Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
X-XSS-Protection
CF-Cache-Status
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Xss-Protection
X-DNS-Prefetch-Control
X-Template
X-Language
CF-Ray
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ua-Compatible
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
P3p
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Backend-Server
X-Cloud-Trace-Context
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
NEL
X-Rack-Cache
X-Country
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
Rating
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Exp-Id
X-Cdn-Fetch
X-Vcache
X-Use-Magma
X-Version
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Server-ID
X-Px
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Middleton-Response
Response
X-Sol
X-Middleton-Display
Pagespeed
Display
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
X-Accel-Expires
X-Amz-Rid
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-VARITI-CCR
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Public-Key-Pins
X-Fastly-Request-ID
X-Trace
Cache-Tag
X-Edge-O15-RID
Realpath
X-Client-IP
MS-Author-Via
Nginx-Cache
X-Cdn
X-Ser
Access-Control-Request-Method
Nel
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Content-Type
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-DynaTrace-JS-Agent
X-Shard
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Id
X-Hp-Webp
X-Jurisdiction
X-Grace
X-Ezoic-Cdn
X-Upstream
S
X-Forwarded-For
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-T
X-Hits
Fastcgi-Cache
X-Cache-TTL
DynaTrace
X-Recruiting
X-Aspnet-Version
X-Varnish-Age
X-Node-Name
X-Element-Page-Cache
X-Content-Digest
X-Mobile-URL
ServerID
X-FTR-Backend
MicrosoftSharePointTeamServices
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Expires
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-Dw-Request-Base-Id
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-HS-Combine-CSS
X-Frontend
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
TP-Cache
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
TP-L2-Cache
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-Restarts
X-Correlation-Id
X-Cache-Hit
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Content-Options
X-User-Agent
Refresh
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Page-Id
X-Zen-Fury
X-Origin-Server
X-Akamai-Edgescape
X-Rid
X-Varnish-Grace
X-XRDS-LOCATION
X-Revision
X-Type
X-LB-Cache
X-B
X-Content-Powered-By
PB-PID
PB-RID
Arc-Version
X-B3-Sampled
X-Mobile-Rewrite
X-Geo-Country
X-Activity-Id
Cache-Status
X-AppVersion
X-Az
X-URL
X-N
X-Kinsta-Cache
X-Cache-Action
X-TT
X-Cache-Age
X-AOL-HN
Access-Control-Allow-Method
X-Framework
X-Signature
X-Debug-Info
X-B-Cache
X-WebKit-CSP-Report-Only
X-Jobs
X-Time
X-FB-Debug
X-Instance
X-Tumblr-Pixel-0
Actual-Object-TTL
X-Tumblr-Pixel
X-Tumblr-User
Paypal-Debug-Id
X-Request-Guid
X-PHP-Backend
X-App-Environment
X-Load-Cache
X-Cached-By
X-Git-Hash
X-Shield-Request-Id
X-Pad
Fastcgi-Useragent
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-RateLimit-Remaining
X-NWS-LOG-UUID
X-Varnish-Backend
X-Webkit-Csp
Host-Header
Surrogate-Key
X-IPLB-Instance
X-WA-Info
X-ATG-Version
Host
X-Contextid
MS-CV
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev
X-ORACLE-APMCS-REQUEST-ID
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
X-Mobile
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Accel-Buffering
NGB
X-Response-Served-From
X-Host-Name
Frame-Options
X-FastCGI-Cache
X-SS-Set-Cookie
Payment
Tracecode
X-Cache-NE
X-Cluster
X-Varnish-Server
X-Cache-2
X-Origin-Response-Time
Xserver
X-Region
Source
Eomportal-Instance
X-Hostname
Retry-After
Filters
WPE-Backend
X-GeoIP
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Static
Cache-Tv-Group
X-Cacheable-TTL
X-Presslabs-Stats
X-Adobe-Content
X-Varnish-Hostname
X-IPS-LoggedIn
X-Adobe-Loc
X-Tumblr-Pixel-1
X-Rendered-As
X-Analytics
X-Seen-By
X-NewRelic-App-Data
X-Is-Bot
X-Cache-Operation
X-Cache-Rule
X-Cache-Enabled
X-RequestSource
X-Tumblr-Pixel-2
FilterID
X-Srv
X-Webapp-Samesite-None-Activated-N
X-Cache-Key
Server-Info
Liferay-Portal
X-EdgeConnect-Cache-Status
X-TX-ID
X-ProcessESI
X-RemovedCookies
X-Cache-TTL-Remaining
X-App-Server
X-CACHE-KEY
Cleartype
Accept-CH
X-Environment-Context
X-Dc
X-L-Path
X-B3-Traceid
X-FireWall-Port
X-Endurance-Cache-Level
X-Source
X-RTag
Ms-Operation-Id
X-Upgrade-Enabled
X-Handled-By
From-Origin
X-Cache-Server
X-HTML-Minification-Powered-By
Datacenter
X-UA
X-Backend-Name
X-CLOUD-TRACE-CONTEXT
Accept-Charset
Accept-CH-Lifetime
X-APP-VERSION
X-UUID
Srv
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-Cache-Var-Map
X-Cache-Var
X-Path-Route
X-Section
X-Proxy-Build
X-Wix-Request-Id
X-Tb
X-Format
X-Timing-Wait
X-Access
Selected-Fe
OT-Force-Account-Verify
X-Proto
X-EIG-Tracking-Id
X-Akamai-Request-ID
X-Content-Age
Cache-Tags
X-Request-Time
X-Alternate-Cache-Key
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
Mn-Server-Ip
X-PressLabs-Stats
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-SaId
X-BYPASS-REASON
X-Qloud-Router
X-PCL
X-Origin
X-JoinUs
X-FC-Vary-Parameters
X-Hl-Ver
X-LJ-Flow-ID
X-NYM-Debug-Backend
X-Akamai-Transformed
GEO-INFO
X-OCL
X-AWS-Id
Akamai-GRN
Ec-Rule-Version
Node
NGX
X-VWS-Id
Version
X-Vgn-Hpd-Reason
X-Akamai-Request-ID2
X-Status
X-ServerID
X-Soup
X-FW-Dynamic
Origin-Edge-Control
Origin-Cache-Control
X-Debug-Cache
X-FB-TRIP-ID
Now
Healthy
DB-Nickname
X-Cache-Control
X-BCube-Filmed-By
Decoy-Debug-Key
Decoy-Debug-Status
Cross-Origin-Window-Policy
X-CCM
Decoy-Debug-TTL
X-Cluster-Node
X-Hyper-Cache
X-Storage
X-SayCDN-TTL
X-Hosted-By
X-Time-Microsecs
X-TNCMS
X-Www-Served-By
X-Web-Node
X-Viewer-Country
X-Say-Cacheable
X-Say-TTL
X-MP-GENERATED-AT
X-Loop
X-Human
X-Proxy
X-Pubstack
TWC-GeoIP-Country
TWC-Device-Class
X-Generated
Webcakes-App-Name
TWC-GeoIP-LatLong
X-Generated-By
X-Xfnlog-Site
X-RateLimit-Limit
Property-Id
Webcakes-App-Version
X-Locale
TWC-Connection-Speed
TWC-Privacy
TWC-Locale-Group
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-RCS-CacheZone
Azure-Version
X-Redis-Cache
X-R9-Blue-Green-Version
X-Varnish-Hits
X-Site-Version
X-Origin-Hint
X-Amzn-Remapped-Content-Length
Webcakes-Region
S-Rt
Cache
X-NCache
X-Detected-As
X-IP
X-Cache-Host
Cache-Key
X-Whom
X-Rule
X-Unique-Id
X-VCache
X-Drupal-Cache-Tags
L5d-Success-Class
X-UA-Device-Type
X-Daa-Tunnel
X-NGENIX-Cache
Webserver
Cache-Name
X-Forwarded-Host
X-Esi
X-Mode
Time
X-CS
Viewport
Mime-Version
X-UnsetCookies
Uber-Trace-Id
Accept-Language
X-Info
Section-Io-Cache
X-VHOST
Content-Disposition
X-Backend-TTL
X-Origin-CC
Rt-Fastcgi-Cache
X-Origin-TTL
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-ApacheServer
Country
X-PERF
X-Cache-Remote
ServedBy
X-CDN-Forward
X-B3-Spanid
Odigeo-Trace-Id
X-EC-Lua
X-From
X-Proxied
X-Routing-Service
X-Device-Type
X-Zipkin-Id
X-Magnolia-Registration
X-Via-Fastly
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Microcachable
X-Uri
X-TT-TIMESTAMP
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Proxy-Connection
X-Ttl
X-Nc
X-Geo
Filterid
Access-Control-Request-Headers
Geo-Info
Cf-Ipcountry
HitType
Ohc-File-Size
X-Region-Sid
Fastcgi-X-Cache-Version
BehaviorPad-Version
Content-Style-Type
Content-Script-Type
X-TA-CDN-Provider
Apple-News-Services-Parsed-Url
X-Real-IP
X-Trv-Group
X-Transaction
GEO-REGION-INFO
Apple-News-Services-Handled
X-VG-WebServer
Apple-News-Services-Host
AsisCache
Mobile-Detection-Method
X-DPWN-IS-SECURE
X-Application
X-Aed
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
X-ARC
X-B-Cookie
X-Connection-Hash
X-Date
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Destination
X-A-Dcw
X-A-Dam
Rendered-Blocks
T-Server
X-Geo-Header
X-GeoIP-Country-Code
MD5-Digest
Meta-Geo-Continent
X-G
Viewtype
X-A
X-A-Ccd
X-External-Request-Id
W
VivaBuild
Machine
Apple-News-Services-Request-Url
X-Twitter-Response-Tags
X-S
X-Rewrite-Enabled
X-S-Cookie
X-Request-UUID
X-Session-Fingerprint
X-Rocket-Build-Number
X-Sigma-Backend
X-VG-TLSProxy
X-Vdms-Version
X-VG-WebCache
X-SRCache-Key
X-Rojux
X-Sigma
X-D
X-Varnish-Beresp-Ttl
X-ScT
X-Vtex-Processado-Em
X-Varnish-Beresp-Status
X-Vtex-Remote-Cache
Xc-Version
X-Varnish-Beresp-Grace
X-C
X-Agile
X-WebServer
X-Cache-Time
X-PHP-Host
X-Logging-Id
Environment
HA-Ipaddr
Ha-Gx-Prefs
IsBot
Locid
X-Hit
Powered-By
Fastly-SWR
Fastly-Soc-X-Request-Id
X-VC-Cache
CDCHOST
Countrycode
X-Agile-Age
Fastly-SIE
X-Eu-Site
X-Labrador-Cache-Channel
X-Developers
X-Rebelmouse-Cache-Control
X-Distil-CS
X-Bip
X-Rebelmouse-Surrogate-Control
X-Clientip
X-Cache-Debug
X-Thanos
X-No-Session
X-App-Name
X-CGP
X-CUA
X-Agile-Id
X-SIPLIST1
User-Cache-Control
Fastly-SSL
X-GoCache-CacheStatus
RNT-Time
Server-Cache-Control
RNT-Machine
Server-ID
X-Generated-In
X-Contensis-Viewer-Groups
Platform
X-SVT-ORM-RULES
X-VServer
X-Has-Esi
X-GeoIP-City
X-Core-Mission
Request-EU
Request-Country
Server-Int
X-Wikidot-Static-Cache
X-Cms-Context
X-Cdn-Srv
X-Azure-Ref
X-Distributor
X-Dispatcher-Server
X-Cache-ASPX
X-Wikidot-Backend
X-Auto-Login
X-Air-Hostname
X-Epic-Correlation-Id
X-Hash
We-Hiring
X-Debug-Log
X-Debug-Cookies
X-Cache-Tags
X-Gamma-Serve
X-Servername
True-Client-Country-4JS
V-Age
X-Fetched-On
X-Varnish-Authentication
X-Variation
Server-Surrogate-Control
Locale
X-Trace-Id
Adler-Geo
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Platform-Server
AKAMAI
X-Cache-Expired-At
X-Swa-Ws
Cache-Host
X-Up
X-RateLimit-Remaining-Second
X-Backend-State
X-SVT-ORM-VERSION
X-Ms-Request-Id
X-OVcl
X-Origin-Expires
X-TrackingId
X-OVcl-Cache
X-Tumblr-Pixel-3
X-Origin-Date
X-NX-Host
X-Nginx-Cache-Key
X-Ms-Version
X-Var-Ttl
X-NodeID
X-Owner
X-LI-Proto
X-LI-UUID
IBM-Web2-Location
Is-Eu
Heartbleed
Gh-Request-Id
X-Is-Gdpr
Kp-EeAlive
X-Instart-Isnd
Mail-Subject
X-IN-APIGATEWAY
X-Request-URI
X-IN-APIGATEWAYSSL
X-JWT-State
Group
X-TH-Server
X-Li-Pop
X-Li-Fabric
X-Urbn-Site-Id
Country-Code
X-Urbn-Context-Path
X-UPSTREAM-Address
X-Edge-Location
X-TT-LOGID
X-Req
X-Debug-Cache-Expiry
X-Trafficlayer-App-Version
X-Debug-Cache-Store
X-Thinkindot-L3
X-Reboot
X-Debug-Cache-Fetch
X-Webstats-RespID
X-Irp-Debug
X-Level-Front-Cache
X-Gen-Mode
X-Service
X-Generated-On
X-Generation-Time
X-Hnp-Log
Fastly-Backend-Name
X-Server-W
X-FW-Version
X-Fastly-Cache
X-We-Are-Hiring
X-Micro-Cache
X-WADP-Cache
X-NU-AKA-ACS-Version
X-Matched-Rule
Cache-Hits
X-Trafficlayer-App-Name
Pragrma
X-ServiceProvider
X-Trafficlayer-App-Scope
Wxu-Next-Hostname
Thinkindot-Control
Thinkindot-CacheControl-Type
Web-Mar-Node
ServerName
Memcached
Thinkindot-CacheControl
Server-Host
PFcat
FNAC-ModuleRouting
Cdnsip
Cdncip
Wxu-Next-Region
Wxu-Next-Commit
X-Core-Value
X-Cache-URL
X-Cache-Info
X-Clara-WADP
X-BBXSRF
X-AK-Request-ID
Ohc-Cache-HIT
X-Block-Status
X-App-Version
S-Cnection
X-Lb-Id
X-Old-Content-Length
X-S-Maxage
X-Cache-Bucket
X-Render-Time
X-Cache-Backend
X-Nginx-Cache
X-User
RequestId
X-SERVER
X-Response-By
X-Refresh
X-Internal-Host
X-Wa
Powered-By-ChinaCache
X-Parent-Response-Time
X-Varnish-Cacheable
X-Key
X-CSRF-TOKEN
X-Sucuri-Cache
X-Sucuri-ID
X-CF-Powered-By
Origin
X-Pjax-Url
X-NC
X-Tec-Api-Root
X-Ua
X-Tec-Api-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Origin
X-Location
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cdn-Forward
SRV
X-CSRF-Token
X-Developer
User-Agent
X-BACKEND-TTL
X-Correlation-ID
X-Node-Id
X-Cache-Grace
X-LAGOON
X-Device-Os
X-Cache-Status-Check
ProcessTime
X-Sn-Servicetimems
X-Cdn-Origin
X-Pf-Uncompressing
X-B3-Parentspanid
Geoip-Latitude
Memory
TTL
Geoip-City
X-NWS-UUID-VERIFY
X-Via-CDN
X-Ocache
X-NGINX-Cache
X-Unique-ID
GeoIp-Country-Code
X-Vcl-Version
A
PICS-Label
Hostname
On-Server
X-MSEdge-Features
X-Request-Host
X-MSEdge-Flight
Cloudfront-Viewer-Country
X-COUNTRY
X-Server-IP
X-B3-SpanId
M-TraceId
X-Litespeed-Cache
X-Webkit-CSP
X-Servedbyhost
Cdn
X-Varnish-Ttl
Media-Length
X-Cdn-Request-ID
X-Rocket-Nginx-Bypass
XServer
X-TIME
X-Ruxit-Js-Agent
SN
Tcn
X-Varnish-URL
X-HS-Status
Dnion-Transfer-Encoding
Resin-Trace
X-FORWARDED-FOR
HostName
X-Via-Ucdn
Host-ID
X-ServedByHost
CACHE
X-Ratelimit-Remaining
X-Action
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Trace
Who
X-Beluga-Cache-Status
X-Beluga-Status
X-Cache-Ttl
X-Beluga-Record
X-Slack-Backend
X-Sucuri-Id
X-DI
X-RPM
X-DW
X-DB
X-Fastly-Country-Code
X-DSS
Pramga
Esi-Enabled
X-PAYTM-SRV-ID
X-Dispatch
X-Cache-FS-Status
X-Reqid
X-Processor
Arc-Country
X-RPS
X-RSL
X-AIR-PT
X-Server-Time
X-Flog
X-Hello
X-ABtesting
X-Planisys-CDN-TTL
GeoIP-Country-Code
X-Planisys-CDN-Cache
X-Policy
Pics-Label
X-Planisys-CDN-Rules
X-ND-Cache
X-Skip-Cache
CF-Cached-On
X-VCL-Version
Amp-Access-Control-Allow-Source-Origin
X-Request-Start
GeoIP-City
Fastly-Drupal-HTML
X-Varnish-Url
Cdn-Host
X-Azure-Ref-OriginShield
X-Served-From
GeoIP-Latitude
Cdn-Request-Time
X-Edge-Server
X-VarnishDD-TTL
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-LiteSpeed-Cache-Control
MIME-Version
Section-Io-Origin-Status
X-Oracle-Dms-Rid
Section-Io-Id
N-Cache
X-PF-Uncompressing
X-Bc
X-Zone
Ttl
NtCoent-Length
X-Bc-Bl
X-DevSite-Last-Modified
Rt-Proxy-Cache
X-DC
X-Newrelic-App-Data
X-FPC
X-APP
X-Fastly-Backend-Reqs
X-Ratelimit-Limit
Trailer
Fusion-Deployment-Id
X-HostName
X-Backend-Host
X-SRV
X-Method
X-Adobe-Source
WebServer
Magicmarker
X-PJAX-URL
X-Swift-Error
Cache-Cookie-Set-From
X-BE
Cache-Cookie-Set-Idcheck
X-Dynatrace
Cache-Cookie-Set-Lfrom
Processtime
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Cteonnt-Length
X-Dynatrace-Js-Agent
Servername
X-ID
FSS-Proxy
X-Scheme
FSS-Cache
X-WA
X-Fmm-Version
X-ZONE
Cache-Provider
X-BC
X-WR-MODIFICATION
X-Frame-Option
Dynatrace
X-StackifyID
CF-IPCountry
X-Branch-Name
X-Fpc
Requestid
X-Be
X-Snapshot-Date
X-LB-ID
CDN
X-Svr
Ohc-Response-Time
X-Ftr-Cache-Host
X-CACHE-AGE
X-Cc-Req-Id
Lfy
X-Fastly-Cache-Hits
X-Cc-Via
X-SN
X-Apw-Access-Action
Vix-Hermes-Req-Id
X-Tid
X-Apw-Access-Object
D-Cc-Upstream
X-Aicache-OS
WZWS-RAY
X-App
L
X-Apw-Access-Token
X-Esi-Check
X-Apw-Hits
X-Request-Url
X-Cache-Id
Warning
X-Compress-Hint
X-SB
X-VC
V-Cache
X-Node-ID
Load-Balancing
X-Litespeed-Cache-Control
X-GEO
SID
Sid
LB
X-Cache-NGX
Lb
Backend-Name
X-Worker
WP-Super-Cache
Correlation-Id
Pagetype
Proxy-Firewall
X-ElasticPress-Search
X-Powered-Y
X-Fastly-Cache-Status
X-WPE-Loopback-Upstream-Addr
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Request-URL
Cneonction