Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
CF-RAY
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
CF-Ray
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
EagleId
Request-Context
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
Host-Header
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Amz-Request-Id
Grace
X-Amz-Id-2
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
P3p
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
X-Device
X-CST
Allow
X-Vhost
X-Host
X-Backend-Server
Xkey
X-WebKit-CSP
X-Server-Id
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
Accept-Ch
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Cache-Lookup
X-Country
Accept-Ch-Lifetime
X-Template
X-Mod-Pagespeed
X-Language
X-Readtime
Accept-CH
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
Rating
X-HW
X-Origin-Cache
X-Cnection
X-MS-InvokeApp
X-Url
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-ORACLE-DMS-RID
X-Varnish-TTL
X-ORACLE-DMS-ECID
Display
X-Sol
Response
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
Verso
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Use-Magma
X-Exp-Variant
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Vcap-Request-Id
X-Country-Code
X-Goog-Hash
X-TTL
X-Rack-Cache
X-Powered-By-Plesk
X-Navigation-Version
X-VARITI-CCR
Service-Worker-Allowed
X-Server-Name
X-Buckets
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Oneagent-Js-Injection
X-Client-IP
Fastly-Restarts
X-FastCGI-Cache
X-Webkit-CSP
X-Cache-TTL
X-Cached
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
SPIisLatency
SPRequestDuration
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
RTSS
Access-Control-Request-Method
AR-PoweredBy
AR-ATIME
AR-Request-ID
AR-CACHE
Ar-Sid
X-Edge
X-LLID
X-Powered-CMS
Cache-Tag
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Ezoic-Cdn
X-Upstream
Content-MD5
X-Litespeed-Cache
X-HP-Webp
X-Jurisdiction
X-Version
X-Origin-Upstream-Status
S
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Content-Id
Fusion-Deployment-Id
X-MCACHE
X-ECACHE
X-Mid
X-Mg-S
X-Recruiting
X-Px
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
X-Ruxit-Js-Agent
X-DynaTrace
X-T
Fastcgi-Cache
Cache-Tags
X-Id
X-Amz-Server-Side-Encryption
X-Logged-In
Filters
X-Accel-Expires
X-Content-Security-Policy-Report-Only
X-Fastcgi-Cache
Server-Node
X-Forwarded-Proto
MicrosoftSharePointTeamServices
Edge-Cache-Tag
Front-End-Https
TP-Cache
TP-L2-Cache
X-Ttl
X-Forwarded-For
Server-Name
X-Grace
Nginx-Cache
X-XRDS-LOCATION
X-Correlation-Id
X-Debug
X-Hits
X-Kong-Upstream-Latency
X-Request-Received
X-Request-Processing-Time
X-Kong-Proxy-Latency
X-Amzn-Trace-Id
TCN
X-B3-Sampled
X-Shield-Request-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Varnish-Age
Surrogate-Key
X-Yandex-Sdch-Disable
X-Az
X-Activity-Id
X-AppVersion
X-Amz-Replication-Status
X-HS-Hub-Id
X-F-Cache
X-HS-Combine-CSS
X-HS-Content-Id
X-HS-Cache-Config
X-Ser
X-Origin-Server
X-DIS-Request-ID
X-Goog-Storage-Class
Alternate-Protocol
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
Accept-Charset
X-Geo-Country
X-Pinterest-Direct
X-Rid
X-Git-Hash
Nel
X-Frontend
Section-Io-Cache
Host
X-Respond-Thread
X-XRDS-Location
X-Cache-Key
X-NWS-LOG-UUID
Cache
X-Upgrade-Enabled
X-LB-Cache
X-DataDome
X-Time
Access-Control-Allow-Method
X-Seen-By
X-Mobile-URL
X-VCache
X-Cache-Age
MS-CV
ServerID
X-FTR-Request-ID
Paypal-Debug-Id
X-Type
X-AOL-HN
X-IPLB-Instance
X-TT
Healthy
X-Hostname
X-Source
X-Varnish-Backend
X-Content-Options
X-Providence-Cookie
X-Is-Crawler
X-Flags
X-App-Environment
X-Request-Guid
X-Aspnet-Duration-Ms
X-Route-Name
Payment
X-Whom
X-Server-ID
X-Cache-Action
X-Signature
X-B-Cache
Cleartype
X-Page-Id
X-Daa-Tunnel
X-RateLimit-Remaining
Fastcgi-Useragent
X-Debug-Info
X-Jobs
X-WebKit-CSP-Report-Only
X-Load-Cache
X-N
Powered-By-ChinaCache
X-FB-Debug
Realpath
X-Contextid
X-Mobile
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Webkit-Csp
Node
Refresh
X-Rule
X-Accel-Buffering
X-Drupal-Cache-Tags
X-Wix-Request-Id
Version
X-Original-Request-Id
X-Response-Served-From
X-RTag
X-Zen-Fury
X-Via-JSL
X-Proxy
Ms-Operation-Id
DC
X-Cache-Expired-At
X-Cacheable-TTL
X-TEC-API-VERSION
X-Framework
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-RemovedCookies
X-HTML-Minification-Powered-By
X-Distributor
Referer-Policy
X-B
X-Real-IP
X-ProcessESI
Access-Control-Request-Headers
X-Instance
X-Page-View
X-Content-Powered-By
X-Cache-Control
X-Cluster-Name
X-Drupal-Cache-Contexts
X-UUID
X-Cache-Time
X-Region
Viewport
X-Cached-By
X-FW-Hash
X-FW-Type
X-FW-Serve
Eomportal-Instance
X-FW-Dynamic
X-Akamai-Edgescape
X-FW-Static
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-FW-Server
Countrycode
X-IPS-LoggedIn
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Rule
X-Cache-Operation
X-FireWall-Port
X-Yottaa-Optimizations
Liferay-Portal
X-Yottaa-Metrics
X-G
X-Cache-Hit
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-L-Path
X-Environment-Context
X-Pass-Why
X-App-Server
DynaTrace
Xserver
Server-Info
SRV
CF-IPCountry
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Nginx-Cache
Section-Io-Id
Section-Origin-Responded
X-Protected-By
X-Debug-IsConnected
X-Debug-IsPreview
X-User-Agent
X-Tec-Api-Version
X-Tec-Api-Origin
From-Origin
X-Tec-Api-Root
X-Www-Served-By
X-Tumblr-Pixel-2
Ec-Rule-Version
Webserver
X-Ratelimit-Limit
X-Device-Type
GEO-INFO
X-Mode
X-Adobe-Loc
X-Adobe-Content
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-Hl-Ver
X-Handled-By
X-ES-SERVER
X-RN-RSRV
Meta-Geo
X-Varnish-Grace
X-MP-GENERATED-AT
Cache-Tv-Group
X-Backend-Name
X-FB-TRIP-ID
X-Cache-Server
Protected
X-Uri
Retry-After
TWC-Locale-Group
X-NYM-Debug-Backend
X-PHP-Host
X-Origin-Hint
TWC-GeoIP-LatLong
Webcakes-App-Version
Webcakes-Region
X-Be
TWC-GeoIP-Country
X-Labrador-Cache-Channel
Webcakes-App-Name
TWC-Privacy
TWC-Device-Class
Cache-Status
TWC-Connection-Speed
Property-Id
X-Varnishpool
Country
Cache-Name
X-Web-Node
X-WA-Info
X-Section
X-Pubstack
Frame-Options
Decoy-Debug-Key
Fastly-SSL
X-Access
Selected-Fe
Decoy-Debug-TTL
X-Format
Mn-Server-Ip
Decoy-Debug-Status
X-Node-Name
X-Storage
X-R9-Blue-Green-Version
X-Redis-Cache
X-BYPASS-REASON
X-ProxyCache-Key
X-Proto
X-Proxy-Build
X-Request-Time
X-Server-W
X-Sql-Duration-Ms
X-Timing-Wait
X-Sql-Count
X-Soup
X-Site-Version
X-Origin-Date
X-ProxyCache-Status
X-UA-Device-Type
X-Locale
X-Human
Azure-Version
X-FW-Version
X-AWS-Id
X-AIR-PT
Azure-SlotName
Azure-SiteName
X-Status
X-Cache-TTL-Remaining
X-SayCDN-TTL
Azure-RegionName
X-Say-TTL
X-Hyper-Cache
X-LJ-Flow-ID
X-Loop
X-Proxied
X-Hosted-By
X-TNCMS
X-No-Session
X-Say-Cacheable
X-S-Maxage
X-Routing-Service
X-VWS-Id
X-Via-Fastly
Azure-InstanceId
X-PCL
X-ApacheServer
X-OCL
X-LAGOON
X-Zipkin-Id
X-PERF
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-Varnish-Server
X-Shopify-Stage
X-ShardId
X-ShopId
X-TT-LOGID
X-Xfnlog-Site
X-Cluster
X-Cache-Grace
X-Forwarded-Host
Apigw-Requestid
X-GG-Cache-Date
X-Info
X-Is-Bot
AMP-Access-Control-Allow-Source-Origin
X-Rendered-As
X-Dc
X-CCM
X-Revision
X-Qloud-Router
S-Cnection
X-TA-CDN-Provider
X-Microcachable
X-Cache-Enabled
Uber-Trace-Id
X-Content-Age
X-SRV
X-Ratelimit-Remaining
X-Proxy-Cache-Status
X-Via-CDN
X-Platform
X-CSRF-Token
X-Azure-Ref
Cache-Hits
X-Cdn
X-FTR-Balancer
X-NWS-UUID-VERIFY
X-FTR-Backend
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-DC
X-Backend-Host
X-FTR-Cache-Status
X-Detected-As
X-Cache-Host
X-Amz-Meta-S3cmd-Attrs
X-App-Version
X-Varnish-Ttl
Amp-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-Aspnetmvc-Version
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
Akamai-GRN
X-EdgeConnect-Cache-Status
X-B3-SpanId
X-ATG-Version
X-Air-Hostname
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Storage-Class
HostName
X-FTR-Expires
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-RCS-CacheZone
SD-X-WS
X-Trace-Id
ServedBy
X-Varnish-Hostname
X-Cache-NGX
X-Cache-PHP
X-Time-Microsecs
X-CS
Tracecode
X-DynaTrace-JS-Agent
X-BCube-Filmed-By
X-Backend-TTL
X-ServerID
X-Debug-Cache
DB-Nickname
X-NewRelic-App-Data
X-Tb
X-Akamai-Transformed
Backend
X-Adobe-Source
X-Nc
X-Ms-Version
X-Ms-Request-Id
X-TX-ID
Fastcgi-X-Cache-Version
X-CF-Lambda-Fn
X-Rojux
X-S-Cookie
X-Vdms-Version
X-Request-UUID
X-Rewrite-Enabled
X-S
X-B-Cookie
X-CF-Lambda-Version
X-Application
X-ARC
X-VG-WebServer
X-VG-WebCache
X-Processor
X-PBS-Appsvrname
X-Trv-Group
X-Origin-CC
X-Vdms-Path
X-NAPM-TraceId
X-Location
X-SRCache-Key
X-Cache-NE
X-ScT
X-PAYTM-SRV-ID
X-Owner
X-Session-Fingerprint
X-Origin-TTL
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Destination
Machine
MD5-Digest
Meta-Geo-Continent
X-Generated-On
Expiry
X-Connection-Hash
X-External-Request-Id
DCR-Decision-By
X-D
X-From
DCR-Processing-Time-Ms
Mobile-Detection-Method
X-Generation-Time
X-A-Wwc
X-A-Dgt
X-Aed
X-Level-Front-Cache
Xc-Version
X-A-Dcw
X-A-Dam
Rendered-Blocks
Odigeo-Trace-Id
T-Server
X-A
X-A-Ccd
BehaviorPad-Version
X-Cache-Var-Map
X-Cache-Var
X-Magnolia-Registration
X-Unique-Id
X-Sucuri-ID
X-Cdn-Forward
Cf-Device-Type
X-Varnish-Beresp-Grace
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-Micro-Cache
Gh-Request-Id
X-GeoIP-City
X-OVcl
X-OVcl-Cache
On-Server
Fastly-Backend-Name
X-Fastly-Cache
X-Fetched-On
AKAMAI
X-EC-Lua
X-Irp-Debug
X-HS-Content-Campaign-Id
Locid
X-Core-Value
X-Is-Gdpr
CacheControlHeader
X-Policy
Arc-Version
Magicmarker
X-JWT-State
X-Geo-Header
X-Has-Esi
X-Cache-Bucket
Wxu-Next-Region
Wxu-Next-Hostname
X-Azure-Ref-OriginShield
Release
X-TrackingId
Server-Host
Wxu-Next-Commit
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
UCS
X-Varnish-Cache-Hits
X-Thinkindot-L3
X-Tumblr-Pixel-3
PB-PID
PB-RID
X-Reqid
Path
Pagetype
X-Bip
Host-ID
X-Device-Os
X-Developers
X-Thanos
DSUID
User-Cache-Control
X-GEO
X-DefElseHash
X-Dispatcher-Server
X-Developer
X-DefHash
X-Cache-Info
X-Block-Status
X-Branch-Name
X-Backend-State
X-Unique-ID
Web-Mar-Node
X-Cache-Debug
X-Cache-Id
X-Cms-Context
X-Csrf-Jwt
X-Clientip
X-CGP
X-Cache-Tags
X-CUA
X-GoCache-CacheStatus
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Swa-Ws
X-Var-Ttl
X-Skip-Cache
X-SIPLIST1
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Scheme
X-Variation
X-Varnish-CookieHashed-On
X-Wikidot-Backend
X-Wikidot-Static-Cache
V-Age
X-Generated-In
X-B3-Traceid
X-VServer
X-Varnish-CookieINHashed-On
X-Varnish-Remaining-TTL
X-VarnishDD-TTL
X-Ratelimit-Reset
X-Origin-Response-Time
X-GeoIP
Ssr
X-Gzip
X-HN
X-Generated-By
X-Gen-Mode
X-Envoy-Decorator-Operation
X-Esi-Check
X-Eu-Site
X-Fastly-Backend
X-Hnp-Log
X-IP
X-Node-Id
X-Old-Content-Length
X-Origin
X-Origin-Expires
X-Nginx-Cache-Key
X-Method
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-DPWN-IS-SECURE
X-CACHE-KEY
Instruction
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
IsBot
L5d-Success-Class
PFcat
NM-Fastcgi-Cache
NGX
Location
Fastly-SIE
Content-Disposition
CDCHOST
CDN-Cache
Cache-Host
C-Via
Adler-Geo
CDN-CachedAt
CDN-EdgeStorageId
Cf-Bgj
CDN-Uid
CDN-RequestId
CDN-PullZone
Platform
CDN-RequestCountryCode
Sever-Int
Server-Ext
Server-Hostname
SR-User-Adfree
Who
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Platform-Server
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Esi-Enabled
L
Geo-Info
X-Hash
Rt-Fastcgi-Cache
X-LB-ID
X-NU-AKA-ACS-Version
X-Gamma-Serve
Apple-News-Services-Handled
X-User
X-Fmm-Version
X-Request-URI
Country-Code
Origin
X-Slack-Backend
X-Varnish-Beresp-Status
X-WADP-Cache
X-Clara-WADP
X-Varnish-Hits
X-ID
X-APP-VERSION
X-Cache-Backend
X-Varnish-Beresp-Ttl
X-Mvc-Supplant-OutputCached
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-VG-TLSProxy
X-Aicache-OS
Lfy
X-Loc
Sid
X-Matched-Rule
X-CLOUD-TRACE-CONTEXT
X-Varnish-Url
CloudFront-Viewer-Country
X-PF-Uncompressing
X-NCache
Filterid
X-RateLimit-Limit
Pics-Label
X-Epic-Correlation-Id
X-Via-Poph
Pramga
X-Via-Popv
X-Cache-Expires
X-Via-Popn
Tcn
X-Cdn-Origin
X-Sn-Servicetimems
X-Refresh
X-Planisys-CDN-Cache
X-Cache-Date
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Core-Mission
X-Servername
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Request-Start
Cmsid
Req-Svc-Chain
Cmstype
Url
X-Served-From
Kp-EeAlive
X-FireWall-Protection
Svr
X-Error
X-Varnish-Cacheable
Source
VivaBuild
Viewtype
NGB
A
Cache-Key
X-Srv
X-Response-By
GeoIp-Country-Code
M-TraceId
MIME-Version
Geoip-Latitude
X-NC
X-Erf-Stays-Bingo-Pdp-Web
X-Webkit-CSP-Report-Only
X-DC
Xkeyi7
Arc-Country
X-Proxy-Cachei7
X-Air-Source
Cross-Origin-Opener-Policy
X-Vgn-Hpd-Reason
X-HS-Status
X-Cache-Remote
TDXMobile
X-Wa
Server-Ttl
S-Rt
X-BBXSRF
N-Cache
HitType
X-Vcl-Version
Server-ID
Content-Secure-Policy
NtCoent-Length
X-URL
X-SaId
X-Li-Proto
X-PHP-Backend
X-CDN-Forward
X-Servedbyhost
X-JoinUs
X-Cache-2
X-HostName
Resin-Trace
X-B3-Spanid
DataCenter
X-Vc
X-Geo
X-Cc-Req-Id
X-Internal-Host
D-Cc-Upstream
X-Cc-Via
X-Edge-Location
X-Varnish-Authentication
X-Service
X-LiteSpeed-Cache-Control
X-Contensis-Viewer-Groups
X-Esi
X-Cache-ASPX
X-Host-Name
X-NGENIX-Cache
CACHE
Cteonnt-Length
SID
Cross-Origin-Window-Policy
Ohc-File-Size
X-Sucuri-Cache
X-LI-Proto
X-RAMCache
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
X-Svr
X-CCDN-Origin-Time
X-HOST
X-Extlb
X-ServedByHost
X-Viewer-Country
FSS-Cache
X-Server-IP
X-WA
Request-ID
X-Forwarded-Site
X-Cs
X-UA
X-DSS
X-DB
X-DI
X-RPM
X-RSL
X-RPS
X-VCL-Version
X-FPC
X-Nyt-Route
X-Bc-Bl
X-Via-NSCOPI
X-Origin-Time
X-Gdpr
X-Newrelic-Synthetics
X-DW
X-API-Version
X-Cache-Config
X-TIM-N
Hostname
CF-Cached-On
X-Dynatrace
X-Date
X-PJAX-URL
Server-Id
Cache-Provider
X-Req
We-Hiring
X-VC-Cache
X-Accel-Expires-Debug
GeoIP-Country-Code
Surrogated-Key
X-App
X-VC
X-Check-Cacheable
Memcached
GeoIP-Latitude
Mail-Subject
X-SN
Ohc-Cache-HIT
XServer
LB
Mime-Version
X-Action
X-Proxy-Upstream
X-RateLimit-Limit-Second
X-RateLimit-Remaining-Second
ProcessTime
Env
X-NodeID
X-Instrumentation
X-SB
X-Webstats-RespID
X-Server-Lifecycle-Phase
X-ZONE
X-Kraken-Loop-Name
X-Kraken-Routeconfig-Destination
X-TIME
X-Swift-Error
X-CF-Powered-By
X-Oss-Cdn-Auth
X-Sigma
X-Air-Trace-Id
X-Sigma-Backend
X-Region-Sid
X-Rocket-Build-Number
X-Men
X-APP
X-SD-PageType
Upgrade-Insecure-Requests
X-Fpc
X-Provided-By
X-Edge-Location-Klb
X-Dynatrace-Js-Agent
X-Render-Time
Memory
X-BBC-Edge-Cache-Status
VNS-Age
W
VNS-Cache
Time
X-MSEdge-Features
X-MSEdge-Flight
CPC-Cache
X-FORWARDED-FOR
CPC-Age
X-Depends-On
X-Cdn-Request-ID
X-NGINX-Cache
Srv
Cdn
CDN
X-BACKEND-TTL
X-Dw-Trace-Id
X-Ftr-Cache-Host
EpKe-Alive
X-UnsetCookies
X-CSRF-TOKEN
X-Client-Ip
X-Zone
X-CACHE-AGE
X-FTR-Cache-Host
X-ABtesting
X-Flog
X-Hello
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
Dnion-Transfer-Encoding
X-Auto-Login
X-Parent-Response-Time
X-Cache-Tag
X-Worker
Processtime
X-Akamai-Pragma-Client-IP
X-Ua
X-Pad
My-App
Fastcgi-Cache-TTL
Media-Length
X-Cluster-Node
X-Acquia-Application-Trace
X-Acquia-Site
X-Pf-Uncompressing
Proxy-Connection
X-Acquia-Application-UUID
X-ServerName
X-Acquia-Purge-Tags
X-Presslabs-Stats
X-BBC-Origin-Response-Status
Vha6-Origin
X-Oracle-DMS-ECID
X-Varnish-Beresp-TTL
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
State
X-Snapshot-Date
Datacenter
PICS-Label
X-Via-PopV
Epwk-X-Cache
X-Via-PopN
X-Via-PopH
X-LiteSpeed-Tag
Cf-Ipcountry
X-ElasticPress-Query
X-Akamai-ERPolicy
X-Request-URL
X-MiniProfiler-Ids
X-Varnish-URL
X-Vcache
X-Akamai-ERRuleID
X-Minions-Version
X-Mg-Request-Id
X-ElasticPress-Search
X-Lb-Id
X-Ms-Meta-Originalurl
Xet-Cookie
X-Ms-Meta-Staticbatchstarttime
CountryCode
X-Litespeed-Cache-Control
Content-Script-Type
X-Apw-Access-Token
X-Cache-Status-Check
Warning
X-Tx-Id
X-Apw-Hits
X-Request-Url
X-Apw-Access-Action
X-Apw-Access-Object
Content-Style-Type
Environment
OT-Force-Account-Verify
X-Traceid
X-Debug-Cache-Fetch
NnCoection
X-B3-Parentspanid
Phost
Ohc-Response-Time
X-Debug-Cache-Store
URI
X-Tid
X-Amz-Meta-Cb-Modifiedtime
X-Storefront-Renderer-Verified
Inserted-Into-Cache-At
X-Redis-Duration-Ms
X-Redis-Count
X-C