Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Request-Id
X-Varnish
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Ua-Compatible
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Request-ID
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Backend
X-Server
X-Hacker
Host-Header
Report-To
X-Server-Powered-By
X-Amz-Request-Id
X-Nginx-Cache-Status
Grace
X-Amz-Id-2
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Device
X-Amz-Version-Id
NEL
X-Cache-Spec
X-WebKit-CSP
X-CST
X-OneAgent-JS-Injection
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
EagleEye-TraceId
X-Dispatcher
X-Node
Surrogate-Control
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
P3p
X-ASPNET-VERSION
X-Cache-Lookup
X-Application-Context
Accept-CH
X-Ac
X-Country
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Cloud-Trace-Context
X-Template
Accept-Ch-Lifetime
Accept-Ch
X-Language
X-Readtime
Accept-CH-Lifetime
X-B3-TraceId
MS-Author-Via
X-Url
Rating
X-HW
X-Cnection
X-MS-InvokeApp
X-Origin-Cache
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Oneagent-Js-Injection
X-Varnish-TTL
X-Content-Type
X-Middleton-Display
Response
X-Middleton-Response
Display
X-Sol
Pagespeed
X-D2id
X-ORACLE-DMS-RID
Verso
Arr-Disable-Session-Affinity
X-ORACLE-DMS-ECID
X-Kinja-Server
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Exp-Variant
X-Goog-Hash
X-Vcap-Request-Id
X-Country-Code
X-Rack-Cache
X-Powered-By-Plesk
X-Navigation-Version
X-VARITI-CCR
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-TTL
X-Abt-Application-Version
X-Fastly-Request-ID
Fastly-Restarts
X-Buckets
X-Client-IP
X-Cache-TTL
X-Cached
X-FastCGI-Cache
X-MSEdge-Ref
X-Element-Page-Cache
X-Release
X-Dw-Request-Base-Id
X-NF-Request-ID
SPRequestGuid
X-SharePointHealthScore
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
SPIisLatency
SPRequestDuration
Public-Key-Pins
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
RTSS
Access-Control-Request-Method
Cache-Tag
AR-CACHE
X-Edge
X-LLID
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Powered-CMS
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
X-Litespeed-Cache
X-Ruxit-Js-Agent
Content-MD5
X-HP-Webp
X-Version
X-Jurisdiction
X-Webkit-CSP
S
X-DynaTrace
X-Origin-Upstream-Status
X-Recruiting
Charset
X-MCACHE
X-Mid
X-ECACHE
X-Mg-S
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-Kinsta-Cache
X-Ttl
X-Px
X-Content-Digest
X-T
X-PressLabs-Stats
Fastcgi-Cache
Cache-Tags
X-Accel-Expires
X-Fastcgi-Cache
X-Logged-In
X-Forwarded-Proto
Edge-Cache-Tag
X-Content-Security-Policy-Report-Only
Server-Node
X-Amz-Server-Side-Encryption
Filters
TP-L2-Cache
TCN
TP-Cache
MicrosoftSharePointTeamServices
X-Id
Front-End-Https
Server-Name
X-Correlation-Id
X-Grace
Nginx-Cache
X-Request-Processing-Time
X-Request-Received
X-Kong-Upstream-Latency
X-Hits
X-Kong-Proxy-Latency
X-Forwarded-For
X-Amzn-Trace-Id
X-Debug
X-Shield-Request-Id
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Age
X-Activity-Id
X-AppVersion
X-Az
X-HS-Content-Id
Alternate-Protocol
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-Yandex-Sdch-Disable
X-F-Cache
X-XRDS-Location
X-Amz-Replication-Status
Surrogate-Key
X-XRDS-LOCATION
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Origin-Server
X-Goog-Storage-Class
X-Ser
X-DIS-Request-ID
Nel
Accept-Charset
X-NWS-LOG-UUID
X-Frontend
X-Rid
X-Geo-Country
X-Cache-Age
X-Git-Hash
Host
Section-Io-Cache
X-Hostname
X-Respond-Thread
X-RateLimit-Remaining
X-Upgrade-Enabled
X-DataDome
X-Time
X-VCache
X-Mobile-URL
X-Daa-Tunnel
Access-Control-Allow-Method
X-LB-Cache
X-Seen-By
X-Server-ID
MS-CV
ServerID
Paypal-Debug-Id
X-Type
X-AOL-HN
X-IPLB-Instance
X-Source
X-Content-Options
X-Varnish-Backend
X-Cache-Action
Healthy
X-Route-Name
X-TT
X-Request-Guid
X-Providence-Cookie
Cleartype
X-Whom
X-Aspnet-Duration-Ms
Payment
X-Is-Crawler
X-App-Environment
X-Flags
Cache
X-Cache-Key
X-Debug-Info
X-Signature
X-B-Cache
Fastcgi-Useragent
X-Pinterest-Direct
X-Page-Id
X-Load-Cache
X-Jobs
X-FTR-Request-ID
X-WebKit-CSP-Report-Only
X-N
X-Contextid
Realpath
X-FB-Debug
X-Webkit-Csp
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Mobile
Node
Powered-By-ChinaCache
X-Rule
Refresh
X-Original-Request-Id
X-Response-Served-From
X-Cache-Expired-At
X-Accel-Buffering
DC
Version
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Proxy
Referer-Policy
Ms-Operation-Id
X-Zen-Fury
X-Cluster-Name
X-Framework
X-Content-Powered-By
X-Cacheable-TTL
X-RTag
X-Instance
X-RemovedCookies
X-HTML-Minification-Powered-By
X-Cache-Control
X-UUID
X-ProcessESI
Viewport
Access-Control-Request-Headers
X-B
X-Page-View
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Tt-Trace-Host
X-IPS-LoggedIn
X-Tt-Trace-Tag
X-Distributor
X-Via-JSL
X-Real-IP
X-Region
VIX-Pulpo-Node
X-Drupal-Cache-Contexts
X-FireWall-Port
Eomportal-Instance
X-FW-Dynamic
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-Cache-Operation
X-Cache-Rule
X-Cached-By
Liferay-Portal
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-Akamai-Edgescape
X-G
X-Tumblr-Pixel-1
X-Yottaa-Metrics
X-Tumblr-User
X-Yottaa-Optimizations
X-Tumblr-Pixel-0
Countrycode
X-Tumblr-Pixel
X-Cache-Hit
X-Environment-Context
X-L-Path
X-App-Server
X-Pass-Why
X-Nginx-Cache
X-Debug-IsConnected
X-Debug-IsPreview
DynaTrace
SRV
CF-IPCountry
X-Www-Served-By
Server-Info
Section-Io-Origin-Status
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Protected-By
Section-Io-Id
Xserver
X-User-Agent
X-Device-Type
X-Varnish-Grace
Webserver
From-Origin
X-Tumblr-Pixel-2
Ec-Rule-Version
X-Mode
GEO-INFO
X-Adobe-Loc
X-Adobe-Content
X-RN-RSRV
X-ES-SERVER
Meta-Geo
X-Handled-By
X-Endurance-Cache-Level
Retry-After
X-UPSTREAM-Address
Cache-Status
X-MP-GENERATED-AT
Cache-Tv-Group
X-Hl-Ver
X-Uri
X-PCL
X-PHP-Host
X-ProxyCache-Key
X-BYPASS-REASON
X-Soup
X-ProxyCache-Status
X-Backend-Name
Apigw-Requestid
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Privacy
Webcakes-App-Name
X-Access
Webcakes-Region
Webcakes-App-Version
TWC-Connection-Speed
X-Labrador-Cache-Channel
Country
Frame-Options
X-OCL
X-Varnish-Server
Decoy-Debug-Key
Decoy-Debug-Status
Property-Id
Fastly-SSL
Decoy-Debug-TTL
X-Origin-Hint
X-Pubstack
X-Human
X-Cache-Server
X-FB-TRIP-ID
X-Section
X-Format
X-Storage
X-Request-Time
Azure-SlotName
Azure-Version
X-ApacheServer
Azure-SiteName
Azure-RegionName
X-NYM-Debug-Backend
X-Sql-Count
Azure-InstanceId
X-No-Session
X-R9-Blue-Green-Version
X-Varnishpool
X-UA-Device-Type
X-LJ-Flow-ID
X-Via-Fastly
X-Server-W
X-VWS-Id
X-Sql-Duration-Ms
Mn-Server-Ip
X-AWS-Id
X-S-Maxage
X-Proto
X-Be
X-LAGOON
X-PERF
X-Redis-Cache
X-Say-TTL
X-Hosted-By
X-Proxied
X-Info
X-Say-Cacheable
X-Status
X-Locale
X-Cache-TTL-Remaining
Protected
X-WA-Info
X-SayCDN-TTL
X-Site-Version
X-Hyper-Cache
X-Web-Node
X-Routing-Service
X-Origin-Date
X-Zipkin-Id
X-Xfnlog-Site
X-Ratelimit-Limit
X-AIR-PT
X-Loop
X-GG-Cache-Date
X-TNCMS
Cache-Name
X-FW-Version
X-Sorting-Hat-ShopId
X-Shopify-Stage
Selected-Fe
X-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Timing-Wait
X-Proxy-Build
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-TT-LOGID
X-Is-Bot
X-Rendered-As
X-Cluster
AMP-Access-Control-Allow-Source-Origin
Uber-Trace-Id
X-Proxy-Cache-Status
X-Cache-Enabled
X-Node-Name
X-CCM
X-Forwarded-Host
X-Cache-Grace
X-Content-Age
X-TA-CDN-Provider
S-Cnection
X-Microcachable
X-Revision
X-Qloud-Router
X-NWS-UUID-VERIFY
X-SRV
X-Dc
X-Backend-Host
X-Via-CDN
X-Platform
X-Azure-Ref
Cache-Hits
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Ttl
X-Aspnetmvc-Version
Akamai-GRN
X-CSRF-Token
X-Cache-Host
X-Trace-Id
X-Detected-As
X-App-Version
X-EdgeConnect-Cache-Status
X-ATG-Version
ServedBy
X-Varnish-Hostname
X-Amzn-RequestId
X-FTR-Backend-Server
X-Amz-Apigw-Id
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Balancer
X-Amzn-Remapped-Content-Length
X-FTR-Cache-Status
X-FTR-DC
X-Cache-PHP
X-B3-SpanId
X-Debug-Cache
X-Cache-NGX
X-RCS-CacheZone
X-Ratelimit-Remaining
X-CS
X-Amz-Meta-S3cmd-Attrs
SD-X-WS
X-Nc
DB-Nickname
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-CACHE-KEY
X-FTR-Expires
X-BCube-Filmed-By
X-DynaTrace-JS-Agent
X-ID
X-Time-Microsecs
X-Akamai-Transformed
X-Correlation-ID
HostName
Tracecode
Backend
X-TX-ID
X-Ms-Request-Id
X-Backend-TTL
X-ServerID
X-Ms-Version
X-RateLimit-Limit
X-Adobe-Source
X-Trv-Group
X-Owner
X-Level-Front-Cache
X-Aed
X-From
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ScT
X-CF-Lambda-Fn
X-Application
X-CF-Lambda-Version
X-Processor
X-Location
Expiry
X-Origin-CC
Rendered-Blocks
X-Origin-TTL
X-A-Dcw
X-A-Dgt
X-Generation-Time
X-A-Wwc
X-A-Dam
X-A-Ccd
X-Vdms-Path
X-NAPM-TraceId
X-Vdms-Version
Fastcgi-X-Cache-Version
X-Varnish-Cache-Hits
X-A
X-Cache-NE
Who
X-External-Request-Id
Machine
X-B-Cookie
X-Request-UUID
X-Vtex-Processado-Em
X-SRCache-Key
X-Rewrite-Enabled
Mobile-Detection-Method
X-Vtex-Remote-Cache
X-Air-Hostname
Xc-Version
Odigeo-Trace-Id
X-Session-Fingerprint
X-Destination
X-D
X-Generated-On
X-Rojux
DCR-Processing-Time-Ms
MD5-Digest
X-VG-WebServer
X-ARC
X-Connection-Hash
X-VG-WebCache
T-Server
BehaviorPad-Version
X-S-Cookie
DCR-Decision-By
Meta-Geo-Continent
X-S
X-Varnish-Beresp-Grace
X-Unique-Id
Country-Code
X-NewRelic-App-Data
X-Cache-Info
X-Core-Value
X-Developers
Cache-Host
X-Device-Os
X-Fastly-Cache
CacheControlHeader
X-Cms-Context
X-FC-Vary-Parameters
Fastly-Backend-Name
Content-Disposition
AKAMAI
X-Fetched-On
X-Generated-In
Thinkindot-Control
X-Tb
Ssr
X-B3-Traceid
X-Swa-Ws
X-Geo-Header
X-Mvc-Supplant-Cachable
Magicmarker
On-Server
Server-Host
X-OVcl-Cache
X-Tumblr-Pixel-3
X-OVcl
Path
X-Reqid
X-Unique-ID
Pagetype
X-Micro-Cache
X-Thinkindot-L3
Host-ID
X-HS-Content-Campaign-Id
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
X-Irp-Debug
V-Age
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-Cache-Bucket
X-APP-VERSION
X-GEO
X-Varnish-Beresp-Ttl
User-Cache-Control
X-Sucuri-ID
Server-Ext
X-Azure-Ref-OriginShield
X-Block-Status
X-Branch-Name
X-Bip
Web-Mar-Node
Server-Hostname
Sever-Int
UCS
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Backend-State
X-Gzip
X-Nginx-Cache-Key
X-Method
X-TrackingId
X-Thanos
X-VServer
X-LI-UUID
X-Li-Pop
X-VG-TLSProxy
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-Node-Id
X-Old-Content-Length
X-Request-URI
X-Ratelimit-Reset
X-Policy
X-Origin-Response-Time
X-Scheme
X-Skip-Cache
Release
X-WADP-Cache
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-IP
X-Hnp-Log
X-Esi-Check
X-Envoy-Decorator-Operation
X-Eu-Site
X-Fastly-Backend
X-Fmm-Version
X-Dispatcher-Server
X-Developer
X-Cache-Id
X-CGP
X-Clara-WADP
X-Csrf-Jwt
X-Gen-Mode
X-Generated-By
X-Origin
X-VarnishDD-TTL
X-Has-Esi
X-HN
X-Varnish-Hits
X-GoCache-CacheStatus
X-User
X-Var-Ttl
X-GeoIP
X-GeoIP-City
X-Cache-Debug
X-Cache-Var
CDN-RequestId
HA-Ipaddr
Ha-Gx-Prefs
Apple-News-Services-Handled
L
Location
CDN-RequestCountryCode
Gh-Request-Id
CDN-Uid
Esi-Enabled
X-Magnolia-Registration
X-Cdn-Forward
X-Cache-Var-Map
X-Varnish-Beresp-Status
Cf-Bgj
Cf-Device-Type
Locid
L5d-Success-Class
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
CDN-Cache
Apple-News-Services-Request-Url
CDCHOST
PFcat
NM-Fastcgi-Cache
Origin
NGX
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
Filterid
X-EC-Lua
Arc-Version
X-DPWN-IS-SECURE
C-Via
DSUID
X-Hash
X-Gamma-Serve
X-DefHash
X-Cache-Tags
Adler-Geo
X-NU-AKA-ACS-Version
X-DefElseHash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Rebelmouse-Cache-Control
SR-User-Adfree
X-Variation
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Slack-Backend
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
PB-RID
Platform
X-Varnish-Remaining-TTL
Rt-Fastcgi-Cache
PB-PID
X-Origin-Expires
IsBot
Fastly-Drupal-HTML
Is-Eu
X-Platform-Server
X-Aicache-OS
Fastly-SIE
X-Rebelmouse-Surrogate-Control
Instruction
Fastly-SWR
X-SIPLIST1
X-Request-Host
X-Epic-Correlation-Id
X-Mvc-Supplant-OutputCached
X-Varnish-Url
X-CUA
X-Loc
X-Clientip
X-LB-ID
Pics-Label
X-Matched-Rule
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Lfy
Geo-Info
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Planisys-CDN-Rules
X-PF-Uncompressing
X-Cache-Backend
CloudFront-Viewer-Country
X-Cache-Expires
X-Refresh
Url
X-Servername
Sid
X-NCache
X-Cdn-Origin
X-Sn-Servicetimems
Cmstype
Req-Svc-Chain
NGB
Cmsid
Pramga
X-Cache-Date
X-Served-From
Kp-EeAlive
Svr
X-Core-Mission
X-TraceId
X-Tb-Optimization-Total-Bytes-Saved
A
MIME-Version
VivaBuild
Viewtype
Cache-Key
M-TraceId
X-Request-Start
X-Srv
X-DC
X-Vgn-Hpd-Reason
X-FireWall-Protection
Server-ID
Source
Cross-Origin-Opener-Policy
X-Error
Arc-Country
X-CLOUD-TRACE-CONTEXT
X-Webkit-CSP-Report-Only
X-Varnish-Cacheable
TDXMobile
GeoIp-Country-Code
Geoip-Latitude
X-JoinUs
SID
X-NC
X-SaId
Tcn
X-Vc
X-NGENIX-Cache
X-Edge-Location
X-Servedbyhost
X-Wa
X-PHP-Backend
X-Response-By
X-HS-Status
NtCoent-Length
X-Vcl-Version
Content-Secure-Policy
X-Air-Source
X-Service
X-B3-Spanid
DataCenter
X-CDN-Forward
X-Proxy-Cachei7
Xkeyi7
X-Geo
X-Esi
X-LI-Proto
X-Internal-Host
Resin-Trace
X-Extlb
X-LiteSpeed-Cache-Control
Server-Ttl
N-Cache
X-BBXSRF
HitType
CACHE
X-Li-Proto
X-Kraken-Loop-Name
S-Rt
X-Cache-2
X-Kraken-Routeconfig-Destination
X-Instrumentation
FSS-Cache
X-Server-Lifecycle-Phase
X-Cache-Remote
X-HOST
X-Edge-Location-Klb
X-RAMCache
X-VCL-Version
X-Svr
X-Varnish-Authentication
XServer
X-Contensis-Viewer-Groups
Request-ID
X-Viewer-Country
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Cc-Via
Hostname
X-Cc-Req-Id
X-Via-NSCOPI
X-Forwarded-Site
X-Cache-ASPX
D-Cc-Upstream
X-UA
Cteonnt-Length
X-Erf-Stays-Bingo-Pdp-Web
Surrogated-Key
X-WA
Memcached
We-Hiring
Mail-Subject
X-Newrelic-Synthetics
X-RPS
X-Proxy-Upstream
X-DSS
X-DI
X-DB
X-DW
X-RPM
X-Accel-Expires-Debug
X-Date
X-PJAX-URL
X-Bc-Bl
X-RSL
LB
X-TIM-N
X-Req
Ohc-File-Size
Cross-Origin-Window-Policy
X-Sucuri-Cache
GeoIP-Latitude
GeoIP-Country-Code
X-RateLimit-Limit-Second
X-App
X-RateLimit-Remaining-Second
X-Server-IP
X-ServedByHost
X-VC-Cache
Env
X-Cs
X-FORWARDED-FOR
X-Host-Name
X-Cache-Config
X-Sigma
X-Gdpr
X-Rocket-Build-Number
X-Action
X-Sigma-Backend
CF-Cached-On
X-APP
X-FPC
X-API-Version
X-Nyt-Route
X-ZONE
ProcessTime
X-Origin-Time
Upgrade-Insecure-Requests
X-TIME
X-HostName
CPC-Cache
Server-Id
X-MSEdge-Flight
Memory
Time
X-Region-Sid
X-Air-Trace-Id
X-MSEdge-Features
VNS-Cache
VNS-Age
CPC-Age
X-Men
X-Oss-Cdn-Auth
X-SN
X-VC
X-Check-Cacheable
Cache-Provider
X-NodeID
X-Fpc
X-CF-Powered-By
X-CSRF-TOKEN
X-Provided-By
X-Swift-Error
X-Dynatrace-Js-Agent
X-Presslabs-Stats
Ohc-Cache-HIT
X-Depends-On
X-SB
X-Webstats-RespID
X-SD-PageType
Mime-Version
W
Srv
X-Akamai-Pragma-Client-IP
X-Cdn-Request-ID
X-Ftr-Cache-Host
CDN
X-UnsetCookies
X-BBC-Edge-Cache-Status
Cdn
X-BACKEND-TTL
X-ServerName
X-Zone
X-Client-Ip
X-Fastly-Backend-Reqs
Dnion-Transfer-Encoding
My-App
X-Hello
EpKe-Alive
X-Parent-Response-Time
X-Fastly-Request-Id
X-Render-Time
Fastcgi-Cache-TTL
X-ABtesting
X-Dw-Trace-Id
X-Flog
State
X-Minions-Version
X-Acquia-Application-UUID
X-Oracle-DMS-ECID
Proxy-Connection
Vha6-Origin
X-Cache-Tag
X-Acquia-Site
X-Acquia-Purge-Tags
Media-Length
X-Pf-Uncompressing
X-NGINX-Cache
X-ElasticPress-Search
X-Pad
X-Acquia-Application-Trace
X-Auto-Login
Epwk-X-Cache
X-BBC-Origin-Response-Status
PICS-Label
CountryCode
Processtime
X-Via-PopN
X-Worker
X-Mg-Request-UUID
X-Via-PopV
X-Via-PopH
X-LiteSpeed-Tag
X-Snapshot-Date
Cf-Ipcountry
X-FTR-Cache-Host
Datacenter
X-ElasticPress-Query
Warning
X-Vcache
OT-Force-Account-Verify
X-Akamai-ERRuleID
X-Request-URL
X-Varnish-URL
X-Varnish-Beresp-TTL
X-MiniProfiler-Ids
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-Cluster-Node
X-Akamai-ERPolicy
X-Lb-Id
Xet-Cookie
X-Tx-Id
X-Cache-Type
X-Ua
X-Apw-Hits
X-Orig-Expires
X-Shop-Environment
X-Tenant
X-ND-Cache
Content-Style-Type
X-Apw-Access-Token
X-Apw-Access-Action
X-Mg-Request-Id
X-Forwarded-Path
X-Apw-Access-Object
Content-Script-Type
X-Cache-Status-Check
Ohc-Response-Time
X-Storefront-Renderer-Verified
NnCoection
X-B3-Parentspanid
X-Traceid
Environment
X-Redis-Duration-Ms
X-Redis-Count
Phost
URI
Inserted-Into-Cache-At
X-Tid
X-Amz-Meta-Cb-Modifiedtime
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Litespeed-Cache-Control