Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
Status
X-Buckets
X-Content-Security-Policy
Content-Encoding
Upgrade
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Server-Id
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-OneAgent-JS-Injection
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HW
X-Application-Context
X-DataDome
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
Rating
X-Rack-Cache
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-DynaTrace
X-Varnish-TTL
X-Ruxit-JS-Agent
X-Country-Code
Allow
X-Instart-Request-ID
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
Accept-Ch
X-TTL
X-FTR-Request-ID
Verso
X-ESI
X-Powered-By-Plesk
X-Url
Service-Worker-Allowed
Content-MD5
Accept-Ch-Lifetime
X-B3-TraceId
X-Cdn
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Use-Magma
X-Kinja-Revision
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Kinja-Server
X-Exp-Id
Edge-Cache-Tag
RTSS
Ar-Sid
X-Px
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Debug
X-D2id
X-Abt-Application-Version
Charset
X-Server-Name
X-NF-Request-ID
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
X-Powered-CMS
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Vcap-Request-Id
Display
X-Middleton-Display
X-Sol
Pagespeed
X-Middleton-Response
Response
X-Navigation-Version
X-Trace
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-SharePointHealthScore
TCN
X-VARITI-CCR
Public-Key-Pins
Realpath
X-Fastcgi-Cache
Cache-Tag
Access-Control-Request-Method
X-Client-IP
S
X-Fastly-Request-ID
X-Upstream
X-DynaTrace-JS-Agent
X-Ser
MS-Author-Via
X-Shard
X-Id
SPIisLatency
SPRequestDuration
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
X-Mrf-Item-Lastmod
Nginx-Cache
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
X-T
X-Amzn-Trace-Id
X-Recruiting
X-Grace
X-Forwarded-For
Front-End-Https
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
Powered
X-Frontend
X-Edge-O15-RID
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Country-Code-Real
X-FTR-Expires
Server-Name
X-FTR-Cache-Status
Nel
Alternate-Protocol
X-Logged-In
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
TP-Cache
TP-L2-Cache
X-Cache-TTL
X-Correlation-Id
Server-Node
AMP-Access-Control-Allow-Source-Origin
X-Webkit-Csp
X-Request-Processing-Time
X-Shield-Request-Id
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-Jurisdiction
X-Webapp-Samesite-None-Activated-N
Upgrade-Insecure-Requests
X-Content-Security-Policy-Report-Only
X-Page-Id
Refresh
X-XRDS-Location
X-Origin-Server
X-Content-Options
X-Rid
X-Revision
X-Cache-Hit
X-User-Agent
X-ATS-Timestamp
X-F-Cache
Backend-Timing
X-Akamai-Edgescape
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Server-ID
X-Varnish-Grace
X-XRDS-LOCATION
X-Ruxit-Js-Agent
X-Type
Fastly-Restarts
X-Content-Powered-By
X-Geo-Country
X-Pad
X-Zen-Fury
X-Activity-Id
X-AppVersion
X-B3-Sampled
X-LB-Cache
X-Az
X-N
X-B
X-URL
X-Analytics
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
PB-PID
PB-RID
X-TT
Arc-Version
X-Cache-Age
X-AOL-HN
X-Mobile-Rewrite
X-WebKit-CSP-Report-Only
X-Framework
X-CST
X-Tumblr-Pixel-0
X-Request-Guid
X-Jobs
X-Tumblr-User
X-Tumblr-Pixel
X-Instance
X-App-Environment
DC
Actual-Object-TTL
X-Oneagent-Js-Injection
Paypal-Debug-Id
X-Debug-Info
Access-Control-Allow-Method
Cache-Status
X-B-Cache
X-Signature
X-FB-Debug
X-PHP-Backend
X-Load-Cache
X-Cache-Action
X-Git-Hash
Surrogate-Key
Fastcgi-Useragent
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
Host-Header
X-Ttl
X-Cached-By
X-Tt-Trace-Tag
FilterID
MS-CV
X-Contextid
X-FastCGI-Cache
X-IPLB-Instance
X-Amz-Replication-Status
X-Time
X-SS-Set-Cookie
X-Tt-Trace-Host
X-Cluster
X-Cache-Key
X-ATG-Version
Tracecode
Frame-Options
X-Accel-Buffering
NGB
X-Response-Served-From
WPE-Backend
X-Srv
X-Varnish-Server
Source
X-WA-Info
Payment
Eomportal-Instance
X-FW-Static
X-FW-Server
Filters
X-Cacheable-TTL
Accept-CH
X-FW-Serve
X-FW-Type
X-Adobe-Content
X-Varnish-Hostname
X-RequestSource
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Cache-Tv-Group
Host
X-FW-Hash
X-Adobe-Loc
X-Cache-NE
X-Cache-Enabled
X-Region
X-Cache-2
X-Is-Bot
X-TX-ID
X-Host-Name
X-Rendered-As
X-Mobile
X-GeoIP
X-IPS-LoggedIn
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Cleartype
X-NewRelic-App-Data
X-Seen-By
Xserver
X-Cache-Rule
X-Cache-Operation
X-EdgeConnect-Cache-Status
X-Via-JSL
X-Hostname
Cache
X-Origin-Response-Time
X-Cache-TTL-Remaining
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Healthy
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Control
X-VCache
X-HTML-Minification-Powered-By
Datacenter
Retry-After
Accept-CH-Lifetime
X-Dc
X-ProcessESI
X-RemovedCookies
Server-Info
X-PressLabs-Stats
X-UA
Ms-Operation-Id
X-RTag
X-Presslabs-Stats
X-B3-Traceid
X-Rule
Liferay-Portal
X-RateLimit-Limit
X-NWS-LOG-UUID
X-Cache-Server
From-Origin
X-Environment-Context
X-Wix-Request-Id
Version
X-L-Path
X-Status
X-FireWall-Port
X-Source
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-CACHE-KEY
X-Esi
X-ES-SERVER
X-RN-RSRV
X-Handled-By
X-Cache-Var-Map
Meta-Geo
X-Path-Route
X-Cache-Var
OT-Force-Account-Verify
Selected-Fe
X-Proxy-Build
X-Timing-Wait
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-UUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-ShopId
X-ShardId
X-Shopify-Generated-Cart-Token
X-Backend-Name
X-Sorting-Hat-ShopId
X-Tb
X-EIG-Tracking-Id
X-Storage
X-Shopify-Stage
X-Proto
X-Hyper-Cache
Origin-Cache-Control
Origin-Edge-Control
S-Rt
X-Time-Microsecs
X-Cache-Config
X-BYPASS-REASON
Property-Id
Cache-Tags
X-Viewer-Country
Azure-RegionName
Decoy-Debug-Status
Azure-InstanceId
Azure-SiteName
Azure-SlotName
DB-Nickname
Decoy-Debug-Key
Decoy-Debug-TTL
Akamai-GRN
TWC-Connection-Speed
Node
Now
NGX
Azure-Version
X-Web-Node
X-Section
X-Vgn-Hpd-Reason
TWC-Privacy
X-Pubstack
X-ProxyCache-Status
X-Redis-Cache
X-SaId
X-Hl-Ver
X-ServerID
X-ProxyCache-Key
X-Proxy
X-OCL
X-JoinUs
X-Origin
X-PCL
X-Hosted-By
X-Request-Time
X-Format
Webcakes-App-Name
Webcakes-App-Version
X-Human
TWC-Locale-Group
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
X-Akamai-Request-ID
X-Qloud-Router
X-Access
X-Origin-Hint
X-FW-Dynamic
X-FC-Vary-Parameters
TWC-Device-Class
Ec-Rule-Version
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-MP-GENERATED-AT
X-Www-Served-By
X-BCube-Filmed-By
X-SayCDN-TTL
X-AWS-Id
X-Varnish-Hits
X-CCM
X-Site-Version
X-Soup
X-IP
X-Akamai-Request-ID2
X-Locale
X-Cluster-Node
X-Debug-Cache
X-VWS-Id
X-Xfnlog-Site
X-RCS-CacheZone
X-NYM-Debug-Backend
X-Generated
X-Cache-Host
X-App-Server
X-Say-TTL
X-LJ-Flow-ID
X-Proxy-Cache-Status
X-Say-Cacheable
X-Generated-By
X-Amzn-Remapped-Content-Length
X-APP-VERSION
X-FB-TRIP-ID
Mn-Server-Ip
X-Detected-As
Cross-Origin-Window-Policy
L5d-Success-Class
X-TNCMS
X-Loop
Cache-Name
X-R9-Blue-Green-Version
Viewport
Webserver
Uber-Trace-Id
X-CS
Accept-Charset
Time
Srv
X-Akamai-Transformed
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Unique-Id
X-Drupal-Cache-Tags
GEO-INFO
X-NCache
X-From
X-Cache-Remote
X-UA-Device-Type
X-Edge-Location
X-Cluster-Name
X-TT-TIMESTAMP
Cache-Key
X-Drupal-Cache-Contexts
X-Origin-CC
X-Backend-TTL
X-Origin-TTL
X-EC-Lua
X-CDN-Forward
Country
Mime-Version
Accept-Language
X-Mode
Odigeo-Trace-Id
X-B3-Spanid
X-Newrelic-Synthetics
X-Microcachable
Rt-Fastcgi-Cache
Ohc-Cache-HIT
Ohc-File-Size
X-Forwarded-Host
X-Geo
X-No-Session
X-Info
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-Magnolia-Registration
X-Routing-Service
X-Zipkin-Id
X-Varnish-Cache-Hits
X-Whom
Content-Disposition
ServedBy
X-UPSTREAM-Address
X-Proxied
X-Labrador-Cache-Channel
X-PHP-Host
X-ApacheServer
X-UnsetCookies
X-PERF
X-Real-IP
Fastly-SSL
X-Cache-Time
Cf-Ipcountry
X-Transaction
X-SRCache-Key
X-A-Dam
VivaBuild
X-G
X-A
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Trv-Group
X-Geo-Header
X-A-Ccd
X-A-Dcw
X-S-Cookie
X-B-Cookie
X-ScT
X-ARC
X-S
X-Application
X-Rojux
X-Rewrite-Enabled
X-Request-UUID
X-A-Wwc
X-A-Dgt
X-Region-Sid
X-Session-Fingerprint
X-Aed
X-Accel-Expires-Debug
X-Twitter-Response-Tags
Viewtype
GEO-REGION-INFO
X-Vtex-Remote-Cache
Rendered-Blocks
Fastcgi-X-Cache-Version
X-Date
X-VG-WebServer
X-Vtex-Processado-Em
X-App-Version
Mobile-Detection-Method
Xc-Version
Machine
X-DPWN-IS-SECURE
X-Destination
Meta-Geo-Continent
MD5-Digest
X-VG-WebCache
X-D
T-Server
X-External-Request-Id
AsisCache
BehaviorPad-Version
X-Connection-Hash
X-GeoIP-Country-Code
Content-Script-Type
Content-Style-Type
X-Vdms-Version
X-Via-Fastly
Geo-Info
Access-Control-Request-Headers
X-Device-Type
User-Cache-Control
X-Logging-Id
X-Uri
X-Rocket-Build-Number
Powered-By
Server-Cache-Control
Server-Surrogate-Control
Gh-Request-Id
Environment
W
X-Auto-Login
X-Cache-ASPX
X-Sigma-Backend
X-Bip
X-TrackingId
X-Cache-Debug
X-SIPLIST1
X-Thanos
IsBot
X-Tumblr-Pixel-3
X-Sigma
X-WebServer
X-Cache-Backend
X-Contensis-Viewer-Groups
X-VC-Cache
X-Varnish-Authentication
X-VG-TLSProxy
ServerName
X-C
X-NGENIX-Cache
Request-EU
X-CUA
Server-ID
X-Epic-Correlation-Id
X-Irp-Debug
Section-Io-Cache
X-Debug-Cache-Fetch
X-Li-Pop
X-Debug-Log
Memcached
X-LI-Proto
X-Distil-CS
X-Debug-Cookies
X-Li-Fabric
X-Debug-Cache-Expiry
X-Hnp-Log
X-Debug-Cache-Store
X-Key
Request-Country
V-Age
X-Gamma-Serve
X-Gen-Mode
X-Block-Status
X-Cache-Bucket
X-Cache-Info
X-BBXSRF
X-Agile
X-Generated-In
X-AK-Request-ID
X-LI-UUID
X-Agile-Age
X-Backend-State
X-FW-Version
X-Fastly-Cache
X-Cms-Context
X-Clientip
X-Eu-Site
X-GoCache-CacheStatus
True-Client-Country-4JS
X-Agile-Id
X-Clara-WADP
Web-Mar-Node
X-Generation-Time
X-Cdn-Srv
X-CGP
X-GeoIP-City
X-Hit
CDCHOST
Server-Int
X-App-Name
X-Distributor
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Locid
RNT-Machine
RNT-Time
Wxu-Next-Commit
X-Varnish-Beresp-Grace
Wxu-Next-Hostname
X-Developers
X-RateLimit-Remaining-Second
X-Location
X-Request-URI
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Nginx-Cache-Key
X-Sucuri-Cache
X-SVT-ORM-RULES
X-VServer
X-Wikidot-Backend
FNAC-ModuleRouting
X-WADP-Cache
X-We-Are-Hiring
Fastly-Backend-Name
X-Req
Fastly-Soc-X-Request-Id
X-Urbn-Site-Id
X-Wikidot-Static-Cache
X-Swa-Ws
X-SVT-ORM-VERSION
Apple-News-Services-Host
Apple-News-Services-Handled
X-TH-Server
X-Urbn-Context-Path
X-TT-LOGID
X-Trace-Id
X-Core-Mission
X-Render-Time
X-Cache-URL
Countrycode
X-Origin-Date
Cdnsip
Cdncip
Cache-Host
X-Webstats-RespID
X-NX-Host
Ha-Gx-Prefs
X-Ms-Version
X-Ms-Request-Id
Locale
X-NodeID
IBM-Web2-Location
HA-Ipaddr
Heartbleed
X-Origin-Expires
Country-Code
Wxu-Next-Region
X-OVcl-Cache
X-OVcl
AKAMAI
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Owner
X-B3-Parentspanid
X-Level-Front-Cache
X-Azure-Ref
X-Variation
X-User
X-Rebelmouse-Cache-Control
X-Reboot
Fastly-SWR
X-Micro-Cache
X-Rebelmouse-Surrogate-Control
X-Internal-Host
Fastly-SIE
X-Matched-Rule
X-NU-AKA-ACS-Version
X-IN-APIGATEWAY
X-Generated-On
X-Has-Esi
X-ServiceProvider
X-Hash
X-Service
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-S-Maxage
X-Up
X-Platform-Server
X-Thinkindot-L3
X-Is-Gdpr
X-Old-Content-Length
X-JWT-State
X-Cache-Tags
We-Hiring
Adler-Geo
Kp-EeAlive
Mail-Subject
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
PFcat
Is-Eu
Platform
X-Dispatcher-Server
X-Daa-Tunnel
X-Core-Value
HitType
X-TA-CDN-Provider
X-Refresh
X-Server-W
X-Trafficlayer-App-Version
Cache-Hits
X-Response-By
Server-Host
X-Nginx-Cache
X-Servername
X-Lb-Id
X-SERVER
X-Fetched-On
RequestId
X-Nc
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-Server-IP
X-B3-SpanId
X-CSRF-TOKEN
Memory
X-Parent-Response-Time
X-Cdn-Forward
Filterid
X-CF-Powered-By
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cdn-Request-ID
Media-Length
X-Tec-Api-Version
ProcessTime
X-TIME
X-Wa
Origin
User-Agent
X-Pjax-Url
X-Air-Hostname
X-CSRF-Token
X-BACKEND-TTL
Group
X-Cache-Expired-At
Pragrma
X-Pf-Uncompressing
SRV
Geoip-Latitude
TTL
X-Var-Ttl
X-Ua
X-Unique-ID
X-Correlation-ID
Esi-Enabled
X-Sucuri-Id
GeoIp-Country-Code
X-AIR-PT
X-Rocket-Nginx-Bypass
X-Vcl-Version
S-Cnection
Powered-By-ChinaCache
X-NGINX-Cache
X-Reqid
X-Sucuri-ID
X-COUNTRY
X-Planisys-CDN-Cache
X-FORWARDED-FOR
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Policy
PICS-Label
X-Servedbyhost
XServer
X-Request-Start
X-Varnish-Cacheable
HostName
Rt-Proxy-Cache
SN
X-Webkit-CSP
X-Litespeed-Cache
X-Azure-Ref-OriginShield
X-Fastly-Country-Code
Dnion-Transfer-Encoding
X-HS-Status
M-TraceId
Geoip-City
X-Via-Ucdn
X-Method
X-Via-CDN
X-NWS-UUID-VERIFY
X-Developer
Magicmarker
Load-Balancing
X-Node-Id
X-Cdn-Origin
X-LAGOON
X-Ocache
X-Device-Os
X-Sn-Servicetimems
X-Cache-Grace
Resin-Trace
Tcn
DSUID
Who
On-Server
Ohc-Response-Time
X-Cache-Ttl
X-ServedByHost
X-VHOST
X-Ftr-Cache-Host
Release
X-Request-Host
X-MSEdge-Flight
Cdn
CF-Cached-On
NtCoent-Length
X-Be
X-Svr
X-VCT
X-MSEdge-Features
A
X-MServer
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
Pics-Label
X-Bc
Vix-Hermes-Req-Id
X-VCL-Version
MIME-Version
X-Hp-Ccpa-Warning
X-APP
X-Zone
X-Beluga-Record
Cteonnt-Length
Ttl
X-Beluga-Trace
GeoIP-Country-Code
X-Ratelimit-Remaining
X-Beluga-Status
Cloudfront-Viewer-Country
X-Beluga-Node
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Oracle-Dms-Rid
Hostname
X-SRV
X-Cache-Status-Check
X-Configured-By
GeoIP-Latitude
X-Fastly-Backend-Reqs
X-Varnish-Url
X-Varnish-URL
X-VarnishDD-TTL
X-DC
X-LiteSpeed-Cache-Control
X-PJAX-URL
X-PF-Uncompressing
X-SD-PageType
X-Newrelic-App-Data
GeoIP-City
X-Varnish-Ttl
SD-X-WS
Host-ID
X-WR-MODIFICATION
X-Upstream-Ht
X-Compress-Hint
X-Ftr-Request-Id
X-SN
X-Upstream-Ct
X-Tid
X-Cache-Id
X-HostName
X-Release
X-Slack-Backend
X-Ratelimit-Limit
Processtime
X-BE
X-Via-NSCOPI
L
X-Dynatrace
X-Aicache-OS
X-Dynatrace-Js-Agent
X-Swift-Error
Cache-Provider
CACHE
X-ID
X-Scheme
X-Action
WebServer
X-DB
X-RPS
X-RSL
LB
X-RPM
X-DW
X-DI
X-DSS
X-LB-ID
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
X-Server-Time
X-Ftr-Dc
X-Ftr-Balancer
X-Processor
X-FPC
Arc-Country
Pramga
X-Cache-FS-Status
X-StackifyID
X-Ftr-Backend-Server
Dynatrace
X-ServerName
X-PAYTM-SRV-ID
X-Ftr-Realm
X-Skip-Cache
Cache-Cookie-Set-Lfrom
Pagetype
CDN
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Branch-Name
Requestid
X-Fastly-Cache-Hits
Servername
CF-IPCountry
UCS
X-Ftr-Backend
Lfy
X-Snapshot-Date
X-CACHE-AGE
Proxy-Firewall
X-Apw-Hits
X-Dispatch
X-Cc-Via
X-Cc-Req-Id
X-Apw-Access-Token
X-Apw-Access-Object
X-ND-Cache
Fastly-Drupal-HTML
X-Hello
X-Apw-Access-Action
V-Cache
D-Cc-Upstream
X-Request-Url
X-ABtesting
X-Node-ID
X-ZONE
X-Varnish-Beresp-TTL
X-SB
X-VC
X-Flog
X-DevSite-Last-Modified
X-Edge-IP
Warning
NnCoection
X-Fastly-Cache-Status
Lb
X-Worker
WP-Super-Cache
X-BC
X-App
Correlation-Id
WZWS-RAY
X-ElasticPress-Search
X-Request-URL
X-Powered-Y
Backend-Name
X-Litespeed-Cache-Control
X-Check-Cacheable