Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Xss-Protection
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Ws-Request-Id
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
Content-Location
X-Origin-Cache
X-Response-Time
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Dispatcher
X-Cloud-Trace-Context
X-Origin-Upstream-Status
X-ORACLE-DMS-ECID
X-Cnection
X-HW
NEL
X-DataDome
X-Application-Context
X-ORACLE-DMS-RID
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Mod-Pagespeed
X-Cache-Lookup
Edge-Control
Rating
X-Rack-Cache
X-Country
Pinterest-Generated-By
X-Akam-SW-Version
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-DynaTrace
X-Country-Code
X-Varnish-TTL
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
Accept-Ch
X-TTL
X-ESI
X-FTR-Request-ID
Verso
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-GitHub-Request-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-Exp-Variant
X-Cdn-Fetch
Edge-Cache-Tag
RTSS
X-Px
AR-CACHE
AR-ATIME
Ar-Sid
AR-Request-ID
AR-PoweredBy
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-NF-Request-ID
SPRequestGuid
X-Server-Name
X-Amz-Server-Side-Encryption
X-Vcache
X-Powered-CMS
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Vcap-Request-Id
Response
X-Navigation-Version
X-Middleton-Response
X-Trace
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Client-IP
X-Upstream
S
X-Fastly-Request-ID
X-DynaTrace-JS-Agent
MS-Author-Via
X-Ser
X-Shard
SPRequestDuration
SPIisLatency
X-Id
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
X-Forwarded-For
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-T
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Amz-Meta-S3cmd-Attrs
X-Content-Type
X-Amzn-Trace-Id
Nginx-Cache
X-Recruiting
Front-End-Https
X-Grace
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
MicrosoftSharePointTeamServices
ServerID
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-HS-Content-Id
X-GUploader-UploadID
X-HS-Hub-Id
X-Frontend
X-Goog-Generation
Powered
X-HS-Cache-Config
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-HS-Combine-CSS
Server-Name
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-Edge-O15-RID
Alternate-Protocol
X-Logged-In
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-Correlation-Id
TP-L2-Cache
TP-Cache
Server-Node
X-Cache-TTL
X-Webapp-Samesite-None-Activated-N
X-Shield-Request-Id
X-XRDS-LOCATION
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
Upgrade-Insecure-Requests
Refresh
X-Content-Options
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Revision
X-Page-Id
X-Amz-Apigw-Id
X-User-Agent
X-Rid
X-Amzn-RequestId
X-F-Cache
X-Varnish-Grace
Backend-Timing
Nel
X-Cache-Hit
X-Server-ID
X-ATS-Timestamp
X-Jurisdiction
X-Type
Fastly-Restarts
X-XRDS-Location
X-Pad
X-Content-Powered-By
X-Analytics
X-Geo-Country
X-AppVersion
X-Az
X-Activity-Id
X-N
X-LB-Cache
X-B3-Sampled
X-Zen-Fury
X-B
X-URL
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-PID
X-Cache-Age
X-TT
PB-RID
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Ruxit-Js-Agent
X-Jobs
DC
Actual-Object-TTL
X-Tumblr-Pixel
Paypal-Debug-Id
X-Framework
X-App-Environment
Arc-Version
X-Mobile-Rewrite
X-Instance
X-Request-Guid
X-Tumblr-Pixel-0
X-Tumblr-User
Access-Control-Allow-Method
X-B-Cache
X-Debug-Info
X-Signature
X-CST
X-PHP-Backend
X-FB-Debug
FilterID
Cache-Status
X-Load-Cache
X-Erf-Bev-Bev
X-Varnish-Backend
X-Cache-Action
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Git-Hash
Fastcgi-Useragent
Host-Header
X-FastCGI-Cache
X-Ttl
X-Cached-By
X-IPLB-Instance
MS-CV
X-SS-Set-Cookie
X-Tt-Trace-Tag
X-Contextid
X-Time
X-Amz-Replication-Status
X-Cluster
X-Tt-Trace-Host
X-Srv
X-ATG-Version
Frame-Options
X-Response-Served-From
Tracecode
X-Accel-Buffering
NGB
Source
X-Cache-Key
WPE-Backend
X-Varnish-Server
Xserver
X-Trafficlayer-App-Name
Host
Payment
Eomportal-Instance
X-Trafficlayer-App-Scope
X-Region
X-Varnish-Hostname
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
X-FW-Serve
X-Adobe-Loc
X-Cache-2
X-Adobe-Content
Filters
Cache-Tv-Group
X-Cache-NE
X-Cacheable-TTL
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-GeoIP
X-Cache-Enabled
Accept-CH
X-Mobile
X-WA-Info
X-TX-ID
X-Kong-Upstream-Latency
Cleartype
X-Host-Name
X-Kong-Proxy-Latency
X-B3-Traceid
X-Is-Bot
X-Rendered-As
X-NewRelic-App-Data
X-Seen-By
X-Oneagent-Js-Injection
Cache
Healthy
X-Cache-Rule
X-Cache-Operation
X-Hostname
X-Via-JSL
X-EdgeConnect-Cache-Status
X-Origin-Response-Time
X-Cache-Control
X-Presslabs-Stats
X-Cache-TTL-Remaining
Datacenter
X-HTML-Minification-Powered-By
X-VCache
X-Dc
Accept-CH-Lifetime
X-RTag
Retry-After
Ms-Operation-Id
X-RemovedCookies
X-ORACLE-APMCS-REQUEST-ID
X-UA
X-ORACLE-APMCS-TAG
X-ProcessESI
X-Rule
Server-Info
X-CACHE-KEY
X-RateLimit-Limit
Liferay-Portal
From-Origin
X-Wix-Request-Id
X-PressLabs-Stats
X-Status
Version
X-Cache-Server
X-NWS-LOG-UUID
X-L-Path
X-FireWall-Port
X-Environment-Context
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-Source
X-CLOUD-TRACE-CONTEXT
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
Meta-Geo
X-Path-Route
X-Timing-Wait
X-Handled-By
X-Hyper-Cache
X-UUID
X-Proxy-Build
OT-Force-Account-Verify
Selected-Fe
X-Storage
X-Shopify-Generated-Cart-Token
X-Content-Age
X-ShopId
X-EIG-Tracking-Id
X-Alternate-Cache-Key
X-Proto
X-Backend-Name
X-Sorting-Hat-PodId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-ShopId
X-Tb
NGX
X-ProxyCache-Status
Azure-SlotName
Azure-RegionName
Azure-SiteName
Azure-InstanceId
Akamai-GRN
X-Redis-Cache
X-Qloud-Router
Azure-Version
Cache-Tags
X-Pubstack
Ec-Rule-Version
Decoy-Debug-TTL
Decoy-Debug-Status
DB-Nickname
Decoy-Debug-Key
L5d-Success-Class
X-Proxy
X-Access
X-Akamai-Request-ID
X-Akamai-Request-ID2
Webcakes-Region
Webcakes-App-Version
X-Hosted-By
X-Hl-Ver
Webcakes-App-Name
X-AWS-Id
X-Generated-By
X-Cache-Config
X-Cache-Host
X-Debug-Cache
X-BYPASS-REASON
X-FC-Vary-Parameters
X-FW-Dynamic
X-Format
TWC-Privacy
TWC-Locale-Group
X-LJ-Flow-ID
Origin-Cache-Control
Origin-Edge-Control
X-ProxyCache-Key
Now
X-OCL
X-Origin-Hint
Property-Id
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-PCL
X-JoinUs
X-Human
Node
X-Yottaa-Metrics
X-Time-Microsecs
X-Origin
X-SaId
X-Soup
X-Section
X-Request-Time
X-ServerID
X-Web-Node
X-Yottaa-Optimizations
X-VWS-Id
X-Vgn-Hpd-Reason
X-Viewer-Country
X-Varnish-Hits
X-BCube-Filmed-By
X-Site-Version
X-SayCDN-TTL
Mn-Server-Ip
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-RCS-CacheZone
X-Say-TTL
X-IP
X-Locale
X-Generated
X-Xfnlog-Site
X-CCM
X-Say-Cacheable
X-Www-Served-By
X-Cluster-Node
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
X-Proxy-Cache-Status
X-APP-VERSION
Cache-Name
Cross-Origin-Window-Policy
Viewport
X-FB-TRIP-ID
X-Detected-As
X-R9-Blue-Green-Version
X-App-Server
Uber-Trace-Id
GEO-INFO
X-CS
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Webserver
Time
X-Akamai-Transformed
Accept-Charset
X-Unique-Id
X-Drupal-Cache-Tags
X-NCache
X-Cache-Remote
X-From
X-Edge-Location
X-Esi
X-UA-Device-Type
Srv
X-TT-TIMESTAMP
X-Cluster-Name
X-Origin-TTL
X-Origin-CC
X-Drupal-Cache-Contexts
Mime-Version
Cache-Key
Country
Accept-Language
X-Mode
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-EC-Lua
X-Backend-TTL
Ohc-Cache-HIT
X-Microcachable
X-B3-Spanid
Ohc-File-Size
X-CDN-Forward
X-No-Session
Rt-Fastcgi-Cache
X-Geo
X-Forwarded-Host
X-Info
X-Webkit-CSP
Proxy-Connection
X-PHP-Host
X-Labrador-Cache-Channel
X-Real-IP
X-UPSTREAM-Address
X-Magnolia-Registration
X-Whom
X-Cache-Time
ServedBy
Content-Disposition
X-Varnish-Cache-Hits
Fastly-SSL
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-ApacheServer
X-PERF
Cf-Ipcountry
X-Date
X-Accel-Expires-Debug
X-Region-Sid
Mobile-Detection-Method
Meta-Geo-Continent
Machine
X-Application
MD5-Digest
Powered-By
X-A-Wwc
X-S-Cookie
X-App-Version
X-ScT
X-S
X-Rojux
Rendered-Blocks
X-Request-UUID
X-Rewrite-Enabled
X-ARC
X-B-Cookie
Content-Script-Type
Content-Style-Type
X-DPWN-IS-SECURE
X-Connection-Hash
X-Destination
X-D
BehaviorPad-Version
AsisCache
X-External-Request-Id
X-G
X-GeoIP-Country-Code
GEO-REGION-INFO
X-UnsetCookies
X-Geo-Header
X-CF-Lambda-Fn
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
X-Session-Fingerprint
X-Aed
X-Trv-Group
X-Transaction
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
Access-Control-Request-Headers
X-VG-WebCache
X-Twitter-Response-Tags
X-Vdms-Version
T-Server
X-A-Dcw
X-A-Dgt
X-SRCache-Key
X-A
X-A-Dam
X-A-Ccd
Xc-Version
VivaBuild
Viewtype
X-Cache-Backend
X-Device-Type
User-Cache-Control
Gh-Request-Id
X-WebServer
X-Cache-Debug
X-Rocket-Build-Number
X-TrackingId
X-Thanos
Server-Surrogate-Control
W
Environment
X-Tumblr-Pixel-3
X-VG-TLSProxy
X-Via-Fastly
X-VC-Cache
X-Cache-ASPX
X-Auto-Login
X-Sigma
Server-Cache-Control
X-Logging-Id
X-Varnish-Authentication
X-CUA
X-Contensis-Viewer-Groups
X-Bip
IsBot
X-Sigma-Backend
X-SIPLIST1
X-C
X-Clara-WADP
X-Core-Mission
X-Clientip
X-Cms-Context
V-Age
Wxu-Next-Region
X-Cdn-Srv
X-BBXSRF
X-Block-Status
X-Cache-Bucket
X-Backend-State
We-Hiring
X-App-Name
Web-Mar-Node
X-Cache-Info
X-Cache-URL
X-CGP
X-Agile
X-Agile-Age
Wxu-Next-Commit
X-AK-Request-ID
X-Agile-Id
Wxu-Next-Hostname
X-Generation-Time
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Render-Time
X-Req
X-Sucuri-Cache
X-Request-URI
X-Owner
X-OVcl-Cache
X-NodeID
X-Nginx-Cache-Key
X-NX-Host
X-Origin-Date
X-OVcl
X-Origin-Expires
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-WADP-Cache
X-VServer
X-We-Are-Hiring
X-Webstats-RespID
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-User
X-Uri
X-TH-Server
X-Swa-Ws
X-Trace-Id
X-TT-LOGID
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Ms-Version
X-Ms-Request-Id
X-Eu-Site
X-Epic-Correlation-Id
X-FW-Version
X-Gamma-Serve
X-Generated-In
X-Gen-Mode
X-Distributor
X-Distil-CS
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Dispatcher-Server
X-Developers
True-Client-Country-4JS
X-GeoIP-City
X-Li-Fabric
X-Key
X-Li-Pop
X-LI-Proto
X-Location
X-LI-UUID
X-Irp-Debug
X-Instart-Isnd
X-Hash
X-GoCache-CacheStatus
X-Hit
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Debug-Cache-Expiry
X-Fastly-Cache
HA-Ipaddr
Heartbleed
Memcached
Ha-Gx-Prefs
Apple-News-Services-Parsed-Url
Kp-EeAlive
Request-Country
IBM-Web2-Location
Country-Code
Apple-News-Services-Handled
AKAMAI
Locale
Locid
Mail-Subject
Apple-News-Services-Host
Apple-News-Services-Request-Url
Request-EU
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
Server-Int
Fastly-Backend-Name
Cdncip
Countrycode
Cdnsip
RNT-Machine
Server-ID
Cache-Host
Section-Io-Cache
RNT-Time
CDCHOST
X-B3-Parentspanid
X-Varnish-Beresp-Grace
Geo-Info
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Core-Value
X-Is-Gdpr
X-Daa-Tunnel
X-ServiceProvider
X-Service
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-Variation
X-Up
X-NGENIX-Cache
X-S-Maxage
X-Reboot
X-Internal-Host
X-Has-Esi
X-Generated-On
X-JWT-State
X-Level-Front-Cache
X-Platform-Server
X-Old-Content-Length
X-NU-AKA-ACS-Version
Adler-Geo
X-Matched-Rule
Platform
Thinkindot-Control
Is-Eu
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
X-Azure-Ref
X-Cache-Tags
PFcat
ServerName
Fastly-SIE
X-Lb-Id
X-Refresh
X-Response-By
Fastly-SWR
X-Rebelmouse-Cache-Control
X-Micro-Cache
X-NC
Cache-Hits
X-Rebelmouse-Surrogate-Control
HitType
X-TA-CDN-Provider
RequestId
X-Server-IP
X-SERVER
X-Server-W
X-Servername
X-Cdn-Forward
X-CF-Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Fetched-On
X-Nginx-Cache
X-B3-SpanId
Memory
X-Cdn-Request-ID
Media-Length
ProcessTime
X-Parent-Response-Time
X-Nc
X-Pjax-Url
X-Tec-Api-Version
X-CSRF-Token
X-Tec-Api-Origin
X-Tec-Api-Root
X-BACKEND-TTL
Origin
X-CSRF-TOKEN
SRV
User-Agent
X-TIME
X-Wa
X-Air-Hostname
TTL
X-Pf-Uncompressing
Geoip-Latitude
X-NGINX-Cache
X-Var-Ttl
Group
X-Reqid
Pragrma
X-Vcl-Version
GeoIp-Country-Code
X-AIR-PT
Esi-Enabled
X-Cache-Expired-At
X-Unique-ID
X-Ua
X-Correlation-ID
X-Sucuri-Id
X-Planisys-CDN-TTL
X-Policy
X-Planisys-CDN-Rules
HostName
X-Planisys-CDN-Cache
X-Sucuri-ID
X-Rocket-Nginx-Bypass
Powered-By-ChinaCache
PICS-Label
X-COUNTRY
X-Request-Start
S-Cnection
Filterid
X-Azure-Ref-OriginShield
SN
Rt-Proxy-Cache
X-Servedbyhost
X-Litespeed-Cache
X-Varnish-Cacheable
Magicmarker
Geoip-City
X-Via-Ucdn
X-Method
Load-Balancing
X-Varnish-Ttl
XServer
M-TraceId
X-NWS-UUID-VERIFY
X-HS-Status
X-Fastly-Country-Code
X-Via-CDN
Ohc-Response-Time
DSUID
X-FORWARDED-FOR
X-Developer
Release
Dnion-Transfer-Encoding
X-ServedByHost
Tcn
X-MServer
X-VCT
X-Sn-Servicetimems
X-Cdn-Origin
X-Ocache
X-Cache-Grace
Cdn
X-LAGOON
Who
CF-Cached-On
X-Node-Id
X-Device-Os
X-Cache-Ttl
X-Be
Resin-Trace
X-Svr
NtCoent-Length
X-Hp-Ccpa-Warning
X-Ftr-Cache-Host
X-VHOST
X-Zone
Vix-Hermes-Req-Id
X-Bc
On-Server
X-MSEdge-Features
X-MSEdge-Flight
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Ratelimit-Remaining
X-APP
X-Request-Host
Pics-Label
Cteonnt-Length
A
X-VarnishDD-TTL
X-VCL-Version
X-Configured-By
GeoIP-Country-Code
Cloudfront-Viewer-Country
MIME-Version
X-Oracle-Dms-Rid
X-WR-MODIFICATION
Ttl
X-Beluga-Status
X-Beluga-Record
X-Beluga-Response-Time
GeoIP-Latitude
X-Beluga-Node
X-Varnish-Url
X-Beluga-Trace
X-Beluga-Cache-Status
X-SD-PageType
SD-X-WS
X-Cache-Status-Check
X-DC
X-Varnish-URL
X-PF-Uncompressing
GeoIP-City
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
X-SN
X-Compress-Hint
X-Upstream-Ct
X-Newrelic-App-Data
X-Cache-Id
X-Upstream-Ht
X-Ftr-Request-Id
X-PJAX-URL
X-Via-NSCOPI
X-SRV
Host-ID
X-Release
X-Tid
L
X-HostName
X-Ratelimit-Limit
Hostname
X-Dynatrace
Processtime
X-Scheme
LB
X-BE
X-Aicache-OS
Servername
X-Dynatrace-Js-Agent
X-ID
Cache-Cookie-Set-Idcheck
X-Slack-Backend
UCS
Cache-Provider
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-Swift-Error
X-Fastly-Cache-Hits
CACHE
WebServer
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
X-DSS
Lfy
X-Ftr-Dc
X-DW
X-RPM
X-RPS
X-Ftr-Balancer
X-DI
Pagetype
X-Action
X-ServerName
X-StackifyID
X-Ftr-Realm
Dynatrace
X-DB
X-Varnish-Beresp-TTL
X-RSL
CF-IPCountry
X-Ftr-Backend-Server
X-Ftr-Backend
X-Snapshot-Date
X-LB-ID
X-Branch-Name
Requestid
CDN
X-CACHE-AGE
X-Cc-Via
D-Cc-Upstream
Warning
X-Processor
X-PAYTM-SRV-ID
X-Cc-Req-Id
X-Skip-Cache
X-Cache-FS-Status
Pramga
Arc-Country
X-Dispatch
X-Fastly-Cache-Status
X-FPC
X-Server-Time
X-VC
X-Edge-IP
WZWS-RAY
X-Apw-Access-Token
X-Apw-Access-Object
X-ZONE
X-Apw-Hits
Proxy-Firewall
X-Node-ID
X-Apw-Access-Action
X-SB
V-Cache
NnCoection
X-Flog
X-Hello
X-ABtesting
X-Worker
X-BC
X-App
Backend-Name
X-Request-URL
Lb
X-Check-Cacheable
X-Litespeed-Cache-Control
X-Powered-Y
X-Amzn-Remapped-Connection
Correlation-Id
WP-Super-Cache
X-ElasticPress-Search
X-Amzn-Remapped-Date
X-Request-Url