Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Ruxit-JS-Agent
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-Dns-Prefetch-Control
X-Country
X-Rack-Cache
X-Clacks-Overhead
Rating
X-Akam-SW-Version
Edge-Control
X-DataDome
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-TtlSet
X-Vname
X-PC
X-Goog-Hash
Accept-Ch
X-TTL
Content-MD5
Verso
X-ESI
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Vcache
X-GitHub-Request-Id
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-B3-TraceId
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
Ar-Sid
AR-PoweredBy
X-Amz-Server-Side-Encryption
AR-CACHE
AR-Request-ID
AR-ATIME
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Navigation-Version
X-MSEdge-Ref
X-Sol
Pagespeed
Response
X-Middleton-Response
Display
X-Middleton-Display
X-Amz-Rid
X-Server-ID
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-VARITI-CCR
X-Fastly-Request-ID
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
Nginx-Cache
MS-Author-Via
Public-Key-Pins
X-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-Powered-CMS
X-Client-IP
X-Edge-O15-RID
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
X-Mrf-Section-Lastmod
Mrf-Cache-Status
MRF-Tech
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Shard
X-Upstream
X-Grace
X-Hp-Webp
X-Jurisdiction
X-Ezoic-Cdn
X-Id
X-Cache-TTL
Front-End-Https
X-Forwarded-For
X-Hits
X-Amz-Meta-S3cmd-Attrs
S
Nel
Fastcgi-Cache
X-T
X-Aspnet-Version
X-Recruiting
X-DynaTrace-JS-Agent
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-FTR-Expires
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend-Server
X-Mobile-URL
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
MicrosoftSharePointTeamServices
X-Varnish-Age
ServerID
X-DIS-Request-ID
TP-Cache
TP-L2-Cache
NR-ENABLED
Server-Node
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Correlation-Id
X-GUploader-UploadID
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-Location
Fastly-Restarts
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Page-Id
X-Zen-Fury
X-Content-Options
Refresh
X-User-Agent
X-Request-Received
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
X-Varnish-Grace
X-Origin-Server
X-Akamai-Edgescape
X-Rid
X-LB-Cache
X-Revision
X-Content-Powered-By
X-B
X-Mobile-Rewrite
PB-RID
PB-PID
Arc-Version
X-Type
X-XRDS-LOCATION
X-B3-Sampled
X-Geo-Country
Cache-Status
X-AppVersion
X-Activity-Id
X-Az
X-Kinsta-Cache
X-NWS-LOG-UUID
X-TT
X-Cache-Action
X-N
X-AOL-HN
X-Jobs
X-Signature
X-Request-Guid
X-WebKit-CSP-Report-Only
X-Framework
X-B-Cache
X-Debug-Info
X-Cached-By
Access-Control-Allow-Method
X-App-Environment
X-Instance
X-Git-Hash
X-PHP-Backend
Actual-Object-TTL
X-FB-Debug
X-Time
X-Tumblr-Pixel
X-Cache-Age
X-Tumblr-Pixel-0
X-Tumblr-User
Paypal-Debug-Id
X-URL
X-Load-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Webkit-Csp
X-Pad
X-Varnish-Backend
DC
Host-Header
X-WA-Info
Host
X-ATG-Version
X-RateLimit-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Shield-Request-Id
MS-CV
X-Via-JSL
Surrogate-Key
X-IPLB-Instance
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Erf-Bev-Bev
Accept-CH
X-Host-Name
X-Kong-Upstream-Latency
X-FastCGI-Cache
X-Kong-Proxy-Latency
Retry-After
Frame-Options
Liferay-Portal
NGB
X-Accel-Buffering
X-Response-Served-From
X-Seen-By
Payment
X-Hostname
Source
X-Cache-NE
X-Srv
X-Varnish-Server
X-NewRelic-App-Data
X-Origin-Response-Time
X-FW-Hash
X-Region
X-Cache-2
WPE-Backend
X-FW-Serve
X-FW-Server
X-FW-Type
X-SS-Set-Cookie
X-FW-Static
X-Cacheable-TTL
X-Rendered-As
X-IPS-LoggedIn
X-Cache-Key
Tracecode
X-Cluster
X-Is-Bot
Eomportal-Instance
Xserver
X-Cache-Enabled
X-Adobe-Content
X-Varnish-Hostname
X-Adobe-Loc
Server-Info
X-Ttl
X-GeoIP
X-Tumblr-Pixel-2
X-Cache-Rule
X-Tumblr-Pixel-1
X-RequestSource
Filters
X-App-Server
X-Cache-Operation
Cache-Tv-Group
X-ProcessESI
FilterID
X-Presslabs-Stats
X-RemovedCookies
Accept-CH-Lifetime
X-EdgeConnect-Cache-Status
X-TX-ID
X-Cache-TTL-Remaining
X-Environment-Context
X-L-Path
X-FireWall-Port
X-B3-Traceid
Cleartype
X-Upgrade-Enabled
X-Analytics
X-Handled-By
Accept-Charset
Ms-Operation-Id
X-Source
X-RTag
X-CACHE-KEY
X-Endurance-Cache-Level
From-Origin
Srv
X-Cache-Server
X-Backend-Name
X-HTML-Minification-Powered-By
X-UA
Datacenter
X-UUID
Healthy
X-Wix-Request-Id
X-PressLabs-Stats
X-Cache-Var
Meta-Geo
X-RN-RSRV
X-Path-Route
X-Dc
X-Cache-Var-Map
X-Unique-Id
X-ES-SERVER
X-Status
X-Proxy-Build
OT-Force-Account-Verify
X-Tb
X-Timing-Wait
Selected-Fe
X-APP-VERSION
X-Daa-Tunnel
X-Proto
X-ShopId
X-Akamai-Request-ID
X-Content-Age
X-ShardId
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PCL
X-Access
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-Format
X-Section
Akamai-GRN
X-EIG-Tracking-Id
X-Request-Time
X-FC-Vary-Parameters
X-OCL
X-Akamai-Transformed
Mn-Server-Ip
X-Alternate-Cache-Key
X-Webapp-Samesite-None-Activated-N
X-Ua-Device
X-BYPASS-REASON
X-Web-Node
X-VWS-Id
X-Viewer-Country
X-Debug-Cache
X-Vgn-Hpd-Reason
X-AWS-Id
Origin-Cache-Control
Decoy-Debug-TTL
Decoy-Debug-Status
Ec-Rule-Version
Cache-Tags
X-Soup
Node
Origin-Edge-Control
X-Hl-Ver
X-Redis-Cache
X-SaId
X-Proxy-Cache-Status
X-ProxyCache-Key
X-Qloud-Router
X-ProxyCache-Status
X-Say-Cacheable
X-Say-TTL
X-Human
X-Hosted-By
X-Hyper-Cache
X-JoinUs
X-SayCDN-TTL
X-LJ-Flow-ID
Version
Decoy-Debug-Key
X-Yottaa-Optimizations
X-Origin
X-Yottaa-Metrics
X-NYM-Debug-Backend
X-Whom
X-FW-Dynamic
X-Generated-By
X-Pubstack
X-ServerID
Cross-Origin-Window-Policy
X-Www-Served-By
X-BCube-Filmed-By
Azure-RegionName
Azure-SiteName
DB-Nickname
Azure-Version
Azure-SlotName
X-Proxy
X-Akamai-Request-ID2
X-FB-TRIP-ID
X-CCM
X-Site-Version
X-Generated
X-Loop
X-Locale
X-TNCMS
X-Storage
Now
Azure-InstanceId
X-Time-Microsecs
NGX
X-Detected-As
X-Xfnlog-Site
X-RCS-CacheZone
X-Varnish-Hits
Webcakes-Region
X-Origin-Hint
Webcakes-App-Version
TWC-Locale-Group
Webcakes-App-Name
TWC-Connection-Speed
TWC-Privacy
S-Rt
X-R9-Blue-Green-Version
TWC-GeoIP-LatLong
X-NCache
TWC-GeoIP-Country
TWC-Device-Class
X-IP
GEO-INFO
Property-Id
X-Cluster-Node
X-Amzn-Remapped-Content-Length
X-Backend-TTL
Cache-Key
X-MP-GENERATED-AT
X-UA-Device-Type
X-RateLimit-Limit
X-NGENIX-Cache
X-Cache-Control
X-Cache-Host
Section-Io-Cache
X-CDN-Forward
X-Mode
X-Esi
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Rule
Webserver
Cache
X-Info
L5d-Success-Class
Time
Content-Disposition
X-UnsetCookies
X-PERF
X-ApacheServer
Cache-Name
X-Varnish-Cache-Hits
Mime-Version
Rt-Fastcgi-Cache
Accept-Language
X-Origin-CC
X-Origin-TTL
X-CS
ServedBy
Viewport
X-Newrelic-Synthetics
Uber-Trace-Id
X-Cache-Remote
X-B3-Spanid
X-Zipkin-Id
X-VCache
X-Routing-Service
Odigeo-Trace-Id
Country
X-Proxied
X-Via-Fastly
X-Device-Type
X-Magnolia-Registration
X-CLOUD-TRACE-CONTEXT
X-Uri
X-EC-Lua
X-From
X-Geo
Filterid
Proxy-Connection
X-Cluster-Name
Geo-Info
X-Real-IP
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
Cf-Ipcountry
HitType
X-Microcachable
X-TT-TIMESTAMP
X-Cache-Time
X-CF-Lambda-Fn
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
X-Rewrite-Enabled
X-PHP-Host
X-Labrador-Cache-Channel
X-Twitter-Response-Tags
X-S-Cookie
X-Destination
X-DPWN-IS-SECURE
X-ScT
X-S
X-Date
X-Rocket-Build-Number
X-Connection-Hash
AsisCache
X-Rojux
X-CF-Lambda-Version
X-Request-UUID
X-A-Dam
X-A-Ccd
X-A-Dcw
X-A-Dgt
X-A-Wwc
Rendered-Blocks
X-A
W
VivaBuild
Viewtype
VIX-Pulpo-Node
T-Server
VIX-Pulpo-Upstream-Status
X-Accel-Expires-Debug
X-Aed
GEO-REGION-INFO
X-B-Cookie
Fastcgi-X-Cache-Version
Content-Style-Type
Content-Script-Type
Machine
X-ARC
Mobile-Detection-Method
X-Region-Sid
Meta-Geo-Continent
MD5-Digest
X-Application
BehaviorPad-Version
X-D
X-Session-Fingerprint
X-Varnish-Beresp-Ttl
X-G
X-VG-WebServer
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Sigma-Backend
X-GeoIP-Country-Code
Xc-Version
X-Vtex-Remote-Cache
X-SRCache-Key
X-Vtex-Processado-Em
X-Transaction
X-External-Request-Id
X-Trv-Group
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebCache
X-Sigma
Group
Cache-Hits
User-Cache-Control
Ohc-File-Size
Environment
X-Thanos
Fastly-SWR
X-Var-Ttl
Fastly-SIE
X-WebServer
X-Cache-Debug
X-Bip
X-Eu-Site
Countrycode
X-Hit
CDCHOST
X-Logging-Id
X-Agile-Id
X-App-Name
X-Rebelmouse-Cache-Control
X-Agile-Age
Powered-By
X-Agile
X-Rebelmouse-Surrogate-Control
X-Wikidot-Backend
X-Backend-State
HA-Ipaddr
X-Cdn-Srv
X-VC-Cache
Locid
IsBot
Ha-Gx-Prefs
X-Cache-Expired-At
X-SIPLIST1
X-OVcl-Cache
X-CGP
X-Clientip
X-TrackingId
X-CUA
X-Distil-CS
X-Geo-Header
X-Wikidot-Static-Cache
X-OVcl
X-GoCache-CacheStatus
X-C
X-App-Version
X-LI-Proto
X-Debug-Cookies
X-LI-UUID
X-NodeID
X-Epic-Correlation-Id
X-Li-Pop
X-Micro-Cache
X-Li-Fabric
X-NX-Host
X-Gen-Mode
X-Debug-Log
X-Origin-Date
X-Dispatcher-Server
X-Distributor
We-Hiring
X-Fastly-Cache
X-Fetched-On
Web-Mar-Node
X-NU-AKA-ACS-Version
V-Age
X-Contensis-Viewer-Groups
X-Instart-Isnd
X-Cache-URL
X-Ms-Request-Id
X-IN-APIGATEWAYSSL
X-Nginx-Cache-Key
X-Cache-Bucket
X-GeoIP-City
X-IN-APIGATEWAY
X-Ms-Version
X-Cache-Info
X-Cache-Tags
X-Hnp-Log
X-Block-Status
X-Generated-In
X-Hash
X-Owner
X-Irp-Debug
X-Origin-Expires
X-Core-Mission
X-Azure-Ref
X-BBXSRF
X-Clara-WADP
X-Developers
X-RateLimit-Remaining-Second
X-Air-Hostname
Fastly-Backend-Name
X-WADP-Cache
X-Request-URI
X-We-Are-Hiring
X-Nc
X-Proxy-Upstream
X-VServer
Mail-Subject
X-Auto-Login
Kp-EeAlive
IBM-Web2-Location
Country-Code
Cache-Host
X-RateLimit-Limit-Second
Gh-Request-Id
X-Platform-Server
Fastly-Soc-X-Request-Id
True-Client-Country-4JS
X-Varnish-Authentication
Adler-Geo
X-Webstats-RespID
Server-Cache-Control
X-Servername
Server-Surrogate-Control
Is-Eu
RNT-Time
RNT-Machine
Request-EU
Server-Int
Server-ID
X-Trace-Id
X-Swa-Ws
Request-Country
X-Up
Pragrma
X-Cache-ASPX
Memcached
X-TH-Server
Platform
X-Variation
S-Cnection
X-Edge-Location
Fastly-SSL
X-Debug-Cache-Expiry
X-SVT-ORM-VERSION
X-Cms-Context
X-SVT-ORM-RULES
Cdncip
X-Thinkindot-L3
X-Trafficlayer-App-Name
X-Trafficlayer-App-Version
Cdnsip
X-Matched-Rule
X-AK-Request-ID
X-Trafficlayer-App-Scope
X-No-Session
X-ServiceProvider
X-Generated-On
X-NC
X-Level-Front-Cache
X-Service
AKAMAI
X-Is-Gdpr
X-FW-Version
Heartbleed
X-JWT-State
X-Gamma-Serve
X-Debug-Cache-Store
Wxu-Next-Commit
Locale
X-Req
PFcat
X-Reboot
Wxu-Next-Region
Wxu-Next-Hostname
X-Has-Esi
FNAC-ModuleRouting
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Core-Value
Thinkindot-Control
Ohc-Cache-HIT
ServerName
Server-Host
X-Tumblr-Pixel-3
X-Debug-Cache-Fetch
X-TT-LOGID
X-Server-W
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-VHOST
X-Nginx-Cache
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Response-By
X-Node-Id
X-SERVER
X-Old-Content-Length
X-Generation-Time
X-Lb-Id
X-Varnish-Cacheable
X-UPSTREAM-Address
X-Sucuri-ID
X-S-Maxage
X-Wa
X-Refresh
User-Agent
RequestId
X-Render-Time
X-Developer
X-CSRF-TOKEN
Powered-By-ChinaCache
X-Cache-Status-Check
X-NWS-UUID-VERIFY
X-Parent-Response-Time
Hostname
X-Cache-Backend
X-Cdn-Origin
X-Tec-Api-Root
X-User
X-Sn-Servicetimems
X-Tec-Api-Version
X-Tec-Api-Origin
X-LAGOON
X-Device-Os
X-Cache-Grace
X-CF-Powered-By
X-Pjax-Url
X-Internal-Host
Origin
X-Ocache
X-Key
X-Ua
On-Server
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
A
X-CSRF-Token
X-TA-CDN-Provider
X-MSEdge-Flight
X-MSEdge-Features
X-Via-CDN
X-Request-Host
Cloudfront-Viewer-Country
Memory
X-Pf-Uncompressing
X-Location
SRV
Geoip-Latitude
Geoip-City
GeoIp-Country-Code
X-NGINX-Cache
PICS-Label
ProcessTime
X-COUNTRY
X-Dynatrace-Js-Agent
X-B3-Parentspanid
X-Varnish-URL
X-Cdn-Forward
X-BACKEND-TTL
X-Vcl-Version
X-Webkit-CSP
Resin-Trace
X-Litespeed-Cache
X-Servedbyhost
TTL
X-Varnish-Ttl
X-Server-IP
XServer
X-TIME
X-Slack-Backend
Dnion-Transfer-Encoding
X-HS-Status
M-TraceId
X-B3-SpanId
Cdn
X-Rocket-Nginx-Bypass
SN
Tcn
X-DC
X-FORWARDED-FOR
Host-ID
X-Cache-FS-Status
Media-Length
Pramga
Arc-Country
X-Server-Time
X-Cdn-Request-ID
X-Dispatch
X-PAYTM-SRV-ID
X-Processor
X-Unique-ID
X-Ratelimit-Remaining
CACHE
X-Beluga-Record
X-Beluga-Response-Time
X-Action
X-Beluga-Node
X-ServedByHost
X-ND-Cache
X-Cache-Ttl
X-VCL-Version
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Cache-Status
X-Skip-Cache
HostName
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Served-From
X-DSS
X-DI
X-DW
X-Edge-Server
Ttl
Cdn-Host
Cdn-Request-Time
X-DB
X-RPM
Fastly-Drupal-HTML
Fusion-Deployment-Id
X-Fastly-Country-Code
Who
X-RSL
X-RPS
Trailer
X-Correlation-ID
GeoIP-Country-Code
N-Cache
X-Via-Ucdn
Pics-Label
X-DevSite-Last-Modified
NtCoent-Length
X-Bc-Bl
X-Datadome
X-Reqid
GeoIP-Latitude
GeoIP-City
X-Adobe-Source
X-ABtesting
X-Flog
X-Hello
X-LiteSpeed-Cache-Control
CF-Cached-On
MIME-Version
X-Oracle-Dms-Rid
X-Varnish-Url
X-Backend-Host
X-AIR-PT
X-VarnishDD-TTL
Esi-Enabled
X-PF-Uncompressing
X-Planisys-CDN-TTL
X-Zone
Cache-Cookie-Set-From
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-APP
X-Ratelimit-Limit
X-Bc
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Sucuri-Id
X-Policy
X-HostName
X-Scheme
X-FPC
WebServer
X-SRV
X-Fmm-Version
X-Fpc
X-Azure-Ref-OriginShield
X-PJAX-URL
X-Request-Start
X-Fastly-Backend-Reqs
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-Amzn-Remapped-Connection
Rt-Proxy-Cache
X-Amzn-Remapped-Date
Processtime
X-BE
Cteonnt-Length
X-Swift-Error
Servername
X-Newrelic-App-Data
X-BC
Magicmarker
Lb
X-Esi-Check
X-SN
FSS-Proxy
X-ZONE
X-Cache-Id
Cache-Provider
X-ID
Sid
X-WA
FSS-Cache
X-WR-MODIFICATION
X-Frame-Option
Dynatrace
CF-IPCountry
X-Method
X-LB-ID
SD-X-WS
X-Snapshot-Date
X-Branch-Name
CDN
X-Cache-NGX
X-StackifyID
X-Gzip
X-SD-PageType
Release
Load-Balancing
Requestid
X-CACHE-AGE
V-Cache
WZWS-RAY
X-Request-Url
X-ECACHE
X-Configured-By
X-Fastly-Cache-Hits
X-SB
X-Cc-Via
X-Cc-Req-Id
X-Wix-Viewer-Type
L
X-Instart-Info
D-Cc-Upstream
X-VCT
X-Compress-Hint
X-VC
X-Aicache-OS
Warning
X-Tid
X-Litespeed-Cache-Control
X-Nananana
WP-Super-Cache
X-Apw-Access-Action
X-ElasticPress-Search
X-Apw-Access-Object
X-Apw-Access-Token
X-Cache-PHP
Request-Time
Proxy-Firewall
X-Worker
X-Powered-Y
X-Fastly-Cache-Status
X-Apw-Hits
X-WPE-Loopback-Upstream-Addr
Cneonction
X-GEO
Ohc-Response-Time
X-Request-URL
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-App