewRelic-App-Data
X-Hostname
X-EdgeConnect-Cache-Status
X-Cache-Control
X-VCache
X-Cache-TTL-Remaining
Healthy
X-PressLabs-Stats
Datacenter
X-HTML-Minification-Powered-By
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-B3-Traceid
Retry-After
Server-Info
X-CACHE-KEY
X-RTag
X-RateLimit-Limit
Ms-Operation-Id
X-Rule
Accept-CH-Lifetime
X-Dc
X-Presslabs-Stats
X-ProcessESI
X-RemovedCookies
From-Origin
X-Status
Version
Liferay-Portal
X-UA
X-Wix-Request-Id
X-Environment-Context
X-FireWall-Port
X-Cache-Server
X-L-Path
X-Source
X-NWS-LOG-UUID
X-Upgrade-Enabled
X-Path-Route
X-RN-RSRV
X-Endurance-Cache-Level
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-Timing-Wait
OT-Force-Account-Verify
Selected-Fe
X-Handled-By
X-Proxy-Build
X-Sorting-Hat-PodId
X-Tb
X-Storage
X-Content-Age
X-Alternate-Cache-Key
X-Backend-Name
X-Proto
X-Sorting-Hat-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Generated-Cart-Token
X-ShardId
X-Shopify-Stage
X-ShopId
X-EIG-Tracking-Id
X-Hyper-Cache
DB-Nickname
Ec-Rule-Version
Origin-Cache-Control
Node
X-ProxyCache-Key
Origin-Edge-Control
S-Rt
X-Generated-By
X-BYPASS-REASON
X-Human
X-FC-Vary-Parameters
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-JoinUs
X-Cache-Host
X-OCL
X-PCL
X-Hosted-By
X-Cache-Config
X-Origin
X-Debug-Cache
TWC-Connection-Speed
Akamai-GRN
Webcakes-Region
X-Akamai-Request-ID
X-VWS-Id
Azure-InstanceId
X-ProxyCache-Status
Azure-SiteName
Webcakes-App-Name
Webcakes-App-Version
X-Qloud-Router
X-Soup
X-FW-Dynamic
X-Web-Node
X-LJ-Flow-ID
X-Origin-Hint
X-Viewer-Country
X-Time-Microsecs
X-AWS-Id
X-Vgn-Hpd-Reason
Azure-SlotName
Azure-RegionName
X-UUID
TWC-Locale-Group
TWC-Device-Class
Now
TWC-Privacy
Azure-Version
Property-Id
X-Request-Time
X-SaId
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Pubstack
X-Redis-Cache
X-Varnish-Hits
X-BCube-Filmed-By
X-Proxy-Cache-Status
X-Cluster-Node
X-Www-Served-By
X-Proxy
X-Section
X-Akamai-Request-ID2
Mn-Server-Ip
X-Locale
Cache-Tags
X-Access
X-Say-Cacheable
X-Format
X-RCS-CacheZone
X-Hl-Ver
X-NYM-Debug-Backend
X-Generated
X-IP
X-CCM
X-Xfnlog-Site
X-ServerID
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
L5d-Success-Class
NGX
Webserver
X-FB-TRIP-ID
X-Detected-As
Cross-Origin-Window-Policy
X-TNCMS
Cache-Name
X-Loop
X-App-Server
X-Amzn-Remapped-Content-Length
Srv
Uber-Trace-Id
X-MP-GENERATED-AT
X-R9-Blue-Green-Version
X-CS
Viewport
Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Esi
X-Akamai-Transformed
Accept-Charset
X-APP-VERSION
X-Drupal-Cache-Tags
X-NCache
X-Cache-Remote
X-Unique-Id
X-From
GEO-INFO
X-UA-Device-Type
X-Cluster-Name
X-TT-TIMESTAMP
X-Edge-Location
X-Drupal-Cache-Contexts
X-Origin-CC
Cache-Key
Mime-Version
X-Origin-TTL
X-EC-Lua
X-Backend-TTL
Accept-Language
X-CDN-Forward
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-Mode
X-CLOUD-TRACE-CONTEXT
Country
Ohc-Cache-HIT
Ohc-File-Size
X-Microcachable
X-App-Version
Rt-Fastcgi-Cache
X-Info
X-Geo
X-Forwarded-Host
Proxy-Connection
X-B3-Spanid
X-No-Session
X-UPSTREAM-Address
X-Labrador-Cache-Channel
X-Magnolia-Registration
X-PHP-Host
X-UnsetCookies
X-Varnish-Cache-Hits
X-Whom
X-Real-IP
ServedBy
Geo-Info
X-Cache-Time
Fastly-SSL
Content-Disposition
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-PERF
X-ApacheServer
Cf-Ipcountry
X-Transaction
X-Trv-Group
X-A-Dcw
X-Destination
Content-Script-Type
X-External-Request-Id
Content-Style-Type
X-Request-UUID
X-S-Cookie
X-A
X-GeoIP-Country-Code
T-Server
X-Twitter-Response-Tags
Viewtype
VivaBuild
X-A-Ccd
X-SRCache-Key
BehaviorPad-Version
AsisCache
X-Session-Fingerprint
X-Application
X-ARC
X-Region-Sid
X-G
X-B-Cookie
X-A-Dam
X-ScT
Fastcgi-X-Cache-Version
X-A-Dgt
X-Connection-Hash
X-Rewrite-Enabled
Powered-By
X-S
Rendered-Blocks
X-Accel-Expires-Debug
Machine
X-A-Wwc
Xc-Version
MD5-Digest
X-Date
Mobile-Detection-Method
X-D
X-Aed
X-Rojux
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-Vdms-Version
GEO-REGION-INFO
Meta-Geo-Continent
X-VG-WebCache
X-CF-Lambda-Version
X-VG-WebServer
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
Access-Control-Request-Headers
User-Cache-Control
X-Device-Type
X-Rocket-Build-Number
X-Geo-Header
IsBot
X-TrackingId
Gh-Request-Id
X-VG-TLSProxy
X-Varnish-Authentication
Server-Surrogate-Control
Server-Cache-Control
X-Logging-Id
X-CUA
X-SIPLIST1
X-WebServer
X-Contensis-Viewer-Groups
Environment
X-Cache-Debug
X-Auto-Login
X-Cache-Backend
X-Sigma-Backend
X-Sigma
W
X-Thanos
X-Tumblr-Pixel-3
X-Cache-ASPX
X-Bip
X-Uri
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-LI-UUID
Server-ID
X-Debug-Log
X-CGP
Section-Io-Cache
X-Cdn-Srv
X-Hit
X-Hnp-Log
X-Cache-Bucket
X-Cache-Info
X-Li-Pop
X-Location
X-LI-Proto
X-Ms-Request-Id
X-NodeID
X-GoCache-CacheStatus
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Hash
X-Ms-Version
X-Block-Status
Request-EU
Request-Country
X-Clientip
X-Clara-WADP
X-Li-Fabric
X-Agile-Age
X-Gen-Mode
X-Agile-Id
X-Generated-In
X-Irp-Debug
X-Agile
X-FW-Version
X-Epic-Correlation-Id
X-Fastly-Cache
X-Distributor
X-Distil-CS
X-Debug-Cache-Fetch
X-AK-Request-ID
Web-Mar-Node
V-Age
X-IN-APIGATEWAYSSL
X-Key
True-Client-Country-4JS
X-Eu-Site
X-BBXSRF
X-Dispatcher-Server
We-Hiring
X-Instart-Isnd
X-NX-Host
X-Backend-State
X-IN-APIGATEWAY
CDCHOST
RNT-Time
X-TH-Server
X-Swa-Ws
X-Trace-Id
RNT-Machine
Locid
X-TT-LOGID
Memcached
X-Sucuri-Cache
ServerName
X-Request-URI
Wxu-Next-Hostname
Server-Int
Apple-News-Services-Request-Url
X-App-Name
X-User
X-VC-Cache
X-Webstats-RespID
X-Wikidot-Backend
X-Req
Fastly-Backend-Name
X-NGENIX-Cache
FNAC-ModuleRouting
X-Wikidot-Static-Cache
X-Nginx-Cache-Key
X-VServer
Apple-News-Services-Parsed-Url
X-WADP-Cache
X-We-Are-Hiring
Apple-News-Services-Handled
Apple-News-Services-Host
X-Render-Time
Wxu-Next-Commit
Cdncip
X-Origin-Expires
IBM-Web2-Location
X-Cache-URL
X-Origin-Date
X-OVcl-Cache
Cdnsip
X-Proxy-Upstream
X-OVcl
X-RateLimit-Limit-Second
Countrycode
Country-Code
X-Owner
Kp-EeAlive
Wxu-Next-Region
Mail-Subject
HA-Ipaddr
X-Core-Mission
X-RateLimit-Remaining-Second
Cache-Host
Ha-Gx-Prefs
X-B3-Parentspanid
X-Via-Fastly
X-C
X-Cms-Context
Is-Eu
X-Generation-Time
Platform
Fastly-SWR
X-Old-Content-Length
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
Locale
X-Platform-Server
X-Azure-Ref
X-Internal-Host
X-Micro-Cache
X-S-Maxage
X-Rebelmouse-Cache-Control
Adler-Geo
X-Developers
X-Gamma-Serve
X-GeoIP-City
X-SVT-ORM-RULES
X-Urbn-Site-Id
X-Cache-Tags
X-Variation
X-Urbn-Context-Path
X-Up
X-SVT-ORM-VERSION
AKAMAI
Heartbleed
X-Nginx-Cache
X-TA-CDN-Provider
HitType
X-JWT-State
X-Refresh
X-Reboot
X-Lb-Id
X-Matched-Rule
X-Level-Front-Cache
X-Is-Gdpr
X-Response-By
X-ServiceProvider
X-Thinkindot-L3
X-Service
X-Server-W
X-Has-Esi
X-Trafficlayer-App-Version
Thinkindot-CacheControl-Type
Thinkindot-Control
PFcat
Server-Host
Thinkindot-CacheControl
X-Generated-On
X-SERVER
X-Daa-Tunnel
X-Core-Value
X-B3-SpanId
X-NC
X-Server-IP
Cache-Hits
X-Fetched-On
RequestId
X-Servername
X-CSRF-TOKEN
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Cdn-Forward
X-CF-Powered-By
X-Nc
X-Tec-Api-Version
Media-Length
X-Tec-Api-Origin
X-Tec-Api-Root
ProcessTime
Memory
X-Cdn-Request-ID
X-Pjax-Url
X-Ua
X-BACKEND-TTL
Origin
User-Agent
X-Air-Hostname
X-Wa
Filterid
X-Sucuri-Id
Pragrma
X-Var-Ttl
X-Cache-Expired-At
Group
X-CSRF-Token
X-Correlation-ID
X-TIME
X-Unique-ID
X-AIR-PT
TTL
X-Reqid
Geoip-Latitude
Esi-Enabled
X-Pf-Uncompressing
X-COUNTRY
Powered-By-ChinaCache
GeoIp-Country-Code
SRV
X-Policy
X-Vcl-Version
S-Cnection
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-NGINX-Cache
X-Request-Start
X-Rocket-Nginx-Bypass
X-Servedbyhost
X-Sucuri-ID
HostName
X-Azure-Ref-OriginShield
X-Webkit-CSP
X-Litespeed-Cache
PICS-Label
SN
Rt-Proxy-Cache
X-Varnish-Cacheable
X-HS-Status
X-Via-Ucdn
M-TraceId
XServer
X-Via-CDN
Geoip-City
X-Method
Magicmarker
X-Fastly-Country-Code
X-FORWARDED-FOR
Load-Balancing
Tcn
X-NWS-UUID-VERIFY
X-Developer
Dnion-Transfer-Encoding
X-Cache-Ttl
X-Device-Os
Resin-Trace
Who
DSUID
X-LAGOON
X-Node-Id
X-Ocache
Ohc-Response-Time
X-Ftr-Cache-Host
X-VHOST
Release
X-VCT
X-Be
X-Cache-Grace
X-Svr
Cdn
X-Cdn-Origin
X-Sn-Servicetimems
CF-Cached-On
NtCoent-Length
X-ServedByHost
X-MServer
On-Server
Pics-Label
Vix-Hermes-Req-Id
GeoIP-Country-Code
X-APP
A
X-Bc
X-Request-Host
X-Hp-Ccpa-Warning
X-MSEdge-Features
X-VCL-Version
X-MSEdge-Flight
X-Zone
X-Newrelic-App-Data
X-DC
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
Cteonnt-Length
Ttl
Cloudfront-Viewer-Country
X-Oss-Storage-Class
GeoIP-Latitude
X-Oracle-Dms-Rid
MIME-Version
GeoIP-City
X-VarnishDD-TTL
X-WR-MODIFICATION
X-Configured-By
X-Varnish-URL
X-Dynatrace-Js-Agent
X-Beluga-Trace
X-Fastly-Backend-Reqs
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Record
X-Beluga-Cache-Status
X-Beluga-Node
X-LiteSpeed-Cache-Control
SD-X-WS
X-PF-Uncompressing
Hostname
X-Varnish-Url
X-Varnish-Ttl
X-SD-PageType
X-Ratelimit-Remaining
X-PJAX-URL
X-Compress-Hint
X-Ftr-Request-Id
X-Tid
X-SN
X-Cache-Status-Check
X-Cache-Id
X-Upstream-Ct
X-Datadome
X-Upstream-Ht
X-SRV
X-HostName
Processtime
X-BE
L
Host-ID
X-Aicache-OS
X-Dynatrace
X-Via-NSCOPI
X-Release
X-Slack-Backend
LB
Cache-Provider
CACHE
X-Swift-Error
X-ID
X-Scheme
X-Fastly-Cache-Hits
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
X-Ratelimit-Limit
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Backend
X-Ftr-Backend-Server
Pagetype
X-Ftr-Dc
X-ServerName
X-DW
X-RPM
X-RPS
X-RSL
X-DSS
X-DI
Lfy
X-Action
X-DB
X-StackifyID
Dynatrace
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Branch-Name
UCS
CF-IPCountry
X-Snapshot-Date
Requestid
CDN
Servername
X-LB-ID
Cache-Cookie-Set-Idcheck
X-CACHE-AGE
D-Cc-Upstream
Proxy-Firewall
Warning
X-Cc-Via
X-Fastly-Cache-Status
X-PAYTM-SRV-ID
X-Processor
X-Server-Time
Arc-Country
X-Apw-Access-Token
X-SB
X-Apw-Access-Action
X-Apw-Access-Object
X-Cc-Req-Id
X-VC
X-Apw-Hits
V-Cache
X-Varnish-Beresp-TTL
WebServer
X-ZONE
X-Node-ID
X-Edge-IP
NnCoection
X-Hello
X-FPC
WP-Super-Cache
X-Flog
X-Dispatch
X-ABtesting
X-Cache-FS-Status
X-Litespeed-Cache-Control
X-Skip-Cache
X-Request-Url
WZWS-RAY
Lb
X-Check-Cacheable
X-Powered-Y
X-Request-URL
X-App
X-BC
Backend-Name
X-ElasticPress-Search
X-Worker
Correlation-Id
Pramga