Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
X-XSS-Protection
Cf-Request-Id
CF-RAY
CF-Cache-Status
Last-Modified
Accept-Ranges
Link
Pragma
Expect-CT
ETag
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
X-Xss-Protection
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Ua-Compatible
X-Turbo-Charged-By
X-Age
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
X-Backend
Server-Timing
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
X-Amz-Id-2
Host-Header
X-Server-Powered-By
X-UA-Device
Grace
X-Nginx-Cache-Status
X-Dns-Prefetch-Control
X-Varnish-Cache
X-LiteSpeed-Cache
X-Rq
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-Cache-Spec
X-Backend-Server
Allow
X-Host
X-Vhost
EagleEye-TraceId
X-CST
X-Device
X-WebKit-CSP
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Kinja-Server-Push
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
Accept-CH
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
X-Template
X-Language
X-Ac
X-Application-Context
X-Country
X-Readtime
X-Mod-Pagespeed
X-Cache-Lookup
X-Cloud-Trace-Context
MS-Author-Via
X-Origin-Cache
Accept-Ch
X-B3-TraceId
Rating
X-Cnection
X-MS-InvokeApp
Accept-Ch-Lifetime
X-ORACLE-DMS-ECID
X-HW
X-Url
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-ESI
Edge-Control
X-GitHub-Request-Id
X-FastCGI-Cache
X-ASPNET-VERSION
X-Trace
Display
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Pagespeed
X-Content-Type
X-Buckets
X-D2id
X-Vcap-Request-Id
Verso
X-Exp-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Kinja-Revision
X-Kinja-Server
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Varnish-TTL
X-Goog-Hash
X-Server-Name
X-Rack-Cache
Service-Worker-Allowed
X-Country-Code
X-Oneagent-Js-Injection
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-ORACLE-DMS-RID
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Webkit-CSP
X-Cache-TTL
X-TTL
X-Client-IP
X-Powered-By-Plesk
X-SharePointHealthScore
SPRequestGuid
SPIisLatency
SPRequestDuration
X-Release
X-Fastly-Request-ID
X-Dw-Request-Base-Id
X-MSEdge-Ref
X-Element-Page-Cache
Fastly-Restarts
X-NF-Request-ID
X-Cached
X-Origin-Upstream-Status
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
Public-Key-Pins
RTSS
X-Px
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-Edge
AR-ATIME
AR-CACHE
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
X-SRCache-Store-Status
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-LLID
X-Powered-CMS
X-Upstream
X-Ezoic-Cdn
X-Pinterest-Direct
Content-MD5
X-Jurisdiction
X-HP-Webp
X-Amz-Server-Side-Encryption
X-ECACHE
X-MCACHE
X-Mid
X-Content-Digest
X-Recruiting
S
Charset
X-Mg-S
X-Aspnetmvc-Version
X-PressLabs-Stats
Cache-Tag
MicrosoftSharePointTeamServices
X-Debug
X-Version
X-Ttl
Front-End-Https
Fastcgi-Cache
TCN
X-Content-Security-Policy-Report-Only
X-Grace
X-XRDS-Location
X-T
Filters
Cache-Tags
X-Kinsta-Cache
Edge-Cache-Tag
Server-Node
X-Forwarded-Proto
X-Id
X-Yandex-Sdch-Disable
X-Amzn-Trace-Id
X-Cache-Key
Powered-By-ChinaCache
X-Accel-Expires
Nginx-Cache
X-Logged-In
Surrogate-Key
X-Correlation-Id
Server-Name
X-Forwarded-For
X-Varnish-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DynaTrace
X-DIS-Request-ID
X-B3-Sampled
X-Hits
X-Request-Handler-Origin-Region
X-Server-ID
X-Microsite
X-Ser
TP-Cache
TP-L2-Cache
X-Request-Received
X-Request-Processing-Time
X-AppVersion
X-Activity-Id
X-Shield-Request-Id
X-Amz-Replication-Status
X-Az
X-Litespeed-Cache
X-FTR-Request-ID
X-HS-Hub-Id
X-HS-Content-Id
X-F-Cache
X-HS-Cache-Config
X-HS-Combine-CSS
Accept-Charset
X-Goog-Metageneration
X-Goog-Generation
X-Git-Hash
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Origin-Server
X-Respond-Thread
X-Geo-Country
X-LB-Cache
X-DataDome
Section-Io-Cache
X-Upgrade-Enabled
X-Hostname
X-Rid
X-Frontend
X-Cache-Age
X-Ruxit-Js-Agent
Access-Control-Allow-Method
Cleartype
X-Mobile-URL
Host
Paypal-Debug-Id
Healthy
Cache
Alternate-Protocol
X-Type
X-TEC-API-ORIGIN
X-IPLB-Instance
X-Content-Options
MS-CV
ServerID
X-TEC-API-VERSION
X-TEC-API-ROOT
X-AOL-HN
X-App-Environment
X-Varnish-Backend
X-Whom
X-WebKit-CSP-Report-Only
Payment
X-Signature
X-TT
X-Providence-Cookie
X-Request-Guid
X-Route-Name
X-Aspnet-Duration-Ms
X-Flags
X-Debug-Info
X-Is-Crawler
X-Cache-Action
X-B-Cache
X-VCache
X-Erf-Bev-Bev-Is-Generated
X-Page-Id
X-Erf-Bev-Bev
Fastcgi-Useragent
X-Seen-By
X-Jobs
X-Mobile
X-Source
X-XRDS-LOCATION
X-N
X-Cached-By
X-NWS-LOG-UUID
X-Load-Cache
X-Browser-Type
X-Time
X-Akamai-Edgescape
Nel
X-Via-JSL
X-RateLimit-Remaining
Version
X-FB-Debug
X-Cache-Rule
DynaTrace
X-Cache-Operation
Viewport
X-Fastcgi-Cache
X-Response-Served-From
X-Accel-Buffering
X-Rule
X-Original-Request-Id
Refresh
X-Zen-Fury
DC
X-Proxy
X-Framework
X-Drupal-Cache-Tags
X-Daa-Tunnel
X-Instance
X-Cacheable-TTL
X-ProcessESI
X-RemovedCookies
X-Tt-Trace-Tag
Realpath
X-Tt-Trace-Host
X-Real-IP
X-Region
Ms-Operation-Id
Referer-Policy
Access-Control-Request-Headers
X-RTag
X-Cache-Time
X-HTML-Minification-Powered-By
X-UUID
X-Node-Name
X-Yottaa-Metrics
X-FW-Dynamic
X-Environment-Context
X-FW-Hash
X-FW-Serve
X-FW-Static
X-FW-Server
X-FW-Type
X-L-Path
X-Distributor
X-Yottaa-Optimizations
X-Page-View
X-Drupal-Cache-Contexts
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Expired-At
X-Contextid
Eomportal-Instance
X-Wix-Request-Id
X-B
Liferay-Portal
GEO-INFO
Node
X-Cluster-Name
X-Tumblr-User
Countrycode
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-G
X-Tumblr-Pixel
X-Cache-Control
X-Amz-Meta-S3cmd-Attrs
X-Content-Powered-By
X-User-Agent
SRV
X-IPS-LoggedIn
X-Cache-Hit
Webserver
X-Tumblr-Pixel-2
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Server-Info
Section-Io-Id
Section-Io-Origin-Status
From-Origin
Protected
X-Ratelimit-Limit
X-Revision
X-App-Server
X-Protected-By
X-Oracle-Dms-Rid
Ec-Rule-Version
X-Pass-Why
X-Backend-Name
Cache-Status
X-Cache-Server
Frame-Options
X-Hyper-Cache
X-FireWall-Port
X-Mode
Retry-After
X-Hl-Ver
X-Handled-By
X-ES-SERVER
X-Endurance-Cache-Level
X-UPSTREAM-Address
X-RN-RSRV
Meta-Geo
X-Via-CDN
X-Locale
X-NYM-Debug-Backend
X-Adobe-Content
X-Soup
X-Adobe-Loc
X-Site-Version
X-Forwarded-Host
X-Storage
X-FB-TRIP-ID
X-Www-Served-By
X-Human
Decoy-Debug-TTL
Fastly-SSL
Property-Id
Webcakes-App-Version
Decoy-Debug-Status
Country
Decoy-Debug-Key
Cache-Tv-Group
X-Cache-Grace
CF-IPCountry
TWC-Locale-Group
TWC-GeoIP-Country
X-Varnishpool
Webcakes-Region
X-Section
X-Be
TWC-Privacy
X-Pubstack
X-Web-Node
X-Access
X-Format
TWC-GeoIP-LatLong
X-Origin-Hint
TWC-Connection-Speed
Webcakes-App-Name
TWC-Device-Class
X-BYPASS-REASON
X-ApacheServer
X-FW-Version
X-Labrador-Cache-Channel
X-OCL
Selected-Fe
Cache-Name
Azure-RegionName
Azure-SiteName
Azure-SlotName
Azure-Version
X-PCL
X-PERF
X-Timing-Wait
X-TT-LOGID
X-UA-Device-Type
X-Uri
X-Redis-Cache
X-ProxyCache-Status
X-PHP-Host
X-Proto
X-Proxy-Build
X-ProxyCache-Key
Azure-InstanceId
X-Origin-Date
X-FTR-DC
X-FTR-Backend
X-FTR-Backend-Server
S-Cnection
X-FTR-Realm
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Balancer
X-No-Session
X-AIR-PT
X-LAGOON
X-Say-Cacheable
X-Sql-Duration-Ms
X-Via-Fastly
X-WA-Info
X-Sql-Count
X-Server-W
X-Say-TTL
X-SayCDN-TTL
X-S-Maxage
X-Qloud-Router
X-TNCMS
X-AWS-Id
X-FTR-Expires
Mn-Server-Ip
X-R9-Blue-Green-Version
X-Hosted-By
X-LJ-Flow-ID
X-Loop
X-VWS-Id
X-Status
Cache-Hits
X-Cache-TTL-Remaining
X-Cache-Var-Map
X-Cluster
X-Cache-Var
X-Request-Time
X-Ratelimit-Remaining
X-Routing-Service
X-Dynatrace
X-ShardId
X-Xfnlog-Site
X-CCM
X-Shopify-Stage
X-Proxied
X-Alternate-Cache-Key
X-MP-GENERATED-AT
X-ShopId
X-Storefront-Renderer-Rendered
X-Zipkin-Id
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
AMP-Access-Control-Allow-Source-Origin
Xserver
X-Rendered-As
X-Air-Hostname
X-Is-Bot
X-Webkit-Csp
X-Detected-As
X-Cdn
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Cache-Host
X-Amz-Apigw-Id
X-SRV
X-Device-Type
Apigw-Requestid
X-Info
X-B3-Traceid
X-Dc
X-Microcachable
X-Tec-Api-Version
X-Tec-Api-Root
X-Tec-Api-Origin
X-Varnish-Ttl
SD-X-WS
X-Unique-Id
X-Nginx-Cache
X-Cache-Backend
X-Cache-Enabled
X-Time-Microsecs
Tracecode
X-Content-Age
X-Backend-TTL
X-ServerID
X-Platform
X-Debug-IsPreview
X-Debug-IsConnected
X-GEO
X-Varnish-Server
X-Erf-Stays-Bingo-Pdp-Web
X-Azure-Ref
Amp-Access-Control-Allow-Source-Origin
X-DynaTrace-JS-Agent
DSUID
X-Varnish-Grace
X-Backend-Host
X-APP-VERSION
X-Sucuri-ID
X-NewRelic-App-Data
X-Oss-Storage-Class
X-Oss-Server-Time
X-Oss-Request-Id
X-ID
X-Tb
Uber-Trace-Id
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-GG-Cache-Date
Akamai-GRN
Arc-Version
PB-PID
PB-RID
X-Correlation-ID
X-BCube-Filmed-By
Backend
X-Cache-Remote
X-ATG-Version
X-Akamai-Transformed
X-Magnolia-Registration
X-Proxy-Cache-Status
X-Origin-Response-Time
Instruction
Xc-Version
Fastcgi-X-Cache-Version
Lfy
X-CF-Lambda-Fn
X-SRCache-Key
X-Cache-NE
X-CF-Lambda-Version
Machine
X-Session-Fingerprint
X-S-Cookie
X-ScT
X-Destination
MD5-Digest
X-Connection-Hash
DCR-Processing-Time-Ms
Expiry
X-Device-Os
Path
Thinkindot-CacheControl-Type
X-Aed
X-Trace-Id
Thinkindot-CacheControl
Thinkindot-Control
X-A-Wwc
X-A-Ccd
X-A-Dam
X-A-Dcw
X-A-Dgt
X-Application
T-Server
Pramga
X-A
Odigeo-Trace-Id
Mobile-Detection-Method
X-B-Cookie
Rendered-Blocks
X-Varnish-Cache-Hits
SR-User-Adfree
X-ARC
Meta-Geo-Continent
X-D
X-Generated-On
X-Request-UUID
X-Vtex-Processado-Em
X-VG-WebCache
X-Location
X-Rewrite-Enabled
X-Processor
X-Origin-CC
X-Vdms-Version
X-Thinkindot-L3
X-Vdms-Path
X-Generation-Time
X-Origin-TTL
X-S
X-Rojux
X-Fetched-On
X-Trv-Group
DCR-Decision-By
X-Level-Front-Cache
CACHE
X-External-Request-Id
X-VG-WebServer
X-Vtex-Remote-Cache
X-PAYTM-SRV-ID
X-Matched-Rule
X-From
X-PBS-Appsvrname
X-CSRF-Token
ServedBy
X-RCS-CacheZone
X-Adobe-Source
X-OVcl
X-OVcl-Cache
Ssr
X-HN
X-HS-Content-Campaign-Id
X-Has-Esi
Magicmarker
HA-Ipaddr
Host-ID
X-Thanos
Ha-Gx-Prefs
Gh-Request-Id
X-JWT-State
Fastly-Backend-Name
L
L5d-Success-Class
X-Irp-Debug
Pagetype
BehaviorPad-Version
X-Is-Gdpr
Release
Locid
X-Node-Id
PFcat
X-Geo-Header
X-Skip-Cache
X-CGP
X-GeoIP-City
X-Generated-In
X-Sn-Servicetimems
X-Cache-Date
X-Cdn-Origin
X-Swa-Ws
X-Wikidot-Backend
X-Micro-Cache
X-Eu-Site
X-FC-Vary-Parameters
X-Developers
X-Csrf-Jwt
X-Mvc-Supplant-Cachable
X-Cache-Bucket
X-Bip
X-VServer
X-User
X-VarnishDD-TTL
X-Tumblr-Pixel-3
X-Owner
Wxu-Next-Hostname
X-GeoIP
X-Azure-Ref-OriginShield
X-Reqid
X-Request-URI
X-Backend-State
X-Request-Start
X-Wikidot-Static-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
Wxu-Next-Commit
Wxu-Next-Region
C-Via
Cache-Host
CacheControlHeader
AKAMAI
X-Varnish-Hostname
X-Cache-NGX
X-Cache-PHP
Cf-Device-Type
X-NC
DB-Nickname
X-Ms-Version
X-Ms-Request-Id
X-Generated-By
Sever-Int
Apple-News-Services-Handled
X-Fastly-Cache
X-Fastly-Backend
X-Varnish-Hits
Content-Disposition
Server-Ext
Server-Host
Server-Hostname
V-Age
Cf-Bgj
User-Cache-Control
X-Cms-Context
X-Core-Value
X-Clientip
X-Cache-Tags
X-Cache-Info
X-CUA
X-Developer
X-Host-Name
X-IP
UCS
X-Debug-Cache
X-Scheme
X-Envoy-Decorator-Operation
Rt-Fastcgi-Cache
X-Method
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
CloudFront-Viewer-Country
X-Origin-Expires
X-Nginx-Cache-Key
On-Server
CDCHOST
X-Var-Ttl
X-Policy
X-Request-Host
Apple-News-Services-Host
NGX
X-Varnish-Beresp-Grace
X-Cache-Expires
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-TX-ID
X-Servername
X-Cache-Debug
X-Cache-Id
X-Clara-WADP
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
X-Platform-Server
X-DefHash
X-DefElseHash
X-Origin
X-Esi-Check
X-Gzip
X-GoCache-CacheStatus
X-Li-Fabric
X-SIPLIST1
X-Varnish-CookieINHashed-On
X-Branch-Name
X-Varnish-CookieHashed-On
X-Variation
X-Hnp-Log
X-Varnish-Remaining-TTL
X-Varnish-Url
X-Loc
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-LI-UUID
X-Li-Pop
X-NWS-UUID-VERIFY
X-Gen-Mode
X-Fmm-Version
X-CS
X-VG-TLSProxy
X-Block-Status
Platform
True-Client-Country-4JS
Vix-Hermes-Req-Id
Web-Mar-Node
Origin
NM-Fastcgi-Cache
Fastly-SWR
Fastly-SIE
Is-Eu
IsBot
Location
X-TrackingId
Adler-Geo
X-WADP-Cache
X-B3-Spanid
X-Varnish-Beresp-Ttl
X-App-Version
X-Varnish-Beresp-Status
X-Varnish-Cacheable
X-Hash
Fastly-Drupal-HTML
X-Gamma-Serve
CDN-Cache
X-Response-By
X-NCache
CDN-Uid
X-Slack-Backend
CDN-RequestId
CDN-RequestCountryCode
CDN-EdgeStorageId
CDN-PullZone
CDN-CachedAt
X-Goog-Meta-Goog-Reserved-File-Mtime
S-Rt
X-Core-Mission
X-EC-Lua
X-NAPM-TraceId
X-Refresh
X-Proxy-Cachei7
Xkeyi7
HostName
Pics-Label
X-PF-Uncompressing
Cross-Origin-Window-Policy
X-Sucuri-Cache
N-Cache
X-BBXSRF
X-URL
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-CACHE-GROUP
Url
X-Cache-2
X-Cdn-Forward
Content-Secure-Policy
X-B3-SpanId
X-CDN-Forward
Ohc-File-Size
Cteonnt-Length
X-Contensis-Viewer-Groups
X-Cache-ASPX
X-Varnish-Authentication
X-Cc-Via
X-Cc-Req-Id
X-LB-ID
D-Cc-Upstream
X-FireWall-Protection
Sid
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-Unique-ID
X-Svr
X-TA-CDN-Provider
X-Server-IP
X-DC
X-Tb-Optimization-Total-Bytes-Saved
X-Wa
X-Servedbyhost
X-Error
MIME-Version
Esi-Enabled
X-Srv
X-Origin-Time
X-TIME
X-Nyt-Route
X-FPC
X-Cache-Config
Source
X-CLOUD-TRACE-CONTEXT
X-API-Version
X-Gdpr
X-Webkit-CSP-Report-Only
HitType
GeoIp-Country-Code
Geoip-Latitude
X-SN
Hostname
X-VC
X-Epic-Correlation-Id
Geo-Info
XServer
X-RateLimit-Limit
Ohc-Cache-HIT
X-Webstats-RespID
Server-Ttl
X-Cs
X-SB
Req-Svc-Chain
X-LI-Proto
X-TraceId
X-NodeID
X-Fastly-Request-Id
X-NGINX-Cache
Who
X-HS-Status
X-VCL-Version
X-Planisys-CDN-TTL
X-LiteSpeed-Cache-Control
X-Planisys-CDN-Cache
Country-Code
X-Planisys-CDN-Rules
X-Nc
X-SD-PageType
X-Check-Cacheable
Server-ID
X-Ua
X-Esi
Cmstype
Kp-EeAlive
SID
Svr
X-Render-Time
EpKe-Alive
Cmsid
X-BBC-Edge-Cache-Status
X-HOST
NtCoent-Length
Request-ID
X-Vgn-Hpd-Reason
X-Viewer-Country
X-Ftr-Cache-Host
Tcn
X-Worker
X-Auto-Login
VivaBuild
X-Served-From
Viewtype
X-Dynatrace-Js-Agent
X-UA
X-DW
X-DSS
Cache-Key
X-RPM
X-RPS
A
Resin-Trace
X-Vcl-Version
X-CACHE-KEY
Cache-Provider
ProcessTime
X-RAMCache
X-DB
X-CSRF-TOKEN
X-RSL
X-DI
CDN
Server-Id
X-Cluster-Node
X-CCDN-Origin-Time
X-TIM-N
X-Li-Proto
GeoIP-Country-Code
GeoIP-Latitude
X-Hcs-Proxy-Type
X-CCDN-CacheTTL
M-TraceId
X-HostName
X-Newrelic-Synthetics
Upgrade-Insecure-Requests
X-CF-Powered-By
X-Air-Source
X-Internal-Host
X-Action
Processtime
Arc-Country
TDXMobile
Cross-Origin-Opener-Policy
X-App
X-Geo
X-FTR-Cache-Host
X-Oss-Cdn-Auth
Datacenter
X-Fpc
OT-Force-Account-Verify
CF-Cached-On
X-WA
X-ServedByHost
Mime-Version
WZWS-RAY
X-Vc
X-BBC-Origin-Response-Status
X-FORWARDED-FOR
X-HITS
Cdn
X-Service
X-MSEdge-Features
X-MSEdge-Flight
X-Dw-Trace-Id
X-Lb-Id
X-Cache-Tag
X-BACKEND-TTL
X-Via-PopV
X-ND-Cache
Proxy-Connection
X-Pinterest-Sli-Endpoint-Name
X-Fastly-Backend-Reqs
X-Pinterest-Sli-Response-Type
X-Via-PopH
X-Pinterest-Sli-Latency-Threshold
X-Via-PopN
Filterid
X-CACHE-AGE
X-Client-Ip
X-Hello
X-ABtesting
X-Flog
Dnion-Transfer-Encoding
Srv
X-IN-APIGATEWAYSSL
X-Parent-Response-Time
X-IN-APIGATEWAY
DataCenter
URI
Vha6-Origin
X-Via-NSCOPI
X-Pf-Uncompressing
NGB
FSS-Cache
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Forwarded-Site
W
X-Acc-Debug-Context
CountryCode
X-Acc-Rdl
X-Cdn-Request-ID
X-NGENIX-Cache
X-PHP-Backend
X-LiteSpeed-Tag
X-JoinUs
X-Akamai-Pragma-Client-IP
X-Akamai-Request-ID
X-Edge-Location
X-MiniProfiler-Ids
Media-Length
X-SaId
PICS-Label
X-Request-URL
Cf-Ipcountry
X-Extlb
X-ElasticPress-Query
X-Vcache
Memcached
Surrogated-Key
Mail-Subject
LB
Content-Style-Type
X-Acquia-Site
X-Acquia-Application-UUID
Epwk-X-Cache
X-Date
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Region-Sid
X-Req
X-VC-Cache
X-UnsetCookies
X-Proxy-Upstream
X-PJAX-URL
X-Bc-Bl
X-Accel-Expires-Debug
X-Ms-Meta-Staticbatchstarttime
X-Depends-On
X-Pad
We-Hiring
X-Akamai-ERRuleID
X-Traceid
X-Acquia-Purge-Tags
X-Swift-Error
X-Csrf-Token
X-Via-Edge
Edge-Copy-Time
X-Varnish-Beresp-TTL
Inserted-Into-Cache-At
X-Via-SSL
X-Akamai-ERPolicy
X-B3-Parentspanid
Content-Script-Type
X-Acquia-Application-Trace
X-Request-Url
X-ElasticPress-Search
X-Ms-Meta-Originalurl
X-ZONE
X-Provided-By
X-Redis-Duration-Ms
Environment
X-Redis-Count
Env
X-Sigma-Backend
X-Tid
X-Sigma
X-Rocket-Build-Number
X-APP
X-Zone
Akamai-Age-Ms
X-ServerName
NnCoection
Ohc-Response-Time
Xet-Cookie
Phost
X-C
Memory
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Snapshot-Date
Time
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control