Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
X-Proxy-Cache
X-Cache-Group
EagleId
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Cache-Spec
NEL
X-Device
X-CST
X-WebKit-CSP
Allow
Xkey
X-Vhost
X-Backend-Server
X-Server-Id
X-Host
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Akam-SW-Version
X-Ruxit-JS-Agent
Accept-CH
P3p
X-ASPNET-VERSION
X-Ac
X-Application-Context
X-Cache-Lookup
X-Country
Accept-CH-Lifetime
X-Template
X-Language
X-Mod-Pagespeed
X-Readtime
Accept-Ch
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Accept-Ch-Lifetime
Rating
X-Origin-Cache
X-HW
X-MS-InvokeApp
X-Cnection
X-Url
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-ORACLE-DMS-ECID
X-Trace
X-Content-Type
Pagespeed
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Response
X-D2id
Arr-Disable-Session-Affinity
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
Verso
X-ORACLE-DMS-RID
X-Vcap-Request-Id
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-FastCGI-Cache
X-Buckets
X-Server-Name
X-Navigation-Version
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-VARITI-CCR
X-Abt-Application-Version
X-TTL
X-Fastly-Request-ID
X-Varnish-TTL
X-Client-IP
X-Cache-TTL
X-Webkit-CSP
Fastly-Restarts
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Cached
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
Public-Key-Pins
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
RTSS
Access-Control-Request-Method
X-SRCache-Fetch-Status
AR-Request-ID
AR-ATIME
AR-PoweredBy
Ar-Sid
AR-CACHE
X-SRCache-Store-Status
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
Cache-Tag
X-Upstream
Content-MD5
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Px
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Jurisdiction
X-HP-Webp
S
X-Version
X-Mid
X-MCACHE
X-ECACHE
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
X-Kinsta-Cache
Fastcgi-Cache
X-T
X-Ttl
X-Id
Cache-Tags
MicrosoftSharePointTeamServices
Filters
Front-End-Https
X-Content-Security-Policy-Report-Only
X-DynaTrace
X-Logged-In
X-Accel-Expires
Server-Node
Edge-Cache-Tag
X-Debug
X-Forwarded-Proto
X-Grace
TCN
X-Forwarded-For
TP-L2-Cache
TP-Cache
Server-Name
X-XRDS-LOCATION
Nginx-Cache
X-Amzn-Trace-Id
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Nel
X-Request-Received
X-Request-Processing-Time
Surrogate-Key
X-Pinterest-Direct
X-Varnish-Age
X-Shield-Request-Id
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Yandex-Sdch-Disable
X-Ser
X-Hits
X-AppVersion
X-Az
X-Activity-Id
X-Amz-Replication-Status
X-F-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-DIS-Request-ID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Ruxit-Js-Agent
X-Origin-Server
X-Fastcgi-Cache
Accept-Charset
X-Geo-Country
Alternate-Protocol
X-Git-Hash
X-Respond-Thread
X-Rid
Cache
Section-Io-Cache
X-Frontend
X-FTR-Request-ID
X-Cache-Key
X-XRDS-Location
X-LB-Cache
Host
X-Upgrade-Enabled
X-DataDome
X-Time
Access-Control-Allow-Method
X-Mobile-URL
X-NWS-LOG-UUID
X-Seen-By
X-Cache-Age
MS-CV
X-VCache
Paypal-Debug-Id
X-TT
ServerID
Healthy
X-AOL-HN
X-Hostname
X-IPLB-Instance
X-Type
Powered-By-ChinaCache
X-Varnish-Backend
X-Whom
Cleartype
X-Content-Options
Payment
X-Flags
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-App-Environment
X-Route-Name
X-Aspnet-Duration-Ms
X-Cache-Action
X-Server-ID
X-B-Cache
X-Signature
X-Page-Id
X-Source
X-Debug-Info
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-Jobs
X-Load-Cache
X-Daa-Tunnel
X-N
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Mobile
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Via-JSL
Realpath
X-Contextid
Refresh
Version
Node
X-Original-Request-Id
X-Wix-Request-Id
X-RateLimit-Remaining
X-Drupal-Cache-Tags
X-Cached-By
X-Accel-Buffering
X-Response-Served-From
X-Rule
X-Zen-Fury
X-Proxy
X-Framework
Ms-Operation-Id
X-RTag
X-Akamai-Edgescape
X-Cacheable-TTL
DC
Viewport
X-ProcessESI
X-RemovedCookies
X-Cache-Operation
X-Cache-Rule
X-Instance
Access-Control-Request-Headers
X-Cache-Time
X-B
X-Distributor
X-Real-IP
X-HTML-Minification-Powered-By
X-Region
X-Drupal-Cache-Contexts
Referer-Policy
X-UUID
Eomportal-Instance
X-Page-View
X-Cluster-Name
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Expired-At
X-FW-Serve
X-FW-Hash
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-Varnish-Ttl
X-Content-Powered-By
X-Cache-Control
VIX-Pulpo-Node
Countrycode
Liferay-Portal
VIX-Pulpo-Upstream-Status
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-IPS-LoggedIn
X-Cache-Hit
X-G
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Environment-Context
DynaTrace
X-L-Path
X-FireWall-Port
X-Pass-Why
Server-Info
X-App-Server
X-Ratelimit-Limit
Xserver
GEO-INFO
X-User-Agent
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Protected-By
Section-Io-Origin-Status
CF-IPCountry
X-Tumblr-Pixel-2
Ec-Rule-Version
Webserver
X-Ratelimit-Remaining
From-Origin
X-Www-Served-By
X-Node-Name
Protected
X-Nginx-Cache
X-Cache-Server
SRV
X-Handled-By
X-RN-RSRV
X-Debug-IsPreview
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-Hl-Ver
X-Debug-IsConnected
X-ES-SERVER
Meta-Geo
X-Backend-Name
X-Mode
X-Device-Type
X-FB-TRIP-ID
X-Adobe-Loc
Cache-Tv-Group
Cache-Status
X-Adobe-Content
X-Site-Version
X-Locale
Frame-Options
X-Uri
X-Labrador-Cache-Channel
X-Web-Node
X-Soup
X-PHP-Host
X-NYM-Debug-Backend
X-MP-GENERATED-AT
X-Storage
X-Varnishpool
X-UA-Device-Type
X-Be
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Selected-Fe
Property-Id
Country
Cache-Name
X-Via-Fastly
X-Timing-Wait
Decoy-Debug-Key
Fastly-SSL
Decoy-Debug-TTL
Webcakes-App-Version
Webcakes-Region
X-Proto
X-Sql-Count
X-PCL
X-Proxy-Build
X-ProxyCache-Key
X-Pubstack
X-ProxyCache-Status
X-Origin-Hint
X-Origin-Date
X-Human
X-Request-Time
X-BYPASS-REASON
X-Redis-Cache
X-Sql-Duration-Ms
X-OCL
X-No-Session
X-WA-Info
Decoy-Debug-Status
X-Hyper-Cache
X-TNCMS
X-Say-Cacheable
Azure-Version
X-LJ-Flow-ID
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-LAGOON
X-R9-Blue-Green-Version
X-Format
X-FW-Version
X-Hosted-By
X-S-Maxage
X-AWS-Id
X-Access
X-AIR-PT
X-Say-TTL
Retry-After
X-Server-W
X-VWS-Id
X-Loop
X-Section
X-SayCDN-TTL
X-Status
X-Shopify-Stage
X-ShardId
X-Cluster
X-Storefront-Renderer-Rendered
X-Revision
X-Forwarded-Host
X-ShopId
X-Sorting-Hat-PodId
X-CCM
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
X-Sorting-Hat-ShopId
X-Xfnlog-Site
X-ApacheServer
X-Cache-Grace
X-PERF
X-Varnish-Grace
Mn-Server-Ip
X-TT-LOGID
X-Routing-Service
X-Tec-Api-Origin
X-Zipkin-Id
X-SRV
X-Tec-Api-Version
X-Tec-Api-Root
X-Proxied
X-Webkit-Csp
X-Rendered-As
X-Is-Bot
Apigw-Requestid
X-Dc
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Server
X-Qloud-Router
X-Info
S-Cnection
AMP-Access-Control-Allow-Source-Origin
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-Via-CDN
X-FTR-Cache-Status
X-FTR-Backend-Server
X-GG-Cache-Date
Cache-Hits
X-Cache-Enabled
X-Microcachable
X-Content-Age
X-Platform
X-Cdn
Uber-Trace-Id
X-Proxy-Cache-Status
X-Detected-As
X-Cache-Host
X-TA-CDN-Provider
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-Backend-Host
X-FTR-Expires
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CSRF-Token
X-NWS-UUID-VERIFY
X-Correlation-ID
X-Aspnetmvc-Version
X-Air-Hostname
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
Tracecode
Akamai-GRN
X-ATG-Version
X-Time-Microsecs
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-App-Version
X-Unique-Id
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Cache-Var-Map
X-Cache-Var
HostName
X-ServerID
X-Backend-TTL
X-Trace-Id
ServedBy
X-Tb
X-Debug-Cache
X-RCS-CacheZone
X-DynaTrace-JS-Agent
X-Varnish-Hostname
X-Cdn-Forward
X-Cache-NGX
X-BCube-Filmed-By
X-Cache-PHP
X-GEO
X-B3-SpanId
Backend
X-Sucuri-ID
DB-Nickname
X-TX-ID
DSUID
X-Location
X-Level-Front-Cache
X-Ms-Request-Id
X-Ms-Version
X-Device-Os
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Application
X-ARC
Odigeo-Trace-Id
X-B-Cookie
Path
Release
Rendered-Blocks
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
T-Server
SR-User-Adfree
X-A-Dam
X-A-Ccd
X-A
Mobile-Detection-Method
Meta-Geo-Continent
X-External-Request-Id
X-Destination
X-D
DCR-Decision-By
BehaviorPad-Version
X-Fetched-On
X-Generation-Time
X-Generated-On
X-From
DCR-Processing-Time-Ms
Expiry
X-Cache-NE
Machine
MD5-Digest
X-CF-Lambda-Fn
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-Connection-Hash
Instruction
X-GeoIP-City
X-PAYTM-SRV-ID
X-Trv-Group
X-ScT
X-Session-Fingerprint
X-VG-WebCache
X-Origin-CC
X-S-Cookie
X-Vtex-Remote-Cache
X-Rojux
X-Processor
X-S
X-Origin-TTL
X-Owner
X-Vtex-Processado-Em
X-Magnolia-Registration
X-Request-UUID
Xc-Version
X-NAPM-TraceId
X-PBS-Appsvrname
X-VG-WebServer
X-Thinkindot-L3
X-SRCache-Key
X-Rewrite-Enabled
X-Vdms-Path
X-Vdms-Version
X-Akamai-Transformed
X-Adobe-Source
X-Cache-Backend
CacheControlHeader
X-Fastly-Cache
X-FC-Vary-Parameters
Pagetype
Arc-Version
X-Azure-Ref-OriginShield
C-Via
On-Server
Content-Disposition
Gh-Request-Id
X-Cms-Context
X-Core-Value
X-Cache-Bucket
Host-ID
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-TrackingId
Fastly-Backend-Name
Cf-Device-Type
NGX
X-Bip
AKAMAI
X-Skip-Cache
X-Tumblr-Pixel-3
X-Micro-Cache
PB-RID
Server-Host
X-CS
X-OVcl-Cache
UCS
X-VServer
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Is-Gdpr
X-Node-Id
X-Mvc-Supplant-Cachable
X-APP-VERSION
X-JWT-State
X-Varnish-Cache-Hits
X-Has-Esi
X-OVcl
X-GeoIP
X-Thanos
PB-PID
X-Geo-Header
X-Reqid
User-Cache-Control
X-CACHE-KEY
X-Wikidot-Backend
X-Branch-Name
X-User
X-Wikidot-Static-Cache
X-Cache-Info
X-Cache-Id
X-Variation
X-Backend-State
V-Age
Web-Mar-Node
X-Varnish-CookieINHashed-On
X-Block-Status
X-Varnish-Remaining-TTL
X-Var-Ttl
Wxu-Next-Hostname
X-Varnish-CookieHashed-On
Wxu-Next-Commit
X-VarnishDD-TTL
X-Varnish-Beresp-Grace
X-WADP-Cache
X-Developers
X-GoCache-CacheStatus
X-Gzip
X-HN
X-Hnp-Log
X-Platform-Server
X-Policy
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-IP
X-Origin-Response-Time
X-LI-UUID
X-NU-AKA-ACS-Version
X-Matched-Rule
X-Nginx-Cache-Key
X-Old-Content-Length
X-Li-Pop
X-Origin-Expires
X-Origin
X-Li-Fabric
X-Generated-In
X-Generated-By
X-CUA
X-Scheme
X-DefElseHash
X-DefHash
X-Csrf-Jwt
X-Clientip
X-Swa-Ws
X-CGP
X-Clara-WADP
X-Developer
X-Dispatcher-Server
X-Fmm-Version
X-Request-Host
X-Gen-Mode
X-Fastly-Backend
X-Eu-Site
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Esi-Check
X-Cache-Tags
Wxu-Next-Region
L5d-Success-Class
Is-Eu
HA-Ipaddr
Cache-Host
Lfy
Location
NM-Fastcgi-Cache
Locid
Adler-Geo
Ha-Gx-Prefs
CDCHOST
Fastly-SIE
CDN-RequestCountryCode
CDN-RequestId
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
Fastly-SWR
X-NewRelic-App-Data
Magicmarker
Ssr
Sever-Int
Server-Hostname
Platform
X-B3-Traceid
PFcat
Server-Ext
X-Varnish-Beresp-Status
True-Client-Country-4JS
X-Slack-Backend
Rt-Fastcgi-Cache
X-Varnish-Hits
X-EC-Lua
Cf-Bgj
X-VG-TLSProxy
Vix-Hermes-Req-Id
IsBot
X-Varnish-Beresp-Ttl
L
X-Cache-Expires
X-Cache-Debug
X-Hash
CloudFront-Viewer-Country
X-SIPLIST1
X-Method
X-Gamma-Serve
X-LB-ID
X-Request-URI
X-ID
Sid
X-Nc
X-Loc
Apple-News-Services-Handled
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Request-Url
X-Sn-Servicetimems
X-HOST
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Kinja-Server-Push
X-Cdn-Origin
Pramga
Fastly-Drupal-HTML
Origin
X-CLOUD-TRACE-CONTEXT
X-Via-Popn
X-Cache-Date
X-NCache
X-Servername
X-Via-Popv
X-Aicache-OS
X-Via-Poph
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
Esi-Enabled
Who
X-Varnish-Url
X-Core-Mission
X-Unique-ID
Country-Code
X-Refresh
X-Erf-Stays-Bingo-Pdp-Web
X-Request-Start
Pics-Label
Url
X-Epic-Correlation-Id
X-Tb-Optimization-Total-Bytes-Saved
Geo-Info
Req-Svc-Chain
X-Planisys-CDN-TTL
X-FireWall-Protection
X-Planisys-CDN-Rules
X-TraceId
X-Planisys-CDN-Cache
X-NC
X-Cache-Remote
Filterid
X-Response-By
Tcn
X-Varnish-Cacheable
X-Dynatrace
X-Proxy-Cachei7
X-Error
S-Rt
Source
X-RateLimit-Limit
Cmstype
Cmsid
Xkeyi7
GeoIp-Country-Code
X-HS-Status
X-Served-From
Content-Secure-Policy
X-BBXSRF
Svr
Kp-EeAlive
N-Cache
Geoip-Latitude
X-B3-Spanid
X-Webkit-CSP-Report-Only
Viewtype
X-Host-Name
HitType
Cache-Key
Server-Ttl
X-Srv
X-DC
VivaBuild
A
X-Vcl-Version
X-Cache-2
Cross-Origin-Window-Policy
X-Sucuri-Cache
Cteonnt-Length
Ohc-File-Size
X-Varnish-Authentication
X-Contensis-Viewer-Groups
M-TraceId
X-LiteSpeed-Cache-Control
NGB
MIME-Version
D-Cc-Upstream
X-Cc-Req-Id
X-Cc-Via
X-Cache-ASPX
X-URL
X-Servedbyhost
X-Svr
X-Wa
X-Air-Source
Arc-Country
X-Li-Proto
X-HostName
TDXMobile
Cross-Origin-Opener-Policy
X-Oracle-Dms-Rid
NtCoent-Length
Server-ID
X-Vgn-Hpd-Reason
X-Esi
X-Server-IP
X-Cs
CACHE
X-CDN-Forward
X-Gdpr
X-LI-Proto
X-FPC
X-API-Version
X-Origin-Time
X-WA
X-Nyt-Route
X-Vc
X-RAMCache
X-Cache-Config
X-ServedByHost
X-VC
X-Internal-Host
DataCenter
X-SaId
X-Viewer-Country
Server-Id
X-Check-Cacheable
Srv
X-NGENIX-Cache
X-PHP-Backend
X-JoinUs
SID
Resin-Trace
Request-ID
X-SN
X-Service
X-UA
X-Geo
X-Edge-Location
X-VCL-Version
X-RPS
X-NodeID
X-Webstats-RespID
Cache-Provider
X-RSL
X-SB
X-DB
X-Hcs-Proxy-Type
X-TIM-N
X-CCDN-CacheTTL
X-DW
X-CCDN-Origin-Time
X-DSS
X-DI
X-RPM
Mime-Version
X-Newrelic-Synthetics
Ohc-Cache-HIT
Hostname
X-Via-NSCOPI
GeoIP-Country-Code
GeoIP-Latitude
X-SD-PageType
FSS-Cache
X-Forwarded-Site
X-Extlb
X-App
CF-Cached-On
XServer
X-NGINX-Cache
X-Action
X-Bc-Bl
X-BBC-Edge-Cache-Status
ProcessTime
X-Render-Time
X-TIME
X-FTR-Cache-Host
X-PJAX-URL
Surrogated-Key
X-Fpc
EpKe-Alive
X-Proxy-Upstream
X-Date
X-Depends-On
X-Accel-Expires-Debug
Memcached
We-Hiring
X-CF-Powered-By
Mail-Subject
X-VC-Cache
X-Region-Sid
X-Req
X-Oss-Cdn-Auth
Upgrade-Insecure-Requests
LB
X-Dynatrace-Js-Agent
X-Ua
X-Swift-Error
X-ZONE
X-Provided-By
X-UnsetCookies
Env
W
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-FORWARDED-FOR
X-Worker
X-Auto-Login
Processtime
X-HITS
X-Cdn-Request-ID
X-MSEdge-Features
X-Dw-Trace-Id
Time
Cdn
Memory
X-MSEdge-Flight
CDN
X-Ftr-Cache-Host
X-BACKEND-TTL
X-CSRF-TOKEN
X-Cluster-Node
X-Fastly-Backend-Reqs
X-Rocket-Build-Number
X-Sigma
X-Air-Trace-Id
X-Men
X-APP
PICS-Label
Proxy-Connection
X-Sigma-Backend
X-Client-Ip
X-CACHE-AGE
X-Akamai-Pragma-Client-IP
X-BBC-Origin-Response-Status
X-ABtesting
VNS-Age
VNS-Cache
X-Hello
CPC-Cache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
CPC-Age
Datacenter
X-Flog
Dnion-Transfer-Encoding
X-Cache-Tag
X-Fastly-Request-Id
X-Parent-Response-Time
X-Zone
Media-Length
X-Pad
X-Pf-Uncompressing
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Oracle-DMS-ECID
Vha6-Origin
X-Presslabs-Stats
X-Via-PopH
X-Via-PopN
X-Via-PopV
Epwk-X-Cache
OT-Force-Account-Verify
X-LiteSpeed-Tag
Cf-Ipcountry
X-Ms-Meta-Originalurl
X-ServerName
X-Lb-Id
X-ElasticPress-Query
X-Request-URL
Fastcgi-Cache-TTL
My-App
State
X-Snapshot-Date
X-MiniProfiler-Ids
X-Ms-Meta-Staticbatchstarttime
X-Varnish-Beresp-TTL
X-Varnish-URL
WZWS-RAY
Xet-Cookie
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-ElasticPress-Search
X-ND-Cache
X-Csrf-Token
X-Vcache
X-Request-Url
CountryCode
Content-Script-Type
X-Apw-Access-Token
X-Apw-Hits
X-Litespeed-Cache-Control
X-Apw-Access-Object
Ohc-Response-Time
NnCoection
X-Redis-Duration-Ms
X-Apw-Access-Action
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
X-C
Inserted-Into-Cache-At
URI
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Storefront-Renderer-Verified
X-Traceid
Phost
Environment
X-B3-Parentspanid
X-Tid
X-Redis-Count