Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
CF-RAY
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-UA-Compatible
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
Timing-Allow-Origin
X-DNS-Prefetch-Control
X-Iinfo
X-AspNetMvc-Version
X-Ua-Compatible
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
X-CDN
Content-Encoding
Upgrade
Access-Control-Expose-Headers
Access-Control-Max-Age
Keep-Alive
X-Kinja-Server-Push
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Age
X-Server
X-Via
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-UA-Device
X-Hacker
X-Ws-Request-Id
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
Report-To
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-WebKit-CSP
X-Host
X-Device
EagleEye-TraceId
X-OneAgent-JS-Injection
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-ORACLE-DMS-ECID
X-HW
X-Application-Context
X-DataDome
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-ORACLE-DMS-RID
NEL
X-Cache-Lookup
X-Mod-Pagespeed
Edge-Control
X-Rack-Cache
Rating
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
X-DynaTrace
X-Varnish-TTL
X-Country-Code
Allow
X-Instart-Request-ID
X-TtlSet
X-Goog-Hash
X-Vname
X-PC
Accept-Ch
X-TTL
X-FTR-Request-ID
X-ESI
Verso
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-Url
X-B3-TraceId
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
Edge-Cache-Tag
RTSS
X-Px
AR-ATIME
Ar-Sid
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-D2id
X-Debug
X-Abt-Application-Version
Charset
X-Server-Name
X-NF-Request-ID
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Powered-CMS
X-Accel-Expires
X-MSEdge-Ref
X-Cached
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Vcache
X-TEC-API-ROOT
Arr-Disable-Session-Affinity
Pagespeed
X-Middleton-Display
X-Sol
Display
X-Navigation-Version
X-Middleton-Response
X-Vcap-Request-Id
Response
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Pinterest-Version
X-SharePointHealthScore
X-Pinterest-Rid
TCN
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Fastcgi-Cache
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Client-IP
S
X-Upstream
X-DynaTrace-JS-Agent
X-Fastly-Request-ID
X-Ser
MS-Author-Via
X-Shard
SPIisLatency
SPRequestDuration
X-Id
X-Hp-Webp
X-Forwarded-For
DynaTrace
X-Ezoic-Cdn
Nginx-Cache
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Content-Type
X-T
X-Amz-Meta-S3cmd-Attrs
X-Amzn-Trace-Id
X-Recruiting
X-Grace
Front-End-Https
Fastcgi-Cache
X-Hits
X-Varnish-Age
X-DIS-Request-ID
ServerID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-Mobile-URL
X-Server-ID
NR-ENABLED
X-Node-Name
X-Element-Page-Cache
X-Content-Digest
X-HS-Hub-Id
Powered
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
X-Edge-O15-RID
X-HS-Combine-CSS
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-FTR-Expires
X-Country-Code-Real
X-FTR-Cache-Status
Server-Name
Nel
Alternate-Protocol
X-FTR-DC
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
X-Logged-In
TP-L2-Cache
TP-Cache
X-Correlation-Id
Server-Node
AMP-Access-Control-Allow-Source-Origin
X-Cache-TTL
X-Request-Received
X-Request-Processing-Time
X-Webkit-Csp
X-Shield-Request-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Webapp-Samesite-None-Activated-N
X-Jurisdiction
Upgrade-Insecure-Requests
X-XRDS-Location
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Content-Options
Refresh
X-Origin-Server
X-Rid
X-Revision
X-Akamai-Edgescape
X-User-Agent
X-ATS-Timestamp
X-F-Cache
X-Amzn-RequestId
X-Varnish-Grace
X-Cache-Hit
Backend-Timing
X-Amz-Apigw-Id
X-XRDS-LOCATION
X-URL
X-Type
Fastly-Restarts
X-Content-Powered-By
X-Pad
X-Geo-Country
X-Zen-Fury
X-Activity-Id
X-Az
X-B3-Sampled
X-AppVersion
X-LB-Cache
X-N
X-B
X-Analytics
X-Kinsta-Cache
X-FTR-Cache-Host
PB-RID
PB-PID
X-RateLimit-Remaining
X-TT
X-Mobile-Rewrite
Arc-Version
X-Cache-Age
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Framework
X-Ruxit-Js-Agent
Actual-Object-TTL
Paypal-Debug-Id
X-Request-Guid
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Jobs
X-App-Environment
X-CST
X-Instance
DC
X-B-Cache
Cache-Status
X-Debug-Info
X-Signature
Access-Control-Allow-Method
X-FB-Debug
X-PHP-Backend
X-Load-Cache
X-Cache-Action
X-Git-Hash
Surrogate-Key
X-Varnish-Backend
Fastcgi-Useragent
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Host-Header
X-Cached-By
X-Ttl
X-Tt-Trace-Tag
X-IPLB-Instance
X-FastCGI-Cache
FilterID
MS-CV
X-Contextid
X-Amz-Replication-Status
X-SS-Set-Cookie
X-Time
X-Tt-Trace-Host
X-Cluster
X-Cache-Key
X-ATG-Version
Tracecode
Frame-Options
NGB
X-Accel-Buffering
X-Response-Served-From
X-VCache
WPE-Backend
Accept-CH
X-Srv
X-Varnish-Server
Source
Eomportal-Instance
Host
X-Region
X-FW-Serve
X-Varnish-Hostname
X-FW-Type
X-FW-Server
X-FW-Static
X-Cache-NE
X-Adobe-Content
X-WA-Info
X-Adobe-Loc
Payment
X-Mobile
Filters
Cache-Tv-Group
X-Cache-Enabled
X-Cacheable-TTL
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-2
X-FW-Hash
X-GeoIP
X-IPS-LoggedIn
X-RequestSource
X-Host-Name
X-B3-Traceid
X-Is-Bot
X-TX-ID
X-Rendered-As
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Seen-By
Xserver
Cleartype
X-EdgeConnect-Cache-Status
X-Cache-Operation
X-Cache-Rule
X-Oneagent-Js-Injection
X-Via-JSL
X-Hostname
X-Cache-TTL-Remaining
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Origin-Response-Time
Cache
X-NewRelic-App-Data
Healthy
X-Presslabs-Stats
X-ORACLE-APMCS-REQUEST-ID
X-Cache-Control
X-ORACLE-APMCS-TAG
X-HTML-Minification-Powered-By
Accept-CH-Lifetime
Datacenter
Retry-After
X-Dc
X-ProcessESI
Server-Info
X-RemovedCookies
X-UA
Ms-Operation-Id
X-RTag
X-Rule
X-NWS-LOG-UUID
X-RateLimit-Limit
X-Cache-Server
Liferay-Portal
X-PressLabs-Stats
X-Status
X-Wix-Request-Id
X-L-Path
X-FireWall-Port
Version
From-Origin
X-Environment-Context
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Source
X-CACHE-KEY
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-Path-Route
X-Cache-Var
X-Handled-By
X-ES-SERVER
OT-Force-Account-Verify
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Tb
X-Content-Age
X-Backend-Name
X-Shopify-Stage
X-UUID
X-ShopId
X-Shopify-Generated-Cart-Token
X-EIG-Tracking-Id
X-Storage
X-ShardId
X-Proto
X-Alternate-Cache-Key
X-Hyper-Cache
X-Viewer-Country
Akamai-GRN
X-Web-Node
TWC-Connection-Speed
X-BYPASS-REASON
X-Cache-Host
X-Debug-Cache
X-Cache-Config
Now
Cache-Tags
Property-Id
Azure-Version
X-Section
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Azure-SlotName
NGX
Origin-Edge-Control
S-Rt
Azure-InstanceId
Origin-Cache-Control
Node
Azure-SiteName
Azure-RegionName
X-Akamai-Request-ID2
DB-Nickname
X-Request-Time
X-JoinUs
X-ServerID
X-Format
X-Access
X-Qloud-Router
X-VWS-Id
X-Soup
X-OCL
X-SaId
X-ProxyCache-Key
X-Proxy
X-PCL
X-Origin
X-ProxyCache-Status
X-Redis-Cache
X-Pubstack
X-Human
X-Origin-Hint
X-Time-Microsecs
X-Hl-Ver
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Goog-Meta-Goog-Reserved-File-Mtime
TWC-GeoIP-Country
X-Generated-By
X-Vgn-Hpd-Reason
TWC-Privacy
Webcakes-App-Name
X-FW-Dynamic
X-LJ-Flow-ID
X-Hosted-By
X-AWS-Id
X-Akamai-Request-ID
Webcakes-App-Version
Webcakes-Region
TWC-Device-Class
Ec-Rule-Version
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Generated
X-Proxy-Cache-Status
X-Cluster-Node
X-FC-Vary-Parameters
X-CCM
X-BCube-Filmed-By
X-RCS-CacheZone
X-IP
X-Say-Cacheable
Mn-Server-Ip
X-Proxy-Build
X-Site-Version
X-SayCDN-TTL
X-Say-TTL
X-Timing-Wait
X-Varnish-Hits
X-Locale
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Www-Served-By
Selected-Fe
X-Xfnlog-Site
X-App-Server
X-APP-VERSION
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
X-TNCMS
L5d-Success-Class
Cross-Origin-Window-Policy
X-Loop
X-Detected-As
X-R9-Blue-Green-Version
Cache-Name
GEO-INFO
Webserver
Uber-Trace-Id
X-CS
Viewport
Accept-Charset
Time
Srv
VIX-Pulpo-Upstream-Status
X-Akamai-Transformed
VIX-Pulpo-Node
X-Unique-Id
X-Drupal-Cache-Tags
X-NCache
X-From
X-Esi
X-Cache-Remote
X-UA-Device-Type
X-Edge-Location
X-TT-TIMESTAMP
X-Cluster-Name
Cache-Key
X-Drupal-Cache-Contexts
X-Origin-TTL
X-Backend-TTL
X-Origin-CC
X-EC-Lua
X-CDN-Forward
Accept-Language
Country
X-Mode
Mime-Version
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Microcachable
X-B3-Spanid
Ohc-Cache-HIT
Rt-Fastcgi-Cache
Ohc-File-Size
X-Forwarded-Host
X-Info
X-No-Session
X-Geo
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-Magnolia-Registration
X-Whom
X-Proxied
Content-Disposition
X-Zipkin-Id
X-UPSTREAM-Address
X-Routing-Service
X-UnsetCookies
ServedBy
X-Varnish-Cache-Hits
X-PHP-Host
X-Labrador-Cache-Channel
X-PERF
X-ApacheServer
X-Real-IP
Fastly-SSL
Cf-Ipcountry
X-Cache-Time
X-DPWN-IS-SECURE
X-External-Request-Id
X-Aed
AsisCache
BehaviorPad-Version
X-A-Wwc
X-VG-WebCache
X-VG-WebServer
X-A-Dgt
X-Vdms-Version
X-Session-Fingerprint
X-Accel-Expires-Debug
X-Destination
X-Date
X-SRCache-Key
X-D
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Transaction
X-B-Cookie
X-A-Dcw
X-Application
X-Device-Type
X-ARC
X-Trv-Group
X-Twitter-Response-Tags
X-G
X-Rewrite-Enabled
X-App-Version
Machine
X-Rojux
Viewtype
X-S
VivaBuild
MD5-Digest
X-Request-UUID
Rendered-Blocks
X-Region-Sid
Powered-By
Mobile-Detection-Method
T-Server
Meta-Geo-Continent
X-S-Cookie
GEO-REGION-INFO
Content-Style-Type
X-A-Ccd
Content-Script-Type
X-A-Dam
X-Connection-Hash
X-Vtex-Remote-Cache
Xc-Version
X-A
X-GeoIP-Country-Code
Fastcgi-X-Cache-Version
X-Vtex-Processado-Em
X-ScT
X-Geo-Header
X-Via-Fastly
Access-Control-Request-Headers
User-Cache-Control
X-Sigma
X-Tumblr-Pixel-3
X-Sigma-Backend
X-Rocket-Build-Number
IsBot
X-WebServer
W
Gh-Request-Id
Environment
X-VG-TLSProxy
X-VC-Cache
X-Varnish-Authentication
X-Uri
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-SIPLIST1
Server-Surrogate-Control
Server-Cache-Control
X-TrackingId
X-Cache-Backend
X-Logging-Id
X-Cache-Debug
X-CUA
X-C
X-NGENIX-Cache
ServerName
X-GeoIP-City
X-LI-UUID
X-Generated-In
X-Generation-Time
X-Hit
X-Hnp-Log
X-GoCache-CacheStatus
X-Location
X-Owner
Web-Mar-Node
Section-Io-Cache
X-Hash
X-IN-APIGATEWAY
X-RateLimit-Limit-Second
X-Instart-Isnd
X-RateLimit-Remaining-Second
X-Irp-Debug
True-Client-Country-4JS
X-Key
X-Li-Pop
X-Proxy-Upstream
X-Li-Fabric
X-Ms-Request-Id
V-Age
Server-ID
X-LI-Proto
X-IN-APIGATEWAYSSL
We-Hiring
X-Agile-Age
X-Origin-Date
X-Bip
X-Block-Status
X-Origin-Expires
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Backend-State
X-BBXSRF
X-Cache-Bucket
X-Cache-Info
X-Clara-WADP
X-Cms-Context
X-NodeID
X-CGP
X-Cdn-Srv
Request-EU
X-NX-Host
X-Auto-Login
X-Debug-Cache-Store
X-Fastly-Cache
X-Eu-Site
X-Agile-Id
X-Agile
X-Ms-Version
X-Gamma-Serve
X-FW-Version
X-OVcl-Cache
X-AK-Request-ID
X-OVcl
X-Debug-Log
X-Debug-Cookies
X-Dispatcher-Server
X-Distil-CS
X-Epic-Correlation-Id
X-Distributor
X-Gen-Mode
Kp-EeAlive
X-Thanos
X-Wikidot-Static-Cache
X-TH-Server
X-Trace-Id
X-Wikidot-Backend
X-Nginx-Cache-Key
X-TT-LOGID
X-Req
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-SVT-ORM-RULES
X-Sucuri-Cache
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-SVT-ORM-VERSION
X-Varnish-Beresp-Ttl
X-Swa-Ws
Apple-News-Services-Host
X-Urbn-Context-Path
X-Urbn-Site-Id
Wxu-Next-Region
X-Cache-URL
X-Core-Mission
Locid
Wxu-Next-Hostname
Server-Int
Wxu-Next-Commit
RNT-Machine
X-Developers
FNAC-ModuleRouting
X-WADP-Cache
X-VServer
X-User
X-We-Are-Hiring
X-Webstats-RespID
Fastly-Soc-X-Request-Id
Fastly-Backend-Name
X-App-Name
Apple-News-Services-Handled
Cache-Host
Locale
X-Request-URI
Ha-Gx-Prefs
CDCHOST
Cdncip
Country-Code
Memcached
Cdnsip
Mail-Subject
Heartbleed
HA-Ipaddr
Request-Country
IBM-Web2-Location
AKAMAI
RNT-Time
X-Render-Time
X-B3-Parentspanid
Geo-Info
X-Daa-Tunnel
X-Generated-On
Thinkindot-Control
X-Variation
X-Micro-Cache
Is-Eu
X-Internal-Host
Thinkindot-CacheControl
X-Is-Gdpr
Platform
X-JWT-State
X-Level-Front-Cache
X-Reboot
Server-Host
X-Azure-Ref
X-Has-Esi
Thinkindot-CacheControl-Type
Fastly-SWR
X-Up
PFcat
Fastly-SIE
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
Countrycode
X-Service
X-S-Maxage
X-Clientip
X-ServiceProvider
Adler-Geo
X-Old-Content-Length
X-Cache-Tags
X-Core-Value
X-Thinkindot-L3
X-Matched-Rule
X-Platform-Server
X-Trafficlayer-App-Version
X-Rebelmouse-Surrogate-Control
X-TA-CDN-Provider
HitType
X-Response-By
Cache-Hits
X-Lb-Id
X-Refresh
X-Server-W
X-SERVER
X-Servername
X-Fetched-On
X-NC
X-Nc
X-Tb-Optimization-Total-Bytes-Saved
RequestId
X-Server-IP
X-Nginx-Cache
X-B3-SpanId
X-Parent-Response-Time
X-CSRF-TOKEN
Memory
X-Cdn-Forward
X-CF-Powered-By
X-Cdn-Request-ID
ProcessTime
Media-Length
X-Tec-Api-Origin
Filterid
X-Tec-Api-Version
X-Tec-Api-Root
X-TIME
X-Pjax-Url
X-Air-Hostname
X-Wa
Origin
User-Agent
X-CSRF-Token
Geoip-Latitude
Group
Pragrma
X-BACKEND-TTL
X-Var-Ttl
X-Pf-Uncompressing
SRV
X-NGINX-Cache
GeoIp-Country-Code
X-Cache-Expired-At
TTL
X-Unique-ID
X-Ua
X-Correlation-ID
X-AIR-PT
Esi-Enabled
X-Rocket-Nginx-Bypass
X-Sucuri-Id
X-Vcl-Version
Powered-By-ChinaCache
S-Cnection
X-Reqid
X-Sucuri-ID
X-Planisys-CDN-TTL
X-Policy
X-COUNTRY
PICS-Label
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Cache-Ttl
X-Varnish-Cacheable
X-Servedbyhost
X-Request-Start
XServer
HostName
X-Webkit-CSP
X-Azure-Ref-OriginShield
X-Litespeed-Cache
SN
X-HS-Status
Rt-Proxy-Cache
Geoip-City
X-Fastly-Country-Code
X-Via-CDN
Dnion-Transfer-Encoding
X-Via-Ucdn
M-TraceId
X-NWS-UUID-VERIFY
Magicmarker
X-Developer
X-Method
X-FORWARDED-FOR
Load-Balancing
X-LAGOON
X-Device-Os
X-Node-Id
Tcn
X-Cdn-Origin
X-Sn-Servicetimems
Resin-Trace
X-Cache-Grace
X-Ocache
X-ServedByHost
DSUID
Who
On-Server
Ohc-Response-Time
X-Ftr-Cache-Host
X-VHOST
Release
X-MServer
X-VCT
Cdn
A
CF-Cached-On
X-MSEdge-Features
NtCoent-Length
X-Svr
X-MSEdge-Flight
X-Be
X-Request-Host
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Hp-Ccpa-Warning
Cloudfront-Viewer-Country
X-Zone
MIME-Version
Vix-Hermes-Req-Id
X-VCL-Version
Pics-Label
X-APP
X-Bc
X-Beluga-Trace
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Status
Cteonnt-Length
Ttl
X-Cache-Status-Check
X-Ratelimit-Remaining
GeoIP-Country-Code
X-Newrelic-App-Data
Hostname
X-Oracle-Dms-Rid
GeoIP-Latitude
X-Configured-By
X-Fastly-Backend-Reqs
X-Varnish-Url
X-VarnishDD-TTL
X-Varnish-URL
X-SRV
X-DC
X-LiteSpeed-Cache-Control
X-PF-Uncompressing
Host-ID
X-SD-PageType
X-Varnish-Ttl
SD-X-WS
GeoIP-City
X-PJAX-URL
X-WR-MODIFICATION
Processtime
X-Upstream-Ht
X-Upstream-Ct
X-Ftr-Request-Id
X-SN
X-Tid
X-Cache-Id
X-Compress-Hint
X-HostName
X-Via-NSCOPI
X-BE
X-Dynatrace
X-Slack-Backend
X-Ratelimit-Limit
X-Aicache-OS
X-Release
L
X-Dynatrace-Js-Agent
X-Swift-Error
WebServer
X-Action
X-Scheme
X-ID
Requestid
CACHE
LB
Cache-Provider
X-DI
X-DB
X-DSS
X-RSL
X-RPM
X-RPS
X-DW
Amp-Access-Control-Allow-Source-Origin
X-Frame-Option
Servername
CF-IPCountry
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-FPC
Arc-Country
Pramga
X-Cache-FS-Status
X-StackifyID
X-PAYTM-SRV-ID
UCS
X-Processor
Pagetype
X-Fastly-Cache-Hits
X-Branch-Name
X-LB-ID
X-Ftr-Backend
X-Snapshot-Date
X-Ftr-Backend-Server
CDN
Dynatrace
X-Ftr-Realm
X-Server-Time
X-Ftr-Balancer
X-Skip-Cache
X-Ftr-Dc
X-ServerName
X-Dispatch
Lfy
X-CACHE-AGE
Fastly-Drupal-HTML
X-Apw-Access-Action
X-Cc-Via
X-Cc-Req-Id
X-Edge-IP
X-ABtesting
X-Apw-Access-Token
X-Apw-Hits
X-Node-ID
X-Flog
X-Apw-Access-Object
X-ZONE
Proxy-Firewall
V-Cache
X-Varnish-Beresp-TTL
X-Request-Url
X-Hello
X-DevSite-Last-Modified
X-SB
Warning
D-Cc-Upstream
X-ND-Cache
X-VC
NnCoection
X-Fastly-Cache-Status
X-ElasticPress-Search
X-App
X-Litespeed-Cache-Control
Correlation-Id
Backend-Name
Lb
X-BC
X-Worker
X-Request-URL
X-Powered-Y
WZWS-RAY
WP-Super-Cache
X-Check-Cacheable