Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Xss-Protection
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Ws-Request-Id
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Response-Time
X-Origin-Cache
X-Node
Content-Location
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-ORACLE-DMS-ECID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-Ruxit-JS-Agent
Rating
X-Rack-Cache
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
Accept-Ch
X-Goog-Hash
X-PC
X-FTR-Request-ID
X-TtlSet
X-Vname
X-ESI
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
Accept-Ch-Lifetime
X-Url
X-B3-TraceId
X-Cdn
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
X-GitHub-Request-Id
Edge-Cache-Tag
RTSS
AR-Request-ID
Ar-Sid
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Px
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-D2id
X-Amz-Server-Side-Encryption
X-Vcache
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
Response
Pagespeed
X-Amz-Rid
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
TCN
X-Fastcgi-Cache
X-Powered-CMS
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
X-Navigation-Version
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Realpath
X-VARITI-CCR
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
MS-Author-Via
S
Nginx-Cache
SPIisLatency
SPRequestDuration
X-Shard
X-Upstream
X-Id
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-DynaTrace-JS-Agent
X-Hp-Webp
X-Content-Type
X-Ezoic-Cdn
X-Forwarded-For
X-Grace
X-Amzn-Trace-Id
X-T
Nel
X-Amz-Meta-S3cmd-Attrs
X-Edge-O15-RID
X-Recruiting
Front-End-Https
X-Hits
Fastcgi-Cache
X-Aspnet-Version
DynaTrace
X-Varnish-Age
ServerID
X-Server-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Node-Name
X-Element-Page-Cache
X-Mobile-URL
X-DIS-Request-ID
X-Cache-TTL
X-Jurisdiction
NR-ENABLED
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Content-Digest
Powered
X-Frontend
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
Server-Node
Server-Name
TP-Cache
TP-L2-Cache
Alternate-Protocol
X-Logged-In
X-Correlation-Id
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Upgrade-Insecure-Requests
Backend-Timing
X-Page-Id
X-Amz-Apigw-Id
X-Cache-Hit
X-Amzn-RequestId
Refresh
X-Content-Options
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Revision
X-F-Cache
X-User-Agent
X-Akamai-Edgescape
X-Rid
X-CST
X-Varnish-Grace
X-Type
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-LB-Cache
X-Geo-Country
X-B3-Sampled
X-B
X-URL
X-Shield-Request-Id
X-FTR-Cache-Host
X-AppVersion
X-Az
X-Activity-Id
PB-RID
PB-PID
Cache-Status
X-Kinsta-Cache
X-N
X-Mobile-Rewrite
X-Webapp-Samesite-None-Activated-N
Arc-Version
X-Pad
X-TT
X-Cache-Age
X-Instance
X-Debug-Info
X-B-Cache
X-AOL-HN
X-App-Environment
X-Framework
X-Jobs
X-Request-Guid
Actual-Object-TTL
X-Signature
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Webkit-Csp
X-Cache-Action
Access-Control-Allow-Method
Paypal-Debug-Id
X-Time
X-RateLimit-Remaining
X-PHP-Backend
X-Analytics
DC
X-FB-Debug
X-Git-Hash
X-Load-Cache
X-Cached-By
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
Surrogate-Key
X-Erf-Bev-Bev
Fastcgi-Useragent
X-Tt-Trace-Tag
Host-Header
X-Tt-Trace-Host
X-IPLB-Instance
X-Amz-Replication-Status
X-Contextid
MS-CV
X-ATG-Version
FilterID
X-WA-Info
Tracecode
X-SS-Set-Cookie
X-Cluster
X-Accel-Buffering
Host
X-Response-Served-From
NGB
WPE-Backend
X-Varnish-Server
X-Host-Name
X-Cache-NE
X-Mobile
Source
Payment
X-Cache-Operation
X-Cache-Rule
Xserver
X-Kong-Proxy-Latency
X-FW-Hash
X-Via-JSL
X-FW-Server
X-FW-Serve
X-FW-Type
X-FW-Static
Frame-Options
X-Kong-Upstream-Latency
X-Rendered-As
X-Hostname
X-IPS-LoggedIn
Eomportal-Instance
X-Cacheable-TTL
X-ORACLE-APMCS-TAG
X-Is-Bot
X-ORACLE-APMCS-REQUEST-ID
X-Cache-2
X-Region
X-Cache-Enabled
X-NewRelic-App-Data
X-Adobe-Content
X-Tumblr-Pixel-2
X-GeoIP
X-Varnish-Hostname
X-Tumblr-Pixel-1
X-Adobe-Loc
X-Cache-Key
Filters
X-RequestSource
X-TX-ID
X-Ttl
X-Origin-Response-Time
X-NWS-LOG-UUID
Cache-Tv-Group
X-Presslabs-Stats
X-Srv
X-Seen-By
X-EdgeConnect-Cache-Status
Retry-After
X-FastCGI-Cache
Cleartype
X-Ruxit-Js-Agent
Server-Info
X-Cache-TTL-Remaining
X-VCache
Accept-CH
Cache
X-B3-Traceid
Liferay-Portal
X-HTML-Minification-Powered-By
X-RemovedCookies
X-ProcessESI
X-CACHE-KEY
Datacenter
X-RTag
Ms-Operation-Id
X-Source
X-Cache-Control
X-UA
X-L-Path
X-Environment-Context
X-Dc
X-FireWall-Port
X-App-Server
Healthy
X-Upgrade-Enabled
From-Origin
Accept-CH-Lifetime
X-PressLabs-Stats
X-Endurance-Cache-Level
X-Cache-Server
X-RateLimit-Limit
X-Handled-By
Version
X-Backend-Name
X-Status
X-Rule
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-Path-Route
X-ES-SERVER
X-Wix-Request-Id
X-RN-RSRV
X-Request-Time
OT-Force-Account-Verify
Selected-Fe
X-Proxy-Build
X-APP-VERSION
X-Tb
X-Timing-Wait
X-Section
X-ShopId
X-ShardId
X-Storage
X-ProxyCache-Status
X-OCL
X-Human
X-Akamai-Request-ID
X-Origin
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
X-Access
Akamai-GRN
Mn-Server-Ip
X-Proto
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-BYPASS-REASON
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-Sorting-Hat-ShopId
Srv
X-EIG-Tracking-Id
X-Format
X-ProxyCache-Key
X-Shopify-Stage
X-PCL
X-Sorting-Hat-PodId
X-Qloud-Router
X-Pubstack
X-Redis-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
Cache-Tags
X-Hyper-Cache
Origin-Edge-Control
X-Generated-By
X-Cache-Host
X-Cluster-Node
X-LJ-Flow-ID
X-AWS-Id
X-Debug-Cache
Origin-Cache-Control
X-JoinUs
X-VWS-Id
X-Vgn-Hpd-Reason
X-Web-Node
X-SaId
X-Soup
Node
S-Rt
Ec-Rule-Version
X-Viewer-Country
X-Proxy-Cache-Status
X-Cache-Config
X-Time-Microsecs
X-Hosted-By
X-FW-Dynamic
X-FC-Vary-Parameters
Now
X-Generated
Decoy-Debug-TTL
DB-Nickname
Cross-Origin-Window-Policy
Decoy-Debug-Key
Property-Id
X-IP
NGX
X-SayCDN-TTL
X-Say-TTL
X-Akamai-Request-ID2
Webcakes-Region
X-Say-Cacheable
X-NYM-Debug-Backend
X-Detected-As
X-CCM
Webcakes-App-Version
Webcakes-App-Name
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Hl-Ver
Decoy-Debug-Status
X-Varnish-Hits
X-UUID
X-Origin-Hint
X-Www-Served-By
X-Proxy
X-Locale
X-Site-Version
X-RCS-CacheZone
X-ServerID
X-BCube-Filmed-By
X-Xfnlog-Site
X-FB-TRIP-ID
X-Loop
X-Akamai-Transformed
X-TNCMS
Accept-Charset
GEO-INFO
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
X-MP-GENERATED-AT
L5d-Success-Class
X-NCache
X-Unique-Id
X-CS
Cache-Name
Uber-Trace-Id
X-Drupal-Cache-Tags
X-Esi
Viewport
Webserver
Time
Cache-Key
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-UA-Device-Type
X-Backend-TTL
X-Cache-Remote
X-CDN-Forward
Mime-Version
X-UnsetCookies
X-Mode
X-From
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
X-Forwarded-Host
Accept-Language
X-Cluster-Name
X-Info
Rt-Fastcgi-Cache
Country
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-TT-TIMESTAMP
X-Whom
X-Varnish-Cache-Hits
X-CLOUD-TRACE-CONTEXT
X-NGENIX-Cache
X-Magnolia-Registration
X-Edge-Location
X-PERF
X-B3-Spanid
X-ApacheServer
X-Microcachable
X-Geo
ServedBy
X-Daa-Tunnel
X-EC-Lua
X-UPSTREAM-Address
Content-Disposition
Proxy-Connection
X-Routing-Service
X-Proxied
X-Zipkin-Id
Ohc-File-Size
Ohc-Cache-HIT
X-Device-Type
Cf-Ipcountry
X-Uri
X-Via-Fastly
X-Session-Fingerprint
Mobile-Detection-Method
Meta-Geo-Continent
X-CF-Lambda-Version
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rocket-Build-Number
X-Request-UUID
X-CF-Lambda-Fn
Rendered-Blocks
X-Region-Sid
X-Connection-Hash
X-GeoIP-Country-Code
X-DPWN-IS-SECURE
X-External-Request-Id
BehaviorPad-Version
AsisCache
Content-Script-Type
Content-Style-Type
GEO-REGION-INFO
X-Destination
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-D
Machine
X-A-Dcw
X-Sigma
X-G
Apple-News-Services-Host
Apple-News-Services-Handled
X-Date
MD5-Digest
X-Rewrite-Enabled
VivaBuild
Viewtype
X-Vdms-Version
W
Xc-Version
X-No-Session
X-Aed
X-VG-TLSProxy
X-VG-WebCache
X-ARC
X-B-Cookie
T-Server
X-Application
X-Vtex-Remote-Cache
X-VG-WebServer
X-Vtex-Processado-Em
X-Accel-Expires-Debug
X-Twitter-Response-Tags
X-A
X-SRCache-Key
X-A-Dgt
X-A-Dam
X-Trv-Group
X-Sigma-Backend
X-A-Ccd
X-A-Wwc
X-Transaction
HitType
User-Cache-Control
X-Labrador-Cache-Channel
X-PHP-Host
Geo-Info
X-Geo-Header
Locid
HA-Ipaddr
Ha-Gx-Prefs
X-Auto-Login
Environment
X-Agile
Section-Io-Cache
X-Epic-Correlation-Id
X-Eu-Site
X-Agile-Age
X-Distil-CS
X-Agile-Id
CDCHOST
IsBot
X-App-Name
Server-Surrogate-Control
X-Real-IP
X-Render-Time
X-Cache-Debug
X-Hit
X-Backend-State
Powered-By
Gh-Request-Id
X-TrackingId
X-Cache-ASPX
X-SIPLIST1
Server-Cache-Control
X-Thanos
X-Bip
X-CGP
X-Varnish-Authentication
X-WebServer
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-CUA
X-Contensis-Viewer-Groups
X-Logging-Id
X-GoCache-CacheStatus
X-C
X-Nc
X-Cache-Time
X-Clara-WADP
X-AK-Request-ID
X-Debug-Cache-Store
X-Azure-Ref
X-Block-Status
X-Cache-Backend
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-Cache-Bucket
X-Debug-Cache-Expiry
X-Core-Mission
X-Debug-Cache-Fetch
X-BBXSRF
X-IN-APIGATEWAYSSL
Fastly-SSL
Access-Control-Request-Headers
IBM-Web2-Location
Memcached
X-Li-Fabric
X-FW-Version
X-Webstats-RespID
X-WADP-Cache
X-Swa-Ws
X-Sucuri-Cache
X-Trace-Id
X-Tumblr-Pixel-3
X-VC-Cache
X-Li-Pop
X-LI-Proto
X-Clientip
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Servername
Fastly-SIE
Countrycode
X-TH-Server
X-LI-UUID
X-User
X-VServer
X-We-Are-Hiring
X-Server-W
X-Request-URI
X-Hnp-Log
X-Hash
X-IN-APIGATEWAY
X-Instart-Isnd
X-Key
X-Irp-Debug
X-Generated-In
X-Fetched-On
X-Developers
X-Debug-Log
X-Dispatcher-Server
X-Distributor
X-Fastly-Cache
X-Micro-Cache
X-Ms-Request-Id
X-Owner
X-OVcl-Cache
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-OVcl
X-Origin-Expires
X-Nginx-Cache-Key
X-Ms-Version
X-NodeID
X-NX-Host
X-Origin-Date
X-Debug-Cookies
X-Gen-Mode
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Request-Country
Request-EU
RNT-Time
RNT-Machine
Kp-EeAlive
Fastly-Soc-X-Request-Id
Cache-Host
X-App-Version
Cdncip
Cdnsip
Fastly-Backend-Name
Country-Code
Server-ID
Mail-Subject
Web-Mar-Node
We-Hiring
True-Client-Country-4JS
Server-Int
V-Age
X-Oneagent-Js-Injection
Is-Eu
Locale
X-Cache-Tags
X-Urbn-Site-Id
X-Req
Platform
Heartbleed
X-Urbn-Context-Path
X-GeoIP-City
X-TA-CDN-Provider
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
ServerName
X-Generation-Time
AKAMAI
Wxu-Next-Hostname
X-TT-LOGID
X-Gamma-Serve
Wxu-Next-Commit
FNAC-ModuleRouting
X-Old-Content-Length
X-Cms-Context
X-NU-AKA-ACS-Version
Adler-Geo
X-Nginx-Cache
X-Internal-Host
X-Up
X-Platform-Server
X-Variation
Wxu-Next-Region
Filterid
X-Level-Front-Cache
Server-Host
X-Is-Gdpr
X-SERVER
X-Reboot
X-S-Maxage
X-Service
X-Generated-On
X-ServiceProvider
X-Matched-Rule
X-Lb-Id
X-Location
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
PFcat
X-Has-Esi
X-Response-By
X-Trafficlayer-App-Version
X-Core-Value
Thinkindot-Control
X-JWT-State
X-Air-Hostname
Cache-Hits
RequestId
X-B3-Parentspanid
X-Refresh
X-Var-Ttl
X-Cache-Expired-At
Pragrma
Group
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-TOKEN
X-NC
X-Tec-Api-Root
X-Tec-Api-Version
Memory
X-Tec-Api-Origin
S-Cnection
ProcessTime
X-B3-SpanId
X-Ua
X-CF-Powered-By
Powered-By-ChinaCache
X-Wa
X-Pjax-Url
X-Cdn-Forward
X-BACKEND-TTL
X-Server-IP
Origin
User-Agent
X-CSRF-Token
X-Correlation-ID
SRV
X-Sucuri-ID
Media-Length
X-Varnish-Cacheable
TTL
Geoip-Latitude
X-Cdn-Request-ID
X-Pf-Uncompressing
X-NWS-UUID-VERIFY
Geoip-City
PICS-Label
X-NGINX-Cache
X-Vcl-Version
X-Via-CDN
GeoIp-Country-Code
X-COUNTRY
X-Sucuri-Id
X-Unique-ID
Dnion-Transfer-Encoding
X-Developer
X-Servedbyhost
X-Device-Os
X-Litespeed-Cache
SN
X-LAGOON
X-Ocache
X-Node-Id
X-Webkit-CSP
M-TraceId
X-AIR-PT
X-Via-Ucdn
X-Rocket-Nginx-Bypass
Esi-Enabled
X-Cdn-Origin
On-Server
X-Reqid
X-Cache-Grace
X-Sn-Servicetimems
X-Varnish-Ttl
X-TIME
XServer
X-Planisys-CDN-Cache
X-HS-Status
X-Request-Host
X-Policy
A
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-MSEdge-Flight
X-MSEdge-Features
X-FORWARDED-FOR
Cloudfront-Viewer-Country
Hostname
X-Azure-Ref-OriginShield
Cdn
X-Request-Start
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
HostName
Resin-Trace
X-Beluga-Status
Rt-Proxy-Cache
X-Cache-Ttl
X-Beluga-Response-Time
X-Cache-Status-Check
X-Fastly-Country-Code
X-Beluga-Trace
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Record
Who
X-VHOST
X-Ftr-Cache-Host
X-ServedByHost
CF-Cached-On
X-Ratelimit-Remaining
X-VCL-Version
Magicmarker
X-Varnish-URL
X-Method
GeoIP-Country-Code
X-DC
NtCoent-Length
GeoIP-Latitude
X-LiteSpeed-Cache-Control
Pics-Label
X-APP
Host-ID
Ttl
X-Oracle-Dms-Rid
X-Dynatrace-Js-Agent
MIME-Version
Tcn
X-Slack-Backend
X-Varnish-Url
X-Fastly-Backend-Reqs
GeoIP-City
X-Zone
Cteonnt-Length
X-Bc
X-SRV
Load-Balancing
X-DSS
X-DI
X-DW
X-RPM
X-Svr
X-Newrelic-App-Data
X-RSL
X-RPS
X-DB
X-VarnishDD-TTL
X-Action
Ohc-Response-Time
X-PF-Uncompressing
X-Be
X-Dispatch
X-Ratelimit-Limit
Pramga
DSUID
Arc-Country
X-Swift-Error
Vix-Hermes-Req-Id
X-PJAX-URL
Amp-Access-Control-Allow-Source-Origin
X-PAYTM-SRV-ID
X-Ftr-Request-Id
X-Cache-FS-Status
X-Server-Time
X-Skip-Cache
X-Processor
WebServer
X-VCT
CACHE
X-MServer
Release
X-ND-Cache
X-Hp-Ccpa-Warning
X-Dynatrace
Processtime
X-Hello
X-Flog
X-BE
X-Tid
X-FPC
X-DevSite-Last-Modified
Fastly-Drupal-HTML
X-ABtesting
Servername
X-WR-MODIFICATION
X-Served-From
X-Configured-By
X-ID
X-Aicache-OS
N-Cache
X-HostName
Cdn-Request-Time
X-Edge-Server
Cache-Provider
Cdn-Host
X-Frame-Option
X-Amzn-Remapped-Date
X-WA
X-StackifyID
SD-X-WS
X-Amzn-Remapped-Connection
CF-IPCountry
X-Branch-Name
CDN
X-LB-ID
X-Snapshot-Date
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Realm
Pagetype
X-Fastly-Cache-Hits
Lfy
X-Upstream-Ht
X-Upstream-Ct
Requestid
Dynatrace
X-Ftr-Backend
X-SD-PageType
X-Ftr-Backend-Server
X-CACHE-AGE
X-Apw-Access-Object
X-Backend-Host
X-VC
X-Apw-Hits
X-Varnish-Beresp-TTL
X-Bc-Bl
L
X-Edge-IP
Proxy-Firewall
X-Compress-Hint
X-Apw-Access-Action
X-ZONE
X-Apw-Access-Token
X-Cc-Via
D-Cc-Upstream
X-Cc-Req-Id
Warning
X-Request-Url
X-SN
X-SB
V-Cache
X-Cache-Id
X-WPE-Loopback-Upstream-Addr
X-Release
WZWS-RAY
X-Check-Cacheable
X-Fpc
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Via-NSCOPI
X-Request-URL
X-App
X-Powered-Y
WP-Super-Cache
X-Fastly-Cache-Status
Correlation-Id
Backend-Name
X-Worker
Lb
X-BC
X-ElasticPress-Search
X-ServerName