Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Ua-Compatible
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
Host-Header
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Cache-Spec
X-Amz-Version-Id
X-Device
X-CST
Allow
X-Vhost
X-Host
X-Backend-Server
Xkey
X-Server-Id
X-WebKit-CSP
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
P3p
X-ASPNET-VERSION
X-Ruxit-JS-Agent
Accept-Ch
X-Application-Context
X-Ac
X-Cache-Lookup
X-Country
X-Template
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Language
Accept-CH
X-Readtime
X-Cloud-Trace-Context
Accept-CH-Lifetime
MS-Author-Via
X-B3-TraceId
Rating
X-HW
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-Url
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ORACLE-DMS-RID
X-Trace
X-ESI
X-ORACLE-DMS-ECID
X-Middleton-Response
X-Sol
Pagespeed
X-Content-Type
Response
X-Middleton-Display
Display
X-Varnish-TTL
X-D2id
Arr-Disable-Session-Affinity
X-GoogleNews-Bot
X-Exp-Variant
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
Verso
X-Use-Magma
X-Kinja-Server
X-Kinja-Build
X-Exp-Id
X-Vcap-Request-Id
X-Goog-Hash
X-Country-Code
X-Rack-Cache
X-TTL
X-Powered-By-Plesk
X-Navigation-Version
Service-Worker-Allowed
X-Server-Name
X-VARITI-CCR
X-Buckets
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
X-FastCGI-Cache
X-Webkit-CSP
X-Client-IP
Fastly-Restarts
X-Cache-TTL
X-Release
X-Cached
X-MSEdge-Ref
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
SPRequestGuid
X-SharePointHealthScore
X-Oneagent-Js-Injection
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
RTSS
Access-Control-Request-Method
AR-Request-ID
Ar-Sid
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Edge
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-LLID
X-Powered-CMS
Cache-Tag
X-Ezoic-Cdn
X-Litespeed-Cache
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
X-Origin-Upstream-Status
X-Version
S
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Px
X-Mid
X-MCACHE
X-ECACHE
X-Recruiting
X-Mg-S
X-Ruxit-Js-Agent
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
X-DynaTrace
Fastcgi-Cache
X-T
Cache-Tags
X-Amz-Server-Side-Encryption
Filters
X-Logged-In
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Ttl
Server-Node
Edge-Cache-Tag
X-Forwarded-Proto
Front-End-Https
X-Id
X-Correlation-Id
TP-Cache
TP-L2-Cache
X-Grace
Server-Name
X-Debug
X-Fastcgi-Cache
Nginx-Cache
X-Hits
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Forwarded-For
X-Kong-Proxy-Latency
X-Request-Processing-Time
X-Request-Received
TCN
X-B3-Sampled
X-Shield-Request-Id
X-Yandex-Sdch-Disable
Surrogate-Key
X-Request-Handler-Origin-Region
X-Varnish-Age
X-Microsite
X-Az
X-AppVersion
X-Activity-Id
X-Ser
X-Amz-Replication-Status
X-XRDS-Location
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-F-Cache
X-XRDS-LOCATION
X-Origin-Server
X-Goog-Storage-Class
Alternate-Protocol
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-DIS-Request-ID
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Pinterest-Direct
Accept-Charset
X-Geo-Country
X-Rid
X-Git-Hash
X-Cache-Key
X-Frontend
X-Respond-Thread
Section-Io-Cache
Host
X-NWS-LOG-UUID
X-LB-Cache
Cache
X-Time
X-DataDome
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Mobile-URL
X-VCache
X-Seen-By
MS-CV
X-FTR-Request-ID
X-Server-ID
X-Cache-Age
ServerID
Paypal-Debug-Id
X-IPLB-Instance
Healthy
X-TT
X-Type
X-AOL-HN
X-Source
X-Content-Options
X-Varnish-Backend
X-Whom
X-Hostname
X-Providence-Cookie
Payment
X-Flags
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Aspnet-Duration-Ms
X-App-Environment
X-Signature
X-B-Cache
X-Cache-Action
Cleartype
X-Page-Id
X-Daa-Tunnel
X-Debug-Info
X-Jobs
Fastcgi-Useragent
X-RateLimit-Remaining
X-N
X-WebKit-CSP-Report-Only
X-Load-Cache
Powered-By-ChinaCache
X-FB-Debug
Nel
X-Mobile
X-Webkit-Csp
X-Browser-Type
X-Contextid
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Realpath
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Via-JSL
Node
Refresh
X-Rule
X-Drupal-Cache-Tags
X-Original-Request-Id
X-Wix-Request-Id
X-Zen-Fury
X-Accel-Buffering
X-Response-Served-From
Version
X-Cacheable-TTL
X-Cache-Expired-At
Ms-Operation-Id
DC
X-Proxy
X-Framework
X-RTag
X-ProcessESI
Referer-Policy
X-RemovedCookies
X-Drupal-Cache-Contexts
X-Cache-Time
X-Distributor
Access-Control-Request-Headers
X-Instance
X-Real-IP
X-Region
X-B
X-Cluster-Name
X-HTML-Minification-Powered-By
X-FW-Dynamic
X-Tt-Trace-Tag
X-FW-Server
X-Tt-Trace-Host
X-Cache-Control
X-UUID
X-FW-Hash
X-Akamai-Edgescape
Viewport
X-FW-Static
Eomportal-Instance
X-Cached-By
X-Content-Powered-By
X-FW-Type
X-FW-Serve
X-Page-View
Countrycode
X-IPS-LoggedIn
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Rule
X-Cache-Operation
Liferay-Portal
X-G
X-FireWall-Port
X-Cache-Hit
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Pass-Why
X-L-Path
X-Environment-Context
X-App-Server
DynaTrace
Server-Info
SRV
CF-IPCountry
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Nginx-Cache
Section-Io-Origin-Status
Section-Io-Id
X-Protected-By
X-User-Agent
X-Debug-IsConnected
Ec-Rule-Version
X-Debug-IsPreview
From-Origin
Xserver
X-Www-Served-By
X-Tumblr-Pixel-2
Webserver
GEO-INFO
X-Ratelimit-Limit
X-Device-Type
X-Mode
X-Adobe-Content
X-Handled-By
Meta-Geo
X-Endurance-Cache-Level
X-Hl-Ver
X-UPSTREAM-Address
X-ES-SERVER
X-Adobe-Loc
X-RN-RSRV
Cache-Tv-Group
X-Cache-Server
Protected
X-Uri
X-Locale
X-Backend-Name
X-Site-Version
X-FB-TRIP-ID
X-MP-GENERATED-AT
X-PHP-Host
X-Soup
Webcakes-Region
X-Web-Node
X-NYM-Debug-Backend
TWC-Device-Class
X-Storage
X-Varnishpool
X-Node-Name
X-Origin-Hint
Webcakes-App-Version
X-UA-Device-Type
Property-Id
X-Labrador-Cache-Channel
X-Be
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
TWC-GeoIP-Country
TWC-Connection-Speed
Retry-After
Webcakes-App-Name
Cache-Status
X-Varnish-Grace
X-BYPASS-REASON
X-FW-Version
X-Human
X-LJ-Flow-ID
X-Timing-Wait
X-Via-Fastly
X-AWS-Id
X-VWS-Id
X-WA-Info
Fastly-SSL
X-Format
Mn-Server-Ip
Frame-Options
X-Proto
X-PCL
X-OCL
X-Proxy-Build
X-ProxyCache-Key
X-Request-Time
Selected-Fe
X-Server-W
X-Redis-Cache
X-ProxyCache-Status
X-R9-Blue-Green-Version
Country
X-Access
Decoy-Debug-TTL
Decoy-Debug-Key
X-Origin-Date
X-No-Session
X-Section
Decoy-Debug-Status
X-Pubstack
X-Sql-Count
Cache-Name
X-Sql-Duration-Ms
Azure-RegionName
Azure-InstanceId
Azure-SlotName
Azure-SiteName
Azure-Version
X-Tec-Api-Version
X-LAGOON
X-ApacheServer
X-PERF
X-Zipkin-Id
X-Xfnlog-Site
X-Proxied
X-SayCDN-TTL
X-Say-Cacheable
X-TNCMS
X-Routing-Service
X-Say-TTL
X-Tec-Api-Origin
X-Status
X-Loop
X-Tec-Api-Root
X-Hosted-By
X-Hyper-Cache
X-S-Maxage
X-Cache-TTL-Remaining
X-Storefront-Renderer-Rendered
X-ShardId
X-CCM
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-TT-LOGID
X-Cache-Grace
Apigw-Requestid
X-Forwarded-Host
X-Cluster
X-Varnish-Server
X-AIR-PT
X-GG-Cache-Date
X-Rendered-As
X-Info
X-Is-Bot
X-SRV
X-Revision
X-Qloud-Router
X-Ratelimit-Remaining
S-Cnection
AMP-Access-Control-Allow-Source-Origin
X-Microcachable
X-Cache-Enabled
X-Content-Age
X-Proxy-Cache-Status
Uber-Trace-Id
X-Cdn
X-Dc
X-Via-CDN
Cache-Hits
X-Platform
X-FTR-Backend
X-Azure-Ref
X-FTR-Realm
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-App-Version
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Ttl
X-Backend-Host
X-TA-CDN-Provider
X-Cache-Host
X-Aspnetmvc-Version
X-Detected-As
X-Amz-Meta-S3cmd-Attrs
X-CSRF-Token
X-FTR-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-EdgeConnect-Cache-Status
X-ATG-Version
X-B3-SpanId
X-Oss-Server-Time
X-Oss-Storage-Class
X-Air-Hostname
X-Oss-Request-Id
X-Oss-Object-Type
Tracecode
X-CS
X-Trace-Id
X-Oss-Hash-Crc64ecma
SD-X-WS
X-Time-Microsecs
X-RCS-CacheZone
X-Debug-Cache
ServedBy
X-ID
X-Varnish-Hostname
X-Cache-NGX
X-Cache-PHP
X-BCube-Filmed-By
X-Correlation-ID
X-Akamai-Transformed
X-ServerID
X-Backend-TTL
X-Cache-Var
X-Cache-Var-Map
X-Tb
DB-Nickname
HostName
X-Unique-Id
X-NewRelic-App-Data
X-Ms-Version
Backend
X-Ms-Request-Id
X-Vtex-Remote-Cache
X-Generated-On
X-Generation-Time
X-Fetched-On
X-Vtex-Processado-Em
X-A-Dgt
X-A-Dam
X-From
X-Session-Fingerprint
Xc-Version
X-A-Dcw
X-A
X-VG-WebCache
Expiry
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
X-Device-Os
X-Request-UUID
X-Destination
Odigeo-Trace-Id
MD5-Digest
Meta-Geo-Continent
Machine
Mobile-Detection-Method
X-D
X-Connection-Hash
Release
X-Vdms-Version
X-Vdms-Path
Thinkindot-CacheControl-Type
X-VG-WebServer
X-External-Request-Id
Thinkindot-CacheControl
X-Origin-TTL
BehaviorPad-Version
Rendered-Blocks
X-Trv-Group
X-Adobe-Source
T-Server
Thinkindot-Control
X-A-Ccd
X-NAPM-TraceId
X-CF-Lambda-Fn
X-S-Cookie
X-Location
X-CF-Lambda-Version
X-ScT
X-B-Cookie
X-Level-Front-Cache
X-SRCache-Key
X-Origin-CC
X-Owner
X-DynaTrace-JS-Agent
X-S
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Cache-NE
X-Thinkindot-L3
X-Rojux
X-Rewrite-Enabled
X-Aed
X-A-Wwc
X-GeoIP-City
X-Application
X-Magnolia-Registration
X-ARC
X-TX-ID
DSUID
X-GEO
X-Nc
X-Sucuri-ID
Cf-Device-Type
X-Developers
Content-Disposition
X-EC-Lua
Server-Ext
C-Via
X-Has-Esi
Server-Hostname
Server-Host
X-Cms-Context
CacheControlHeader
X-Tumblr-Pixel-3
Fastly-Backend-Name
NGX
Instruction
Host-ID
X-OVcl-Cache
Locid
X-Geo-Header
Magicmarker
X-OVcl
On-Server
X-Core-Value
PB-RID
AKAMAI
X-SVT-ORM-RULES
PB-PID
Path
Pagetype
Gh-Request-Id
X-Policy
Arc-Version
X-B3-Traceid
X-Reqid
X-Cache-Bucket
X-SVT-ORM-VERSION
Wxu-Next-Commit
X-Thanos
X-Fastly-Cache
X-FC-Vary-Parameters
X-Is-Gdpr
X-Irp-Debug
X-JWT-State
UCS
X-VServer
X-Bip
Wxu-Next-Hostname
X-Micro-Cache
X-Azure-Ref-OriginShield
Wxu-Next-Region
X-GeoIP
X-Node-Id
X-HS-Content-Campaign-Id
SR-User-Adfree
Sever-Int
X-Skip-Cache
X-Mvc-Supplant-Cachable
X-Nginx-Cache-Key
X-Varnish-Cache-Hits
X-TrackingId
User-Cache-Control
X-Varnish-Beresp-Grace
X-Cdn-Forward
NM-Fastcgi-Cache
X-Csrf-Jwt
X-Variation
X-Backend-State
Web-Mar-Node
X-Branch-Name
X-Cache-Id
Platform
X-Var-Ttl
Ssr
X-Clientip
X-Clara-WADP
X-Cache-Info
PFcat
X-Block-Status
X-Cache-Debug
X-Swa-Ws
X-CGP
X-VarnishDD-TTL
X-GoCache-CacheStatus
V-Age
X-Generated-By
X-Gzip
X-Generated-In
X-Rebelmouse-Surrogate-Control
X-HN
X-Gen-Mode
X-SIPLIST1
Location
X-WADP-Cache
X-Request-Host
X-Wikidot-Backend
X-Fmm-Version
X-Wikidot-Static-Cache
X-Hnp-Log
X-User
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-Origin
X-Origin-Expires
X-Platform-Server
X-Origin-Response-Time
X-Ratelimit-Reset
X-Method
X-Rebelmouse-Cache-Control
X-IP
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Scheme
X-Fastly-Backend
X-Cache-Tags
X-Developer
Fastly-SIE
Fastly-SWR
Cf-Bgj
CDN-Uid
X-Eu-Site
CDN-RequestId
X-DefHash
Ha-Gx-Prefs
L5d-Success-Class
X-CUA
IsBot
Is-Eu
HA-Ipaddr
X-DefElseHash
CDN-PullZone
CDN-RequestCountryCode
X-Varnish-CookieHashed-On
X-DPWN-IS-SECURE
Adler-Geo
X-Varnish-CookieINHashed-On
X-Envoy-Decorator-Operation
X-Esi-Check
X-Varnish-Remaining-TTL
CDN-EdgeStorageId
Cache-Host
CDN-Cache
X-Dispatcher-Server
CDN-CachedAt
CDCHOST
X-Cache-Backend
X-Varnish-Beresp-Ttl
X-Matched-Rule
X-Hash
X-LB-ID
X-Slack-Backend
X-Gamma-Serve
X-Varnish-Beresp-Status
Apple-News-Services-Handled
X-Varnish-Hits
Apple-News-Services-Host
Origin
Who
X-VG-TLSProxy
L
Lfy
Rt-Fastcgi-Cache
X-Request-URI
True-Client-Country-4JS
Apple-News-Services-Parsed-Url
X-Unique-ID
Vix-Hermes-Req-Id
Esi-Enabled
Apple-News-Services-Request-Url
Country-Code
X-CLOUD-TRACE-CONTEXT
X-Loc
CloudFront-Viewer-Country
X-Mvc-Supplant-OutputCached
X-Aicache-OS
Fastly-Drupal-HTML
X-Goog-Meta-Goog-Reserved-File-Mtime
Sid
X-CACHE-KEY
Geo-Info
X-APP-VERSION
X-RateLimit-Limit
Tcn
X-Cache-Expires
Pramga
X-Sn-Servicetimems
X-Cdn-Origin
Pics-Label
X-Varnish-Url
X-Via-Popn
X-Via-Poph
X-Via-Popv
X-NCache
X-PF-Uncompressing
X-Cache-Date
X-Servername
X-Core-Mission
X-Epic-Correlation-Id
Filterid
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
Url
X-Request-Start
X-Esi
X-Refresh
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
Req-Svc-Chain
Cmstype
X-FireWall-Protection
Cmsid
X-Varnish-Cacheable
X-DC
X-Error
Kp-EeAlive
Svr
X-Served-From
VivaBuild
Source
Viewtype
A
MIME-Version
NGB
Cache-Key
X-Response-By
X-NC
X-Erf-Stays-Bingo-Pdp-Web
X-Webkit-CSP-Report-Only
X-Srv
Xkeyi7
M-TraceId
X-Proxy-Cachei7
X-Cache-Remote
Arc-Country
S-Rt
X-BBXSRF
TDXMobile
Cross-Origin-Opener-Policy
Geoip-Latitude
X-Servedbyhost
X-Air-Source
Server-ID
Content-Secure-Policy
X-HS-Status
GeoIp-Country-Code
X-Wa
N-Cache
Server-Ttl
HitType
X-Vgn-Hpd-Reason
X-URL
X-CDN-Forward
X-B3-Spanid
X-HostName
X-Cache-2
X-Vcl-Version
NtCoent-Length
X-LI-Proto
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Cc-Req-Id
X-Cc-Via
D-Cc-Upstream
Resin-Trace
X-Cache-ASPX
X-LiteSpeed-Cache-Control
X-NGENIX-Cache
X-JoinUs
X-SaId
SID
X-PHP-Backend
CACHE
Ohc-File-Size
Cteonnt-Length
X-Host-Name
X-Sucuri-Cache
Cross-Origin-Window-Policy
X-Edge-Location
X-RAMCache
X-Li-Proto
X-Svr
X-Vc
X-Service
X-Geo
X-Internal-Host
X-HOST
XServer
X-VCL-Version
X-CCDN-CacheTTL
Request-ID
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Hostname
DataCenter
X-Server-IP
X-Extlb
X-UA
GeoIP-Country-Code
X-Viewer-Country
GeoIP-Latitude
X-WA
X-Newrelic-Synthetics
X-DSS
X-Gdpr
X-FPC
X-TIM-N
X-ServedByHost
FSS-Cache
X-Forwarded-Site
X-Origin-Time
X-Nyt-Route
X-Cache-Config
X-RSL
X-DI
X-DB
X-VC
X-DW
X-RPM
X-RPS
X-API-Version
X-Via-NSCOPI
X-FORWARDED-FOR
Cache-Provider
X-Cs
X-Bc-Bl
X-App
X-Dynatrace
CF-Cached-On
X-Check-Cacheable
X-SN
Ohc-Cache-HIT
X-Date
X-PJAX-URL
ProcessTime
X-ZONE
X-Req
X-Region-Sid
X-Accel-Expires-Debug
X-Action
Memcached
Mail-Subject
LB
Surrogated-Key
Server-Id
X-SB
X-VC-Cache
We-Hiring
X-Proxy-Upstream
X-NodeID
X-Webstats-RespID
X-Dynatrace-Js-Agent
X-TIME
X-RateLimit-Limit-Second
X-CF-Powered-By
X-Instrumentation
X-RateLimit-Remaining-Second
Mime-Version
X-Kraken-Routeconfig-Destination
X-SD-PageType
X-Oss-Cdn-Auth
Env
X-Kraken-Loop-Name
X-Fpc
X-Server-Lifecycle-Phase
X-CSRF-TOKEN
X-Provided-By
X-Depends-On
X-Render-Time
X-Air-Trace-Id
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-APP
X-Men
Upgrade-Insecure-Requests
W
X-BBC-Edge-Cache-Status
X-NGINX-Cache
X-Cdn-Request-ID
X-Swift-Error
Srv
X-MSEdge-Features
Memory
X-MSEdge-Flight
X-BACKEND-TTL
X-Ftr-Cache-Host
CPC-Age
X-Dw-Trace-Id
CDN
Time
VNS-Cache
X-UnsetCookies
VNS-Age
Cdn
CPC-Cache
EpKe-Alive
X-Client-Ip
X-CACHE-AGE
X-FTR-Cache-Host
X-Fastly-Backend-Reqs
Processtime
X-ABtesting
X-Hello
Dnion-Transfer-Encoding
X-Auto-Login
X-Parent-Response-Time
X-Fastly-Request-Id
X-Flog
X-Pf-Uncompressing
X-Worker
X-Cache-Tag
Datacenter
X-Ua
X-Akamai-Pragma-Client-IP
Media-Length
X-Pad
X-BBC-Origin-Response-Status
X-Zone
Proxy-Connection
X-Acquia-Application-Trace
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Acquia-Site
X-Cluster-Node
Vha6-Origin
X-Snapshot-Date
Fastcgi-Cache-TTL
X-IN-APIGATEWAYSSL
PICS-Label
State
Epwk-X-Cache
X-LiteSpeed-Tag
My-App
X-IN-APIGATEWAY
X-ServerName
X-Via-PopN
X-Via-PopV
X-Via-PopH
Cf-Ipcountry
X-Cache-Status-Check
X-ElasticPress-Query
X-Minions-Version
X-Request-URL
X-Varnish-Beresp-TTL
X-MiniProfiler-Ids
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Search
X-Edge-Location-Klb
X-Ms-Meta-Originalurl
X-Vcache
X-Akamai-ERRuleID
X-Varnish-URL
X-Lb-Id
X-Akamai-ERPolicy
Xet-Cookie
X-Air-Pt
CountryCode
X-Tx-Id
X-Nananana
X-Apw-Access-Action
Content-Script-Type
Content-Style-Type
X-Litespeed-Cache-Control
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
URI
X-Redis-Duration-Ms
X-Request-Url
X-Traceid
X-Redis-Count
Environment
X-C
X-Storefront-Renderer-Verified
OT-Force-Account-Verify
NnCoection
X-Debug-Cache-Store
Inserted-Into-Cache-At
X-Tid
X-Debug-Cache-Fetch
Ohc-Response-Time
X-B3-Parentspanid
Phost
X-Amz-Meta-Cb-Modifiedtime