Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Amz-Version-Id
X-Device
X-CST
Allow
X-Vhost
X-WebKit-CSP
X-Host
Xkey
X-Backend-Server
X-Server-Id
EagleEye-TraceId
Surrogate-Control
X-Dispatcher
Request-Id
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Akam-SW-Version
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Cache-Lookup
Accept-CH
X-Country
X-Template
Accept-Ch
X-Language
Accept-CH-Lifetime
X-Mod-Pagespeed
X-Readtime
Accept-Ch-Lifetime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Rating
X-Origin-Cache
X-HW
X-Cnection
X-MS-InvokeApp
X-Url
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-Trace
X-ORACLE-DMS-ECID
X-ESI
X-ORACLE-DMS-RID
Display
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
Response
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
Verso
X-Vcap-Request-Id
X-Varnish-TTL
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-FastCGI-Cache
X-Buckets
X-Navigation-Version
X-Powered-By-Plesk
X-Server-Name
Service-Worker-Allowed
X-VARITI-CCR
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
X-Webkit-CSP
X-TTL
X-Client-IP
X-Cache-TTL
Fastly-Restarts
X-Cached
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-Oneagent-Js-Injection
X-NF-Request-ID
SPIisLatency
SPRequestDuration
Public-Key-Pins
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
RTSS
Access-Control-Request-Method
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
X-Litespeed-Cache
Cache-Tag
Content-MD5
X-Upstream
X-Origin-Upstream-Status
Fusion-Deployment-Id
Fusion-Source
X-HP-Webp
X-Jurisdiction
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
X-Px
Fusion-Content-Id
S
X-Version
X-MCACHE
X-Mid
X-ECACHE
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Ttl
X-Kinsta-Cache
Fastcgi-Cache
X-T
X-Amz-Server-Side-Encryption
X-DynaTrace
Cache-Tags
Filters
MicrosoftSharePointTeamServices
X-Logged-In
X-Content-Security-Policy-Report-Only
Front-End-Https
X-Accel-Expires
Server-Node
Edge-Cache-Tag
X-Forwarded-Proto
X-Id
X-Debug
X-Grace
X-Correlation-Id
TP-L2-Cache
TCN
TP-Cache
Server-Name
Nginx-Cache
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Forwarded-For
X-Kong-Proxy-Latency
X-Request-Processing-Time
Surrogate-Key
X-Request-Received
X-Hits
X-Shield-Request-Id
X-Varnish-Age
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Yandex-Sdch-Disable
X-Ser
X-Pinterest-Direct
X-Az
X-AppVersion
X-Activity-Id
X-Ruxit-Js-Agent
X-Amz-Replication-Status
X-XRDS-Location
X-Fastcgi-Cache
X-F-Cache
X-XRDS-LOCATION
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-DIS-Request-ID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
X-Geo-Country
Accept-Charset
Alternate-Protocol
X-Git-Hash
X-Cache-Key
X-Rid
X-Respond-Thread
X-Frontend
Section-Io-Cache
Cache
Host
X-LB-Cache
X-Upgrade-Enabled
X-FTR-Request-ID
X-NWS-LOG-UUID
X-DataDome
X-Time
Access-Control-Allow-Method
X-Mobile-URL
X-Seen-By
X-Server-ID
X-VCache
MS-CV
X-Cache-Age
Paypal-Debug-Id
X-AOL-HN
Healthy
ServerID
X-TT
X-IPLB-Instance
X-Type
X-Content-Options
X-Hostname
X-Whom
X-Varnish-Backend
X-App-Environment
X-Route-Name
X-Source
Cleartype
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
Payment
X-Aspnet-Duration-Ms
X-B-Cache
X-Signature
X-Cache-Action
Powered-By-ChinaCache
X-Page-Id
X-Debug-Info
Fastcgi-Useragent
X-Jobs
X-Daa-Tunnel
X-Load-Cache
X-WebKit-CSP-Report-Only
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-N
X-FB-Debug
X-RateLimit-Remaining
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Realpath
X-Via-JSL
X-Contextid
Nel
Refresh
Node
Version
X-Rule
X-Original-Request-Id
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Response-Served-From
X-Zen-Fury
X-Proxy
X-Cacheable-TTL
X-RTag
X-Framework
DC
Ms-Operation-Id
X-ProcessESI
X-Akamai-Edgescape
X-Cached-By
X-RemovedCookies
X-B
X-HTML-Minification-Powered-By
X-Real-IP
X-Cache-Time
X-Distributor
Access-Control-Request-Headers
Viewport
X-Instance
Referer-Policy
X-Cache-Expired-At
X-Cluster-Name
X-Cache-Rule
X-Cache-Operation
X-Region
X-UUID
Eomportal-Instance
X-Drupal-Cache-Contexts
X-Page-View
X-Content-Powered-By
X-Tt-Trace-Tag
X-Cache-Control
X-Tt-Trace-Host
Countrycode
X-FW-Server
X-FW-Hash
VIX-Pulpo-Node
X-FW-Serve
X-FW-Static
X-FW-Dynamic
VIX-Pulpo-Upstream-Status
X-FW-Type
X-Yottaa-Metrics
Liferay-Portal
X-IPS-LoggedIn
X-Yottaa-Optimizations
X-G
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-FireWall-Port
X-Tumblr-User
X-Environment-Context
X-Pass-Why
X-L-Path
DynaTrace
X-App-Server
Server-Info
CF-IPCountry
X-User-Agent
GEO-INFO
Section-Origin-Responded
X-Protected-By
SRV
Section-Io-Origin-Time-Seconds
Ec-Rule-Version
Section-Io-Id
Section-Io-Origin-Status
X-Tumblr-Pixel-2
Webserver
From-Origin
X-Ratelimit-Limit
Xserver
X-Nginx-Cache
X-Www-Served-By
X-Debug-IsPreview
X-Debug-IsConnected
X-Node-Name
Protected
X-Mode
X-RN-RSRV
X-UPSTREAM-Address
X-Device-Type
X-Endurance-Cache-Level
Meta-Geo
X-ES-SERVER
X-Hl-Ver
X-Handled-By
X-Cache-Server
X-Backend-Name
X-Locale
X-Adobe-Content
X-MP-GENERATED-AT
X-Site-Version
X-Uri
X-FB-TRIP-ID
Cache-Tv-Group
X-Adobe-Loc
Frame-Options
X-Varnish-Ttl
X-Soup
X-Labrador-Cache-Channel
Cache-Status
X-Web-Node
X-Varnishpool
X-PHP-Host
X-UA-Device-Type
X-NYM-Debug-Backend
X-Be
X-Storage
TWC-Device-Class
Webcakes-App-Version
X-Origin-Date
X-Origin-Hint
X-OCL
Webcakes-Region
Decoy-Debug-Status
Selected-Fe
TWC-GeoIP-Country
TWC-GeoIP-LatLong
X-Human
X-BYPASS-REASON
TWC-Connection-Speed
Property-Id
TWC-Locale-Group
Fastly-SSL
Webcakes-App-Name
Country
Decoy-Debug-Key
X-PCL
TWC-Privacy
Decoy-Debug-TTL
Cache-Name
X-No-Session
X-Pubstack
X-ProxyCache-Status
X-ProxyCache-Key
X-Proxy-Build
X-Redis-Cache
X-Sql-Count
X-Timing-Wait
X-Via-Fastly
X-WA-Info
X-Sql-Duration-Ms
X-Proto
X-Request-Time
X-Ratelimit-Remaining
Azure-SlotName
Azure-Version
Azure-SiteName
X-Server-W
Azure-RegionName
X-Section
Azure-InstanceId
X-Say-Cacheable
X-Say-TTL
X-Access
X-Format
X-TNCMS
X-Hosted-By
X-Hyper-Cache
X-SayCDN-TTL
Retry-After
X-AIR-PT
X-AWS-Id
X-S-Maxage
X-R9-Blue-Green-Version
X-FW-Version
X-LJ-Flow-ID
X-VWS-Id
X-Loop
X-LAGOON
X-Xfnlog-Site
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
X-Varnish-Grace
X-Sorting-Hat-PodId
X-CCM
X-Storefront-Renderer-Rendered
X-Webkit-Csp
X-Shopify-Stage
X-Cache-Grace
X-Forwarded-Host
X-ApacheServer
X-Sorting-Hat-ShopId
X-PERF
X-ShopId
X-Cluster
X-ShardId
X-Status
X-TT-LOGID
X-Revision
Mn-Server-Ip
X-Routing-Service
X-Zipkin-Id
Apigw-Requestid
X-Proxied
X-Varnish-Server
X-SRV
X-Rendered-As
X-Is-Bot
X-Qloud-Router
X-Info
S-Cnection
X-GG-Cache-Date
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-Cdn
X-Via-CDN
X-Cache-Enabled
X-Microcachable
Cache-Hits
X-Dc
X-Content-Age
X-FTR-Backend-Server
X-TA-CDN-Provider
X-Country-Code-Real
AMP-Access-Control-Allow-Source-Origin
X-Amz-Meta-S3cmd-Attrs
X-FTR-Balancer
X-FTR-Backend
X-FTR-Realm
X-FTR-Cache-Status
X-FTR-DC
X-Platform
Uber-Trace-Id
X-Proxy-Cache-Status
X-Detected-As
X-Azure-Ref
X-Cache-Host
X-App-Version
X-NWS-UUID-VERIFY
X-Aspnetmvc-Version
X-Backend-Host
Amp-Access-Control-Allow-Source-Origin
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-FTR-Expires
X-EdgeConnect-Cache-Status
Tracecode
X-CSRF-Token
X-Air-Hostname
Akamai-GRN
SD-X-WS
X-ATG-Version
X-Time-Microsecs
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Cache-Var-Map
X-Cache-Var
X-Trace-Id
X-ID
X-Backend-TTL
X-B3-SpanId
ServedBy
X-RCS-CacheZone
X-Unique-Id
X-ServerID
X-Debug-Cache
X-Cache-PHP
X-CS
X-Tb
X-BCube-Filmed-By
X-Varnish-Hostname
X-Cache-NGX
X-Correlation-ID
X-GEO
Backend
HostName
DB-Nickname
X-DynaTrace-JS-Agent
DCR-Processing-Time-Ms
Expiry
X-Processor
X-Rewrite-Enabled
X-Request-UUID
Fastcgi-X-Cache-Version
DCR-Decision-By
Instruction
X-PAYTM-SRV-ID
X-Owner
Mobile-Detection-Method
Meta-Geo-Continent
MD5-Digest
X-PBS-Appsvrname
Machine
X-Rojux
BehaviorPad-Version
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Ms-Version
Xc-Version
X-Vdms-Path
X-Trv-Group
X-S-Cookie
X-Origin-TTL
X-ScT
X-Session-Fingerprint
X-Thinkindot-L3
X-SRCache-Key
X-S
Odigeo-Trace-Id
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Aed
X-Application
X-B-Cookie
X-ARC
X-A-Dam
X-A-Ccd
T-Server
SR-User-Adfree
Rendered-Blocks
Thinkindot-CacheControl
X-Ms-Request-Id
Thinkindot-Control
Thinkindot-CacheControl-Type
X-Cache-NE
X-CF-Lambda-Fn
X-GeoIP-City
X-Generation-Time
X-Generated-On
X-Level-Front-Cache
X-Location
Release
X-NAPM-TraceId
X-From
X-Fetched-On
Path
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Destination
X-External-Request-Id
X-Device-Os
X-Origin-CC
X-A
DSUID
X-Magnolia-Registration
X-Sucuri-ID
X-Adobe-Source
X-Akamai-Transformed
Gh-Request-Id
X-JWT-State
X-Geo-Header
CacheControlHeader
X-EC-Lua
X-VServer
X-Azure-Ref-OriginShield
Fastly-Backend-Name
X-FC-Vary-Parameters
Content-Disposition
X-Tumblr-Pixel-3
X-Is-Gdpr
X-Bip
X-Cache-Bucket
X-GeoIP
PB-PID
X-NewRelic-App-Data
Pagetype
PB-RID
X-Has-Esi
X-HS-Content-Campaign-Id
Server-Host
On-Server
NGX
X-B3-Traceid
X-Fastly-Cache
X-Cache-Backend
X-Cdn-Forward
X-Irp-Debug
UCS
Host-ID
Cf-Device-Type
X-Thanos
X-Cms-Context
C-Via
X-TrackingId
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Core-Value
X-OVcl
X-Varnish-Cache-Hits
X-Reqid
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-OVcl-Cache
X-TX-ID
X-Node-Id
X-Skip-Cache
AKAMAI
Arc-Version
User-Cache-Control
X-Cache-Tags
X-Wikidot-Static-Cache
X-CUA
X-Fmm-Version
X-WADP-Cache
X-Cache-Id
X-Cache-Info
X-Wikidot-Backend
X-DefElseHash
X-HN
X-Hnp-Log
X-Developer
X-DPWN-IS-SECURE
Ssr
X-Fastly-Backend
V-Age
X-DefHash
X-Gzip
X-Envoy-Decorator-Operation
X-Csrf-Jwt
X-Generated-In
X-Varnish-Beresp-Grace
X-Block-Status
X-Clientip
X-Scheme
X-Gen-Mode
X-Generated-By
X-Backend-State
X-VarnishDD-TTL
X-CGP
X-GoCache-CacheStatus
X-Varnish-CookieINHashed-On
X-Clara-WADP
X-Varnish-Remaining-TTL
X-Esi-Check
X-Branch-Name
X-Eu-Site
X-Varnish-CookieHashed-On
Web-Mar-Node
X-IP
CDN-CachedAt
CDN-EdgeStorageId
CDN-Cache
CDCHOST
Cache-Host
X-Developers
CDN-PullZone
CDN-RequestCountryCode
Wxu-Next-Region
X-Li-Fabric
X-Li-Pop
X-LI-UUID
CDN-RequestId
CDN-Uid
Adler-Geo
X-Matched-Rule
X-Platform-Server
X-Swa-Ws
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Origin-Response-Time
X-Origin-Expires
X-Policy
X-Nginx-Cache-Key
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-Origin
Fastly-SIE
X-User
Server-Hostname
Server-Ext
Sever-Int
Fastly-SWR
Location
Wxu-Next-Hostname
NM-Fastcgi-Cache
X-Dispatcher-Server
Magicmarker
Locid
X-Variation
Platform
PFcat
X-Var-Ttl
Lfy
Wxu-Next-Commit
L5d-Success-Class
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
X-Nc
X-LB-ID
X-Varnish-Beresp-Status
X-Hash
X-Slack-Backend
X-Request-URI
Rt-Fastcgi-Cache
X-Varnish-Hits
IsBot
Cf-Bgj
X-Varnish-Beresp-Ttl
X-Method
Vix-Hermes-Req-Id
L
X-VG-TLSProxy
X-Gamma-Serve
CloudFront-Viewer-Country
X-SIPLIST1
True-Client-Country-4JS
X-Cache-Debug
X-CLOUD-TRACE-CONTEXT
X-Cache-Expires
X-Goog-Meta-Goog-Reserved-File-Mtime
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Origin
Fastly-Drupal-HTML
Apple-News-Services-Handled
X-Loc
Apple-News-Services-Request-Url
Pramga
X-Sn-Servicetimems
Esi-Enabled
X-Aicache-OS
X-Cdn-Origin
Who
X-CACHE-KEY
X-APP-VERSION
Country-Code
Sid
X-Unique-ID
X-NCache
X-Mvc-Supplant-OutputCached
X-Servername
X-Via-Popn
X-Via-Poph
X-Cache-Date
X-Via-Popv
X-Varnish-Url
X-PF-Uncompressing
X-Core-Mission
X-Refresh
Pics-Label
X-Request-Start
Geo-Info
X-Epic-Correlation-Id
X-RateLimit-Limit
X-Planisys-CDN-TTL
X-Esi
X-Tb-Optimization-Total-Bytes-Saved
Url
X-FireWall-Protection
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Erf-Stays-Bingo-Pdp-Web
X-TraceId
Filterid
Tcn
Req-Svc-Chain
Cmstype
Cmsid
X-Response-By
X-NC
X-DC
X-Error
X-Varnish-Cacheable
X-Cache-Remote
X-Proxy-Cachei7
Xkeyi7
Svr
Kp-EeAlive
X-Served-From
Source
S-Rt
X-Webkit-CSP-Report-Only
MIME-Version
Server-Ttl
X-BBXSRF
Viewtype
HitType
X-Srv
VivaBuild
Content-Secure-Policy
N-Cache
X-HS-Status
Cache-Key
A
X-Servedbyhost
NGB
Geoip-Latitude
X-B3-Spanid
M-TraceId
GeoIp-Country-Code
X-Cache-2
X-Wa
X-URL
Server-ID
X-Air-Source
X-Vcl-Version
X-Varnish-Authentication
Ohc-File-Size
Arc-Country
X-HostName
X-Cc-Via
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
D-Cc-Upstream
X-Dynatrace
X-CDN-Forward
Cteonnt-Length
X-Host-Name
X-Cc-Req-Id
Cross-Origin-Opener-Policy
Cross-Origin-Window-Policy
X-Cache-ASPX
X-Sucuri-Cache
TDXMobile
X-LI-Proto
X-Svr
X-Vgn-Hpd-Reason
NtCoent-Length
SID
CACHE
X-RAMCache
X-Server-IP
X-Li-Proto
X-HOST
Resin-Trace
XServer
X-Cache-Config
X-API-Version
X-VCL-Version
Request-ID
X-NGENIX-Cache
X-Vc
X-Service
X-JoinUs
X-Nyt-Route
X-PHP-Backend
X-Gdpr
X-Internal-Host
Hostname
X-Origin-Time
X-FPC
X-SaId
X-VC
X-UA
X-Edge-Location
X-Geo
Cache-Provider
GeoIP-Latitude
X-Cs
X-Newrelic-Synthetics
X-TIM-N
X-Check-Cacheable
X-DW
X-SN
X-RPM
X-ServedByHost
X-RSL
X-RPS
GeoIP-Country-Code
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-DI
X-WA
X-Viewer-Country
X-DB
X-CCDN-Origin-Time
X-DSS
X-FORWARDED-FOR
Ohc-Cache-HIT
CF-Cached-On
DataCenter
X-App
X-Webstats-RespID
X-NodeID
Server-Id
X-SB
X-Forwarded-Site
X-Extlb
FSS-Cache
X-Via-NSCOPI
ProcessTime
X-Action
X-SD-PageType
X-Bc-Bl
Mime-Version
X-TIME
X-VC-Cache
X-Oss-Cdn-Auth
Mail-Subject
X-Fpc
LB
X-Req
Memcached
X-Depends-On
X-PJAX-URL
X-Region-Sid
X-Date
X-Accel-Expires-Debug
Surrogated-Key
We-Hiring
X-Proxy-Upstream
X-Render-Time
X-NGINX-Cache
X-BBC-Edge-Cache-Status
X-CF-Powered-By
Srv
X-Provided-By
X-CSRF-TOKEN
X-Swift-Error
X-Dynatrace-Js-Agent
X-ZONE
X-RateLimit-Remaining-Second
X-UnsetCookies
W
Upgrade-Insecure-Requests
X-RateLimit-Limit-Second
Env
EpKe-Alive
X-FTR-Cache-Host
X-Oracle-Dms-Rid
X-Cdn-Request-ID
X-Rocket-Build-Number
X-APP
Processtime
X-Ua
CDN
X-Auto-Login
X-Air-Trace-Id
X-Men
X-BACKEND-TTL
Cdn
X-Ftr-Cache-Host
X-MSEdge-Flight
X-Sigma
X-MSEdge-Features
X-Sigma-Backend
X-Worker
X-Dw-Trace-Id
Datacenter
X-CACHE-AGE
X-Akamai-Pragma-Client-IP
X-Client-Ip
X-Hello
X-ABtesting
X-Fastly-Backend-Reqs
Time
Proxy-Connection
X-Flog
X-Cluster-Node
CPC-Age
X-Cache-Tag
X-Pf-Uncompressing
Dnion-Transfer-Encoding
VNS-Cache
VNS-Age
X-Parent-Response-Time
CPC-Cache
Memory
X-Fastly-Request-Id
PICS-Label
X-Acquia-Purge-Tags
Vha6-Origin
X-Acquia-Application-Trace
X-Zone
X-Oracle-DMS-ECID
X-IN-APIGATEWAY
X-BBC-Origin-Response-Status
X-Presslabs-Stats
X-IN-APIGATEWAYSSL
X-Acquia-Application-UUID
Media-Length
X-Pad
X-Acquia-Site
Epwk-X-Cache
X-Via-PopN
X-Snapshot-Date
X-HITS
X-Via-PopV
X-LiteSpeed-Tag
X-Via-PopH
Cf-Ipcountry
State
My-App
Fastcgi-Cache-TTL
X-Varnish-URL
X-Ms-Meta-Originalurl
X-Request-Url
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-MiniProfiler-Ids
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-ServerName
X-Request-URL
X-Vcache
X-Csrf-Token
Xet-Cookie
X-ElasticPress-Search
X-Lb-Id
OT-Force-Account-Verify
X-Ms-Meta-Staticbatchstarttime
CountryCode
X-Tx-Id
X-Storefront-Renderer-Verified
Content-Style-Type
X-Litespeed-Cache-Control
Phost
Content-Script-Type
X-Apw-Access-Action
X-Apw-Hits
X-Minions-Version
X-Apw-Access-Token
X-Apw-Access-Object
Environment
Ohc-Response-Time
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
X-Debug-Cache-Store
X-ND-Cache
WZWS-RAY
NnCoection
X-Traceid
X-C
X-B3-Parentspanid
X-Redis-Count
X-Redis-Duration-Ms
URI
X-Tid
X-Debug-Cache-Fetch