Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
X-Proxy-Cache
X-Cache-Group
EagleId
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
Host-Header
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
P3p
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Cache-Spec
NEL
X-Device
X-CST
X-WebKit-CSP
Allow
Xkey
X-Vhost
X-Host
X-Backend-Server
X-Server-Id
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Akam-SW-Version
X-Ruxit-JS-Agent
Accept-CH
X-ASPNET-VERSION
X-Ac
X-Application-Context
X-Cache-Lookup
X-Country
Accept-CH-Lifetime
X-Template
X-Language
X-Mod-Pagespeed
X-Readtime
Accept-Ch
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Accept-Ch-Lifetime
Rating
X-Origin-Cache
X-HW
X-MS-InvokeApp
X-Cnection
X-Url
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-ORACLE-DMS-ECID
X-Trace
Display
X-Content-Type
Pagespeed
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
X-D2id
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
Verso
X-ORACLE-DMS-RID
X-Vcap-Request-Id
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-FastCGI-Cache
X-Buckets
X-Varnish-TTL
X-Server-Name
X-Navigation-Version
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-VARITI-CCR
X-Abt-Application-Version
X-TTL
X-Fastly-Request-ID
X-Client-IP
X-Cache-TTL
X-Webkit-CSP
Fastly-Restarts
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Cached
X-Release
X-MSEdge-Ref
SPRequestGuid
X-SharePointHealthScore
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-B3-TraceId-Primal
Public-Key-Pins
Mrf-Cache-Status
MRF-Tech
RTSS
Access-Control-Request-Method
AR-PoweredBy
X-SRCache-Fetch-Status
AR-Request-ID
AR-CACHE
X-SRCache-Store-Status
AR-ATIME
Ar-Sid
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
Cache-Tag
X-Upstream
Content-MD5
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Px
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
X-HP-Webp
X-Jurisdiction
S
X-Version
X-Mid
X-MCACHE
X-ECACHE
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-T
X-Ttl
Cache-Tags
X-Id
MicrosoftSharePointTeamServices
Filters
Front-End-Https
X-DynaTrace
X-Content-Security-Policy-Report-Only
X-Logged-In
X-Accel-Expires
Server-Node
Edge-Cache-Tag
X-Debug
X-Forwarded-Proto
X-Grace
TCN
X-Forwarded-For
TP-Cache
TP-L2-Cache
Server-Name
Nginx-Cache
X-XRDS-LOCATION
X-Amzn-Trace-Id
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Processing-Time
X-Request-Received
Surrogate-Key
X-Pinterest-Direct
X-Shield-Request-Id
X-Varnish-Age
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Yandex-Sdch-Disable
X-Ser
X-Hits
X-Az
X-Activity-Id
X-AppVersion
X-Amz-Replication-Status
X-F-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-DIS-Request-ID
X-Ruxit-Js-Agent
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Origin-Server
X-Fastcgi-Cache
Accept-Charset
X-Geo-Country
Alternate-Protocol
X-Git-Hash
X-Respond-Thread
X-Rid
Cache
Section-Io-Cache
X-Frontend
X-Cache-Key
X-FTR-Request-ID
Nel
X-XRDS-Location
Host
X-LB-Cache
X-Upgrade-Enabled
X-DataDome
X-Time
Access-Control-Allow-Method
X-NWS-LOG-UUID
X-Seen-By
X-Mobile-URL
X-Cache-Age
MS-CV
Paypal-Debug-Id
X-VCache
X-AOL-HN
X-IPLB-Instance
X-Hostname
ServerID
X-TT
Healthy
X-Type
X-Content-Options
Cleartype
X-Varnish-Backend
Powered-By-ChinaCache
X-Whom
Payment
X-Providence-Cookie
X-Is-Crawler
X-Request-Guid
X-Flags
X-App-Environment
X-Route-Name
X-Aspnet-Duration-Ms
X-Cache-Action
X-Signature
X-B-Cache
X-Server-ID
X-Page-Id
X-Source
X-Jobs
X-Debug-Info
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-Load-Cache
X-Daa-Tunnel
X-N
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-FB-Debug
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-RateLimit-Remaining
X-Via-JSL
Realpath
X-Contextid
Refresh
Version
Node
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Original-Request-Id
X-Cached-By
X-Accel-Buffering
X-Rule
X-Response-Served-From
X-Framework
X-RTag
Ms-Operation-Id
X-Cacheable-TTL
DC
X-Akamai-Edgescape
X-Proxy
X-Zen-Fury
X-RemovedCookies
X-ProcessESI
Viewport
X-Cache-Operation
X-HTML-Minification-Powered-By
X-B
Access-Control-Request-Headers
X-Cache-Time
X-Distributor
X-Instance
X-Cache-Rule
X-Real-IP
Referer-Policy
X-Region
X-Drupal-Cache-Contexts
X-Page-View
X-UUID
Eomportal-Instance
X-Cache-Expired-At
X-Cluster-Name
X-Tt-Trace-Tag
X-Tt-Trace-Host
VIX-Pulpo-Upstream-Status
Countrycode
X-Content-Powered-By
VIX-Pulpo-Node
X-Cache-Control
X-FW-Server
X-FW-Static
X-FW-Dynamic
X-FW-Serve
X-FW-Hash
X-FW-Type
X-Yottaa-Optimizations
Liferay-Portal
X-Yottaa-Metrics
X-G
X-Cache-Hit
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Environment-Context
X-L-Path
DynaTrace
X-FireWall-Port
X-Pass-Why
X-App-Server
Server-Info
X-Ratelimit-Limit
GEO-INFO
Xserver
X-User-Agent
Section-Origin-Responded
Section-Io-Origin-Status
X-Protected-By
X-Varnish-Ttl
CF-IPCountry
Section-Io-Id
Section-Io-Origin-Time-Seconds
Webserver
From-Origin
Ec-Rule-Version
X-Tumblr-Pixel-2
SRV
X-Www-Served-By
X-Node-Name
Protected
X-Nginx-Cache
X-Ratelimit-Remaining
X-Cache-Server
Meta-Geo
X-ES-SERVER
X-RN-RSRV
X-UPSTREAM-Address
X-Debug-IsPreview
X-Debug-IsConnected
X-Endurance-Cache-Level
X-Hl-Ver
X-Mode
X-Handled-By
X-Backend-Name
X-Device-Type
X-Adobe-Loc
Frame-Options
Cache-Tv-Group
X-Adobe-Content
X-FB-TRIP-ID
Cache-Status
X-Uri
X-Site-Version
X-Locale
X-NYM-Debug-Backend
X-UA-Device-Type
X-Labrador-Cache-Channel
X-MP-GENERATED-AT
X-Be
X-Varnishpool
X-Web-Node
X-Storage
X-Soup
X-PHP-Host
TWC-Connection-Speed
X-Human
X-ProxyCache-Status
X-Pubstack
X-Redis-Cache
Webcakes-Region
X-BYPASS-REASON
X-No-Session
X-OCL
X-Proto
X-Proxy-Build
X-PCL
X-Origin-Hint
X-Origin-Date
Webcakes-App-Version
Webcakes-App-Name
X-Request-Time
Fastly-SSL
Decoy-Debug-TTL
Decoy-Debug-Status
Country
Decoy-Debug-Key
Property-Id
Selected-Fe
TWC-Locale-Group
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
Cache-Name
X-Sql-Count
X-Via-Fastly
X-Timing-Wait
X-Hyper-Cache
X-Sql-Duration-Ms
X-WA-Info
X-ProxyCache-Key
X-R9-Blue-Green-Version
X-TNCMS
X-Say-Cacheable
X-AWS-Id
X-Say-TTL
X-Loop
X-S-Maxage
Azure-SiteName
Azure-InstanceId
Azure-SlotName
Azure-Version
X-LAGOON
X-SayCDN-TTL
X-Section
X-VWS-Id
X-Access
X-FW-Version
X-LJ-Flow-ID
Retry-After
X-AIR-PT
X-Format
Azure-RegionName
X-Server-W
X-Hosted-By
X-PERF
X-ApacheServer
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Status
X-CCM
X-ShopId
X-Sorting-Hat-ShopId
X-Cache-Grace
X-Shopify-Stage
X-Revision
X-Xfnlog-Site
X-Forwarded-Host
X-ShardId
X-Cluster
X-Sorting-Hat-PodId
X-Cache-TTL-Remaining
X-Varnish-Grace
X-TT-LOGID
Mn-Server-Ip
X-Tec-Api-Origin
X-Proxied
X-Tec-Api-Root
X-Tec-Api-Version
X-Zipkin-Id
X-Routing-Service
X-Is-Bot
X-Dc
X-Webkit-Csp
X-Rendered-As
Apigw-Requestid
X-Qloud-Router
X-Varnish-Server
X-Amz-Meta-S3cmd-Attrs
S-Cnection
X-Info
AMP-Access-Control-Allow-Source-Origin
X-SRV
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-Via-CDN
Cache-Hits
X-Cache-Enabled
X-GG-Cache-Date
X-Microcachable
X-Content-Age
Uber-Trace-Id
X-Platform
X-Proxy-Cache-Status
X-Cdn
X-TA-CDN-Provider
X-Detected-As
X-Cache-Host
X-EdgeConnect-Cache-Status
X-Azure-Ref
X-Amz-Apigw-Id
X-Backend-Host
X-Amzn-RequestId
X-CSRF-Token
X-FTR-Expires
X-Amzn-Remapped-Content-Length
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
X-Correlation-ID
X-Air-Hostname
X-Aspnetmvc-Version
Tracecode
SD-X-WS
Akamai-GRN
X-ATG-Version
X-Time-Microsecs
X-Oss-Hash-Crc64ecma
X-Unique-Id
X-Oss-Object-Type
HostName
X-Oss-Storage-Class
X-Cache-Var
X-Cache-Var-Map
X-Oss-Request-Id
X-App-Version
X-Oss-Server-Time
X-Trace-Id
X-ServerID
X-Backend-TTL
X-DynaTrace-JS-Agent
X-Tb
X-Debug-Cache
ServedBy
X-RCS-CacheZone
X-BCube-Filmed-By
X-Cache-NGX
X-Cache-PHP
X-Varnish-Hostname
X-GEO
Backend
X-B3-SpanId
X-Sucuri-ID
DSUID
DB-Nickname
X-Cache-NE
X-Origin-CC
X-CF-Lambda-Fn
Instruction
X-Connection-Hash
X-NAPM-TraceId
X-CF-Lambda-Version
Machine
Meta-Geo-Continent
X-PBS-Appsvrname
Mobile-Detection-Method
X-Processor
X-From
X-PAYTM-SRV-ID
MD5-Digest
X-Location
X-Owner
X-Origin-TTL
X-Level-Front-Cache
Xc-Version
Thinkindot-Control
X-External-Request-Id
X-GeoIP-City
X-Vtex-Processado-Em
X-Fetched-On
X-Generated-On
X-Generation-Time
BehaviorPad-Version
X-Device-Os
X-B-Cookie
DCR-Processing-Time-Ms
Expiry
X-Ms-Request-Id
X-Ms-Version
X-Destination
X-D
DCR-Decision-By
Fastcgi-X-Cache-Version
X-Magnolia-Registration
X-A-Dam
X-Trv-Group
X-Cdn-Forward
Release
X-Thinkindot-L3
X-Vtex-Remote-Cache
X-Aed
X-A-Wwc
X-A-Dgt
Rendered-Blocks
X-A-Ccd
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
Thinkindot-CacheControl-Type
X-Vdms-Path
Thinkindot-CacheControl
X-A
SR-User-Adfree
T-Server
X-Application
X-A-Dcw
X-S-Cookie
Path
X-ScT
X-S
X-Rewrite-Enabled
Odigeo-Trace-Id
X-ARC
X-Request-UUID
X-Session-Fingerprint
X-Rojux
X-SRCache-Key
X-Cache-Backend
X-Akamai-Transformed
X-Adobe-Source
X-Azure-Ref-OriginShield
X-Core-Value
Pagetype
X-Fastly-Cache
X-FC-Vary-Parameters
UCS
NGX
PB-RID
AKAMAI
On-Server
X-Bip
Server-Host
Cf-Device-Type
Content-Disposition
Host-ID
X-Cache-Bucket
X-Cms-Context
CacheControlHeader
PB-PID
Arc-Version
Fastly-Backend-Name
C-Via
Gh-Request-Id
X-GeoIP
X-SVT-ORM-VERSION
X-CS
X-JWT-State
X-Node-Id
X-SVT-ORM-RULES
X-Tumblr-Pixel-3
X-Irp-Debug
X-Reqid
X-Thanos
X-APP-VERSION
X-TrackingId
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Geo-Header
X-OVcl
X-Micro-Cache
X-TX-ID
X-VServer
X-OVcl-Cache
X-Varnish-Cache-Hits
X-Mvc-Supplant-Cachable
X-Skip-Cache
X-Has-Esi
X-CACHE-KEY
User-Cache-Control
X-Rebelmouse-Cache-Control
X-Platform-Server
X-Block-Status
X-Policy
X-Backend-State
X-Request-Host
X-Ratelimit-Reset
X-Rebelmouse-Surrogate-Control
X-Swa-Ws
V-Age
Web-Mar-Node
Wxu-Next-Commit
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
X-VarnishDD-TTL
X-Varnish-Remaining-TTL
Wxu-Next-Hostname
X-Varnish-Beresp-Grace
X-Origin-Response-Time
X-WADP-Cache
X-User
X-Var-Ttl
Wxu-Next-Region
X-Variation
X-Scheme
X-Old-Content-Length
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-IP
X-Developers
X-Wikidot-Static-Cache
X-DefHash
X-Developer
X-Esi-Check
X-Eu-Site
X-GoCache-CacheStatus
X-Generated-In
X-Fmm-Version
X-Fastly-Backend
X-Gzip
X-Hnp-Log
X-HN
X-DefElseHash
X-Wikidot-Backend
X-Generated-By
X-NU-AKA-ACS-Version
X-CGP
X-Cache-Tags
X-Origin
X-Origin-Expires
X-Cache-Id
X-Cache-Info
X-Nginx-Cache-Key
X-Clara-WADP
X-Csrf-Jwt
X-Li-Fabric
X-CUA
X-Li-Pop
X-LI-UUID
X-Clientip
X-Matched-Rule
X-Branch-Name
X-Gen-Mode
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
CDN-Uid
Is-Eu
L5d-Success-Class
Magicmarker
Locid
Location
Lfy
CDN-RequestId
CDN-RequestCountryCode
Cache-Host
Adler-Geo
X-NewRelic-App-Data
X-B3-Traceid
CDCHOST
CDN-Cache
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
NM-Fastcgi-Cache
Fastly-SIE
Server-Hostname
Server-Ext
Platform
PFcat
Sever-Int
Ssr
X-Method
X-EC-Lua
True-Client-Country-4JS
X-Varnish-Beresp-Status
X-Hash
X-Varnish-Beresp-Ttl
CloudFront-Viewer-Country
Rt-Fastcgi-Cache
Vix-Hermes-Req-Id
X-Slack-Backend
X-SIPLIST1
X-Varnish-Hits
X-Request-URI
X-Gamma-Serve
Cf-Bgj
L
X-Cache-Debug
IsBot
X-VG-TLSProxy
X-LB-ID
X-Nc
Sid
X-ID
Apple-News-Services-Parsed-Url
Origin
Apple-News-Services-Host
Apple-News-Services-Handled
X-Kinja-Server-Push
X-Sn-Servicetimems
X-Goog-Meta-Goog-Reserved-File-Mtime
Apple-News-Services-Request-Url
X-Cache-Expires
X-Loc
X-Aicache-OS
Pramga
X-Cdn-Origin
Fastly-Drupal-HTML
X-CLOUD-TRACE-CONTEXT
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
X-Cache-Date
X-NCache
Esi-Enabled
X-Servername
Who
X-Via-Popv
X-Core-Mission
Country-Code
X-Refresh
X-Via-Popn
X-Unique-ID
X-Via-Poph
X-Varnish-Url
X-Erf-Stays-Bingo-Pdp-Web
X-Request-Start
Pics-Label
X-Tb-Optimization-Total-Bytes-Saved
Url
Geo-Info
X-Epic-Correlation-Id
X-FireWall-Protection
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
Req-Svc-Chain
X-TraceId
X-Cache-Remote
X-NC
X-Dynatrace
Filterid
X-Varnish-Cacheable
Tcn
X-Response-By
Cmstype
S-Rt
Xkeyi7
X-Error
Cmsid
X-RateLimit-Limit
X-Proxy-Cachei7
X-Srv
Source
Kp-EeAlive
Svr
Content-Secure-Policy
X-HS-Status
GeoIp-Country-Code
X-BBXSRF
N-Cache
Geoip-Latitude
X-Served-From
X-B3-Spanid
X-Webkit-CSP-Report-Only
Viewtype
X-Cache-2
X-DC
Cache-Key
HitType
X-Host-Name
Server-Ttl
VivaBuild
A
Cross-Origin-Window-Policy
X-Sucuri-Cache
Ohc-File-Size
X-Servedbyhost
Cteonnt-Length
D-Cc-Upstream
X-Wa
MIME-Version
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
X-Varnish-Authentication
X-Cc-Via
X-Cc-Req-Id
M-TraceId
NGB
X-Cache-ASPX
X-Vcl-Version
X-URL
X-CDN-Forward
X-Svr
X-Li-Proto
X-Air-Source
X-HostName
Cross-Origin-Opener-Policy
Arc-Country
TDXMobile
NtCoent-Length
X-Oracle-Dms-Rid
X-Cs
Server-ID
X-Vgn-Hpd-Reason
X-Server-IP
X-Esi
CACHE
X-LI-Proto
X-RAMCache
X-Cache-Config
X-API-Version
X-Vc
X-Gdpr
X-Origin-Time
X-Nyt-Route
X-FPC
X-HOST
X-SaId
X-SN
X-Check-Cacheable
Request-ID
X-PHP-Backend
Resin-Trace
X-NGENIX-Cache
X-VC
Server-Id
SID
X-Viewer-Country
X-VCL-Version
X-Internal-Host
X-WA
X-JoinUs
X-ServedByHost
X-Newrelic-Synthetics
X-Service
DataCenter
X-Edge-Location
X-UA
X-Geo
X-NodeID
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
Mime-Version
X-CCDN-CacheTTL
X-TIM-N
X-RPS
X-DB
X-SB
X-Webstats-RespID
X-DI
X-DSS
X-RSL
X-RPM
X-DW
Cache-Provider
CF-Cached-On
Ohc-Cache-HIT
Hostname
X-Extlb
GeoIP-Country-Code
X-Via-NSCOPI
GeoIP-Latitude
Srv
X-SD-PageType
X-App
FSS-Cache
X-Forwarded-Site
X-NGINX-Cache
XServer
X-Render-Time
X-BBC-Edge-Cache-Status
ProcessTime
X-Bc-Bl
X-Action
X-TIME
X-FTR-Cache-Host
X-Date
X-Fpc
X-Depends-On
Mail-Subject
LB
X-Oss-Cdn-Auth
Upgrade-Insecure-Requests
Surrogated-Key
We-Hiring
X-Accel-Expires-Debug
Memcached
X-Region-Sid
EpKe-Alive
X-PJAX-URL
X-VC-Cache
X-CF-Powered-By
X-Req
X-Proxy-Upstream
X-ZONE
X-Provided-By
X-Dynatrace-Js-Agent
X-Swift-Error
X-Ua
X-UnsetCookies
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-FORWARDED-FOR
Processtime
X-Auto-Login
Env
W
X-Worker
X-HITS
X-Cdn-Request-ID
X-MSEdge-Features
Memory
Time
X-Fastly-Backend-Reqs
X-BACKEND-TTL
X-Ftr-Cache-Host
X-APP
X-MSEdge-Flight
Cdn
X-Men
X-Air-Trace-Id
X-CSRF-TOKEN
Proxy-Connection
X-Sigma
X-Sigma-Backend
X-Dw-Trace-Id
X-Rocket-Build-Number
X-Cluster-Node
CDN
X-Client-Ip
X-Akamai-Pragma-Client-IP
X-CACHE-AGE
PICS-Label
VNS-Cache
X-Hello
X-Flog
X-ABtesting
Datacenter
Dnion-Transfer-Encoding
CPC-Cache
X-IN-APIGATEWAYSSL
X-BBC-Origin-Response-Status
X-Fastly-Request-Id
X-IN-APIGATEWAY
CPC-Age
X-Cache-Tag
VNS-Age
X-Parent-Response-Time
X-Pad
X-Via-PopH
Media-Length
X-Via-PopV
X-Via-PopN
X-Acquia-Site
X-Acquia-Purge-Tags
Vha6-Origin
X-Acquia-Application-Trace
X-Zone
X-Presslabs-Stats
X-Oracle-DMS-ECID
X-Pf-Uncompressing
X-Acquia-Application-UUID
Epwk-X-Cache
OT-Force-Account-Verify
X-LiteSpeed-Tag
Cf-Ipcountry
X-Vcache
X-Akamai-ERRuleID
X-Akamai-ERPolicy
Xet-Cookie
X-ElasticPress-Search
X-Ms-Meta-Staticbatchstarttime
X-Csrf-Token
X-Lb-Id
My-App
State
Fastcgi-Cache-TTL
X-ND-Cache
X-ServerName
X-Ms-Meta-Originalurl
X-Varnish-URL
X-Request-Url
X-MiniProfiler-Ids
X-ElasticPress-Query
X-Snapshot-Date
X-Varnish-Beresp-TTL
WZWS-RAY
X-Request-URL
CountryCode
X-Tx-Id
X-B3-Parentspanid
X-Litespeed-Cache-Control
NnCoection
X-Apw-Hits
Content-Script-Type
X-Apw-Access-Token
URI
X-Traceid
X-Apw-Access-Action
Content-Style-Type
X-Apw-Access-Object
X-Amz-Meta-Cb-Modifiedtime
Ohc-Response-Time
X-Debug-Cache-Store
X-C
X-Storefront-Renderer-Verified
X-Debug-Cache-Fetch
Inserted-Into-Cache-At
X-Redis-Count
Phost
X-Tid
Environment
X-Redis-Duration-Ms