Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
X-XSS-Protection
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
X-AspNet-Version
Access-Control-Allow-Credentials
X-Xss-Protection
X-Runtime
CF-Ray
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ua-Compatible
X-Ws-Request-Id
X-Amz-Request-Id
X-Amz-Id-2
X-Robots-Tag
X-Page-Speed
X-Server-Powered-By
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
X-UA-Device
Feature-Policy
Server-Timing
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Server-Id
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Backend-Server
X-Cloud-Trace-Context
X-Vhost
X-Readtime
X-Dispatcher
Request-Id
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-ORACLE-DMS-ECID
X-Mod-Pagespeed
X-ORACLE-DMS-RID
NEL
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
P3p
Rating
Edge-Control
X-Akam-SW-Version
X-Dns-Prefetch-Control
Pinterest-Generated-By
Allow
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-TTL
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-Varnish-TTL
X-Instart-Request-ID
X-DynaTrace
X-Goog-Hash
X-TtlSet
X-PC
X-Vname
X-ESI
Verso
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Url
X-Vcache
X-B3-TraceId
X-Version
X-Forwarded-Proto
X-GitHub-Request-Id
X-Kinja-Revision
X-Cdn-Fetch
X-Kinja-Build
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Use-Magma
X-Kinja-Server
X-MS-InvokeApp
RTSS
X-Server-Name
X-D2id
X-Abt-Application-Version
X-Px
Edge-Cache-Tag
X-Server-ID
X-Debug
AR-PoweredBy
AR-CACHE
AR-ATIME
Ar-Sid
AR-Request-ID
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Navigation-Version
X-Vcap-Request-Id
X-MSEdge-Ref
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Display
X-Sol
X-Accel-Expires
X-Amz-Rid
Arr-Disable-Session-Affinity
TCN
X-Fastcgi-Cache
X-Pinterest-Rid
Pinterest-Version
X-SharePointHealthScore
X-VARITI-CCR
Public-Key-Pins
X-Fastly-Request-ID
X-Powered-CMS
X-SRCache-Fetch-Status
X-SRCache-Store-Status
MS-Author-Via
Nginx-Cache
X-Trace
X-Cdn
X-Client-IP
X-Edge-O15-RID
Cache-Tag
Realpath
X-Ser
Access-Control-Request-Method
X-Content-Type
Nel
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
MRF-Tech
X-B3-TraceId-Primal
X-Amzn-Trace-Id
SPIisLatency
SPRequestDuration
X-Shard
X-Upstream
X-Hp-Webp
X-Jurisdiction
X-Id
X-Grace
X-Ezoic-Cdn
X-DynaTrace-JS-Agent
S
X-Forwarded-For
Front-End-Https
X-Amz-Meta-S3cmd-Attrs
X-Hits
X-Cache-TTL
X-T
Fastcgi-Cache
DynaTrace
X-Recruiting
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Varnish-Age
X-Content-Digest
X-Dw-Request-Base-Id
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Mobile-URL
X-FTR-Cache-Status
X-FTR-Expires
ServerID
MicrosoftSharePointTeamServices
X-DIS-Request-ID
Server-Node
NR-ENABLED
TP-L2-Cache
X-HS-Hub-Id
TP-Cache
X-HS-Cache-Config
X-Frontend
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
Powered
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Amz-Apigw-Id
X-Correlation-Id
X-Amzn-RequestId
Upgrade-Insecure-Requests
X-Cache-Hit
X-FTR-Cache-Host
Fastly-Restarts
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
X-XRDS-Location
Backend-Timing
X-Page-Id
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-Content-Options
X-Request-Processing-Time
X-User-Agent
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Zen-Fury
Refresh
X-Origin-Server
X-Varnish-Grace
X-Rid
X-Akamai-Edgescape
X-XRDS-LOCATION
X-Revision
X-B
X-Type
X-Content-Powered-By
PB-PID
X-LB-Cache
PB-RID
X-Mobile-Rewrite
Arc-Version
X-B3-Sampled
X-Geo-Country
Cache-Status
X-Az
X-AppVersion
X-Activity-Id
X-URL
X-Kinsta-Cache
X-N
X-Cache-Action
X-Cache-Age
X-B-Cache
X-TT
X-WebKit-CSP-Report-Only
X-Signature
X-Jobs
X-Framework
Access-Control-Allow-Method
X-Debug-Info
X-FB-Debug
X-Instance
X-Request-Guid
X-AOL-HN
X-Time
X-Cached-By
Paypal-Debug-Id
X-Git-Hash
X-Tumblr-Pixel
Actual-Object-TTL
X-Tumblr-User
X-Tumblr-Pixel-0
X-Load-Cache
X-App-Environment
X-NWS-LOG-UUID
X-PHP-Backend
Fastcgi-Useragent
X-Pad
X-Tt-Trace-Host
X-Tt-Trace-Tag
DC
X-Shield-Request-Id
X-Amz-Replication-Status
X-Varnish-Backend
X-RateLimit-Remaining
X-Webkit-Csp
Host-Header
Host
X-WA-Info
X-ATG-Version
X-IPLB-Instance
Surrogate-Key
MS-CV
X-ORACLE-APMCS-TAG
X-Contextid
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Kong-Proxy-Latency
X-Erf-Bev-Bev
X-Kong-Upstream-Latency
X-Host-Name
X-Response-Served-From
FilterID
Frame-Options
X-Accel-Buffering
NGB
X-FastCGI-Cache
Payment
Retry-After
Tracecode
Source
X-SS-Set-Cookie
X-Cache-NE
Xserver
X-Varnish-Server
X-Region
X-Cache-2
X-Hostname
X-GeoIP
X-Srv
X-Rendered-As
Eomportal-Instance
X-FW-Type
WPE-Backend
X-FW-Hash
X-FW-Static
X-Cacheable-TTL
Filters
X-FW-Serve
X-Cluster
X-FW-Server
X-Is-Bot
X-Origin-Response-Time
X-Presslabs-Stats
Cache-Tv-Group
X-Cache-Enabled
X-IPS-LoggedIn
X-Varnish-Hostname
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Cache-Operation
Liferay-Portal
X-NewRelic-App-Data
X-Cache-Rule
X-Seen-By
X-Adobe-Content
X-Adobe-Loc
X-Cache-Key
Server-Info
X-App-Server
X-TX-ID
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-ProcessESI
X-Analytics
X-Cache-TTL-Remaining
X-CACHE-KEY
Cleartype
X-Webapp-Samesite-None-Activated-N
X-L-Path
Accept-CH
X-Environment-Context
X-FireWall-Port
X-Handled-By
X-B3-Traceid
X-Upgrade-Enabled
X-Source
X-RTag
Ms-Operation-Id
X-Endurance-Cache-Level
X-Dc
X-HTML-Minification-Powered-By
X-Cache-Server
From-Origin
X-UA
Accept-Charset
X-Backend-Name
Datacenter
Srv
X-APP-VERSION
X-UUID
Accept-CH-Lifetime
Meta-Geo
X-Cache-Var-Map
X-Cache-Var
X-RN-RSRV
X-ES-SERVER
X-Path-Route
Selected-Fe
X-Access
X-Section
X-Proxy-Build
X-Format
X-Timing-Wait
Healthy
OT-Force-Account-Verify
X-Alternate-Cache-Key
X-EIG-Tracking-Id
Mn-Server-Ip
Cache-Tags
X-Content-Age
X-Cache-Config
X-Tb
X-Sorting-Hat-PodId
X-PressLabs-Stats
X-Sorting-Hat-ShopId
X-ShopId
X-Request-Time
X-Wix-Request-Id
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Shopify-Generated-Cart-Token
X-ShardId
X-Shopify-Stage
X-BYPASS-REASON
X-Soup
X-Yottaa-Metrics
X-AWS-Id
X-OCL
NGX
X-PCL
X-FC-Vary-Parameters
X-VWS-Id
X-Vgn-Hpd-Reason
X-Akamai-Request-ID2
X-Akamai-Request-ID
X-Yottaa-Optimizations
Akamai-GRN
X-ServerID
X-JoinUs
X-Proxy-Cache-Status
X-NYM-Debug-Backend
X-Hl-Ver
X-Origin
X-Proto
X-ProxyCache-Key
X-ProxyCache-Status
X-Qloud-Router
X-SaId
X-LJ-Flow-ID
X-Debug-Cache
X-Hosted-By
X-Human
Node
Ec-Rule-Version
DB-Nickname
Cross-Origin-Window-Policy
X-SayCDN-TTL
X-Web-Node
Decoy-Debug-Key
Decoy-Debug-Status
X-Say-TTL
Origin-Edge-Control
Decoy-Debug-TTL
X-Say-Cacheable
X-Loop
X-Storage
X-FW-Dynamic
X-Time-Microsecs
X-Status
X-CCM
X-Detected-As
X-Pubstack
X-FB-TRIP-ID
X-Proxy
X-Locale
X-Www-Served-By
Version
X-Viewer-Country
X-MP-GENERATED-AT
X-BCube-Filmed-By
X-TNCMS
Origin-Cache-Control
Now
GEO-INFO
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Privacy
Webcakes-App-Version
TWC-GeoIP-Country
S-Rt
TWC-Connection-Speed
TWC-Device-Class
Webcakes-Region
X-Akamai-Transformed
X-Origin-Hint
X-Hyper-Cache
X-IP
X-Generated-By
X-R9-Blue-Green-Version
X-RCS-CacheZone
X-Amzn-Remapped-Content-Length
Property-Id
Webcakes-App-Name
X-Generated
X-Site-Version
X-Xfnlog-Site
Azure-SlotName
Azure-Version
X-CLOUD-TRACE-CONTEXT
Azure-RegionName
Azure-SiteName
X-Redis-Cache
Azure-InstanceId
X-Varnish-Hits
X-NCache
X-Cluster-Node
X-Cache-Control
X-Whom
X-RateLimit-Limit
X-Unique-Id
Cache
X-Daa-Tunnel
Cache-Key
X-Cache-Host
X-Drupal-Cache-Tags
X-Ttl
X-UA-Device-Type
X-Rule
X-NGENIX-Cache
X-Mode
Webserver
L5d-Success-Class
X-Backend-TTL
X-Forwarded-Host
X-Esi
Time
Mime-Version
Content-Disposition
Viewport
Section-Io-Cache
X-UnsetCookies
X-CS
X-VHOST
Accept-Language
X-Info
Cache-Name
X-ApacheServer
X-PERF
X-Origin-CC
Rt-Fastcgi-Cache
X-Origin-TTL
X-Varnish-Cache-Hits
X-CDN-Forward
Uber-Trace-Id
X-Newrelic-Synthetics
Country
ServedBy
X-B3-Spanid
X-Cache-Remote
Odigeo-Trace-Id
X-Device-Type
X-Proxied
X-Zipkin-Id
X-EC-Lua
X-Routing-Service
X-VCache
X-From
X-Via-Fastly
X-Cluster-Name
Proxy-Connection
X-Uri
X-Magnolia-Registration
X-Drupal-Cache-Contexts
X-Microcachable
Access-Control-Request-Headers
HitType
X-Real-IP
X-Geo
VIX-Pulpo-Upstream-Status
Geo-Info
VIX-Pulpo-Node
X-TT-TIMESTAMP
Ohc-File-Size
Content-Script-Type
X-A-Dgt
X-A-Wwc
BehaviorPad-Version
X-Aed
Apple-News-Services-Host
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Content-Style-Type
X-Accel-Expires-Debug
Apple-News-Services-Request-Url
AsisCache
X-A
Rendered-Blocks
T-Server
Viewtype
Machine
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
VivaBuild
GEO-REGION-INFO
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
Fastcgi-X-Cache-Version
X-Varnish-Beresp-Ttl
X-A-Dam
W
X-A-Ccd
X-A-Dcw
X-External-Request-Id
X-S-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-Sigma
X-Rojux
X-Rocket-Build-Number
X-Geo-Header
X-GeoIP-Country-Code
X-Region-Sid
X-Rewrite-Enabled
X-Sigma-Backend
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Nc
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-G
X-Request-UUID
X-Connection-Hash
X-D
X-Date
X-CF-Lambda-Version
X-B-Cookie
X-Application
X-ARC
X-Destination
X-CF-Lambda-Fn
X-DPWN-IS-SECURE
X-C
Cf-Ipcountry
X-Cache-Time
CDCHOST
X-Var-Ttl
X-Bip
X-Cache-Debug
Countrycode
X-Hit
X-WebServer
X-Agile-Id
X-App-Name
X-Agile
Fastly-SIE
X-Eu-Site
X-VG-TLSProxy
X-Cache-Expired-At
Locid
X-Clientip
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Developers
X-Agile-Age
HA-Ipaddr
X-CGP
Fastly-SWR
X-Distil-CS
X-Thanos
Ha-Gx-Prefs
Powered-By
Cache-Hits
Fastly-Soc-X-Request-Id
X-Backend-State
X-Labrador-Cache-Channel
X-PHP-Host
Group
X-No-Session
X-GoCache-CacheStatus
User-Cache-Control
Fastly-SSL
Filterid
X-RateLimit-Remaining-Second
X-Fetched-On
X-Request-URI
X-Has-Esi
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Platform-Server
X-OVcl-Cache
X-Air-Hostname
X-OVcl
X-Owner
X-GeoIP-City
Server-Cache-Control
Server-ID
RNT-Time
RNT-Machine
Request-EU
Server-Int
Server-Surrogate-Control
AKAMAI
X-NX-Host
V-Age
X-Hash
X-Servername
We-Hiring
X-Auto-Login
X-CUA
X-Is-Gdpr
X-Core-Mission
X-Contensis-Viewer-Groups
X-JWT-State
X-Debug-Cookies
X-Debug-Log
X-IN-APIGATEWAY
X-Epic-Correlation-Id
X-IN-APIGATEWAYSSL
X-Dispatcher-Server
X-Instart-Isnd
X-Cms-Context
X-Li-Fabric
X-Ms-Request-Id
X-Logging-Id
X-Ms-Version
X-Nginx-Cache-Key
Request-Country
X-Cache-ASPX
X-LI-UUID
X-Li-Pop
X-Cdn-Srv
X-Cache-Tags
X-LI-Proto
X-NodeID
True-Client-Country-4JS
Is-Eu
IsBot
Kp-EeAlive
Heartbleed
Environment
X-Urbn-Context-Path
X-SIPLIST1
X-Wikidot-Static-Cache
Mail-Subject
X-Wikidot-Backend
X-Tumblr-Pixel-3
X-Gamma-Serve
Country-Code
X-VServer
Ohc-Cache-HIT
Gh-Request-Id
X-Urbn-Site-Id
Fastly-Backend-Name
Platform
X-Generated-In
X-SVT-ORM-VERSION
Pragrma
X-SVT-ORM-RULES
Adler-Geo
X-Swa-Ws
X-TrackingId
X-Variation
X-Trace-Id
Cache-Host
X-Varnish-Authentication
X-TH-Server
X-VC-Cache
Locale
X-Edge-Location
X-WADP-Cache
X-Gen-Mode
Cdncip
X-Debug-Cache-Store
X-Hnp-Log
X-NU-AKA-ACS-Version
X-Generated-On
X-Distributor
X-Cache-Info
X-Debug-Cache-Fetch
X-Debug-Cache-Expiry
X-Block-Status
X-App-Version
Web-Mar-Node
X-Clara-WADP
X-Webstats-RespID
X-We-Are-Hiring
X-Cache-URL
X-Irp-Debug
Cdnsip
X-Level-Front-Cache
X-Origin-Date
X-Generation-Time
X-Trafficlayer-App-Name
X-Server-W
X-Trafficlayer-App-Scope
Memcached
Wxu-Next-Commit
X-Trafficlayer-App-Version
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Service
X-ServiceProvider
Server-Host
PFcat
Thinkindot-CacheControl
X-Thinkindot-L3
X-Matched-Rule
Wxu-Next-Hostname
X-Origin-Expires
X-Up
X-Azure-Ref
FNAC-ModuleRouting
X-Micro-Cache
X-BBXSRF
IBM-Web2-Location
X-AK-Request-ID
X-Req
Wxu-Next-Region
ServerName
X-FW-Version
X-Reboot
S-Cnection
X-UPSTREAM-Address
X-Fastly-Cache
X-S-Maxage
X-TT-LOGID
X-Cache-Bucket
X-Core-Value
X-Response-By
X-Lb-Id
X-Old-Content-Length
X-Nginx-Cache
X-Wa
X-Refresh
X-Render-Time
X-SERVER
RequestId
X-Cache-Backend
X-User
Powered-By-ChinaCache
X-Varnish-Cacheable
X-Sucuri-ID
X-Oss-Hash-Crc64ecma
X-NC
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Storage-Class
X-Internal-Host
X-Key
X-CSRF-TOKEN
X-TA-CDN-Provider
X-Developer
X-Pjax-Url
X-Tec-Api-Version
User-Agent
X-Tec-Api-Root
X-Node-Id
X-Tec-Api-Origin
X-Parent-Response-Time
Origin
X-Sucuri-Cache
X-Ua-Device
X-Cache-Status-Check
X-Ua
X-Location
SRV
X-Tb-Optimization-Total-Bytes-Saved
X-CSRF-Token
X-CF-Powered-By
X-Cdn-Origin
X-Ocache
X-LAGOON
X-Pf-Uncompressing
X-NWS-UUID-VERIFY
X-Cache-Grace
X-Device-Os
X-Sn-Servicetimems
Hostname
X-Cdn-Forward
X-BACKEND-TTL
A
Geoip-Latitude
Memory
On-Server
Geoip-City
ProcessTime
X-Via-CDN
X-B3-Parentspanid
X-NGINX-Cache
GeoIp-Country-Code
TTL
X-Request-Host
PICS-Label
X-MSEdge-Flight
X-MSEdge-Features
Cloudfront-Viewer-Country
X-COUNTRY
X-Vcl-Version
X-Correlation-ID
X-Server-IP
X-Unique-ID
X-Servedbyhost
X-Webkit-CSP
X-Litespeed-Cache
X-B3-SpanId
X-Rocket-Nginx-Bypass
X-Varnish-Ttl
Cdn
Dnion-Transfer-Encoding
X-Varnish-URL
Resin-Trace
XServer
X-TIME
M-TraceId
Media-Length
Tcn
X-HS-Status
X-Cdn-Request-ID
SN
X-FORWARDED-FOR
Host-ID
X-Slack-Backend
X-ServedByHost
X-Action
CACHE
X-Ratelimit-Remaining
HostName
X-Beluga-Response-Time
X-Processor
X-RPS
X-Cache-Ttl
X-Beluga-Cache-Status
X-RSL
Who
X-DI
X-Beluga-Trace
X-DB
X-DSS
X-DW
X-RPM
X-Beluga-Status
X-Via-Ucdn
Arc-Country
X-Cache-FS-Status
X-Dispatch
X-Server-Time
X-PAYTM-SRV-ID
X-Beluga-Node
Pramga
X-Beluga-Record
X-Skip-Cache
X-ND-Cache
X-Fastly-Country-Code
X-Served-From
Esi-Enabled
Fastly-Drupal-HTML
X-Reqid
X-Sucuri-Id
Cdn-Host
GeoIP-Country-Code
Cdn-Request-Time
X-AIR-PT
Pics-Label
NtCoent-Length
X-Edge-Server
X-VCL-Version
X-DC
X-Dynatrace-Js-Agent
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
N-Cache
X-Planisys-CDN-Rules
X-Varnish-Url
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Flog
X-ABtesting
Amp-Access-Control-Allow-Source-Origin
GeoIP-City
GeoIP-Latitude
X-DevSite-Last-Modified
X-Bc-Bl
X-Policy
X-VarnishDD-TTL
X-Hello
Ttl
X-LiteSpeed-Cache-Control
CF-Cached-On
MIME-Version
Fusion-Deployment-Id
X-Oracle-Dms-Rid
X-Azure-Ref-OriginShield
X-Zone
X-PF-Uncompressing
X-Bc
X-Request-Start
X-Backend-Host
Rt-Proxy-Cache
X-FPC
X-Newrelic-App-Data
X-APP
X-Ratelimit-Limit
X-HostName
X-Ruxit-Js-Agent
Trailer
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
Cache-Cookie-Set-Lfrom
X-Adobe-Source
X-PJAX-URL
X-SRV
WebServer
X-Fastly-Backend-Reqs
X-Swift-Error
X-Amzn-Remapped-Date
Cteonnt-Length
X-Amzn-Remapped-Connection
Magicmarker
X-BE
X-Method
X-Dynatrace
X-Scheme
Processtime
X-Fmm-Version
Servername
X-ID
X-BC
Cache-Provider
X-Fpc
FSS-Cache
FSS-Proxy
X-ZONE
X-WA
X-Frame-Option
X-WR-MODIFICATION
X-SN
Ohc-Response-Time
Dynatrace
L
CF-IPCountry
X-Branch-Name
X-StackifyID
X-Snapshot-Date
Requestid
CDN
X-LB-ID
X-CACHE-AGE
WZWS-RAY
X-SD-PageType
X-Tid
X-Be
X-Compress-Hint
X-SB
X-Cache-NGX
SD-X-WS
Lb
Sid
X-Cache-Id
X-Esi-Check
V-Cache
Release
X-Request-Url
X-Aicache-OS
X-VC
X-Cc-Via
D-Cc-Upstream
X-Fastly-Cache-Hits
Warning
X-Svr
X-App
X-Cc-Req-Id
X-Apw-Access-Token
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Object
Load-Balancing
X-Litespeed-Cache-Control
X-VCT
X-GEO
X-Gzip
SID
LB
X-Instart-Info
X-Node-ID
Backend-Name
X-WPE-Loopback-Upstream-Addr
X-Fastly-Cache-Status
X-Check-Cacheable
Vix-Hermes-Req-Id
Lfy
X-Request-URL
X-Powered-Y
X-Varnish-Beresp-TTL
WP-Super-Cache
X-Worker
Correlation-Id
Cneonction
X-ElasticPress-Search