Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
X-XSS-Protection
CF-Cache-Status
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Xss-Protection
X-DNS-Prefetch-Control
X-Template
X-Language
CF-Ray
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
P3p
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Ruxit-JS-Agent
X-Cache-Lookup
X-Application-Context
X-HW
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
Edge-Control
X-Clacks-Overhead
Rating
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
X-ESI
Verso
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Kinja
X-Use-Magma
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Revision
X-Vcache
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Server
X-Version
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Server-ID
X-Px
AR-PoweredBy
Ar-Sid
AR-ATIME
AR-Request-ID
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Middleton-Display
X-Sol
X-Middleton-Response
Pagespeed
Response
Display
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
X-VARITI-CCR
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Public-Key-Pins
X-Fastly-Request-ID
X-Edge-O15-RID
Realpath
Cache-Tag
X-Trace
X-Cdn
X-Client-IP
Nginx-Cache
MS-Author-Via
X-Ser
Access-Control-Request-Method
MRF-Tech
Mrf-Cache-Status
X-Content-Type
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-Shard
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Id
X-Jurisdiction
X-Hp-Webp
S
X-Upstream
X-Ezoic-Cdn
X-Grace
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-T
X-Hits
Fastcgi-Cache
X-Cache-TTL
DynaTrace
X-Recruiting
Nel
X-Aspnet-Version
X-Varnish-Age
X-Element-Page-Cache
X-Node-Name
ServerID
X-Content-Digest
X-Mobile-URL
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend-Server
MicrosoftSharePointTeamServices
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-Dw-Request-Base-Id
X-DIS-Request-ID
Server-Node
NR-ENABLED
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Frontend
TP-L2-Cache
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
TP-Cache
X-Goog-Metageneration
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-Restarts
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Hit
X-ATS-Timestamp
Backend-Timing
X-Request-Processing-Time
X-XRDS-Location
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Content-Options
X-User-Agent
X-Page-Id
Refresh
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Origin-Server
X-Zen-Fury
X-Akamai-Edgescape
X-Rid
X-XRDS-LOCATION
X-Varnish-Grace
X-Revision
X-Type
X-B
X-LB-Cache
X-Content-Powered-By
X-Webkit-Csp
PB-PID
PB-RID
X-B3-Sampled
Arc-Version
X-Mobile-Rewrite
X-Geo-Country
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-URL
X-Kinsta-Cache
X-N
X-TT
X-Cache-Action
X-Cache-Age
X-AOL-HN
X-Signature
X-Jobs
X-B-Cache
X-WebKit-CSP-Report-Only
X-Framework
Access-Control-Allow-Method
X-Debug-Info
X-Time
X-Instance
X-FB-Debug
X-Tumblr-Pixel
Paypal-Debug-Id
X-Tumblr-User
X-Tumblr-Pixel-0
Actual-Object-TTL
X-PHP-Backend
X-Cached-By
X-Request-Guid
X-App-Environment
X-Load-Cache
X-Git-Hash
X-Shield-Request-Id
Fastcgi-Useragent
X-Pad
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-NWS-LOG-UUID
X-Varnish-Backend
Host-Header
X-RateLimit-Remaining
Surrogate-Key
X-ATG-Version
X-IPLB-Instance
X-WA-Info
MS-CV
Host
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-REQUEST-ID
X-Erf-Bev-Bev
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Accept-CH
X-Host-Name
X-Accel-Buffering
NGB
X-Response-Served-From
X-Cache-Key
Payment
Frame-Options
X-SS-Set-Cookie
X-FastCGI-Cache
X-Cache-NE
Tracecode
X-Cluster
X-Origin-Response-Time
Xserver
X-Cache-2
X-Region
X-Varnish-Server
Eomportal-Instance
Source
Retry-After
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
WPE-Backend
X-GeoIP
X-Hostname
Filters
Cache-Tv-Group
X-IPS-LoggedIn
X-Presslabs-Stats
X-Adobe-Content
X-Adobe-Loc
X-Varnish-Hostname
X-Cacheable-TTL
X-Cache-Operation
X-Cache-Enabled
X-Is-Bot
X-Seen-By
X-Tumblr-Pixel-2
X-Cache-Rule
X-Rendered-As
X-Tumblr-Pixel-1
X-Analytics
X-NewRelic-App-Data
X-RequestSource
X-Srv
FilterID
X-Webapp-Samesite-None-Activated-N
Liferay-Portal
Server-Info
X-TX-ID
X-EdgeConnect-Cache-Status
X-RemovedCookies
X-ProcessESI
X-Cache-TTL-Remaining
X-App-Server
Accept-CH-Lifetime
Cleartype
X-Dc
X-L-Path
X-Environment-Context
X-B3-Traceid
X-FireWall-Port
X-Upgrade-Enabled
X-Handled-By
X-Endurance-Cache-Level
X-Source
X-RTag
Ms-Operation-Id
X-CACHE-KEY
X-Cache-Server
X-HTML-Minification-Powered-By
From-Origin
X-UA
Datacenter
Srv
X-Backend-Name
Accept-Charset
X-UUID
X-APP-VERSION
X-Path-Route
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
Meta-Geo
X-Section
X-Timing-Wait
X-Tb
X-Access
X-Wix-Request-Id
Selected-Fe
X-Proxy-Build
OT-Force-Account-Verify
X-Format
X-Proto
X-ShardId
X-Request-Time
X-ShopId
X-Alternate-Cache-Key
X-Content-Age
X-Cache-Config
X-Akamai-Request-ID
Cache-Tags
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
Mn-Server-Ip
X-PressLabs-Stats
GEO-INFO
X-Akamai-Transformed
X-AWS-Id
X-BYPASS-REASON
X-SaId
X-Yottaa-Metrics
X-ServerID
X-Akamai-Request-ID2
Node
X-VWS-Id
X-Vgn-Hpd-Reason
Akamai-GRN
Ec-Rule-Version
X-Proxy-Cache-Status
NGX
X-Soup
X-Status
X-FC-Vary-Parameters
X-Yottaa-Optimizations
Version
X-NYM-Debug-Backend
X-LJ-Flow-ID
X-OCL
X-Origin
X-ProxyCache-Key
X-ProxyCache-Status
X-PCL
X-JoinUs
X-Qloud-Router
X-Hl-Ver
Decoy-Debug-TTL
Decoy-Debug-Status
X-Say-Cacheable
X-Pubstack
X-Debug-Cache
Decoy-Debug-Key
X-Say-TTL
X-Storage
Cross-Origin-Window-Policy
X-Proxy
DB-Nickname
X-FB-TRIP-ID
X-Cluster-Node
X-CCM
X-Time-Microsecs
X-BCube-Filmed-By
X-Hyper-Cache
X-Human
X-Loop
X-MP-GENERATED-AT
Now
X-Hosted-By
Origin-Cache-Control
Origin-Edge-Control
X-FW-Dynamic
X-SayCDN-TTL
Healthy
X-Www-Served-By
X-Web-Node
X-Viewer-Country
X-TNCMS
X-Cache-Control
Property-Id
TWC-Locale-Group
TWC-GeoIP-LatLong
X-R9-Blue-Green-Version
TWC-Device-Class
TWC-Connection-Speed
Webcakes-App-Name
X-RCS-CacheZone
X-Redis-Cache
X-Generated-By
X-Generated
X-Amzn-Remapped-Content-Length
X-Site-Version
X-Locale
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
TWC-GeoIP-Country
Azure-Version
X-Origin-Hint
X-Xfnlog-Site
X-Varnish-Hits
Azure-SlotName
Azure-InstanceId
Azure-SiteName
Azure-RegionName
S-Rt
X-Detected-As
X-NCache
X-RateLimit-Limit
X-IP
X-Cache-Host
Cache
Cache-Key
X-Whom
X-Rule
X-Unique-Id
X-Drupal-Cache-Tags
X-VCache
L5d-Success-Class
X-NGENIX-Cache
Webserver
X-UA-Device-Type
X-Esi
X-Forwarded-Host
X-Mode
X-Daa-Tunnel
Cache-Name
Viewport
X-CS
Time
X-UnsetCookies
Mime-Version
Uber-Trace-Id
Content-Disposition
X-Info
Section-Io-Cache
X-VHOST
Accept-Language
X-Origin-TTL
X-Origin-CC
Rt-Fastcgi-Cache
X-ApacheServer
X-PERF
Country
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
ServedBy
X-B3-Spanid
X-Cache-Remote
Odigeo-Trace-Id
X-Backend-TTL
X-From
X-EC-Lua
X-Proxied
X-Magnolia-Registration
X-Zipkin-Id
X-Routing-Service
X-Device-Type
X-CDN-Forward
X-Nc
X-Cluster-Name
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-Drupal-Cache-Contexts
X-Uri
X-Microcachable
X-TT-TIMESTAMP
Proxy-Connection
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Filterid
X-Ttl
X-Geo
Access-Control-Request-Headers
Geo-Info
Ohc-File-Size
Cf-Ipcountry
HitType
X-External-Request-Id
W
X-G
X-Region-Sid
Viewtype
VivaBuild
X-A-Ccd
X-Varnish-Beresp-Grace
X-Request-UUID
X-A-Dcw
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Vtex-Remote-Cache
T-Server
X-A-Dam
X-A
Xc-Version
AsisCache
BehaviorPad-Version
X-Session-Fingerprint
Content-Script-Type
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Real-IP
Apple-News-Services-Handled
Apple-News-Services-Host
Content-Style-Type
Fastcgi-X-Cache-Version
X-Rewrite-Enabled
X-GeoIP-Country-Code
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
GEO-REGION-INFO
Machine
MD5-Digest
X-Geo-Header
X-Vtex-Processado-Em
X-ARC
X-VG-WebServer
X-B-Cookie
X-Application
X-ScT
X-Transaction
X-S-Cookie
X-TA-CDN-Provider
X-Destination
X-D
X-Sigma-Backend
X-Sigma
X-SRCache-Key
X-Connection-Hash
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-S
X-DPWN-IS-SECURE
X-Rocket-Build-Number
X-A-Wwc
X-Trv-Group
X-Rojux
X-Date
X-A-Dgt
X-VG-WebCache
X-VG-TLSProxy
X-Vdms-Version
X-Aed
X-Accel-Expires-Debug
X-Twitter-Response-Tags
X-C
X-CGP
X-Cache-Debug
CDCHOST
X-App-Name
X-Clientip
Powered-By
X-Labrador-Cache-Channel
X-PHP-Host
X-Eu-Site
X-Agile-Id
X-CUA
Countrycode
Environment
HA-Ipaddr
Ha-Gx-Prefs
IsBot
Locid
X-Distil-CS
X-Bip
X-Developers
Fastly-SIE
X-Hit
Fastly-Soc-X-Request-Id
Fastly-SWR
X-Agile-Age
X-Agile
X-Logging-Id
X-WebServer
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Thanos
X-SIPLIST1
X-VC-Cache
X-No-Session
X-Cache-Time
User-Cache-Control
Fastly-SSL
X-GoCache-CacheStatus
X-TH-Server
X-Gamma-Serve
Group
V-Age
True-Client-Country-4JS
Server-Surrogate-Control
X-Cdn-Srv
X-Generated-In
Server-Cache-Control
Request-EU
Request-Country
X-GeoIP-City
X-SVT-ORM-VERSION
RNT-Machine
RNT-Time
Server-ID
X-Debug-Cookies
X-Swa-Ws
Server-Int
X-Debug-Log
X-Cache-ASPX
X-Epic-Correlation-Id
X-Air-Hostname
X-Tumblr-Pixel-3
X-Servername
X-Auto-Login
X-Distributor
X-Trace-Id
X-TrackingId
X-Azure-Ref
X-Up
X-Urbn-Context-Path
X-Var-Ttl
X-Wikidot-Backend
X-Fetched-On
We-Hiring
X-Request-URI
X-VServer
X-Urbn-Site-Id
X-Variation
X-Varnish-Authentication
X-Cache-Tags
Platform
X-OVcl
X-Backend-State
X-Origin-Expires
X-Li-Pop
X-Cache-Expired-At
X-OVcl-Cache
X-Li-Fabric
X-Dispatcher-Server
X-JWT-State
X-Contensis-Viewer-Groups
X-Core-Mission
Country-Code
X-Origin-Date
X-Ms-Version
X-Ms-Request-Id
AKAMAI
Adler-Geo
X-Nginx-Cache-Key
Cache-Host
X-NX-Host
X-LI-Proto
X-LI-UUID
X-NodeID
Gh-Request-Id
X-Is-Gdpr
Mail-Subject
X-IN-APIGATEWAYSSL
X-RateLimit-Limit-Second
X-Owner
X-SVT-ORM-RULES
X-IN-APIGATEWAY
X-Has-Esi
X-Hash
X-Wikidot-Static-Cache
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Instart-Isnd
Heartbleed
Locale
Is-Eu
X-Platform-Server
Kp-EeAlive
IBM-Web2-Location
X-Cms-Context
X-UPSTREAM-Address
X-Edge-Location
X-Thinkindot-L3
X-Debug-Cache-Store
X-ServiceProvider
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Service
X-Generated-On
X-Irp-Debug
Cache-Hits
X-Hnp-Log
X-Webstats-RespID
Fastly-Backend-Name
X-Level-Front-Cache
X-Matched-Rule
X-Micro-Cache
X-NU-AKA-ACS-Version
Pragrma
X-Generation-Time
X-Reboot
X-TT-LOGID
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-WADP-Cache
X-Fastly-Cache
X-Gen-Mode
X-Req
X-FW-Version
X-We-Are-Hiring
X-Server-W
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Cdncip
Web-Mar-Node
Wxu-Next-Commit
Server-Host
Cdnsip
FNAC-ModuleRouting
X-Nginx-Cache
X-Core-Value
Memcached
PFcat
Ohc-Cache-HIT
Thinkindot-Control
Wxu-Next-Region
X-Cache-Info
X-Cache-URL
X-Clara-WADP
X-BBXSRF
X-Block-Status
X-AK-Request-ID
ServerName
S-Cnection
X-App-Version
X-Lb-Id
X-Old-Content-Length
X-Cache-Bucket
X-Render-Time
X-S-Maxage
X-Cache-Backend
RequestId
X-SERVER
X-Refresh
X-User
X-Response-By
X-Internal-Host
Powered-By-ChinaCache
X-BACKEND-TTL
X-Key
X-Wa
X-Varnish-Cacheable
X-Sucuri-Cache
X-CSRF-TOKEN
X-Cdn-Forward
X-Sucuri-ID
X-Pjax-Url
X-Ua
X-Tb-Optimization-Total-Bytes-Saved
X-Node-Id
X-CF-Powered-By
X-Parent-Response-Time
X-Tec-Api-Version
Origin
X-Tec-Api-Origin
X-Location
X-Tec-Api-Root
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-CSRF-Token
X-Developer
User-Agent
X-Correlation-ID
X-Cache-Status-Check
X-NC
X-Pf-Uncompressing
X-Device-Os
X-LAGOON
X-Cache-Grace
ProcessTime
X-Cdn-Origin
X-Sn-Servicetimems
X-B3-Parentspanid
Hostname
Memory
TTL
X-NWS-UUID-VERIFY
X-Ocache
Geoip-Latitude
Geoip-City
X-Via-CDN
SRV
X-Unique-ID
GeoIp-Country-Code
X-Vcl-Version
PICS-Label
A
On-Server
X-MSEdge-Features
X-MSEdge-Flight
X-NGINX-Cache
Cloudfront-Viewer-Country
X-Request-Host
X-Server-IP
X-COUNTRY
X-B3-SpanId
X-Servedbyhost
M-TraceId
X-Webkit-CSP
X-Litespeed-Cache
X-Ratelimit-Remaining
X-Varnish-Ttl
Media-Length
X-Varnish-URL
X-Rocket-Nginx-Bypass
Cdn
X-Cdn-Request-ID
SN
XServer
X-TIME
X-Ruxit-Js-Agent
Dnion-Transfer-Encoding
Resin-Trace
X-HS-Status
CACHE
Tcn
X-FORWARDED-FOR
X-Via-Ucdn
X-ServedByHost
Host-ID
X-Action
X-Beluga-Response-Time
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Record
Who
X-Beluga-Status
X-Beluga-Trace
X-Cache-Ttl
X-Slack-Backend
HostName
X-Sucuri-Id
X-Dispatch
X-Cache-FS-Status
Esi-Enabled
X-PAYTM-SRV-ID
X-Processor
X-Server-Time
X-Fastly-Country-Code
X-Reqid
Pramga
X-RPM
X-DSS
X-DI
X-DB
X-RPS
X-DW
X-AIR-PT
X-RSL
Arc-Country
Pics-Label
X-ABtesting
X-Planisys-CDN-TTL
GeoIP-Country-Code
X-Skip-Cache
X-Planisys-CDN-Rules
X-Policy
X-Planisys-CDN-Cache
X-Hello
X-ND-Cache
X-Flog
CF-Cached-On
GeoIP-City
Amp-Access-Control-Allow-Source-Origin
Cdn-Host
X-Served-From
Cdn-Request-Time
Fastly-Drupal-HTML
X-VCL-Version
GeoIP-Latitude
X-Azure-Ref-OriginShield
X-Request-Start
X-VarnishDD-TTL
X-Edge-Server
X-LiteSpeed-Cache-Control
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
X-Ratelimit-Limit
Section-Io-Id
MIME-Version
X-Oracle-Dms-Rid
X-DevSite-Last-Modified
X-PF-Uncompressing
N-Cache
X-Bc
Ttl
X-Zone
NtCoent-Length
X-Bc-Bl
Rt-Proxy-Cache
X-Varnish-Url
X-DC
Trailer
X-APP
X-Fastly-Backend-Reqs
X-Newrelic-App-Data
X-FPC
X-HostName
Fusion-Deployment-Id
Magicmarker
X-SRV
WebServer
X-Method
X-PJAX-URL
X-Backend-Host
X-Adobe-Source
X-Swift-Error
Cteonnt-Length
X-Amzn-Remapped-Date
X-Dynatrace
Cache-Cookie-Set-Lfrom
X-WA
X-BE
X-Amzn-Remapped-Connection
Processtime
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Servername
X-Dynatrace-Js-Agent
FSS-Proxy
X-ZONE
X-ID
X-Scheme
X-BC
Cache-Provider
FSS-Cache
X-Fmm-Version
X-Frame-Option
X-WR-MODIFICATION
Ohc-Response-Time
X-Svr
Requestid
X-Snapshot-Date
CDN
X-Branch-Name
X-LB-ID
CF-IPCountry
Dynatrace
X-Be
X-Fpc
X-StackifyID
X-CACHE-AGE
X-Ftr-Cache-Host
X-Apw-Access-Token
Vix-Hermes-Req-Id
Lfy
X-App
X-Apw-Hits
WZWS-RAY
X-Tid
X-Apw-Access-Action
X-Apw-Access-Object
X-Aicache-OS
X-SB
X-Cache-Id
X-Compress-Hint
X-VC
X-Cc-Via
Warning
X-Cc-Req-Id
D-Cc-Upstream
X-Fastly-Cache-Hits
X-Request-Url
X-Esi-Check
V-Cache
X-SN
L
X-Litespeed-Cache-Control
Load-Balancing
LB
X-GEO
X-Cache-NGX
Sid
SID
Lb
Backend-Name
X-Worker
WP-Super-Cache
Correlation-Id
Pagetype
Proxy-Firewall
X-ElasticPress-Search
X-Powered-Y
X-Fastly-Cache-Status
X-WPE-Loopback-Upstream-Addr
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Request-URL
Cneonction