Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
CF-Ray
X-Via
X-Backend
X-Ua-Compatible
X-Server
X-Age
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Ws-Request-Id
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Styx-Req-Id
X-Server-Id
X-Device
X-Host
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-DataDome
NEL
X-Mod-Pagespeed
X-Dns-Prefetch-Control
X-Rack-Cache
Rating
X-Country
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
Allow
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-GitHub-Request-Id
RTSS
Edge-Cache-Tag
X-D2id
X-Abt-Application-Version
X-Debug
X-Px
AR-ATIME
X-Server-Name
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
X-Vcache
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Accel-Expires
Display
X-Middleton-Display
X-Middleton-Response
Pagespeed
Response
X-Sol
X-Vcap-Request-Id
X-Fastcgi-Cache
X-MSEdge-Ref
X-Navigation-Version
X-Amz-Rid
Arr-Disable-Session-Affinity
Pinterest-Version
X-Pinterest-Rid
X-SharePointHealthScore
X-Powered-CMS
TCN
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Cdn
X-VARITI-CCR
X-Trace
Public-Key-Pins
Cache-Tag
Realpath
X-Client-IP
X-Fastly-Request-ID
Access-Control-Request-Method
X-Ser
MS-Author-Via
Nginx-Cache
X-Server-ID
X-Shard
X-Edge-O15-RID
X-DynaTrace-JS-Agent
S
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
SPIisLatency
SPRequestDuration
X-Mrf-Item-Lastmod
X-Id
X-Upstream
X-Content-Type
X-Ezoic-Cdn
X-Hp-Webp
X-Amzn-Trace-Id
X-Grace
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
X-Recruiting
X-Hits
DynaTrace
Fastcgi-Cache
X-Jurisdiction
X-Aspnet-Version
X-Cache-TTL
X-Varnish-Age
ServerID
MicrosoftSharePointTeamServices
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
X-FTR-Backend
X-Country-Code-Real
X-Content-Digest
X-Dw-Request-Base-Id
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Realm
X-FTR-Expires
X-FTR-DC
X-DIS-Request-ID
X-FTR-Cache-Status
NR-ENABLED
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
Server-Node
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Frontend
Powered
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Stored-Content-Length
TP-L2-Cache
TP-Cache
Alternate-Protocol
Server-Name
X-Logged-In
X-CST
X-XRDS-Location
X-Request-Processing-Time
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Handler-Origin-Region
X-Microsite
X-Correlation-Id
Backend-Timing
X-ATS-Timestamp
X-Cache-Hit
X-F-Cache
X-Origin-Server
X-User-Agent
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
Refresh
X-Page-Id
X-Rid
X-Revision
Fastly-Restarts
X-Zen-Fury
X-Type
X-Varnish-Grace
X-Content-Powered-By
X-XRDS-LOCATION
X-B3-Sampled
X-FTR-Cache-Host
X-B
X-LB-Cache
X-URL
PB-RID
PB-PID
X-Az
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Mobile-Rewrite
Arc-Version
Cache-Status
X-Kinsta-Cache
X-N
X-Cache-Age
X-Pad
X-Shield-Request-Id
X-TT
X-Cache-Action
X-AOL-HN
X-Signature
X-Instance
X-B-Cache
X-WebKit-CSP-Report-Only
Paypal-Debug-Id
X-Framework
X-Jobs
X-Debug-Info
Access-Control-Allow-Method
Actual-Object-TTL
X-FB-Debug
X-Time
X-Tumblr-User
X-Load-Cache
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Environment
X-PHP-Backend
DC
X-Request-Guid
X-Git-Hash
X-Cached-By
Fastcgi-Useragent
X-Webkit-Csp
X-RateLimit-Remaining
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Varnish-Backend
X-Webapp-Samesite-None-Activated-N
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Amz-Replication-Status
X-Erf-Bev-Bev
X-IPLB-Instance
Host-Header
MS-CV
X-Analytics
X-Contextid
X-ATG-Version
X-SS-Set-Cookie
X-WA-Info
FilterID
Host
X-NWS-LOG-UUID
X-Mobile
X-Response-Served-From
X-ORACLE-APMCS-REQUEST-ID
Tracecode
X-ORACLE-APMCS-TAG
X-Accel-Buffering
NGB
WPE-Backend
X-Kong-Upstream-Latency
X-Via-JSL
X-Kong-Proxy-Latency
Payment
X-Cluster
X-Host-Name
X-Cache-NE
Xserver
Source
X-FW-Type
X-Region
X-Varnish-Server
X-FW-Static
X-FW-Server
X-FW-Hash
X-FW-Serve
X-Cache-2
Eomportal-Instance
X-Cache-Key
Frame-Options
X-GeoIP
X-Varnish-Hostname
X-Origin-Response-Time
Filters
Cache-Tv-Group
X-Cacheable-TTL
X-Adobe-Loc
X-Adobe-Content
X-IPS-LoggedIn
X-Srv
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-RequestSource
X-Cache-Enabled
X-Cache-Rule
X-Cache-Operation
X-Seen-By
X-Rendered-As
X-Is-Bot
X-Hostname
X-TX-ID
X-Presslabs-Stats
Retry-After
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
X-FastCGI-Cache
Server-Info
X-VCache
Cleartype
X-Cache-TTL-Remaining
X-ProcessESI
X-RemovedCookies
Accept-CH
Liferay-Portal
X-B3-Traceid
X-CACHE-KEY
X-RTag
Ms-Operation-Id
X-Dc
X-App-Server
X-L-Path
X-Environment-Context
X-Source
X-UA
X-FireWall-Port
X-HTML-Minification-Powered-By
Datacenter
X-Endurance-Cache-Level
From-Origin
X-Upgrade-Enabled
X-Handled-By
X-Cache-Server
Cache
Accept-CH-Lifetime
X-PressLabs-Stats
X-Backend-Name
Srv
X-Cache-Control
Healthy
X-Wix-Request-Id
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-RN-RSRV
X-ES-SERVER
Meta-Geo
X-Status
OT-Force-Account-Verify
X-Tb
X-Format
X-APP-VERSION
X-Access
Accept-Charset
Selected-Fe
X-Proxy-Build
Version
X-Timing-Wait
X-Section
X-Cache-Config
X-ShopId
X-Akamai-Request-ID
X-EIG-Tracking-Id
Azure-SiteName
X-Request-Time
X-ShardId
X-Alternate-Cache-Key
X-NYM-Debug-Backend
Azure-InstanceId
X-Content-Age
Akamai-GRN
X-UUID
X-Origin
Azure-RegionName
X-Shopify-Stage
Mn-Server-Ip
Cache-Tags
Azure-Version
Azure-SlotName
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-ShopId
X-BYPASS-REASON
X-Akamai-Request-ID2
X-Yottaa-Metrics
Now
Node
X-AWS-Id
NGX
X-Yottaa-Optimizations
Ec-Rule-Version
DB-Nickname
X-SaId
X-Hyper-Cache
X-PCL
X-Hl-Ver
X-ProxyCache-Status
X-OCL
X-ProxyCache-Key
X-LJ-Flow-ID
X-JoinUs
X-Proxy-Cache-Status
X-VWS-Id
X-Vgn-Hpd-Reason
X-Qloud-Router
X-FW-Dynamic
X-Time-Microsecs
X-RateLimit-Limit
X-Storage
X-Cluster-Node
X-FC-Vary-Parameters
X-ServerID
X-Soup
X-Pubstack
Origin-Cache-Control
X-TNCMS
Origin-Edge-Control
X-Viewer-Country
Property-Id
X-Web-Node
X-MP-GENERATED-AT
X-Origin-Hint
X-Varnish-Hits
TWC-Connection-Speed
X-SayCDN-TTL
X-Loop
Webcakes-App-Name
X-Amzn-Remapped-Content-Length
X-Generated-By
X-Hosted-By
X-BCube-Filmed-By
X-Say-Cacheable
X-Debug-Cache
X-Proxy
X-FB-TRIP-ID
X-Human
X-Say-TTL
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Privacy
X-CCM
X-Www-Served-By
Webcakes-Region
Webcakes-App-Version
TWC-Device-Class
Decoy-Debug-TTL
Decoy-Debug-Key
Cross-Origin-Window-Policy
Decoy-Debug-Status
GEO-INFO
S-Rt
X-R9-Blue-Green-Version
X-Cache-Host
X-Xfnlog-Site
X-RCS-CacheZone
X-Site-Version
X-Akamai-Transformed
X-Locale
X-Generated
X-Rule
X-Redis-Cache
X-IP
X-NCache
X-Detected-As
L5d-Success-Class
X-CS
X-Esi
Cache-Name
X-Drupal-Cache-Tags
X-Unique-Id
Webserver
Viewport
Time
Cache-Key
Uber-Trace-Id
X-UA-Device-Type
X-UnsetCookies
X-Mode
Mime-Version
X-Forwarded-Host
Accept-Language
X-Cache-Remote
Rt-Fastcgi-Cache
X-Whom
X-Origin-CC
X-Origin-TTL
X-Daa-Tunnel
X-NGENIX-Cache
X-From
Country
Content-Disposition
X-Info
X-Backend-TTL
X-CDN-Forward
Odigeo-Trace-Id
X-Varnish-Cache-Hits
X-ApacheServer
X-Ruxit-Js-Agent
X-PERF
X-Cluster-Name
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
ServedBy
X-Magnolia-Registration
X-Drupal-Cache-Contexts
X-CLOUD-TRACE-CONTEXT
X-Microcachable
X-Newrelic-Synthetics
X-B3-Spanid
X-TT-TIMESTAMP
X-Device-Type
X-EC-Lua
X-Zipkin-Id
X-Ttl
X-Proxied
Section-Io-Cache
X-Routing-Service
X-Via-Fastly
X-Nc
X-Uri
X-Trafficlayer-App-Name
Proxy-Connection
Cf-Ipcountry
X-Trafficlayer-App-Scope
Ohc-File-Size
X-Geo
Ohc-Cache-HIT
X-Edge-Location
Geo-Info
X-UPSTREAM-Address
HitType
X-A
X-A-Ccd
X-A-Wwc
X-GeoIP-Country-Code
Xc-Version
X-Region-Sid
X-Accel-Expires-Debug
X-Destination
X-A-Dcw
X-A-Dgt
X-A-Dam
Viewtype
GEO-REGION-INFO
X-G
Fastcgi-X-Cache-Version
Content-Style-Type
Rendered-Blocks
Machine
Mobile-Detection-Method
Meta-Geo-Continent
X-Geo-Header
MD5-Digest
Content-Script-Type
T-Server
Apple-News-Services-Handled
X-DPWN-IS-SECURE
X-Application
VivaBuild
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-External-Request-Id
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
W
X-Aed
X-Request-UUID
X-Rewrite-Enabled
X-Session-Fingerprint
X-Vtex-Remote-Cache
X-Sigma-Backend
X-Sigma
X-Vtex-Processado-Em
X-Rocket-Build-Number
X-S-Cookie
X-B-Cookie
X-S
X-Date
X-Rojux
X-VG-WebServer
X-VG-WebCache
X-Twitter-Response-Tags
X-Trv-Group
X-Connection-Hash
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Transaction
X-No-Session
X-SRCache-Key
X-VG-TLSProxy
X-D
X-ARC
X-Vdms-Version
X-ScT
Access-Control-Request-Headers
X-C
Server-Cache-Control
X-Cache-Debug
X-Rebelmouse-Surrogate-Control
IsBot
Locid
Powered-By
Fastly-Soc-X-Request-Id
X-Cache-ASPX
Fastly-SIE
X-Tumblr-Pixel-3
X-Thanos
X-Eu-Site
X-Contensis-Viewer-Groups
Server-Surrogate-Control
Countrycode
HA-Ipaddr
X-WebServer
Environment
Gh-Request-Id
CDCHOST
X-Rebelmouse-Cache-Control
Fastly-SWR
X-CUA
X-Developers
X-SIPLIST1
X-Varnish-Beresp-Ttl
X-Auto-Login
X-Agile-Id
X-Agile-Age
X-VC-Cache
X-CGP
X-Clientip
X-Agile
X-Varnish-Beresp-Status
X-Distil-CS
X-App-Name
X-Bip
X-Logging-Id
Ha-Gx-Prefs
X-Hit
X-Varnish-Beresp-Grace
X-Varnish-Authentication
Fastly-SSL
User-Cache-Control
X-Cache-Backend
X-Real-IP
X-GoCache-CacheStatus
X-Debug-Cache-Store
X-Generation-Time
X-GeoIP-City
X-Cms-Context
Platform
RNT-Time
Request-EU
Request-Country
X-Generated-In
RNT-Machine
X-Azure-Ref
X-Distributor
V-Age
X-Debug-Cookies
X-Epic-Correlation-Id
X-Debug-Log
We-Hiring
X-Backend-State
X-Debug-Cache-Expiry
X-Dispatcher-Server
True-Client-Country-4JS
X-Cache-Bucket
X-Fetched-On
Server-Int
Server-ID
X-FW-Version
X-Debug-Cache-Fetch
X-Core-Mission
X-AK-Request-ID
X-Cache-Tags
X-Cache-Time
X-Gamma-Serve
AKAMAI
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Platform-Server
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Render-Time
X-RateLimit-Remaining-Second
X-PHP-Host
X-Owner
X-Nginx-Cache-Key
X-Ms-Version
X-NodeID
X-NX-Host
X-Has-Esi
X-Origin-Date
X-Request-URI
X-VServer
X-Up
X-TT-LOGID
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Variation
X-User
X-TrackingId
X-Trace-Id
X-Servername
X-Server-W
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TH-Server
X-Swa-Ws
X-Ms-Request-Id
X-Origin-Expires
X-Labrador-Cache-Channel
Kp-EeAlive
Country-Code
Cdnsip
X-IN-APIGATEWAYSSL
Is-Eu
X-JWT-State
Heartbleed
X-Instart-Isnd
IBM-Web2-Location
X-Is-Gdpr
Cache-Host
Cdncip
X-Li-Pop
Mail-Subject
X-LI-Proto
X-Li-Fabric
X-LI-UUID
X-IN-APIGATEWAY
Locale
X-Hash
Adler-Geo
X-App-Version
X-Gen-Mode
X-Core-Value
X-Hnp-Log
X-Generated-On
X-Trafficlayer-App-Version
X-Thinkindot-L3
X-Req
X-OVcl-Cache
X-Level-Front-Cache
X-Fastly-Cache
X-Air-Hostname
X-OVcl
X-Matched-Rule
X-NU-AKA-ACS-Version
X-Webstats-RespID
X-We-Are-Hiring
X-Internal-Host
X-Service
X-Irp-Debug
X-WADP-Cache
X-Reboot
X-Micro-Cache
X-ServiceProvider
X-Cache-Info
ServerName
X-Clara-WADP
Web-Mar-Node
PFcat
Wxu-Next-Hostname
Thinkindot-Control
Thinkindot-CacheControl-Type
FNAC-ModuleRouting
Memcached
Fastly-Backend-Name
Server-Host
Thinkindot-CacheControl
Wxu-Next-Region
Wxu-Next-Commit
X-Cache-URL
X-Cdn-Srv
X-BBXSRF
X-Block-Status
Filterid
X-Nginx-Cache
X-Key
X-Lb-Id
X-SERVER
X-Sucuri-Cache
Cache-Hits
X-Cache-Expired-At
X-Var-Ttl
X-S-Maxage
X-Old-Content-Length
Group
X-Refresh
X-Response-By
S-Cnection
X-Location
Pragrma
RequestId
X-Parent-Response-Time
X-VHOST
X-Tb-Optimization-Total-Bytes-Saved
X-TA-CDN-Provider
Powered-By-ChinaCache
X-CSRF-TOKEN
X-Cdn-Forward
X-BACKEND-TTL
ProcessTime
X-Tec-Api-Version
X-CF-Powered-By
X-Tec-Api-Root
X-Tec-Api-Origin
X-B3-Parentspanid
X-Correlation-ID
X-Wa
X-Pjax-Url
Memory
Origin
X-Sucuri-ID
X-Ua
X-NC
X-Varnish-Cacheable
User-Agent
X-CSRF-Token
X-B3-SpanId
X-Server-IP
X-Pf-Uncompressing
TTL
X-NWS-UUID-VERIFY
X-Unique-ID
SRV
Geoip-City
X-Via-CDN
X-Developer
Geoip-Latitude
X-Node-Id
PICS-Label
X-Ocache
X-Device-Os
X-COUNTRY
X-Cdn-Origin
X-Cache-Grace
X-NGINX-Cache
X-Vcl-Version
X-LAGOON
GeoIp-Country-Code
X-Sn-Servicetimems
Media-Length
On-Server
X-Cdn-Request-ID
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Cache-Status-Check
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Servedbyhost
X-MSEdge-Features
X-Webkit-CSP
X-Litespeed-Cache
Hostname
X-MSEdge-Flight
A
M-TraceId
X-Request-Host
Cloudfront-Viewer-Country
Dnion-Transfer-Encoding
X-Via-Ucdn
X-Varnish-Ttl
SN
X-TIME
XServer
X-Sucuri-Id
X-Rocket-Nginx-Bypass
Tcn
X-FORWARDED-FOR
Esi-Enabled
X-HS-Status
Cdn
X-Reqid
X-AIR-PT
X-Ratelimit-Remaining
X-Cache-Ttl
X-Beluga-Status
X-ServedByHost
X-Beluga-Trace
Host-ID
X-Fastly-Country-Code
Resin-Trace
X-Varnish-URL
X-Beluga-Response-Time
X-Beluga-Cache-Status
X-Policy
X-Beluga-Node
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Beluga-Record
X-Planisys-CDN-Cache
Who
HostName
CF-Cached-On
X-Azure-Ref-OriginShield
X-Request-Start
CACHE
GeoIP-Country-Code
Pics-Label
Rt-Proxy-Cache
X-Fastly-Backend-Reqs
X-Action
GeoIP-Latitude
X-VCL-Version
X-Slack-Backend
X-LiteSpeed-Cache-Control
MIME-Version
X-Ftr-Cache-Host
X-Oracle-Dms-Rid
X-Cache-FS-Status
Pramga
X-Server-Time
X-APP
Arc-Country
X-Bc
X-PAYTM-SRV-ID
Ttl
X-Processor
X-Dispatch
X-RPM
X-Method
X-DB
X-Varnish-Url
X-PF-Uncompressing
NtCoent-Length
X-DI
X-DSS
X-Zone
X-RSL
X-RPS
Magicmarker
X-DW
GeoIP-City
X-DC
X-VarnishDD-TTL
X-Flog
X-Hello
X-Ratelimit-Limit
X-Newrelic-App-Data
X-ABtesting
X-ND-Cache
Cteonnt-Length
X-Skip-Cache
X-HostName
WebServer
Amp-Access-Control-Allow-Source-Origin
X-Edge-Server
X-Served-From
X-FPC
X-PJAX-URL
X-SRV
Cdn-Request-Time
Fastly-Drupal-HTML
Cdn-Host
X-DevSite-Last-Modified
X-Be
Ohc-Response-Time
X-Dynatrace
N-Cache
X-Svr
X-BE
X-Bc-Bl
Processtime
X-Dynatrace-Js-Agent
Load-Balancing
Servername
X-Swift-Error
X-ID
Cache-Provider
Section-Io-Id
Section-Origin-Responded
Vix-Hermes-Req-Id
Section-Io-Origin-Time-Seconds
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Aicache-OS
X-Backend-Host
X-WA
Section-Io-Origin-Status
X-Frame-Option
X-WR-MODIFICATION
DSUID
X-ZONE
X-StackifyID
X-BC
X-Branch-Name
X-Snapshot-Date
Dynatrace
X-MServer
X-Fastly-Cache-Hits
X-LB-ID
Pagetype
Lfy
Requestid
CF-IPCountry
CDN
Release
X-VCT
X-CACHE-AGE
FSS-Proxy
X-Tid
FSS-Cache
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
WZWS-RAY
X-Configured-By
X-VC
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
V-Cache
X-Apw-Access-Action
Proxy-Firewall
X-Request-Url
Warning
X-SB
D-Cc-Upstream
X-Cc-Req-Id
X-Hp-Ccpa-Warning
X-Cc-Via
X-Adobe-Source
X-Litespeed-Cache-Control
X-Fpc
Correlation-Id
X-Scheme
X-App
X-WPE-Loopback-Upstream-Addr
Trailer
Backend-Name
Fusion-Deployment-Id
Cneonction
X-Fmm-Version
X-ElasticPress-Search
X-Check-Cacheable
X-Request-URL
SD-X-WS
X-Fastly-Cache-Status
X-Varnish-Beresp-TTL
X-Powered-Y
X-SD-PageType
X-Upstream-Ht
X-Upstream-Ct
WP-Super-Cache
X-Edge-IP
X-Worker