Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Host
X-OneAgent-JS-Injection
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Readtime
X-Vhost
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-Country-Code
X-TTL
X-DynaTrace
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-Goog-Hash
X-FTR-Request-ID
X-Vname
X-TtlSet
X-PC
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Use-Magma
X-GitHub-Request-Id
X-Kinja
X-Kinja-Build
Edge-Cache-Tag
RTSS
AR-ATIME
AR-Request-ID
AR-PoweredBy
AR-CACHE
Ar-Sid
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
Display
X-Middleton-Display
Pagespeed
Response
X-Sol
X-Middleton-Response
X-TEC-API-VERSION
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Amz-Rid
X-Vcap-Request-Id
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-Navigation-Version
X-Powered-CMS
Pinterest-Version
X-SharePointHealthScore
X-Pinterest-Rid
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
X-Server-ID
S
Nginx-Cache
X-DynaTrace-JS-Agent
X-Shard
SPRequestDuration
SPIisLatency
X-Upstream
X-Id
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Amzn-Trace-Id
X-Grace
X-T
X-Amz-Meta-S3cmd-Attrs
Nel
X-Edge-O15-RID
DynaTrace
Front-End-Https
X-Recruiting
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Node-Name
X-Element-Page-Cache
X-Cache-TTL
X-DIS-Request-ID
X-Mobile-URL
X-Country-Code-Real
NR-ENABLED
X-FTR-Cache-Status
X-Content-Digest
X-Jurisdiction
X-FTR-Expires
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Powered
X-Frontend
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Storage-Class
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend
Server-Node
Alternate-Protocol
Server-Name
TP-Cache
TP-L2-Cache
X-Logged-In
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Upgrade-Insecure-Requests
Backend-Timing
X-Amzn-RequestId
X-Cache-Hit
X-Amz-Apigw-Id
X-Content-Options
X-Page-Id
X-Origin-Server
X-Content-Security-Policy-Report-Only
Refresh
X-Rid
X-F-Cache
X-Revision
X-User-Agent
X-Akamai-Edgescape
X-Varnish-Grace
X-Type
X-CST
X-Zen-Fury
Fastly-Restarts
X-XRDS-LOCATION
X-Content-Powered-By
X-LB-Cache
X-B3-Sampled
X-Geo-Country
X-B
X-Shield-Request-Id
X-URL
X-AppVersion
X-Az
X-Activity-Id
X-FTR-Cache-Host
PB-RID
PB-PID
X-N
Arc-Version
X-Mobile-Rewrite
X-Kinsta-Cache
Cache-Status
X-Webapp-Samesite-None-Activated-N
X-Pad
X-TT
X-Cache-Age
X-Instance
X-WebKit-CSP-Report-Only
X-Debug-Info
X-AOL-HN
X-Tumblr-Pixel
X-Framework
X-App-Environment
X-Jobs
X-Signature
X-Time
X-B-Cache
Actual-Object-TTL
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Tumblr-User
X-Request-Guid
X-Cache-Action
Access-Control-Allow-Method
X-Webkit-Csp
X-RateLimit-Remaining
X-FB-Debug
DC
X-PHP-Backend
X-Load-Cache
X-Analytics
X-Cached-By
X-Git-Hash
X-Tt-Trace-Tag
X-Varnish-Backend
Surrogate-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Fastcgi-Useragent
X-Tt-Trace-Host
Host-Header
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
MS-CV
X-SS-Set-Cookie
X-ATG-Version
FilterID
X-WA-Info
Tracecode
X-Cluster
Host
NGB
X-Accel-Buffering
X-Response-Served-From
X-Mobile
WPE-Backend
X-Host-Name
X-Kong-Proxy-Latency
X-Varnish-Server
Source
X-Kong-Upstream-Latency
X-Cache-NE
Payment
X-Cache-2
X-FW-Hash
Xserver
Eomportal-Instance
X-Via-JSL
X-Srv
Frame-Options
X-Cache-Operation
X-Region
X-Cache-Rule
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
X-Hostname
Cache-Tv-Group
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-Is-Bot
X-Rendered-As
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-ORACLE-APMCS-REQUEST-ID
X-GeoIP
Filters
X-ORACLE-APMCS-TAG
X-Cacheable-TTL
X-Cache-Enabled
X-NewRelic-App-Data
X-Cache-Key
X-Adobe-Content
X-Adobe-Loc
X-Origin-Response-Time
X-RequestSource
X-TX-ID
X-NWS-LOG-UUID
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-Seen-By
X-FastCGI-Cache
Retry-After
Cleartype
X-Ruxit-Js-Agent
Server-Info
X-VCache
X-Cache-TTL-Remaining
Accept-CH
X-ProcessESI
X-RemovedCookies
X-B3-Traceid
X-HTML-Minification-Powered-By
Liferay-Portal
X-CACHE-KEY
Cache
X-Dc
X-RTag
Ms-Operation-Id
Datacenter
X-Source
X-Ttl
X-UA
X-Cache-Control
X-L-Path
X-FireWall-Port
X-Environment-Context
X-Upgrade-Enabled
Healthy
X-App-Server
X-Endurance-Cache-Level
X-Cache-Server
From-Origin
X-PressLabs-Stats
Accept-CH-Lifetime
X-Handled-By
X-RateLimit-Limit
Version
X-Rule
X-Status
X-Backend-Name
X-Wix-Request-Id
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
X-Path-Route
Meta-Geo
X-Proxy-Build
X-Access
Selected-Fe
X-Request-Time
OT-Force-Account-Verify
X-APP-VERSION
X-Section
X-Tb
X-Format
X-Timing-Wait
X-Storage
X-Sorting-Hat-PodId
X-Human
Azure-InstanceId
Akamai-GRN
X-ProxyCache-Key
Cache-Tags
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Generated-Cart-Token
Mn-Server-Ip
X-EIG-Tracking-Id
X-Akamai-Request-ID
Azure-RegionName
X-ProxyCache-Status
X-Content-Age
X-Proto
X-BYPASS-REASON
X-Shopify-Stage
X-PCL
Srv
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
Azure-Version
X-Origin
Azure-SlotName
Azure-SiteName
X-ShardId
X-OCL
X-ShopId
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cluster-Node
Decoy-Debug-Key
X-Qloud-Router
X-Hl-Ver
X-FW-Dynamic
X-Hosted-By
X-Soup
Decoy-Debug-Status
Decoy-Debug-TTL
X-Proxy-Cache-Status
X-Debug-Cache
X-Proxy
X-Pubstack
X-UUID
X-Web-Node
X-NYM-Debug-Backend
X-Hyper-Cache
X-JoinUs
X-Vgn-Hpd-Reason
X-Viewer-Country
X-FC-Vary-Parameters
X-Cache-Host
X-VWS-Id
X-AWS-Id
X-Cache-Config
X-Akamai-Request-ID2
Ec-Rule-Version
X-LJ-Flow-ID
X-MP-GENERATED-AT
Origin-Cache-Control
X-Generated-By
X-SaId
Now
X-Redis-Cache
Origin-Edge-Control
DB-Nickname
Node
X-ServerID
S-Rt
X-Time-Microsecs
NGX
Cross-Origin-Window-Policy
X-CCM
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
X-Generated
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
Property-Id
X-BCube-Filmed-By
X-RCS-CacheZone
X-Detected-As
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Site-Version
X-Www-Served-By
X-IP
X-Origin-Hint
X-Varnish-Hits
X-Locale
Accept-Charset
X-Xfnlog-Site
X-Loop
X-Amzn-Remapped-Content-Length
X-FB-TRIP-ID
GEO-INFO
X-TNCMS
X-Akamai-Transformed
X-R9-Blue-Green-Version
L5d-Success-Class
X-NCache
X-CS
Cache-Name
Viewport
Uber-Trace-Id
X-Drupal-Cache-Tags
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Esi
Time
Webserver
X-Unique-Id
Cache-Key
X-UA-Device-Type
Mime-Version
X-UnsetCookies
X-Cache-Remote
X-Mode
X-From
X-Forwarded-Host
X-Origin-CC
VIX-Pulpo-Upstream-Status
X-Origin-TTL
Accept-Language
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
Rt-Fastcgi-Cache
Country
X-Backend-TTL
X-Cluster-Name
X-CDN-Forward
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Info
X-Microcachable
X-Whom
X-TT-TIMESTAMP
X-CLOUD-TRACE-CONTEXT
X-NGENIX-Cache
X-Edge-Location
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-ApacheServer
X-B3-Spanid
X-PERF
X-Daa-Tunnel
X-Geo
Content-Disposition
ServedBy
X-UPSTREAM-Address
X-EC-Lua
Proxy-Connection
X-Routing-Service
Ohc-File-Size
Ohc-Cache-HIT
X-Proxied
X-Device-Type
X-Zipkin-Id
X-No-Session
Cf-Ipcountry
X-Via-Fastly
X-Nc
X-Uri
Rendered-Blocks
Mobile-Detection-Method
W
Meta-Geo-Continent
X-A-Dam
X-A-Ccd
X-A
Viewtype
VivaBuild
T-Server
BehaviorPad-Version
Apple-News-Services-Request-Url
X-A-Dcw
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
AsisCache
Content-Script-Type
Machine
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Content-Style-Type
MD5-Digest
X-Connection-Hash
X-Sigma
X-Sigma-Backend
X-SRCache-Key
X-Session-Fingerprint
X-ScT
X-Rojux
X-S
X-S-Cookie
X-Transaction
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Vdms-Version
X-VG-TLSProxy
X-Rocket-Build-Number
X-Rewrite-Enabled
X-B-Cookie
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-ARC
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-D
X-Date
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Geo-Header
X-External-Request-Id
X-Destination
X-DPWN-IS-SECURE
X-A-Dgt
X-G
X-C
X-Labrador-Cache-Channel
X-PHP-Host
HitType
User-Cache-Control
Geo-Info
Locid
Powered-By
Server-Surrogate-Control
Server-Cache-Control
IsBot
HA-Ipaddr
CDCHOST
X-Wikidot-Static-Cache
X-Wikidot-Backend
Environment
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
Gh-Request-Id
X-Hit
X-Agile
X-Cache-Debug
X-Cache-ASPX
X-Bip
X-Developers
X-CGP
X-CUA
X-Contensis-Viewer-Groups
X-Backend-State
X-Auto-Login
X-Agile-Age
X-Real-IP
X-Agile-Id
X-Epic-Correlation-Id
X-Distil-CS
X-App-Name
X-Eu-Site
X-Logging-Id
Section-Io-Cache
X-Tumblr-Pixel-3
X-Thanos
X-SIPLIST1
X-WebServer
X-TrackingId
X-VC-Cache
X-Varnish-Authentication
X-Render-Time
X-GoCache-CacheStatus
X-App-Version
X-Cache-Time
X-Cache-Backend
X-Fastly-Cache
X-Urbn-Site-Id
X-AK-Request-ID
X-SVT-ORM-RULES
X-Distributor
X-TH-Server
X-Sucuri-Cache
X-Urbn-Context-Path
X-We-Are-Hiring
Countrycode
X-Generated-In
Fastly-SIE
V-Age
X-GeoIP-City
X-Generation-Time
We-Hiring
Web-Mar-Node
X-SVT-ORM-VERSION
X-VServer
X-Fetched-On
X-Gamma-Serve
X-Gen-Mode
X-User
X-Swa-Ws
X-Clara-WADP
X-Cms-Context
X-Trace-Id
X-Debug-Log
X-FW-Version
Memcached
IBM-Web2-Location
X-Varnish-Beresp-Ttl
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Core-Mission
X-Debug-Cookies
X-Cdn-Srv
X-TT-LOGID
X-BBXSRF
X-LI-Proto
True-Client-Country-4JS
X-LI-UUID
X-Dispatcher-Server
X-Li-Pop
X-Block-Status
X-Cache-Info
X-Cache-URL
X-Li-Fabric
X-Cache-Bucket
X-Varnish-Beresp-Grace
X-Azure-Ref
X-Hnp-Log
Heartbleed
X-WADP-Cache
X-Varnish-Beresp-Status
X-Rebelmouse-Surrogate-Control
Fastly-Backend-Name
X-Origin-Date
Kp-EeAlive
X-Rebelmouse-Cache-Control
Mail-Subject
X-Hash
X-NX-Host
X-Request-URI
Locale
X-Servername
X-Origin-Expires
Cache-Host
X-Webstats-RespID
AKAMAI
X-Proxy-Upstream
X-RateLimit-Limit-Second
Access-Control-Request-Headers
Cdncip
Country-Code
X-OVcl
X-OVcl-Cache
X-Owner
Cdnsip
X-Nginx-Cache-Key
X-NodeID
RNT-Time
X-Instart-Isnd
RNT-Machine
X-Irp-Debug
X-Key
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Fastly-SWR
X-RateLimit-Remaining-Second
Fastly-SSL
Server-Int
Server-ID
X-Ms-Version
Request-EU
X-Debug-Cache-Expiry
X-Server-W
Request-Country
X-Clientip
X-Micro-Cache
X-Ms-Request-Id
X-Oneagent-Js-Injection
X-Old-Content-Length
X-Generated-On
X-ServiceProvider
X-Service
X-Req
X-Thinkindot-L3
X-Level-Front-Cache
X-Nginx-Cache
X-Matched-Rule
X-Reboot
Platform
X-Cache-Tags
X-Has-Esi
Is-Eu
Server-Host
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
PFcat
X-Internal-Host
X-Up
X-TA-CDN-Provider
ServerName
FNAC-ModuleRouting
X-Platform-Server
X-Is-Gdpr
X-JWT-State
X-NU-AKA-ACS-Version
Adler-Geo
X-Variation
Wxu-Next-Hostname
X-Core-Value
X-Trafficlayer-App-Version
Wxu-Next-Commit
Wxu-Next-Region
Filterid
X-Location
X-SERVER
X-Response-By
X-Lb-Id
X-S-Maxage
Cache-Hits
X-Air-Hostname
X-VHOST
RequestId
X-Refresh
X-B3-Parentspanid
X-Cache-Expired-At
X-CSRF-TOKEN
Pragrma
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
X-Var-Ttl
Group
X-Cdn-Forward
X-B3-SpanId
X-BACKEND-TTL
X-Correlation-ID
ProcessTime
S-Cnection
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Memory
X-CF-Powered-By
Powered-By-ChinaCache
X-Wa
X-Ua
X-Pjax-Url
User-Agent
X-Server-IP
Origin
X-NC
TTL
X-CSRF-Token
X-Sucuri-ID
X-Unique-ID
SRV
X-Pf-Uncompressing
X-Vcl-Version
Geoip-Latitude
Media-Length
X-Cdn-Request-ID
X-Varnish-Cacheable
X-NWS-UUID-VERIFY
GeoIp-Country-Code
PICS-Label
X-NGINX-Cache
X-COUNTRY
Geoip-City
X-Via-CDN
X-Sucuri-Id
X-Developer
Dnion-Transfer-Encoding
X-Servedbyhost
X-Cdn-Origin
X-Ocache
X-Webkit-CSP
X-Sn-Servicetimems
X-LAGOON
X-Device-Os
X-Rocket-Nginx-Bypass
X-Node-Id
X-Litespeed-Cache
X-Cache-Grace
SN
X-Via-Ucdn
On-Server
X-Reqid
Esi-Enabled
X-Varnish-Ttl
M-TraceId
X-AIR-PT
X-TIME
XServer
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Policy
X-Planisys-CDN-Cache
X-HS-Status
A
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-FORWARDED-FOR
X-Cache-Status-Check
Cloudfront-Viewer-Country
Cdn
X-Request-Start
Hostname
X-Azure-Ref-OriginShield
X-Oss-Object-Type
HostName
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Beluga-Status
X-Beluga-Trace
Rt-Proxy-Cache
X-Cache-Ttl
X-Beluga-Node
X-Beluga-Cache-Status
X-Beluga-Record
X-Beluga-Response-Time
X-Fastly-Country-Code
Resin-Trace
Who
X-Ftr-Cache-Host
X-ServedByHost
CF-Cached-On
X-Varnish-URL
Host-ID
Pics-Label
GeoIP-Country-Code
X-Ratelimit-Remaining
Magicmarker
X-Method
NtCoent-Length
GeoIP-Latitude
X-LiteSpeed-Cache-Control
Cteonnt-Length
X-APP
X-VCL-Version
MIME-Version
Tcn
X-Oracle-Dms-Rid
Ttl
GeoIP-City
X-PF-Uncompressing
X-Fastly-Backend-Reqs
X-Slack-Backend
X-Zone
X-Bc
X-Varnish-Url
Load-Balancing
X-DC
X-Newrelic-App-Data
X-RPS
CACHE
X-Be
X-VarnishDD-TTL
X-Svr
X-RSL
Ohc-Response-Time
X-RPM
X-DSS
X-DW
X-DB
X-Action
X-DI
Arc-Country
X-PJAX-URL
X-SRV
WebServer
DSUID
X-Ftr-Request-Id
Pramga
X-Ratelimit-Limit
X-PAYTM-SRV-ID
X-Cache-FS-Status
X-Processor
Amp-Access-Control-Allow-Source-Origin
X-Skip-Cache
Vix-Hermes-Req-Id
X-Swift-Error
X-Server-Time
X-Dispatch
X-MServer
Release
X-VCT
X-DevSite-Last-Modified
X-Flog
X-Hp-Ccpa-Warning
X-Hello
X-ND-Cache
Processtime
X-Tid
X-Dynatrace
X-ABtesting
X-BE
Fastly-Drupal-HTML
X-FPC
Servername
X-Dynatrace-Js-Agent
X-WR-MODIFICATION
X-Edge-Server
X-Served-From
Cache-Provider
X-Aicache-OS
N-Cache
X-ID
X-Configured-By
X-HostName
Cdn-Request-Time
Cdn-Host
X-Frame-Option
X-Upstream-Ht
X-Upstream-Ct
X-Amzn-Remapped-Date
X-WA
X-StackifyID
X-Amzn-Remapped-Connection
X-Bc-Bl
Requestid
X-Ftr-Backend
X-Ftr-Backend-Server
X-Fastly-Cache-Hits
X-Ftr-Balancer
Lfy
X-Snapshot-Date
CDN
X-Branch-Name
X-LB-ID
SD-X-WS
Pagetype
Dynatrace
CF-IPCountry
X-ZONE
X-Ftr-Realm
X-SD-PageType
X-Ftr-Dc
X-CACHE-AGE
X-Backend-Host
X-SN
X-Apw-Access-Object
X-Apw-Access-Token
X-Edge-IP
Proxy-Firewall
L
X-Compress-Hint
X-Apw-Access-Action
X-Cache-Id
Warning
X-Request-Url
X-Apw-Hits
X-SB
X-Varnish-Beresp-TTL
V-Cache
D-Cc-Upstream
X-VC
X-BC
X-Cc-Via
X-Cc-Req-Id
Section-Io-Id
X-Release
X-ServerName
Section-Io-Origin-Status
Section-Origin-Responded
X-WPE-Loopback-Upstream-Addr
X-Fpc
WZWS-RAY
X-Powered-Y
Section-Io-Origin-Time-Seconds
X-ElasticPress-Search
Correlation-Id
Lb
X-Check-Cacheable
Backend-Name
X-Fastly-Cache-Status
X-App
X-Worker
WP-Super-Cache
X-Via-NSCOPI
X-Request-URL