Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
CF-Ray
X-Server
X-Age
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
P3p
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Styx-Req-Id
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Readtime
X-Backend-Server
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Cache-Lookup
X-Application-Context
X-HW
X-Ruxit-JS-Agent
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-DataDome
NEL
X-Rack-Cache
Rating
X-Country
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-GitHub-Request-Id
X-MS-InvokeApp
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
RTSS
X-Vcache
X-Server-Name
Edge-Cache-Tag
X-D2id
X-Abt-Application-Version
X-Debug
X-Px
AR-Request-ID
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Fastcgi-Cache
Response
X-Middleton-Display
Pagespeed
X-Sol
Display
X-Middleton-Response
X-Vcap-Request-Id
X-MSEdge-Ref
X-Accel-Expires
X-Navigation-Version
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
TCN
X-Server-ID
X-SharePointHealthScore
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-VARITI-CCR
X-Edge-O15-RID
Public-Key-Pins
X-Fastly-Request-ID
X-Trace
Cache-Tag
Realpath
X-Client-IP
X-Cdn
MS-Author-Via
Nginx-Cache
X-Ser
Access-Control-Request-Method
Nel
X-Shard
X-DynaTrace-JS-Agent
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Mrf-Item-Lastmod
MRF-Tech
X-Content-Type
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Ezoic-Cdn
X-Id
S
X-Upstream
X-Grace
X-Hp-Webp
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
X-Jurisdiction
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Cache-TTL
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
MicrosoftSharePointTeamServices
X-Mobile-URL
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Expires
X-FTR-Cache-Status
X-DIS-Request-ID
X-Dw-Request-Base-Id
Server-Node
NR-ENABLED
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
Powered
X-Frontend
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
TP-Cache
TP-L2-Cache
X-Logged-In
Alternate-Protocol
Server-Name
X-CST
X-Amz-Apigw-Id
X-Amzn-RequestId
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Request-Processing-Time
X-Request-Received
X-Correlation-Id
X-Cache-Hit
X-Microsite
X-Request-Handler-Origin-Region
Fastly-Restarts
X-ATS-Timestamp
Backend-Timing
X-XRDS-Location
X-Content-Options
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Origin-Server
X-User-Agent
Refresh
X-Zen-Fury
X-Page-Id
X-Akamai-Edgescape
X-Rid
X-Varnish-Grace
X-Revision
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Type
X-Content-Powered-By
X-LB-Cache
X-B
PB-RID
PB-PID
X-B3-Sampled
X-Mobile-Rewrite
Arc-Version
X-Geo-Country
X-AppVersion
X-Activity-Id
X-Az
Cache-Status
X-URL
X-Kinsta-Cache
X-N
X-Cache-Age
X-TT
X-Cache-Action
X-Instance
X-WebKit-CSP-Report-Only
X-Signature
X-B-Cache
X-AOL-HN
X-Time
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Debug-Info
Paypal-Debug-Id
X-Jobs
X-Framework
Actual-Object-TTL
X-App-Environment
X-FB-Debug
X-Request-Guid
X-Cached-By
X-Shield-Request-Id
X-PHP-Backend
X-Load-Cache
X-Git-Hash
X-Pad
Fastcgi-Useragent
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-RateLimit-Remaining
X-Varnish-Backend
Surrogate-Key
X-Webkit-Csp
Host-Header
X-IPLB-Instance
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-ATG-Version
X-Contextid
MS-CV
X-NWS-LOG-UUID
X-WA-Info
Host
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-SS-Set-Cookie
X-Mobile
X-Via-JSL
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Webapp-Samesite-None-Activated-N
X-Analytics
X-Host-Name
X-Accel-Buffering
NGB
Tracecode
X-Response-Served-From
FilterID
X-Cluster
Payment
Xserver
Frame-Options
X-Cache-NE
X-Origin-Response-Time
X-Varnish-Server
Eomportal-Instance
X-FW-Type
X-FW-Static
X-FW-Hash
Source
WPE-Backend
X-FW-Server
X-Region
X-FW-Serve
X-Cache-2
Cache-Tv-Group
X-IPS-LoggedIn
Filters
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Varnish-Hostname
X-Cache-Enabled
X-Adobe-Loc
X-Cacheable-TTL
X-Hostname
X-Presslabs-Stats
X-Srv
X-Adobe-Content
X-EdgeConnect-Cache-Status
X-RequestSource
Retry-After
X-Cache-Rule
X-Seen-By
X-Is-Bot
X-Rendered-As
X-Cache-Operation
X-NewRelic-App-Data
X-Cache-Key
X-TX-ID
Server-Info
Liferay-Portal
X-RemovedCookies
X-ProcessESI
X-Cache-TTL-Remaining
X-FastCGI-Cache
Cleartype
X-CACHE-KEY
X-App-Server
X-Dc
Accept-CH
X-L-Path
X-Environment-Context
X-RTag
X-B3-Traceid
X-FireWall-Port
Ms-Operation-Id
X-Endurance-Cache-Level
X-Source
X-Upgrade-Enabled
X-Cache-Server
X-Handled-By
X-HTML-Minification-Powered-By
Datacenter
From-Origin
X-UA
X-Backend-Name
Accept-Charset
X-VCache
X-APP-VERSION
Accept-CH-Lifetime
X-UUID
X-Wix-Request-Id
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
X-PressLabs-Stats
X-Path-Route
Srv
X-Tb
X-Access
X-Cache-Control
X-Proxy-Build
OT-Force-Account-Verify
Cache
X-Format
X-Timing-Wait
Selected-Fe
X-Section
Cache-Tags
Azure-Version
Healthy
Azure-SlotName
X-Content-Age
X-EIG-Tracking-Id
X-Status
Azure-SiteName
Mn-Server-Ip
X-Cache-Config
Akamai-GRN
X-PCL
X-Origin
X-OCL
X-Proto
Azure-RegionName
Version
Azure-InstanceId
X-Request-Time
X-NYM-Debug-Backend
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Akamai-Request-ID
X-ShopId
X-FC-Vary-Parameters
X-Alternate-Cache-Key
X-ShardId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-BYPASS-REASON
X-FW-Dynamic
X-Hl-Ver
DB-Nickname
Decoy-Debug-Key
X-Proxy
X-LJ-Flow-ID
X-Proxy-Cache-Status
Decoy-Debug-Status
X-Hyper-Cache
X-Akamai-Request-ID2
X-JoinUs
X-Hosted-By
X-ProxyCache-Status
Origin-Edge-Control
X-VWS-Id
X-ServerID
X-Viewer-Country
X-SaId
X-AWS-Id
X-Soup
X-Vgn-Hpd-Reason
X-Qloud-Router
X-Pubstack
Ec-Rule-Version
X-Time-Microsecs
X-ProxyCache-Key
NGX
Node
Origin-Cache-Control
Now
X-Cluster-Node
Decoy-Debug-TTL
GEO-INFO
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-RateLimit-Limit
Webcakes-Region
TWC-Connection-Speed
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
X-Debug-Cache
TWC-Device-Class
TWC-GeoIP-Country
X-Generated-By
X-Www-Served-By
X-SayCDN-TTL
X-Web-Node
X-Varnish-Hits
X-TNCMS
X-Storage
X-Say-TTL
X-Say-Cacheable
X-Human
Property-Id
X-Loop
X-MP-GENERATED-AT
X-Redis-Cache
X-Origin-Hint
X-FB-TRIP-ID
X-CCM
Cross-Origin-Window-Policy
X-R9-Blue-Green-Version
S-Rt
X-Locale
X-NCache
X-RCS-CacheZone
X-Generated
X-Akamai-Transformed
X-Xfnlog-Site
X-Site-Version
X-Rule
X-Cache-Host
X-IP
X-Detected-As
L5d-Success-Class
X-Unique-Id
Cache-Key
X-Drupal-Cache-Tags
X-CS
Webserver
X-Whom
Cache-Name
Time
X-Esi
Viewport
Uber-Trace-Id
X-UA-Device-Type
X-Mode
X-Forwarded-Host
X-Daa-Tunnel
X-NGENIX-Cache
X-UnsetCookies
Mime-Version
X-VHOST
X-Info
Rt-Fastcgi-Cache
Content-Disposition
X-Origin-CC
X-Backend-TTL
X-Origin-TTL
Country
Accept-Language
X-Varnish-Cache-Hits
X-B3-Spanid
Section-Io-Cache
X-Cache-Remote
X-PERF
X-ApacheServer
X-CDN-Forward
Odigeo-Trace-Id
ServedBy
X-From
X-Newrelic-Synthetics
X-Cluster-Name
X-Magnolia-Registration
X-Zipkin-Id
X-Nc
X-Device-Type
X-Routing-Service
X-Proxied
X-Drupal-Cache-Contexts
VIX-Pulpo-Node
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-Microcachable
VIX-Pulpo-Upstream-Status
X-Geo
X-Uri
Proxy-Connection
X-TT-TIMESTAMP
X-EC-Lua
X-Ttl
Cf-Ipcountry
Ohc-File-Size
Access-Control-Request-Headers
HitType
Fastcgi-X-Cache-Version
Content-Style-Type
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
AsisCache
X-ARC
Rendered-Blocks
X-Application
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Host
GEO-REGION-INFO
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A
T-Server
Machine
VivaBuild
W
X-A-Dgt
MD5-Digest
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Mobile-Detection-Method
X-Varnish-Beresp-Ttl
X-Accel-Expires-Debug
X-A-Wwc
Viewtype
Meta-Geo-Continent
X-Aed
X-External-Request-Id
X-B-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-Sigma
X-Rojux
X-Rocket-Build-Number
X-Region-Sid
Geo-Info
X-Request-UUID
X-Rewrite-Enabled
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-GeoIP-Country-Code
X-S-Cookie
X-Destination
X-Geo-Header
X-Date
X-D
X-Connection-Hash
X-CF-Lambda-Fn
Content-Script-Type
X-DPWN-IS-SECURE
X-G
X-CF-Lambda-Version
X-Edge-Location
X-Real-IP
X-C
X-No-Session
IsBot
X-Agile-Age
HA-Ipaddr
Fastly-SWR
Gh-Request-Id
X-App-Name
Ha-Gx-Prefs
X-Cache-Debug
X-Wikidot-Backend
X-Wikidot-Static-Cache
Countrycode
X-Auto-Login
X-WebServer
X-Bip
Fastly-SIE
Environment
Locid
X-Cache-ASPX
Fastly-Soc-X-Request-Id
X-Clientip
X-Distil-CS
X-Developers
X-Agile
X-CUA
X-Eu-Site
X-Rebelmouse-Surrogate-Control
X-Hit
X-Logging-Id
X-Rebelmouse-Cache-Control
X-Contensis-Viewer-Groups
Server-Surrogate-Control
X-CGP
X-Tumblr-Pixel-3
X-Varnish-Authentication
Powered-By
X-TrackingId
X-SIPLIST1
Server-Cache-Control
X-Thanos
X-VC-Cache
X-Agile-Id
X-Cache-Time
CDCHOST
Ohc-Cache-HIT
Fastly-SSL
X-UPSTREAM-Address
X-GoCache-CacheStatus
Filterid
User-Cache-Control
X-Generated-In
X-Epic-Correlation-Id
X-Gamma-Serve
X-Generation-Time
X-Fetched-On
X-FW-Version
X-Fastly-Cache
X-Has-Esi
X-Instart-Isnd
X-Irp-Debug
X-Is-Gdpr
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Distributor
X-Hash
X-GeoIP-City
X-Debug-Cookies
X-Cache-Info
X-Cache-Tags
X-Cache-URL
X-BBXSRF
X-Backend-State
X-Air-Hostname
X-AK-Request-ID
X-Azure-Ref
X-Cdn-Srv
X-Clara-WADP
X-Debug-Cache-Store
X-JWT-State
X-Debug-Log
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cms-Context
X-Core-Mission
X-Dispatcher-Server
X-LI-Proto
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Request-URI
X-Server-W
X-Servername
X-TT-LOGID
X-Up
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-VServer
X-Variation
X-Urbn-Context-Path
X-Urbn-Site-Id
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Ms-Version
X-Nginx-Cache-Key
X-NodeID
X-Ms-Request-Id
X-Micro-Cache
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-NX-Host
X-Origin-Date
X-PHP-Host
Cdncip
X-Proxy-Upstream
X-Owner
X-OVcl-Cache
X-Origin-Expires
X-OVcl
X-Labrador-Cache-Channel
X-Platform-Server
Server-ID
We-Hiring
Cache-Host
Country-Code
Is-Eu
Locale
AKAMAI
Kp-EeAlive
IBM-Web2-Location
Server-Int
Adler-Geo
Mail-Subject
Cdnsip
True-Client-Country-4JS
RNT-Time
Heartbleed
Request-Country
Request-EU
RNT-Machine
Platform
Memcached
V-Age
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Core-Value
Thinkindot-CacheControl
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Reboot
X-NU-AKA-ACS-Version
X-App-Version
X-Hnp-Log
X-Level-Front-Cache
PFcat
X-Matched-Rule
X-Generated-On
Server-Host
X-Req
X-Gen-Mode
ServerName
X-Render-Time
X-Thinkindot-L3
FNAC-ModuleRouting
Wxu-Next-Hostname
X-Cache-Bucket
Group
X-Block-Status
Fastly-Backend-Name
Wxu-Next-Commit
X-Trafficlayer-App-Version
Wxu-Next-Region
X-Var-Ttl
X-Cache-Expired-At
X-Service
Web-Mar-Node
X-ServiceProvider
X-Cache-Backend
X-Old-Content-Length
S-Cnection
X-Lb-Id
Pragrma
Cache-Hits
X-User
X-S-Maxage
X-TA-CDN-Provider
X-Nginx-Cache
RequestId
X-Response-By
X-SERVER
X-Refresh
X-Internal-Host
X-Key
X-Sucuri-Cache
Powered-By-ChinaCache
X-Ruxit-Js-Agent
X-Wa
X-CSRF-TOKEN
X-Location
X-Sucuri-ID
X-Ua
X-Varnish-Cacheable
X-Parent-Response-Time
X-BACKEND-TTL
X-Cdn-Forward
X-Pjax-Url
Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-CF-Powered-By
X-Correlation-ID
SRV
User-Agent
X-CSRF-Token
ProcessTime
X-B3-Parentspanid
X-Node-Id
TTL
Memory
X-NC
X-Developer
X-Pf-Uncompressing
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-LAGOON
X-Cdn-Origin
X-Cache-Grace
X-Ocache
X-Vcl-Version
X-NWS-UUID-VERIFY
X-Sn-Servicetimems
Geoip-City
X-Via-CDN
X-Device-Os
Geoip-Latitude
X-Unique-ID
X-Cache-Status-Check
X-NGINX-Cache
PICS-Label
GeoIp-Country-Code
On-Server
X-Server-IP
X-B3-SpanId
X-MSEdge-Features
X-MSEdge-Flight
A
X-COUNTRY
Hostname
Cloudfront-Viewer-Country
X-Request-Host
X-Servedbyhost
X-Cdn-Request-ID
X-Webkit-CSP
Media-Length
X-Litespeed-Cache
Cdn
X-Varnish-Ttl
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
X-TIME
XServer
SN
X-Via-Ucdn
Tcn
Resin-Trace
M-TraceId
X-FORWARDED-FOR
X-ServedByHost
X-Sucuri-Id
Host-ID
HostName
X-HS-Status
X-Varnish-URL
X-Ratelimit-Remaining
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Record
Esi-Enabled
X-Beluga-Node
X-Beluga-Response-Time
X-Cache-Ttl
Who
X-AIR-PT
X-Beluga-Cache-Status
X-Reqid
CACHE
X-Fastly-Country-Code
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
CF-Cached-On
X-Planisys-CDN-TTL
X-Slack-Backend
X-Policy
X-Action
X-Azure-Ref-OriginShield
Pics-Label
X-Dispatch
GeoIP-Country-Code
X-DSS
Trailer
X-DI
X-DB
X-PAYTM-SRV-ID
X-DW
X-RPM
Pramga
X-Cache-FS-Status
Arc-Country
X-RSL
X-RPS
X-Processor
X-Request-Start
X-Server-Time
GeoIP-City
X-Flog
X-ND-Cache
X-Varnish-Url
X-Hello
X-VCL-Version
X-Skip-Cache
Rt-Proxy-Cache
X-ABtesting
GeoIP-Latitude
X-VarnishDD-TTL
MIME-Version
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
Fastly-Drupal-HTML
Ttl
X-PF-Uncompressing
Cdn-Host
X-Served-From
X-APP
NtCoent-Length
X-Fastly-Backend-Reqs
Cdn-Request-Time
X-Edge-Server
X-DC
X-FPC
X-DevSite-Last-Modified
N-Cache
X-Zone
Section-Io-Origin-Time-Seconds
X-Ratelimit-Limit
Section-Origin-Responded
X-Method
X-Newrelic-App-Data
Section-Io-Origin-Status
X-Bc-Bl
Section-Io-Id
Magicmarker
X-Bc
X-HostName
X-Swift-Error
X-Backend-Host
Amp-Access-Control-Allow-Source-Origin
WebServer
Cteonnt-Length
X-SRV
X-PJAX-URL
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Ftr-Cache-Host
X-BC
X-ZONE
Processtime
Fusion-Deployment-Id
X-Dynatrace
X-BE
X-Dynatrace-Js-Agent
Servername
X-Adobe-Source
Cache-Cookie-Set-Lfrom
X-Svr
X-Be
Cache-Provider
Ohc-Response-Time
FSS-Proxy
X-WA
X-Fmm-Version
Cache-Cookie-Set-From
FSS-Cache
X-ID
Cache-Cookie-Set-Idcheck
X-WR-MODIFICATION
X-Frame-Option
Lfy
X-LB-ID
X-Snapshot-Date
X-Branch-Name
X-StackifyID
Load-Balancing
CDN
Requestid
X-Aicache-OS
X-Scheme
CF-IPCountry
Dynatrace
Vix-Hermes-Req-Id
X-CACHE-AGE
X-Tid
X-Fpc
WZWS-RAY
X-App
X-Apw-Access-Token
X-Request-Url
V-Cache
X-Apw-Access-Object
X-Apw-Access-Action
Proxy-Firewall
Pagetype
X-Fastly-Cache-Hits
X-Apw-Hits
D-Cc-Upstream
X-Cc-Req-Id
Warning
X-Cc-Via
X-SB
X-VC
X-MServer
X-Litespeed-Cache-Control
DSUID
X-Configured-By
Cneonction
Release
X-Varnish-Beresp-TTL
X-Hp-Ccpa-Warning
X-Compress-Hint
Correlation-Id
X-Check-Cacheable
WP-Super-Cache
X-ElasticPress-Search
X-Powered-Y
X-Worker
X-Fastly-Cache-Status
X-VCT
Backend-Name
X-Request-URL
X-WPE-Loopback-Upstream-Addr