Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
X-Powered-By
Pragma
CF-Cache-Status
Link
ETag
X-XSS-Protection
Expect-CT
CF-RAY
Via
X-Cache
Age
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
Alt-Svc
X-Timer
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-Download-Options
X-Request-Id
X-AspNet-Version
CF-Ray
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
X-Check
X-Request-ID
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Permitted-Cross-Domain-Policies
X-Cacheable
X-DNS-Prefetch-Control
X-Template
X-Language
Timing-Allow-Origin
X-Iinfo
X-AspNetMvc-Version
X-FRAME-OPTIONS
X-Buckets
Status
Upgrade
Content-Encoding
X-Content-Security-Policy
X-CDN
Access-Control-Expose-Headers
Access-Control-Max-Age
X-Kinja-Server-Push
Keep-Alive
X-Turbo-Charged-By
X-Drupal-Dynamic-Cache
X-Pass-Why
X-Cache-Group
X-AH-Environment
X-Envoy-Upstream-Service-Time
X-Via
Xkey
X-Backend
X-Server
X-Age
X-Ua-Compatible
X-Ws-Request-Id
X-Robots-Tag
X-Amz-Id-2
X-Amz-Request-Id
EagleId
X-Page-Speed
X-Server-Powered-By
X-Pingback
X-Proxy-Cache
X-Hacker
X-Nginx-Cache-Status
Request-Context
Feature-Policy
Server-Timing
X-UA-Device
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Cf-Railgun
Ali-Swift-Global-Savetime
Grace
X-Amz-Version-Id
Report-To
X-LiteSpeed-Cache
X-OneAgent-JS-Injection
X-Rq
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-WebKit-CSP
X-Server-Id
X-Host
X-Origin-Cache
X-Response-Time
EagleEye-TraceId
X-Node
X-Ac
Surrogate-Control
Content-Location
X-Vhost
X-Cloud-Trace-Context
X-Backend-Server
X-Readtime
X-Dispatcher
Request-Id
X-Cache-Lookup
X-Ruxit-JS-Agent
X-Origin-Upstream-Status
X-Cnection
X-Application-Context
X-HW
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-ORACLE-DMS-ECID
NEL
X-Mod-Pagespeed
X-ORACLE-DMS-RID
X-DataDome
X-Rack-Cache
X-Country
X-Clacks-Overhead
Edge-Control
X-Akam-SW-Version
P3p
Rating
X-Dns-Prefetch-Control
Allow
Pinterest-Generated-By
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch
X-Country-Code
X-FTR-Request-ID
X-Instart-Request-ID
X-Varnish-TTL
X-TTL
X-DynaTrace
X-Vname
X-TtlSet
X-Goog-Hash
X-PC
Content-MD5
X-ESI
Verso
Accept-Ch-Lifetime
Service-Worker-Allowed
X-Url
X-Powered-By-Plesk
X-Vcache
X-Exp-Variant
X-Exp-Id
X-Cdn-Fetch
X-GoogleNews-Bot
X-B3-TraceId
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-GitHub-Request-Id
X-Kinja
X-Kinja-Build
RTSS
X-Version
X-Forwarded-Proto
X-MS-InvokeApp
X-Server-Name
X-D2id
Edge-Cache-Tag
X-Abt-Application-Version
X-Px
X-Debug
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-Request-ID
AR-ATIME
X-Amz-Server-Side-Encryption
SPRequestGuid
X-Cached
Charset
X-NF-Request-ID
X-Vcap-Request-Id
X-Navigation-Version
X-MSEdge-Ref
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Amz-Rid
Response
X-Middleton-Response
X-Sol
Pagespeed
X-Middleton-Display
Display
Arr-Disable-Session-Affinity
X-Accel-Expires
X-Server-ID
X-SharePointHealthScore
X-VARITI-CCR
X-Pinterest-Rid
Pinterest-Version
TCN
X-Fastly-Request-ID
MS-Author-Via
Public-Key-Pins
Nginx-Cache
X-Fastcgi-Cache
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-Client-IP
X-Cdn
X-Trace
Realpath
Cache-Tag
X-Edge-O15-RID
X-Ser
Access-Control-Request-Method
X-Content-Type
MRF-Tech
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-Mrf-Item-Lastmod
X-B3-TraceId-Primal
SPIisLatency
SPRequestDuration
X-Amzn-Trace-Id
X-Upstream
X-Grace
X-Shard
X-Jurisdiction
X-Hp-Webp
X-Id
X-Forwarded-For
Front-End-Https
X-Ezoic-Cdn
X-Cache-TTL
S
X-Hits
X-Amz-Meta-S3cmd-Attrs
X-T
X-DynaTrace-JS-Agent
Fastcgi-Cache
Nel
X-Recruiting
DynaTrace
X-Aspnet-Version
X-Element-Page-Cache
X-Node-Name
X-Dw-Request-Base-Id
X-Content-Digest
X-Varnish-Age
X-Country-Code-Real
X-FTR-Cache-Status
X-FTR-Balancer
X-Mobile-URL
X-FTR-Backend-Server
MicrosoftSharePointTeamServices
X-FTR-Expires
X-FTR-Realm
X-FTR-Backend
X-FTR-DC
ServerID
X-DIS-Request-ID
NR-ENABLED
Server-Node
TP-L2-Cache
TP-Cache
X-Goog-Generation
X-HS-Content-Id
X-Goog-Metageneration
X-HS-Hub-Id
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-HS-Combine-CSS
X-Frontend
X-HS-Cache-Config
X-Logged-In
Powered
X-CST
Alternate-Protocol
X-Correlation-Id
Server-Name
X-Amz-Apigw-Id
Upgrade-Insecure-Requests
X-Amzn-RequestId
X-Cache-Hit
Fastly-Restarts
X-FTR-Cache-Host
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-Location
X-ATS-Timestamp
Backend-Timing
AMP-Access-Control-Allow-Source-Origin
X-Page-Id
X-Zen-Fury
X-Request-Received
X-Content-Options
X-User-Agent
X-Request-Processing-Time
X-Content-Security-Policy-Report-Only
X-F-Cache
Refresh
X-Origin-Server
X-Varnish-Grace
X-Akamai-Edgescape
X-Rid
X-XRDS-LOCATION
X-Revision
X-LB-Cache
X-B
X-Mobile-Rewrite
X-Content-Powered-By
PB-PID
PB-RID
Arc-Version
X-Type
X-Webkit-Csp
X-B3-Sampled
Cache-Status
X-Activity-Id
X-Geo-Country
X-Az
X-AppVersion
X-Kinsta-Cache
X-NWS-LOG-UUID
X-N
X-Cache-Action
X-TT
X-AOL-HN
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Signature
X-Request-Guid
X-B-Cache
X-Framework
Access-Control-Allow-Method
X-Jobs
X-PHP-Backend
X-Instance
X-FB-Debug
Actual-Object-TTL
X-Time
X-Cache-Age
Paypal-Debug-Id
X-App-Environment
X-Cached-By
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Git-Hash
X-Load-Cache
X-Tt-Trace-Host
X-Tt-Trace-Tag
Fastcgi-Useragent
X-Amz-Replication-Status
X-URL
DC
X-Pad
X-Varnish-Backend
X-Shield-Request-Id
Host
X-WA-Info
Host-Header
X-ATG-Version
X-FastCGI-Cache
X-ORACLE-APMCS-REQUEST-ID
X-ORACLE-APMCS-TAG
MS-CV
X-RateLimit-Remaining
X-Via-JSL
Surrogate-Key
X-IPLB-Instance
X-Contextid
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Host-Name
Retry-After
Frame-Options
NGB
X-Response-Served-From
X-Accel-Buffering
X-Cache-Key
Payment
Liferay-Portal
X-Cache-NE
X-NewRelic-App-Data
X-Srv
X-Seen-By
Source
X-SS-Set-Cookie
Eomportal-Instance
Xserver
X-Cache-2
X-Origin-Response-Time
X-Region
WPE-Backend
X-Rendered-As
Tracecode
X-Is-Bot
X-FW-Type
X-FW-Serve
X-IPS-LoggedIn
Filters
X-FW-Static
X-FW-Hash
X-Varnish-Server
X-FW-Server
X-Cacheable-TTL
X-GeoIP
X-Varnish-Hostname
X-Adobe-Content
X-Cache-Enabled
Cache-Tv-Group
X-Adobe-Loc
X-Cluster
Server-Info
X-RequestSource
X-Tumblr-Pixel-1
X-Tumblr-Pixel-2
X-Hostname
X-Cache-Rule
X-App-Server
X-Cache-Operation
X-ProcessESI
X-RemovedCookies
X-EdgeConnect-Cache-Status
X-TX-ID
X-Presslabs-Stats
X-Cache-TTL-Remaining
FilterID
Cleartype
X-Environment-Context
X-FireWall-Port
X-L-Path
X-Analytics
Accept-CH
X-Handled-By
X-B3-Traceid
X-Upgrade-Enabled
Ms-Operation-Id
X-RTag
X-Source
X-Endurance-Cache-Level
X-Cache-Server
Srv
Accept-Charset
X-CACHE-KEY
From-Origin
X-HTML-Minification-Powered-By
X-Backend-Name
X-UA
X-Ttl
X-PressLabs-Stats
X-Dc
Datacenter
X-Webapp-Samesite-None-Activated-N
X-UUID
Accept-CH-Lifetime
X-Wix-Request-Id
Healthy
X-Cache-Var-Map
X-Cache-Var
Meta-Geo
X-ES-SERVER
X-Daa-Tunnel
X-RN-RSRV
X-Path-Route
X-Timing-Wait
X-Status
X-Section
X-Proxy-Build
X-Access
Selected-Fe
X-Tb
OT-Force-Account-Verify
X-OCL
X-Alternate-Cache-Key
Mn-Server-Ip
Cache-Tags
X-PCL
X-Akamai-Request-ID
X-Format
X-Akamai-Transformed
X-EIG-Tracking-Id
X-Content-Age
X-FC-Vary-Parameters
X-Cache-Config
X-Goog-Meta-Goog-Reserved-File-Mtime
X-ShardId
X-Sorting-Hat-PodId
X-Shopify-Generated-Cart-Token
X-ShopId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Proto
X-JoinUs
X-Yottaa-Metrics
X-LJ-Flow-ID
X-VWS-Id
X-Vgn-Hpd-Reason
X-Debug-Cache
X-AWS-Id
Node
X-Hl-Ver
X-Soup
Ec-Rule-Version
X-Yottaa-Optimizations
Origin-Cache-Control
X-Origin
X-SaId
X-Request-Time
Origin-Edge-Control
X-Proxy-Cache-Status
X-Web-Node
X-Say-Cacheable
X-Qloud-Router
X-SayCDN-TTL
X-NYM-Debug-Backend
X-Say-TTL
X-Akamai-Request-ID2
Akamai-GRN
Decoy-Debug-TTL
X-BYPASS-REASON
X-Hosted-By
X-CCM
X-Viewer-Country
X-Proxy
X-Redis-Cache
X-Hyper-Cache
Cross-Origin-Window-Policy
Now
Decoy-Debug-Key
X-Detected-As
X-Www-Served-By
NGX
X-BCube-Filmed-By
Version
Decoy-Debug-Status
X-Generated
X-ServerID
X-Locale
X-APP-VERSION
X-Site-Version
X-Generated-By
X-Loop
X-MP-GENERATED-AT
X-ProxyCache-Key
X-Whom
X-ProxyCache-Status
X-Pubstack
X-Storage
X-Human
X-FW-Dynamic
X-TNCMS
X-FB-TRIP-ID
X-Time-Microsecs
Azure-SiteName
X-Varnish-Hits
Webcakes-Region
Webcakes-App-Name
Azure-RegionName
X-Xfnlog-Site
Webcakes-App-Version
X-Origin-Hint
X-IP
Azure-InstanceId
TWC-Privacy
Azure-Version
DB-Nickname
Azure-SlotName
X-R9-Blue-Green-Version
TWC-Locale-Group
Property-Id
TWC-GeoIP-LatLong
X-Ua-Device
TWC-Connection-Speed
S-Rt
TWC-Device-Class
TWC-GeoIP-Country
X-Amzn-Remapped-Content-Length
X-NCache
X-RCS-CacheZone
X-Unique-Id
X-Cluster-Node
GEO-INFO
X-UA-Device-Type
Cache-Key
X-Cache-Control
X-RateLimit-Limit
X-Cache-Host
X-NGENIX-Cache
X-Drupal-Cache-Tags
X-Mode
Section-Io-Cache
X-Rule
X-Forwarded-Host
Cache
Webserver
X-Backend-TTL
L5d-Success-Class
X-Esi
Content-Disposition
Time
Mime-Version
X-UnsetCookies
Cache-Name
X-Info
X-CDN-Forward
Accept-Language
X-CS
Viewport
X-Newrelic-Synthetics
X-PERF
X-Varnish-Cache-Hits
X-ApacheServer
Rt-Fastcgi-Cache
X-Origin-CC
X-Origin-TTL
ServedBy
Uber-Trace-Id
Country
X-Cache-Remote
X-B3-Spanid
X-Proxied
Odigeo-Trace-Id
X-Zipkin-Id
X-Device-Type
X-Routing-Service
Filterid
X-Via-Fastly
X-Magnolia-Registration
X-VCache
Geo-Info
X-From
X-Uri
X-CLOUD-TRACE-CONTEXT
X-EC-Lua
Proxy-Connection
X-Cluster-Name
X-Real-IP
Access-Control-Request-Headers
X-Drupal-Cache-Contexts
Cf-Ipcountry
HitType
X-Geo
X-Microcachable
X-TT-TIMESTAMP
X-Nc
X-G
X-Region-Sid
X-Application
X-Aed
X-Accel-Expires-Debug
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-ARC
X-Rocket-Build-Number
X-S-Cookie
Group
X-ScT
MD5-Digest
Machine
X-S
X-Rewrite-Enabled
X-A-Ccd
X-Rojux
X-Request-UUID
X-A
X-Geo-Header
Viewtype
BehaviorPad-Version
AsisCache
Content-Script-Type
Content-Style-Type
T-Server
GEO-REGION-INFO
Fastcgi-X-Cache-Version
X-GeoIP-Country-Code
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
W
X-PHP-Host
X-Labrador-Cache-Channel
X-Cache-Time
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Apple-News-Services-Host
Apple-News-Services-Handled
VivaBuild
X-External-Request-Id
X-B-Cookie
X-VG-WebCache
X-Connection-Hash
X-VG-TLSProxy
Meta-Geo-Continent
X-VG-WebServer
X-SRCache-Key
X-Sigma
X-Sigma-Backend
X-Vtex-Processado-Em
Mobile-Detection-Method
X-D
X-Trv-Group
X-Destination
X-Twitter-Response-Tags
X-Transaction
X-DPWN-IS-SECURE
X-Date
Ohc-File-Size
Rendered-Blocks
X-Session-Fingerprint
X-Vdms-Version
X-CF-Lambda-Fn
X-CF-Lambda-Version
Xc-Version
X-Varnish-Beresp-Grace
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Vtex-Remote-Cache
User-Cache-Control
X-C
X-App-Version
Cache-Hits
CDCHOST
HA-Ipaddr
Ha-Gx-Prefs
Locid
X-Cache-Debug
X-WebServer
X-Agile
X-SIPLIST1
X-App-Name
Countrycode
X-Var-Ttl
Fastly-SWR
X-Logging-Id
Powered-By
X-Distil-CS
Fastly-Soc-X-Request-Id
Fastly-SIE
Environment
X-Cache-Expired-At
X-Developers
X-CGP
X-TrackingId
X-VC-Cache
IsBot
X-Thanos
X-Rebelmouse-Surrogate-Control
X-Bip
X-Backend-State
X-Rebelmouse-Cache-Control
X-Clientip
X-Hit
X-Agile-Age
X-Agile-Id
X-CUA
X-Eu-Site
X-GoCache-CacheStatus
Fastly-SSL
X-Hnp-Log
RNT-Time
Request-Country
Server-Surrogate-Control
Server-Int
RNT-Machine
Server-Cache-Control
X-IN-APIGATEWAY
Pragrma
Server-ID
X-Hash
Request-EU
X-Air-Hostname
X-Cms-Context
X-Cache-Tags
X-Cache-ASPX
X-Block-Status
X-Contensis-Viewer-Groups
X-Core-Mission
X-Dispatcher-Server
X-Debug-Log
X-Debug-Cookies
X-Epic-Correlation-Id
X-Fetched-On
X-Azure-Ref
We-Hiring
V-Age
True-Client-Country-4JS
X-GeoIP-City
Web-Mar-Node
X-Generated-In
X-Auto-Login
Platform
X-Gen-Mode
X-Has-Esi
X-Ms-Request-Id
X-Distributor
X-RateLimit-Remaining-Second
X-IN-APIGATEWAYSSL
X-Cdn-Srv
X-Wikidot-Static-Cache
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-OVcl-Cache
X-Origin-Date
X-Origin-Expires
X-Owner
X-Platform-Server
X-Wikidot-Backend
X-Request-URI
X-Variation
X-Trace-Id
X-Up
X-Urbn-Context-Path
X-Urbn-Site-Id
X-TH-Server
X-Swa-Ws
X-VServer
X-SVT-ORM-RULES
X-Varnish-Authentication
X-SVT-ORM-VERSION
X-NX-Host
X-OVcl
X-Li-Pop
Heartbleed
X-LI-Proto
X-LI-UUID
Locale
IBM-Web2-Location
Gh-Request-Id
X-Li-Fabric
Kp-EeAlive
Mail-Subject
Is-Eu
X-JWT-State
Fastly-Backend-Name
Adler-Geo
AKAMAI
X-NodeID
X-Is-Gdpr
X-Instart-Isnd
Cache-Host
X-No-Session
Country-Code
X-Ms-Version
X-Nginx-Cache-Key
X-NU-AKA-ACS-Version
X-Edge-Location
Ohc-Cache-HIT
S-Cnection
X-ServiceProvider
Memcached
X-Tumblr-Pixel-3
X-Service
X-Level-Front-Cache
X-TT-LOGID
X-Trafficlayer-App-Version
X-Trafficlayer-App-Name
X-Trafficlayer-App-Scope
X-Thinkindot-L3
X-Fastly-Cache
X-Webstats-RespID
X-We-Are-Hiring
X-Req
X-Gamma-Serve
X-Reboot
X-Generation-Time
X-Generated-On
X-Matched-Rule
X-WADP-Cache
X-FW-Version
X-Server-W
X-Servername
X-Cache-Bucket
X-Cache-Info
X-Cache-URL
X-Micro-Cache
X-Irp-Debug
X-Clara-WADP
X-BBXSRF
X-Debug-Cache-Expiry
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
ServerName
PFcat
FNAC-ModuleRouting
Cdnsip
Cdncip
Wxu-Next-Commit
Thinkindot-Control
X-AK-Request-ID
Wxu-Next-Hostname
X-Debug-Cache-Store
Wxu-Next-Region
X-Core-Value
X-Debug-Cache-Fetch
X-Nginx-Cache
X-Lb-Id
X-Response-By
X-S-Maxage
X-Old-Content-Length
X-Oss-Storage-Class
X-UPSTREAM-Address
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-VHOST
X-Oss-Server-Time
X-Oss-Request-Id
X-SERVER
X-Varnish-Cacheable
RequestId
X-Node-Id
X-Refresh
X-Sucuri-ID
Powered-By-ChinaCache
X-Render-Time
X-NC
User-Agent
X-NWS-UUID-VERIFY
X-Wa
X-Cache-Backend
X-Cache-Status-Check
X-Developer
X-User
X-CSRF-TOKEN
X-Parent-Response-Time
Hostname
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Internal-Host
X-Cache-Grace
X-Cdn-Origin
X-Sn-Servicetimems
X-Pjax-Url
X-Device-Os
X-CF-Powered-By
X-Key
X-LAGOON
X-Sucuri-Cache
X-Ocache
X-CSRF-Token
X-Ua
Origin
On-Server
A
X-Location
X-Pf-Uncompressing
X-Tb-Optimization-Total-Bytes-Saved
X-BACKEND-TTL
Memory
X-TA-CDN-Provider
X-Request-Host
Cloudfront-Viewer-Country
Geoip-Latitude
X-MSEdge-Flight
Geoip-City
X-MSEdge-Features
X-Via-CDN
SRV
X-Cdn-Forward
Tcn
GeoIp-Country-Code
ProcessTime
X-B3-Parentspanid
TTL
PICS-Label
X-COUNTRY
X-NGINX-Cache
X-Vcl-Version
X-Varnish-URL
X-Unique-ID
X-Server-IP
X-Servedbyhost
X-Litespeed-Cache
Resin-Trace
X-Webkit-CSP
M-TraceId
X-Varnish-Ttl
Dnion-Transfer-Encoding
X-Rocket-Nginx-Bypass
XServer
X-TIME
X-Ratelimit-Remaining
X-B3-SpanId
Cdn
CACHE
SN
X-Slack-Backend
X-Dynatrace-Js-Agent
Media-Length
X-Cdn-Request-ID
X-HS-Status
X-Correlation-ID
X-FORWARDED-FOR
X-ServedByHost
X-Dispatch
Arc-Country
X-Processor
X-Cache-FS-Status
Host-ID
X-Server-Time
Pramga
X-PAYTM-SRV-ID
X-Skip-Cache
Who
X-Fastly-Country-Code
X-Cache-Ttl
X-Beluga-Record
X-Beluga-Trace
X-Beluga-Response-Time
X-ND-Cache
X-Action
X-Beluga-Status
X-Beluga-Node
X-Beluga-Cache-Status
Section-Origin-Responded
Section-Io-Id
X-DC
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
HostName
X-Served-From
Pics-Label
X-Edge-Server
Cdn-Host
X-Via-Ucdn
X-DW
X-RSL
X-RPS
X-DSS
X-DI
Cdn-Request-Time
X-RPM
X-VCL-Version
X-DB
Fusion-Deployment-Id
GeoIP-Country-Code
Fastly-Drupal-HTML
X-Reqid
Ttl
N-Cache
X-Flog
X-DevSite-Last-Modified
X-Hello
X-Bc-Bl
Esi-Enabled
X-HostName
X-ABtesting
GeoIP-Latitude
X-AIR-PT
GeoIP-City
X-Adobe-Source
Amp-Access-Control-Allow-Source-Origin
X-LiteSpeed-Cache-Control
NtCoent-Length
MIME-Version
X-Oracle-Dms-Rid
X-Sucuri-Id
X-Backend-Host
X-Policy
X-VarnishDD-TTL
X-Ratelimit-Limit
X-Planisys-CDN-Cache
X-PF-Uncompressing
X-Varnish-Url
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
CF-Cached-On
Cache-Cookie-Set-From
X-APP
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-Lfrom
X-Request-Start
X-Azure-Ref-OriginShield
X-FPC
Trailer
X-Ruxit-Js-Agent
X-Scheme
X-Fmm-Version
X-Fastly-Backend-Reqs
WebServer
X-SRV
X-Zone
X-Bc
Rt-Proxy-Cache
Cteonnt-Length
X-PJAX-URL
X-Dynatrace
X-BC
X-ZONE
X-BE
Processtime
X-WA
X-Amzn-Remapped-Connection
X-Fpc
X-Amzn-Remapped-Date
X-Newrelic-App-Data
X-Swift-Error
Servername
X-Cache-Id
X-Esi-Check
X-SN
X-Method
Magicmarker
FSS-Cache
FSS-Proxy
Cache-Provider
X-ID
X-WR-MODIFICATION
X-Frame-Option
Release
Dynatrace
X-SD-PageType
X-Cache-NGX
X-StackifyID
SD-X-WS
CF-IPCountry
X-Gzip
Requestid
X-Snapshot-Date
X-LB-ID
X-Branch-Name
CDN
Sid
Lb
Load-Balancing
X-CACHE-AGE
X-Tid
X-Compress-Hint
X-Fastly-Cache-Hits
WZWS-RAY
Ohc-Response-Time
V-Cache
Warning
X-Configured-By
X-Nananana
X-Aicache-OS
X-Wix-Viewer-Type
X-Request-Url
X-Cc-Via
X-VC
L
D-Cc-Upstream
X-Cc-Req-Id
X-SB
X-Litespeed-Cache-Control
X-Instart-Info
X-Worker
X-ECACHE
X-Be
X-Apw-Access-Action
X-VCT
X-Fastly-Cache-Status
X-ServerName
SID
LB
Inserted-Into-Cache-At
X-Svr
X-Check-Cacheable
X-Apw-Hits
X-ElasticPress-Search
X-Request-URL
X-Powered-Y
X-App
Cneonction
X-Varnish-Beresp-TTL
X-Apw-Access-Object
X-Apw-Access-Token
X-WPE-Loopback-Upstream-Addr
X-GEO
WP-Super-Cache