Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
X-XSS-Protection
Link
ETag
CF-RAY
Expect-CT
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Download-Options
X-Request-Id
X-AspNet-Version
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
X-Permitted-Cross-Domain-Policies
X-Xss-Protection
X-Cacheable
X-DNS-Prefetch-Control
X-Template
CF-Ray
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
X-Content-Security-Policy
Content-Encoding
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
Xkey
X-Via
X-Backend
X-Server
X-Age
X-Ws-Request-Id
X-Amz-Id-2
X-Amz-Request-Id
X-Robots-Tag
X-Server-Powered-By
X-Page-Speed
EagleId
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
X-UA-Device
Request-Context
Feature-Policy
Server-Timing
X-Varnish-Cache
Cf-Railgun
X-Swift-SaveTime
X-Swift-CacheTime
Grace
Ali-Swift-Global-Savetime
X-Amz-Version-Id
X-Ua-Compatible
Report-To
X-LiteSpeed-Cache
X-Rq
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-WebKit-CSP
X-Device
X-Host
X-Origin-Cache
X-Server-Id
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Backend-Server
X-Cloud-Trace-Context
X-Readtime
X-Vhost
X-Dispatcher
Request-Id
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cache-Lookup
X-Cnection
X-Application-Context
X-HW
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
P3p
X-Dns-Prefetch-Control
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
Rating
Pinterest-Generated-By
Allow
X-TTL
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Country-Code
Accept-Ch
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-DynaTrace
X-Goog-Hash
X-TtlSet
X-Vname
X-PC
Verso
X-ESI
Content-MD5
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Powered-By-Plesk
X-Vcache
X-Url
X-B3-TraceId
X-Version
X-Forwarded-Proto
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-GitHub-Request-Id
X-MS-InvokeApp
RTSS
X-Server-ID
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Debug
X-Px
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
Ar-Sid
X-Amz-Server-Side-Encryption
SPRequestGuid
Charset
X-Cached
X-NF-Request-ID
X-Middleton-Response
Pagespeed
X-Middleton-Display
Response
X-Sol
Display
X-TEC-API-ORIGIN
X-Vcap-Request-Id
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Navigation-Version
X-MSEdge-Ref
X-Amz-Rid
X-Accel-Expires
Arr-Disable-Session-Affinity
TCN
X-Pinterest-Rid
Pinterest-Version
X-Fastcgi-Cache
X-SharePointHealthScore
X-VARITI-CCR
X-Cdn
X-SRCache-Fetch-Status
X-Powered-CMS
Public-Key-Pins
X-SRCache-Store-Status
X-Fastly-Request-ID
X-Edge-O15-RID
Nginx-Cache
MS-Author-Via
Realpath
Cache-Tag
X-Client-IP
X-Trace
X-Ser
Access-Control-Request-Method
X-Content-Type
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
X-Shard
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
X-DynaTrace-JS-Agent
X-Amzn-Trace-Id
SPRequestDuration
SPIisLatency
X-Ezoic-Cdn
X-Grace
X-Id
X-Hp-Webp
X-Jurisdiction
X-Upstream
S
X-Forwarded-For
Front-End-Https
Nel
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-T
X-Cache-TTL
Fastcgi-Cache
X-Aspnet-Version
X-Recruiting
DynaTrace
X-Element-Page-Cache
X-Node-Name
X-Varnish-Age
X-FTR-Realm
X-FTR-Expires
X-Mobile-URL
X-FTR-DC
X-FTR-Backend
X-Content-Digest
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
MicrosoftSharePointTeamServices
X-Dw-Request-Base-Id
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
X-HS-Cache-Config
X-Frontend
X-HS-Combine-CSS
X-HS-Hub-Id
TP-L2-Cache
X-HS-Content-Id
TP-Cache
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-CST
Powered
X-Logged-In
Alternate-Protocol
Server-Name
X-Correlation-Id
X-Amzn-RequestId
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
Fastly-Restarts
X-FTR-Cache-Host
X-Cache-Hit
X-Microsite
X-Request-Handler-Origin-Region
X-ATS-Timestamp
Backend-Timing
X-XRDS-LOCATION
AMP-Access-Control-Allow-Source-Origin
X-Request-Received
X-Request-Processing-Time
X-Page-Id
X-User-Agent
X-Content-Options
X-Zen-Fury
Refresh
X-F-Cache
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-XRDS-Location
X-Akamai-Edgescape
X-Varnish-Grace
X-Rid
X-Revision
X-Content-Powered-By
X-Type
X-LB-Cache
X-B
PB-RID
PB-PID
X-B3-Sampled
Arc-Version
X-Mobile-Rewrite
X-URL
X-Geo-Country
X-Activity-Id
X-AppVersion
Cache-Status
X-Az
X-Kinsta-Cache
X-N
X-TT
X-Cache-Age
X-Cache-Action
X-AOL-HN
X-Debug-Info
X-Signature
X-Framework
Access-Control-Allow-Method
X-WebKit-CSP-Report-Only
X-Jobs
X-B-Cache
X-Request-Guid
X-FB-Debug
X-Instance
X-Load-Cache
Actual-Object-TTL
X-Cached-By
X-Time
X-Tumblr-User
X-Git-Hash
Paypal-Debug-Id
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-App-Environment
X-PHP-Backend
Fastcgi-Useragent
X-Pad
X-NWS-LOG-UUID
DC
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Webkit-Csp
X-Amz-Replication-Status
X-Shield-Request-Id
X-RateLimit-Remaining
X-Varnish-Backend
Host-Header
X-WA-Info
X-ATG-Version
Surrogate-Key
MS-CV
X-IPLB-Instance
X-Contextid
Host
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Via-JSL
X-Mobile
X-FastCGI-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Host-Name
X-Accel-Buffering
NGB
X-Response-Served-From
Frame-Options
Payment
X-Presslabs-Stats
X-Cache-NE
X-SS-Set-Cookie
Source
Retry-After
Tracecode
X-Region
X-Origin-Response-Time
Eomportal-Instance
X-Varnish-Server
X-Cache-2
Xserver
WPE-Backend
X-Cluster
X-FW-Type
X-Cache-Key
X-Rendered-As
X-Hostname
X-GeoIP
X-FW-Server
X-FW-Static
X-FW-Hash
X-Cacheable-TTL
X-Is-Bot
X-FW-Serve
Filters
X-Adobe-Content
X-Seen-By
X-Adobe-Loc
Cache-Tv-Group
X-Varnish-Hostname
X-IPS-LoggedIn
X-Cache-Enabled
X-Cache-Operation
X-Tumblr-Pixel-1
X-Cache-Rule
X-RequestSource
X-Tumblr-Pixel-2
Server-Info
X-NewRelic-App-Data
Liferay-Portal
X-Srv
FilterID
X-Analytics
X-TX-ID
X-RemovedCookies
X-ProcessESI
X-EdgeConnect-Cache-Status
X-App-Server
X-Cache-TTL-Remaining
X-Webapp-Samesite-None-Activated-N
Accept-CH
Cleartype
X-B3-Traceid
X-L-Path
X-CACHE-KEY
X-Environment-Context
X-Dc
X-FireWall-Port
X-Endurance-Cache-Level
X-Handled-By
Ms-Operation-Id
X-RTag
X-Source
X-Upgrade-Enabled
X-UA
X-HTML-Minification-Powered-By
X-CLOUD-TRACE-CONTEXT
From-Origin
X-Cache-Server
Datacenter
Accept-Charset
X-Backend-Name
X-APP-VERSION
Accept-CH-Lifetime
X-UUID
X-Cache-Var
X-Path-Route
X-Cache-Var-Map
X-ES-SERVER
Meta-Geo
X-RN-RSRV
Srv
GEO-INFO
X-Format
X-Access
X-Timing-Wait
OT-Force-Account-Verify
X-Proxy-Build
X-Tb
Selected-Fe
X-Section
X-Wix-Request-Id
X-Content-Age
X-ShopId
X-Goog-Meta-Goog-Reserved-File-Mtime
Mn-Server-Ip
X-ShardId
X-Proto
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Shopify-Generated-Cart-Token
X-Akamai-Request-ID
X-Cache-Config
Cache-Tags
X-Request-Time
X-Alternate-Cache-Key
X-EIG-Tracking-Id
Ec-Rule-Version
Akamai-GRN
X-Akamai-Request-ID2
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-BYPASS-REASON
Node
X-AWS-Id
X-Akamai-Transformed
X-VWS-Id
NGX
X-NYM-Debug-Backend
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Cache-Status
X-PCL
X-Qloud-Router
X-SaId
X-Vgn-Hpd-Reason
X-OCL
X-FC-Vary-Parameters
X-Origin
X-ServerID
X-LJ-Flow-ID
X-JoinUs
X-Hl-Ver
X-Soup
X-Status
X-TNCMS
Version
DB-Nickname
X-Say-Cacheable
X-Say-TTL
Cross-Origin-Window-Policy
Decoy-Debug-Status
Decoy-Debug-TTL
Healthy
X-Time-Microsecs
X-Web-Node
X-SayCDN-TTL
X-Storage
Decoy-Debug-Key
Origin-Edge-Control
X-Locale
X-CCM
X-Loop
X-Cluster-Node
X-Hyper-Cache
X-FW-Dynamic
X-Hosted-By
X-Detected-As
X-MP-GENERATED-AT
X-Proxy
Origin-Cache-Control
X-FB-TRIP-ID
X-Debug-Cache
X-Viewer-Country
X-Www-Served-By
X-BCube-Filmed-By
X-Pubstack
X-Human
Now
TWC-Locale-Group
TWC-Privacy
X-IP
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Site-Version
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Version
Webcakes-Region
X-RCS-CacheZone
X-R9-Blue-Green-Version
X-Origin-Hint
X-Varnish-Hits
X-Amzn-Remapped-Content-Length
X-Generated-By
X-Generated
X-Xfnlog-Site
S-Rt
Webcakes-App-Name
Azure-SlotName
Azure-InstanceId
Azure-SiteName
X-Redis-Cache
Property-Id
Azure-Version
Azure-RegionName
X-PressLabs-Stats
X-RateLimit-Limit
X-Cache-Control
X-NCache
X-Cache-Host
Cache
X-Unique-Id
Cache-Key
X-Whom
X-Daa-Tunnel
X-Drupal-Cache-Tags
X-Esi
X-Rule
X-UA-Device-Type
L5d-Success-Class
X-NGENIX-Cache
X-Mode
X-Forwarded-Host
Webserver
Time
Cache-Name
X-VHOST
Viewport
X-Backend-TTL
X-CS
X-UnsetCookies
X-Info
Mime-Version
Section-Io-Cache
Content-Disposition
X-B3-Spanid
X-Origin-TTL
Rt-Fastcgi-Cache
X-CDN-Forward
Accept-Language
X-Origin-CC
Uber-Trace-Id
X-ApacheServer
X-Varnish-Cache-Hits
X-PERF
X-Newrelic-Synthetics
Country
ServedBy
Odigeo-Trace-Id
X-Cache-Remote
X-VCache
X-EC-Lua
X-Routing-Service
X-From
X-Device-Type
X-Proxied
X-Zipkin-Id
X-Magnolia-Registration
X-Via-Fastly
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Uri
Filterid
X-Ttl
X-Microcachable
Proxy-Connection
X-TT-TIMESTAMP
HitType
VIX-Pulpo-Node
X-Nc
X-Real-IP
VIX-Pulpo-Upstream-Status
X-Geo
Access-Control-Request-Headers
Cf-Ipcountry
Ohc-File-Size
BehaviorPad-Version
Content-Script-Type
Content-Style-Type
Fastcgi-X-Cache-Version
Machine
GEO-REGION-INFO
AsisCache
Apple-News-Services-Host
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Region-Sid
X-Request-UUID
X-G
X-Aed
X-Application
X-Accel-Expires-Debug
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-Destination
X-ARC
X-CF-Lambda-Version
X-Connection-Hash
X-CF-Lambda-Fn
X-D
X-B-Cookie
X-Date
X-A-Dam
X-A-Ccd
Rendered-Blocks
X-Rewrite-Enabled
X-Geo-Header
X-GeoIP-Country-Code
Meta-Geo-Continent
Mobile-Detection-Method
T-Server
X-External-Request-Id
X-DPWN-IS-SECURE
X-A
W
VivaBuild
Viewtype
MD5-Digest
Apple-News-Services-Handled
X-S-Cookie
X-VG-WebServer
X-Vtex-Remote-Cache
X-S
X-Rocket-Build-Number
X-Rojux
X-ScT
X-Sigma-Backend
X-Session-Fingerprint
X-Twitter-Response-Tags
X-Vtex-Processado-Em
X-Trv-Group
X-Sigma
Xc-Version
X-Transaction
X-Vdms-Version
X-Varnish-Beresp-Status
X-SRCache-Key
X-Varnish-Beresp-Ttl
X-VG-WebCache
X-Varnish-Beresp-Grace
X-C
Geo-Info
X-Labrador-Cache-Channel
Powered-By
CDCHOST
X-Cache-Time
X-PHP-Host
X-Agile-Age
X-Thanos
X-Logging-Id
X-Hit
X-Agile
X-WebServer
IsBot
Fastly-SIE
Fastly-Soc-X-Request-Id
Fastly-SWR
Ha-Gx-Prefs
X-Eu-Site
X-SIPLIST1
HA-Ipaddr
Countrycode
Environment
X-Distil-CS
Locid
X-Agile-Id
X-Cache-Expired-At
X-Cache-Debug
X-Bip
X-Backend-State
X-Rebelmouse-Surrogate-Control
X-CUA
X-Clientip
Group
X-CGP
X-VC-Cache
X-Var-Ttl
X-Rebelmouse-Cache-Control
X-Developers
X-App-Name
Fastly-SSL
X-No-Session
X-GoCache-CacheStatus
User-Cache-Control
Server-Surrogate-Control
Server-Cache-Control
Server-Int
X-Air-Hostname
X-Gamma-Serve
X-GeoIP-City
Server-ID
RNT-Machine
Pragrma
Platform
X-Contensis-Viewer-Groups
Request-Country
Request-EU
X-Trace-Id
X-Generated-In
X-Cms-Context
RNT-Time
X-Cdn-Srv
X-Varnish-Authentication
X-Distributor
X-Up
X-Cache-ASPX
X-Debug-Log
X-Variation
X-Tumblr-Pixel-3
X-Auto-Login
X-Azure-Ref
X-Epic-Correlation-Id
We-Hiring
V-Age
X-Debug-Cookies
True-Client-Country-4JS
X-Cache-Tags
X-Urbn-Site-Id
X-Urbn-Context-Path
X-VServer
X-Dispatcher-Server
X-Fetched-On
Kp-EeAlive
X-TH-Server
Cache-Hits
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
AKAMAI
X-Proxy-Upstream
Cache-Host
X-Core-Mission
Country-Code
X-Li-Fabric
X-Li-Pop
X-LI-Proto
X-LI-UUID
Adler-Geo
X-Wikidot-Static-Cache
X-Origin-Date
X-Owner
X-Origin-Expires
X-OVcl
X-OVcl-Cache
X-NX-Host
X-NodeID
X-Platform-Server
X-Servername
X-Ms-Request-Id
X-Ms-Version
X-Nginx-Cache-Key
X-Wikidot-Backend
X-JWT-State
IBM-Web2-Location
Heartbleed
Gh-Request-Id
Fastly-Backend-Name
Is-Eu
Locale
X-IN-APIGATEWAY
Mail-Subject
X-IN-APIGATEWAYSSL
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-TrackingId
X-Swa-Ws
X-Is-Gdpr
X-Has-Esi
X-Instart-Isnd
X-Request-URI
X-Hash
X-UPSTREAM-Address
X-TA-CDN-Provider
X-Edge-Location
X-NU-AKA-ACS-Version
Web-Mar-Node
X-Reboot
X-Hnp-Log
X-Block-Status
X-Core-Value
X-Gen-Mode
X-Debug-Cache-Expiry
X-Req
X-ServiceProvider
X-Fastly-Cache
X-Irp-Debug
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-FW-Version
X-WADP-Cache
X-Generation-Time
X-Generated-On
X-Thinkindot-L3
X-Trafficlayer-App-Version
X-Level-Front-Cache
X-Micro-Cache
X-Server-W
X-Debug-Cache-Store
X-Matched-Rule
X-Webstats-RespID
X-TT-LOGID
X-Service
X-We-Are-Hiring
X-Debug-Cache-Fetch
X-BBXSRF
Thinkindot-CacheControl
Server-Host
Thinkindot-CacheControl-Type
Wxu-Next-Commit
Wxu-Next-Hostname
ServerName
PFcat
FNAC-ModuleRouting
Cdnsip
Cdncip
Memcached
Wxu-Next-Region
Thinkindot-Control
Ohc-Cache-HIT
X-Clara-WADP
X-Cache-Info
X-AK-Request-ID
X-Cache-URL
S-Cnection
X-Render-Time
X-Old-Content-Length
X-Cache-Bucket
X-SERVER
X-S-Maxage
X-Response-By
X-Lb-Id
X-App-Version
X-Cache-Backend
RequestId
X-Nginx-Cache
X-Refresh
X-Wa
X-User
X-Key
X-Varnish-Cacheable
Powered-By-ChinaCache
X-Internal-Host
X-Sucuri-ID
X-Tec-Api-Version
X-Sucuri-Cache
X-NC
Origin
X-Tec-Api-Origin
X-Tec-Api-Root
X-Parent-Response-Time
X-Oss-Object-Type
X-CSRF-TOKEN
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Pjax-Url
SRV
User-Agent
X-CSRF-Token
X-Tb-Optimization-Total-Bytes-Saved
X-Developer
X-Location
X-CF-Powered-By
X-Node-Id
X-Device-Os
X-Cache-Status-Check
X-Cdn-Origin
X-LAGOON
X-Pf-Uncompressing
X-Cache-Grace
X-Sn-Servicetimems
X-Ua
X-Via-CDN
ProcessTime
Geoip-City
Geoip-Latitude
X-Ocache
X-Cdn-Forward
X-BACKEND-TTL
Memory
X-B3-Parentspanid
X-NGINX-Cache
PICS-Label
X-NWS-UUID-VERIFY
TTL
On-Server
A
GeoIp-Country-Code
Hostname
X-MSEdge-Flight
X-COUNTRY
X-MSEdge-Features
X-Vcl-Version
X-Request-Host
Cloudfront-Viewer-Country
X-Correlation-ID
X-Server-IP
X-Unique-ID
X-Webkit-CSP
X-Litespeed-Cache
M-TraceId
X-Varnish-Ttl
X-Servedbyhost
XServer
X-TIME
X-B3-SpanId
Media-Length
X-HS-Status
X-Varnish-URL
SN
Cdn
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
Resin-Trace
Tcn
X-Cdn-Request-ID
X-FORWARDED-FOR
X-ServedByHost
HostName
Host-ID
CACHE
X-Ratelimit-Remaining
X-Beluga-Cache-Status
Who
X-Beluga-Node
X-Via-Ucdn
X-Beluga-Record
X-Beluga-Response-Time
X-Cache-Ttl
X-Action
X-Slack-Backend
X-Beluga-Trace
X-Beluga-Status
X-Processor
X-Server-Time
X-PAYTM-SRV-ID
X-RPS
X-DI
X-RSL
X-DB
X-RPM
X-Fastly-Country-Code
X-Dispatch
X-Cache-FS-Status
Pramga
Arc-Country
X-DSS
X-DW
X-AIR-PT
X-Sucuri-Id
X-Reqid
Esi-Enabled
X-ND-Cache
X-ABtesting
X-Skip-Cache
X-Flog
X-Hello
X-Served-From
Fastly-Drupal-HTML
Cdn-Request-Time
X-Varnish-Url
Cdn-Host
X-Edge-Server
X-VCL-Version
X-Planisys-CDN-TTL
X-Policy
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
GeoIP-Country-Code
Amp-Access-Control-Allow-Source-Origin
Pics-Label
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
CF-Cached-On
Section-Io-Id
X-LiteSpeed-Cache-Control
Section-Origin-Responded
X-Oracle-Dms-Rid
MIME-Version
X-Bc-Bl
X-VarnishDD-TTL
X-Request-Start
N-Cache
NtCoent-Length
GeoIP-Latitude
Ttl
GeoIP-City
X-DevSite-Last-Modified
X-Azure-Ref-OriginShield
X-DC
X-Zone
X-Ratelimit-Limit
X-Newrelic-App-Data
X-PF-Uncompressing
X-Bc
Rt-Proxy-Cache
X-APP
X-FPC
X-Ruxit-Js-Agent
Trailer
X-HostName
Fusion-Deployment-Id
X-Fastly-Backend-Reqs
X-PJAX-URL
X-Backend-Host
X-SRV
WebServer
X-Adobe-Source
X-Swift-Error
X-Amzn-Remapped-Date
Processtime
X-Amzn-Remapped-Connection
Cteonnt-Length
X-BE
X-Method
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
Magicmarker
Cache-Cookie-Set-From
X-Dynatrace
Servername
X-Dynatrace-Js-Agent
X-ZONE
X-BC
X-WA
Cache-Provider
X-ID
FSS-Cache
FSS-Proxy
X-Fmm-Version
X-Scheme
X-Frame-Option
X-WR-MODIFICATION
Ohc-Response-Time
X-Snapshot-Date
CDN
X-Branch-Name
X-LB-ID
X-Fpc
Requestid
X-StackifyID
Dynatrace
CF-IPCountry
X-CACHE-AGE
X-Esi-Check
X-SN
X-Tid
X-Cache-Id
WZWS-RAY
L
X-Compress-Hint
X-Cc-Req-Id
X-App
X-Fastly-Cache-Hits
X-Svr
X-SB
X-Request-Url
X-Apw-Access-Action
X-Apw-Hits
X-Be
X-Apw-Access-Token
X-Apw-Access-Object
X-VC
V-Cache
X-Cc-Via
D-Cc-Upstream
Warning
X-Aicache-OS
X-Litespeed-Cache-Control
X-Node-ID
X-GEO
Backend-Name
X-SD-PageType
Correlation-Id
X-Gzip
X-Fastly-Cache-Status
X-Cache-NGX
Sid
SD-X-WS
LB
SID
X-Varnish-Beresp-TTL
X-WPE-Loopback-Upstream-Addr
Vix-Hermes-Req-Id
X-Powered-Y
X-Request-URL
Cneonction
X-ElasticPress-Search
X-Worker
X-Check-Cacheable
Lfy
WP-Super-Cache
Lb