Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
X-Dns-Prefetch-Control
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
X-Country-Code
Allow
Accept-Ch
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-FTR-Request-ID
X-TTL
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Kinja-Build
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
Edge-Cache-Tag
AR-CACHE
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-ATIME
RTSS
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
Charset
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Powered-CMS
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Response
X-Middleton-Response
Pagespeed
X-Middleton-Display
X-Vcap-Request-Id
X-Fastcgi-Cache
Display
X-Sol
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
TCN
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
Access-Control-Request-Method
X-Client-IP
X-Ser
X-Fastly-Request-ID
S
MS-Author-Via
X-DynaTrace-JS-Agent
X-Upstream
X-Shard
SPRequestDuration
SPIisLatency
X-Id
Nginx-Cache
X-Hp-Webp
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Ezoic-Cdn
X-Content-Type
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Grace
Nel
DynaTrace
X-Recruiting
Front-End-Https
Fastcgi-Cache
X-Aspnet-Version
X-Hits
X-Varnish-Age
ServerID
X-DIS-Request-ID
X-Edge-O15-RID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
X-FTR-Cache-Status
X-FTR-Expires
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Country-Code-Real
X-HS-Hub-Id
X-Frontend
Powered
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Cache-TTL
Server-Name
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-DC
X-FTR-Balancer
Alternate-Protocol
TP-L2-Cache
X-Logged-In
TP-Cache
Server-Node
X-Jurisdiction
X-Correlation-Id
X-Webkit-Csp
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Server-ID
X-XRDS-LOCATION
Upgrade-Insecure-Requests
X-Page-Id
X-Content-Options
X-Content-Security-Policy-Report-Only
Refresh
X-Cache-Hit
X-Origin-Server
X-Revision
X-Rid
X-User-Agent
X-Akamai-Edgescape
X-Amz-Apigw-Id
X-F-Cache
X-Amzn-RequestId
Backend-Timing
X-ATS-Timestamp
X-Varnish-Grace
X-Shield-Request-Id
X-XRDS-Location
X-Type
X-Webapp-Samesite-None-Activated-N
X-Zen-Fury
Fastly-Restarts
X-Content-Powered-By
X-B3-Sampled
X-LB-Cache
X-URL
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Az
X-B
X-Pad
X-N
X-Analytics
X-FTR-Cache-Host
X-Kinsta-Cache
X-CST
PB-RID
PB-PID
X-Ruxit-Js-Agent
X-RateLimit-Remaining
Arc-Version
X-Mobile-Rewrite
X-TT
X-Cache-Age
Cache-Status
X-Debug-Info
X-AOL-HN
X-WebKit-CSP-Report-Only
DC
X-Time
X-App-Environment
Paypal-Debug-Id
X-B-Cache
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Signature
X-Request-Guid
X-Instance
X-Jobs
X-Framework
Actual-Object-TTL
Access-Control-Allow-Method
X-PHP-Backend
X-FB-Debug
X-Cache-Action
X-Load-Cache
X-Git-Hash
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Varnish-Backend
X-Ttl
Fastcgi-Useragent
X-Cached-By
Host-Header
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
X-Tt-Trace-Host
MS-CV
FilterID
X-SS-Set-Cookie
X-ATG-Version
X-Cluster
X-Cache-Key
Tracecode
X-WA-Info
X-Response-Served-From
NGB
X-Accel-Buffering
X-Srv
Frame-Options
WPE-Backend
X-Varnish-Server
Eomportal-Instance
Payment
X-Host-Name
X-Mobile
Host
X-FW-Static
X-FW-Server
Xserver
X-FW-Serve
X-Cache-Rule
X-FW-Type
X-FW-Hash
X-IPS-LoggedIn
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-RequestSource
X-Rendered-As
X-Tumblr-Pixel-1
Cache-Tv-Group
Source
X-Cache-Operation
Filters
X-GeoIP
X-Adobe-Content
X-Cache-Enabled
X-Cache-NE
X-Cacheable-TTL
X-Region
X-Cache-2
X-Varnish-Hostname
X-Adobe-Loc
X-Tumblr-Pixel-2
X-Is-Bot
X-TX-ID
X-Oneagent-Js-Injection
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
Cleartype
X-Seen-By
X-Origin-Response-Time
X-ORACLE-APMCS-REQUEST-ID
X-Cache-TTL-Remaining
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Hostname
X-FastCGI-Cache
X-Presslabs-Stats
Cache
X-VCache
Retry-After
Accept-CH
Server-Info
X-B3-Traceid
X-HTML-Minification-Powered-By
X-Cache-Control
Healthy
X-RemovedCookies
X-ProcessESI
Datacenter
X-Dc
X-UA
Ms-Operation-Id
X-RTag
X-NWS-LOG-UUID
Liferay-Portal
X-Source
X-RateLimit-Limit
X-FireWall-Port
X-Cache-Server
X-Environment-Context
From-Origin
X-L-Path
X-Upgrade-Enabled
X-Trafficlayer-App-Name
X-Rule
X-Endurance-Cache-Level
X-CACHE-KEY
X-Trafficlayer-App-Scope
X-PressLabs-Stats
Accept-CH-Lifetime
X-Status
X-Wix-Request-Id
Version
X-Handled-By
X-App-Server
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-RN-RSRV
X-Path-Route
X-ES-SERVER
Selected-Fe
OT-Force-Account-Verify
X-Proxy-Build
X-Request-Time
X-Timing-Wait
X-ProxyCache-Key
X-Storage
X-Content-Age
X-ShardId
X-ProxyCache-Status
X-Backend-Name
X-BYPASS-REASON
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-RegionName
Azure-InstanceId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-Tb
X-Shopify-Generated-Cart-Token
X-ShopId
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-APP-VERSION
X-Proto
X-Vgn-Hpd-Reason
Origin-Cache-Control
X-Generated-By
X-Time-Microsecs
X-UUID
X-Soup
X-Hl-Ver
X-Hosted-By
S-Rt
Property-Id
Now
Origin-Edge-Control
Node
X-FW-Dynamic
Decoy-Debug-Key
X-FC-Vary-Parameters
X-Debug-Cache
DB-Nickname
X-Cluster-Node
Decoy-Debug-Status
Decoy-Debug-TTL
NGX
TWC-Connection-Speed
Mn-Server-Ip
X-VWS-Id
X-Web-Node
X-Viewer-Country
TWC-GeoIP-LatLong
X-Origin
X-Cache-Config
Cache-Tags
X-SaId
X-OCL
X-ServerID
X-Redis-Cache
X-RCS-CacheZone
X-PCL
X-Proxy-Cache-Status
X-Pubstack
X-Origin-Hint
X-Qloud-Router
X-AWS-Id
X-MP-GENERATED-AT
TWC-Privacy
Webcakes-App-Name
X-Cache-Host
TWC-Locale-Group
TWC-GeoIP-Country
X-Proxy
Webcakes-App-Version
Webcakes-Region
X-JoinUs
X-LJ-Flow-ID
X-Hyper-Cache
X-Akamai-Request-ID2
X-Akamai-Request-ID
TWC-Device-Class
Ec-Rule-Version
Akamai-GRN
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-IP
X-NYM-Debug-Backend
X-Locale
X-Generated
X-CCM
X-BCube-Filmed-By
X-Format
X-Access
X-Say-TTL
X-Www-Served-By
Cross-Origin-Window-Policy
X-Xfnlog-Site
X-Varnish-Hits
X-Site-Version
X-Detected-As
X-SayCDN-TTL
X-Section
X-Say-Cacheable
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
X-R9-Blue-Green-Version
X-FB-TRIP-ID
Srv
Accept-Charset
GEO-INFO
X-CS
Cache-Name
X-Akamai-Transformed
L5d-Success-Class
Viewport
Uber-Trace-Id
X-NCache
X-Esi
Webserver
X-Drupal-Cache-Tags
Time
X-Unique-Id
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-UA-Device-Type
Cache-Key
X-From
X-Cache-Remote
X-Origin-CC
X-Cluster-Name
Mime-Version
X-Origin-TTL
Accept-Language
X-Edge-Location
X-Drupal-Cache-Contexts
X-TT-TIMESTAMP
X-Backend-TTL
Country
X-CDN-Forward
X-Mode
Odigeo-Trace-Id
X-Microcachable
X-Forwarded-Host
Rt-Fastcgi-Cache
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
X-Info
X-UnsetCookies
X-B3-Spanid
X-Whom
X-Geo
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-Magnolia-Registration
Content-Disposition
X-ApacheServer
X-PERF
X-No-Session
ServedBy
Proxy-Connection
Ohc-File-Size
Ohc-Cache-HIT
X-UPSTREAM-Address
X-NGENIX-Cache
Cf-Ipcountry
X-Device-Type
X-Proxied
X-Labrador-Cache-Channel
X-Zipkin-Id
X-Routing-Service
X-PHP-Host
Content-Style-Type
Content-Script-Type
X-Destination
AsisCache
Meta-Geo-Continent
X-Accel-Expires-Debug
X-Aed
BehaviorPad-Version
X-Region-Sid
Xc-Version
X-DPWN-IS-SECURE
Rendered-Blocks
VivaBuild
X-B-Cookie
Viewtype
X-Vtex-Processado-Em
X-ARC
GEO-REGION-INFO
X-Application
Mobile-Detection-Method
MD5-Digest
Machine
X-A-Dgt
X-Date
X-Via-Fastly
X-Twitter-Response-Tags
X-Trv-Group
X-Transaction
X-A-Ccd
Apple-News-Services-Parsed-Url
X-D
Apple-News-Services-Host
Fastcgi-X-Cache-Version
X-External-Request-Id
X-VG-WebCache
X-VG-WebServer
X-Vdms-Version
X-G
Apple-News-Services-Handled
X-Vtex-Remote-Cache
X-Geo-Header
X-A
X-S
X-Real-IP
X-CF-Lambda-Version
X-A-Wwc
X-Rojux
Apple-News-Services-Request-Url
X-Connection-Hash
X-Request-UUID
X-Rewrite-Enabled
X-ScT
X-S-Cookie
T-Server
X-Session-Fingerprint
X-A-Dam
X-A-Dcw
X-CF-Lambda-Fn
X-SRCache-Key
User-Cache-Control
X-TA-CDN-Provider
X-Cache-Time
X-Uri
X-Cache-Debug
X-GeoIP-Country-Code
IsBot
Gh-Request-Id
Fastly-SSL
X-TrackingId
X-WebServer
X-Thanos
Server-Surrogate-Control
X-Epic-Correlation-Id
X-SIPLIST1
X-Nc
X-Tumblr-Pixel-3
X-VC-Cache
X-VG-TLSProxy
X-Varnish-Authentication
W
Environment
X-Sigma
X-Sigma-Backend
X-Contensis-Viewer-Groups
X-Rocket-Build-Number
X-Cache-ASPX
X-Logging-Id
X-Bip
X-Auto-Login
Powered-By
X-Render-Time
Server-Cache-Control
X-CUA
HitType
X-C
X-App-Version
Geo-Info
Access-Control-Request-Headers
X-GoCache-CacheStatus
X-Core-Mission
X-Debug-Cache-Expiry
X-Agile-Id
X-Agile-Age
X-Debug-Cache-Fetch
X-AK-Request-ID
X-App-Name
X-Agile
Wxu-Next-Region
We-Hiring
Web-Mar-Node
Wxu-Next-Commit
Wxu-Next-Hostname
X-Azure-Ref
X-BBXSRF
X-Cdn-Srv
X-CGP
X-Clara-WADP
X-Clientip
X-Cache-URL
X-Cache-Info
X-Block-Status
X-Cache-Backend
X-Cache-Bucket
X-Cms-Context
X-Li-Pop
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
X-Rebelmouse-Surrogate-Control
X-Req
X-Wikidot-Static-Cache
X-Request-URI
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Origin-Date
X-NX-Host
X-Origin-Expires
X-OVcl
X-Owner
X-OVcl-Cache
X-Wikidot-Backend
X-Sucuri-Cache
X-Urbn-Context-Path
X-TT-LOGID
X-Urbn-Site-Id
X-WADP-Cache
X-VServer
X-User
X-We-Are-Hiring
X-Trace-Id
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Swa-Ws
X-TH-Server
X-Webstats-RespID
X-NodeID
X-Nginx-Cache-Key
X-Gamma-Serve
X-FW-Version
X-Gen-Mode
X-Generated-In
X-GeoIP-City
X-Generation-Time
X-Fastly-Cache
X-Eu-Site
X-Debug-Log
X-Debug-Cookies
X-Developers
X-Dispatcher-Server
X-Distributor
X-Distil-CS
X-Hash
X-Hit
X-LI-UUID
X-LI-Proto
X-Location
X-Micro-Cache
X-Ms-Version
X-Ms-Request-Id
X-Li-Fabric
X-Key
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Irp-Debug
X-Debug-Cache-Store
X-Backend-State
Ha-Gx-Prefs
HA-Ipaddr
FNAC-ModuleRouting
Fastly-SWR
Fastly-Soc-X-Request-Id
Heartbleed
IBM-Web2-Location
Memcached
Mail-Subject
Locid
Locale
Fastly-SIE
Fastly-Backend-Name
AKAMAI
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Cache-Host
CDCHOST
Countrycode
Country-Code
Cdnsip
Cdncip
X-Daa-Tunnel
Kp-EeAlive
Section-Io-Cache
Request-Country
V-Age
RNT-Time
True-Client-Country-4JS
RNT-Machine
Server-ID
Request-EU
Server-Int
X-Variation
X-Level-Front-Cache
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
X-Trafficlayer-App-Version
X-Generated-On
X-Nginx-Cache
Server-Host
Platform
X-Core-Value
X-Reboot
X-Up
X-Internal-Host
X-ServiceProvider
X-Service
X-JWT-State
X-Is-Gdpr
X-Server-W
X-Old-Content-Length
PFcat
X-Fetched-On
Is-Eu
X-NU-AKA-ACS-Version
ServerName
X-Has-Esi
X-Platform-Server
X-Thinkindot-L3
Adler-Geo
X-Matched-Rule
X-Cache-Tags
X-B3-Parentspanid
Cache-Hits
X-Lb-Id
X-S-Maxage
X-Servername
X-Response-By
X-Refresh
X-SERVER
RequestId
X-B3-SpanId
X-Cdn-Forward
X-CF-Powered-By
Filterid
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
ProcessTime
X-Server-IP
X-Air-Hostname
X-CSRF-TOKEN
X-Cache-Expired-At
X-BACKEND-TTL
X-Var-Ttl
X-Pjax-Url
Pragrma
Group
Memory
X-CSRF-Token
X-Parent-Response-Time
X-Cdn-Request-ID
Media-Length
X-Wa
User-Agent
X-NC
Origin
S-Cnection
X-Pf-Uncompressing
Geoip-Latitude
Powered-By-ChinaCache
TTL
SRV
X-Ua
X-Unique-ID
X-Correlation-ID
X-Sucuri-Id
GeoIp-Country-Code
X-Vcl-Version
X-NGINX-Cache
X-COUNTRY
X-Sucuri-ID
X-AIR-PT
SN
X-Rocket-Nginx-Bypass
Esi-Enabled
X-Reqid
Geoip-City
PICS-Label
X-Litespeed-Cache
X-Webkit-CSP
X-Varnish-Cacheable
X-Servedbyhost
X-Policy
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Via-CDN
X-NWS-UUID-VERIFY
X-Azure-Ref-OriginShield
X-Developer
X-Request-Start
M-TraceId
X-Via-Ucdn
Dnion-Transfer-Encoding
X-HS-Status
HostName
X-TIME
XServer
X-LAGOON
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-Grace
X-Ocache
X-Device-Os
Rt-Proxy-Cache
X-Node-Id
X-FORWARDED-FOR
Tcn
X-Fastly-Country-Code
On-Server
X-Cache-Ttl
X-Method
Resin-Trace
Magicmarker
X-ServedByHost
X-Request-Host
Who
Cdn
A
X-MSEdge-Flight
X-MSEdge-Features
X-Ftr-Cache-Host
X-VHOST
CF-Cached-On
Cloudfront-Viewer-Country
X-Cache-Status-Check
Load-Balancing
X-Beluga-Node
X-Beluga-Status
Hostname
X-Beluga-Record
X-APP
X-Beluga-Trace
X-Beluga-Cache-Status
Pics-Label
X-Beluga-Response-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-VCL-Version
DSUID
GeoIP-Country-Code
X-Zone
X-Svr
NtCoent-Length
X-Bc
X-Be
Ohc-Response-Time
X-MServer
X-Oracle-Dms-Rid
X-VCT
Release
MIME-Version
X-Fastly-Backend-Reqs
X-Varnish-URL
Cteonnt-Length
X-Varnish-Url
GeoIP-Latitude
Vix-Hermes-Req-Id
X-VarnishDD-TTL
Ttl
X-Ratelimit-Remaining
X-Varnish-Ttl
X-Hp-Ccpa-Warning
X-LiteSpeed-Cache-Control
X-DC
Host-ID
X-PF-Uncompressing
X-Newrelic-App-Data
GeoIP-City
X-SRV
X-Configured-By
X-Ftr-Request-Id
WebServer
X-PJAX-URL
X-Slack-Backend
Amp-Access-Control-Allow-Source-Origin
X-HostName
X-DW
X-Upstream-Ct
X-DSS
X-Dynatrace
X-RPM
X-BE
X-RSL
X-RPS
X-Tid
X-Swift-Error
Processtime
X-SD-PageType
SD-X-WS
X-Aicache-OS
X-Upstream-Ht
X-Action
X-DI
X-DB
X-Ratelimit-Limit
X-WR-MODIFICATION
Servername
X-Dynatrace-Js-Agent
X-Server-Time
X-SN
Cache-Provider
L
X-ID
X-Compress-Hint
CACHE
Pramga
X-PAYTM-SRV-ID
X-Processor
X-FPC
X-Skip-Cache
X-Cache-FS-Status
X-Dispatch
Arc-Country
X-Cache-Id
X-Frame-Option
Fastly-Drupal-HTML
X-ServerName
X-Ftr-Backend-Server
X-ABtesting
X-Flog
X-Ftr-Backend
X-Hello
X-Ftr-Balancer
X-StackifyID
X-Ftr-Dc
CDN
X-Release
X-Via-NSCOPI
X-Branch-Name
Dynatrace
X-LB-ID
X-Ftr-Realm
Pagetype
X-DevSite-Last-Modified
Lfy
CF-IPCountry
Requestid
X-Fastly-Cache-Hits
X-ND-Cache
X-Snapshot-Date
X-CACHE-AGE
X-Edge-IP
X-Served-From
X-Edge-Server
Cdn-Request-Time
N-Cache
X-Apw-Access-Action
X-Apw-Hits
X-ZONE
X-Apw-Access-Token
X-Apw-Access-Object
Proxy-Firewall
LB
Cdn-Host
X-VC
X-SB
X-WA
X-Request-Url
X-Cc-Via
X-Varnish-Beresp-TTL
X-Scheme
X-Cc-Req-Id
V-Cache
D-Cc-Upstream
Warning
X-Amzn-Remapped-Date
X-Bc-Bl
X-Amzn-Remapped-Connection
X-Request-URL
Backend-Name
WP-Super-Cache
Cache-Cookie-Set-From
X-Worker
Correlation-Id
X-Node-ID
X-App
Cache-Cookie-Set-Idcheck
X-ElasticPress-Search
Lb
X-Check-Cacheable
X-BC
X-Powered-Y
Cache-Cookie-Set-Lfrom
UCS
X-Fastly-Cache-Status