Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-Robots-Tag
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
Server-Timing
X-Cache-Group
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
P3p
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-Cache-Spec
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Device
Allow
X-CST
Xkey
X-Vhost
X-Backend-Server
X-Host
X-Server-Id
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
Accept-CH-Lifetime
X-Ac
X-ASPNET-VERSION
X-Application-Context
X-Template
X-Country
X-Language
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
MS-Author-Via
X-Cloud-Trace-Context
X-B3-TraceId
Accept-Ch
Rating
X-Origin-Cache
Accept-Ch-Lifetime
X-Cnection
X-HW
X-MS-InvokeApp
X-Url
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-ORACLE-DMS-ECID
X-Trace
X-Sol
X-Middleton-Response
Display
Pagespeed
X-Content-Type
X-Middleton-Display
Response
X-D2id
X-FastCGI-Cache
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Exp-Variant
X-Use-Magma
Arr-Disable-Session-Affinity
Verso
X-Vcap-Request-Id
X-ORACLE-DMS-RID
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-Varnish-TTL
X-Server-Name
X-Navigation-Version
Service-Worker-Allowed
X-VARITI-CCR
X-Abt-Application-Version
X-Powered-By-Plesk
X-Amz-Rid
X-Fastly-Request-ID
X-Client-IP
X-Cache-TTL
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Webkit-CSP
X-TTL
Fastly-Restarts
X-Release
X-MSEdge-Ref
X-SharePointHealthScore
SPRequestGuid
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Cached
SPRequestDuration
SPIisLatency
X-NF-Request-ID
X-Oneagent-Js-Injection
Public-Key-Pins
RTSS
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
Access-Control-Request-Method
X-SRCache-Fetch-Status
AR-PoweredBy
AR-Request-ID
Ar-Sid
AR-CACHE
AR-ATIME
X-SRCache-Store-Status
X-Edge
X-LLID
X-Powered-CMS
X-Origin-Upstream-Status
X-Ezoic-Cdn
X-Upstream
Content-MD5
Cache-Tag
X-Litespeed-Cache
X-Px
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
X-Jurisdiction
X-HP-Webp
X-Mid
X-ECACHE
S
X-Version
X-MCACHE
X-Mg-S
X-Recruiting
X-Ttl
Charset
X-Content-Digest
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
X-Id
MicrosoftSharePointTeamServices
Cache-Tags
Filters
X-Content-Security-Policy-Report-Only
Front-End-Https
TCN
X-Debug
X-Logged-In
X-Grace
X-Accel-Expires
Edge-Cache-Tag
Server-Node
X-Forwarded-Proto
X-DynaTrace
X-Pinterest-Direct
X-Forwarded-For
Server-Name
X-XRDS-LOCATION
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Correlation-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
X-Request-Processing-Time
X-Request-Received
X-Varnish-Age
X-Yandex-Sdch-Disable
X-B3-Sampled
X-Shield-Request-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-Hits
X-Az
X-AppVersion
X-Activity-Id
X-Amz-Replication-Status
X-F-Cache
X-DIS-Request-ID
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
X-Kinja-Server-Push
X-Origin-Server
Accept-Charset
X-Geo-Country
X-Git-Hash
X-Cache-Key
Cache
X-Respond-Thread
Alternate-Protocol
X-Rid
X-Frontend
X-XRDS-Location
X-LB-Cache
X-FTR-Request-ID
Section-Io-Cache
Host
X-Upgrade-Enabled
X-DataDome
Powered-By-ChinaCache
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Mobile-URL
X-Cache-Age
X-Seen-By
MS-CV
Paypal-Debug-Id
X-Time
Cleartype
X-NWS-LOG-UUID
Healthy
X-Hostname
X-VCache
X-AOL-HN
ServerID
X-Ruxit-Js-Agent
X-Varnish-Backend
X-IPLB-Instance
X-Type
X-TT
X-Whom
X-Content-Options
X-App-Environment
X-Route-Name
X-Aspnet-Duration-Ms
X-Server-ID
X-Is-Crawler
Payment
X-Providence-Cookie
X-Flags
X-Request-Guid
X-Page-Id
X-Jobs
X-Cache-Action
X-WebKit-CSP-Report-Only
X-B-Cache
X-Signature
Fastcgi-Useragent
X-Source
X-Debug-Info
X-Load-Cache
X-N
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Mobile
X-FB-Debug
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
X-RateLimit-Remaining
Refresh
Nel
Version
X-Akamai-Edgescape
X-Cached-By
X-Contextid
X-Response-Served-From
Realpath
X-Accel-Buffering
X-Wix-Request-Id
X-Rule
X-Original-Request-Id
X-Proxy
Viewport
X-Framework
X-Cacheable-TTL
DC
X-Drupal-Cache-Tags
Node
X-Cache-Operation
X-RemovedCookies
X-RTag
X-Zen-Fury
Ms-Operation-Id
X-Cache-Rule
X-ProcessESI
X-Instance
X-B
X-Real-IP
Access-Control-Request-Headers
X-Cache-Time
X-HTML-Minification-Powered-By
X-Region
X-Distributor
Eomportal-Instance
Referer-Policy
X-Drupal-Cache-Contexts
X-UUID
X-Page-View
Countrycode
X-FW-Static
X-Cache-Expired-At
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cluster-Name
X-FW-Type
X-FW-Serve
VIX-Pulpo-Upstream-Status
X-FW-Dynamic
X-FW-Hash
VIX-Pulpo-Node
X-FW-Server
X-Yottaa-Optimizations
X-Content-Powered-By
X-Yottaa-Metrics
X-Cache-Control
X-G
X-IPS-LoggedIn
X-Cache-Hit
DynaTrace
X-Tumblr-User
X-Tumblr-Pixel-0
Liferay-Portal
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Environment-Context
X-L-Path
GEO-INFO
X-Ratelimit-Limit
X-FireWall-Port
Server-Info
X-App-Server
X-Pass-Why
X-User-Agent
Xserver
Ec-Rule-Version
Webserver
From-Origin
X-Varnish-Ttl
X-Tumblr-Pixel-2
Section-Io-Origin-Time-Seconds
X-Node-Name
Section-Origin-Responded
X-Protected-By
Section-Io-Origin-Status
Section-Io-Id
CF-IPCountry
Protected
SRV
X-Www-Served-By
X-Cache-Server
X-Ratelimit-Remaining
X-Backend-Name
X-UPSTREAM-Address
Meta-Geo
X-Mode
X-Hl-Ver
X-ES-SERVER
X-RN-RSRV
Frame-Options
X-Handled-By
Cache-Tv-Group
X-Locale
X-FB-TRIP-ID
X-Site-Version
X-Endurance-Cache-Level
X-Uri
X-Storage
Cache-Status
X-Labrador-Cache-Channel
X-Soup
X-Web-Node
X-Be
X-PHP-Host
X-NYM-Debug-Backend
X-Nginx-Cache
X-Varnishpool
X-Hyper-Cache
Property-Id
Selected-Fe
Country
Decoy-Debug-TTL
Decoy-Debug-Key
TWC-Connection-Speed
Decoy-Debug-Status
Fastly-SSL
TWC-Locale-Group
Webcakes-App-Version
Webcakes-Region
X-MP-GENERATED-AT
Webcakes-App-Name
TWC-Privacy
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
X-Timing-Wait
X-Adobe-Content
X-Adobe-Loc
X-UA-Device-Type
X-Human
Cache-Name
X-Revision
X-Proxy-Build
X-Proto
X-Pubstack
X-Origin-Hint
X-Redis-Cache
X-Origin-Date
X-ProxyCache-Key
X-ProxyCache-Status
X-No-Session
X-OCL
X-PCL
X-Sql-Count
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
Azure-InstanceId
X-Via-Fastly
Retry-After
X-WA-Info
X-Sql-Duration-Ms
X-Request-Time
X-Debug-IsPreview
X-Cache-Grace
X-Section
X-Server-W
X-S-Maxage
X-SayCDN-TTL
X-Hosted-By
X-Format
X-FW-Version
X-Say-Cacheable
X-Say-TTL
X-TNCMS
X-Loop
X-Amz-Meta-S3cmd-Attrs
X-BYPASS-REASON
X-Debug-IsConnected
X-Forwarded-Host
X-AIR-PT
X-Access
X-Status
X-LJ-Flow-ID
X-LAGOON
X-Cluster
X-TT-LOGID
X-PERF
X-VWS-Id
X-R9-Blue-Green-Version
X-AWS-Id
X-ApacheServer
X-Device-Type
X-ShardId
Mn-Server-Ip
X-Alternate-Cache-Key
X-ShopId
X-Cache-TTL-Remaining
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Tec-Api-Version
X-Routing-Service
X-Proxied
X-Tec-Api-Root
X-Zipkin-Id
X-Tec-Api-Origin
X-CCM
X-Is-Bot
X-Rendered-As
X-Xfnlog-Site
X-Varnish-Grace
X-Dc
Apigw-Requestid
X-Qloud-Router
S-Cnection
X-Varnish-Server
X-Info
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
Cache-Hits
X-FTR-Balancer
X-Via-CDN
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
AMP-Access-Control-Allow-Source-Origin
X-FTR-Expires
X-Cache-Enabled
X-Cdn
X-Detected-As
X-Content-Age
X-SRV
X-Microcachable
X-GG-Cache-Date
X-Platform
X-Cache-Host
X-EdgeConnect-Cache-Status
Uber-Trace-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Azure-Ref
X-CSRF-Token
X-Air-Hostname
X-Proxy-Cache-Status
X-Backend-Host
X-Aspnetmvc-Version
Amp-Access-Control-Allow-Source-Origin
Tracecode
X-Unique-Id
X-Correlation-ID
SD-X-WS
X-Cache-Var
X-Cache-Var-Map
X-DynaTrace-JS-Agent
X-Time-Microsecs
X-NWS-UUID-VERIFY
Akamai-GRN
X-Backend-TTL
X-GEO
X-ServerID
X-ATG-Version
X-Oss-Server-Time
X-Oss-Storage-Class
X-Trace-Id
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Tb
X-RCS-CacheZone
HostName
Backend
ServedBy
X-BCube-Filmed-By
X-Varnish-Hostname
X-APP-VERSION
X-Cache-PHP
X-Cache-NGX
X-Cache-Backend
DSUID
X-Debug-Cache
X-Akamai-Transformed
X-App-Version
Fastcgi-X-Cache-Version
X-Origin-CC
X-Origin-TTL
X-Connection-Hash
X-Vtex-Remote-Cache
Thinkindot-Control
X-Vtex-Processado-Em
Thinkindot-CacheControl
T-Server
X-CF-Lambda-Version
X-Generation-Time
DB-Nickname
Thinkindot-CacheControl-Type
X-Device-Os
X-Destination
X-External-Request-Id
X-Generated-On
X-GeoIP-City
X-From
X-Fetched-On
BehaviorPad-Version
X-CF-Lambda-Fn
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
X-Matched-Rule
X-Location
X-Level-Front-Cache
Xc-Version
X-D
X-Magnolia-Registration
X-Cache-NE
X-Trv-Group
X-VG-WebServer
X-Application
X-Aed
Path
X-Thinkindot-L3
Mobile-Detection-Method
X-SRCache-Key
Odigeo-Trace-Id
X-ARC
X-A-Wwc
X-A-Dgt
X-A
X-Vdms-Path
SR-User-Adfree
X-Vdms-Version
X-A-Ccd
X-A-Dam
X-A-Dcw
Release
Rendered-Blocks
X-VG-WebCache
X-Session-Fingerprint
X-B-Cookie
Instruction
X-Rojux
X-S
Machine
Meta-Geo-Continent
X-Rewrite-Enabled
Lfy
X-Processor
X-Request-UUID
X-PBS-Appsvrname
X-S-Cookie
X-ScT
MD5-Digest
X-Owner
X-PAYTM-SRV-ID
PB-PID
Arc-Version
X-B3-SpanId
X-NewRelic-App-Data
PB-RID
X-Sucuri-ID
Server-Host
Gh-Request-Id
UCS
Fastly-Backend-Name
X-Bip
CacheControlHeader
Cf-Device-Type
Host-ID
X-Azure-Ref-OriginShield
C-Via
X-Cache-Bucket
AKAMAI
Pagetype
X-FC-Vary-Parameters
X-Node-Id
X-OVcl
X-Geo-Header
X-NAPM-TraceId
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Is-Gdpr
X-JWT-State
X-Reqid
X-TA-CDN-Provider
X-TrackingId
X-Tumblr-Pixel-3
X-VServer
X-Thanos
X-SVT-ORM-VERSION
X-Skip-Cache
X-SVT-ORM-RULES
X-Irp-Debug
X-OVcl-Cache
X-Ms-Request-Id
X-Has-Esi
X-GeoIP
X-HS-Content-Campaign-Id
X-Ms-Version
X-Varnish-Cache-Hits
X-Cdn-Forward
X-Developers
X-User
X-Var-Ttl
X-Variation
X-Adobe-Source
X-Generated-By
X-Swa-Ws
X-Backend-State
X-Cms-Context
X-HN
X-Varnish-Beresp-Grace
X-Gzip
X-Varnish-CookieINHashed-On
X-Generated-In
V-Age
X-Wikidot-Backend
X-Wikidot-Static-Cache
Content-Disposition
Wxu-Next-Commit
Wxu-Next-Hostname
X-Varnish-Remaining-TTL
X-Fastly-Backend
X-VarnishDD-TTL
On-Server
Wxu-Next-Region
X-Varnish-CookieHashed-On
X-Core-Value
X-Old-Content-Length
NGX
X-Origin
X-Clientip
X-Origin-Expires
X-CGP
X-Nginx-Cache-Key
X-Csrf-Jwt
X-LI-UUID
X-Li-Pop
X-CUA
X-IP
X-Dispatcher-Server
X-Origin-Response-Time
X-DPWN-IS-SECURE
X-Branch-Name
X-Request-Host
X-Developer
X-Fastly-Cache
X-Scheme
X-Eu-Site
X-Cache-Id
X-Policy
X-Li-Fabric
X-Cache-Tags
X-DefHash
X-Cache-Info
X-DefElseHash
X-Esi-Check
X-B3-Traceid
Magicmarker
Cache-Host
HA-Ipaddr
Platform
PFcat
Is-Eu
Server-Ext
Server-Hostname
NM-Fastcgi-Cache
Locid
Adler-Geo
Location
Ha-Gx-Prefs
L5d-Success-Class
Sever-Int
Ssr
X-TX-ID
X-CS
User-Cache-Control
CDN-CachedAt
CDN-Cache
CDCHOST
X-Slack-Backend
X-Request-URI
X-Method
X-Hash
X-Gamma-Serve
X-SIPLIST1
X-Sn-Servicetimems
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-EC-Lua
X-Varnish-Hits
True-Client-Country-4JS
X-NU-AKA-ACS-Version
X-Hnp-Log
X-GoCache-CacheStatus
X-Gen-Mode
X-Platform-Server
X-Ratelimit-Reset
X-WADP-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Fmm-Version
X-Envoy-Decorator-Operation
CloudFront-Viewer-Country
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
Fastly-SIE
Fastly-SWR
X-Clara-WADP
X-Block-Status
Web-Mar-Node
CDN-EdgeStorageId
CDN-Uid
Cf-Bgj
Pramga
Vix-Hermes-Req-Id
X-Cdn-Origin
Rt-Fastcgi-Cache
IsBot
L
X-ID
X-Erf-Stays-Bingo-Pdp-Web
X-Servername
Apple-News-Services-Host
X-VG-TLSProxy
X-Loc
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Sid
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-Cache-Debug
Apple-News-Services-Handled
Origin
X-Cache-Expires
X-Cache-Date
X-LB-ID
X-CLOUD-TRACE-CONTEXT
X-Dynatrace
X-CACHE-KEY
X-Core-Mission
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-NCache
X-PF-Uncompressing
X-Nc
Esi-Enabled
X-Varnish-Url
X-Request-Start
Who
X-CACHE-GROUP
Url
X-Via-Poph
X-Refresh
X-Via-Popn
X-Via-Popv
X-Oracle-Dms-Rid
Country-Code
Pics-Label
X-NC
X-Cache-Remote
X-Unique-ID
X-Varnish-Cacheable
X-FireWall-Protection
X-Epic-Correlation-Id
X-Response-By
S-Rt
X-TraceId
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Req-Svc-Chain
X-Proxy-Cachei7
Xkeyi7
X-Planisys-CDN-TTL
Geo-Info
X-BBXSRF
Source
X-Host-Name
Content-Secure-Policy
N-Cache
X-Error
X-Webkit-Csp
X-B3-Spanid
Geoip-Latitude
GeoIp-Country-Code
X-Cache-2
Cmstype
Cmsid
Cross-Origin-Window-Policy
Ohc-File-Size
X-Webkit-CSP-Report-Only
Filterid
D-Cc-Upstream
X-Varnish-Authentication
X-DC
X-Cc-Req-Id
X-Cc-Via
HitType
X-Served-From
Cteonnt-Length
Kp-EeAlive
X-HS-Status
Server-Ttl
Svr
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-RateLimit-Limit
X-Sucuri-Cache
A
Cache-Key
X-LiteSpeed-Cache-Control
Viewtype
Tcn
X-Servedbyhost
X-CDN-Forward
X-Svr
X-Wa
VivaBuild
X-Cs
X-URL
X-Li-Proto
X-HostName
X-Vcl-Version
MIME-Version
X-Server-IP
M-TraceId
X-API-Version
TDXMobile
Cross-Origin-Opener-Policy
X-Origin-Time
X-Air-Source
X-Nyt-Route
X-Esi
Arc-Country
X-Cache-Config
X-FPC
NGB
X-Vgn-Hpd-Reason
X-Gdpr
CACHE
Server-ID
Server-Id
X-RAMCache
X-LI-Proto
Resin-Trace
X-SN
X-VC
NtCoent-Length
X-HOST
X-VCL-Version
X-Viewer-Country
X-NodeID
X-SB
X-Vc
Ohc-Cache-HIT
X-Webstats-RespID
Request-ID
X-Check-Cacheable
SID
Hostname
X-UA
X-Internal-Host
X-ServedByHost
X-WA
Cache-Provider
X-Newrelic-Synthetics
X-SD-PageType
X-DI
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-NGINX-Cache
X-TIM-N
X-Service
Mime-Version
X-DB
X-RSL
X-DSS
X-RPM
X-DW
X-RPS
X-PHP-Backend
X-JoinUs
DataCenter
X-SaId
X-NGENIX-Cache
X-TIME
Srv
X-Render-Time
GeoIP-Country-Code
X-Geo
X-Edge-Location
X-App
GeoIP-Latitude
XServer
X-Provided-By
X-BBC-Edge-Cache-Status
X-Forwarded-Site
ProcessTime
X-Action
X-Via-NSCOPI
FSS-Cache
EpKe-Alive
CF-Cached-On
X-Ua
X-FTR-Cache-Host
X-Extlb
X-CF-Powered-By
X-Oss-Cdn-Auth
X-Auto-Login
X-Fpc
Upgrade-Insecure-Requests
Processtime
W
X-Worker
X-Bc-Bl
X-Dynatrace-Js-Agent
X-VC-Cache
X-Req
Proxy-Connection
X-Cluster-Node
X-Region-Sid
X-FORWARDED-FOR
X-Proxy-Upstream
LB
Mail-Subject
Memcached
We-Hiring
X-Accel-Expires-Debug
X-PJAX-URL
Surrogated-Key
X-Depends-On
X-Date
X-HITS
X-Cdn-Request-ID
X-RateLimit-Limit-Second
Datacenter
X-RateLimit-Remaining-Second
X-UnsetCookies
X-Parent-Response-Time
X-Ftr-Cache-Host
X-BACKEND-TTL
X-MSEdge-Features
X-MSEdge-Flight
Cdn
CDN
X-Dw-Trace-Id
Env
X-ZONE
X-CSRF-TOKEN
X-Fastly-Backend-Reqs
X-CACHE-AGE
X-Client-Ip
X-Swift-Error
Memory
X-Air-Trace-Id
X-Sigma
Time
X-Men
X-IN-APIGATEWAY
X-ABtesting
X-Flog
X-Hello
X-APP
Dnion-Transfer-Encoding
PICS-Label
X-Cache-Tag
X-BBC-Origin-Response-Status
X-Sigma-Backend
X-Rocket-Build-Number
X-IN-APIGATEWAYSSL
X-Fastly-Request-Id
X-Akamai-Pragma-Client-IP
X-Presslabs-Stats
X-Via-PopN
VNS-Cache
CPC-Cache
X-Pad
Media-Length
CPC-Age
X-Via-PopH
VNS-Age
X-Via-PopV
X-Oracle-DMS-ECID
X-Pf-Uncompressing
Vha6-Origin
X-Zone
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-UUID
OT-Force-Account-Verify
X-Acquia-Application-Trace
Epwk-X-Cache
X-LiteSpeed-Tag
X-ND-Cache
Cf-Ipcountry
X-Akamai-ERPolicy
X-ElasticPress-Query
X-MiniProfiler-Ids
X-Varnish-URL
X-Vcache
X-Varnish-Beresp-TTL
X-Request-URL
X-Request-Url
WZWS-RAY
Xet-Cookie
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-Snapshot-Date
X-ElasticPress-Search
X-Lb-Id
X-Akamai-ERRuleID
X-Csrf-Token
CountryCode
X-Tx-Id
X-Redis-Count
X-Debug-Cache-Fetch
Environment
X-Amz-Meta-Cb-Modifiedtime
Fastcgi-Cache-TTL
Content-Style-Type
URI
Content-Script-Type
X-Redis-Duration-Ms
X-Litespeed-Cache-Control
X-Tid
Ohc-Response-Time
X-C
X-B3-Parentspanid
X-ServerName
X-Storefront-Renderer-Verified
Inserted-Into-Cache-At
NnCoection
X-Traceid
X-Debug-Cache-Store
Phost