Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
Last-Modified
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Varnish-Cache
X-Rq
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-WebKit-CSP
Xkey
Allow
X-Backend-Server
X-Device
X-CST
X-Vhost
X-Host
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ac
P3p
X-ASPNET-VERSION
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Mod-Pagespeed
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
X-TtlSet
X-Kinja-Server-Push
X-Vname
X-PC
X-ORACLE-DMS-ECID
Accept-Ch
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-FastCGI-Cache
X-ESI
X-Trace
Accept-Ch-Lifetime
X-Middleton-Response
Pagespeed
Display
Response
X-Middleton-Display
X-Sol
X-Content-Type
X-Vcap-Request-Id
X-D2id
X-Exp-Id
X-Cdn-Fetch
Arr-Disable-Session-Affinity
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-ORACLE-DMS-RID
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Client-IP
X-Fastly-Request-ID
X-Cache-TTL
X-Webkit-CSP
SPRequestGuid
X-SharePointHealthScore
X-Release
X-MSEdge-Ref
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Cached
X-NF-Request-ID
X-TTL
Public-Key-Pins
MRF-Tech
X-B3-TraceId-Primal
Mrf-Cache-Status
RTSS
X-Edge
AR-ATIME
AR-PoweredBy
AR-Request-ID
AR-CACHE
Ar-Sid
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Origin-Upstream-Status
X-LLID
X-Powered-CMS
X-Px
X-Ezoic-Cdn
Fusion-Content-Source
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Id
Fusion-Source
X-Upstream
X-Ttl
Content-MD5
X-HP-Webp
X-Jurisdiction
Cache-Tag
X-ECACHE
X-MCACHE
X-Mid
S
X-Mg-S
X-Recruiting
X-Amz-Server-Side-Encryption
X-Content-Digest
Charset
X-Version
X-PressLabs-Stats
TCN
X-Pinterest-Direct
Fastcgi-Cache
MicrosoftSharePointTeamServices
X-T
Front-End-Https
X-Content-Security-Policy-Report-Only
X-Debug
X-Kinsta-Cache
X-Litespeed-Cache
X-Id
Filters
Cache-Tags
X-Grace
Edge-Cache-Tag
Server-Node
X-Accel-Expires
X-Forwarded-Proto
X-Logged-In
X-Forwarded-For
X-Amzn-Trace-Id
Server-Name
Nginx-Cache
X-Yandex-Sdch-Disable
X-Kong-Upstream-Latency
X-DynaTrace
X-Kong-Proxy-Latency
X-Varnish-Age
Surrogate-Key
X-Correlation-Id
TP-Cache
TP-L2-Cache
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
X-XRDS-Location
X-Ser
X-Cache-Key
X-Shield-Request-Id
X-Hits
X-DIS-Request-ID
X-Activity-Id
X-Az
X-AppVersion
X-Amz-Replication-Status
X-Server-ID
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Combine-CSS
X-F-Cache
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
Powered-By-ChinaCache
X-Origin-Server
Accept-Charset
X-Git-Hash
X-XRDS-LOCATION
X-Geo-Country
X-FTR-Request-ID
X-Respond-Thread
X-LB-Cache
X-Hostname
X-Rid
X-Upgrade-Enabled
X-DataDome
Section-Io-Cache
X-Frontend
Cache
Alternate-Protocol
Access-Control-Allow-Method
X-Cache-Age
Host
X-Mobile-URL
Cleartype
Paypal-Debug-Id
MS-CV
X-IPLB-Instance
Healthy
X-Content-Options
X-AOL-HN
X-Varnish-Backend
X-Type
X-Ruxit-Js-Agent
X-Seen-By
X-Aspnetmvc-Version
ServerID
X-App-Environment
X-VCache
X-WebKit-CSP-Report-Only
X-Whom
Payment
X-Cache-Action
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Request-Guid
X-Providence-Cookie
X-TT
X-Route-Name
X-Debug-Info
X-Jobs
X-B-Cache
X-Signature
X-Time
X-Page-Id
X-NWS-LOG-UUID
Fastcgi-Useragent
X-Source
X-N
X-Load-Cache
X-Mobile
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-RateLimit-Remaining
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-FB-Debug
X-Browser-Type
X-Erf-Bev-Bev
X-Via-JSL
X-Cached-By
X-Akamai-Edgescape
Nel
Version
X-Cache-Rule
X-Cache-Operation
Refresh
Viewport
X-Response-Served-From
X-Rule
X-Accel-Buffering
X-Original-Request-Id
DC
X-Proxy
X-Drupal-Cache-Tags
X-Framework
Ms-Operation-Id
X-ProcessESI
X-RTag
X-Cacheable-TTL
X-Zen-Fury
X-RemovedCookies
DynaTrace
X-Wix-Request-Id
X-Instance
Access-Control-Request-Headers
X-Real-IP
X-Fastcgi-Cache
X-Contextid
Realpath
X-Tt-Trace-Tag
X-Cache-Time
X-Tt-Trace-Host
X-Region
GEO-INFO
X-HTML-Minification-Powered-By
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Page-View
Referer-Policy
X-UUID
Node
X-Drupal-Cache-Contexts
X-FW-Static
Eomportal-Instance
X-FW-Type
Countrycode
X-Cache-Expired-At
X-FW-Serve
X-FW-Server
X-Distributor
X-FW-Dynamic
X-FW-Hash
X-B
X-Cluster-Name
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Environment-Context
X-L-Path
X-Cache-Control
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-User
Liferay-Portal
X-G
X-Tumblr-Pixel-0
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-Node-Name
X-User-Agent
Server-Info
X-Ratelimit-Limit
X-Tumblr-Pixel-2
Webserver
X-App-Server
From-Origin
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Time-Seconds
Section-Io-Origin-Status
X-Pass-Why
X-FireWall-Port
X-Varnish-Ttl
Ec-Rule-Version
Protected
X-Amz-Meta-S3cmd-Attrs
X-Protected-By
SRV
CF-IPCountry
X-Cache-Server
X-Revision
X-Backend-Name
X-Www-Served-By
Frame-Options
Xserver
Cache-Status
Meta-Geo
X-RN-RSRV
X-Handled-By
X-UPSTREAM-Address
X-Hl-Ver
X-Hyper-Cache
X-Mode
X-ES-SERVER
X-Endurance-Cache-Level
X-Site-Version
X-Locale
X-FB-TRIP-ID
X-Soup
X-Web-Node
X-Varnishpool
X-Storage
X-Forwarded-Host
Cache-Tv-Group
Country
X-NYM-Debug-Backend
X-Be
X-Cache-Grace
Retry-After
X-Human
TWC-GeoIP-Country
X-Labrador-Cache-Channel
Decoy-Debug-TTL
X-Pubstack
TWC-GeoIP-LatLong
X-UA-Device-Type
X-Uri
Azure-RegionName
TWC-Connection-Speed
Selected-Fe
Property-Id
Fastly-SSL
Azure-InstanceId
X-Adobe-Content
X-Redis-Cache
X-Adobe-Loc
TWC-Device-Class
X-Proxy-Build
X-TT-LOGID
Azure-SlotName
Decoy-Debug-Key
Webcakes-App-Name
X-Timing-Wait
X-PHP-Host
Azure-Version
X-Origin-Hint
Cache-Name
TWC-Privacy
Webcakes-App-Version
Decoy-Debug-Status
X-ProxyCache-Key
X-BYPASS-REASON
X-Origin-Date
TWC-Locale-Group
X-ProxyCache-Status
Webcakes-Region
Azure-SiteName
X-Proto
X-WA-Info
X-Say-Cacheable
X-Sql-Count
X-No-Session
X-OCL
X-AIR-PT
X-Loop
X-FW-Version
X-Hosted-By
X-Format
X-Server-W
X-PCL
X-S-Maxage
X-TNCMS
X-Via-Fastly
X-Say-TTL
X-SayCDN-TTL
X-Sql-Duration-Ms
X-Section
X-Request-Time
X-Access
X-Tec-Api-Version
X-Tec-Api-Root
X-PERF
X-LJ-Flow-ID
X-ApacheServer
X-AWS-Id
X-Tec-Api-Origin
X-R9-Blue-Green-Version
X-VWS-Id
X-MP-GENERATED-AT
X-Alternate-Cache-Key
X-Status
Mn-Server-Ip
X-LAGOON
X-Cluster
X-Via-CDN
X-Shopify-Stage
X-Sorting-Hat-PodId
X-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Cache-TTL-Remaining
X-Ratelimit-Remaining
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Qloud-Router
X-Rendered-As
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-CCM
S-Cnection
X-Is-Bot
X-Country-Code-Real
X-FTR-Realm
X-FTR-Backend
X-FTR-Backend-Server
X-Xfnlog-Site
X-Device-Type
Cache-Hits
X-Dc
X-Nginx-Cache
X-FTR-Expires
X-Info
X-Debug-IsPreview
X-Debug-IsConnected
X-Unique-Id
X-SRV
AMP-Access-Control-Allow-Source-Origin
X-Detected-As
X-Oracle-Dms-Rid
Apigw-Requestid
X-Air-Hostname
X-Amz-Apigw-Id
X-Cache-Var-Map
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-Cdn
X-Cache-Var
X-Amzn-Remapped-Content-Length
X-Cache-Host
X-Amzn-RequestId
X-Microcachable
X-Cache-Enabled
X-Content-Age
X-Varnish-Server
X-Platform
X-GG-Cache-Date
X-GEO
SD-X-WS
X-DynaTrace-JS-Agent
Amp-Access-Control-Allow-Source-Origin
Tracecode
X-Dynatrace
X-Azure-Ref
X-Correlation-ID
X-Backend-Host
Uber-Trace-Id
X-Time-Microsecs
X-APP-VERSION
X-Backend-TTL
X-ServerID
X-Proxy-Cache-Status
X-CSRF-Token
X-Cache-Backend
X-Erf-Stays-Bingo-Pdp-Web
Akamai-GRN
X-ATG-Version
X-Tb
X-TA-CDN-Provider
X-Oss-Request-Id
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Server-Time
DSUID
X-Oss-Hash-Crc64ecma
Backend
X-NWS-UUID-VERIFY
X-Trace-Id
X-BCube-Filmed-By
PB-RID
Arc-Version
X-NewRelic-App-Data
PB-PID
ServedBy
X-Varnish-Hostname
X-RCS-CacheZone
X-Sucuri-ID
X-Location
X-A-Ccd
X-A-Dgt
X-Matched-Rule
X-Varnish-Cache-Hits
X-A-Dam
X-Magnolia-Registration
X-A
X-Generation-Time
Lfy
Machine
MD5-Digest
SR-User-Adfree
Instruction
X-Device-Os
X-Destination
Meta-Geo-Continent
X-D
Pramga
Release
Rendered-Blocks
X-Connection-Hash
Path
Mobile-Detection-Method
Odigeo-Trace-Id
Fastcgi-X-Cache-Version
Expiry
X-GeoIP-City
X-Generated-On
BehaviorPad-Version
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Cache-NGX
X-Cache-PHP
X-Fetched-On
Thinkindot-Control
DCR-Processing-Time-Ms
T-Server
DCR-Decision-By
Thinkindot-CacheControl
X-External-Request-Id
Thinkindot-CacheControl-Type
X-Level-Front-Cache
X-A-Dcw
X-Processor
X-Aed
X-A-Wwc
X-ARC
X-Application
X-PBS-Appsvrname
X-Cache-NE
X-Origin-CC
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
X-Request-UUID
X-VG-WebCache
X-Session-Fingerprint
X-B-Cookie
X-VG-WebServer
X-PAYTM-SRV-ID
X-Rojux
X-Thinkindot-L3
X-Origin-TTL
X-Trv-Group
X-Vdms-Path
Xc-Version
X-ScT
X-S
X-S-Cookie
X-Vdms-Version
X-SRCache-Key
X-Rewrite-Enabled
X-Debug-Cache
X-Origin-Response-Time
X-Akamai-Transformed
X-GeoIP
C-Via
AKAMAI
X-Geo-Header
X-FC-Vary-Parameters
X-Swa-Ws
Fastly-Backend-Name
X-SVT-ORM-VERSION
Ssr
X-Thanos
Host-ID
Gh-Request-Id
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-From
UCS
CacheControlHeader
X-TrackingId
X-Cdn-Origin
Cf-Device-Type
X-Skip-Cache
Cache-Host
X-VServer
X-Ms-Request-Id
X-Ms-Version
X-Cache-Bucket
X-OVcl
X-OVcl-Cache
Pagetype
X-Has-Esi
X-Reqid
X-Owner
X-JWT-State
X-Is-Gdpr
X-Node-Id
X-Cache-Date
X-Bip
X-Tumblr-Pixel-3
X-HS-Content-Campaign-Id
X-Micro-Cache
X-Azure-Ref-OriginShield
X-Irp-Debug
X-Mvc-Supplant-Cachable
HostName
X-Adobe-Source
X-Clientip
HA-Ipaddr
X-User
X-CUA
X-Varnish-Hits
Server-Ext
Server-Hostname
X-Backend-State
Server-Host
NGX
Magicmarker
PFcat
Locid
Location
X-VarnishDD-TTL
L5d-Success-Class
X-Csrf-Jwt
On-Server
L
X-Cms-Context
X-Generated-By
Wxu-Next-Region
X-Wikidot-Static-Cache
X-Wikidot-Backend
Wxu-Next-Hostname
Ha-Gx-Prefs
X-Cache-Info
X-Request-Host
X-Policy
X-Var-Ttl
X-Origin-Expires
Sever-Int
X-Nginx-Cache-Key
X-B3-Traceid
Wxu-Next-Commit
X-IP
CloudFront-Viewer-Country
X-HN
Content-Disposition
DB-Nickname
X-Developer
X-Developers
X-Fastly-Backend
X-Eu-Site
X-TX-ID
X-Scheme
X-Cache-Tags
X-CGP
X-Generated-In
User-Cache-Control
X-Block-Status
X-Branch-Name
X-Cache-Id
X-Clara-WADP
X-Old-Content-Length
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Servername
X-Rebelmouse-Cache-Control
X-Platform-Server
X-NU-AKA-ACS-Version
X-Origin
X-SIPLIST1
X-Slack-Backend
X-WADP-Cache
X-Varnish-Beresp-Grace
X-NAPM-TraceId
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Variation
X-Varnish-CookieHashed-On
X-Method
X-Loc
X-Esi-Check
X-Fastly-Cache
X-Fmm-Version
X-DPWN-IS-SECURE
X-Dispatcher-Server
X-DefElseHash
X-DefHash
X-Gen-Mode
X-GoCache-CacheStatus
X-Li-Fabric
X-Li-Pop
X-LI-UUID
X-Hnp-Log
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gzip
X-Core-Value
X-Cache-Expires
Origin
NM-Fastcgi-Cache
Platform
Rt-Fastcgi-Cache
V-Age
IsBot
Is-Eu
Adler-Geo
CDCHOST
Cf-Bgj
Fastly-SWR
Web-Mar-Node
Fastly-SIE
X-ID
CDN-PullZone
CDN-EdgeStorageId
CDN-CachedAt
CDN-RequestCountryCode
CDN-Uid
Fastly-Drupal-HTML
X-Envoy-Decorator-Operation
CDN-Cache
X-Ratelimit-Reset
Apple-News-Services-Handled
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Gamma-Serve
X-VG-TLSProxy
Apple-News-Services-Request-Url
X-Request-Start
CDN-RequestId
X-Core-Mission
X-Cache-Remote
Vix-Hermes-Req-Id
X-Cache-Debug
True-Client-Country-4JS
X-B3-SpanId
X-Cdn-Forward
X-App-Version
X-NC
X-EC-Lua
X-PF-Uncompressing
X-NCache
X-Mvc-Supplant-OutputCached
Sid
X-CS
X-B3-Spanid
Url
X-LB-ID
X-Aicache-OS
X-Varnish-Url
X-Refresh
X-Varnish-Cacheable
X-Host-Name
S-Rt
X-Response-By
X-CACHE-GROUP
Esi-Enabled
X-Via-Popn
X-Via-Poph
Xkeyi7
X-Via-Popv
X-Proxy-Cachei7
N-Cache
X-FireWall-Protection
X-BBXSRF
X-Tb-Optimization-Total-Bytes-Saved
Pics-Label
CACHE
X-Nc
Cross-Origin-Window-Policy
Who
Ohc-File-Size
Content-Secure-Policy
X-Epic-Correlation-Id
X-Cache-2
X-TraceId
Country-Code
X-Sucuri-Cache
Req-Svc-Chain
X-Cc-Via
Source
X-Webkit-Csp
X-Contensis-Viewer-Groups
D-Cc-Upstream
X-Cc-Req-Id
X-Cache-ASPX
X-CDN-Forward
X-Error
X-Varnish-Authentication
Cteonnt-Length
X-Cs
X-Srv
Server-Ttl
X-Unique-ID
Geoip-Latitude
X-Wa
X-Planisys-CDN-TTL
X-Svr
GeoIp-Country-Code
X-CACHE-KEY
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-Webkit-CSP-Report-Only
X-Servedbyhost
X-Server-IP
X-DC
HitType
MIME-Version
X-RateLimit-Limit
X-FPC
Cmsid
X-Cache-Config
X-Nyt-Route
X-HS-Status
Cmstype
X-Gdpr
X-Origin-Time
Kp-EeAlive
X-API-Version
X-URL
Svr
X-VC
X-Served-From
X-SN
X-LiteSpeed-Cache-Control
Hostname
Geo-Info
Ohc-Cache-HIT
X-NodeID
Cache-Key
A
X-Esi
X-LI-Proto
Viewtype
X-Vcl-Version
VivaBuild
X-Webstats-RespID
X-SB
X-NGINX-Cache
X-Vgn-Hpd-Reason
M-TraceId
XServer
X-TIME
X-Check-Cacheable
Resin-Trace
Server-Id
X-SD-PageType
X-RAMCache
X-VCL-Version
X-Li-Proto
Server-ID
Filterid
X-HOST
NtCoent-Length
TDXMobile
Arc-Country
Cross-Origin-Opener-Policy
X-Air-Source
X-Viewer-Country
SID
Request-ID
X-Render-Time
X-Ua
X-UA
X-Hcs-Proxy-Type
X-TIM-N
X-CCDN-Origin-Time
EpKe-Alive
X-CCDN-CacheTTL
X-BBC-Edge-Cache-Status
X-RSL
X-Internal-Host
X-DI
Cache-Provider
X-DSS
X-DW
X-RPS
X-RPM
X-DB
Mime-Version
X-Auto-Login
GeoIP-Country-Code
X-ServedByHost
X-CF-Powered-By
X-Worker
X-App
X-Vc
GeoIP-Latitude
X-Fastly-Request-Id
NGB
Srv
X-HostName
Upgrade-Insecure-Requests
X-Action
Processtime
X-Service
X-Ftr-Cache-Host
ProcessTime
X-WA
X-Newrelic-Synthetics
X-CSRF-TOKEN
X-FTR-Cache-Host
CDN
X-Fpc
X-Oss-Cdn-Auth
Tcn
X-Cluster-Node
DataCenter
X-PHP-Backend
X-CLOUD-TRACE-CONTEXT
X-JoinUs
X-NGENIX-Cache
X-Dynatrace-Js-Agent
X-SaId
X-Extlb
X-Via-NSCOPI
Proxy-Connection
X-BBC-Origin-Response-Status
FSS-Cache
X-Forwarded-Site
X-FORWARDED-FOR
Datacenter
X-Parent-Response-Time
X-Geo
X-Edge-Location
X-Cdn-Request-ID
CF-Cached-On
X-HITS
X-MSEdge-Features
X-MSEdge-Flight
X-Provided-By
X-Fastly-Backend-Reqs
PICS-Label
X-BACKEND-TTL
X-Dw-Trace-Id
W
X-Swift-Error
Cdn
X-CACHE-AGE
X-Client-Ip
X-Req
X-Region-Sid
X-ND-Cache
Mail-Subject
X-Proxy-Upstream
X-PJAX-URL
X-Bc-Bl
X-Accel-Expires-Debug
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-VC-Cache
X-Flog
X-ABtesting
We-Hiring
X-Hello
X-Via-PopH
Memcached
Dnion-Transfer-Encoding
OT-Force-Account-Verify
X-Cache-Tag
LB
X-Depends-On
X-Date
Surrogated-Key
X-Via-PopN
X-Via-PopV
WZWS-RAY
X-ZONE
X-Akamai-Pragma-Client-IP
X-Oracle-DMS-ECID
Time
Media-Length
Memory
X-Presslabs-Stats
Vha6-Origin
X-UnsetCookies
X-Lb-Id
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-RateLimit-Remaining-Second
Env
X-RateLimit-Limit-Second
X-Pf-Uncompressing
X-Air-Trace-Id
X-Men
Epwk-X-Cache
X-MiniProfiler-Ids
X-Pad
X-Snapshot-Date
X-LiteSpeed-Tag
X-APP
Cf-Ipcountry
X-Zone
VNS-Age
VNS-Cache
X-Varnish-URL
CPC-Age
CPC-Cache
X-ElasticPress-Search
X-Vcache
X-ElasticPress-Query
URI
X-Varnish-Beresp-TTL
X-Litespeed-Cache-Control
X-Acquia-Application-Trace
X-Request-URL
X-Csrf-Token
X-Request-Url
X-B3-Parentspanid
X-Akamai-ERRuleID
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-Acquia-Application-UUID
Xet-Cookie
X-Acquia-Purge-Tags
X-Akamai-ERPolicy
X-Acquia-Site
CountryCode
X-Tid
X-Nananana
X-Amz-Meta-Cb-Modifiedtime
X-ServerName
X-Storefront-Renderer-Verified
X-Traceid
X-Debug-Cache-Store
X-Debug-Cache-Fetch
NnCoection
Phost
X-Akamai-Request-ID
Ohc-Response-Time
Environment
X-Redis-Count
Inserted-Into-Cache-At
X-Redis-Duration-Ms
X-C