Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Xss-Protection
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Server
X-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
P3p
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Device
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-Ruxit-JS-Agent
Fusion-Template-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mod-Pagespeed
NEL
X-DataDome
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
Pinterest-Generated-By
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-DynaTrace
X-Varnish-TTL
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
Accept-Ch
Verso
Content-MD5
X-ESI
Service-Worker-Allowed
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-B3-TraceId
RTSS
Edge-Cache-Tag
X-Vcache
X-Server-Name
X-D2id
X-Debug
X-Abt-Application-Version
X-Px
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Display
Response
Pagespeed
X-Sol
X-Middleton-Display
X-Middleton-Response
X-Accel-Expires
X-Navigation-Version
X-MSEdge-Ref
X-Vcap-Request-Id
X-Amz-Rid
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
TCN
X-Fastcgi-Cache
X-Powered-CMS
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
X-VARITI-CCR
Public-Key-Pins
X-Trace
X-Fastly-Request-ID
Cache-Tag
X-Client-IP
Realpath
Nginx-Cache
X-Edge-O15-RID
MS-Author-Via
X-Ser
Access-Control-Request-Method
X-Server-ID
X-Shard
X-DynaTrace-JS-Agent
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
Mrf-Cache-Status
SPRequestDuration
S
X-Content-Type
SPIisLatency
X-Ezoic-Cdn
X-Upstream
X-Id
X-Grace
X-Hp-Webp
X-Amzn-Trace-Id
X-T
X-Amz-Meta-S3cmd-Attrs
X-Jurisdiction
Nel
Front-End-Https
X-Hits
Fastcgi-Cache
X-Forwarded-For
X-Recruiting
X-Aspnet-Version
DynaTrace
X-Cache-TTL
X-Varnish-Age
ServerID
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Mobile-URL
MicrosoftSharePointTeamServices
X-FTR-Realm
X-FTR-Expires
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-DIS-Request-ID
X-Dw-Request-Base-Id
NR-ENABLED
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Powered
X-GUploader-UploadID
X-Goog-Storage-Class
X-Frontend
TP-Cache
TP-L2-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Request-Handler-Origin-Region
X-Request-Received
X-Microsite
X-Request-Processing-Time
X-ATS-Timestamp
Backend-Timing
X-Cache-Hit
Fastly-Restarts
X-Content-Security-Policy-Report-Only
Refresh
X-F-Cache
X-Content-Options
X-Origin-Server
X-User-Agent
X-Zen-Fury
X-Page-Id
X-Akamai-Edgescape
X-Rid
X-Revision
X-Varnish-Grace
X-Type
X-FTR-Cache-Host
X-Content-Powered-By
X-XRDS-LOCATION
X-LB-Cache
X-B
X-B3-Sampled
X-Geo-Country
PB-RID
PB-PID
X-URL
X-Mobile-Rewrite
X-Activity-Id
X-AppVersion
Arc-Version
X-Az
Cache-Status
X-Kinsta-Cache
X-N
X-Cache-Age
X-Cache-Action
X-Signature
X-WebKit-CSP-Report-Only
X-TT
X-Instance
X-AOL-HN
X-B-Cache
Paypal-Debug-Id
Access-Control-Allow-Method
X-Debug-Info
X-Load-Cache
Actual-Object-TTL
X-FB-Debug
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Framework
X-Jobs
X-Shield-Request-Id
X-Request-Guid
X-Cached-By
X-PHP-Backend
X-Pad
X-Git-Hash
X-App-Environment
DC
Fastcgi-Useragent
X-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Webkit-Csp
X-RateLimit-Remaining
X-Amz-Replication-Status
X-Varnish-Backend
Surrogate-Key
Host-Header
X-IPLB-Instance
X-Contextid
MS-CV
X-Erf-Bev-Bev-Is-Generated
X-ATG-Version
X-Erf-Bev-Bev
X-WA-Info
X-NWS-LOG-UUID
X-Webapp-Samesite-None-Activated-N
Host
X-SS-Set-Cookie
X-Analytics
X-FastCGI-Cache
Accept-CH
X-Cache-Key
X-Mobile
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Accel-Buffering
X-Response-Served-From
Tracecode
NGB
X-Host-Name
X-Kong-Upstream-Latency
Payment
X-Kong-Proxy-Latency
X-Cluster
X-Cache-NE
X-Cache-2
WPE-Backend
X-FW-Static
X-B3-Traceid
Source
FilterID
X-Region
X-FW-Hash
X-FW-Type
X-FW-Serve
X-Origin-Response-Time
X-FW-Server
Frame-Options
X-Varnish-Server
X-Tumblr-Pixel-2
X-IPS-LoggedIn
Cache-Tv-Group
X-Tumblr-Pixel-1
Eomportal-Instance
X-Varnish-Hostname
Xserver
X-Adobe-Loc
X-Adobe-Content
X-Cacheable-TTL
X-GeoIP
Filters
X-Cache-Enabled
X-Cache-Operation
X-Cache-Rule
X-Hostname
X-Is-Bot
X-EdgeConnect-Cache-Status
Retry-After
X-Rendered-As
X-Seen-By
X-RequestSource
X-TX-ID
X-Presslabs-Stats
X-NewRelic-App-Data
Accept-CH-Lifetime
Server-Info
X-Srv
X-RemovedCookies
X-ProcessESI
Liferay-Portal
X-Cache-TTL-Remaining
Cleartype
X-App-Server
X-L-Path
Ms-Operation-Id
X-RTag
X-Environment-Context
X-FireWall-Port
X-Source
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Dc
X-Handled-By
X-Upgrade-Enabled
Datacenter
From-Origin
X-Cache-Server
X-CACHE-KEY
X-UA
X-VCache
X-APP-VERSION
X-Backend-Name
X-Esi
X-PressLabs-Stats
Srv
Accept-Charset
Cache
X-ES-SERVER
X-Cache-Var
X-Cache-Control
X-RN-RSRV
X-Wix-Request-Id
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-Format
X-Section
OT-Force-Account-Verify
X-UUID
X-Access
X-Tb
Azure-SiteName
Azure-RegionName
Akamai-GRN
Azure-SlotName
Azure-InstanceId
Cache-Tags
X-Akamai-Request-ID
X-Status
X-Cache-Config
Selected-Fe
Azure-Version
Version
X-OCL
X-Proxy-Build
X-Request-Time
X-Origin
X-PCL
X-Timing-Wait
X-Content-Age
X-Proto
Healthy
X-NYM-Debug-Backend
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-ServerID
X-Web-Node
X-SayCDN-TTL
X-ShopId
X-VWS-Id
X-ProxyCache-Key
Node
NGX
Mn-Server-Ip
X-Proxy-Cache-Status
X-Say-TTL
X-Say-Cacheable
X-Viewer-Country
Decoy-Debug-TTL
X-Qloud-Router
Decoy-Debug-Status
X-Pubstack
DB-Nickname
X-Redis-Cache
X-SaId
X-ProxyCache-Status
Decoy-Debug-Key
X-Time-Microsecs
X-Shopify-Generated-Cart-Token
X-Human
X-Hyper-Cache
X-JoinUs
X-Shopify-Stage
X-Hosted-By
X-Hl-Ver
X-Debug-Cache
X-EIG-Tracking-Id
X-FW-Dynamic
X-Cluster-Node
X-Sorting-Hat-PodId
X-LJ-Flow-ID
X-Soup
X-Proxy
X-Vgn-Hpd-Reason
Origin-Edge-Control
Origin-Cache-Control
X-Akamai-Request-ID2
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-ShopId
X-BYPASS-REASON
X-AWS-Id
Now
Ec-Rule-Version
X-RateLimit-Limit
X-BCube-Filmed-By
Cross-Origin-Window-Policy
X-MP-GENERATED-AT
X-Generated
X-Loop
X-Generated-By
X-Site-Version
X-Amzn-Remapped-Content-Length
X-CCM
X-Varnish-Hits
X-TNCMS
X-Storage
S-Rt
X-Rule
Property-Id
TWC-GeoIP-Country
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Connection-Speed
X-Akamai-Transformed
X-RCS-CacheZone
X-R9-Blue-Green-Version
GEO-INFO
X-Locale
X-Origin-Hint
Webcakes-Region
X-NCache
X-Xfnlog-Site
X-Www-Served-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-IP
X-FB-TRIP-ID
X-Detected-As
X-Unique-Id
X-Cache-Host
L5d-Success-Class
X-Drupal-Cache-Tags
X-CS
Cache-Key
Webserver
Uber-Trace-Id
Time
Viewport
X-UA-Device-Type
Cache-Name
X-Whom
X-Forwarded-Host
X-Mode
X-Backend-TTL
X-CDN-Forward
X-Daa-Tunnel
X-Origin-TTL
X-NGENIX-Cache
X-Origin-CC
X-UnsetCookies
X-Info
Rt-Fastcgi-Cache
Accept-Language
Content-Disposition
Mime-Version
X-B3-Spanid
Country
X-Varnish-Cache-Hits
X-Cache-Remote
X-PERF
X-From
X-ApacheServer
Odigeo-Trace-Id
ServedBy
X-CLOUD-TRACE-CONTEXT
X-Cluster-Name
X-Newrelic-Synthetics
X-Magnolia-Registration
X-Drupal-Cache-Contexts
Section-Io-Cache
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Microcachable
X-Geo
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Via-Fastly
X-Device-Type
X-Ttl
X-TT-TIMESTAMP
X-Uri
X-EC-Lua
Proxy-Connection
Cf-Ipcountry
Ohc-File-Size
Geo-Info
X-Nc
HitType
X-G
Apple-News-Services-Request-Url
X-ARC
X-Application
T-Server
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-A-Ccd
X-CF-Lambda-Version
X-Vtex-Remote-Cache
X-Twitter-Response-Tags
X-CF-Lambda-Fn
Rendered-Blocks
Mobile-Detection-Method
Xc-Version
X-Geo-Header
X-Connection-Hash
X-B-Cookie
X-GeoIP-Country-Code
Meta-Geo-Continent
MD5-Digest
X-Rewrite-Enabled
Fastcgi-X-Cache-Version
X-Date
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Accel-Expires-Debug
VivaBuild
X-Aed
W
X-VG-WebServer
X-VG-WebCache
X-A
X-Destination
X-Vdms-Version
X-VG-TLSProxy
X-A-Dam
GEO-REGION-INFO
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-SRCache-Key
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rocket-Build-Number
X-Request-UUID
X-Region-Sid
BehaviorPad-Version
Machine
X-External-Request-Id
Content-Script-Type
X-Session-Fingerprint
X-Sigma
X-Sigma-Backend
AsisCache
Viewtype
Content-Style-Type
X-DPWN-IS-SECURE
X-D
Access-Control-Request-Headers
X-Varnish-Beresp-Ttl
X-No-Session
User-Cache-Control
X-Varnish-Beresp-Status
Ohc-Cache-HIT
X-Edge-Location
Filterid
X-UPSTREAM-Address
X-Varnish-Beresp-Grace
X-C
X-Agile
Locid
X-Eu-Site
CDCHOST
X-VC-Cache
Countrycode
X-Agile-Age
X-App-Name
Server-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Agile-Id
HA-Ipaddr
X-SIPLIST1
Fastly-SIE
X-Thanos
Fastly-Soc-X-Request-Id
Fastly-SWR
X-Developers
X-Tumblr-Pixel-3
IsBot
X-Distil-CS
Environment
Ha-Gx-Prefs
X-Contensis-Viewer-Groups
Gh-Request-Id
X-TrackingId
X-WebServer
X-Wikidot-Backend
Server-Cache-Control
X-Clientip
X-Wikidot-Static-Cache
X-Bip
X-Hit
X-CGP
X-Cache-ASPX
X-Auto-Login
X-Logging-Id
X-Varnish-Authentication
X-Cache-Debug
Powered-By
X-Real-IP
X-GoCache-CacheStatus
X-Cache-Backend
Fastly-SSL
X-Air-Hostname
X-Cache-Time
X-Azure-Ref
X-Debug-Cache-Expiry
X-Cache-URL
X-Cache-Info
X-AK-Request-ID
X-Cache-Tags
X-Cache-Bucket
X-Backend-State
X-CUA
X-Clara-WADP
X-Debug-Cache-Fetch
X-Block-Status
X-Core-Mission
X-Cms-Context
X-Cdn-Srv
X-Irp-Debug
X-OVcl-Cache
X-OVcl
X-We-Are-Hiring
X-Owner
X-Platform-Server
X-PHP-Host
X-Origin-Expires
X-Origin-Date
X-Nginx-Cache-Key
X-Urbn-Site-Id
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-WADP-Cache
X-Proxy-Upstream
X-TH-Server
X-Swa-Ws
X-Trace-Id
X-VServer
X-Up
X-TT-LOGID
X-SVT-ORM-VERSION
X-Urbn-Context-Path
X-Request-URI
X-Render-Time
X-Server-W
X-Servername
X-SVT-ORM-RULES
X-Ms-Version
X-Ms-Request-Id
X-Gen-Mode
X-Gamma-Serve
X-Generated-In
X-Generation-Time
X-Has-Esi
X-GeoIP-City
X-FW-Version
X-Fastly-Cache
X-Debug-Log
X-Debug-Cookies
X-Dispatcher-Server
X-Distributor
X-Epic-Correlation-Id
X-Hash
X-Hnp-Log
X-Variation
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Micro-Cache
X-Li-Fabric
X-Labrador-Cache-Channel
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Instart-Isnd
X-Is-Gdpr
X-JWT-State
X-Debug-Cache-Store
Platform
RNT-Time
Memcached
Mail-Subject
Server-Int
Locale
AKAMAI
RNT-Machine
Adler-Geo
Cache-Host
Request-Country
Request-EU
Kp-EeAlive
Server-ID
We-Hiring
Heartbleed
Web-Mar-Node
V-Age
IBM-Web2-Location
Cdnsip
Is-Eu
Cdncip
True-Client-Country-4JS
Country-Code
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-RateLimit-Remaining-Second
PFcat
X-RateLimit-Limit-Second
X-Matched-Rule
X-Reboot
X-Core-Value
X-Fetched-On
X-Old-Content-Length
FNAC-ModuleRouting
Group
X-Generated-On
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-User
Thinkindot-Control
X-Webstats-RespID
X-Cache-Expired-At
ServerName
Server-Host
X-Trafficlayer-App-Version
X-ServiceProvider
X-Service
Fastly-Backend-Name
X-Req
X-Level-Front-Cache
X-Thinkindot-L3
X-BBXSRF
X-Nginx-Cache
X-Internal-Host
X-S-Maxage
X-Var-Ttl
Wxu-Next-Commit
Wxu-Next-Hostname
Pragrma
Cache-Hits
X-SERVER
Wxu-Next-Region
X-App-Version
S-Cnection
X-Refresh
X-Sucuri-Cache
X-Response-By
X-Lb-Id
X-Key
X-VHOST
RequestId
X-Location
Powered-By-ChinaCache
X-Ruxit-Js-Agent
X-CF-Powered-By
X-CSRF-TOKEN
X-Tb-Optimization-Total-Bytes-Saved
X-Ua
X-Tec-Api-Version
X-Tec-Api-Root
X-TA-CDN-Provider
X-Tec-Api-Origin
X-Parent-Response-Time
X-NC
X-Wa
X-Sucuri-ID
ProcessTime
Origin
X-Varnish-Cacheable
X-Cdn-Forward
X-B3-Parentspanid
Memory
User-Agent
X-Pf-Uncompressing
X-Via-CDN
X-Pjax-Url
X-BACKEND-TTL
X-CSRF-Token
X-Developer
SRV
X-Ocache
X-Server-IP
Geoip-Latitude
X-NWS-UUID-VERIFY
Geoip-City
X-Cdn-Origin
X-LAGOON
TTL
X-Cache-Grace
X-Correlation-ID
PICS-Label
X-Sn-Servicetimems
X-Node-Id
X-B3-SpanId
X-FORWARDED-FOR
X-COUNTRY
GeoIp-Country-Code
X-Device-Os
X-Cache-Status-Check
X-NGINX-Cache
X-Vcl-Version
On-Server
Hostname
X-Unique-ID
X-TIME
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-MSEdge-Features
X-Request-Host
X-MSEdge-Flight
A
X-Servedbyhost
Media-Length
X-Litespeed-Cache
X-Webkit-CSP
X-Cdn-Request-ID
Cloudfront-Viewer-Country
X-Rocket-Nginx-Bypass
SN
Dnion-Transfer-Encoding
X-Varnish-Ttl
XServer
Tcn
X-Via-Ucdn
M-TraceId
Resin-Trace
X-Sucuri-Id
X-Varnish-URL
Host-ID
Cdn
X-HS-Status
X-Ratelimit-Remaining
X-Beluga-Status
X-Beluga-Cache-Status
X-AIR-PT
Esi-Enabled
X-ServedByHost
X-Beluga-Trace
Who
X-Reqid
X-Beluga-Node
X-Beluga-Record
X-Cache-Ttl
X-Beluga-Response-Time
HostName
X-Policy
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Slack-Backend
X-Fastly-Country-Code
CF-Cached-On
X-Planisys-CDN-Rules
MIME-Version
CACHE
X-Azure-Ref-OriginShield
GeoIP-Country-Code
X-Action
X-Request-Start
X-VCL-Version
X-Cache-FS-Status
X-PAYTM-SRV-ID
Arc-Country
X-RPS
X-RPM
X-DW
X-RSL
Pramga
X-Processor
X-Dispatch
X-DSS
Rt-Proxy-Cache
Ttl
X-DB
X-DC
X-Server-Time
Pics-Label
X-DI
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
X-SRV
X-Fastly-Backend-Reqs
NtCoent-Length
GeoIP-Latitude
X-Varnish-Url
X-Hello
X-ND-Cache
X-Flog
X-ABtesting
X-Zone
GeoIP-City
X-Skip-Cache
X-Bc
Fastly-Drupal-HTML
X-FPC
X-PJAX-URL
X-Served-From
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-APP
X-VarnishDD-TTL
X-PF-Uncompressing
X-Method
Magicmarker
X-Newrelic-App-Data
X-Ratelimit-Limit
X-HostName
X-Bc-Bl
Cteonnt-Length
Amp-Access-Control-Allow-Source-Origin
WebServer
N-Cache
X-DevSite-Last-Modified
X-Ftr-Cache-Host
X-BE
X-Amzn-Remapped-Date
X-Dynatrace
Section-Origin-Responded
X-Amzn-Remapped-Connection
Section-Io-Id
Section-Io-Origin-Status
Processtime
Section-Io-Origin-Time-Seconds
X-Swift-Error
Servername
X-Dynatrace-Js-Agent
X-Be
Ohc-Response-Time
X-ID
Cache-Provider
X-LB-ID
X-WA
X-Svr
X-Backend-Host
CDN
X-WR-MODIFICATION
X-Frame-Option
X-Snapshot-Date
X-Fmm-Version
FSS-Proxy
X-Adobe-Source
X-Branch-Name
CF-IPCountry
X-BC
FSS-Cache
X-ZONE
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Lfy
X-Aicache-OS
Vix-Hermes-Req-Id
X-StackifyID
Cache-Cookie-Set-From
Dynatrace
Load-Balancing
Requestid
X-CACHE-AGE
Fusion-Deployment-Id
Trailer
X-Scheme
WZWS-RAY
X-Tid
D-Cc-Upstream
X-Apw-Access-Object
Proxy-Firewall
X-Apw-Access-Token
X-Fastly-Cache-Hits
V-Cache
X-Request-Url
X-Apw-Access-Action
X-SB
Pagetype
X-VC
X-Cc-Req-Id
X-Cc-Via
X-Apw-Hits
Warning
X-MServer
X-Litespeed-Cache-Control
DSUID
X-Node-ID
X-App
X-WPE-Loopback-Upstream-Addr
X-Worker
CloudFront-Viewer-Country
Correlation-Id
X-Fpc
Cneonction
X-Hp-Ccpa-Warning
X-Powered-Y
X-Request-URL
X-Check-Cacheable
X-Fastly-Cache-Status
Release
X-Configured-By
X-VCT
WP-Super-Cache
X-ElasticPress-Search
X-Varnish-Beresp-TTL
Backend-Name