Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
P3p
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
Content-Location
X-Response-Time
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Dispatcher
X-Cloud-Trace-Context
X-Origin-Upstream-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HW
X-Application-Context
X-DataDome
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-DynaTrace
X-Varnish-TTL
Accept-Ch
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-TTL
X-FTR-Request-ID
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
Edge-Cache-Tag
RTSS
X-Px
AR-PoweredBy
AR-ATIME
AR-CACHE
Ar-Sid
AR-Request-ID
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
X-Server-Name
SPRequestGuid
X-Vcache
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Navigation-Version
Response
X-Middleton-Response
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Client-IP
S
X-Fastly-Request-ID
X-Upstream
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
SPRequestDuration
X-Id
SPIisLatency
X-Hp-Webp
X-Ezoic-Cdn
X-Forwarded-For
DynaTrace
Nginx-Cache
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Content-Type
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Recruiting
Front-End-Https
X-Grace
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
NR-ENABLED
X-Element-Page-Cache
X-Content-Digest
X-Edge-O15-RID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Generation
X-GUploader-UploadID
X-Frontend
Powered
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
Server-Name
Nel
Alternate-Protocol
X-FTR-Backend
X-FTR-Backend-Server
X-Logged-In
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-Cache-TTL
TP-Cache
TP-L2-Cache
Server-Node
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-Request-Processing-Time
X-Webkit-Csp
X-Request-Received
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Jurisdiction
X-Webapp-Samesite-None-Activated-N
Upgrade-Insecure-Requests
Refresh
X-Origin-Server
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Revision
X-Rid
X-Akamai-Edgescape
X-User-Agent
X-Varnish-Grace
Backend-Timing
X-ATS-Timestamp
X-Amz-Apigw-Id
X-Cache-Hit
X-F-Cache
X-Amzn-RequestId
X-Server-ID
X-Type
X-XRDS-Location
Fastly-Restarts
X-Pad
X-Content-Powered-By
X-Geo-Country
X-Zen-Fury
X-Az
X-LB-Cache
X-B3-Sampled
X-AppVersion
X-Activity-Id
X-B
X-N
X-Analytics
X-URL
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-PID
PB-RID
X-TT
X-WebKit-CSP-Report-Only
Arc-Version
X-Mobile-Rewrite
X-Cache-Age
X-AOL-HN
X-Tumblr-Pixel-0
X-Instance
X-App-Environment
X-Request-Guid
X-Jobs
X-Tumblr-User
X-Tumblr-Pixel
Actual-Object-TTL
X-Ruxit-Js-Agent
X-CST
Paypal-Debug-Id
X-Framework
DC
X-B-Cache
Cache-Status
Access-Control-Allow-Method
X-Signature
X-Debug-Info
X-PHP-Backend
X-FB-Debug
X-Load-Cache
X-Cache-Action
X-Varnish-Backend
Surrogate-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Git-Hash
Fastcgi-Useragent
X-Time
Host-Header
X-Ttl
X-Cached-By
X-Tt-Trace-Tag
X-FastCGI-Cache
X-IPLB-Instance
FilterID
X-Contextid
MS-CV
X-Amz-Replication-Status
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-ATG-Version
X-Srv
Tracecode
Frame-Options
X-Accel-Buffering
X-Response-Served-From
NGB
X-Cache-Key
WPE-Backend
X-Varnish-Server
Payment
Eomportal-Instance
X-WA-Info
Xserver
Source
X-GeoIP
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Cacheable-TTL
X-Cache-Enabled
Filters
X-Adobe-Content
X-Adobe-Loc
Host
X-Cache-NE
X-Region
X-RequestSource
X-Cache-2
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Server
Cache-Tv-Group
X-Tumblr-Pixel-1
X-TX-ID
X-Rendered-As
X-Host-Name
X-Is-Bot
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-Seen-By
X-Oneagent-Js-Injection
X-Cache-Operation
X-Cache-Rule
X-NewRelic-App-Data
X-Hostname
X-EdgeConnect-Cache-Status
X-Via-JSL
Cache
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Healthy
X-Presslabs-Stats
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Cache-Control
X-VCache
Datacenter
X-HTML-Minification-Powered-By
X-Dc
Retry-After
X-UA
Server-Info
X-ProcessESI
X-RemovedCookies
X-RTag
Ms-Operation-Id
X-B3-Traceid
Accept-CH
X-CACHE-KEY
X-Rule
X-Cache-Server
X-NWS-LOG-UUID
Liferay-Portal
X-RateLimit-Limit
X-PressLabs-Stats
X-Status
X-L-Path
X-FireWall-Port
Version
X-Environment-Context
From-Origin
X-Wix-Request-Id
X-Source
X-Upgrade-Enabled
X-CLOUD-TRACE-CONTEXT
X-Endurance-Cache-Level
X-RN-RSRV
X-Cache-Var-Map
X-Handled-By
Meta-Geo
X-Path-Route
X-Cache-Var
X-ES-SERVER
X-Timing-Wait
OT-Force-Account-Verify
Selected-Fe
X-Proxy-Build
X-UUID
X-ShardId
X-Storage
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Accept-CH-Lifetime
X-Content-Age
X-EIG-Tracking-Id
X-Hyper-Cache
X-Backend-Name
X-Tb
X-Shopify-Generated-Cart-Token
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
Origin-Cache-Control
Now
NGX
Node
Origin-Edge-Control
X-Proxy
S-Rt
X-BYPASS-REASON
X-PCL
X-Debug-Cache
X-Akamai-Request-ID2
X-Cache-Config
X-Cache-Host
Decoy-Debug-TTL
X-JoinUs
X-FC-Vary-Parameters
X-Generated-By
X-Hl-Ver
X-Human
X-Hosted-By
DB-Nickname
X-OCL
Ec-Rule-Version
X-Section
Decoy-Debug-Status
X-Yottaa-Optimizations
X-Origin
Decoy-Debug-Key
X-Yottaa-Metrics
Property-Id
X-VWS-Id
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-Viewer-Country
X-Soup
Webcakes-App-Name
X-FW-Dynamic
TWC-Locale-Group
TWC-Privacy
X-ProxyCache-Key
X-Web-Node
Akamai-GRN
X-AWS-Id
X-Akamai-Request-ID
Webcakes-Region
Webcakes-App-Version
X-Request-Time
Azure-SiteName
X-Access
Azure-InstanceId
X-Format
Azure-RegionName
X-Origin-Hint
X-Qloud-Router
TWC-Connection-Speed
X-ServerID
Azure-SlotName
Azure-Version
Cache-Tags
X-Redis-Cache
X-SaId
X-LJ-Flow-ID
TWC-GeoIP-LatLong
X-ProxyCache-Status
X-Pubstack
TWC-GeoIP-Country
TWC-Device-Class
Mn-Server-Ip
X-CCM
X-Cluster-Node
X-Say-TTL
X-BCube-Filmed-By
X-RCS-CacheZone
X-Say-Cacheable
X-NYM-Debug-Backend
X-Generated
X-Locale
X-Site-Version
X-Proxy-Cache-Status
X-IP
X-Www-Served-By
X-Xfnlog-Site
X-App-Server
X-SayCDN-TTL
X-Varnish-Hits
X-MP-GENERATED-AT
X-Detected-As
Cross-Origin-Window-Policy
X-TNCMS
X-Loop
X-FB-TRIP-ID
L5d-Success-Class
X-APP-VERSION
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
Cache-Name
GEO-INFO
Viewport
X-CS
Uber-Trace-Id
Accept-Charset
Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Akamai-Transformed
X-NCache
X-Unique-Id
X-Drupal-Cache-Tags
Webserver
X-Cache-Remote
X-From
X-UA-Device-Type
X-Esi
Srv
X-Edge-Location
X-Cluster-Name
X-TT-TIMESTAMP
X-Drupal-Cache-Contexts
Mime-Version
Cache-Key
X-Backend-TTL
X-Origin-CC
X-Origin-TTL
Country
X-CDN-Forward
Accept-Language
X-EC-Lua
X-Mode
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-B3-Spanid
X-Microcachable
Rt-Fastcgi-Cache
Ohc-File-Size
Ohc-Cache-HIT
X-Info
X-Forwarded-Host
X-Geo
X-No-Session
Proxy-Connection
X-Magnolia-Registration
X-Whom
X-UnsetCookies
X-UPSTREAM-Address
X-Proxied
X-Labrador-Cache-Channel
Content-Disposition
ServedBy
X-Zipkin-Id
X-PHP-Host
X-Routing-Service
X-Varnish-Cache-Hits
X-ApacheServer
X-Real-IP
X-PERF
Fastly-SSL
X-Cache-Time
X-Session-Fingerprint
Machine
BehaviorPad-Version
X-CF-Lambda-Fn
GEO-REGION-INFO
X-CF-Lambda-Version
X-ScT
AsisCache
Rendered-Blocks
X-SRCache-Key
X-Request-UUID
Mobile-Detection-Method
X-Connection-Hash
X-Date
Meta-Geo-Continent
X-Accel-Expires-Debug
X-D
MD5-Digest
X-A-Wwc
X-Region-Sid
X-External-Request-Id
X-A-Dam
X-Rojux
X-S
X-Rewrite-Enabled
X-A-Dcw
Powered-By
X-Transaction
X-A-Dgt
X-S-Cookie
X-App-Version
Content-Style-Type
Content-Script-Type
T-Server
X-Aed
X-Device-Type
X-Vtex-Remote-Cache
X-A
X-DPWN-IS-SECURE
Xc-Version
X-Application
X-B-Cookie
Viewtype
VivaBuild
X-Geo-Header
X-G
X-Trv-Group
X-Vtex-Processado-Em
X-GeoIP-Country-Code
X-Destination
Fastcgi-X-Cache-Version
X-Vdms-Version
X-VG-WebCache
X-A-Ccd
X-Twitter-Response-Tags
X-VG-WebServer
X-ARC
Access-Control-Request-Headers
X-Via-Fastly
User-Cache-Control
Cf-Ipcountry
X-Uri
Gh-Request-Id
X-Logging-Id
X-VC-Cache
Server-Surrogate-Control
X-Cache-ASPX
X-CUA
X-VG-TLSProxy
X-WebServer
X-Bip
W
X-Auto-Login
IsBot
Environment
Server-Cache-Control
X-Varnish-Authentication
X-Rocket-Build-Number
X-Sigma
X-Cache-Backend
X-SIPLIST1
X-Contensis-Viewer-Groups
X-Sigma-Backend
X-Thanos
X-Tumblr-Pixel-3
X-Cache-Debug
X-TrackingId
ServerName
X-C
X-NGENIX-Cache
X-Epic-Correlation-Id
X-Eu-Site
X-Fastly-Cache
X-FW-Version
X-Cache-Info
X-BBXSRF
X-Block-Status
X-Cache-Bucket
X-Gamma-Serve
X-Backend-State
X-AK-Request-ID
X-Agile
X-Agile-Age
X-Agile-Id
X-Cdn-Srv
X-CGP
X-Debug-Cookies
X-Debug-Log
X-Dispatcher-Server
X-Distil-CS
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Clara-WADP
X-Clientip
X-Cms-Context
X-Distributor
X-OVcl
X-Webstats-RespID
X-We-Are-Hiring
X-WADP-Cache
Fastly-Backend-Name
Fastly-Soc-X-Request-Id
Locid
FNAC-ModuleRouting
X-VServer
X-User
X-TH-Server
X-Swa-Ws
X-Trace-Id
X-TT-LOGID
X-Urbn-Site-Id
X-Urbn-Context-Path
RNT-Machine
RNT-Time
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Req
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Nginx-Cache-Key
X-Developers
Wxu-Next-Commit
Server-Int
Wxu-Next-Hostname
Wxu-Next-Region
X-Core-Mission
X-Cache-URL
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Irp-Debug
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Key
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-IN-APIGATEWAY
X-Hnp-Log
X-Generation-Time
X-Generated-In
X-GeoIP-City
X-GoCache-CacheStatus
X-Hit
X-Hash
X-LI-UUID
X-Location
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Owner
X-RateLimit-Remaining-Second
X-Render-Time
X-Sucuri-Cache
X-Request-URI
X-OVcl-Cache
X-App-Name
X-Ms-Version
X-Ms-Request-Id
X-NodeID
X-NX-Host
X-Origin-Expires
X-Origin-Date
X-Gen-Mode
X-Debug-Cache-Expiry
Heartbleed
HA-Ipaddr
Ha-Gx-Prefs
Kp-EeAlive
Locale
Request-Country
Memcached
Mail-Subject
Countrycode
Country-Code
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
AKAMAI
Cache-Host
Cdnsip
Cdncip
CDCHOST
Request-EU
IBM-Web2-Location
True-Client-Country-4JS
V-Age
Server-ID
We-Hiring
Section-Io-Cache
Web-Mar-Node
Geo-Info
X-B3-Parentspanid
X-Generated-On
X-Trafficlayer-App-Version
X-Up
X-Rebelmouse-Surrogate-Control
X-Thinkindot-L3
X-Rebelmouse-Cache-Control
X-ServiceProvider
X-Azure-Ref
Adler-Geo
X-Reboot
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-Platform-Server
X-Level-Front-Cache
X-JWT-State
X-Service
Thinkindot-Control
X-S-Maxage
X-Is-Gdpr
X-Has-Esi
X-Micro-Cache
Thinkindot-CacheControl-Type
X-Core-Value
X-Daa-Tunnel
PFcat
Fastly-SWR
Platform
Fastly-SIE
X-Cache-Tags
Server-Host
Thinkindot-CacheControl
Is-Eu
X-Internal-Host
X-Variation
HitType
X-TA-CDN-Provider
X-Server-W
X-Lb-Id
X-Refresh
Cache-Hits
X-Response-By
RequestId
X-Servername
X-Fetched-On
X-SERVER
X-NC
X-Nc
X-Server-IP
X-Tb-Optimization-Total-Bytes-Saved
X-Nginx-Cache
X-B3-SpanId
ProcessTime
Memory
X-Parent-Response-Time
X-CF-Powered-By
X-Cdn-Forward
Filterid
X-Cdn-Request-ID
X-Tec-Api-Version
SRV
X-Pjax-Url
X-CSRF-Token
Media-Length
X-Tec-Api-Root
X-Tec-Api-Origin
X-CSRF-TOKEN
User-Agent
Origin
X-Wa
X-Air-Hostname
TTL
X-Var-Ttl
X-Cache-Expired-At
Pragrma
Group
X-BACKEND-TTL
X-Pf-Uncompressing
Geoip-Latitude
X-NGINX-Cache
GeoIp-Country-Code
X-Vcl-Version
X-TIME
X-Ua
X-Correlation-ID
X-Unique-ID
X-AIR-PT
Esi-Enabled
Powered-By-ChinaCache
X-Sucuri-Id
X-Reqid
X-Rocket-Nginx-Bypass
S-Cnection
X-Sucuri-ID
PICS-Label
HostName
X-Policy
X-Planisys-CDN-TTL
X-COUNTRY
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Varnish-Cacheable
X-Request-Start
Geoip-City
X-Webkit-CSP
M-TraceId
X-Litespeed-Cache
SN
X-Servedbyhost
X-Azure-Ref-OriginShield
X-HS-Status
Rt-Proxy-Cache
X-Fastly-Country-Code
X-Via-CDN
Dnion-Transfer-Encoding
X-Via-Ucdn
XServer
X-Developer
Magicmarker
X-Method
X-NWS-UUID-VERIFY
Load-Balancing
X-FORWARDED-FOR
X-Cache-Grace
X-Cdn-Origin
X-Ocache
Tcn
X-Node-Id
Resin-Trace
X-Device-Os
X-ServedByHost
X-LAGOON
X-Sn-Servicetimems
X-Cache-Ttl
Ohc-Response-Time
On-Server
DSUID
Who
X-Ftr-Cache-Host
Release
X-VHOST
Cdn
X-Svr
NtCoent-Length
X-Be
A
X-MServer
X-MSEdge-Flight
X-VCT
CF-Cached-On
X-Request-Host
X-MSEdge-Features
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Hp-Ccpa-Warning
Pics-Label
Vix-Hermes-Req-Id
X-APP
Cloudfront-Viewer-Country
X-Bc
X-Zone
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
X-VCL-Version
X-Cache-Status-Check
X-Beluga-Cache-Status
X-Beluga-Trace
X-Varnish-Url
X-Beluga-Node
X-Beluga-Record
X-Beluga-Status
X-Beluga-Response-Time
X-Ratelimit-Remaining
Cteonnt-Length
GeoIP-Country-Code
X-Oracle-Dms-Rid
MIME-Version
Ttl
X-VarnishDD-TTL
X-Configured-By
GeoIP-Latitude
X-DC
X-SD-PageType
X-PF-Uncompressing
Host-ID
X-Newrelic-App-Data
X-Varnish-URL
Hostname
X-Varnish-Ttl
SD-X-WS
GeoIP-City
X-WR-MODIFICATION
X-PJAX-URL
X-Ftr-Request-Id
X-Upstream-Ct
X-SRV
X-Compress-Hint
WebServer
X-SN
X-Tid
X-Cache-Id
X-Upstream-Ht
X-HostName
X-Dynatrace
X-Ratelimit-Limit
X-Release
L
X-BE
X-Via-NSCOPI
Processtime
X-Slack-Backend
X-Aicache-OS
X-Dynatrace-Js-Agent
CF-IPCountry
Cache-Provider
X-DSS
LB
X-ID
X-DW
X-DB
X-Action
X-DI
X-Scheme
X-RSL
X-RPS
CACHE
X-Swift-Error
X-RPM
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
X-Ftr-Dc
Dynatrace
Servername
Pagetype
X-Ftr-Backend-Server
X-PAYTM-SRV-ID
X-Ftr-Realm
X-ServerName
X-Ftr-Backend
X-Server-Time
X-Skip-Cache
X-StackifyID
X-Processor
X-FPC
X-Branch-Name
X-LB-ID
X-Snapshot-Date
CDN
X-Ftr-Balancer
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Arc-Country
Pramga
UCS
Lfy
X-Dispatch
Requestid
Cache-Cookie-Set-Lfrom
X-Cache-FS-Status
X-Fastly-Cache-Hits
X-CACHE-AGE
X-Node-ID
X-ZONE
X-Cc-Via
X-Cc-Req-Id
X-Apw-Hits
X-Apw-Access-Token
Proxy-Firewall
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-Apw-Access-Object
D-Cc-Upstream
X-Edge-IP
X-Hello
X-VC
X-SB
V-Cache
X-DevSite-Last-Modified
X-ABtesting
Fastly-Drupal-HTML
Warning
X-ND-Cache
X-Flog
NnCoection
Lb
X-Fastly-Cache-Status
X-BC
X-ElasticPress-Search
X-Check-Cacheable
WZWS-RAY
X-Request-URL
X-Powered-Y
WP-Super-Cache
X-Request-Url
Correlation-Id
X-App
X-Litespeed-Cache-Control
X-Worker
Backend-Name