Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
CF-RAY
Cf-Request-Id
Last-Modified
CF-Cache-Status
X-XSS-Protection
Accept-Ranges
Link
Pragma
ETag
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
X-UA-Compatible
Alt-Svc
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
Content-Security-Policy-Report-Only
X-Drupal-Cache
X-Permitted-Cross-Domain-Policies
X-Check
X-Xss-Protection
X-Cache-Status
X-Generator
X-Request-ID
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Iinfo
X-Content-Security-Policy
Content-Encoding
X-CDN
X-Ua-Compatible
X-Envoy-Upstream-Service-Time
Status
Feature-Policy
X-AspNetMvc-Version
Access-Control-Expose-Headers
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Upgrade
Keep-Alive
X-Ws-Request-Id
X-Age
X-Turbo-Charged-By
X-AH-Environment
X-Robots-Tag
Request-Context
X-Proxy-Cache
EagleId
X-Cache-Group
Server-Timing
X-Backend
X-Hacker
Report-To
X-Amz-Request-Id
X-Server
Host-Header
X-Amz-Id-2
X-Server-Powered-By
Grace
X-Nginx-Cache-Status
X-UA-Device
X-LiteSpeed-Cache
X-Varnish-Cache
X-Rq
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Dns-Prefetch-Control
X-Page-Speed
Cf-Railgun
X-Pingback
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
NEL
X-Amz-Version-Id
X-Cache-Spec
Xkey
X-OneAgent-JS-Injection
X-WebKit-CSP
Allow
X-Backend-Server
X-CST
X-Host
X-Vhost
X-Device
EagleEye-TraceId
X-Server-Id
Surrogate-Control
Request-Id
X-Dispatcher
X-Node
Content-Location
X-Response-Time
X-Akam-SW-Version
Accept-CH
X-EdgeConnect-Origin-MEX-Latency
X-EdgeConnect-MidMile-RTT
X-Ruxit-JS-Agent
Accept-CH-Lifetime
X-ASPNET-VERSION
X-Ac
X-Template
X-Application-Context
X-Language
X-Country
X-Cache-Lookup
X-Readtime
X-Cloud-Trace-Context
X-Mod-Pagespeed
MS-Author-Via
X-B3-TraceId
X-Origin-Cache
Rating
Accept-Ch
X-Cnection
X-MS-InvokeApp
X-Kinja-Server-Push
X-HW
X-Url
Accept-Ch-Lifetime
X-Vname
X-PC
X-TtlSet
X-ORACLE-DMS-ECID
X-Clacks-Overhead
X-ESI
X-GitHub-Request-Id
Edge-Control
X-Trace
X-Oneagent-Js-Injection
X-Middleton-Display
X-Middleton-Response
Response
Display
Pagespeed
X-Sol
X-FastCGI-Cache
X-Content-Type
X-Vcap-Request-Id
X-D2id
Arr-Disable-Session-Affinity
Verso
X-Kinja
X-Kinja-Build
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Revision
X-GoogleNews-Bot
X-Exp-Variant
X-Goog-Hash
X-Buckets
X-Rack-Cache
X-Server-Name
X-Country-Code
Service-Worker-Allowed
X-Navigation-Version
X-ORACLE-DMS-RID
X-Abt-Application-Version
X-Varnish-TTL
X-VARITI-CCR
X-Amz-Rid
X-Powered-By-Plesk
Pinterest-Version
X-Pinterest-Rid
Pinterest-Generated-By
X-Cache-TTL
X-Client-IP
X-Fastly-Request-ID
X-SharePointHealthScore
SPRequestGuid
X-Release
X-MSEdge-Ref
SPIisLatency
SPRequestDuration
X-Dw-Request-Base-Id
Fastly-Restarts
X-Element-Page-Cache
X-Cached
X-NF-Request-ID
X-Ttl
X-B3-TraceId-Primal
MRF-Tech
Mrf-Cache-Status
Public-Key-Pins
X-Webkit-CSP
RTSS
AR-PoweredBy
Ar-Sid
AR-CACHE
AR-ATIME
AR-Request-ID
X-Edge
Access-Control-Request-Method
X-Origin-Upstream-Status
X-LLID
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Powered-CMS
X-Px
Fusion-Content-Source
Fusion-Content-Id
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
X-TTL
X-Ezoic-Cdn
X-Upstream
Content-MD5
X-HP-Webp
X-Jurisdiction
X-ECACHE
X-Mid
Cache-Tag
X-MCACHE
Charset
X-Recruiting
X-Amz-Server-Side-Encryption
S
X-Content-Digest
X-Mg-S
X-Pinterest-Direct
X-Version
X-PressLabs-Stats
TCN
MicrosoftSharePointTeamServices
Fastcgi-Cache
Front-End-Https
X-T
X-Content-Security-Policy-Report-Only
X-Debug
X-Kinsta-Cache
Filters
X-Grace
Cache-Tags
X-Id
Edge-Cache-Tag
Server-Node
X-Forwarded-Proto
X-Accel-Expires
X-Logged-In
X-Amzn-Trace-Id
X-Forwarded-For
Server-Name
X-Yandex-Sdch-Disable
Nginx-Cache
X-Correlation-Id
Surrogate-Key
X-Kong-Upstream-Latency
X-Kong-Proxy-Latency
X-DynaTrace
X-Varnish-Age
X-XRDS-Location
TP-Cache
TP-L2-Cache
X-B3-Sampled
X-Request-Received
X-Request-Processing-Time
X-Request-Handler-Origin-Region
X-Microsite
X-Server-ID
X-Ser
X-Hits
X-Ruxit-Js-Agent
X-DIS-Request-ID
X-Cache-Key
Powered-By-ChinaCache
X-AppVersion
X-Az
X-Shield-Request-Id
X-Activity-Id
X-Amz-Replication-Status
X-HS-Combine-CSS
X-HS-Cache-Config
X-HS-Content-Id
X-HS-Hub-Id
X-F-Cache
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Metageneration
X-GUploader-UploadID
Accept-Charset
X-Origin-Server
X-Git-Hash
X-FTR-Request-ID
X-Hostname
X-Geo-Country
X-Respond-Thread
X-XRDS-LOCATION
X-Upgrade-Enabled
X-LB-Cache
X-DataDome
Section-Io-Cache
X-Frontend
Cache
X-Rid
Access-Control-Allow-Method
Alternate-Protocol
X-Aspnetmvc-Version
X-Mobile-URL
Host
X-Cache-Age
Cleartype
Paypal-Debug-Id
MS-CV
Healthy
X-IPLB-Instance
X-Content-Options
X-Type
X-Seen-By
X-AOL-HN
X-Varnish-Backend
X-App-Environment
X-Whom
Payment
ServerID
X-WebKit-CSP-Report-Only
X-VCache
X-Request-Guid
X-Signature
X-Aspnet-Duration-Ms
X-Providence-Cookie
X-Route-Name
X-B-Cache
X-Cache-Action
X-Flags
X-Is-Crawler
X-Debug-Info
X-Jobs
X-Page-Id
X-TT
X-Time
X-NWS-LOG-UUID
Fastcgi-Useragent
X-Fastcgi-Cache
X-Source
X-TEC-API-ROOT
X-TEC-API-VERSION
X-TEC-API-ORIGIN
X-N
X-Mobile
X-RateLimit-Remaining
X-Load-Cache
X-Daa-Tunnel
X-Browser-Type
X-Erf-Bev-Bev
X-Erf-Bev-Bev-Is-Generated
Nel
X-FB-Debug
X-Via-JSL
X-Litespeed-Cache
X-Cached-By
X-Akamai-Edgescape
Version
X-Cache-Operation
X-Cache-Rule
Viewport
Refresh
X-Rule
X-Response-Served-From
X-Original-Request-Id
X-Accel-Buffering
DC
X-Drupal-Cache-Tags
X-Zen-Fury
X-Proxy
DynaTrace
X-RTag
X-Framework
Ms-Operation-Id
X-Cacheable-TTL
X-Instance
X-ProcessESI
X-Real-IP
X-RemovedCookies
Access-Control-Request-Headers
X-Wix-Request-Id
X-Contextid
X-Region
X-Cache-Time
Referer-Policy
X-HTML-Minification-Powered-By
Realpath
X-UUID
X-Tt-Trace-Tag
X-Yottaa-Metrics
X-Page-View
X-Yottaa-Optimizations
Node
X-Drupal-Cache-Contexts
X-Tt-Trace-Host
X-Distributor
X-FW-Server
X-FW-Dynamic
X-FW-Hash
Eomportal-Instance
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-Cache-Expired-At
X-FW-Static
X-FW-Serve
X-FW-Type
Countrycode
X-B
X-L-Path
X-Environment-Context
X-Cluster-Name
GEO-INFO
X-Cache-Control
Liferay-Portal
X-Content-Powered-By
X-IPS-LoggedIn
X-Tumblr-User
X-Tumblr-Pixel-1
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Node-Name
X-Cache-Hit
X-G
X-User-Agent
Server-Info
X-Varnish-Ttl
X-Tumblr-Pixel-2
Webserver
X-Pass-Why
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
X-App-Server
Section-Io-Id
Section-Origin-Responded
From-Origin
Protected
X-Ratelimit-Limit
X-FireWall-Port
SRV
X-Amz-Meta-S3cmd-Attrs
X-Protected-By
Ec-Rule-Version
X-Revision
X-Cache-Server
Frame-Options
X-Backend-Name
CF-IPCountry
X-UPSTREAM-Address
X-ES-SERVER
X-Handled-By
X-RN-RSRV
Meta-Geo
X-Mode
X-Endurance-Cache-Level
Cache-Status
X-Www-Served-By
X-Hyper-Cache
X-Hl-Ver
X-FB-TRIP-ID
Xserver
X-Site-Version
X-Locale
X-NYM-Debug-Backend
X-Storage
X-Soup
X-Forwarded-Host
X-Varnishpool
X-Human
X-Web-Node
Decoy-Debug-Key
Fastly-SSL
X-Be
X-Cache-Grace
Retry-After
X-Pubstack
Decoy-Debug-TTL
Decoy-Debug-Status
Country
Cache-Tv-Group
Azure-RegionName
X-BYPASS-REASON
Azure-InstanceId
X-Format
X-Labrador-Cache-Channel
X-OCL
X-Timing-Wait
Property-Id
Selected-Fe
TWC-Privacy
X-Redis-Cache
Webcakes-App-Version
Webcakes-App-Name
TWC-Connection-Speed
X-Section
X-SayCDN-TTL
TWC-GeoIP-Country
TWC-GeoIP-LatLong
TWC-Locale-Group
TWC-Device-Class
Cache-Name
Azure-Version
X-Proto
X-Proxy-Build
X-PHP-Host
X-PCL
X-Origin-Hint
X-Say-TTL
X-Uri
Webcakes-Region
Azure-SlotName
X-ProxyCache-Status
X-ProxyCache-Key
Azure-SiteName
X-Say-Cacheable
X-Access
X-Loop
X-No-Session
X-Origin-Date
X-PERF
X-LAGOON
X-Hosted-By
X-Adobe-Content
X-AIR-PT
X-ApacheServer
X-FW-Version
X-Adobe-Loc
X-S-Maxage
X-Via-Fastly
X-WA-Info
X-Request-Time
X-Server-W
X-UA-Device-Type
X-Sql-Count
X-Sql-Duration-Ms
X-TNCMS
X-TT-LOGID
X-MP-GENERATED-AT
X-VWS-Id
X-LJ-Flow-ID
X-AWS-Id
X-R9-Blue-Green-Version
X-ShardId
X-Qloud-Router
X-Cluster
X-Alternate-Cache-Key
X-Shopify-Stage
X-Sorting-Hat-PodId
X-Status
X-Storefront-Renderer-Rendered
X-Sorting-Hat-ShopId
Mn-Server-Ip
X-ShopId
X-Routing-Service
X-FTR-DC
X-FTR-Realm
S-Cnection
X-CCM
X-Proxied
X-Via-CDN
X-FTR-Cache-Status
X-Country-Code-Real
X-FTR-Backend-Server
X-Cache-TTL-Remaining
X-FTR-Backend
X-Zipkin-Id
X-FTR-Balancer
X-Webkit-Csp
X-Xfnlog-Site
X-Is-Bot
X-Rendered-As
Cache-Hits
X-FTR-Expires
X-Tec-Api-Origin
X-Tec-Api-Root
X-Tec-Api-Version
X-Nginx-Cache
AMP-Access-Control-Allow-Source-Origin
X-Oracle-Dms-Rid
X-Dc
X-Device-Type
X-Ratelimit-Remaining
X-Cache-Var
X-Cache-Var-Map
X-Cdn
X-Detected-As
X-Info
Apigw-Requestid
X-Air-Hostname
X-Cache-Host
X-EdgeConnect-Cache-Status
X-Debug-IsPreview
X-Amzn-Remapped-Content-Length
X-Amz-Apigw-Id
X-Debug-IsConnected
X-Amzn-RequestId
X-Microcachable
X-Unique-Id
X-Cache-Enabled
X-Content-Age
X-Varnish-Grace
X-Dynatrace
X-SRV
X-Varnish-Server
X-Platform
SD-X-WS
Tracecode
X-DynaTrace-JS-Agent
X-GG-Cache-Date
X-Time-Microsecs
X-Cache-Backend
X-Backend-TTL
X-Backend-Host
Uber-Trace-Id
X-GEO
X-Azure-Ref
Amp-Access-Control-Allow-Source-Origin
X-Erf-Stays-Bingo-Pdp-Web
X-ServerID
X-APP-VERSION
X-Proxy-Cache-Status
X-CSRF-Token
Akamai-GRN
X-Oss-Hash-Crc64ecma
X-Oss-Server-Time
X-Tb
DSUID
X-Oss-Object-Type
X-Oss-Storage-Class
X-Oss-Request-Id
X-NewRelic-App-Data
X-Correlation-ID
X-BCube-Filmed-By
X-ATG-Version
X-Trace-Id
Backend
X-NWS-UUID-VERIFY
PB-RID
X-Sucuri-ID
Arc-Version
PB-PID
X-Akamai-Transformed
ServedBy
SR-User-Adfree
X-Vtex-Processado-Em
X-CF-Lambda-Version
Thinkindot-Control
X-Session-Fingerprint
X-Vtex-Remote-Cache
Rendered-Blocks
X-Cache-NE
X-Application
X-ARC
X-B-Cookie
X-Cache-NGX
X-Aed
X-A-Wwc
X-A-Dcw
X-A-Dgt
X-PBS-Appsvrname
X-Varnish-Cache-Hits
X-PAYTM-SRV-ID
X-A-Dam
Xc-Version
X-CF-Lambda-Fn
T-Server
X-VG-WebServer
X-Cache-PHP
Thinkindot-CacheControl
X-A-Ccd
X-A
X-Destination
Mobile-Detection-Method
Meta-Geo-Continent
X-Origin-TTL
MD5-Digest
Odigeo-Trace-Id
X-Request-UUID
X-Generation-Time
X-VG-WebCache
BehaviorPad-Version
X-S
X-Rewrite-Enabled
X-Trv-Group
X-Rojux
X-Location
X-Matched-Rule
X-Origin-CC
X-Level-Front-Cache
Instruction
Machine
Lfy
X-Thinkindot-L3
X-Generated-On
X-RCS-CacheZone
DCR-Processing-Time-Ms
Release
X-Vdms-Path
DCR-Decision-By
X-D
X-Vdms-Version
X-ScT
X-Connection-Hash
X-S-Cookie
X-Processor
X-External-Request-Id
Expiry
Thinkindot-CacheControl-Type
Fastcgi-X-Cache-Version
X-From
Path
X-Varnish-Hostname
X-Fetched-On
X-SRCache-Key
HA-Ipaddr
Ha-Gx-Prefs
Gh-Request-Id
Pagetype
Host-ID
L5d-Success-Class
Ssr
Pramga
Fastly-Backend-Name
X-Csrf-Jwt
X-JWT-State
X-Thanos
X-Swa-Ws
X-TrackingId
X-Is-Gdpr
X-HS-Content-Campaign-Id
X-Irp-Debug
X-SVT-ORM-VERSION
X-Micro-Cache
X-Owner
X-SVT-ORM-RULES
X-OVcl-Cache
X-Reqid
X-Mvc-Supplant-Cachable
X-OVcl
X-Has-Esi
X-GeoIP-City
X-Cdn-Origin
X-Sn-Servicetimems
X-CGP
X-Cache-Info
X-Cache-Date
X-Backend-State
X-Cache-Bucket
X-Device-Os
X-Eu-Site
X-Generated-In
X-Geo-Header
X-Tumblr-Pixel-3
X-FC-Vary-Parameters
X-Skip-Cache
X-User
UCS
X-Bip
X-Ms-Request-Id
AKAMAI
X-B3-Traceid
CacheControlHeader
Cache-Host
X-Magnolia-Registration
C-Via
X-Debug-Cache
X-Ms-Version
X-TA-CDN-Provider
X-Origin-Response-Time
X-Wikidot-Backend
Wxu-Next-Region
X-VServer
PFcat
X-Policy
Wxu-Next-Hostname
X-VarnishDD-TTL
Server-Ext
Server-Hostname
X-Wikidot-Static-Cache
V-Age
Server-Host
Sever-Int
Wxu-Next-Commit
X-Request-Host
X-Varnish-Hits
X-Generated-By
X-Fastly-Cache
X-Fastly-Backend
X-Envoy-Decorator-Operation
X-GeoIP
X-HN
X-Nginx-Cache-Key
X-Node-Id
X-IP
X-Developers
X-Developer
X-Request-URI
HostName
X-Scheme
X-Clientip
X-Cms-Context
X-Var-Ttl
X-CUA
X-Core-Value
X-Cache-Tags
X-Azure-Ref-OriginShield
Cf-Device-Type
NGX
Magicmarker
DB-Nickname
L
CloudFront-Viewer-Country
Content-Disposition
On-Server
Location
X-ID
User-Cache-Control
X-TX-ID
X-Adobe-Source
Apple-News-Services-Request-Url
CDCHOST
X-DefHash
X-DefElseHash
X-Variation
Fastly-SWR
X-Cache-Id
Apple-News-Services-Handled
X-Cache-Expires
Adler-Geo
X-Platform-Server
Apple-News-Services-Host
X-Varnish-Remaining-TTL
X-Clara-WADP
X-Varnish-CookieHashed-On
X-Varnish-CookieINHashed-On
Origin
Fastly-SIE
X-Cache-Remote
X-Hnp-Log
X-Hash
X-Gzip
X-Goog-Meta-Goog-Reserved-File-Mtime
X-SIPLIST1
X-Li-Fabric
X-Slack-Backend
X-LI-UUID
X-Li-Pop
X-GoCache-CacheStatus
X-NU-AKA-ACS-Version
X-Fmm-Version
X-Esi-Check
Is-Eu
X-DPWN-IS-SECURE
X-Origin-Expires
X-Origin
X-Old-Content-Length
Cf-Bgj
X-Gen-Mode
X-Dispatcher-Server
Apple-News-Services-Parsed-Url
Locid
Web-Mar-Node
X-WADP-Cache
X-Rebelmouse-Surrogate-Control
X-Ratelimit-Reset
X-Rebelmouse-Cache-Control
True-Client-Country-4JS
X-Varnish-Beresp-Grace
X-Request-Start
Platform
X-NAPM-TraceId
Rt-Fastcgi-Cache
NM-Fastcgi-Cache
X-Method
Vix-Hermes-Req-Id
X-VG-TLSProxy
X-Block-Status
IsBot
X-Branch-Name
X-B3-SpanId
X-Cdn-Forward
X-App-Version
CDN-Uid
CDN-RequestId
Fastly-Drupal-HTML
X-Varnish-Beresp-Status
X-Loc
CDN-RequestCountryCode
X-Cache-Debug
CDN-EdgeStorageId
CDN-CachedAt
X-Varnish-Beresp-Ttl
CDN-Cache
CDN-PullZone
X-NC
X-Gamma-Serve
X-Servername
X-Core-Mission
X-CS
X-Varnish-Url
X-NCache
X-Mvc-Supplant-OutputCached
X-EC-Lua
Url
X-PF-Uncompressing
X-CACHE-GROUP
X-Aicache-OS
X-LB-ID
X-Host-Name
X-Varnish-Cacheable
X-Refresh
S-Rt
X-Response-By
X-B3-Spanid
X-Proxy-Cachei7
Xkeyi7
Pics-Label
Sid
Esi-Enabled
X-Via-Popn
X-FireWall-Protection
N-Cache
CACHE
X-Via-Popv
X-Via-Poph
X-BBXSRF
X-Srv
Cross-Origin-Window-Policy
X-Epic-Correlation-Id
X-Cache-2
Content-Secure-Policy
X-Unique-ID
Ohc-File-Size
X-Tb-Optimization-Total-Bytes-Saved
X-Sucuri-Cache
X-RateLimit-Limit
X-Error
X-Cc-Req-Id
X-Cc-Via
X-Cache-ASPX
D-Cc-Upstream
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-Nc
Cteonnt-Length
Who
Req-Svc-Chain
X-Svr
MIME-Version
Country-Code
X-CDN-Forward
Source
X-TraceId
X-CACHE-KEY
X-Webkit-CSP-Report-Only
X-Server-IP
X-Wa
X-Planisys-CDN-Cache
Server-Ttl
X-DC
GeoIp-Country-Code
X-Planisys-CDN-TTL
X-Planisys-CDN-Rules
Geoip-Latitude
X-Servedbyhost
Geo-Info
X-Cs
HitType
X-HS-Status
X-Cache-Config
X-Origin-Time
X-Gdpr
X-Nyt-Route
X-API-Version
X-FPC
X-URL
X-VC
X-SN
X-LiteSpeed-Cache-Control
Kp-EeAlive
Cmstype
Cmsid
Svr
Ohc-Cache-HIT
Hostname
X-NGINX-Cache
VivaBuild
X-Served-From
X-Esi
X-SB
X-Webstats-RespID
X-LI-Proto
Server-ID
X-NodeID
Viewtype
SID
X-Check-Cacheable
X-VCL-Version
X-Vcl-Version
Cache-Key
A
X-SD-PageType
XServer
X-TIME
X-HOST
NtCoent-Length
X-Viewer-Country
X-Vgn-Hpd-Reason
Request-ID
Resin-Trace
X-Li-Proto
X-Render-Time
M-TraceId
X-UA
X-Ua
TDXMobile
Cross-Origin-Opener-Policy
X-RSL
X-CCDN-Origin-Time
EpKe-Alive
Arc-Country
X-CCDN-CacheTTL
Server-Id
X-Hcs-Proxy-Type
X-TIM-N
X-BBC-Edge-Cache-Status
X-DSS
X-Air-Source
X-DB
Cache-Provider
X-DW
X-DI
X-RAMCache
X-RPM
X-RPS
Filterid
X-Internal-Host
X-Fastly-Request-Id
X-CF-Powered-By
GeoIP-Country-Code
X-Worker
GeoIP-Latitude
X-Auto-Login
X-Newrelic-Synthetics
X-Vc
X-Ftr-Cache-Host
Processtime
Srv
X-WA
X-Action
X-App
X-ServedByHost
ProcessTime
Upgrade-Insecure-Requests
X-Geo
X-FTR-Cache-Host
X-CSRF-TOKEN
CDN
Mime-Version
NGB
X-Fpc
X-Cluster-Node
X-Oss-Cdn-Auth
Tcn
X-Service
X-CLOUD-TRACE-CONTEXT
X-Dynatrace-Js-Agent
Proxy-Connection
X-BBC-Origin-Response-Status
Datacenter
X-FORWARDED-FOR
X-HITS
X-HostName
CF-Cached-On
X-MSEdge-Flight
X-Forwarded-Site
FSS-Cache
X-SaId
X-BACKEND-TTL
X-NGENIX-Cache
X-PHP-Backend
X-JoinUs
X-Akamai-Pragma-Client-IP
X-MSEdge-Features
DataCenter
Cdn
X-Fastly-Backend-Reqs
X-Dw-Trace-Id
X-Extlb
X-Cdn-Request-ID
X-Edge-Location
X-Client-Ip
X-CACHE-AGE
X-Via-PopH
X-IN-APIGATEWAYSSL
OT-Force-Account-Verify
X-Cache-Tag
X-Via-PopN
Dnion-Transfer-Encoding
X-ND-Cache
X-ABtesting
X-Flog
X-Hello
W
X-Via-PopV
X-IN-APIGATEWAY
PICS-Label
X-Via-NSCOPI
X-Parent-Response-Time
WZWS-RAY
X-Swift-Error
X-Provided-By
X-Accel-Expires-Debug
Surrogated-Key
LB
Media-Length
Mail-Subject
Memcached
X-Pf-Uncompressing
We-Hiring
X-Date
X-Region-Sid
X-Oracle-DMS-ECID
X-Presslabs-Stats
Vha6-Origin
X-UnsetCookies
X-VC-Cache
X-Lb-Id
X-RateLimit-Remaining-Second
X-Req
X-PJAX-URL
X-Depends-On
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Bc-Bl
X-Rocket-Build-Number
Time
Epwk-X-Cache
X-Sigma
X-Sigma-Backend
Env
X-APP
Memory
X-LiteSpeed-Tag
X-MiniProfiler-Ids
X-Pad
X-ZONE
X-Zone
Cf-Ipcountry
X-Men
X-Amz-Meta-Cb-Modifiedtime
X-Varnish-URL
X-Air-Trace-Id
X-ElasticPress-Search
X-Request-Url
X-ServerName
X-Vcache
X-Akamai-ERRuleID
X-B3-Parentspanid
X-ElasticPress-Query
X-Snapshot-Date
X-Varnish-Beresp-TTL
X-Litespeed-Cache-Control
X-Acquia-Application-Trace
X-Acquia-Application-UUID
X-Request-URL
X-Acquia-Site
X-Acquia-Purge-Tags
Xet-Cookie
X-Ms-Meta-Staticbatchstarttime
URI
X-Csrf-Token
X-Akamai-ERPolicy
X-Ms-Meta-Originalurl
CountryCode
X-Storefront-Renderer-Verified
VNS-Cache
VNS-Age
CPC-Cache
CPC-Age
X-Tid
X-C
X-Debug-Cache-Fetch
X-Akamai-Request-ID
NnCoection
Phost
X-Debug-Cache-Store
X-Traceid
Environment
X-Redis-Count
X-Redis-Duration-Ms
Ohc-Response-Time
Inserted-Into-Cache-At