Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
Keep-Alive
X-Kinja-Server-Push
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
X-UA-Device
X-Hacker
Request-Context
X-Ws-Request-Id
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
Content-Location
X-Origin-Cache
X-OneAgent-JS-Injection
X-Response-Time
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HW
X-DataDome
X-Application-Context
NEL
Fusion-Template-Id
X-ORACLE-DMS-RID
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
Rating
X-Rack-Cache
Pinterest-Generated-By
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-DynaTrace
X-Varnish-TTL
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
Accept-Ch
X-TTL
X-FTR-Request-ID
Verso
X-ESI
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
X-Forwarded-Proto
Accept-Ch-Lifetime
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
X-Exp-Id
X-Exp-Variant
X-Use-Magma
Edge-Cache-Tag
X-GoogleNews-Bot
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
RTSS
X-Px
Ar-Sid
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Powered-CMS
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
X-Server-Name
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Middleton-Display
X-Sol
Display
Pagespeed
X-Middleton-Response
Response
X-Navigation-Version
X-Pinterest-Rid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Pinterest-Version
X-Trace
X-SharePointHealthScore
TCN
X-VARITI-CCR
Realpath
X-Cdn
Public-Key-Pins
Cache-Tag
X-Fastcgi-Cache
Access-Control-Request-Method
X-Client-IP
S
X-Upstream
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
X-Ser
MS-Author-Via
X-Shard
SPRequestDuration
SPIisLatency
X-Id
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
X-Forwarded-For
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Content-Type
Nginx-Cache
X-Amz-Meta-S3cmd-Attrs
X-T
X-Amzn-Trace-Id
X-Recruiting
Front-End-Https
X-Grace
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Node-Name
X-Element-Page-Cache
X-Content-Digest
X-Goog-Metageneration
Powered
X-HS-Combine-CSS
X-Frontend
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-HS-Hub-Id
X-Goog-Storage-Class
X-HS-Content-Id
X-Goog-Generation
X-HS-Cache-Config
X-Goog-Stored-Content-Length
Server-Name
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-Edge-O15-RID
Alternate-Protocol
X-Logged-In
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Realm
X-FTR-DC
TP-Cache
TP-L2-Cache
Server-Node
X-Correlation-Id
X-Cache-TTL
X-Webkit-Csp
X-Webapp-Samesite-None-Activated-N
X-XRDS-Location
X-Shield-Request-Id
X-Request-Processing-Time
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
Nel
X-Server-ID
Upgrade-Insecure-Requests
X-Jurisdiction
Refresh
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Content-Options
X-Page-Id
X-User-Agent
X-Rid
X-Akamai-Edgescape
X-Revision
X-Varnish-Grace
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
Backend-Timing
X-ATS-Timestamp
X-F-Cache
X-Type
X-XRDS-LOCATION
Fastly-Restarts
X-Pad
X-Content-Powered-By
X-Geo-Country
X-URL
X-Analytics
X-Az
X-AppVersion
X-Activity-Id
X-N
X-Zen-Fury
X-LB-Cache
X-B3-Sampled
X-B
X-RateLimit-Remaining
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-FTR-Cache-Host
X-Cache-Age
PB-RID
PB-PID
X-TT
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Request-Guid
X-Jobs
Arc-Version
DC
X-Framework
X-Instance
X-Tumblr-Pixel-0
X-App-Environment
Paypal-Debug-Id
X-Tumblr-Pixel
Actual-Object-TTL
X-Tumblr-User
X-Mobile-Rewrite
Access-Control-Allow-Method
X-Debug-Info
X-Signature
X-B-Cache
Cache-Status
X-FB-Debug
X-PHP-Backend
X-CST
X-Load-Cache
X-Cache-Action
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Surrogate-Key
Fastcgi-Useragent
X-Git-Hash
X-Varnish-Backend
X-Ttl
X-FastCGI-Cache
FilterID
Host-Header
X-Time
X-Tt-Trace-Tag
X-Cached-By
X-IPLB-Instance
MS-CV
X-Contextid
X-SS-Set-Cookie
X-Amz-Replication-Status
X-Cluster
X-Tt-Trace-Host
Accept-CH
X-Cache-Key
Tracecode
X-ATG-Version
X-Srv
Frame-Options
X-Accel-Buffering
NGB
X-Response-Served-From
X-B3-Traceid
WPE-Backend
X-Varnish-Server
Eomportal-Instance
Payment
Source
Filters
X-Adobe-Loc
X-RequestSource
X-Tumblr-Pixel-1
X-FW-Type
X-Cache-2
Xserver
X-WA-Info
X-IPS-LoggedIn
X-Varnish-Hostname
Cache-Tv-Group
X-Adobe-Content
X-Tumblr-Pixel-2
X-FW-Server
X-FW-Serve
Host
X-Cache-Enabled
X-GeoIP
X-FW-Static
X-Region
X-FW-Hash
X-Cacheable-TTL
X-Cache-NE
X-Is-Bot
X-Mobile
X-Host-Name
X-Rendered-As
X-TX-ID
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
Cleartype
X-Kong-Upstream-Latency
X-Seen-By
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Cache-Operation
X-Cache-Rule
Cache
X-Hostname
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-Via-JSL
X-Origin-Response-Time
Healthy
Accept-CH-Lifetime
X-VCache
X-Cache-Control
X-Cache-TTL-Remaining
X-PressLabs-Stats
X-HTML-Minification-Powered-By
Datacenter
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Retry-After
X-RemovedCookies
Server-Info
X-ProcessESI
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-Rule
X-Dc
X-Presslabs-Stats
X-Cache-Server
From-Origin
Version
X-UA
Liferay-Portal
X-Esi
X-Wix-Request-Id
X-CACHE-KEY
X-Status
X-Source
X-L-Path
X-Environment-Context
X-FireWall-Port
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-NWS-LOG-UUID
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
Selected-Fe
X-Timing-Wait
OT-Force-Account-Verify
X-Proxy-Build
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-UUID
X-Shopify-Stage
X-EIG-Tracking-Id
X-Storage
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Handled-By
X-ShardId
X-Backend-Name
X-Shopify-Generated-Cart-Token
X-ShopId
X-Hyper-Cache
X-Alternate-Cache-Key
X-Content-Age
X-Tb
Decoy-Debug-TTL
Webcakes-Region
X-Human
Webcakes-App-Name
Webcakes-App-Version
X-JoinUs
X-Hosted-By
TWC-Privacy
L5d-Success-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Yottaa-Metrics
X-Yottaa-Optimizations
Ec-Rule-Version
TWC-Locale-Group
X-Hl-Ver
X-AWS-Id
X-Origin-Hint
Decoy-Debug-Key
X-Debug-Cache
X-Akamai-Request-ID2
X-Cache-Host
X-BYPASS-REASON
X-Cache-Config
X-LJ-Flow-ID
X-FW-Dynamic
Origin-Cache-Control
X-OCL
X-Generated-By
Origin-Edge-Control
X-FC-Vary-Parameters
Decoy-Debug-Status
X-Akamai-Request-ID
TWC-Device-Class
Akamai-GRN
X-ServerID
Now
Azure-InstanceId
X-VWS-Id
Azure-RegionName
X-SaId
X-Web-Node
S-Rt
NGX
X-Time-Microsecs
X-Soup
Node
X-Vgn-Hpd-Reason
X-Viewer-Country
DB-Nickname
X-Redis-Cache
Azure-SiteName
X-Section
TWC-Connection-Speed
X-Proxy
X-Access
X-Request-Time
X-PCL
Property-Id
X-Format
X-ProxyCache-Status
Azure-SlotName
X-Pubstack
Azure-Version
Cache-Tags
X-Origin
X-ProxyCache-Key
X-BCube-Filmed-By
X-Say-Cacheable
Mn-Server-Ip
X-Www-Served-By
X-Varnish-Hits
X-Cluster-Node
X-Xfnlog-Site
X-Qloud-Router
X-Proxy-Cache-Status
X-Site-Version
X-SayCDN-TTL
X-IP
X-Generated
X-Locale
X-MP-GENERATED-AT
X-Say-TTL
X-NYM-Debug-Backend
X-CCM
X-RCS-CacheZone
Cache-Name
X-Detected-As
X-Loop
Webserver
X-App-Server
X-FB-TRIP-ID
Cross-Origin-Window-Policy
X-Amzn-Remapped-Content-Length
X-TNCMS
Viewport
Uber-Trace-Id
X-CS
Srv
X-R9-Blue-Green-Version
X-APP-VERSION
VIX-Pulpo-Upstream-Status
Time
VIX-Pulpo-Node
X-Akamai-Transformed
X-NCache
Accept-Charset
X-Drupal-Cache-Tags
X-Unique-Id
X-Cache-Remote
X-From
GEO-INFO
X-UA-Device-Type
X-TT-TIMESTAMP
X-Edge-Location
X-Cluster-Name
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
Cache-Key
X-EC-Lua
X-Backend-TTL
Country
Accept-Language
X-CDN-Forward
X-Mode
Odigeo-Trace-Id
Mime-Version
X-Microcachable
X-Newrelic-Synthetics
X-CLOUD-TRACE-CONTEXT
Ohc-Cache-HIT
X-B3-Spanid
Rt-Fastcgi-Cache
Ohc-File-Size
X-Geo
X-No-Session
X-Forwarded-Host
X-Info
Proxy-Connection
X-UPSTREAM-Address
X-Labrador-Cache-Channel
X-PHP-Host
X-Magnolia-Registration
X-Zipkin-Id
Content-Disposition
X-App-Version
Geo-Info
X-Varnish-Cache-Hits
X-Proxied
X-Routing-Service
X-UnsetCookies
X-Real-IP
X-Whom
X-ApacheServer
ServedBy
X-Cache-Time
Fastly-SSL
X-PERF
Cf-Ipcountry
Viewtype
X-ScT
X-GeoIP-Country-Code
X-Geo-Header
X-S-Cookie
X-S
Xc-Version
Machine
X-A
X-Vdms-Version
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dgt
X-Region-Sid
X-A-Ccd
X-A-Dam
X-A-Dcw
MD5-Digest
T-Server
Powered-By
BehaviorPad-Version
AsisCache
X-DPWN-IS-SECURE
X-G
Content-Script-Type
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-Destination
X-Rewrite-Enabled
X-SRCache-Key
X-Rojux
X-VG-WebCache
GEO-REGION-INFO
X-Request-UUID
X-External-Request-Id
Fastcgi-X-Cache-Version
Content-Style-Type
VivaBuild
X-Trv-Group
X-ARC
X-B-Cookie
X-Session-Fingerprint
X-Twitter-Response-Tags
X-Vtex-Remote-Cache
X-Application
X-Connection-Hash
X-D
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Date
X-Vtex-Processado-Em
X-VG-WebServer
X-Transaction
Access-Control-Request-Headers
User-Cache-Control
X-Device-Type
X-Logging-Id
X-Cache-Backend
X-TrackingId
IsBot
X-Cache-Debug
X-CUA
X-Via-Fastly
Server-Surrogate-Control
X-Cache-ASPX
X-Sigma-Backend
X-VC-Cache
X-Auto-Login
X-WebServer
Gh-Request-Id
X-SIPLIST1
X-Sigma
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Bip
X-VG-TLSProxy
Server-Cache-Control
X-Rocket-Build-Number
Environment
X-Tumblr-Pixel-3
X-Thanos
W
X-Uri
X-C
X-Distributor
Memcached
Mail-Subject
X-VServer
X-SVT-ORM-VERSION
X-Wikidot-Static-Cache
Locale
X-Distil-CS
X-Eu-Site
X-Epic-Correlation-Id
X-Clara-WADP
X-Clientip
X-Cms-Context
X-CGP
X-Cache-Info
X-Webstats-RespID
We-Hiring
Fastly-Soc-X-Request-Id
V-Age
X-Debug-Cache-Expiry
X-WADP-Cache
Web-Mar-Node
X-BBXSRF
X-Agile-Id
X-Agile-Age
X-AK-Request-ID
X-We-Are-Hiring
X-Backend-State
X-Request-URI
True-Client-Country-4JS
Section-Io-Cache
X-Debug-Log
Fastly-Backend-Name
X-Dispatcher-Server
Request-Country
Request-EU
X-Agile
X-Cache-Bucket
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Block-Status
Server-ID
X-Cdn-Srv
X-Gen-Mode
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Req
X-Instart-Isnd
X-TH-Server
X-Render-Time
X-Key
X-Irp-Debug
X-Hnp-Log
X-Hit
X-Fastly-Cache
X-Proxy-Upstream
X-Urbn-Context-Path
X-NGENIX-Cache
X-GoCache-CacheStatus
X-Swa-Ws
X-Hash
Apple-News-Services-Request-Url
X-Nginx-Cache-Key
X-Developers
X-Ms-Request-Id
X-Sucuri-Cache
X-User
X-Ms-Version
X-NodeID
X-TT-LOGID
X-Origin-Expires
X-NX-Host
X-Trace-Id
X-Location
X-OVcl-Cache
X-Owner
X-Li-Fabric
X-OVcl
X-App-Name
X-LI-UUID
X-LI-Proto
X-Li-Pop
X-Core-Mission
X-Wikidot-Backend
Apple-News-Services-Handled
RNT-Machine
X-Generated-In
RNT-Time
X-Cache-URL
X-FW-Version
X-RateLimit-Remaining-Second
X-Urbn-Site-Id
AKAMAI
X-Origin-Date
Cdnsip
Country-Code
HA-Ipaddr
Cdncip
CDCHOST
Locid
X-Gamma-Serve
Ha-Gx-Prefs
ServerName
X-Varnish-Beresp-Status
Kp-EeAlive
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
FNAC-ModuleRouting
X-GeoIP-City
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-SVT-ORM-RULES
Wxu-Next-Region
Wxu-Next-Commit
Server-Int
IBM-Web2-Location
Wxu-Next-Hostname
X-Generation-Time
Countrycode
X-RateLimit-Limit-Second
X-B3-Parentspanid
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-Level-Front-Cache
X-Has-Esi
X-Platform-Server
X-Core-Value
X-Generated-On
X-JWT-State
X-Is-Gdpr
X-Matched-Rule
Cache-Host
X-Reboot
X-Internal-Host
Heartbleed
Is-Eu
X-Rebelmouse-Cache-Control
Fastly-SWR
X-Micro-Cache
Adler-Geo
X-Up
X-Service
X-S-Maxage
X-Azure-Ref
X-ServiceProvider
X-Trafficlayer-App-Version
X-Rebelmouse-Surrogate-Control
PFcat
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Cache-Tags
Server-Host
Thinkindot-CacheControl
Fastly-SIE
X-Variation
Platform
X-Thinkindot-L3
X-Nginx-Cache
HitType
X-TA-CDN-Provider
X-Server-W
X-Daa-Tunnel
Cache-Hits
X-Refresh
X-SERVER
X-Response-By
X-NC
X-Servername
X-Server-IP
X-Lb-Id
X-Fetched-On
RequestId
X-B3-SpanId
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-TOKEN
X-Parent-Response-Time
X-CF-Powered-By
X-Cdn-Forward
X-Nc
X-Tec-Api-Version
X-Tec-Api-Root
Media-Length
Memory
X-Tec-Api-Origin
ProcessTime
X-Cdn-Request-ID
X-Ua
Origin
X-Air-Hostname
User-Agent
X-BACKEND-TTL
X-Pjax-Url
X-Wa
X-Var-Ttl
X-CSRF-Token
X-Cache-Expired-At
Pragrma
Group
X-Pf-Uncompressing
Filterid
X-Correlation-ID
X-TIME
X-Unique-ID
X-Reqid
Geoip-Latitude
X-Sucuri-Id
Esi-Enabled
X-AIR-PT
TTL
X-Planisys-CDN-TTL
X-Vcl-Version
S-Cnection
X-Policy
GeoIp-Country-Code
SRV
Powered-By-ChinaCache
X-Planisys-CDN-Rules
X-COUNTRY
X-Planisys-CDN-Cache
X-Sucuri-ID
X-NGINX-Cache
X-Request-Start
PICS-Label
X-Servedbyhost
SN
X-Rocket-Nginx-Bypass
HostName
X-Webkit-CSP
X-Varnish-Cacheable
X-Azure-Ref-OriginShield
Rt-Proxy-Cache
X-Litespeed-Cache
M-TraceId
X-Via-Ucdn
X-HS-Status
XServer
X-Via-CDN
X-Method
Magicmarker
Geoip-City
Load-Balancing
X-FORWARDED-FOR
X-NWS-UUID-VERIFY
Tcn
X-Developer
Dnion-Transfer-Encoding
X-Fastly-Country-Code
X-Sn-Servicetimems
X-Cdn-Origin
X-Device-Os
X-LAGOON
Who
X-Node-Id
X-Cache-Grace
DSUID
Ohc-Response-Time
X-Cache-Ttl
Resin-Trace
X-VHOST
X-Ftr-Cache-Host
Release
X-Ocache
NtCoent-Length
X-MServer
X-VCT
Cdn
CF-Cached-On
On-Server
X-Svr
X-ServedByHost
X-Be
A
X-VCL-Version
Pics-Label
MIME-Version
GeoIP-Country-Code
X-APP
X-Hp-Ccpa-Warning
X-MSEdge-Flight
X-Bc
X-Zone
X-Request-Host
X-MSEdge-Features
Vix-Hermes-Req-Id
X-DC
X-Newrelic-App-Data
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-VarnishDD-TTL
GeoIP-Latitude
Cteonnt-Length
Ttl
X-Oracle-Dms-Rid
X-Varnish-URL
Cloudfront-Viewer-Country
X-Beluga-Trace
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Node
X-Fastly-Backend-Reqs
X-Beluga-Status
GeoIP-City
X-Configured-By
X-WR-MODIFICATION
X-LiteSpeed-Cache-Control
X-Cache-Status-Check
SD-X-WS
X-SD-PageType
Hostname
X-Varnish-Url
X-PF-Uncompressing
X-Varnish-Ttl
X-PJAX-URL
X-SERVER-NAME
X-Ratelimit-Remaining
X-SN
X-SRV
Host-ID
X-Ftr-Request-Id
X-Tid
X-Cache-Id
X-Upstream-Ct
X-Compress-Hint
X-Upstream-Ht
X-HostName
X-Dynatrace
Processtime
X-Aicache-OS
X-Release
X-BE
L
X-Via-NSCOPI
X-Dynatrace-Js-Agent
CDN
LB
X-Slack-Backend
X-Scheme
Cache-Provider
X-ID
X-LB-ID
CACHE
X-Fastly-Cache-Hits
X-Swift-Error
X-Ratelimit-Limit
X-Frame-Option
Amp-Access-Control-Allow-Source-Origin
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-ServerName
X-Ftr-Backend
Servername
CF-IPCountry
X-StackifyID
Pagetype
X-Ftr-Balancer
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-Action
X-DB
X-DI
X-Ftr-Backend-Server
UCS
X-Snapshot-Date
X-Ftr-Dc
X-Ftr-Realm
X-Branch-Name
Lfy
Cache-Cookie-Set-From
Dynatrace
Requestid
X-CACHE-AGE
X-SB
Warning
X-VC
WebServer
X-Skip-Cache
X-Cc-Req-Id
X-Apw-Access-Token
X-Apw-Hits
X-Server-Time
X-Apw-Access-Object
X-Apw-Access-Action
X-Node-ID
X-Cc-Via
D-Cc-Upstream
X-Dispatch
X-ZONE
V-Cache
X-Fastly-Cache-Status
X-PAYTM-SRV-ID
Arc-Country
X-FPC
Proxy-Firewall
X-Edge-IP
X-Cache-FS-Status
X-Varnish-Beresp-TTL
X-Processor
NnCoection
X-Hello
X-Flog
Pramga
X-ABtesting
CloudFront-Viewer-Country
X-App
Backend-Name
Correlation-Id
Lb
X-Litespeed-Cache-Control
WZWS-RAY
X-BC
X-Worker
X-Powered-Y
X-Request-URL
X-ElasticPress-Search
WP-Super-Cache
X-Request-Url
X-Check-Cacheable