Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
X-Node
Content-Location
X-Ac
Surrogate-Control
X-Readtime
X-Vhost
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
Edge-Control
Rating
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
X-TTL
X-DynaTrace
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-FTR-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-GitHub-Request-Id
Edge-Cache-Tag
RTSS
Ar-Sid
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-D2id
X-Px
X-Debug
X-Abt-Application-Version
SPRequestGuid
X-Server-Name
X-Vcache
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
Display
X-Middleton-Response
Pagespeed
X-Sol
X-Middleton-Display
Response
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Vcap-Request-Id
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Amz-Rid
TCN
X-Navigation-Version
X-Fastcgi-Cache
X-Powered-CMS
Pinterest-Version
X-SharePointHealthScore
X-Pinterest-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
MS-Author-Via
S
X-Server-ID
X-Shard
X-DynaTrace-JS-Agent
Nginx-Cache
SPRequestDuration
SPIisLatency
X-Upstream
X-Id
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Amzn-Trace-Id
X-Grace
X-T
X-Amz-Meta-S3cmd-Attrs
Nel
X-Edge-O15-RID
Front-End-Https
X-Recruiting
DynaTrace
X-Hits
X-Aspnet-Version
Fastcgi-Cache
X-Varnish-Age
ServerID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Node-Name
X-Cache-TTL
X-DIS-Request-ID
X-Mobile-URL
X-Element-Page-Cache
X-Jurisdiction
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
NR-ENABLED
X-Content-Digest
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
Powered
X-Frontend
X-FTR-Backend-Server
X-FTR-Balancer
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-FTR-Realm
X-Goog-Metageneration
X-FTR-DC
X-FTR-Backend
Server-Node
Alternate-Protocol
TP-L2-Cache
TP-Cache
Server-Name
X-Logged-In
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
X-Request-Handler-Origin-Region
X-Microsite
Upgrade-Insecure-Requests
Backend-Timing
X-ATS-Timestamp
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Cache-Hit
X-Page-Id
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Akamai-Edgescape
X-User-Agent
X-F-Cache
Refresh
X-Revision
X-Rid
X-Type
X-CST
X-Varnish-Grace
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-B3-Sampled
X-B
X-Geo-Country
X-LB-Cache
X-Shield-Request-Id
X-URL
X-AppVersion
X-Activity-Id
X-Az
X-FTR-Cache-Host
X-N
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
Cache-Status
X-Webapp-Samesite-None-Activated-N
X-Kinsta-Cache
X-Pad
X-Cache-Age
X-TT
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Instance
X-Debug-Info
Paypal-Debug-Id
X-Framework
X-Jobs
X-Signature
X-B-Cache
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Webkit-Csp
X-App-Environment
Actual-Object-TTL
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Action
X-Time
X-Request-Guid
X-RateLimit-Remaining
X-PHP-Backend
X-FB-Debug
DC
X-Load-Cache
X-Analytics
X-Git-Hash
X-Cached-By
X-Erf-Bev-Bev
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Tt-Trace-Tag
Fastcgi-Useragent
Host-Header
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
MS-CV
X-SS-Set-Cookie
X-ATG-Version
FilterID
X-WA-Info
Tracecode
X-Cluster
X-Accel-Buffering
NGB
X-Response-Served-From
Host
X-Host-Name
X-Mobile
WPE-Backend
Payment
X-Kong-Proxy-Latency
X-Varnish-Server
Source
X-Kong-Upstream-Latency
X-Cache-NE
X-Region
X-Cache-Operation
X-Via-JSL
X-Cache-Rule
Xserver
X-FW-Hash
X-FW-Server
X-FW-Type
X-Srv
Frame-Options
Eomportal-Instance
X-Cache-2
X-FW-Serve
X-Hostname
X-FW-Static
Cache-Tv-Group
Filters
X-Rendered-As
X-GeoIP
X-Varnish-Hostname
X-Cacheable-TTL
X-Is-Bot
X-IPS-LoggedIn
X-Cache-Key
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Enabled
X-Adobe-Loc
X-ORACLE-APMCS-REQUEST-ID
X-Adobe-Content
X-ORACLE-APMCS-TAG
X-NewRelic-App-Data
X-TX-ID
X-Origin-Response-Time
X-RequestSource
X-Presslabs-Stats
X-NWS-LOG-UUID
X-EdgeConnect-Cache-Status
X-Seen-By
Cleartype
X-FastCGI-Cache
X-Ruxit-Js-Agent
Retry-After
X-VCache
Server-Info
X-Cache-TTL-Remaining
Accept-CH
X-ProcessESI
X-RemovedCookies
X-B3-Traceid
Liferay-Portal
X-HTML-Minification-Powered-By
Cache
X-CACHE-KEY
X-Dc
X-RTag
Ms-Operation-Id
X-Source
Datacenter
X-Ttl
X-UA
X-L-Path
X-FireWall-Port
X-Environment-Context
X-Upgrade-Enabled
X-Cache-Control
X-App-Server
Healthy
From-Origin
X-Cache-Server
X-Endurance-Cache-Level
X-PressLabs-Stats
Accept-CH-Lifetime
X-Handled-By
X-RateLimit-Limit
X-Backend-Name
Version
X-Status
X-ES-SERVER
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-Wix-Request-Id
X-Cache-Var
Meta-Geo
X-Request-Time
X-APP-VERSION
OT-Force-Account-Verify
X-Section
X-Rule
X-Timing-Wait
X-Format
X-Proxy-Build
Selected-Fe
X-Tb
X-Access
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ProxyCache-Key
X-Storage
X-Content-Age
X-Proto
X-BYPASS-REASON
X-Alternate-Cache-Key
X-ShardId
Mn-Server-Ip
X-ProxyCache-Status
X-Origin
Srv
Azure-SlotName
Azure-SiteName
X-Sorting-Hat-PodId
Azure-RegionName
Azure-Version
Akamai-GRN
X-ShopId
Azure-InstanceId
X-EIG-Tracking-Id
X-Shopify-Generated-Cart-Token
X-Akamai-Request-ID
Cache-Tags
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Yottaa-Optimizations
X-Qloud-Router
X-Pubstack
X-Yottaa-Metrics
X-OCL
Now
NGX
X-Akamai-Request-ID2
X-AWS-Id
X-Cluster-Node
X-Cache-Host
X-Hl-Ver
X-Human
X-LJ-Flow-ID
X-MP-GENERATED-AT
X-JoinUs
X-Hyper-Cache
DB-Nickname
X-PCL
X-Proxy-Cache-Status
Node
S-Rt
X-Time-Microsecs
X-Soup
Ec-Rule-Version
X-UUID
X-NYM-Debug-Backend
X-Cache-Config
X-VWS-Id
X-FW-Dynamic
X-Vgn-Hpd-Reason
X-ServerID
X-SaId
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
X-Varnish-Hits
TWC-Privacy
Property-Id
Origin-Edge-Control
Origin-Cache-Control
X-Generated-By
X-Viewer-Country
Decoy-Debug-TTL
X-IP
Decoy-Debug-Key
Decoy-Debug-Status
Cross-Origin-Window-Policy
Webcakes-App-Version
X-Www-Served-By
X-RCS-CacheZone
X-CCM
X-Proxy
X-Web-Node
X-Debug-Cache
X-Origin-Hint
X-Locale
Webcakes-Region
X-BCube-Filmed-By
X-Hosted-By
X-Detected-As
X-FC-Vary-Parameters
X-Say-Cacheable
X-Generated
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
X-Loop
X-Xfnlog-Site
X-SayCDN-TTL
X-Site-Version
X-R9-Blue-Green-Version
Accept-Charset
X-Akamai-Transformed
GEO-INFO
X-TNCMS
X-Say-TTL
X-Redis-Cache
L5d-Success-Class
X-CS
X-NCache
Cache-Name
Viewport
X-Trafficlayer-App-Name
X-Esi
X-Trafficlayer-App-Scope
X-Drupal-Cache-Tags
Webserver
Uber-Trace-Id
X-Unique-Id
Time
Cache-Key
X-UA-Device-Type
Mime-Version
X-UnsetCookies
X-Cache-Remote
X-Mode
X-From
X-Forwarded-Host
X-Origin-CC
X-Origin-TTL
Accept-Language
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
Country
X-Backend-TTL
X-Cluster-Name
X-CDN-Forward
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Microcachable
X-Whom
X-TT-TIMESTAMP
X-Info
X-CLOUD-TRACE-CONTEXT
X-NGENIX-Cache
X-Edge-Location
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-ApacheServer
X-B3-Spanid
X-PERF
X-Daa-Tunnel
Content-Disposition
ServedBy
X-UPSTREAM-Address
X-EC-Lua
Proxy-Connection
X-Routing-Service
Ohc-File-Size
X-Geo
Ohc-Cache-HIT
X-Proxied
X-Device-Type
X-Zipkin-Id
X-Via-Fastly
Cf-Ipcountry
X-No-Session
X-Nc
X-Uri
Rendered-Blocks
Mobile-Detection-Method
W
Meta-Geo-Continent
X-A-Dam
X-A-Ccd
X-A
Viewtype
VivaBuild
T-Server
BehaviorPad-Version
Apple-News-Services-Request-Url
X-A-Dcw
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AsisCache
Content-Script-Type
Machine
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Content-Style-Type
MD5-Digest
X-Connection-Hash
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Session-Fingerprint
X-ScT
X-Rojux
X-S
X-S-Cookie
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Vdms-Version
X-VG-TLSProxy
X-Rocket-Build-Number
X-Rewrite-Enabled
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-ARC
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-D
X-Date
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Geo-Header
X-External-Request-Id
X-Destination
X-DPWN-IS-SECURE
X-A-Dgt
X-G
Geo-Info
X-Labrador-Cache-Channel
HitType
X-PHP-Host
X-C
Environment
X-WebServer
X-CUA
X-Contensis-Viewer-Groups
X-Developers
X-Hit
X-Agile-Age
X-Agile
Section-Io-Cache
Fastly-Soc-X-Request-Id
CDCHOST
HA-Ipaddr
X-Real-IP
X-Epic-Correlation-Id
Server-Cache-Control
X-Distil-CS
Powered-By
X-Eu-Site
Server-Surrogate-Control
Ha-Gx-Prefs
X-VC-Cache
IsBot
Locid
Gh-Request-Id
X-Render-Time
X-Thanos
X-Cache-Debug
X-Logging-Id
X-Tumblr-Pixel-3
X-Cache-ASPX
X-CGP
X-Bip
X-Backend-State
X-Varnish-Authentication
X-Auto-Login
X-SIPLIST1
X-App-Name
X-Agile-Id
X-GoCache-CacheStatus
User-Cache-Control
X-Cache-Backend
X-Cache-Time
X-RateLimit-Limit-Second
Fastly-SWR
X-Debug-Cache-Expiry
RNT-Machine
X-Debug-Cache-Fetch
RNT-Time
Server-ID
X-Debug-Cache-Store
X-Li-Fabric
X-FW-Version
X-Owner
X-Origin-Date
X-Cache-Bucket
X-Debug-Log
X-Debug-Cookies
Server-Int
X-LI-UUID
X-TrackingId
X-VServer
IBM-Web2-Location
X-Core-Mission
X-User
X-TH-Server
Access-Control-Request-Headers
X-AK-Request-ID
X-App-Version
X-Wikidot-Static-Cache
We-Hiring
X-Azure-Ref
X-Wikidot-Backend
X-Proxy-Upstream
True-Client-Country-4JS
X-LI-Proto
V-Age
Fastly-SIE
X-Origin-Expires
Countrycode
X-Cms-Context
X-Li-Pop
X-NodeID
X-Hash
AKAMAI
X-Server-W
Fastly-SSL
X-IN-APIGATEWAY
X-Request-URI
X-Ms-Request-Id
X-Generation-Time
Cache-Host
X-Dispatcher-Server
X-Varnish-Beresp-Status
X-GeoIP-City
X-Urbn-Site-Id
X-IN-APIGATEWAYSSL
X-Key
X-Swa-Ws
X-Varnish-Beresp-Grace
X-Trace-Id
X-Varnish-Beresp-Ttl
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Urbn-Context-Path
X-Instart-Isnd
X-Sucuri-Cache
X-TT-LOGID
Cdncip
X-Ms-Version
X-Rebelmouse-Cache-Control
Kp-EeAlive
Heartbleed
X-Rebelmouse-Surrogate-Control
Locale
X-Fetched-On
Mail-Subject
X-Distributor
X-RateLimit-Remaining-Second
X-Clientip
X-NX-Host
X-Nginx-Cache-Key
Country-Code
X-Generated-In
Request-Country
Request-EU
Cdnsip
Fastly-Backend-Name
X-Servername
X-Gamma-Serve
X-Oneagent-Js-Injection
X-OVcl-Cache
X-Level-Front-Cache
X-Matched-Rule
Memcached
X-Gen-Mode
X-Generated-On
X-Core-Value
X-Hnp-Log
X-OVcl
X-Clara-WADP
X-Fastly-Cache
X-Irp-Debug
X-Cdn-Srv
Thinkindot-CacheControl-Type
X-Platform-Server
FNAC-ModuleRouting
X-Up
X-Variation
X-JWT-State
X-Cache-URL
X-Has-Esi
PFcat
X-Internal-Host
X-Webstats-RespID
X-Req
X-Nginx-Cache
X-Thinkindot-L3
X-Trafficlayer-App-Version
ServerName
X-ServiceProvider
X-TA-CDN-Provider
X-WADP-Cache
X-Service
X-Cache-Tags
X-Is-Gdpr
Wxu-Next-Region
Wxu-Next-Hostname
Web-Mar-Node
X-We-Are-Hiring
X-Reboot
X-Cache-Info
X-Block-Status
X-BBXSRF
Adler-Geo
Wxu-Next-Commit
Thinkindot-CacheControl
Is-Eu
Thinkindot-Control
Server-Host
Platform
X-Micro-Cache
Filterid
X-Location
X-Old-Content-Length
X-Lb-Id
X-SERVER
X-S-Maxage
X-NU-AKA-ACS-Version
Cache-Hits
X-Response-By
RequestId
X-Air-Hostname
X-Refresh
X-B3-Parentspanid
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-CSRF-TOKEN
Pragrma
X-Cache-Expired-At
X-Var-Ttl
Group
X-VHOST
X-Cdn-Forward
ProcessTime
X-Tec-Api-Origin
X-BACKEND-TTL
S-Cnection
X-Tec-Api-Root
X-Tec-Api-Version
X-Correlation-ID
X-B3-SpanId
X-CF-Powered-By
X-Ua
Memory
Powered-By-ChinaCache
X-Pjax-Url
X-Wa
X-Server-IP
X-NC
Origin
User-Agent
TTL
X-CSRF-Token
SRV
X-Unique-ID
X-Sucuri-ID
X-Varnish-Cacheable
X-Pf-Uncompressing
Media-Length
Geoip-Latitude
X-Cdn-Request-ID
X-NWS-UUID-VERIFY
X-NGINX-Cache
Geoip-City
X-COUNTRY
PICS-Label
X-Vcl-Version
GeoIp-Country-Code
X-Sucuri-Id
X-Servedbyhost
Dnion-Transfer-Encoding
X-Developer
X-Via-CDN
X-Cdn-Origin
X-Sn-Servicetimems
X-Webkit-CSP
X-Ocache
SN
X-Device-Os
X-LAGOON
X-Litespeed-Cache
X-Node-Id
X-Cache-Grace
On-Server
X-Via-Ucdn
X-Reqid
M-TraceId
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
Esi-Enabled
X-AIR-PT
X-TIME
XServer
X-Policy
A
X-MSEdge-Features
X-HS-Status
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-MSEdge-Flight
X-Planisys-CDN-TTL
X-FORWARDED-FOR
X-Cache-Status-Check
X-Azure-Ref-OriginShield
X-Request-Host
X-Request-Start
Cloudfront-Viewer-Country
Hostname
Cdn
X-Oss-Server-Time
X-Oss-Request-Id
HostName
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Fastly-Country-Code
Rt-Proxy-Cache
X-Cache-Ttl
Resin-Trace
Who
X-Ftr-Cache-Host
X-Beluga-Record
X-Beluga-Node
X-Beluga-Status
X-Beluga-Trace
X-ServedByHost
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Varnish-URL
Host-ID
Pics-Label
Magicmarker
X-Method
GeoIP-Country-Code
X-Ratelimit-Remaining
CF-Cached-On
NtCoent-Length
X-APP
GeoIP-Latitude
X-LiteSpeed-Cache-Control
X-VCL-Version
Cteonnt-Length
X-Oracle-Dms-Rid
MIME-Version
Tcn
X-Fastly-Backend-Reqs
X-PF-Uncompressing
GeoIP-City
X-Varnish-Url
X-Zone
X-Bc
Ttl
X-DC
Load-Balancing
X-DI
X-Svr
X-DB
X-DSS
X-Slack-Backend
X-Action
X-VarnishDD-TTL
CACHE
X-DW
X-RSL
X-Be
X-Newrelic-App-Data
X-RPM
X-RPS
Ohc-Response-Time
X-Ftr-Request-Id
DSUID
X-Skip-Cache
X-Server-Time
WebServer
X-PAYTM-SRV-ID
X-SRV
X-Ratelimit-Limit
X-Processor
Pramga
Arc-Country
Vix-Hermes-Req-Id
X-Swift-Error
X-Cache-FS-Status
X-PJAX-URL
X-Dispatch
Amp-Access-Control-Allow-Source-Origin
Release
X-VCT
X-MServer
X-ND-Cache
X-FPC
X-Hello
X-Flog
X-DevSite-Last-Modified
Fastly-Drupal-HTML
X-ABtesting
Processtime
X-Hp-Ccpa-Warning
X-BE
X-Tid
X-Dynatrace
X-WR-MODIFICATION
Servername
X-Dynatrace-Js-Agent
Cdn-Request-Time
N-Cache
Cdn-Host
X-Aicache-OS
X-ID
X-HostName
X-Configured-By
X-Edge-Server
Cache-Provider
X-Served-From
X-Frame-Option
Dynatrace
X-ZONE
X-StackifyID
X-Ftr-Balancer
X-Bc-Bl
X-Ftr-Realm
X-Ftr-Dc
X-LB-ID
X-Branch-Name
Lfy
Pagetype
SD-X-WS
CF-IPCountry
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Ftr-Backend-Server
X-Upstream-Ct
X-Upstream-Ht
X-WA
CDN
Requestid
X-Fastly-Cache-Hits
X-SD-PageType
X-Ftr-Backend
X-Snapshot-Date
X-CACHE-AGE
X-Cache-Id
X-Compress-Hint
X-Edge-IP
X-Backend-Host
D-Cc-Upstream
X-Apw-Hits
X-Apw-Access-Token
L
X-Apw-Access-Action
X-SN
V-Cache
X-Request-Url
X-BC
X-Varnish-Beresp-TTL
X-SB
X-Apw-Access-Object
X-VC
X-Cc-Via
Proxy-Firewall
Warning
X-Cc-Req-Id
X-Via-NSCOPI
Lb
X-Worker
Section-Io-Id
Section-Io-Origin-Status
X-WPE-Loopback-Upstream-Addr
X-Fpc
WZWS-RAY
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-ElasticPress-Search
X-Powered-Y
X-Request-URL
Correlation-Id
X-ServerName
X-App
X-Fastly-Cache-Status
X-Release
Backend-Name
X-Check-Cacheable
WP-Super-Cache