Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
CF-Ray
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-DNS-Prefetch-Control
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
EagleId
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
X-UA-Device
Feature-Policy
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
X-Dns-Prefetch-Control
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
Rating
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-DynaTrace
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
Verso
Content-MD5
X-ESI
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Version
X-GitHub-Request-Id
X-Forwarded-Proto
X-MS-InvokeApp
RTSS
X-Vcache
X-Server-Name
X-Server-ID
X-B3-TraceId
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-Navigation-Version
X-MSEdge-Ref
Pagespeed
Response
X-Middleton-Display
X-Sol
Display
X-Amz-Rid
X-Middleton-Response
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
X-VARITI-CCR
X-Fastly-Request-ID
X-Cdn
Public-Key-Pins
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
X-Powered-CMS
X-Edge-O15-RID
X-Fastcgi-Cache
X-Client-IP
Cache-Tag
Realpath
X-Trace
X-Ser
Access-Control-Request-Method
X-Content-Type
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
SPRequestDuration
X-Amzn-Trace-Id
SPIisLatency
X-Shard
X-Upstream
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Id
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
X-Forwarded-For
S
Front-End-Https
X-Cache-TTL
X-Hits
Nel
X-Amz-Meta-S3cmd-Attrs
X-T
Fastcgi-Cache
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Dw-Request-Base-Id
X-Varnish-Age
X-Content-Digest
MicrosoftSharePointTeamServices
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Mobile-URL
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
ServerID
X-DIS-Request-ID
X-CST
NR-ENABLED
Server-Node
TP-Cache
TP-L2-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Frontend
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
Powered
X-Logged-In
Alternate-Protocol
X-Correlation-Id
Server-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-XRDS-Location
Fastly-Restarts
X-Cache-Hit
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-User-Agent
X-Content-Options
X-Zen-Fury
X-Request-Processing-Time
X-Request-Received
X-Content-Security-Policy-Report-Only
Refresh
X-F-Cache
X-Origin-Server
X-Varnish-Grace
X-Rid
X-Akamai-Edgescape
X-Revision
X-Content-Powered-By
X-LB-Cache
X-B
X-Type
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-XRDS-LOCATION
X-B3-Sampled
X-Geo-Country
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
X-Kinsta-Cache
X-N
X-TT
X-Cache-Action
X-NWS-LOG-UUID
X-AOL-HN
X-Jobs
X-Request-Guid
X-Signature
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Framework
X-Cache-Age
X-B-Cache
X-Debug-Info
X-Cached-By
Actual-Object-TTL
X-PHP-Backend
X-FB-Debug
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Git-Hash
X-App-Environment
Paypal-Debug-Id
X-Load-Cache
X-Tumblr-User
X-Time
X-URL
X-Tt-Trace-Host
X-Tt-Trace-Tag
Fastcgi-Useragent
X-Amz-Replication-Status
X-Pad
X-FastCGI-Cache
X-Webkit-Csp
DC
X-Varnish-Backend
Host-Header
X-RateLimit-Remaining
X-WA-Info
X-Shield-Request-Id
Host
X-ATG-Version
MS-CV
Surrogate-Key
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Contextid
X-IPLB-Instance
X-Via-JSL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Cache-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
Retry-After
Frame-Options
NGB
X-Accel-Buffering
X-Response-Served-From
Payment
X-Presslabs-Stats
X-Cache-NE
X-NewRelic-App-Data
X-B3-Traceid
Source
X-Hostname
X-Origin-Response-Time
X-Varnish-Server
X-SS-Set-Cookie
X-Region
Eomportal-Instance
X-Cache-2
X-IPS-LoggedIn
X-Is-Bot
X-Srv
X-Cacheable-TTL
X-FW-Server
X-GeoIP
X-Seen-By
X-FW-Serve
Liferay-Portal
WPE-Backend
Filters
X-FW-Hash
X-FW-Static
X-Rendered-As
X-FW-Type
Tracecode
X-Cache-Enabled
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
X-Cluster
X-Varnish-Hostname
Server-Info
X-Tumblr-Pixel-2
X-Cache-Rule
X-Tumblr-Pixel-1
X-Cache-Operation
X-RequestSource
FilterID
X-App-Server
X-ProcessESI
X-RemovedCookies
Xserver
X-EdgeConnect-Cache-Status
X-TX-ID
X-Cache-TTL-Remaining
X-Analytics
Accept-CH
Cleartype
X-FireWall-Port
X-Environment-Context
X-L-Path
X-Handled-By
X-RTag
Ms-Operation-Id
X-Upgrade-Enabled
X-Source
X-Ttl
X-UA
X-Endurance-Cache-Level
Accept-Charset
X-Webapp-Samesite-None-Activated-N
X-Dc
X-HTML-Minification-Powered-By
From-Origin
X-Cache-Server
X-Backend-Name
Srv
X-APP-VERSION
Accept-CH-Lifetime
X-CACHE-KEY
Datacenter
X-UUID
X-Cache-Var
GEO-INFO
Meta-Geo
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
X-Access
X-Section
X-Proxy-Build
X-Tb
X-Format
X-Timing-Wait
Selected-Fe
OT-Force-Account-Verify
Healthy
X-Wix-Request-Id
X-Cache-Config
Mn-Server-Ip
Cache-Tags
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PCL
X-OCL
X-FC-Vary-Parameters
X-Content-Age
X-Akamai-Request-ID
X-Proto
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Request-Time
X-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-JoinUs
X-Yottaa-Optimizations
Ec-Rule-Version
X-LJ-Flow-ID
X-BYPASS-REASON
X-Soup
X-Vgn-Hpd-Reason
X-Debug-Cache
X-Akamai-Request-ID2
Akamai-GRN
X-Proxy-Cache-Status
X-Hl-Ver
X-VWS-Id
X-Status
Origin-Edge-Control
X-Human
X-Yottaa-Metrics
X-SaId
X-Say-Cacheable
X-ProxyCache-Key
X-ProxyCache-Status
Origin-Cache-Control
X-AWS-Id
X-Qloud-Router
X-Say-TTL
X-Origin
Node
NGX
X-ServerID
X-Web-Node
X-SayCDN-TTL
X-NYM-Debug-Backend
X-Viewer-Country
X-Detected-As
X-Redis-Cache
X-CCM
Cross-Origin-Window-Policy
Now
Decoy-Debug-Key
Decoy-Debug-Status
X-BCube-Filmed-By
X-Hosted-By
Decoy-Debug-TTL
X-Hyper-Cache
X-Akamai-Transformed
X-Site-Version
X-Loop
X-Locale
X-MP-GENERATED-AT
X-Unique-Id
X-Pubstack
Version
X-Proxy
X-FB-TRIP-ID
X-Storage
X-Generated-By
X-Generated
X-FW-Dynamic
X-TNCMS
X-Www-Served-By
X-Time-Microsecs
DB-Nickname
Webcakes-Region
X-Xfnlog-Site
Webcakes-App-Version
X-Amzn-Remapped-Content-Length
X-Varnish-Hits
X-IP
X-Origin-Hint
X-RCS-CacheZone
X-R9-Blue-Green-Version
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Webcakes-App-Name
TWC-Privacy
TWC-Connection-Speed
S-Rt
Property-Id
X-Daa-Tunnel
TWC-Device-Class
TWC-GeoIP-Country
TWC-Locale-Group
TWC-GeoIP-LatLong
X-NCache
X-Whom
X-PressLabs-Stats
X-Cluster-Node
X-RateLimit-Limit
Cache-Key
X-Cache-Control
X-Cache-Host
X-VCache
X-UA-Device-Type
Cache
X-Rule
X-Esi
X-NGENIX-Cache
X-Backend-TTL
X-Drupal-Cache-Tags
X-Mode
X-Forwarded-Host
L5d-Success-Class
Section-Io-Cache
Webserver
X-CDN-Forward
X-UnsetCookies
X-Info
Time
Content-Disposition
Cache-Name
Viewport
X-CS
Rt-Fastcgi-Cache
X-B3-Spanid
X-Origin-CC
X-Varnish-Cache-Hits
X-ApacheServer
Accept-Language
X-PERF
X-Origin-TTL
Uber-Trace-Id
ServedBy
Country
X-Newrelic-Synthetics
Mime-Version
X-Cache-Remote
Odigeo-Trace-Id
X-Zipkin-Id
X-Device-Type
X-Routing-Service
X-Proxied
X-Magnolia-Registration
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
X-From
X-Uri
Filterid
Proxy-Connection
X-Cluster-Name
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
HitType
X-Real-IP
X-Microcachable
X-TT-TIMESTAMP
X-Geo
Cf-Ipcountry
T-Server
AsisCache
Apple-News-Services-Host
Apple-News-Services-Request-Url
Meta-Geo-Continent
Rendered-Blocks
Mobile-Detection-Method
BehaviorPad-Version
GEO-REGION-INFO
Apple-News-Services-Handled
MD5-Digest
Apple-News-Services-Parsed-Url
Fastcgi-X-Cache-Version
Content-Script-Type
Content-Style-Type
Machine
X-CF-Lambda-Fn
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Sigma
X-S
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-GeoIP-Country-Code
X-Geo-Header
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
VivaBuild
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
W
X-Accel-Expires-Debug
X-Aed
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-D
X-Connection-Hash
X-Application
X-ARC
X-B-Cookie
X-CF-Lambda-Version
Viewtype
X-Date
Group
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Ohc-File-Size
User-Cache-Control
X-Cache-Time
X-Labrador-Cache-Channel
X-PHP-Host
Geo-Info
X-Nc
X-C
X-Agile
Powered-By
X-Agile-Id
X-Agile-Age
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
Fastly-SIE
Environment
Fastly-SWR
X-App-Name
IsBot
HA-Ipaddr
Locid
X-Bip
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Logging-Id
X-Thanos
X-TrackingId
X-WebServer
X-VC-Cache
X-Var-Ttl
X-Hit
X-Eu-Site
X-Cache-Expired-At
X-Cache-Debug
Countrycode
X-CGP
X-Clientip
X-Distil-CS
X-Developers
X-CUA
X-Backend-State
X-Rebelmouse-Cache-Control
CDCHOST
Cache-Hits
X-GoCache-CacheStatus
X-Tec-Api-Version
X-Tec-Api-Root
Fastly-SSL
X-Tec-Api-Origin
X-Hash
X-Has-Esi
X-Gen-Mode
X-Generated-In
X-GeoIP-City
X-IN-APIGATEWAY
X-Is-Gdpr
X-JWT-State
X-Instart-Isnd
X-Li-Fabric
X-Gamma-Serve
X-IN-APIGATEWAYSSL
X-Hnp-Log
X-Distributor
X-Cache-ASPX
X-Cache-Tags
X-Block-Status
X-Azure-Ref
X-Air-Hostname
X-Auto-Login
X-Cms-Context
X-Contensis-Viewer-Groups
X-Li-Pop
X-Epic-Correlation-Id
X-Dispatcher-Server
X-Debug-Log
X-Core-Mission
X-Debug-Cookies
X-Fetched-On
X-LI-UUID
X-Up
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Tumblr-Pixel-3
X-Trace-Id
X-Swa-Ws
X-TH-Server
X-Variation
X-Varnish-Authentication
X-OVcl
X-OVcl-Cache
X-Cdn-Srv
X-Wikidot-Static-Cache
X-VServer
X-Wikidot-Backend
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-NodeID
X-NU-AKA-ACS-Version
X-NX-Host
X-No-Session
X-Nginx-Cache-Key
X-Ms-Request-Id
X-Ms-Version
X-Origin-Date
X-Origin-Expires
X-RateLimit-Remaining-Second
X-Request-URI
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Owner
X-Platform-Server
X-LI-Proto
X-Servername
Request-EU
True-Client-Country-4JS
Request-Country
Server-Surrogate-Control
We-Hiring
RNT-Machine
RNT-Time
Fastly-Backend-Name
V-Age
Server-Cache-Control
Cache-Host
Server-Int
Web-Mar-Node
Pragrma
Heartbleed
Kp-EeAlive
Platform
Country-Code
Locale
IBM-Web2-Location
Adler-Geo
Gh-Request-Id
Is-Eu
AKAMAI
Mail-Subject
X-Edge-Location
Ohc-Cache-HIT
FNAC-ModuleRouting
Server-ID
X-Thinkindot-L3
X-ServiceProvider
Thinkindot-CacheControl
ServerName
X-Debug-Cache-Store
X-Generation-Time
X-Reboot
PFcat
X-Level-Front-Cache
X-Matched-Rule
X-Req
X-Debug-Cache-Fetch
X-Service
X-Server-W
X-FW-Version
X-Generated-On
Server-Host
X-Trafficlayer-App-Name
X-WADP-Cache
X-Debug-Cache-Expiry
X-BBXSRF
Memcached
X-Webstats-RespID
X-We-Are-Hiring
X-Cache-Bucket
X-Cache-Info
X-AK-Request-ID
X-Clara-WADP
X-Irp-Debug
X-Micro-Cache
X-Cache-URL
Cdnsip
Cdncip
X-Fastly-Cache
S-Cnection
Wxu-Next-Commit
X-Trafficlayer-App-Version
Wxu-Next-Hostname
X-TT-LOGID
X-Trafficlayer-App-Scope
Thinkindot-CacheControl-Type
X-Core-Value
Wxu-Next-Region
Thinkindot-Control
X-UPSTREAM-Address
X-VHOST
X-Lb-Id
X-Old-Content-Length
X-Response-By
X-S-Maxage
X-SERVER
X-App-Version
X-Refresh
X-Varnish-Cacheable
X-NC
X-Nginx-Cache
X-Render-Time
X-Wa
X-Sucuri-ID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Cache-Backend
X-User
X-CSRF-TOKEN
RequestId
Powered-By-ChinaCache
X-Developer
X-Node-Id
User-Agent
X-Key
X-Internal-Host
X-Ua-Device
X-Cache-Status-Check
X-Parent-Response-Time
X-Cdn-Origin
Hostname
X-Sucuri-Cache
X-LAGOON
Origin
X-Cache-Grace
X-Sn-Servicetimems
X-Device-Os
X-NWS-UUID-VERIFY
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
X-CF-Powered-By
X-Pf-Uncompressing
X-Location
X-Ocache
X-CSRF-Token
A
On-Server
Geoip-City
X-TA-CDN-Provider
X-Ua
Geoip-Latitude
X-Via-CDN
X-NGINX-Cache
SRV
Memory
GeoIp-Country-Code
X-Request-Host
Cloudfront-Viewer-Country
X-MSEdge-Flight
X-MSEdge-Features
PICS-Label
ProcessTime
X-B3-Parentspanid
X-BACKEND-TTL
X-Cdn-Forward
X-COUNTRY
X-Ruxit-Js-Agent
XServer
TTL
X-Vcl-Version
X-Webkit-CSP
X-Litespeed-Cache
X-Varnish-URL
X-Server-IP
X-Servedbyhost
Resin-Trace
X-Unique-ID
M-TraceId
X-Varnish-Ttl
X-TIME
X-Cdn-Request-ID
Media-Length
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
SN
Cdn
Tcn
X-Correlation-ID
X-FORWARDED-FOR
X-B3-SpanId
X-HS-Status
X-Slack-Backend
Host-ID
CACHE
X-Ratelimit-Remaining
X-Beluga-Status
X-Processor
X-ServedByHost
X-Server-Time
X-Cache-Ttl
X-Beluga-Response-Time
Arc-Country
X-Cache-FS-Status
Pramga
X-Beluga-Cache-Status
X-Beluga-Node
X-Dispatch
X-Beluga-Record
X-PAYTM-SRV-ID
X-Beluga-Trace
X-Action
Who
HostName
X-DSS
X-DI
X-RSL
X-DW
X-RPS
X-Skip-Cache
X-RPM
X-Via-Ucdn
X-DB
X-ND-Cache
X-VCL-Version
Section-Io-Id
X-Edge-Server
Section-Io-Origin-Time-Seconds
X-Fastly-Country-Code
Section-Origin-Responded
MIME-Version
X-Served-From
Fastly-Drupal-HTML
X-Reqid
NtCoent-Length
Cdn-Request-Time
Cdn-Host
Section-Io-Origin-Status
Ttl
X-Dynatrace-Js-Agent
X-DC
Pics-Label
X-ABtesting
Amp-Access-Control-Allow-Source-Origin
Esi-Enabled
X-DevSite-Last-Modified
X-AIR-PT
X-Flog
N-Cache
X-VarnishDD-TTL
X-Hello
GeoIP-Country-Code
X-Bc-Bl
X-Oracle-Dms-Rid
Fusion-Deployment-Id
X-Sucuri-Id
X-LiteSpeed-Cache-Control
X-Planisys-CDN-Rules
X-Policy
X-Planisys-CDN-Cache
GeoIP-City
X-Varnish-Url
X-Planisys-CDN-TTL
GeoIP-Latitude
CF-Cached-On
X-Adobe-Source
X-Azure-Ref-OriginShield
X-Zone
X-Backend-Host
X-Bc
X-APP
X-Request-Start
X-FPC
X-PF-Uncompressing
X-Ratelimit-Limit
X-PJAX-URL
X-HostName
Trailer
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Fastly-Backend-Reqs
Cache-Cookie-Set-Lfrom
WebServer
X-SRV
Rt-Proxy-Cache
X-Amzn-Remapped-Date
X-Dynatrace
X-Amzn-Remapped-Connection
X-BE
X-Scheme
Processtime
X-Fmm-Version
X-Newrelic-App-Data
X-Swift-Error
Servername
X-Fpc
Requestid
CDN
X-WA
Cteonnt-Length
Magicmarker
X-BC
X-Method
Cache-Provider
FSS-Proxy
FSS-Cache
X-ID
X-ZONE
X-WR-MODIFICATION
X-Frame-Option
X-LB-ID
X-Snapshot-Date
X-Branch-Name
X-Esi-Check
Dynatrace
CF-IPCountry
X-SN
X-StackifyID
L
X-Cache-Id
X-CACHE-AGE
X-Gzip
X-SD-PageType
WZWS-RAY
X-Cache-NGX
SD-X-WS
Release
Sid
Lb
X-Compress-Hint
X-Tid
V-Cache
X-SB
X-Fastly-Cache-Hits
X-Request-Url
X-Aicache-OS
X-VC
Ohc-Response-Time
X-Cc-Via
D-Cc-Upstream
X-Cc-Req-Id
Warning
X-Litespeed-Cache-Control
X-Node-ID
Load-Balancing
X-Worker
X-Varnish-Beresp-TTL
X-Svr
X-Be
LB
SID
X-Nananana
X-Instart-Info
X-ECACHE
X-VCT
Server-Id
X-Apw-Access-Token
X-Powered-Y
X-ElasticPress-Search
Cneonction
X-Request-URL
X-WPE-Loopback-Upstream-Addr
X-App
X-Fastly-Cache-Status
X-Apw-Access-Object
X-Apw-Access-Action
X-Check-Cacheable
X-Apw-Hits
WP-Super-Cache
X-GEO