Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Dns-Prefetch-Control
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
X-Node
Content-Location
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-ORACLE-DMS-ECID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
X-Mod-Pagespeed
NEL
X-Ruxit-JS-Agent
X-Rack-Cache
Edge-Control
Rating
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-Country-Code
X-DynaTrace
X-TTL
X-Instart-Request-ID
X-Varnish-TTL
X-FTR-Request-ID
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
Accept-Ch
X-ESI
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
Accept-Ch-Lifetime
X-Forwarded-Proto
X-MS-InvokeApp
X-Version
X-B3-TraceId
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-GitHub-Request-Id
Edge-Cache-Tag
RTSS
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
Ar-Sid
X-D2id
X-Px
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
Display
Pagespeed
X-Vcache
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
TCN
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Trace
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
Realpath
X-VARITI-CCR
X-Client-IP
Public-Key-Pins
Cache-Tag
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
MS-Author-Via
X-Server-ID
S
Nginx-Cache
X-DynaTrace-JS-Agent
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
X-Id
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Amzn-Trace-Id
X-T
X-Grace
X-Edge-O15-RID
X-Amz-Meta-S3cmd-Attrs
Nel
X-Recruiting
Front-End-Https
DynaTrace
Fastcgi-Cache
X-Hits
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Node-Name
X-Cache-TTL
X-Mobile-URL
NR-ENABLED
X-DIS-Request-ID
X-Content-Digest
X-Jurisdiction
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-Element-Page-Cache
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
Powered
X-FTR-Backend
X-Frontend
X-FTR-DC
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
Server-Node
Alternate-Protocol
TP-Cache
Server-Name
TP-L2-Cache
X-Logged-In
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-XRDS-Location
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
Upgrade-Insecure-Requests
X-ATS-Timestamp
X-Content-Options
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
Refresh
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Page-Id
X-Akamai-Edgescape
X-Rid
X-Revision
X-User-Agent
X-F-Cache
X-Varnish-Grace
X-Type
X-CST
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-Geo-Country
X-B3-Sampled
X-LB-Cache
X-B
X-Shield-Request-Id
X-URL
X-Activity-Id
X-Az
X-AppVersion
X-FTR-Cache-Host
X-N
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
Cache-Status
X-Webapp-Samesite-None-Activated-N
X-Kinsta-Cache
X-Pad
X-TT
X-Cache-Age
X-Instance
X-WebKit-CSP-Report-Only
X-Debug-Info
Actual-Object-TTL
X-Framework
Paypal-Debug-Id
X-AOL-HN
X-Tumblr-User
X-App-Environment
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Request-Guid
X-Cache-Action
X-Webkit-Csp
X-Signature
X-B-Cache
Access-Control-Allow-Method
X-PHP-Backend
DC
X-Jobs
X-Analytics
X-Load-Cache
X-RateLimit-Remaining
X-FB-Debug
X-Git-Hash
X-Cached-By
X-Time
X-Erf-Bev-Bev
X-Tt-Trace-Tag
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Varnish-Backend
Fastcgi-Useragent
X-Tt-Trace-Host
Host-Header
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
MS-CV
X-SS-Set-Cookie
X-ATG-Version
Accept-CH
FilterID
X-WA-Info
X-Cache-Key
Tracecode
X-FastCGI-Cache
Host
X-Accel-Buffering
X-VCache
X-Response-Served-From
NGB
X-Cluster
X-Mobile
X-Presslabs-Stats
WPE-Backend
X-Host-Name
X-B3-Traceid
X-Kong-Upstream-Latency
Source
Payment
X-Cache-NE
X-Kong-Proxy-Latency
X-Hostname
X-FW-Serve
X-Varnish-Server
X-Cache-Operation
X-FW-Hash
X-Via-JSL
X-Cache-2
X-Srv
X-FW-Static
X-Cache-Rule
X-FW-Server
X-FW-Type
X-Cache-Enabled
X-Region
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Cache-Tv-Group
X-IPS-LoggedIn
Frame-Options
Filters
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Eomportal-Instance
X-Adobe-Content
X-Cacheable-TTL
X-Varnish-Hostname
X-Rendered-As
X-GeoIP
X-Adobe-Loc
X-Is-Bot
X-Origin-Response-Time
X-RequestSource
X-TX-ID
X-NewRelic-App-Data
X-NWS-LOG-UUID
Xserver
Accept-CH-Lifetime
X-Seen-By
X-EdgeConnect-Cache-Status
Retry-After
Cleartype
X-Ruxit-Js-Agent
Server-Info
X-Cache-TTL-Remaining
Cache
X-RemovedCookies
X-ProcessESI
X-UA
X-HTML-Minification-Powered-By
Liferay-Portal
X-RTag
X-Dc
Ms-Operation-Id
X-Source
X-Ttl
X-Cache-Control
Datacenter
X-L-Path
X-FireWall-Port
X-Environment-Context
X-Upgrade-Enabled
Healthy
X-Cache-Server
From-Origin
X-Endurance-Cache-Level
X-App-Server
X-CACHE-KEY
X-APP-VERSION
X-Handled-By
X-RateLimit-Limit
X-Backend-Name
X-Rule
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-Cache-Var
X-Status
X-Wix-Request-Id
GEO-INFO
X-RN-RSRV
X-ES-SERVER
Version
X-Tb
X-Section
X-Access
X-Timing-Wait
X-Proxy-Build
X-Format
Selected-Fe
X-Request-Time
OT-Force-Account-Verify
Azure-RegionName
Akamai-GRN
X-Akamai-Request-ID
Azure-InstanceId
X-PCL
X-ProxyCache-Key
X-ProxyCache-Status
Srv
X-Proto
Azure-SiteName
X-Origin
X-Storage
X-OCL
Azure-Version
Mn-Server-Ip
X-BYPASS-REASON
Azure-SlotName
X-Content-Age
X-Human
Cache-Tags
Origin-Edge-Control
X-Cache-Config
Origin-Cache-Control
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Akamai-Request-ID2
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cluster-Node
X-Alternate-Cache-Key
X-Hl-Ver
X-Pubstack
X-Generated-By
NGX
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-VWS-Id
X-AWS-Id
DB-Nickname
X-Cache-Host
Now
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
X-Proxy
X-Qloud-Router
X-ServerID
X-Viewer-Country
S-Rt
X-Sorting-Hat-ShopId
X-Proxy-Cache-Status
X-FW-Dynamic
X-Debug-Cache
X-UUID
X-Soup
X-ShardId
X-Shopify-Stage
X-EIG-Tracking-Id
X-NYM-Debug-Backend
X-Shopify-Generated-Cart-Token
Ec-Rule-Version
X-Time-Microsecs
X-ShopId
Node
X-Vgn-Hpd-Reason
X-PressLabs-Stats
X-Sorting-Hat-PodId
X-Redis-Cache
X-FC-Vary-Parameters
X-Web-Node
X-Hyper-Cache
TWC-Privacy
X-IP
X-Say-Cacheable
X-SaId
Webcakes-App-Name
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
TWC-Connection-Speed
X-Akamai-Transformed
X-SayCDN-TTL
X-CCM
Webcakes-App-Version
X-RCS-CacheZone
X-Locale
X-Www-Served-By
X-Hosted-By
X-Site-Version
X-Origin-Hint
X-BCube-Filmed-By
X-JoinUs
X-Say-TTL
Webcakes-Region
X-Xfnlog-Site
X-Detected-As
X-R9-Blue-Green-Version
X-FB-TRIP-ID
X-Varnish-Hits
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
X-Generated
Cross-Origin-Window-Policy
L5d-Success-Class
Accept-Charset
X-Unique-Id
X-NCache
Cache-Name
Viewport
X-CS
Uber-Trace-Id
X-Drupal-Cache-Tags
X-Trafficlayer-App-Name
X-Esi
X-Trafficlayer-App-Scope
Webserver
Time
Cache-Key
X-UA-Device-Type
X-Backend-TTL
X-CDN-Forward
X-UnsetCookies
X-Cache-Remote
X-From
X-Mode
X-Origin-CC
VIX-Pulpo-Upstream-Status
Accept-Language
X-Forwarded-Host
X-Origin-TTL
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
Country
Mime-Version
X-Cluster-Name
X-Newrelic-Synthetics
X-Info
Odigeo-Trace-Id
Rt-Fastcgi-Cache
X-B3-Spanid
X-Microcachable
X-TT-TIMESTAMP
X-Varnish-Cache-Hits
X-Whom
X-NGENIX-Cache
X-Edge-Location
X-CLOUD-TRACE-CONTEXT
X-ApacheServer
X-Magnolia-Registration
X-PERF
ServedBy
X-Daa-Tunnel
Content-Disposition
X-Geo
X-UPSTREAM-Address
X-EC-Lua
Proxy-Connection
X-Device-Type
X-Routing-Service
X-Proxied
X-Zipkin-Id
Ohc-Cache-HIT
Ohc-File-Size
X-No-Session
X-Via-Fastly
Cf-Ipcountry
X-Uri
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-Rocket-Build-Number
X-SRCache-Key
X-Destination
X-Session-Fingerprint
X-Sigma
X-ScT
X-S-Cookie
X-Region-Sid
X-Sigma-Backend
X-S
Fastcgi-X-Cache-Version
X-GeoIP-Country-Code
AsisCache
X-Geo-Header
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
BehaviorPad-Version
Machine
X-DPWN-IS-SECURE
Apple-News-Services-Host
X-External-Request-Id
Content-Style-Type
X-G
Content-Script-Type
GEO-REGION-INFO
Meta-Geo-Continent
Xc-Version
T-Server
X-B-Cookie
Viewtype
MD5-Digest
X-Vtex-Remote-Cache
X-VG-TLSProxy
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
VivaBuild
X-ARC
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-Aed
X-A-Dam
X-A-Ccd
W
X-Application
X-A
X-Vdms-Version
X-CF-Lambda-Fn
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Connection-Hash
Rendered-Blocks
X-D
X-CF-Lambda-Version
Mobile-Detection-Method
X-C
X-Labrador-Cache-Channel
X-PHP-Host
HitType
User-Cache-Control
X-Agile-Age
X-CUA
X-Agile-Id
IsBot
X-App-Name
HA-Ipaddr
X-Date
X-Accel-Expires-Debug
Ha-Gx-Prefs
Locid
X-Distil-CS
X-Developers
Fastly-Soc-X-Request-Id
X-Contensis-Viewer-Groups
X-Bip
X-Backend-State
CDCHOST
X-CGP
X-Cache-ASPX
Gh-Request-Id
X-Cache-Debug
Powered-By
X-Eu-Site
X-Auto-Login
Server-Cache-Control
Server-Surrogate-Control
X-Logging-Id
X-Real-IP
X-Tec-Api-Origin
X-VC-Cache
X-Wikidot-Backend
X-Tec-Api-Root
X-SIPLIST1
X-Tec-Api-Version
X-WebServer
X-Varnish-Authentication
X-Agile
X-Render-Time
X-Tumblr-Pixel-3
X-TrackingId
X-Thanos
X-Wikidot-Static-Cache
X-Cache-Time
X-Nc
Section-Io-Cache
X-GoCache-CacheStatus
X-Cache-Backend
X-Cdn-Srv
X-Clara-WADP
X-Cms-Context
X-WADP-Cache
X-Cache-URL
X-Webstats-RespID
X-Cache-Info
X-Cache-Bucket
X-BBXSRF
Countrycode
X-We-Are-Hiring
X-VServer
X-AK-Request-ID
Fastly-SIE
Fastly-SWR
X-Servername
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Clientip
X-User
X-LI-UUID
IBM-Web2-Location
X-Urbn-Site-Id
Fastly-SSL
X-Block-Status
Memcached
X-Azure-Ref
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-FW-Version
Access-Control-Request-Headers
X-Swa-Ws
X-NodeID
X-Gen-Mode
X-Nginx-Cache-Key
X-Generated-In
X-NX-Host
X-Origin-Date
X-OVcl-Cache
X-OVcl
X-Origin-Expires
X-Generation-Time
X-Ms-Version
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hit
X-Instart-Isnd
X-Irp-Debug
X-Ms-Request-Id
X-Micro-Cache
X-Key
X-Epic-Correlation-Id
X-Owner
X-SVT-ORM-RULES
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-SVT-ORM-VERSION
X-TT-LOGID
X-Trace-Id
X-Hnp-Log
X-Sucuri-Cache
X-Debug-Cookies
X-RateLimit-Limit-Second
X-Distributor
X-Proxy-Upstream
X-RateLimit-Remaining-Second
X-Request-URI
X-Debug-Log
X-Server-W
X-Dispatcher-Server
X-Urbn-Context-Path
X-Fastly-Cache
Mail-Subject
Locale
Request-Country
Request-EU
RNT-Time
RNT-Machine
Kp-EeAlive
Heartbleed
Cdncip
Cache-Host
Cdnsip
Country-Code
Fastly-Backend-Name
Environment
Server-Int
AKAMAI
True-Client-Country-4JS
We-Hiring
Web-Mar-Node
V-Age
X-Oneagent-Js-Injection
X-Fetched-On
Geo-Info
Thinkindot-CacheControl
X-Variation
X-Level-Front-Cache
Wxu-Next-Commit
X-Trafficlayer-App-Version
X-Hash
X-Generated-On
Wxu-Next-Hostname
X-NU-AKA-ACS-Version
X-Matched-Rule
X-GeoIP-City
X-Gamma-Serve
X-Old-Content-Length
X-TA-CDN-Provider
X-Is-Gdpr
X-Platform-Server
X-JWT-State
X-ServiceProvider
X-Service
X-Req
X-Internal-Host
X-Varnish-Beresp-Ttl
X-Thinkindot-L3
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Adler-Geo
X-Has-Esi
Wxu-Next-Region
ServerName
X-Core-Mission
X-Core-Value
Platform
Is-Eu
X-Reboot
Thinkindot-CacheControl-Type
Server-ID
Server-Host
X-Up
Thinkindot-Control
FNAC-ModuleRouting
X-Cache-Tags
X-TH-Server
Filterid
X-Response-By
X-SERVER
X-App-Version
X-Location
X-Lb-Id
PFcat
Cache-Hits
X-Nginx-Cache
X-S-Maxage
X-B3-Parentspanid
X-Refresh
Group
X-Parent-Response-Time
RequestId
X-Tb-Optimization-Total-Bytes-Saved
Pragrma
X-Var-Ttl
X-CSRF-TOKEN
X-Air-Hostname
X-NC
Memory
S-Cnection
X-Cache-Expired-At
Powered-By-ChinaCache
X-Wa
X-CF-Powered-By
ProcessTime
X-Cdn-Forward
X-B3-SpanId
X-BACKEND-TTL
Origin
X-Pjax-Url
X-Server-IP
Geoip-Latitude
X-CSRF-Token
User-Agent
X-Pf-Uncompressing
X-Correlation-ID
X-Ua
SRV
X-NGINX-Cache
X-Sucuri-ID
TTL
Geoip-City
Media-Length
GeoIp-Country-Code
X-Varnish-Cacheable
X-Cdn-Request-ID
PICS-Label
X-NWS-UUID-VERIFY
X-COUNTRY
X-Via-CDN
X-Vcl-Version
X-Unique-ID
X-Sucuri-Id
XServer
Dnion-Transfer-Encoding
X-Developer
X-Servedbyhost
X-TIME
X-Cdn-Origin
X-Rocket-Nginx-Bypass
X-LAGOON
X-Ocache
X-Sn-Servicetimems
SN
X-Webkit-CSP
X-Cache-Grace
X-Device-Os
X-Litespeed-Cache
X-Node-Id
On-Server
X-AIR-PT
X-Via-Ucdn
M-TraceId
X-Reqid
Esi-Enabled
X-Varnish-Ttl
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-MSEdge-Features
X-Request-Host
X-MSEdge-Flight
A
X-HS-Status
X-Cache-Status-Check
X-FORWARDED-FOR
X-Azure-Ref-OriginShield
Cloudfront-Viewer-Country
X-Request-Start
HostName
Hostname
X-Beluga-Status
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Oss-Storage-Class
Rt-Proxy-Cache
Resin-Trace
X-Beluga-Record
Cdn
X-Beluga-Node
X-Fastly-Country-Code
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Beluga-Trace
Who
X-Oss-Hash-Crc64ecma
X-Cache-Ttl
X-VHOST
X-Ftr-Cache-Host
X-ServedByHost
Host-ID
NtCoent-Length
X-Ratelimit-Remaining
CF-Cached-On
X-Varnish-URL
X-VCL-Version
Magicmarker
X-Method
MIME-Version
Ttl
GeoIP-Country-Code
X-Zone
X-LiteSpeed-Cache-Control
X-APP
Pics-Label
X-Bc
Tcn
X-Oracle-Dms-Rid
X-Fastly-Backend-Reqs
GeoIP-Latitude
X-Varnish-Url
Cteonnt-Length
X-DC
Load-Balancing
X-RPM
X-RPS
X-RSL
X-DW
GeoIP-City
X-VarnishDD-TTL
X-DB
X-Be
Ohc-Response-Time
X-Slack-Backend
X-Newrelic-App-Data
X-PJAX-URL
X-DI
X-DSS
X-Svr
X-PF-Uncompressing
Pramga
Arc-Country
X-Dispatch
WebServer
X-FPC
Amp-Access-Control-Allow-Source-Origin
X-SRV
Processtime
X-Action
X-Ftr-Request-Id
Vix-Hermes-Req-Id
DSUID
X-PAYTM-SRV-ID
X-Cache-FS-Status
X-Ratelimit-Limit
X-Processor
X-Skip-Cache
X-Server-Time
X-MServer
Release
CACHE
X-VCT
X-Dynatrace
X-Swift-Error
X-DevSite-Last-Modified
X-Tid
X-Hp-Ccpa-Warning
X-BE
X-ND-Cache
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
Servername
Cache-Provider
X-Aicache-OS
Requestid
X-Configured-By
Cdn-Request-Time
Fastly-Drupal-HTML
X-HostName
X-ABtesting
X-Flog
Cdn-Host
X-Hello
N-Cache
X-ID
X-Edge-Server
X-Served-From
X-Frame-Option
X-Amzn-Remapped-Connection
X-Bc-Bl
X-WA
X-Amzn-Remapped-Date
SD-X-WS
X-StackifyID
CF-IPCountry
CDN
X-Snapshot-Date
Dynatrace
X-Ftr-Backend
X-Ftr-Realm
X-Ftr-Balancer
X-Ftr-Dc
X-LB-ID
Lfy
X-SD-PageType
X-Fastly-Cache-Hits
X-Ftr-Backend-Server
X-Branch-Name
X-Upstream-Ct
X-Upstream-Ht
Pagetype
X-CACHE-AGE
L
X-Apw-Access-Object
X-Varnish-Beresp-TTL
X-Backend-Host
Proxy-Firewall
X-Apw-Access-Action
X-Apw-Access-Token
X-Apw-Hits
X-SN
X-ZONE
Warning
X-VC
V-Cache
X-SB
X-Cache-Id
X-Edge-IP
X-Compress-Hint
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
X-Request-Url
X-Powered-Y
X-ElasticPress-Search
X-Via-NSCOPI
Lb
X-Request-URL
DataCenter
WZWS-RAY
Backend-Name
X-Check-Cacheable
X-Fastly-Cache-Status
X-BC
X-App
Correlation-Id
WP-Super-Cache
X-Release
X-Worker
X-ServerName