Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-UA-Compatible
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
Access-Control-Expose-Headers
X-Ua-Compatible
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Age
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Ws-Request-Id
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
Report-To
X-Dns-Prefetch-Control
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Ac
X-Node
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Cloud-Trace-Context
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-DataDome
X-ORACLE-DMS-RID
X-Cache-Lookup
NEL
X-Mod-Pagespeed
Rating
Edge-Control
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Allow
X-DynaTrace
X-Country-Code
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-TTL
X-ESI
X-FTR-Request-ID
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
Edge-Cache-Tag
AR-CACHE
AR-ATIME
Ar-Sid
RTSS
AR-Request-ID
AR-PoweredBy
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
Charset
X-Amz-Server-Side-Encryption
X-NF-Request-ID
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Vcache
X-Amz-Rid
X-Sol
Arr-Disable-Session-Affinity
Response
Display
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Powered-CMS
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
TCN
X-Navigation-Version
X-Vcap-Request-Id
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Cdn
X-VARITI-CCR
Realpath
X-Client-IP
Cache-Tag
Public-Key-Pins
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
S
MS-Author-Via
X-DynaTrace-JS-Agent
X-Upstream
X-Shard
SPRequestDuration
SPIisLatency
X-Id
Nginx-Cache
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Ezoic-Cdn
Mrf-Cache-Status
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-T
X-Grace
X-Amzn-Trace-Id
X-Amz-Meta-S3cmd-Attrs
Nel
DynaTrace
X-Recruiting
Front-End-Https
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Edge-O15-RID
X-Varnish-Age
ServerID
X-Server-ID
X-DIS-Request-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Content-Digest
X-Cache-TTL
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-FTR-Expires
Powered
X-Country-Code-Real
X-FTR-Cache-Status
X-Frontend
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Jurisdiction
Server-Name
Server-Node
Alternate-Protocol
TP-Cache
TP-L2-Cache
X-Logged-In
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-Correlation-Id
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
Backend-Timing
X-ATS-Timestamp
X-Content-Options
Refresh
X-Cache-Hit
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Amz-Apigw-Id
X-Amzn-RequestId
X-User-Agent
X-Page-Id
X-Akamai-Edgescape
X-F-Cache
X-Revision
X-Rid
X-Type
X-Varnish-Grace
X-Zen-Fury
X-Shield-Request-Id
X-XRDS-LOCATION
Fastly-Restarts
X-CST
X-Content-Powered-By
X-B3-Sampled
X-Webapp-Samesite-None-Activated-N
X-B
X-URL
X-LB-Cache
X-AppVersion
X-Az
X-Activity-Id
X-Geo-Country
X-N
X-Ruxit-Js-Agent
PB-PID
PB-RID
X-Pad
X-Kinsta-Cache
X-Mobile-Rewrite
Arc-Version
Cache-Status
X-Analytics
X-RateLimit-Remaining
X-FTR-Cache-Host
X-TT
X-Cache-Age
X-WebKit-CSP-Report-Only
X-Webkit-Csp
X-Debug-Info
X-AOL-HN
X-Signature
X-Tumblr-Pixel
X-Time
X-Tumblr-User
X-Tumblr-Pixel-0
Actual-Object-TTL
Paypal-Debug-Id
X-Jobs
X-Framework
X-B-Cache
X-Instance
Access-Control-Allow-Method
DC
X-App-Environment
X-FB-Debug
X-Cache-Action
X-Request-Guid
X-Load-Cache
X-PHP-Backend
X-Cached-By
X-Git-Hash
Surrogate-Key
X-Varnish-Backend
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Tt-Trace-Tag
X-Ttl
X-Amz-Replication-Status
X-Tt-Trace-Host
Host-Header
Fastcgi-Useragent
X-IPLB-Instance
MS-CV
X-Contextid
FilterID
X-SS-Set-Cookie
X-ATG-Version
X-Cluster
X-VCache
X-WA-Info
NGB
X-Response-Served-From
X-Accel-Buffering
Tracecode
WPE-Backend
Host
X-Varnish-Server
X-Cache-NE
X-Mobile
X-Srv
Frame-Options
X-Host-Name
Xserver
X-Oneagent-Js-Injection
Eomportal-Instance
Payment
X-Region
X-Cache-Rule
X-Cache-2
X-Cache-Operation
X-FW-Static
Filters
X-FW-Server
X-FW-Serve
X-GeoIP
X-Varnish-Hostname
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-FW-Type
X-FW-Hash
X-Adobe-Content
Source
X-Adobe-Loc
Cache-Tv-Group
X-Kong-Proxy-Latency
X-Hostname
X-Kong-Upstream-Latency
X-Cache-Key
X-TX-ID
X-Cache-Enabled
X-Cacheable-TTL
X-Via-JSL
X-ORACLE-APMCS-TAG
X-Is-Bot
X-Rendered-As
X-RequestSource
X-ORACLE-APMCS-REQUEST-ID
X-Origin-Response-Time
X-EdgeConnect-Cache-Status
X-Presslabs-Stats
X-NewRelic-App-Data
Cleartype
X-FastCGI-Cache
X-Cache-TTL-Remaining
X-Seen-By
Retry-After
Cache
X-NWS-LOG-UUID
Accept-CH
Server-Info
X-B3-Traceid
X-ProcessESI
X-RemovedCookies
X-Cache-Control
Datacenter
X-Dc
X-CACHE-KEY
X-UA
Ms-Operation-Id
X-RTag
Liferay-Portal
X-HTML-Minification-Powered-By
X-Source
Healthy
X-Environment-Context
X-L-Path
X-RateLimit-Limit
From-Origin
X-Cache-Server
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-FireWall-Port
Accept-CH-Lifetime
X-PressLabs-Stats
X-Rule
X-Status
Version
X-App-Server
X-Handled-By
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-Path-Route
X-Cache-Var
X-Backend-Name
X-Access
X-Request-Time
Selected-Fe
X-Tb
X-Proxy-Build
X-Format
X-Timing-Wait
X-APP-VERSION
X-Section
X-Wix-Request-Id
X-Shopify-Generated-Cart-Token
X-ShardId
X-ProxyCache-Key
X-ShopId
X-Storage
X-Content-Age
X-Sorting-Hat-PodId
X-OCL
Akamai-GRN
X-Origin
Azure-SlotName
X-Human
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Sorting-Hat-ShopId
OT-Force-Account-Verify
X-Shopify-Stage
X-Akamai-Request-ID
X-Alternate-Cache-Key
Mn-Server-Ip
X-ProxyCache-Status
X-PCL
Azure-Version
X-EIG-Tracking-Id
X-BYPASS-REASON
Cache-Tags
X-Debug-Cache
X-Cluster-Node
X-Cache-Host
X-Generated-By
X-Hl-Ver
X-LJ-Flow-ID
X-JoinUs
X-Hyper-Cache
X-AWS-Id
X-Akamai-Request-ID2
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
NGX
Node
Origin-Edge-Control
Origin-Cache-Control
Now
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Time-Microsecs
X-Soup
X-ServerID
X-UUID
X-Vgn-Hpd-Reason
X-Web-Node
X-VWS-Id
X-Viewer-Country
X-SaId
X-Redis-Cache
X-Proto
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Proxy
X-Proxy-Cache-Status
X-Qloud-Router
X-Pubstack
DB-Nickname
X-Cache-Config
X-Yottaa-Metrics
X-Yottaa-Optimizations
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
Srv
X-Varnish-Hits
X-SayCDN-TTL
Property-Id
TWC-Locale-Group
S-Rt
Webcakes-App-Name
X-Say-Cacheable
X-FC-Vary-Parameters
X-CCM
X-Say-TTL
X-FW-Dynamic
X-BCube-Filmed-By
Webcakes-App-Version
Webcakes-Region
X-Generated
X-Site-Version
TWC-Privacy
X-Hosted-By
X-Www-Served-By
Cross-Origin-Window-Policy
X-Origin-Hint
X-RCS-CacheZone
X-FB-TRIP-ID
X-Amzn-Remapped-Content-Length
X-Xfnlog-Site
X-R9-Blue-Green-Version
GEO-INFO
X-Locale
X-TNCMS
X-Loop
Ec-Rule-Version
L5d-Success-Class
X-Akamai-Transformed
Accept-Charset
X-IP
X-Detected-As
X-CS
Cache-Name
Viewport
X-NCache
Uber-Trace-Id
X-Esi
X-Drupal-Cache-Tags
X-Unique-Id
Webserver
Cache-Key
Time
X-UA-Device-Type
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-From
Mime-Version
X-Cache-Remote
X-Cluster-Name
X-Origin-CC
X-Drupal-Cache-Contexts
X-Origin-TTL
X-Mode
Accept-Language
X-Backend-TTL
Country
X-TT-TIMESTAMP
X-Forwarded-Host
X-UnsetCookies
X-Edge-Location
Odigeo-Trace-Id
X-CDN-Forward
Rt-Fastcgi-Cache
X-Microcachable
X-Info
X-TA-CDN-Provider
X-CLOUD-TRACE-CONTEXT
X-Whom
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-B3-Spanid
X-ApacheServer
X-PERF
X-Geo
X-Magnolia-Registration
Content-Disposition
X-EC-Lua
ServedBy
X-NGENIX-Cache
Proxy-Connection
X-UPSTREAM-Address
X-No-Session
Ohc-Cache-HIT
Ohc-File-Size
X-Proxied
X-Routing-Service
X-Device-Type
X-Zipkin-Id
X-Via-Fastly
Cf-Ipcountry
X-Daa-Tunnel
X-VG-WebServer
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-VG-WebCache
Apple-News-Services-Handled
X-Vtex-Processado-Em
X-Uri
X-Vtex-Remote-Cache
Xc-Version
Mobile-Detection-Method
X-Session-Fingerprint
X-CF-Lambda-Version
X-ScT
X-S-Cookie
X-S
X-CF-Lambda-Fn
X-B-Cookie
X-Sigma-Backend
X-SRCache-Key
X-Sigma
X-Application
X-ARC
X-Connection-Hash
X-D
X-Region-Sid
X-GeoIP-Country-Code
X-Request-UUID
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Geo-Header
X-G
X-Date
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-Aed
X-Accel-Expires-Debug
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Machine
MD5-Digest
Meta-Geo-Continent
Content-Style-Type
X-Twitter-Response-Tags
X-VG-TLSProxy
BehaviorPad-Version
X-Vdms-Version
Content-Script-Type
X-Trv-Group
X-Rojux
X-A-Dam
X-Transaction
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A
W
Rendered-Blocks
T-Server
Viewtype
VivaBuild
AsisCache
X-A-Ccd
X-Labrador-Cache-Channel
X-PHP-Host
HitType
X-Nc
X-C
User-Cache-Control
Gh-Request-Id
X-Distil-CS
X-Cache-ASPX
X-Cache-Debug
Ha-Gx-Prefs
X-Hit
X-Bip
X-Render-Time
Server-Cache-Control
X-Epic-Correlation-Id
Locid
X-Logging-Id
Fastly-Soc-X-Request-Id
X-Contensis-Viewer-Groups
X-Developers
X-CUA
X-CGP
Environment
Powered-By
CDCHOST
HA-Ipaddr
X-Agile-Age
X-Wikidot-Backend
X-SIPLIST1
X-Agile-Id
X-Varnish-Authentication
X-VC-Cache
X-WebServer
X-Cache-Time
X-Agile
X-Eu-Site
X-Tumblr-Pixel-3
Server-Surrogate-Control
X-Wikidot-Static-Cache
X-Sucuri-Cache
Geo-Info
X-Thanos
X-App-Name
X-TrackingId
X-Auto-Login
IsBot
X-Real-IP
X-Debug-Cache-Store
X-Distributor
X-Debug-Cookies
X-Dispatcher-Server
X-Debug-Log
X-Cache-Info
X-BBXSRF
X-Block-Status
X-Cache-Backend
X-Backend-State
X-Azure-Ref
Web-Mar-Node
X-AK-Request-ID
X-Cache-Bucket
X-Cache-URL
X-Core-Mission
X-App-Version
X-Debug-Cache-Expiry
X-Cms-Context
X-Clientip
X-Cdn-Srv
X-Clara-WADP
X-Debug-Cache-Fetch
X-Hash
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Server-W
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-OVcl-Cache
X-Owner
X-Proxy-Upstream
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-User
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Swa-Ws
X-Trace-Id
X-TT-LOGID
X-OVcl
X-Origin-Expires
X-GeoIP-City
We-Hiring
X-Hnp-Log
X-IN-APIGATEWAY
X-Generation-Time
X-Generated-In
X-Fetched-On
X-Gamma-Serve
X-Gen-Mode
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-NodeID
X-NX-Host
X-Origin-Date
X-Varnish-Beresp-Status
X-Ms-Version
X-Irp-Debug
X-Micro-Cache
X-Ms-Request-Id
X-Fastly-Cache
X-Nginx-Cache-Key
Mail-Subject
Locale
Kp-EeAlive
Heartbleed
True-Client-Country-4JS
Request-Country
Server-ID
RNT-Time
RNT-Machine
Request-EU
Fastly-SWR
Fastly-SIE
AKAMAI
Access-Control-Request-Headers
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Cache-Host
Cdncip
Country-Code
Countrycode
Cdnsip
V-Age
Server-Int
Fastly-SSL
X-GoCache-CacheStatus
Is-Eu
Wxu-Next-Commit
IBM-Web2-Location
X-FW-Version
X-LI-Proto
X-VServer
X-LI-UUID
X-Thinkindot-L3
Memcached
X-TH-Server
Wxu-Next-Region
X-Matched-Rule
X-Platform-Server
X-Location
X-Li-Pop
FNAC-ModuleRouting
X-Nginx-Cache
X-Up
X-Internal-Host
X-Is-Gdpr
X-Key
X-JWT-State
X-Variation
Adler-Geo
X-Li-Fabric
X-Generated-On
X-Level-Front-Cache
X-Has-Esi
Fastly-Backend-Name
X-Core-Value
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
X-Req
X-Cache-Tags
X-ServiceProvider
X-Old-Content-Length
Section-Io-Cache
Thinkindot-CacheControl
X-Service
Server-Host
X-NU-AKA-ACS-Version
Thinkindot-Control
ServerName
Platform
X-Trafficlayer-App-Version
PFcat
X-S-Maxage
Cache-Hits
X-Lb-Id
X-Reboot
X-SERVER
X-Servername
X-B3-Parentspanid
X-Refresh
X-Response-By
RequestId
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-Air-Hostname
X-CSRF-TOKEN
X-B3-SpanId
X-CF-Powered-By
Filterid
X-Cdn-Forward
X-Tec-Api-Root
Pragrma
X-Tec-Api-Origin
ProcessTime
X-Cache-Expired-At
X-Var-Ttl
Group
X-Tec-Api-Version
X-BACKEND-TTL
X-Pjax-Url
X-Server-IP
X-Wa
S-Cnection
Memory
Origin
Powered-By-ChinaCache
X-NC
User-Agent
X-CSRF-Token
X-Cdn-Request-ID
TTL
Media-Length
X-Ua
X-Correlation-ID
SRV
X-Unique-ID
X-Pf-Uncompressing
X-Sucuri-Id
X-Vcl-Version
Geoip-Latitude
X-Sucuri-ID
PICS-Label
X-COUNTRY
X-NGINX-Cache
X-Varnish-Cacheable
GeoIp-Country-Code
X-Servedbyhost
Geoip-City
X-NWS-UUID-VERIFY
X-Via-CDN
X-Rocket-Nginx-Bypass
X-Reqid
X-AIR-PT
X-Developer
X-Litespeed-Cache
Dnion-Transfer-Encoding
SN
Esi-Enabled
X-Webkit-CSP
X-HS-Status
X-Via-Ucdn
X-Sn-Servicetimems
X-Cdn-Origin
X-Device-Os
X-Ocache
X-Cache-Grace
X-LAGOON
X-Varnish-Ttl
X-Planisys-CDN-Rules
X-Policy
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Ftr-Cache-Host
X-TIME
XServer
X-Node-Id
X-Azure-Ref-OriginShield
M-TraceId
X-Request-Start
On-Server
X-FORWARDED-FOR
HostName
Rt-Proxy-Cache
A
X-MSEdge-Features
X-Fastly-Country-Code
X-Request-Host
X-MSEdge-Flight
Cloudfront-Viewer-Country
X-Cache-Status-Check
Cdn
Resin-Trace
X-Cache-Ttl
X-Ftr-Request-Id
Who
X-VHOST
Hostname
X-Beluga-Response-Time
X-ServedByHost
X-Beluga-Trace
Magicmarker
X-Beluga-Status
X-Beluga-Record
X-Method
X-Beluga-Cache-Status
X-Beluga-Node
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
Pics-Label
X-APP
CF-Cached-On
NtCoent-Length
X-VCL-Version
X-Zone
Load-Balancing
X-Bc
GeoIP-Country-Code
X-Varnish-URL
Host-ID
MIME-Version
X-Oracle-Dms-Rid
Cteonnt-Length
X-Fastly-Backend-Reqs
Ohc-Response-Time
Tcn
X-Svr
X-Varnish-Url
X-Be
GeoIP-Latitude
Ttl
X-DC
X-Ratelimit-Remaining
X-LiteSpeed-Cache-Control
DSUID
X-VarnishDD-TTL
X-Newrelic-App-Data
GeoIP-City
X-PF-Uncompressing
Release
X-VCT
X-MServer
Vix-Hermes-Req-Id
X-Slack-Backend
X-Hp-Ccpa-Warning
X-Ftr-Balancer
X-SRV
X-PJAX-URL
X-Action
Amp-Access-Control-Allow-Source-Origin
X-Ftr-Backend
X-Ftr-Backend-Server
WebServer
X-Ftr-Realm
X-Ftr-Dc
CACHE
X-RPS
X-DB
X-DW
Processtime
X-RPM
X-Server-Time
X-DI
X-BE
X-DSS
X-Tid
X-Swift-Error
Arc-Country
Pramga
X-Cache-FS-Status
X-Configured-By
X-Dispatch
X-Processor
X-RSL
X-Dynatrace
X-PAYTM-SRV-ID
X-Skip-Cache
Servername
X-Ratelimit-Limit
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
Cache-Provider
Fastly-Drupal-HTML
X-ABtesting
X-DevSite-Last-Modified
SD-X-WS
X-ID
X-SD-PageType
X-Upstream-Ht
X-Flog
X-FPC
X-Upstream-Ct
X-Aicache-OS
X-Hello
X-ND-Cache
X-HostName
X-Frame-Option
X-Served-From
CF-IPCountry
X-Snapshot-Date
L
X-StackifyID
X-Branch-Name
X-SN
CDN
X-LB-ID
X-Compress-Hint
Pagetype
Requestid
Cdn-Host
Lfy
Cdn-Request-Time
X-Edge-Server
X-Cache-Id
Dynatrace
X-Fastly-Cache-Hits
X-CACHE-AGE
X-ServerName
X-Release
N-Cache
X-WA
X-Bc-Bl
Warning
Proxy-Firewall
X-Cc-Via
X-ZONE
X-Edge-IP
X-Apw-Access-Action
X-Apw-Access-Object
X-Request-Url
X-Apw-Hits
X-Apw-Access-Token
X-Varnish-Beresp-TTL
V-Cache
D-Cc-Upstream
X-VC
X-Cc-Req-Id
X-SB
X-Via-NSCOPI
X-Fpc
X-Scheme
X-Backend-Host
X-BC
X-Amzn-Remapped-Date
X-Check-Cacheable
X-Amzn-Remapped-Connection
X-Worker
X-App
LB
X-Powered-Y
Lb
X-Request-URL
X-ElasticPress-Search
WP-Super-Cache
Correlation-Id
Backend-Name
X-Fastly-Cache-Status