Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-DataDome
X-Dns-Prefetch-Control
X-Rack-Cache
X-Clacks-Overhead
Rating
Edge-Control
X-Akam-SW-Version
X-Country
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-TTL
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
Accept-Ch
Content-MD5
Verso
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
X-Vcache
X-GitHub-Request-Id
X-Cdn-Fetch
X-Use-Magma
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Id
X-Exp-Variant
RTSS
X-Version
X-B3-TraceId
X-Forwarded-Proto
X-Server-Name
X-MS-InvokeApp
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
X-Amz-Server-Side-Encryption
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Navigation-Version
X-MSEdge-Ref
Pagespeed
Response
Display
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Amz-Rid
X-Server-ID
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-VARITI-CCR
X-SharePointHealthScore
X-Fastly-Request-ID
X-Pinterest-Rid
Nginx-Cache
Pinterest-Version
MS-Author-Via
X-Cdn
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge-O15-RID
X-Trace
X-Fastcgi-Cache
X-Powered-CMS
X-Client-IP
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Shard
X-Upstream
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Id
X-Cache-TTL
X-Ezoic-Cdn
Front-End-Https
X-Hits
Fastcgi-Cache
S
X-Amz-Meta-S3cmd-Attrs
Nel
X-T
X-DynaTrace-JS-Agent
X-Forwarded-For
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Varnish-Age
X-FTR-Expires
X-Country-Code-Real
X-Mobile-URL
X-FTR-Backend
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
TP-Cache
Server-Node
TP-L2-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-Frontend
X-HS-Content-Id
X-HS-Combine-CSS
X-Correlation-Id
X-Goog-Stored-Content-Length
X-Goog-Metageneration
Powered
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-Restarts
X-XRDS-Location
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Zen-Fury
X-Content-Options
X-Page-Id
X-User-Agent
Refresh
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
X-Request-Received
X-F-Cache
X-Akamai-Edgescape
X-Varnish-Grace
X-Origin-Server
X-Rid
X-LB-Cache
X-B
X-Revision
Arc-Version
X-Content-Powered-By
PB-RID
PB-PID
X-Mobile-Rewrite
X-Type
X-XRDS-LOCATION
X-B3-Sampled
X-Geo-Country
Cache-Status
X-URL
X-Activity-Id
X-AppVersion
X-Az
X-Kinsta-Cache
X-NWS-LOG-UUID
X-TT
X-Cache-Action
X-N
X-AOL-HN
X-WebKit-CSP-Report-Only
X-B-Cache
X-Framework
X-Jobs
X-Request-Guid
X-Debug-Info
X-Signature
Access-Control-Allow-Method
X-Cached-By
X-App-Environment
X-Instance
Actual-Object-TTL
X-PHP-Backend
X-Git-Hash
X-FB-Debug
Paypal-Debug-Id
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Age
X-Load-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
Fastcgi-Useragent
X-Time
X-Webkit-Csp
X-FastCGI-Cache
DC
X-Varnish-Backend
X-Pad
Host-Header
X-WA-Info
Host
X-ATG-Version
X-RateLimit-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Shield-Request-Id
X-Via-JSL
MS-CV
X-IPLB-Instance
Surrogate-Key
X-Contextid
X-Erf-Bev-Bev
Accept-CH
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Host-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Key
Retry-After
Frame-Options
Liferay-Portal
NGB
X-Response-Served-From
X-Accel-Buffering
X-Seen-By
X-Presslabs-Stats
Payment
X-Hostname
Source
X-Cache-NE
X-Cache-2
X-Region
X-Varnish-Server
X-Origin-Response-Time
Eomportal-Instance
X-FW-Serve
Filters
X-FW-Server
X-SS-Set-Cookie
X-FW-Type
WPE-Backend
X-FW-Static
Tracecode
X-Cluster
X-Cacheable-TTL
X-Cache-Enabled
X-IPS-LoggedIn
X-Is-Bot
X-Rendered-As
X-GeoIP
X-NewRelic-App-Data
X-FW-Hash
X-Adobe-Content
X-Adobe-Loc
Server-Info
Cache-Tv-Group
X-Varnish-Hostname
X-Tumblr-Pixel-1
X-RequestSource
X-Tumblr-Pixel-2
X-Cache-Rule
X-App-Server
X-Cache-Operation
X-RemovedCookies
X-ProcessESI
FilterID
X-Srv
Accept-CH-Lifetime
X-EdgeConnect-Cache-Status
Xserver
X-Cache-TTL-Remaining
X-TX-ID
X-Environment-Context
X-L-Path
X-FireWall-Port
X-B3-Traceid
Cleartype
X-Upgrade-Enabled
Accept-Charset
X-Handled-By
X-Analytics
Ms-Operation-Id
X-RTag
X-Source
X-UA
X-Ttl
X-Endurance-Cache-Level
From-Origin
X-Cache-Server
X-Backend-Name
Srv
X-HTML-Minification-Powered-By
X-APP-VERSION
X-Esi
X-Dc
Datacenter
X-UUID
X-CACHE-KEY
X-Wix-Request-Id
Healthy
X-ES-SERVER
Meta-Geo
GEO-INFO
X-Unique-Id
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-RN-RSRV
X-Timing-Wait
X-Proxy-Build
X-Access
X-Daa-Tunnel
OT-Force-Account-Verify
X-Section
X-Status
X-Akamai-Transformed
X-Tb
Selected-Fe
X-Format
X-Webapp-Samesite-None-Activated-N
X-Shopify-Stage
X-OCL
Akamai-GRN
X-Sorting-Hat-PodId
X-Ua-Device
Cache-Tags
Mn-Server-Ip
X-FC-Vary-Parameters
X-Shopify-Generated-Cart-Token
X-Cache-Config
X-Alternate-Cache-Key
X-EIG-Tracking-Id
X-Content-Age
X-Akamai-Request-ID
X-Request-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-ShopId
X-Proto
X-ShopId
X-ShardId
X-PCL
X-Hyper-Cache
X-Debug-Cache
X-Akamai-Request-ID2
X-LJ-Flow-ID
X-JoinUs
X-Origin
X-VWS-Id
X-Hl-Ver
X-Hosted-By
X-NYM-Debug-Backend
X-Human
X-BYPASS-REASON
Ec-Rule-Version
X-SaId
Origin-Cache-Control
X-Say-Cacheable
Node
X-Proxy-Cache-Status
X-ProxyCache-Key
Origin-Edge-Control
X-ProxyCache-Status
X-Whom
X-Redis-Cache
X-Soup
X-Proxy
X-Viewer-Country
X-Say-TTL
X-AWS-Id
Decoy-Debug-Key
X-Qloud-Router
X-Yottaa-Metrics
X-Yottaa-Optimizations
Decoy-Debug-Status
Decoy-Debug-TTL
X-SayCDN-TTL
X-Vgn-Hpd-Reason
X-Web-Node
X-CCM
X-Time-Microsecs
X-Site-Version
Azure-RegionName
Azure-SiteName
Version
Azure-SlotName
Azure-InstanceId
X-ServerID
X-Pubstack
X-Storage
X-Www-Served-By
X-TNCMS
Azure-Version
DB-Nickname
X-FW-Dynamic
X-Generated-By
X-Generated
X-FB-TRIP-ID
X-Locale
X-Loop
NGX
Now
X-MP-GENERATED-AT
X-Detected-As
X-BCube-Filmed-By
Cross-Origin-Window-Policy
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
X-RCS-CacheZone
Property-Id
S-Rt
TWC-Locale-Group
Webcakes-App-Name
X-NCache
X-Origin-Hint
X-Varnish-Hits
X-IP
Webcakes-Region
X-R9-Blue-Green-Version
Webcakes-App-Version
TWC-Privacy
X-Xfnlog-Site
X-PressLabs-Stats
X-Cluster-Node
X-Amzn-Remapped-Content-Length
X-UA-Device-Type
Cache-Key
X-Backend-TTL
X-NGENIX-Cache
X-RateLimit-Limit
Section-Io-Cache
X-Cache-Control
X-Cache-Host
X-Forwarded-Host
X-Drupal-Cache-Tags
X-CDN-Forward
X-Mode
Webserver
X-Rule
Cache
Time
Content-Disposition
X-Info
L5d-Success-Class
X-UnsetCookies
Accept-Language
X-ApacheServer
X-PERF
X-Varnish-Cache-Hits
Cache-Name
X-Origin-CC
X-B3-Spanid
X-CS
Rt-Fastcgi-Cache
Viewport
ServedBy
X-Newrelic-Synthetics
X-Origin-TTL
Uber-Trace-Id
Country
X-Cache-Remote
Mime-Version
X-Device-Type
Odigeo-Trace-Id
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-VCache
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Uri
X-Litespeed-Cache
X-From
Proxy-Connection
X-Geo
Filterid
X-EC-Lua
X-Cluster-Name
Access-Control-Request-Headers
X-Real-IP
Cf-Ipcountry
HitType
X-Drupal-Cache-Contexts
X-Microcachable
X-TT-TIMESTAMP
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Meta-Geo-Continent
Mobile-Detection-Method
Apple-News-Services-Handled
X-Cache-Time
X-Labrador-Cache-Channel
X-PHP-Host
Xc-Version
Apple-News-Services-Request-Url
Content-Style-Type
Fastcgi-X-Cache-Version
Machine
Content-Script-Type
MD5-Digest
AsisCache
BehaviorPad-Version
GEO-REGION-INFO
VIX-Pulpo-Node
X-GeoIP-Country-Code
X-Geo-Header
X-Region-Sid
X-Vdms-Version
X-Twitter-Response-Tags
X-G
X-External-Request-Id
X-Connection-Hash
X-D
X-Date
X-DPWN-IS-SECURE
X-Request-UUID
X-Rewrite-Enabled
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Transaction
X-Session-Fingerprint
X-ScT
X-Rocket-Build-Number
X-Rojux
X-S
X-S-Cookie
X-CF-Lambda-Version
X-CF-Lambda-Fn
Viewtype
VivaBuild
X-Trv-Group
VIX-Pulpo-Upstream-Status
X-VG-TLSProxy
X-VG-WebCache
T-Server
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebServer
W
X-A
X-Aed
X-Application
X-ARC
X-B-Cookie
X-Accel-Expires-Debug
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
Rendered-Blocks
X-Destination
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Group
X-Varnish-Beresp-Ttl
Geo-Info
Cache-Hits
User-Cache-Control
X-C
Ohc-File-Size
X-Hit
X-Agile
X-SIPLIST1
Fastly-SWR
X-VC-Cache
X-Eu-Site
X-WebServer
IsBot
X-CUA
X-Agile-Age
X-Var-Ttl
X-Thanos
Environment
Locid
Countrycode
X-Distil-CS
CDCHOST
X-OVcl
X-TrackingId
X-Clientip
X-Backend-State
X-Cache-Debug
X-Cache-Expired-At
X-Cdn-Srv
X-Developers
Powered-By
X-Bip
X-Logging-Id
X-OVcl-Cache
X-App-Name
HA-Ipaddr
X-Agile-Id
X-Wikidot-Static-Cache
X-Wikidot-Backend
Fastly-Soc-X-Request-Id
X-Rebelmouse-Surrogate-Control
Ha-Gx-Prefs
X-Rebelmouse-Cache-Control
X-CGP
Fastly-SIE
X-GoCache-CacheStatus
X-Hnp-Log
X-Instart-Isnd
X-Irp-Debug
X-Li-Fabric
X-Li-Pop
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-GeoIP-City
X-Hash
X-Gen-Mode
X-Generated-In
X-Dispatcher-Server
X-Cache-URL
X-BBXSRF
X-Clara-WADP
X-Cache-Tags
X-Cache-Info
X-Block-Status
X-Cache-Bucket
X-Core-Mission
X-Debug-Cookies
X-Epic-Correlation-Id
X-Fastly-Cache
X-Distributor
X-Azure-Ref
X-Debug-Log
X-LI-Proto
X-Fetched-On
X-RateLimit-Remaining-Second
Server-Cache-Control
Server-Surrogate-Control
X-Auto-Login
X-Cache-ASPX
Locale
Gh-Request-Id
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-Cms-Context
X-Contensis-Viewer-Groups
X-Varnish-Authentication
AKAMAI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Has-Esi
X-Is-Gdpr
X-JWT-State
X-VServer
X-Variation
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-Origin-Date
X-No-Session
X-Nginx-Cache-Key
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-Origin-Expires
X-Owner
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-Up
X-Nc
X-Request-URI
X-Platform-Server
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-LI-UUID
X-Servername
Server-Int
Server-ID
RNT-Time
RNT-Machine
Fastly-Backend-Name
Country-Code
We-Hiring
Cache-Host
V-Age
Request-EU
Request-Country
Kp-EeAlive
Mail-Subject
Memcached
Platform
Pragrma
Heartbleed
IBM-Web2-Location
Is-Eu
Web-Mar-Node
True-Client-Country-4JS
X-Air-Hostname
Adler-Geo
S-Cnection
Fastly-SSL
X-COUNTRY
X-Edge-Location
X-Debug-Cache-Store
X-FW-Version
X-Debug-Cache-Fetch
X-NC
Server-Host
ServerName
X-Req
X-Debug-Cache-Expiry
X-Gamma-Serve
PFcat
X-Matched-Rule
X-Generation-Time
Ohc-Cache-HIT
X-Tumblr-Pixel-3
X-TT-LOGID
X-Service
X-Level-Front-Cache
X-Server-W
X-Reboot
X-AK-Request-ID
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Generated-On
X-Trafficlayer-App-Version
Cdncip
Wxu-Next-Commit
X-Core-Value
Wxu-Next-Hostname
Cdnsip
Thinkindot-Control
FNAC-ModuleRouting
Wxu-Next-Region
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Thinkindot-L3
X-ServiceProvider
X-Oss-Storage-Class
X-VHOST
X-Oss-Object-Type
X-Nginx-Cache
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-App-Version
X-SERVER
X-Response-By
X-Old-Content-Length
X-Varnish-Cacheable
X-UPSTREAM-Address
X-Sucuri-ID
X-Wa
RequestId
User-Agent
X-S-Maxage
X-Refresh
X-Lb-Id
X-Node-Id
X-Render-Time
X-CSRF-TOKEN
Powered-By-ChinaCache
X-Cache-Status-Check
X-Developer
X-Parent-Response-Time
X-Cache-Backend
X-NWS-UUID-VERIFY
Hostname
X-Tec-Api-Origin
X-CF-Powered-By
X-Tec-Api-Root
X-Cdn-Origin
X-Device-Os
X-LAGOON
X-Cache-Grace
X-User
X-Sn-Servicetimems
X-Tec-Api-Version
X-Ocache
X-Internal-Host
Origin
X-Key
X-Tb-Optimization-Total-Bytes-Saved
X-Pf-Uncompressing
On-Server
X-Pjax-Url
X-Sucuri-Cache
A
X-CSRF-Token
Geoip-Latitude
Geoip-City
Cloudfront-Viewer-Country
X-MSEdge-Flight
X-TA-CDN-Provider
Memory
X-Request-Host
X-MSEdge-Features
X-Via-CDN
X-Location
SRV
X-Ua
PICS-Label
GeoIp-Country-Code
X-FORWARDED-FOR
X-NGINX-Cache
ProcessTime
X-B3-Parentspanid
X-TIME
XServer
X-Varnish-URL
X-Servedbyhost
X-Cdn-Forward
X-Vcl-Version
X-Webkit-CSP
Resin-Trace
X-BACKEND-TTL
X-Oneagent-Js-Injection
TTL
X-Server-IP
X-Varnish-Ttl
SN
X-Slack-Backend
X-Rocket-Nginx-Bypass
M-TraceId
Tcn
X-HS-Status
Dnion-Transfer-Encoding
X-Dynatrace-Js-Agent
X-Server-Time
X-Processor
Cdn
Host-ID
X-Cache-FS-Status
X-Dispatch
Pramga
Media-Length
X-Unique-ID
Arc-Country
X-B3-SpanId
X-PAYTM-SRV-ID
X-Cdn-Request-ID
X-Ratelimit-Remaining
CACHE
X-Skip-Cache
X-ServedByHost
X-Beluga-Trace
X-Beluga-Node
X-Beluga-Record
X-Beluga-Cache-Status
X-VCL-Version
X-Fastly-Country-Code
X-Action
X-Beluga-Status
X-Beluga-Response-Time
X-ND-Cache
X-Cache-Ttl
X-DC
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
HostName
Section-Origin-Responded
Section-Io-Id
Fastly-Drupal-HTML
X-DSS
X-DI
X-DB
X-DW
X-RPM
X-RPS
X-RSL
Ttl
Fusion-Deployment-Id
X-Edge-Server
Who
Cdn-Request-Time
Cdn-Host
X-Ruxit-Js-Agent
X-Served-From
X-Correlation-ID
N-Cache
X-Via-Ucdn
MIME-Version
X-DevSite-Last-Modified
X-Adobe-Source
X-Hello
Pics-Label
GeoIP-Country-Code
X-Bc-Bl
X-Reqid
X-Flog
X-SRV
X-ABtesting
X-LiteSpeed-Cache-Control
CF-Cached-On
X-Oracle-Dms-Rid
NtCoent-Length
X-Varnish-Url
X-AIR-PT
X-Backend-Host
Esi-Enabled
X-VarnishDD-TTL
GeoIP-Latitude
GeoIP-City
X-Zone
X-PF-Uncompressing
Cache-Cookie-Set-From
X-Sucuri-Id
X-Policy
X-Planisys-CDN-TTL
X-PJAX-URL
X-APP
X-Bc
X-FPC
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Ratelimit-Limit
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-HostName
Trailer
Cteonnt-Length
X-Azure-Ref-OriginShield
X-Fastly-Backend-Reqs
X-Scheme
WebServer
X-Request-Start
X-Fmm-Version
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Connection
X-Fpc
X-Amzn-Remapped-Date
X-BE
Rt-Proxy-Cache
Processtime
X-Dynatrace
X-Newrelic-App-Data
X-Swift-Error
Servername
X-ZONE
X-LB-ID
X-WA
FSS-Cache
X-Esi-Check
X-SN
X-Cache-Id
Lb
FSS-Proxy
X-BC
X-ID
Magicmarker
Cache-Provider
X-Cache-NGX
X-WR-MODIFICATION
X-Frame-Option
Load-Balancing
CF-IPCountry
SD-X-WS
Requestid
X-StackifyID
Dynatrace
Sid
X-Method
X-Gzip
Release
X-Branch-Name
X-SD-PageType
X-Snapshot-Date
CDN
X-CACHE-AGE
X-VCT
D-Cc-Upstream
L
Warning
X-Wix-Viewer-Type
X-VC
X-ECACHE
X-Configured-By
X-Cc-Via
X-SB
X-Instart-Info
X-Compress-Hint
X-Cc-Req-Id
X-Fastly-Cache-Hits
V-Cache
X-Request-Url
X-Aicache-OS
WZWS-RAY
X-Tid
X-Node-ID
X-Litespeed-Cache-Control
WP-Super-Cache
X-Cache-PHP
SID
Request-Time
X-Apw-Access-Token
X-Worker
X-Nananana
Proxy-Firewall
X-Fastly-Cache-Status
X-Apw-Hits
X-GEO
X-WPE-Loopback-Upstream-Addr
X-Varnish-Beresp-TTL
X-Apw-Access-Action
Cneonction
X-Powered-Y
X-App
X-Apw-Access-Object
Ohc-Response-Time
X-Request-URL
X-Check-Cacheable
X-ElasticPress-Search