Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
CF-Ray
X-Server
X-Age
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Device
X-Host
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Mod-Pagespeed
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-TTL
Allow
X-Country-Code
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
Accept-Ch
X-TtlSet
X-Vname
X-PC
X-ESI
Verso
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-MS-InvokeApp
X-Version
X-Use-Magma
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Exp-Variant
X-Exp-Id
RTSS
Edge-Cache-Tag
X-D2id
X-Server-Name
X-Debug
X-Abt-Application-Version
X-Px
AR-ATIME
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-CACHE
X-Vcache
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Cached
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Fastcgi-Cache
X-Vcap-Request-Id
X-Sol
X-Middleton-Response
X-Middleton-Display
X-Accel-Expires
Response
Pagespeed
Display
X-Navigation-Version
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-Powered-CMS
TCN
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Trace
Public-Key-Pins
X-Fastly-Request-ID
Cache-Tag
Realpath
X-Cdn
MS-Author-Via
X-Client-IP
X-Ser
Access-Control-Request-Method
Nginx-Cache
X-Edge-O15-RID
X-DynaTrace-JS-Agent
X-Shard
X-Server-ID
S
SPIisLatency
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
SPRequestDuration
X-B3-TraceId-Primal
X-Content-Type
X-Upstream
X-Id
X-Amzn-Trace-Id
X-Ezoic-Cdn
X-Hp-Webp
X-Grace
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
X-Jurisdiction
DynaTrace
Nel
X-Cache-TTL
X-Aspnet-Version
ServerID
X-Varnish-Age
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Content-Digest
X-Mobile-URL
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Balancer
X-FTR-Expires
X-FTR-Backend
X-DIS-Request-ID
X-Dw-Request-Base-Id
X-Node-Name
X-Country-Code-Real
X-FTR-Backend-Server
NR-ENABLED
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
Powered
X-Frontend
Server-Node
TP-Cache
TP-L2-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Request-Handler-Origin-Region
Upgrade-Insecure-Requests
X-Cache-Hit
X-Correlation-Id
X-XRDS-Location
X-User-Agent
X-Content-Security-Policy-Report-Only
X-F-Cache
X-Origin-Server
X-Content-Options
Refresh
X-Revision
X-Rid
X-Akamai-Edgescape
Fastly-Restarts
X-Page-Id
X-Zen-Fury
Backend-Timing
X-ATS-Timestamp
X-Varnish-Grace
X-XRDS-LOCATION
X-Type
X-Content-Powered-By
X-Webkit-Csp
X-LB-Cache
X-B
X-FTR-Cache-Host
X-B3-Sampled
PB-RID
PB-PID
X-Geo-Country
X-Mobile-Rewrite
Arc-Version
X-AppVersion
X-Activity-Id
X-Az
X-URL
Cache-Status
X-N
X-Kinsta-Cache
X-Cache-Age
X-Shield-Request-Id
X-TT
X-B-Cache
X-AOL-HN
X-Time
X-Pad
X-Signature
X-WebKit-CSP-Report-Only
Actual-Object-TTL
Access-Control-Allow-Method
X-Framework
X-Tumblr-User
X-Cache-Action
X-Tumblr-Pixel-0
X-Jobs
X-Instance
Paypal-Debug-Id
X-Tumblr-Pixel
X-FB-Debug
X-App-Environment
X-Debug-Info
X-PHP-Backend
X-Request-Guid
DC
X-Cached-By
X-Load-Cache
Fastcgi-Useragent
X-Git-Hash
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Varnish-Backend
X-Amz-Replication-Status
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-RateLimit-Remaining
Host-Header
X-IPLB-Instance
MS-CV
X-Contextid
X-Webapp-Samesite-None-Activated-N
X-ATG-Version
Host
X-WA-Info
X-Analytics
X-NWS-LOG-UUID
X-SS-Set-Cookie
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile
X-Via-JSL
NGB
X-Cluster
Accept-CH
Tracecode
X-Response-Served-From
X-Accel-Buffering
X-Kong-Upstream-Latency
X-Cache-Key
X-Kong-Proxy-Latency
X-Host-Name
FilterID
WPE-Backend
Payment
X-Cache-NE
Xserver
Eomportal-Instance
Source
X-FW-Server
X-FW-Static
X-FW-Serve
X-Cache-2
X-Srv
X-FW-Hash
X-FW-Type
X-IPS-LoggedIn
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-GeoIP
Cache-Tv-Group
Frame-Options
X-Varnish-Server
X-Region
Filters
X-Cache-Enabled
X-Adobe-Content
X-Adobe-Loc
X-Cacheable-TTL
X-Origin-Response-Time
X-RequestSource
X-Seen-By
X-Rendered-As
X-Is-Bot
Retry-After
X-Hostname
X-Cache-Rule
X-TX-ID
X-Cache-Operation
X-Presslabs-Stats
X-EdgeConnect-Cache-Status
Server-Info
X-Cache-TTL-Remaining
X-NewRelic-App-Data
Liferay-Portal
X-RemovedCookies
X-ProcessESI
Cleartype
X-FastCGI-Cache
Accept-CH-Lifetime
X-VCache
X-Dc
X-App-Server
X-Environment-Context
Ms-Operation-Id
X-L-Path
X-B3-Traceid
X-RTag
X-UA
X-FireWall-Port
X-HTML-Minification-Powered-By
X-Source
X-Endurance-Cache-Level
X-CACHE-KEY
Datacenter
X-Handled-By
X-Upgrade-Enabled
X-Cache-Server
From-Origin
Srv
X-Backend-Name
X-Cache-Control
X-Wix-Request-Id
Healthy
Accept-Charset
Cache
X-Cache-Var-Map
X-Cache-Var
X-Path-Route
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-APP-VERSION
X-PressLabs-Stats
X-Status
OT-Force-Account-Verify
X-Proxy-Build
Selected-Fe
X-Timing-Wait
Version
X-Format
X-Access
Azure-Version
Azure-SlotName
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Proto
Azure-RegionName
X-Shopify-Stage
X-FC-Vary-Parameters
Azure-SiteName
X-ShardId
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Content-Age
X-UUID
Azure-InstanceId
X-Cache-Config
X-Section
X-ShopId
Cache-Tags
X-Tb
X-Shopify-Generated-Cart-Token
X-EIG-Tracking-Id
Akamai-GRN
Ec-Rule-Version
Now
Mn-Server-Ip
Node
DB-Nickname
Origin-Cache-Control
Decoy-Debug-Status
Origin-Edge-Control
NGX
Decoy-Debug-Key
X-Hyper-Cache
X-Viewer-Country
X-VWS-Id
X-SayCDN-TTL
X-Vgn-Hpd-Reason
X-Proxy-Cache-Status
X-ServerID
X-Time-Microsecs
X-Web-Node
X-Say-TTL
X-Request-Time
X-Redis-Cache
X-Qloud-Router
X-SaId
X-Pubstack
X-Say-Cacheable
X-Soup
X-Proxy
X-FW-Dynamic
X-Generated-By
X-Debug-Cache
X-Cluster-Node
X-Akamai-Request-ID2
X-AWS-Id
X-Hl-Ver
X-Hosted-By
X-Origin
X-PCL
X-OCL
X-NYM-Debug-Backend
X-JoinUs
X-LJ-Flow-ID
X-Akamai-Request-ID
Decoy-Debug-TTL
X-Yottaa-Optimizations
X-Storage
X-Yottaa-Metrics
Webcakes-App-Name
X-ProxyCache-Key
X-Rule
Webcakes-Region
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-Country
X-Amzn-Remapped-Content-Length
TWC-Locale-Group
X-BCube-Filmed-By
X-Loop
X-Human
X-MP-GENERATED-AT
X-Site-Version
X-ProxyCache-Status
X-Origin-Hint
X-TNCMS
X-Generated
X-CCM
X-BYPASS-REASON
X-Www-Served-By
X-Varnish-Hits
X-FB-TRIP-ID
Property-Id
Webcakes-App-Version
Cross-Origin-Window-Policy
GEO-INFO
X-Akamai-Transformed
X-Locale
X-R9-Blue-Green-Version
X-Xfnlog-Site
S-Rt
X-RateLimit-Limit
X-NCache
X-RCS-CacheZone
X-Cache-Host
X-Detected-As
X-IP
X-CS
X-Unique-Id
Cache-Name
X-Drupal-Cache-Tags
Webserver
L5d-Success-Class
Time
Cache-Key
Uber-Trace-Id
Viewport
X-UA-Device-Type
X-Esi
X-Mode
X-Whom
X-UnsetCookies
Mime-Version
X-Daa-Tunnel
X-Origin-CC
X-Origin-TTL
Accept-Language
X-Forwarded-Host
X-Cache-Remote
X-Info
Rt-Fastcgi-Cache
Country
X-NGENIX-Cache
Content-Disposition
X-From
Odigeo-Trace-Id
X-ApacheServer
X-PERF
X-Varnish-Cache-Hits
X-B3-Spanid
ServedBy
X-Cluster-Name
X-Backend-TTL
Section-Io-Cache
X-Magnolia-Registration
VIX-Pulpo-Upstream-Status
X-CDN-Forward
VIX-Pulpo-Node
X-Newrelic-Synthetics
X-Microcachable
X-Ruxit-Js-Agent
X-EC-Lua
X-Geo
X-Drupal-Cache-Contexts
X-Proxied
X-Routing-Service
X-Device-Type
X-Zipkin-Id
X-CLOUD-TRACE-CONTEXT
X-Via-Fastly
X-Nc
X-TT-TIMESTAMP
Ohc-File-Size
X-Uri
Ohc-Cache-HIT
Proxy-Connection
X-Ttl
Cf-Ipcountry
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Edge-Location
HitType
X-Trv-Group
X-Transaction
VivaBuild
T-Server
Rendered-Blocks
X-External-Request-Id
Viewtype
X-SRCache-Key
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-A-Dcw
X-Session-Fingerprint
X-A-Ccd
X-A-Dam
X-Twitter-Response-Tags
X-Vdms-Version
Content-Style-Type
Fastcgi-X-Cache-Version
Xc-Version
Content-Script-Type
BehaviorPad-Version
AsisCache
Access-Control-Request-Headers
GEO-REGION-INFO
X-Vtex-Remote-Cache
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-VG-WebCache
Machine
X-Vtex-Processado-Em
X-VG-WebServer
X-Aed
X-A
X-CF-Lambda-Version
X-Connection-Hash
X-No-Session
X-ScT
X-B-Cookie
X-D
X-Date
X-Destination
X-DPWN-IS-SECURE
X-G
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-CF-Lambda-Fn
X-Rewrite-Enabled
X-ARC
X-Rojux
X-S
X-S-Cookie
X-Request-UUID
X-Application
User-Cache-Control
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-UPSTREAM-Address
Geo-Info
X-TrackingId
Fastly-SWR
IsBot
Gh-Request-Id
Fastly-SIE
Apple-News-Services-Handled
X-WebServer
X-Rocket-Build-Number
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Developers
X-Logging-Id
Environment
Countrycode
X-Sigma
X-CUA
X-Tumblr-Pixel-3
X-Thanos
X-Varnish-Authentication
X-Cache-Debug
Server-Cache-Control
X-Bip
X-Cache-ASPX
Server-Surrogate-Control
X-VC-Cache
X-Rebelmouse-Cache-Control
X-SIPLIST1
X-Contensis-Viewer-Groups
X-Rebelmouse-Surrogate-Control
X-Clientip
X-VG-TLSProxy
Powered-By
W
X-Sigma-Backend
X-Auto-Login
X-Real-IP
Fastly-SSL
X-GoCache-CacheStatus
X-Cache-Backend
X-C
X-AK-Request-ID
X-App-Name
X-Labrador-Cache-Channel
X-IN-APIGATEWAYSSL
X-Li-Fabric
X-Cache-Info
X-Li-Pop
X-Azure-Ref
X-JWT-State
X-Block-Status
X-Instart-Isnd
X-Irp-Debug
X-BBXSRF
X-Is-Gdpr
X-Agile-Id
X-Cache-Bucket
X-Agile
X-NodeID
We-Hiring
Web-Mar-Node
X-NU-AKA-ACS-Version
X-Gen-Mode
X-Origin-Date
V-Age
X-Nginx-Cache-Key
X-Ms-Version
X-LI-Proto
X-Cache-Tags
X-LI-UUID
X-VServer
X-Ms-Request-Id
X-Micro-Cache
X-Agile-Age
X-IN-APIGATEWAY
X-Distributor
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Distil-CS
X-Dispatcher-Server
X-Generation-Time
Filterid
X-Eu-Site
X-Webstats-RespID
X-FW-Version
X-WADP-Cache
X-Gamma-Serve
X-Fetched-On
X-We-Are-Hiring
X-Fastly-Cache
X-Generated-In
X-Debug-Log
X-Debug-Cookies
X-CGP
X-Clara-WADP
X-Cms-Context
X-Hnp-Log
X-Cdn-Srv
X-Cache-URL
True-Client-Country-4JS
X-Hit
X-Hash
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cache-Expiry
X-GeoIP-City
X-Core-Mission
X-Has-Esi
X-Cache-Time
X-NX-Host
IBM-Web2-Location
Is-Eu
Heartbleed
HA-Ipaddr
X-Urbn-Context-Path
Ha-Gx-Prefs
Kp-EeAlive
Locale
X-Variation
Memcached
X-User
X-Urbn-Site-Id
Locid
X-Server-W
Fastly-Soc-X-Request-Id
CDCHOST
Cdncip
Cache-Host
X-TT-LOGID
Adler-Geo
X-Trace-Id
Cdnsip
X-TH-Server
X-SVT-ORM-RULES
X-Up
X-SVT-ORM-VERSION
Country-Code
X-Swa-Ws
X-Request-URI
Mail-Subject
Request-EU
AKAMAI
Request-Country
X-Platform-Server
X-RateLimit-Limit-Second
X-Proxy-Upstream
RNT-Time
X-PHP-Host
X-OVcl
X-Origin-Expires
X-OVcl-Cache
Server-Int
X-Owner
Server-ID
Platform
RNT-Machine
X-RateLimit-Remaining-Second
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
Server-Host
X-ServiceProvider
FNAC-ModuleRouting
Fastly-Backend-Name
X-Req
X-Render-Time
X-Thinkindot-L3
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Old-Content-Length
X-Reboot
X-Epic-Correlation-Id
X-Generated-On
X-Service
X-Backend-State
X-Trafficlayer-App-Version
X-Level-Front-Cache
X-App-Version
ServerName
PFcat
Thinkindot-Control
X-Air-Hostname
X-Matched-Rule
X-Servername
X-Core-Value
X-Nginx-Cache
X-Lb-Id
Group
X-Cache-Expired-At
X-Internal-Host
X-Var-Ttl
Cache-Hits
X-S-Maxage
S-Cnection
X-Key
X-Sucuri-Cache
X-Refresh
X-Response-By
Pragrma
X-SERVER
RequestId
X-Cdn-Forward
X-Parent-Response-Time
X-BACKEND-TTL
Powered-By-ChinaCache
X-Location
X-VHOST
X-CF-Powered-By
X-CSRF-TOKEN
X-Tb-Optimization-Total-Bytes-Saved
X-TA-CDN-Provider
ProcessTime
Origin
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Pjax-Url
X-Correlation-ID
X-Sucuri-ID
X-B3-Parentspanid
X-CSRF-Token
Memory
User-Agent
X-Wa
X-Ua
TTL
X-Via-CDN
X-Pf-Uncompressing
X-NC
X-Varnish-Cacheable
X-B3-SpanId
X-Vcl-Version
X-Developer
Geoip-Latitude
X-Node-Id
Geoip-City
X-Server-IP
X-Unique-ID
X-NWS-UUID-VERIFY
SRV
X-Ocache
X-Cache-Grace
X-Sn-Servicetimems
X-Device-Os
X-Cdn-Origin
GeoIp-Country-Code
X-LAGOON
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-COUNTRY
X-Cache-Status-Check
X-NGINX-Cache
On-Server
PICS-Label
Hostname
Media-Length
X-Cdn-Request-ID
X-Request-Host
X-MSEdge-Flight
X-MSEdge-Features
A
X-Servedbyhost
M-TraceId
Cloudfront-Viewer-Country
X-Litespeed-Cache
X-Rocket-Nginx-Bypass
SN
Dnion-Transfer-Encoding
X-Webkit-CSP
X-Varnish-Ttl
X-Ratelimit-Remaining
X-Via-Ucdn
XServer
X-TIME
X-Sucuri-Id
Cdn
Tcn
X-FORWARDED-FOR
Host-ID
X-ServedByHost
Esi-Enabled
X-HS-Status
X-Varnish-URL
X-Reqid
X-AIR-PT
X-Beluga-Trace
Who
X-Beluga-Status
X-Beluga-Cache-Status
Resin-Trace
X-Beluga-Record
X-Beluga-Response-Time
X-Beluga-Node
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Cache-Ttl
X-Fastly-Country-Code
X-Planisys-CDN-TTL
X-Policy
HostName
CACHE
X-Request-Start
X-Azure-Ref-OriginShield
CF-Cached-On
X-Slack-Backend
Rt-Proxy-Cache
Pics-Label
X-Fastly-Backend-Reqs
GeoIP-Country-Code
X-Action
X-LiteSpeed-Cache-Control
X-RSL
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Dispatch
Pramga
Arc-Country
X-VCL-Version
X-DI
X-DB
GeoIP-Latitude
X-DSS
X-Server-Time
X-RPM
X-DW
X-RPS
X-Processor
X-Ftr-Cache-Host
MIME-Version
X-Oracle-Dms-Rid
X-ND-Cache
NtCoent-Length
X-Bc
X-Method
X-ABtesting
Ttl
X-PF-Uncompressing
X-Hello
X-Flog
X-APP
GeoIP-City
X-Ratelimit-Limit
Magicmarker
X-Zone
X-Varnish-Url
X-Skip-Cache
X-DC
Cteonnt-Length
X-Served-From
X-Edge-Server
Cdn-Request-Time
X-Newrelic-App-Data
X-VarnishDD-TTL
Cdn-Host
X-FPC
X-HostName
X-SRV
X-Bc-Bl
N-Cache
Fastly-Drupal-HTML
WebServer
Amp-Access-Control-Allow-Source-Origin
X-PJAX-URL
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-Backend-Host
X-DevSite-Last-Modified
X-Amzn-Remapped-Date
X-WA
X-Amzn-Remapped-Connection
Ohc-Response-Time
X-Be
X-BE
X-Dynatrace
Processtime
X-Svr
X-Dynatrace-Js-Agent
Servername
X-Swift-Error
Load-Balancing
X-ZONE
X-Aicache-OS
Vix-Hermes-Req-Id
X-BC
Cache-Provider
X-ID
X-WR-MODIFICATION
X-Frame-Option
Lfy
CDN
Dynatrace
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
X-Fastly-Cache-Hits
DSUID
X-Branch-Name
X-Snapshot-Date
X-Adobe-Source
CF-IPCountry
Requestid
Pagetype
X-LB-ID
X-Fmm-Version
X-MServer
Cache-Cookie-Set-Lfrom
X-StackifyID
Release
X-CACHE-AGE
X-VCT
X-Hp-Ccpa-Warning
X-Tid
WZWS-RAY
Proxy-Firewall
X-Configured-By
X-Cc-Via
X-VC
FSS-Proxy
X-Scheme
X-SB
Fusion-Deployment-Id
X-Request-Url
Trailer
V-Cache
Warning
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
FSS-Cache
X-Cc-Req-Id
X-Apw-Hits
D-Cc-Upstream
X-Litespeed-Cache-Control
X-WPE-Loopback-Upstream-Addr
Cneonction
X-Fpc
X-Varnish-Beresp-TTL
X-Request-URL
X-Check-Cacheable
X-Powered-Y
X-Worker
X-ElasticPress-Search
SD-X-WS
WP-Super-Cache
X-App
X-SD-PageType
X-Upstream-Ht
X-Edge-IP
Backend-Name
X-Fastly-Cache-Status
Correlation-Id
X-Upstream-Ct