Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Backend
X-Server
X-Hacker
Host-Header
Report-To
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-Amz-Version-Id
NEL
X-Cache-Spec
X-CST
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
X-Application-Context
X-Cache-Lookup
X-Ac
X-Country
Accept-CH
Accept-Ch
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Template
X-Language
X-Readtime
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
Rating
X-HW
X-Url
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-ORACLE-DMS-RID
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
Display
Pagespeed
X-Varnish-TTL
X-Content-Type
X-D2id
X-ORACLE-DMS-ECID
Verso
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Vcap-Request-Id
X-GoogleNews-Bot
X-Exp-Id
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-Powered-By-Plesk
X-Navigation-Version
X-VARITI-CCR
X-TTL
Service-Worker-Allowed
X-Server-Name
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Oneagent-Js-Injection
X-Buckets
X-Client-IP
Fastly-Restarts
X-Cached
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
SPIisLatency
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Pinterest-Rid
Pinterest-Version
SPRequestDuration
Pinterest-Generated-By
Public-Key-Pins
Access-Control-Request-Method
RTSS
X-Webkit-CSP
Cache-Tag
AR-CACHE
AR-Request-ID
X-Edge
AR-ATIME
AR-PoweredBy
Ar-Sid
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
Content-MD5
X-Version
X-Jurisdiction
X-HP-Webp
X-Origin-Upstream-Status
S
X-Recruiting
X-ECACHE
X-Mid
X-MCACHE
Charset
X-Mg-S
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
X-DynaTrace
X-PressLabs-Stats
X-Kinsta-Cache
X-Content-Digest
X-Px
X-Fastcgi-Cache
X-Ruxit-Js-Agent
X-T
Cache-Tags
Fastcgi-Cache
X-Ttl
X-Id
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-Logged-In
Filters
X-Forwarded-Proto
Server-Node
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Front-End-Https
TP-L2-Cache
TP-Cache
Server-Name
X-Forwarded-For
TCN
X-Grace
Nginx-Cache
X-Kong-Proxy-Latency
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Hits
X-Correlation-Id
X-Amzn-Trace-Id
X-Debug
X-Request-Received
X-Request-Processing-Time
X-Shield-Request-Id
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Age
X-Activity-Id
X-AppVersion
X-Az
X-Yandex-Sdch-Disable
Surrogate-Key
X-Amz-Replication-Status
X-F-Cache
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
Alternate-Protocol
X-Origin-Server
X-Ser
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-DIS-Request-ID
Accept-Charset
X-Rid
X-Frontend
X-Geo-Country
Nel
X-Git-Hash
Host
X-NWS-LOG-UUID
Section-Io-Cache
X-XRDS-Location
X-Respond-Thread
X-Cache-Age
X-Upgrade-Enabled
X-Hostname
Access-Control-Allow-Method
X-DataDome
X-LB-Cache
X-Time
X-VCache
X-Mobile-URL
X-Pinterest-Direct
MS-CV
X-Type
Paypal-Debug-Id
X-RateLimit-Remaining
X-Cache-Key
X-Seen-By
ServerID
X-IPLB-Instance
Cache
Healthy
X-TT
X-Content-Options
X-Source
X-Varnish-Backend
X-AOL-HN
X-Providence-Cookie
X-Request-Guid
X-Whom
Payment
X-Aspnet-Duration-Ms
X-App-Environment
X-Flags
X-Daa-Tunnel
Cleartype
X-Is-Crawler
X-Route-Name
X-Cache-Action
X-B-Cache
X-Signature
X-Server-ID
X-Page-Id
Fastcgi-Useragent
X-Debug-Info
X-FTR-Request-ID
X-WebKit-CSP-Report-Only
X-N
X-Jobs
X-Load-Cache
X-FB-Debug
Realpath
X-Contextid
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Powered-By-ChinaCache
Node
X-Webkit-Csp
X-Rule
Refresh
X-Cache-Expired-At
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
Version
X-Proxy
X-Drupal-Cache-Tags
DC
X-RTag
X-Wix-Request-Id
Ms-Operation-Id
X-Cacheable-TTL
X-Zen-Fury
X-Framework
Referer-Policy
Access-Control-Request-Headers
Viewport
X-Instance
X-HTML-Minification-Powered-By
X-Cluster-Name
X-Real-IP
X-Cache-Control
X-Content-Powered-By
X-B
X-RemovedCookies
X-ProcessESI
X-Cache-Time
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Eomportal-Instance
X-Tt-Trace-Host
X-Via-JSL
X-Tt-Trace-Tag
X-Region
X-Page-View
X-Distributor
X-IPS-LoggedIn
X-UUID
X-Cached-By
X-Drupal-Cache-Contexts
X-FW-Static
X-FW-Type
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FireWall-Port
Countrycode
X-Akamai-Edgescape
X-Cache-Rule
X-Cache-Operation
Liferay-Portal
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-G
X-TEC-API-VERSION
X-Cache-Hit
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-L-Path
X-App-Server
X-Environment-Context
Xserver
X-Pass-Why
X-Nginx-Cache
X-Tec-Api-Origin
DynaTrace
X-Tec-Api-Version
X-Tec-Api-Root
SRV
Server-Info
CF-IPCountry
X-Www-Served-By
X-Debug-IsConnected
Section-Io-Id
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
X-Protected-By
Section-Io-Origin-Status
X-Debug-IsPreview
X-User-Agent
X-Device-Type
From-Origin
X-Tumblr-Pixel-2
Webserver
X-Varnish-Grace
X-Mode
Ec-Rule-Version
X-UPSTREAM-Address
Retry-After
X-Adobe-Content
Meta-Geo
X-Hl-Ver
X-Handled-By
X-ES-SERVER
GEO-INFO
X-RN-RSRV
X-Adobe-Loc
Cache-Tv-Group
X-Ratelimit-Limit
X-Endurance-Cache-Level
X-Uri
X-MP-GENERATED-AT
X-Backend-Name
Property-Id
X-Section
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
TWC-Connection-Speed
TWC-Privacy
X-Labrador-Cache-Channel
X-Format
X-Cache-Server
X-FB-TRIP-ID
X-Access
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Locale-Group
Fastly-SSL
Decoy-Debug-TTL
Cache-Status
X-PHP-Host
X-Storage
X-Origin-Hint
X-OCL
X-PCL
X-Varnishpool
X-Pubstack
Decoy-Debug-Status
Decoy-Debug-Key
Frame-Options
X-ApacheServer
X-AWS-Id
X-Proto
X-Be
X-PERF
X-NYM-Debug-Backend
X-LJ-Flow-ID
Mn-Server-Ip
Selected-Fe
X-No-Session
X-Varnish-Server
X-Proxy-Build
Country
X-BYPASS-REASON
X-Human
X-Sql-Duration-Ms
X-Timing-Wait
X-Via-Fastly
Apigw-Requestid
X-Sql-Count
Protected
X-ProxyCache-Status
X-ProxyCache-Key
X-UA-Device-Type
X-Soup
X-Request-Time
X-VWS-Id
X-Server-W
X-WA-Info
X-Redis-Cache
X-Locale
Cache-Name
X-Web-Node
X-R9-Blue-Green-Version
Azure-SiteName
X-S-Maxage
X-Hyper-Cache
X-Hosted-By
X-LAGOON
Azure-Version
Azure-InstanceId
Azure-RegionName
Azure-SlotName
X-Zipkin-Id
X-Xfnlog-Site
X-Origin-Date
X-Status
X-Routing-Service
X-Site-Version
X-Proxied
X-AIR-PT
X-ShopId
X-Shopify-Stage
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
X-FW-Version
X-SayCDN-TTL
X-Say-TTL
X-Say-Cacheable
X-Sorting-Hat-PodId
X-ShardId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Loop
X-TNCMS
X-Info
AMP-Access-Control-Allow-Source-Origin
X-Node-Name
X-Is-Bot
X-GG-Cache-Date
X-TT-LOGID
X-Cluster
X-Dc
X-Rendered-As
X-Cache-Enabled
X-Forwarded-Host
X-CCM
X-Cache-Grace
S-Cnection
Uber-Trace-Id
X-Proxy-Cache-Status
X-Microcachable
X-Qloud-Router
X-Revision
X-Content-Age
X-SRV
X-TA-CDN-Provider
X-Platform
X-NWS-UUID-VERIFY
X-Azure-Ref
X-Backend-Host
X-Via-CDN
X-CSRF-Token
Cache-Hits
Akamai-GRN
X-Detected-As
Amp-Access-Control-Allow-Source-Origin
X-App-Version
X-Varnish-Ttl
X-Cache-Host
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Backend
X-Country-Code-Real
X-Ratelimit-Remaining
X-Aspnetmvc-Version
X-Correlation-ID
X-Amz-Meta-S3cmd-Attrs
X-FTR-Realm
X-EdgeConnect-Cache-Status
ServedBy
X-Amz-Apigw-Id
X-ATG-Version
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Cache-NGX
X-B3-SpanId
X-Trace-Id
X-Cache-PHP
X-Debug-Cache
X-RCS-CacheZone
HostName
X-Varnish-Hostname
X-FTR-Expires
X-Nc
SD-X-WS
X-Oss-Server-Time
X-Oss-Storage-Class
X-CS
X-Oss-Request-Id
X-TX-ID
DB-Nickname
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Time-Microsecs
X-DynaTrace-JS-Agent
X-BCube-Filmed-By
X-Akamai-Transformed
X-CACHE-KEY
X-Air-Hostname
X-Backend-TTL
Tracecode
X-ServerID
Backend
X-Ms-Request-Id
X-Ms-Version
X-Aed
X-D
X-Adobe-Source
X-Destination
X-Origin-CC
X-A-Wwc
X-External-Request-Id
X-Owner
Expiry
X-From
DCR-Processing-Time-Ms
X-Origin-TTL
X-Generated-On
X-Connection-Hash
X-CF-Lambda-Fn
BehaviorPad-Version
X-Level-Front-Cache
X-Generation-Time
X-CF-Lambda-Version
X-Cache-NE
X-Location
X-PAYTM-SRV-ID
X-Application
X-ARC
X-NAPM-TraceId
X-B-Cookie
DCR-Decision-By
X-Rewrite-Enabled
X-Vdms-Version
MD5-Digest
X-VG-WebCache
X-Vdms-Path
Machine
X-Trv-Group
X-PBS-Appsvrname
X-VG-WebServer
Meta-Geo-Continent
T-Server
Odigeo-Trace-Id
Rendered-Blocks
Xc-Version
Mobile-Detection-Method
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-A
X-Unique-ID
X-S-Cookie
X-S
X-A-Dam
X-ScT
X-Session-Fingerprint
X-Rojux
X-Request-UUID
Fastcgi-X-Cache-Version
X-SRCache-Key
X-Processor
X-A-Dgt
X-A-Dcw
X-A-Ccd
X-Varnish-Beresp-Grace
X-Tb
X-NewRelic-App-Data
Fastly-Backend-Name
Wxu-Next-Hostname
Thinkindot-CacheControl-Type
Wxu-Next-Region
Thinkindot-CacheControl
X-FC-Vary-Parameters
Path
Server-Host
X-Fetched-On
Pagetype
Host-ID
On-Server
Wxu-Next-Commit
X-Developers
X-Device-Os
Content-Disposition
X-Cms-Context
AKAMAI
Gh-Request-Id
UCS
CacheControlHeader
X-Cache-Bucket
V-Age
X-Bip
Magicmarker
Thinkindot-Control
X-Irp-Debug
X-OVcl
X-OVcl-Cache
X-Mvc-Supplant-Cachable
X-Micro-Cache
Who
Release
X-Policy
X-Reqid
X-TrackingId
X-Tumblr-Pixel-3
X-Sucuri-ID
X-Thinkindot-L3
X-Thanos
X-HS-Content-Campaign-Id
X-Magnolia-Registration
X-Geo-Header
X-Generated-In
X-Varnish-Cache-Hits
X-GeoIP-City
Country-Code
User-Cache-Control
X-Cache-Var
X-Unique-Id
X-Varnish-Beresp-Ttl
X-Cdn-Forward
X-Cache-Var-Map
X-User
Vix-Hermes-Req-Id
X-Gen-Mode
Web-Mar-Node
X-SVT-ORM-VERSION
X-Skip-Cache
X-Scheme
X-SVT-ORM-RULES
True-Client-Country-4JS
X-Fastly-Cache
X-Generated-By
X-VG-TLSProxy
X-Cache-Info
Ssr
X-Swa-Ws
Sever-Int
Server-Ext
Server-Hostname
Cache-Host
X-Wikidot-Static-Cache
X-Request-URI
X-VarnishDD-TTL
X-VServer
X-WADP-Cache
X-Wikidot-Backend
X-Var-Ttl
X-GeoIP
X-CGP
X-JWT-State
X-Clara-WADP
X-Li-Fabric
X-Li-Pop
X-Cache-Id
X-LI-UUID
X-Is-Gdpr
X-Core-Value
X-Hnp-Log
X-HN
X-Developer
X-Has-Esi
X-Csrf-Jwt
X-IP
X-Cache-Debug
X-Method
X-Origin
X-Old-Content-Length
X-Origin-Response-Time
X-Eu-Site
X-Fastly-Backend
X-Dispatcher-Server
X-Node-Id
X-Nginx-Cache-Key
X-Block-Status
X-Branch-Name
X-Gzip
X-Backend-State
X-Fmm-Version
X-Azure-Ref-OriginShield
X-Request-Host
X-Esi-Check
C-Via
HA-Ipaddr
Cf-Device-Type
Arc-Version
Cf-Bgj
L5d-Success-Class
Ha-Gx-Prefs
CDCHOST
DSUID
CDN-CachedAt
Esi-Enabled
CDN-EdgeStorageId
X-B3-Traceid
CDN-Cache
Location
PFcat
PB-RID
Apple-News-Services-Host
Apple-News-Services-Handled
CDN-RequestCountryCode
CDN-RequestId
Locid
X-Varnish-Beresp-Status
NM-Fastcgi-Cache
Apple-News-Services-Request-Url
CDN-PullZone
PB-PID
Apple-News-Services-Parsed-Url
CDN-Uid
X-GEO
X-APP-VERSION
X-NU-AKA-ACS-Version
X-GoCache-CacheStatus
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-DefHash
Adler-Geo
X-Clientip
X-Gamma-Serve
X-LB-ID
X-Hash
X-Origin-Expires
X-Cache-Tags
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieINHashed-On
NGX
X-Varnish-CookieHashed-On
IsBot
Is-Eu
SR-User-Adfree
X-Varnish-Remaining-TTL
Platform
X-Varnish-Hits
Rt-Fastcgi-Cache
Origin
L
Instruction
X-Variation
X-Ratelimit-Reset
X-SIPLIST1
X-RateLimit-Limit
X-DefElseHash
X-Slack-Backend
X-Aicache-OS
X-Platform-Server
Fastly-SWR
Fastly-SIE
X-Rebelmouse-Cache-Control
Filterid
Geo-Info
X-ID
X-EC-Lua
X-Varnish-Url
Fastly-Drupal-HTML
X-Goog-Meta-Goog-Reserved-File-Mtime
X-CUA
X-Mvc-Supplant-OutputCached
X-CLOUD-TRACE-CONTEXT
X-Cache-Backend
X-Via-Popv
Sid
X-Via-Popn
X-Via-Poph
Lfy
X-PF-Uncompressing
X-Loc
X-Epic-Correlation-Id
X-Matched-Rule
Pics-Label
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
CloudFront-Viewer-Country
X-Planisys-CDN-TTL
X-Refresh
X-NCache
X-Sn-Servicetimems
X-Cdn-Origin
Url
Pramga
X-Cache-Expires
X-Servername
X-Core-Mission
X-Cache-Date
Req-Svc-Chain
Cmsid
X-TraceId
Cmstype
NGB
X-Tb-Optimization-Total-Bytes-Saved
X-Served-From
Svr
Kp-EeAlive
Tcn
VivaBuild
A
X-Request-Start
Viewtype
M-TraceId
X-Srv
MIME-Version
Cache-Key
Source
X-Error
X-FireWall-Protection
X-Ua-Device
X-Vgn-Hpd-Reason
Geoip-Latitude
Arc-Country
X-Varnish-Cacheable
Cross-Origin-Opener-Policy
GeoIp-Country-Code
X-Webkit-CSP-Report-Only
X-Response-By
X-DC
X-Vcl-Version
Server-ID
TDXMobile
X-JoinUs
DataCenter
X-SaId
X-NGENIX-Cache
X-PHP-Backend
X-NC
X-Air-Source
X-Vc
X-Proxy-Cachei7
X-Edge-Location
Xkeyi7
X-HS-Status
X-Geo
NtCoent-Length
X-Wa
Content-Secure-Policy
X-Service
X-B3-Spanid
SID
X-Li-Proto
HitType
Server-Ttl
N-Cache
X-BBXSRF
X-Servedbyhost
X-Erf-Stays-Bingo-Pdp-Web
X-Cache-Remote
S-Rt
X-Extlb
Resin-Trace
X-Esi
X-Cache-2
X-LiteSpeed-Cache-Control
X-Internal-Host
CACHE
X-CDN-Forward
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Forwarded-Site
X-Viewer-Country
X-Cc-Via
X-Instrumentation
X-Varnish-Authentication
FSS-Cache
X-LI-Proto
X-Kraken-Routeconfig-Destination
X-Cc-Req-Id
D-Cc-Upstream
X-Server-Lifecycle-Phase
X-Kraken-Loop-Name
X-HOST
X-Edge-Location-Klb
X-Bc-Bl
Cteonnt-Length
Ohc-File-Size
X-Via-NSCOPI
X-CCDN-Origin-Time
X-ServedByHost
X-Svr
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
Cross-Origin-Window-Policy
X-Sucuri-Cache
Request-ID
X-WA
X-RAMCache
X-Cs
X-HostName
X-UA
X-Host-Name
Mail-Subject
We-Hiring
X-Accel-Expires-Debug
X-PJAX-URL
X-Req
X-Date
Surrogated-Key
X-Proxy-Upstream
Memcached
X-DI
X-RPS
X-RPM
X-RSL
LB
X-Server-IP
X-TIM-N
X-DW
X-Newrelic-Synthetics
X-DB
X-VCL-Version
X-DSS
Hostname
X-Cache-Config
X-VC-Cache
GeoIP-Country-Code
CF-Cached-On
X-Nyt-Route
X-FPC
X-Gdpr
X-RateLimit-Limit-Second
X-Origin-Time
GeoIP-Latitude
Env
X-App
X-API-Version
X-RateLimit-Remaining-Second
XServer
X-Action
Server-Id
ProcessTime
X-ZONE
X-NodeID
X-Check-Cacheable
X-Sigma-Backend
X-Rocket-Build-Number
X-SN
X-Sigma
X-APP
Cache-Provider
X-Men
Upgrade-Insecure-Requests
X-VC
X-TIME
Ohc-Cache-HIT
CPC-Age
CPC-Cache
X-Oss-Cdn-Auth
Memory
X-Webstats-RespID
VNS-Age
X-Air-Trace-Id
X-CF-Powered-By
X-MSEdge-Flight
VNS-Cache
X-Fpc
X-SB
Mime-Version
X-Region-Sid
X-MSEdge-Features
Time
X-URL
X-Provided-By
X-Dynatrace-Js-Agent
X-Swift-Error
X-Depends-On
W
X-SD-PageType
X-Zone
X-FORWARDED-FOR
Srv
X-Cdn-Request-ID
X-Akamai-Pragma-Client-IP
Cdn
X-Ftr-Cache-Host
X-BBC-Edge-Cache-Status
X-Render-Time
X-CSRF-TOKEN
X-Dw-Trace-Id
X-UnsetCookies
X-BACKEND-TTL
CDN
X-Client-Ip
X-ServerName
X-Hello
X-Flog
X-ABtesting
My-App
Dnion-Transfer-Encoding
EpKe-Alive
X-Fastly-Request-Id
Fastcgi-Cache-TTL
X-Parent-Response-Time
State
X-Fastly-Backend-Reqs
X-NGINX-Cache
X-Dynatrace
X-Pad
X-Minions-Version
Media-Length
PICS-Label
X-Acquia-Application-UUID
X-FTR-Cache-Host
X-Acquia-Site
X-Cache-Tag
Proxy-Connection
Vha6-Origin
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Presslabs-Stats
X-Auto-Login
X-Oracle-DMS-ECID
Processtime
X-Pf-Uncompressing
X-Worker
X-ElasticPress-Search
X-Via-PopV
X-BBC-Origin-Response-Status
X-Mg-Request-UUID
X-Ua
X-Cluster-Node
X-Via-PopH
X-Via-PopN
X-LiteSpeed-Tag
X-Snapshot-Date
Epwk-X-Cache
Cf-Ipcountry
X-CACHE-AGE
Datacenter
X-Akamai-ERPolicy
X-Vcache
X-Varnish-URL
X-Lb-Id
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
OT-Force-Account-Verify
X-Akamai-ERRuleID
Warning
X-ElasticPress-Query
X-Request-URL
X-Varnish-Beresp-TTL
Xet-Cookie
X-MiniProfiler-Ids
X-Cache-Type
CountryCode
X-ND-Cache
X-Forwarded-Path
X-Orig-Expires
Content-Style-Type
X-Tenant
X-Shop-Environment
X-Apw-Access-Object
X-Mg-Request-Id
X-Cache-Status-Check
X-Apw-Access-Action
X-Apw-Hits
X-Apw-Access-Token
X-Tid
X-Debug-Cache-Store
X-B3-Parentspanid
URI
X-Debug-Cache-Fetch
X-Storefront-Renderer-Verified
X-Redis-Count
Environment
Phost
NnCoection
X-Amz-Meta-Cb-Modifiedtime
X-C
X-Litespeed-Cache-Control
X-Redis-Duration-Ms
X-Traceid
Inserted-Into-Cache-At
Ohc-Response-Time
Content-Script-Type