Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Via
Upgrade
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
X-Cache-Group
X-Proxy-Cache
EagleId
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Amz-Version-Id
X-Device
X-CST
Allow
X-Vhost
X-WebKit-CSP
X-Host
Xkey
X-Backend-Server
X-Server-Id
EagleEye-TraceId
Surrogate-Control
X-Dispatcher
Request-Id
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Akam-SW-Version
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
X-Cache-Lookup
X-Application-Context
X-Ac
Accept-CH
X-Template
X-Country
Accept-Ch
X-Language
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Readtime
Accept-Ch-Lifetime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Rating
X-Origin-Cache
X-HW
X-Cnection
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
X-Url
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-Trace
X-ESI
X-ORACLE-DMS-ECID
X-Middleton-Response
X-Sol
Response
Display
Pagespeed
X-ORACLE-DMS-RID
X-Middleton-Display
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Use-Magma
X-Kinja-Build
X-Kinja-Server
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
Verso
X-Vcap-Request-Id
X-Varnish-TTL
X-Goog-Hash
X-Country-Code
X-Rack-Cache
X-FastCGI-Cache
X-TTL
X-Buckets
X-Navigation-Version
X-Server-Name
X-Powered-By-Plesk
Service-Worker-Allowed
X-Abt-Application-Version
X-Amz-Rid
X-VARITI-CCR
X-Fastly-Request-ID
X-Webkit-CSP
X-Client-IP
X-Cache-TTL
Fastly-Restarts
X-Litespeed-Cache
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Cached
X-MSEdge-Ref
X-Release
X-Dw-Request-Base-Id
X-Element-Page-Cache
SPRequestGuid
X-SharePointHealthScore
X-Oneagent-Js-Injection
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-B3-TraceId-Primal
Public-Key-Pins
MRF-Tech
Mrf-Cache-Status
RTSS
Access-Control-Request-Method
X-SRCache-Store-Status
AR-ATIME
AR-Request-ID
AR-CACHE
AR-PoweredBy
Ar-Sid
X-SRCache-Fetch-Status
X-Edge
X-LLID
X-Powered-CMS
Cache-Tag
X-Ezoic-Cdn
Content-MD5
X-Upstream
X-Origin-Upstream-Status
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
X-Px
Fusion-Source
X-Jurisdiction
X-HP-Webp
Fusion-Template-Id
S
X-Version
X-Recruiting
X-Mid
X-Mg-S
X-MCACHE
X-ECACHE
Charset
X-Content-Digest
X-Kinsta-Cache
Fastcgi-Cache
X-T
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
X-DynaTrace
Cache-Tags
MicrosoftSharePointTeamServices
X-Logged-In
X-Accel-Expires
Front-End-Https
Filters
X-Content-Security-Policy-Report-Only
X-Ttl
Edge-Cache-Tag
Server-Node
X-Id
X-Debug
X-Correlation-Id
X-Forwarded-Proto
X-Grace
TP-L2-Cache
TP-Cache
TCN
Server-Name
Nginx-Cache
X-Amzn-Trace-Id
X-Forwarded-For
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Received
X-Request-Processing-Time
Surrogate-Key
X-Hits
X-Shield-Request-Id
X-B3-Sampled
X-Varnish-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Yandex-Sdch-Disable
X-Pinterest-Direct
X-Ser
X-Activity-Id
X-AppVersion
X-Az
X-Ruxit-Js-Agent
X-Amz-Replication-Status
X-F-Cache
X-Fastcgi-Cache
X-XRDS-Location
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-XRDS-LOCATION
X-DIS-Request-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Origin-Server
X-Geo-Country
Accept-Charset
Alternate-Protocol
X-Git-Hash
X-Cache-Key
X-Respond-Thread
X-Rid
X-Frontend
Section-Io-Cache
Cache
Host
X-NWS-LOG-UUID
X-Upgrade-Enabled
X-FTR-Request-ID
X-Time
X-LB-Cache
X-DataDome
X-Seen-By
X-Mobile-URL
Access-Control-Allow-Method
X-VCache
X-Server-ID
Paypal-Debug-Id
X-Cache-Age
X-AOL-HN
ServerID
MS-CV
Healthy
X-IPLB-Instance
X-Content-Options
X-Type
X-Hostname
X-Varnish-Backend
X-TT
X-Route-Name
X-Request-Guid
Cleartype
X-Whom
X-Providence-Cookie
X-Source
X-Aspnet-Duration-Ms
X-App-Environment
X-Is-Crawler
X-Flags
X-Cache-Action
X-B-Cache
X-Signature
Payment
Powered-By-ChinaCache
X-Jobs
X-Debug-Info
Fastcgi-Useragent
X-Page-Id
X-Daa-Tunnel
X-Load-Cache
X-WebKit-CSP-Report-Only
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-N
X-FB-Debug
X-Mobile
X-RateLimit-Remaining
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Contextid
Realpath
X-Via-JSL
Nel
Node
Refresh
Version
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
X-Wix-Request-Id
X-Cacheable-TTL
X-Proxy
X-Rule
DC
X-Zen-Fury
X-RemovedCookies
X-Akamai-Edgescape
X-ProcessESI
X-Framework
Ms-Operation-Id
X-RTag
X-Cached-By
X-B
Viewport
X-Instance
X-HTML-Minification-Powered-By
Referer-Policy
X-Distributor
X-Cache-Time
X-Cache-Rule
X-Region
Access-Control-Request-Headers
X-Page-View
X-Cache-Operation
X-Real-IP
X-Drupal-Cache-Contexts
X-UUID
X-Cache-Expired-At
X-Cluster-Name
Eomportal-Instance
X-Cache-Control
X-Tt-Trace-Host
X-Tt-Trace-Tag
VIX-Pulpo-Node
X-FW-Type
X-Content-Powered-By
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Static
VIX-Pulpo-Upstream-Status
X-FW-Server
X-IPS-LoggedIn
Liferay-Portal
X-Yottaa-Metrics
X-G
X-Cache-Hit
X-Yottaa-Optimizations
X-FireWall-Port
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
Countrycode
X-Tumblr-Pixel
X-Environment-Context
X-Pass-Why
X-L-Path
DynaTrace
Server-Info
X-App-Server
CF-IPCountry
GEO-INFO
X-Protected-By
X-User-Agent
Ec-Rule-Version
SRV
Section-Origin-Responded
From-Origin
Section-Io-Origin-Time-Seconds
X-Tumblr-Pixel-2
Section-Io-Id
Section-Io-Origin-Status
X-Ratelimit-Limit
Webserver
Xserver
X-Nginx-Cache
X-Www-Served-By
X-Debug-IsConnected
X-Debug-IsPreview
Protected
X-Node-Name
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-Cache-Server
X-Handled-By
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-Mode
X-Adobe-Content
X-Site-Version
X-Locale
Cache-Tv-Group
X-Adobe-Loc
X-Uri
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-UA-Device-Type
Cache-Status
X-Soup
X-PHP-Host
X-MP-GENERATED-AT
X-Storage
X-Be
Frame-Options
X-Web-Node
X-Labrador-Cache-Channel
X-Varnish-Ttl
X-Device-Type
X-OCL
X-Redis-Cache
X-PCL
X-Origin-Date
X-No-Session
X-Human
X-Request-Time
X-Pubstack
X-Hl-Ver
Fastly-SSL
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
Country
X-Varnishpool
X-Ratelimit-Remaining
X-Via-Fastly
Webcakes-Region
TWC-Locale-Group
Webcakes-App-Version
Property-Id
TWC-Connection-Speed
TWC-Device-Class
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Sql-Count
X-Sql-Duration-Ms
X-Origin-Hint
X-ProxyCache-Status
X-R9-Blue-Green-Version
X-Access
Cache-Name
X-AWS-Id
Azure-SiteName
X-Server-W
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Proto
X-Format
X-Loop
X-Section
X-ProxyCache-Key
X-Say-Cacheable
X-Backend-Name
X-Hosted-By
X-WA-Info
X-FW-Version
X-TNCMS
X-LJ-Flow-ID
X-BYPASS-REASON
X-S-Maxage
X-AIR-PT
Retry-After
X-VWS-Id
X-LAGOON
X-Say-TTL
X-SayCDN-TTL
X-Hyper-Cache
Azure-RegionName
X-Cache-Grace
X-Forwarded-Host
X-Cluster
X-Webkit-Csp
X-CCM
X-Cache-TTL-Remaining
X-PERF
X-Xfnlog-Site
X-Varnish-Grace
X-ApacheServer
X-Status
Selected-Fe
X-Timing-Wait
Mn-Server-Ip
X-Revision
X-ShardId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-TT-LOGID
X-Sorting-Hat-ShopId
X-Proxy-Build
X-Proxied
X-Routing-Service
Apigw-Requestid
X-Zipkin-Id
X-SRV
X-Varnish-Server
X-Is-Bot
X-Rendered-As
X-Qloud-Router
X-Info
X-GG-Cache-Date
S-Cnection
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-Enabled
X-Cdn
X-Via-CDN
X-Microcachable
X-Dc
Cache-Hits
X-TA-CDN-Provider
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
X-Content-Age
X-FTR-DC
AMP-Access-Control-Allow-Source-Origin
X-Proxy-Cache-Status
Uber-Trace-Id
X-Platform
X-Amz-Meta-S3cmd-Attrs
X-Detected-As
X-App-Version
X-Cache-Host
X-NWS-UUID-VERIFY
X-Azure-Ref
X-Aspnetmvc-Version
Amp-Access-Control-Allow-Source-Origin
X-Backend-Host
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-EdgeConnect-Cache-Status
X-FTR-Expires
Akamai-GRN
X-CSRF-Token
Tracecode
X-Air-Hostname
SD-X-WS
X-ATG-Version
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Time-Microsecs
X-Oss-Request-Id
X-Oss-Server-Time
X-Trace-Id
X-Cache-Var-Map
X-Cache-Var
X-B3-SpanId
X-Unique-Id
X-Debug-Cache
ServedBy
X-Backend-TTL
X-RCS-CacheZone
X-Varnish-Hostname
X-BCube-Filmed-By
X-Correlation-ID
X-Tb
X-ID
X-CS
X-GEO
HostName
Backend
X-Cache-NGX
X-Cache-PHP
X-ServerID
DB-Nickname
X-DynaTrace-JS-Agent
X-A-Ccd
T-Server
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A
Thinkindot-CacheControl
BehaviorPad-Version
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
DCR-Decision-By
X-A-Dam
X-Ms-Request-Id
X-Ms-Version
Instruction
Machine
Path
Rendered-Blocks
Odigeo-Trace-Id
Mobile-Detection-Method
MD5-Digest
Meta-Geo-Continent
SR-User-Adfree
X-Fetched-On
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rewrite-Enabled
X-Request-UUID
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Thinkindot-L3
X-Trv-Group
X-Vdms-Path
X-Owner
X-Origin-TTL
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
X-B-Cookie
X-ARC
X-A-Dgt
X-Aed
X-Application
X-D
X-Destination
X-Level-Front-Cache
X-Location
X-NAPM-TraceId
X-Origin-CC
X-Generation-Time
X-Generated-On
X-Device-Os
X-External-Request-Id
X-From
X-A-Dcw
X-A-Wwc
X-Sucuri-ID
X-Adobe-Source
X-Akamai-Transformed
X-Cms-Context
On-Server
X-Cdn-Forward
X-JWT-State
CacheControlHeader
X-Core-Value
X-Micro-Cache
DSUID
X-Fastly-Cache
X-Node-Id
X-Is-Gdpr
Pagetype
Cf-Device-Type
X-GeoIP-City
Fastly-Backend-Name
X-GeoIP
X-Geo-Header
Host-ID
X-Cache-Backend
X-B3-Traceid
X-Has-Esi
Content-Disposition
X-VServer
X-HS-Content-Campaign-Id
UCS
X-Magnolia-Registration
NGX
AKAMAI
X-NewRelic-App-Data
X-Azure-Ref-OriginShield
X-Reqid
Server-Host
X-TrackingId
X-Varnish-Cache-Hits
X-Tumblr-Pixel-3
Release
X-Skip-Cache
X-Cache-Bucket
X-TX-ID
X-OVcl
X-OVcl-Cache
User-Cache-Control
Web-Mar-Node
X-Cache-Info
X-Developer
Magicmarker
Wxu-Next-Hostname
X-Envoy-Decorator-Operation
Wxu-Next-Region
X-Fastly-Backend
X-Esi-Check
V-Age
X-DPWN-IS-SECURE
X-Dispatcher-Server
Sever-Int
Locid
Server-Ext
X-Backend-State
X-Bip
X-Block-Status
X-CUA
X-Varnish-CookieINHashed-On
X-Clara-WADP
X-DefHash
Server-Hostname
X-Branch-Name
X-DefElseHash
Wxu-Next-Commit
X-Hnp-Log
X-Rebelmouse-Surrogate-Control
X-Scheme
X-VarnishDD-TTL
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Origin-Expires
X-Origin-Response-Time
X-Platform-Server
X-Varnish-Remaining-TTL
X-SVT-ORM-RULES
X-Variation
X-Varnish-Beresp-Grace
X-Varnish-CookieHashed-On
X-Var-Ttl
X-User
X-SVT-ORM-VERSION
X-Swa-Ws
X-Thanos
X-Origin
X-Old-Content-Length
X-Gzip
X-HN
X-Wikidot-Backend
X-GoCache-CacheStatus
X-Wikidot-Static-Cache
X-Fmm-Version
X-Gen-Mode
X-Generated-By
X-IP
X-Irp-Debug
X-Matched-Rule
X-Mvc-Supplant-Cachable
X-NU-AKA-ACS-Version
X-WADP-Cache
X-LI-UUID
X-Li-Fabric
X-Li-Pop
X-FC-Vary-Parameters
X-Cache-Id
CDN-Uid
NM-Fastcgi-Cache
CDN-RequestId
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
Fastly-SIE
Platform
PB-RID
PB-PID
Is-Eu
PFcat
Fastly-SWR
Gh-Request-Id
CDN-Cache
CDN-EdgeStorageId
Location
Ssr
X-Nginx-Cache-Key
X-Developers
CDCHOST
Lfy
C-Via
Cache-Host
Adler-Geo
Arc-Version
X-Nc
HA-Ipaddr
X-Policy
X-Csrf-Jwt
X-Method
L
L5d-Success-Class
X-EC-Lua
X-Eu-Site
True-Client-Country-4JS
X-Slack-Backend
X-VG-TLSProxy
X-Varnish-Hits
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Request-URI
X-Request-Host
Ha-Gx-Prefs
X-Generated-In
X-Hash
CloudFront-Viewer-Country
X-Gamma-Serve
X-SIPLIST1
IsBot
X-CGP
X-Cache-Debug
Rt-Fastcgi-Cache
Vix-Hermes-Req-Id
Cf-Bgj
X-Cache-Tags
X-Clientip
X-CLOUD-TRACE-CONTEXT
Pramga
Origin
Apple-News-Services-Host
X-Cache-Expires
Apple-News-Services-Handled
X-Aicache-OS
Fastly-Drupal-HTML
X-Loc
Apple-News-Services-Parsed-Url
X-LB-ID
X-Sn-Servicetimems
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cdn-Origin
Esi-Enabled
Apple-News-Services-Request-Url
X-CACHE-KEY
X-APP-VERSION
Who
X-Unique-ID
Sid
X-Servername
X-Via-Poph
X-Via-Popn
X-NCache
X-Via-Popv
X-Cache-Date
Country-Code
Pics-Label
X-PF-Uncompressing
X-Core-Mission
X-Refresh
X-Mvc-Supplant-OutputCached
X-Varnish-Url
X-URL
X-Request-Start
X-Epic-Correlation-Id
Geo-Info
X-RateLimit-Limit
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-FireWall-Protection
X-Planisys-CDN-TTL
Url
X-Tb-Optimization-Total-Bytes-Saved
X-Erf-Stays-Bingo-Pdp-Web
Tcn
Filterid
Req-Svc-Chain
X-TraceId
Cmstype
X-Esi
X-Error
X-NC
Cmsid
X-Response-By
X-Varnish-Cacheable
X-Cache-Remote
X-DC
Kp-EeAlive
Svr
Source
X-Served-From
X-Proxy-Cachei7
Xkeyi7
S-Rt
X-Webkit-CSP-Report-Only
Content-Secure-Policy
A
VivaBuild
Server-Ttl
X-BBXSRF
Cache-Key
Viewtype
X-Srv
GeoIp-Country-Code
HitType
Geoip-Latitude
N-Cache
X-HS-Status
MIME-Version
X-B3-Spanid
X-Wa
M-TraceId
NGB
X-Cache-2
X-Servedbyhost
X-CDN-Forward
X-Varnish-Authentication
Cross-Origin-Opener-Policy
X-Host-Name
TDXMobile
X-Cache-ASPX
Cteonnt-Length
X-Air-Source
X-Cc-Via
X-Vcl-Version
Server-ID
X-LiteSpeed-Cache-Control
X-HostName
Ohc-File-Size
X-Sucuri-Cache
Cross-Origin-Window-Policy
D-Cc-Upstream
X-Cc-Req-Id
X-Contensis-Viewer-Groups
Arc-Country
X-Dynatrace
NtCoent-Length
X-Svr
X-Vgn-Hpd-Reason
X-LI-Proto
SID
CACHE
X-Server-IP
X-Li-Proto
X-RAMCache
X-Vc
X-HOST
X-VCL-Version
Resin-Trace
X-Internal-Host
XServer
X-API-Version
Request-ID
X-Cache-Config
X-Origin-Time
X-Nyt-Route
X-FPC
X-Gdpr
X-Service
X-SaId
Hostname
X-JoinUs
X-Edge-Location
X-PHP-Backend
X-UA
X-NGENIX-Cache
X-Geo
X-CCDN-CacheTTL
X-DSS
X-DI
X-DB
X-DW
X-RPM
Cache-Provider
X-RSL
X-RPS
X-TIM-N
X-Check-Cacheable
X-Newrelic-Synthetics
X-Hcs-Proxy-Type
X-WA
X-SN
X-Cs
X-ServedByHost
X-Viewer-Country
X-VC
X-CCDN-Origin-Time
CF-Cached-On
DataCenter
Ohc-Cache-HIT
X-NodeID
X-App
X-Extlb
FSS-Cache
GeoIP-Latitude
GeoIP-Country-Code
X-SB
X-Webstats-RespID
Server-Id
X-Via-NSCOPI
X-FORWARDED-FOR
Mime-Version
ProcessTime
X-SD-PageType
X-Forwarded-Site
X-Action
X-TIME
X-Render-Time
X-BBC-Edge-Cache-Status
X-Region-Sid
Memcached
X-Depends-On
X-CF-Powered-By
X-Fpc
Mail-Subject
X-Accel-Expires-Debug
We-Hiring
Surrogated-Key
X-PJAX-URL
Srv
X-COUNTRY
X-VC-Cache
X-Date
X-NGINX-Cache
X-Proxy-Upstream
X-Oss-Cdn-Auth
X-Req
LB
X-Dynatrace-Js-Agent
X-CSRF-TOKEN
X-Swift-Error
X-Bc-Bl
X-Presslabs-Stats
X-Provided-By
Env
X-RateLimit-Remaining-Second
X-UnsetCookies
W
X-RateLimit-Limit-Second
X-FTR-Cache-Host
Upgrade-Insecure-Requests
EpKe-Alive
X-Oracle-Dms-Rid
X-Cdn-Request-ID
Memory
X-Auto-Login
Cdn
X-MSEdge-Features
X-Dw-Trace-Id
X-Worker
X-ZONE
X-APP
X-Ua
X-MSEdge-Flight
CDN
X-Ftr-Cache-Host
Time
X-Rocket-Build-Number
X-Air-Trace-Id
Processtime
X-Sigma-Backend
X-BACKEND-TTL
X-Sigma
X-Akamai-Pragma-Client-IP
X-CACHE-AGE
X-Client-Ip
Datacenter
X-Fastly-Backend-Reqs
X-Parent-Response-Time
X-Men
CPC-Age
VNS-Cache
VNS-Age
CPC-Cache
Proxy-Connection
X-ABtesting
X-Cache-Tag
X-Hello
Dnion-Transfer-Encoding
X-Cluster-Node
X-Fastly-Request-Id
X-Flog
Media-Length
X-Zone
X-IN-APIGATEWAYSSL
X-BBC-Origin-Response-Status
Vha6-Origin
X-Acquia-Application-Trace
X-Acquia-Application-UUID
PICS-Label
X-Oracle-DMS-ECID
X-Pad
X-Acquia-Site
X-Pf-Uncompressing
X-IN-APIGATEWAY
X-Acquia-Purge-Tags
Epwk-X-Cache
X-HITS
X-Via-PopN
X-Snapshot-Date
X-LiteSpeed-Tag
X-Via-PopH
X-Via-PopV
Cf-Ipcountry
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Request-Url
X-Csrf-Token
X-ServerName
X-Varnish-URL
X-Request-URL
X-MiniProfiler-Ids
X-ElasticPress-Query
X-Varnish-Beresp-TTL
X-Vcache
Xet-Cookie
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
State
X-ElasticPress-Search
X-Lb-Id
My-App
OT-Force-Account-Verify
Fastcgi-Cache-TTL
X-Tx-Id
CountryCode
Environment
X-Amz-Meta-Cb-Modifiedtime
X-Minions-Version
URI
X-Litespeed-Cache-Control
X-Redis-Duration-Ms
Content-Style-Type
Content-Script-Type
X-ND-Cache
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-B3-Parentspanid
X-Redis-Count
Ohc-Response-Time
NnCoection
WZWS-RAY
X-Traceid
X-Storefront-Renderer-Verified
Inserted-Into-Cache-At
X-C
Phost
X-Tid