Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
CF-Ray
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
EagleId
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
X-UA-Device
Feature-Policy
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Ruxit-JS-Agent
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
P3p
X-Akam-SW-Version
Rating
Edge-Control
X-Dns-Prefetch-Control
Pinterest-Generated-By
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-TTL
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Kinja
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Variant
X-Exp-Id
X-Forwarded-Proto
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Build
X-Version
X-Vcache
X-MS-InvokeApp
RTSS
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
X-Server-ID
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-CACHE
AR-ATIME
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Navigation-Version
X-Vcap-Request-Id
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
X-MSEdge-Ref
Display
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-VARITI-CCR
Public-Key-Pins
X-Fastly-Request-ID
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-CMS
MS-Author-Via
Nginx-Cache
Cache-Tag
X-Cdn
X-Client-IP
Realpath
X-Trace
X-Edge-O15-RID
X-Ser
Access-Control-Request-Method
X-Content-Type
MRF-Tech
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Shard
X-Upstream
X-Jurisdiction
X-Hp-Webp
X-Grace
X-Id
X-Ezoic-Cdn
S
X-DynaTrace-JS-Agent
X-Forwarded-For
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Cache-TTL
X-Hits
X-T
Fastcgi-Cache
Nel
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Varnish-Age
X-Node-Name
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Content-Digest
X-Mobile-URL
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
ServerID
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
TP-Cache
X-HS-Combine-CSS
TP-L2-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-GUploader-UploadID
Powered
X-CST
X-Logged-In
Alternate-Protocol
Server-Name
X-XRDS-Location
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
Fastly-Restarts
X-Cache-Hit
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Request-Received
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Content-Options
X-FTR-Cache-Host
X-User-Agent
X-Page-Id
Refresh
X-Content-Security-Policy-Report-Only
X-Zen-Fury
X-F-Cache
X-Origin-Server
X-Akamai-Edgescape
X-Rid
X-Varnish-Grace
X-Revision
X-Type
X-B
X-LB-Cache
X-Content-Powered-By
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
X-B3-Sampled
X-Geo-Country
Cache-Status
X-XRDS-LOCATION
X-AppVersion
X-Az
X-Activity-Id
X-URL
X-N
X-Kinsta-Cache
X-Cache-Action
X-TT
X-AOL-HN
X-Cache-Age
Access-Control-Allow-Method
X-Signature
X-WebKit-CSP-Report-Only
X-Jobs
X-Framework
X-Debug-Info
X-B-Cache
X-Time
X-FB-Debug
Paypal-Debug-Id
X-Cached-By
X-Instance
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Actual-Object-TTL
X-NWS-LOG-UUID
X-Git-Hash
X-Request-Guid
X-Load-Cache
X-App-Environment
X-PHP-Backend
Fastcgi-Useragent
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Pad
X-Amz-Replication-Status
DC
X-Shield-Request-Id
X-Varnish-Backend
X-RateLimit-Remaining
X-Webkit-Csp
Host-Header
X-ATG-Version
Host
X-WA-Info
Surrogate-Key
X-IPLB-Instance
MS-CV
X-ORACLE-APMCS-TAG
X-Contextid
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Erf-Bev-Bev
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
X-Accel-Buffering
NGB
X-Response-Served-From
Frame-Options
X-FastCGI-Cache
Payment
X-SS-Set-Cookie
X-Cache-NE
Source
Eomportal-Instance
X-Region
X-Cache-2
Xserver
Retry-After
X-Origin-Response-Time
X-Varnish-Server
X-Hostname
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Serve
X-Cluster
X-GeoIP
Tracecode
X-FW-Type
X-Srv
WPE-Backend
Filters
X-IPS-LoggedIn
X-Seen-By
X-Cacheable-TTL
X-Varnish-Hostname
X-Adobe-Loc
Cache-Tv-Group
X-Adobe-Content
FilterID
X-Cache-Operation
Liferay-Portal
X-Rendered-As
X-RequestSource
X-Is-Bot
X-Tumblr-Pixel-1
X-Cache-Rule
X-Tumblr-Pixel-2
X-Cache-Enabled
X-NewRelic-App-Data
X-Cache-Key
Server-Info
X-ProcessESI
X-RemovedCookies
X-App-Server
X-TX-ID
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-Analytics
X-Presslabs-Stats
X-CACHE-KEY
Cleartype
X-Webapp-Samesite-None-Activated-N
X-L-Path
X-Environment-Context
Accept-CH
X-FireWall-Port
X-Handled-By
X-B3-Traceid
X-Source
X-RTag
Ms-Operation-Id
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-Dc
X-Cache-Server
From-Origin
Srv
Accept-Charset
X-Backend-Name
Datacenter
X-Ttl
X-PressLabs-Stats
X-HTML-Minification-Powered-By
X-UA
X-UUID
Accept-CH-Lifetime
X-RN-RSRV
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-Wix-Request-Id
X-Proxy-Build
X-Section
X-Timing-Wait
OT-Force-Account-Verify
X-Access
X-Tb
Selected-Fe
X-Format
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Akamai-Request-ID
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Request-Time
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-Cache-Config
X-Alternate-Cache-Key
X-Proto
X-ShardId
X-ShopId
Mn-Server-Ip
Cache-Tags
Healthy
X-Origin
X-BYPASS-REASON
X-ProxyCache-Key
X-FC-Vary-Parameters
X-NYM-Debug-Backend
X-PCL
X-JoinUs
X-Hl-Ver
X-LJ-Flow-ID
X-Yottaa-Optimizations
X-ProxyCache-Status
X-Yottaa-Metrics
X-OCL
X-Proxy-Cache-Status
X-AWS-Id
X-Status
X-VWS-Id
Akamai-GRN
X-Soup
X-Vgn-Hpd-Reason
X-ServerID
Node
X-Qloud-Router
X-Akamai-Request-ID2
NGX
X-SaId
Decoy-Debug-Status
X-FB-TRIP-ID
DB-Nickname
Decoy-Debug-Key
X-CCM
Version
X-BCube-Filmed-By
Now
X-Akamai-Transformed
Cross-Origin-Window-Policy
X-MP-GENERATED-AT
X-APP-VERSION
X-FW-Dynamic
X-Storage
X-Time-Microsecs
Origin-Cache-Control
Origin-Edge-Control
X-Pubstack
X-Proxy
X-Hyper-Cache
X-Hosted-By
X-Viewer-Country
Decoy-Debug-TTL
X-Www-Served-By
Property-Id
X-Xfnlog-Site
TWC-Connection-Speed
X-Debug-Cache
X-SayCDN-TTL
X-Web-Node
X-Say-TTL
X-Say-Cacheable
X-Human
TWC-Device-Class
TWC-Privacy
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
X-Origin-Hint
X-Loop
X-Locale
X-RCS-CacheZone
Webcakes-Region
TWC-GeoIP-LatLong
X-TNCMS
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
TWC-GeoIP-Country
X-Varnish-Hits
Azure-SlotName
Azure-RegionName
Azure-InstanceId
Azure-Version
Azure-SiteName
X-Cluster-Node
X-Generated
X-Generated-By
X-Site-Version
X-RateLimit-Limit
S-Rt
X-NCache
Ec-Rule-Version
X-Redis-Cache
X-Daa-Tunnel
X-Cache-Control
X-Detected-As
X-IP
GEO-INFO
X-Whom
X-Cache-Host
Cache-Key
X-UA-Device-Type
X-Unique-Id
X-Drupal-Cache-Tags
Cache
X-Rule
X-NGENIX-Cache
L5d-Success-Class
X-VCache
X-Mode
Webserver
X-Forwarded-Host
Section-Io-Cache
X-Esi
Cache-Name
X-CS
X-UnsetCookies
Viewport
Content-Disposition
X-Info
Mime-Version
X-VHOST
Accept-Language
Time
X-Origin-CC
X-ApacheServer
X-Varnish-Cache-Hits
Rt-Fastcgi-Cache
X-Backend-TTL
X-Origin-TTL
X-PERF
Uber-Trace-Id
X-Newrelic-Synthetics
ServedBy
Country
X-B3-Spanid
X-Cache-Remote
X-CDN-Forward
Odigeo-Trace-Id
X-Device-Type
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-EC-Lua
X-From
X-Magnolia-Registration
X-Via-Fastly
Geo-Info
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-Uri
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Microcachable
X-Nc
HitType
X-TT-TIMESTAMP
Access-Control-Request-Headers
Filterid
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Real-IP
X-Geo
Ohc-File-Size
Cf-Ipcountry
X-A-Dcw
X-A-Ccd
X-A-Wwc
X-A-Dgt
VivaBuild
X-Rewrite-Enabled
Viewtype
W
X-A
X-S
X-D
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Transaction
X-Date
X-Accel-Expires-Debug
X-Aed
X-Rocket-Build-Number
X-Destination
T-Server
X-Geo-Header
GEO-REGION-INFO
X-External-Request-Id
X-GeoIP-Country-Code
Mobile-Detection-Method
Meta-Geo-Continent
Machine
MD5-Digest
X-G
Fastcgi-X-Cache-Version
Content-Style-Type
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
X-DPWN-IS-SECURE
Apple-News-Services-Request-Url
AsisCache
Content-Script-Type
Rendered-Blocks
BehaviorPad-Version
X-Application
X-A-Dam
X-Vtex-Remote-Cache
X-SRCache-Key
X-Vdms-Version
X-CF-Lambda-Version
X-B-Cookie
X-Session-Fingerprint
X-Connection-Hash
X-VG-TLSProxy
X-CF-Lambda-Fn
X-VG-WebCache
X-Region-Sid
X-Sigma-Backend
X-Sigma
X-Twitter-Response-Tags
X-VG-WebServer
X-ARC
X-Vtex-Processado-Em
X-ScT
X-Rojux
X-S-Cookie
X-Trv-Group
Xc-Version
X-Labrador-Cache-Channel
X-PHP-Host
X-C
X-Cache-Time
Cache-Hits
Fastly-SIE
Fastly-Soc-X-Request-Id
X-Thanos
X-Rebelmouse-Cache-Control
X-Eu-Site
IsBot
X-App-Name
X-Hit
X-Cache-Debug
X-SIPLIST1
Countrycode
X-App-Version
CDCHOST
Fastly-SWR
X-Rebelmouse-Surrogate-Control
Environment
X-CUA
X-Agile-Id
X-Agile-Age
HA-Ipaddr
Ha-Gx-Prefs
X-CGP
X-WebServer
X-Agile
X-Request-UUID
X-Var-Ttl
Locid
X-Bip
X-Clientip
X-Cache-Expired-At
X-Developers
X-Logging-Id
X-VC-Cache
Powered-By
X-Distil-CS
Group
X-No-Session
X-GoCache-CacheStatus
Mail-Subject
X-Gamma-Serve
X-Fetched-On
X-Cache-Tags
X-Cdn-Srv
Platform
Server-Cache-Control
X-Backend-State
We-Hiring
X-Debug-Log
X-Cms-Context
V-Age
X-Debug-Cookies
X-Azure-Ref
X-Core-Mission
X-Contensis-Viewer-Groups
X-Air-Hostname
X-Auto-Login
True-Client-Country-4JS
X-Dispatcher-Server
RNT-Machine
Request-EU
Request-Country
X-Epic-Correlation-Id
X-Cache-ASPX
RNT-Time
Server-Surrogate-Control
Server-Int
Server-ID
X-Distributor
Pragrma
X-Instart-Isnd
X-Ms-Version
X-Ms-Request-Id
X-Wikidot-Backend
X-Trace-Id
X-Platform-Server
X-Proxy-Upstream
X-Swa-Ws
X-Tumblr-Pixel-3
X-RateLimit-Remaining-Second
X-TrackingId
X-RateLimit-Limit-Second
X-Nginx-Cache-Key
Locale
X-Origin-Expires
X-OVcl
Ohc-Cache-HIT
X-OVcl-Cache
X-SVT-ORM-VERSION
X-Origin-Date
X-NodeID
X-Servername
X-Wikidot-Static-Cache
X-NX-Host
X-Owner
X-Up
X-SVT-ORM-RULES
X-Variation
X-Urbn-Context-Path
X-GeoIP-City
X-Has-Esi
Gh-Request-Id
X-Request-URI
Kp-EeAlive
X-Generated-In
Is-Eu
IBM-Web2-Location
Heartbleed
X-Hash
Country-Code
Adler-Geo
X-Is-Gdpr
X-JWT-State
AKAMAI
X-Varnish-Authentication
X-IN-APIGATEWAY
X-Urbn-Site-Id
X-IN-APIGATEWAYSSL
Cache-Host
User-Cache-Control
X-Edge-Location
Fastly-SSL
X-We-Are-Hiring
X-Clara-WADP
X-VServer
X-Req
X-WADP-Cache
X-Core-Value
X-ServiceProvider
X-Webstats-RespID
X-TT-LOGID
X-Service
X-Trafficlayer-App-Scope
X-TH-Server
X-Level-Front-Cache
X-Li-Fabric
X-Li-Pop
X-Irp-Debug
X-Fastly-Cache
X-FW-Version
X-Generated-On
X-Generation-Time
X-LI-Proto
X-LI-UUID
X-Debug-Cache-Fetch
X-Trafficlayer-App-Version
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Trafficlayer-App-Name
X-Matched-Rule
X-Micro-Cache
X-Thinkindot-L3
X-Server-W
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
FNAC-ModuleRouting
Wxu-Next-Commit
PFcat
ServerName
Cdnsip
Fastly-Backend-Name
Cdncip
Memcached
S-Cnection
Wxu-Next-Hostname
X-Nginx-Cache
Wxu-Next-Region
X-BBXSRF
X-Cache-URL
X-Cache-Info
X-AK-Request-ID
X-UPSTREAM-Address
X-Gen-Mode
X-Lb-Id
X-Block-Status
X-NU-AKA-ACS-Version
X-Hnp-Log
X-Reboot
X-S-Maxage
Web-Mar-Node
X-Cache-Bucket
X-Response-By
X-SERVER
X-Refresh
X-Old-Content-Length
X-Render-Time
X-Wa
RequestId
X-Cache-Backend
X-CSRF-TOKEN
X-User
X-Varnish-Cacheable
Powered-By-ChinaCache
X-Oss-Request-Id
X-Ua
X-Node-Id
X-Sucuri-ID
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
Origin
X-Parent-Response-Time
X-Key
X-Internal-Host
X-TA-CDN-Provider
X-Tec-Api-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Root
X-NC
X-Tec-Api-Origin
X-Pjax-Url
X-Developer
User-Agent
X-Sucuri-Cache
X-Cache-Status-Check
X-Ua-Device
X-BACKEND-TTL
X-Cache-Grace
X-Location
X-Cdn-Origin
Hostname
X-Sn-Servicetimems
X-Device-Os
X-LAGOON
X-Cdn-Forward
X-Correlation-ID
X-NWS-UUID-VERIFY
X-Ocache
X-CSRF-Token
X-CF-Powered-By
A
ProcessTime
X-Pf-Uncompressing
On-Server
X-Via-CDN
Memory
X-B3-Parentspanid
SRV
X-MSEdge-Flight
X-MSEdge-Features
Cloudfront-Viewer-Country
X-Unique-ID
Geoip-City
TTL
Geoip-Latitude
GeoIp-Country-Code
X-NGINX-Cache
X-Vcl-Version
X-COUNTRY
X-Request-Host
PICS-Label
X-Ruxit-Js-Agent
X-Server-IP
X-Servedbyhost
X-Varnish-URL
X-Webkit-CSP
X-Litespeed-Cache
X-B3-SpanId
Cdn
X-Varnish-Ttl
X-Oneagent-Js-Injection
Resin-Trace
XServer
X-TIME
SN
X-Cdn-Request-ID
M-TraceId
Tcn
Media-Length
CACHE
X-HS-Status
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
X-FORWARDED-FOR
X-Action
Host-ID
X-Ratelimit-Remaining
X-Via-Ucdn
X-ServedByHost
Who
Arc-Country
X-Server-Time
X-Cache-Ttl
X-Slack-Backend
X-Beluga-Trace
X-PAYTM-SRV-ID
X-Beluga-Cache-Status
X-Cache-FS-Status
Pramga
X-Beluga-Node
X-Beluga-Record
X-Beluga-Status
X-Dispatch
X-Beluga-Response-Time
X-Processor
HostName
X-RPS
X-Fastly-Country-Code
X-RPM
X-DSS
X-DW
X-Skip-Cache
X-RSL
GeoIP-Country-Code
X-DB
X-DI
X-ND-Cache
Pics-Label
Section-Io-Id
X-VCL-Version
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Served-From
Esi-Enabled
GeoIP-Latitude
X-AIR-PT
X-Edge-Server
Cdn-Host
Cdn-Request-Time
Section-Origin-Responded
X-Reqid
X-Sucuri-Id
NtCoent-Length
GeoIP-City
Fastly-Drupal-HTML
X-DC
X-Dynatrace-Js-Agent
X-Bc-Bl
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Policy
X-PF-Uncompressing
Amp-Access-Control-Allow-Source-Origin
Ttl
X-Hello
X-Planisys-CDN-Rules
X-Flog
X-DevSite-Last-Modified
X-VarnishDD-TTL
X-ABtesting
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
CF-Cached-On
MIME-Version
Fusion-Deployment-Id
N-Cache
X-Varnish-Url
X-Bc
X-Request-Start
X-Azure-Ref-OriginShield
X-Zone
X-Adobe-Source
X-APP
X-Newrelic-App-Data
Rt-Proxy-Cache
X-Ratelimit-Limit
X-Backend-Host
X-HostName
Trailer
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-FPC
Cache-Cookie-Set-From
X-SRV
WebServer
X-Fastly-Backend-Reqs
X-PJAX-URL
X-Swift-Error
X-Dynatrace
X-BE
X-Method
Magicmarker
X-Amzn-Remapped-Date
X-Fpc
X-Scheme
X-Fmm-Version
Processtime
Cteonnt-Length
X-Amzn-Remapped-Connection
Servername
X-ZONE
Cache-Provider
X-ID
X-WA
X-BC
FSS-Cache
FSS-Proxy
X-WR-MODIFICATION
X-Frame-Option
Ohc-Response-Time
X-SN
X-LB-ID
CF-IPCountry
X-Esi-Check
X-Cache-Id
Lb
Requestid
Sid
X-Snapshot-Date
L
X-Branch-Name
X-Compress-Hint
X-StackifyID
CDN
Dynatrace
X-CACHE-AGE
X-Ftr-Cache-Host
WZWS-RAY
V-Cache
X-Tid
X-Aicache-OS
X-Cc-Via
X-Cc-Req-Id
X-Be
D-Cc-Upstream
X-Apw-Access-Action
X-Apw-Hits
Warning
X-Apw-Access-Token
X-Gzip
X-Apw-Access-Object
X-Svr
X-Request-Url
X-Cache-NGX
X-Fastly-Cache-Hits
X-VC
Release
X-SB
X-App
X-Litespeed-Cache-Control
X-SD-PageType
X-GEO
SD-X-WS
Backend-Name
X-Fastly-Cache-Status
X-ElasticPress-Search
Vix-Hermes-Req-Id
X-Varnish-Beresp-TTL
X-Check-Cacheable
WP-Super-Cache
X-Request-URL
X-WPE-Loopback-Upstream-Addr
X-Worker
Correlation-Id
Lfy
X-Powered-Y
Cneonction