Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
X-Xss-Protection
Access-Control-Allow-Methods
X-Download-Options
CF-Ray
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Robots-Tag
X-Amz-Request-Id
X-Amz-Id-2
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Ua-Compatible
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Server-Id
X-Device
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Ruxit-JS-Agent
X-Dispatcher
X-Cache-Lookup
Request-Id
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-Dns-Prefetch-Control
X-Country
X-Rack-Cache
X-DataDome
X-Clacks-Overhead
Rating
X-Akam-SW-Version
Edge-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-TTL
X-TtlSet
X-PC
X-Goog-Hash
X-Vname
Content-MD5
Verso
X-ESI
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-GitHub-Request-Id
X-Kinja-Server
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
RTSS
X-Version
X-B3-TraceId
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-Vcache
X-D2id
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Debug
AR-Request-ID
Ar-Sid
AR-PoweredBy
AR-ATIME
AR-CACHE
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
X-Vcap-Request-Id
Charset
X-NF-Request-ID
X-Navigation-Version
X-MSEdge-Ref
X-Middleton-Response
Pagespeed
Display
X-Amz-Rid
X-Sol
X-Middleton-Display
Response
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-VARITI-CCR
X-SharePointHealthScore
X-Fastly-Request-ID
X-Pinterest-Rid
Pinterest-Version
Nginx-Cache
MS-Author-Via
X-Cdn
Public-Key-Pins
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Trace
X-Powered-CMS
X-Fastcgi-Cache
X-Client-IP
X-Edge-O15-RID
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Server-ID
X-Content-Type
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPRequestDuration
SPIisLatency
X-Amzn-Trace-Id
X-Grace
X-Shard
X-Upstream
X-Hp-Webp
X-Jurisdiction
X-Id
X-Ezoic-Cdn
X-Forwarded-For
X-Cache-TTL
Front-End-Https
X-Hits
Fastcgi-Cache
S
Nel
X-T
X-DynaTrace-JS-Agent
X-Amz-Meta-S3cmd-Attrs
X-Aspnet-Version
DynaTrace
X-Recruiting
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Country-Code-Real
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-Varnish-Age
X-FTR-Expires
X-FTR-Realm
X-Mobile-URL
X-FTR-Backend
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
TP-L2-Cache
Server-Node
TP-Cache
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-Frontend
X-GUploader-UploadID
Powered
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Logged-In
X-Correlation-Id
X-CST
Alternate-Protocol
Server-Name
Upgrade-Insecure-Requests
X-Amz-Apigw-Id
X-Amzn-RequestId
Fastly-Restarts
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Zen-Fury
X-XRDS-LOCATION
X-Page-Id
X-Content-Options
Refresh
X-Request-Received
X-Request-Processing-Time
X-Akamai-Edgescape
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Varnish-Grace
X-F-Cache
X-XRDS-Location
X-Origin-Server
X-Rid
X-LB-Cache
X-B
X-Revision
Arc-Version
PB-RID
PB-PID
X-Content-Powered-By
X-Mobile-Rewrite
X-Type
X-B3-Sampled
Cache-Status
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Az
X-NWS-LOG-UUID
X-Kinsta-Cache
X-Cache-Action
X-TT
X-AOL-HN
X-N
X-Cached-By
X-App-Environment
X-Framework
X-Jobs
X-Request-Guid
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-PHP-Backend
Actual-Object-TTL
X-Instance
X-Git-Hash
X-FB-Debug
X-Debug-Info
X-Time
X-Signature
X-B-Cache
X-Tumblr-Pixel-0
X-Tumblr-User
Paypal-Debug-Id
X-Cache-Age
X-Tumblr-Pixel
X-URL
X-Load-Cache
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Webkit-Csp
DC
X-FastCGI-Cache
X-Varnish-Backend
X-Pad
Host-Header
Host
X-WA-Info
X-ATG-Version
X-RateLimit-Remaining
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Shield-Request-Id
MS-CV
X-Via-JSL
Surrogate-Key
X-IPLB-Instance
X-Contextid
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Host-Name
X-Kong-Upstream-Latency
Retry-After
X-Cache-Key
Liferay-Portal
Frame-Options
X-Accel-Buffering
X-Response-Served-From
NGB
X-Seen-By
Payment
X-Presslabs-Stats
X-Cache-NE
X-Hostname
X-Srv
Source
X-Origin-Response-Time
X-Varnish-Server
X-Region
X-Cache-2
Eomportal-Instance
X-SS-Set-Cookie
X-Rendered-As
X-Cache-Enabled
Tracecode
Filters
X-Cacheable-TTL
X-Cluster
X-IPS-LoggedIn
X-Is-Bot
X-NewRelic-App-Data
X-FW-Type
WPE-Backend
X-GeoIP
X-FW-Static
X-FW-Hash
X-FW-Serve
X-FW-Server
X-Adobe-Loc
Server-Info
Xserver
Cache-Tv-Group
X-Adobe-Content
X-Varnish-Hostname
X-RequestSource
X-Cache-Rule
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Operation
X-App-Server
X-RemovedCookies
X-ProcessESI
FilterID
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
X-TX-ID
Accept-CH
X-L-Path
X-Environment-Context
X-FireWall-Port
X-B3-Traceid
Cleartype
X-Analytics
X-Upgrade-Enabled
X-Handled-By
Accept-Charset
X-RTag
X-Source
Ms-Operation-Id
X-UA
X-Ttl
X-Cache-Server
X-Endurance-Cache-Level
From-Origin
X-Backend-Name
X-HTML-Minification-Powered-By
Datacenter
Accept-CH-Lifetime
X-APP-VERSION
X-Dc
X-UUID
X-CACHE-KEY
Srv
X-Daa-Tunnel
Healthy
X-Wix-Request-Id
Meta-Geo
GEO-INFO
X-RN-RSRV
X-Cache-Var
X-Path-Route
X-Unique-Id
X-Cache-Var-Map
X-ES-SERVER
OT-Force-Account-Verify
X-Section
X-Timing-Wait
X-Tb
X-Access
X-Status
X-Proxy-Build
X-Akamai-Transformed
Selected-Fe
X-Webapp-Samesite-None-Activated-N
X-Format
X-Shopify-Generated-Cart-Token
X-Request-Time
X-Sorting-Hat-PodId
X-Proto
X-Sorting-Hat-ShopId
X-PCL
Akamai-GRN
X-Akamai-Request-ID
Mn-Server-Ip
X-FC-Vary-Parameters
X-ShardId
X-ShopId
X-Content-Age
X-Ua-Device
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OCL
X-Shopify-Stage
X-Alternate-Cache-Key
Decoy-Debug-TTL
Origin-Cache-Control
Node
Ec-Rule-Version
Decoy-Debug-Status
Decoy-Debug-Key
Origin-Edge-Control
X-Hosted-By
X-Web-Node
X-ProxyCache-Status
X-NYM-Debug-Backend
X-VWS-Id
X-Origin
X-Qloud-Router
X-Say-TTL
X-SaId
X-Say-Cacheable
Cache-Tags
X-Akamai-Request-ID2
X-Redis-Cache
X-Soup
X-Proxy
X-Human
X-Hyper-Cache
X-Hl-Ver
X-Debug-Cache
X-Cache-Config
X-JoinUs
X-SayCDN-TTL
X-Vgn-Hpd-Reason
X-Viewer-Country
X-ProxyCache-Key
X-Proxy-Cache-Status
X-LJ-Flow-ID
X-AWS-Id
X-BYPASS-REASON
X-Whom
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Locale
X-Loop
X-ServerID
X-Generated
X-Time-Microsecs
X-FB-TRIP-ID
X-BCube-Filmed-By
X-CCM
X-Detected-As
X-Site-Version
X-Generated-By
Azure-Version
Azure-SlotName
DB-Nickname
NGX
Now
Azure-SiteName
Azure-RegionName
X-FW-Dynamic
X-TNCMS
X-Www-Served-By
Azure-InstanceId
Version
X-MP-GENERATED-AT
Cross-Origin-Window-Policy
X-Storage
X-IP
X-R9-Blue-Green-Version
X-NCache
X-Pubstack
X-RCS-CacheZone
X-Varnish-Hits
Property-Id
X-Origin-Hint
X-Xfnlog-Site
TWC-Privacy
TWC-Locale-Group
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Connection-Speed
S-Rt
TWC-Device-Class
X-Amzn-Remapped-Content-Length
X-PressLabs-Stats
X-Cluster-Node
X-UA-Device-Type
Cache-Key
X-Backend-TTL
X-NGENIX-Cache
X-RateLimit-Limit
X-VCache
X-Cache-Control
Section-Io-Cache
X-Cache-Host
X-Drupal-Cache-Tags
X-Mode
X-CDN-Forward
X-Esi
X-Forwarded-Host
X-Rule
Cache
Webserver
Content-Disposition
Time
L5d-Success-Class
X-Info
X-UnsetCookies
X-Varnish-Cache-Hits
Accept-Language
Cache-Name
Mime-Version
X-CS
X-Origin-CC
Viewport
X-Origin-TTL
X-Newrelic-Synthetics
X-ApacheServer
X-PERF
Rt-Fastcgi-Cache
X-B3-Spanid
ServedBy
Uber-Trace-Id
X-Cache-Remote
Country
Odigeo-Trace-Id
X-Device-Type
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-Magnolia-Registration
X-Uri
X-From
Proxy-Connection
Filterid
X-Cluster-Name
Access-Control-Request-Headers
X-Real-IP
X-EC-Lua
X-Geo
X-Drupal-Cache-Contexts
HitType
X-Microcachable
X-TT-TIMESTAMP
Machine
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Meta-Geo-Continent
Apple-News-Services-Handled
X-Labrador-Cache-Channel
X-PHP-Host
Apple-News-Services-Request-Url
AsisCache
Fastcgi-X-Cache-Version
GEO-REGION-INFO
X-Cache-Time
Content-Style-Type
BehaviorPad-Version
Content-Script-Type
MD5-Digest
X-A-Ccd
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rocket-Build-Number
X-Rewrite-Enabled
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Sigma
X-Sigma-Backend
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-G
X-External-Request-Id
X-A
W
X-A-Dam
X-A-Dcw
X-A-Dgt
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Rendered-Blocks
T-Server
Viewtype
VivaBuild
X-A-Wwc
X-Accel-Expires-Debug
X-D
X-Date
X-Destination
X-DPWN-IS-SECURE
X-Connection-Hash
X-CF-Lambda-Version
X-Aed
X-Application
X-ARC
X-B-Cookie
Mobile-Detection-Method
X-CF-Lambda-Fn
X-Varnish-Beresp-Status
Cf-Ipcountry
Group
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Ttl
Ohc-File-Size
Geo-Info
User-Cache-Control
Cache-Hits
X-C
X-CUA
X-Clientip
Locid
IsBot
X-Distil-CS
Environment
Countrycode
X-Rebelmouse-Surrogate-Control
X-Eu-Site
Fastly-SIE
Ha-Gx-Prefs
Fastly-Soc-X-Request-Id
HA-Ipaddr
X-Wikidot-Static-Cache
X-Agile-Id
X-Thanos
X-App-Name
X-Agile-Age
X-Agile
X-VC-Cache
X-Var-Ttl
X-TrackingId
X-SIPLIST1
X-Backend-State
X-Cache-Expired-At
X-Wikidot-Backend
X-Cdn-Srv
X-WebServer
X-Cache-Debug
X-Bip
Powered-By
X-CGP
Fastly-SWR
X-OVcl-Cache
X-Hit
X-Logging-Id
X-Rebelmouse-Cache-Control
CDCHOST
X-OVcl
X-Developers
X-GoCache-CacheStatus
X-Nc
X-Azure-Ref
X-Owner
X-Block-Status
X-LI-Proto
X-Li-Pop
X-LI-UUID
X-Cache-Bucket
X-Swa-Ws
X-BBXSRF
X-Ms-Request-Id
X-NX-Host
X-Up
X-Variation
Web-Mar-Node
X-Origin-Date
X-NU-AKA-ACS-Version
X-Trace-Id
X-Air-Hostname
X-Micro-Cache
X-Ms-Version
X-Nginx-Cache-Key
X-No-Session
X-TH-Server
X-Platform-Server
X-Hash
X-Distributor
X-Dispatcher-Server
X-Debug-Log
X-Hnp-Log
X-Epic-Correlation-Id
We-Hiring
X-Fetched-On
X-Generated-In
X-Fastly-Cache
X-GeoIP-City
X-RateLimit-Remaining-Second
X-Debug-Cookies
X-IN-APIGATEWAY
X-Cache-URL
X-Proxy-Upstream
X-Cache-Tags
X-Gen-Mode
X-Li-Fabric
X-Irp-Debug
X-Clara-WADP
X-Servername
X-Core-Mission
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-RateLimit-Limit-Second
X-Cache-Info
X-Tec-Api-Root
Mail-Subject
X-Has-Esi
Kp-EeAlive
Is-Eu
IBM-Web2-Location
Memcached
X-Webstats-RespID
X-We-Are-Hiring
X-WADP-Cache
Country-Code
Platform
X-Is-Gdpr
X-SVT-ORM-VERSION
X-Contensis-Viewer-Groups
Fastly-Backend-Name
X-Cms-Context
Cache-Host
X-Cache-ASPX
X-Auto-Login
Server-Surrogate-Control
Server-Cache-Control
Heartbleed
Gh-Request-Id
Adler-Geo
Locale
X-JWT-State
Pragrma
X-Tec-Api-Version
Server-Int
X-Urbn-Site-Id
X-Tec-Api-Origin
X-Origin-Expires
AKAMAI
Request-Country
X-Varnish-Authentication
X-Urbn-Context-Path
RNT-Machine
X-VServer
Request-EU
RNT-Time
V-Age
Server-ID
X-SVT-ORM-RULES
S-Cnection
X-Edge-Location
Fastly-SSL
X-Generation-Time
X-NodeID
X-Generated-On
X-Debug-Cache-Expiry
X-Gamma-Serve
X-Server-W
Ohc-Cache-HIT
X-Level-Front-Cache
X-FW-Version
X-Debug-Cache-Store
X-Tumblr-Pixel-3
X-TT-LOGID
X-Debug-Cache-Fetch
X-Matched-Rule
X-NC
Thinkindot-Control
X-Thinkindot-L3
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
ServerName
Server-Host
True-Client-Country-4JS
X-Trafficlayer-App-Name
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Reboot
PFcat
Cdnsip
X-Request-URI
X-Core-Value
Cdncip
FNAC-ModuleRouting
X-AK-Request-ID
X-Req
X-Service
X-Oss-Storage-Class
X-VHOST
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Varnish-Cacheable
X-S-Maxage
X-Response-By
X-Old-Content-Length
X-ServiceProvider
X-Lb-Id
X-App-Version
X-SERVER
X-UPSTREAM-Address
X-Sucuri-ID
User-Agent
X-Refresh
X-Nginx-Cache
X-Wa
RequestId
X-NWS-UUID-VERIFY
X-Node-Id
X-Developer
X-Render-Time
X-Cache-Status-Check
Powered-By-ChinaCache
X-Cache-Backend
X-Parent-Response-Time
X-Cache-Grace
X-Cdn-Origin
X-User
X-CF-Powered-By
X-Sn-Servicetimems
X-Device-Os
X-LAGOON
X-CSRF-TOKEN
Hostname
X-Key
X-Pjax-Url
SRV
X-Internal-Host
X-CSRF-Token
X-Ocache
Origin
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
X-Pf-Uncompressing
A
X-MSEdge-Flight
X-MSEdge-Features
X-TA-CDN-Provider
X-Location
Memory
X-Request-Host
Geoip-City
On-Server
X-Via-CDN
Cloudfront-Viewer-Country
Geoip-Latitude
X-Ua
X-NGINX-Cache
PICS-Label
GeoIp-Country-Code
X-COUNTRY
ProcessTime
X-B3-Parentspanid
X-Vcl-Version
TTL
Resin-Trace
X-Cdn-Forward
X-BACKEND-TTL
X-Litespeed-Cache
X-Webkit-CSP
X-Varnish-URL
X-Varnish-Ttl
X-Server-IP
X-Servedbyhost
M-TraceId
XServer
X-TIME
X-HS-Status
X-Slack-Backend
X-Dynatrace-Js-Agent
SN
Tcn
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
X-FORWARDED-FOR
X-Dispatch
Arc-Country
Pramga
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-ServedByHost
X-Server-Time
X-Processor
Cdn
HostName
Media-Length
X-Cdn-Request-ID
X-B3-SpanId
Host-ID
X-Unique-ID
X-Ratelimit-Remaining
CACHE
X-Beluga-Record
X-Cache-Ttl
X-Beluga-Response-Time
X-Skip-Cache
X-ND-Cache
X-Beluga-Cache-Status
X-Beluga-Status
X-Beluga-Node
X-Action
X-Fastly-Country-Code
X-Beluga-Trace
Section-Io-Id
X-DC
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Who
Cdn-Host
X-RPM
X-DSS
X-Edge-Server
X-DI
Cdn-Request-Time
X-DB
X-DW
X-RSL
X-RPS
Fastly-Drupal-HTML
X-Served-From
X-VCL-Version
X-DevSite-Last-Modified
Fusion-Deployment-Id
Ttl
N-Cache
X-Correlation-ID
X-Via-Ucdn
Pics-Label
X-ABtesting
X-Flog
X-Reqid
X-Hello
GeoIP-Country-Code
X-Adobe-Source
NtCoent-Length
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
MIME-Version
X-VarnishDD-TTL
X-Varnish-Url
GeoIP-Latitude
GeoIP-City
Esi-Enabled
X-Bc-Bl
X-AIR-PT
X-Backend-Host
CF-Cached-On
X-APP
X-FPC
X-Sucuri-Id
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-PF-Uncompressing
X-Policy
X-Planisys-CDN-Cache
Cache-Cookie-Set-From
X-Ratelimit-Limit
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-HostName
Trailer
X-Request-Start
X-Scheme
X-Fastly-Backend-Reqs
X-SRV
X-PJAX-URL
X-Azure-Ref-OriginShield
X-Zone
X-Bc
WebServer
Cteonnt-Length
X-Fmm-Version
Amp-Access-Control-Allow-Source-Origin
X-BE
X-Dynatrace
X-Fpc
Rt-Proxy-Cache
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
Processtime
X-Swift-Error
Servername
X-Newrelic-App-Data
CF-IPCountry
X-ID
X-WA
Magicmarker
FSS-Proxy
X-SN
X-Esi-Check
X-Cache-Id
X-BC
FSS-Cache
X-ZONE
Cache-Provider
X-WR-MODIFICATION
X-Frame-Option
X-StackifyID
Load-Balancing
X-Method
Lb
Sid
X-Gzip
X-SD-PageType
X-Cache-NGX
SD-X-WS
Release
CDN
Dynatrace
Requestid
X-Snapshot-Date
X-LB-ID
X-Branch-Name
X-CACHE-AGE
X-Cc-Req-Id
X-SB
X-Cc-Via
L
X-VC
X-ECACHE
X-Configured-By
D-Cc-Upstream
X-Compress-Hint
X-VCT
X-Instart-Info
X-Request-Url
Warning
X-Fastly-Cache-Hits
X-Aicache-OS
X-Tid
V-Cache
X-Wix-Viewer-Type
WZWS-RAY
X-Litespeed-Cache-Control
X-Node-ID
X-ElasticPress-Search
WP-Super-Cache
Request-Time
LB
Inserted-Into-Cache-At
Proxy-Firewall
X-Apw-Hits
X-Nananana
SID
X-App
X-WPE-Loopback-Upstream-Addr
X-Request-URL
Ohc-Response-Time
X-Powered-Y
X-Worker
X-Varnish-Beresp-TTL
Cneonction
X-Check-Cacheable
X-Fastly-Cache-Status
X-GEO
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Access-Token