Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Request-ID
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
Upgrade
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
X-WebKit-CSP
Xkey
Allow
X-Device
X-CST
X-Backend-Server
X-Vhost
X-Host
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
Accept-CH
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Accept-CH-Lifetime
P3p
X-ASPNET-VERSION
X-Ac
X-Application-Context
X-Template
X-Language
X-Cache-Lookup
X-Country
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
Accept-Ch
X-MS-InvokeApp
X-HW
X-Url
X-PC
X-Vname
X-TtlSet
Accept-Ch-Lifetime
X-Clacks-Overhead
X-GitHub-Request-Id
X-ORACLE-DMS-ECID
Edge-Control
X-Trace
X-ESI
X-FastCGI-Cache
X-Middleton-Response
X-Content-Type
X-Sol
Display
X-Middleton-Display
Response
Pagespeed
X-D2id
Arr-Disable-Session-Affinity
X-Exp-Variant
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-Kinja-Server
X-Vcap-Request-Id
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Country-Code
X-ORACLE-DMS-RID
X-Server-Name
X-Varnish-TTL
Service-Worker-Allowed
X-Navigation-Version
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Powered-By-Plesk
X-Client-IP
X-Cache-TTL
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Webkit-CSP
X-Release
X-SharePointHealthScore
SPRequestGuid
Fastly-Restarts
X-MSEdge-Ref
X-Element-Page-Cache
X-Dw-Request-Base-Id
SPIisLatency
X-Kinja-Server-Push
SPRequestDuration
X-Cached
X-NF-Request-ID
X-Oneagent-Js-Injection
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
RTSS
X-Ttl
AR-Request-ID
Ar-Sid
AR-ATIME
AR-CACHE
Access-Control-Request-Method
AR-PoweredBy
X-Edge
X-SRCache-Fetch-Status
X-TTL
X-SRCache-Store-Status
X-LLID
X-Origin-Upstream-Status
X-Powered-CMS
X-Px
X-Ezoic-Cdn
Fusion-Template-Id
X-Upstream
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
Fusion-Content-Source
Content-MD5
Cache-Tag
X-Jurisdiction
X-HP-Webp
X-Mid
X-ECACHE
X-MCACHE
S
X-Version
X-Recruiting
X-Mg-S
X-Content-Digest
Charset
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
Fastcgi-Cache
TCN
X-T
X-Kinsta-Cache
MicrosoftSharePointTeamServices
X-Content-Security-Policy-Report-Only
Front-End-Https
Filters
Cache-Tags
X-Pinterest-Direct
X-Debug
X-Litespeed-Cache
X-Grace
Server-Node
Edge-Cache-Tag
X-Logged-In
X-Accel-Expires
X-Id
X-Forwarded-Proto
X-Correlation-Id
X-DynaTrace
X-Amzn-Trace-Id
Server-Name
Nginx-Cache
X-Forwarded-For
TP-L2-Cache
TP-Cache
X-Yandex-Sdch-Disable
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
Surrogate-Key
X-Varnish-Age
X-Request-Processing-Time
X-Request-Received
X-B3-Sampled
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-Shield-Request-Id
X-Hits
X-XRDS-Location
X-Activity-Id
X-Az
X-AppVersion
X-DIS-Request-ID
X-Amz-Replication-Status
X-Server-ID
X-Ruxit-Js-Agent
X-HS-Cache-Config
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Stored-Content-Encoding
X-HS-Combine-CSS
X-HS-Content-Id
X-F-Cache
X-HS-Hub-Id
X-Goog-Metageneration
X-Goog-Storage-Class
X-Goog-Generation
X-Origin-Server
X-Cache-Key
Accept-Charset
X-XRDS-LOCATION
X-Geo-Country
X-Git-Hash
X-Respond-Thread
Powered-By-ChinaCache
X-FTR-Request-ID
Cache
X-Rid
X-LB-Cache
Alternate-Protocol
Section-Io-Cache
X-Frontend
X-Upgrade-Enabled
X-DataDome
Host
X-Hostname
Access-Control-Allow-Method
X-Mobile-URL
X-Cache-Age
X-Seen-By
Cleartype
Paypal-Debug-Id
MS-CV
X-AOL-HN
X-IPLB-Instance
Healthy
X-Type
X-VCache
X-NWS-LOG-UUID
X-Varnish-Backend
X-Whom
X-App-Environment
X-Content-Options
ServerID
Payment
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Cache-Action
X-WebKit-CSP-Report-Only
X-Flags
X-Is-Crawler
X-TT
X-Aspnet-Duration-Ms
X-Debug-Info
X-Signature
X-Page-Id
X-Jobs
X-B-Cache
Fastcgi-Useragent
X-Time
X-N
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Source
X-TEC-API-ORIGIN
X-Load-Cache
X-Mobile
X-Daa-Tunnel
X-Fastcgi-Cache
X-RateLimit-Remaining
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Via-JSL
Version
Nel
Refresh
X-Cached-By
X-Cache-Rule
X-Cache-Operation
X-Akamai-Edgescape
X-Rule
X-Response-Served-From
X-Original-Request-Id
Viewport
X-Accel-Buffering
DC
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Proxy
X-Framework
X-Cacheable-TTL
X-RemovedCookies
Realpath
Access-Control-Request-Headers
X-Contextid
X-Zen-Fury
Ms-Operation-Id
X-RTag
X-ProcessESI
X-Instance
X-Real-IP
DynaTrace
X-Region
X-UUID
Node
X-Drupal-Cache-Contexts
Referer-Policy
Eomportal-Instance
X-Tt-Trace-Host
X-Page-View
X-Tt-Trace-Tag
X-Yottaa-Metrics
X-Distributor
X-Cache-Time
X-HTML-Minification-Powered-By
X-Yottaa-Optimizations
X-Cache-Expired-At
X-FW-Type
X-Cluster-Name
Countrycode
X-FW-Hash
X-FW-Dynamic
X-FW-Static
X-FW-Server
X-FW-Serve
X-B
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-Content-Powered-By
X-L-Path
X-Environment-Context
X-Cache-Control
GEO-INFO
X-Cache-Hit
Liferay-Portal
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-User
X-G
X-Tumblr-Pixel-1
X-IPS-LoggedIn
Server-Info
X-Pass-Why
X-App-Server
X-FireWall-Port
X-Node-Name
X-User-Agent
X-Tumblr-Pixel-2
From-Origin
Webserver
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-Ratelimit-Limit
X-Varnish-Ttl
Ec-Rule-Version
X-Protected-By
Protected
CF-IPCountry
SRV
X-Cache-Server
X-Www-Served-By
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Backend-Name
Frame-Options
X-Endurance-Cache-Level
Meta-Geo
X-Handled-By
X-ES-SERVER
Xserver
X-UPSTREAM-Address
X-Mode
X-RN-RSRV
X-Hl-Ver
X-Hyper-Cache
Cache-Status
X-FB-TRIP-ID
X-Locale
X-Soup
X-Site-Version
Cache-Tv-Group
X-Web-Node
X-Storage
X-Human
X-Forwarded-Host
Country
X-NYM-Debug-Backend
X-Cache-Grace
X-Varnishpool
X-Origin-Hint
X-Proto
Azure-Version
Azure-SlotName
Property-Id
Azure-SiteName
Cache-Name
Azure-InstanceId
Fastly-SSL
X-Pubstack
Decoy-Debug-TTL
Decoy-Debug-Key
Decoy-Debug-Status
X-Request-Time
X-TT-LOGID
X-Redis-Cache
X-ProxyCache-Key
X-ProxyCache-Status
X-Proxy-Build
X-Labrador-Cache-Channel
TWC-GeoIP-LatLong
X-Timing-Wait
TWC-GeoIP-Country
TWC-Device-Class
TWC-Locale-Group
Webcakes-Region
TWC-Privacy
Webcakes-App-Name
Webcakes-App-Version
Selected-Fe
TWC-Connection-Speed
X-BYPASS-REASON
X-Be
Azure-RegionName
X-PHP-Host
X-Uri
Retry-After
X-Loop
X-Access
X-AIR-PT
X-Format
X-Origin-Date
X-Sql-Count
X-OCL
X-SayCDN-TTL
X-Section
X-PCL
X-Sql-Duration-Ms
X-Adobe-Loc
X-Say-Cacheable
X-TNCMS
X-Hosted-By
X-Adobe-Content
X-FW-Version
X-UA-Device-Type
X-S-Maxage
X-WA-Info
X-MP-GENERATED-AT
X-Via-Fastly
X-Say-TTL
X-LAGOON
X-Nginx-Cache
X-Ratelimit-Remaining
X-Server-W
X-No-Session
X-PERF
X-ApacheServer
X-R9-Blue-Green-Version
X-Status
X-Cache-TTL-Remaining
X-AWS-Id
X-Alternate-Cache-Key
Mn-Server-Ip
X-VWS-Id
X-Cluster
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-LJ-Flow-ID
X-Storefront-Renderer-Rendered
X-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Zipkin-Id
X-Proxied
X-Device-Type
X-Routing-Service
X-Debug-IsPreview
X-Rendered-As
X-Xfnlog-Site
X-Qloud-Router
X-Is-Bot
X-CCM
X-Debug-IsConnected
X-Via-CDN
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-DC
X-FTR-Realm
S-Cnection
X-FTR-Cache-Status
Cache-Hits
X-Country-Code-Real
X-FTR-Backend
X-Info
Apigw-Requestid
X-Tec-Api-Version
X-Tec-Api-Root
X-SRV
X-Tec-Api-Origin
X-FTR-Expires
X-Dc
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-Varnish-Grace
X-Detected-As
X-Cache-Enabled
X-Cdn
X-Cache-Host
X-GG-Cache-Date
X-Amzn-Remapped-Content-Length
X-Unique-Id
X-EdgeConnect-Cache-Status
X-Content-Age
X-Microcachable
X-Amz-Apigw-Id
X-Air-Hostname
X-Amzn-RequestId
X-Platform
X-Cache-Var
X-Cache-Var-Map
X-Azure-Ref
Amp-Access-Control-Allow-Source-Origin
Uber-Trace-Id
Tracecode
SD-X-WS
X-Aspnetmvc-Version
X-Backend-Host
X-Proxy-Cache-Status
X-Time-Microsecs
X-GEO
X-Backend-TTL
X-NWS-UUID-VERIFY
X-DynaTrace-JS-Agent
X-ServerID
X-CSRF-Token
Akamai-GRN
X-ATG-Version
X-Trace-Id
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Tb
X-Cache-Backend
X-Oss-Server-Time
X-BCube-Filmed-By
DSUID
Backend
ServedBy
X-RCS-CacheZone
X-ID
X-Akamai-Transformed
X-Oracle-Dms-Rid
X-App-Version
X-Correlation-ID
X-Cache-PHP
X-Cache-NGX
X-Varnish-Hostname
X-TA-CDN-Provider
SR-User-Adfree
Release
T-Server
Path
Rendered-Blocks
Lfy
Expiry
Thinkindot-CacheControl
DCR-Processing-Time-Ms
DCR-Decision-By
X-Debug-Cache
BehaviorPad-Version
Fastcgi-X-Cache-Version
Instruction
Meta-Geo-Continent
Mobile-Detection-Method
MD5-Digest
Machine
X-Varnish-Cache-Hits
Odigeo-Trace-Id
X-ARC
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-S-Cookie
X-Processor
X-PBS-Appsvrname
X-Matched-Rule
X-Origin-CC
X-Origin-TTL
X-PAYTM-SRV-ID
X-ScT
X-Session-Fingerprint
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-Vdms-Path
X-Location
X-Level-Front-Cache
X-A-Wwc
X-Aed
X-Application
X-B-Cookie
X-A-Dgt
X-A-Dcw
Thinkindot-Control
X-A
X-A-Ccd
X-A-Dam
X-Cache-NE
X-CF-Lambda-Fn
X-Fetched-On
X-From
X-Generated-On
X-GeoIP-City
X-External-Request-Id
X-Device-Os
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
Thinkindot-CacheControl-Type
X-Generation-Time
X-APP-VERSION
X-Dynatrace
X-Magnolia-Registration
Arc-Version
PB-RID
PB-PID
X-Sucuri-ID
X-NewRelic-App-Data
X-Erf-Stays-Bingo-Pdp-Web
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-HS-Content-Campaign-Id
AKAMAI
Cache-Host
X-JWT-State
X-Micro-Cache
Cf-Device-Type
C-Via
X-Owner
X-FC-Vary-Parameters
X-Bip
X-Cache-Bucket
X-Azure-Ref-OriginShield
UCS
Ssr
X-Cdn-Origin
Host-ID
X-Geo-Header
X-Node-Id
Fastly-Backend-Name
Gh-Request-Id
X-Has-Esi
X-Irp-Debug
X-Swa-Ws
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-TrackingId
X-Tumblr-Pixel-3
X-Ms-Version
X-Ms-Request-Id
X-VServer
X-Sn-Servicetimems
X-Thanos
X-OVcl
X-Origin-Response-Time
X-Skip-Cache
X-OVcl-Cache
HostName
DB-Nickname
X-Backend-State
Server-Host
X-NAPM-TraceId
X-Cache-Info
X-CGP
X-VarnishDD-TTL
X-Cache-Tags
X-Wikidot-Backend
X-Adobe-Source
Wxu-Next-Hostname
X-Cms-Context
Wxu-Next-Commit
Server-Ext
Wxu-Next-Region
Sever-Int
X-Wikidot-Static-Cache
Server-Hostname
X-Developers
X-HN
X-GeoIP
X-Generated-In
X-Generated-By
X-IP
X-Scheme
X-Nginx-Cache-Key
X-Policy
X-Reqid
X-Request-Host
X-Fastly-Cache
X-User
X-Varnish-Beresp-Grace
X-CUA
X-Csrf-Jwt
X-Varnish-Hits
X-Developer
X-Origin-Expires
X-Fastly-Backend
X-Eu-Site
X-Var-Ttl
X-Core-Value
X-Clientip
L5d-Success-Class
CacheControlHeader
X-B3-Traceid
Magicmarker
L
On-Server
NGX
Pagetype
HA-Ipaddr
Ha-Gx-Prefs
PFcat
Location
CloudFront-Viewer-Country
Pramga
Content-Disposition
Locid
X-CS
User-Cache-Control
X-B3-SpanId
IsBot
X-Platform-Server
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
X-LI-UUID
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieHashed-On
X-Clara-WADP
V-Age
Fastly-SIE
X-Variation
X-Loc
X-Method
X-Cdn-Forward
X-GoCache-CacheStatus
Cf-Bgj
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Gen-Mode
X-Origin
X-Envoy-Decorator-Operation
Fastly-SWR
X-NU-AKA-ACS-Version
CDCHOST
Fastly-Drupal-HTML
X-Gamma-Serve
X-Fmm-Version
X-Old-Content-Length
X-TX-ID
X-Cache-Expires
Platform
X-DefHash
Web-Mar-Node
X-DefElseHash
Rt-Fastcgi-Cache
X-DPWN-IS-SECURE
Is-Eu
X-WADP-Cache
X-Cache-Id
X-Branch-Name
Origin
Adler-Geo
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-Gzip
X-Li-Fabric
X-Li-Pop
X-Cache-Date
X-Block-Status
X-Esi-Check
X-SIPLIST1
X-Slack-Backend
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-Servername
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Vix-Hermes-Req-Id
True-Client-Country-4JS
CDN-Uid
X-Hash
NM-Fastcgi-Cache
Apple-News-Services-Request-Url
CDN-RequestCountryCode
CDN-CachedAt
CDN-EdgeStorageId
X-EC-Lua
X-VG-TLSProxy
CDN-Cache
X-Core-Mission
CDN-PullZone
X-Dispatcher-Server
X-Cache-Debug
CDN-RequestId
Apple-News-Services-Handled
X-Request-Start
X-NCache
X-LB-ID
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-Varnish-Url
X-PF-Uncompressing
Sid
X-Refresh
Url
X-Cache-Remote
X-NC
X-Via-Poph
X-Via-Popv
X-CACHE-GROUP
X-Via-Popn
X-Nc
S-Rt
X-Response-By
X-B3-Spanid
Esi-Enabled
X-Varnish-Cacheable
Pics-Label
Who
X-CACHE-KEY
X-Epic-Correlation-Id
X-Host-Name
X-Esi
X-Proxy-Cachei7
Xkeyi7
Country-Code
X-FireWall-Protection
X-BBXSRF
X-TraceId
N-Cache
Req-Svc-Chain
X-Unique-ID
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-TTL
X-Webkit-Csp
X-Cache-2
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
X-RateLimit-Limit
X-DC
X-Error
Content-Secure-Policy
Cross-Origin-Window-Policy
Ohc-File-Size
Source
X-Srv
Server-Ttl
X-Varnish-Authentication
X-Cache-ASPX
X-Sucuri-Cache
D-Cc-Upstream
X-Cc-Via
X-CDN-Forward
X-Cc-Req-Id
X-Contensis-Viewer-Groups
Geoip-Latitude
X-Webkit-CSP-Report-Only
GeoIp-Country-Code
Geo-Info
X-Svr
MIME-Version
Cteonnt-Length
X-LiteSpeed-Cache-Control
X-Wa
X-CLOUD-TRACE-CONTEXT
CACHE
X-HS-Status
HitType
X-Servedbyhost
Cmstype
Cmsid
X-Served-From
Kp-EeAlive
X-Server-IP
Svr
X-Cs
X-URL
Cache-Key
X-Nyt-Route
X-Origin-Time
X-API-Version
VivaBuild
X-Gdpr
X-Cache-Config
A
Viewtype
X-FPC
Hostname
Filterid
X-RAMCache
Resin-Trace
X-Vcl-Version
Server-ID
X-SN
X-VC
M-TraceId
X-LI-Proto
XServer
SID
Ohc-Cache-HIT
X-Vgn-Hpd-Reason
X-SB
X-TIME
Arc-Country
X-Air-Source
TDXMobile
X-VCL-Version
X-Li-Proto
X-Webstats-RespID
X-NodeID
Cross-Origin-Opener-Policy
Server-Id
X-HOST
X-NGINX-Cache
X-HostName
NtCoent-Length
X-Check-Cacheable
NGB
X-Viewer-Country
X-SD-PageType
Tcn
Request-ID
X-UA
X-DW
X-RPM
X-RPS
X-DSS
X-Internal-Host
X-DB
X-DI
X-RSL
X-Render-Time
X-Hcs-Proxy-Type
X-TIM-N
X-Vc
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Cache-Provider
X-FORWARDED-FOR
X-Newrelic-Synthetics
GeoIP-Latitude
GeoIP-Country-Code
Mime-Version
EpKe-Alive
X-WA
Srv
X-ServedByHost
X-Service
X-App
X-BBC-Edge-Cache-Status
X-Ua
X-COUNTRY
Processtime
X-PHP-Backend
X-Action
ProcessTime
X-NGENIX-Cache
X-JoinUs
X-SaId
X-Auto-Login
X-Worker
X-CF-Powered-By
X-Geo
X-CSRF-TOKEN
X-Extlb
Datacenter
X-Dynatrace-Js-Agent
X-FTR-Cache-Host
X-Edge-Location
X-Via-NSCOPI
X-Forwarded-Site
X-Fpc
X-Oss-Cdn-Auth
Upgrade-Insecure-Requests
FSS-Cache
DataCenter
X-Provided-By
X-Ftr-Cache-Host
X-Cdn-Request-ID
W
Proxy-Connection
X-Cluster-Node
CDN
CF-Cached-On
X-HITS
X-Swift-Error
X-Proxy-Upstream
X-BACKEND-TTL
X-PJAX-URL
LB
X-MSEdge-Features
X-Region-Sid
X-Fastly-Backend-Reqs
X-VC-Cache
X-Parent-Response-Time
X-Req
X-BBC-Origin-Response-Status
X-MSEdge-Flight
X-Dw-Trace-Id
Cdn
X-Accel-Expires-Debug
Surrogated-Key
X-Date
X-Bc-Bl
X-Depends-On
X-CACHE-AGE
X-Client-Ip
X-UnsetCookies
Memcached
Env
Mail-Subject
X-ABtesting
X-RateLimit-Limit-Second
X-Hello
X-RateLimit-Remaining-Second
X-Pad
X-Flog
We-Hiring
X-Pf-Uncompressing
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Tag
PICS-Label
Dnion-Transfer-Encoding
OT-Force-Account-Verify
X-Fastly-Request-Id
X-ZONE
X-Akamai-Pragma-Client-IP
Vha6-Origin
X-Presslabs-Stats
X-Acquia-Purge-Tags
X-Zone
Media-Length
X-Acquia-Site
X-Acquia-Application-UUID
X-ND-Cache
X-Acquia-Application-Trace
X-APP
X-Oracle-DMS-ECID
X-Sigma-Backend
X-Via-PopV
X-Air-Trace-Id
X-Rocket-Build-Number
X-Sigma
X-Via-PopN
X-Via-PopH
X-Men
X-LiteSpeed-Tag
Epwk-X-Cache
Time
WZWS-RAY
Memory
VNS-Age
X-MiniProfiler-Ids
X-Lb-Id
CPC-Age
VNS-Cache
CPC-Cache
Cf-Ipcountry
X-Request-Url
X-Varnish-URL
X-ElasticPress-Query
X-Ms-Meta-Staticbatchstarttime
X-Vcache
X-Varnish-Beresp-TTL
X-Ms-Meta-Originalurl
Xet-Cookie
X-Snapshot-Date
X-ElasticPress-Search
X-Request-URL
X-Csrf-Token
X-Akamai-ERRuleID
X-Akamai-ERPolicy
URI
X-Tx-Id
CountryCode
Content-Style-Type
NnCoection
Content-Script-Type
X-Tid
X-Litespeed-Cache-Control
X-Traceid
X-Amz-Meta-Cb-Modifiedtime
Inserted-Into-Cache-At
Ohc-Response-Time
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-Storefront-Renderer-Verified
X-C
Phost
X-Redis-Duration-Ms
X-ServerName
X-Redis-Count
Environment
X-B3-Parentspanid