Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-LiteSpeed-Cache
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Amz-Version-Id
NEL
X-Device
X-CST
Allow
X-Vhost
X-Host
Xkey
X-Backend-Server
X-Server-Id
EagleEye-TraceId
X-WebKit-CSP
X-Dispatcher
Surrogate-Control
Request-Id
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Akam-SW-Version
X-Ruxit-JS-Agent
Accept-Ch
P3p
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Country
X-Cache-Lookup
Accept-Ch-Lifetime
X-Template
X-Language
X-Mod-Pagespeed
X-Readtime
Accept-CH
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Accept-CH-Lifetime
Rating
X-HW
X-Origin-Cache
X-Cnection
X-MS-InvokeApp
X-Url
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-ORACLE-DMS-ECID
X-Sol
Pagespeed
Response
X-Middleton-Response
Display
X-Middleton-Display
X-Content-Type
X-ORACLE-DMS-RID
X-D2id
Arr-Disable-Session-Affinity
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja
X-GoogleNews-Bot
Verso
X-Vcap-Request-Id
X-Varnish-TTL
X-Webkit-CSP
X-Goog-Hash
X-Rack-Cache
X-TTL
X-Country-Code
X-Powered-By-Plesk
X-Navigation-Version
X-Buckets
X-Server-Name
Service-Worker-Allowed
X-Amz-Rid
X-VARITI-CCR
X-FastCGI-Cache
X-Abt-Application-Version
X-Fastly-Request-ID
X-Client-IP
Fastly-Restarts
X-Cache-TTL
X-Cached
X-Release
X-MSEdge-Ref
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Litespeed-Cache
X-SharePointHealthScore
SPRequestGuid
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Public-Key-Pins
RTSS
Access-Control-Request-Method
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-CACHE
AR-ATIME
X-SRCache-Fetch-Status
X-Edge
X-SRCache-Store-Status
X-LLID
X-Powered-CMS
Cache-Tag
X-Ezoic-Cdn
X-Upstream
Content-MD5
X-Origin-Upstream-Status
X-HP-Webp
X-Jurisdiction
Fusion-Source
Fusion-Template-Id
Fusion-Deployment-Id
S
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
X-Version
X-Px
X-ECACHE
X-MCACHE
X-Mid
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
Fastcgi-Cache
X-T
X-Amz-Server-Side-Encryption
X-DynaTrace
Cache-Tags
X-Id
Filters
MicrosoftSharePointTeamServices
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Accel-Expires
Front-End-Https
Edge-Cache-Tag
Server-Node
X-Forwarded-Proto
X-Correlation-Id
TP-L2-Cache
X-Debug
X-Forwarded-For
X-Ruxit-Js-Agent
X-Grace
TP-Cache
Server-Name
X-Ttl
X-XRDS-LOCATION
Nginx-Cache
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Processing-Time
X-Request-Received
X-Fastcgi-Cache
Surrogate-Key
X-Hits
X-Shield-Request-Id
X-B3-Sampled
X-Varnish-Age
X-Microsite
TCN
X-Request-Handler-Origin-Region
X-Ser
X-Az
X-Activity-Id
X-Yandex-Sdch-Disable
X-AppVersion
X-Amz-Replication-Status
X-F-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Pinterest-Direct
X-DIS-Request-ID
X-Origin-Server
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
Alternate-Protocol
Accept-Charset
X-Geo-Country
X-Git-Hash
X-Rid
X-Respond-Thread
X-Frontend
X-Time
Section-Io-Cache
Host
X-XRDS-Location
Cache
X-LB-Cache
Nel
X-Upgrade-Enabled
X-DataDome
X-FTR-Request-ID
X-NWS-LOG-UUID
Access-Control-Allow-Method
X-Seen-By
X-Mobile-URL
X-VCache
X-Cache-Age
MS-CV
X-Cache-Key
Paypal-Debug-Id
Healthy
X-TT
ServerID
X-IPLB-Instance
X-AOL-HN
X-Varnish-Backend
X-Type
X-Whom
X-Content-Options
X-Route-Name
X-Source
X-Flags
X-App-Environment
X-Request-Guid
X-Is-Crawler
Payment
X-Aspnet-Duration-Ms
Cleartype
X-Providence-Cookie
X-Cache-Action
X-Signature
X-B-Cache
X-Server-ID
X-Page-Id
X-Debug-Info
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Hostname
X-Jobs
X-Daa-Tunnel
X-N
X-Load-Cache
Powered-By-ChinaCache
X-FB-Debug
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
Realpath
X-Contextid
X-RateLimit-Remaining
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Webkit-Csp
X-TEC-API-ORIGIN
X-Via-JSL
Refresh
Node
X-Rule
Version
X-Response-Served-From
X-Accel-Buffering
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Original-Request-Id
Ms-Operation-Id
X-Cacheable-TTL
X-Framework
X-RTag
X-Proxy
DC
X-Zen-Fury
X-Cached-By
X-ProcessESI
X-RemovedCookies
Viewport
X-Akamai-Edgescape
X-Instance
X-HTML-Minification-Powered-By
X-Distributor
X-B
Access-Control-Request-Headers
X-Cache-Time
X-Real-IP
X-Cache-Expired-At
X-Page-View
Eomportal-Instance
Referer-Policy
X-UUID
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Region
X-Tt-Trace-Tag
X-Cache-Control
X-Tt-Trace-Host
X-Cache-Operation
X-Content-Powered-By
X-Cache-Rule
VIX-Pulpo-Node
X-FW-Hash
X-FW-Serve
X-FW-Type
X-FW-Static
Countrycode
VIX-Pulpo-Upstream-Status
X-FW-Dynamic
X-FW-Server
X-IPS-LoggedIn
X-Cache-Hit
X-G
X-Yottaa-Metrics
Liferay-Portal
X-Yottaa-Optimizations
X-FireWall-Port
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Pass-Why
X-Environment-Context
X-L-Path
X-App-Server
DynaTrace
Server-Info
Xserver
CF-IPCountry
Section-Io-Origin-Status
SRV
X-Protected-By
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-User-Agent
Section-Origin-Responded
X-Ratelimit-Limit
From-Origin
Ec-Rule-Version
Webserver
X-Tumblr-Pixel-2
X-Www-Served-By
X-Nginx-Cache
X-Debug-IsConnected
X-Debug-IsPreview
X-Device-Type
X-Ratelimit-Remaining
Protected
GEO-INFO
X-Mode
Meta-Geo
X-Adobe-Content
X-Endurance-Cache-Level
X-Hl-Ver
X-RN-RSRV
X-UPSTREAM-Address
X-Adobe-Loc
X-ES-SERVER
X-Handled-By
X-Node-Name
X-Cache-Server
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-FB-TRIP-ID
Cache-Tv-Group
X-MP-GENERATED-AT
X-Backend-Name
X-Locale
X-Site-Version
X-Uri
Cache-Status
X-UA-Device-Type
X-Varnishpool
Retry-After
X-Soup
X-PHP-Host
X-Labrador-Cache-Channel
X-Be
X-NYM-Debug-Backend
X-Storage
X-Web-Node
Frame-Options
X-Origin-Date
X-OCL
X-No-Session
X-PCL
X-Proto
X-ProxyCache-Key
X-Proxy-Build
X-Human
X-BYPASS-REASON
Decoy-Debug-Status
Decoy-Debug-Key
Country
Decoy-Debug-TTL
Fastly-SSL
X-ProxyCache-Status
Selected-Fe
Cache-Name
X-Pubstack
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
TWC-Privacy
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
Property-Id
X-Sql-Count
X-Request-Time
X-Redis-Cache
X-Sql-Duration-Ms
X-Timing-Wait
X-WA-Info
X-Via-Fastly
X-Varnish-Grace
Webcakes-Region
X-AIR-PT
X-S-Maxage
X-Loop
X-LAGOON
X-TNCMS
Azure-Version
Azure-SlotName
Azure-InstanceId
Azure-RegionName
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
AMP-Access-Control-Allow-Source-Origin
X-AWS-Id
X-VWS-Id
X-Access
X-Format
X-Section
Azure-SiteName
X-Hosted-By
X-FW-Version
X-Server-W
X-LJ-Flow-ID
X-R9-Blue-Green-Version
X-Hyper-Cache
X-CCM
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-Status
X-ApacheServer
X-PERF
X-Cache-TTL-Remaining
X-Storefront-Renderer-Rendered
X-ShopId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShardId
X-Xfnlog-Site
X-Varnish-Ttl
Mn-Server-Ip
X-Forwarded-Host
X-Cache-Grace
X-Varnish-Server
X-SRV
X-Cluster
Apigw-Requestid
X-Zipkin-Id
X-TT-LOGID
X-Routing-Service
X-Revision
X-Proxied
X-Rendered-As
X-Is-Bot
X-Dc
X-Info
X-Qloud-Router
X-GG-Cache-Date
S-Cnection
X-Cache-Enabled
X-Microcachable
X-Proxy-Cache-Status
X-Via-CDN
Uber-Trace-Id
X-Content-Age
X-Country-Code-Real
X-FTR-DC
X-Amz-Meta-S3cmd-Attrs
Cache-Hits
X-Platform
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-Backend
X-App-Version
X-FTR-Realm
X-FTR-Balancer
X-Cdn
X-Azure-Ref
X-TA-CDN-Provider
X-Backend-Host
X-Cache-Host
X-Detected-As
X-FTR-Expires
X-NWS-UUID-VERIFY
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Amz-Apigw-Id
X-EdgeConnect-Cache-Status
X-Aspnetmvc-Version
Akamai-GRN
X-Air-Hostname
X-ATG-Version
SD-X-WS
X-Oss-Hash-Crc64ecma
X-Time-Microsecs
HostName
X-Oss-Storage-Class
X-Trace-Id
X-Oss-Server-Time
Tracecode
X-Oss-Object-Type
X-Oss-Request-Id
X-Debug-Cache
Amp-Access-Control-Allow-Source-Origin
X-RCS-CacheZone
ServedBy
X-B3-SpanId
X-CS
X-Cache-PHP
X-Varnish-Hostname
X-Backend-TTL
X-ServerID
X-Cache-NGX
X-Cache-Var-Map
X-CACHE-KEY
X-BCube-Filmed-By
X-Cache-Var
X-Akamai-Transformed
X-Tb
X-DynaTrace-JS-Agent
X-TX-ID
DB-Nickname
X-Unique-Id
X-Cdn-Forward
Backend
X-Correlation-ID
Mobile-Detection-Method
X-Owner
DCR-Processing-Time-Ms
X-Origin-TTL
DCR-Decision-By
X-Origin-CC
X-Magnolia-Registration
DSUID
X-PAYTM-SRV-ID
X-Trv-Group
X-Level-Front-Cache
X-Destination
X-Ms-Version
X-Ms-Request-Id
Expiry
Fastcgi-X-Cache-Version
X-Device-Os
X-Connection-Hash
Meta-Geo-Continent
X-NAPM-TraceId
X-Generation-Time
X-GeoIP-City
X-Location
X-Cache-NE
Odigeo-Trace-Id
X-CF-Lambda-Fn
X-Generated-On
X-From
X-Fetched-On
X-External-Request-Id
BehaviorPad-Version
X-CF-Lambda-Version
X-Adobe-Source
Machine
MD5-Digest
X-Thinkindot-L3
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-VG-WebServer
X-VG-WebCache
X-EC-Lua
X-Vdms-Version
X-S-Cookie
X-ScT
Rendered-Blocks
Release
X-Session-Fingerprint
X-B-Cookie
X-Processor
X-Sucuri-ID
X-Vdms-Path
X-ARC
X-GEO
Thinkindot-Control
X-A-Dgt
X-S
X-A-Dcw
X-Request-UUID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
X-Aed
X-Application
X-A-Wwc
X-A-Dam
T-Server
X-A
X-A-Ccd
X-Rojux
X-PBS-Appsvrname
X-SRCache-Key
X-D
X-Rewrite-Enabled
Xc-Version
CacheControlHeader
X-FC-Vary-Parameters
X-Fastly-Cache
C-Via
X-SVT-ORM-VERSION
Arc-Version
Pagetype
X-Varnish-Cache-Hits
Path
AKAMAI
X-OVcl
PB-RID
Host-ID
UCS
X-Tumblr-Pixel-3
Fastly-Backend-Name
X-Thanos
Gh-Request-Id
PB-PID
X-Reqid
Cf-Device-Type
Instruction
X-OVcl-Cache
Content-Disposition
X-Core-Value
X-Cms-Context
SR-User-Adfree
X-Irp-Debug
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-TrackingId
X-SVT-ORM-RULES
X-JWT-State
Server-Host
X-Micro-Cache
NGX
X-Mvc-Supplant-Cachable
X-Bip
X-Azure-Ref-OriginShield
On-Server
X-Node-Id
X-Geo-Header
X-GeoIP
X-Skip-Cache
X-Has-Esi
X-Cache-Bucket
X-VServer
User-Cache-Control
X-Varnish-Beresp-Grace
X-Nc
X-Backend-State
X-Clara-WADP
X-Clientip
X-CUA
X-Cache-Tags
X-CGP
X-Cache-Id
X-Block-Status
X-Cache-Info
X-Csrf-Jwt
X-Branch-Name
X-Origin
X-WADP-Cache
X-Wikidot-Backend
X-Scheme
X-Policy
Wxu-Next-Region
X-Platform-Server
X-Wikidot-Static-Cache
Server-Ext
Server-Hostname
Wxu-Next-Hostname
Magicmarker
Locid
X-Ratelimit-Reset
X-User
X-Varnish-Remaining-TTL
X-Developers
X-Variation
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Request-Host
X-Rebelmouse-Surrogate-Control
X-Nginx-Cache-Key
X-VarnishDD-TTL
X-Var-Ttl
X-Rebelmouse-Cache-Control
Wxu-Next-Commit
Sever-Int
X-Fmm-Version
X-Fastly-Backend
X-Gen-Mode
X-Generated-By
X-Generated-In
X-Eu-Site
X-Esi-Check
X-Developer
X-DefHash
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-GoCache-CacheStatus
X-Gzip
X-Old-Content-Length
X-NU-AKA-ACS-Version
X-Origin-Expires
X-Origin-Response-Time
X-Swa-Ws
X-LI-UUID
X-Li-Pop
X-HN
X-Hnp-Log
X-IP
X-Li-Fabric
X-DefElseHash
Web-Mar-Node
Fastly-SWR
Fastly-SIE
CDN-Uid
CDN-RequestId
Ha-Gx-Prefs
HA-Ipaddr
NM-Fastcgi-Cache
Location
L5d-Success-Class
Is-Eu
CDN-RequestCountryCode
CDN-PullZone
Adler-Geo
X-B3-Traceid
X-Cache-Backend
Tcn
Cache-Host
CDCHOST
CDN-EdgeStorageId
CDN-CachedAt
CDN-Cache
PFcat
X-NewRelic-App-Data
Ssr
Platform
V-Age
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Varnish-Hits
Geo-Info
IsBot
Rt-Fastcgi-Cache
X-VG-TLSProxy
X-LB-ID
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Matched-Rule
Sid
X-Hash
X-Request-URI
X-Cache-Debug
X-Slack-Backend
X-Gamma-Serve
Cf-Bgj
Lfy
X-SIPLIST1
X-Method
L
X-ID
X-Aicache-OS
Apple-News-Services-Host
Apple-News-Services-Request-Url
Who
X-Loc
X-Goog-Meta-Goog-Reserved-File-Mtime
Esi-Enabled
X-Unique-ID
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
Origin
CloudFront-Viewer-Country
Fastly-Drupal-HTML
Country-Code
X-CLOUD-TRACE-CONTEXT
X-Cache-Expires
X-Sn-Servicetimems
X-Via-Poph
Pramga
X-Via-Popv
X-Via-Popn
X-NCache
X-Cdn-Origin
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
X-APP-VERSION
X-Servername
X-Cache-Date
Pics-Label
X-Core-Mission
X-Varnish-Url
X-Epic-Correlation-Id
Filterid
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-Rules
X-Refresh
X-Request-Start
X-RateLimit-Limit
X-TraceId
X-FireWall-Protection
Req-Svc-Chain
Url
X-Erf-Stays-Bingo-Pdp-Web
Cmstype
Cmsid
Svr
X-Served-From
X-NC
Source
Kp-EeAlive
X-Error
X-Varnish-Cacheable
X-Response-By
X-Cache-Remote
VivaBuild
Viewtype
A
X-Proxy-Cachei7
Cache-Key
NGB
X-HostName
Xkeyi7
GeoIp-Country-Code
Geoip-Latitude
S-Rt
X-Webkit-CSP-Report-Only
X-BBXSRF
HitType
M-TraceId
MIME-Version
X-Vcl-Version
Server-Ttl
N-Cache
X-Srv
X-DC
X-HS-Status
Content-Secure-Policy
X-Cache-2
X-B3-Spanid
X-Air-Source
Cross-Origin-Opener-Policy
Arc-Country
TDXMobile
X-URL
X-Li-Proto
X-LiteSpeed-Cache-Control
X-Contensis-Viewer-Groups
Ohc-File-Size
X-Varnish-Authentication
D-Cc-Upstream
Cross-Origin-Window-Policy
X-Host-Name
Server-ID
X-Wa
X-Servedbyhost
X-Dynatrace
Cteonnt-Length
X-Vgn-Hpd-Reason
X-Cache-ASPX
X-Cc-Via
X-Sucuri-Cache
X-Cc-Req-Id
X-Vc
X-Esi
X-Svr
Resin-Trace
NtCoent-Length
X-CDN-Forward
X-NGENIX-Cache
CACHE
X-SaId
X-JoinUs
X-PHP-Backend
DataCenter
X-Edge-Location
X-Geo
X-WA
X-Server-IP
X-Service
X-Internal-Host
X-ServedByHost
X-RAMCache
X-LI-Proto
X-HOST
SID
X-Nyt-Route
X-API-Version
X-Viewer-Country
X-Origin-Time
X-FPC
X-Gdpr
X-Cache-Config
Request-ID
CF-Cached-On
X-UA
X-SN
FSS-Cache
X-RSL
X-TIM-N
X-Cs
X-Via-NSCOPI
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Forwarded-Site
X-Extlb
X-Hcs-Proxy-Type
X-Check-Cacheable
X-Newrelic-Synthetics
X-DB
X-RPS
X-DSS
Server-Id
X-RPM
X-DI
X-VCL-Version
X-DW
X-VC
Cache-Provider
Hostname
Ohc-Cache-HIT
X-Bc-Bl
X-Webstats-RespID
X-NodeID
GeoIP-Latitude
X-SB
GeoIP-Country-Code
Mime-Version
XServer
Mail-Subject
X-ZONE
Memcached
ProcessTime
X-App
X-Action
Surrogated-Key
X-Req
X-VC-Cache
X-PJAX-URL
X-Region-Sid
X-Accel-Expires-Debug
X-Proxy-Upstream
X-SD-PageType
X-Date
We-Hiring
LB
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Fpc
X-APP
X-Oss-Cdn-Auth
Env
X-Server-Lifecycle-Phase
X-Render-Time
X-NGINX-Cache
Upgrade-Insecure-Requests
X-Instrumentation
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
Srv
X-BBC-Edge-Cache-Status
X-CF-Powered-By
X-Provided-By
X-Dynatrace-Js-Agent
X-FORWARDED-FOR
W
EpKe-Alive
X-FTR-Cache-Host
X-Air-Trace-Id
X-Depends-On
X-Men
X-Sigma-Backend
X-Sigma
X-Rocket-Build-Number
X-Oracle-Dms-Rid
X-Swift-Error
X-Cdn-Request-ID
X-CSRF-TOKEN
Processtime
X-Ftr-Cache-Host
X-MSEdge-Flight
X-Auto-Login
X-MSEdge-Features
CDN
X-UnsetCookies
X-BACKEND-TTL
X-Ua
CPC-Age
X-TIME
VNS-Cache
X-Dw-Trace-Id
Cdn
CPC-Cache
VNS-Age
X-Worker
X-CACHE-AGE
X-Client-Ip
X-Fastly-Request-Id
X-Fastly-Backend-Reqs
X-ABtesting
Dnion-Transfer-Encoding
X-Hello
Memory
Proxy-Connection
X-Cluster-Node
X-Parent-Response-Time
X-Cache-Tag
X-Flog
Time
X-Akamai-Pragma-Client-IP
Datacenter
X-Zone
Media-Length
PICS-Label
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Pf-Uncompressing
X-BBC-Origin-Response-Status
X-Oracle-DMS-ECID
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Purge-Tags
X-Presslabs-Stats
X-Snapshot-Date
Vha6-Origin
X-Pad
State
X-ServerName
X-LiteSpeed-Tag
X-Varnish-URL
Epwk-X-Cache
X-Via-PopH
My-App
X-Via-PopN
X-Via-PopV
Fastcgi-Cache-TTL
X-HITS
Cf-Ipcountry
X-Minions-Version
X-Cache-Status-Check
X-Apw-Access-Action
OT-Force-Account-Verify
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Hits
X-Ms-Meta-Originalurl
X-ElasticPress-Search
X-Varnish-Beresp-TTL
X-MiniProfiler-Ids
X-Request-Url
X-Akamai-ERRuleID
X-Vcache
X-Akamai-ERPolicy
Xet-Cookie
X-ElasticPress-Query
X-Lb-Id
X-Csrf-Token
X-Request-URL
X-Ms-Meta-Staticbatchstarttime
CountryCode
Content-Script-Type
Content-Style-Type
URI
Environment
X-Nananana
X-Storefront-Renderer-Verified
X-Litespeed-Cache-Control
X-Redis-Count
X-Redis-Duration-Ms
X-Amz-Meta-Cb-Modifiedtime
X-ND-Cache
Inserted-Into-Cache-At
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
X-B3-Parentspanid
NnCoection
X-Traceid
WZWS-RAY
X-Debug-Cache-Store
X-Tid
X-C