Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Server
X-Age
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
P3p
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-Rq
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dns-Prefetch-Control
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-Ruxit-JS-Agent
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-DataDome
X-Rack-Cache
Rating
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
X-Country
Pinterest-Generated-By
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-DynaTrace
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
Accept-Ch
Verso
Content-MD5
X-ESI
Service-Worker-Allowed
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Exp-Variant
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja
X-Kinja-Build
X-Url
RTSS
Edge-Cache-Tag
X-Server-Name
X-D2id
X-Debug
X-Abt-Application-Version
X-Px
AR-Request-ID
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
X-Amz-Server-Side-Encryption
X-Vcache
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Sol
X-Middleton-Display
Display
Pagespeed
Response
X-Middleton-Response
X-Vcap-Request-Id
X-Accel-Expires
X-MSEdge-Ref
X-Navigation-Version
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Server-ID
Pinterest-Version
X-Pinterest-Rid
TCN
X-Powered-CMS
X-Fastcgi-Cache
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Cdn
Public-Key-Pins
X-Trace
X-Fastly-Request-ID
Cache-Tag
Realpath
X-Client-IP
X-Edge-O15-RID
Nginx-Cache
MS-Author-Via
Access-Control-Request-Method
X-Ser
X-Shard
X-DynaTrace-JS-Agent
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
SPIisLatency
X-Content-Type
SPRequestDuration
S
X-Ezoic-Cdn
X-Upstream
X-Id
X-Amzn-Trace-Id
X-Grace
X-Hp-Webp
X-T
X-Amz-Meta-S3cmd-Attrs
X-Jurisdiction
Nel
Front-End-Https
X-Hits
Fastcgi-Cache
X-Forwarded-For
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Cache-TTL
X-Varnish-Age
ServerID
X-Element-Page-Cache
MicrosoftSharePointTeamServices
X-Content-Digest
X-Node-Name
X-Mobile-URL
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-Expires
X-Dw-Request-Base-Id
X-DIS-Request-ID
NR-ENABLED
Server-Node
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
Powered
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Generation
X-Frontend
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
TP-L2-Cache
TP-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Amzn-RequestId
X-XRDS-Location
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Cache-Hit
X-URL
Fastly-Restarts
X-Content-Options
X-User-Agent
X-Origin-Server
Refresh
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Zen-Fury
X-Rid
X-Akamai-Edgescape
X-Page-Id
X-Revision
X-Varnish-Grace
X-Type
X-FTR-Cache-Host
X-Content-Powered-By
X-LB-Cache
X-B
X-XRDS-LOCATION
X-B3-Sampled
PB-RID
X-Geo-Country
PB-PID
Arc-Version
X-Mobile-Rewrite
X-AppVersion
X-Activity-Id
X-Az
Cache-Status
X-Kinsta-Cache
X-N
X-Cache-Age
X-Cache-Action
X-TT
X-WebKit-CSP-Report-Only
X-Signature
X-AOL-HN
X-B-Cache
X-Instance
Actual-Object-TTL
Access-Control-Allow-Method
X-Framework
Paypal-Debug-Id
X-Debug-Info
X-Load-Cache
X-Tumblr-Pixel
X-Jobs
X-Tumblr-Pixel-0
X-Tumblr-User
X-App-Environment
X-FB-Debug
X-Cached-By
X-Shield-Request-Id
X-PHP-Backend
X-Pad
X-Request-Guid
X-Git-Hash
DC
Fastcgi-Useragent
X-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Webkit-Csp
X-RateLimit-Remaining
X-Amz-Replication-Status
X-Varnish-Backend
Surrogate-Key
Host-Header
X-IPLB-Instance
X-Contextid
MS-CV
X-ATG-Version
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-WA-Info
Host
X-NWS-LOG-UUID
Accept-CH
X-Webapp-Samesite-None-Activated-N
X-SS-Set-Cookie
X-Analytics
X-FastCGI-Cache
X-Cache-Key
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile
X-Via-JSL
Tracecode
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Response-Served-From
X-Accel-Buffering
X-Host-Name
NGB
X-Presslabs-Stats
Payment
X-Cluster
X-Cache-NE
X-Cache-2
X-FW-Type
X-FW-Server
Source
X-FW-Hash
X-FW-Static
X-FW-Serve
Frame-Options
WPE-Backend
Eomportal-Instance
X-Varnish-Server
X-Region
X-Origin-Response-Time
FilterID
Filters
X-Tumblr-Pixel-1
X-Varnish-Hostname
X-GeoIP
X-Tumblr-Pixel-2
Cache-Tv-Group
X-IPS-LoggedIn
X-Adobe-Content
X-Cache-Enabled
X-Cacheable-TTL
X-Adobe-Loc
X-Is-Bot
X-Cache-Rule
X-Seen-By
Retry-After
X-EdgeConnect-Cache-Status
X-Cache-Operation
X-Hostname
X-Rendered-As
X-RequestSource
X-NewRelic-App-Data
X-TX-ID
Xserver
Accept-CH-Lifetime
Server-Info
X-VCache
X-Srv
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
Liferay-Portal
Cleartype
X-App-Server
X-B3-Traceid
X-Dc
X-L-Path
X-Environment-Context
Ms-Operation-Id
X-RTag
X-FireWall-Port
X-Source
X-Endurance-Cache-Level
X-UA
Datacenter
X-Handled-By
X-HTML-Minification-Powered-By
X-Upgrade-Enabled
From-Origin
X-Cache-Server
X-CACHE-KEY
X-Backend-Name
X-Esi
X-APP-VERSION
Srv
Cache
Accept-Charset
X-Cache-Var
X-ES-SERVER
X-Wix-Request-Id
X-RN-RSRV
GEO-INFO
X-Cache-Control
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-UUID
X-Section
X-Tb
X-Timing-Wait
OT-Force-Account-Verify
Selected-Fe
X-Format
X-Access
X-Proxy-Build
X-Status
X-Sorting-Hat-PodId
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-PCL
X-Shopify-Stage
X-ShopId
X-OCL
X-NYM-Debug-Backend
Mn-Server-Ip
Cache-Tags
X-Akamai-Request-ID
X-Origin
X-Shopify-Generated-Cart-Token
Azure-Version
X-Alternate-Cache-Key
Azure-InstanceId
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-Request-Time
Akamai-GRN
Azure-RegionName
Azure-SiteName
Healthy
X-Sorting-Hat-ShopId
X-Content-Age
X-ShardId
Azure-SlotName
Version
Origin-Edge-Control
DB-Nickname
Node
NGX
Now
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Origin-Cache-Control
X-SayCDN-TTL
X-SaId
X-Say-Cacheable
X-Redis-Cache
X-Qloud-Router
X-ProxyCache-Status
X-Pubstack
X-Say-TTL
X-ServerID
X-VWS-Id
X-Web-Node
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Soup
X-Time-Microsecs
X-ProxyCache-Key
X-Proxy-Cache-Status
X-FW-Dynamic
X-Generated-By
X-Debug-Cache
X-Cluster-Node
X-AWS-Id
X-BYPASS-REASON
X-Hl-Ver
X-Hosted-By
X-LJ-Flow-ID
X-Proxy
X-JoinUs
X-Hyper-Cache
X-Human
X-Akamai-Request-ID2
Ec-Rule-Version
X-Yottaa-Metrics
X-Yottaa-Optimizations
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-CCM
X-RateLimit-Limit
Webcakes-App-Version
X-BCube-Filmed-By
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Locale-Group
Webcakes-App-Name
X-FB-TRIP-ID
X-Site-Version
X-PressLabs-Stats
X-Storage
X-TNCMS
X-Varnish-Hits
X-Generated
X-Origin-Hint
X-Loop
X-Www-Served-By
X-MP-GENERATED-AT
Cross-Origin-Window-Policy
X-NCache
X-Xfnlog-Site
X-RCS-CacheZone
X-Rule
X-Locale
X-R9-Blue-Green-Version
S-Rt
X-Akamai-Transformed
X-Cache-Host
X-IP
X-Detected-As
X-Unique-Id
L5d-Success-Class
X-Drupal-Cache-Tags
Cache-Key
X-CS
Cache-Name
Webserver
Time
Viewport
Uber-Trace-Id
X-UA-Device-Type
X-Forwarded-Host
X-UnsetCookies
X-Mode
X-Whom
X-Backend-TTL
X-Origin-TTL
X-Origin-CC
X-CDN-Forward
X-NGENIX-Cache
Rt-Fastcgi-Cache
X-Daa-Tunnel
Accept-Language
X-Info
Content-Disposition
X-Cache-Remote
X-B3-Spanid
X-Varnish-Cache-Hits
Mime-Version
Country
X-PERF
Odigeo-Trace-Id
X-From
X-ApacheServer
ServedBy
Section-Io-Cache
X-Newrelic-Synthetics
X-Magnolia-Registration
X-Cluster-Name
X-CLOUD-TRACE-CONTEXT
X-Drupal-Cache-Contexts
X-Routing-Service
X-Device-Type
X-Microcachable
X-Proxied
X-Geo
VIX-Pulpo-Upstream-Status
X-Zipkin-Id
VIX-Pulpo-Node
X-Litespeed-Cache
X-Via-Fastly
X-TT-TIMESTAMP
X-Ttl
X-EC-Lua
X-Uri
Cf-Ipcountry
Proxy-Connection
Ohc-File-Size
X-Nc
HitType
W
VivaBuild
Xc-Version
X-Application
X-Session-Fingerprint
X-ARC
T-Server
X-Vtex-Remote-Cache
X-B-Cookie
X-S-Cookie
Viewtype
X-ScT
X-Sigma-Backend
X-A-Dgt
X-A-Dcw
X-Twitter-Response-Tags
X-Aed
X-A-Wwc
X-Accel-Expires-Debug
X-SRCache-Key
X-A-Dam
X-Trv-Group
X-Vdms-Version
X-A
X-Transaction
X-A-Ccd
X-Rocket-Build-Number
X-Sigma
Rendered-Blocks
Apple-News-Services-Parsed-Url
X-G
X-Geo-Header
X-External-Request-Id
Content-Script-Type
X-Rojux
X-VG-WebCache
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
Content-Style-Type
X-Request-UUID
X-Rewrite-Enabled
X-Region-Sid
Fastcgi-X-Cache-Version
AsisCache
BehaviorPad-Version
Apple-News-Services-Host
X-VG-WebServer
Meta-Geo-Continent
X-S
MD5-Digest
X-VG-TLSProxy
X-CF-Lambda-Version
Mobile-Detection-Method
X-CF-Lambda-Fn
X-Vtex-Processado-Em
X-Connection-Hash
Machine
Apple-News-Services-Handled
X-DPWN-IS-SECURE
GEO-REGION-INFO
X-Destination
Access-Control-Request-Headers
X-D
X-Date
Ohc-Cache-HIT
X-Edge-Location
User-Cache-Control
Filterid
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-UPSTREAM-Address
X-C
X-No-Session
Gh-Request-Id
Fastly-SWR
X-Developers
HA-Ipaddr
X-CUA
Locid
IsBot
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
X-Hit
X-Rebelmouse-Surrogate-Control
Environment
Countrycode
X-Rebelmouse-Cache-Control
X-Logging-Id
X-Distil-CS
X-Eu-Site
X-Contensis-Viewer-Groups
Fastly-SIE
X-Cache-Debug
X-SIPLIST1
X-Tumblr-Pixel-3
X-VC-Cache
X-App-Name
X-Varnish-Authentication
X-Agile-Id
X-Agile
X-TrackingId
X-Agile-Age
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Cache-ASPX
X-Thanos
X-CGP
Server-Cache-Control
Server-Surrogate-Control
X-Auto-Login
X-WebServer
X-Bip
X-Clientip
Powered-By
CDCHOST
X-Real-IP
Fastly-SSL
X-GoCache-CacheStatus
X-Cache-Backend
Geo-Info
Cdnsip
X-Generated-In
X-Generation-Time
X-Gamma-Serve
X-FW-Version
X-Fetched-On
X-Backend-State
X-Azure-Ref
X-AK-Request-ID
X-GeoIP-City
X-Instart-Isnd
X-Irp-Debug
X-Is-Gdpr
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Has-Esi
X-Hash
X-Hnp-Log
X-Fastly-Cache
X-Epic-Correlation-Id
X-Cdn-Srv
X-Clara-WADP
X-Cms-Context
X-Cache-URL
X-Cache-Time
X-Cache-Bucket
X-Cache-Info
X-Cache-Tags
X-Core-Mission
X-Debug-Cache-Expiry
X-JWT-State
X-Dispatcher-Server
X-Distributor
X-Debug-Log
X-Debug-Cookies
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-BBXSRF
X-Block-Status
X-Li-Pop
X-SVT-ORM-VERSION
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-SVT-ORM-RULES
X-Servername
X-Render-Time
X-Request-URI
X-Server-W
X-TT-LOGID
X-Up
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-VServer
X-Variation
X-Urbn-Context-Path
X-Urbn-Site-Id
X-User
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-NodeID
X-Micro-Cache
X-LI-UUID
X-Li-Fabric
X-Air-Hostname
X-LI-Proto
X-NU-AKA-ACS-Version
X-NX-Host
X-PHP-Host
X-Platform-Server
X-Proxy-Upstream
X-Owner
X-OVcl-Cache
X-Origin-Date
X-Origin-Expires
X-OVcl
X-Labrador-Cache-Channel
X-Gen-Mode
RNT-Time
AKAMAI
RNT-Machine
Request-EU
Request-Country
We-Hiring
True-Client-Country-4JS
Country-Code
Web-Mar-Node
Server-Int
Server-ID
Cdncip
Mail-Subject
Kp-EeAlive
Is-Eu
Memcached
Cache-Host
Locale
IBM-Web2-Location
Adler-Geo
Platform
Heartbleed
V-Age
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-COUNTRY
Thinkindot-Control
X-Trafficlayer-App-Version
X-Thinkindot-L3
X-Service
PFcat
X-Matched-Rule
X-Reboot
X-Old-Content-Length
X-Level-Front-Cache
X-Req
Thinkindot-CacheControl
X-ServiceProvider
X-Generated-On
Server-Host
Thinkindot-CacheControl-Type
FNAC-ModuleRouting
Wxu-Next-Hostname
Wxu-Next-Commit
ServerName
Group
X-Cache-Expired-At
Fastly-Backend-Name
X-Var-Ttl
Wxu-Next-Region
X-Core-Value
X-Nginx-Cache
X-S-Maxage
X-Internal-Host
Pragrma
X-SERVER
Cache-Hits
X-App-Version
S-Cnection
X-Response-By
X-Sucuri-Cache
X-VHOST
X-Lb-Id
X-Key
X-Refresh
RequestId
X-Location
X-CSRF-TOKEN
X-Ruxit-Js-Agent
X-CF-Powered-By
Powered-By-ChinaCache
X-Tec-Api-Root
X-NC
X-TA-CDN-Provider
X-Tec-Api-Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-Tec-Api-Version
X-Wa
X-Sucuri-ID
Origin
X-Varnish-Cacheable
ProcessTime
X-B3-Parentspanid
X-Cdn-Forward
X-Ua
Memory
X-Via-CDN
User-Agent
X-Pjax-Url
X-Pf-Uncompressing
X-BACKEND-TTL
X-CSRF-Token
X-Developer
Geoip-Latitude
Geoip-City
SRV
X-Cdn-Origin
X-Cache-Grace
PICS-Label
X-Device-Os
X-LAGOON
X-Server-IP
GeoIp-Country-Code
X-Ocache
TTL
X-Sn-Servicetimems
X-Correlation-ID
X-Node-Id
X-B3-SpanId
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-NGINX-Cache
X-NWS-UUID-VERIFY
On-Server
X-Cache-Status-Check
X-Vcl-Version
X-FORWARDED-FOR
X-TIME
Hostname
X-Unique-ID
XServer
A
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Cdn-Request-ID
Media-Length
X-Webkit-CSP
X-Servedbyhost
Cloudfront-Viewer-Country
SN
Dnion-Transfer-Encoding
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
M-TraceId
Tcn
X-Via-Ucdn
X-HS-Status
Host-ID
Cdn
X-Sucuri-Id
X-Varnish-URL
Resin-Trace
X-Ratelimit-Remaining
X-Beluga-Trace
Who
X-Beluga-Cache-Status
X-AIR-PT
X-ServedByHost
X-Beluga-Status
Esi-Enabled
X-Beluga-Node
X-Beluga-Record
X-Cache-Ttl
X-Reqid
X-Beluga-Response-Time
HostName
X-Planisys-CDN-TTL
X-Slack-Backend
X-Planisys-CDN-Rules
CF-Cached-On
X-Planisys-CDN-Cache
X-Fastly-Country-Code
X-Policy
CACHE
X-Azure-Ref-OriginShield
X-VCL-Version
MIME-Version
X-Request-Start
X-Action
Pramga
X-Processor
X-DI
X-RSL
X-Server-Time
X-PAYTM-SRV-ID
X-RPM
GeoIP-Country-Code
X-DB
Arc-Country
X-Cache-FS-Status
X-RPS
X-DW
Rt-Proxy-Cache
Pics-Label
X-DSS
Ttl
X-Dispatch
X-SRV
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
X-Flog
X-Hello
X-ND-Cache
NtCoent-Length
X-Varnish-Url
X-Skip-Cache
GeoIP-City
X-Fastly-Backend-Reqs
GeoIP-Latitude
X-ABtesting
X-Zone
X-Bc
X-DC
Fastly-Drupal-HTML
X-FPC
Cdn-Request-Time
X-Edge-Server
X-Served-From
Cdn-Host
X-PJAX-URL
X-APP
X-VarnishDD-TTL
X-PF-Uncompressing
X-Method
Magicmarker
X-Newrelic-App-Data
X-Ratelimit-Limit
X-HostName
Cteonnt-Length
X-Bc-Bl
N-Cache
Amp-Access-Control-Allow-Source-Origin
WebServer
X-DevSite-Last-Modified
X-Ftr-Cache-Host
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-BE
X-Amzn-Remapped-Connection
X-Dynatrace
X-Backend-Host
X-Amzn-Remapped-Date
Processtime
X-Swift-Error
Servername
X-Dynatrace-Js-Agent
Ohc-Response-Time
X-ID
Cache-Provider
X-LB-ID
X-Svr
X-WA
X-Be
CDN
X-Frame-Option
X-WR-MODIFICATION
X-Snapshot-Date
FSS-Proxy
X-Adobe-Source
X-Fmm-Version
X-BC
X-ZONE
CF-IPCountry
FSS-Cache
X-Branch-Name
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Lfy
X-Aicache-OS
Vix-Hermes-Req-Id
X-StackifyID
Cache-Cookie-Set-From
Dynatrace
Load-Balancing
Requestid
X-CACHE-AGE
Fusion-Deployment-Id
Trailer
X-Scheme
WZWS-RAY
X-Tid
D-Cc-Upstream
X-SB
X-VC
X-Request-Url
V-Cache
X-Fastly-Cache-Hits
Pagetype
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Cc-Via
X-Cc-Req-Id
Warning
Proxy-Firewall
DSUID
X-Node-ID
X-Litespeed-Cache-Control
X-MServer
X-App
Cneonction
X-Request-URL
X-Worker
X-Fpc
X-Fastly-Cache-Status
X-WPE-Loopback-Upstream-Addr
X-Check-Cacheable
Correlation-Id
X-Hp-Ccpa-Warning
X-Varnish-Beresp-TTL
X-Configured-By
X-Powered-Y
X-ElasticPress-Search
Backend-Name
X-VCT
WP-Super-Cache
Release