Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-AspNet-Version
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Content-Encoding
X-CDN
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Xss-Protection
X-Drupal-Dynamic-Cache
X-Turbo-Charged-By
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Server-Powered-By
X-Amz-Id-2
X-Amz-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
Request-Context
X-Ws-Request-Id
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
Report-To
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
Content-Location
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-ORACLE-DMS-ECID
X-Cnection
X-HW
X-DataDome
NEL
X-Application-Context
X-ORACLE-DMS-RID
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Source
X-Mod-Pagespeed
X-Cache-Lookup
Rating
X-Rack-Cache
Edge-Control
Pinterest-Generated-By
X-Akam-SW-Version
X-Clacks-Overhead
X-Country
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-DynaTrace
X-Country-Code
X-Varnish-TTL
Allow
X-Instart-Request-ID
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-TTL
X-FTR-Request-ID
Accept-Ch
Verso
X-ESI
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Forwarded-Proto
X-Version
X-Url
X-Cdn
X-MS-InvokeApp
Accept-Ch-Lifetime
X-B3-TraceId
X-GitHub-Request-Id
X-Exp-Id
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
Edge-Cache-Tag
RTSS
X-Px
AR-Request-ID
Ar-Sid
AR-CACHE
AR-ATIME
AR-PoweredBy
X-D2id
X-Debug
X-Abt-Application-Version
X-NF-Request-ID
Charset
SPRequestGuid
X-Server-Name
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Cached
X-MSEdge-Ref
X-Accel-Expires
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Vcache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Vcap-Request-Id
X-TEC-API-VERSION
X-Sol
X-Middleton-Display
Display
Pagespeed
X-Navigation-Version
Response
X-Middleton-Response
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
Cache-Tag
X-Client-IP
X-Upstream
Access-Control-Request-Method
S
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
MS-Author-Via
X-Ser
X-Shard
SPIisLatency
SPRequestDuration
X-Id
X-Hp-Webp
DynaTrace
X-Ezoic-Cdn
MRF-Tech
X-T
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Amzn-Trace-Id
X-Content-Type
X-Amz-Meta-S3cmd-Attrs
Nginx-Cache
X-Recruiting
X-Forwarded-For
Front-End-Https
X-Grace
X-Hits
Fastcgi-Cache
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Dw-Request-Base-Id
NR-ENABLED
X-Server-ID
X-Content-Digest
X-Node-Name
X-Element-Page-Cache
X-Goog-Stored-Content-Length
X-HS-Combine-CSS
X-Goog-Stored-Content-Encoding
X-HS-Content-Id
X-HS-Cache-Config
X-GUploader-UploadID
X-HS-Hub-Id
X-Goog-Storage-Class
Powered
X-Frontend
X-Goog-Generation
X-Goog-Metageneration
Server-Name
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-Edge-O15-RID
Alternate-Protocol
X-Logged-In
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Realm
TP-Cache
X-Correlation-Id
TP-L2-Cache
Server-Node
X-Webapp-Samesite-None-Activated-N
X-Shield-Request-Id
X-Webkit-Csp
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
X-XRDS-Location
X-Cache-TTL
Upgrade-Insecure-Requests
X-Content-Options
Refresh
X-Origin-Server
X-Amzn-RequestId
X-Akamai-Edgescape
X-Amz-Apigw-Id
X-Revision
X-Varnish-Grace
Backend-Timing
X-Rid
Nel
X-F-Cache
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Cache-Hit
X-ATS-Timestamp
X-Page-Id
X-XRDS-LOCATION
X-URL
X-Jurisdiction
X-Type
Fastly-Restarts
X-Pad
X-Geo-Country
X-Analytics
X-AppVersion
X-Az
X-Content-Powered-By
X-Activity-Id
X-N
X-B3-Sampled
X-Zen-Fury
X-LB-Cache
X-B
X-Kinsta-Cache
X-FTR-Cache-Host
X-RateLimit-Remaining
X-Cache-Age
PB-RID
PB-PID
X-TT
X-AOL-HN
X-Jobs
X-Instance
X-App-Environment
X-Ruxit-Js-Agent
X-Mobile-Rewrite
Paypal-Debug-Id
X-Request-Guid
DC
Arc-Version
X-Framework
X-Tumblr-Pixel
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
Actual-Object-TTL
X-Tumblr-User
X-Tumblr-Pixel-0
X-Debug-Info
X-CST
X-FB-Debug
Access-Control-Allow-Method
X-PHP-Backend
Cache-Status
X-Load-Cache
X-Varnish-Backend
X-Cache-Action
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Git-Hash
Fastcgi-Useragent
FilterID
Accept-CH
Host-Header
X-Ttl
X-FastCGI-Cache
X-Cached-By
X-IPLB-Instance
X-SS-Set-Cookie
X-Tt-Trace-Tag
MS-CV
X-Amz-Replication-Status
X-Contextid
X-Cluster
X-Cache-Key
X-Tt-Trace-Host
X-Time
X-ATG-Version
Frame-Options
NGB
X-Response-Served-From
Tracecode
X-Accel-Buffering
X-VCache
Accept-CH-Lifetime
WPE-Backend
X-Srv
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Source
Payment
Eomportal-Instance
X-Varnish-Server
X-GeoIP
X-FW-Type
X-FW-Static
X-IPS-LoggedIn
X-RequestSource
X-Varnish-Hostname
X-FW-Server
X-Region
X-FW-Serve
X-Adobe-Loc
X-Adobe-Content
Filters
X-Cache-2
X-Cache-NE
X-FW-Hash
X-Cacheable-TTL
Cache-Tv-Group
X-Cache-Enabled
Host
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Mobile
X-TX-ID
X-WA-Info
Cleartype
X-Kong-Proxy-Latency
X-Host-Name
X-Is-Bot
X-B3-Traceid
X-Rendered-As
X-Kong-Upstream-Latency
Xserver
X-Seen-By
X-Oneagent-Js-Injection
X-Cache-Rule
X-Cache-Operation
Healthy
Cache
X-Via-JSL
X-EdgeConnect-Cache-Status
X-Hostname
X-Origin-Response-Time
X-NewRelic-App-Data
X-Cache-Control
X-Presslabs-Stats
X-Cache-TTL-Remaining
Datacenter
X-HTML-Minification-Powered-By
X-Dc
X-RTag
Retry-After
Ms-Operation-Id
X-UA
X-ProcessESI
X-RemovedCookies
Server-Info
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Rule
X-RateLimit-Limit
X-Status
X-Wix-Request-Id
Version
From-Origin
X-PressLabs-Stats
Liferay-Portal
X-Cache-Server
X-FireWall-Port
X-Upgrade-Enabled
X-L-Path
X-Environment-Context
X-Source
X-Endurance-Cache-Level
X-NWS-LOG-UUID
X-CACHE-KEY
X-Esi
X-RN-RSRV
Meta-Geo
X-ES-SERVER
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-UUID
X-Proxy-Build
X-Hyper-Cache
Selected-Fe
X-Handled-By
X-Timing-Wait
OT-Force-Account-Verify
X-ShardId
X-ShopId
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-Content-Age
X-Storage
X-Shopify-Stage
X-Tb
X-AWS-Id
X-Akamai-Request-ID2
X-Akamai-Request-ID
X-Redis-Cache
Decoy-Debug-Key
X-Origin-Hint
Origin-Cache-Control
Origin-Edge-Control
Node
NGX
Webcakes-App-Name
X-PCL
Property-Id
X-Origin
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
S-Rt
TWC-Connection-Speed
Ec-Rule-Version
X-Proto
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-InstanceId
Akamai-GRN
X-Access
X-Pubstack
Azure-Version
Cache-Tags
Decoy-Debug-Status
Decoy-Debug-TTL
X-Yottaa-Optimizations
DB-Nickname
Webcakes-Region
Webcakes-App-Version
X-Qloud-Router
X-Cache-Host
X-Format
X-Web-Node
X-Hosted-By
X-Yottaa-Metrics
X-LJ-Flow-ID
X-FW-Dynamic
X-Section
X-Human
X-OCL
X-Generated-By
X-Viewer-Country
X-VWS-Id
X-FC-Vary-Parameters
X-Request-Time
X-Time-Microsecs
X-Debug-Cache
X-Soup
X-Vgn-Hpd-Reason
X-ServerID
X-MP-GENERATED-AT
L5d-Success-Class
Now
X-Site-Version
X-CCM
X-Generated
X-Varnish-Hits
X-ProxyCache-Key
X-Say-Cacheable
X-Say-TTL
X-Cache-Config
X-SaId
X-BYPASS-REASON
X-IP
X-BCube-Filmed-By
X-RCS-CacheZone
X-Proxy
X-SayCDN-TTL
Mn-Server-Ip
X-Www-Served-By
X-Locale
X-JoinUs
X-ProxyCache-Status
X-NYM-Debug-Backend
X-Xfnlog-Site
X-APP-VERSION
X-Cluster-Node
Cache-Name
X-Backend-Name
X-Amzn-Remapped-Content-Length
X-Loop
X-TNCMS
Viewport
X-R9-Blue-Green-Version
Cross-Origin-Window-Policy
X-FB-TRIP-ID
X-App-Server
Webserver
X-Proxy-Cache-Status
X-Detected-As
X-Hl-Ver
Uber-Trace-Id
X-CS
GEO-INFO
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Srv
Time
X-Akamai-Transformed
X-Unique-Id
Accept-Charset
X-Drupal-Cache-Tags
X-From
X-Cache-Remote
X-NCache
X-UA-Device-Type
X-Edge-Location
X-Cluster-Name
X-TT-TIMESTAMP
X-Drupal-Cache-Contexts
X-Origin-TTL
X-Origin-CC
Cache-Key
Country
Mime-Version
Accept-Language
Odigeo-Trace-Id
X-EC-Lua
X-Newrelic-Synthetics
X-Mode
X-Backend-TTL
X-B3-Spanid
X-Microcachable
Ohc-File-Size
Ohc-Cache-HIT
X-CDN-Forward
X-Geo
X-No-Session
Rt-Fastcgi-Cache
X-Info
X-Forwarded-Host
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-PHP-Host
X-Labrador-Cache-Channel
X-UPSTREAM-Address
X-Zipkin-Id
X-Proxied
X-Routing-Service
X-Magnolia-Registration
X-Varnish-Cache-Hits
ServedBy
Content-Disposition
Cf-Ipcountry
X-Whom
X-Cache-Time
Fastly-SSL
X-PERF
X-Litespeed-Cache
X-Real-IP
X-ApacheServer
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Machine
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
X-G
X-GeoIP-Country-Code
X-Geo-Header
Content-Script-Type
X-Rewrite-Enabled
X-Rojux
X-S
X-S-Cookie
X-Request-UUID
X-Region-Sid
X-External-Request-Id
AsisCache
X-UnsetCookies
Content-Style-Type
Rendered-Blocks
X-Aed
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-Application
X-ARC
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-B-Cookie
X-Connection-Hash
X-A-Dcw
X-A-Dam
X-Date
T-Server
X-Destination
X-ScT
Viewtype
VivaBuild
X-A-Ccd
X-A
X-D
X-DPWN-IS-SECURE
BehaviorPad-Version
X-SRCache-Key
X-Vdms-Version
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Transaction
X-Trv-Group
X-App-Version
Access-Control-Request-Headers
X-VG-WebCache
X-VG-WebServer
X-Session-Fingerprint
X-Vtex-Processado-Em
Xc-Version
User-Cache-Control
X-Cache-Backend
IsBot
X-Device-Type
X-Contensis-Viewer-Groups
X-Bip
X-Via-Fastly
Environment
X-Auto-Login
Server-Surrogate-Control
W
X-CUA
X-VG-TLSProxy
X-VC-Cache
X-Varnish-Authentication
Powered-By
Server-Cache-Control
X-Logging-Id
X-Tumblr-Pixel-3
X-Thanos
X-SIPLIST1
X-Cache-Debug
X-Cache-ASPX
X-C
X-Uri
X-Urbn-Context-Path
X-AK-Request-ID
X-Core-Mission
X-Urbn-Site-Id
X-Epic-Correlation-Id
Request-EU
RNT-Time
X-Dispatcher-Server
RNT-Machine
X-Distributor
X-Owner
Request-Country
X-Fastly-Cache
Locale
Locid
X-Gamma-Serve
X-Gen-Mode
X-Origin-Date
Kp-EeAlive
X-Origin-Expires
X-OVcl
Memcached
X-Developers
X-FW-Version
X-TT-LOGID
Mail-Subject
X-OVcl-Cache
X-User
Web-Mar-Node
Wxu-Next-Commit
We-Hiring
X-Request-URI
X-Req
Wxu-Next-Hostname
Wxu-Next-Region
X-VServer
X-Cache-URL
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
X-Render-Time
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-Agile-Id
Server-Int
Server-ID
X-Cache-Info
X-Agile-Age
X-Agile
X-RateLimit-Remaining-Second
V-Age
X-WADP-Cache
X-We-Are-Hiring
True-Client-Country-4JS
Section-Io-Cache
Heartbleed
X-Wikidot-Backend
X-Instart-Isnd
X-Backend-State
X-SVT-ORM-VERSION
X-BBXSRF
X-Cms-Context
AKAMAI
IBM-Web2-Location
X-Swa-Ws
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
ServerName
X-Clientip
X-Location
X-LI-UUID
X-Nginx-Cache-Key
X-Block-Status
X-Ms-Request-Id
X-LI-Proto
X-Li-Pop
X-SVT-ORM-RULES
X-Clara-WADP
X-Sucuri-Cache
X-Li-Fabric
X-Cdn-Srv
Apple-News-Services-Request-Url
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
Fastly-Backend-Name
X-Trace-Id
X-Cache-Bucket
X-Webstats-RespID
X-TrackingId
X-GeoIP-City
X-App-Name
X-Ms-Version
X-Generation-Time
Gh-Request-Id
X-WebServer
X-Hnp-Log
X-GoCache-CacheStatus
X-NodeID
Cache-Host
Countrycode
CDCHOST
Cdnsip
X-TH-Server
X-Hit
Country-Code
X-Hash
Cdncip
Geo-Info
X-B3-Parentspanid
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-CGP
X-Core-Value
X-Generated-On
X-Level-Front-Cache
X-Matched-Rule
X-Key
X-JWT-State
X-Irp-Debug
X-Is-Gdpr
X-NU-AKA-ACS-Version
X-NX-Host
X-S-Maxage
X-ServiceProvider
X-Reboot
X-Proxy-Upstream
X-Old-Content-Length
X-Platform-Server
X-Internal-Host
X-IN-APIGATEWAYSSL
X-Variation
X-Eu-Site
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Up
X-Generated-In
X-Has-Esi
X-IN-APIGATEWAY
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-Service
X-Debug-Cache-Expiry
X-Distil-CS
X-Azure-Ref
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Adler-Geo
Ha-Gx-Prefs
Is-Eu
HA-Ipaddr
PFcat
Platform
X-NGENIX-Cache
X-Daa-Tunnel
Fastly-SIE
Fastly-SWR
X-Micro-Cache
X-Rebelmouse-Surrogate-Control
Cache-Hits
X-NC
X-Refresh
X-Cache-Tags
X-Response-By
X-Rebelmouse-Cache-Control
HitType
X-TA-CDN-Provider
X-COUNTRY
X-Server-W
X-Nginx-Cache
X-SERVER
X-Servername
X-Lb-Id
X-Server-IP
X-Cdn-Forward
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Powered-By
X-Fetched-On
RequestId
X-TIME
X-B3-SpanId
Media-Length
X-Cdn-Request-ID
Memory
X-Parent-Response-Time
X-CSRF-TOKEN
X-Nc
ProcessTime
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
Origin
X-BACKEND-TTL
User-Agent
X-Pjax-Url
X-CSRF-Token
X-Pf-Uncompressing
X-Wa
X-Air-Hostname
Geoip-Latitude
Filterid
X-AIR-PT
X-Reqid
Pragrma
X-Var-Ttl
GeoIp-Country-Code
Group
Esi-Enabled
X-Cache-Expired-At
TTL
X-Unique-ID
X-Correlation-ID
X-Ua
SRV
X-Planisys-CDN-Cache
X-Policy
X-Planisys-CDN-Rules
X-Sucuri-ID
X-Vcl-Version
X-Sucuri-Id
X-Planisys-CDN-TTL
X-NGINX-Cache
X-Rocket-Nginx-Bypass
Powered-By-ChinaCache
PICS-Label
S-Cnection
X-Request-Start
HostName
X-Cache-Ttl
X-FORWARDED-FOR
Rt-Proxy-Cache
X-Servedbyhost
SN
XServer
X-Azure-Ref-OriginShield
X-Webkit-CSP
X-Varnish-Cacheable
X-Method
X-Via-Ucdn
M-TraceId
Geoip-City
Load-Balancing
Magicmarker
X-Varnish-Ttl
X-Via-CDN
X-HS-Status
X-NWS-UUID-VERIFY
X-Fastly-Country-Code
Ohc-Response-Time
DSUID
X-Developer
Dnion-Transfer-Encoding
Release
Tcn
X-VCT
X-MServer
X-Cache-Grace
X-Cdn-Origin
Resin-Trace
X-Device-Os
X-Svr
X-Node-Id
X-ServedByHost
X-Sn-Servicetimems
X-LAGOON
X-Be
NtCoent-Length
Who
X-Ocache
X-Zone
X-Ftr-Cache-Host
X-Hp-Ccpa-Warning
X-VHOST
Vix-Hermes-Req-Id
Cdn
X-MSEdge-Features
X-MSEdge-Flight
X-Bc
On-Server
CF-Cached-On
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Request-Host
A
Pics-Label
X-VCL-Version
X-APP
MIME-Version
Cteonnt-Length
X-Ratelimit-Remaining
Ttl
Cloudfront-Viewer-Country
X-Newrelic-App-Data
X-Configured-By
GeoIP-Country-Code
X-VarnishDD-TTL
X-SRV
X-Oracle-Dms-Rid
X-Beluga-Cache-Status
X-Beluga-Node
X-SD-PageType
X-WR-MODIFICATION
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Status
X-Varnish-URL
X-Beluga-Response-Time
X-Fastly-Backend-Reqs
SD-X-WS
GeoIP-Latitude
X-Cache-Status-Check
X-LiteSpeed-Cache-Control
X-DC
X-PF-Uncompressing
X-PJAX-URL
X-Cache-Id
Hostname
X-Compress-Hint
X-Upstream-Ct
X-Varnish-Url
X-SN
X-Upstream-Ht
GeoIP-City
X-Release
L
Host-ID
Processtime
X-Tid
X-Via-NSCOPI
X-Ftr-Request-Id
X-HostName
X-Ratelimit-Limit
X-BE
LB
X-Dynatrace
X-Aicache-OS
X-Scheme
X-Dynatrace-Js-Agent
X-Swift-Error
CACHE
UCS
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fastly-Cache-Hits
Cache-Provider
Cache-Cookie-Set-Lfrom
X-ID
X-Slack-Backend
CDN
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
CF-IPCountry
Dynatrace
Servername
Lfy
X-RPS
X-StackifyID
X-DSS
X-DW
X-RPM
X-DI
X-DB
X-Varnish-Beresp-TTL
X-RSL
X-Action
Requestid
X-Ftr-Realm
X-LB-ID
X-Ftr-Backend-Server
X-Ftr-Backend
Pagetype
X-Snapshot-Date
X-Branch-Name
X-Ftr-Dc
X-ServerName
X-Ftr-Balancer
X-CACHE-AGE
X-Skip-Cache
X-Apw-Hits
X-VC
Warning
X-SB
X-Apw-Access-Token
X-Cc-Req-Id
X-Cc-Via
X-Apw-Access-Object
Arc-Country
Proxy-Firewall
D-Cc-Upstream
X-Apw-Access-Action
WZWS-RAY
X-Fastly-Cache-Status
Pramga
X-Node-ID
X-Server-Time
X-Processor
X-FPC
WebServer
V-Cache
X-Dispatch
X-Cache-FS-Status
X-ZONE
X-PAYTM-SRV-ID
X-Edge-IP
NnCoection
X-Hello
X-Flog
X-ABtesting
X-Litespeed-Cache-Control
Lb
X-Worker
X-BC
X-App
Backend-Name
Correlation-Id
X-Request-Url
WP-Super-Cache
X-Powered-Y
X-Request-URL
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-ElasticPress-Search
X-Check-Cacheable