Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
X-Xss-Protection
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Request-Id
X-Download-Options
CF-Ray
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-Request-ID
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Age
X-Server
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
Cf-Railgun
Grace
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Backend-Server
X-Cloud-Trace-Context
X-Readtime
X-Dispatcher
X-Ruxit-JS-Agent
Request-Id
X-Cache-Lookup
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Template-Id
Fusion-Source
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-Country
X-Rack-Cache
X-Clacks-Overhead
Rating
X-Akam-SW-Version
Edge-Control
P3p
X-DataDome
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Country-Code
X-FTR-Request-ID
X-Varnish-TTL
X-Instart-Request-ID
X-DynaTrace
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
Accept-Ch
Content-MD5
Verso
X-ESI
X-TTL
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
Accept-Ch-Lifetime
X-Vcache
X-GitHub-Request-Id
RTSS
X-Exp-Id
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Cdn-Fetch
X-Use-Magma
X-B3-TraceId
X-Version
X-Forwarded-Proto
X-Server-Name
X-MS-InvokeApp
X-D2id
Edge-Cache-Tag
X-Px
X-Abt-Application-Version
X-Debug
X-Amz-Server-Side-Encryption
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
AR-CACHE
SPRequestGuid
X-Cached
Charset
X-TEC-API-VERSION
X-TEC-API-ROOT
X-NF-Request-ID
X-TEC-API-ORIGIN
X-Navigation-Version
X-MSEdge-Ref
X-Vcap-Request-Id
X-Amz-Rid
Response
X-Sol
Pagespeed
X-Middleton-Response
Display
X-Middleton-Display
Arr-Disable-Session-Affinity
X-Accel-Expires
TCN
X-Fastcgi-Cache
X-Server-ID
X-VARITI-CCR
X-Fastly-Request-ID
X-SharePointHealthScore
Nginx-Cache
MS-Author-Via
X-Pinterest-Rid
Pinterest-Version
Public-Key-Pins
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Trace
X-Client-IP
X-Powered-CMS
X-Cdn
Cache-Tag
Realpath
X-Edge-O15-RID
X-Ser
Access-Control-Request-Method
X-Content-Type
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Upstream
X-Grace
X-Shard
X-Hp-Webp
X-Jurisdiction
X-Cache-TTL
X-Id
Front-End-Https
X-Ezoic-Cdn
X-Forwarded-For
X-Hits
X-Amz-Meta-S3cmd-Attrs
Fastcgi-Cache
X-T
S
Nel
X-DynaTrace-JS-Agent
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Aspnet-Version
X-Content-Digest
X-Node-Name
X-Dw-Request-Base-Id
X-FTR-Expires
X-FTR-Realm
X-Mobile-URL
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend-Server
X-Varnish-Age
MicrosoftSharePointTeamServices
ServerID
X-DIS-Request-ID
NR-ENABLED
TP-Cache
TP-L2-Cache
Server-Node
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Frontend
X-Correlation-Id
X-HS-Cache-Config
X-Goog-Metageneration
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
Powered
X-Goog-Generation
X-Logged-In
X-CST
Alternate-Protocol
Server-Name
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
Fastly-Restarts
X-Cache-Hit
AMP-Access-Control-Allow-Source-Origin
X-FTR-Cache-Host
X-Microsite
X-Request-Handler-Origin-Region
Backend-Timing
X-ATS-Timestamp
X-XRDS-Location
X-Zen-Fury
X-Page-Id
X-Content-Options
X-User-Agent
Refresh
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Request-Received
X-Request-Processing-Time
X-Origin-Server
X-Varnish-Grace
X-Akamai-Edgescape
X-Rid
X-XRDS-LOCATION
X-LB-Cache
PB-RID
X-Mobile-Rewrite
Arc-Version
PB-PID
X-B
X-Revision
X-Content-Powered-By
X-Webkit-Csp
X-Type
X-B3-Sampled
Cache-Status
X-Geo-Country
X-AppVersion
X-Activity-Id
X-Az
X-NWS-LOG-UUID
X-Kinsta-Cache
X-Cache-Action
X-TT
X-N
X-AOL-HN
X-Signature
X-B-Cache
X-Debug-Info
X-Jobs
X-Request-Guid
X-Cached-By
X-WebKit-CSP-Report-Only
X-App-Environment
X-Framework
Access-Control-Allow-Method
X-Git-Hash
X-Time
X-FB-Debug
Actual-Object-TTL
X-Instance
X-PHP-Backend
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Age
Paypal-Debug-Id
X-Tt-Trace-Tag
X-Tt-Trace-Host
Fastcgi-Useragent
X-Amz-Replication-Status
X-Load-Cache
Accept-CH
X-URL
X-Varnish-Backend
Host
DC
Host-Header
X-Pad
X-ATG-Version
X-WA-Info
X-ORACLE-APMCS-TAG
X-ORACLE-APMCS-REQUEST-ID
X-Via-JSL
X-Shield-Request-Id
MS-CV
X-IPLB-Instance
Surrogate-Key
X-RateLimit-Remaining
X-Ttl
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Mobile
X-Erf-Bev-Bev
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Host-Name
Liferay-Portal
Retry-After
Accept-CH-Lifetime
Frame-Options
X-Accel-Buffering
NGB
X-Seen-By
X-Srv
X-Response-Served-From
X-Hostname
X-Cache-Key
X-FastCGI-Cache
Payment
X-NewRelic-App-Data
X-Cache-NE
Tracecode
Source
X-Varnish-Server
X-Origin-Response-Time
Xserver
X-IPS-LoggedIn
X-Cacheable-TTL
X-Cache-Enabled
X-SS-Set-Cookie
X-Cluster
X-Rendered-As
X-Is-Bot
WPE-Backend
X-FW-Static
X-Region
Eomportal-Instance
X-FW-Server
X-FW-Type
X-FW-Serve
X-Cache-2
X-FW-Hash
X-Presslabs-Stats
X-Varnish-Hostname
Server-Info
X-Adobe-Loc
X-Adobe-Content
X-GeoIP
X-App-Server
Filters
X-RequestSource
X-Tumblr-Pixel-2
X-Tumblr-Pixel-1
X-Cache-Rule
X-Cache-Operation
Cache-Tv-Group
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-Cache-TTL-Remaining
FilterID
X-TX-ID
X-Environment-Context
X-L-Path
X-FireWall-Port
Cleartype
Accept-Charset
X-Handled-By
X-Upgrade-Enabled
X-B3-Traceid
X-Source
Ms-Operation-Id
X-RTag
From-Origin
Srv
X-Endurance-Cache-Level
X-Analytics
X-Backend-Name
X-Cache-Server
X-HTML-Minification-Powered-By
X-UA
X-CACHE-KEY
X-UUID
Datacenter
Healthy
X-Wix-Request-Id
X-Dc
X-APP-VERSION
X-Unique-Id
X-Path-Route
Meta-Geo
X-Daa-Tunnel
X-Cache-Var
X-RN-RSRV
X-Cache-Var-Map
X-Status
X-ES-SERVER
X-Proxy-Build
Selected-Fe
OT-Force-Account-Verify
X-Whom
X-Timing-Wait
X-Tb
X-Shopify-Stage
X-Format
X-Request-Time
Akamai-GRN
X-Section
X-PCL
Mn-Server-Ip
X-PressLabs-Stats
X-Proto
Version
X-Akamai-Transformed
X-Akamai-Request-ID
X-ShopId
X-Sorting-Hat-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Config
X-Access
X-Shopify-Generated-Cart-Token
X-OCL
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-EIG-Tracking-Id
X-Content-Age
X-ShardId
X-FC-Vary-Parameters
X-ProxyCache-Status
Decoy-Debug-Key
Decoy-Debug-Status
X-Human
X-Hyper-Cache
X-ProxyCache-Key
X-Hosted-By
X-Soup
X-Redis-Cache
X-Qloud-Router
X-Hl-Ver
Decoy-Debug-TTL
X-Debug-Cache
Node
X-Say-TTL
X-AWS-Id
X-Say-Cacheable
X-Web-Node
X-Origin
X-SayCDN-TTL
Cache-Tags
X-NYM-Debug-Backend
X-SaId
X-VWS-Id
X-LJ-Flow-ID
X-Vgn-Hpd-Reason
X-JoinUs
X-Viewer-Country
Origin-Cache-Control
X-Proxy-Cache-Status
Origin-Edge-Control
Ec-Rule-Version
X-BYPASS-REASON
X-Yottaa-Optimizations
X-Yottaa-Metrics
GEO-INFO
Now
NGX
X-Time-Microsecs
X-ServerID
X-Loop
X-Locale
X-Detected-As
X-FB-TRIP-ID
X-Pubstack
X-CCM
X-Proxy
Azure-RegionName
Azure-InstanceId
Azure-SiteName
Azure-SlotName
Azure-Version
X-Www-Served-By
X-FW-Dynamic
DB-Nickname
X-Site-Version
X-Storage
X-TNCMS
X-Generated-By
X-BCube-Filmed-By
X-Generated
Cross-Origin-Window-Policy
X-Akamai-Request-ID2
TWC-Privacy
TWC-Locale-Group
X-Origin-Hint
Webcakes-App-Version
X-R9-Blue-Green-Version
Webcakes-App-Name
TWC-GeoIP-LatLong
S-Rt
Property-Id
X-RCS-CacheZone
TWC-Connection-Speed
TWC-Device-Class
X-Varnish-Hits
TWC-GeoIP-Country
X-Ua-Device
X-Webapp-Samesite-None-Activated-N
Webcakes-Region
X-IP
X-NCache
X-Xfnlog-Site
X-Amzn-Remapped-Content-Length
X-UA-Device-Type
X-Cluster-Node
X-MP-GENERATED-AT
Cache-Key
Section-Io-Cache
X-NGENIX-Cache
X-Backend-TTL
X-Cache-Control
X-RateLimit-Limit
X-Cache-Host
X-Drupal-Cache-Tags
X-Mode
X-Forwarded-Host
Webserver
X-Rule
Time
X-Esi
X-CDN-Forward
Content-Disposition
X-Info
Cache
L5d-Success-Class
Mime-Version
X-ApacheServer
X-Varnish-Cache-Hits
X-PERF
X-UnsetCookies
X-Newrelic-Synthetics
Accept-Language
Cache-Name
ServedBy
X-Cache-Remote
X-CS
Viewport
X-Origin-TTL
X-Origin-CC
Rt-Fastcgi-Cache
Uber-Trace-Id
Country
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-B3-Spanid
X-Device-Type
X-Via-Fastly
Odigeo-Trace-Id
Filterid
X-Uri
X-Magnolia-Registration
X-EC-Lua
X-VCache
X-CLOUD-TRACE-CONTEXT
X-From
X-Geo
X-Real-IP
Proxy-Connection
Access-Control-Request-Headers
X-Cluster-Name
Cf-Ipcountry
X-Drupal-Cache-Contexts
HitType
X-Microcachable
Geo-Info
X-Varnish-Beresp-Ttl
X-TT-TIMESTAMP
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Cache-Time
X-PHP-Host
X-Labrador-Cache-Channel
Apple-News-Services-Host
Apple-News-Services-Handled
Cache-Hits
Apple-News-Services-Parsed-Url
GEO-REGION-INFO
Content-Style-Type
Fastcgi-X-Cache-Version
Content-Script-Type
BehaviorPad-Version
AsisCache
Apple-News-Services-Request-Url
VivaBuild
X-S
X-Rojux
X-S-Cookie
X-ScT
X-Session-Fingerprint
X-Rocket-Build-Number
X-Rewrite-Enabled
X-G
X-External-Request-Id
X-GeoIP-Country-Code
X-Region-Sid
X-Request-UUID
X-Sigma
X-Sigma-Backend
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-TLSProxy
X-Vdms-Version
X-SRCache-Key
X-Transaction
X-Trv-Group
X-Twitter-Response-Tags
X-DPWN-IS-SECURE
X-Destination
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
W
X-A
X-A-Ccd
Viewtype
T-Server
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Rendered-Blocks
X-A-Dam
X-A-Dcw
X-CF-Lambda-Version
X-B-Cookie
X-Connection-Hash
X-D
X-Date
X-ARC
X-Application
X-A-Dgt
X-A-Wwc
X-Accel-Expires-Debug
X-Aed
Machine
X-CF-Lambda-Fn
Group
User-Cache-Control
Ohc-File-Size
X-Agile-Age
X-App-Name
X-Agile-Id
X-Bip
X-CGP
X-Cache-Expired-At
X-Cache-Debug
X-Backend-State
Powered-By
Fastly-SWR
Fastly-SIE
Environment
Ha-Gx-Prefs
HA-Ipaddr
X-CUA
Locid
IsBot
X-Agile
X-Distil-CS
X-Var-Ttl
X-TrackingId
X-Thanos
X-VC-Cache
X-WebServer
X-Cdn-Srv
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-SIPLIST1
X-Nc
X-Hit
X-Geo-Header
X-Eu-Site
X-Logging-Id
X-OVcl-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-OVcl
Countrycode
X-Clientip
CDCHOST
X-C
X-GoCache-CacheStatus
X-Hash
X-Hnp-Log
X-GeoIP-City
X-Generated-In
X-Fastly-Cache
X-Fetched-On
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-LI-Proto
X-LI-UUID
X-Li-Pop
X-Li-Fabric
X-Instart-Isnd
X-Irp-Debug
X-Epic-Correlation-Id
X-Distributor
X-Cache-Info
X-Cache-Tags
X-Azure-Ref
X-Cache-Bucket
X-BBXSRF
X-Block-Status
X-Cache-URL
X-Air-Hostname
X-Micro-Cache
X-Dispatcher-Server
X-Debug-Log
X-Debug-Cookies
X-Clara-WADP
X-Core-Mission
X-Varnish-Authentication
X-Ms-Version
X-Variation
X-VServer
X-Contensis-Viewer-Groups
X-Up
X-Developers
X-TH-Server
X-Trace-Id
X-WADP-Cache
X-We-Are-Hiring
X-Cache-ASPX
X-Auto-Login
Server-Surrogate-Control
Server-Cache-Control
X-Webstats-RespID
Gh-Request-Id
X-Swa-Ws
S-Cnection
X-NX-Host
X-Origin-Date
X-NU-AKA-ACS-Version
X-NodeID
Adler-Geo
X-Nginx-Cache-Key
X-Origin-Expires
X-Owner
X-Request-URI
X-Servername
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Platform-Server
X-Proxy-Upstream
X-Ms-Request-Id
X-Gen-Mode
Kp-EeAlive
RNT-Time
We-Hiring
RNT-Machine
Request-Country
Request-EU
Server-ID
Server-Int
True-Client-Country-4JS
IBM-Web2-Location
V-Age
Cache-Host
Is-Eu
Pragrma
Web-Mar-Node
Mail-Subject
Fastly-Backend-Name
Memcached
Country-Code
Platform
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
X-Edge-Location
X-App-Version
X-JWT-State
Thinkindot-CacheControl
X-Generated-On
X-No-Session
X-Matched-Rule
X-FW-Version
X-Trafficlayer-App-Version
X-Trafficlayer-App-Scope
X-Req
X-Trafficlayer-App-Name
X-Service
X-ServiceProvider
X-Is-Gdpr
X-Has-Esi
Server-Host
X-Gamma-Serve
X-Thinkindot-L3
X-Level-Front-Cache
PFcat
Thinkindot-CacheControl-Type
X-SVT-ORM-RULES
X-TT-LOGID
X-Urbn-Context-Path
X-Cms-Context
Ohc-Cache-HIT
Wxu-Next-Region
Wxu-Next-Hostname
X-Server-W
Cdncip
X-Urbn-Site-Id
Locale
X-SVT-ORM-VERSION
Fastly-Soc-X-Request-Id
AKAMAI
Cdnsip
ServerName
Wxu-Next-Commit
FNAC-ModuleRouting
X-Debug-Cache-Fetch
X-Nginx-Cache
X-AK-Request-ID
X-Debug-Cache-Store
Heartbleed
Thinkindot-Control
X-Reboot
X-Debug-Cache-Expiry
X-Core-Value
X-Tumblr-Pixel-3
X-Node-Id
Fastly-SSL
X-Old-Content-Length
X-Generation-Time
X-Response-By
X-Varnish-Cacheable
X-NC
X-Lb-Id
User-Agent
X-Sucuri-ID
X-VHOST
RequestId
X-Refresh
X-SERVER
X-UPSTREAM-Address
Powered-By-ChinaCache
X-Wa
Hostname
X-S-Maxage
X-Developer
X-Cache-Status-Check
X-NWS-UUID-VERIFY
X-Parent-Response-Time
X-Cdn-Origin
X-Cache-Grace
X-CF-Powered-By
X-CSRF-TOKEN
X-Render-Time
X-LAGOON
X-Device-Os
X-Sn-Servicetimems
X-Cache-Backend
X-User
X-Tec-Api-Origin
X-Ocache
X-Tec-Api-Root
X-Tec-Api-Version
Origin
X-Pjax-Url
On-Server
X-Key
X-Internal-Host
X-CSRF-Token
A
X-Ua
X-Request-Host
X-Pf-Uncompressing
X-MSEdge-Features
X-MSEdge-Flight
Cloudfront-Viewer-Country
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
Memory
X-Location
Geoip-Latitude
X-TA-CDN-Provider
X-Via-CDN
Geoip-City
SRV
GeoIp-Country-Code
PICS-Label
X-COUNTRY
X-Varnish-URL
X-Dynatrace-Js-Agent
X-NGINX-Cache
X-BACKEND-TTL
ProcessTime
X-Cdn-Forward
X-B3-Parentspanid
X-Vcl-Version
TTL
Resin-Trace
X-Webkit-CSP
X-Servedbyhost
X-Litespeed-Cache
X-Slack-Backend
Cdn
X-Ratelimit-Remaining
X-HS-Status
X-Varnish-Ttl
X-Server-IP
X-Rocket-Nginx-Bypass
XServer
X-TIME
M-TraceId
Dnion-Transfer-Encoding
X-Cache-FS-Status
SN
Arc-Country
X-Dispatch
X-Server-Time
X-B3-SpanId
Fusion-Deployment-Id
Tcn
X-Processor
X-PAYTM-SRV-ID
Pramga
CACHE
X-DC
X-FORWARDED-FOR
Trailer
X-ServedByHost
X-Unique-ID
X-Cdn-Request-ID
Section-Origin-Responded
Media-Length
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Host-ID
X-ND-Cache
X-Skip-Cache
Section-Io-Id
Cdn-Host
Cdn-Request-Time
X-Cache-Ttl
X-Served-From
X-Edge-Server
X-Beluga-Node
Fastly-Drupal-HTML
X-Beluga-Status
X-Beluga-Response-Time
X-Beluga-Record
X-Action
X-Beluga-Cache-Status
X-Beluga-Trace
X-VCL-Version
HostName
X-RPM
X-DW
Who
X-DI
X-DB
X-RSL
X-DSS
X-RPS
Ttl
X-Fastly-Country-Code
X-DevSite-Last-Modified
N-Cache
NtCoent-Length
X-Adobe-Source
X-Correlation-ID
X-Bc-Bl
X-Via-Ucdn
GeoIP-Country-Code
Pics-Label
CF-Cached-On
GeoIP-Latitude
GeoIP-City
X-Backend-Host
X-ABtesting
X-Flog
X-Hello
X-Datadome
X-Reqid
X-LiteSpeed-Cache-Control
X-Oracle-Dms-Rid
MIME-Version
X-Ratelimit-Limit
X-APP
Cache-Cookie-Set-From
X-Varnish-Url
X-AIR-PT
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
X-Bc
X-Zone
Esi-Enabled
X-PF-Uncompressing
X-VarnishDD-TTL
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Scheme
X-Fmm-Version
X-Planisys-CDN-Cache
X-FPC
X-Policy
X-Sucuri-Id
X-HostName
X-SRV
X-Azure-Ref-OriginShield
X-Request-Start
X-PJAX-URL
X-Fastly-Backend-Reqs
WebServer
X-Fpc
Amp-Access-Control-Allow-Source-Origin
Rt-Proxy-Cache
Cteonnt-Length
X-Cache-Id
X-Dynatrace
X-Amzn-Remapped-Date
X-BE
X-SN
X-Amzn-Remapped-Connection
Processtime
X-WA
X-Esi-Check
X-Newrelic-App-Data
X-Swift-Error
Servername
Load-Balancing
X-Cache-NGX
X-SD-PageType
X-ID
X-Gzip
Magicmarker
SD-X-WS
FSS-Cache
X-BC
X-ZONE
Lb
FSS-Proxy
Cache-Provider
Sid
Release
X-WR-MODIFICATION
X-Frame-Option
X-Instart-Info
CDN
X-VCT
Requestid
X-StackifyID
X-Wix-Viewer-Type
X-Snapshot-Date
X-LB-ID
X-Branch-Name
Dynatrace
X-Configured-By
CF-IPCountry
X-Method
X-CACHE-AGE
X-Cache-PHP
Request-Time
X-Compress-Hint
L
Proxy-Firewall
X-ECACHE
X-Cc-Req-Id
X-VC
D-Cc-Upstream
X-SB
X-Request-Url
V-Cache
X-Fastly-Cache-Hits
X-Cc-Via
Warning
WZWS-RAY
X-Aicache-OS
X-Tid
X-Litespeed-Cache-Control
X-ECache
X-Apw-Access-Object
X-Nananana
X-Apw-Access-Action
X-Worker
X-Apw-Access-Token
SID
LB
X-Be
Lfy
Ohc-Response-Time
X-Powered-Y
X-App
X-Varnish-Beresp-TTL
X-Fastly-Cache-Status
Cneonction
X-Check-Cacheable
X-GEO
WP-Super-Cache
X-ElasticPress-Search
X-WPE-Loopback-Upstream-Addr
X-Request-URL
X-Apw-Hits