Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Cache-Group
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
Report-To
X-Server-Id
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
Content-Location
X-Response-Time
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HW
X-Application-Context
X-DataDome
X-ORACLE-DMS-RID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-DynaTrace
X-Varnish-TTL
Accept-Ch
X-Country-Code
X-Instart-Request-ID
Allow
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-ESI
Verso
X-TTL
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
Edge-Cache-Tag
RTSS
X-Px
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
X-NF-Request-ID
SPRequestGuid
Charset
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Vcache
X-Vcap-Request-Id
Display
X-Middleton-Display
X-Navigation-Version
X-Sol
Pagespeed
X-Middleton-Response
Response
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-SRCache-Store-Status
X-TEC-API-ROOT
X-SRCache-Fetch-Status
TCN
X-SharePointHealthScore
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
X-Cdn
Cache-Tag
X-Client-IP
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Upstream
X-DynaTrace-JS-Agent
X-Ser
MS-Author-Via
X-Shard
SPRequestDuration
SPIisLatency
X-Id
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
X-Forwarded-For
Nginx-Cache
X-Content-Type
X-T
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Amzn-Trace-Id
X-Amz-Meta-S3cmd-Attrs
X-Grace
X-Recruiting
Front-End-Https
Fastcgi-Cache
X-Hits
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Edge-O15-RID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
Powered
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
Nel
Server-Name
Alternate-Protocol
X-FTR-Backend-Server
X-FTR-Realm
X-Logged-In
X-FTR-DC
X-FTR-Backend
X-FTR-Balancer
TP-L2-Cache
TP-Cache
X-Cache-TTL
Server-Node
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-Request-Processing-Time
X-Webkit-Csp
X-Request-Received
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Webapp-Samesite-None-Activated-N
X-Jurisdiction
Upgrade-Insecure-Requests
X-Origin-Server
X-Content-Options
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Revision
X-Rid
X-Akamai-Edgescape
Refresh
X-Varnish-Grace
X-ATS-Timestamp
X-User-Agent
Backend-Timing
X-Cache-Hit
X-F-Cache
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Server-ID
X-Type
X-XRDS-Location
Fastly-Restarts
X-Pad
X-Geo-Country
X-Content-Powered-By
X-Zen-Fury
X-AppVersion
X-Az
X-LB-Cache
X-B3-Sampled
X-Activity-Id
X-N
X-B
X-Analytics
X-URL
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-RID
PB-PID
X-Ttl
X-TT
X-Cache-Age
X-AOL-HN
Paypal-Debug-Id
X-CST
X-Tumblr-User
X-App-Environment
X-Mobile-Rewrite
X-WebKit-CSP-Report-Only
X-Jobs
Arc-Version
X-Tumblr-Pixel
X-Ruxit-Js-Agent
X-Instance
X-Tumblr-Pixel-0
X-Request-Guid
X-Framework
DC
Actual-Object-TTL
Cache-Status
X-FB-Debug
Access-Control-Allow-Method
X-PHP-Backend
X-Signature
X-B-Cache
X-Debug-Info
X-Load-Cache
X-Cache-Action
X-Git-Hash
X-Varnish-Backend
Fastcgi-Useragent
Surrogate-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
FilterID
X-Time
Host-Header
X-Cached-By
X-Tt-Trace-Tag
X-IPLB-Instance
X-FastCGI-Cache
X-Contextid
X-Amz-Replication-Status
MS-CV
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-ATG-Version
X-Cache-Key
X-Srv
Tracecode
X-Accel-Buffering
X-Response-Served-From
NGB
Frame-Options
WPE-Backend
X-VCache
X-Varnish-Server
Eomportal-Instance
Source
Payment
X-Tumblr-Pixel-1
X-WA-Info
X-Varnish-Hostname
Host
X-Cache-2
X-Cache-NE
Cache-Tv-Group
Filters
X-Cacheable-TTL
X-GeoIP
X-Cache-Enabled
X-Adobe-Loc
X-IPS-LoggedIn
X-Adobe-Content
X-FW-Hash
X-Tumblr-Pixel-2
X-FW-Static
X-Region
X-FW-Server
X-FW-Serve
X-RequestSource
X-FW-Type
X-Mobile
X-Host-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Is-Bot
X-Rendered-As
Cleartype
X-TX-ID
X-Seen-By
Xserver
X-NewRelic-App-Data
X-Cache-Operation
X-Cache-Rule
X-Oneagent-Js-Injection
X-EdgeConnect-Cache-Status
X-Hostname
X-Via-JSL
X-Trafficlayer-App-Name
X-Origin-Response-Time
X-Trafficlayer-App-Scope
Cache
X-Cache-TTL-Remaining
Healthy
X-Presslabs-Stats
X-Cache-Control
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Datacenter
X-HTML-Minification-Powered-By
X-Dc
Retry-After
X-RemovedCookies
Server-Info
X-ProcessESI
Ms-Operation-Id
X-RTag
X-B3-Traceid
X-UA
Accept-CH
X-Rule
Liferay-Portal
X-Cache-Server
X-NWS-LOG-UUID
X-RateLimit-Limit
X-PressLabs-Stats
Version
X-Wix-Request-Id
X-L-Path
X-FireWall-Port
X-Status
X-Environment-Context
From-Origin
X-Source
X-Upgrade-Enabled
X-CACHE-KEY
X-Endurance-Cache-Level
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
Meta-Geo
X-Handled-By
X-RN-RSRV
X-ES-SERVER
X-Proxy-Build
X-Timing-Wait
Selected-Fe
OT-Force-Account-Verify
X-Hyper-Cache
X-UUID
X-Proto
Accept-CH-Lifetime
X-ShardId
X-EIG-Tracking-Id
X-Backend-Name
X-Alternate-Cache-Key
X-Content-Age
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
Origin-Cache-Control
Node
NGX
Origin-Edge-Control
X-Human
X-JoinUs
S-Rt
X-Section
Ec-Rule-Version
X-Generated-By
X-Hosted-By
X-FC-Vary-Parameters
X-Proxy
X-Cache-Host
X-Origin
X-Hl-Ver
X-SaId
Azure-SlotName
Property-Id
Azure-RegionName
Azure-InstanceId
Webcakes-Region
X-FW-Dynamic
X-Format
TWC-Privacy
X-Request-Time
Azure-Version
TWC-Locale-Group
X-Origin-Hint
X-Web-Node
X-Vgn-Hpd-Reason
TWC-Connection-Speed
Webcakes-App-Name
X-Qloud-Router
Azure-SiteName
Akamai-GRN
X-Redis-Cache
X-Access
X-Tb
TWC-GeoIP-Country
TWC-Device-Class
X-Akamai-Request-ID
X-Soup
Webcakes-App-Version
TWC-GeoIP-LatLong
X-ServerID
X-Debug-Cache
X-CCM
X-BYPASS-REASON
X-Akamai-Request-ID2
Now
X-BCube-Filmed-By
X-VWS-Id
X-RCS-CacheZone
X-Cache-Config
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
DB-Nickname
X-AWS-Id
X-OCL
X-Time-Microsecs
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-Locale
Mn-Server-Ip
X-PCL
X-Site-Version
X-ProxyCache-Status
X-Say-Cacheable
X-Say-TTL
X-ProxyCache-Key
X-SayCDN-TTL
X-Generated
X-Yottaa-Metrics
X-LJ-Flow-ID
X-Yottaa-Optimizations
X-Www-Served-By
X-Pubstack
Cache-Tags
X-IP
X-App-Server
X-Varnish-Hits
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
X-Cluster-Node
X-TNCMS
X-Loop
X-Proxy-Cache-Status
X-Detected-As
L5d-Success-Class
X-APP-VERSION
X-Storage
X-Viewer-Country
Cross-Origin-Window-Policy
Cache-Name
X-R9-Blue-Green-Version
GEO-INFO
X-Xfnlog-Site
Viewport
Uber-Trace-Id
X-CS
Accept-Charset
Time
VIX-Pulpo-Upstream-Status
X-Akamai-Transformed
VIX-Pulpo-Node
X-Unique-Id
X-NCache
Webserver
Srv
X-Drupal-Cache-Tags
X-Cache-Remote
X-From
X-Esi
X-UA-Device-Type
X-Edge-Location
X-TT-TIMESTAMP
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Backend-TTL
X-Origin-TTL
Cache-Key
X-Origin-CC
X-EC-Lua
X-CDN-Forward
Mime-Version
Country
Accept-Language
X-Mode
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-B3-Spanid
X-Microcachable
Ohc-File-Size
Rt-Fastcgi-Cache
Ohc-Cache-HIT
X-Forwarded-Host
X-Info
X-CLOUD-TRACE-CONTEXT
X-Whom
X-Geo
X-No-Session
X-Magnolia-Registration
X-UPSTREAM-Address
X-Routing-Service
X-Proxied
X-Labrador-Cache-Channel
Proxy-Connection
X-UnsetCookies
X-PHP-Host
X-Zipkin-Id
ServedBy
X-Real-IP
Content-Disposition
X-Varnish-Cache-Hits
Fastly-SSL
X-PERF
X-ApacheServer
X-Cache-Time
T-Server
AsisCache
Rendered-Blocks
Viewtype
Content-Script-Type
X-Device-Type
MD5-Digest
Content-Style-Type
Fastcgi-X-Cache-Version
GEO-REGION-INFO
BehaviorPad-Version
Machine
Mobile-Detection-Method
Meta-Geo-Continent
Powered-By
X-B-Cookie
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-S
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-SRCache-Key
X-Transaction
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-GeoIP-Country-Code
X-Geo-Header
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dgt
X-A-Dcw
X-A
X-A-Ccd
X-A-Dam
X-Application
X-ARC
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Destination
X-Date
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
VivaBuild
X-D
X-Litespeed-Cache
X-App-Version
Cf-Ipcountry
Access-Control-Request-Headers
X-Tumblr-Pixel-3
X-VC-Cache
X-Varnish-Authentication
X-VG-TLSProxy
X-Cache-Backend
X-Uri
IsBot
Environment
Gh-Request-Id
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-Bip
X-Logging-Id
X-Rocket-Build-Number
X-Contensis-Viewer-Groups
X-Auto-Login
X-Sigma
X-Via-Fastly
X-Thanos
W
X-Sigma-Backend
X-CUA
X-TrackingId
X-SIPLIST1
X-C
X-NGENIX-Cache
ServerName
User-Cache-Control
X-Request-URI
X-App-Name
Apple-News-Services-Request-Url
X-Agile-Id
X-Agile
X-Agile-Age
X-Backend-State
X-BBXSRF
X-Cdn-Srv
X-CGP
X-Cache-Info
X-Cache-Debug
X-Cache-Bucket
X-Clientip
X-Sucuri-Cache
True-Client-Country-4JS
X-OVcl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-TT-LOGID
Section-Io-Cache
X-Trace-Id
X-Wikidot-Static-Cache
X-SVT-ORM-RULES
X-Render-Time
X-Swa-Ws
Apple-News-Services-Host
Apple-News-Services-Handled
X-TH-Server
Apple-News-Services-Parsed-Url
X-Debug-Cache-Fetch
X-Irp-Debug
X-Key
X-Li-Fabric
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Owner
X-IN-APIGATEWAY
X-Li-Pop
X-LI-Proto
X-Origin-Date
X-Origin-Expires
X-NX-Host
X-OVcl-Cache
X-LI-UUID
X-Location
X-Hit
X-Hash
X-Dispatcher-Server
X-Distil-CS
X-Distributor
X-Debug-Log
X-Debug-Cookies
X-Varnish-Beresp-Ttl
X-Debug-Cache-Store
X-Epic-Correlation-Id
X-Eu-Site
X-GeoIP-City
X-GoCache-CacheStatus
X-Generation-Time
X-Gamma-Serve
X-Fastly-Cache
X-FW-Version
X-Debug-Cache-Expiry
X-SVT-ORM-VERSION
X-Webstats-RespID
X-Nginx-Cache-Key
X-Cache-URL
Memcached
AKAMAI
HA-Ipaddr
Fastly-Backend-Name
Countrycode
Fastly-Soc-X-Request-Id
Kp-EeAlive
X-Wikidot-Backend
IBM-Web2-Location
X-Developers
Heartbleed
Ha-Gx-Prefs
X-User
Wxu-Next-Commit
Wxu-Next-Hostname
X-VServer
Wxu-Next-Region
X-We-Are-Hiring
Server-Int
X-Core-Mission
Request-Country
Request-EU
X-WebServer
X-Tec-Api-Version
X-Tec-Api-Root
Geo-Info
X-B3-Parentspanid
X-Tec-Api-Origin
Cdncip
Cdnsip
Country-Code
X-Core-Value
X-Cms-Context
Fastly-SIE
X-RateLimit-Limit-Second
X-Hnp-Log
X-Micro-Cache
X-Has-Esi
X-Platform-Server
RNT-Machine
RNT-Time
X-Level-Front-Cache
X-JWT-State
X-Is-Gdpr
X-Proxy-Upstream
Locid
X-RateLimit-Remaining-Second
Fastly-SWR
X-Reboot
Cache-Host
FNAC-ModuleRouting
X-Clara-WADP
X-Generated-On
X-Generated-In
X-Gen-Mode
CDCHOST
X-Matched-Rule
Web-Mar-Node
We-Hiring
X-Internal-Host
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-NodeID
Locale
X-WADP-Cache
X-Ms-Version
Mail-Subject
V-Age
X-Thinkindot-L3
X-Trafficlayer-App-Version
Server-ID
Server-Host
X-Up
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Urbn-Site-Id
PFcat
X-Urbn-Context-Path
Thinkindot-Control
X-Req
X-Daa-Tunnel
X-Ms-Request-Id
X-Service
X-Rebelmouse-Cache-Control
X-Azure-Ref
X-Block-Status
X-Cache-Tags
X-S-Maxage
X-Rebelmouse-Surrogate-Control
X-AK-Request-ID
X-TA-CDN-Provider
HitType
X-Server-W
X-Response-By
Platform
X-Lb-Id
X-Variation
X-ServiceProvider
Is-Eu
Adler-Geo
X-Refresh
Cache-Hits
X-CACHE-GROUP
X-SERVER
X-Fetched-On
X-Servername
X-NC
X-Nc
X-Nginx-Cache
RequestId
X-Server-IP
X-Tb-Optimization-Total-Bytes-Saved
X-B3-SpanId
X-Parent-Response-Time
Memory
X-Cdn-Forward
X-CF-Powered-By
Media-Length
X-CSRF-Token
ProcessTime
X-Cdn-Request-ID
X-CSRF-TOKEN
X-Wa
Origin
X-Pjax-Url
User-Agent
X-BACKEND-TTL
X-Cache-Expired-At
X-Var-Ttl
Geoip-Latitude
X-Air-Hostname
X-Pf-Uncompressing
SRV
X-NGINX-Cache
Filterid
Pragrma
Group
TTL
GeoIp-Country-Code
X-Ua
X-TIME
X-Unique-ID
X-Correlation-ID
X-AIR-PT
Esi-Enabled
X-Rocket-Nginx-Bypass
S-Cnection
X-Sucuri-Id
Powered-By-ChinaCache
X-Vcl-Version
X-Reqid
X-Sucuri-ID
X-Planisys-CDN-Rules
X-COUNTRY
X-Policy
PICS-Label
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Varnish-Cacheable
X-Request-Start
HostName
X-Servedbyhost
Rt-Proxy-Cache
X-Azure-Ref-OriginShield
SN
M-TraceId
Geoip-City
XServer
X-Webkit-CSP
X-HS-Status
X-Fastly-Country-Code
X-Via-Ucdn
Dnion-Transfer-Encoding
X-Via-CDN
X-Method
Magicmarker
X-NWS-UUID-VERIFY
X-Developer
X-FORWARDED-FOR
Load-Balancing
X-Ocache
X-Cdn-Origin
X-Sn-Servicetimems
Resin-Trace
Tcn
X-Node-Id
X-Cache-Grace
X-Device-Os
Ohc-Response-Time
DSUID
X-LAGOON
X-Cache-Ttl
Who
X-ServedByHost
Release
X-VHOST
X-Ftr-Cache-Host
X-MServer
CF-Cached-On
NtCoent-Length
Cdn
X-MSEdge-Flight
On-Server
X-Be
A
X-VCT
X-Svr
X-MSEdge-Features
X-Request-Host
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
Vix-Hermes-Req-Id
X-Hp-Ccpa-Warning
Cloudfront-Viewer-Country
X-Bc
X-APP
X-Zone
Pics-Label
MIME-Version
X-Ratelimit-Remaining
X-VCL-Version
GeoIP-Country-Code
X-Fastly-Backend-Reqs
X-LiteSpeed-Cache-Control
X-Cache-Status-Check
Cteonnt-Length
X-Oracle-Dms-Rid
Hostname
GeoIP-Latitude
Ttl
X-VarnishDD-TTL
X-Varnish-Url
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
X-Configured-By
X-Beluga-Trace
X-DC
Host-ID
SD-X-WS
GeoIP-City
X-PF-Uncompressing
X-Newrelic-App-Data
X-Varnish-URL
X-SD-PageType
X-Varnish-Ttl
X-WR-MODIFICATION
X-Upstream-Ht
X-SN
WebServer
X-Upstream-Ct
X-Ftr-Request-Id
X-PJAX-URL
X-Cache-Id
X-Compress-Hint
X-SRV
X-Tid
X-HostName
Processtime
X-Dynatrace
X-Ratelimit-Limit
X-BE
X-Slack-Backend
X-Release
X-Aicache-OS
L
X-Via-NSCOPI
CF-IPCountry
X-Dynatrace-Js-Agent
CACHE
X-Scheme
Cache-Provider
X-DB
X-RPM
X-Swift-Error
X-RSL
X-ID
X-DW
X-RPS
LB
X-DSS
X-Action
X-DI
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
X-Processor
X-Skip-Cache
X-Server-Time
Arc-Country
Pramga
X-StackifyID
X-Cache-FS-Status
X-Dispatch
X-FPC
X-PAYTM-SRV-ID
X-LB-ID
Cache-Cookie-Set-From
X-Ftr-Dc
Cache-Cookie-Set-Idcheck
X-Ftr-Realm
Servername
Lfy
X-Fastly-Cache-Hits
X-Ftr-Backend-Server
Cache-Cookie-Set-Lfrom
X-Ftr-Balancer
X-ServerName
Pagetype
Dynatrace
X-Ftr-Backend
X-Branch-Name
X-Snapshot-Date
UCS
CDN
Requestid
X-CACHE-AGE
X-Cc-Via
X-Cc-Req-Id
X-ABtesting
X-DevSite-Last-Modified
X-ND-Cache
X-Varnish-Beresp-TTL
X-Hello
X-Edge-IP
D-Cc-Upstream
X-ZONE
X-Flog
Warning
X-Apw-Hits
X-Apw-Access-Token
Fastly-Drupal-HTML
X-Apw-Access-Action
X-Apw-Access-Object
X-Node-ID
Proxy-Firewall
X-VC
X-SB
V-Cache
NnCoection
X-Fastly-Cache-Status
X-Litespeed-Cache-Control
X-Check-Cacheable
WZWS-RAY
X-ElasticPress-Search
X-Worker
WP-Super-Cache
X-Request-Url
X-BC
X-App
Backend-Name
X-Request-URL
X-Powered-Y
Correlation-Id
Lb