Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
X-Amz-Version-Id
Ali-Swift-Global-Savetime
Report-To
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-Device
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
Rating
X-Rack-Cache
Edge-Control
X-Akam-SW-Version
X-Clacks-Overhead
X-Ruxit-JS-Agent
X-Country
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-TTL
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-FTR-Request-ID
X-TtlSet
X-PC
Verso
X-ESI
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Url
X-Kinja-Revision
X-GitHub-Request-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
Edge-Cache-Tag
RTSS
Ar-Sid
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
X-Px
X-Debug
X-D2id
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
Display
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
X-Sol
X-MSEdge-Ref
X-Vcap-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Amz-Rid
X-TEC-API-VERSION
Arr-Disable-Session-Affinity
TCN
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastcgi-Cache
X-Trace
X-Cdn
X-VARITI-CCR
Realpath
Cache-Tag
Public-Key-Pins
X-Client-IP
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
S
X-DynaTrace-JS-Agent
Nginx-Cache
X-Shard
SPRequestDuration
SPIisLatency
X-Upstream
X-Id
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Grace
X-Amzn-Trace-Id
X-T
X-Amz-Meta-S3cmd-Attrs
X-Edge-O15-RID
Nel
DynaTrace
Front-End-Https
X-Recruiting
X-Forwarded-For
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Server-ID
X-Dw-Request-Base-Id
X-Node-Name
MicrosoftSharePointTeamServices
X-Mobile-URL
X-DIS-Request-ID
X-Element-Page-Cache
X-Cache-TTL
NR-ENABLED
X-Jurisdiction
X-Content-Digest
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Expires
X-HS-Content-Id
X-HS-Hub-Id
Powered
X-HS-Combine-CSS
X-HS-Cache-Config
X-Frontend
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Backend
Server-Node
Alternate-Protocol
TP-L2-Cache
Server-Name
TP-Cache
X-Logged-In
X-Correlation-Id
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-XRDS-Location
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
Upgrade-Insecure-Requests
X-Cache-Hit
X-URL
X-Content-Options
X-Amzn-RequestId
X-Page-Id
X-Amz-Apigw-Id
X-Content-Security-Policy-Report-Only
X-Origin-Server
Refresh
X-F-Cache
X-User-Agent
X-Rid
X-Revision
X-Akamai-Edgescape
X-Varnish-Grace
X-Type
X-CST
X-Zen-Fury
Fastly-Restarts
X-Content-Powered-By
X-XRDS-LOCATION
X-LB-Cache
X-Geo-Country
X-B3-Sampled
X-B
X-Shield-Request-Id
X-Az
X-Activity-Id
X-AppVersion
X-FTR-Cache-Host
X-N
PB-PID
PB-RID
X-Mobile-Rewrite
Arc-Version
Cache-Status
X-Kinsta-Cache
X-Webapp-Samesite-None-Activated-N
X-Pad
X-Cache-Age
X-TT
X-AOL-HN
X-Instance
X-WebKit-CSP-Report-Only
X-Debug-Info
Actual-Object-TTL
Paypal-Debug-Id
X-B-Cache
X-Tumblr-User
X-Signature
X-Request-Guid
X-Framework
X-Tumblr-Pixel-0
X-Jobs
X-Tumblr-Pixel
X-App-Environment
X-Cache-Action
X-Webkit-Csp
Access-Control-Allow-Method
DC
X-FB-Debug
X-PHP-Backend
X-Analytics
X-Load-Cache
X-RateLimit-Remaining
X-Cached-By
X-Git-Hash
X-Time
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Tt-Trace-Tag
X-Varnish-Backend
X-Ruxit-Js-Agent
Fastcgi-Useragent
Host-Header
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Contextid
X-IPLB-Instance
MS-CV
X-SS-Set-Cookie
X-ATG-Version
FilterID
X-FastCGI-Cache
X-WA-Info
Tracecode
X-Cluster
X-Cache-Key
Host
X-Response-Served-From
NGB
X-Accel-Buffering
X-Presslabs-Stats
WPE-Backend
X-Host-Name
X-Kong-Upstream-Latency
Payment
X-Cache-NE
X-Varnish-Server
X-Mobile
X-Kong-Proxy-Latency
X-FW-Static
Frame-Options
X-FW-Type
X-FW-Server
X-FW-Hash
X-Cache-Operation
X-Cache-Rule
X-Cache-2
X-FW-Serve
X-Region
Source
X-Via-JSL
X-Hostname
Eomportal-Instance
X-Cache-Enabled
X-Cacheable-TTL
X-IPS-LoggedIn
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Tumblr-Pixel-1
X-GeoIP
X-Varnish-Hostname
X-Is-Bot
X-Tumblr-Pixel-2
Filters
Cache-Tv-Group
X-Rendered-As
X-Adobe-Loc
X-Adobe-Content
X-Origin-Response-Time
X-RequestSource
X-TX-ID
X-NewRelic-App-Data
X-EdgeConnect-Cache-Status
X-Srv
Xserver
X-NWS-LOG-UUID
X-Seen-By
Retry-After
Cleartype
Server-Info
X-VCache
X-Cache-TTL-Remaining
Accept-CH
X-ProcessESI
X-RemovedCookies
Cache
X-B3-Traceid
X-UA
X-HTML-Minification-Powered-By
Liferay-Portal
X-Dc
Datacenter
Ms-Operation-Id
X-RTag
X-Source
X-Ttl
X-Cache-Control
X-FireWall-Port
X-Environment-Context
X-L-Path
X-Upgrade-Enabled
X-App-Server
Healthy
X-Endurance-Cache-Level
From-Origin
X-Cache-Server
X-CACHE-KEY
X-Esi
X-APP-VERSION
Accept-CH-Lifetime
X-Handled-By
X-RateLimit-Limit
Version
X-Status
X-Rule
X-Backend-Name
Meta-Geo
X-Oneagent-Js-Injection
X-Wix-Request-Id
X-Cache-Var
X-Path-Route
X-RN-RSRV
GEO-INFO
X-Cache-Var-Map
X-ES-SERVER
X-Tb
X-Proxy-Build
X-Timing-Wait
X-Request-Time
X-Format
Selected-Fe
X-Access
X-Section
OT-Force-Account-Verify
Azure-SlotName
Mn-Server-Ip
X-Sorting-Hat-PodId
X-ShardId
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-Shopify-Stage
Azure-Version
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Generated-Cart-Token
X-Alternate-Cache-Key
X-ProxyCache-Key
X-ProxyCache-Status
X-Human
X-OCL
X-Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-BYPASS-REASON
X-PCL
X-Content-Age
X-EIG-Tracking-Id
X-Akamai-Request-ID
Akamai-GRN
Cache-Tags
Srv
X-Storage
X-FC-Vary-Parameters
X-Hl-Ver
X-Generated-By
X-Hyper-Cache
X-PressLabs-Stats
X-LJ-Flow-ID
X-Web-Node
X-Cache-Config
X-MP-GENERATED-AT
X-NYM-Debug-Backend
Origin-Cache-Control
X-Cluster-Node
Decoy-Debug-TTL
Decoy-Debug-Status
Origin-Edge-Control
NGX
Now
Decoy-Debug-Key
DB-Nickname
X-Proxy
X-Cache-Host
X-AWS-Id
X-Akamai-Request-ID2
X-Debug-Cache
X-JoinUs
X-VWS-Id
X-Hosted-By
X-ServerID
X-SaId
X-FW-Dynamic
X-Time-Microsecs
X-UUID
X-Vgn-Hpd-Reason
X-Viewer-Country
X-Yottaa-Metrics
X-Proxy-Cache-Status
Node
Ec-Rule-Version
X-Qloud-Router
S-Rt
X-Pubstack
X-Yottaa-Optimizations
X-Redis-Cache
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Connection-Speed
Webcakes-App-Version
TWC-GeoIP-Country
Property-Id
TWC-Device-Class
X-Www-Served-By
X-CCM
X-IP
X-Generated
X-Soup
X-Locale
X-Origin-Hint
X-RCS-CacheZone
X-Detected-As
X-Site-Version
X-Varnish-Hits
X-BCube-Filmed-By
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
Webcakes-Region
TWC-Privacy
Cross-Origin-Window-Policy
X-Akamai-Transformed
X-Xfnlog-Site
X-Loop
X-FB-TRIP-ID
Accept-Charset
X-R9-Blue-Green-Version
X-Amzn-Remapped-Content-Length
X-TNCMS
L5d-Success-Class
X-Unique-Id
X-CS
Cache-Name
X-NCache
Viewport
Uber-Trace-Id
X-Trafficlayer-App-Scope
X-Drupal-Cache-Tags
X-Trafficlayer-App-Name
Time
Webserver
Cache-Key
X-UA-Device-Type
X-Backend-TTL
X-CDN-Forward
X-Cache-Remote
X-UnsetCookies
X-From
X-Mode
X-Origin-TTL
X-Origin-CC
X-Forwarded-Host
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Accept-Language
Country
X-Newrelic-Synthetics
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
Mime-Version
X-Cluster-Name
X-B3-Spanid
Odigeo-Trace-Id
X-TT-TIMESTAMP
X-Info
X-Microcachable
X-NGENIX-Cache
X-Whom
X-Edge-Location
X-CLOUD-TRACE-CONTEXT
X-Varnish-Cache-Hits
X-PERF
X-ApacheServer
Content-Disposition
X-Geo
ServedBy
X-Magnolia-Registration
X-UPSTREAM-Address
X-Daa-Tunnel
Proxy-Connection
X-EC-Lua
X-Zipkin-Id
X-Proxied
X-Device-Type
Ohc-File-Size
Ohc-Cache-HIT
X-Routing-Service
Cf-Ipcountry
X-Via-Fastly
X-No-Session
X-Uri
X-A-Wwc
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
VivaBuild
X-A
W
Viewtype
T-Server
Content-Style-Type
Content-Script-Type
Machine
Apple-News-Services-Host
X-A-Dam
X-A-Ccd
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
Apple-News-Services-Parsed-Url
X-A-Dcw
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
GEO-REGION-INFO
X-A-Dgt
Rendered-Blocks
X-Connection-Hash
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rocket-Build-Number
X-Rewrite-Enabled
X-Geo-Header
X-G
X-GeoIP-Country-Code
X-Region-Sid
X-Accel-Expires-Debug
X-Sigma
X-Sigma-Backend
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-External-Request-Id
X-Request-UUID
X-CF-Lambda-Version
X-Date
X-ARC
X-Application
X-D
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-Aed
X-Destination
X-B-Cookie
X-PHP-Host
X-C
HitType
X-Labrador-Cache-Channel
User-Cache-Control
HA-Ipaddr
X-Varnish-Authentication
Ha-Gx-Prefs
X-Wikidot-Backend
X-WebServer
X-Auto-Login
X-Tumblr-Pixel-3
X-Wikidot-Static-Cache
X-Agile
Fastly-Soc-X-Request-Id
X-TrackingId
X-App-Name
X-VC-Cache
Gh-Request-Id
X-Agile-Id
Environment
X-Bip
X-Render-Time
Server-Surrogate-Control
Server-Cache-Control
X-CUA
X-Real-IP
X-Logging-Id
X-Eu-Site
X-Distil-CS
X-Developers
X-Hit
X-Contensis-Viewer-Groups
Powered-By
X-SIPLIST1
X-Backend-State
X-Thanos
Locid
X-Epic-Correlation-Id
X-Cache-ASPX
CDCHOST
X-CGP
X-Cache-Debug
IsBot
X-Agile-Age
X-GoCache-CacheStatus
Section-Io-Cache
X-Nc
X-Cache-Time
X-GeoIP-City
X-Fetched-On
X-Generation-Time
X-Generated-In
X-Gen-Mode
X-Hash
X-Gamma-Serve
X-Instart-Isnd
X-Ms-Version
X-Nginx-Cache-Key
X-NodeID
X-NX-Host
X-Ms-Request-Id
X-Micro-Cache
X-Fastly-Cache
X-Irp-Debug
X-Key
X-Hnp-Log
X-Distributor
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-Cache-Bucket
X-Cache-Backend
X-Azure-Ref
X-BBXSRF
X-Block-Status
X-Clara-WADP
X-Cms-Context
X-Debug-Cookies
X-Debug-Log
X-Dispatcher-Server
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Core-Mission
X-Debug-Cache-Expiry
X-Origin-Date
X-OVcl
X-LI-Proto
X-LI-UUID
X-TH-Server
X-Li-Pop
X-Li-Fabric
IBM-Web2-Location
Memcached
X-FW-Version
X-VServer
X-We-Are-Hiring
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Servername
X-Clientip
Fastly-SWR
Countrycode
Fastly-SIE
Fastly-SSL
Access-Control-Request-Headers
X-RateLimit-Remaining-Second
X-Server-W
X-Sucuri-Cache
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-AK-Request-ID
X-OVcl-Cache
X-Owner
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Urbn-Site-Id
X-WADP-Cache
X-Webstats-RespID
X-Urbn-Context-Path
X-TT-LOGID
X-Swa-Ws
X-Trace-Id
X-Origin-Expires
X-Request-URI
X-Varnish-Beresp-Ttl
AKAMAI
RNT-Time
Fastly-Backend-Name
Cache-Host
Country-Code
We-Hiring
Request-EU
Request-Country
RNT-Machine
Web-Mar-Node
True-Client-Country-4JS
X-Varnish-Beresp-Grace
Kp-EeAlive
Server-ID
Mail-Subject
Locale
V-Age
Cdnsip
X-Varnish-Beresp-Status
Server-Int
Cdncip
Heartbleed
X-COUNTRY
X-IN-APIGATEWAYSSL
X-NU-AKA-ACS-Version
Thinkindot-CacheControl
X-Generated-On
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Level-Front-Cache
X-Platform-Server
X-IN-APIGATEWAY
X-Old-Content-Length
X-ServiceProvider
X-Service
PFcat
X-User
X-Reboot
FNAC-ModuleRouting
X-Trafficlayer-App-Version
X-Thinkindot-L3
ServerName
Geo-Info
Adler-Geo
X-Internal-Host
Server-Host
X-Matched-Rule
X-Has-Esi
X-Cache-Tags
X-Req
Is-Eu
Platform
X-JWT-State
X-Is-Gdpr
X-Core-Value
Wxu-Next-Region
X-Nginx-Cache
Wxu-Next-Commit
X-Variation
Wxu-Next-Hostname
X-Up
X-TA-CDN-Provider
Filterid
X-Response-By
X-Location
X-S-Maxage
X-App-Version
Cache-Hits
X-SERVER
RequestId
X-Lb-Id
X-Air-Hostname
X-B3-Parentspanid
Group
Pragrma
X-Parent-Response-Time
X-Refresh
X-CSRF-TOKEN
X-Cache-Expired-At
X-Tb-Optimization-Total-Bytes-Saved
X-Var-Ttl
X-Tec-Api-Version
X-NC
X-Tec-Api-Origin
S-Cnection
X-Tec-Api-Root
Memory
X-Wa
X-CF-Powered-By
Powered-By-ChinaCache
ProcessTime
X-Cdn-Forward
X-B3-SpanId
X-BACKEND-TTL
X-Server-IP
Origin
X-Pjax-Url
User-Agent
X-CSRF-Token
X-Pf-Uncompressing
Geoip-Latitude
X-Sucuri-ID
SRV
X-Correlation-ID
X-Ua
X-Cdn-Request-ID
X-Varnish-Cacheable
Geoip-City
PICS-Label
GeoIp-Country-Code
Media-Length
TTL
X-NGINX-Cache
X-NWS-UUID-VERIFY
X-Vcl-Version
X-FORWARDED-FOR
X-TIME
X-Sucuri-Id
X-Unique-ID
XServer
X-Developer
X-Servedbyhost
Dnion-Transfer-Encoding
X-Via-CDN
X-Litespeed-Cache
X-Node-Id
X-Device-Os
X-Webkit-CSP
X-LAGOON
X-Sn-Servicetimems
SN
X-Ocache
X-Cdn-Origin
X-Rocket-Nginx-Bypass
X-Cache-Grace
M-TraceId
X-AIR-PT
X-Varnish-Ttl
X-Reqid
Esi-Enabled
On-Server
X-Via-Ucdn
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-HS-Status
X-Policy
X-Request-Host
X-MSEdge-Flight
A
X-MSEdge-Features
X-Fastly-Country-Code
X-Cache-Status-Check
X-Azure-Ref-OriginShield
Hostname
X-Request-Start
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
HostName
X-Oss-Storage-Class
X-Beluga-Response-Time
X-Beluga-Record
Cdn
X-Beluga-Status
X-Beluga-Node
Cloudfront-Viewer-Country
Who
X-Cache-Ttl
Rt-Proxy-Cache
Resin-Trace
X-Beluga-Trace
X-Beluga-Cache-Status
X-Ftr-Cache-Host
X-VHOST
X-ServedByHost
X-Ratelimit-Remaining
Magicmarker
CF-Cached-On
NtCoent-Length
Host-ID
X-Varnish-URL
MIME-Version
X-Method
X-VCL-Version
X-Bc
Pics-Label
Ttl
X-APP
GeoIP-Country-Code
X-LiteSpeed-Cache-Control
X-Zone
Tcn
X-Oracle-Dms-Rid
X-SRV
X-Fastly-Backend-Reqs
Cteonnt-Length
X-Varnish-Url
X-Slack-Backend
GeoIP-Latitude
X-DC
Load-Balancing
X-RSL
X-DB
GeoIP-City
X-DSS
X-Be
X-DI
X-PJAX-URL
X-Action
X-RPM
X-DW
X-RPS
X-VarnishDD-TTL
X-Svr
Ohc-Response-Time
X-PF-Uncompressing
X-Newrelic-App-Data
DSUID
X-Dispatch
X-PAYTM-SRV-ID
X-Processor
X-Cache-FS-Status
Pramga
WebServer
Arc-Country
X-Ratelimit-Limit
X-Ftr-Request-Id
Amp-Access-Control-Allow-Source-Origin
X-FPC
X-Server-Time
X-Skip-Cache
Vix-Hermes-Req-Id
X-MServer
CACHE
X-VCT
Release
X-Dynatrace
X-Tid
Processtime
Fastly-Drupal-HTML
X-ABtesting
X-DevSite-Last-Modified
X-Hello
X-Flog
X-BE
X-Swift-Error
X-ND-Cache
X-Hp-Ccpa-Warning
Servername
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
N-Cache
X-Served-From
X-HostName
X-Configured-By
Cache-Provider
X-Aicache-OS
Cdn-Request-Time
X-LB-ID
X-ID
X-Edge-Server
Cdn-Host
X-Frame-Option
Lfy
X-Ftr-Dc
X-StackifyID
X-Upstream-Ct
X-Upstream-Ht
Dynatrace
X-WA
X-Amzn-Remapped-Connection
X-Branch-Name
CF-IPCountry
X-Snapshot-Date
X-Fastly-Cache-Hits
CDN
X-Amzn-Remapped-Date
SD-X-WS
X-Ftr-Backend-Server
X-Ftr-Balancer
X-Ftr-Realm
X-Ftr-Backend
X-SD-PageType
Requestid
Pagetype
X-Bc-Bl
X-CACHE-AGE
X-Backend-Host
X-Cc-Via
X-SN
X-Apw-Access-Action
Proxy-Firewall
X-Apw-Access-Object
X-Cc-Req-Id
X-Apw-Hits
X-ZONE
X-Edge-IP
L
X-Cache-Id
X-Compress-Hint
X-Varnish-Beresp-TTL
X-Request-Url
X-Apw-Access-Token
X-VC
X-SB
Warning
V-Cache
D-Cc-Upstream
Lb
WZWS-RAY
X-Via-NSCOPI
X-Check-Cacheable
X-Release
X-ServerName
X-Request-URL
WP-Super-Cache
X-Fastly-Cache-Status
X-BC
X-ElasticPress-Search
X-App
X-Powered-Y
Backend-Name
Correlation-Id
X-Worker