Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Cf-Request-Id
CF-RAY
CF-Cache-Status
Last-Modified
Accept-Ranges
Link
X-XSS-Protection
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
X-Xss-Protection
Access-Control-Allow-Credentials
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-AspNet-Version
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
X-Ua-Compatible
Content-Encoding
X-CDN
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
X-AspNetMvc-Version
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
X-Amz-Request-Id
Report-To
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-LiteSpeed-Cache
X-Dns-Prefetch-Control
X-Varnish-Cache
X-Rq
Ali-Swift-Global-Savetime
X-Swift-SaveTime
X-Swift-CacheTime
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-ASPNET-VERSION
NEL
X-Amz-Version-Id
X-OneAgent-JS-Injection
Xkey
X-WebKit-CSP
X-Cache-Spec
Allow
X-Backend-Server
X-Host
X-CST
X-Vhost
X-Device
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Accept-CH
Content-Location
X-Response-Time
Accept-CH-Lifetime
X-Akam-SW-Version
X-Ruxit-JS-Agent
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ac
X-Template
X-Application-Context
X-Language
X-Kinja-Server-Push
X-Country
X-Cache-Lookup
X-Readtime
X-Mod-Pagespeed
X-Cloud-Trace-Context
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
X-Cnection
X-MS-InvokeApp
X-Url
X-HW
X-PC
X-TtlSet
X-Vname
X-ORACLE-DMS-ECID
Accept-Ch
X-Clacks-Overhead
X-ESI
X-FastCGI-Cache
Edge-Control
X-GitHub-Request-Id
X-Trace
Accept-Ch-Lifetime
Response
Display
X-Middleton-Display
X-Sol
X-Middleton-Response
Pagespeed
X-Content-Type
X-D2id
X-Exp-Variant
X-GoogleNews-Bot
X-Kinja
X-Exp-Id
X-Cdn-Fetch
Verso
Arr-Disable-Session-Affinity
X-Vcap-Request-Id
X-Kinja-Build
X-Use-Magma
X-Kinja-Revision
X-Kinja-Server
X-Buckets
X-Goog-Hash
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-Abt-Application-Version
X-VARITI-CCR
X-Amz-Rid
X-Oneagent-Js-Injection
X-Powered-By-Plesk
X-ORACLE-DMS-RID
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Cache-TTL
X-Varnish-TTL
X-Client-IP
X-SharePointHealthScore
SPRequestGuid
X-Fastly-Request-ID
X-Release
SPRequestDuration
SPIisLatency
X-MSEdge-Ref
X-Dw-Request-Base-Id
Fastly-Restarts
X-Element-Page-Cache
X-NF-Request-ID
X-Cached
Public-Key-Pins
X-B3-TraceId-Primal
Mrf-Cache-Status
MRF-Tech
RTSS
X-Ttl
AR-Request-ID
X-Edge
AR-PoweredBy
AR-CACHE
AR-ATIME
X-Origin-Upstream-Status
Ar-Sid
X-TTL
X-SRCache-Store-Status
Access-Control-Request-Method
X-SRCache-Fetch-Status
X-Webkit-CSP
X-Px
X-LLID
X-Powered-CMS
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Fusion-Deployment-Id
X-Ezoic-Cdn
Content-MD5
X-Upstream
X-HP-Webp
X-Jurisdiction
X-ECACHE
X-Amz-Server-Side-Encryption
X-Mid
X-MCACHE
Charset
Cache-Tag
X-Recruiting
S
X-Content-Digest
X-Mg-S
X-Pinterest-Direct
X-PressLabs-Stats
X-Version
X-Aspnetmvc-Version
TCN
MicrosoftSharePointTeamServices
Fastcgi-Cache
X-Debug
Front-End-Https
X-T
X-Content-Security-Policy-Report-Only
X-Id
X-Grace
X-Kinsta-Cache
Filters
Cache-Tags
Server-Node
Edge-Cache-Tag
X-Forwarded-Proto
X-Accel-Expires
X-Logged-In
X-Correlation-Id
X-Amzn-Trace-Id
X-Forwarded-For
X-Yandex-Sdch-Disable
Server-Name
Nginx-Cache
X-XRDS-Location
Surrogate-Key
X-Kong-Proxy-Latency
X-Kong-Upstream-Latency
X-Varnish-Age
TP-L2-Cache
TP-Cache
X-Request-Received
X-Request-Processing-Time
X-B3-Sampled
X-DynaTrace
X-Microsite
X-Hits
X-Request-Handler-Origin-Region
X-Cache-Key
X-Ser
Powered-By-ChinaCache
X-DIS-Request-ID
X-Shield-Request-Id
X-AppVersion
X-Activity-Id
X-Az
X-Amz-Replication-Status
X-Server-ID
X-HS-Content-Id
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Hub-Id
X-F-Cache
X-Goog-Generation
X-Goog-Storage-Class
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-GUploader-UploadID
X-Goog-Stored-Content-Length
Accept-Charset
X-Origin-Server
X-FTR-Request-ID
X-Git-Hash
X-Respond-Thread
X-Hostname
X-Geo-Country
X-LB-Cache
X-DataDome
X-Upgrade-Enabled
Section-Io-Cache
X-Rid
X-XRDS-LOCATION
X-Frontend
Access-Control-Allow-Method
X-Cache-Age
Cache
Alternate-Protocol
Host
X-Mobile-URL
Cleartype
MS-CV
Paypal-Debug-Id
Healthy
X-Content-Options
X-IPLB-Instance
X-Type
ServerID
X-WebKit-CSP-Report-Only
X-AOL-HN
X-Ruxit-Js-Agent
Payment
X-App-Environment
X-Varnish-Backend
X-Seen-By
X-Whom
X-Is-Crawler
X-Debug-Info
X-Flags
X-Signature
X-TT
X-Route-Name
X-Request-Guid
X-Providence-Cookie
X-Cache-Action
X-B-Cache
X-Aspnet-Duration-Ms
X-VCache
Fastcgi-Useragent
X-Page-Id
X-Jobs
X-NWS-LOG-UUID
X-Source
X-N
X-Mobile
X-Time
X-Erf-Bev-Bev
X-Browser-Type
X-Load-Cache
X-Erf-Bev-Bev-Is-Generated
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-TEC-API-VERSION
X-Cached-By
X-Via-JSL
X-Daa-Tunnel
X-FB-Debug
X-Akamai-Edgescape
Version
Nel
X-RateLimit-Remaining
X-Cache-Rule
X-Litespeed-Cache
X-Cache-Operation
Viewport
Refresh
DynaTrace
X-Accel-Buffering
X-Original-Request-Id
X-Rule
X-Response-Served-From
X-Zen-Fury
DC
X-Framework
X-Drupal-Cache-Tags
X-Proxy
X-Cacheable-TTL
X-RTag
X-ProcessESI
Realpath
X-RemovedCookies
Ms-Operation-Id
X-Instance
GEO-INFO
X-Real-IP
X-Contextid
X-Tt-Trace-Host
X-Tt-Trace-Tag
Access-Control-Request-Headers
X-Fastcgi-Cache
X-Cache-Time
X-UUID
X-HTML-Minification-Powered-By
X-Region
X-Wix-Request-Id
X-Page-View
X-Drupal-Cache-Contexts
X-Yottaa-Optimizations
X-Yottaa-Metrics
X-Distributor
Referer-Policy
X-FW-Hash
X-FW-Serve
X-FW-Type
Node
Eomportal-Instance
X-FW-Static
X-FW-Server
X-Cache-Expired-At
X-Varnish-Ttl
VIX-Pulpo-Upstream-Status
Countrycode
X-FW-Dynamic
VIX-Pulpo-Node
X-Environment-Context
X-B
X-L-Path
X-Cluster-Name
Liferay-Portal
X-Node-Name
X-G
X-Cache-Control
X-Tumblr-Pixel-1
X-Tumblr-User
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Content-Powered-By
X-IPS-LoggedIn
X-Cache-Hit
X-User-Agent
X-Ratelimit-Limit
Server-Info
X-Tumblr-Pixel-2
Webserver
X-Pass-Why
X-Amz-Meta-S3cmd-Attrs
Section-Io-Origin-Time-Seconds
Section-Io-Id
From-Origin
X-App-Server
Section-Origin-Responded
Section-Io-Origin-Status
Protected
Ec-Rule-Version
X-Protected-By
X-FireWall-Port
X-Revision
SRV
X-Backend-Name
X-Cache-Server
X-Oracle-Dms-Rid
Frame-Options
Cache-Status
CF-IPCountry
X-Hl-Ver
X-Handled-By
X-Mode
X-Hyper-Cache
X-Www-Served-By
X-Endurance-Cache-Level
X-RN-RSRV
Meta-Geo
X-UPSTREAM-Address
X-ES-SERVER
X-Soup
X-Ratelimit-Remaining
X-Storage
X-Site-Version
Retry-After
X-Forwarded-Host
X-FB-TRIP-ID
X-Locale
X-NYM-Debug-Backend
Decoy-Debug-Status
X-Pubstack
Cache-Tv-Group
Decoy-Debug-Key
Country
Fastly-SSL
X-Varnishpool
X-Adobe-Content
X-Human
X-Web-Node
X-Be
X-Cache-Grace
X-Adobe-Loc
Decoy-Debug-TTL
Webcakes-App-Name
Azure-Version
Cache-Name
TWC-Privacy
X-OCL
X-Section
Azure-RegionName
Webcakes-Region
X-Access
X-SayCDN-TTL
X-Format
Azure-InstanceId
Azure-SlotName
Azure-SiteName
X-Origin-Date
X-Labrador-Cache-Channel
TWC-Locale-Group
X-TT-LOGID
X-Proto
X-Timing-Wait
X-BYPASS-REASON
X-UA-Device-Type
X-Proxy-Build
X-Uri
X-ProxyCache-Key
X-Redis-Cache
Property-Id
Selected-Fe
TWC-GeoIP-Country
X-PCL
TWC-GeoIP-LatLong
X-ProxyCache-Status
X-PHP-Host
TWC-Device-Class
TWC-Connection-Speed
X-Say-Cacheable
X-Say-TTL
X-Origin-Hint
Webcakes-App-Version
X-Tec-Api-Origin
X-Tec-Api-Version
X-Tec-Api-Root
X-Server-W
X-Sql-Count
X-Sql-Duration-Ms
X-FW-Version
X-S-Maxage
X-Via-CDN
X-PERF
X-LAGOON
X-Via-Fastly
X-No-Session
X-ApacheServer
X-WA-Info
X-AIR-PT
Xserver
X-AWS-Id
X-TNCMS
X-Request-Time
X-VWS-Id
X-LJ-Flow-ID
X-R9-Blue-Green-Version
X-Loop
X-Hosted-By
X-FTR-DC
X-FTR-Backend-Server
X-FTR-Cache-Status
Mn-Server-Ip
X-FTR-Realm
X-Country-Code-Real
X-FTR-Backend
X-Cluster
S-Cnection
X-Qloud-Router
X-Status
X-FTR-Balancer
X-MP-GENERATED-AT
X-Sorting-Hat-PodId
X-Shopify-Stage
X-Sorting-Hat-ShopId
X-ShardId
X-Storefront-Renderer-Rendered
X-Zipkin-Id
X-CCM
X-Cache-TTL-Remaining
X-Routing-Service
X-Proxied
X-Alternate-Cache-Key
X-ShopId
X-FTR-Expires
AMP-Access-Control-Allow-Source-Origin
X-Xfnlog-Site
Cache-Hits
X-Rendered-As
X-Is-Bot
X-Dynatrace
X-Dc
X-Device-Type
X-Unique-Id
X-Cache-Var-Map
X-Cache-Var
X-SRV
X-Air-Hostname
X-Info
X-Nginx-Cache
X-EdgeConnect-Cache-Status
Apigw-Requestid
X-Detected-As
X-Cache-Host
X-Amz-Apigw-Id
X-Webkit-Csp
X-Amzn-Remapped-Content-Length
X-Amzn-RequestId
X-Cdn
X-Debug-IsPreview
X-Microcachable
X-Debug-IsConnected
X-Cache-Enabled
X-APP-VERSION
X-Varnish-Grace
X-GEO
SD-X-WS
X-Content-Age
X-Varnish-Server
X-Platform
X-Time-Microsecs
Tracecode
X-Backend-TTL
X-Azure-Ref
X-ServerID
Uber-Trace-Id
X-GG-Cache-Date
X-Backend-Host
X-DynaTrace-JS-Agent
X-Cache-Backend
DSUID
Amp-Access-Control-Allow-Source-Origin
X-Erf-Stays-Bingo-Pdp-Web
X-Proxy-Cache-Status
X-Tb
X-Oss-Object-Type
X-Oss-Hash-Crc64ecma
X-BCube-Filmed-By
Akamai-GRN
X-Oss-Server-Time
X-Oss-Storage-Class
X-Oss-Request-Id
X-CSRF-Token
X-NewRelic-App-Data
X-ATG-Version
X-Sucuri-ID
X-Trace-Id
Backend
Arc-Version
PB-RID
PB-PID
X-Magnolia-Registration
ServedBy
X-Correlation-ID
X-Akamai-Transformed
Pramga
X-A-Wwc
X-Rewrite-Enabled
Path
X-A-Dgt
X-Location
X-Aed
Mobile-Detection-Method
X-Rojux
Odigeo-Trace-Id
X-Matched-Rule
X-A-Dcw
X-A-Dam
Thinkindot-Control
X-ScT
X-A-Ccd
X-A
Thinkindot-CacheControl-Type
Thinkindot-CacheControl
Meta-Geo-Continent
Rendered-Blocks
X-S
SR-User-Adfree
T-Server
Release
MD5-Digest
X-Varnish-Hostname
X-Processor
DCR-Processing-Time-Ms
X-Origin-CC
X-CF-Lambda-Fn
DCR-Decision-By
X-Origin-TTL
BehaviorPad-Version
X-PAYTM-SRV-ID
X-Cache-NE
X-RCS-CacheZone
X-Level-Front-Cache
X-CF-Lambda-Version
Expiry
X-Varnish-Cache-Hits
X-GeoIP-City
Lfy
Machine
X-PBS-Appsvrname
Instruction
X-Application
X-Cache-PHP
Fastcgi-X-Cache-Version
X-Cache-NGX
X-B-Cookie
X-ARC
X-Request-UUID
X-S-Cookie
X-Destination
X-External-Request-Id
X-Thinkindot-L3
X-Generated-On
X-Vdms-Version
X-Vtex-Remote-Cache
X-From
X-Device-Os
X-Vdms-Path
X-Generation-Time
X-Origin-Response-Time
X-Trv-Group
X-VG-WebServer
X-Session-Fingerprint
X-Fetched-On
X-SRCache-Key
X-VG-WebCache
X-D
X-Vtex-Processado-Em
Xc-Version
X-Connection-Hash
X-Ms-Request-Id
X-Ms-Version
X-Backend-State
X-VServer
X-OVcl-Cache
X-OVcl
Ssr
UCS
X-Bip
X-JWT-State
Cache-Host
C-Via
CacheControlHeader
X-Cache-Bucket
X-Is-Gdpr
X-Owner
X-User
X-Adobe-Source
L5d-Success-Class
Host-ID
Pagetype
X-Irp-Debug
X-FC-Vary-Parameters
X-Node-Id
HA-Ipaddr
Ha-Gx-Prefs
X-Micro-Cache
Fastly-Backend-Name
X-Mvc-Supplant-Cachable
X-Azure-Ref-OriginShield
Gh-Request-Id
X-Eu-Site
X-NWS-UUID-VERIFY
Cf-Device-Type
X-Debug-Cache
X-Swa-Ws
X-Reqid
X-Thanos
X-HS-Content-Campaign-Id
X-Cdn-Origin
X-SVT-ORM-VERSION
X-CGP
X-Geo-Header
X-GeoIP
X-Skip-Cache
X-Generated-In
X-Has-Esi
X-Sn-Servicetimems
X-Tumblr-Pixel-3
X-SVT-ORM-RULES
X-Cache-Date
X-Csrf-Jwt
AKAMAI
X-Cache-Info
DB-Nickname
X-Envoy-Decorator-Operation
X-TrackingId
Magicmarker
NGX
Content-Disposition
On-Server
X-CUA
X-Varnish-Hits
X-Fastly-Backend
Wxu-Next-Commit
X-Fastly-Cache
Server-Ext
Server-Host
Server-Hostname
Sever-Int
X-Generated-By
X-Request-URI
X-Cms-Context
PFcat
X-Nginx-Cache-Key
X-VarnishDD-TTL
X-Wikidot-Static-Cache
Wxu-Next-Region
Wxu-Next-Hostname
V-Age
X-Clientip
X-Core-Value
X-Origin-Expires
X-Wikidot-Backend
X-Policy
CloudFront-Viewer-Country
X-IP
X-Var-Ttl
Locid
X-HN
User-Cache-Control
L
X-Request-Host
X-Developers
X-Cache-Remote
X-Developer
X-Cache-Tags
X-Scheme
X-B3-Traceid
X-Cache-Id
X-Cache-Expires
X-Clara-WADP
X-GoCache-CacheStatus
X-Li-Pop
X-Block-Status
X-Li-Fabric
X-DefHash
X-Gzip
X-DefElseHash
X-Branch-Name
X-LI-UUID
X-Esi-Check
X-Gen-Mode
X-Fmm-Version
X-DPWN-IS-SECURE
X-Loc
X-Dispatcher-Server
X-Hnp-Log
X-Request-Start
X-Rebelmouse-Cache-Control
X-Rebelmouse-Surrogate-Control
Web-Mar-Node
X-Servername
X-Platform-Server
Adler-Geo
Apple-News-Services-Request-Url
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
HostName
X-SIPLIST1
X-Varnish-Remaining-TTL
X-VG-TLSProxy
X-WADP-Cache
Location
X-Varnish-CookieINHashed-On
X-Varnish-CookieHashed-On
X-TX-ID
X-Variation
X-TA-CDN-Provider
X-Varnish-Beresp-Grace
CDCHOST
X-Ratelimit-Reset
IsBot
Is-Eu
X-Old-Content-Length
X-Origin
NM-Fastcgi-Cache
Origin
Vix-Hermes-Req-Id
X-Method
True-Client-Country-4JS
Platform
Fastly-SWR
X-NU-AKA-ACS-Version
Fastly-SIE
Cf-Bgj
X-ID
X-NC
X-Varnish-Beresp-Ttl
X-NAPM-TraceId
CDN-RequestCountryCode
CDN-RequestId
Rt-Fastcgi-Cache
CDN-PullZone
CDN-CachedAt
X-Gamma-Serve
X-Slack-Backend
CDN-Cache
X-Cache-Debug
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Varnish-Beresp-Status
CDN-Uid
Fastly-Drupal-HTML
X-Hash
CDN-EdgeStorageId
X-Cdn-Forward
X-Host-Name
Url
X-PF-Uncompressing
X-Core-Mission
CACHE
X-EC-Lua
X-B3-SpanId
X-NCache
S-Rt
X-Varnish-Cacheable
X-Mvc-Supplant-OutputCached
X-B3-Spanid
X-Response-By
X-Aicache-OS
X-Varnish-Url
Sid
X-LB-ID
X-Refresh
X-Proxy-Cachei7
X-CS
X-CACHE-GROUP
X-App-Version
Xkeyi7
X-BBXSRF
Pics-Label
N-Cache
Cross-Origin-Window-Policy
X-Via-Popv
X-Via-Popn
X-Sucuri-Cache
Content-Secure-Policy
X-Via-Poph
Esi-Enabled
X-FireWall-Protection
Ohc-File-Size
X-Cache-2
D-Cc-Upstream
X-Cc-Via
X-Cc-Req-Id
X-CDN-Forward
X-Contensis-Viewer-Groups
X-Varnish-Authentication
X-Cs
X-Epic-Correlation-Id
X-Cache-ASPX
Cteonnt-Length
X-Tb-Optimization-Total-Bytes-Saved
X-TraceId
X-Svr
X-Nc
X-Error
Source
X-Srv
Who
MIME-Version
Req-Svc-Chain
X-Server-IP
X-CACHE-KEY
X-Wa
Country-Code
Geoip-Latitude
GeoIp-Country-Code
X-Servedbyhost
X-Unique-ID
X-Webkit-CSP-Report-Only
X-Planisys-CDN-Rules
X-Planisys-CDN-Cache
X-HS-Status
X-DC
X-Planisys-CDN-TTL
X-Gdpr
X-Nyt-Route
X-Origin-Time
X-Cache-Config
HitType
X-FPC
X-API-Version
X-RateLimit-Limit
X-SN
Server-Ttl
X-LiteSpeed-Cache-Control
X-VC
X-NGINX-Cache
Ohc-Cache-HIT
X-URL
X-Fastly-Request-Id
X-TIME
Hostname
X-Webstats-RespID
XServer
Cmstype
Svr
X-NodeID
X-SB
Cmsid
Kp-EeAlive
X-LI-Proto
Geo-Info
X-Served-From
VivaBuild
Viewtype
X-Esi
X-SD-PageType
X-VCL-Version
X-Check-Cacheable
Server-ID
X-Vcl-Version
X-Viewer-Country
A
Cache-Key
X-Vgn-Hpd-Reason
X-Ua
X-Render-Time
X-HOST
NtCoent-Length
SID
X-CCDN-CacheTTL
X-CCDN-Origin-Time
Request-ID
X-Hcs-Proxy-Type
EpKe-Alive
X-BBC-Edge-Cache-Status
M-TraceId
Server-Id
X-Li-Proto
X-UA
Srv
X-RPS
X-Worker
X-CF-Powered-By
TDXMobile
X-Auto-Login
Cross-Origin-Opener-Policy
X-TIM-N
Resin-Trace
X-DB
Cache-Provider
X-DI
X-Air-Source
X-DW
X-RPM
X-RSL
Arc-Country
X-DSS
X-RAMCache
X-Ftr-Cache-Host
Filterid
ProcessTime
Upgrade-Insecure-Requests
GeoIP-Country-Code
GeoIP-Latitude
X-CSRF-TOKEN
X-Dynatrace-Js-Agent
X-ServedByHost
Processtime
Mime-Version
X-Cluster-Node
CDN
X-WA
X-Internal-Host
X-App
X-Vc
X-Action
X-FTR-Cache-Host
X-Newrelic-Synthetics
X-Oss-Cdn-Auth
X-Service
X-Fpc
Proxy-Connection
NGB
Tcn
CF-Cached-On
X-CLOUD-TRACE-CONTEXT
X-FORWARDED-FOR
DataCenter
X-Geo
X-BBC-Origin-Response-Status
Datacenter
OT-Force-Account-Verify
X-HostName
X-HITS
WZWS-RAY
X-Via-PopN
Cdn
X-MSEdge-Flight
X-Dw-Trace-Id
X-Forwarded-Site
FSS-Cache
X-Via-PopH
X-MSEdge-Features
X-SaId
X-PHP-Backend
X-Fastly-Backend-Reqs
PICS-Label
X-Akamai-Pragma-Client-IP
X-BACKEND-TTL
X-ND-Cache
X-Via-PopV
X-Via-NSCOPI
X-JoinUs
X-NGENIX-Cache
X-Cdn-Request-ID
X-Extlb
X-Client-Ip
X-Edge-Location
X-CACHE-AGE
X-Lb-Id
X-ABtesting
X-Cache-Tag
X-Parent-Response-Time
X-IN-APIGATEWAY
X-IN-APIGATEWAYSSL
X-Flog
Dnion-Transfer-Encoding
X-Hello
W
X-Provided-By
X-ZONE
X-Req
X-Region-Sid
X-RateLimit-Remaining-Second
X-UnsetCookies
X-Pf-Uncompressing
LB
X-RateLimit-Limit-Second
Epwk-X-Cache
X-VC-Cache
X-PJAX-URL
X-Bc-Bl
X-Accel-Expires-Debug
We-Hiring
Memcached
X-Date
Media-Length
Surrogated-Key
Mail-Subject
X-Pad
X-Depends-On
X-Proxy-Upstream
X-Swift-Error
Vha6-Origin
X-Oracle-DMS-ECID
X-Presslabs-Stats
X-MiniProfiler-Ids
Time
Env
X-Rocket-Build-Number
X-Varnish-URL
X-Sigma-Backend
X-Sigma
Xet-Cookie
X-APP
Memory
URI
X-LiteSpeed-Tag
Cf-Ipcountry
X-Request-Url
X-Vcache
X-Ms-Meta-Originalurl
X-Acquia-Site
X-B3-Parentspanid
X-Acquia-Purge-Tags
X-Acquia-Application-UUID
X-Akamai-ERPolicy
X-Amz-Meta-Cb-Modifiedtime
X-Men
X-Air-Trace-Id
X-Csrf-Token
X-ElasticPress-Search
X-Akamai-ERRuleID
X-Acquia-Application-Trace
X-Request-URL
X-Varnish-Beresp-TTL
X-Akamai-Request-ID
X-Ms-Meta-Staticbatchstarttime
X-ElasticPress-Query
CountryCode
X-Acc-Debug-Context
X-Zone
NnCoection
Inserted-Into-Cache-At
X-Tid
X-Traceid
Content-Style-Type
X-Acc-Rdl
Edge-Copy-Time
Phost
X-Redis-Duration-Ms
X-Debug-Cache-Fetch
X-Debug-Cache-Store
X-Storefront-Renderer-Verified
X-Via-Edge
Content-Script-Type
X-C
X-Via-SSL
X-ServerName
X-Snapshot-Date
Ohc-Response-Time
X-Redis-Count
Environment
X-Litespeed-Cache-Control