Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
X-XSS-Protection
Cf-Request-Id
CF-Cache-Status
Last-Modified
CF-RAY
Accept-Ranges
Link
Pragma
Expect-CT
ETag
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
CF-Ray
X-AspNetMvc-Version
X-Xss-Protection
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Turbo-Charged-By
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-UA-Device
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Varnish-Cache
X-Rq
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Swift-SaveTime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-Cache-Spec
X-WebKit-CSP
Allow
X-Backend-Server
X-Host
X-Vhost
X-CST
X-Device
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
Accept-CH
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Kinja-Server-Push
X-Template
X-Language
X-Ac
X-Application-Context
X-Country
X-Readtime
X-Cache-Lookup
X-Mod-Pagespeed
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Accept-Ch
Rating
X-Cnection
X-MS-InvokeApp
X-Url
Accept-Ch-Lifetime
X-HW
X-ORACLE-DMS-ECID
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
X-ESI
Edge-Control
X-GitHub-Request-Id
X-Trace
Pagespeed
Response
X-Middleton-Display
X-Sol
Display
X-Middleton-Response
X-Content-Type
X-FastCGI-Cache
X-D2id
X-Vcap-Request-Id
Verso
X-Exp-Variant
X-Exp-Id
Arr-Disable-Session-Affinity
X-GoogleNews-Bot
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Buckets
X-Goog-Hash
X-Rack-Cache
X-Server-Name
X-Varnish-TTL
X-Country-Code
Service-Worker-Allowed
X-Oneagent-Js-Injection
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
Pinterest-Generated-By
X-ORACLE-DMS-RID
X-Pinterest-Rid
Pinterest-Version
X-Client-IP
X-Powered-By-Plesk
X-Cache-TTL
SPRequestGuid
X-SharePointHealthScore
X-Release
SPRequestDuration
SPIisLatency
X-Fastly-Request-ID
X-MSEdge-Ref
X-TTL
X-Dw-Request-Base-Id
X-Element-Page-Cache
Fastly-Restarts
X-NF-Request-ID
X-Cached
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Public-Key-Pins
X-Webkit-CSP
RTSS
X-Origin-Upstream-Status
X-Edge
Ar-Sid
AR-Request-ID
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Px
Access-Control-Request-Method
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-LLID
Fusion-Content-Id
X-Powered-CMS
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Source
Fusion-Template-Id
X-Ezoic-Cdn
X-Upstream
Content-MD5
X-Jurisdiction
X-HP-Webp
X-Pinterest-Direct
X-Ttl
X-ECACHE
X-Amz-Server-Side-Encryption
X-Mid
X-MCACHE
Charset
X-Recruiting
X-Content-Digest
S
X-Aspnetmvc-Version
X-Mg-S
Cache-Tag
X-PressLabs-Stats
X-Version
MicrosoftSharePointTeamServices
X-Debug
Fastcgi-Cache
Front-End-Https
TCN
X-Content-Security-Policy-Report-Only
X-T
X-Grace
X-Id
Filters
X-Kinsta-Cache
Cache-Tags
Edge-Cache-Tag
Server-Node
X-Forwarded-Proto
X-XRDS-Location
X-Accel-Expires
X-Yandex-Sdch-Disable
X-Amzn-Trace-Id
X-Logged-In
X-Correlation-Id
Server-Name
X-Forwarded-For
Nginx-Cache
Surrogate-Key
X-Kong-Upstream-Latency
X-Varnish-Age
X-Kong-Proxy-Latency
X-Cache-Key
Powered-By-ChinaCache
X-B3-Sampled
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Handler-Origin-Region
X-Server-ID
X-Request-Processing-Time
X-Ser
X-Microsite
X-Hits
X-DynaTrace
X-DIS-Request-ID
X-Activity-Id
X-Az
X-Shield-Request-Id
X-AppVersion
X-Amz-Replication-Status
X-HS-Cache-Config
X-F-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-Litespeed-Cache
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Accept-Charset
X-Goog-Stored-Content-Length
X-Goog-Generation
X-FTR-Request-ID
X-Origin-Server
X-Git-Hash
X-Respond-Thread
X-Geo-Country
X-DataDome
X-LB-Cache
X-Upgrade-Enabled
X-Hostname
Section-Io-Cache
X-Rid
X-Frontend
Cache
X-Cache-Age
X-Ruxit-Js-Agent
Access-Control-Allow-Method
Alternate-Protocol
X-Mobile-URL
Host
Cleartype
X-Type
Paypal-Debug-Id
Healthy
X-XRDS-LOCATION
MS-CV
X-IPLB-Instance
ServerID
X-Content-Options
X-AOL-HN
Payment
X-App-Environment
X-Varnish-Backend
X-WebKit-CSP-Report-Only
X-Whom
X-Cache-Action
X-Debug-Info
X-B-Cache
X-Aspnet-Duration-Ms
X-Seen-By
X-Flags
X-Is-Crawler
X-Signature
X-TT
X-VCache
X-Route-Name
X-Request-Guid
X-Providence-Cookie
Fastcgi-Useragent
X-Page-Id
X-Jobs
X-TEC-API-VERSION
X-Fastcgi-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Mobile
X-Source
X-N
X-NWS-LOG-UUID
X-Time
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Load-Cache
X-Cached-By
X-RateLimit-Remaining
X-Via-JSL
Nel
X-Akamai-Edgescape
X-FB-Debug
Version
X-Daa-Tunnel
X-Cache-Operation
X-Cache-Rule
Viewport
DynaTrace
X-Rule
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
Refresh
X-Proxy
X-Framework
DC
X-Drupal-Cache-Tags
X-Zen-Fury
X-Instance
X-RemovedCookies
X-RTag
X-ProcessESI
X-Cacheable-TTL
Ms-Operation-Id
X-Tt-Trace-Tag
Access-Control-Request-Headers
X-Real-IP
X-Tt-Trace-Host
X-Region
Referer-Policy
Realpath
X-UUID
X-HTML-Minification-Powered-By
X-Contextid
X-Cache-Time
X-FW-Dynamic
X-FW-Hash
X-Wix-Request-Id
X-Yottaa-Optimizations
X-FW-Serve
X-Drupal-Cache-Contexts
X-Distributor
X-Yottaa-Metrics
X-Page-View
X-FW-Type
X-FW-Static
X-FW-Server
Countrycode
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
Eomportal-Instance
X-L-Path
X-Cache-Expired-At
X-Environment-Context
X-B
Node
GEO-INFO
X-Node-Name
X-Cluster-Name
Liferay-Portal
X-Tumblr-Pixel
X-G
X-Tumblr-User
X-Cache-Control
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-User-Agent
X-Amz-Meta-S3cmd-Attrs
Server-Info
X-Tumblr-Pixel-2
Webserver
SRV
X-Ratelimit-Limit
From-Origin
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-App-Server
X-Pass-Why
Protected
Ec-Rule-Version
X-Oracle-Dms-Rid
X-Protected-By
X-Revision
X-FireWall-Port
Cache-Status
X-Backend-Name
X-Cache-Server
Frame-Options
CF-IPCountry
Meta-Geo
X-Hyper-Cache
X-Mode
X-ES-SERVER
X-Endurance-Cache-Level
X-Hl-Ver
X-Handled-By
X-UPSTREAM-Address
X-RN-RSRV
X-Locale
X-Www-Served-By
X-Soup
X-NYM-Debug-Backend
X-Storage
X-Site-Version
X-Varnish-Ttl
X-Forwarded-Host
Retry-After
X-FB-TRIP-ID
Webcakes-App-Version
X-Access
TWC-GeoIP-LatLong
X-Pubstack
Property-Id
X-Human
X-Origin-Hint
TWC-Privacy
TWC-Connection-Speed
Fastly-SSL
TWC-Locale-Group
TWC-Device-Class
X-Format
Decoy-Debug-TTL
Country
Decoy-Debug-Key
X-Varnishpool
Decoy-Debug-Status
X-Cache-Grace
X-Web-Node
X-Be
Cache-Tv-Group
TWC-GeoIP-Country
Webcakes-Region
X-Section
Webcakes-App-Name
X-Adobe-Content
X-Adobe-Loc
X-PHP-Host
X-PERF
Selected-Fe
X-Proto
X-Proxy-Build
X-Uri
X-ProxyCache-Status
X-ProxyCache-Key
X-Origin-Date
X-Labrador-Cache-Channel
Azure-Version
X-BYPASS-REASON
Cache-Name
X-ApacheServer
Azure-SlotName
Azure-SiteName
X-FW-Version
Azure-InstanceId
Azure-RegionName
X-OCL
X-PCL
X-Say-TTL
X-SayCDN-TTL
X-UA-Device-Type
X-TT-LOGID
X-Via-CDN
X-Say-Cacheable
X-Timing-Wait
X-Redis-Cache
X-AIR-PT
X-No-Session
X-LAGOON
X-Sql-Duration-Ms
X-Sql-Count
X-Via-Fastly
X-WA-Info
X-Server-W
X-S-Maxage
S-Cnection
X-FTR-DC
X-FTR-Cache-Status
X-Status
X-FTR-Balancer
X-Loop
X-Qloud-Router
X-Ratelimit-Remaining
X-Request-Time
X-AWS-Id
X-FTR-Backend
X-FTR-Realm
X-TNCMS
X-LJ-Flow-ID
X-Hosted-By
X-VWS-Id
X-Country-Code-Real
Xserver
Mn-Server-Ip
X-R9-Blue-Green-Version
X-FTR-Backend-Server
X-Cluster
X-MP-GENERATED-AT
X-Cache-TTL-Remaining
X-ShopId
X-ShardId
X-Shopify-Stage
X-Xfnlog-Site
X-Proxied
X-Routing-Service
X-Dynatrace
X-Zipkin-Id
X-CCM
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
Cache-Hits
X-Sorting-Hat-ShopId
X-FTR-Expires
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Is-Bot
X-Cache-Var
X-Cache-Var-Map
X-Rendered-As
AMP-Access-Control-Allow-Source-Origin
X-Air-Hostname
X-Webkit-Csp
X-Dc
X-Cdn
X-Device-Type
X-Detected-As
X-SRV
X-Cache-Host
Apigw-Requestid
X-EdgeConnect-Cache-Status
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Info
X-Nginx-Cache
X-Microcachable
X-Unique-Id
SD-X-WS
X-Debug-IsConnected
X-Debug-IsPreview
X-Cache-Enabled
X-Content-Age
X-Platform
Tracecode
X-Varnish-Server
X-Time-Microsecs
X-Cache-Backend
X-Backend-TTL
X-Varnish-Grace
X-ServerID
X-DynaTrace-JS-Agent
X-GEO
X-Azure-Ref
X-Erf-Stays-Bingo-Pdp-Web
X-GG-Cache-Date
Amp-Access-Control-Allow-Source-Origin
X-Backend-Host
Uber-Trace-Id
X-APP-VERSION
DSUID
Akamai-GRN
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-Tb
X-Oss-Server-Time
X-BCube-Filmed-By
X-NewRelic-App-Data
X-Proxy-Cache-Status
X-Correlation-ID
X-Sucuri-ID
PB-RID
X-CSRF-Token
Arc-Version
Backend
X-ATG-Version
PB-PID
X-Akamai-Transformed
X-Magnolia-Registration
X-Trace-Id
Machine
X-RCS-CacheZone
Instruction
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
ServedBy
Lfy
BehaviorPad-Version
X-Varnish-Cache-Hits
X-A-Ccd
X-PAYTM-SRV-ID
X-Origin-TTL
X-PBS-Appsvrname
X-Processor
X-Rewrite-Enabled
X-Request-UUID
X-Origin-CC
X-Matched-Rule
X-Generation-Time
X-Generated-On
X-GeoIP-City
X-Level-Front-Cache
X-Location
X-Rojux
X-S
X-VG-WebCache
X-Vdms-Version
X-VG-WebServer
X-Vtex-Processado-Em
Xc-Version
X-Vtex-Remote-Cache
X-Vdms-Path
X-Trv-Group
X-ScT
X-S-Cookie
X-Session-Fingerprint
X-SRCache-Key
X-Thinkindot-L3
X-From
X-Fetched-On
T-Server
SR-User-Adfree
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
X-A
Thinkindot-Control
Rendered-Blocks
Release
Mobile-Detection-Method
Meta-Geo-Continent
Odigeo-Trace-Id
Path
Pramga
X-A-Dam
X-A-Dcw
X-Connection-Hash
X-CF-Lambda-Version
X-D
X-Destination
X-External-Request-Id
X-Device-Os
X-CF-Lambda-Fn
X-Cache-NE
X-Aed
X-A-Dgt
X-Application
X-ARC
X-B-Cookie
MD5-Digest
X-A-Wwc
X-Origin-Response-Time
X-Varnish-Hostname
X-Cache-NGX
X-Cache-PHP
Wxu-Next-Region
X-Backend-State
X-Adobe-Source
X-Azure-Ref-OriginShield
X-Bip
X-Cache-Bucket
X-Csrf-Jwt
X-Developers
X-Eu-Site
X-CGP
X-Cdn-Origin
X-Cache-Date
X-Cache-Info
Wxu-Next-Hostname
UCS
L
L5d-Success-Class
Host-ID
HA-Ipaddr
Gh-Request-Id
Ha-Gx-Prefs
Locid
Magicmarker
Ssr
X-FC-Vary-Parameters
PFcat
Pagetype
X-B3-Traceid
Wxu-Next-Commit
X-Geo-Header
X-Swa-Ws
X-Thanos
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Skip-Cache
X-Sn-Servicetimems
X-Tumblr-Pixel-3
X-User
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-VServer
X-Cache-Remote
X-VarnishDD-TTL
X-Request-URI
X-Reqid
X-HS-Content-Campaign-Id
X-Irp-Debug
X-HN
X-Has-Esi
Fastly-Backend-Name
X-GeoIP
X-Is-Gdpr
X-JWT-State
X-OVcl-Cache
X-Owner
X-Node-Id
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Generated-In
X-OVcl
Cache-Host
CacheControlHeader
X-Ms-Version
X-Ms-Request-Id
AKAMAI
C-Via
Cf-Device-Type
X-NWS-UUID-VERIFY
X-Debug-Cache
DB-Nickname
X-Fastly-Backend
X-Generated-By
CloudFront-Viewer-Country
X-Fastly-Cache
X-Request-Host
Cf-Bgj
Sever-Int
X-Origin-Expires
X-Method
X-Nginx-Cache-Key
V-Age
Server-Hostname
On-Server
X-IP
Server-Ext
Server-Host
X-Policy
X-Request-Start
User-Cache-Control
X-Varnish-Hits
Apple-News-Services-Parsed-Url
X-Cache-Tags
X-Core-Value
X-TrackingId
X-Clientip
X-Cms-Context
X-CUA
CDCHOST
X-Scheme
Apple-News-Services-Request-Url
NGX
Apple-News-Services-Handled
X-Envoy-Decorator-Operation
X-Developer
X-Var-Ttl
Apple-News-Services-Host
Content-Disposition
X-ID
X-NC
X-Block-Status
X-Varnish-Beresp-Grace
X-Branch-Name
X-DefElseHash
IsBot
X-DefHash
X-Variation
X-SIPLIST1
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-TX-ID
Is-Eu
X-Varnish-CookieINHashed-On
Location
X-WADP-Cache
Fastly-SWR
Fastly-SIE
X-Clara-WADP
X-VG-TLSProxy
X-Varnish-Remaining-TTL
X-Esi-Check
X-Cache-Debug
X-Cache-Expires
X-Cache-Id
X-Varnish-CookieHashed-On
X-Servername
Web-Mar-Node
Vix-Hermes-Req-Id
X-Li-Pop
X-Li-Fabric
Rt-Fastcgi-Cache
X-Platform-Server
X-LI-UUID
X-Old-Content-Length
True-Client-Country-4JS
X-Origin
X-Loc
X-Hnp-Log
X-Gzip
Platform
X-Rebelmouse-Surrogate-Control
Origin
NM-Fastcgi-Cache
X-Fmm-Version
X-Gen-Mode
X-GoCache-CacheStatus
X-Ratelimit-Reset
Adler-Geo
X-Rebelmouse-Cache-Control
X-NU-AKA-ACS-Version
X-App-Version
HostName
CDN-EdgeStorageId
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-Varnish-Url
CDN-RequestId
X-Gamma-Serve
X-NCache
CACHE
CDN-Uid
CDN-CachedAt
CDN-RequestCountryCode
CDN-Cache
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-Slack-Backend
CDN-PullZone
X-Host-Name
X-NAPM-TraceId
X-CS
X-Response-By
X-B3-Spanid
X-Cdn-Forward
X-PF-Uncompressing
X-EC-Lua
X-Core-Mission
X-Varnish-Cacheable
S-Rt
Url
X-B3-SpanId
Xkeyi7
X-CACHE-GROUP
Pics-Label
X-Refresh
X-Mvc-Supplant-OutputCached
X-TA-CDN-Provider
X-Aicache-OS
X-Proxy-Cachei7
Cross-Origin-Window-Policy
Sid
N-Cache
X-LB-ID
X-BBXSRF
X-FireWall-Protection
X-Sucuri-Cache
Ohc-File-Size
Content-Secure-Policy
X-Cache-2
Cteonnt-Length
X-Via-Poph
X-Via-Popn
X-Cache-ASPX
Esi-Enabled
X-Contensis-Viewer-Groups
X-Cc-Via
X-Cc-Req-Id
X-Via-Popv
X-CDN-Forward
X-Unique-ID
D-Cc-Upstream
X-Varnish-Authentication
X-Svr
X-Epic-Correlation-Id
X-Tb-Optimization-Total-Bytes-Saved
X-Error
X-Srv
Source
X-Server-IP
X-Servedbyhost
X-Wa
MIME-Version
X-Cs
X-Webkit-CSP-Report-Only
X-TraceId
X-Nc
Geo-Info
X-API-Version
GeoIp-Country-Code
X-Gdpr
X-CLOUD-TRACE-CONTEXT
X-FPC
Geoip-Latitude
X-DC
HitType
X-Nyt-Route
Who
X-Origin-Time
X-Cache-Config
Req-Svc-Chain
X-RateLimit-Limit
Country-Code
X-SN
X-VC
Server-Ttl
X-HS-Status
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
Hostname
X-URL
X-Fastly-Request-Id
X-NGINX-Cache
Ohc-Cache-HIT
X-TIME
X-LiteSpeed-Cache-Control
XServer
X-NodeID
X-SB
X-Webstats-RespID
X-LI-Proto
X-CACHE-KEY
Cmstype
Cmsid
X-Check-Cacheable
X-SD-PageType
Server-ID
X-VCL-Version
Svr
Kp-EeAlive
X-Esi
VivaBuild
X-Render-Time
Viewtype
X-Ua
X-Served-From
X-HOST
NtCoent-Length
EpKe-Alive
X-Vcl-Version
X-Vgn-Hpd-Reason
X-Viewer-Country
SID
X-BBC-Edge-Cache-Status
Tcn
Request-ID
A
Cache-Key
X-UA
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
M-TraceId
X-Worker
X-DW
X-CCDN-CacheTTL
Resin-Trace
Cache-Provider
X-RAMCache
X-DB
X-DI
X-DSS
X-Li-Proto
X-TIM-N
Server-Id
X-RPM
X-Auto-Login
X-RSL
X-RPS
X-Ftr-Cache-Host
ProcessTime
TDXMobile
X-Air-Source
Arc-Country
X-CF-Powered-By
GeoIP-Latitude
Cross-Origin-Opener-Policy
GeoIP-Country-Code
X-HostName
X-CSRF-TOKEN
X-Dynatrace-Js-Agent
X-Action
Upgrade-Insecure-Requests
X-Internal-Host
CDN
X-Cluster-Node
X-App
Processtime
X-Newrelic-Synthetics
X-Geo
X-FTR-Cache-Host
Mime-Version
X-ServedByHost
X-WA
X-Oss-Cdn-Auth
Filterid
X-Vc
X-Fpc
CF-Cached-On
X-BBC-Origin-Response-Status
X-FORWARDED-FOR
X-Service
Datacenter
Proxy-Connection
Srv
X-HITS
OT-Force-Account-Verify
Cdn
X-Dw-Trace-Id
X-ND-Cache
X-MSEdge-Features
X-Via-PopH
X-Via-PopN
X-Via-PopV
X-Fastly-Backend-Reqs
X-BACKEND-TTL
X-MSEdge-Flight
WZWS-RAY
NGB
X-CACHE-AGE
X-Client-Ip
DataCenter
X-Via-NSCOPI
X-Forwarded-Site
X-Hello
X-ABtesting
X-Flog
FSS-Cache
W
X-Parent-Response-Time
X-Cache-Tag
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Lb-Id
Dnion-Transfer-Encoding
X-Cdn-Request-ID
X-JoinUs
X-NGENIX-Cache
X-Akamai-Pragma-Client-IP
X-PHP-Backend
X-SaId
X-Edge-Location
X-Pf-Uncompressing
PICS-Label
Vha6-Origin
X-Presslabs-Stats
Media-Length
X-Extlb
X-Oracle-DMS-ECID
X-Swift-Error
Surrogated-Key
Memcached
Epwk-X-Cache
X-ZONE
X-LiteSpeed-Tag
URI
LB
Mail-Subject
X-Accel-Expires-Debug
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-PJAX-URL
X-Region-Sid
X-Req
X-VC-Cache
X-UnsetCookies
X-Pad
X-Proxy-Upstream
X-Date
X-Depends-On
We-Hiring
X-MiniProfiler-Ids
X-Bc-Bl
X-Provided-By
Cf-Ipcountry
X-Sigma
X-Sigma-Backend
X-Rocket-Build-Number
Env
Time
Memory
X-APP
X-Vcache
X-B3-Parentspanid
X-Acquia-Site
X-Varnish-Beresp-TTL
X-Request-URL
X-Ms-Meta-Staticbatchstarttime
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Request-Url
X-Acquia-Application-UUID
X-Akamai-Request-ID
X-Csrf-Token
X-ElasticPress-Search
X-Akamai-ERRuleID
Xet-Cookie
X-Ms-Meta-Originalurl
X-ElasticPress-Query
X-Akamai-ERPolicy
CountryCode
Environment
X-Redis-Count
X-Men
X-Varnish-URL
X-Redis-Duration-Ms
X-Storefront-Renderer-Verified
X-Tid
Inserted-Into-Cache-At
X-Air-Trace-Id
X-ServerName
X-Zone
X-Debug-Cache-Fetch
X-Acc-Rdl
Content-Script-Type
X-Acc-Debug-Context
Ohc-Response-Time
Phost
NnCoection
Content-Style-Type
Edge-Copy-Time
X-Traceid
X-C
X-Debug-Cache-Store
X-Litespeed-Cache-Control
X-Via-Edge
X-Via-SSL
X-Snapshot-Date