Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Xss-Protection
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
P3p
Xkey
X-Pass-Why
X-Cache-Group
X-Envoy-Upstream-Service-Time
X-AH-Environment
CF-Ray
X-Backend
X-Via
X-Ua-Compatible
X-Age
X-Server
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Host
X-Device
X-Dns-Prefetch-Control
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
X-Node
X-Ac
Content-Location
Surrogate-Control
X-Vhost
X-Readtime
X-Cloud-Trace-Context
Request-Id
X-Backend-Server
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
X-Ruxit-JS-Agent
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
X-TTL
X-DynaTrace
X-Instart-Request-ID
Accept-Ch
X-Varnish-TTL
X-Goog-Hash
X-TtlSet
X-FTR-Request-ID
X-PC
X-Vname
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
Content-MD5
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-Exp-Id
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-GitHub-Request-Id
X-Kinja
X-Exp-Variant
Edge-Cache-Tag
RTSS
AR-CACHE
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-Amz-Server-Side-Encryption
X-Vcache
Charset
X-NF-Request-ID
X-Cached
X-Accel-Expires
X-Middleton-Response
X-Sol
Response
Pagespeed
Display
X-Middleton-Display
X-MSEdge-Ref
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-Amz-Rid
X-TEC-API-VERSION
X-TEC-API-ROOT
Arr-Disable-Session-Affinity
X-Fastcgi-Cache
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
TCN
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Cdn
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
S
X-DynaTrace-JS-Agent
Nginx-Cache
X-Shard
X-Upstream
SPRequestDuration
SPIisLatency
X-Id
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Amzn-Trace-Id
X-Edge-O15-RID
X-Grace
X-T
X-Amz-Meta-S3cmd-Attrs
Nel
Front-End-Https
DynaTrace
X-Recruiting
X-Hits
Fastcgi-Cache
X-Aspnet-Version
X-Varnish-Age
ServerID
X-Server-ID
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-Node-Name
X-DIS-Request-ID
X-Element-Page-Cache
X-Mobile-URL
X-Cache-TTL
X-FTR-Cache-Status
X-FTR-Expires
NR-ENABLED
X-Country-Code-Real
X-Jurisdiction
X-Content-Digest
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
Powered
X-Goog-Generation
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-GUploader-UploadID
X-Frontend
X-Goog-Storage-Class
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Backend
Server-Node
Alternate-Protocol
Server-Name
TP-L2-Cache
TP-Cache
X-Logged-In
X-Correlation-Id
X-Request-Received
X-Request-Processing-Time
AMP-Access-Control-Allow-Source-Origin
X-Microsite
X-Request-Handler-Origin-Region
X-Webkit-Csp
Backend-Timing
X-ATS-Timestamp
Upgrade-Insecure-Requests
X-XRDS-LOCATION
X-Amzn-RequestId
X-Cache-Hit
X-Amz-Apigw-Id
X-Content-Options
X-Page-Id
Refresh
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Akamai-Edgescape
X-User-Agent
X-Revision
X-F-Cache
X-Rid
X-Type
X-Varnish-Grace
X-CST
X-XRDS-Location
X-Zen-Fury
Fastly-Restarts
X-Content-Powered-By
X-B3-Sampled
X-LB-Cache
X-B
X-Shield-Request-Id
X-Geo-Country
X-URL
X-Az
X-AppVersion
X-Activity-Id
X-FTR-Cache-Host
PB-RID
PB-PID
X-N
Arc-Version
X-Mobile-Rewrite
Cache-Status
X-Kinsta-Cache
X-Pad
X-Webapp-Samesite-None-Activated-N
X-Cache-Age
X-TT
X-Instance
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Jobs
X-Framework
X-App-Environment
Actual-Object-TTL
X-Tumblr-Pixel
X-Tumblr-User
X-Signature
Paypal-Debug-Id
X-B-Cache
X-Request-Guid
X-Time
X-Tumblr-Pixel-0
Access-Control-Allow-Method
X-Debug-Info
X-Cache-Action
X-FB-Debug
DC
X-PHP-Backend
X-Load-Cache
X-Analytics
X-Cached-By
X-Git-Hash
X-RateLimit-Remaining
X-Erf-Bev-Bev
X-Varnish-Backend
X-Tt-Trace-Tag
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
Fastcgi-Useragent
Host-Header
X-Tt-Trace-Host
X-Amz-Replication-Status
X-IPLB-Instance
X-Contextid
MS-CV
FilterID
X-ATG-Version
X-SS-Set-Cookie
X-WA-Info
X-Cluster
Tracecode
X-Cache-Key
Host
NGB
X-Accel-Buffering
X-Response-Served-From
WPE-Backend
X-Mobile
X-Host-Name
X-Cache-NE
Payment
X-Region
X-Kong-Proxy-Latency
X-FW-Hash
X-Via-JSL
X-Varnish-Server
X-FW-Type
X-Kong-Upstream-Latency
X-Srv
Frame-Options
X-FW-Static
Xserver
X-FW-Server
Eomportal-Instance
Source
X-FW-Serve
X-Cache-2
X-Cache-Enabled
X-Varnish-Hostname
Cache-Tv-Group
X-Cacheable-TTL
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-GeoIP
X-IPS-LoggedIn
X-Rendered-As
Filters
X-Is-Bot
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Adobe-Loc
X-Cache-Rule
X-Cache-Operation
X-Adobe-Content
X-NewRelic-App-Data
X-RequestSource
X-TX-ID
X-Origin-Response-Time
X-NWS-LOG-UUID
X-EdgeConnect-Cache-Status
X-Presslabs-Stats
X-Hostname
X-Seen-By
Retry-After
X-FastCGI-Cache
Cleartype
X-Ruxit-Js-Agent
X-VCache
Server-Info
X-Cache-TTL-Remaining
Accept-CH
X-RemovedCookies
X-ProcessESI
X-B3-Traceid
X-UA
X-HTML-Minification-Powered-By
Liferay-Portal
X-Dc
Cache
Datacenter
X-RTag
Ms-Operation-Id
X-Source
X-Cache-Control
X-Ttl
X-L-Path
X-Environment-Context
X-FireWall-Port
X-App-Server
Healthy
X-Endurance-Cache-Level
X-Cache-Server
X-Upgrade-Enabled
X-CACHE-KEY
From-Origin
Accept-CH-Lifetime
X-PressLabs-Stats
X-Handled-By
X-Status
Version
X-Backend-Name
X-Rule
X-Wix-Request-Id
X-Path-Route
X-RN-RSRV
X-Cache-Var
X-Cache-Var-Map
Meta-Geo
X-ES-SERVER
X-RateLimit-Limit
X-Proxy-Build
X-Timing-Wait
OT-Force-Account-Verify
Selected-Fe
X-Access
X-APP-VERSION
X-Tb
X-Format
X-Section
X-ShardId
X-Proto
X-EIG-Tracking-Id
X-Storage
X-Request-Time
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-RegionName
Srv
Azure-Version
Cache-Tags
X-Alternate-Cache-Key
X-Goog-Meta-Goog-Reserved-File-Mtime
Mn-Server-Ip
X-Akamai-Request-ID
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-ShopId
X-PCL
X-Sorting-Hat-PodId
X-Content-Age
Akamai-GRN
X-Shopify-Stage
X-OCL
X-Origin
X-Pubstack
X-ProxyCache-Status
X-MP-GENERATED-AT
Now
NGX
X-Hl-Ver
X-Human
X-Generated-By
Origin-Cache-Control
X-Akamai-Request-ID2
X-BYPASS-REASON
Origin-Edge-Control
Decoy-Debug-TTL
Decoy-Debug-Status
X-LJ-Flow-ID
X-Qloud-Router
X-Proxy
X-JoinUs
X-Hyper-Cache
Decoy-Debug-Key
DB-Nickname
X-Cache-Host
X-ProxyCache-Key
X-Proxy-Cache-Status
Node
Ec-Rule-Version
X-Debug-Cache
S-Rt
X-Cluster-Node
X-Time-Microsecs
X-Yottaa-Optimizations
X-Vgn-Hpd-Reason
X-NYM-Debug-Backend
X-Web-Node
X-FC-Vary-Parameters
X-Cache-Config
X-Viewer-Country
X-VWS-Id
X-Soup
X-UUID
X-AWS-Id
X-SaId
X-Redis-Cache
X-Hosted-By
X-ServerID
X-FW-Dynamic
X-Yottaa-Metrics
X-BCube-Filmed-By
X-Detected-As
TWC-GeoIP-LatLong
X-Say-TTL
TWC-Locale-Group
X-CCM
X-Www-Served-By
TWC-Privacy
TWC-Connection-Speed
TWC-GeoIP-Country
X-Generated
Property-Id
TWC-Device-Class
Webcakes-App-Name
Cross-Origin-Window-Policy
X-IP
X-Locale
X-Varnish-Hits
X-SayCDN-TTL
Webcakes-App-Version
X-Say-Cacheable
Webcakes-Region
X-Site-Version
X-Origin-Hint
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-FB-TRIP-ID
X-Xfnlog-Site
X-Loop
X-Amzn-Remapped-Content-Length
X-Akamai-Transformed
GEO-INFO
Accept-Charset
X-TNCMS
L5d-Success-Class
X-NCache
X-CS
Cache-Name
Viewport
Uber-Trace-Id
X-Esi
X-Drupal-Cache-Tags
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
Webserver
X-Unique-Id
Time
X-UA-Device-Type
Cache-Key
X-Cache-Remote
Mime-Version
X-UnsetCookies
X-From
X-Mode
VIX-Pulpo-Node
Accept-Language
VIX-Pulpo-Upstream-Status
X-Forwarded-Host
X-Origin-TTL
X-Origin-CC
Rt-Fastcgi-Cache
X-Drupal-Cache-Contexts
Country
X-Backend-TTL
X-Cluster-Name
X-CDN-Forward
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Info
X-TT-TIMESTAMP
X-Microcachable
X-Whom
X-NGENIX-Cache
X-Edge-Location
X-CLOUD-TRACE-CONTEXT
X-Varnish-Cache-Hits
X-Magnolia-Registration
X-PERF
X-ApacheServer
X-B3-Spanid
X-Daa-Tunnel
Content-Disposition
ServedBy
X-Geo
X-UPSTREAM-Address
X-EC-Lua
Proxy-Connection
Ohc-File-Size
X-Proxied
X-Device-Type
Ohc-Cache-HIT
X-Zipkin-Id
X-Routing-Service
X-No-Session
Cf-Ipcountry
X-Via-Fastly
X-Uri
X-Nc
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Sigma
X-Connection-Hash
X-Sigma-Backend
X-D
X-DPWN-IS-SECURE
Rendered-Blocks
X-Request-UUID
X-Rocket-Build-Number
X-ScT
T-Server
X-Session-Fingerprint
X-S-Cookie
X-S
X-Date
X-Rojux
X-Rewrite-Enabled
X-External-Request-Id
MD5-Digest
AsisCache
BehaviorPad-Version
X-GeoIP-Country-Code
X-Geo-Header
Apple-News-Services-Host
Apple-News-Services-Request-Url
Apple-News-Services-Handled
X-Destination
Machine
Content-Style-Type
Apple-News-Services-Parsed-Url
Fastcgi-X-Cache-Version
Content-Script-Type
Mobile-Detection-Method
X-G
Meta-Geo-Continent
GEO-REGION-INFO
X-Region-Sid
X-VG-WebCache
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-TLSProxy
X-Vdms-Version
X-A-Wwc
VivaBuild
X-Twitter-Response-Tags
X-Aed
Viewtype
X-B-Cookie
X-A-Ccd
X-A
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Trv-Group
X-Application
X-Transaction
X-ARC
W
X-Accel-Expires-Debug
Xc-Version
Geo-Info
HitType
X-C
X-PHP-Host
User-Cache-Control
X-Labrador-Cache-Channel
X-Auto-Login
X-Bip
X-Thanos
X-Hit
X-Contensis-Viewer-Groups
X-TrackingId
X-Wikidot-Backend
X-Agile-Id
X-Wikidot-Static-Cache
IsBot
X-Developers
Locid
X-SIPLIST1
CDCHOST
Section-Io-Cache
X-App-Name
HA-Ipaddr
X-Cache-Debug
X-Cache-ASPX
X-WebServer
Fastly-Soc-X-Request-Id
X-CGP
Server-Cache-Control
X-Varnish-Authentication
X-Logging-Id
X-Eu-Site
X-Agile
X-CUA
X-Backend-State
Powered-By
X-VC-Cache
X-Tumblr-Pixel-3
Server-Surrogate-Control
X-Agile-Age
Gh-Request-Id
X-Real-IP
Environment
X-Distil-CS
Ha-Gx-Prefs
X-App-Version
X-Cache-Time
X-GoCache-CacheStatus
X-Cache-Backend
X-Dispatcher-Server
X-Debug-Cache-Store
X-Cache-URL
X-Cdn-Srv
X-Distributor
X-Cache-Info
X-Cache-Bucket
X-Block-Status
X-BBXSRF
X-Clara-WADP
X-Debug-Cookies
X-Azure-Ref
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Cms-Context
X-Core-Mission
X-Debug-Log
X-Instart-Isnd
X-Urbn-Context-Path
X-Clientip
X-Urbn-Site-Id
X-WADP-Cache
Fastly-SWR
X-Webstats-RespID
X-TT-LOGID
X-Trace-Id
X-Server-W
X-Request-URI
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Swa-Ws
X-SVT-ORM-VERSION
X-Rebelmouse-Surrogate-Control
Access-Control-Request-Headers
X-TH-Server
X-LI-UUID
X-User
X-VServer
X-We-Are-Hiring
Fastly-SIE
X-LI-Proto
X-Li-Pop
IBM-Web2-Location
Fastly-SSL
Memcached
X-FW-Version
X-Li-Fabric
X-Render-Time
X-RateLimit-Remaining-Second
X-IN-APIGATEWAY
X-Hnp-Log
X-IN-APIGATEWAYSSL
Countrycode
X-AK-Request-ID
X-Irp-Debug
X-Hash
X-GeoIP-City
X-Gamma-Serve
X-Fastly-Cache
X-Gen-Mode
X-Generated-In
X-Generation-Time
X-Key
X-Micro-Cache
X-OVcl-Cache
X-OVcl
X-Owner
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-Rebelmouse-Cache-Control
X-Origin-Expires
X-Origin-Date
X-Ms-Version
X-Ms-Request-Id
X-Nginx-Cache-Key
X-NodeID
X-NX-Host
X-Epic-Correlation-Id
X-Fetched-On
Mail-Subject
Kp-EeAlive
Heartbleed
Request-Country
Request-EU
Server-ID
RNT-Time
RNT-Machine
Fastly-Backend-Name
Country-Code
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
AKAMAI
Cache-Host
Cdnsip
Cdncip
Server-Int
Locale
Web-Mar-Node
True-Client-Country-4JS
We-Hiring
V-Age
X-Oneagent-Js-Injection
Wxu-Next-Region
Wxu-Next-Hostname
X-Service
X-Level-Front-Cache
X-Variation
Wxu-Next-Commit
FNAC-ModuleRouting
X-Old-Content-Length
X-Matched-Rule
X-Trafficlayer-App-Version
X-TA-CDN-Provider
ServerName
X-Generated-On
X-Platform-Server
X-Thinkindot-L3
X-Reboot
X-Up
X-Internal-Host
X-Has-Esi
X-Cache-Tags
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Server-Host
X-JWT-State
X-Is-Gdpr
X-Servername
Thinkindot-Control
X-Req
Adler-Geo
X-NU-AKA-ACS-Version
Is-Eu
PFcat
X-Core-Value
X-ServiceProvider
Platform
X-Nginx-Cache
X-Lb-Id
X-S-Maxage
X-Location
Cache-Hits
X-Response-By
X-SERVER
RequestId
X-Refresh
X-Air-Hostname
X-B3-Parentspanid
Group
X-Var-Ttl
X-Parent-Response-Time
X-Tb-Optimization-Total-Bytes-Saved
Pragrma
X-Cache-Expired-At
X-Cdn-Forward
Filterid
X-Tec-Api-Origin
ProcessTime
Memory
X-Tec-Api-Root
X-B3-SpanId
S-Cnection
X-Tec-Api-Version
X-BACKEND-TTL
X-CSRF-TOKEN
Powered-By-ChinaCache
X-CF-Powered-By
X-Pjax-Url
X-CSRF-Token
X-Server-IP
User-Agent
Origin
X-Wa
X-NC
TTL
Geoip-Latitude
X-Pf-Uncompressing
X-Ua
X-Correlation-ID
SRV
X-Unique-ID
X-Sucuri-ID
X-Cdn-Request-ID
X-Vcl-Version
Geoip-City
X-Varnish-Cacheable
GeoIp-Country-Code
Media-Length
X-NWS-UUID-VERIFY
X-NGINX-Cache
X-COUNTRY
X-Via-CDN
PICS-Label
X-Sucuri-Id
X-Developer
X-Cdn-Origin
X-Sn-Servicetimems
X-Ocache
X-Cache-Grace
X-Node-Id
X-Servedbyhost
X-LAGOON
X-Device-Os
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
SN
X-Litespeed-Cache
X-Webkit-CSP
X-Reqid
M-TraceId
X-Varnish-Ttl
Esi-Enabled
X-AIR-PT
X-Via-Ucdn
On-Server
XServer
X-TIME
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
A
X-HS-Status
X-Planisys-CDN-TTL
Tcn
X-MSEdge-Features
X-MSEdge-Flight
X-Request-Host
X-Policy
X-Cache-Status-Check
X-FORWARDED-FOR
X-Request-Start
Cdn
X-Azure-Ref-OriginShield
Cloudfront-Viewer-Country
Hostname
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
HostName
X-Ratelimit-Remaining
Resin-Trace
Who
X-Beluga-Status
X-ServedByHost
X-Beluga-Trace
X-Cache-Ttl
X-Beluga-Response-Time
X-Beluga-Cache-Status
Rt-Proxy-Cache
X-Beluga-Node
X-Fastly-Country-Code
X-Beluga-Record
X-Ftr-Cache-Host
X-VHOST
Magicmarker
Pics-Label
X-Varnish-URL
X-Method
Host-ID
CF-Cached-On
NtCoent-Length
X-VCL-Version
Cteonnt-Length
GeoIP-Country-Code
X-APP
X-Oracle-Dms-Rid
MIME-Version
X-Varnish-Url
X-Fastly-Backend-Reqs
X-Zone
X-Bc
X-Slack-Backend
GeoIP-Latitude
Ttl
X-DC
Load-Balancing
X-LiteSpeed-Cache-Control
GeoIP-City
X-DB
X-Be
X-Action
X-RPS
X-RSL
X-DSS
X-RPM
X-DI
X-DW
X-VarnishDD-TTL
X-PF-Uncompressing
CACHE
Ohc-Response-Time
X-Svr
X-Ratelimit-Limit
X-Newrelic-App-Data
X-HostName
X-PAYTM-SRV-ID
X-Processor
X-FPC
X-Ftr-Request-Id
DSUID
X-PJAX-URL
X-Swift-Error
Pramga
Arc-Country
Amp-Access-Control-Allow-Source-Origin
X-Cache-FS-Status
X-Dispatch
X-Server-Time
X-SRV
WebServer
Vix-Hermes-Req-Id
X-Skip-Cache
Release
X-VCT
X-MServer
Processtime
X-Hello
X-Flog
X-ABtesting
X-Hp-Ccpa-Warning
X-ND-Cache
X-BE
X-Dynatrace
X-WR-MODIFICATION
X-Dynatrace-Js-Agent
Servername
X-WA
X-Served-From
X-ID
Cdn-Request-Time
Cache-Provider
X-Tid
X-Configured-By
X-Edge-Server
N-Cache
Cdn-Host
X-Aicache-OS
Fastly-Drupal-HTML
X-DevSite-Last-Modified
X-Frame-Option
X-StackifyID
CDN
X-Upstream-Ht
X-Ftr-Balancer
X-ZONE
X-Ftr-Dc
Pagetype
X-Ftr-Realm
Dynatrace
X-Upstream-Ct
X-Bc-Bl
X-Snapshot-Date
X-Ftr-Backend
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
CF-IPCountry
X-Fastly-Cache-Hits
Requestid
Lfy
X-LB-ID
X-Ftr-Backend-Server
X-SD-PageType
SD-X-WS
X-Branch-Name
X-CACHE-AGE
X-Backend-Host
X-Cc-Via
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token
X-BC
X-Edge-IP
X-Cc-Req-Id
X-SN
L
X-Compress-Hint
X-Cache-Id
Proxy-Firewall
X-Varnish-Beresp-TTL
X-Request-Url
V-Cache
X-VC
X-SB
Warning
D-Cc-Upstream
X-Litespeed-Cache-Control
X-WPE-Loopback-Upstream-Addr
Lb
WZWS-RAY
X-Via-NSCOPI
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-App
X-ElasticPress-Search
X-Powered-Y
X-Request-URL
X-Check-Cacheable
WP-Super-Cache
X-Fastly-Cache-Status
Backend-Name
Correlation-Id
X-Worker
X-Release
X-ServerName