Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Xss-Protection
X-Varnish
Alt-Svc
CF-Ray
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
Expect-Ct
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Device
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Ruxit-JS-Agent
X-Dispatcher
X-Cache-Lookup
Request-Id
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
X-ORACLE-DMS-RID
P3p
NEL
X-DataDome
X-Rack-Cache
X-Dns-Prefetch-Control
X-Country
X-Clacks-Overhead
Rating
X-Akam-SW-Version
Edge-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-TTL
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
Content-MD5
Verso
X-ESI
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Vcache
X-Cdn-Fetch
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
RTSS
X-Version
X-B3-TraceId
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
X-Px
X-Abt-Application-Version
Edge-Cache-Tag
X-Debug
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-Navigation-Version
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-MSEdge-Ref
X-Middleton-Display
Response
Pagespeed
X-Sol
X-Middleton-Response
X-Amz-Rid
Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-VARITI-CCR
X-Fastly-Request-ID
X-SharePointHealthScore
X-Pinterest-Rid
Nginx-Cache
Pinterest-Version
MS-Author-Via
X-Cdn
Public-Key-Pins
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-Powered-CMS
X-Edge-O15-RID
X-Client-IP
Cache-Tag
Realpath
Nel
X-Ser
Access-Control-Request-Method
X-Server-ID
X-Content-Type
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Amzn-Trace-Id
X-Grace
SPRequestDuration
SPIisLatency
X-Upstream
X-Shard
X-Jurisdiction
X-Hp-Webp
X-Id
X-Cache-TTL
X-Ezoic-Cdn
X-Forwarded-For
Front-End-Https
X-Hits
Fastcgi-Cache
S
X-Amz-Meta-S3cmd-Attrs
X-T
X-DynaTrace-JS-Agent
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Varnish-Age
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Realm
X-Mobile-URL
X-FTR-Expires
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
ServerID
NR-ENABLED
Server-Node
X-DIS-Request-ID
TP-Cache
TP-L2-Cache
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Frontend
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
Powered
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Logged-In
X-Correlation-Id
X-CST
Alternate-Protocol
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Cache-Hit
Fastly-Restarts
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Zen-Fury
X-Content-Options
X-Page-Id
X-XRDS-LOCATION
X-Content-Security-Policy-Report-Only
X-User-Agent
X-F-Cache
Refresh
X-Akamai-Edgescape
X-Request-Received
X-Request-Processing-Time
X-Varnish-Grace
X-XRDS-Location
X-Origin-Server
X-Rid
X-LB-Cache
X-B
X-Revision
Arc-Version
PB-PID
X-Content-Powered-By
X-Mobile-Rewrite
PB-RID
X-Type
X-B3-Sampled
Cache-Status
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Az
X-Kinsta-Cache
X-NWS-LOG-UUID
X-Cache-Action
X-TT
X-WebKit-CSP-Report-Only
X-N
X-Request-Guid
X-B-Cache
X-Jobs
X-Framework
X-App-Environment
X-Debug-Info
X-Signature
Access-Control-Allow-Method
X-Cached-By
X-FB-Debug
Actual-Object-TTL
X-Time
X-Git-Hash
X-AOL-HN
X-PHP-Backend
X-Instance
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Cache-Age
Paypal-Debug-Id
X-Load-Cache
X-URL
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Webkit-Csp
DC
X-Varnish-Backend
Host-Header
X-Pad
Host
X-ATG-Version
X-WA-Info
X-RateLimit-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Shield-Request-Id
MS-CV
X-Via-JSL
X-IPLB-Instance
Surrogate-Key
X-Contextid
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Retry-After
X-FastCGI-Cache
Liferay-Portal
Frame-Options
X-Accel-Buffering
NGB
X-Response-Served-From
Payment
X-Presslabs-Stats
Source
X-Seen-By
X-Hostname
X-Cache-NE
X-Srv
X-Varnish-Server
X-Cache-2
X-Origin-Response-Time
X-Region
X-Cache-Enabled
X-Cacheable-TTL
Filters
Xserver
X-NewRelic-App-Data
Eomportal-Instance
X-Cluster
Tracecode
X-Rendered-As
X-FW-Static
X-FW-Type
X-GeoIP
X-FW-Server
X-FW-Serve
X-Cache-Key
WPE-Backend
X-FW-Hash
X-IPS-LoggedIn
X-Is-Bot
X-SS-Set-Cookie
Cache-Tv-Group
Server-Info
X-Varnish-Hostname
X-Cache-Rule
X-Tumblr-Pixel-2
X-Adobe-Content
X-RequestSource
X-Adobe-Loc
X-Tumblr-Pixel-1
X-Cache-Operation
X-App-Server
X-ProcessESI
FilterID
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-TX-ID
Accept-CH
X-Environment-Context
X-L-Path
X-FireWall-Port
X-B3-Traceid
Cleartype
X-Analytics
X-Upgrade-Enabled
X-Handled-By
Accept-Charset
X-RTag
Ms-Operation-Id
X-CACHE-KEY
X-Source
X-UA
X-Ttl
X-Cache-Server
X-Endurance-Cache-Level
X-Backend-Name
X-HTML-Minification-Powered-By
From-Origin
Accept-CH-Lifetime
X-Dc
Datacenter
X-APP-VERSION
X-UUID
Srv
Healthy
X-Daa-Tunnel
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
X-Cache-Var
X-Path-Route
X-Unique-Id
X-RN-RSRV
X-Wix-Request-Id
X-Akamai-Transformed
Selected-Fe
X-Status
OT-Force-Account-Verify
X-Access
X-Proxy-Build
GEO-INFO
X-Section
X-Timing-Wait
X-Cache-Config
X-Sorting-Hat-PodId
X-OCL
X-Format
X-Shopify-Stage
X-Content-Age
X-Shopify-Generated-Cart-Token
X-EIG-Tracking-Id
Cache-Tags
X-Webapp-Samesite-None-Activated-N
Akamai-GRN
X-PCL
X-Alternate-Cache-Key
X-Tb
X-Ua-Device
X-Akamai-Request-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-ShopId
X-ShardId
X-FC-Vary-Parameters
X-Request-Time
Mn-Server-Ip
X-ShopId
X-Hosted-By
X-Say-TTL
X-Hyper-Cache
X-NYM-Debug-Backend
X-SayCDN-TTL
X-Human
X-Hl-Ver
X-Debug-Cache
X-AWS-Id
Origin-Cache-Control
Origin-Edge-Control
Ec-Rule-Version
Decoy-Debug-TTL
X-Web-Node
Decoy-Debug-Key
Decoy-Debug-Status
X-BYPASS-REASON
X-VWS-Id
X-ProxyCache-Status
X-Proxy-Cache-Status
X-Vgn-Hpd-Reason
X-Proxy
X-Origin
X-Soup
X-Redis-Cache
X-Proto
X-Akamai-Request-ID2
X-Viewer-Country
X-Whom
X-Yottaa-Metrics
X-Say-Cacheable
X-ProxyCache-Key
X-SaId
X-LJ-Flow-ID
X-Yottaa-Optimizations
X-Qloud-Router
X-JoinUs
X-Time-Microsecs
Azure-SiteName
DB-Nickname
Azure-SlotName
X-FW-Dynamic
Now
NGX
X-Www-Served-By
X-Pubstack
X-Generated-By
X-Generated
Azure-Version
Azure-InstanceId
X-MP-GENERATED-AT
X-Locale
X-Loop
X-FB-TRIP-ID
X-Detected-As
X-TNCMS
X-Site-Version
Azure-RegionName
X-CCM
X-ServerID
Version
X-Storage
X-BCube-Filmed-By
Node
Cross-Origin-Window-Policy
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
S-Rt
X-RCS-CacheZone
X-Xfnlog-Site
Property-Id
TWC-GeoIP-LatLong
TWC-Privacy
X-NCache
X-Origin-Hint
X-Varnish-Hits
X-IP
Webcakes-Region
X-R9-Blue-Green-Version
Webcakes-App-Name
TWC-Locale-Group
Webcakes-App-Version
X-Amzn-Remapped-Content-Length
X-PressLabs-Stats
X-Cluster-Node
X-UA-Device-Type
Cache-Key
X-Backend-TTL
X-RateLimit-Limit
X-NGENIX-Cache
X-Cache-Control
Section-Io-Cache
X-Mode
X-Cache-Host
X-Esi
X-Drupal-Cache-Tags
X-CDN-Forward
X-Forwarded-Host
Webserver
X-Rule
Cache
Content-Disposition
X-Info
L5d-Success-Class
Time
X-UnsetCookies
Accept-Language
X-ApacheServer
X-Varnish-Cache-Hits
X-PERF
Mime-Version
Viewport
X-Origin-CC
X-Origin-TTL
X-CS
Rt-Fastcgi-Cache
X-B3-Spanid
ServedBy
X-Newrelic-Synthetics
Uber-Trace-Id
Cache-Name
X-Cache-Remote
Country
Odigeo-Trace-Id
X-Routing-Service
X-Device-Type
X-Proxied
X-Zipkin-Id
X-VCache
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Uri
Proxy-Connection
X-Geo
Filterid
X-EC-Lua
X-From
Access-Control-Request-Headers
X-Cluster-Name
X-Real-IP
Cf-Ipcountry
X-Drupal-Cache-Contexts
HitType
X-Microcachable
X-TT-TIMESTAMP
X-Vtex-Processado-Em
Rendered-Blocks
Mobile-Detection-Method
X-VG-WebServer
X-B-Cookie
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Session-Fingerprint
X-ARC
Meta-Geo-Continent
X-Application
X-Vtex-Remote-Cache
Group
X-Aed
X-Transaction
X-A
Fastcgi-X-Cache-Version
Content-Style-Type
W
VIX-Pulpo-Upstream-Status
Viewtype
VivaBuild
VIX-Pulpo-Node
Content-Script-Type
X-A-Ccd
X-Accel-Expires-Debug
X-Varnish-Beresp-Grace
X-SRCache-Key
X-Sigma-Backend
X-Trv-Group
X-A-Wwc
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Sigma
X-S-Cookie
Apple-News-Services-Host
X-Rewrite-Enabled
X-DPWN-IS-SECURE
X-Request-UUID
X-Destination
X-Date
GEO-REGION-INFO
X-Rocket-Build-Number
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
X-External-Request-Id
Apple-News-Services-Request-Url
AsisCache
BehaviorPad-Version
X-GeoIP-Country-Code
Xc-Version
X-G
X-Geo-Header
X-Region-Sid
X-ScT
X-Twitter-Response-Tags
X-Cache-Time
X-Labrador-Cache-Channel
X-Vdms-Version
T-Server
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-VG-WebCache
MD5-Digest
Machine
X-S
X-PHP-Host
X-Rojux
X-Nc
X-D
X-Connection-Hash
User-Cache-Control
Geo-Info
X-C
Cache-Hits
Ohc-File-Size
HA-Ipaddr
Fastly-SWR
Locid
Powered-By
Fastly-SIE
Ha-Gx-Prefs
X-Backend-State
X-Eu-Site
X-Hit
X-Var-Ttl
Fastly-Soc-X-Request-Id
X-Cdn-Srv
X-Logging-Id
X-Rebelmouse-Cache-Control
X-Wikidot-Backend
X-TrackingId
X-Wikidot-Static-Cache
X-Thanos
X-Rebelmouse-Surrogate-Control
X-Developers
X-OVcl
X-Bip
X-Cache-Debug
X-App-Name
X-Agile-Id
X-Agile-Age
X-Cache-Expired-At
X-VG-TLSProxy
X-Clientip
Countrycode
X-OVcl-Cache
X-WebServer
X-CGP
X-Agile
X-Distil-CS
CDCHOST
X-GoCache-CacheStatus
X-Irp-Debug
X-Li-Fabric
X-Li-Pop
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-LI-Proto
X-Hnp-Log
X-LI-UUID
X-No-Session
X-NodeID
X-NU-AKA-ACS-Version
X-Nginx-Cache-Key
X-Ms-Version
X-Micro-Cache
X-Ms-Request-Id
X-Hash
X-Generated-In
X-Clara-WADP
X-Core-Mission
X-CUA
X-Cache-URL
X-Cache-Tags
X-Block-Status
X-Cache-Bucket
X-Cache-Info
X-Debug-Cookies
X-Debug-Log
X-Fetched-On
X-Gen-Mode
X-NX-Host
X-Fastly-Cache
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Distributor
X-GeoIP-City
X-Origin-Date
X-Cache-ASPX
X-Cms-Context
X-Contensis-Viewer-Groups
X-Auto-Login
Server-Surrogate-Control
Gh-Request-Id
Locale
Server-Cache-Control
X-Has-Esi
X-Is-Gdpr
AKAMAI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Varnish-Authentication
X-Urbn-Site-Id
X-JWT-State
X-Urbn-Context-Path
X-Webstats-RespID
X-We-Are-Hiring
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Request-URI
X-Proxy-Upstream
X-Platform-Server
X-Origin-Expires
X-Owner
X-Servername
X-SIPLIST1
X-VC-Cache
X-VServer
X-WADP-Cache
X-Up
X-Trace-Id
X-Swa-Ws
X-TH-Server
X-BBXSRF
X-Variation
RNT-Machine
Request-EU
Request-Country
Pragrma
RNT-Time
Server-ID
We-Hiring
V-Age
True-Client-Country-4JS
Server-Int
Platform
Memcached
Cache-Host
Fastly-Backend-Name
Country-Code
Environment
Adler-Geo
IBM-Web2-Location
Mail-Subject
Kp-EeAlive
IsBot
Is-Eu
Web-Mar-Node
Heartbleed
X-Air-Hostname
Fastly-SSL
X-Edge-Location
X-TT-LOGID
X-Tumblr-Pixel-3
FNAC-ModuleRouting
X-Reboot
X-Server-W
PFcat
Server-Host
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
X-Matched-Rule
X-Service
X-Azure-Ref
X-Gamma-Serve
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-AK-Request-ID
Cdncip
Cdnsip
X-Debug-Cache-Store
X-Trafficlayer-App-Version
X-FW-Version
X-Level-Front-Cache
X-Thinkindot-L3
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-ServiceProvider
X-Req
X-Generation-Time
Ohc-Cache-HIT
X-Core-Value
S-Cnection
X-Generated-On
Wxu-Next-Region
Wxu-Next-Commit
ServerName
Wxu-Next-Hostname
X-Oss-Request-Id
X-Oss-Object-Type
X-VHOST
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Lb-Id
X-Node-Id
X-Old-Content-Length
X-SERVER
X-App-Version
X-Varnish-Cacheable
X-Response-By
X-S-Maxage
X-UPSTREAM-Address
X-Sucuri-ID
RequestId
X-Nginx-Cache
X-Refresh
X-NC
X-Wa
User-Agent
X-NWS-UUID-VERIFY
X-Developer
Powered-By-ChinaCache
X-Render-Time
X-Cache-Status-Check
X-Cache-Backend
X-Parent-Response-Time
X-LAGOON
X-Device-Os
X-Tec-Api-Root
X-Tec-Api-Version
X-CF-Powered-By
X-User
X-Tec-Api-Origin
X-CSRF-TOKEN
X-Internal-Host
SRV
Origin
X-Cache-Grace
X-Cdn-Origin
X-Ocache
X-Pjax-Url
X-CSRF-Token
X-Key
X-Sn-Servicetimems
Hostname
A
On-Server
X-Pf-Uncompressing
X-Sucuri-Cache
Cloudfront-Viewer-Country
Geoip-Latitude
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Location
Geoip-City
X-TA-CDN-Provider
X-Via-CDN
Memory
X-Tb-Optimization-Total-Bytes-Saved
X-Ua
X-NGINX-Cache
GeoIp-Country-Code
PICS-Label
ProcessTime
X-COUNTRY
X-B3-Parentspanid
X-Vcl-Version
TTL
X-Cdn-Forward
X-Varnish-URL
X-Litespeed-Cache
Resin-Trace
X-Webkit-CSP
X-BACKEND-TTL
X-Server-IP
X-Varnish-Ttl
X-Servedbyhost
M-TraceId
XServer
X-TIME
SN
X-Rocket-Nginx-Bypass
Tcn
X-HS-Status
X-Slack-Backend
X-Dynatrace-Js-Agent
Dnion-Transfer-Encoding
X-FORWARDED-FOR
X-Unique-ID
Cdn
X-B3-SpanId
X-Dispatch
X-Cache-FS-Status
Pramga
X-PAYTM-SRV-ID
X-Processor
X-Cdn-Request-ID
HostName
X-Server-Time
Media-Length
Arc-Country
Host-ID
X-ServedByHost
X-Ratelimit-Remaining
CACHE
X-Cache-Ttl
X-Beluga-Record
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Response-Time
X-Beluga-Status
X-Fastly-Country-Code
X-Action
X-ND-Cache
X-Skip-Cache
X-Beluga-Trace
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-DC
Section-Origin-Responded
X-DI
Who
X-DB
X-Served-From
X-Edge-Server
Cdn-Request-Time
Cdn-Host
Fastly-Drupal-HTML
X-RPM
X-DW
X-DSS
X-VCL-Version
X-RPS
X-RSL
Fusion-Deployment-Id
X-Via-Ucdn
N-Cache
X-Correlation-ID
X-DevSite-Last-Modified
Ttl
X-Varnish-Url
X-Bc-Bl
X-ABtesting
X-Flog
X-Hello
GeoIP-Country-Code
Pics-Label
X-Reqid
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
NtCoent-Length
MIME-Version
X-Adobe-Source
X-VarnishDD-TTL
GeoIP-City
GeoIP-Latitude
X-AIR-PT
X-Backend-Host
Esi-Enabled
CF-Cached-On
X-Planisys-CDN-Cache
X-APP
X-Planisys-CDN-Rules
X-Sucuri-Id
X-Planisys-CDN-TTL
X-Policy
X-PF-Uncompressing
X-Ratelimit-Limit
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-FPC
X-HostName
Trailer
WebServer
X-Fmm-Version
X-SRV
X-Scheme
X-Request-Start
Cteonnt-Length
X-Azure-Ref-OriginShield
X-PJAX-URL
X-Zone
X-Fastly-Backend-Reqs
X-Bc
Amp-Access-Control-Allow-Source-Origin
X-BE
X-Amzn-Remapped-Connection
Processtime
X-Amzn-Remapped-Date
X-BC
X-Dynatrace
X-ZONE
X-Fpc
Rt-Proxy-Cache
Servername
X-Swift-Error
X-Newrelic-App-Data
X-ID
X-WA
FSS-Cache
X-Esi-Check
X-SN
Cache-Provider
X-Cache-Id
Magicmarker
FSS-Proxy
X-WR-MODIFICATION
X-Frame-Option
X-Cache-NGX
X-Gzip
X-SD-PageType
SD-X-WS
X-Branch-Name
Sid
X-LB-ID
Dynatrace
Lb
Release
Requestid
Load-Balancing
X-Snapshot-Date
CF-IPCountry
CDN
X-StackifyID
X-Method
X-CACHE-AGE
X-Fastly-Cache-Hits
L
X-VCT
X-Cc-Req-Id
Warning
V-Cache
X-VC
X-Instart-Info
X-Configured-By
X-Cc-Via
X-SB
X-Aicache-OS
X-Compress-Hint
D-Cc-Upstream
X-Tid
X-Request-Url
WZWS-RAY
X-Litespeed-Cache-Control
X-Nananana
X-Apw-Access-Action
X-ECACHE
SID
X-Apw-Hits
Request-Time
Inserted-Into-Cache-At
LB
X-Wix-Viewer-Type
X-Fastly-Cache-Status
X-Apw-Access-Token
Proxy-Firewall
X-Request-URL
X-App
X-ElasticPress-Search
X-Apw-Access-Object
Ohc-Response-Time
X-Worker
X-WPE-Loopback-Upstream-Addr
X-Check-Cacheable
Cneonction
X-Varnish-Beresp-TTL
WP-Super-Cache
X-GEO
X-Powered-Y