Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Server
X-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Application-Context
X-HW
P3p
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-DataDome
X-ORACLE-DMS-RID
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
Pinterest-Generated-By
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
X-Country-Code
Accept-Ch
X-DynaTrace
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
X-Url
X-Forwarded-Proto
X-MS-InvokeApp
X-Vcache
X-GitHub-Request-Id
X-Version
X-Kinja-Server
X-Kinja-Revision
X-Cdn-Fetch
X-Exp-Variant
X-Kinja
X-Use-Magma
X-Exp-Id
X-GoogleNews-Bot
X-Kinja-Build
X-B3-TraceId
RTSS
X-Server-Name
Edge-Cache-Tag
X-D2id
X-Debug
X-Abt-Application-Version
X-Px
Ar-Sid
AR-PoweredBy
AR-Request-ID
AR-CACHE
AR-ATIME
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
Pagespeed
Response
X-Middleton-Display
X-Middleton-Response
X-Sol
X-TEC-API-VERSION
Display
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Vcap-Request-Id
X-Navigation-Version
X-MSEdge-Ref
X-Accel-Expires
X-Amz-Rid
X-Server-ID
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
TCN
X-Edge-O15-RID
X-SharePointHealthScore
X-Fastcgi-Cache
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Cdn
Public-Key-Pins
X-Fastly-Request-ID
Cache-Tag
X-Client-IP
X-Trace
Nginx-Cache
Realpath
MS-Author-Via
X-Ser
Access-Control-Request-Method
X-Shard
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-DynaTrace-JS-Agent
X-Content-Type
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Ezoic-Cdn
X-Id
X-Grace
X-Jurisdiction
X-Hp-Webp
S
X-Upstream
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
X-Hits
Front-End-Https
Nel
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Cache-TTL
X-Varnish-Age
ServerID
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Mobile-URL
MicrosoftSharePointTeamServices
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-Country-Code-Real
X-FTR-Expires
X-FTR-Backend-Server
X-Dw-Request-Base-Id
X-DIS-Request-ID
NR-ENABLED
Server-Node
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Frontend
Powered
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
TP-Cache
TP-L2-Cache
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Correlation-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
AMP-Access-Control-Allow-Source-Origin
X-XRDS-Location
X-Request-Handler-Origin-Region
X-Request-Received
X-Request-Processing-Time
Fastly-Restarts
X-Microsite
X-ATS-Timestamp
X-Cache-Hit
Backend-Timing
X-Content-Options
X-Origin-Server
X-Zen-Fury
X-FTR-Cache-Host
X-Content-Security-Policy-Report-Only
X-User-Agent
X-F-Cache
X-Akamai-Edgescape
Refresh
X-Rid
X-Page-Id
X-Revision
X-Varnish-Grace
X-Type
X-Content-Powered-By
X-LB-Cache
X-B
PB-RID
PB-PID
X-XRDS-LOCATION
X-B3-Sampled
X-Mobile-Rewrite
Arc-Version
X-Geo-Country
X-URL
X-Activity-Id
X-AppVersion
X-Az
Cache-Status
X-N
X-Kinsta-Cache
X-Cache-Age
X-Cache-Action
X-TT
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Signature
X-Instance
X-B-Cache
X-Time
Actual-Object-TTL
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Tumblr-Pixel
X-Debug-Info
X-Framework
X-Jobs
X-Tumblr-User
Access-Control-Allow-Method
X-FB-Debug
X-Cached-By
X-Load-Cache
X-App-Environment
X-Request-Guid
X-Git-Hash
X-PHP-Backend
Fastcgi-Useragent
DC
X-Pad
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Shield-Request-Id
X-Amz-Replication-Status
X-Webkit-Csp
X-RateLimit-Remaining
X-Varnish-Backend
X-NWS-LOG-UUID
Surrogate-Key
X-IPLB-Instance
Host-Header
MS-CV
X-WA-Info
X-Contextid
X-ATG-Version
Host
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-FastCGI-Cache
X-Via-JSL
X-Mobile
X-Cache-Key
X-SS-Set-Cookie
X-Host-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
NGB
X-Accel-Buffering
X-Response-Served-From
Payment
Frame-Options
Tracecode
X-B3-Traceid
X-Cluster
X-Analytics
X-Cache-NE
X-Origin-Response-Time
Xserver
X-Varnish-Server
X-Region
X-FW-Server
WPE-Backend
X-Cache-2
X-FW-Serve
Eomportal-Instance
X-FW-Static
Source
X-FW-Type
X-FW-Hash
FilterID
Filters
Cache-Tv-Group
X-GeoIP
X-IPS-LoggedIn
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Webapp-Samesite-None-Activated-N
X-Varnish-Hostname
X-Hostname
X-Adobe-Loc
X-Adobe-Content
Retry-After
X-Cache-Enabled
X-Cacheable-TTL
X-Cache-Operation
X-Srv
X-Cache-Rule
X-Is-Bot
X-Rendered-As
X-Seen-By
X-RequestSource
X-NewRelic-App-Data
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
X-TX-ID
Server-Info
Liferay-Portal
X-RemovedCookies
X-ProcessESI
X-Cache-TTL-Remaining
X-App-Server
Accept-CH
Cleartype
X-L-Path
X-Environment-Context
X-RTag
Ms-Operation-Id
X-Source
X-FireWall-Port
X-Endurance-Cache-Level
X-Handled-By
X-Upgrade-Enabled
X-Dc
X-Cache-Server
X-HTML-Minification-Powered-By
From-Origin
Datacenter
X-CACHE-KEY
X-Backend-Name
X-UA
Accept-CH-Lifetime
Srv
Accept-Charset
X-APP-VERSION
X-Esi
X-PressLabs-Stats
X-UUID
Meta-Geo
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
X-RN-RSRV
X-Wix-Request-Id
X-Access
X-Format
X-Section
OT-Force-Account-Verify
X-Proxy-Build
X-Timing-Wait
Selected-Fe
X-Tb
X-ShopId
X-Shopify-Generated-Cart-Token
X-Origin
X-Sorting-Hat-PodId
X-Cache-Config
X-ShardId
X-NYM-Debug-Backend
Mn-Server-Ip
X-OCL
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
Akamai-GRN
Azure-InstanceId
Azure-RegionName
X-FC-Vary-Parameters
X-Request-Time
Cache-Tags
X-EIG-Tracking-Id
X-Akamai-Request-ID
Azure-SiteName
Azure-SlotName
X-Sorting-Hat-ShopId
Azure-Version
X-Content-Age
X-Alternate-Cache-Key
X-Proto
X-PCL
X-Cluster-Node
X-Yottaa-Optimizations
DB-Nickname
Decoy-Debug-TTL
X-Hl-Ver
X-Hyper-Cache
X-Hosted-By
X-Yottaa-Metrics
Decoy-Debug-Status
Ec-Rule-Version
X-FW-Dynamic
Decoy-Debug-Key
X-JoinUs
X-Status
X-ProxyCache-Status
X-LJ-Flow-ID
X-ProxyCache-Key
X-Viewer-Country
X-VWS-Id
X-Pubstack
X-Qloud-Router
X-BYPASS-REASON
X-Cache-Control
X-AWS-Id
X-Time-Microsecs
X-SaId
X-Akamai-Request-ID2
Node
Version
NGX
X-ServerID
X-Vgn-Hpd-Reason
Origin-Cache-Control
Now
X-Proxy-Cache-Status
Origin-Edge-Control
X-Soup
X-Proxy
Cache
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
TWC-Device-Class
Property-Id
Healthy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Cross-Origin-Window-Policy
TWC-Privacy
TWC-Locale-Group
X-BCube-Filmed-By
X-Origin-Hint
X-Amzn-Remapped-Content-Length
X-Redis-Cache
X-CCM
X-Web-Node
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Varnish-Hits
X-TNCMS
X-Storage
X-MP-GENERATED-AT
X-NCache
X-Generated-By
X-Loop
X-Human
X-FB-TRIP-ID
X-Debug-Cache
X-RCS-CacheZone
X-Akamai-Transformed
X-Generated
GEO-INFO
S-Rt
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-RateLimit-Limit
X-Locale
X-Site-Version
X-IP
X-Cache-Host
X-Www-Served-By
X-Detected-As
X-Rule
X-VCache
X-Unique-Id
X-Ttl
Cache-Key
X-Drupal-Cache-Tags
L5d-Success-Class
X-Whom
Webserver
X-CS
Cache-Name
X-UA-Device-Type
X-Daa-Tunnel
X-NGENIX-Cache
X-VHOST
X-Forwarded-Host
Viewport
Time
Uber-Trace-Id
X-Backend-TTL
X-Mode
X-UnsetCookies
Mime-Version
X-Info
Accept-Language
X-Origin-TTL
X-Origin-CC
X-CDN-Forward
Content-Disposition
Rt-Fastcgi-Cache
X-B3-Spanid
X-Varnish-Cache-Hits
Section-Io-Cache
X-Newrelic-Synthetics
Country
X-PERF
X-ApacheServer
Odigeo-Trace-Id
ServedBy
X-Cache-Remote
X-From
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-EC-Lua
X-Proxied
X-Device-Type
X-Routing-Service
X-Cluster-Name
X-Zipkin-Id
X-Drupal-Cache-Contexts
X-Via-Fastly
X-Uri
X-Geo
X-Microcachable
X-TT-TIMESTAMP
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Proxy-Connection
Geo-Info
Cf-Ipcountry
X-Nc
Access-Control-Request-Headers
HitType
Ohc-File-Size
MD5-Digest
T-Server
X-Connection-Hash
X-B-Cookie
X-External-Request-Id
X-Varnish-Beresp-Grace
X-GeoIP-Country-Code
Content-Style-Type
Content-Script-Type
X-Date
Apple-News-Services-Handled
Apple-News-Services-Host
Rendered-Blocks
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
Meta-Geo-Continent
X-CF-Lambda-Fn
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Mobile-Detection-Method
X-G
X-Varnish-Beresp-Ttl
X-Geo-Header
X-D
AsisCache
BehaviorPad-Version
X-Varnish-Beresp-Status
X-Session-Fingerprint
X-A-Ccd
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebCache
X-A
X-DPWN-IS-SECURE
X-Trv-Group
GEO-REGION-INFO
X-Region-Sid
X-Twitter-Response-Tags
X-VG-WebServer
X-A-Dam
Xc-Version
X-Accel-Expires-Debug
X-Aed
X-Destination
X-A-Wwc
X-A-Dgt
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-A-Dcw
X-Transaction
Machine
X-S
X-S-Cookie
X-ScT
VivaBuild
X-Rojux
X-Rocket-Build-Number
Viewtype
X-Request-UUID
X-Rewrite-Enabled
X-Sigma
X-ARC
X-SRCache-Key
X-Sigma-Backend
W
X-Application
Filterid
X-C
X-Real-IP
Fastly-Soc-X-Request-Id
IsBot
X-Developers
X-Eu-Site
Countrycode
X-CUA
Environment
Ha-Gx-Prefs
Locid
Fastly-SIE
X-Cache-Time
Fastly-SWR
X-Hit
X-Distil-CS
CDCHOST
HA-Ipaddr
Gh-Request-Id
X-Bip
X-Thanos
X-App-Name
X-TrackingId
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
Server-Surrogate-Control
X-Auto-Login
X-Rebelmouse-Cache-Control
X-Tumblr-Pixel-3
X-Agile-Id
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Agile
X-WebServer
X-No-Session
X-Varnish-Authentication
X-VC-Cache
X-Cache-Debug
X-Cache-ASPX
X-CGP
X-Logging-Id
X-Clientip
Powered-By
X-Contensis-Viewer-Groups
Server-Cache-Control
X-Agile-Age
Fastly-SSL
X-UPSTREAM-Address
X-GoCache-CacheStatus
User-Cache-Control
X-Edge-Location
X-PHP-Host
X-Labrador-Cache-Channel
X-Cms-Context
X-Cdn-Srv
X-Cache-URL
X-BBXSRF
X-Azure-Ref
X-Cache-Tags
X-Clara-WADP
X-Core-Mission
X-AK-Request-ID
X-Cache-Info
X-Debug-Cache-Fetch
X-Air-Hostname
X-Debug-Cache-Store
X-Debug-Cookies
X-Micro-Cache
X-Request-URI
X-RateLimit-Remaining-Second
X-Server-W
X-Servername
X-Swa-Ws
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-OVcl
X-Origin-Expires
X-OVcl-Cache
X-Owner
X-Platform-Server
X-TH-Server
X-Trace-Id
X-Webstats-RespID
X-We-Are-Hiring
X-Backend-State
X-Cache-Expired-At
X-Var-Ttl
X-WADP-Cache
X-VServer
X-Up
X-TT-LOGID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Variation
X-Origin-Date
X-NX-Host
X-Generation-Time
X-Generated-In
X-GeoIP-City
X-Has-Esi
X-Hash
X-Gamma-Serve
X-FW-Version
X-Distributor
X-Dispatcher-Server
X-Epic-Correlation-Id
X-Fastly-Cache
X-Fetched-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Ms-Request-Id
X-LI-UUID
X-Ms-Version
X-Nginx-Cache-Key
X-NodeID
X-LI-Proto
X-Li-Pop
X-Irp-Debug
X-Instart-Isnd
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-Debug-Log
X-Debug-Cache-Expiry
Memcached
Mail-Subject
Locale
Platform
Request-Country
RNT-Time
RNT-Machine
Request-EU
Kp-EeAlive
Is-Eu
Cache-Host
Adler-Geo
Group
Cdncip
Cdnsip
IBM-Web2-Location
Country-Code
Server-ID
Heartbleed
True-Client-Country-4JS
Server-Int
We-Hiring
Ohc-Cache-HIT
V-Age
X-Trafficlayer-App-Name
X-Generated-On
AKAMAI
X-Gen-Mode
Web-Mar-Node
FNAC-ModuleRouting
X-Trafficlayer-App-Version
X-Thinkindot-L3
Wxu-Next-Commit
X-Hnp-Log
X-Req
X-Matched-Rule
X-Render-Time
Wxu-Next-Hostname
X-NU-AKA-ACS-Version
X-Service
X-ServiceProvider
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Level-Front-Cache
X-TA-CDN-Provider
ServerName
Wxu-Next-Region
X-Trafficlayer-App-Scope
Fastly-Backend-Name
Pragrma
Thinkindot-Control
PFcat
X-Core-Value
Thinkindot-CacheControl-Type
X-Reboot
Server-Host
X-Cache-Bucket
Thinkindot-CacheControl
X-Block-Status
Cache-Hits
X-Cache-Backend
X-Nginx-Cache
X-Lb-Id
S-Cnection
X-S-Maxage
X-Old-Content-Length
X-SERVER
X-User
X-App-Version
RequestId
X-Internal-Host
X-Response-By
X-Refresh
Powered-By-ChinaCache
X-Wa
X-Key
X-Sucuri-Cache
X-CSRF-TOKEN
X-Sucuri-ID
X-Tec-Api-Version
X-Tec-Api-Root
X-Ua
X-Varnish-Cacheable
X-Parent-Response-Time
X-NC
X-Tec-Api-Origin
X-Location
Origin
X-Pjax-Url
X-CF-Powered-By
X-Tb-Optimization-Total-Bytes-Saved
X-Node-Id
X-Cdn-Forward
X-Developer
User-Agent
X-Pf-Uncompressing
X-BACKEND-TTL
ProcessTime
X-B3-Parentspanid
X-CSRF-Token
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
Memory
X-LAGOON
X-Device-Os
X-NWS-UUID-VERIFY
X-Sn-Servicetimems
X-Via-CDN
X-Cache-Grace
X-Ocache
X-Cdn-Origin
SRV
X-Cache-Status-Check
On-Server
Geoip-City
PICS-Label
Geoip-Latitude
TTL
Hostname
X-Correlation-ID
X-Server-IP
X-MSEdge-Features
X-Vcl-Version
X-MSEdge-Flight
A
X-COUNTRY
X-NGINX-Cache
GeoIp-Country-Code
X-Unique-ID
X-Oracle-Dms-Rid
Cloudfront-Viewer-Country
X-Request-Host
X-B3-SpanId
X-Litespeed-Cache
X-Servedbyhost
X-Webkit-CSP
X-Cdn-Request-ID
M-TraceId
X-Varnish-Ttl
Media-Length
X-Ruxit-Js-Agent
XServer
X-TIME
X-Varnish-URL
Dnion-Transfer-Encoding
X-HS-Status
Cdn
X-Rocket-Nginx-Bypass
Tcn
X-FORWARDED-FOR
Resin-Trace
X-Via-Ucdn
Host-ID
SN
X-Ratelimit-Remaining
X-Beluga-Trace
X-Beluga-Record
X-Beluga-Node
X-Cache-Ttl
Who
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Beluga-Status
X-ServedByHost
HostName
CACHE
X-Sucuri-Id
X-Reqid
X-Slack-Backend
X-Action
Esi-Enabled
X-AIR-PT
X-Fastly-Country-Code
X-Processor
X-Planisys-CDN-TTL
X-VCL-Version
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Policy
X-Server-Time
Pramga
X-DW
X-RPM
X-DSS
X-DI
GeoIP-Country-Code
X-DB
X-PAYTM-SRV-ID
X-RPS
Arc-Country
X-RSL
X-Cache-FS-Status
X-Dispatch
CF-Cached-On
X-DC
X-ND-Cache
X-Hello
X-Skip-Cache
X-ABtesting
X-Azure-Ref-OriginShield
X-Flog
Ttl
GeoIP-Latitude
Pics-Label
GeoIP-City
X-Request-Start
X-LiteSpeed-Cache-Control
MIME-Version
X-Varnish-Url
X-VarnishDD-TTL
NtCoent-Length
Fastly-Drupal-HTML
Rt-Proxy-Cache
X-Edge-Server
Cdn-Request-Time
X-Served-From
Cdn-Host
Section-Origin-Responded
X-Fastly-Backend-Reqs
X-Bc-Bl
Section-Io-Origin-Time-Seconds
X-Newrelic-App-Data
X-FPC
X-DevSite-Last-Modified
X-Ratelimit-Limit
X-PF-Uncompressing
N-Cache
Section-Io-Origin-Status
Section-Io-Id
X-APP
Trailer
X-HostName
X-SRV
X-Backend-Host
X-Method
X-PJAX-URL
X-Bc
WebServer
Amp-Access-Control-Allow-Source-Origin
X-Zone
Magicmarker
X-Swift-Error
X-Dynatrace
X-BE
X-ZONE
X-BC
Fusion-Deployment-Id
Cteonnt-Length
X-Amzn-Remapped-Date
Processtime
X-Amzn-Remapped-Connection
Servername
X-Adobe-Source
X-Dynatrace-Js-Agent
X-ID
X-WA
FSS-Proxy
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
Cache-Provider
FSS-Cache
X-Fmm-Version
X-WR-MODIFICATION
X-Frame-Option
CDN
CF-IPCountry
X-Svr
X-Be
Dynatrace
X-StackifyID
X-Snapshot-Date
Requestid
X-LB-ID
Ohc-Response-Time
X-Branch-Name
X-Ftr-Cache-Host
X-CACHE-AGE
X-Tid
Lfy
X-Apw-Hits
X-Apw-Access-Token
V-Cache
X-Cc-Req-Id
X-Fastly-Cache-Hits
X-Cc-Via
X-Aicache-OS
X-Apw-Access-Action
Warning
D-Cc-Upstream
X-Fpc
X-Scheme
X-App
WZWS-RAY
Vix-Hermes-Req-Id
X-Request-Url
X-SB
X-VC
X-Apw-Access-Object
Load-Balancing
X-Litespeed-Cache-Control
L
X-Varnish-Beresp-TTL
Lb
X-Fastly-Cache-Status
X-Cache-Id
X-SN
X-Esi-Check
X-Compress-Hint
Correlation-Id
Pagetype
X-Check-Cacheable
X-Request-URL
X-Powered-Y
Proxy-Firewall
X-WPE-Loopback-Upstream-Addr
X-ElasticPress-Search
Cneonction
Backend-Name
WP-Super-Cache
X-Worker