Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
X-XSS-Protection
CF-Cache-Status
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Xss-Protection
X-DNS-Prefetch-Control
X-Template
X-Language
CF-Ray
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
X-Page-Speed
X-Server-Powered-By
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
P3p
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-HW
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
Rating
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-Varnish-TTL
X-Instart-Request-ID
X-DynaTrace
Accept-Ch
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-ESI
Verso
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja
X-Version
X-GitHub-Request-Id
X-Vcache
X-MS-InvokeApp
RTSS
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Debug
X-Abt-Application-Version
X-Server-ID
X-Px
AR-CACHE
AR-Request-ID
Ar-Sid
AR-ATIME
AR-PoweredBy
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Sol
Display
X-Navigation-Version
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
X-Vcap-Request-Id
X-MSEdge-Ref
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
Pinterest-Version
X-Pinterest-Rid
X-Fastcgi-Cache
X-SharePointHealthScore
X-VARITI-CCR
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Public-Key-Pins
X-Fastly-Request-ID
X-Edge-O15-RID
Realpath
Cache-Tag
X-Trace
X-Cdn
MS-Author-Via
Nginx-Cache
X-Client-IP
X-Ser
Access-Control-Request-Method
X-Content-Type
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-DynaTrace-JS-Agent
MRF-Tech
Mrf-Cache-Status
X-Shard
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Hp-Webp
X-Jurisdiction
X-Id
S
X-Grace
X-Upstream
X-Ezoic-Cdn
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-T
X-Hits
Fastcgi-Cache
X-Cache-TTL
DynaTrace
Nel
X-Recruiting
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Varnish-Age
X-Mobile-URL
ServerID
X-Content-Digest
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
MicrosoftSharePointTeamServices
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Realm
X-Dw-Request-Base-Id
X-DIS-Request-ID
NR-ENABLED
Server-Node
TP-Cache
X-Goog-Storage-Class
X-Goog-Generation
X-HS-Content-Id
TP-L2-Cache
X-HS-Hub-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Frontend
X-HS-Combine-CSS
X-HS-Cache-Config
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Hit
Fastly-Restarts
X-Correlation-Id
X-Request-Received
X-XRDS-Location
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Page-Id
X-Content-Options
Refresh
X-F-Cache
X-Origin-Server
X-Zen-Fury
X-Rid
X-ATS-Timestamp
X-Akamai-Edgescape
Backend-Timing
X-XRDS-LOCATION
X-Varnish-Grace
X-Revision
X-Type
X-LB-Cache
X-Content-Powered-By
X-B
X-Webkit-Csp
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-B3-Sampled
X-Geo-Country
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-URL
X-Kinsta-Cache
X-N
X-Cache-Age
X-TT
X-AOL-HN
X-Cache-Action
X-Jobs
X-Framework
X-Signature
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-B-Cache
X-FB-Debug
X-Time
X-Instance
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-Pixel
X-Debug-Info
X-Tumblr-Pixel-0
X-Tumblr-User
X-Request-Guid
X-App-Environment
X-PHP-Backend
X-Cached-By
X-Git-Hash
X-Load-Cache
X-Pad
Fastcgi-Useragent
X-Shield-Request-Id
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amz-Replication-Status
X-NWS-LOG-UUID
X-Varnish-Backend
Host-Header
X-RateLimit-Remaining
Surrogate-Key
X-IPLB-Instance
X-ATG-Version
X-WA-Info
Host
X-Contextid
MS-CV
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Host-Name
X-Response-Served-From
NGB
X-Accel-Buffering
Accept-CH
Frame-Options
X-FastCGI-Cache
X-Cache-Key
X-Cache-NE
Payment
X-SS-Set-Cookie
Tracecode
Source
Xserver
X-Cluster
Eomportal-Instance
X-Region
X-Origin-Response-Time
Retry-After
X-GeoIP
X-Varnish-Server
X-Cache-2
Filters
Cache-Tv-Group
X-Cacheable-TTL
X-FW-Type
X-Hostname
X-FW-Hash
X-IPS-LoggedIn
X-Varnish-Hostname
X-FW-Static
X-Adobe-Loc
X-Adobe-Content
WPE-Backend
X-FW-Server
X-FW-Serve
X-NewRelic-App-Data
X-Is-Bot
X-Cache-Enabled
X-Analytics
X-Seen-By
X-Tumblr-Pixel-2
X-Rendered-As
X-Tumblr-Pixel-1
X-RequestSource
X-Srv
FilterID
X-Cache-Operation
X-Webapp-Samesite-None-Activated-N
X-Cache-Rule
X-Presslabs-Stats
Server-Info
Liferay-Portal
X-EdgeConnect-Cache-Status
X-TX-ID
X-RemovedCookies
X-ProcessESI
X-App-Server
X-Cache-TTL-Remaining
Accept-CH-Lifetime
Cleartype
X-Environment-Context
X-Dc
X-L-Path
X-B3-Traceid
X-FireWall-Port
X-Endurance-Cache-Level
Ms-Operation-Id
X-Handled-By
X-RTag
X-CACHE-KEY
X-Source
X-Upgrade-Enabled
X-Cache-Server
X-HTML-Minification-Powered-By
X-UA
Datacenter
From-Origin
Srv
X-Backend-Name
Accept-Charset
X-RN-RSRV
X-Path-Route
X-Cache-Var-Map
X-UUID
X-Cache-Var
X-ES-SERVER
Meta-Geo
X-APP-VERSION
Selected-Fe
X-Wix-Request-Id
OT-Force-Account-Verify
X-Timing-Wait
X-Proxy-Build
X-PressLabs-Stats
X-Tb
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShardId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
Cache-Tags
X-Format
X-ShopId
X-Section
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Cache-Config
X-Content-Age
X-EIG-Tracking-Id
X-Access
X-Akamai-Transformed
X-Proxy-Cache-Status
X-ServerID
X-AWS-Id
Node
X-JoinUs
X-SaId
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Vgn-Hpd-Reason
X-Qloud-Router
X-Request-Time
X-Akamai-Request-ID
X-Akamai-Request-ID2
X-Status
Version
X-FC-Vary-Parameters
Ec-Rule-Version
X-Soup
NGX
Mn-Server-Ip
X-Hl-Ver
X-LJ-Flow-ID
X-VWS-Id
X-MP-GENERATED-AT
X-Loop
X-Hyper-Cache
X-NYM-Debug-Backend
X-CCM
X-Hosted-By
X-OCL
Decoy-Debug-Key
Decoy-Debug-TTL
X-Origin
Healthy
X-FB-TRIP-ID
Now
Origin-Edge-Control
Decoy-Debug-Status
X-BCube-Filmed-By
Akamai-GRN
X-FW-Dynamic
X-BYPASS-REASON
Cross-Origin-Window-Policy
Origin-Cache-Control
DB-Nickname
X-Debug-Cache
X-PCL
X-Storage
X-SayCDN-TTL
X-Say-TTL
X-Time-Microsecs
X-TNCMS
X-Www-Served-By
X-Web-Node
X-Viewer-Country
X-Say-Cacheable
X-Cache-Control
X-ProxyCache-Status
X-Proxy
X-Cluster-Node
X-Pubstack
X-ProxyCache-Key
GEO-INFO
Property-Id
X-Varnish-Hits
X-Generated
Azure-InstanceId
X-Origin-Hint
X-Amzn-Remapped-Content-Length
TWC-Connection-Speed
TWC-Privacy
X-Generated-By
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-App-Name
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-Redis-Cache
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
X-Locale
X-Human
Webcakes-App-Version
X-Site-Version
Webcakes-Region
X-RCS-CacheZone
S-Rt
X-NCache
X-Detected-As
X-Cache-Host
X-IP
X-RateLimit-Limit
Cache
X-Rule
X-Whom
Cache-Key
X-VCache
X-Unique-Id
X-Drupal-Cache-Tags
Webserver
X-NGENIX-Cache
X-UA-Device-Type
Cache-Name
X-Mode
X-Daa-Tunnel
L5d-Success-Class
X-Esi
X-Forwarded-Host
X-CS
Time
Viewport
X-UnsetCookies
Uber-Trace-Id
Section-Io-Cache
Mime-Version
X-VHOST
Accept-Language
X-Info
Content-Disposition
Rt-Fastcgi-Cache
X-Origin-CC
X-Origin-TTL
X-ApacheServer
X-PERF
Country
X-Newrelic-Synthetics
ServedBy
X-B3-Spanid
X-Varnish-Cache-Hits
Odigeo-Trace-Id
X-EC-Lua
X-Backend-TTL
X-From
X-Device-Type
X-Proxied
X-CDN-Forward
X-Zipkin-Id
X-Magnolia-Registration
X-Routing-Service
X-Cache-Remote
X-Cluster-Name
X-Via-Fastly
X-Nc
X-CLOUD-TRACE-CONTEXT
X-Uri
X-Microcachable
Proxy-Connection
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
VIX-Pulpo-Upstream-Status
X-Geo
X-Ttl
X-TT-TIMESTAMP
Access-Control-Request-Headers
Filterid
Geo-Info
Ohc-File-Size
HitType
Cf-Ipcountry
X-ScT
X-Trv-Group
X-SRCache-Key
X-Twitter-Response-Tags
X-Session-Fingerprint
X-Transaction
X-Vtex-Processado-Em
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Content-Style-Type
Content-Script-Type
Machine
Xc-Version
X-VG-WebCache
X-VG-WebServer
X-S-Cookie
X-Vtex-Remote-Cache
X-Vdms-Version
X-Region-Sid
X-A-Wwc
Rendered-Blocks
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
Meta-Geo-Continent
Mobile-Detection-Method
X-Real-IP
X-A-Dcw
BehaviorPad-Version
VivaBuild
Viewtype
AsisCache
X-A
X-A-Dam
X-A-Ccd
X-Application
MD5-Digest
X-Geo-Header
X-G
X-External-Request-Id
X-GeoIP-Country-Code
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-DPWN-IS-SECURE
X-Destination
X-CF-Lambda-Fn
X-B-Cookie
X-ARC
X-CF-Lambda-Version
X-Connection-Hash
X-Date
X-D
X-S
T-Server
X-Varnish-Beresp-Status
X-TA-CDN-Provider
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Rebelmouse-Cache-Control
X-Logging-Id
X-SIPLIST1
X-Sigma-Backend
X-Sigma
X-Rebelmouse-Surrogate-Control
X-Rocket-Build-Number
X-Clientip
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-No-Session
X-Developers
Apple-News-Services-Host
Apple-News-Services-Handled
X-Cache-Time
X-Labrador-Cache-Channel
X-PHP-Host
X-CUA
Powered-By
X-Cache-Debug
X-VC-Cache
Fastly-SIE
X-VG-TLSProxy
W
X-WebServer
IsBot
Fastly-SWR
Countrycode
X-Thanos
Environment
X-Bip
X-C
X-GoCache-CacheStatus
User-Cache-Control
Fastly-SSL
X-Gamma-Serve
X-Eu-Site
X-Has-Esi
X-Hash
X-Debug-Log
X-Distributor
X-Generated-In
X-Fetched-On
X-GeoIP-City
X-Dispatcher-Server
X-Distil-CS
X-CGP
X-Agile-Id
X-Air-Hostname
X-App-Name
X-Agile-Age
X-Agile
True-Client-Country-4JS
V-Age
We-Hiring
X-Auto-Login
X-Azure-Ref
X-Cms-Context
X-Contensis-Viewer-Groups
X-Core-Mission
X-Hit
X-Cdn-Srv
X-Cache-ASPX
X-Cache-Tags
X-Debug-Cookies
X-Ms-Version
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-URI
X-TrackingId
X-Tumblr-Pixel-3
X-VServer
X-Cache-Expired-At
X-Var-Ttl
X-Varnish-Authentication
X-Variation
X-Up
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Proxy-Upstream
X-Platform-Server
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Li-Fabric
X-JWT-State
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Is-Gdpr
X-Ms-Request-Id
Server-Surrogate-Control
X-Origin-Expires
X-OVcl
X-Owner
X-Origin-Date
X-NX-Host
X-Nginx-Cache-Key
X-NodeID
X-IN-APIGATEWAY
X-OVcl-Cache
CDCHOST
Country-Code
Fastly-Soc-X-Request-Id
Platform
Cache-Host
Request-Country
RNT-Machine
Request-EU
AKAMAI
Gh-Request-Id
Ha-Gx-Prefs
Locale
Locid
Mail-Subject
Kp-EeAlive
Is-Eu
HA-Ipaddr
Heartbleed
IBM-Web2-Location
RNT-Time
Adler-Geo
Server-Cache-Control
Server-ID
Server-Int
Group
X-Edge-Location
X-UPSTREAM-Address
X-Generation-Time
FNAC-ModuleRouting
X-Wikidot-Backend
X-Hnp-Log
X-Webstats-RespID
X-Irp-Debug
X-Wikidot-Static-Cache
X-Gen-Mode
X-Epic-Correlation-Id
Pragrma
X-Backend-State
X-Fastly-Cache
X-FW-Version
Cache-Hits
Fastly-Backend-Name
X-Generated-On
X-Level-Front-Cache
X-Server-W
X-Req
X-Reboot
X-Trafficlayer-App-Version
X-Trafficlayer-App-Name
X-Thinkindot-L3
X-ServiceProvider
X-Service
X-Servername
X-Debug-Cache-Store
X-TT-LOGID
X-Matched-Rule
X-WADP-Cache
Ohc-Cache-HIT
X-Micro-Cache
Cdnsip
ServerName
X-NU-AKA-ACS-Version
Cdncip
X-We-Are-Hiring
X-Trafficlayer-App-Scope
Wxu-Next-Commit
X-Clara-WADP
Web-Mar-Node
Memcached
Server-Host
Wxu-Next-Hostname
Wxu-Next-Region
X-AK-Request-ID
X-BBXSRF
X-Block-Status
X-Cache-Info
X-Cache-URL
X-Core-Value
PFcat
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Debug-Cache-Expiry
Thinkindot-Control
X-Debug-Cache-Fetch
S-Cnection
X-Nginx-Cache
X-App-Version
X-Lb-Id
X-Cache-Bucket
X-Old-Content-Length
X-S-Maxage
X-Render-Time
X-Cache-Backend
X-SERVER
X-Refresh
X-User
X-Response-By
RequestId
X-Internal-Host
Powered-By-ChinaCache
X-CSRF-TOKEN
X-BACKEND-TTL
X-Key
X-Wa
X-Sucuri-Cache
X-Sucuri-ID
X-Cdn-Forward
X-Parent-Response-Time
X-Pjax-Url
X-Varnish-Cacheable
X-Node-Id
Origin
X-Location
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Ua
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Developer
User-Agent
X-CF-Powered-By
X-CSRF-Token
X-Correlation-ID
X-Device-Os
X-Cache-Grace
X-Sn-Servicetimems
X-Cache-Status-Check
X-Cdn-Origin
ProcessTime
X-Pf-Uncompressing
X-NC
X-LAGOON
X-B3-Parentspanid
Hostname
X-Ocache
Memory
X-NWS-UUID-VERIFY
TTL
X-Via-CDN
Geoip-Latitude
Geoip-City
SRV
A
X-Vcl-Version
GeoIp-Country-Code
X-Unique-ID
On-Server
X-MSEdge-Features
X-NGINX-Cache
X-Request-Host
Cloudfront-Viewer-Country
X-MSEdge-Flight
PICS-Label
X-Server-IP
X-COUNTRY
X-B3-SpanId
X-Webkit-CSP
M-TraceId
X-Litespeed-Cache
X-Servedbyhost
X-Cdn-Request-ID
X-Varnish-Ttl
Media-Length
X-Varnish-URL
X-Rocket-Nginx-Bypass
Cdn
SN
X-TIME
X-Ruxit-Js-Agent
XServer
X-Ratelimit-Remaining
Resin-Trace
Tcn
Dnion-Transfer-Encoding
X-HS-Status
CACHE
X-FORWARDED-FOR
X-Via-Ucdn
Host-ID
X-ServedByHost
X-Action
X-Beluga-Cache-Status
X-Slack-Backend
X-Cache-Ttl
Who
X-Beluga-Record
X-Beluga-Node
X-Beluga-Response-Time
X-Beluga-Trace
X-Beluga-Status
HostName
X-Sucuri-Id
X-Fastly-Country-Code
X-DI
X-PAYTM-SRV-ID
X-Dispatch
X-Cache-FS-Status
Pramga
X-Processor
X-Server-Time
X-AIR-PT
X-Reqid
X-DB
Arc-Country
Esi-Enabled
X-DSS
X-DW
X-RPM
X-RPS
X-RSL
X-ABtesting
X-ND-Cache
X-Flog
X-Planisys-CDN-Cache
X-Skip-Cache
X-Hello
X-Planisys-CDN-Rules
Pics-Label
X-Policy
X-Planisys-CDN-TTL
GeoIP-Country-Code
CF-Cached-On
X-VCL-Version
X-VarnishDD-TTL
Cdn-Host
Cdn-Request-Time
X-Azure-Ref-OriginShield
X-Served-From
GeoIP-Latitude
X-Edge-Server
GeoIP-City
Amp-Access-Control-Allow-Source-Origin
X-Request-Start
Section-Origin-Responded
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
MIME-Version
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Bc-Bl
Fastly-Drupal-HTML
N-Cache
X-Varnish-Url
Ttl
X-Zone
X-Ratelimit-Limit
NtCoent-Length
X-Bc
Rt-Proxy-Cache
X-PF-Uncompressing
Trailer
X-DC
X-Fastly-Backend-Reqs
X-APP
X-FPC
X-DevSite-Last-Modified
X-Newrelic-App-Data
Fusion-Deployment-Id
X-HostName
X-Method
X-PJAX-URL
X-Adobe-Source
X-SRV
X-Backend-Host
WebServer
Magicmarker
X-Swift-Error
X-Amzn-Remapped-Date
Cache-Cookie-Set-From
X-WA
Cache-Cookie-Set-Idcheck
X-Dynatrace
X-BE
Processtime
X-Amzn-Remapped-Connection
Cache-Cookie-Set-Lfrom
Cteonnt-Length
Servername
X-Dynatrace-Js-Agent
FSS-Proxy
X-ID
Cache-Provider
FSS-Cache
X-Scheme
X-Fmm-Version
X-ZONE
X-BC
X-Frame-Option
X-WR-MODIFICATION
X-Fpc
X-Be
X-LB-ID
X-Snapshot-Date
CF-IPCountry
X-Branch-Name
CDN
Requestid
X-Svr
Ohc-Response-Time
Dynatrace
X-StackifyID
X-Ftr-Cache-Host
X-CACHE-AGE
X-Apw-Hits
X-SB
X-App
X-VC
V-Cache
X-Cache-Id
X-Apw-Access-Action
Lfy
X-Apw-Access-Object
X-Apw-Access-Token
X-Tid
WZWS-RAY
X-Esi-Check
Vix-Hermes-Req-Id
Warning
X-Fastly-Cache-Hits
X-Aicache-OS
X-Cc-Via
X-SN
X-Cc-Req-Id
D-Cc-Upstream
X-Request-Url
X-Litespeed-Cache-Control
Load-Balancing
LB
SID
X-Compress-Hint
Lb
Sid
X-GEO
L
X-Request-URL
Proxy-Firewall
X-Check-Cacheable
Pagetype
X-Fastly-Cache-Status
X-ElasticPress-Search
X-Worker
WP-Super-Cache
Correlation-Id
X-Varnish-Beresp-TTL
Backend-Name
X-WPE-Loopback-Upstream-Addr
X-Powered-Y
Cneonction