Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
X-FRAME-OPTIONS
Status
Upgrade
X-Content-Security-Policy
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
Xkey
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
CF-Ray
X-Server
X-Age
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Ws-Request-Id
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Server-Id
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Host
X-Device
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Cloud-Trace-Context
X-Dispatcher
X-Dns-Prefetch-Control
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
X-ORACLE-DMS-RID
X-Ruxit-JS-Agent
X-DataDome
X-Mod-Pagespeed
NEL
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-TTL
X-Country-Code
Accept-Ch
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-FTR-Request-ID
X-Vname
X-PC
X-TtlSet
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Server
RTSS
Edge-Cache-Tag
X-D2id
X-Debug
X-Server-Name
X-Px
AR-CACHE
X-Abt-Application-Version
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
X-Vcache
SPRequestGuid
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Fastcgi-Cache
X-Accel-Expires
X-TEC-API-ROOT
X-Middleton-Display
Display
Pagespeed
X-Middleton-Response
X-Sol
X-MSEdge-Ref
Response
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Navigation-Version
X-Vcap-Request-Id
Pinterest-Version
X-Pinterest-Rid
X-Powered-CMS
X-SharePointHealthScore
TCN
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-VARITI-CCR
Public-Key-Pins
Realpath
Cache-Tag
X-Client-IP
X-Cdn
X-Fastly-Request-ID
MS-Author-Via
X-Ser
Access-Control-Request-Method
Nginx-Cache
X-DynaTrace-JS-Agent
Nel
X-Shard
S
SPRequestDuration
SPIisLatency
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Section-Lastmod
X-Id
X-Upstream
X-Edge-O15-RID
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Amzn-Trace-Id
X-Forwarded-For
X-Grace
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Recruiting
X-Hits
Front-End-Https
Fastcgi-Cache
X-Varnish-Age
X-Aspnet-Version
X-Jurisdiction
ServerID
X-Cache-TTL
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Mobile-URL
X-Node-Name
X-DIS-Request-ID
X-Content-Digest
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
X-Server-ID
NR-ENABLED
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
Powered
X-Frontend
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
Server-Node
TP-Cache
TP-L2-Cache
Alternate-Protocol
Server-Name
X-Logged-In
X-Correlation-Id
X-CST
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-Request-Processing-Time
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Cache-Hit
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Rid
X-F-Cache
X-Akamai-Edgescape
X-Revision
X-User-Agent
X-Page-Id
Refresh
Fastly-Restarts
X-Varnish-Grace
X-Type
X-Zen-Fury
X-Webkit-Csp
X-XRDS-Location
X-Content-Powered-By
X-B
X-B3-Sampled
X-LB-Cache
X-Geo-Country
PB-PID
X-Az
PB-RID
X-Activity-Id
X-AppVersion
X-FTR-Cache-Host
X-Mobile-Rewrite
Arc-Version
X-URL
Cache-Status
X-Shield-Request-Id
X-Kinsta-Cache
X-N
X-Pad
X-TT
X-Cache-Age
X-Instance
X-WebKit-CSP-Report-Only
X-Time
X-AOL-HN
X-Cache-Action
X-Tumblr-Pixel
X-Signature
X-B-Cache
X-Tumblr-User
X-Tumblr-Pixel-0
Paypal-Debug-Id
Actual-Object-TTL
X-Jobs
X-App-Environment
Access-Control-Allow-Method
X-Debug-Info
X-FB-Debug
X-Load-Cache
X-Request-Guid
X-Framework
DC
X-PHP-Backend
X-Cached-By
X-Git-Hash
X-RateLimit-Remaining
X-Webapp-Samesite-None-Activated-N
X-Tt-Trace-Tag
X-Varnish-Backend
X-Tt-Trace-Host
Fastcgi-Useragent
Surrogate-Key
X-Erf-Bev-Bev
X-Amz-Replication-Status
X-Erf-Bev-Bev-Is-Generated
X-Analytics
Host-Header
X-IPLB-Instance
FilterID
X-Contextid
MS-CV
X-ATG-Version
X-SS-Set-Cookie
Host
X-WA-Info
X-Cluster
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile
X-Accel-Buffering
X-NWS-LOG-UUID
Tracecode
X-Response-Served-From
NGB
X-Via-JSL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
WPE-Backend
Payment
X-Host-Name
X-Cache-NE
Xserver
X-Cache-Key
X-Region
X-FW-Serve
X-FW-Hash
X-FW-Server
X-Varnish-Server
X-FW-Type
Source
X-Srv
X-Cache-2
Eomportal-Instance
X-FW-Static
X-GeoIP
X-Varnish-Hostname
X-Tumblr-Pixel-2
Cache-Tv-Group
Filters
Frame-Options
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Cache-Enabled
X-Origin-Response-Time
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-Presslabs-Stats
X-Cache-Rule
X-Cache-Operation
X-RequestSource
X-Is-Bot
X-Rendered-As
X-Seen-By
X-Hostname
X-TX-ID
Retry-After
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
Cleartype
Server-Info
X-Cache-TTL-Remaining
X-FastCGI-Cache
X-ProcessESI
X-RemovedCookies
Liferay-Portal
X-VCache
X-UA
X-Dc
Accept-CH
Ms-Operation-Id
X-RTag
X-B3-Traceid
X-App-Server
Datacenter
X-L-Path
X-HTML-Minification-Powered-By
X-Source
X-Environment-Context
X-FireWall-Port
X-CACHE-KEY
X-Upgrade-Enabled
Cache
X-Endurance-Cache-Level
X-Cache-Server
From-Origin
X-Handled-By
X-Cache-Control
Healthy
X-CLOUD-TRACE-CONTEXT
X-Backend-Name
X-Wix-Request-Id
X-APP-VERSION
Accept-CH-Lifetime
X-Cache-Var-Map
X-PressLabs-Stats
X-RN-RSRV
X-Path-Route
X-Status
X-Cache-Var
Version
X-ES-SERVER
Meta-Geo
Selected-Fe
X-Access
X-Proxy-Build
X-Timing-Wait
X-Format
X-Tb
OT-Force-Account-Verify
X-Section
X-Rule
Mn-Server-Ip
X-Request-Time
X-Storage
X-RateLimit-Limit
X-ShardId
X-ShopId
X-Proto
X-UUID
X-Content-Age
Akamai-GRN
Azure-InstanceId
X-Alternate-Cache-Key
X-Origin
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-PodId
X-OCL
X-EIG-Tracking-Id
X-Shopify-Generated-Cart-Token
Azure-RegionName
Azure-SlotName
X-PCL
Azure-Version
X-Akamai-Request-ID
Azure-SiteName
Cache-Tags
NGX
Decoy-Debug-Key
Ec-Rule-Version
Node
X-Qloud-Router
Decoy-Debug-TTL
Decoy-Debug-Status
Origin-Edge-Control
X-BYPASS-REASON
X-Soup
X-AWS-Id
X-Time-Microsecs
X-Proxy
X-Akamai-Request-ID2
X-Cluster-Node
X-Debug-Cache
X-JoinUs
X-Hl-Ver
X-Generated-By
X-LJ-Flow-ID
X-Human
X-FW-Dynamic
X-Proxy-Cache-Status
X-ProxyCache-Key
X-NYM-Debug-Backend
X-Hosted-By
X-Pubstack
Origin-Cache-Control
Now
X-SaId
X-ServerID
X-FC-Vary-Parameters
X-Viewer-Country
X-Vgn-Hpd-Reason
X-VWS-Id
X-Web-Node
X-ProxyCache-Status
X-Cache-Config
X-Redis-Cache
DB-Nickname
X-Yottaa-Optimizations
X-Yottaa-Metrics
GEO-INFO
Accept-Charset
Srv
Webcakes-App-Version
Webcakes-Region
X-Varnish-Hits
X-Ruxit-Js-Agent
X-Www-Served-By
Property-Id
X-Generated
X-BCube-Filmed-By
X-Hyper-Cache
Cross-Origin-Window-Policy
X-MP-GENERATED-AT
Webcakes-App-Name
X-CCM
X-Say-TTL
X-SayCDN-TTL
TWC-GeoIP-LatLong
TWC-Locale-Group
X-Say-Cacheable
TWC-GeoIP-Country
X-Origin-Hint
X-Site-Version
TWC-Connection-Speed
TWC-Device-Class
TWC-Privacy
S-Rt
X-Cache-Host
X-Locale
X-RCS-CacheZone
X-Xfnlog-Site
X-FB-TRIP-ID
X-Amzn-Remapped-Content-Length
X-TNCMS
X-Loop
X-Akamai-Transformed
X-R9-Blue-Green-Version
X-Detected-As
X-NCache
X-IP
L5d-Success-Class
X-CS
X-Ttl
Cache-Name
X-Unique-Id
X-Drupal-Cache-Tags
Viewport
Time
Webserver
Cache-Key
Uber-Trace-Id
X-Esi
X-UnsetCookies
X-UA-Device-Type
Mime-Version
X-Mode
Accept-Language
X-Cache-Remote
X-Forwarded-Host
X-Daa-Tunnel
X-Whom
X-Backend-TTL
X-Origin-CC
X-CDN-Forward
Country
X-Info
X-Origin-TTL
X-From
Rt-Fastcgi-Cache
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Odigeo-Trace-Id
X-Cluster-Name
X-Varnish-Cache-Hits
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-PERF
X-Drupal-Cache-Contexts
Content-Disposition
X-ApacheServer
X-NGENIX-Cache
X-Magnolia-Registration
X-Microcachable
X-TT-TIMESTAMP
ServedBy
X-Newrelic-Synthetics
X-Geo
X-B3-Spanid
X-Proxied
Section-Io-Cache
X-Routing-Service
Proxy-Connection
X-Zipkin-Id
X-Edge-Location
X-Device-Type
X-Via-Fastly
Ohc-File-Size
X-Uri
X-EC-Lua
Ohc-Cache-HIT
Cf-Ipcountry
HitType
X-No-Session
X-UPSTREAM-Address
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-A-Wwc
X-G
X-Accel-Expires-Debug
X-External-Request-Id
Rendered-Blocks
X-GeoIP-Country-Code
X-A-Ccd
Machine
X-A
Meta-Geo-Continent
X-A-Dgt
X-Connection-Hash
VivaBuild
Xc-Version
X-A-Dcw
W
Viewtype
Mobile-Detection-Method
X-A-Dam
X-Geo-Header
MD5-Digest
Apple-News-Services-Handled
X-DPWN-IS-SECURE
X-VG-WebCache
X-D
T-Server
X-VG-WebServer
X-Application
X-Vtex-Processado-Em
X-Sigma-Backend
X-Nc
X-SRCache-Key
X-VG-TLSProxy
Content-Script-Type
X-Twitter-Response-Tags
X-Date
X-Aed
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-Vdms-Version
X-Transaction
X-Trv-Group
Content-Style-Type
X-Destination
X-Sigma
BehaviorPad-Version
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Region-Sid
Apple-News-Services-Host
X-Session-Fingerprint
Apple-News-Services-Parsed-Url
X-Vtex-Remote-Cache
Apple-News-Services-Request-Url
X-B-Cookie
X-ARC
AsisCache
X-ScT
X-S-Cookie
X-Request-UUID
X-Rojux
X-S
Access-Control-Request-Headers
X-C
User-Cache-Control
X-CUA
X-CGP
X-Eu-Site
Environment
IsBot
CDCHOST
Ha-Gx-Prefs
X-Developers
X-Distil-CS
Gh-Request-Id
HA-Ipaddr
X-Contensis-Viewer-Groups
X-WebServer
X-SIPLIST1
X-App-Name
Server-Surrogate-Control
Fastly-Soc-X-Request-Id
Server-Cache-Control
X-Cache-ASPX
X-Hit
X-Auto-Login
X-Thanos
Geo-Info
X-Varnish-Authentication
X-Agile-Age
X-Agile
X-VC-Cache
X-Tumblr-Pixel-3
X-TrackingId
X-Agile-Id
Powered-By
X-Bip
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Locid
X-Varnish-Beresp-Ttl
X-Cache-Debug
X-Logging-Id
X-GoCache-CacheStatus
X-Cache-Backend
X-TA-CDN-Provider
X-Labrador-Cache-Channel
X-PHP-Host
X-Cache-Bucket
X-Backend-State
X-Clara-WADP
X-Cdn-Srv
X-Block-Status
X-Debug-Cache-Expiry
X-Cms-Context
X-Core-Mission
X-Cache-Info
X-Azure-Ref
X-AK-Request-ID
X-Cache-Time
X-Cache-URL
X-Ms-Version
X-Request-URI
X-Render-Time
X-Server-W
X-SVT-ORM-RULES
X-Swa-Ws
X-SVT-ORM-VERSION
X-Real-IP
X-RateLimit-Remaining-Second
X-OVcl-Cache
X-OVcl
X-Owner
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-TH-Server
X-Trace-Id
Fastly-SIE
Countrycode
Fastly-SWR
X-Clientip
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Webstats-RespID
X-We-Are-Hiring
X-Urbn-Context-Path
X-TT-LOGID
X-Urbn-Site-Id
X-User
X-WADP-Cache
X-Origin-Expires
X-Origin-Date
X-FW-Version
X-Fetched-On
X-Gamma-Serve
X-Gen-Mode
X-Generation-Time
X-Generated-In
X-Fastly-Cache
X-Epic-Correlation-Id
X-Debug-Cookies
X-Debug-Cache-Store
X-Debug-Log
X-Dispatcher-Server
X-Distributor
X-GeoIP-City
X-Hash
X-Micro-Cache
X-LI-UUID
X-Ms-Request-Id
X-Nginx-Cache-Key
X-NX-Host
X-NodeID
X-Li-Pop
X-Li-Fabric
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Irp-Debug
X-Debug-Cache-Fetch
X-BBXSRF
Memcached
Mail-Subject
Locale
Request-Country
Request-EU
RNT-Time
RNT-Machine
Kp-EeAlive
IBM-Web2-Location
Cache-Host
AKAMAI
Cdncip
Cdnsip
Fastly-SSL
Country-Code
Server-ID
Heartbleed
We-Hiring
Web-Mar-Node
Server-Int
V-Age
True-Client-Country-4JS
X-Trafficlayer-App-Version
Wxu-Next-Commit
X-Core-Value
X-VServer
Fastly-Backend-Name
FNAC-ModuleRouting
Wxu-Next-Region
X-Thinkindot-L3
X-Key
X-Reboot
X-Level-Front-Cache
X-Old-Content-Length
X-LI-Proto
X-Req
ServerName
X-App-Version
X-ServiceProvider
X-Service
X-Generated-On
X-Matched-Rule
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
X-Has-Esi
X-Up
X-NU-AKA-ACS-Version
X-Is-Gdpr
Thinkindot-CacheControl
X-JWT-State
PFcat
X-Cache-Tags
X-Variation
Thinkindot-Control
Adler-Geo
X-Platform-Server
Is-Eu
Server-Host
Platform
X-Servername
X-Lb-Id
X-Air-Hostname
X-Internal-Host
X-Sucuri-Cache
X-S-Maxage
Cache-Hits
X-Nginx-Cache
X-Response-By
RequestId
Group
X-Cache-Expired-At
X-Location
X-SERVER
X-Var-Ttl
X-Refresh
S-Cnection
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
Pragrma
X-CF-Powered-By
Memory
Powered-By-ChinaCache
ProcessTime
X-Cdn-Forward
Filterid
X-B3-Parentspanid
X-Tec-Api-Origin
X-Tec-Api-Root
X-BACKEND-TTL
X-Pjax-Url
X-CSRF-Token
X-Tec-Api-Version
X-NC
X-CSRF-TOKEN
X-B3-SpanId
Origin
SRV
User-Agent
X-Wa
X-Sucuri-ID
TTL
Geoip-Latitude
X-Server-IP
X-Varnish-Cacheable
X-Pf-Uncompressing
X-NWS-UUID-VERIFY
GeoIp-Country-Code
X-Via-CDN
Geoip-City
X-Vcl-Version
X-Unique-ID
X-Ua
X-NGINX-Cache
X-Correlation-ID
PICS-Label
X-Developer
Media-Length
X-Ocache
X-Cache-Grace
X-Sn-Servicetimems
X-COUNTRY
X-LAGOON
X-Cdn-Request-ID
X-Cdn-Origin
X-Device-Os
X-Node-Id
On-Server
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Rocket-Nginx-Bypass
X-Oss-Hash-Crc64ecma
X-Cache-Status-Check
X-Servedbyhost
Dnion-Transfer-Encoding
X-Request-Host
X-Sucuri-Id
X-MSEdge-Features
A
X-MSEdge-Flight
X-Webkit-CSP
X-Litespeed-Cache
Cloudfront-Viewer-Country
X-Via-Ucdn
SN
X-Varnish-Ttl
XServer
X-TIME
Hostname
X-Oneagent-Js-Injection
Esi-Enabled
Cdn
X-Reqid
Tcn
X-AIR-PT
M-TraceId
X-HS-Status
X-FORWARDED-FOR
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
HostName
X-ServedByHost
X-Policy
X-Ratelimit-Remaining
X-Cache-Ttl
X-Azure-Ref-OriginShield
X-Fastly-Country-Code
Host-ID
X-Beluga-Cache-Status
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
Resin-Trace
CF-Cached-On
X-Request-Start
X-Beluga-Record
Who
X-Beluga-Response-Time
X-VHOST
X-Ftr-Cache-Host
Rt-Proxy-Cache
X-Varnish-URL
X-Slack-Backend
Pics-Label
NtCoent-Length
GeoIP-Country-Code
X-Bc
X-Zone
X-Method
X-APP
X-Varnish-Url
X-VCL-Version
Magicmarker
X-Action
X-Oracle-Dms-Rid
MIME-Version
CACHE
X-DB
X-DW
X-DSS
X-DI
Ttl
X-RPM
X-RPS
Pramga
Arc-Country
X-RSL
X-Cache-FS-Status
X-Dispatch
X-Processor
GeoIP-Latitude
X-Server-Time
X-PAYTM-SRV-ID
X-Fastly-Backend-Reqs
Cteonnt-Length
X-DC
X-LiteSpeed-Cache-Control
X-Skip-Cache
X-Ratelimit-Limit
X-VarnishDD-TTL
X-Hello
X-Flog
X-ND-Cache
X-ABtesting
X-Newrelic-App-Data
X-FPC
GeoIP-City
X-PF-Uncompressing
X-HostName
Cdn-Request-Time
X-SRV
X-Be
X-Edge-Server
X-PJAX-URL
Load-Balancing
Ohc-Response-Time
Cdn-Host
Fastly-Drupal-HTML
Amp-Access-Control-Allow-Source-Origin
X-Svr
X-Ftr-Request-Id
X-Swift-Error
WebServer
X-Served-From
X-Bc-Bl
Processtime
Vix-Hermes-Req-Id
X-BE
N-Cache
X-Dynatrace
X-DevSite-Last-Modified
DSUID
X-MServer
Servername
CF-IPCountry
X-Dynatrace-Js-Agent
X-Amzn-Remapped-Date
X-ID
Cache-Provider
X-VCT
Section-Io-Origin-Status
X-Backend-Host
Section-Io-Id
X-Amzn-Remapped-Connection
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Release
X-WA
X-Aicache-OS
X-WR-MODIFICATION
X-Hp-Ccpa-Warning
X-Frame-Option
WZWS-RAY
X-StackifyID
X-Branch-Name
X-Ftr-Backend-Server
X-Ftr-Balancer
Dynatrace
CDN
X-Ftr-Backend
Lfy
X-Fastly-Cache-Hits
Pagetype
X-ZONE
X-Tid
X-LB-ID
X-Configured-By
Requestid
X-Ftr-Realm
X-Snapshot-Date
X-Ftr-Dc
X-CACHE-AGE
Cache-Cookie-Set-From
Proxy-Firewall
X-Edge-IP
SD-X-WS
V-Cache
X-SD-PageType
X-Upstream-Ht
X-Upstream-Ct
X-Apw-Access-Object
X-VC
Cneonction
Warning
D-Cc-Upstream
X-SB
FSS-Cache
X-Request-Url
X-Fmm-Version
FSS-Proxy
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Cc-Req-Id
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-BC
X-Cc-Via
X-Litespeed-Cache-Control
X-Adobe-Source
X-Node-ID
X-WPE-Loopback-Upstream-Addr
X-Li-Proto
X-Fastly-Cache-Status
X-Worker
X-Check-Cacheable
X-SN
X-Request-URL
X-Powered-Y
X-ElasticPress-Search
WP-Super-Cache
X-App
Correlation-Id
L
X-Compress-Hint
Lb
X-Cache-Id
X-Varnish-Beresp-TTL
Backend-Name
X-ServerName