Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
X-Xss-Protection
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Server
X-Age
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
P3p
Cf-Railgun
X-Swift-CacheTime
Grace
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-Cache-Lookup
X-HW
X-Ruxit-JS-Agent
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-DataDome
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-TTL
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
Accept-Ch
X-Vname
X-TtlSet
X-PC
X-ESI
Verso
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Cdn-Fetch
X-Exp-Id
X-Kinja
X-Kinja-Build
X-Kinja-Revision
X-Exp-Variant
X-Use-Magma
X-Kinja-Server
X-GoogleNews-Bot
X-GitHub-Request-Id
Edge-Cache-Tag
X-Vcache
RTSS
X-Server-Name
X-Abt-Application-Version
X-Debug
AR-CACHE
AR-ATIME
X-Px
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-D2id
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
Pagespeed
X-Middleton-Display
Response
X-Middleton-Response
Display
X-Sol
X-Accel-Expires
X-Fastcgi-Cache
X-MSEdge-Ref
X-Amz-Rid
X-Vcap-Request-Id
Arr-Disable-Session-Affinity
X-Server-ID
X-Pinterest-Rid
Pinterest-Version
X-Navigation-Version
TCN
X-SharePointHealthScore
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cdn
X-VARITI-CCR
X-Trace
Public-Key-Pins
Cache-Tag
X-Fastly-Request-ID
Realpath
X-Client-IP
Nginx-Cache
MS-Author-Via
X-Ser
Access-Control-Request-Method
X-Edge-O15-RID
Mrf-Cache-Status
MRF-Tech
X-Mrf-Section-Lastmod
X-Shard
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
SPIisLatency
SPRequestDuration
S
X-Content-Type
X-Upstream
X-Id
X-Grace
X-Ezoic-Cdn
X-Hp-Webp
X-Amzn-Trace-Id
X-DynaTrace-JS-Agent
X-Forwarded-For
X-Jurisdiction
X-Amz-Meta-S3cmd-Attrs
X-T
Nel
X-Hits
Front-End-Https
Fastcgi-Cache
X-Recruiting
X-Aspnet-Version
DynaTrace
X-Cache-TTL
X-Varnish-Age
ServerID
X-Element-Page-Cache
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Node-Name
X-Content-Digest
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend
X-FTR-Cache-Status
X-DIS-Request-ID
X-Dw-Request-Base-Id
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
Server-Node
NR-ENABLED
Powered
X-Frontend
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
TP-L2-Cache
TP-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
X-Correlation-Id
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-XRDS-Location
X-Request-Handler-Origin-Region
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Cache-Hit
Fastly-Restarts
X-User-Agent
X-Origin-Server
X-F-Cache
X-Content-Options
X-Page-Id
X-Rid
Refresh
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-Revision
X-Zen-Fury
X-Varnish-Grace
X-Type
X-FTR-Cache-Host
X-LB-Cache
X-Content-Powered-By
X-XRDS-LOCATION
X-B
X-Geo-Country
X-B3-Sampled
X-URL
PB-RID
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Az
X-AppVersion
X-Activity-Id
Cache-Status
X-Kinsta-Cache
X-Cache-Age
X-N
X-Cache-Action
X-TT
X-B-Cache
X-Signature
X-Instance
X-Debug-Info
Access-Control-Allow-Method
X-AOL-HN
Actual-Object-TTL
X-Framework
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Jobs
X-Tumblr-User
X-WebKit-CSP-Report-Only
X-App-Environment
Paypal-Debug-Id
X-Time
X-Pad
X-Request-Guid
X-FB-Debug
X-Cached-By
X-Load-Cache
X-Shield-Request-Id
X-PHP-Backend
X-Git-Hash
Fastcgi-Useragent
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Webkit-Csp
X-RateLimit-Remaining
X-Amz-Replication-Status
X-Varnish-Backend
Surrogate-Key
X-IPLB-Instance
Host-Header
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
MS-CV
X-ATG-Version
X-WA-Info
Host
X-NWS-LOG-UUID
X-Webapp-Samesite-None-Activated-N
X-SS-Set-Cookie
X-Analytics
FilterID
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Mobile
Tracecode
X-Response-Served-From
NGB
X-Accel-Buffering
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Payment
X-Host-Name
X-Cluster
X-Cache-NE
X-Origin-Response-Time
Xserver
X-Varnish-Server
Source
WPE-Backend
X-FW-Type
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
Frame-Options
X-Tumblr-Pixel-2
X-Region
X-Varnish-Hostname
X-Cache-2
X-IPS-LoggedIn
Eomportal-Instance
X-Cache-Key
X-Tumblr-Pixel-1
X-Cache-Enabled
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-GeoIP
Accept-CH
X-Seen-By
X-Is-Bot
X-Rendered-As
X-Cache-Rule
Cache-Tv-Group
Filters
X-Srv
X-RequestSource
X-Cache-Operation
Retry-After
X-NewRelic-App-Data
X-Hostname
X-EdgeConnect-Cache-Status
X-Presslabs-Stats
X-TX-ID
X-FastCGI-Cache
Server-Info
Liferay-Portal
X-Cache-TTL-Remaining
Cleartype
X-App-Server
X-ProcessESI
X-RemovedCookies
X-B3-Traceid
Accept-CH-Lifetime
X-Environment-Context
X-L-Path
X-CACHE-KEY
Ms-Operation-Id
X-RTag
X-Source
X-FireWall-Port
X-HTML-Minification-Powered-By
Datacenter
X-Dc
X-Endurance-Cache-Level
X-Handled-By
From-Origin
X-Upgrade-Enabled
X-Cache-Server
X-UA
X-VCache
X-Backend-Name
Srv
X-PressLabs-Stats
Accept-Charset
Cache
X-Cache-Control
X-Path-Route
Meta-Geo
X-Wix-Request-Id
X-Cache-Var-Map
X-ES-SERVER
X-Cache-Var
X-RN-RSRV
X-Tb
X-Proxy-Build
X-APP-VERSION
Selected-Fe
X-Timing-Wait
OT-Force-Account-Verify
X-Format
X-Status
X-EIG-Tracking-Id
X-Content-Age
X-Cache-Config
X-FC-Vary-Parameters
X-UUID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Section
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Mn-Server-Ip
X-ShardId
X-Sorting-Hat-PodId
Azure-Version
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-ShopId
X-Request-Time
Azure-SlotName
Version
Akamai-GRN
X-NYM-Debug-Backend
X-Alternate-Cache-Key
X-OCL
X-Origin
X-Access
X-Shopify-Stage
X-Akamai-Request-ID
X-Proto
X-PCL
Origin-Edge-Control
Cache-Tags
X-AWS-Id
X-BYPASS-REASON
X-Yottaa-Metrics
DB-Nickname
NGX
Ec-Rule-Version
Node
Now
Origin-Cache-Control
X-Yottaa-Optimizations
X-ServerID
X-SaId
X-Proxy-Cache-Status
X-Time-Microsecs
X-Pubstack
X-LJ-Flow-ID
X-ProxyCache-Key
Healthy
X-Say-TTL
X-ProxyCache-Status
X-Say-Cacheable
X-Soup
X-JoinUs
X-Vgn-Hpd-Reason
X-FW-Dynamic
X-Web-Node
X-Qloud-Router
X-Debug-Cache
X-Cluster-Node
X-Generated-By
X-VWS-Id
X-Hyper-Cache
X-Human
X-Hosted-By
X-Viewer-Country
X-SayCDN-TTL
X-Redis-Cache
X-Varnish-Hits
X-Www-Served-By
X-TNCMS
X-Storage
Property-Id
X-Site-Version
Webcakes-App-Name
X-Loop
X-Origin-Hint
X-Proxy
X-Amzn-Remapped-Content-Length
X-BCube-Filmed-By
X-FB-TRIP-ID
X-Generated
X-Hl-Ver
X-Akamai-Request-ID2
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
X-CCM
TWC-Connection-Speed
Decoy-Debug-TTL
Cross-Origin-Window-Policy
X-RateLimit-Limit
Decoy-Debug-Key
Decoy-Debug-Status
GEO-INFO
X-Xfnlog-Site
S-Rt
X-Rule
X-RCS-CacheZone
X-NCache
X-Akamai-Transformed
X-Locale
X-Cache-Host
X-R9-Blue-Green-Version
X-Detected-As
X-IP
X-MP-GENERATED-AT
X-Unique-Id
L5d-Success-Class
X-Esi
X-Drupal-Cache-Tags
X-CS
Cache-Key
X-Ttl
Webserver
Cache-Name
Uber-Trace-Id
Time
X-UA-Device-Type
X-UnsetCookies
X-Backend-TTL
Viewport
X-Whom
X-NGENIX-Cache
X-Daa-Tunnel
X-Mode
Mime-Version
X-Forwarded-Host
X-CDN-Forward
X-Origin-TTL
Rt-Fastcgi-Cache
X-Origin-CC
X-Info
X-Cache-Remote
X-Varnish-Cache-Hits
Content-Disposition
X-PERF
X-ApacheServer
Odigeo-Trace-Id
X-From
Accept-Language
ServedBy
X-B3-Spanid
X-Newrelic-Synthetics
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Cluster-Name
Section-Io-Cache
Country
X-Drupal-Cache-Contexts
X-Geo
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Routing-Service
X-Device-Type
X-Proxied
X-TT-TIMESTAMP
X-Zipkin-Id
X-Uri
Proxy-Connection
X-Microcachable
Cf-Ipcountry
X-EC-Lua
Ohc-File-Size
Geo-Info
X-Via-Fastly
HitType
X-Nc
Content-Script-Type
AsisCache
BehaviorPad-Version
Content-Style-Type
Fastcgi-X-Cache-Version
X-Region-Sid
X-Destination
X-Geo-Header
Apple-News-Services-Request-Url
W
Apple-News-Services-Handled
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-GeoIP-Country-Code
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Date
Access-Control-Request-Headers
X-Transaction
X-Vdms-Version
X-VG-TLSProxy
X-VG-WebCache
X-VG-WebServer
X-A-Wwc
X-Accel-Expires-Debug
X-Twitter-Response-Tags
X-ARC
X-Application
X-Aed
T-Server
X-Vtex-Processado-Em
X-A
Viewtype
VivaBuild
Xc-Version
X-A-Ccd
X-A-Dam
X-Vtex-Remote-Cache
X-A-Dgt
X-A-Dcw
Rendered-Blocks
X-B-Cookie
X-ScT
GEO-REGION-INFO
X-D
X-Session-Fingerprint
X-S-Cookie
X-S
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Rojux
X-Sigma
X-Sigma-Backend
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-Trv-Group
X-CF-Lambda-Fn
Machine
X-Connection-Hash
X-SRCache-Key
X-CF-Lambda-Version
X-Request-UUID
X-Varnish-Beresp-Ttl
X-UPSTREAM-Address
X-Varnish-Beresp-Status
X-Edge-Location
User-Cache-Control
X-Varnish-Beresp-Grace
Ohc-Cache-HIT
HA-Ipaddr
X-Contensis-Viewer-Groups
X-Clientip
Locid
X-CGP
IsBot
X-SIPLIST1
Gh-Request-Id
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Distil-CS
Countrycode
Environment
X-Thanos
X-CUA
Fastly-SWR
Ha-Gx-Prefs
X-Bip
X-Varnish-Authentication
X-Agile
Server-Cache-Control
Server-Surrogate-Control
X-WebServer
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Agile-Age
X-Agile-Id
CDCHOST
X-Cache-ASPX
X-Cache-Debug
Powered-By
X-Auto-Login
X-App-Name
X-Tumblr-Pixel-3
X-TrackingId
Fastly-SIE
X-Eu-Site
X-Real-IP
X-Hit
X-Logging-Id
Fastly-SSL
X-GoCache-CacheStatus
X-C
X-Cache-Time
X-No-Session
X-Azure-Ref
X-Up
X-Micro-Cache
X-Ms-Request-Id
X-Ms-Version
X-Cache-Bucket
X-NodeID
X-Cache-Info
X-Nginx-Cache-Key
X-Block-Status
X-Hnp-Log
X-Backend-State
X-Hash
X-TT-LOGID
X-IN-APIGATEWAY
X-LI-Proto
X-We-Are-Hiring
X-WADP-Cache
X-Webstats-RespID
X-Li-Pop
X-Labrador-Cache-Channel
We-Hiring
Web-Mar-Node
X-VServer
X-VC-Cache
X-IN-APIGATEWAYSSL
X-Cache-Tags
X-Air-Hostname
X-Instart-Isnd
X-Irp-Debug
X-LI-UUID
X-Variation
X-AK-Request-ID
X-Cdn-Srv
X-Debug-Cookies
X-Debug-Log
X-Epic-Correlation-Id
X-Debug-Cache-Store
X-Render-Time
X-Debug-Cache-Expiry
X-Li-Fabric
X-Debug-Cache-Fetch
X-OVcl
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Platform-Server
X-Distributor
X-Owner
X-Developers
X-Dispatcher-Server
X-OVcl-Cache
X-Request-URI
X-Server-W
X-Swa-Ws
X-Gen-Mode
X-Clara-WADP
X-Generated-In
X-TH-Server
X-Trace-Id
X-PHP-Host
X-NU-AKA-ACS-Version
X-Gamma-Serve
X-NX-Host
X-Core-Mission
X-Origin-Expires
X-Servername
X-Fastly-Cache
X-Origin-Date
X-FW-Version
X-Fetched-On
X-Cache-URL
X-BBXSRF
RNT-Time
Cdnsip
Server-ID
Memcached
Cdncip
RNT-Machine
Request-Country
Request-EU
Cache-Host
Mail-Subject
Kp-EeAlive
Server-Int
Is-Eu
Platform
V-Age
IBM-Web2-Location
Fastly-Soc-X-Request-Id
True-Client-Country-4JS
Country-Code
Adler-Geo
X-Cache-Backend
X-App-Version
AKAMAI
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
Locale
Fastly-Backend-Name
FNAC-ModuleRouting
X-Req
Heartbleed
X-Cms-Context
X-Old-Content-Length
X-Urbn-Context-Path
ServerName
X-JWT-State
X-Cache-Expired-At
X-Var-Ttl
Wxu-Next-Region
X-Is-Gdpr
Wxu-Next-Commit
Wxu-Next-Hostname
Group
X-Has-Esi
X-User
X-Generation-Time
X-Urbn-Site-Id
X-GeoIP-City
Filterid
X-Nginx-Cache
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Reboot
X-SERVER
X-Matched-Rule
X-Level-Front-Cache
X-Lb-Id
X-Generated-On
X-Service
Thinkindot-CacheControl
X-Trafficlayer-App-Version
Server-Host
Pragrma
PFcat
X-Thinkindot-L3
X-ServiceProvider
Thinkindot-Control
X-Internal-Host
Thinkindot-CacheControl-Type
X-S-Maxage
X-Core-Value
S-Cnection
RequestId
X-Key
Cache-Hits
X-VHOST
X-Sucuri-Cache
X-Response-By
X-Refresh
X-CSRF-TOKEN
Powered-By-ChinaCache
X-Location
X-Ruxit-Js-Agent
X-Ua
X-CF-Powered-By
X-TA-CDN-Provider
X-Tec-Api-Version
X-Wa
X-Parent-Response-Time
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-Tec-Api-Root
X-Tec-Api-Origin
X-Sucuri-ID
X-Pjax-Url
Origin
ProcessTime
X-Varnish-Cacheable
X-Cdn-Forward
X-B3-Parentspanid
Memory
X-BACKEND-TTL
X-Via-CDN
User-Agent
X-CSRF-Token
X-Pf-Uncompressing
X-Developer
X-Node-Id
SRV
Geoip-Latitude
X-LAGOON
X-Device-Os
X-Server-IP
TTL
Geoip-City
X-NWS-UUID-VERIFY
X-Correlation-ID
X-Ocache
X-B3-SpanId
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Cache-Grace
On-Server
X-NGINX-Cache
X-Vcl-Version
X-Sn-Servicetimems
X-Cdn-Origin
PICS-Label
X-COUNTRY
GeoIp-Country-Code
X-Unique-ID
Hostname
A
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
X-Cache-Status-Check
X-Servedbyhost
X-Webkit-CSP
X-Litespeed-Cache
X-Cdn-Request-ID
Media-Length
Cloudfront-Viewer-Country
Dnion-Transfer-Encoding
X-Varnish-Ttl
X-TIME
XServer
M-TraceId
X-Rocket-Nginx-Bypass
SN
Cdn
Tcn
X-Via-Ucdn
X-FORWARDED-FOR
X-Sucuri-Id
Resin-Trace
X-HS-Status
X-Varnish-URL
X-Ratelimit-Remaining
X-ServedByHost
X-Beluga-Cache-Status
Host-ID
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Node
X-AIR-PT
X-Cache-Ttl
X-Beluga-Record
X-Reqid
Esi-Enabled
Who
X-Beluga-Response-Time
HostName
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
CF-Cached-On
X-Slack-Backend
X-Fastly-Country-Code
X-Policy
X-Planisys-CDN-Rules
X-Request-Start
X-VCL-Version
GeoIP-Country-Code
X-Action
X-Azure-Ref-OriginShield
CACHE
X-DC
X-DW
X-RPS
X-DSS
X-RPM
X-PAYTM-SRV-ID
X-Server-Time
Ttl
GeoIP-Latitude
GeoIP-City
X-Processor
Pics-Label
Rt-Proxy-Cache
X-DB
Arc-Country
X-RSL
X-DI
X-Oracle-Dms-Rid
X-Dynatrace-Js-Agent
MIME-Version
X-LiteSpeed-Cache-Control
X-Fastly-Backend-Reqs
NtCoent-Length
X-ND-Cache
X-Bc
X-Varnish-Url
X-Dispatch
X-Hello
X-Cache-FS-Status
X-Zone
X-Flog
X-ABtesting
Pramga
X-Edge-Server
Cdn-Host
Fastly-Drupal-HTML
X-PF-Uncompressing
X-Method
X-Ratelimit-Limit
Cdn-Request-Time
X-Skip-Cache
X-VarnishDD-TTL
X-APP
X-Newrelic-App-Data
Magicmarker
X-HostName
X-Datadome
X-PJAX-URL
X-FPC
X-Bc-Bl
Cteonnt-Length
N-Cache
X-Served-From
Amp-Access-Control-Allow-Source-Origin
X-DevSite-Last-Modified
WebServer
X-SRV
Section-Origin-Responded
Section-Io-Id
X-Swift-Error
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Ftr-Cache-Host
Trailer
X-Amzn-Remapped-Date
X-Backend-Host
Processtime
X-Amzn-Remapped-Connection
X-Dynatrace
X-BE
Servername
X-WA
X-Svr
Ohc-Response-Time
X-ID
X-Be
Cache-Provider
X-WR-MODIFICATION
X-Frame-Option
CDN
X-Branch-Name
X-Aicache-OS
X-BC
Vix-Hermes-Req-Id
Dynatrace
X-Adobe-Source
X-ZONE
CF-IPCountry
X-LB-ID
X-Fmm-Version
Requestid
Load-Balancing
FSS-Cache
FSS-Proxy
X-StackifyID
Lfy
X-Snapshot-Date
X-CACHE-AGE
Fusion-Deployment-Id
WZWS-RAY
Pagetype
X-Tid
Proxy-Firewall
X-Apw-Access-Object
X-VC
Warning
D-Cc-Upstream
X-SB
X-Request-Url
X-Fastly-Cache-Hits
V-Cache
X-Scheme
X-Cc-Via
X-Cc-Req-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Apw-Hits
X-Apw-Access-Action
X-Apw-Access-Token
DSUID
X-MServer
X-Litespeed-Cache-Control
Release
X-WPE-Loopback-Upstream-Addr
Cneonction
X-Fpc
X-VCT
X-Request-URL
X-Worker
X-Powered-Y
WP-Super-Cache
X-ElasticPress-Search
X-Check-Cacheable
X-App
X-Fastly-Cache-Status
X-Hp-Ccpa-Warning
Backend-Name
Correlation-Id
X-Varnish-Beresp-TTL
X-Configured-By