Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
X-XSS-Protection
CF-Cache-Status
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Xss-Protection
X-DNS-Prefetch-Control
X-Template
X-Language
CF-Ray
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
P3p
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Cache-Lookup
X-Application-Context
X-HW
X-Ruxit-JS-Agent
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
Rating
X-Dns-Prefetch-Control
Pinterest-Generated-By
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Version
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-Name
X-Vcache
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Server-ID
X-Px
AR-ATIME
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Response
Pagespeed
X-Middleton-Display
X-Sol
X-Middleton-Response
Display
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-VARITI-CCR
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Public-Key-Pins
X-Edge-O15-RID
X-Fastly-Request-ID
X-Trace
Realpath
Cache-Tag
X-Client-IP
Nginx-Cache
MS-Author-Via
X-Cdn
Access-Control-Request-Method
X-Ser
Mrf-Cache-Status
X-Content-Type
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Shard
X-DynaTrace-JS-Agent
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Id
X-Hp-Webp
X-Jurisdiction
X-Ezoic-Cdn
X-Grace
X-Upstream
S
X-Forwarded-For
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-T
X-Hits
Fastcgi-Cache
X-Cache-TTL
X-Recruiting
DynaTrace
Nel
X-Aspnet-Version
X-Varnish-Age
X-Node-Name
X-Element-Page-Cache
X-Mobile-URL
ServerID
X-Content-Digest
X-FTR-Expires
X-FTR-Balancer
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Cache-Status
MicrosoftSharePointTeamServices
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Dw-Request-Base-Id
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-Frontend
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Goog-Generation
X-GUploader-UploadID
TP-L2-Cache
TP-Cache
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-XRDS-Location
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-Restarts
X-Request-Handler-Origin-Region
X-Microsite
X-Cache-Hit
X-ATS-Timestamp
Backend-Timing
X-Request-Received
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Content-Options
X-User-Agent
X-Correlation-Id
X-Page-Id
X-Content-Security-Policy-Report-Only
X-F-Cache
Refresh
X-Origin-Server
X-Zen-Fury
X-Rid
X-Akamai-Edgescape
X-Varnish-Grace
X-Revision
X-FTR-Cache-Host
X-Type
X-B
X-Content-Powered-By
X-LB-Cache
PB-PID
PB-RID
Arc-Version
X-B3-Sampled
X-Mobile-Rewrite
X-XRDS-LOCATION
Cache-Status
X-Az
X-AppVersion
X-Activity-Id
X-Geo-Country
X-URL
X-Kinsta-Cache
X-N
X-Cache-Action
X-Cache-Age
X-TT
X-AOL-HN
X-Debug-Info
X-Framework
X-Jobs
X-Signature
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-B-Cache
X-Instance
X-FB-Debug
X-Time
Actual-Object-TTL
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Tumblr-User
X-Tumblr-Pixel
X-App-Environment
X-Load-Cache
X-Request-Guid
X-Cached-By
X-PHP-Backend
X-Git-Hash
Fastcgi-Useragent
X-Pad
X-Shield-Request-Id
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-RateLimit-Remaining
X-NWS-LOG-UUID
X-Varnish-Backend
X-Webkit-Csp
Surrogate-Key
Host-Header
X-WA-Info
X-IPLB-Instance
X-ATG-Version
Host
X-Contextid
MS-CV
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Accel-Buffering
NGB
X-Host-Name
X-Response-Served-From
Frame-Options
X-FastCGI-Cache
X-SS-Set-Cookie
Payment
Tracecode
X-Cache-NE
X-Origin-Response-Time
X-Region
Xserver
Source
Eomportal-Instance
X-Cache-2
X-Cluster
X-Varnish-Server
X-FW-Server
X-Hostname
X-FW-Type
X-FW-Serve
X-FW-Hash
Retry-After
Filters
WPE-Backend
X-GeoIP
X-FW-Static
X-Cacheable-TTL
X-IPS-LoggedIn
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Hostname
Cache-Tv-Group
X-Seen-By
X-Analytics
X-Rendered-As
X-Cache-Operation
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Enabled
X-Cache-Rule
X-Is-Bot
X-NewRelic-App-Data
X-Srv
FilterID
X-Cache-Key
X-Webapp-Samesite-None-Activated-N
Server-Info
Liferay-Portal
X-EdgeConnect-Cache-Status
X-TX-ID
X-ProcessESI
X-RemovedCookies
X-Cache-TTL-Remaining
X-Presslabs-Stats
X-App-Server
Cleartype
X-CACHE-KEY
Accept-CH
X-L-Path
X-Environment-Context
X-Dc
X-FireWall-Port
X-B3-Traceid
X-Handled-By
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-Source
X-RTag
Ms-Operation-Id
X-Cache-Server
X-HTML-Minification-Powered-By
From-Origin
Datacenter
Srv
X-Backend-Name
X-PressLabs-Stats
Accept-Charset
X-VCache
X-UA
X-UUID
Accept-CH-Lifetime
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
Meta-Geo
X-Path-Route
X-ES-SERVER
X-Section
X-Tb
X-Timing-Wait
OT-Force-Account-Verify
Selected-Fe
X-Access
X-Proxy-Build
X-Format
X-Wix-Request-Id
X-ShopId
X-Request-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Alternate-Cache-Key
X-EIG-Tracking-Id
X-Content-Age
X-Sorting-Hat-ShopId
X-Cache-Config
Cache-Tags
Mn-Server-Ip
X-Akamai-Request-ID
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-Proto
X-Shopify-Generated-Cart-Token
X-ProxyCache-Status
X-Yottaa-Metrics
X-Proxy-Cache-Status
X-ProxyCache-Key
X-JoinUs
X-Akamai-Request-ID2
Node
X-AWS-Id
X-BYPASS-REASON
X-FC-Vary-Parameters
X-Hl-Ver
NGX
Ec-Rule-Version
X-Origin
X-PCL
X-OCL
X-NYM-Debug-Backend
Akamai-GRN
X-LJ-Flow-ID
X-Akamai-Transformed
X-Yottaa-Optimizations
X-Qloud-Router
X-ServerID
X-VWS-Id
Version
X-SaId
X-Status
X-Vgn-Hpd-Reason
X-Soup
X-Hyper-Cache
Cross-Origin-Window-Policy
Decoy-Debug-Key
X-APP-VERSION
DB-Nickname
X-TNCMS
X-Loop
X-Say-TTL
X-SayCDN-TTL
X-FB-TRIP-ID
Decoy-Debug-TTL
X-Debug-Cache
X-Cluster-Node
Origin-Edge-Control
X-Hosted-By
X-BCube-Filmed-By
X-Human
Origin-Cache-Control
Now
Healthy
X-FW-Dynamic
X-Storage
X-MP-GENERATED-AT
X-CCM
Decoy-Debug-Status
X-Www-Served-By
X-Viewer-Country
X-Proxy
X-Cache-Control
X-Time-Microsecs
X-Web-Node
X-Pubstack
X-Say-Cacheable
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
X-Locale
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Site-Version
X-Redis-Cache
Webcakes-Region
Property-Id
X-Varnish-Hits
Webcakes-App-Version
TWC-GeoIP-Country
X-Generated
X-Generated-By
Azure-InstanceId
X-Xfnlog-Site
Azure-Version
Azure-SiteName
Azure-SlotName
X-RateLimit-Limit
Azure-RegionName
X-Origin-Hint
S-Rt
X-NCache
X-Detected-As
GEO-INFO
X-IP
X-Cache-Host
Cache
X-Whom
X-Rule
Cache-Key
X-Drupal-Cache-Tags
X-Ttl
L5d-Success-Class
X-NGENIX-Cache
X-UA-Device-Type
Webserver
Time
X-Mode
Cache-Name
X-Daa-Tunnel
X-Esi
X-Forwarded-Host
X-CS
Viewport
X-Unique-Id
Mime-Version
X-UnsetCookies
X-VHOST
Content-Disposition
X-Info
Accept-Language
Uber-Trace-Id
Section-Io-Cache
X-Origin-TTL
X-Origin-CC
Rt-Fastcgi-Cache
X-Varnish-Cache-Hits
X-ApacheServer
X-PERF
Country
X-Newrelic-Synthetics
X-B3-Spanid
ServedBy
X-Cache-Remote
Odigeo-Trace-Id
X-Backend-TTL
X-EC-Lua
X-From
X-Zipkin-Id
X-CDN-Forward
X-Routing-Service
X-Proxied
X-Magnolia-Registration
X-Device-Type
X-Nc
X-Cluster-Name
X-Via-Fastly
Geo-Info
X-CLOUD-TRACE-CONTEXT
X-Drupal-Cache-Contexts
X-Uri
X-Microcachable
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Proxy-Connection
X-TT-TIMESTAMP
X-Geo
Filterid
Access-Control-Request-Headers
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Cf-Ipcountry
HitType
Ohc-File-Size
T-Server
Rendered-Blocks
Viewtype
X-A-Ccd
X-A
W
Mobile-Detection-Method
VivaBuild
Content-Style-Type
Apple-News-Services-Request-Url
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Real-IP
Apple-News-Services-Handled
BehaviorPad-Version
Content-Script-Type
Machine
MD5-Digest
GEO-REGION-INFO
Fastcgi-X-Cache-Version
X-A-Dam
Meta-Geo-Continent
X-CF-Lambda-Fn
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Session-Fingerprint
X-ScT
X-Rojux
X-S
X-S-Cookie
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Vdms-Version
X-VG-TLSProxy
X-Rocket-Build-Number
X-Rewrite-Enabled
X-ARC
X-B-Cookie
X-CF-Lambda-Version
X-Application
X-Aed
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Connection-Hash
X-D
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-G
X-External-Request-Id
X-Date
X-DPWN-IS-SECURE
X-A-Dcw
X-Destination
X-TA-CDN-Provider
X-C
HA-Ipaddr
Ha-Gx-Prefs
X-Hit
Locid
X-Logging-Id
IsBot
Fastly-Soc-X-Request-Id
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
CDCHOST
Countrycode
X-Eu-Site
Environment
Fastly-SWR
X-Developers
X-App-Name
X-Bip
X-Agile-Id
X-Agile-Age
X-Agile
X-Cache-Debug
X-App-Version
Powered-By
X-PHP-Host
X-CUA
X-Clientip
X-CGP
X-Distil-CS
Fastly-SIE
X-SIPLIST1
X-VC-Cache
X-Thanos
X-Labrador-Cache-Channel
X-WebServer
X-No-Session
X-Cache-Time
X-Request-UUID
User-Cache-Control
Fastly-SSL
X-GoCache-CacheStatus
X-Debug-Log
X-Dispatcher-Server
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Debug-Cookies
X-Up
X-Gamma-Serve
X-Generated-In
X-Fetched-On
X-Var-Ttl
X-Distributor
X-Epic-Correlation-Id
X-Variation
X-Cms-Context
X-Backend-State
X-Cache-ASPX
X-Azure-Ref
X-Auto-Login
X-Air-Hostname
X-Wikidot-Backend
X-VServer
X-Cache-Tags
X-Wikidot-Static-Cache
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-GeoIP-City
X-Cdn-Srv
X-Cache-Expired-At
X-Core-Mission
X-IN-APIGATEWAY
X-Origin-Date
X-Origin-Expires
X-OVcl
X-NodeID
X-Nginx-Cache-Key
X-Ms-Request-Id
X-Ms-Version
X-Servername
X-OVcl-Cache
X-RateLimit-Remaining-Second
X-Request-URI
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Owner
X-Platform-Server
We-Hiring
X-SVT-ORM-RULES
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Is-Gdpr
X-Trace-Id
X-TrackingId
X-Tumblr-Pixel-3
X-Hash
X-TH-Server
X-JWT-State
X-Swa-Ws
X-SVT-ORM-VERSION
X-LI-UUID
X-LI-Proto
X-Li-Fabric
X-Li-Pop
X-Has-Esi
X-NX-Host
Server-ID
Gh-Request-Id
Adler-Geo
Group
True-Client-Country-4JS
Country-Code
Cache-Host
Server-Int
Platform
AKAMAI
Server-Cache-Control
Heartbleed
V-Age
Request-EU
Request-Country
Mail-Subject
Locale
RNT-Machine
IBM-Web2-Location
Is-Eu
RNT-Time
Kp-EeAlive
Server-Surrogate-Control
X-Edge-Location
X-UPSTREAM-Address
X-Trafficlayer-App-Version
X-TT-LOGID
X-Generation-Time
X-Trafficlayer-App-Scope
X-Generated-On
X-Trafficlayer-App-Name
X-Hnp-Log
X-Thinkindot-L3
X-Gen-Mode
Memcached
PFcat
X-Fastly-Cache
X-FW-Version
X-Nginx-Cache
Pragrma
X-ServiceProvider
X-Server-W
Cache-Hits
X-Micro-Cache
X-Matched-Rule
X-Reboot
ServerName
X-NU-AKA-ACS-Version
Cdncip
X-Req
FNAC-ModuleRouting
X-Irp-Debug
Cdnsip
X-WADP-Cache
X-We-Are-Hiring
Fastly-Backend-Name
X-Webstats-RespID
X-Service
X-Level-Front-Cache
X-Core-Value
Server-Host
X-Block-Status
Wxu-Next-Region
X-Cache-Info
X-Cache-URL
Web-Mar-Node
X-Clara-WADP
Ohc-Cache-HIT
Wxu-Next-Hostname
Wxu-Next-Commit
X-BBXSRF
Thinkindot-CacheControl-Type
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-AK-Request-ID
X-Debug-Cache-Expiry
Thinkindot-CacheControl
Thinkindot-Control
S-Cnection
X-Cache-Bucket
X-S-Maxage
X-Old-Content-Length
X-Render-Time
X-Lb-Id
X-Cache-Backend
X-Response-By
X-Refresh
X-SERVER
RequestId
X-User
X-CSRF-TOKEN
X-Wa
X-Ruxit-Js-Agent
Powered-By-ChinaCache
X-Correlation-ID
X-Ua
X-Internal-Host
X-Varnish-Cacheable
X-Key
X-BACKEND-TTL
X-Sucuri-Cache
X-Sucuri-ID
X-Cdn-Forward
Origin
X-Node-Id
X-Tec-Api-Version
X-Tec-Api-Origin
X-Pjax-Url
X-CF-Powered-By
X-Parent-Response-Time
X-Tec-Api-Root
X-Location
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Developer
User-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-Device-Os
X-Unique-ID
X-NC
X-Cache-Status-Check
X-LAGOON
Memory
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-Grace
ProcessTime
X-CSRF-Token
Hostname
X-B3-Parentspanid
X-Ocache
X-Pf-Uncompressing
X-NWS-UUID-VERIFY
TTL
X-Via-CDN
SRV
A
Geoip-City
X-Vcl-Version
Geoip-Latitude
On-Server
X-MSEdge-Flight
X-NGINX-Cache
Cloudfront-Viewer-Country
X-Request-Host
GeoIp-Country-Code
X-MSEdge-Features
PICS-Label
X-COUNTRY
X-Server-IP
X-Servedbyhost
X-B3-SpanId
M-TraceId
X-Webkit-CSP
X-Litespeed-Cache
X-Rocket-Nginx-Bypass
X-Cdn-Request-ID
X-HS-Status
Media-Length
SN
X-Varnish-Ttl
Cdn
X-Varnish-URL
XServer
X-TIME
X-Oneagent-Js-Injection
Tcn
Dnion-Transfer-Encoding
Resin-Trace
CACHE
X-FORWARDED-FOR
X-Via-Ucdn
Host-ID
X-Ratelimit-Remaining
X-Beluga-Status
X-Slack-Backend
X-ServedByHost
X-Action
Who
X-Cache-Ttl
X-Beluga-Trace
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Beluga-Node
X-Beluga-Record
HostName
X-Sucuri-Id
X-Fastly-Country-Code
X-DSS
Arc-Country
Pramga
X-RSL
X-RPS
GeoIP-Country-Code
X-Dispatch
X-PAYTM-SRV-ID
X-AIR-PT
X-Server-Time
X-Processor
Pics-Label
X-RPM
X-Cache-FS-Status
X-Reqid
X-DB
Esi-Enabled
X-DI
X-DW
GeoIP-City
X-Skip-Cache
X-ABtesting
X-Hello
X-ND-Cache
GeoIP-Latitude
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Flog
X-Policy
CF-Cached-On
Cdn-Host
X-Edge-Server
X-Served-From
Cdn-Request-Time
Amp-Access-Control-Allow-Source-Origin
Fastly-Drupal-HTML
X-VarnishDD-TTL
X-Request-Start
X-PF-Uncompressing
X-Azure-Ref-OriginShield
X-VCL-Version
Section-Io-Origin-Status
Section-Origin-Responded
X-Oracle-Dms-Rid
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-LiteSpeed-Cache-Control
MIME-Version
NtCoent-Length
N-Cache
X-Bc-Bl
X-DevSite-Last-Modified
X-Bc
Rt-Proxy-Cache
X-Zone
X-Varnish-Url
Ttl
X-DC
Trailer
X-Ratelimit-Limit
X-APP
X-Fastly-Backend-Reqs
X-Newrelic-App-Data
Fusion-Deployment-Id
X-HostName
Magicmarker
X-FPC
X-Method
X-SRV
X-Adobe-Source
X-Backend-Host
X-PJAX-URL
WebServer
X-Ftr-Cache-Host
X-Swift-Error
Processtime
Cteonnt-Length
Cache-Cookie-Set-Lfrom
FSS-Proxy
X-Dynatrace
X-BE
FSS-Cache
X-Amzn-Remapped-Date
Cache-Cookie-Set-From
X-Amzn-Remapped-Connection
Cache-Cookie-Set-Idcheck
X-Dynatrace-Js-Agent
Servername
X-ZONE
X-BC
X-Fmm-Version
X-ID
X-WA
X-Scheme
X-Fpc
Cache-Provider
X-Frame-Option
X-WR-MODIFICATION
CDN
X-Snapshot-Date
CF-IPCountry
X-StackifyID
Ohc-Response-Time
Requestid
X-Be
Dynatrace
X-Branch-Name
X-LB-ID
X-Svr
X-CACHE-AGE
WZWS-RAY
Vix-Hermes-Req-Id
X-Compress-Hint
X-Aicache-OS
X-Tid
D-Cc-Upstream
L
X-Cache-Id
X-Apw-Access-Token
V-Cache
Sid
X-App
X-Apw-Access-Object
X-Apw-Access-Action
X-Request-Url
X-Fastly-Cache-Hits
Lb
X-Cc-Req-Id
X-Cc-Via
Lfy
Warning
X-VC
X-SN
X-Apw-Hits
X-SB
X-Esi-Check
Load-Balancing
X-Litespeed-Cache-Control
Backend-Name
Correlation-Id
Proxy-Firewall
X-GEO
X-Request-Uuid
X-Worker
Pagetype
WP-Super-Cache
X-Varnish-Beresp-TTL
Cneonction
X-Fastly-Cache-Status
X-Check-Cacheable
X-Request-URL
X-ElasticPress-Search
X-Powered-Y
X-WPE-Loopback-Upstream-Addr