Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
Expect-CT
X-XSS-Protection
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
Alt-Svc
X-Timer
CF-Ray
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Server-Timing
Feature-Policy
X-Varnish-Cache
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Backend-Server
X-Cloud-Trace-Context
X-Readtime
X-Dispatcher
X-Ruxit-JS-Agent
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Application-Context
X-Cnection
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-Country
X-Clacks-Overhead
X-Rack-Cache
Rating
X-Akam-SW-Version
Edge-Control
P3p
X-DataDome
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
Content-MD5
Verso
X-TTL
X-ESI
Service-Worker-Allowed
X-Url
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Vcache
X-GitHub-Request-Id
RTSS
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-B3-TraceId
X-Version
X-Server-Name
X-Forwarded-Proto
X-MS-InvokeApp
X-D2id
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Debug
X-Amz-Server-Side-Encryption
AR-ATIME
AR-CACHE
Ar-Sid
AR-Request-ID
AR-PoweredBy
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Navigation-Version
X-MSEdge-Ref
X-Vcap-Request-Id
X-Sol
X-Middleton-Response
Display
Pagespeed
Response
X-Amz-Rid
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-Server-ID
X-VARITI-CCR
X-Fastly-Request-ID
X-SharePointHealthScore
Nginx-Cache
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
Public-Key-Pins
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-CMS
X-Client-IP
X-Cdn
Cache-Tag
X-Edge-O15-RID
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Upstream
X-Shard
X-Grace
X-Hp-Webp
X-Jurisdiction
X-Cache-TTL
X-Id
X-Ezoic-Cdn
Front-End-Https
X-Forwarded-For
X-Hits
Fastcgi-Cache
X-Amz-Meta-S3cmd-Attrs
X-T
S
Nel
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Aspnet-Version
X-Content-Digest
X-Node-Name
X-Dw-Request-Base-Id
X-DynaTrace-JS-Agent
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-Mobile-URL
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-Varnish-Age
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
Server-Node
NR-ENABLED
TP-Cache
TP-L2-Cache
X-HS-Cache-Config
X-HS-Combine-CSS
X-Frontend
X-Correlation-Id
X-HS-Hub-Id
X-HS-Content-Id
Powered
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-Logged-In
X-CST
Alternate-Protocol
X-XRDS-Location
Server-Name
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-Restarts
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Page-Id
X-Content-Options
X-Zen-Fury
Refresh
X-User-Agent
X-Request-Received
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Origin-Server
X-Akamai-Edgescape
X-Varnish-Grace
X-Rid
X-LB-Cache
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-B
X-Revision
X-Content-Powered-By
X-Type
X-B3-Sampled
Cache-Status
X-XRDS-LOCATION
X-Geo-Country
X-Az
X-Activity-Id
X-AppVersion
X-NWS-LOG-UUID
X-Kinsta-Cache
X-TT
X-Cache-Action
X-AOL-HN
X-Debug-Info
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-B-Cache
X-Framework
X-N
X-App-Environment
X-Jobs
X-Signature
X-Cached-By
X-Request-Guid
Actual-Object-TTL
X-Git-Hash
X-PHP-Backend
X-Time
X-Instance
X-FB-Debug
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Age
Paypal-Debug-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Load-Cache
X-Amz-Replication-Status
X-URL
X-Varnish-Backend
DC
Host
Host-Header
X-ATG-Version
X-WA-Info
X-Pad
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-RateLimit-Remaining
X-Webkit-Csp
X-Shield-Request-Id
X-Via-JSL
MS-CV
Surrogate-Key
X-IPLB-Instance
X-Ttl
X-Contextid
X-Ua-Device
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Erf-Bev-Bev
X-Host-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Liferay-Portal
Retry-After
Frame-Options
Accept-CH
X-Accel-Buffering
X-Response-Served-From
NGB
X-Seen-By
X-Srv
X-NewRelic-App-Data
Payment
X-Hostname
X-FastCGI-Cache
X-Cache-NE
Source
X-Varnish-Server
Xserver
X-Origin-Response-Time
WPE-Backend
X-FW-Hash
X-FW-Server
X-FW-Type
X-FW-Static
X-FW-Serve
Eomportal-Instance
X-Cluster
X-IPS-LoggedIn
X-Is-Bot
X-Cacheable-TTL
X-Rendered-As
Tracecode
X-Cache-Enabled
X-SS-Set-Cookie
X-Cache-2
X-Region
X-Varnish-Hostname
Server-Info
X-GeoIP
X-Adobe-Loc
X-Adobe-Content
X-RequestSource
Filters
X-App-Server
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Rule
Cache-Tv-Group
X-ProcessESI
X-Cache-Key
X-RemovedCookies
X-Cache-Operation
X-EdgeConnect-Cache-Status
FilterID
X-Cache-TTL-Remaining
X-Presslabs-Stats
X-TX-ID
Accept-CH-Lifetime
X-L-Path
X-Environment-Context
X-FireWall-Port
Cleartype
X-CACHE-KEY
X-Upgrade-Enabled
X-Handled-By
Accept-Charset
X-B3-Traceid
X-RTag
Ms-Operation-Id
X-Source
X-Endurance-Cache-Level
From-Origin
Srv
X-Cache-Server
X-Backend-Name
X-Analytics
X-HTML-Minification-Powered-By
X-PressLabs-Stats
Datacenter
X-UUID
Healthy
X-UA
X-Wix-Request-Id
X-Unique-Id
X-Cache-Var
X-Daa-Tunnel
X-Status
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Path-Route
Meta-Geo
Selected-Fe
X-Timing-Wait
X-Tb
OT-Force-Account-Verify
X-Whom
X-Proxy-Build
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-EIG-Tracking-Id
X-Shopify-Stage
Akamai-GRN
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
Version
X-Akamai-Transformed
X-PCL
X-Shopify-Generated-Cart-Token
X-OCL
X-Access
X-FC-Vary-Parameters
Mn-Server-Ip
X-Request-Time
X-Cache-Config
X-Content-Age
X-ShardId
X-Sorting-Hat-PodId
X-Section
X-Format
X-ShopId
Decoy-Debug-Key
Ec-Rule-Version
Decoy-Debug-TTL
Origin-Cache-Control
Decoy-Debug-Status
Node
X-Qloud-Router
X-Say-TTL
X-Viewer-Country
X-Vgn-Hpd-Reason
X-LJ-Flow-ID
X-ProxyCache-Key
X-Proxy-Cache-Status
X-VWS-Id
X-NYM-Debug-Backend
Cache-Tags
X-Web-Node
X-SayCDN-TTL
X-JoinUs
X-Hyper-Cache
X-ProxyCache-Status
X-SaId
X-Origin
X-Redis-Cache
X-BYPASS-REASON
X-Debug-Cache
X-Say-Cacheable
X-Human
X-Hosted-By
X-Hl-Ver
X-Soup
Origin-Edge-Control
X-AWS-Id
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Dc
X-APP-VERSION
X-Site-Version
X-Storage
X-TNCMS
X-Loop
X-FB-TRIP-ID
X-CCM
X-Detected-As
X-Www-Served-By
X-Generated
X-Locale
Azure-InstanceId
X-FW-Dynamic
X-Akamai-Request-ID2
X-Generated-By
X-Proxy
X-ServerID
X-Pubstack
Now
NGX
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
DB-Nickname
X-BCube-Filmed-By
X-Time-Microsecs
Cross-Origin-Window-Policy
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
X-NCache
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-RCS-CacheZone
X-Xfnlog-Site
X-Webapp-Samesite-None-Activated-N
X-R9-Blue-Green-Version
Property-Id
TWC-Device-Class
TWC-Connection-Speed
S-Rt
X-Varnish-Hits
X-IP
X-Amzn-Remapped-Content-Length
X-Backend-TTL
X-UA-Device-Type
Cache-Key
X-Cluster-Node
X-MP-GENERATED-AT
X-NGENIX-Cache
GEO-INFO
X-RateLimit-Limit
Section-Io-Cache
X-CDN-Forward
X-Mode
X-Drupal-Cache-Tags
X-Cache-Host
X-Forwarded-Host
X-Cache-Control
Cache
Webserver
X-Rule
Time
X-Esi
X-Info
L5d-Success-Class
Content-Disposition
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
X-UnsetCookies
Mime-Version
X-PERF
X-ApacheServer
X-Cache-Remote
Cache-Name
ServedBy
Accept-Language
X-CS
Rt-Fastcgi-Cache
X-Origin-TTL
X-Origin-CC
Viewport
Uber-Trace-Id
X-Routing-Service
Country
X-Zipkin-Id
X-Proxied
X-Device-Type
Odigeo-Trace-Id
X-Via-Fastly
X-B3-Spanid
Filterid
X-Magnolia-Registration
X-Uri
X-VCache
X-EC-Lua
Geo-Info
X-From
X-CLOUD-TRACE-CONTEXT
X-Geo
Access-Control-Request-Headers
Proxy-Connection
X-Real-IP
Cf-Ipcountry
X-Cluster-Name
HitType
X-Drupal-Cache-Contexts
X-Microcachable
X-TT-TIMESTAMP
X-Cache-Time
X-PHP-Host
X-Labrador-Cache-Channel
VivaBuild
VIX-Pulpo-Node
X-A-Dam
X-A-Wwc
X-A-Dgt
X-A
X-Accel-Expires-Debug
X-Aed
VIX-Pulpo-Upstream-Status
W
X-A-Ccd
Rendered-Blocks
Apple-News-Services-Request-Url
AsisCache
X-Date
X-D
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
Content-Script-Type
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-External-Request-Id
X-Destination
Content-Style-Type
Machine
Apple-News-Services-Handled
MD5-Digest
X-DPWN-IS-SECURE
X-CF-Lambda-Fn
X-B-Cookie
T-Server
X-Application
X-ARC
X-CF-Lambda-Version
X-GeoIP-Country-Code
Meta-Geo-Continent
X-Connection-Hash
X-G
Cache-Hits
Mobile-Detection-Method
Viewtype
Group
X-SRCache-Key
X-Sigma-Backend
X-Request-UUID
X-Transaction
X-Trv-Group
X-App-Version
X-S
X-Sigma
X-Session-Fingerprint
X-Rocket-Build-Number
X-Rojux
X-Rewrite-Enabled
Xc-Version
X-ScT
X-S-Cookie
X-Region-Sid
X-Twitter-Response-Tags
X-Varnish-Beresp-Ttl
X-VG-WebServer
X-A-Dcw
X-VG-WebCache
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Ohc-File-Size
User-Cache-Control
X-SIPLIST1
Fastly-SWR
X-Distil-CS
X-WebServer
Fastly-SIE
X-Wikidot-Backend
Environment
X-Agile-Age
Ha-Gx-Prefs
CDCHOST
X-Agile
X-Eu-Site
Locid
X-Bip
X-Cache-Debug
X-Cache-Expired-At
X-Backend-State
X-Var-Ttl
X-VC-Cache
X-Wikidot-Static-Cache
Powered-By
X-Agile-Id
X-Thanos
X-App-Name
IsBot
X-CUA
X-TrackingId
X-CGP
X-Clientip
HA-Ipaddr
Countrycode
X-Rebelmouse-Cache-Control
X-Cdn-Srv
X-Logging-Id
X-OVcl-Cache
X-Rebelmouse-Surrogate-Control
X-OVcl
X-Geo-Header
X-Hit
X-C
X-GoCache-CacheStatus
X-Proxy-Upstream
X-Block-Status
X-BBXSRF
X-Webstats-RespID
X-Micro-Cache
X-Cache-Bucket
X-WADP-Cache
X-Cache-Info
X-Cache-URL
X-Up
X-We-Are-Hiring
X-Azure-Ref
X-Platform-Server
X-Variation
X-NU-AKA-ACS-Version
X-NodeID
X-RateLimit-Remaining-Second
X-NX-Host
X-Origin-Date
X-VServer
X-Varnish-Authentication
X-RateLimit-Limit-Second
X-Ms-Version
X-Origin-Expires
X-Nginx-Cache-Key
X-Air-Hostname
X-LI-UUID
X-Ms-Request-Id
X-Clara-WADP
X-Epic-Correlation-Id
X-GeoIP-City
X-Auto-Login
X-Cache-ASPX
X-Hash
X-Hnp-Log
X-Distributor
Server-Surrogate-Control
Server-Cache-Control
X-Generated-In
X-Gen-Mode
X-Fetched-On
X-Servername
X-Fastly-Cache
Gh-Request-Id
X-Owner
X-Dispatcher-Server
X-IN-APIGATEWAY
X-Request-URI
X-Core-Mission
X-Li-Fabric
X-Contensis-Viewer-Groups
X-Li-Pop
X-LI-Proto
Fastly-Soc-X-Request-Id
X-Trace-Id
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Debug-Log
X-Debug-Cookies
X-Instart-Isnd
X-TH-Server
X-Swa-Ws
X-Developers
X-Cache-Tags
Mail-Subject
Kp-EeAlive
Server-ID
Platform
RNT-Time
RNT-Machine
Pragrma
Memcached
Request-Country
Request-EU
Server-Int
Is-Eu
Web-Mar-Node
IBM-Web2-Location
Adler-Geo
S-Cnection
X-NC
V-Age
We-Hiring
Country-Code
Fastly-Backend-Name
True-Client-Country-4JS
Cache-Host
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Edge-Location
X-Oss-Server-Time
X-Oss-Storage-Class
X-Trafficlayer-App-Version
Ohc-Cache-HIT
X-Gamma-Serve
X-Trafficlayer-App-Scope
X-No-Session
X-FW-Version
Cdncip
X-JWT-State
X-Nginx-Cache
X-Is-Gdpr
X-Matched-Rule
X-Nc
X-Has-Esi
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Req
X-AK-Request-ID
X-Cms-Context
X-ServiceProvider
X-Service
X-Reboot
Wxu-Next-Region
X-Trafficlayer-App-Name
X-Debug-Cache-Expiry
Cdnsip
X-Thinkindot-L3
Locale
X-Level-Front-Cache
ServerName
X-Urbn-Site-Id
Heartbleed
AKAMAI
X-Urbn-Context-Path
FNAC-ModuleRouting
X-TT-LOGID
X-Tumblr-Pixel-3
X-Core-Value
X-SVT-ORM-RULES
Thinkindot-Control
Wxu-Next-Commit
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-SVT-ORM-VERSION
Server-Host
X-Server-W
PFcat
X-Generated-On
X-Node-Id
Fastly-SSL
X-Lb-Id
X-Varnish-Cacheable
X-Response-By
X-Old-Content-Length
X-Generation-Time
User-Agent
X-VHOST
X-Sucuri-ID
X-SERVER
RequestId
X-Refresh
X-Wa
X-CSRF-TOKEN
X-UPSTREAM-Address
X-Cache-Status-Check
X-S-Maxage
Powered-By-ChinaCache
Hostname
X-Developer
X-NWS-UUID-VERIFY
X-Parent-Response-Time
X-Cache-Grace
X-Render-Time
X-Cdn-Origin
X-Device-Os
X-Sn-Servicetimems
X-LAGOON
X-Cache-Backend
X-Ua
X-CF-Powered-By
X-Tec-Api-Version
Origin
X-Pjax-Url
X-Tec-Api-Root
X-Ocache
X-User
X-Tec-Api-Origin
X-Dynatrace-Js-Agent
X-Key
X-Tb-Optimization-Total-Bytes-Saved
X-Internal-Host
On-Server
A
Memory
X-MSEdge-Flight
Cloudfront-Viewer-Country
X-Request-Host
X-Sucuri-Cache
X-MSEdge-Features
X-CSRF-Token
X-Pf-Uncompressing
X-Via-CDN
X-Location
X-TA-CDN-Provider
SRV
Geoip-Latitude
Geoip-City
GeoIp-Country-Code
X-NGINX-Cache
ProcessTime
X-COUNTRY
PICS-Label
X-Varnish-URL
X-B3-Parentspanid
Resin-Trace
X-Servedbyhost
X-Cdn-Forward
X-Litespeed-Cache
X-BACKEND-TTL
TTL
X-Vcl-Version
X-Webkit-CSP
X-DC
X-HS-Status
Cdn
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
X-Server-IP
X-B3-SpanId
X-Slack-Backend
Dnion-Transfer-Encoding
XServer
X-TIME
Pramga
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Dispatch
Tcn
M-TraceId
X-Processor
X-Server-Time
SN
Arc-Country
Fusion-Deployment-Id
Trailer
X-FORWARDED-FOR
Media-Length
Section-Io-Id
X-Skip-Cache
X-ND-Cache
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Cdn-Request-ID
Host-ID
X-Unique-ID
X-VCL-Version
CACHE
X-Ratelimit-Remaining
X-Beluga-Record
X-Cache-Ttl
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Node
Ttl
Cdn-Host
X-Served-From
X-Edge-Server
X-Action
Fastly-Drupal-HTML
X-Beluga-Status
X-Beluga-Trace
X-ServedByHost
Cdn-Request-Time
HostName
N-Cache
X-DSS
X-DI
X-DB
Who
X-DW
Pics-Label
X-Fastly-Country-Code
X-DevSite-Last-Modified
X-RSL
X-RPS
X-RPM
GeoIP-Country-Code
NtCoent-Length
X-Adobe-Source
GeoIP-City
X-Bc-Bl
GeoIP-Latitude
X-Correlation-ID
X-Via-Ucdn
CF-Cached-On
X-Flog
X-Reqid
X-ABtesting
X-Datadome
X-PF-Uncompressing
X-Hello
X-Backend-Host
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
MIME-Version
X-Bc
Cache-Cookie-Set-From
Esi-Enabled
X-VarnishDD-TTL
Cache-Cookie-Set-Idcheck
X-Zone
Cache-Cookie-Set-Lfrom
X-Varnish-Url
X-AIR-PT
X-Sucuri-Id
X-Scheme
X-Fpc
X-APP
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Policy
X-Ratelimit-Limit
X-Fmm-Version
X-HostName
X-PJAX-URL
X-Fastly-Backend-Reqs
X-SRV
X-Azure-Ref-OriginShield
X-FPC
X-Request-Start
WebServer
Amp-Access-Control-Allow-Source-Origin
X-BE
Lb
Cteonnt-Length
X-Amzn-Remapped-Date
Rt-Proxy-Cache
X-Esi-Check
Sid
Processtime
X-Dynatrace
X-Amzn-Remapped-Connection
X-Cache-Id
X-SN
X-Swift-Error
Servername
X-Newrelic-App-Data
Load-Balancing
X-Cache-NGX
FSS-Cache
X-WA
FSS-Proxy
SD-X-WS
X-BC
X-ID
Magicmarker
Cache-Provider
Release
X-ZONE
X-SD-PageType
X-Gzip
X-Frame-Option
X-WR-MODIFICATION
X-StackifyID
Requestid
X-VCT
X-Instart-Info
X-Wix-Viewer-Type
X-Snapshot-Date
X-Branch-Name
X-LB-ID
X-ECACHE
X-Configured-By
X-Method
CF-IPCountry
CDN
Dynatrace
X-CACHE-AGE
L
Proxy-Firewall
Request-Time
X-Compress-Hint
X-Cache-PHP
X-Aicache-OS
X-Request-Url
Warning
X-VC
X-SB
V-Cache
X-Fastly-Cache-Hits
X-Cc-Req-Id
D-Cc-Upstream
WZWS-RAY
X-Cc-Via
X-Tid
X-Litespeed-Cache-Control
X-Be
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Nananana
Ohc-Response-Time
X-Worker
X-Apw-Access-Action
X-GEO
X-App
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
Cneonction
X-Check-Cacheable
X-Request-URL
X-ElasticPress-Search
X-Powered-Y
X-WPE-Loopback-Upstream-Addr
WP-Super-Cache