Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Ua-Compatible
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
EagleId
Request-Context
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
Host-Header
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Amz-Version-Id
X-Device
X-CST
Allow
X-Vhost
X-Host
X-Backend-Server
Xkey
X-Server-Id
X-WebKit-CSP
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
Content-Location
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Akam-SW-Version
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
Accept-Ch
X-Application-Context
X-Cache-Lookup
X-Ac
X-Country
X-Template
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Language
Accept-CH
X-Readtime
Accept-CH-Lifetime
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
Rating
X-HW
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-Url
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-ORACLE-DMS-RID
X-Trace
X-ORACLE-DMS-ECID
X-Sol
X-Middleton-Response
Display
X-Middleton-Display
Pagespeed
Response
X-Content-Type
X-Varnish-TTL
X-D2id
Arr-Disable-Session-Affinity
X-Exp-Id
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
Verso
X-Vcap-Request-Id
X-TTL
X-Rack-Cache
X-Country-Code
X-Goog-Hash
X-Powered-By-Plesk
X-Navigation-Version
Service-Worker-Allowed
X-Server-Name
X-Amz-Rid
X-Buckets
X-VARITI-CCR
X-Abt-Application-Version
X-Fastly-Request-ID
X-FastCGI-Cache
X-Webkit-CSP
X-Client-IP
Fastly-Restarts
X-Cache-TTL
X-Cached
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-Pinterest-Rid
Pinterest-Generated-By
X-Element-Page-Cache
Pinterest-Version
SPRequestGuid
X-Oneagent-Js-Injection
X-SharePointHealthScore
X-NF-Request-ID
SPIisLatency
SPRequestDuration
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Public-Key-Pins
RTSS
Access-Control-Request-Method
AR-ATIME
Ar-Sid
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-Edge
X-Powered-CMS
X-SRCache-Fetch-Status
X-LLID
X-SRCache-Store-Status
Cache-Tag
X-Ezoic-Cdn
X-Litespeed-Cache
X-Upstream
Content-MD5
X-Jurisdiction
X-Origin-Upstream-Status
X-HP-Webp
X-Version
S
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Id
X-ECACHE
X-MCACHE
X-Mid
X-Px
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
X-DynaTrace
Fastcgi-Cache
X-T
Cache-Tags
X-Amz-Server-Side-Encryption
X-Id
Filters
X-Logged-In
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Ruxit-Js-Agent
X-Content-Security-Policy-Report-Only
X-Forwarded-Proto
Edge-Cache-Tag
Server-Node
Front-End-Https
X-Forwarded-For
X-Correlation-Id
TP-L2-Cache
TP-Cache
Server-Name
X-Grace
X-Debug
X-Fastcgi-Cache
Nginx-Cache
X-Hits
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Amzn-Trace-Id
X-Request-Received
X-Request-Processing-Time
TCN
X-B3-Sampled
X-Shield-Request-Id
X-Ttl
X-Yandex-Sdch-Disable
Surrogate-Key
X-Microsite
X-Varnish-Age
X-Request-Handler-Origin-Region
X-Activity-Id
X-Az
X-AppVersion
X-Amz-Replication-Status
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Hub-Id
X-Ser
X-HS-Cache-Config
X-XRDS-LOCATION
X-F-Cache
X-XRDS-Location
X-Origin-Server
X-DIS-Request-ID
X-Goog-Stored-Content-Length
X-Pinterest-Direct
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
Alternate-Protocol
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
Accept-Charset
X-Geo-Country
X-Git-Hash
X-Cache-Key
X-Rid
X-Respond-Thread
Section-Io-Cache
X-NWS-LOG-UUID
X-Frontend
Host
X-LB-Cache
X-DataDome
X-Upgrade-Enabled
X-Time
Cache
X-Seen-By
X-Mobile-URL
Access-Control-Allow-Method
X-FTR-Request-ID
MS-CV
X-Server-ID
X-VCache
ServerID
Paypal-Debug-Id
X-Cache-Age
Healthy
X-Type
X-IPLB-Instance
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Content-Options
X-Request-Guid
X-AOL-HN
Payment
X-Varnish-Backend
X-TT
X-App-Environment
X-Aspnet-Duration-Ms
X-Flags
X-Hostname
X-Whom
X-Page-Id
X-Daa-Tunnel
X-Cache-Action
Cleartype
X-Source
X-B-Cache
X-Signature
X-Debug-Info
Fastcgi-Useragent
X-Load-Cache
X-WebKit-CSP-Report-Only
X-Jobs
X-N
X-RateLimit-Remaining
Powered-By-ChinaCache
Nel
X-FB-Debug
X-Mobile
X-Webkit-Csp
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Contextid
X-Erf-Bev-Bev
Realpath
X-Via-JSL
Refresh
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Rule
X-TEC-API-ORIGIN
Node
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Zen-Fury
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
X-RTag
X-Cache-Expired-At
DC
X-Proxy
X-Framework
Ms-Operation-Id
Referer-Policy
X-ProcessESI
X-Cacheable-TTL
X-RemovedCookies
X-Instance
X-Drupal-Cache-Contexts
X-B
X-HTML-Minification-Powered-By
X-Cluster-Name
X-UUID
X-FW-Dynamic
X-Cache-Control
X-Cache-Time
Viewport
X-FW-Hash
Access-Control-Request-Headers
X-FW-Serve
X-Tt-Trace-Host
X-Page-View
X-Region
X-Tt-Trace-Tag
X-FW-Type
X-FW-Server
X-FW-Static
X-Real-IP
X-Distributor
Version
X-Akamai-Edgescape
Eomportal-Instance
X-Cached-By
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Rule
Countrycode
X-Cache-Operation
Liferay-Portal
VIX-Pulpo-Node
X-Yottaa-Optimizations
X-FireWall-Port
VIX-Pulpo-Upstream-Status
X-Cache-Hit
X-Yottaa-Metrics
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-G
X-Tumblr-Pixel
X-Pass-Why
X-Tumblr-User
X-Environment-Context
X-L-Path
X-App-Server
DynaTrace
Server-Info
SRV
CF-IPCountry
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
Section-Io-Id
Section-Origin-Responded
X-User-Agent
Ec-Rule-Version
Xserver
From-Origin
X-Debug-IsConnected
X-Debug-IsPreview
X-Tumblr-Pixel-2
Webserver
X-Protected-By
X-Www-Served-By
X-Nginx-Cache
GEO-INFO
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Ratelimit-Limit
X-Mode
X-Device-Type
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-UPSTREAM-Address
X-Hl-Ver
X-Handled-By
X-Site-Version
X-Adobe-Loc
X-Adobe-Content
X-Cache-Server
X-Backend-Name
X-Endurance-Cache-Level
X-MP-GENERATED-AT
X-Locale
X-FB-TRIP-ID
Webcakes-App-Name
TWC-GeoIP-LatLong
X-NYM-Debug-Backend
Webcakes-App-Version
TWC-Locale-Group
TWC-Connection-Speed
X-UA-Device-Type
X-Varnish-Grace
X-Varnishpool
TWC-GeoIP-Country
Webcakes-Region
Property-Id
X-Node-Name
X-Be
X-Web-Node
Retry-After
X-Uri
Cache-Status
X-Storage
X-Origin-Hint
Cache-Tv-Group
TWC-Device-Class
X-Soup
TWC-Privacy
Fastly-SSL
X-Human
X-AWS-Id
X-No-Session
X-Labrador-Cache-Channel
X-LJ-Flow-ID
Country
Decoy-Debug-Status
X-Section
X-PCL
X-Sql-Count
X-Timing-Wait
X-FW-Version
X-Request-Time
Cache-Name
X-Sql-Duration-Ms
X-WA-Info
X-OCL
X-VWS-Id
X-Server-W
X-Via-Fastly
X-PHP-Host
Mn-Server-Ip
Decoy-Debug-TTL
X-Redis-Cache
X-Proxy-Build
X-Access
X-Proto
X-Pubstack
X-Format
Selected-Fe
X-R9-Blue-Green-Version
Decoy-Debug-Key
Azure-SiteName
Azure-SlotName
X-BYPASS-REASON
Azure-RegionName
Azure-InstanceId
X-ProxyCache-Status
X-Zipkin-Id
X-Xfnlog-Site
X-AIR-PT
X-LAGOON
X-ApacheServer
Protected
X-PERF
Azure-Version
X-SayCDN-TTL
X-Proxied
X-Origin-Date
X-ProxyCache-Key
X-Routing-Service
X-Say-TTL
X-Say-Cacheable
Frame-Options
X-S-Maxage
X-Hyper-Cache
X-Status
X-Loop
X-CCM
X-Hosted-By
X-TNCMS
X-Cache-TTL-Remaining
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-TT-LOGID
X-ShardId
X-ShopId
X-Forwarded-Host
X-Cache-Grace
X-Alternate-Cache-Key
X-GG-Cache-Date
Apigw-Requestid
X-Info
X-Is-Bot
X-Rendered-As
X-Cluster
X-Revision
X-Varnish-Server
X-Qloud-Router
X-SRV
S-Cnection
X-Dc
X-Ratelimit-Remaining
AMP-Access-Control-Allow-Source-Origin
X-Microcachable
X-Cache-Enabled
X-Proxy-Cache-Status
Uber-Trace-Id
X-Cdn
X-Content-Age
X-Via-CDN
Cache-Hits
X-Platform
X-FTR-Cache-Status
X-FTR-Realm
X-NWS-UUID-VERIFY
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-DC
X-FTR-Balancer
X-Azure-Ref
X-Varnish-Ttl
X-App-Version
X-TA-CDN-Provider
X-Backend-Host
Amp-Access-Control-Allow-Source-Origin
X-Amz-Meta-S3cmd-Attrs
X-Aspnetmvc-Version
X-Detected-As
X-CSRF-Token
X-Amz-Apigw-Id
X-Cache-Host
X-Amzn-RequestId
X-FTR-Expires
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-EdgeConnect-Cache-Status
X-ATG-Version
X-B3-SpanId
X-Trace-Id
X-Oss-Hash-Crc64ecma
SD-X-WS
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
Tracecode
X-Oss-Object-Type
X-CS
X-Debug-Cache
X-RCS-CacheZone
ServedBy
X-Varnish-Hostname
X-Cache-PHP
X-Air-Hostname
X-BCube-Filmed-By
X-Akamai-Transformed
X-Time-Microsecs
X-Cache-NGX
X-Backend-TTL
X-Correlation-ID
X-Tb
HostName
X-Unique-Id
X-Cache-Var-Map
X-Cache-Var
DB-Nickname
X-ServerID
X-NewRelic-App-Data
X-A-Dam
X-A-Dcw
X-A-Ccd
X-A-Wwc
X-NAPM-TraceId
X-A-Dgt
X-Ms-Request-Id
X-PAYTM-SRV-ID
X-CF-Lambda-Version
X-PBS-Appsvrname
X-CF-Lambda-Fn
X-Cache-NE
X-B-Cookie
X-ARC
X-A
X-Connection-Hash
X-Application
X-Origin-CC
X-Origin-TTL
X-Aed
X-Level-Front-Cache
X-External-Request-Id
Machine
X-D
T-Server
Thinkindot-CacheControl
MD5-Digest
Meta-Geo-Continent
Rendered-Blocks
Release
X-Device-Os
Odigeo-Trace-Id
Mobile-Detection-Method
X-Fetched-On
X-From
Thinkindot-CacheControl-Type
BehaviorPad-Version
X-Adobe-Source
X-Destination
X-Location
X-GeoIP-City
X-Generation-Time
Expiry
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
DCR-Decision-By
X-Generated-On
Thinkindot-Control
X-Ms-Version
X-Rewrite-Enabled
X-Request-UUID
X-ScT
X-Vtex-Remote-Cache
X-VG-WebCache
X-DynaTrace-JS-Agent
Xc-Version
X-S-Cookie
X-Rojux
X-VG-WebServer
X-Thinkindot-L3
X-Session-Fingerprint
X-EC-Lua
X-Vdms-Version
X-SRCache-Key
X-Processor
X-Trv-Group
X-Vdms-Path
X-S
X-Vtex-Processado-Em
X-Magnolia-Registration
X-Nc
X-Sucuri-ID
X-TX-ID
DSUID
Backend
UCS
CacheControlHeader
Sever-Int
C-Via
Content-Disposition
SR-User-Adfree
X-GeoIP
X-Tumblr-Pixel-3
Cf-Device-Type
X-Has-Esi
X-Geo-Header
Gh-Request-Id
PB-PID
PB-RID
X-Developers
Locid
Path
On-Server
Pagetype
Magicmarker
X-Fastly-Cache
Instruction
X-Policy
Server-Ext
Fastly-Backend-Name
X-VServer
Arc-Version
Host-ID
X-FC-Vary-Parameters
Server-Hostname
X-Irp-Debug
X-Nginx-Cache-Key
X-Node-Id
X-Azure-Ref-OriginShield
AKAMAI
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Cms-Context
X-Bip
X-B3-Traceid
X-Owner
X-Cache-Bucket
X-GEO
X-Reqid
X-OVcl-Cache
X-Varnish-Cache-Hits
X-OVcl
X-SVT-ORM-RULES
X-Skip-Cache
X-JWT-State
Wxu-Next-Hostname
NGX
X-TrackingId
X-Is-Gdpr
Wxu-Next-Region
X-Thanos
Wxu-Next-Commit
X-Core-Value
X-SVT-ORM-VERSION
X-HS-Content-Campaign-Id
X-Cdn-Forward
User-Cache-Control
PFcat
X-Cache-Debug
X-Wikidot-Static-Cache
X-Cache-Tags
X-User
Web-Mar-Node
X-Cache-Info
X-CGP
Ssr
X-Backend-State
Server-Host
X-CUA
X-Generated-In
X-Clientip
X-Clara-WADP
X-Block-Status
X-WADP-Cache
X-Csrf-Jwt
X-Developer
X-Wikidot-Backend
Fastly-SWR
X-HN
CDCHOST
Cache-Host
X-GoCache-CacheStatus
Cf-Bgj
X-Varnish-Beresp-Grace
X-Generated-By
X-Var-Ttl
X-IP
X-Swa-Ws
X-Rebelmouse-Surrogate-Control
X-Platform-Server
X-Rebelmouse-Cache-Control
X-Request-Host
X-Origin-Response-Time
X-Method
X-NU-AKA-ACS-Version
X-SIPLIST1
X-Gen-Mode
X-Hnp-Log
Ha-Gx-Prefs
X-VarnishDD-TTL
IsBot
X-Eu-Site
L5d-Success-Class
X-Fmm-Version
HA-Ipaddr
Fastly-SIE
X-Envoy-Decorator-Operation
X-Cache-Backend
X-ID
X-Scheme
X-Ratelimit-Reset
X-Old-Content-Length
X-Varnish-Hits
X-Origin
X-Varnish-Remaining-TTL
X-Esi-Check
X-Request-URI
X-VG-TLSProxy
X-Dispatcher-Server
X-Origin-Expires
X-Cache-Id
Esi-Enabled
X-Varnish-CookieINHashed-On
X-DPWN-IS-SECURE
X-Li-Fabric
X-Gzip
X-DefHash
X-Varnish-Beresp-Ttl
X-Varnish-CookieHashed-On
X-Variation
X-Li-Pop
X-LI-UUID
X-Varnish-Beresp-Status
V-Age
X-Fastly-Backend
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Apple-News-Services-Host
X-Matched-Rule
X-DefElseHash
CDN-Uid
X-Unique-ID
CDN-RequestId
CDN-RequestCountryCode
Origin
Is-Eu
L
NM-Fastcgi-Cache
Platform
Location
Lfy
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-Branch-Name
Adler-Geo
Who
CDN-Cache
X-CLOUD-TRACE-CONTEXT
X-Loc
X-Slack-Backend
Country-Code
X-Mvc-Supplant-OutputCached
True-Client-Country-4JS
X-Hash
CloudFront-Viewer-Country
X-LB-ID
Vix-Hermes-Req-Id
X-Aicache-OS
X-Gamma-Serve
Rt-Fastcgi-Cache
X-CACHE-KEY
Sid
Geo-Info
X-APP-VERSION
X-Cdn-Origin
Fastly-Drupal-HTML
X-RateLimit-Limit
Pics-Label
X-Cache-Expires
Tcn
Pramga
X-PF-Uncompressing
X-Goog-Meta-Goog-Reserved-File-Mtime
X-NCache
X-Varnish-Url
X-Sn-Servicetimems
X-Cache-Date
X-Via-Poph
X-Servername
X-Via-Popn
X-Via-Popv
X-Core-Mission
X-Epic-Correlation-Id
Filterid
X-Planisys-CDN-Rules
Url
X-Planisys-CDN-TTL
X-Request-Start
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-Cache
X-Refresh
X-TraceId
X-FireWall-Protection
Req-Svc-Chain
Cmsid
Cmstype
Kp-EeAlive
X-Served-From
X-Error
Svr
X-Varnish-Cacheable
Cache-Key
A
NGB
Viewtype
X-Response-By
Source
VivaBuild
X-NC
X-Erf-Stays-Bingo-Pdp-Web
X-Webkit-CSP-Report-Only
X-Srv
Xkeyi7
X-Proxy-Cachei7
MIME-Version
M-TraceId
X-DC
GeoIp-Country-Code
Geoip-Latitude
X-Cache-Remote
N-Cache
HitType
S-Rt
X-HS-Status
Server-Ttl
TDXMobile
Cross-Origin-Opener-Policy
Arc-Country
X-BBXSRF
X-Servedbyhost
X-Wa
Content-Secure-Policy
X-URL
X-B3-Spanid
X-Vcl-Version
X-Cache-2
Server-ID
X-Vgn-Hpd-Reason
X-HostName
X-Air-Source
X-CDN-Forward
X-Contensis-Viewer-Groups
X-Vc
Resin-Trace
X-Esi
X-Cc-Req-Id
X-Cc-Via
X-Varnish-Authentication
X-Cache-ASPX
D-Cc-Upstream
X-LiteSpeed-Cache-Control
NtCoent-Length
X-JoinUs
Cross-Origin-Window-Policy
Ohc-File-Size
Cteonnt-Length
X-Host-Name
CACHE
X-Sucuri-Cache
X-NGENIX-Cache
X-SaId
X-PHP-Backend
X-Li-Proto
X-Geo
X-LI-Proto
X-Internal-Host
X-Edge-Location
X-Svr
SID
X-RAMCache
X-HOST
X-VCL-Version
Request-ID
X-Server-IP
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
DataCenter
X-Service
X-UA
X-Extlb
XServer
X-WA
X-Viewer-Country
X-Nyt-Route
X-FPC
X-Newrelic-Synthetics
X-DI
X-Via-NSCOPI
X-API-Version
X-Gdpr
X-DB
X-DSS
X-TIM-N
X-RPS
X-RSL
X-Cache-Config
X-ServedByHost
X-Forwarded-Site
FSS-Cache
X-DW
X-RPM
X-Origin-Time
Hostname
X-SN
X-Dynatrace
X-Cs
X-App
X-Bc-Bl
GeoIP-Country-Code
Cache-Provider
X-Check-Cacheable
GeoIP-Latitude
CF-Cached-On
X-VC
Ohc-Cache-HIT
LB
X-VC-Cache
X-PJAX-URL
Surrogated-Key
We-Hiring
X-Action
Memcached
X-Region-Sid
X-Proxy-Upstream
Mail-Subject
ProcessTime
Server-Id
X-Webstats-RespID
X-SB
X-ZONE
X-NodeID
X-TIME
X-RateLimit-Limit-Second
X-NGINX-Cache
X-Instrumentation
Mime-Version
X-Req
X-RateLimit-Remaining-Second
X-Kraken-Routeconfig-Destination
X-CF-Powered-By
X-Date
X-Accel-Expires-Debug
X-Server-Lifecycle-Phase
X-SD-PageType
X-Kraken-Loop-Name
X-Oss-Cdn-Auth
X-Fpc
X-Provided-By
X-Dynatrace-Js-Agent
X-APP
X-Rocket-Build-Number
Upgrade-Insecure-Requests
Env
X-FORWARDED-FOR
X-Depends-On
X-Render-Time
X-Sigma-Backend
X-Sigma
W
X-BBC-Edge-Cache-Status
X-Men
X-Swift-Error
X-Cdn-Request-ID
Srv
X-UnsetCookies
X-Ftr-Cache-Host
X-BACKEND-TTL
CPC-Age
CPC-Cache
VNS-Cache
X-Dw-Trace-Id
VNS-Age
X-MSEdge-Flight
CDN
X-Air-Trace-Id
X-MSEdge-Features
EpKe-Alive
Cdn
X-CSRF-TOKEN
X-CACHE-AGE
X-Client-Ip
X-FTR-Cache-Host
X-Parent-Response-Time
X-Auto-Login
X-Hello
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
Processtime
Dnion-Transfer-Encoding
X-Worker
Time
X-Cache-Tag
X-Flog
Memory
X-ABtesting
X-Ua
X-Akamai-Pragma-Client-IP
X-Pad
X-Oracle-DMS-ECID
X-Presslabs-Stats
Media-Length
Vha6-Origin
X-Cluster-Node
Proxy-Connection
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-Trace
X-Acquia-Application-UUID
Datacenter
X-BBC-Origin-Response-Status
X-Pf-Uncompressing
X-Zone
X-ServerName
My-App
PICS-Label
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Via-PopH
Epwk-X-Cache
X-LiteSpeed-Tag
X-Via-PopV
Fastcgi-Cache-TTL
X-Via-PopN
X-Snapshot-Date
Cf-Ipcountry
State
X-Varnish-URL
X-Cache-Status-Check
X-ElasticPress-Search
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-MiniProfiler-Ids
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-Request-URL
Xet-Cookie
X-Vcache
X-Lb-Id
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
CountryCode
X-Tx-Id
X-Edge-Location-Klb
X-Request-Url
X-Storefront-Renderer-Verified
Ohc-Response-Time
Content-Script-Type
Content-Style-Type
X-Apw-Access-Action
X-Apw-Access-Token
X-Minions-Version
X-Nananana
X-Debug-Cache-Store
X-Apw-Hits
X-Litespeed-Cache-Control
X-Apw-Access-Object
X-Redis-Count
Inserted-Into-Cache-At
X-Traceid
OT-Force-Account-Verify
NnCoection
X-B3-Parentspanid
X-Tid
X-Debug-Cache-Fetch
Phost
Environment
X-Redis-Duration-Ms
X-Amz-Meta-Cb-Modifiedtime
URI
X-C