Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
X-XSS-Protection
CF-Cache-Status
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Xss-Protection
X-DNS-Prefetch-Control
X-Template
X-Language
CF-Ray
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ua-Compatible
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
P3p
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Backend-Server
X-Cloud-Trace-Context
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Cnection
X-Application-Context
X-HW
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
NEL
X-Rack-Cache
X-Country
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
Rating
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Version
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Vcache
X-Cdn-Fetch
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Server-ID
X-Px
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Response
Pagespeed
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
X-Accel-Expires
X-Amz-Rid
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
X-VARITI-CCR
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Public-Key-Pins
X-Fastly-Request-ID
Cache-Tag
X-Trace
Realpath
X-Edge-O15-RID
MS-Author-Via
Nginx-Cache
X-Client-IP
X-Cdn
X-Ser
Access-Control-Request-Method
Nel
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
X-Content-Type
Mrf-Cache-Status
X-Shard
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Id
X-Jurisdiction
X-Hp-Webp
X-Upstream
S
X-Grace
X-Ezoic-Cdn
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-T
X-Hits
Fastcgi-Cache
X-Cache-TTL
DynaTrace
X-Recruiting
X-Aspnet-Version
X-Varnish-Age
X-Element-Page-Cache
X-Node-Name
X-Mobile-URL
X-Content-Digest
ServerID
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
MicrosoftSharePointTeamServices
X-Country-Code-Real
X-FTR-Expires
X-Dw-Request-Base-Id
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
TP-Cache
TP-L2-Cache
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Amzn-RequestId
Fastly-Restarts
X-Correlation-Id
X-Microsite
X-Cache-Hit
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Request-Processing-Time
X-XRDS-Location
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Content-Options
X-FTR-Cache-Host
X-Page-Id
X-Content-Security-Policy-Report-Only
X-F-Cache
Refresh
X-Origin-Server
X-Zen-Fury
X-Akamai-Edgescape
X-Rid
X-XRDS-LOCATION
X-Varnish-Grace
X-Revision
X-Type
X-Content-Powered-By
X-B
X-LB-Cache
PB-PID
PB-RID
Arc-Version
X-Mobile-Rewrite
X-B3-Sampled
X-Geo-Country
X-Az
X-AppVersion
X-Activity-Id
Cache-Status
X-URL
X-Kinsta-Cache
X-N
X-Cache-Action
X-Cache-Age
X-TT
X-AOL-HN
X-Jobs
X-Framework
X-B-Cache
Access-Control-Allow-Method
X-Debug-Info
X-Signature
X-WebKit-CSP-Report-Only
X-Time
X-Instance
X-FB-Debug
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
X-Cached-By
X-Load-Cache
X-Request-Guid
X-PHP-Backend
X-Git-Hash
X-Pad
Fastcgi-Useragent
X-Shield-Request-Id
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amz-Replication-Status
X-RateLimit-Remaining
X-Varnish-Backend
X-NWS-LOG-UUID
X-Webkit-Csp
Host-Header
Surrogate-Key
X-IPLB-Instance
X-ATG-Version
X-WA-Info
Host
X-Contextid
MS-CV
X-ORACLE-APMCS-REQUEST-ID
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
NGB
X-Accel-Buffering
X-Host-Name
X-Response-Served-From
X-SS-Set-Cookie
Payment
X-FastCGI-Cache
Frame-Options
X-Cache-NE
Tracecode
X-Cluster
X-Cache-2
Eomportal-Instance
X-Varnish-Server
X-Origin-Response-Time
Source
Xserver
X-Region
X-FW-Hash
X-FW-Serve
X-FW-Server
Retry-After
X-FW-Type
Filters
X-GeoIP
X-Hostname
WPE-Backend
X-FW-Static
X-Presslabs-Stats
X-Adobe-Loc
X-Varnish-Hostname
X-Cacheable-TTL
X-IPS-LoggedIn
X-Adobe-Content
Cache-Tv-Group
X-Cache-Rule
X-Cache-Operation
X-NewRelic-App-Data
X-Seen-By
X-Cache-Enabled
X-Rendered-As
X-Is-Bot
X-RequestSource
X-Analytics
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Srv
FilterID
X-Cache-Key
X-Webapp-Samesite-None-Activated-N
Server-Info
Liferay-Portal
X-TX-ID
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-ProcessESI
X-App-Server
X-Cache-TTL-Remaining
Cleartype
X-CACHE-KEY
Accept-CH
X-Environment-Context
X-Dc
X-L-Path
X-FireWall-Port
X-B3-Traceid
X-RTag
X-Source
X-Handled-By
Ms-Operation-Id
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
From-Origin
X-Cache-Server
Datacenter
X-UA
X-Backend-Name
X-CLOUD-TRACE-CONTEXT
Accept-Charset
X-UUID
X-APP-VERSION
Accept-CH-Lifetime
Srv
X-Path-Route
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
Meta-Geo
X-Proxy-Build
Selected-Fe
X-Tb
X-Timing-Wait
X-Section
X-Format
OT-Force-Account-Verify
X-Wix-Request-Id
X-Access
Mn-Server-Ip
X-ShopId
X-Alternate-Cache-Key
X-PressLabs-Stats
X-Request-Time
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Akamai-Request-ID
X-Shopify-Stage
X-ShardId
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Tags
X-Cache-Config
X-Content-Age
X-EIG-Tracking-Id
X-ProxyCache-Key
X-Status
X-Soup
X-Vgn-Hpd-Reason
X-VWS-Id
X-Qloud-Router
X-ProxyCache-Status
X-Proxy-Cache-Status
X-Akamai-Transformed
Akamai-GRN
Ec-Rule-Version
X-FC-Vary-Parameters
X-Hl-Ver
X-BYPASS-REASON
X-AWS-Id
X-Akamai-Request-ID2
Node
X-JoinUs
X-LJ-Flow-ID
X-Yottaa-Optimizations
X-SaId
X-Origin
X-OCL
X-ServerID
X-NYM-Debug-Backend
X-PCL
NGX
GEO-INFO
X-Yottaa-Metrics
Version
X-CCM
X-Web-Node
X-Www-Served-By
X-Cluster-Node
Origin-Cache-Control
X-FB-TRIP-ID
X-BCube-Filmed-By
X-Viewer-Country
Cross-Origin-Window-Policy
Healthy
Origin-Edge-Control
Now
Decoy-Debug-TTL
Decoy-Debug-Status
X-TNCMS
DB-Nickname
Decoy-Debug-Key
X-Pubstack
X-Debug-Cache
X-Loop
X-Cache-Control
X-Say-TTL
X-MP-GENERATED-AT
X-Say-Cacheable
X-Storage
X-Hyper-Cache
X-Human
X-SayCDN-TTL
X-Proxy
X-Time-Microsecs
X-Hosted-By
X-FW-Dynamic
TWC-GeoIP-LatLong
Property-Id
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Redis-Cache
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Name
X-Xfnlog-Site
X-Varnish-Hits
X-Generated-By
X-Generated
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-Site-Version
TWC-Privacy
Webcakes-App-Version
X-Origin-Hint
TWC-Locale-Group
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
Azure-InstanceId
X-Locale
X-RateLimit-Limit
Cache
S-Rt
X-NCache
X-Detected-As
X-IP
X-Cache-Host
Cache-Key
X-Rule
X-Whom
X-Drupal-Cache-Tags
X-VCache
X-Unique-Id
L5d-Success-Class
X-UA-Device-Type
X-Daa-Tunnel
Webserver
X-NGENIX-Cache
X-Esi
X-Mode
X-Forwarded-Host
Cache-Name
X-CS
Time
Viewport
Mime-Version
X-UnsetCookies
X-Info
Content-Disposition
Accept-Language
Uber-Trace-Id
X-VHOST
Section-Io-Cache
Rt-Fastcgi-Cache
X-Backend-TTL
X-Origin-TTL
X-Origin-CC
X-PERF
X-ApacheServer
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
Country
ServedBy
X-Cache-Remote
X-CDN-Forward
X-B3-Spanid
Odigeo-Trace-Id
X-EC-Lua
X-From
X-Magnolia-Registration
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Device-Type
X-Cluster-Name
X-Via-Fastly
X-Drupal-Cache-Contexts
X-Uri
X-Microcachable
Proxy-Connection
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-TT-TIMESTAMP
X-Ttl
Filterid
X-Nc
X-Geo
Access-Control-Request-Headers
Ohc-File-Size
HitType
Cf-Ipcountry
Geo-Info
X-Region-Sid
X-G
Rendered-Blocks
X-Geo-Header
X-VG-WebServer
T-Server
Viewtype
X-VG-TLSProxy
VivaBuild
X-Vdms-Version
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Vtex-Processado-Em
X-D
X-Varnish-Beresp-Ttl
X-A-Dam
X-CF-Lambda-Fn
X-Real-IP
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
BehaviorPad-Version
Apple-News-Services-Handled
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
GEO-REGION-INFO
X-Date
Mobile-Detection-Method
X-GeoIP-Country-Code
X-CF-Lambda-Version
W
Meta-Geo-Continent
MD5-Digest
Machine
Xc-Version
X-Connection-Hash
X-Vtex-Remote-Cache
X-VG-WebCache
X-S-Cookie
X-A
X-S
X-A-Ccd
X-Aed
X-DPWN-IS-SECURE
X-Sigma-Backend
X-ScT
X-Sigma
X-Accel-Expires-Debug
X-External-Request-Id
AsisCache
X-A-Wwc
X-Rojux
X-Transaction
X-B-Cookie
X-ARC
X-Request-UUID
X-TA-CDN-Provider
X-A-Dgt
X-Destination
X-A-Dcw
X-Twitter-Response-Tags
X-Application
X-Trv-Group
X-SRCache-Key
X-Rewrite-Enabled
X-Session-Fingerprint
X-Rocket-Build-Number
X-C
Fastly-Soc-X-Request-Id
Fastly-SIE
Fastly-SWR
X-Logging-Id
Ha-Gx-Prefs
CDCHOST
X-SIPLIST1
X-PHP-Host
X-Labrador-Cache-Channel
Countrycode
X-Cache-Time
Environment
X-Clientip
X-Rebelmouse-Cache-Control
X-Agile-Id
X-Agile-Age
X-WebServer
X-Rebelmouse-Surrogate-Control
X-Cache-Debug
X-Bip
X-Developers
X-Distil-CS
X-App-Name
Powered-By
X-CGP
X-Eu-Site
Locid
IsBot
X-CUA
X-Thanos
X-Agile
X-No-Session
X-Hit
X-VC-Cache
HA-Ipaddr
User-Cache-Control
Fastly-SSL
X-GoCache-CacheStatus
AKAMAI
X-Debug-Log
Server-Surrogate-Control
X-Gamma-Serve
X-Cache-ASPX
X-Variation
V-Age
X-Varnish-Authentication
True-Client-Country-4JS
Server-Int
X-Generated-In
Request-EU
Request-Country
Group
X-Cache-Tags
X-Debug-Cookies
RNT-Machine
Server-Cache-Control
X-VServer
RNT-Time
Server-ID
X-Cache-Expired-At
X-Azure-Ref
X-TH-Server
X-Swa-Ws
X-SVT-ORM-VERSION
X-Trace-Id
X-TrackingId
X-Up
X-Air-Hostname
X-Auto-Login
X-SVT-ORM-RULES
X-Backend-State
X-Dispatcher-Server
We-Hiring
X-Request-URI
X-Fetched-On
X-Urbn-Site-Id
X-Servername
X-Distributor
X-Urbn-Context-Path
X-Epic-Correlation-Id
X-GeoIP-City
Platform
X-Cms-Context
X-Wikidot-Static-Cache
X-NodeID
X-Nginx-Cache-Key
X-NX-Host
X-JWT-State
Gh-Request-Id
X-Wikidot-Backend
X-Is-Gdpr
X-Ms-Version
X-Li-Fabric
X-LI-Proto
X-LI-UUID
Adler-Geo
Cache-Host
X-Li-Pop
X-Core-Mission
X-Ms-Request-Id
Country-Code
X-Contensis-Viewer-Groups
X-Origin-Date
Heartbleed
X-Platform-Server
X-Var-Ttl
X-Cdn-Srv
X-Owner
X-Proxy-Upstream
X-Hash
X-Tumblr-Pixel-3
X-RateLimit-Limit-Second
X-Has-Esi
Mail-Subject
X-IN-APIGATEWAY
Kp-EeAlive
X-Origin-Expires
Is-Eu
IBM-Web2-Location
X-Instart-Isnd
Locale
X-OVcl-Cache
X-IN-APIGATEWAYSSL
X-OVcl
X-RateLimit-Remaining-Second
X-UPSTREAM-Address
X-Edge-Location
X-We-Are-Hiring
X-Webstats-RespID
X-WADP-Cache
X-Hnp-Log
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Irp-Debug
Cache-Hits
Fastly-Backend-Name
X-Matched-Rule
X-Micro-Cache
X-Level-Front-Cache
X-NU-AKA-ACS-Version
X-Reboot
X-Generation-Time
X-ServiceProvider
X-Service
X-Thinkindot-L3
X-Trafficlayer-App-Name
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Server-W
X-Fastly-Cache
X-Gen-Mode
X-Generated-On
X-Req
Pragrma
X-FW-Version
X-TT-LOGID
FNAC-ModuleRouting
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
ServerName
Web-Mar-Node
Wxu-Next-Commit
Server-Host
Cdncip
X-Core-Value
Ohc-Cache-HIT
Memcached
Cdnsip
PFcat
Wxu-Next-Hostname
Thinkindot-Control
X-Cache-Info
Wxu-Next-Region
X-Block-Status
X-Cache-URL
X-BBXSRF
X-Clara-WADP
X-AK-Request-ID
X-App-Version
S-Cnection
X-Render-Time
X-S-Maxage
X-Cache-Bucket
X-Old-Content-Length
X-Lb-Id
X-Cache-Backend
X-Nginx-Cache
X-Refresh
X-User
X-SERVER
X-Response-By
RequestId
Powered-By-ChinaCache
X-Internal-Host
X-Wa
X-Key
X-Sucuri-Cache
X-Varnish-Cacheable
X-Parent-Response-Time
X-CSRF-TOKEN
X-Sucuri-ID
X-Ua
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
Origin
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-CF-Powered-By
X-NC
X-Location
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
User-Agent
X-Developer
SRV
X-BACKEND-TTL
X-CSRF-Token
X-Cdn-Forward
X-Correlation-ID
X-Node-Id
X-Cache-Grace
X-Cdn-Origin
ProcessTime
X-Sn-Servicetimems
X-Cache-Status-Check
X-Pf-Uncompressing
X-LAGOON
X-Device-Os
X-B3-Parentspanid
Geoip-City
X-NWS-UUID-VERIFY
Memory
X-Ocache
TTL
X-Via-CDN
Geoip-Latitude
X-NGINX-Cache
PICS-Label
GeoIp-Country-Code
On-Server
Hostname
A
X-Unique-ID
X-Vcl-Version
X-Server-IP
X-COUNTRY
X-MSEdge-Features
X-MSEdge-Flight
X-Request-Host
Cloudfront-Viewer-Country
X-B3-SpanId
M-TraceId
X-Webkit-CSP
X-Servedbyhost
X-Litespeed-Cache
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
Media-Length
X-Cdn-Request-ID
Cdn
X-TIME
XServer
X-Ruxit-Js-Agent
Resin-Trace
SN
X-Varnish-URL
X-HS-Status
Dnion-Transfer-Encoding
Tcn
X-FORWARDED-FOR
Host-ID
X-Via-Ucdn
X-ServedByHost
HostName
CACHE
X-Ratelimit-Remaining
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Beluga-Record
X-Beluga-Node
Who
X-Beluga-Cache-Status
X-Slack-Backend
X-Action
X-Cache-Ttl
X-Sucuri-Id
X-Processor
X-RPS
X-RSL
Arc-Country
X-Server-Time
X-Cache-FS-Status
X-RPM
X-PAYTM-SRV-ID
X-DI
X-DSS
X-DB
Pramga
X-DW
X-Dispatch
X-Fastly-Country-Code
X-AIR-PT
X-Reqid
Esi-Enabled
X-Policy
X-Skip-Cache
X-Planisys-CDN-TTL
Pics-Label
GeoIP-Country-Code
X-Planisys-CDN-Cache
X-ABtesting
X-Planisys-CDN-Rules
X-Hello
X-ND-Cache
X-Flog
CF-Cached-On
X-Edge-Server
GeoIP-City
X-Served-From
Fastly-Drupal-HTML
GeoIP-Latitude
X-Azure-Ref-OriginShield
X-VCL-Version
Cdn-Request-Time
X-Varnish-Url
Cdn-Host
X-VarnishDD-TTL
X-Request-Start
Amp-Access-Control-Allow-Source-Origin
Section-Io-Origin-Time-Seconds
MIME-Version
X-Oracle-Dms-Rid
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
X-LiteSpeed-Cache-Control
X-Zone
Rt-Proxy-Cache
X-DevSite-Last-Modified
X-PF-Uncompressing
NtCoent-Length
Ttl
N-Cache
X-Bc
X-Bc-Bl
X-DC
X-APP
X-Newrelic-App-Data
X-FPC
X-Ratelimit-Limit
X-Fastly-Backend-Reqs
X-HostName
Trailer
Fusion-Deployment-Id
X-Method
X-Adobe-Source
Magicmarker
X-Backend-Host
X-SRV
X-PJAX-URL
WebServer
X-Swift-Error
Cteonnt-Length
X-Amzn-Remapped-Connection
Cache-Cookie-Set-Lfrom
X-Amzn-Remapped-Date
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Dynatrace
Processtime
X-BE
X-Dynatrace-Js-Agent
Servername
X-Fmm-Version
X-WA
FSS-Cache
FSS-Proxy
X-ID
X-Scheme
Cache-Provider
X-BC
X-ZONE
X-Frame-Option
X-WR-MODIFICATION
Dynatrace
X-Fpc
CF-IPCountry
X-Snapshot-Date
X-Svr
X-LB-ID
CDN
X-StackifyID
Ohc-Response-Time
X-Branch-Name
Requestid
X-Be
X-CACHE-AGE
X-Ftr-Cache-Host
Warning
X-Cache-Id
Lfy
D-Cc-Upstream
X-Request-Url
X-VC
X-SB
WZWS-RAY
L
X-Compress-Hint
X-Tid
X-App
X-SN
X-Apw-Access-Action
Vix-Hermes-Req-Id
X-Fastly-Cache-Hits
V-Cache
X-Aicache-OS
X-Esi-Check
X-Cc-Via
X-Cc-Req-Id
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
Load-Balancing
X-Node-ID
X-Litespeed-Cache-Control
Lb
Sid
SID
X-GEO
X-Cache-NGX
X-Gzip
LB
X-Powered-Y
Pagetype
X-Worker
Proxy-Firewall
Backend-Name
Correlation-Id
WP-Super-Cache
X-ElasticPress-Search
X-Fastly-Cache-Status
X-WPE-Loopback-Upstream-Addr
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Request-URL
Cneonction