Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
X-Ua-Compatible
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Host
X-Device
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-DataDome
X-Cache-Lookup
X-ORACLE-DMS-RID
X-Mod-Pagespeed
NEL
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
X-Ruxit-JS-Agent
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-TTL
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
Verso
X-ESI
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
Edge-Cache-Tag
Ar-Sid
AR-PoweredBy
RTSS
AR-Request-ID
AR-CACHE
AR-ATIME
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-Vcache
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
X-MSEdge-Ref
X-Sol
Pagespeed
Response
X-Middleton-Display
X-Middleton-Response
Display
X-Amz-Rid
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
Arr-Disable-Session-Affinity
X-Powered-CMS
TCN
X-Vcap-Request-Id
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Fastcgi-Cache
X-Cdn
Realpath
X-VARITI-CCR
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
MS-Author-Via
S
X-DynaTrace-JS-Agent
X-Upstream
X-Shard
SPRequestDuration
Nginx-Cache
SPIisLatency
X-Id
MRF-Tech
Mrf-Cache-Status
X-Ezoic-Cdn
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Grace
X-T
X-Amzn-Trace-Id
X-Amz-Meta-S3cmd-Attrs
Nel
X-Recruiting
DynaTrace
Front-End-Https
X-Hits
X-Edge-O15-RID
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Server-ID
X-DIS-Request-ID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Element-Page-Cache
X-Node-Name
NR-ENABLED
X-Content-Digest
X-FTR-Cache-Status
X-FTR-Expires
X-Country-Code-Real
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-Cache-TTL
X-HS-Content-Id
Powered
X-Frontend
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Jurisdiction
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
Alternate-Protocol
Server-Name
TP-Cache
TP-L2-Cache
Server-Node
X-Logged-In
X-Correlation-Id
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Upgrade-Insecure-Requests
Backend-Timing
X-Page-Id
X-Content-Options
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Amzn-RequestId
X-Rid
X-User-Agent
X-Revision
X-Akamai-Edgescape
Refresh
X-F-Cache
X-Type
X-Varnish-Grace
X-Zen-Fury
X-Shield-Request-Id
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-CST
X-LB-Cache
X-B3-Sampled
X-Webapp-Samesite-None-Activated-N
X-URL
X-B
X-AppVersion
X-Az
X-Geo-Country
X-Activity-Id
X-N
X-FTR-Cache-Host
X-Pad
PB-RID
PB-PID
X-Kinsta-Cache
Arc-Version
X-Mobile-Rewrite
Cache-Status
X-Analytics
X-RateLimit-Remaining
X-TT
X-Cache-Age
X-Webkit-Csp
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Instance
X-AOL-HN
Actual-Object-TTL
DC
X-Tumblr-User
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-App-Environment
X-Signature
X-Request-Guid
X-Time
X-B-Cache
X-Framework
Access-Control-Allow-Method
X-Cache-Action
X-FB-Debug
X-PHP-Backend
X-Load-Cache
X-Git-Hash
X-Cached-By
Surrogate-Key
X-Varnish-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Tt-Trace-Tag
Host-Header
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
FilterID
MS-CV
X-Ruxit-Js-Agent
X-SS-Set-Cookie
X-ATG-Version
X-FastCGI-Cache
X-Cluster
X-WA-Info
X-Cache-Key
Tracecode
NGB
X-Response-Served-From
X-Accel-Buffering
WPE-Backend
X-B3-Traceid
X-Mobile
Frame-Options
X-Host-Name
X-Srv
X-Varnish-Server
X-Cache-NE
Payment
X-Ttl
X-Kong-Upstream-Latency
X-FW-Server
X-FW-Hash
Xserver
X-Hostname
X-Kong-Proxy-Latency
X-Region
X-FW-Type
X-FW-Static
X-FW-Serve
X-Cache-Operation
Host
Source
X-Cache-2
X-Cache-Rule
Eomportal-Instance
X-Rendered-As
X-Varnish-Hostname
X-Cache-Enabled
X-Adobe-Content
X-Tumblr-Pixel-2
X-Is-Bot
X-IPS-LoggedIn
Filters
X-Adobe-Loc
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Cacheable-TTL
X-GeoIP
X-TX-ID
X-Via-JSL
X-ORACLE-APMCS-REQUEST-ID
X-RequestSource
X-ORACLE-APMCS-TAG
X-EdgeConnect-Cache-Status
X-Origin-Response-Time
X-NewRelic-App-Data
X-Presslabs-Stats
Cleartype
X-Seen-By
Cache
X-Cache-TTL-Remaining
Retry-After
X-VCache
Server-Info
X-NWS-LOG-UUID
Accept-CH
X-ProcessESI
X-RemovedCookies
X-HTML-Minification-Powered-By
Datacenter
X-Cache-Control
Liferay-Portal
Ms-Operation-Id
X-RTag
Healthy
X-Source
X-UA
X-Dc
X-Environment-Context
X-L-Path
X-Cache-Server
X-FireWall-Port
X-Endurance-Cache-Level
X-RateLimit-Limit
X-Upgrade-Enabled
From-Origin
X-CACHE-KEY
Accept-CH-Lifetime
X-Esi
X-App-Server
X-APP-VERSION
X-PressLabs-Stats
X-Rule
X-Handled-By
X-Status
Version
X-Wix-Request-Id
X-RN-RSRV
X-Backend-Name
X-Path-Route
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
Meta-Geo
X-Proxy-Build
X-Timing-Wait
X-Section
OT-Force-Account-Verify
Selected-Fe
X-Format
X-Tb
X-Request-Time
X-Access
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ProxyCache-Key
X-Storage
X-PCL
X-Proto
X-Origin
X-OCL
X-Human
X-Sorting-Hat-PodId
Azure-Version
Mn-Server-Ip
X-Akamai-Request-ID
Azure-SlotName
Azure-SiteName
Akamai-GRN
Azure-InstanceId
Azure-RegionName
X-Alternate-Cache-Key
X-BYPASS-REASON
X-ShopId
X-ShardId
X-EIG-Tracking-Id
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Content-Age
X-Sorting-Hat-ShopId
X-ProxyCache-Status
Cache-Tags
X-Debug-Cache
X-Cluster-Node
X-Cache-Host
X-AWS-Id
X-FC-Vary-Parameters
X-FW-Dynamic
X-Hosted-By
X-Hl-Ver
X-Generated-By
X-Akamai-Request-ID2
S-Rt
Ec-Rule-Version
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
NGX
Node
Origin-Edge-Control
Origin-Cache-Control
Now
X-Hyper-Cache
X-JoinUs
X-Time-Microsecs
X-Soup
X-ServerID
X-SaId
X-UUID
X-Vgn-Hpd-Reason
X-Web-Node
X-VWS-Id
X-Viewer-Country
X-Redis-Cache
X-Qloud-Router
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Pubstack
X-Proxy-Cache-Status
X-Proxy
DB-Nickname
X-Cache-Config
X-Yottaa-Optimizations
X-Yottaa-Metrics
Webcakes-App-Version
Webcakes-Region
X-BCube-Filmed-By
Webcakes-App-Name
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
X-CCM
Srv
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
X-Varnish-Hits
X-Say-Cacheable
X-RCS-CacheZone
Property-Id
X-IP
X-Locale
X-Origin-Hint
X-Detected-As
X-Generated
Cross-Origin-Window-Policy
X-FB-TRIP-ID
X-Xfnlog-Site
X-Loop
X-Amzn-Remapped-Content-Length
X-TNCMS
X-Oneagent-Js-Injection
GEO-INFO
X-R9-Blue-Green-Version
L5d-Success-Class
Accept-Charset
X-Akamai-Transformed
X-Www-Served-By
X-CS
X-Unique-Id
Cache-Name
X-NCache
Uber-Trace-Id
Viewport
X-Drupal-Cache-Tags
Webserver
Time
Cache-Key
X-UA-Device-Type
X-Backend-TTL
X-Cache-Remote
Mime-Version
X-CDN-Forward
VIX-Pulpo-Node
X-From
VIX-Pulpo-Upstream-Status
X-Origin-TTL
X-Drupal-Cache-Contexts
X-Cluster-Name
Accept-Language
X-Mode
X-Origin-CC
X-Forwarded-Host
Country
X-TT-TIMESTAMP
X-UnsetCookies
Odigeo-Trace-Id
X-B3-Spanid
X-Edge-Location
Rt-Fastcgi-Cache
X-Info
X-Microcachable
X-Whom
X-CLOUD-TRACE-CONTEXT
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
X-TA-CDN-Provider
X-Geo
X-Magnolia-Registration
X-ApacheServer
ServedBy
Content-Disposition
X-PERF
X-EC-Lua
X-UPSTREAM-Address
Proxy-Connection
X-NGENIX-Cache
Ohc-Cache-HIT
Ohc-File-Size
X-No-Session
X-Device-Type
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Daa-Tunnel
X-Via-Fastly
Cf-Ipcountry
Apple-News-Services-Host
X-External-Request-Id
Xc-Version
X-Vtex-Remote-Cache
X-Geo-Header
X-VG-WebServer
X-Vtex-Processado-Em
X-Region-Sid
X-G
X-Uri
X-VG-WebCache
X-GeoIP-Country-Code
Apple-News-Services-Handled
X-Destination
X-Rewrite-Enabled
X-Accel-Expires-Debug
X-Rocket-Build-Number
X-Rojux
X-Connection-Hash
X-A-Wwc
X-A-Dgt
W
X-A
X-A-Dam
X-A-Dcw
X-S
X-CF-Lambda-Version
X-Sigma
X-Session-Fingerprint
X-ScT
X-S-Cookie
X-Sigma-Backend
X-B-Cookie
X-CF-Lambda-Fn
X-Aed
X-SRCache-Key
X-Application
VivaBuild
Viewtype
Fastcgi-X-Cache-Version
X-Vdms-Version
GEO-REGION-INFO
X-DPWN-IS-SECURE
X-ARC
Content-Style-Type
Content-Script-Type
Apple-News-Services-Request-Url
AsisCache
X-VG-TLSProxy
BehaviorPad-Version
Machine
X-Date
Rendered-Blocks
T-Server
X-D
X-Transaction
X-Request-UUID
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
X-Twitter-Response-Tags
X-Trv-Group
Apple-News-Services-Parsed-Url
X-A-Ccd
X-PHP-Host
X-Labrador-Cache-Channel
HitType
X-Real-IP
X-C
User-Cache-Control
X-Hit
X-Epic-Correlation-Id
Geo-Info
Server-Cache-Control
Gh-Request-Id
Ha-Gx-Prefs
X-Render-Time
X-Cache-Debug
Server-Surrogate-Control
X-Cache-Time
Powered-By
X-Developers
X-Contensis-Viewer-Groups
X-CUA
X-Distil-CS
CDCHOST
X-CGP
Fastly-Soc-X-Request-Id
HA-Ipaddr
Environment
X-Sucuri-Cache
X-Agile-Id
Locid
X-VC-Cache
X-Varnish-Authentication
X-Agile-Age
X-WebServer
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Agile
X-App-Name
X-Auto-Login
X-Bip
X-Eu-Site
X-Logging-Id
X-SIPLIST1
X-Thanos
IsBot
X-Tumblr-Pixel-3
X-Backend-State
X-TrackingId
X-Cache-ASPX
Fastly-SSL
X-GoCache-CacheStatus
X-Cache-Backend
X-Cache-Bucket
X-Cache-URL
X-Block-Status
X-Cache-Info
X-Fastly-Cache
X-AK-Request-ID
X-Azure-Ref
X-BBXSRF
X-Fetched-On
X-Cdn-Srv
X-Distributor
X-Core-Mission
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-Debug-Log
X-Cms-Context
X-FW-Version
X-Clara-WADP
X-Clientip
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Instart-Isnd
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Server-W
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-OVcl
X-OVcl-Cache
X-Owner
X-Proxy-Upstream
X-Nc
X-Swa-Ws
X-VServer
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-User
X-Urbn-Site-Id
X-TH-Server
X-Trace-Id
X-TT-LOGID
X-Urbn-Context-Path
X-Origin-Expires
X-Origin-Date
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Irp-Debug
X-Key
X-Hnp-Log
X-Hash
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-GeoIP-City
X-Li-Fabric
X-Li-Pop
X-Varnish-Beresp-Status
X-Nginx-Cache-Key
X-NodeID
X-NX-Host
X-Ms-Request-Id
X-Micro-Cache
X-LI-Proto
X-LI-UUID
X-Location
X-Gamma-Serve
X-Ms-Version
Fastly-Backend-Name
Server-ID
Fastly-SIE
Section-Io-Cache
Server-Int
Countrycode
Cache-Host
Cdncip
Cdnsip
Country-Code
Fastly-SWR
RNT-Time
Kp-EeAlive
Locale
Mail-Subject
Memcached
Request-Country
Request-EU
RNT-Machine
Heartbleed
IBM-Web2-Location
V-Age
True-Client-Country-4JS
Web-Mar-Node
Access-Control-Request-Headers
We-Hiring
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Has-Esi
Wxu-Next-Region
ServerName
X-Thinkindot-L3
FNAC-ModuleRouting
Is-Eu
X-Up
X-Variation
X-Generated-On
X-Trafficlayer-App-Version
X-Internal-Host
X-Servername
X-SVT-ORM-VERSION
X-Platform-Server
X-Reboot
X-Matched-Rule
PFcat
AKAMAI
Adler-Geo
X-Nginx-Cache
X-Level-Front-Cache
X-Is-Gdpr
X-SVT-ORM-RULES
X-JWT-State
X-ServiceProvider
X-Req
X-Service
X-NU-AKA-ACS-Version
X-Old-Content-Length
Server-Host
Wxu-Next-Commit
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Wxu-Next-Hostname
Thinkindot-Control
X-Core-Value
X-Cache-Tags
Platform
X-SERVER
Cache-Hits
X-S-Maxage
X-Lb-Id
X-Refresh
X-Response-By
X-App-Version
X-B3-Parentspanid
RequestId
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-TOKEN
X-Parent-Response-Time
X-Air-Hostname
X-CF-Powered-By
Filterid
ProcessTime
X-Var-Ttl
X-Cache-Expired-At
X-Tec-Api-Origin
Group
X-Tec-Api-Root
X-NC
X-Tec-Api-Version
Pragrma
X-Wa
X-B3-SpanId
X-Server-IP
Memory
X-Ua
X-Pjax-Url
S-Cnection
X-Cdn-Forward
User-Agent
Powered-By-ChinaCache
Origin
X-BACKEND-TTL
X-CSRF-Token
X-Pf-Uncompressing
X-Sucuri-ID
X-Cdn-Request-ID
Media-Length
X-Correlation-ID
SRV
Geoip-Latitude
PICS-Label
TTL
GeoIp-Country-Code
X-Varnish-Cacheable
X-COUNTRY
X-Vcl-Version
X-NGINX-Cache
X-Sucuri-Id
X-Unique-ID
X-Oracle-Dms-Rid
Geoip-City
X-NWS-UUID-VERIFY
X-Servedbyhost
X-Via-CDN
X-Rocket-Nginx-Bypass
X-Reqid
Esi-Enabled
X-AIR-PT
Dnion-Transfer-Encoding
X-Webkit-CSP
X-Litespeed-Cache
SN
X-Developer
X-Varnish-Ttl
X-Via-Ucdn
X-Planisys-CDN-Rules
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-HS-Status
X-Ocache
X-Device-Os
X-Sn-Servicetimems
X-Cache-Grace
X-Node-Id
X-LAGOON
X-Cdn-Origin
X-TIME
XServer
On-Server
M-TraceId
X-Azure-Ref-OriginShield
X-Request-Start
HostName
X-FORWARDED-FOR
X-MSEdge-Flight
Rt-Proxy-Cache
A
X-Request-Host
X-MSEdge-Features
X-Fastly-Country-Code
Cdn
Resin-Trace
X-Cache-Status-Check
X-Cache-Ttl
Cloudfront-Viewer-Country
Who
X-Ftr-Cache-Host
Hostname
X-VHOST
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-APP
X-ServedByHost
X-Beluga-Trace
X-Beluga-Status
Magicmarker
X-Method
X-Beluga-Cache-Status
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Request-Id
GeoIP-Country-Code
X-VCL-Version
CF-Cached-On
X-DC
Load-Balancing
X-Bc
NtCoent-Length
X-Zone
Ttl
Pics-Label
X-Varnish-URL
Host-ID
GeoIP-Latitude
MIME-Version
Cteonnt-Length
Tcn
X-Be
X-Fastly-Backend-Reqs
Ohc-Response-Time
X-Varnish-Url
GeoIP-City
X-Svr
DSUID
X-LiteSpeed-Cache-Control
X-Ratelimit-Remaining
X-Newrelic-App-Data
X-Slack-Backend
Vix-Hermes-Req-Id
X-VarnishDD-TTL
X-PF-Uncompressing
X-VCT
X-MServer
Release
X-Hp-Ccpa-Warning
X-PJAX-URL
X-Ftr-Request-Id
X-RPM
X-DW
X-RPS
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-DSS
X-RSL
X-DI
X-Action
WebServer
X-DB
X-PAYTM-SRV-ID
X-FPC
X-Processor
X-BE
X-Skip-Cache
X-Dispatch
X-Server-Time
Pramga
X-Tid
X-Dynatrace
Processtime
X-Configured-By
X-Cache-FS-Status
Arc-Country
X-Swift-Error
Servername
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
X-Ratelimit-Limit
X-ABtesting
X-DevSite-Last-Modified
X-Aicache-OS
Cache-Provider
X-Flog
X-Upstream-Ct
X-ID
CACHE
X-SD-PageType
SD-X-WS
X-Hello
X-Upstream-Ht
Fastly-Drupal-HTML
X-ND-Cache
X-Frame-Option
X-HostName
X-Ftr-Backend-Server
Dynatrace
X-SN
Lfy
X-StackifyID
X-Ftr-Backend
X-Compress-Hint
X-LB-ID
CDN
X-Snapshot-Date
X-Cache-Id
L
CF-IPCountry
Cdn-Request-Time
Requestid
Pagetype
Cdn-Host
X-Fastly-Cache-Hits
N-Cache
X-Edge-Server
X-Ftr-Realm
X-Served-From
X-Ftr-Dc
X-Branch-Name
X-Ftr-Balancer
X-CACHE-AGE
X-Release
X-Bc-Bl
X-Amzn-Remapped-Connection
X-WA
X-Amzn-Remapped-Date
X-VC
X-Via-NSCOPI
X-Request-Url
X-Apw-Access-Action
X-Varnish-Beresp-TTL
X-Cc-Via
X-Edge-IP
V-Cache
X-ServerName
X-SB
D-Cc-Upstream
Proxy-Firewall
X-Cc-Req-Id
X-Apw-Hits
Warning
X-Apw-Access-Object
X-Apw-Access-Token
X-ZONE
Correlation-Id
X-Worker
X-Backend-Host
Backend-Name
X-App
Lb
X-Check-Cacheable
LB
X-Scheme
X-BC
X-Fastly-Cache-Status
X-ElasticPress-Search
X-Powered-Y
X-Request-URL
WP-Super-Cache