Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-DNS-Prefetch-Control
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
X-Pass-Why
Xkey
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Ua-Compatible
X-Server
X-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Ws-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-Rq
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Host
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Ac
X-Node
Content-Location
Surrogate-Control
X-Vhost
X-Cloud-Trace-Context
X-Readtime
X-Backend-Server
Request-Id
X-Dns-Prefetch-Control
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Content-Source
Fusion-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Template-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-DataDome
NEL
X-Mod-Pagespeed
X-Rack-Cache
Rating
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
X-Country
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-TTL
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
X-DynaTrace
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-PC
X-TtlSet
X-Vname
Accept-Ch
Verso
Content-MD5
X-ESI
X-Powered-By-Plesk
Service-Worker-Allowed
Accept-Ch-Lifetime
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja-Build
X-Url
X-GitHub-Request-Id
RTSS
Edge-Cache-Tag
X-D2id
X-Abt-Application-Version
X-Debug
X-Server-Name
X-Px
AR-Request-ID
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-Vcache
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
Response
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Accel-Expires
Display
X-Vcap-Request-Id
X-MSEdge-Ref
X-Amz-Rid
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
X-Powered-CMS
X-SharePointHealthScore
TCN
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-Cdn
X-VARITI-CCR
Public-Key-Pins
Realpath
Cache-Tag
X-Client-IP
X-Fastly-Request-ID
MS-Author-Via
X-Ser
Access-Control-Request-Method
Nginx-Cache
X-Server-ID
X-DynaTrace-JS-Agent
X-Shard
S
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
SPRequestDuration
MRF-Tech
SPIisLatency
X-Upstream
X-Id
X-Edge-O15-RID
X-Content-Type
X-Ezoic-Cdn
X-Hp-Webp
X-Grace
X-Amzn-Trace-Id
X-T
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
X-Recruiting
X-Hits
X-Forwarded-For
Fastcgi-Cache
DynaTrace
X-Jurisdiction
X-Aspnet-Version
X-Varnish-Age
X-Cache-TTL
ServerID
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Content-Digest
X-Mobile-URL
X-Node-Name
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-Dw-Request-Base-Id
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-DIS-Request-ID
X-FTR-Expires
NR-ENABLED
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
Powered
X-Goog-Generation
X-GUploader-UploadID
X-Frontend
Server-Node
TP-Cache
TP-L2-Cache
Alternate-Protocol
Server-Name
X-Logged-In
X-Correlation-Id
X-CST
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Request-Received
X-Request-Processing-Time
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Cache-Hit
X-URL
X-Content-Options
Refresh
X-User-Agent
X-Origin-Server
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Rid
X-Revision
X-Akamai-Edgescape
X-Page-Id
X-Zen-Fury
Fastly-Restarts
X-Varnish-Grace
X-Type
X-Content-Powered-By
X-LB-Cache
X-XRDS-LOCATION
X-FTR-Cache-Host
X-B
X-B3-Sampled
X-Geo-Country
PB-PID
PB-RID
X-AppVersion
X-Az
X-Activity-Id
X-Mobile-Rewrite
Arc-Version
Cache-Status
X-Kinsta-Cache
X-N
X-Cache-Age
X-Shield-Request-Id
X-Pad
X-TT
X-AOL-HN
X-Cache-Action
X-WebKit-CSP-Report-Only
X-Instance
X-Signature
X-B-Cache
X-Tumblr-User
X-Debug-Info
X-Jobs
Paypal-Debug-Id
Actual-Object-TTL
X-Framework
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-FB-Debug
X-Load-Cache
X-App-Environment
X-PHP-Backend
X-Request-Guid
DC
X-Cached-By
X-Git-Hash
Fastcgi-Useragent
X-Time
X-Tt-Trace-Host
X-RateLimit-Remaining
X-Tt-Trace-Tag
X-Webkit-Csp
X-Varnish-Backend
X-Amz-Replication-Status
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Webapp-Samesite-None-Activated-N
X-Erf-Bev-Bev
Host-Header
X-IPLB-Instance
X-Contextid
X-Analytics
MS-CV
FilterID
X-ATG-Version
Accept-CH
X-WA-Info
X-SS-Set-Cookie
X-FastCGI-Cache
Host
X-Cache-Key
X-VCache
X-NWS-LOG-UUID
X-Mobile
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Cluster
X-Accel-Buffering
X-Response-Served-From
Tracecode
NGB
Payment
X-Host-Name
X-Presslabs-Stats
X-Via-JSL
WPE-Backend
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-NE
Eomportal-Instance
X-Cache-2
Source
X-Region
X-FW-Hash
X-FW-Static
X-FW-Type
X-FW-Server
X-Varnish-Server
X-FW-Serve
X-GeoIP
X-Varnish-Hostname
X-IPS-LoggedIn
Frame-Options
X-Tumblr-Pixel-2
X-Origin-Response-Time
X-Tumblr-Pixel-1
Filters
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
X-Cache-Enabled
X-Cacheable-TTL
X-Rendered-As
X-Seen-By
X-Cache-Operation
X-Is-Bot
X-Cache-Rule
X-RequestSource
X-Hostname
X-TX-ID
Xserver
X-EdgeConnect-Cache-Status
Retry-After
X-NewRelic-App-Data
Accept-CH-Lifetime
X-Srv
Server-Info
X-Cache-TTL-Remaining
Cleartype
X-RemovedCookies
X-ProcessESI
Liferay-Portal
X-B3-Traceid
X-UA
X-Dc
X-App-Server
Ms-Operation-Id
X-RTag
X-Source
X-L-Path
X-Environment-Context
X-FireWall-Port
Datacenter
X-HTML-Minification-Powered-By
X-Cache-Server
X-Endurance-Cache-Level
Cache
X-Handled-By
X-Upgrade-Enabled
From-Origin
X-CACHE-KEY
X-Esi
X-APP-VERSION
X-Cache-Control
X-Backend-Name
Srv
Healthy
X-Wix-Request-Id
X-Path-Route
Meta-Geo
X-ES-SERVER
GEO-INFO
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
X-Timing-Wait
X-Tb
Selected-Fe
X-Format
X-Status
Accept-Charset
X-Section
X-Access
Version
OT-Force-Account-Verify
X-Proxy-Build
Azure-RegionName
Azure-InstanceId
Akamai-GRN
Azure-SiteName
X-ShopId
Azure-SlotName
Cache-Tags
Mn-Server-Ip
X-Alternate-Cache-Key
Azure-Version
X-Akamai-Request-ID
X-Cache-Config
X-FC-Vary-Parameters
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Shopify-Generated-Cart-Token
X-NYM-Debug-Backend
X-Origin
X-Request-Time
X-PCL
X-UUID
X-Sorting-Hat-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OCL
X-Proto
X-Content-Age
X-EIG-Tracking-Id
Decoy-Debug-Key
X-Viewer-Country
X-Say-Cacheable
X-Vgn-Hpd-Reason
X-Say-TTL
Ec-Rule-Version
Decoy-Debug-TTL
X-Time-Microsecs
X-VWS-Id
X-Web-Node
X-Pubstack
X-ProxyCache-Status
X-Proxy-Cache-Status
X-Qloud-Router
X-Redis-Cache
X-SayCDN-TTL
X-SaId
X-Debug-Cache
DB-Nickname
X-Soup
X-Hyper-Cache
X-JoinUs
X-Akamai-Request-ID2
X-LJ-Flow-ID
X-Human
X-FW-Dynamic
X-Hl-Ver
X-Hosted-By
X-AWS-Id
X-BYPASS-REASON
X-ServerID
Node
NGX
X-ProxyCache-Key
Now
X-Proxy
Origin-Edge-Control
Origin-Cache-Control
X-Cluster-Node
X-Generated-By
Decoy-Debug-Status
X-Yottaa-Metrics
X-Storage
X-Rule
X-Yottaa-Optimizations
X-RateLimit-Limit
TWC-Connection-Speed
X-Varnish-Hits
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-CCM
Webcakes-App-Name
X-Site-Version
X-Amzn-Remapped-Content-Length
X-PressLabs-Stats
X-BCube-Filmed-By
Property-Id
X-FB-TRIP-ID
X-TNCMS
Webcakes-Region
Webcakes-App-Version
X-Loop
X-Www-Served-By
X-Generated
Cross-Origin-Window-Policy
X-Origin-Hint
TWC-Locale-Group
TWC-Privacy
X-MP-GENERATED-AT
S-Rt
X-Cache-Host
X-Akamai-Transformed
X-Xfnlog-Site
X-RCS-CacheZone
X-Locale
X-R9-Blue-Green-Version
X-NCache
X-IP
X-Detected-As
X-Unique-Id
L5d-Success-Class
X-CS
Time
Cache-Name
X-Drupal-Cache-Tags
Cache-Key
Webserver
Viewport
Uber-Trace-Id
X-UnsetCookies
X-UA-Device-Type
X-Mode
X-Backend-TTL
X-Forwarded-Host
X-CDN-Forward
X-Whom
Accept-Language
X-Cache-Remote
Rt-Fastcgi-Cache
X-Daa-Tunnel
X-Info
X-Origin-CC
X-Origin-TTL
Content-Disposition
X-From
Country
X-NGENIX-Cache
Mime-Version
X-Varnish-Cache-Hits
Odigeo-Trace-Id
X-ApacheServer
X-B3-Spanid
X-Cluster-Name
X-PERF
X-Ruxit-Js-Agent
VIX-Pulpo-Node
X-Magnolia-Registration
ServedBy
X-Drupal-Cache-Contexts
VIX-Pulpo-Upstream-Status
X-CLOUD-TRACE-CONTEXT
X-Newrelic-Synthetics
X-Microcachable
X-TT-TIMESTAMP
X-Geo
X-Proxied
X-Routing-Service
X-Device-Type
X-Zipkin-Id
Section-Io-Cache
X-Ttl
X-Via-Fastly
Proxy-Connection
X-Litespeed-Cache
X-Trafficlayer-App-Name
X-EC-Lua
X-Uri
Ohc-File-Size
X-Trafficlayer-App-Scope
Cf-Ipcountry
Ohc-Cache-HIT
X-Edge-Location
HitType
X-UPSTREAM-Address
Machine
MD5-Digest
Mobile-Detection-Method
Meta-Geo-Continent
Apple-News-Services-Request-Url
Apple-News-Services-Host
Content-Script-Type
Apple-News-Services-Handled
BehaviorPad-Version
Content-Style-Type
Fastcgi-X-Cache-Version
GEO-REGION-INFO
AsisCache
Apple-News-Services-Parsed-Url
X-Geo-Header
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Sigma
X-S
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-GeoIP-Country-Code
X-G
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
T-Server
Viewtype
VivaBuild
W
X-Accel-Expires-Debug
X-Aed
X-Date
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-D
X-Connection-Hash
X-Application
X-ARC
X-CF-Lambda-Fn
X-CF-Lambda-Version
Rendered-Blocks
X-B-Cookie
X-Nc
X-No-Session
Access-Control-Request-Headers
User-Cache-Control
X-C
X-Agile-Age
Server-Surrogate-Control
X-Agile
X-App-Name
X-Bip
X-Auto-Login
Server-Cache-Control
X-Agile-Id
Locid
Fastly-SWR
Fastly-Soc-X-Request-Id
Fastly-SIE
Environment
Gh-Request-Id
Ha-Gx-Prefs
X-Cache-ASPX
IsBot
HA-Ipaddr
Powered-By
X-Clientip
X-Tumblr-Pixel-3
X-TrackingId
X-Thanos
X-SIPLIST1
X-Varnish-Authentication
X-VC-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-WebServer
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-CUA
Countrycode
X-CGP
X-Developers
X-Distil-CS
X-Logging-Id
X-Hit
X-Eu-Site
X-Cache-Debug
X-Contensis-Viewer-Groups
CDCHOST
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-GoCache-CacheStatus
X-Cache-Backend
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-RateLimit-Remaining-Second
X-Swa-Ws
X-Real-IP
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Distributor
Adler-Geo
AKAMAI
X-Fastly-Cache
X-RateLimit-Limit-Second
X-Ms-Version
V-Age
X-Origin-Expires
True-Client-Country-4JS
X-Gamma-Serve
X-FW-Version
X-Origin-Date
Web-Mar-Node
X-AK-Request-ID
We-Hiring
X-Fetched-On
X-TH-Server
Country-Code
X-Nginx-Cache-Key
X-Cache-Time
X-Cache-URL
X-Cache-Tags
X-Cache-Info
X-Cache-Bucket
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Cdn-Srv
X-Cms-Context
X-Request-URI
X-Clara-WADP
X-Debug-Cache-Expiry
Geo-Info
X-Debug-Cookies
X-Block-Status
X-Server-W
X-Azure-Ref
X-Render-Time
X-Core-Mission
X-Servername
X-NX-Host
X-PHP-Host
X-Debug-Log
X-NodeID
X-NU-AKA-ACS-Version
X-BBXSRF
X-Backend-State
X-Micro-Cache
X-Gen-Mode
X-VServer
Kp-EeAlive
Is-Eu
IBM-Web2-Location
Heartbleed
Locale
X-Irp-Debug
X-Generated-In
X-Variation
Mail-Subject
X-Instart-Isnd
X-Owner
X-Is-Gdpr
X-JWT-State
X-Webstats-RespID
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
Cdnsip
Cdncip
X-WADP-Cache
Cache-Host
X-We-Are-Hiring
X-Labrador-Cache-Channel
Fastly-SSL
Memcached
X-IN-APIGATEWAYSSL
RNT-Time
X-GeoIP-City
RNT-Machine
X-IN-APIGATEWAY
Request-EU
X-OVcl
X-TT-LOGID
X-Generation-Time
X-Trace-Id
Server-Int
Server-ID
X-Proxy-Upstream
Request-Country
X-Ms-Request-Id
X-Hnp-Log
X-Up
X-User
X-Platform-Server
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Hash
X-Has-Esi
Platform
X-OVcl-Cache
X-COUNTRY
X-Core-Value
X-Generated-On
X-Matched-Rule
X-Req
X-Internal-Host
X-Level-Front-Cache
X-Reboot
X-Service
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Thinkindot-L3
Wxu-Next-Commit
Wxu-Next-Hostname
ServerName
X-Trafficlayer-App-Version
Fastly-Backend-Name
X-Air-Hostname
FNAC-ModuleRouting
PFcat
Server-Host
Wxu-Next-Region
Thinkindot-CacheControl
X-Old-Content-Length
X-ServiceProvider
X-Nginx-Cache
X-S-Maxage
Cache-Hits
Group
X-Cache-Expired-At
X-Var-Ttl
X-Key
X-SERVER
X-Sucuri-Cache
X-App-Version
X-Response-By
RequestId
X-Lb-Id
X-TA-CDN-Provider
S-Cnection
X-Location
X-Refresh
Pragrma
X-Parent-Response-Time
X-CSRF-TOKEN
Powered-By-ChinaCache
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Powered-By
Filterid
X-Tec-Api-Origin
X-Tec-Api-Root
Memory
X-NC
X-Tec-Api-Version
X-B3-Parentspanid
Origin
ProcessTime
X-Wa
X-Cdn-Forward
X-Sucuri-ID
X-Varnish-Cacheable
X-Pjax-Url
User-Agent
X-BACKEND-TTL
X-Pf-Uncompressing
X-CSRF-Token
X-B3-SpanId
Geoip-City
X-Server-IP
Geoip-Latitude
X-Via-CDN
X-Correlation-ID
X-Ua
X-NWS-UUID-VERIFY
SRV
GeoIp-Country-Code
PICS-Label
TTL
X-Developer
X-Vcl-Version
X-NGINX-Cache
X-Device-Os
X-Cdn-Origin
X-Ocache
X-Sn-Servicetimems
X-Cache-Grace
X-FORWARDED-FOR
X-LAGOON
X-Unique-ID
X-TIME
X-Cdn-Request-ID
On-Server
X-Node-Id
Media-Length
XServer
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Server-Time
X-Cache-Status-Check
X-Oss-Storage-Class
X-MSEdge-Flight
X-Servedbyhost
X-Request-Host
X-Webkit-CSP
A
X-MSEdge-Features
Hostname
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
X-Via-Ucdn
Cloudfront-Viewer-Country
Dnion-Transfer-Encoding
M-TraceId
X-Sucuri-Id
SN
Tcn
X-AIR-PT
X-HS-Status
Esi-Enabled
X-Reqid
X-Ratelimit-Remaining
X-Planisys-CDN-TTL
X-Beluga-Response-Time
X-Planisys-CDN-Rules
Who
X-Beluga-Trace
Host-ID
X-Beluga-Status
X-ServedByHost
X-Fastly-Country-Code
X-Beluga-Node
Cdn
X-Planisys-CDN-Cache
X-Varnish-URL
X-Beluga-Record
X-Cache-Ttl
X-Policy
X-Beluga-Cache-Status
Resin-Trace
HostName
X-VHOST
X-Request-Start
X-Azure-Ref-OriginShield
CF-Cached-On
X-VCL-Version
X-Slack-Backend
Rt-Proxy-Cache
MIME-Version
GeoIP-Country-Code
Pics-Label
X-Action
Ttl
X-Fastly-Backend-Reqs
X-Oracle-Dms-Rid
X-Ftr-Cache-Host
CACHE
X-SRV
X-LiteSpeed-Cache-Control
X-RSL
X-RPS
Arc-Country
Pramga
X-Cache-FS-Status
X-RPM
X-DSS
X-DI
X-Processor
X-Varnish-Url
X-Dispatch
X-PAYTM-SRV-ID
X-DB
X-Server-Time
X-DW
X-Method
X-VarnishDD-TTL
NtCoent-Length
X-Zone
GeoIP-Latitude
Magicmarker
X-APP
X-Bc
X-DC
X-FPC
X-PJAX-URL
Cteonnt-Length
X-Newrelic-App-Data
X-Skip-Cache
X-PF-Uncompressing
X-Ratelimit-Limit
X-Hello
X-ND-Cache
X-Flog
GeoIP-City
X-ABtesting
X-HostName
X-Edge-Server
Cdn-Host
Fastly-Drupal-HTML
Processtime
Cdn-Request-Time
WebServer
X-Served-From
Amp-Access-Control-Allow-Source-Origin
X-Be
X-Dynatrace
X-BE
Ohc-Response-Time
X-Bc-Bl
X-Svr
X-DevSite-Last-Modified
N-Cache
Load-Balancing
X-Swift-Error
X-Dynatrace-Js-Agent
Servername
Vix-Hermes-Req-Id
X-ID
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Section-Io-Origin-Status
Section-Origin-Responded
X-Backend-Host
Cache-Provider
CDN
X-LB-ID
X-Aicache-OS
X-WA
X-Frame-Option
X-WR-MODIFICATION
X-Branch-Name
Dynatrace
X-Fastly-Cache-Hits
X-Snapshot-Date
Pagetype
X-ZONE
X-BC
Lfy
CF-IPCountry
X-MServer
Requestid
DSUID
X-StackifyID
Release
X-VCT
X-CACHE-AGE
X-Configured-By
X-Tid
Cache-Cookie-Set-From
X-Apw-Access-Token
FSS-Cache
FSS-Proxy
Proxy-Firewall
V-Cache
X-Fmm-Version
WZWS-RAY
X-SB
Cache-Cookie-Set-Idcheck
D-Cc-Upstream
X-Apw-Access-Action
X-Cc-Req-Id
X-Apw-Hits
X-Request-Url
X-Hp-Ccpa-Warning
X-Cc-Via
X-Apw-Access-Object
Warning
Cache-Cookie-Set-Lfrom
X-VC
X-Adobe-Source
X-Litespeed-Cache-Control
X-Node-ID
Trailer
X-WPE-Loopback-Upstream-Addr
Cneonction
X-Powered-Y
X-SD-PageType
X-Worker
X-Upstream-Ct
X-Upstream-Ht
Backend-Name
X-App
X-Edge-IP
WP-Super-Cache
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-Request-URL
Correlation-Id
X-ElasticPress-Search
SD-X-WS
X-Fastly-Cache-Status