Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
CF-Ray
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
EagleId
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
X-Varnish-Cache
Server-Timing
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-WebKit-CSP
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Vhost
X-Dispatcher
Request-Id
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Ruxit-JS-Agent
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
P3p
X-Dns-Prefetch-Control
X-Rack-Cache
X-Clacks-Overhead
Edge-Control
Rating
X-Akam-SW-Version
X-Country
Pinterest-Generated-By
Allow
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
Accept-Ch
X-PC
X-TtlSet
X-Vname
Verso
Content-MD5
Service-Worker-Allowed
X-ESI
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Vcache
X-Url
X-Version
X-Cdn-Fetch
X-Forwarded-Proto
X-Exp-Id
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
X-Exp-Variant
X-B3-TraceId
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-ID
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Px
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-Middleton-Display
Response
Display
X-Sol
Pagespeed
X-Middleton-Response
X-Vcap-Request-Id
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-MSEdge-Ref
X-Navigation-Version
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-Cdn
X-VARITI-CCR
X-Powered-CMS
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Public-Key-Pins
X-Fastly-Request-ID
X-Edge-O15-RID
Nginx-Cache
X-Fastcgi-Cache
X-Client-IP
Cache-Tag
Realpath
MS-Author-Via
X-Trace
Access-Control-Request-Method
X-Ser
X-Mrf-Section-Lastmod
MRF-Tech
Mrf-Cache-Status
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
X-Content-Type
X-Shard
X-DynaTrace-JS-Agent
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Hp-Webp
X-Jurisdiction
X-Ezoic-Cdn
X-Id
X-Grace
X-Upstream
S
Nel
Front-End-Https
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-T
X-Cache-TTL
Fastcgi-Cache
X-Forwarded-For
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Node-Name
X-Varnish-Age
X-Element-Page-Cache
X-Mobile-URL
X-Content-Digest
X-FTR-Cache-Status
X-FTR-Expires
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
ServerID
X-FTR-Backend
X-Dw-Request-Base-Id
MicrosoftSharePointTeamServices
X-DIS-Request-ID
NR-ENABLED
Server-Node
X-Frontend
TP-L2-Cache
TP-Cache
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
Powered
X-CST
X-Logged-In
Alternate-Protocol
Server-Name
X-Correlation-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-XRDS-Location
X-Cache-Hit
Fastly-Restarts
X-Request-Handler-Origin-Region
X-Microsite
X-FTR-Cache-Host
X-ATS-Timestamp
Backend-Timing
X-Request-Processing-Time
X-Request-Received
AMP-Access-Control-Allow-Source-Origin
X-Content-Options
Refresh
X-Page-Id
X-F-Cache
X-Zen-Fury
X-User-Agent
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-Varnish-Grace
X-Akamai-Edgescape
X-Rid
X-Revision
X-Type
X-Content-Powered-By
X-B
X-LB-Cache
X-XRDS-LOCATION
PB-PID
PB-RID
X-Mobile-Rewrite
X-B3-Sampled
Arc-Version
X-URL
X-Geo-Country
X-AppVersion
Cache-Status
X-Az
X-Activity-Id
X-Kinsta-Cache
X-N
X-Cache-Age
X-Cache-Action
X-AOL-HN
X-TT
X-Signature
X-Debug-Info
X-Jobs
X-B-Cache
Access-Control-Allow-Method
X-FB-Debug
X-Framework
X-Instance
X-Request-Guid
X-Load-Cache
X-Git-Hash
Paypal-Debug-Id
X-WebKit-CSP-Report-Only
X-Cached-By
X-App-Environment
Actual-Object-TTL
X-Tumblr-Pixel-0
X-Tumblr-User
X-PHP-Backend
X-Tumblr-Pixel
Fastcgi-Useragent
X-NWS-LOG-UUID
X-Pad
X-Tt-Trace-Tag
DC
X-Tt-Trace-Host
X-Amz-Replication-Status
X-Webkit-Csp
X-Time
X-Shield-Request-Id
X-FastCGI-Cache
X-RateLimit-Remaining
Host-Header
X-Varnish-Backend
X-WA-Info
Surrogate-Key
X-ATG-Version
X-IPLB-Instance
X-Contextid
Host
MS-CV
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
X-Mobile
Accept-CH
X-Cache-Key
X-Host-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Response-Served-From
NGB
X-Accel-Buffering
Payment
Frame-Options
Retry-After
Tracecode
X-SS-Set-Cookie
X-Cache-NE
X-Varnish-Server
X-Region
X-Cache-2
Eomportal-Instance
X-Origin-Response-Time
X-FW-Hash
X-FW-Server
X-FW-Serve
X-FW-Static
X-FW-Type
X-Cacheable-TTL
X-Is-Bot
Source
Filters
WPE-Backend
X-Cluster
X-Rendered-As
X-Hostname
X-Adobe-Loc
X-Adobe-Content
X-Varnish-Hostname
X-Seen-By
Cache-Tv-Group
X-Cache-Enabled
X-GeoIP
X-Cache-Operation
X-RequestSource
X-Cache-Rule
X-IPS-LoggedIn
Server-Info
X-Tumblr-Pixel-1
Liferay-Portal
X-Tumblr-Pixel-2
X-Analytics
FilterID
X-NewRelic-App-Data
X-Presslabs-Stats
Xserver
X-ProcessESI
X-EdgeConnect-Cache-Status
X-TX-ID
X-RemovedCookies
X-App-Server
Accept-CH-Lifetime
X-Cache-TTL-Remaining
X-Srv
X-Webapp-Samesite-None-Activated-N
Cleartype
X-B3-Traceid
X-L-Path
X-Environment-Context
X-FireWall-Port
X-Dc
X-Handled-By
X-Endurance-Cache-Level
X-RTag
Ms-Operation-Id
X-Source
X-Upgrade-Enabled
X-UA
X-HTML-Minification-Powered-By
From-Origin
X-Cache-Server
Accept-Charset
Datacenter
X-CACHE-KEY
Srv
X-APP-VERSION
X-Esi
X-Backend-Name
X-UUID
X-ES-SERVER
X-Cache-Var
X-Cache-Var-Map
X-Path-Route
GEO-INFO
X-RN-RSRV
X-PressLabs-Stats
Meta-Geo
X-Proxy-Build
X-Format
X-Timing-Wait
X-Tb
OT-Force-Account-Verify
Selected-Fe
X-Access
X-Wix-Request-Id
X-Section
X-Akamai-Request-ID
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShardId
X-Alternate-Cache-Key
X-Request-Time
X-Content-Age
X-EIG-Tracking-Id
Mn-Server-Ip
Cache-Tags
X-ShopId
X-Shopify-Generated-Cart-Token
X-Cache-Config
X-FC-Vary-Parameters
X-OCL
X-Origin
X-Status
X-Qloud-Router
X-Proto
X-NYM-Debug-Backend
X-PCL
X-Akamai-Transformed
X-Yottaa-Optimizations
Akamai-GRN
Ec-Rule-Version
NGX
X-Yottaa-Metrics
Node
X-Pubstack
X-SaId
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
X-ServerID
X-Soup
X-Vgn-Hpd-Reason
X-Loop
X-Time-Microsecs
X-Storage
X-Hosted-By
X-Hyper-Cache
Decoy-Debug-Status
Decoy-Debug-Key
Decoy-Debug-TTL
X-MP-GENERATED-AT
Healthy
DB-Nickname
Cross-Origin-Window-Policy
X-JoinUs
X-CCM
X-LJ-Flow-ID
X-Locale
X-Viewer-Country
X-TNCMS
X-Web-Node
X-FB-TRIP-ID
X-SayCDN-TTL
X-VWS-Id
X-Say-Cacheable
X-Akamai-Request-ID2
X-AWS-Id
X-Cluster-Node
X-Detected-As
X-BYPASS-REASON
X-BCube-Filmed-By
X-Human
X-Say-TTL
Version
Origin-Cache-Control
X-Www-Served-By
Origin-Edge-Control
X-FW-Dynamic
X-Amzn-Remapped-Content-Length
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Now
TWC-Device-Class
S-Rt
TWC-Connection-Speed
Property-Id
X-IP
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
Azure-Version
X-Generated
X-Proxy
X-Origin-Hint
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Varnish-Hits
X-Debug-Cache
Azure-InstanceId
Azure-RegionName
X-Site-Version
X-Redis-Cache
X-Xfnlog-Site
X-Generated-By
Azure-SlotName
Azure-SiteName
X-RateLimit-Limit
X-Hl-Ver
X-Cache-Control
X-NCache
Cache
X-Unique-Id
X-Cache-Host
Cache-Key
X-Whom
X-Daa-Tunnel
X-Drupal-Cache-Tags
X-NGENIX-Cache
X-UA-Device-Type
X-Rule
X-Forwarded-Host
X-Mode
L5d-Success-Class
X-VHOST
Webserver
Cache-Name
Time
X-UnsetCookies
X-CS
X-Backend-TTL
Viewport
Content-Disposition
Section-Io-Cache
X-CDN-Forward
Uber-Trace-Id
X-Origin-CC
X-Origin-TTL
Rt-Fastcgi-Cache
X-B3-Spanid
X-Info
Accept-Language
X-Varnish-Cache-Hits
X-ApacheServer
X-PERF
X-Newrelic-Synthetics
Mime-Version
ServedBy
Country
X-Cache-Remote
Odigeo-Trace-Id
X-VCache
X-EC-Lua
X-Zipkin-Id
X-Proxied
X-From
X-Routing-Service
X-CLOUD-TRACE-CONTEXT
X-Via-Fastly
X-Device-Type
X-Magnolia-Registration
X-Cluster-Name
X-Ttl
Filterid
X-Drupal-Cache-Contexts
X-Uri
X-Microcachable
Proxy-Connection
X-TT-TIMESTAMP
HitType
VIX-Pulpo-Node
X-Nc
VIX-Pulpo-Upstream-Status
X-Geo
Cf-Ipcountry
Access-Control-Request-Headers
X-Real-IP
Ohc-File-Size
Apple-News-Services-Handled
X-Twitter-Response-Tags
X-Trv-Group
BehaviorPad-Version
Xc-Version
X-Vtex-Remote-Cache
X-Vtex-Processado-Em
X-VG-WebCache
X-VG-TLSProxy
Apple-News-Services-Request-Url
X-Vdms-Version
X-VG-WebServer
AsisCache
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Fastcgi-X-Cache-Version
X-External-Request-Id
X-A-Dcw
X-DPWN-IS-SECURE
X-Destination
X-A-Ccd
X-A
Viewtype
VivaBuild
W
X-Date
X-D
X-B-Cookie
X-ARC
X-Accel-Expires-Debug
X-Application
X-CF-Lambda-Fn
X-A-Wwc
X-Connection-Hash
X-CF-Lambda-Version
X-A-Dgt
X-G
X-Geo-Header
Content-Style-Type
X-S
X-Aed
GEO-REGION-INFO
X-S-Cookie
Content-Script-Type
X-SRCache-Key
X-Session-Fingerprint
X-ScT
Machine
MD5-Digest
X-Request-UUID
X-Region-Sid
T-Server
X-GeoIP-Country-Code
Rendered-Blocks
Mobile-Detection-Method
X-Rojux
Meta-Geo-Continent
X-Rewrite-Enabled
X-Transaction
X-A-Dam
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-C
Geo-Info
CDCHOST
X-Thanos
X-Logging-Id
X-Agile-Id
X-Backend-State
X-Cache-Time
X-Labrador-Cache-Channel
X-PHP-Host
X-Agile-Age
X-Rebelmouse-Surrogate-Control
X-Agile
IsBot
X-Sigma
Locid
X-Rocket-Build-Number
X-Rebelmouse-Cache-Control
X-Sigma-Backend
Fastly-SWR
Environment
Countrycode
X-SIPLIST1
Fastly-SIE
Fastly-Soc-X-Request-Id
X-Bip
X-App-Name
X-WebServer
X-CUA
X-Developers
Group
X-Hit
X-Clientip
X-Cache-Expired-At
X-Cache-Debug
X-Var-Ttl
X-VC-Cache
X-No-Session
Fastly-SSL
X-GoCache-CacheStatus
User-Cache-Control
Server-Surrogate-Control
X-Owner
X-Eu-Site
Server-Int
X-RateLimit-Remaining-Second
True-Client-Country-4JS
X-OVcl-Cache
X-Fetched-On
X-OVcl
V-Age
Pragrma
X-Distributor
Server-ID
X-Origin-Expires
Request-EU
RNT-Machine
X-RateLimit-Limit-Second
RNT-Time
Request-Country
X-Platform-Server
Server-Cache-Control
X-Gamma-Serve
Platform
X-Epic-Correlation-Id
X-Nginx-Cache-Key
X-Li-Pop
X-LI-Proto
X-CGP
X-LI-UUID
X-Li-Fabric
X-JWT-State
X-Cdn-Srv
X-Azure-Ref
X-Auto-Login
X-Is-Gdpr
X-Air-Hostname
X-Cms-Context
X-NodeID
X-Has-Esi
X-GeoIP-City
X-Origin-Date
X-Cache-ASPX
X-Core-Mission
Ohc-Cache-HIT
X-Ms-Request-Id
X-Contensis-Viewer-Groups
X-Ms-Version
X-Distil-CS
Powered-By
X-Wikidot-Backend
X-Urbn-Site-Id
X-Variation
Ha-Gx-Prefs
HA-Ipaddr
Cache-Host
X-Wikidot-Static-Cache
AKAMAI
X-TH-Server
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Fastly-Backend-Name
X-Varnish-Authentication
X-Swa-Ws
X-VServer
Country-Code
X-Urbn-Context-Path
X-Up
X-Request-URI
Adler-Geo
X-Tumblr-Pixel-3
Heartbleed
X-Trace-Id
Is-Eu
IBM-Web2-Location
Cache-Hits
X-Servername
Locale
X-UPSTREAM-Address
X-Edge-Location
X-TA-CDN-Provider
X-Hnp-Log
X-IN-APIGATEWAYSSL
X-BBXSRF
X-Instart-Isnd
X-Cache-Info
X-Clara-WADP
X-Debug-Cookies
X-Generated-On
X-Generation-Time
X-Debug-Log
X-Generated-In
X-Dispatcher-Server
X-Block-Status
ServerName
X-Hash
X-WADP-Cache
X-IN-APIGATEWAY
X-Cache-URL
X-We-Are-Hiring
X-Webstats-RespID
Web-Mar-Node
X-Core-Value
X-Cache-Tags
X-AK-Request-ID
Thinkindot-Control
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Gh-Request-Id
X-Service
FNAC-ModuleRouting
X-ServiceProvider
Kp-EeAlive
X-Proxy-Upstream
X-Req
X-Fastly-Cache
X-Reboot
X-FW-Version
Memcached
X-Server-W
Mail-Subject
X-TT-LOGID
X-NX-Host
X-Thinkindot-L3
X-Gen-Mode
PFcat
X-TrackingId
X-NU-AKA-ACS-Version
X-Level-Front-Cache
Cdncip
Cdnsip
Wxu-Next-Hostname
Wxu-Next-Commit
We-Hiring
Wxu-Next-Region
X-COUNTRY
X-Matched-Rule
X-Micro-Cache
S-Cnection
X-Cache-Bucket
X-Trafficlayer-App-Name
X-Response-By
X-Render-Time
X-S-Maxage
X-Trafficlayer-App-Scope
X-Trafficlayer-App-Version
X-Irp-Debug
X-Old-Content-Length
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
Server-Host
X-Nginx-Cache
X-SERVER
X-App-Version
X-Cache-Backend
X-Refresh
X-Lb-Id
X-Wa
X-User
Powered-By-ChinaCache
RequestId
X-Internal-Host
X-Varnish-Cacheable
X-Key
X-CSRF-TOKEN
X-Sucuri-ID
X-Parent-Response-Time
X-NC
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Sucuri-Cache
Origin
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Developer
X-Location
User-Agent
X-Tb-Optimization-Total-Bytes-Saved
X-Node-Id
X-CF-Powered-By
X-Sn-Servicetimems
X-LAGOON
X-Cache-Grace
X-Device-Os
X-Pf-Uncompressing
X-Cdn-Origin
X-Pjax-Url
X-Cache-Status-Check
X-CSRF-Token
X-Ua
Hostname
X-Via-CDN
ProcessTime
Memory
X-Ocache
Geoip-Latitude
X-BACKEND-TTL
X-Cdn-Forward
Geoip-City
X-B3-Parentspanid
SRV
A
PICS-Label
On-Server
X-NWS-UUID-VERIFY
X-Ruxit-Js-Agent
X-NGINX-Cache
TTL
X-MSEdge-Features
GeoIp-Country-Code
X-MSEdge-Flight
X-Request-Host
X-TIME
X-Correlation-ID
X-FORWARDED-FOR
X-Unique-ID
Cloudfront-Viewer-Country
X-Vcl-Version
XServer
X-Server-IP
X-Webkit-CSP
X-Servedbyhost
X-Litespeed-Cache
X-Oneagent-Js-Injection
X-Varnish-Ttl
X-Varnish-URL
X-B3-SpanId
X-HS-Status
SN
Resin-Trace
Media-Length
X-Cdn-Request-ID
M-TraceId
Tcn
X-Rocket-Nginx-Bypass
Dnion-Transfer-Encoding
Cdn
Host-ID
CACHE
X-Ratelimit-Remaining
Who
X-Via-Ucdn
X-Beluga-Node
X-Cache-Ttl
X-Beluga-Cache-Status
X-Action
X-Slack-Backend
X-ServedByHost
X-Beluga-Trace
X-Beluga-Status
X-Beluga-Record
X-Beluga-Response-Time
HostName
X-Cache-FS-Status
Pramga
X-Fastly-Country-Code
X-PAYTM-SRV-ID
X-Processor
X-Server-Time
X-DW
Arc-Country
X-DI
X-DB
X-RPM
X-DSS
X-RPS
X-RSL
X-ND-Cache
X-Dispatch
X-Reqid
X-AIR-PT
X-VCL-Version
MIME-Version
Esi-Enabled
X-Skip-Cache
X-Sucuri-Id
Cdn-Host
Fastly-Drupal-HTML
X-Edge-Server
Ttl
X-Served-From
Pics-Label
X-Policy
Cdn-Request-Time
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Amp-Access-Control-Allow-Source-Origin
X-ABtesting
X-Hello
GeoIP-Country-Code
X-Flog
CF-Cached-On
X-Oracle-Dms-Rid
X-SRV
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-LiteSpeed-Cache-Control
NtCoent-Length
X-Request-Start
X-DevSite-Last-Modified
X-VarnishDD-TTL
X-Azure-Ref-OriginShield
X-Varnish-Url
GeoIP-Latitude
X-Bc-Bl
N-Cache
GeoIP-City
X-DC
Rt-Proxy-Cache
X-PJAX-URL
X-APP
X-Ratelimit-Limit
X-FPC
X-Newrelic-App-Data
X-PF-Uncompressing
Fusion-Deployment-Id
X-HostName
Trailer
X-Adobe-Source
X-Backend-Host
X-Fastly-Backend-Reqs
X-Bc
WebServer
X-Zone
X-Swift-Error
X-Dynatrace
X-BC
X-Method
X-ZONE
Cteonnt-Length
Magicmarker
Cache-Cookie-Set-From
Cache-Cookie-Set-Idcheck
Processtime
X-Amzn-Remapped-Date
Cache-Cookie-Set-Lfrom
X-Amzn-Remapped-Connection
X-BE
Servername
X-Dynatrace-Js-Agent
FSS-Proxy
X-Fmm-Version
X-Scheme
FSS-Cache
X-ID
X-WA
CDN
Cache-Provider
X-WR-MODIFICATION
X-Frame-Option
X-StackifyID
X-Branch-Name
X-Snapshot-Date
X-Fpc
Requestid
Dynatrace
Ohc-Response-Time
CF-IPCountry
X-LB-ID
X-CACHE-AGE
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-App
X-Tid
WZWS-RAY
X-Cache-Id
Lb
L
X-Compress-Hint
X-Be
X-Apw-Hits
X-Esi-Check
X-SN
X-SB
X-Request-Url
Warning
X-Aicache-OS
V-Cache
X-Fastly-Cache-Hits
X-Cc-Via
X-VC
X-Cc-Req-Id
X-Svr
D-Cc-Upstream
X-Node-ID
X-Litespeed-Cache-Control
X-Request-URL
SD-X-WS
X-Gzip
X-SD-PageType
X-Cache-NGX
SID
X-Check-Cacheable
Sid
X-GEO
X-ElasticPress-Search
X-Fastly-Cache-Status
Backend-Name
Correlation-Id
Lfy
X-WPE-Loopback-Upstream-Addr
X-Worker
Vix-Hermes-Req-Id
WP-Super-Cache
Cneonction
X-Varnish-Beresp-TTL
X-Powered-Y