Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
X-FRAME-OPTIONS
Status
X-Content-Security-Policy
Upgrade
X-CDN
Content-Encoding
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
X-Backend
CF-Ray
X-Server
X-Age
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Ws-Request-Id
X-Pingback
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-Server-Id
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-OneAgent-JS-Injection
X-Host
X-Device
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
X-Node
X-Dns-Prefetch-Control
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Cloud-Trace-Context
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-ORACLE-DMS-ECID
X-Cache-Lookup
Fusion-Component-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-RID
X-DataDome
X-Mod-Pagespeed
X-Ruxit-JS-Agent
NEL
X-Rack-Cache
Rating
Edge-Control
X-Country
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
X-Country-Code
X-DynaTrace
Accept-Ch
X-Instart-Request-ID
X-Varnish-TTL
X-FTR-Request-ID
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Content-MD5
Service-Worker-Allowed
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-GoogleNews-Bot
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
RTSS
Edge-Cache-Tag
X-D2id
X-Debug
Ar-Sid
AR-Request-ID
X-Px
AR-ATIME
AR-PoweredBy
AR-CACHE
X-Server-Name
X-Abt-Application-Version
X-Vcache
SPRequestGuid
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Cached
X-Accel-Expires
X-Middleton-Display
Response
Pagespeed
X-Middleton-Response
Display
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Sol
X-MSEdge-Ref
X-Vcap-Request-Id
X-Fastcgi-Cache
X-Amz-Rid
Arr-Disable-Session-Affinity
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
TCN
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-VARITI-CCR
Realpath
Public-Key-Pins
Cache-Tag
X-Client-IP
X-Cdn
Access-Control-Request-Method
X-Fastly-Request-ID
X-Ser
MS-Author-Via
Nginx-Cache
S
Nel
X-DynaTrace-JS-Agent
X-Shard
X-Upstream
SPIisLatency
SPRequestDuration
X-Id
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Ezoic-Cdn
X-Edge-O15-RID
X-Hp-Webp
X-Content-Type
X-Amzn-Trace-Id
X-Forwarded-For
X-T
X-Grace
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Hits
Front-End-Https
X-Recruiting
Fastcgi-Cache
X-Varnish-Age
X-Aspnet-Version
ServerID
X-Cache-TTL
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Node-Name
X-DIS-Request-ID
X-Mobile-URL
MicrosoftSharePointTeamServices
X-FTR-Cache-Status
X-Country-Code-Real
X-Jurisdiction
X-FTR-Expires
X-Content-Digest
NR-ENABLED
X-Server-ID
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-FTR-DC
X-FTR-Backend-Server
Powered
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-Frontend
Server-Node
Alternate-Protocol
TP-L2-Cache
TP-Cache
Server-Name
X-Logged-In
X-Correlation-Id
X-XRDS-LOCATION
X-Request-Processing-Time
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-Request-Handler-Origin-Region
X-Microsite
Upgrade-Insecure-Requests
X-ATS-Timestamp
Backend-Timing
X-Amzn-RequestId
X-CST
X-Amz-Apigw-Id
X-Cache-Hit
X-Content-Options
X-Page-Id
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-User-Agent
X-Akamai-Edgescape
X-Revision
X-F-Cache
X-Webkit-Csp
X-Rid
Refresh
X-Varnish-Grace
X-Type
Fastly-Restarts
X-Zen-Fury
X-XRDS-Location
X-Content-Powered-By
X-B3-Sampled
X-B
X-LB-Cache
X-Geo-Country
X-Shield-Request-Id
X-Activity-Id
X-FTR-Cache-Host
X-AppVersion
X-Az
PB-PID
PB-RID
Arc-Version
X-URL
X-Mobile-Rewrite
Cache-Status
X-N
X-Kinsta-Cache
X-Pad
X-Time
X-Cache-Age
X-TT
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Webapp-Samesite-None-Activated-N
X-Instance
X-B-Cache
X-Signature
X-Request-Guid
X-Tumblr-User
Paypal-Debug-Id
Actual-Object-TTL
X-Tumblr-Pixel-0
X-App-Environment
X-Tumblr-Pixel
X-Jobs
Access-Control-Allow-Method
X-Debug-Info
X-Cache-Action
X-FB-Debug
X-Framework
X-PHP-Backend
X-Load-Cache
DC
X-Cached-By
X-Git-Hash
X-RateLimit-Remaining
X-Analytics
X-Varnish-Backend
X-Tt-Trace-Tag
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Fastcgi-Useragent
X-Amz-Replication-Status
Host-Header
X-Tt-Trace-Host
X-Contextid
X-IPLB-Instance
MS-CV
X-ATG-Version
FilterID
X-SS-Set-Cookie
X-WA-Info
Tracecode
Host
X-Cluster
X-Mobile
NGB
X-Accel-Buffering
X-Response-Served-From
X-Via-JSL
WPE-Backend
X-Host-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-ORACLE-APMCS-TAG
Xserver
X-Cache-NE
X-ORACLE-APMCS-REQUEST-ID
X-Srv
Payment
X-Cache-Key
X-FW-Serve
X-Varnish-Server
Frame-Options
X-Cache-2
X-FW-Hash
Eomportal-Instance
X-FW-Server
X-Region
X-FW-Type
X-FW-Static
Source
X-Is-Bot
Filters
X-Cacheable-TTL
X-NWS-LOG-UUID
X-Varnish-Hostname
X-GeoIP
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Rendered-As
Cache-Tv-Group
X-IPS-LoggedIn
X-Cache-Enabled
X-Cache-Rule
X-Cache-Operation
X-Presslabs-Stats
X-Adobe-Loc
X-RequestSource
X-Adobe-Content
X-NewRelic-App-Data
X-TX-ID
X-Origin-Response-Time
X-Hostname
X-EdgeConnect-Cache-Status
X-Seen-By
Retry-After
Cleartype
Server-Info
X-Cache-TTL-Remaining
X-FastCGI-Cache
X-Ruxit-Js-Agent
X-UA
Liferay-Portal
X-RemovedCookies
X-VCache
X-ProcessESI
X-HTML-Minification-Powered-By
X-Dc
Accept-CH
Cache
X-B3-Traceid
Datacenter
X-RTag
Ms-Operation-Id
X-Source
X-App-Server
X-CACHE-KEY
X-L-Path
X-FireWall-Port
X-Environment-Context
X-Cache-Control
Healthy
X-Endurance-Cache-Level
X-Upgrade-Enabled
X-Cache-Server
X-Ttl
From-Origin
X-Handled-By
X-CLOUD-TRACE-CONTEXT
X-Backend-Name
X-Status
Accept-CH-Lifetime
X-APP-VERSION
Version
Meta-Geo
X-Wix-Request-Id
X-PressLabs-Stats
X-RN-RSRV
X-Path-Route
X-Rule
X-Cache-Var
X-ES-SERVER
X-Cache-Var-Map
X-Tb
X-Section
OT-Force-Account-Verify
Selected-Fe
X-Format
X-Proxy-Build
X-Timing-Wait
X-Access
X-RateLimit-Limit
X-Goog-Meta-Goog-Reserved-File-Mtime
Akamai-GRN
X-Proto
X-Request-Time
X-PCL
X-EIG-Tracking-Id
X-Storage
X-OCL
X-Origin
X-Content-Age
X-UUID
X-Shopify-Stage
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
Mn-Server-Ip
X-ShopId
X-ShardId
Azure-InstanceId
Azure-Version
Cache-Tags
Azure-SiteName
X-Sorting-Hat-PodId
Azure-SlotName
Azure-RegionName
X-Debug-Cache
X-ProxyCache-Key
X-Cache-Host
Origin-Edge-Control
X-Akamai-Request-ID2
NGX
Now
X-Cluster-Node
X-Proxy
Origin-Cache-Control
X-JoinUs
X-LJ-Flow-ID
X-Human
X-Hl-Ver
X-Generated-By
X-ProxyCache-Status
X-MP-GENERATED-AT
X-AWS-Id
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
X-BYPASS-REASON
X-Qloud-Router
X-Akamai-Request-ID
X-SaId
X-Web-Node
X-FW-Dynamic
X-Hosted-By
X-NYM-Debug-Backend
S-Rt
X-Yottaa-Optimizations
X-ServerID
X-Cache-Config
Ec-Rule-Version
Node
X-Redis-Cache
X-Time-Microsecs
X-Vgn-Hpd-Reason
X-VWS-Id
X-Viewer-Country
GEO-INFO
X-Pubstack
X-Proxy-Cache-Status
X-Yottaa-Metrics
X-Soup
X-FC-Vary-Parameters
X-Varnish-Hits
X-CCM
X-Site-Version
X-Say-TTL
X-Say-Cacheable
Property-Id
TWC-Device-Class
X-Generated
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Connection-Speed
Accept-Charset
X-Www-Served-By
TWC-GeoIP-Country
X-Detected-As
Cross-Origin-Window-Policy
X-Locale
X-BCube-Filmed-By
X-Origin-Hint
X-IP
X-Hyper-Cache
X-SayCDN-TTL
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
X-Loop
Srv
X-TNCMS
X-Akamai-Transformed
X-Xfnlog-Site
X-RCS-CacheZone
X-FB-TRIP-ID
L5d-Success-Class
X-NCache
X-CS
Cache-Name
X-Drupal-Cache-Tags
Viewport
Uber-Trace-Id
X-Unique-Id
Time
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Webserver
Cache-Key
X-Esi
X-UA-Device-Type
Mime-Version
X-UnsetCookies
X-Mode
X-Cache-Remote
X-Backend-TTL
X-Forwarded-Host
Accept-Language
X-From
Rt-Fastcgi-Cache
Country
VIX-Pulpo-Upstream-Status
X-CDN-Forward
VIX-Pulpo-Node
X-Origin-CC
X-Origin-TTL
X-Info
X-Daa-Tunnel
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Whom
X-Newrelic-Synthetics
Odigeo-Trace-Id
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-Microcachable
X-NGENIX-Cache
X-B3-Spanid
X-ApacheServer
X-PERF
X-Edge-Location
X-Geo
X-TT-TIMESTAMP
ServedBy
Content-Disposition
X-EC-Lua
Ohc-Cache-HIT
X-Device-Type
X-Routing-Service
X-Proxied
X-Zipkin-Id
Ohc-File-Size
Proxy-Connection
X-UPSTREAM-Address
X-Via-Fastly
X-Uri
X-No-Session
X-SRCache-Key
Apple-News-Services-Handled
Apple-News-Services-Host
BehaviorPad-Version
X-GeoIP-Country-Code
X-Transaction
AsisCache
Apple-News-Services-Request-Url
X-Accel-Expires-Debug
Apple-News-Services-Parsed-Url
X-G
X-Session-Fingerprint
X-Trv-Group
X-Region-Sid
X-Rocket-Build-Number
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-Geo-Header
X-Sigma
X-ScT
X-S-Cookie
Cf-Ipcountry
X-Sigma-Backend
X-VG-TLSProxy
X-B-Cookie
X-ARC
X-Application
Viewtype
T-Server
X-CF-Lambda-Fn
X-Connection-Hash
Rendered-Blocks
X-CF-Lambda-Version
VivaBuild
W
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Dam
Section-Io-Cache
X-Aed
X-A
X-A-Ccd
X-External-Request-Id
Mobile-Detection-Method
GEO-REGION-INFO
X-Vdms-Version
X-VG-WebCache
Fastcgi-X-Cache-Version
X-DPWN-IS-SECURE
X-Twitter-Response-Tags
Content-Script-Type
Content-Style-Type
Meta-Geo-Continent
X-VG-WebServer
MD5-Digest
X-D
Xc-Version
X-Date
Machine
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-Destination
User-Cache-Control
X-C
HitType
X-Nc
X-Labrador-Cache-Channel
X-PHP-Host
X-Developers
X-VC-Cache
HA-Ipaddr
Locid
IsBot
Fastly-Soc-X-Request-Id
Ha-Gx-Prefs
X-Distil-CS
CDCHOST
X-TrackingId
X-Tumblr-Pixel-3
X-Eu-Site
X-WebServer
Environment
X-Varnish-Authentication
X-Wikidot-Static-Cache
X-Auto-Login
X-Backend-State
X-Bip
X-App-Name
X-Agile-Id
X-Agile
X-Agile-Age
Server-Surrogate-Control
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-CUA
X-Thanos
Powered-By
X-CGP
Server-Cache-Control
X-Cache-Debug
X-Wikidot-Backend
Gh-Request-Id
X-Hit
X-Real-IP
X-Cache-Backend
X-Logging-Id
X-SIPLIST1
Geo-Info
X-Cache-Time
X-GoCache-CacheStatus
X-Block-Status
X-Cache-Bucket
X-NodeID
X-Nginx-Cache-Key
X-BBXSRF
X-Li-Fabric
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-NX-Host
X-Cdn-Srv
X-FW-Version
Memcached
X-Cache-URL
X-Cache-Info
X-Clara-WADP
X-Instart-Isnd
X-Origin-Date
X-LI-Proto
Countrycode
X-Micro-Cache
X-Key
Fastly-SIE
Fastly-SWR
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Clientip
X-AK-Request-ID
X-We-Are-Hiring
X-Origin-Expires
X-Irp-Debug
X-Azure-Ref
X-LI-UUID
X-TH-Server
X-Ms-Version
X-User
X-Li-Pop
X-OVcl-Cache
X-Server-W
X-Generation-Time
X-Distributor
X-Dispatcher-Server
X-Request-URI
X-Ms-Request-Id
X-Render-Time
X-GeoIP-City
X-Urbn-Site-Id
X-Urbn-Context-Path
X-Trace-Id
X-Swa-Ws
X-SVT-ORM-VERSION
X-Fetched-On
X-Gamma-Serve
X-Epic-Correlation-Id
X-Generated-In
X-Gen-Mode
X-RateLimit-Remaining-Second
X-WADP-Cache
Fastly-SSL
Access-Control-Request-Headers
X-Owner
X-Hnp-Log
X-Core-Mission
X-OVcl
IBM-Web2-Location
X-SVT-ORM-RULES
X-Webstats-RespID
X-Debug-Cache-Expiry
X-Debug-Cookies
X-Debug-Log
X-RateLimit-Limit-Second
X-Debug-Cache-Store
X-Proxy-Upstream
X-Hash
X-Debug-Cache-Fetch
X-Cms-Context
X-Fastly-Cache
RNT-Time
Country-Code
Cdnsip
Cdncip
Server-ID
Cache-Host
RNT-Machine
Fastly-Backend-Name
Locale
Mail-Subject
Kp-EeAlive
Heartbleed
Request-EU
Request-Country
AKAMAI
Server-Int
X-Varnish-Beresp-Status
V-Age
We-Hiring
X-Varnish-Beresp-Grace
Web-Mar-Node
True-Client-Country-4JS
X-Varnish-Beresp-Ttl
X-App-Version
X-TT-LOGID
X-VServer
X-ServiceProvider
X-Old-Content-Length
X-Reboot
FNAC-ModuleRouting
X-Service
X-Generated-On
X-Sucuri-Cache
X-Thinkindot-L3
Wxu-Next-Region
X-Level-Front-Cache
X-Trafficlayer-App-Version
ServerName
PFcat
X-Platform-Server
X-Servername
Server-Host
Adler-Geo
X-JWT-State
X-Up
Thinkindot-CacheControl
Wxu-Next-Commit
Wxu-Next-Hostname
X-Variation
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Is-Gdpr
X-NU-AKA-ACS-Version
X-Internal-Host
Is-Eu
X-Matched-Rule
X-Core-Value
X-Cache-Tags
Platform
X-Req
X-Has-Esi
X-Oneagent-Js-Injection
X-S-Maxage
X-TA-CDN-Provider
X-Response-By
X-Lb-Id
Cache-Hits
X-Nginx-Cache
Filterid
X-SERVER
X-Refresh
X-Location
X-Air-Hostname
RequestId
X-Cache-Expired-At
Pragrma
X-Var-Ttl
Group
X-Tb-Optimization-Total-Bytes-Saved
X-B3-Parentspanid
S-Cnection
X-Parent-Response-Time
ProcessTime
Memory
X-Cdn-Forward
X-CF-Powered-By
X-Pjax-Url
X-B3-SpanId
X-CSRF-Token
X-Tec-Api-Origin
X-Tec-Api-Root
X-BACKEND-TTL
X-Tec-Api-Version
Powered-By-ChinaCache
X-CSRF-TOKEN
X-NC
Origin
SRV
X-Wa
User-Agent
TTL
X-Pf-Uncompressing
X-Server-IP
Geoip-Latitude
X-Sucuri-ID
X-Varnish-Cacheable
X-Vcl-Version
GeoIp-Country-Code
X-NWS-UUID-VERIFY
Geoip-City
X-Unique-ID
X-Correlation-ID
X-Ua
X-NGINX-Cache
PICS-Label
Media-Length
X-Via-CDN
X-Cdn-Request-ID
X-Developer
X-COUNTRY
X-Sucuri-Id
X-LAGOON
X-Rocket-Nginx-Bypass
X-Cache-Grace
X-Ocache
X-Sn-Servicetimems
X-Cdn-Origin
M-TraceId
X-Webkit-CSP
Dnion-Transfer-Encoding
X-Litespeed-Cache
X-Servedbyhost
SN
On-Server
X-Node-Id
X-Device-Os
A
X-Cache-Status-Check
X-Reqid
X-Varnish-Ttl
X-HS-Status
X-Via-Ucdn
Esi-Enabled
X-AIR-PT
X-MSEdge-Flight
X-MSEdge-Features
X-Request-Host
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-TIME
XServer
HostName
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Cdn
Cloudfront-Viewer-Country
X-Policy
Tcn
X-Planisys-CDN-TTL
X-FORWARDED-FOR
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Node
X-ServedByHost
X-Request-Start
X-Beluga-Cache-Status
Hostname
X-Azure-Ref-OriginShield
X-Beluga-Response-Time
Resin-Trace
X-Beluga-Record
X-Ratelimit-Remaining
X-Fastly-Country-Code
Who
Rt-Proxy-Cache
X-Cache-Ttl
X-Ftr-Cache-Host
X-VHOST
Host-ID
NtCoent-Length
CF-Cached-On
X-Method
X-Varnish-URL
Pics-Label
Cteonnt-Length
Magicmarker
X-Varnish-Url
GeoIP-Country-Code
X-Slack-Backend
X-VCL-Version
X-APP
MIME-Version
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
X-Bc
X-Fastly-Backend-Reqs
X-DSS
Ttl
X-DB
X-DW
X-RSL
X-RPM
X-Zone
GeoIP-Latitude
X-RPS
X-DI
X-Action
X-DC
Load-Balancing
X-Ratelimit-Limit
X-Server-Time
X-Processor
X-FPC
X-Swift-Error
X-Svr
X-PAYTM-SRV-ID
X-Skip-Cache
X-Dispatch
X-VarnishDD-TTL
X-Be
Arc-Country
X-PF-Uncompressing
Ohc-Response-Time
Pramga
GeoIP-City
X-Newrelic-App-Data
CACHE
X-Cache-FS-Status
X-HostName
DSUID
X-Flog
X-PJAX-URL
X-ND-Cache
X-SRV
WebServer
Amp-Access-Control-Allow-Source-Origin
X-Ftr-Request-Id
X-Hello
X-ABtesting
Vix-Hermes-Req-Id
X-MServer
X-VCT
Release
X-Hp-Ccpa-Warning
X-DevSite-Last-Modified
Cdn-Host
Cdn-Request-Time
Fastly-Drupal-HTML
X-Served-From
N-Cache
X-Dynatrace
Processtime
X-Edge-Server
X-BE
Servername
X-WR-MODIFICATION
CF-IPCountry
X-Dynatrace-Js-Agent
X-ID
Cache-Provider
X-WA
X-Tid
X-Amzn-Remapped-Date
X-Bc-Bl
X-Aicache-OS
X-Configured-By
X-Amzn-Remapped-Connection
X-ZONE
X-Frame-Option
X-StackifyID
X-BC
SD-X-WS
X-SD-PageType
Dynatrace
X-Upstream-Ct
X-Upstream-Ht
Pagetype
X-Backend-Host
X-Fastly-Cache-Hits
CDN
Lfy
Requestid
X-Ftr-Realm
X-Ftr-Backend-Server
X-Ftr-Backend
X-Ftr-Dc
X-Ftr-Balancer
X-LB-ID
X-Snapshot-Date
X-Branch-Name
X-CACHE-AGE
WZWS-RAY
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
X-Request-Url
X-Apw-Access-Object
X-Apw-Access-Token
X-Cc-Via
X-Edge-IP
X-Apw-Access-Action
Proxy-Firewall
L
X-Compress-Hint
X-Varnish-Beresp-TTL
X-Cache-Id
X-SN
X-Apw-Hits
X-Cc-Req-Id
D-Cc-Upstream
Warning
X-VC
X-SB
V-Cache
X-Litespeed-Cache-Control
X-Via-NSCOPI
Lb
FSS-Proxy
FSS-Cache
X-WPE-Loopback-Upstream-Addr
X-Check-Cacheable
X-ServerName
Backend-Name
X-Worker
X-Release
WP-Super-Cache
X-Powered-Y
X-Request-URL
Correlation-Id
X-App
X-Fastly-Cache-Status
X-ElasticPress-Search