Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Feature-Policy
Status
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-WebKit-CSP
Xkey
Allow
X-Backend-Server
X-Device
X-Host
X-CST
X-Vhost
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Ruxit-JS-Agent
X-Akam-SW-Version
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
P3p
X-ASPNET-VERSION
X-Ac
X-Application-Context
X-Template
X-Language
X-Cache-Lookup
X-Country
X-Cloud-Trace-Context
X-Readtime
X-Mod-Pagespeed
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Kinja-Server-Push
X-PC
X-Vname
X-TtlSet
X-Url
Accept-Ch
X-ORACLE-DMS-ECID
X-Clacks-Overhead
Edge-Control
X-FastCGI-Cache
X-GitHub-Request-Id
X-Trace
X-ESI
Accept-Ch-Lifetime
Response
Pagespeed
X-Sol
X-Middleton-Response
Display
X-Middleton-Display
X-Content-Type
X-D2id
X-Vcap-Request-Id
Arr-Disable-Session-Affinity
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-GoogleNews-Bot
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Varnish-TTL
X-ORACLE-DMS-RID
X-Abt-Application-Version
X-VARITI-CCR
X-Amz-Rid
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
X-Cache-TTL
X-Client-IP
X-Fastly-Request-ID
X-Webkit-CSP
SPRequestGuid
X-SharePointHealthScore
X-MSEdge-Ref
X-Release
Fastly-Restarts
X-Dw-Request-Base-Id
SPIisLatency
X-Element-Page-Cache
SPRequestDuration
X-Cached
X-NF-Request-ID
X-TTL
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
RTSS
Ar-Sid
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
X-SRCache-Store-Status
X-Edge
X-SRCache-Fetch-Status
Access-Control-Request-Method
X-LLID
X-Origin-Upstream-Status
X-Px
X-Powered-CMS
Fusion-Content-Source
Fusion-Template-Id
Fusion-Component-Id
Fusion-Source
Fusion-Content-Id
Fusion-Deployment-Id
X-Ezoic-Cdn
X-Upstream
X-Ttl
Content-MD5
X-HP-Webp
X-Jurisdiction
Cache-Tag
X-ECACHE
X-Mid
X-MCACHE
X-Mg-S
X-Recruiting
S
X-Amz-Server-Side-Encryption
X-Content-Digest
Charset
X-Version
TCN
X-Pinterest-Direct
X-PressLabs-Stats
Fastcgi-Cache
MicrosoftSharePointTeamServices
X-T
Front-End-Https
X-Debug
X-Kinsta-Cache
X-Content-Security-Policy-Report-Only
Cache-Tags
X-Grace
X-Litespeed-Cache
Filters
Edge-Cache-Tag
Server-Node
X-Id
X-Accel-Expires
X-Forwarded-Proto
X-Logged-In
X-Correlation-Id
X-Amzn-Trace-Id
X-XRDS-Location
Nginx-Cache
X-Yandex-Sdch-Disable
Server-Name
X-Varnish-Age
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-DynaTrace
X-Forwarded-For
Surrogate-Key
TP-Cache
TP-L2-Cache
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-Hits
X-Shield-Request-Id
X-Ser
X-Cache-Key
X-DIS-Request-ID
X-Az
X-Activity-Id
X-AppVersion
X-Server-ID
X-Amz-Replication-Status
X-HS-Hub-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Generation
X-F-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
Powered-By-ChinaCache
X-Origin-Server
Accept-Charset
X-Git-Hash
X-FTR-Request-ID
X-Geo-Country
X-Respond-Thread
X-Hostname
X-Upgrade-Enabled
X-DataDome
Section-Io-Cache
X-LB-Cache
X-Rid
Cache
X-Frontend
X-XRDS-LOCATION
Alternate-Protocol
X-Cache-Age
Access-Control-Allow-Method
X-Mobile-URL
Host
Cleartype
Paypal-Debug-Id
Healthy
X-Seen-By
X-Varnish-Backend
X-Type
MS-CV
X-IPLB-Instance
X-Content-Options
X-Ruxit-Js-Agent
X-AOL-HN
X-VCache
ServerID
X-Aspnetmvc-Version
X-App-Environment
X-Cache-Action
X-Request-Guid
X-Is-Crawler
X-Providence-Cookie
X-Flags
X-Route-Name
X-Aspnet-Duration-Ms
X-Whom
X-TT
X-Jobs
X-WebKit-CSP-Report-Only
X-B-Cache
X-Debug-Info
X-Signature
X-NWS-LOG-UUID
Payment
Fastcgi-Useragent
X-Page-Id
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Source
X-N
X-Load-Cache
X-Time
X-Mobile
X-RateLimit-Remaining
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-FB-Debug
X-Erf-Bev-Bev
X-Via-JSL
X-Cached-By
X-Akamai-Edgescape
Nel
Version
X-Cache-Operation
X-Cache-Rule
Viewport
Refresh
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
X-Rule
DC
X-Drupal-Cache-Tags
X-Proxy
X-RemovedCookies
X-Cacheable-TTL
X-Framework
X-ProcessESI
X-Zen-Fury
X-Wix-Request-Id
DynaTrace
Realpath
X-RTag
X-Fastcgi-Cache
X-Contextid
Ms-Operation-Id
X-Instance
Access-Control-Request-Headers
X-UUID
X-Real-IP
X-Cache-Time
X-HTML-Minification-Powered-By
X-Region
X-Tt-Trace-Tag
X-Tt-Trace-Host
GEO-INFO
Node
X-Drupal-Cache-Contexts
Referer-Policy
X-Distributor
X-Page-View
X-Cache-Expired-At
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-FW-Server
X-FW-Static
X-FW-Serve
Eomportal-Instance
X-B
VIX-Pulpo-Upstream-Status
X-L-Path
X-Cluster-Name
X-Environment-Context
VIX-Pulpo-Node
X-Cache-Control
X-G
Countrycode
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
Liferay-Portal
X-Cache-Hit
X-IPS-LoggedIn
X-Content-Powered-By
X-Node-Name
Server-Info
X-User-Agent
X-App-Server
X-Tumblr-Pixel-2
Webserver
From-Origin
X-FireWall-Port
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Ratelimit-Limit
Section-Io-Id
X-Varnish-Ttl
X-Pass-Why
Protected
Ec-Rule-Version
X-Protected-By
X-Amz-Meta-S3cmd-Attrs
SRV
CF-IPCountry
X-Revision
X-Cache-Server
Frame-Options
X-RN-RSRV
X-Www-Served-By
X-UPSTREAM-Address
X-Mode
X-Hyper-Cache
Cache-Status
X-Endurance-Cache-Level
X-ES-SERVER
Meta-Geo
X-Handled-By
X-Locale
X-FB-TRIP-ID
X-Soup
X-Backend-Name
X-Site-Version
X-NYM-Debug-Backend
Country
X-Human
X-Storage
Retry-After
X-Web-Node
X-Cache-Grace
X-Forwarded-Host
Cache-Tv-Group
X-Be
X-Redis-Cache
Azure-InstanceId
X-Pubstack
Azure-SiteName
Property-Id
Azure-RegionName
X-PHP-Host
X-Adobe-Loc
X-Uri
X-UA-Device-Type
X-Varnishpool
X-Origin-Date
Azure-Version
X-TT-LOGID
Decoy-Debug-TTL
Decoy-Debug-Status
X-Labrador-Cache-Channel
Decoy-Debug-Key
X-Hl-Ver
Azure-SlotName
X-Adobe-Content
TWC-GeoIP-LatLong
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-Locale-Group
TWC-Privacy
X-Origin-Hint
Webcakes-App-Version
Fastly-SSL
Webcakes-App-Name
Webcakes-Region
Cache-Name
X-FW-Version
X-SayCDN-TTL
X-Section
X-Server-W
X-Request-Time
X-Say-TTL
X-Say-Cacheable
X-ProxyCache-Key
X-ProxyCache-Status
X-S-Maxage
X-PCL
X-Via-Fastly
X-TNCMS
X-Hosted-By
X-Proto
X-Format
X-BYPASS-REASON
X-Loop
X-No-Session
X-Sql-Duration-Ms
X-Sql-Count
X-OCL
X-AIR-PT
X-Access
X-VWS-Id
X-LAGOON
X-LJ-Flow-ID
X-PERF
X-WA-Info
Xserver
X-ApacheServer
X-R9-Blue-Green-Version
X-AWS-Id
Selected-Fe
X-Cluster
Mn-Server-Ip
X-Proxy-Build
X-Status
X-MP-GENERATED-AT
X-Timing-Wait
X-Via-CDN
X-Shopify-Stage
X-ShardId
X-Sorting-Hat-PodId
X-Alternate-Cache-Key
X-Zipkin-Id
X-Routing-Service
X-Storefront-Renderer-Rendered
X-ShopId
X-Ratelimit-Remaining
X-Cache-TTL-Remaining
X-Proxied
X-Sorting-Hat-ShopId
X-Qloud-Router
X-FTR-Backend-Server
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Balancer
S-Cnection
X-Is-Bot
X-FTR-Realm
X-CCM
X-Xfnlog-Site
X-Country-Code-Real
X-FTR-Backend
X-Rendered-As
Cache-Hits
X-Nginx-Cache
X-FTR-Expires
X-Device-Type
X-Tec-Api-Root
X-Tec-Api-Origin
X-Debug-IsPreview
X-Debug-IsConnected
X-Info
X-Tec-Api-Version
X-SRV
X-Unique-Id
AMP-Access-Control-Allow-Source-Origin
Apigw-Requestid
X-Oracle-Dms-Rid
X-Dc
X-Detected-As
X-Air-Hostname
X-Cache-Host
X-Cache-Var
X-Cache-Var-Map
X-Varnish-Grace
X-Cdn
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Microcachable
X-Cache-Enabled
X-Varnish-Server
X-Content-Age
X-GG-Cache-Date
X-GEO
SD-X-WS
X-Platform
X-Azure-Ref
Tracecode
X-Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-Backend-Host
Uber-Trace-Id
X-Time-Microsecs
X-DynaTrace-JS-Agent
X-Backend-TTL
X-Proxy-Cache-Status
X-Cache-Backend
X-Erf-Stays-Bingo-Pdp-Web
X-ServerID
Akamai-GRN
X-Oss-Server-Time
X-TA-CDN-Provider
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-ATG-Version
Backend
X-Tb
X-APP-VERSION
X-NWS-UUID-VERIFY
X-CSRF-Token
X-BCube-Filmed-By
X-Trace-Id
DSUID
ServedBy
X-Akamai-Transformed
X-RCS-CacheZone
X-Correlation-ID
X-Varnish-Hostname
X-ID
X-NewRelic-App-Data
X-Sucuri-ID
X-A-Wwc
DCR-Decision-By
BehaviorPad-Version
X-Vtex-Remote-Cache
X-B-Cookie
X-ARC
X-Application
Xc-Version
DCR-Processing-Time-Ms
X-Aed
X-A-Ccd
Rendered-Blocks
X-Varnish-Cache-Hits
SR-User-Adfree
T-Server
Pramga
Path
Mobile-Detection-Method
MD5-Digest
Odigeo-Trace-Id
Machine
X-Vtex-Processado-Em
Thinkindot-CacheControl
Instruction
X-A-Dcw
X-A-Dgt
Fastcgi-X-Cache-Version
X-A-Dam
Meta-Geo-Continent
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A
Expiry
X-Device-Os
X-Request-UUID
X-Session-Fingerprint
X-Level-Front-Cache
X-Rewrite-Enabled
X-Trv-Group
X-Generation-Time
X-S
X-ScT
X-Location
X-Matched-Rule
X-Origin-TTL
X-PBS-Appsvrname
X-PAYTM-SRV-ID
X-Processor
X-Origin-CC
X-Thinkindot-L3
X-SRCache-Key
X-Generated-On
X-Rojux
X-S-Cookie
X-Vdms-Path
X-Vdms-Version
X-Destination
X-CF-Lambda-Version
X-D
X-CF-Lambda-Fn
X-External-Request-Id
X-Fetched-On
X-From
X-Cache-NE
X-VG-WebCache
X-VG-WebServer
X-Connection-Hash
X-Debug-Cache
Arc-Version
PB-PID
X-Cache-NGX
X-Cache-PHP
PB-RID
X-Origin-Response-Time
Cache-Host
X-Skip-Cache
Host-ID
Fastly-Backend-Name
Cf-Device-Type
Lfy
X-Reqid
CacheControlHeader
X-Sn-Servicetimems
Ssr
X-GeoIP
UCS
X-GeoIP-City
X-TrackingId
X-Geo-Header
AKAMAI
X-Cache-Date
X-Azure-Ref-OriginShield
X-Cdn-Origin
X-Tumblr-Pixel-3
X-Has-Esi
X-HS-Content-Campaign-Id
Release
X-OVcl
X-OVcl-Cache
Pagetype
X-Node-Id
X-Swa-Ws
X-Is-Gdpr
X-JWT-State
X-VServer
X-Micro-Cache
X-Owner
X-Cache-Bucket
X-Ms-Version
X-Magnolia-Registration
X-Ms-Request-Id
X-Adobe-Source
On-Server
PFcat
Server-Ext
X-Generated-By
X-HN
X-Bip
Location
L
X-Mvc-Supplant-Cachable
Locid
Magicmarker
Server-Host
X-Irp-Debug
NGX
Server-Hostname
X-Core-Value
X-CUA
Wxu-Next-Region
X-Cms-Context
X-B3-Traceid
X-Backend-State
X-Cache-Info
Wxu-Next-Hostname
Wxu-Next-Commit
X-FC-Vary-Parameters
Sever-Int
X-Fastly-Cache
X-Fastly-Backend
X-Developer
X-Developers
X-Nginx-Cache-Key
X-IP
X-SVT-ORM-VERSION
X-Thanos
CloudFront-Viewer-Country
Content-Disposition
DB-Nickname
X-User
X-Var-Ttl
X-Wikidot-Backend
X-Wikidot-Static-Cache
C-Via
X-VarnishDD-TTL
X-Varnish-Hits
X-Scheme
X-SVT-ORM-RULES
Gh-Request-Id
X-Origin-Expires
X-App-Version
User-Cache-Control
X-Hnp-Log
X-Varnish-Remaining-TTL
X-Csrf-Jwt
X-Rebelmouse-Surrogate-Control
X-WADP-Cache
Adler-Geo
X-Varnish-CookieINHashed-On
X-Variation
X-Varnish-CookieHashed-On
X-DefHash
X-DefElseHash
X-NU-AKA-ACS-Version
X-Clientip
X-Cache-Expires
X-Branch-Name
X-Block-Status
X-NAPM-TraceId
X-Cache-Id
X-Varnish-Beresp-Grace
X-Clara-WADP
X-CGP
X-Old-Content-Length
X-Cache-Tags
X-Dispatcher-Server
X-DPWN-IS-SECURE
X-Generated-In
X-GoCache-CacheStatus
X-Ratelimit-Reset
X-LI-UUID
X-Gen-Mode
X-Servername
X-Li-Pop
X-Hash
X-Li-Fabric
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Fmm-Version
X-SIPLIST1
X-Eu-Site
X-Esi-Check
X-Rebelmouse-Cache-Control
X-Envoy-Decorator-Operation
X-Method
X-Loc
X-Slack-Backend
X-Origin
X-Policy
X-Platform-Server
X-Request-URI
X-Request-Host
NM-Fastcgi-Cache
L5d-Success-Class
Origin
Rt-Fastcgi-Cache
Web-Mar-Node
V-Age
IsBot
Is-Eu
Fastly-SWR
Fastly-SIE
Ha-Gx-Prefs
HA-Ipaddr
CDCHOST
Cf-Bgj
Platform
HostName
X-TX-ID
CDN-Cache
Fastly-Drupal-HTML
True-Client-Country-4JS
X-Gamma-Serve
X-VG-TLSProxy
Apple-News-Services-Parsed-Url
CDN-EdgeStorageId
X-Cache-Debug
Apple-News-Services-Handled
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
Apple-News-Services-Host
Apple-News-Services-Request-Url
Vix-Hermes-Req-Id
CDN-RequestId
CDN-Uid
CDN-CachedAt
CDN-RequestCountryCode
CDN-PullZone
X-CS
X-Request-Start
X-Cache-Remote
X-Core-Mission
X-Cdn-Forward
X-B3-SpanId
X-NCache
X-NC
X-EC-Lua
X-B3-Spanid
X-Aicache-OS
X-PF-Uncompressing
X-Refresh
Url
X-Mvc-Supplant-OutputCached
X-Varnish-Url
Sid
X-CACHE-GROUP
X-Response-By
X-Varnish-Cacheable
X-Host-Name
X-LB-ID
S-Rt
X-URL
X-Proxy-Cachei7
X-Via-Popn
X-Via-Popv
X-Via-Poph
Esi-Enabled
Pics-Label
Xkeyi7
X-FireWall-Protection
N-Cache
CACHE
X-Tb-Optimization-Total-Bytes-Saved
X-BBXSRF
X-Nc
Cross-Origin-Window-Policy
Content-Secure-Policy
X-Epic-Correlation-Id
X-Cache-2
Who
Ohc-File-Size
Country-Code
X-Sucuri-Cache
X-CDN-Forward
X-Webkit-Csp
Source
X-Varnish-Authentication
X-TraceId
Req-Svc-Chain
D-Cc-Upstream
X-Esi
X-Contensis-Viewer-Groups
X-Error
X-RateLimit-Limit
X-Cc-Req-Id
X-Cache-ASPX
X-Cc-Via
X-DC
X-Srv
Cteonnt-Length
X-CACHE-KEY
Geoip-Latitude
X-Planisys-CDN-Cache
GeoIp-Country-Code
X-Unique-ID
X-Planisys-CDN-Rules
X-Wa
X-Svr
X-Servedbyhost
Server-Ttl
X-Planisys-CDN-TTL
MIME-Version
X-Webkit-CSP-Report-Only
X-Server-IP
X-Cs
HitType
Hostname
X-HS-Status
Cmsid
X-Gdpr
X-API-Version
Cmstype
Kp-EeAlive
X-Cache-Config
X-Nyt-Route
X-FPC
X-Origin-Time
XServer
X-TIME
X-VC
X-Served-From
X-LiteSpeed-Cache-Control
Svr
X-SN
X-LI-Proto
Geo-Info
Ohc-Cache-HIT
Viewtype
VivaBuild
X-SB
X-VCL-Version
X-NodeID
X-NGINX-Cache
A
Server-ID
Cache-Key
X-Webstats-RespID
SID
X-Vgn-Hpd-Reason
M-TraceId
Resin-Trace
X-Vcl-Version
X-RAMCache
X-SD-PageType
X-Check-Cacheable
Filterid
NtCoent-Length
X-HOST
Server-Id
X-Viewer-Country
X-Li-Proto
Cross-Origin-Opener-Policy
Arc-Country
X-Render-Time
X-Air-Source
Request-ID
TDXMobile
X-Ua
X-UA
X-Internal-Host
X-Hcs-Proxy-Type
X-RSL
X-RPM
X-BBC-Edge-Cache-Status
X-RPS
X-CCDN-CacheTTL
X-DW
X-CCDN-Origin-Time
EpKe-Alive
X-DB
Cache-Provider
X-DI
X-DSS
X-TIM-N
X-Vc
X-FORWARDED-FOR
X-Fastly-Request-Id
GeoIP-Latitude
Srv
GeoIP-Country-Code
X-Auto-Login
NGB
X-Worker
X-CSRF-TOKEN
X-App
X-CF-Powered-By
X-Newrelic-Synthetics
X-HostName
Upgrade-Insecure-Requests
X-Ftr-Cache-Host
X-Action
X-Service
X-ServedByHost
Processtime
ProcessTime
X-WA
Mime-Version
X-FTR-Cache-Host
Datacenter
X-Dynatrace-Js-Agent
X-COUNTRY
X-Fpc
X-Oss-Cdn-Auth
CDN
X-Cluster-Node
Tcn
X-CLOUD-TRACE-CONTEXT
X-SaId
X-JoinUs
X-Presslabs-Stats
Proxy-Connection
FSS-Cache
X-BBC-Origin-Response-Status
X-Via-NSCOPI
X-Extlb
X-PHP-Backend
X-Parent-Response-Time
X-NGENIX-Cache
X-Geo
X-Edge-Location
X-HITS
X-Cdn-Request-ID
CF-Cached-On
X-Fastly-Backend-Reqs
X-BACKEND-TTL
X-Provided-By
W
X-Forwarded-Site
X-MSEdge-Features
X-MSEdge-Flight
DataCenter
X-Dw-Trace-Id
Cdn
X-Client-Ip
X-Swift-Error
X-CACHE-AGE
X-VC-Cache
X-Proxy-Upstream
X-Bc-Bl
X-Date
X-Flog
X-Hello
LB
X-Accel-Expires-Debug
X-ABtesting
X-Depends-On
Mail-Subject
X-Region-Sid
Surrogated-Key
We-Hiring
X-PJAX-URL
Memcached
X-Req
X-Via-PopN
X-Via-PopV
Dnion-Transfer-Encoding
X-Via-PopH
OT-Force-Account-Verify
X-Cache-Tag
X-IN-APIGATEWAY
PICS-Label
X-IN-APIGATEWAYSSL
X-ND-Cache
X-Akamai-Pragma-Client-IP
WZWS-RAY
X-Rocket-Build-Number
Env
X-Sigma
X-Sigma-Backend
X-UnsetCookies
X-RateLimit-Limit-Second
X-Oracle-DMS-ECID
Time
Memory
X-Lb-Id
X-RateLimit-Remaining-Second
Media-Length
Vha6-Origin
X-Pf-Uncompressing
X-LiteSpeed-Tag
Epwk-X-Cache
X-Pad
X-ZONE
X-Air-Trace-Id
X-APP
X-MiniProfiler-Ids
Cf-Ipcountry
X-Zone
CPC-Cache
X-ElasticPress-Query
X-ElasticPress-Search
VNS-Cache
VNS-Age
CPC-Age
X-Varnish-Beresp-TTL
X-Acquia-Site
X-Snapshot-Date
X-B3-Parentspanid
X-Men
X-Varnish-URL
X-Request-URL
X-Litespeed-Cache-Control
X-Acquia-Application-Trace
X-Akamai-ERRuleID
X-Ms-Meta-Staticbatchstarttime
URI
X-Akamai-ERPolicy
X-Acquia-Purge-Tags
Xet-Cookie
X-Ms-Meta-Originalurl
X-Acquia-Application-UUID
X-Request-Url
X-Csrf-Token
X-Vcache
X-Tx-Id
CountryCode
X-Nananana
X-Tid
X-Amz-Meta-Cb-Modifiedtime
NnCoection
Phost
Environment
X-Storefront-Renderer-Verified
X-Debug-Cache-Store
X-Debug-Cache-Fetch
X-ServerName
X-Traceid
X-Akamai-Request-ID
X-Redis-Count
Inserted-Into-Cache-At
X-C
Ohc-Response-Time
X-Redis-Duration-Ms