Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
X-WebKit-CSP
Xkey
Allow
X-Device
X-CST
X-Backend-Server
X-Vhost
X-Host
EagleEye-TraceId
X-Server-Id
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
Accept-CH
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
X-Ac
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-Readtime
MS-Author-Via
X-Origin-Cache
X-B3-TraceId
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
Accept-Ch
X-Vname
X-PC
X-TtlSet
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
Accept-Ch-Lifetime
X-FastCGI-Cache
X-Trace
X-ESI
X-Middleton-Response
X-Sol
X-Middleton-Display
Pagespeed
Response
Display
X-Content-Type
X-D2id
X-Vcap-Request-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-GoogleNews-Bot
X-Kinja
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-ORACLE-DMS-RID
X-Country-Code
X-Server-Name
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Powered-By-Plesk
X-Webkit-CSP
X-Client-IP
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Cache-TTL
X-Kinja-Server-Push
X-SharePointHealthScore
SPRequestGuid
X-Release
Fastly-Restarts
X-MSEdge-Ref
X-Element-Page-Cache
SPIisLatency
X-Dw-Request-Base-Id
SPRequestDuration
X-Oneagent-Js-Injection
X-Cached
X-NF-Request-ID
X-Ttl
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
RTSS
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-Edge
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-LLID
X-Powered-CMS
X-Origin-Upstream-Status
X-Px
X-Ezoic-Cdn
X-TTL
Fusion-Template-Id
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
Cache-Tag
X-Mid
X-ECACHE
X-MCACHE
X-Recruiting
S
X-Mg-S
X-Content-Digest
Charset
X-Version
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
TCN
Fastcgi-Cache
X-Pinterest-Direct
MicrosoftSharePointTeamServices
X-T
X-Kinsta-Cache
Front-End-Https
X-Content-Security-Policy-Report-Only
X-Debug
Filters
Cache-Tags
X-Grace
Edge-Cache-Tag
Server-Node
X-Logged-In
X-Accel-Expires
X-Forwarded-Proto
X-Id
X-DynaTrace
X-Correlation-Id
X-Amzn-Trace-Id
Nginx-Cache
Server-Name
X-Yandex-Sdch-Disable
Surrogate-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
TP-Cache
X-Forwarded-For
TP-L2-Cache
X-XRDS-Location
X-Varnish-Age
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Ruxit-Js-Agent
X-Microsite
X-Server-ID
X-Ser
X-Request-Handler-Origin-Region
X-Hits
X-Shield-Request-Id
X-DIS-Request-ID
X-AppVersion
X-Cache-Key
X-Activity-Id
X-Az
X-Amz-Replication-Status
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-F-Cache
X-GUploader-UploadID
X-Litespeed-Cache
Accept-Charset
X-Origin-Server
Powered-By-ChinaCache
X-Git-Hash
X-Geo-Country
X-Respond-Thread
X-FTR-Request-ID
Cache
X-XRDS-LOCATION
X-Rid
X-LB-Cache
X-Hostname
Section-Io-Cache
X-Upgrade-Enabled
X-Frontend
X-DataDome
Alternate-Protocol
Access-Control-Allow-Method
Host
X-Mobile-URL
X-Cache-Age
X-Seen-By
Paypal-Debug-Id
Cleartype
MS-CV
X-TEC-API-ROOT
X-TEC-API-VERSION
X-AOL-HN
X-TEC-API-ORIGIN
Healthy
X-IPLB-Instance
X-VCache
X-Type
X-Content-Options
X-Varnish-Backend
X-Whom
ServerID
X-App-Environment
X-NWS-LOG-UUID
X-Cache-Action
X-Flags
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-TT
X-Route-Name
X-Aspnet-Duration-Ms
Payment
X-WebKit-CSP-Report-Only
X-Debug-Info
X-B-Cache
X-Signature
X-Jobs
X-Page-Id
Fastcgi-Useragent
X-Time
X-Source
X-Load-Cache
X-RateLimit-Remaining
X-Mobile
X-N
X-Daa-Tunnel
X-Erf-Bev-Bev
X-FB-Debug
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
Nel
X-Cached-By
Version
X-Cache-Operation
X-Akamai-Edgescape
X-Cache-Rule
Refresh
X-Fastcgi-Cache
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
X-Rule
Viewport
DC
X-Drupal-Cache-Tags
X-Proxy
X-Wix-Request-Id
X-Cacheable-TTL
X-Framework
X-RTag
Ms-Operation-Id
Access-Control-Request-Headers
X-RemovedCookies
X-ProcessESI
X-Zen-Fury
X-Real-IP
X-Contextid
DynaTrace
X-Instance
X-Cache-Time
Node
Realpath
X-HTML-Minification-Powered-By
X-UUID
Referer-Policy
X-Region
X-Distributor
Eomportal-Instance
X-Drupal-Cache-Contexts
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Page-View
GEO-INFO
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-Cache-Expired-At
X-FW-Server
X-Cluster-Name
X-FW-Static
Countrycode
X-FW-Type
X-B
X-L-Path
VIX-Pulpo-Node
X-Environment-Context
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-Content-Powered-By
X-IPS-LoggedIn
X-Tumblr-Pixel
Liferay-Portal
X-G
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Cache-Hit
Server-Info
X-User-Agent
X-Node-Name
X-App-Server
X-Varnish-Ttl
X-FireWall-Port
Webserver
From-Origin
X-Pass-Why
X-Tumblr-Pixel-2
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
X-Ratelimit-Limit
Ec-Rule-Version
X-Protected-By
Protected
CF-IPCountry
X-Cache-Server
SRV
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Www-Served-By
X-Backend-Name
Frame-Options
Meta-Geo
X-Handled-By
X-Hl-Ver
X-RN-RSRV
X-UPSTREAM-Address
X-ES-SERVER
X-Mode
X-Endurance-Cache-Level
X-Site-Version
Cache-Status
X-Soup
X-Hyper-Cache
X-Locale
X-FB-TRIP-ID
X-Web-Node
X-Storage
X-Be
X-Cache-Grace
X-Human
X-Forwarded-Host
Country
X-NYM-Debug-Backend
X-Varnishpool
Cache-Tv-Group
Xserver
Webcakes-App-Version
Decoy-Debug-Status
Azure-SlotName
Azure-SiteName
Webcakes-App-Name
X-ProxyCache-Key
X-Labrador-Cache-Channel
Decoy-Debug-TTL
X-Redis-Cache
Cache-Name
Azure-Version
X-Pubstack
Decoy-Debug-Key
X-Request-Time
Webcakes-Region
X-ProxyCache-Status
TWC-GeoIP-LatLong
X-Origin-Date
X-Origin-Hint
X-Uri
X-BYPASS-REASON
Property-Id
Selected-Fe
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Azure-RegionName
X-UA-Device-Type
Fastly-SSL
X-Proxy-Build
Azure-InstanceId
TWC-Privacy
X-PHP-Host
TWC-Locale-Group
X-TT-LOGID
Retry-After
X-Proto
X-Timing-Wait
X-Loop
X-OCL
X-PCL
X-No-Session
X-Section
X-Adobe-Loc
X-Sql-Count
X-Say-Cacheable
X-Adobe-Content
X-Via-Fastly
X-Format
X-FW-Version
X-S-Maxage
X-MP-GENERATED-AT
X-TNCMS
X-Server-W
X-Access
X-AIR-PT
X-Say-TTL
X-Sql-Duration-Ms
X-Hosted-By
X-WA-Info
X-SayCDN-TTL
X-LJ-Flow-ID
X-AWS-Id
X-ApacheServer
X-LAGOON
X-Status
X-VWS-Id
X-PERF
X-R9-Blue-Green-Version
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
Mn-Server-Ip
X-ShardId
X-Via-CDN
X-ShopId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Cache-TTL-Remaining
X-Cluster
X-Nginx-Cache
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Qloud-Router
X-Is-Bot
X-Device-Type
X-Xfnlog-Site
X-CCM
X-Rendered-As
X-Country-Code-Real
Cache-Hits
S-Cnection
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-Debug-IsConnected
X-Ratelimit-Remaining
X-FTR-Backend
X-Debug-IsPreview
X-FTR-Backend-Server
X-FTR-Expires
X-Info
X-B3-Traceid
X-Cdn
Apigw-Requestid
X-SRV
X-Unique-Id
X-Detected-As
X-Varnish-Server
X-Dc
X-Varnish-Grace
X-Cache-Host
X-Cache-Var-Map
X-Cache-Enabled
X-Amzn-Remapped-Content-Length
X-Microcachable
X-Air-Hostname
X-EdgeConnect-Cache-Status
X-Cache-Var
X-Amz-Apigw-Id
AMP-Access-Control-Allow-Source-Origin
X-Amzn-RequestId
X-Content-Age
X-GG-Cache-Date
X-Tec-Api-Root
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-Tec-Api-Origin
X-Platform
X-Aspnetmvc-Version
X-Azure-Ref
SD-X-WS
Tracecode
X-GEO
X-Backend-Host
Uber-Trace-Id
X-Time-Microsecs
X-Proxy-Cache-Status
X-Backend-TTL
X-DynaTrace-JS-Agent
X-ServerID
X-TA-CDN-Provider
X-Cache-Backend
X-CSRF-Token
X-NWS-UUID-VERIFY
Akamai-GRN
X-ID
Backend
X-Oss-Request-Id
X-Tb
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-ATG-Version
X-Oss-Server-Time
X-Oss-Object-Type
X-BCube-Filmed-By
X-Trace-Id
DSUID
X-Oracle-Dms-Rid
X-Correlation-ID
X-Dynatrace
X-APP-VERSION
ServedBy
X-Varnish-Hostname
X-RCS-CacheZone
X-Erf-Stays-Bingo-Pdp-Web
X-NewRelic-App-Data
Lfy
Machine
MD5-Digest
Instruction
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Expiry
X-S
Meta-Geo-Continent
Path
X-Request-UUID
Pramga
X-Rewrite-Enabled
Odigeo-Trace-Id
X-Rojux
Mobile-Detection-Method
DCR-Decision-By
BehaviorPad-Version
X-Cache-NGX
X-Cache-PHP
X-VG-WebCache
X-VG-WebServer
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-Vdms-Version
X-Vdms-Path
X-ScT
X-S-Cookie
X-Session-Fingerprint
X-SRCache-Key
X-Trv-Group
X-Thinkindot-L3
Release
Rendered-Blocks
X-A-Dgt
X-A-Wwc
X-Aed
X-A-Dcw
X-A-Dam
X-A
X-A-Ccd
X-Device-Os
X-Application
X-D
X-Connection-Hash
X-CF-Lambda-Fn
X-Destination
X-Cache-NE
X-ARC
X-B-Cookie
Thinkindot-Control
Thinkindot-CacheControl-Type
T-Server
X-Origin-TTL
X-Origin-CC
X-PAYTM-SRV-ID
SR-User-Adfree
X-Processor
X-PBS-Appsvrname
Thinkindot-CacheControl
X-Matched-Rule
X-From
X-Fetched-On
X-External-Request-Id
X-Generation-Time
X-GeoIP-City
X-Location
X-Level-Front-Cache
X-CF-Lambda-Version
X-Generated-On
PB-PID
PB-RID
Arc-Version
X-Sucuri-ID
X-Varnish-Cache-Hits
X-Magnolia-Registration
X-Akamai-Transformed
X-Debug-Cache
Fastly-Backend-Name
X-App-Version
X-SVT-ORM-RULES
X-HS-Content-Campaign-Id
X-Irp-Debug
X-JWT-State
CacheControlHeader
X-Is-Gdpr
Cf-Device-Type
X-Has-Esi
UCS
Host-ID
X-GeoIP
X-FC-Vary-Parameters
X-Geo-Header
X-Thanos
Pagetype
X-Swa-Ws
X-SVT-ORM-VERSION
Gh-Request-Id
Ssr
C-Via
X-TrackingId
X-Tumblr-Pixel-3
Cache-Host
X-OVcl
X-OVcl-Cache
X-Reqid
X-Cdn-Origin
X-Sn-Servicetimems
X-Origin-Response-Time
X-Bip
X-Skip-Cache
X-Ms-Request-Id
X-Cache-Date
X-Ms-Version
X-VServer
X-Cache-Bucket
X-Node-Id
X-Azure-Ref-OriginShield
X-Mvc-Supplant-Cachable
X-Owner
AKAMAI
X-Micro-Cache
Server-Ext
On-Server
X-Cache-Tags
Server-Hostname
HostName
PFcat
X-Csrf-Jwt
X-Generated-By
X-CUA
Wxu-Next-Region
Wxu-Next-Hostname
X-Cache-Info
Sever-Int
DB-Nickname
X-Eu-Site
X-Scheme
X-Developer
X-Adobe-Source
X-Developers
X-CGP
X-Core-Value
X-Fastly-Cache
X-Cms-Context
Wxu-Next-Commit
X-Fastly-Backend
X-Backend-State
X-Clientip
Location
Content-Disposition
CloudFront-Viewer-Country
X-Generated-In
X-User
X-IP
Ha-Gx-Prefs
X-HN
X-Nginx-Cache-Key
X-Varnish-Beresp-Grace
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Policy
X-VarnishDD-TTL
X-Request-Host
X-Origin-Expires
X-Varnish-Hits
HA-Ipaddr
X-Var-Ttl
Locid
Server-Host
Magicmarker
X-NAPM-TraceId
L5d-Success-Class
NGX
L
User-Cache-Control
X-DPWN-IS-SECURE
X-Gamma-Serve
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
NM-Fastcgi-Cache
X-Esi-Check
Adler-Geo
X-NU-AKA-ACS-Version
X-Ratelimit-Reset
X-Servername
Platform
X-Gen-Mode
X-Platform-Server
X-Fmm-Version
X-DefHash
X-Cache-Expires
Is-Eu
X-Envoy-Decorator-Operation
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hash
X-DefElseHash
X-Loc
X-Branch-Name
X-GoCache-CacheStatus
V-Age
X-Dispatcher-Server
X-Method
X-Cache-Id
X-Request-URI
X-Clara-WADP
X-Variation
Origin
X-CS
Rt-Fastcgi-Cache
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
Web-Mar-Node
Fastly-SWR
Fastly-SIE
X-Varnish-Beresp-Ttl
X-WADP-Cache
X-Varnish-Beresp-Status
CDCHOST
Fastly-Drupal-HTML
Cf-Bgj
X-Varnish-CookieHashed-On
IsBot
X-LI-UUID
X-SIPLIST1
X-Block-Status
X-Li-Pop
X-Gzip
X-Li-Fabric
X-Old-Content-Length
X-Slack-Backend
X-Origin
X-Cdn-Forward
X-TX-ID
X-B3-SpanId
X-VG-TLSProxy
True-Client-Country-4JS
X-Request-Start
X-Cache-Debug
Vix-Hermes-Req-Id
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Core-Mission
Apple-News-Services-Handled
X-EC-Lua
CDN-PullZone
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
CDN-Uid
CDN-RequestId
X-LB-ID
X-NCache
X-Cache-Remote
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-NC
X-Varnish-Url
X-PF-Uncompressing
X-Refresh
X-CACHE-GROUP
Url
Sid
X-B3-Spanid
S-Rt
X-Varnish-Cacheable
Esi-Enabled
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-Response-By
X-Esi
X-Host-Name
Pics-Label
Xkeyi7
X-FireWall-Protection
X-Tb-Optimization-Total-Bytes-Saved
X-Proxy-Cachei7
X-Nc
X-Epic-Correlation-Id
X-BBXSRF
N-Cache
Who
Country-Code
X-DC
Content-Secure-Policy
Req-Svc-Chain
X-Webkit-Csp
X-RateLimit-Limit
X-Error
Cross-Origin-Window-Policy
X-Cache-2
Ohc-File-Size
X-Srv
X-TraceId
X-Varnish-Authentication
X-Cc-Via
X-Contensis-Viewer-Groups
X-CACHE-KEY
X-Sucuri-Cache
X-Cache-ASPX
X-Cc-Req-Id
D-Cc-Upstream
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Unique-ID
Server-Ttl
X-Planisys-CDN-TTL
Source
X-CDN-Forward
X-Webkit-CSP-Report-Only
Cteonnt-Length
X-Svr
CACHE
X-Servedbyhost
X-HS-Status
X-Wa
HitType
MIME-Version
Kp-EeAlive
Cmstype
Cmsid
Geoip-Latitude
X-Server-IP
GeoIp-Country-Code
X-Cs
X-URL
X-LiteSpeed-Cache-Control
X-Gdpr
X-Nyt-Route
Svr
X-Served-From
X-Origin-Time
X-FPC
X-VC
X-Cache-Config
X-API-Version
Hostname
Geo-Info
VivaBuild
Viewtype
X-LI-Proto
A
Cache-Key
Server-ID
X-SN
SID
Ohc-Cache-HIT
XServer
M-TraceId
X-Vcl-Version
X-Webstats-RespID
Resin-Trace
X-RAMCache
X-SB
X-VCL-Version
X-TIME
X-NodeID
X-NGINX-Cache
X-HOST
NtCoent-Length
Filterid
X-Vgn-Hpd-Reason
Arc-Country
X-Check-Cacheable
Server-Id
X-Li-Proto
Request-ID
TDXMobile
Cross-Origin-Opener-Policy
X-Air-Source
X-SD-PageType
X-UA
X-Viewer-Country
Cache-Provider
GeoIP-Latitude
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-TIM-N
GeoIP-Country-Code
X-FORWARDED-FOR
X-DW
X-RPM
X-RPS
X-DI
X-RSL
X-DB
X-Render-Time
X-Internal-Host
X-DSS
X-BBC-Edge-Cache-Status
Srv
X-App
X-Ua
EpKe-Alive
NGB
X-Newrelic-Synthetics
X-HostName
X-Vc
X-Service
X-Worker
X-ServedByHost
X-WA
Mime-Version
ProcessTime
X-Auto-Login
X-Action
X-CF-Powered-By
Processtime
Datacenter
X-Dynatrace-Js-Agent
X-CSRF-TOKEN
X-FTR-Cache-Host
Tcn
X-Fpc
Upgrade-Insecure-Requests
X-Oss-Cdn-Auth
X-PHP-Backend
X-NGENIX-Cache
X-SaId
X-JoinUs
X-CLOUD-TRACE-CONTEXT
X-Ftr-Cache-Host
X-Extlb
X-Via-NSCOPI
X-Geo
Proxy-Connection
CDN
X-Forwarded-Site
X-Cluster-Node
X-Parent-Response-Time
FSS-Cache
X-Edge-Location
CF-Cached-On
X-HITS
X-Cdn-Request-ID
Cdn
X-Fastly-Backend-Reqs
X-Provided-By
X-Dw-Trace-Id
DataCenter
X-BBC-Origin-Response-Status
X-MSEdge-Features
X-MSEdge-Flight
X-BACKEND-TTL
W
X-Client-Ip
X-CACHE-AGE
X-Swift-Error
X-VC-Cache
We-Hiring
Surrogated-Key
X-Depends-On
X-PJAX-URL
X-Region-Sid
X-Proxy-Upstream
X-Date
X-Req
X-Bc-Bl
X-Accel-Expires-Debug
X-Fastly-Request-Id
X-Cache-Tag
X-IN-APIGATEWAYSSL
Dnion-Transfer-Encoding
X-ABtesting
X-Flog
X-IN-APIGATEWAY
OT-Force-Account-Verify
X-Pf-Uncompressing
Mail-Subject
LB
X-Hello
PICS-Label
Memcached
X-Akamai-Pragma-Client-IP
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-Rocket-Build-Number
X-Zone
Time
X-ND-Cache
Media-Length
X-Sigma-Backend
X-Presslabs-Stats
Memory
Env
X-Sigma
Vha6-Origin
X-Via-PopV
X-Oracle-DMS-ECID
X-Via-PopN
X-UnsetCookies
X-Via-PopH
X-Lb-Id
X-Air-Trace-Id
Epwk-X-Cache
X-LiteSpeed-Tag
X-ZONE
X-Men
X-MiniProfiler-Ids
WZWS-RAY
X-Pad
X-APP
Cf-Ipcountry
X-Akamai-ERRuleID
X-Vcache
X-Akamai-ERPolicy
X-Csrf-Token
X-Varnish-URL
X-Request-URL
VNS-Cache
X-ElasticPress-Query
X-ElasticPress-Search
X-Varnish-Beresp-TTL
VNS-Age
CPC-Age
X-Snapshot-Date
CPC-Cache
URI
X-Acquia-Site
X-Ms-Meta-Staticbatchstarttime
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Request-Url
X-Acquia-Purge-Tags
X-Ms-Meta-Originalurl
Xet-Cookie
CountryCode
X-Tx-Id
X-Tid
X-Amz-Meta-Cb-Modifiedtime
X-Litespeed-Cache-Control
X-Nananana
Environment
X-Redis-Count
X-Redis-Duration-Ms
X-Storefront-Renderer-Verified
X-ServerName
X-C
X-Traceid
NnCoection
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Ohc-Response-Time
Phost
X-B3-Parentspanid
Inserted-Into-Cache-At