Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-DNS-Prefetch-Control
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Request-Id
X-Amz-Id-2
X-Server-Powered-By
X-Robots-Tag
X-Page-Speed
X-Pingback
EagleId
X-Nginx-Cache-Status
X-Proxy-Cache
X-UA-Device
X-Ws-Request-Id
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
X-Dns-Prefetch-Control
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
X-Rack-Cache
Rating
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Varnish-TTL
Accept-Ch
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-TtlSet
X-Vname
X-Goog-Hash
X-PC
X-TTL
X-FTR-Request-ID
X-ESI
Accept-Ch-Lifetime
Verso
X-B3-TraceId
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
Edge-Cache-Tag
RTSS
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Px
Ar-Sid
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-Server-Name
X-NF-Request-ID
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Cached
X-Accel-Expires
X-MSEdge-Ref
X-Powered-CMS
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Middleton-Display
Pagespeed
Display
X-Sol
X-Middleton-Response
Response
X-Vcap-Request-Id
X-Navigation-Version
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-VARITI-CCR
X-Cdn
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Upstream
X-Ser
X-DynaTrace-JS-Agent
MS-Author-Via
X-Shard
X-Id
SPIisLatency
SPRequestDuration
X-Hp-Webp
Nginx-Cache
Mrf-Cache-Status
X-Ezoic-Cdn
MRF-Tech
X-Mrf-Section-Lastmod
X-Forwarded-For
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
X-T
DynaTrace
X-Amzn-Trace-Id
X-Recruiting
X-Grace
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
ServerID
X-DIS-Request-ID
X-Server-ID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
Nel
X-HS-Combine-CSS
X-Content-Digest
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
Powered
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-FTR-Expires
X-Goog-Metageneration
X-FTR-Cache-Status
X-Country-Code-Real
X-Edge-O15-RID
Server-Name
Alternate-Protocol
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-Logged-In
X-Cache-TTL
TP-L2-Cache
TP-Cache
Server-Node
X-Correlation-Id
X-Webkit-Csp
X-Jurisdiction
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-Page-Id
X-Origin-Server
X-Webapp-Samesite-None-Activated-N
Refresh
X-Content-Options
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Revision
X-Rid
X-Cache-Hit
X-Akamai-Edgescape
X-F-Cache
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Varnish-Grace
X-Type
X-XRDS-LOCATION
Fastly-Restarts
X-Content-Powered-By
X-B3-Sampled
X-Zen-Fury
X-Analytics
X-Geo-Country
X-URL
X-Pad
X-LB-Cache
X-Az
X-AppVersion
X-Activity-Id
X-B
X-N
X-RateLimit-Remaining
X-Kinsta-Cache
X-FTR-Cache-Host
X-Ruxit-Js-Agent
PB-PID
PB-RID
X-CST
X-Mobile-Rewrite
X-TT
Arc-Version
X-Cache-Age
X-Request-Guid
X-WebKit-CSP-Report-Only
X-Jobs
X-AOL-HN
Cache-Status
X-Framework
X-App-Environment
X-Tumblr-Pixel
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-Tumblr-User
DC
Actual-Object-TTL
X-Debug-Info
Access-Control-Allow-Method
X-B-Cache
X-Instance
X-Signature
X-FB-Debug
X-PHP-Backend
X-Load-Cache
X-Cache-Action
X-Time
Surrogate-Key
X-Varnish-Backend
X-Git-Hash
Fastcgi-Useragent
X-Ttl
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
FilterID
Host-Header
X-Cached-By
X-Tt-Trace-Tag
X-Contextid
X-IPLB-Instance
X-Amz-Replication-Status
MS-CV
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
Tracecode
X-ATG-Version
X-FastCGI-Cache
X-Accel-Buffering
NGB
X-Response-Served-From
Frame-Options
X-Srv
X-WA-Info
X-FW-Hash
X-Cache-NE
X-FW-Type
X-RequestSource
X-FW-Static
X-FW-Server
X-FW-Serve
WPE-Backend
Eomportal-Instance
X-Region
Host
Payment
X-Varnish-Server
Xserver
X-Cache-2
X-Host-Name
X-TX-ID
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Mobile
Source
X-Adobe-Content
X-Adobe-Loc
X-Cache-Enabled
X-GeoIP
Filters
X-Is-Bot
X-Cacheable-TTL
X-IPS-LoggedIn
X-Rendered-As
Cache-Tv-Group
X-Cache-Key
X-Oneagent-Js-Injection
X-Kong-Proxy-Latency
X-NewRelic-App-Data
X-Kong-Upstream-Latency
Cleartype
X-Seen-By
X-Cache-Rule
X-Cache-Operation
X-EdgeConnect-Cache-Status
X-Via-JSL
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Hostname
X-VCache
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Control
X-PressLabs-Stats
Cache
X-HTML-Minification-Powered-By
Healthy
Datacenter
Retry-After
X-Trafficlayer-App-Scope
Server-Info
X-Trafficlayer-App-Name
X-CACHE-KEY
X-ProcessESI
X-RemovedCookies
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-Dc
X-Presslabs-Stats
Liferay-Portal
X-Source
X-Rule
X-UA
X-Cache-Server
X-L-Path
X-NWS-LOG-UUID
X-Environment-Context
From-Origin
X-FireWall-Port
X-Status
X-Endurance-Cache-Level
X-Wix-Request-Id
Version
X-Upgrade-Enabled
X-Cache-Var
X-Handled-By
X-Cache-Var-Map
Meta-Geo
X-RN-RSRV
X-Path-Route
X-ES-SERVER
X-B3-Traceid
Mn-Server-Ip
Selected-Fe
X-Proxy-Build
X-Timing-Wait
OT-Force-Account-Verify
X-RCS-CacheZone
X-Content-Age
Webcakes-Region
X-Akamai-Request-ID
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
X-Proto
X-Origin-Hint
X-AWS-Id
X-LJ-Flow-ID
X-Sorting-Hat-ShopId
X-Storage
TWC-Locale-Group
Azure-SlotName
TWC-GeoIP-Country
X-Format
X-VWS-Id
Azure-RegionName
Azure-InstanceId
X-Tb
Akamai-GRN
X-Access
Property-Id
TWC-Device-Class
Cache-Tags
TWC-Connection-Speed
Azure-SiteName
X-Backend-Name
TWC-GeoIP-LatLong
X-Alternate-Cache-Key
X-ShardId
X-ShopId
X-Shopify-Stage
X-Qloud-Router
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FW-Dynamic
Azure-Version
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Request-Time
X-Section
X-EIG-Tracking-Id
NGX
X-FC-Vary-Parameters
Node
X-Human
Origin-Cache-Control
X-Cluster-Node
Now
X-BYPASS-REASON
X-Redis-Cache
Decoy-Debug-TTL
X-ProxyCache-Key
DB-Nickname
Ec-Rule-Version
X-Xfnlog-Site
X-Cache-Host
X-ProxyCache-Status
X-Pubstack
Decoy-Debug-Key
S-Rt
X-PCL
X-Akamai-Request-ID2
X-Cache-Config
X-Hosted-By
X-Debug-Cache
X-Vgn-Hpd-Reason
X-JoinUs
X-Hyper-Cache
X-Origin
X-Soup
X-Hl-Ver
X-ServerID
X-Viewer-Country
X-Proxy-Cache-Status
X-Time-Microsecs
Origin-Edge-Control
X-Generated-By
X-SaId
X-OCL
X-Web-Node
X-UUID
X-Proxy
Decoy-Debug-Status
X-App-Server
X-Yottaa-Metrics
X-Yottaa-Optimizations
Accept-CH
X-CCM
X-Say-TTL
X-Locale
X-MP-GENERATED-AT
X-Detected-As
X-Www-Served-By
X-IP
X-Say-Cacheable
X-SayCDN-TTL
X-NYM-Debug-Backend
X-Generated
Cross-Origin-Window-Policy
X-BCube-Filmed-By
X-Site-Version
X-Varnish-Hits
L5d-Success-Class
X-TNCMS
X-Loop
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
X-R9-Blue-Green-Version
Cache-Name
Viewport
X-Akamai-Transformed
Srv
Uber-Trace-Id
Webserver
X-CS
Accept-Charset
Time
X-NCache
X-APP-VERSION
X-Esi
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Tags
VIX-Pulpo-Node
Accept-CH-Lifetime
GEO-INFO
X-From
X-Cache-Remote
X-UA-Device-Type
X-Unique-Id
X-TT-TIMESTAMP
X-Cluster-Name
Cache-Key
X-Origin-CC
X-Origin-TTL
Mime-Version
X-Drupal-Cache-Contexts
X-Edge-Location
Accept-Language
X-Backend-TTL
X-Mode
Country
Odigeo-Trace-Id
X-EC-Lua
X-CDN-Forward
X-Microcachable
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-App-Version
X-Info
X-Forwarded-Host
X-Newrelic-Synthetics
Ohc-Cache-HIT
Ohc-File-Size
X-Geo
X-UnsetCookies
X-No-Session
X-Litespeed-Cache
X-Whom
Proxy-Connection
X-ApacheServer
X-PERF
X-Magnolia-Registration
X-B3-Spanid
X-Varnish-Cache-Hits
ServedBy
Content-Disposition
X-Proxied
X-Routing-Service
X-UPSTREAM-Address
X-Zipkin-Id
X-PHP-Host
Geo-Info
X-Labrador-Cache-Channel
X-Real-IP
Fastly-SSL
X-Device-Type
VivaBuild
X-A-Wwc
X-Trv-Group
X-Aed
X-Twitter-Response-Tags
X-Application
X-ARC
X-Transaction
X-Accel-Expires-Debug
X-A-Ccd
X-A-Dam
X-A-Dcw
Viewtype
X-A
AsisCache
IsBot
X-Request-UUID
X-Geo-Header
X-Rewrite-Enabled
X-External-Request-Id
GEO-REGION-INFO
Machine
MD5-Digest
X-Region-Sid
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
X-G
Fastcgi-X-Cache-Version
X-Rojux
BehaviorPad-Version
X-ScT
X-Destination
X-Session-Fingerprint
X-SIPLIST1
X-GeoIP-Country-Code
X-S-Cookie
Content-Script-Type
Content-Style-Type
T-Server
X-DPWN-IS-SECURE
X-S
X-SRCache-Key
X-A-Dgt
Cf-Ipcountry
X-VG-WebServer
X-D
X-Cache-Time
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Connection-Hash
X-B-Cookie
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Date
X-VG-WebCache
User-Cache-Control
X-C
X-NGENIX-Cache
X-Via-Fastly
Server-Int
X-Contensis-Viewer-Groups
X-App-Name
Fastly-Soc-X-Request-Id
X-Core-Mission
Access-Control-Request-Headers
X-Varnish-Authentication
RNT-Time
FNAC-ModuleRouting
X-WebServer
Server-Surrogate-Control
Server-Cache-Control
Apple-News-Services-Host
Gh-Request-Id
Powered-By
X-Logging-Id
Apple-News-Services-Handled
X-Auto-Login
Fastly-Backend-Name
Apple-News-Services-Request-Url
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Uri
X-Cache-URL
X-Rocket-Build-Number
Wxu-Next-Region
X-Thanos
Wxu-Next-Hostname
X-VG-TLSProxy
X-TrackingId
X-Bip
X-Sigma-Backend
X-Sigma
X-Cache-ASPX
X-VC-Cache
Wxu-Next-Commit
W
RNT-Machine
Environment
Locid
X-CUA
X-Tumblr-Pixel-3
X-Developers
X-Cache-Debug
X-Req
Apple-News-Services-Parsed-Url
X-Nginx-Cache-Key
X-GoCache-CacheStatus
X-Cache-Backend
X-Debug-Cookies
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
Request-Country
Request-EU
X-FW-Version
X-Rebelmouse-Surrogate-Control
X-Fastly-Cache
X-Origin-Date
Section-Io-Cache
X-Clara-WADP
X-OVcl
X-Cache-Bucket
Web-Mar-Node
We-Hiring
X-Cache-Info
X-Gamma-Serve
X-Block-Status
X-BBXSRF
X-Azure-Ref
X-Owner
X-AK-Request-ID
X-OVcl-Cache
X-Proxy-Upstream
X-Debug-Log
X-Distributor
X-Dispatcher-Server
X-Clientip
X-Cms-Context
X-Origin-Expires
True-Client-Country-4JS
X-Rebelmouse-Cache-Control
X-Cdn-Srv
V-Age
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Server-ID
AKAMAI
X-Sucuri-Cache
X-NX-Host
X-User
X-Key
X-Li-Fabric
X-VServer
X-Li-Pop
X-Micro-Cache
X-Urbn-Site-Id
X-TT-LOGID
X-Ms-Version
X-Gen-Mode
X-Ms-Request-Id
X-Internal-Host
X-Urbn-Context-Path
X-Irp-Debug
X-Render-Time
X-Hit
X-Agile-Age
X-Distil-CS
X-Location
X-LI-Proto
X-LI-UUID
X-Agile-Id
X-CGP
X-Agile
HA-Ipaddr
X-Webstats-RespID
X-We-Are-Hiring
X-WADP-Cache
X-Eu-Site
X-Epic-Correlation-Id
Ha-Gx-Prefs
CDCHOST
X-Varnish-Beresp-Grace
X-Instart-Isnd
Cache-Host
Cdncip
Cdnsip
X-GeoIP-City
X-Backend-State
X-Varnish-Beresp-Status
Mail-Subject
Country-Code
Countrycode
X-Generation-Time
Kp-EeAlive
Locale
IBM-Web2-Location
Heartbleed
Fastly-SIE
Fastly-SWR
X-Hash
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-TH-Server
X-Trace-Id
X-Debug-Cache-Store
X-Generated-In
X-Varnish-Beresp-Ttl
X-Swa-Ws
X-SVT-ORM-VERSION
Memcached
X-SVT-ORM-RULES
X-NodeID
X-Request-URI
X-IN-APIGATEWAY
X-Nc
HitType
X-B3-Parentspanid
X-Generated-On
X-Old-Content-Length
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-Has-Esi
X-ServiceProvider
Adler-Geo
X-Service
X-S-Maxage
Is-Eu
PFcat
X-Core-Value
X-Thinkindot-L3
X-Server-W
X-Variation
X-Up
X-Trafficlayer-App-Version
Platform
ServerName
Thinkindot-CacheControl
Server-Host
Thinkindot-CacheControl-Type
X-Platform-Server
X-Cache-Tags
X-Reboot
Thinkindot-Control
X-TA-CDN-Provider
X-Daa-Tunnel
X-B3-SpanId
X-Nginx-Cache
X-Fetched-On
Cache-Hits
X-Refresh
X-Response-By
X-Lb-Id
X-SERVER
RequestId
X-Servername
X-Tb-Optimization-Total-Bytes-Saved
X-Server-IP
X-CSRF-TOKEN
X-CF-Powered-By
X-Cdn-Forward
X-Tec-Api-Origin
Memory
X-Parent-Response-Time
ProcessTime
X-Tec-Api-Root
X-Tec-Api-Version
X-Wa
X-Air-Hostname
X-Pjax-Url
X-Cdn-Request-ID
Origin
Media-Length
X-NC
X-Ua
X-Unique-ID
X-BACKEND-TTL
Pragrma
User-Agent
X-Var-Ttl
Group
X-Cache-Expired-At
Filterid
X-Sucuri-Id
TTL
X-CSRF-Token
X-Correlation-ID
SRV
Geoip-Latitude
S-Cnection
Powered-By-ChinaCache
X-Pf-Uncompressing
X-COUNTRY
X-Vcl-Version
X-NGINX-Cache
Esi-Enabled
GeoIp-Country-Code
X-AIR-PT
X-Reqid
X-Rocket-Nginx-Bypass
X-Policy
X-TIME
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Varnish-Cacheable
X-Servedbyhost
SN
X-Sucuri-ID
X-Webkit-CSP
X-Request-Start
X-Azure-Ref-OriginShield
PICS-Label
HostName
Dnion-Transfer-Encoding
Rt-Proxy-Cache
X-Via-Ucdn
Geoip-City
X-Via-CDN
XServer
X-HS-Status
M-TraceId
X-Developer
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
X-Fastly-Country-Code
Tcn
X-Cdn-Origin
X-Ocache
X-Sn-Servicetimems
X-Method
X-Cache-Grace
X-Node-Id
X-LAGOON
X-Device-Os
Magicmarker
X-Cache-Ttl
Who
On-Server
Cdn
Load-Balancing
Resin-Trace
X-VHOST
X-Ftr-Cache-Host
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
Pics-Label
CF-Cached-On
X-ServedByHost
A
DSUID
Ohc-Response-Time
X-Be
Cloudfront-Viewer-Country
Release
NtCoent-Length
GeoIP-Country-Code
X-VCL-Version
X-Svr
X-DC
X-MServer
X-VCT
X-Bc
X-Oss-Request-Id
X-Oss-Object-Type
GeoIP-Latitude
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Cache-Status-Check
X-APP
X-Oss-Storage-Class
Vix-Hermes-Req-Id
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Trace
X-Zone
MIME-Version
Hostname
X-Oracle-Dms-Rid
X-Hp-Ccpa-Warning
Cteonnt-Length
GeoIP-City
X-Varnish-Url
X-PF-Uncompressing
X-Fastly-Backend-Reqs
Ttl
X-Varnish-URL
X-VarnishDD-TTL
X-LiteSpeed-Cache-Control
Host-ID
X-Configured-By
X-Newrelic-App-Data
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
X-Ftr-Request-Id
X-Upstream-Ct
X-SRV
X-Upstream-Ht
X-SD-PageType
SD-X-WS
X-HostName
X-Ratelimit-Remaining
X-WR-MODIFICATION
CACHE
X-Slack-Backend
X-Cache-Id
X-Compress-Hint
Processtime
X-SN
X-BE
X-Tid
X-Dynatrace
X-Aicache-OS
Servername
X-Dynatrace-Js-Agent
X-Release
X-Via-NSCOPI
X-Swift-Error
L
X-Action
X-RPM
X-RPS
X-RSL
X-DW
X-DSS
X-DB
X-DI
X-ID
Cache-Provider
WebServer
X-Frame-Option
X-Ftr-Dc
CF-IPCountry
X-StackifyID
X-Ftr-Realm
X-Fastly-Cache-Hits
X-Ratelimit-Limit
X-PAYTM-SRV-ID
Pagetype
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Cache-FS-Status
X-Dispatch
X-Processor
Pramga
Arc-Country
Lfy
X-Skip-Cache
X-Server-Time
X-Ftr-Backend
Dynatrace
X-Scheme
X-ServerName
Requestid
LB
X-LB-ID
X-Snapshot-Date
CDN
X-Branch-Name
X-CACHE-AGE
X-Node-ID
D-Cc-Upstream
X-Apw-Hits
X-Cc-Via
X-Cc-Req-Id
X-Apw-Access-Action
Cache-Cookie-Set-From
X-FPC
Fastly-Drupal-HTML
Warning
X-Apw-Access-Object
X-Apw-Access-Token
Cache-Cookie-Set-Idcheck
X-Edge-IP
X-ABtesting
V-Cache
Proxy-Firewall
X-ZONE
X-Flog
UCS
X-Varnish-Beresp-TTL
X-VC
X-ND-Cache
X-SB
X-Request-Url
Cache-Cookie-Set-Lfrom
X-Hello
X-DevSite-Last-Modified
NnCoection
X-Fpc
X-Served-From
N-Cache
X-Request-URL
X-ElasticPress-Search
X-BC
Lb
WP-Super-Cache
X-Worker
X-Litespeed-Cache-Control
X-Powered-Y
Backend-Name
Correlation-Id
X-App
X-Check-Cacheable
X-Fastly-Cache-Status