Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
X-Pass-Why
Xkey
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Ua-Compatible
X-Server
X-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Ws-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Host
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Ac
X-Node
Content-Location
Surrogate-Control
X-Vhost
X-Cloud-Trace-Context
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-DataDome
NEL
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-TTL
Allow
X-Country-Code
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
Accept-Ch
Verso
Content-MD5
X-ESI
X-Powered-By-Plesk
Service-Worker-Allowed
Accept-Ch-Lifetime
X-Url
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-B3-TraceId
X-GitHub-Request-Id
RTSS
Edge-Cache-Tag
X-Abt-Application-Version
X-D2id
X-Debug
X-Px
AR-CACHE
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Vcache
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Server-Name
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Accel-Expires
Response
X-Middleton-Response
Display
X-Sol
X-Middleton-Display
Pagespeed
X-Vcap-Request-Id
X-MSEdge-Ref
X-Amz-Rid
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
X-Powered-CMS
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Cdn
X-Trace
X-VARITI-CCR
Public-Key-Pins
Realpath
Cache-Tag
X-Client-IP
X-Fastly-Request-ID
Access-Control-Request-Method
X-Ser
MS-Author-Via
Nginx-Cache
X-Shard
X-DynaTrace-JS-Agent
S
X-Mrf-Item-Lastmod
SPRequestDuration
SPIisLatency
Mrf-Cache-Status
MRF-Tech
X-Edge-O15-RID
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Upstream
X-Id
X-Content-Type
X-Ezoic-Cdn
X-Hp-Webp
X-Grace
X-Amzn-Trace-Id
X-T
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
X-Hits
X-Recruiting
Fastcgi-Cache
X-Forwarded-For
DynaTrace
X-Jurisdiction
X-Aspnet-Version
X-Cache-TTL
X-Varnish-Age
ServerID
X-Server-ID
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Mobile-URL
X-Dw-Request-Base-Id
X-DIS-Request-ID
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-FTR-DC
X-FTR-Backend-Server
NR-ENABLED
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Goog-Metageneration
Powered
X-Frontend
X-Goog-Generation
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
Server-Node
X-Goog-Stored-Content-Length
TP-L2-Cache
TP-Cache
Alternate-Protocol
Server-Name
X-Logged-In
X-Correlation-Id
X-CST
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Request-Received
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Cache-Hit
X-Content-Options
X-User-Agent
Refresh
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-F-Cache
X-Page-Id
X-Revision
X-Rid
X-Akamai-Edgescape
Fastly-Restarts
X-Zen-Fury
X-Varnish-Grace
X-Type
X-Content-Powered-By
X-XRDS-LOCATION
X-LB-Cache
X-B
X-FTR-Cache-Host
X-B3-Sampled
PB-RID
X-URL
PB-PID
X-Geo-Country
X-Az
X-Activity-Id
X-AppVersion
X-Mobile-Rewrite
Arc-Version
Cache-Status
X-Kinsta-Cache
X-N
X-Cache-Age
X-Pad
X-Shield-Request-Id
X-TT
X-WebKit-CSP-Report-Only
X-Signature
X-Cache-Action
X-B-Cache
X-Instance
X-AOL-HN
X-Debug-Info
X-Framework
X-Tumblr-User
Paypal-Debug-Id
X-Time
X-Jobs
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Actual-Object-TTL
Access-Control-Allow-Method
X-App-Environment
X-FB-Debug
X-Load-Cache
X-PHP-Backend
X-Request-Guid
DC
X-Cached-By
X-Git-Hash
Fastcgi-Useragent
X-Webkit-Csp
X-RateLimit-Remaining
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Varnish-Backend
X-Amz-Replication-Status
Surrogate-Key
X-Erf-Bev-Bev
X-Webapp-Samesite-None-Activated-N
X-Erf-Bev-Bev-Is-Generated
Host-Header
X-IPLB-Instance
X-Contextid
X-Analytics
MS-CV
FilterID
X-ATG-Version
X-WA-Info
X-SS-Set-Cookie
Accept-CH
X-FastCGI-Cache
Host
X-Cache-Key
X-NWS-LOG-UUID
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile
Tracecode
X-Response-Served-From
X-Cluster
X-Accel-Buffering
NGB
X-Via-JSL
WPE-Backend
X-Kong-Upstream-Latency
Payment
X-Kong-Proxy-Latency
X-Host-Name
X-Cache-NE
X-B3-Traceid
Xserver
Eomportal-Instance
X-FW-Type
X-Region
X-Varnish-Server
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Cache-2
Source
X-Tumblr-Pixel-1
X-Origin-Response-Time
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-GeoIP
Cache-Tv-Group
Filters
Frame-Options
X-Varnish-Hostname
X-Srv
X-Cacheable-TTL
X-Cache-Enabled
X-Adobe-Loc
X-Adobe-Content
X-Cache-Operation
X-Seen-By
X-Is-Bot
X-RequestSource
X-Cache-Rule
X-Rendered-As
X-TX-ID
X-Hostname
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
Retry-After
X-NewRelic-App-Data
Accept-CH-Lifetime
Server-Info
Cleartype
X-Cache-TTL-Remaining
X-VCache
X-ProcessESI
X-RemovedCookies
Liferay-Portal
X-App-Server
Ms-Operation-Id
X-RTag
X-Source
X-Environment-Context
X-L-Path
X-UA
X-HTML-Minification-Powered-By
Datacenter
X-FireWall-Port
X-Dc
X-Endurance-Cache-Level
X-Handled-By
X-Cache-Server
From-Origin
X-Upgrade-Enabled
Cache
X-CACHE-KEY
X-Esi
X-APP-VERSION
X-Cache-Control
X-Backend-Name
X-PressLabs-Stats
Srv
X-Wix-Request-Id
Healthy
Meta-Geo
X-Cache-Var-Map
X-RN-RSRV
X-Cache-Var
X-Path-Route
X-ES-SERVER
X-Status
Accept-Charset
X-Access
OT-Force-Account-Verify
X-Format
X-Section
Selected-Fe
X-Tb
X-Proxy-Build
X-Timing-Wait
Version
X-Alternate-Cache-Key
X-Proto
X-Origin
X-OCL
X-Akamai-Request-ID
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
Azure-RegionName
Azure-SiteName
X-ShopId
Azure-InstanceId
Akamai-GRN
Azure-SlotName
Azure-Version
X-ShardId
X-PCL
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
Cache-Tags
Mn-Server-Ip
X-UUID
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-EIG-Tracking-Id
X-FC-Vary-Parameters
X-NYM-Debug-Backend
X-Content-Age
X-Request-Time
X-Web-Node
X-Cluster-Node
X-ServerID
Decoy-Debug-TTL
X-Say-Cacheable
Ec-Rule-Version
X-SaId
Decoy-Debug-Status
X-Redis-Cache
X-Generated-By
X-Proxy
X-FW-Dynamic
X-ProxyCache-Status
X-Debug-Cache
X-Hl-Ver
X-Qloud-Router
DB-Nickname
NGX
X-Time-Microsecs
X-SayCDN-TTL
X-JoinUs
X-VWS-Id
X-LJ-Flow-ID
X-Say-TTL
X-AWS-Id
X-BYPASS-REASON
X-Viewer-Country
X-Pubstack
X-Akamai-Request-ID2
X-Hyper-Cache
X-ProxyCache-Key
Now
Node
X-Vgn-Hpd-Reason
X-Soup
Origin-Cache-Control
X-Human
X-Hosted-By
Origin-Edge-Control
X-Proxy-Cache-Status
Decoy-Debug-Key
X-Yottaa-Metrics
X-RateLimit-Limit
X-Rule
X-Storage
X-Yottaa-Optimizations
X-Varnish-Hits
TWC-Connection-Speed
TWC-Device-Class
Property-Id
X-CCM
X-Www-Served-By
X-Site-Version
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-Region
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
Webcakes-App-Name
TWC-Locale-Group
TWC-Privacy
X-FB-TRIP-ID
X-TNCMS
X-MP-GENERATED-AT
X-Origin-Hint
X-Loop
Cross-Origin-Window-Policy
X-Generated
X-Akamai-Transformed
X-Locale
S-Rt
X-R9-Blue-Green-Version
X-Cache-Host
X-Xfnlog-Site
X-RCS-CacheZone
GEO-INFO
X-NCache
X-IP
X-Detected-As
X-Unique-Id
L5d-Success-Class
X-CS
Time
Cache-Name
X-Drupal-Cache-Tags
Cache-Key
Webserver
Viewport
Uber-Trace-Id
X-UA-Device-Type
X-Mode
X-Backend-TTL
X-UnsetCookies
X-CDN-Forward
X-Forwarded-Host
Rt-Fastcgi-Cache
X-Cache-Remote
X-Whom
Accept-Language
X-Daa-Tunnel
X-Origin-TTL
X-Origin-CC
X-Info
Country
Mime-Version
X-From
X-NGENIX-Cache
Content-Disposition
X-Varnish-Cache-Hits
Odigeo-Trace-Id
X-Cluster-Name
X-ApacheServer
X-PERF
X-Ruxit-Js-Agent
X-B3-Spanid
X-CLOUD-TRACE-CONTEXT
X-Drupal-Cache-Contexts
VIX-Pulpo-Node
X-Magnolia-Registration
ServedBy
VIX-Pulpo-Upstream-Status
X-Microcachable
X-Newrelic-Synthetics
X-TT-TIMESTAMP
X-Geo
X-Routing-Service
X-Device-Type
X-Ttl
X-Proxied
Section-Io-Cache
X-EC-Lua
X-Zipkin-Id
X-Via-Fastly
Proxy-Connection
Cf-Ipcountry
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Ohc-File-Size
X-Uri
Ohc-Cache-HIT
X-Edge-Location
HitType
X-UPSTREAM-Address
Geo-Info
X-Connection-Hash
Apple-News-Services-Handled
X-Destination
Machine
X-Date
Xc-Version
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-Vdms-Version
Apple-News-Services-Host
Rendered-Blocks
X-CF-Lambda-Fn
X-GeoIP-Country-Code
Meta-Geo-Continent
AsisCache
X-External-Request-Id
Mobile-Detection-Method
BehaviorPad-Version
X-Geo-Header
X-VG-TLSProxy
X-CF-Lambda-Version
Apple-News-Services-Parsed-Url
X-DPWN-IS-SECURE
Content-Script-Type
MD5-Digest
X-VG-WebCache
X-G
Apple-News-Services-Request-Url
Content-Style-Type
X-B-Cookie
X-Rocket-Build-Number
X-Rewrite-Enabled
X-S
X-S-Cookie
X-A
X-ScT
X-Request-UUID
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
VivaBuild
W
X-Region-Sid
X-No-Session
X-Session-Fingerprint
X-Sigma
X-Accel-Expires-Debug
X-A-Wwc
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Aed
X-Nc
X-A-Dgt
X-SRCache-Key
X-Sigma-Backend
X-A-Ccd
X-A-Dam
X-A-Dcw
Viewtype
X-Rojux
X-D
X-VG-WebServer
X-ARC
T-Server
X-Application
Access-Control-Request-Headers
User-Cache-Control
X-C
X-Distil-CS
X-Wikidot-Static-Cache
X-Thanos
CDCHOST
HA-Ipaddr
X-TrackingId
X-Bip
X-SIPLIST1
X-Varnish-Authentication
Server-Surrogate-Control
IsBot
Countrycode
X-Cache-Debug
X-Developers
X-Cache-ASPX
Fastly-SWR
Ha-Gx-Prefs
X-CUA
X-Tumblr-Pixel-3
Fastly-Soc-X-Request-Id
Fastly-SIE
X-Contensis-Viewer-Groups
Environment
X-Eu-Site
Server-Cache-Control
Locid
Gh-Request-Id
X-Agile
X-Varnish-Beresp-Ttl
X-Auto-Login
X-Varnish-Beresp-Status
X-App-Name
X-Wikidot-Backend
X-CGP
X-Hit
X-WebServer
X-VC-Cache
Powered-By
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Varnish-Beresp-Grace
X-Logging-Id
X-Agile-Age
X-Agile-Id
X-Clientip
X-Cache-Backend
Fastly-SSL
X-GoCache-CacheStatus
X-Cms-Context
X-Cache-Time
X-Backend-State
X-VServer
X-BBXSRF
X-Cdn-Srv
X-Cache-Info
X-Azure-Ref
X-Cache-Bucket
X-Cache-URL
X-Clara-WADP
X-AK-Request-ID
X-Cache-Tags
X-Block-Status
X-Core-Mission
X-JWT-State
X-Variation
X-Owner
X-PHP-Host
X-Platform-Server
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-OVcl-Cache
X-OVcl
X-NodeID
X-Nginx-Cache-Key
X-NU-AKA-ACS-Version
X-NX-Host
X-Origin-Expires
X-Origin-Date
X-RateLimit-Remaining-Second
X-Real-IP
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Swa-Ws
X-TH-Server
X-TT-LOGID
X-Trace-Id
X-Urbn-Context-Path
X-Servername
X-User
X-Render-Time
X-Request-URI
X-Urbn-Site-Id
X-Server-W
X-Ms-Version
X-Ms-Request-Id
X-FW-Version
X-Fetched-On
X-Gamma-Serve
X-Gen-Mode
X-Generation-Time
X-Generated-In
X-Fastly-Cache
X-Epic-Correlation-Id
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cookies
X-Debug-Log
X-Distributor
X-Dispatcher-Server
X-GeoIP-City
X-Has-Esi
X-Li-Fabric
X-Labrador-Cache-Channel
X-Li-Pop
X-LI-Proto
X-Micro-Cache
X-LI-UUID
X-Is-Gdpr
X-Irp-Debug
X-Hnp-Log
X-Hash
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Debug-Cache-Expiry
Heartbleed
Memcached
Mail-Subject
Locale
X-Webstats-RespID
Request-Country
RNT-Time
RNT-Machine
Request-EU
Kp-EeAlive
Is-Eu
Cache-Host
AKAMAI
Adler-Geo
Cdncip
Cdnsip
IBM-Web2-Location
X-Up
Country-Code
X-We-Are-Hiring
Platform
V-Age
True-Client-Country-4JS
X-WADP-Cache
Web-Mar-Node
We-Hiring
Server-ID
Server-Int
FNAC-ModuleRouting
Wxu-Next-Region
X-Thinkindot-L3
Fastly-Backend-Name
X-Air-Hostname
ServerName
X-Trafficlayer-App-Version
X-Generated-On
Thinkindot-Control
Wxu-Next-Hostname
Wxu-Next-Commit
X-Internal-Host
X-Core-Value
PFcat
X-Service
X-Reboot
X-Req
Server-Host
X-ServiceProvider
X-Old-Content-Length
X-Level-Front-Cache
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Matched-Rule
X-Nginx-Cache
X-Var-Ttl
X-Sucuri-Cache
X-S-Maxage
Group
X-SERVER
X-Cache-Expired-At
X-Key
Cache-Hits
X-App-Version
X-Lb-Id
RequestId
X-Location
X-TA-CDN-Provider
X-Refresh
X-Response-By
S-Cnection
Pragrma
X-Parent-Response-Time
Powered-By-ChinaCache
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-TOKEN
X-CF-Powered-By
Filterid
X-NC
X-Tec-Api-Root
X-Tec-Api-Origin
Memory
ProcessTime
X-Tec-Api-Version
X-B3-Parentspanid
X-Wa
Origin
X-Ua
X-Cdn-Forward
X-Sucuri-ID
X-Pjax-Url
X-BACKEND-TTL
User-Agent
X-Varnish-Cacheable
X-Pf-Uncompressing
X-B3-SpanId
X-CSRF-Token
X-Via-CDN
X-Server-IP
X-Correlation-ID
SRV
X-NWS-UUID-VERIFY
PICS-Label
Geoip-Latitude
TTL
X-Developer
Geoip-City
X-Node-Id
X-NGINX-Cache
X-Sn-Servicetimems
X-Vcl-Version
X-Cdn-Origin
X-Ocache
X-Device-Os
GeoIp-Country-Code
X-FORWARDED-FOR
X-LAGOON
X-COUNTRY
X-Cache-Grace
X-Unique-ID
X-Cdn-Request-ID
On-Server
Media-Length
X-Oss-Request-Id
X-Cache-Status-Check
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Servedbyhost
Hostname
X-Webkit-CSP
X-Request-Host
X-MSEdge-Flight
A
X-MSEdge-Features
X-Litespeed-Cache
X-Via-Ucdn
M-TraceId
X-Varnish-Ttl
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
X-TIME
XServer
X-Sucuri-Id
SN
Cloudfront-Viewer-Country
Tcn
X-HS-Status
Esi-Enabled
X-Reqid
X-AIR-PT
X-Ratelimit-Remaining
X-ServedByHost
X-Beluga-Trace
Host-ID
X-Beluga-Status
X-Planisys-CDN-TTL
X-Varnish-URL
Cdn
Resin-Trace
Who
X-Fastly-Country-Code
X-Beluga-Response-Time
X-Planisys-CDN-Cache
X-Cache-Ttl
X-Beluga-Cache-Status
X-Planisys-CDN-Rules
X-Policy
X-Beluga-Record
X-Beluga-Node
HostName
X-VHOST
X-Azure-Ref-OriginShield
X-Request-Start
CF-Cached-On
Rt-Proxy-Cache
X-VCL-Version
MIME-Version
X-Slack-Backend
GeoIP-Country-Code
X-DC
Pics-Label
Ttl
X-Fastly-Backend-Reqs
X-Action
GeoIP-Latitude
CACHE
X-Oracle-Dms-Rid
X-Ftr-Cache-Host
X-LiteSpeed-Cache-Control
X-Dispatch
X-Processor
X-PAYTM-SRV-ID
Arc-Country
Pramga
X-RPS
X-DSS
X-DI
X-DB
X-DW
X-RPM
NtCoent-Length
X-Varnish-Url
X-Server-Time
X-RSL
X-Cache-FS-Status
Magicmarker
X-Zone
GeoIP-City
X-Bc
X-APP
X-VarnishDD-TTL
X-Method
X-PF-Uncompressing
X-Newrelic-App-Data
X-Hello
X-Flog
X-Skip-Cache
X-PJAX-URL
X-ND-Cache
X-FPC
X-ABtesting
X-Ratelimit-Limit
Cteonnt-Length
X-HostName
X-SERVER-NAME
Cdn-Request-Time
Amp-Access-Control-Allow-Source-Origin
Cdn-Host
X-Served-From
X-Edge-Server
WebServer
Fastly-Drupal-HTML
X-SRV
X-DevSite-Last-Modified
X-Dynatrace
N-Cache
X-Svr
X-Be
X-BE
X-Bc-Bl
Ohc-Response-Time
Processtime
Servername
Load-Balancing
X-Dynatrace-Js-Agent
X-Swift-Error
Cache-Provider
X-Backend-Host
X-WA
Section-Origin-Responded
X-Amzn-Remapped-Connection
CDN
X-Aicache-OS
Section-Io-Origin-Status
X-ID
Section-Io-Id
X-LB-ID
Vix-Hermes-Req-Id
X-Amzn-Remapped-Date
Section-Io-Origin-Time-Seconds
X-WR-MODIFICATION
X-Frame-Option
X-StackifyID
Requestid
X-ZONE
X-Branch-Name
X-Snapshot-Date
X-BC
Lfy
X-Fastly-Cache-Hits
Pagetype
Dynatrace
CF-IPCountry
DSUID
X-MServer
X-VCT
X-CACHE-AGE
Release
Cache-Cookie-Set-Lfrom
X-Hp-Ccpa-Warning
X-Apw-Access-Action
X-Apw-Access-Object
FSS-Cache
Proxy-Firewall
FSS-Proxy
X-Apw-Access-Token
X-Fmm-Version
X-SB
X-Configured-By
X-Apw-Hits
X-Request-Url
D-Cc-Upstream
Cache-Cookie-Set-From
X-Cc-Via
V-Cache
X-Cc-Req-Id
Warning
Cache-Cookie-Set-Idcheck
X-VC
WZWS-RAY
X-Tid
X-Litespeed-Cache-Control
X-Adobe-Source
CloudFront-Viewer-Country
Trailer
Cneonction
X-WPE-Loopback-Upstream-Addr
X-ElasticPress-Search
Backend-Name
Correlation-Id
SD-X-WS
X-Edge-IP
X-Upstream-Ht
X-SD-PageType
X-App
X-Worker
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-Request-URL
X-Powered-Y
WP-Super-Cache
X-Upstream-Ct
X-Fastly-Cache-Status