Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Server
X-Age
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
P3p
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Device
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
X-Dispatcher
Request-Id
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-Ruxit-JS-Agent
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-DataDome
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
Allow
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-DynaTrace
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Cdn
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Id
RTSS
Edge-Cache-Tag
X-Server-Name
X-D2id
X-Abt-Application-Version
X-Debug
AR-CACHE
Ar-Sid
AR-Request-ID
AR-PoweredBy
X-Px
AR-ATIME
X-Amz-Server-Side-Encryption
X-Vcache
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-Sol
Display
Response
X-Vcap-Request-Id
X-Accel-Expires
X-Amz-Rid
X-MSEdge-Ref
X-Navigation-Version
Arr-Disable-Session-Affinity
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Pinterest-Rid
Pinterest-Version
TCN
X-Fastcgi-Cache
X-Powered-CMS
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Trace
Public-Key-Pins
X-Fastly-Request-ID
Cache-Tag
X-Client-IP
Realpath
Nginx-Cache
MS-Author-Via
X-Edge-O15-RID
Access-Control-Request-Method
X-Ser
X-Server-ID
X-DynaTrace-JS-Agent
X-Shard
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPRequestDuration
X-Content-Type
SPIisLatency
S
X-Id
X-Upstream
X-Ezoic-Cdn
X-Amzn-Trace-Id
X-Grace
X-Hp-Webp
X-Forwarded-For
X-T
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Cache-TTL
X-Varnish-Age
ServerID
X-Element-Page-Cache
MicrosoftSharePointTeamServices
X-Node-Name
X-Content-Digest
X-Mobile-URL
X-FTR-Expires
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-Dw-Request-Base-Id
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-Frontend
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Powered
X-Goog-Metageneration
X-Goog-Storage-Class
TP-Cache
TP-L2-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-Cache-Hit
Backend-Timing
X-ATS-Timestamp
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Options
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Origin-Server
Refresh
X-User-Agent
X-Revision
X-Akamai-Edgescape
X-Zen-Fury
X-Rid
X-Page-Id
X-Varnish-Grace
X-XRDS-Location
X-Type
X-FTR-Cache-Host
X-Content-Powered-By
X-LB-Cache
X-B
X-B3-Sampled
X-Geo-Country
PB-PID
PB-RID
Arc-Version
X-URL
X-Mobile-Rewrite
X-Activity-Id
X-AppVersion
X-Az
Cache-Status
X-Kinsta-Cache
X-N
X-Cache-Age
X-Cache-Action
X-TT
X-B-Cache
X-Instance
X-Signature
X-AOL-HN
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Jobs
X-Time
X-Debug-Info
Actual-Object-TTL
Paypal-Debug-Id
X-Framework
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Load-Cache
X-FB-Debug
X-App-Environment
X-PHP-Backend
X-Shield-Request-Id
X-Request-Guid
X-Cached-By
X-Pad
X-Git-Hash
DC
Fastcgi-Useragent
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-RateLimit-Remaining
X-Webkit-Csp
X-Amz-Replication-Status
X-Varnish-Backend
Surrogate-Key
Host-Header
X-IPLB-Instance
X-Contextid
MS-CV
X-Erf-Bev-Bev
X-ATG-Version
X-Erf-Bev-Bev-Is-Generated
X-WA-Info
Host
X-NWS-LOG-UUID
X-Webapp-Samesite-None-Activated-N
X-SS-Set-Cookie
X-Analytics
X-FastCGI-Cache
X-Cache-Key
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
FilterID
X-Mobile
X-Via-JSL
NGB
X-Response-Served-From
X-Kong-Proxy-Latency
Tracecode
X-Host-Name
X-Kong-Upstream-Latency
X-Accel-Buffering
X-Presslabs-Stats
Payment
X-Cluster
X-Cache-NE
X-FW-Serve
X-Region
X-Cache-2
X-FW-Hash
X-Origin-Response-Time
Xserver
X-FW-Static
X-FW-Server
Source
WPE-Backend
X-Varnish-Server
X-FW-Type
Eomportal-Instance
X-Varnish-Hostname
Filters
Cache-Tv-Group
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Frame-Options
X-IPS-LoggedIn
X-Adobe-Content
X-Adobe-Loc
X-Cache-Enabled
X-Cacheable-TTL
X-Rendered-As
X-RequestSource
X-Seen-By
Retry-After
X-Hostname
X-Cache-Rule
X-Cache-Operation
X-Is-Bot
X-EdgeConnect-Cache-Status
X-Srv
X-NewRelic-App-Data
X-TX-ID
Server-Info
X-VCache
Liferay-Portal
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
Cleartype
Accept-CH
X-B3-Traceid
X-App-Server
X-Dc
X-L-Path
X-Environment-Context
X-RTag
Ms-Operation-Id
X-FireWall-Port
X-Source
X-UA
X-Endurance-Cache-Level
X-Handled-By
Datacenter
X-HTML-Minification-Powered-By
X-Upgrade-Enabled
X-Cache-Server
From-Origin
X-CACHE-KEY
X-APP-VERSION
Accept-CH-Lifetime
X-Backend-Name
Srv
Cache
Accept-Charset
Meta-Geo
X-Cache-Control
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
GEO-INFO
X-Cache-Var
X-Wix-Request-Id
X-ES-SERVER
X-Format
X-Tb
X-Section
X-Timing-Wait
X-UUID
X-Proxy-Build
Selected-Fe
OT-Force-Account-Verify
X-Access
Cache-Tags
Akamai-GRN
X-Sorting-Hat-ShopId
X-EIG-Tracking-Id
X-OCL
X-PCL
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-PodId
X-NYM-Debug-Backend
Azure-InstanceId
X-Content-Age
Azure-Version
X-Proto
X-Akamai-Request-ID
X-Request-Time
X-ShardId
X-Alternate-Cache-Key
Azure-RegionName
X-Origin
X-Shopify-Stage
Mn-Server-Ip
X-Shopify-Generated-Cart-Token
X-Cache-Config
X-ShopId
Azure-SiteName
Azure-SlotName
Version
Healthy
X-Status
X-Cluster-Node
X-BYPASS-REASON
X-AWS-Id
X-Debug-Cache
X-FW-Dynamic
X-Hosted-By
X-Hl-Ver
X-Generated-By
X-Akamai-Request-ID2
Origin-Cache-Control
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Ec-Rule-Version
NGX
X-Human
Now
Node
Origin-Edge-Control
X-JoinUs
X-Soup
X-ServerID
X-SayCDN-TTL
X-Say-TTL
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-Web-Node
X-VWS-Id
X-Viewer-Country
X-Say-Cacheable
X-SaId
X-Proxy-Cache-Status
X-Proxy
X-LJ-Flow-ID
X-ProxyCache-Key
X-ProxyCache-Status
X-Redis-Cache
X-Qloud-Router
X-Pubstack
DB-Nickname
X-Hyper-Cache
X-Yottaa-Metrics
X-Yottaa-Optimizations
TWC-GeoIP-Country
X-Generated
TWC-Locale-Group
TWC-Privacy
TWC-Device-Class
TWC-Connection-Speed
X-TNCMS
X-Storage
X-Site-Version
Property-Id
Webcakes-App-Name
Webcakes-App-Version
X-MP-GENERATED-AT
X-Loop
X-PressLabs-Stats
X-FB-TRIP-ID
X-Origin-Hint
X-CCM
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Varnish-Hits
TWC-GeoIP-LatLong
Cross-Origin-Window-Policy
X-RateLimit-Limit
X-Www-Served-By
X-NCache
X-Locale
X-Akamai-Transformed
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Rule
S-Rt
X-Cache-Host
X-IP
X-Detected-As
X-Unique-Id
L5d-Success-Class
X-Drupal-Cache-Tags
X-CS
X-Esi
Cache-Key
Cache-Name
Webserver
Uber-Trace-Id
Time
Viewport
X-UA-Device-Type
X-UnsetCookies
X-Mode
X-Whom
X-Forwarded-Host
X-Backend-TTL
Mime-Version
X-Origin-CC
X-NGENIX-Cache
X-Origin-TTL
X-CDN-Forward
Accept-Language
Rt-Fastcgi-Cache
X-Daa-Tunnel
X-Info
Content-Disposition
X-B3-Spanid
Country
X-Varnish-Cache-Hits
X-Cache-Remote
X-From
X-PERF
Odigeo-Trace-Id
X-ApacheServer
ServedBy
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Cluster-Name
Section-Io-Cache
X-Drupal-Cache-Contexts
X-Newrelic-Synthetics
VIX-Pulpo-Node
X-Microcachable
X-Proxied
X-Device-Type
X-Geo
X-Routing-Service
VIX-Pulpo-Upstream-Status
X-Zipkin-Id
X-TT-TIMESTAMP
X-EC-Lua
X-Via-Fastly
X-Ttl
X-Uri
Cf-Ipcountry
Ohc-File-Size
Proxy-Connection
HitType
X-Nc
Ohc-Cache-HIT
X-G
X-Rewrite-Enabled
X-Trv-Group
X-Transaction
X-Sigma-Backend
X-A
X-Vtex-Processado-Em
X-Request-UUID
X-Region-Sid
X-Destination
X-External-Request-Id
X-Twitter-Response-Tags
Xc-Version
W
VivaBuild
X-A-Ccd
X-Sigma
X-A-Dam
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-A-Dcw
Content-Style-Type
X-Rojux
X-Aed
X-ScT
X-Session-Fingerprint
X-S-Cookie
X-S
X-Rocket-Build-Number
X-SRCache-Key
Viewtype
Content-Script-Type
X-VG-TLSProxy
Apple-News-Services-Handled
Apple-News-Services-Host
X-D
Fastcgi-X-Cache-Version
X-Date
GEO-REGION-INFO
X-Connection-Hash
Apple-News-Services-Parsed-Url
AsisCache
X-Vtex-Remote-Cache
X-Geo-Header
X-GeoIP-Country-Code
X-VG-WebCache
Apple-News-Services-Request-Url
Access-Control-Request-Headers
X-CF-Lambda-Version
X-VG-WebServer
X-B-Cookie
T-Server
X-DPWN-IS-SECURE
X-Application
X-ARC
BehaviorPad-Version
Rendered-Blocks
X-CF-Lambda-Fn
Machine
X-Vdms-Version
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-C
User-Cache-Control
X-No-Session
X-Edge-Location
X-Varnish-Beresp-Grace
X-UPSTREAM-Address
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
IsBot
Fastly-SWR
X-Wikidot-Static-Cache
Ha-Gx-Prefs
HA-Ipaddr
Fastly-Soc-X-Request-Id
X-Logging-Id
Gh-Request-Id
Environment
X-SIPLIST1
X-CGP
X-Clientip
X-Contensis-Viewer-Groups
X-WebServer
X-Hit
Locid
Countrycode
X-Wikidot-Backend
Fastly-SIE
X-Rebelmouse-Surrogate-Control
X-Tumblr-Pixel-3
X-Developers
X-Agile-Id
X-App-Name
X-Agile-Age
X-TrackingId
X-CUA
X-Thanos
X-Agile
X-Eu-Site
X-Varnish-Authentication
Powered-By
X-Cache-ASPX
X-Cache-Debug
X-Distil-CS
X-Bip
X-Auto-Login
X-VC-Cache
Server-Cache-Control
X-Rebelmouse-Cache-Control
Server-Surrogate-Control
Fastly-SSL
X-Real-IP
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
CDCHOST
Geo-Info
X-GoCache-CacheStatus
X-Cache-Backend
X-Gen-Mode
X-FW-Version
X-Epic-Correlation-Id
X-Fastly-Cache
X-Fetched-On
X-Gamma-Serve
X-Generated-In
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Irp-Debug
X-Is-Gdpr
X-IN-APIGATEWAY
X-Hnp-Log
X-Generation-Time
X-GeoIP-City
X-Has-Esi
X-Hash
X-Distributor
X-Debug-Cache-Fetch
X-Cache-Bucket
X-Cache-Info
X-Cache-Tags
X-Block-Status
X-BBXSRF
X-AK-Request-ID
X-Azure-Ref
X-Backend-State
X-Cache-Time
X-Cache-URL
X-Debug-Cache-Store
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Expiry
X-Core-Mission
X-Cdn-Srv
X-Clara-WADP
X-Cms-Context
X-Dispatcher-Server
X-Li-Fabric
X-SVT-ORM-VERSION
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-SVT-ORM-RULES
X-Servername
X-Render-Time
X-Request-URI
X-Server-W
X-TT-LOGID
X-Up
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-VServer
X-Variation
X-Urbn-Context-Path
X-Urbn-Site-Id
X-User
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-LI-UUID
X-LI-Proto
X-Labrador-Cache-Channel
X-Air-Hostname
X-Li-Pop
X-NodeID
X-NU-AKA-ACS-Version
X-PHP-Host
X-Platform-Server
X-Proxy-Upstream
X-Owner
X-OVcl-Cache
X-Origin-Date
X-Origin-Expires
X-OVcl
X-JWT-State
X-NX-Host
AKAMAI
Adler-Geo
Server-ID
RNT-Time
True-Client-Country-4JS
V-Age
Web-Mar-Node
We-Hiring
Country-Code
RNT-Machine
Request-EU
Kp-EeAlive
Is-Eu
IBM-Web2-Location
Heartbleed
Locale
Mail-Subject
Request-Country
Platform
Memcached
Cache-Host
Server-Int
Cdncip
Cdnsip
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Generated-On
Fastly-Backend-Name
Group
X-Trafficlayer-App-Version
Thinkindot-CacheControl
X-Reboot
Server-Host
FNAC-ModuleRouting
Thinkindot-CacheControl-Type
X-Level-Front-Cache
X-Old-Content-Length
X-Var-Ttl
X-Req
X-Service
X-ServiceProvider
PFcat
X-Matched-Rule
X-Cache-Expired-At
Thinkindot-Control
X-Thinkindot-L3
Wxu-Next-Commit
ServerName
Wxu-Next-Region
Wxu-Next-Hostname
X-Core-Value
Filterid
X-Lb-Id
Pragrma
X-SERVER
X-S-Maxage
Cache-Hits
X-Internal-Host
S-Cnection
X-App-Version
X-Sucuri-Cache
X-Refresh
X-Response-By
X-VHOST
RequestId
X-Key
X-Nginx-Cache
X-Location
X-CF-Powered-By
Powered-By-ChinaCache
X-Ruxit-Js-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-TA-CDN-Provider
X-NC
X-Wa
X-Parent-Response-Time
X-Sucuri-ID
X-CSRF-TOKEN
ProcessTime
X-CSRF-Token
X-Varnish-Cacheable
Origin
X-Cdn-Forward
X-Ua
X-B3-Parentspanid
X-Pf-Uncompressing
User-Agent
X-Pjax-Url
X-Via-CDN
Memory
X-BACKEND-TTL
TTL
Geoip-City
X-Developer
Geoip-Latitude
X-NGINX-Cache
SRV
X-LAGOON
X-Ocache
X-Device-Os
X-Cdn-Origin
X-Cache-Grace
GeoIp-Country-Code
X-Vcl-Version
PICS-Label
X-Server-IP
X-Sn-Servicetimems
X-Correlation-ID
X-Oss-Request-Id
X-Oss-Object-Type
X-B3-SpanId
X-Oss-Server-Time
X-Node-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
On-Server
X-Cache-Status-Check
X-NWS-UUID-VERIFY
X-COUNTRY
X-Unique-ID
A
X-MSEdge-Flight
X-Request-Host
X-MSEdge-Features
X-Litespeed-Cache
Media-Length
Cloudfront-Viewer-Country
X-Cdn-Request-ID
X-Webkit-CSP
Hostname
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
SN
X-Servedbyhost
M-TraceId
X-TIME
XServer
Cdn
X-Via-Ucdn
X-HS-Status
Tcn
X-FORWARDED-FOR
X-Sucuri-Id
X-ServedByHost
HostName
Host-ID
Resin-Trace
X-Varnish-URL
X-Ratelimit-Remaining
X-Beluga-Node
X-Beluga-Record
Esi-Enabled
X-Reqid
X-Cache-Ttl
X-Beluga-Cache-Status
X-AIR-PT
Who
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Planisys-CDN-Cache
CF-Cached-On
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Slack-Backend
X-Policy
X-Fastly-Country-Code
Request-ID
CACHE
X-Request-Start
X-Azure-Ref-OriginShield
X-Action
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
Pramga
GeoIP-Country-Code
X-DB
X-Server-Time
X-Processor
Pics-Label
X-Dispatch
X-DI
Rt-Proxy-Cache
X-PAYTM-SRV-ID
X-RPM
X-Cache-FS-Status
X-DW
X-RSL
X-DSS
Arc-Country
X-VCL-Version
X-RPS
X-Oracle-Dms-Rid
MIME-Version
X-ABtesting
GeoIP-City
NtCoent-Length
X-ND-Cache
X-Varnish-Url
X-Hello
X-Bc
X-Zone
GeoIP-Latitude
X-Skip-Cache
Ttl
X-Flog
X-DC
X-Edge-Server
X-PJAX-URL
Cdn-Request-Time
X-Served-From
Cdn-Host
Fastly-Drupal-HTML
Magicmarker
X-Ratelimit-Limit
X-VarnishDD-TTL
X-PF-Uncompressing
X-APP
X-Newrelic-App-Data
X-FPC
X-Method
X-HostName
Amp-Access-Control-Allow-Source-Origin
WebServer
N-Cache
X-Bc-Bl
X-SRV
X-DevSite-Last-Modified
Cteonnt-Length
Section-Io-Origin-Status
Section-Io-Id
X-Ftr-Cache-Host
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Amzn-Remapped-Connection
X-Backend-Host
X-BE
Processtime
X-Amzn-Remapped-Date
X-Dynatrace
Servername
X-Dynatrace-Js-Agent
X-Swift-Error
Ohc-Response-Time
Cache-Provider
X-Be
X-WA
X-Svr
X-ID
X-WR-MODIFICATION
X-Frame-Option
Vix-Hermes-Req-Id
X-Aicache-OS
X-ZONE
CF-IPCountry
Cache-Cookie-Set-Lfrom
X-BC
X-Branch-Name
Lfy
Cache-Cookie-Set-From
Requestid
FSS-Proxy
Load-Balancing
X-Adobe-Source
X-Snapshot-Date
X-Fmm-Version
Dynatrace
CDN
Cache-Cookie-Set-Idcheck
FSS-Cache
X-LB-ID
X-StackifyID
X-CACHE-AGE
Trailer
Fusion-Deployment-Id
X-Tid
X-Apw-Access-Action
X-Apw-Access-Object
WZWS-RAY
X-Scheme
Pagetype
X-Apw-Access-Token
Proxy-Firewall
X-Apw-Hits
Warning
D-Cc-Upstream
X-Cc-Req-Id
X-VC
X-SB
X-Request-Url
V-Cache
X-Fastly-Cache-Hits
X-Cc-Via
DSUID
X-Litespeed-Cache-Control
X-Node-ID
X-MServer
X-Hp-Ccpa-Warning
X-VCT
X-Configured-By
Release
X-WPE-Loopback-Upstream-Addr
X-Fpc
Cneonction
Backend-Name
X-Powered-Y
X-Request-URL
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-ElasticPress-Search
WP-Super-Cache
Correlation-Id
X-App
X-Worker
X-Fastly-Cache-Status