Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-Xss-Protection
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
X-Ua-Compatible
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-LiteSpeed-Cache
X-Varnish-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
P3p
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-WebKit-CSP
Xkey
Allow
X-Backend-Server
X-Device
X-CST
X-Vhost
X-Host
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-ASPNET-VERSION
X-Ac
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
X-B3-TraceId
MS-Author-Via
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
X-Kinja-Server-Push
X-TtlSet
X-PC
X-Vname
X-ORACLE-DMS-ECID
Accept-Ch
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-FastCGI-Cache
X-Trace
Accept-Ch-Lifetime
Display
X-Sol
X-Middleton-Display
Response
Pagespeed
X-Middleton-Response
X-Content-Type
X-Vcap-Request-Id
X-D2id
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-Cdn-Fetch
X-Exp-Id
X-Use-Magma
X-GoogleNews-Bot
X-Kinja-Server
Arr-Disable-Session-Affinity
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-ORACLE-DMS-RID
X-Varnish-TTL
X-Abt-Application-Version
X-Amz-Rid
X-VARITI-CCR
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-Client-IP
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Fastly-Request-ID
X-Cache-TTL
X-Webkit-CSP
X-SharePointHealthScore
SPRequestGuid
X-Release
X-MSEdge-Ref
Fastly-Restarts
SPRequestDuration
X-Dw-Request-Base-Id
SPIisLatency
X-Element-Page-Cache
X-Cached
X-NF-Request-ID
X-TTL
Public-Key-Pins
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
RTSS
X-Edge
Ar-Sid
AR-Request-ID
Access-Control-Request-Method
AR-CACHE
AR-PoweredBy
AR-ATIME
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Origin-Upstream-Status
X-LLID
X-Powered-CMS
X-Px
X-Ezoic-Cdn
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Upstream
X-Ttl
Content-MD5
X-Jurisdiction
X-HP-Webp
Cache-Tag
X-ECACHE
X-MCACHE
X-Mid
X-Recruiting
X-Content-Digest
S
X-Mg-S
X-Amz-Server-Side-Encryption
Charset
X-Version
X-PressLabs-Stats
TCN
X-Pinterest-Direct
Fastcgi-Cache
MicrosoftSharePointTeamServices
X-T
X-Content-Security-Policy-Report-Only
X-Debug
X-Kinsta-Cache
Front-End-Https
Filters
X-Id
X-Grace
Cache-Tags
Edge-Cache-Tag
Server-Node
X-Accel-Expires
X-Forwarded-Proto
X-Logged-In
X-Forwarded-For
X-Amzn-Trace-Id
X-Correlation-Id
Nginx-Cache
Server-Name
X-Yandex-Sdch-Disable
X-XRDS-Location
X-Kong-Proxy-Latency
X-DynaTrace
X-Kong-Upstream-Latency
X-Varnish-Age
Surrogate-Key
TP-L2-Cache
TP-Cache
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Microsite
X-Request-Handler-Origin-Region
X-Cache-Key
X-Shield-Request-Id
X-Hits
X-DIS-Request-ID
X-Ser
X-Activity-Id
X-Az
X-AppVersion
X-Amz-Replication-Status
X-Server-ID
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Combine-CSS
X-Goog-Storage-Class
X-Goog-Generation
Powered-By-ChinaCache
X-F-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Origin-Server
X-Git-Hash
Accept-Charset
X-Litespeed-Cache
X-FTR-Request-ID
X-Geo-Country
X-Respond-Thread
X-LB-Cache
Section-Io-Cache
X-Hostname
X-Upgrade-Enabled
X-Rid
X-DataDome
X-XRDS-LOCATION
Cache
X-Frontend
Alternate-Protocol
Access-Control-Allow-Method
Host
X-Mobile-URL
X-Cache-Age
MS-CV
Paypal-Debug-Id
Cleartype
X-IPLB-Instance
Healthy
X-Seen-By
X-Ruxit-Js-Agent
X-Type
X-App-Environment
ServerID
X-Content-Options
X-Varnish-Backend
X-Aspnetmvc-Version
X-WebKit-CSP-Report-Only
X-Route-Name
X-AOL-HN
X-Providence-Cookie
X-Request-Guid
X-Flags
X-Aspnet-Duration-Ms
Payment
X-Is-Crawler
X-Cache-Action
X-VCache
X-Debug-Info
X-Whom
X-Page-Id
X-Time
X-B-Cache
X-Signature
Fastcgi-Useragent
X-NWS-LOG-UUID
X-TT
X-Jobs
X-Load-Cache
X-Mobile
X-Source
X-N
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-TEC-API-ROOT
X-Daa-Tunnel
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-RateLimit-Remaining
X-Via-JSL
X-FB-Debug
Nel
X-Cached-By
X-Cache-Rule
X-Cache-Operation
X-Akamai-Edgescape
Refresh
Viewport
X-Rule
X-Accel-Buffering
X-Original-Request-Id
X-Response-Served-From
Version
DC
X-Proxy
X-Drupal-Cache-Tags
X-Framework
X-Zen-Fury
X-ProcessESI
DynaTrace
X-RTag
Ms-Operation-Id
X-RemovedCookies
X-Contextid
X-Wix-Request-Id
X-Fastcgi-Cache
X-Instance
X-Cacheable-TTL
X-UUID
GEO-INFO
Access-Control-Request-Headers
Realpath
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-HTML-Minification-Powered-By
X-Real-IP
Referer-Policy
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cache-Time
X-Region
X-Page-View
X-Drupal-Cache-Contexts
X-FW-Hash
X-Distributor
X-FW-Serve
X-FW-Static
Countrycode
X-Cache-Expired-At
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-Cluster-Name
Node
Eomportal-Instance
X-Environment-Context
X-B
X-L-Path
X-Cache-Control
X-Tumblr-Pixel-0
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
Liferay-Portal
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-IPS-LoggedIn
X-Content-Powered-By
X-G
X-Cache-Hit
X-Node-Name
X-User-Agent
Server-Info
X-Tumblr-Pixel-2
Webserver
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
From-Origin
X-App-Server
X-Ratelimit-Limit
X-FireWall-Port
X-Pass-Why
X-Varnish-Ttl
Ec-Rule-Version
X-Amz-Meta-S3cmd-Attrs
Protected
X-Protected-By
SRV
X-Cache-Server
CF-IPCountry
X-Revision
X-Backend-Name
X-Hl-Ver
X-RN-RSRV
Meta-Geo
Frame-Options
X-Handled-By
X-Www-Served-By
Cache-Status
X-UPSTREAM-Address
X-ES-SERVER
X-Mode
X-Site-Version
X-Locale
X-Soup
X-Endurance-Cache-Level
X-Hyper-Cache
X-FB-TRIP-ID
X-NYM-Debug-Backend
X-Cache-Grace
Retry-After
X-Web-Node
Country
X-Forwarded-Host
X-Varnishpool
X-Storage
X-Be
X-Human
Decoy-Debug-Status
Cache-Tv-Group
Fastly-SSL
X-Timing-Wait
Cache-Name
X-UA-Device-Type
X-Origin-Hint
Decoy-Debug-Key
Azure-Version
Property-Id
Selected-Fe
TWC-Privacy
TWC-Locale-Group
TWC-GeoIP-LatLong
Webcakes-App-Name
X-TT-LOGID
Decoy-Debug-TTL
Webcakes-Region
Webcakes-App-Version
TWC-GeoIP-Country
TWC-Device-Class
X-Proto
Azure-RegionName
Azure-SiteName
X-Proxy-Build
Azure-InstanceId
TWC-Connection-Speed
X-Pubstack
X-Redis-Cache
Azure-SlotName
X-FW-Version
X-PHP-Host
X-Request-Time
X-PCL
X-WA-Info
X-Server-W
X-Section
X-ProxyCache-Status
X-Say-Cacheable
X-Say-TTL
X-SayCDN-TTL
X-Via-Fastly
X-Uri
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-Format
X-BYPASS-REASON
X-No-Session
X-OCL
X-Sql-Count
X-Sql-Duration-Ms
X-Origin-Date
X-AIR-PT
X-Access
X-Adobe-Content
X-Adobe-Loc
X-LAGOON
X-LJ-Flow-ID
X-Hosted-By
X-ApacheServer
X-Loop
X-AWS-Id
X-PERF
X-TNCMS
X-VWS-Id
X-MP-GENERATED-AT
X-Tec-Api-Origin
X-Tec-Api-Root
X-R9-Blue-Green-Version
X-Tec-Api-Version
Xserver
X-S-Maxage
Mn-Server-Ip
X-Via-CDN
X-Qloud-Router
X-Alternate-Cache-Key
X-Ratelimit-Remaining
X-Proxied
X-Routing-Service
X-Cluster
X-ShopId
X-Zipkin-Id
X-Status
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-ShardId
X-Shopify-Stage
X-Country-Code-Real
X-FTR-Backend
X-FTR-Backend-Server
X-FTR-Balancer
X-Cache-TTL-Remaining
X-Is-Bot
X-Rendered-As
X-CCM
S-Cnection
X-FTR-Cache-Status
X-Xfnlog-Site
X-FTR-Realm
X-FTR-DC
Cache-Hits
X-Device-Type
X-Dc
X-FTR-Expires
X-Info
X-Unique-Id
X-Oracle-Dms-Rid
X-Detected-As
AMP-Access-Control-Allow-Source-Origin
X-Nginx-Cache
X-Debug-IsPreview
X-Debug-IsConnected
X-SRV
Apigw-Requestid
X-Amz-Apigw-Id
X-EdgeConnect-Cache-Status
X-Varnish-Grace
X-Cache-Var
X-Cache-Var-Map
X-Cdn
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Air-Hostname
X-Microcachable
X-Cache-Enabled
X-Cache-Host
X-Platform
X-Content-Age
SD-X-WS
X-Varnish-Server
X-GG-Cache-Date
X-Azure-Ref
X-Dynatrace
Amp-Access-Control-Allow-Source-Origin
Tracecode
X-GEO
Uber-Trace-Id
X-Backend-Host
X-Backend-TTL
X-DynaTrace-JS-Agent
X-Proxy-Cache-Status
X-Time-Microsecs
X-Cache-Backend
X-Erf-Stays-Bingo-Pdp-Web
X-ServerID
Akamai-GRN
X-ATG-Version
X-Oss-Request-Id
DSUID
X-Tb
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Oss-Server-Time
X-APP-VERSION
X-Oss-Storage-Class
X-TA-CDN-Provider
X-BCube-Filmed-By
X-CSRF-Token
X-NWS-UUID-VERIFY
Backend
X-Trace-Id
X-Correlation-ID
Arc-Version
X-Varnish-Hostname
PB-RID
X-Sucuri-ID
PB-PID
X-RCS-CacheZone
X-Akamai-Transformed
X-NewRelic-App-Data
ServedBy
X-A-Wwc
BehaviorPad-Version
Expiry
Fastcgi-X-Cache-Version
X-Cache-NE
X-Aed
DCR-Processing-Time-Ms
X-Application
Instruction
X-Session-Fingerprint
X-ScT
X-B-Cookie
X-S-Cookie
Xc-Version
X-ARC
X-Magnolia-Registration
DCR-Decision-By
X-A-Dcw
X-Cache-PHP
T-Server
Odigeo-Trace-Id
Thinkindot-CacheControl
SR-User-Adfree
Rendered-Blocks
Path
Pramga
Release
Thinkindot-CacheControl-Type
Thinkindot-Control
X-A-Ccd
X-A-Dam
X-A-Dgt
Machine
MD5-Digest
X-A
Mobile-Detection-Method
Meta-Geo-Continent
X-Varnish-Cache-Hits
Lfy
X-S
X-Vtex-Processado-Em
X-VG-WebServer
X-Level-Front-Cache
X-GeoIP-City
X-Rewrite-Enabled
X-Generation-Time
X-SRCache-Key
X-Thinkindot-L3
X-Location
X-Matched-Rule
X-PAYTM-SRV-ID
X-Vdms-Path
X-Origin-TTL
X-Origin-CC
X-Vdms-Version
X-VG-WebCache
X-Processor
X-PBS-Appsvrname
X-Generated-On
X-Request-UUID
X-Connection-Hash
X-D
X-Vtex-Remote-Cache
X-Trv-Group
X-CF-Lambda-Version
X-Rojux
X-CF-Lambda-Fn
X-From
X-Destination
X-Device-Os
X-Fetched-On
X-External-Request-Id
X-Debug-Cache
X-Origin-Response-Time
X-Cache-NGX
X-Mvc-Supplant-Cachable
X-GeoIP
Cf-Device-Type
X-Micro-Cache
X-OVcl
X-Bip
CacheControlHeader
X-Cache-Date
X-Node-Id
Gh-Request-Id
Fastly-Backend-Name
X-FC-Vary-Parameters
Host-ID
Pagetype
X-Cdn-Origin
X-Geo-Header
X-Skip-Cache
X-Azure-Ref-OriginShield
X-OVcl-Cache
X-VServer
Cache-Host
X-TrackingId
X-Has-Esi
X-Sn-Servicetimems
X-Swa-Ws
UCS
X-SVT-ORM-VERSION
X-HS-Content-Campaign-Id
X-Is-Gdpr
X-JWT-State
X-Thanos
X-SVT-ORM-RULES
X-Irp-Debug
X-Reqid
Ssr
X-Tumblr-Pixel-3
X-Cache-Bucket
C-Via
X-Ms-Request-Id
AKAMAI
X-Ms-Version
X-Adobe-Source
X-Backend-State
X-Request-Host
X-Generated-In
Wxu-Next-Hostname
Wxu-Next-Region
X-Var-Ttl
On-Server
NGX
X-VarnishDD-TTL
X-Varnish-Hits
PFcat
Sever-Int
Server-Hostname
Server-Ext
X-User
X-Policy
X-Developers
X-Developer
X-IP
X-HN
X-Eu-Site
X-Generated-By
X-Fastly-Cache
X-B3-Traceid
X-CUA
X-Csrf-Jwt
X-Cache-Tags
X-Cache-Info
X-Owner
X-Nginx-Cache-Key
X-CGP
X-Core-Value
X-Cms-Context
X-Clientip
X-Wikidot-Backend
Wxu-Next-Commit
Locid
HA-Ipaddr
CloudFront-Viewer-Country
Content-Disposition
X-Wikidot-Static-Cache
L5d-Success-Class
L
Ha-Gx-Prefs
Magicmarker
X-App-Version
User-Cache-Control
X-Origin-Expires
X-Cache-Expires
X-Block-Status
X-Rebelmouse-Surrogate-Control
Fastly-SWR
X-Scheme
X-Request-URI
Fastly-SIE
X-NU-AKA-ACS-Version
X-Rebelmouse-Cache-Control
HostName
X-NAPM-TraceId
X-Fastly-Backend
X-Fmm-Version
X-GoCache-CacheStatus
CDCHOST
X-Gen-Mode
X-Envoy-Decorator-Operation
X-Hnp-Log
X-Method
X-Servername
X-Loc
X-Clara-WADP
Cf-Bgj
DB-Nickname
X-Platform-Server
Server-Host
IsBot
X-SIPLIST1
X-WADP-Cache
Location
Origin
Web-Mar-Node
X-TX-ID
X-ID
Is-Eu
Rt-Fastcgi-Cache
X-Cache-Id
X-Esi-Check
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Li-Pop
X-Li-Fabric
Apple-News-Services-Request-Url
X-DefHash
X-Varnish-CookieINHashed-On
X-LI-UUID
X-Variation
X-Dispatcher-Server
X-Cache-Debug
Platform
X-DPWN-IS-SECURE
X-Old-Content-Length
X-Goog-Meta-Goog-Reserved-File-Mtime
NM-Fastcgi-Cache
X-Gzip
X-Request-Start
V-Age
X-Varnish-Beresp-Grace
X-Cache-Remote
X-VG-TLSProxy
X-Hash
X-Ratelimit-Reset
X-Branch-Name
Adler-Geo
X-Slack-Backend
Apple-News-Services-Handled
X-DefElseHash
X-Origin
X-Cdn-Forward
X-B3-SpanId
X-CS
CDN-EdgeStorageId
CDN-RequestCountryCode
CDN-CachedAt
CDN-PullZone
CDN-Cache
X-NCache
X-PF-Uncompressing
CDN-RequestId
X-Gamma-Serve
True-Client-Country-4JS
X-Varnish-Beresp-Ttl
Vix-Hermes-Req-Id
X-NC
X-EC-Lua
X-Varnish-Beresp-Status
Fastly-Drupal-HTML
CDN-Uid
X-Core-Mission
X-Mvc-Supplant-OutputCached
X-B3-Spanid
X-Refresh
X-Varnish-Url
X-Aicache-OS
Sid
X-Varnish-Cacheable
X-LB-ID
X-Host-Name
X-Response-By
S-Rt
X-CACHE-GROUP
Url
Esi-Enabled
X-Proxy-Cachei7
Pics-Label
Xkeyi7
N-Cache
X-BBXSRF
X-Via-Poph
X-Via-Popv
X-Via-Popn
X-Tb-Optimization-Total-Bytes-Saved
X-FireWall-Protection
CACHE
X-Nc
Cross-Origin-Window-Policy
Ohc-File-Size
X-Epic-Correlation-Id
Content-Secure-Policy
X-Cache-2
Who
X-Sucuri-Cache
X-CDN-Forward
X-TraceId
Req-Svc-Chain
Source
D-Cc-Upstream
X-Cache-ASPX
X-Error
X-Varnish-Authentication
X-Webkit-Csp
Country-Code
X-Cc-Req-Id
X-Cc-Via
X-Contensis-Viewer-Groups
X-Srv
Cteonnt-Length
X-RateLimit-Limit
X-CACHE-KEY
X-Unique-ID
Server-Ttl
Geoip-Latitude
GeoIp-Country-Code
X-Wa
X-Svr
X-Servedbyhost
X-Webkit-CSP-Report-Only
X-Server-IP
MIME-Version
X-Cs
HitType
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-DC
X-HS-Status
Kp-EeAlive
X-Nyt-Route
X-Gdpr
X-Origin-Time
X-Cache-Config
X-API-Version
X-FPC
X-URL
X-NGINX-Cache
Cmstype
Cmsid
X-Served-From
X-VC
X-LiteSpeed-Cache-Control
Svr
XServer
X-SN
Hostname
Ohc-Cache-HIT
Geo-Info
X-Webstats-RespID
Viewtype
VivaBuild
A
X-LI-Proto
Cache-Key
X-Esi
X-SB
X-NodeID
X-VCL-Version
X-Check-Cacheable
X-Vcl-Version
M-TraceId
X-TIME
X-RAMCache
Resin-Trace
X-SD-PageType
SID
Server-ID
Filterid
NtCoent-Length
X-HOST
Server-Id
TDXMobile
X-Vgn-Hpd-Reason
Cross-Origin-Opener-Policy
X-Viewer-Country
Arc-Country
X-Li-Proto
X-Render-Time
Request-ID
X-Ua
X-UA
X-DSS
X-RSL
X-RPM
X-RPS
X-DI
X-Internal-Host
X-Air-Source
X-BBC-Edge-Cache-Status
Cache-Provider
EpKe-Alive
X-DB
X-DW
X-CCDN-CacheTTL
X-CCDN-Origin-Time
X-Hcs-Proxy-Type
X-TIM-N
X-App
X-CF-Powered-By
X-Auto-Login
X-Fastly-Request-Id
X-Vc
GeoIP-Country-Code
GeoIP-Latitude
Srv
NGB
X-Worker
Upgrade-Insecure-Requests
X-HostName
X-Newrelic-Synthetics
X-ServedByHost
X-WA
ProcessTime
Mime-Version
Processtime
X-Action
X-Ftr-Cache-Host
X-FTR-Cache-Host
X-CSRF-TOKEN
X-Service
Tcn
X-Fpc
X-Oss-Cdn-Auth
X-Cluster-Node
Datacenter
CDN
X-CLOUD-TRACE-CONTEXT
X-NGENIX-Cache
X-JoinUs
X-Dynatrace-Js-Agent
X-PHP-Backend
X-SaId
X-Geo
X-Forwarded-Site
X-Via-NSCOPI
FSS-Cache
X-FORWARDED-FOR
X-Edge-Location
X-Extlb
X-Parent-Response-Time
X-BBC-Origin-Response-Status
Proxy-Connection
X-HITS
CF-Cached-On
X-Cdn-Request-ID
X-BACKEND-TTL
X-MSEdge-Features
X-Provided-By
DataCenter
W
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
Cdn
X-Swift-Error
X-MSEdge-Flight
X-CACHE-AGE
X-Client-Ip
X-Via-PopN
OT-Force-Account-Verify
X-ABtesting
X-Depends-On
X-Bc-Bl
X-PJAX-URL
X-Proxy-Upstream
X-VC-Cache
X-Region-Sid
We-Hiring
Surrogated-Key
X-Hello
X-Flog
LB
Mail-Subject
Memcached
X-Via-PopH
X-Via-PopV
X-IN-APIGATEWAYSSL
X-IN-APIGATEWAY
PICS-Label
X-ND-Cache
Dnion-Transfer-Encoding
X-Cache-Tag
X-Akamai-Pragma-Client-IP
X-ZONE
WZWS-RAY
X-Rocket-Build-Number
X-Sigma
X-Sigma-Backend
X-RateLimit-Limit-Second
X-Date
X-UnsetCookies
X-RateLimit-Remaining-Second
X-Req
X-Accel-Expires-Debug
Time
X-Lb-Id
Memory
X-Presslabs-Stats
Vha6-Origin
X-Pf-Uncompressing
Media-Length
X-Oracle-DMS-ECID
X-Pad
Epwk-X-Cache
X-MiniProfiler-Ids
Env
X-Men
X-APP
X-LiteSpeed-Tag
X-Zone
Cf-Ipcountry
CPC-Age
X-Acquia-Purge-Tags
VNS-Age
VNS-Cache
CPC-Cache
X-Acquia-Application-UUID
X-Request-Url
X-Varnish-URL
X-Acquia-Application-Trace
X-Acquia-Site
X-Air-Trace-Id
X-ElasticPress-Query
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-Varnish-Beresp-TTL
Xet-Cookie
X-Akamai-ERPolicy
X-Snapshot-Date
X-ElasticPress-Search
X-Vcache
X-Request-URL
X-Csrf-Token
X-Akamai-ERRuleID
X-B3-Parentspanid
URI
X-Litespeed-Cache-Control
X-Tx-Id
CountryCode
X-Tid
X-Nananana
X-Traceid
X-Akamai-Request-ID
X-Redis-Duration-Ms
X-Amz-Meta-Cb-Modifiedtime
X-C
X-Storefront-Renderer-Verified
X-Debug-Cache-Store
X-Debug-Cache-Fetch
Ohc-Response-Time
Phost
X-ServerName
X-Redis-Count
Inserted-Into-Cache-At
Environment
NnCoection