Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Ws-Request-Id
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-OneAgent-JS-Injection
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
Allow
X-Country-Code
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
X-ESI
Accept-Ch-Lifetime
Verso
X-FTR-Request-ID
X-TTL
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
Edge-Cache-Tag
AR-ATIME
RTSS
AR-CACHE
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
Charset
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Powered-CMS
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Vcache
Pagespeed
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
X-TEC-API-VERSION
Display
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Navigation-Version
X-Vcap-Request-Id
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-Trace
X-SRCache-Store-Status
TCN
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
S
MS-Author-Via
X-DynaTrace-JS-Agent
X-Upstream
X-Shard
X-Id
SPIisLatency
SPRequestDuration
X-Hp-Webp
Nginx-Cache
X-Ezoic-Cdn
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Content-Type
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
X-Grace
Nel
X-Amzn-Trace-Id
DynaTrace
X-Recruiting
Front-End-Https
X-Aspnet-Version
X-Hits
Fastcgi-Cache
X-Varnish-Age
ServerID
X-DIS-Request-ID
X-Edge-O15-RID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Content-Digest
Powered
X-Frontend
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-Cache-TTL
Server-Name
Alternate-Protocol
Server-Node
TP-L2-Cache
TP-Cache
X-Logged-In
X-Jurisdiction
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-Correlation-Id
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-XRDS-Location
X-Request-Handler-Origin-Region
Upgrade-Insecure-Requests
X-ATS-Timestamp
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Server-ID
X-Content-Options
Refresh
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Revision
X-Rid
X-Cache-Hit
X-F-Cache
X-Akamai-Edgescape
X-User-Agent
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Type
X-Ruxit-Js-Agent
X-Shield-Request-Id
X-Varnish-Grace
X-Webapp-Samesite-None-Activated-N
X-XRDS-LOCATION
Fastly-Restarts
X-Zen-Fury
X-Geo-Country
X-Content-Powered-By
X-B3-Sampled
X-URL
X-AppVersion
X-B
X-LB-Cache
X-Activity-Id
X-Az
X-Pad
X-CST
X-Analytics
X-RateLimit-Remaining
X-N
X-Ttl
X-Kinsta-Cache
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Webkit-Csp
Cache-Status
X-Cache-Age
X-TT
X-FTR-Cache-Host
X-WebKit-CSP-Report-Only
X-Debug-Info
X-AOL-HN
X-Oneagent-Js-Injection
X-B-Cache
X-Framework
X-Signature
X-Instance
X-Jobs
X-Tumblr-Pixel
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-User
X-Time
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-App-Environment
DC
X-FB-Debug
X-Request-Guid
X-Cache-Action
X-PHP-Backend
X-Load-Cache
Surrogate-Key
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Git-Hash
X-Cached-By
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-IPLB-Instance
Host-Header
X-Tt-Trace-Host
X-Contextid
Fastcgi-Useragent
MS-CV
FilterID
X-SS-Set-Cookie
X-ATG-Version
X-Cluster
X-VCache
NGB
X-Response-Served-From
Tracecode
X-Accel-Buffering
X-WA-Info
WPE-Backend
X-Srv
Frame-Options
X-Cache-NE
X-Varnish-Server
Payment
X-Mobile
Host
Eomportal-Instance
X-Region
X-Cache-2
Xserver
X-Host-Name
X-Cache-Rule
X-Cache-Operation
X-Varnish-Hostname
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Hash
X-IPS-LoggedIn
X-GeoIP
X-RequestSource
X-Adobe-Content
X-Adobe-Loc
Filters
Cache-Tv-Group
X-TX-ID
Source
X-Cacheable-TTL
X-Cache-Enabled
X-Cache-Key
X-NewRelic-App-Data
X-Rendered-As
X-Is-Bot
X-EdgeConnect-Cache-Status
X-Via-JSL
Cleartype
X-Origin-Response-Time
X-ORACLE-APMCS-REQUEST-ID
X-Hostname
X-ORACLE-APMCS-TAG
X-Cache-TTL-Remaining
X-FastCGI-Cache
X-Seen-By
Cache
Retry-After
X-Presslabs-Stats
X-B3-Traceid
X-Cache-Control
X-ProcessESI
Server-Info
X-RemovedCookies
Datacenter
Healthy
X-CACHE-KEY
X-Dc
X-RTag
Ms-Operation-Id
X-UA
X-PressLabs-Stats
X-HTML-Minification-Powered-By
X-RateLimit-Limit
X-NWS-LOG-UUID
Liferay-Portal
X-Source
X-Environment-Context
From-Origin
X-Cache-Server
X-L-Path
X-Endurance-Cache-Level
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Upgrade-Enabled
X-FireWall-Port
X-Rule
X-Status
Version
X-Handled-By
Meta-Geo
X-Path-Route
X-RN-RSRV
X-Wix-Request-Id
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-App-Server
X-Tb
X-Section
X-Access
X-Format
X-Timing-Wait
X-Request-Time
X-Proxy-Build
Selected-Fe
X-Sorting-Hat-ShopId
X-Storage
Azure-InstanceId
X-PCL
Azure-SiteName
OT-Force-Account-Verify
Azure-RegionName
X-ProxyCache-Key
Cache-Tags
X-Alternate-Cache-Key
X-ShopId
Mn-Server-Ip
X-Akamai-Request-ID
Akamai-GRN
Azure-Version
X-ProxyCache-Status
X-BYPASS-REASON
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OCL
X-ShardId
X-Human
X-Content-Age
Accept-CH
X-Backend-Name
X-EIG-Tracking-Id
X-Shopify-Stage
X-Sorting-Hat-PodId
Azure-SlotName
X-Shopify-Generated-Cart-Token
Origin-Edge-Control
X-Redis-Cache
X-Generated-By
Now
X-Hl-Ver
X-RCS-CacheZone
Origin-Cache-Control
Node
X-Hyper-Cache
X-Web-Node
X-MP-GENERATED-AT
X-Vgn-Hpd-Reason
X-SaId
X-VWS-Id
DB-Nickname
Decoy-Debug-Key
Property-Id
X-NYM-Debug-Backend
X-JoinUs
X-LJ-Flow-ID
Decoy-Debug-Status
NGX
TWC-GeoIP-LatLong
X-Cache-Host
X-Qloud-Router
X-Proxy
X-Soup
X-Akamai-Request-ID2
X-Cache-Config
X-Proto
X-Origin-Hint
X-Pubstack
X-AWS-Id
X-Viewer-Country
X-Time-Microsecs
X-Proxy-Cache-Status
TWC-GeoIP-Country
X-Debug-Cache
TWC-Device-Class
TWC-Connection-Speed
X-ServerID
TWC-Locale-Group
TWC-Privacy
X-Cluster-Node
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-UUID
Decoy-Debug-TTL
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-FW-Dynamic
X-FC-Vary-Parameters
X-BCube-Filmed-By
X-Generated
X-CCM
X-Hosted-By
X-Www-Served-By
X-Xfnlog-Site
X-Site-Version
X-SayCDN-TTL
X-Say-Cacheable
X-Say-TTL
S-Rt
X-Varnish-Hits
Cross-Origin-Window-Policy
X-Locale
L5d-Success-Class
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-Amzn-Remapped-Content-Length
Ec-Rule-Version
X-APP-VERSION
X-Loop
X-TNCMS
Srv
X-IP
Cache-Name
X-Detected-As
Accept-Charset
X-CS
X-Akamai-Transformed
Viewport
Uber-Trace-Id
GEO-INFO
X-NCache
X-Drupal-Cache-Tags
X-Esi
Webserver
Accept-CH-Lifetime
VIX-Pulpo-Upstream-Status
Time
X-UA-Device-Type
VIX-Pulpo-Node
X-From
X-Cache-Remote
Cache-Key
Mime-Version
X-Unique-Id
X-Drupal-Cache-Contexts
X-Origin-CC
X-Cluster-Name
X-TT-TIMESTAMP
X-Origin-TTL
X-Edge-Location
Accept-Language
X-Backend-TTL
Country
X-Mode
X-CDN-Forward
Odigeo-Trace-Id
X-Forwarded-Host
X-Microcachable
Rt-Fastcgi-Cache
X-EC-Lua
X-UnsetCookies
X-Info
X-CLOUD-TRACE-CONTEXT
X-B3-Spanid
X-Newrelic-Synthetics
X-Geo
X-Whom
X-Varnish-Cache-Hits
X-Magnolia-Registration
X-ApacheServer
X-PERF
Proxy-Connection
Content-Disposition
X-No-Session
Ohc-File-Size
Ohc-Cache-HIT
ServedBy
X-UPSTREAM-Address
Geo-Info
X-NGENIX-Cache
X-App-Version
X-PHP-Host
X-Zipkin-Id
X-Device-Type
Cf-Ipcountry
X-Routing-Service
X-Labrador-Cache-Channel
X-Proxied
X-A-Wwc
X-Sigma-Backend
X-Accel-Expires-Debug
X-D
X-Twitter-Response-Tags
X-Connection-Hash
X-Date
X-Aed
GEO-REGION-INFO
X-SRCache-Key
X-Application
BehaviorPad-Version
AsisCache
Fastcgi-X-Cache-Version
X-B-Cookie
X-ARC
Content-Style-Type
Content-Script-Type
X-Region-Sid
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Rojux
X-Transaction
X-Trv-Group
X-CF-Lambda-Fn
X-Via-Fastly
X-Rewrite-Enabled
Apple-News-Services-Host
Apple-News-Services-Handled
X-Rocket-Build-Number
X-CF-Lambda-Version
X-A-Dgt
X-A-Dam
X-A-Ccd
X-A
X-Geo-Header
MD5-Digest
Xc-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-External-Request-Id
X-A-Dcw
Meta-Geo-Continent
X-GeoIP-Country-Code
Viewtype
X-S-Cookie
X-ScT
T-Server
VivaBuild
X-S
Mobile-Detection-Method
Rendered-Blocks
W
X-DPWN-IS-SECURE
X-G
X-Sigma
Machine
X-Session-Fingerprint
X-Destination
X-VG-WebServer
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebCache
X-C
X-Uri
User-Cache-Control
X-Cache-Time
Server-Cache-Control
X-Logging-Id
Server-Surrogate-Control
X-Sucuri-Cache
X-Cache-Debug
X-Thanos
X-Hit
X-Auto-Login
Environment
X-App-Name
X-Bip
Powered-By
X-Developers
HA-Ipaddr
X-SIPLIST1
X-VC-Cache
Fastly-Soc-X-Request-Id
X-Cache-ASPX
X-Varnish-Authentication
Locid
X-Eu-Site
X-Agile
X-Agile-Age
X-WebServer
X-Real-IP
Gh-Request-Id
X-Epic-Correlation-Id
X-Contensis-Viewer-Groups
X-Request-UUID
Ha-Gx-Prefs
X-TrackingId
X-CGP
X-Nc
X-Distil-CS
X-Agile-Id
CDCHOST
IsBot
X-Tumblr-Pixel-3
X-Render-Time
X-Wikidot-Static-Cache
X-CUA
X-Wikidot-Backend
HitType
Access-Control-Request-Headers
True-Client-Country-4JS
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-AK-Request-ID
Web-Mar-Node
We-Hiring
V-Age
X-Request-URI
X-Hnp-Log
X-Origin-Expires
X-IN-APIGATEWAY
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Hash
X-GeoIP-City
X-Gamma-Serve
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-IN-APIGATEWAYSSL
X-RateLimit-Limit-Second
X-Ms-Request-Id
X-Proxy-Upstream
X-Owner
X-Ms-Version
X-Nginx-Cache-Key
X-Micro-Cache
X-Req
X-Origin-Date
X-Instart-Isnd
X-OVcl-Cache
X-Irp-Debug
X-Fastly-Cache
X-Distributor
X-Cdn-Srv
X-Cache-URL
X-Clara-WADP
X-Clientip
X-Cms-Context
X-Cache-Info
X-Cache-Bucket
X-Backend-State
X-BBXSRF
X-Block-Status
X-Cache-Backend
X-NX-Host
X-Core-Mission
X-Debug-Log
X-Dispatcher-Server
X-NodeID
X-Rebelmouse-Surrogate-Control
X-Debug-Cookies
Server-Int
X-OVcl
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Azure-Ref
Cdncip
Locale
Kp-EeAlive
Country-Code
Mail-Subject
Cdnsip
X-SVT-ORM-RULES
X-Daa-Tunnel
Cache-Host
X-TT-LOGID
Heartbleed
Fastly-SWR
Fastly-SIE
Countrycode
X-WADP-Cache
FNAC-ModuleRouting
X-Webstats-RespID
X-We-Are-Hiring
Server-ID
AKAMAI
X-Trace-Id
X-Urbn-Context-Path
RNT-Time
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Fastly-SSL
X-Varnish-Beresp-Ttl
X-User
X-Swa-Ws
RNT-Machine
Request-Country
X-SVT-ORM-VERSION
X-Urbn-Site-Id
Request-EU
X-GoCache-CacheStatus
X-Variation
X-Platform-Server
X-Up
X-FW-Version
X-LI-Proto
X-Li-Pop
X-Li-Fabric
X-LI-UUID
X-Location
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-Matched-Rule
X-Level-Front-Cache
X-Key
X-Generated-On
X-Server-W
X-Fetched-On
X-Nginx-Cache
X-Has-Esi
X-JWT-State
X-Is-Gdpr
X-Internal-Host
X-VServer
X-Core-Value
X-ServiceProvider
PFcat
Is-Eu
IBM-Web2-Location
Fastly-Backend-Name
X-Service
Platform
Section-Io-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Adler-Geo
Memcached
X-Trafficlayer-App-Version
X-Cache-Tags
X-Thinkindot-L3
Server-Host
X-TH-Server
ServerName
X-B3-Parentspanid
X-Refresh
X-SERVER
X-Reboot
Cache-Hits
X-S-Maxage
X-Lb-Id
X-TA-CDN-Provider
RequestId
X-Response-By
X-Servername
X-CSRF-TOKEN
X-B3-SpanId
X-CF-Powered-By
Filterid
X-Cdn-Forward
ProcessTime
X-Air-Hostname
X-Server-IP
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Parent-Response-Time
Group
X-BACKEND-TTL
X-Cache-Expired-At
Pragrma
X-Wa
X-Var-Ttl
X-Pjax-Url
X-Unique-ID
User-Agent
X-NC
Media-Length
Origin
X-Cdn-Request-ID
X-Sucuri-Id
Memory
S-Cnection
X-CSRF-Token
Powered-By-ChinaCache
TTL
X-Ua
SRV
X-Correlation-ID
X-Vcl-Version
Geoip-Latitude
X-Pf-Uncompressing
X-COUNTRY
GeoIp-Country-Code
X-NGINX-Cache
PICS-Label
X-Varnish-Cacheable
X-Servedbyhost
Esi-Enabled
X-Rocket-Nginx-Bypass
SN
X-Reqid
X-AIR-PT
X-Sucuri-ID
X-Policy
X-Via-CDN
X-Webkit-CSP
X-Planisys-CDN-TTL
Geoip-City
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Litespeed-Cache
X-NWS-UUID-VERIFY
X-Developer
X-Request-Start
X-Via-Ucdn
X-Azure-Ref-OriginShield
X-HS-Status
M-TraceId
HostName
X-Ftr-Cache-Host
XServer
X-TIME
X-Ocache
X-Sn-Servicetimems
X-LAGOON
X-Cdn-Origin
Rt-Proxy-Cache
Dnion-Transfer-Encoding
X-Cache-Grace
X-Device-Os
X-FORWARDED-FOR
Tcn
X-Fastly-Country-Code
On-Server
X-Node-Id
X-MSEdge-Flight
X-Request-Host
Cdn
X-Ftr-Request-Id
Resin-Trace
X-Method
Who
A
X-Cache-Ttl
Magicmarker
X-MSEdge-Features
X-VHOST
CF-Cached-On
X-ServedByHost
Pics-Label
Cloudfront-Viewer-Country
X-Cache-Status-Check
Load-Balancing
X-Beluga-Record
Hostname
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
Ohc-Response-Time
DSUID
X-Bc
X-VCL-Version
X-Svr
X-Zone
NtCoent-Length
GeoIP-Country-Code
X-APP
X-Be
Release
X-Oracle-Dms-Rid
X-MServer
X-VCT
MIME-Version
Cteonnt-Length
GeoIP-Latitude
X-Fastly-Backend-Reqs
Vix-Hermes-Req-Id
X-Varnish-Url
X-VarnishDD-TTL
Ttl
Host-ID
X-Varnish-URL
X-Varnish-Ttl
X-Hp-Ccpa-Warning
X-DC
X-LiteSpeed-Cache-Control
X-Newrelic-App-Data
X-PF-Uncompressing
GeoIP-City
X-PJAX-URL
WebServer
X-Slack-Backend
X-SRV
X-Ftr-Balancer
X-Ftr-Dc
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Realm
Amp-Access-Control-Allow-Source-Origin
X-Configured-By
X-HostName
CACHE
X-Dynatrace
X-Aicache-OS
X-Upstream-Ct
X-Swift-Error
X-BE
X-Action
X-Upstream-Ht
X-Ratelimit-Remaining
SD-X-WS
Processtime
X-SD-PageType
X-Dynatrace-Js-Agent
Servername
X-WR-MODIFICATION
Pramga
L
X-SN
X-Cache-FS-Status
X-Compress-Hint
X-Cache-Id
X-PAYTM-SRV-ID
X-Server-Time
Cache-Provider
X-Dispatch
X-RPM
Arc-Country
X-Skip-Cache
X-DSS
X-Processor
X-DI
X-DB
X-Tid
X-ID
X-DW
X-RSL
X-RPS
X-Frame-Option
X-DevSite-Last-Modified
X-StackifyID
X-ABtesting
Fastly-Drupal-HTML
X-FPC
X-Fastly-Cache-Hits
Pagetype
X-Flog
X-Release
Dynatrace
X-Via-NSCOPI
X-ServerName
X-Ratelimit-Limit
CF-IPCountry
X-ND-Cache
Lfy
X-Snapshot-Date
X-Hello
X-Branch-Name
Requestid
X-LB-ID
CDN
X-CACHE-AGE
X-Varnish-Beresp-TTL
X-Cc-Via
X-Cc-Req-Id
X-Scheme
LB
V-Cache
X-Request-Url
X-Served-From
X-Apw-Hits
X-Edge-IP
Proxy-Firewall
D-Cc-Upstream
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-SB
X-VC
Warning
X-ZONE
X-Bc-Bl
X-Fpc
Cdn-Request-Time
N-Cache
X-Edge-Server
Cdn-Host
X-WA
Backend-Name
Cache-Cookie-Set-From
Lb
Correlation-Id
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Node-ID
UCS
X-App
X-BC
X-Request-URL
X-Check-Cacheable
X-Powered-Y
X-ElasticPress-Search
X-Worker
WP-Super-Cache
X-Fastly-Cache-Status