Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
P3p
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Device
X-CST
Allow
Xkey
X-Vhost
X-Backend-Server
X-Host
X-Server-Id
EagleEye-TraceId
Request-Id
X-Dispatcher
Surrogate-Control
X-Node
Content-Location
X-Response-Time
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Ac
X-Application-Context
X-Template
X-Country
X-Language
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
MS-Author-Via
X-Cloud-Trace-Context
X-B3-TraceId
Accept-Ch
Rating
X-Origin-Cache
Accept-Ch-Lifetime
X-Cnection
X-HW
X-MS-InvokeApp
X-Url
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-ORACLE-DMS-ECID
X-Trace
Pagespeed
Display
X-Middleton-Response
X-Sol
X-Content-Type
X-Middleton-Display
Response
X-D2id
X-FastCGI-Cache
X-Kinja
X-Use-Magma
X-Kinja-Revision
X-GoogleNews-Bot
X-Kinja-Build
X-Exp-Id
X-Kinja-Server
X-Exp-Variant
Arr-Disable-Session-Affinity
X-Cdn-Fetch
Verso
X-Vcap-Request-Id
X-ORACLE-DMS-RID
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-Varnish-TTL
X-Server-Name
X-Navigation-Version
Service-Worker-Allowed
X-VARITI-CCR
X-Abt-Application-Version
X-Powered-By-Plesk
X-Fastly-Request-ID
X-Amz-Rid
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Cache-TTL
X-Webkit-CSP
X-TTL
Fastly-Restarts
X-Release
X-MSEdge-Ref
X-SharePointHealthScore
SPRequestGuid
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Cached
SPIisLatency
SPRequestDuration
X-NF-Request-ID
X-Oneagent-Js-Injection
Public-Key-Pins
RTSS
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
AR-CACHE
AR-ATIME
AR-Request-ID
AR-PoweredBy
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-Edge
X-Powered-CMS
X-LLID
X-Ezoic-Cdn
X-Origin-Upstream-Status
X-Upstream
X-Litespeed-Cache
Cache-Tag
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Px
Content-MD5
X-HP-Webp
X-Jurisdiction
X-MCACHE
X-Version
X-Mid
X-ECACHE
S
X-Mg-S
Charset
X-Recruiting
X-Ttl
X-Content-Digest
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
X-Id
Cache-Tags
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Filters
Front-End-Https
TCN
X-Logged-In
X-Debug
X-Grace
X-Accel-Expires
Server-Node
Edge-Cache-Tag
X-DynaTrace
X-Forwarded-Proto
X-Pinterest-Direct
X-Forwarded-For
Server-Name
X-XRDS-LOCATION
TP-Cache
TP-L2-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Surrogate-Key
X-Yandex-Sdch-Disable
X-Request-Received
X-Varnish-Age
X-Request-Processing-Time
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Shield-Request-Id
X-Ser
X-Hits
X-Az
X-AppVersion
X-Activity-Id
X-Amz-Replication-Status
X-F-Cache
X-DIS-Request-ID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Kinja-Server-Push
X-Origin-Server
Accept-Charset
X-Geo-Country
X-Git-Hash
Cache
X-Respond-Thread
X-Cache-Key
X-Rid
Alternate-Protocol
X-Frontend
X-XRDS-Location
X-LB-Cache
X-FTR-Request-ID
X-Upgrade-Enabled
Host
Powered-By-ChinaCache
X-DataDome
Section-Io-Cache
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Mobile-URL
X-Seen-By
Paypal-Debug-Id
X-Cache-Age
MS-CV
X-Hostname
Cleartype
X-Time
X-AOL-HN
X-NWS-LOG-UUID
Healthy
X-VCache
X-Whom
X-Type
X-IPLB-Instance
ServerID
X-Content-Options
X-Varnish-Backend
X-Ruxit-Js-Agent
X-TT
X-App-Environment
X-Route-Name
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Is-Crawler
X-Server-ID
X-B-Cache
Payment
X-Page-Id
X-Jobs
X-WebKit-CSP-Report-Only
X-Cache-Action
X-Signature
Fastcgi-Useragent
X-Source
X-Debug-Info
X-Load-Cache
X-N
X-Daa-Tunnel
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Mobile
X-FB-Debug
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Via-JSL
X-RateLimit-Remaining
Refresh
Nel
Version
X-Cached-By
X-Akamai-Edgescape
X-Original-Request-Id
X-Response-Served-From
X-Rule
X-Wix-Request-Id
X-Accel-Buffering
X-Contextid
X-Cacheable-TTL
DC
Viewport
X-Proxy
Realpath
X-Framework
X-Drupal-Cache-Tags
Node
X-ProcessESI
X-RTag
X-RemovedCookies
X-Cache-Rule
X-Cache-Operation
Ms-Operation-Id
X-Cache-Time
Access-Control-Request-Headers
X-B
X-Real-IP
X-Zen-Fury
X-Instance
X-HTML-Minification-Powered-By
X-Region
X-Page-View
Referer-Policy
X-Distributor
Countrycode
VIX-Pulpo-Node
X-FW-Static
X-Cluster-Name
X-Drupal-Cache-Contexts
X-UUID
Eomportal-Instance
X-FW-Type
X-FW-Hash
X-FW-Serve
X-FW-Server
X-FW-Dynamic
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-Content-Powered-By
X-Cache-Expired-At
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-G
X-Cache-Hit
DynaTrace
X-IPS-LoggedIn
X-Environment-Context
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-L-Path
X-Tumblr-Pixel-1
GEO-INFO
Liferay-Portal
X-FireWall-Port
Server-Info
X-App-Server
X-Ratelimit-Limit
X-Pass-Why
X-User-Agent
Xserver
Ec-Rule-Version
Webserver
X-Varnish-Ttl
From-Origin
X-Tumblr-Pixel-2
X-Node-Name
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
CF-IPCountry
X-Protected-By
Section-Io-Origin-Time-Seconds
Protected
SRV
X-Www-Served-By
X-Cache-Server
X-Backend-Name
X-Ratelimit-Remaining
X-Mode
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
Frame-Options
X-ES-SERVER
X-Hl-Ver
X-Handled-By
X-Site-Version
Cache-Tv-Group
X-FB-TRIP-ID
X-Locale
X-PHP-Host
X-NYM-Debug-Backend
Cache-Status
X-Uri
X-Labrador-Cache-Channel
X-Web-Node
X-Be
X-Varnishpool
X-Hyper-Cache
X-Storage
X-Endurance-Cache-Level
X-Nginx-Cache
X-Soup
X-Proto
X-Proxy-Build
Webcakes-Region
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
Fastly-SSL
TWC-Locale-Group
X-MP-GENERATED-AT
Selected-Fe
X-Pubstack
TWC-Device-Class
Country
X-Origin-Date
TWC-GeoIP-LatLong
X-Origin-Hint
Cache-Name
X-Timing-Wait
X-Human
TWC-Connection-Speed
X-Revision
X-UA-Device-Type
Decoy-Debug-TTL
X-Redis-Cache
Decoy-Debug-Status
Decoy-Debug-Key
Property-Id
TWC-GeoIP-Country
Azure-Version
Azure-SlotName
Azure-RegionName
Azure-SiteName
Retry-After
X-Adobe-Loc
X-Adobe-Content
Azure-InstanceId
X-TNCMS
X-Access
X-Server-W
X-BYPASS-REASON
X-ProxyCache-Key
X-Sql-Duration-Ms
X-WA-Info
X-Sql-Count
X-Request-Time
X-ProxyCache-Status
X-Section
X-Amz-Meta-S3cmd-Attrs
X-Hosted-By
X-Loop
X-SayCDN-TTL
X-Format
X-FW-Version
X-Forwarded-Host
X-Cache-Grace
X-Say-TTL
X-Say-Cacheable
X-AIR-PT
X-S-Maxage
X-Via-Fastly
X-Cluster
X-No-Session
X-Status
X-TT-LOGID
X-PERF
X-OCL
X-PCL
X-ApacheServer
X-Debug-IsPreview
X-Debug-IsConnected
X-ShopId
Mn-Server-Ip
X-LAGOON
X-AWS-Id
X-ShardId
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-LJ-Flow-ID
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-VWS-Id
X-Device-Type
X-R9-Blue-Green-Version
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Tec-Api-Root
X-Tec-Api-Version
X-Cache-TTL-Remaining
X-Tec-Api-Origin
X-Is-Bot
X-Rendered-As
X-Varnish-Grace
X-Qloud-Router
X-Dc
Apigw-Requestid
X-Info
X-Varnish-Server
X-CCM
S-Cnection
X-Xfnlog-Site
X-FTR-Balancer
X-FTR-Cache-Status
X-Via-CDN
X-FTR-Backend-Server
X-FTR-Backend
Cache-Hits
X-FTR-DC
X-FTR-Realm
X-Country-Code-Real
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Cache-Enabled
X-SRV
X-Content-Age
X-Cdn
X-Detected-As
X-Cache-Host
X-GG-Cache-Date
X-Microcachable
X-Platform
X-EdgeConnect-Cache-Status
X-Amz-Apigw-Id
Uber-Trace-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Azure-Ref
X-Air-Hostname
X-CSRF-Token
X-Backend-Host
X-Correlation-ID
X-Proxy-Cache-Status
X-Aspnetmvc-Version
Tracecode
X-Unique-Id
Amp-Access-Control-Allow-Source-Origin
X-Cache-Var
X-Cache-Var-Map
SD-X-WS
X-DynaTrace-JS-Agent
X-Time-Microsecs
X-NWS-UUID-VERIFY
Akamai-GRN
X-ServerID
X-GEO
X-ATG-Version
X-Backend-TTL
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Object-Type
X-Tb
X-BCube-Filmed-By
X-Trace-Id
Backend
HostName
X-RCS-CacheZone
ServedBy
X-APP-VERSION
X-Varnish-Hostname
X-Cache-Backend
X-Cache-NGX
DSUID
X-Cache-PHP
X-App-Version
Rendered-Blocks
Path
MD5-Digest
Meta-Geo-Continent
Machine
Expiry
Instruction
Fastcgi-X-Cache-Version
SR-User-Adfree
Mobile-Detection-Method
Lfy
Release
BehaviorPad-Version
Odigeo-Trace-Id
DCR-Processing-Time-Ms
DCR-Decision-By
DB-Nickname
X-D
X-Request-UUID
X-Processor
X-Rewrite-Enabled
X-Rojux
X-S
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Matched-Rule
X-Origin-CC
X-Origin-TTL
X-Owner
X-S-Cookie
X-ScT
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Session-Fingerprint
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-Location
X-Level-Front-Cache
X-A-Dgt
X-A-Dcw
X-A-Wwc
X-Aed
X-Application
X-A-Dam
X-A-Ccd
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A
X-ARC
X-B-Cookie
X-From
X-Fetched-On
X-Generated-On
X-Generation-Time
X-GeoIP-City
X-External-Request-Id
X-Destination
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-Connection-Hash
T-Server
X-Device-Os
X-Magnolia-Registration
PB-RID
X-B3-SpanId
X-NewRelic-App-Data
PB-PID
X-Sucuri-ID
X-Akamai-Transformed
Arc-Version
X-Azure-Ref-OriginShield
X-Geo-Header
X-Bip
X-FC-Vary-Parameters
X-TA-CDN-Provider
X-Cache-Bucket
X-GeoIP
Gh-Request-Id
Fastly-Backend-Name
Cf-Device-Type
Host-ID
CacheControlHeader
Server-Host
Pagetype
UCS
X-Irp-Debug
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Reqid
X-Thanos
X-TrackingId
X-NAPM-TraceId
X-VServer
X-Tumblr-Pixel-3
X-OVcl-Cache
X-OVcl
X-Is-Gdpr
C-Via
X-HS-Content-Campaign-Id
X-JWT-State
X-Micro-Cache
X-Node-Id
X-Mvc-Supplant-Cachable
X-Has-Esi
X-Skip-Cache
X-Debug-Cache
AKAMAI
X-Varnish-Cache-Hits
X-Cdn-Forward
X-Origin-Expires
X-Fastly-Backend
Sever-Int
X-Esi-Check
Ssr
X-Wikidot-Static-Cache
X-Eu-Site
X-Varnish-CookieHashed-On
Server-Ext
X-Cache-Id
X-Var-Ttl
X-Generated-By
X-B3-Traceid
X-Variation
X-DPWN-IS-SECURE
X-Varnish-Beresp-Grace
Server-Hostname
X-Developers
X-CUA
X-Varnish-Remaining-TTL
X-DefElseHash
X-Csrf-Jwt
X-VarnishDD-TTL
X-CGP
X-Clientip
On-Server
X-DefHash
Wxu-Next-Region
X-Developer
Platform
X-Varnish-CookieINHashed-On
V-Age
X-Old-Content-Length
Wxu-Next-Hostname
Wxu-Next-Commit
X-Dispatcher-Server
X-Generated-In
X-Cache-Info
Adler-Geo
HA-Ipaddr
Is-Eu
X-Branch-Name
L5d-Success-Class
PFcat
Ha-Gx-Prefs
X-Cache-Tags
X-Policy
X-Origin
X-LI-UUID
X-Scheme
X-Li-Fabric
X-Li-Pop
X-IP
Location
NM-Fastcgi-Cache
X-Gzip
X-Swa-Ws
X-Backend-State
X-Wikidot-Backend
X-User
Cache-Host
X-Ms-Request-Id
X-Ms-Version
Locid
Magicmarker
X-HN
X-Nginx-Cache-Key
X-Request-Host
X-Origin-Response-Time
User-Cache-Control
X-TX-ID
X-CS
X-Cdn-Origin
CDCHOST
CDN-Cache
X-Gamma-Serve
X-Slack-Backend
X-SIPLIST1
X-Method
X-Request-URI
X-Sn-Servicetimems
X-Hash
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-EC-Lua
X-Varnish-Hits
Content-Disposition
X-Cms-Context
X-Core-Value
X-Fastly-Cache
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Adobe-Source
X-Block-Status
Rt-Fastcgi-Cache
Pramga
IsBot
Cf-Bgj
L
X-Rebelmouse-Surrogate-Control
X-Hnp-Log
X-Rebelmouse-Cache-Control
Web-Mar-Node
X-Gen-Mode
CDN-EdgeStorageId
CloudFront-Viewer-Country
Fastly-SIE
CDN-PullZone
CDN-RequestCountryCode
CDN-Uid
CDN-RequestId
Fastly-SWR
NGX
CDN-CachedAt
X-ID
X-Erf-Stays-Bingo-Pdp-Web
Apple-News-Services-Request-Url
X-Ratelimit-Reset
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Platform-Server
Apple-News-Services-Parsed-Url
X-NU-AKA-ACS-Version
Fastly-Drupal-HTML
Apple-News-Services-Host
X-Servername
X-WADP-Cache
X-Loc
Apple-News-Services-Handled
Sid
X-Cache-Date
Origin
X-Envoy-Decorator-Operation
X-GoCache-CacheStatus
X-Clara-WADP
X-Aicache-OS
X-Cache-Debug
X-LB-ID
X-Fmm-Version
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
X-Cache-Expires
X-PF-Uncompressing
X-Mvc-Supplant-OutputCached
X-NCache
X-CACHE-KEY
X-Core-Mission
X-VG-TLSProxy
X-Nc
X-Request-Start
Esi-Enabled
X-Varnish-Url
X-Refresh
Url
Who
X-Via-Poph
X-CACHE-GROUP
X-Via-Popn
X-Via-Popv
Country-Code
X-Oracle-Dms-Rid
X-Unique-ID
X-NC
X-Cache-Remote
X-Epic-Correlation-Id
X-FireWall-Protection
X-Response-By
Pics-Label
X-Varnish-Cacheable
S-Rt
X-TraceId
X-Srv
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Tb-Optimization-Total-Bytes-Saved
Req-Svc-Chain
X-Planisys-CDN-TTL
Xkeyi7
X-Proxy-Cachei7
Geo-Info
X-B3-Spanid
X-Error
N-Cache
Content-Secure-Policy
X-Webkit-Csp
Source
X-Host-Name
X-BBXSRF
Cmsid
GeoIp-Country-Code
Geoip-Latitude
Cmstype
X-Cache-2
Ohc-File-Size
X-Webkit-CSP-Report-Only
Cross-Origin-Window-Policy
Filterid
Cteonnt-Length
Server-Ttl
HitType
X-Served-From
X-DC
Svr
X-Cc-Via
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cache-ASPX
D-Cc-Upstream
X-HS-Status
Kp-EeAlive
X-Cc-Req-Id
X-Sucuri-Cache
X-RateLimit-Limit
Tcn
X-Svr
VivaBuild
Viewtype
A
Cache-Key
X-LiteSpeed-Cache-Control
X-Cs
X-URL
X-HostName
X-Servedbyhost
X-Server-IP
X-Vcl-Version
X-Wa
X-Li-Proto
M-TraceId
MIME-Version
X-CDN-Forward
X-Air-Source
X-Cache-Config
X-API-Version
TDXMobile
Cross-Origin-Opener-Policy
Arc-Country
X-Esi
X-Vgn-Hpd-Reason
X-Nyt-Route
X-FPC
X-Origin-Time
X-Gdpr
CACHE
Server-ID
Server-Id
Resin-Trace
X-VC
X-SN
NGB
X-LI-Proto
X-RAMCache
NtCoent-Length
X-HOST
SID
X-Check-Cacheable
Ohc-Cache-HIT
X-Vc
Request-ID
X-SB
X-Viewer-Country
X-Webstats-RespID
X-NodeID
X-UA
Hostname
X-Service
X-CCDN-CacheTTL
X-NGINX-Cache
X-Newrelic-Synthetics
Cache-Provider
X-TIM-N
X-SD-PageType
X-ServedByHost
X-WA
Mime-Version
X-DB
X-DI
X-CCDN-Origin-Time
X-Internal-Host
X-Hcs-Proxy-Type
X-DW
X-RSL
X-RPS
X-RPM
X-DSS
X-VCL-Version
X-SaId
X-TIME
DataCenter
X-JoinUs
X-PHP-Backend
X-Geo
X-App
GeoIP-Latitude
X-Render-Time
Srv
GeoIP-Country-Code
X-Edge-Location
XServer
X-Forwarded-Site
X-Via-NSCOPI
X-Action
X-BBC-Edge-Cache-Status
X-NGENIX-Cache
ProcessTime
X-Provided-By
FSS-Cache
EpKe-Alive
CF-Cached-On
X-FTR-Cache-Host
X-Ua
X-Extlb
X-CF-Powered-By
X-Worker
W
Upgrade-Insecure-Requests
X-Auto-Login
X-Oss-Cdn-Auth
X-Fpc
Processtime
X-Dynatrace-Js-Agent
X-Bc-Bl
X-Accel-Expires-Debug
X-Date
X-Req
X-Depends-On
X-Region-Sid
X-PJAX-URL
Proxy-Connection
Memcached
We-Hiring
X-Cluster-Node
LB
X-FORWARDED-FOR
X-VC-Cache
Surrogated-Key
Mail-Subject
X-Cdn-Request-ID
X-HITS
X-RateLimit-Limit-Second
X-ZONE
X-CSRF-TOKEN
Env
X-UnsetCookies
X-Parent-Response-Time
X-RateLimit-Remaining-Second
X-MSEdge-Features
Cdn
Datacenter
X-BACKEND-TTL
X-Ftr-Cache-Host
X-MSEdge-Flight
X-Proxy-Upstream
X-Dw-Trace-Id
X-Fastly-Backend-Reqs
CDN
X-Client-Ip
X-Swift-Error
X-CACHE-AGE
X-Men
Memory
X-APP
Time
X-Air-Trace-Id
X-ABtesting
X-Sigma
X-Rocket-Build-Number
X-Flog
X-Hello
X-Sigma-Backend
X-Cache-Tag
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
Dnion-Transfer-Encoding
X-Fastly-Request-Id
X-BBC-Origin-Response-Status
PICS-Label
X-Akamai-Pragma-Client-IP
X-Acquia-Application-UUID
CPC-Cache
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
CPC-Age
X-Pad
X-Oracle-DMS-ECID
X-Presslabs-Stats
VNS-Age
X-Zone
OT-Force-Account-Verify
Media-Length
Vha6-Origin
X-Pf-Uncompressing
VNS-Cache
X-Via-PopV
X-LiteSpeed-Tag
X-Via-PopH
X-ND-Cache
Epwk-X-Cache
X-Via-PopN
Cf-Ipcountry
X-Varnish-URL
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-Snapshot-Date
X-Vcache
X-ElasticPress-Search
WZWS-RAY
Xet-Cookie
X-Lb-Id
X-Request-URL
X-Csrf-Token
X-Request-Url
X-MiniProfiler-Ids
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-Varnish-Beresp-TTL
X-ElasticPress-Query
CountryCode
Content-Script-Type
X-Litespeed-Cache-Control
Content-Style-Type
X-Tid
X-Amz-Meta-Cb-Modifiedtime
Fastcgi-Cache-TTL
X-Tx-Id
X-C
X-Redis-Duration-Ms
X-Redis-Count
X-B3-Parentspanid
URI
NnCoection
X-Traceid
Phost
Environment
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-ServerName
Ohc-Response-Time
X-Storefront-Renderer-Verified
Inserted-Into-Cache-At