Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
EagleId
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Server-Id
X-Device
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Dispatcher
X-Ruxit-JS-Agent
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-DataDome
X-Dns-Prefetch-Control
X-Country
X-Rack-Cache
X-Clacks-Overhead
Rating
Edge-Control
X-Akam-SW-Version
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-TTL
X-Goog-Hash
Accept-Ch
X-PC
X-Vname
X-TtlSet
Verso
Content-MD5
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
X-Url
Accept-Ch-Lifetime
X-Vcache
X-GitHub-Request-Id
X-Kinja
X-Kinja-Revision
RTSS
X-Kinja-Server
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-B3-TraceId
X-D2id
Edge-Cache-Tag
X-Server-Name
X-Px
X-Abt-Application-Version
X-Debug
AR-ATIME
X-Amz-Server-Side-Encryption
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-Request-ID
SPRequestGuid
X-Cached
Charset
X-Vcap-Request-Id
X-NF-Request-ID
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-MSEdge-Ref
X-Navigation-Version
X-Middleton-Response
Display
Pagespeed
Response
X-Middleton-Display
X-Sol
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-VARITI-CCR
X-Fastly-Request-ID
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
Nginx-Cache
X-Cdn
Public-Key-Pins
MS-Author-Via
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-CMS
X-Edge-O15-RID
X-Trace
X-Fastcgi-Cache
X-Client-IP
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Server-ID
X-Content-Type
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
X-Mrf-Item-Lastmod
X-Amzn-Trace-Id
X-Grace
SPRequestDuration
SPIisLatency
X-Shard
X-Upstream
X-Hp-Webp
X-Jurisdiction
X-Id
X-Ezoic-Cdn
X-Cache-TTL
Front-End-Https
X-Hits
Fastcgi-Cache
X-Amz-Meta-S3cmd-Attrs
Nel
S
X-T
X-DynaTrace-JS-Agent
X-Forwarded-For
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Varnish-Age
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-Mobile-URL
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-Dw-Request-Base-Id
ServerID
MicrosoftSharePointTeamServices
X-DIS-Request-ID
NR-ENABLED
TP-L2-Cache
TP-Cache
Server-Node
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
Powered
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-Frontend
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Correlation-Id
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
Fastly-Restarts
X-Amzn-RequestId
X-Cache-Hit
X-XRDS-Location
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Zen-Fury
X-Page-Id
Refresh
X-Content-Security-Policy-Report-Only
X-Content-Options
X-F-Cache
X-User-Agent
X-Origin-Server
X-Request-Received
X-Akamai-Edgescape
X-Request-Processing-Time
X-Varnish-Grace
X-Rid
X-LB-Cache
X-B
X-Revision
X-Content-Powered-By
Arc-Version
PB-PID
X-Mobile-Rewrite
PB-RID
X-Type
X-XRDS-LOCATION
X-B3-Sampled
X-Geo-Country
Cache-Status
X-Az
X-Activity-Id
X-AppVersion
X-Kinsta-Cache
X-NWS-LOG-UUID
X-Cache-Action
X-N
X-WebKit-CSP-Report-Only
X-TT
X-AOL-HN
X-Cached-By
X-Debug-Info
X-B-Cache
Access-Control-Allow-Method
X-Request-Guid
X-Signature
X-Jobs
X-Instance
X-PHP-Backend
X-Framework
X-Git-Hash
X-FB-Debug
Actual-Object-TTL
X-Time
X-Cache-Age
X-App-Environment
Paypal-Debug-Id
X-URL
X-Tumblr-User
X-Load-Cache
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Webkit-Csp
X-FastCGI-Cache
DC
X-Pad
Host-Header
X-Varnish-Backend
X-ATG-Version
X-WA-Info
X-RateLimit-Remaining
Host
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
MS-CV
X-Shield-Request-Id
Surrogate-Key
X-Contextid
X-IPLB-Instance
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Host-Name
X-Cache-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Retry-After
Accept-CH
Frame-Options
Liferay-Portal
X-Accel-Buffering
X-Response-Served-From
X-Seen-By
Payment
X-Hostname
Source
NGB
X-Cache-NE
X-Cache-2
X-Srv
X-Region
X-B3-Traceid
X-Origin-Response-Time
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Hash
X-Rendered-As
X-NewRelic-App-Data
X-Varnish-Server
Eomportal-Instance
X-FW-Type
Tracecode
X-SS-Set-Cookie
X-Cluster
X-Cacheable-TTL
X-Is-Bot
WPE-Backend
Xserver
Cache-Tv-Group
Server-Info
X-Cache-Enabled
X-Adobe-Loc
X-Adobe-Content
X-IPS-LoggedIn
X-Varnish-Hostname
X-GeoIP
Filters
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Rule
X-Cache-Operation
X-App-Server
X-RequestSource
X-ProcessESI
FilterID
X-RemovedCookies
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
Accept-CH-Lifetime
X-Cache-TTL-Remaining
X-TX-ID
X-L-Path
X-Environment-Context
X-FireWall-Port
Cleartype
X-Upgrade-Enabled
Accept-Charset
X-Analytics
X-Handled-By
X-RTag
Ms-Operation-Id
X-Source
X-Ttl
X-Endurance-Cache-Level
From-Origin
Srv
X-Backend-Name
X-HTML-Minification-Powered-By
X-Cache-Server
X-UA
X-APP-VERSION
Datacenter
X-Esi
X-CACHE-KEY
X-UUID
X-Wix-Request-Id
Healthy
X-Dc
Meta-Geo
X-Unique-Id
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
X-PressLabs-Stats
X-Cache-Var
X-Path-Route
X-Status
OT-Force-Account-Verify
X-Access
X-Akamai-Transformed
X-Section
X-Tb
X-OCL
X-Proto
X-PCL
X-Request-Time
X-Proxy-Build
X-Ua-Device
X-Cache-Config
X-Akamai-Request-ID
Akamai-GRN
X-Format
Selected-Fe
Cache-Tags
X-Content-Age
X-Daa-Tunnel
X-Webapp-Samesite-None-Activated-N
X-Goog-Meta-Goog-Reserved-File-Mtime
X-FC-Vary-Parameters
X-Timing-Wait
Ec-Rule-Version
Origin-Edge-Control
Node
X-JoinUs
Decoy-Debug-TTL
X-Hyper-Cache
Mn-Server-Ip
X-Alternate-Cache-Key
X-Hosted-By
X-Human
X-Hl-Ver
X-EIG-Tracking-Id
Decoy-Debug-Key
X-BYPASS-REASON
Decoy-Debug-Status
X-Proxy-Cache-Status
X-Proxy
X-Say-TTL
X-Say-Cacheable
X-Sorting-Hat-PodId
X-Origin
X-SayCDN-TTL
X-ShardId
X-Web-Node
Origin-Cache-Control
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-ShopId
X-Soup
X-SaId
X-Viewer-Country
X-Redis-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-Sorting-Hat-ShopId
X-Qloud-Router
X-NYM-Debug-Backend
X-Whom
X-FW-Dynamic
X-Site-Version
Azure-SlotName
X-ServerID
X-Vgn-Hpd-Reason
Azure-Version
Now
X-VWS-Id
X-Pubstack
Version
DB-Nickname
Azure-SiteName
X-Akamai-Request-ID2
X-Storage
NGX
X-TNCMS
X-MP-GENERATED-AT
X-LJ-Flow-ID
X-Loop
X-Generated
Azure-InstanceId
X-CCM
X-Time-Microsecs
X-Locale
X-Debug-Cache
Azure-RegionName
X-Detected-As
X-BCube-Filmed-By
X-AWS-Id
Cross-Origin-Window-Policy
S-Rt
X-IP
X-Varnish-Hits
X-Xfnlog-Site
X-NCache
X-Generated-By
GEO-INFO
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Www-Served-By
TWC-Privacy
Webcakes-App-Name
Webcakes-Region
TWC-Locale-Group
X-Yottaa-Optimizations
TWC-Connection-Speed
Property-Id
X-Yottaa-Metrics
X-Amzn-Remapped-Content-Length
TWC-GeoIP-Country
TWC-Device-Class
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Cluster-Node
X-Origin-Hint
Cache-Key
X-FB-TRIP-ID
X-Backend-TTL
X-UA-Device-Type
X-RateLimit-Limit
X-NGENIX-Cache
X-Cache-Control
X-CDN-Forward
X-Forwarded-Host
Section-Io-Cache
X-Mode
X-Drupal-Cache-Tags
Webserver
X-Rule
Cache
X-Cache-Host
X-Info
Time
Content-Disposition
L5d-Success-Class
X-PERF
X-Varnish-Cache-Hits
X-ApacheServer
X-B3-Spanid
Rt-Fastcgi-Cache
ServedBy
Accept-Language
X-UnsetCookies
X-CS
Viewport
X-Newrelic-Synthetics
X-Origin-TTL
X-Origin-CC
Cache-Name
Uber-Trace-Id
Mime-Version
Country
X-Cache-Remote
Odigeo-Trace-Id
X-Zipkin-Id
X-Routing-Service
X-VCache
X-Proxied
X-Device-Type
X-Via-Fastly
X-Magnolia-Registration
X-CLOUD-TRACE-CONTEXT
X-Uri
X-From
X-Geo
Filterid
X-EC-Lua
X-Cluster-Name
HitType
X-Drupal-Cache-Contexts
Proxy-Connection
Cf-Ipcountry
Geo-Info
X-Real-IP
Access-Control-Request-Headers
X-Microcachable
X-TT-TIMESTAMP
X-Date
X-A
X-Destination
X-A-Dam
Fastcgi-X-Cache-Version
X-External-Request-Id
GEO-REGION-INFO
X-A-Ccd
X-A-Dgt
X-A-Wwc
X-Rewrite-Enabled
X-DPWN-IS-SECURE
X-Request-UUID
X-A-Dcw
X-G
X-Labrador-Cache-Channel
X-PHP-Host
X-Region-Sid
X-CF-Lambda-Fn
X-Geo-Header
Apple-News-Services-Handled
X-CF-Lambda-Version
X-Rocket-Build-Number
MD5-Digest
Machine
Meta-Geo-Continent
Mobile-Detection-Method
X-D
Apple-News-Services-Host
Content-Script-Type
X-Connection-Hash
Content-Style-Type
BehaviorPad-Version
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-GeoIP-Country-Code
Rendered-Blocks
Group
VIX-Pulpo-Node
VivaBuild
X-Vtex-Processado-Em
VIX-Pulpo-Upstream-Status
W
X-Sigma-Backend
X-ARC
X-SRCache-Key
T-Server
X-VG-WebServer
X-Trv-Group
X-Twitter-Response-Tags
Viewtype
X-Transaction
X-B-Cookie
X-VG-WebCache
X-VG-TLSProxy
X-Vdms-Version
X-Application
X-Vtex-Remote-Cache
X-Varnish-Beresp-Grace
X-S-Cookie
X-Accel-Expires-Debug
X-ScT
X-Session-Fingerprint
X-Rojux
X-S
X-Varnish-Beresp-Ttl
Xc-Version
X-Aed
X-Varnish-Beresp-Status
X-Sigma
User-Cache-Control
Cache-Hits
X-Cache-Time
Ohc-File-Size
X-C
X-Agile-Id
X-Hit
X-VC-Cache
HA-Ipaddr
Ha-Gx-Prefs
X-Wikidot-Backend
Countrycode
Environment
IsBot
Fastly-SIE
Fastly-Soc-X-Request-Id
X-App-Name
Fastly-SWR
X-Eu-Site
CDCHOST
X-WebServer
Locid
X-Thanos
X-Cache-Expired-At
X-Agile-Age
X-Distil-CS
Powered-By
X-Backend-State
X-Developers
X-Agile
X-Rebelmouse-Cache-Control
X-Wikidot-Static-Cache
X-OVcl-Cache
X-OVcl
X-Cache-Debug
X-Rebelmouse-Surrogate-Control
X-Cdn-Srv
X-SIPLIST1
X-Clientip
X-Bip
X-Logging-Id
X-TrackingId
X-CGP
X-GoCache-CacheStatus
X-Clara-WADP
X-Core-Mission
X-CUA
X-Air-Hostname
X-Azure-Ref
X-Debug-Log
X-Cache-Info
X-Cache-Tags
X-Cache-URL
X-Cache-Bucket
X-Block-Status
X-Request-URI
Gh-Request-Id
X-We-Are-Hiring
Locale
Server-Cache-Control
Server-Surrogate-Control
X-WADP-Cache
X-VServer
X-Trace-Id
X-TH-Server
X-Up
X-Var-Ttl
X-Variation
X-Auto-Login
X-Cache-ASPX
X-Varnish-Authentication
X-Urbn-Site-Id
AKAMAI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Urbn-Context-Path
X-JWT-State
X-Cms-Context
X-Contensis-Viewer-Groups
X-Has-Esi
X-Is-Gdpr
X-Swa-Ws
X-Servername
X-Li-Fabric
X-Irp-Debug
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-Hnp-Log
X-GeoIP-City
X-Epic-Correlation-Id
X-Fastly-Cache
X-Gen-Mode
X-Generated-In
X-Micro-Cache
X-Ms-Request-Id
X-Origin-Expires
X-Origin-Date
X-Owner
X-Platform-Server
X-Proxy-Upstream
X-NX-Host
X-NU-AKA-ACS-Version
X-Ms-Version
X-Nginx-Cache-Key
X-No-Session
X-NodeID
X-Distributor
X-Debug-Cookies
Platform
Memcached
Pragrma
Request-Country
RNT-Time
RNT-Machine
Adler-Geo
Cache-Host
Heartbleed
Fastly-Backend-Name
IBM-Web2-Location
Is-Eu
Country-Code
Server-ID
Request-EU
True-Client-Country-4JS
X-Nc
V-Age
Web-Mar-Node
Server-Int
S-Cnection
X-Edge-Location
Fastly-SSL
X-FW-Version
X-TT-LOGID
X-Generated-On
X-Tumblr-Pixel-3
X-Debug-Cache-Store
Cdnsip
X-Debug-Cache-Expiry
X-Fetched-On
X-RateLimit-Remaining-Second
X-Server-W
Ohc-Cache-HIT
X-Instart-Isnd
X-AK-Request-ID
X-NC
X-Level-Front-Cache
FNAC-ModuleRouting
ServerName
X-Matched-Rule
X-RateLimit-Limit-Second
X-IN-APIGATEWAY
X-Gamma-Serve
X-IN-APIGATEWAYSSL
X-Hash
Kp-EeAlive
Thinkindot-Control
X-Service
PFcat
Cdncip
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-BBXSRF
X-Thinkindot-L3
We-Hiring
X-ServiceProvider
X-Debug-Cache-Fetch
X-Dispatcher-Server
X-Webstats-RespID
X-Reboot
X-Req
X-Generation-Time
Mail-Subject
X-Core-Value
X-VHOST
X-Nginx-Cache
X-Old-Content-Length
Wxu-Next-Commit
Wxu-Next-Hostname
X-Trafficlayer-App-Scope
X-Response-By
X-App-Version
X-Varnish-Cacheable
Server-Host
X-Trafficlayer-App-Version
X-Trafficlayer-App-Name
Wxu-Next-Region
X-SERVER
X-UPSTREAM-Address
X-Node-Id
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Sucuri-ID
X-Oss-Object-Type
X-Oss-Server-Time
RequestId
X-S-Maxage
User-Agent
X-Refresh
X-Wa
X-Lb-Id
Powered-By-ChinaCache
X-Render-Time
X-Developer
X-Cache-Status-Check
X-CSRF-TOKEN
X-Cache-Backend
X-Parent-Response-Time
Hostname
X-Tec-Api-Origin
X-Cdn-Origin
X-User
X-LAGOON
X-Sn-Servicetimems
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Grace
X-NWS-UUID-VERIFY
X-CF-Powered-By
X-Ocache
X-Device-Os
Origin
X-Internal-Host
X-Key
X-Sucuri-Cache
X-Pf-Uncompressing
A
X-Tb-Optimization-Total-Bytes-Saved
On-Server
X-Ua
X-Pjax-Url
X-CSRF-Token
X-MSEdge-Flight
Memory
X-TA-CDN-Provider
X-Request-Host
X-MSEdge-Features
X-Via-CDN
X-Location
SRV
Geoip-Latitude
Geoip-City
Cloudfront-Viewer-Country
PICS-Label
X-NGINX-Cache
X-FORWARDED-FOR
X-COUNTRY
GeoIp-Country-Code
ProcessTime
X-B3-Parentspanid
X-Varnish-URL
X-Vcl-Version
X-Servedbyhost
Resin-Trace
X-Litespeed-Cache
X-BACKEND-TTL
X-Webkit-CSP
TTL
X-Cdn-Forward
X-Server-IP
X-Varnish-Ttl
X-TIME
XServer
M-TraceId
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
X-Dynatrace-Js-Agent
Tcn
X-Slack-Backend
SN
X-B3-SpanId
Cdn
X-DC
X-Cache-FS-Status
X-PAYTM-SRV-ID
Media-Length
X-Processor
X-Server-Time
X-Unique-ID
X-HS-Status
Arc-Country
Host-ID
Pramga
X-Cdn-Request-ID
CACHE
X-Ratelimit-Remaining
X-Skip-Cache
X-Dispatch
X-Beluga-Record
X-Cache-Ttl
X-VCL-Version
X-Beluga-Cache-Status
X-ND-Cache
X-Action
X-Beluga-Response-Time
X-Fastly-Country-Code
X-ServedByHost
X-Beluga-Node
X-Beluga-Status
X-Beluga-Trace
HostName
Who
X-Edge-Server
X-Served-From
X-RPM
X-RPS
Ttl
X-DW
Section-Origin-Responded
X-RSL
Cdn-Host
Fastly-Drupal-HTML
Cdn-Request-Time
X-DSS
Fusion-Deployment-Id
Section-Io-Origin-Status
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-DI
X-DB
X-DevSite-Last-Modified
MIME-Version
X-Correlation-ID
X-Via-Ucdn
X-Hello
Pics-Label
N-Cache
X-Bc-Bl
X-Flog
X-ABtesting
GeoIP-Country-Code
X-Reqid
X-Adobe-Source
NtCoent-Length
CF-Cached-On
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
GeoIP-Latitude
X-AIR-PT
GeoIP-City
X-VarnishDD-TTL
X-Varnish-Url
Esi-Enabled
Cache-Cookie-Set-Lfrom
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-FPC
X-Zone
Cache-Cookie-Set-Idcheck
X-Sucuri-Id
X-Policy
X-PF-Uncompressing
X-Ratelimit-Limit
Cache-Cookie-Set-From
X-APP
X-Bc
X-Planisys-CDN-Cache
X-PJAX-URL
X-Backend-Host
Trailer
X-HostName
WebServer
X-Fmm-Version
X-Fastly-Backend-Reqs
X-Azure-Ref-OriginShield
X-SRV
X-Request-Start
X-BE
Cteonnt-Length
Amp-Access-Control-Allow-Source-Origin
X-SERVER-NAME
X-Scheme
X-Fpc
X-Dynatrace
Rt-Proxy-Cache
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
Processtime
X-Newrelic-App-Data
X-Swift-Error
Servername
X-ID
FSS-Cache
X-WA
Lb
Magicmarker
Cache-Provider
X-Esi-Check
FSS-Proxy
X-BC
X-LB-ID
X-Cache-Id
X-ZONE
X-Frame-Option
X-WR-MODIFICATION
X-Cache-NGX
Dynatrace
Sid
X-Gzip
SD-X-WS
X-SD-PageType
Requestid
X-Snapshot-Date
X-Branch-Name
CDN
X-StackifyID
X-Method
Load-Balancing
X-SN
CF-IPCountry
X-CACHE-AGE
WZWS-RAY
X-VCT
X-Wix-Viewer-Type
X-Instart-Info
X-ECACHE
X-Compress-Hint
Release
X-Configured-By
L
X-Aicache-OS
X-VC
Warning
X-SB
V-Cache
X-Request-Url
D-Cc-Upstream
X-Fastly-Cache-Hits
X-Cc-Req-Id
X-Cc-Via
X-Tid
X-Litespeed-Cache-Control
X-Apw-Access-Action
X-Apw-Access-Object
X-Cache-PHP
SID
X-Worker
Ohc-Response-Time
X-Apw-Access-Token
X-Nananana
Proxy-Firewall
WP-Super-Cache
X-Varnish-Beresp-TTL
Cneonction
X-App
X-Check-Cacheable
X-Request-URL
X-Powered-Y
X-ElasticPress-Search
X-GEO
X-Fastly-Cache-Status
X-WPE-Loopback-Upstream-Addr
X-Apw-Hits