Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Request-ID
X-Cache-Status
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Ua-Compatible
X-Content-Security-Policy
X-Iinfo
Content-Encoding
X-CDN
Feature-Policy
X-AspNetMvc-Version
Status
X-Envoy-Upstream-Service-Time
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Upgrade
X-Via
Access-Control-Max-Age
Keep-Alive
X-Ws-Request-Id
X-Age
X-Robots-Tag
X-AH-Environment
X-Turbo-Charged-By
Request-Context
EagleId
X-Proxy-Cache
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Server
Host-Header
Report-To
X-Amz-Request-Id
X-Server-Powered-By
X-Amz-Id-2
Grace
X-Nginx-Cache-Status
X-UA-Device
X-Dns-Prefetch-Control
X-Rq
X-Varnish-Cache
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-LiteSpeed-Cache
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
X-Cache-Spec
X-Amz-Version-Id
NEL
X-Device
X-CST
Allow
X-Vhost
X-Host
X-WebKit-CSP
Xkey
X-Backend-Server
X-Server-Id
EagleEye-TraceId
X-Dispatcher
Surrogate-Control
Request-Id
X-Node
Content-Location
X-Response-Time
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Akam-SW-Version
X-Ruxit-JS-Agent
P3p
X-ASPNET-VERSION
X-Application-Context
X-Ac
Accept-Ch
X-Cache-Lookup
X-Country
X-Template
X-Language
Accept-Ch-Lifetime
Accept-CH
X-Mod-Pagespeed
X-Readtime
X-Cloud-Trace-Context
Accept-CH-Lifetime
MS-Author-Via
X-B3-TraceId
Rating
X-Origin-Cache
X-HW
X-Cnection
X-MS-InvokeApp
X-Url
X-PC
X-TtlSet
X-Vname
Edge-Control
X-Clacks-Overhead
X-GitHub-Request-Id
X-ESI
X-Trace
X-ORACLE-DMS-ECID
X-ORACLE-DMS-RID
X-Middleton-Response
Response
Pagespeed
Display
X-Sol
X-Middleton-Display
X-Content-Type
X-D2id
Arr-Disable-Session-Affinity
Verso
X-Kinja
X-Kinja-Revision
X-Vcap-Request-Id
X-Cdn-Fetch
X-Exp-Id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja-Build
X-Use-Magma
X-Kinja-Server
X-Varnish-TTL
X-Goog-Hash
X-Rack-Cache
X-Country-Code
X-TTL
X-Oneagent-Js-Injection
X-Buckets
X-Navigation-Version
X-Server-Name
X-Powered-By-Plesk
Service-Worker-Allowed
X-VARITI-CCR
X-Abt-Application-Version
X-Amz-Rid
X-Fastly-Request-ID
X-FastCGI-Cache
X-Webkit-CSP
X-Client-IP
X-Cache-TTL
Fastly-Restarts
Pinterest-Version
X-Cached
Pinterest-Generated-By
X-Pinterest-Rid
X-MSEdge-Ref
X-Release
X-Element-Page-Cache
X-Dw-Request-Base-Id
SPRequestGuid
X-SharePointHealthScore
X-NF-Request-ID
SPIisLatency
SPRequestDuration
Mrf-Cache-Status
Public-Key-Pins
X-B3-TraceId-Primal
MRF-Tech
RTSS
Access-Control-Request-Method
AR-Request-ID
AR-ATIME
AR-CACHE
AR-PoweredBy
Ar-Sid
X-SRCache-Fetch-Status
X-Edge
X-SRCache-Store-Status
X-LLID
X-Powered-CMS
X-Ezoic-Cdn
X-Litespeed-Cache
Cache-Tag
Content-MD5
X-Upstream
X-Origin-Upstream-Status
Fusion-Source
Fusion-Deployment-Id
Fusion-Template-Id
Fusion-Content-Source
X-HP-Webp
X-Jurisdiction
Fusion-Content-Id
Fusion-Component-Id
X-Px
S
X-Version
X-ECACHE
X-MCACHE
X-Mid
X-Recruiting
X-Mg-S
Charset
X-Content-Digest
X-PressLabs-Stats
X-T
Fastcgi-Cache
X-Kinsta-Cache
X-Amz-Server-Side-Encryption
X-DynaTrace
Cache-Tags
X-Id
MicrosoftSharePointTeamServices
Filters
X-Logged-In
X-Content-Security-Policy-Report-Only
Front-End-Https
X-Accel-Expires
Server-Node
X-Ruxit-Js-Agent
X-Ttl
Edge-Cache-Tag
X-Forwarded-Proto
X-Debug
X-Grace
X-Correlation-Id
X-Forwarded-For
Server-Name
TP-L2-Cache
TP-Cache
Nginx-Cache
X-Fastcgi-Cache
X-Amzn-Trace-Id
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Request-Received
X-Request-Processing-Time
TCN
Surrogate-Key
X-XRDS-LOCATION
X-Hits
X-Varnish-Age
X-B3-Sampled
X-Microsite
X-Shield-Request-Id
X-Request-Handler-Origin-Region
X-Yandex-Sdch-Disable
X-Ser
X-Pinterest-Direct
X-Activity-Id
X-AppVersion
X-Az
X-Amz-Replication-Status
X-F-Cache
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Hub-Id
X-HS-Cache-Config
X-DIS-Request-ID
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-GUploader-UploadID
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Origin-Server
Accept-Charset
Alternate-Protocol
X-Geo-Country
X-XRDS-Location
X-Git-Hash
X-Rid
X-Respond-Thread
X-Frontend
Nel
X-Time
Section-Io-Cache
Cache
Host
X-Cache-Key
X-FTR-Request-ID
X-Upgrade-Enabled
X-LB-Cache
X-DataDome
X-NWS-LOG-UUID
X-Mobile-URL
X-Seen-By
Access-Control-Allow-Method
X-Server-ID
X-VCache
MS-CV
Paypal-Debug-Id
X-AOL-HN
X-Cache-Age
X-IPLB-Instance
ServerID
X-TT
X-Content-Options
Healthy
X-Type
X-Hostname
X-Is-Crawler
X-Providence-Cookie
X-Request-Guid
X-Varnish-Backend
X-Route-Name
X-Whom
X-Flags
Cleartype
Payment
X-App-Environment
X-Source
X-Aspnet-Duration-Ms
X-Signature
X-B-Cache
X-Cache-Action
X-Page-Id
Powered-By-ChinaCache
Fastcgi-Useragent
X-Debug-Info
X-Jobs
X-WebKit-CSP-Report-Only
X-Daa-Tunnel
X-Load-Cache
X-N
X-FB-Debug
X-RateLimit-Remaining
X-Mobile
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-Erf-Bev-Bev-Is-Generated
X-Erf-Bev-Bev
X-Browser-Type
X-Contextid
Realpath
X-Via-JSL
Refresh
Node
Version
X-Rule
X-Wix-Request-Id
X-Original-Request-Id
X-Accel-Buffering
X-Response-Served-From
X-RTag
X-Proxy
X-Drupal-Cache-Tags
Ms-Operation-Id
DC
X-Zen-Fury
X-Cached-By
X-Framework
X-Cacheable-TTL
X-Real-IP
X-Akamai-Edgescape
X-ProcessESI
X-HTML-Minification-Powered-By
Referer-Policy
X-Instance
X-RemovedCookies
X-B
X-Distributor
Viewport
X-Cache-Time
X-Cache-Expired-At
X-UUID
X-Page-View
X-Cache-Rule
Access-Control-Request-Headers
Eomportal-Instance
X-Cache-Operation
X-Content-Powered-By
X-Drupal-Cache-Contexts
X-Tt-Trace-Host
X-Region
X-Tt-Trace-Tag
X-Cluster-Name
X-Cache-Control
X-FW-Static
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
Countrycode
X-FW-Type
X-FW-Dynamic
X-FW-Server
X-FW-Hash
X-FW-Serve
X-IPS-LoggedIn
X-Yottaa-Metrics
X-Yottaa-Optimizations
Liferay-Portal
X-Cache-Hit
X-G
X-Tumblr-Pixel-1
X-Environment-Context
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-FireWall-Port
X-Tumblr-User
X-Pass-Why
X-L-Path
DynaTrace
X-App-Server
Server-Info
Xserver
CF-IPCountry
X-User-Agent
Section-Io-Origin-Time-Seconds
Section-Origin-Responded
X-Protected-By
SRV
Section-Io-Origin-Status
Section-Io-Id
X-Tumblr-Pixel-2
From-Origin
Webserver
Ec-Rule-Version
X-Ratelimit-Limit
X-Nginx-Cache
X-Www-Served-By
GEO-INFO
X-Debug-IsPreview
X-Debug-IsConnected
Protected
X-Node-Name
X-Mode
X-Endurance-Cache-Level
X-RN-RSRV
Meta-Geo
X-Hl-Ver
X-Device-Type
X-Cache-Server
X-UPSTREAM-Address
X-ES-SERVER
X-Site-Version
X-Uri
X-Locale
X-MP-GENERATED-AT
X-Handled-By
X-Backend-Name
X-FB-TRIP-ID
Cache-Status
Frame-Options
Cache-Tv-Group
X-Varnish-Ttl
X-Adobe-Content
X-Varnishpool
X-Adobe-Loc
X-Be
X-NYM-Debug-Backend
Retry-After
X-PCL
X-UA-Device-Type
Webcakes-Region
X-Via-Fastly
X-Timing-Wait
X-Storage
X-Soup
X-Sql-Count
X-Sql-Duration-Ms
Webcakes-App-Version
X-WA-Info
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-GeoIP-Country
TWC-GeoIP-LatLong
Webcakes-App-Name
TWC-Privacy
TWC-Locale-Group
X-Request-Time
X-Redis-Cache
Selected-Fe
X-BYPASS-REASON
X-Origin-Hint
Fastly-SSL
Decoy-Debug-TTL
Country
Decoy-Debug-Key
Decoy-Debug-Status
X-Labrador-Cache-Channel
X-No-Session
X-ProxyCache-Key
X-ProxyCache-Status
X-Pubstack
X-Proxy-Build
X-Proto
X-OCL
X-Web-Node
X-PHP-Host
Cache-Name
X-Human
X-Ratelimit-Remaining
Azure-SiteName
Azure-SlotName
Azure-RegionName
Azure-InstanceId
X-Tec-Api-Origin
X-Tec-Api-Root
X-AIR-PT
Azure-Version
X-Say-TTL
X-LAGOON
X-Hyper-Cache
X-Hosted-By
X-Loop
X-Origin-Date
X-Say-Cacheable
X-S-Maxage
X-SayCDN-TTL
X-Tec-Api-Version
X-Server-W
X-R9-Blue-Green-Version
X-Section
X-Format
X-VWS-Id
X-Access
X-FW-Version
X-LJ-Flow-ID
X-TNCMS
X-AWS-Id
X-ApacheServer
X-Alternate-Cache-Key
X-Forwarded-Host
X-Cache-Grace
X-PERF
X-Varnish-Grace
X-Xfnlog-Site
X-CCM
X-ShardId
X-Cache-TTL-Remaining
X-Sorting-Hat-ShopId
X-Webkit-Csp
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Status
X-Storefront-Renderer-Rendered
X-ShopId
Mn-Server-Ip
X-TT-LOGID
X-Cluster
X-Revision
Apigw-Requestid
X-Routing-Service
X-Zipkin-Id
X-Proxied
X-Is-Bot
X-Rendered-As
AMP-Access-Control-Allow-Source-Origin
X-Varnish-Server
X-SRV
X-Qloud-Router
X-Dc
X-Info
S-Cnection
X-GG-Cache-Date
X-Cache-Enabled
X-Cdn
X-Microcachable
X-Via-CDN
X-FTR-Realm
X-FTR-Balancer
X-FTR-Cache-Status
X-Content-Age
X-FTR-DC
X-Amz-Meta-S3cmd-Attrs
X-Country-Code-Real
Cache-Hits
X-FTR-Backend
X-FTR-Backend-Server
X-TA-CDN-Provider
X-Platform
Uber-Trace-Id
X-Proxy-Cache-Status
X-App-Version
X-Cache-Host
X-Detected-As
X-Backend-Host
X-Azure-Ref
X-Aspnetmvc-Version
X-NWS-UUID-VERIFY
X-FTR-Expires
X-Amzn-RequestId
X-Amz-Apigw-Id
X-Amzn-Remapped-Content-Length
X-CSRF-Token
X-EdgeConnect-Cache-Status
Tracecode
X-Air-Hostname
Akamai-GRN
Amp-Access-Control-Allow-Source-Origin
SD-X-WS
X-Oss-Hash-Crc64ecma
X-Oss-Storage-Class
X-Oss-Server-Time
X-ATG-Version
X-Oss-Request-Id
X-Oss-Object-Type
X-Cache-Var
X-Trace-Id
X-Cache-Var-Map
HostName
X-RCS-CacheZone
ServedBy
X-Time-Microsecs
X-Debug-Cache
X-B3-SpanId
X-ServerID
X-Backend-TTL
X-DynaTrace-JS-Agent
X-BCube-Filmed-By
X-Varnish-Hostname
X-Correlation-ID
X-CS
X-Cache-NGX
X-Tb
X-Akamai-Transformed
X-Cache-PHP
Backend
X-Cdn-Forward
DB-Nickname
X-TX-ID
X-Processor
X-PBS-Appsvrname
X-Owner
X-PAYTM-SRV-ID
X-SRCache-Key
X-Session-Fingerprint
X-From
X-ARC
X-Ms-Version
X-S-Cookie
X-Sucuri-ID
X-Rojux
X-Rewrite-Enabled
X-B-Cookie
X-S
X-Request-UUID
X-ScT
X-Application
X-A-Wwc
Instruction
Rendered-Blocks
X-NAPM-TraceId
X-Level-Front-Cache
SR-User-Adfree
Machine
MD5-Digest
Odigeo-Trace-Id
Path
X-Location
Mobile-Detection-Method
Meta-Geo-Continent
T-Server
Fastcgi-X-Cache-Version
X-A-Dgt
X-A-Dcw
X-Connection-Hash
BehaviorPad-Version
X-Aed
X-A-Dam
X-A-Ccd
DCR-Processing-Time-Ms
Expiry
DCR-Decision-By
X-Origin-CC
X-A
X-Origin-TTL
X-Ms-Request-Id
X-Vtex-Remote-Cache
X-Cache-NE
X-Trv-Group
Xc-Version
X-Unique-Id
X-Destination
X-VG-WebServer
X-Vtex-Processado-Em
X-External-Request-Id
X-VG-WebCache
X-Generation-Time
X-D
X-Generated-On
X-CF-Lambda-Fn
X-Vdms-Path
X-CF-Lambda-Version
X-Vdms-Version
X-GEO
On-Server
X-Cache-Bucket
X-Irp-Debug
CacheControlHeader
X-Micro-Cache
X-Adobe-Source
X-NewRelic-App-Data
PB-PID
AKAMAI
X-Bip
Pagetype
UCS
PB-RID
Thinkindot-CacheControl-Type
Gh-Request-Id
X-JWT-State
X-Is-Gdpr
Server-Host
X-Geo-Header
X-Device-Os
Host-ID
X-CACHE-KEY
X-Mvc-Supplant-Cachable
Release
Content-Disposition
X-B3-Traceid
X-GeoIP-City
Fastly-Backend-Name
Thinkindot-CacheControl
Thinkindot-Control
Arc-Version
X-Reqid
X-Has-Esi
X-Magnolia-Registration
X-FC-Vary-Parameters
X-Core-Value
X-Thanos
X-Thinkindot-L3
X-Cache-Backend
X-Fetched-On
X-Fastly-Cache
X-OVcl
X-HS-Content-Campaign-Id
X-TrackingId
DSUID
X-Tumblr-Pixel-3
X-OVcl-Cache
X-EC-Lua
X-Cms-Context
X-Varnish-Cache-Hits
User-Cache-Control
X-Developer
X-Cache-Tags
X-Li-Fabric
X-Backend-State
X-Dispatcher-Server
X-Block-Status
PFcat
X-Generated-By
Platform
X-Branch-Name
X-LI-UUID
X-Gen-Mode
X-Csrf-Jwt
X-Li-Pop
X-Cache-Info
X-DPWN-IS-SECURE
X-Hnp-Log
X-CUA
X-IP
Web-Mar-Node
X-Fastly-Backend
X-Envoy-Decorator-Operation
X-Esi-Check
X-CGP
X-Eu-Site
X-DefHash
V-Age
X-HN
X-Cache-Id
X-Clara-WADP
Ssr
X-DefElseHash
X-GeoIP
X-Gzip
X-Azure-Ref-OriginShield
X-GoCache-CacheStatus
X-Generated-In
X-Fmm-Version
X-Clientip
X-Skip-Cache
X-Matched-Rule
X-Scheme
X-SVT-ORM-VERSION
X-Swa-Ws
X-Variation
X-Var-Ttl
X-Request-Host
X-Rebelmouse-Surrogate-Control
C-Via
Cache-Host
Adler-Geo
X-Platform-Server
X-Rebelmouse-Cache-Control
X-Ratelimit-Reset
X-Varnish-Beresp-Grace
X-Varnish-CookieHashed-On
Wxu-Next-Commit
Magicmarker
Wxu-Next-Hostname
Wxu-Next-Region
X-Policy
X-Developers
X-Wikidot-Static-Cache
X-Wikidot-Backend
X-Varnish-Remaining-TTL
X-Varnish-CookieINHashed-On
X-VarnishDD-TTL
X-VServer
X-WADP-Cache
X-Origin-Response-Time
X-SVT-ORM-RULES
Fastly-SIE
L5d-Success-Class
Lfy
X-Old-Content-Length
X-Origin
Fastly-SWR
X-NU-AKA-ACS-Version
HA-Ipaddr
Is-Eu
Ha-Gx-Prefs
CDCHOST
X-Node-Id
NGX
Location
CDN-RequestCountryCode
CDN-Uid
CDN-PullZone
CDN-EdgeStorageId
CDN-Cache
CDN-CachedAt
Cf-Device-Type
CDN-RequestId
NM-Fastcgi-Cache
X-Nc
X-ID
X-Unique-ID
L
X-Cache-Debug
Locid
Server-Ext
X-Nginx-Cache-Key
X-Method
Sever-Int
X-Gamma-Serve
Server-Hostname
X-SIPLIST1
IsBot
X-LB-ID
True-Client-Country-4JS
Cf-Bgj
X-Origin-Expires
X-Hash
X-Slack-Backend
Vix-Hermes-Req-Id
X-Request-URI
X-User
CloudFront-Viewer-Country
X-Varnish-Hits
Rt-Fastcgi-Cache
X-Varnish-Beresp-Ttl
X-VG-TLSProxy
X-Varnish-Beresp-Status
X-CLOUD-TRACE-CONTEXT
Apple-News-Services-Request-Url
Esi-Enabled
Apple-News-Services-Parsed-Url
Apple-News-Services-Handled
X-Goog-Meta-Goog-Reserved-File-Mtime
Origin
X-Sn-Servicetimems
Apple-News-Services-Host
X-Cdn-Origin
Sid
Fastly-Drupal-HTML
X-Aicache-OS
Pramga
X-Cache-Expires
Who
X-APP-VERSION
Geo-Info
X-PF-Uncompressing
Country-Code
X-Via-Popn
X-Mvc-Supplant-OutputCached
X-Cache-Date
X-Loc
X-NCache
X-Via-Popv
X-Via-Poph
X-Core-Mission
Pics-Label
X-Servername
X-Varnish-Url
Tcn
X-Refresh
X-Epic-Correlation-Id
X-Request-Start
X-RateLimit-Limit
Url
X-FireWall-Protection
X-Tb-Optimization-Total-Bytes-Saved
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-Erf-Stays-Bingo-Pdp-Web
Filterid
X-TraceId
Req-Svc-Chain
X-Varnish-Cacheable
X-Error
X-Response-By
X-NC
Cmstype
Cmsid
X-Cache-Remote
Svr
Source
X-Proxy-Cachei7
Xkeyi7
Kp-EeAlive
X-Served-From
S-Rt
X-Webkit-CSP-Report-Only
X-Srv
N-Cache
Content-Secure-Policy
X-BBXSRF
Server-Ttl
MIME-Version
Geoip-Latitude
X-DC
HitType
GeoIp-Country-Code
VivaBuild
A
X-HS-Status
Cache-Key
Viewtype
M-TraceId
X-B3-Spanid
X-Vcl-Version
X-Cache-2
NGB
X-URL
X-Varnish-Authentication
X-Dynatrace
X-Contensis-Viewer-Groups
X-Sucuri-Cache
X-HostName
X-Host-Name
Server-ID
Ohc-File-Size
Cteonnt-Length
D-Cc-Upstream
X-Servedbyhost
Arc-Country
X-Wa
X-Cc-Via
X-LiteSpeed-Cache-Control
Cross-Origin-Opener-Policy
X-Cc-Req-Id
X-Air-Source
Cross-Origin-Window-Policy
X-Cache-ASPX
X-Esi
X-Li-Proto
X-Svr
TDXMobile
X-Vgn-Hpd-Reason
X-CDN-Forward
NtCoent-Length
CACHE
X-Vc
Resin-Trace
X-LI-Proto
X-RAMCache
X-Geo
X-Server-IP
X-HOST
X-NGENIX-Cache
X-JoinUs
X-API-Version
X-ServedByHost
X-WA
X-PHP-Backend
X-FPC
X-Origin-Time
X-Nyt-Route
X-Internal-Host
Request-ID
X-Cache-Config
X-SaId
DataCenter
X-Service
SID
X-Gdpr
X-Edge-Location
X-UA
Cache-Provider
X-Viewer-Country
X-RPM
X-RPS
X-DW
X-DI
X-VCL-Version
X-VC
X-DB
X-Cs
X-DSS
X-RSL
X-CCDN-CacheTTL
X-Check-Cacheable
X-Hcs-Proxy-Type
X-SN
X-TIM-N
X-Newrelic-Synthetics
X-CCDN-Origin-Time
Ohc-Cache-HIT
Hostname
X-Extlb
X-Webstats-RespID
X-Forwarded-Site
X-SB
FSS-Cache
Server-Id
GeoIP-Latitude
GeoIP-Country-Code
X-NodeID
CF-Cached-On
XServer
X-Bc-Bl
X-Via-NSCOPI
Mime-Version
ProcessTime
X-SD-PageType
X-App
X-Action
X-Req
X-Fpc
X-Region-Sid
X-Oss-Cdn-Auth
X-Accel-Expires-Debug
Surrogated-Key
X-BBC-Edge-Cache-Status
We-Hiring
Memcached
Mail-Subject
X-PJAX-URL
X-Date
LB
X-Proxy-Upstream
X-VC-Cache
X-CF-Powered-By
X-NGINX-Cache
X-Render-Time
Srv
X-Dynatrace-Js-Agent
X-ZONE
X-Provided-By
Upgrade-Insecure-Requests
X-Depends-On
X-APP
X-FTR-Cache-Host
X-RateLimit-Limit-Second
X-FORWARDED-FOR
W
EpKe-Alive
Env
X-RateLimit-Remaining-Second
X-Swift-Error
X-Cdn-Request-ID
X-Oracle-Dms-Rid
X-Ftr-Cache-Host
X-Ua
X-Air-Trace-Id
X-Auto-Login
X-CSRF-TOKEN
X-BACKEND-TTL
CDN
X-MSEdge-Features
X-TIME
X-Worker
X-MSEdge-Flight
X-UnsetCookies
X-Men
X-Sigma-Backend
X-Dw-Trace-Id
Cdn
X-Rocket-Build-Number
Processtime
X-Sigma
X-CACHE-AGE
X-Client-Ip
X-Fastly-Request-Id
CPC-Age
X-Cache-Tag
Dnion-Transfer-Encoding
X-Cluster-Node
X-Hello
Time
VNS-Age
X-Fastly-Backend-Reqs
X-Parent-Response-Time
Memory
X-ABtesting
Proxy-Connection
CPC-Cache
X-Flog
VNS-Cache
X-Akamai-Pragma-Client-IP
Media-Length
X-Presslabs-Stats
X-BBC-Origin-Response-Status
X-Acquia-Application-Trace
X-Zone
X-Acquia-Application-UUID
X-Acquia-Purge-Tags
Datacenter
X-Acquia-Site
X-Pad
PICS-Label
X-IN-APIGATEWAY
X-Pf-Uncompressing
X-IN-APIGATEWAYSSL
Vha6-Origin
X-Oracle-DMS-ECID
Epwk-X-Cache
X-Snapshot-Date
X-HITS
X-LiteSpeed-Tag
X-Via-PopH
X-ServerName
X-Via-PopN
X-Via-PopV
Cf-Ipcountry
X-Varnish-URL
X-MiniProfiler-Ids
State
X-Vcache
X-Request-URL
X-Akamai-ERPolicy
X-ElasticPress-Query
X-Akamai-ERRuleID
X-Request-Url
X-Varnish-Beresp-TTL
OT-Force-Account-Verify
X-Lb-Id
X-Ms-Meta-Originalurl
X-Ms-Meta-Staticbatchstarttime
My-App
Xet-Cookie
X-ElasticPress-Search
Fastcgi-Cache-TTL
X-Csrf-Token
CountryCode
X-Litespeed-Cache-Control
X-Server-Lifecycle-Phase
X-Instrumentation
Content-Style-Type
X-Apw-Access-Token
X-Apw-Access-Object
X-Apw-Access-Action
X-Apw-Hits
X-Cache-Status-Check
X-Minions-Version
X-Kraken-Routeconfig-Destination
X-Kraken-Loop-Name
Content-Script-Type
X-Traceid
X-Redis-Count
X-Redis-Duration-Ms
URI
Environment
X-ND-Cache
X-C
X-Storefront-Renderer-Verified
WZWS-RAY
NnCoection
X-Debug-Cache-Store
Inserted-Into-Cache-At
X-Tid
X-Debug-Cache-Fetch
Ohc-Response-Time
X-B3-Parentspanid
Phost
X-Amz-Meta-Cb-Modifiedtime