Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
CF-Ray
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
Server-Timing
X-Varnish-Cache
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
X-Dispatcher
Request-Id
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Ruxit-JS-Agent
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
P3p
X-Dns-Prefetch-Control
X-Rack-Cache
X-Clacks-Overhead
Edge-Control
Rating
X-Akam-SW-Version
X-Country
Pinterest-Generated-By
Allow
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
Accept-Ch
X-TtlSet
X-PC
X-Vname
Verso
Content-MD5
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Vcache
X-Url
X-B3-TraceId
X-Version
X-Forwarded-Proto
X-Kinja-Build
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Id
X-Use-Magma
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-ID
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-CACHE
AR-ATIME
Ar-Sid
AR-Request-ID
AR-PoweredBy
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-Sol
X-Middleton-Display
X-Middleton-Response
Pagespeed
Response
Display
X-Vcap-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Navigation-Version
X-MSEdge-Ref
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-VARITI-CCR
X-Cdn
X-Powered-CMS
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Fastly-Request-ID
X-Edge-O15-RID
Nginx-Cache
MS-Author-Via
X-Fastcgi-Cache
X-Client-IP
Realpath
Cache-Tag
X-Trace
X-Ser
Access-Control-Request-Method
X-Content-Type
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Shard
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-DynaTrace-JS-Agent
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Ezoic-Cdn
X-Grace
X-Id
X-Hp-Webp
X-Upstream
X-Jurisdiction
S
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Hits
Nel
X-T
X-Cache-TTL
Fastcgi-Cache
X-Forwarded-For
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Varnish-Age
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Expires
X-Mobile-URL
X-FTR-Backend
X-Content-Digest
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Balancer
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
X-HS-Combine-CSS
X-Frontend
TP-L2-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
TP-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Metageneration
X-CST
Powered
X-Logged-In
Alternate-Protocol
Server-Name
X-Correlation-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
X-XRDS-Location
Upgrade-Insecure-Requests
Fastly-Restarts
X-FTR-Cache-Host
X-Cache-Hit
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-Request-Processing-Time
X-Request-Received
X-Page-Id
AMP-Access-Control-Allow-Source-Origin
X-User-Agent
X-Content-Options
Refresh
X-Zen-Fury
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Varnish-Grace
X-Akamai-Edgescape
X-Rid
X-Revision
X-Content-Powered-By
X-Type
X-B
X-LB-Cache
PB-RID
PB-PID
X-XRDS-LOCATION
X-Mobile-Rewrite
Arc-Version
X-B3-Sampled
X-URL
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Az
Cache-Status
X-Kinsta-Cache
X-N
X-Cache-Age
X-Cache-Action
X-TT
X-AOL-HN
X-Framework
X-Jobs
X-Debug-Info
X-B-Cache
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Signature
X-Request-Guid
X-FB-Debug
X-Load-Cache
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
Paypal-Debug-Id
X-Cached-By
Actual-Object-TTL
X-Git-Hash
X-PHP-Backend
X-App-Environment
X-NWS-LOG-UUID
X-Pad
Fastcgi-Useragent
DC
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Time
X-FastCGI-Cache
X-Webkit-Csp
X-Amz-Replication-Status
X-Shield-Request-Id
X-Varnish-Backend
X-RateLimit-Remaining
Host-Header
X-WA-Info
Surrogate-Key
X-ATG-Version
MS-CV
Host
X-Contextid
X-IPLB-Instance
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Accept-CH
X-Mobile
X-Cache-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
X-Accel-Buffering
X-Response-Served-From
NGB
Frame-Options
Payment
X-SS-Set-Cookie
Source
X-Cache-NE
Retry-After
Tracecode
Eomportal-Instance
X-Region
X-Cache-2
X-Varnish-Server
X-Origin-Response-Time
X-FW-Static
X-FW-Type
X-GeoIP
X-FW-Server
Filters
X-FW-Hash
X-FW-Serve
X-Cacheable-TTL
X-Is-Bot
WPE-Backend
X-Cluster
X-Rendered-As
X-Hostname
X-Adobe-Loc
X-IPS-LoggedIn
X-Adobe-Content
X-Varnish-Hostname
X-Seen-By
X-Cache-Enabled
Cache-Tv-Group
X-Cache-Operation
X-Tumblr-Pixel-1
X-Cache-Rule
X-RequestSource
X-Tumblr-Pixel-2
X-NewRelic-App-Data
Liferay-Portal
Server-Info
X-Analytics
FilterID
X-Presslabs-Stats
Accept-CH-Lifetime
Xserver
X-EdgeConnect-Cache-Status
X-TX-ID
X-RemovedCookies
X-ProcessESI
X-App-Server
X-Srv
X-Cache-TTL-Remaining
X-Webapp-Samesite-None-Activated-N
Cleartype
X-B3-Traceid
X-Environment-Context
X-L-Path
X-Dc
X-FireWall-Port
X-Endurance-Cache-Level
X-Handled-By
Ms-Operation-Id
X-RTag
X-Source
X-Upgrade-Enabled
X-UA
X-HTML-Minification-Powered-By
X-Cache-Server
From-Origin
Datacenter
X-Backend-Name
Srv
Accept-Charset
X-CACHE-KEY
X-APP-VERSION
X-Esi
X-PressLabs-Stats
X-UUID
X-Cache-Var-Map
GEO-INFO
X-Path-Route
Meta-Geo
X-RN-RSRV
X-ES-SERVER
X-Cache-Var
X-Tb
X-Access
X-Wix-Request-Id
Selected-Fe
X-Section
X-Proxy-Build
OT-Force-Account-Verify
X-Timing-Wait
X-Format
X-Sorting-Hat-ShopId
X-Cache-Config
X-Alternate-Cache-Key
X-ShopId
X-Proto
X-Request-Time
X-Sorting-Hat-PodId
X-Goog-Meta-Goog-Reserved-File-Mtime
Mn-Server-Ip
X-ShardId
Cache-Tags
X-EIG-Tracking-Id
X-Shopify-Stage
X-Akamai-Request-ID
X-Content-Age
X-Shopify-Generated-Cart-Token
X-Akamai-Request-ID2
X-AWS-Id
X-Hl-Ver
X-BYPASS-REASON
X-SaId
X-Origin
X-NYM-Debug-Backend
X-Proxy-Cache-Status
X-Akamai-Transformed
X-ProxyCache-Status
X-Soup
X-LJ-Flow-ID
X-JoinUs
X-Qloud-Router
Akamai-GRN
X-OCL
X-FC-Vary-Parameters
X-VWS-Id
X-Vgn-Hpd-Reason
X-PCL
X-Status
X-ProxyCache-Key
Healthy
NGX
X-ServerID
Ec-Rule-Version
Node
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-FW-Dynamic
X-FB-TRIP-ID
X-Detected-As
X-Hosted-By
X-Proxy
X-Locale
X-Hyper-Cache
X-Cluster-Node
X-MP-GENERATED-AT
X-BCube-Filmed-By
Decoy-Debug-TTL
Version
Now
Decoy-Debug-Status
Decoy-Debug-Key
X-Pubstack
Cross-Origin-Window-Policy
DB-Nickname
X-CCM
X-Loop
Origin-Cache-Control
X-Www-Served-By
Origin-Edge-Control
X-Debug-Cache
X-Web-Node
X-Viewer-Country
X-Human
X-TNCMS
X-Time-Microsecs
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Storage
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
X-Redis-Cache
Webcakes-App-Version
TWC-Locale-Group
X-Amzn-Remapped-Content-Length
X-IP
X-Varnish-Hits
S-Rt
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-Generated
Webcakes-Region
X-RCS-CacheZone
X-Generated-By
X-Site-Version
X-Origin-Hint
Azure-SiteName
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Property-Id
X-Cache-Control
X-NCache
X-RateLimit-Limit
X-Cache-Host
X-Unique-Id
Cache
X-Whom
Cache-Key
X-Daa-Tunnel
X-Rule
X-Drupal-Cache-Tags
X-UA-Device-Type
X-NGENIX-Cache
L5d-Success-Class
X-Forwarded-Host
X-Mode
Webserver
Time
X-VHOST
Cache-Name
Viewport
X-Backend-TTL
X-CS
X-UnsetCookies
Section-Io-Cache
X-Info
Content-Disposition
Accept-Language
X-B3-Spanid
Uber-Trace-Id
X-Origin-TTL
X-Origin-CC
X-CDN-Forward
Rt-Fastcgi-Cache
X-ApacheServer
X-Varnish-Cache-Hits
X-Newrelic-Synthetics
X-PERF
Mime-Version
ServedBy
Country
Odigeo-Trace-Id
X-Cache-Remote
X-VCache
X-CLOUD-TRACE-CONTEXT
X-Proxied
X-Device-Type
X-Magnolia-Registration
X-Routing-Service
X-From
X-EC-Lua
X-Zipkin-Id
X-Via-Fastly
X-Cluster-Name
Filterid
X-Ttl
X-Uri
X-Drupal-Cache-Contexts
Proxy-Connection
X-Microcachable
X-TT-TIMESTAMP
HitType
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Nc
X-Real-IP
Access-Control-Request-Headers
X-Geo
Ohc-File-Size
Cf-Ipcountry
Xc-Version
Content-Script-Type
Content-Style-Type
MD5-Digest
BehaviorPad-Version
Mobile-Detection-Method
Apple-News-Services-Request-Url
Viewtype
Apple-News-Services-Handled
VivaBuild
T-Server
Apple-News-Services-Parsed-Url
AsisCache
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-A-Wwc
W
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-A-Dam
X-Accel-Expires-Debug
Meta-Geo-Continent
X-Varnish-Beresp-Grace
Rendered-Blocks
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Machine
X-Aed
X-A
X-Vdms-Version
X-G
X-Geo-Header
X-GeoIP-Country-Code
X-Transaction
Apple-News-Services-Host
X-DPWN-IS-SECURE
X-Date
X-Destination
X-Twitter-Response-Tags
X-Trv-Group
X-SRCache-Key
X-Region-Sid
X-ScT
X-Sigma-Backend
X-Sigma
X-Session-Fingerprint
X-S-Cookie
X-S
X-Request-UUID
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Rojux
X-D
X-External-Request-Id
X-CF-Lambda-Fn
X-VG-WebServer
X-ARC
X-VG-WebCache
X-VG-TLSProxy
X-Vtex-Processado-Em
X-CF-Lambda-Version
X-Application
X-B-Cookie
X-Vtex-Remote-Cache
X-Connection-Hash
X-C
Geo-Info
Fastly-SWR
X-Agile
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-Agile-Age
X-SIPLIST1
X-WebServer
CDCHOST
IsBot
Environment
Countrycode
Fastly-SIE
X-Rebelmouse-Cache-Control
X-Eu-Site
X-App-Name
X-Cache-Expired-At
X-Distil-CS
X-CGP
X-Var-Ttl
X-Clientip
X-Developers
X-Cache-Debug
Powered-By
X-Logging-Id
X-CUA
X-Rebelmouse-Surrogate-Control
X-Backend-State
X-Thanos
X-VC-Cache
X-Hit
X-Bip
Locid
X-Agile-Id
X-PHP-Host
X-Cache-Time
Group
X-Labrador-Cache-Channel
User-Cache-Control
Cache-Hits
X-No-Session
X-GoCache-CacheStatus
Fastly-SSL
X-NodeID
X-Origin-Date
X-NX-Host
X-Nginx-Cache-Key
X-Ms-Version
X-LI-UUID
X-LI-Proto
X-Ms-Request-Id
V-Age
We-Hiring
True-Client-Country-4JS
X-Core-Mission
Server-ID
Server-Cache-Control
X-RateLimit-Limit-Second
RNT-Time
Server-Int
Server-Surrogate-Control
X-OVcl
X-Li-Pop
X-OVcl-Cache
X-Owner
X-Platform-Server
X-Origin-Expires
X-Air-Hostname
X-Distributor
X-Cache-Tags
X-Epic-Correlation-Id
X-Cache-ASPX
X-Fetched-On
X-Dispatcher-Server
X-Cdn-Srv
X-Contensis-Viewer-Groups
X-Cms-Context
X-Debug-Cookies
X-Debug-Log
X-Gamma-Serve
X-Generated-In
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Is-Gdpr
RNT-Machine
X-JWT-State
X-IN-APIGATEWAY
X-Hash
X-Azure-Ref
X-Auto-Login
X-GeoIP-City
X-Has-Esi
X-Li-Fabric
X-Proxy-Upstream
X-RateLimit-Remaining-Second
Gh-Request-Id
X-Tumblr-Pixel-3
Heartbleed
IBM-Web2-Location
Locale
Cache-Host
Is-Eu
X-Up
X-Urbn-Context-Path
Fastly-Backend-Name
X-Wikidot-Static-Cache
X-Wikidot-Backend
Country-Code
X-VServer
X-Urbn-Site-Id
X-Variation
X-Varnish-Authentication
X-Trace-Id
Kp-EeAlive
X-Request-URI
Platform
X-Servername
X-TrackingId
Pragrma
AKAMAI
Request-EU
Request-Country
Adler-Geo
X-SVT-ORM-RULES
Ohc-Cache-HIT
Mail-Subject
X-Swa-Ws
X-TH-Server
X-SVT-ORM-VERSION
X-COUNTRY
X-UPSTREAM-Address
X-Edge-Location
X-TA-CDN-Provider
X-Block-Status
X-NU-AKA-ACS-Version
X-Fastly-Cache
X-Debug-Cache-Store
Web-Mar-Node
X-Hnp-Log
X-Debug-Cache-Expiry
X-Core-Value
X-Gen-Mode
X-Debug-Cache-Fetch
X-FW-Version
X-TT-LOGID
X-Thinkindot-L3
X-Micro-Cache
X-Matched-Rule
X-ServiceProvider
X-Service
X-Reboot
X-Server-W
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-WADP-Cache
X-Generated-On
X-We-Are-Hiring
X-Generation-Time
X-Irp-Debug
X-Level-Front-Cache
X-Trafficlayer-App-Version
X-Webstats-RespID
X-Req
Wxu-Next-Hostname
Thinkindot-Control
Wxu-Next-Region
Cdnsip
X-AK-Request-ID
Cdncip
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
PFcat
Memcached
FNAC-ModuleRouting
ServerName
Server-Host
X-BBXSRF
Wxu-Next-Commit
X-Clara-WADP
X-Cache-URL
X-Cache-Info
S-Cnection
X-Nginx-Cache
X-Cache-Bucket
X-Old-Content-Length
X-Render-Time
X-S-Maxage
X-Response-By
X-SERVER
X-Cache-Backend
X-App-Version
X-Wa
X-Lb-Id
RequestId
X-User
X-Refresh
X-CSRF-TOKEN
X-Key
Powered-By-ChinaCache
X-Internal-Host
X-Varnish-Cacheable
X-Sucuri-ID
X-Parent-Response-Time
X-Sucuri-Cache
Origin
X-NC
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-Developer
X-Location
X-Tb-Optimization-Total-Bytes-Saved
User-Agent
X-Node-Id
X-CF-Powered-By
X-Cache-Grace
X-LAGOON
X-Pjax-Url
X-Pf-Uncompressing
X-Device-Os
X-Sn-Servicetimems
X-Cdn-Origin
X-Cache-Status-Check
X-Ua
Hostname
X-CSRF-Token
X-Via-CDN
ProcessTime
Geoip-Latitude
Geoip-City
Memory
X-Ocache
X-Cdn-Forward
X-BACKEND-TTL
X-B3-Parentspanid
SRV
A
PICS-Label
X-NWS-UUID-VERIFY
On-Server
X-Ruxit-Js-Agent
X-FORWARDED-FOR
X-Request-Host
X-MSEdge-Features
TTL
X-MSEdge-Flight
X-NGINX-Cache
GeoIp-Country-Code
X-Correlation-ID
X-TIME
X-Vcl-Version
Cloudfront-Viewer-Country
X-Server-IP
XServer
X-Unique-ID
X-Oneagent-Js-Injection
X-Webkit-CSP
X-Servedbyhost
X-Litespeed-Cache
X-Varnish-Ttl
X-Varnish-URL
X-B3-SpanId
Resin-Trace
SN
Media-Length
M-TraceId
X-Cdn-Request-ID
Dnion-Transfer-Encoding
Tcn
X-Rocket-Nginx-Bypass
X-HS-Status
Host-ID
Cdn
CACHE
X-Ratelimit-Remaining
X-ServedByHost
X-Action
X-Beluga-Trace
X-Slack-Backend
Who
X-Beluga-Cache-Status
X-Cache-Ttl
X-Via-Ucdn
X-Beluga-Node
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Record
HostName
X-DSS
X-DW
X-Fastly-Country-Code
X-DB
X-DI
X-Dispatch
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Processor
X-RPM
X-Server-Time
Pramga
X-RPS
X-RSL
Arc-Country
X-Reqid
MIME-Version
X-AIR-PT
X-ND-Cache
X-Sucuri-Id
X-VCL-Version
X-Skip-Cache
GeoIP-Country-Code
Esi-Enabled
Pics-Label
Amp-Access-Control-Allow-Source-Origin
Ttl
Cdn-Request-Time
X-Policy
X-Served-From
X-Edge-Server
X-SRV
X-ABtesting
Fastly-Drupal-HTML
X-Planisys-CDN-Cache
X-Flog
X-Hello
Cdn-Host
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-LiteSpeed-Cache-Control
NtCoent-Length
X-Oracle-Dms-Rid
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
CF-Cached-On
Section-Io-Origin-Status
Section-Io-Id
N-Cache
X-Bc-Bl
X-Azure-Ref-OriginShield
X-Varnish-Url
X-DevSite-Last-Modified
X-Request-Start
GeoIP-Latitude
GeoIP-City
X-VarnishDD-TTL
X-DC
X-PF-Uncompressing
X-FPC
X-Ratelimit-Limit
Rt-Proxy-Cache
X-Newrelic-App-Data
X-APP
X-PJAX-URL
Trailer
Fusion-Deployment-Id
X-HostName
X-Fastly-Backend-Reqs
X-Backend-Host
X-Adobe-Source
X-Zone
WebServer
X-Bc
X-Swift-Error
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Cteonnt-Length
X-BE
X-Amzn-Remapped-Date
Magicmarker
Processtime
X-Amzn-Remapped-Connection
X-Dynatrace
X-ZONE
X-BC
X-Method
Servername
X-Dynatrace-Js-Agent
X-ID
X-LB-ID
Cache-Provider
CDN
X-Fmm-Version
X-WA
X-Scheme
FSS-Proxy
FSS-Cache
X-WR-MODIFICATION
X-Frame-Option
CF-IPCountry
X-Branch-Name
Requestid
X-StackifyID
X-Fpc
Dynatrace
X-Snapshot-Date
Ohc-Response-Time
X-CACHE-AGE
X-SN
X-App
X-Svr
Lb
L
X-Cache-Id
WZWS-RAY
X-Esi-Check
X-Tid
X-Compress-Hint
X-Be
X-Aicache-OS
Warning
D-Cc-Upstream
X-Cc-Req-Id
X-Apw-Access-Action
X-SB
V-Cache
X-Fastly-Cache-Hits
X-Request-Url
X-Cc-Via
X-VC
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Hits
X-Node-ID
X-Litespeed-Cache-Control
Lfy
X-GEO
CloudFront-Viewer-Country
SD-X-WS
X-Gzip
X-SD-PageType
X-Cache-NGX
SID
Backend-Name
Release
Correlation-Id
X-Check-Cacheable
Cneonction
X-Varnish-Beresp-TTL
X-WPE-Loopback-Upstream-Addr
X-Worker
X-Fastly-Cache-Status
X-ElasticPress-Search
Vix-Hermes-Req-Id
WP-Super-Cache
X-Powered-Y
X-Request-URL
Sid