Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
X-Cacheable
X-DNS-Prefetch-Control
X-Template
CF-Ray
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
Server-Timing
X-Varnish-Cache
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Backend-Server
X-Cloud-Trace-Context
X-Readtime
X-Vhost
X-Dispatcher
Request-Id
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
X-DataDome
P3p
X-Dns-Prefetch-Control
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
Rating
X-Akam-SW-Version
Pinterest-Generated-By
Allow
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
Verso
X-ESI
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Vcache
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Kinja
X-Use-Magma
X-Exp-Id
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-ID
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Px
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-Middleton-Response
Response
X-Middleton-Display
Display
Pagespeed
X-Sol
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Navigation-Version
X-MSEdge-Ref
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Pinterest-Rid
Pinterest-Version
X-Fastcgi-Cache
X-SharePointHealthScore
X-VARITI-CCR
X-Cdn
X-Powered-CMS
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Edge-O15-RID
Nginx-Cache
MS-Author-Via
Realpath
Cache-Tag
X-Client-IP
X-Trace
X-Ser
Access-Control-Request-Method
X-Content-Type
X-B3-TraceId-Primal
Mrf-Cache-Status
X-Shard
X-Mrf-Item-Lastmod
MRF-Tech
X-Mrf-Section-Lastmod
X-DynaTrace-JS-Agent
SPIisLatency
X-Amzn-Trace-Id
SPRequestDuration
X-Ezoic-Cdn
X-Grace
X-Hp-Webp
X-Jurisdiction
X-Id
X-Upstream
S
X-Forwarded-For
Front-End-Https
Nel
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-T
X-Cache-TTL
Fastcgi-Cache
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Node-Name
X-Element-Page-Cache
X-Varnish-Age
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-Mobile-URL
X-Content-Digest
X-FTR-Expires
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
TP-L2-Cache
X-HS-Hub-Id
X-Frontend
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
TP-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-CST
Powered
X-Logged-In
Alternate-Protocol
Server-Name
X-Correlation-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
Fastly-Restarts
X-Cache-Hit
X-FTR-Cache-Host
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-Request-Processing-Time
X-Request-Received
X-Page-Id
AMP-Access-Control-Allow-Source-Origin
X-XRDS-LOCATION
X-User-Agent
X-Content-Options
X-Zen-Fury
X-F-Cache
X-Content-Security-Policy-Report-Only
Refresh
X-Origin-Server
X-Rid
X-Varnish-Grace
X-XRDS-Location
X-Akamai-Edgescape
X-Revision
X-Content-Powered-By
X-Type
X-LB-Cache
X-B
PB-PID
PB-RID
X-B3-Sampled
X-Mobile-Rewrite
Arc-Version
X-URL
X-Geo-Country
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
X-Kinsta-Cache
X-N
X-Cache-Action
X-Cache-Age
X-TT
X-AOL-HN
X-Framework
X-Jobs
X-Debug-Info
X-B-Cache
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Signature
X-FB-Debug
X-Load-Cache
X-Instance
X-Request-Guid
Actual-Object-TTL
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Git-Hash
X-Tumblr-Pixel
X-Time
X-Cached-By
X-Tumblr-User
X-App-Environment
X-PHP-Backend
X-Pad
Fastcgi-Useragent
X-NWS-LOG-UUID
X-Tt-Trace-Tag
DC
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Webkit-Csp
X-Shield-Request-Id
X-Varnish-Backend
X-RateLimit-Remaining
Host-Header
X-WA-Info
Surrogate-Key
X-ATG-Version
MS-CV
X-Contextid
X-IPLB-Instance
Host
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile
X-FastCGI-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
X-Response-Served-From
X-Accel-Buffering
NGB
Frame-Options
Payment
X-Presslabs-Stats
X-SS-Set-Cookie
Source
Tracecode
Retry-After
X-Cache-NE
Eomportal-Instance
X-Origin-Response-Time
X-Cache-2
X-Varnish-Server
X-Region
Xserver
X-Cacheable-TTL
WPE-Backend
X-Rendered-As
X-FW-Static
X-GeoIP
Filters
X-FW-Hash
X-Hostname
X-FW-Serve
X-FW-Server
X-FW-Type
X-Cluster
X-Is-Bot
X-Cache-Key
X-Seen-By
X-IPS-LoggedIn
X-Varnish-Hostname
X-Adobe-Content
Cache-Tv-Group
X-Adobe-Loc
X-Cache-Enabled
X-Cache-Rule
X-Cache-Operation
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-RequestSource
Server-Info
Liferay-Portal
X-Srv
X-NewRelic-App-Data
X-Analytics
FilterID
X-TX-ID
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-App-Server
X-Cache-TTL-Remaining
X-Webapp-Samesite-None-Activated-N
Accept-CH
Cleartype
X-B3-Traceid
X-Environment-Context
X-L-Path
X-CACHE-KEY
X-FireWall-Port
X-Dc
X-RTag
X-Endurance-Cache-Level
X-Handled-By
X-Source
Ms-Operation-Id
X-Upgrade-Enabled
X-UA
X-HTML-Minification-Powered-By
From-Origin
X-CLOUD-TRACE-CONTEXT
X-Cache-Server
Datacenter
Accept-Charset
X-Backend-Name
Accept-CH-Lifetime
X-APP-VERSION
X-UUID
GEO-INFO
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-Cache-Var
X-Path-Route
Srv
X-Cache-Var-Map
X-Section
X-Format
X-Timing-Wait
OT-Force-Account-Verify
X-Wix-Request-Id
X-Proxy-Build
Selected-Fe
X-Access
X-Tb
Cache-Tags
X-ShopId
X-Shopify-Generated-Cart-Token
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-Request-Time
X-EIG-Tracking-Id
X-Content-Age
X-Akamai-Request-ID
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Proto
Mn-Server-Ip
X-Cache-Config
X-Akamai-Transformed
Akamai-GRN
X-BYPASS-REASON
X-FC-Vary-Parameters
X-LJ-Flow-ID
X-Status
X-JoinUs
X-OCL
X-NYM-Debug-Backend
X-ServerID
X-SaId
X-Origin
X-Qloud-Router
X-VWS-Id
X-Hl-Ver
X-Soup
X-AWS-Id
X-Akamai-Request-ID2
NGX
X-PCL
X-ProxyCache-Key
X-Vgn-Hpd-Reason
X-ProxyCache-Status
X-Proxy-Cache-Status
Ec-Rule-Version
Node
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Say-Cacheable
X-CCM
X-Cluster-Node
Now
X-Locale
X-Proxy
X-MP-GENERATED-AT
X-Loop
X-Detected-As
X-BCube-Filmed-By
Cross-Origin-Window-Policy
X-Hyper-Cache
Healthy
X-Hosted-By
Decoy-Debug-TTL
Decoy-Debug-Status
X-FW-Dynamic
DB-Nickname
Decoy-Debug-Key
X-FB-TRIP-ID
X-Pubstack
Origin-Edge-Control
Origin-Cache-Control
X-Www-Served-By
X-Debug-Cache
X-SayCDN-TTL
X-Say-TTL
X-Human
Version
X-Viewer-Country
X-Web-Node
X-Storage
X-Time-Microsecs
X-TNCMS
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
S-Rt
Webcakes-Region
Property-Id
TWC-Locale-Group
TWC-Privacy
Azure-SiteName
X-Origin-Hint
X-Xfnlog-Site
X-Site-Version
X-R9-Blue-Green-Version
X-Redis-Cache
X-RCS-CacheZone
Azure-InstanceId
Azure-RegionName
X-Generated-By
X-IP
X-Generated
Azure-Version
Webcakes-App-Name
Azure-SlotName
X-Varnish-Hits
X-NCache
X-RateLimit-Limit
X-Cache-Control
X-PressLabs-Stats
Cache
X-Cache-Host
X-Unique-Id
X-Whom
Cache-Key
X-Daa-Tunnel
X-Rule
X-Esi
X-Drupal-Cache-Tags
L5d-Success-Class
X-UA-Device-Type
X-NGENIX-Cache
X-Mode
Webserver
X-Forwarded-Host
X-VHOST
Cache-Name
Time
X-Backend-TTL
X-CS
Viewport
X-UnsetCookies
Section-Io-Cache
X-Info
Mime-Version
Content-Disposition
Rt-Fastcgi-Cache
Accept-Language
Uber-Trace-Id
X-Origin-TTL
X-B3-Spanid
X-CDN-Forward
X-Origin-CC
X-ApacheServer
X-PERF
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
Country
ServedBy
X-VCache
X-Cache-Remote
Odigeo-Trace-Id
X-EC-Lua
X-Routing-Service
X-Device-Type
X-Proxied
X-Magnolia-Registration
X-From
X-Zipkin-Id
X-Via-Fastly
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Ttl
Filterid
X-Uri
Proxy-Connection
X-Microcachable
X-TT-TIMESTAMP
HitType
X-Nc
X-Real-IP
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Geo
Access-Control-Request-Headers
Cf-Ipcountry
Ohc-File-Size
AsisCache
BehaviorPad-Version
Mobile-Detection-Method
VivaBuild
T-Server
Apple-News-Services-Parsed-Url
Rendered-Blocks
Apple-News-Services-Host
Apple-News-Services-Handled
Content-Script-Type
Viewtype
W
MD5-Digest
Machine
X-Aed
X-A-Dgt
GEO-REGION-INFO
X-Accel-Expires-Debug
Fastcgi-X-Cache-Version
X-A-Wwc
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Content-Style-Type
X-A
X-A-Ccd
X-A-Dam
X-Varnish-Beresp-Grace
X-A-Dcw
Meta-Geo-Continent
X-External-Request-Id
X-S-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-Sigma
X-Rojux
X-Rocket-Build-Number
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-G
X-Rewrite-Enabled
X-D
X-Destination
X-Connection-Hash
X-CF-Lambda-Version
X-CF-Lambda-Fn
Apple-News-Services-Request-Url
X-DPWN-IS-SECURE
X-Date
X-Application
X-B-Cookie
X-ARC
X-C
Geo-Info
CDCHOST
X-Agile-Id
X-Var-Ttl
Fastly-Soc-X-Request-Id
X-Cache-Expired-At
Fastly-SWR
X-WebServer
Fastly-SIE
Countrycode
X-Bip
X-Cache-Debug
X-Backend-State
X-VC-Cache
Environment
Ha-Gx-Prefs
X-Thanos
X-Rebelmouse-Surrogate-Control
X-Distil-CS
X-App-Name
X-Rebelmouse-Cache-Control
X-Logging-Id
X-Eu-Site
X-Hit
X-Developers
Powered-By
X-Agile-Age
Locid
IsBot
X-SIPLIST1
X-CGP
X-CUA
X-Clientip
HA-Ipaddr
X-Agile
X-Labrador-Cache-Channel
X-Cache-Time
Group
X-PHP-Host
Fastly-SSL
X-GoCache-CacheStatus
X-No-Session
User-Cache-Control
X-Servername
X-Generated-In
True-Client-Country-4JS
X-Cache-Tags
V-Age
X-Fetched-On
We-Hiring
X-Cdn-Srv
X-Li-Fabric
Server-Surrogate-Control
RNT-Time
X-Contensis-Viewer-Groups
RNT-Machine
X-SVT-ORM-RULES
Request-EU
Server-Cache-Control
X-Is-Gdpr
X-Cms-Context
X-Request-URI
Server-Int
Server-ID
X-JWT-State
X-LI-Proto
X-NX-Host
X-LI-UUID
X-Origin-Date
X-Origin-Expires
X-NodeID
X-Auto-Login
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-Azure-Ref
X-OVcl
X-OVcl-Cache
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Request-Country
AKAMAI
X-Proxy-Upstream
X-Air-Hostname
X-Owner
X-Cache-ASPX
X-Platform-Server
X-Li-Pop
X-Core-Mission
X-IN-APIGATEWAY
X-Hash
X-Dispatcher-Server
X-Wikidot-Backend
X-Debug-Log
X-VServer
X-Urbn-Site-Id
X-Variation
Gh-Request-Id
X-Varnish-Authentication
Fastly-Backend-Name
X-Wikidot-Static-Cache
Cache-Host
Cache-Hits
Adler-Geo
X-Gamma-Serve
X-TrackingId
X-GeoIP-City
X-Distributor
X-Has-Esi
X-Epic-Correlation-Id
Country-Code
IBM-Web2-Location
Heartbleed
X-Tumblr-Pixel-3
X-Debug-Cookies
X-IN-APIGATEWAYSSL
Mail-Subject
X-Swa-Ws
X-TH-Server
Platform
Locale
Pragrma
X-SVT-ORM-VERSION
X-Trace-Id
Is-Eu
X-Urbn-Context-Path
Kp-EeAlive
X-Instart-Isnd
X-Up
X-TA-CDN-Provider
X-Edge-Location
X-UPSTREAM-Address
X-Matched-Rule
X-Core-Value
X-Fastly-Cache
X-Debug-Cache-Store
X-Level-Front-Cache
X-Micro-Cache
X-Cache-Info
X-Clara-WADP
X-Cache-URL
X-Debug-Cache-Expiry
X-Debug-Cache-Fetch
X-Irp-Debug
X-Server-W
X-TT-LOGID
X-WADP-Cache
X-We-Are-Hiring
Memcached
X-Trafficlayer-App-Version
X-Thinkindot-L3
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
FNAC-ModuleRouting
X-Webstats-RespID
X-NU-AKA-ACS-Version
Cdnsip
Cdncip
X-Hnp-Log
X-Gen-Mode
Web-Mar-Node
X-Block-Status
X-BBXSRF
PFcat
Wxu-Next-Hostname
Wxu-Next-Commit
X-Generated-On
Wxu-Next-Region
X-Req
X-FW-Version
X-AK-Request-ID
X-Reboot
Ohc-Cache-HIT
X-Generation-Time
X-Service
Server-Host
X-ServiceProvider
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
ServerName
Thinkindot-Control
S-Cnection
X-S-Maxage
X-Cache-Bucket
X-Response-By
X-Old-Content-Length
X-Lb-Id
X-Render-Time
X-SERVER
X-App-Version
X-Cache-Backend
X-Wa
X-Refresh
X-User
X-Nginx-Cache
RequestId
X-Key
X-Varnish-Cacheable
X-Internal-Host
Powered-By-ChinaCache
X-Sucuri-ID
X-NC
X-Tec-Api-Origin
Origin
X-Tec-Api-Root
X-Sucuri-Cache
X-Tec-Api-Version
X-Parent-Response-Time
X-Oss-Request-Id
X-Oss-Server-Time
X-CSRF-TOKEN
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Tb-Optimization-Total-Bytes-Saved
X-Pjax-Url
X-Developer
SRV
X-CSRF-Token
X-Location
User-Agent
X-CF-Powered-By
X-Node-Id
X-Device-Os
X-Cache-Status-Check
X-Cache-Grace
X-LAGOON
X-Pf-Uncompressing
X-Sn-Servicetimems
X-Cdn-Origin
X-Ua
Geoip-Latitude
X-Via-CDN
Memory
X-BACKEND-TTL
X-Ocache
ProcessTime
X-Cdn-Forward
Geoip-City
X-B3-Parentspanid
X-NGINX-Cache
X-NWS-UUID-VERIFY
On-Server
TTL
A
GeoIp-Country-Code
Hostname
PICS-Label
X-MSEdge-Flight
X-MSEdge-Features
X-Request-Host
Cloudfront-Viewer-Country
X-COUNTRY
X-Vcl-Version
X-Correlation-ID
X-Unique-ID
X-Server-IP
X-Webkit-CSP
X-Litespeed-Cache
M-TraceId
X-Varnish-Ttl
X-Servedbyhost
XServer
X-B3-SpanId
X-TIME
X-Cdn-Request-ID
X-Varnish-URL
SN
Resin-Trace
Media-Length
Cdn
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
Tcn
X-HS-Status
X-FORWARDED-FOR
X-ServedByHost
HostName
Host-ID
X-Ratelimit-Remaining
CACHE
X-Beluga-Record
Who
X-Beluga-Cache-Status
X-Action
X-Cache-Ttl
X-Slack-Backend
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Trace
X-Via-Ucdn
X-Beluga-Node
Pramga
X-PAYTM-SRV-ID
X-Dispatch
X-Processor
X-Cache-FS-Status
X-Server-Time
X-DSS
X-DI
X-DB
X-Fastly-Country-Code
Arc-Country
X-DW
X-RSL
X-RPS
X-RPM
X-AIR-PT
X-Sucuri-Id
X-Reqid
Esi-Enabled
X-ABtesting
X-Skip-Cache
X-Flog
X-ND-Cache
X-Hello
Cdn-Request-Time
X-VCL-Version
Fastly-Drupal-HTML
X-Policy
X-Varnish-Url
GeoIP-Country-Code
Cdn-Host
X-Edge-Server
Amp-Access-Control-Allow-Source-Origin
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Pics-Label
X-Served-From
CF-Cached-On
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
Section-Io-Origin-Status
MIME-Version
X-Bc-Bl
N-Cache
GeoIP-Latitude
GeoIP-City
X-VarnishDD-TTL
Ttl
X-Request-Start
X-DevSite-Last-Modified
NtCoent-Length
X-Azure-Ref-OriginShield
X-DC
X-Zone
X-FPC
X-Newrelic-App-Data
X-PF-Uncompressing
X-APP
X-Ratelimit-Limit
X-Bc
Rt-Proxy-Cache
Trailer
X-HostName
Fusion-Deployment-Id
X-Ruxit-Js-Agent
X-SRV
X-PJAX-URL
X-Adobe-Source
X-Backend-Host
X-Fastly-Backend-Reqs
WebServer
X-Swift-Error
Cteonnt-Length
Cache-Cookie-Set-From
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Magicmarker
X-BE
X-Dynatrace
Processtime
X-Method
X-Dynatrace-Js-Agent
Servername
Cache-Provider
X-WA
X-ZONE
X-BC
X-Scheme
X-ID
FSS-Cache
FSS-Proxy
X-Fmm-Version
X-Frame-Option
X-WR-MODIFICATION
X-StackifyID
X-Branch-Name
Dynatrace
Ohc-Response-Time
CDN
X-LB-ID
Requestid
X-Fpc
X-Snapshot-Date
CF-IPCountry
X-CACHE-AGE
V-Cache
L
WZWS-RAY
X-Tid
X-Svr
X-Fastly-Cache-Hits
X-Be
X-Apw-Access-Object
X-Apw-Access-Action
X-Request-Url
X-App
X-Cc-Via
X-Cc-Req-Id
X-Apw-Hits
D-Cc-Upstream
X-Apw-Access-Token
X-Aicache-OS
Warning
X-Cache-Id
X-SB
X-VC
X-SN
X-Esi-Check
X-Compress-Hint
X-Node-ID
X-Litespeed-Cache-Control
X-Gzip
X-Cache-NGX
LB
Sid
Lb
X-GEO
SID
Correlation-Id
X-Request-URL
X-Check-Cacheable
X-Powered-Y
X-Worker
X-ElasticPress-Search
X-Varnish-Beresp-TTL
Backend-Name
Lfy
X-WPE-Loopback-Upstream-Addr
Vix-Hermes-Req-Id
X-Fastly-Cache-Status
WP-Super-Cache
Cneonction