Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Request-Id
Access-Control-Allow-Methods
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Request-ID
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Ua-Compatible
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
Host-Header
X-Server-Powered-By
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Cache-Spec
X-Amz-Version-Id
X-Device
X-CST
Allow
X-Vhost
X-Host
X-Backend-Server
Xkey
X-Server-Id
X-WebKit-CSP
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
Accept-Ch
X-Application-Context
X-Ac
X-Cache-Lookup
X-Country
X-Template
Accept-Ch-Lifetime
X-Mod-Pagespeed
X-Language
Accept-CH
X-Readtime
X-Cloud-Trace-Context
Accept-CH-Lifetime
MS-Author-Via
X-B3-TraceId
Rating
X-HW
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-Url
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-ORACLE-DMS-RID
X-Trace
X-ORACLE-DMS-ECID
X-Content-Type
Pagespeed
X-Middleton-Display
X-Sol
Response
X-Middleton-Response
Display
X-Varnish-TTL
X-D2id
Arr-Disable-Session-Affinity
X-GoogleNews-Bot
Verso
X-Exp-Id
X-Kinja
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Cdn-Fetch
X-Exp-Variant
X-Vcap-Request-Id
X-TTL
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-Powered-By-Plesk
X-Navigation-Version
Service-Worker-Allowed
X-Server-Name
X-VARITI-CCR
X-Buckets
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
X-FastCGI-Cache
X-Webkit-CSP
X-Client-IP
Fastly-Restarts
X-Cache-TTL
X-Release
X-Cached
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-Element-Page-Cache
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
SPRequestGuid
X-SharePointHealthScore
X-Oneagent-Js-Injection
X-NF-Request-ID
SPIisLatency
SPRequestDuration
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
RTSS
Access-Control-Request-Method
AR-Request-ID
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
X-Edge
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-LLID
Cache-Tag
X-Powered-CMS
X-Ezoic-Cdn
X-Litespeed-Cache
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
X-Origin-Upstream-Status
X-Version
S
Fusion-Template-Id
Fusion-Source
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Content-Id
X-Px
X-ECACHE
X-MCACHE
X-Mid
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
X-DynaTrace
Fastcgi-Cache
X-T
Cache-Tags
X-Amz-Server-Side-Encryption
X-Id
X-Logged-In
Filters
X-Accel-Expires
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
Edge-Cache-Tag
X-Forwarded-Proto
Server-Node
Front-End-Https
X-Correlation-Id
TP-Cache
TP-L2-Cache
X-Grace
X-Forwarded-For
Server-Name
X-Debug
X-Fastcgi-Cache
Nginx-Cache
X-Hits
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Received
X-Request-Processing-Time
TCN
X-B3-Sampled
X-Ttl
X-Shield-Request-Id
X-Yandex-Sdch-Disable
Surrogate-Key
X-Varnish-Age
X-Microsite
X-Request-Handler-Origin-Region
X-AppVersion
X-Activity-Id
X-Az
X-Ser
X-Amz-Replication-Status
X-HS-Cache-Config
X-HS-Hub-Id
X-F-Cache
X-XRDS-Location
X-HS-Content-Id
X-HS-Combine-CSS
X-XRDS-LOCATION
X-Origin-Server
Alternate-Protocol
X-Goog-Generation
X-DIS-Request-ID
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-Pinterest-Direct
Accept-Charset
X-Geo-Country
X-Git-Hash
X-Rid
X-Cache-Key
X-Frontend
X-Respond-Thread
Section-Io-Cache
Host
X-NWS-LOG-UUID
X-LB-Cache
X-Upgrade-Enabled
X-DataDome
X-Time
Cache
Access-Control-Allow-Method
X-Seen-By
X-Mobile-URL
X-VCache
X-FTR-Request-ID
MS-CV
X-Server-ID
X-Cache-Age
ServerID
Paypal-Debug-Id
X-IPLB-Instance
Healthy
X-Type
X-AOL-HN
X-TT
X-Content-Options
X-Whom
X-Source
X-Hostname
X-Varnish-Backend
X-Is-Crawler
Payment
X-Route-Name
X-Request-Guid
X-Flags
X-App-Environment
X-Providence-Cookie
X-Aspnet-Duration-Ms
X-Signature
Cleartype
X-B-Cache
X-Cache-Action
X-Page-Id
X-Daa-Tunnel
Fastcgi-Useragent
X-Jobs
X-Debug-Info
X-RateLimit-Remaining
X-WebKit-CSP-Report-Only
X-Load-Cache
X-N
Powered-By-ChinaCache
X-FB-Debug
Nel
X-Webkit-Csp
X-Mobile
Realpath
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Contextid
X-Erf-Bev-Bev
Node
X-Via-JSL
Refresh
X-TEC-API-ORIGIN
X-Rule
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Drupal-Cache-Tags
X-Zen-Fury
Version
X-Accel-Buffering
X-Wix-Request-Id
X-Response-Served-From
X-Original-Request-Id
Ms-Operation-Id
DC
X-Framework
X-Cache-Expired-At
X-RTag
X-Proxy
X-Cacheable-TTL
X-RemovedCookies
X-ProcessESI
Referer-Policy
X-Instance
X-HTML-Minification-Powered-By
X-Cluster-Name
X-Drupal-Cache-Contexts
X-Distributor
X-Cache-Time
Access-Control-Request-Headers
X-Real-IP
X-Region
X-B
X-FW-Dynamic
X-FW-Hash
X-Cache-Control
Viewport
X-FW-Serve
X-Content-Powered-By
Eomportal-Instance
X-Page-View
X-Akamai-Edgescape
X-Tt-Trace-Tag
X-Cached-By
X-UUID
X-FW-Static
X-FW-Server
X-FW-Type
X-Tt-Trace-Host
Countrycode
X-Cache-Operation
VIX-Pulpo-Node
X-Cache-Rule
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
Liferay-Portal
X-Cache-Hit
X-Yottaa-Optimizations
X-FireWall-Port
X-Yottaa-Metrics
X-G
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
X-Pass-Why
X-Environment-Context
X-L-Path
X-App-Server
Server-Info
DynaTrace
SRV
CF-IPCountry
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
X-User-Agent
X-Protected-By
X-Debug-IsPreview
Ec-Rule-Version
X-Debug-IsConnected
From-Origin
Xserver
X-Tumblr-Pixel-2
Webserver
X-Www-Served-By
X-Nginx-Cache
GEO-INFO
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Ratelimit-Limit
X-Device-Type
X-Mode
Meta-Geo
X-RN-RSRV
X-Endurance-Cache-Level
X-ES-SERVER
X-Adobe-Content
X-Adobe-Loc
X-Hl-Ver
X-UPSTREAM-Address
X-Handled-By
X-MP-GENERATED-AT
Protected
Cache-Tv-Group
X-FB-TRIP-ID
X-Locale
X-Site-Version
X-Cache-Server
X-Backend-Name
X-Uri
TWC-Device-Class
TWC-Connection-Speed
X-Storage
X-Web-Node
X-UA-Device-Type
Cache-Status
Retry-After
X-Varnishpool
X-Origin-Hint
Property-Id
TWC-GeoIP-Country
X-Node-Name
TWC-Locale-Group
X-Soup
X-PHP-Host
Webcakes-Region
X-Labrador-Cache-Channel
Webcakes-App-Version
TWC-GeoIP-LatLong
TWC-Privacy
X-Varnish-Grace
Webcakes-App-Name
X-Be
X-NYM-Debug-Backend
X-ProxyCache-Key
Fastly-SSL
X-FW-Version
X-Sql-Count
Country
X-WA-Info
X-Human
X-LJ-Flow-ID
X-R9-Blue-Green-Version
X-No-Session
X-Origin-Date
Cache-Name
X-BYPASS-REASON
X-VWS-Id
X-Via-Fastly
X-Access
X-Server-W
X-Sql-Duration-Ms
Decoy-Debug-TTL
Selected-Fe
X-Request-Time
X-Proto
X-Redis-Cache
X-OCL
X-Section
X-Pubstack
X-ProxyCache-Status
Decoy-Debug-Status
X-Proxy-Build
X-AWS-Id
X-Timing-Wait
X-PCL
Frame-Options
X-Format
Decoy-Debug-Key
Mn-Server-Ip
Azure-SiteName
Azure-RegionName
Azure-InstanceId
X-Proxied
X-Status
X-AIR-PT
X-Cache-TTL-Remaining
X-Hosted-By
X-Hyper-Cache
X-Loop
Azure-Version
Azure-SlotName
X-ApacheServer
X-SayCDN-TTL
X-LAGOON
X-Xfnlog-Site
X-Zipkin-Id
X-PERF
X-Say-Cacheable
X-Say-TTL
X-S-Maxage
X-Routing-Service
X-TNCMS
X-Sorting-Hat-PodId
X-Shopify-Stage
X-CCM
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Cache-Grace
X-TT-LOGID
X-Varnish-Server
X-Forwarded-Host
Apigw-Requestid
X-Cluster
X-GG-Cache-Date
X-Rendered-As
X-Revision
X-Info
X-SRV
X-Is-Bot
X-Dc
X-Qloud-Router
S-Cnection
X-Ratelimit-Remaining
X-Cache-Enabled
X-Microcachable
AMP-Access-Control-Allow-Source-Origin
Uber-Trace-Id
X-Cdn
X-Content-Age
X-Proxy-Cache-Status
X-Via-CDN
X-Platform
Cache-Hits
X-Country-Code-Real
X-Azure-Ref
X-App-Version
X-FTR-Backend
X-FTR-Cache-Status
X-FTR-DC
X-NWS-UUID-VERIFY
X-FTR-Balancer
X-FTR-Realm
X-FTR-Backend-Server
X-TA-CDN-Provider
X-Backend-Host
X-Varnish-Ttl
Amp-Access-Control-Allow-Source-Origin
X-Cache-Host
X-Amz-Meta-S3cmd-Attrs
X-Detected-As
X-Aspnetmvc-Version
X-CSRF-Token
X-FTR-Expires
X-Amz-Apigw-Id
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
Akamai-GRN
X-EdgeConnect-Cache-Status
X-ATG-Version
X-B3-SpanId
X-Oss-Hash-Crc64ecma
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Server-Time
X-CS
X-Trace-Id
X-Air-Hostname
X-Oss-Storage-Class
SD-X-WS
Tracecode
ServedBy
X-Debug-Cache
X-RCS-CacheZone
X-Time-Microsecs
X-Varnish-Hostname
X-Cache-PHP
X-Cache-NGX
X-Correlation-ID
X-Akamai-Transformed
X-BCube-Filmed-By
X-ServerID
X-Backend-TTL
DB-Nickname
X-Tb
X-Cache-Var-Map
HostName
X-Unique-Id
X-Cache-Var
Backend
X-NewRelic-App-Data
Release
DCR-Decision-By
X-Fetched-On
X-Device-Os
X-Destination
Rendered-Blocks
X-From
X-External-Request-Id
X-GeoIP-City
Thinkindot-CacheControl-Type
X-Magnolia-Registration
X-NAPM-TraceId
X-Location
X-Level-Front-Cache
X-Generation-Time
X-D
BehaviorPad-Version
X-Generated-On
X-CF-Lambda-Version
X-A-Dam
X-A-Dcw
X-A-Dgt
X-A-Wwc
X-A-Ccd
X-A
Thinkindot-Control
Thinkindot-CacheControl
T-Server
X-Aed
X-Application
X-CF-Lambda-Fn
Mobile-Detection-Method
X-Adobe-Source
X-Ms-Request-Id
X-Ms-Version
X-ARC
X-B-Cookie
X-Cache-NE
X-Connection-Hash
Odigeo-Trace-Id
Meta-Geo-Continent
X-SRCache-Key
X-Thinkindot-L3
Fastcgi-X-Cache-Version
X-DynaTrace-JS-Agent
X-ScT
X-Rojux
X-S
X-S-Cookie
X-Trv-Group
Expiry
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
DCR-Processing-Time-Ms
X-VG-WebServer
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-Rewrite-Enabled
X-Session-Fingerprint
X-PBS-Appsvrname
MD5-Digest
X-Request-UUID
X-Owner
X-PAYTM-SRV-ID
Machine
X-Processor
X-EC-Lua
X-Origin-TTL
X-Origin-CC
X-Nc
DSUID
X-GEO
X-Sucuri-ID
X-TX-ID
NGX
Magicmarker
SR-User-Adfree
Server-Hostname
Server-Ext
Instruction
PB-PID
PB-RID
Locid
Host-ID
Gh-Request-Id
Pagetype
Sever-Int
Server-Host
Path
Fastly-Backend-Name
On-Server
X-FC-Vary-Parameters
X-OVcl
X-OVcl-Cache
X-Policy
X-Node-Id
X-Nginx-Cache-Key
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-Reqid
X-Skip-Cache
X-Tumblr-Pixel-3
X-VServer
X-TrackingId
X-Thanos
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-JWT-State
X-Is-Gdpr
X-Bip
X-Cache-Bucket
X-Azure-Ref-OriginShield
Wxu-Next-Region
Wxu-Next-Commit
Wxu-Next-Hostname
X-Cms-Context
X-Core-Value
X-HS-Content-Campaign-Id
X-Irp-Debug
X-GeoIP
X-Geo-Header
X-Developers
X-Fastly-Cache
UCS
X-Has-Esi
Arc-Version
AKAMAI
X-B3-Traceid
X-Varnish-Cache-Hits
C-Via
CacheControlHeader
Cf-Device-Type
Content-Disposition
User-Cache-Control
X-Cdn-Forward
X-Varnish-Beresp-Grace
X-LI-UUID
X-Method
X-NU-AKA-ACS-Version
X-Li-Pop
X-Li-Fabric
X-IP
X-Clientip
X-Old-Content-Length
X-CUA
X-Origin-Response-Time
Web-Mar-Node
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-Scheme
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Origin-Expires
X-Hnp-Log
X-Platform-Server
X-Csrf-Jwt
X-Origin
X-HN
X-Cache-Tags
X-Envoy-Decorator-Operation
X-Esi-Check
X-Cache-Info
X-Cache-Id
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-DefElseHash
X-CGP
X-DefHash
X-Developer
X-Eu-Site
X-Cache-Debug
X-GoCache-CacheStatus
Ssr
X-Gzip
X-Backend-State
X-Generated-By
X-Block-Status
X-Fastly-Backend
X-Fmm-Version
X-Gen-Mode
X-Branch-Name
X-Clara-WADP
X-Swa-Ws
L5d-Success-Class
IsBot
Is-Eu
CDN-PullZone
Location
CDN-EdgeStorageId
X-SIPLIST1
CDN-Cache
CDN-CachedAt
CDN-RequestCountryCode
V-Age
Fastly-SIE
CDN-Uid
Cf-Bgj
X-User
Fastly-SWR
X-Generated-In
HA-Ipaddr
Ha-Gx-Prefs
CDN-RequestId
Cache-Host
CDCHOST
X-VarnishDD-TTL
X-WADP-Cache
NM-Fastcgi-Cache
X-Wikidot-Backend
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Var-Ttl
X-Variation
X-Varnish-CookieHashed-On
PFcat
Platform
X-Wikidot-Static-Cache
Adler-Geo
X-ID
X-Varnish-Beresp-Ttl
X-Cache-Backend
X-Request-URI
Apple-News-Services-Parsed-Url
X-Varnish-Beresp-Status
X-VG-TLSProxy
X-Unique-ID
Apple-News-Services-Request-Url
X-Slack-Backend
Apple-News-Services-Host
X-Varnish-Hits
Who
True-Client-Country-4JS
Esi-Enabled
X-Matched-Rule
Apple-News-Services-Handled
X-Gamma-Serve
Vix-Hermes-Req-Id
X-Hash
L
Rt-Fastcgi-Cache
Origin
Lfy
X-CLOUD-TRACE-CONTEXT
Country-Code
Fastly-Drupal-HTML
X-Mvc-Supplant-OutputCached
X-Loc
CloudFront-Viewer-Country
X-LB-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Aicache-OS
X-RateLimit-Limit
X-CACHE-KEY
Sid
Geo-Info
X-APP-VERSION
Pics-Label
X-NCache
X-PF-Uncompressing
X-Sn-Servicetimems
X-Via-Poph
X-Via-Popn
X-Via-Popv
Pramga
Tcn
X-Cdn-Origin
X-Varnish-Url
X-Cache-Expires
X-Core-Mission
X-Servername
X-Epic-Correlation-Id
X-Cache-Date
Filterid
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Request-Start
Url
X-Tb-Optimization-Total-Bytes-Saved
X-Refresh
X-TraceId
Cmstype
X-FireWall-Protection
Cmsid
Req-Svc-Chain
X-Served-From
X-Varnish-Cacheable
Kp-EeAlive
X-Error
Svr
A
Cache-Key
MIME-Version
Viewtype
NGB
Source
VivaBuild
X-Response-By
X-Erf-Stays-Bingo-Pdp-Web
X-Webkit-CSP-Report-Only
X-NC
X-Srv
M-TraceId
Xkeyi7
GeoIp-Country-Code
X-Proxy-Cachei7
Geoip-Latitude
X-DC
X-Cache-Remote
Content-Secure-Policy
Cross-Origin-Opener-Policy
S-Rt
TDXMobile
Server-Ttl
Server-ID
X-Servedbyhost
X-Wa
X-BBXSRF
N-Cache
X-HS-Status
HitType
X-Air-Source
Arc-Country
X-URL
X-Vgn-Hpd-Reason
X-B3-Spanid
X-HostName
X-CDN-Forward
X-Vcl-Version
X-Cache-2
X-Cc-Req-Id
Resin-Trace
X-LiteSpeed-Cache-Control
X-Cc-Via
X-Vc
D-Cc-Upstream
X-LI-Proto
X-Esi
X-Cache-ASPX
X-Contensis-Viewer-Groups
X-Varnish-Authentication
Cteonnt-Length
X-NGENIX-Cache
CACHE
NtCoent-Length
Ohc-File-Size
Cross-Origin-Window-Policy
X-SaId
X-Host-Name
X-Sucuri-Cache
SID
X-JoinUs
X-PHP-Backend
X-RAMCache
X-Geo
X-Service
X-Edge-Location
X-Li-Proto
X-Internal-Host
X-Svr
X-HOST
Hostname
X-VCL-Version
DataCenter
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
Request-ID
X-CCDN-CacheTTL
X-Server-IP
XServer
X-UA
X-Extlb
X-DB
X-Forwarded-Site
X-Viewer-Country
X-Cache-Config
X-Gdpr
X-Nyt-Route
X-API-Version
X-FPC
X-Origin-Time
X-Newrelic-Synthetics
X-RSL
X-WA
X-DSS
X-DW
X-RPS
X-TIM-N
FSS-Cache
X-DI
X-Via-NSCOPI
X-RPM
X-ServedByHost
X-Check-Cacheable
CF-Cached-On
X-Bc-Bl
X-App
GeoIP-Latitude
X-Cs
GeoIP-Country-Code
X-Dynatrace
Cache-Provider
X-VC
X-SN
Ohc-Cache-HIT
ProcessTime
Server-Id
X-Accel-Expires-Debug
Memcached
X-NodeID
X-Proxy-Upstream
Surrogated-Key
X-SB
X-Date
X-PJAX-URL
Mail-Subject
We-Hiring
X-Webstats-RespID
X-Action
X-VC-Cache
X-ZONE
LB
X-Req
X-Region-Sid
X-Dynatrace-Js-Agent
X-TIME
X-NGINX-Cache
X-Oss-Cdn-Auth
Env
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-SD-PageType
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
Mime-Version
X-CF-Powered-By
X-Instrumentation
X-Fpc
X-Provided-By
X-CSRF-TOKEN
Upgrade-Insecure-Requests
X-Rocket-Build-Number
W
X-Sigma
X-Render-Time
X-FORWARDED-FOR
X-Depends-On
X-BBC-Edge-Cache-Status
X-Sigma-Backend
X-APP
X-Men
X-Air-Trace-Id
Srv
X-Cdn-Request-ID
X-Swift-Error
CPC-Cache
X-MSEdge-Flight
X-BACKEND-TTL
CDN
CPC-Age
X-MSEdge-Features
X-Ftr-Cache-Host
VNS-Age
X-Dw-Trace-Id
Cdn
X-UnsetCookies
VNS-Cache
EpKe-Alive
X-CACHE-AGE
X-FTR-Cache-Host
X-Client-Ip
X-Cache-Tag
Dnion-Transfer-Encoding
X-Flog
X-Hello
X-Auto-Login
X-ABtesting
Time
X-Worker
Memory
X-Fastly-Backend-Reqs
X-Parent-Response-Time
Processtime
X-Fastly-Request-Id
Datacenter
X-Ua
X-Akamai-Pragma-Client-IP
Media-Length
X-BBC-Origin-Response-Status
X-Pad
X-Cluster-Node
X-Zone
X-Presslabs-Stats
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Pf-Uncompressing
X-Acquia-Application-Trace
Proxy-Connection
Vha6-Origin
X-Acquia-Site
X-Oracle-DMS-ECID
X-IN-APIGATEWAYSSL
X-Via-PopV
X-Via-PopN
PICS-Label
State
X-Via-PopH
X-IN-APIGATEWAY
Epwk-X-Cache
Fastcgi-Cache-TTL
X-ServerName
X-LiteSpeed-Tag
X-Lb-Id
X-Snapshot-Date
My-App
Cf-Ipcountry
X-Ms-Meta-Originalurl
X-Varnish-URL
X-Cache-Status-Check
X-MiniProfiler-Ids
X-Minions-Version
X-ElasticPress-Query
Xet-Cookie
X-ElasticPress-Search
X-Akamai-ERRuleID
X-Edge-Location-Klb
X-Akamai-ERPolicy
X-Ms-Meta-Staticbatchstarttime
X-Request-URL
X-Varnish-Beresp-TTL
X-Vcache
CountryCode
X-Tx-Id
URI
X-Redis-Duration-Ms
X-Traceid
Content-Style-Type
Content-Script-Type
X-Apw-Access-Action
X-Apw-Access-Token
Environment
X-Nananana
X-Redis-Count
X-Apw-Hits
X-Litespeed-Cache-Control
X-Apw-Access-Object
X-C
X-Tid
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Storefront-Renderer-Verified
X-Amz-Meta-Cb-Modifiedtime
X-Request-Url
OT-Force-Account-Verify
NnCoection
X-B3-Parentspanid
Inserted-Into-Cache-At