Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
P3p
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
Content-Location
X-Response-Time
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Dispatcher
X-Cloud-Trace-Context
X-Origin-Upstream-Status
X-ORACLE-DMS-ECID
X-HW
X-Cnection
X-Application-Context
X-DataDome
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Country-Code
Allow
X-Instart-Request-ID
X-TtlSet
X-Goog-Hash
X-PC
X-Vname
X-TTL
X-FTR-Request-ID
X-ESI
Verso
Accept-Ch-Lifetime
X-Url
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Kinja-Build
Edge-Cache-Tag
RTSS
X-Px
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-Request-ID
AR-ATIME
X-D2id
X-Debug
X-Abt-Application-Version
Charset
SPRequestGuid
X-Server-Name
X-NF-Request-ID
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-Powered-CMS
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Navigation-Version
Response
X-Middleton-Response
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Client-IP
S
X-Upstream
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Ser
MS-Author-Via
X-Shard
SPRequestDuration
X-Id
SPIisLatency
X-Hp-Webp
X-Forwarded-For
X-Ezoic-Cdn
DynaTrace
Nginx-Cache
X-Content-Type
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Recruiting
Front-End-Https
X-Grace
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Node-Name
NR-ENABLED
X-Content-Digest
X-Edge-O15-RID
Powered
X-Frontend
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Server-Name
Nel
Alternate-Protocol
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-Logged-In
X-Cache-TTL
TP-Cache
TP-L2-Cache
X-Correlation-Id
Server-Node
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-Request-Processing-Time
X-Request-Received
X-Webkit-Csp
X-Request-Handler-Origin-Region
X-Microsite
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-Jurisdiction
Upgrade-Insecure-Requests
Refresh
X-Content-Options
X-Origin-Server
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Rid
X-ATS-Timestamp
X-F-Cache
X-User-Agent
Backend-Timing
X-Varnish-Grace
X-Revision
X-Cache-Hit
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Server-ID
X-Type
Fastly-Restarts
X-XRDS-Location
X-Pad
X-Content-Powered-By
X-Geo-Country
X-Az
X-Activity-Id
X-Zen-Fury
X-B3-Sampled
X-AppVersion
X-LB-Cache
X-B
X-N
X-Analytics
X-URL
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-RID
PB-PID
X-TT
X-WebKit-CSP-Report-Only
X-Mobile-Rewrite
Arc-Version
X-AOL-HN
X-Framework
X-Tumblr-Pixel
X-Cache-Age
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Tumblr-User
Actual-Object-TTL
X-Ruxit-Js-Agent
X-Jobs
X-App-Environment
X-Request-Guid
DC
X-Signature
X-Debug-Info
X-B-Cache
X-CST
Cache-Status
X-Instance
Access-Control-Allow-Method
X-FB-Debug
X-PHP-Backend
X-Load-Cache
Surrogate-Key
X-Varnish-Backend
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Git-Hash
X-Erf-Bev-Bev
X-Cache-Action
X-Time
Host-Header
X-Cached-By
X-Ttl
X-Tt-Trace-Tag
X-IPLB-Instance
FilterID
X-Amz-Replication-Status
X-FastCGI-Cache
MS-CV
X-Contextid
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-ATG-Version
Tracecode
X-Srv
Frame-Options
NGB
X-Accel-Buffering
X-Response-Served-From
X-Cache-Key
X-WA-Info
Payment
Xserver
Eomportal-Instance
WPE-Backend
X-Varnish-Server
X-Cache-Enabled
Host
X-RequestSource
Filters
X-Varnish-Hostname
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
X-Cache-NE
Cache-Tv-Group
X-Cache-2
X-Adobe-Loc
X-Tumblr-Pixel-2
X-GeoIP
X-Adobe-Content
X-Tumblr-Pixel-1
X-FW-Hash
X-Cacheable-TTL
X-IPS-LoggedIn
X-Rendered-As
X-Host-Name
X-TX-ID
X-Mobile
X-Region
X-Is-Bot
Source
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Cleartype
X-Seen-By
X-Cache-Rule
X-Cache-Operation
X-NewRelic-App-Data
X-Oneagent-Js-Injection
X-Via-JSL
X-EdgeConnect-Cache-Status
X-Hostname
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Cache
X-Presslabs-Stats
Healthy
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Cache-Control
X-VCache
Datacenter
X-HTML-Minification-Powered-By
Retry-After
X-Dc
X-ProcessESI
X-RemovedCookies
Server-Info
X-UA
Ms-Operation-Id
X-RTag
X-B3-Traceid
Accept-CH
X-CACHE-KEY
X-Rule
X-RateLimit-Limit
X-Cache-Server
Liferay-Portal
X-PressLabs-Stats
From-Origin
X-FireWall-Port
X-Wix-Request-Id
X-Status
X-NWS-LOG-UUID
X-L-Path
X-Environment-Context
Version
X-Upgrade-Enabled
X-Source
X-CLOUD-TRACE-CONTEXT
X-Endurance-Cache-Level
X-ES-SERVER
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
X-Handled-By
X-Cache-Var
X-Timing-Wait
OT-Force-Account-Verify
X-Proxy-Build
Selected-Fe
X-Storage
Accept-CH-Lifetime
X-Content-Age
X-Proto
X-UUID
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Tb
X-ShardId
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-Sorting-Hat-ShopId
X-Hyper-Cache
X-Backend-Name
X-ShopId
X-Alternate-Cache-Key
X-Debug-Cache
X-Section
Ec-Rule-Version
Node
X-PCL
S-Rt
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Proxy
X-Cache-Config
Origin-Cache-Control
Origin-Edge-Control
Now
Decoy-Debug-Key
X-Hl-Ver
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hosted-By
X-ProxyCache-Key
X-JoinUs
X-Human
X-OCL
X-Generated-By
X-Yottaa-Optimizations
X-Yottaa-Metrics
Decoy-Debug-Status
DB-Nickname
X-Origin
X-FC-Vary-Parameters
Decoy-Debug-TTL
X-VWS-Id
Webcakes-Region
Webcakes-App-Version
X-ProxyCache-Status
X-Akamai-Request-ID
X-AWS-Id
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Request-Time
Webcakes-App-Name
TWC-Privacy
X-Vgn-Hpd-Reason
TWC-Locale-Group
X-Viewer-Country
TWC-GeoIP-Country
TWC-Device-Class
X-Soup
X-Time-Microsecs
Property-Id
X-Format
X-Origin-Hint
Azure-RegionName
X-Qloud-Router
X-Access
X-LJ-Flow-ID
Azure-SiteName
X-Pubstack
X-Redis-Cache
X-SaId
Azure-SlotName
X-FW-Dynamic
Cache-Tags
Azure-InstanceId
X-ServerID
Azure-Version
Mn-Server-Ip
X-Cache-Host
X-CCM
X-Web-Node
X-BCube-Filmed-By
NGX
X-Www-Served-By
Akamai-GRN
X-Site-Version
X-Varnish-Hits
X-Locale
X-Proxy-Cache-Status
X-Xfnlog-Site
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-Cluster-Node
X-RCS-CacheZone
X-Generated
X-IP
X-App-Server
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Detected-As
X-TNCMS
X-FB-TRIP-ID
X-Loop
Cross-Origin-Window-Policy
L5d-Success-Class
X-APP-VERSION
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
Cache-Name
GEO-INFO
Viewport
X-CS
Uber-Trace-Id
Accept-Charset
Time
X-Akamai-Transformed
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-NCache
X-Unique-Id
Webserver
X-Drupal-Cache-Tags
X-Cache-Remote
X-Esi
X-UA-Device-Type
X-From
Srv
X-Cluster-Name
X-TT-TIMESTAMP
X-Edge-Location
Mime-Version
X-Drupal-Cache-Contexts
Cache-Key
X-Origin-TTL
X-Backend-TTL
X-Origin-CC
X-CDN-Forward
X-EC-Lua
Accept-Language
Country
X-Mode
Odigeo-Trace-Id
X-Newrelic-Synthetics
X-B3-Spanid
X-Microcachable
Ohc-File-Size
Ohc-Cache-HIT
Rt-Fastcgi-Cache
X-Forwarded-Host
X-Info
X-Geo
X-No-Session
Proxy-Connection
X-Magnolia-Registration
ServedBy
X-Proxied
X-Routing-Service
X-Whom
X-Labrador-Cache-Channel
X-Varnish-Cache-Hits
X-UPSTREAM-Address
Content-Disposition
X-Zipkin-Id
X-PHP-Host
X-UnsetCookies
X-ApacheServer
X-Real-IP
X-PERF
Fastly-SSL
X-Cache-Time
Meta-Geo-Continent
X-Region-Sid
X-Geo-Header
X-GeoIP-Country-Code
X-Device-Type
X-CF-Lambda-Fn
X-Request-UUID
X-Rewrite-Enabled
X-Session-Fingerprint
X-SRCache-Key
X-ScT
X-S-Cookie
X-Rojux
X-S
X-DPWN-IS-SECURE
X-G
X-Destination
GEO-REGION-INFO
Mobile-Detection-Method
AsisCache
Content-Style-Type
Content-Script-Type
Fastcgi-X-Cache-Version
X-External-Request-Id
X-CF-Lambda-Version
X-Date
MD5-Digest
X-D
X-Connection-Hash
Machine
BehaviorPad-Version
X-Twitter-Response-Tags
X-Application
X-Vdms-Version
X-Vtex-Processado-Em
X-A-Dcw
X-App-Version
Rendered-Blocks
VivaBuild
Viewtype
X-VG-WebServer
X-Aed
X-VG-WebCache
X-A-Dam
X-ARC
Xc-Version
X-A-Ccd
T-Server
X-Vtex-Remote-Cache
X-A-Wwc
X-Accel-Expires-Debug
X-A
X-Transaction
X-B-Cookie
X-Trv-Group
X-A-Dgt
Powered-By
X-Via-Fastly
User-Cache-Control
Cf-Ipcountry
Access-Control-Request-Headers
X-Cache-Debug
Server-Cache-Control
Server-Surrogate-Control
Environment
X-SIPLIST1
IsBot
X-Auto-Login
Gh-Request-Id
X-Contensis-Viewer-Groups
X-TrackingId
X-Rocket-Build-Number
X-Tumblr-Pixel-3
X-Thanos
X-Sigma
X-Cache-ASPX
X-Sigma-Backend
X-WebServer
W
X-Uri
X-CUA
X-Logging-Id
X-VC-Cache
X-VG-TLSProxy
X-Bip
X-Varnish-Authentication
ServerName
X-NGENIX-Cache
X-C
X-Eu-Site
X-Epic-Correlation-Id
X-Debug-Cache-Fetch
X-Clara-WADP
X-Clientip
X-Cms-Context
X-CGP
X-Cdn-Srv
X-Cache-Bucket
X-Fastly-Cache
X-Block-Status
X-BBXSRF
X-Backend-State
X-Agile-Id
X-Agile-Age
X-Distributor
X-Distil-CS
X-AK-Request-ID
X-Debug-Cache-Store
X-Dispatcher-Server
X-Agile
X-OVcl
X-Webstats-RespID
X-We-Are-Hiring
X-WADP-Cache
Fastly-Backend-Name
Fastly-Soc-X-Request-Id
Locid
FNAC-ModuleRouting
X-VServer
X-User
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-TH-Server
X-TT-LOGID
X-Urbn-Site-Id
X-Urbn-Context-Path
RNT-Machine
RNT-Time
Apple-News-Services-Handled
X-Wikidot-Static-Cache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-App-Name
Apple-News-Services-Request-Url
X-Wikidot-Backend
X-Req
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Cache-URL
X-Developers
X-Core-Mission
X-Sucuri-Cache
X-Request-URI
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Hnp-Log
X-Instart-Isnd
X-Irp-Debug
X-Li-Fabric
X-Key
X-Hit
X-Hash
X-Gen-Mode
X-Gamma-Serve
X-Generated-In
X-Generation-Time
X-GoCache-CacheStatus
X-GeoIP-City
X-Li-Pop
X-LI-Proto
X-Owner
X-OVcl-Cache
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Render-Time
X-RateLimit-Remaining-Second
Web-Mar-Node
X-Origin-Expires
X-Location
X-LI-UUID
X-Ms-Request-Id
X-Ms-Version
X-Origin-Date
X-NodeID
X-FW-Version
X-Debug-Cache-Expiry
Memcached
Cdncip
CDCHOST
Cache-Host
Heartbleed
AKAMAI
Mail-Subject
Cdnsip
HA-Ipaddr
IBM-Web2-Location
Ha-Gx-Prefs
Countrycode
Country-Code
Locale
Request-EU
Request-Country
X-Varnish-Beresp-Grace
Server-ID
True-Client-Country-4JS
X-Cache-Backend
We-Hiring
V-Age
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Section-Io-Cache
Geo-Info
X-B3-Parentspanid
X-NU-AKA-ACS-Version
X-Up
X-NX-Host
X-Variation
X-Is-Gdpr
X-Old-Content-Length
X-S-Maxage
X-Debug-Log
X-Platform-Server
X-Generated-On
X-Level-Front-Cache
Adler-Geo
X-Swa-Ws
X-Trace-Id
X-Trafficlayer-App-Version
X-Reboot
X-Service
X-Has-Esi
X-JWT-State
X-ServiceProvider
X-Debug-Cookies
PFcat
Server-Host
Server-Int
X-Cache-Info
X-Micro-Cache
X-Rebelmouse-Cache-Control
Platform
X-Nginx-Cache-Key
X-Internal-Host
Is-Eu
X-Azure-Ref
X-Rebelmouse-Surrogate-Control
X-Cache-Tags
X-Core-Value
Fastly-SIE
Kp-EeAlive
Fastly-SWR
X-TA-CDN-Provider
HitType
X-Daa-Tunnel
Thinkindot-CacheControl-Type
X-Refresh
X-Matched-Rule
X-Server-W
X-Thinkindot-L3
X-Lb-Id
Thinkindot-Control
Thinkindot-CacheControl
Cache-Hits
X-SERVER
X-Response-By
RequestId
X-Servername
X-Fetched-On
X-Nc
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-Nginx-Cache
X-Server-IP
X-B3-SpanId
Memory
X-Parent-Response-Time
ProcessTime
X-Cdn-Forward
Filterid
X-CF-Powered-By
X-Tec-Api-Version
X-Tec-Api-Origin
X-CSRF-Token
X-Pjax-Url
X-Tec-Api-Root
X-Cdn-Request-ID
Media-Length
SRV
X-CSRF-TOKEN
X-Air-Hostname
User-Agent
X-Wa
Origin
Geoip-Latitude
X-BACKEND-TTL
Pragrma
X-Var-Ttl
X-Cache-Expired-At
Group
TTL
X-Pf-Uncompressing
X-NGINX-Cache
GeoIp-Country-Code
X-Vcl-Version
X-Correlation-ID
X-TIME
X-Unique-ID
X-Ua
X-AIR-PT
X-Rocket-Nginx-Bypass
Powered-By-ChinaCache
X-Reqid
X-Sucuri-Id
Esi-Enabled
X-Sucuri-ID
X-Planisys-CDN-Cache
X-Policy
X-Planisys-CDN-Rules
S-Cnection
HostName
X-Planisys-CDN-TTL
PICS-Label
X-COUNTRY
X-Varnish-Cacheable
X-Request-Start
X-Servedbyhost
X-HS-Status
X-Litespeed-Cache
X-Azure-Ref-OriginShield
M-TraceId
X-Webkit-CSP
Geoip-City
SN
Rt-Proxy-Cache
Dnion-Transfer-Encoding
X-Via-Ucdn
X-Fastly-Country-Code
X-Via-CDN
XServer
Magicmarker
X-NWS-UUID-VERIFY
X-Method
X-Developer
Load-Balancing
X-FORWARDED-FOR
X-Ocache
X-Sn-Servicetimems
Resin-Trace
X-Node-Id
Tcn
X-LAGOON
X-Device-Os
X-Cache-Grace
X-Cdn-Origin
X-ServedByHost
X-Cache-Ttl
On-Server
Ohc-Response-Time
Who
DSUID
X-Ftr-Cache-Host
X-VHOST
Release
X-Be
X-MServer
Cdn
NtCoent-Length
X-VCT
X-MSEdge-Features
X-MSEdge-Flight
X-Request-Host
CF-Cached-On
A
X-Svr
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
Vix-Hermes-Req-Id
X-Hp-Ccpa-Warning
X-Zone
X-APP
Pics-Label
Cloudfront-Viewer-Country
X-Bc
GeoIP-Country-Code
X-LiteSpeed-Cache-Control
X-Beluga-Response-Time
X-Beluga-Status
X-Varnish-Url
X-Beluga-Trace
X-VCL-Version
X-Cache-Status-Check
X-Ratelimit-Remaining
Cteonnt-Length
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Fastly-Backend-Reqs
MIME-Version
X-Oracle-Dms-Rid
Ttl
GeoIP-Latitude
X-Configured-By
X-VarnishDD-TTL
X-DC
Host-ID
Hostname
X-SD-PageType
X-Newrelic-App-Data
SD-X-WS
GeoIP-City
X-Varnish-Ttl
X-Varnish-URL
X-PF-Uncompressing
X-WR-MODIFICATION
X-Ftr-Request-Id
X-Tid
X-SN
X-PJAX-URL
X-Upstream-Ct
X-Upstream-Ht
X-Cache-Id
X-SRV
X-Compress-Hint
WebServer
X-HostName
X-Slack-Backend
X-BE
Processtime
X-Aicache-OS
X-Ratelimit-Limit
L
X-Via-NSCOPI
X-Release
X-Dynatrace
CF-IPCountry
X-Dynatrace-Js-Agent
X-Scheme
Cache-Provider
X-ID
CACHE
LB
X-Swift-Error
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
Servername
X-Processor
X-PAYTM-SRV-ID
X-FPC
X-Server-Time
Cache-Cookie-Set-From
X-Ftr-Backend-Server
X-Skip-Cache
X-Ftr-Backend
X-Dispatch
X-Ftr-Dc
X-Cache-FS-Status
X-Action
X-RPM
X-DB
X-DI
X-DSS
Cache-Cookie-Set-Idcheck
X-RPS
Pramga
Arc-Country
X-StackifyID
X-RSL
X-DW
X-Ftr-Balancer
X-Fastly-Cache-Hits
X-LB-ID
Lfy
X-Branch-Name
CDN
X-ServerName
UCS
Pagetype
Requestid
X-Snapshot-Date
Cache-Cookie-Set-Lfrom
Dynatrace
X-Ftr-Realm
X-CACHE-AGE
X-Hello
X-ND-Cache
X-Edge-IP
X-Varnish-Beresp-TTL
X-Apw-Hits
X-ZONE
X-Apw-Access-Object
X-ABtesting
Fastly-Drupal-HTML
X-Cc-Via
X-DevSite-Last-Modified
X-Flog
X-Apw-Access-Action
X-Apw-Access-Token
D-Cc-Upstream
Warning
X-SB
X-Node-ID
Proxy-Firewall
V-Cache
X-Cc-Req-Id
X-VC
NnCoection
X-Worker
Backend-Name
WP-Super-Cache
X-Request-Url
WZWS-RAY
Correlation-Id
X-Fastly-Cache-Status
Lb
X-BC
X-ElasticPress-Search
X-Check-Cacheable
X-Litespeed-Cache-Control
X-App
X-Request-URL
X-Powered-Y