Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-Download-Options
X-AspNet-Version
CF-Ray
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-WebKit-CSP
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
P3p
Rating
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-DynaTrace
Accept-Ch
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
Content-MD5
X-ESI
Verso
Service-Worker-Allowed
X-Url
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Vcache
X-B3-TraceId
X-Use-Magma
X-GoogleNews-Bot
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Kinja-Build
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Debug
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-TEC-API-ORIGIN
X-Navigation-Version
X-TEC-API-VERSION
X-TEC-API-ROOT
X-MSEdge-Ref
X-Amz-Rid
Pagespeed
Display
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-Server-ID
X-SharePointHealthScore
X-VARITI-CCR
Pinterest-Version
X-Pinterest-Rid
X-Fastly-Request-ID
MS-Author-Via
Nginx-Cache
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-Trace
X-Edge-O15-RID
X-Cdn
Realpath
Cache-Tag
X-Client-IP
X-Ser
Access-Control-Request-Method
X-Content-Type
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Upstream
X-Grace
X-Shard
X-Hp-Webp
X-Jurisdiction
X-Id
X-Forwarded-For
Front-End-Https
X-Ezoic-Cdn
X-Cache-TTL
S
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-T
X-DynaTrace-JS-Agent
Fastcgi-Cache
Nel
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Dw-Request-Base-Id
X-Content-Digest
X-Varnish-Age
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Expires
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-Balancer
X-Mobile-URL
X-Country-Code-Real
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
Server-Node
NR-ENABLED
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Frontend
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Powered
X-Logged-In
X-CST
Alternate-Protocol
X-Correlation-Id
Server-Name
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-Restarts
X-Cache-Hit
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-Zen-Fury
X-Content-Options
X-Request-Received
X-User-Agent
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-F-Cache
Refresh
X-Origin-Server
X-ATS-Timestamp
Backend-Timing
X-Akamai-Edgescape
X-Varnish-Grace
X-Rid
X-XRDS-LOCATION
X-B
X-Revision
X-LB-Cache
PB-PID
Arc-Version
X-Content-Powered-By
X-Mobile-Rewrite
PB-RID
X-Type
X-Webkit-Csp
X-B3-Sampled
Cache-Status
X-AppVersion
X-Activity-Id
X-Geo-Country
X-Az
X-Kinsta-Cache
X-NWS-LOG-UUID
X-N
X-TT
X-Cache-Action
X-AOL-HN
X-Jobs
X-Request-Guid
X-Signature
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Framework
X-B-Cache
X-Debug-Info
X-Cache-Age
Actual-Object-TTL
X-Time
X-PHP-Backend
X-Instance
X-FB-Debug
Paypal-Debug-Id
X-Git-Hash
X-App-Environment
X-Cached-By
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Load-Cache
X-Tt-Trace-Host
Fastcgi-Useragent
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-URL
DC
X-Pad
X-Varnish-Backend
X-Shield-Request-Id
Host
X-WA-Info
Host-Header
X-ATG-Version
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-RateLimit-Remaining
X-Via-JSL
MS-CV
Surrogate-Key
X-Contextid
X-IPLB-Instance
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
Retry-After
Frame-Options
Accept-CH
X-Accel-Buffering
X-Response-Served-From
NGB
X-FastCGI-Cache
Liferay-Portal
X-Cache-Key
Payment
Source
X-Cache-NE
X-Seen-By
X-NewRelic-App-Data
X-Hostname
X-Srv
X-Cache-2
X-Varnish-Server
Eomportal-Instance
Xserver
X-SS-Set-Cookie
X-Rendered-As
X-Region
Tracecode
WPE-Backend
X-Origin-Response-Time
X-Cacheable-TTL
X-Is-Bot
X-IPS-LoggedIn
X-GeoIP
Filters
X-FW-Type
X-Adobe-Content
X-Adobe-Loc
X-FW-Static
X-Cluster
Cache-Tv-Group
X-FW-Hash
X-FW-Serve
X-Cache-Enabled
X-Varnish-Hostname
X-FW-Server
Server-Info
X-Cache-Rule
X-RequestSource
X-Presslabs-Stats
X-Tumblr-Pixel-2
X-Cache-Operation
X-Tumblr-Pixel-1
X-App-Server
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
FilterID
X-TX-ID
X-Cache-TTL-Remaining
Accept-CH-Lifetime
Cleartype
X-L-Path
X-Environment-Context
X-FireWall-Port
X-Analytics
X-Handled-By
X-Upgrade-Enabled
X-B3-Traceid
Ms-Operation-Id
X-RTag
X-Source
X-Endurance-Cache-Level
X-Cache-Server
X-CACHE-KEY
Accept-Charset
Srv
From-Origin
X-Backend-Name
X-HTML-Minification-Powered-By
X-Ttl
X-UA
Datacenter
X-Webapp-Samesite-None-Activated-N
X-Dc
X-UUID
X-Wix-Request-Id
Healthy
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-APP-VERSION
X-ES-SERVER
Meta-Geo
X-Daa-Tunnel
X-Timing-Wait
OT-Force-Account-Verify
X-Tb
X-Status
X-Section
X-Proxy-Build
Selected-Fe
X-Access
X-Format
X-PCL
X-OCL
Cache-Tags
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-Request-Time
X-Akamai-Transformed
X-Cache-Config
X-Proto
X-Sorting-Hat-ShopId
X-ShopId
X-Shopify-Generated-Cart-Token
X-PressLabs-Stats
X-ShardId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Shopify-Stage
X-ProxyCache-Status
X-Say-Cacheable
X-Qloud-Router
X-VWS-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-JoinUs
X-Debug-Cache
X-Hl-Ver
GEO-INFO
X-Human
X-ProxyCache-Key
X-SaId
X-LJ-Flow-ID
Ec-Rule-Version
X-Proxy-Cache-Status
X-Say-TTL
X-BYPASS-REASON
X-Vgn-Hpd-Reason
Origin-Cache-Control
X-Web-Node
Origin-Edge-Control
X-AWS-Id
Node
X-Unique-Id
X-Origin
X-Akamai-Request-ID
Mn-Server-Ip
X-SayCDN-TTL
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Soup
Version
X-FB-TRIP-ID
X-Detected-As
Cross-Origin-Window-Policy
X-BCube-Filmed-By
Now
NGX
X-Proxy
X-CCM
X-Loop
Decoy-Debug-Key
X-Whom
Decoy-Debug-Status
Decoy-Debug-TTL
X-Hyper-Cache
X-FW-Dynamic
Akamai-GRN
X-Www-Served-By
X-Pubstack
X-ServerID
X-Site-Version
X-Storage
X-TNCMS
X-Time-Microsecs
X-Redis-Cache
X-Hosted-By
X-MP-GENERATED-AT
X-Generated-By
X-Generated
X-Locale
X-Viewer-Country
DB-Nickname
Azure-Version
Webcakes-Region
Webcakes-App-Version
Azure-SlotName
X-RCS-CacheZone
Azure-SiteName
Azure-InstanceId
X-IP
X-Origin-Hint
Azure-RegionName
X-R9-Blue-Green-Version
Webcakes-App-Name
X-Xfnlog-Site
X-Varnish-Hits
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
X-Ua-Device
TWC-Device-Class
Property-Id
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-NCache
X-Amzn-Remapped-Content-Length
X-Cluster-Node
X-UA-Device-Type
Cache-Key
X-Cache-Control
X-Cache-Host
X-RateLimit-Limit
X-Drupal-Cache-Tags
X-NGENIX-Cache
Section-Io-Cache
X-Mode
X-Rule
X-Forwarded-Host
Webserver
Cache
X-Esi
L5d-Success-Class
X-Backend-TTL
Content-Disposition
Time
Mime-Version
X-UnsetCookies
Cache-Name
X-ApacheServer
X-CDN-Forward
X-CS
X-PERF
X-Newrelic-Synthetics
Accept-Language
X-Varnish-Cache-Hits
Viewport
X-Info
Rt-Fastcgi-Cache
X-Origin-CC
ServedBy
X-Origin-TTL
Country
Uber-Trace-Id
X-B3-Spanid
X-Routing-Service
Odigeo-Trace-Id
X-Zipkin-Id
X-Proxied
X-Cache-Remote
X-Device-Type
Filterid
X-Via-Fastly
X-VCache
X-Magnolia-Registration
X-Uri
X-From
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-EC-Lua
X-Cluster-Name
X-Real-IP
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
Cf-Ipcountry
HitType
X-Geo
X-Microcachable
Geo-Info
X-Nc
X-PHP-Host
Viewtype
BehaviorPad-Version
Content-Style-Type
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
AsisCache
Apple-News-Services-Request-Url
X-Labrador-Cache-Channel
X-Varnish-Beresp-Grace
VivaBuild
VIX-Pulpo-Node
Apple-News-Services-Handled
Group
MD5-Digest
X-Request-UUID
X-Rewrite-Enabled
Meta-Geo-Continent
T-Server
Rendered-Blocks
Mobile-Detection-Method
X-Region-Sid
Machine
GEO-REGION-INFO
X-S-Cookie
X-ScT
X-Cache-Time
X-S
X-Rojux
Fastcgi-X-Cache-Version
X-Rocket-Build-Number
X-GeoIP-Country-Code
X-Geo-Header
X-A-Ccd
X-VG-WebCache
VIX-Pulpo-Upstream-Status
X-B-Cookie
X-Vtex-Processado-Em
X-VG-TLSProxy
X-Vdms-Version
X-G
X-Application
X-ARC
X-Vtex-Remote-Cache
Xc-Version
X-Date
X-DPWN-IS-SECURE
X-Destination
Ohc-File-Size
X-D
X-Connection-Hash
X-External-Request-Id
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Twitter-Response-Tags
X-VG-WebServer
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
X-A-Dam
X-A
Content-Script-Type
X-SRCache-Key
X-A-Dgt
X-Session-Fingerprint
X-Trv-Group
X-Sigma-Backend
X-Sigma
X-TT-TIMESTAMP
X-Transaction
Cache-Hits
User-Cache-Control
X-Developers
Fastly-SIE
X-CGP
Fastly-SWR
X-Clientip
X-Logging-Id
X-Eu-Site
X-CUA
Countrycode
Environment
X-SIPLIST1
W
X-Bip
X-Hit
X-TrackingId
X-Rebelmouse-Surrogate-Control
X-VC-Cache
X-Var-Ttl
X-Agile
X-Agile-Id
X-App-Name
X-Thanos
X-Rebelmouse-Cache-Control
IsBot
HA-Ipaddr
Ha-Gx-Prefs
X-Cache-Debug
X-Agile-Age
Powered-By
X-WebServer
X-Backend-State
X-Cache-Expired-At
X-GoCache-CacheStatus
X-C
Fastly-SSL
Web-Mar-Node
We-Hiring
X-SVT-ORM-RULES
X-Generated-In
X-Gen-Mode
X-Trace-Id
X-TH-Server
X-Swa-Ws
X-SVT-ORM-VERSION
X-Servername
CDCHOST
X-Has-Esi
Server-Cache-Control
X-Hash
RNT-Time
Server-ID
Server-Int
X-Up
X-GeoIP-City
X-Request-URI
Server-Surrogate-Control
V-Age
X-Urbn-Context-Path
X-Cdn-Srv
X-Epic-Correlation-Id
X-Core-Mission
X-Contensis-Viewer-Groups
X-OVcl
X-Distributor
X-Dispatcher-Server
X-OVcl-Cache
X-Debug-Log
X-Debug-Cookies
X-Cms-Context
X-Cache-Tags
X-Varnish-Authentication
X-Variation
X-Urbn-Site-Id
RNT-Machine
X-Auto-Login
X-Azure-Ref
X-Cache-ASPX
X-Block-Status
X-VServer
X-Fetched-On
X-Air-Hostname
True-Client-Country-4JS
X-Li-Pop
X-Li-Fabric
X-LI-Proto
X-Origin-Date
X-LI-UUID
Gh-Request-Id
X-Origin-Expires
X-Platform-Server
Kp-EeAlive
Is-Eu
IBM-Web2-Location
X-Owner
Fastly-Soc-X-Request-Id
X-NX-Host
Cache-Host
AKAMAI
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
Country-Code
Adler-Geo
Fastly-Backend-Name
X-NU-AKA-ACS-Version
X-NodeID
X-No-Session
Locale
Heartbleed
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Instart-Isnd
X-Is-Gdpr
X-JWT-State
Platform
X-RateLimit-Remaining-Second
Request-EU
Request-Country
X-Hnp-Log
Pragrma
X-RateLimit-Limit-Second
X-Distil-CS
X-Proxy-Upstream
Locid
Mail-Subject
S-Cnection
X-Edge-Location
Ohc-Cache-HIT
X-Webstats-RespID
X-Matched-Rule
X-Trafficlayer-App-Version
X-We-Are-Hiring
X-TT-LOGID
X-Wikidot-Backend
X-Generated-On
X-Reboot
X-Level-Front-Cache
X-Thinkindot-L3
X-Tumblr-Pixel-3
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Wikidot-Static-Cache
X-Irp-Debug
Memcached
X-BBXSRF
X-Cache-Bucket
X-Generation-Time
X-Req
X-ServiceProvider
X-Service
X-Gamma-Serve
X-Server-W
X-FW-Version
X-Micro-Cache
X-Fastly-Cache
X-Clara-WADP
X-Cache-Info
X-Cache-URL
X-WADP-Cache
X-Debug-Cache-Fetch
X-App-Version
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
PFcat
ServerName
FNAC-ModuleRouting
Cdnsip
Cdncip
X-Nginx-Cache
Thinkindot-Control
X-AK-Request-ID
X-Debug-Cache-Store
X-Core-Value
Wxu-Next-Region
Wxu-Next-Commit
X-Debug-Cache-Expiry
Wxu-Next-Hostname
X-Old-Content-Length
X-Response-By
X-S-Maxage
X-Lb-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-VHOST
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-UPSTREAM-Address
X-Oss-Request-Id
X-Varnish-Cacheable
X-SERVER
X-Refresh
X-Node-Id
RequestId
X-Sucuri-ID
X-Render-Time
X-NWS-UUID-VERIFY
X-Wa
X-NC
User-Agent
Powered-By-ChinaCache
X-Cache-Backend
X-User
X-CSRF-TOKEN
X-Cache-Status-Check
X-Developer
Hostname
X-Pjax-Url
X-CF-Powered-By
X-Tec-Api-Origin
X-Internal-Host
X-Sn-Servicetimems
X-Tec-Api-Version
X-Tec-Api-Root
X-Cdn-Origin
X-Cache-Grace
X-Key
X-Device-Os
X-LAGOON
X-Parent-Response-Time
X-Ocache
X-Ua
X-CSRF-Token
Origin
X-Sucuri-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Pf-Uncompressing
X-Location
A
On-Server
X-MSEdge-Flight
Geoip-City
Memory
X-Request-Host
Cloudfront-Viewer-Country
Geoip-Latitude
X-MSEdge-Features
X-BACKEND-TTL
X-TA-CDN-Provider
X-Via-CDN
X-Cdn-Forward
SRV
GeoIp-Country-Code
PICS-Label
ProcessTime
X-B3-Parentspanid
X-NGINX-Cache
TTL
X-COUNTRY
X-Vcl-Version
X-Varnish-URL
M-TraceId
X-Servedbyhost
X-Webkit-CSP
Resin-Trace
X-Server-IP
X-Litespeed-Cache
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
X-Unique-ID
X-Ratelimit-Remaining
X-Varnish-Ttl
X-HS-Status
X-TIME
XServer
X-B3-SpanId
X-Dynatrace-Js-Agent
Media-Length
CACHE
Cdn
Tcn
SN
X-Cdn-Request-ID
X-Slack-Backend
X-Correlation-ID
X-FORWARDED-FOR
Pramga
X-Server-Time
X-PAYTM-SRV-ID
X-Processor
X-Dispatch
Host-ID
X-Cache-FS-Status
X-ServedByHost
Arc-Country
Who
X-Skip-Cache
X-Fastly-Country-Code
X-ND-Cache
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Trace
X-Cache-Ttl
X-Action
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Record
Section-Io-Id
HostName
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-DC
Cdn-Host
Cdn-Request-Time
X-RSL
X-Edge-Server
X-DW
X-DSS
X-DB
X-DI
X-Via-Ucdn
X-RPM
X-VCL-Version
Fastly-Drupal-HTML
X-RPS
X-Served-From
Fusion-Deployment-Id
Ttl
X-DevSite-Last-Modified
GeoIP-Country-Code
N-Cache
X-Reqid
Pics-Label
X-Flog
X-AIR-PT
Amp-Access-Control-Allow-Source-Origin
X-ABtesting
GeoIP-City
Esi-Enabled
X-Hello
X-Bc-Bl
GeoIP-Latitude
X-Adobe-Source
X-Ratelimit-Limit
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
X-Sucuri-Id
MIME-Version
NtCoent-Length
X-Planisys-CDN-Rules
X-Policy
X-VarnishDD-TTL
X-Planisys-CDN-TTL
X-PF-Uncompressing
X-Backend-Host
X-Planisys-CDN-Cache
X-Varnish-Url
CF-Cached-On
X-APP
Cache-Cookie-Set-Lfrom
X-Azure-Ref-OriginShield
X-Request-Start
X-FPC
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Ruxit-Js-Agent
Trailer
X-HostName
X-Scheme
Rt-Proxy-Cache
X-Fmm-Version
WebServer
X-SRV
X-Fastly-Backend-Reqs
Cteonnt-Length
X-Bc
X-Zone
X-PJAX-URL
X-Amzn-Remapped-Date
X-Fpc
X-BC
X-Amzn-Remapped-Connection
X-ZONE
X-WA
X-Dynatrace
X-BE
Processtime
Servername
X-Newrelic-App-Data
X-Swift-Error
X-ID
X-Cache-Id
X-Method
X-Esi-Check
X-SN
FSS-Cache
Magicmarker
Cache-Provider
FSS-Proxy
X-WR-MODIFICATION
X-Frame-Option
X-LB-ID
X-SD-PageType
X-StackifyID
Requestid
X-Snapshot-Date
X-Branch-Name
CF-IPCountry
Dynatrace
CDN
X-Cache-NGX
X-Gzip
SD-X-WS
Lb
Sid
Release
Load-Balancing
X-CACHE-AGE
WZWS-RAY
L
X-Wix-Viewer-Type
X-Configured-By
X-Compress-Hint
X-Instart-Info
X-VCT
Ohc-Response-Time
X-Fastly-Cache-Hits
X-VC
V-Cache
X-Tid
X-Request-Url
X-Aicache-OS
Warning
X-SB
X-Cc-Via
D-Cc-Upstream
X-Cc-Req-Id
X-Litespeed-Cache-Control
X-ECACHE
SID
X-Worker
Request-Time
X-ECache
Inserted-Into-Cache-At
X-Svr
X-Nananana
LB
X-Apw-Access-Action
X-Be
WP-Super-Cache
Cneonction
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-WPE-Loopback-Upstream-Addr
X-Fastly-Cache-Status
X-App
X-Request-URL
X-Apw-Hits
X-Apw-Access-Token
X-GEO
X-ElasticPress-Search
X-Powered-Y
X-Apw-Access-Object