Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
CF-Ray
X-AH-Environment
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
X-Node
Content-Location
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-TTL
X-Country-Code
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-Vname
X-FTR-Request-ID
X-TtlSet
X-PC
Verso
Accept-Ch-Lifetime
X-ESI
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-Use-Magma
X-Cdn-Fetch
X-Kinja
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
Edge-Cache-Tag
RTSS
Ar-Sid
AR-Request-ID
AR-CACHE
AR-ATIME
AR-PoweredBy
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
Charset
X-NF-Request-ID
X-Cached
X-Accel-Expires
Pagespeed
Response
X-Middleton-Display
X-Sol
Display
X-Middleton-Response
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-MSEdge-Ref
X-TEC-API-VERSION
X-Vcap-Request-Id
X-Amz-Rid
Arr-Disable-Session-Affinity
TCN
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-Trace
X-SRCache-Store-Status
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
MS-Author-Via
S
Nginx-Cache
X-DynaTrace-JS-Agent
X-Shard
SPRequestDuration
SPIisLatency
X-Upstream
X-Id
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Amzn-Trace-Id
X-Grace
X-T
X-Edge-O15-RID
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
X-Recruiting
DynaTrace
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Server-ID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Node-Name
X-DIS-Request-ID
X-Mobile-URL
X-Cache-TTL
X-Element-Page-Cache
NR-ENABLED
X-FTR-Cache-Status
X-FTR-Expires
X-Jurisdiction
X-Country-Code-Real
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Frontend
Powered
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
Server-Node
Alternate-Protocol
TP-L2-Cache
TP-Cache
Server-Name
X-Logged-In
X-Correlation-Id
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
X-Page-Id
Refresh
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Rid
X-Akamai-Edgescape
X-Revision
X-User-Agent
X-F-Cache
X-Type
X-Varnish-Grace
X-CST
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-LB-Cache
X-B3-Sampled
X-Geo-Country
X-B
X-URL
X-Shield-Request-Id
X-Az
X-Activity-Id
X-AppVersion
X-FTR-Cache-Host
X-N
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-Kinsta-Cache
Cache-Status
X-Webapp-Samesite-None-Activated-N
X-Pad
X-TT
X-Cache-Age
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Instance
X-Debug-Info
X-Request-Guid
X-Signature
X-Tumblr-Pixel
X-Jobs
X-Framework
Actual-Object-TTL
X-App-Environment
X-Tumblr-User
X-Tumblr-Pixel-0
X-B-Cache
X-Time
Paypal-Debug-Id
X-Webkit-Csp
Access-Control-Allow-Method
X-Cache-Action
X-PHP-Backend
DC
X-FB-Debug
X-Load-Cache
X-Analytics
X-RateLimit-Remaining
X-Cached-By
X-Git-Hash
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Varnish-Backend
Surrogate-Key
X-Tt-Trace-Tag
Fastcgi-Useragent
Host-Header
X-Tt-Trace-Host
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
MS-CV
X-ATG-Version
X-SS-Set-Cookie
FilterID
X-WA-Info
X-FastCGI-Cache
Tracecode
X-Cluster
X-Cache-Key
X-Response-Served-From
NGB
X-Accel-Buffering
Host
X-Mobile
X-B3-Traceid
WPE-Backend
X-Host-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Payment
X-Cache-NE
Source
X-Varnish-Server
Eomportal-Instance
X-Cache-Rule
X-Hostname
X-Cache-2
X-Region
X-Via-JSL
Frame-Options
Xserver
X-Cache-Operation
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-Srv
X-FW-Type
X-Is-Bot
Cache-Tv-Group
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-Cache-Enabled
X-Rendered-As
X-ORACLE-APMCS-TAG
X-IPS-LoggedIn
X-ORACLE-APMCS-REQUEST-ID
X-GeoIP
X-Cacheable-TTL
Filters
X-Adobe-Content
X-Adobe-Loc
X-NewRelic-App-Data
X-RequestSource
X-TX-ID
X-Origin-Response-Time
X-Presslabs-Stats
X-NWS-LOG-UUID
X-EdgeConnect-Cache-Status
X-Seen-By
Retry-After
Cleartype
X-Ruxit-Js-Agent
X-Cache-TTL-Remaining
Server-Info
X-VCache
Accept-CH
X-ProcessESI
Cache
X-RemovedCookies
X-HTML-Minification-Powered-By
Liferay-Portal
X-RTag
Ms-Operation-Id
Datacenter
X-Source
X-UA
X-Ttl
X-Cache-Control
X-FireWall-Port
X-Environment-Context
X-Dc
X-L-Path
X-Upgrade-Enabled
X-App-Server
Healthy
X-Endurance-Cache-Level
X-Cache-Server
From-Origin
X-CACHE-KEY
Accept-CH-Lifetime
X-PressLabs-Stats
X-Esi
X-APP-VERSION
X-Handled-By
X-RateLimit-Limit
X-Status
X-Backend-Name
X-Rule
Version
X-Cache-Var
X-ES-SERVER
Meta-Geo
X-Path-Route
X-Cache-Var-Map
X-Wix-Request-Id
X-RN-RSRV
X-Format
X-Section
X-Timing-Wait
Selected-Fe
X-Access
X-Proxy-Build
X-Request-Time
OT-Force-Account-Verify
X-Tb
X-EIG-Tracking-Id
X-OCL
Mn-Server-Ip
X-Goog-Meta-Goog-Reserved-File-Mtime
Akamai-GRN
X-Alternate-Cache-Key
X-Origin
X-ProxyCache-Status
X-ProxyCache-Key
X-Storage
Azure-InstanceId
X-Sorting-Hat-ShopId
Srv
X-Proto
X-PCL
Azure-SlotName
X-ShopId
X-ShardId
Azure-RegionName
X-Human
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Akamai-Request-ID
X-Content-Age
Azure-Version
X-BYPASS-REASON
Cache-Tags
Azure-SiteName
X-Hosted-By
X-FW-Dynamic
X-Generated-By
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-LJ-Flow-ID
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-Hyper-Cache
NGX
DB-Nickname
Now
X-MP-GENERATED-AT
X-Qloud-Router
X-JoinUs
X-Hl-Ver
X-Proxy
X-Redis-Cache
Node
Ec-Rule-Version
X-Soup
X-Debug-Cache
X-SaId
X-AWS-Id
X-ServerID
X-Time-Microsecs
X-NYM-Debug-Backend
X-Web-Node
X-Akamai-Request-ID2
X-FC-Vary-Parameters
S-Rt
X-Vgn-Hpd-Reason
X-UUID
X-Proxy-Cache-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cluster-Node
X-Viewer-Country
X-Cache-Host
X-VWS-Id
X-Cache-Config
X-Detected-As
X-IP
X-Varnish-Hits
X-Www-Served-By
Cross-Origin-Window-Policy
X-CCM
Webcakes-Region
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Site-Version
X-RCS-CacheZone
Property-Id
X-BCube-Filmed-By
TWC-Locale-Group
TWC-Privacy
X-SayCDN-TTL
X-Locale
X-Say-TTL
X-Generated
X-Origin-Hint
Webcakes-App-Name
Webcakes-App-Version
X-Say-Cacheable
X-Akamai-Transformed
X-Loop
X-FB-TRIP-ID
X-R9-Blue-Green-Version
X-TNCMS
GEO-INFO
X-Xfnlog-Site
X-Amzn-Remapped-Content-Length
Accept-Charset
L5d-Success-Class
X-NCache
X-Unique-Id
X-CS
Cache-Name
Viewport
Uber-Trace-Id
X-Trafficlayer-App-Name
X-Drupal-Cache-Tags
X-Trafficlayer-App-Scope
Time
Webserver
Cache-Key
X-UA-Device-Type
X-Backend-TTL
Mime-Version
X-CDN-Forward
X-Cache-Remote
X-UnsetCookies
X-Mode
X-From
VIX-Pulpo-Upstream-Status
X-Forwarded-Host
VIX-Pulpo-Node
X-Origin-TTL
Accept-Language
X-Origin-CC
X-Drupal-Cache-Contexts
Rt-Fastcgi-Cache
Country
X-Cluster-Name
X-Newrelic-Synthetics
X-B3-Spanid
Odigeo-Trace-Id
X-Info
X-Microcachable
X-Whom
X-TT-TIMESTAMP
X-Edge-Location
X-NGENIX-Cache
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-PERF
X-ApacheServer
X-Geo
X-Daa-Tunnel
Content-Disposition
ServedBy
X-UPSTREAM-Address
X-EC-Lua
Proxy-Connection
X-Zipkin-Id
X-Routing-Service
Ohc-Cache-HIT
Ohc-File-Size
X-Proxied
X-Device-Type
X-Via-Fastly
Cf-Ipcountry
X-No-Session
X-Uri
X-Region-Sid
T-Server
X-CF-Lambda-Version
Content-Style-Type
X-Connection-Hash
GEO-REGION-INFO
X-CF-Lambda-Fn
X-G
X-ScT
X-Session-Fingerprint
X-Sigma
X-Sigma-Backend
X-S-Cookie
X-S
X-D
X-Rocket-Build-Number
X-Rojux
X-Request-UUID
Content-Script-Type
Apple-News-Services-Request-Url
Meta-Geo-Continent
AsisCache
X-GeoIP-Country-Code
Machine
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
BehaviorPad-Version
Mobile-Detection-Method
Fastcgi-X-Cache-Version
X-External-Request-Id
X-Date
X-Destination
X-SRCache-Key
X-Geo-Header
MD5-Digest
Rendered-Blocks
X-Rewrite-Enabled
X-VG-WebCache
X-Twitter-Response-Tags
X-ARC
X-A
X-A-Dam
X-A-Ccd
X-DPWN-IS-SECURE
W
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebServer
X-B-Cookie
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
VivaBuild
Xc-Version
X-Application
X-Aed
X-A-Dcw
Viewtype
X-Accel-Expires-Debug
X-A-Wwc
X-Trv-Group
X-Transaction
X-A-Dgt
HitType
X-PHP-Host
X-Labrador-Cache-Channel
Geo-Info
X-C
User-Cache-Control
X-Agile
X-Wikidot-Static-Cache
Powered-By
X-Agile-Id
X-Hit
X-Wikidot-Backend
X-Auto-Login
CDCHOST
Locid
Environment
X-Agile-Age
X-Developers
X-WebServer
X-Logging-Id
Ha-Gx-Prefs
X-TrackingId
X-Render-Time
X-Real-IP
Section-Io-Cache
X-Tumblr-Pixel-3
X-SIPLIST1
X-Thanos
X-Cache-ASPX
X-Epic-Correlation-Id
X-Cache-Debug
IsBot
X-Bip
X-App-Name
X-Distil-CS
X-Varnish-Authentication
X-Contensis-Viewer-Groups
HA-Ipaddr
Fastly-Soc-X-Request-Id
X-VC-Cache
X-CUA
X-Ah-Environment
X-Eu-Site
Gh-Request-Id
Server-Surrogate-Control
Server-Cache-Control
X-CGP
X-Backend-State
X-Cache-Time
X-GoCache-CacheStatus
X-Nc
X-Dispatcher-Server
X-Cache-URL
X-Cache-Bucket
X-Cache-Info
X-Cache-Backend
X-Block-Status
X-Azure-Ref
X-BBXSRF
X-Cdn-Srv
X-Clara-WADP
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cms-Context
X-Core-Mission
X-Debug-Log
X-IN-APIGATEWAY
X-TT-LOGID
X-Trace-Id
X-Urbn-Context-Path
Fastly-SIE
X-Servername
X-Urbn-Site-Id
X-Swa-Ws
X-SVT-ORM-VERSION
X-Server-W
X-Request-URI
Fastly-SWR
X-Sucuri-Cache
X-SVT-ORM-RULES
X-WADP-Cache
X-Webstats-RespID
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-VServer
X-TH-Server
X-LI-UUID
X-FW-Version
X-We-Are-Hiring
Access-Control-Request-Headers
Countrycode
Fastly-SSL
IBM-Web2-Location
Memcached
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-User
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Rebelmouse-Surrogate-Control
X-Irp-Debug
X-Hash
X-GeoIP-City
X-Fetched-On
X-Fastly-Cache
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-Rebelmouse-Cache-Control
X-Clientip
X-Origin-Expires
X-Origin-Date
X-OVcl
X-OVcl-Cache
X-Proxy-Upstream
X-Owner
X-NX-Host
X-NodeID
X-Micro-Cache
X-Key
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-Distributor
X-Gamma-Serve
RNT-Machine
Cdncip
Cache-Host
RNT-Time
Server-ID
AKAMAI
Cdnsip
Request-EU
Mail-Subject
Kp-EeAlive
Heartbleed
Fastly-Backend-Name
Request-Country
Country-Code
Locale
Server-Int
V-Age
X-Varnish-Beresp-Status
X-AK-Request-ID
We-Hiring
Web-Mar-Node
True-Client-Country-4JS
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Oneagent-Js-Injection
X-Req
X-Has-Esi
X-Cache-Tags
FNAC-ModuleRouting
X-Thinkindot-L3
X-Internal-Host
X-TA-CDN-Provider
X-ServiceProvider
X-Trafficlayer-App-Version
X-Reboot
X-Nginx-Cache
X-Old-Content-Length
Is-Eu
X-Generated-On
X-Matched-Rule
Adler-Geo
ServerName
X-Service
X-Level-Front-Cache
Platform
Wxu-Next-Hostname
Thinkindot-CacheControl
X-Variation
Thinkindot-CacheControl-Type
Wxu-Next-Commit
Thinkindot-Control
X-Is-Gdpr
X-Up
Server-Host
Wxu-Next-Region
X-NU-AKA-ACS-Version
X-JWT-State
PFcat
X-Platform-Server
X-Core-Value
Filterid
X-Location
X-App-Version
X-S-Maxage
X-SERVER
Cache-Hits
X-Lb-Id
X-Response-By
RequestId
X-Air-Hostname
X-B3-Parentspanid
X-CSRF-TOKEN
X-Parent-Response-Time
X-Cache-Expired-At
Group
X-Refresh
X-Var-Ttl
Pragrma
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
Memory
X-NC
S-Cnection
ProcessTime
Powered-By-ChinaCache
X-Wa
X-Ua
X-CF-Powered-By
X-Pjax-Url
X-B3-SpanId
X-Cdn-Forward
X-BACKEND-TTL
User-Agent
Origin
X-Server-IP
X-Pf-Uncompressing
X-CSRF-Token
X-Correlation-ID
X-Sucuri-ID
SRV
X-Varnish-Cacheable
Media-Length
Geoip-Latitude
X-Cdn-Request-ID
PICS-Label
TTL
X-NWS-UUID-VERIFY
Geoip-City
X-Vcl-Version
X-Via-CDN
GeoIp-Country-Code
X-COUNTRY
X-NGINX-Cache
X-Sucuri-Id
X-Oracle-Dms-Rid
X-Unique-ID
X-Servedbyhost
X-Developer
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
X-Litespeed-Cache
SN
X-Webkit-CSP
X-Cache-Grace
X-Sn-Servicetimems
X-Cdn-Origin
X-LAGOON
X-Node-Id
X-Ocache
X-Device-Os
Esi-Enabled
On-Server
M-TraceId
X-Via-Ucdn
X-AIR-PT
X-Reqid
X-Varnish-Ttl
XServer
X-TIME
X-Policy
X-MSEdge-Features
X-MSEdge-Flight
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
A
X-Planisys-CDN-Cache
X-HS-Status
X-Request-Host
X-FORWARDED-FOR
X-Cache-Status-Check
Cdn
Cloudfront-Viewer-Country
X-Request-Start
X-Azure-Ref-OriginShield
Hostname
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
HostName
X-Oss-Object-Type
X-Dynatrace
X-Beluga-Cache-Status
Who
X-Beluga-Node
X-Beluga-Trace
X-Beluga-Record
Rt-Proxy-Cache
Resin-Trace
X-Fastly-Country-Code
X-Beluga-Response-Time
X-Cache-Ttl
X-Beluga-Status
X-Ftr-Cache-Host
X-VHOST
X-ServedByHost
Host-ID
NtCoent-Length
Magicmarker
X-Method
GeoIP-Country-Code
X-Ratelimit-Remaining
X-VCL-Version
X-Varnish-URL
CF-Cached-On
X-DC
GeoIP-Latitude
X-Zone
Ttl
X-Bc
Pics-Label
X-APP
X-LiteSpeed-Cache-Control
MIME-Version
Tcn
GeoIP-City
X-Slack-Backend
X-Fastly-Backend-Reqs
X-Varnish-Url
Cteonnt-Length
Load-Balancing
X-DSS
X-Svr
X-VarnishDD-TTL
X-RSL
X-DI
X-Newrelic-App-Data
X-RPS
X-Action
X-DW
X-RPM
X-DB
X-PF-Uncompressing
Ohc-Response-Time
X-Be
WebServer
Pramga
X-Ratelimit-Limit
Vix-Hermes-Req-Id
X-PJAX-URL
X-Dispatch
Arc-Country
X-Ftr-Request-Id
X-SRV
Amp-Access-Control-Allow-Source-Origin
DSUID
X-Swift-Error
X-Server-Time
X-Skip-Cache
X-PAYTM-SRV-ID
X-Processor
X-Cache-FS-Status
CACHE
X-VCT
Release
X-MServer
Processtime
X-ND-Cache
X-Flog
X-Hello
X-FPC
X-Hp-Ccpa-Warning
Fastly-Drupal-HTML
X-BE
X-ABtesting
X-Tid
X-DevSite-Last-Modified
X-Dynatrace-Js-Agent
Servername
X-WR-MODIFICATION
X-Served-From
X-Edge-Server
Cache-Provider
Cdn-Request-Time
Cdn-Host
X-Configured-By
X-HostName
X-Aicache-OS
N-Cache
X-ID
X-Frame-Option
CF-IPCountry
Pagetype
X-SD-PageType
X-Fastly-Cache-Hits
X-Bc-Bl
X-Upstream-Ht
X-Ftr-Balancer
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Realm
X-Upstream-Ct
Dynatrace
X-StackifyID
Lfy
X-Snapshot-Date
X-Amzn-Remapped-Date
SD-X-WS
CDN
Requestid
X-Amzn-Remapped-Connection
X-WA
X-LB-ID
X-Branch-Name
X-CACHE-AGE
X-Varnish-Beresp-TTL
X-SN
X-Edge-IP
X-Request-Url
X-ZONE
X-Cache-Id
X-Backend-Host
X-Apw-Access-Token
Proxy-Firewall
Warning
X-Compress-Hint
X-VC
X-SB
D-Cc-Upstream
X-Apw-Access-Action
X-Apw-Access-Object
V-Cache
L
X-Cc-Via
X-Cc-Req-Id
X-Apw-Hits
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
WZWS-RAY
X-Fpc
Section-Io-Id
X-WPE-Loopback-Upstream-Addr
Backend-Name
Correlation-Id
X-App
X-ServerName
Lb
X-Release
X-Via-NSCOPI
X-BC
X-Worker
X-Request-URL
X-Check-Cacheable
X-Powered-Y
X-ElasticPress-Search
WP-Super-Cache
X-Fastly-Cache-Status