Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
Cf-Request-Id
CF-Cache-Status
Last-Modified
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Runtime
X-AspNet-Version
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
X-Ua-Compatible
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Varnish-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-WebKit-CSP
X-Cache-Spec
Allow
X-Backend-Server
X-Host
X-Device
X-Vhost
X-CST
EagleEye-TraceId
X-Server-Id
X-ASPNET-VERSION
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Template
X-Ac
X-Application-Context
X-Language
X-Kinja-Server-Push
X-Cache-Lookup
X-Country
X-Readtime
X-Cloud-Trace-Context
X-Mod-Pagespeed
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
X-PC
X-TtlSet
X-Vname
X-ORACLE-DMS-ECID
Accept-Ch
X-Clacks-Overhead
X-FastCGI-Cache
Edge-Control
X-GitHub-Request-Id
X-ESI
Accept-Ch-Lifetime
X-Trace
X-Middleton-Display
X-Middleton-Response
Pagespeed
Display
X-Sol
Response
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Exp-Id
X-GoogleNews-Bot
Verso
X-Exp-Variant
X-Buckets
X-Goog-Hash
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-Abt-Application-Version
X-VARITI-CCR
X-Amz-Rid
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Cache-TTL
X-ORACLE-DMS-RID
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Fastly-Request-ID
X-MSEdge-Ref
X-Release
SPRequestDuration
SPIisLatency
Fastly-Restarts
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-TTL
X-NF-Request-ID
X-Cached
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
RTSS
X-Origin-Upstream-Status
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-CACHE
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
X-Px
X-Webkit-CSP
Access-Control-Request-Method
X-LLID
X-Powered-CMS
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
Fusion-Component-Id
X-Ezoic-Cdn
X-Upstream
Content-MD5
X-Ttl
X-HP-Webp
X-Jurisdiction
X-Amz-Server-Side-Encryption
Charset
X-Mid
X-MCACHE
Cache-Tag
X-Recruiting
X-ECACHE
X-Mg-S
X-Pinterest-Direct
X-Content-Digest
S
X-Aspnetmvc-Version
X-Version
TCN
X-PressLabs-Stats
MicrosoftSharePointTeamServices
Fastcgi-Cache
X-Debug
Front-End-Https
X-T
X-Content-Security-Policy-Report-Only
X-Kinsta-Cache
X-Grace
Cache-Tags
Filters
Edge-Cache-Tag
X-XRDS-Location
Server-Node
X-Id
X-Forwarded-Proto
X-Accel-Expires
X-Correlation-Id
X-Logged-In
X-Amzn-Trace-Id
X-Yandex-Sdch-Disable
Server-Name
Nginx-Cache
Surrogate-Key
X-Varnish-Age
X-Cache-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Forwarded-For
TP-L2-Cache
TP-Cache
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-Hits
X-DynaTrace
X-Ser
X-DIS-Request-ID
Powered-By-ChinaCache
X-Shield-Request-Id
X-AppVersion
X-Az
X-Activity-Id
X-Amz-Replication-Status
X-Server-ID
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-F-Cache
X-HS-Cache-Config
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Origin-Server
Accept-Charset
X-FTR-Request-ID
X-Git-Hash
X-Respond-Thread
X-Hostname
X-Geo-Country
X-Litespeed-Cache
X-DataDome
X-Upgrade-Enabled
X-LB-Cache
Section-Io-Cache
X-Rid
X-Frontend
X-Cache-Age
Cache
Alternate-Protocol
X-Mobile-URL
Access-Control-Allow-Method
Cleartype
Host
Paypal-Debug-Id
Healthy
X-Type
X-Content-Options
X-Ruxit-Js-Agent
ServerID
X-AOL-HN
MS-CV
X-IPLB-Instance
X-Varnish-Backend
X-Seen-By
X-App-Environment
X-B-Cache
X-Aspnet-Duration-Ms
X-Cache-Action
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Whom
X-Route-Name
X-Signature
X-Request-Guid
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-VCache
X-TT
Payment
X-XRDS-LOCATION
Fastcgi-Useragent
X-Jobs
X-Page-Id
X-NWS-LOG-UUID
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Source
X-N
X-Mobile
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Load-Cache
X-Time
X-RateLimit-Remaining
X-Cached-By
X-Via-JSL
X-Daa-Tunnel
X-Akamai-Edgescape
X-FB-Debug
Version
Nel
X-Cache-Operation
X-Cache-Rule
Viewport
X-Response-Served-From
X-Original-Request-Id
DynaTrace
X-Accel-Buffering
Refresh
X-Rule
X-Zen-Fury
X-Drupal-Cache-Tags
X-Proxy
DC
Realpath
X-ProcessESI
X-Framework
GEO-INFO
X-Instance
X-RemovedCookies
X-Cacheable-TTL
X-RTag
Ms-Operation-Id
X-Tt-Trace-Tag
X-Fastcgi-Cache
X-Tt-Trace-Host
X-Contextid
X-Region
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
X-Wix-Request-Id
X-Cache-Time
X-Real-IP
X-UUID
Referer-Policy
X-Distributor
X-Drupal-Cache-Contexts
X-Page-View
X-FW-Serve
X-FW-Server
X-Yottaa-Optimizations
X-FW-Hash
Node
X-FW-Static
VIX-Pulpo-Node
X-FW-Type
X-Cache-Expired-At
X-FW-Dynamic
VIX-Pulpo-Upstream-Status
X-Yottaa-Metrics
X-Environment-Context
X-B
X-L-Path
Eomportal-Instance
Liferay-Portal
X-Cluster-Name
X-G
X-Tumblr-Pixel-1
X-Node-Name
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Control
Countrycode
X-Tumblr-Pixel
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-User-Agent
X-Tumblr-Pixel-2
Server-Info
X-Pass-Why
Webserver
From-Origin
X-App-Server
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Varnish-Ttl
X-Amz-Meta-S3cmd-Attrs
SRV
Protected
X-Ratelimit-Limit
Ec-Rule-Version
X-Protected-By
X-FireWall-Port
X-Revision
Frame-Options
X-Cache-Server
X-Oracle-Dms-Rid
Cache-Status
CF-IPCountry
X-Hyper-Cache
Meta-Geo
X-Endurance-Cache-Level
X-Handled-By
X-Mode
X-ES-SERVER
X-RN-RSRV
X-Backend-Name
X-UPSTREAM-Address
X-Soup
X-Storage
X-Www-Served-By
Retry-After
X-FB-TRIP-ID
X-Site-Version
X-Locale
X-Forwarded-Host
X-NYM-Debug-Backend
X-Adobe-Content
X-Be
X-Human
Country
X-Adobe-Loc
X-Pubstack
X-Cache-Grace
Cache-Tv-Group
X-Web-Node
Fastly-SSL
Decoy-Debug-Key
Decoy-Debug-TTL
Decoy-Debug-Status
X-PHP-Host
Webcakes-Region
X-PCL
X-Origin-Hint
X-Varnishpool
X-Uri
X-Redis-Cache
X-Say-TTL
X-TT-LOGID
X-UA-Device-Type
Webcakes-App-Name
X-Say-Cacheable
X-Access
X-Section
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Azure-InstanceId
Azure-RegionName
Azure-Version
Azure-SlotName
Azure-SiteName
TWC-GeoIP-Country
X-Format
X-Hl-Ver
X-OCL
X-Origin-Date
X-Labrador-Cache-Channel
TWC-Privacy
TWC-GeoIP-LatLong
TWC-Locale-Group
X-SayCDN-TTL
Webcakes-App-Version
X-No-Session
X-PERF
X-LAGOON
X-BYPASS-REASON
X-AIR-PT
X-ApacheServer
X-Proto
X-ProxyCache-Key
X-Sql-Duration-Ms
X-Via-Fastly
X-Sql-Count
X-Server-W
X-ProxyCache-Status
X-S-Maxage
Cache-Name
X-FW-Version
X-Via-CDN
X-Hosted-By
X-WA-Info
X-R9-Blue-Green-Version
X-VWS-Id
X-LJ-Flow-ID
X-Loop
X-Request-Time
X-TNCMS
X-AWS-Id
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Balancer
X-Qloud-Router
X-FTR-Backend
S-Cnection
X-Country-Code-Real
X-FTR-DC
Mn-Server-Ip
X-Proxy-Build
X-Cluster
X-Status
X-FTR-Realm
X-Timing-Wait
Selected-Fe
X-Routing-Service
X-Cache-TTL-Remaining
X-Proxied
X-Zipkin-Id
X-MP-GENERATED-AT
X-CCM
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-Xfnlog-Site
X-Alternate-Cache-Key
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Ratelimit-Remaining
Cache-Hits
X-FTR-Expires
Xserver
X-Rendered-As
X-Is-Bot
X-Dynatrace
X-Tec-Api-Origin
X-Unique-Id
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Var
X-SRV
X-Cache-Var-Map
X-Air-Hostname
Apigw-Requestid
X-Info
X-Detected-As
X-Device-Type
AMP-Access-Control-Allow-Source-Origin
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-Cache-Host
X-Dc
X-Amz-Apigw-Id
X-Nginx-Cache
X-Amzn-RequestId
X-Webkit-Csp
X-Cdn
X-Debug-IsPreview
X-Microcachable
X-Debug-IsConnected
X-Cache-Enabled
X-GEO
X-Varnish-Grace
SD-X-WS
X-Content-Age
X-Varnish-Server
X-Platform
Amp-Access-Control-Allow-Source-Origin
X-Time-Microsecs
Tracecode
X-Backend-TTL
X-Azure-Ref
X-Cache-Backend
X-APP-VERSION
Uber-Trace-Id
X-GG-Cache-Date
X-Backend-Host
X-DynaTrace-JS-Agent
X-ServerID
X-Proxy-Cache-Status
X-Erf-Stays-Bingo-Pdp-Web
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-BCube-Filmed-By
X-Oss-Server-Time
Akamai-GRN
X-Oss-Hash-Crc64ecma
X-Tb
DSUID
X-ATG-Version
Backend
X-Trace-Id
X-Sucuri-ID
X-NewRelic-App-Data
X-Correlation-ID
X-Akamai-Transformed
ServedBy
X-ID
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Aed
X-Application
X-Matched-Rule
X-Thinkindot-L3
X-SRCache-Key
X-Session-Fingerprint
X-Rojux
X-A-Ccd
X-A
X-A-Dam
X-S
X-ScT
X-S-Cookie
X-Vdms-Version
X-Location
X-External-Request-Id
X-Device-Os
X-Destination
X-Fetched-On
X-From
X-Generated-On
X-Level-Front-Cache
X-D
X-Connection-Hash
X-Varnish-Cache-Hits
X-B-Cookie
X-Cache-NE
X-Trv-Group
X-CF-Lambda-Version
X-CF-Lambda-Fn
Thinkindot-Control
X-Varnish-Hostname
X-VG-WebServer
X-Vtex-Remote-Cache
Machine
X-Processor
Instruction
X-Origin-TTL
Fastcgi-X-Cache-Version
MD5-Digest
X-PAYTM-SRV-ID
Odigeo-Trace-Id
X-Vtex-Processado-Em
Path
Mobile-Detection-Method
X-PBS-Appsvrname
Meta-Geo-Continent
Pramga
Rendered-Blocks
Thinkindot-CacheControl
X-VG-WebCache
T-Server
Thinkindot-CacheControl-Type
X-Vdms-Path
X-Rewrite-Enabled
X-Origin-CC
X-Request-UUID
Xc-Version
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
BehaviorPad-Version
X-RCS-CacheZone
SR-User-Adfree
X-Generation-Time
X-ARC
PB-RID
PB-PID
X-Origin-Response-Time
Arc-Version
X-CSRF-Token
X-Ms-Version
X-Ms-Request-Id
X-Cache-PHP
X-Magnolia-Registration
X-Cache-NGX
UCS
X-Has-Esi
Release
Ssr
Lfy
X-Tumblr-Pixel-3
Cf-Device-Type
CacheControlHeader
Cache-Host
X-Swa-Ws
X-Sn-Servicetimems
X-Owner
Host-ID
Fastly-Backend-Name
X-Skip-Cache
Pagetype
X-Azure-Ref-OriginShield
X-JWT-State
X-Cdn-Origin
X-NWS-UUID-VERIFY
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-GeoIP-City
X-GeoIP
X-Geo-Header
X-Cache-Info
X-Cache-Date
X-User
X-Node-Id
X-OVcl
X-Adobe-Source
X-Backend-State
X-Cache-Bucket
X-Micro-Cache
X-OVcl-Cache
X-Reqid
X-VServer
X-Debug-Cache
AKAMAI
DB-Nickname
X-Wikidot-Static-Cache
Wxu-Next-Hostname
Wxu-Next-Region
X-Origin-Expires
X-Wikidot-Backend
V-Age
X-Nginx-Cache-Key
X-VarnishDD-TTL
PFcat
On-Server
NGX
X-Request-URI
Server-Ext
Server-Host
X-Varnish-Hits
Sever-Int
Server-Hostname
X-Bip
X-Cache-Remote
X-Fastly-Cache
X-Fastly-Backend
X-Eu-Site
X-Envoy-Decorator-Operation
X-FC-Vary-Parameters
X-HN
X-TrackingId
X-Generated-In
X-Generated-By
X-IP
X-Developers
X-Core-Value
X-Cms-Context
X-CGP
X-Scheme
X-Csrf-Jwt
X-CUA
X-Developer
User-Cache-Control
X-Irp-Debug
X-Mvc-Supplant-Cachable
Wxu-Next-Commit
Magicmarker
X-Var-Ttl
Gh-Request-Id
Ha-Gx-Prefs
HA-Ipaddr
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
C-Via
CloudFront-Viewer-Country
Content-Disposition
X-Thanos
L
X-B3-Traceid
L5d-Success-Class
Locid
X-Request-Host
X-Dispatcher-Server
X-Block-Status
X-Method
NM-Fastcgi-Cache
X-Branch-Name
X-DPWN-IS-SECURE
X-Variation
X-Origin
X-Request-Start
Fastly-SWR
X-Old-Content-Length
X-NU-AKA-ACS-Version
Cf-Bgj
X-Varnish-Beresp-Grace
X-Esi-Check
X-Cache-Id
X-Clara-WADP
X-Li-Fabric
Adler-Geo
X-Clientip
Apple-News-Services-Handled
X-Servername
X-Gzip
X-Li-Pop
X-LI-UUID
X-DefHash
X-WADP-Cache
X-DefElseHash
X-Cache-Tags
Location
X-Loc
X-Cache-Expires
Fastly-SIE
Is-Eu
True-Client-Country-4JS
X-SIPLIST1
IsBot
Apple-News-Services-Parsed-Url
Rt-Fastcgi-Cache
X-TA-CDN-Provider
X-Varnish-Remaining-TTL
X-Rebelmouse-Cache-Control
Apple-News-Services-Host
X-Ratelimit-Reset
X-Gen-Mode
CDCHOST
X-Hnp-Log
X-Fmm-Version
X-Platform-Server
X-Varnish-CookieHashed-On
X-GoCache-CacheStatus
Platform
X-VG-TLSProxy
X-Rebelmouse-Surrogate-Control
X-Policy
Web-Mar-Node
Vix-Hermes-Req-Id
Apple-News-Services-Request-Url
X-Varnish-CookieINHashed-On
Origin
X-TX-ID
X-NC
X-Slack-Backend
X-Gamma-Serve
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
CDN-PullZone
X-B3-Spanid
CDN-RequestId
CDN-RequestCountryCode
CDN-Uid
X-NAPM-TraceId
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Fastly-Drupal-HTML
X-Cache-Debug
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-App-Version
HostName
Url
X-Varnish-Url
X-EC-Lua
X-Host-Name
CACHE
X-NCache
X-Core-Mission
X-CS
X-Response-By
X-Cdn-Forward
X-Varnish-Cacheable
X-Aicache-OS
S-Rt
X-PF-Uncompressing
X-B3-SpanId
X-Refresh
X-Mvc-Supplant-OutputCached
Xkeyi7
Pics-Label
X-CACHE-GROUP
X-Proxy-Cachei7
X-URL
X-LB-ID
X-BBXSRF
N-Cache
Cross-Origin-Window-Policy
Sid
X-CDN-Forward
Content-Secure-Policy
Ohc-File-Size
X-Cache-2
X-Via-Poph
X-FireWall-Protection
X-Via-Popv
Esi-Enabled
X-Sucuri-Cache
X-Via-Popn
D-Cc-Upstream
X-Epic-Correlation-Id
X-Varnish-Authentication
Cteonnt-Length
X-Cc-Req-Id
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Cc-Via
X-Svr
X-Wa
X-RateLimit-Limit
X-Servedbyhost
X-Error
X-Nc
X-Tb-Optimization-Total-Bytes-Saved
MIME-Version
Source
X-Esi
Who
X-TraceId
X-Cs
X-DC
X-Srv
Geoip-Latitude
Country-Code
GeoIp-Country-Code
Req-Svc-Chain
X-TIME
X-Server-IP
X-Unique-ID
X-Webkit-CSP-Report-Only
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-HS-Status
X-FPC
Hostname
X-Planisys-CDN-Cache
X-LiteSpeed-Cache-Control
XServer
X-API-Version
X-Nyt-Route
X-Origin-Time
X-Cache-Config
X-Gdpr
HitType
X-VC
Server-Ttl
X-LI-Proto
X-SN
Ohc-Cache-HIT
X-NGINX-Cache
X-Fastly-Request-Id
X-Webstats-RespID
X-VCL-Version
Cmsid
Server-ID
Svr
Kp-EeAlive
X-NodeID
X-SB
Cmstype
Geo-Info
X-CACHE-KEY
X-SD-PageType
X-Served-From
X-Check-Cacheable
VivaBuild
Viewtype
SID
A
Cache-Key
X-Vgn-Hpd-Reason
X-Viewer-Country
X-Ua
X-Render-Time
X-HOST
NtCoent-Length
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
EpKe-Alive
M-TraceId
X-BBC-Edge-Cache-Status
X-Vcl-Version
Request-ID
X-UA
Server-Id
X-DB
X-RPS
X-TIM-N
X-Worker
X-CF-Powered-By
TDXMobile
Cross-Origin-Opener-Policy
X-RSL
Arc-Country
X-Air-Source
X-DI
Cache-Provider
X-RAMCache
Resin-Trace
X-DW
X-RPM
X-DSS
X-Li-Proto
X-CSRF-TOKEN
X-Auto-Login
X-Ftr-Cache-Host
Filterid
X-Dynatrace-Js-Agent
X-Internal-Host
X-FORWARDED-FOR
GeoIP-Latitude
GeoIP-Country-Code
X-App
ProcessTime
Upgrade-Insecure-Requests
CDN
Srv
X-Vc
X-Cluster-Node
X-Action
Processtime
Datacenter
X-Newrelic-Synthetics
X-FTR-Cache-Host
Tcn
NGB
X-Fpc
X-ServedByHost
X-Oss-Cdn-Auth
X-Service
Proxy-Connection
X-WA
X-COUNTRY
Mime-Version
X-Presslabs-Stats
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
X-BBC-Origin-Response-Status
X-Geo
X-HostName
OT-Force-Account-Verify
X-HITS
X-Dw-Trace-Id
Cdn
X-Akamai-Pragma-Client-IP
X-Via-NSCOPI
X-MSEdge-Flight
X-Via-PopN
X-MSEdge-Features
X-Via-PopH
WZWS-RAY
X-BACKEND-TTL
X-SaId
X-ND-Cache
X-Fastly-Backend-Reqs
FSS-Cache
X-Cache-Tag
X-JoinUs
X-Via-PopV
DataCenter
X-Client-Ip
X-Edge-Location
X-NGENIX-Cache
X-Extlb
X-PHP-Backend
X-CACHE-AGE
X-Cdn-Request-ID
W
PICS-Label
X-Hello
X-Forwarded-Site
X-ABtesting
X-Parent-Response-Time
X-IN-APIGATEWAY
X-Flog
Dnion-Transfer-Encoding
X-IN-APIGATEWAYSSL
X-Lb-Id
X-Provided-By
X-LiteSpeed-Tag
LB
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-PJAX-URL
X-RateLimit-Remaining-Second
X-Region-Sid
X-VC-Cache
X-UnsetCookies
X-Req
X-Pad
X-Depends-On
Memcached
Mail-Subject
Epwk-X-Cache
Surrogated-Key
We-Hiring
X-Date
X-Bc-Bl
X-Accel-Expires-Debug
Media-Length
X-Pf-Uncompressing
Vha6-Origin
X-Oracle-DMS-ECID
Xet-Cookie
URI
Time
Env
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-ZONE
Memory
X-MiniProfiler-Ids
X-Swift-Error
Cf-Ipcountry
X-Request-Url
X-B3-Parentspanid
X-Request-URL
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Csrf-Token
X-Acquia-Site
X-Vcache
X-Akamai-ERRuleID
X-APP
X-Air-Trace-Id
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-ElasticPress-Search
X-Varnish-URL
X-Amz-Meta-Cb-Modifiedtime
X-Akamai-Request-ID
X-Snapshot-Date
CountryCode
X-Via-Edge
X-Acc-Debug-Context
Content-Script-Type
Inserted-Into-Cache-At
X-Men
X-Zone
X-Tid
X-Acc-Rdl
X-ServerName
X-Via-SSL
Ohc-Response-Time
X-Litespeed-Cache-Control
X-Traceid
NnCoection
Phost
X-Redis-Duration-Ms
X-Redis-Count
X-C
Edge-Copy-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Environment
X-Storefront-Renderer-Verified
Content-Style-Type