Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-Download-Options
X-AspNet-Version
CF-Ray
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
P3p
Rating
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-DynaTrace
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
Content-MD5
X-ESI
Verso
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-Vcache
X-B3-TraceId
X-Exp-Id
X-GitHub-Request-Id
X-Kinja
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Debug
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
Ar-Sid
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-Navigation-Version
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-MSEdge-Ref
X-Amz-Rid
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Pagespeed
Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-Server-ID
X-SharePointHealthScore
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Version
X-Fastly-Request-ID
MS-Author-Via
Public-Key-Pins
Nginx-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-Trace
X-Client-IP
X-Edge-O15-RID
X-Cdn
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
Mrf-Cache-Status
Nel
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Upstream
X-Grace
X-Shard
X-Jurisdiction
X-Hp-Webp
X-Id
Front-End-Https
X-Cache-TTL
X-Forwarded-For
X-Ezoic-Cdn
S
X-Hits
X-DynaTrace-JS-Agent
X-T
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Varnish-Age
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Mobile-URL
MicrosoftSharePointTeamServices
X-Country-Code-Real
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend-Server
ServerID
X-DIS-Request-ID
Server-Node
NR-ENABLED
TP-L2-Cache
TP-Cache
X-Frontend
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Logged-In
Powered
X-CST
Alternate-Protocol
X-Correlation-Id
Server-Name
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-Restarts
X-Cache-Hit
X-FTR-Cache-Host
X-Microsite
X-Request-Handler-Origin-Region
X-XRDS-Location
Backend-Timing
X-ATS-Timestamp
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-Content-Options
X-Zen-Fury
X-User-Agent
X-Request-Received
X-Request-Processing-Time
Refresh
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Origin-Server
X-Akamai-Edgescape
X-Varnish-Grace
X-Rid
X-XRDS-LOCATION
X-Revision
X-B
X-LB-Cache
PB-PID
X-Mobile-Rewrite
X-Content-Powered-By
PB-RID
Arc-Version
X-Type
X-B3-Sampled
Cache-Status
X-Activity-Id
X-AppVersion
X-Geo-Country
X-Az
X-Kinsta-Cache
X-NWS-LOG-UUID
X-N
X-Cache-Action
X-TT
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Request-Guid
X-Signature
X-Jobs
X-Framework
X-B-Cache
Access-Control-Allow-Method
X-Debug-Info
X-Time
X-Cache-Age
Actual-Object-TTL
X-PHP-Backend
X-Instance
X-FB-Debug
X-Git-Hash
X-App-Environment
Paypal-Debug-Id
X-Cached-By
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Load-Cache
X-Tt-Trace-Host
Fastcgi-Useragent
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-URL
DC
X-Pad
X-Varnish-Backend
X-Shield-Request-Id
Host
Host-Header
X-WA-Info
X-Webkit-Csp
X-ATG-Version
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
Surrogate-Key
MS-CV
X-Via-JSL
X-RateLimit-Remaining
X-Contextid
X-IPLB-Instance
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
Retry-After
Frame-Options
X-Response-Served-From
NGB
X-Accel-Buffering
X-Cache-Key
X-FastCGI-Cache
Liferay-Portal
Payment
X-NewRelic-App-Data
X-Cache-NE
X-Seen-By
Source
X-Hostname
X-Srv
X-Varnish-Server
Eomportal-Instance
Xserver
X-Cache-2
X-Region
X-Origin-Response-Time
X-SS-Set-Cookie
X-Rendered-As
X-FW-Static
WPE-Backend
X-Cacheable-TTL
X-FW-Hash
X-IPS-LoggedIn
X-FW-Serve
Filters
X-GeoIP
Tracecode
X-FW-Type
X-Is-Bot
X-FW-Server
Cache-Tv-Group
X-Adobe-Content
X-Cache-Enabled
X-Cluster
X-Presslabs-Stats
X-Adobe-Loc
X-Varnish-Hostname
X-Cache-Rule
Server-Info
X-RequestSource
X-Tumblr-Pixel-1
X-Cache-Operation
X-Tumblr-Pixel-2
X-App-Server
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
FilterID
X-TX-ID
X-FireWall-Port
Cleartype
X-Environment-Context
X-L-Path
Accept-CH
X-Analytics
X-Handled-By
X-Upgrade-Enabled
X-B3-Traceid
X-RTag
Ms-Operation-Id
X-Source
X-Endurance-Cache-Level
X-Cache-Server
X-CACHE-KEY
Accept-Charset
X-HTML-Minification-Powered-By
From-Origin
X-Backend-Name
X-UA
X-Ttl
X-Dc
Datacenter
X-Webapp-Samesite-None-Activated-N
X-UUID
Srv
Accept-CH-Lifetime
X-Wix-Request-Id
Healthy
X-APP-VERSION
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
X-Daa-Tunnel
X-Cache-Var
Meta-Geo
X-Timing-Wait
X-Tb
X-Proxy-Build
X-Access
OT-Force-Account-Verify
X-Section
Selected-Fe
X-Status
X-Format
X-Request-Time
X-PCL
Mn-Server-Ip
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Akamai-Transformed
X-FC-Vary-Parameters
X-Content-Age
X-OCL
Cache-Tags
X-Cache-Config
X-Proto
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-PressLabs-Stats
X-Sorting-Hat-ShopId
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Yottaa-Optimizations
X-ProxyCache-Status
X-LJ-Flow-ID
X-JoinUs
X-Soup
X-Akamai-Request-ID2
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
GEO-INFO
X-Hl-Ver
X-Human
X-Debug-Cache
X-BYPASS-REASON
X-Yottaa-Metrics
X-Vgn-Hpd-Reason
X-VWS-Id
X-Web-Node
X-Proxy-Cache-Status
Akamai-GRN
X-Qloud-Router
X-SaId
Origin-Cache-Control
Origin-Edge-Control
X-Unique-Id
X-NYM-Debug-Backend
X-ProxyCache-Key
Node
Ec-Rule-Version
X-AWS-Id
X-Origin
Now
X-FB-TRIP-ID
Version
X-CCM
X-Proxy
X-BCube-Filmed-By
Cross-Origin-Window-Policy
NGX
X-Detected-As
X-Redis-Cache
Decoy-Debug-Key
X-Www-Served-By
Decoy-Debug-Status
X-FW-Dynamic
X-Hosted-By
X-TNCMS
X-Time-Microsecs
X-ServerID
X-Whom
X-Pubstack
X-Site-Version
X-Storage
X-Hyper-Cache
Decoy-Debug-TTL
X-MP-GENERATED-AT
X-Generated-By
X-Viewer-Country
X-Locale
X-Generated
X-Loop
DB-Nickname
X-R9-Blue-Green-Version
X-RCS-CacheZone
Azure-Version
Webcakes-App-Version
Webcakes-Region
Azure-RegionName
X-Xfnlog-Site
X-IP
X-Origin-Hint
Azure-InstanceId
Webcakes-App-Name
Azure-SiteName
X-Varnish-Hits
Azure-SlotName
TWC-Privacy
TWC-Connection-Speed
S-Rt
X-Ua-Device
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
Property-Id
X-NCache
X-Amzn-Remapped-Content-Length
X-Cluster-Node
X-UA-Device-Type
Cache-Key
X-Cache-Control
Cache
X-RateLimit-Limit
X-Backend-TTL
X-Cache-Host
X-Drupal-Cache-Tags
Section-Io-Cache
X-NGENIX-Cache
X-Mode
X-Rule
X-Forwarded-Host
Webserver
X-Esi
L5d-Success-Class
X-CDN-Forward
Content-Disposition
Time
X-UnsetCookies
Cache-Name
Mime-Version
X-Varnish-Cache-Hits
X-ApacheServer
Viewport
X-CS
X-PERF
Accept-Language
X-Info
X-Origin-CC
X-Origin-TTL
X-Newrelic-Synthetics
ServedBy
Rt-Fastcgi-Cache
Uber-Trace-Id
Country
X-Cache-Remote
X-B3-Spanid
X-Routing-Service
Odigeo-Trace-Id
X-Proxied
X-Zipkin-Id
X-Device-Type
Filterid
X-Via-Fastly
X-Magnolia-Registration
X-VCache
X-Uri
X-From
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-EC-Lua
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Real-IP
Access-Control-Request-Headers
X-Geo
HitType
Cf-Ipcountry
X-Microcachable
X-TT-TIMESTAMP
Geo-Info
X-Nc
X-D
X-External-Request-Id
Ohc-File-Size
X-Rewrite-Enabled
X-Connection-Hash
X-Varnish-Beresp-Status
X-GeoIP-Country-Code
X-Rocket-Build-Number
X-Request-UUID
X-Rojux
X-S-Cookie
X-ScT
X-Geo-Header
Group
X-Date
T-Server
X-Varnish-Beresp-Ttl
X-S
Viewtype
Rendered-Blocks
Apple-News-Services-Host
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
X-PHP-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Content-Style-Type
BehaviorPad-Version
AsisCache
X-Labrador-Cache-Channel
X-Cache-Time
Meta-Geo-Continent
Mobile-Detection-Method
X-Varnish-Beresp-Grace
MD5-Digest
Machine
X-CF-Lambda-Version
GEO-REGION-INFO
X-CF-Lambda-Fn
X-Region-Sid
Xc-Version
Content-Script-Type
X-Trv-Group
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-Application
X-VG-TLSProxy
X-SRCache-Key
X-ARC
W
X-A
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
X-Aed
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Transaction
X-G
X-Vdms-Version
X-Sigma
X-VG-WebServer
X-Destination
X-Session-Fingerprint
X-B-Cookie
VIX-Pulpo-Upstream-Status
X-Vtex-Processado-Em
VIX-Pulpo-Node
VivaBuild
X-DPWN-IS-SECURE
X-VG-WebCache
X-Sigma-Backend
User-Cache-Control
Cache-Hits
X-C
X-App-Name
Countrycode
Fastly-SWR
Fastly-SIE
X-Agile-Id
X-TrackingId
X-Logging-Id
CDCHOST
X-Agile-Age
Fastly-Soc-X-Request-Id
X-Agile
X-Var-Ttl
Environment
X-Rebelmouse-Cache-Control
X-CUA
X-VC-Cache
X-Bip
X-Hit
X-SIPLIST1
X-Backend-State
X-WebServer
X-Developers
X-CGP
X-Cache-Debug
X-Cache-Expired-At
X-Thanos
Locid
IsBot
HA-Ipaddr
Powered-By
X-Distil-CS
X-Rebelmouse-Surrogate-Control
X-Clientip
X-Eu-Site
Ha-Gx-Prefs
X-GoCache-CacheStatus
X-Ms-Request-Id
V-Age
X-Cdn-Srv
True-Client-Country-4JS
X-Servername
X-Wikidot-Static-Cache
Web-Mar-Node
We-Hiring
X-SVT-ORM-RULES
X-Wikidot-Backend
X-Distributor
X-GeoIP-City
X-Has-Esi
Server-Cache-Control
X-Hash
RNT-Time
Server-ID
Server-Int
X-Request-URI
X-OVcl
Server-Surrogate-Control
X-Epic-Correlation-Id
X-Generated-In
X-Urbn-Context-Path
X-Air-Hostname
X-Up
X-VServer
X-Fetched-On
X-Urbn-Site-Id
X-Auto-Login
X-Varnish-Authentication
X-Variation
X-Block-Status
X-Cache-ASPX
X-Swa-Ws
X-SVT-ORM-VERSION
X-Core-Mission
X-Gen-Mode
X-TH-Server
X-Contensis-Viewer-Groups
X-Cache-Tags
X-Cms-Context
X-Trace-Id
RNT-Machine
X-Debug-Cookies
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-NU-AKA-ACS-Version
Gh-Request-Id
X-NX-Host
Is-Eu
IBM-Web2-Location
Heartbleed
X-LI-UUID
X-NodeID
X-Nginx-Cache-Key
X-Dispatcher-Server
X-Ms-Version
Country-Code
Cache-Host
AKAMAI
X-No-Session
Adler-Geo
Fastly-Backend-Name
X-Origin-Date
Kp-EeAlive
Platform
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Debug-Log
Pragrma
Request-EU
Request-Country
X-RateLimit-Remaining-Second
X-Hnp-Log
X-Is-Gdpr
X-RateLimit-Limit-Second
X-OVcl-Cache
X-Origin-Expires
Locale
X-Owner
Mail-Subject
X-Proxy-Upstream
X-JWT-State
X-Platform-Server
X-Azure-Ref
Ohc-Cache-HIT
X-Edge-Location
S-Cnection
Fastly-SSL
X-ServiceProvider
X-Webstats-RespID
X-Generated-On
X-Gamma-Serve
X-Thinkindot-L3
X-Service
X-Server-W
X-Level-Front-Cache
X-Matched-Rule
X-Reboot
X-Req
X-We-Are-Hiring
X-Generation-Time
X-Trafficlayer-App-Name
X-TT-LOGID
X-Trafficlayer-App-Version
X-Cache-Bucket
X-BBXSRF
X-Tumblr-Pixel-3
Memcached
X-Cache-Info
X-Cache-URL
X-Micro-Cache
X-WADP-Cache
X-Irp-Debug
X-Fastly-Cache
X-Trafficlayer-App-Scope
X-Clara-WADP
X-FW-Version
X-Debug-Cache-Store
X-App-Version
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
PFcat
ServerName
FNAC-ModuleRouting
Cdnsip
Cdncip
Wxu-Next-Commit
Thinkindot-Control
X-AK-Request-ID
X-Debug-Cache-Fetch
Wxu-Next-Region
Wxu-Next-Hostname
X-Debug-Cache-Expiry
X-Core-Value
X-Old-Content-Length
X-Response-By
X-S-Maxage
X-Lb-Id
X-Oss-Storage-Class
X-Nginx-Cache
X-Oss-Object-Type
X-VHOST
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-UPSTREAM-Address
X-Oss-Server-Time
X-Varnish-Cacheable
X-Refresh
X-Wa
X-Node-Id
RequestId
X-SERVER
X-Sucuri-ID
Powered-By-ChinaCache
User-Agent
X-NC
X-Render-Time
X-NWS-UUID-VERIFY
X-Cache-Backend
X-Developer
X-User
X-Cache-Status-Check
X-CSRF-TOKEN
Hostname
X-Parent-Response-Time
X-CF-Powered-By
X-Cache-Grace
X-Cdn-Origin
Origin
X-Sn-Servicetimems
X-Key
X-Tec-Api-Version
X-Device-Os
X-Tec-Api-Origin
X-Pjax-Url
X-Tec-Api-Root
X-LAGOON
X-Internal-Host
X-Sucuri-Cache
X-CSRF-Token
X-Tb-Optimization-Total-Bytes-Saved
X-Ua
SRV
X-Ocache
X-Pf-Uncompressing
On-Server
A
X-Location
Geoip-Latitude
X-Via-CDN
X-Request-Host
Cloudfront-Viewer-Country
X-MSEdge-Flight
Geoip-City
X-TA-CDN-Provider
Memory
X-MSEdge-Features
X-NGINX-Cache
GeoIp-Country-Code
PICS-Label
ProcessTime
X-B3-Parentspanid
X-BACKEND-TTL
TTL
X-Cdn-Forward
X-COUNTRY
X-Vcl-Version
X-Varnish-URL
X-Webkit-CSP
X-Litespeed-Cache
Resin-Trace
M-TraceId
X-Server-IP
X-Servedbyhost
X-Unique-ID
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
X-HS-Status
X-Ratelimit-Remaining
X-TIME
X-B3-SpanId
XServer
Cdn
X-Dynatrace-Js-Agent
SN
X-Cdn-Request-ID
Tcn
Media-Length
X-Slack-Backend
X-Correlation-ID
X-FORWARDED-FOR
Arc-Country
X-Processor
Host-ID
X-PAYTM-SRV-ID
Pramga
X-Server-Time
X-ServedByHost
X-Cache-FS-Status
X-Dispatch
CACHE
X-Fastly-Country-Code
X-ND-Cache
Who
X-Skip-Cache
X-Beluga-Record
X-Beluga-Trace
X-Cache-Ttl
X-Action
X-Beluga-Cache-Status
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Node
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
HostName
X-DC
Cdn-Request-Time
Cdn-Host
X-DW
X-RPS
X-RPM
X-RSL
X-Served-From
X-DB
X-Via-Ucdn
Fastly-Drupal-HTML
X-VCL-Version
X-Edge-Server
X-DI
X-DSS
Fusion-Deployment-Id
GeoIP-Country-Code
Ttl
X-DevSite-Last-Modified
X-Reqid
N-Cache
Pics-Label
X-ABtesting
Amp-Access-Control-Allow-Source-Origin
X-Flog
X-Adobe-Source
Esi-Enabled
X-AIR-PT
GeoIP-City
GeoIP-Latitude
X-Varnish-Url
X-Bc-Bl
X-Hello
X-Oracle-Dms-Rid
NtCoent-Length
X-LiteSpeed-Cache-Control
X-Sucuri-Id
X-Ratelimit-Limit
MIME-Version
X-Planisys-CDN-TTL
X-Policy
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Backend-Host
X-PF-Uncompressing
X-VarnishDD-TTL
CF-Cached-On
X-APP
X-Azure-Ref-OriginShield
Cache-Cookie-Set-From
X-Request-Start
Cache-Cookie-Set-Idcheck
X-FPC
Cache-Cookie-Set-Lfrom
X-HostName
Trailer
X-Ruxit-Js-Agent
X-Fastly-Backend-Reqs
X-Fmm-Version
X-Scheme
Rt-Proxy-Cache
X-Bc
X-Zone
WebServer
X-SRV
X-PJAX-URL
Cteonnt-Length
X-BC
X-ZONE
X-Dynatrace
Processtime
X-Amzn-Remapped-Connection
X-Fpc
X-BE
X-Amzn-Remapped-Date
X-Newrelic-App-Data
Servername
X-Swift-Error
X-ID
X-Cache-Id
X-Method
X-Esi-Check
X-SN
Magicmarker
Cache-Provider
FSS-Cache
X-WA
FSS-Proxy
X-WR-MODIFICATION
X-Frame-Option
X-LB-ID
X-SD-PageType
X-StackifyID
Requestid
X-Snapshot-Date
X-Branch-Name
CF-IPCountry
Dynatrace
CDN
X-Cache-NGX
X-Gzip
SD-X-WS
Lb
Sid
Release
Load-Balancing
X-CACHE-AGE
WZWS-RAY
L
X-Wix-Viewer-Type
X-Configured-By
X-Compress-Hint
X-Instart-Info
X-VCT
Ohc-Response-Time
X-Request-Url
X-VC
X-Fastly-Cache-Hits
V-Cache
X-Aicache-OS
X-Tid
Warning
X-SB
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
X-Litespeed-Cache-Control
X-ECACHE
X-Be
X-ECache
X-Worker
SID
Request-Time
Inserted-Into-Cache-At
X-Svr
LB
Proxy-Firewall
X-Nananana
WP-Super-Cache
X-Check-Cacheable
X-App
Cneonction
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
X-WPE-Loopback-Upstream-Addr
X-Request-URL
X-Powered-Y
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-GEO
X-ElasticPress-Search
X-Apw-Access-Action