Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-OneAgent-JS-Injection
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Ruxit-JS-Agent
X-Dispatcher
X-Readtime
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
P3p
X-DataDome
X-Rack-Cache
X-Dns-Prefetch-Control
X-Country
X-Clacks-Overhead
X-ORACLE-DMS-RID
Rating
Edge-Control
X-Akam-SW-Version
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Pinterest-Generated-By
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-TTL
Content-MD5
Verso
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-ESI
X-Powered-By-Plesk
X-Vcache
X-GitHub-Request-Id
X-Kinja-Build
RTSS
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
X-B3-TraceId
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Debug
AR-ATIME
AR-CACHE
Ar-Sid
X-Amz-Server-Side-Encryption
AR-PoweredBy
AR-Request-ID
SPRequestGuid
X-Cached
Charset
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Navigation-Version
X-NF-Request-ID
X-MSEdge-Ref
X-Middleton-Response
X-Amz-Rid
X-Sol
Display
Response
Pagespeed
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastly-Request-ID
X-SharePointHealthScore
X-VARITI-CCR
Nginx-Cache
MS-Author-Via
X-Cdn
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Pinterest-Rid
Pinterest-Version
X-Trace
X-Powered-CMS
X-Fastcgi-Cache
X-Edge-O15-RID
X-Client-IP
Cache-Tag
X-Ser
Realpath
Access-Control-Request-Method
X-Server-ID
X-Content-Type
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Shard
X-Grace
X-Upstream
X-Hp-Webp
X-Jurisdiction
X-Id
X-Ezoic-Cdn
X-Cache-TTL
X-Forwarded-For
Front-End-Https
X-Hits
Fastcgi-Cache
S
Nel
X-Amz-Meta-S3cmd-Attrs
X-T
X-DynaTrace-JS-Agent
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-FTR-DC
X-FTR-Expires
X-Mobile-URL
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Varnish-Age
X-FTR-Backend
X-Country-Code-Real
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
TP-L2-Cache
TP-Cache
X-HS-Content-Id
X-HS-Combine-CSS
X-Frontend
X-HS-Cache-Config
X-HS-Hub-Id
X-Correlation-Id
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Amzn-RequestId
Fastly-Restarts
X-XRDS-Location
X-Cache-Hit
X-FTR-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Zen-Fury
X-Content-Options
X-Page-Id
X-User-Agent
Refresh
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
X-Akamai-Edgescape
X-Request-Received
X-F-Cache
X-Varnish-Grace
X-Rid
X-Origin-Server
X-LB-Cache
X-B
X-Content-Powered-By
PB-PID
X-Mobile-Rewrite
X-Revision
Arc-Version
PB-RID
X-Type
X-XRDS-LOCATION
X-B3-Sampled
Cache-Status
X-Geo-Country
X-AppVersion
X-Az
X-Activity-Id
X-Kinsta-Cache
X-NWS-LOG-UUID
X-N
X-Cache-Action
X-TT
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Cached-By
X-Jobs
Access-Control-Allow-Method
X-Request-Guid
X-App-Environment
X-Debug-Info
X-B-Cache
X-Signature
X-FB-Debug
X-Framework
X-Instance
X-Time
X-Tumblr-User
X-Tumblr-Pixel-0
Actual-Object-TTL
X-PHP-Backend
X-Git-Hash
X-Tumblr-Pixel
X-Cache-Age
X-URL
X-Load-Cache
X-Tt-Trace-Tag
Paypal-Debug-Id
X-Tt-Trace-Host
X-Amz-Replication-Status
Fastcgi-Useragent
X-Webkit-Csp
X-FastCGI-Cache
X-Pad
X-Varnish-Backend
DC
Host-Header
X-WA-Info
Host
X-ATG-Version
X-RateLimit-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-Shield-Request-Id
X-ORACLE-APMCS-TAG
X-Via-JSL
MS-CV
Surrogate-Key
X-IPLB-Instance
X-Contextid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Mobile
Retry-After
X-Cache-Key
Frame-Options
Liferay-Portal
X-Accel-Buffering
X-Response-Served-From
NGB
X-Seen-By
Payment
X-Hostname
X-B3-Traceid
X-Cache-NE
X-Srv
Source
Eomportal-Instance
X-Varnish-Server
X-Region
X-Origin-Response-Time
X-Cluster
Filters
X-FW-Hash
X-FW-Server
X-SS-Set-Cookie
X-FW-Static
X-GeoIP
X-FW-Type
X-Cache-2
X-Rendered-As
Xserver
X-FW-Serve
X-Is-Bot
WPE-Backend
X-Cache-Enabled
Tracecode
X-NewRelic-App-Data
Server-Info
X-Cacheable-TTL
X-Varnish-Hostname
Cache-Tv-Group
X-Adobe-Content
X-IPS-LoggedIn
X-Adobe-Loc
X-Tumblr-Pixel-2
X-Cache-Rule
X-RequestSource
X-Ttl
X-Tumblr-Pixel-1
X-Cache-Operation
X-App-Server
X-RemovedCookies
X-ProcessESI
FilterID
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-TX-ID
Accept-CH
X-L-Path
X-Environment-Context
X-FireWall-Port
Cleartype
X-Analytics
Accept-Charset
X-Handled-By
X-Upgrade-Enabled
X-Source
X-RTag
Ms-Operation-Id
X-Endurance-Cache-Level
X-Cache-Server
X-Backend-Name
From-Origin
Srv
X-HTML-Minification-Powered-By
X-UA
X-APP-VERSION
Accept-CH-Lifetime
Datacenter
X-UUID
X-Esi
X-CACHE-KEY
X-PressLabs-Stats
X-Wix-Request-Id
Healthy
Meta-Geo
X-RN-RSRV
X-Cache-Var
X-Dc
X-Path-Route
X-Cache-Var-Map
X-Unique-Id
X-ES-SERVER
X-Section
OT-Force-Account-Verify
Selected-Fe
X-Daa-Tunnel
X-Access
X-Status
X-Tb
X-Proxy-Build
X-Timing-Wait
X-Cache-Config
Akamai-GRN
Mn-Server-Ip
X-Akamai-Transformed
X-Alternate-Cache-Key
X-Akamai-Request-ID
X-Request-Time
X-Sorting-Hat-PodId
X-Format
X-PCL
X-OCL
X-Content-Age
X-ShardId
X-Shopify-Stage
X-Ua-Device
X-Shopify-Generated-Cart-Token
X-ShopId
X-Sorting-Hat-ShopId
X-Proto
Cache-Tags
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-Webapp-Samesite-None-Activated-N
X-Viewer-Country
Decoy-Debug-TTL
Decoy-Debug-Status
X-Vgn-Hpd-Reason
X-Origin
X-Akamai-Request-ID2
Ec-Rule-Version
X-Web-Node
Version
Decoy-Debug-Key
X-NYM-Debug-Backend
X-VWS-Id
X-Proxy
X-SayCDN-TTL
X-Human
X-Hyper-Cache
X-JoinUs
X-Hosted-By
X-Hl-Ver
X-Debug-Cache
X-BYPASS-REASON
X-LJ-Flow-ID
X-Proxy-Cache-Status
X-SaId
X-Say-Cacheable
X-Say-TTL
X-Redis-Cache
X-Qloud-Router
X-ProxyCache-Key
X-ProxyCache-Status
Node
X-AWS-Id
X-Whom
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-CCM
X-FB-TRIP-ID
X-Soup
X-BCube-Filmed-By
X-Storage
X-ServerID
X-FW-Dynamic
Origin-Edge-Control
Origin-Cache-Control
X-Time-Microsecs
X-MP-GENERATED-AT
X-Detected-As
Cross-Origin-Window-Policy
X-Generated
X-Www-Served-By
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
Azure-Version
X-Generated-By
Now
X-TNCMS
NGX
DB-Nickname
X-Loop
TWC-Locale-Group
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
Webcakes-Region
Webcakes-App-Name
TWC-Privacy
GEO-INFO
X-Varnish-Hits
Property-Id
X-Pubstack
S-Rt
X-Origin-Hint
X-NCache
X-Xfnlog-Site
X-IP
X-RCS-CacheZone
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
X-Amzn-Remapped-Content-Length
X-Cluster-Node
X-UA-Device-Type
X-Backend-TTL
X-Site-Version
X-Locale
Cache-Key
X-RateLimit-Limit
X-NGENIX-Cache
X-Cache-Control
Section-Io-Cache
X-Cache-Host
X-Drupal-Cache-Tags
X-Mode
X-CDN-Forward
X-Forwarded-Host
Cache
Webserver
X-Rule
Time
X-Info
Content-Disposition
L5d-Success-Class
X-UnsetCookies
Cache-Name
X-PERF
Accept-Language
X-ApacheServer
X-Varnish-Cache-Hits
X-Origin-CC
X-B3-Spanid
X-Origin-TTL
Mime-Version
ServedBy
Viewport
X-Newrelic-Synthetics
Rt-Fastcgi-Cache
X-CS
X-Cache-Remote
Uber-Trace-Id
Country
X-VCache
Odigeo-Trace-Id
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Device-Type
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Uri
X-EC-Lua
X-From
Proxy-Connection
X-Geo
Filterid
X-Real-IP
X-Cluster-Name
Geo-Info
X-Litespeed-Cache
Access-Control-Request-Headers
Cf-Ipcountry
X-Drupal-Cache-Contexts
HitType
X-Microcachable
X-TT-TIMESTAMP
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-PHP-Host
X-Cache-Time
X-Labrador-Cache-Channel
AsisCache
BehaviorPad-Version
MD5-Digest
Meta-Geo-Continent
Machine
Fastcgi-X-Cache-Version
Content-Script-Type
Content-Style-Type
Mobile-Detection-Method
X-A-Dam
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rocket-Build-Number
X-Rewrite-Enabled
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Sigma
X-Sigma-Backend
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-G
X-External-Request-Id
X-A-Ccd
X-A
X-A-Dcw
X-A-Dgt
X-A-Wwc
W
VIX-Pulpo-Upstream-Status
T-Server
Viewtype
VivaBuild
VIX-Pulpo-Node
X-Accel-Expires-Debug
X-Aed
X-D
X-Date
X-Destination
X-DPWN-IS-SECURE
X-Connection-Hash
X-CF-Lambda-Version
X-Application
X-ARC
X-B-Cookie
X-CF-Lambda-Fn
Rendered-Blocks
GEO-REGION-INFO
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Group
Cache-Hits
Ohc-File-Size
X-C
User-Cache-Control
Ha-Gx-Prefs
Fastly-SWR
HA-Ipaddr
X-Distil-CS
Environment
X-Eu-Site
CDCHOST
Countrycode
X-Rebelmouse-Cache-Control
X-TrackingId
IsBot
X-App-Name
X-Developers
X-VC-Cache
X-OVcl
X-Var-Ttl
X-OVcl-Cache
X-SIPLIST1
Powered-By
X-Backend-State
X-Rebelmouse-Surrogate-Control
Locid
X-Clientip
X-CGP
X-Cache-Debug
X-Cache-Expired-At
X-CUA
Fastly-SIE
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Hit
X-Cdn-Srv
Fastly-Soc-X-Request-Id
X-WebServer
X-GoCache-CacheStatus
X-Cache-Bucket
X-LI-Proto
X-NU-AKA-ACS-Version
X-Li-Pop
X-Azure-Ref
X-Bip
X-Servername
X-Li-Fabric
X-Request-URI
X-BBXSRF
X-Block-Status
X-Air-Hostname
X-Thanos
X-TH-Server
X-Nginx-Cache-Key
Web-Mar-Node
We-Hiring
X-Is-Gdpr
X-Nc
X-Logging-Id
X-NX-Host
X-Agile-Id
X-Agile-Age
X-Agile
X-LI-UUID
X-Irp-Debug
X-Distributor
X-Platform-Server
X-GeoIP-City
X-Dispatcher-Server
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Generated-In
X-JWT-State
X-Fastly-Cache
X-Fetched-On
X-Gen-Mode
X-Epic-Correlation-Id
X-Debug-Log
X-Debug-Cookies
X-Clara-WADP
X-Origin-Date
X-Has-Esi
X-Cache-URL
X-Cache-Tags
X-IN-APIGATEWAYSSL
X-Core-Mission
X-Hash
X-Origin-Expires
X-RateLimit-Remaining-Second
X-Hnp-Log
X-IN-APIGATEWAY
X-Cache-Info
V-Age
AKAMAI
X-Varnish-Authentication
X-Auto-Login
Fastly-Backend-Name
Country-Code
X-VServer
X-Urbn-Site-Id
Heartbleed
Mail-Subject
Memcached
X-Urbn-Context-Path
Is-Eu
IBM-Web2-Location
Cache-Host
X-WADP-Cache
Server-Cache-Control
Locale
Server-Surrogate-Control
X-Cms-Context
X-Cache-ASPX
Gh-Request-Id
X-Contensis-Viewer-Groups
X-We-Are-Hiring
Adler-Geo
X-Webstats-RespID
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Platform
Kp-EeAlive
RNT-Time
Pragrma
RNT-Machine
X-Variation
Request-EU
Server-ID
Server-Int
True-Client-Country-4JS
Request-Country
X-Up
X-No-Session
Fastly-SSL
S-Cnection
X-Edge-Location
X-Instart-Isnd
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Debug-Cache-Store
X-Thinkindot-L3
Cdnsip
X-Debug-Cache-Expiry
Cdncip
X-Generation-Time
X-TT-LOGID
PFcat
X-NodeID
X-Micro-Cache
Ohc-Cache-HIT
X-Ms-Request-Id
X-Ms-Version
ServerName
X-Matched-Rule
X-Trafficlayer-App-Scope
X-FW-Version
X-Trafficlayer-App-Version
X-Trace-Id
X-AK-Request-ID
X-Owner
Thinkindot-Control
X-Reboot
X-ServiceProvider
X-NC
FNAC-ModuleRouting
X-Req
X-Tumblr-Pixel-3
Server-Host
X-Core-Value
X-Server-W
X-Swa-Ws
Thinkindot-CacheControl-Type
X-Gamma-Serve
Thinkindot-CacheControl
X-Trafficlayer-App-Name
X-Debug-Cache-Fetch
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Nginx-Cache
X-Oss-Object-Type
X-VHOST
X-Oss-Server-Time
X-Service
X-Response-By
X-App-Version
X-Generated-On
X-Level-Front-Cache
X-Old-Content-Length
X-Varnish-Cacheable
X-Node-Id
X-SERVER
X-UPSTREAM-Address
User-Agent
X-Lb-Id
X-S-Maxage
X-Refresh
RequestId
X-Wa
X-Sucuri-ID
X-Developer
X-Cache-Status-Check
X-CSRF-TOKEN
Powered-By-ChinaCache
X-Render-Time
X-NWS-UUID-VERIFY
Hostname
X-Cache-Backend
X-Parent-Response-Time
X-Cdn-Origin
X-LAGOON
X-Device-Os
X-Tec-Api-Root
X-Sn-Servicetimems
X-Tec-Api-Origin
X-User
X-Tec-Api-Version
X-Cache-Grace
X-CF-Powered-By
X-Internal-Host
X-Key
X-Ocache
Origin
X-Ua
X-Tb-Optimization-Total-Bytes-Saved
A
X-Pf-Uncompressing
X-Sucuri-Cache
X-Pjax-Url
On-Server
X-CSRF-Token
X-Request-Host
X-Location
X-Via-CDN
X-MSEdge-Flight
X-TA-CDN-Provider
Memory
X-MSEdge-Features
SRV
Geoip-Latitude
Cloudfront-Viewer-Country
Geoip-City
PICS-Label
X-NGINX-Cache
ProcessTime
X-COUNTRY
GeoIp-Country-Code
X-B3-Parentspanid
X-Oracle-Dms-Rid
X-Varnish-URL
X-Vcl-Version
Resin-Trace
X-Cdn-Forward
X-BACKEND-TTL
X-Webkit-CSP
X-Servedbyhost
TTL
X-Varnish-Ttl
X-Server-IP
XServer
X-TIME
X-HS-Status
Dnion-Transfer-Encoding
Tcn
X-Rocket-Nginx-Bypass
X-Slack-Backend
X-Dynatrace-Js-Agent
M-TraceId
SN
X-FORWARDED-FOR
X-DC
Arc-Country
Pramga
X-Server-Time
X-Processor
Cdn
X-Cache-FS-Status
X-Dispatch
X-PAYTM-SRV-ID
Host-ID
X-Cdn-Request-ID
X-Unique-ID
X-B3-SpanId
Media-Length
CACHE
X-Ratelimit-Remaining
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Cache-Ttl
X-Beluga-Response-Time
X-Beluga-Trace
X-Action
X-ND-Cache
X-ServedByHost
X-Skip-Cache
X-Beluga-Status
X-VCL-Version
Section-Origin-Responded
HostName
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Edge-Server
Fastly-Drupal-HTML
Cdn-Request-Time
Ttl
Cdn-Host
Fusion-Deployment-Id
X-DSS
X-DI
X-DB
Who
X-RPM
X-DW
X-RSL
X-RPS
X-Fastly-Country-Code
X-Via-Ucdn
X-Correlation-ID
N-Cache
X-Served-From
X-DevSite-Last-Modified
GeoIP-Country-Code
X-ABtesting
X-Flog
X-Bc-Bl
Pics-Label
GeoIP-Latitude
X-Hello
GeoIP-City
X-Reqid
X-Adobe-Source
MIME-Version
NtCoent-Length
X-LiteSpeed-Cache-Control
CF-Cached-On
X-AIR-PT
X-VarnishDD-TTL
X-Varnish-Url
X-Backend-Host
Esi-Enabled
Cache-Cookie-Set-From
X-Planisys-CDN-TTL
X-Bc
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Policy
X-PF-Uncompressing
Cache-Cookie-Set-Lfrom
X-Zone
Cache-Cookie-Set-Idcheck
X-Ratelimit-Limit
X-FPC
X-APP
X-Sucuri-Id
Trailer
X-HostName
X-BE
X-PJAX-URL
X-Fastly-Backend-Reqs
X-Fmm-Version
X-Azure-Ref-OriginShield
X-Request-Start
X-Scheme
X-SRV
WebServer
Cteonnt-Length
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-Fpc
Rt-Proxy-Cache
Processtime
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Newrelic-App-Data
X-Swift-Error
Servername
FSS-Cache
X-Esi-Check
X-SN
Cache-Provider
X-ID
X-WA
Lb
Magicmarker
X-BC
X-Cache-Id
X-ZONE
FSS-Proxy
X-Cache-NGX
X-Frame-Option
X-WR-MODIFICATION
X-Snapshot-Date
X-LB-ID
X-Branch-Name
Requestid
CDN
Load-Balancing
CF-IPCountry
Release
Dynatrace
X-Method
Sid
SD-X-WS
X-SD-PageType
X-Gzip
X-StackifyID
X-CACHE-AGE
X-VCT
X-Wix-Viewer-Type
X-Compress-Hint
X-ECACHE
X-Instart-Info
L
X-Configured-By
WZWS-RAY
X-VC
Warning
D-Cc-Upstream
X-SB
X-Fastly-Cache-Hits
X-Request-Url
X-Cc-Req-Id
V-Cache
X-Tid
X-Cc-Via
X-Aicache-OS
X-Litespeed-Cache-Control
SID
X-Apw-Access-Action
X-Cache-PHP
X-Apw-Access-Object
X-Worker
Request-Time
Ohc-Response-Time
X-Apw-Access-Token
X-Nananana
Proxy-Firewall
WP-Super-Cache
X-Check-Cacheable
X-App
Cneonction
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
X-Request-URL
X-ElasticPress-Search
X-GEO
X-WPE-Loopback-Upstream-Addr
X-Powered-Y
X-Apw-Hits