Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Server-Timing
Feature-Policy
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Ua-Compatible
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Ac
X-Node
Surrogate-Control
Content-Location
X-Vhost
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Dispatcher
X-Cache-Lookup
Request-Id
X-Dns-Prefetch-Control
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Source
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-Clacks-Overhead
Rating
X-Country
X-Rack-Cache
X-DataDome
X-Akam-SW-Version
Edge-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch
X-Country-Code
X-Instart-Request-ID
X-FTR-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-TTL
Verso
Content-MD5
X-ESI
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Kinja
RTSS
X-Version
X-Forwarded-Proto
X-Server-Name
X-MS-InvokeApp
X-Vcache
X-D2id
X-B3-TraceId
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-Request-ID
AR-CACHE
Ar-Sid
AR-ATIME
AR-PoweredBy
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
X-Vcap-Request-Id
X-Navigation-Version
X-NF-Request-ID
Charset
X-MSEdge-Ref
Pagespeed
X-Middleton-Response
X-Middleton-Display
Response
X-Sol
Display
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Server-ID
X-TEC-API-VERSION
TCN
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-VARITI-CCR
X-Fastly-Request-ID
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
Nginx-Cache
MS-Author-Via
X-Cdn
Public-Key-Pins
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-Powered-CMS
X-Fastcgi-Cache
X-Client-IP
X-Edge-O15-RID
Realpath
Cache-Tag
X-Ser
Access-Control-Request-Method
X-Content-Type
MRF-Tech
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
X-Grace
X-Amzn-Trace-Id
X-Upstream
X-Shard
X-Jurisdiction
X-Hp-Webp
X-Id
X-Cache-TTL
X-Ezoic-Cdn
X-Forwarded-For
X-Hits
Front-End-Https
Fastcgi-Cache
Nel
X-T
S
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Version
DynaTrace
X-Recruiting
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Mobile-URL
X-FTR-DC
X-FTR-Realm
X-FTR-Expires
X-FTR-Cache-Status
X-FTR-Backend
X-Country-Code-Real
X-Varnish-Age
MicrosoftSharePointTeamServices
X-FTR-Backend-Server
X-FTR-Balancer
ServerID
NR-ENABLED
X-DIS-Request-ID
Server-Node
TP-L2-Cache
TP-Cache
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Powered
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-HS-Cache-Config
X-HS-Combine-CSS
X-Correlation-Id
X-HS-Hub-Id
X-HS-Content-Id
X-Frontend
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
Fastly-Restarts
X-Amz-Apigw-Id
X-Amzn-RequestId
X-XRDS-Location
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-FTR-Cache-Host
Backend-Timing
X-ATS-Timestamp
X-Content-Options
X-Zen-Fury
X-Page-Id
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-Request-Received
X-User-Agent
Refresh
X-Varnish-Grace
X-F-Cache
X-Akamai-Edgescape
X-Origin-Server
X-Rid
X-LB-Cache
X-Revision
PB-PID
PB-RID
X-Content-Powered-By
X-B
X-Mobile-Rewrite
Arc-Version
X-Type
X-XRDS-LOCATION
X-B3-Sampled
Cache-Status
X-Geo-Country
X-Az
X-Activity-Id
X-AppVersion
X-NWS-LOG-UUID
X-Kinsta-Cache
X-Cache-Action
X-TT
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Request-Guid
X-Jobs
X-Framework
X-N
X-Cached-By
X-App-Environment
X-Debug-Info
X-FB-Debug
X-PHP-Backend
X-Instance
X-Signature
X-B-Cache
Actual-Object-TTL
X-Time
X-Git-Hash
Access-Control-Allow-Method
X-Tumblr-Pixel-0
X-Tumblr-Pixel
Paypal-Debug-Id
X-Tumblr-User
X-Cache-Age
X-URL
X-Load-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Webkit-Csp
DC
X-FastCGI-Cache
X-Varnish-Backend
X-Pad
Host-Header
Host
X-ATG-Version
X-WA-Info
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-RateLimit-Remaining
X-Shield-Request-Id
X-Via-JSL
MS-CV
X-IPLB-Instance
Surrogate-Key
X-Contextid
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Host-Name
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Retry-After
X-Cache-Key
Liferay-Portal
NGB
X-Response-Served-From
X-Accel-Buffering
X-Presslabs-Stats
Payment
X-Seen-By
Frame-Options
Source
X-Hostname
X-Srv
X-Cache-NE
X-Region
Eomportal-Instance
X-Cache-2
X-Varnish-Server
X-Origin-Response-Time
X-Cacheable-TTL
X-SS-Set-Cookie
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
WPE-Backend
Filters
X-GeoIP
Tracecode
X-Cache-Enabled
X-NewRelic-App-Data
X-IPS-LoggedIn
X-Cluster
Cache-Tv-Group
X-Rendered-As
X-Is-Bot
Server-Info
X-Adobe-Loc
X-B3-Traceid
X-Adobe-Content
X-RequestSource
X-Ttl
X-Tumblr-Pixel-1
X-Cache-Rule
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-App-Server
X-Cache-Operation
X-ProcessESI
FilterID
X-RemovedCookies
X-EdgeConnect-Cache-Status
Xserver
X-Cache-TTL-Remaining
X-TX-ID
Accept-CH
X-L-Path
X-Environment-Context
X-FireWall-Port
Cleartype
X-Upgrade-Enabled
X-Handled-By
Accept-Charset
X-Analytics
Ms-Operation-Id
X-RTag
X-Source
X-Cache-Server
X-UA
From-Origin
X-Backend-Name
X-Endurance-Cache-Level
Srv
X-HTML-Minification-Powered-By
X-Dc
Accept-CH-Lifetime
Datacenter
X-UUID
X-APP-VERSION
X-CACHE-KEY
X-Daa-Tunnel
X-Wix-Request-Id
Healthy
X-Path-Route
X-Cache-Var
X-Unique-Id
X-ES-SERVER
X-Cache-Var-Map
Meta-Geo
GEO-INFO
X-RN-RSRV
X-Proxy-Build
Selected-Fe
X-Tb
X-Timing-Wait
X-Section
X-Access
X-Status
X-Request-Time
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-Alternate-Cache-Key
Mn-Server-Ip
X-EIG-Tracking-Id
X-Ua-Device
X-Akamai-Request-ID
X-Format
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
Akamai-GRN
X-Webapp-Samesite-None-Activated-N
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-FC-Vary-Parameters
X-Akamai-Transformed
X-Proto
OT-Force-Account-Verify
X-ShardId
X-Hl-Ver
X-Hosted-By
X-Web-Node
X-JoinUs
X-Hyper-Cache
X-Human
Origin-Edge-Control
X-SayCDN-TTL
Cache-Tags
X-PCL
Node
X-Say-TTL
X-Say-Cacheable
X-Redis-Cache
Ec-Rule-Version
X-SaId
X-Qloud-Router
X-OCL
X-Proxy
X-Cache-Config
X-Soup
X-NYM-Debug-Backend
X-Vgn-Hpd-Reason
Origin-Cache-Control
X-Debug-Cache
X-CCM
X-BYPASS-REASON
Version
Azure-SlotName
X-AWS-Id
Decoy-Debug-TTL
X-MP-GENERATED-AT
NGX
X-Akamai-Request-ID2
X-Loop
X-FW-Dynamic
Azure-SiteName
X-Site-Version
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
Azure-Version
X-Generated-By
X-Locale
X-Generated
X-TNCMS
X-FB-TRIP-ID
X-VWS-Id
X-Viewer-Country
X-ServerID
X-Www-Served-By
Azure-RegionName
X-LJ-Flow-ID
X-Origin
Azure-InstanceId
X-Detected-As
X-BCube-Filmed-By
Decoy-Debug-Status
X-Yottaa-Optimizations
X-Whom
X-Yottaa-Metrics
Decoy-Debug-Key
X-Origin-Hint
Webcakes-Region
X-Pubstack
X-NCache
X-R9-Blue-Green-Version
TWC-Privacy
Webcakes-App-Version
X-RCS-CacheZone
X-Time-Microsecs
X-IP
TWC-Device-Class
TWC-Connection-Speed
DB-Nickname
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Cross-Origin-Window-Policy
TWC-Locale-Group
Property-Id
S-Rt
Now
Webcakes-App-Name
X-PressLabs-Stats
X-Amzn-Remapped-Content-Length
X-Varnish-Hits
X-Storage
X-Backend-TTL
X-UA-Device-Type
X-VCache
X-NGENIX-Cache
Cache-Key
X-Cluster-Node
X-Xfnlog-Site
X-RateLimit-Limit
X-Cache-Control
Section-Io-Cache
X-Cache-Host
X-Mode
X-Esi
X-Forwarded-Host
X-CDN-Forward
X-Drupal-Cache-Tags
Webserver
Cache
X-Rule
L5d-Success-Class
X-Info
Time
Content-Disposition
X-UnsetCookies
Cache-Name
X-Varnish-Cache-Hits
Accept-Language
X-CS
X-Origin-TTL
X-PERF
Viewport
X-Origin-CC
X-Newrelic-Synthetics
X-ApacheServer
X-B3-Spanid
Rt-Fastcgi-Cache
ServedBy
Uber-Trace-Id
X-Cache-Remote
Mime-Version
X-Zipkin-Id
X-Routing-Service
X-Device-Type
X-Proxied
Odigeo-Trace-Id
Country
X-Via-Fastly
X-Magnolia-Registration
X-CLOUD-TRACE-CONTEXT
X-Uri
X-From
Proxy-Connection
X-Cluster-Name
X-Geo
Filterid
X-Real-IP
Access-Control-Request-Headers
X-EC-Lua
HitType
X-Drupal-Cache-Contexts
X-Microcachable
X-TT-TIMESTAMP
Fastcgi-X-Cache-Version
Apple-News-Services-Request-Url
AsisCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
BehaviorPad-Version
Content-Script-Type
MD5-Digest
Machine
GEO-REGION-INFO
Content-Style-Type
Meta-Geo-Continent
X-A-Dgt
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rocket-Build-Number
X-Rewrite-Enabled
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Sigma
X-Sigma-Backend
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-G
X-External-Request-Id
X-A
W
X-A-Ccd
X-A-Dam
X-A-Dcw
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Rendered-Blocks
T-Server
Viewtype
VivaBuild
X-A-Wwc
X-Accel-Expires-Debug
X-Connection-Hash
X-Date
X-Destination
X-DPWN-IS-SECURE
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Aed
X-Application
X-ARC
X-B-Cookie
Mobile-Detection-Method
X-D
Cf-Ipcountry
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
Geo-Info
X-Cache-Time
Cache-Hits
X-C
X-Labrador-Cache-Channel
X-PHP-Host
X-CGP
X-Clientip
Countrycode
Environment
X-Logging-Id
X-OVcl-Cache
X-Bip
X-TrackingId
X-OVcl
X-Hit
X-CUA
HA-Ipaddr
X-Eu-Site
IsBot
Ha-Gx-Prefs
X-Distil-CS
Fastly-SIE
Fastly-SWR
X-Cdn-Srv
X-VC-Cache
X-Cache-Expired-At
X-App-Name
X-Wikidot-Static-Cache
Fastly-Soc-X-Request-Id
X-Rebelmouse-Surrogate-Control
X-Wikidot-Backend
X-SIPLIST1
X-Agile-Age
X-Thanos
X-Agile-Id
Group
X-Rebelmouse-Cache-Control
X-Agile
Powered-By
X-Backend-State
X-Var-Ttl
X-Developers
User-Cache-Control
X-GoCache-CacheStatus
Ohc-File-Size
X-Contensis-Viewer-Groups
X-Cache-Debug
X-Cache-Bucket
X-Is-Gdpr
X-Debug-Log
X-Distributor
X-Cache-Info
X-JWT-State
X-Tec-Api-Version
X-Cache-URL
X-Azure-Ref
X-Core-Mission
X-Cache-Tags
X-Has-Esi
X-Debug-Cookies
X-IN-APIGATEWAYSSL
Gh-Request-Id
X-Nc
X-Servername
Server-Cache-Control
Server-Surrogate-Control
X-Owner
X-Platform-Server
X-Swa-Ws
X-TH-Server
X-We-Are-Hiring
X-VServer
X-WebServer
X-Webstats-RespID
X-Trace-Id
X-Up
X-Origin-Expires
X-Origin-Date
X-Hash
X-IN-APIGATEWAY
X-GeoIP-City
X-Cache-ASPX
X-Fastly-Cache
X-Fetched-On
X-Tec-Api-Root
X-Instart-Isnd
X-NU-AKA-ACS-Version
X-NX-Host
X-Nginx-Cache-Key
X-Micro-Cache
X-Irp-Debug
X-Auto-Login
X-Epic-Correlation-Id
X-BBXSRF
AKAMAI
X-SVT-ORM-RULES
Request-Country
Request-EU
Server-Int
X-Varnish-Authentication
X-SVT-ORM-VERSION
Memcached
Country-Code
CDCHOST
Fastly-Backend-Name
IBM-Web2-Location
Locid
Kp-EeAlive
X-Tec-Api-Origin
Heartbleed
X-Edge-Location
Fastly-SSL
S-Cnection
X-Trafficlayer-App-Name
X-Hnp-Log
X-Dispatcher-Server
V-Age
X-Thinkindot-L3
X-Li-Fabric
X-Level-Front-Cache
Thinkindot-Control
X-Trafficlayer-App-Scope
Thinkindot-CacheControl-Type
X-Urbn-Context-Path
Thinkindot-CacheControl
Is-Eu
X-Cms-Context
X-Trafficlayer-App-Version
X-Generated-In
X-Li-Pop
X-Gen-Mode
X-Urbn-Site-Id
X-LI-UUID
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Reboot
X-Service
X-NC
Locale
X-Request-URI
Adler-Geo
X-NodeID
X-Matched-Rule
True-Client-Country-4JS
X-Debug-Cache-Expiry
Cache-Host
X-Ms-Request-Id
X-No-Session
X-Ms-Version
X-LI-Proto
X-Generated-On
X-Block-Status
Platform
X-Debug-Cache-Store
X-FW-Version
X-TT-LOGID
PFcat
We-Hiring
Web-Mar-Node
X-Generation-Time
Wxu-Next-Commit
X-Gamma-Serve
Server-Host
Server-ID
X-Server-W
X-WADP-Cache
Wxu-Next-Region
RNT-Time
Wxu-Next-Hostname
RNT-Machine
X-Air-Hostname
X-Debug-Cache-Fetch
Pragrma
Mail-Subject
ServerName
X-Clara-WADP
X-Tumblr-Pixel-3
X-Core-Value
X-Variation
X-VHOST
X-AK-Request-ID
X-Varnish-Cacheable
X-Oss-Object-Type
X-Oss-Server-Time
Cdncip
Cdnsip
X-ServiceProvider
X-Req
Ohc-Cache-HIT
X-Response-By
X-Oss-Hash-Crc64ecma
FNAC-ModuleRouting
X-Lb-Id
X-SERVER
X-Oss-Request-Id
X-App-Version
X-Oss-Storage-Class
X-Sucuri-ID
X-UPSTREAM-Address
User-Agent
X-Nginx-Cache
X-S-Maxage
X-Wa
X-Refresh
X-Old-Content-Length
X-Node-Id
X-NWS-UUID-VERIFY
X-Render-Time
X-Developer
RequestId
Powered-By-ChinaCache
X-Cache-Status-Check
X-Parent-Response-Time
X-Cache-Backend
X-CSRF-TOKEN
X-Cache-Grace
X-Cdn-Origin
Hostname
X-Sn-Servicetimems
X-User
X-Device-Os
X-CF-Powered-By
X-Ocache
X-Key
X-LAGOON
X-Internal-Host
Origin
X-Sucuri-Cache
X-Pf-Uncompressing
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
A
X-CSRF-Token
On-Server
Geoip-Latitude
Geoip-City
Memory
X-TA-CDN-Provider
X-Location
Cloudfront-Viewer-Country
X-Via-CDN
X-MSEdge-Features
X-MSEdge-Flight
X-Request-Host
X-Ua
X-NGINX-Cache
SRV
GeoIp-Country-Code
PICS-Label
ProcessTime
X-COUNTRY
X-B3-Parentspanid
X-Vcl-Version
Resin-Trace
X-BACKEND-TTL
XServer
X-Webkit-CSP
X-Litespeed-Cache
X-Varnish-URL
TTL
X-Cdn-Forward
M-TraceId
X-Server-IP
X-Servedbyhost
X-Varnish-Ttl
X-TIME
Dnion-Transfer-Encoding
SN
Tcn
X-Slack-Backend
X-HS-Status
X-Rocket-Nginx-Bypass
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
Cdn
Arc-Country
X-Server-Time
X-Processor
X-B3-SpanId
Host-ID
X-Dispatch
X-Cdn-Request-ID
X-PAYTM-SRV-ID
X-Unique-ID
Pramga
Media-Length
CACHE
X-Ratelimit-Remaining
X-Cache-Ttl
X-Action
X-ServedByHost
X-Beluga-Trace
X-Skip-Cache
X-Beluga-Node
X-Cache-FS-Status
X-Beluga-Cache-Status
X-Beluga-Record
X-ND-Cache
X-Fastly-Country-Code
X-Beluga-Status
X-Beluga-Response-Time
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
HostName
Section-Origin-Responded
X-DC
Who
X-RPM
X-Edge-Server
Fastly-Drupal-HTML
Cdn-Request-Time
X-DB
Cdn-Host
X-VCL-Version
X-RSL
X-DSS
X-RPS
X-Served-From
X-DW
X-DI
N-Cache
Fusion-Deployment-Id
Ttl
X-Correlation-ID
X-Via-Ucdn
X-DevSite-Last-Modified
MIME-Version
GeoIP-Country-Code
X-Adobe-Source
X-Reqid
X-ABtesting
Pics-Label
X-Flog
X-Hello
X-LiteSpeed-Cache-Control
X-Ruxit-Js-Agent
X-Oracle-Dms-Rid
NtCoent-Length
GeoIP-City
X-Bc-Bl
X-VarnishDD-TTL
X-Varnish-Url
Esi-Enabled
X-Backend-Host
GeoIP-Latitude
X-AIR-PT
CF-Cached-On
X-APP
Cache-Cookie-Set-Idcheck
X-Sucuri-Id
X-Policy
X-Planisys-CDN-Cache
X-PF-Uncompressing
X-Ratelimit-Limit
X-FPC
Cache-Cookie-Set-Lfrom
X-Planisys-CDN-TTL
Cache-Cookie-Set-From
X-Planisys-CDN-Rules
Trailer
X-HostName
X-Zone
X-Fastly-Backend-Reqs
X-Request-Start
X-SRV
X-Azure-Ref-OriginShield
X-Bc
X-PJAX-URL
Cteonnt-Length
WebServer
X-Scheme
Amp-Access-Control-Allow-Source-Origin
X-Dynatrace
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Rt-Proxy-Cache
X-Fmm-Version
Processtime
X-Fpc
X-BE
Servername
X-Swift-Error
CF-IPCountry
X-Newrelic-App-Data
X-WA
X-ZONE
X-SN
FSS-Cache
FSS-Proxy
X-BC
Cache-Provider
Magicmarker
X-ID
X-Frame-Option
X-WR-MODIFICATION
X-Snapshot-Date
Dynatrace
SD-X-WS
Load-Balancing
Sid
Lb
X-Branch-Name
X-LB-ID
CDN
X-SD-PageType
X-Cache-Id
X-StackifyID
Requestid
X-Esi-Check
Release
X-Method
X-Cache-NGX
X-CACHE-AGE
L
X-Tid
X-Configured-By
X-Request-Url
X-ECACHE
WZWS-RAY
X-Gzip
X-Fastly-Cache-Hits
X-VC
X-SB
X-Compress-Hint
Warning
D-Cc-Upstream
X-Aicache-OS
X-Wix-Viewer-Type
V-Cache
X-Cc-Via
X-Cc-Req-Id
X-VCT
X-Instart-Info
X-Litespeed-Cache-Control
X-Node-ID
Request-Time
SID
Proxy-Firewall
LB
X-Nananana
X-Worker
X-WPE-Loopback-Upstream-Addr
X-Powered-Y
Ohc-Response-Time
X-Request-URL
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
X-ElasticPress-Search
WP-Super-Cache
X-Apw-Access-Action
X-App
X-Apw-Access-Object
Cneonction
X-Apw-Hits
X-Apw-Access-Token
X-GEO