Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Status
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
Xkey
Allow
X-Device
X-CST
X-Backend-Server
X-Vhost
X-Host
X-WebKit-CSP
EagleEye-TraceId
Request-Id
X-Server-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH
X-Ruxit-JS-Agent
Accept-CH-Lifetime
P3p
X-ASPNET-VERSION
X-Ac
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-Readtime
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Accept-Ch
Rating
X-Cnection
X-MS-InvokeApp
X-HW
Accept-Ch-Lifetime
X-Url
X-Vname
X-PC
X-TtlSet
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-Trace
X-Middleton-Display
Response
X-Middleton-Response
Pagespeed
X-Sol
Display
X-Content-Type
X-FastCGI-Cache
X-Webkit-CSP
X-D2id
X-Vcap-Request-Id
X-Cdn-Fetch
X-Kinja-Build
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
Arr-Disable-Session-Affinity
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-ORACLE-DMS-RID
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Powered-By-Plesk
X-Client-IP
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
X-Cache-TTL
X-Kinja-Server-Push
X-SharePointHealthScore
SPRequestGuid
X-Release
Fastly-Restarts
X-MSEdge-Ref
X-Element-Page-Cache
SPRequestDuration
X-Dw-Request-Base-Id
SPIisLatency
X-Oneagent-Js-Injection
X-Cached
X-NF-Request-ID
Public-Key-Pins
X-B3-TraceId-Primal
MRF-Tech
X-TTL
Mrf-Cache-Status
RTSS
AR-CACHE
AR-ATIME
AR-PoweredBy
AR-Request-ID
Ar-Sid
X-Edge
Access-Control-Request-Method
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-LLID
X-Ttl
X-Powered-CMS
X-Origin-Upstream-Status
X-Px
X-Ezoic-Cdn
Fusion-Content-Source
Fusion-Template-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Content-Id
Fusion-Component-Id
X-Upstream
Content-MD5
X-Jurisdiction
X-HP-Webp
Cache-Tag
X-Mid
X-ECACHE
X-MCACHE
X-Recruiting
S
X-Content-Digest
X-Version
Charset
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
X-Mg-S
TCN
Fastcgi-Cache
X-Pinterest-Direct
MicrosoftSharePointTeamServices
X-Server-ID
X-T
X-Kinsta-Cache
X-Content-Security-Policy-Report-Only
Front-End-Https
X-Debug
Filters
Cache-Tags
X-Id
X-Grace
Edge-Cache-Tag
Server-Node
X-Logged-In
X-Accel-Expires
X-Forwarded-Proto
X-Forwarded-For
X-DynaTrace
X-Correlation-Id
X-Amzn-Trace-Id
Nginx-Cache
Server-Name
X-Yandex-Sdch-Disable
Surrogate-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-XRDS-Location
TP-L2-Cache
TP-Cache
X-Varnish-Age
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
X-Ruxit-Js-Agent
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-Shield-Request-Id
X-Hits
X-Cache-Key
X-Az
X-Activity-Id
X-AppVersion
X-DIS-Request-ID
X-Amz-Replication-Status
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-F-Cache
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Litespeed-Cache
X-Origin-Server
Accept-Charset
Powered-By-ChinaCache
X-Git-Hash
X-Geo-Country
X-Respond-Thread
X-FTR-Request-ID
X-XRDS-LOCATION
Cache
X-Rid
X-Hostname
X-LB-Cache
Section-Io-Cache
X-Upgrade-Enabled
X-DataDome
Alternate-Protocol
X-Frontend
Access-Control-Allow-Method
Host
X-Mobile-URL
X-Cache-Age
MS-CV
Paypal-Debug-Id
Cleartype
X-Seen-By
X-AOL-HN
X-IPLB-Instance
X-Time
Healthy
X-VCache
X-Type
X-Varnish-Backend
X-Content-Options
X-Whom
X-App-Environment
X-NWS-LOG-UUID
ServerID
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Cache-Action
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
Payment
X-TT
X-B-Cache
X-Jobs
X-Debug-Info
X-Signature
X-Page-Id
Fastcgi-Useragent
X-Source
X-TEC-API-VERSION
X-Fastcgi-Cache
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Load-Cache
X-WebKit-CSP-Report-Only
X-Mobile
X-N
X-RateLimit-Remaining
X-Daa-Tunnel
X-FB-Debug
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Via-JSL
Nel
Version
X-Cached-By
X-Cache-Rule
X-Akamai-Edgescape
X-Cache-Operation
Refresh
X-Original-Request-Id
X-Response-Served-From
X-Accel-Buffering
Viewport
X-Rule
X-Cacheable-TTL
X-Wix-Request-Id
DC
X-Framework
X-Drupal-Cache-Tags
X-Proxy
X-RTag
Access-Control-Request-Headers
X-Zen-Fury
X-ProcessESI
X-RemovedCookies
Ms-Operation-Id
X-Real-IP
DynaTrace
X-Contextid
X-Instance
X-UUID
X-HTML-Minification-Powered-By
Referer-Policy
Node
Realpath
X-Cache-Time
X-Region
GEO-INFO
X-Tt-Trace-Tag
X-Distributor
X-Drupal-Cache-Contexts
Eomportal-Instance
X-Page-View
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Host
X-FW-Static
X-Cluster-Name
X-FW-Hash
X-FW-Serve
X-FW-Dynamic
X-FW-Server
Countrycode
X-FW-Type
X-Cache-Expired-At
X-B
VIX-Pulpo-Node
X-Content-Powered-By
X-Environment-Context
X-L-Path
VIX-Pulpo-Upstream-Status
X-Cache-Control
X-IPS-LoggedIn
X-Tumblr-User
Liferay-Portal
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-G
X-Cache-Hit
Server-Info
X-User-Agent
X-Node-Name
X-Varnish-Ttl
X-App-Server
X-Pass-Why
Webserver
From-Origin
X-FireWall-Port
X-Tumblr-Pixel-2
Section-Origin-Responded
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Ec-Rule-Version
X-Ratelimit-Limit
X-Protected-By
Protected
CF-IPCountry
X-Cache-Server
Xserver
SRV
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Www-Served-By
X-Backend-Name
Frame-Options
X-Endurance-Cache-Level
Meta-Geo
X-Hl-Ver
X-ES-SERVER
X-Handled-By
X-RN-RSRV
X-UPSTREAM-Address
X-Mode
Cache-Status
X-Site-Version
X-Hyper-Cache
X-Locale
X-Soup
X-FB-TRIP-ID
X-Storage
X-Web-Node
X-Varnishpool
Cache-Tv-Group
X-Human
X-Be
Country
X-Cache-Grace
X-NYM-Debug-Backend
X-Forwarded-Host
X-Uri
TWC-GeoIP-LatLong
X-Timing-Wait
TWC-Locale-Group
Retry-After
Webcakes-Region
X-BYPASS-REASON
X-TT-LOGID
Webcakes-App-Version
TWC-Privacy
Webcakes-App-Name
X-Request-Time
Selected-Fe
Cache-Name
X-ProxyCache-Key
TWC-GeoIP-Country
X-Pubstack
X-Origin-Date
X-Origin-Hint
Decoy-Debug-Status
X-Proto
X-Proxy-Build
X-Redis-Cache
X-ProxyCache-Status
X-UA-Device-Type
X-PHP-Host
X-Labrador-Cache-Channel
Decoy-Debug-Key
TWC-Connection-Speed
Decoy-Debug-TTL
Fastly-SSL
TWC-Device-Class
Property-Id
X-MP-GENERATED-AT
Azure-SiteName
Azure-RegionName
X-Access
X-AIR-PT
Azure-InstanceId
Azure-SlotName
Azure-Version
X-Sql-Count
X-S-Maxage
X-WA-Info
X-Adobe-Content
X-Adobe-Loc
X-Sql-Duration-Ms
X-Hosted-By
X-Via-Fastly
X-PCL
X-OCL
X-No-Session
X-Loop
X-Say-Cacheable
X-TNCMS
X-SayCDN-TTL
X-FW-Version
X-Format
X-Say-TTL
X-Server-W
X-Section
X-ApacheServer
X-AWS-Id
X-VWS-Id
X-LAGOON
X-PERF
X-LJ-Flow-ID
X-R9-Blue-Green-Version
X-Status
X-ShardId
X-Cache-TTL-Remaining
Mn-Server-Ip
X-Shopify-Stage
X-ShopId
X-Storefront-Renderer-Rendered
X-Sorting-Hat-PodId
X-Cluster
X-Via-CDN
X-Sorting-Hat-ShopId
X-Alternate-Cache-Key
X-Nginx-Cache
X-Qloud-Router
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-CCM
X-Rendered-As
X-Xfnlog-Site
X-Device-Type
X-Is-Bot
X-FTR-Backend
X-FTR-DC
X-Debug-IsConnected
X-FTR-Cache-Status
X-Country-Code-Real
X-Debug-IsPreview
X-FTR-Balancer
X-FTR-Realm
S-Cnection
X-Ratelimit-Remaining
Cache-Hits
X-FTR-Backend-Server
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-FTR-Expires
X-Info
Apigw-Requestid
X-Cdn
X-Detected-As
X-Varnish-Grace
X-Varnish-Server
X-Dc
X-EdgeConnect-Cache-Status
X-Cache-Var-Map
X-Cache-Enabled
X-Cache-Var
X-Amzn-RequestId
X-Air-Hostname
X-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Microcachable
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-GG-Cache-Date
X-Content-Age
X-Aspnetmvc-Version
X-Unique-Id
Amp-Access-Control-Allow-Source-Origin
X-Platform
X-SRV
Tracecode
SD-X-WS
X-GEO
X-Azure-Ref
X-Backend-Host
X-DynaTrace-JS-Agent
Uber-Trace-Id
X-TA-CDN-Provider
X-CSRF-Token
X-Time-Microsecs
X-Proxy-Cache-Status
X-Backend-TTL
X-ServerID
X-Cache-Backend
X-NWS-UUID-VERIFY
Akamai-GRN
X-Oss-Server-Time
X-Oss-Storage-Class
Backend
X-Oss-Request-Id
X-Oss-Object-Type
X-ATG-Version
X-Oss-Hash-Crc64ecma
X-Tb
X-BCube-Filmed-By
X-Correlation-ID
X-Oracle-Dms-Rid
X-Trace-Id
DSUID
X-Dynatrace
X-APP-VERSION
X-Erf-Stays-Bingo-Pdp-Web
ServedBy
X-Akamai-Transformed
X-Varnish-Hostname
X-RCS-CacheZone
X-NewRelic-App-Data
Pramga
X-Cache-NGX
Path
X-Cache-PHP
Release
MD5-Digest
DCR-Decision-By
BehaviorPad-Version
DCR-Processing-Time-Ms
Expiry
Rendered-Blocks
Instruction
Lfy
Mobile-Detection-Method
Meta-Geo-Continent
Fastcgi-X-Cache-Version
Machine
Odigeo-Trace-Id
X-CF-Lambda-Fn
X-Request-UUID
X-Processor
X-Rewrite-Enabled
X-Rojux
X-S
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Location
X-Level-Front-Cache
X-Matched-Rule
X-Origin-CC
X-Origin-TTL
X-S-Cookie
X-ScT
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Session-Fingerprint
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-GeoIP-City
X-Generation-Time
X-A-Dcw
X-A-Dam
X-A-Dgt
X-A-Wwc
X-Aed
X-A-Ccd
X-A
T-Server
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
X-Application
X-ARC
X-External-Request-Id
X-Device-Os
X-Fetched-On
X-From
X-Generated-On
X-D
X-Connection-Hash
X-B-Cookie
X-Cache-NE
X-Varnish-Cache-Hits
X-CF-Lambda-Version
SR-User-Adfree
X-Destination
Arc-Version
X-Sucuri-ID
PB-PID
X-Magnolia-Registration
PB-RID
X-Debug-Cache
HostName
X-VServer
X-Bip
Gh-Request-Id
X-Azure-Ref-OriginShield
X-Cache-Bucket
Fastly-Backend-Name
Host-ID
X-Cdn-Origin
C-Via
Cache-Host
CacheControlHeader
X-SVT-ORM-RULES
UCS
X-Tumblr-Pixel-3
X-B3-Traceid
Ssr
Pagetype
X-TrackingId
X-Thanos
X-Sn-Servicetimems
AKAMAI
X-SVT-ORM-VERSION
X-Swa-Ws
X-Skip-Cache
Cf-Device-Type
X-Irp-Debug
X-Is-Gdpr
X-JWT-State
X-HS-Content-Campaign-Id
X-GeoIP
X-Owner
X-Geo-Header
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-OVcl
X-OVcl-Cache
X-Ms-Request-Id
X-Ms-Version
X-Node-Id
X-Origin-Response-Time
X-Reqid
X-Has-Esi
X-FC-Vary-Parameters
X-App-Version
X-B3-SpanId
X-Origin-Expires
X-User
X-Request-Host
Wxu-Next-Hostname
Wxu-Next-Commit
X-Fastly-Cache
X-Nginx-Cache-Key
X-Policy
Sever-Int
Server-Hostname
Server-Ext
X-Varnish-Beresp-Grace
X-Var-Ttl
X-CUA
X-Developers
X-Eu-Site
X-Developer
X-Cdn-Forward
X-CGP
X-Generated-By
X-Clientip
X-Scheme
X-Cache-Date
X-Cache-Tags
X-Cache-Info
X-NAPM-TraceId
X-Fastly-Backend
X-Backend-State
X-Varnish-Hits
X-Core-Value
X-Csrf-Jwt
X-Adobe-Source
X-IP
X-HN
X-Cms-Context
X-Generated-In
Wxu-Next-Region
On-Server
Location
X-Wikidot-Static-Cache
NGX
CloudFront-Viewer-Country
Ha-Gx-Prefs
X-Wikidot-Backend
Server-Host
Magicmarker
HA-Ipaddr
X-VarnishDD-TTL
DB-Nickname
Content-Disposition
X-TX-ID
L
PFcat
L5d-Success-Class
Locid
X-ID
User-Cache-Control
X-Clara-WADP
X-WADP-Cache
X-Cache-Expires
X-DefElseHash
Fastly-Drupal-HTML
X-CS
X-Origin
X-Branch-Name
X-Cache-Id
X-Hnp-Log
X-Goog-Meta-Goog-Reserved-File-Mtime
NM-Fastcgi-Cache
X-Envoy-Decorator-Operation
X-Gen-Mode
Is-Eu
X-Fmm-Version
Adler-Geo
Platform
X-Old-Content-Length
Fastly-SIE
V-Age
Cf-Bgj
X-GoCache-CacheStatus
X-Request-URI
CDCHOST
X-Hash
X-Rebelmouse-Surrogate-Control
X-Varnish-CookieINHashed-On
Web-Mar-Node
X-Gzip
X-Esi-Check
IsBot
Fastly-SWR
X-Ratelimit-Reset
X-Varnish-Remaining-TTL
Origin
X-Li-Pop
X-Li-Fabric
X-Varnish-Beresp-Status
X-Varnish-Beresp-Ttl
X-NU-AKA-ACS-Version
X-Rebelmouse-Cache-Control
X-Slack-Backend
X-Gamma-Serve
Rt-Fastcgi-Cache
X-Variation
X-Block-Status
X-DefHash
X-Servername
X-Loc
X-Dispatcher-Server
X-Platform-Server
X-Varnish-CookieHashed-On
X-SIPLIST1
X-DPWN-IS-SECURE
X-Method
X-LI-UUID
CDN-Uid
CDN-RequestCountryCode
Vix-Hermes-Req-Id
True-Client-Country-4JS
CDN-RequestId
X-Core-Mission
CDN-EdgeStorageId
CDN-CachedAt
X-Cache-Debug
CDN-PullZone
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Handled
Apple-News-Services-Host
CDN-Cache
X-Request-Start
X-EC-Lua
X-Aicache-OS
X-PF-Uncompressing
X-Cache-Remote
X-NCache
X-LB-ID
X-Mvc-Supplant-OutputCached
X-NC
Url
X-Varnish-Url
X-CACHE-GROUP
X-Refresh
Sid
Esi-Enabled
X-Via-Popv
X-Via-Popn
S-Rt
X-Varnish-Cacheable
X-Via-Poph
X-Response-By
X-Proxy-Cachei7
X-Host-Name
Xkeyi7
Pics-Label
X-FireWall-Protection
X-Webkit-CSP-Report-Only
X-B3-Spanid
X-Srv
X-Nc
X-Unique-ID
Who
X-BBXSRF
X-Epic-Correlation-Id
X-Tb-Optimization-Total-Bytes-Saved
N-Cache
Country-Code
X-DC
Ohc-File-Size
Cross-Origin-Window-Policy
Req-Svc-Chain
X-Webkit-Csp
X-RateLimit-Limit
Content-Secure-Policy
X-Cache-2
X-Error
X-TraceId
X-Sucuri-Cache
D-Cc-Upstream
X-Cc-Req-Id
X-Planisys-CDN-TTL
X-Cache-ASPX
X-CACHE-KEY
X-Cc-Via
X-Contensis-Viewer-Groups
Server-Ttl
X-Planisys-CDN-Cache
Source
X-Planisys-CDN-Rules
X-Varnish-Authentication
X-Wa
HitType
CACHE
Cteonnt-Length
X-Servedbyhost
X-HS-Status
X-Svr
MIME-Version
X-CDN-Forward
Geoip-Latitude
Kp-EeAlive
GeoIp-Country-Code
X-Server-IP
X-LiteSpeed-Cache-Control
Cmstype
Cmsid
X-Cs
X-URL
X-Origin-Time
X-Nyt-Route
X-FPC
X-Gdpr
X-Cache-Config
X-API-Version
X-Served-From
Svr
Geo-Info
VivaBuild
Cache-Key
A
Viewtype
X-Esi
Server-ID
X-SN
X-LI-Proto
X-VC
SID
Ohc-Cache-HIT
X-RAMCache
Hostname
X-VCL-Version
X-Webstats-RespID
X-SB
X-NodeID
X-Vcl-Version
Resin-Trace
M-TraceId
Filterid
NtCoent-Length
X-NGINX-Cache
X-HOST
X-Check-Cacheable
X-Air-Source
TDXMobile
Request-ID
Server-Id
X-Vgn-Hpd-Reason
X-Li-Proto
Arc-Country
X-SD-PageType
Cross-Origin-Opener-Policy
X-UA
X-TIM-N
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-DW
X-DB
X-Internal-Host
GeoIP-Country-Code
GeoIP-Latitude
X-DI
X-DSS
X-RSL
X-RPS
X-RPM
Cache-Provider
XServer
X-Render-Time
X-Viewer-Country
X-TIME
Srv
NGB
X-App
X-Vc
EpKe-Alive
X-BBC-Edge-Cache-Status
X-Ua
X-HostName
X-Newrelic-Synthetics
X-ServedByHost
X-CF-Powered-By
X-Action
ProcessTime
Processtime
X-Service
X-Auto-Login
X-WA
X-Worker
Mime-Version
X-FTR-Cache-Host
Tcn
Upgrade-Insecure-Requests
X-Fpc
X-Oss-Cdn-Auth
X-Dynatrace-Js-Agent
X-PHP-Backend
X-CLOUD-TRACE-CONTEXT
X-JoinUs
X-SaId
X-NGENIX-Cache
DataCenter
X-Ftr-Cache-Host
Datacenter
X-Cluster-Node
X-Edge-Location
CDN
X-FORWARDED-FOR
X-Via-NSCOPI
X-Parent-Response-Time
Proxy-Connection
FSS-Cache
X-Extlb
X-Forwarded-Site
X-Geo
X-CSRF-TOKEN
X-HITS
X-Cdn-Request-ID
CF-Cached-On
W
X-Dw-Trace-Id
X-Provided-By
X-BACKEND-TTL
X-Fastly-Backend-Reqs
X-MSEdge-Features
X-BBC-Origin-Response-Status
Cdn
X-MSEdge-Flight
X-Client-Ip
X-Swift-Error
X-CACHE-AGE
OT-Force-Account-Verify
X-Flog
X-ABtesting
We-Hiring
X-IN-APIGATEWAYSSL
X-Proxy-Upstream
X-Hello
X-Cache-Tag
X-IN-APIGATEWAY
PICS-Label
X-VC-Cache
X-Req
X-Region-Sid
X-Depends-On
X-PJAX-URL
X-Fastly-Request-Id
Surrogated-Key
Memcached
Mail-Subject
X-Accel-Expires-Debug
LB
Dnion-Transfer-Encoding
X-Bc-Bl
X-Date
X-Akamai-Pragma-Client-IP
Env
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-RateLimit-Remaining-Second
X-Pad
X-RateLimit-Limit-Second
Media-Length
X-UnsetCookies
X-Zone
X-ND-Cache
X-MG-S
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-Via-PopN
X-Via-PopH
X-Via-PopV
Vha6-Origin
X-Pf-Uncompressing
X-Acquia-Site
X-LiteSpeed-Tag
Time
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
Memory
X-MiniProfiler-Ids
X-Air-Trace-Id
X-Men
X-APP
Epwk-X-Cache
X-Lb-Id
WZWS-RAY
X-Acquia-Application-UUID
X-ZONE
Xet-Cookie
Cf-Ipcountry
X-Akamai-ERRuleID
X-Vcache
X-Akamai-ERPolicy
URI
X-Ms-Meta-Originalurl
X-ElasticPress-Query
X-ElasticPress-Search
VNS-Age
VNS-Cache
CPC-Cache
CPC-Age
X-Varnish-URL
X-Ms-Meta-Staticbatchstarttime
X-Csrf-Token
X-Varnish-Beresp-TTL
X-Request-URL
X-Request-Url
X-Snapshot-Date
CountryCode
Environment
X-Amz-Meta-Cb-Modifiedtime
Ohc-Response-Time
X-Litespeed-Cache-Control
X-Storefront-Renderer-Verified
X-Tid
NnCoection
X-Redis-Count
X-Debug-Cache-Store
X-ServerName
Phost
X-Debug-Cache-Fetch
X-C
X-Redis-Duration-Ms
X-Traceid
Inserted-Into-Cache-At
X-B3-Parentspanid