Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
X-FRAME-OPTIONS
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-Envoy-Upstream-Service-Time
X-AH-Environment
X-Backend
X-Via
CF-Ray
X-Age
X-Server
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Ws-Request-Id
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-OneAgent-JS-Injection
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
X-Node
X-Dns-Prefetch-Control
X-Ac
Content-Location
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-ORACLE-DMS-ECID
X-Cache-Lookup
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-RID
X-DataDome
NEL
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
Allow
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-FTR-Request-ID
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
Accept-Ch
X-ESI
Verso
X-Powered-By-Plesk
Content-MD5
Service-Worker-Allowed
X-Url
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-B3-TraceId
X-Kinja-Server
X-GitHub-Request-Id
X-Use-Magma
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja
Edge-Cache-Tag
RTSS
X-D2id
X-Px
X-Debug
AR-PoweredBy
AR-Request-ID
AR-CACHE
Ar-Sid
AR-ATIME
X-Server-Name
X-Abt-Application-Version
SPRequestGuid
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Vcache
X-Cached
X-Accel-Expires
X-MSEdge-Ref
Pagespeed
X-Middleton-Display
Display
X-Middleton-Response
Response
X-Sol
X-Vcap-Request-Id
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Pinterest-Rid
Pinterest-Version
TCN
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
X-Cdn
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
Nginx-Cache
S
X-DynaTrace-JS-Agent
X-Shard
X-Upstream
SPIisLatency
SPRequestDuration
X-Server-ID
X-Id
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Edge-O15-RID
X-Amzn-Trace-Id
X-Forwarded-For
X-Grace
X-T
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
DynaTrace
X-Hits
X-Recruiting
Fastcgi-Cache
Nel
X-Varnish-Age
X-Aspnet-Version
ServerID
X-Dw-Request-Base-Id
X-Cache-TTL
MicrosoftSharePointTeamServices
X-Node-Name
X-Element-Page-Cache
X-DIS-Request-ID
X-Mobile-URL
X-Jurisdiction
X-FTR-Expires
X-FTR-Cache-Status
X-Content-Digest
X-Country-Code-Real
NR-ENABLED
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-Frontend
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
Powered
Server-Node
Alternate-Protocol
TP-Cache
TP-L2-Cache
Server-Name
X-Logged-In
X-Correlation-Id
X-Request-Processing-Time
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Request-Handler-Origin-Region
X-Microsite
X-Amzn-RequestId
X-CST
Backend-Timing
X-ATS-Timestamp
X-Amz-Apigw-Id
X-Cache-Hit
X-XRDS-Location
X-Content-Options
X-Page-Id
X-Origin-Server
X-Content-Security-Policy-Report-Only
Refresh
X-Webkit-Csp
X-User-Agent
X-Akamai-Edgescape
X-Revision
X-F-Cache
X-Rid
X-Varnish-Grace
X-Type
X-XRDS-LOCATION
Fastly-Restarts
X-Zen-Fury
X-Content-Powered-By
X-LB-Cache
X-B3-Sampled
X-B
X-FTR-Cache-Host
X-Shield-Request-Id
X-Az
X-Geo-Country
X-Activity-Id
X-AppVersion
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-URL
X-N
Cache-Status
X-Kinsta-Cache
X-Pad
X-TT
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Instance
X-Cache-Age
X-Webapp-Samesite-None-Activated-N
X-Time
X-Framework
X-Jobs
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Signature
Actual-Object-TTL
X-B-Cache
X-Tumblr-User
X-Request-Guid
X-App-Environment
Access-Control-Allow-Method
X-Cache-Action
X-Debug-Info
X-PHP-Backend
X-FB-Debug
X-Load-Cache
DC
X-Cached-By
X-Git-Hash
X-RateLimit-Remaining
X-Analytics
X-Varnish-Backend
X-Tt-Trace-Tag
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Erf-Bev-Bev
X-Tt-Trace-Host
X-Amz-Replication-Status
Host-Header
FilterID
X-IPLB-Instance
X-Contextid
MS-CV
X-ATG-Version
X-SS-Set-Cookie
X-Cache-Key
X-WA-Info
X-Cluster
Tracecode
Host
Accept-CH
X-Mobile
X-Response-Served-From
NGB
X-Accel-Buffering
X-FastCGI-Cache
X-Via-JSL
X-Host-Name
WPE-Backend
X-ORACLE-APMCS-TAG
Payment
X-VCache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-REQUEST-ID
X-Cache-NE
X-Srv
Frame-Options
X-Cache-2
Source
X-FW-Static
X-Varnish-Server
X-FW-Type
X-Region
X-FW-Serve
X-FW-Server
X-FW-Hash
Eomportal-Instance
X-Tumblr-Pixel-1
X-Varnish-Hostname
X-NWS-LOG-UUID
X-Cache-Enabled
Cache-Tv-Group
X-Rendered-As
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Cacheable-TTL
X-GeoIP
Filters
X-Is-Bot
X-Cache-Operation
X-Adobe-Content
X-Presslabs-Stats
X-B3-Traceid
X-Adobe-Loc
X-Cache-Rule
X-Origin-Response-Time
X-NewRelic-App-Data
X-RequestSource
X-TX-ID
X-Hostname
Xserver
X-Ttl
X-Seen-By
X-EdgeConnect-Cache-Status
Retry-After
Cleartype
Server-Info
X-Cache-TTL-Remaining
Accept-CH-Lifetime
X-Ruxit-Js-Agent
X-ProcessESI
X-RemovedCookies
X-UA
Liferay-Portal
X-Dc
X-HTML-Minification-Powered-By
Cache
X-RTag
Ms-Operation-Id
Datacenter
X-Source
X-App-Server
X-FireWall-Port
X-L-Path
X-Environment-Context
X-Cache-Control
Healthy
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Cache-Server
From-Origin
X-Handled-By
X-CACHE-KEY
X-Backend-Name
X-APP-VERSION
X-Status
Version
X-Path-Route
X-RN-RSRV
X-PressLabs-Stats
X-Rule
Srv
Meta-Geo
X-Cache-Var-Map
X-Wix-Request-Id
X-ES-SERVER
X-Cache-Var
X-Proxy-Build
X-RateLimit-Limit
OT-Force-Account-Verify
Selected-Fe
X-Section
X-Tb
X-Access
X-Timing-Wait
X-Format
Cache-Tags
Mn-Server-Ip
X-Storage
Azure-RegionName
X-Content-Age
X-EIG-Tracking-Id
X-Alternate-Cache-Key
X-UUID
Akamai-GRN
Azure-SlotName
Azure-SiteName
Azure-InstanceId
Azure-Version
X-OCL
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-PCL
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Proto
X-ShardId
X-Akamai-Request-ID
X-ShopId
X-Origin
X-Request-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Akamai-Request-ID2
X-Web-Node
X-Time-Microsecs
X-SaId
X-AWS-Id
X-ServerID
Ec-Rule-Version
X-Cache-Config
Origin-Edge-Control
DB-Nickname
X-FW-Dynamic
Decoy-Debug-Key
Decoy-Debug-Status
NGX
Decoy-Debug-TTL
Now
X-Vgn-Hpd-Reason
X-NYM-Debug-Backend
X-VWS-Id
X-Yottaa-Optimizations
X-Viewer-Country
Origin-Cache-Control
X-FC-Vary-Parameters
X-BYPASS-REASON
X-Pubstack
X-Qloud-Router
X-ProxyCache-Status
X-Hosted-By
X-JoinUs
X-LJ-Flow-ID
X-Yottaa-Metrics
X-Proxy
X-MP-GENERATED-AT
X-Generated-By
X-ProxyCache-Key
X-Proxy-Cache-Status
X-Soup
X-Hl-Ver
Node
GEO-INFO
X-Redis-Cache
X-Cluster-Node
X-Hyper-Cache
X-Debug-Cache
X-Human
S-Rt
X-Site-Version
X-IP
X-Varnish-Hits
X-SayCDN-TTL
X-Locale
X-Origin-Hint
TWC-GeoIP-LatLong
X-BCube-Filmed-By
Webcakes-Region
Webcakes-App-Version
X-Www-Served-By
X-Detected-As
X-CCM
X-Cache-Host
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
X-Say-TTL
Property-Id
TWC-Device-Class
TWC-GeoIP-Country
X-Say-Cacheable
TWC-Locale-Group
X-Generated
Cross-Origin-Window-Policy
Accept-Charset
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-Loop
X-TNCMS
X-Akamai-Transformed
X-RCS-CacheZone
X-FB-TRIP-ID
X-Amzn-Remapped-Content-Length
L5d-Success-Class
X-NCache
X-CS
Cache-Name
Viewport
X-Unique-Id
X-Drupal-Cache-Tags
Uber-Trace-Id
X-Trafficlayer-App-Name
Webserver
Time
X-Trafficlayer-App-Scope
X-Esi
X-UA-Device-Type
Cache-Key
X-UnsetCookies
X-Cache-Remote
X-Mode
X-From
X-Forwarded-Host
X-Backend-TTL
Accept-Language
VIX-Pulpo-Node
X-CDN-Forward
VIX-Pulpo-Upstream-Status
Mime-Version
X-Origin-TTL
Rt-Fastcgi-Cache
X-Origin-CC
Country
X-Whom
X-Drupal-Cache-Contexts
X-Daa-Tunnel
X-Info
X-Cluster-Name
Odigeo-Trace-Id
X-Magnolia-Registration
X-Newrelic-Synthetics
X-Microcachable
X-Varnish-Cache-Hits
X-TT-TIMESTAMP
X-NGENIX-Cache
X-PERF
X-B3-Spanid
X-ApacheServer
X-Edge-Location
X-Geo
Content-Disposition
ServedBy
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
Proxy-Connection
X-Proxied
X-Routing-Service
X-Zipkin-Id
Ohc-File-Size
X-Device-Type
Ohc-Cache-HIT
X-UPSTREAM-Address
X-Via-Fastly
X-Uri
X-No-Session
Section-Io-Cache
X-A-Dcw
X-Accel-Expires-Debug
X-Application
X-Aed
X-A-Dgt
X-ARC
X-A-Wwc
MD5-Digest
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
GEO-REGION-INFO
BehaviorPad-Version
AsisCache
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Machine
Meta-Geo-Continent
VivaBuild
W
X-A
X-A-Ccd
Cf-Ipcountry
Viewtype
Mobile-Detection-Method
Rendered-Blocks
T-Server
X-A-Dam
X-CF-Lambda-Version
X-S-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-Sigma
X-Rocket-Build-Number
X-Rewrite-Enabled
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-G
X-Rojux
X-Destination
Apple-News-Services-Host
X-Connection-Hash
X-Date
X-D
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-External-Request-Id
X-B-Cookie
HitType
X-Nc
X-C
X-PHP-Host
X-Labrador-Cache-Channel
User-Cache-Control
Gh-Request-Id
X-Wikidot-Backend
X-VC-Cache
X-Varnish-Authentication
X-Wikidot-Static-Cache
X-Tumblr-Pixel-3
X-Agile-Age
X-WebServer
X-Backend-State
X-Agile-Id
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
X-App-Name
CDCHOST
X-Bip
Environment
X-Thanos
X-Developers
Server-Surrogate-Control
Server-Cache-Control
X-Auto-Login
X-Distil-CS
X-Real-IP
X-Eu-Site
X-Hit
X-Logging-Id
Powered-By
X-CUA
Locid
IsBot
X-Agile
X-Cache-ASPX
X-TrackingId
X-CGP
X-SIPLIST1
X-Cache-Debug
HA-Ipaddr
X-Contensis-Viewer-Groups
X-Cache-Backend
X-Cache-Time
Geo-Info
X-GoCache-CacheStatus
AKAMAI
X-Block-Status
X-Cache-URL
X-Cache-Info
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Cache-Bucket
X-Cdn-Srv
X-Core-Mission
X-Render-Time
X-Debug-Cache-Expiry
X-Request-URI
X-Cms-Context
X-Server-W
X-Clara-WADP
X-Swa-Ws
X-Trace-Id
X-Webstats-RespID
X-NodeID
X-Urbn-Site-Id
Access-Control-Request-Headers
Fastly-SSL
Memcached
IBM-Web2-Location
X-Tec-Api-Origin
X-Urbn-Context-Path
X-Azure-Ref
X-Debug-Cache-Fetch
X-TT-LOGID
X-Tec-Api-Version
X-AK-Request-ID
X-Tec-Api-Root
X-BBXSRF
X-Debug-Cookies
X-Origin-Date
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Hnp-Log
X-Hash
X-GeoIP-City
X-Origin-Expires
X-Instart-Isnd
X-Irp-Debug
X-Ms-Version
X-Nginx-Cache-Key
X-Ms-Request-Id
X-Micro-Cache
X-Key
X-NX-Host
X-OVcl
X-Generation-Time
X-Distributor
X-RateLimit-Limit-Second
X-Epic-Correlation-Id
X-RateLimit-Remaining-Second
X-Dispatcher-Server
Web-Mar-Node
X-Debug-Log
X-Proxy-Upstream
X-Owner
X-Gen-Mode
X-Generated-In
X-Gamma-Serve
X-OVcl-Cache
X-Fastly-Cache
X-Fetched-On
X-Debug-Cache-Store
X-WADP-Cache
Fastly-Backend-Name
X-Rebelmouse-Cache-Control
We-Hiring
X-Rebelmouse-Surrogate-Control
Server-Int
X-Varnish-Beresp-Status
X-VServer
Fastly-SWR
X-Clientip
RNT-Machine
Request-EU
X-TH-Server
RNT-Time
Locale
X-Varnish-Beresp-Ttl
Request-Country
X-LI-UUID
X-Varnish-Beresp-Grace
Countrycode
Cdncip
X-FW-Version
Kp-EeAlive
Fastly-SIE
Cache-Host
X-User
X-Li-Fabric
Cdnsip
Mail-Subject
Country-Code
X-We-Are-Hiring
True-Client-Country-4JS
X-LI-Proto
V-Age
X-Li-Pop
Heartbleed
X-App-Version
Is-Eu
Platform
X-Cache-Tags
X-Has-Esi
X-Internal-Host
X-Generated-On
X-Variation
X-Up
X-Level-Front-Cache
X-Old-Content-Length
X-Matched-Rule
X-Servername
FNAC-ModuleRouting
X-JWT-State
ServerName
X-NU-AKA-ACS-Version
X-Platform-Server
X-Is-Gdpr
PFcat
Thinkindot-Control
X-ServiceProvider
X-Service
X-Sucuri-Cache
X-Reboot
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Server-ID
Server-Host
X-Req
Wxu-Next-Commit
X-Trafficlayer-App-Version
X-Core-Value
Adler-Geo
Wxu-Next-Region
Wxu-Next-Hostname
X-Thinkindot-L3
X-Oneagent-Js-Injection
Cache-Hits
X-Lb-Id
X-TA-CDN-Provider
X-S-Maxage
X-Response-By
X-Nginx-Cache
X-Refresh
X-SERVER
X-Air-Hostname
X-Location
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Cache-Expired-At
Group
RequestId
X-Var-Ttl
Pragrma
X-B3-Parentspanid
S-Cnection
X-CSRF-TOKEN
Memory
X-CF-Powered-By
X-Cdn-Forward
Filterid
X-B3-SpanId
X-BACKEND-TTL
X-NC
Powered-By-ChinaCache
ProcessTime
Origin
X-Wa
User-Agent
X-Pjax-Url
X-CSRF-Token
Geoip-Latitude
X-Server-IP
X-Pf-Uncompressing
X-Sucuri-ID
Geoip-City
X-NWS-UUID-VERIFY
X-Varnish-Cacheable
TTL
GeoIp-Country-Code
X-NGINX-Cache
X-Correlation-ID
SRV
X-Unique-ID
X-Ua
Media-Length
X-Cdn-Request-ID
X-Vcl-Version
X-Via-CDN
PICS-Label
X-COUNTRY
X-Developer
X-Sucuri-Id
X-Rocket-Nginx-Bypass
X-Servedbyhost
X-LAGOON
X-Device-Os
X-Node-Id
X-Ocache
XServer
X-Cdn-Origin
X-Sn-Servicetimems
X-Cache-Grace
On-Server
X-Litespeed-Cache
X-Webkit-CSP
SN
Dnion-Transfer-Encoding
X-AIR-PT
Esi-Enabled
X-Cache-Status-Check
X-Via-Ucdn
M-TraceId
X-HS-Status
X-Reqid
X-MSEdge-Flight
X-MSEdge-Features
X-Request-Host
X-Varnish-Ttl
A
X-Oss-Request-Id
Hostname
X-TIME
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Planisys-CDN-TTL
X-Policy
X-Planisys-CDN-Cache
Cloudfront-Viewer-Country
Tcn
X-Planisys-CDN-Rules
X-FORWARDED-FOR
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Status
X-Beluga-Trace
X-Request-Start
X-Beluga-Cache-Status
Cdn
Resin-Trace
X-Beluga-Node
X-Azure-Ref-OriginShield
X-Ratelimit-Remaining
HostName
Rt-Proxy-Cache
Who
X-ServedByHost
X-Fastly-Country-Code
X-Cache-Ttl
X-Ftr-Cache-Host
X-VHOST
X-Varnish-URL
CF-Cached-On
Host-ID
Magicmarker
X-VCL-Version
X-Method
Cteonnt-Length
Pics-Label
MIME-Version
NtCoent-Length
GeoIP-Country-Code
X-APP
X-Slack-Backend
Ttl
X-Oracle-Dms-Rid
X-Fastly-Backend-Reqs
X-DW
X-RPM
X-RPS
X-Bc
X-RSL
X-Zone
X-Varnish-Url
X-DB
X-DI
X-DSS
X-Action
GeoIP-Latitude
X-DC
X-LiteSpeed-Cache-Control
Load-Balancing
X-Svr
X-VarnishDD-TTL
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Dispatch
X-Processor
X-Skip-Cache
X-Newrelic-App-Data
X-FPC
Pramga
GeoIP-City
X-Ratelimit-Limit
X-Swift-Error
X-PF-Uncompressing
Arc-Country
X-Server-Time
CACHE
X-Be
X-PJAX-URL
Ohc-Response-Time
X-HostName
X-SRV
Processtime
DSUID
Vix-Hermes-Req-Id
X-Hello
X-ND-Cache
X-Ftr-Request-Id
X-Flog
WebServer
X-ABtesting
Amp-Access-Control-Allow-Source-Origin
X-MServer
Release
X-VCT
N-Cache
X-Hp-Ccpa-Warning
X-Dynatrace
X-Edge-Server
Cdn-Request-Time
X-DevSite-Last-Modified
Fastly-Drupal-HTML
X-Served-From
X-BE
Cdn-Host
CF-IPCountry
Servername
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
Cache-Provider
X-Configured-By
CDN
X-WA
X-Aicache-OS
X-ID
X-ZONE
X-Tid
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Requestid
X-Bc-Bl
X-Frame-Option
Lfy
X-StackifyID
X-Ftr-Dc
Dynatrace
X-Ftr-Balancer
X-Ftr-Realm
X-Upstream-Ht
X-Backend-Host
SD-X-WS
X-Snapshot-Date
X-LB-ID
X-Branch-Name
X-BC
X-Upstream-Ct
X-Ftr-Backend-Server
X-Ftr-Backend
Pagetype
X-SD-PageType
X-Fastly-Cache-Hits
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-CACHE-AGE
WZWS-RAY
L
X-Cc-Via
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
Proxy-Firewall
X-Edge-IP
X-Compress-Hint
X-SN
X-Cache-Id
X-Varnish-Beresp-TTL
X-Request-Url
X-Apw-Access-Action
X-SB
D-Cc-Upstream
V-Cache
Warning
X-Cc-Req-Id
X-VC
X-Litespeed-Cache-Control
X-Check-Cacheable
X-Release
FSS-Proxy
Server-Id
FSS-Cache
Cneonction
X-WPE-Loopback-Upstream-Addr
X-Via-NSCOPI
X-ServerName
X-Powered-Y
X-Fastly-Cache-Status
X-Worker
X-ElasticPress-Search
X-Request-URL
X-App
WP-Super-Cache
Backend-Name
Correlation-Id
Lb