Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Request-ID
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Upgrade
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Server
X-Amz-Request-Id
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
X-WebKit-CSP
Xkey
X-Device
Allow
X-CST
X-Backend-Server
X-Vhost
X-Host
EagleEye-TraceId
X-Server-Id
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
Accept-CH
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
P3p
X-Ac
X-ASPNET-VERSION
X-Application-Context
X-Template
X-Language
X-Country
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
Accept-Ch
X-MS-InvokeApp
X-HW
X-Url
X-Vname
X-TtlSet
X-PC
Accept-Ch-Lifetime
X-Clacks-Overhead
X-GitHub-Request-Id
X-ORACLE-DMS-ECID
X-ESI
Edge-Control
X-Trace
X-FastCGI-Cache
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
Display
Pagespeed
X-Content-Type
X-D2id
X-Cdn-Fetch
X-Kinja
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Build
X-Exp-Variant
X-Vcap-Request-Id
X-Exp-Id
X-GoogleNews-Bot
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-ORACLE-DMS-RID
X-Server-Name
X-Varnish-TTL
X-Navigation-Version
Service-Worker-Allowed
X-VARITI-CCR
X-Abt-Application-Version
X-Fastly-Request-ID
X-Amz-Rid
X-Powered-By-Plesk
X-Client-IP
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Cache-TTL
X-Webkit-CSP
X-Release
Fastly-Restarts
X-SharePointHealthScore
SPRequestGuid
X-MSEdge-Ref
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Kinja-Server-Push
X-Cached
SPIisLatency
SPRequestDuration
X-TTL
X-NF-Request-ID
X-Oneagent-Js-Injection
Public-Key-Pins
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
RTSS
AR-ATIME
AR-CACHE
AR-Request-ID
X-Edge
AR-PoweredBy
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-LLID
X-Powered-CMS
X-Origin-Upstream-Status
X-Ezoic-Cdn
X-Px
X-Upstream
X-Ttl
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Content-MD5
Cache-Tag
X-HP-Webp
X-Jurisdiction
X-Mid
X-ECACHE
X-MCACHE
S
X-Version
X-Mg-S
X-Content-Digest
Charset
X-Recruiting
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
Fastcgi-Cache
TCN
X-T
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Front-End-Https
X-Id
X-Pinterest-Direct
Cache-Tags
Filters
X-Litespeed-Cache
X-Debug
X-Grace
Edge-Cache-Tag
X-Accel-Expires
Server-Node
X-Logged-In
X-Forwarded-Proto
X-Forwarded-For
X-DynaTrace
Server-Name
Nginx-Cache
X-Amzn-Trace-Id
X-Kong-Proxy-Latency
TP-Cache
TP-L2-Cache
X-Kong-Upstream-Latency
X-Correlation-Id
X-Yandex-Sdch-Disable
X-Varnish-Age
Surrogate-Key
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Request-Handler-Origin-Region
X-Microsite
X-Ser
X-Shield-Request-Id
X-XRDS-LOCATION
X-Hits
X-Az
X-AppVersion
X-Activity-Id
X-Amz-Replication-Status
X-DIS-Request-ID
X-Server-ID
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-F-Cache
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-GUploader-UploadID
X-Cache-Key
Accept-Charset
X-Origin-Server
X-XRDS-Location
X-Geo-Country
X-Git-Hash
Powered-By-ChinaCache
X-Respond-Thread
X-FTR-Request-ID
Cache
X-Rid
X-LB-Cache
Alternate-Protocol
X-Frontend
X-Upgrade-Enabled
X-DataDome
Section-Io-Cache
X-Hostname
Host
Access-Control-Allow-Method
X-Mobile-URL
X-Cache-Age
Paypal-Debug-Id
X-Seen-By
MS-CV
Cleartype
Healthy
X-IPLB-Instance
X-AOL-HN
X-Ruxit-Js-Agent
X-VCache
X-Type
X-Varnish-Backend
X-Content-Options
X-NWS-LOG-UUID
X-Whom
X-App-Environment
ServerID
X-Aspnet-Duration-Ms
X-Route-Name
X-Cache-Action
X-Providence-Cookie
X-Is-Crawler
X-Flags
Payment
X-Request-Guid
X-WebKit-CSP-Report-Only
X-TT
X-Signature
X-Jobs
X-Page-Id
X-B-Cache
Fastcgi-Useragent
X-Time
X-Debug-Info
X-N
X-Source
X-Load-Cache
X-Mobile
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Daa-Tunnel
X-Fastcgi-Cache
X-RateLimit-Remaining
X-FB-Debug
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
Version
Nel
Refresh
X-Cache-Operation
X-Cache-Rule
X-Cached-By
X-Akamai-Edgescape
X-Response-Served-From
X-Accel-Buffering
X-Original-Request-Id
Viewport
X-Rule
X-Wix-Request-Id
X-Cacheable-TTL
X-Framework
DC
X-Proxy
X-Drupal-Cache-Tags
Access-Control-Request-Headers
X-RTag
X-RemovedCookies
X-ProcessESI
X-Zen-Fury
Ms-Operation-Id
X-Contextid
Node
X-Real-IP
X-Instance
Realpath
X-Cache-Time
DynaTrace
X-Region
X-HTML-Minification-Powered-By
X-Page-View
Referer-Policy
X-UUID
X-Tt-Trace-Tag
X-Drupal-Cache-Contexts
X-Tt-Trace-Host
X-FW-Server
Countrycode
X-Distributor
Eomportal-Instance
X-Yottaa-Metrics
X-FW-Type
X-FW-Static
X-FW-Hash
X-FW-Dynamic
X-FW-Serve
X-Yottaa-Optimizations
X-Cluster-Name
X-Cache-Expired-At
X-B
VIX-Pulpo-Node
X-Cache-Control
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
X-Environment-Context
X-L-Path
X-IPS-LoggedIn
GEO-INFO
X-Tumblr-User
X-G
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
Liferay-Portal
X-Ratelimit-Limit
Server-Info
X-App-Server
X-User-Agent
X-Pass-Why
X-FireWall-Port
X-Node-Name
Webserver
X-Tumblr-Pixel-2
From-Origin
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Varnish-Ttl
Section-Origin-Responded
Ec-Rule-Version
X-Protected-By
Protected
Xserver
CF-IPCountry
SRV
X-Cache-Server
X-Www-Served-By
Frame-Options
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Backend-Name
X-Hl-Ver
X-UPSTREAM-Address
X-Handled-By
X-ES-SERVER
X-Mode
X-RN-RSRV
Meta-Geo
X-Site-Version
X-Soup
X-FB-TRIP-ID
X-Endurance-Cache-Level
X-Locale
X-Hyper-Cache
Cache-Status
X-Human
X-Web-Node
X-NYM-Debug-Backend
Cache-Tv-Group
X-Storage
X-Be
Country
X-Varnishpool
X-Cache-Grace
X-Forwarded-Host
X-ProxyCache-Key
X-Pubstack
X-Proxy-Build
X-Redis-Cache
X-ProxyCache-Status
X-Request-Time
Decoy-Debug-TTL
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
X-UA-Device-Type
X-Uri
X-Proto
X-BYPASS-REASON
TWC-Privacy
TWC-Locale-Group
Selected-Fe
Property-Id
TWC-Connection-Speed
TWC-Device-Class
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-PHP-Host
X-TT-LOGID
Azure-SlotName
Azure-Version
Cache-Name
Azure-SiteName
Azure-RegionName
X-Origin-Hint
X-Origin-Date
Azure-InstanceId
X-Timing-Wait
Retry-After
Fastly-SSL
Decoy-Debug-Key
Decoy-Debug-Status
X-Labrador-Cache-Channel
X-Hosted-By
X-FW-Version
X-Format
X-Access
X-AIR-PT
X-Loop
X-Sql-Count
X-Section
X-SayCDN-TTL
X-WA-Info
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
X-MP-GENERATED-AT
X-Say-TTL
X-S-Maxage
X-Sql-Duration-Ms
X-Say-Cacheable
X-Server-W
X-TNCMS
X-No-Session
X-Ratelimit-Remaining
X-Via-Fastly
X-Status
X-OCL
X-PERF
X-Adobe-Loc
X-Adobe-Content
X-R9-Blue-Green-Version
X-PCL
X-ApacheServer
X-Nginx-Cache
X-Cache-TTL-Remaining
Mn-Server-Ip
X-Storefront-Renderer-Rendered
X-Cluster
X-Alternate-Cache-Key
X-AWS-Id
X-VWS-Id
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-ShopId
X-LJ-Flow-ID
X-Shopify-Stage
X-ShardId
X-LAGOON
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Qloud-Router
X-Rendered-As
X-Debug-IsPreview
X-Is-Bot
X-Debug-IsConnected
X-Device-Type
X-Via-CDN
X-Dc
Cache-Hits
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
S-Cnection
X-FTR-Balancer
X-Info
X-Xfnlog-Site
X-CCM
X-Varnish-Grace
X-FTR-Expires
Apigw-Requestid
X-Varnish-Server
AMP-Access-Control-Allow-Source-Origin
X-Detected-As
X-Cdn
X-Cache-Enabled
X-GG-Cache-Date
X-Cache-Host
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
X-SRV
X-Content-Age
X-Microcachable
X-Air-Hostname
X-Unique-Id
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Platform
X-Cache-Var-Map
X-Cache-Var
X-Azure-Ref
Uber-Trace-Id
Tracecode
Amp-Access-Control-Allow-Source-Origin
X-Backend-Host
X-Aspnetmvc-Version
SD-X-WS
X-Correlation-ID
X-CSRF-Token
X-DynaTrace-JS-Agent
X-Time-Microsecs
X-GEO
X-Proxy-Cache-Status
X-NWS-UUID-VERIFY
X-Backend-TTL
Akamai-GRN
X-ServerID
X-APP-VERSION
X-ATG-Version
X-Oss-Hash-Crc64ecma
X-Tb
X-Oss-Object-Type
X-Cache-Backend
X-Oss-Storage-Class
X-Oss-Request-Id
X-Oss-Server-Time
Backend
X-BCube-Filmed-By
X-Trace-Id
DSUID
ServedBy
X-RCS-CacheZone
X-Varnish-Hostname
X-Akamai-Transformed
X-Cache-PHP
X-TA-CDN-Provider
X-Cache-NGX
X-Oracle-Dms-Rid
HostName
X-Dynatrace
SR-User-Adfree
X-Fetched-On
X-Generation-Time
X-Generated-On
Thinkindot-CacheControl
X-A-Wwc
X-Aed
X-Application
X-ARC
X-Varnish-Cache-Hits
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
Thinkindot-Control
X-B-Cookie
X-Connection-Hash
X-D
X-Destination
X-Device-Os
X-CF-Lambda-Version
X-CF-Lambda-Fn
Thinkindot-CacheControl-Type
X-Cache-NE
T-Server
X-Magnolia-Registration
X-External-Request-Id
X-Matched-Rule
X-Thinkindot-L3
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-Trv-Group
Expiry
X-SRCache-Key
Instruction
X-GeoIP-City
X-ScT
X-Session-Fingerprint
Lfy
X-Vdms-Path
X-Vdms-Version
PB-RID
X-Vtex-Remote-Cache
Xc-Version
DCR-Decision-By
PB-PID
X-Vtex-Processado-Em
X-VG-WebCache
Arc-Version
X-VG-WebServer
DCR-Processing-Time-Ms
X-S
X-S-Cookie
X-Origin-CC
X-Sucuri-ID
X-Rojux
X-Origin-TTL
Odigeo-Trace-Id
Path
Rendered-Blocks
Release
X-Level-Front-Cache
X-Location
Meta-Geo-Continent
Mobile-Detection-Method
X-Processor
MD5-Digest
X-PBS-Appsvrname
Machine
X-Request-UUID
X-PAYTM-SRV-ID
X-Rewrite-Enabled
X-NewRelic-App-Data
X-Erf-Stays-Bingo-Pdp-Web
UCS
Pagetype
Ssr
Fastly-Backend-Name
Gh-Request-Id
Host-ID
X-GeoIP
X-Sn-Servicetimems
X-SVT-ORM-RULES
X-Skip-Cache
X-Reqid
X-OVcl
X-OVcl-Cache
X-SVT-ORM-VERSION
X-Swa-Ws
X-VServer
X-Owner
X-Tumblr-Pixel-3
X-TrackingId
X-Thanos
X-Origin-Response-Time
X-Node-Id
X-From
Cf-Device-Type
X-FC-Vary-Parameters
X-Cdn-Origin
X-Bip
X-Cache-Bucket
X-Has-Esi
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-JWT-State
X-Is-Gdpr
X-Irp-Debug
X-Azure-Ref-OriginShield
X-Geo-Header
C-Via
AKAMAI
CacheControlHeader
Cache-Host
X-Debug-Cache
Sever-Int
On-Server
X-NAPM-TraceId
X-HN
X-Generated-In
X-Generated-By
Server-Hostname
X-Cache-Info
Server-Host
PFcat
Server-Ext
DB-Nickname
Wxu-Next-Commit
Pramga
Wxu-Next-Region
X-CUA
X-Backend-State
X-Csrf-Jwt
X-Clientip
X-Cache-Tags
X-CGP
X-Developer
X-Developers
X-Ms-Version
X-Wikidot-Static-Cache
X-Ms-Request-Id
X-B3-Traceid
X-Eu-Site
X-Fastly-Backend
Wxu-Next-Hostname
X-IP
NGX
Ha-Gx-Prefs
X-Request-Host
X-App-Version
L5d-Success-Class
L
X-VarnishDD-TTL
X-Scheme
CloudFront-Viewer-Country
X-User
X-Var-Ttl
X-Varnish-Beresp-Grace
X-Varnish-Hits
Location
HA-Ipaddr
X-Policy
X-Origin-Expires
Magicmarker
X-Wikidot-Backend
Locid
X-Nginx-Cache-Key
User-Cache-Control
X-B3-SpanId
X-Gzip
X-Servername
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Esi-Check
X-Slack-Backend
X-SIPLIST1
X-Core-Value
X-LI-UUID
X-Old-Content-Length
X-Origin
X-Li-Pop
Adler-Geo
X-Li-Fabric
Cf-Bgj
X-Method
X-Fastly-Cache
X-Dispatcher-Server
X-Branch-Name
X-Cache-Id
X-Rebelmouse-Cache-Control
Platform
V-Age
X-GoCache-CacheStatus
X-Rebelmouse-Surrogate-Control
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Request-URI
X-Gen-Mode
X-Cdn-Forward
X-Hnp-Log
Is-Eu
X-DefHash
X-Gamma-Serve
X-DefElseHash
NM-Fastcgi-Cache
X-Loc
X-DPWN-IS-SECURE
X-Cms-Context
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
Fastly-SWR
X-Adobe-Source
IsBot
Origin
X-Cache-Expires
X-TX-ID
Rt-Fastcgi-Cache
X-Variation
Web-Mar-Node
X-Cache-Date
CDCHOST
X-Block-Status
Fastly-Drupal-HTML
Fastly-SIE
Content-Disposition
X-ID
CDN-Uid
CDN-RequestId
X-NU-AKA-ACS-Version
X-Fmm-Version
X-Cache-Debug
Vix-Hermes-Req-Id
Apple-News-Services-Host
CDN-RequestCountryCode
Apple-News-Services-Handled
X-EC-Lua
Apple-News-Services-Request-Url
True-Client-Country-4JS
CDN-Cache
X-Clara-WADP
X-Core-Mission
X-WADP-Cache
Apple-News-Services-Parsed-Url
X-Ratelimit-Reset
CDN-EdgeStorageId
X-Platform-Server
X-CS
CDN-CachedAt
X-Envoy-Decorator-Operation
CDN-PullZone
Sid
X-NCache
X-VG-TLSProxy
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
X-Aicache-OS
X-Request-Start
X-LB-ID
X-Cache-Remote
X-Varnish-Url
Url
X-Refresh
X-NC
X-CACHE-GROUP
Esi-Enabled
X-Nc
S-Rt
X-Varnish-Cacheable
X-Via-Poph
X-Via-Popv
X-B3-Spanid
X-Via-Popn
X-Response-By
X-CACHE-KEY
Who
X-Proxy-Cachei7
X-Host-Name
X-Epic-Correlation-Id
Xkeyi7
Country-Code
Pics-Label
X-FireWall-Protection
X-TraceId
X-Unique-ID
X-Srv
X-Tb-Optimization-Total-Bytes-Saved
N-Cache
X-BBXSRF
Req-Svc-Chain
X-Cache-2
X-Webkit-Csp
Source
Ohc-File-Size
Content-Secure-Policy
Server-Ttl
X-Planisys-CDN-TTL
Cross-Origin-Window-Policy
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Error
Geoip-Latitude
X-Sucuri-Cache
X-Contensis-Viewer-Groups
X-Cache-ASPX
GeoIp-Country-Code
X-Cc-Req-Id
X-HS-Status
D-Cc-Upstream
X-Cc-Via
X-Varnish-Authentication
X-CDN-Forward
X-Webkit-CSP-Report-Only
Cteonnt-Length
X-Svr
X-LiteSpeed-Cache-Control
X-DC
X-CLOUD-TRACE-CONTEXT
Cmsid
Geo-Info
Cmstype
Kp-EeAlive
HitType
CACHE
X-Cs
X-Wa
X-RateLimit-Limit
X-Served-From
Svr
X-Servedbyhost
X-Server-IP
MIME-Version
X-URL
X-Cache-Config
Viewtype
X-Origin-Time
VivaBuild
A
X-Nyt-Route
X-API-Version
X-FPC
Cache-Key
Filterid
X-Gdpr
X-RAMCache
Resin-Trace
Server-Id
X-Vcl-Version
M-TraceId
X-SN
X-VC
X-Li-Proto
X-Esi
Ohc-Cache-HIT
X-LI-Proto
X-Vgn-Hpd-Reason
Arc-Country
X-NodeID
X-Webstats-RespID
X-SB
Cross-Origin-Opener-Policy
TDXMobile
X-TIME
X-Air-Source
Hostname
Server-ID
X-HOST
X-HostName
X-NGINX-Cache
NtCoent-Length
X-Viewer-Country
X-SD-PageType
Request-ID
SID
X-Check-Cacheable
Tcn
X-VCL-Version
X-UA
Mime-Version
X-DB
Cache-Provider
X-Internal-Host
X-DW
X-Render-Time
NGB
XServer
X-TIM-N
X-Hcs-Proxy-Type
X-DI
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-RSL
X-Vc
X-RPS
X-RPM
X-DSS
X-Newrelic-Synthetics
X-Service
X-ServedByHost
Srv
X-WA
GeoIP-Latitude
X-App
EpKe-Alive
X-Ua
X-BBC-Edge-Cache-Status
GeoIP-Country-Code
X-JoinUs
X-SaId
X-CF-Powered-By
X-PHP-Backend
X-Action
X-Auto-Login
Upgrade-Insecure-Requests
X-Worker
DataCenter
ProcessTime
Processtime
X-Extlb
X-FTR-Cache-Host
X-Geo
X-Edge-Location
X-Via-NSCOPI
X-Forwarded-Site
FSS-Cache
X-Oss-Cdn-Auth
X-Fpc
X-NGENIX-Cache
X-Ftr-Cache-Host
X-Provided-By
X-Dynatrace-Js-Agent
X-Cdn-Request-ID
Datacenter
Proxy-Connection
W
X-FORWARDED-FOR
CDN
X-CSRF-TOKEN
X-Cluster-Node
CF-Cached-On
X-Swift-Error
X-HITS
X-Depends-On
X-BACKEND-TTL
X-Date
X-Bc-Bl
X-Region-Sid
X-MSEdge-Flight
X-MSEdge-Features
We-Hiring
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-PJAX-URL
Cdn
X-Req
X-Parent-Response-Time
Mail-Subject
Memcached
LB
X-VC-Cache
Surrogated-Key
X-BBC-Origin-Response-Status
X-Accel-Expires-Debug
X-CACHE-AGE
X-Client-Ip
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-IN-APIGATEWAY
X-Flog
X-Sigma-Backend
X-Pad
X-Hello
X-ABtesting
X-IN-APIGATEWAYSSL
X-Cache-Tag
X-Sigma
X-RateLimit-Remaining-Second
X-Fastly-Request-Id
X-UnsetCookies
Env
OT-Force-Account-Verify
X-Rocket-Build-Number
PICS-Label
Dnion-Transfer-Encoding
X-Akamai-Pragma-Client-IP
X-ZONE
X-Air-Trace-Id
X-Via-PopV
X-Zone
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
Media-Length
X-APP
Vha6-Origin
X-Men
X-Oracle-DMS-ECID
X-Via-PopH
X-Via-PopN
X-ND-Cache
X-Presslabs-Stats
X-Pf-Uncompressing
CPC-Age
X-LiteSpeed-Tag
Memory
VNS-Cache
Time
X-Lb-Id
Epwk-X-Cache
X-MiniProfiler-Ids
VNS-Age
CPC-Cache
WZWS-RAY
Cf-Ipcountry
X-Varnish-URL
X-Vcache
URI
X-Varnish-Beresp-TTL
X-Akamai-ERRuleID
X-Snapshot-Date
X-Csrf-Token
X-ElasticPress-Search
Xet-Cookie
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-Request-Url
X-Request-URL
X-Ms-Meta-Originalurl
X-Akamai-ERPolicy
CountryCode
X-Tx-Id
X-C
Content-Style-Type
Content-Script-Type
X-Litespeed-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
X-Tid
Inserted-Into-Cache-At
X-B3-Parentspanid
NnCoection
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Phost
X-Traceid
X-Redis-Duration-Ms
X-Storefront-Renderer-Verified
Ohc-Response-Time
Environment
X-Redis-Count
X-ServerName