Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
CF-Ray
X-Server
X-Age
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
P3p
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Readtime
X-Backend-Server
X-Cloud-Trace-Context
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Cache-Lookup
X-Application-Context
X-HW
X-Ruxit-JS-Agent
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-DataDome
NEL
X-Rack-Cache
Rating
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-DynaTrace
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-GitHub-Request-Id
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Use-Magma
X-MS-InvokeApp
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-GoogleNews-Bot
RTSS
X-Vcache
X-Server-Name
Edge-Cache-Tag
X-D2id
X-Abt-Application-Version
X-Debug
X-Px
AR-CACHE
AR-ATIME
Ar-Sid
AR-PoweredBy
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Fastcgi-Cache
X-Middleton-Display
X-Sol
X-Middleton-Response
Display
Response
Pagespeed
X-MSEdge-Ref
X-Vcap-Request-Id
X-Navigation-Version
X-Accel-Expires
Arr-Disable-Session-Affinity
X-Amz-Rid
Pinterest-Version
X-Pinterest-Rid
TCN
X-Server-ID
X-SharePointHealthScore
X-Powered-CMS
X-VARITI-CCR
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge-O15-RID
Public-Key-Pins
X-Fastly-Request-ID
X-Trace
Cache-Tag
Realpath
X-Client-IP
X-Cdn
Nginx-Cache
MS-Author-Via
X-Ser
Access-Control-Request-Method
Nel
X-DynaTrace-JS-Agent
X-Shard
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Content-Type
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
S
X-Id
X-Upstream
X-Ezoic-Cdn
X-Grace
X-Hp-Webp
X-Forwarded-For
X-T
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Cache-TTL
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Mobile-URL
MicrosoftSharePointTeamServices
X-FTR-Realm
X-FTR-Expires
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-Dw-Request-Base-Id
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Powered
X-Goog-Storage-Class
X-Goog-Metageneration
X-Frontend
X-Goog-Generation
X-GUploader-UploadID
TP-L2-Cache
TP-Cache
X-Logged-In
Alternate-Protocol
Server-Name
X-CST
X-Amz-Apigw-Id
X-Amzn-RequestId
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Correlation-Id
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Hit
Fastly-Restarts
Backend-Timing
X-ATS-Timestamp
X-XRDS-Location
X-Content-Options
X-Content-Security-Policy-Report-Only
Refresh
X-Origin-Server
X-User-Agent
X-F-Cache
X-Rid
X-Page-Id
X-Akamai-Edgescape
X-Zen-Fury
X-Revision
X-Varnish-Grace
X-XRDS-LOCATION
X-Type
X-FTR-Cache-Host
X-Content-Powered-By
X-LB-Cache
X-B
PB-RID
PB-PID
X-B3-Sampled
Arc-Version
X-Mobile-Rewrite
X-Geo-Country
X-AppVersion
X-Az
X-Activity-Id
Cache-Status
X-URL
X-Kinsta-Cache
X-N
X-Cache-Age
X-Cache-Action
X-TT
X-Signature
X-B-Cache
X-Instance
X-Time
X-WebKit-CSP-Report-Only
X-AOL-HN
Access-Control-Allow-Method
Actual-Object-TTL
Paypal-Debug-Id
X-Debug-Info
X-Framework
X-Jobs
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-FB-Debug
X-App-Environment
X-Cached-By
X-Request-Guid
X-Load-Cache
X-Git-Hash
X-Shield-Request-Id
X-PHP-Backend
X-Pad
DC
Fastcgi-Useragent
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-RateLimit-Remaining
X-Amz-Replication-Status
X-Varnish-Backend
X-Webkit-Csp
Surrogate-Key
Host-Header
X-IPLB-Instance
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ATG-Version
MS-CV
X-Contextid
X-NWS-LOG-UUID
X-WA-Info
Host
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-SS-Set-Cookie
X-Via-JSL
X-Mobile
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Webapp-Samesite-None-Activated-N
X-Host-Name
X-Response-Served-From
Tracecode
X-Analytics
X-Accel-Buffering
NGB
FilterID
Payment
X-Cluster
X-Cache-NE
Xserver
Frame-Options
X-Origin-Response-Time
X-Cache-2
X-Region
WPE-Backend
X-FW-Type
Eomportal-Instance
Source
X-Varnish-Server
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-Varnish-Hostname
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-IPS-LoggedIn
X-GeoIP
Cache-Tv-Group
Filters
X-Hostname
X-Adobe-Content
X-Cacheable-TTL
X-Adobe-Loc
X-Cache-Enabled
X-Presslabs-Stats
X-Srv
X-Is-Bot
X-Rendered-As
Retry-After
X-EdgeConnect-Cache-Status
X-Seen-By
X-Cache-Operation
X-RequestSource
X-Cache-Rule
X-NewRelic-App-Data
X-Cache-Key
X-TX-ID
Server-Info
Liferay-Portal
X-ProcessESI
X-RemovedCookies
X-Cache-TTL-Remaining
Cleartype
X-FastCGI-Cache
X-CACHE-KEY
X-App-Server
Accept-CH
X-Dc
X-L-Path
X-Environment-Context
X-FireWall-Port
Ms-Operation-Id
X-RTag
X-B3-Traceid
X-Endurance-Cache-Level
X-Source
X-Handled-By
X-Cache-Server
X-Upgrade-Enabled
Datacenter
X-HTML-Minification-Powered-By
From-Origin
X-UA
X-Backend-Name
X-CLOUD-TRACE-CONTEXT
Accept-Charset
X-VCache
X-APP-VERSION
Accept-CH-Lifetime
X-Cache-Var
Meta-Geo
X-Path-Route
X-PressLabs-Stats
Srv
X-UUID
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Wix-Request-Id
OT-Force-Account-Verify
X-Cache-Control
X-Timing-Wait
X-Access
X-Tb
X-Proxy-Build
X-Section
Selected-Fe
Cache
X-Format
X-Sorting-Hat-PodId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-FC-Vary-Parameters
X-OCL
X-ShopId
X-PCL
X-NYM-Debug-Backend
X-Origin
X-Proto
Cache-Tags
Mn-Server-Ip
Azure-Version
Azure-SiteName
Azure-InstanceId
Azure-RegionName
X-Akamai-Request-ID
X-Alternate-Cache-Key
Akamai-GRN
X-EIG-Tracking-Id
X-Content-Age
X-Request-Time
X-Cache-Config
X-ShardId
Azure-SlotName
Healthy
Version
X-Status
X-Hyper-Cache
X-LJ-Flow-ID
X-Hosted-By
Decoy-Debug-Key
DB-Nickname
X-Proxy
X-ProxyCache-Key
X-Pubstack
X-Qloud-Router
X-ProxyCache-Status
Decoy-Debug-Status
X-SaId
X-Proxy-Cache-Status
GEO-INFO
Origin-Edge-Control
Origin-Cache-Control
X-Akamai-Request-ID2
X-AWS-Id
X-Cluster-Node
X-BYPASS-REASON
X-FW-Dynamic
Now
Ec-Rule-Version
X-ServerID
X-Hl-Ver
NGX
Node
Decoy-Debug-TTL
X-JoinUs
X-VWS-Id
X-Yottaa-Optimizations
X-Time-Microsecs
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Soup
X-Yottaa-Metrics
Property-Id
Cross-Origin-Window-Policy
X-Human
X-Varnish-Hits
TWC-Locale-Group
TWC-Connection-Speed
TWC-Device-Class
TWC-Privacy
TWC-GeoIP-Country
X-Www-Served-By
TWC-GeoIP-LatLong
X-Generated-By
X-Web-Node
X-CCM
X-Redis-Cache
X-RateLimit-Limit
X-BCube-Filmed-By
X-Debug-Cache
X-Say-Cacheable
X-SayCDN-TTL
X-Say-TTL
X-Amzn-Remapped-Content-Length
Webcakes-Region
X-Loop
Webcakes-App-Name
X-TNCMS
X-FB-TRIP-ID
X-MP-GENERATED-AT
Webcakes-App-Version
X-Storage
X-Origin-Hint
S-Rt
X-Generated
X-Akamai-Transformed
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Site-Version
X-Xfnlog-Site
X-Locale
X-NCache
X-Rule
X-IP
X-Detected-As
X-Cache-Host
X-Drupal-Cache-Tags
X-Unique-Id
L5d-Success-Class
Cache-Key
X-CS
Webserver
Cache-Name
X-Whom
Time
X-UA-Device-Type
Uber-Trace-Id
X-Esi
Viewport
X-Mode
X-Forwarded-Host
X-Daa-Tunnel
X-NGENIX-Cache
X-UnsetCookies
Mime-Version
X-Info
X-VHOST
Rt-Fastcgi-Cache
X-Origin-CC
X-Origin-TTL
Content-Disposition
X-Backend-TTL
X-Varnish-Cache-Hits
Country
Accept-Language
X-Cache-Remote
X-B3-Spanid
Section-Io-Cache
X-CDN-Forward
X-ApacheServer
X-PERF
Odigeo-Trace-Id
X-From
ServedBy
X-Newrelic-Synthetics
X-Cluster-Name
X-Magnolia-Registration
X-Routing-Service
X-Drupal-Cache-Contexts
X-Proxied
X-Zipkin-Id
X-Device-Type
VIX-Pulpo-Node
X-Geo
VIX-Pulpo-Upstream-Status
X-Microcachable
X-Via-Fastly
Proxy-Connection
X-Uri
X-TT-TIMESTAMP
X-Nc
X-EC-Lua
X-Ttl
Cf-Ipcountry
Ohc-File-Size
Access-Control-Request-Headers
HitType
W
X-Twitter-Response-Tags
X-A-Dcw
X-CF-Lambda-Fn
X-A-Dam
X-DPWN-IS-SECURE
X-CF-Lambda-Version
X-Session-Fingerprint
X-Date
X-Varnish-Beresp-Grace
X-ScT
Viewtype
Rendered-Blocks
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Destination
VivaBuild
Xc-Version
X-External-Request-Id
X-A-Ccd
X-SRCache-Key
Apple-News-Services-Handled
Fastcgi-X-Cache-Version
X-G
X-D
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
Machine
Content-Script-Type
X-Sigma-Backend
Meta-Geo-Continent
X-Sigma
Mobile-Detection-Method
Content-Style-Type
X-GeoIP-Country-Code
X-Connection-Hash
X-Geo-Header
MD5-Digest
X-A-Dgt
Geo-Info
X-Rojux
X-VG-WebCache
X-A-Wwc
X-Rocket-Build-Number
X-S
T-Server
X-VG-WebServer
X-S-Cookie
X-VG-TLSProxy
X-Vdms-Version
X-ARC
X-Trv-Group
X-B-Cookie
X-Vtex-Remote-Cache
X-Region-Sid
X-Application
X-Accel-Expires-Debug
X-Aed
X-Vtex-Processado-Em
X-Transaction
X-A
X-Rewrite-Enabled
GEO-REGION-INFO
X-Request-UUID
X-Real-IP
X-No-Session
X-C
X-Edge-Location
X-Developers
X-Hit
X-Clientip
X-Rebelmouse-Cache-Control
X-Varnish-Authentication
X-Agile
X-Rebelmouse-Surrogate-Control
X-CUA
CDCHOST
Locid
X-Eu-Site
X-Contensis-Viewer-Groups
X-Cache-Time
X-Agile-Id
X-Agile-Age
X-VC-Cache
X-CGP
IsBot
X-Distil-CS
X-Cache-Debug
Environment
X-Auto-Login
X-TrackingId
X-Cache-ASPX
X-Wikidot-Static-Cache
X-Thanos
X-Bip
Ha-Gx-Prefs
X-WebServer
Powered-By
X-Logging-Id
X-Wikidot-Backend
HA-Ipaddr
Server-Surrogate-Control
X-SIPLIST1
Fastly-SIE
X-App-Name
Fastly-Soc-X-Request-Id
X-Tumblr-Pixel-3
Fastly-SWR
Countrycode
Server-Cache-Control
Gh-Request-Id
X-UPSTREAM-Address
Ohc-Cache-HIT
User-Cache-Control
X-PHP-Host
Filterid
X-GoCache-CacheStatus
X-Labrador-Cache-Channel
Fastly-SSL
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cache-URL
X-Backend-State
X-Azure-Ref
X-AK-Request-ID
X-Air-Hostname
X-BBXSRF
X-Cache-Info
X-Cms-Context
X-Clara-WADP
X-Cdn-Srv
X-Cache-Tags
X-Core-Mission
X-Is-Gdpr
X-Owner
X-OVcl-Cache
X-Platform-Server
X-Proxy-Upstream
X-VServer
X-RateLimit-Limit-Second
X-OVcl
X-Origin-Expires
X-We-Are-Hiring
X-Webstats-RespID
X-WADP-Cache
X-NX-Host
X-Origin-Date
X-RateLimit-Remaining-Second
X-Variation
X-Server-W
X-Swa-Ws
X-Servername
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-TH-Server
X-Trace-Id
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Up
X-Request-URI
X-TT-LOGID
X-NodeID
X-Nginx-Cache-Key
X-Gamma-Serve
X-FW-Version
X-Generated-In
X-Generation-Time
X-GeoIP-City
X-Fetched-On
X-Fastly-Cache
X-Debug-Log
X-Debug-Cookies
X-Dispatcher-Server
X-Distributor
X-Epic-Correlation-Id
X-Has-Esi
X-Hash
X-LI-UUID
X-LI-Proto
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-Li-Pop
X-Li-Fabric
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Instart-Isnd
X-Irp-Debug
X-JWT-State
X-Debug-Cache-Store
Server-Int
AKAMAI
Cache-Host
Cdncip
Request-Country
Adler-Geo
RNT-Time
Mail-Subject
Request-EU
Cdnsip
Country-Code
Kp-EeAlive
Memcached
Locale
Is-Eu
IBM-Web2-Location
Platform
Heartbleed
Server-ID
RNT-Machine
True-Client-Country-4JS
We-Hiring
V-Age
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
FNAC-ModuleRouting
Wxu-Next-Hostname
X-App-Version
Fastly-Backend-Name
X-Thinkindot-L3
X-Var-Ttl
X-Cache-Expired-At
X-Core-Value
X-Trafficlayer-App-Version
X-Req
ServerName
X-NU-AKA-ACS-Version
Group
X-Level-Front-Cache
X-Hnp-Log
X-Generated-On
X-Matched-Rule
X-Render-Time
X-Reboot
X-Gen-Mode
X-Service
X-ServiceProvider
Wxu-Next-Commit
Wxu-Next-Region
X-Block-Status
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
Web-Mar-Node
X-Cache-Bucket
Server-Host
PFcat
X-Cache-Backend
Cache-Hits
X-S-Maxage
X-Old-Content-Length
X-Lb-Id
X-TA-CDN-Provider
X-User
S-Cnection
Pragrma
X-Nginx-Cache
X-Response-By
X-Refresh
RequestId
X-Internal-Host
X-SERVER
X-Sucuri-Cache
Powered-By-ChinaCache
X-Key
X-CSRF-TOKEN
X-Wa
X-Ruxit-Js-Agent
X-Location
X-Ua
X-Sucuri-ID
X-NC
X-BACKEND-TTL
X-Tb-Optimization-Total-Bytes-Saved
X-Pjax-Url
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Parent-Response-Time
X-Cdn-Forward
Origin
X-Varnish-Cacheable
X-Correlation-ID
X-CF-Powered-By
ProcessTime
User-Agent
SRV
X-CSRF-Token
X-B3-Parentspanid
X-Developer
X-Pf-Uncompressing
TTL
Memory
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Ocache
X-Node-Id
Geoip-City
Geoip-Latitude
X-Sn-Servicetimems
X-Vcl-Version
X-NWS-UUID-VERIFY
X-Cdn-Origin
X-Device-Os
X-Via-CDN
X-Cache-Grace
X-LAGOON
X-Unique-ID
X-Cache-Status-Check
X-NGINX-Cache
GeoIp-Country-Code
X-Server-IP
On-Server
PICS-Label
X-B3-SpanId
X-MSEdge-Features
A
X-MSEdge-Flight
X-COUNTRY
Hostname
X-Request-Host
Cloudfront-Viewer-Country
X-Servedbyhost
Media-Length
X-Webkit-CSP
X-Cdn-Request-ID
X-Litespeed-Cache
X-Varnish-Ttl
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
Cdn
XServer
X-TIME
Resin-Trace
M-TraceId
SN
Tcn
X-Via-Ucdn
X-FORWARDED-FOR
X-Sucuri-Id
X-Varnish-URL
X-ServedByHost
HostName
Host-ID
X-HS-Status
X-Ratelimit-Remaining
X-Reqid
X-Beluga-Cache-Status
X-AIR-PT
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
Who
Esi-Enabled
X-Beluga-Response-Time
X-Cache-Ttl
X-Beluga-Record
CACHE
X-Action
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Slack-Backend
X-Fastly-Country-Code
X-Planisys-CDN-TTL
CF-Cached-On
X-RSL
X-RPS
Arc-Country
X-Request-Start
X-Azure-Ref-OriginShield
X-RPM
X-DB
X-DI
X-DSS
X-DW
Pics-Label
Pramga
X-Cache-FS-Status
X-Dispatch
X-Processor
X-PAYTM-SRV-ID
Trailer
GeoIP-Country-Code
X-Server-Time
X-Varnish-Url
X-VCL-Version
X-VarnishDD-TTL
Rt-Proxy-Cache
X-ABtesting
X-Flog
X-Hello
GeoIP-Latitude
GeoIP-City
X-ND-Cache
X-Skip-Cache
X-Oracle-Dms-Rid
MIME-Version
X-LiteSpeed-Cache-Control
Ttl
X-PF-Uncompressing
Fastly-Drupal-HTML
Cdn-Host
Cdn-Request-Time
X-Edge-Server
NtCoent-Length
X-Fastly-Backend-Reqs
X-APP
X-Served-From
X-DC
X-FPC
X-Bc
N-Cache
X-DevSite-Last-Modified
X-Newrelic-App-Data
X-Bc-Bl
X-Method
X-Zone
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Magicmarker
Section-Origin-Responded
X-Ratelimit-Limit
X-Swift-Error
X-HostName
Cteonnt-Length
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-PJAX-URL
X-Backend-Host
X-SRV
Amp-Access-Control-Allow-Source-Origin
WebServer
X-Ftr-Cache-Host
X-BE
X-ZONE
X-Dynatrace
Fusion-Deployment-Id
X-BC
Processtime
X-Adobe-Source
X-Dynatrace-Js-Agent
Servername
X-WA
X-ID
X-Be
Cache-Cookie-Set-From
X-Fmm-Version
Cache-Cookie-Set-Idcheck
FSS-Cache
FSS-Proxy
Cache-Cookie-Set-Lfrom
X-Svr
Ohc-Response-Time
Cache-Provider
X-Frame-Option
X-WR-MODIFICATION
X-Aicache-OS
Requestid
Load-Balancing
X-StackifyID
CF-IPCountry
Dynatrace
X-Snapshot-Date
Vix-Hermes-Req-Id
X-Scheme
CDN
Lfy
X-LB-ID
X-Branch-Name
X-CACHE-AGE
X-Request-Url
X-Tid
X-Apw-Hits
X-VC
V-Cache
Warning
X-SB
X-Fastly-Cache-Hits
Pagetype
X-Fpc
Proxy-Firewall
D-Cc-Upstream
X-Apw-Access-Action
X-App
X-Apw-Access-Object
X-Apw-Access-Token
X-Cc-Req-Id
X-Cc-Via
WZWS-RAY
DSUID
X-Node-ID
X-MServer
X-Litespeed-Cache-Control
X-Configured-By
Cneonction
X-Hp-Ccpa-Warning
Release
X-Esi-Check
X-Compress-Hint
X-VCT
X-Cache-Id
Backend-Name
X-Powered-Y
X-Request-URL
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-ElasticPress-Search
WP-Super-Cache
X-WPE-Loopback-Upstream-Addr
Correlation-Id
X-Worker
X-Fastly-Cache-Status