Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Upgrade
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Amz-Version-Id
NEL
X-Cache-Spec
X-WebKit-CSP
Xkey
Allow
X-Device
X-CST
X-Vhost
X-Host
X-Backend-Server
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Ruxit-JS-Agent
Accept-CH
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
P3p
X-Ac
X-ASPNET-VERSION
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
Accept-Ch
X-MS-InvokeApp
X-HW
X-Url
X-Vname
X-PC
X-TtlSet
Accept-Ch-Lifetime
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-ORACLE-DMS-ECID
X-Trace
X-FastCGI-Cache
X-Middleton-Response
X-Sol
Display
X-Middleton-Display
Pagespeed
Response
X-Content-Type
X-D2id
X-Exp-Id
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Vcap-Request-Id
X-Exp-Variant
X-Cdn-Fetch
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-Server-Name
X-ORACLE-DMS-RID
X-Navigation-Version
Service-Worker-Allowed
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Powered-By-Plesk
X-Varnish-TTL
X-Client-IP
X-Cache-TTL
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Webkit-CSP
X-Release
Fastly-Restarts
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Cached
X-Kinja-Server-Push
SPRequestDuration
SPIisLatency
X-NF-Request-ID
X-Oneagent-Js-Injection
Public-Key-Pins
MRF-Tech
X-B3-TraceId-Primal
RTSS
Mrf-Cache-Status
X-Ttl
AR-ATIME
AR-CACHE
Ar-Sid
X-Edge
AR-Request-ID
AR-PoweredBy
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-TTL
X-LLID
X-Powered-CMS
X-Origin-Upstream-Status
X-Ezoic-Cdn
X-Px
X-Upstream
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Content-MD5
Fusion-Template-Id
Fusion-Source
Cache-Tag
X-Jurisdiction
X-HP-Webp
X-MCACHE
X-ECACHE
X-Mid
S
X-Version
X-Recruiting
X-Mg-S
X-Content-Digest
Charset
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
Fastcgi-Cache
X-T
TCN
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Front-End-Https
X-Id
Filters
X-Pinterest-Direct
X-Litespeed-Cache
Cache-Tags
X-Debug
X-Grace
X-Accel-Expires
Server-Node
X-Logged-In
Edge-Cache-Tag
X-Forwarded-Proto
X-Forwarded-For
X-DynaTrace
Server-Name
X-Amzn-Trace-Id
Nginx-Cache
TP-Cache
TP-L2-Cache
X-Yandex-Sdch-Disable
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Age
Surrogate-Key
X-Request-Received
X-Request-Processing-Time
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Ser
X-XRDS-LOCATION
X-Shield-Request-Id
X-Hits
X-Activity-Id
X-DIS-Request-ID
X-Amz-Replication-Status
X-Az
X-AppVersion
X-Server-ID
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-F-Cache
X-Goog-Storage-Class
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
Accept-Charset
X-Origin-Server
X-XRDS-Location
X-Git-Hash
X-Geo-Country
X-Cache-Key
Powered-By-ChinaCache
X-Respond-Thread
X-FTR-Request-ID
Cache
X-Rid
Section-Io-Cache
Alternate-Protocol
X-LB-Cache
X-Upgrade-Enabled
X-Frontend
X-DataDome
Nel
X-Hostname
Host
Access-Control-Allow-Method
X-Cache-Age
X-Mobile-URL
X-Seen-By
Paypal-Debug-Id
Cleartype
X-Time
X-AOL-HN
MS-CV
Healthy
X-NWS-LOG-UUID
X-Content-Options
X-Varnish-Backend
X-Ruxit-Js-Agent
X-VCache
X-IPLB-Instance
X-Type
ServerID
X-App-Environment
X-Whom
X-Cache-Action
X-Aspnet-Duration-Ms
X-Flags
Payment
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-TT
X-WebKit-CSP-Report-Only
X-Page-Id
X-Debug-Info
X-Signature
X-B-Cache
Fastcgi-Useragent
X-Jobs
X-N
X-Source
X-Load-Cache
X-Mobile
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Daa-Tunnel
X-Fastcgi-Cache
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Via-JSL
X-RateLimit-Remaining
Version
X-Cached-By
Refresh
X-Cache-Rule
X-Cache-Operation
X-Akamai-Edgescape
Viewport
X-Accel-Buffering
X-Response-Served-From
X-Rule
X-Original-Request-Id
X-Wix-Request-Id
DC
X-Proxy
X-Cacheable-TTL
X-Framework
X-RemovedCookies
X-Zen-Fury
X-Contextid
Access-Control-Request-Headers
X-ProcessESI
X-RTag
Ms-Operation-Id
X-Instance
X-Drupal-Cache-Tags
X-Real-IP
Node
X-UUID
X-Cache-Time
X-Region
Realpath
DynaTrace
X-HTML-Minification-Powered-By
X-Distributor
X-Page-View
Eomportal-Instance
Referer-Policy
X-Yottaa-Optimizations
X-Yottaa-Metrics
Countrycode
X-Drupal-Cache-Contexts
X-Cluster-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Varnish-Ttl
X-Cache-Expired-At
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-B
VIX-Pulpo-Upstream-Status
X-Content-Powered-By
X-Cache-Control
VIX-Pulpo-Node
X-IPS-LoggedIn
GEO-INFO
X-G
X-Tumblr-Pixel-1
X-Cache-Hit
X-Tumblr-Pixel-0
X-L-Path
X-Tumblr-User
X-Tumblr-Pixel
X-Environment-Context
Liferay-Portal
X-Ratelimit-Limit
Server-Info
X-User-Agent
X-App-Server
X-Pass-Why
X-FireWall-Port
X-Node-Name
Section-Io-Id
From-Origin
Section-Origin-Responded
X-Tumblr-Pixel-2
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Webserver
Ec-Rule-Version
X-Protected-By
Protected
CF-IPCountry
Xserver
X-Cache-Server
X-Www-Served-By
X-Ratelimit-Remaining
X-Amz-Meta-S3cmd-Attrs
X-Backend-Name
X-Revision
Frame-Options
X-RN-RSRV
X-Handled-By
X-ES-SERVER
Meta-Geo
X-Hl-Ver
X-Endurance-Cache-Level
SRV
X-UPSTREAM-Address
X-Site-Version
Cache-Status
X-FB-TRIP-ID
X-Soup
X-Hyper-Cache
X-Locale
X-NYM-Debug-Backend
Country
X-Cache-Grace
X-Storage
X-Human
X-Varnishpool
X-Web-Node
Cache-Tv-Group
X-Be
X-Forwarded-Host
Fastly-SSL
X-Pubstack
X-Proxy-Build
Decoy-Debug-TTL
X-Timing-Wait
TWC-Locale-Group
Decoy-Debug-Key
Decoy-Debug-Status
Property-Id
X-Mode
X-Redis-Cache
TWC-Connection-Speed
Webcakes-App-Version
Selected-Fe
Webcakes-Region
TWC-GeoIP-Country
TWC-Privacy
Webcakes-App-Name
X-Proto
X-Origin-Date
Azure-InstanceId
X-Origin-Hint
X-PHP-Host
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
Retry-After
Azure-RegionName
Azure-SiteName
Cache-Name
X-ProxyCache-Status
X-BYPASS-REASON
X-ProxyCache-Key
TWC-Device-Class
Azure-SlotName
Azure-Version
X-OCL
X-Hosted-By
X-PCL
X-Loop
X-No-Session
X-FW-Version
X-Format
X-MP-GENERATED-AT
X-Sql-Duration-Ms
X-Uri
X-Adobe-Loc
X-Adobe-Content
X-TNCMS
X-Tec-Api-Origin
X-WA-Info
X-Via-Fastly
X-Tec-Api-Version
X-Tec-Api-Root
X-TT-LOGID
X-Sql-Count
X-S-Maxage
X-UA-Device-Type
X-Access
X-Section
X-SayCDN-TTL
X-Request-Time
X-Say-Cacheable
X-AIR-PT
X-Say-TTL
X-Status
X-R9-Blue-Green-Version
X-Server-W
X-LAGOON
X-ApacheServer
X-Nginx-Cache
X-PERF
X-Storefront-Renderer-Rendered
X-Cache-TTL-Remaining
X-LJ-Flow-ID
X-Alternate-Cache-Key
X-VWS-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-AWS-Id
X-ShopId
X-Cluster
Mn-Server-Ip
X-Device-Type
X-CCM
X-Xfnlog-Site
AMP-Access-Control-Allow-Source-Origin
X-Rendered-As
X-Debug-IsConnected
X-Qloud-Router
X-Is-Bot
X-Debug-IsPreview
X-Via-CDN
X-Dc
X-FTR-Realm
X-FTR-Backend-Server
X-FTR-Balancer
S-Cnection
X-Country-Code-Real
X-Zipkin-Id
Cache-Hits
X-FTR-Cache-Status
X-FTR-Backend
X-Proxied
X-FTR-DC
X-Routing-Service
X-Info
Apigw-Requestid
X-Varnish-Grace
X-FTR-Expires
X-SRV
X-Varnish-Server
X-Detected-As
X-Cdn
X-Cache-Enabled
X-Cache-Host
X-GG-Cache-Date
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Air-Hostname
X-Microcachable
X-Content-Age
X-EdgeConnect-Cache-Status
X-Platform
X-Cache-Var-Map
X-Cache-Var
X-Unique-Id
X-Azure-Ref
Uber-Trace-Id
X-Backend-Host
Tracecode
X-Aspnetmvc-Version
SD-X-WS
X-CSRF-Token
X-DynaTrace-JS-Agent
X-Proxy-Cache-Status
X-Correlation-ID
X-Time-Microsecs
X-GEO
X-Backend-TTL
X-NWS-UUID-VERIFY
Akamai-GRN
X-ServerID
Amp-Access-Control-Allow-Source-Origin
X-APP-VERSION
X-ATG-Version
X-Cache-Backend
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
X-Trace-Id
X-Tb
DSUID
X-BCube-Filmed-By
Backend
X-Akamai-Transformed
X-Varnish-Hostname
ServedBy
X-TA-CDN-Provider
X-Cache-NGX
X-RCS-CacheZone
X-Oracle-Dms-Rid
X-Cache-PHP
X-Magnolia-Registration
X-Cache-NE
X-CF-Lambda-Fn
X-D
DCR-Processing-Time-Ms
X-Device-Os
X-External-Request-Id
DCR-Decision-By
Expiry
X-Destination
X-CF-Lambda-Version
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-Connection-Hash
Instruction
Lfy
X-Fetched-On
X-A
Release
X-A-Ccd
Path
Rendered-Blocks
X-Debug-Cache
Thinkindot-CacheControl
T-Server
Thinkindot-CacheControl-Type
SR-User-Adfree
Thinkindot-Control
X-A-Dam
X-A-Dcw
X-Aed
MD5-Digest
Machine
X-Application
X-ARC
Meta-Geo-Continent
X-A-Wwc
Odigeo-Trace-Id
Mobile-Detection-Method
X-A-Dgt
X-Varnish-Cache-Hits
X-B-Cookie
X-Dynatrace
X-S-Cookie
X-S
X-ScT
X-Session-Fingerprint
X-SRCache-Key
X-Rojux
X-Request-UUID
X-Origin-TTL
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Thinkindot-L3
X-Trv-Group
X-Vtex-Remote-Cache
PB-PID
PB-RID
Xc-Version
X-Vtex-Processado-Em
Arc-Version
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
X-Sucuri-ID
X-Rewrite-Enabled
HostName
X-Matched-Rule
X-Level-Front-Cache
X-GeoIP-City
X-Generation-Time
X-Location
X-Origin-CC
X-Generated-On
X-From
X-Erf-Stays-Bingo-Pdp-Web
X-NewRelic-App-Data
X-Has-Esi
X-HS-Content-Campaign-Id
Pagetype
X-Irp-Debug
X-Cdn-Origin
X-Tumblr-Pixel-3
X-VServer
Gh-Request-Id
Fastly-Backend-Name
Host-ID
X-TrackingId
X-GeoIP
X-Owner
Cf-Device-Type
Ssr
X-Reqid
X-Micro-Cache
X-FC-Vary-Parameters
X-JWT-State
X-Mvc-Supplant-Cachable
X-Azure-Ref-OriginShield
X-Node-Id
X-OVcl
X-OVcl-Cache
X-Bip
UCS
X-Origin-Response-Time
X-Swa-Ws
X-Thanos
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Skip-Cache
X-Sn-Servicetimems
X-Cache-Bucket
X-Is-Gdpr
X-Geo-Header
CacheControlHeader
C-Via
AKAMAI
X-Ms-Version
Cache-Host
X-Ms-Request-Id
X-TX-ID
X-Cdn-Forward
Pramga
X-CGP
X-Generated-In
PFcat
X-Cache-Tags
X-Var-Ttl
X-User
X-Generated-By
X-HN
On-Server
X-Clientip
X-App-Version
Wxu-Next-Region
Wxu-Next-Hostname
X-Origin-Expires
X-Adobe-Source
X-Backend-State
Wxu-Next-Commit
X-IP
NGX
X-Scheme
X-Request-Host
X-NAPM-TraceId
X-Fastly-Cache
X-Cache-Info
X-Cms-Context
Ha-Gx-Prefs
X-Varnish-Beresp-Grace
HA-Ipaddr
Server-Host
X-CUA
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Fastly-Backend
X-Eu-Site
X-B3-Traceid
X-Developers
X-Developer
X-Csrf-Jwt
DB-Nickname
Locid
Location
Magicmarker
X-Varnish-Hits
X-Core-Value
X-VarnishDD-TTL
CloudFront-Viewer-Country
L
L5d-Success-Class
Content-Disposition
X-B3-SpanId
Adler-Geo
X-LI-UUID
X-Variation
X-Origin
X-Old-Content-Length
X-Method
X-Loc
X-Cache-Expires
X-GoCache-CacheStatus
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Clara-WADP
X-Li-Pop
X-Gamma-Serve
X-Varnish-Remaining-TTL
X-Hash
X-Varnish-CookieINHashed-On
X-Envoy-Decorator-Operation
X-Cache-Date
X-Fmm-Version
X-Varnish-CookieHashed-On
X-Rebelmouse-Surrogate-Control
X-Branch-Name
Cf-Bgj
X-Varnish-Beresp-Status
X-Cache-Id
X-Slack-Backend
Server-Hostname
X-Nginx-Cache-Key
Rt-Fastcgi-Cache
X-Varnish-Beresp-Ttl
V-Age
Fastly-Drupal-HTML
Is-Eu
X-WADP-Cache
Fastly-SIE
Fastly-SWR
Platform
NM-Fastcgi-Cache
X-DefElseHash
Server-Ext
X-Policy
X-Ratelimit-Reset
X-Servername
X-Platform-Server
X-Esi-Check
X-Li-Fabric
X-NU-AKA-ACS-Version
X-Gzip
X-DPWN-IS-SECURE
X-Rebelmouse-Cache-Control
X-Dispatcher-Server
X-DefHash
X-Request-URI
Sever-Int
X-ID
User-Cache-Control
CDN-Cache
X-SIPLIST1
X-VG-TLSProxy
X-EC-Lua
X-Gen-Mode
True-Client-Country-4JS
CDN-CachedAt
Vix-Hermes-Req-Id
X-Hnp-Log
CDN-EdgeStorageId
IsBot
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Origin
X-CS
X-Block-Status
Web-Mar-Node
CDN-Uid
X-Cache-Debug
CDCHOST
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
Apple-News-Services-Request-Url
Sid
X-Mvc-Supplant-OutputCached
X-NCache
X-Request-Start
X-PF-Uncompressing
X-CACHE-KEY
X-Aicache-OS
X-Core-Mission
X-LB-ID
Url
X-Cache-Remote
X-Refresh
X-NC
X-Varnish-Url
X-Via-Popv
X-CACHE-GROUP
X-Via-Poph
X-Via-Popn
Esi-Enabled
X-Nc
X-B3-Spanid
S-Rt
X-Varnish-Cacheable
X-Response-By
Who
X-FireWall-Protection
Country-Code
X-Proxy-Cachei7
X-Host-Name
Pics-Label
X-Epic-Correlation-Id
Xkeyi7
X-BBXSRF
N-Cache
X-Unique-ID
X-Tb-Optimization-Total-Bytes-Saved
Req-Svc-Chain
X-TraceId
Ohc-File-Size
Cross-Origin-Window-Policy
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Source
Server-Ttl
X-Planisys-CDN-Cache
X-Error
X-Cache-2
X-Webkit-Csp
Content-Secure-Policy
X-Srv
X-Cc-Req-Id
X-Varnish-Authentication
X-HS-Status
X-Cc-Via
D-Cc-Upstream
GeoIp-Country-Code
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Sucuri-Cache
Geoip-Latitude
X-Webkit-CSP-Report-Only
X-Svr
Cteonnt-Length
CACHE
X-CLOUD-TRACE-CONTEXT
X-DC
X-Cs
X-LiteSpeed-Cache-Control
Cmstype
HitType
Geo-Info
Cmsid
Kp-EeAlive
X-RateLimit-Limit
X-CDN-Forward
MIME-Version
X-Served-From
X-Servedbyhost
X-Server-IP
Svr
X-Wa
X-URL
X-Origin-Time
X-FPC
Cache-Key
X-Gdpr
Filterid
A
Viewtype
X-API-Version
X-Vcl-Version
X-Nyt-Route
VivaBuild
X-Cache-Config
X-Li-Proto
M-TraceId
X-Esi
Server-Id
Resin-Trace
X-VC
X-SN
Ohc-Cache-HIT
Cross-Origin-Opener-Policy
TDXMobile
X-Webstats-RespID
X-LI-Proto
X-Air-Source
X-NodeID
X-RAMCache
Server-ID
X-SB
Hostname
X-NGINX-Cache
X-HostName
NtCoent-Length
X-HOST
Arc-Country
SID
Tcn
Request-ID
X-SD-PageType
X-Check-Cacheable
X-Vgn-Hpd-Reason
X-VCL-Version
X-Viewer-Country
NGB
Srv
X-UA
Cache-Provider
X-ServedByHost
X-RSL
X-RPM
Mime-Version
X-Vc
X-DW
X-RPS
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-TIM-N
X-Render-Time
X-DI
X-DSS
XServer
X-WA
X-DB
X-Internal-Host
X-TIME
X-Newrelic-Synthetics
X-BBC-Edge-Cache-Status
GeoIP-Country-Code
EpKe-Alive
GeoIP-Latitude
X-Service
X-Ua
X-App
X-JoinUs
Upgrade-Insecure-Requests
X-SaId
Processtime
X-Action
DataCenter
X-Worker
ProcessTime
X-CF-Powered-By
X-PHP-Backend
X-Auto-Login
X-NGENIX-Cache
X-Geo
X-Edge-Location
X-FTR-Cache-Host
X-Oss-Cdn-Auth
X-Fpc
X-Forwarded-Site
X-Via-NSCOPI
FSS-Cache
X-Provided-By
X-Cdn-Request-ID
X-Dynatrace-Js-Agent
X-Ftr-Cache-Host
W
X-CSRF-TOKEN
Proxy-Connection
CDN
X-Extlb
X-FORWARDED-FOR
Datacenter
X-Cluster-Node
CF-Cached-On
X-HITS
X-Swift-Error
X-Bc-Bl
Mail-Subject
X-Dw-Trace-Id
X-Req
LB
PICS-Label
X-Parent-Response-Time
X-Region-Sid
X-Fastly-Backend-Reqs
X-MSEdge-Features
X-MSEdge-Flight
X-PJAX-URL
X-Proxy-Upstream
Cdn
Surrogated-Key
We-Hiring
Memcached
X-Accel-Expires-Debug
X-VC-Cache
X-Date
X-Depends-On
X-BBC-Origin-Response-Status
X-BACKEND-TTL
X-Client-Ip
X-Zone
X-CACHE-AGE
X-Pad
X-RateLimit-Limit-Second
OT-Force-Account-Verify
X-ABtesting
X-Hello
X-Flog
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
Dnion-Transfer-Encoding
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Env
X-RateLimit-Remaining-Second
X-Fastly-Request-Id
X-UnsetCookies
X-Cache-Tag
X-Akamai-Pragma-Client-IP
X-ND-Cache
X-Via-PopN
X-Via-PopV
X-Via-PopH
Media-Length
X-Oracle-DMS-ECID
X-Air-Trace-Id
X-Presslabs-Stats
X-Men
X-APP
X-Acquia-Purge-Tags
X-Pf-Uncompressing
X-Acquia-Site
X-Acquia-Application-UUID
X-Acquia-Application-Trace
Vha6-Origin
Epwk-X-Cache
VNS-Cache
Memory
Time
X-ZONE
CPC-Age
X-LiteSpeed-Tag
X-Lb-Id
VNS-Age
X-MiniProfiler-Ids
WZWS-RAY
CPC-Cache
Cf-Ipcountry
X-Varnish-URL
X-Snapshot-Date
X-Csrf-Token
X-Akamai-ERPolicy
URI
X-Request-Url
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-Request-URL
X-Vcache
X-Akamai-ERRuleID
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Search
X-Ms-Meta-Originalurl
Xet-Cookie
CountryCode
X-Tid
X-C
Content-Style-Type
Content-Script-Type
X-Litespeed-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
X-B3-Parentspanid
NnCoection
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Phost
X-Traceid
X-Redis-Duration-Ms
X-Storefront-Renderer-Verified
Ohc-Response-Time
Environment
X-Redis-Count
X-ServerName