Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
CF-Ray
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
EagleId
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
X-UA-Device
Feature-Policy
Server-Timing
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-WebKit-CSP
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Cloud-Trace-Context
X-Vhost
X-Backend-Server
X-Readtime
X-Dispatcher
X-Dns-Prefetch-Control
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Ruxit-JS-Agent
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
NEL
X-ORACLE-DMS-RID
P3p
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
Rating
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-DynaTrace
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
Verso
Content-MD5
X-ESI
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Use-Magma
X-Version
X-GitHub-Request-Id
X-Forwarded-Proto
X-MS-InvokeApp
RTSS
X-Vcache
X-Server-Name
X-Server-ID
X-B3-TraceId
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-CACHE
AR-PoweredBy
AR-ATIME
Ar-Sid
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-Navigation-Version
X-MSEdge-Ref
Pagespeed
Response
X-Middleton-Display
X-Sol
Display
X-Amz-Rid
X-Middleton-Response
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
X-VARITI-CCR
X-Fastly-Request-ID
X-Cdn
Public-Key-Pins
Nginx-Cache
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
X-Powered-CMS
X-Edge-O15-RID
X-Fastcgi-Cache
X-Client-IP
Cache-Tag
Realpath
X-Trace
X-Ser
Access-Control-Request-Method
X-Content-Type
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
SPRequestDuration
X-Amzn-Trace-Id
SPIisLatency
X-Shard
X-Upstream
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Id
X-DynaTrace-JS-Agent
X-Ezoic-Cdn
Front-End-Https
X-Forwarded-For
S
X-Cache-TTL
X-Hits
Nel
X-Amz-Meta-S3cmd-Attrs
X-T
Fastcgi-Cache
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Dw-Request-Base-Id
X-Varnish-Age
X-Content-Digest
MicrosoftSharePointTeamServices
X-Country-Code-Real
X-FTR-Backend
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Mobile-URL
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Expires
ServerID
X-DIS-Request-ID
X-CST
NR-ENABLED
Server-Node
TP-Cache
TP-L2-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Frontend
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
Powered
X-Logged-In
Alternate-Protocol
X-Correlation-Id
Server-Name
X-Amz-Apigw-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-XRDS-Location
Fastly-Restarts
X-Cache-Hit
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-User-Agent
X-Content-Options
X-Zen-Fury
X-Request-Processing-Time
X-Request-Received
X-Content-Security-Policy-Report-Only
Refresh
X-F-Cache
X-Origin-Server
X-Varnish-Grace
X-Rid
X-Akamai-Edgescape
X-Revision
X-Content-Powered-By
X-LB-Cache
X-B
X-Type
Arc-Version
PB-PID
PB-RID
X-Mobile-Rewrite
X-XRDS-LOCATION
X-B3-Sampled
X-Geo-Country
Cache-Status
X-Activity-Id
X-AppVersion
X-Az
X-Kinsta-Cache
X-N
X-TT
X-Cache-Action
X-NWS-LOG-UUID
X-AOL-HN
X-Jobs
X-Request-Guid
X-Signature
X-WebKit-CSP-Report-Only
Access-Control-Allow-Method
X-Framework
X-Cache-Age
X-B-Cache
X-Debug-Info
X-Cached-By
Actual-Object-TTL
X-PHP-Backend
X-FB-Debug
X-Instance
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Git-Hash
X-App-Environment
Paypal-Debug-Id
X-Load-Cache
X-Tumblr-User
X-Time
X-URL
X-Tt-Trace-Host
X-Tt-Trace-Tag
Fastcgi-Useragent
X-Amz-Replication-Status
X-Pad
X-FastCGI-Cache
X-Webkit-Csp
DC
X-Varnish-Backend
Host-Header
X-RateLimit-Remaining
X-WA-Info
X-Shield-Request-Id
Host
X-ATG-Version
MS-CV
Surrogate-Key
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Contextid
X-IPLB-Instance
X-Via-JSL
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Cache-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Host-Name
Retry-After
Frame-Options
NGB
X-Accel-Buffering
X-Response-Served-From
Payment
X-Presslabs-Stats
X-Cache-NE
X-NewRelic-App-Data
X-B3-Traceid
Source
X-Hostname
X-Origin-Response-Time
X-Varnish-Server
X-SS-Set-Cookie
X-Region
Eomportal-Instance
X-Cache-2
X-IPS-LoggedIn
X-Is-Bot
X-Srv
X-Cacheable-TTL
X-FW-Server
X-GeoIP
X-Seen-By
X-FW-Serve
Liferay-Portal
WPE-Backend
Filters
X-FW-Hash
X-FW-Static
X-Rendered-As
X-FW-Type
Tracecode
X-Cache-Enabled
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
X-Cluster
X-Varnish-Hostname
Server-Info
X-Tumblr-Pixel-2
X-Cache-Rule
X-Tumblr-Pixel-1
X-Cache-Operation
X-RequestSource
FilterID
X-App-Server
X-ProcessESI
X-RemovedCookies
Xserver
X-EdgeConnect-Cache-Status
X-TX-ID
X-Cache-TTL-Remaining
X-Analytics
Accept-CH
Cleartype
X-FireWall-Port
X-Environment-Context
X-L-Path
X-Handled-By
X-RTag
Ms-Operation-Id
X-Upgrade-Enabled
X-Source
X-Ttl
X-UA
X-Endurance-Cache-Level
Accept-Charset
X-Webapp-Samesite-None-Activated-N
X-Dc
X-HTML-Minification-Powered-By
From-Origin
X-Cache-Server
X-Backend-Name
Srv
X-APP-VERSION
Accept-CH-Lifetime
X-CACHE-KEY
Datacenter
X-UUID
X-Cache-Var
GEO-INFO
Meta-Geo
X-RN-RSRV
X-Cache-Var-Map
X-Path-Route
X-ES-SERVER
X-Access
X-Section
X-Proxy-Build
X-Tb
X-Format
X-Timing-Wait
Selected-Fe
OT-Force-Account-Verify
Healthy
X-Wix-Request-Id
X-Cache-Config
Mn-Server-Ip
Cache-Tags
X-EIG-Tracking-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-PCL
X-OCL
X-FC-Vary-Parameters
X-Content-Age
X-Akamai-Request-ID
X-Proto
X-Alternate-Cache-Key
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Request-Time
X-ShopId
X-Shopify-Generated-Cart-Token
X-Shopify-Stage
X-JoinUs
X-Yottaa-Optimizations
Ec-Rule-Version
X-LJ-Flow-ID
X-BYPASS-REASON
X-Soup
X-Vgn-Hpd-Reason
X-Debug-Cache
X-Akamai-Request-ID2
Akamai-GRN
X-Proxy-Cache-Status
X-Hl-Ver
X-VWS-Id
X-Status
Origin-Edge-Control
X-Human
X-Yottaa-Metrics
X-SaId
X-Say-Cacheable
X-ProxyCache-Key
X-ProxyCache-Status
Origin-Cache-Control
X-AWS-Id
X-Qloud-Router
X-Say-TTL
X-Origin
Node
NGX
X-ServerID
X-Web-Node
X-SayCDN-TTL
X-NYM-Debug-Backend
X-Viewer-Country
X-Detected-As
X-Redis-Cache
X-CCM
Cross-Origin-Window-Policy
Now
Decoy-Debug-Key
Decoy-Debug-Status
X-BCube-Filmed-By
X-Hosted-By
Decoy-Debug-TTL
X-Hyper-Cache
X-Akamai-Transformed
X-Site-Version
X-Loop
X-Locale
X-MP-GENERATED-AT
X-Unique-Id
X-Pubstack
Version
X-Proxy
X-FB-TRIP-ID
X-Storage
X-Generated-By
X-Generated
X-FW-Dynamic
X-TNCMS
X-Www-Served-By
DB-Nickname
X-Time-Microsecs
X-Xfnlog-Site
Webcakes-Region
Webcakes-App-Version
X-Amzn-Remapped-Content-Length
X-Varnish-Hits
X-IP
X-Origin-Hint
X-RCS-CacheZone
X-R9-Blue-Green-Version
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
Webcakes-App-Name
TWC-Locale-Group
TWC-Connection-Speed
S-Rt
Property-Id
X-Daa-Tunnel
TWC-Device-Class
TWC-GeoIP-Country
TWC-Privacy
TWC-GeoIP-LatLong
X-NCache
X-Whom
X-PressLabs-Stats
X-Cluster-Node
X-RateLimit-Limit
Cache-Key
X-Cache-Control
X-Cache-Host
X-VCache
X-UA-Device-Type
Cache
X-Rule
X-Esi
X-NGENIX-Cache
X-Backend-TTL
X-Drupal-Cache-Tags
X-Mode
X-Forwarded-Host
L5d-Success-Class
Section-Io-Cache
Webserver
X-CDN-Forward
X-UnsetCookies
X-Info
Time
Content-Disposition
Cache-Name
Viewport
X-CS
Rt-Fastcgi-Cache
X-B3-Spanid
X-Origin-CC
X-Varnish-Cache-Hits
X-ApacheServer
Accept-Language
X-PERF
X-Origin-TTL
Uber-Trace-Id
ServedBy
Country
X-Newrelic-Synthetics
Mime-Version
Odigeo-Trace-Id
X-Zipkin-Id
X-Device-Type
X-Cache-Remote
X-Proxied
X-Routing-Service
X-Magnolia-Registration
X-Via-Fastly
X-CLOUD-TRACE-CONTEXT
X-From
X-EC-Lua
X-Uri
X-Cluster-Name
Filterid
Proxy-Connection
X-Drupal-Cache-Contexts
X-Real-IP
HitType
Access-Control-Request-Headers
X-Microcachable
X-Geo
X-TT-TIMESTAMP
Cf-Ipcountry
Rendered-Blocks
Meta-Geo-Continent
Mobile-Detection-Method
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Machine
Fastcgi-X-Cache-Version
Content-Style-Type
Content-Script-Type
BehaviorPad-Version
Apple-News-Services-Parsed-Url
GEO-REGION-INFO
MD5-Digest
AsisCache
Apple-News-Services-Host
T-Server
X-CF-Lambda-Fn
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Sigma
X-S
X-Rojux
X-Region-Sid
X-Request-UUID
X-Rewrite-Enabled
X-Rocket-Build-Number
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-VG-TLSProxy
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-Vdms-Version
X-GeoIP-Country-Code
X-Geo-Header
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
VivaBuild
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
W
X-Accel-Expires-Debug
X-Aed
X-Destination
X-DPWN-IS-SECURE
X-External-Request-Id
X-G
X-Date
X-Connection-Hash
X-Application
X-ARC
X-B-Cookie
X-CF-Lambda-Version
Viewtype
X-D
Group
Ohc-File-Size
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Cache-Time
Geo-Info
X-Nc
X-PHP-Host
X-Labrador-Cache-Channel
User-Cache-Control
X-C
X-Agile-Age
X-Rebelmouse-Cache-Control
Ha-Gx-Prefs
X-Agile-Id
X-CUA
X-Hit
X-VC-Cache
Locid
X-Rebelmouse-Surrogate-Control
CDCHOST
X-Developers
X-Logging-Id
X-Agile
Fastly-SIE
Fastly-Soc-X-Request-Id
X-Eu-Site
Environment
Powered-By
Countrycode
X-Distil-CS
X-App-Name
X-Clientip
X-Cache-Debug
X-Bip
X-Thanos
Cache-Hits
X-Var-Ttl
X-TrackingId
X-Cache-Expired-At
HA-Ipaddr
X-WebServer
IsBot
Fastly-SWR
X-SIPLIST1
X-Backend-State
X-CGP
X-Tec-Api-Root
X-GoCache-CacheStatus
Fastly-SSL
X-Tec-Api-Version
X-Tec-Api-Origin
X-Hash
X-Gen-Mode
X-Generated-In
X-Gamma-Serve
X-Fetched-On
X-GeoIP-City
X-Has-Esi
X-Cms-Context
X-Block-Status
X-Cache-ASPX
X-Azure-Ref
X-Auto-Login
X-Air-Hostname
X-Cache-Tags
X-Contensis-Viewer-Groups
X-Dispatcher-Server
X-Distributor
X-Debug-Log
X-Debug-Cookies
X-Core-Mission
X-Epic-Correlation-Id
X-Ms-Request-Id
X-TH-Server
X-Trace-Id
X-Tumblr-Pixel-3
X-Up
X-Swa-Ws
X-SVT-ORM-VERSION
X-Request-URI
X-Servername
X-SVT-ORM-RULES
X-Urbn-Context-Path
X-Urbn-Site-Id
X-Cdn-Srv
X-OVcl
X-OVcl-Cache
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Variation
X-Varnish-Authentication
X-VServer
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
X-JWT-State
X-Is-Gdpr
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Ms-Version
X-Nginx-Cache-Key
X-Origin-Expires
X-Owner
X-Platform-Server
X-Origin-Date
X-NX-Host
X-No-Session
X-NodeID
X-NU-AKA-ACS-Version
X-Hnp-Log
X-RateLimit-Remaining-Second
Locale
Mail-Subject
Pragrma
Kp-EeAlive
Is-Eu
Server-Cache-Control
Adler-Geo
True-Client-Country-4JS
Server-Int
V-Age
Platform
We-Hiring
Web-Mar-Node
Request-Country
RNT-Machine
Country-Code
Request-EU
Fastly-Backend-Name
Server-Surrogate-Control
Cache-Host
IBM-Web2-Location
AKAMAI
Heartbleed
Gh-Request-Id
RNT-Time
X-Edge-Location
Ohc-Cache-HIT
Cdncip
X-Level-Front-Cache
X-Trafficlayer-App-Scope
X-Reboot
X-Trafficlayer-App-Version
Cdnsip
X-Matched-Rule
X-Debug-Cache-Store
FNAC-ModuleRouting
X-Req
X-Generation-Time
X-Server-W
X-ServiceProvider
X-Service
X-Generated-On
X-Debug-Cache-Fetch
X-Trafficlayer-App-Name
X-Thinkindot-L3
PFcat
X-FW-Version
X-Debug-Cache-Expiry
X-Clara-WADP
X-Fastly-Cache
X-Irp-Debug
X-Cache-URL
X-Cache-Info
X-Cache-Bucket
X-AK-Request-ID
X-Micro-Cache
X-WADP-Cache
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
ServerName
X-We-Are-Hiring
X-Webstats-RespID
Memcached
X-BBXSRF
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
S-Cnection
Server-Host
X-TT-LOGID
X-Core-Value
Thinkindot-Control
Server-ID
X-UPSTREAM-Address
X-VHOST
X-S-Maxage
X-Lb-Id
X-Old-Content-Length
X-Response-By
X-SERVER
X-App-Version
X-Varnish-Cacheable
X-Render-Time
X-Wa
X-Nginx-Cache
X-NC
X-Refresh
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Cache-Backend
X-Sucuri-ID
X-Oss-Object-Type
X-Oss-Request-Id
Powered-By-ChinaCache
X-CSRF-TOKEN
X-User
RequestId
X-Key
X-Internal-Host
X-Node-Id
X-Developer
User-Agent
X-Cache-Status-Check
X-Parent-Response-Time
X-Ua-Device
Hostname
Origin
X-LAGOON
X-Sucuri-Cache
X-Device-Os
X-Cache-Grace
X-Sn-Servicetimems
X-Cdn-Origin
X-NWS-UUID-VERIFY
X-Ocache
X-CF-Powered-By
X-Location
X-Pjax-Url
X-Tb-Optimization-Total-Bytes-Saved
X-Pf-Uncompressing
X-CSRF-Token
X-TA-CDN-Provider
X-Ua
X-Via-CDN
A
Geoip-City
Geoip-Latitude
On-Server
SRV
X-NGINX-Cache
Cloudfront-Viewer-Country
X-MSEdge-Features
ProcessTime
X-MSEdge-Flight
PICS-Label
GeoIp-Country-Code
Memory
X-Request-Host
X-B3-Parentspanid
X-BACKEND-TTL
X-Cdn-Forward
X-COUNTRY
X-Ruxit-Js-Agent
TTL
XServer
X-Vcl-Version
X-Varnish-URL
X-Server-IP
X-Servedbyhost
X-Litespeed-Cache
X-Webkit-CSP
M-TraceId
X-Varnish-Ttl
Resin-Trace
X-Unique-ID
X-TIME
Dnion-Transfer-Encoding
SN
X-Rocket-Nginx-Bypass
Cdn
Tcn
Media-Length
X-Cdn-Request-ID
X-B3-SpanId
X-Correlation-ID
X-FORWARDED-FOR
X-HS-Status
Host-ID
X-Slack-Backend
CACHE
X-Ratelimit-Remaining
X-Beluga-Node
Pramga
X-Cache-FS-Status
X-PAYTM-SRV-ID
X-Cache-Ttl
X-Processor
X-Beluga-Cache-Status
X-ServedByHost
X-Beluga-Status
X-Action
X-Server-Time
X-Beluga-Trace
Who
X-Beluga-Response-Time
X-Dispatch
Arc-Country
X-Beluga-Record
HostName
X-ND-Cache
X-RPS
X-RSL
X-VCL-Version
X-Via-Ucdn
X-DSS
X-DI
X-DB
X-DW
X-RPM
X-Skip-Cache
MIME-Version
Ttl
X-Reqid
Fastly-Drupal-HTML
Cdn-Request-Time
X-Fastly-Country-Code
X-Edge-Server
NtCoent-Length
X-Served-From
Section-Io-Id
Section-Origin-Responded
Cdn-Host
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Dynatrace-Js-Agent
X-DC
X-Hello
Pics-Label
GeoIP-Country-Code
X-Bc-Bl
X-ABtesting
X-VarnishDD-TTL
X-AIR-PT
N-Cache
Esi-Enabled
X-DevSite-Last-Modified
X-Flog
Amp-Access-Control-Allow-Source-Origin
X-Sucuri-Id
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
Fusion-Deployment-Id
X-Planisys-CDN-Rules
GeoIP-Latitude
X-Policy
X-Varnish-Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
GeoIP-City
X-Adobe-Source
CF-Cached-On
X-Azure-Ref-OriginShield
X-Zone
X-Bc
X-APP
X-Backend-Host
X-Request-Start
X-Ratelimit-Limit
X-FPC
X-PJAX-URL
X-PF-Uncompressing
Trailer
X-HostName
Rt-Proxy-Cache
Cache-Cookie-Set-Idcheck
WebServer
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-From
X-SRV
X-Fastly-Backend-Reqs
X-BE
Processtime
X-Scheme
X-Amzn-Remapped-Date
X-Dynatrace
X-Fmm-Version
X-Amzn-Remapped-Connection
X-Swift-Error
X-Newrelic-App-Data
Servername
FSS-Cache
X-WA
Requestid
X-ZONE
Cache-Provider
X-Method
CDN
X-Fpc
Cteonnt-Length
FSS-Proxy
X-ID
Magicmarker
X-BC
X-Frame-Option
X-WR-MODIFICATION
X-Cache-Id
CF-IPCountry
X-Snapshot-Date
X-Branch-Name
Dynatrace
X-Esi-Check
L
X-LB-ID
X-StackifyID
X-SN
X-CACHE-AGE
Ohc-Response-Time
X-Cc-Req-Id
X-Cc-Via
X-Tid
Lb
WZWS-RAY
D-Cc-Upstream
Release
X-Request-Url
X-Compress-Hint
X-VC
X-Gzip
V-Cache
Warning
X-SD-PageType
Sid
X-SB
X-Aicache-OS
SD-X-WS
X-Cache-NGX
X-Fastly-Cache-Hits
X-Node-ID
X-Litespeed-Cache-Control
Load-Balancing
Server-Id
X-Nananana
X-VCT
X-Instart-Info
X-ECACHE
SID
X-GEO
X-ElasticPress-Search
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Apw-Access-Action
X-Worker
X-Svr
X-Be
WP-Super-Cache
X-Powered-Y
X-WPE-Loopback-Upstream-Addr
Cneonction
X-Fastly-Cache-Status
X-Varnish-Beresp-TTL
X-Request-URL
X-Check-Cacheable
X-App