Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-Served-By
X-UA-Compatible
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
X-Envoy-Upstream-Service-Time
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Via
Upgrade
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-Robots-Tag
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
Host-Header
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
NEL
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Cache-Spec
X-Device
X-CST
Allow
Xkey
X-Host
X-Vhost
X-WebKit-CSP
X-Backend-Server
EagleEye-TraceId
X-Server-Id
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Akam-SW-Version
P3p
X-ASPNET-VERSION
Accept-CH
X-Ac
X-Application-Context
X-Country
X-Cache-Lookup
X-Template
X-Language
Accept-CH-Lifetime
Accept-Ch
X-Mod-Pagespeed
X-Readtime
Accept-Ch-Lifetime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Rating
X-Origin-Cache
X-MS-InvokeApp
X-Cnection
X-HW
X-Url
X-PC
X-TtlSet
X-Vname
Edge-Control
X-GitHub-Request-Id
X-Clacks-Overhead
X-ESI
X-ORACLE-DMS-ECID
X-Trace
X-Sol
X-Middleton-Response
Pagespeed
X-Middleton-Display
Response
Display
X-Content-Type
X-D2id
X-ORACLE-DMS-RID
X-Kinja
X-Exp-Variant
X-Exp-Id
X-Kinja-Revision
X-GoogleNews-Bot
X-Use-Magma
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
Arr-Disable-Session-Affinity
Verso
X-Webkit-CSP
X-Vcap-Request-Id
X-Goog-Hash
X-Rack-Cache
X-Buckets
X-Country-Code
X-FastCGI-Cache
X-Varnish-TTL
X-Navigation-Version
X-Server-Name
Service-Worker-Allowed
X-VARITI-CCR
X-Amz-Rid
X-Abt-Application-Version
X-Powered-By-Plesk
X-Fastly-Request-ID
X-TTL
X-Client-IP
X-Cache-TTL
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
Fastly-Restarts
X-Release
X-SharePointHealthScore
SPRequestGuid
X-Cached
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-MSEdge-Ref
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
X-NF-Request-ID
Public-Key-Pins
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
RTSS
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-SRCache-Store-Status
AR-CACHE
AR-PoweredBy
AR-Request-ID
AR-ATIME
Ar-Sid
X-Edge
X-LLID
X-Powered-CMS
X-Litespeed-Cache
X-Ezoic-Cdn
Cache-Tag
Content-MD5
X-Origin-Upstream-Status
X-Upstream
X-Px
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-Jurisdiction
X-HP-Webp
S
X-MCACHE
X-Mid
X-Version
X-ECACHE
X-Recruiting
Charset
X-Content-Digest
X-Mg-S
X-PressLabs-Stats
X-Ttl
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
MicrosoftSharePointTeamServices
X-Id
Cache-Tags
Front-End-Https
X-DynaTrace
Filters
X-Content-Security-Policy-Report-Only
X-Logged-In
TCN
X-Debug
Edge-Cache-Tag
Server-Node
X-Accel-Expires
X-Forwarded-Proto
X-Grace
X-Forwarded-For
X-Correlation-Id
Server-Name
TP-L2-Cache
X-Pinterest-Direct
TP-Cache
Nginx-Cache
Surrogate-Key
X-Amzn-Trace-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
X-Shield-Request-Id
X-Ser
X-Server-ID
X-Hits
X-Az
X-Activity-Id
X-Amz-Replication-Status
X-XRDS-Location
X-AppVersion
X-XRDS-LOCATION
X-DIS-Request-ID
X-F-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-Fastcgi-Cache
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Accept-Charset
X-Origin-Server
X-Geo-Country
X-Git-Hash
Alternate-Protocol
X-Respond-Thread
Cache
X-Cache-Key
X-Rid
X-Time
X-FTR-Request-ID
X-Frontend
Section-Io-Cache
X-LB-Cache
Host
X-DataDome
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Ruxit-Js-Agent
Powered-By-ChinaCache
X-Mobile-URL
X-Seen-By
X-Cache-Age
MS-CV
X-VCache
X-NWS-LOG-UUID
Healthy
X-TT
X-AOL-HN
X-Hostname
X-Whom
X-Content-Options
X-IPLB-Instance
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-App-Environment
X-Providence-Cookie
Payment
X-Request-Guid
X-Route-Name
X-Varnish-Backend
X-Flags
X-Is-Crawler
Paypal-Debug-Id
X-Aspnet-Duration-Ms
X-Type
X-Cache-Action
Cleartype
X-Signature
X-Jobs
X-Source
X-B-Cache
ServerID
Fastcgi-Useragent
X-Debug-Info
X-Page-Id
X-Load-Cache
X-N
X-Daa-Tunnel
X-WebKit-CSP-Report-Only
X-FB-Debug
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Nel
X-Via-JSL
X-RateLimit-Remaining
X-Contextid
Refresh
Version
Realpath
X-Response-Served-From
X-Accel-Buffering
X-Akamai-Edgescape
X-Drupal-Cache-Tags
Node
X-Original-Request-Id
X-Cached-By
X-Wix-Request-Id
X-Framework
X-Cacheable-TTL
X-Zen-Fury
X-Cache-Operation
Ms-Operation-Id
X-Cache-Rule
X-Proxy
X-RTag
X-Rule
X-RemovedCookies
X-ProcessESI
X-Distributor
Access-Control-Request-Headers
Referer-Policy
X-HTML-Minification-Powered-By
DC
X-Real-IP
X-B
X-Region
X-UUID
X-Page-View
Viewport
X-Cache-Time
X-Drupal-Cache-Contexts
X-Tt-Trace-Tag
X-Tt-Trace-Host
Eomportal-Instance
X-Cache-Expired-At
X-Instance
VIX-Pulpo-Node
X-Cache-Control
X-Yottaa-Metrics
VIX-Pulpo-Upstream-Status
Liferay-Portal
X-Yottaa-Optimizations
Countrycode
X-Cluster-Name
X-Content-Powered-By
X-FW-Static
X-FW-Type
X-FW-Server
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-G
X-IPS-LoggedIn
X-Environment-Context
X-L-Path
X-Cache-Hit
DynaTrace
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Pass-Why
X-FireWall-Port
Server-Info
X-App-Server
GEO-INFO
X-Varnish-Ttl
Ec-Rule-Version
X-Ratelimit-Limit
X-User-Agent
Xserver
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Webserver
From-Origin
CF-IPCountry
X-Protected-By
X-Node-Name
X-Tumblr-Pixel-2
SRV
X-Ratelimit-Remaining
X-Www-Served-By
Protected
X-Nginx-Cache
X-Cache-Server
X-UPSTREAM-Address
X-Endurance-Cache-Level
X-RN-RSRV
X-ES-SERVER
X-Hl-Ver
Meta-Geo
X-Mode
X-FB-TRIP-ID
X-Debug-IsPreview
X-Site-Version
X-Debug-IsConnected
X-Uri
X-Backend-Name
X-Locale
X-Handled-By
Frame-Options
X-PHP-Host
X-Device-Type
X-Labrador-Cache-Channel
Cache-Tv-Group
X-Varnishpool
X-UA-Device-Type
X-Web-Node
X-Soup
X-Adobe-Content
X-Adobe-Loc
Cache-Status
X-Proxy-Build
X-WA-Info
X-Via-Fastly
X-Sql-Count
X-Timing-Wait
X-Storage
X-Human
X-Sql-Duration-Ms
X-ProxyCache-Key
X-Origin-Date
X-BYPASS-REASON
X-Hyper-Cache
X-Redis-Cache
X-No-Session
Selected-Fe
X-ProxyCache-Status
X-NYM-Debug-Backend
X-Be
X-Request-Time
Cache-Name
X-Cache-Grace
X-Loop
X-LJ-Flow-ID
X-LAGOON
X-Forwarded-Host
X-PCL
X-Origin-Hint
X-AWS-Id
X-VWS-Id
Country
X-TNCMS
X-OCL
X-Proto
X-AIR-PT
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-Country
X-S-Maxage
X-Say-Cacheable
Decoy-Debug-Status
Retry-After
X-Hosted-By
Fastly-SSL
Property-Id
X-Pubstack
X-Say-TTL
X-SayCDN-TTL
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
Decoy-Debug-TTL
TWC-Privacy
Decoy-Debug-Key
TWC-GeoIP-LatLong
X-Revision
TWC-Locale-Group
X-Cache-TTL-Remaining
Azure-SiteName
X-Cluster
Azure-SlotName
Azure-Version
X-ApacheServer
X-Access
Azure-RegionName
X-Format
X-Alternate-Cache-Key
X-FW-Version
X-TT-LOGID
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShardId
X-Server-W
Azure-InstanceId
X-Section
X-R9-Blue-Green-Version
X-Sorting-Hat-ShopId
X-Xfnlog-Site
X-MP-GENERATED-AT
X-PERF
X-CCM
X-Storefront-Renderer-Rendered
X-Status
Mn-Server-Ip
X-Zipkin-Id
X-Routing-Service
X-Proxied
Apigw-Requestid
X-Varnish-Grace
X-Amz-Meta-S3cmd-Attrs
X-Qloud-Router
X-Is-Bot
X-Rendered-As
X-Info
X-Country-Code-Real
S-Cnection
X-Via-CDN
X-Varnish-Server
X-FTR-Backend
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-SRV
X-Cdn
Cache-Hits
X-Cache-Enabled
X-GG-Cache-Date
X-Microcachable
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-FTR-Expires
X-Content-Age
X-Detected-As
X-Cache-Host
Uber-Trace-Id
X-Platform
X-Azure-Ref
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Proxy-Cache-Status
X-Aspnetmvc-Version
X-Amzn-Remapped-Content-Length
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Tec-Api-Root
X-CSRF-Token
X-EdgeConnect-Cache-Status
X-Tec-Api-Version
X-Air-Hostname
X-Backend-Host
Tracecode
X-NWS-UUID-VERIFY
X-Cache-Var-Map
X-Cache-Var
SD-X-WS
X-App-Version
X-Time-Microsecs
X-Oss-Server-Time
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-DynaTrace-JS-Agent
X-Oss-Storage-Class
Akamai-GRN
X-ATG-Version
X-ServerID
X-GEO
X-Unique-Id
HostName
X-Trace-Id
X-BCube-Filmed-By
X-Backend-TTL
X-Debug-Cache
X-RCS-CacheZone
X-Correlation-ID
X-Tb
Backend
ServedBy
X-Varnish-Hostname
X-Cache-NGX
X-Cache-PHP
X-Sucuri-ID
X-Cache-Backend
X-Akamai-Transformed
X-Cdn-Forward
X-B3-SpanId
DSUID
SR-User-Adfree
T-Server
Thinkindot-CacheControl-Type
X-A-Ccd
X-A-Dam
Rendered-Blocks
X-A
Thinkindot-Control
Thinkindot-CacheControl
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
X-A-Dcw
BehaviorPad-Version
X-Ms-Version
X-TX-ID
Instruction
Lfy
Odigeo-Trace-Id
Path
Mobile-Detection-Method
Meta-Geo-Continent
Machine
MD5-Digest
Release
X-CF-Lambda-Version
X-Rojux
X-S
X-S-Cookie
X-ScT
X-Rewrite-Enabled
X-Request-UUID
X-Owner
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Processor
X-Session-Fingerprint
X-SRCache-Key
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-Thinkindot-L3
X-Trv-Group
X-Vdms-Path
X-Origin-TTL
X-Origin-CC
X-Cache-NE
X-CF-Lambda-Fn
X-Ms-Request-Id
X-Connection-Hash
X-B-Cookie
X-ARC
X-A-Wwc
X-Aed
X-Application
X-D
X-Device-Os
X-GeoIP-City
X-Level-Front-Cache
X-Matched-Rule
X-NAPM-TraceId
X-Generation-Time
X-Generated-On
X-External-Request-Id
X-Fetched-On
X-From
X-A-Dgt
X-Destination
X-Magnolia-Registration
X-TA-CDN-Provider
DB-Nickname
X-CS
C-Via
X-Node-Id
Arc-Version
NGX
X-Mvc-Supplant-Cachable
X-Bip
Pagetype
X-Core-Value
X-GeoIP
X-Fastly-Cache
X-FC-Vary-Parameters
Host-ID
X-Irp-Debug
X-Azure-Ref-OriginShield
X-Location
X-Micro-Cache
X-Cache-Bucket
PB-PID
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-TrackingId
X-NewRelic-App-Data
Server-Host
X-B3-Traceid
UCS
X-Skip-Cache
X-Thanos
X-Adobe-Source
X-VServer
PB-RID
User-Cache-Control
X-Dispatcher-Server
X-Developer
X-DefHash
X-DPWN-IS-SECURE
V-Age
X-Fastly-Backend
X-Backend-State
X-Eu-Site
X-Esi-Check
Web-Mar-Node
X-Envoy-Decorator-Operation
X-DefElseHash
X-Clara-WADP
X-Branch-Name
X-Fmm-Version
X-CGP
X-Cache-Info
Wxu-Next-Region
X-Clientip
Wxu-Next-Commit
X-Csrf-Jwt
Wxu-Next-Hostname
X-Block-Status
X-Cms-Context
X-Cache-Id
X-HN
X-Rebelmouse-Surrogate-Control
X-WADP-Cache
X-Reqid
X-Request-Host
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-OVcl
X-OVcl-Cache
X-Platform-Server
X-Policy
X-Scheme
X-Swa-Ws
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Varnish-Beresp-Grace
X-Variation
X-Tumblr-Pixel-3
X-User
X-Var-Ttl
X-Wikidot-Backend
X-Origin-Response-Time
X-Has-Esi
Sever-Int
X-Hnp-Log
X-HS-Content-Campaign-Id
X-Gzip
X-GoCache-CacheStatus
X-Generated-By
X-Generated-In
X-Geo-Header
X-Is-Gdpr
X-JWT-State
X-Nginx-Cache-Key
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-Origin-Expires
X-Wikidot-Static-Cache
X-EC-Lua
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Gen-Mode
X-Cache-Tags
Cf-Device-Type
CloudFront-Viewer-Country
Content-Disposition
Fastly-Backend-Name
CDN-Uid
CDN-RequestId
CDN-EdgeStorageId
CDN-PullZone
CDN-RequestCountryCode
Fastly-SIE
Fastly-SWR
Is-Eu
L5d-Success-Class
Locid
Magicmarker
NM-Fastcgi-Cache
HA-Ipaddr
On-Server
Gh-Request-Id
Ha-Gx-Prefs
CDN-CachedAt
PFcat
X-Varnish-Cache-Hits
Server-Ext
AKAMAI
Adler-Geo
CacheControlHeader
Cache-Host
Platform
Server-Hostname
CDCHOST
CDN-Cache
X-APP-VERSION
X-ID
IsBot
X-Developers
X-Varnish-Beresp-Ttl
X-CUA
X-Varnish-Hits
X-Varnish-Beresp-Status
Location
L
X-Request-URI
X-Origin
Cf-Bgj
X-LB-ID
X-Cdn-Origin
X-IP
X-Method
X-Sn-Servicetimems
X-Slack-Backend
X-SIPLIST1
X-Gamma-Serve
X-Kinja-Server-Push
X-Hash
X-Cache-Debug
X-Cache-Expires
Vix-Hermes-Req-Id
True-Client-Country-4JS
Ssr
Rt-Fastcgi-Cache
X-VG-TLSProxy
Pramga
X-CLOUD-TRACE-CONTEXT
Origin
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Fastly-Drupal-HTML
X-CACHE-KEY
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Servername
X-Aicache-OS
X-Cache-Date
X-Loc
Apple-News-Services-Handled
X-Nc
Esi-Enabled
X-Mvc-Supplant-OutputCached
X-Via-Popn
X-Core-Mission
X-Via-Popv
X-PF-Uncompressing
X-Via-Poph
Sid
X-Erf-Stays-Bingo-Pdp-Web
X-Unique-ID
X-Request-Start
X-NCache
X-Varnish-Url
Who
Country-Code
Url
Pics-Label
X-Refresh
X-Epic-Correlation-Id
X-FireWall-Protection
X-Cache-Remote
X-NC
X-Planisys-CDN-Rules
X-Dynatrace
Req-Svc-Chain
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-Response-By
X-Tb-Optimization-Total-Bytes-Saved
X-Varnish-Cacheable
Geo-Info
X-TraceId
X-Webkit-CSP-Report-Only
X-Webkit-Csp
X-RateLimit-Limit
X-Proxy-Cachei7
X-DC
X-Error
Xkeyi7
S-Rt
X-Srv
N-Cache
X-BBXSRF
Content-Secure-Policy
Cmstype
Cmsid
X-B3-Spanid
X-Host-Name
X-Served-From
Kp-EeAlive
Source
Svr
HitType
Server-Ttl
X-Cache-2
X-HS-Status
Cross-Origin-Window-Policy
X-Sucuri-Cache
X-Cache-ASPX
Cteonnt-Length
Viewtype
Ohc-File-Size
X-Servedbyhost
X-Contensis-Viewer-Groups
VivaBuild
A
X-LiteSpeed-Cache-Control
Cache-Key
GeoIp-Country-Code
Filterid
D-Cc-Upstream
X-Cc-Via
X-Varnish-Authentication
Tcn
X-Cc-Req-Id
Geoip-Latitude
X-Wa
MIME-Version
X-URL
X-HostName
X-Vcl-Version
X-Svr
M-TraceId
X-Oracle-Dms-Rid
Server-ID
TDXMobile
X-Esi
Cross-Origin-Opener-Policy
X-Server-IP
X-LI-Proto
Arc-Country
X-Air-Source
X-CDN-Forward
CACHE
NtCoent-Length
X-Vgn-Hpd-Reason
X-RAMCache
NGB
X-Nyt-Route
X-Cache-Config
X-API-Version
X-FPC
X-Gdpr
SID
X-Origin-Time
X-Li-Proto
X-Cs
X-HOST
X-VCL-Version
Resin-Trace
X-Check-Cacheable
X-Vc
X-SN
Request-ID
X-VC
X-UA
Cache-Provider
X-Service
X-DB
X-Internal-Host
X-TIM-N
X-RPM
GeoIP-Latitude
X-Webstats-RespID
X-RPS
X-RSL
X-CCDN-CacheTTL
GeoIP-Country-Code
X-DW
X-DSS
X-WA
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-DI
X-NodeID
Server-Id
X-SB
X-ServedByHost
X-Newrelic-Synthetics
X-NGENIX-Cache
Ohc-Cache-HIT
Hostname
X-JoinUs
X-SaId
X-PHP-Backend
DataCenter
X-App
Srv
Mime-Version
X-Geo
X-Viewer-Country
X-SD-PageType
X-Edge-Location
X-NGINX-Cache
XServer
X-BBC-Edge-Cache-Status
ProcessTime
X-Action
X-Extlb
X-Forwarded-Site
FSS-Cache
X-Render-Time
X-FTR-Cache-Host
X-Fpc
X-CF-Powered-By
EpKe-Alive
X-Oss-Cdn-Auth
X-Via-NSCOPI
X-Bc-Bl
X-Dynatrace-Js-Agent
X-Provided-By
X-Ua
CF-Cached-On
Upgrade-Insecure-Requests
Surrogated-Key
X-Region-Sid
Processtime
X-VC-Cache
X-Auto-Login
LB
Memcached
X-Worker
W
X-FORWARDED-FOR
X-Cdn-Request-ID
X-HITS
Env
X-Ftr-Cache-Host
X-Req
X-ZONE
X-BACKEND-TTL
X-Depends-On
X-Cluster-Node
X-MSEdge-Flight
X-MSEdge-Features
We-Hiring
Cdn
Mail-Subject
X-Dw-Trace-Id
CDN
X-CSRF-TOKEN
X-PJAX-URL
Proxy-Connection
X-TIME
X-Fastly-Backend-Reqs
X-Accel-Expires-Debug
X-Date
X-Proxy-Upstream
X-Swift-Error
X-Client-Ip
X-CACHE-AGE
Memory
X-Fastly-Request-Id
Time
X-Men
X-Air-Trace-Id
X-BBC-Origin-Response-Status
X-Flog
X-ABtesting
X-Sigma
X-Hello
Dnion-Transfer-Encoding
X-IN-APIGATEWAY
X-Cache-Tag
X-APP
PICS-Label
X-Rocket-Build-Number
X-Parent-Response-Time
Datacenter
X-UnsetCookies
X-Sigma-Backend
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
X-IN-APIGATEWAYSSL
X-Akamai-Pragma-Client-IP
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Pad
X-Zone
Media-Length
X-Pf-Uncompressing
X-Presslabs-Stats
X-Oracle-DMS-ECID
Vha6-Origin
X-Acquia-Site
X-MG-S
Epwk-X-Cache
X-Via-PopH
VNS-Age
VNS-Cache
X-LiteSpeed-Tag
X-Via-PopV
CPC-Cache
CPC-Age
OT-Force-Account-Verify
X-Via-PopN
Cf-Ipcountry
X-MiniProfiler-Ids
X-Varnish-Beresp-TTL
X-Vcache
X-Snapshot-Date
X-Csrf-Token
X-Varnish-URL
X-ND-Cache
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Request-Url
Xet-Cookie
X-Lb-Id
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
X-ElasticPress-Search
X-Request-URL
WZWS-RAY
CountryCode
X-Tid
X-Amz-Meta-Cb-Modifiedtime
X-Litespeed-Cache-Control
State
Content-Style-Type
Content-Script-Type
Ohc-Response-Time
X-Storefront-Renderer-Verified
NnCoection
Environment
X-Redis-Count
URI
X-Redis-Duration-Ms
X-B3-Parentspanid
X-ServerName
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-C
X-Traceid
Phost
Inserted-Into-Cache-At