Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
CF-RAY
Cf-Request-Id
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Request-ID
X-Xss-Protection
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
X-Ua-Compatible
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-AspNetMvc-Version
Feature-Policy
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
X-Proxy-Cache
X-Cache-Group
EagleId
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
X-Dns-Prefetch-Control
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Amz-Version-Id
X-Cache-Spec
NEL
X-Device
X-CST
X-WebKit-CSP
Allow
Xkey
X-Vhost
X-Host
X-Backend-Server
X-Server-Id
EagleEye-TraceId
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Akam-SW-Version
X-Ruxit-JS-Agent
Accept-CH
P3p
X-ASPNET-VERSION
X-Ac
X-Application-Context
X-Cache-Lookup
X-Country
Accept-CH-Lifetime
X-Template
X-Language
X-Mod-Pagespeed
X-Readtime
Accept-Ch
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Accept-Ch-Lifetime
Rating
X-Origin-Cache
X-HW
X-MS-InvokeApp
X-Cnection
X-Url
X-Vname
X-TtlSet
X-PC
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-ORACLE-DMS-ECID
X-Trace
X-Content-Type
Pagespeed
X-Sol
X-Middleton-Response
X-Middleton-Display
Display
Response
X-D2id
Arr-Disable-Session-Affinity
X-Use-Magma
X-Kinja-Build
X-Cdn-Fetch
X-Kinja-Revision
X-Kinja
X-Exp-Variant
X-GoogleNews-Bot
X-Exp-Id
X-Kinja-Server
Verso
X-ORACLE-DMS-RID
X-Vcap-Request-Id
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-FastCGI-Cache
X-Varnish-TTL
X-Buckets
X-Navigation-Version
X-Server-Name
Service-Worker-Allowed
X-Powered-By-Plesk
X-Amz-Rid
X-VARITI-CCR
X-Abt-Application-Version
X-TTL
X-Fastly-Request-ID
X-Client-IP
X-Cache-TTL
X-Webkit-CSP
Fastly-Restarts
X-Pinterest-Rid
Pinterest-Version
Pinterest-Generated-By
X-Cached
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-Element-Page-Cache
X-NF-Request-ID
SPRequestDuration
SPIisLatency
X-Oneagent-Js-Injection
X-B3-TraceId-Primal
Mrf-Cache-Status
Public-Key-Pins
MRF-Tech
RTSS
Access-Control-Request-Method
AR-Request-ID
X-SRCache-Fetch-Status
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-ATIME
X-SRCache-Store-Status
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
Cache-Tag
Content-MD5
X-Upstream
X-Origin-Upstream-Status
X-Litespeed-Cache
X-Px
Fusion-Content-Source
Fusion-Deployment-Id
Fusion-Source
Fusion-Content-Id
Fusion-Template-Id
Fusion-Component-Id
X-HP-Webp
X-Jurisdiction
S
X-Version
X-MCACHE
X-ECACHE
X-Mid
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-T
X-Ttl
Cache-Tags
X-Id
MicrosoftSharePointTeamServices
Filters
X-Content-Security-Policy-Report-Only
Front-End-Https
X-DynaTrace
X-Logged-In
X-Accel-Expires
Server-Node
Edge-Cache-Tag
X-Debug
X-Forwarded-Proto
X-Grace
TCN
X-Forwarded-For
TP-L2-Cache
TP-Cache
Server-Name
X-XRDS-LOCATION
Nginx-Cache
X-Amzn-Trace-Id
X-Correlation-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Received
X-Request-Processing-Time
Surrogate-Key
X-Pinterest-Direct
X-Shield-Request-Id
X-Varnish-Age
X-B3-Sampled
X-Yandex-Sdch-Disable
X-Request-Handler-Origin-Region
X-Microsite
X-Ser
X-Az
X-AppVersion
X-Hits
X-Activity-Id
X-Amz-Replication-Status
X-F-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-HS-Content-Id
X-DIS-Request-ID
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Ruxit-Js-Agent
X-Origin-Server
X-Fastcgi-Cache
Accept-Charset
X-Geo-Country
Alternate-Protocol
X-Git-Hash
X-Rid
X-Respond-Thread
Cache
X-Frontend
Section-Io-Cache
X-Cache-Key
X-FTR-Request-ID
Nel
X-XRDS-Location
Host
X-LB-Cache
X-Upgrade-Enabled
X-DataDome
X-Time
Access-Control-Allow-Method
X-NWS-LOG-UUID
X-Seen-By
X-Mobile-URL
X-Cache-Age
MS-CV
X-VCache
Paypal-Debug-Id
X-TT
ServerID
X-AOL-HN
Healthy
X-IPLB-Instance
X-Hostname
Cleartype
Powered-By-ChinaCache
X-Whom
X-Varnish-Backend
X-Content-Options
X-Type
X-Route-Name
X-Flags
X-App-Environment
X-Aspnet-Duration-Ms
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
Payment
X-B-Cache
X-Cache-Action
X-Server-ID
X-Signature
X-Page-Id
X-Source
X-Jobs
Fastcgi-Useragent
X-WebKit-CSP-Report-Only
X-Debug-Info
X-Load-Cache
X-Daa-Tunnel
X-N
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-FB-Debug
X-Mobile
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
X-Via-JSL
Realpath
X-Contextid
Refresh
Version
Node
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
X-Wix-Request-Id
X-RateLimit-Remaining
X-Cached-By
X-Rule
X-Drupal-Cache-Tags
DC
X-Proxy
X-Framework
X-Zen-Fury
Ms-Operation-Id
X-Akamai-Edgescape
X-RTag
X-Cacheable-TTL
X-RemovedCookies
X-ProcessESI
Viewport
X-Real-IP
X-Cache-Operation
X-HTML-Minification-Powered-By
X-Cache-Time
X-Instance
Access-Control-Request-Headers
X-Distributor
X-Cache-Rule
X-B
Eomportal-Instance
Referer-Policy
X-Drupal-Cache-Contexts
X-UUID
X-Region
X-Page-View
X-Cache-Expired-At
X-Tt-Trace-Tag
X-Tt-Trace-Host
X-Cluster-Name
VIX-Pulpo-Upstream-Status
Countrycode
Liferay-Portal
X-FW-Dynamic
X-FW-Type
X-FW-Server
X-Cache-Control
VIX-Pulpo-Node
X-FW-Hash
X-Content-Powered-By
X-FW-Static
X-FW-Serve
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-G
X-IPS-LoggedIn
X-Cache-Hit
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Environment-Context
X-L-Path
DynaTrace
X-FireWall-Port
X-Pass-Why
Server-Info
X-App-Server
X-Ratelimit-Limit
Xserver
GEO-INFO
X-User-Agent
Section-Origin-Responded
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Io-Origin-Status
X-Protected-By
CF-IPCountry
X-Varnish-Ttl
Ec-Rule-Version
From-Origin
X-Ratelimit-Remaining
X-Tumblr-Pixel-2
Webserver
X-Www-Served-By
SRV
X-Node-Name
Protected
X-Nginx-Cache
X-Cache-Server
X-UPSTREAM-Address
X-ES-SERVER
Meta-Geo
X-RN-RSRV
X-Debug-IsPreview
X-Debug-IsConnected
X-Backend-Name
X-Mode
X-Endurance-Cache-Level
X-Hl-Ver
X-Handled-By
X-Adobe-Loc
Frame-Options
X-Uri
X-Locale
X-Site-Version
X-FB-TRIP-ID
Cache-Tv-Group
X-Device-Type
X-Adobe-Content
Cache-Status
X-NYM-Debug-Backend
X-PHP-Host
X-UA-Device-Type
X-Varnishpool
X-Soup
X-MP-GENERATED-AT
X-Web-Node
X-Labrador-Cache-Channel
X-Storage
X-Be
TWC-GeoIP-Country
TWC-Device-Class
TWC-Connection-Speed
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-App-Name
TWC-Privacy
Selected-Fe
Property-Id
Country
Cache-Name
X-Via-Fastly
X-Timing-Wait
Decoy-Debug-Key
Fastly-SSL
Decoy-Debug-TTL
Webcakes-App-Version
Webcakes-Region
X-Proto
X-Sql-Count
X-PCL
X-Proxy-Build
X-ProxyCache-Key
X-Pubstack
X-ProxyCache-Status
X-Origin-Hint
X-Origin-Date
X-Human
X-Request-Time
X-BYPASS-REASON
X-Redis-Cache
X-Sql-Duration-Ms
X-OCL
X-No-Session
X-WA-Info
Decoy-Debug-Status
X-Hyper-Cache
X-TNCMS
X-Say-Cacheable
Azure-Version
X-LJ-Flow-ID
Azure-SlotName
Azure-InstanceId
Azure-RegionName
Azure-SiteName
X-LAGOON
X-R9-Blue-Green-Version
X-Format
X-FW-Version
X-Hosted-By
X-S-Maxage
X-AWS-Id
X-Access
X-AIR-PT
X-Say-TTL
Retry-After
X-Server-W
X-VWS-Id
X-Loop
X-Section
X-SayCDN-TTL
X-Status
X-Shopify-Stage
X-ShardId
X-Cluster
X-Storefront-Renderer-Rendered
X-Revision
X-Forwarded-Host
X-ShopId
X-Sorting-Hat-PodId
X-CCM
X-Alternate-Cache-Key
X-Cache-TTL-Remaining
X-Sorting-Hat-ShopId
X-Xfnlog-Site
X-ApacheServer
X-Cache-Grace
X-PERF
X-Varnish-Grace
Mn-Server-Ip
X-TT-LOGID
X-Routing-Service
X-Tec-Api-Origin
X-Zipkin-Id
X-SRV
X-Tec-Api-Version
X-Tec-Api-Root
X-Proxied
X-Webkit-Csp
X-Rendered-As
X-Is-Bot
Apigw-Requestid
X-Dc
X-Amz-Meta-S3cmd-Attrs
X-Varnish-Server
X-Qloud-Router
X-Info
S-Cnection
AMP-Access-Control-Allow-Source-Origin
X-FTR-Balancer
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-Via-CDN
X-FTR-Cache-Status
X-FTR-Backend-Server
X-GG-Cache-Date
Cache-Hits
X-Cache-Enabled
X-Microcachable
X-Content-Age
X-Platform
X-Cdn
Uber-Trace-Id
X-Proxy-Cache-Status
X-Detected-As
X-Cache-Host
X-TA-CDN-Provider
X-Azure-Ref
X-EdgeConnect-Cache-Status
X-Backend-Host
X-FTR-Expires
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Amzn-RequestId
X-CSRF-Token
X-NWS-UUID-VERIFY
X-Correlation-ID
X-Aspnetmvc-Version
X-Air-Hostname
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
Tracecode
Akamai-GRN
X-ATG-Version
X-Time-Microsecs
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Server-Time
X-App-Version
X-Unique-Id
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
X-Cache-Var-Map
X-Cache-Var
HostName
X-ServerID
X-Backend-TTL
X-Trace-Id
ServedBy
X-Tb
X-Debug-Cache
X-RCS-CacheZone
X-DynaTrace-JS-Agent
X-Varnish-Hostname
X-Cdn-Forward
X-Cache-NGX
X-BCube-Filmed-By
X-Cache-PHP
X-GEO
X-B3-SpanId
Backend
X-Sucuri-ID
DB-Nickname
X-TX-ID
DSUID
X-Location
X-Level-Front-Cache
X-Ms-Request-Id
X-Ms-Version
X-Device-Os
X-Aed
X-A-Wwc
X-A-Dgt
X-A-Dcw
X-Application
X-ARC
Odigeo-Trace-Id
X-B-Cookie
Path
Release
Rendered-Blocks
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Thinkindot-Control
T-Server
SR-User-Adfree
X-A-Dam
X-A-Ccd
X-A
Mobile-Detection-Method
Meta-Geo-Continent
X-External-Request-Id
X-Destination
X-D
DCR-Decision-By
BehaviorPad-Version
X-Fetched-On
X-Generation-Time
X-Generated-On
X-From
DCR-Processing-Time-Ms
Expiry
X-Cache-NE
Machine
MD5-Digest
X-CF-Lambda-Fn
X-CF-Lambda-Version
Fastcgi-X-Cache-Version
X-Connection-Hash
Instruction
X-GeoIP-City
X-PAYTM-SRV-ID
X-Trv-Group
X-ScT
X-Session-Fingerprint
X-VG-WebCache
X-Origin-CC
X-S-Cookie
X-Vtex-Remote-Cache
X-Rojux
X-Processor
X-S
X-Origin-TTL
X-Owner
X-Vtex-Processado-Em
X-Magnolia-Registration
X-Request-UUID
Xc-Version
X-NAPM-TraceId
X-PBS-Appsvrname
X-VG-WebServer
X-Thinkindot-L3
X-SRCache-Key
X-Rewrite-Enabled
X-Vdms-Path
X-Vdms-Version
X-Akamai-Transformed
X-Adobe-Source
X-Cache-Backend
CacheControlHeader
X-Fastly-Cache
X-FC-Vary-Parameters
Pagetype
Arc-Version
X-Azure-Ref-OriginShield
C-Via
On-Server
Content-Disposition
Gh-Request-Id
X-Cms-Context
X-Core-Value
X-Cache-Bucket
Host-ID
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
X-TrackingId
Fastly-Backend-Name
Cf-Device-Type
NGX
X-Bip
AKAMAI
X-Skip-Cache
X-Tumblr-Pixel-3
X-Micro-Cache
PB-RID
Server-Host
X-CS
X-OVcl-Cache
UCS
X-VServer
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Is-Gdpr
X-Node-Id
X-Mvc-Supplant-Cachable
X-APP-VERSION
X-JWT-State
X-Varnish-Cache-Hits
X-Has-Esi
X-OVcl
X-GeoIP
X-Thanos
PB-PID
X-Geo-Header
X-Reqid
User-Cache-Control
X-CACHE-KEY
X-Wikidot-Backend
X-Branch-Name
X-User
X-Wikidot-Static-Cache
X-Cache-Info
X-Cache-Id
X-Variation
X-Backend-State
V-Age
Web-Mar-Node
X-Varnish-CookieINHashed-On
X-Block-Status
X-Varnish-Remaining-TTL
X-Var-Ttl
Wxu-Next-Hostname
X-Varnish-CookieHashed-On
Wxu-Next-Commit
X-VarnishDD-TTL
X-Varnish-Beresp-Grace
X-WADP-Cache
X-Developers
X-GoCache-CacheStatus
X-Gzip
X-HN
X-Hnp-Log
X-Platform-Server
X-Policy
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-IP
X-Origin-Response-Time
X-LI-UUID
X-NU-AKA-ACS-Version
X-Matched-Rule
X-Nginx-Cache-Key
X-Old-Content-Length
X-Li-Pop
X-Origin-Expires
X-Origin
X-Li-Fabric
X-Generated-In
X-Generated-By
X-CUA
X-Scheme
X-DefElseHash
X-DefHash
X-Csrf-Jwt
X-Clientip
X-Swa-Ws
X-CGP
X-Clara-WADP
X-Developer
X-Dispatcher-Server
X-Fmm-Version
X-Request-Host
X-Gen-Mode
X-Fastly-Backend
X-Eu-Site
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Esi-Check
X-Cache-Tags
Wxu-Next-Region
X-B3-Traceid
X-NewRelic-App-Data
PFcat
Lfy
Locid
L5d-Success-Class
Location
NM-Fastcgi-Cache
CDN-RequestId
Adler-Geo
Magicmarker
Fastly-SIE
CDN-Uid
Fastly-SWR
CDN-RequestCountryCode
Platform
Ha-Gx-Prefs
Sever-Int
CDN-Cache
Ssr
CDN-EdgeStorageId
CDN-CachedAt
CDN-PullZone
CDCHOST
Is-Eu
Server-Hostname
Server-Ext
HA-Ipaddr
Cache-Host
L
X-Cache-Debug
X-Cache-Expires
IsBot
X-LB-ID
X-Varnish-Beresp-Status
Rt-Fastcgi-Cache
True-Client-Country-4JS
X-Varnish-Beresp-Ttl
X-Varnish-Hits
X-EC-Lua
X-VG-TLSProxy
Vix-Hermes-Req-Id
Cf-Bgj
X-Slack-Backend
X-Gamma-Serve
X-Method
X-Request-URI
CloudFront-Viewer-Country
X-SIPLIST1
X-Hash
X-ID
X-Nc
Sid
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Loc
X-Sn-Servicetimems
Apple-News-Services-Handled
Apple-News-Services-Host
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
X-Kinja-Server-Push
Fastly-Drupal-HTML
Pramga
Origin
X-Cdn-Origin
X-CLOUD-TRACE-CONTEXT
X-NCache
X-Via-Popv
X-Cache-Date
X-Aicache-OS
X-Via-Poph
X-Via-Popn
X-PF-Uncompressing
X-Servername
X-Mvc-Supplant-OutputCached
Esi-Enabled
Who
X-Refresh
X-Varnish-Url
Country-Code
X-Core-Mission
X-Unique-ID
X-Erf-Stays-Bingo-Pdp-Web
X-Request-Start
X-Tb-Optimization-Total-Bytes-Saved
X-Epic-Correlation-Id
Pics-Label
Url
Geo-Info
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-FireWall-Protection
Req-Svc-Chain
X-Planisys-CDN-Rules
X-TraceId
X-NC
X-Cache-Remote
X-Dynatrace
X-Response-By
Filterid
Tcn
X-Varnish-Cacheable
Xkeyi7
S-Rt
Cmstype
Source
X-Error
Cmsid
X-RateLimit-Limit
X-Proxy-Cachei7
X-Served-From
Content-Secure-Policy
X-HS-Status
Kp-EeAlive
N-Cache
GeoIp-Country-Code
Geoip-Latitude
X-BBXSRF
Svr
X-Webkit-CSP-Report-Only
X-B3-Spanid
HitType
A
Viewtype
VivaBuild
X-Cache-2
X-DC
Cache-Key
X-Host-Name
X-Srv
Server-Ttl
X-Vcl-Version
X-Sucuri-Cache
Cross-Origin-Window-Policy
X-Cache-ASPX
X-Cc-Req-Id
D-Cc-Upstream
Ohc-File-Size
X-Varnish-Authentication
X-Contensis-Viewer-Groups
M-TraceId
MIME-Version
X-LiteSpeed-Cache-Control
NGB
X-Cc-Via
Cteonnt-Length
X-URL
TDXMobile
Cross-Origin-Opener-Policy
Arc-Country
X-Li-Proto
X-HostName
X-Air-Source
X-Servedbyhost
X-Svr
X-Wa
X-Oracle-Dms-Rid
NtCoent-Length
Server-ID
X-Vgn-Hpd-Reason
X-Esi
X-Cs
X-Server-IP
X-CDN-Forward
CACHE
X-LI-Proto
X-Vc
X-ServedByHost
X-WA
X-Gdpr
X-Cache-Config
X-FPC
X-Nyt-Route
X-API-Version
X-Origin-Time
X-RAMCache
X-HOST
Server-Id
X-VC
SID
X-Viewer-Country
X-NGENIX-Cache
X-PHP-Backend
X-SaId
X-JoinUs
X-SN
DataCenter
X-Check-Cacheable
Resin-Trace
X-Service
Request-ID
X-Internal-Host
X-Edge-Location
X-UA
X-Geo
X-DB
Cache-Provider
X-Webstats-RespID
X-VCL-Version
Mime-Version
X-DI
X-NodeID
X-RSL
X-TIM-N
X-CCDN-CacheTTL
X-Hcs-Proxy-Type
X-CCDN-Origin-Time
X-RPS
X-RPM
X-SB
X-DSS
X-Newrelic-Synthetics
X-DW
Hostname
Ohc-Cache-HIT
GeoIP-Country-Code
X-Via-NSCOPI
GeoIP-Latitude
X-SD-PageType
FSS-Cache
Srv
X-App
X-Forwarded-Site
X-Extlb
CF-Cached-On
XServer
X-NGINX-Cache
X-BBC-Edge-Cache-Status
X-Render-Time
X-Action
X-Bc-Bl
ProcessTime
X-FTR-Cache-Host
X-TIME
X-PJAX-URL
EpKe-Alive
Surrogated-Key
X-Fpc
X-Depends-On
X-Date
X-Accel-Expires-Debug
We-Hiring
Memcached
X-Proxy-Upstream
X-CF-Powered-By
Mail-Subject
X-Region-Sid
X-Req
X-VC-Cache
X-Oss-Cdn-Auth
Upgrade-Insecure-Requests
LB
X-Ua
X-Swift-Error
X-Dynatrace-Js-Agent
X-ZONE
X-Provided-By
Env
X-RateLimit-Remaining-Second
X-RateLimit-Limit-Second
W
X-UnsetCookies
X-FORWARDED-FOR
X-Worker
X-Auto-Login
Processtime
X-HITS
X-Cdn-Request-ID
X-MSEdge-Features
X-Dw-Trace-Id
Time
Cdn
Memory
X-MSEdge-Flight
CDN
X-Ftr-Cache-Host
X-BACKEND-TTL
X-CSRF-TOKEN
X-Cluster-Node
X-Fastly-Backend-Reqs
X-Rocket-Build-Number
X-Sigma
X-Air-Trace-Id
X-Men
X-APP
PICS-Label
Proxy-Connection
X-Sigma-Backend
X-Client-Ip
X-CACHE-AGE
X-Akamai-Pragma-Client-IP
X-BBC-Origin-Response-Status
X-ABtesting
VNS-Age
VNS-Cache
X-Hello
CPC-Cache
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
CPC-Age
Datacenter
X-Flog
Dnion-Transfer-Encoding
X-Cache-Tag
X-Fastly-Request-Id
X-Parent-Response-Time
X-Zone
Media-Length
X-Pad
X-Pf-Uncompressing
X-Acquia-Application-Trace
X-Acquia-Site
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Oracle-DMS-ECID
Vha6-Origin
X-Presslabs-Stats
X-Via-PopH
X-Via-PopN
X-Via-PopV
Epwk-X-Cache
OT-Force-Account-Verify
X-LiteSpeed-Tag
Cf-Ipcountry
X-Ms-Meta-Originalurl
X-ServerName
X-Lb-Id
X-ElasticPress-Query
X-Request-URL
Fastcgi-Cache-TTL
My-App
State
X-Snapshot-Date
X-MiniProfiler-Ids
X-Ms-Meta-Staticbatchstarttime
X-Varnish-Beresp-TTL
X-Varnish-URL
WZWS-RAY
Xet-Cookie
X-Akamai-ERPolicy
X-Akamai-ERRuleID
X-ElasticPress-Search
X-ND-Cache
X-Csrf-Token
X-Vcache
X-Request-Url
CountryCode
Content-Script-Type
X-Apw-Access-Token
X-Apw-Hits
X-Litespeed-Cache-Control
X-Apw-Access-Object
Ohc-Response-Time
NnCoection
X-Redis-Duration-Ms
X-Apw-Access-Action
Content-Style-Type
X-Amz-Meta-Cb-Modifiedtime
X-C
Inserted-Into-Cache-At
URI
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Storefront-Renderer-Verified
X-Traceid
Phost
Environment
X-B3-Parentspanid
X-Tid
X-Redis-Count