Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Xss-Protection
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Request-ID
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Via
Upgrade
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-Robots-Tag
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
Server-Timing
X-Cache-Group
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-Cache-Spec
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Device
X-CST
Allow
Xkey
X-Vhost
X-Host
X-Backend-Server
X-Server-Id
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
Accept-CH-Lifetime
P3p
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Template
X-Country
X-Language
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Accept-Ch
Rating
X-Origin-Cache
Accept-Ch-Lifetime
X-Cnection
X-HW
X-MS-InvokeApp
X-Url
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-ORACLE-DMS-ECID
X-Trace
Display
X-Middleton-Response
X-Sol
Response
X-Middleton-Display
Pagespeed
X-Content-Type
X-D2id
X-Kinja-Build
X-Cdn-Fetch
X-GoogleNews-Bot
X-Exp-Variant
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Use-Magma
Arr-Disable-Session-Affinity
X-FastCGI-Cache
Verso
X-Vcap-Request-Id
X-ORACLE-DMS-RID
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-Server-Name
X-Varnish-TTL
X-Navigation-Version
Service-Worker-Allowed
X-Abt-Application-Version
X-Powered-By-Plesk
X-Amz-Rid
X-VARITI-CCR
X-Fastly-Request-ID
X-Client-IP
X-Cache-TTL
X-Webkit-CSP
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-TTL
Fastly-Restarts
X-Release
X-MSEdge-Ref
SPRequestGuid
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-Element-Page-Cache
X-Cached
SPIisLatency
SPRequestDuration
X-NF-Request-ID
X-Oneagent-Js-Injection
Public-Key-Pins
RTSS
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Access-Control-Request-Method
Ar-Sid
AR-PoweredBy
AR-Request-ID
AR-ATIME
AR-CACHE
X-Edge
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-LLID
X-Ezoic-Cdn
X-Origin-Upstream-Status
X-Upstream
X-Litespeed-Cache
Content-MD5
Fusion-Template-Id
Fusion-Content-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Component-Id
Cache-Tag
X-Px
Fusion-Source
X-Jurisdiction
X-HP-Webp
X-Mid
X-MCACHE
X-ECACHE
S
X-Version
X-Mg-S
X-Recruiting
X-Ttl
X-Content-Digest
Charset
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
MicrosoftSharePointTeamServices
X-Id
Cache-Tags
X-Content-Security-Policy-Report-Only
Filters
Front-End-Https
TCN
X-Debug
Server-Node
X-Accel-Expires
X-Logged-In
Edge-Cache-Tag
X-Grace
X-DynaTrace
X-Forwarded-Proto
X-Pinterest-Direct
X-Forwarded-For
X-Correlation-Id
Server-Name
Nginx-Cache
X-Amzn-Trace-Id
TP-L2-Cache
TP-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Received
X-Request-Processing-Time
Surrogate-Key
X-Varnish-Age
X-Yandex-Sdch-Disable
X-B3-Sampled
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Microsite
X-XRDS-LOCATION
X-Ser
X-Activity-Id
X-Az
X-Hits
X-AppVersion
X-Amz-Replication-Status
X-DIS-Request-ID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-F-Cache
X-Origin-Server
X-Kinja-Server-Push
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Generation
X-GUploader-UploadID
Accept-Charset
X-Geo-Country
X-XRDS-Location
X-Git-Hash
X-Cache-Key
Cache
X-Respond-Thread
X-Rid
Alternate-Protocol
X-FTR-Request-ID
X-LB-Cache
Section-Io-Cache
Powered-By-ChinaCache
X-Frontend
X-Upgrade-Enabled
X-DataDome
Host
X-Fastcgi-Cache
Access-Control-Allow-Method
X-Mobile-URL
X-Seen-By
MS-CV
Paypal-Debug-Id
X-Cache-Age
X-Time
X-NWS-LOG-UUID
Healthy
X-IPLB-Instance
ServerID
X-Type
X-Ruxit-Js-Agent
Cleartype
X-Hostname
X-Varnish-Backend
X-App-Environment
X-AOL-HN
X-VCache
X-Content-Options
X-Is-Crawler
X-Server-ID
X-Flags
X-Providence-Cookie
X-Aspnet-Duration-Ms
Payment
X-Route-Name
X-Request-Guid
X-TT
X-Whom
X-Page-Id
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-B-Cache
X-Cache-Action
X-Signature
X-Debug-Info
X-Jobs
X-Source
X-Load-Cache
X-Daa-Tunnel
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-N
X-Mobile
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Via-JSL
Refresh
Nel
X-RateLimit-Remaining
X-Contextid
X-Response-Served-From
X-Rule
X-Wix-Request-Id
X-Accel-Buffering
X-Original-Request-Id
X-Akamai-Edgescape
X-Cached-By
X-Drupal-Cache-Tags
DC
X-Framework
Version
Viewport
X-Proxy
X-Cacheable-TTL
X-Zen-Fury
X-Cache-Rule
X-Cache-Operation
X-ProcessESI
X-RTag
X-RemovedCookies
Ms-Operation-Id
Realpath
X-B
Node
X-Instance
X-Real-IP
X-HTML-Minification-Powered-By
X-Cache-Time
Access-Control-Request-Headers
X-Page-View
X-Drupal-Cache-Contexts
X-UUID
Referer-Policy
X-Distributor
X-Region
X-FW-Type
X-FW-Server
Countrycode
X-FW-Dynamic
X-FW-Hash
X-FW-Serve
X-FW-Static
X-Cache-Expired-At
X-Cluster-Name
X-Tt-Trace-Tag
X-Tt-Trace-Host
Eomportal-Instance
X-Cache-Control
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-IPS-LoggedIn
DynaTrace
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Cache-Hit
X-Tumblr-User
X-G
X-L-Path
X-Environment-Context
GEO-INFO
X-FireWall-Port
Server-Info
X-App-Server
X-Pass-Why
X-User-Agent
X-Ratelimit-Limit
Ec-Rule-Version
From-Origin
X-Tumblr-Pixel-2
Webserver
X-Varnish-Ttl
Section-Io-Origin-Time-Seconds
X-Node-Name
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
CF-IPCountry
X-Protected-By
Xserver
SRV
X-Www-Served-By
Protected
X-Cache-Server
X-Backend-Name
X-Ratelimit-Remaining
Meta-Geo
X-Hl-Ver
X-RN-RSRV
X-Handled-By
X-UPSTREAM-Address
X-ES-SERVER
X-Mode
X-Site-Version
X-Locale
Frame-Options
X-FB-TRIP-ID
X-Endurance-Cache-Level
X-Storage
X-Web-Node
X-Be
Cache-Status
X-NYM-Debug-Backend
Cache-Tv-Group
X-Varnishpool
X-Soup
TWC-Device-Class
TWC-GeoIP-Country
Webcakes-Region
TWC-Connection-Speed
X-Revision
X-MP-GENERATED-AT
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Version
X-Proto
X-UA-Device-Type
X-Uri
TWC-Privacy
X-Human
Webcakes-App-Name
X-Redis-Cache
X-Origin-Hint
Decoy-Debug-TTL
Fastly-SSL
X-Proxy-Build
X-Timing-Wait
X-Pubstack
Decoy-Debug-Status
Property-Id
X-PHP-Host
Cache-Name
X-Labrador-Cache-Channel
Selected-Fe
X-Hyper-Cache
Country
Decoy-Debug-Key
X-SayCDN-TTL
Azure-RegionName
X-Section
X-Access
X-Server-W
Azure-SlotName
Azure-SiteName
Retry-After
Azure-Version
X-Forwarded-Host
X-AIR-PT
X-OCL
X-Via-Fastly
X-FW-Version
X-Say-TTL
X-Say-Cacheable
Azure-InstanceId
X-No-Session
X-WA-Info
X-Origin-Date
X-Adobe-Content
X-Sql-Count
X-Format
X-PCL
X-Adobe-Loc
X-Sql-Duration-Ms
X-Request-Time
X-Amz-Meta-S3cmd-Attrs
X-Cache-Grace
X-BYPASS-REASON
X-Loop
X-LAGOON
X-R9-Blue-Green-Version
X-ProxyCache-Key
X-LJ-Flow-ID
X-TT-LOGID
X-TNCMS
X-AWS-Id
X-VWS-Id
X-Hosted-By
X-ProxyCache-Status
X-S-Maxage
X-PERF
X-ApacheServer
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
X-Nginx-Cache
X-Cluster
Mn-Server-Ip
X-Status
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-ShopId
X-Alternate-Cache-Key
X-Tec-Api-Version
X-Routing-Service
X-Tec-Api-Root
X-Tec-Api-Origin
X-Sorting-Hat-ShopId
X-Zipkin-Id
X-Proxied
X-Cache-TTL-Remaining
X-Storefront-Renderer-Rendered
X-CCM
X-Is-Bot
X-Xfnlog-Site
X-Rendered-As
X-Varnish-Grace
X-Qloud-Router
Apigw-Requestid
X-Dc
X-Info
S-Cnection
X-FTR-Cache-Status
X-FTR-DC
Cache-Hits
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Realm
X-Via-CDN
X-SRV
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-Cache-Enabled
X-FTR-Expires
X-Detected-As
X-Cdn
X-GG-Cache-Date
X-Platform
X-Microcachable
X-Content-Age
X-Amzn-RequestId
Uber-Trace-Id
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Cache-Host
X-Azure-Ref
X-Proxy-Cache-Status
X-Backend-Host
X-Unique-Id
X-Aspnetmvc-Version
Tracecode
X-Air-Hostname
Amp-Access-Control-Allow-Source-Origin
X-Cache-Var
SD-X-WS
X-Cache-Var-Map
X-CSRF-Token
Akamai-GRN
X-NWS-UUID-VERIFY
X-DynaTrace-JS-Agent
X-ATG-Version
X-Time-Microsecs
X-Backend-TTL
X-App-Version
X-GEO
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-ServerID
X-Trace-Id
X-Oss-Request-Id
X-Tb
X-Oss-Storage-Class
X-Oss-Server-Time
X-RCS-CacheZone
ServedBy
X-BCube-Filmed-By
DSUID
X-Cache-Backend
X-Cache-PHP
X-Varnish-Hostname
X-Correlation-ID
Backend
X-Cache-NGX
X-Akamai-Transformed
X-Debug-Cache
Lfy
X-Thinkindot-L3
Instruction
Machine
Meta-Geo-Continent
Fastcgi-X-Cache-Version
X-Session-Fingerprint
Odigeo-Trace-Id
Mobile-Detection-Method
X-SRCache-Key
MD5-Digest
DCR-Decision-By
X-VG-WebServer
X-Vtex-Remote-Cache
X-ScT
BehaviorPad-Version
X-Vtex-Processado-Em
DCR-Processing-Time-Ms
Xc-Version
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
Expiry
Release
X-Cache-NE
X-Origin-CC
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-B-Cookie
X-ARC
X-PAYTM-SRV-ID
X-Origin-TTL
X-Application
X-Connection-Hash
X-Matched-Rule
X-External-Request-Id
X-Fetched-On
X-From
X-Generation-Time
X-GeoIP-City
X-Destination
X-Location
X-Level-Front-Cache
X-D
X-Aed
X-A-Wwc
Rendered-Blocks
SR-User-Adfree
T-Server
Thinkindot-CacheControl
X-Rewrite-Enabled
X-Generated-On
X-S
X-Rojux
Path
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Ccd
X-PBS-Appsvrname
X-A
X-Request-UUID
X-Processor
X-S-Cookie
X-Device-Os
X-Magnolia-Registration
HostName
X-Sucuri-ID
PB-RID
Arc-Version
DB-Nickname
PB-PID
X-B3-SpanId
X-NewRelic-App-Data
X-SVT-ORM-RULES
X-Micro-Cache
Host-ID
Cf-Device-Type
Gh-Request-Id
C-Via
AKAMAI
X-Has-Esi
X-Node-Id
X-Mvc-Supplant-Cachable
X-NAPM-TraceId
CacheControlHeader
X-Cache-Bucket
X-Geo-Header
X-Azure-Ref-OriginShield
X-Is-Gdpr
X-GeoIP
X-Irp-Debug
X-JWT-State
Pagetype
X-HS-Content-Campaign-Id
UCS
X-FC-Vary-Parameters
X-Skip-Cache
X-Bip
X-TA-CDN-Provider
Fastly-Backend-Name
X-VServer
X-Thanos
X-Owner
X-OVcl-Cache
X-Reqid
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-Ms-Request-Id
X-Ms-Version
X-OVcl
X-TrackingId
X-SVT-ORM-VERSION
X-CS
X-Cdn-Forward
X-APP-VERSION
X-Adobe-Source
On-Server
X-CUA
X-User
Server-Ext
X-Fastly-Cache
X-Developer
X-Backend-State
Cache-Host
X-Developers
Server-Host
PFcat
NGX
X-Request-Host
X-Eu-Site
X-HN
Wxu-Next-Commit
Wxu-Next-Hostname
X-VarnishDD-TTL
Wxu-Next-Region
X-Var-Ttl
X-Cms-Context
X-Generated-In
Sever-Int
X-IP
Ssr
X-Core-Value
Server-Hostname
X-Nginx-Cache-Key
X-Generated-By
X-Origin-Response-Time
X-CGP
Content-Disposition
X-Cache-Info
HA-Ipaddr
X-Wikidot-Static-Cache
Ha-Gx-Prefs
L5d-Success-Class
X-Wikidot-Backend
X-Cache-Tags
X-Policy
X-B3-Traceid
Magicmarker
X-Csrf-Jwt
X-Swa-Ws
Locid
X-Clientip
User-Cache-Control
X-TX-ID
X-DPWN-IS-SECURE
X-Esi-Check
CloudFront-Viewer-Country
X-Varnish-Remaining-TTL
X-DefHash
X-EC-Lua
X-Block-Status
X-DefElseHash
X-Cache-Id
Web-Mar-Node
Fastly-SWR
Fastly-SIE
X-Branch-Name
X-Gzip
X-Cdn-Origin
X-SIPLIST1
X-Dispatcher-Server
X-Li-Fabric
X-Rebelmouse-Cache-Control
Cf-Bgj
X-Rebelmouse-Surrogate-Control
X-Platform-Server
X-Method
Is-Eu
X-NU-AKA-ACS-Version
X-Varnish-CookieHashed-On
Adler-Geo
CDCHOST
X-Varnish-Beresp-Grace
X-Request-URI
X-Scheme
X-Variation
X-WADP-Cache
X-Old-Content-Length
X-Origin
X-Origin-Expires
IsBot
X-Varnish-CookieINHashed-On
X-Hnp-Log
Pramga
Platform
X-Varnish-Hits
X-GoCache-CacheStatus
X-Gen-Mode
V-Age
X-Clara-WADP
X-Envoy-Decorator-Operation
X-Fmm-Version
L
X-Fastly-Backend
X-Sn-Servicetimems
Location
X-LI-UUID
X-Li-Pop
NM-Fastcgi-Cache
X-Erf-Stays-Bingo-Pdp-Web
X-ID
CDN-RequestCountryCode
X-Hash
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
CDN-RequestId
CDN-Cache
X-Gamma-Serve
X-Loc
X-Cache-Debug
Origin
X-Ratelimit-Reset
Rt-Fastcgi-Cache
True-Client-Country-4JS
Vix-Hermes-Req-Id
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-VG-TLSProxy
Apple-News-Services-Handled
X-Cache-Expires
Apple-News-Services-Request-Url
X-Cache-Date
X-Servername
X-Slack-Backend
CDN-Uid
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
Fastly-Drupal-HTML
X-LB-ID
X-Aicache-OS
X-Core-Mission
X-Goog-Meta-Goog-Reserved-File-Mtime
X-CACHE-KEY
X-Mvc-Supplant-OutputCached
X-NCache
X-PF-Uncompressing
X-Nc
Sid
X-Request-Start
Esi-Enabled
X-Varnish-Url
X-Via-Poph
X-Refresh
X-Via-Popv
Who
X-Via-Popn
Url
X-CACHE-GROUP
X-Oracle-Dms-Rid
X-NC
Country-Code
X-Cache-Remote
X-Unique-ID
Pics-Label
X-Epic-Correlation-Id
X-FireWall-Protection
X-Varnish-Cacheable
X-Response-By
X-TraceId
S-Rt
Req-Svc-Chain
Xkeyi7
X-Proxy-Cachei7
X-Tb-Optimization-Total-Bytes-Saved
Geo-Info
X-BBXSRF
X-Planisys-CDN-TTL
Content-Secure-Policy
X-Error
N-Cache
X-Host-Name
X-Planisys-CDN-Rules
X-B3-Spanid
Source
X-Planisys-CDN-Cache
X-Webkit-Csp
X-Srv
X-RateLimit-Limit
X-Cache-2
Cmstype
Cmsid
Geoip-Latitude
GeoIp-Country-Code
Ohc-File-Size
X-Webkit-CSP-Report-Only
Cross-Origin-Window-Policy
Filterid
Server-Ttl
Svr
X-Served-From
X-Varnish-Authentication
HitType
Kp-EeAlive
D-Cc-Upstream
X-DC
X-Cc-Via
X-Contensis-Viewer-Groups
Cteonnt-Length
X-Cache-ASPX
X-Cc-Req-Id
X-HS-Status
X-Sucuri-Cache
Cache-Key
A
VivaBuild
X-Wa
Viewtype
X-Servedbyhost
X-LiteSpeed-Cache-Control
X-Svr
Tcn
X-CDN-Forward
X-URL
M-TraceId
MIME-Version
X-HostName
X-Vcl-Version
X-Server-IP
X-Origin-Time
X-Nyt-Route
X-Gdpr
X-Cache-Config
Arc-Country
X-API-Version
X-FPC
X-Li-Proto
X-Cs
X-Esi
Cross-Origin-Opener-Policy
NGB
TDXMobile
CACHE
SID
Server-ID
X-SN
X-Air-Source
X-RAMCache
Resin-Trace
X-VC
X-Vgn-Hpd-Reason
X-LI-Proto
X-HOST
X-NGINX-Cache
NtCoent-Length
X-Check-Cacheable
Server-Id
X-Vc
X-Viewer-Country
X-Webstats-RespID
Ohc-Cache-HIT
X-SB
X-VCL-Version
Request-ID
X-NodeID
X-UA
XServer
Hostname
X-Hcs-Proxy-Type
X-Internal-Host
X-ServedByHost
X-CCDN-Origin-Time
Cache-Provider
X-Newrelic-Synthetics
X-RPM
X-RPS
X-DW
X-DSS
X-RSL
X-CCDN-CacheTTL
X-DI
X-WA
X-DB
X-TIM-N
X-SD-PageType
X-NGENIX-Cache
X-TIME
X-SaId
X-JoinUs
X-PHP-Backend
Mime-Version
X-Render-Time
Srv
GeoIP-Latitude
GeoIP-Country-Code
X-Service
X-App
X-Edge-Location
X-Geo
FSS-Cache
X-BBC-Edge-Cache-Status
X-Action
DataCenter
X-Via-NSCOPI
X-Forwarded-Site
X-Provided-By
EpKe-Alive
ProcessTime
X-Ua
X-FTR-Cache-Host
CF-Cached-On
X-Fpc
X-CF-Powered-By
X-Oss-Cdn-Auth
X-Worker
Processtime
X-Auto-Login
X-Extlb
W
Upgrade-Insecure-Requests
X-Bc-Bl
X-Dynatrace-Js-Agent
X-Proxy-Upstream
X-VC-Cache
LB
X-Region-Sid
X-FORWARDED-FOR
We-Hiring
Memcached
Proxy-Connection
X-Depends-On
Datacenter
X-Cluster-Node
X-PJAX-URL
Mail-Subject
Surrogated-Key
X-Cdn-Request-ID
X-HITS
CDN
X-Accel-Expires-Debug
X-CSRF-TOKEN
X-MSEdge-Flight
X-MSEdge-Features
X-Date
X-BACKEND-TTL
X-Dw-Trace-Id
X-Fastly-Backend-Reqs
X-Ftr-Cache-Host
Cdn
X-RateLimit-Limit-Second
X-ZONE
X-Req
X-RateLimit-Remaining-Second
X-UnsetCookies
X-Parent-Response-Time
X-Swift-Error
X-CACHE-AGE
X-Client-Ip
X-Fastly-Request-Id
X-IN-APIGATEWAY
Time
X-Flog
X-Hello
X-ABtesting
Memory
X-Men
PICS-Label
X-BBC-Origin-Response-Status
X-IN-APIGATEWAYSSL
X-Cache-Tag
X-Rocket-Build-Number
X-Sigma-Backend
X-Sigma
Dnion-Transfer-Encoding
Env
X-APP
X-Akamai-Pragma-Client-IP
VNS-Cache
X-Acquia-Purge-Tags
X-Acquia-Site
VNS-Age
CPC-Age
CPC-Cache
Media-Length
X-Acquia-Application-UUID
OT-Force-Account-Verify
X-Acquia-Application-Trace
X-Pad
X-Pf-Uncompressing
X-Air-Trace-Id
X-Zone
Vha6-Origin
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-ND-Cache
X-LiteSpeed-Tag
X-Via-PopH
X-Via-PopV
X-Via-PopN
Epwk-X-Cache
Cf-Ipcountry
X-Varnish-URL
X-Request-URL
X-MiniProfiler-Ids
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Vcache
X-Csrf-Token
X-Snapshot-Date
X-Varnish-Beresp-TTL
X-Request-Url
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Lb-Id
Xet-Cookie
WZWS-RAY
X-ElasticPress-Search
X-Tx-Id
CountryCode
Fastcgi-Cache-TTL
X-Tid
Content-Style-Type
Content-Script-Type
X-Amz-Meta-Cb-Modifiedtime
X-Litespeed-Cache-Control
X-C
Environment
X-B3-Parentspanid
NnCoection
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Phost
X-Traceid
URI
Inserted-Into-Cache-At
X-Storefront-Renderer-Verified
Ohc-Response-Time
X-Redis-Count
X-Redis-Duration-Ms
X-ServerName