Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Feature-Policy
X-AspNetMvc-Version
Status
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-Via
Upgrade
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Report-To
X-Amz-Request-Id
Host-Header
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Rq
X-Varnish-Cache
X-LiteSpeed-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
NEL
X-Dns-Prefetch-Control
X-Amz-Version-Id
X-Cache-Spec
X-WebKit-CSP
X-Device
X-CST
Allow
Xkey
X-Backend-Server
X-Vhost
X-Host
X-Server-Id
EagleEye-TraceId
Request-Id
Surrogate-Control
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-CH
X-Ruxit-JS-Agent
Accept-CH-Lifetime
P3p
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Template
X-Cache-Lookup
X-Country
X-Language
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
Rating
Accept-Ch
X-Origin-Cache
X-Cnection
X-MS-InvokeApp
X-HW
X-Url
Accept-Ch-Lifetime
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
X-GitHub-Request-Id
Edge-Control
X-ORACLE-DMS-ECID
X-Trace
X-ESI
X-FastCGI-Cache
X-Content-Type
X-Middleton-Response
X-Sol
X-Middleton-Display
Response
Pagespeed
Display
X-D2id
Arr-Disable-Session-Affinity
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Kinja-Build
X-Kinja
X-Cdn-Fetch
X-Exp-Variant
X-GoogleNews-Bot
X-Vcap-Request-Id
X-Exp-Id
Verso
X-Goog-Hash
X-ORACLE-DMS-RID
X-Buckets
X-Rack-Cache
X-Country-Code
X-Server-Name
X-Navigation-Version
Service-Worker-Allowed
X-Varnish-TTL
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Powered-By-Plesk
X-Fastly-Request-ID
X-Webkit-CSP
X-Client-IP
X-Pinterest-Rid
X-Cache-TTL
Pinterest-Version
Pinterest-Generated-By
Fastly-Restarts
X-Release
X-SharePointHealthScore
X-MSEdge-Ref
SPRequestGuid
X-Dw-Request-Base-Id
X-Element-Page-Cache
SPIisLatency
X-Oneagent-Js-Injection
SPRequestDuration
X-Cached
X-NF-Request-ID
Public-Key-Pins
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
RTSS
X-TTL
X-Edge
X-SRCache-Store-Status
X-SRCache-Fetch-Status
Access-Control-Request-Method
AR-ATIME
AR-PoweredBy
AR-CACHE
AR-Request-ID
Ar-Sid
X-LLID
X-Powered-CMS
X-Ttl
X-Origin-Upstream-Status
X-Ezoic-Cdn
X-Px
X-Upstream
Fusion-Deployment-Id
Fusion-Content-Source
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
Content-MD5
Fusion-Content-Id
Cache-Tag
X-HP-Webp
X-Jurisdiction
X-Mid
X-MCACHE
X-ECACHE
S
X-Version
X-Mg-S
X-Recruiting
Charset
X-Content-Digest
X-PressLabs-Stats
X-Amz-Server-Side-Encryption
Fastcgi-Cache
X-Kinsta-Cache
X-T
X-Litespeed-Cache
TCN
MicrosoftSharePointTeamServices
Cache-Tags
X-Content-Security-Policy-Report-Only
Front-End-Https
Filters
X-Debug
X-Pinterest-Direct
X-Grace
X-Accel-Expires
X-DynaTrace
Edge-Cache-Tag
X-Logged-In
Server-Node
X-Id
X-Forwarded-Proto
X-Correlation-Id
Server-Name
Nginx-Cache
X-Amzn-Trace-Id
TP-L2-Cache
TP-Cache
X-Kong-Proxy-Latency
Surrogate-Key
X-Kong-Upstream-Latency
X-Forwarded-For
X-Yandex-Sdch-Disable
X-Varnish-Age
X-B3-Sampled
X-Request-Processing-Time
X-Request-Received
X-Ruxit-Js-Agent
X-Microsite
X-Request-Handler-Origin-Region
X-Ser
X-Shield-Request-Id
X-Hits
X-AppVersion
X-Az
X-Activity-Id
X-Kinja-Server-Push
X-Amz-Replication-Status
X-XRDS-Location
X-DIS-Request-ID
X-HS-Hub-Id
X-F-Cache
X-HS-Combine-CSS
X-HS-Cache-Config
X-XRDS-LOCATION
X-HS-Content-Id
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Origin-Server
Accept-Charset
X-Cache-Key
X-Git-Hash
X-Geo-Country
Cache
X-Respond-Thread
Powered-By-ChinaCache
X-Rid
Alternate-Protocol
X-FTR-Request-ID
X-LB-Cache
X-Frontend
Section-Io-Cache
X-Upgrade-Enabled
X-DataDome
Host
X-Hostname
Access-Control-Allow-Method
X-Mobile-URL
X-NWS-LOG-UUID
X-Server-ID
X-Seen-By
X-Cache-Age
X-AOL-HN
Paypal-Debug-Id
MS-CV
Healthy
X-VCache
Cleartype
X-Time
X-Content-Options
X-TEC-API-VERSION
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-IPLB-Instance
X-Type
X-TT
X-Varnish-Backend
X-Whom
X-App-Environment
X-Cache-Action
ServerID
X-Request-Guid
X-Providence-Cookie
X-Is-Crawler
X-Route-Name
X-Aspnet-Duration-Ms
X-Jobs
Payment
X-Flags
X-Page-Id
X-Debug-Info
X-B-Cache
X-Signature
X-Source
X-WebKit-CSP-Report-Only
Fastcgi-Useragent
X-N
X-Fastcgi-Cache
X-Daa-Tunnel
X-Load-Cache
X-Mobile
X-FB-Debug
X-RateLimit-Remaining
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
X-Via-JSL
Nel
Version
Refresh
X-Cache-Rule
X-Cache-Operation
X-Akamai-Edgescape
X-Cached-By
X-Accel-Buffering
X-Original-Request-Id
X-Wix-Request-Id
X-Response-Served-From
X-Rule
X-Drupal-Cache-Tags
Viewport
X-Contextid
X-Proxy
X-Cacheable-TTL
X-Framework
DC
X-RemovedCookies
X-ProcessESI
Node
Realpath
X-Zen-Fury
Access-Control-Request-Headers
X-RTag
Ms-Operation-Id
X-Cache-Time
X-Real-IP
X-Instance
X-B
X-HTML-Minification-Powered-By
X-Distributor
X-Region
DynaTrace
X-UUID
Referer-Policy
X-Tt-Trace-Tag
X-Tt-Trace-Host
Eomportal-Instance
X-Drupal-Cache-Contexts
X-Page-View
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Cluster-Name
X-FW-Serve
X-FW-Static
X-Cache-Expired-At
X-FW-Server
Countrycode
VIX-Pulpo-Upstream-Status
VIX-Pulpo-Node
X-FW-Dynamic
X-FW-Hash
X-FW-Type
X-Content-Powered-By
X-Cache-Control
X-G
X-Environment-Context
X-L-Path
X-IPS-LoggedIn
X-Tumblr-Pixel-1
GEO-INFO
X-Tumblr-Pixel-0
Liferay-Portal
X-Cache-Hit
X-Tumblr-Pixel
X-Tumblr-User
Server-Info
X-App-Server
X-Pass-Why
X-FireWall-Port
X-User-Agent
X-Varnish-Ttl
Section-Io-Origin-Status
From-Origin
Webserver
X-Ratelimit-Limit
Section-Io-Id
X-Tumblr-Pixel-2
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Node-Name
Ec-Rule-Version
X-Protected-By
CF-IPCountry
Protected
X-Www-Served-By
Xserver
SRV
X-Cache-Server
X-Backend-Name
X-RN-RSRV
X-Hl-Ver
X-Revision
Meta-Geo
X-Handled-By
X-Mode
Frame-Options
X-UPSTREAM-Address
X-ES-SERVER
X-Endurance-Cache-Level
X-Soup
X-Site-Version
Cache-Tv-Group
X-Locale
X-FB-TRIP-ID
Cache-Status
X-Uri
X-Nginx-Cache
Country
X-Human
X-Be
X-Ratelimit-Remaining
X-Forwarded-Host
X-Labrador-Cache-Channel
X-Hyper-Cache
X-PHP-Host
X-NYM-Debug-Backend
X-Varnishpool
X-Web-Node
X-Storage
X-Cache-Grace
Fastly-SSL
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
X-Origin-Date
X-Request-Time
X-Origin-Hint
Azure-SiteName
X-Proxy-Build
Azure-RegionName
Azure-InstanceId
X-Proto
Azure-SlotName
X-Pubstack
Cache-Name
X-UA-Device-Type
Azure-Version
X-Redis-Cache
X-S-Maxage
TWC-Device-Class
Webcakes-App-Version
X-MP-GENERATED-AT
X-Timing-Wait
Webcakes-App-Name
Webcakes-Region
X-ProxyCache-Key
X-Adobe-Content
X-Adobe-Loc
X-TT-LOGID
X-BYPASS-REASON
TWC-Privacy
X-ProxyCache-Status
TWC-GeoIP-Country
Selected-Fe
TWC-Connection-Speed
TWC-Locale-Group
Property-Id
TWC-GeoIP-LatLong
X-Amz-Meta-S3cmd-Attrs
X-Hosted-By
X-OCL
X-Sql-Duration-Ms
X-No-Session
Retry-After
X-Format
X-Via-Fastly
X-PCL
X-FW-Version
X-Sql-Count
X-SayCDN-TTL
X-Section
X-WA-Info
X-Server-W
X-TNCMS
X-Loop
X-Say-Cacheable
X-AIR-PT
X-Access
X-Say-TTL
X-Cluster
X-PERF
X-ApacheServer
X-Debug-IsConnected
X-LAGOON
X-Debug-IsPreview
X-LJ-Flow-ID
X-AWS-Id
X-Status
X-R9-Blue-Green-Version
X-VWS-Id
X-ShopId
X-Shopify-Stage
X-ShardId
Mn-Server-Ip
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-Cache-TTL-Remaining
X-Device-Type
X-Storefront-Renderer-Rendered
X-Alternate-Cache-Key
X-Zipkin-Id
X-Routing-Service
X-Proxied
X-CCM
X-Xfnlog-Site
X-Is-Bot
X-Qloud-Router
X-Rendered-As
X-Via-CDN
Cache-Hits
Apigw-Requestid
S-Cnection
X-Info
X-Varnish-Grace
X-FTR-Backend-Server
X-FTR-Balancer
X-FTR-Cache-Status
X-FTR-Backend
X-FTR-DC
X-Country-Code-Real
X-FTR-Realm
X-Cdn
X-Varnish-Server
X-SRV
X-GG-Cache-Date
X-FTR-Expires
X-B3-Traceid
X-Detected-As
X-Cache-Enabled
X-Dc
AMP-Access-Control-Allow-Source-Origin
X-Microcachable
X-Cache-Host
X-Content-Age
X-Platform
X-Amzn-RequestId
X-EdgeConnect-Cache-Status
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Air-Hostname
Amp-Access-Control-Allow-Source-Origin
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Unique-Id
X-Aspnetmvc-Version
X-Cache-Var
X-Cache-Var-Map
Uber-Trace-Id
X-Azure-Ref
X-Backend-Host
Tracecode
X-NWS-UUID-VERIFY
X-Proxy-Cache-Status
SD-X-WS
X-Time-Microsecs
X-CSRF-Token
X-GEO
Akamai-GRN
X-DynaTrace-JS-Agent
X-Backend-TTL
X-ServerID
X-ATG-Version
X-Trace-Id
X-Oss-Request-Id
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-ID
X-Cache-Backend
X-Tb
X-Oss-Server-Time
X-Oss-Storage-Class
X-App-Version
X-Correlation-ID
X-TA-CDN-Provider
X-BCube-Filmed-By
Backend
X-Akamai-Transformed
ServedBy
DSUID
X-RCS-CacheZone
X-Varnish-Hostname
X-Cache-PHP
X-Cache-NGX
X-From
X-External-Request-Id
BehaviorPad-Version
X-Fetched-On
X-Generated-On
X-Device-Os
X-Debug-Cache
X-Matched-Rule
X-Origin-CC
X-Location
X-Level-Front-Cache
X-GeoIP-City
DCR-Decision-By
X-Generation-Time
X-D
X-Aed
X-A-Wwc
X-A-Dgt
X-Application
X-ARC
Rendered-Blocks
X-B-Cookie
SR-User-Adfree
T-Server
X-A-Dam
X-A-Ccd
X-A
X-A-Dcw
Thinkindot-Control
Thinkindot-CacheControl
Thinkindot-CacheControl-Type
Release
Path
Instruction
X-Connection-Hash
Lfy
X-Magnolia-Registration
X-Destination
Expiry
Fastcgi-X-Cache-Version
X-CF-Lambda-Version
Machine
Odigeo-Trace-Id
X-Cache-NE
Mobile-Detection-Method
Meta-Geo-Continent
X-CF-Lambda-Fn
MD5-Digest
DCR-Processing-Time-Ms
X-Varnish-Cache-Hits
X-Vdms-Version
X-ScT
X-Trv-Group
X-Processor
X-VG-WebCache
X-Vdms-Path
X-S-Cookie
X-Session-Fingerprint
X-Request-UUID
X-Rojux
X-S
X-Rewrite-Enabled
X-VG-WebServer
X-Vtex-Remote-Cache
Xc-Version
X-SRCache-Key
X-Origin-TTL
X-PAYTM-SRV-ID
X-Owner
X-PBS-Appsvrname
X-Vtex-Processado-Em
X-Thinkindot-L3
Arc-Version
PB-PID
HostName
PB-RID
X-Sucuri-ID
X-APP-VERSION
DB-Nickname
C-Via
X-SVT-ORM-VERSION
X-SVT-ORM-RULES
AKAMAI
X-Thanos
Cache-Host
Cf-Device-Type
X-Origin-Response-Time
X-Swa-Ws
Gh-Request-Id
X-VServer
X-Bip
X-Azure-Ref-OriginShield
Server-Host
UCS
Ssr
X-Cache-Bucket
Pagetype
X-Tumblr-Pixel-3
Fastly-Backend-Name
X-FC-Vary-Parameters
Host-ID
X-Cdn-Origin
X-TrackingId
CacheControlHeader
X-JWT-State
X-Ms-Version
X-Is-Gdpr
X-Irp-Debug
X-HS-Content-Campaign-Id
X-Ms-Request-Id
X-NewRelic-App-Data
X-OVcl-Cache
X-OVcl
X-Node-Id
X-Mvc-Supplant-Cachable
X-Micro-Cache
X-Has-Esi
X-Reqid
X-Sn-Servicetimems
X-GeoIP
X-Geo-Header
X-Skip-Cache
X-NAPM-TraceId
X-CS
X-B3-SpanId
X-Nginx-Cache-Key
X-Eu-Site
X-Wikidot-Backend
X-Generated-In
X-Esi-Check
Wxu-Next-Hostname
X-LI-UUID
X-Branch-Name
X-Policy
X-Backend-State
X-DPWN-IS-SECURE
X-Wikidot-Static-Cache
X-Adobe-Source
X-Origin
X-Origin-Expires
X-Cms-Context
Wxu-Next-Region
X-Core-Value
On-Server
X-Old-Content-Length
X-Generated-By
CloudFront-Viewer-Country
Content-Disposition
NGX
X-Cache-Id
X-Fastly-Cache
X-CUA
X-Var-Ttl
X-Csrf-Jwt
X-Variation
X-Clientip
X-HN
X-User
X-Gzip
X-Developer
X-DefHash
X-Developers
X-DefElseHash
X-Varnish-Beresp-Grace
X-CGP
X-VarnishDD-TTL
X-Cache-Tags
X-Scheme
X-Cache-Info
X-Li-Pop
X-Li-Fabric
X-Varnish-Remaining-TTL
X-Request-Host
X-Varnish-CookieHashed-On
X-Fastly-Backend
X-Varnish-CookieINHashed-On
X-Varnish-Hits
X-Dispatcher-Server
X-IP
Is-Eu
X-Cdn-Forward
NM-Fastcgi-Cache
HA-Ipaddr
Pramga
PFcat
Wxu-Next-Commit
Platform
Ha-Gx-Prefs
Server-Hostname
Server-Ext
Location
Magicmarker
Adler-Geo
Sever-Int
L
L5d-Success-Class
V-Age
Locid
X-Erf-Stays-Bingo-Pdp-Web
User-Cache-Control
CDN-Cache
CDCHOST
X-Varnish-Beresp-Status
X-Loc
X-Hash
X-Goog-Meta-Goog-Reserved-File-Mtime
X-TX-ID
X-Method
X-Request-URI
CDN-CachedAt
X-Slack-Backend
X-SIPLIST1
X-Servername
X-Varnish-Beresp-Ttl
CDN-RequestCountryCode
X-NU-AKA-ACS-Version
X-Hnp-Log
X-GoCache-CacheStatus
X-Gen-Mode
X-Platform-Server
X-Ratelimit-Reset
X-WADP-Cache
X-Rebelmouse-Surrogate-Control
X-Rebelmouse-Cache-Control
X-Fmm-Version
X-Envoy-Decorator-Operation
CDN-Uid
CDN-RequestId
X-Gamma-Serve
CDN-PullZone
Fastly-SIE
Web-Mar-Node
X-Clara-WADP
X-Cache-Expires
X-Block-Status
CDN-EdgeStorageId
Fastly-SWR
IsBot
Fastly-Drupal-HTML
Cf-Bgj
X-Cache-Date
Origin
Rt-Fastcgi-Cache
True-Client-Country-4JS
Vix-Hermes-Req-Id
X-Dynatrace
X-EC-Lua
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
X-Aicache-OS
Apple-News-Services-Handled
X-Cache-Debug
X-VG-TLSProxy
X-Core-Mission
X-LB-ID
X-Refresh
X-Request-Start
X-Mvc-Supplant-OutputCached
X-NCache
Esi-Enabled
X-CACHE-GROUP
X-PF-Uncompressing
X-Via-Popv
X-Varnish-Url
Url
Sid
X-Via-Popn
X-Via-Poph
X-Oracle-Dms-Rid
X-Nc
X-NC
X-Cache-Remote
Who
X-CACHE-KEY
Country-Code
X-FireWall-Protection
X-Response-By
Pics-Label
X-Esi
X-Epic-Correlation-Id
X-Varnish-Cacheable
X-B3-Spanid
S-Rt
X-Unique-ID
Xkeyi7
X-Proxy-Cachei7
X-Tb-Optimization-Total-Bytes-Saved
Req-Svc-Chain
X-Planisys-CDN-TTL
X-RateLimit-Limit
X-Planisys-CDN-Cache
N-Cache
X-BBXSRF
X-Host-Name
X-Planisys-CDN-Rules
X-DC
X-TraceId
Content-Secure-Policy
X-Webkit-Csp
X-Error
X-Srv
X-Cache-2
Source
Cross-Origin-Window-Policy
Ohc-File-Size
X-Webkit-CSP-Report-Only
Cteonnt-Length
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
X-Cache-ASPX
X-Varnish-Authentication
Geo-Info
X-Cc-Req-Id
X-CLOUD-TRACE-CONTEXT
X-Cc-Via
Server-Ttl
Cmsid
Kp-EeAlive
D-Cc-Upstream
X-HS-Status
Cmstype
HitType
X-Sucuri-Cache
GeoIp-Country-Code
Geoip-Latitude
X-Served-From
X-Servedbyhost
X-Wa
X-CDN-Forward
MIME-Version
X-Svr
Svr
X-URL
Cache-Key
Filterid
VivaBuild
Viewtype
X-Server-IP
A
Resin-Trace
X-RAMCache
Server-ID
X-LI-Proto
X-Gdpr
M-TraceId
X-API-Version
X-Cache-Config
X-FPC
X-Cs
X-Vcl-Version
X-Nyt-Route
X-Origin-Time
X-VC
SID
CACHE
X-SN
X-Li-Proto
Arc-Country
Hostname
X-Air-Source
Cross-Origin-Opener-Policy
TDXMobile
X-Vgn-Hpd-Reason
X-HostName
X-HOST
NtCoent-Length
Ohc-Cache-HIT
X-VCL-Version
X-Check-Cacheable
Tcn
Server-Id
X-SB
XServer
Request-ID
X-NodeID
X-Webstats-RespID
NGB
X-UA
X-DB
X-DI
GeoIP-Latitude
GeoIP-Country-Code
X-SD-PageType
X-Internal-Host
Cache-Provider
X-FORWARDED-FOR
X-DSS
X-Newrelic-Synthetics
X-CCDN-CacheTTL
X-NGINX-Cache
X-CCDN-Origin-Time
X-DW
X-TIM-N
X-Hcs-Proxy-Type
X-RPM
X-RPS
X-Viewer-Country
X-RSL
X-TIME
Srv
X-WA
X-Render-Time
X-Service
X-Vc
Mime-Version
X-ServedByHost
X-App
ProcessTime
X-BBC-Edge-Cache-Status
X-Action
X-JoinUs
EpKe-Alive
X-NGENIX-Cache
X-PHP-Backend
X-SaId
X-Edge-Location
X-Extlb
X-Geo
X-Dynatrace-Js-Agent
X-FTR-Cache-Host
X-Ua
X-Forwarded-Site
FSS-Cache
X-Oss-Cdn-Auth
X-Via-NSCOPI
X-Fpc
X-CF-Powered-By
X-Auto-Login
Upgrade-Insecure-Requests
Processtime
X-Worker
X-Cdn-Request-ID
Datacenter
DataCenter
X-Provided-By
X-CSRF-TOKEN
X-Cluster-Node
Proxy-Connection
W
X-HITS
X-Swift-Error
CF-Cached-On
X-Dw-Trace-Id
Memcached
We-Hiring
Surrogated-Key
Cdn
X-MSEdge-Flight
X-Fastly-Backend-Reqs
X-Accel-Expires-Debug
X-Req
X-MSEdge-Features
X-Proxy-Upstream
X-Ftr-Cache-Host
Mail-Subject
X-BACKEND-TTL
X-Region-Sid
X-Depends-On
X-VC-Cache
X-Bc-Bl
CDN
X-Parent-Response-Time
X-PJAX-URL
X-Date
LB
X-Client-Ip
X-CACHE-AGE
X-Sigma
Env
X-UnsetCookies
X-Pf-Uncompressing
PICS-Label
X-BBC-Origin-Response-Status
Dnion-Transfer-Encoding
X-Cache-Tag
X-Hello
X-RateLimit-Remaining-Second
X-Rocket-Build-Number
X-Pad
X-Flog
X-Sigma-Backend
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Fastly-Request-Id
X-ABtesting
X-RateLimit-Limit-Second
X-Akamai-Pragma-Client-IP
X-ZONE
X-Acquia-Purge-Tags
Media-Length
X-Zone
X-Acquia-Site
X-Men
X-Air-Trace-Id
X-APP
X-Presslabs-Stats
X-Acquia-Application-UUID
OT-Force-Account-Verify
Vha6-Origin
X-Acquia-Application-Trace
X-Oracle-DMS-ECID
VNS-Cache
Epwk-X-Cache
VNS-Age
X-Via-PopH
CPC-Age
Time
X-LiteSpeed-Tag
Memory
X-ND-Cache
X-Via-PopN
CPC-Cache
X-Via-PopV
Cf-Ipcountry
X-Varnish-Beresp-TTL
X-Request-Url
X-ElasticPress-Query
X-Varnish-URL
WZWS-RAY
X-Vcache
X-Akamai-ERPolicy
X-Csrf-Token
X-Akamai-ERRuleID
X-MiniProfiler-Ids
X-Request-URL
Xet-Cookie
X-Snapshot-Date
X-Lb-Id
X-ElasticPress-Search
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-Tx-Id
CountryCode
X-Amz-Meta-Cb-Modifiedtime
X-Tid
X-Litespeed-Cache-Control
Content-Script-Type
Content-Style-Type
X-Redis-Duration-Ms
X-Redis-Count
URI
Environment
X-Storefront-Renderer-Verified
X-C
X-ServerName
X-Traceid
NnCoection
X-Debug-Cache-Fetch
X-Debug-Cache-Store
Ohc-Response-Time
Phost
X-B3-Parentspanid
Inserted-Into-Cache-At