Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
X-XSS-Protection
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Xss-Protection
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
X-Envoy-Upstream-Service-Time
X-Via
P3p
CF-Ray
X-Backend
X-Server
X-Age
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Page-Speed
X-Server-Powered-By
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Readtime
X-Backend-Server
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Cache-Lookup
X-Application-Context
X-HW
X-Ruxit-JS-Agent
X-ORACLE-DMS-ECID
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-ORACLE-DMS-RID
X-Mod-Pagespeed
X-DataDome
NEL
X-Rack-Cache
Rating
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
Edge-Control
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-DynaTrace
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-GitHub-Request-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Id
X-Version
X-MS-InvokeApp
RTSS
X-Vcache
Edge-Cache-Tag
X-Server-Name
X-D2id
X-Abt-Application-Version
X-Debug
Ar-Sid
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
X-Px
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Fastcgi-Cache
X-Cached
X-Sol
Display
Response
X-Middleton-Display
X-Middleton-Response
Pagespeed
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
X-Accel-Expires
X-Amz-Rid
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
TCN
X-Server-ID
X-Powered-CMS
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-VARITI-CCR
Public-Key-Pins
X-Fastly-Request-ID
X-Edge-O15-RID
X-Trace
X-Client-IP
Cache-Tag
X-Cdn
Realpath
MS-Author-Via
Nginx-Cache
X-Ser
Access-Control-Request-Method
X-Shard
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-DynaTrace-JS-Agent
Mrf-Cache-Status
X-Content-Type
Nel
X-Amzn-Trace-Id
X-Upstream
S
SPIisLatency
SPRequestDuration
X-Ezoic-Cdn
X-Hp-Webp
X-Id
X-Grace
X-Forwarded-For
X-Jurisdiction
X-T
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Cache-TTL
X-Aspnet-Version
X-Varnish-Age
X-Content-Digest
ServerID
X-Element-Page-Cache
X-Node-Name
X-Mobile-URL
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend
MicrosoftSharePointTeamServices
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-Expires
X-Dw-Request-Base-Id
X-DIS-Request-ID
NR-ENABLED
Server-Node
Powered
X-Frontend
X-HS-Cache-Config
X-HS-Combine-CSS
X-GUploader-UploadID
X-HS-Content-Id
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-HS-Hub-Id
X-Goog-Generation
TP-L2-Cache
TP-Cache
X-Logged-In
Alternate-Protocol
Server-Name
X-CST
X-Amzn-RequestId
X-Amz-Apigw-Id
AMP-Access-Control-Allow-Source-Origin
X-Correlation-Id
X-Microsite
X-Request-Received
Upgrade-Insecure-Requests
X-Request-Handler-Origin-Region
X-Request-Processing-Time
X-Cache-Hit
X-ATS-Timestamp
Backend-Timing
Fastly-Restarts
X-XRDS-Location
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Rid
X-F-Cache
X-Page-Id
X-Akamai-Edgescape
Refresh
X-User-Agent
X-Zen-Fury
X-Origin-Server
X-Revision
X-Varnish-Grace
X-XRDS-LOCATION
X-FTR-Cache-Host
X-Type
X-Content-Powered-By
X-LB-Cache
X-B
PB-RID
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Geo-Country
X-B3-Sampled
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-URL
X-Kinsta-Cache
X-N
X-Cache-Age
X-Cache-Action
X-Time
X-WebKit-CSP-Report-Only
X-TT
X-Instance
Paypal-Debug-Id
Access-Control-Allow-Method
Actual-Object-TTL
X-B-Cache
X-Signature
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Framework
X-Tumblr-User
X-Debug-Info
X-App-Environment
X-AOL-HN
X-Jobs
X-FB-Debug
X-Cached-By
X-Request-Guid
X-Git-Hash
X-PHP-Backend
X-Load-Cache
X-Shield-Request-Id
X-Pad
Fastcgi-Useragent
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Varnish-Backend
X-RateLimit-Remaining
X-Webkit-Csp
Surrogate-Key
Host-Header
X-IPLB-Instance
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-ATG-Version
X-Contextid
X-NWS-LOG-UUID
MS-CV
Host
X-WA-Info
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-SS-Set-Cookie
X-Mobile
X-Via-JSL
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Webapp-Samesite-None-Activated-N
NGB
X-Response-Served-From
X-Host-Name
X-Accel-Buffering
X-Analytics
FilterID
X-Cluster
Tracecode
Frame-Options
Payment
X-Varnish-Server
WPE-Backend
Xserver
X-Region
Source
X-FW-Serve
X-FW-Server
X-FW-Static
X-Cache-NE
Eomportal-Instance
Cache-Tv-Group
Filters
X-Cache-2
X-FW-Type
X-FW-Hash
X-GeoIP
X-Origin-Response-Time
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Varnish-Hostname
X-Hostname
X-Cacheable-TTL
X-Srv
X-Presslabs-Stats
X-Cache-Operation
X-Cache-Rule
X-Cache-Enabled
X-Rendered-As
X-Is-Bot
X-EdgeConnect-Cache-Status
Retry-After
X-Adobe-Content
X-Adobe-Loc
X-Cache-Key
X-Seen-By
X-RequestSource
X-NewRelic-App-Data
X-TX-ID
Server-Info
X-RemovedCookies
X-ProcessESI
Liferay-Portal
X-Cache-TTL-Remaining
Cleartype
X-FastCGI-Cache
X-App-Server
X-CACHE-KEY
Accept-CH
X-Dc
X-FireWall-Port
X-L-Path
X-Environment-Context
X-B3-Traceid
X-Endurance-Cache-Level
X-RTag
Ms-Operation-Id
X-Handled-By
X-Source
X-Upgrade-Enabled
X-Cache-Server
X-HTML-Minification-Powered-By
Datacenter
X-UA
From-Origin
X-Backend-Name
Accept-Charset
X-VCache
Accept-CH-Lifetime
X-APP-VERSION
Meta-Geo
X-Cache-Var
X-ES-SERVER
X-RN-RSRV
Srv
X-Cache-Var-Map
X-PressLabs-Stats
X-Path-Route
X-Proxy-Build
X-Cache-Control
OT-Force-Account-Verify
X-UUID
X-Wix-Request-Id
X-Timing-Wait
Selected-Fe
X-Tb
Healthy
X-Access
X-Section
X-Akamai-Request-ID
Version
Akamai-GRN
X-Origin
X-PCL
X-OCL
X-NYM-Debug-Backend
X-Cache-Config
Cache
X-Format
X-FC-Vary-Parameters
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
Decoy-Debug-Key
DB-Nickname
Cache-Tags
Azure-InstanceId
Origin-Edge-Control
X-Akamai-Request-ID2
X-ServerID
X-ShardId
X-ShopId
X-EIG-Tracking-Id
X-Alternate-Cache-Key
X-BYPASS-REASON
X-SaId
X-Shopify-Generated-Cart-Token
X-Proxy-Cache-Status
X-Shopify-Stage
X-Vgn-Hpd-Reason
X-Hyper-Cache
X-Hosted-By
X-Proto
Mn-Server-Ip
X-ProxyCache-Key
X-Request-Time
X-ProxyCache-Status
X-Viewer-Country
X-Proxy
X-Time-Microsecs
Now
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Hl-Ver
X-JoinUs
X-Soup
Decoy-Debug-TTL
X-Cluster-Node
Ec-Rule-Version
Origin-Cache-Control
X-Pubstack
Decoy-Debug-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-FB-TRIP-ID
X-FW-Dynamic
X-CCM
X-BCube-Filmed-By
X-Qloud-Router
X-MP-GENERATED-AT
X-Loop
X-Human
X-Amzn-Remapped-Content-Length
X-AWS-Id
X-LJ-Flow-ID
Cross-Origin-Window-Policy
Node
X-Debug-Cache
X-Varnish-Hits
X-TNCMS
X-VWS-Id
X-Web-Node
X-Www-Served-By
X-Generated-By
X-Storage
X-Redis-Cache
X-Say-Cacheable
X-Say-TTL
NGX
X-SayCDN-TTL
X-RateLimit-Limit
Property-Id
TWC-Privacy
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
S-Rt
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
Webcakes-Region
GEO-INFO
X-Content-Age
X-Origin-Hint
X-Site-Version
X-NCache
TWC-Locale-Group
X-Locale
X-Status
X-Generated
X-Xfnlog-Site
X-Rule
X-R9-Blue-Green-Version
X-Akamai-Transformed
X-Cache-Host
X-IP
X-Detected-As
X-RCS-CacheZone
Cache-Key
X-Drupal-Cache-Tags
L5d-Success-Class
X-CS
Webserver
X-Whom
X-Unique-Id
X-Esi
X-Daa-Tunnel
Uber-Trace-Id
Viewport
X-UA-Device-Type
Time
Cache-Name
X-Forwarded-Host
X-UnsetCookies
Mime-Version
X-NGENIX-Cache
X-VHOST
X-Mode
X-Origin-TTL
X-Info
Rt-Fastcgi-Cache
Content-Disposition
X-Origin-CC
X-Varnish-Cache-Hits
Accept-Language
Country
X-Backend-TTL
X-Cache-Remote
X-B3-Spanid
X-From
Odigeo-Trace-Id
X-PERF
X-ApacheServer
ServedBy
Section-Io-Cache
X-CDN-Forward
X-Magnolia-Registration
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Nc
X-Device-Type
X-CLOUD-TRACE-CONTEXT
X-Via-Fastly
X-Geo
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Newrelic-Synthetics
Proxy-Connection
X-Uri
X-TT-TIMESTAMP
X-Zipkin-Id
X-Proxied
X-Microcachable
X-Routing-Service
Cf-Ipcountry
X-EC-Lua
X-Ttl
Ohc-File-Size
Access-Control-Request-Headers
HitType
X-Date
X-Rocket-Build-Number
AsisCache
X-Rojux
X-VG-WebServer
X-Destination
X-Region-Sid
X-External-Request-Id
X-GeoIP-Country-Code
X-Geo-Header
X-G
X-DPWN-IS-SECURE
X-Request-UUID
X-Vtex-Remote-Cache
X-Rewrite-Enabled
BehaviorPad-Version
Xc-Version
X-Vtex-Processado-Em
X-VG-WebCache
X-Sigma
X-Accel-Expires-Debug
X-Session-Fingerprint
X-A-Dgt
X-A-Dcw
X-D
X-A-Ccd
X-A-Dam
X-ScT
X-Connection-Hash
X-ARC
X-B-Cookie
X-S
X-CF-Lambda-Fn
X-Application
X-Aed
X-CF-Lambda-Version
X-A
VivaBuild
GEO-REGION-INFO
Machine
X-Trv-Group
Fastcgi-X-Cache-Version
X-Twitter-Response-Tags
Content-Style-Type
X-S-Cookie
X-Vdms-Version
X-Transaction
X-SRCache-Key
Rendered-Blocks
T-Server
Viewtype
Mobile-Detection-Method
Meta-Geo-Continent
X-Sigma-Backend
MD5-Digest
Content-Script-Type
X-A-Wwc
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Geo-Info
X-Varnish-Beresp-Ttl
X-Real-IP
X-Edge-Location
X-C
X-No-Session
Apple-News-Services-Request-Url
X-Agile-Age
X-Agile-Id
Apple-News-Services-Parsed-Url
X-SIPLIST1
CDCHOST
X-Cache-Time
X-Agile
Apple-News-Services-Handled
W
IsBot
X-Hit
Locid
Powered-By
X-Logging-Id
HA-Ipaddr
Ha-Gx-Prefs
X-Thanos
X-Eu-Site
Countrycode
Fastly-Soc-X-Request-Id
Gh-Request-Id
X-Distil-CS
Apple-News-Services-Host
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Auto-Login
X-CGP
X-Cache-Debug
X-Bip
X-WebServer
X-VG-TLSProxy
X-Tumblr-Pixel-3
X-Clientip
X-TrackingId
Filterid
User-Cache-Control
X-UPSTREAM-Address
Ohc-Cache-HIT
X-Li-Fabric
X-LI-Proto
X-Li-Pop
X-Hash
Server-Surrogate-Control
X-Has-Esi
Server-ID
Server-Cache-Control
X-Cache-ASPX
X-IN-APIGATEWAY
Request-Country
X-Labrador-Cache-Channel
X-Irp-Debug
X-JWT-State
Request-EU
X-Cdn-Srv
X-Is-Gdpr
X-IN-APIGATEWAYSSL
X-Cache-Info
X-Instart-Isnd
Platform
X-Gamma-Serve
X-Cms-Context
X-Contensis-Viewer-Groups
X-Debug-Log
X-Developers
X-LI-UUID
X-Debug-Cookies
X-Debug-Cache-Store
X-CUA
X-Debug-Cache-Expiry
X-AK-Request-ID
X-App-Name
X-Debug-Cache-Fetch
X-Azure-Ref
X-Backend-State
X-Air-Hostname
V-Age
True-Client-Country-4JS
X-Generated-In
X-Generation-Time
X-FW-Version
X-Fetched-On
X-BBXSRF
X-Dispatcher-Server
X-Clara-WADP
X-Epic-Correlation-Id
We-Hiring
X-GeoIP-City
Locale
Adler-Geo
AKAMAI
X-Servername
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Request-URI
Cache-Host
X-Rebelmouse-Cache-Control
X-RateLimit-Remaining-Second
Country-Code
X-Rebelmouse-Surrogate-Control
Cdncip
X-Swa-Ws
X-TH-Server
X-VServer
X-VC-Cache
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-Varnish-Authentication
X-Variation
X-Trace-Id
X-TT-LOGID
X-Urbn-Context-Path
X-Urbn-Site-Id
Environment
Cdnsip
Mail-Subject
X-NodeID
X-Origin-Expires
X-OVcl-Cache
X-Owner
Heartbleed
X-Origin-Date
X-NX-Host
Kp-EeAlive
X-Cache-Tags
Is-Eu
X-PHP-Host
X-OVcl
X-Micro-Cache
X-Ms-Version
X-Platform-Server
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Ms-Request-Id
Fastly-SIE
Fastly-SWR
Memcached
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-GoCache-CacheStatus
Fastly-SSL
X-NU-AKA-ACS-Version
X-Up
X-Cache-Expired-At
X-Nginx-Cache-Key
X-Cache-URL
X-Hnp-Log
X-Matched-Rule
X-Distributor
X-Reboot
X-Fastly-Cache
X-Generated-On
X-Render-Time
X-Server-W
X-Thinkindot-L3
X-Core-Mission
X-Gen-Mode
X-ServiceProvider
X-Service
X-Trafficlayer-App-Version
X-Level-Front-Cache
Server-Int
Server-Host
RNT-Time
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Group
Web-Mar-Node
Thinkindot-Control
X-App-Version
RNT-Machine
X-Cache-Bucket
PFcat
IBM-Web2-Location
X-Block-Status
ServerName
X-Cache-Backend
Cache-Hits
Wxu-Next-Commit
X-Old-Content-Length
Fastly-Backend-Name
X-Var-Ttl
Wxu-Next-Hostname
Pragrma
FNAC-ModuleRouting
X-TA-CDN-Provider
X-Lb-Id
X-Req
X-Core-Value
X-User
X-S-Maxage
Wxu-Next-Region
X-Nginx-Cache
RequestId
X-Internal-Host
X-Response-By
X-Refresh
X-SERVER
S-Cnection
Powered-By-ChinaCache
X-Sucuri-Cache
X-Key
X-Location
X-Ruxit-Js-Agent
X-CSRF-TOKEN
X-Ua
X-Sucuri-ID
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
X-Tec-Api-Root
X-Pjax-Url
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cdn-Forward
X-BACKEND-TTL
X-CF-Powered-By
X-Correlation-ID
X-CSRF-Token
ProcessTime
Origin
X-Varnish-Cacheable
X-Node-Id
X-B3-Parentspanid
X-NC
X-Pf-Uncompressing
Memory
SRV
TTL
User-Agent
X-Developer
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Ocache
X-Vcl-Version
X-Via-CDN
Geoip-City
Geoip-Latitude
X-NWS-UUID-VERIFY
X-Device-Os
X-Unique-ID
X-Cache-Status-Check
X-Server-IP
X-Cache-Grace
X-Cdn-Origin
PICS-Label
X-Sn-Servicetimems
GeoIp-Country-Code
X-LAGOON
On-Server
X-NGINX-Cache
X-B3-SpanId
A
X-COUNTRY
Hostname
X-Request-Host
Cloudfront-Viewer-Country
X-MSEdge-Features
X-MSEdge-Flight
X-Webkit-CSP
X-Servedbyhost
Media-Length
X-Litespeed-Cache
X-Cdn-Request-ID
X-Varnish-Ttl
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
Cdn
XServer
X-TIME
X-Via-Ucdn
Tcn
Resin-Trace
SN
M-TraceId
X-FORWARDED-FOR
X-HS-Status
X-ServedByHost
X-Sucuri-Id
X-Varnish-URL
Host-ID
HostName
X-Ratelimit-Remaining
X-Beluga-Trace
X-Beluga-Cache-Status
Who
Esi-Enabled
X-Beluga-Record
X-Reqid
X-Cache-Ttl
X-Beluga-Status
X-Beluga-Response-Time
X-AIR-PT
X-Beluga-Node
CACHE
X-Slack-Backend
X-Action
X-Fastly-Country-Code
CF-Cached-On
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Policy
X-DI
X-DB
X-PAYTM-SRV-ID
X-DSS
X-Server-Time
X-RPS
X-Request-Start
X-DW
X-RSL
X-Processor
GeoIP-Country-Code
Pics-Label
X-Cache-FS-Status
X-Azure-Ref-OriginShield
Pramga
X-RPM
Trailer
Arc-Country
X-Dispatch
X-VCL-Version
GeoIP-Latitude
X-Skip-Cache
X-ND-Cache
Rt-Proxy-Cache
GeoIP-City
X-VarnishDD-TTL
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
MIME-Version
X-ABtesting
X-Fastly-Backend-Reqs
Ttl
Fastly-Drupal-HTML
X-Varnish-Url
X-Hello
X-Flog
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-APP
X-PF-Uncompressing
NtCoent-Length
X-Served-From
X-DC
X-Zone
X-Bc
X-DevSite-Last-Modified
X-Ratelimit-Limit
X-Method
X-Newrelic-App-Data
N-Cache
Magicmarker
X-FPC
X-Bc-Bl
X-HostName
Section-Io-Id
X-Swift-Error
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Amzn-Remapped-Connection
X-SRV
X-Amzn-Remapped-Date
WebServer
X-PJAX-URL
Amp-Access-Control-Allow-Source-Origin
X-Backend-Host
Cteonnt-Length
X-Ftr-Cache-Host
X-Dynatrace
X-ZONE
X-BE
Processtime
X-BC
Servername
X-Dynatrace-Js-Agent
Fusion-Deployment-Id
Ohc-Response-Time
X-ID
X-WA
X-Fmm-Version
X-Be
Cache-Provider
X-Svr
X-WR-MODIFICATION
X-Frame-Option
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
FSS-Proxy
Cache-Cookie-Set-From
FSS-Cache
Load-Balancing
Vix-Hermes-Req-Id
Dynatrace
Requestid
Lfy
X-Aicache-OS
X-Adobe-Source
CF-IPCountry
X-Branch-Name
CDN
X-Scheme
X-LB-ID
X-Snapshot-Date
X-StackifyID
X-CACHE-AGE
X-VC
X-Request-Url
Proxy-Firewall
X-Tid
V-Cache
Pagetype
X-SB
WZWS-RAY
X-Fastly-Cache-Hits
X-Fpc
X-App
X-Apw-Access-Action
X-Apw-Access-Token
X-Cc-Via
Warning
D-Cc-Upstream
X-Apw-Hits
X-Cc-Req-Id
X-Apw-Access-Object
DSUID
X-Litespeed-Cache-Control
X-MServer
Cneonction
X-VCT
X-Varnish-Beresp-TTL
X-Check-Cacheable
Correlation-Id
Backend-Name
X-Powered-Y
X-WPE-Loopback-Upstream-Addr
WP-Super-Cache
X-Hp-Ccpa-Warning
X-ElasticPress-Search
X-Configured-By
Release
X-Worker
X-Request-URL
X-Fastly-Cache-Status