Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Request-ID
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
X-Proxy-Cache
X-Cache-Group
EagleId
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Cache-Spec
NEL
X-Device
X-CST
X-WebKit-CSP
Allow
Xkey
X-Vhost
X-Host
X-Backend-Server
X-Server-Id
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Akam-SW-Version
X-Ruxit-JS-Agent
Accept-CH
P3p
X-ASPNET-VERSION
X-Ac
X-Application-Context
X-Cache-Lookup
X-Country
Accept-CH-Lifetime
X-Template
X-Language
X-Mod-Pagespeed
X-Readtime
Accept-Ch
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Accept-Ch-Lifetime
Rating
X-Origin-Cache
X-HW
X-MS-InvokeApp
X-Cnection
X-Url
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-ORACLE-DMS-ECID
X-Trace
X-Content-Type
Pagespeed
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Response
X-D2id
Arr-Disable-Session-Affinity
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
Verso
X-ORACLE-DMS-RID
X-Vcap-Request-Id
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-FastCGI-Cache
X-Varnish-TTL
X-Buckets
X-Navigation-Version
X-Server-Name
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-VARITI-CCR
X-Abt-Application-Version
X-TTL
X-Fastly-Request-ID
X-Client-IP
X-Cache-TTL
X-Webkit-CSP
Fastly-Restarts
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Cached
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
MRF-Tech
RTSS
Access-Control-Request-Method
AR-Request-ID
X-SRCache-Fetch-Status
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-SRCache-Store-Status
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
Cache-Tag
X-Upstream
Content-MD5
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Px
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
X-Jurisdiction
X-HP-Webp
S
X-Version
X-Mid
X-ECACHE
X-MCACHE
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
X-Kinsta-Cache
Fastcgi-Cache
X-T
X-Ttl
X-Id
Cache-Tags
MicrosoftSharePointTeamServices
Filters
X-Content-Security-Policy-Report-Only
X-DynaTrace
Front-End-Https
X-Logged-In
X-Accel-Expires
Server-Node
Edge-Cache-Tag
X-Debug
X-Forwarded-Proto
X-Correlation-Id
X-Grace
TCN
X-Forwarded-For
TP-L2-Cache
TP-Cache
Server-Name
Nginx-Cache
X-Amzn-Trace-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Processing-Time
X-Request-Received
Surrogate-Key
X-Pinterest-Direct
X-Shield-Request-Id
X-Varnish-Age
X-B3-Sampled
X-Yandex-Sdch-Disable
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-XRDS-LOCATION
X-Hits
X-AppVersion
X-Activity-Id
X-Az
X-Amz-Replication-Status
X-F-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-DIS-Request-ID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Ruxit-Js-Agent
X-Origin-Server
X-Fastcgi-Cache
X-XRDS-Location
Accept-Charset
X-Geo-Country
Alternate-Protocol
X-Git-Hash
X-Rid
X-Respond-Thread
Cache
Section-Io-Cache
X-Frontend
Nel
X-Cache-Key
X-FTR-Request-ID
X-LB-Cache
Host
X-Upgrade-Enabled
X-DataDome
X-Time
Access-Control-Allow-Method
X-NWS-LOG-UUID
X-Seen-By
X-Mobile-URL
X-Cache-Age
MS-CV
X-VCache
Paypal-Debug-Id
X-TT
ServerID
X-AOL-HN
Healthy
X-IPLB-Instance
X-Hostname
Cleartype
Powered-By-ChinaCache
X-Whom
X-Varnish-Backend
X-Content-Options
X-Type
X-Route-Name
X-Flags
X-App-Environment
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
Payment
X-B-Cache
X-Cache-Action
X-Server-ID
X-Signature
X-Page-Id
X-Source
Fastcgi-Useragent
X-Jobs
X-Debug-Info
X-WebKit-CSP-Report-Only
X-Load-Cache
X-Daa-Tunnel
X-N
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-FB-Debug
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Via-JSL
X-RateLimit-Remaining
Realpath
X-Contextid
Refresh
Version
Node
X-Accel-Buffering
X-Response-Served-From
X-Rule
X-Wix-Request-Id
X-Original-Request-Id
X-Cached-By
X-Drupal-Cache-Tags
X-Framework
X-Akamai-Edgescape
X-Cacheable-TTL
Ms-Operation-Id
DC
X-Proxy
X-RTag
X-Zen-Fury
X-RemovedCookies
Viewport
X-ProcessESI
X-Cache-Operation
X-Distributor
X-HTML-Minification-Powered-By
Access-Control-Request-Headers
X-B
X-Cache-Time
X-Cache-Rule
X-Real-IP
X-Instance
X-Drupal-Cache-Contexts
X-UUID
Referer-Policy
X-Page-View
X-Region
Eomportal-Instance
X-Tt-Trace-Tag
X-Cluster-Name
X-Cache-Expired-At
X-Tt-Trace-Host
X-FW-Serve
VIX-Pulpo-Upstream-Status
X-FW-Static
Countrycode
X-Content-Powered-By
X-FW-Dynamic
X-Cache-Control
X-FW-Type
X-FW-Server
X-FW-Hash
VIX-Pulpo-Node
X-Yottaa-Metrics
X-Yottaa-Optimizations
Liferay-Portal
X-IPS-LoggedIn
X-Cache-Hit
X-G
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
DynaTrace
X-L-Path
X-Environment-Context
X-FireWall-Port
X-Pass-Why
X-App-Server
Server-Info
GEO-INFO
X-User-Agent
Section-Io-Origin-Status
X-Varnish-Ttl
Section-Io-Id
X-Protected-By
CF-IPCountry
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Webserver
X-Tumblr-Pixel-2
From-Origin
Ec-Rule-Version
X-Ratelimit-Limit
Xserver
SRV
X-Www-Served-By
X-Node-Name
Protected
X-Cache-Server
X-Ratelimit-Remaining
X-Debug-IsPreview
X-UPSTREAM-Address
X-RN-RSRV
X-Handled-By
X-Debug-IsConnected
X-Endurance-Cache-Level
X-Hl-Ver
X-Mode
X-Backend-Name
X-ES-SERVER
Meta-Geo
X-Adobe-Loc
Cache-Tv-Group
Frame-Options
X-Uri
X-FB-TRIP-ID
X-Locale
X-Adobe-Content
Cache-Status
X-Site-Version
X-Device-Type
X-Nginx-Cache
X-NYM-Debug-Backend
X-UA-Device-Type
X-PHP-Host
X-Web-Node
X-MP-GENERATED-AT
X-Storage
X-Soup
X-Labrador-Cache-Channel
X-Varnishpool
X-Be
X-Proxy-Build
X-Proto
TWC-GeoIP-LatLong
X-PCL
X-ProxyCache-Key
X-ProxyCache-Status
X-Redis-Cache
TWC-GeoIP-Country
X-Pubstack
X-Origin-Hint
X-Origin-Date
X-Human
Webcakes-App-Name
Webcakes-App-Version
Webcakes-Region
TWC-Privacy
Decoy-Debug-Status
X-OCL
X-No-Session
TWC-Locale-Group
X-BYPASS-REASON
X-Request-Time
Country
X-Timing-Wait
Fastly-SSL
X-Sql-Duration-Ms
X-Via-Fastly
Decoy-Debug-TTL
X-Hyper-Cache
Decoy-Debug-Key
X-WA-Info
TWC-Device-Class
X-Sql-Count
Selected-Fe
Cache-Name
Property-Id
TWC-Connection-Speed
X-AIR-PT
X-AWS-Id
X-Access
Azure-InstanceId
Azure-Version
Azure-SlotName
Azure-SiteName
Azure-RegionName
Retry-After
X-LJ-Flow-ID
X-Say-TTL
X-Say-Cacheable
X-R9-Blue-Green-Version
X-Loop
X-SayCDN-TTL
X-Section
X-VWS-Id
X-TNCMS
X-Server-W
X-LAGOON
X-S-Maxage
X-Format
X-Hosted-By
X-FW-Version
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Storefront-Renderer-Rendered
X-CCM
X-Xfnlog-Site
X-Cache-TTL-Remaining
X-Shopify-Stage
X-ApacheServer
X-Cache-Grace
X-PERF
X-Forwarded-Host
X-Cluster
X-ShardId
X-Alternate-Cache-Key
X-ShopId
X-Status
X-Revision
X-TT-LOGID
X-Varnish-Grace
Mn-Server-Ip
X-Tec-Api-Version
X-Tec-Api-Root
X-Routing-Service
X-Zipkin-Id
X-SRV
X-Tec-Api-Origin
X-Proxied
X-Rendered-As
Apigw-Requestid
X-Dc
X-Webkit-Csp
X-Is-Bot
X-Qloud-Router
X-Varnish-Server
X-Amz-Meta-S3cmd-Attrs
X-Info
S-Cnection
AMP-Access-Control-Allow-Source-Origin
X-FTR-Backend
X-Country-Code-Real
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-DC
X-Via-CDN
X-GG-Cache-Date
Cache-Hits
X-Cache-Enabled
X-Content-Age
X-Microcachable
X-Cdn
X-Platform
X-Proxy-Cache-Status
Uber-Trace-Id
X-TA-CDN-Provider
X-Detected-As
X-Cache-Host
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-Backend-Host
X-FTR-Expires
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-App-Version
X-NWS-UUID-VERIFY
X-Air-Hostname
Amp-Access-Control-Allow-Source-Origin
X-Aspnetmvc-Version
X-CSRF-Token
SD-X-WS
Akamai-GRN
Tracecode
X-ATG-Version
X-Time-Microsecs
X-Cache-Var
X-Oss-Hash-Crc64ecma
X-Cache-Var-Map
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Unique-Id
X-Oss-Object-Type
X-Backend-TTL
X-ServerID
X-Trace-Id
X-DynaTrace-JS-Agent
ServedBy
X-Debug-Cache
X-Tb
X-RCS-CacheZone
X-Varnish-Hostname
HostName
X-Cache-NGX
X-BCube-Filmed-By
X-Cache-PHP
X-GEO
Backend
X-B3-SpanId
X-CS
X-Correlation-ID
X-Sucuri-ID
DB-Nickname
DSUID
BehaviorPad-Version
X-S-Cookie
X-Level-Front-Cache
Fastcgi-X-Cache-Version
X-Location
Expiry
DCR-Processing-Time-Ms
X-Ms-Version
X-Ms-Request-Id
DCR-Decision-By
X-Connection-Hash
X-Destination
Instruction
X-CF-Lambda-Fn
X-Cache-NE
X-Device-Os
X-Magnolia-Registration
Machine
X-NAPM-TraceId
X-CF-Lambda-Version
X-Origin-CC
X-B-Cookie
X-A-Ccd
Rendered-Blocks
X-Request-UUID
X-Trv-Group
X-A
Release
X-A-Dam
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Fetched-On
X-Thinkindot-L3
X-ScT
X-Session-Fingerprint
X-Rojux
X-S
Thinkindot-CacheControl
T-Server
X-SRCache-Key
X-Rewrite-Enabled
X-From
SR-User-Adfree
Thinkindot-Control
X-Application
X-Generated-On
Xc-Version
X-Cdn-Forward
Mobile-Detection-Method
X-D
X-Vtex-Remote-Cache
X-PBS-Appsvrname
X-PAYTM-SRV-ID
MD5-Digest
Meta-Geo-Continent
X-Owner
Thinkindot-CacheControl-Type
X-Vtex-Processado-Em
Odigeo-Trace-Id
X-ARC
X-External-Request-Id
Path
X-Generation-Time
X-Processor
X-Vdms-Path
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-GeoIP-City
X-Origin-TTL
X-Adobe-Source
X-Akamai-Transformed
X-Cache-Backend
PB-PID
Arc-Version
Pagetype
PB-RID
X-Azure-Ref-OriginShield
X-Fastly-Cache
UCS
Server-Host
X-FC-Vary-Parameters
AKAMAI
On-Server
NGX
Cf-Device-Type
X-Cms-Context
X-Core-Value
Fastly-Backend-Name
Gh-Request-Id
Host-ID
X-Bip
X-Cache-Bucket
C-Via
CacheControlHeader
Content-Disposition
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-Reqid
X-Tumblr-Pixel-3
X-TrackingId
X-Varnish-Cache-Hits
X-JWT-State
X-OVcl-Cache
X-OVcl
X-Node-Id
X-VServer
X-Micro-Cache
X-Thanos
X-Irp-Debug
X-SVT-ORM-VERSION
X-Geo-Header
X-SVT-ORM-RULES
X-Skip-Cache
X-GeoIP
X-TX-ID
X-Has-Esi
X-CACHE-KEY
User-Cache-Control
X-Ratelimit-Reset
X-VarnishDD-TTL
X-Policy
X-WADP-Cache
X-Scheme
X-Block-Status
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Remaining-TTL
X-Backend-State
X-Platform-Server
X-Varnish-CookieINHashed-On
Web-Mar-Node
V-Age
X-Var-Ttl
X-Request-Host
Wxu-Next-Commit
X-User
X-Variation
X-Origin-Response-Time
X-Varnish-CookieHashed-On
Wxu-Next-Hostname
X-Rebelmouse-Surrogate-Control
X-Swa-Ws
X-Varnish-Beresp-Grace
X-Rebelmouse-Cache-Control
X-Old-Content-Length
X-HN
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Developers
X-Developer
X-DefElseHash
X-DefHash
X-Hnp-Log
X-Envoy-Decorator-Operation
X-Esi-Check
X-Generated-In
X-Generated-By
X-Gen-Mode
X-Fastly-Backend
X-Eu-Site
X-Gzip
X-GoCache-CacheStatus
X-IP
X-CUA
X-Cache-Tags
X-Fmm-Version
X-NU-AKA-ACS-Version
X-Origin
X-Cache-Info
X-Origin-Expires
X-Cache-Id
X-Nginx-Cache-Key
X-CGP
X-Li-Pop
X-Li-Fabric
X-Csrf-Jwt
X-LI-UUID
X-Matched-Rule
X-Clara-WADP
X-Clientip
X-Branch-Name
Wxu-Next-Region
HA-Ipaddr
Ha-Gx-Prefs
X-B3-Traceid
X-NewRelic-App-Data
Is-Eu
Lfy
NM-Fastcgi-Cache
Magicmarker
Locid
Location
Fastly-SWR
Fastly-SIE
CDN-Cache
CDCHOST
Cache-Host
Adler-Geo
CDN-CachedAt
CDN-EdgeStorageId
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
Ssr
L5d-Success-Class
Server-Ext
Platform
PFcat
Server-Hostname
Sever-Int
CloudFront-Viewer-Country
Cf-Bgj
IsBot
L
X-EC-Lua
X-Varnish-Beresp-Status
Rt-Fastcgi-Cache
X-VG-TLSProxy
X-Method
True-Client-Country-4JS
X-Varnish-Hits
X-SIPLIST1
Vix-Hermes-Req-Id
X-Varnish-Beresp-Ttl
X-Slack-Backend
X-Hash
X-Gamma-Serve
X-Cache-Debug
X-Request-URI
X-ID
X-APP-VERSION
X-Nc
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Fastly-Drupal-HTML
X-Loc
X-Cdn-Origin
X-Cache-Expires
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Aicache-OS
X-Sn-Servicetimems
Apple-News-Services-Host
X-LB-ID
X-Kinja-Server-Push
Origin
Apple-News-Services-Handled
Pramga
X-CLOUD-TRACE-CONTEXT
Esi-Enabled
Sid
X-NCache
X-Via-Popv
X-PF-Uncompressing
X-Cache-Date
X-Via-Poph
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-Servername
Who
X-Refresh
X-Unique-ID
X-Core-Mission
X-Varnish-Url
Country-Code
X-Erf-Stays-Bingo-Pdp-Web
Pics-Label
X-Request-Start
Geo-Info
X-Tb-Optimization-Total-Bytes-Saved
Url
X-Epic-Correlation-Id
X-RateLimit-Limit
Req-Svc-Chain
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-FireWall-Protection
X-TraceId
X-NC
X-Cache-Remote
X-Response-By
Filterid
X-Dynatrace
Tcn
X-Varnish-Cacheable
X-Proxy-Cachei7
S-Rt
Cmstype
Xkeyi7
Source
X-Error
Cmsid
Geoip-Latitude
X-Served-From
X-BBXSRF
Kp-EeAlive
Svr
GeoIp-Country-Code
X-HS-Status
N-Cache
Content-Secure-Policy
X-Webkit-CSP-Report-Only
X-B3-Spanid
A
Viewtype
Cache-Key
X-Cache-2
VivaBuild
X-Srv
Server-Ttl
MIME-Version
X-DC
HitType
X-Host-Name
X-Sucuri-Cache
Cross-Origin-Window-Policy
X-Contensis-Viewer-Groups
D-Cc-Upstream
X-LiteSpeed-Cache-Control
X-Cache-ASPX
NGB
X-Cc-Req-Id
Cteonnt-Length
X-Wa
M-TraceId
X-Vcl-Version
Ohc-File-Size
X-Varnish-Authentication
X-Cc-Via
X-Servedbyhost
X-URL
Cross-Origin-Opener-Policy
X-Svr
X-HostName
TDXMobile
Arc-Country
X-Air-Source
Server-ID
X-CDN-Forward
NtCoent-Length
X-Oracle-Dms-Rid
X-Vgn-Hpd-Reason
X-Server-IP
X-LI-Proto
X-Li-Proto
X-Esi
SID
CACHE
X-Nyt-Route
X-API-Version
X-FPC
X-RAMCache
X-Origin-Time
X-Gdpr
X-Cache-Config
X-Vc
X-HOST
X-Cs
X-VCL-Version
X-SaId
X-NGENIX-Cache
X-PHP-Backend
X-VC
X-Service
X-Viewer-Country
X-Newrelic-Synthetics
X-Check-Cacheable
X-Internal-Host
Hostname
X-SN
Resin-Trace
X-ServedByHost
Request-ID
XServer
X-JoinUs
X-WA
X-Geo
X-Edge-Location
X-UA
X-NGINX-Cache
Cache-Provider
X-Webstats-RespID
X-TIM-N
Server-Id
X-RPM
X-RPS
X-DW
X-NodeID
X-RSL
X-SB
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-DSS
X-DB
X-DI
X-Hcs-Proxy-Type
DataCenter
Ohc-Cache-HIT
CF-Cached-On
GeoIP-Country-Code
X-App
GeoIP-Latitude
FSS-Cache
X-Via-NSCOPI
X-SD-PageType
X-Extlb
X-Forwarded-Site
Mime-Version
Srv
X-Render-Time
ProcessTime
X-Bc-Bl
X-BBC-Edge-Cache-Status
X-Action
X-TIME
X-FTR-Cache-Host
X-CF-Powered-By
Memcached
Mail-Subject
Surrogated-Key
X-Fpc
LB
X-Oss-Cdn-Auth
X-Proxy-Upstream
X-VC-Cache
Upgrade-Insecure-Requests
X-Region-Sid
EpKe-Alive
X-PJAX-URL
We-Hiring
X-Accel-Expires-Debug
X-Date
X-Depends-On
X-Req
X-CSRF-TOKEN
X-Dynatrace-Js-Agent
X-Provided-By
X-ZONE
X-Swift-Error
X-Ua
X-RateLimit-Remaining-Second
X-Auto-Login
Processtime
X-RateLimit-Limit-Second
X-Worker
X-FORWARDED-FOR
Env
X-UnsetCookies
W
Datacenter
X-HITS
X-Cdn-Request-ID
X-Air-Trace-Id
X-Sigma-Backend
X-Sigma
X-Dw-Trace-Id
CDN
X-Ftr-Cache-Host
X-Cluster-Node
X-Men
X-BACKEND-TTL
X-MSEdge-Features
X-Fastly-Backend-Reqs
X-Rocket-Build-Number
Proxy-Connection
Time
X-MSEdge-Flight
Cdn
X-APP
Memory
X-CACHE-AGE
X-Akamai-Pragma-Client-IP
X-Client-Ip
CPC-Age
CPC-Cache
X-Hello
X-ABtesting
VNS-Age
VNS-Cache
X-Flog
X-Cache-Tag
X-IN-APIGATEWAYSSL
X-Parent-Response-Time
X-IN-APIGATEWAY
Dnion-Transfer-Encoding
PICS-Label
X-Fastly-Request-Id
X-BBC-Origin-Response-Status
X-Pf-Uncompressing
X-Acquia-Site
X-Pad
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Presslabs-Stats
X-Zone
Media-Length
X-Oracle-DMS-ECID
Vha6-Origin
X-Acquia-Application-Trace
OT-Force-Account-Verify
Epwk-X-Cache
X-Via-PopH
X-LiteSpeed-Tag
X-Lb-Id
X-Via-PopN
X-Snapshot-Date
X-Via-PopV
Cf-Ipcountry
X-Vcache
X-Akamai-ERRuleID
X-Varnish-URL
X-Akamai-ERPolicy
X-Csrf-Token
WZWS-RAY
X-Request-Url
X-ElasticPress-Query
X-MiniProfiler-Ids
My-App
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-ElasticPress-Search
Xet-Cookie
Fastcgi-Cache-TTL
State
X-ND-Cache
X-ServerName
X-Varnish-Beresp-TTL
X-Request-URL
CountryCode
X-Tx-Id
X-Litespeed-Cache-Control
X-Minions-Version
X-Apw-Hits
Content-Style-Type
Content-Script-Type
X-Apw-Access-Action
X-Apw-Access-Object
X-Apw-Access-Token
X-Debug-Cache-Store
X-Redis-Duration-Ms
X-Redis-Count
Phost
URI
X-B3-Parentspanid
X-Traceid
Ohc-Response-Time
Environment
Inserted-Into-Cache-At
X-Tid
X-C
NnCoection
X-Storefront-Renderer-Verified
X-Debug-Cache-Fetch
X-Amz-Meta-Cb-Modifiedtime