Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-DNS-Prefetch-Control
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
Upgrade
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-AH-Environment
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Ws-Request-Id
X-Hacker
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
Report-To
X-Server-Id
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-ORACLE-DMS-ECID
X-Application-Context
X-DataDome
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
X-Clacks-Overhead
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-Varnish-TTL
Accept-Ch
X-DynaTrace
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-FTR-Request-ID
X-ESI
Accept-Ch-Lifetime
Verso
X-TTL
X-B3-TraceId
X-Powered-By-Plesk
Service-Worker-Allowed
X-Cdn
X-Url
Content-MD5
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-Use-Magma
Edge-Cache-Tag
RTSS
Ar-Sid
AR-ATIME
AR-CACHE
AR-PoweredBy
AR-Request-ID
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
X-NF-Request-ID
Charset
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Accel-Expires
X-Cached
X-Powered-CMS
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Middleton-Response
Response
X-Vcap-Request-Id
X-Navigation-Version
Pinterest-Version
X-Pinterest-Rid
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
S
X-Fastly-Request-ID
X-Upstream
X-Ser
MS-Author-Via
X-Shard
X-DynaTrace-JS-Agent
X-Id
SPRequestDuration
SPIisLatency
X-Hp-Webp
MRF-Tech
X-Mrf-Item-Lastmod
Nginx-Cache
X-Ezoic-Cdn
X-Forwarded-For
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Amzn-Trace-Id
X-Recruiting
X-T
X-Grace
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
Nel
X-Content-Digest
NR-ENABLED
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Powered
X-Goog-Stored-Content-Encoding
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Storage-Class
X-Frontend
X-Goog-Metageneration
X-Goog-Generation
X-FTR-Expires
X-FTR-Cache-Status
X-Country-Code-Real
X-Edge-O15-RID
Server-Name
Alternate-Protocol
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-Cache-TTL
X-Logged-In
TP-Cache
TP-L2-Cache
Server-Node
X-Correlation-Id
X-Webkit-Csp
AMP-Access-Control-Allow-Source-Origin
X-Jurisdiction
X-XRDS-Location
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-Request-Processing-Time
X-Request-Received
X-ATS-Timestamp
X-Server-ID
Upgrade-Insecure-Requests
X-Shield-Request-Id
X-Webapp-Samesite-None-Activated-N
X-Origin-Server
X-Page-Id
Refresh
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Content-Options
X-Revision
X-Cache-Hit
X-F-Cache
X-Akamai-Edgescape
X-Amzn-RequestId
X-Rid
X-Amz-Apigw-Id
X-Type
X-Varnish-Grace
X-XRDS-LOCATION
Fastly-Restarts
X-Content-Powered-By
X-B3-Sampled
X-Zen-Fury
X-URL
X-Geo-Country
X-Pad
X-Analytics
X-Activity-Id
X-Az
X-AppVersion
X-LB-Cache
X-B
X-N
X-RateLimit-Remaining
X-Ttl
X-Kinsta-Cache
X-FTR-Cache-Host
X-Ruxit-Js-Agent
PB-PID
PB-RID
X-TT
X-CST
X-Cache-Age
X-WebKit-CSP-Report-Only
Cache-Status
X-Jobs
X-AOL-HN
X-Mobile-Rewrite
X-Request-Guid
Arc-Version
X-Signature
X-B-Cache
X-App-Environment
DC
Paypal-Debug-Id
X-Instance
X-Framework
X-Tumblr-Pixel-0
Actual-Object-TTL
Access-Control-Allow-Method
X-Debug-Info
X-Tumblr-User
X-Tumblr-Pixel
X-PHP-Backend
X-FB-Debug
X-Load-Cache
X-Cache-Action
X-Time
X-Varnish-Backend
Fastcgi-Useragent
X-Erf-Bev-Bev-Is-Generated
X-Git-Hash
X-Erf-Bev-Bev
Surrogate-Key
FilterID
Host-Header
X-Tt-Trace-Tag
X-Cached-By
X-Contextid
X-IPLB-Instance
MS-CV
X-Amz-Replication-Status
X-Tt-Trace-Host
X-Cluster
X-SS-Set-Cookie
Tracecode
X-ATG-Version
X-FastCGI-Cache
NGB
X-Response-Served-From
Frame-Options
X-Accel-Buffering
X-FW-Static
X-FW-Hash
X-Cache-NE
X-FW-Server
X-WA-Info
X-FW-Serve
X-FW-Type
X-RequestSource
Host
Eomportal-Instance
X-Region
Xserver
X-Cache-2
Payment
X-Varnish-Server
WPE-Backend
X-TX-ID
X-Is-Bot
X-Cacheable-TTL
X-Host-Name
X-Mobile
X-Cache-Enabled
X-Rendered-As
Source
X-Adobe-Content
X-Adobe-Loc
X-GeoIP
X-IPS-LoggedIn
Filters
X-Cache-Key
X-Oneagent-Js-Injection
X-Varnish-Hostname
X-Srv
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Kong-Proxy-Latency
X-NewRelic-App-Data
X-Kong-Upstream-Latency
Cleartype
X-Seen-By
X-Cache-Operation
X-Cache-Rule
X-EdgeConnect-Cache-Status
X-Origin-Response-Time
X-Via-JSL
X-Cache-TTL-Remaining
X-Hostname
Cache
X-VCache
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-PressLabs-Stats
X-Cache-Control
Healthy
X-HTML-Minification-Powered-By
Datacenter
Retry-After
X-Trafficlayer-App-Name
Server-Info
X-Trafficlayer-App-Scope
X-ProcessESI
X-RemovedCookies
X-CACHE-KEY
X-RTag
Ms-Operation-Id
X-RateLimit-Limit
X-Dc
X-Presslabs-Stats
Liferay-Portal
X-Source
X-Rule
X-NWS-LOG-UUID
X-Cache-Server
X-Environment-Context
X-UA
X-L-Path
From-Origin
X-FireWall-Port
X-Wix-Request-Id
Version
X-Endurance-Cache-Level
X-Status
X-Upgrade-Enabled
X-Cache-Var
Meta-Geo
X-B3-Traceid
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
X-Path-Route
X-Handled-By
X-Proxy-Build
Mn-Server-Ip
X-RCS-CacheZone
X-Content-Age
Selected-Fe
OT-Force-Account-Verify
X-Timing-Wait
X-Backend-Name
X-AWS-Id
X-Alternate-Cache-Key
TWC-GeoIP-Country
X-Storage
TWC-Device-Class
X-Shopify-Stage
X-Tb
TWC-GeoIP-LatLong
X-VWS-Id
TWC-Locale-Group
Azure-SiteName
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Section
X-Request-Time
Azure-Version
Cache-Tags
X-Format
Azure-SlotName
Akamai-GRN
Azure-RegionName
Azure-InstanceId
X-Akamai-Request-ID
X-Shopify-Generated-Cart-Token
X-Goog-Meta-Goog-Reserved-File-Mtime
Webcakes-App-Version
Webcakes-App-Name
Property-Id
X-FW-Dynamic
X-EIG-Tracking-Id
Webcakes-Region
X-LJ-Flow-ID
X-Origin-Hint
X-ShardId
X-ShopId
X-Access
X-Qloud-Router
X-Proto
TWC-Privacy
TWC-Connection-Speed
NGX
Decoy-Debug-TTL
Decoy-Debug-Key
Ec-Rule-Version
Node
Origin-Edge-Control
Origin-Cache-Control
S-Rt
X-UUID
X-Viewer-Country
X-Web-Node
X-Vgn-Hpd-Reason
X-Time-Microsecs
X-ServerID
X-Soup
X-Xfnlog-Site
X-BYPASS-REASON
X-ProxyCache-Key
X-ProxyCache-Status
X-PCL
X-Origin
X-Human
X-OCL
X-SaId
X-Redis-Cache
X-FC-Vary-Parameters
X-Generated-By
X-Debug-Cache
X-Cluster-Node
X-Cache-Config
X-Cache-Host
X-Hl-Ver
X-Hosted-By
X-Proxy-Cache-Status
X-Pubstack
X-Proxy
X-JoinUs
X-Hyper-Cache
X-Akamai-Request-ID2
Decoy-Debug-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
Accept-CH
X-App-Server
X-SayCDN-TTL
Now
X-Say-Cacheable
X-Site-Version
X-BCube-Filmed-By
X-Detected-As
X-Generated
X-IP
X-CCM
X-MP-GENERATED-AT
X-Locale
X-Say-TTL
Cross-Origin-Window-Policy
X-Varnish-Hits
X-Www-Served-By
DB-Nickname
X-TNCMS
L5d-Success-Class
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-R9-Blue-Green-Version
X-Amzn-Remapped-Content-Length
X-Loop
Cache-Name
Viewport
X-Akamai-Transformed
X-CS
Srv
Uber-Trace-Id
Webserver
Accept-Charset
Time
X-APP-VERSION
X-NCache
X-Unique-Id
X-Esi
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Drupal-Cache-Tags
GEO-INFO
Accept-CH-Lifetime
X-UA-Device-Type
X-Cache-Remote
X-From
X-Backend-TTL
X-TT-TIMESTAMP
Cache-Key
X-CDN-Forward
X-Cluster-Name
Mime-Version
X-Origin-CC
X-Drupal-Cache-Contexts
X-Origin-TTL
X-Edge-Location
Accept-Language
Country
X-Mode
Odigeo-Trace-Id
X-EC-Lua
X-Microcachable
X-CLOUD-TRACE-CONTEXT
Rt-Fastcgi-Cache
X-App-Version
X-Newrelic-Synthetics
X-Forwarded-Host
X-Info
Ohc-File-Size
Ohc-Cache-HIT
X-Geo
X-No-Session
X-UnsetCookies
X-Whom
X-ApacheServer
X-B3-Spanid
X-Magnolia-Registration
X-PERF
Proxy-Connection
X-Proxied
X-UPSTREAM-Address
X-Zipkin-Id
Content-Disposition
ServedBy
X-Varnish-Cache-Hits
X-Routing-Service
X-Litespeed-Cache
Geo-Info
X-Labrador-Cache-Channel
X-PHP-Host
X-Real-IP
Fastly-SSL
X-Device-Type
X-CF-Lambda-Version
T-Server
Viewtype
X-Connection-Hash
VivaBuild
X-CF-Lambda-Fn
Cf-Ipcountry
X-A-Ccd
X-Aed
X-Application
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
X-A-Wwc
Rendered-Blocks
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A
X-Session-Fingerprint
X-Twitter-Response-Tags
X-Cache-Time
X-Vdms-Version
X-VG-WebCache
X-Trv-Group
X-Transaction
X-SIPLIST1
X-SRCache-Key
X-D
X-VG-WebServer
X-Vtex-Processado-Em
BehaviorPad-Version
Fastcgi-X-Cache-Version
Content-Style-Type
AsisCache
GEO-REGION-INFO
X-Vtex-Remote-Cache
IsBot
Xc-Version
X-ScT
Machine
Meta-Geo-Continent
Content-Script-Type
X-Region-Sid
X-GeoIP-Country-Code
X-Geo-Header
X-External-Request-Id
X-G
X-S-Cookie
X-DPWN-IS-SECURE
MD5-Digest
X-S
X-Date
X-Request-UUID
X-Rojux
X-Destination
X-Rewrite-Enabled
Mobile-Detection-Method
X-C
User-Cache-Control
X-Via-Fastly
X-NGENIX-Cache
Powered-By
Environment
RNT-Time
Locid
Server-Cache-Control
RNT-Machine
FNAC-ModuleRouting
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
Gh-Request-Id
X-Nginx-Cache-Key
X-Wikidot-Static-Cache
Apple-News-Services-Handled
Apple-News-Services-Host
X-Wikidot-Backend
X-WebServer
X-Varnish-Authentication
X-VC-Cache
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Sigma-Backend
X-VG-TLSProxy
X-Sigma
X-Rocket-Build-Number
W
X-App-Name
X-TrackingId
X-Thanos
X-Auto-Login
X-Bip
X-Cache-ASPX
Wxu-Next-Region
Wxu-Next-Hostname
Server-Surrogate-Control
Wxu-Next-Commit
X-Cache-Debug
Access-Control-Request-Headers
X-Logging-Id
X-Req
X-Developers
X-CUA
X-Contensis-Viewer-Groups
X-Core-Mission
Server-Int
X-Cache-URL
X-Uri
X-Cache-Backend
X-GoCache-CacheStatus
X-NodeID
X-Ms-Version
X-AK-Request-ID
X-NX-Host
X-Origin-Expires
X-Origin-Date
X-Ms-Request-Id
X-Azure-Ref
X-LI-UUID
X-LI-Proto
X-BBXSRF
X-Micro-Cache
True-Client-Country-4JS
X-OVcl
X-Rebelmouse-Surrogate-Control
X-Proxy-Upstream
We-Hiring
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
V-Age
Web-Mar-Node
X-Varnish-Beresp-Ttl
X-OVcl-Cache
X-Block-Status
X-Owner
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Fastly-Cache
X-Cache-Bucket
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Hash
X-GeoIP-City
X-Debug-Log
X-Generated-In
X-Gamma-Serve
X-FW-Version
X-Distributor
X-Dispatcher-Server
X-Gen-Mode
X-Hnp-Log
X-IN-APIGATEWAY
X-Key
X-Cdn-Srv
X-Cache-Info
X-Li-Fabric
X-Request-URI
X-Irp-Debug
X-Internal-Host
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Cms-Context
X-Clientip
X-Clara-WADP
X-Li-Pop
X-Rebelmouse-Cache-Control
X-Agile
Kp-EeAlive
X-Agile-Age
IBM-Web2-Location
X-Agile-Id
Heartbleed
HA-Ipaddr
Locale
Cache-Host
X-We-Are-Hiring
Mail-Subject
CDCHOST
Ha-Gx-Prefs
X-Backend-State
X-CGP
Country-Code
Countrycode
X-Render-Time
X-Sucuri-Cache
Cdncip
Cdnsip
X-Hit
X-Eu-Site
X-Distil-CS
Fastly-SWR
Fastly-SIE
AKAMAI
X-Epic-Correlation-Id
Memcached
X-Webstats-RespID
Request-EU
X-SVT-ORM-RULES
X-Urbn-Context-Path
Server-ID
X-SVT-ORM-VERSION
X-Swa-Ws
X-Tumblr-Pixel-3
X-Urbn-Site-Id
Section-Io-Cache
X-VServer
X-WADP-Cache
Request-Country
X-Trace-Id
X-TH-Server
X-User
X-B3-Parentspanid
HitType
X-Server-W
X-Generation-Time
X-Generated-On
X-Reboot
X-ServiceProvider
X-Service
X-Thinkindot-L3
X-TT-LOGID
X-Level-Front-Cache
X-JWT-State
X-Nc
X-Variation
X-Matched-Rule
X-Is-Gdpr
X-Up
X-Trafficlayer-App-Version
X-Platform-Server
X-Location
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-Has-Esi
X-S-Maxage
Is-Eu
X-Cache-Tags
Thinkindot-CacheControl
X-Core-Value
Thinkindot-CacheControl-Type
Adler-Geo
Server-Host
Thinkindot-Control
PFcat
Platform
ServerName
X-TA-CDN-Provider
X-Daa-Tunnel
X-B3-SpanId
X-Nginx-Cache
X-Fetched-On
X-Response-By
X-Lb-Id
X-Refresh
Cache-Hits
X-SERVER
X-Servername
RequestId
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-TOKEN
X-Server-IP
X-CF-Powered-By
Memory
X-Tec-Api-Root
ProcessTime
X-Parent-Response-Time
X-Tec-Api-Version
X-Tec-Api-Origin
Origin
X-Ua
Media-Length
X-Pjax-Url
X-NC
X-Cdn-Request-ID
X-Wa
X-Air-Hostname
X-Cdn-Forward
X-Cache-Expired-At
Pragrma
X-Var-Ttl
Group
User-Agent
Filterid
X-CSRF-Token
X-Sucuri-Id
X-Correlation-ID
SRV
X-Unique-ID
X-BACKEND-TTL
TTL
Geoip-Latitude
Powered-By-ChinaCache
X-Pf-Uncompressing
S-Cnection
X-AIR-PT
X-Vcl-Version
X-Reqid
X-COUNTRY
GeoIp-Country-Code
X-NGINX-Cache
Esi-Enabled
X-Rocket-Nginx-Bypass
X-Planisys-CDN-TTL
SN
X-Planisys-CDN-Cache
X-Servedbyhost
X-Varnish-Cacheable
X-Planisys-CDN-Rules
X-TIME
X-Policy
X-Sucuri-ID
X-Request-Start
X-Webkit-CSP
PICS-Label
X-Azure-Ref-OriginShield
HostName
X-Via-CDN
Rt-Proxy-Cache
X-Via-Ucdn
Geoip-City
Dnion-Transfer-Encoding
XServer
M-TraceId
X-HS-Status
X-Developer
X-NWS-UUID-VERIFY
X-FORWARDED-FOR
Magicmarker
X-Sn-Servicetimems
X-Node-Id
X-LAGOON
X-Fastly-Country-Code
X-Cdn-Origin
X-Cache-Grace
Tcn
X-Method
X-Device-Os
X-Cache-Ttl
On-Server
X-Ocache
Resin-Trace
Who
Cdn
Load-Balancing
X-Ftr-Cache-Host
X-VHOST
Pics-Label
CF-Cached-On
A
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
X-ServedByHost
Ohc-Response-Time
DSUID
NtCoent-Length
Release
Cloudfront-Viewer-Country
X-Be
X-VCL-Version
GeoIP-Country-Code
X-Svr
X-DC
X-VCT
X-MServer
X-Bc
X-Beluga-Status
X-Oss-Hash-Crc64ecma
X-Beluga-Response-Time
Ttl
X-Dynatrace-Js-Agent
X-Beluga-Record
X-Beluga-Node
X-Oss-Storage-Class
GeoIP-Latitude
X-Oss-Request-Id
Vix-Hermes-Req-Id
X-Oss-Object-Type
X-APP
X-Zone
X-Beluga-Cache-Status
X-Cache-Status-Check
X-Beluga-Trace
X-Oss-Server-Time
X-Oracle-Dms-Rid
X-Hp-Ccpa-Warning
Hostname
MIME-Version
X-Fastly-Backend-Reqs
X-VarnishDD-TTL
Cteonnt-Length
X-SRV
X-Varnish-Url
X-PF-Uncompressing
X-Varnish-URL
GeoIP-City
X-LiteSpeed-Cache-Control
X-Configured-By
Host-ID
X-Newrelic-App-Data
X-PJAX-URL
X-Ftr-Request-Id
X-SD-PageType
X-Upstream-Ht
SD-X-WS
X-Upstream-Ct
X-WR-MODIFICATION
X-HostName
X-Ratelimit-Remaining
X-BE
X-Tid
X-Dynatrace
X-Aicache-OS
Processtime
X-SN
X-Cache-Id
X-Compress-Hint
X-Slack-Backend
Servername
X-Swift-Error
X-RPM
X-RSL
X-DW
X-ID
X-RPS
X-DSS
X-DB
X-Action
X-DI
Cache-Provider
X-Release
X-Via-NSCOPI
L
WebServer
CACHE
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
X-Ratelimit-Limit
Dynatrace
X-PAYTM-SRV-ID
X-Ftr-Realm
X-Fastly-Cache-Hits
X-Scheme
X-ServerName
X-Skip-Cache
X-StackifyID
Lfy
CF-IPCountry
X-Server-Time
LB
Pagetype
X-Dispatch
X-Snapshot-Date
X-Ftr-Backend-Server
X-LB-ID
X-Branch-Name
X-Ftr-Dc
CDN
X-Processor
X-Ftr-Balancer
X-Cache-FS-Status
X-Ftr-Backend
Arc-Country
Pramga
Requestid
X-CACHE-AGE
X-VC
X-FPC
X-Varnish-Beresp-TTL
X-SB
X-ZONE
X-Cc-Via
X-Cc-Req-Id
D-Cc-Upstream
Warning
Cache-Cookie-Set-Lfrom
X-Edge-IP
UCS
X-DevSite-Last-Modified
X-Request-Url
X-Flog
Cache-Cookie-Set-From
X-Hello
Cache-Cookie-Set-Idcheck
Fastly-Drupal-HTML
X-Apw-Hits
X-ABtesting
V-Cache
X-Apw-Access-Action
X-Node-ID
X-Apw-Access-Object
Proxy-Firewall
X-Apw-Access-Token
X-ND-Cache
NnCoection
X-Served-From
N-Cache
X-Fpc
Correlation-Id
X-App
X-BC
Backend-Name
Lb
X-Litespeed-Cache-Control
X-Worker
WP-Super-Cache
X-Check-Cacheable
X-Request-URL
X-Powered-Y
X-ElasticPress-Search
X-Fastly-Cache-Status