Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-AH-Environment
X-Robots-Tag
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-OneAgent-JS-Injection
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-Cache-Spec
X-Amz-Version-Id
NEL
X-Device
X-CST
Allow
X-Vhost
X-Host
Xkey
X-Backend-Server
X-Server-Id
X-WebKit-CSP
EagleEye-TraceId
Surrogate-Control
X-Dispatcher
Request-Id
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Akam-SW-Version
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
Accept-Ch
X-Application-Context
X-Ac
X-Cache-Lookup
X-Country
X-Template
Accept-Ch-Lifetime
X-Language
X-Mod-Pagespeed
Accept-CH
X-Readtime
X-Cloud-Trace-Context
Accept-CH-Lifetime
MS-Author-Via
X-B3-TraceId
Rating
X-Origin-Cache
X-HW
X-Cnection
X-MS-InvokeApp
X-Url
X-PC
X-TtlSet
X-Vname
X-Clacks-Overhead
Edge-Control
X-GitHub-Request-Id
X-ESI
X-Trace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
Response
X-Middleton-Display
Display
Pagespeed
X-Sol
X-Middleton-Response
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
X-Use-Magma
X-Kinja-Server
X-Exp-Id
X-Kinja-Revision
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Variant
X-Kinja
X-Cdn-Fetch
Verso
X-Vcap-Request-Id
X-Varnish-TTL
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-TTL
X-Buckets
X-Navigation-Version
X-Server-Name
X-Powered-By-Plesk
Service-Worker-Allowed
X-VARITI-CCR
X-Amz-Rid
X-Abt-Application-Version
X-Fastly-Request-ID
X-FastCGI-Cache
X-Webkit-CSP
X-Client-IP
X-Cache-TTL
Fastly-Restarts
Pinterest-Version
Pinterest-Generated-By
X-Pinterest-Rid
X-Cached
X-Release
X-MSEdge-Ref
X-Dw-Request-Base-Id
X-SharePointHealthScore
X-Element-Page-Cache
SPRequestGuid
X-Oneagent-Js-Injection
X-NF-Request-ID
SPIisLatency
SPRequestDuration
Mrf-Cache-Status
MRF-Tech
X-B3-TraceId-Primal
Public-Key-Pins
RTSS
Access-Control-Request-Method
AR-PoweredBy
AR-CACHE
AR-Request-ID
AR-ATIME
Ar-Sid
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-Edge
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
Cache-Tag
X-Litespeed-Cache
X-Upstream
Content-MD5
X-Origin-Upstream-Status
Fusion-Deployment-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Id
Fusion-Content-Source
X-Jurisdiction
Fusion-Component-Id
X-HP-Webp
X-Px
S
X-Version
X-MCACHE
X-Mid
X-ECACHE
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-Kinsta-Cache
Fastcgi-Cache
X-T
X-Amz-Server-Side-Encryption
X-DynaTrace
Cache-Tags
X-Id
MicrosoftSharePointTeamServices
Filters
X-Logged-In
X-Content-Security-Policy-Report-Only
X-Ruxit-Js-Agent
Front-End-Https
X-Accel-Expires
X-Ttl
Edge-Cache-Tag
Server-Node
X-Forwarded-Proto
X-Debug
X-Correlation-Id
X-Grace
X-Forwarded-For
TP-L2-Cache
TP-Cache
Server-Name
X-Fastcgi-Cache
Nginx-Cache
X-Amzn-Trace-Id
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
Surrogate-Key
TCN
X-Request-Received
X-Request-Processing-Time
X-XRDS-LOCATION
X-Hits
X-Shield-Request-Id
X-B3-Sampled
X-Varnish-Age
X-Microsite
X-Request-Handler-Origin-Region
X-Yandex-Sdch-Disable
X-Pinterest-Direct
X-Ser
X-Az
X-Activity-Id
X-AppVersion
X-Amz-Replication-Status
X-F-Cache
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
X-DIS-Request-ID
X-Goog-Storage-Class
X-GUploader-UploadID
X-Goog-Metageneration
X-Goog-Generation
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Origin-Server
Accept-Charset
Alternate-Protocol
X-Geo-Country
X-Git-Hash
X-XRDS-Location
X-Rid
X-Respond-Thread
Nel
X-Frontend
X-Time
Section-Io-Cache
Cache
Host
X-LB-Cache
X-Cache-Key
X-Upgrade-Enabled
X-FTR-Request-ID
X-NWS-LOG-UUID
X-DataDome
Access-Control-Allow-Method
X-Mobile-URL
X-Seen-By
X-Server-ID
X-VCache
MS-CV
Paypal-Debug-Id
X-Cache-Age
ServerID
X-IPLB-Instance
X-TT
Healthy
X-AOL-HN
X-Hostname
X-Type
X-Content-Options
X-Whom
X-Varnish-Backend
X-Source
Payment
X-App-Environment
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Route-Name
Cleartype
X-Flags
X-Aspnet-Duration-Ms
X-Signature
X-B-Cache
X-Cache-Action
Powered-By-ChinaCache
X-Page-Id
X-Jobs
Fastcgi-Useragent
X-Debug-Info
X-Daa-Tunnel
X-WebKit-CSP-Report-Only
X-Load-Cache
X-N
X-FB-Debug
X-Mobile
X-RateLimit-Remaining
X-Webkit-Csp
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
X-Erf-Bev-Bev-Is-Generated
X-Browser-Type
X-Erf-Bev-Bev
Realpath
X-Contextid
X-Via-JSL
Refresh
Node
Version
X-Rule
X-Response-Served-From
X-Drupal-Cache-Tags
X-Wix-Request-Id
X-Original-Request-Id
X-Accel-Buffering
Ms-Operation-Id
X-Zen-Fury
X-RTag
X-Proxy
DC
X-Cacheable-TTL
X-Framework
X-Akamai-Edgescape
X-RemovedCookies
X-Cached-By
X-ProcessESI
X-Instance
Access-Control-Request-Headers
X-HTML-Minification-Powered-By
Viewport
X-B
X-Real-IP
Referer-Policy
X-Cache-Time
X-Distributor
X-Cluster-Name
X-Cache-Operation
X-Region
X-Drupal-Cache-Contexts
X-Cache-Rule
X-Cache-Expired-At
Eomportal-Instance
X-Page-View
X-UUID
X-Tt-Trace-Host
X-Tt-Trace-Tag
X-Cache-Control
X-Content-Powered-By
VIX-Pulpo-Node
X-FW-Type
VIX-Pulpo-Upstream-Status
X-FW-Server
X-FW-Dynamic
Countrycode
X-FW-Static
X-FW-Hash
X-FW-Serve
X-Yottaa-Optimizations
X-Yottaa-Metrics
Liferay-Portal
X-IPS-LoggedIn
X-Cache-Hit
X-G
X-FireWall-Port
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tumblr-Pixel-0
X-Tumblr-User
X-Pass-Why
X-Environment-Context
X-L-Path
DynaTrace
X-App-Server
Server-Info
CF-IPCountry
Xserver
X-User-Agent
Ec-Rule-Version
SRV
X-Protected-By
Section-Origin-Responded
Section-Io-Id
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Webserver
From-Origin
X-Tumblr-Pixel-2
X-Ratelimit-Limit
X-Nginx-Cache
X-Www-Served-By
GEO-INFO
X-Debug-IsPreview
X-Debug-IsConnected
X-Node-Name
Protected
X-Hl-Ver
X-Device-Type
X-Endurance-Cache-Level
X-Mode
Meta-Geo
X-Cache-Server
X-ES-SERVER
X-RN-RSRV
X-Handled-By
X-UPSTREAM-Address
X-Uri
X-MP-GENERATED-AT
X-Backend-Name
X-Adobe-Content
X-Adobe-Loc
Cache-Tv-Group
X-Site-Version
X-FB-TRIP-ID
X-Locale
X-Labrador-Cache-Channel
X-Storage
X-UA-Device-Type
X-NYM-Debug-Backend
X-Soup
X-Be
X-Varnishpool
Cache-Status
X-Web-Node
X-Varnish-Ttl
X-PHP-Host
Frame-Options
Retry-After
Cache-Name
Fastly-SSL
Decoy-Debug-TTL
Decoy-Debug-Status
Decoy-Debug-Key
Country
X-PCL
TWC-Device-Class
TWC-GeoIP-Country
TWC-Connection-Speed
Property-Id
X-Via-Fastly
X-WA-Info
TWC-GeoIP-LatLong
TWC-Locale-Group
Webcakes-Region
X-Origin-Hint
Webcakes-App-Version
Webcakes-App-Name
TWC-Privacy
X-Timing-Wait
X-Sql-Duration-Ms
X-Origin-Date
X-Proto
X-OCL
X-No-Session
X-Human
X-Proxy-Build
X-ProxyCache-Key
X-Request-Time
X-Sql-Count
X-Redis-Cache
X-Pubstack
X-ProxyCache-Status
X-BYPASS-REASON
Selected-Fe
X-Ratelimit-Remaining
X-AIR-PT
X-Hosted-By
X-LAGOON
X-Loop
X-Hyper-Cache
X-Tec-Api-Origin
Azure-SiteName
Azure-RegionName
Azure-SlotName
Azure-Version
X-Tec-Api-Root
X-S-Maxage
X-Say-TTL
X-VWS-Id
X-Server-W
X-Access
X-Format
X-Section
X-R9-Blue-Green-Version
X-LJ-Flow-ID
X-SayCDN-TTL
X-TNCMS
X-AWS-Id
X-FW-Version
Azure-InstanceId
X-Say-Cacheable
X-Tec-Api-Version
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Cache-Grace
X-ShopId
X-ShardId
X-CCM
X-Forwarded-Host
X-Alternate-Cache-Key
X-PERF
X-Storefront-Renderer-Rendered
X-ApacheServer
X-Status
X-Varnish-Grace
X-Xfnlog-Site
X-Cache-TTL-Remaining
Mn-Server-Ip
X-Revision
X-TT-LOGID
X-Cluster
Apigw-Requestid
X-Proxied
AMP-Access-Control-Allow-Source-Origin
X-Zipkin-Id
X-Routing-Service
X-Varnish-Server
X-SRV
X-Is-Bot
X-Rendered-As
X-Qloud-Router
X-Dc
X-Info
S-Cnection
X-GG-Cache-Date
X-Microcachable
X-Cdn
X-Cache-Enabled
X-Via-CDN
X-Content-Age
X-FTR-Realm
Cache-Hits
X-FTR-DC
X-FTR-Cache-Status
X-FTR-Backend-Server
X-FTR-Balancer
X-Country-Code-Real
X-FTR-Backend
X-Amz-Meta-S3cmd-Attrs
X-Platform
X-Proxy-Cache-Status
Uber-Trace-Id
X-TA-CDN-Provider
X-Cache-Host
X-Detected-As
X-Azure-Ref
X-App-Version
X-FTR-Expires
X-Backend-Host
X-Aspnetmvc-Version
X-NWS-UUID-VERIFY
X-Amz-Apigw-Id
X-CSRF-Token
X-Amzn-RequestId
X-Amzn-Remapped-Content-Length
X-EdgeConnect-Cache-Status
Akamai-GRN
X-Air-Hostname
Tracecode
Amp-Access-Control-Allow-Source-Origin
X-ATG-Version
SD-X-WS
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-Time-Microsecs
X-Cache-Var-Map
X-Trace-Id
X-Cache-Var
HostName
ServedBy
X-ServerID
X-B3-SpanId
X-RCS-CacheZone
X-Debug-Cache
X-Backend-TTL
X-Cache-NGX
X-DynaTrace-JS-Agent
X-Cache-PHP
X-BCube-Filmed-By
X-Tb
X-Correlation-ID
X-Varnish-Hostname
X-CS
X-Akamai-Transformed
Backend
DB-Nickname
X-TX-ID
X-Cdn-Forward
X-From
X-Ms-Version
Odigeo-Trace-Id
X-Ms-Request-Id
X-Rojux
X-ARC
Fastcgi-X-Cache-Version
Instruction
Expiry
DCR-Processing-Time-Ms
DCR-Decision-By
X-Magnolia-Registration
Machine
Mobile-Detection-Method
BehaviorPad-Version
X-B-Cookie
Meta-Geo-Continent
MD5-Digest
X-CF-Lambda-Fn
X-Vtex-Processado-Em
X-Origin-TTL
SR-User-Adfree
T-Server
X-ScT
X-S-Cookie
X-Session-Fingerprint
X-A-Ccd
X-Origin-CC
Rendered-Blocks
X-A-Dcw
X-SRCache-Key
X-A-Dam
X-Fetched-On
Thinkindot-CacheControl
X-A
X-PBS-Appsvrname
Thinkindot-Control
X-CF-Lambda-Version
X-Processor
X-Rewrite-Enabled
X-Connection-Hash
X-S
X-Owner
DSUID
X-PAYTM-SRV-ID
Thinkindot-CacheControl-Type
X-Unique-Id
X-Thinkindot-L3
X-Vtex-Remote-Cache
Xc-Version
X-Location
X-Destination
Path
X-Level-Front-Cache
X-GeoIP-City
X-External-Request-Id
X-Application
X-Device-Os
X-Generated-On
X-Generation-Time
X-Sucuri-ID
Release
X-NAPM-TraceId
X-VG-WebServer
X-VG-WebCache
X-Vdms-Version
X-Vdms-Path
X-A-Dgt
X-Cache-NE
X-Request-UUID
X-D
X-Aed
X-A-Wwc
X-Trv-Group
X-Adobe-Source
X-GEO
Host-ID
Gh-Request-Id
X-Azure-Ref-OriginShield
X-JWT-State
X-Is-Gdpr
X-Has-Esi
X-HS-Content-Campaign-Id
X-Irp-Debug
X-Mvc-Supplant-Cachable
X-Node-Id
Content-Disposition
Cf-Device-Type
X-Reqid
X-CACHE-KEY
X-OVcl-Cache
Fastly-Backend-Name
X-OVcl
X-GeoIP
X-Geo-Header
X-Core-Value
X-Cache-Backend
Server-Host
X-Cms-Context
UCS
X-Bip
X-Cache-Bucket
X-Fastly-Cache
X-FC-Vary-Parameters
On-Server
X-NewRelic-App-Data
NGX
Pagetype
PB-PID
X-EC-Lua
PB-RID
X-Skip-Cache
X-Micro-Cache
Arc-Version
X-TrackingId
C-Via
AKAMAI
X-Tumblr-Pixel-3
X-Varnish-Cache-Hits
X-SVT-ORM-RULES
X-VServer
X-Thanos
X-B3-Traceid
X-SVT-ORM-VERSION
CacheControlHeader
User-Cache-Control
X-DPWN-IS-SECURE
X-Envoy-Decorator-Operation
X-Dispatcher-Server
X-DefElseHash
X-DefHash
X-Developer
Wxu-Next-Commit
X-Esi-Check
X-Eu-Site
X-Fmm-Version
Magicmarker
Server-Ext
Server-Hostname
X-Fastly-Backend
Sever-Int
X-CUA
Wxu-Next-Hostname
X-Nginx-Cache-Key
X-Cache-Id
X-Cache-Info
X-Branch-Name
X-Block-Status
X-Backend-State
X-Policy
X-Cache-Tags
X-CGP
Wxu-Next-Region
Locid
X-Scheme
X-Clientip
X-Developers
X-Clara-WADP
X-Csrf-Jwt
X-Wikidot-Static-Cache
X-LI-UUID
X-User
X-Matched-Rule
X-Li-Pop
X-Li-Fabric
X-Variation
X-Var-Ttl
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Origin-Response-Time
X-Platform-Server
X-Origin-Expires
X-Origin
X-NU-AKA-ACS-Version
X-Old-Content-Length
X-Varnish-Beresp-Grace
X-Varnish-CookieHashed-On
X-Generated-In
X-Rebelmouse-Surrogate-Control
X-WADP-Cache
X-Wikidot-Backend
X-Swa-Ws
X-Generated-By
X-VarnishDD-TTL
X-GoCache-CacheStatus
X-Varnish-CookieINHashed-On
X-IP
X-Hnp-Log
X-HN
X-Gzip
X-Varnish-Remaining-TTL
X-Gen-Mode
X-Request-Host
L5d-Success-Class
HA-Ipaddr
Ha-Gx-Prefs
Fastly-SWR
Lfy
Location
Ssr
Platform
PFcat
NM-Fastcgi-Cache
Fastly-SIE
CDN-Uid
CDN-Cache
CDCHOST
Cache-Host
Adler-Geo
CDN-CachedAt
CDN-EdgeStorageId
CDN-RequestId
CDN-RequestCountryCode
CDN-PullZone
V-Age
Is-Eu
Web-Mar-Node
X-Nc
X-ID
X-Cache-Debug
X-Hash
X-Request-URI
X-LB-ID
IsBot
L
Cf-Bgj
X-Slack-Backend
CloudFront-Viewer-Country
X-Method
X-Gamma-Serve
X-VG-TLSProxy
X-Varnish-Hits
Vix-Hermes-Req-Id
X-Varnish-Beresp-Ttl
X-Unique-ID
True-Client-Country-4JS
X-SIPLIST1
X-Varnish-Beresp-Status
Rt-Fastcgi-Cache
Sid
X-CLOUD-TRACE-CONTEXT
Apple-News-Services-Parsed-Url
X-Goog-Meta-Goog-Reserved-File-Mtime
Apple-News-Services-Host
X-Cache-Expires
Apple-News-Services-Handled
X-Cdn-Origin
Pramga
Apple-News-Services-Request-Url
Origin
X-Loc
X-Aicache-OS
Fastly-Drupal-HTML
X-Sn-Servicetimems
Esi-Enabled
Geo-Info
X-APP-VERSION
Who
Tcn
X-PF-Uncompressing
Country-Code
X-Mvc-Supplant-OutputCached
X-Via-Popv
X-Via-Poph
X-Via-Popn
X-NCache
X-Cache-Date
X-Servername
Pics-Label
X-Core-Mission
X-Varnish-Url
X-Refresh
X-Request-Start
X-Epic-Correlation-Id
X-RateLimit-Limit
X-Tb-Optimization-Total-Bytes-Saved
X-FireWall-Protection
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Url
X-Planisys-CDN-TTL
X-Erf-Stays-Bingo-Pdp-Web
Req-Svc-Chain
X-TraceId
Filterid
X-Error
Cmstype
X-NC
X-Response-By
X-Varnish-Cacheable
Cmsid
X-Cache-Remote
X-Served-From
X-Proxy-Cachei7
Svr
Xkeyi7
Kp-EeAlive
Source
S-Rt
X-Webkit-CSP-Report-Only
Content-Secure-Policy
X-DC
Cache-Key
Viewtype
HitType
Geoip-Latitude
N-Cache
Server-Ttl
X-HS-Status
A
GeoIp-Country-Code
MIME-Version
VivaBuild
X-Srv
X-BBXSRF
NGB
X-Cache-2
X-Vcl-Version
X-B3-Spanid
M-TraceId
X-URL
X-Wa
X-Servedbyhost
Cross-Origin-Window-Policy
X-Varnish-Authentication
X-Cc-Via
X-Cc-Req-Id
X-Dynatrace
X-Host-Name
X-Sucuri-Cache
X-Contensis-Viewer-Groups
X-LiteSpeed-Cache-Control
Server-ID
Arc-Country
X-HostName
Ohc-File-Size
TDXMobile
X-Air-Source
X-Cache-ASPX
Cteonnt-Length
D-Cc-Upstream
Cross-Origin-Opener-Policy
X-Li-Proto
X-Vgn-Hpd-Reason
X-Svr
X-Esi
CACHE
X-CDN-Forward
NtCoent-Length
X-Vc
X-Geo
X-Server-IP
X-LI-Proto
X-RAMCache
Resin-Trace
X-HOST
X-JoinUs
X-SaId
X-WA
X-PHP-Backend
X-Service
X-Internal-Host
X-NGENIX-Cache
Request-ID
X-Gdpr
X-ServedByHost
DataCenter
X-Cache-Config
SID
X-FPC
X-Origin-Time
X-API-Version
X-Nyt-Route
X-Edge-Location
X-UA
X-DSS
X-RPM
X-DI
X-Newrelic-Synthetics
X-VC
X-Cs
X-VCL-Version
X-DB
X-DW
X-Viewer-Country
Cache-Provider
X-RPS
X-CCDN-Origin-Time
X-TIM-N
X-Hcs-Proxy-Type
X-Check-Cacheable
X-CCDN-CacheTTL
X-RSL
X-SN
Ohc-Cache-HIT
Hostname
GeoIP-Country-Code
GeoIP-Latitude
FSS-Cache
X-Forwarded-Site
CF-Cached-On
X-SB
X-NodeID
X-Extlb
X-Webstats-RespID
X-Via-NSCOPI
Server-Id
XServer
X-App
Mime-Version
ProcessTime
X-Action
X-Bc-Bl
X-SD-PageType
LB
Mail-Subject
X-BBC-Edge-Cache-Status
Srv
X-Render-Time
X-Oss-Cdn-Auth
Memcached
Surrogated-Key
X-Region-Sid
X-Req
X-VC-Cache
X-Proxy-Upstream
X-PJAX-URL
We-Hiring
X-Accel-Expires-Debug
X-Date
X-Fpc
X-NGINX-Cache
X-CF-Powered-By
X-Dynatrace-Js-Agent
X-ZONE
X-Provided-By
X-RateLimit-Limit-Second
Env
Upgrade-Insecure-Requests
X-FTR-Cache-Host
X-Depends-On
X-APP
X-RateLimit-Remaining-Second
W
EpKe-Alive
X-FORWARDED-FOR
X-Oracle-Dms-Rid
X-Cdn-Request-ID
X-Swift-Error
X-MSEdge-Features
X-Dw-Trace-Id
Cdn
X-Worker
X-Sigma
X-CSRF-TOKEN
X-Ftr-Cache-Host
X-UnsetCookies
X-MSEdge-Flight
X-Auto-Login
CDN
X-BACKEND-TTL
X-Rocket-Build-Number
Processtime
X-Men
X-TIME
X-Ua
X-Air-Trace-Id
X-Sigma-Backend
X-CACHE-AGE
X-Client-Ip
X-ABtesting
CPC-Age
VNS-Cache
VNS-Age
CPC-Cache
X-Flog
X-Cluster-Node
Memory
Time
Dnion-Transfer-Encoding
X-Cache-Tag
X-Hello
X-Parent-Response-Time
X-Fastly-Backend-Reqs
Proxy-Connection
X-Fastly-Request-Id
X-Akamai-Pragma-Client-IP
X-Pad
Datacenter
X-IN-APIGATEWAY
X-BBC-Origin-Response-Status
X-IN-APIGATEWAYSSL
Media-Length
X-Kraken-Routeconfig-Destination
X-Pf-Uncompressing
X-Acquia-Purge-Tags
X-Server-Lifecycle-Phase
X-Acquia-Application-UUID
Vha6-Origin
X-Acquia-Site
X-Acquia-Application-Trace
X-Zone
X-Kraken-Loop-Name
PICS-Label
X-Instrumentation
X-Oracle-DMS-ECID
X-Presslabs-Stats
Epwk-X-Cache
X-ServerName
X-Snapshot-Date
X-HITS
X-LiteSpeed-Tag
X-Via-PopN
X-Via-PopH
X-Via-PopV
Cf-Ipcountry
X-Varnish-URL
Fastcgi-Cache-TTL
My-App
State
X-Lb-Id
X-MiniProfiler-Ids
X-Akamai-ERRuleID
X-Request-Url
OT-Force-Account-Verify
X-Vcache
X-Akamai-ERPolicy
X-Request-URL
Xet-Cookie
X-ElasticPress-Search
X-Csrf-Token
X-Varnish-Beresp-TTL
X-Ms-Meta-Staticbatchstarttime
X-Ms-Meta-Originalurl
X-ElasticPress-Query
CountryCode
Environment
X-Litespeed-Cache-Control
Content-Script-Type
Content-Style-Type
X-Apw-Access-Action
X-Cache-Status-Check
X-Minions-Version
X-Apw-Hits
X-Apw-Access-Token
X-Apw-Access-Object
X-Storefront-Renderer-Verified
X-Traceid
X-B3-Parentspanid
NnCoection
X-C
X-Debug-Cache-Store
Phost
X-Debug-Cache-Fetch
X-ND-Cache
Inserted-Into-Cache-At
X-Amz-Meta-Cb-Modifiedtime
X-Redis-Duration-Ms
URI
X-Tid
WZWS-RAY
Ohc-Response-Time
X-Redis-Count