Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Feature-Policy
X-AspNetMvc-Version
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
Access-Control-Max-Age
X-Via
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
X-LiteSpeed-Cache
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
NEL
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Cache-Spec
X-WebKit-CSP
X-Device
X-CST
Allow
Xkey
X-Backend-Server
X-Vhost
X-Host
X-Server-Id
EagleEye-TraceId
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Ruxit-JS-Agent
Accept-CH-Lifetime
P3p
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Template
X-Cache-Lookup
X-Language
X-Country
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Accept-Ch
Rating
X-Origin-Cache
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
Accept-Ch-Lifetime
X-PC
X-Vname
X-TtlSet
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ORACLE-DMS-ECID
X-Trace
X-ESI
X-FastCGI-Cache
X-Content-Type
X-Sol
X-Middleton-Response
X-Middleton-Display
Response
Pagespeed
Display
X-D2id
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Cdn-Fetch
X-GoogleNews-Bot
X-Use-Magma
X-Kinja-Server
X-Exp-Variant
X-Kinja
X-Exp-Id
X-Kinja-Build
X-Vcap-Request-Id
Verso
X-Goog-Hash
X-ORACLE-DMS-RID
X-Buckets
X-Rack-Cache
X-Country-Code
X-Server-Name
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Fastly-Request-ID
X-Amz-Rid
X-Powered-By-Plesk
X-Webkit-CSP
X-Client-IP
X-Cache-TTL
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Release
SPRequestGuid
X-MSEdge-Ref
Fastly-Restarts
X-SharePointHealthScore
X-Element-Page-Cache
X-Dw-Request-Base-Id
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
X-Cached
X-NF-Request-ID
Public-Key-Pins
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
RTSS
X-TTL
X-Edge
Access-Control-Request-Method
AR-Request-ID
AR-ATIME
Ar-Sid
AR-CACHE
AR-PoweredBy
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-LLID
X-Powered-CMS
X-Ttl
X-Origin-Upstream-Status
X-Ezoic-Cdn
X-Px
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
X-Upstream
Fusion-Component-Id
Fusion-Deployment-Id
Content-MD5
Cache-Tag
X-HP-Webp
X-Jurisdiction
X-MCACHE
X-ECACHE
X-Mid
S
X-Mg-S
X-Version
X-Recruiting
X-Content-Digest
Charset
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
X-Litespeed-Cache
TCN
MicrosoftSharePointTeamServices
Front-End-Https
X-Content-Security-Policy-Report-Only
Cache-Tags
Filters
X-Debug
X-Pinterest-Direct
X-Grace
X-DynaTrace
X-Logged-In
Server-Node
X-Accel-Expires
Edge-Cache-Tag
X-Id
X-Forwarded-Proto
X-Correlation-Id
Nginx-Cache
Server-Name
X-Amzn-Trace-Id
TP-Cache
TP-L2-Cache
Surrogate-Key
X-Forwarded-For
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Yandex-Sdch-Disable
X-Varnish-Age
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
X-Microsite
X-Ruxit-Js-Agent
X-Ser
X-Request-Handler-Origin-Region
X-Shield-Request-Id
X-Hits
X-AppVersion
X-Az
X-Activity-Id
X-Amz-Replication-Status
X-Kinja-Server-Push
X-DIS-Request-ID
X-F-Cache
X-XRDS-LOCATION
X-Goog-Metageneration
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-Goog-Generation
X-XRDS-Location
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Combine-CSS
X-Origin-Server
Accept-Charset
X-Cache-Key
X-Git-Hash
X-Geo-Country
Cache
X-Respond-Thread
Powered-By-ChinaCache
X-Rid
Alternate-Protocol
X-FTR-Request-ID
X-LB-Cache
X-Frontend
Section-Io-Cache
X-Upgrade-Enabled
X-DataDome
Host
X-Hostname
Access-Control-Allow-Method
X-Mobile-URL
X-Seen-By
X-Cache-Age
X-NWS-LOG-UUID
X-Server-ID
MS-CV
X-AOL-HN
Paypal-Debug-Id
Healthy
X-Time
Cleartype
X-VCache
X-TT
X-Type
X-Whom
X-IPLB-Instance
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Cache-Action
X-Content-Options
X-Varnish-Backend
X-App-Environment
ServerID
X-TEC-API-ROOT
X-Request-Guid
X-Route-Name
X-Providence-Cookie
X-Is-Crawler
X-Jobs
X-Flags
Payment
X-Aspnet-Duration-Ms
X-Page-Id
X-B-Cache
X-Debug-Info
X-Signature
Fastcgi-Useragent
X-Source
X-WebKit-CSP-Report-Only
X-Fastcgi-Cache
X-N
X-Daa-Tunnel
X-Load-Cache
X-Mobile
X-FB-Debug
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-RateLimit-Remaining
Nel
X-Via-JSL
Version
X-Cache-Operation
Refresh
X-Cache-Rule
X-Cached-By
X-Akamai-Edgescape
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
X-Wix-Request-Id
X-Rule
Viewport
X-Drupal-Cache-Tags
X-Cacheable-TTL
DC
X-Contextid
X-Framework
X-Proxy
X-RemovedCookies
X-ProcessESI
Access-Control-Request-Headers
X-Zen-Fury
Realpath
Ms-Operation-Id
X-RTag
X-B
X-Instance
X-Real-IP
Node
X-Distributor
X-Region
Referer-Policy
X-UUID
X-Cache-Time
DynaTrace
Eomportal-Instance
X-Tt-Trace-Host
X-Cluster-Name
X-Tt-Trace-Tag
X-Drupal-Cache-Contexts
X-Yottaa-Optimizations
X-Page-View
X-HTML-Minification-Powered-By
X-Yottaa-Metrics
VIX-Pulpo-Upstream-Status
Countrycode
VIX-Pulpo-Node
X-FW-Server
X-FW-Serve
X-Cache-Expired-At
X-FW-Hash
X-FW-Dynamic
X-FW-Type
X-FW-Static
X-Content-Powered-By
X-Environment-Context
X-Cache-Control
X-G
X-L-Path
X-IPS-LoggedIn
Liferay-Portal
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel-0
GEO-INFO
X-Cache-Hit
X-Tumblr-Pixel
Server-Info
X-FireWall-Port
X-App-Server
X-Pass-Why
X-Varnish-Ttl
X-User-Agent
Webserver
From-Origin
Section-Io-Id
Section-Io-Origin-Status
X-Node-Name
Section-Origin-Responded
X-Tumblr-Pixel-2
Section-Io-Origin-Time-Seconds
Ec-Rule-Version
X-Ratelimit-Limit
X-Protected-By
CF-IPCountry
Protected
SRV
Xserver
X-Www-Served-By
X-Backend-Name
X-Cache-Server
X-Mode
X-Handled-By
X-RN-RSRV
X-Revision
X-Hl-Ver
X-ES-SERVER
X-UPSTREAM-Address
Meta-Geo
Frame-Options
X-Soup
Cache-Tv-Group
X-Site-Version
X-Endurance-Cache-Level
X-Locale
X-FB-TRIP-ID
Cache-Status
X-Nginx-Cache
X-NYM-Debug-Backend
Country
X-Uri
X-Labrador-Cache-Channel
X-Human
X-Storage
X-Cache-Grace
X-Hyper-Cache
X-Forwarded-Host
X-PHP-Host
X-Web-Node
X-Varnishpool
X-Ratelimit-Remaining
X-Proto
Azure-Version
Property-Id
X-Pubstack
Fastly-SSL
X-Redis-Cache
Decoy-Debug-TTL
Decoy-Debug-Status
X-Proxy-Build
Decoy-Debug-Key
Cache-Name
X-S-Maxage
Webcakes-App-Name
TWC-Connection-Speed
Webcakes-App-Version
TWC-Device-Class
TWC-Privacy
TWC-GeoIP-LatLong
TWC-GeoIP-Country
X-Origin-Hint
Azure-InstanceId
Selected-Fe
X-Be
Webcakes-Region
Azure-SlotName
Azure-RegionName
Azure-SiteName
TWC-Locale-Group
X-TT-LOGID
X-BYPASS-REASON
X-Amz-Meta-S3cmd-Attrs
X-MP-GENERATED-AT
X-ProxyCache-Key
X-Timing-Wait
X-Adobe-Content
X-ProxyCache-Status
X-Adobe-Loc
X-Request-Time
X-PCL
X-Origin-Date
X-Access
X-TNCMS
X-Sql-Duration-Ms
X-AIR-PT
X-Sql-Count
X-Hosted-By
X-Via-Fastly
X-Loop
X-SayCDN-TTL
X-WA-Info
X-Section
X-Say-TTL
X-FW-Version
X-OCL
X-UA-Device-Type
Retry-After
X-Say-Cacheable
X-Format
X-LAGOON
X-No-Session
X-PERF
X-R9-Blue-Green-Version
X-Debug-IsConnected
X-Server-W
X-Cluster
X-ApacheServer
X-Debug-IsPreview
X-Status
Mn-Server-Ip
X-Sorting-Hat-PodId
X-VWS-Id
X-Sorting-Hat-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-ShopId
X-Shopify-Stage
X-LJ-Flow-ID
X-AWS-Id
X-Device-Type
X-Cache-TTL-Remaining
X-Alternate-Cache-Key
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Qloud-Router
X-CCM
X-Rendered-As
X-Xfnlog-Site
X-Is-Bot
Cache-Hits
Apigw-Requestid
X-Via-CDN
X-Info
S-Cnection
X-FTR-Backend-Server
X-FTR-Cache-Status
X-FTR-DC
X-FTR-Balancer
X-FTR-Backend
X-Country-Code-Real
X-FTR-Realm
X-Varnish-Server
X-Cdn
X-SRV
X-FTR-Expires
X-Varnish-Grace
X-GG-Cache-Date
X-Dc
X-Cache-Enabled
X-Detected-As
X-Cache-Host
AMP-Access-Control-Allow-Source-Origin
X-Microcachable
X-Content-Age
X-Platform
X-Amzn-RequestId
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Air-Hostname
X-Tec-Api-Origin
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Unique-Id
X-Aspnetmvc-Version
X-Cache-Var
X-Azure-Ref
X-Cache-Var-Map
X-Backend-Host
Tracecode
Uber-Trace-Id
X-Proxy-Cache-Status
SD-X-WS
X-NWS-UUID-VERIFY
X-CSRF-Token
X-Time-Microsecs
X-GEO
X-Backend-TTL
X-ServerID
Akamai-GRN
X-DynaTrace-JS-Agent
X-ATG-Version
X-Oss-Request-Id
X-Oss-Storage-Class
X-Trace-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-ID
X-Tb
X-Cache-Backend
X-App-Version
X-TA-CDN-Provider
X-Correlation-ID
X-BCube-Filmed-By
Backend
ServedBy
X-RCS-CacheZone
X-Akamai-Transformed
DSUID
X-Varnish-Hostname
X-Cache-PHP
X-Cache-NGX
X-A-Dcw
X-A-Ccd
X-Vtex-Remote-Cache
X-A-Wwc
X-A-Dam
X-Aed
X-A-Dgt
X-ARC
X-CF-Lambda-Version
X-Connection-Hash
X-D
X-Destination
X-Cache-NE
X-Magnolia-Registration
X-Varnish-Cache-Hits
X-Vtex-Processado-Em
X-B-Cookie
X-Application
X-Device-Os
Machine
MD5-Digest
Meta-Geo-Continent
Mobile-Detection-Method
Lfy
Instruction
DCR-Decision-By
DCR-Processing-Time-Ms
Expiry
Fastcgi-X-Cache-Version
Odigeo-Trace-Id
Path
BehaviorPad-Version
Thinkindot-CacheControl-Type
Thinkindot-Control
Xc-Version
Thinkindot-CacheControl
X-Debug-Cache
Release
Rendered-Blocks
SR-User-Adfree
T-Server
X-A
X-CF-Lambda-Fn
X-Level-Front-Cache
X-Location
X-PBS-Appsvrname
X-VG-WebCache
X-Rewrite-Enabled
X-S-Cookie
X-Matched-Rule
X-Vdms-Version
X-External-Request-Id
X-Origin-CC
X-Rojux
X-S
X-Vdms-Path
X-Origin-TTL
X-Trv-Group
X-Request-UUID
X-Generation-Time
X-PAYTM-SRV-ID
X-VG-WebServer
X-Generated-On
X-From
X-SRCache-Key
X-Fetched-On
X-GeoIP-City
X-Thinkindot-L3
X-Processor
X-Session-Fingerprint
X-Owner
X-ScT
X-Sucuri-ID
Arc-Version
HostName
PB-PID
X-APP-VERSION
PB-RID
X-NAPM-TraceId
X-Swa-Ws
X-Skip-Cache
DB-Nickname
Cf-Device-Type
X-SVT-ORM-RULES
Fastly-Backend-Name
X-SVT-ORM-VERSION
Host-ID
Gh-Request-Id
X-Thanos
X-Node-Id
X-Has-Esi
X-Azure-Ref-OriginShield
X-VServer
Cache-Host
X-Bip
X-Cache-Bucket
X-FC-Vary-Parameters
X-Sn-Servicetimems
X-Cdn-Origin
X-Geo-Header
X-Irp-Debug
X-Is-Gdpr
X-OVcl
X-OVcl-Cache
X-TrackingId
Ssr
X-Origin-Response-Time
UCS
X-JWT-State
X-Tumblr-Pixel-3
X-Micro-Cache
X-Mvc-Supplant-Cachable
Server-Host
X-HS-Content-Campaign-Id
C-Via
X-B3-Traceid
AKAMAI
X-NewRelic-App-Data
X-Ms-Version
X-Ms-Request-Id
X-B3-SpanId
X-CS
X-VarnishDD-TTL
X-CGP
X-Old-Content-Length
X-Cache-Tags
X-Cache-Info
X-Clientip
X-Varnish-Remaining-TTL
X-CUA
X-Varnish-CookieHashed-On
X-Csrf-Jwt
X-Varnish-CookieINHashed-On
X-Varnish-Hits
X-Cache-Id
X-Wikidot-Backend
X-Origin
Wxu-Next-Hostname
X-Origin-Expires
Wxu-Next-Commit
V-Age
Wxu-Next-Region
On-Server
X-Branch-Name
X-Wikidot-Static-Cache
CloudFront-Viewer-Country
Content-Disposition
NGX
X-DefElseHash
X-DefHash
X-GeoIP
X-Gzip
X-Nginx-Cache-Key
X-User
X-Generated-In
X-HN
X-Cdn-Forward
X-Scheme
X-Request-Host
X-Li-Pop
X-Li-Fabric
X-IP
X-Generated-By
X-Var-Ttl
X-Adobe-Source
X-DPWN-IS-SECURE
X-Developers
X-Developer
X-Policy
X-Esi-Check
X-Eu-Site
X-Variation
X-Varnish-Beresp-Grace
X-Reqid
X-Fastly-Backend
X-LI-UUID
X-Backend-State
Server-Hostname
X-Core-Value
L5d-Success-Class
X-Cms-Context
Is-Eu
Pagetype
Server-Ext
Location
Platform
PFcat
Pramga
X-Fastly-Cache
Locid
Magicmarker
HA-Ipaddr
L
Ha-Gx-Prefs
Adler-Geo
Sever-Int
CacheControlHeader
User-Cache-Control
X-Erf-Stays-Bingo-Pdp-Web
X-Ratelimit-Reset
X-Dispatcher-Server
X-Rebelmouse-Surrogate-Control
X-Platform-Server
Origin
X-Request-URI
X-Method
Cf-Bgj
X-NU-AKA-ACS-Version
NM-Fastcgi-Cache
Fastly-Drupal-HTML
X-Slack-Backend
X-Gamma-Serve
IsBot
X-TX-ID
X-WADP-Cache
X-SIPLIST1
X-Varnish-Beresp-Ttl
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Servername
X-Varnish-Beresp-Status
X-Loc
X-Rebelmouse-Cache-Control
CDN-RequestCountryCode
CDN-RequestId
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
CDN-Uid
X-Clara-WADP
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Block-Status
Web-Mar-Node
Fastly-SWR
X-Cache-Expires
CDCHOST
Fastly-SIE
X-GoCache-CacheStatus
X-Hnp-Log
X-Fmm-Version
X-Gen-Mode
X-Envoy-Decorator-Operation
X-Cache-Date
Rt-Fastcgi-Cache
X-Dynatrace
Apple-News-Services-Handled
X-Core-Mission
X-Aicache-OS
X-EC-Lua
Apple-News-Services-Host
X-Cache-Debug
X-LB-ID
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-VG-TLSProxy
X-Hash
X-Refresh
X-Request-Start
X-Mvc-Supplant-OutputCached
X-NCache
Sid
X-PF-Uncompressing
X-Varnish-Url
Url
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-CACHE-GROUP
X-Nc
X-Oracle-Dms-Rid
X-Cache-Remote
Esi-Enabled
X-NC
Who
X-CACHE-KEY
X-FireWall-Protection
Pics-Label
X-Response-By
X-Epic-Correlation-Id
X-Varnish-Cacheable
X-Esi
Country-Code
X-B3-Spanid
S-Rt
X-Unique-ID
Req-Svc-Chain
X-Tb-Optimization-Total-Bytes-Saved
X-Proxy-Cachei7
Xkeyi7
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Content-Secure-Policy
X-TraceId
X-Host-Name
X-Error
N-Cache
X-RateLimit-Limit
X-Planisys-CDN-TTL
X-BBXSRF
X-Webkit-Csp
X-DC
X-Srv
X-Cache-2
Source
Cross-Origin-Window-Policy
Ohc-File-Size
X-Webkit-CSP-Report-Only
Geoip-Latitude
X-LiteSpeed-Cache-Control
Cmstype
HitType
Cteonnt-Length
X-Cc-Req-Id
X-Contensis-Viewer-Groups
X-CLOUD-TRACE-CONTEXT
D-Cc-Upstream
Geo-Info
X-Cache-ASPX
X-Varnish-Authentication
Server-Ttl
Cmsid
X-Cc-Via
X-Sucuri-Cache
Kp-EeAlive
GeoIp-Country-Code
X-Servedbyhost
MIME-Version
X-CDN-Forward
X-Wa
X-Served-From
Svr
X-HS-Status
X-Svr
X-URL
A
X-Server-IP
Cache-Key
VivaBuild
Viewtype
Filterid
X-Origin-Time
X-Vcl-Version
Resin-Trace
X-RAMCache
X-Cache-Config
X-LI-Proto
X-Nyt-Route
M-TraceId
X-API-Version
X-Gdpr
X-FPC
Server-ID
X-Cs
SID
CACHE
Hostname
TDXMobile
X-Air-Source
X-SN
X-VC
Arc-Country
X-Vgn-Hpd-Reason
X-Li-Proto
Cross-Origin-Opener-Policy
NtCoent-Length
X-HostName
X-HOST
Server-Id
X-Webstats-RespID
NGB
Request-ID
Tcn
X-Check-Cacheable
X-VCL-Version
X-NodeID
Ohc-Cache-HIT
XServer
X-SB
X-UA
X-Internal-Host
X-Viewer-Country
X-CCDN-Origin-Time
X-SD-PageType
X-FORWARDED-FOR
X-Vc
X-TIM-N
X-Hcs-Proxy-Type
X-DB
Cache-Provider
X-CCDN-CacheTTL
X-NGINX-Cache
X-RPS
X-RSL
X-DI
X-RPM
X-DW
X-DSS
X-Newrelic-Synthetics
X-TIME
X-Service
X-Render-Time
GeoIP-Latitude
GeoIP-Country-Code
Srv
X-ServedByHost
X-App
Mime-Version
X-WA
EpKe-Alive
X-BBC-Edge-Cache-Status
X-NGENIX-Cache
X-PHP-Backend
X-Action
X-SaId
X-COUNTRY
X-JoinUs
ProcessTime
X-Ua
X-Edge-Location
X-Geo
X-Dynatrace-Js-Agent
X-FTR-Cache-Host
X-Extlb
Processtime
X-CF-Powered-By
X-Fpc
X-Auto-Login
X-Forwarded-Site
X-Via-NSCOPI
FSS-Cache
X-Worker
X-Oss-Cdn-Auth
X-Cdn-Request-ID
X-Provided-By
DataCenter
Datacenter
X-CSRF-TOKEN
Proxy-Connection
Upgrade-Insecure-Requests
W
X-Cluster-Node
CF-Cached-On
X-HITS
X-Swift-Error
X-Date
X-Ftr-Cache-Host
X-Fastly-Backend-Reqs
X-Bc-Bl
CDN
X-Parent-Response-Time
X-VC-Cache
LB
Surrogated-Key
X-MSEdge-Flight
X-Region-Sid
X-MSEdge-Features
X-Accel-Expires-Debug
X-BACKEND-TTL
X-Dw-Trace-Id
X-Depends-On
X-Proxy-Upstream
X-PJAX-URL
X-Req
Cdn
X-Client-Ip
X-CACHE-AGE
Env
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
X-IN-APIGATEWAYSSL
X-Pf-Uncompressing
We-Hiring
X-Cache-Tag
X-Fastly-Request-Id
X-Hello
X-IN-APIGATEWAY
X-Pad
X-ABtesting
X-Flog
X-BBC-Origin-Response-Status
Dnion-Transfer-Encoding
X-UnsetCookies
Mail-Subject
Memcached
PICS-Label
X-ZONE
X-Akamai-Pragma-Client-IP
X-APP
X-Oracle-DMS-ECID
X-Men
X-Acquia-Application-Trace
Vha6-Origin
X-Sigma-Backend
X-Sigma
OT-Force-Account-Verify
X-Air-Trace-Id
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
X-Presslabs-Stats
X-Acquia-Site
Media-Length
X-Rocket-Build-Number
X-Zone
Epwk-X-Cache
X-LiteSpeed-Tag
VNS-Age
Time
VNS-Cache
CPC-Cache
X-Via-PopV
Memory
X-Via-PopH
X-ND-Cache
CPC-Age
X-Via-PopN
Cf-Ipcountry
X-Akamai-ERRuleID
X-MiniProfiler-Ids
X-Varnish-URL
X-Snapshot-Date
X-Request-Url
X-Varnish-Beresp-TTL
X-ElasticPress-Query
X-Request-URL
WZWS-RAY
X-Vcache
X-Lb-Id
X-Ms-Meta-Originalurl
Xet-Cookie
X-ElasticPress-Search
X-Akamai-ERPolicy
X-Csrf-Token
X-Ms-Meta-Staticbatchstarttime
X-Tx-Id
CountryCode
X-Storefront-Renderer-Verified
Environment
X-Amz-Meta-Cb-Modifiedtime
X-ServerName
X-C
Content-Script-Type
X-Litespeed-Cache-Control
X-Redis-Count
Content-Style-Type
X-Redis-Duration-Ms
Inserted-Into-Cache-At
Phost
Ohc-Response-Time
X-Debug-Cache-Fetch
X-B3-Parentspanid
NnCoection
X-Tid
URI
X-Traceid
X-Debug-Cache-Store