Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-Download-Options
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
P3p
Edge-Control
Rating
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-DynaTrace
X-Vname
X-Goog-Hash
X-PC
X-TtlSet
Content-MD5
X-ESI
Verso
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-Vcache
X-GoogleNews-Bot
X-Cdn-Fetch
X-GitHub-Request-Id
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-B3-TraceId
X-Use-Magma
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Navigation-Version
X-TEC-API-ROOT
X-MSEdge-Ref
X-Amz-Rid
Response
Display
Pagespeed
X-Middleton-Response
X-Sol
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-Server-ID
X-SharePointHealthScore
X-VARITI-CCR
Pinterest-Version
X-Pinterest-Rid
X-Fastly-Request-ID
MS-Author-Via
Public-Key-Pins
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-CMS
X-Trace
X-Cdn
X-Client-IP
Realpath
X-Edge-O15-RID
Cache-Tag
X-Ser
Access-Control-Request-Method
X-Content-Type
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
Nel
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Upstream
X-Shard
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Id
X-Ezoic-Cdn
X-Cache-TTL
Front-End-Https
X-Forwarded-For
S
X-Hits
X-T
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Dw-Request-Base-Id
X-Content-Digest
X-Varnish-Age
X-FTR-Cache-Status
X-FTR-Expires
X-Mobile-URL
MicrosoftSharePointTeamServices
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
X-Frontend
TP-L2-Cache
TP-Cache
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-HS-Hub-Id
X-Goog-Storage-Class
X-Goog-Generation
Powered
X-Logged-In
X-CST
X-Correlation-Id
Alternate-Protocol
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Cache-Hit
Fastly-Restarts
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-Location
Backend-Timing
X-ATS-Timestamp
X-Page-Id
X-Request-Processing-Time
X-Request-Received
X-Content-Options
X-User-Agent
Refresh
X-Zen-Fury
AMP-Access-Control-Allow-Source-Origin
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Akamai-Edgescape
X-Varnish-Grace
X-Rid
X-Origin-Server
X-XRDS-LOCATION
X-B
X-Revision
X-LB-Cache
PB-RID
X-Content-Powered-By
Arc-Version
X-Mobile-Rewrite
PB-PID
X-Type
X-B3-Sampled
Cache-Status
X-Activity-Id
X-AppVersion
X-Geo-Country
X-Az
X-Kinsta-Cache
X-NWS-LOG-UUID
X-N
X-TT
X-Cache-Action
X-AOL-HN
Access-Control-Allow-Method
X-Debug-Info
X-Framework
X-WebKit-CSP-Report-Only
X-B-Cache
X-Instance
X-Time
X-Request-Guid
X-PHP-Backend
X-Jobs
X-FB-Debug
Actual-Object-TTL
X-Signature
X-App-Environment
X-Git-Hash
Paypal-Debug-Id
X-Cache-Age
X-Cached-By
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Load-Cache
Fastcgi-Useragent
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-URL
DC
X-Pad
X-Varnish-Backend
X-Shield-Request-Id
X-Webkit-Csp
Host-Header
X-WA-Info
X-ATG-Version
Host
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-RateLimit-Remaining
MS-CV
Surrogate-Key
X-IPLB-Instance
X-Via-JSL
X-Contextid
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Host-Name
Retry-After
Frame-Options
X-Response-Served-From
X-Accel-Buffering
NGB
X-Cache-Key
X-FastCGI-Cache
X-Hostname
X-Seen-By
Source
Payment
X-Srv
X-SS-Set-Cookie
X-Region
X-Varnish-Server
Eomportal-Instance
Liferay-Portal
X-Cache-NE
X-Cache-2
Filters
X-Cacheable-TTL
WPE-Backend
X-GeoIP
X-Rendered-As
X-NewRelic-App-Data
X-Origin-Response-Time
X-Is-Bot
Xserver
X-IPS-LoggedIn
X-FW-Server
X-FW-Serve
X-FW-Hash
X-FW-Static
X-FW-Type
X-Cluster
X-Varnish-Hostname
Cache-Tv-Group
X-Presslabs-Stats
Server-Info
X-Cache-Enabled
Tracecode
X-Cache-Rule
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Operation
X-App-Server
X-RequestSource
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
FilterID
X-TX-ID
X-Cache-TTL-Remaining
Cleartype
X-FireWall-Port
X-Analytics
X-L-Path
X-Environment-Context
Accept-CH
X-B3-Traceid
X-Handled-By
X-Upgrade-Enabled
Ms-Operation-Id
X-RTag
X-Source
X-Endurance-Cache-Level
X-CACHE-KEY
X-Cache-Server
Accept-Charset
From-Origin
X-HTML-Minification-Powered-By
X-Backend-Name
X-UA
X-Ttl
Datacenter
X-Webapp-Samesite-None-Activated-N
X-UUID
X-Dc
Srv
X-APP-VERSION
X-Wix-Request-Id
Healthy
Accept-CH-Lifetime
X-Path-Route
Meta-Geo
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-Daa-Tunnel
X-RN-RSRV
X-Tb
X-Timing-Wait
Selected-Fe
X-Proxy-Build
OT-Force-Account-Verify
X-Akamai-Transformed
X-Status
X-Proto
X-Akamai-Request-ID
X-FC-Vary-Parameters
X-Section
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Access
X-PressLabs-Stats
X-OCL
X-PCL
X-Cache-Config
X-NYM-Debug-Backend
X-Web-Node
X-ShardId
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Human
X-Say-TTL
X-SayCDN-TTL
X-EIG-Tracking-Id
Origin-Cache-Control
X-BYPASS-REASON
Origin-Edge-Control
X-Alternate-Cache-Key
X-Soup
X-Akamai-Request-ID2
Node
Mn-Server-Ip
X-Format
X-Hl-Ver
X-Say-Cacheable
X-Debug-Cache
Ec-Rule-Version
Cache-Tags
X-ShopId
X-JoinUs
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Request-Time
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-ProxyCache-Key
Akamai-GRN
X-Sorting-Hat-PodId
X-SaId
X-Sorting-Hat-ShopId
X-Origin
X-ProxyCache-Status
Cross-Origin-Window-Policy
X-Viewer-Country
Version
X-Www-Served-By
X-Detected-As
X-Hyper-Cache
X-Qloud-Router
X-CCM
X-Redis-Cache
GEO-INFO
Decoy-Debug-TTL
X-TNCMS
X-AWS-Id
Now
X-BCube-Filmed-By
X-Storage
X-Pubstack
Decoy-Debug-Key
Decoy-Debug-Status
X-FB-TRIP-ID
X-ServerID
X-Loop
X-Site-Version
X-Time-Microsecs
X-VWS-Id
X-Locale
X-LJ-Flow-ID
X-Hosted-By
X-Generated-By
X-MP-GENERATED-AT
X-Proxy
X-Whom
X-Generated
X-Varnish-Hits
X-Ua-Device
X-Unique-Id
S-Rt
X-Content-Age
X-IP
X-FW-Dynamic
NGX
DB-Nickname
X-Origin-Hint
X-Amzn-Remapped-Content-Length
Webcakes-Region
Webcakes-App-Version
Azure-RegionName
Azure-Version
Azure-InstanceId
X-Xfnlog-Site
X-R9-Blue-Green-Version
Azure-SlotName
X-NCache
Azure-SiteName
TWC-Locale-Group
TWC-Connection-Speed
Property-Id
Webcakes-App-Name
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-GeoIP-LatLong
X-Cluster-Node
Cache-Key
X-UA-Device-Type
X-RCS-CacheZone
X-Cache-Control
X-Cache-Host
X-RateLimit-Limit
X-NGENIX-Cache
Section-Io-Cache
X-Backend-TTL
X-Drupal-Cache-Tags
Cache
X-Rule
X-Forwarded-Host
X-Mode
Webserver
L5d-Success-Class
X-Esi
Time
X-CDN-Forward
Content-Disposition
Mime-Version
Cache-Name
X-UnsetCookies
Accept-Language
X-Info
X-Varnish-Cache-Hits
Viewport
X-CS
X-ApacheServer
Rt-Fastcgi-Cache
X-PERF
X-Origin-TTL
X-Origin-CC
ServedBy
X-Newrelic-Synthetics
Country
Uber-Trace-Id
X-B3-Spanid
X-Cache-Remote
X-Device-Type
Odigeo-Trace-Id
X-Via-Fastly
Filterid
X-Magnolia-Registration
X-VCache
X-Proxied
X-Routing-Service
X-Uri
X-Zipkin-Id
X-From
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
Proxy-Connection
X-Cluster-Name
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Real-IP
X-Geo
Cf-Ipcountry
HitType
Geo-Info
X-TT-TIMESTAMP
X-Microcachable
X-Nc
VIX-Pulpo-Node
Group
X-Rocket-Build-Number
X-ScT
X-Rewrite-Enabled
X-Rojux
VIX-Pulpo-Upstream-Status
X-Varnish-Beresp-Status
VivaBuild
X-Varnish-Beresp-Ttl
Viewtype
X-S-Cookie
X-S
X-Request-UUID
Rendered-Blocks
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
GEO-REGION-INFO
BehaviorPad-Version
AsisCache
X-PHP-Host
X-Labrador-Cache-Channel
X-Cache-Time
Machine
MD5-Digest
X-Geo-Header
X-G
T-Server
X-DPWN-IS-SECURE
X-Region-Sid
Meta-Geo-Continent
Mobile-Detection-Method
X-GeoIP-Country-Code
X-External-Request-Id
X-Varnish-Beresp-Grace
X-Twitter-Response-Tags
X-CF-Lambda-Fn
X-CF-Lambda-Version
Ohc-File-Size
X-Trv-Group
X-Application
X-ARC
X-B-Cookie
X-Vtex-Remote-Cache
X-Connection-Hash
X-Vtex-Processado-Em
X-VG-WebCache
X-VG-WebServer
X-VG-TLSProxy
X-Vdms-Version
X-Date
X-D
X-Destination
X-Transaction
X-A
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-SRCache-Key
X-A-Dam
X-A-Wwc
X-Sigma-Backend
X-Accel-Expires-Debug
Xc-Version
X-Sigma
X-Session-Fingerprint
X-Aed
Cache-Hits
X-C
User-Cache-Control
X-Distil-CS
Apple-News-Services-Host
Countrycode
Apple-News-Services-Parsed-Url
Environment
CDCHOST
X-Logging-Id
Apple-News-Services-Handled
Ha-Gx-Prefs
X-Bip
Powered-By
W
X-Backend-State
X-Agile
X-Agile-Age
X-Agile-Id
X-Hit
X-Cache-Debug
Fastly-Soc-X-Request-Id
X-CGP
HA-Ipaddr
Locid
X-Cache-Expired-At
X-Eu-Site
X-Clientip
Apple-News-Services-Request-Url
X-WebServer
X-Thanos
X-TrackingId
X-VC-Cache
X-CUA
X-Fetched-On
X-Epic-Correlation-Id
True-Client-Country-4JS
V-Age
X-Distributor
Web-Mar-Node
We-Hiring
X-Servername
X-Wikidot-Backend
X-Gen-Mode
Pragrma
X-Cdn-Srv
Platform
X-Has-Esi
X-GeoIP-City
X-Request-URI
X-Dispatcher-Server
X-Wikidot-Static-Cache
Request-EU
Request-Country
Server-ID
X-SVT-ORM-VERSION
X-Up
X-Cache-Tags
X-Block-Status
X-Debug-Cookies
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Variation
X-Cms-Context
X-Var-Ttl
X-Debug-Log
X-Azure-Ref
X-TH-Server
X-Swa-Ws
X-Hash
X-SVT-ORM-RULES
X-Air-Hostname
X-Developers
X-Auto-Login
X-Trace-Id
X-App-Name
X-SIPLIST1
X-Generated-In
X-LI-Proto
X-No-Session
X-Li-Pop
X-IN-APIGATEWAYSSL
X-LI-UUID
Gh-Request-Id
X-Origin-Expires
Heartbleed
X-Proxy-Upstream
X-Instart-Isnd
X-Is-Gdpr
Fastly-SWR
X-Li-Fabric
X-NodeID
X-NU-AKA-ACS-Version
X-Rebelmouse-Surrogate-Control
X-JWT-State
X-Owner
X-Platform-Server
Cache-Host
Fastly-SIE
X-VServer
Mail-Subject
X-OVcl-Cache
X-IN-APIGATEWAY
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Hnp-Log
X-Rebelmouse-Cache-Control
Adler-Geo
X-OVcl
IBM-Web2-Location
Locale
Is-Eu
X-Ms-Version
Country-Code
IsBot
X-Ms-Request-Id
X-Origin-Date
X-NX-Host
AKAMAI
Kp-EeAlive
X-GoCache-CacheStatus
X-Edge-Location
Ohc-Cache-HIT
Fastly-SSL
X-Nginx-Cache-Key
X-Debug-Cache-Expiry
X-Varnish-Authentication
X-Debug-Cache-Fetch
X-Tumblr-Pixel-3
X-Trafficlayer-App-Name
X-Trafficlayer-App-Version
X-TT-LOGID
X-Trafficlayer-App-Scope
X-Clara-WADP
X-FW-Version
X-Webstats-RespID
X-We-Are-Hiring
X-WADP-Cache
X-Gamma-Serve
X-Matched-Rule
X-Reboot
X-Generation-Time
X-Generated-On
X-Micro-Cache
X-Irp-Debug
X-BBXSRF
Memcached
X-Level-Front-Cache
X-Cache-Bucket
X-Cache-Info
X-Fastly-Cache
X-Service
X-ServiceProvider
X-Thinkindot-L3
X-Debug-Cache-Store
RNT-Time
RNT-Machine
Server-Cache-Control
Server-Int
Thinkindot-CacheControl
Server-Surrogate-Control
X-App-Version
PFcat
Cdnsip
Fastly-Backend-Name
Cdncip
S-Cnection
ServerName
Thinkindot-CacheControl-Type
Server-Host
Thinkindot-Control
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-AK-Request-ID
X-Core-Value
X-Core-Mission
X-S-Maxage
X-Response-By
X-Old-Content-Length
FNAC-ModuleRouting
X-Req
X-Server-W
Wxu-Next-Region
X-Cache-URL
Wxu-Next-Hostname
X-Lb-Id
Wxu-Next-Commit
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Nginx-Cache
X-UPSTREAM-Address
X-Oss-Object-Type
X-Oss-Request-Id
X-VHOST
X-Refresh
RequestId
X-Node-Id
X-SERVER
X-Sucuri-ID
Powered-By-ChinaCache
X-Varnish-Cacheable
X-Wa
X-Render-Time
X-NC
X-NWS-UUID-VERIFY
User-Agent
X-Cache-Backend
X-Developer
X-Cache-Status-Check
X-CSRF-TOKEN
X-User
Hostname
X-Parent-Response-Time
X-Tec-Api-Version
X-Pjax-Url
X-Internal-Host
X-Cache-Grace
X-Tec-Api-Root
X-LAGOON
X-Cdn-Origin
X-CF-Powered-By
X-Tec-Api-Origin
X-Device-Os
X-Key
X-Sn-Servicetimems
Origin
X-CSRF-Token
X-Ua
X-Ocache
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
A
X-Pf-Uncompressing
On-Server
X-Location
SRV
Memory
X-TA-CDN-Provider
Cloudfront-Viewer-Country
X-Request-Host
X-Via-CDN
Geoip-Latitude
Geoip-City
X-MSEdge-Features
X-MSEdge-Flight
ProcessTime
GeoIp-Country-Code
PICS-Label
X-NGINX-Cache
X-B3-Parentspanid
TTL
X-BACKEND-TTL
X-Cdn-Forward
X-COUNTRY
X-Vcl-Version
Resin-Trace
X-Servedbyhost
M-TraceId
X-Server-IP
X-Webkit-CSP
X-Litespeed-Cache
X-Varnish-URL
X-HS-Status
Dnion-Transfer-Encoding
X-Ratelimit-Remaining
X-Unique-ID
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
XServer
X-B3-SpanId
X-TIME
Media-Length
SN
Cdn
X-Cdn-Request-ID
X-Slack-Backend
Tcn
X-Dynatrace-Js-Agent
X-Correlation-ID
X-FORWARDED-FOR
X-Cache-FS-Status
Pramga
X-ServedByHost
Host-ID
X-Dispatch
X-PAYTM-SRV-ID
Arc-Country
X-Server-Time
X-Processor
CACHE
X-Beluga-Cache-Status
X-Skip-Cache
X-ND-Cache
X-Beluga-Response-Time
Who
X-Beluga-Node
X-Cache-Ttl
X-Fastly-Country-Code
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Record
X-Action
HostName
Section-Io-Id
X-DC
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Origin-Responded
Cdn-Request-Time
X-RPS
X-Via-Ucdn
X-DB
X-DSS
Fastly-Drupal-HTML
X-DI
X-RPM
X-Edge-Server
X-RSL
Cdn-Host
X-Served-From
X-DW
X-VCL-Version
X-DevSite-Last-Modified
N-Cache
Pics-Label
X-Reqid
Ttl
Fusion-Deployment-Id
GeoIP-Country-Code
X-Hello
GeoIP-Latitude
X-Flog
X-Bc-Bl
X-AIR-PT
Amp-Access-Control-Allow-Source-Origin
GeoIP-City
Esi-Enabled
X-ABtesting
X-Adobe-Source
X-Sucuri-Id
NtCoent-Length
X-Oracle-Dms-Rid
X-Ratelimit-Limit
MIME-Version
X-LiteSpeed-Cache-Control
X-Backend-Host
X-Varnish-Url
X-VarnishDD-TTL
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-PF-Uncompressing
X-Policy
CF-Cached-On
X-APP
X-Azure-Ref-OriginShield
X-FPC
X-Request-Start
X-Ruxit-Js-Agent
Trailer
X-HostName
Cache-Cookie-Set-Lfrom
X-Bc
Cache-Cookie-Set-Idcheck
Rt-Proxy-Cache
X-Zone
X-SRV
WebServer
Cache-Cookie-Set-From
Cteonnt-Length
X-Fmm-Version
X-Scheme
X-PJAX-URL
X-Fastly-Backend-Reqs
X-Amzn-Remapped-Connection
X-BE
X-BC
X-Fpc
X-Amzn-Remapped-Date
X-ZONE
Processtime
X-Dynatrace
X-Newrelic-App-Data
Servername
X-Swift-Error
X-SN
X-ID
X-Esi-Check
X-WA
FSS-Proxy
FSS-Cache
Cache-Provider
X-Method
Magicmarker
X-Cache-Id
X-WR-MODIFICATION
X-Frame-Option
Lb
Load-Balancing
Sid
Release
X-Snapshot-Date
Requestid
X-StackifyID
X-Branch-Name
X-LB-ID
CDN
SD-X-WS
X-SD-PageType
CF-IPCountry
X-Gzip
Dynatrace
X-Cache-NGX
X-CACHE-AGE
X-VCT
X-Wix-Viewer-Type
X-Instart-Info
X-Compress-Hint
V-Cache
WZWS-RAY
L
X-Fastly-Cache-Hits
X-Aicache-OS
X-Request-Url
X-VC
Ohc-Response-Time
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
X-SB
Warning
X-Tid
X-Litespeed-Cache-Control
X-ECACHE
X-Configured-By
SID
X-ECache
X-Apw-Hits
X-Nananana
X-Fastly-Cache-Status
LB
Request-Time
X-Svr
Inserted-Into-Cache-At
X-Worker
Cneonction
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-Powered-Y
X-WPE-Loopback-Upstream-Addr
X-Request-URL
X-App
X-Apw-Access-Token
X-ElasticPress-Search
X-Apw-Access-Action
X-GEO
X-Be
X-Apw-Access-Object
WP-Super-Cache