Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Request-ID
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Backend
X-Server
X-Hacker
Host-Header
Report-To
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
X-Amz-Version-Id
NEL
X-Cache-Spec
X-CST
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
X-Response-Time
Content-Location
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
X-Application-Context
X-Cache-Lookup
X-Ac
X-Country
Accept-CH
Accept-Ch
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Template
X-Language
X-Readtime
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
Accept-CH-Lifetime
Rating
X-HW
X-Url
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-PC
X-Vname
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Middleton-Display
Response
Display
X-Middleton-Response
Pagespeed
X-Sol
X-Content-Type
X-D2id
X-ORACLE-DMS-ECID
Verso
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Vcap-Request-Id
X-GoogleNews-Bot
X-Exp-Variant
X-Use-Magma
X-Exp-Id
X-Kinja-Build
X-Kinja
X-Kinja-Server
X-Kinja-Revision
X-Country-Code
X-Rack-Cache
X-Goog-Hash
X-Powered-By-Plesk
X-Navigation-Version
X-VARITI-CCR
Service-Worker-Allowed
X-TTL
X-Server-Name
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Oneagent-Js-Injection
X-Buckets
X-Client-IP
Fastly-Restarts
X-Cached
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-FastCGI-Cache
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
X-Pinterest-Rid
SPRequestDuration
MRF-Tech
Mrf-Cache-Status
SPIisLatency
X-B3-TraceId-Primal
Pinterest-Version
Pinterest-Generated-By
Public-Key-Pins
Access-Control-Request-Method
RTSS
X-Webkit-CSP
Cache-Tag
AR-CACHE
AR-PoweredBy
AR-ATIME
X-Edge
Ar-Sid
AR-Request-ID
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Upstream
Content-MD5
X-Version
X-HP-Webp
X-Jurisdiction
S
X-Origin-Upstream-Status
X-Recruiting
X-MCACHE
X-ECACHE
X-Mid
Charset
Fusion-Content-Id
X-Mg-S
Fusion-Component-Id
Fusion-Source
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Template-Id
X-DynaTrace
X-Kinsta-Cache
X-PressLabs-Stats
X-Px
X-Content-Digest
X-Fastcgi-Cache
X-Ruxit-Js-Agent
X-T
Fastcgi-Cache
Cache-Tags
X-Ttl
X-Id
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-Logged-In
X-Forwarded-Proto
Filters
Server-Node
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
Edge-Cache-Tag
MicrosoftSharePointTeamServices
Front-End-Https
TP-Cache
TP-L2-Cache
Server-Name
TCN
X-Forwarded-For
X-Grace
Nginx-Cache
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-XRDS-LOCATION
X-Hits
X-Request-Processing-Time
X-Request-Received
X-Correlation-Id
X-Debug
X-Amzn-Trace-Id
X-B3-Sampled
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Age
X-Az
X-Activity-Id
X-AppVersion
X-Yandex-Sdch-Disable
Surrogate-Key
X-HS-Content-Id
X-HS-Combine-CSS
X-Amz-Replication-Status
X-HS-Hub-Id
X-F-Cache
X-HS-Cache-Config
Alternate-Protocol
X-Origin-Server
X-Ser
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-GUploader-UploadID
X-DIS-Request-ID
Accept-Charset
X-Frontend
X-Rid
X-Geo-Country
Section-Io-Cache
Nel
Host
X-Git-Hash
X-NWS-LOG-UUID
X-XRDS-Location
X-Respond-Thread
X-Cache-Age
X-Hostname
X-Upgrade-Enabled
X-Time
X-LB-Cache
X-DataDome
Access-Control-Allow-Method
X-Mobile-URL
X-VCache
X-RateLimit-Remaining
X-Pinterest-Direct
X-Seen-By
MS-CV
ServerID
X-Cache-Key
Paypal-Debug-Id
X-Type
X-IPLB-Instance
Cache
Payment
X-AOL-HN
X-Varnish-Backend
Healthy
X-TT
X-Content-Options
X-Source
X-Providence-Cookie
Cleartype
X-Request-Guid
X-Route-Name
X-Whom
X-Is-Crawler
X-App-Environment
X-Aspnet-Duration-Ms
X-Daa-Tunnel
X-Flags
X-Cache-Action
X-Server-ID
X-B-Cache
X-Signature
X-Page-Id
X-FTR-Request-ID
X-Debug-Info
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-N
X-Jobs
X-Load-Cache
Realpath
X-Contextid
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Mobile
Powered-By-ChinaCache
X-Webkit-Csp
Node
X-Rule
Refresh
X-Cache-Expired-At
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
Version
X-Wix-Request-Id
X-Proxy
X-RTag
X-Drupal-Cache-Tags
DC
Ms-Operation-Id
X-Zen-Fury
X-Framework
X-Cacheable-TTL
X-Instance
X-RemovedCookies
X-HTML-Minification-Powered-By
Viewport
X-ProcessESI
X-B
X-Real-IP
X-Cache-Control
Referer-Policy
X-Content-Powered-By
X-Cluster-Name
Access-Control-Request-Headers
VIX-Pulpo-Upstream-Status
X-Via-JSL
X-UUID
X-Page-View
X-Region
VIX-Pulpo-Node
Eomportal-Instance
X-Tt-Trace-Host
X-Cache-Time
X-Tt-Trace-Tag
X-Distributor
X-Drupal-Cache-Contexts
X-IPS-LoggedIn
X-FireWall-Port
X-FW-Serve
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-Cached-By
X-FW-Type
X-FW-Static
Countrycode
X-Akamai-Edgescape
X-Cache-Rule
X-Cache-Operation
Liferay-Portal
X-TEC-API-ROOT
X-G
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Tumblr-Pixel-1
X-Cache-Hit
X-Yottaa-Optimizations
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Yottaa-Metrics
X-Tumblr-User
X-Environment-Context
X-App-Server
X-L-Path
X-Pass-Why
Xserver
SRV
X-Tec-Api-Origin
X-Nginx-Cache
X-Tec-Api-Root
DynaTrace
X-Tec-Api-Version
Server-Info
X-Www-Served-By
CF-IPCountry
X-Debug-IsConnected
Section-Io-Origin-Status
Section-Io-Id
X-Debug-IsPreview
Section-Origin-Responded
X-Protected-By
Section-Io-Origin-Time-Seconds
X-User-Agent
X-Tumblr-Pixel-2
X-Device-Type
Webserver
From-Origin
X-Varnish-Grace
X-Mode
Ec-Rule-Version
X-Adobe-Loc
X-Adobe-Content
X-Endurance-Cache-Level
X-RN-RSRV
X-ES-SERVER
X-Hl-Ver
X-Handled-By
Retry-After
GEO-INFO
Meta-Geo
X-UPSTREAM-Address
X-Ratelimit-Limit
X-MP-GENERATED-AT
X-Backend-Name
X-Uri
Cache-Tv-Group
X-Pubstack
X-Section
Decoy-Debug-TTL
Webcakes-App-Name
TWC-Connection-Speed
Webcakes-App-Version
Webcakes-Region
X-Access
TWC-Privacy
TWC-Locale-Group
X-Varnishpool
Frame-Options
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Device-Class
X-FB-TRIP-ID
X-Labrador-Cache-Channel
X-Storage
Fastly-SSL
X-OCL
X-Origin-Hint
X-PCL
Cache-Status
Decoy-Debug-Status
X-Format
X-Cache-Server
Decoy-Debug-Key
Property-Id
X-PHP-Host
X-No-Session
X-LAGOON
X-Be
Selected-Fe
X-LJ-Flow-ID
Mn-Server-Ip
X-AWS-Id
X-ApacheServer
X-Proto
X-PERF
X-Varnish-Server
X-NYM-Debug-Backend
X-Proxy-Build
Country
X-WA-Info
X-BYPASS-REASON
X-Human
Protected
X-R9-Blue-Green-Version
Apigw-Requestid
X-Sql-Duration-Ms
X-Sql-Count
X-ProxyCache-Key
X-ProxyCache-Status
X-VWS-Id
X-Via-Fastly
X-Soup
X-Redis-Cache
X-Timing-Wait
X-Server-W
X-Request-Time
X-UA-Device-Type
X-Web-Node
X-Xfnlog-Site
Azure-SiteName
X-S-Maxage
X-Hyper-Cache
X-Hosted-By
X-Cache-TTL-Remaining
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Cache-Name
X-Zipkin-Id
X-Locale
X-Status
X-Site-Version
X-Origin-Date
X-Routing-Service
X-Proxied
X-FW-Version
X-Say-TTL
X-SayCDN-TTL
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-AIR-PT
X-Say-Cacheable
X-Alternate-Cache-Key
X-Shopify-Stage
X-Storefront-Renderer-Rendered
X-TNCMS
X-Loop
X-Sorting-Hat-ShopId
X-Info
X-Node-Name
AMP-Access-Control-Allow-Source-Origin
X-TT-LOGID
X-Rendered-As
X-Is-Bot
X-Cluster
X-GG-Cache-Date
X-Dc
S-Cnection
X-Cache-Grace
X-Cache-Enabled
Uber-Trace-Id
X-Proxy-Cache-Status
X-CCM
X-Forwarded-Host
X-Content-Age
X-Microcachable
X-Qloud-Router
X-Revision
X-SRV
X-TA-CDN-Provider
X-NWS-UUID-VERIFY
X-Platform
X-Azure-Ref
X-CSRF-Token
X-Backend-Host
X-Via-CDN
Cache-Hits
Akamai-GRN
X-Detected-As
X-Varnish-Ttl
X-Cache-Host
X-App-Version
Amp-Access-Control-Allow-Source-Origin
X-Amz-Meta-S3cmd-Attrs
X-Aspnetmvc-Version
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-Correlation-ID
X-FTR-Backend
X-Ratelimit-Remaining
X-Amz-Apigw-Id
X-ATG-Version
X-EdgeConnect-Cache-Status
ServedBy
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Cache-NGX
X-B3-SpanId
X-Cache-PHP
X-Trace-Id
X-RCS-CacheZone
X-Debug-Cache
X-Varnish-Hostname
HostName
SD-X-WS
X-Nc
X-FTR-Expires
DB-Nickname
X-DynaTrace-JS-Agent
X-Oss-Storage-Class
X-Oss-Server-Time
X-Akamai-Transformed
X-CS
X-TX-ID
X-Oss-Request-Id
X-Oss-Object-Type
X-Time-Microsecs
X-Oss-Hash-Crc64ecma
X-BCube-Filmed-By
X-Air-Hostname
X-CACHE-KEY
X-ServerID
Tracecode
X-Backend-TTL
X-Ms-Version
Backend
X-Adobe-Source
X-Ms-Request-Id
X-Connection-Hash
BehaviorPad-Version
Fastcgi-X-Cache-Version
X-External-Request-Id
Rendered-Blocks
X-PBS-Appsvrname
X-Destination
X-D
X-PAYTM-SRV-ID
X-Origin-TTL
X-Owner
X-Origin-CC
X-Location
X-CF-Lambda-Fn
X-NAPM-TraceId
X-Cache-NE
X-Application
X-CF-Lambda-Version
X-B-Cookie
Expiry
X-ARC
DCR-Processing-Time-Ms
DCR-Decision-By
X-Level-Front-Cache
X-SRCache-Key
Meta-Geo-Continent
Mobile-Detection-Method
X-VG-WebCache
X-Vdms-Version
X-Vdms-Path
X-Processor
MD5-Digest
X-VG-WebServer
X-Generation-Time
Xc-Version
T-Server
X-From
Odigeo-Trace-Id
X-Generated-On
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Unique-ID
Machine
X-Rojux
X-S
X-Trv-Group
X-Rewrite-Enabled
X-Request-UUID
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-S-Cookie
X-ScT
X-A
X-A-Dam
X-Session-Fingerprint
X-A-Ccd
X-Varnish-Beresp-Grace
X-NewRelic-App-Data
X-Tb
X-Fetched-On
X-Fastly-Cache
X-Device-Os
X-FC-Vary-Parameters
Gh-Request-Id
Thinkindot-Control
On-Server
UCS
Magicmarker
V-Age
Pagetype
Path
Release
Server-Host
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Wxu-Next-Commit
Wxu-Next-Hostname
CacheControlHeader
X-Cms-Context
X-Core-Value
AKAMAI
X-Cache-Bucket
X-Bip
Wxu-Next-Region
Host-ID
Fastly-Backend-Name
Content-Disposition
X-Developers
Who
X-HS-Content-Campaign-Id
X-Magnolia-Registration
X-Reqid
X-TrackingId
X-Tumblr-Pixel-3
X-Micro-Cache
X-Varnish-Cache-Hits
X-Sucuri-ID
X-OVcl
X-GeoIP-City
X-Policy
X-Irp-Debug
X-Thanos
X-Generated-In
X-Geo-Header
X-OVcl-Cache
X-Mvc-Supplant-Cachable
X-Thinkindot-L3
X-Cache-Var
X-Cdn-Forward
Country-Code
X-Cache-Var-Map
X-Varnish-Beresp-Ttl
X-Unique-Id
User-Cache-Control
X-Scheme
X-Request-URI
X-Request-Host
Web-Mar-Node
X-Skip-Cache
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VG-TLSProxy
X-Cache-Info
Ssr
Cache-Host
X-Swa-Ws
Sever-Int
Server-Ext
Server-Hostname
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-VarnishDD-TTL
X-Var-Ttl
X-User
X-Ratelimit-Reset
X-VServer
X-WADP-Cache
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Node-Id
X-Hnp-Log
X-HN
X-Dispatcher-Server
X-Developer
X-IP
X-Is-Gdpr
X-Csrf-Jwt
X-Envoy-Decorator-Operation
X-Has-Esi
X-Fastly-Backend
X-Generated-By
X-Gen-Mode
X-GeoIP
X-GoCache-CacheStatus
X-Eu-Site
X-Gzip
X-JWT-State
X-Li-Fabric
X-Nginx-Cache-Key
X-Backend-State
X-Block-Status
X-Fmm-Version
X-Old-Content-Length
X-Origin
X-Azure-Ref-OriginShield
X-Branch-Name
X-Cache-Debug
X-CGP
X-Clara-WADP
X-Li-Pop
X-LI-UUID
X-Cache-Id
X-Method
X-Origin-Response-Time
X-Esi-Check
HA-Ipaddr
Ha-Gx-Prefs
CDN-Uid
Cf-Device-Type
Cf-Bgj
C-Via
CDN-PullZone
CDCHOST
Esi-Enabled
DSUID
X-B3-Traceid
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
X-Varnish-Beresp-Status
L5d-Success-Class
CDN-RequestCountryCode
Location
Apple-News-Services-Parsed-Url
CDN-RequestId
Apple-News-Services-Handled
Apple-News-Services-Host
PFcat
Apple-News-Services-Request-Url
PB-RID
Locid
NGX
Arc-Version
NM-Fastcgi-Cache
PB-PID
X-APP-VERSION
X-GEO
X-Origin-Expires
X-Cache-Tags
X-Platform-Server
X-LB-ID
X-DefElseHash
X-DefHash
X-DPWN-IS-SECURE
X-Gamma-Serve
X-Clientip
X-Hash
X-NU-AKA-ACS-Version
X-Slack-Backend
Is-Eu
IsBot
Instruction
X-Varnish-Remaining-TTL
X-Rebelmouse-Cache-Control
Rt-Fastcgi-Cache
SR-User-Adfree
X-Varnish-Hits
Platform
Origin
L
Fastly-SWR
X-Varnish-CookieINHashed-On
X-SIPLIST1
X-RateLimit-Limit
X-Rebelmouse-Surrogate-Control
X-Aicache-OS
Adler-Geo
Fastly-SIE
X-Varnish-CookieHashed-On
X-Variation
X-ID
Filterid
Geo-Info
X-EC-Lua
X-Goog-Meta-Goog-Reserved-File-Mtime
Fastly-Drupal-HTML
X-Varnish-Url
X-Mvc-Supplant-OutputCached
X-CUA
X-CLOUD-TRACE-CONTEXT
X-Via-Poph
X-Matched-Rule
X-Via-Popv
Lfy
X-PF-Uncompressing
X-Epic-Correlation-Id
X-Cache-Backend
Sid
X-Via-Popn
X-Loc
CloudFront-Viewer-Country
X-Planisys-CDN-TTL
X-Refresh
Pics-Label
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Cdn-Origin
Url
X-Cache-Expires
Pramga
X-Sn-Servicetimems
X-NCache
X-Servername
Cmsid
Cmstype
NGB
X-TraceId
Req-Svc-Chain
X-Cache-Date
X-Core-Mission
X-Tb-Optimization-Total-Bytes-Saved
Svr
X-Served-From
Kp-EeAlive
X-Ua-Device
Viewtype
Tcn
A
VivaBuild
X-Request-Start
M-TraceId
MIME-Version
Source
X-Srv
Cache-Key
X-FireWall-Protection
X-Error
X-Vgn-Hpd-Reason
GeoIp-Country-Code
Geoip-Latitude
Cross-Origin-Opener-Policy
Arc-Country
X-Varnish-Cacheable
X-Webkit-CSP-Report-Only
X-Vcl-Version
X-DC
X-Response-By
TDXMobile
Server-ID
DataCenter
X-NC
X-SaId
X-NGENIX-Cache
X-JoinUs
X-PHP-Backend
X-Wa
X-Proxy-Cachei7
X-HS-Status
X-Air-Source
Xkeyi7
X-Geo
X-Edge-Location
X-Vc
NtCoent-Length
X-CDN-Forward
N-Cache
HitType
X-B3-Spanid
X-BBXSRF
X-Service
Server-Ttl
X-Li-Proto
SID
Content-Secure-Policy
X-Servedbyhost
X-Erf-Stays-Bingo-Pdp-Web
S-Rt
X-Cache-Remote
Resin-Trace
X-Internal-Host
X-Extlb
X-Esi
X-LiteSpeed-Cache-Control
X-Cache-2
CACHE
X-Kraken-Loop-Name
X-Varnish-Authentication
X-Forwarded-Site
X-Viewer-Country
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Cc-Req-Id
X-Cc-Via
X-Contensis-Viewer-Groups
X-Instrumentation
D-Cc-Upstream
FSS-Cache
X-Cache-ASPX
X-LI-Proto
Cteonnt-Length
X-Bc-Bl
X-Edge-Location-Klb
X-HOST
X-RAMCache
Ohc-File-Size
X-Via-NSCOPI
Request-ID
X-CCDN-CacheTTL
X-Svr
Cross-Origin-Window-Policy
X-WA
X-ServedByHost
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Sucuri-Cache
X-Host-Name
X-UA
X-HostName
X-Cs
X-VCL-Version
X-Proxy-Upstream
Surrogated-Key
X-PJAX-URL
Mail-Subject
X-Req
X-Date
We-Hiring
X-Accel-Expires-Debug
Memcached
X-TIM-N
X-RPM
X-Newrelic-Synthetics
X-RSL
LB
X-DW
X-RPS
X-DSS
X-DI
X-Server-IP
X-DB
Hostname
GeoIP-Latitude
GeoIP-Country-Code
CF-Cached-On
X-Cache-Config
X-VC-Cache
X-RateLimit-Remaining-Second
Env
X-FPC
X-API-Version
X-Origin-Time
X-Nyt-Route
X-Gdpr
X-App
X-RateLimit-Limit-Second
XServer
X-Sigma
X-Rocket-Build-Number
Upgrade-Insecure-Requests
ProcessTime
X-Action
Server-Id
X-APP
X-Men
X-Sigma-Backend
X-VC
X-Check-Cacheable
X-NodeID
X-ZONE
X-SN
Cache-Provider
X-TIME
Ohc-Cache-HIT
Time
X-MSEdge-Features
X-Webstats-RespID
X-Oss-Cdn-Auth
X-Region-Sid
Memory
X-MSEdge-Flight
X-Air-Trace-Id
CPC-Age
X-SB
Mime-Version
X-CF-Powered-By
X-Fpc
VNS-Age
CPC-Cache
VNS-Cache
X-Swift-Error
X-URL
X-Provided-By
X-Dynatrace-Js-Agent
W
X-Depends-On
X-SD-PageType
X-Zone
X-FORWARDED-FOR
X-Akamai-Pragma-Client-IP
X-Cdn-Request-ID
Srv
X-Ftr-Cache-Host
X-BBC-Edge-Cache-Status
X-CSRF-TOKEN
X-Render-Time
Cdn
X-Dw-Trace-Id
CDN
X-BACKEND-TTL
X-UnsetCookies
X-Client-Ip
X-ServerName
X-Parent-Response-Time
X-ABtesting
My-App
Dnion-Transfer-Encoding
Fastcgi-Cache-TTL
EpKe-Alive
X-Hello
X-Flog
State
X-NGINX-Cache
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
X-Dynatrace
Processtime
PICS-Label
X-FTR-Cache-Host
X-Auto-Login
X-Minions-Version
X-Cache-Tag
X-Acquia-Application-Trace
Vha6-Origin
X-Pad
Media-Length
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Acquia-Site
X-Worker
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-ElasticPress-Search
X-Pf-Uncompressing
Proxy-Connection
X-Cluster-Node
Epwk-X-Cache
X-Via-PopV
X-BBC-Origin-Response-Status
X-Mg-Request-UUID
X-LiteSpeed-Tag
X-Ua
X-Via-PopH
X-Snapshot-Date
X-Via-PopN
Cf-Ipcountry
X-CACHE-AGE
X-Akamai-ERPolicy
Warning
X-Akamai-ERRuleID
X-ElasticPress-Query
X-Vcache
X-MiniProfiler-Ids
OT-Force-Account-Verify
X-Varnish-URL
X-Request-URL
X-Varnish-Beresp-TTL
Datacenter
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
Xet-Cookie
X-Lb-Id
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
CountryCode
X-Cache-Type
Phost
X-Storefront-Renderer-Verified
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Cache-Status-Check
X-Shop-Environment
X-Tenant
X-Orig-Expires
X-ND-Cache
X-Mg-Request-Id
X-Forwarded-Path
X-Apw-Hits
Environment
X-Traceid
X-C
Ohc-Response-Time
X-Debug-Cache-Fetch
Inserted-Into-Cache-At
X-B3-Parentspanid
X-Debug-Cache-Store
URI
X-Tid
X-Litespeed-Cache-Control
Content-Script-Type
NnCoection
X-Redis-Count
X-Amz-Meta-Cb-Modifiedtime
X-Redis-Duration-Ms
Content-Style-Type