Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-DNS-Prefetch-Control
X-Generator
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
X-Envoy-Upstream-Service-Time
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-Robots-Tag
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
Server-Timing
X-Cache-Group
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-Amz-Version-Id
NEL
X-Cache-Spec
X-Dns-Prefetch-Control
X-WebKit-CSP
X-Device
Allow
X-CST
Xkey
X-Vhost
X-Backend-Server
X-Server-Id
X-Host
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
Accept-CH-Lifetime
P3p
X-Ac
X-ASPNET-VERSION
X-Application-Context
X-Template
X-Country
X-Language
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
MS-Author-Via
X-Cloud-Trace-Context
X-B3-TraceId
Accept-Ch
Rating
X-Origin-Cache
Accept-Ch-Lifetime
X-Cnection
X-HW
X-MS-InvokeApp
X-Url
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-ORACLE-DMS-ECID
X-Trace
Display
Response
X-Sol
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Content-Type
X-D2id
X-FastCGI-Cache
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Kinja-Server
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Use-Magma
Verso
X-Vcap-Request-Id
X-ORACLE-DMS-RID
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-Server-Name
X-Navigation-Version
Service-Worker-Allowed
X-VARITI-CCR
X-Powered-By-Plesk
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Varnish-TTL
X-Client-IP
X-Cache-TTL
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-TTL
X-Webkit-CSP
Fastly-Restarts
X-Release
X-MSEdge-Ref
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Cached
SPRequestDuration
SPIisLatency
X-NF-Request-ID
Public-Key-Pins
X-Oneagent-Js-Injection
RTSS
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
Access-Control-Request-Method
AR-PoweredBy
Ar-Sid
AR-Request-ID
X-SRCache-Fetch-Status
AR-CACHE
X-SRCache-Store-Status
AR-ATIME
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
X-Origin-Upstream-Status
X-Upstream
Cache-Tag
X-Litespeed-Cache
Content-MD5
X-Px
Fusion-Content-Id
Fusion-Content-Source
Fusion-Component-Id
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
X-Jurisdiction
X-HP-Webp
X-Version
X-ECACHE
X-Mid
X-MCACHE
S
X-Mg-S
X-Recruiting
Charset
X-Ttl
X-Content-Digest
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
X-Id
MicrosoftSharePointTeamServices
Cache-Tags
X-Content-Security-Policy-Report-Only
Front-End-Https
Filters
TCN
X-Debug
X-Grace
X-Logged-In
Server-Node
X-Accel-Expires
Edge-Cache-Tag
X-Forwarded-Proto
X-DynaTrace
X-Forwarded-For
X-Pinterest-Direct
Server-Name
X-XRDS-LOCATION
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Surrogate-Key
X-Request-Received
X-Request-Processing-Time
X-Yandex-Sdch-Disable
X-Varnish-Age
X-B3-Sampled
X-Shield-Request-Id
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-Hits
X-Activity-Id
X-Az
X-AppVersion
X-Amz-Replication-Status
X-DIS-Request-ID
X-F-Cache
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Content-Id
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-Kinja-Server-Push
X-Origin-Server
Accept-Charset
X-Geo-Country
X-Git-Hash
X-Cache-Key
Cache
X-Respond-Thread
Alternate-Protocol
X-Rid
X-LB-Cache
X-XRDS-Location
Nel
X-Frontend
X-FTR-Request-ID
Section-Io-Cache
Powered-By-ChinaCache
Host
X-DataDome
X-Upgrade-Enabled
Access-Control-Allow-Method
X-Fastcgi-Cache
X-Mobile-URL
X-Seen-By
X-Cache-Age
MS-CV
Paypal-Debug-Id
X-Time
Cleartype
Healthy
X-AOL-HN
X-VCache
X-Hostname
X-NWS-LOG-UUID
X-Varnish-Backend
X-Whom
X-IPLB-Instance
X-Type
X-TT
X-Ruxit-Js-Agent
ServerID
X-Content-Options
X-App-Environment
X-Flags
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Server-ID
Payment
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Jobs
X-Page-Id
X-B-Cache
X-Cache-Action
X-Signature
X-WebKit-CSP-Report-Only
X-Source
Fastcgi-Useragent
X-Debug-Info
X-Load-Cache
X-N
X-Daa-Tunnel
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Mobile
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Via-JSL
Refresh
Version
X-Cached-By
X-Contextid
X-Akamai-Edgescape
Realpath
X-Rule
X-Wix-Request-Id
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
Viewport
X-Cacheable-TTL
Node
X-Proxy
DC
X-Framework
X-Drupal-Cache-Tags
X-Cache-Rule
X-Cache-Operation
X-RTag
X-RateLimit-Remaining
X-Zen-Fury
X-ProcessESI
Ms-Operation-Id
X-RemovedCookies
Access-Control-Request-Headers
X-Cache-Time
X-B
X-Instance
X-Real-IP
X-HTML-Minification-Powered-By
X-Distributor
X-Region
Eomportal-Instance
X-UUID
Referer-Policy
X-Page-View
X-Drupal-Cache-Contexts
X-Tt-Trace-Host
X-FW-Server
X-FW-Static
X-FW-Type
X-FW-Serve
X-Cluster-Name
X-Cache-Expired-At
X-FW-Hash
VIX-Pulpo-Upstream-Status
Countrycode
VIX-Pulpo-Node
X-Yottaa-Optimizations
X-Varnish-Ttl
X-Tt-Trace-Tag
X-FW-Dynamic
X-Yottaa-Metrics
X-Content-Powered-By
X-Cache-Control
X-G
X-Cache-Hit
DynaTrace
X-IPS-LoggedIn
X-Tumblr-Pixel
X-L-Path
X-Environment-Context
X-Tumblr-Pixel-1
Liferay-Portal
X-Tumblr-User
X-Tumblr-Pixel-0
GEO-INFO
X-Ratelimit-Limit
Server-Info
X-FireWall-Port
X-App-Server
X-Pass-Why
X-User-Agent
Ec-Rule-Version
Xserver
Webserver
X-Tumblr-Pixel-2
From-Origin
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Ratelimit-Remaining
X-Protected-By
X-Node-Name
Section-Io-Origin-Time-Seconds
CF-IPCountry
Protected
X-Www-Served-By
X-Cache-Server
X-Backend-Name
X-Hl-Ver
X-RN-RSRV
X-UPSTREAM-Address
Frame-Options
Meta-Geo
X-Handled-By
X-Mode
SRV
X-ES-SERVER
X-FB-TRIP-ID
X-Locale
Cache-Tv-Group
X-Endurance-Cache-Level
X-Site-Version
X-Storage
X-PHP-Host
X-Uri
X-Varnishpool
X-Hyper-Cache
X-Nginx-Cache
X-Labrador-Cache-Channel
X-Soup
X-NYM-Debug-Backend
Cache-Status
X-Web-Node
X-Be
TWC-Connection-Speed
Selected-Fe
Property-Id
X-Origin-Date
X-Origin-Hint
X-Timing-Wait
TWC-Device-Class
X-Proto
TWC-Privacy
Decoy-Debug-TTL
X-Human
Webcakes-Region
Cache-Name
X-UA-Device-Type
X-MP-GENERATED-AT
Webcakes-App-Name
Webcakes-App-Version
Fastly-SSL
Country
Decoy-Debug-Key
TWC-Locale-Group
Decoy-Debug-Status
TWC-GeoIP-LatLong
X-Redis-Cache
X-Revision
X-Adobe-Content
X-Pubstack
TWC-GeoIP-Country
X-Proxy-Build
X-Adobe-Loc
X-Debug-IsConnected
X-Say-TTL
Azure-Version
Azure-SiteName
X-SayCDN-TTL
Azure-RegionName
Azure-SlotName
Azure-InstanceId
X-Server-W
X-Section
X-Debug-IsPreview
X-S-Maxage
X-Say-Cacheable
X-Sql-Count
X-Cache-Grace
X-Via-Fastly
X-ProxyCache-Status
X-ProxyCache-Key
X-Request-Time
X-Amz-Meta-S3cmd-Attrs
X-Sql-Duration-Ms
X-AIR-PT
X-Access
X-Hosted-By
X-PCL
X-OCL
X-FW-Version
X-TNCMS
X-Loop
X-Format
X-BYPASS-REASON
X-No-Session
X-Forwarded-Host
X-WA-Info
Retry-After
X-Cluster
X-VWS-Id
X-R9-Blue-Green-Version
X-LAGOON
X-AWS-Id
X-TT-LOGID
X-ApacheServer
X-LJ-Flow-ID
X-Device-Type
X-Status
X-PERF
Mn-Server-Ip
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShardId
X-Cache-TTL-Remaining
X-Storefront-Renderer-Rendered
X-ShopId
X-Tec-Api-Version
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-Tec-Api-Root
X-Tec-Api-Origin
X-CCM
X-Is-Bot
X-Rendered-As
X-Xfnlog-Site
X-Qloud-Router
Apigw-Requestid
X-Varnish-Grace
X-Dc
S-Cnection
X-Varnish-Server
X-SRV
X-Info
X-Via-CDN
X-FTR-Realm
X-FTR-DC
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend
Cache-Hits
X-FTR-Backend-Server
X-FTR-Balancer
AMP-Access-Control-Allow-Source-Origin
X-Cache-Enabled
X-FTR-Expires
X-Detected-As
X-Content-Age
X-Cdn
X-Cache-Host
X-Microcachable
X-Platform
X-GG-Cache-Date
X-Amzn-RequestId
X-EdgeConnect-Cache-Status
Uber-Trace-Id
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Air-Hostname
X-Azure-Ref
X-CSRF-Token
X-Backend-Host
X-Proxy-Cache-Status
X-Unique-Id
X-Aspnetmvc-Version
Tracecode
Amp-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-Cache-Var-Map
SD-X-WS
X-Cache-Var
X-Time-Microsecs
X-DynaTrace-JS-Agent
Akamai-GRN
X-NWS-UUID-VERIFY
X-GEO
X-ServerID
X-Backend-TTL
X-ATG-Version
X-Trace-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Request-Id
X-Tb
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
HostName
ServedBy
X-BCube-Filmed-By
Backend
X-RCS-CacheZone
X-Cache-NGX
X-Cache-Backend
X-Cache-PHP
DSUID
X-Varnish-Hostname
X-APP-VERSION
X-Debug-Cache
X-Akamai-Transformed
X-App-Version
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-From
X-Generation-Time
Odigeo-Trace-Id
X-Generated-On
X-Fetched-On
X-Device-Os
X-External-Request-Id
X-Destination
X-Application
Release
X-A
X-A-Ccd
X-A-Dam
Thinkindot-Control
Thinkindot-CacheControl-Type
SR-User-Adfree
T-Server
Thinkindot-CacheControl
X-A-Dcw
X-A-Dgt
X-B-Cookie
X-Magnolia-Registration
X-Cache-NE
Path
X-ARC
X-A-Wwc
X-Aed
X-GeoIP-City
X-CF-Lambda-Fn
X-Origin-CC
X-SRCache-Key
Fastcgi-X-Cache-Version
Expiry
DCR-Processing-Time-Ms
X-Cdn-Forward
X-Session-Fingerprint
X-S
X-S-Cookie
Mobile-Detection-Method
X-Thinkindot-L3
DCR-Decision-By
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
BehaviorPad-Version
X-VG-WebServer
X-VG-WebCache
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-Rojux
X-ScT
Machine
Lfy
X-Rewrite-Enabled
Rendered-Blocks
X-Matched-Rule
X-Location
Meta-Geo-Continent
MD5-Digest
X-Level-Front-Cache
X-Origin-TTL
Instruction
X-PBS-Appsvrname
DB-Nickname
X-Request-UUID
X-PAYTM-SRV-ID
X-Processor
X-Owner
X-NewRelic-App-Data
PB-PID
Arc-Version
X-B3-SpanId
X-Sucuri-ID
PB-RID
Gh-Request-Id
Pagetype
Fastly-Backend-Name
Host-ID
CacheControlHeader
Cf-Device-Type
X-Has-Esi
X-Reqid
X-Skip-Cache
X-OVcl-Cache
X-OVcl
X-Node-Id
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-VServer
X-NAPM-TraceId
X-Tumblr-Pixel-3
X-TrackingId
X-Thanos
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Cache-Bucket
X-FC-Vary-Parameters
X-Bip
X-Azure-Ref-OriginShield
UCS
X-Geo-Header
X-GeoIP
X-JWT-State
X-Is-Gdpr
X-HS-Content-Campaign-Id
C-Via
Server-Host
X-Irp-Debug
AKAMAI
X-TX-ID
X-Ms-Version
X-Ms-Request-Id
X-TA-CDN-Provider
X-Varnish-Cache-Hits
X-CGP
X-Wikidot-Backend
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
X-Clientip
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Developer
X-DefHash
X-DefElseHash
X-CUA
X-Csrf-Jwt
X-Cache-Id
Wxu-Next-Region
On-Server
Wxu-Next-Hostname
Wxu-Next-Commit
V-Age
NGX
Content-Disposition
X-Cache-Info
X-Developers
X-Wikidot-Static-Cache
X-Backend-State
X-Cache-Tags
X-Esi-Check
X-LI-UUID
X-Scheme
X-Li-Pop
X-Li-Fabric
X-Swa-Ws
X-IP
X-Nginx-Cache-Key
X-Old-Content-Length
X-Request-Host
X-Policy
X-Origin-Response-Time
X-Origin-Expires
X-Origin
X-HN
X-User
X-Fastly-Backend
Cache-Host
X-Eu-Site
X-Adobe-Source
X-DPWN-IS-SECURE
X-B3-Traceid
X-Generated-By
X-Var-Ttl
X-Gzip
X-Variation
X-Varnish-Beresp-Grace
X-Generated-In
X-Dispatcher-Server
X-Branch-Name
X-Cms-Context
Location
Platform
Is-Eu
Server-Hostname
Locid
Server-Ext
NM-Fastcgi-Cache
PFcat
X-Fastly-Cache
X-Core-Value
Magicmarker
HA-Ipaddr
L5d-Success-Class
Adler-Geo
Sever-Int
Ssr
Ha-Gx-Prefs
User-Cache-Control
X-CS
X-Platform-Server
X-Rebelmouse-Cache-Control
X-EC-Lua
X-Hnp-Log
Cf-Bgj
X-Varnish-Hits
X-GoCache-CacheStatus
X-Method
X-NU-AKA-ACS-Version
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Sn-Servicetimems
L
IsBot
X-WADP-Cache
X-Varnish-Beresp-Status
X-Gamma-Serve
X-Hash
X-Slack-Backend
X-Varnish-Beresp-Ttl
X-SIPLIST1
X-Ratelimit-Reset
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
CDN-Uid
CloudFront-Viewer-Country
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Block-Status
Web-Mar-Node
Fastly-SWR
X-Clara-WADP
CDCHOST
Fastly-SIE
X-Cdn-Origin
X-Envoy-Decorator-Operation
X-Gen-Mode
Pramga
X-Fmm-Version
Rt-Fastcgi-Cache
X-Erf-Stays-Bingo-Pdp-Web
X-ID
Apple-News-Services-Handled
X-Servername
X-LB-ID
Fastly-Drupal-HTML
X-Cache-Expires
X-Cache-Debug
Sid
X-Cache-Date
Origin
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
X-HOST
X-Aicache-OS
Apple-News-Services-Request-Url
X-Goog-Meta-Goog-Reserved-File-Mtime
Apple-News-Services-Host
X-Loc
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-Core-Mission
X-NCache
X-CACHE-KEY
X-PF-Uncompressing
X-Nc
X-Via-Poph
Esi-Enabled
X-Request-Start
X-Varnish-Url
X-Via-Popv
X-Via-Popn
Who
X-Refresh
Url
X-CACHE-GROUP
X-Oracle-Dms-Rid
Country-Code
X-Unique-ID
X-NC
X-Cache-Remote
X-Response-By
Pics-Label
X-FireWall-Protection
X-Epic-Correlation-Id
X-Varnish-Cacheable
X-TraceId
S-Rt
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Tb-Optimization-Total-Bytes-Saved
Xkeyi7
X-Planisys-CDN-Cache
X-Proxy-Cachei7
Req-Svc-Chain
Geo-Info
X-B3-Spanid
X-Host-Name
Source
X-Webkit-Csp
N-Cache
Content-Secure-Policy
X-Error
X-BBXSRF
X-Srv
Cmstype
X-Cache-2
Geoip-Latitude
GeoIp-Country-Code
Cmsid
Cross-Origin-Window-Policy
Ohc-File-Size
Filterid
X-Webkit-CSP-Report-Only
X-DC
X-Varnish-Authentication
X-Cc-Req-Id
HitType
X-Cc-Via
X-Contensis-Viewer-Groups
D-Cc-Upstream
X-HS-Status
Server-Ttl
Cteonnt-Length
Svr
X-Served-From
Kp-EeAlive
X-Cache-ASPX
X-RateLimit-Limit
X-Sucuri-Cache
Viewtype
VivaBuild
A
Cache-Key
X-Svr
X-LiteSpeed-Cache-Control
Tcn
X-Vcl-Version
X-URL
X-Cs
X-Wa
X-Li-Proto
X-Servedbyhost
X-HostName
X-Server-IP
M-TraceId
MIME-Version
X-CDN-Forward
TDXMobile
Arc-Country
Cross-Origin-Opener-Policy
X-Origin-Time
X-Nyt-Route
X-Cache-Config
X-FPC
X-Vgn-Hpd-Reason
NGB
X-Air-Source
X-Gdpr
X-Esi
X-API-Version
CACHE
X-RAMCache
Server-ID
X-LI-Proto
Server-Id
Resin-Trace
X-SN
X-VC
NtCoent-Length
X-ServedByHost
Ohc-Cache-HIT
X-Webstats-RespID
X-Check-Cacheable
X-Viewer-Country
X-NodeID
Srv
Request-ID
X-SB
X-Vc
X-WA
SID
X-Newrelic-Synthetics
Hostname
X-UA
X-DI
X-CCDN-Origin-Time
X-DSS
X-DW
X-SD-PageType
Cache-Provider
X-RSL
X-Hcs-Proxy-Type
X-RPM
X-RPS
X-NGINX-Cache
X-DB
X-Service
X-TIM-N
X-VCL-Version
X-Internal-Host
Mime-Version
X-CCDN-CacheTTL
X-PHP-Backend
X-TIME
X-JoinUs
DataCenter
X-NGENIX-Cache
X-SaId
GeoIP-Latitude
X-Edge-Location
X-Render-Time
GeoIP-Country-Code
X-App
X-Geo
XServer
FSS-Cache
ProcessTime
X-Action
X-Forwarded-Site
X-Via-NSCOPI
EpKe-Alive
X-BBC-Edge-Cache-Status
X-Provided-By
X-FTR-Cache-Host
X-Ua
CF-Cached-On
X-CF-Powered-By
W
X-Fpc
X-Extlb
Upgrade-Insecure-Requests
X-Auto-Login
X-Oss-Cdn-Auth
X-Worker
Processtime
X-Bc-Bl
X-Dynatrace-Js-Agent
Proxy-Connection
X-Region-Sid
X-Proxy-Upstream
X-PJAX-URL
X-FORWARDED-FOR
Surrogated-Key
X-Date
We-Hiring
X-Accel-Expires-Debug
X-Cluster-Node
Memcached
X-Depends-On
X-Req
LB
Mail-Subject
X-VC-Cache
X-Cdn-Request-ID
X-HITS
CDN
Cdn
X-Ftr-Cache-Host
X-ZONE
X-UnsetCookies
Env
X-Parent-Response-Time
X-RateLimit-Limit-Second
X-BACKEND-TTL
PICS-Label
X-CSRF-TOKEN
X-RateLimit-Remaining-Second
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
Datacenter
X-MSEdge-Flight
X-MSEdge-Features
X-CACHE-AGE
X-Swift-Error
X-Client-Ip
X-ABtesting
X-Air-Trace-Id
X-Sigma
X-Flog
X-Rocket-Build-Number
Memory
X-Sigma-Backend
X-Men
X-APP
Time
X-Hello
X-Cache-Tag
X-IN-APIGATEWAY
X-BBC-Origin-Response-Status
X-Fastly-Request-Id
X-IN-APIGATEWAYSSL
Dnion-Transfer-Encoding
X-Akamai-Pragma-Client-IP
X-Pad
OT-Force-Account-Verify
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Acquia-Site
X-Acquia-Purge-Tags
Vha6-Origin
X-Pf-Uncompressing
VNS-Age
VNS-Cache
CPC-Cache
CPC-Age
X-Presslabs-Stats
X-Oracle-DMS-ECID
Media-Length
X-Zone
X-Via-PopV
Epwk-X-Cache
X-LiteSpeed-Tag
X-Via-PopH
X-Via-PopN
X-ND-Cache
Cf-Ipcountry
X-Lb-Id
X-Varnish-URL
X-Vcache
X-Akamai-ERPolicy
X-Csrf-Token
X-Ms-Meta-Staticbatchstarttime
X-Akamai-ERRuleID
WZWS-RAY
X-Request-URL
Xet-Cookie
X-Ms-Meta-Originalurl
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-ElasticPress-Search
X-MiniProfiler-Ids
X-Snapshot-Date
X-Request-Url
CountryCode
Content-Style-Type
Fastcgi-Cache-TTL
X-Tid
Content-Script-Type
X-Litespeed-Cache-Control
URI
X-Amz-Meta-Cb-Modifiedtime
NnCoection
Environment
Phost
X-ServerName
X-Storefront-Renderer-Verified
Ohc-Response-Time
X-C
X-B3-Parentspanid
X-Traceid
X-Redis-Duration-Ms
X-Redis-Count
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Inserted-Into-Cache-At