Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Request-ID
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Amz-Version-Id
NEL
X-Device
X-CST
Allow
X-Vhost
X-WebKit-CSP
X-Host
Xkey
X-Backend-Server
X-Server-Id
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
Request-Id
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Akam-SW-Version
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
Accept-Ch
X-Application-Context
X-Ac
X-Cache-Lookup
X-Country
X-Template
X-Language
Accept-CH-Lifetime
X-Mod-Pagespeed
Accept-CH
X-Readtime
Accept-Ch-Lifetime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Rating
X-Origin-Cache
X-HW
X-Cnection
X-MS-InvokeApp
X-Url
X-TtlSet
X-PC
X-Vname
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-Trace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Middleton-Response
Display
Pagespeed
X-Middleton-Display
X-Sol
Response
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Kinja-Revision
X-Kinja-Build
X-Kinja
Verso
X-Vcap-Request-Id
X-Varnish-TTL
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-TTL
X-FastCGI-Cache
X-Buckets
X-Navigation-Version
X-Server-Name
X-Powered-By-Plesk
Service-Worker-Allowed
X-VARITI-CCR
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
X-Webkit-CSP
X-Client-IP
X-Cache-TTL
Fastly-Restarts
X-Cached
Pinterest-Generated-By
X-Pinterest-Rid
Pinterest-Version
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-Oneagent-Js-Injection
X-NF-Request-ID
SPIisLatency
SPRequestDuration
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
X-B3-TraceId-Primal
RTSS
Access-Control-Request-Method
AR-CACHE
AR-PoweredBy
Ar-Sid
AR-Request-ID
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
Cache-Tag
X-Litespeed-Cache
X-Upstream
Content-MD5
X-Origin-Upstream-Status
Fusion-Deployment-Id
Fusion-Source
X-HP-Webp
X-Jurisdiction
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
X-Px
Fusion-Content-Id
S
X-Version
X-MCACHE
X-Mid
X-ECACHE
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
Fastcgi-Cache
X-T
X-Amz-Server-Side-Encryption
X-DynaTrace
Cache-Tags
X-Id
MicrosoftSharePointTeamServices
Filters
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Accel-Expires
Front-End-Https
X-Ttl
Server-Node
Edge-Cache-Tag
X-Forwarded-Proto
X-Debug
X-Grace
X-Correlation-Id
X-Forwarded-For
TP-Cache
TCN
TP-L2-Cache
Server-Name
Nginx-Cache
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Request-Processing-Time
Surrogate-Key
X-Request-Received
X-Hits
X-Shield-Request-Id
X-Varnish-Age
X-B3-Sampled
X-Request-Handler-Origin-Region
X-Microsite
X-Yandex-Sdch-Disable
X-Ser
X-Pinterest-Direct
X-Az
X-AppVersion
X-Activity-Id
X-Ruxit-Js-Agent
X-Amz-Replication-Status
X-XRDS-Location
X-Fastcgi-Cache
X-F-Cache
X-XRDS-LOCATION
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-DIS-Request-ID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
Accept-Charset
X-Geo-Country
Alternate-Protocol
X-Git-Hash
X-Cache-Key
X-Rid
X-Respond-Thread
Nel
X-Frontend
X-Time
Section-Io-Cache
Host
Cache
X-LB-Cache
X-Upgrade-Enabled
X-NWS-LOG-UUID
X-FTR-Request-ID
X-DataDome
Access-Control-Allow-Method
X-Mobile-URL
X-Seen-By
MS-CV
X-Server-ID
X-VCache
Paypal-Debug-Id
X-Cache-Age
X-TT
X-IPLB-Instance
ServerID
X-AOL-HN
Healthy
X-Content-Options
X-Type
X-Varnish-Backend
X-Hostname
X-Whom
Payment
X-Flags
X-Is-Crawler
X-Source
X-Providence-Cookie
Cleartype
X-Request-Guid
X-App-Environment
X-Route-Name
X-Aspnet-Duration-Ms
X-B-Cache
X-Cache-Action
X-Signature
X-Page-Id
Powered-By-ChinaCache
X-Debug-Info
X-Jobs
Fastcgi-Useragent
X-Daa-Tunnel
X-WebKit-CSP-Report-Only
X-Load-Cache
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-N
X-FB-Debug
X-RateLimit-Remaining
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Contextid
X-Via-JSL
Realpath
Refresh
Node
Version
X-Rule
X-Original-Request-Id
X-Response-Served-From
X-Drupal-Cache-Tags
X-Accel-Buffering
X-Wix-Request-Id
X-Framework
X-RTag
DC
X-Zen-Fury
Ms-Operation-Id
X-Cacheable-TTL
X-Proxy
X-Cached-By
X-Akamai-Edgescape
X-ProcessESI
X-RemovedCookies
Viewport
X-HTML-Minification-Powered-By
X-B
X-Instance
X-Real-IP
X-Cache-Time
Access-Control-Request-Headers
X-Distributor
Referer-Policy
X-Cache-Rule
X-Cache-Operation
X-Drupal-Cache-Contexts
Eomportal-Instance
X-UUID
X-Cluster-Name
X-Page-View
X-Cache-Expired-At
X-Region
X-Cache-Control
X-Content-Powered-By
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-FW-Server
X-FW-Hash
VIX-Pulpo-Node
X-FW-Serve
X-FW-Static
X-FW-Type
Countrycode
VIX-Pulpo-Upstream-Status
X-FW-Dynamic
X-Yottaa-Metrics
X-Yottaa-Optimizations
Liferay-Portal
X-IPS-LoggedIn
X-Cache-Hit
X-G
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FireWall-Port
X-Tumblr-User
X-Environment-Context
X-Pass-Why
X-L-Path
DynaTrace
X-App-Server
Server-Info
CF-IPCountry
Xserver
X-User-Agent
GEO-INFO
X-Protected-By
SRV
Ec-Rule-Version
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-Tumblr-Pixel-2
Webserver
From-Origin
X-Ratelimit-Limit
X-Www-Served-By
X-Nginx-Cache
X-Debug-IsPreview
X-Debug-IsConnected
Protected
X-Node-Name
X-UPSTREAM-Address
X-Mode
X-RN-RSRV
X-Device-Type
X-Endurance-Cache-Level
Meta-Geo
X-ES-SERVER
X-Hl-Ver
X-Handled-By
X-Cache-Server
X-Site-Version
X-FB-TRIP-ID
X-Backend-Name
X-Uri
X-MP-GENERATED-AT
X-Locale
Cache-Tv-Group
X-Adobe-Loc
X-Adobe-Content
X-Storage
X-Be
X-PHP-Host
X-Soup
X-UA-Device-Type
X-Labrador-Cache-Channel
X-NYM-Debug-Backend
X-Varnish-Ttl
Frame-Options
X-Web-Node
Cache-Status
X-Varnishpool
Country
X-No-Session
Cache-Name
X-OCL
Decoy-Debug-Key
Fastly-SSL
Selected-Fe
X-BYPASS-REASON
X-Origin-Hint
X-Human
X-Origin-Date
Decoy-Debug-Status
X-ProxyCache-Status
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-WA-Info
X-Via-Fastly
X-Pubstack
X-ProxyCache-Key
X-Proxy-Build
X-Proto
X-Redis-Cache
X-Request-Time
X-Timing-Wait
X-Sql-Duration-Ms
X-Sql-Count
X-PCL
Decoy-Debug-TTL
X-Ratelimit-Remaining
Azure-Version
X-SayCDN-TTL
Azure-SlotName
X-Say-TTL
Azure-SiteName
X-R9-Blue-Green-Version
Azure-RegionName
X-Say-Cacheable
X-S-Maxage
X-FW-Version
X-AIR-PT
X-LJ-Flow-ID
X-Hosted-By
Retry-After
X-Loop
X-LAGOON
X-Hyper-Cache
X-Server-W
Azure-InstanceId
X-Access
X-TNCMS
X-Section
X-AWS-Id
X-VWS-Id
X-Format
X-Varnish-Grace
X-Cache-TTL-Remaining
X-Cache-Grace
X-Status
X-PERF
X-Webkit-Csp
X-Forwarded-Host
X-Alternate-Cache-Key
X-Sorting-Hat-PodId
X-CCM
X-Cluster
X-Xfnlog-Site
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-ShardId
X-ShopId
X-ApacheServer
X-Shopify-Stage
X-Revision
Mn-Server-Ip
X-TT-LOGID
Apigw-Requestid
X-Proxied
X-Routing-Service
X-Zipkin-Id
X-Rendered-As
X-Varnish-Server
X-Is-Bot
X-SRV
X-Qloud-Router
X-Info
X-GG-Cache-Date
S-Cnection
X-Tec-Api-Root
X-Tec-Api-Origin
X-Tec-Api-Version
X-Cdn
X-Via-CDN
X-Cache-Enabled
X-Microcachable
X-FTR-DC
X-Amz-Meta-S3cmd-Attrs
AMP-Access-Control-Allow-Source-Origin
Cache-Hits
X-Content-Age
X-FTR-Cache-Status
X-FTR-Realm
X-FTR-Balancer
X-FTR-Backend-Server
X-Dc
X-FTR-Backend
X-Country-Code-Real
X-TA-CDN-Provider
X-Platform
X-Proxy-Cache-Status
Uber-Trace-Id
X-Detected-As
X-App-Version
X-Azure-Ref
X-NWS-UUID-VERIFY
Amp-Access-Control-Allow-Source-Origin
X-Cache-Host
X-Backend-Host
X-Aspnetmvc-Version
X-Amz-Apigw-Id
X-CSRF-Token
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-EdgeConnect-Cache-Status
X-FTR-Expires
X-Air-Hostname
Akamai-GRN
Tracecode
X-ATG-Version
SD-X-WS
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Object-Type
X-Time-Microsecs
X-Oss-Storage-Class
X-Oss-Request-Id
X-Cache-Var
X-Cache-Var-Map
X-Trace-Id
X-Backend-TTL
ServedBy
X-RCS-CacheZone
X-B3-SpanId
X-ServerID
X-Unique-Id
X-Debug-Cache
X-CS
X-BCube-Filmed-By
X-Cache-PHP
X-Correlation-ID
X-Varnish-Hostname
X-Cache-NGX
X-Tb
HostName
X-Akamai-Transformed
Backend
X-GEO
X-DynaTrace-JS-Agent
DB-Nickname
X-TX-ID
DCR-Processing-Time-Ms
Odigeo-Trace-Id
Instruction
MD5-Digest
Expiry
BehaviorPad-Version
DCR-Decision-By
Meta-Geo-Continent
Machine
Fastcgi-X-Cache-Version
Mobile-Detection-Method
T-Server
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Request-UUID
X-Rojux
X-Rewrite-Enabled
X-Owner
X-Origin-TTL
X-Level-Front-Cache
X-GeoIP-City
X-Location
X-NAPM-TraceId
X-Origin-CC
X-S
X-S-Cookie
X-VG-WebServer
X-VG-WebCache
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-Vdms-Version
X-Vdms-Path
X-Session-Fingerprint
X-ScT
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-Generation-Time
X-Generated-On
X-A-Dam
X-A
X-A-Dcw
X-A-Dgt
X-A-Wwc
Thinkindot-Control
Thinkindot-CacheControl-Type
Rendered-Blocks
Release
SR-User-Adfree
X-Ms-Version
Thinkindot-CacheControl
X-Aed
X-Application
X-Device-Os
X-Destination
X-External-Request-Id
X-Fetched-On
X-From
X-D
X-Connection-Hash
X-B-Cookie
X-ARC
X-Cache-NE
X-CF-Lambda-Fn
X-CF-Lambda-Version
Path
X-A-Ccd
DSUID
X-Ms-Request-Id
X-Sucuri-ID
X-Magnolia-Registration
X-Adobe-Source
X-Cms-Context
UCS
X-Core-Value
X-B3-Traceid
X-Cache-Bucket
X-Cache-Backend
X-Azure-Ref-OriginShield
X-Bip
PB-RID
NGX
Host-ID
Gh-Request-Id
Fastly-Backend-Name
X-NewRelic-App-Data
On-Server
X-Fastly-Cache
PB-PID
Pagetype
Server-Host
X-FC-Vary-Parameters
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Skip-Cache
X-OVcl-Cache
X-Thanos
X-TrackingId
X-Cdn-Forward
X-VServer
X-EC-Lua
X-Tumblr-Pixel-3
X-OVcl
X-Node-Id
X-HS-Content-Campaign-Id
X-Has-Esi
X-GeoIP
X-Geo-Header
X-Irp-Debug
X-Is-Gdpr
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-JWT-State
Content-Disposition
X-Reqid
AKAMAI
Arc-Version
CacheControlHeader
X-Varnish-Cache-Hits
Cf-Device-Type
C-Via
User-Cache-Control
X-Eu-Site
X-Fastly-Backend
X-Esi-Check
X-Envoy-Decorator-Operation
X-Dispatcher-Server
X-DPWN-IS-SECURE
Wxu-Next-Region
X-Fmm-Version
X-Generated-In
Sever-Int
X-Generated-By
X-Gen-Mode
Wxu-Next-Hostname
Wxu-Next-Commit
X-Developer
X-DefHash
X-CGP
X-Nginx-Cache-Key
X-Policy
X-Branch-Name
X-Cache-Info
X-Cache-Id
X-Clara-WADP
X-Clientip
X-CUA
X-Backend-State
X-Block-Status
X-Csrf-Jwt
X-Developers
X-Cache-Tags
Server-Ext
X-Rebelmouse-Surrogate-Control
X-Request-Host
X-VarnishDD-TTL
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Origin-Expires
X-Origin-Response-Time
X-Platform-Server
X-Varnish-Remaining-TTL
X-Scheme
X-Var-Ttl
X-User
X-Swa-Ws
X-Variation
X-Varnish-Beresp-Grace
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-Origin
X-Old-Content-Length
X-Hnp-Log
Magicmarker
Locid
X-HN
X-Gzip
Adler-Geo
X-GoCache-CacheStatus
X-IP
X-Li-Fabric
X-Wikidot-Backend
X-WADP-Cache
X-NU-AKA-ACS-Version
X-Matched-Rule
X-LI-UUID
X-Li-Pop
X-Wikidot-Static-Cache
Server-Hostname
X-DefElseHash
Is-Eu
Platform
PFcat
CDCHOST
CDN-RequestCountryCode
CDN-RequestId
V-Age
Fastly-SIE
Ssr
Fastly-SWR
CDN-Cache
L5d-Success-Class
CDN-Uid
Ha-Gx-Prefs
HA-Ipaddr
Location
Lfy
CDN-PullZone
CDN-CachedAt
CDN-EdgeStorageId
NM-Fastcgi-Cache
Web-Mar-Node
Cache-Host
X-ID
X-Request-URI
L
Rt-Fastcgi-Cache
X-Slack-Backend
X-Cache-Debug
X-VG-TLSProxy
CloudFront-Viewer-Country
X-LB-ID
Cf-Bgj
IsBot
X-Hash
X-Varnish-Hits
X-Gamma-Serve
True-Client-Country-4JS
X-Varnish-Beresp-Status
X-Method
X-Varnish-Beresp-Ttl
Vix-Hermes-Req-Id
X-SIPLIST1
X-CLOUD-TRACE-CONTEXT
X-Goog-Meta-Goog-Reserved-File-Mtime
Apple-News-Services-Host
Apple-News-Services-Handled
Pramga
X-Loc
Origin
Esi-Enabled
X-Cdn-Origin
Apple-News-Services-Request-Url
X-Aicache-OS
Apple-News-Services-Parsed-Url
X-Sn-Servicetimems
X-Cache-Expires
Fastly-Drupal-HTML
X-CACHE-KEY
Who
X-Nc
X-APP-VERSION
Country-Code
X-Servername
X-PF-Uncompressing
X-Via-Popv
X-Via-Popn
X-Via-Poph
X-NCache
X-Cache-Date
Sid
X-Mvc-Supplant-OutputCached
X-Unique-ID
X-Core-Mission
Pics-Label
X-Varnish-Url
X-Refresh
X-Request-Start
X-Epic-Correlation-Id
Geo-Info
X-RateLimit-Limit
Url
X-Planisys-CDN-Rules
X-FireWall-Protection
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-NC
X-Tb-Optimization-Total-Bytes-Saved
X-Erf-Stays-Bingo-Pdp-Web
Req-Svc-Chain
Tcn
Filterid
X-TraceId
Cmstype
Cmsid
X-Varnish-Cacheable
X-Error
X-DC
X-Response-By
X-Cache-Remote
X-Served-From
X-Proxy-Cachei7
Kp-EeAlive
Source
Xkeyi7
Svr
X-Webkit-CSP-Report-Only
S-Rt
Cache-Key
HitType
X-HS-Status
VivaBuild
N-Cache
MIME-Version
Server-Ttl
A
Viewtype
X-BBXSRF
Content-Secure-Policy
X-Srv
X-B3-Spanid
X-Servedbyhost
NGB
GeoIp-Country-Code
X-Cache-2
M-TraceId
X-Wa
Geoip-Latitude
X-URL
X-Cache-ASPX
X-Varnish-Authentication
Ohc-File-Size
Cross-Origin-Opener-Policy
TDXMobile
Cteonnt-Length
Arc-Country
D-Cc-Upstream
X-Air-Source
X-Dynatrace
Cross-Origin-Window-Policy
X-CDN-Forward
X-Vcl-Version
X-HostName
X-Host-Name
X-LiteSpeed-Cache-Control
X-Sucuri-Cache
X-Contensis-Viewer-Groups
X-Cc-Req-Id
X-Cc-Via
Server-ID
X-LI-Proto
X-Vgn-Hpd-Reason
X-Svr
X-Esi
NtCoent-Length
SID
CACHE
X-RAMCache
X-Server-IP
X-Vc
X-Li-Proto
X-HOST
X-Origin-Time
X-SaId
Hostname
X-Nyt-Route
X-Cache-Config
Request-ID
X-Gdpr
Resin-Trace
X-Service
X-FPC
X-VCL-Version
X-JoinUs
X-Internal-Host
X-NGENIX-Cache
X-API-Version
X-PHP-Backend
X-UA
X-Geo
X-Edge-Location
X-Check-Cacheable
X-DI
X-CCDN-CacheTTL
GeoIP-Latitude
GeoIP-Country-Code
X-DSS
X-DW
X-WA
X-VC
X-Cs
X-RSL
Cache-Provider
X-DB
X-SN
X-ServedByHost
X-CCDN-Origin-Time
X-Newrelic-Synthetics
X-Viewer-Country
X-TIM-N
X-Hcs-Proxy-Type
X-RPS
X-RPM
CF-Cached-On
Ohc-Cache-HIT
DataCenter
FSS-Cache
X-Webstats-RespID
Server-Id
X-SB
X-Via-NSCOPI
X-NodeID
X-App
X-Extlb
X-Forwarded-Site
XServer
X-Action
ProcessTime
Mime-Version
X-SD-PageType
X-Bc-Bl
X-Proxy-Upstream
Surrogated-Key
X-Render-Time
X-Date
X-Fpc
We-Hiring
X-Depends-On
X-CF-Powered-By
Memcached
X-Region-Sid
X-NGINX-Cache
X-BBC-Edge-Cache-Status
X-Req
X-Accel-Expires-Debug
X-VC-Cache
Mail-Subject
X-Oss-Cdn-Auth
Srv
LB
X-Dynatrace-Js-Agent
X-Provided-By
X-Swift-Error
X-ZONE
Upgrade-Insecure-Requests
W
X-RateLimit-Remaining-Second
Env
X-UnsetCookies
X-RateLimit-Limit-Second
X-FORWARDED-FOR
EpKe-Alive
X-PJAX-URL
X-FTR-Cache-Host
X-Cdn-Request-ID
X-Oracle-Dms-Rid
X-MSEdge-Flight
X-Ftr-Cache-Host
X-BACKEND-TTL
CDN
Cdn
X-Rocket-Build-Number
X-Ua
X-Auto-Login
X-Dw-Trace-Id
X-Sigma
X-Sigma-Backend
X-TIME
X-Men
X-Air-Trace-Id
X-Worker
X-MSEdge-Features
X-APP
Processtime
X-CSRF-TOKEN
X-Client-Ip
Datacenter
X-CACHE-AGE
CPC-Age
X-Parent-Response-Time
X-ABtesting
VNS-Age
VNS-Cache
Proxy-Connection
CPC-Cache
Time
X-Cluster-Node
X-Hello
X-Fastly-Backend-Reqs
X-Fastly-Request-Id
X-Flog
Memory
Dnion-Transfer-Encoding
X-Cache-Tag
X-Akamai-Pragma-Client-IP
X-Pad
Media-Length
PICS-Label
X-Acquia-Application-Trace
X-Acquia-Purge-Tags
X-Acquia-Site
Vha6-Origin
X-Zone
X-BBC-Origin-Response-Status
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
X-Pf-Uncompressing
X-Acquia-Application-UUID
X-LiteSpeed-Tag
Epwk-X-Cache
X-Snapshot-Date
X-HITS
X-Via-PopH
X-Via-PopV
X-Via-PopN
Cf-Ipcountry
X-Ms-Meta-Staticbatchstarttime
X-Vcache
X-ElasticPress-Search
X-Ms-Meta-Originalurl
X-Akamai-ERRuleID
X-Lb-Id
My-App
State
Fastcgi-Cache-TTL
X-Request-Url
X-Varnish-URL
Xet-Cookie
X-Csrf-Token
X-Akamai-ERPolicy
OT-Force-Account-Verify
X-Request-URL
X-Varnish-Beresp-TTL
X-MiniProfiler-Ids
X-ElasticPress-Query
X-ServerName
CountryCode
X-Litespeed-Cache-Control
X-Traceid
Content-Style-Type
Content-Script-Type
Ohc-Response-Time
Phost
X-Minions-Version
X-Pjax-Url
X-Cache-Status-Check
X-Apw-Hits
X-Apw-Access-Object
X-Apw-Access-Token
X-Apw-Access-Action
X-Redis-Count
X-Storefront-Renderer-Verified
NnCoection
X-Debug-Cache-Fetch
X-C
X-Debug-Cache-Store
WZWS-RAY
Inserted-Into-Cache-At
X-B3-Parentspanid
X-Amz-Meta-Cb-Modifiedtime
X-Redis-Duration-Ms
X-ND-Cache
X-Tid
Environment
URI