Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
X-AspNetMvc-Version
Feature-Policy
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
X-Swift-SaveTime
X-Swift-CacheTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Amz-Version-Id
NEL
X-Cache-Spec
Xkey
Allow
X-Device
X-CST
X-Backend-Server
X-Vhost
X-Host
X-WebKit-CSP
EagleEye-TraceId
X-Server-Id
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Ruxit-JS-Agent
Accept-CH-Lifetime
P3p
X-ASPNET-VERSION
X-Ac
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-Readtime
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Accept-Ch
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
Accept-Ch-Lifetime
X-TtlSet
X-PC
X-Vname
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ESI
X-Trace
X-Middleton-Display
X-Middleton-Response
X-Sol
Response
Pagespeed
Display
X-FastCGI-Cache
X-Content-Type
X-D2id
X-Vcap-Request-Id
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Build
X-Exp-Id
X-Kinja
X-Cdn-Fetch
X-GoogleNews-Bot
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-ORACLE-DMS-RID
X-Country-Code
X-Server-Name
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Powered-By-Plesk
X-Webkit-CSP
X-Client-IP
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Cache-TTL
X-Kinja-Server-Push
X-SharePointHealthScore
SPRequestGuid
X-Release
X-MSEdge-Ref
Fastly-Restarts
X-Dw-Request-Base-Id
X-Element-Page-Cache
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
X-Cached
X-NF-Request-ID
Public-Key-Pins
X-TTL
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
RTSS
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
AR-PoweredBy
X-Edge
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-LLID
X-Origin-Upstream-Status
X-Ttl
X-Powered-CMS
X-Px
X-Ezoic-Cdn
Fusion-Content-Id
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Component-Id
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
Cache-Tag
X-ECACHE
X-Mid
X-MCACHE
S
X-Recruiting
X-Mg-S
X-Content-Digest
X-Version
Charset
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
Fastcgi-Cache
X-Pinterest-Direct
MicrosoftSharePointTeamServices
TCN
X-T
X-Kinsta-Cache
Front-End-Https
X-Content-Security-Policy-Report-Only
X-Debug
Filters
Cache-Tags
X-Id
X-Grace
Edge-Cache-Tag
Server-Node
X-Accel-Expires
X-Logged-In
X-Forwarded-Proto
X-Forwarded-For
X-DynaTrace
X-Correlation-Id
X-Amzn-Trace-Id
Nginx-Cache
Server-Name
X-Yandex-Sdch-Disable
Surrogate-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
TP-Cache
TP-L2-Cache
X-Varnish-Age
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Ruxit-Js-Agent
X-Ser
X-Server-ID
X-Request-Handler-Origin-Region
X-Microsite
X-Hits
X-Shield-Request-Id
X-Activity-Id
X-Az
X-DIS-Request-ID
X-AppVersion
X-Amz-Replication-Status
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-XRDS-LOCATION
X-XRDS-Location
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Metageneration
X-F-Cache
X-Goog-Generation
X-Litespeed-Cache
Accept-Charset
X-Cache-Key
X-Origin-Server
Powered-By-ChinaCache
X-Git-Hash
X-Geo-Country
X-Respond-Thread
Nel
X-FTR-Request-ID
Cache
X-Rid
X-Hostname
X-LB-Cache
X-Upgrade-Enabled
Section-Io-Cache
Alternate-Protocol
X-DataDome
X-Frontend
Access-Control-Allow-Method
Host
X-Mobile-URL
X-Cache-Age
MS-CV
Cleartype
Paypal-Debug-Id
X-Seen-By
X-AOL-HN
Healthy
X-IPLB-Instance
X-Time
X-Varnish-Backend
X-VCache
X-Content-Options
X-Type
ServerID
X-NWS-LOG-UUID
X-App-Environment
X-Whom
X-Request-Guid
X-TT
X-Route-Name
Payment
X-Cache-Action
X-Aspnet-Duration-Ms
X-Flags
X-Is-Crawler
X-Providence-Cookie
X-Jobs
X-Page-Id
X-B-Cache
X-WebKit-CSP-Report-Only
X-Signature
X-Debug-Info
Fastcgi-Useragent
X-Source
X-Fastcgi-Cache
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-N
X-Load-Cache
X-RateLimit-Remaining
X-Mobile
X-Daa-Tunnel
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-FB-Debug
X-Erf-Bev-Bev
X-Via-JSL
Version
X-Cached-By
X-Cache-Rule
X-Akamai-Edgescape
X-Cache-Operation
Refresh
X-Rule
Viewport
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
X-Proxy
X-Cacheable-TTL
X-Wix-Request-Id
DC
X-Drupal-Cache-Tags
X-Framework
X-RTag
X-RemovedCookies
Ms-Operation-Id
X-ProcessESI
Access-Control-Request-Headers
X-Zen-Fury
X-Real-IP
DynaTrace
X-Contextid
X-Instance
X-Cache-Time
Referer-Policy
X-UUID
Node
X-HTML-Minification-Powered-By
Realpath
X-Region
X-Distributor
Eomportal-Instance
X-Tt-Trace-Tag
X-Page-View
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Tt-Trace-Host
X-Drupal-Cache-Contexts
X-FW-Static
X-FW-Serve
X-FW-Hash
X-FW-Dynamic
X-FW-Server
X-FW-Type
X-Cache-Expired-At
X-Cluster-Name
Countrycode
X-B
X-Cache-Control
X-Content-Powered-By
X-L-Path
X-Environment-Context
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
X-Tumblr-Pixel
X-Tumblr-User
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-G
Liferay-Portal
GEO-INFO
X-Cache-Hit
Server-Info
X-User-Agent
X-Node-Name
X-App-Server
X-Varnish-Ttl
X-Pass-Why
From-Origin
Webserver
X-Tumblr-Pixel-2
X-FireWall-Port
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
X-Ratelimit-Limit
Ec-Rule-Version
X-Protected-By
Protected
CF-IPCountry
Xserver
X-Cache-Server
SRV
X-Revision
X-Amz-Meta-S3cmd-Attrs
X-Backend-Name
Frame-Options
X-Www-Served-By
Meta-Geo
X-RN-RSRV
X-Endurance-Cache-Level
X-Mode
X-Handled-By
X-Hl-Ver
X-UPSTREAM-Address
X-ES-SERVER
Cache-Status
X-Site-Version
X-Soup
X-FB-TRIP-ID
X-Locale
X-Hyper-Cache
X-Web-Node
X-Forwarded-Host
Country
Cache-Tv-Group
X-Be
X-Cache-Grace
X-Storage
X-Human
X-Varnishpool
X-NYM-Debug-Backend
X-Uri
X-Proto
Webcakes-App-Version
Decoy-Debug-TTL
Webcakes-Region
X-BYPASS-REASON
X-TT-LOGID
X-Redis-Cache
Fastly-SSL
X-Pubstack
X-ProxyCache-Status
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-Origin-Hint
X-Timing-Wait
X-Request-Time
X-Proxy-Build
Decoy-Debug-Status
X-PHP-Host
Azure-SlotName
Azure-Version
Cache-Name
Retry-After
Azure-SiteName
Selected-Fe
X-Origin-Date
Azure-InstanceId
TWC-Connection-Speed
Azure-RegionName
TWC-GeoIP-Country
TWC-Device-Class
X-UA-Device-Type
Property-Id
Decoy-Debug-Key
TWC-Locale-Group
TWC-GeoIP-LatLong
TWC-Privacy
Webcakes-App-Name
X-No-Session
X-Loop
X-FW-Version
X-Format
X-OCL
X-PCL
X-Hosted-By
X-AIR-PT
X-Access
X-Sql-Count
X-TNCMS
X-Server-W
X-Section
X-SayCDN-TTL
X-Via-Fastly
X-WA-Info
X-S-Maxage
X-Adobe-Content
X-Adobe-Loc
X-MP-GENERATED-AT
X-Say-TTL
X-Sql-Duration-Ms
X-Say-Cacheable
X-Status
X-Webkit-Csp
X-PERF
X-LJ-Flow-ID
X-LAGOON
X-R9-Blue-Green-Version
X-VWS-Id
X-ApacheServer
X-AWS-Id
Mn-Server-Ip
X-Cache-TTL-Remaining
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Shopify-Stage
X-Nginx-Cache
X-ShopId
X-Cluster
X-Alternate-Cache-Key
X-Storefront-Renderer-Rendered
X-ShardId
X-Zipkin-Id
X-Qloud-Router
X-Routing-Service
X-Proxied
X-CCM
X-Is-Bot
X-Via-CDN
X-Xfnlog-Site
X-Device-Type
X-Rendered-As
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Cache-Status
X-Debug-IsPreview
X-Debug-IsConnected
X-FTR-DC
X-FTR-Balancer
Cache-Hits
X-Tec-Api-Origin
X-Country-Code-Real
X-Ratelimit-Remaining
X-FTR-Realm
X-Tec-Api-Version
X-Tec-Api-Root
S-Cnection
AMP-Access-Control-Allow-Source-Origin
X-Dc
X-Info
X-FTR-Expires
Apigw-Requestid
X-Cdn
X-Detected-As
X-SRV
X-Varnish-Server
X-Varnish-Grace
X-Cache-Enabled
X-Cache-Host
X-Amz-Apigw-Id
X-Air-Hostname
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Cache-Var-Map
X-Cache-Var
X-Microcachable
X-Content-Age
X-GG-Cache-Date
X-Unique-Id
X-Aspnetmvc-Version
X-Platform
X-Azure-Ref
Tracecode
SD-X-WS
X-DynaTrace-JS-Agent
Uber-Trace-Id
X-Backend-Host
X-Time-Microsecs
X-CSRF-Token
X-Backend-TTL
X-Proxy-Cache-Status
Amp-Access-Control-Allow-Source-Origin
X-GEO
X-Cache-Backend
X-ServerID
X-NWS-UUID-VERIFY
Akamai-GRN
X-Tb
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Storage-Class
Backend
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-ATG-Version
DSUID
X-Correlation-ID
X-Trace-Id
X-BCube-Filmed-By
X-Oracle-Dms-Rid
X-Dynatrace
X-APP-VERSION
X-Varnish-Hostname
X-RCS-CacheZone
X-NewRelic-App-Data
X-Erf-Stays-Bingo-Pdp-Web
X-Akamai-Transformed
ServedBy
Thinkindot-CacheControl
T-Server
SR-User-Adfree
Rendered-Blocks
Release
Fastcgi-X-Cache-Version
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
BehaviorPad-Version
X-Cache-NGX
X-Cache-PHP
Thinkindot-CacheControl-Type
Instruction
Mobile-Detection-Method
Odigeo-Trace-Id
Meta-Geo-Continent
MD5-Digest
Lfy
Machine
Path
X-ARC
X-Rewrite-Enabled
X-Request-UUID
X-Rojux
X-S
X-S-Cookie
X-Processor
X-PBS-Appsvrname
X-Matched-Rule
X-Origin-CC
X-Origin-TTL
X-PAYTM-SRV-ID
X-ScT
X-Session-Fingerprint
X-VG-WebServer
X-Vtex-Processado-Em
X-Vtex-Remote-Cache
Xc-Version
X-VG-WebCache
X-Vdms-Version
X-SRCache-Key
X-Thinkindot-L3
X-Trv-Group
X-Vdms-Path
X-Location
X-Level-Front-Cache
X-Aed
X-Application
X-Varnish-Cache-Hits
X-B-Cookie
X-A-Wwc
X-A-Dgt
X-A
X-A-Ccd
X-A-Dam
X-A-Dcw
X-Cache-NE
X-CF-Lambda-Fn
X-Fetched-On
X-From
X-Generated-On
X-GeoIP-City
X-External-Request-Id
X-Device-Os
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
Thinkindot-Control
X-Generation-Time
Arc-Version
X-TA-CDN-Provider
X-Magnolia-Registration
PB-PID
PB-RID
X-Sucuri-ID
HostName
X-Debug-Cache
X-Cache-Bucket
X-Bip
Gh-Request-Id
X-App-Version
X-FC-Vary-Parameters
X-GeoIP
X-Geo-Header
X-Azure-Ref-OriginShield
X-Owner
Ssr
Pramga
X-Has-Esi
X-B3-Traceid
UCS
Host-ID
Pagetype
X-Is-Gdpr
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-Sn-Servicetimems
X-Skip-Cache
X-Swa-Ws
X-Thanos
X-VServer
X-Tumblr-Pixel-3
X-TrackingId
X-Reqid
X-OVcl-Cache
X-JWT-State
Fastly-Backend-Name
X-Irp-Debug
X-Micro-Cache
X-Mvc-Supplant-Cachable
X-OVcl
X-Origin-Response-Time
X-Node-Id
X-HS-Content-Campaign-Id
X-Cdn-Origin
X-Ms-Request-Id
X-Ms-Version
AKAMAI
Cf-Device-Type
CacheControlHeader
Cache-Host
C-Via
X-B3-SpanId
X-Clientip
X-CGP
X-Cms-Context
X-Csrf-Jwt
X-Core-Value
X-Developers
X-CUA
X-Developer
X-Cache-Date
Wxu-Next-Region
Wxu-Next-Hostname
Wxu-Next-Commit
X-Adobe-Source
X-Backend-State
X-Cache-Info
X-Eu-Site
X-Cache-Tags
X-Generated-By
X-Varnish-Beresp-Grace
X-Var-Ttl
X-User
X-Scheme
X-Varnish-Hits
X-VarnishDD-TTL
X-Wikidot-Backend
X-Wikidot-Static-Cache
DB-Nickname
Server-Host
X-Request-Host
X-HN
X-Generated-In
Sever-Int
X-Fastly-Backend
X-IP
X-Cdn-Forward
X-Policy
X-Origin-Expires
X-Nginx-Cache-Key
X-TX-ID
X-Fastly-Cache
Locid
Location
Magicmarker
NGX
On-Server
L
X-NAPM-TraceId
Content-Disposition
CloudFront-Viewer-Country
Ha-Gx-Prefs
HA-Ipaddr
PFcat
L5d-Success-Class
Server-Hostname
Server-Ext
User-Cache-Control
X-ID
X-DefHash
X-Hnp-Log
X-CS
X-WADP-Cache
Web-Mar-Node
X-Cache-Id
X-Method
X-DefElseHash
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
Cf-Bgj
X-Envoy-Decorator-Operation
X-DPWN-IS-SECURE
X-Fmm-Version
X-Gamma-Serve
X-GoCache-CacheStatus
X-Dispatcher-Server
X-Gen-Mode
X-Branch-Name
IsBot
X-SIPLIST1
Is-Eu
NM-Fastcgi-Cache
X-Slack-Backend
X-Varnish-Beresp-Ttl
Fastly-Drupal-HTML
Fastly-SIE
Fastly-SWR
Platform
V-Age
X-Platform-Server
X-Varnish-Remaining-TTL
X-NU-AKA-ACS-Version
Adler-Geo
X-Ratelimit-Reset
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Varnish-Beresp-Status
X-Loc
X-Origin
X-Block-Status
X-Varnish-CookieINHashed-On
Origin
CDCHOST
X-Variation
X-Li-Pop
X-Varnish-CookieHashed-On
X-Cache-Expires
X-Gzip
X-Old-Content-Length
X-Esi-Check
Rt-Fastcgi-Cache
X-Clara-WADP
X-Li-Fabric
X-LI-UUID
CDN-EdgeStorageId
Apple-News-Services-Handled
CDN-Uid
Apple-News-Services-Host
Vix-Hermes-Req-Id
CDN-RequestId
X-Servername
X-Request-Start
Apple-News-Services-Parsed-Url
True-Client-Country-4JS
X-Cache-Debug
CDN-PullZone
X-VG-TLSProxy
CDN-CachedAt
CDN-RequestCountryCode
X-EC-Lua
Apple-News-Services-Request-Url
CDN-Cache
X-Core-Mission
X-PF-Uncompressing
Sid
X-LB-ID
X-NCache
X-Aicache-OS
X-Mvc-Supplant-OutputCached
X-Cache-Remote
X-NC
X-Varnish-Url
X-CACHE-GROUP
Url
X-Refresh
X-Response-By
X-Via-Popn
X-Via-Popv
S-Rt
Esi-Enabled
X-Varnish-Cacheable
X-Via-Poph
X-CACHE-KEY
X-Proxy-Cachei7
X-Host-Name
Xkeyi7
Pics-Label
X-FireWall-Protection
X-B3-Spanid
X-Nc
X-Unique-ID
N-Cache
X-Tb-Optimization-Total-Bytes-Saved
X-Epic-Correlation-Id
Who
X-BBXSRF
Country-Code
Content-Secure-Policy
Cross-Origin-Window-Policy
Ohc-File-Size
X-Cache-2
X-Error
X-RateLimit-Limit
Req-Svc-Chain
X-Srv
X-TraceId
X-Cc-Via
X-Cc-Req-Id
X-Sucuri-Cache
X-Varnish-Authentication
X-Planisys-CDN-Cache
D-Cc-Upstream
Server-Ttl
X-Planisys-CDN-TTL
X-Contensis-Viewer-Groups
Source
X-Cache-ASPX
X-Planisys-CDN-Rules
X-Webkit-CSP-Report-Only
HitType
CACHE
X-HS-Status
X-DC
Geoip-Latitude
Geo-Info
Cteonnt-Length
GeoIp-Country-Code
MIME-Version
X-Svr
X-CDN-Forward
X-Wa
Cmsid
X-Servedbyhost
X-LiteSpeed-Cache-Control
Cmstype
Kp-EeAlive
X-Server-IP
X-URL
X-Cs
X-Gdpr
X-Cache-Config
X-Origin-Time
Svr
X-Served-From
X-Nyt-Route
X-FPC
X-API-Version
Viewtype
X-VC
A
X-Vcl-Version
Server-ID
X-SN
VivaBuild
Cache-Key
X-Esi
Ohc-Cache-HIT
X-LI-Proto
X-Li-Proto
M-TraceId
X-NodeID
X-SB
Resin-Trace
X-Webstats-RespID
Hostname
X-RAMCache
X-NGINX-Cache
X-HOST
NtCoent-Length
Filterid
Request-ID
X-Vgn-Hpd-Reason
X-Check-Cacheable
Server-Id
Arc-Country
Tcn
Cross-Origin-Opener-Policy
X-Air-Source
SID
TDXMobile
X-VCL-Version
X-SD-PageType
X-UA
X-DB
X-Viewer-Country
X-Internal-Host
X-RSL
X-DW
X-DSS
Cache-Provider
X-DI
X-RPM
X-RPS
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-Render-Time
X-TIM-N
X-CCDN-CacheTTL
XServer
X-TIME
X-Ua
X-Vc
GeoIP-Latitude
X-ServedByHost
X-BBC-Edge-Cache-Status
NGB
X-WA
EpKe-Alive
Srv
GeoIP-Country-Code
X-HostName
X-Newrelic-Synthetics
X-CF-Powered-By
X-Worker
ProcessTime
X-Service
X-Auto-Login
Processtime
X-Action
Mime-Version
X-App
X-Geo
X-FTR-Cache-Host
Upgrade-Insecure-Requests
X-Oss-Cdn-Auth
X-Fpc
X-SaId
X-NGENIX-Cache
X-CLOUD-TRACE-CONTEXT
X-PHP-Backend
X-Ftr-Cache-Host
X-Dynatrace-Js-Agent
DataCenter
X-JoinUs
FSS-Cache
X-Extlb
Datacenter
X-FORWARDED-FOR
CDN
X-Cluster-Node
X-Via-NSCOPI
X-Edge-Location
X-CSRF-TOKEN
X-Forwarded-Site
Proxy-Connection
CF-Cached-On
X-Cdn-Request-ID
X-HITS
X-MSEdge-Features
X-Provided-By
X-BBC-Origin-Response-Status
X-BACKEND-TTL
X-MSEdge-Flight
X-Parent-Response-Time
Cdn
X-Fastly-Backend-Reqs
W
X-Dw-Trace-Id
X-Swift-Error
X-CACHE-AGE
X-Client-Ip
PICS-Label
OT-Force-Account-Verify
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
LB
X-Accel-Expires-Debug
X-PJAX-URL
X-Bc-Bl
X-VC-Cache
X-Flog
X-ABtesting
X-Fastly-Request-Id
X-Cache-Tag
X-Req
We-Hiring
X-Region-Sid
X-Proxy-Upstream
X-Depends-On
Surrogated-Key
X-Hello
Memcached
Dnion-Transfer-Encoding
Mail-Subject
X-Date
X-Akamai-Pragma-Client-IP
X-ND-Cache
X-Via-PopV
X-Via-PopH
X-APP
X-Sigma
Env
X-Via-PopN
Vha6-Origin
X-Sigma-Backend
X-RateLimit-Remaining-Second
X-Pad
X-RateLimit-Limit-Second
X-Rocket-Build-Number
X-Pf-Uncompressing
X-Zone
X-Oracle-DMS-ECID
X-UnsetCookies
X-Presslabs-Stats
Media-Length
Epwk-X-Cache
X-Air-Trace-Id
X-ZONE
X-Acquia-Application-Trace
WZWS-RAY
X-Lb-Id
X-MiniProfiler-Ids
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Men
X-LiteSpeed-Tag
Memory
X-Acquia-Site
Time
Cf-Ipcountry
VNS-Cache
X-ServerName
X-ElasticPress-Query
X-Request-URL
X-Varnish-Beresp-TTL
X-Request-Url
URI
X-Vcache
X-Akamai-ERRuleID
X-Akamai-ERPolicy
X-Csrf-Token
X-Varnish-URL
VNS-Age
CPC-Cache
Xet-Cookie
X-Ms-Meta-Originalurl
CPC-Age
X-Snapshot-Date
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Search
CountryCode
X-Tid
X-Litespeed-Cache-Control
X-Amz-Meta-Cb-Modifiedtime
Environment
X-Redis-Duration-Ms
X-Traceid
X-Redis-Count
X-Storefront-Renderer-Verified
X-C
NnCoection
X-B3-Parentspanid
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Ohc-Response-Time
Phost
Inserted-Into-Cache-At