Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
CF-Ray
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-Varnish-Cache
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Dns-Prefetch-Control
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Ruxit-JS-Agent
P3p
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
NEL
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-DataDome
Rating
X-Rack-Cache
X-Clacks-Overhead
Edge-Control
X-Country
X-Akam-SW-Version
Pinterest-Generated-By
Allow
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-DynaTrace
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-TtlSet
X-PC
Accept-Ch
X-Vname
X-ESI
Verso
Content-MD5
X-Powered-By-Plesk
Service-Worker-Allowed
Accept-Ch-Lifetime
X-Url
X-Forwarded-Proto
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-GitHub-Request-Id
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-MS-InvokeApp
X-Version
X-B3-TraceId
X-Server-Name
RTSS
X-Vcache
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Px
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-Amz-Server-Side-Encryption
SPRequestGuid
X-NF-Request-ID
X-Cached
Charset
X-Sol
Pagespeed
X-Middleton-Display
X-Middleton-Response
Display
Response
X-Accel-Expires
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
X-Server-ID
Arr-Disable-Session-Affinity
X-Amz-Rid
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Pinterest-Rid
Pinterest-Version
TCN
X-Fastcgi-Cache
X-SharePointHealthScore
X-Edge-O15-RID
X-Powered-CMS
X-Cdn
X-VARITI-CCR
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Public-Key-Pins
Nginx-Cache
Realpath
X-Trace
X-Client-IP
Cache-Tag
MS-Author-Via
X-Fastly-Request-ID
X-Ser
Access-Control-Request-Method
X-Shard
X-DynaTrace-JS-Agent
X-Content-Type
SPRequestDuration
SPIisLatency
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Grace
X-Jurisdiction
X-Amzn-Trace-Id
X-Id
X-Hp-Webp
X-Upstream
S
X-Forwarded-For
X-T
Nel
X-Hits
Front-End-Https
Fastcgi-Cache
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Cache-TTL
ServerID
X-Content-Digest
X-Varnish-Age
X-Element-Page-Cache
X-Node-Name
MicrosoftSharePointTeamServices
X-Mobile-URL
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-Dw-Request-Base-Id
X-Country-Code-Real
X-DIS-Request-ID
NR-ENABLED
Server-Node
Powered
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
TP-Cache
TP-L2-Cache
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Correlation-Id
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
Fastly-Restarts
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-Cache-Hit
X-Content-Options
X-Origin-Server
Refresh
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-Rid
X-Zen-Fury
X-User-Agent
X-F-Cache
X-Akamai-Edgescape
X-Varnish-Grace
X-Page-Id
X-Revision
X-Type
X-Content-Powered-By
X-LB-Cache
X-XRDS-LOCATION
X-B3-Sampled
PB-RID
X-B
PB-PID
X-Webkit-Csp
X-URL
Arc-Version
X-Mobile-Rewrite
X-Geo-Country
X-AppVersion
X-Activity-Id
X-Az
Cache-Status
X-N
X-Kinsta-Cache
X-Cache-Age
X-Cache-Action
X-TT
X-Signature
Paypal-Debug-Id
X-Instance
X-Framework
X-B-Cache
X-Tumblr-Pixel
X-WebKit-CSP-Report-Only
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
Access-Control-Allow-Method
X-AOL-HN
Actual-Object-TTL
X-Jobs
X-Load-Cache
X-Debug-Info
X-Cached-By
X-Request-Guid
X-PHP-Backend
X-Git-Hash
X-FB-Debug
DC
Fastcgi-Useragent
X-Tt-Trace-Host
X-Pad
X-Tt-Trace-Tag
X-Time
X-Shield-Request-Id
X-Amz-Replication-Status
X-Varnish-Backend
X-NWS-LOG-UUID
X-RateLimit-Remaining
Host-Header
Surrogate-Key
X-IPLB-Instance
MS-CV
X-WA-Info
X-ATG-Version
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Host
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
Accept-CH
X-SS-Set-Cookie
X-Via-JSL
X-Mobile
X-FastCGI-Cache
X-Host-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Key
X-Accel-Buffering
X-Response-Served-From
NGB
X-Presslabs-Stats
Payment
X-Analytics
Tracecode
Source
X-FW-Static
X-Region
X-FW-Serve
X-FW-Type
X-FW-Server
X-Cache-2
X-FW-Hash
FilterID
X-Origin-Response-Time
WPE-Backend
X-Cache-NE
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
Filters
Cache-Tv-Group
X-Cluster
X-Varnish-Server
X-Webapp-Samesite-None-Activated-N
Eomportal-Instance
X-GeoIP
X-Cache-Enabled
Retry-After
Frame-Options
X-Srv
X-Cache-Rule
X-B3-Traceid
X-RequestSource
X-Cacheable-TTL
X-Adobe-Loc
X-Varnish-Hostname
X-Adobe-Content
X-Seen-By
X-NewRelic-App-Data
X-Cache-Operation
X-Hostname
Xserver
X-Is-Bot
X-Rendered-As
X-EdgeConnect-Cache-Status
Server-Info
Accept-CH-Lifetime
Liferay-Portal
X-TX-ID
X-RemovedCookies
X-ProcessESI
X-App-Server
X-Cache-TTL-Remaining
Cleartype
X-RTag
X-Environment-Context
X-L-Path
X-Dc
Ms-Operation-Id
X-Source
X-FireWall-Port
X-Handled-By
X-Cache-Server
X-Upgrade-Enabled
From-Origin
X-UA
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-VCache
X-CACHE-KEY
X-Backend-Name
Datacenter
X-APP-VERSION
Accept-Charset
Srv
X-ES-SERVER
X-UUID
X-Cache-Var
GEO-INFO
Meta-Geo
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
Selected-Fe
X-Access
X-Timing-Wait
X-Format
X-Wix-Request-Id
X-Proxy-Build
X-Section
X-NYM-Debug-Backend
X-Tb
X-Proto
X-FC-Vary-Parameters
X-Content-Age
Azure-InstanceId
Azure-SiteName
Azure-RegionName
Azure-Version
Mn-Server-Ip
X-Request-Time
Azure-SlotName
X-Akamai-Request-ID
X-EIG-Tracking-Id
X-ShopId
X-OCL
X-ShardId
X-PCL
X-FW-Dynamic
X-Hyper-Cache
X-Proxy
X-Shopify-Generated-Cart-Token
X-Origin
X-Hl-Ver
X-Alternate-Cache-Key
X-Cache-Config
Node
NGX
Cache-Tags
X-Qloud-Router
X-Vgn-Hpd-Reason
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Soup
X-Goog-Meta-Goog-Reserved-File-Mtime
Akamai-GRN
X-Shopify-Stage
Ec-Rule-Version
X-Cache-Control
Cache
Decoy-Debug-TTL
Decoy-Debug-Status
Now
Origin-Edge-Control
Origin-Cache-Control
Decoy-Debug-Key
X-Web-Node
X-Hosted-By
X-Human
X-Generated-By
X-FB-TRIP-ID
Property-Id
X-NCache
DB-Nickname
TWC-Device-Class
X-Akamai-Request-ID2
X-Cluster-Node
X-Amzn-Remapped-Content-Length
X-AWS-Id
X-Www-Served-By
X-BYPASS-REASON
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
X-PressLabs-Stats
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
X-VWS-Id
X-Origin-Hint
OT-Force-Account-Verify
X-Time-Microsecs
X-JoinUs
X-Redis-Cache
X-Status
X-Proxy-Cache-Status
X-ProxyCache-Key
X-ProxyCache-Status
X-Pubstack
X-Yottaa-Optimizations
X-SaId
X-MP-GENERATED-AT
X-TNCMS
X-ServerID
X-Loop
X-LJ-Flow-ID
X-Yottaa-Metrics
X-SayCDN-TTL
X-RateLimit-Limit
X-R9-Blue-Green-Version
X-BCube-Filmed-By
X-CCM
X-Say-Cacheable
X-Say-TTL
X-Site-Version
X-RCS-CacheZone
S-Rt
X-Locale
X-Debug-Cache
X-Generated
Healthy
Cross-Origin-Window-Policy
X-Viewer-Country
Version
X-Akamai-Transformed
X-Storage
X-IP
X-Varnish-Hits
X-Rule
X-Xfnlog-Site
X-Unique-Id
X-Detected-As
X-Cache-Host
L5d-Success-Class
Cache-Key
X-Esi
Webserver
X-CS
X-Drupal-Cache-Tags
X-Daa-Tunnel
X-NGENIX-Cache
Cache-Name
X-Whom
X-VHOST
Viewport
X-UA-Device-Type
Time
X-Forwarded-Host
Uber-Trace-Id
X-Backend-TTL
X-Mode
X-UnsetCookies
X-Info
X-Origin-CC
X-Origin-TTL
Rt-Fastcgi-Cache
X-CDN-Forward
X-B3-Spanid
Content-Disposition
Mime-Version
X-Varnish-Cache-Hits
Accept-Language
Country
X-PERF
X-ApacheServer
Section-Io-Cache
X-Newrelic-Synthetics
Odigeo-Trace-Id
ServedBy
X-From
X-Magnolia-Registration
X-Cache-Remote
X-CLOUD-TRACE-CONTEXT
X-Device-Type
X-Cluster-Name
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Drupal-Cache-Contexts
X-EC-Lua
X-Ttl
X-Microcachable
X-Via-Fastly
VIX-Pulpo-Upstream-Status
Proxy-Connection
VIX-Pulpo-Node
X-Geo
X-TT-TIMESTAMP
Cf-Ipcountry
X-Nc
X-Uri
HitType
Access-Control-Request-Headers
BehaviorPad-Version
Apple-News-Services-Parsed-Url
GEO-REGION-INFO
Apple-News-Services-Handled
Apple-News-Services-Host
Fastcgi-X-Cache-Version
Content-Style-Type
Content-Script-Type
Apple-News-Services-Request-Url
AsisCache
X-CF-Lambda-Fn
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rocket-Build-Number
X-Rewrite-Enabled
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Sigma
X-Sigma-Backend
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-G
X-External-Request-Id
W
VivaBuild
X-A
X-A-Ccd
X-A-Dam
Viewtype
T-Server
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-A-Dcw
X-A-Dgt
X-D
X-Connection-Hash
X-Date
X-Destination
X-DPWN-IS-SECURE
X-CF-Lambda-Version
X-B-Cookie
X-Accel-Expires-Debug
X-Aed
X-Application
X-ARC
Machine
X-A-Wwc
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Real-IP
X-C
Ohc-File-Size
Environment
X-Distil-CS
X-SIPLIST1
Ha-Gx-Prefs
X-Bip
X-Cache-ASPX
X-Rebelmouse-Surrogate-Control
HA-Ipaddr
Countrycode
X-Contensis-Viewer-Groups
Server-Cache-Control
X-Logging-Id
X-CUA
X-Clientip
X-CGP
X-Rebelmouse-Cache-Control
X-Hit
IsBot
X-Auto-Login
Fastly-SIE
X-Wikidot-Backend
Fastly-SWR
Filterid
X-Agile
X-Wikidot-Static-Cache
Gh-Request-Id
X-Eu-Site
X-Developers
Server-Surrogate-Control
Powered-By
X-VC-Cache
X-TrackingId
Geo-Info
X-App-Name
X-Agile-Id
X-Tumblr-Pixel-3
X-Varnish-Authentication
Fastly-Soc-X-Request-Id
X-Agile-Age
X-Thanos
Fastly-SSL
X-Cache-Time
X-GoCache-CacheStatus
X-Edge-Location
X-UPSTREAM-Address
Server-ID
Server-Int
X-BBXSRF
X-No-Session
X-Cache-Tags
X-Debug-Cache-Expiry
X-Cdn-Srv
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Mission
X-Cache-URL
X-Cache-Debug
X-Is-Gdpr
X-TH-Server
X-Trace-Id
X-TT-LOGID
X-Swa-Ws
X-SVT-ORM-VERSION
X-Servername
X-SVT-ORM-RULES
X-Up
X-VServer
X-Cache-Expired-At
X-Var-Ttl
X-Backend-State
X-Webstats-RespID
X-We-Are-Hiring
X-WebServer
X-Server-W
X-PHP-Host
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-IN-APIGATEWAY
X-Has-Esi
X-FW-Version
X-Generation-Time
X-Irp-Debug
X-JWT-State
X-OVcl
X-OVcl-Cache
X-Origin-Date
X-Nginx-Cache-Key
X-Labrador-Cache-Channel
X-Micro-Cache
X-Fastly-Cache
X-Origin-Expires
Kp-EeAlive
Locid
IBM-Web2-Location
Heartbleed
Ohc-Cache-HIT
CDCHOST
Memcached
AKAMAI
Request-EU
Request-Country
User-Cache-Control
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
Thinkindot-CacheControl
X-Cms-Context
X-Thinkindot-L3
Thinkindot-Control
Locale
Thinkindot-CacheControl-Type
X-Owner
X-Core-Value
X-Clara-WADP
X-Reboot
Mail-Subject
True-Client-Country-4JS
X-Cache-Info
X-Ms-Version
X-Trafficlayer-App-Version
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Country-Code
Is-Eu
X-Generated-On
X-Epic-Correlation-Id
X-Request-URI
X-Service
X-Generated-In
X-Fetched-On
X-Ms-Request-Id
X-Distributor
X-GeoIP-City
X-Debug-Cookies
Server-Host
X-Hash
X-Debug-Log
X-Render-Time
X-Dispatcher-Server
RNT-Time
X-RateLimit-Remaining-Second
X-Cache-Bucket
X-TA-CDN-Provider
Group
X-Li-Pop
X-Li-Fabric
X-Level-Front-Cache
Cache-Hits
Fastly-Backend-Name
X-NU-AKA-ACS-Version
X-LI-Proto
Wxu-Next-Region
X-Proxy-Upstream
X-NX-Host
X-Matched-Rule
We-Hiring
X-LI-UUID
Wxu-Next-Hostname
Wxu-Next-Commit
Platform
X-NodeID
X-Urbn-Site-Id
V-Age
Cdncip
X-Urbn-Context-Path
X-Gamma-Serve
Adler-Geo
Cdnsip
X-Variation
X-Azure-Ref
X-AK-Request-ID
X-WADP-Cache
X-Air-Hostname
Cache-Host
RNT-Machine
X-RateLimit-Limit-Second
ServerName
X-Platform-Server
X-Cache-Backend
X-SERVER
X-User
S-Cnection
PFcat
X-Lb-Id
Web-Mar-Node
Pragrma
X-Hnp-Log
X-Block-Status
X-S-Maxage
X-ServiceProvider
X-Req
FNAC-ModuleRouting
X-Gen-Mode
X-App-Version
X-Refresh
X-Nginx-Cache
X-Internal-Host
X-Old-Content-Length
X-Response-By
X-Key
RequestId
Powered-By-ChinaCache
X-Wa
X-Sucuri-Cache
X-Sucuri-ID
X-CSRF-TOKEN
X-Varnish-Cacheable
X-NC
X-Parent-Response-Time
X-Location
X-Tb-Optimization-Total-Bytes-Saved
Origin
X-Ruxit-Js-Agent
X-Developer
User-Agent
X-Pf-Uncompressing
X-CF-Powered-By
X-BACKEND-TTL
X-Cdn-Forward
X-Pjax-Url
X-Ua
ProcessTime
X-B3-Parentspanid
X-CSRF-Token
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
Memory
X-Oss-Object-Type
X-Oss-Request-Id
X-Sn-Servicetimems
X-Oss-Storage-Class
X-Ocache
X-Cdn-Origin
X-Oss-Server-Time
X-Cache-Grace
X-Node-Id
Geoip-City
X-Device-Os
X-Via-CDN
Geoip-Latitude
SRV
X-Cache-Status-Check
X-NGINX-Cache
TTL
GeoIp-Country-Code
X-LAGOON
PICS-Label
X-Correlation-ID
Hostname
X-Vcl-Version
X-MSEdge-Features
X-MSEdge-Flight
X-Server-IP
X-COUNTRY
A
On-Server
X-Unique-ID
Cloudfront-Viewer-Country
X-TIME
X-Request-Host
X-B3-SpanId
X-Webkit-CSP
XServer
X-Litespeed-Cache
Media-Length
X-Servedbyhost
X-Varnish-Ttl
X-Cdn-Request-ID
M-TraceId
Dnion-Transfer-Encoding
Tcn
X-Rocket-Nginx-Bypass
X-FORWARDED-FOR
Cdn
Host-ID
Resin-Trace
X-Varnish-URL
X-HS-Status
SN
X-Via-Ucdn
X-Ratelimit-Remaining
X-ServedByHost
X-Beluga-Record
X-Beluga-Cache-Status
Who
X-Beluga-Node
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Cache-Ttl
X-Sucuri-Id
HostName
CACHE
Esi-Enabled
X-AIR-PT
X-Fastly-Country-Code
X-Reqid
X-DW
X-RPM
X-DSS
Pramga
X-DI
X-DB
X-PAYTM-SRV-ID
X-Dispatch
X-RPS
X-RSL
Arc-Country
Trailer
X-Processor
X-Server-Time
X-Slack-Backend
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Action
X-Policy
MIME-Version
CF-Cached-On
X-ABtesting
GeoIP-Country-Code
X-Azure-Ref-OriginShield
X-VCL-Version
X-Request-Start
X-Flog
X-Hello
X-Skip-Cache
X-ND-Cache
X-Cache-FS-Status
Pics-Label
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
Ttl
X-Edge-Server
Cdn-Request-Time
Rt-Proxy-Cache
GeoIP-City
GeoIP-Latitude
X-Varnish-Url
X-Served-From
NtCoent-Length
Cdn-Host
X-DC
X-PF-Uncompressing
Fastly-Drupal-HTML
X-DevSite-Last-Modified
X-Ratelimit-Limit
X-Fastly-Backend-Reqs
X-APP
X-VarnishDD-TTL
N-Cache
X-FPC
X-Newrelic-App-Data
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-HostName
X-Swift-Error
Section-Io-Origin-Status
X-Bc-Bl
X-Backend-Host
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Amp-Access-Control-Allow-Source-Origin
X-Zone
X-Bc
X-SRV
X-PJAX-URL
X-Method
Magicmarker
WebServer
X-Fastly-Request-Id
Processtime
Cteonnt-Length
X-Dynatrace
X-BE
Servername
X-Adobe-Source
Fusion-Deployment-Id
X-Dynatrace-Js-Agent
X-ID
Cache-Cookie-Set-Lfrom
FSS-Cache
FSS-Proxy
Cache-Cookie-Set-Idcheck
X-ZONE
Cache-Provider
Cache-Cookie-Set-From
X-WA
X-BC
X-Frame-Option
X-WR-MODIFICATION
Requestid
X-Svr
X-Scheme
X-Fmm-Version
Dynatrace
X-Be
X-Snapshot-Date
CF-IPCountry
X-Branch-Name
CDN
Ohc-Response-Time
X-LB-ID
X-StackifyID
X-Ftr-Cache-Host
X-CACHE-AGE
WZWS-RAY
X-Apw-Access-Action
X-App
Vix-Hermes-Req-Id
X-Apw-Access-Object
X-Apw-Access-Token
X-Tid
X-Fastly-Cache-Hits
X-Apw-Hits
X-Aicache-OS
V-Cache
X-Cc-Via
Lfy
X-VC
Warning
X-Request-Url
D-Cc-Upstream
X-SB
X-Fpc
X-Cc-Req-Id
Load-Balancing
X-Litespeed-Cache-Control
X-Node-ID
DataCenter
X-ElasticPress-Search
Cneonction
X-Compress-Hint
WP-Super-Cache
Correlation-Id
X-Request-URL
X-Fastly-Cache-Status
X-Check-Cacheable
X-Varnish-Beresp-TTL
Pagetype
X-Powered-Y
X-Worker
Backend-Name
Proxy-Firewall
X-WPE-Loopback-Upstream-Addr