Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
X-Dns-Prefetch-Control
X-Cache-Lookup
Request-Id
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Content-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Rating
X-Akam-SW-Version
Edge-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Vname
X-TtlSet
X-PC
X-Goog-Hash
X-TTL
Content-MD5
Verso
X-ESI
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-GoogleNews-Bot
X-Kinja
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-Vcache
X-B3-TraceId
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-ATIME
Ar-Sid
X-Amz-Server-Side-Encryption
AR-Request-ID
AR-PoweredBy
AR-CACHE
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-Navigation-Version
X-MSEdge-Ref
X-Amz-Rid
Display
X-Server-ID
X-Sol
Pagespeed
X-Middleton-Response
X-Middleton-Display
Response
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-VARITI-CCR
X-SharePointHealthScore
X-Fastly-Request-ID
X-Pinterest-Rid
Nginx-Cache
Pinterest-Version
MS-Author-Via
Public-Key-Pins
X-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Fastcgi-Cache
X-Powered-CMS
X-Edge-O15-RID
X-Client-IP
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
SPRequestDuration
X-Amzn-Trace-Id
SPIisLatency
X-Grace
X-Shard
X-Upstream
X-Jurisdiction
X-Hp-Webp
X-Id
X-Cache-TTL
X-Ezoic-Cdn
Front-End-Https
X-Forwarded-For
X-Hits
Fastcgi-Cache
Nel
X-Amz-Meta-S3cmd-Attrs
S
X-T
X-DynaTrace-JS-Agent
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Dw-Request-Base-Id
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend
X-Mobile-URL
X-Varnish-Age
X-Country-Code-Real
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
TP-L2-Cache
TP-Cache
Server-Node
X-Frontend
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
Powered
X-Goog-Metageneration
X-GUploader-UploadID
X-Correlation-Id
X-Goog-Generation
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-Restarts
X-XRDS-Location
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
X-Zen-Fury
X-Content-Options
X-Page-Id
X-Content-Security-Policy-Report-Only
X-User-Agent
Refresh
X-Request-Processing-Time
X-F-Cache
X-Request-Received
X-Akamai-Edgescape
X-Varnish-Grace
X-Origin-Server
X-Rid
X-LB-Cache
X-B
X-Revision
PB-RID
PB-PID
X-Content-Powered-By
Arc-Version
X-Mobile-Rewrite
X-Type
X-XRDS-LOCATION
X-B3-Sampled
Cache-Status
X-Geo-Country
X-Activity-Id
X-Az
X-AppVersion
X-NWS-LOG-UUID
X-Kinsta-Cache
X-TT
X-Cache-Action
X-WebKit-CSP-Report-Only
X-AOL-HN
X-N
Access-Control-Allow-Method
X-App-Environment
X-Debug-Info
X-Jobs
X-Framework
X-Cached-By
X-Request-Guid
X-B-Cache
X-Signature
X-FB-Debug
X-Time
X-Git-Hash
X-Instance
Actual-Object-TTL
X-PHP-Backend
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Cache-Age
X-URL
X-Load-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Webkit-Csp
X-FastCGI-Cache
DC
X-Pad
X-Varnish-Backend
Host-Header
Host
X-ATG-Version
X-WA-Info
X-RateLimit-Remaining
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Shield-Request-Id
X-Via-JSL
MS-CV
X-IPLB-Instance
Surrogate-Key
X-Contextid
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Host-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Cache-Key
Retry-After
Frame-Options
Liferay-Portal
NGB
X-Accel-Buffering
X-Response-Served-From
X-Seen-By
Payment
X-Presslabs-Stats
X-B3-Traceid
X-Cache-NE
X-Hostname
X-Srv
Source
Eomportal-Instance
X-Region
X-Varnish-Server
X-Cache-2
X-Origin-Response-Time
X-Cluster
X-Cacheable-TTL
X-Cache-Enabled
WPE-Backend
X-GeoIP
X-NewRelic-App-Data
X-FW-Hash
X-SS-Set-Cookie
Tracecode
X-IPS-LoggedIn
X-Is-Bot
X-Rendered-As
X-FW-Server
X-FW-Static
Filters
X-FW-Type
X-FW-Serve
Cache-Tv-Group
Server-Info
X-Varnish-Hostname
X-Adobe-Content
X-Ttl
X-Adobe-Loc
X-RequestSource
X-Cache-Rule
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Operation
X-App-Server
FilterID
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
Xserver
X-TX-ID
X-Cache-TTL-Remaining
Accept-CH
X-L-Path
X-Environment-Context
X-FireWall-Port
Cleartype
Accept-Charset
X-Upgrade-Enabled
X-Handled-By
X-Analytics
X-Source
Ms-Operation-Id
X-RTag
X-UA
From-Origin
X-Cache-Server
X-Endurance-Cache-Level
Srv
X-Backend-Name
X-HTML-Minification-Powered-By
Datacenter
X-APP-VERSION
Accept-CH-Lifetime
X-Dc
X-CACHE-KEY
X-UUID
X-Wix-Request-Id
Healthy
X-Daa-Tunnel
X-Cache-Var-Map
X-Cache-Var
X-Path-Route
X-ES-SERVER
Meta-Geo
X-Unique-Id
X-RN-RSRV
GEO-INFO
X-Timing-Wait
X-Tb
X-Akamai-Transformed
X-Status
Selected-Fe
OT-Force-Account-Verify
X-Section
X-Access
X-Proxy-Build
X-Cache-Config
X-Alternate-Cache-Key
X-Request-Time
X-ShardId
X-Content-Age
X-Akamai-Request-ID
Cache-Tags
X-ShopId
X-Ua-Device
X-Format
Akamai-GRN
X-Shopify-Generated-Cart-Token
X-Proto
X-PCL
X-FC-Vary-Parameters
X-EIG-Tracking-Id
X-Webapp-Samesite-None-Activated-N
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Sorting-Hat-ShopId
X-OCL
Mn-Server-Ip
X-Sorting-Hat-PodId
X-Shopify-Stage
Decoy-Debug-TTL
Origin-Cache-Control
Origin-Edge-Control
Node
Ec-Rule-Version
Decoy-Debug-Status
Decoy-Debug-Key
X-Qloud-Router
X-Proxy
X-Origin
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-NYM-Debug-Backend
X-Akamai-Request-ID2
X-Vgn-Hpd-Reason
X-Viewer-Country
X-VWS-Id
X-Web-Node
X-SaId
X-Redis-Cache
X-Human
X-Hyper-Cache
X-Hosted-By
X-Hl-Ver
X-Debug-Cache
X-JoinUs
X-LJ-Flow-ID
X-Soup
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
X-AWS-Id
X-BYPASS-REASON
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Whom
X-Loop
X-MP-GENERATED-AT
X-Storage
X-TNCMS
X-Locale
X-Generated
X-CCM
X-Detected-As
X-Www-Served-By
X-FB-TRIP-ID
X-BCube-Filmed-By
Azure-InstanceId
X-Generated-By
X-FW-Dynamic
X-Pubstack
X-ServerID
X-Time-Microsecs
Now
NGX
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
DB-Nickname
Version
X-Site-Version
Cross-Origin-Window-Policy
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
TWC-GeoIP-LatLong
S-Rt
X-RCS-CacheZone
Property-Id
TWC-Locale-Group
TWC-Privacy
X-NCache
X-Origin-Hint
X-Varnish-Hits
X-IP
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Cluster-Node
X-PressLabs-Stats
X-Amzn-Remapped-Content-Length
X-Backend-TTL
Cache-Key
X-VCache
X-UA-Device-Type
X-RateLimit-Limit
X-NGENIX-Cache
X-Cache-Host
X-Cache-Control
Section-Io-Cache
X-Drupal-Cache-Tags
X-CDN-Forward
X-Mode
X-Esi
X-Forwarded-Host
Webserver
X-Rule
Cache
L5d-Success-Class
Content-Disposition
X-Info
Time
X-UnsetCookies
X-ApacheServer
X-PERF
X-Varnish-Cache-Hits
Cache-Name
Accept-Language
ServedBy
X-Origin-TTL
Rt-Fastcgi-Cache
X-B3-Spanid
Viewport
X-Origin-CC
X-CS
X-Newrelic-Synthetics
Uber-Trace-Id
Mime-Version
X-Cache-Remote
Country
X-Proxied
Odigeo-Trace-Id
X-Routing-Service
X-Device-Type
X-Zipkin-Id
X-Via-Fastly
X-Magnolia-Registration
X-CLOUD-TRACE-CONTEXT
X-Uri
X-From
Proxy-Connection
X-Geo
Filterid
X-Cluster-Name
X-EC-Lua
Access-Control-Request-Headers
X-Real-IP
HitType
X-Drupal-Cache-Contexts
X-Microcachable
X-TT-TIMESTAMP
X-Rojux
X-VG-WebServer
X-VG-WebCache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
AsisCache
Apple-News-Services-Handled
X-PHP-Host
X-Cache-Time
X-Labrador-Cache-Channel
BehaviorPad-Version
Xc-Version
Fastcgi-X-Cache-Version
GEO-REGION-INFO
Content-Style-Type
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Content-Script-Type
X-S
Meta-Geo-Continent
X-S-Cookie
X-B-Cookie
X-CF-Lambda-Version
X-Connection-Hash
X-Rocket-Build-Number
X-ARC
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-Application
X-D
X-Date
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-ScT
X-Geo-Header
X-G
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-Session-Fingerprint
X-A-Dgt
X-A-Dcw
X-Trv-Group
X-Transaction
X-SRCache-Key
X-Sigma-Backend
X-Twitter-Response-Tags
Mobile-Detection-Method
MD5-Digest
X-VG-TLSProxy
X-Vdms-Version
X-Rewrite-Enabled
Rendered-Blocks
T-Server
W
X-A
X-A-Ccd
X-A-Dam
VIX-Pulpo-Upstream-Status
X-Sigma
Viewtype
VivaBuild
VIX-Pulpo-Node
Machine
X-CF-Lambda-Fn
Cf-Ipcountry
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
Group
X-Varnish-Beresp-Ttl
Geo-Info
X-C
Cache-Hits
Ohc-File-Size
User-Cache-Control
Fastly-Soc-X-Request-Id
X-App-Name
Environment
CDCHOST
Powered-By
X-CGP
Countrycode
Fastly-SWR
IsBot
X-Bip
Locid
X-WebServer
X-Backend-State
X-VC-Cache
X-Var-Ttl
HA-Ipaddr
X-Cache-Expired-At
X-Clientip
X-Wikidot-Static-Cache
X-Wikidot-Backend
Ha-Gx-Prefs
X-Cache-Debug
Fastly-SIE
X-Agile-Id
X-Rebelmouse-Cache-Control
X-Thanos
X-Developers
X-OVcl
X-OVcl-Cache
X-Hit
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Distil-CS
X-Eu-Site
X-Cdn-Srv
X-Logging-Id
X-CUA
X-Agile-Age
X-Agile
X-TrackingId
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-GoCache-CacheStatus
Web-Mar-Node
X-Request-URI
X-Azure-Ref
We-Hiring
X-NU-AKA-ACS-Version
X-Origin-Date
X-Servername
X-Owner
X-NX-Host
X-RateLimit-Remaining-Second
X-NodeID
X-RateLimit-Limit-Second
X-Air-Hostname
X-Origin-Expires
X-Proxy-Upstream
X-Platform-Server
X-Cache-Tags
X-Fastly-Cache
X-Fetched-On
X-Li-Fabric
X-Epic-Correlation-Id
X-Distributor
X-Li-Pop
X-Irp-Debug
X-Gen-Mode
X-IN-APIGATEWAY
X-Hash
X-GeoIP-City
X-IN-APIGATEWAYSSL
X-Generated-In
X-Instart-Isnd
X-Dispatcher-Server
X-LI-Proto
X-Cache-Info
X-Cache-URL
X-Cache-Bucket
X-Block-Status
X-BBXSRF
X-Nginx-Cache-Key
X-Ms-Version
X-Ms-Request-Id
X-Debug-Cookies
X-Debug-Log
X-LI-UUID
X-Core-Mission
X-Clara-WADP
X-Micro-Cache
X-No-Session
X-Trace-Id
Server-Cache-Control
Locale
Cache-Host
Server-Surrogate-Control
Adler-Geo
Country-Code
Gh-Request-Id
Is-Eu
Kp-EeAlive
IBM-Web2-Location
Heartbleed
X-Webstats-RespID
X-Auto-Login
X-Cache-ASPX
X-Varnish-Authentication
X-Urbn-Site-Id
AKAMAI
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Urbn-Context-Path
X-JWT-State
X-Cms-Context
X-Contensis-Viewer-Groups
X-Has-Esi
X-Is-Gdpr
X-We-Are-Hiring
Fastly-Backend-Name
RNT-Machine
Mail-Subject
X-Hnp-Log
Request-EU
Request-Country
X-TH-Server
Server-Int
V-Age
True-Client-Country-4JS
X-Nc
X-Swa-Ws
Pragrma
RNT-Time
Memcached
X-Up
X-VServer
X-Variation
Platform
X-WADP-Cache
X-Edge-Location
S-Cnection
Fastly-SSL
X-Server-W
X-Level-Front-Cache
X-Req
X-Generation-Time
X-NC
X-Reboot
X-Tumblr-Pixel-3
X-TT-LOGID
X-Gamma-Serve
X-Trafficlayer-App-Version
X-ServiceProvider
X-Matched-Rule
X-AK-Request-ID
X-Trafficlayer-App-Scope
Cdnsip
X-Thinkindot-L3
X-FW-Version
X-Trafficlayer-App-Name
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
Cdncip
X-Service
Server-ID
Wxu-Next-Commit
Server-Host
PFcat
FNAC-ModuleRouting
X-Core-Value
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Generated-On
Wxu-Next-Hostname
Thinkindot-Control
Wxu-Next-Region
Ohc-Cache-HIT
ServerName
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-VHOST
X-Lb-Id
X-Varnish-Cacheable
X-Response-By
X-Old-Content-Length
X-App-Version
X-SERVER
X-Sucuri-ID
X-UPSTREAM-Address
X-S-Maxage
X-Wa
User-Agent
X-Nginx-Cache
X-Refresh
X-NWS-UUID-VERIFY
X-Node-Id
X-Developer
Powered-By-ChinaCache
RequestId
X-Render-Time
X-Cache-Status-Check
X-CSRF-TOKEN
X-Cache-Backend
X-Parent-Response-Time
Hostname
X-LAGOON
X-User
X-Cache-Grace
X-Device-Os
X-Sn-Servicetimems
X-Cdn-Origin
X-CF-Powered-By
X-Key
X-Ocache
X-Internal-Host
Origin
X-Pjax-Url
A
X-Tb-Optimization-Total-Bytes-Saved
On-Server
X-Sucuri-Cache
X-Pf-Uncompressing
X-CSRF-Token
Geoip-Latitude
Cloudfront-Viewer-Country
X-MSEdge-Flight
Memory
X-Location
Geoip-City
X-Request-Host
X-TA-CDN-Provider
X-Via-CDN
X-MSEdge-Features
SRV
X-NGINX-Cache
X-Ua
GeoIp-Country-Code
PICS-Label
X-COUNTRY
ProcessTime
X-B3-Parentspanid
XServer
X-Varnish-URL
X-Litespeed-Cache
X-Vcl-Version
X-Cdn-Forward
X-Servedbyhost
X-BACKEND-TTL
Resin-Trace
TTL
X-Webkit-CSP
X-Server-IP
X-Varnish-Ttl
X-TIME
Tcn
M-TraceId
X-Rocket-Nginx-Bypass
X-Dynatrace-Js-Agent
Dnion-Transfer-Encoding
SN
X-HS-Status
X-Slack-Backend
X-FORWARDED-FOR
X-Server-Time
X-B3-SpanId
X-Processor
X-Cache-FS-Status
Media-Length
Pramga
X-Unique-ID
Arc-Country
X-Cdn-Request-ID
X-Dispatch
Host-ID
Cdn
X-PAYTM-SRV-ID
X-Ratelimit-Remaining
CACHE
X-Fastly-Country-Code
X-Beluga-Cache-Status
X-ServedByHost
X-Beluga-Trace
X-Beluga-Record
X-Beluga-Node
X-VCL-Version
X-Skip-Cache
X-ND-Cache
X-Action
X-Beluga-Status
X-Beluga-Response-Time
X-Cache-Ttl
X-DC
HostName
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-DSS
X-Ruxit-Js-Agent
Fastly-Drupal-HTML
Who
X-DW
X-RPM
X-RSL
X-RPS
X-DB
X-DI
X-Served-From
Cdn-Request-Time
X-Edge-Server
Cdn-Host
Ttl
Fusion-Deployment-Id
X-DevSite-Last-Modified
X-Correlation-ID
X-Via-Ucdn
N-Cache
MIME-Version
X-Bc-Bl
X-Flog
Pics-Label
X-ABtesting
X-Hello
X-Adobe-Source
GeoIP-Country-Code
X-Reqid
CF-Cached-On
NtCoent-Length
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
X-Backend-Host
X-AIR-PT
X-Varnish-Url
X-VarnishDD-TTL
GeoIP-City
GeoIP-Latitude
Esi-Enabled
Cache-Cookie-Set-From
X-FPC
X-Planisys-CDN-Rules
X-Bc
X-APP
X-Sucuri-Id
X-Zone
Cache-Cookie-Set-Idcheck
X-Planisys-CDN-Cache
X-Ratelimit-Limit
X-Planisys-CDN-TTL
X-PJAX-URL
X-PF-Uncompressing
X-Policy
Cache-Cookie-Set-Lfrom
X-HostName
Trailer
X-Fastly-Backend-Reqs
WebServer
X-Fmm-Version
Cteonnt-Length
X-Request-Start
X-Azure-Ref-OriginShield
X-Scheme
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-BE
X-Amzn-Remapped-Connection
Processtime
X-Amzn-Remapped-Date
X-Fpc
X-Dynatrace
Rt-Proxy-Cache
X-Swift-Error
Servername
X-Newrelic-App-Data
CF-IPCountry
Magicmarker
FSS-Proxy
FSS-Cache
X-ZONE
Requestid
X-ID
X-Cache-Id
X-SN
Cache-Provider
X-WA
X-Esi-Check
X-BC
X-Frame-Option
X-WR-MODIFICATION
Sid
Lb
Release
SD-X-WS
X-Gzip
X-Cache-NGX
X-SD-PageType
X-Snapshot-Date
X-Branch-Name
X-Method
X-StackifyID
X-LB-ID
Dynatrace
CDN
Load-Balancing
X-CACHE-AGE
X-Instart-Info
X-ECACHE
X-Configured-By
L
X-Aicache-OS
X-Compress-Hint
X-VCT
X-Request-Url
X-Wix-Viewer-Type
X-Cc-Req-Id
X-SB
X-VC
D-Cc-Upstream
Warning
X-Fastly-Cache-Hits
V-Cache
X-Tid
WZWS-RAY
X-Cc-Via
X-Node-ID
X-Litespeed-Cache-Control
SID
Request-Time
X-Nananana
LB
Proxy-Firewall
Ohc-Response-Time
Server-Id
X-Worker
X-ElasticPress-Search
X-WPE-Loopback-Upstream-Addr
X-Powered-Y
X-Request-URL
X-Varnish-Beresp-TTL
X-Check-Cacheable
WP-Super-Cache
X-Apw-Hits
X-Fastly-Cache-Status
X-App
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
Cneonction
X-GEO