Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
X-Download-Options
X-AspNet-Version
CF-Ray
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
P3p
Rating
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-DynaTrace
Accept-Ch
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
Content-MD5
Verso
X-ESI
Service-Worker-Allowed
X-Url
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Vcache
X-B3-TraceId
X-GitHub-Request-Id
X-Kinja-Revision
X-Kinja
X-Kinja-Server
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Navigation-Version
X-TEC-API-ROOT
X-MSEdge-Ref
X-Amz-Rid
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
Pagespeed
Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-Server-ID
X-SharePointHealthScore
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Version
X-Fastly-Request-ID
MS-Author-Via
Nginx-Cache
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-Trace
X-Client-IP
X-Cdn
X-Edge-O15-RID
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Upstream
X-Grace
X-Shard
X-Hp-Webp
X-Jurisdiction
X-Id
X-Cache-TTL
Front-End-Https
X-Forwarded-For
X-Ezoic-Cdn
S
X-Hits
X-T
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Cache
Nel
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Varnish-Age
X-FTR-Backend-Server
X-FTR-Balancer
MicrosoftSharePointTeamServices
X-Mobile-URL
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-Frontend
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Logged-In
Powered
X-CST
X-Correlation-Id
Alternate-Protocol
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Cache-Hit
Fastly-Restarts
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-Location
X-ATS-Timestamp
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-Content-Options
X-Zen-Fury
X-User-Agent
X-Request-Received
X-Request-Processing-Time
X-F-Cache
X-Content-Security-Policy-Report-Only
Refresh
X-Origin-Server
X-Varnish-Grace
X-Akamai-Edgescape
X-Rid
X-XRDS-LOCATION
X-B
X-LB-Cache
X-Revision
PB-PID
X-Content-Powered-By
Arc-Version
PB-RID
X-Mobile-Rewrite
X-Type
X-Webkit-Csp
X-B3-Sampled
Cache-Status
X-AppVersion
X-Geo-Country
X-Az
X-Activity-Id
X-Kinsta-Cache
X-NWS-LOG-UUID
X-N
X-Cache-Action
X-TT
X-AOL-HN
Access-Control-Allow-Method
X-Framework
X-Signature
X-Jobs
X-WebKit-CSP-Report-Only
X-Debug-Info
X-Request-Guid
X-B-Cache
X-Cache-Age
X-Instance
X-Time
X-FB-Debug
Actual-Object-TTL
X-PHP-Backend
Paypal-Debug-Id
X-Cached-By
X-App-Environment
X-Git-Hash
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Load-Cache
X-Tt-Trace-Tag
Fastcgi-Useragent
X-Tt-Trace-Host
X-Amz-Replication-Status
X-URL
DC
X-Pad
X-Varnish-Backend
X-Shield-Request-Id
Host
Host-Header
X-WA-Info
X-ATG-Version
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-RateLimit-Remaining
Surrogate-Key
MS-CV
X-IPLB-Instance
X-Contextid
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
Retry-After
Frame-Options
Accept-CH
X-Response-Served-From
X-Accel-Buffering
NGB
Liferay-Portal
Payment
X-FastCGI-Cache
X-Cache-Key
X-Srv
X-NewRelic-App-Data
Source
X-Cache-NE
X-Hostname
X-Seen-By
X-Cache-2
Xserver
X-SS-Set-Cookie
Eomportal-Instance
X-Region
X-Varnish-Server
X-Origin-Response-Time
X-FW-Hash
X-FW-Serve
X-IPS-LoggedIn
X-FW-Static
X-FW-Type
X-Rendered-As
WPE-Backend
X-Is-Bot
X-GeoIP
Filters
X-Cacheable-TTL
X-FW-Server
Tracecode
X-Adobe-Loc
X-Adobe-Content
X-Cluster
X-Presslabs-Stats
Cache-Tv-Group
X-Cache-Enabled
X-Varnish-Hostname
X-RequestSource
X-Cache-Rule
Server-Info
X-Tumblr-Pixel-2
X-Cache-Operation
X-Tumblr-Pixel-1
X-App-Server
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-TX-ID
FilterID
Accept-CH-Lifetime
X-Environment-Context
X-L-Path
Cleartype
X-FireWall-Port
X-Analytics
X-B3-Traceid
X-Handled-By
X-Upgrade-Enabled
X-Source
Ms-Operation-Id
X-RTag
X-Endurance-Cache-Level
X-Cache-Server
X-CACHE-KEY
Accept-Charset
Srv
From-Origin
X-Backend-Name
X-HTML-Minification-Powered-By
X-Ttl
X-UA
Datacenter
X-Webapp-Samesite-None-Activated-N
X-Dc
X-UUID
Healthy
X-APP-VERSION
X-Wix-Request-Id
X-Daa-Tunnel
X-Cache-Var
Meta-Geo
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
X-Timing-Wait
X-Status
X-Section
X-Tb
X-Proxy-Build
OT-Force-Account-Verify
X-Access
Selected-Fe
Cache-Tags
X-EIG-Tracking-Id
X-Proto
X-Format
X-Request-Time
Mn-Server-Ip
X-OCL
X-FC-Vary-Parameters
X-PCL
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-PodId
X-Akamai-Request-ID
X-Sorting-Hat-ShopId
X-Content-Age
X-ShardId
X-PressLabs-Stats
X-Akamai-Transformed
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Cache-Config
X-Alternate-Cache-Key
Ec-Rule-Version
X-Qloud-Router
X-Yottaa-Metrics
X-Human
X-LJ-Flow-ID
X-JoinUs
X-Say-Cacheable
X-Debug-Cache
X-Yottaa-Optimizations
X-Hl-Ver
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Soup
X-AWS-Id
X-NYM-Debug-Backend
X-Vgn-Hpd-Reason
X-ProxyCache-Key
X-ProxyCache-Status
X-Say-TTL
X-SayCDN-TTL
X-SaId
GEO-INFO
X-VWS-Id
X-Proxy-Cache-Status
X-Web-Node
Node
X-Origin
X-Unique-Id
Origin-Edge-Control
Origin-Cache-Control
Akamai-GRN
X-FB-TRIP-ID
NGX
X-Detected-As
Now
Cross-Origin-Window-Policy
X-CCM
X-BCube-Filmed-By
X-Proxy
Version
X-Loop
Decoy-Debug-Key
X-Whom
Decoy-Debug-Status
Decoy-Debug-TTL
X-Hyper-Cache
X-FW-Dynamic
X-Www-Served-By
X-TNCMS
X-Pubstack
X-ServerID
X-Site-Version
X-Storage
X-Time-Microsecs
X-Redis-Cache
X-Hosted-By
X-MP-GENERATED-AT
X-Generated-By
X-Generated
X-Locale
X-Viewer-Country
DB-Nickname
Azure-Version
Webcakes-Region
Webcakes-App-Version
Azure-SlotName
X-RCS-CacheZone
Azure-SiteName
Azure-InstanceId
X-Origin-Hint
X-IP
Azure-RegionName
X-R9-Blue-Green-Version
Webcakes-App-Name
X-Xfnlog-Site
X-Varnish-Hits
TWC-Locale-Group
S-Rt
Property-Id
X-Ua-Device
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Amzn-Remapped-Content-Length
X-NCache
X-Cluster-Node
X-UA-Device-Type
Cache-Key
X-Cache-Control
X-Cache-Host
X-RateLimit-Limit
Section-Io-Cache
X-NGENIX-Cache
X-Mode
X-Drupal-Cache-Tags
X-Rule
X-Forwarded-Host
Cache
Webserver
X-Backend-TTL
L5d-Success-Class
X-Esi
Content-Disposition
Time
Mime-Version
X-UnsetCookies
Cache-Name
X-Info
Accept-Language
X-CDN-Forward
X-PERF
X-CS
X-ApacheServer
Viewport
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
ServedBy
X-Origin-CC
X-Origin-TTL
Rt-Fastcgi-Cache
Country
Uber-Trace-Id
X-B3-Spanid
X-Cache-Remote
X-Device-Type
X-Zipkin-Id
Odigeo-Trace-Id
X-Proxied
X-Routing-Service
Filterid
X-Via-Fastly
X-Magnolia-Registration
X-VCache
X-Uri
X-From
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
Proxy-Connection
X-Cluster-Name
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Real-IP
X-Microcachable
Cf-Ipcountry
HitType
X-Geo
X-TT-TIMESTAMP
Geo-Info
X-Nc
Viewtype
Apple-News-Services-Handled
X-Varnish-Beresp-Ttl
Fastcgi-X-Cache-Version
X-Varnish-Beresp-Status
X-Labrador-Cache-Channel
X-PHP-Host
X-Cache-Time
X-Varnish-Beresp-Grace
AsisCache
BehaviorPad-Version
Content-Style-Type
VivaBuild
Apple-News-Services-Request-Url
GEO-REGION-INFO
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Geo-Header
Rendered-Blocks
Mobile-Detection-Method
Ohc-File-Size
X-Region-Sid
VIX-Pulpo-Node
X-Request-UUID
X-Rewrite-Enabled
T-Server
Meta-Geo-Continent
X-Rocket-Build-Number
Group
X-S-Cookie
X-ScT
Machine
X-S
X-Rojux
MD5-Digest
X-GeoIP-Country-Code
VIX-Pulpo-Upstream-Status
X-G
X-Application
X-ARC
X-Vdms-Version
X-CF-Lambda-Fn
Xc-Version
X-Transaction
X-Trv-Group
X-CF-Lambda-Version
X-Connection-Hash
X-VG-TLSProxy
X-Vtex-Remote-Cache
X-D
X-Date
X-External-Request-Id
X-DPWN-IS-SECURE
X-Vtex-Processado-Em
X-VG-WebCache
X-VG-WebServer
X-B-Cookie
X-Aed
X-Twitter-Response-Tags
W
Content-Script-Type
X-A-Dam
X-Destination
X-A
X-A-Ccd
X-Sigma-Backend
X-Sigma
X-SRCache-Key
X-A-Wwc
X-Accel-Expires-Debug
X-Session-Fingerprint
X-A-Dgt
X-A-Dcw
User-Cache-Control
Cache-Hits
X-C
X-Backend-State
X-CUA
Fastly-SWR
X-CGP
Countrycode
X-Eu-Site
CDCHOST
X-Logging-Id
X-Cache-Expired-At
Environment
Fastly-SIE
X-Bip
X-Cache-Debug
Fastly-Soc-X-Request-Id
X-Rebelmouse-Surrogate-Control
X-Agile-Age
X-Agile-Id
X-App-Name
X-Var-Ttl
X-Agile
X-TrackingId
X-SIPLIST1
X-Developers
X-Thanos
X-Hit
X-VC-Cache
Locid
IsBot
HA-Ipaddr
X-WebServer
Powered-By
X-Clientip
X-Rebelmouse-Cache-Control
X-Distil-CS
Ha-Gx-Prefs
X-GoCache-CacheStatus
Fastly-SSL
X-Cdn-Srv
X-Servername
X-Ms-Request-Id
V-Age
X-Wikidot-Static-Cache
X-OVcl
Web-Mar-Node
We-Hiring
X-SVT-ORM-RULES
X-Wikidot-Backend
True-Client-Country-4JS
Server-ID
X-Has-Esi
Server-Cache-Control
X-Hash
Server-Int
Server-Surrogate-Control
X-Distributor
X-GeoIP-City
X-Request-URI
X-Debug-Cookies
X-Generated-In
X-Gen-Mode
X-VServer
X-Urbn-Context-Path
X-Air-Hostname
X-Up
X-Urbn-Site-Id
X-Variation
X-Azure-Ref
X-Auto-Login
X-Varnish-Authentication
X-Block-Status
X-Cache-ASPX
X-TH-Server
X-Swa-Ws
X-SVT-ORM-VERSION
X-Epic-Correlation-Id
X-Core-Mission
X-Trace-Id
X-Cache-Tags
X-Cms-Context
X-Contensis-Viewer-Groups
RNT-Time
X-Debug-Log
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-NU-AKA-ACS-Version
Gh-Request-Id
X-NX-Host
X-Origin-Date
Is-Eu
IBM-Web2-Location
Heartbleed
X-LI-UUID
X-NodeID
X-Nginx-Cache-Key
X-Dispatcher-Server
X-Ms-Version
Country-Code
Cache-Host
AKAMAI
X-No-Session
Adler-Geo
Fastly-Backend-Name
Kp-EeAlive
Locale
Pragrma
X-OVcl-Cache
Platform
X-IN-APIGATEWAY
X-Hnp-Log
X-RateLimit-Remaining-Second
X-Fetched-On
Request-EU
Request-Country
X-IN-APIGATEWAYSSL
X-Instart-Isnd
Mail-Subject
X-Owner
X-Origin-Expires
X-Platform-Server
X-JWT-State
X-Is-Gdpr
RNT-Machine
X-RateLimit-Limit-Second
X-Proxy-Upstream
Ohc-Cache-HIT
X-Edge-Location
S-Cnection
X-Generated-On
X-ServiceProvider
X-Webstats-RespID
X-Gamma-Serve
X-Thinkindot-L3
X-Service
X-Trafficlayer-App-Name
X-Generation-Time
X-Level-Front-Cache
X-Matched-Rule
X-Reboot
X-Req
X-Server-W
X-We-Are-Hiring
X-Trafficlayer-App-Scope
X-TT-LOGID
X-Cache-Info
X-Tumblr-Pixel-3
X-Cache-Bucket
Memcached
X-BBXSRF
X-Cache-URL
X-Trafficlayer-App-Version
X-Micro-Cache
X-WADP-Cache
X-Irp-Debug
X-Fastly-Cache
X-Clara-WADP
X-FW-Version
X-Debug-Cache-Fetch
X-App-Version
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
PFcat
ServerName
FNAC-ModuleRouting
Cdnsip
Cdncip
X-Nginx-Cache
Thinkindot-Control
X-AK-Request-ID
X-Debug-Cache-Store
X-Core-Value
Wxu-Next-Region
Wxu-Next-Commit
X-Debug-Cache-Expiry
Wxu-Next-Hostname
X-Old-Content-Length
X-Response-By
X-S-Maxage
X-Lb-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-VHOST
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-UPSTREAM-Address
X-Oss-Request-Id
X-Varnish-Cacheable
X-Refresh
X-Node-Id
RequestId
X-SERVER
X-Sucuri-ID
X-NC
User-Agent
Powered-By-ChinaCache
X-Render-Time
X-NWS-UUID-VERIFY
X-Wa
X-Cache-Backend
X-Developer
X-Cache-Status-Check
X-User
X-CSRF-TOKEN
Hostname
X-Parent-Response-Time
X-CF-Powered-By
X-Cache-Grace
X-Key
X-Cdn-Origin
X-Sn-Servicetimems
X-Device-Os
X-Internal-Host
X-Pjax-Url
X-Tec-Api-Origin
X-Tec-Api-Root
X-LAGOON
X-Tec-Api-Version
X-Ua
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-Token
X-Ocache
Origin
X-Sucuri-Cache
A
X-Pf-Uncompressing
X-Location
On-Server
X-BACKEND-TTL
Geoip-City
Geoip-Latitude
X-Via-CDN
X-TA-CDN-Provider
X-MSEdge-Flight
Memory
Cloudfront-Viewer-Country
X-MSEdge-Features
X-Request-Host
X-Cdn-Forward
SRV
GeoIp-Country-Code
PICS-Label
ProcessTime
X-B3-Parentspanid
X-NGINX-Cache
TTL
X-COUNTRY
X-Vcl-Version
X-Varnish-URL
M-TraceId
X-Servedbyhost
X-Webkit-CSP
Resin-Trace
X-Server-IP
X-Litespeed-Cache
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
X-Unique-ID
X-Ratelimit-Remaining
X-Varnish-Ttl
X-HS-Status
X-TIME
XServer
X-B3-SpanId
X-Dynatrace-Js-Agent
Media-Length
CACHE
Cdn
Tcn
SN
X-Cdn-Request-ID
X-Slack-Backend
X-Correlation-ID
X-FORWARDED-FOR
Pramga
X-Server-Time
X-PAYTM-SRV-ID
X-Processor
X-Dispatch
Host-ID
X-Cache-FS-Status
X-ServedByHost
Arc-Country
Who
X-Skip-Cache
X-Fastly-Country-Code
X-ND-Cache
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Trace
X-Cache-Ttl
X-Action
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Record
Section-Io-Id
HostName
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-DC
Cdn-Host
Cdn-Request-Time
X-RSL
X-Edge-Server
X-DW
X-DSS
X-DB
X-DI
X-Via-Ucdn
X-RPM
X-VCL-Version
Fastly-Drupal-HTML
X-RPS
X-Served-From
Fusion-Deployment-Id
Ttl
X-DevSite-Last-Modified
GeoIP-Country-Code
N-Cache
X-Reqid
Pics-Label
X-Flog
X-AIR-PT
Amp-Access-Control-Allow-Source-Origin
X-ABtesting
GeoIP-City
Esi-Enabled
X-Hello
X-Bc-Bl
GeoIP-Latitude
X-Adobe-Source
X-Ratelimit-Limit
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
X-Sucuri-Id
MIME-Version
NtCoent-Length
X-Planisys-CDN-Rules
X-Policy
X-VarnishDD-TTL
X-Planisys-CDN-TTL
X-PF-Uncompressing
X-Backend-Host
X-Planisys-CDN-Cache
X-Varnish-Url
CF-Cached-On
X-APP
Cache-Cookie-Set-Lfrom
X-Azure-Ref-OriginShield
X-Request-Start
X-FPC
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Ruxit-Js-Agent
Trailer
X-HostName
X-Scheme
Rt-Proxy-Cache
X-Fmm-Version
WebServer
X-SRV
X-Fastly-Backend-Reqs
Cteonnt-Length
X-Bc
X-Zone
X-PJAX-URL
X-Amzn-Remapped-Date
X-Fpc
X-BC
X-Amzn-Remapped-Connection
X-ZONE
X-WA
X-Dynatrace
X-BE
Processtime
Servername
X-Newrelic-App-Data
X-Swift-Error
X-ID
X-Cache-Id
X-Method
X-Esi-Check
X-SN
FSS-Cache
Magicmarker
Cache-Provider
FSS-Proxy
X-WR-MODIFICATION
X-Frame-Option
X-LB-ID
X-SD-PageType
X-StackifyID
Requestid
X-Snapshot-Date
X-Branch-Name
CF-IPCountry
Dynatrace
CDN
X-Cache-NGX
X-Gzip
SD-X-WS
Lb
Sid
Release
Load-Balancing
X-CACHE-AGE
WZWS-RAY
L
X-Wix-Viewer-Type
X-Configured-By
X-Compress-Hint
X-Instart-Info
X-VCT
Ohc-Response-Time
X-Fastly-Cache-Hits
X-VC
V-Cache
X-Tid
X-Request-Url
X-Aicache-OS
Warning
X-SB
X-Cc-Via
D-Cc-Upstream
X-Cc-Req-Id
X-Litespeed-Cache-Control
X-ECACHE
SID
X-Worker
Request-Time
X-ECache
Inserted-Into-Cache-At
X-Svr
X-Nananana
LB
X-Apw-Access-Action
X-Be
WP-Super-Cache
Cneonction
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-WPE-Loopback-Upstream-Addr
X-Fastly-Cache-Status
X-App
X-Request-URL
X-Apw-Hits
X-Apw-Access-Token
X-GEO
X-ElasticPress-Search
X-Powered-Y
X-Apw-Access-Object