Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
X-AH-Environment
P3p
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
CF-Ray
X-Server
X-Age
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Device
X-Host
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-DataDome
X-Mod-Pagespeed
NEL
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
Accept-Ch
X-DynaTrace
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Use-Magma
RTSS
Edge-Cache-Tag
X-D2id
X-Server-Name
X-Abt-Application-Version
X-Debug
X-Px
AR-ATIME
AR-PoweredBy
X-Vcache
AR-CACHE
AR-Request-ID
Ar-Sid
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Fastcgi-Cache
X-TEC-API-ORIGIN
Pagespeed
Display
X-Accel-Expires
X-Sol
X-Middleton-Response
Response
X-Vcap-Request-Id
X-Middleton-Display
X-MSEdge-Ref
X-Amz-Rid
X-Navigation-Version
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
TCN
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Trace
Public-Key-Pins
Cache-Tag
X-Fastly-Request-ID
Realpath
X-Client-IP
X-Cdn
MS-Author-Via
X-Ser
Access-Control-Request-Method
Nginx-Cache
X-Edge-O15-RID
X-DynaTrace-JS-Agent
Nel
X-Shard
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
S
SPRequestDuration
X-Server-ID
SPIisLatency
X-Upstream
X-Content-Type
X-Id
X-Ezoic-Cdn
X-Amzn-Trace-Id
X-Hp-Webp
X-Grace
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Jurisdiction
X-Cache-TTL
X-Aspnet-Version
X-Varnish-Age
ServerID
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Mobile-URL
X-Country-Code-Real
X-Dw-Request-Base-Id
X-FTR-Backend
X-FTR-Balancer
X-FTR-Expires
X-FTR-DC
X-FTR-Cache-Status
X-DIS-Request-ID
X-FTR-Backend-Server
X-FTR-Realm
NR-ENABLED
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-Goog-Metageneration
X-Goog-Generation
X-Frontend
X-Goog-Storage-Class
X-GUploader-UploadID
Server-Node
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Powered
TP-L2-Cache
TP-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
AMP-Access-Control-Allow-Source-Origin
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Request-Processing-Time
X-Request-Received
X-Correlation-Id
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
X-Cache-Hit
Backend-Timing
X-XRDS-Location
X-Content-Options
Fastly-Restarts
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-User-Agent
X-F-Cache
Refresh
X-Akamai-Edgescape
X-Revision
X-Page-Id
X-Rid
X-Zen-Fury
X-Varnish-Grace
X-Type
X-XRDS-LOCATION
X-Content-Powered-By
X-LB-Cache
X-FTR-Cache-Host
X-B
X-B3-Sampled
PB-RID
PB-PID
X-Geo-Country
X-Mobile-Rewrite
Arc-Version
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-URL
X-N
X-Kinsta-Cache
X-Cache-Age
X-Shield-Request-Id
X-TT
X-Signature
X-B-Cache
X-Pad
X-Time
X-WebKit-CSP-Report-Only
X-Instance
X-AOL-HN
X-Cache-Action
X-Tumblr-User
X-Jobs
X-Debug-Info
Actual-Object-TTL
X-Framework
Paypal-Debug-Id
X-Tumblr-Pixel
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-App-Environment
X-FB-Debug
X-Load-Cache
X-Request-Guid
X-PHP-Backend
X-Cached-By
X-Git-Hash
DC
Fastcgi-Useragent
X-RateLimit-Remaining
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Varnish-Backend
X-Amz-Replication-Status
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Webkit-Csp
X-IPLB-Instance
Host-Header
MS-CV
X-Contextid
X-Webapp-Samesite-None-Activated-N
X-ATG-Version
X-WA-Info
Host
X-Analytics
X-NWS-LOG-UUID
X-SS-Set-Cookie
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile
X-Via-JSL
X-Cluster
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
NGB
X-Response-Served-From
X-Accel-Buffering
Tracecode
FilterID
X-Host-Name
WPE-Backend
Payment
Xserver
X-Cache-NE
X-Region
X-Varnish-Server
X-FW-Static
X-FW-Hash
X-Cache-2
X-FW-Serve
X-FW-Server
Eomportal-Instance
X-FW-Type
Source
Filters
Frame-Options
X-IPS-LoggedIn
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Origin-Response-Time
X-Varnish-Hostname
Cache-Tv-Group
X-Srv
X-Adobe-Content
X-Cache-Enabled
X-Adobe-Loc
X-Cacheable-TTL
X-Presslabs-Stats
X-Is-Bot
X-Rendered-As
X-Seen-By
X-Hostname
X-Cache-Operation
X-RequestSource
X-Cache-Rule
Retry-After
X-TX-ID
X-Cache-Key
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
Server-Info
X-Cache-TTL-Remaining
X-RemovedCookies
Liferay-Portal
X-ProcessESI
Cleartype
X-FastCGI-Cache
X-CACHE-KEY
X-VCache
X-Dc
Accept-CH
X-App-Server
X-B3-Traceid
Ms-Operation-Id
X-RTag
X-Environment-Context
X-L-Path
X-Source
X-FireWall-Port
X-UA
Datacenter
X-HTML-Minification-Powered-By
X-Endurance-Cache-Level
X-Handled-By
X-Upgrade-Enabled
From-Origin
X-Cache-Server
X-Backend-Name
Cache
X-Cache-Control
Accept-Charset
X-Wix-Request-Id
Accept-CH-Lifetime
X-APP-VERSION
Healthy
X-Path-Route
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-PressLabs-Stats
X-RN-RSRV
X-Tb
X-UUID
X-Format
X-Status
X-Section
Srv
Version
X-Timing-Wait
Selected-Fe
OT-Force-Account-Verify
X-Access
X-Proxy-Build
X-Cache-Config
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
Azure-Version
Akamai-GRN
Cache-Tags
X-Akamai-Request-ID
X-ShardId
X-Alternate-Cache-Key
X-NYM-Debug-Backend
X-ShopId
X-Shopify-Generated-Cart-Token
X-OCL
X-Content-Age
Azure-InstanceId
X-Request-Time
X-FC-Vary-Parameters
Azure-RegionName
Azure-SiteName
X-EIG-Tracking-Id
X-PCL
X-Origin
Azure-SlotName
X-Sorting-Hat-PodId
Mn-Server-Ip
X-Proto
X-Sorting-Hat-ShopId
Decoy-Debug-Status
Now
X-Web-Node
Origin-Cache-Control
Decoy-Debug-Key
Origin-Edge-Control
NGX
Node
Ec-Rule-Version
DB-Nickname
X-Redis-Cache
X-LJ-Flow-ID
X-VWS-Id
X-JoinUs
X-Say-Cacheable
X-Human
X-Hyper-Cache
X-Viewer-Country
X-Vgn-Hpd-Reason
X-Soup
X-ServerID
X-Time-Microsecs
X-SayCDN-TTL
X-Say-TTL
X-Hosted-By
X-SaId
X-Proxy-Cache-Status
X-Qloud-Router
X-ProxyCache-Key
X-Pubstack
X-AWS-Id
X-BYPASS-REASON
X-Cluster-Node
X-Debug-Cache
X-ProxyCache-Status
X-Hl-Ver
X-Generated-By
X-FW-Dynamic
X-Proxy
X-Akamai-Request-ID2
Decoy-Debug-TTL
X-Storage
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-RateLimit-Limit
GEO-INFO
X-FB-TRIP-ID
TWC-Connection-Speed
TWC-Device-Class
X-Generated
X-MP-GENERATED-AT
TWC-GeoIP-Country
X-CCM
Property-Id
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-Rule
X-TNCMS
Webcakes-Region
Webcakes-App-Version
X-Origin-Hint
TWC-Privacy
Webcakes-App-Name
TWC-GeoIP-LatLong
X-Loop
Cross-Origin-Window-Policy
X-Site-Version
X-Www-Served-By
X-Varnish-Hits
X-Akamai-Transformed
S-Rt
X-Xfnlog-Site
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Locale
X-NCache
X-Cache-Host
X-IP
X-Detected-As
L5d-Success-Class
X-CS
X-Drupal-Cache-Tags
X-Unique-Id
Webserver
Cache-Key
Cache-Name
Time
Viewport
Uber-Trace-Id
X-Esi
X-UA-Device-Type
X-Mode
X-UnsetCookies
X-Whom
Mime-Version
X-Forwarded-Host
X-Daa-Tunnel
X-Origin-TTL
Accept-Language
X-Origin-CC
Rt-Fastcgi-Cache
X-Info
X-Cache-Remote
X-Backend-TTL
X-CDN-Forward
X-NGENIX-Cache
Content-Disposition
Country
X-From
X-Varnish-Cache-Hits
X-PERF
Odigeo-Trace-Id
X-ApacheServer
X-B3-Spanid
X-Newrelic-Synthetics
ServedBy
X-Cluster-Name
Section-Io-Cache
X-Drupal-Cache-Contexts
X-Magnolia-Registration
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Microcachable
X-EC-Lua
X-Ruxit-Js-Agent
X-Geo
X-Nc
X-Device-Type
X-TT-TIMESTAMP
X-Proxied
X-Zipkin-Id
X-CLOUD-TRACE-CONTEXT
X-Routing-Service
X-Via-Fastly
X-Uri
Ohc-File-Size
Cf-Ipcountry
X-Trafficlayer-App-Name
Ohc-Cache-HIT
X-Ttl
Proxy-Connection
X-Trafficlayer-App-Scope
X-Edge-Location
HitType
X-ARC
X-B-Cookie
AsisCache
Apple-News-Services-Request-Url
X-Application
X-A
Mobile-Detection-Method
W
T-Server
VivaBuild
Rendered-Blocks
Content-Style-Type
X-A-Ccd
Fastcgi-X-Cache-Version
BehaviorPad-Version
Meta-Geo-Continent
Machine
Access-Control-Request-Headers
X-Aed
X-Accel-Expires-Debug
X-A-Dgt
X-A-Wwc
Viewtype
X-A-Dcw
X-A-Dam
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
GEO-REGION-INFO
MD5-Digest
X-Geo-Header
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-GeoIP-Country-Code
Content-Script-Type
X-Region-Sid
X-No-Session
X-Request-UUID
X-Sigma
X-Sigma-Backend
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-G
X-Rocket-Build-Number
X-D
X-Date
X-Destination
X-DPWN-IS-SECURE
X-CF-Lambda-Version
X-External-Request-Id
X-Connection-Hash
User-Cache-Control
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Geo-Info
X-UPSTREAM-Address
X-C
X-Varnish-Beresp-Grace
X-Clientip
Fastly-SWR
Gh-Request-Id
Locid
IsBot
HA-Ipaddr
Ha-Gx-Prefs
X-CGP
Fastly-SIE
X-Wikidot-Static-Cache
Environment
Countrycode
X-Wikidot-Backend
X-WebServer
X-Bip
X-Cache-ASPX
X-Cache-Debug
X-VC-Cache
Fastly-Soc-X-Request-Id
Server-Surrogate-Control
X-Agile-Age
X-Eu-Site
X-Agile-Id
X-Distil-CS
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Agile
X-Hit
X-Logging-Id
X-Developers
X-App-Name
Powered-By
X-Tumblr-Pixel-3
X-Contensis-Viewer-Groups
X-CUA
Server-Cache-Control
X-SIPLIST1
X-Thanos
X-TrackingId
X-Varnish-Authentication
X-Auto-Login
X-Real-IP
Fastly-SSL
CDCHOST
X-Cache-Backend
X-GoCache-CacheStatus
Filterid
X-Generated-In
X-Generation-Time
X-Gen-Mode
X-FW-Version
X-Gamma-Serve
X-Fetched-On
X-Has-Esi
X-Instart-Isnd
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Fastly-Cache
X-Hash
X-Hnp-Log
X-GeoIP-City
X-Distributor
X-Cache-Info
X-Cache-Tags
X-Cache-Time
X-Cache-URL
X-Cache-Bucket
X-Block-Status
X-Azure-Ref
X-Backend-State
X-BBXSRF
X-Cdn-Srv
X-Clara-WADP
X-Debug-Cookies
X-Debug-Log
X-Dispatcher-Server
X-Labrador-Cache-Channel
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Cms-Context
X-Core-Mission
X-Debug-Cache-Expiry
X-Epic-Correlation-Id
X-Li-Pop
X-SVT-ORM-VERSION
X-Swa-Ws
X-TH-Server
X-Trace-Id
X-SVT-ORM-RULES
X-Servername
X-Render-Time
X-Request-URI
X-Server-W
X-TT-LOGID
X-Up
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-VServer
X-Variation
X-Urbn-Context-Path
X-Urbn-Site-Id
X-User
X-RateLimit-Remaining-Second
Cdnsip
X-Ms-Version
X-Nginx-Cache-Key
X-NodeID
X-Ms-Request-Id
X-Micro-Cache
X-AK-Request-ID
X-LI-Proto
X-LI-UUID
X-NU-AKA-ACS-Version
X-NX-Host
X-PHP-Host
X-Platform-Server
X-Proxy-Upstream
X-Owner
X-OVcl-Cache
X-Origin-Date
X-Origin-Expires
X-OVcl
X-Li-Fabric
X-RateLimit-Limit-Second
Platform
Request-Country
Memcached
We-Hiring
Kp-EeAlive
Locale
Request-EU
RNT-Machine
V-Age
Web-Mar-Node
True-Client-Country-4JS
Server-Int
RNT-Time
Server-ID
Is-Eu
Mail-Subject
Cdncip
AKAMAI
Cache-Host
Heartbleed
IBM-Web2-Location
Adler-Geo
Country-Code
Fastly-Backend-Name
Server-Host
Thinkindot-Control
X-Air-Hostname
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Generated-On
X-Trafficlayer-App-Version
X-Old-Content-Length
X-Service
X-Req
X-App-Version
PFcat
X-Matched-Rule
X-Thinkindot-L3
X-Level-Front-Cache
X-ServiceProvider
X-Reboot
FNAC-ModuleRouting
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Core-Value
ServerName
Cache-Hits
X-S-Maxage
Group
X-Lb-Id
X-Var-Ttl
X-Internal-Host
X-Cache-Expired-At
X-Nginx-Cache
S-Cnection
X-Key
X-Sucuri-Cache
X-Response-By
X-Refresh
Pragrma
X-SERVER
RequestId
Powered-By-ChinaCache
X-Location
X-CF-Powered-By
X-VHOST
X-Parent-Response-Time
X-CSRF-TOKEN
ProcessTime
X-Tb-Optimization-Total-Bytes-Saved
X-TA-CDN-Provider
X-Cdn-Forward
X-Correlation-ID
X-Pjax-Url
Origin
X-Wa
X-Tec-Api-Version
X-Tec-Api-Origin
X-BACKEND-TTL
X-Tec-Api-Root
X-Sucuri-ID
X-B3-Parentspanid
X-CSRF-Token
Memory
SRV
X-Varnish-Cacheable
User-Agent
X-Ua
X-Via-CDN
TTL
X-NC
X-Pf-Uncompressing
X-B3-SpanId
X-Developer
X-Vcl-Version
X-Server-IP
X-Node-Id
Geoip-Latitude
Geoip-City
X-Unique-ID
X-NWS-UUID-VERIFY
X-NGINX-Cache
X-Ocache
X-Cdn-Origin
X-Cache-Grace
X-Sn-Servicetimems
X-Device-Os
X-LAGOON
PICS-Label
GeoIp-Country-Code
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
On-Server
X-COUNTRY
X-Cache-Status-Check
X-Request-Host
X-MSEdge-Flight
Media-Length
X-MSEdge-Features
A
X-Cdn-Request-ID
X-Rocket-Nginx-Bypass
X-Webkit-CSP
M-TraceId
Dnion-Transfer-Encoding
X-Litespeed-Cache
Hostname
SN
Cloudfront-Viewer-Country
X-Servedbyhost
X-Varnish-Ttl
X-Via-Ucdn
XServer
X-Sucuri-Id
X-TIME
Cdn
Tcn
X-HS-Status
X-FORWARDED-FOR
Resin-Trace
X-AIR-PT
Host-ID
Esi-Enabled
HostName
X-ServedByHost
X-Reqid
X-Ratelimit-Remaining
X-Beluga-Status
X-Beluga-Node
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Trace
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Cache-Ttl
X-Fastly-Country-Code
Who
X-Policy
X-Beluga-Cache-Status
X-Varnish-URL
X-Slack-Backend
X-Azure-Ref-OriginShield
X-Request-Start
CF-Cached-On
X-Fastly-Backend-Reqs
CACHE
X-Action
GeoIP-Country-Code
Pics-Label
Rt-Proxy-Cache
X-LiteSpeed-Cache-Control
X-VCL-Version
X-DSS
X-DW
X-Dispatch
X-DI
X-RPM
X-Server-Time
Arc-Country
X-RPS
X-Processor
X-DB
X-RSL
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Varnish-Url
Pramga
GeoIP-Latitude
X-Ftr-Cache-Host
X-Oracle-Dms-Rid
MIME-Version
X-Skip-Cache
X-Hello
X-ND-Cache
Ttl
X-Flog
X-ABtesting
X-Method
Magicmarker
X-Zone
X-APP
X-Bc
GeoIP-City
NtCoent-Length
X-PF-Uncompressing
X-DC
Cdn-Host
Cdn-Request-Time
X-Edge-Server
X-Served-From
X-Ratelimit-Limit
X-Newrelic-App-Data
Fastly-Drupal-HTML
X-FPC
Cteonnt-Length
X-VarnishDD-TTL
X-HostName
X-Bc-Bl
X-DevSite-Last-Modified
X-PJAX-URL
N-Cache
WebServer
Amp-Access-Control-Allow-Source-Origin
X-SRV
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Svr
Ohc-Response-Time
X-Dynatrace
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Be
X-Backend-Host
Processtime
X-BE
X-Dynatrace-Js-Agent
X-Swift-Error
Load-Balancing
Servername
Vix-Hermes-Req-Id
X-WA
X-ID
Cache-Provider
X-Aicache-OS
X-ZONE
X-BC
X-WR-MODIFICATION
X-Frame-Option
X-MServer
X-Snapshot-Date
X-Adobe-Source
CF-IPCountry
Pagetype
Lfy
X-Fastly-Cache-Hits
FSS-Proxy
X-Fmm-Version
Requestid
X-Branch-Name
CDN
X-StackifyID
FSS-Cache
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
DSUID
Dynatrace
X-LB-ID
X-VCT
Trailer
X-CACHE-AGE
Fusion-Deployment-Id
Release
X-Configured-By
X-Hp-Ccpa-Warning
Proxy-Firewall
X-Request-Url
V-Cache
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Cc-Via
X-Scheme
WZWS-RAY
Warning
X-Cc-Req-Id
X-Tid
X-VC
X-Apw-Hits
X-SB
D-Cc-Upstream
X-Litespeed-Cache-Control
X-WPE-Loopback-Upstream-Addr
Cneonction
X-Fpc
X-SD-PageType
Correlation-Id
Backend-Name
X-App
X-ElasticPress-Search
X-Worker
WP-Super-Cache
X-Upstream-Ht
X-Upstream-Ct
X-Fastly-Cache-Status
SD-X-WS
X-Varnish-Beresp-TTL
X-Check-Cacheable
X-Powered-Y
X-Request-URL
X-Edge-IP