Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
X-AH-Environment
P3p
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
CF-Ray
X-Server
X-Age
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Host
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
X-Dispatcher
Request-Id
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Mod-Pagespeed
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Clacks-Overhead
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-Country-Code
Accept-Ch
X-DynaTrace
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-TtlSet
X-PC
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Cdn
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Kinja
X-Kinja-Revision
X-GitHub-Request-Id
X-Kinja-Build
X-GoogleNews-Bot
X-Use-Magma
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja-Server
RTSS
Edge-Cache-Tag
X-Server-Name
X-D2id
X-Debug
X-Abt-Application-Version
X-Px
AR-Request-ID
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Vcache
X-Cached
Pagespeed
Response
Display
X-Accel-Expires
X-Vcap-Request-Id
X-Middleton-Display
X-Sol
X-Middleton-Response
X-Navigation-Version
X-MSEdge-Ref
X-Amz-Rid
Arr-Disable-Session-Affinity
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
Pinterest-Version
X-Fastcgi-Cache
X-Pinterest-Rid
TCN
X-Powered-CMS
X-SharePointHealthScore
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-VARITI-CCR
X-Trace
Public-Key-Pins
X-Fastly-Request-ID
Cache-Tag
Realpath
X-Client-IP
MS-Author-Via
X-Ser
Access-Control-Request-Method
Nginx-Cache
X-Edge-O15-RID
X-DynaTrace-JS-Agent
X-Shard
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
X-Upstream
X-Server-ID
S
X-Content-Type
X-Id
X-Ezoic-Cdn
X-Amzn-Trace-Id
X-Hp-Webp
X-Grace
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Hits
X-Recruiting
Fastcgi-Cache
DynaTrace
X-Jurisdiction
Nel
X-Cache-TTL
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Element-Page-Cache
MicrosoftSharePointTeamServices
X-Content-Digest
X-Node-Name
X-Mobile-URL
X-FTR-Balancer
X-FTR-Realm
X-DIS-Request-ID
X-Dw-Request-Base-Id
X-FTR-Expires
X-FTR-Backend
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-DC
NR-ENABLED
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-Goog-Generation
X-Frontend
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Powered
Server-Node
TP-L2-Cache
TP-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
AMP-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-Request-Processing-Time
X-Request-Received
X-Correlation-Id
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Cache-Hit
X-XRDS-Location
Fastly-Restarts
X-Content-Options
X-Origin-Server
X-F-Cache
X-Content-Security-Policy-Report-Only
X-User-Agent
Refresh
X-Page-Id
X-Rid
X-Revision
X-Akamai-Edgescape
X-Zen-Fury
X-Varnish-Grace
X-XRDS-LOCATION
X-Type
X-Content-Powered-By
X-LB-Cache
X-FTR-Cache-Host
X-B
X-B3-Sampled
PB-PID
PB-RID
X-Geo-Country
Arc-Version
X-Mobile-Rewrite
X-Activity-Id
X-Az
X-AppVersion
Cache-Status
X-URL
X-Kinsta-Cache
X-N
X-Cache-Age
X-TT
X-Shield-Request-Id
X-Time
X-Instance
X-WebKit-CSP-Report-Only
X-Signature
X-B-Cache
X-Pad
X-AOL-HN
X-Cache-Action
X-Framework
X-Debug-Info
X-Tumblr-Pixel
Paypal-Debug-Id
Access-Control-Allow-Method
X-Tumblr-User
X-Jobs
X-Tumblr-Pixel-0
Actual-Object-TTL
X-App-Environment
X-FB-Debug
X-PHP-Backend
X-Request-Guid
X-Load-Cache
X-Cached-By
X-Git-Hash
DC
Fastcgi-Useragent
X-RateLimit-Remaining
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Varnish-Backend
X-Amz-Replication-Status
Surrogate-Key
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Webkit-Csp
Host-Header
X-IPLB-Instance
X-Webapp-Samesite-None-Activated-N
MS-CV
X-Contextid
X-ATG-Version
X-WA-Info
X-Analytics
Host
X-SS-Set-Cookie
X-NWS-LOG-UUID
FilterID
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Mobile
X-Via-JSL
NGB
Tracecode
X-Kong-Proxy-Latency
X-Response-Served-From
X-Cluster
X-FastCGI-Cache
X-Accel-Buffering
X-Kong-Upstream-Latency
WPE-Backend
X-Host-Name
Payment
X-Cache-Key
X-VCache
X-Cache-NE
Xserver
X-FW-Server
X-FW-Hash
X-Cache-2
X-FW-Type
X-FW-Serve
X-FW-Static
Eomportal-Instance
X-Region
X-Varnish-Server
Source
X-GeoIP
X-Varnish-Hostname
X-Origin-Response-Time
X-Tumblr-Pixel-2
Frame-Options
Filters
X-Tumblr-Pixel-1
X-IPS-LoggedIn
X-Srv
Cache-Tv-Group
X-Adobe-Loc
X-Cacheable-TTL
X-Cache-Enabled
X-Presslabs-Stats
X-Adobe-Content
X-RequestSource
X-Cache-Operation
X-Is-Bot
X-Seen-By
X-Hostname
X-Rendered-As
X-Cache-Rule
X-EdgeConnect-Cache-Status
Retry-After
X-TX-ID
X-NewRelic-App-Data
Server-Info
X-Cache-TTL-Remaining
Liferay-Portal
Cleartype
X-RemovedCookies
X-ProcessESI
X-App-Server
Accept-CH
X-Dc
X-B3-Traceid
X-L-Path
X-RTag
X-Environment-Context
Ms-Operation-Id
X-Source
X-UA
X-FireWall-Port
Datacenter
X-HTML-Minification-Powered-By
X-CACHE-KEY
X-Endurance-Cache-Level
X-Handled-By
X-Upgrade-Enabled
From-Origin
X-Cache-Server
X-Backend-Name
Srv
Cache
X-Cache-Control
Accept-CH-Lifetime
Accept-Charset
X-APP-VERSION
X-Wix-Request-Id
Healthy
X-Path-Route
X-Cache-Var-Map
X-Cache-Var
X-ES-SERVER
X-PressLabs-Stats
Meta-Geo
X-RN-RSRV
X-Tb
OT-Force-Account-Verify
X-Proxy-Build
X-Access
X-UUID
X-Status
X-Format
X-Timing-Wait
Selected-Fe
X-Section
Version
X-Proto
Mn-Server-Ip
X-Akamai-Request-ID
X-PCL
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Alternate-Cache-Key
Cache-Tags
Azure-InstanceId
X-FC-Vary-Parameters
Akamai-GRN
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
X-ShardId
X-Request-Time
X-Shopify-Generated-Cart-Token
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Cache-Config
X-Content-Age
X-OCL
X-Origin
X-ShopId
X-NYM-Debug-Backend
X-Qloud-Router
Decoy-Debug-Status
X-Generated-By
Ec-Rule-Version
X-Web-Node
DB-Nickname
Decoy-Debug-Key
X-Redis-Cache
X-FW-Dynamic
X-Viewer-Country
X-Time-Microsecs
X-Cluster-Node
X-Soup
X-ProxyCache-Status
X-Proxy-Cache-Status
X-Pubstack
X-ProxyCache-Key
X-Proxy
X-Say-Cacheable
X-Akamai-Request-ID2
X-Hyper-Cache
X-BYPASS-REASON
X-Say-TTL
X-SayCDN-TTL
X-ServerID
X-AWS-Id
X-LJ-Flow-ID
X-JoinUs
X-SaId
X-Human
Now
X-Debug-Cache
Node
NGX
Origin-Cache-Control
Origin-Edge-Control
X-Vgn-Hpd-Reason
X-Hosted-By
X-Hl-Ver
X-VWS-Id
Decoy-Debug-TTL
X-Storage
X-RateLimit-Limit
GEO-INFO
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Www-Served-By
X-Varnish-Hits
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-FB-TRIP-ID
X-Site-Version
Property-Id
X-TNCMS
Cross-Origin-Window-Policy
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
X-MP-GENERATED-AT
X-BCube-Filmed-By
X-Loop
X-CCM
X-Generated
TWC-Privacy
X-Rule
Webcakes-App-Version
X-Origin-Hint
Webcakes-Region
X-Amzn-Remapped-Content-Length
X-RCS-CacheZone
X-Locale
S-Rt
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Akamai-Transformed
X-NCache
X-Cache-Host
X-IP
X-Detected-As
L5d-Success-Class
X-Drupal-Cache-Tags
X-Unique-Id
X-CS
Cache-Name
Webserver
Cache-Key
Viewport
Uber-Trace-Id
Time
X-Esi
X-UA-Device-Type
X-Mode
X-UnsetCookies
X-Forwarded-Host
X-Whom
Mime-Version
Accept-Language
X-Daa-Tunnel
X-Origin-CC
X-Origin-TTL
X-Backend-TTL
X-Info
X-Cache-Remote
Rt-Fastcgi-Cache
Country
Content-Disposition
X-CDN-Forward
X-NGENIX-Cache
X-From
X-Varnish-Cache-Hits
X-PERF
X-ApacheServer
Odigeo-Trace-Id
ServedBy
X-B3-Spanid
X-Newrelic-Synthetics
X-Cluster-Name
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
X-Magnolia-Registration
VIX-Pulpo-Upstream-Status
Section-Io-Cache
X-Ruxit-Js-Agent
X-Geo
X-EC-Lua
X-Microcachable
X-CLOUD-TRACE-CONTEXT
X-TT-TIMESTAMP
X-Routing-Service
X-Proxied
X-Zipkin-Id
X-Device-Type
X-Via-Fastly
X-Uri
Ohc-File-Size
X-Trafficlayer-App-Scope
X-Ttl
Cf-Ipcountry
Proxy-Connection
X-Trafficlayer-App-Name
X-Nc
X-Edge-Location
Ohc-Cache-HIT
HitType
X-Transaction
Apple-News-Services-Host
X-Rocket-Build-Number
X-Trv-Group
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Request-Url
X-Sigma-Backend
X-Destination
X-SRCache-Key
BehaviorPad-Version
AsisCache
Access-Control-Request-Headers
X-Twitter-Response-Tags
X-Request-UUID
X-VG-WebCache
X-Region-Sid
X-VG-WebServer
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-VG-TLSProxy
X-GeoIP-Country-Code
X-External-Request-Id
X-Sigma
X-Vdms-Version
X-G
X-Rewrite-Enabled
X-Geo-Header
X-DPWN-IS-SECURE
X-Date
X-A-Ccd
X-A-Dam
X-S-Cookie
X-ScT
X-CF-Lambda-Fn
W
X-A
X-A-Dcw
X-A-Dgt
X-B-Cookie
X-S
X-Application
X-Aed
X-A-Wwc
X-Accel-Expires-Debug
VivaBuild
Viewtype
X-D
X-Session-Fingerprint
GEO-REGION-INFO
Fastcgi-X-Cache-Version
Content-Script-Type
Content-Style-Type
Machine
MD5-Digest
X-CF-Lambda-Version
T-Server
X-Connection-Hash
Rendered-Blocks
Meta-Geo-Continent
Mobile-Detection-Method
X-Rojux
X-ARC
X-No-Session
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Geo-Info
X-Varnish-Beresp-Ttl
X-C
User-Cache-Control
X-UPSTREAM-Address
HA-Ipaddr
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
Fastly-SWR
Gh-Request-Id
X-CGP
X-Contensis-Viewer-Groups
CDCHOST
X-CUA
X-Clientip
Countrycode
X-Cache-Debug
Environment
Fastly-SIE
X-Bip
Powered-By
X-Agile-Id
X-Agile-Age
X-Agile
Server-Surrogate-Control
Server-Cache-Control
X-Rebelmouse-Cache-Control
X-Logging-Id
Locid
X-Cache-ASPX
X-Thanos
X-Auto-Login
X-Rebelmouse-Surrogate-Control
X-App-Name
IsBot
X-SIPLIST1
X-VC-Cache
X-TrackingId
X-Distil-CS
Fastly-SSL
X-Real-IP
X-Varnish-Authentication
X-Developers
X-Wikidot-Static-Cache
X-Eu-Site
X-Tumblr-Pixel-3
X-WebServer
X-Hit
X-Wikidot-Backend
X-Cache-Backend
X-GoCache-CacheStatus
X-Li-Pop
X-Has-Esi
X-Li-Fabric
X-LI-Proto
X-AK-Request-ID
X-FW-Version
X-LI-UUID
X-Gamma-Serve
X-Fetched-On
X-Ms-Version
X-Generation-Time
X-Origin-Date
X-NX-Host
X-Origin-Expires
V-Age
X-OVcl-Cache
X-OVcl
We-Hiring
X-Generated-In
X-Hash
X-Ms-Request-Id
X-Micro-Cache
X-Nginx-Cache-Key
X-NodeID
Web-Mar-Node
X-NU-AKA-ACS-Version
X-Gen-Mode
X-Block-Status
X-Clara-WADP
X-Cms-Context
True-Client-Country-4JS
X-Distributor
X-JWT-State
X-Instart-Isnd
X-Is-Gdpr
X-Dispatcher-Server
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Log
X-Debug-Cache-Expiry
X-Core-Mission
X-Irp-Debug
X-IN-APIGATEWAYSSL
X-Epic-Correlation-Id
X-Debug-Cookies
X-Cache-Bucket
X-Fastly-Cache
X-Labrador-Cache-Channel
X-Backend-State
X-BBXSRF
X-Hnp-Log
X-Cache-Info
X-Cache-URL
X-Cdn-Srv
X-Cache-Time
X-Cache-Tags
X-IN-APIGATEWAY
X-Azure-Ref
X-Proxy-Upstream
X-SVT-ORM-RULES
Country-Code
X-SVT-ORM-VERSION
Cdnsip
Cache-Host
Cdncip
X-Servername
Heartbleed
X-Request-URI
Mail-Subject
Locale
Kp-EeAlive
IBM-Web2-Location
Is-Eu
X-Swa-Ws
X-TH-Server
X-Variation
X-User
X-VServer
X-WADP-Cache
X-Webstats-RespID
X-We-Are-Hiring
X-Urbn-Site-Id
X-Urbn-Context-Path
AKAMAI
X-Trace-Id
Adler-Geo
X-TT-LOGID
X-Up
X-Tec-Api-Origin
X-Server-W
Platform
Server-Int
X-PHP-Host
RNT-Machine
X-RateLimit-Remaining-Second
X-Platform-Server
X-RateLimit-Limit-Second
Server-ID
X-Owner
X-Tec-Api-Version
RNT-Time
Memcached
X-Render-Time
X-Tec-Api-Root
Request-Country
Request-EU
X-GeoIP-City
Wxu-Next-Region
X-Thinkindot-L3
Wxu-Next-Hostname
X-Old-Content-Length
ServerName
X-Air-Hostname
X-Generated-On
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Wxu-Next-Commit
Server-Host
X-Trafficlayer-App-Version
X-Core-Value
X-Service
FNAC-ModuleRouting
Thinkindot-Control
PFcat
X-App-Version
X-Reboot
Fastly-Backend-Name
X-ServiceProvider
X-Matched-Rule
X-Level-Front-Cache
X-Req
X-S-Maxage
X-Internal-Host
X-Var-Ttl
Cache-Hits
X-Cache-Expired-At
Group
X-Lb-Id
X-Nginx-Cache
S-Cnection
Filterid
Pragrma
X-Key
X-Sucuri-Cache
X-Response-By
RequestId
X-Refresh
X-SERVER
X-CF-Powered-By
Powered-By-ChinaCache
X-Location
X-VHOST
X-Parent-Response-Time
X-CSRF-TOKEN
X-TA-CDN-Provider
X-Tb-Optimization-Total-Bytes-Saved
X-Cdn-Forward
X-Correlation-ID
X-NC
X-BACKEND-TTL
X-Wa
Origin
ProcessTime
X-Sucuri-ID
X-B3-Parentspanid
X-Varnish-Cacheable
X-Pjax-Url
X-CSRF-Token
User-Agent
Memory
X-Ua
TTL
X-Via-CDN
X-Pf-Uncompressing
X-B3-SpanId
X-Vcl-Version
Geoip-Latitude
Geoip-City
X-Server-IP
X-Developer
X-Unique-ID
X-NWS-UUID-VERIFY
X-NGINX-Cache
SRV
X-Sn-Servicetimems
GeoIp-Country-Code
PICS-Label
X-LAGOON
X-Ocache
X-Device-Os
X-Cache-Grace
X-Cdn-Origin
X-Oss-Hash-Crc64ecma
X-Node-Id
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Object-Type
X-Cache-Status-Check
X-COUNTRY
On-Server
A
Media-Length
X-MSEdge-Flight
X-Request-Host
X-MSEdge-Features
X-Cdn-Request-ID
Cloudfront-Viewer-Country
X-Litespeed-Cache
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
M-TraceId
Hostname
X-Webkit-CSP
SN
X-Servedbyhost
X-Varnish-Ttl
X-Via-Ucdn
XServer
X-Sucuri-Id
X-TIME
X-HS-Status
Cdn
Tcn
X-FORWARDED-FOR
HostName
X-ServedByHost
X-AIR-PT
X-Varnish-URL
Resin-Trace
X-Reqid
Host-ID
Esi-Enabled
X-Ratelimit-Remaining
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Beluga-Response-Time
X-Beluga-Status
X-Planisys-CDN-TTL
X-Beluga-Record
X-Beluga-Node
Who
X-Cache-Ttl
X-Fastly-Country-Code
X-Beluga-Cache-Status
X-Policy
X-Beluga-Trace
X-Request-Start
CF-Cached-On
X-Slack-Backend
X-Azure-Ref-OriginShield
Request-ID
Rt-Proxy-Cache
Pics-Label
CACHE
X-Fastly-Backend-Reqs
GeoIP-Country-Code
X-Action
X-LiteSpeed-Cache-Control
X-Processor
GeoIP-Latitude
X-Cache-FS-Status
X-Dispatch
X-VCL-Version
X-Bc
X-PAYTM-SRV-ID
X-Zone
Pramga
X-DI
X-DSS
X-RPM
X-DB
X-Server-Time
X-DW
X-RPS
X-RSL
Arc-Country
X-Oracle-Dms-Rid
X-Ftr-Cache-Host
MIME-Version
X-Method
Ttl
X-Hello
X-ABtesting
X-Skip-Cache
X-ND-Cache
X-Varnish-Url
X-Flog
X-APP
GeoIP-City
Magicmarker
NtCoent-Length
X-PF-Uncompressing
X-DC
X-VarnishDD-TTL
X-Newrelic-App-Data
X-FPC
X-PJAX-URL
Fastly-Drupal-HTML
X-Ratelimit-Limit
Cteonnt-Length
X-Served-From
X-Edge-Server
Cdn-Request-Time
Cdn-Host
X-HostName
WebServer
X-Bc-Bl
N-Cache
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-DevSite-Last-Modified
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-BE
X-Svr
Ohc-Response-Time
X-Dynatrace
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Be
X-Backend-Host
Processtime
X-Swift-Error
Servername
X-Dynatrace-Js-Agent
Load-Balancing
X-WA
X-ID
Cache-Provider
Vix-Hermes-Req-Id
X-Aicache-OS
X-WR-MODIFICATION
X-Frame-Option
X-ZONE
X-Branch-Name
X-BC
X-LB-ID
Dynatrace
X-Adobe-Source
Lfy
CDN
Pagetype
DSUID
CF-IPCountry
FSS-Cache
X-Snapshot-Date
FSS-Proxy
X-Fastly-Cache-Hits
X-Fmm-Version
X-MServer
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Requestid
Cache-Cookie-Set-From
X-StackifyID
Trailer
Release
X-CACHE-AGE
X-VCT
Fusion-Deployment-Id
X-VC
X-Apw-Access-Object
X-Apw-Access-Action
X-SB
Warning
X-Configured-By
X-Request-Url
X-Tid
X-Apw-Hits
X-Apw-Access-Token
WZWS-RAY
D-Cc-Upstream
V-Cache
X-Hp-Ccpa-Warning
X-Cc-Via
X-Cc-Req-Id
Proxy-Firewall
X-Scheme
X-Litespeed-Cache-Control
X-Node-ID
X-Fpc
X-Worker
Cneonction
X-Request-URL
X-WPE-Loopback-Upstream-Addr
X-Powered-Y
SD-X-WS
X-SD-PageType
X-App
X-Fastly-Cache-Status
X-Upstream-Ht
X-Upstream-Ct
X-Varnish-Beresp-TTL
Backend-Name
X-ElasticPress-Search
WP-Super-Cache
X-Edge-IP
Correlation-Id
X-Check-Cacheable