Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Ua-Compatible
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Server-Timing
Feature-Policy
X-UA-Device
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
Grace
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Dispatcher
X-Ruxit-JS-Agent
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
X-Country
X-Clacks-Overhead
X-Rack-Cache
X-Akam-SW-Version
Rating
Edge-Control
P3p
X-DataDome
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Vname
X-PC
X-TtlSet
X-Goog-Hash
X-TTL
Content-MD5
Verso
X-ESI
Service-Worker-Allowed
X-Url
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Vcache
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
RTSS
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-B3-TraceId
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Server-ID
X-Debug
X-Amz-Server-Side-Encryption
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-Request-ID
SPRequestGuid
X-Cached
Charset
X-Navigation-Version
X-Vcap-Request-Id
X-NF-Request-ID
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-MSEdge-Ref
X-Amz-Rid
X-Sol
Pagespeed
X-Middleton-Display
Display
Response
X-Middleton-Response
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-VARITI-CCR
X-SharePointHealthScore
Nginx-Cache
X-Fastly-Request-ID
MS-Author-Via
Pinterest-Version
X-Pinterest-Rid
Public-Key-Pins
X-Fastcgi-Cache
X-SRCache-Fetch-Status
X-Trace
X-SRCache-Store-Status
X-Client-IP
X-Powered-CMS
X-Cdn
Cache-Tag
X-Edge-O15-RID
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
SPIisLatency
SPRequestDuration
X-Upstream
X-Amzn-Trace-Id
X-Shard
X-Grace
X-Hp-Webp
X-Jurisdiction
X-Cache-TTL
X-Id
Front-End-Https
X-Forwarded-For
X-Ezoic-Cdn
X-Hits
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Cache
X-T
S
Nel
X-DynaTrace-JS-Agent
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Dw-Request-Base-Id
X-Content-Digest
X-FTR-Balancer
X-Mobile-URL
X-FTR-Realm
X-FTR-Backend
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-Varnish-Age
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
Server-Node
TP-Cache
TP-L2-Cache
X-Frontend
X-HS-Hub-Id
X-HS-Combine-CSS
NR-ENABLED
X-HS-Cache-Config
X-Correlation-Id
X-HS-Content-Id
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Logged-In
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Generation
Powered
X-CST
Alternate-Protocol
X-XRDS-Location
Server-Name
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Amz-Apigw-Id
Fastly-Restarts
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Content-Options
X-Zen-Fury
X-Page-Id
Refresh
X-User-Agent
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
X-Request-Received
X-Varnish-Grace
X-F-Cache
X-Rid
X-Origin-Server
X-Akamai-Edgescape
X-LB-Cache
X-Mobile-Rewrite
PB-RID
Arc-Version
PB-PID
X-B
X-Content-Powered-By
X-Revision
X-Type
X-B3-Sampled
Cache-Status
X-XRDS-LOCATION
X-Geo-Country
X-Az
X-Activity-Id
X-AppVersion
X-NWS-LOG-UUID
X-Kinsta-Cache
X-TT
X-Cache-Action
X-AOL-HN
X-Request-Guid
X-Jobs
X-Debug-Info
Access-Control-Allow-Method
X-Cached-By
X-Framework
X-WebKit-CSP-Report-Only
X-N
X-PHP-Backend
X-FB-Debug
X-App-Environment
Actual-Object-TTL
X-B-Cache
X-Signature
X-Time
X-Git-Hash
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-User
X-Cache-Age
X-Tt-Trace-Tag
X-Tt-Trace-Host
Paypal-Debug-Id
Fastcgi-Useragent
X-Amz-Replication-Status
X-Load-Cache
X-URL
X-Varnish-Backend
Host
DC
X-WA-Info
Host-Header
X-Pad
X-Webkit-Csp
X-ATG-Version
X-ORACLE-APMCS-REQUEST-ID
X-RateLimit-Remaining
X-ORACLE-APMCS-TAG
X-FastCGI-Cache
X-Shield-Request-Id
X-Via-JSL
MS-CV
Surrogate-Key
X-IPLB-Instance
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Mobile
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Liferay-Portal
X-Host-Name
Frame-Options
Retry-After
Accept-CH
X-Seen-By
X-Response-Served-From
NGB
X-Accel-Buffering
Payment
X-Srv
X-NewRelic-App-Data
X-Hostname
Source
X-Cache-NE
Xserver
X-Origin-Response-Time
X-Varnish-Server
WPE-Backend
X-Cache-Enabled
X-Is-Bot
X-Region
X-SS-Set-Cookie
X-IPS-LoggedIn
X-Cluster
X-Rendered-As
Eomportal-Instance
X-Cacheable-TTL
X-Cache-2
Tracecode
X-Adobe-Content
X-FW-Serve
X-FW-Hash
X-GeoIP
X-Adobe-Loc
Server-Info
X-FW-Static
X-Varnish-Hostname
X-FW-Type
X-FW-Server
X-RequestSource
X-App-Server
X-Cache-Rule
Filters
X-Tumblr-Pixel-1
Cache-Tv-Group
X-Tumblr-Pixel-2
X-Cache-Operation
X-Cache-Key
X-ProcessESI
X-RemovedCookies
X-Ttl
X-EdgeConnect-Cache-Status
X-Presslabs-Stats
X-Cache-TTL-Remaining
FilterID
X-TX-ID
Accept-CH-Lifetime
X-Environment-Context
X-FireWall-Port
X-L-Path
Cleartype
X-CACHE-KEY
X-Handled-By
X-Upgrade-Enabled
X-B3-Traceid
Accept-Charset
X-Source
From-Origin
X-Endurance-Cache-Level
X-RTag
Ms-Operation-Id
Srv
X-Cache-Server
X-Backend-Name
X-Analytics
X-HTML-Minification-Powered-By
Datacenter
X-UUID
X-PressLabs-Stats
Healthy
X-Wix-Request-Id
X-UA
X-Status
X-Daa-Tunnel
X-ES-SERVER
Meta-Geo
X-Cache-Var-Map
X-Path-Route
X-Cache-Var
X-RN-RSRV
Selected-Fe
X-Tb
OT-Force-Account-Verify
X-Proxy-Build
X-Timing-Wait
X-Whom
Version
X-Access
X-Format
Mn-Server-Ip
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Shopify-Stage
X-ShardId
X-Proto
X-Section
X-Alternate-Cache-Key
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Content-Age
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Akamai-Transformed
X-ShopId
X-OCL
X-Request-Time
X-Akamai-Request-ID
X-PCL
Decoy-Debug-Status
Akamai-GRN
Decoy-Debug-Key
Decoy-Debug-TTL
Ec-Rule-Version
X-SayCDN-TTL
X-Say-TTL
X-Soup
X-Say-Cacheable
X-SaId
X-Redis-Cache
X-Vgn-Hpd-Reason
X-Viewer-Country
X-NYM-Debug-Backend
Cache-Tags
X-Web-Node
X-VWS-Id
X-Qloud-Router
X-ProxyCache-Status
X-Debug-Cache
X-Hl-Ver
X-BYPASS-REASON
Origin-Edge-Control
Origin-Cache-Control
X-Hosted-By
X-Human
X-ProxyCache-Key
X-Proxy-Cache-Status
X-LJ-Flow-ID
X-JoinUs
Node
X-AWS-Id
X-Unique-Id
X-Yottaa-Metrics
X-Dc
X-Yottaa-Optimizations
X-Storage
X-CCM
X-Site-Version
Cross-Origin-Window-Policy
X-FB-TRIP-ID
Now
NGX
X-Www-Served-By
X-TNCMS
X-BCube-Filmed-By
X-Locale
X-Loop
X-Hyper-Cache
X-ServerID
X-Akamai-Request-ID2
X-Proxy
X-Generated
X-Origin
X-APP-VERSION
X-Detected-As
X-Time-Microsecs
DB-Nickname
X-Varnish-Hits
X-Pubstack
X-NCache
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-RCS-CacheZone
X-Webapp-Samesite-None-Activated-N
X-Generated-By
X-FW-Dynamic
X-Ua-Device
TWC-Device-Class
X-UA-Device-Type
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
X-Origin-Hint
X-IP
TWC-GeoIP-LatLong
TWC-Locale-Group
S-Rt
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
Azure-RegionName
Cache-Key
Azure-InstanceId
Azure-Version
X-MP-GENERATED-AT
Azure-SiteName
X-Amzn-Remapped-Content-Length
Azure-SlotName
X-Cluster-Node
Section-Io-Cache
X-RateLimit-Limit
GEO-INFO
X-NGENIX-Cache
X-Backend-TTL
X-Mode
X-Forwarded-Host
X-Cache-Host
X-Drupal-Cache-Tags
X-Rule
Webserver
X-Cache-Control
X-Esi
Time
X-CDN-Forward
X-Info
Cache
L5d-Success-Class
Content-Disposition
X-UnsetCookies
X-ApacheServer
Mime-Version
X-Newrelic-Synthetics
X-PERF
X-Varnish-Cache-Hits
ServedBy
Accept-Language
Cache-Name
X-Cache-Remote
X-Origin-CC
Viewport
X-Origin-TTL
Rt-Fastcgi-Cache
Uber-Trace-Id
X-Routing-Service
X-Proxied
X-CS
X-Zipkin-Id
Country
X-Device-Type
Odigeo-Trace-Id
X-Via-Fastly
Filterid
X-B3-Spanid
X-EC-Lua
X-Magnolia-Registration
X-VCache
X-Uri
Geo-Info
X-From
X-CLOUD-TRACE-CONTEXT
X-Geo
Access-Control-Request-Headers
Proxy-Connection
X-Real-IP
X-Cluster-Name
Cf-Ipcountry
X-Drupal-Cache-Contexts
HitType
X-Microcachable
X-PHP-Host
X-Labrador-Cache-Channel
X-TT-TIMESTAMP
X-ARC
X-Application
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
Content-Style-Type
Group
Fastcgi-X-Cache-Version
BehaviorPad-Version
X-Aed
X-Accel-Expires-Debug
Content-Script-Type
X-A-Wwc
AsisCache
X-A-Dam
T-Server
Rendered-Blocks
Mobile-Detection-Method
Meta-Geo-Continent
W
X-Varnish-Beresp-Ttl
VivaBuild
VIX-Pulpo-Upstream-Status
Viewtype
MD5-Digest
Machine
Cache-Hits
GEO-REGION-INFO
Apple-News-Services-Handled
X-A-Dcw
VIX-Pulpo-Node
X-A
X-Cache-Time
X-A-Ccd
X-A-Dgt
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Sigma-Backend
X-SRCache-Key
X-CF-Lambda-Fn
X-Transaction
X-App-Version
X-Region-Sid
X-Trv-Group
X-Varnish-Beresp-Status
X-Connection-Hash
X-GeoIP-Country-Code
X-External-Request-Id
X-G
X-DPWN-IS-SECURE
X-Destination
X-D
X-Date
X-Vdms-Version
X-Twitter-Response-Tags
X-Rocket-Build-Number
X-Session-Fingerprint
X-Sigma
X-VG-TLSProxy
X-Rojux
X-S
X-Varnish-Beresp-Grace
X-B-Cookie
X-ScT
Xc-Version
X-Vtex-Remote-Cache
X-Rewrite-Enabled
X-Request-UUID
X-VG-WebCache
X-S-Cookie
X-VG-WebServer
Ohc-File-Size
User-Cache-Control
IsBot
Fastly-SWR
Fastly-SIE
Locid
HA-Ipaddr
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Ha-Gx-Prefs
X-Hit
Environment
X-Logging-Id
X-Geo-Header
X-Clientip
X-WebServer
X-Agile-Age
X-Agile
X-Bip
X-Backend-State
X-Wikidot-Backend
X-Cdn-Srv
X-App-Name
X-Agile-Id
X-Wikidot-Static-Cache
X-VC-Cache
X-Var-Ttl
X-SIPLIST1
X-CUA
X-Distil-CS
Powered-By
X-CGP
X-Thanos
X-Cache-Debug
X-TrackingId
X-Nc
Countrycode
X-Eu-Site
X-Cache-Expired-At
CDCHOST
X-GoCache-CacheStatus
X-C
X-Distributor
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Debug-Cookies
X-WADP-Cache
X-Debug-Log
X-Fastly-Cache
X-GeoIP-City
X-Hash
X-Generated-In
X-Gen-Mode
X-We-Are-Hiring
X-Fetched-On
X-VServer
X-Core-Mission
X-BBXSRF
X-Block-Status
X-Auto-Login
X-Azure-Ref
X-Air-Hostname
X-Cache-Info
X-Cache-Tags
X-Clara-WADP
X-Variation
Fastly-Soc-X-Request-Id
Gh-Request-Id
X-Cache-URL
X-Webstats-RespID
X-IN-APIGATEWAY
X-Owner
X-Platform-Server
X-Origin-Expires
X-Origin-Date
X-NU-AKA-ACS-Version
X-NX-Host
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Request-URI
X-Servername
X-Swa-Ws
X-TH-Server
X-RateLimit-Remaining-Second
X-Trace-Id
X-NodeID
X-Nginx-Cache-Key
X-Irp-Debug
X-Up
Country-Code
X-Instart-Isnd
X-Developers
X-IN-APIGATEWAYSSL
X-Li-Fabric
X-Li-Pop
X-Ms-Request-Id
X-Ms-Version
X-Micro-Cache
X-LI-UUID
X-LI-Proto
X-Hnp-Log
X-Cache-Bucket
S-Cnection
Request-EU
Request-Country
X-OVcl
Web-Mar-Node
RNT-Machine
Server-ID
X-OVcl-Cache
RNT-Time
We-Hiring
True-Client-Country-4JS
Pragrma
IBM-Web2-Location
Cache-Host
Adler-Geo
Fastly-Backend-Name
Is-Eu
Kp-EeAlive
V-Age
Platform
Memcached
Mail-Subject
Server-Int
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Edge-Location
Heartbleed
X-Trafficlayer-App-Version
X-TT-LOGID
PFcat
X-Generated-On
Wxu-Next-Region
X-Contensis-Viewer-Groups
X-Nginx-Cache
X-Has-Esi
X-No-Session
X-Trafficlayer-App-Scope
X-Urbn-Context-Path
Wxu-Next-Hostname
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Matched-Rule
X-Level-Front-Cache
X-ServiceProvider
X-Urbn-Site-Id
X-Varnish-Authentication
AKAMAI
Wxu-Next-Commit
X-Service
X-Cms-Context
Cdncip
Thinkindot-CacheControl-Type
Ohc-Cache-HIT
Thinkindot-CacheControl
X-Core-Value
Cdnsip
Thinkindot-Control
ServerName
Server-Cache-Control
Locale
X-Req
X-Trafficlayer-App-Name
X-JWT-State
X-Thinkindot-L3
X-Gamma-Serve
X-Cache-ASPX
FNAC-ModuleRouting
Server-Surrogate-Control
X-Reboot
X-AK-Request-ID
X-Is-Gdpr
Server-Host
X-Node-Id
Fastly-SSL
X-Response-By
X-FW-Version
X-Varnish-Cacheable
X-Tumblr-Pixel-3
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Server-W
X-NC
X-Old-Content-Length
X-Debug-Cache-Store
X-Generation-Time
X-Lb-Id
X-Sucuri-ID
X-VHOST
User-Agent
RequestId
X-Refresh
X-Wa
X-SERVER
X-UPSTREAM-Address
X-CSRF-TOKEN
X-S-Maxage
X-Cache-Status-Check
Powered-By-ChinaCache
X-Developer
Hostname
X-Parent-Response-Time
X-NWS-UUID-VERIFY
X-Sn-Servicetimems
X-Render-Time
X-LAGOON
X-Device-Os
X-Cache-Grace
X-Cdn-Origin
X-Cache-Backend
X-CF-Powered-By
X-Ua
X-Ocache
X-User
X-Tec-Api-Origin
X-Pjax-Url
Origin
X-Tec-Api-Root
X-Tec-Api-Version
A
On-Server
X-Internal-Host
X-Key
X-Tb-Optimization-Total-Bytes-Saved
X-Request-Host
Memory
X-Sucuri-Cache
Cloudfront-Viewer-Country
X-CSRF-Token
X-MSEdge-Flight
X-Pf-Uncompressing
X-MSEdge-Features
X-TA-CDN-Provider
X-Via-CDN
X-Location
SRV
Geoip-Latitude
Geoip-City
GeoIp-Country-Code
X-Dynatrace-Js-Agent
ProcessTime
X-NGINX-Cache
PICS-Label
X-Varnish-URL
X-COUNTRY
X-B3-Parentspanid
X-BACKEND-TTL
X-Cdn-Forward
TTL
Resin-Trace
X-Servedbyhost
X-Webkit-CSP
X-Litespeed-Cache
X-Vcl-Version
X-DC
X-B3-SpanId
X-Server-IP
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
X-Varnish-Ttl
Cdn
X-Unique-ID
X-Slack-Backend
X-HS-Status
XServer
X-TIME
X-Processor
X-Server-Time
SN
X-Cache-FS-Status
X-Dispatch
X-PAYTM-SRV-ID
Pramga
Arc-Country
Tcn
M-TraceId
Trailer
CACHE
X-FORWARDED-FOR
X-Cdn-Request-ID
X-VCL-Version
Media-Length
Section-Io-Id
X-ND-Cache
Section-Io-Origin-Status
Fusion-Deployment-Id
Section-Io-Origin-Time-Seconds
Host-ID
X-Skip-Cache
Section-Origin-Responded
X-Ratelimit-Remaining
Fastly-Drupal-HTML
X-Served-From
X-Edge-Server
X-Action
X-Beluga-Node
X-Beluga-Status
Cdn-Request-Time
X-Beluga-Cache-Status
X-Cache-Ttl
X-Beluga-Record
X-ServedByHost
X-Beluga-Response-Time
X-Beluga-Trace
Cdn-Host
HostName
N-Cache
X-DSS
X-RSL
Ttl
X-RPS
X-DW
X-Fastly-Country-Code
X-RPM
X-DB
GeoIP-Country-Code
Pics-Label
X-DevSite-Last-Modified
X-DI
Who
X-Adobe-Source
NtCoent-Length
GeoIP-Latitude
GeoIP-City
X-Bc-Bl
X-Via-Ucdn
X-Correlation-ID
CF-Cached-On
X-Datadome
X-PF-Uncompressing
X-ABtesting
X-Reqid
X-Flog
X-Hello
MIME-Version
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
X-Bc
X-Varnish-Url
Cache-Cookie-Set-Idcheck
X-VarnishDD-TTL
Esi-Enabled
Cache-Cookie-Set-Lfrom
X-Zone
X-Backend-Host
Cache-Cookie-Set-From
X-AIR-PT
X-Planisys-CDN-Cache
X-Scheme
X-Policy
X-Sucuri-Id
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Fpc
X-APP
X-Ratelimit-Limit
X-Fmm-Version
X-HostName
X-Fastly-Backend-Reqs
WebServer
X-FPC
X-PJAX-URL
X-Request-Start
X-SRV
X-Azure-Ref-OriginShield
Amp-Access-Control-Allow-Source-Origin
X-SN
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Lb
Sid
X-Cache-Id
X-Esi-Check
Processtime
X-BE
X-Dynatrace
Rt-Proxy-Cache
Cteonnt-Length
X-Newrelic-App-Data
X-Cache-NGX
Servername
X-Swift-Error
Load-Balancing
X-BC
X-WA
FSS-Cache
Cache-Provider
Release
SD-X-WS
X-Gzip
FSS-Proxy
X-ID
Magicmarker
X-ZONE
X-SD-PageType
X-Frame-Option
X-WR-MODIFICATION
X-Configured-By
X-ECACHE
X-VCT
CF-IPCountry
X-Method
X-StackifyID
Dynatrace
X-Wix-Viewer-Type
X-Instart-Info
Requestid
X-Snapshot-Date
X-LB-ID
X-Branch-Name
CDN
X-CACHE-AGE
X-Compress-Hint
X-Cache-PHP
L
Request-Time
X-Cc-Req-Id
D-Cc-Upstream
X-Aicache-OS
X-VC
Proxy-Firewall
X-Cc-Via
X-SB
X-Fastly-Cache-Hits
WZWS-RAY
Warning
X-Request-Url
V-Cache
X-Tid
X-Litespeed-Cache-Control
X-Nananana
X-Apw-Access-Token
X-Apw-Hits
Ohc-Response-Time
X-Apw-Access-Object
X-Be
X-Request-URL
X-Worker
X-App
X-Check-Cacheable
X-WPE-Loopback-Upstream-Addr
X-ElasticPress-Search
X-Varnish-Beresp-TTL
X-GEO
X-Apw-Access-Action
X-Fastly-Cache-Status
X-Powered-Y
WP-Super-Cache
Cneonction