Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
X-XSS-Protection
CF-Cache-Status
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Xss-Protection
X-DNS-Prefetch-Control
X-Template
X-Language
CF-Ray
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ua-Compatible
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
P3p
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
Rating
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-Ch
X-Country-Code
X-Instart-Request-ID
X-Varnish-TTL
X-FTR-Request-ID
X-DynaTrace
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-GitHub-Request-Id
X-Vcache
X-Version
X-MS-InvokeApp
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Kinja-Revision
RTSS
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Debug
X-Server-ID
X-Px
X-Abt-Application-Version
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
AR-PoweredBy
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-Middleton-Response
X-Middleton-Display
Display
X-Navigation-Version
Pagespeed
Response
X-Sol
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Vcap-Request-Id
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Pinterest-Rid
Pinterest-Version
X-Fastcgi-Cache
X-SharePointHealthScore
X-VARITI-CCR
TCN
X-SRCache-Store-Status
X-Powered-CMS
X-SRCache-Fetch-Status
Public-Key-Pins
X-Fastly-Request-ID
X-Edge-O15-RID
Realpath
Cache-Tag
X-Client-IP
X-Trace
X-Cdn
MS-Author-Via
Nginx-Cache
Access-Control-Request-Method
X-Ser
X-Content-Type
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Shard
X-Mrf-Section-Lastmod
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Id
X-Hp-Webp
X-Jurisdiction
X-Grace
X-Ezoic-Cdn
S
X-Upstream
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
X-T
X-Hits
Front-End-Https
X-Cache-TTL
Fastcgi-Cache
Nel
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Varnish-Age
X-Element-Page-Cache
X-Node-Name
ServerID
X-Mobile-URL
X-Content-Digest
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Realm
X-Country-Code-Real
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-HS-Cache-Config
X-Frontend
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
Powered
TP-L2-Cache
TP-Cache
X-Logged-In
Alternate-Protocol
X-CST
Server-Name
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-Restarts
X-Correlation-Id
X-Cache-Hit
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Request-Processing-Time
X-XRDS-Location
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
Refresh
X-Content-Options
X-Page-Id
X-User-Agent
X-Content-Security-Policy-Report-Only
X-FTR-Cache-Host
X-F-Cache
X-Zen-Fury
X-Origin-Server
X-Akamai-Edgescape
X-Rid
X-Revision
X-XRDS-LOCATION
X-Varnish-Grace
X-Type
X-B
X-Content-Powered-By
X-LB-Cache
PB-PID
PB-RID
X-B3-Sampled
Arc-Version
X-Mobile-Rewrite
X-Webkit-Csp
X-Activity-Id
X-AppVersion
X-Az
Cache-Status
X-Geo-Country
X-URL
X-Kinsta-Cache
X-N
X-Cache-Action
X-TT
X-Cache-Age
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Framework
X-Jobs
X-Instance
X-Signature
X-Debug-Info
X-B-Cache
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-Time
X-Tumblr-Pixel
X-Tumblr-User
Actual-Object-TTL
Paypal-Debug-Id
X-FB-Debug
X-App-Environment
X-Cached-By
X-Load-Cache
X-Request-Guid
X-PHP-Backend
X-Git-Hash
X-Pad
X-Shield-Request-Id
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-RateLimit-Remaining
Fastcgi-Useragent
X-NWS-LOG-UUID
X-Varnish-Backend
Surrogate-Key
Host-Header
X-ATG-Version
X-WA-Info
X-IPLB-Instance
MS-CV
X-Contextid
Host
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Via-JSL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
NGB
X-Accel-Buffering
X-Response-Served-From
X-FastCGI-Cache
X-SS-Set-Cookie
X-Host-Name
X-Cache-Key
X-Cache-NE
Payment
Tracecode
Frame-Options
Source
X-Varnish-Server
Xserver
X-Region
X-Cache-2
Eomportal-Instance
X-Cluster
X-GeoIP
X-Origin-Response-Time
WPE-Backend
Filters
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Type
X-Adobe-Content
Retry-After
X-FW-Server
X-Varnish-Hostname
X-Adobe-Loc
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-RequestSource
X-NewRelic-App-Data
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Analytics
X-Rendered-As
X-Is-Bot
X-Cacheable-TTL
X-Cache-Enabled
X-Srv
FilterID
X-Cache-Rule
X-Cache-Operation
X-Seen-By
X-Webapp-Samesite-None-Activated-N
Server-Info
X-Hostname
Liferay-Portal
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-TX-ID
X-ProcessESI
X-Presslabs-Stats
X-Cache-TTL-Remaining
X-App-Server
Cleartype
Accept-CH
X-Environment-Context
X-L-Path
X-Dc
X-FireWall-Port
X-B3-Traceid
X-Upgrade-Enabled
Ms-Operation-Id
X-RTag
X-Endurance-Cache-Level
X-Source
X-CACHE-KEY
X-Handled-By
X-Cache-Server
From-Origin
X-HTML-Minification-Powered-By
Srv
Datacenter
X-PressLabs-Stats
X-Backend-Name
X-UA
Accept-Charset
Accept-CH-Lifetime
X-UUID
X-ES-SERVER
X-Cache-Var
Meta-Geo
X-Path-Route
X-RN-RSRV
X-Cache-Var-Map
X-Tb
X-Access
X-Format
X-Timing-Wait
X-Section
X-Proxy-Build
Selected-Fe
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Sorting-Hat-PodId
OT-Force-Account-Verify
X-Alternate-Cache-Key
Mn-Server-Ip
X-EIG-Tracking-Id
Cache-Tags
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShopId
X-ShardId
X-Content-Age
X-Sorting-Hat-ShopId
X-Origin
X-Akamai-Transformed
NGX
X-Akamai-Request-ID2
X-Akamai-Request-ID
X-Qloud-Router
X-Hl-Ver
X-Cache-Config
X-BYPASS-REASON
X-ServerID
X-Proto
X-PCL
X-JoinUs
Ec-Rule-Version
X-VWS-Id
X-Request-Time
X-Yottaa-Optimizations
X-SaId
X-ProxyCache-Status
Version
Akamai-GRN
X-Status
X-OCL
X-LJ-Flow-ID
X-Vgn-Hpd-Reason
X-Yottaa-Metrics
X-ProxyCache-Key
X-AWS-Id
Cross-Origin-Window-Policy
Decoy-Debug-TTL
Decoy-Debug-Status
Now
Origin-Cache-Control
Origin-Edge-Control
Decoy-Debug-Key
DB-Nickname
X-NYM-Debug-Backend
X-Hyper-Cache
X-Cluster-Node
X-Human
X-Proxy
X-Pubstack
X-APP-VERSION
X-Wix-Request-Id
X-FC-Vary-Parameters
X-Viewer-Country
X-Debug-Cache
X-Www-Served-By
X-Soup
X-Proxy-Cache-Status
X-Cache-Control
X-CCM
X-Generated
X-SayCDN-TTL
X-FB-TRIP-ID
X-Say-TTL
X-Say-Cacheable
X-FW-Dynamic
X-Time-Microsecs
X-Generated-By
Property-Id
Healthy
TWC-Connection-Speed
TWC-Privacy
X-Hosted-By
Webcakes-App-Name
Webcakes-App-Version
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
X-Site-Version
Webcakes-Region
X-Web-Node
X-Redis-Cache
X-MP-GENERATED-AT
X-RateLimit-Limit
X-Varnish-Hits
X-Origin-Hint
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Storage
X-Locale
X-Loop
Azure-RegionName
Azure-SiteName
Azure-SlotName
X-TNCMS
Azure-InstanceId
Azure-Version
Node
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Detected-As
X-NCache
S-Rt
X-Cache-Host
X-IP
GEO-INFO
Cache
X-Rule
X-Whom
Cache-Key
X-VCache
X-Drupal-Cache-Tags
L5d-Success-Class
X-UA-Device-Type
X-Mode
X-Esi
Cache-Name
X-Daa-Tunnel
Webserver
X-Forwarded-Host
X-Unique-Id
X-CS
Viewport
X-NGENIX-Cache
Mime-Version
X-UnsetCookies
Time
X-Info
Accept-Language
X-VHOST
Content-Disposition
X-Origin-CC
X-Origin-TTL
Section-Io-Cache
X-Varnish-Cache-Hits
X-ApacheServer
X-PERF
Country
Uber-Trace-Id
X-Newrelic-Synthetics
ServedBy
X-B3-Spanid
Rt-Fastcgi-Cache
Odigeo-Trace-Id
X-Cache-Remote
X-EC-Lua
X-From
X-Backend-TTL
X-Routing-Service
X-Zipkin-Id
X-Magnolia-Registration
X-Proxied
X-Device-Type
X-CDN-Forward
X-Via-Fastly
X-Cluster-Name
X-Nc
X-CLOUD-TRACE-CONTEXT
Geo-Info
X-Uri
X-Microcachable
Proxy-Connection
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-TT-TIMESTAMP
X-Drupal-Cache-Contexts
X-Ttl
X-Geo
Filterid
Cf-Ipcountry
Ohc-File-Size
HitType
Access-Control-Request-Headers
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Destination
X-Varnish-Beresp-Grace
X-Real-IP
VivaBuild
Apple-News-Services-Handled
Apple-News-Services-Host
MD5-Digest
X-Connection-Hash
Machine
X-Region-Sid
Mobile-Detection-Method
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-GeoIP-Country-Code
X-CF-Lambda-Fn
Content-Style-Type
X-Geo-Header
X-CF-Lambda-Version
T-Server
X-G
Content-Script-Type
X-B-Cookie
X-ARC
X-DPWN-IS-SECURE
Viewtype
X-External-Request-Id
Xc-Version
X-Application
Meta-Geo-Continent
X-A-Dcw
X-A-Dam
X-Transaction
W
X-Date
X-A-Wwc
X-A-Dgt
BehaviorPad-Version
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-A
X-D
X-A-Ccd
X-Twitter-Response-Tags
X-VG-TLSProxy
X-Trv-Group
Rendered-Blocks
AsisCache
X-Accel-Expires-Debug
X-S
X-S-Cookie
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-TA-CDN-Provider
X-Rojux
X-Aed
Apple-News-Services-Parsed-Url
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Session-Fingerprint
X-ScT
X-Sigma-Backend
Apple-News-Services-Request-Url
X-SRCache-Key
X-Sigma
X-C
CDCHOST
X-CUA
X-Developers
X-Distil-CS
Fastly-Soc-X-Request-Id
X-CGP
X-Cache-Time
X-Eu-Site
Environment
X-Agile-Id
X-SIPLIST1
X-App-Version
IsBot
Locid
X-App-Name
X-Agile
X-Request-UUID
X-Hit
Powered-By
X-Thanos
X-WebServer
X-Cache-Debug
X-No-Session
Ha-Gx-Prefs
HA-Ipaddr
X-Logging-Id
X-Bip
X-VC-Cache
X-Agile-Age
User-Cache-Control
Fastly-SSL
X-PHP-Host
X-Labrador-Cache-Channel
X-Cache-ASPX
X-Cdn-Srv
True-Client-Country-4JS
V-Age
X-Clientip
X-Cms-Context
X-Air-Hostname
X-Auto-Login
X-Contensis-Viewer-Groups
X-Azure-Ref
We-Hiring
X-Li-Fabric
X-SVT-ORM-RULES
X-Request-URI
X-SVT-ORM-VERSION
X-Swa-Ws
X-TH-Server
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Owner
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Trace-Id
X-TrackingId
X-Wikidot-Static-Cache
X-Backend-State
X-Cache-Expired-At
X-Var-Ttl
X-Wikidot-Backend
X-VServer
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Varnish-Authentication
X-OVcl-Cache
X-OVcl
X-GeoIP-City
X-Generated-In
X-Hash
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Gamma-Serve
X-Fetched-On
X-Debug-Log
X-Dispatcher-Server
X-Distributor
X-Epic-Correlation-Id
X-Instart-Isnd
Server-Surrogate-Control
X-NodeID
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-Nginx-Cache-Key
X-Ms-Version
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Ms-Request-Id
X-Core-Mission
X-Debug-Cookies
Heartbleed
Gh-Request-Id
Kp-EeAlive
Locale
Request-Country
Mail-Subject
Fastly-SWR
Fastly-SIE
Server-Int
Group
AKAMAI
Country-Code
Countrycode
Request-EU
Cache-Host
RNT-Time
Server-Cache-Control
Server-ID
RNT-Machine
X-UPSTREAM-Address
X-GoCache-CacheStatus
X-Core-Value
Cdnsip
X-Matched-Rule
X-Platform-Server
X-TT-LOGID
Cdncip
Server-Host
X-Trafficlayer-App-Version
FNAC-ModuleRouting
X-Clara-WADP
X-Micro-Cache
X-Debug-Cache-Expiry
X-Irp-Debug
Thinkindot-Control
X-Debug-Cache-Fetch
X-Up
X-Generation-Time
X-Service
X-Generated-On
X-Fastly-Cache
X-ServiceProvider
X-Variation
X-Servername
Thinkindot-CacheControl-Type
X-Trafficlayer-App-Scope
Adler-Geo
X-Server-W
Wxu-Next-Hostname
X-Debug-Cache-Store
X-Trafficlayer-App-Name
X-Hnp-Log
Thinkindot-CacheControl
X-Level-Front-Cache
Fastly-Backend-Name
X-WADP-Cache
X-AK-Request-ID
X-JWT-State
PFcat
Wxu-Next-Commit
Wxu-Next-Region
Web-Mar-Node
X-Reboot
Platform
X-Is-Gdpr
X-Has-Esi
Cache-Hits
ServerName
Ohc-Cache-HIT
X-Cache-Info
X-Cache-Tags
X-Gen-Mode
X-Cache-URL
X-Thinkindot-L3
X-Block-Status
X-BBXSRF
IBM-Web2-Location
X-Req
X-Webstats-RespID
X-Nginx-Cache
Is-Eu
X-Edge-Location
S-Cnection
X-Lb-Id
X-S-Maxage
X-FW-Version
X-Old-Content-Length
Pragrma
Memcached
X-NU-AKA-ACS-Version
X-Render-Time
X-Cache-Bucket
X-We-Are-Hiring
X-Cache-Backend
X-Refresh
X-Response-By
RequestId
X-SERVER
X-User
Powered-By-ChinaCache
X-Internal-Host
X-Wa
X-Key
X-BACKEND-TTL
X-Sucuri-Cache
X-CSRF-TOKEN
X-Varnish-Cacheable
X-Sucuri-ID
X-Cdn-Forward
X-Parent-Response-Time
X-Tec-Api-Version
X-Location
X-Ua
X-Pjax-Url
X-CF-Powered-By
Origin
X-Tec-Api-Origin
X-Tec-Api-Root
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Node-Id
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Tb-Optimization-Total-Bytes-Saved
User-Agent
X-Developer
X-Correlation-ID
X-CSRF-Token
X-Unique-ID
X-Device-Os
X-Cache-Grace
X-Cdn-Origin
X-LAGOON
X-Sn-Servicetimems
X-Cache-Status-Check
ProcessTime
X-NC
X-B3-Parentspanid
Hostname
X-Ocache
TTL
Memory
X-Pf-Uncompressing
X-Via-CDN
X-NWS-UUID-VERIFY
SRV
Geoip-City
On-Server
A
Geoip-Latitude
X-Vcl-Version
X-COUNTRY
X-MSEdge-Features
GeoIp-Country-Code
X-MSEdge-Flight
X-Server-IP
X-Request-Host
X-NGINX-Cache
PICS-Label
Cloudfront-Viewer-Country
Tcn
X-B3-SpanId
X-Webkit-CSP
M-TraceId
X-Servedbyhost
X-Litespeed-Cache
X-HS-Status
Media-Length
X-Varnish-URL
X-Varnish-Ttl
X-Cdn-Request-ID
SN
Cdn
X-Rocket-Nginx-Bypass
XServer
X-Ruxit-Js-Agent
X-TIME
Resin-Trace
Dnion-Transfer-Encoding
CACHE
X-FORWARDED-FOR
X-Via-Ucdn
Host-ID
X-Ratelimit-Remaining
Who
X-Slack-Backend
X-Beluga-Trace
X-Beluga-Cache-Status
X-Cache-Ttl
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Status
X-Beluga-Record
X-ServedByHost
X-Action
HostName
X-Sucuri-Id
X-Processor
X-Server-Time
Pics-Label
X-AIR-PT
X-DB
X-Fastly-Country-Code
X-DW
X-RPM
Arc-Country
X-Reqid
X-RSL
X-RPS
X-PAYTM-SRV-ID
Pramga
X-DI
Esi-Enabled
X-Dispatch
X-DSS
X-Cache-FS-Status
X-ABtesting
X-Hello
X-Policy
X-Planisys-CDN-Rules
X-ND-Cache
GeoIP-Country-Code
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Flog
CF-Cached-On
GeoIP-Latitude
Cdn-Request-Time
X-Edge-Server
Cdn-Host
X-VarnishDD-TTL
X-Served-From
Amp-Access-Control-Allow-Source-Origin
GeoIP-City
X-Request-Start
X-Skip-Cache
X-VCL-Version
Fastly-Drupal-HTML
X-Azure-Ref-OriginShield
Section-Io-Id
X-LiteSpeed-Cache-Control
Section-Io-Origin-Status
MIME-Version
Section-Io-Origin-Time-Seconds
X-Oracle-Dms-Rid
Section-Origin-Responded
NtCoent-Length
N-Cache
X-Varnish-Url
X-PF-Uncompressing
X-HostName
Rt-Proxy-Cache
X-Bc
Ttl
X-Bc-Bl
X-Zone
X-DC
Trailer
X-APP
X-Ratelimit-Limit
X-Newrelic-App-Data
X-Fastly-Backend-Reqs
X-DevSite-Last-Modified
Fusion-Deployment-Id
X-Adobe-Source
X-PJAX-URL
Magicmarker
X-Backend-Host
X-Method
X-SRV
WebServer
X-FPC
X-Swift-Error
X-Dynatrace
X-BE
FSS-Proxy
Cache-Cookie-Set-From
FSS-Cache
Processtime
Cache-Cookie-Set-Idcheck
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Cache-Cookie-Set-Lfrom
Cteonnt-Length
X-Dynatrace-Js-Agent
Servername
X-Scheme
X-BC
X-Fmm-Version
X-ZONE
X-WA
X-ID
Cache-Provider
X-Frame-Option
X-WR-MODIFICATION
X-Svr
X-LB-ID
X-Snapshot-Date
CF-IPCountry
X-Branch-Name
CDN
Ohc-Response-Time
Dynatrace
X-Fpc
Requestid
X-Be
X-StackifyID
X-CACHE-AGE
X-Ftr-Cache-Host
X-Cache-Id
L
Vix-Hermes-Req-Id
X-Compress-Hint
X-App
Lfy
X-Esi-Check
X-SN
X-Tid
X-Apw-Hits
X-SB
X-Fastly-Cache-Hits
X-VC
Warning
X-Cc-Via
D-Cc-Upstream
V-Cache
X-Request-Url
X-Apw-Access-Token
X-Apw-Access-Object
X-Cc-Req-Id
WZWS-RAY
X-Aicache-OS
X-Apw-Access-Action
Load-Balancing
X-Litespeed-Cache-Control
Sid
Lb
Correlation-Id
Backend-Name
Proxy-Firewall
X-GEO
Pagetype
X-Worker
WP-Super-Cache
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
Cneonction
X-Request-URL
X-ElasticPress-Search
X-Powered-Y
X-WPE-Loopback-Upstream-Addr