Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
CF-Ray
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
EagleId
X-Page-Speed
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
X-UA-Device
Feature-Policy
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
P3p
X-DataDome
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
Rating
X-Akam-SW-Version
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Varnish-TTL
X-Instart-Request-ID
X-TTL
X-DynaTrace
X-Vname
X-Goog-Hash
X-PC
X-TtlSet
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-ESI
X-Url
X-Powered-By-Plesk
X-Vcache
X-GitHub-Request-Id
X-Version
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Forwarded-Proto
X-Exp-Id
X-Use-Magma
X-Kinja-Build
RTSS
X-MS-InvokeApp
X-Server-Name
X-B3-TraceId
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
Ar-Sid
AR-PoweredBy
AR-CACHE
AR-ATIME
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Navigation-Version
X-MSEdge-Ref
X-Amz-Rid
Display
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
X-Accel-Expires
X-Server-ID
Arr-Disable-Session-Affinity
TCN
X-SharePointHealthScore
X-VARITI-CCR
X-Fastly-Request-ID
Public-Key-Pins
X-Cdn
X-Pinterest-Rid
Nginx-Cache
Pinterest-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
MS-Author-Via
X-Powered-CMS
X-Edge-O15-RID
X-Fastcgi-Cache
X-Client-IP
Cache-Tag
X-Trace
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Shard
X-Upstream
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Id
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
S
Front-End-Https
X-Cache-TTL
X-Forwarded-For
X-Hits
Nel
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Cache
X-T
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Varnish-Age
X-Country-Code-Real
X-FTR-Realm
X-FTR-DC
X-FTR-Expires
X-Dw-Request-Base-Id
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Mobile-URL
X-FTR-Backend
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
TP-Cache
TP-L2-Cache
X-CST
X-Frontend
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-Logged-In
Powered
Alternate-Protocol
X-Correlation-Id
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-XRDS-Location
Fastly-Restarts
X-FTR-Cache-Host
X-Cache-Hit
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-Page-Id
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-Content-Options
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Content-Security-Policy-Report-Only
X-F-Cache
Refresh
X-Origin-Server
X-Akamai-Edgescape
X-Rid
X-Varnish-Grace
X-Content-Powered-By
X-Revision
X-LB-Cache
X-Type
PB-PID
Arc-Version
PB-RID
X-Mobile-Rewrite
X-B
X-XRDS-LOCATION
X-B3-Sampled
X-Geo-Country
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
X-N
X-Kinsta-Cache
X-Cache-Action
X-TT
X-NWS-LOG-UUID
X-AOL-HN
X-Request-Guid
X-Cache-Age
X-Signature
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-B-Cache
X-Jobs
X-Debug-Info
X-Framework
X-Instance
X-Cached-By
X-FB-Debug
X-App-Environment
X-Time
X-Tumblr-Pixel
X-PHP-Backend
Actual-Object-TTL
X-Load-Cache
X-Tumblr-Pixel-0
X-Tumblr-User
X-Git-Hash
X-URL
Paypal-Debug-Id
Fastcgi-Useragent
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Pad
X-Webkit-Csp
X-FastCGI-Cache
DC
X-Varnish-Backend
Host-Header
X-RateLimit-Remaining
X-Shield-Request-Id
X-WA-Info
X-ATG-Version
Host
Surrogate-Key
MS-CV
X-Contextid
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-IPLB-Instance
X-Via-JSL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Kong-Proxy-Latency
X-Host-Name
X-Kong-Upstream-Latency
X-Cache-Key
Retry-After
X-Response-Served-From
X-Accel-Buffering
Frame-Options
Payment
Source
X-B3-Traceid
NGB
X-Cache-NE
X-SS-Set-Cookie
X-Region
X-Origin-Response-Time
X-NewRelic-App-Data
X-Varnish-Server
Eomportal-Instance
X-Hostname
Xserver
X-Rendered-As
X-Seen-By
Filters
X-Is-Bot
X-GeoIP
WPE-Backend
Liferay-Portal
X-FW-Serve
X-FW-Hash
X-Cache-2
Tracecode
X-FW-Server
X-FW-Type
X-FW-Static
X-Srv
X-Cache-Enabled
X-Cacheable-TTL
X-Cluster
X-Varnish-Hostname
X-IPS-LoggedIn
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
X-Tumblr-Pixel-1
Server-Info
X-Tumblr-Pixel-2
X-Cache-Rule
X-RequestSource
X-Cache-Operation
X-Presslabs-Stats
FilterID
X-ProcessESI
X-App-Server
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-TX-ID
X-Cache-TTL-Remaining
X-Analytics
Accept-CH
Cleartype
X-Environment-Context
X-FireWall-Port
X-L-Path
X-Upgrade-Enabled
X-Source
X-Handled-By
X-RTag
Ms-Operation-Id
X-Ttl
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Webapp-Samesite-None-Activated-N
X-Cache-Server
Accept-Charset
X-Backend-Name
Srv
From-Origin
X-UA
Accept-CH-Lifetime
X-APP-VERSION
X-CACHE-KEY
Datacenter
X-Esi
X-Dc
X-UUID
X-PressLabs-Stats
X-Path-Route
X-ES-SERVER
Meta-Geo
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
OT-Force-Account-Verify
X-Wix-Request-Id
X-Tb
X-Access
X-Timing-Wait
Selected-Fe
X-Section
X-Proxy-Build
X-Format
Healthy
X-PCL
X-Sorting-Hat-ShopId
Mn-Server-Ip
X-FC-Vary-Parameters
X-Request-Time
X-Alternate-Cache-Key
X-ShopId
X-Content-Age
X-Akamai-Request-ID
X-ShardId
X-OCL
X-Shopify-Generated-Cart-Token
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
Cache-Tags
X-Cache-Config
X-Shopify-Stage
X-Sorting-Hat-PodId
X-EIG-Tracking-Id
X-Akamai-Request-ID2
X-Debug-Cache
X-BYPASS-REASON
X-Yottaa-Metrics
Ec-Rule-Version
Node
NGX
X-AWS-Id
X-LJ-Flow-ID
X-JoinUs
X-Hl-Ver
X-Yottaa-Optimizations
X-Daa-Tunnel
X-Say-TTL
X-SayCDN-TTL
X-ProxyCache-Key
X-Vgn-Hpd-Reason
X-Say-Cacheable
X-Proxy-Cache-Status
X-SaId
X-Web-Node
X-Status
X-ProxyCache-Status
X-NYM-Debug-Backend
X-Origin
X-VWS-Id
X-ServerID
Akamai-GRN
X-Hyper-Cache
Decoy-Debug-TTL
Version
X-Qloud-Router
X-CCM
X-Hosted-By
Decoy-Debug-Status
Origin-Edge-Control
Decoy-Debug-Key
X-Proxy
Origin-Cache-Control
X-Www-Served-By
Cross-Origin-Window-Policy
X-Redis-Cache
Now
X-BCube-Filmed-By
X-Detected-As
X-MP-GENERATED-AT
X-Generated-By
X-Loop
X-TNCMS
X-Human
X-Storage
X-Time-Microsecs
DB-Nickname
X-Soup
X-Generated
X-FB-TRIP-ID
X-Viewer-Country
X-Unique-Id
X-FW-Dynamic
Webcakes-App-Name
X-Origin-Hint
Webcakes-Region
X-Xfnlog-Site
Webcakes-App-Version
X-Varnish-Hits
X-RCS-CacheZone
Azure-InstanceId
X-Pubstack
Azure-RegionName
Azure-SiteName
X-Amzn-Remapped-Content-Length
Azure-Version
Azure-SlotName
X-IP
TWC-GeoIP-LatLong
S-Rt
Property-Id
X-Akamai-Transformed
GEO-INFO
TWC-Connection-Speed
TWC-Privacy
TWC-Device-Class
TWC-Locale-Group
TWC-GeoIP-Country
X-R9-Blue-Green-Version
X-NCache
X-Cluster-Node
X-Whom
X-Site-Version
X-RateLimit-Limit
X-Locale
X-Cache-Control
Cache-Key
X-UA-Device-Type
X-Cache-Host
Cache
X-Rule
X-NGENIX-Cache
X-Drupal-Cache-Tags
X-Backend-TTL
X-Mode
X-Forwarded-Host
L5d-Success-Class
Section-Io-Cache
Webserver
X-CDN-Forward
Content-Disposition
X-UnsetCookies
Cache-Name
Time
X-CS
X-Info
Viewport
Rt-Fastcgi-Cache
X-Origin-TTL
X-Varnish-Cache-Hits
X-ApacheServer
X-PERF
Mime-Version
Accept-Language
X-Origin-CC
X-B3-Spanid
Uber-Trace-Id
Country
ServedBy
X-Newrelic-Synthetics
X-VCache
Odigeo-Trace-Id
X-Cache-Remote
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Device-Type
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Via-Fastly
X-From
X-Uri
X-EC-Lua
X-Litespeed-Cache
Proxy-Connection
X-Cluster-Name
Filterid
Geo-Info
X-Drupal-Cache-Contexts
HitType
X-Microcachable
Access-Control-Request-Headers
X-Real-IP
X-Geo
X-TT-TIMESTAMP
Cf-Ipcountry
X-Aed
Fastcgi-X-Cache-Version
Mobile-Detection-Method
X-ARC
MD5-Digest
GEO-REGION-INFO
Meta-Geo-Continent
X-Application
Machine
Rendered-Blocks
VIX-Pulpo-Node
VivaBuild
X-A-Dam
X-A-Ccd
VIX-Pulpo-Upstream-Status
X-A
X-A-Dcw
X-B-Cookie
T-Server
W
X-A-Wwc
X-A-Dgt
Viewtype
X-Accel-Expires-Debug
X-DPWN-IS-SECURE
X-SRCache-Key
AsisCache
X-Transaction
X-Trv-Group
X-Sigma-Backend
X-Sigma
X-Rojux
X-S
X-ScT
X-Session-Fingerprint
X-Twitter-Response-Tags
Apple-News-Services-Request-Url
X-Vtex-Remote-Cache
Apple-News-Services-Host
Xc-Version
Ohc-File-Size
X-Vtex-Processado-Em
X-VG-WebServer
Apple-News-Services-Parsed-Url
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebCache
X-Rocket-Build-Number
X-S-Cookie
X-Destination
X-G
X-Geo-Header
X-External-Request-Id
X-Rewrite-Enabled
Content-Style-Type
BehaviorPad-Version
X-GeoIP-Country-Code
X-Date
X-Region-Sid
X-CF-Lambda-Version
X-Request-UUID
X-Connection-Hash
Apple-News-Services-Handled
X-D
X-CF-Lambda-Fn
Content-Script-Type
X-Nc
User-Cache-Control
X-Labrador-Cache-Channel
X-Cache-Time
X-PHP-Host
X-C
Countrycode
Fastly-SWR
Fastly-SIE
Environment
CDCHOST
Fastly-Soc-X-Request-Id
X-CGP
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Hit
X-Eu-Site
X-SIPLIST1
X-TrackingId
X-WebServer
X-VC-Cache
X-Var-Ttl
X-Distil-CS
X-Developers
Powered-By
Locid
IsBot
HA-Ipaddr
X-App-Name
X-Backend-State
X-Clientip
X-Cache-Expired-At
X-Cache-Debug
Ha-Gx-Prefs
X-CUA
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Cache-Hits
X-Varnish-Beresp-Status
Group
Fastly-SSL
X-GoCache-CacheStatus
X-Request-URI
X-Auto-Login
X-Azure-Ref
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform-Server
X-Cache-Tags
X-Cache-ASPX
X-Block-Status
X-Proxy-Upstream
X-Bip
X-Air-Hostname
AKAMAI
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
V-Age
True-Client-Country-4JS
X-TH-Server
X-IN-APIGATEWAY
Web-Mar-Node
X-Agile-Age
X-Agile
X-Origin-Expires
X-Servername
X-Agile-Id
X-NU-AKA-ACS-Version
X-Gen-Mode
X-Generated-In
X-Gamma-Serve
X-Li-Fabric
X-Li-Pop
X-Fetched-On
X-JWT-State
X-GeoIP-City
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-Hash
X-Has-Esi
X-Is-Gdpr
X-LI-Proto
X-Epic-Correlation-Id
X-Core-Mission
X-No-Session
X-Contensis-Viewer-Groups
X-Cms-Context
X-NX-Host
Server-Surrogate-Control
X-Nginx-Cache-Key
X-Debug-Cookies
X-Distributor
X-LI-UUID
X-Logging-Id
X-Dispatcher-Server
X-Debug-Log
X-Origin-Date
We-Hiring
Mail-Subject
X-Varnish-Authentication
X-VServer
Server-Int
X-Variation
X-Urbn-Site-Id
Platform
X-Tumblr-Pixel-3
X-Up
X-Urbn-Context-Path
Kp-EeAlive
Is-Eu
X-Cdn-Srv
X-OVcl
X-OVcl-Cache
Adler-Geo
X-Wikidot-Static-Cache
X-Wikidot-Backend
IBM-Web2-Location
Gh-Request-Id
Fastly-Backend-Name
Country-Code
Pragrma
Locale
RNT-Machine
Server-Cache-Control
Request-EU
RNT-Time
Server-ID
Request-Country
X-Thanos
X-Edge-Location
Ohc-Cache-HIT
X-Clara-WADP
X-Fastly-Cache
X-Matched-Rule
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Cache-Store
X-Cache-URL
X-Ms-Request-Id
FNAC-ModuleRouting
S-Cnection
X-We-Are-Hiring
Thinkindot-Control
Server-Host
Cache-Host
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Instart-Isnd
Cdncip
X-Generation-Time
X-Ms-Version
X-WADP-Cache
X-FW-Version
X-Webstats-RespID
Cdnsip
X-Swa-Ws
X-Irp-Debug
X-Core-Value
X-Req
X-Trace-Id
X-Reboot
Wxu-Next-Region
X-Cache-Info
Wxu-Next-Hostname
X-AK-Request-ID
X-TT-LOGID
X-Trafficlayer-App-Scope
X-Server-W
X-Trafficlayer-App-Name
X-Trafficlayer-App-Version
PFcat
ServerName
Wxu-Next-Commit
X-BBXSRF
X-NodeID
Memcached
X-Cache-Bucket
X-Owner
X-ServiceProvider
X-Thinkindot-L3
Heartbleed
X-VHOST
X-Nginx-Cache
X-UPSTREAM-Address
X-Service
X-Old-Content-Length
X-Level-Front-Cache
X-Micro-Cache
X-Response-By
X-S-Maxage
X-Generated-On
X-SERVER
X-App-Version
X-NC
X-Render-Time
X-Varnish-Cacheable
X-Wa
RequestId
X-Refresh
X-Lb-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Node-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Cache-Backend
X-CSRF-TOKEN
X-User
Powered-By-ChinaCache
X-Sucuri-ID
X-Developer
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Internal-Host
X-Key
User-Agent
X-Ua-Device
X-Parent-Response-Time
X-NWS-UUID-VERIFY
X-Cache-Status-Check
X-Ua
X-Sucuri-Cache
Hostname
X-LAGOON
X-Cache-Grace
X-Device-Os
Origin
X-Cdn-Origin
X-Sn-Servicetimems
X-CF-Powered-By
X-Location
X-Tb-Optimization-Total-Bytes-Saved
X-Pf-Uncompressing
X-Pjax-Url
X-CSRF-Token
X-Via-CDN
On-Server
X-TA-CDN-Provider
A
X-Ocache
SRV
ProcessTime
Geoip-Latitude
Geoip-City
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
PICS-Label
Memory
X-B3-Parentspanid
X-NGINX-Cache
X-Cdn-Forward
GeoIp-Country-Code
Cloudfront-Viewer-Country
X-COUNTRY
X-BACKEND-TTL
TTL
X-Oracle-Dms-Rid
X-Varnish-URL
X-Vcl-Version
X-Servedbyhost
X-Server-IP
X-Webkit-CSP
M-TraceId
Resin-Trace
X-Unique-ID
X-Varnish-Ttl
XServer
X-TIME
Media-Length
X-Rocket-Nginx-Bypass
X-Cdn-Request-ID
X-HS-Status
SN
Cdn
Dnion-Transfer-Encoding
Tcn
X-Correlation-ID
X-B3-SpanId
X-FORWARDED-FOR
Host-ID
X-Slack-Backend
X-Ratelimit-Remaining
CACHE
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Node
X-Action
X-ServedByHost
X-Beluga-Status
X-Beluga-Response-Time
X-Processor
X-Dispatch
X-Cache-FS-Status
X-PAYTM-SRV-ID
Who
X-Cache-Ttl
X-Server-Time
Arc-Country
X-DC
HostName
X-Via-Ucdn
X-RSL
X-DB
X-RPM
X-Skip-Cache
X-DSS
X-ND-Cache
X-DW
X-DI
X-RPS
X-VCL-Version
Pramga
X-Fastly-Country-Code
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Reqid
Fastly-Drupal-HTML
Section-Io-Origin-Status
Section-Origin-Responded
Ttl
GeoIP-Country-Code
Section-Io-Id
Section-Io-Origin-Time-Seconds
NtCoent-Length
X-Dynatrace-Js-Agent
Pics-Label
X-Hello
X-Flog
X-ABtesting
N-Cache
Amp-Access-Control-Allow-Source-Origin
X-Bc-Bl
X-Served-From
X-AIR-PT
X-DevSite-Last-Modified
GeoIP-Latitude
Esi-Enabled
GeoIP-City
X-VarnishDD-TTL
MIME-Version
X-LiteSpeed-Cache-Control
Fusion-Deployment-Id
X-Sucuri-Id
X-Planisys-CDN-Rules
X-Varnish-Url
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Adobe-Source
CF-Cached-On
X-Ratelimit-Limit
X-Bc
X-APP
X-Request-Start
X-Backend-Host
X-PF-Uncompressing
X-Azure-Ref-OriginShield
X-Zone
X-FPC
X-HostName
Trailer
X-Ruxit-Js-Agent
X-Fastly-Backend-Reqs
X-SRV
Cache-Cookie-Set-Lfrom
WebServer
Rt-Proxy-Cache
Cache-Cookie-Set-From
X-PJAX-URL
Cache-Cookie-Set-Idcheck
X-Dynatrace
X-Fmm-Version
X-BE
X-Scheme
Processtime
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Swift-Error
X-Newrelic-App-Data
Servername
X-Method
X-BC
Magicmarker
X-ID
X-WA
X-ZONE
FSS-Proxy
Cteonnt-Length
Cache-Provider
FSS-Cache
X-Fpc
X-WR-MODIFICATION
X-Frame-Option
X-Branch-Name
X-LB-ID
Dynatrace
X-Snapshot-Date
CF-IPCountry
CDN
X-StackifyID
X-Cache-Id
X-SN
Requestid
X-Esi-Check
Lb
X-CACHE-AGE
WZWS-RAY
L
Sid
X-Compress-Hint
X-Tid
Ohc-Response-Time
X-Aicache-OS
Warning
X-Cc-Req-Id
X-VC
X-SB
V-Cache
X-Request-Url
X-Cc-Via
D-Cc-Upstream
SD-X-WS
X-Fastly-Cache-Hits
Release
X-Gzip
X-Cache-NGX
X-SD-PageType
Load-Balancing
X-Litespeed-Cache-Control
X-Nananana
X-VCT
X-Instart-Info
SID
X-GEO
X-ECACHE
X-Apw-Access-Action
X-Varnish-Beresp-TTL
X-ElasticPress-Search
X-Fastly-Cache-Status
X-Check-Cacheable
X-Request-URL
X-Worker
X-Powered-Y
X-Apw-Hits
X-Svr
X-WPE-Loopback-Upstream-Addr
Cneonction
X-Apw-Access-Token
WP-Super-Cache
X-Apw-Access-Object
X-Be
X-App