Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
Alt-Svc
X-Timer
CF-Ray
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-Varnish-Cache
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
P3p
Rating
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-PC
X-TtlSet
X-Vname
X-Goog-Hash
X-TTL
Content-MD5
X-ESI
Verso
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-Vcache
X-B3-TraceId
X-Use-Magma
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Kinja
X-GitHub-Request-Id
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Navigation-Version
X-TEC-API-ROOT
X-MSEdge-Ref
X-Amz-Rid
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
Pagespeed
X-Accel-Expires
Display
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-Server-ID
X-SharePointHealthScore
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Version
X-Fastly-Request-ID
MS-Author-Via
Public-Key-Pins
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Powered-CMS
X-Trace
X-Edge-O15-RID
X-Client-IP
X-Cdn
Realpath
Cache-Tag
X-Ser
Access-Control-Request-Method
X-Content-Type
X-B3-TraceId-Primal
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
MRF-Tech
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Upstream
X-Grace
X-Shard
X-Hp-Webp
X-Jurisdiction
X-Id
Front-End-Https
X-Ezoic-Cdn
X-Cache-TTL
X-Forwarded-For
S
X-Hits
X-T
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Cache
Nel
X-Recruiting
X-DynaTrace-JS-Agent
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Content-Digest
X-Dw-Request-Base-Id
X-Varnish-Age
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
MicrosoftSharePointTeamServices
X-FTR-Balancer
X-FTR-Cache-Status
X-Mobile-URL
ServerID
X-DIS-Request-ID
Server-Node
NR-ENABLED
TP-Cache
TP-L2-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Frontend
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
Powered
X-Logged-In
X-CST
X-Correlation-Id
Alternate-Protocol
X-XRDS-Location
Server-Name
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Amzn-RequestId
Fastly-Restarts
X-Cache-Hit
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
Backend-Timing
X-ATS-Timestamp
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-Request-Received
X-Request-Processing-Time
X-Zen-Fury
X-User-Agent
X-Content-Options
X-F-Cache
Refresh
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Varnish-Grace
X-Akamai-Edgescape
X-Rid
X-B
X-LB-Cache
X-Revision
PB-PID
Arc-Version
X-Content-Powered-By
X-Mobile-Rewrite
PB-RID
X-Type
X-B3-Sampled
X-Geo-Country
Cache-Status
X-XRDS-LOCATION
X-Az
X-AppVersion
X-Activity-Id
X-Kinsta-Cache
X-NWS-LOG-UUID
X-N
X-Cache-Action
X-TT
X-AOL-HN
X-Framework
Access-Control-Allow-Method
X-Jobs
X-Debug-Info
X-Request-Guid
X-WebKit-CSP-Report-Only
X-B-Cache
X-Signature
X-Cache-Age
Actual-Object-TTL
X-Time
X-FB-Debug
X-Instance
X-PHP-Backend
X-Cached-By
X-Git-Hash
Paypal-Debug-Id
X-App-Environment
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Load-Cache
Fastcgi-Useragent
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-URL
DC
X-Pad
X-Varnish-Backend
X-RateLimit-Remaining
X-Shield-Request-Id
Host-Header
Host
X-WA-Info
X-Webkit-Csp
X-ATG-Version
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
MS-CV
X-Via-JSL
Surrogate-Key
X-IPLB-Instance
X-Contextid
X-Ua-Device
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Host-Name
Retry-After
Frame-Options
NGB
X-Response-Served-From
X-Accel-Buffering
Liferay-Portal
X-FastCGI-Cache
Payment
X-Cache-NE
X-Hostname
X-Srv
Source
X-Seen-By
Xserver
X-SS-Set-Cookie
X-Origin-Response-Time
Eomportal-Instance
X-Cache-2
X-NewRelic-App-Data
X-Region
X-Varnish-Server
X-FW-Hash
X-FW-Server
X-FW-Serve
X-GeoIP
X-Rendered-As
X-Is-Bot
X-IPS-LoggedIn
X-Cacheable-TTL
X-FW-Type
X-FW-Static
Filters
WPE-Backend
Tracecode
X-Varnish-Hostname
Cache-Tv-Group
X-Adobe-Content
X-Adobe-Loc
X-Cluster
X-Cache-Enabled
Server-Info
X-RequestSource
X-Cache-Operation
X-Cache-Rule
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Key
X-Ttl
X-App-Server
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-TX-ID
X-Cache-TTL-Remaining
X-Presslabs-Stats
FilterID
X-CACHE-KEY
X-L-Path
Cleartype
X-FireWall-Port
X-Environment-Context
Accept-CH
X-Analytics
X-Handled-By
X-B3-Traceid
X-Upgrade-Enabled
X-Source
X-RTag
Ms-Operation-Id
X-Endurance-Cache-Level
X-Cache-Server
Accept-Charset
Srv
X-HTML-Minification-Powered-By
From-Origin
X-Backend-Name
X-PressLabs-Stats
X-Webapp-Samesite-None-Activated-N
Datacenter
X-UUID
X-UA
Accept-CH-Lifetime
X-Wix-Request-Id
Healthy
X-Cache-Var-Map
X-Path-Route
X-RN-RSRV
X-ES-SERVER
X-Cache-Var
X-Dc
Meta-Geo
X-Daa-Tunnel
X-Tb
X-Section
Selected-Fe
X-Access
X-Proxy-Build
OT-Force-Account-Verify
X-Status
X-Timing-Wait
X-Request-Time
X-Alternate-Cache-Key
X-ShardId
X-OCL
X-Akamai-Request-ID
X-ShopId
X-Akamai-Transformed
X-PCL
X-Proto
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
X-EIG-Tracking-Id
X-FC-Vary-Parameters
Cache-Tags
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Cache-Config
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
Mn-Server-Ip
X-Format
X-AWS-Id
X-Yottaa-Optimizations
Origin-Edge-Control
Origin-Cache-Control
X-LJ-Flow-ID
Ec-Rule-Version
X-JoinUs
X-Hl-Ver
X-Debug-Cache
Node
X-BYPASS-REASON
X-Human
X-Akamai-Request-ID2
X-Yottaa-Metrics
X-Origin
X-ProxyCache-Status
X-ProxyCache-Key
X-VWS-Id
Akamai-GRN
X-Vgn-Hpd-Reason
X-Soup
X-SaId
X-Say-TTL
X-SayCDN-TTL
X-Qloud-Router
X-Proxy-Cache-Status
X-Web-Node
X-NYM-Debug-Backend
X-Say-Cacheable
X-Unique-Id
X-APP-VERSION
X-TNCMS
X-ServerID
X-Locale
Cross-Origin-Window-Policy
X-Loop
X-CCM
X-Pubstack
Now
X-Whom
X-BCube-Filmed-By
X-Site-Version
NGX
X-Time-Microsecs
X-Storage
X-Proxy
X-MP-GENERATED-AT
X-Hosted-By
Decoy-Debug-TTL
X-Hyper-Cache
X-Redis-Cache
Version
X-Viewer-Country
X-Generated-By
X-Generated
X-Www-Served-By
Decoy-Debug-Key
X-Detected-As
X-FW-Dynamic
Decoy-Debug-Status
X-FB-TRIP-ID
Webcakes-App-Version
X-RCS-CacheZone
X-R9-Blue-Green-Version
Webcakes-Region
Azure-SiteName
X-Xfnlog-Site
DB-Nickname
X-Origin-Hint
Azure-InstanceId
Azure-Version
X-IP
X-Varnish-Hits
Azure-RegionName
Webcakes-App-Name
Azure-SlotName
TWC-GeoIP-Country
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
Property-Id
X-NCache
X-Amzn-Remapped-Content-Length
X-Cluster-Node
X-RateLimit-Limit
GEO-INFO
X-UA-Device-Type
Cache-Key
X-Cache-Control
Cache
X-Backend-TTL
X-Cache-Host
X-Drupal-Cache-Tags
X-Mode
Section-Io-Cache
X-NGENIX-Cache
X-Forwarded-Host
X-Rule
Webserver
X-CDN-Forward
L5d-Success-Class
X-Esi
Content-Disposition
Time
Cache-Name
Mime-Version
X-UnsetCookies
X-ApacheServer
X-CS
X-Varnish-Cache-Hits
Viewport
X-Newrelic-Synthetics
X-Info
Accept-Language
X-PERF
Rt-Fastcgi-Cache
ServedBy
X-Origin-TTL
X-Origin-CC
Country
Uber-Trace-Id
X-Cache-Remote
X-Device-Type
X-Routing-Service
X-Proxied
Odigeo-Trace-Id
X-Zipkin-Id
X-Via-Fastly
Filterid
X-B3-Spanid
X-VCache
X-Magnolia-Registration
Geo-Info
X-From
X-Uri
X-CLOUD-TRACE-CONTEXT
Proxy-Connection
X-EC-Lua
X-Cluster-Name
X-Drupal-Cache-Contexts
Access-Control-Request-Headers
X-Real-IP
Cf-Ipcountry
X-Microcachable
HitType
X-Geo
X-TT-TIMESTAMP
Mobile-Detection-Method
Machine
Meta-Geo-Continent
MD5-Digest
Apple-News-Services-Handled
X-PHP-Host
Apple-News-Services-Host
Rendered-Blocks
X-Labrador-Cache-Channel
X-Cache-Time
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Content-Style-Type
Fastcgi-X-Cache-Version
Content-Script-Type
BehaviorPad-Version
AsisCache
GEO-REGION-INFO
X-CF-Lambda-Fn
X-S-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-Sigma
X-Rojux
X-Rocket-Build-Number
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-Geo-Header
X-G
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A
W
Viewtype
VivaBuild
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-A-Wwc
X-Accel-Expires-Debug
X-D
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-Connection-Hash
X-CF-Lambda-Version
X-Aed
X-Application
X-ARC
X-B-Cookie
T-Server
X-Date
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Group
Ohc-File-Size
X-Varnish-Beresp-Grace
X-App-Version
Cache-Hits
User-Cache-Control
X-C
Fastly-SIE
X-Agile
X-Agile-Age
X-Agile-Id
Environment
Fastly-Soc-X-Request-Id
Powered-By
Ha-Gx-Prefs
X-App-Name
HA-Ipaddr
IsBot
Locid
Fastly-SWR
X-Cache-Debug
X-SIPLIST1
X-Rebelmouse-Cache-Control
X-Logging-Id
X-Thanos
X-TrackingId
X-WebServer
X-VC-Cache
X-Var-Ttl
X-Hit
X-Eu-Site
X-Cache-Expired-At
Countrycode
X-Bip
X-CGP
X-Clientip
X-Distil-CS
X-Developers
X-CUA
X-Backend-State
X-Rebelmouse-Surrogate-Control
CDCHOST
X-Nc
X-GoCache-CacheStatus
Fastly-SSL
X-Hash
X-Has-Esi
X-Generated-In
X-Fetched-On
X-Gen-Mode
X-GeoIP-City
X-IN-APIGATEWAY
X-Li-Fabric
X-Li-Pop
X-JWT-State
X-Is-Gdpr
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Hnp-Log
X-Distributor
X-Block-Status
X-Cache-ASPX
X-Azure-Ref
X-Auto-Login
Web-Mar-Node
X-Air-Hostname
X-Cache-Tags
X-Cms-Context
X-Dispatcher-Server
X-LI-Proto
X-Debug-Log
X-Debug-Cookies
X-Contensis-Viewer-Groups
X-Core-Mission
X-Epic-Correlation-Id
X-Ms-Request-Id
X-Up
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Trace-Id
X-TH-Server
X-SVT-ORM-VERSION
X-Swa-Ws
X-Variation
X-Varnish-Authentication
X-OVcl
X-OVcl-Cache
X-Cdn-Srv
X-Wikidot-Static-Cache
X-VServer
X-Wikidot-Backend
X-SVT-ORM-RULES
X-Request-URI
X-NodeID
X-NU-AKA-ACS-Version
X-No-Session
X-Nginx-Cache-Key
We-Hiring
X-Ms-Version
X-NX-Host
X-Origin-Date
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Proxy-Upstream
X-Platform-Server
X-Origin-Expires
X-Owner
X-LI-UUID
X-Servername
Kp-EeAlive
Gh-Request-Id
Locale
Mail-Subject
Cache-Host
Platform
Adler-Geo
Is-Eu
AKAMAI
True-Client-Country-4JS
Heartbleed
V-Age
IBM-Web2-Location
Pragrma
Fastly-Backend-Name
Server-Surrogate-Control
RNT-Time
Server-Int
Server-ID
RNT-Machine
Server-Cache-Control
Request-EU
Country-Code
Request-Country
S-Cnection
Ohc-Cache-HIT
X-Edge-Location
X-Gamma-Serve
X-Generated-On
ServerName
X-Level-Front-Cache
PFcat
X-Matched-Rule
X-Generation-Time
X-Server-W
X-Cache-URL
X-Clara-WADP
X-Cache-Info
X-Cache-Bucket
X-BBXSRF
X-Fastly-Cache
X-Irp-Debug
X-Webstats-RespID
Cdncip
X-We-Are-Hiring
X-WADP-Cache
X-Micro-Cache
Memcached
X-Tumblr-Pixel-3
X-Service
X-ServiceProvider
Cdnsip
X-FW-Version
X-Nginx-Cache
X-Thinkindot-L3
FNAC-ModuleRouting
X-TT-LOGID
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Name
X-Reboot
X-Req
X-Debug-Cache-Fetch
X-Core-Value
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Debug-Cache-Expiry
X-AK-Request-ID
X-Debug-Cache-Store
Wxu-Next-Commit
Wxu-Next-Region
Server-Host
Wxu-Next-Hostname
X-Old-Content-Length
X-Lb-Id
X-Response-By
X-S-Maxage
X-NC
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-UPSTREAM-Address
X-VHOST
X-Refresh
X-Wa
RequestId
X-Node-Id
X-Varnish-Cacheable
X-SERVER
X-CSRF-TOKEN
X-Sucuri-ID
User-Agent
Powered-By-ChinaCache
X-Render-Time
X-NWS-UUID-VERIFY
X-Cache-Backend
X-User
X-Developer
X-Cache-Status-Check
X-Ua
X-CF-Powered-By
Hostname
X-Parent-Response-Time
X-Cache-Grace
X-Key
X-Sn-Servicetimems
X-LAGOON
X-Tec-Api-Origin
X-Internal-Host
X-Tec-Api-Root
X-Pjax-Url
X-Tec-Api-Version
X-Cdn-Origin
X-Device-Os
X-Ocache
Origin
X-Sucuri-Cache
On-Server
A
X-Tb-Optimization-Total-Bytes-Saved
X-Location
X-CSRF-Token
X-MSEdge-Features
X-Request-Host
X-TA-CDN-Provider
X-Via-CDN
Cloudfront-Viewer-Country
X-MSEdge-Flight
X-Pf-Uncompressing
SRV
Memory
ProcessTime
Geoip-Latitude
Geoip-City
X-Dynatrace-Js-Agent
X-B3-Parentspanid
X-NGINX-Cache
GeoIp-Country-Code
PICS-Label
X-BACKEND-TTL
X-Cdn-Forward
X-COUNTRY
TTL
X-Servedbyhost
X-Varnish-URL
X-Server-IP
X-Litespeed-Cache
Resin-Trace
X-Vcl-Version
X-Webkit-CSP
M-TraceId
X-B3-SpanId
X-HS-Status
Dnion-Transfer-Encoding
X-Unique-ID
X-Varnish-Ttl
X-Rocket-Nginx-Bypass
XServer
X-TIME
X-Cdn-Request-ID
Tcn
SN
X-Slack-Backend
Media-Length
Cdn
X-DC
X-Correlation-ID
X-FORWARDED-FOR
Arc-Country
X-Server-Time
Host-ID
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Dispatch
X-Processor
Pramga
X-Ratelimit-Remaining
CACHE
X-Beluga-Node
X-Beluga-Trace
X-Cache-Ttl
X-Beluga-Response-Time
X-VCL-Version
X-ServedByHost
X-Fastly-Country-Code
X-Action
X-Beluga-Cache-Status
X-Beluga-Status
X-Beluga-Record
Who
X-Skip-Cache
X-ND-Cache
HostName
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Fastly-Drupal-HTML
Ttl
X-DB
X-DW
Pics-Label
X-Via-Ucdn
X-Edge-Server
GeoIP-Country-Code
X-RPS
Cdn-Host
X-RPM
X-Served-From
Cdn-Request-Time
X-DI
X-RSL
X-DSS
Fusion-Deployment-Id
GeoIP-City
GeoIP-Latitude
X-DevSite-Last-Modified
X-Reqid
N-Cache
X-Flog
X-PF-Uncompressing
X-Hello
Amp-Access-Control-Allow-Source-Origin
X-AIR-PT
X-Bc-Bl
X-ABtesting
X-Adobe-Source
Esi-Enabled
X-Sucuri-Id
MIME-Version
NtCoent-Length
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Policy
X-Varnish-Url
X-Backend-Host
X-VarnishDD-TTL
X-Planisys-CDN-Rules
CF-Cached-On
X-Azure-Ref-OriginShield
X-Request-Start
X-APP
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Ratelimit-Limit
Trailer
X-HostName
X-Ruxit-Js-Agent
X-Fmm-Version
X-Fpc
X-Bc
WebServer
X-SRV
Cteonnt-Length
Rt-Proxy-Cache
X-FPC
X-Zone
X-Scheme
X-PJAX-URL
X-Fastly-Backend-Reqs
X-ZONE
X-BC
X-Amzn-Remapped-Date
X-Amzn-Remapped-Connection
X-Dynatrace
X-BE
Processtime
Servername
X-Newrelic-App-Data
X-Swift-Error
FSS-Cache
X-Method
X-ID
X-WA
Cache-Provider
Sid
FSS-Proxy
Magicmarker
X-Esi-Check
Lb
X-Cache-Id
X-SN
X-Frame-Option
X-WR-MODIFICATION
X-StackifyID
Dynatrace
CF-IPCountry
X-Cache-NGX
Load-Balancing
Requestid
CDN
X-LB-ID
X-Branch-Name
X-Snapshot-Date
X-SD-PageType
Release
X-Gzip
SD-X-WS
X-CACHE-AGE
Warning
X-VC
X-Compress-Hint
D-Cc-Upstream
X-Cc-Req-Id
X-Aicache-OS
X-SB
X-Configured-By
X-VCT
X-Wix-Viewer-Type
X-Nananana
X-Instart-Info
X-ECACHE
L
X-Cc-Via
X-Tid
WZWS-RAY
Ohc-Response-Time
X-Fastly-Cache-Hits
V-Cache
X-Request-Url
X-Litespeed-Cache-Control
X-Apw-Access-Object
X-Request-URL
X-Powered-Y
WP-Super-Cache
X-Check-Cacheable
X-Worker
X-GEO
X-Be
X-Svr
X-Varnish-Beresp-TTL
X-Apw-Access-Action
X-App
Cneonction
X-WPE-Loopback-Upstream-Addr
X-Apw-Access-Token
X-ElasticPress-Search
X-Apw-Hits
X-Fastly-Cache-Status