Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Ws-Request-Id
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
X-ORACLE-DMS-RID
X-Cache-Lookup
X-Mod-Pagespeed
NEL
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Accept-Ch
Allow
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
X-TTL
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
Edge-Cache-Tag
RTSS
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
Ar-Sid
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
Charset
SPRequestGuid
X-NF-Request-ID
X-Vcache
X-Amz-Server-Side-Encryption
X-MSEdge-Ref
X-Accel-Expires
X-Cached
X-Powered-CMS
X-Amz-Rid
X-TEC-API-ORIGIN
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Middleton-Display
X-Sol
Pagespeed
Display
Response
X-Middleton-Response
X-Vcap-Request-Id
X-Navigation-Version
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-Fastcgi-Cache
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Fastly-Request-ID
S
X-Upstream
X-Ser
MS-Author-Via
X-DynaTrace-JS-Agent
Nel
X-Shard
X-Id
SPRequestDuration
SPIisLatency
Nginx-Cache
X-Hp-Webp
X-Ezoic-Cdn
X-Forwarded-For
X-Mrf-Item-Lastmod
X-Content-Type
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-T
DynaTrace
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Recruiting
X-Grace
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-Aspnet-Version
ServerID
X-DIS-Request-ID
X-Edge-O15-RID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Element-Page-Cache
X-Node-Name
NR-ENABLED
X-Content-Digest
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Cache-Status
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Country-Code-Real
X-GUploader-UploadID
X-FTR-Expires
Powered
X-Frontend
X-Goog-Storage-Class
Server-Name
X-Cache-TTL
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
Alternate-Protocol
X-Logged-In
TP-L2-Cache
TP-Cache
Server-Node
X-Correlation-Id
X-Jurisdiction
X-XRDS-LOCATION
X-Request-Processing-Time
X-Webkit-Csp
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Page-Id
Refresh
X-Origin-Server
X-Content-Options
X-Shield-Request-Id
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
X-Rid
X-Akamai-Edgescape
X-F-Cache
X-Cache-Hit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Varnish-Grace
X-Server-ID
X-Type
X-Webapp-Samesite-None-Activated-N
Fastly-Restarts
X-XRDS-Location
X-Content-Powered-By
X-Zen-Fury
X-Geo-Country
X-LB-Cache
X-B3-Sampled
X-Activity-Id
X-B
X-AppVersion
X-Az
X-Pad
X-Analytics
X-URL
X-N
X-FTR-Cache-Host
X-Kinsta-Cache
PB-RID
PB-PID
X-CST
Arc-Version
X-RateLimit-Remaining
X-Mobile-Rewrite
X-TT
Cache-Status
X-WebKit-CSP-Report-Only
X-Cache-Age
X-AOL-HN
X-Framework
X-Jobs
DC
X-Request-Guid
X-Ruxit-Js-Agent
X-Signature
Actual-Object-TTL
X-App-Environment
Paypal-Debug-Id
X-Instance
X-B-Cache
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-Debug-Info
X-FB-Debug
X-PHP-Backend
X-Cache-Action
X-Time
X-Load-Cache
X-Varnish-Backend
X-Git-Hash
Surrogate-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Cached-By
X-Tt-Trace-Tag
Host-Header
Fastcgi-Useragent
X-Ttl
X-Contextid
X-IPLB-Instance
X-Amz-Replication-Status
MS-CV
X-Tt-Trace-Host
X-SS-Set-Cookie
X-Cluster
FilterID
X-ATG-Version
Tracecode
X-Srv
X-Response-Served-From
NGB
X-Accel-Buffering
Frame-Options
X-WA-Info
WPE-Backend
X-Cache-Key
Xserver
X-FastCGI-Cache
X-Cache-NE
X-FW-Hash
X-FW-Serve
X-Mobile
Eomportal-Instance
X-Varnish-Server
X-FW-Server
X-FW-Static
Payment
X-Region
X-FW-Type
X-Rendered-As
X-Cache-2
Cache-Tv-Group
X-Adobe-Loc
X-IPS-LoggedIn
X-Kong-Proxy-Latency
Filters
Host
X-Adobe-Content
X-Cache-Enabled
Source
X-Cacheable-TTL
X-Kong-Upstream-Latency
X-B3-Traceid
X-GeoIP
X-RequestSource
X-Host-Name
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Varnish-Hostname
X-Is-Bot
X-NewRelic-App-Data
X-TX-ID
X-Cache-Rule
X-Seen-By
X-Cache-Operation
X-Via-JSL
Cleartype
X-Hostname
X-Oneagent-Js-Injection
X-Origin-Response-Time
X-EdgeConnect-Cache-Status
X-ORACLE-APMCS-REQUEST-ID
X-Cache-TTL-Remaining
X-ORACLE-APMCS-TAG
X-Presslabs-Stats
Cache
Retry-After
Healthy
X-HTML-Minification-Powered-By
X-Cache-Control
X-VCache
Server-Info
Datacenter
X-UA
X-RemovedCookies
X-Dc
X-ProcessESI
Accept-CH
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Ms-Operation-Id
X-RTag
X-NWS-LOG-UUID
X-CACHE-KEY
Liferay-Portal
X-RateLimit-Limit
X-Source
X-FireWall-Port
X-L-Path
X-PressLabs-Stats
X-Cache-Server
X-Environment-Context
X-Rule
X-Endurance-Cache-Level
From-Origin
X-Wix-Request-Id
Version
X-Status
X-Upgrade-Enabled
X-Handled-By
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
Accept-CH-Lifetime
X-Cache-Var
Meta-Geo
X-App-Server
X-Path-Route
Selected-Fe
OT-Force-Account-Verify
X-Timing-Wait
X-Proxy-Build
X-Sorting-Hat-ShopId
Cache-Tags
X-Alternate-Cache-Key
X-Storage
X-Backend-Name
X-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Access
X-Format
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
Akamai-GRN
X-Request-Time
Mn-Server-Ip
X-Section
X-Tb
X-ShardId
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-Content-Age
X-Origin
X-PCL
X-ProxyCache-Key
Now
Node
X-Human
X-Hyper-Cache
S-Rt
Property-Id
Origin-Edge-Control
X-ProxyCache-Status
Origin-Cache-Control
X-OCL
X-Hl-Ver
X-FW-Dynamic
DB-Nickname
X-Cache-Host
X-FC-Vary-Parameters
X-Debug-Cache
Decoy-Debug-Key
Decoy-Debug-Status
X-Hosted-By
X-BYPASS-REASON
Ec-Rule-Version
X-Generated-By
NGX
TWC-Device-Class
X-Soup
X-AWS-Id
X-Time-Microsecs
X-UUID
X-LJ-Flow-ID
X-Origin-Hint
X-Proxy
X-Proxy-Cache-Status
X-Cache-Config
X-SaId
X-Redis-Cache
X-Qloud-Router
X-Pubstack
X-Vgn-Hpd-Reason
X-Akamai-Request-ID2
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Web-Node
X-JoinUs
X-ServerID
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
X-Viewer-Country
X-Cluster-Node
X-VWS-Id
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
Decoy-Debug-TTL
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-IP
X-APP-VERSION
X-Generated
X-Detected-As
X-BCube-Filmed-By
X-CCM
X-Locale
X-Say-TTL
X-Xfnlog-Site
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Www-Served-By
X-Varnish-Hits
X-SayCDN-TTL
X-Site-Version
X-Say-Cacheable
X-RCS-CacheZone
Cross-Origin-Window-Policy
X-FB-TRIP-ID
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
X-R9-Blue-Green-Version
X-Akamai-Transformed
L5d-Success-Class
GEO-INFO
Cache-Name
Accept-Charset
Viewport
X-CS
Uber-Trace-Id
Srv
X-NCache
X-Drupal-Cache-Tags
X-Unique-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UA-Device-Type
X-Esi
X-Cache-Remote
X-From
Webserver
Cache-Key
Time
X-TT-TIMESTAMP
X-Origin-TTL
Mime-Version
X-Origin-CC
X-Cluster-Name
Accept-Language
X-Edge-Location
X-Drupal-Cache-Contexts
X-Backend-TTL
X-CDN-Forward
Country
X-EC-Lua
Odigeo-Trace-Id
X-B3-Spanid
X-Microcachable
Rt-Fastcgi-Cache
X-Mode
X-Info
X-Forwarded-Host
X-Geo
Ohc-Cache-HIT
Ohc-File-Size
X-Newrelic-Synthetics
X-Whom
X-UnsetCookies
X-CLOUD-TRACE-CONTEXT
X-ApacheServer
X-Magnolia-Registration
X-No-Session
X-PERF
Content-Disposition
Proxy-Connection
X-Varnish-Cache-Hits
ServedBy
X-UPSTREAM-Address
X-PHP-Host
X-Labrador-Cache-Channel
X-Real-IP
X-Zipkin-Id
X-Device-Type
X-Proxied
X-Routing-Service
Cf-Ipcountry
X-Date
X-Transaction
X-Request-UUID
X-D
X-CF-Lambda-Version
X-Region-Sid
MD5-Digest
Mobile-Detection-Method
X-Connection-Hash
Meta-Geo-Continent
X-CF-Lambda-Fn
Rendered-Blocks
X-ScT
X-Session-Fingerprint
Machine
X-S-Cookie
X-S
X-Rewrite-Enabled
X-Rojux
X-SRCache-Key
X-Vtex-Remote-Cache
Fastcgi-X-Cache-Version
X-Aed
X-Accel-Expires-Debug
X-Cache-Time
X-Application
X-External-Request-Id
X-Trv-Group
X-GeoIP-Country-Code
X-Geo-Header
X-DPWN-IS-SECURE
Content-Script-Type
Content-Style-Type
X-A-Ccd
X-NGENIX-Cache
X-A
X-G
X-A-Dam
VivaBuild
X-A-Wwc
X-A-Dgt
X-A-Dcw
Viewtype
X-ARC
Xc-Version
X-VG-WebCache
BehaviorPad-Version
X-Vtex-Processado-Em
X-B-Cookie
X-Vdms-Version
X-Twitter-Response-Tags
X-Via-Fastly
X-Destination
X-VG-WebServer
T-Server
X-App-Version
AsisCache
GEO-REGION-INFO
X-Uri
User-Cache-Control
Fastly-SSL
X-C
Locid
X-Logging-Id
IsBot
X-CUA
X-GoCache-CacheStatus
Gh-Request-Id
X-Developers
Fastly-Soc-X-Request-Id
X-Cache-ASPX
X-Rocket-Build-Number
X-Sigma
Apple-News-Services-Handled
Apple-News-Services-Host
X-Bip
X-VG-TLSProxy
Server-Cache-Control
X-Varnish-Authentication
X-WebServer
X-Wikidot-Backend
Server-Surrogate-Control
X-Auto-Login
X-VC-Cache
X-Sigma-Backend
X-Wikidot-Static-Cache
Apple-News-Services-Parsed-Url
X-Tumblr-Pixel-3
X-SIPLIST1
W
X-Contensis-Viewer-Groups
Access-Control-Request-Headers
X-Cache-Debug
Apple-News-Services-Request-Url
X-TrackingId
Environment
X-Thanos
X-Cache-Backend
X-Nc
X-Distributor
Wxu-Next-Region
X-Dispatcher-Server
X-Fastly-Cache
X-AK-Request-ID
X-Debug-Log
X-Cache-Info
X-Cache-Bucket
X-Cache-URL
X-Clara-WADP
X-Cms-Context
X-Clientip
X-Block-Status
X-Debug-Cache-Expiry
X-Debug-Cookies
X-Core-Mission
X-Debug-Cache-Store
X-BBXSRF
X-Debug-Cache-Fetch
X-Azure-Ref
X-Rebelmouse-Surrogate-Control
X-Urbn-Site-Id
X-Urbn-Context-Path
X-TT-LOGID
X-User
X-Sucuri-Cache
X-WADP-Cache
X-VServer
X-Trace-Id
X-TH-Server
X-Request-URI
X-Req
Wxu-Next-Hostname
X-SVT-ORM-RULES
X-Swa-Ws
X-SVT-ORM-VERSION
X-We-Are-Hiring
X-Webstats-RespID
X-Backend-State
X-App-Name
X-CGP
X-Eu-Site
X-Epic-Correlation-Id
X-Distil-CS
X-Agile-Id
X-Agile-Age
CDCHOST
X-Render-Time
X-Hit
Ha-Gx-Prefs
X-Agile
HA-Ipaddr
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Key
X-Li-Pop
X-Li-Fabric
X-IN-APIGATEWAY
X-Hnp-Log
X-Gen-Mode
X-Gamma-Serve
X-Generated-In
X-Generation-Time
X-Hash
X-GeoIP-City
X-LI-Proto
X-LI-UUID
X-OVcl
X-Origin-Expires
X-OVcl-Cache
X-Owner
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Origin-Date
X-NX-Host
X-Micro-Cache
X-Location
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Nginx-Cache-Key
X-FW-Version
X-Cdn-Srv
IBM-Web2-Location
Heartbleed
FNAC-ModuleRouting
Fastly-SWR
Kp-EeAlive
Locale
Request-Country
Powered-By
Memcached
Mail-Subject
Fastly-Backend-Name
Countrycode
Wxu-Next-Commit
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
AKAMAI
Cache-Host
Country-Code
Cdnsip
Cdncip
X-Daa-Tunnel
Request-EU
Fastly-SIE
Section-Io-Cache
V-Age
We-Hiring
Web-Mar-Node
RNT-Time
True-Client-Country-4JS
Server-Int
RNT-Machine
Server-ID
X-B3-Parentspanid
HitType
Geo-Info
X-Old-Content-Length
X-Variation
X-Level-Front-Cache
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-Up
X-NU-AKA-ACS-Version
X-Generated-On
X-Has-Esi
Thinkindot-CacheControl
X-Internal-Host
X-Is-Gdpr
X-ServiceProvider
X-JWT-State
X-Service
Adler-Geo
X-Reboot
X-Matched-Rule
X-Cache-Tags
X-Core-Value
PFcat
X-Platform-Server
Platform
Is-Eu
X-S-Maxage
Server-Host
ServerName
X-Response-By
X-Lb-Id
X-Fetched-On
Cache-Hits
X-Server-W
X-Refresh
Filterid
X-TA-CDN-Provider
X-Nginx-Cache
X-SERVER
X-Servername
RequestId
X-B3-SpanId
ProcessTime
X-Server-IP
X-CF-Powered-By
X-Cdn-Forward
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-CSRF-Token
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
X-Air-Hostname
X-Parent-Response-Time
X-CSRF-TOKEN
Memory
Media-Length
X-NC
Origin
X-Cdn-Request-ID
X-Wa
Pragrma
SRV
Group
X-Cache-Expired-At
User-Agent
X-Var-Ttl
X-BACKEND-TTL
X-Pf-Uncompressing
TTL
Geoip-Latitude
S-Cnection
Powered-By-ChinaCache
X-Vcl-Version
GeoIp-Country-Code
X-Unique-ID
X-Ua
X-NGINX-Cache
X-Correlation-ID
X-Sucuri-ID
X-Sucuri-Id
X-Rocket-Nginx-Bypass
X-COUNTRY
SN
Esi-Enabled
X-AIR-PT
PICS-Label
X-Reqid
X-Varnish-Cacheable
X-Planisys-CDN-Rules
X-TIME
HostName
X-Planisys-CDN-TTL
Geoip-City
X-Planisys-CDN-Cache
X-Policy
X-Servedbyhost
X-Azure-Ref-OriginShield
X-Webkit-CSP
X-Request-Start
X-Litespeed-Cache
X-Via-CDN
Rt-Proxy-Cache
X-NWS-UUID-VERIFY
X-Via-Ucdn
X-Developer
XServer
M-TraceId
X-Cdn-Origin
Dnion-Transfer-Encoding
X-Cache-Grace
X-LAGOON
X-Ocache
X-Node-Id
X-HS-Status
X-Sn-Servicetimems
X-Device-Os
X-FORWARDED-FOR
On-Server
X-Fastly-Country-Code
Magicmarker
Cdn
Resin-Trace
Tcn
X-Method
X-ServedByHost
X-MSEdge-Flight
X-Request-Host
Load-Balancing
X-MSEdge-Features
Who
X-Cache-Ttl
A
X-VHOST
X-Ftr-Cache-Host
Cloudfront-Viewer-Country
CF-Cached-On
DSUID
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
Ohc-Response-Time
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Cache-Status-Check
X-Beluga-Node
X-Beluga-Record
Pics-Label
X-Beluga-Status
X-Be
Release
X-Beluga-Response-Time
X-Beluga-Cache-Status
NtCoent-Length
X-Svr
X-Beluga-Trace
X-MServer
X-VCT
X-Bc
X-VCL-Version
Vix-Hermes-Req-Id
GeoIP-Country-Code
X-APP
X-Varnish-Url
X-Zone
Hostname
X-Oracle-Dms-Rid
X-Hp-Ccpa-Warning
MIME-Version
Cteonnt-Length
Host-ID
Ttl
X-Fastly-Backend-Reqs
WebServer
GeoIP-Latitude
X-VarnishDD-TTL
X-Ratelimit-Remaining
X-Varnish-Ttl
X-LiteSpeed-Cache-Control
X-DC
GeoIP-City
X-Varnish-URL
X-Newrelic-App-Data
X-Configured-By
X-PF-Uncompressing
Amp-Access-Control-Allow-Source-Origin
X-Upstream-Ct
X-SD-PageType
X-Upstream-Ht
Servername
X-Slack-Backend
X-SRV
SD-X-WS
X-PJAX-URL
X-Ftr-Request-Id
X-WR-MODIFICATION
X-HostName
X-DI
X-DSS
X-DW
X-DB
X-Action
X-Dynatrace
X-RPM
X-Tid
X-RPS
X-Aicache-OS
X-SN
X-Cache-Id
X-BE
X-Swift-Error
X-RSL
Processtime
X-Compress-Hint
X-Ratelimit-Limit
X-Dynatrace-Js-Agent
X-Release
Cache-Provider
L
X-Processor
CACHE
X-FPC
X-PAYTM-SRV-ID
X-Dispatch
X-ID
X-Skip-Cache
Pramga
Arc-Country
X-Via-NSCOPI
X-Cache-FS-Status
X-Server-Time
X-Frame-Option
X-Hello
X-Flog
X-StackifyID
X-ND-Cache
X-DevSite-Last-Modified
Pagetype
LB
X-ServerName
Fastly-Drupal-HTML
X-ABtesting
Dynatrace
X-Ftr-Realm
X-Ftr-Backend
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Dc
Requestid
X-Fastly-Cache-Hits
Lfy
X-Branch-Name
X-Snapshot-Date
CDN
CF-IPCountry
X-Scheme
X-LB-ID
X-CACHE-AGE
X-Cc-Req-Id
Warning
D-Cc-Upstream
X-Cc-Via
X-Node-ID
Proxy-Firewall
X-Served-From
X-Edge-Server
N-Cache
X-ZONE
X-Edge-IP
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Varnish-Beresp-TTL
X-VC
X-Apw-Access-Action
X-Request-Url
V-Cache
X-Request-URL
X-SB
X-Apw-Access-Object
Cdn-Host
X-Apw-Hits
UCS
Cdn-Request-Time
X-Apw-Access-Token
NnCoection
X-WA
Lb
X-App
Correlation-Id
Backend-Name
X-Litespeed-Cache-Control
X-BC
X-Worker
X-Check-Cacheable
X-Powered-Y
X-ElasticPress-Search
WP-Super-Cache
X-Fastly-Cache-Status