Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-Cacheable
X-DNS-Prefetch-Control
Timing-Allow-Origin
X-Content-Security-Policy
X-Iinfo
X-Ua-Compatible
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Cache-Group
X-Proxy-Cache
Server-Timing
X-Backend
X-Server
X-Hacker
Host-Header
Report-To
X-Server-Powered-By
X-Dns-Prefetch-Control
X-Amz-Request-Id
X-Nginx-Cache-Status
X-Amz-Id-2
Grace
X-UA-Device
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Device
X-Amz-Version-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-CST
NEL
X-WebKit-CSP
X-Vhost
Allow
X-Host
X-Backend-Server
X-Server-Id
Xkey
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
X-Node
Request-Id
Content-Location
X-Response-Time
X-Akam-SW-Version
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
Accept-Ch
P3p
Accept-Ch-Lifetime
X-ASPNET-VERSION
X-Application-Context
X-Ac
X-Cache-Lookup
X-Country
X-Ruxit-JS-Agent
X-Mod-Pagespeed
X-Template
Accept-CH
X-Language
X-Readtime
X-B3-TraceId
MS-Author-Via
X-Cloud-Trace-Context
Rating
X-HW
X-Url
Accept-CH-Lifetime
X-Cnection
X-Origin-Cache
X-MS-InvokeApp
X-Vname
X-PC
X-TtlSet
Edge-Control
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
X-Trace
X-Varnish-TTL
X-ORACLE-DMS-RID
Response
Display
Pagespeed
X-Middleton-Display
X-Middleton-Response
X-Sol
X-Content-Type
X-D2id
X-ORACLE-DMS-ECID
Verso
Arr-Disable-Session-Affinity
X-Oneagent-Js-Injection
X-Kinja-Server
X-GoogleNews-Bot
X-Vcap-Request-Id
X-Exp-Variant
X-Kinja-Build
X-Kinja-Revision
X-Kinja
X-Cdn-Fetch
X-Use-Magma
X-Exp-Id
X-Country-Code
X-Goog-Hash
X-Rack-Cache
X-Powered-By-Plesk
X-Navigation-Version
X-VARITI-CCR
Service-Worker-Allowed
X-TTL
X-Server-Name
X-Amz-Rid
X-Fastly-Request-ID
X-Abt-Application-Version
X-Buckets
Fastly-Restarts
X-Client-IP
X-Cached
X-Cache-TTL
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
X-NF-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-Pinterest-Rid
Pinterest-Generated-By
Pinterest-Version
SPRequestDuration
Mrf-Cache-Status
SPIisLatency
MRF-Tech
X-B3-TraceId-Primal
Public-Key-Pins
Access-Control-Request-Method
RTSS
X-FastCGI-Cache
Cache-Tag
X-Webkit-CSP
AR-PoweredBy
AR-ATIME
AR-CACHE
AR-Request-ID
Ar-Sid
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Upstream
X-Litespeed-Cache
X-Ruxit-Js-Agent
Content-MD5
X-Version
X-Jurisdiction
X-HP-Webp
X-Fastcgi-Cache
X-Origin-Upstream-Status
S
X-Recruiting
X-Mid
Charset
X-ECACHE
X-MCACHE
Fusion-Content-Source
Fusion-Content-Id
X-Mg-S
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Component-Id
X-Kinsta-Cache
X-DynaTrace
X-Content-Digest
X-Px
X-PressLabs-Stats
X-T
Fastcgi-Cache
Cache-Tags
X-Ttl
X-Id
X-Amz-Server-Side-Encryption
X-Accel-Expires
X-Logged-In
Filters
X-Forwarded-Proto
X-Content-Security-Policy-Report-Only
Server-Node
Edge-Cache-Tag
Front-End-Https
TP-L2-Cache
MicrosoftSharePointTeamServices
TP-Cache
X-Correlation-Id
Server-Name
X-Forwarded-For
X-Grace
Nginx-Cache
Nel
X-XRDS-LOCATION
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-Hits
X-Request-Received
X-Request-Processing-Time
TCN
X-Debug
X-Amzn-Trace-Id
X-B3-Sampled
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Microsite
X-Varnish-Age
X-Activity-Id
X-Az
X-AppVersion
X-Yandex-Sdch-Disable
Surrogate-Key
X-Amz-Replication-Status
X-F-Cache
X-HS-Combine-CSS
Alternate-Protocol
X-HS-Hub-Id
X-HS-Cache-Config
X-HS-Content-Id
X-Origin-Server
X-Ser
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-DIS-Request-ID
Accept-Charset
X-Geo-Country
X-Rid
X-Frontend
Section-Io-Cache
Host
X-Git-Hash
X-NWS-LOG-UUID
X-Respond-Thread
X-XRDS-Location
X-Time
X-Cache-Age
X-Hostname
X-LB-Cache
Access-Control-Allow-Method
X-Upgrade-Enabled
X-DataDome
X-Mobile-URL
X-VCache
MS-CV
X-Pinterest-Direct
X-Seen-By
ServerID
Paypal-Debug-Id
X-Type
Cache
X-IPLB-Instance
Payment
X-TT
Healthy
X-Varnish-Backend
X-Content-Options
X-Source
X-Whom
X-Daa-Tunnel
X-Route-Name
X-AOL-HN
X-Request-Guid
X-Aspnet-Duration-Ms
X-App-Environment
X-Is-Crawler
X-Flags
X-Providence-Cookie
X-Server-ID
Cleartype
X-Signature
X-B-Cache
X-Cache-Action
X-Page-Id
Fastcgi-Useragent
X-FTR-Request-ID
X-RateLimit-Remaining
X-WebKit-CSP-Report-Only
X-Cache-Key
X-N
X-Jobs
X-Debug-Info
X-Load-Cache
Realpath
X-Contextid
X-FB-Debug
X-Mobile
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Powered-By-ChinaCache
X-Webkit-Csp
Node
X-Rule
Refresh
X-Cache-Expired-At
X-Accel-Buffering
X-Response-Served-From
X-Original-Request-Id
DC
Ms-Operation-Id
Version
X-Drupal-Cache-Tags
X-RTag
X-Wix-Request-Id
X-Proxy
X-Cacheable-TTL
X-Framework
X-Zen-Fury
X-HTML-Minification-Powered-By
Referer-Policy
X-Content-Powered-By
X-B
X-Instance
X-Cache-Control
X-ProcessESI
X-RemovedCookies
X-Real-IP
VIX-Pulpo-Node
X-Distributor
VIX-Pulpo-Upstream-Status
X-Cache-Time
X-Page-View
X-Via-JSL
Access-Control-Request-Headers
X-Cluster-Name
X-Tt-Trace-Tag
Viewport
Eomportal-Instance
X-Region
X-Tt-Trace-Host
X-UUID
X-Drupal-Cache-Contexts
X-FW-Hash
X-FW-Dynamic
X-IPS-LoggedIn
X-FireWall-Port
X-FW-Static
X-FW-Type
X-FW-Server
X-Cached-By
X-FW-Serve
Countrycode
X-Akamai-Edgescape
X-Cache-Rule
Liferay-Portal
X-Cache-Operation
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-G
X-TEC-API-ROOT
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Cache-Hit
X-Tumblr-User
X-Yottaa-Optimizations
X-Pass-Why
X-Yottaa-Metrics
X-App-Server
X-Environment-Context
X-L-Path
Xserver
SRV
X-Tec-Api-Root
X-Tec-Api-Version
X-Tec-Api-Origin
X-Nginx-Cache
Server-Info
Section-Io-Origin-Status
CF-IPCountry
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Www-Served-By
DynaTrace
Section-Io-Id
X-Debug-IsConnected
X-Debug-IsPreview
X-Protected-By
X-User-Agent
X-Tumblr-Pixel-2
Webserver
X-Device-Type
From-Origin
Ec-Rule-Version
X-Mode
X-Varnish-Grace
X-Adobe-Content
X-Adobe-Loc
X-Hl-Ver
Meta-Geo
X-Handled-By
X-UPSTREAM-Address
X-ES-SERVER
Retry-After
X-Endurance-Cache-Level
X-RN-RSRV
X-Backend-Name
X-Ratelimit-Limit
Cache-Tv-Group
AMP-Access-Control-Allow-Source-Origin
X-Uri
X-MP-GENERATED-AT
Webcakes-App-Name
Webcakes-App-Version
TWC-Privacy
TWC-Device-Class
X-FB-TRIP-ID
X-PCL
X-OCL
X-Cache-Server
TWC-GeoIP-Country
X-Varnishpool
X-Section
Property-Id
X-Labrador-Cache-Channel
TWC-Locale-Group
Fastly-SSL
Decoy-Debug-TTL
X-Access
X-Origin-Hint
TWC-GeoIP-LatLong
X-Storage
Decoy-Debug-Status
Decoy-Debug-Key
TWC-Connection-Speed
X-PHP-Host
X-Pubstack
Webcakes-Region
X-Format
X-UA-Device-Type
X-Proto
X-No-Session
X-Redis-Cache
X-Proxy-Build
X-Sql-Duration-Ms
X-Timing-Wait
Protected
X-R9-Blue-Green-Version
X-NYM-Debug-Backend
Selected-Fe
X-ApacheServer
X-PERF
X-LJ-Flow-ID
Apigw-Requestid
X-AWS-Id
X-Server-W
Frame-Options
Mn-Server-Ip
Country
X-VWS-Id
X-Varnish-Server
X-LAGOON
X-Soup
X-Be
X-Sql-Count
X-Via-Fastly
Cache-Status
X-WA-Info
GEO-INFO
X-Site-Version
Cache-Name
X-Xfnlog-Site
Azure-RegionName
X-ProxyCache-Key
X-Human
Azure-SlotName
X-ProxyCache-Status
X-Request-Time
X-Proxied
Azure-InstanceId
X-S-Maxage
Azure-SiteName
X-BYPASS-REASON
X-Web-Node
X-Routing-Service
X-Origin-Date
X-Locale
X-Status
X-Cache-TTL-Remaining
X-Hosted-By
Azure-Version
X-Hyper-Cache
X-Zipkin-Id
X-Alternate-Cache-Key
X-AIR-PT
X-Storefront-Renderer-Rendered
X-TNCMS
X-ShardId
X-Loop
X-SayCDN-TTL
X-Sorting-Hat-ShopId
X-Sorting-Hat-PodId
X-FW-Version
X-Say-TTL
X-Say-Cacheable
X-ShopId
X-Shopify-Stage
X-Info
X-Node-Name
X-Cluster
X-Is-Bot
X-Rendered-As
X-TT-LOGID
X-Dc
X-Cache-Enabled
X-Proxy-Cache-Status
S-Cnection
X-Forwarded-Host
Uber-Trace-Id
X-CCM
X-Cache-Grace
X-Qloud-Router
X-Content-Age
X-Revision
X-GG-Cache-Date
X-Microcachable
X-SRV
X-TA-CDN-Provider
X-Ratelimit-Remaining
X-Platform
X-NWS-UUID-VERIFY
X-Via-CDN
X-CSRF-Token
X-App-Version
X-Azure-Ref
X-Backend-Host
Cache-Hits
X-Varnish-Ttl
X-Cache-Host
Akamai-GRN
X-Detected-As
X-FTR-Backend-Server
X-FTR-Backend
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Realm
X-Amz-Meta-S3cmd-Attrs
X-FTR-Cache-Status
X-FTR-DC
X-Aspnetmvc-Version
X-CACHE-KEY
X-ATG-Version
X-Amz-Apigw-Id
X-Amzn-RequestId
ServedBy
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
X-B3-SpanId
X-Cache-NGX
X-Trace-Id
X-Cache-PHP
X-RCS-CacheZone
X-Debug-Cache
X-CS
X-CLOUD-TRACE-CONTEXT
X-Varnish-Hostname
HostName
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-FTR-Expires
X-Nc
X-DynaTrace-JS-Agent
X-Unique-ID
X-Oss-Request-Id
X-TX-ID
DB-Nickname
X-Oss-Storage-Class
X-Oss-Server-Time
X-Time-Microsecs
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Akamai-Transformed
X-BCube-Filmed-By
X-NewRelic-App-Data
X-Backend-TTL
X-ServerID
Tracecode
X-Air-Hostname
Backend
X-Correlation-ID
X-Ms-Version
X-Adobe-Source
X-Ms-Request-Id
Rendered-Blocks
Fastcgi-X-Cache-Version
Machine
MD5-Digest
X-PBS-Appsvrname
X-Processor
X-PAYTM-SRV-ID
X-Owner
X-Origin-TTL
X-External-Request-Id
X-Origin-CC
X-Vtex-Processado-Em
X-A-Dcw
X-ARC
X-A-Dam
X-Application
X-A-Dgt
X-A-Wwc
X-Aed
X-Level-Front-Cache
X-A-Ccd
X-From
Meta-Geo-Continent
X-NAPM-TraceId
X-Generated-On
X-Location
X-A
X-Generation-Time
X-Cdn-Forward
Expiry
DCR-Decision-By
X-B-Cookie
Odigeo-Trace-Id
X-SRCache-Key
X-Connection-Hash
X-CF-Lambda-Version
X-Destination
X-D
T-Server
X-Trv-Group
X-Vdms-Path
X-Vtex-Remote-Cache
BehaviorPad-Version
X-CF-Lambda-Fn
X-Vdms-Version
X-Rewrite-Enabled
X-VG-WebServer
X-Request-UUID
DCR-Processing-Time-Ms
X-Cache-NE
Mobile-Detection-Method
X-Session-Fingerprint
X-Rojux
Xc-Version
X-ScT
X-S
X-VG-WebCache
X-S-Cookie
X-Tb
X-Cms-Context
Content-Disposition
X-GeoIP-City
Fastly-Backend-Name
X-Device-Os
X-Developers
AKAMAI
X-Varnish-Beresp-Grace
Gh-Request-Id
X-Fastly-Cache
X-FC-Vary-Parameters
X-Core-Value
CacheControlHeader
X-Bip
X-Generated-In
X-Fetched-On
X-Geo-Header
X-Mvc-Supplant-Cachable
V-Age
UCS
On-Server
X-Reqid
X-Policy
X-OVcl
X-Magnolia-Registration
X-Thanos
X-Thinkindot-L3
X-Sucuri-ID
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Thinkindot-Control
Pagetype
X-TrackingId
X-Tumblr-Pixel-3
Magicmarker
X-OVcl-Cache
X-Varnish-Cache-Hits
Wxu-Next-Commit
Wxu-Next-Hostname
X-Micro-Cache
X-Cache-Bucket
X-Irp-Debug
X-HS-Content-Campaign-Id
Server-Host
Release
Wxu-Next-Region
Who
Host-ID
X-Cache-Var-Map
Country-Code
X-Cache-Var
Geo-Info
User-Cache-Control
X-Block-Status
X-Branch-Name
X-Azure-Ref-OriginShield
X-Backend-State
Web-Mar-Node
Vix-Hermes-Req-Id
Server-Hostname
Sever-Int
True-Client-Country-4JS
X-IP
X-Request-URI
X-Request-Host
X-Scheme
X-Skip-Cache
X-SVT-ORM-RULES
X-Ratelimit-Reset
X-Origin-Response-Time
X-Nginx-Cache-Key
X-Node-Id
X-Old-Content-Length
X-Origin
X-SVT-ORM-VERSION
X-User
X-Wikidot-Static-Cache
Cache-Host
X-Cache-Info
X-Swa-Ws
X-Wikidot-Backend
X-WADP-Cache
X-Var-Ttl
X-VarnishDD-TTL
X-VG-TLSProxy
X-VServer
X-Method
X-LI-UUID
X-Esi-Check
X-Envoy-Decorator-Operation
X-Eu-Site
X-Fastly-Backend
X-Fmm-Version
X-Dispatcher-Server
X-Developer
X-Cache-Id
X-CGP
X-Clara-WADP
X-Csrf-Jwt
X-Gen-Mode
X-GeoIP
X-Is-Gdpr
X-JWT-State
X-Li-Fabric
X-Li-Pop
Server-Ext
X-Hnp-Log
X-GoCache-CacheStatus
X-Gzip
X-Has-Esi
X-HN
X-Cache-Debug
X-Generated-By
Arc-Version
HA-Ipaddr
Ha-Gx-Prefs
Cf-Device-Type
C-Via
Apple-News-Services-Handled
L5d-Success-Class
CDN-EdgeStorageId
X-B3-Traceid
Esi-Enabled
DSUID
Apple-News-Services-Host
X-Varnish-Beresp-Ttl
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Location
Cf-Bgj
PFcat
Locid
CDN-RequestId
CDCHOST
CDN-RequestCountryCode
CDN-Cache
CDN-CachedAt
PB-RID
CDN-PullZone
CDN-Uid
PB-PID
NGX
NM-Fastcgi-Cache
Path
X-Varnish-Beresp-Status
X-DefHash
X-Varnish-Hits
X-Clientip
Rt-Fastcgi-Cache
X-RateLimit-Limit
X-SIPLIST1
X-Slack-Backend
X-Rebelmouse-Surrogate-Control
X-NU-AKA-ACS-Version
X-Origin-Expires
X-Platform-Server
X-Rebelmouse-Cache-Control
X-LB-ID
X-Variation
X-Gamma-Serve
Ssr
X-DPWN-IS-SECURE
X-Hash
X-Varnish-Remaining-TTL
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Adler-Geo
X-DefElseHash
Fastly-SWR
Instruction
Is-Eu
IsBot
Fastly-SIE
SR-User-Adfree
Platform
X-Cache-Tags
X-Aicache-OS
X-Unique-Id
Filterid
X-ID
X-EC-Lua
X-Varnish-Url
X-CUA
X-Mvc-Supplant-OutputCached
L
Origin
X-Goog-Meta-Goog-Reserved-File-Mtime
X-GEO
X-Via-Popn
Fastly-Drupal-HTML
Sid
X-PF-Uncompressing
X-Matched-Rule
Pics-Label
Lfy
X-Via-Poph
X-Via-Popv
X-Cache-Backend
X-Loc
X-APP-VERSION
X-Planisys-CDN-Rules
X-Planisys-CDN-TTL
X-Epic-Correlation-Id
X-Planisys-CDN-Cache
X-Refresh
Tcn
CloudFront-Viewer-Country
X-Cdn-Origin
X-Sn-Servicetimems
Url
Pramga
X-NCache
X-Cache-Expires
X-Cache-Date
X-TraceId
NGB
Cmstype
X-Core-Mission
Cmsid
Req-Svc-Chain
X-Servername
X-Tb-Optimization-Total-Bytes-Saved
Kp-EeAlive
X-Served-From
Svr
X-Request-Start
VivaBuild
MIME-Version
Viewtype
A
X-Error
Source
X-FireWall-Protection
Cache-Key
X-Srv
M-TraceId
X-Vgn-Hpd-Reason
X-Varnish-Cacheable
Server-ID
Geoip-Latitude
GeoIp-Country-Code
Arc-Country
Cross-Origin-Opener-Policy
X-Webkit-CSP-Report-Only
X-Geo
TDXMobile
X-Response-By
X-Vcl-Version
X-DC
X-NC
X-JoinUs
DataCenter
X-NGENIX-Cache
X-SaId
X-PHP-Backend
X-Air-Source
Xkeyi7
X-Proxy-Cachei7
X-HS-Status
X-Edge-Location
X-Vc
Server-Ttl
X-Servedbyhost
N-Cache
X-Service
X-Li-Proto
Content-Secure-Policy
X-Wa
X-B3-Spanid
X-BBXSRF
HitType
SID
X-Cache-Remote
X-Erf-Stays-Bingo-Pdp-Web
S-Rt
NtCoent-Length
X-Esi
Resin-Trace
X-Internal-Host
X-LiteSpeed-Cache-Control
X-Cache-2
X-CDN-Forward
CACHE
X-Extlb
X-Varnish-Authentication
X-LI-Proto
D-Cc-Upstream
FSS-Cache
X-Forwarded-Site
X-Cache-ASPX
X-Cc-Req-Id
X-WA
X-Contensis-Viewer-Groups
X-Viewer-Country
X-Cc-Via
X-Kraken-Loop-Name
X-Instrumentation
X-Server-Lifecycle-Phase
X-Kraken-Routeconfig-Destination
Cteonnt-Length
X-Edge-Location-Klb
X-HOST
X-ServedByHost
X-CCDN-Origin-Time
X-Bc-Bl
X-CCDN-CacheTTL
X-Via-NSCOPI
X-RAMCache
X-Hcs-Proxy-Type
X-Svr
Cross-Origin-Window-Policy
Request-ID
Ohc-File-Size
X-Sucuri-Cache
X-UA
X-HostName
X-Host-Name
X-Accel-Expires-Debug
Surrogated-Key
We-Hiring
X-Proxy-Upstream
X-Req
Memcached
X-PJAX-URL
X-Date
X-DB
X-RPS
X-RSL
LB
X-RPM
Mail-Subject
X-TIM-N
X-DI
X-DSS
X-VCL-Version
X-DW
X-Newrelic-Synthetics
X-Server-IP
Hostname
X-Cs
X-Gdpr
X-FPC
X-APP
X-API-Version
GeoIP-Latitude
X-VC-Cache
GeoIP-Country-Code
X-Nyt-Route
Env
X-RateLimit-Limit-Second
CF-Cached-On
X-Cache-Config
X-Origin-Time
X-RateLimit-Remaining-Second
XServer
ProcessTime
Upgrade-Insecure-Requests
X-Rocket-Build-Number
X-Sigma
X-ZONE
X-Sigma-Backend
X-VC
X-Check-Cacheable
X-App
X-Men
X-NodeID
X-Action
X-SN
Cache-Provider
Ohc-Cache-HIT
Memory
X-Air-Trace-Id
Time
Server-Id
X-Region-Sid
X-MSEdge-Features
X-MSEdge-Flight
X-Oss-Cdn-Auth
X-Webstats-RespID
VNS-Cache
X-SB
X-CF-Powered-By
VNS-Age
X-Fpc
CPC-Cache
CPC-Age
X-Dynatrace-Js-Agent
X-URL
X-Provided-By
X-Swift-Error
W
Mime-Version
X-FORWARDED-FOR
X-SD-PageType
X-Zone
X-Depends-On
Srv
X-Akamai-Pragma-Client-IP
X-Cdn-Request-ID
X-CSRF-TOKEN
CDN
X-UnsetCookies
X-Render-Time
X-BBC-Edge-Cache-Status
X-Dw-Trace-Id
X-BACKEND-TTL
X-TIME
X-Ftr-Cache-Host
Cdn
X-Client-Ip
X-ServerName
My-App
X-ABtesting
Fastcgi-Cache-TTL
X-Parent-Response-Time
X-Hello
X-Flog
State
X-Fastly-Request-Id
Dnion-Transfer-Encoding
X-NGINX-Cache
X-Fastly-Backend-Reqs
EpKe-Alive
X-Dynatrace
X-Pad
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Acquia-Application-Trace
X-Cache-Tag
X-Auto-Login
X-Presslabs-Stats
Vha6-Origin
Proxy-Connection
X-Worker
X-Oracle-DMS-ECID
X-Minions-Version
X-Pf-Uncompressing
X-ElasticPress-Search
X-Acquia-Site
X-FTR-Cache-Host
Media-Length
Processtime
Epwk-X-Cache
PICS-Label
X-LiteSpeed-Tag
X-Snapshot-Date
X-Cluster-Node
X-Mg-Request-UUID
X-Ua
X-BBC-Origin-Response-Status
X-Via-PopN
X-Via-PopH
X-Via-PopV
Cf-Ipcountry
X-CACHE-AGE
X-Vcache
X-Akamai-ERRuleID
Datacenter
X-Akamai-ERPolicy
X-MiniProfiler-Ids
X-Varnish-Beresp-TTL
Warning
X-ElasticPress-Query
X-Request-URL
Xet-Cookie
X-Varnish-URL
X-Ms-Meta-Staticbatchstarttime
X-IN-APIGATEWAY
X-Ms-Meta-Originalurl
X-IN-APIGATEWAYSSL
X-Lb-Id
CountryCode
X-Apw-Access-Object
X-Apw-Access-Action
X-Debug-Cache-Store
Ohc-Response-Time
X-Apw-Access-Token
X-Storefront-Renderer-Verified
X-Cache-Status-Check
NnCoection
X-ND-Cache
X-Mg-Request-Id
X-Debug-Cache-Fetch
Content-Style-Type
X-Apw-Hits
X-Litespeed-Cache-Control
X-Tid
X-C
X-Traceid
Phost
OT-Force-Account-Verify
X-Amz-Meta-Cb-Modifiedtime
URI
Environment
Inserted-Into-Cache-At
X-B3-Parentspanid
X-Redis-Count
X-Redis-Duration-Ms
Content-Script-Type