Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
CF-Ray
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
EagleId
Request-Context
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Server
X-Hacker
Report-To
Host-Header
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
P3p
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
X-Device
X-CST
Allow
X-Vhost
X-Host
X-Backend-Server
X-WebKit-CSP
Xkey
X-Server-Id
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Accept-Ch
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Cache-Lookup
X-Country
Accept-Ch-Lifetime
X-Template
X-Mod-Pagespeed
X-Language
X-Readtime
Accept-CH
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
Rating
X-HW
X-Origin-Cache
X-Cnection
X-MS-InvokeApp
X-Url
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-ORACLE-DMS-RID
X-Varnish-TTL
X-ORACLE-DMS-ECID
Display
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
Verso
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Vcap-Request-Id
X-Country-Code
X-Goog-Hash
X-TTL
X-Rack-Cache
X-Powered-By-Plesk
X-Navigation-Version
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
X-Buckets
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
X-Oneagent-Js-Injection
X-Client-IP
Fastly-Restarts
X-FastCGI-Cache
X-Webkit-CSP
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
SPIisLatency
SPRequestDuration
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
RTSS
Access-Control-Request-Method
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-CACHE
Ar-Sid
X-Edge
X-LLID
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-Ezoic-Cdn
X-Upstream
Content-MD5
X-Litespeed-Cache
X-HP-Webp
X-Jurisdiction
X-Version
S
X-Origin-Upstream-Status
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
X-Mid
X-ECACHE
X-Recruiting
X-MCACHE
X-Mg-S
X-Px
Charset
X-PressLabs-Stats
X-Content-Digest
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-DynaTrace
X-T
Fastcgi-Cache
Cache-Tags
X-Id
X-Amz-Server-Side-Encryption
X-Logged-In
Filters
X-Accel-Expires
X-Content-Security-Policy-Report-Only
X-Forwarded-Proto
X-Fastcgi-Cache
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Server-Node
Front-End-Https
TP-Cache
TP-L2-Cache
X-Ttl
Server-Name
X-Grace
X-Forwarded-For
X-Correlation-Id
Nginx-Cache
X-Debug
X-XRDS-LOCATION
X-Hits
X-Amzn-Trace-Id
X-Request-Processing-Time
X-Kong-Upstream-Latency
X-Request-Received
X-Kong-Proxy-Latency
TCN
X-B3-Sampled
X-Shield-Request-Id
X-Varnish-Age
X-Request-Handler-Origin-Region
X-Microsite
X-Yandex-Sdch-Disable
Surrogate-Key
X-AppVersion
X-Activity-Id
X-Az
X-Amz-Replication-Status
X-HS-Hub-Id
X-F-Cache
X-HS-Content-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Ser
X-Origin-Server
Alternate-Protocol
X-DIS-Request-ID
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
Accept-Charset
X-Geo-Country
X-Rid
X-Pinterest-Direct
X-Git-Hash
X-Frontend
Nel
Section-Io-Cache
Host
X-Respond-Thread
X-XRDS-Location
X-Cache-Key
X-NWS-LOG-UUID
Cache
X-Upgrade-Enabled
X-LB-Cache
X-DataDome
X-Time
Access-Control-Allow-Method
X-Seen-By
X-Mobile-URL
X-VCache
X-Cache-Age
MS-CV
ServerID
Paypal-Debug-Id
X-FTR-Request-ID
X-IPLB-Instance
X-Type
X-TT
X-AOL-HN
X-Varnish-Backend
X-Content-Options
Healthy
X-Source
X-Hostname
X-Request-Guid
X-Providence-Cookie
Payment
X-Whom
X-Route-Name
X-Is-Crawler
X-App-Environment
X-Flags
X-Aspnet-Duration-Ms
Cleartype
X-B-Cache
X-Cache-Action
X-Signature
X-Server-ID
X-Page-Id
X-Debug-Info
Fastcgi-Useragent
X-RateLimit-Remaining
X-Daa-Tunnel
X-Jobs
X-WebKit-CSP-Report-Only
X-N
X-Load-Cache
Powered-By-ChinaCache
X-FB-Debug
Realpath
X-Contextid
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Webkit-Csp
Node
Refresh
X-Rule
X-Wix-Request-Id
X-Accel-Buffering
Version
X-Cache-Expired-At
X-Response-Served-From
X-Drupal-Cache-Tags
X-Original-Request-Id
X-Zen-Fury
X-RTag
X-Via-JSL
X-Proxy
Ms-Operation-Id
DC
X-TEC-API-ORIGIN
X-Framework
X-Cacheable-TTL
X-TEC-API-ROOT
X-TEC-API-VERSION
Referer-Policy
Access-Control-Request-Headers
X-Real-IP
X-RemovedCookies
X-Distributor
X-HTML-Minification-Powered-By
X-ProcessESI
X-Instance
X-B
X-Cache-Control
Viewport
X-Region
X-Tt-Trace-Host
X-Drupal-Cache-Contexts
X-Tt-Trace-Tag
X-UUID
X-Content-Powered-By
Eomportal-Instance
X-Cluster-Name
X-Page-View
X-Cache-Time
X-FW-Static
X-FW-Server
X-FW-Serve
X-Akamai-Edgescape
X-FW-Hash
X-FW-Type
X-Cached-By
X-FW-Dynamic
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
Countrycode
VIX-Pulpo-Node
X-Cache-Operation
X-Cache-Rule
X-FireWall-Port
Liferay-Portal
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-G
X-Cache-Hit
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-L-Path
X-Pass-Why
X-Environment-Context
X-App-Server
DynaTrace
Server-Info
Xserver
SRV
CF-IPCountry
X-Nginx-Cache
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
X-Protected-By
X-Www-Served-By
X-Debug-IsPreview
X-User-Agent
X-Debug-IsConnected
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
From-Origin
Webserver
Ec-Rule-Version
X-Tumblr-Pixel-2
X-Ratelimit-Limit
X-Device-Type
X-Adobe-Loc
X-Mode
X-Adobe-Content
GEO-INFO
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-Varnish-Grace
X-Hl-Ver
X-RN-RSRV
Meta-Geo
X-Handled-By
X-ES-SERVER
X-MP-GENERATED-AT
Protected
X-Uri
X-FB-TRIP-ID
X-Cache-Server
Retry-After
Cache-Tv-Group
X-Backend-Name
X-Be
X-PHP-Host
TWC-Connection-Speed
X-Origin-Hint
Property-Id
TWC-GeoIP-LatLong
TWC-Privacy
TWC-Locale-Group
X-Labrador-Cache-Channel
Webcakes-App-Name
Webcakes-App-Version
X-Varnishpool
Webcakes-Region
X-NYM-Debug-Backend
TWC-Device-Class
TWC-GeoIP-Country
Cache-Status
X-Proto
X-Proxy-Build
X-Human
X-PCL
X-Access
X-Section
X-ProxyCache-Key
X-Storage
X-No-Session
X-Pubstack
X-Locale
X-Origin-Date
X-LJ-Flow-ID
Country
X-UA-Device-Type
X-Via-Fastly
X-Timing-Wait
X-Sql-Duration-Ms
X-ProxyCache-Status
X-Sql-Count
X-VWS-Id
X-Node-Name
Decoy-Debug-TTL
Fastly-SSL
Decoy-Debug-Status
Decoy-Debug-Key
X-WA-Info
X-Web-Node
X-Site-Version
X-Soup
X-Request-Time
X-OCL
Cache-Name
X-AWS-Id
X-R9-Blue-Green-Version
X-Redis-Cache
Selected-Fe
X-Format
X-Server-W
X-BYPASS-REASON
Mn-Server-Ip
Frame-Options
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Cache-TTL-Remaining
X-AIR-PT
X-PERF
X-Routing-Service
X-Status
X-LAGOON
X-S-Maxage
X-Say-Cacheable
X-ApacheServer
X-SayCDN-TTL
X-Say-TTL
X-Proxied
X-TNCMS
X-Hosted-By
X-Zipkin-Id
X-FW-Version
X-Loop
X-Hyper-Cache
X-Xfnlog-Site
X-Varnish-Server
X-ShardId
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
Apigw-Requestid
X-TT-LOGID
X-Cache-Grace
X-Cluster
X-Forwarded-Host
X-GG-Cache-Date
X-Info
X-Is-Bot
X-Dc
X-Rendered-As
AMP-Access-Control-Allow-Source-Origin
X-CCM
X-Revision
X-Qloud-Router
S-Cnection
X-Microcachable
X-TA-CDN-Provider
X-Cache-Enabled
X-Content-Age
Uber-Trace-Id
X-SRV
X-Proxy-Cache-Status
X-Ratelimit-Remaining
X-Platform
X-Via-CDN
X-Cdn
X-Azure-Ref
X-CSRF-Token
Cache-Hits
X-FTR-DC
X-FTR-Realm
X-FTR-Cache-Status
X-NWS-UUID-VERIFY
X-FTR-Balancer
X-Backend-Host
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-Cache-Host
X-Detected-As
X-Amz-Meta-S3cmd-Attrs
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-Varnish-Ttl
X-Aspnetmvc-Version
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Correlation-ID
Akamai-GRN
X-EdgeConnect-Cache-Status
X-B3-SpanId
X-ATG-Version
X-Trace-Id
X-Debug-Cache
X-Oss-Storage-Class
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Request-Id
HostName
X-Air-Hostname
X-RCS-CacheZone
SD-X-WS
ServedBy
X-FTR-Expires
X-Time-Microsecs
X-Cache-NGX
X-Cache-PHP
X-Varnish-Hostname
Tracecode
X-DynaTrace-JS-Agent
X-CS
X-BCube-Filmed-By
DB-Nickname
X-ServerID
X-Backend-TTL
X-Akamai-Transformed
X-NewRelic-App-Data
X-Ms-Version
X-Tb
X-Ms-Request-Id
X-Adobe-Source
X-Nc
Backend
X-CF-Lambda-Fn
X-Destination
X-Vtex-Processado-Em
X-Level-Front-Cache
X-External-Request-Id
X-Connection-Hash
X-From
X-Generated-On
X-D
X-TX-ID
X-Generation-Time
X-Vtex-Remote-Cache
X-CF-Lambda-Version
Xc-Version
X-VG-WebServer
X-Origin-CC
X-A-Dgt
X-A-Dcw
X-A-Dam
X-A-Ccd
X-A-Wwc
X-Aed
X-Rewrite-Enabled
X-ARC
X-Application
X-A
T-Server
Expiry
MD5-Digest
Fastcgi-X-Cache-Version
Machine
Meta-Geo-Continent
DCR-Processing-Time-Ms
Rendered-Blocks
Odigeo-Trace-Id
Mobile-Detection-Method
X-B-Cookie
X-Rojux
X-Vdms-Path
X-Trv-Group
X-Cache-NE
X-SRCache-Key
X-NAPM-TraceId
X-Location
X-Vdms-Version
BehaviorPad-Version
DCR-Decision-By
X-Origin-TTL
X-Session-Fingerprint
X-Processor
X-Request-UUID
X-S
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-ScT
X-Owner
X-S-Cookie
X-VG-WebCache
X-Cache-Var-Map
X-Cache-Var
X-Unique-Id
X-Magnolia-Registration
X-Sucuri-ID
X-Cms-Context
X-Mvc-Supplant-Cachable
Arc-Version
AKAMAI
X-Micro-Cache
X-Varnish-Beresp-Grace
X-Developers
X-OVcl-Cache
Path
X-OVcl
Pagetype
X-Cdn-Forward
On-Server
X-Core-Value
Locid
X-GeoIP-City
X-Has-Esi
Cf-Device-Type
Content-Disposition
Thinkindot-Control
X-HS-Content-Campaign-Id
Magicmarker
X-EC-Lua
X-Geo-Header
CacheControlHeader
X-JWT-State
X-Irp-Debug
X-Is-Gdpr
X-Policy
PB-PID
X-Azure-Ref-OriginShield
Wxu-Next-Region
Server-Host
Gh-Request-Id
X-Bip
Wxu-Next-Hostname
X-Varnish-Cache-Hits
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
UCS
Host-ID
Wxu-Next-Commit
X-Tumblr-Pixel-3
X-TrackingId
X-Device-Os
X-Fetched-On
X-FC-Vary-Parameters
Release
X-Reqid
X-Fastly-Cache
PB-RID
X-Thinkindot-L3
X-Thanos
Fastly-Backend-Name
X-Cache-Bucket
User-Cache-Control
DSUID
X-GEO
X-Dispatcher-Server
X-DefHash
X-DPWN-IS-SECURE
X-Developer
X-CGP
X-Branch-Name
X-Cache-Debug
X-Block-Status
X-Backend-State
Web-Mar-Node
X-Unique-ID
X-Cache-Id
X-Cache-Info
X-Csrf-Jwt
X-CUA
X-Clientip
X-Clara-WADP
X-Cache-Tags
X-Envoy-Decorator-Operation
X-DefElseHash
X-Gzip
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-Var-Ttl
X-Skip-Cache
X-SIPLIST1
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Scheme
X-Variation
X-Varnish-CookieHashed-On
X-Wikidot-Backend
X-Wikidot-Static-Cache
V-Age
X-Generated-In
X-WADP-Cache
X-B3-Traceid
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-VServer
X-Ratelimit-Reset
X-Platform-Server
X-GoCache-CacheStatus
X-HN
X-Hnp-Log
X-IP
X-GeoIP
X-Generated-By
X-Eu-Site
X-Fastly-Backend
X-Fmm-Version
X-Gen-Mode
X-Li-Fabric
X-Li-Pop
X-Old-Content-Length
X-CACHE-KEY
X-Origin-Expires
X-Origin-Response-Time
X-NU-AKA-ACS-Version
X-Node-Id
X-LI-UUID
X-Method
X-Nginx-Cache-Key
X-Esi-Check
X-Origin
Instruction
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
IsBot
L5d-Success-Class
PFcat
NM-Fastcgi-Cache
NGX
Location
Fastly-SIE
Cf-Bgj
CDN-Cache
CDCHOST
Cache-Host
Adler-Geo
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
Platform
C-Via
Ssr
Sever-Int
Server-Ext
Server-Hostname
SR-User-Adfree
Who
Apple-News-Services-Host
X-User
X-Hash
Apple-News-Services-Handled
X-Gamma-Serve
Vix-Hermes-Req-Id
L
Geo-Info
True-Client-Country-4JS
Apple-News-Services-Request-Url
Esi-Enabled
Apple-News-Services-Parsed-Url
X-LB-ID
X-Slack-Backend
Country-Code
X-Varnish-Beresp-Status
X-Request-URI
X-Varnish-Hits
Origin
X-VG-TLSProxy
Rt-Fastcgi-Cache
X-Cache-Backend
X-ID
X-APP-VERSION
X-Varnish-Beresp-Ttl
X-Matched-Rule
Sid
Fastly-Drupal-HTML
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Mvc-Supplant-OutputCached
X-Loc
Lfy
X-Aicache-OS
X-CLOUD-TRACE-CONTEXT
CloudFront-Viewer-Country
X-Varnish-Url
Pics-Label
X-PF-Uncompressing
X-NCache
Filterid
X-RateLimit-Limit
X-Epic-Correlation-Id
X-Via-Popv
Tcn
X-Cache-Expires
X-Via-Poph
X-Via-Popn
X-Cdn-Origin
Pramga
X-Sn-Servicetimems
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Refresh
X-Planisys-CDN-TTL
X-Core-Mission
X-Cache-Date
X-Servername
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Request-Start
Cmstype
Req-Svc-Chain
Url
Cmsid
X-Served-From
NGB
X-FireWall-Protection
Kp-EeAlive
Svr
X-Srv
Cache-Key
Viewtype
VivaBuild
Source
A
X-Error
X-Varnish-Cacheable
M-TraceId
GeoIp-Country-Code
X-Response-By
MIME-Version
Geoip-Latitude
X-NC
X-Erf-Stays-Bingo-Pdp-Web
X-Webkit-CSP-Report-Only
X-Proxy-Cachei7
Arc-Country
X-HS-Status
Cross-Origin-Opener-Policy
X-Air-Source
Xkeyi7
X-DC
X-Vgn-Hpd-Reason
X-Cache-Remote
X-Vcl-Version
N-Cache
X-BBXSRF
HitType
S-Rt
Server-Ttl
X-Servedbyhost
Server-ID
X-Wa
TDXMobile
Content-Secure-Policy
X-URL
NtCoent-Length
X-B3-Spanid
X-PHP-Backend
X-Vc
X-SaId
X-NGENIX-Cache
X-JoinUs
DataCenter
X-Cache-2
Resin-Trace
X-Li-Proto
X-CDN-Forward
X-HostName
X-Geo
X-Edge-Location
X-Cc-Via
X-Varnish-Authentication
X-Cc-Req-Id
X-Esi
X-Service
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
X-Internal-Host
X-Cache-ASPX
D-Cc-Upstream
Cteonnt-Length
CACHE
Cross-Origin-Window-Policy
SID
Ohc-File-Size
X-Host-Name
X-Sucuri-Cache
X-LI-Proto
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Svr
X-RAMCache
X-CCDN-CacheTTL
X-Extlb
X-HOST
X-Viewer-Country
X-WA
X-Forwarded-Site
FSS-Cache
X-Server-IP
Request-ID
X-ServedByHost
X-VCL-Version
X-UA
X-Cs
X-Newrelic-Synthetics
X-Bc-Bl
X-Nyt-Route
X-Cache-Config
X-Origin-Time
X-TIM-N
X-Gdpr
X-API-Version
X-FPC
X-RPS
X-RSL
X-RPM
X-Via-NSCOPI
X-DI
X-DSS
X-DB
X-DW
Hostname
Memcached
LB
X-Date
Mail-Subject
We-Hiring
X-Accel-Expires-Debug
X-App
Surrogated-Key
GeoIP-Latitude
GeoIP-Country-Code
X-VC-Cache
X-Proxy-Upstream
X-Req
X-PJAX-URL
X-VC
X-Check-Cacheable
X-SN
CF-Cached-On
X-Dynatrace
Server-Id
Cache-Provider
Ohc-Cache-HIT
XServer
X-Action
X-Instrumentation
X-SB
ProcessTime
X-ZONE
Env
X-Kraken-Routeconfig-Destination
Mime-Version
X-Webstats-RespID
X-NodeID
X-RateLimit-Limit-Second
X-Server-Lifecycle-Phase
X-RateLimit-Remaining-Second
X-Kraken-Loop-Name
X-Swift-Error
X-TIME
X-Rocket-Build-Number
X-Air-Trace-Id
X-Sigma-Backend
X-Sigma
X-Edge-Location-Klb
X-Fpc
X-APP
X-Region-Sid
X-CF-Powered-By
Upgrade-Insecure-Requests
X-Men
X-SD-PageType
X-Oss-Cdn-Auth
X-Provided-By
X-Dynatrace-Js-Agent
X-Render-Time
X-FORWARDED-FOR
X-BBC-Edge-Cache-Status
Memory
X-MSEdge-Features
X-MSEdge-Flight
W
X-Depends-On
Time
CPC-Age
VNS-Cache
CPC-Cache
VNS-Age
Srv
X-Cdn-Request-ID
X-NGINX-Cache
X-Ftr-Cache-Host
EpKe-Alive
CDN
X-BACKEND-TTL
X-CSRF-TOKEN
Cdn
X-UnsetCookies
X-Dw-Trace-Id
X-Client-Ip
X-FTR-Cache-Host
X-Zone
X-CACHE-AGE
X-Hello
X-Cache-Tag
Dnion-Transfer-Encoding
Processtime
X-Fastly-Backend-Reqs
X-Parent-Response-Time
X-Auto-Login
X-ABtesting
X-Worker
X-Fastly-Request-Id
X-Flog
X-Akamai-Pragma-Client-IP
X-Ua
State
Fastcgi-Cache-TTL
X-Pad
X-Via-PopV
X-BBC-Origin-Response-Status
My-App
Media-Length
X-Cluster-Node
X-Via-PopH
Vha6-Origin
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Pf-Uncompressing
X-Via-PopN
X-ServerName
X-Presslabs-Stats
X-Oracle-DMS-ECID
Proxy-Connection
X-Acquia-Application-Trace
X-Acquia-Site
X-Varnish-Beresp-TTL
X-IN-APIGATEWAY
Epwk-X-Cache
X-Snapshot-Date
X-Minions-Version
X-IN-APIGATEWAYSSL
Datacenter
PICS-Label
X-LiteSpeed-Tag
Cf-Ipcountry
X-Ms-Meta-Originalurl
X-Lb-Id
X-Ms-Meta-Staticbatchstarttime
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Mg-Request-Id
X-Request-URL
X-MiniProfiler-Ids
X-Varnish-URL
X-ElasticPress-Query
Xet-Cookie
X-Vcache
X-ElasticPress-Search
CountryCode
X-Tx-Id
Environment
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Content-Style-Type
Content-Script-Type
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Hits
X-Cache-Status-Check
X-Litespeed-Cache-Control
X-Apw-Access-Token
NnCoection
Warning
X-B3-Parentspanid
X-Traceid
X-Request-Url
Inserted-Into-Cache-At
Ohc-Response-Time
X-C
X-Tid
X-Storefront-Renderer-Verified
OT-Force-Account-Verify
X-Redis-Duration-Ms
URI
Phost
X-Amz-Meta-Cb-Modifiedtime
X-Redis-Count