Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-XSS-Protection
X-Powered-By
Pragma
CF-Cache-Status
CF-RAY
Link
ETag
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-Cache-Hits
X-UA-Compatible
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
X-Generator
Content-Security-Policy-Report-Only
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-Template
X-Language
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
X-FRAME-OPTIONS
Status
X-Content-Security-Policy
X-CDN
Upgrade
Content-Encoding
P3p
Access-Control-Expose-Headers
X-Ua-Compatible
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Xss-Protection
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
Xkey
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Backend
CF-Ray
X-Via
X-Age
X-Server
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
X-Pingback
X-Ws-Request-Id
EagleId
X-Proxy-Cache
X-Nginx-Cache-Status
X-Hacker
X-UA-Device
Request-Context
X-Varnish-Cache
Feature-Policy
Server-Timing
Grace
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-LiteSpeed-Cache
Report-To
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Server-Id
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Host
X-Device
X-OneAgent-JS-Injection
EagleEye-TraceId
X-Origin-Cache
X-Response-Time
Content-Location
X-Node
X-Ac
Surrogate-Control
X-Vhost
X-Readtime
Request-Id
X-Backend-Server
X-Dispatcher
X-Cloud-Trace-Context
X-Origin-Upstream-Status
X-Cnection
X-HW
X-Application-Context
X-ORACLE-DMS-ECID
Fusion-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Cache-Lookup
X-DataDome
X-ORACLE-DMS-RID
NEL
X-Mod-Pagespeed
Rating
X-Rack-Cache
Edge-Control
X-Country
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-Clacks-Overhead
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Allow
X-DynaTrace
X-Country-Code
Accept-Ch
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-FTR-Request-ID
X-ESI
Verso
Accept-Ch-Lifetime
X-Powered-By-Plesk
Service-Worker-Allowed
X-Url
Content-MD5
X-B3-TraceId
X-Forwarded-Proto
X-Version
X-MS-InvokeApp
X-GitHub-Request-Id
X-Kinja-Build
X-Exp-Id
X-Kinja
X-GoogleNews-Bot
X-Kinja-Server
X-Exp-Variant
X-Kinja-Revision
X-Cdn-Fetch
X-Use-Magma
Edge-Cache-Tag
RTSS
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
AR-PoweredBy
X-Px
X-D2id
X-Debug
X-Abt-Application-Version
X-Server-Name
SPRequestGuid
X-Vcache
X-Amz-Server-Side-Encryption
Charset
X-NF-Request-ID
X-Accel-Expires
X-Cached
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-MSEdge-Ref
X-TEC-API-ROOT
X-Middleton-Display
X-Middleton-Response
Pagespeed
Response
Display
X-Sol
X-Amz-Rid
X-Vcap-Request-Id
Arr-Disable-Session-Affinity
X-Navigation-Version
X-Powered-CMS
X-SharePointHealthScore
X-Pinterest-Rid
Pinterest-Version
TCN
X-Fastcgi-Cache
X-Trace
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-VARITI-CCR
Realpath
Public-Key-Pins
X-Client-IP
Cache-Tag
X-Cdn
Access-Control-Request-Method
X-Ser
X-Fastly-Request-ID
MS-Author-Via
S
X-DynaTrace-JS-Agent
X-Upstream
X-Shard
Nginx-Cache
SPIisLatency
SPRequestDuration
X-Id
MRF-Tech
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-Ezoic-Cdn
X-Hp-Webp
X-Content-Type
X-Forwarded-For
X-Amzn-Trace-Id
X-Grace
X-T
X-Amz-Meta-S3cmd-Attrs
DynaTrace
X-Recruiting
Front-End-Https
X-Hits
X-Edge-O15-RID
Fastcgi-Cache
Nel
X-Varnish-Age
X-Aspnet-Version
ServerID
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
X-DIS-Request-ID
X-Mobile-URL
X-Node-Name
X-Element-Page-Cache
NR-ENABLED
X-Cache-TTL
X-Server-ID
X-Content-Digest
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Expires
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
Powered
X-Frontend
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-FTR-Backend-Server
X-FTR-Realm
X-FTR-Backend
X-Jurisdiction
X-FTR-DC
X-FTR-Balancer
Alternate-Protocol
Server-Node
Server-Name
TP-Cache
TP-L2-Cache
X-Logged-In
X-Correlation-Id
X-XRDS-LOCATION
AMP-Access-Control-Allow-Source-Origin
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
Upgrade-Insecure-Requests
Backend-Timing
X-ATS-Timestamp
X-Cache-Hit
X-Amz-Apigw-Id
X-Content-Options
X-Webkit-Csp
X-Page-Id
X-Amzn-RequestId
Refresh
X-Origin-Server
X-Content-Security-Policy-Report-Only
X-User-Agent
X-Revision
X-Akamai-Edgescape
X-Rid
X-F-Cache
X-Varnish-Grace
X-Type
X-CST
Fastly-Restarts
X-Zen-Fury
X-XRDS-Location
X-Content-Powered-By
X-Shield-Request-Id
X-Geo-Country
X-LB-Cache
X-B3-Sampled
X-B
X-Az
X-AppVersion
X-Activity-Id
X-N
X-FTR-Cache-Host
X-URL
PB-RID
X-Webapp-Samesite-None-Activated-N
PB-PID
X-Mobile-Rewrite
Arc-Version
X-Kinsta-Cache
X-Pad
Cache-Status
X-TT
X-Instance
X-WebKit-CSP-Report-Only
X-Cache-Age
X-Time
X-AOL-HN
X-Debug-Info
X-B-Cache
Actual-Object-TTL
Paypal-Debug-Id
X-Framework
X-App-Environment
X-Jobs
X-Tumblr-Pixel
X-Tumblr-User
X-Signature
X-Tumblr-Pixel-0
X-Request-Guid
Access-Control-Allow-Method
X-Cache-Action
X-PHP-Backend
X-RateLimit-Remaining
DC
X-FB-Debug
X-Analytics
X-Load-Cache
X-Cached-By
X-Git-Hash
X-Varnish-Backend
Surrogate-Key
X-Erf-Bev-Bev-Is-Generated
X-Tt-Trace-Tag
Fastcgi-Useragent
X-Erf-Bev-Bev
Host-Header
X-Tt-Trace-Host
X-Amz-Replication-Status
FilterID
X-Contextid
X-IPLB-Instance
MS-CV
X-SS-Set-Cookie
X-ATG-Version
X-Ruxit-Js-Agent
X-WA-Info
X-Cluster
Tracecode
NGB
Host
X-Accel-Buffering
X-Response-Served-From
X-Mobile
X-Srv
WPE-Backend
X-FastCGI-Cache
Payment
Source
X-Varnish-Server
X-Host-Name
Xserver
Frame-Options
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Key
X-Cache-NE
X-FW-Type
X-FW-Static
X-Cache-Operation
X-FW-Server
Eomportal-Instance
X-Cache-Rule
X-FW-Serve
X-Region
X-Cache-2
X-FW-Hash
Cache-Tv-Group
X-Cacheable-TTL
X-Cache-Enabled
X-Via-JSL
X-Rendered-As
Filters
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Varnish-Hostname
X-GeoIP
X-ORACLE-APMCS-REQUEST-ID
X-IPS-LoggedIn
X-Is-Bot
X-ORACLE-APMCS-TAG
X-TX-ID
X-Presslabs-Stats
X-Adobe-Loc
X-Adobe-Content
X-NewRelic-App-Data
X-RequestSource
X-Ttl
X-Hostname
X-Origin-Response-Time
X-EdgeConnect-Cache-Status
X-Seen-By
X-NWS-LOG-UUID
Cleartype
Retry-After
X-Cache-TTL-Remaining
Server-Info
Cache
X-ProcessESI
X-RemovedCookies
X-UA
X-VCache
X-HTML-Minification-Powered-By
Liferay-Portal
Accept-CH
X-Dc
Datacenter
X-Cache-Control
Ms-Operation-Id
X-B3-Traceid
X-RTag
Healthy
X-CACHE-KEY
X-Source
X-L-Path
X-Environment-Context
X-FireWall-Port
X-Upgrade-Enabled
X-Endurance-Cache-Level
X-App-Server
From-Origin
X-Cache-Server
X-RateLimit-Limit
X-CLOUD-TRACE-CONTEXT
X-Handled-By
Version
X-Rule
X-Status
X-Backend-Name
X-APP-VERSION
X-Wix-Request-Id
X-PressLabs-Stats
Accept-CH-Lifetime
X-Path-Route
X-Cache-Var
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-Tb
X-Request-Time
OT-Force-Account-Verify
X-Section
X-Proxy-Build
X-Format
Selected-Fe
X-Access
X-Timing-Wait
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Content-Age
Mn-Server-Ip
Akamai-GRN
X-Akamai-Request-ID
X-Alternate-Cache-Key
X-BYPASS-REASON
X-Storage
X-Shopify-Stage
X-ShardId
X-Proto
X-EIG-Tracking-Id
X-PCL
Azure-SiteName
X-OCL
Azure-SlotName
Azure-RegionName
X-ProxyCache-Key
X-Origin
X-ShopId
Azure-InstanceId
Azure-Version
X-ProxyCache-Status
X-Human
X-Shopify-Generated-Cart-Token
Cache-Tags
X-Cache-Host
X-AWS-Id
X-Akamai-Request-ID2
S-Rt
X-Cluster-Node
X-Debug-Cache
X-Generated-By
X-FW-Dynamic
X-FC-Vary-Parameters
Origin-Edge-Control
Origin-Cache-Control
Decoy-Debug-Status
Decoy-Debug-Key
DB-Nickname
Decoy-Debug-TTL
Ec-Rule-Version
Now
Node
NGX
X-Hl-Ver
X-Hosted-By
X-Time-Microsecs
X-Soup
X-ServerID
X-SaId
X-UUID
X-Vgn-Hpd-Reason
X-Web-Node
X-VWS-Id
X-Viewer-Country
X-Redis-Cache
X-Qloud-Router
X-LJ-Flow-ID
X-JoinUs
X-Hyper-Cache
X-MP-GENERATED-AT
X-NYM-Debug-Backend
X-Pubstack
X-Proxy-Cache-Status
X-Proxy
GEO-INFO
X-Cache-Config
X-Yottaa-Optimizations
X-Yottaa-Metrics
Webcakes-Region
X-Varnish-Hits
X-Site-Version
X-BCube-Filmed-By
X-SayCDN-TTL
X-CCM
TWC-Connection-Speed
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Locale-Group
TWC-Privacy
X-Www-Served-By
Webcakes-App-Name
TWC-Device-Class
Cross-Origin-Window-Policy
X-RCS-CacheZone
X-IP
X-Locale
X-Origin-Hint
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
Property-Id
X-Generated
X-Say-Cacheable
X-Say-TTL
X-Detected-As
X-Akamai-Transformed
X-Loop
X-FB-TRIP-ID
X-Amzn-Remapped-Content-Length
X-R9-Blue-Green-Version
Accept-Charset
X-Xfnlog-Site
X-TNCMS
L5d-Success-Class
Srv
X-Oneagent-Js-Injection
X-CS
X-NCache
Cache-Name
Viewport
Uber-Trace-Id
X-Drupal-Cache-Tags
X-Unique-Id
Webserver
Time
Cache-Key
X-Esi
X-UA-Device-Type
Mime-Version
X-Cache-Remote
VIX-Pulpo-Upstream-Status
X-From
VIX-Pulpo-Node
X-Mode
X-Backend-TTL
Accept-Language
X-Origin-TTL
X-UnsetCookies
X-Drupal-Cache-Contexts
X-Forwarded-Host
X-Origin-CC
X-CDN-Forward
Country
X-Cluster-Name
X-TT-TIMESTAMP
Rt-Fastcgi-Cache
X-Info
X-Edge-Location
X-Whom
Odigeo-Trace-Id
X-Microcachable
X-Newrelic-Synthetics
X-Varnish-Cache-Hits
X-B3-Spanid
X-ApacheServer
X-Geo
X-Magnolia-Registration
X-PERF
X-Daa-Tunnel
X-NGENIX-Cache
ServedBy
Content-Disposition
X-UPSTREAM-Address
X-EC-Lua
Ohc-Cache-HIT
Ohc-File-Size
Proxy-Connection
X-Device-Type
X-Routing-Service
X-No-Session
X-Proxied
X-Zipkin-Id
X-Via-Fastly
X-TA-CDN-Provider
X-Uri
Apple-News-Services-Request-Url
X-Vtex-Processado-Em
Apple-News-Services-Handled
X-VG-WebServer
Xc-Version
X-Vtex-Remote-Cache
Apple-News-Services-Host
AsisCache
Apple-News-Services-Parsed-Url
X-Trv-Group
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-ScT
X-Connection-Hash
X-S-Cookie
X-B-Cookie
X-ARC
X-SRCache-Key
X-Application
X-Sigma-Backend
X-Sigma
X-Session-Fingerprint
X-S
X-Rojux
X-Geo-Header
X-G
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-External-Request-Id
X-Rocket-Build-Number
X-D
X-Date
X-Destination
X-DPWN-IS-SECURE
X-Aed
X-Accel-Expires-Debug
Machine
X-Vdms-Version
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
X-VG-TLSProxy
GEO-REGION-INFO
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
X-Twitter-Response-Tags
X-Rewrite-Enabled
X-Transaction
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A
W
Rendered-Blocks
T-Server
Viewtype
VivaBuild
X-VG-WebCache
X-A-Ccd
X-Labrador-Cache-Channel
X-PHP-Host
X-Real-IP
Cf-Ipcountry
X-C
User-Cache-Control
HitType
X-Epic-Correlation-Id
Fastly-Soc-X-Request-Id
X-Cache-Time
X-Render-Time
X-Nc
X-Cache-Debug
Gh-Request-Id
X-Eu-Site
Server-Surrogate-Control
Server-Cache-Control
X-Contensis-Viewer-Groups
Powered-By
X-CUA
X-Logging-Id
Environment
X-CGP
X-SIPLIST1
X-Developers
X-Distil-CS
X-Hit
X-Agile-Id
Locid
X-VC-Cache
X-Varnish-Authentication
X-Agile-Age
X-WebServer
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Agile
X-App-Name
X-Auto-Login
X-Bip
CDCHOST
X-Cache-ASPX
HA-Ipaddr
X-Thanos
IsBot
X-Tumblr-Pixel-3
X-Backend-State
X-TrackingId
Ha-Gx-Prefs
Fastly-SSL
X-GoCache-CacheStatus
Section-Io-Cache
X-Cache-Backend
X-Cache-Bucket
X-Cache-Info
X-Block-Status
X-Cache-URL
X-Fastly-Cache
X-Azure-Ref
X-AK-Request-ID
X-FW-Version
X-BBXSRF
X-Fetched-On
Geo-Info
X-Distributor
X-Cms-Context
X-Debug-Cookies
X-Core-Mission
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Clientip
X-Debug-Log
X-Cdn-Srv
X-Gamma-Serve
X-Dispatcher-Server
X-Clara-WADP
X-Debug-Cache-Expiry
X-Irp-Debug
X-Request-URI
X-Server-W
X-Sucuri-Cache
X-SVT-ORM-RULES
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Owner
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-SVT-ORM-VERSION
X-Swa-Ws
X-VServer
X-WADP-Cache
X-We-Are-Hiring
X-Webstats-RespID
X-User
X-Urbn-Site-Id
X-TH-Server
X-Trace-Id
X-TT-LOGID
X-Urbn-Context-Path
X-OVcl-Cache
X-OVcl
X-IN-APIGATEWAYSSL
X-Instart-Isnd
X-Key
X-Li-Fabric
X-IN-APIGATEWAY
X-Hnp-Log
X-Generated-In
X-Generation-Time
X-GeoIP-City
X-Hash
X-Li-Pop
X-LI-Proto
X-NodeID
X-NX-Host
X-Origin-Date
X-Origin-Expires
X-Nginx-Cache-Key
X-Varnish-Beresp-Grace
X-LI-UUID
X-Micro-Cache
X-Ms-Request-Id
X-Gen-Mode
X-Ms-Version
Kp-EeAlive
Request-EU
Cache-Host
X-Varnish-Beresp-Ttl
RNT-Time
X-Varnish-Beresp-Status
V-Age
Locale
Cdnsip
Memcached
Server-Int
Mail-Subject
True-Client-Country-4JS
Server-ID
Cdncip
IBM-Web2-Location
Fastly-SIE
RNT-Machine
AKAMAI
Countrycode
Fastly-Backend-Name
Access-Control-Request-Headers
Heartbleed
Fastly-SWR
We-Hiring
Country-Code
Web-Mar-Node
Request-Country
X-App-Version
PFcat
Platform
X-Platform-Server
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-Generated-On
X-Internal-Host
FNAC-ModuleRouting
X-Is-Gdpr
X-JWT-State
X-Level-Front-Cache
X-Matched-Rule
X-Has-Esi
X-ServiceProvider
X-Reboot
X-Service
Is-Eu
X-Req
ServerName
X-Core-Value
Thinkindot-CacheControl
Adler-Geo
X-Cache-Tags
Wxu-Next-Hostname
Thinkindot-Control
Wxu-Next-Commit
X-Servername
Wxu-Next-Region
X-Old-Content-Length
Thinkindot-CacheControl-Type
X-NU-AKA-ACS-Version
X-Up
Server-Host
X-Variation
X-Lb-Id
X-Nginx-Cache
X-Location
Cache-Hits
X-S-Maxage
X-Response-By
X-SERVER
RequestId
X-B3-Parentspanid
X-Air-Hostname
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-Parent-Response-Time
Pragrma
X-Cache-Expired-At
Group
ProcessTime
X-Var-Ttl
X-B3-SpanId
Filterid
X-CF-Powered-By
X-Cdn-Forward
X-Pjax-Url
X-Tec-Api-Version
S-Cnection
X-NC
Memory
X-CSRF-Token
X-Tec-Api-Root
X-Tec-Api-Origin
X-CSRF-TOKEN
X-BACKEND-TTL
Origin
X-Wa
User-Agent
SRV
X-Server-IP
Powered-By-ChinaCache
TTL
X-Pf-Uncompressing
Geoip-Latitude
X-Cdn-Request-ID
X-Vcl-Version
Media-Length
GeoIp-Country-Code
X-Unique-ID
X-Sucuri-ID
X-NGINX-Cache
X-Correlation-ID
X-Ua
Geoip-City
X-Varnish-Cacheable
X-NWS-UUID-VERIFY
PICS-Label
X-Sucuri-Id
X-COUNTRY
X-Via-CDN
X-Rocket-Nginx-Bypass
X-Developer
Dnion-Transfer-Encoding
X-Node-Id
X-LAGOON
X-Device-Os
X-Cdn-Origin
X-Litespeed-Cache
X-Sn-Servicetimems
X-Webkit-CSP
X-Ocache
X-Cache-Grace
Esi-Enabled
X-AIR-PT
X-Servedbyhost
SN
X-Reqid
X-Planisys-CDN-TTL
X-Via-Ucdn
X-Planisys-CDN-Cache
X-Policy
X-Planisys-CDN-Rules
X-Varnish-Ttl
On-Server
HostName
XServer
X-TIME
X-Fastly-Country-Code
M-TraceId
X-Request-Host
X-MSEdge-Flight
X-HS-Status
X-Azure-Ref-OriginShield
A
X-MSEdge-Features
X-Request-Start
X-FORWARDED-FOR
X-Cache-Status-Check
Tcn
X-ServedByHost
Rt-Proxy-Cache
Cloudfront-Viewer-Country
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-Beluga-Node
Cdn
Who
X-Beluga-Record
X-Beluga-Response-Time
X-Cache-Ttl
X-Beluga-Status
X-Beluga-Trace
X-Beluga-Cache-Status
Resin-Trace
X-VHOST
Hostname
X-Ftr-Cache-Host
X-Method
Magicmarker
NtCoent-Length
X-APP
CF-Cached-On
Pics-Label
X-Zone
X-Ratelimit-Remaining
Host-ID
X-Bc
X-VCL-Version
GeoIP-Country-Code
Load-Balancing
X-Varnish-URL
X-Varnish-Url
X-Oracle-Dms-Rid
X-LiteSpeed-Cache-Control
MIME-Version
X-Svr
X-Be
Cteonnt-Length
X-Slack-Backend
X-Fastly-Backend-Reqs
Ttl
Ohc-Response-Time
GeoIP-Latitude
X-DC
DSUID
X-RPS
X-RPM
X-RSL
X-PF-Uncompressing
X-DB
X-DI
X-Action
X-DSS
X-VarnishDD-TTL
X-DW
Release
GeoIP-City
X-MServer
X-VCT
X-Newrelic-App-Data
Vix-Hermes-Req-Id
X-Hp-Ccpa-Warning
X-HostName
X-Cache-FS-Status
Arc-Country
Pramga
X-Ratelimit-Limit
WebServer
X-Tid
X-SRV
X-PJAX-URL
X-Dispatch
Amp-Access-Control-Allow-Source-Origin
X-Ftr-Request-Id
X-Skip-Cache
X-Server-Time
X-Processor
X-PAYTM-SRV-ID
X-FPC
CACHE
X-Configured-By
Fastly-Drupal-HTML
X-BE
Processtime
X-Swift-Error
X-Hello
X-ND-Cache
X-Flog
X-ABtesting
X-DevSite-Last-Modified
X-Dynatrace
CF-IPCountry
X-WR-MODIFICATION
Servername
X-Dynatrace-Js-Agent
X-Edge-Server
X-ID
X-Served-From
Cdn-Host
X-SD-PageType
Cdn-Request-Time
N-Cache
Cache-Provider
SD-X-WS
X-Aicache-OS
X-Upstream-Ht
X-Upstream-Ct
X-Frame-Option
X-Ftr-Backend
X-Ftr-Dc
X-Cache-Id
CDN
X-LB-ID
X-Branch-Name
X-Compress-Hint
X-Ftr-Realm
Lfy
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-Bc-Bl
X-WA
Pagetype
X-Ftr-Backend-Server
X-Snapshot-Date
Dynatrace
X-Ftr-Balancer
L
X-StackifyID
X-Fastly-Cache-Hits
X-SN
Requestid
X-CACHE-AGE
X-Apw-Access-Action
X-Apw-Access-Token
X-Edge-IP
X-Apw-Access-Object
Proxy-Firewall
X-ZONE
X-Apw-Hits
V-Cache
X-Request-Url
X-Backend-Host
X-Varnish-Beresp-TTL
X-Cc-Req-Id
X-Cc-Via
X-SB
X-Release
D-Cc-Upstream
X-VC
X-ServerName
X-Via-NSCOPI
Warning
X-ElasticPress-Search
WP-Super-Cache
X-Scheme
X-Request-URL
X-Worker
X-BC
X-Check-Cacheable
X-Fastly-Cache-Status
X-Powered-Y
X-App
Backend-Name
Correlation-Id
Lb
LB