Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
Xkey
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Ua-Compatible
X-Server
X-Age
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
P3p
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Styx-Req-Id
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Content-Location
Surrogate-Control
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-Ruxit-JS-Agent
X-ORACLE-DMS-ECID
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-DataDome
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
Allow
X-Country-Code
X-DynaTrace
X-Instart-Request-ID
X-FTR-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
Accept-Ch
Verso
Content-MD5
X-ESI
Service-Worker-Allowed
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-GitHub-Request-Id
X-B3-TraceId
X-Url
RTSS
Edge-Cache-Tag
X-Server-Name
X-D2id
X-Abt-Application-Version
X-Debug
AR-ATIME
AR-CACHE
Ar-Sid
AR-PoweredBy
AR-Request-ID
X-Px
X-Amz-Server-Side-Encryption
X-Vcache
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
Pagespeed
Response
Display
X-Middleton-Response
X-Middleton-Display
X-Sol
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Accel-Expires
X-Navigation-Version
X-MSEdge-Ref
X-Vcap-Request-Id
X-Amz-Rid
X-Server-ID
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
TCN
X-SharePointHealthScore
X-Powered-CMS
X-Fastcgi-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cdn
X-VARITI-CCR
X-Trace
Public-Key-Pins
Cache-Tag
X-Fastly-Request-ID
X-Client-IP
Realpath
Nginx-Cache
X-Edge-O15-RID
MS-Author-Via
X-Ser
Access-Control-Request-Method
X-DynaTrace-JS-Agent
X-Shard
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-Mrf-Item-Lastmod
X-Content-Type
SPIisLatency
SPRequestDuration
S
X-Id
X-Ezoic-Cdn
X-Upstream
X-Grace
X-Amzn-Trace-Id
X-Hp-Webp
X-T
X-Amz-Meta-S3cmd-Attrs
X-Jurisdiction
Nel
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
X-Forwarded-For
DynaTrace
X-Aspnet-Version
X-Cache-TTL
X-Varnish-Age
ServerID
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
MicrosoftSharePointTeamServices
X-Mobile-URL
X-FTR-Realm
X-DIS-Request-ID
X-FTR-Balancer
X-Dw-Request-Base-Id
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
NR-ENABLED
Server-Node
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Powered
X-Frontend
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
TP-Cache
TP-L2-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-Correlation-Id
X-CST
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
Upgrade-Insecure-Requests
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-Cache-Hit
X-ATS-Timestamp
Fastly-Restarts
X-URL
X-User-Agent
Refresh
X-Origin-Server
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Content-Options
X-Zen-Fury
X-Akamai-Edgescape
X-Rid
X-Revision
X-Page-Id
X-Varnish-Grace
X-Type
X-FTR-Cache-Host
X-Content-Powered-By
X-LB-Cache
X-XRDS-LOCATION
X-B
X-B3-Sampled
PB-RID
PB-PID
X-Geo-Country
X-Mobile-Rewrite
Arc-Version
X-Az
X-Activity-Id
X-AppVersion
Cache-Status
X-N
X-Kinsta-Cache
X-Cache-Age
X-Cache-Action
X-TT
X-WebKit-CSP-Report-Only
X-B-Cache
X-Instance
X-AOL-HN
X-Signature
Access-Control-Allow-Method
Actual-Object-TTL
X-Debug-Info
X-Load-Cache
Paypal-Debug-Id
X-Framework
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Jobs
X-App-Environment
X-FB-Debug
X-PHP-Backend
X-Request-Guid
X-Pad
X-Shield-Request-Id
X-Cached-By
X-Git-Hash
DC
Fastcgi-Useragent
X-Time
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Webkit-Csp
X-Amz-Replication-Status
X-RateLimit-Remaining
X-Varnish-Backend
Host-Header
Surrogate-Key
X-IPLB-Instance
MS-CV
X-Contextid
X-ATG-Version
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-WA-Info
Host
X-Webapp-Samesite-None-Activated-N
X-NWS-LOG-UUID
Accept-CH
X-Analytics
X-SS-Set-Cookie
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Cache-Key
X-FastCGI-Cache
X-Mobile
X-Via-JSL
X-Accel-Buffering
NGB
Tracecode
X-Response-Served-From
X-Kong-Proxy-Latency
X-Host-Name
X-Kong-Upstream-Latency
X-Cluster
X-Presslabs-Stats
X-B3-Traceid
X-Cache-NE
Payment
Source
Eomportal-Instance
WPE-Backend
X-FW-Hash
X-Cache-2
FilterID
X-Region
X-FW-Type
X-Origin-Response-Time
X-FW-Serve
X-FW-Static
X-FW-Server
X-Varnish-Hostname
X-Varnish-Server
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-GeoIP
Frame-Options
Cache-Tv-Group
Filters
X-IPS-LoggedIn
X-Cacheable-TTL
X-Cache-Enabled
X-Adobe-Loc
X-Adobe-Content
X-RequestSource
X-Is-Bot
X-Hostname
X-Cache-Operation
X-EdgeConnect-Cache-Status
X-Seen-By
X-Cache-Rule
X-Rendered-As
Retry-After
Xserver
X-TX-ID
Accept-CH-Lifetime
Server-Info
X-VCache
X-Srv
X-Cache-TTL-Remaining
X-NewRelic-App-Data
X-RemovedCookies
X-ProcessESI
Liferay-Portal
Cleartype
X-App-Server
X-Dc
X-L-Path
Ms-Operation-Id
X-RTag
X-Environment-Context
X-Source
X-FireWall-Port
X-Endurance-Cache-Level
X-UA
X-Handled-By
X-HTML-Minification-Powered-By
X-Upgrade-Enabled
Datacenter
From-Origin
X-Cache-Server
X-CACHE-KEY
X-APP-VERSION
X-Backend-Name
Srv
Accept-Charset
Cache
X-Esi
Meta-Geo
X-Cache-Var
X-Cache-Control
X-Cache-Var-Map
X-RN-RSRV
GEO-INFO
X-ES-SERVER
X-Wix-Request-Id
X-Path-Route
X-Format
X-Access
X-UUID
X-Tb
OT-Force-Account-Verify
X-Section
X-ShardId
Cache-Tags
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-PCL
Mn-Server-Ip
X-Proto
X-Status
X-Shopify-Generated-Cart-Token
X-ShopId
Azure-Version
Azure-SiteName
X-Sorting-Hat-PodId
X-OCL
X-Request-Time
Azure-RegionName
Version
X-EIG-Tracking-Id
Akamai-GRN
X-Origin
Azure-InstanceId
Healthy
X-Shopify-Stage
X-NYM-Debug-Backend
X-Sorting-Hat-ShopId
X-Cache-Config
Azure-SlotName
X-LJ-Flow-ID
NGX
DB-Nickname
Node
X-SayCDN-TTL
X-ServerID
Decoy-Debug-TTL
Decoy-Debug-Status
X-Soup
Decoy-Debug-Key
X-Proxy
X-Say-TTL
X-Time-Microsecs
X-BYPASS-REASON
X-FW-Dynamic
X-Redis-Cache
X-Say-Cacheable
X-FC-Vary-Parameters
X-VWS-Id
X-Debug-Cache
X-Web-Node
X-Content-Age
X-Cluster-Node
X-Pubstack
X-ProxyCache-Status
X-Hyper-Cache
X-Human
X-Akamai-Request-ID2
Origin-Edge-Control
Origin-Cache-Control
X-Viewer-Country
X-Hosted-By
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Generated-By
X-ProxyCache-Key
X-AWS-Id
X-Proxy-Cache-Status
Now
Ec-Rule-Version
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-BCube-Filmed-By
X-Amzn-Remapped-Content-Length
X-CCM
X-Hl-Ver
X-Generated
X-FB-TRIP-ID
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
Selected-Fe
TWC-Device-Class
Property-Id
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
TWC-Connection-Speed
X-JoinUs
X-Varnish-Hits
Cross-Origin-Window-Policy
X-Vgn-Hpd-Reason
X-SaId
X-Site-Version
X-Timing-Wait
X-Storage
X-Qloud-Router
X-Www-Served-By
X-MP-GENERATED-AT
X-Loop
X-TNCMS
X-Origin-Hint
X-Proxy-Build
X-PressLabs-Stats
X-Xfnlog-Site
X-Rule
X-Locale
X-RateLimit-Limit
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-NCache
S-Rt
X-Akamai-Transformed
X-Cache-Host
X-IP
X-Detected-As
X-Unique-Id
L5d-Success-Class
X-Drupal-Cache-Tags
Cache-Key
X-CS
Webserver
Cache-Name
Time
Uber-Trace-Id
X-UA-Device-Type
Viewport
X-Whom
X-Forwarded-Host
X-Backend-TTL
X-UnsetCookies
X-Mode
X-Origin-CC
X-CDN-Forward
X-NGENIX-Cache
X-Origin-TTL
Rt-Fastcgi-Cache
Accept-Language
X-Info
X-Daa-Tunnel
Content-Disposition
X-Varnish-Cache-Hits
X-B3-Spanid
Country
Mime-Version
X-Cache-Remote
Odigeo-Trace-Id
X-PERF
X-From
X-ApacheServer
ServedBy
X-Cluster-Name
X-Newrelic-Synthetics
Section-Io-Cache
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Drupal-Cache-Contexts
X-Proxied
VIX-Pulpo-Upstream-Status
X-Zipkin-Id
X-Microcachable
X-Device-Type
VIX-Pulpo-Node
X-Geo
X-Routing-Service
X-Via-Fastly
X-Ttl
X-TT-TIMESTAMP
X-EC-Lua
X-Uri
Proxy-Connection
Cf-Ipcountry
Ohc-File-Size
HitType
X-Nc
X-Destination
Mobile-Detection-Method
X-B-Cookie
X-External-Request-Id
X-Connection-Hash
X-A-Wwc
T-Server
Access-Control-Request-Headers
Meta-Geo-Continent
X-DPWN-IS-SECURE
Fastcgi-X-Cache-Version
X-A-Dcw
Rendered-Blocks
X-CF-Lambda-Fn
X-CF-Lambda-Version
Content-Style-Type
X-Vdms-Version
X-A-Dam
X-A-Dgt
GEO-REGION-INFO
X-VG-TLSProxy
Xc-Version
X-Region-Sid
X-VG-WebCache
Viewtype
VivaBuild
AsisCache
X-SRCache-Key
X-GeoIP-Country-Code
X-A
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
W
BehaviorPad-Version
X-G
Content-Script-Type
X-Twitter-Response-Tags
X-Trv-Group
X-VG-WebServer
X-Aed
Machine
X-Transaction
Apple-News-Services-Handled
Apple-News-Services-Request-Url
MD5-Digest
X-S
X-Geo-Header
X-ScT
X-A-Ccd
X-Application
X-S-Cookie
X-Rojux
X-Vtex-Processado-Em
X-ARC
X-Session-Fingerprint
X-Request-UUID
X-Rewrite-Enabled
X-D
X-Vtex-Remote-Cache
X-C
Ohc-Cache-HIT
X-UPSTREAM-Address
User-Cache-Control
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Edge-Location
X-No-Session
X-Eu-Site
Fastly-SSL
X-CUA
Environment
CDCHOST
X-Hit
X-Contensis-Viewer-Groups
X-Date
Locid
X-CGP
X-Rebelmouse-Cache-Control
X-Developers
X-Sigma
X-Sigma-Backend
X-App-Name
X-Rocket-Build-Number
Powered-By
HA-Ipaddr
X-SIPLIST1
X-Agile-Id
X-Tumblr-Pixel-3
X-VC-Cache
X-Varnish-Authentication
X-Accel-Expires-Debug
X-TrackingId
X-Agile-Age
X-Agile
Ha-Gx-Prefs
X-Rebelmouse-Surrogate-Control
IsBot
X-Wikidot-Static-Cache
Fastly-SWR
Fastly-Soc-X-Request-Id
X-Logging-Id
Fastly-SIE
Server-Cache-Control
X-Cache-ASPX
Server-Surrogate-Control
X-Wikidot-Backend
Gh-Request-Id
X-Distil-CS
X-Real-IP
Filterid
Geo-Info
X-Cache-Backend
X-GoCache-CacheStatus
X-Debug-Cookies
X-Debug-Log
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Bip
X-Block-Status
X-Cache-Bucket
X-Cache-Debug
X-BBXSRF
X-Backend-State
X-AK-Request-ID
X-Auto-Login
X-Azure-Ref
X-Cache-Info
X-Cache-Tags
X-Clientip
X-Cms-Context
X-Core-Mission
X-Clara-WADP
X-Cdn-Srv
X-Cache-Time
X-Cache-URL
X-Debug-Cache-Expiry
X-Micro-Cache
X-RateLimit-Limit-Second
X-We-Are-Hiring
X-RateLimit-Remaining-Second
X-Render-Time
X-WADP-Cache
X-Request-URI
X-WebServer
X-Proxy-Upstream
X-OVcl-Cache
X-OVcl
X-Owner
X-PHP-Host
X-Platform-Server
X-Webstats-RespID
X-Server-W
X-Servername
X-Up
X-TT-LOGID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Variation
X-User
X-Trace-Id
X-VServer
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Swa-Ws
X-TH-Server
X-Thanos
X-NX-Host
X-NU-AKA-ACS-Version
X-Generation-Time
X-Generated-In
X-GeoIP-City
X-Has-Esi
X-Hnp-Log
X-Hash
X-Gen-Mode
X-Gamma-Serve
X-Epic-Correlation-Id
X-Distributor
X-Fastly-Cache
X-Fetched-On
X-FW-Version
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-LI-UUID
X-LI-Proto
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-Nginx-Cache-Key
X-Li-Pop
X-Li-Fabric
X-Irp-Debug
X-Instart-Isnd
X-Is-Gdpr
X-JWT-State
X-Labrador-Cache-Channel
X-Dispatcher-Server
X-Air-Hostname
Platform
Memcached
Adler-Geo
Request-Country
Countrycode
Server-ID
RNT-Time
RNT-Machine
Mail-Subject
AKAMAI
Cache-Host
Cdncip
Cdnsip
Heartbleed
IBM-Web2-Location
Locale
Kp-EeAlive
Is-Eu
Server-Int
Request-EU
We-Hiring
Web-Mar-Node
V-Age
True-Client-Country-4JS
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Thinkindot-L3
X-Trafficlayer-App-Version
Country-Code
Wxu-Next-Region
X-Core-Value
Fastly-Backend-Name
X-Generated-On
Wxu-Next-Hostname
X-Level-Front-Cache
FNAC-ModuleRouting
X-Var-Ttl
Wxu-Next-Commit
ServerName
Server-Host
X-Origin-Expires
X-Reboot
Thinkindot-CacheControl
Thinkindot-Control
X-ServiceProvider
X-Origin-Date
X-Old-Content-Length
X-Req
X-Matched-Rule
X-Service
PFcat
Group
Thinkindot-CacheControl-Type
X-SERVER
X-Internal-Host
X-Lb-Id
Cache-Hits
X-S-Maxage
Pragrma
X-Cache-Expired-At
X-Nginx-Cache
S-Cnection
X-App-Version
X-Key
X-Response-By
X-Sucuri-Cache
X-Refresh
X-VHOST
Powered-By-ChinaCache
RequestId
X-Location
X-Ruxit-Js-Agent
X-CSRF-TOKEN
X-CF-Powered-By
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-TA-CDN-Provider
X-Parent-Response-Time
X-Wa
X-Sucuri-ID
ProcessTime
Origin
X-Varnish-Cacheable
X-Ua
X-Cdn-Forward
X-B3-Parentspanid
X-Pf-Uncompressing
X-Pjax-Url
Memory
User-Agent
X-Via-CDN
X-BACKEND-TTL
X-CSRF-Token
Geoip-Latitude
X-Developer
Geoip-City
SRV
X-Ocache
X-Sn-Servicetimems
X-Correlation-ID
X-Cdn-Origin
X-Cache-Grace
X-Server-IP
GeoIp-Country-Code
X-Device-Os
PICS-Label
X-LAGOON
TTL
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-B3-SpanId
X-Oss-Request-Id
X-Oss-Storage-Class
X-Node-Id
On-Server
X-NWS-UUID-VERIFY
X-COUNTRY
X-NGINX-Cache
X-Cache-Status-Check
X-Vcl-Version
X-Unique-ID
X-TIME
X-FORWARDED-FOR
Hostname
X-MSEdge-Flight
A
XServer
X-MSEdge-Features
X-Request-Host
X-Servedbyhost
X-Webkit-CSP
X-Litespeed-Cache
Cloudfront-Viewer-Country
Media-Length
X-Cdn-Request-ID
X-Varnish-Ttl
SN
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
M-TraceId
Tcn
X-Via-Ucdn
X-HS-Status
X-Sucuri-Id
Host-ID
Resin-Trace
X-Varnish-URL
Cdn
X-Ratelimit-Remaining
X-AIR-PT
X-Reqid
X-Beluga-Status
X-Beluga-Trace
Esi-Enabled
X-Beluga-Node
X-Beluga-Record
X-Beluga-Cache-Status
X-Cache-Ttl
X-Beluga-Response-Time
X-ServedByHost
Who
HostName
X-Slack-Backend
X-Fastly-Country-Code
X-Policy
CF-Cached-On
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
CACHE
X-Azure-Ref-OriginShield
X-VCL-Version
X-Action
X-Request-Start
MIME-Version
X-Processor
Arc-Country
GeoIP-Country-Code
Rt-Proxy-Cache
Pics-Label
X-Cache-FS-Status
X-Server-Time
X-PAYTM-SRV-ID
X-RPM
X-RPS
Ttl
X-RSL
X-DSS
X-DW
X-Dispatch
Pramga
X-DI
X-DB
X-Oracle-Dms-Rid
X-Newrelic-App-Data
X-LiteSpeed-Cache-Control
X-Hello
X-ND-Cache
GeoIP-Latitude
X-Flog
GeoIP-City
X-Zone
X-Skip-Cache
X-Fastly-Backend-Reqs
X-SRV
X-Bc
X-Varnish-Url
NtCoent-Length
X-ABtesting
X-DC
X-Edge-Server
Magicmarker
Fastly-Drupal-HTML
X-FPC
X-Served-From
X-PF-Uncompressing
Cdn-Host
Cdn-Request-Time
X-PJAX-URL
X-Ratelimit-Limit
X-APP
X-Method
X-VarnishDD-TTL
X-HostName
N-Cache
Amp-Access-Control-Allow-Source-Origin
X-Bc-Bl
Cteonnt-Length
X-DevSite-Last-Modified
WebServer
Section-Io-Id
Section-Io-Origin-Status
X-Ftr-Cache-Host
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Backend-Host
X-Dynatrace
Processtime
X-BE
X-Dynatrace-Js-Agent
Servername
X-Swift-Error
X-Be
Requestid
X-Svr
CDN
Ohc-Response-Time
X-Amzn-Remapped-Connection
Cache-Provider
X-WA
X-Amzn-Remapped-Date
X-ID
X-WR-MODIFICATION
X-Frame-Option
X-Branch-Name
X-Snapshot-Date
X-LB-ID
FSS-Cache
X-Fmm-Version
Load-Balancing
FSS-Proxy
X-StackifyID
Dynatrace
X-Aicache-OS
X-BC
CF-IPCountry
X-ZONE
X-Adobe-Source
Cache-Cookie-Set-Idcheck
Vix-Hermes-Req-Id
Cache-Cookie-Set-Lfrom
Lfy
Cache-Cookie-Set-From
X-CACHE-AGE
Fusion-Deployment-Id
X-Scheme
X-Tid
WZWS-RAY
V-Cache
Proxy-Firewall
X-Apw-Access-Object
X-Apw-Access-Action
X-Fastly-Cache-Hits
X-Apw-Access-Token
X-Request-Url
X-Apw-Hits
Pagetype
X-SB
X-Cc-Req-Id
X-Cc-Via
D-Cc-Upstream
Warning
X-VC
DSUID
X-Litespeed-Cache-Control
X-MServer
X-Node-ID
X-Check-Cacheable
Cneonction
X-Hp-Ccpa-Warning
X-Fastly-Cache-Status
X-VCT
X-Configured-By
X-Fpc
Trailer
X-Request-URL
Backend-Name
X-ElasticPress-Search
WP-Super-Cache
X-Worker
Release
X-Powered-Y
X-WPE-Loopback-Upstream-Addr
Correlation-Id
X-App
X-Varnish-Beresp-TTL