Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
Xkey
P3p
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
CF-Ray
X-Backend
X-Server
X-Age
X-Ua-Compatible
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Ws-Request-Id
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-UA-Device
X-Nginx-Cache-Status
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Cf-Railgun
Grace
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Server-Id
X-Device
X-Host
X-Origin-Cache
EagleEye-TraceId
X-Response-Time
X-Ac
X-Node
Content-Location
Surrogate-Control
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Backend-Server
Request-Id
X-Dispatcher
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
X-Cache-Lookup
X-ORACLE-DMS-ECID
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Ruxit-JS-Agent
X-ORACLE-DMS-RID
X-DataDome
X-Mod-Pagespeed
NEL
X-Rack-Cache
Rating
X-Country
Edge-Control
X-Clacks-Overhead
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
X-TTL
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Allow
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-DynaTrace
X-Instart-Request-ID
X-Varnish-TTL
X-Goog-Hash
X-Vname
X-PC
X-TtlSet
X-ESI
Verso
Accept-Ch-Lifetime
Content-MD5
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-B3-TraceId
X-Forwarded-Proto
X-MS-InvokeApp
X-Version
X-GitHub-Request-Id
X-Use-Magma
X-Exp-Variant
X-Kinja-Build
X-Kinja
X-GoogleNews-Bot
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
RTSS
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Server-Name
X-Debug
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-Request-ID
X-Px
X-Vcache
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-NF-Request-ID
X-Fastcgi-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Cached
Response
Display
X-Middleton-Response
Pagespeed
X-Middleton-Display
X-Sol
X-Vcap-Request-Id
X-Accel-Expires
X-Navigation-Version
X-MSEdge-Ref
Arr-Disable-Session-Affinity
X-Amz-Rid
X-Pinterest-Rid
Pinterest-Version
TCN
X-Powered-CMS
X-SharePointHealthScore
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-VARITI-CCR
X-Trace
Public-Key-Pins
X-Fastly-Request-ID
X-Client-IP
Realpath
Cache-Tag
X-Cdn
MS-Author-Via
X-Ser
Access-Control-Request-Method
Nginx-Cache
X-Edge-O15-RID
X-DynaTrace-JS-Agent
X-Shard
X-Mrf-Section-Lastmod
S
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Upstream
X-Server-ID
Mrf-Cache-Status
X-Content-Type
Nel
SPRequestDuration
SPIisLatency
X-Id
X-Amzn-Trace-Id
X-Ezoic-Cdn
X-Hp-Webp
X-Grace
X-Forwarded-For
X-T
X-Amz-Meta-S3cmd-Attrs
Front-End-Https
X-Hits
Fastcgi-Cache
X-Recruiting
DynaTrace
X-Jurisdiction
X-Cache-TTL
X-Aspnet-Version
X-Varnish-Age
ServerID
MicrosoftSharePointTeamServices
X-Element-Page-Cache
X-Content-Digest
X-Mobile-URL
X-Node-Name
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Expires
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Dw-Request-Base-Id
X-Country-Code-Real
X-FTR-Backend
X-DIS-Request-ID
NR-ENABLED
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Cache-Config
X-HS-Content-Id
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Powered
X-Frontend
X-Goog-Generation
X-Goog-Metageneration
X-HS-Hub-Id
X-HS-Combine-CSS
Server-Node
TP-L2-Cache
TP-Cache
Alternate-Protocol
X-Logged-In
Server-Name
X-CST
X-Amzn-RequestId
X-Amz-Apigw-Id
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-Cache-Hit
X-Correlation-Id
Upgrade-Insecure-Requests
X-XRDS-Location
X-Content-Options
X-Content-Security-Policy-Report-Only
X-Revision
Refresh
X-F-Cache
X-User-Agent
X-Page-Id
X-Rid
Fastly-Restarts
X-Origin-Server
X-Akamai-Edgescape
X-Varnish-Grace
X-Zen-Fury
X-XRDS-LOCATION
X-Type
X-Content-Powered-By
X-LB-Cache
X-B
X-FTR-Cache-Host
PB-PID
PB-RID
X-Geo-Country
X-Mobile-Rewrite
Arc-Version
X-B3-Sampled
X-Activity-Id
X-Az
X-AppVersion
Cache-Status
X-URL
X-N
X-Kinsta-Cache
X-Time
X-WebKit-CSP-Report-Only
X-TT
X-Shield-Request-Id
X-Cache-Age
X-Instance
X-Cache-Action
X-Tumblr-Pixel-0
X-Tumblr-User
X-Framework
X-Pad
Paypal-Debug-Id
Actual-Object-TTL
Access-Control-Allow-Method
X-Tumblr-Pixel
X-B-Cache
X-Debug-Info
X-Signature
X-Jobs
X-FB-Debug
X-App-Environment
X-AOL-HN
X-Load-Cache
X-PHP-Backend
X-Cached-By
X-Request-Guid
DC
X-Git-Hash
Fastcgi-Useragent
X-RateLimit-Remaining
X-Varnish-Backend
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Amz-Replication-Status
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Surrogate-Key
X-Webkit-Csp
X-IPLB-Instance
Host-Header
X-Webapp-Samesite-None-Activated-N
MS-CV
X-Contextid
X-ATG-Version
X-Analytics
X-SS-Set-Cookie
Host
X-NWS-LOG-UUID
X-WA-Info
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Mobile
X-Accel-Buffering
X-Cluster
X-Kong-Proxy-Latency
NGB
X-Kong-Upstream-Latency
X-Response-Served-From
X-Via-JSL
FilterID
X-Host-Name
WPE-Backend
Payment
Tracecode
Source
X-Region
X-Varnish-Server
Xserver
Cache-Tv-Group
Frame-Options
X-Cache-2
Eomportal-Instance
X-Tumblr-Pixel-1
Filters
X-GeoIP
X-FW-Type
X-FW-Hash
X-Cache-NE
X-FW-Serve
X-FW-Server
X-FW-Static
X-Tumblr-Pixel-2
X-IPS-LoggedIn
X-Srv
X-Varnish-Hostname
X-Presslabs-Stats
X-Cacheable-TTL
X-Origin-Response-Time
X-Hostname
X-Is-Bot
X-Rendered-As
X-Cache-Enabled
X-Cache-Operation
X-Cache-Rule
X-Adobe-Loc
X-Adobe-Content
Retry-After
X-Cache-Key
X-RequestSource
X-Seen-By
X-TX-ID
X-EdgeConnect-Cache-Status
X-NewRelic-App-Data
Server-Info
Cleartype
X-ProcessESI
X-RemovedCookies
X-Cache-TTL-Remaining
X-FastCGI-Cache
Liferay-Portal
X-VCache
X-CACHE-KEY
Accept-CH
X-App-Server
X-Dc
X-B3-Traceid
X-UA
X-Environment-Context
X-RTag
X-FireWall-Port
Ms-Operation-Id
X-L-Path
X-Source
Datacenter
X-Endurance-Cache-Level
X-HTML-Minification-Powered-By
X-Upgrade-Enabled
X-Handled-By
X-Cache-Server
From-Origin
X-Backend-Name
Cache
X-Cache-Control
X-APP-VERSION
Accept-CH-Lifetime
Healthy
Accept-Charset
X-Cache-Var-Map
X-Path-Route
X-Wix-Request-Id
Meta-Geo
X-PressLabs-Stats
X-RN-RSRV
X-Cache-Var
X-ES-SERVER
OT-Force-Account-Verify
Selected-Fe
Srv
X-Timing-Wait
Version
X-Proxy-Build
X-Origin
X-Cache-Config
X-NYM-Debug-Backend
X-Akamai-Request-ID
X-Tb
X-Access
Akamai-GRN
X-Section
X-Goog-Meta-Goog-Reserved-File-Mtime
X-OCL
X-FC-Vary-Parameters
X-Format
X-UUID
X-PCL
X-SaId
Decoy-Debug-Key
X-Shopify-Generated-Cart-Token
X-Web-Node
X-Vgn-Hpd-Reason
DB-Nickname
Mn-Server-Ip
Decoy-Debug-Status
Azure-SlotName
X-Redis-Cache
X-Proto
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Proxy
Azure-InstanceId
X-Shopify-Stage
Cache-Tags
Azure-Version
Azure-SiteName
Azure-RegionName
X-Time-Microsecs
X-ServerID
X-Hl-Ver
X-Akamai-Request-ID2
X-Hosted-By
X-Human
X-Hyper-Cache
X-Generated-By
X-Alternate-Cache-Key
X-Debug-Cache
X-Cluster-Node
X-EIG-Tracking-Id
X-BYPASS-REASON
X-Soup
X-ProxyCache-Key
X-JoinUs
X-Viewer-Country
Origin-Cache-Control
X-Request-Time
Now
X-ShardId
Origin-Edge-Control
X-Pubstack
X-ProxyCache-Status
X-Proxy-Cache-Status
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-ShopId
Decoy-Debug-TTL
X-Storage
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-AWS-Id
X-RateLimit-Limit
X-Amzn-Remapped-Content-Length
X-Rule
Node
Ec-Rule-Version
NGX
X-BCube-Filmed-By
X-Status
X-CCM
X-Site-Version
X-Qloud-Router
X-TNCMS
X-VWS-Id
X-Www-Served-By
X-MP-GENERATED-AT
X-Loop
X-FB-TRIP-ID
X-FW-Dynamic
X-Generated
X-LJ-Flow-ID
Cross-Origin-Window-Policy
X-Varnish-Hits
Webcakes-Region
TWC-GeoIP-Country
X-Content-Age
TWC-Locale-Group
Property-Id
Webcakes-App-Version
TWC-Connection-Speed
TWC-Privacy
Webcakes-App-Name
S-Rt
TWC-Device-Class
TWC-GeoIP-LatLong
X-Locale
X-Origin-Hint
GEO-INFO
X-Akamai-Transformed
X-NCache
X-Cache-Host
X-Xfnlog-Site
X-R9-Blue-Green-Version
X-Detected-As
X-IP
X-RCS-CacheZone
L5d-Success-Class
X-CS
X-Drupal-Cache-Tags
Webserver
Cache-Key
X-Unique-Id
Viewport
Time
Uber-Trace-Id
Cache-Name
X-UA-Device-Type
X-Esi
Mime-Version
X-Whom
X-UnsetCookies
X-Forwarded-Host
X-Cache-Remote
X-Origin-TTL
X-Origin-CC
Accept-Language
X-Daa-Tunnel
Rt-Fastcgi-Cache
X-Mode
Content-Disposition
X-Backend-TTL
X-NGENIX-Cache
Country
X-Info
X-From
X-Varnish-Cache-Hits
X-CDN-Forward
Odigeo-Trace-Id
X-B3-Spanid
X-Cluster-Name
X-PERF
X-ApacheServer
X-Drupal-Cache-Contexts
VIX-Pulpo-Upstream-Status
ServedBy
VIX-Pulpo-Node
X-EC-Lua
X-Newrelic-Synthetics
X-Geo
X-Ruxit-Js-Agent
X-Magnolia-Registration
X-TT-TIMESTAMP
X-CLOUD-TRACE-CONTEXT
Section-Io-Cache
X-Device-Type
X-Nc
X-Microcachable
X-Via-Fastly
Ohc-File-Size
X-Uri
X-Trafficlayer-App-Name
Ohc-Cache-HIT
X-Trafficlayer-App-Scope
X-Proxied
X-Zipkin-Id
X-Routing-Service
Proxy-Connection
X-Ttl
X-Edge-Location
Cf-Ipcountry
HitType
X-DPWN-IS-SECURE
X-External-Request-Id
Content-Style-Type
Content-Script-Type
Fastcgi-X-Cache-Version
X-Destination
X-D
X-Date
GEO-REGION-INFO
X-G
BehaviorPad-Version
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Trv-Group
X-VG-WebServer
X-Session-Fingerprint
AsisCache
X-Geo-Header
Access-Control-Request-Headers
Machine
X-Connection-Hash
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
X-A-Dcw
Viewtype
X-A-Ccd
X-A-Dam
VivaBuild
T-Server
X-Application
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-ARC
X-B-Cookie
Rendered-Blocks
X-Transaction
X-GeoIP-Country-Code
X-Request-UUID
X-Rewrite-Enabled
X-SRCache-Key
X-Region-Sid
X-A
X-No-Session
X-Rocket-Build-Number
X-Rojux
X-ScT
X-Sigma
X-S-Cookie
X-Sigma-Backend
X-S
X-Vdms-Version
Xc-Version
X-VG-WebCache
X-Varnish-Beresp-Ttl
X-UPSTREAM-Address
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
User-Cache-Control
Geo-Info
X-C
CDCHOST
X-Real-IP
X-Wikidot-Static-Cache
X-Cache-Debug
Apple-News-Services-Handled
X-VG-TLSProxy
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Eu-Site
Ha-Gx-Prefs
Gh-Request-Id
HA-Ipaddr
X-Wikidot-Backend
IsBot
Locid
Fastly-Soc-X-Request-Id
X-Bip
X-CGP
X-Distil-CS
X-Clientip
Countrycode
Powered-By
X-WebServer
X-Agile-Age
X-Auto-Login
X-Agile
X-SIPLIST1
W
X-Thanos
X-Tumblr-Pixel-3
X-TrackingId
X-Agile-Id
X-Hit
X-Cache-Backend
Fastly-SSL
Filterid
X-Ms-Version
X-Cms-Context
X-Rebelmouse-Surrogate-Control
X-NodeID
X-Rebelmouse-Cache-Control
X-Contensis-Viewer-Groups
X-Servername
X-Cache-ASPX
X-NU-AKA-ACS-Version
X-TH-Server
X-Cache-Bucket
X-CUA
X-Ms-Request-Id
X-Trace-Id
X-Cache-Time
X-Cdn-Srv
X-User
X-Cache-Info
X-Backend-State
X-Cache-Tags
X-SVT-ORM-RULES
X-AK-Request-ID
X-SVT-ORM-VERSION
X-BBXSRF
X-Varnish-Authentication
X-Block-Status
X-Request-URI
X-Render-Time
X-Clara-WADP
X-Developers
X-Irp-Debug
X-Urbn-Site-Id
X-VServer
X-Urbn-Context-Path
X-OVcl
X-Instart-Isnd
X-IN-APIGATEWAYSSL
X-Hash
X-Hnp-Log
X-IN-APIGATEWAY
X-Micro-Cache
X-Is-Gdpr
X-JWT-State
X-WADP-Cache
X-LI-Proto
X-LI-UUID
X-We-Are-Hiring
X-NX-Host
X-TT-LOGID
X-Labrador-Cache-Channel
X-Variation
X-Li-Fabric
X-Li-Pop
X-Has-Esi
X-OVcl-Cache
X-Dispatcher-Server
X-Logging-Id
X-Proxy-Upstream
X-Swa-Ws
X-Epic-Correlation-Id
X-RateLimit-Limit-Second
X-Debug-Log
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Debug-Cookies
X-RateLimit-Remaining-Second
X-Platform-Server
X-Fetched-On
X-Generation-Time
X-PHP-Host
X-Owner
X-GeoIP-City
X-Generated-In
X-Gen-Mode
X-FW-Version
X-Webstats-RespID
X-Gamma-Serve
X-VC-Cache
X-Debug-Cache-Expiry
X-App-Name
Locale
Kp-EeAlive
Is-Eu
Mail-Subject
Memcached
Server-Cache-Control
Request-EU
Request-Country
Heartbleed
Adler-Geo
Cdncip
Country-Code
Cdnsip
Cache-Host
Environment
Fastly-SWR
Fastly-SIE
AKAMAI
Server-ID
Platform
V-Age
We-Hiring
True-Client-Country-4JS
Server-Surrogate-Control
Web-Mar-Node
X-GoCache-CacheStatus
X-Core-Mission
X-Trafficlayer-App-Version
ServerName
X-Thinkindot-L3
X-Azure-Ref
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Distributor
X-Up
X-Air-Hostname
Server-Int
X-Generated-On
IBM-Web2-Location
Thinkindot-Control
X-Server-W
X-Level-Front-Cache
X-Service
X-Origin-Expires
X-Fastly-Cache
X-App-Version
X-Reboot
RNT-Time
RNT-Machine
X-Matched-Rule
X-Origin-Date
X-ServiceProvider
X-Nginx-Cache-Key
X-Old-Content-Length
PFcat
X-Cache-URL
X-Cache-Expired-At
Wxu-Next-Hostname
Wxu-Next-Region
Cache-Hits
X-Lb-Id
Group
X-Req
X-S-Maxage
Wxu-Next-Commit
X-Internal-Host
FNAC-ModuleRouting
X-Core-Value
Fastly-Backend-Name
X-Nginx-Cache
X-Key
X-Refresh
X-Sucuri-Cache
X-Response-By
X-SERVER
RequestId
Pragrma
X-Var-Ttl
X-Parent-Response-Time
X-Location
S-Cnection
X-VHOST
Powered-By-ChinaCache
X-CF-Powered-By
X-Tb-Optimization-Total-Bytes-Saved
ProcessTime
X-CSRF-TOKEN
X-TA-CDN-Provider
X-Cdn-Forward
X-Pjax-Url
X-Correlation-ID
X-BACKEND-TTL
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-B3-Parentspanid
X-Sucuri-ID
Origin
X-Wa
Memory
X-CSRF-Token
X-Ua
X-Pf-Uncompressing
X-Varnish-Cacheable
X-Via-CDN
TTL
X-NC
User-Agent
SRV
X-B3-SpanId
Geoip-Latitude
Geoip-City
X-Vcl-Version
X-Server-IP
X-Node-Id
X-Developer
X-NWS-UUID-VERIFY
X-Unique-ID
X-NGINX-Cache
X-Device-Os
GeoIp-Country-Code
X-Ocache
PICS-Label
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Cdn-Origin
X-Cache-Grace
On-Server
X-Sn-Servicetimems
X-Cache-Status-Check
X-COUNTRY
X-LAGOON
Media-Length
X-Cdn-Request-ID
A
X-Request-Host
Hostname
M-TraceId
X-MSEdge-Flight
X-Rocket-Nginx-Bypass
X-MSEdge-Features
X-Litespeed-Cache
Cloudfront-Viewer-Country
X-Servedbyhost
X-Webkit-CSP
Dnion-Transfer-Encoding
SN
X-Varnish-Ttl
X-Via-Ucdn
X-TIME
X-Sucuri-Id
XServer
X-HS-Status
Cdn
Tcn
X-FORWARDED-FOR
Esi-Enabled
X-ServedByHost
X-Reqid
X-AIR-PT
HostName
X-Ratelimit-Remaining
Host-ID
X-Beluga-Status
X-Beluga-Node
X-Beluga-Record
X-Varnish-URL
X-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Resin-Trace
X-Beluga-Response-Time
X-Cache-Ttl
X-Fastly-Country-Code
X-Beluga-Trace
Who
X-Beluga-Cache-Status
X-Request-Start
X-Azure-Ref-OriginShield
X-Slack-Backend
CF-Cached-On
X-Action
CACHE
X-Fastly-Backend-Reqs
Rt-Proxy-Cache
GeoIP-Country-Code
Pics-Label
X-LiteSpeed-Cache-Control
X-RPM
X-DW
X-DI
X-DB
X-VCL-Version
X-RPS
GeoIP-Latitude
X-DSS
X-PAYTM-SRV-ID
X-Server-Time
X-Processor
X-Dispatch
X-Cache-FS-Status
Pramga
X-RSL
Arc-Country
X-Oracle-Dms-Rid
MIME-Version
X-Ftr-Cache-Host
X-Skip-Cache
Ttl
X-ND-Cache
X-Bc
NtCoent-Length
X-PF-Uncompressing
X-Varnish-Url
X-Method
Magicmarker
GeoIP-City
X-Zone
X-APP
X-DC
X-Edge-Server
Cdn-Host
X-Served-From
X-VarnishDD-TTL
X-Ratelimit-Limit
X-FPC
X-Hello
Cdn-Request-Time
Fastly-Drupal-HTML
X-ABtesting
X-Newrelic-App-Data
Cteonnt-Length
X-Flog
X-HostName
WebServer
X-Bc-Bl
X-PJAX-URL
N-Cache
X-DevSite-Last-Modified
X-SRV
Amp-Access-Control-Allow-Source-Origin
X-Backend-Host
Section-Io-Id
X-Amzn-Remapped-Connection
Ohc-Response-Time
X-Svr
X-Amzn-Remapped-Date
X-BE
Processtime
Section-Io-Origin-Time-Seconds
X-Be
Section-Io-Origin-Status
Section-Origin-Responded
X-Dynatrace
X-Dynatrace-Js-Agent
X-Swift-Error
Load-Balancing
Servername
X-BC
X-WA
X-ID
X-ZONE
Cache-Provider
Vix-Hermes-Req-Id
X-Aicache-OS
X-Frame-Option
X-WR-MODIFICATION
CF-IPCountry
Dynatrace
DSUID
X-Fmm-Version
X-Fastly-Cache-Hits
X-MServer
X-StackifyID
Pagetype
CDN
Requestid
X-Snapshot-Date
Lfy
X-LB-ID
X-Branch-Name
Release
X-VCT
X-CACHE-AGE
Cache-Cookie-Set-From
X-Tid
WZWS-RAY
Cache-Cookie-Set-Lfrom
FSS-Proxy
FSS-Cache
Fusion-Deployment-Id
Trailer
X-Scheme
Cache-Cookie-Set-Idcheck
X-SB
Proxy-Firewall
X-Apw-Hits
X-VC
X-Hp-Ccpa-Warning
X-Request-Url
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
Warning
V-Cache
X-Cc-Via
X-Cc-Req-Id
D-Cc-Upstream
X-Configured-By
X-Adobe-Source
X-Litespeed-Cache-Control
X-SD-PageType
Cneonction
X-App
X-Upstream-Ht
SD-X-WS
X-Fpc
X-Worker
X-Upstream-Ct
X-Edge-IP
WP-Super-Cache
X-Fastly-Cache-Status
X-Powered-Y
X-Request-URL
Backend-Name
Correlation-Id
X-WPE-Loopback-Upstream-Addr
X-Check-Cacheable
X-ElasticPress-Search
X-Varnish-Beresp-TTL