Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
X-XSS-Protection
Cf-Request-Id
CF-RAY
CF-Cache-Status
Last-Modified
Accept-Ranges
Link
Pragma
Expect-CT
ETag
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-Xss-Protection
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Ua-Compatible
X-Turbo-Charged-By
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Varnish-Cache
X-Rq
Ali-Swift-Global-Savetime
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-Cache-Spec
Allow
X-Backend-Server
X-Vhost
X-Host
X-CST
X-Device
X-WebKit-CSP
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-ASPNET-VERSION
P3p
X-Kinja-Server-Push
X-Template
X-Language
X-Ac
X-Application-Context
X-Country
X-Readtime
X-Cache-Lookup
X-Cloud-Trace-Context
X-Mod-Pagespeed
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-MS-InvokeApp
X-Cnection
X-Url
X-HW
Accept-Ch
X-ORACLE-DMS-ECID
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Trace
X-Sol
Display
X-Middleton-Response
Pagespeed
Response
X-Middleton-Display
X-Content-Type
X-D2id
X-Vcap-Request-Id
X-GoogleNews-Bot
X-Kinja
X-Kinja-Build
X-Exp-Variant
X-Exp-Id
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Buckets
Verso
X-Goog-Hash
X-Server-Name
X-Varnish-TTL
X-Rack-Cache
Service-Worker-Allowed
X-Country-Code
X-Oneagent-Js-Injection
X-Navigation-Version
X-VARITI-CCR
X-Amz-Rid
X-Abt-Application-Version
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Client-IP
X-Webkit-CSP
X-Powered-By-Plesk
X-Cache-TTL
SPRequestGuid
X-SharePointHealthScore
X-Release
X-Fastly-Request-ID
SPIisLatency
SPRequestDuration
X-MSEdge-Ref
X-TTL
X-Dw-Request-Base-Id
X-Element-Page-Cache
Fastly-Restarts
X-NF-Request-ID
X-Cached
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Public-Key-Pins
RTSS
X-Origin-Upstream-Status
X-Edge
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
AR-Request-ID
X-Px
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-LLID
Fusion-Content-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
X-Powered-CMS
X-Ezoic-Cdn
Content-MD5
X-Upstream
X-Jurisdiction
X-HP-Webp
X-Pinterest-Direct
X-Ttl
X-ECACHE
X-Mid
X-MCACHE
X-Amz-Server-Side-Encryption
X-Content-Digest
X-Aspnetmvc-Version
S
X-Mg-S
X-Recruiting
Cache-Tag
Charset
X-PressLabs-Stats
X-Version
MicrosoftSharePointTeamServices
TCN
X-Debug
Fastcgi-Cache
Front-End-Https
X-Content-Security-Policy-Report-Only
X-T
X-Grace
X-Id
Filters
X-Kinsta-Cache
Cache-Tags
Edge-Cache-Tag
Server-Node
X-XRDS-Location
X-Forwarded-Proto
X-Accel-Expires
X-Yandex-Sdch-Disable
X-Amzn-Trace-Id
X-Logged-In
X-Forwarded-For
X-Correlation-Id
Nginx-Cache
Surrogate-Key
Server-Name
X-Varnish-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Cache-Key
Powered-By-ChinaCache
TP-L2-Cache
TP-Cache
X-B3-Sampled
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-Server-ID
X-Ser
X-Request-Received
X-DynaTrace
X-DIS-Request-ID
X-Hits
X-Shield-Request-Id
X-Activity-Id
X-AppVersion
X-Az
X-Amz-Replication-Status
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-Litespeed-Cache
X-F-Cache
X-GUploader-UploadID
X-FTR-Request-ID
X-Goog-Generation
Accept-Charset
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Origin-Server
X-Git-Hash
X-Respond-Thread
X-Geo-Country
X-LB-Cache
X-DataDome
X-Hostname
X-Upgrade-Enabled
Section-Io-Cache
X-Rid
Cache
X-Frontend
X-Ruxit-Js-Agent
X-Cache-Age
Alternate-Protocol
Access-Control-Allow-Method
Host
X-Mobile-URL
Cleartype
X-XRDS-LOCATION
MS-CV
Healthy
Paypal-Debug-Id
ServerID
X-Type
X-IPLB-Instance
X-AOL-HN
X-Content-Options
X-App-Environment
X-Whom
X-Varnish-Backend
X-Aspnet-Duration-Ms
Payment
X-WebKit-CSP-Report-Only
X-Cache-Action
X-Seen-By
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-VCache
X-Flags
X-TT
X-B-Cache
X-Signature
X-Debug-Info
X-Page-Id
Fastcgi-Useragent
X-Jobs
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Mobile
X-Source
X-N
X-NWS-LOG-UUID
X-Erf-Bev-Bev
X-Time
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Load-Cache
X-Cached-By
X-RateLimit-Remaining
X-Via-JSL
Nel
X-Akamai-Edgescape
Version
X-FB-Debug
X-Daa-Tunnel
X-Cache-Rule
X-Cache-Operation
Viewport
DynaTrace
X-Fastcgi-Cache
X-Accel-Buffering
Refresh
X-Original-Request-Id
X-Response-Served-From
X-Rule
X-Proxy
DC
X-Drupal-Cache-Tags
X-Framework
X-ProcessESI
X-RemovedCookies
X-Zen-Fury
X-Cacheable-TTL
Ms-Operation-Id
X-RTag
Access-Control-Request-Headers
X-Tt-Trace-Tag
X-Region
X-Instance
Referer-Policy
X-Tt-Trace-Host
X-Real-IP
Realpath
X-HTML-Minification-Powered-By
X-Cache-Time
X-UUID
X-Wix-Request-Id
X-Contextid
GEO-INFO
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Static
X-Page-View
X-FW-Type
X-Distributor
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Expired-At
Eomportal-Instance
Countrycode
X-Environment-Context
X-L-Path
X-B
VIX-Pulpo-Upstream-Status
Node
VIX-Pulpo-Node
X-Cluster-Name
X-Node-Name
Liferay-Portal
X-Cache-Control
X-G
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-User-Agent
X-Amz-Meta-S3cmd-Attrs
Webserver
Server-Info
X-Tumblr-Pixel-2
X-Ratelimit-Limit
From-Origin
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
X-App-Server
Protected
SRV
X-Pass-Why
X-Oracle-Dms-Rid
Ec-Rule-Version
X-Revision
X-Protected-By
X-FireWall-Port
X-Backend-Name
X-Cache-Server
Cache-Status
Frame-Options
X-Handled-By
X-UPSTREAM-Address
X-RN-RSRV
X-Mode
X-Hyper-Cache
CF-IPCountry
X-Hl-Ver
X-ES-SERVER
X-Endurance-Cache-Level
Meta-Geo
Retry-After
X-Site-Version
X-Soup
X-Varnish-Ttl
X-FB-TRIP-ID
X-Www-Served-By
X-Locale
TWC-Device-Class
Country
Property-Id
TWC-GeoIP-Country
X-NYM-Debug-Backend
X-Human
X-Be
X-Web-Node
X-Varnishpool
TWC-Privacy
TWC-Connection-Speed
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Version
X-Storage
X-Cache-Grace
X-Origin-Hint
Webcakes-Region
X-Forwarded-Host
Cache-Tv-Group
Webcakes-App-Name
X-Adobe-Content
X-Adobe-Loc
X-Redis-Cache
X-Pubstack
X-ProxyCache-Status
X-Access
X-Section
X-Uri
X-FW-Version
X-UA-Device-Type
Decoy-Debug-Key
X-Timing-Wait
X-ProxyCache-Key
X-Proxy-Build
Azure-Version
Azure-SlotName
Decoy-Debug-Status
Cache-Name
X-Labrador-Cache-Channel
Azure-SiteName
Azure-RegionName
X-Proto
Decoy-Debug-TTL
X-PHP-Host
X-Origin-Date
Azure-InstanceId
Fastly-SSL
X-TT-LOGID
X-Format
Selected-Fe
X-Via-CDN
X-BYPASS-REASON
X-Say-TTL
X-SayCDN-TTL
X-PERF
X-Say-Cacheable
X-S-Maxage
X-PCL
X-WA-Info
X-Server-W
X-Sql-Count
X-OCL
X-AIR-PT
X-Via-Fastly
X-No-Session
X-Sql-Duration-Ms
X-ApacheServer
X-Request-Time
X-FTR-Backend-Server
X-LAGOON
X-FTR-Realm
X-LJ-Flow-ID
X-FTR-DC
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-Qloud-Router
X-Status
X-Country-Code-Real
X-VWS-Id
X-Loop
Mn-Server-Ip
X-Hosted-By
S-Cnection
X-TNCMS
X-Ratelimit-Remaining
X-AWS-Id
X-R9-Blue-Green-Version
Xserver
X-MP-GENERATED-AT
X-Cache-TTL-Remaining
X-Cluster
X-Routing-Service
X-Dynatrace
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-ShopId
X-Storefront-Renderer-Rendered
X-FTR-Expires
X-Proxied
Cache-Hits
X-Shopify-Stage
X-Xfnlog-Site
X-Zipkin-Id
X-Alternate-Cache-Key
X-Tec-Api-Version
X-CCM
X-Tec-Api-Origin
X-Tec-Api-Root
X-Is-Bot
X-Rendered-As
X-Cache-Var-Map
X-Cache-Var
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-Air-Hostname
X-Webkit-Csp
X-Detected-As
X-Device-Type
X-Cdn
X-EdgeConnect-Cache-Status
X-Unique-Id
X-Cache-Host
X-SRV
X-Info
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
Apigw-Requestid
X-Nginx-Cache
X-Microcachable
X-Debug-IsPreview
SD-X-WS
X-Cache-Enabled
X-Debug-IsConnected
X-Content-Age
X-Varnish-Server
X-GEO
Tracecode
X-Time-Microsecs
X-Platform
X-Cache-Backend
X-Backend-TTL
X-Varnish-Grace
X-DynaTrace-JS-Agent
X-Azure-Ref
X-ServerID
X-GG-Cache-Date
X-Backend-Host
X-Erf-Stays-Bingo-Pdp-Web
Amp-Access-Control-Allow-Source-Origin
X-APP-VERSION
Uber-Trace-Id
DSUID
X-Tb
X-Oss-Server-Time
Akamai-GRN
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-NewRelic-App-Data
X-Correlation-ID
X-BCube-Filmed-By
X-Proxy-Cache-Status
PB-RID
X-Sucuri-ID
X-ATG-Version
X-CSRF-Token
Backend
PB-PID
Arc-Version
X-Akamai-Transformed
X-Trace-Id
X-Magnolia-Registration
X-Level-Front-Cache
Xc-Version
X-B-Cookie
DCR-Decision-By
X-Generation-Time
DCR-Processing-Time-Ms
X-GeoIP-City
X-Cache-NE
X-VG-WebServer
X-CF-Lambda-Version
X-VG-WebCache
X-CF-Lambda-Fn
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
BehaviorPad-Version
Expiry
X-A-Dcw
X-Aed
X-Varnish-Cache-Hits
Release
X-Generated-On
Rendered-Blocks
T-Server
SR-User-Adfree
X-A-Wwc
Pramga
X-ARC
X-Connection-Hash
X-RCS-CacheZone
X-External-Request-Id
X-Fetched-On
X-A-Dgt
Thinkindot-CacheControl
X-D
X-Rojux
X-Rewrite-Enabled
X-Device-Os
Meta-Geo-Continent
MD5-Digest
X-S
X-A
X-Origin-TTL
Mobile-Detection-Method
Odigeo-Trace-Id
X-Processor
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Request-UUID
Thinkindot-CacheControl-Type
X-Application
Thinkindot-Control
X-S-Cookie
Machine
X-Vdms-Path
Instruction
X-Trv-Group
Fastcgi-X-Cache-Version
X-Matched-Rule
Path
X-Vdms-Version
X-Thinkindot-L3
X-Origin-CC
X-ScT
X-A-Dam
X-Destination
Lfy
X-From
X-SRCache-Key
X-Session-Fingerprint
X-Location
X-A-Ccd
X-Origin-Response-Time
X-Varnish-Hostname
ServedBy
X-FC-Vary-Parameters
Magicmarker
PFcat
X-Developers
Wxu-Next-Commit
UCS
CacheControlHeader
X-Geo-Header
X-GeoIP
X-Swa-Ws
X-Thanos
C-Via
Locid
Cache-Host
Ssr
X-Tumblr-Pixel-3
X-Wikidot-Backend
X-Cdn-Origin
X-Wikidot-Static-Cache
Fastly-Backend-Name
Gh-Request-Id
X-Cache-Bucket
X-Cache-Date
X-Azure-Ref-OriginShield
Host-ID
Wxu-Next-Hostname
Cf-Device-Type
Wxu-Next-Region
L
X-VarnishDD-TTL
X-Adobe-Source
X-Has-Esi
AKAMAI
X-Skip-Cache
X-Cache-PHP
X-Bip
X-Node-Id
X-Reqid
X-Cache-NGX
X-VServer
X-Ms-Version
X-Owner
X-OVcl-Cache
X-OVcl
X-Sn-Servicetimems
X-B3-Traceid
X-Irp-Debug
X-Is-Gdpr
Pagetype
X-HS-Content-Campaign-Id
X-HN
X-JWT-State
X-SVT-ORM-VERSION
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Cache-Remote
X-SVT-ORM-RULES
X-Ms-Request-Id
X-NWS-UUID-VERIFY
X-Debug-Cache
DB-Nickname
Server-Hostname
Sever-Int
Server-Host
Server-Ext
User-Cache-Control
X-Backend-State
X-Fastly-Backend
X-Method
X-Nginx-Cache-Key
X-IP
X-Generated-In
X-Generated-By
X-Origin-Expires
X-Policy
X-Scheme
X-Request-URI
X-Request-Start
X-Request-Host
X-Fastly-Cache
X-Eu-Site
X-Var-Ttl
X-Clientip
X-CGP
X-Cache-Tags
X-Cms-Context
X-User
X-Developer
X-CUA
X-Csrf-Jwt
X-Core-Value
X-Cache-Info
X-Varnish-Hits
Ha-Gx-Prefs
X-TrackingId
L5d-Success-Class
CDCHOST
Content-Disposition
Cf-Bgj
CloudFront-Viewer-Country
NGX
HA-Ipaddr
On-Server
X-NC
X-ID
X-Cache-Expires
X-Cache-Id
X-Cache-Debug
Fastly-SIE
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Branch-Name
X-Block-Status
X-Hnp-Log
Apple-News-Services-Handled
X-Gzip
X-SIPLIST1
X-GoCache-CacheStatus
Fastly-SWR
X-Variation
X-Servername
X-DefHash
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Esi-Check
X-Envoy-Decorator-Operation
X-DefElseHash
X-TX-ID
X-Clara-WADP
X-Gen-Mode
X-Fmm-Version
Location
Platform
Origin
X-Varnish-Beresp-Grace
Adler-Geo
X-Old-Content-Length
X-Loc
Is-Eu
X-LI-UUID
X-WADP-Cache
Rt-Fastcgi-Cache
X-NU-AKA-ACS-Version
V-Age
Web-Mar-Node
X-Origin
X-Varnish-Remaining-TTL
IsBot
NM-Fastcgi-Cache
X-Ratelimit-Reset
X-Varnish-CookieHashed-On
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Li-Fabric
X-Varnish-CookieINHashed-On
X-Platform-Server
X-Li-Pop
HostName
X-App-Version
CDN-Cache
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-RequestId
CDN-CachedAt
X-VG-TLSProxy
CDN-Uid
True-Client-Country-4JS
X-NAPM-TraceId
X-Host-Name
CACHE
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
CDN-PullZone
X-Gamma-Serve
Fastly-Drupal-HTML
X-Goog-Meta-Goog-Reserved-File-Mtime
Vix-Hermes-Req-Id
X-NCache
X-Hash
X-Slack-Backend
X-CS
X-EC-Lua
X-PF-Uncompressing
X-Response-By
X-B3-Spanid
X-Varnish-Url
X-Varnish-Cacheable
S-Rt
X-Cdn-Forward
X-Core-Mission
X-B3-SpanId
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-Proxy-Cachei7
X-TA-CDN-Provider
Url
X-Refresh
X-CACHE-GROUP
Xkeyi7
X-BBXSRF
N-Cache
Pics-Label
Cross-Origin-Window-Policy
Sid
X-LB-ID
X-Sucuri-Cache
X-FireWall-Protection
Ohc-File-Size
X-Cache-2
Content-Secure-Policy
X-Cc-Req-Id
X-Cache-ASPX
X-CDN-Forward
Esi-Enabled
X-Via-Popn
X-Cc-Via
X-Via-Popv
Cteonnt-Length
D-Cc-Upstream
X-Via-Poph
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Tb-Optimization-Total-Bytes-Saved
X-Error
X-Svr
X-Srv
Source
X-Server-IP
X-Servedbyhost
X-Epic-Correlation-Id
X-Unique-ID
X-Wa
MIME-Version
X-Webkit-CSP-Report-Only
X-TraceId
X-Cs
Who
X-DC
X-Nyt-Route
Req-Svc-Chain
X-Gdpr
HitType
X-API-Version
GeoIp-Country-Code
Geoip-Latitude
X-Origin-Time
X-Cache-Config
X-FPC
X-Nc
Country-Code
X-RateLimit-Limit
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Server-Ttl
X-HS-Status
X-SN
X-VC
X-Planisys-CDN-Cache
X-Fastly-Request-Id
X-TIME
Ohc-Cache-HIT
X-NGINX-Cache
Hostname
X-URL
X-Webstats-RespID
XServer
X-LiteSpeed-Cache-Control
X-LI-Proto
X-NodeID
X-SB
Geo-Info
X-CACHE-KEY
Kp-EeAlive
X-Check-Cacheable
Server-ID
X-Esi
X-VCL-Version
X-SD-PageType
Cmstype
Cmsid
X-Ua
X-Served-From
Svr
X-Render-Time
NtCoent-Length
X-HOST
EpKe-Alive
SID
Viewtype
Request-ID
Cache-Key
A
X-Vgn-Hpd-Reason
VivaBuild
X-BBC-Edge-Cache-Status
X-Vcl-Version
X-UA
X-Viewer-Country
M-TraceId
X-RPM
X-Worker
X-RAMCache
X-RSL
Server-Id
Resin-Trace
X-RPS
X-Li-Proto
X-Hcs-Proxy-Type
X-DI
X-DB
X-Auto-Login
Cache-Provider
X-CCDN-Origin-Time
X-TIM-N
X-DW
X-DSS
X-CCDN-CacheTTL
X-Ftr-Cache-Host
Arc-Country
TDXMobile
Cross-Origin-Opener-Policy
X-CF-Powered-By
GeoIP-Latitude
X-Air-Source
GeoIP-Country-Code
ProcessTime
X-CSRF-TOKEN
X-HostName
X-Dynatrace-Js-Agent
X-Internal-Host
X-Action
Processtime
X-App
X-Cluster-Node
CDN
Upgrade-Insecure-Requests
X-FTR-Cache-Host
X-Newrelic-Synthetics
Srv
X-WA
X-Vc
Tcn
X-ServedByHost
Mime-Version
X-Fpc
X-Oss-Cdn-Auth
X-CLOUD-TRACE-CONTEXT
Filterid
CF-Cached-On
X-BBC-Origin-Response-Status
Datacenter
X-Geo
X-FORWARDED-FOR
X-Service
OT-Force-Account-Verify
X-HITS
Cdn
X-Dw-Trace-Id
X-BACKEND-TTL
X-Via-PopH
X-ND-Cache
X-Via-PopV
Proxy-Connection
X-Via-PopN
X-MSEdge-Features
X-MSEdge-Flight
X-Fastly-Backend-Reqs
NGB
WZWS-RAY
DataCenter
X-CACHE-AGE
X-Client-Ip
X-Via-NSCOPI
X-Hello
X-ABtesting
FSS-Cache
W
X-Flog
X-Forwarded-Site
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Cache-Tag
Dnion-Transfer-Encoding
X-Parent-Response-Time
X-Lb-Id
X-NGENIX-Cache
X-PHP-Backend
X-JoinUs
X-Edge-Location
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
X-SaId
X-Presslabs-Stats
Vha6-Origin
PICS-Label
X-Pf-Uncompressing
X-Oracle-DMS-ECID
X-Extlb
Media-Length
X-Region-Sid
X-Req
LB
X-Swift-Error
X-PJAX-URL
URI
X-LiteSpeed-Tag
Surrogated-Key
Memcached
Mail-Subject
X-VC-Cache
X-Pad
X-Proxy-Upstream
X-Depends-On
X-Provided-By
X-MiniProfiler-Ids
Epwk-X-Cache
X-Bc-Bl
X-Date
X-ZONE
X-Accel-Expires-Debug
We-Hiring
Cf-Ipcountry
X-APP
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-UnsetCookies
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
Memory
Time
Env
X-Acquia-Application-Trace
X-Request-Url
X-Request-URL
X-Varnish-Beresp-TTL
X-Csrf-Token
X-ElasticPress-Query
X-Akamai-Request-ID
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Ms-Meta-Staticbatchstarttime
X-Vcache
X-Akamai-ERRuleID
Xet-Cookie
X-Ms-Meta-Originalurl
X-B3-Parentspanid
X-ElasticPress-Search
X-Akamai-ERPolicy
CountryCode
X-Acc-Rdl
X-Via-SSL
X-Acc-Debug-Context
X-Via-Edge
Inserted-Into-Cache-At
X-Air-Trace-Id
X-Men
X-Varnish-URL
X-Tid
Edge-Copy-Time
X-Zone
X-Debug-Cache-Fetch
X-Snapshot-Date
X-Redis-Duration-Ms
Ohc-Response-Time
X-Traceid
Phost
NnCoection
X-Redis-Count
Environment
X-Litespeed-Cache-Control
Content-Script-Type
X-Debug-Cache-Store
X-C
X-Storefront-Renderer-Verified
X-ServerName
Content-Style-Type