Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-Served-By
X-UA-Compatible
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Ua-Compatible
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Via
Access-Control-Max-Age
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-Robots-Tag
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
NEL
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Cache-Spec
X-WebKit-CSP
X-Device
Allow
X-CST
Xkey
X-Backend-Server
X-Vhost
X-Host
X-Server-Id
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
P3p
X-ASPNET-VERSION
Accept-CH-Lifetime
X-Ac
X-Application-Context
X-Template
X-Language
X-Country
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
Accept-Ch
MS-Author-Via
X-Cloud-Trace-Context
X-B3-TraceId
Accept-Ch-Lifetime
Rating
X-Origin-Cache
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
X-TtlSet
X-Vname
X-PC
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ORACLE-DMS-ECID
X-ESI
X-Trace
Display
Pagespeed
X-Content-Type
X-Sol
X-Middleton-Display
X-Middleton-Response
Response
X-D2id
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Use-Magma
X-Kinja
Arr-Disable-Session-Affinity
X-Cdn-Fetch
X-Vcap-Request-Id
Verso
X-FastCGI-Cache
X-ORACLE-DMS-RID
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-Server-Name
X-Navigation-Version
Service-Worker-Allowed
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Powered-By-Plesk
X-Fastly-Request-ID
X-Webkit-CSP
X-Client-IP
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Cache-TTL
X-Release
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
X-MSEdge-Ref
X-TTL
X-Dw-Request-Base-Id
X-Element-Page-Cache
X-Oneagent-Js-Injection
SPRequestDuration
SPIisLatency
X-Cached
X-NF-Request-ID
Public-Key-Pins
MRF-Tech
RTSS
Mrf-Cache-Status
X-B3-TraceId-Primal
Access-Control-Request-Method
X-SRCache-Fetch-Status
Ar-Sid
X-SRCache-Store-Status
AR-ATIME
AR-CACHE
AR-Request-ID
AR-PoweredBy
X-Edge
X-LLID
X-Powered-CMS
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Ezoic-Cdn
X-Px
X-Upstream
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Content-MD5
Fusion-Template-Id
Cache-Tag
X-HP-Webp
X-Jurisdiction
X-Ttl
X-ECACHE
X-Mid
X-MCACHE
S
X-Mg-S
X-Version
X-Recruiting
Charset
X-Content-Digest
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
MicrosoftSharePointTeamServices
Front-End-Https
Cache-Tags
X-Id
X-Content-Security-Policy-Report-Only
Filters
X-Debug
X-Pinterest-Direct
TCN
X-Grace
X-Logged-In
Server-Node
Edge-Cache-Tag
X-DynaTrace
X-Accel-Expires
X-Forwarded-Proto
X-Correlation-Id
X-Forwarded-For
Server-Name
X-Amzn-Trace-Id
Nginx-Cache
TP-Cache
TP-L2-Cache
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
X-XRDS-LOCATION
X-Yandex-Sdch-Disable
X-Varnish-Age
X-Request-Received
X-Request-Processing-Time
X-B3-Sampled
X-Ser
X-Microsite
X-Request-Handler-Origin-Region
X-Shield-Request-Id
X-Hits
X-AppVersion
X-Activity-Id
X-Az
X-Amz-Replication-Status
X-Kinja-Server-Push
X-DIS-Request-ID
X-F-Cache
X-HS-Content-Id
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Combine-CSS
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Origin-Server
Accept-Charset
X-Geo-Country
X-Git-Hash
Cache
X-XRDS-Location
X-Respond-Thread
X-Cache-Key
Powered-By-ChinaCache
Alternate-Protocol
X-Rid
X-FTR-Request-ID
X-Fastcgi-Cache
X-LB-Cache
X-Frontend
Section-Io-Cache
X-Upgrade-Enabled
X-DataDome
Host
X-Time
X-Ruxit-Js-Agent
Access-Control-Allow-Method
X-Mobile-URL
X-Server-ID
X-Seen-By
Paypal-Debug-Id
MS-CV
X-Cache-Age
X-NWS-LOG-UUID
Cleartype
Healthy
X-AOL-HN
X-VCache
X-Varnish-Backend
X-Content-Options
X-Type
X-IPLB-Instance
X-Hostname
X-Whom
X-TT
ServerID
X-App-Environment
X-Request-Guid
X-Route-Name
X-Providence-Cookie
Payment
X-Is-Crawler
X-Flags
X-Aspnet-Duration-Ms
X-Jobs
X-Signature
X-Page-Id
X-B-Cache
X-Cache-Action
X-Source
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Debug-Info
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Load-Cache
X-N
X-Daa-Tunnel
X-Mobile
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
Nel
X-Via-JSL
Refresh
Version
X-RateLimit-Remaining
X-Akamai-Edgescape
X-Cached-By
X-Original-Request-Id
X-Rule
X-Response-Served-From
X-Accel-Buffering
X-Wix-Request-Id
X-Cache-Rule
X-Drupal-Cache-Tags
X-Contextid
DC
Viewport
X-Cache-Operation
X-Framework
X-Cacheable-TTL
X-Proxy
Node
X-RTag
Ms-Operation-Id
X-ProcessESI
X-RemovedCookies
X-Zen-Fury
Realpath
X-Real-IP
X-Cache-Time
X-Instance
X-B
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
Referer-Policy
X-Region
X-Distributor
Eomportal-Instance
X-UUID
X-Drupal-Cache-Contexts
X-Page-View
X-Yottaa-Metrics
X-Yottaa-Optimizations
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Cluster-Name
Countrycode
X-FW-Dynamic
X-FW-Server
X-Tt-Trace-Host
X-Cache-Expired-At
X-Tt-Trace-Tag
X-FW-Type
X-FW-Static
X-FW-Serve
X-FW-Hash
DynaTrace
X-Content-Powered-By
X-Cache-Control
X-G
X-IPS-LoggedIn
X-Environment-Context
X-L-Path
X-Tumblr-User
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Cache-Hit
Server-Info
GEO-INFO
X-Ratelimit-Limit
X-App-Server
X-FireWall-Port
X-Varnish-Ttl
X-Pass-Why
X-User-Agent
X-Tumblr-Pixel-2
Ec-Rule-Version
From-Origin
Webserver
X-Node-Name
Xserver
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Id
X-Protected-By
CF-IPCountry
Protected
X-Ratelimit-Remaining
X-Www-Served-By
SRV
X-Cache-Server
X-Backend-Name
X-ES-SERVER
Frame-Options
X-UPSTREAM-Address
X-Hl-Ver
X-Mode
X-Handled-By
Meta-Geo
X-RN-RSRV
X-Site-Version
Cache-Tv-Group
X-Locale
X-FB-TRIP-ID
X-Endurance-Cache-Level
X-Varnishpool
X-NYM-Debug-Backend
X-Be
X-Revision
X-Web-Node
X-Hyper-Cache
X-Uri
X-Labrador-Cache-Channel
X-Soup
X-Storage
X-PHP-Host
Webcakes-App-Name
X-UA-Device-Type
Selected-Fe
X-Nginx-Cache
Property-Id
X-Origin-Hint
TWC-GeoIP-LatLong
Decoy-Debug-Status
Webcakes-Region
X-Timing-Wait
TWC-Connection-Speed
X-Origin-Date
Cache-Name
TWC-GeoIP-Country
TWC-Locale-Group
X-Pubstack
X-MP-GENERATED-AT
X-Adobe-Content
Decoy-Debug-TTL
X-Proxy-Build
Country
TWC-Privacy
Webcakes-App-Version
Fastly-SSL
X-Proto
X-Amz-Meta-S3cmd-Attrs
X-Forwarded-Host
Cache-Status
Decoy-Debug-Key
X-Adobe-Loc
TWC-Device-Class
X-Human
X-Cache-Grace
X-Redis-Cache
Azure-SlotName
X-S-Maxage
X-Section
Azure-Version
X-SayCDN-TTL
X-Server-W
Azure-InstanceId
Azure-SiteName
Azure-RegionName
X-Say-Cacheable
X-Say-TTL
X-Sql-Count
X-Access
X-AIR-PT
X-Request-Time
X-ProxyCache-Status
X-ProxyCache-Key
X-Format
X-Sql-Duration-Ms
X-FW-Version
X-WA-Info
X-Via-Fastly
X-Hosted-By
X-OCL
X-PCL
X-No-Session
X-TNCMS
X-Loop
Retry-After
X-BYPASS-REASON
X-TT-LOGID
X-VWS-Id
X-Status
X-Cluster
X-Debug-IsConnected
X-PERF
X-Debug-IsPreview
X-LAGOON
X-AWS-Id
X-ApacheServer
X-LJ-Flow-ID
X-R9-Blue-Green-Version
Mn-Server-Ip
X-Shopify-Stage
X-ShopId
X-ShardId
X-Cache-TTL-Remaining
X-Sorting-Hat-PodId
X-Device-Type
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-Xfnlog-Site
X-Is-Bot
X-Rendered-As
X-Qloud-Router
X-CCM
Apigw-Requestid
AMP-Access-Control-Allow-Source-Origin
S-Cnection
X-Dc
X-FTR-Balancer
X-Country-Code-Real
X-Tec-Api-Origin
X-FTR-Cache-Status
X-Info
X-Via-CDN
X-FTR-DC
X-Tec-Api-Version
X-Tec-Api-Root
X-FTR-Backend
X-Varnish-Grace
X-FTR-Realm
Cache-Hits
X-FTR-Backend-Server
X-SRV
X-Varnish-Server
X-Cdn
X-FTR-Expires
X-Cache-Enabled
X-Detected-As
X-Cache-Host
X-Microcachable
X-Content-Age
X-Platform
X-GG-Cache-Date
X-Amzn-RequestId
X-EdgeConnect-Cache-Status
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-Aspnetmvc-Version
X-Air-Hostname
Uber-Trace-Id
X-CSRF-Token
X-Azure-Ref
X-Cache-Var-Map
X-Cache-Var
Tracecode
X-Backend-Host
SD-X-WS
X-Proxy-Cache-Status
X-Time-Microsecs
X-Unique-Id
X-DynaTrace-JS-Agent
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
X-ServerID
Akamai-GRN
X-Backend-TTL
X-ATG-Version
X-GEO
X-Oss-Storage-Class
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Request-Id
X-Tb
X-Cache-Backend
X-App-Version
X-BCube-Filmed-By
Backend
X-Trace-Id
X-Correlation-ID
X-RCS-CacheZone
HostName
DSUID
ServedBy
X-Varnish-Hostname
X-Akamai-Transformed
X-Cache-NGX
X-Cache-PHP
X-Connection-Hash
X-GeoIP-City
X-CF-Lambda-Version
X-External-Request-Id
X-CF-Lambda-Fn
X-Generated-On
X-Generation-Time
X-From
X-Fetched-On
X-Destination
X-Device-Os
X-D
X-Application
Thinkindot-Control
Rendered-Blocks
X-A
X-A-Ccd
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
SR-User-Adfree
X-Debug-Cache
T-Server
X-A-Dam
X-A-Dcw
Release
X-B-Cookie
Path
X-Magnolia-Registration
X-ARC
Odigeo-Trace-Id
X-A-Dgt
X-A-Wwc
X-Aed
X-Cache-NE
Lfy
X-SRCache-Key
Fastcgi-X-Cache-Version
Expiry
X-Thinkindot-L3
X-Session-Fingerprint
X-ScT
X-Rojux
X-S
Mobile-Detection-Method
DCR-Processing-Time-Ms
X-Trv-Group
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
BehaviorPad-Version
X-VG-WebServer
X-VG-WebCache
DCR-Decision-By
X-Vdms-Path
X-Vdms-Version
X-Rewrite-Enabled
X-S-Cookie
MD5-Digest
Machine
X-Origin-TTL
X-Matched-Rule
X-Location
X-TA-CDN-Provider
Meta-Geo-Continent
X-Level-Front-Cache
Instruction
X-Origin-CC
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Owner
X-Processor
X-Request-UUID
Arc-Version
X-Sucuri-ID
PB-PID
PB-RID
X-Cdn-Forward
DB-Nickname
X-APP-VERSION
X-B3-SpanId
Gh-Request-Id
Fastly-Backend-Name
Server-Host
Pagetype
Cf-Device-Type
Host-ID
X-HS-Content-Campaign-Id
X-Skip-Cache
X-SVT-ORM-RULES
X-Reqid
X-OVcl-Cache
X-OVcl
X-SVT-ORM-VERSION
X-Thanos
X-NAPM-TraceId
X-VServer
X-Tumblr-Pixel-3
X-TrackingId
X-Node-Id
X-Mvc-Supplant-Cachable
X-FC-Vary-Parameters
X-Geo-Header
X-Cache-Bucket
X-Bip
X-Azure-Ref-OriginShield
X-GeoIP
X-Has-Esi
X-Micro-Cache
X-JWT-State
X-Irp-Debug
CacheControlHeader
UCS
X-Is-Gdpr
X-Ms-Version
X-Ms-Request-Id
AKAMAI
X-Varnish-Cache-Hits
X-B3-Traceid
X-NewRelic-App-Data
C-Via
X-TX-ID
X-CS
X-Dispatcher-Server
Wxu-Next-Commit
Wxu-Next-Hostname
Wxu-Next-Region
NGX
On-Server
V-Age
X-Eu-Site
Ssr
Sever-Int
Server-Hostname
X-Fastly-Backend
Cache-Host
X-Esi-Check
X-Adobe-Source
X-DPWN-IS-SECURE
Content-Disposition
X-Clientip
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-Varnish-Remaining-TTL
X-Cache-Id
X-Cache-Info
X-VarnishDD-TTL
X-Cache-Tags
X-CGP
X-Branch-Name
X-Csrf-Jwt
X-Varnish-CookieHashed-On
CloudFront-Viewer-Country
X-Cdn-Origin
X-Developer
X-DefHash
X-DefElseHash
X-CUA
X-Backend-State
X-Varnish-CookieINHashed-On
X-Developers
Server-Ext
X-Li-Pop
Is-Eu
HA-Ipaddr
Ha-Gx-Prefs
X-Li-Fabric
L5d-Success-Class
Magicmarker
X-Varnish-Beresp-Grace
Location
X-LI-UUID
X-Scheme
X-Origin-Expires
X-Origin-Response-Time
X-Policy
X-Origin
X-Old-Content-Length
X-Nginx-Cache-Key
Adler-Geo
X-Request-Host
X-IP
Locid
Pramga
Platform
X-Sn-Servicetimems
X-Variation
X-Generated-In
X-Fastly-Cache
X-Cms-Context
X-Core-Value
X-Generated-By
X-Var-Ttl
PFcat
X-Swa-Ws
X-HN
X-Gzip
NM-Fastcgi-Cache
X-User
X-Erf-Stays-Bingo-Pdp-Web
X-ID
User-Cache-Control
X-Varnish-Beresp-Status
X-Gamma-Serve
X-Slack-Backend
X-Varnish-Beresp-Ttl
X-Varnish-Hits
X-SIPLIST1
X-Request-URI
X-Method
X-Hash
CDN-CachedAt
X-Fmm-Version
X-Gen-Mode
X-GoCache-CacheStatus
X-Envoy-Decorator-Operation
Rt-Fastcgi-Cache
True-Client-Country-4JS
X-Block-Status
X-Clara-WADP
X-NU-AKA-ACS-Version
X-Platform-Server
IsBot
X-WADP-Cache
Cf-Bgj
L
X-Rebelmouse-Surrogate-Control
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
Web-Mar-Node
X-Hnp-Log
CDN-RequestCountryCode
CDN-RequestId
CDN-Cache
CDN-PullZone
X-Cache-Date
CDCHOST
CDN-EdgeStorageId
Fastly-SIE
CDN-Uid
Fastly-SWR
Vix-Hermes-Req-Id
X-EC-Lua
X-Dynatrace
X-CLOUD-TRACE-CONTEXT
X-CACHE-KEY
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
X-Loc
Apple-News-Services-Host
Fastly-Drupal-HTML
X-Servername
Apple-News-Services-Handled
X-VG-TLSProxy
X-Core-Mission
X-Cache-Debug
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Cache-Expires
X-Aicache-OS
Origin
X-LB-ID
Sid
X-Mvc-Supplant-OutputCached
X-NCache
X-PF-Uncompressing
X-Request-Start
X-Refresh
X-Via-Popv
X-Via-Poph
X-Varnish-Url
Url
X-CACHE-GROUP
X-Via-Popn
Esi-Enabled
X-Nc
X-Oracle-Dms-Rid
X-Unique-ID
X-NC
X-Cache-Remote
Who
X-Response-By
X-FireWall-Protection
Pics-Label
X-Varnish-Cacheable
Country-Code
S-Rt
X-Proxy-Cachei7
X-Epic-Correlation-Id
Xkeyi7
X-Tb-Optimization-Total-Bytes-Saved
Geo-Info
X-Planisys-CDN-TTL
Content-Secure-Policy
X-Host-Name
X-B3-Spanid
X-Planisys-CDN-Cache
X-BBXSRF
X-Error
X-Webkit-Csp
N-Cache
X-Planisys-CDN-Rules
Req-Svc-Chain
X-TraceId
X-Srv
Source
X-Cache-2
Ohc-File-Size
X-Webkit-CSP-Report-Only
Cross-Origin-Window-Policy
X-Contensis-Viewer-Groups
X-DC
D-Cc-Upstream
Cmsid
Cteonnt-Length
Server-Ttl
X-Cc-Req-Id
X-Varnish-Authentication
X-Cc-Via
X-Cache-ASPX
Geoip-Latitude
HitType
Cmstype
GeoIp-Country-Code
X-Sucuri-Cache
X-RateLimit-Limit
X-HS-Status
X-LiteSpeed-Cache-Control
Tcn
Svr
X-Served-From
X-Svr
Kp-EeAlive
X-URL
MIME-Version
X-Vcl-Version
Viewtype
X-HostName
VivaBuild
X-Server-IP
A
Cache-Key
X-Servedbyhost
X-Wa
Filterid
X-CDN-Forward
M-TraceId
X-Nyt-Route
X-Origin-Time
X-Cache-Config
X-Esi
X-Cs
X-FPC
X-Gdpr
X-API-Version
X-Li-Proto
CACHE
Cross-Origin-Opener-Policy
X-LI-Proto
TDXMobile
Server-ID
Resin-Trace
Arc-Country
X-RAMCache
X-Air-Source
X-SN
X-Vgn-Hpd-Reason
X-VC
NtCoent-Length
X-HOST
X-Check-Cacheable
Request-ID
X-Webstats-RespID
NGB
X-NodeID
Server-Id
Ohc-Cache-HIT
X-SB
SID
Hostname
X-UA
X-ServedByHost
X-DI
X-SD-PageType
X-Viewer-Country
X-DB
X-RPM
X-Newrelic-Synthetics
X-WA
X-DW
X-RSL
X-DSS
Cache-Provider
X-RPS
X-CCDN-CacheTTL
X-NGINX-Cache
X-Vc
X-TIM-N
X-CCDN-Origin-Time
X-VCL-Version
X-Internal-Host
X-Hcs-Proxy-Type
GeoIP-Latitude
X-Service
Srv
X-Render-Time
GeoIP-Country-Code
Mime-Version
X-Geo
XServer
X-BBC-Edge-Cache-Status
X-JoinUs
EpKe-Alive
DataCenter
X-PHP-Backend
X-App
X-SaId
ProcessTime
X-Action
X-NGENIX-Cache
X-FTR-Cache-Host
X-Edge-Location
X-Ua
X-CF-Powered-By
X-Fpc
X-Oss-Cdn-Auth
FSS-Cache
X-Extlb
Processtime
X-Worker
X-Via-NSCOPI
X-Auto-Login
X-TIME
X-Forwarded-Site
X-Provided-By
X-Dynatrace-Js-Agent
CF-Cached-On
Proxy-Connection
X-Cluster-Node
W
X-FORWARDED-FOR
Upgrade-Insecure-Requests
X-Cdn-Request-ID
X-HITS
X-MSEdge-Flight
Memcached
Surrogated-Key
X-MSEdge-Features
Mail-Subject
LB
X-Parent-Response-Time
CDN
X-Req
X-Dw-Trace-Id
Cdn
X-Region-Sid
X-VC-Cache
X-Ftr-Cache-Host
X-CSRF-TOKEN
X-BACKEND-TTL
X-Fastly-Backend-Reqs
X-Proxy-Upstream
Datacenter
X-Date
X-Depends-On
X-PJAX-URL
X-Accel-Expires-Debug
X-Bc-Bl
We-Hiring
X-CACHE-AGE
X-Swift-Error
X-Client-Ip
X-BBC-Origin-Response-Status
X-Hello
X-IN-APIGATEWAY
X-ABtesting
X-IN-APIGATEWAYSSL
Env
X-APP
Dnion-Transfer-Encoding
X-UnsetCookies
X-Fastly-Request-Id
X-RateLimit-Remaining-Second
X-Flog
X-RateLimit-Limit-Second
X-Cache-Tag
PICS-Label
X-ZONE
X-Akamai-Pragma-Client-IP
X-Men
X-Air-Trace-Id
X-Sigma
X-Pad
Media-Length
Time
X-Rocket-Build-Number
X-Sigma-Backend
Memory
X-Oracle-DMS-ECID
X-Presslabs-Stats
Vha6-Origin
X-Pf-Uncompressing
X-Acquia-Site
X-Zone
X-Acquia-Application-Trace
OT-Force-Account-Verify
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-ND-Cache
CPC-Cache
VNS-Age
Epwk-X-Cache
CPC-Age
X-Via-PopH
VNS-Cache
X-Via-PopV
X-Via-PopN
X-LiteSpeed-Tag
Cf-Ipcountry
X-ElasticPress-Search
X-ElasticPress-Query
Xet-Cookie
X-Akamai-ERPolicy
X-Ms-Meta-Staticbatchstarttime
X-Vcache
X-Ms-Meta-Originalurl
X-Varnish-URL
X-Akamai-ERRuleID
X-Request-Url
X-Lb-Id
WZWS-RAY
X-Snapshot-Date
X-MiniProfiler-Ids
X-Csrf-Token
X-Request-URL
X-Varnish-Beresp-TTL
CountryCode
X-Litespeed-Cache-Control
Content-Script-Type
X-Amz-Meta-Cb-Modifiedtime
X-Tid
Content-Style-Type
X-Debug-Cache-Fetch
X-Traceid
URI
Ohc-Response-Time
NnCoection
Phost
X-B3-Parentspanid
X-Redis-Duration-Ms
X-Redis-Count
X-ServerName
X-C
X-Storefront-Renderer-Verified
X-Debug-Cache-Store
Environment
Inserted-Into-Cache-At