Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-DataDome
X-Rack-Cache
X-Dns-Prefetch-Control
X-Clacks-Overhead
Edge-Control
Rating
X-Akam-SW-Version
X-Country
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Instart-Request-ID
X-FTR-Request-ID
X-Varnish-TTL
X-DynaTrace
X-TTL
Accept-Ch
X-TtlSet
X-PC
X-Vname
X-Goog-Hash
Content-MD5
Verso
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
RTSS
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Vcache
X-Kinja-Server
X-Use-Magma
X-GitHub-Request-Id
X-Version
X-B3-TraceId
X-Forwarded-Proto
X-Server-Name
X-MS-InvokeApp
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Px
X-Amz-Server-Side-Encryption
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
SPRequestGuid
X-Cached
Charset
X-Navigation-Version
X-NF-Request-ID
X-MSEdge-Ref
X-Vcap-Request-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
Display
X-Sol
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Server-ID
X-Accel-Expires
TCN
Nginx-Cache
X-SharePointHealthScore
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Version
X-Fastly-Request-ID
MS-Author-Via
X-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Public-Key-Pins
X-Trace
X-Fastcgi-Cache
X-Powered-CMS
X-Client-IP
X-Edge-O15-RID
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Content-Type
X-Amzn-Trace-Id
X-Shard
SPIisLatency
SPRequestDuration
X-Upstream
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Id
X-Ezoic-Cdn
X-Cache-TTL
Front-End-Https
X-Hits
Nel
Fastcgi-Cache
X-T
X-Amz-Meta-S3cmd-Attrs
X-DynaTrace-JS-Agent
S
X-Forwarded-For
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Dw-Request-Base-Id
X-Varnish-Age
X-Mobile-URL
X-FTR-Backend
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Realm
X-Country-Code-Real
MicrosoftSharePointTeamServices
ServerID
NR-ENABLED
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-DIS-Request-ID
X-HS-Combine-CSS
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-Correlation-Id
X-Frontend
X-Logged-In
Powered
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-CST
Alternate-Protocol
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
Fastly-Restarts
X-XRDS-Location
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
X-FTR-Cache-Host
Backend-Timing
X-Zen-Fury
X-Content-Options
Refresh
X-Request-Processing-Time
X-Request-Received
X-Akamai-Edgescape
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Page-Id
X-Varnish-Grace
X-F-Cache
X-Rid
X-B
X-Revision
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-LB-Cache
X-Content-Powered-By
X-Type
X-XRDS-LOCATION
X-B3-Sampled
X-Geo-Country
Cache-Status
X-Az
X-AppVersion
X-URL
X-Activity-Id
X-NWS-LOG-UUID
X-Kinsta-Cache
X-Cache-Action
X-TT
X-AOL-HN
X-N
X-Cached-By
X-App-Environment
X-Request-Guid
X-Debug-Info
X-Instance
X-Signature
X-B-Cache
X-WebKit-CSP-Report-Only
X-PHP-Backend
X-Git-Hash
X-Framework
Actual-Object-TTL
X-Jobs
Access-Control-Allow-Method
Paypal-Debug-Id
X-Load-Cache
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Age
X-Tumblr-User
X-FB-Debug
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Time
X-Webkit-Csp
DC
X-FastCGI-Cache
X-Pad
Host-Header
X-Varnish-Backend
Host
X-WA-Info
X-ATG-Version
X-RateLimit-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Shield-Request-Id
X-Via-JSL
X-IPLB-Instance
MS-CV
Surrogate-Key
X-Contextid
Accept-CH
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
X-Cache-Key
Retry-After
Liferay-Portal
Frame-Options
NGB
X-Response-Served-From
X-Accel-Buffering
X-Seen-By
X-Presslabs-Stats
X-Cache-NE
X-Hostname
Payment
X-Cache-2
Eomportal-Instance
X-Origin-Response-Time
X-Cacheable-TTL
X-SS-Set-Cookie
X-FW-Type
WPE-Backend
X-FW-Static
X-GeoIP
X-Varnish-Server
X-Region
X-FW-Serve
X-FW-Hash
X-Cache-Enabled
Tracecode
Filters
X-FW-Server
Source
X-Adobe-Content
X-Rendered-As
Server-Info
X-Is-Bot
X-Adobe-Loc
Cache-Tv-Group
X-IPS-LoggedIn
X-Varnish-Hostname
X-RequestSource
X-Cache-Rule
X-NewRelic-App-Data
X-Cluster
X-Cache-Operation
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RemovedCookies
X-Srv
X-ProcessESI
FilterID
X-App-Server
X-EdgeConnect-Cache-Status
Xserver
Accept-CH-Lifetime
X-TX-ID
X-Cache-TTL-Remaining
X-L-Path
X-Environment-Context
X-B3-Traceid
X-FireWall-Port
X-Handled-By
X-Analytics
X-Upgrade-Enabled
Ms-Operation-Id
X-Source
X-RTag
Cleartype
Accept-Charset
X-Ttl
X-UA
X-Cache-Server
From-Origin
X-Endurance-Cache-Level
Srv
X-HTML-Minification-Powered-By
X-Backend-Name
X-APP-VERSION
X-CACHE-KEY
X-Dc
X-UUID
Datacenter
X-Wix-Request-Id
X-Esi
X-Unique-Id
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
X-RN-RSRV
Meta-Geo
GEO-INFO
X-Akamai-Transformed
X-Status
OT-Force-Account-Verify
Healthy
X-Access
X-Section
X-Tb
X-Daa-Tunnel
X-Akamai-Request-ID
X-Request-Time
Akamai-GRN
X-EIG-Tracking-Id
X-Ua-Device
X-Webapp-Samesite-None-Activated-N
Cache-Tags
X-OCL
X-Format
X-PCL
Mn-Server-Ip
X-Content-Age
X-Web-Node
X-Akamai-Request-ID2
X-Redis-Cache
X-VWS-Id
X-Sorting-Hat-PodId
X-Shopify-Stage
X-NYM-Debug-Backend
X-Origin
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-ShardId
X-Shopify-Generated-Cart-Token
X-ShopId
X-Sorting-Hat-ShopId
X-Viewer-Country
Origin-Cache-Control
Origin-Edge-Control
Node
Ec-Rule-Version
Decoy-Debug-Status
Decoy-Debug-TTL
X-Alternate-Cache-Key
X-Cache-Config
X-LJ-Flow-ID
X-Proto
X-Human
X-FC-Vary-Parameters
X-Debug-Cache
Decoy-Debug-Key
X-AWS-Id
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-MP-GENERATED-AT
X-Proxy-Cache-Status
X-ProxyCache-Key
X-Site-Version
X-Qloud-Router
X-ProxyCache-Status
X-Locale
X-Hosted-By
X-BCube-Filmed-By
Version
X-BYPASS-REASON
X-CCM
X-Soup
X-FB-TRIP-ID
X-Hyper-Cache
X-Timing-Wait
X-FW-Dynamic
NGX
X-Generated-By
X-Proxy
X-Time-Microsecs
X-Pubstack
DB-Nickname
Azure-Version
X-Www-Served-By
Selected-Fe
Azure-InstanceId
Azure-RegionName
Azure-SlotName
Azure-SiteName
X-Storage
X-Proxy-Build
X-Varnish-Hits
X-Xfnlog-Site
Webcakes-App-Name
X-ServerID
TWC-Device-Class
Webcakes-App-Version
TWC-GeoIP-Country
X-Goog-Meta-Goog-Reserved-File-Mtime
TWC-Locale-Group
TWC-GeoIP-LatLong
X-IP
X-TNCMS
TWC-Privacy
X-Detected-As
X-Loop
X-R9-Blue-Green-Version
TWC-Connection-Speed
X-RCS-CacheZone
X-Origin-Hint
Now
X-Whom
S-Rt
Property-Id
Webcakes-Region
X-NCache
X-PressLabs-Stats
X-JoinUs
X-Amzn-Remapped-Content-Length
X-SaId
X-Hl-Ver
X-Cluster-Node
X-Vgn-Hpd-Reason
X-Generated
X-Backend-TTL
Cache-Key
Cross-Origin-Window-Policy
X-NGENIX-Cache
X-UA-Device-Type
X-RateLimit-Limit
X-Cache-Control
Section-Io-Cache
X-Cache-Host
X-Forwarded-Host
X-CDN-Forward
X-Drupal-Cache-Tags
X-Mode
Cache
Webserver
X-Info
X-Rule
Time
Content-Disposition
X-UnsetCookies
Cache-Name
Accept-Language
X-PERF
X-ApacheServer
L5d-Success-Class
X-Varnish-Cache-Hits
ServedBy
X-Origin-TTL
X-B3-Spanid
X-Origin-CC
X-Newrelic-Synthetics
Uber-Trace-Id
X-Cache-Remote
Viewport
Mime-Version
Rt-Fastcgi-Cache
Country
X-CS
X-Zipkin-Id
Odigeo-Trace-Id
X-Routing-Service
X-Proxied
X-VCache
X-Via-Fastly
X-Device-Type
X-CLOUD-TRACE-CONTEXT
X-Uri
X-Magnolia-Registration
Proxy-Connection
X-From
X-Geo
X-EC-Lua
X-Cluster-Name
X-Real-IP
Access-Control-Request-Headers
HitType
X-Drupal-Cache-Contexts
Filterid
Cf-Ipcountry
X-Microcachable
X-Litespeed-Cache
X-TT-TIMESTAMP
VIX-Pulpo-Upstream-Status
W
X-Geo-Header
Content-Style-Type
X-B-Cookie
X-DPWN-IS-SECURE
Fastcgi-X-Cache-Version
Content-Script-Type
Rendered-Blocks
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
AsisCache
BehaviorPad-Version
X-Destination
GEO-REGION-INFO
Machine
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Date
X-D
X-Connection-Hash
Group
X-ARC
X-A-Dcw
X-A-Dgt
T-Server
X-GeoIP-Country-Code
X-A-Dam
X-A-Ccd
VivaBuild
Viewtype
X-A
X-A-Wwc
X-Cache-Time
Apple-News-Services-Host
X-Accel-Expires-Debug
X-Aed
X-Application
Apple-News-Services-Handled
X-External-Request-Id
X-Labrador-Cache-Channel
X-PHP-Host
X-G
VIX-Pulpo-Node
X-Rojux
X-VG-WebCache
Xc-Version
X-VG-TLSProxy
X-Rewrite-Enabled
X-Session-Fingerprint
X-VG-WebServer
X-S
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-ScT
X-S-Cookie
X-Request-UUID
X-Vdms-Version
X-Trv-Group
X-Region-Sid
X-Transaction
X-Twitter-Response-Tags
X-SRCache-Key
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Ohc-File-Size
Geo-Info
User-Cache-Control
X-C
Fastly-SWR
Fastly-SIE
X-VC-Cache
X-Var-Ttl
X-Rebelmouse-Cache-Control
X-Wikidot-Static-Cache
X-Agile-Age
X-Agile-Id
X-App-Name
X-Agile
X-Developers
X-OVcl-Cache
X-OVcl
X-Cdn-Srv
Powered-By
X-Wikidot-Backend
Locid
IsBot
Cache-Hits
X-Cache-Expired-At
X-Backend-State
Fastly-Soc-X-Request-Id
X-CUA
CDCHOST
X-Rebelmouse-Surrogate-Control
X-Sigma-Backend
X-Sigma
X-Logging-Id
X-SIPLIST1
X-Rocket-Build-Number
X-GoCache-CacheStatus
X-Azure-Ref
X-Cache-Debug
Server-Cache-Control
Server-Surrogate-Control
X-Cache-ASPX
X-No-Session
X-Cache-Bucket
X-Bip
X-Ms-Version
Locale
X-NodeID
X-Block-Status
X-BBXSRF
X-Nginx-Cache-Key
X-Owner
X-Urbn-Site-Id
X-Urbn-Context-Path
X-RateLimit-Remaining-Second
X-Varnish-Authentication
AKAMAI
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-JWT-State
X-Is-Gdpr
X-RateLimit-Limit-Second
X-Platform-Server
X-Ms-Request-Id
X-Cms-Context
X-Contensis-Viewer-Groups
X-Has-Esi
X-Request-URI
X-NU-AKA-ACS-Version
X-Micro-Cache
X-Hnp-Log
X-Hit
X-Eu-Site
X-Epic-Correlation-Id
X-Instart-Isnd
X-Distil-CS
X-Distributor
X-GeoIP-City
X-Variation
X-Fastly-Cache
X-Fetched-On
X-Trace-Id
X-Thanos
X-Swa-Ws
X-Gen-Mode
X-Up
X-Li-Fabric
X-Dispatcher-Server
X-Webstats-RespID
X-WebServer
X-CGP
X-Servername
X-TrackingId
X-Cache-Info
X-Cache-URL
X-Clara-WADP
X-Clientip
X-LI-Proto
X-Li-Pop
X-VServer
X-WADP-Cache
X-We-Are-Hiring
X-LI-UUID
Web-Mar-Node
V-Age
Ha-Gx-Prefs
HA-Ipaddr
X-Nc
RNT-Machine
RNT-Time
Request-EU
Request-Country
Countrycode
Platform
Pragrma
Heartbleed
IBM-Web2-Location
Is-Eu
Cache-Host
Fastly-Backend-Name
Environment
We-Hiring
Memcached
True-Client-Country-4JS
Kp-EeAlive
Adler-Geo
Server-ID
Mail-Subject
Server-Int
S-Cnection
X-Edge-Location
Fastly-SSL
X-FW-Version
X-Gamma-Serve
Country-Code
X-Trafficlayer-App-Name
X-Generated-In
X-Generated-On
X-Hash
X-Reboot
X-Trafficlayer-App-Scope
Cdncip
Ohc-Cache-HIT
X-NX-Host
X-Origin-Date
X-Trafficlayer-App-Version
X-Origin-Expires
ServerName
Cdnsip
X-Level-Front-Cache
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Auto-Login
X-Matched-Rule
Gh-Request-Id
X-AK-Request-ID
X-IN-APIGATEWAY
FNAC-ModuleRouting
X-ServiceProvider
X-Air-Hostname
X-NC
X-Req
X-TH-Server
Wxu-Next-Commit
X-Service
Server-Host
Wxu-Next-Region
Wxu-Next-Hostname
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Cache-Tags
X-Generation-Time
X-Core-Mission
X-Core-Value
X-Thinkindot-L3
X-Server-W
X-TT-LOGID
X-Debug-Cookies
X-Proxy-Upstream
X-Tumblr-Pixel-3
X-Debug-Log
X-COUNTRY
X-VHOST
X-App-Version
X-Oss-Hash-Crc64ecma
X-SERVER
X-Old-Content-Length
X-Varnish-Cacheable
X-Oss-Server-Time
X-Debug-Cache-Fetch
X-Oss-Request-Id
X-Debug-Cache-Expiry
X-Response-By
X-Oss-Storage-Class
X-Debug-Cache-Store
PFcat
X-Nginx-Cache
X-Oss-Object-Type
X-Sucuri-ID
X-UPSTREAM-Address
X-Lb-Id
X-S-Maxage
X-Refresh
X-Wa
User-Agent
X-Node-Id
X-Render-Time
RequestId
X-Developer
Powered-By-ChinaCache
X-CSRF-TOKEN
X-Cache-Status-Check
X-NWS-UUID-VERIFY
X-Cache-Backend
X-Parent-Response-Time
X-Cdn-Origin
X-Sn-Servicetimems
X-Device-Os
X-Cache-Grace
X-Tec-Api-Version
X-CF-Powered-By
X-User
X-LAGOON
X-Tec-Api-Origin
X-Tec-Api-Root
Hostname
Origin
X-Key
X-Ocache
X-Internal-Host
A
X-Sucuri-Cache
X-Pjax-Url
X-Pf-Uncompressing
X-Tb-Optimization-Total-Bytes-Saved
On-Server
X-CSRF-Token
X-MSEdge-Features
X-TA-CDN-Provider
X-Via-CDN
Geoip-Latitude
Geoip-City
Cloudfront-Viewer-Country
X-MSEdge-Flight
Memory
X-Location
SRV
X-Ua
X-Request-Host
GeoIp-Country-Code
PICS-Label
ProcessTime
X-NGINX-Cache
X-B3-Parentspanid
X-TIME
X-FORWARDED-FOR
X-Varnish-URL
XServer
X-BACKEND-TTL
Resin-Trace
TTL
X-Cdn-Forward
X-Servedbyhost
X-Webkit-CSP
X-Vcl-Version
X-Varnish-Ttl
X-Server-IP
X-Oneagent-Js-Injection
Tcn
X-HS-Status
SN
X-Rocket-Nginx-Bypass
M-TraceId
Dnion-Transfer-Encoding
X-Dynatrace-Js-Agent
X-Cdn-Request-ID
X-Cache-FS-Status
Media-Length
Pramga
X-Processor
Cdn
X-PAYTM-SRV-ID
X-Unique-ID
Host-ID
X-Dispatch
X-B3-SpanId
X-Slack-Backend
X-Server-Time
Arc-Country
X-Ratelimit-Remaining
CACHE
X-Cache-Ttl
X-Fastly-Country-Code
X-ND-Cache
X-Beluga-Response-Time
X-ServedByHost
X-VCL-Version
X-Beluga-Node
X-Action
X-Beluga-Trace
X-Skip-Cache
X-Beluga-Record
X-Beluga-Cache-Status
X-Beluga-Status
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
HostName
Section-Io-Origin-Time-Seconds
X-DC
X-DB
X-RPS
X-Edge-Server
Cdn-Host
Who
X-RSL
Fastly-Drupal-HTML
X-DSS
Ttl
X-DI
Cdn-Request-Time
X-Served-From
X-DW
X-Ruxit-Js-Agent
X-RPM
Fusion-Deployment-Id
X-Via-Ucdn
N-Cache
X-DevSite-Last-Modified
X-Correlation-ID
MIME-Version
X-Hello
X-Bc-Bl
GeoIP-Country-Code
X-ABtesting
X-Flog
Pics-Label
X-Reqid
X-Adobe-Source
NtCoent-Length
CF-Cached-On
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
GeoIP-City
X-VarnishDD-TTL
X-AIR-PT
X-Varnish-Url
GeoIP-Latitude
Esi-Enabled
X-Backend-Host
X-SRV
X-Zone
X-APP
X-Bc
X-Sucuri-Id
Cache-Cookie-Set-From
X-Policy
X-Planisys-CDN-Cache
X-FPC
Cache-Cookie-Set-Idcheck
X-Ratelimit-Limit
X-PJAX-URL
Cache-Cookie-Set-Lfrom
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-PF-Uncompressing
Trailer
X-HostName
Cteonnt-Length
X-Scheme
X-Request-Start
X-Fmm-Version
X-Azure-Ref-OriginShield
X-Fastly-Backend-Reqs
WebServer
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Connection
X-Dynatrace
Processtime
X-Amzn-Remapped-Date
X-Fpc
X-BE
Rt-Proxy-Cache
X-Swift-Error
Servername
X-Newrelic-App-Data
X-Esi-Check
X-WA
FSS-Cache
FSS-Proxy
X-Cache-Id
Lb
X-BC
X-ID
Cache-Provider
Magicmarker
X-ZONE
X-WR-MODIFICATION
X-Frame-Option
CF-IPCountry
X-Gzip
Dynatrace
Requestid
CDN
X-LB-ID
X-Snapshot-Date
Load-Balancing
Sid
X-Method
SD-X-WS
X-StackifyID
X-Cache-NGX
X-SN
X-SD-PageType
X-Branch-Name
X-CACHE-AGE
X-Wix-Viewer-Type
X-Instart-Info
X-Cc-Via
L
Release
X-Compress-Hint
X-Configured-By
X-ECACHE
WZWS-RAY
X-SB
X-Fastly-Cache-Hits
X-Tid
X-VC
Warning
X-Cc-Req-Id
D-Cc-Upstream
X-Request-Url
V-Cache
X-Aicache-OS
X-Litespeed-Cache-Control
X-Node-ID
Ohc-Response-Time
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-Nananana
Request-Time
SID
Proxy-Firewall
X-WPE-Loopback-Upstream-Addr
X-VCT
Cneonction
X-Fastly-Cache-Status
X-Apw-Hits
X-Apw-Access-Token
X-App
X-Apw-Access-Object
WP-Super-Cache
X-ElasticPress-Search
X-Request-URL
X-Powered-Y
X-GEO
X-Worker
X-Apw-Access-Action