Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Server
X-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Ws-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Content-Location
Surrogate-Control
X-Cloud-Trace-Context
X-Readtime
X-Backend-Server
X-Vhost
Request-Id
X-Dispatcher
X-Dns-Prefetch-Control
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Application-Context
X-HW
X-Ruxit-JS-Agent
P3p
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Clacks-Overhead
Rating
Edge-Control
X-Akam-SW-Version
X-Country
Pinterest-Generated-By
Allow
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-Instart-Request-ID
X-FTR-Request-ID
X-DynaTrace
X-Varnish-TTL
Accept-Ch
X-Goog-Hash
X-PC
X-Vname
X-TtlSet
Verso
Content-MD5
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-B3-TraceId
X-Forwarded-Proto
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Version
X-MS-InvokeApp
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GitHub-Request-Id
X-Url
RTSS
X-Server-ID
X-Server-Name
Edge-Cache-Tag
X-Vcache
X-D2id
X-Abt-Application-Version
X-Debug
Ar-Sid
AR-Request-ID
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Amz-Server-Side-Encryption
X-Px
SPRequestGuid
X-NF-Request-ID
Charset
X-Cached
X-Middleton-Response
Display
Pagespeed
Response
X-Sol
X-Middleton-Display
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-MSEdge-Ref
X-Navigation-Version
X-Accel-Expires
X-Vcap-Request-Id
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
TCN
X-Fastcgi-Cache
X-Edge-O15-RID
X-SharePointHealthScore
X-Powered-CMS
X-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Fastly-Request-ID
Public-Key-Pins
Cache-Tag
X-Client-IP
X-Trace
Realpath
Nginx-Cache
MS-Author-Via
X-Ser
Access-Control-Request-Method
X-Shard
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-DynaTrace-JS-Agent
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
SPIisLatency
SPRequestDuration
X-Content-Type
X-Ezoic-Cdn
X-Amzn-Trace-Id
X-Hp-Webp
X-Jurisdiction
X-Id
X-Grace
X-Upstream
S
X-T
Front-End-Https
Nel
X-Amz-Meta-S3cmd-Attrs
X-Hits
Fastcgi-Cache
X-Forwarded-For
X-Recruiting
X-Aspnet-Version
DynaTrace
X-Cache-TTL
X-Varnish-Age
X-Node-Name
X-Content-Digest
ServerID
X-Element-Page-Cache
X-Mobile-URL
MicrosoftSharePointTeamServices
X-FTR-Backend
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Expires
X-Dw-Request-Base-Id
X-DIS-Request-ID
NR-ENABLED
Server-Node
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Frontend
Powered
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Logged-In
TP-Cache
TP-L2-Cache
Alternate-Protocol
X-CST
Server-Name
X-Correlation-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-XRDS-Location
X-Request-Handler-Origin-Region
X-Request-Processing-Time
X-Microsite
X-Request-Received
Backend-Timing
X-ATS-Timestamp
X-Cache-Hit
Fastly-Restarts
X-URL
X-Content-Options
X-Zen-Fury
Refresh
X-Origin-Server
X-User-Agent
X-Akamai-Edgescape
X-FTR-Cache-Host
X-F-Cache
X-Rid
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-Revision
X-Page-Id
X-Type
X-Content-Powered-By
PB-PID
X-LB-Cache
X-B
X-XRDS-LOCATION
PB-RID
X-B3-Sampled
Arc-Version
X-Mobile-Rewrite
X-Geo-Country
X-AppVersion
X-Activity-Id
X-Az
Cache-Status
X-N
X-Kinsta-Cache
X-Cache-Age
X-Cache-Action
X-TT
X-Instance
Paypal-Debug-Id
X-B-Cache
X-Signature
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Debug-Info
X-Tumblr-Pixel-0
X-Framework
X-Tumblr-Pixel
X-Tumblr-User
X-App-Environment
X-Load-Cache
X-Request-Guid
X-Cached-By
Access-Control-Allow-Method
Actual-Object-TTL
X-PHP-Backend
X-Git-Hash
X-Jobs
X-FB-Debug
Fastcgi-Useragent
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Pad
X-Time
X-Shield-Request-Id
X-Amz-Replication-Status
X-Webkit-Csp
X-Varnish-Backend
X-RateLimit-Remaining
Host-Header
X-NWS-LOG-UUID
X-IPLB-Instance
Surrogate-Key
MS-CV
X-Contextid
X-ATG-Version
X-WA-Info
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Host
X-ORACLE-APMCS-TAG
Accept-CH
X-ORACLE-APMCS-REQUEST-ID
X-Mobile
X-Via-JSL
X-SS-Set-Cookie
X-Cache-Key
X-FastCGI-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
NGB
X-Response-Served-From
X-Accel-Buffering
X-Presslabs-Stats
Payment
Tracecode
X-Analytics
X-FW-Static
X-FW-Type
X-Origin-Response-Time
X-FW-Server
WPE-Backend
FilterID
X-FW-Serve
X-FW-Hash
X-Cache-2
Frame-Options
Source
Eomportal-Instance
Filters
Cache-Tv-Group
X-Cache-NE
X-Webapp-Samesite-None-Activated-N
X-Cluster
X-Region
X-Varnish-Hostname
X-Hostname
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Varnish-Server
X-GeoIP
X-Cache-Enabled
X-Cacheable-TTL
X-Cache-Rule
X-Seen-By
X-Adobe-Content
X-Adobe-Loc
X-Cache-Operation
Retry-After
X-RequestSource
X-Rendered-As
X-Is-Bot
Xserver
X-NewRelic-App-Data
X-TX-ID
X-EdgeConnect-Cache-Status
Server-Info
Accept-CH-Lifetime
Liferay-Portal
X-ProcessESI
X-RemovedCookies
X-Srv
X-Cache-TTL-Remaining
X-B3-Traceid
X-App-Server
Cleartype
X-FireWall-Port
X-RTag
Ms-Operation-Id
X-L-Path
X-Environment-Context
X-Dc
X-Source
X-UA
X-Handled-By
X-Endurance-Cache-Level
X-Cache-Server
X-Upgrade-Enabled
X-HTML-Minification-Powered-By
From-Origin
X-CACHE-KEY
X-VCache
Datacenter
Srv
X-APP-VERSION
X-Backend-Name
Accept-Charset
X-ES-SERVER
X-Cache-Var-Map
X-Cache-Var
X-UUID
X-Esi
GEO-INFO
X-RN-RSRV
X-Path-Route
Meta-Geo
X-Section
X-Wix-Request-Id
X-Format
X-Tb
X-Access
Azure-RegionName
Azure-SiteName
X-Request-Time
Azure-InstanceId
Mn-Server-Ip
OT-Force-Account-Verify
Cache-Tags
Akamai-GRN
X-Origin
Azure-SlotName
Azure-Version
X-OCL
X-Akamai-Request-ID
X-NYM-Debug-Backend
X-PCL
Decoy-Debug-TTL
X-Content-Age
X-Yottaa-Optimizations
X-EIG-Tracking-Id
X-AWS-Id
X-Time-Microsecs
X-Yottaa-Metrics
X-Cluster-Node
X-Cache-Config
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
Decoy-Debug-Key
DB-Nickname
X-Sorting-Hat-PodId
X-Soup
X-Sorting-Hat-ShopId
X-ShardId
Decoy-Debug-Status
X-FC-Vary-Parameters
X-FW-Dynamic
X-VWS-Id
X-Viewer-Country
X-Alternate-Cache-Key
Node
X-Pubstack
NGX
X-Akamai-Request-ID2
Cache
X-Cache-Control
X-Proto
X-ShopId
Ec-Rule-Version
X-LJ-Flow-ID
TWC-GeoIP-LatLong
X-BYPASS-REASON
Webcakes-App-Name
TWC-Connection-Speed
X-Amzn-Remapped-Content-Length
Webcakes-Region
Selected-Fe
Webcakes-App-Version
TWC-Privacy
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
X-Proxy
X-Say-TTL
X-Www-Served-By
X-Say-Cacheable
Now
Origin-Edge-Control
X-Redis-Cache
X-Web-Node
X-SayCDN-TTL
Origin-Cache-Control
X-PressLabs-Stats
X-Status
X-Storage
X-Timing-Wait
Property-Id
X-Qloud-Router
X-Human
X-Hyper-Cache
X-Hosted-By
X-Generated-By
X-Debug-Cache
X-FB-TRIP-ID
X-NCache
X-MP-GENERATED-AT
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy-Cache-Status
X-Proxy-Build
X-Origin-Hint
X-CCM
X-Site-Version
X-Varnish-Hits
X-Xfnlog-Site
S-Rt
X-Locale
X-TNCMS
X-RCS-CacheZone
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loop
X-R9-Blue-Green-Version
X-BCube-Filmed-By
Healthy
X-Akamai-Transformed
X-SaId
X-Vgn-Hpd-Reason
X-JoinUs
X-Hl-Ver
Version
X-ServerID
X-RateLimit-Limit
Cross-Origin-Window-Policy
X-IP
X-Detected-As
X-Generated
X-Unique-Id
X-Cache-Host
X-Rule
Cache-Key
X-Drupal-Cache-Tags
X-Daa-Tunnel
X-NGENIX-Cache
X-UA-Device-Type
L5d-Success-Class
Cache-Name
X-Whom
Webserver
X-CS
Time
X-VHOST
X-Forwarded-Host
Uber-Trace-Id
X-UnsetCookies
X-Backend-TTL
X-Mode
Viewport
X-Info
X-CDN-Forward
X-B3-Spanid
X-Origin-CC
Content-Disposition
X-Origin-TTL
X-Varnish-Cache-Hits
Accept-Language
Mime-Version
Section-Io-Cache
Country
Rt-Fastcgi-Cache
X-PERF
X-ApacheServer
X-Newrelic-Synthetics
Odigeo-Trace-Id
ServedBy
X-From
X-Cache-Remote
X-CLOUD-TRACE-CONTEXT
X-Proxied
X-Cluster-Name
X-Routing-Service
X-Zipkin-Id
X-Drupal-Cache-Contexts
X-Via-Fastly
X-Device-Type
X-Magnolia-Registration
X-EC-Lua
Proxy-Connection
X-Ttl
X-Microcachable
X-Geo
X-TT-TIMESTAMP
VIX-Pulpo-Node
X-Uri
VIX-Pulpo-Upstream-Status
Cf-Ipcountry
X-Nc
Access-Control-Request-Headers
Ohc-File-Size
HitType
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Meta-Geo-Continent
MD5-Digest
Machine
Mobile-Detection-Method
BehaviorPad-Version
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
AsisCache
Apple-News-Services-Handled
Content-Script-Type
Apple-News-Services-Host
Content-Style-Type
X-DPWN-IS-SECURE
X-S
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rojux
X-Rewrite-Enabled
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-SRCache-Key
X-Transaction
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-Geo-Header
X-G
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A
W
T-Server
Viewtype
VivaBuild
X-A-Wwc
X-Aed
X-D
X-Destination
X-External-Request-Id
X-Connection-Hash
X-CF-Lambda-Fn
X-Application
X-ARC
X-B-Cookie
Rendered-Blocks
X-CF-Lambda-Version
X-Varnish-Beresp-Grace
X-Litespeed-Cache
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-C
X-Real-IP
Fastly-SIE
X-Cache-Time
X-Cache-ASPX
Server-Surrogate-Control
Server-Cache-Control
X-Tumblr-Pixel-3
X-SIPLIST1
X-Sigma
Geo-Info
X-Agile-Age
X-Agile
Fastly-Soc-X-Request-Id
X-Accel-Expires-Debug
X-Agile-Id
Fastly-SWR
X-App-Name
X-Sigma-Backend
CDCHOST
X-Logging-Id
IsBot
Powered-By
X-CUA
X-Contensis-Viewer-Groups
X-No-Session
X-Developers
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Rocket-Build-Number
X-Date
X-Varnish-Authentication
Locid
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-VC-Cache
User-Cache-Control
Filterid
X-Edge-Location
X-PHP-Host
X-UPSTREAM-Address
X-GoCache-CacheStatus
X-Labrador-Cache-Channel
Fastly-SSL
Request-Country
Platform
X-RateLimit-Limit-Second
X-NodeID
Server-Int
RNT-Time
RNT-Machine
X-OVcl
Request-EU
True-Client-Country-4JS
X-Ms-Version
We-Hiring
X-Nginx-Cache-Key
X-Ms-Request-Id
X-BBXSRF
X-Cms-Context
X-Hit
X-Clientip
X-Clara-WADP
X-Instart-Isnd
X-CGP
X-Dispatcher-Server
X-Distil-CS
X-FW-Version
X-Generation-Time
X-Fastly-Cache
X-Has-Esi
X-Eu-Site
X-Cdn-Srv
X-Cache-URL
X-Li-Pop
X-Auto-Login
X-AK-Request-ID
X-LI-Proto
X-LI-UUID
X-Li-Fabric
X-RateLimit-Remaining-Second
X-Cache-Debug
X-Cache-Info
X-Bip
X-Is-Gdpr
X-JWT-State
X-Micro-Cache
X-OVcl-Cache
X-Servername
X-Webstats-RespID
X-WADP-Cache
X-Up
Gh-Request-Id
Ha-Gx-Prefs
X-TrackingId
Memcached
X-Trace-Id
X-Thanos
Cache-Host
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Cdnsip
Cdncip
X-We-Are-Hiring
Countrycode
X-WebServer
Environment
X-Swa-Ws
Ohc-Cache-HIT
HA-Ipaddr
X-Request-URI
Locale
X-Server-W
Mail-Subject
X-Urbn-Site-Id
Group
X-TT-LOGID
X-Urbn-Context-Path
X-Var-Ttl
Kp-EeAlive
Is-Eu
Heartbleed
X-Backend-State
Adler-Geo
IBM-Web2-Location
X-VServer
AKAMAI
X-Variation
X-IN-APIGATEWAY
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Core-Value
X-Core-Mission
X-Debug-Cookies
X-Fetched-On
X-Cache-Expired-At
Pragrma
X-GeoIP-City
X-Gamma-Serve
X-Generated-On
X-Generated-In
X-Gen-Mode
X-Epic-Correlation-Id
X-Hash
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Debug-Log
ServerName
X-Distributor
Fastly-Backend-Name
Cache-Hits
X-Hnp-Log
X-Azure-Ref
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-NX-Host
V-Age
Web-Mar-Node
X-TA-CDN-Provider
X-NU-AKA-ACS-Version
X-Origin-Date
Server-ID
X-Render-Time
X-Reboot
X-Proxy-Upstream
X-Platform-Server
X-Owner
Server-Host
X-Origin-Expires
X-Req
X-Cache-Tags
Wxu-Next-Commit
X-Level-Front-Cache
X-Thinkindot-L3
Wxu-Next-Hostname
X-Trafficlayer-App-Name
X-Block-Status
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Cache-Bucket
X-TH-Server
X-Service
Wxu-Next-Region
X-ServiceProvider
FNAC-ModuleRouting
Country-Code
X-Matched-Rule
X-Air-Hostname
X-Cache-Backend
X-Nginx-Cache
X-User
X-Old-Content-Length
S-Cnection
X-SERVER
PFcat
X-App-Version
X-COUNTRY
X-Refresh
X-Lb-Id
X-Response-By
X-Internal-Host
X-S-Maxage
X-Ruxit-Js-Agent
X-CSRF-TOKEN
X-Wa
RequestId
Powered-By-ChinaCache
X-Sucuri-Cache
X-Key
X-Sucuri-ID
X-NC
X-Parent-Response-Time
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Location
X-Varnish-Cacheable
X-Tb-Optimization-Total-Bytes-Saved
Origin
X-Pjax-Url
X-Pf-Uncompressing
X-Developer
ProcessTime
X-Ua
X-Cdn-Forward
X-BACKEND-TTL
X-CF-Powered-By
X-CSRF-Token
X-NWS-UUID-VERIFY
X-B3-Parentspanid
X-LAGOON
User-Agent
X-Sn-Servicetimems
X-Device-Os
X-Node-Id
X-Ocache
X-Cache-Grace
X-Cdn-Origin
X-Oss-Hash-Crc64ecma
Memory
Geoip-City
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
X-Via-CDN
X-Oss-Object-Type
Geoip-Latitude
SRV
X-Cache-Status-Check
TTL
On-Server
GeoIp-Country-Code
PICS-Label
Hostname
X-Correlation-ID
X-MSEdge-Flight
A
X-NGINX-Cache
X-Vcl-Version
X-Server-IP
X-MSEdge-Features
X-Unique-ID
XServer
Cloudfront-Viewer-Country
X-TIME
X-FORWARDED-FOR
X-B3-SpanId
X-Request-Host
X-Servedbyhost
X-Webkit-CSP
Media-Length
M-TraceId
X-Varnish-Ttl
X-Cdn-Request-ID
X-Varnish-URL
Dnion-Transfer-Encoding
Tcn
X-Rocket-Nginx-Bypass
X-Oneagent-Js-Injection
X-Via-Ucdn
Cdn
Host-ID
SN
X-HS-Status
Resin-Trace
X-Ratelimit-Remaining
X-Beluga-Response-Time
X-Beluga-Record
X-Beluga-Node
Who
X-Cache-Ttl
X-Beluga-Cache-Status
X-ServedByHost
X-Beluga-Status
X-Beluga-Trace
CACHE
HostName
X-Sucuri-Id
X-Fastly-Country-Code
Esi-Enabled
X-AIR-PT
X-Reqid
X-PAYTM-SRV-ID
X-RSL
X-Server-Time
X-DI
X-VCL-Version
X-Processor
Arc-Country
X-Planisys-CDN-Rules
X-Slack-Backend
X-Policy
X-Planisys-CDN-Cache
X-Action
X-Planisys-CDN-TTL
X-DSS
Pramga
X-DW
X-Dispatch
X-Cache-FS-Status
MIME-Version
X-RPS
X-DB
X-RPM
CF-Cached-On
X-Skip-Cache
X-Azure-Ref-OriginShield
Ttl
X-ND-Cache
GeoIP-Country-Code
Pics-Label
X-Request-Start
Trailer
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
X-ABtesting
NtCoent-Length
GeoIP-Latitude
X-SRV
X-Flog
X-Hello
Cdn-Host
X-Varnish-Url
X-Edge-Server
Rt-Proxy-Cache
GeoIP-City
X-Served-From
Cdn-Request-Time
X-DC
X-FPC
X-Fastly-Backend-Reqs
X-PJAX-URL
Fastly-Drupal-HTML
X-DevSite-Last-Modified
N-Cache
Section-Io-Id
X-Bc-Bl
X-Ratelimit-Limit
X-VarnishDD-TTL
X-PF-Uncompressing
X-APP
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Newrelic-App-Data
X-Swift-Error
X-HostName
X-Backend-Host
Magicmarker
WebServer
X-Zone
X-Method
X-Bc
Amp-Access-Control-Allow-Source-Origin
Processtime
X-BE
X-Amzn-Remapped-Connection
X-Dynatrace
X-Amzn-Remapped-Date
Fusion-Deployment-Id
X-ZONE
X-BC
Cteonnt-Length
X-Adobe-Source
Servername
X-Dynatrace-Js-Agent
X-Fmm-Version
FSS-Proxy
X-ID
FSS-Cache
Cache-Cookie-Set-From
Cache-Provider
Cache-Cookie-Set-Idcheck
X-WA
Cache-Cookie-Set-Lfrom
CDN
X-WR-MODIFICATION
X-Frame-Option
X-Scheme
X-Branch-Name
X-StackifyID
CF-IPCountry
X-Snapshot-Date
Dynatrace
Requestid
Ohc-Response-Time
X-Be
X-LB-ID
X-Svr
X-Ftr-Cache-Host
X-CACHE-AGE
X-Cc-Req-Id
Vix-Hermes-Req-Id
X-Apw-Access-Action
WZWS-RAY
X-Fpc
Lfy
X-Tid
X-App
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Aicache-OS
D-Cc-Upstream
X-Fastly-Cache-Hits
Warning
X-SB
X-VC
V-Cache
X-Cc-Via
X-Request-Url
X-Node-ID
X-Litespeed-Cache-Control
Load-Balancing
Cneonction
Pagetype
Proxy-Firewall
X-Compress-Hint
X-Esi-Check
X-Cache-Id
Correlation-Id
X-Powered-Y
X-ElasticPress-Search
X-Fastly-Cache-Status
WP-Super-Cache
X-Varnish-Beresp-TTL
X-Request-URL
X-WPE-Loopback-Upstream-Addr
X-Check-Cacheable
X-Worker
Backend-Name