Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Server
X-Age
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-CacheTime
X-Swift-SaveTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-HW
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
P3p
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
X-DataDome
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
Pinterest-Generated-By
Allow
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
Accept-Ch
Verso
Content-MD5
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
X-Forwarded-Proto
X-Version
X-Vcache
X-GitHub-Request-Id
X-MS-InvokeApp
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-B3-TraceId
RTSS
Edge-Cache-Tag
X-D2id
X-Debug
X-Abt-Application-Version
X-Px
AR-CACHE
AR-Request-ID
AR-ATIME
AR-PoweredBy
Ar-Sid
X-Server-Name
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
Display
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Pagespeed
X-TEC-API-ROOT
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Server-ID
X-Accel-Expires
X-Amz-Rid
X-Pinterest-Rid
Pinterest-Version
TCN
X-Edge-O15-RID
X-Fastcgi-Cache
X-SharePointHealthScore
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
X-VARITI-CCR
Public-Key-Pins
X-Fastly-Request-ID
Cache-Tag
X-Trace
Nginx-Cache
X-Client-IP
Realpath
X-Ser
Access-Control-Request-Method
MS-Author-Via
X-Shard
X-DynaTrace-JS-Agent
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Content-Type
X-Ezoic-Cdn
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Grace
S
X-Id
X-Jurisdiction
X-Hp-Webp
X-Upstream
X-Forwarded-For
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
X-Hits
X-T
Fastcgi-Cache
X-Recruiting
X-Aspnet-Version
DynaTrace
X-Cache-TTL
X-Varnish-Age
ServerID
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Mobile-URL
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
MicrosoftSharePointTeamServices
X-DIS-Request-ID
Server-Node
X-Dw-Request-Base-Id
X-HS-Cache-Config
NR-ENABLED
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
Powered
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Frontend
TP-L2-Cache
TP-Cache
X-CST
X-Logged-In
Alternate-Protocol
Server-Name
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-Location
X-Request-Handler-Origin-Region
Fastly-Restarts
X-Microsite
X-Cache-Hit
X-Request-Processing-Time
X-Request-Received
X-ATS-Timestamp
Backend-Timing
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Zen-Fury
X-FTR-Cache-Host
Refresh
X-F-Cache
X-User-Agent
X-Content-Options
X-Page-Id
X-Akamai-Edgescape
X-Rid
X-Revision
X-Varnish-Grace
X-Type
X-Content-Powered-By
X-LB-Cache
X-XRDS-LOCATION
X-B3-Sampled
PB-RID
X-B
PB-PID
Arc-Version
X-Mobile-Rewrite
X-Geo-Country
X-URL
X-Activity-Id
X-Az
X-AppVersion
Cache-Status
X-N
X-Kinsta-Cache
X-Cache-Age
X-Cache-Action
X-TT
X-AOL-HN
X-B-Cache
X-WebKit-CSP-Report-Only
X-Instance
X-Signature
Actual-Object-TTL
X-Debug-Info
Paypal-Debug-Id
Access-Control-Allow-Method
X-Framework
X-FB-Debug
X-Jobs
X-Tumblr-Pixel
X-Tumblr-User
X-Load-Cache
X-Cached-By
X-Time
X-Tumblr-Pixel-0
X-Request-Guid
X-Git-Hash
X-PHP-Backend
X-App-Environment
Fastcgi-Useragent
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Shield-Request-Id
X-Pad
X-Webkit-Csp
X-Amz-Replication-Status
X-Varnish-Backend
X-RateLimit-Remaining
X-NWS-LOG-UUID
Surrogate-Key
Host-Header
X-IPLB-Instance
X-ATG-Version
MS-CV
X-WA-Info
X-Contextid
Host
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-FastCGI-Cache
Accept-CH
X-Cache-Key
X-SS-Set-Cookie
X-Via-JSL
X-Mobile
X-Host-Name
X-Kong-Upstream-Latency
NGB
X-Accel-Buffering
X-Kong-Proxy-Latency
X-Response-Served-From
Payment
X-Cluster
X-Cache-NE
X-Analytics
Tracecode
Frame-Options
X-Cache-2
X-B3-Traceid
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
Source
X-FW-Type
FilterID
X-Region
X-Origin-Response-Time
X-Webapp-Samesite-None-Activated-N
X-Varnish-Server
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
Xserver
Eomportal-Instance
X-IPS-LoggedIn
WPE-Backend
Cache-Tv-Group
X-Adobe-Content
X-Varnish-Hostname
X-GeoIP
X-Adobe-Loc
X-Cacheable-TTL
Retry-After
X-Hostname
X-Cache-Operation
X-Cache-Rule
Filters
X-Rendered-As
X-Is-Bot
X-Cache-Enabled
X-Seen-By
X-NewRelic-App-Data
X-Srv
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-RequestSource
Server-Info
X-TX-ID
Accept-CH-Lifetime
Liferay-Portal
X-RemovedCookies
X-ProcessESI
X-Cache-TTL-Remaining
X-App-Server
Cleartype
X-L-Path
X-Environment-Context
Ms-Operation-Id
X-FireWall-Port
X-RTag
X-Source
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Handled-By
X-Dc
From-Origin
X-HTML-Minification-Powered-By
Datacenter
X-Cache-Server
X-CACHE-KEY
X-UA
X-Backend-Name
Accept-Charset
X-APP-VERSION
X-Esi
Srv
X-PressLabs-Stats
X-Cache-Var
X-ES-SERVER
X-Path-Route
X-Cache-Var-Map
Meta-Geo
X-UUID
X-RN-RSRV
X-Tb
X-Section
X-Access
X-Format
OT-Force-Account-Verify
X-Wix-Request-Id
X-Timing-Wait
Akamai-GRN
Azure-Version
Cache-Tags
X-FC-Vary-Parameters
Selected-Fe
X-Request-Time
X-Proxy-Build
X-Akamai-Request-ID
X-NYM-Debug-Backend
Azure-InstanceId
X-Content-Age
Azure-RegionName
Azure-SlotName
X-OCL
X-Proto
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PCL
X-Origin
Azure-SiteName
Decoy-Debug-Key
DB-Nickname
Now
Origin-Edge-Control
Origin-Cache-Control
X-Akamai-Request-ID2
X-BYPASS-REASON
X-AWS-Id
X-Alternate-Cache-Key
Node
Ec-Rule-Version
Decoy-Debug-TTL
X-Sorting-Hat-ShopId
Mn-Server-Ip
NGX
Decoy-Debug-Status
X-LJ-Flow-ID
X-Pubstack
X-Cache-Control
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ProxyCache-Status
X-Proxy-Cache-Status
X-ProxyCache-Key
X-Viewer-Country
X-VWS-Id
X-ServerID
X-SaId
X-ShardId
Cache
X-Shopify-Generated-Cart-Token
X-ShopId
X-Status
X-Time-Microsecs
X-JoinUs
X-Soup
Version
X-Hyper-Cache
X-Hosted-By
X-Hl-Ver
X-Proxy
X-EIG-Tracking-Id
X-FW-Dynamic
X-Qloud-Router
X-Debug-Cache
X-Say-TTL
X-Say-Cacheable
X-SayCDN-TTL
X-Cluster-Node
X-NCache
X-Redis-Cache
Cross-Origin-Window-Policy
X-BCube-Filmed-By
X-Loop
X-MP-GENERATED-AT
X-Storage
X-CCM
X-TNCMS
X-Amzn-Remapped-Content-Length
X-Vgn-Hpd-Reason
X-Varnish-Hits
X-Web-Node
Healthy
X-Akamai-Transformed
TWC-Connection-Speed
Property-Id
X-RateLimit-Limit
Webcakes-App-Name
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
Webcakes-App-Version
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Generated-By
X-Generated
S-Rt
X-Locale
X-Xfnlog-Site
X-Www-Served-By
X-Site-Version
X-Human
X-RCS-CacheZone
GEO-INFO
X-Origin-Hint
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-R9-Blue-Green-Version
X-FB-TRIP-ID
X-Detected-As
X-IP
X-Rule
X-VCache
X-Unique-Id
X-Cache-Host
Cache-Key
L5d-Success-Class
X-Drupal-Cache-Tags
X-Whom
X-CS
Webserver
X-UA-Device-Type
X-Daa-Tunnel
X-NGENIX-Cache
X-Forwarded-Host
Viewport
Uber-Trace-Id
Time
X-VHOST
X-Mode
Cache-Name
X-Backend-TTL
X-Info
X-UnsetCookies
X-Origin-TTL
Accept-Language
X-Origin-CC
Content-Disposition
X-CDN-Forward
X-B3-Spanid
Rt-Fastcgi-Cache
X-Varnish-Cache-Hits
Mime-Version
X-ApacheServer
Country
X-PERF
X-Newrelic-Synthetics
Section-Io-Cache
Odigeo-Trace-Id
X-Cache-Remote
X-From
ServedBy
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-EC-Lua
X-Zipkin-Id
X-Cluster-Name
X-Routing-Service
X-Proxied
X-Device-Type
X-Drupal-Cache-Contexts
X-Via-Fastly
X-Uri
X-Microcachable
X-Ttl
X-Geo
X-TT-TIMESTAMP
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Cf-Ipcountry
Geo-Info
X-Nc
Proxy-Connection
Ohc-File-Size
HitType
Machine
X-B-Cookie
X-ARC
X-Application
Meta-Geo-Continent
W
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dgt
X-A-Dcw
VivaBuild
X-A-Dam
Viewtype
MD5-Digest
T-Server
X-A-Ccd
Mobile-Detection-Method
X-Aed
X-A
X-Region-Sid
Content-Style-Type
X-SRCache-Key
Content-Script-Type
X-Transaction
X-Trv-Group
X-Sigma-Backend
X-Sigma
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
Apple-News-Services-Handled
X-Twitter-Response-Tags
Apple-News-Services-Request-Url
X-Vtex-Remote-Cache
AsisCache
BehaviorPad-Version
Xc-Version
X-Vtex-Processado-Em
X-VG-WebServer
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebCache
X-CF-Lambda-Fn
X-Rocket-Build-Number
GEO-REGION-INFO
X-DPWN-IS-SECURE
X-G
X-Geo-Header
Access-Control-Request-Headers
X-Destination
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Date
X-GeoIP-Country-Code
X-External-Request-Id
Rendered-Blocks
X-Rewrite-Enabled
Fastcgi-X-Cache-Version
X-Request-UUID
X-Varnish-Beresp-Status
X-C
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Ha-Gx-Prefs
HA-Ipaddr
IsBot
Powered-By
Locid
Gh-Request-Id
Fastly-SIE
Environment
Countrycode
Fastly-Soc-X-Request-Id
Fastly-SWR
X-Distil-CS
X-SIPLIST1
X-Thanos
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Hit
X-Logging-Id
X-TrackingId
X-Tumblr-Pixel-3
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-WebServer
X-VC-Cache
X-Varnish-Authentication
X-Eu-Site
CDCHOST
X-Agile-Id
X-App-Name
X-Agile-Age
X-Agile
Server-Surrogate-Control
X-Auto-Login
X-Bip
X-Contensis-Viewer-Groups
X-Developers
X-Clientip
X-CGP
X-Cache-ASPX
Server-Cache-Control
X-Cache-Debug
X-Real-IP
Filterid
X-No-Session
Fastly-SSL
X-UPSTREAM-Address
User-Cache-Control
X-Cache-Time
X-GoCache-CacheStatus
X-Edge-Location
X-Labrador-Cache-Channel
X-PHP-Host
X-Cdn-Srv
X-Nginx-Cache-Key
X-NodeID
X-Cache-Tags
X-Cache-Info
X-Ms-Version
X-Cache-URL
X-SVT-ORM-VERSION
X-Core-Mission
X-CUA
X-We-Are-Hiring
X-Ms-Request-Id
X-NX-Host
X-Cms-Context
X-Clara-WADP
X-Origin-Expires
Cdncip
X-Backend-State
X-LI-UUID
X-Up
X-Cache-Expired-At
Cdnsip
X-Air-Hostname
X-Swa-Ws
X-Azure-Ref
X-WADP-Cache
X-OVcl
X-OVcl-Cache
X-AK-Request-ID
Ohc-Cache-HIT
X-Origin-Date
X-Debug-Cache-Expiry
X-Hash
X-IN-APIGATEWAY
X-Has-Esi
X-Variation
X-Generation-Time
X-GeoIP-City
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Li-Pop
X-LI-Proto
X-Li-Fabric
X-JWT-State
X-Irp-Debug
X-Is-Gdpr
X-Generated-In
X-Gamma-Serve
X-Debug-Log
X-Urbn-Context-Path
X-Debug-Cookies
X-Debug-Cache-Store
X-TT-LOGID
X-Debug-Cache-Fetch
X-VServer
X-Dispatcher-Server
X-FW-Version
X-SVT-ORM-RULES
X-Fastly-Cache
X-Epic-Correlation-Id
X-Distributor
X-Urbn-Site-Id
X-Micro-Cache
X-Owner
Platform
AKAMAI
Memcached
X-Request-URI
Request-Country
Request-EU
Server-ID
RNT-Time
RNT-Machine
Mail-Subject
X-Servername
X-TH-Server
Is-Eu
IBM-Web2-Location
Kp-EeAlive
Locale
X-Server-W
Adler-Geo
X-Trace-Id
Server-Int
Country-Code
V-Age
True-Client-Country-4JS
X-Proxy-Upstream
We-Hiring
X-Platform-Server
Heartbleed
Group
X-Trafficlayer-App-Version
X-Var-Ttl
X-Trafficlayer-App-Name
X-Render-Time
Fastly-Backend-Name
X-Req
X-Matched-Rule
FNAC-ModuleRouting
X-Fetched-On
Web-Mar-Node
X-Thinkindot-L3
Cache-Host
X-Generated-On
Pragrma
X-TA-CDN-Provider
X-Hnp-Log
X-Gen-Mode
PFcat
X-BBXSRF
Thinkindot-CacheControl
X-Service
X-RateLimit-Limit-Second
ServerName
X-NU-AKA-ACS-Version
Cache-Hits
X-Block-Status
X-Level-Front-Cache
X-Cache-Bucket
X-Webstats-RespID
Server-Host
X-Trafficlayer-App-Scope
X-Reboot
X-Core-Value
X-ServiceProvider
X-RateLimit-Remaining-Second
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Nginx-Cache
X-Cache-Backend
X-Old-Content-Length
X-S-Maxage
Wxu-Next-Region
X-SERVER
S-Cnection
X-User
Wxu-Next-Commit
Wxu-Next-Hostname
X-App-Version
RequestId
X-Lb-Id
X-Response-By
X-Internal-Host
X-Refresh
X-Key
X-Sucuri-Cache
Powered-By-ChinaCache
X-Wa
X-Sucuri-ID
X-CSRF-TOKEN
X-NC
X-Location
X-Tec-Api-Root
X-Varnish-Cacheable
X-Tec-Api-Version
X-Tec-Api-Origin
X-Parent-Response-Time
X-Ua
Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Pf-Uncompressing
X-Pjax-Url
X-CF-Powered-By
X-Cdn-Forward
X-Node-Id
User-Agent
ProcessTime
X-BACKEND-TTL
X-Developer
X-CSRF-Token
X-B3-Parentspanid
X-Via-CDN
X-Cdn-Origin
X-Cache-Grace
X-NWS-UUID-VERIFY
X-Sn-Servicetimems
Memory
X-LAGOON
X-Oss-Server-Time
X-Oss-Object-Type
SRV
X-Oss-Storage-Class
X-Cache-Status-Check
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
On-Server
X-Ocache
X-Device-Os
Geoip-City
Hostname
TTL
PICS-Label
Geoip-Latitude
X-Correlation-ID
X-COUNTRY
X-MSEdge-Flight
X-MSEdge-Features
X-NGINX-Cache
X-Server-IP
X-Vcl-Version
A
GeoIp-Country-Code
X-Unique-ID
X-Request-Host
X-B3-SpanId
X-Webkit-CSP
X-Servedbyhost
X-Litespeed-Cache
Cloudfront-Viewer-Country
X-Varnish-Ttl
Media-Length
M-TraceId
X-Cdn-Request-ID
XServer
X-Ruxit-Js-Agent
X-TIME
X-HS-Status
Dnion-Transfer-Encoding
Tcn
X-Varnish-URL
X-Rocket-Nginx-Bypass
X-FORWARDED-FOR
SN
X-Via-Ucdn
Host-ID
Resin-Trace
Cdn
X-Ratelimit-Remaining
X-Beluga-Trace
X-Beluga-Status
X-Cache-Ttl
X-Beluga-Response-Time
X-Beluga-Cache-Status
Who
X-ServedByHost
X-Beluga-Node
X-Beluga-Record
HostName
X-Sucuri-Id
CACHE
X-Reqid
X-Slack-Backend
X-Action
Esi-Enabled
X-AIR-PT
X-Fastly-Country-Code
MIME-Version
X-DSS
X-DB
X-DW
X-VCL-Version
X-DI
X-Server-Time
Arc-Country
X-Cache-FS-Status
X-Policy
X-Dispatch
X-PAYTM-SRV-ID
GeoIP-Country-Code
X-RPM
X-Planisys-CDN-TTL
X-RPS
X-RSL
X-Processor
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
CF-Cached-On
Trailer
Pics-Label
X-ND-Cache
Ttl
X-Hello
X-Flog
X-Skip-Cache
X-DC
X-Request-Start
X-Azure-Ref-OriginShield
Pramga
X-ABtesting
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
Rt-Proxy-Cache
GeoIP-Latitude
Cdn-Host
X-VarnishDD-TTL
NtCoent-Length
Fastly-Drupal-HTML
X-Edge-Server
X-Varnish-Url
GeoIP-City
X-Served-From
Cdn-Request-Time
X-Newrelic-App-Data
X-Ratelimit-Limit
X-Bc-Bl
X-PF-Uncompressing
X-PJAX-URL
X-APP
X-DevSite-Last-Modified
X-FPC
X-Fastly-Backend-Reqs
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-SERVER-NAME
Section-Origin-Responded
X-HostName
N-Cache
X-Bc
X-Zone
X-Method
X-SRV
Amp-Access-Control-Allow-Source-Origin
Magicmarker
WebServer
X-Swift-Error
X-BE
X-ZONE
X-Backend-Host
Cteonnt-Length
Fusion-Deployment-Id
X-Dynatrace
X-Amzn-Remapped-Date
X-BC
Processtime
X-Amzn-Remapped-Connection
Servername
X-Dynatrace-Js-Agent
X-Adobe-Source
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Fmm-Version
X-ID
X-WA
FSS-Proxy
FSS-Cache
Cache-Cookie-Set-From
CDN
Cache-Provider
X-LB-ID
X-Frame-Option
X-WR-MODIFICATION
X-Be
X-Branch-Name
X-Snapshot-Date
Requestid
X-StackifyID
Dynatrace
CF-IPCountry
X-Svr
Ohc-Response-Time
X-Ftr-Cache-Host
X-CACHE-AGE
WZWS-RAY
X-Tid
X-Fpc
X-Scheme
X-Request-Url
X-Aicache-OS
X-App
Lfy
Vix-Hermes-Req-Id
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Fastly-Cache-Hits
V-Cache
Warning
X-SB
X-Cc-Req-Id
X-Cc-Via
X-VC
D-Cc-Upstream
Load-Balancing
X-Litespeed-Cache-Control
X-Esi-Check
X-Compress-Hint
Backend-Name
X-Cache-Id
Cneonction
CloudFront-Viewer-Country
Lb
Correlation-Id
X-Worker
X-Powered-Y
X-Request-URL
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-ElasticPress-Search
WP-Super-Cache
Proxy-Firewall
X-Fastly-Cache-Status
Pagetype
X-WPE-Loopback-Upstream-Addr