Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-FRAME-OPTIONS
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Cacheable
X-Permitted-Cross-Domain-Policies
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Pingback
X-Server-Powered-By
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
Cf-Railgun
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Dispatcher
X-Ruxit-JS-Agent
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
X-ORACLE-DMS-RID
NEL
X-Clacks-Overhead
X-Country
X-Rack-Cache
Rating
X-Akam-SW-Version
P3p
Edge-Control
X-DataDome
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
Accept-Ch
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
X-TTL
Content-MD5
Verso
X-ESI
Service-Worker-Allowed
X-Url
Accept-Ch-Lifetime
X-Powered-By-Plesk
X-Vcache
X-GitHub-Request-Id
RTSS
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-B3-TraceId
X-Version
X-Forwarded-Proto
X-Server-Name
X-MS-InvokeApp
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-CACHE
X-Amz-Server-Side-Encryption
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-Request-ID
SPRequestGuid
X-Cached
Charset
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Navigation-Version
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-NF-Request-ID
X-MSEdge-Ref
X-Amz-Rid
Pagespeed
X-Middleton-Response
Response
Display
X-Sol
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-Server-ID
X-Fastly-Request-ID
X-VARITI-CCR
X-SharePointHealthScore
Pinterest-Version
X-Pinterest-Rid
MS-Author-Via
Nginx-Cache
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Client-IP
X-Powered-CMS
X-Cdn
Realpath
Cache-Tag
X-Edge-O15-RID
X-Ser
Access-Control-Request-Method
X-Content-Type
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
Nel
X-Amzn-Trace-Id
SPIisLatency
X-Upstream
SPRequestDuration
X-Shard
X-Grace
X-Jurisdiction
X-Hp-Webp
X-Cache-TTL
X-Id
Front-End-Https
X-Ezoic-Cdn
X-Forwarded-For
X-Hits
Fastcgi-Cache
X-T
X-Amz-Meta-S3cmd-Attrs
S
X-Recruiting
X-DynaTrace-JS-Agent
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Content-Digest
X-Node-Name
X-Dw-Request-Base-Id
X-Country-Code-Real
X-FTR-Expires
X-FTR-Realm
X-Mobile-URL
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Varnish-Age
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
TP-L2-Cache
TP-Cache
Server-Node
X-Correlation-Id
X-Frontend
X-Goog-Stored-Content-Length
X-HS-Hub-Id
X-HS-Cache-Config
X-Goog-Metageneration
X-HS-Content-Id
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-HS-Combine-CSS
X-Goog-Generation
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
Fastly-Restarts
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-ATS-Timestamp
Backend-Timing
X-XRDS-Location
X-Page-Id
X-Content-Options
X-Zen-Fury
Refresh
X-Content-Security-Policy-Report-Only
X-Request-Processing-Time
X-Request-Received
X-User-Agent
X-Varnish-Grace
X-F-Cache
X-Akamai-Edgescape
X-Rid
X-Origin-Server
X-XRDS-LOCATION
X-LB-Cache
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-B
X-Revision
X-Content-Powered-By
X-Type
X-B3-Sampled
Cache-Status
X-Geo-Country
X-Activity-Id
X-AppVersion
X-Az
X-NWS-LOG-UUID
X-Kinsta-Cache
X-N
X-TT
X-Cache-Action
X-AOL-HN
X-WebKit-CSP-Report-Only
X-Framework
X-App-Environment
X-Debug-Info
Access-Control-Allow-Method
X-Cached-By
X-Git-Hash
X-FB-Debug
X-Jobs
X-Request-Guid
X-Instance
X-Signature
X-B-Cache
X-PHP-Backend
Actual-Object-TTL
X-Time
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
Paypal-Debug-Id
X-Cache-Age
Fastcgi-Useragent
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Load-Cache
X-Amz-Replication-Status
X-URL
X-Varnish-Backend
DC
X-Pad
Host
Host-Header
X-ATG-Version
X-ORACLE-APMCS-REQUEST-ID
X-WA-Info
X-Webkit-Csp
X-ORACLE-APMCS-TAG
X-Via-JSL
X-Shield-Request-Id
MS-CV
X-IPLB-Instance
Surrogate-Key
X-RateLimit-Remaining
X-Contextid
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Host-Name
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Retry-After
Frame-Options
Liferay-Portal
Accept-CH
X-Srv
X-Accel-Buffering
X-Response-Served-From
X-Seen-By
NGB
X-Cache-Key
X-Hostname
X-FastCGI-Cache
Payment
Source
X-Varnish-Server
X-NewRelic-App-Data
X-SS-Set-Cookie
X-Cache-NE
Eomportal-Instance
X-Region
Xserver
WPE-Backend
X-Rendered-As
X-Cluster
X-IPS-LoggedIn
X-Is-Bot
X-Cacheable-TTL
Tracecode
X-Origin-Response-Time
X-FW-Type
X-GeoIP
X-Cache-Enabled
Server-Info
X-FW-Static
X-Presslabs-Stats
X-FW-Server
X-Varnish-Hostname
X-Cache-2
X-FW-Hash
X-FW-Serve
X-Tumblr-Pixel-1
X-Adobe-Content
X-Tumblr-Pixel-2
X-App-Server
Filters
X-Cache-Rule
X-Adobe-Loc
X-Cache-Operation
Cache-Tv-Group
X-ProcessESI
X-RemovedCookies
X-RequestSource
X-Ttl
X-EdgeConnect-Cache-Status
FilterID
X-TX-ID
Accept-CH-Lifetime
X-Cache-TTL-Remaining
X-Environment-Context
X-FireWall-Port
X-L-Path
Cleartype
X-Handled-By
X-Upgrade-Enabled
Accept-Charset
X-B3-Traceid
X-RTag
Ms-Operation-Id
From-Origin
X-Endurance-Cache-Level
X-Source
X-Cache-Server
X-Analytics
X-Backend-Name
X-CACHE-KEY
X-UA
X-HTML-Minification-Powered-By
X-UUID
Srv
Datacenter
Healthy
X-Wix-Request-Id
X-APP-VERSION
X-Daa-Tunnel
X-RN-RSRV
X-Dc
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-Cache-Var
X-Path-Route
X-Timing-Wait
X-Proxy-Build
X-Tb
OT-Force-Account-Verify
X-Unique-Id
X-Whom
X-Status
Selected-Fe
X-Proto
X-PressLabs-Stats
Akamai-GRN
X-OCL
X-PCL
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Akamai-Request-ID
X-FC-Vary-Parameters
Version
X-Cache-Config
X-Akamai-Transformed
Ec-Rule-Version
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Say-TTL
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Generated-Cart-Token
X-ShopId
X-SayCDN-TTL
X-ShardId
X-Soup
X-Vgn-Hpd-Reason
X-NYM-Debug-Backend
X-Origin
X-Section
X-Format
X-Access
X-Viewer-Country
X-Web-Node
X-Say-Cacheable
X-SaId
X-Debug-Cache
X-EIG-Tracking-Id
X-Hl-Ver
X-Alternate-Cache-Key
Origin-Edge-Control
Node
Origin-Cache-Control
X-Hosted-By
X-Human
X-ProxyCache-Status
X-Redis-Cache
X-Request-Time
X-ProxyCache-Key
X-Proxy-Cache-Status
X-Hyper-Cache
X-JoinUs
Mn-Server-Ip
X-BYPASS-REASON
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Loop
X-AWS-Id
X-Locale
GEO-INFO
X-LJ-Flow-ID
X-Www-Served-By
X-VWS-Id
X-Site-Version
X-Storage
X-TNCMS
Cross-Origin-Window-Policy
Cache-Tags
DB-Nickname
X-Pubstack
X-Proxy
X-ServerID
X-Time-Microsecs
X-BCube-Filmed-By
X-CCM
X-Generated-By
Now
X-Generated
X-FB-TRIP-ID
X-Akamai-Request-ID2
X-Qloud-Router
X-Detected-As
X-Content-Age
Azure-InstanceId
X-FW-Dynamic
X-NCache
X-Ua-Device
X-Varnish-Hits
S-Rt
NGX
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-Webapp-Samesite-None-Activated-N
X-IP
TWC-Device-Class
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Connection-Speed
Property-Id
X-R9-Blue-Green-Version
X-Xfnlog-Site
X-UA-Device-Type
TWC-Privacy
TWC-Locale-Group
Webcakes-Region
X-Amzn-Remapped-Content-Length
Webcakes-App-Version
X-Origin-Hint
Webcakes-App-Name
X-Backend-TTL
X-MP-GENERATED-AT
Cache-Key
X-Cluster-Node
Section-Io-Cache
X-RCS-CacheZone
X-NGENIX-Cache
X-RateLimit-Limit
X-Drupal-Cache-Tags
X-Forwarded-Host
X-Cache-Control
X-Cache-Host
Webserver
X-CDN-Forward
X-Rule
Time
X-Mode
X-Esi
X-Info
L5d-Success-Class
Content-Disposition
Cache
X-Varnish-Cache-Hits
Mime-Version
X-UnsetCookies
X-Cache-Remote
ServedBy
Accept-Language
X-Newrelic-Synthetics
X-PERF
X-ApacheServer
Cache-Name
Rt-Fastcgi-Cache
X-CS
X-Origin-TTL
X-Origin-CC
Viewport
Uber-Trace-Id
X-B3-Spanid
Country
Odigeo-Trace-Id
X-Via-Fastly
X-Device-Type
Filterid
X-VCache
X-Zipkin-Id
X-Proxied
X-Uri
X-EC-Lua
X-Routing-Service
X-Magnolia-Registration
X-CLOUD-TRACE-CONTEXT
X-From
X-Geo
Proxy-Connection
X-Real-IP
Access-Control-Request-Headers
Cf-Ipcountry
X-Cluster-Name
HitType
X-Drupal-Cache-Contexts
Geo-Info
X-PHP-Host
X-Labrador-Cache-Channel
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Cache-Time
X-Varnish-Beresp-Grace
X-TT-TIMESTAMP
Machine
Content-Style-Type
X-Request-UUID
X-Rewrite-Enabled
X-Rocket-Build-Number
X-S
X-Rojux
X-SRCache-Key
X-S-Cookie
X-Vdms-Version
X-A
Group
X-Date
X-VG-WebServer
MD5-Digest
X-Region-Sid
X-Connection-Hash
X-ScT
Content-Script-Type
X-Sigma-Backend
X-Sigma
X-Session-Fingerprint
Cache-Hits
GEO-REGION-INFO
BehaviorPad-Version
AsisCache
X-Destination
VivaBuild
X-DPWN-IS-SECURE
X-CF-Lambda-Fn
VIX-Pulpo-Upstream-Status
X-GeoIP-Country-Code
X-G
X-CF-Lambda-Version
Viewtype
X-External-Request-Id
T-Server
X-VG-WebCache
X-A-Dgt
X-Accel-Expires-Debug
X-Aed
X-Transaction
VIX-Pulpo-Node
X-VG-TLSProxy
X-A-Wwc
X-Vtex-Processado-Em
X-Application
Fastcgi-X-Cache-Version
X-ARC
Meta-Geo-Continent
Rendered-Blocks
X-B-Cookie
X-A-Dcw
X-Trv-Group
X-A-Dam
Mobile-Detection-Method
X-A-Ccd
X-Microcachable
X-D
X-Vtex-Remote-Cache
Xc-Version
X-Twitter-Response-Tags
Ohc-File-Size
User-Cache-Control
Ha-Gx-Prefs
X-Eu-Site
X-Wikidot-Static-Cache
X-Agile-Id
X-WebServer
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Wikidot-Backend
Apple-News-Services-Handled
X-Agile
X-Agile-Age
CDCHOST
X-Distil-CS
X-CGP
X-Hit
X-CUA
X-Clientip
X-Thanos
W
X-Bip
Countrycode
X-Backend-State
X-VC-Cache
X-Logging-Id
X-OVcl-Cache
X-OVcl
X-Cache-Expired-At
Powered-By
X-TrackingId
X-Nc
HA-Ipaddr
X-Cdn-Srv
Environment
Locid
X-Cache-Debug
X-Geo-Header
X-C
X-Block-Status
X-Azure-Ref
X-App-Name
X-Air-Hostname
X-BBXSRF
Web-Mar-Node
X-Cache-Info
X-Cache-Bucket
We-Hiring
X-Clara-WADP
X-Li-Fabric
X-TH-Server
X-Up
X-Webstats-RespID
X-Swa-Ws
X-We-Are-Hiring
X-Var-Ttl
X-Owner
X-Variation
Gh-Request-Id
X-Origin-Date
X-Origin-Expires
X-WADP-Cache
X-Platform-Server
X-Request-URI
X-Servername
X-Trace-Id
X-SIPLIST1
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Proxy-Upstream
X-VServer
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Auto-Login
X-NX-Host
X-Generated-In
X-Gen-Mode
X-GeoIP-City
X-Hash
X-Hnp-Log
X-Fetched-On
X-Fastly-Cache
X-Debug-Log
X-Dispatcher-Server
X-Distributor
X-Epic-Correlation-Id
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Ms-Request-Id
X-Ms-Version
X-NodeID
X-NU-AKA-ACS-Version
X-Micro-Cache
X-LI-UUID
X-Instart-Isnd
X-Irp-Debug
X-Li-Pop
X-LI-Proto
X-Debug-Cookies
X-Cache-Tags
IBM-Web2-Location
Mail-Subject
Platform
Is-Eu
IsBot
Kp-EeAlive
Request-Country
Request-EU
Server-ID
Fastly-SWR
Adler-Geo
V-Age
True-Client-Country-4JS
Cache-Host
Country-Code
Fastly-SIE
Pragrma
Memcached
X-Oss-Request-Id
X-GoCache-CacheStatus
X-App-Version
S-Cnection
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Edge-Location
Locale
X-Generated-On
X-Is-Gdpr
X-SVT-ORM-VERSION
X-TT-LOGID
X-JWT-State
X-Nginx-Cache-Key
Server-Surrogate-Control
X-Thinkindot-L3
X-ServiceProvider
X-No-Session
X-SVT-ORM-RULES
X-Reboot
AKAMAI
Cdncip
X-Varnish-Authentication
X-Urbn-Site-Id
X-Has-Esi
X-Level-Front-Cache
X-Trafficlayer-App-Name
Cdnsip
Fastly-Soc-X-Request-Id
ServerName
X-Gamma-Serve
Ohc-Cache-HIT
X-Tumblr-Pixel-3
X-Urbn-Context-Path
X-Matched-Rule
Fastly-Backend-Name
X-Cms-Context
X-Cache-ASPX
Server-Cache-Control
PFcat
X-Contensis-Viewer-Groups
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
RNT-Machine
RNT-Time
Thinkindot-CacheControl-Type
Thinkindot-Control
Thinkindot-CacheControl
Server-Int
X-AK-Request-ID
Server-Host
X-Cache-URL
X-Service
X-Trafficlayer-App-Scope
X-Core-Mission
X-Core-Value
X-Debug-Cache-Store
X-Trafficlayer-App-Version
X-Developers
Heartbleed
X-FW-Version
Fastly-SSL
X-Node-Id
Wxu-Next-Commit
X-NC
Wxu-Next-Hostname
Wxu-Next-Region
X-Old-Content-Length
X-Lb-Id
X-Generation-Time
FNAC-ModuleRouting
X-Server-W
X-Response-By
X-Req
X-Nginx-Cache
X-Sucuri-ID
X-VHOST
X-Refresh
X-Varnish-Cacheable
X-SERVER
User-Agent
RequestId
X-UPSTREAM-Address
Powered-By-ChinaCache
X-Developer
X-S-Maxage
Hostname
X-Cache-Status-Check
X-Wa
X-NWS-UUID-VERIFY
X-Parent-Response-Time
X-Cache-Grace
X-Cdn-Origin
X-Sn-Servicetimems
X-Device-Os
X-LAGOON
X-CF-Powered-By
X-CSRF-TOKEN
X-Render-Time
X-Cache-Backend
X-Pjax-Url
X-Tec-Api-Origin
X-User
X-Tec-Api-Root
X-Ocache
X-Tec-Api-Version
X-Key
On-Server
A
X-CSRF-Token
X-Internal-Host
Origin
X-Ua
Memory
Cloudfront-Viewer-Country
X-Pf-Uncompressing
X-Request-Host
SRV
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
X-MSEdge-Features
X-Via-CDN
X-MSEdge-Flight
Geoip-City
X-Location
X-TA-CDN-Provider
Geoip-Latitude
GeoIp-Country-Code
X-NGINX-Cache
PICS-Label
ProcessTime
X-Dynatrace-Js-Agent
X-COUNTRY
X-B3-Parentspanid
X-Vcl-Version
X-Varnish-URL
TTL
Resin-Trace
X-Webkit-CSP
X-Cdn-Forward
X-BACKEND-TTL
X-Litespeed-Cache
X-Servedbyhost
X-Server-IP
X-Rocket-Nginx-Bypass
X-Ratelimit-Remaining
X-Varnish-Ttl
X-HS-Status
Cdn
X-Slack-Backend
X-TIME
XServer
Dnion-Transfer-Encoding
Arc-Country
Pramga
X-Cache-FS-Status
X-Processor
X-PAYTM-SRV-ID
X-Dispatch
X-Server-Time
Tcn
SN
M-TraceId
X-B3-SpanId
Fusion-Deployment-Id
X-FORWARDED-FOR
Trailer
X-DC
X-Unique-ID
X-ND-Cache
X-Cdn-Request-ID
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Skip-Cache
X-ServedByHost
Section-Io-Origin-Status
Section-Io-Id
Media-Length
Host-ID
CACHE
X-VCL-Version
X-Edge-Server
Cdn-Request-Time
X-Beluga-Node
X-Cache-Ttl
X-Beluga-Trace
X-Served-From
X-Action
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Cache-Status
Cdn-Host
Fastly-Drupal-HTML
X-Beluga-Record
HostName
X-Fastly-Country-Code
X-DW
X-DI
X-DB
Who
X-DSS
X-RPS
X-RPM
X-RSL
X-DevSite-Last-Modified
N-Cache
Ttl
NtCoent-Length
X-Adobe-Source
X-Correlation-ID
GeoIP-Country-Code
X-Via-Ucdn
Pics-Label
X-Bc-Bl
CF-Cached-On
GeoIP-Latitude
X-Backend-Host
X-Hello
GeoIP-City
X-Datadome
X-Reqid
X-ABtesting
X-Flog
X-Ratelimit-Limit
X-LiteSpeed-Cache-Control
MIME-Version
X-Oracle-Dms-Rid
X-PF-Uncompressing
Esi-Enabled
X-Zone
X-Varnish-Url
X-APP
X-Bc
X-AIR-PT
X-VarnishDD-TTL
X-Fmm-Version
X-Sucuri-Id
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-FPC
Cache-Cookie-Set-From
X-Scheme
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Policy
X-HostName
X-PJAX-URL
WebServer
X-Fpc
X-Request-Start
X-SRV
X-Fastly-Backend-Reqs
X-Azure-Ref-OriginShield
Amp-Access-Control-Allow-Source-Origin
X-Amzn-Remapped-Date
X-Cache-Id
X-Amzn-Remapped-Connection
Processtime
Rt-Proxy-Cache
X-SN
Cteonnt-Length
X-Dynatrace
X-Esi-Check
X-BE
X-Cache-NGX
Servername
X-Newrelic-App-Data
X-Swift-Error
Load-Balancing
Sid
X-SD-PageType
X-ZONE
FSS-Cache
X-ID
Lb
X-Gzip
FSS-Proxy
Release
Cache-Provider
X-BC
SD-X-WS
Magicmarker
X-WA
X-Frame-Option
X-WR-MODIFICATION
X-StackifyID
CF-IPCountry
X-Method
Dynatrace
X-Snapshot-Date
X-Wix-Viewer-Type
Requestid
X-Instart-Info
X-LB-ID
CDN
X-Branch-Name
X-VCT
X-CACHE-AGE
X-Configured-By
X-ECACHE
L
X-Compress-Hint
Request-Time
X-Cache-PHP
V-Cache
X-VC
D-Cc-Upstream
X-SB
X-Aicache-OS
X-Request-Url
X-Fastly-Cache-Hits
X-Cc-Req-Id
Warning
X-Cc-Via
X-Tid
WZWS-RAY
X-Litespeed-Cache-Control
X-Apw-Access-Action
X-Worker
X-Nananana
Proxy-Firewall
X-ECache
Lfy
X-Apw-Access-Object
LB
SID
X-Be
Ohc-Response-Time
X-App
X-Check-Cacheable
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
Cneonction
X-Request-URL
X-Powered-Y
WP-Super-Cache
X-Apw-Hits
X-ElasticPress-Search
X-WPE-Loopback-Upstream-Addr
X-GEO
X-Apw-Access-Token