Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
Cf-Request-Id
Last-Modified
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Status
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
X-WebKit-CSP
Xkey
Allow
X-Device
X-Backend-Server
X-CST
X-Vhost
X-Host
EagleEye-TraceId
X-Server-Id
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
X-Ruxit-JS-Agent
Accept-CH
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH-Lifetime
P3p
X-ASPNET-VERSION
X-Ac
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Accept-Ch
Rating
X-Cnection
X-MS-InvokeApp
X-HW
Accept-Ch-Lifetime
X-Url
X-Vname
X-PC
X-TtlSet
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-Trace
X-Middleton-Display
X-Sol
X-Middleton-Response
Response
Display
Pagespeed
X-Content-Type
X-FastCGI-Cache
X-D2id
X-Vcap-Request-Id
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
Arr-Disable-Session-Affinity
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-ORACLE-DMS-RID
X-Country-Code
X-Server-Name
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Powered-By-Plesk
X-Webkit-CSP
X-Client-IP
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Cache-TTL
X-Kinja-Server-Push
X-SharePointHealthScore
SPRequestGuid
X-Release
X-MSEdge-Ref
Fastly-Restarts
X-Element-Page-Cache
X-Dw-Request-Base-Id
SPIisLatency
SPRequestDuration
X-Oneagent-Js-Injection
X-Cached
X-NF-Request-ID
Public-Key-Pins
X-TTL
X-B3-TraceId-Primal
RTSS
MRF-Tech
Mrf-Cache-Status
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
X-Edge
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-SRCache-Store-Status
X-LLID
X-Origin-Upstream-Status
X-Powered-CMS
X-Ttl
X-Px
X-Ezoic-Cdn
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
X-Upstream
Content-MD5
X-Jurisdiction
X-HP-Webp
Cache-Tag
X-ECACHE
X-MCACHE
X-Mid
X-Mg-S
X-Recruiting
S
X-Content-Digest
Charset
X-Version
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
Fastcgi-Cache
X-Pinterest-Direct
MicrosoftSharePointTeamServices
X-T
X-Litespeed-Cache
TCN
X-Kinsta-Cache
Front-End-Https
X-Debug
X-Content-Security-Policy-Report-Only
Filters
Cache-Tags
X-Id
X-Grace
Server-Node
Edge-Cache-Tag
X-Logged-In
X-Accel-Expires
X-Forwarded-Proto
X-Forwarded-For
X-Correlation-Id
X-DynaTrace
X-Amzn-Trace-Id
Server-Name
Nginx-Cache
X-Yandex-Sdch-Disable
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
TP-L2-Cache
TP-Cache
X-Varnish-Age
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Server-ID
X-Ser
X-Request-Handler-Origin-Region
X-Hits
X-Shield-Request-Id
X-DIS-Request-ID
X-Az
X-Activity-Id
X-AppVersion
X-Amz-Replication-Status
X-XRDS-LOCATION
X-XRDS-Location
X-HS-Cache-Config
X-HS-Content-Id
X-F-Cache
X-HS-Hub-Id
X-HS-Combine-CSS
X-Goog-Stored-Content-Length
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Accept-Charset
X-Cache-Key
X-Origin-Server
Powered-By-ChinaCache
X-Git-Hash
X-Geo-Country
X-Respond-Thread
X-FTR-Request-ID
Cache
X-Rid
X-LB-Cache
Alternate-Protocol
X-DataDome
Section-Io-Cache
X-Upgrade-Enabled
X-Frontend
X-Ruxit-Js-Agent
Host
Access-Control-Allow-Method
X-Hostname
X-Mobile-URL
MS-CV
X-Seen-By
X-Cache-Age
Cleartype
Paypal-Debug-Id
Healthy
X-Time
X-IPLB-Instance
X-AOL-HN
X-Varnish-Backend
X-Content-Options
X-Type
X-VCache
ServerID
X-App-Environment
X-Whom
X-TT
X-NWS-LOG-UUID
X-Request-Guid
Payment
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Route-Name
X-Aspnet-Duration-Ms
X-Signature
X-Page-Id
X-WebKit-CSP-Report-Only
X-B-Cache
X-Jobs
Fastcgi-Useragent
X-Cache-Action
X-Debug-Info
X-Source
X-TEC-API-ROOT
X-Fastcgi-Cache
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-N
X-Load-Cache
X-Mobile
X-Daa-Tunnel
X-FB-Debug
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
Nel
X-RateLimit-Remaining
X-Via-JSL
X-Cached-By
X-Akamai-Edgescape
Version
Refresh
X-Rule
X-Accel-Buffering
X-Response-Served-From
Viewport
X-Original-Request-Id
X-Cache-Operation
X-Wix-Request-Id
X-Proxy
X-Drupal-Cache-Tags
X-Cache-Rule
DC
X-Framework
X-Cacheable-TTL
X-ProcessESI
Ms-Operation-Id
X-RemovedCookies
X-Zen-Fury
X-RTag
X-Instance
X-Contextid
X-Real-IP
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
X-Cache-Time
Referer-Policy
X-Region
Realpath
Node
X-Page-View
X-Tt-Trace-Host
X-UUID
Eomportal-Instance
X-Tt-Trace-Tag
X-Distributor
X-Drupal-Cache-Contexts
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Cache-Expired-At
Countrycode
X-FW-Type
X-FW-Serve
X-FW-Server
X-FW-Hash
X-FW-Dynamic
X-FW-Static
DynaTrace
X-Cluster-Name
X-B
X-Content-Powered-By
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cache-Control
X-L-Path
X-Environment-Context
X-IPS-LoggedIn
X-G
X-Tumblr-Pixel
X-Tumblr-User
GEO-INFO
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
Liferay-Portal
X-Cache-Hit
Server-Info
X-Node-Name
X-User-Agent
X-App-Server
X-Ratelimit-Limit
X-Varnish-Ttl
Webserver
From-Origin
X-FireWall-Port
X-Tumblr-Pixel-2
X-Pass-Why
Section-Io-Id
Section-Io-Origin-Status
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Ec-Rule-Version
X-Protected-By
Protected
CF-IPCountry
SRV
Xserver
X-Cache-Server
X-Amz-Meta-S3cmd-Attrs
Frame-Options
X-Backend-Name
X-Www-Served-By
X-Revision
X-Endurance-Cache-Level
X-Mode
X-RN-RSRV
X-ES-SERVER
X-Handled-By
X-UPSTREAM-Address
X-Hl-Ver
Meta-Geo
X-Locale
X-FB-TRIP-ID
X-Site-Version
X-Hyper-Cache
X-Be
X-Forwarded-Host
X-Cache-Grace
X-NYM-Debug-Backend
X-Soup
X-Varnishpool
Cache-Status
Cache-Tv-Group
X-Storage
X-Web-Node
X-Proto
Webcakes-App-Name
X-Origin-Date
X-Origin-Hint
Decoy-Debug-TTL
X-Timing-Wait
X-TT-LOGID
Webcakes-Region
X-Pubstack
X-Ratelimit-Remaining
X-Proxy-Build
TWC-Privacy
X-UA-Device-Type
Webcakes-App-Version
X-Redis-Cache
X-Labrador-Cache-Channel
X-PHP-Host
Selected-Fe
Cache-Name
Country
Decoy-Debug-Status
Decoy-Debug-Key
TWC-Connection-Speed
TWC-Device-Class
Fastly-SSL
X-Human
Property-Id
TWC-GeoIP-LatLong
Retry-After
TWC-Locale-Group
TWC-GeoIP-Country
X-Uri
X-FW-Version
X-Hosted-By
Azure-InstanceId
X-Loop
Azure-RegionName
Azure-SiteName
Azure-Version
Azure-SlotName
X-No-Session
X-MP-GENERATED-AT
X-Adobe-Loc
X-ProxyCache-Key
X-Adobe-Content
X-PCL
X-OCL
X-ProxyCache-Status
X-Request-Time
X-SayCDN-TTL
X-BYPASS-REASON
X-Say-TTL
X-Sql-Duration-Ms
X-Format
X-Sql-Count
X-TNCMS
X-Server-W
X-Section
X-WA-Info
X-AIR-PT
X-Via-Fastly
X-Say-Cacheable
X-Access
X-AWS-Id
X-ApacheServer
X-LJ-Flow-ID
X-Status
X-VWS-Id
X-PERF
X-S-Maxage
X-R9-Blue-Green-Version
X-LAGOON
X-Cluster
X-Cache-TTL-Remaining
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
Mn-Server-Ip
X-ShopId
X-Shopify-Stage
X-ShardId
X-Proxied
X-Nginx-Cache
X-Routing-Service
X-Qloud-Router
X-Zipkin-Id
X-CCM
X-Via-CDN
X-Is-Bot
X-Rendered-As
X-Device-Type
X-Xfnlog-Site
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Backend
S-Cnection
X-Debug-IsPreview
X-Debug-IsConnected
X-FTR-Realm
X-FTR-Cache-Status
X-Dc
AMP-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-Tec-Api-Origin
X-Tec-Api-Root
Cache-Hits
X-FTR-Expires
Apigw-Requestid
X-Info
X-Cdn
X-SRV
X-Detected-As
X-Varnish-Server
X-Varnish-Grace
X-Cache-Host
X-Cache-Enabled
X-Amz-Apigw-Id
X-Microcachable
X-EdgeConnect-Cache-Status
X-Cache-Var-Map
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Cache-Var
X-Air-Hostname
X-Content-Age
X-Platform
X-Unique-Id
X-Aspnetmvc-Version
X-Azure-Ref
Tracecode
X-GG-Cache-Date
SD-X-WS
X-DynaTrace-JS-Agent
Uber-Trace-Id
X-Backend-Host
X-Time-Microsecs
X-CSRF-Token
Amp-Access-Control-Allow-Source-Origin
X-Proxy-Cache-Status
X-Backend-TTL
X-GEO
X-Cache-Backend
X-ServerID
Akamai-GRN
X-NWS-UUID-VERIFY
X-Oss-Request-Id
X-ATG-Version
X-Tb
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
X-Oss-Hash-Crc64ecma
X-BCube-Filmed-By
X-Oracle-Dms-Rid
Backend
X-Correlation-ID
DSUID
X-APP-VERSION
X-Trace-Id
X-Dynatrace
ServedBy
X-RCS-CacheZone
X-Akamai-Transformed
X-Erf-Stays-Bingo-Pdp-Web
X-NewRelic-App-Data
SR-User-Adfree
Thinkindot-CacheControl
Rendered-Blocks
Path
T-Server
Release
Machine
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
BehaviorPad-Version
X-Cache-PHP
X-Varnish-Hostname
Fastcgi-X-Cache-Version
Thinkindot-CacheControl-Type
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
Lfy
X-Cache-NGX
Instruction
Odigeo-Trace-Id
X-B-Cookie
X-Rewrite-Enabled
X-Rojux
X-S
X-S-Cookie
X-Request-UUID
X-Processor
X-Origin-CC
X-Origin-TTL
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-ScT
X-Session-Fingerprint
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-Vdms-Path
X-Matched-Rule
X-Location
X-Aed
X-Application
X-ARC
X-Cache-NE
X-A-Wwc
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-CF-Lambda-Fn
X-CF-Lambda-Version
X-From
X-Generated-On
X-GeoIP-City
X-Level-Front-Cache
X-Fetched-On
X-External-Request-Id
X-Connection-Hash
X-D
X-Destination
X-Device-Os
Thinkindot-Control
X-Generation-Time
Arc-Version
PB-RID
X-TA-CDN-Provider
X-Magnolia-Registration
X-Sucuri-ID
PB-PID
HostName
X-Debug-Cache
X-Azure-Ref-OriginShield
UCS
X-Owner
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Thanos
Host-ID
Gh-Request-Id
Fastly-Backend-Name
X-B3-Traceid
X-Tumblr-Pixel-3
Pramga
X-TrackingId
Pagetype
X-Bip
X-Skip-Cache
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-JWT-State
X-Node-Id
X-Origin-Response-Time
X-Reqid
X-OVcl-Cache
X-OVcl
X-Is-Gdpr
X-Irp-Debug
X-App-Version
X-Cdn-Origin
Cf-Device-Type
X-FC-Vary-Parameters
X-Geo-Header
X-HS-Content-Campaign-Id
X-Has-Esi
X-GeoIP
X-Cache-Bucket
X-SVT-ORM-VERSION
C-Via
AKAMAI
X-Ms-Version
CacheControlHeader
X-VServer
X-Ms-Request-Id
X-Varnish-Cache-Hits
X-B3-SpanId
PFcat
X-Swa-Ws
X-Developer
Ssr
X-TX-ID
Sever-Int
X-Developers
X-Request-Host
Server-Ext
DB-Nickname
Server-Hostname
X-Wikidot-Backend
X-Eu-Site
X-CUA
X-Cache-Tags
X-Adobe-Source
X-CGP
X-Nginx-Cache-Key
X-Cache-Info
X-VarnishDD-TTL
X-Backend-State
X-Cache-Date
X-Clientip
X-Cms-Context
X-Csrf-Jwt
X-Fastly-Cache
X-Origin-Expires
X-Core-Value
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-Scheme
X-Fastly-Backend
X-Cdn-Forward
X-Wikidot-Static-Cache
Ha-Gx-Prefs
HA-Ipaddr
L5d-Success-Class
Cache-Host
X-HN
X-NAPM-TraceId
Content-Disposition
CloudFront-Viewer-Country
X-IP
X-Varnish-Beresp-Grace
X-Policy
X-Generated-In
X-Var-Ttl
Server-Host
Location
X-User
On-Server
Magicmarker
X-Generated-By
Locid
NGX
User-Cache-Control
X-ID
X-Gamma-Serve
X-Cache-Id
X-SIPLIST1
X-Gzip
X-Block-Status
Platform
X-Slack-Backend
Cf-Bgj
X-Hnp-Log
X-DefElseHash
X-Clara-WADP
X-Fmm-Version
NM-Fastcgi-Cache
Adler-Geo
X-Dispatcher-Server
X-Method
X-GoCache-CacheStatus
X-Gen-Mode
X-Esi-Check
X-Envoy-Decorator-Operation
X-Hash
X-DPWN-IS-SECURE
Is-Eu
X-Origin
Fastly-SIE
X-Varnish-Remaining-TTL
Web-Mar-Node
X-Varnish-CookieINHashed-On
X-Variation
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-CS
L
X-WADP-Cache
Rt-Fastcgi-Cache
X-Varnish-Hits
IsBot
X-Varnish-Beresp-Ttl
X-Request-URI
X-Varnish-CookieHashed-On
X-Branch-Name
X-NU-AKA-ACS-Version
X-Platform-Server
X-Ratelimit-Reset
X-Varnish-Beresp-Status
X-Li-Fabric
X-Li-Pop
X-Rebelmouse-Cache-Control
X-LI-UUID
V-Age
X-Old-Content-Length
X-DefHash
CDCHOST
CDN-Uid
True-Client-Country-4JS
Origin
Apple-News-Services-Request-Url
X-Loc
Apple-News-Services-Parsed-Url
Fastly-Drupal-HTML
X-Goog-Meta-Goog-Reserved-File-Mtime
Vix-Hermes-Req-Id
CDN-PullZone
X-Request-Start
CDN-Cache
X-EC-Lua
X-Core-Mission
X-Servername
X-Cache-Debug
X-Cache-Expires
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
Apple-News-Services-Host
X-VG-TLSProxy
CDN-RequestId
Apple-News-Services-Handled
X-Cache-Remote
X-NCache
X-Mvc-Supplant-OutputCached
X-PF-Uncompressing
Sid
X-Aicache-OS
X-LB-ID
X-NC
X-Varnish-Url
Url
X-Refresh
X-CACHE-GROUP
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Varnish-Cacheable
Esi-Enabled
S-Rt
X-Response-By
X-CACHE-KEY
X-FireWall-Protection
Xkeyi7
X-Proxy-Cachei7
X-Host-Name
Pics-Label
X-Nc
X-B3-Spanid
X-Tb-Optimization-Total-Bytes-Saved
N-Cache
X-Unique-ID
Who
X-BBXSRF
Country-Code
X-Error
X-Epic-Correlation-Id
X-Webkit-Csp
Ohc-File-Size
X-Cache-2
Cross-Origin-Window-Policy
Content-Secure-Policy
X-TraceId
X-Srv
X-Varnish-Authentication
X-Cc-Via
Source
X-Cache-ASPX
X-Sucuri-Cache
X-Cc-Req-Id
Req-Svc-Chain
D-Cc-Upstream
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Contensis-Viewer-Groups
Server-Ttl
X-Webkit-CSP-Report-Only
CACHE
X-Svr
GeoIp-Country-Code
HitType
X-DC
Cteonnt-Length
Geoip-Latitude
Geo-Info
X-CDN-Forward
X-CLOUD-TRACE-CONTEXT
X-RateLimit-Limit
Cmstype
MIME-Version
X-Servedbyhost
X-HS-Status
X-LiteSpeed-Cache-Control
X-Wa
Cmsid
X-Server-IP
X-Cs
X-URL
X-Nyt-Route
X-Served-From
X-FPC
X-Gdpr
X-Cache-Config
Svr
X-Origin-Time
X-API-Version
Kp-EeAlive
X-VC
X-Vcl-Version
Cache-Key
X-SN
VivaBuild
A
Viewtype
X-Esi
Ohc-Cache-HIT
M-TraceId
X-LI-Proto
X-Webstats-RespID
Resin-Trace
X-NodeID
X-SB
X-Li-Proto
Server-ID
Hostname
X-NGINX-Cache
NtCoent-Length
X-HOST
Filterid
Request-ID
X-HostName
Server-Id
X-Vgn-Hpd-Reason
Arc-Country
SID
X-Check-Cacheable
Tcn
Cross-Origin-Opener-Policy
TDXMobile
X-Air-Source
X-RAMCache
X-SD-PageType
X-VCL-Version
X-UA
X-RSL
X-DB
X-Internal-Host
Cache-Provider
X-RPM
X-DI
X-DW
X-DSS
X-RPS
X-Hcs-Proxy-Type
X-Render-Time
XServer
X-TIM-N
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Viewer-Country
X-TIME
X-BBC-Edge-Cache-Status
X-Vc
X-Ua
GeoIP-Latitude
X-ServedByHost
NGB
Srv
GeoIP-Country-Code
EpKe-Alive
X-WA
X-Newrelic-Synthetics
X-Service
X-Auto-Login
Processtime
X-App
ProcessTime
X-Worker
X-CF-Powered-By
Mime-Version
X-Action
X-FTR-Cache-Host
X-Geo
X-Fpc
X-Oss-Cdn-Auth
X-Ftr-Cache-Host
X-Dynatrace-Js-Agent
DataCenter
X-NGENIX-Cache
X-JoinUs
X-PHP-Backend
X-SaId
X-Edge-Location
X-Forwarded-Site
FSS-Cache
X-CSRF-TOKEN
X-Via-NSCOPI
X-Extlb
Datacenter
Upgrade-Insecure-Requests
X-FORWARDED-FOR
X-Cluster-Node
Proxy-Connection
CDN
X-Cdn-Request-ID
X-HITS
CF-Cached-On
Cdn
X-Fastly-Backend-Reqs
W
X-BACKEND-TTL
X-BBC-Origin-Response-Status
X-Parent-Response-Time
X-MSEdge-Features
X-Dw-Trace-Id
X-MSEdge-Flight
X-Provided-By
X-CACHE-AGE
X-Client-Ip
OT-Force-Account-Verify
LB
PICS-Label
Dnion-Transfer-Encoding
X-Hello
X-ABtesting
X-IN-APIGATEWAY
X-Flog
X-Fastly-Request-Id
X-IN-APIGATEWAYSSL
X-PJAX-URL
X-Depends-On
X-Cache-Tag
X-Proxy-Upstream
X-Req
X-Region-Sid
X-Date
X-Bc-Bl
We-Hiring
Memcached
X-VC-Cache
Mail-Subject
X-Accel-Expires-Debug
Surrogated-Key
X-Akamai-Pragma-Client-IP
X-Swift-Error
X-Via-PopH
Env
X-Via-PopV
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-Pad
Media-Length
X-Via-PopN
X-UnsetCookies
X-Pf-Uncompressing
X-Presslabs-Stats
X-Zone
Vha6-Origin
X-Oracle-DMS-ECID
X-ND-Cache
X-APP
Epwk-X-Cache
Memory
WZWS-RAY
X-ZONE
X-Rocket-Build-Number
Time
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Application-UUID
X-Sigma
X-Sigma-Backend
X-Acquia-Purge-Tags
X-Men
X-MiniProfiler-Ids
X-Lb-Id
X-Air-Trace-Id
X-LiteSpeed-Tag
Cf-Ipcountry
VNS-Age
X-Ms-Meta-Originalurl
X-Request-URL
Xet-Cookie
X-ElasticPress-Search
X-Akamai-ERRuleID
X-Ms-Meta-Staticbatchstarttime
VNS-Cache
X-ElasticPress-Query
X-Varnish-Beresp-TTL
X-Varnish-URL
X-Snapshot-Date
X-Akamai-ERPolicy
URI
X-Csrf-Token
CPC-Age
X-Request-Url
CPC-Cache
X-Vcache
CountryCode
X-Amz-Meta-Cb-Modifiedtime
X-Litespeed-Cache-Control
X-Tid
Environment
X-Redis-Count
X-Redis-Duration-Ms
X-Storefront-Renderer-Verified
X-ServerName
X-C
X-Traceid
NnCoection
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Ohc-Response-Time
Phost
X-B3-Parentspanid
Inserted-Into-Cache-At