Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Cf-Request-Id
CF-RAY
CF-Cache-Status
Last-Modified
X-XSS-Protection
Accept-Ranges
Link
Pragma
Expect-CT
ETag
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Turbo-Charged-By
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
X-Backend
Server-Timing
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
X-Amz-Id-2
Host-Header
X-Server-Powered-By
X-UA-Device
X-Nginx-Cache-Status
Grace
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Varnish-Cache
X-Rq
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Swift-CacheTime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
NEL
X-OneAgent-JS-Injection
Xkey
X-WebKit-CSP
Allow
X-Cache-Spec
X-Backend-Server
X-Host
X-Vhost
EagleEye-TraceId
X-CST
X-Device
X-Server-Id
Request-Id
Surrogate-Control
X-Dispatcher
X-Kinja-Server-Push
Accept-CH
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
Accept-CH-Lifetime
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
P3p
X-Template
X-Language
X-Ac
X-Application-Context
X-Country
X-Readtime
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-Cache-Lookup
MS-Author-Via
X-Origin-Cache
X-B3-TraceId
Rating
X-MS-InvokeApp
X-Cnection
X-ORACLE-DMS-ECID
X-HW
Accept-Ch
X-Vname
X-TtlSet
X-PC
X-Url
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
Edge-Control
Accept-Ch-Lifetime
X-FastCGI-Cache
X-ASPNET-VERSION
X-Trace
X-Sol
X-Middleton-Display
Display
Pagespeed
Response
X-Middleton-Response
X-Content-Type
X-D2id
X-Buckets
X-Vcap-Request-Id
X-Exp-Id
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
Verso
X-Varnish-TTL
X-Goog-Hash
X-Server-Name
X-Rack-Cache
X-Country-Code
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-ORACLE-DMS-RID
X-Amz-Rid
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Cache-TTL
X-Powered-By-Plesk
X-Client-IP
SPRequestGuid
X-SharePointHealthScore
SPRequestDuration
SPIisLatency
X-Fastly-Request-ID
X-TTL
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-Element-Page-Cache
Fastly-Restarts
X-NF-Request-ID
X-Cached
X-Origin-Upstream-Status
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Webkit-CSP
Public-Key-Pins
RTSS
X-Px
AR-CACHE
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-ATIME
X-Edge
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Source
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-LLID
X-Powered-CMS
X-Upstream
X-Pinterest-Direct
X-Ezoic-Cdn
Content-MD5
X-HP-Webp
X-Jurisdiction
X-Amz-Server-Side-Encryption
X-Ttl
X-Mid
X-MCACHE
X-Content-Digest
X-ECACHE
Charset
X-Recruiting
S
X-Aspnetmvc-Version
X-Mg-S
Cache-Tag
X-PressLabs-Stats
MicrosoftSharePointTeamServices
TCN
X-Debug
X-Version
Front-End-Https
Fastcgi-Cache
X-Content-Security-Policy-Report-Only
X-Grace
X-XRDS-Location
X-T
Filters
X-Kinsta-Cache
Cache-Tags
Server-Node
Edge-Cache-Tag
X-Yandex-Sdch-Disable
X-Forwarded-Proto
X-Id
X-Amzn-Trace-Id
X-Cache-Key
X-Accel-Expires
Powered-By-ChinaCache
Surrogate-Key
X-Logged-In
X-Forwarded-For
Nginx-Cache
X-Correlation-Id
Server-Name
X-Varnish-Age
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DynaTrace
X-B3-Sampled
X-Hits
X-DIS-Request-ID
X-Request-Handler-Origin-Region
X-Server-ID
X-Ser
X-Microsite
TP-L2-Cache
TP-Cache
X-Request-Processing-Time
X-Request-Received
X-AppVersion
X-Activity-Id
X-Az
X-Shield-Request-Id
X-Amz-Replication-Status
X-FTR-Request-ID
X-HS-Combine-CSS
X-HS-Content-Id
X-F-Cache
X-HS-Hub-Id
X-HS-Cache-Config
Accept-Charset
X-Goog-Stored-Content-Encoding
X-Git-Hash
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Origin-Server
X-Respond-Thread
X-Hostname
X-Geo-Country
X-LB-Cache
X-DataDome
Section-Io-Cache
X-Upgrade-Enabled
X-Rid
X-Cache-Age
X-Frontend
X-Ruxit-Js-Agent
Cleartype
Access-Control-Allow-Method
X-Mobile-URL
Paypal-Debug-Id
Alternate-Protocol
Host
Cache
Healthy
MS-CV
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Type
X-Content-Options
X-TEC-API-VERSION
X-IPLB-Instance
X-AOL-HN
ServerID
X-Varnish-Backend
X-App-Environment
X-Whom
X-WebKit-CSP-Report-Only
Payment
X-Debug-Info
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Request-Guid
X-TT
X-Cache-Action
X-Signature
X-B-Cache
X-Route-Name
X-VCache
Fastcgi-Useragent
X-Seen-By
X-Page-Id
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Jobs
X-Mobile
X-Source
X-N
X-XRDS-LOCATION
X-Cached-By
X-NWS-LOG-UUID
X-Load-Cache
X-Browser-Type
X-Akamai-Edgescape
X-Time
X-Via-JSL
Nel
X-RateLimit-Remaining
X-Litespeed-Cache
Version
X-FB-Debug
Viewport
DynaTrace
X-Cache-Rule
X-Cache-Operation
X-Fastcgi-Cache
X-Rule
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
Refresh
X-Zen-Fury
X-Daa-Tunnel
X-Proxy
X-Drupal-Cache-Tags
X-Framework
DC
Realpath
X-RemovedCookies
X-Tt-Trace-Host
X-ProcessESI
X-Cacheable-TTL
X-Instance
X-Tt-Trace-Tag
Ms-Operation-Id
GEO-INFO
Access-Control-Request-Headers
X-RTag
X-Real-IP
X-Node-Name
Referer-Policy
X-Cache-Time
X-UUID
X-HTML-Minification-Powered-By
X-Region
X-L-Path
X-Yottaa-Metrics
X-Distributor
X-Contextid
X-Environment-Context
X-Yottaa-Optimizations
X-Drupal-Cache-Contexts
X-Page-View
X-FW-Static
X-FW-Server
X-FW-Type
X-Cache-Expired-At
Eomportal-Instance
VIX-Pulpo-Upstream-Status
X-FW-Serve
VIX-Pulpo-Node
X-FW-Hash
X-FW-Dynamic
X-Wix-Request-Id
X-B
Liferay-Portal
Node
X-Cluster-Name
X-Tumblr-Pixel-1
Countrycode
X-Tumblr-Pixel-0
X-G
X-Tumblr-User
X-Tumblr-Pixel
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
X-Content-Powered-By
X-User-Agent
X-IPS-LoggedIn
X-Cache-Hit
X-Tumblr-Pixel-2
Webserver
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Server-Info
SRV
Protected
X-Ratelimit-Limit
From-Origin
X-App-Server
X-Revision
X-Protected-By
X-Oracle-Dms-Rid
X-Pass-Why
Ec-Rule-Version
Frame-Options
X-Cache-Server
X-Backend-Name
Cache-Status
X-FireWall-Port
X-Hyper-Cache
X-UPSTREAM-Address
Meta-Geo
X-Hl-Ver
X-Handled-By
X-RN-RSRV
X-ES-SERVER
Retry-After
X-Mode
X-Endurance-Cache-Level
X-Via-CDN
X-FB-TRIP-ID
X-Site-Version
X-NYM-Debug-Backend
X-Soup
X-Storage
X-Forwarded-Host
X-Adobe-Content
X-Locale
X-Adobe-Loc
Fastly-SSL
Decoy-Debug-TTL
X-Cache-Grace
X-Varnishpool
X-Web-Node
X-Pubstack
X-Human
CF-IPCountry
Decoy-Debug-Key
Cache-Tv-Group
Decoy-Debug-Status
X-Www-Served-By
X-Be
Country
X-Proxy-Build
X-Proto
X-PHP-Host
X-UA-Device-Type
X-SayCDN-TTL
X-Say-TTL
X-Redis-Cache
X-Say-Cacheable
X-Section
X-Timing-Wait
X-ProxyCache-Status
X-Uri
X-PCL
X-TT-LOGID
X-ProxyCache-Key
X-Format
Azure-RegionName
Azure-InstanceId
TWC-Connection-Speed
TWC-GeoIP-Country
Azure-SiteName
Azure-SlotName
Property-Id
Selected-Fe
Cache-Name
Azure-Version
TWC-GeoIP-LatLong
TWC-Locale-Group
X-BYPASS-REASON
X-Labrador-Cache-Channel
X-OCL
X-Origin-Date
X-Access
Webcakes-Region
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
X-Origin-Hint
TWC-Device-Class
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Realm
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
S-Cnection
X-Via-Fastly
X-S-Maxage
X-Qloud-Router
X-No-Session
X-FW-Version
X-LAGOON
X-Server-W
X-PERF
X-AIR-PT
X-ApacheServer
X-Sql-Count
X-WA-Info
X-Sql-Duration-Ms
X-LJ-Flow-ID
X-Hosted-By
X-TNCMS
X-Loop
X-AWS-Id
X-FTR-Expires
X-VWS-Id
X-R9-Blue-Green-Version
X-Cache-Var
Cache-Hits
X-Cache-TTL-Remaining
X-Cache-Var-Map
X-Ratelimit-Remaining
X-Status
Mn-Server-Ip
X-Request-Time
X-Cluster
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Zipkin-Id
X-Sorting-Hat-ShopId
X-MP-GENERATED-AT
X-Shopify-Stage
X-Routing-Service
X-Dynatrace
X-ShardId
X-ShopId
X-CCM
X-Sorting-Hat-PodId
X-Proxied
X-Xfnlog-Site
X-Rendered-As
X-Air-Hostname
X-Is-Bot
AMP-Access-Control-Allow-Source-Origin
Xserver
X-Detected-As
X-Webkit-Csp
X-Unique-Id
X-Cache-Host
X-Cdn
X-Amzn-RequestId
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-SRV
Apigw-Requestid
X-Device-Type
X-Info
X-Microcachable
X-B3-Traceid
X-Dc
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
SD-X-WS
X-Nginx-Cache
X-Varnish-Ttl
X-Cache-Backend
X-GEO
X-Time-Microsecs
X-Cache-Enabled
X-Content-Age
Tracecode
X-Backend-TTL
X-ServerID
X-Platform
X-APP-VERSION
X-Debug-IsConnected
X-Debug-IsPreview
X-Erf-Stays-Bingo-Pdp-Web
X-Varnish-Server
Amp-Access-Control-Allow-Source-Origin
X-Azure-Ref
X-Varnish-Grace
DSUID
X-DynaTrace-JS-Agent
X-Backend-Host
X-Oss-Storage-Class
X-NewRelic-App-Data
X-ID
X-Oss-Request-Id
X-Tb
X-GG-Cache-Date
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Sucuri-ID
Uber-Trace-Id
PB-RID
PB-PID
X-Correlation-ID
Arc-Version
X-Cache-Remote
X-BCube-Filmed-By
Akamai-GRN
Backend
X-Proxy-Cache-Status
X-ATG-Version
X-Origin-Response-Time
X-Magnolia-Registration
X-Akamai-Transformed
X-Connection-Hash
Thinkindot-CacheControl-Type
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-SRCache-Key
X-D
X-Destination
X-Device-Os
X-PBS-Appsvrname
SR-User-Adfree
X-Processor
T-Server
X-Level-Front-Cache
Xc-Version
Thinkindot-CacheControl
X-A
X-Aed
X-Application
X-ARC
X-Rewrite-Enabled
X-Rojux
X-A-Wwc
X-S-Cookie
X-S
X-B-Cookie
X-Request-UUID
X-A-Ccd
Rendered-Blocks
Thinkindot-Control
X-A-Dam
X-Varnish-Cache-Hits
X-Session-Fingerprint
X-A-Dcw
X-Cache-NE
Pramga
X-External-Request-Id
Machine
X-Vdms-Version
MD5-Digest
X-Generation-Time
X-VG-WebCache
X-Generated-On
X-Trv-Group
X-Origin-CC
Expiry
Fastcgi-X-Cache-Version
CACHE
Instruction
DCR-Processing-Time-Ms
X-Vdms-Path
Lfy
X-Origin-TTL
X-VG-WebServer
X-Vtex-Remote-Cache
X-From
X-Location
X-Fetched-On
Path
X-A-Dgt
X-PAYTM-SRV-ID
X-Vtex-Processado-Em
X-ScT
Mobile-Detection-Method
Meta-Geo-Continent
DCR-Decision-By
Odigeo-Trace-Id
X-Trace-Id
X-Thinkindot-L3
X-Matched-Rule
X-CSRF-Token
X-Adobe-Source
ServedBy
Pagetype
Ssr
L5d-Success-Class
Host-ID
Gh-Request-Id
Fastly-Backend-Name
HA-Ipaddr
Ha-Gx-Prefs
X-Cdn-Origin
X-GeoIP
X-Node-Id
X-Has-Esi
X-Geo-Header
X-OVcl
X-Swa-Ws
X-Generated-In
X-OVcl-Cache
X-Mvc-Supplant-Cachable
X-User
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
X-Tumblr-Pixel-3
X-Micro-Cache
Cf-Device-Type
X-Thanos
X-VServer
X-SVT-ORM-VERSION
X-GeoIP-City
X-Cache-Date
X-Cache-Info
X-RCS-CacheZone
X-Reqid
X-Bip
X-Request-Start
X-Cache-Bucket
X-Skip-Cache
Release
X-Eu-Site
X-FC-Vary-Parameters
X-Owner
X-Csrf-Jwt
X-SVT-ORM-RULES
X-CGP
BehaviorPad-Version
X-Sn-Servicetimems
X-Backend-State
X-Azure-Ref-OriginShield
Cache-Host
X-Cache-NGX
CacheControlHeader
X-NC
AKAMAI
X-Cache-PHP
DB-Nickname
C-Via
X-Varnish-Hostname
X-Ms-Version
X-Ms-Request-Id
X-Cms-Context
X-Clientip
X-Cache-Tags
User-Cache-Control
Wxu-Next-Region
Wxu-Next-Commit
Server-Host
Server-Ext
Rt-Fastcgi-Cache
Server-Hostname
Sever-Int
X-Core-Value
V-Age
X-Debug-Cache
Wxu-Next-Hostname
X-Developers
X-Host-Name
X-Scheme
X-Request-URI
X-Request-Host
UCS
X-Var-Ttl
X-Wikidot-Backend
X-VarnishDD-TTL
X-Varnish-Hits
X-Policy
X-Origin-Expires
X-Fastly-Backend
X-Wikidot-Static-Cache
PFcat
X-Developer
X-Fastly-Cache
X-Generated-By
X-Nginx-Cache-Key
X-IP
X-HN
X-CUA
X-Envoy-Decorator-Operation
CloudFront-Viewer-Country
Locid
L
Content-Disposition
NGX
Magicmarker
On-Server
X-Varnish-Beresp-Grace
X-Li-Pop
Apple-News-Services-Request-Url
X-Li-Fabric
X-Cache-Debug
X-Hnp-Log
X-Branch-Name
Origin
X-DefElseHash
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-Origin
X-Method
X-Loc
X-Cache-Expires
X-LI-UUID
X-Block-Status
Apple-News-Services-Parsed-Url
X-Clara-WADP
Fastly-SIE
Apple-News-Services-Handled
X-Esi-Check
Fastly-SWR
X-DPWN-IS-SECURE
Apple-News-Services-Host
X-Fmm-Version
X-Gen-Mode
X-Gzip
X-Cache-Id
X-NWS-UUID-VERIFY
X-GoCache-CacheStatus
CDCHOST
Is-Eu
X-Dispatcher-Server
X-Ratelimit-Reset
X-TX-ID
X-Variation
Cf-Bgj
X-Platform-Server
True-Client-Country-4JS
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VG-TLSProxy
X-WADP-Cache
Platform
X-Varnish-Remaining-TTL
NM-Fastcgi-Cache
Adler-Geo
X-TrackingId
X-Rebelmouse-Cache-Control
X-Servername
X-Rebelmouse-Surrogate-Control
Vix-Hermes-Req-Id
X-SIPLIST1
IsBot
Web-Mar-Node
Location
X-DefHash
X-B3-Spanid
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Url
CDN-RequestCountryCode
CDN-Cache
CDN-PullZone
X-Varnish-Cacheable
X-Goog-Meta-Goog-Reserved-File-Mtime
CDN-CachedAt
X-Slack-Backend
CDN-Uid
X-Gamma-Serve
CDN-RequestId
X-Response-By
Fastly-Drupal-HTML
CDN-EdgeStorageId
X-Hash
S-Rt
X-CS
X-NCache
X-NAPM-TraceId
HostName
X-Refresh
Xkeyi7
Url
X-EC-Lua
X-PF-Uncompressing
X-Proxy-Cachei7
X-Core-Mission
Cross-Origin-Window-Policy
N-Cache
X-App-Version
X-CACHE-GROUP
X-Aicache-OS
X-Sucuri-Cache
X-Mvc-Supplant-OutputCached
Pics-Label
X-BBXSRF
X-URL
X-Cdn-Forward
X-Cache-2
X-CDN-Forward
Ohc-File-Size
Content-Secure-Policy
X-B3-SpanId
Cteonnt-Length
X-Cache-ASPX
X-LB-ID
X-FireWall-Protection
D-Cc-Upstream
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cc-Req-Id
X-Cc-Via
Sid
X-Via-Poph
X-Svr
X-Via-Popn
X-Via-Popv
X-Server-IP
X-DC
X-TA-CDN-Provider
MIME-Version
X-Tb-Optimization-Total-Bytes-Saved
X-Error
Esi-Enabled
X-Servedbyhost
X-Wa
X-Srv
X-Epic-Correlation-Id
X-TIME
Source
X-Origin-Time
X-API-Version
X-Nyt-Route
X-FPC
X-Unique-ID
X-Gdpr
X-Cache-Config
X-Webkit-CSP-Report-Only
Geoip-Latitude
X-Cs
GeoIp-Country-Code
HitType
XServer
X-SN
Hostname
X-VC
Ohc-Cache-HIT
X-RateLimit-Limit
X-TraceId
Server-Ttl
X-Webstats-RespID
X-SB
Req-Svc-Chain
X-NodeID
X-LI-Proto
Who
X-Fastly-Request-Id
X-NGINX-Cache
X-Nc
X-SD-PageType
Server-ID
X-LiteSpeed-Cache-Control
X-Planisys-CDN-Rules
X-VCL-Version
Country-Code
X-Check-Cacheable
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-HS-Status
Geo-Info
X-Ua
X-Esi
Cmstype
Svr
SID
X-Render-Time
X-BBC-Edge-Cache-Status
Cmsid
Kp-EeAlive
EpKe-Alive
NtCoent-Length
X-HOST
X-Vgn-Hpd-Reason
Viewtype
X-Viewer-Country
X-Worker
X-Ftr-Cache-Host
VivaBuild
X-Auto-Login
X-Served-From
Request-ID
X-UA
X-Dynatrace-Js-Agent
X-RPM
X-Vcl-Version
Cache-Key
X-DB
Cache-Provider
X-CACHE-KEY
Resin-Trace
X-CSRF-TOKEN
X-DI
X-RPS
A
X-DW
X-RAMCache
ProcessTime
X-DSS
X-RSL
X-TIM-N
X-Li-Proto
M-TraceId
GeoIP-Latitude
CDN
Server-Id
X-Cluster-Node
X-CCDN-Origin-Time
X-CCDN-CacheTTL
GeoIP-Country-Code
X-Hcs-Proxy-Type
Upgrade-Insecure-Requests
X-Newrelic-Synthetics
X-Action
Processtime
X-Air-Source
Arc-Country
TDXMobile
Cross-Origin-Opener-Policy
X-App
X-CF-Powered-By
X-Internal-Host
X-FTR-Cache-Host
X-Fpc
Tcn
Datacenter
X-Oss-Cdn-Auth
OT-Force-Account-Verify
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
X-Vc
X-ServedByHost
X-WA
Srv
X-FORWARDED-FOR
Mime-Version
WZWS-RAY
X-Geo
X-BBC-Origin-Response-Status
X-HostName
X-HITS
X-Pinterest-Sli-Latency-Threshold
X-MSEdge-Flight
X-Dw-Trace-Id
X-Lb-Id
Cdn
X-Via-PopN
X-ND-Cache
X-Pinterest-Sli-Response-Type
X-Service
X-Fastly-Backend-Reqs
X-MSEdge-Features
Proxy-Connection
X-BACKEND-TTL
X-Via-PopH
X-Pinterest-Sli-Endpoint-Name
X-Via-PopV
X-Cache-Tag
Filterid
X-Client-Ip
X-CACHE-AGE
X-ABtesting
X-Flog
X-IN-APIGATEWAY
Dnion-Transfer-Encoding
X-IN-APIGATEWAYSSL
X-Parent-Response-Time
X-Hello
NGB
X-Pf-Uncompressing
X-Via-NSCOPI
DataCenter
FSS-Cache
X-Forwarded-Site
X-Oracle-DMS-ECID
X-Presslabs-Stats
PICS-Label
URI
Vha6-Origin
CountryCode
X-Acc-Rdl
X-Acc-Debug-Context
X-JoinUs
W
X-MiniProfiler-Ids
X-Akamai-Request-ID
X-LiteSpeed-Tag
X-Akamai-Pragma-Client-IP
X-PHP-Backend
X-SaId
X-NGENIX-Cache
X-Request-URL
X-Extlb
X-Edge-Location
Cf-Ipcountry
LB
Epwk-X-Cache
Mail-Subject
Memcached
Surrogated-Key
X-Cdn-Request-ID
X-B3-Parentspanid
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Request-Url
X-Traceid
We-Hiring
Media-Length
X-Bc-Bl
X-Region-Sid
X-RateLimit-Remaining-Second
X-Req
X-UnsetCookies
X-VC-Cache
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Date
X-Acquia-Purge-Tags
X-Depends-On
X-Pad
X-PJAX-URL
X-Accel-Expires-Debug
X-Vcache
Edge-Copy-Time
Content-Style-Type
X-ElasticPress-Query
Content-Script-Type
Inserted-Into-Cache-At
X-Ms-Meta-Staticbatchstarttime
X-Via-SSL
X-Swift-Error
X-Akamai-ERRuleID
X-Csrf-Token
X-Akamai-ERPolicy
X-Varnish-Beresp-TTL
X-Ms-Meta-Originalurl
X-Acquia-Site
X-ElasticPress-Search
X-Via-Edge
X-Provided-By
X-ZONE
X-Zone
Env
X-Litespeed-Cache-Control
X-Snapshot-Date
X-Redis-Duration-Ms
X-APP
X-Rocket-Build-Number
X-Varnish-URL
X-Tid
X-Sigma-Backend
X-Sigma
X-Redis-Count
Environment
X-C
X-Debug-Cache-Fetch
X-Storefront-Renderer-Verified
X-ServerName
Ohc-Response-Time
X-Debug-Cache-Store
Akamai-Age-Ms
Memory
Phost
NnCoection
Xet-Cookie
Time