Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
P3P
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
Feature-Policy
X-AspNetMvc-Version
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-Robots-Tag
X-AH-Environment
Request-Context
X-Proxy-Cache
EagleId
Server-Timing
X-Cache-Group
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-LiteSpeed-Cache
X-Rq
X-Varnish-Cache
P3p
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
NEL
X-Amz-Version-Id
X-Cache-Spec
Xkey
X-WebKit-CSP
Allow
X-CST
X-Device
X-Vhost
X-Host
X-Backend-Server
EagleEye-TraceId
X-Server-Id
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
X-Ruxit-JS-Agent
Accept-CH
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Ac
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Cloud-Trace-Context
X-Mod-Pagespeed
X-Readtime
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
Accept-Ch
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
Accept-Ch-Lifetime
X-Vname
X-TtlSet
X-PC
X-ORACLE-DMS-ECID
X-GitHub-Request-Id
Edge-Control
X-Clacks-Overhead
X-ESI
X-Trace
X-FastCGI-Cache
X-Content-Type
X-Sol
Display
Response
X-Middleton-Response
X-Middleton-Display
Pagespeed
X-Kinja
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Cdn-Fetch
X-Vcap-Request-Id
Arr-Disable-Session-Affinity
X-D2id
Verso
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-ORACLE-DMS-RID
X-Country-Code
X-Server-Name
Service-Worker-Allowed
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Navigation-Version
X-Amz-Rid
X-Fastly-Request-ID
X-Powered-By-Plesk
X-Webkit-CSP
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Client-IP
X-Cache-TTL
X-Kinja-Server-Push
SPRequestGuid
X-SharePointHealthScore
X-Release
Fastly-Restarts
SPRequestDuration
SPIisLatency
X-MSEdge-Ref
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-Oneagent-Js-Injection
X-Cached
X-NF-Request-ID
X-Ttl
Public-Key-Pins
Mrf-Cache-Status
X-B3-TraceId-Primal
MRF-Tech
RTSS
Ar-Sid
AR-CACHE
AR-Request-ID
AR-PoweredBy
AR-ATIME
X-Edge
X-SRCache-Fetch-Status
X-SRCache-Store-Status
Access-Control-Request-Method
X-LLID
X-Origin-Upstream-Status
X-Powered-CMS
X-Px
X-TTL
X-Ezoic-Cdn
X-Upstream
Content-MD5
Fusion-Content-Source
Fusion-Content-Id
Fusion-Component-Id
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
X-HP-Webp
X-Jurisdiction
Cache-Tag
X-MCACHE
X-Mid
X-ECACHE
S
X-Mg-S
X-Version
Charset
X-Recruiting
X-Content-Digest
X-Amz-Server-Side-Encryption
X-PressLabs-Stats
TCN
X-Pinterest-Direct
Fastcgi-Cache
MicrosoftSharePointTeamServices
X-Kinsta-Cache
Front-End-Https
X-T
X-Content-Security-Policy-Report-Only
X-Debug
Filters
X-Id
X-Grace
Cache-Tags
Edge-Cache-Tag
Server-Node
X-Accel-Expires
X-Logged-In
X-Forwarded-Proto
X-Forwarded-For
X-DynaTrace
X-Correlation-Id
Server-Name
X-Amzn-Trace-Id
Surrogate-Key
X-Yandex-Sdch-Disable
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
TP-L2-Cache
TP-Cache
X-XRDS-Location
Nginx-Cache
X-Varnish-Age
X-B3-Sampled
X-Ser
X-Request-Handler-Origin-Region
X-Microsite
X-Server-ID
X-Request-Processing-Time
X-Request-Received
X-Shield-Request-Id
X-Hits
X-DIS-Request-ID
X-Amz-Replication-Status
X-Cache-Key
X-F-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Storage-Class
X-Goog-Metageneration
X-Az
X-AppVersion
X-Goog-Generation
X-HS-Cache-Config
X-HS-Combine-CSS
X-HS-Hub-Id
X-Activity-Id
X-HS-Content-Id
X-Litespeed-Cache
Accept-Charset
Powered-By-ChinaCache
X-Git-Hash
X-Origin-Server
X-Geo-Country
X-Respond-Thread
X-FTR-Request-ID
Cache
X-XRDS-LOCATION
X-LB-Cache
Section-Io-Cache
X-Hostname
X-Rid
X-Upgrade-Enabled
X-Frontend
Alternate-Protocol
X-DataDome
Access-Control-Allow-Method
X-Ruxit-Js-Agent
Host
X-Mobile-URL
X-Cache-Age
Cleartype
X-Seen-By
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Paypal-Debug-Id
X-Time
X-Content-Options
X-VCache
MS-CV
X-AOL-HN
X-IPLB-Instance
Healthy
X-Whom
X-App-Environment
X-Aspnet-Duration-Ms
X-NWS-LOG-UUID
X-Varnish-Backend
X-TT
Payment
X-Providence-Cookie
ServerID
X-Flags
X-Is-Crawler
X-Route-Name
X-Request-Guid
X-Type
X-Cache-Action
X-Debug-Info
X-Signature
X-Jobs
X-B-Cache
X-Page-Id
Fastcgi-Useragent
X-Source
X-WebKit-CSP-Report-Only
X-RateLimit-Remaining
X-Load-Cache
X-Mobile
X-Fastcgi-Cache
X-N
X-Daa-Tunnel
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-FB-Debug
X-Via-JSL
Nel
Version
X-Cached-By
X-Akamai-Edgescape
X-Cache-Operation
X-Cache-Rule
Refresh
X-Accel-Buffering
Viewport
X-Response-Served-From
X-Original-Request-Id
X-Wix-Request-Id
X-Drupal-Cache-Tags
X-Cacheable-TTL
X-Framework
X-Rule
X-Zen-Fury
X-Proxy
Access-Control-Request-Headers
DC
X-Contextid
X-Real-IP
X-RemovedCookies
X-ProcessESI
X-RTag
Node
DynaTrace
Ms-Operation-Id
X-Region
X-HTML-Minification-Powered-By
Referer-Policy
Realpath
X-Instance
X-Page-View
X-Cache-Time
X-Distributor
X-Drupal-Cache-Contexts
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-UUID
Eomportal-Instance
X-Cache-Expired-At
GEO-INFO
Countrycode
X-FW-Serve
X-FW-Hash
X-B
X-FW-Server
X-Cluster-Name
X-FW-Dynamic
X-FW-Static
X-FW-Type
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Environment-Context
X-L-Path
X-IPS-LoggedIn
X-Cache-Control
X-Content-Powered-By
Liferay-Portal
X-G
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Cache-Hit
X-Node-Name
Server-Info
X-User-Agent
X-Varnish-Ttl
X-App-Server
Webserver
X-Pass-Why
From-Origin
X-Tumblr-Pixel-2
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-FireWall-Port
X-Ratelimit-Limit
Ec-Rule-Version
X-Protected-By
Protected
SRV
CF-IPCountry
Xserver
X-Amz-Meta-S3cmd-Attrs
X-Revision
X-Cache-Server
Frame-Options
Meta-Geo
X-Www-Served-By
X-Backend-Name
X-ES-SERVER
X-UPSTREAM-Address
X-Mode
X-RN-RSRV
X-Site-Version
X-Handled-By
X-Hl-Ver
X-Hyper-Cache
X-Locale
X-Soup
X-FB-TRIP-ID
X-Endurance-Cache-Level
Cache-Status
X-Cache-Grace
X-Varnishpool
X-Human
X-Web-Node
X-Forwarded-Host
X-PHP-Host
X-Labrador-Cache-Channel
X-ProxyCache-Key
X-Redis-Cache
X-ProxyCache-Status
X-UA-Device-Type
X-Timing-Wait
X-Pubstack
Cache-Tv-Group
X-BYPASS-REASON
X-Be
X-TT-LOGID
X-Uri
Cache-Name
X-Proxy-Build
X-Request-Time
X-NYM-Debug-Backend
Country
X-Storage
Selected-Fe
Retry-After
X-Origin-Date
X-No-Session
X-SayCDN-TTL
Decoy-Debug-TTL
X-Origin-Hint
Decoy-Debug-Status
X-Proto
X-Say-Cacheable
Decoy-Debug-Key
X-Say-TTL
Azure-Version
X-Loop
X-Via-Fastly
Azure-SlotName
X-Sql-Count
X-AIR-PT
X-Sql-Duration-Ms
TWC-Device-Class
TWC-Connection-Speed
Azure-InstanceId
TWC-GeoIP-Country
Webcakes-App-Name
TWC-Privacy
Webcakes-App-Version
Webcakes-Region
TWC-GeoIP-LatLong
X-Hosted-By
Property-Id
Azure-SiteName
X-TNCMS
Fastly-SSL
X-WA-Info
TWC-Locale-Group
Azure-RegionName
X-Adobe-Loc
X-S-Maxage
X-Adobe-Content
X-LJ-Flow-ID
X-LAGOON
X-OCL
X-VWS-Id
X-ApacheServer
X-MP-GENERATED-AT
X-Status
X-Access
X-Section
X-Format
X-FW-Version
X-AWS-Id
X-PCL
X-Server-W
X-PERF
X-Cache-TTL-Remaining
Mn-Server-Ip
X-Alternate-Cache-Key
X-Via-CDN
X-ShardId
X-Sorting-Hat-PodId
X-Cluster
X-Storefront-Renderer-Rendered
X-Shopify-Stage
X-R9-Blue-Green-Version
X-Nginx-Cache
X-ShopId
X-Sorting-Hat-ShopId
X-Qloud-Router
X-Proxied
X-Zipkin-Id
X-Routing-Service
X-CCM
X-Is-Bot
X-Rendered-As
X-Device-Type
X-Xfnlog-Site
X-FTR-Realm
X-FTR-DC
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Backend
X-FTR-Balancer
X-FTR-Cache-Status
S-Cnection
X-Ratelimit-Remaining
Cache-Hits
X-Debug-IsPreview
X-Debug-IsConnected
X-FTR-Expires
X-Info
X-Cdn
Apigw-Requestid
X-SRV
X-Detected-As
X-Dc
X-Cache-Var-Map
X-Cache-Host
X-Cache-Enabled
X-Cache-Var
X-Amz-Apigw-Id
X-Microcachable
X-Air-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Grace
X-Varnish-Server
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Content-Age
X-GG-Cache-Date
X-Unique-Id
X-EdgeConnect-Cache-Status
X-Tec-Api-Version
X-Aspnetmvc-Version
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Tec-Api-Root
X-Platform
Tracecode
X-GEO
SD-X-WS
X-Azure-Ref
X-CSRF-Token
X-Time-Microsecs
Uber-Trace-Id
X-Backend-Host
X-DynaTrace-JS-Agent
X-Proxy-Cache-Status
X-ServerID
X-Cache-Backend
X-TA-CDN-Provider
X-Backend-TTL
X-NWS-UUID-VERIFY
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-Tb
Backend
X-Oss-Request-Id
Akamai-GRN
X-Oss-Storage-Class
X-Oss-Server-Time
X-ATG-Version
DSUID
X-BCube-Filmed-By
X-Trace-Id
X-Oracle-Dms-Rid
X-Correlation-ID
X-Dynatrace
X-APP-VERSION
ServedBy
X-Erf-Stays-Bingo-Pdp-Web
X-NewRelic-App-Data
X-Varnish-Hostname
X-RCS-CacheZone
X-Akamai-Transformed
X-A-Wwc
X-Cache-NGX
X-CF-Lambda-Fn
X-From
X-Cache-PHP
X-Origin-CC
X-External-Request-Id
Instruction
X-Fetched-On
X-Device-Os
X-CF-Lambda-Version
X-Connection-Hash
X-A
X-Destination
X-D
X-Magnolia-Registration
Expiry
X-A-Ccd
X-GeoIP-City
Odigeo-Trace-Id
T-Server
Fastcgi-X-Cache-Version
PB-PID
Arc-Version
BehaviorPad-Version
X-ARC
X-Vtex-Processado-Em
X-A-Dgt
X-SRCache-Key
DCR-Processing-Time-Ms
X-A-Dcw
X-Vtex-Remote-Cache
X-B-Cookie
X-Application
X-Trv-Group
X-Vdms-Path
X-Vdms-Version
X-VG-WebCache
X-VG-WebServer
Pramga
Meta-Geo-Continent
Machine
Release
X-Aed
MD5-Digest
X-Session-Fingerprint
Mobile-Detection-Method
X-PAYTM-SRV-ID
X-PBS-Appsvrname
DCR-Decision-By
X-Processor
X-Cache-NE
SR-User-Adfree
PB-RID
Xc-Version
X-Origin-TTL
Lfy
X-A-Dam
X-S-Cookie
X-Rewrite-Enabled
Rendered-Blocks
X-Request-UUID
Path
X-ScT
X-S
X-Rojux
X-Debug-Cache
X-Ms-Version
X-Ms-Request-Id
X-Cdn-Origin
X-Cache-Bucket
X-Bip
C-Via
Cache-Host
X-Micro-Cache
X-Origin-Response-Time
X-Sucuri-ID
X-Skip-Cache
X-Node-Id
HostName
X-VServer
X-Mvc-Supplant-Cachable
X-App-Version
X-Sn-Servicetimems
X-Thinkindot-L3
X-TrackingId
X-Thanos
X-Swa-Ws
X-SVT-ORM-RULES
X-SVT-ORM-VERSION
X-Matched-Rule
X-B3-Traceid
X-Location
UCS
Thinkindot-CacheControl-Type
X-GeoIP
Thinkindot-Control
X-Generated-On
X-FC-Vary-Parameters
Thinkindot-CacheControl
X-Level-Front-Cache
X-Generation-Time
X-Varnish-Cache-Hits
X-Owner
X-Irp-Debug
X-B3-SpanId
Wxu-Next-Commit
Server-Ext
Pagetype
Wxu-Next-Hostname
Ssr
Sever-Int
Server-Hostname
Wxu-Next-Region
X-JWT-State
X-Policy
X-Reqid
X-Request-Host
X-OVcl-Cache
X-OVcl
X-Nginx-Cache-Key
X-Origin-Expires
X-Scheme
X-Tumblr-Pixel-3
X-Wikidot-Backend
X-Wikidot-Static-Cache
X-NAPM-TraceId
X-Varnish-Hits
X-Varnish-Beresp-Grace
X-User
X-Var-Ttl
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Cache-Tags
X-CGP
X-Clientip
X-Cache-Info
X-Cache-Date
X-Azure-Ref-OriginShield
X-Backend-State
X-Csrf-Jwt
X-Developer
X-Geo-Header
X-Has-Esi
X-Generated-By
X-Fastly-Cache
X-Eu-Site
X-Fastly-Backend
X-Adobe-Source
X-Generated-In
Gh-Request-Id
Ha-Gx-Prefs
Host-ID
L
AKAMAI
Fastly-Backend-Name
CacheControlHeader
Cf-Device-Type
CloudFront-Viewer-Country
L5d-Success-Class
HA-Ipaddr
Locid
NGX
User-Cache-Control
X-Cdn-Forward
X-TX-ID
X-ID
X-Varnish-CookieHashed-On
X-DefHash
X-Gen-Mode
X-Gamma-Serve
X-Dispatcher-Server
X-DefElseHash
X-Varnish-CookieINHashed-On
X-Branch-Name
X-Cms-Context
X-Cache-Id
X-DPWN-IS-SECURE
X-Fmm-Version
X-Variation
X-GoCache-CacheStatus
X-Li-Pop
X-LI-UUID
X-Servername
X-CUA
X-Core-Value
X-Esi-Check
X-Old-Content-Length
X-Gzip
X-Li-Fabric
X-Envoy-Decorator-Operation
X-IP
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Status
X-VarnishDD-TTL
X-NU-AKA-ACS-Version
X-WADP-Cache
On-Server
X-Platform-Server
X-Ratelimit-Reset
X-Slack-Backend
X-SIPLIST1
X-Request-URI
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
Adler-Geo
X-Method
V-Age
X-Clara-WADP
X-Hnp-Log
X-HN
X-Hash
Server-Host
Platform
Is-Eu
DB-Nickname
X-Loc
X-CS
NM-Fastcgi-Cache
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Developers
Fastly-SIE
Fastly-SWR
Fastly-Drupal-HTML
Content-Disposition
CDCHOST
Cf-Bgj
X-Varnish-Remaining-TTL
IsBot
PFcat
Origin
Magicmarker
Rt-Fastcgi-Cache
Location
X-Block-Status
Web-Mar-Node
X-Cache-Expires
X-Cache-Debug
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Vix-Hermes-Req-Id
True-Client-Country-4JS
X-Origin
CDN-EdgeStorageId
CDN-RequestCountryCode
X-VG-TLSProxy
X-Core-Mission
CDN-Uid
CDN-RequestId
X-EC-Lua
CDN-Cache
X-Request-Start
CDN-PullZone
Apple-News-Services-Handled
CDN-CachedAt
X-PF-Uncompressing
X-Cache-Remote
X-Mvc-Supplant-OutputCached
X-Aicache-OS
X-LB-ID
X-NC
Url
X-Varnish-Url
X-Refresh
X-NCache
X-CACHE-GROUP
Sid
X-Via-Popn
Esi-Enabled
X-Response-By
X-Via-Poph
S-Rt
X-Varnish-Cacheable
X-Via-Popv
X-Host-Name
X-Proxy-Cachei7
Pics-Label
Xkeyi7
X-Tb-Optimization-Total-Bytes-Saved
X-FireWall-Protection
X-B3-Spanid
X-BBXSRF
X-Epic-Correlation-Id
N-Cache
Country-Code
X-Webkit-CSP-Report-Only
X-Unique-ID
Who
X-Nc
Ohc-File-Size
X-DC
X-Error
Req-Svc-Chain
Cross-Origin-Window-Policy
X-Webkit-Csp
X-Cache-2
Content-Secure-Policy
X-RateLimit-Limit
X-Srv
X-TraceId
X-Cache-ASPX
X-Sucuri-Cache
X-Planisys-CDN-TTL
X-CACHE-KEY
Server-Ttl
X-Cc-Via
D-Cc-Upstream
X-Planisys-CDN-Rules
X-Cc-Req-Id
X-Planisys-CDN-Cache
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Wa
X-Svr
HitType
Cteonnt-Length
Source
CACHE
X-HS-Status
MIME-Version
X-Servedbyhost
X-CDN-Forward
Cmstype
GeoIp-Country-Code
Cmsid
Geoip-Latitude
X-Server-IP
Kp-EeAlive
X-URL
X-Cs
X-Origin-Time
X-LiteSpeed-Cache-Control
X-Gdpr
Svr
X-FPC
X-API-Version
X-Cache-Config
X-Served-From
X-Nyt-Route
Geo-Info
Viewtype
X-Esi
Cache-Key
X-LI-Proto
X-SN
A
VivaBuild
X-VC
Server-ID
Ohc-Cache-HIT
X-Webstats-RespID
Hostname
M-TraceId
SID
Resin-Trace
X-Vcl-Version
X-SB
X-NodeID
X-RAMCache
X-VCL-Version
Filterid
X-NGINX-Cache
NtCoent-Length
X-HOST
Request-ID
Arc-Country
Cross-Origin-Opener-Policy
X-Check-Cacheable
X-SD-PageType
X-Li-Proto
X-Vgn-Hpd-Reason
Server-Id
X-Air-Source
X-UA
GeoIP-Latitude
GeoIP-Country-Code
Cache-Provider
X-RPM
X-CCDN-Origin-Time
X-Internal-Host
X-Viewer-Country
X-RSL
XServer
X-Hcs-Proxy-Type
TDXMobile
X-Render-Time
X-TIM-N
X-RPS
X-CCDN-CacheTTL
X-DI
X-DSS
X-DB
X-DW
X-TIME
X-Vc
X-App
X-BBC-Edge-Cache-Status
NGB
Srv
EpKe-Alive
X-Ua
X-HostName
X-Newrelic-Synthetics
X-Service
ProcessTime
Processtime
X-Action
X-ServedByHost
X-WA
X-Auto-Login
X-Worker
X-CF-Powered-By
Mime-Version
Datacenter
X-FTR-Cache-Host
Upgrade-Insecure-Requests
X-Fpc
Tcn
X-Oss-Cdn-Auth
X-CLOUD-TRACE-CONTEXT
X-JoinUs
X-NGENIX-Cache
X-Ftr-Cache-Host
X-Dynatrace-Js-Agent
X-SaId
X-Cluster-Node
Proxy-Connection
X-Parent-Response-Time
X-Geo
X-CSRF-TOKEN
X-Via-NSCOPI
X-PHP-Backend
FSS-Cache
X-FORWARDED-FOR
X-Extlb
CDN
X-Forwarded-Site
CF-Cached-On
X-HITS
X-Edge-Location
X-Fastly-Backend-Reqs
DataCenter
X-MSEdge-Flight
Cdn
X-BBC-Origin-Response-Status
X-Dw-Trace-Id
X-MSEdge-Features
X-BACKEND-TTL
X-CACHE-AGE
X-Swift-Error
X-Cdn-Request-ID
X-Client-Ip
X-Accel-Expires-Debug
Mail-Subject
LB
We-Hiring
X-Hello
Surrogated-Key
X-Bc-Bl
X-ABtesting
X-Flog
X-Date
X-Fastly-Request-Id
W
OT-Force-Account-Verify
PICS-Label
X-Region-Sid
Dnion-Transfer-Encoding
X-Proxy-Upstream
X-Req
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Cache-Tag
X-Provided-By
X-Akamai-Pragma-Client-IP
X-Depends-On
Memcached
X-Presslabs-Stats
Media-Length
X-Oracle-DMS-ECID
X-Rocket-Build-Number
X-Zone
X-Sigma-Backend
X-Sigma
X-VC-Cache
Env
X-Via-PopV
X-Via-PopN
Vha6-Origin
X-ND-Cache
X-RateLimit-Remaining-Second
X-Via-PopH
X-RateLimit-Limit-Second
X-UnsetCookies
X-PJAX-URL
X-Pf-Uncompressing
WZWS-RAY
Memory
Epwk-X-Cache
X-MiniProfiler-Ids
X-Lb-Id
X-Air-Trace-Id
Time
X-Men
X-Pad
X-LiteSpeed-Tag
X-ZONE
X-APP
Cf-Ipcountry
VNS-Age
VNS-Cache
CPC-Age
CPC-Cache
X-Varnish-URL
X-Vcache
X-Varnish-Beresp-TTL
X-Request-Url
X-Akamai-ERRuleID
X-Acquia-Application-UUID
X-Request-URL
X-ElasticPress-Query
X-Acquia-Purge-Tags
X-Acquia-Site
X-Acquia-Application-Trace
X-Akamai-ERPolicy
X-Snapshot-Date
Xet-Cookie
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
X-Csrf-Token
X-ElasticPress-Search
URI
CountryCode
X-Pjax-Url
X-Amz-Meta-Cb-Modifiedtime
X-Tid
X-C
X-Litespeed-Cache-Control
X-Storefront-Renderer-Verified
X-Debug-Cache-Store
NnCoection
X-Debug-Cache-Fetch
X-B3-Parentspanid
Phost
X-Traceid
X-Redis-Duration-Ms
X-ServerName
Ohc-Response-Time
Environment
X-Redis-Count
Inserted-Into-Cache-At